1 |
commit: fcca3bfe3f19c1750be503fe947954344ceecfbd |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Jun 30 14:21:41 2021 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Jun 30 14:21:41 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=fcca3bfe |
7 |
|
8 |
Linux patch 5.12.14 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1013_linux-5.12.14.patch | 4590 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 4594 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 34c90d1..96f1ac7 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -95,6 +95,10 @@ Patch: 1012_linux-5.12.13.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 5.12.13 |
23 |
|
24 |
+Patch: 1013_linux-5.12.14.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 5.12.14 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1013_linux-5.12.14.patch b/1013_linux-5.12.14.patch |
33 |
new file mode 100644 |
34 |
index 0000000..6e18a21 |
35 |
--- /dev/null |
36 |
+++ b/1013_linux-5.12.14.patch |
37 |
@@ -0,0 +1,4590 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index d2fe36db78aed..433f164f9ee0f 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,7 +1,7 @@ |
43 |
+ # SPDX-License-Identifier: GPL-2.0 |
44 |
+ VERSION = 5 |
45 |
+ PATCHLEVEL = 12 |
46 |
+-SUBLEVEL = 13 |
47 |
++SUBLEVEL = 14 |
48 |
+ EXTRAVERSION = |
49 |
+ NAME = Frozen Wasteland |
50 |
+ |
51 |
+diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c |
52 |
+index 1a5edf562e85e..73ca7797b92f6 100644 |
53 |
+--- a/arch/arm/kernel/setup.c |
54 |
++++ b/arch/arm/kernel/setup.c |
55 |
+@@ -545,9 +545,11 @@ void notrace cpu_init(void) |
56 |
+ * In Thumb-2, msr with an immediate value is not allowed. |
57 |
+ */ |
58 |
+ #ifdef CONFIG_THUMB2_KERNEL |
59 |
+-#define PLC "r" |
60 |
++#define PLC_l "l" |
61 |
++#define PLC_r "r" |
62 |
+ #else |
63 |
+-#define PLC "I" |
64 |
++#define PLC_l "I" |
65 |
++#define PLC_r "I" |
66 |
+ #endif |
67 |
+ |
68 |
+ /* |
69 |
+@@ -569,15 +571,15 @@ void notrace cpu_init(void) |
70 |
+ "msr cpsr_c, %9" |
71 |
+ : |
72 |
+ : "r" (stk), |
73 |
+- PLC (PSR_F_BIT | PSR_I_BIT | IRQ_MODE), |
74 |
++ PLC_r (PSR_F_BIT | PSR_I_BIT | IRQ_MODE), |
75 |
+ "I" (offsetof(struct stack, irq[0])), |
76 |
+- PLC (PSR_F_BIT | PSR_I_BIT | ABT_MODE), |
77 |
++ PLC_r (PSR_F_BIT | PSR_I_BIT | ABT_MODE), |
78 |
+ "I" (offsetof(struct stack, abt[0])), |
79 |
+- PLC (PSR_F_BIT | PSR_I_BIT | UND_MODE), |
80 |
++ PLC_r (PSR_F_BIT | PSR_I_BIT | UND_MODE), |
81 |
+ "I" (offsetof(struct stack, und[0])), |
82 |
+- PLC (PSR_F_BIT | PSR_I_BIT | FIQ_MODE), |
83 |
++ PLC_r (PSR_F_BIT | PSR_I_BIT | FIQ_MODE), |
84 |
+ "I" (offsetof(struct stack, fiq[0])), |
85 |
+- PLC (PSR_F_BIT | PSR_I_BIT | SVC_MODE) |
86 |
++ PLC_l (PSR_F_BIT | PSR_I_BIT | SVC_MODE) |
87 |
+ : "r14"); |
88 |
+ #endif |
89 |
+ } |
90 |
+diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile |
91 |
+index 5243bf2327c02..a5ee34117321d 100644 |
92 |
+--- a/arch/riscv/Makefile |
93 |
++++ b/arch/riscv/Makefile |
94 |
+@@ -16,7 +16,7 @@ ifeq ($(CONFIG_DYNAMIC_FTRACE),y) |
95 |
+ CC_FLAGS_FTRACE := -fpatchable-function-entry=8 |
96 |
+ endif |
97 |
+ |
98 |
+-ifeq ($(CONFIG_64BIT)$(CONFIG_CMODEL_MEDLOW),yy) |
99 |
++ifeq ($(CONFIG_CMODEL_MEDLOW),y) |
100 |
+ KBUILD_CFLAGS_MODULE += -mcmodel=medany |
101 |
+ endif |
102 |
+ |
103 |
+diff --git a/arch/riscv/boot/dts/sifive/fu740-c000.dtsi b/arch/riscv/boot/dts/sifive/fu740-c000.dtsi |
104 |
+index eeb4f8c3e0e72..d0d206cdb9990 100644 |
105 |
+--- a/arch/riscv/boot/dts/sifive/fu740-c000.dtsi |
106 |
++++ b/arch/riscv/boot/dts/sifive/fu740-c000.dtsi |
107 |
+@@ -272,7 +272,7 @@ |
108 |
+ cache-size = <2097152>; |
109 |
+ cache-unified; |
110 |
+ interrupt-parent = <&plic0>; |
111 |
+- interrupts = <19 20 21 22>; |
112 |
++ interrupts = <19 21 22 20>; |
113 |
+ reg = <0x0 0x2010000 0x0 0x1000>; |
114 |
+ }; |
115 |
+ gpio: gpio@10060000 { |
116 |
+diff --git a/arch/s390/include/asm/stacktrace.h b/arch/s390/include/asm/stacktrace.h |
117 |
+index 2b543163d90a0..76c6034428be8 100644 |
118 |
+--- a/arch/s390/include/asm/stacktrace.h |
119 |
++++ b/arch/s390/include/asm/stacktrace.h |
120 |
+@@ -91,12 +91,16 @@ struct stack_frame { |
121 |
+ CALL_ARGS_4(arg1, arg2, arg3, arg4); \ |
122 |
+ register unsigned long r4 asm("6") = (unsigned long)(arg5) |
123 |
+ |
124 |
+-#define CALL_FMT_0 "=&d" (r2) : |
125 |
+-#define CALL_FMT_1 "+&d" (r2) : |
126 |
+-#define CALL_FMT_2 CALL_FMT_1 "d" (r3), |
127 |
+-#define CALL_FMT_3 CALL_FMT_2 "d" (r4), |
128 |
+-#define CALL_FMT_4 CALL_FMT_3 "d" (r5), |
129 |
+-#define CALL_FMT_5 CALL_FMT_4 "d" (r6), |
130 |
++/* |
131 |
++ * To keep this simple mark register 2-6 as being changed (volatile) |
132 |
++ * by the called function, even though register 6 is saved/nonvolatile. |
133 |
++ */ |
134 |
++#define CALL_FMT_0 "=&d" (r2) |
135 |
++#define CALL_FMT_1 "+&d" (r2) |
136 |
++#define CALL_FMT_2 CALL_FMT_1, "+&d" (r3) |
137 |
++#define CALL_FMT_3 CALL_FMT_2, "+&d" (r4) |
138 |
++#define CALL_FMT_4 CALL_FMT_3, "+&d" (r5) |
139 |
++#define CALL_FMT_5 CALL_FMT_4, "+&d" (r6) |
140 |
+ |
141 |
+ #define CALL_CLOBBER_5 "0", "1", "14", "cc", "memory" |
142 |
+ #define CALL_CLOBBER_4 CALL_CLOBBER_5 |
143 |
+@@ -118,7 +122,7 @@ struct stack_frame { |
144 |
+ " brasl 14,%[_fn]\n" \ |
145 |
+ " la 15,0(%[_prev])\n" \ |
146 |
+ : [_prev] "=&a" (prev), CALL_FMT_##nr \ |
147 |
+- [_stack] "R" (stack), \ |
148 |
++ : [_stack] "R" (stack), \ |
149 |
+ [_bc] "i" (offsetof(struct stack_frame, back_chain)), \ |
150 |
+ [_frame] "d" (frame), \ |
151 |
+ [_fn] "X" (fn) : CALL_CLOBBER_##nr); \ |
152 |
+diff --git a/arch/s390/kernel/entry.S b/arch/s390/kernel/entry.S |
153 |
+index 9cc71ca9a88f9..e84f495e7eb29 100644 |
154 |
+--- a/arch/s390/kernel/entry.S |
155 |
++++ b/arch/s390/kernel/entry.S |
156 |
+@@ -418,6 +418,7 @@ ENTRY(\name) |
157 |
+ xgr %r6,%r6 |
158 |
+ xgr %r7,%r7 |
159 |
+ xgr %r10,%r10 |
160 |
++ xc __PT_FLAGS(8,%r11),__PT_FLAGS(%r11) |
161 |
+ mvc __PT_R8(64,%r11),__LC_SAVE_AREA_ASYNC |
162 |
+ stmg %r8,%r9,__PT_PSW(%r11) |
163 |
+ tm %r8,0x0001 # coming from user space? |
164 |
+diff --git a/arch/s390/kernel/signal.c b/arch/s390/kernel/signal.c |
165 |
+index 90163e6184f5c..080e7aed181f4 100644 |
166 |
+--- a/arch/s390/kernel/signal.c |
167 |
++++ b/arch/s390/kernel/signal.c |
168 |
+@@ -512,7 +512,6 @@ void arch_do_signal_or_restart(struct pt_regs *regs, bool has_signal) |
169 |
+ |
170 |
+ /* No handlers present - check for system call restart */ |
171 |
+ clear_pt_regs_flag(regs, PIF_SYSCALL); |
172 |
+- clear_pt_regs_flag(regs, PIF_SYSCALL_RESTART); |
173 |
+ if (current->thread.system_call) { |
174 |
+ regs->int_code = current->thread.system_call; |
175 |
+ switch (regs->gprs[2]) { |
176 |
+diff --git a/arch/s390/kernel/topology.c b/arch/s390/kernel/topology.c |
177 |
+index bfcc327acc6b2..26aa2614ee352 100644 |
178 |
+--- a/arch/s390/kernel/topology.c |
179 |
++++ b/arch/s390/kernel/topology.c |
180 |
+@@ -66,7 +66,10 @@ static void cpu_group_map(cpumask_t *dst, struct mask_info *info, unsigned int c |
181 |
+ { |
182 |
+ static cpumask_t mask; |
183 |
+ |
184 |
+- cpumask_copy(&mask, cpumask_of(cpu)); |
185 |
++ cpumask_clear(&mask); |
186 |
++ if (!cpu_online(cpu)) |
187 |
++ goto out; |
188 |
++ cpumask_set_cpu(cpu, &mask); |
189 |
+ switch (topology_mode) { |
190 |
+ case TOPOLOGY_MODE_HW: |
191 |
+ while (info) { |
192 |
+@@ -83,10 +86,10 @@ static void cpu_group_map(cpumask_t *dst, struct mask_info *info, unsigned int c |
193 |
+ default: |
194 |
+ fallthrough; |
195 |
+ case TOPOLOGY_MODE_SINGLE: |
196 |
+- cpumask_copy(&mask, cpumask_of(cpu)); |
197 |
+ break; |
198 |
+ } |
199 |
+ cpumask_and(&mask, &mask, cpu_online_mask); |
200 |
++out: |
201 |
+ cpumask_copy(dst, &mask); |
202 |
+ } |
203 |
+ |
204 |
+@@ -95,7 +98,10 @@ static void cpu_thread_map(cpumask_t *dst, unsigned int cpu) |
205 |
+ static cpumask_t mask; |
206 |
+ int i; |
207 |
+ |
208 |
+- cpumask_copy(&mask, cpumask_of(cpu)); |
209 |
++ cpumask_clear(&mask); |
210 |
++ if (!cpu_online(cpu)) |
211 |
++ goto out; |
212 |
++ cpumask_set_cpu(cpu, &mask); |
213 |
+ if (topology_mode != TOPOLOGY_MODE_HW) |
214 |
+ goto out; |
215 |
+ cpu -= cpu % (smp_cpu_mtid + 1); |
216 |
+diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c |
217 |
+index 4efd39aacb9f2..8767dc53b5699 100644 |
218 |
+--- a/arch/x86/entry/common.c |
219 |
++++ b/arch/x86/entry/common.c |
220 |
+@@ -127,8 +127,8 @@ static noinstr bool __do_fast_syscall_32(struct pt_regs *regs) |
221 |
+ /* User code screwed up. */ |
222 |
+ regs->ax = -EFAULT; |
223 |
+ |
224 |
+- instrumentation_end(); |
225 |
+ local_irq_disable(); |
226 |
++ instrumentation_end(); |
227 |
+ irqentry_exit_to_user_mode(regs); |
228 |
+ return false; |
229 |
+ } |
230 |
+@@ -266,15 +266,16 @@ __visible noinstr void xen_pv_evtchn_do_upcall(struct pt_regs *regs) |
231 |
+ irqentry_state_t state = irqentry_enter(regs); |
232 |
+ bool inhcall; |
233 |
+ |
234 |
++ instrumentation_begin(); |
235 |
+ run_sysvec_on_irqstack_cond(__xen_pv_evtchn_do_upcall, regs); |
236 |
+ |
237 |
+ inhcall = get_and_clear_inhcall(); |
238 |
+ if (inhcall && !WARN_ON_ONCE(state.exit_rcu)) { |
239 |
+- instrumentation_begin(); |
240 |
+ irqentry_exit_cond_resched(); |
241 |
+ instrumentation_end(); |
242 |
+ restore_inhcall(inhcall); |
243 |
+ } else { |
244 |
++ instrumentation_end(); |
245 |
+ irqentry_exit(regs, state); |
246 |
+ } |
247 |
+ } |
248 |
+diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c |
249 |
+index 18df171296955..7050a9ebd73f1 100644 |
250 |
+--- a/arch/x86/events/core.c |
251 |
++++ b/arch/x86/events/core.c |
252 |
+@@ -45,9 +45,11 @@ |
253 |
+ #include "perf_event.h" |
254 |
+ |
255 |
+ struct x86_pmu x86_pmu __read_mostly; |
256 |
++static struct pmu pmu; |
257 |
+ |
258 |
+ DEFINE_PER_CPU(struct cpu_hw_events, cpu_hw_events) = { |
259 |
+ .enabled = 1, |
260 |
++ .pmu = &pmu, |
261 |
+ }; |
262 |
+ |
263 |
+ DEFINE_STATIC_KEY_FALSE(rdpmc_never_available_key); |
264 |
+@@ -380,10 +382,12 @@ int x86_reserve_hardware(void) |
265 |
+ if (!atomic_inc_not_zero(&pmc_refcount)) { |
266 |
+ mutex_lock(&pmc_reserve_mutex); |
267 |
+ if (atomic_read(&pmc_refcount) == 0) { |
268 |
+- if (!reserve_pmc_hardware()) |
269 |
++ if (!reserve_pmc_hardware()) { |
270 |
+ err = -EBUSY; |
271 |
+- else |
272 |
++ } else { |
273 |
+ reserve_ds_buffers(); |
274 |
++ reserve_lbr_buffers(); |
275 |
++ } |
276 |
+ } |
277 |
+ if (!err) |
278 |
+ atomic_inc(&pmc_refcount); |
279 |
+@@ -724,16 +728,23 @@ void x86_pmu_enable_all(int added) |
280 |
+ } |
281 |
+ } |
282 |
+ |
283 |
+-static struct pmu pmu; |
284 |
+- |
285 |
+ static inline int is_x86_event(struct perf_event *event) |
286 |
+ { |
287 |
+ return event->pmu == &pmu; |
288 |
+ } |
289 |
+ |
290 |
+-struct pmu *x86_get_pmu(void) |
291 |
++struct pmu *x86_get_pmu(unsigned int cpu) |
292 |
+ { |
293 |
+- return &pmu; |
294 |
++ struct cpu_hw_events *cpuc = &per_cpu(cpu_hw_events, cpu); |
295 |
++ |
296 |
++ /* |
297 |
++ * All CPUs of the hybrid type have been offline. |
298 |
++ * The x86_get_pmu() should not be invoked. |
299 |
++ */ |
300 |
++ if (WARN_ON_ONCE(!cpuc->pmu)) |
301 |
++ return &pmu; |
302 |
++ |
303 |
++ return cpuc->pmu; |
304 |
+ } |
305 |
+ /* |
306 |
+ * Event scheduler state: |
307 |
+diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c |
308 |
+index 4c18e7fb58f58..77fe4fece6798 100644 |
309 |
+--- a/arch/x86/events/intel/core.c |
310 |
++++ b/arch/x86/events/intel/core.c |
311 |
+@@ -4879,7 +4879,7 @@ static void update_tfa_sched(void *ignored) |
312 |
+ * and if so force schedule out for all event types all contexts |
313 |
+ */ |
314 |
+ if (test_bit(3, cpuc->active_mask)) |
315 |
+- perf_pmu_resched(x86_get_pmu()); |
316 |
++ perf_pmu_resched(x86_get_pmu(smp_processor_id())); |
317 |
+ } |
318 |
+ |
319 |
+ static ssize_t show_sysctl_tfa(struct device *cdev, |
320 |
+diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c |
321 |
+index d32b302719fe5..72df2f392c863 100644 |
322 |
+--- a/arch/x86/events/intel/ds.c |
323 |
++++ b/arch/x86/events/intel/ds.c |
324 |
+@@ -2192,7 +2192,7 @@ void __init intel_ds_init(void) |
325 |
+ PERF_SAMPLE_TIME; |
326 |
+ x86_pmu.flags |= PMU_FL_PEBS_ALL; |
327 |
+ pebs_qual = "-baseline"; |
328 |
+- x86_get_pmu()->capabilities |= PERF_PMU_CAP_EXTENDED_REGS; |
329 |
++ x86_get_pmu(smp_processor_id())->capabilities |= PERF_PMU_CAP_EXTENDED_REGS; |
330 |
+ } else { |
331 |
+ /* Only basic record supported */ |
332 |
+ x86_pmu.large_pebs_flags &= |
333 |
+@@ -2207,7 +2207,7 @@ void __init intel_ds_init(void) |
334 |
+ |
335 |
+ if (x86_pmu.intel_cap.pebs_output_pt_available) { |
336 |
+ pr_cont("PEBS-via-PT, "); |
337 |
+- x86_get_pmu()->capabilities |= PERF_PMU_CAP_AUX_OUTPUT; |
338 |
++ x86_get_pmu(smp_processor_id())->capabilities |= PERF_PMU_CAP_AUX_OUTPUT; |
339 |
+ } |
340 |
+ |
341 |
+ break; |
342 |
+diff --git a/arch/x86/events/intel/lbr.c b/arch/x86/events/intel/lbr.c |
343 |
+index 21890dacfcfee..c9cd6ce0fa2ad 100644 |
344 |
+--- a/arch/x86/events/intel/lbr.c |
345 |
++++ b/arch/x86/events/intel/lbr.c |
346 |
+@@ -658,7 +658,6 @@ static inline bool branch_user_callstack(unsigned br_sel) |
347 |
+ |
348 |
+ void intel_pmu_lbr_add(struct perf_event *event) |
349 |
+ { |
350 |
+- struct kmem_cache *kmem_cache = event->pmu->task_ctx_cache; |
351 |
+ struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events); |
352 |
+ |
353 |
+ if (!x86_pmu.lbr_nr) |
354 |
+@@ -696,16 +695,11 @@ void intel_pmu_lbr_add(struct perf_event *event) |
355 |
+ perf_sched_cb_inc(event->ctx->pmu); |
356 |
+ if (!cpuc->lbr_users++ && !event->total_time_running) |
357 |
+ intel_pmu_lbr_reset(); |
358 |
+- |
359 |
+- if (static_cpu_has(X86_FEATURE_ARCH_LBR) && |
360 |
+- kmem_cache && !cpuc->lbr_xsave && |
361 |
+- (cpuc->lbr_users != cpuc->lbr_pebs_users)) |
362 |
+- cpuc->lbr_xsave = kmem_cache_alloc(kmem_cache, GFP_KERNEL); |
363 |
+ } |
364 |
+ |
365 |
+ void release_lbr_buffers(void) |
366 |
+ { |
367 |
+- struct kmem_cache *kmem_cache = x86_get_pmu()->task_ctx_cache; |
368 |
++ struct kmem_cache *kmem_cache; |
369 |
+ struct cpu_hw_events *cpuc; |
370 |
+ int cpu; |
371 |
+ |
372 |
+@@ -714,6 +708,7 @@ void release_lbr_buffers(void) |
373 |
+ |
374 |
+ for_each_possible_cpu(cpu) { |
375 |
+ cpuc = per_cpu_ptr(&cpu_hw_events, cpu); |
376 |
++ kmem_cache = x86_get_pmu(cpu)->task_ctx_cache; |
377 |
+ if (kmem_cache && cpuc->lbr_xsave) { |
378 |
+ kmem_cache_free(kmem_cache, cpuc->lbr_xsave); |
379 |
+ cpuc->lbr_xsave = NULL; |
380 |
+@@ -721,6 +716,27 @@ void release_lbr_buffers(void) |
381 |
+ } |
382 |
+ } |
383 |
+ |
384 |
++void reserve_lbr_buffers(void) |
385 |
++{ |
386 |
++ struct kmem_cache *kmem_cache; |
387 |
++ struct cpu_hw_events *cpuc; |
388 |
++ int cpu; |
389 |
++ |
390 |
++ if (!static_cpu_has(X86_FEATURE_ARCH_LBR)) |
391 |
++ return; |
392 |
++ |
393 |
++ for_each_possible_cpu(cpu) { |
394 |
++ cpuc = per_cpu_ptr(&cpu_hw_events, cpu); |
395 |
++ kmem_cache = x86_get_pmu(cpu)->task_ctx_cache; |
396 |
++ if (!kmem_cache || cpuc->lbr_xsave) |
397 |
++ continue; |
398 |
++ |
399 |
++ cpuc->lbr_xsave = kmem_cache_alloc_node(kmem_cache, |
400 |
++ GFP_KERNEL | __GFP_ZERO, |
401 |
++ cpu_to_node(cpu)); |
402 |
++ } |
403 |
++} |
404 |
++ |
405 |
+ void intel_pmu_lbr_del(struct perf_event *event) |
406 |
+ { |
407 |
+ struct cpu_hw_events *cpuc = this_cpu_ptr(&cpu_hw_events); |
408 |
+@@ -1609,7 +1625,7 @@ void intel_pmu_lbr_init_hsw(void) |
409 |
+ x86_pmu.lbr_sel_mask = LBR_SEL_MASK; |
410 |
+ x86_pmu.lbr_sel_map = hsw_lbr_sel_map; |
411 |
+ |
412 |
+- x86_get_pmu()->task_ctx_cache = create_lbr_kmem_cache(size, 0); |
413 |
++ x86_get_pmu(smp_processor_id())->task_ctx_cache = create_lbr_kmem_cache(size, 0); |
414 |
+ |
415 |
+ if (lbr_from_signext_quirk_needed()) |
416 |
+ static_branch_enable(&lbr_from_quirk_key); |
417 |
+@@ -1629,7 +1645,7 @@ __init void intel_pmu_lbr_init_skl(void) |
418 |
+ x86_pmu.lbr_sel_mask = LBR_SEL_MASK; |
419 |
+ x86_pmu.lbr_sel_map = hsw_lbr_sel_map; |
420 |
+ |
421 |
+- x86_get_pmu()->task_ctx_cache = create_lbr_kmem_cache(size, 0); |
422 |
++ x86_get_pmu(smp_processor_id())->task_ctx_cache = create_lbr_kmem_cache(size, 0); |
423 |
+ |
424 |
+ /* |
425 |
+ * SW branch filter usage: |
426 |
+@@ -1726,7 +1742,7 @@ static bool is_arch_lbr_xsave_available(void) |
427 |
+ |
428 |
+ void __init intel_pmu_arch_lbr_init(void) |
429 |
+ { |
430 |
+- struct pmu *pmu = x86_get_pmu(); |
431 |
++ struct pmu *pmu = x86_get_pmu(smp_processor_id()); |
432 |
+ union cpuid28_eax eax; |
433 |
+ union cpuid28_ebx ebx; |
434 |
+ union cpuid28_ecx ecx; |
435 |
+diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h |
436 |
+index 53b2b5fc23bca..35cdece5644fb 100644 |
437 |
+--- a/arch/x86/events/perf_event.h |
438 |
++++ b/arch/x86/events/perf_event.h |
439 |
+@@ -327,6 +327,8 @@ struct cpu_hw_events { |
440 |
+ int n_pair; /* Large increment events */ |
441 |
+ |
442 |
+ void *kfree_on_online[X86_PERF_KFREE_MAX]; |
443 |
++ |
444 |
++ struct pmu *pmu; |
445 |
+ }; |
446 |
+ |
447 |
+ #define __EVENT_CONSTRAINT_RANGE(c, e, n, m, w, o, f) { \ |
448 |
+@@ -905,7 +907,7 @@ static struct perf_pmu_events_ht_attr event_attr_##v = { \ |
449 |
+ .event_str_ht = ht, \ |
450 |
+ } |
451 |
+ |
452 |
+-struct pmu *x86_get_pmu(void); |
453 |
++struct pmu *x86_get_pmu(unsigned int cpu); |
454 |
+ extern struct x86_pmu x86_pmu __read_mostly; |
455 |
+ |
456 |
+ static __always_inline struct x86_perf_task_context_opt *task_context_opt(void *ctx) |
457 |
+@@ -1135,6 +1137,8 @@ void reserve_ds_buffers(void); |
458 |
+ |
459 |
+ void release_lbr_buffers(void); |
460 |
+ |
461 |
++void reserve_lbr_buffers(void); |
462 |
++ |
463 |
+ extern struct event_constraint bts_constraint; |
464 |
+ extern struct event_constraint vlbr_constraint; |
465 |
+ |
466 |
+@@ -1282,6 +1286,10 @@ static inline void release_lbr_buffers(void) |
467 |
+ { |
468 |
+ } |
469 |
+ |
470 |
++static inline void reserve_lbr_buffers(void) |
471 |
++{ |
472 |
++} |
473 |
++ |
474 |
+ static inline int intel_pmu_init(void) |
475 |
+ { |
476 |
+ return 0; |
477 |
+diff --git a/arch/x86/include/asm/fpu/internal.h b/arch/x86/include/asm/fpu/internal.h |
478 |
+index fdee23ea4e173..16bf4d4a8159e 100644 |
479 |
+--- a/arch/x86/include/asm/fpu/internal.h |
480 |
++++ b/arch/x86/include/asm/fpu/internal.h |
481 |
+@@ -204,6 +204,14 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu) |
482 |
+ asm volatile("fxsaveq %[fx]" : [fx] "=m" (fpu->state.fxsave)); |
483 |
+ } |
484 |
+ |
485 |
++static inline void fxsave(struct fxregs_state *fx) |
486 |
++{ |
487 |
++ if (IS_ENABLED(CONFIG_X86_32)) |
488 |
++ asm volatile( "fxsave %[fx]" : [fx] "=m" (*fx)); |
489 |
++ else |
490 |
++ asm volatile("fxsaveq %[fx]" : [fx] "=m" (*fx)); |
491 |
++} |
492 |
++ |
493 |
+ /* These macros all use (%edi)/(%rdi) as the single memory argument. */ |
494 |
+ #define XSAVE ".byte " REX_PREFIX "0x0f,0xae,0x27" |
495 |
+ #define XSAVEOPT ".byte " REX_PREFIX "0x0f,0xae,0x37" |
496 |
+@@ -268,28 +276,6 @@ static inline void copy_fxregs_to_kernel(struct fpu *fpu) |
497 |
+ : "D" (st), "m" (*st), "a" (lmask), "d" (hmask) \ |
498 |
+ : "memory") |
499 |
+ |
500 |
+-/* |
501 |
+- * This function is called only during boot time when x86 caps are not set |
502 |
+- * up and alternative can not be used yet. |
503 |
+- */ |
504 |
+-static inline void copy_xregs_to_kernel_booting(struct xregs_state *xstate) |
505 |
+-{ |
506 |
+- u64 mask = xfeatures_mask_all; |
507 |
+- u32 lmask = mask; |
508 |
+- u32 hmask = mask >> 32; |
509 |
+- int err; |
510 |
+- |
511 |
+- WARN_ON(system_state != SYSTEM_BOOTING); |
512 |
+- |
513 |
+- if (boot_cpu_has(X86_FEATURE_XSAVES)) |
514 |
+- XSTATE_OP(XSAVES, xstate, lmask, hmask, err); |
515 |
+- else |
516 |
+- XSTATE_OP(XSAVE, xstate, lmask, hmask, err); |
517 |
+- |
518 |
+- /* We should never fault when copying to a kernel buffer: */ |
519 |
+- WARN_ON_FPU(err); |
520 |
+-} |
521 |
+- |
522 |
+ /* |
523 |
+ * This function is called only during boot time when x86 caps are not set |
524 |
+ * up and alternative can not be used yet. |
525 |
+diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c |
526 |
+index ec3ae30547920..b7b92cdf3add4 100644 |
527 |
+--- a/arch/x86/kernel/fpu/signal.c |
528 |
++++ b/arch/x86/kernel/fpu/signal.c |
529 |
+@@ -221,28 +221,18 @@ sanitize_restored_user_xstate(union fpregs_state *state, |
530 |
+ |
531 |
+ if (use_xsave()) { |
532 |
+ /* |
533 |
+- * Note: we don't need to zero the reserved bits in the |
534 |
+- * xstate_header here because we either didn't copy them at all, |
535 |
+- * or we checked earlier that they aren't set. |
536 |
++ * Clear all feature bits which are not set in |
537 |
++ * user_xfeatures and clear all extended features |
538 |
++ * for fx_only mode. |
539 |
+ */ |
540 |
++ u64 mask = fx_only ? XFEATURE_MASK_FPSSE : user_xfeatures; |
541 |
+ |
542 |
+ /* |
543 |
+- * 'user_xfeatures' might have bits clear which are |
544 |
+- * set in header->xfeatures. This represents features that |
545 |
+- * were in init state prior to a signal delivery, and need |
546 |
+- * to be reset back to the init state. Clear any user |
547 |
+- * feature bits which are set in the kernel buffer to get |
548 |
+- * them back to the init state. |
549 |
+- * |
550 |
+- * Supervisor state is unchanged by input from userspace. |
551 |
+- * Ensure supervisor state bits stay set and supervisor |
552 |
+- * state is not modified. |
553 |
++ * Supervisor state has to be preserved. The sigframe |
554 |
++ * restore can only modify user features, i.e. @mask |
555 |
++ * cannot contain them. |
556 |
+ */ |
557 |
+- if (fx_only) |
558 |
+- header->xfeatures = XFEATURE_MASK_FPSSE; |
559 |
+- else |
560 |
+- header->xfeatures &= user_xfeatures | |
561 |
+- xfeatures_mask_supervisor(); |
562 |
++ header->xfeatures &= mask | xfeatures_mask_supervisor(); |
563 |
+ } |
564 |
+ |
565 |
+ if (use_fxsr()) { |
566 |
+diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c |
567 |
+index 2ad57cc14b83f..451435d7ff413 100644 |
568 |
+--- a/arch/x86/kernel/fpu/xstate.c |
569 |
++++ b/arch/x86/kernel/fpu/xstate.c |
570 |
+@@ -440,6 +440,25 @@ static void __init print_xstate_offset_size(void) |
571 |
+ } |
572 |
+ } |
573 |
+ |
574 |
++/* |
575 |
++ * All supported features have either init state all zeros or are |
576 |
++ * handled in setup_init_fpu() individually. This is an explicit |
577 |
++ * feature list and does not use XFEATURE_MASK*SUPPORTED to catch |
578 |
++ * newly added supported features at build time and make people |
579 |
++ * actually look at the init state for the new feature. |
580 |
++ */ |
581 |
++#define XFEATURES_INIT_FPSTATE_HANDLED \ |
582 |
++ (XFEATURE_MASK_FP | \ |
583 |
++ XFEATURE_MASK_SSE | \ |
584 |
++ XFEATURE_MASK_YMM | \ |
585 |
++ XFEATURE_MASK_OPMASK | \ |
586 |
++ XFEATURE_MASK_ZMM_Hi256 | \ |
587 |
++ XFEATURE_MASK_Hi16_ZMM | \ |
588 |
++ XFEATURE_MASK_PKRU | \ |
589 |
++ XFEATURE_MASK_BNDREGS | \ |
590 |
++ XFEATURE_MASK_BNDCSR | \ |
591 |
++ XFEATURE_MASK_PASID) |
592 |
++ |
593 |
+ /* |
594 |
+ * setup the xstate image representing the init state |
595 |
+ */ |
596 |
+@@ -447,6 +466,10 @@ static void __init setup_init_fpu_buf(void) |
597 |
+ { |
598 |
+ static int on_boot_cpu __initdata = 1; |
599 |
+ |
600 |
++ BUILD_BUG_ON((XFEATURE_MASK_USER_SUPPORTED | |
601 |
++ XFEATURE_MASK_SUPERVISOR_SUPPORTED) != |
602 |
++ XFEATURES_INIT_FPSTATE_HANDLED); |
603 |
++ |
604 |
+ WARN_ON_FPU(!on_boot_cpu); |
605 |
+ on_boot_cpu = 0; |
606 |
+ |
607 |
+@@ -466,10 +489,22 @@ static void __init setup_init_fpu_buf(void) |
608 |
+ copy_kernel_to_xregs_booting(&init_fpstate.xsave); |
609 |
+ |
610 |
+ /* |
611 |
+- * Dump the init state again. This is to identify the init state |
612 |
+- * of any feature which is not represented by all zero's. |
613 |
++ * All components are now in init state. Read the state back so |
614 |
++ * that init_fpstate contains all non-zero init state. This only |
615 |
++ * works with XSAVE, but not with XSAVEOPT and XSAVES because |
616 |
++ * those use the init optimization which skips writing data for |
617 |
++ * components in init state. |
618 |
++ * |
619 |
++ * XSAVE could be used, but that would require to reshuffle the |
620 |
++ * data when XSAVES is available because XSAVES uses xstate |
621 |
++ * compaction. But doing so is a pointless exercise because most |
622 |
++ * components have an all zeros init state except for the legacy |
623 |
++ * ones (FP and SSE). Those can be saved with FXSAVE into the |
624 |
++ * legacy area. Adding new features requires to ensure that init |
625 |
++ * state is all zeroes or if not to add the necessary handling |
626 |
++ * here. |
627 |
+ */ |
628 |
+- copy_xregs_to_kernel_booting(&init_fpstate.xsave); |
629 |
++ fxsave(&init_fpstate.fxsave); |
630 |
+ } |
631 |
+ |
632 |
+ static int xfeature_uncompacted_offset(int xfeature_nr) |
633 |
+diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c |
634 |
+index dbc6214d69def..8f3b438f6fd3b 100644 |
635 |
+--- a/arch/x86/kvm/svm/sev.c |
636 |
++++ b/arch/x86/kvm/svm/sev.c |
637 |
+@@ -143,9 +143,25 @@ static void sev_asid_free(int asid) |
638 |
+ mutex_unlock(&sev_bitmap_lock); |
639 |
+ } |
640 |
+ |
641 |
+-static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) |
642 |
++static void sev_decommission(unsigned int handle) |
643 |
+ { |
644 |
+ struct sev_data_decommission *decommission; |
645 |
++ |
646 |
++ if (!handle) |
647 |
++ return; |
648 |
++ |
649 |
++ decommission = kzalloc(sizeof(*decommission), GFP_KERNEL); |
650 |
++ if (!decommission) |
651 |
++ return; |
652 |
++ |
653 |
++ decommission->handle = handle; |
654 |
++ sev_guest_decommission(decommission, NULL); |
655 |
++ |
656 |
++ kfree(decommission); |
657 |
++} |
658 |
++ |
659 |
++static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) |
660 |
++{ |
661 |
+ struct sev_data_deactivate *data; |
662 |
+ |
663 |
+ if (!handle) |
664 |
+@@ -165,15 +181,7 @@ static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) |
665 |
+ |
666 |
+ kfree(data); |
667 |
+ |
668 |
+- decommission = kzalloc(sizeof(*decommission), GFP_KERNEL); |
669 |
+- if (!decommission) |
670 |
+- return; |
671 |
+- |
672 |
+- /* decommission handle */ |
673 |
+- decommission->handle = handle; |
674 |
+- sev_guest_decommission(decommission, NULL); |
675 |
+- |
676 |
+- kfree(decommission); |
677 |
++ sev_decommission(handle); |
678 |
+ } |
679 |
+ |
680 |
+ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) |
681 |
+@@ -303,8 +311,10 @@ static int sev_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) |
682 |
+ |
683 |
+ /* Bind ASID to this guest */ |
684 |
+ ret = sev_bind_asid(kvm, start->handle, error); |
685 |
+- if (ret) |
686 |
++ if (ret) { |
687 |
++ sev_decommission(start->handle); |
688 |
+ goto e_free_session; |
689 |
++ } |
690 |
+ |
691 |
+ /* return handle to userspace */ |
692 |
+ params.handle = start->handle; |
693 |
+diff --git a/arch/x86/pci/fixup.c b/arch/x86/pci/fixup.c |
694 |
+index 0a0e168be1cbe..9b0e771302cee 100644 |
695 |
+--- a/arch/x86/pci/fixup.c |
696 |
++++ b/arch/x86/pci/fixup.c |
697 |
+@@ -779,4 +779,48 @@ DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_AMD, 0x1571, pci_amd_enable_64bit_bar); |
698 |
+ DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_AMD, 0x15b1, pci_amd_enable_64bit_bar); |
699 |
+ DECLARE_PCI_FIXUP_RESUME(PCI_VENDOR_ID_AMD, 0x1601, pci_amd_enable_64bit_bar); |
700 |
+ |
701 |
++#define RS690_LOWER_TOP_OF_DRAM2 0x30 |
702 |
++#define RS690_LOWER_TOP_OF_DRAM2_VALID 0x1 |
703 |
++#define RS690_UPPER_TOP_OF_DRAM2 0x31 |
704 |
++#define RS690_HTIU_NB_INDEX 0xA8 |
705 |
++#define RS690_HTIU_NB_INDEX_WR_ENABLE 0x100 |
706 |
++#define RS690_HTIU_NB_DATA 0xAC |
707 |
++ |
708 |
++/* |
709 |
++ * Some BIOS implementations support RAM above 4GB, but do not configure the |
710 |
++ * PCI host to respond to bus master accesses for these addresses. These |
711 |
++ * implementations set the TOP_OF_DRAM_SLOT1 register correctly, so PCI DMA |
712 |
++ * works as expected for addresses below 4GB. |
713 |
++ * |
714 |
++ * Reference: "AMD RS690 ASIC Family Register Reference Guide" (pg. 2-57) |
715 |
++ * https://www.amd.com/system/files/TechDocs/43372_rs690_rrg_3.00o.pdf |
716 |
++ */ |
717 |
++static void rs690_fix_64bit_dma(struct pci_dev *pdev) |
718 |
++{ |
719 |
++ u32 val = 0; |
720 |
++ phys_addr_t top_of_dram = __pa(high_memory - 1) + 1; |
721 |
++ |
722 |
++ if (top_of_dram <= (1ULL << 32)) |
723 |
++ return; |
724 |
++ |
725 |
++ pci_write_config_dword(pdev, RS690_HTIU_NB_INDEX, |
726 |
++ RS690_LOWER_TOP_OF_DRAM2); |
727 |
++ pci_read_config_dword(pdev, RS690_HTIU_NB_DATA, &val); |
728 |
++ |
729 |
++ if (val) |
730 |
++ return; |
731 |
++ |
732 |
++ pci_info(pdev, "Adjusting top of DRAM to %pa for 64-bit DMA support\n", &top_of_dram); |
733 |
++ |
734 |
++ pci_write_config_dword(pdev, RS690_HTIU_NB_INDEX, |
735 |
++ RS690_UPPER_TOP_OF_DRAM2 | RS690_HTIU_NB_INDEX_WR_ENABLE); |
736 |
++ pci_write_config_dword(pdev, RS690_HTIU_NB_DATA, top_of_dram >> 32); |
737 |
++ |
738 |
++ pci_write_config_dword(pdev, RS690_HTIU_NB_INDEX, |
739 |
++ RS690_LOWER_TOP_OF_DRAM2 | RS690_HTIU_NB_INDEX_WR_ENABLE); |
740 |
++ pci_write_config_dword(pdev, RS690_HTIU_NB_DATA, |
741 |
++ top_of_dram | RS690_LOWER_TOP_OF_DRAM2_VALID); |
742 |
++} |
743 |
++DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_ATI, 0x7910, rs690_fix_64bit_dma); |
744 |
++ |
745 |
+ #endif |
746 |
+diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c |
747 |
+index 8183ddb3700c4..64db5852432e7 100644 |
748 |
+--- a/arch/x86/xen/enlighten_pv.c |
749 |
++++ b/arch/x86/xen/enlighten_pv.c |
750 |
+@@ -592,8 +592,10 @@ DEFINE_IDTENTRY_RAW(xenpv_exc_debug) |
751 |
+ DEFINE_IDTENTRY_RAW(exc_xen_unknown_trap) |
752 |
+ { |
753 |
+ /* This should never happen and there is no way to handle it. */ |
754 |
++ instrumentation_begin(); |
755 |
+ pr_err("Unknown trap in Xen PV mode."); |
756 |
+ BUG(); |
757 |
++ instrumentation_end(); |
758 |
+ } |
759 |
+ |
760 |
+ #ifdef CONFIG_X86_MCE |
761 |
+diff --git a/certs/Kconfig b/certs/Kconfig |
762 |
+index c94e93d8bccf0..ab88d2a7f3c7f 100644 |
763 |
+--- a/certs/Kconfig |
764 |
++++ b/certs/Kconfig |
765 |
+@@ -83,4 +83,21 @@ config SYSTEM_BLACKLIST_HASH_LIST |
766 |
+ wrapper to incorporate the list into the kernel. Each <hash> should |
767 |
+ be a string of hex digits. |
768 |
+ |
769 |
++config SYSTEM_REVOCATION_LIST |
770 |
++ bool "Provide system-wide ring of revocation certificates" |
771 |
++ depends on SYSTEM_BLACKLIST_KEYRING |
772 |
++ depends on PKCS7_MESSAGE_PARSER=y |
773 |
++ help |
774 |
++ If set, this allows revocation certificates to be stored in the |
775 |
++ blacklist keyring and implements a hook whereby a PKCS#7 message can |
776 |
++ be checked to see if it matches such a certificate. |
777 |
++ |
778 |
++config SYSTEM_REVOCATION_KEYS |
779 |
++ string "X.509 certificates to be preloaded into the system blacklist keyring" |
780 |
++ depends on SYSTEM_REVOCATION_LIST |
781 |
++ help |
782 |
++ If set, this option should be the filename of a PEM-formatted file |
783 |
++ containing X.509 certificates to be included in the default blacklist |
784 |
++ keyring. |
785 |
++ |
786 |
+ endmenu |
787 |
+diff --git a/certs/Makefile b/certs/Makefile |
788 |
+index f4c25b67aad90..b6db52ebf0beb 100644 |
789 |
+--- a/certs/Makefile |
790 |
++++ b/certs/Makefile |
791 |
+@@ -3,8 +3,9 @@ |
792 |
+ # Makefile for the linux kernel signature checking certificates. |
793 |
+ # |
794 |
+ |
795 |
+-obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o |
796 |
+-obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o |
797 |
++obj-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += system_keyring.o system_certificates.o common.o |
798 |
++obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist.o common.o |
799 |
++obj-$(CONFIG_SYSTEM_REVOCATION_LIST) += revocation_certificates.o |
800 |
+ ifneq ($(CONFIG_SYSTEM_BLACKLIST_HASH_LIST),"") |
801 |
+ obj-$(CONFIG_SYSTEM_BLACKLIST_KEYRING) += blacklist_hashes.o |
802 |
+ else |
803 |
+@@ -29,7 +30,7 @@ $(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREF |
804 |
+ $(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS)) |
805 |
+ endif # CONFIG_SYSTEM_TRUSTED_KEYRING |
806 |
+ |
807 |
+-clean-files := x509_certificate_list .x509.list |
808 |
++clean-files := x509_certificate_list .x509.list x509_revocation_list |
809 |
+ |
810 |
+ ifeq ($(CONFIG_MODULE_SIG),y) |
811 |
+ ############################################################################### |
812 |
+@@ -104,3 +105,17 @@ targets += signing_key.x509 |
813 |
+ $(obj)/signing_key.x509: scripts/extract-cert $(X509_DEP) FORCE |
814 |
+ $(call if_changed,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY)) |
815 |
+ endif # CONFIG_MODULE_SIG |
816 |
++ |
817 |
++ifeq ($(CONFIG_SYSTEM_REVOCATION_LIST),y) |
818 |
++ |
819 |
++$(eval $(call config_filename,SYSTEM_REVOCATION_KEYS)) |
820 |
++ |
821 |
++$(obj)/revocation_certificates.o: $(obj)/x509_revocation_list |
822 |
++ |
823 |
++quiet_cmd_extract_certs = EXTRACT_CERTS $(patsubst "%",%,$(2)) |
824 |
++ cmd_extract_certs = scripts/extract-cert $(2) $@ |
825 |
++ |
826 |
++targets += x509_revocation_list |
827 |
++$(obj)/x509_revocation_list: scripts/extract-cert $(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(SYSTEM_REVOCATION_KEYS_FILENAME) FORCE |
828 |
++ $(call if_changed,extract_certs,$(SYSTEM_REVOCATION_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_REVOCATION_KEYS)) |
829 |
++endif |
830 |
+diff --git a/certs/blacklist.c b/certs/blacklist.c |
831 |
+index bffe4c6f4a9e2..c9a435b15af40 100644 |
832 |
+--- a/certs/blacklist.c |
833 |
++++ b/certs/blacklist.c |
834 |
+@@ -17,9 +17,15 @@ |
835 |
+ #include <linux/uidgid.h> |
836 |
+ #include <keys/system_keyring.h> |
837 |
+ #include "blacklist.h" |
838 |
++#include "common.h" |
839 |
+ |
840 |
+ static struct key *blacklist_keyring; |
841 |
+ |
842 |
++#ifdef CONFIG_SYSTEM_REVOCATION_LIST |
843 |
++extern __initconst const u8 revocation_certificate_list[]; |
844 |
++extern __initconst const unsigned long revocation_certificate_list_size; |
845 |
++#endif |
846 |
++ |
847 |
+ /* |
848 |
+ * The description must be a type prefix, a colon and then an even number of |
849 |
+ * hex digits. The hash is kept in the description. |
850 |
+@@ -145,6 +151,49 @@ int is_binary_blacklisted(const u8 *hash, size_t hash_len) |
851 |
+ } |
852 |
+ EXPORT_SYMBOL_GPL(is_binary_blacklisted); |
853 |
+ |
854 |
++#ifdef CONFIG_SYSTEM_REVOCATION_LIST |
855 |
++/** |
856 |
++ * add_key_to_revocation_list - Add a revocation certificate to the blacklist |
857 |
++ * @data: The data blob containing the certificate |
858 |
++ * @size: The size of data blob |
859 |
++ */ |
860 |
++int add_key_to_revocation_list(const char *data, size_t size) |
861 |
++{ |
862 |
++ key_ref_t key; |
863 |
++ |
864 |
++ key = key_create_or_update(make_key_ref(blacklist_keyring, true), |
865 |
++ "asymmetric", |
866 |
++ NULL, |
867 |
++ data, |
868 |
++ size, |
869 |
++ ((KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW), |
870 |
++ KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN); |
871 |
++ |
872 |
++ if (IS_ERR(key)) { |
873 |
++ pr_err("Problem with revocation key (%ld)\n", PTR_ERR(key)); |
874 |
++ return PTR_ERR(key); |
875 |
++ } |
876 |
++ |
877 |
++ return 0; |
878 |
++} |
879 |
++ |
880 |
++/** |
881 |
++ * is_key_on_revocation_list - Determine if the key for a PKCS#7 message is revoked |
882 |
++ * @pkcs7: The PKCS#7 message to check |
883 |
++ */ |
884 |
++int is_key_on_revocation_list(struct pkcs7_message *pkcs7) |
885 |
++{ |
886 |
++ int ret; |
887 |
++ |
888 |
++ ret = pkcs7_validate_trust(pkcs7, blacklist_keyring); |
889 |
++ |
890 |
++ if (ret == 0) |
891 |
++ return -EKEYREJECTED; |
892 |
++ |
893 |
++ return -ENOKEY; |
894 |
++} |
895 |
++#endif |
896 |
++ |
897 |
+ /* |
898 |
+ * Initialise the blacklist |
899 |
+ */ |
900 |
+@@ -177,3 +226,18 @@ static int __init blacklist_init(void) |
901 |
+ * Must be initialised before we try and load the keys into the keyring. |
902 |
+ */ |
903 |
+ device_initcall(blacklist_init); |
904 |
++ |
905 |
++#ifdef CONFIG_SYSTEM_REVOCATION_LIST |
906 |
++/* |
907 |
++ * Load the compiled-in list of revocation X.509 certificates. |
908 |
++ */ |
909 |
++static __init int load_revocation_certificate_list(void) |
910 |
++{ |
911 |
++ if (revocation_certificate_list_size) |
912 |
++ pr_notice("Loading compiled-in revocation X.509 certificates\n"); |
913 |
++ |
914 |
++ return load_certificate_list(revocation_certificate_list, revocation_certificate_list_size, |
915 |
++ blacklist_keyring); |
916 |
++} |
917 |
++late_initcall(load_revocation_certificate_list); |
918 |
++#endif |
919 |
+diff --git a/certs/blacklist.h b/certs/blacklist.h |
920 |
+index 1efd6fa0dc608..51b320cf85749 100644 |
921 |
+--- a/certs/blacklist.h |
922 |
++++ b/certs/blacklist.h |
923 |
+@@ -1,3 +1,5 @@ |
924 |
+ #include <linux/kernel.h> |
925 |
++#include <linux/errno.h> |
926 |
++#include <crypto/pkcs7.h> |
927 |
+ |
928 |
+ extern const char __initconst *const blacklist_hashes[]; |
929 |
+diff --git a/certs/common.c b/certs/common.c |
930 |
+new file mode 100644 |
931 |
+index 0000000000000..16a220887a53e |
932 |
+--- /dev/null |
933 |
++++ b/certs/common.c |
934 |
+@@ -0,0 +1,57 @@ |
935 |
++// SPDX-License-Identifier: GPL-2.0-or-later |
936 |
++ |
937 |
++#include <linux/kernel.h> |
938 |
++#include <linux/key.h> |
939 |
++#include "common.h" |
940 |
++ |
941 |
++int load_certificate_list(const u8 cert_list[], |
942 |
++ const unsigned long list_size, |
943 |
++ const struct key *keyring) |
944 |
++{ |
945 |
++ key_ref_t key; |
946 |
++ const u8 *p, *end; |
947 |
++ size_t plen; |
948 |
++ |
949 |
++ p = cert_list; |
950 |
++ end = p + list_size; |
951 |
++ while (p < end) { |
952 |
++ /* Each cert begins with an ASN.1 SEQUENCE tag and must be more |
953 |
++ * than 256 bytes in size. |
954 |
++ */ |
955 |
++ if (end - p < 4) |
956 |
++ goto dodgy_cert; |
957 |
++ if (p[0] != 0x30 && |
958 |
++ p[1] != 0x82) |
959 |
++ goto dodgy_cert; |
960 |
++ plen = (p[2] << 8) | p[3]; |
961 |
++ plen += 4; |
962 |
++ if (plen > end - p) |
963 |
++ goto dodgy_cert; |
964 |
++ |
965 |
++ key = key_create_or_update(make_key_ref(keyring, 1), |
966 |
++ "asymmetric", |
967 |
++ NULL, |
968 |
++ p, |
969 |
++ plen, |
970 |
++ ((KEY_POS_ALL & ~KEY_POS_SETATTR) | |
971 |
++ KEY_USR_VIEW | KEY_USR_READ), |
972 |
++ KEY_ALLOC_NOT_IN_QUOTA | |
973 |
++ KEY_ALLOC_BUILT_IN | |
974 |
++ KEY_ALLOC_BYPASS_RESTRICTION); |
975 |
++ if (IS_ERR(key)) { |
976 |
++ pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", |
977 |
++ PTR_ERR(key)); |
978 |
++ } else { |
979 |
++ pr_notice("Loaded X.509 cert '%s'\n", |
980 |
++ key_ref_to_ptr(key)->description); |
981 |
++ key_ref_put(key); |
982 |
++ } |
983 |
++ p += plen; |
984 |
++ } |
985 |
++ |
986 |
++ return 0; |
987 |
++ |
988 |
++dodgy_cert: |
989 |
++ pr_err("Problem parsing in-kernel X.509 certificate list\n"); |
990 |
++ return 0; |
991 |
++} |
992 |
+diff --git a/certs/common.h b/certs/common.h |
993 |
+new file mode 100644 |
994 |
+index 0000000000000..abdb5795936b7 |
995 |
+--- /dev/null |
996 |
++++ b/certs/common.h |
997 |
+@@ -0,0 +1,9 @@ |
998 |
++/* SPDX-License-Identifier: GPL-2.0-or-later */ |
999 |
++ |
1000 |
++#ifndef _CERT_COMMON_H |
1001 |
++#define _CERT_COMMON_H |
1002 |
++ |
1003 |
++int load_certificate_list(const u8 cert_list[], const unsigned long list_size, |
1004 |
++ const struct key *keyring); |
1005 |
++ |
1006 |
++#endif |
1007 |
+diff --git a/certs/revocation_certificates.S b/certs/revocation_certificates.S |
1008 |
+new file mode 100644 |
1009 |
+index 0000000000000..f21aae8a8f0ef |
1010 |
+--- /dev/null |
1011 |
++++ b/certs/revocation_certificates.S |
1012 |
+@@ -0,0 +1,21 @@ |
1013 |
++/* SPDX-License-Identifier: GPL-2.0 */ |
1014 |
++#include <linux/export.h> |
1015 |
++#include <linux/init.h> |
1016 |
++ |
1017 |
++ __INITRODATA |
1018 |
++ |
1019 |
++ .align 8 |
1020 |
++ .globl revocation_certificate_list |
1021 |
++revocation_certificate_list: |
1022 |
++__revocation_list_start: |
1023 |
++ .incbin "certs/x509_revocation_list" |
1024 |
++__revocation_list_end: |
1025 |
++ |
1026 |
++ .align 8 |
1027 |
++ .globl revocation_certificate_list_size |
1028 |
++revocation_certificate_list_size: |
1029 |
++#ifdef CONFIG_64BIT |
1030 |
++ .quad __revocation_list_end - __revocation_list_start |
1031 |
++#else |
1032 |
++ .long __revocation_list_end - __revocation_list_start |
1033 |
++#endif |
1034 |
+diff --git a/certs/system_keyring.c b/certs/system_keyring.c |
1035 |
+index 4b693da488f14..0c9a4795e847b 100644 |
1036 |
+--- a/certs/system_keyring.c |
1037 |
++++ b/certs/system_keyring.c |
1038 |
+@@ -16,6 +16,7 @@ |
1039 |
+ #include <keys/asymmetric-type.h> |
1040 |
+ #include <keys/system_keyring.h> |
1041 |
+ #include <crypto/pkcs7.h> |
1042 |
++#include "common.h" |
1043 |
+ |
1044 |
+ static struct key *builtin_trusted_keys; |
1045 |
+ #ifdef CONFIG_SECONDARY_TRUSTED_KEYRING |
1046 |
+@@ -137,54 +138,10 @@ device_initcall(system_trusted_keyring_init); |
1047 |
+ */ |
1048 |
+ static __init int load_system_certificate_list(void) |
1049 |
+ { |
1050 |
+- key_ref_t key; |
1051 |
+- const u8 *p, *end; |
1052 |
+- size_t plen; |
1053 |
+- |
1054 |
+ pr_notice("Loading compiled-in X.509 certificates\n"); |
1055 |
+ |
1056 |
+- p = system_certificate_list; |
1057 |
+- end = p + system_certificate_list_size; |
1058 |
+- while (p < end) { |
1059 |
+- /* Each cert begins with an ASN.1 SEQUENCE tag and must be more |
1060 |
+- * than 256 bytes in size. |
1061 |
+- */ |
1062 |
+- if (end - p < 4) |
1063 |
+- goto dodgy_cert; |
1064 |
+- if (p[0] != 0x30 && |
1065 |
+- p[1] != 0x82) |
1066 |
+- goto dodgy_cert; |
1067 |
+- plen = (p[2] << 8) | p[3]; |
1068 |
+- plen += 4; |
1069 |
+- if (plen > end - p) |
1070 |
+- goto dodgy_cert; |
1071 |
+- |
1072 |
+- key = key_create_or_update(make_key_ref(builtin_trusted_keys, 1), |
1073 |
+- "asymmetric", |
1074 |
+- NULL, |
1075 |
+- p, |
1076 |
+- plen, |
1077 |
+- ((KEY_POS_ALL & ~KEY_POS_SETATTR) | |
1078 |
+- KEY_USR_VIEW | KEY_USR_READ), |
1079 |
+- KEY_ALLOC_NOT_IN_QUOTA | |
1080 |
+- KEY_ALLOC_BUILT_IN | |
1081 |
+- KEY_ALLOC_BYPASS_RESTRICTION); |
1082 |
+- if (IS_ERR(key)) { |
1083 |
+- pr_err("Problem loading in-kernel X.509 certificate (%ld)\n", |
1084 |
+- PTR_ERR(key)); |
1085 |
+- } else { |
1086 |
+- pr_notice("Loaded X.509 cert '%s'\n", |
1087 |
+- key_ref_to_ptr(key)->description); |
1088 |
+- key_ref_put(key); |
1089 |
+- } |
1090 |
+- p += plen; |
1091 |
+- } |
1092 |
+- |
1093 |
+- return 0; |
1094 |
+- |
1095 |
+-dodgy_cert: |
1096 |
+- pr_err("Problem parsing in-kernel X.509 certificate list\n"); |
1097 |
+- return 0; |
1098 |
++ return load_certificate_list(system_certificate_list, system_certificate_list_size, |
1099 |
++ builtin_trusted_keys); |
1100 |
+ } |
1101 |
+ late_initcall(load_system_certificate_list); |
1102 |
+ |
1103 |
+@@ -242,6 +199,12 @@ int verify_pkcs7_message_sig(const void *data, size_t len, |
1104 |
+ pr_devel("PKCS#7 platform keyring is not available\n"); |
1105 |
+ goto error; |
1106 |
+ } |
1107 |
++ |
1108 |
++ ret = is_key_on_revocation_list(pkcs7); |
1109 |
++ if (ret != -ENOKEY) { |
1110 |
++ pr_devel("PKCS#7 platform key is on revocation list\n"); |
1111 |
++ goto error; |
1112 |
++ } |
1113 |
+ } |
1114 |
+ ret = pkcs7_validate_trust(pkcs7, trusted_keys); |
1115 |
+ if (ret < 0) { |
1116 |
+diff --git a/drivers/base/swnode.c b/drivers/base/swnode.c |
1117 |
+index 88310ac9ce906..62c536f9d9258 100644 |
1118 |
+--- a/drivers/base/swnode.c |
1119 |
++++ b/drivers/base/swnode.c |
1120 |
+@@ -1032,7 +1032,15 @@ int device_add_software_node(struct device *dev, const struct software_node *nod |
1121 |
+ } |
1122 |
+ |
1123 |
+ set_secondary_fwnode(dev, &swnode->fwnode); |
1124 |
+- software_node_notify(dev, KOBJ_ADD); |
1125 |
++ |
1126 |
++ /* |
1127 |
++ * If the device has been fully registered by the time this function is |
1128 |
++ * called, software_node_notify() must be called separately so that the |
1129 |
++ * symlinks get created and the reference count of the node is kept in |
1130 |
++ * balance. |
1131 |
++ */ |
1132 |
++ if (device_is_registered(dev)) |
1133 |
++ software_node_notify(dev, KOBJ_ADD); |
1134 |
+ |
1135 |
+ return 0; |
1136 |
+ } |
1137 |
+@@ -1052,7 +1060,8 @@ void device_remove_software_node(struct device *dev) |
1138 |
+ if (!swnode) |
1139 |
+ return; |
1140 |
+ |
1141 |
+- software_node_notify(dev, KOBJ_REMOVE); |
1142 |
++ if (device_is_registered(dev)) |
1143 |
++ software_node_notify(dev, KOBJ_REMOVE); |
1144 |
+ set_secondary_fwnode(dev, NULL); |
1145 |
+ kobject_put(&swnode->kobj); |
1146 |
+ } |
1147 |
+@@ -1106,8 +1115,7 @@ int software_node_notify(struct device *dev, unsigned long action) |
1148 |
+ |
1149 |
+ switch (action) { |
1150 |
+ case KOBJ_ADD: |
1151 |
+- ret = sysfs_create_link_nowarn(&dev->kobj, &swnode->kobj, |
1152 |
+- "software_node"); |
1153 |
++ ret = sysfs_create_link(&dev->kobj, &swnode->kobj, "software_node"); |
1154 |
+ if (ret) |
1155 |
+ break; |
1156 |
+ |
1157 |
+diff --git a/drivers/dma/Kconfig b/drivers/dma/Kconfig |
1158 |
+index 03b1b03349477..c42b17b76640e 100644 |
1159 |
+--- a/drivers/dma/Kconfig |
1160 |
++++ b/drivers/dma/Kconfig |
1161 |
+@@ -690,6 +690,7 @@ config XILINX_ZYNQMP_DMA |
1162 |
+ |
1163 |
+ config XILINX_ZYNQMP_DPDMA |
1164 |
+ tristate "Xilinx DPDMA Engine" |
1165 |
++ depends on HAS_IOMEM && OF |
1166 |
+ select DMA_ENGINE |
1167 |
+ select DMA_VIRTUAL_CHANNELS |
1168 |
+ help |
1169 |
+diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c |
1170 |
+index 1d8a3876b7452..5ba8e8bc609fc 100644 |
1171 |
+--- a/drivers/dma/idxd/cdev.c |
1172 |
++++ b/drivers/dma/idxd/cdev.c |
1173 |
+@@ -110,6 +110,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp) |
1174 |
+ pasid = iommu_sva_get_pasid(sva); |
1175 |
+ if (pasid == IOMMU_PASID_INVALID) { |
1176 |
+ iommu_sva_unbind_device(sva); |
1177 |
++ rc = -EINVAL; |
1178 |
+ goto failed; |
1179 |
+ } |
1180 |
+ |
1181 |
+diff --git a/drivers/dma/mediatek/mtk-uart-apdma.c b/drivers/dma/mediatek/mtk-uart-apdma.c |
1182 |
+index 27c07350971dd..375e7e647df6b 100644 |
1183 |
+--- a/drivers/dma/mediatek/mtk-uart-apdma.c |
1184 |
++++ b/drivers/dma/mediatek/mtk-uart-apdma.c |
1185 |
+@@ -131,10 +131,7 @@ static unsigned int mtk_uart_apdma_read(struct mtk_chan *c, unsigned int reg) |
1186 |
+ |
1187 |
+ static void mtk_uart_apdma_desc_free(struct virt_dma_desc *vd) |
1188 |
+ { |
1189 |
+- struct dma_chan *chan = vd->tx.chan; |
1190 |
+- struct mtk_chan *c = to_mtk_uart_apdma_chan(chan); |
1191 |
+- |
1192 |
+- kfree(c->desc); |
1193 |
++ kfree(container_of(vd, struct mtk_uart_apdma_desc, vd)); |
1194 |
+ } |
1195 |
+ |
1196 |
+ static void mtk_uart_apdma_start_tx(struct mtk_chan *c) |
1197 |
+@@ -207,14 +204,9 @@ static void mtk_uart_apdma_start_rx(struct mtk_chan *c) |
1198 |
+ |
1199 |
+ static void mtk_uart_apdma_tx_handler(struct mtk_chan *c) |
1200 |
+ { |
1201 |
+- struct mtk_uart_apdma_desc *d = c->desc; |
1202 |
+- |
1203 |
+ mtk_uart_apdma_write(c, VFF_INT_FLAG, VFF_TX_INT_CLR_B); |
1204 |
+ mtk_uart_apdma_write(c, VFF_INT_EN, VFF_INT_EN_CLR_B); |
1205 |
+ mtk_uart_apdma_write(c, VFF_EN, VFF_EN_CLR_B); |
1206 |
+- |
1207 |
+- list_del(&d->vd.node); |
1208 |
+- vchan_cookie_complete(&d->vd); |
1209 |
+ } |
1210 |
+ |
1211 |
+ static void mtk_uart_apdma_rx_handler(struct mtk_chan *c) |
1212 |
+@@ -245,9 +237,17 @@ static void mtk_uart_apdma_rx_handler(struct mtk_chan *c) |
1213 |
+ |
1214 |
+ c->rx_status = d->avail_len - cnt; |
1215 |
+ mtk_uart_apdma_write(c, VFF_RPT, wg); |
1216 |
++} |
1217 |
+ |
1218 |
+- list_del(&d->vd.node); |
1219 |
+- vchan_cookie_complete(&d->vd); |
1220 |
++static void mtk_uart_apdma_chan_complete_handler(struct mtk_chan *c) |
1221 |
++{ |
1222 |
++ struct mtk_uart_apdma_desc *d = c->desc; |
1223 |
++ |
1224 |
++ if (d) { |
1225 |
++ list_del(&d->vd.node); |
1226 |
++ vchan_cookie_complete(&d->vd); |
1227 |
++ c->desc = NULL; |
1228 |
++ } |
1229 |
+ } |
1230 |
+ |
1231 |
+ static irqreturn_t mtk_uart_apdma_irq_handler(int irq, void *dev_id) |
1232 |
+@@ -261,6 +261,7 @@ static irqreturn_t mtk_uart_apdma_irq_handler(int irq, void *dev_id) |
1233 |
+ mtk_uart_apdma_rx_handler(c); |
1234 |
+ else if (c->dir == DMA_MEM_TO_DEV) |
1235 |
+ mtk_uart_apdma_tx_handler(c); |
1236 |
++ mtk_uart_apdma_chan_complete_handler(c); |
1237 |
+ spin_unlock_irqrestore(&c->vc.lock, flags); |
1238 |
+ |
1239 |
+ return IRQ_HANDLED; |
1240 |
+@@ -348,7 +349,7 @@ static struct dma_async_tx_descriptor *mtk_uart_apdma_prep_slave_sg |
1241 |
+ return NULL; |
1242 |
+ |
1243 |
+ /* Now allocate and setup the descriptor */ |
1244 |
+- d = kzalloc(sizeof(*d), GFP_ATOMIC); |
1245 |
++ d = kzalloc(sizeof(*d), GFP_NOWAIT); |
1246 |
+ if (!d) |
1247 |
+ return NULL; |
1248 |
+ |
1249 |
+@@ -366,7 +367,7 @@ static void mtk_uart_apdma_issue_pending(struct dma_chan *chan) |
1250 |
+ unsigned long flags; |
1251 |
+ |
1252 |
+ spin_lock_irqsave(&c->vc.lock, flags); |
1253 |
+- if (vchan_issue_pending(&c->vc)) { |
1254 |
++ if (vchan_issue_pending(&c->vc) && !c->desc) { |
1255 |
+ vd = vchan_next_desc(&c->vc); |
1256 |
+ c->desc = to_mtk_uart_apdma_desc(&vd->tx); |
1257 |
+ |
1258 |
+diff --git a/drivers/dma/sh/rcar-dmac.c b/drivers/dma/sh/rcar-dmac.c |
1259 |
+index d530c1bf11d97..6885b3dcd7a97 100644 |
1260 |
+--- a/drivers/dma/sh/rcar-dmac.c |
1261 |
++++ b/drivers/dma/sh/rcar-dmac.c |
1262 |
+@@ -1913,7 +1913,7 @@ static int rcar_dmac_probe(struct platform_device *pdev) |
1263 |
+ |
1264 |
+ /* Enable runtime PM and initialize the device. */ |
1265 |
+ pm_runtime_enable(&pdev->dev); |
1266 |
+- ret = pm_runtime_get_sync(&pdev->dev); |
1267 |
++ ret = pm_runtime_resume_and_get(&pdev->dev); |
1268 |
+ if (ret < 0) { |
1269 |
+ dev_err(&pdev->dev, "runtime PM get sync failed (%d)\n", ret); |
1270 |
+ return ret; |
1271 |
+diff --git a/drivers/dma/stm32-mdma.c b/drivers/dma/stm32-mdma.c |
1272 |
+index 36ba8b43e78de..18cbd1e43c2e8 100644 |
1273 |
+--- a/drivers/dma/stm32-mdma.c |
1274 |
++++ b/drivers/dma/stm32-mdma.c |
1275 |
+@@ -1452,7 +1452,7 @@ static int stm32_mdma_alloc_chan_resources(struct dma_chan *c) |
1276 |
+ return -ENOMEM; |
1277 |
+ } |
1278 |
+ |
1279 |
+- ret = pm_runtime_get_sync(dmadev->ddev.dev); |
1280 |
++ ret = pm_runtime_resume_and_get(dmadev->ddev.dev); |
1281 |
+ if (ret < 0) |
1282 |
+ return ret; |
1283 |
+ |
1284 |
+@@ -1718,7 +1718,7 @@ static int stm32_mdma_pm_suspend(struct device *dev) |
1285 |
+ u32 ccr, id; |
1286 |
+ int ret; |
1287 |
+ |
1288 |
+- ret = pm_runtime_get_sync(dev); |
1289 |
++ ret = pm_runtime_resume_and_get(dev); |
1290 |
+ if (ret < 0) |
1291 |
+ return ret; |
1292 |
+ |
1293 |
+diff --git a/drivers/dma/xilinx/xilinx_dpdma.c b/drivers/dma/xilinx/xilinx_dpdma.c |
1294 |
+index ff7dfb3fdeb47..6c709803203ad 100644 |
1295 |
+--- a/drivers/dma/xilinx/xilinx_dpdma.c |
1296 |
++++ b/drivers/dma/xilinx/xilinx_dpdma.c |
1297 |
+@@ -113,6 +113,7 @@ |
1298 |
+ #define XILINX_DPDMA_CH_VDO 0x020 |
1299 |
+ #define XILINX_DPDMA_CH_PYLD_SZ 0x024 |
1300 |
+ #define XILINX_DPDMA_CH_DESC_ID 0x028 |
1301 |
++#define XILINX_DPDMA_CH_DESC_ID_MASK GENMASK(15, 0) |
1302 |
+ |
1303 |
+ /* DPDMA descriptor fields */ |
1304 |
+ #define XILINX_DPDMA_DESC_CONTROL_PREEMBLE 0xa5 |
1305 |
+@@ -866,7 +867,8 @@ static void xilinx_dpdma_chan_queue_transfer(struct xilinx_dpdma_chan *chan) |
1306 |
+ * will be used, but it should be enough. |
1307 |
+ */ |
1308 |
+ list_for_each_entry(sw_desc, &desc->descriptors, node) |
1309 |
+- sw_desc->hw.desc_id = desc->vdesc.tx.cookie; |
1310 |
++ sw_desc->hw.desc_id = desc->vdesc.tx.cookie |
1311 |
++ & XILINX_DPDMA_CH_DESC_ID_MASK; |
1312 |
+ |
1313 |
+ sw_desc = list_first_entry(&desc->descriptors, |
1314 |
+ struct xilinx_dpdma_sw_desc, node); |
1315 |
+@@ -1086,7 +1088,8 @@ static void xilinx_dpdma_chan_vsync_irq(struct xilinx_dpdma_chan *chan) |
1316 |
+ if (!chan->running || !pending) |
1317 |
+ goto out; |
1318 |
+ |
1319 |
+- desc_id = dpdma_read(chan->reg, XILINX_DPDMA_CH_DESC_ID); |
1320 |
++ desc_id = dpdma_read(chan->reg, XILINX_DPDMA_CH_DESC_ID) |
1321 |
++ & XILINX_DPDMA_CH_DESC_ID_MASK; |
1322 |
+ |
1323 |
+ /* If the retrigger raced with vsync, retry at the next frame. */ |
1324 |
+ sw_desc = list_first_entry(&pending->descriptors, |
1325 |
+diff --git a/drivers/dma/xilinx/zynqmp_dma.c b/drivers/dma/xilinx/zynqmp_dma.c |
1326 |
+index d8419565b92cc..5fecf5aa6e858 100644 |
1327 |
+--- a/drivers/dma/xilinx/zynqmp_dma.c |
1328 |
++++ b/drivers/dma/xilinx/zynqmp_dma.c |
1329 |
+@@ -468,7 +468,7 @@ static int zynqmp_dma_alloc_chan_resources(struct dma_chan *dchan) |
1330 |
+ struct zynqmp_dma_desc_sw *desc; |
1331 |
+ int i, ret; |
1332 |
+ |
1333 |
+- ret = pm_runtime_get_sync(chan->dev); |
1334 |
++ ret = pm_runtime_resume_and_get(chan->dev); |
1335 |
+ if (ret < 0) |
1336 |
+ return ret; |
1337 |
+ |
1338 |
+diff --git a/drivers/gpio/gpiolib-cdev.c b/drivers/gpio/gpiolib-cdev.c |
1339 |
+index 1631727bf0da1..c7b5446d01fd2 100644 |
1340 |
+--- a/drivers/gpio/gpiolib-cdev.c |
1341 |
++++ b/drivers/gpio/gpiolib-cdev.c |
1342 |
+@@ -1880,6 +1880,7 @@ static void gpio_v2_line_info_changed_to_v1( |
1343 |
+ struct gpio_v2_line_info_changed *lic_v2, |
1344 |
+ struct gpioline_info_changed *lic_v1) |
1345 |
+ { |
1346 |
++ memset(lic_v1, 0, sizeof(*lic_v1)); |
1347 |
+ gpio_v2_line_info_to_v1(&lic_v2->info, &lic_v1->info); |
1348 |
+ lic_v1->timestamp = lic_v2->timestamp_ns; |
1349 |
+ lic_v1->event_type = lic_v2->event_type; |
1350 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c |
1351 |
+index 47e0b48dc26fd..1c4623d25a62a 100644 |
1352 |
+--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c |
1353 |
++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c |
1354 |
+@@ -214,9 +214,21 @@ static int amdgpu_dma_buf_pin(struct dma_buf_attachment *attach) |
1355 |
+ { |
1356 |
+ struct drm_gem_object *obj = attach->dmabuf->priv; |
1357 |
+ struct amdgpu_bo *bo = gem_to_amdgpu_bo(obj); |
1358 |
++ int r; |
1359 |
+ |
1360 |
+ /* pin buffer into GTT */ |
1361 |
+- return amdgpu_bo_pin(bo, AMDGPU_GEM_DOMAIN_GTT); |
1362 |
++ r = amdgpu_bo_pin(bo, AMDGPU_GEM_DOMAIN_GTT); |
1363 |
++ if (r) |
1364 |
++ return r; |
1365 |
++ |
1366 |
++ if (bo->tbo.moving) { |
1367 |
++ r = dma_fence_wait(bo->tbo.moving, true); |
1368 |
++ if (r) { |
1369 |
++ amdgpu_bo_unpin(bo); |
1370 |
++ return r; |
1371 |
++ } |
1372 |
++ } |
1373 |
++ return 0; |
1374 |
+ } |
1375 |
+ |
1376 |
+ /** |
1377 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c |
1378 |
+index 72d23651501d4..2342c5d216f9b 100644 |
1379 |
+--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c |
1380 |
++++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c |
1381 |
+@@ -6769,12 +6769,8 @@ static int gfx_v10_0_kiq_init_register(struct amdgpu_ring *ring) |
1382 |
+ if (ring->use_doorbell) { |
1383 |
+ WREG32_SOC15(GC, 0, mmCP_MEC_DOORBELL_RANGE_LOWER, |
1384 |
+ (adev->doorbell_index.kiq * 2) << 2); |
1385 |
+- /* If GC has entered CGPG, ringing doorbell > first page doesn't |
1386 |
+- * wakeup GC. Enlarge CP_MEC_DOORBELL_RANGE_UPPER to workaround |
1387 |
+- * this issue. |
1388 |
+- */ |
1389 |
+ WREG32_SOC15(GC, 0, mmCP_MEC_DOORBELL_RANGE_UPPER, |
1390 |
+- (adev->doorbell.size - 4)); |
1391 |
++ (adev->doorbell_index.userqueue_end * 2) << 2); |
1392 |
+ } |
1393 |
+ |
1394 |
+ WREG32_SOC15(GC, 0, mmCP_HQD_PQ_DOORBELL_CONTROL, |
1395 |
+diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c |
1396 |
+index 1fdfb7783404e..d2c020a91c0be 100644 |
1397 |
+--- a/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c |
1398 |
++++ b/drivers/gpu/drm/amd/amdgpu/gfx_v9_0.c |
1399 |
+@@ -3623,12 +3623,8 @@ static int gfx_v9_0_kiq_init_register(struct amdgpu_ring *ring) |
1400 |
+ if (ring->use_doorbell) { |
1401 |
+ WREG32_SOC15(GC, 0, mmCP_MEC_DOORBELL_RANGE_LOWER, |
1402 |
+ (adev->doorbell_index.kiq * 2) << 2); |
1403 |
+- /* If GC has entered CGPG, ringing doorbell > first page doesn't |
1404 |
+- * wakeup GC. Enlarge CP_MEC_DOORBELL_RANGE_UPPER to workaround |
1405 |
+- * this issue. |
1406 |
+- */ |
1407 |
+ WREG32_SOC15(GC, 0, mmCP_MEC_DOORBELL_RANGE_UPPER, |
1408 |
+- (adev->doorbell.size - 4)); |
1409 |
++ (adev->doorbell_index.userqueue_end * 2) << 2); |
1410 |
+ } |
1411 |
+ |
1412 |
+ WREG32_SOC15_RLC(GC, 0, mmCP_HQD_PQ_DOORBELL_CONTROL, |
1413 |
+diff --git a/drivers/gpu/drm/kmb/kmb_drv.c b/drivers/gpu/drm/kmb/kmb_drv.c |
1414 |
+index f64e06e1067dd..96ea1a2c11dd6 100644 |
1415 |
+--- a/drivers/gpu/drm/kmb/kmb_drv.c |
1416 |
++++ b/drivers/gpu/drm/kmb/kmb_drv.c |
1417 |
+@@ -137,6 +137,7 @@ static int kmb_hw_init(struct drm_device *drm, unsigned long flags) |
1418 |
+ /* Allocate LCD interrupt resources */ |
1419 |
+ irq_lcd = platform_get_irq(pdev, 0); |
1420 |
+ if (irq_lcd < 0) { |
1421 |
++ ret = irq_lcd; |
1422 |
+ drm_err(&kmb->drm, "irq_lcd not found"); |
1423 |
+ goto setup_fail; |
1424 |
+ } |
1425 |
+diff --git a/drivers/gpu/drm/nouveau/nouveau_prime.c b/drivers/gpu/drm/nouveau/nouveau_prime.c |
1426 |
+index 347488685f745..60019d0532fcf 100644 |
1427 |
+--- a/drivers/gpu/drm/nouveau/nouveau_prime.c |
1428 |
++++ b/drivers/gpu/drm/nouveau/nouveau_prime.c |
1429 |
+@@ -93,7 +93,22 @@ int nouveau_gem_prime_pin(struct drm_gem_object *obj) |
1430 |
+ if (ret) |
1431 |
+ return -EINVAL; |
1432 |
+ |
1433 |
+- return 0; |
1434 |
++ ret = ttm_bo_reserve(&nvbo->bo, false, false, NULL); |
1435 |
++ if (ret) |
1436 |
++ goto error; |
1437 |
++ |
1438 |
++ if (nvbo->bo.moving) |
1439 |
++ ret = dma_fence_wait(nvbo->bo.moving, true); |
1440 |
++ |
1441 |
++ ttm_bo_unreserve(&nvbo->bo); |
1442 |
++ if (ret) |
1443 |
++ goto error; |
1444 |
++ |
1445 |
++ return ret; |
1446 |
++ |
1447 |
++error: |
1448 |
++ nouveau_bo_unpin(nvbo); |
1449 |
++ return ret; |
1450 |
+ } |
1451 |
+ |
1452 |
+ void nouveau_gem_prime_unpin(struct drm_gem_object *obj) |
1453 |
+diff --git a/drivers/gpu/drm/radeon/radeon_prime.c b/drivers/gpu/drm/radeon/radeon_prime.c |
1454 |
+index 42a87948e28c5..4a90807351e72 100644 |
1455 |
+--- a/drivers/gpu/drm/radeon/radeon_prime.c |
1456 |
++++ b/drivers/gpu/drm/radeon/radeon_prime.c |
1457 |
+@@ -77,9 +77,19 @@ int radeon_gem_prime_pin(struct drm_gem_object *obj) |
1458 |
+ |
1459 |
+ /* pin buffer into GTT */ |
1460 |
+ ret = radeon_bo_pin(bo, RADEON_GEM_DOMAIN_GTT, NULL); |
1461 |
+- if (likely(ret == 0)) |
1462 |
+- bo->prime_shared_count++; |
1463 |
+- |
1464 |
++ if (unlikely(ret)) |
1465 |
++ goto error; |
1466 |
++ |
1467 |
++ if (bo->tbo.moving) { |
1468 |
++ ret = dma_fence_wait(bo->tbo.moving, false); |
1469 |
++ if (unlikely(ret)) { |
1470 |
++ radeon_bo_unpin(bo); |
1471 |
++ goto error; |
1472 |
++ } |
1473 |
++ } |
1474 |
++ |
1475 |
++ bo->prime_shared_count++; |
1476 |
++error: |
1477 |
+ radeon_bo_unreserve(bo); |
1478 |
+ return ret; |
1479 |
+ } |
1480 |
+diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4_hdmi.c |
1481 |
+index 1fda574579afc..8106b5634fe10 100644 |
1482 |
+--- a/drivers/gpu/drm/vc4/vc4_hdmi.c |
1483 |
++++ b/drivers/gpu/drm/vc4/vc4_hdmi.c |
1484 |
+@@ -159,6 +159,8 @@ vc4_hdmi_connector_detect(struct drm_connector *connector, bool force) |
1485 |
+ struct vc4_hdmi *vc4_hdmi = connector_to_vc4_hdmi(connector); |
1486 |
+ bool connected = false; |
1487 |
+ |
1488 |
++ WARN_ON(pm_runtime_resume_and_get(&vc4_hdmi->pdev->dev)); |
1489 |
++ |
1490 |
+ if (vc4_hdmi->hpd_gpio) { |
1491 |
+ if (gpio_get_value_cansleep(vc4_hdmi->hpd_gpio) ^ |
1492 |
+ vc4_hdmi->hpd_active_low) |
1493 |
+@@ -180,10 +182,12 @@ vc4_hdmi_connector_detect(struct drm_connector *connector, bool force) |
1494 |
+ } |
1495 |
+ } |
1496 |
+ |
1497 |
++ pm_runtime_put(&vc4_hdmi->pdev->dev); |
1498 |
+ return connector_status_connected; |
1499 |
+ } |
1500 |
+ |
1501 |
+ cec_phys_addr_invalidate(vc4_hdmi->cec_adap); |
1502 |
++ pm_runtime_put(&vc4_hdmi->pdev->dev); |
1503 |
+ return connector_status_disconnected; |
1504 |
+ } |
1505 |
+ |
1506 |
+@@ -473,7 +477,6 @@ static void vc4_hdmi_encoder_post_crtc_powerdown(struct drm_encoder *encoder, |
1507 |
+ HDMI_READ(HDMI_VID_CTL) & ~VC4_HD_VID_CTL_ENABLE); |
1508 |
+ |
1509 |
+ clk_disable_unprepare(vc4_hdmi->pixel_bvb_clock); |
1510 |
+- clk_disable_unprepare(vc4_hdmi->hsm_clock); |
1511 |
+ clk_disable_unprepare(vc4_hdmi->pixel_clock); |
1512 |
+ |
1513 |
+ ret = pm_runtime_put(&vc4_hdmi->pdev->dev); |
1514 |
+@@ -784,13 +787,6 @@ static void vc4_hdmi_encoder_pre_crtc_configure(struct drm_encoder *encoder, |
1515 |
+ return; |
1516 |
+ } |
1517 |
+ |
1518 |
+- ret = clk_prepare_enable(vc4_hdmi->hsm_clock); |
1519 |
+- if (ret) { |
1520 |
+- DRM_ERROR("Failed to turn on HSM clock: %d\n", ret); |
1521 |
+- clk_disable_unprepare(vc4_hdmi->pixel_clock); |
1522 |
+- return; |
1523 |
+- } |
1524 |
+- |
1525 |
+ vc4_hdmi_cec_update_clk_div(vc4_hdmi); |
1526 |
+ |
1527 |
+ /* |
1528 |
+@@ -801,7 +797,6 @@ static void vc4_hdmi_encoder_pre_crtc_configure(struct drm_encoder *encoder, |
1529 |
+ (hsm_rate > VC4_HSM_MID_CLOCK ? 150000000 : 75000000)); |
1530 |
+ if (ret) { |
1531 |
+ DRM_ERROR("Failed to set pixel bvb clock rate: %d\n", ret); |
1532 |
+- clk_disable_unprepare(vc4_hdmi->hsm_clock); |
1533 |
+ clk_disable_unprepare(vc4_hdmi->pixel_clock); |
1534 |
+ return; |
1535 |
+ } |
1536 |
+@@ -809,7 +804,6 @@ static void vc4_hdmi_encoder_pre_crtc_configure(struct drm_encoder *encoder, |
1537 |
+ ret = clk_prepare_enable(vc4_hdmi->pixel_bvb_clock); |
1538 |
+ if (ret) { |
1539 |
+ DRM_ERROR("Failed to turn on pixel bvb clock: %d\n", ret); |
1540 |
+- clk_disable_unprepare(vc4_hdmi->hsm_clock); |
1541 |
+ clk_disable_unprepare(vc4_hdmi->pixel_clock); |
1542 |
+ return; |
1543 |
+ } |
1544 |
+@@ -1929,6 +1923,29 @@ static int vc5_hdmi_init_resources(struct vc4_hdmi *vc4_hdmi) |
1545 |
+ return 0; |
1546 |
+ } |
1547 |
+ |
1548 |
++#ifdef CONFIG_PM |
1549 |
++static int vc4_hdmi_runtime_suspend(struct device *dev) |
1550 |
++{ |
1551 |
++ struct vc4_hdmi *vc4_hdmi = dev_get_drvdata(dev); |
1552 |
++ |
1553 |
++ clk_disable_unprepare(vc4_hdmi->hsm_clock); |
1554 |
++ |
1555 |
++ return 0; |
1556 |
++} |
1557 |
++ |
1558 |
++static int vc4_hdmi_runtime_resume(struct device *dev) |
1559 |
++{ |
1560 |
++ struct vc4_hdmi *vc4_hdmi = dev_get_drvdata(dev); |
1561 |
++ int ret; |
1562 |
++ |
1563 |
++ ret = clk_prepare_enable(vc4_hdmi->hsm_clock); |
1564 |
++ if (ret) |
1565 |
++ return ret; |
1566 |
++ |
1567 |
++ return 0; |
1568 |
++} |
1569 |
++#endif |
1570 |
++ |
1571 |
+ static int vc4_hdmi_bind(struct device *dev, struct device *master, void *data) |
1572 |
+ { |
1573 |
+ const struct vc4_hdmi_variant *variant = of_device_get_match_data(dev); |
1574 |
+@@ -2165,11 +2182,18 @@ static const struct of_device_id vc4_hdmi_dt_match[] = { |
1575 |
+ {} |
1576 |
+ }; |
1577 |
+ |
1578 |
++static const struct dev_pm_ops vc4_hdmi_pm_ops = { |
1579 |
++ SET_RUNTIME_PM_OPS(vc4_hdmi_runtime_suspend, |
1580 |
++ vc4_hdmi_runtime_resume, |
1581 |
++ NULL) |
1582 |
++}; |
1583 |
++ |
1584 |
+ struct platform_driver vc4_hdmi_driver = { |
1585 |
+ .probe = vc4_hdmi_dev_probe, |
1586 |
+ .remove = vc4_hdmi_dev_remove, |
1587 |
+ .driver = { |
1588 |
+ .name = "vc4_hdmi", |
1589 |
+ .of_match_table = vc4_hdmi_dt_match, |
1590 |
++ .pm = &vc4_hdmi_pm_ops, |
1591 |
+ }, |
1592 |
+ }; |
1593 |
+diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c |
1594 |
+index f9e1c2ceaac05..04a1e38f2a6f0 100644 |
1595 |
+--- a/drivers/i2c/busses/i2c-i801.c |
1596 |
++++ b/drivers/i2c/busses/i2c-i801.c |
1597 |
+@@ -978,6 +978,9 @@ static s32 i801_access(struct i2c_adapter *adap, u16 addr, |
1598 |
+ } |
1599 |
+ |
1600 |
+ out: |
1601 |
++ /* Unlock the SMBus device for use by BIOS/ACPI */ |
1602 |
++ outb_p(SMBHSTSTS_INUSE_STS, SMBHSTSTS(priv)); |
1603 |
++ |
1604 |
+ pm_runtime_mark_last_busy(&priv->pci_dev->dev); |
1605 |
+ pm_runtime_put_autosuspend(&priv->pci_dev->dev); |
1606 |
+ mutex_unlock(&priv->acpi_lock); |
1607 |
+diff --git a/drivers/i2c/busses/i2c-robotfuzz-osif.c b/drivers/i2c/busses/i2c-robotfuzz-osif.c |
1608 |
+index a39f7d0927973..66dfa211e736b 100644 |
1609 |
+--- a/drivers/i2c/busses/i2c-robotfuzz-osif.c |
1610 |
++++ b/drivers/i2c/busses/i2c-robotfuzz-osif.c |
1611 |
+@@ -83,7 +83,7 @@ static int osif_xfer(struct i2c_adapter *adapter, struct i2c_msg *msgs, |
1612 |
+ } |
1613 |
+ } |
1614 |
+ |
1615 |
+- ret = osif_usb_read(adapter, OSIFI2C_STOP, 0, 0, NULL, 0); |
1616 |
++ ret = osif_usb_write(adapter, OSIFI2C_STOP, 0, 0, NULL, 0); |
1617 |
+ if (ret) { |
1618 |
+ dev_err(&adapter->dev, "failure sending STOP\n"); |
1619 |
+ return -EREMOTEIO; |
1620 |
+@@ -153,7 +153,7 @@ static int osif_probe(struct usb_interface *interface, |
1621 |
+ * Set bus frequency. The frequency is: |
1622 |
+ * 120,000,000 / ( 16 + 2 * div * 4^prescale). |
1623 |
+ * Using dev = 52, prescale = 0 give 100KHz */ |
1624 |
+- ret = osif_usb_read(&priv->adapter, OSIFI2C_SET_BIT_RATE, 52, 0, |
1625 |
++ ret = osif_usb_write(&priv->adapter, OSIFI2C_SET_BIT_RATE, 52, 0, |
1626 |
+ NULL, 0); |
1627 |
+ if (ret) { |
1628 |
+ dev_err(&interface->dev, "failure sending bit rate"); |
1629 |
+diff --git a/drivers/mmc/host/meson-gx-mmc.c b/drivers/mmc/host/meson-gx-mmc.c |
1630 |
+index 016a6106151a5..3f28eb4d17fe7 100644 |
1631 |
+--- a/drivers/mmc/host/meson-gx-mmc.c |
1632 |
++++ b/drivers/mmc/host/meson-gx-mmc.c |
1633 |
+@@ -165,6 +165,7 @@ struct meson_host { |
1634 |
+ |
1635 |
+ unsigned int bounce_buf_size; |
1636 |
+ void *bounce_buf; |
1637 |
++ void __iomem *bounce_iomem_buf; |
1638 |
+ dma_addr_t bounce_dma_addr; |
1639 |
+ struct sd_emmc_desc *descs; |
1640 |
+ dma_addr_t descs_dma_addr; |
1641 |
+@@ -745,6 +746,47 @@ static void meson_mmc_desc_chain_transfer(struct mmc_host *mmc, u32 cmd_cfg) |
1642 |
+ writel(start, host->regs + SD_EMMC_START); |
1643 |
+ } |
1644 |
+ |
1645 |
++/* local sg copy to buffer version with _to/fromio usage for dram_access_quirk */ |
1646 |
++static void meson_mmc_copy_buffer(struct meson_host *host, struct mmc_data *data, |
1647 |
++ size_t buflen, bool to_buffer) |
1648 |
++{ |
1649 |
++ unsigned int sg_flags = SG_MITER_ATOMIC; |
1650 |
++ struct scatterlist *sgl = data->sg; |
1651 |
++ unsigned int nents = data->sg_len; |
1652 |
++ struct sg_mapping_iter miter; |
1653 |
++ unsigned int offset = 0; |
1654 |
++ |
1655 |
++ if (to_buffer) |
1656 |
++ sg_flags |= SG_MITER_FROM_SG; |
1657 |
++ else |
1658 |
++ sg_flags |= SG_MITER_TO_SG; |
1659 |
++ |
1660 |
++ sg_miter_start(&miter, sgl, nents, sg_flags); |
1661 |
++ |
1662 |
++ while ((offset < buflen) && sg_miter_next(&miter)) { |
1663 |
++ unsigned int len; |
1664 |
++ |
1665 |
++ len = min(miter.length, buflen - offset); |
1666 |
++ |
1667 |
++ /* When dram_access_quirk, the bounce buffer is a iomem mapping */ |
1668 |
++ if (host->dram_access_quirk) { |
1669 |
++ if (to_buffer) |
1670 |
++ memcpy_toio(host->bounce_iomem_buf + offset, miter.addr, len); |
1671 |
++ else |
1672 |
++ memcpy_fromio(miter.addr, host->bounce_iomem_buf + offset, len); |
1673 |
++ } else { |
1674 |
++ if (to_buffer) |
1675 |
++ memcpy(host->bounce_buf + offset, miter.addr, len); |
1676 |
++ else |
1677 |
++ memcpy(miter.addr, host->bounce_buf + offset, len); |
1678 |
++ } |
1679 |
++ |
1680 |
++ offset += len; |
1681 |
++ } |
1682 |
++ |
1683 |
++ sg_miter_stop(&miter); |
1684 |
++} |
1685 |
++ |
1686 |
+ static void meson_mmc_start_cmd(struct mmc_host *mmc, struct mmc_command *cmd) |
1687 |
+ { |
1688 |
+ struct meson_host *host = mmc_priv(mmc); |
1689 |
+@@ -788,8 +830,7 @@ static void meson_mmc_start_cmd(struct mmc_host *mmc, struct mmc_command *cmd) |
1690 |
+ if (data->flags & MMC_DATA_WRITE) { |
1691 |
+ cmd_cfg |= CMD_CFG_DATA_WR; |
1692 |
+ WARN_ON(xfer_bytes > host->bounce_buf_size); |
1693 |
+- sg_copy_to_buffer(data->sg, data->sg_len, |
1694 |
+- host->bounce_buf, xfer_bytes); |
1695 |
++ meson_mmc_copy_buffer(host, data, xfer_bytes, true); |
1696 |
+ dma_wmb(); |
1697 |
+ } |
1698 |
+ |
1699 |
+@@ -958,8 +999,7 @@ static irqreturn_t meson_mmc_irq_thread(int irq, void *dev_id) |
1700 |
+ if (meson_mmc_bounce_buf_read(data)) { |
1701 |
+ xfer_bytes = data->blksz * data->blocks; |
1702 |
+ WARN_ON(xfer_bytes > host->bounce_buf_size); |
1703 |
+- sg_copy_from_buffer(data->sg, data->sg_len, |
1704 |
+- host->bounce_buf, xfer_bytes); |
1705 |
++ meson_mmc_copy_buffer(host, data, xfer_bytes, false); |
1706 |
+ } |
1707 |
+ |
1708 |
+ next_cmd = meson_mmc_get_next_command(cmd); |
1709 |
+@@ -1179,7 +1219,7 @@ static int meson_mmc_probe(struct platform_device *pdev) |
1710 |
+ * instead of the DDR memory |
1711 |
+ */ |
1712 |
+ host->bounce_buf_size = SD_EMMC_SRAM_DATA_BUF_LEN; |
1713 |
+- host->bounce_buf = host->regs + SD_EMMC_SRAM_DATA_BUF_OFF; |
1714 |
++ host->bounce_iomem_buf = host->regs + SD_EMMC_SRAM_DATA_BUF_OFF; |
1715 |
+ host->bounce_dma_addr = res->start + SD_EMMC_SRAM_DATA_BUF_OFF; |
1716 |
+ } else { |
1717 |
+ /* data bounce buffer */ |
1718 |
+diff --git a/drivers/net/caif/caif_serial.c b/drivers/net/caif/caif_serial.c |
1719 |
+index 9f30748da4ab9..8c38f224becbc 100644 |
1720 |
+--- a/drivers/net/caif/caif_serial.c |
1721 |
++++ b/drivers/net/caif/caif_serial.c |
1722 |
+@@ -350,6 +350,7 @@ static int ldisc_open(struct tty_struct *tty) |
1723 |
+ rtnl_lock(); |
1724 |
+ result = register_netdevice(dev); |
1725 |
+ if (result) { |
1726 |
++ tty_kref_put(tty); |
1727 |
+ rtnl_unlock(); |
1728 |
+ free_netdev(dev); |
1729 |
+ return -ENODEV; |
1730 |
+diff --git a/drivers/net/ethernet/qlogic/qed/qed_dcbx.c b/drivers/net/ethernet/qlogic/qed/qed_dcbx.c |
1731 |
+index 17d5b649eb36b..e81dd34a3cac2 100644 |
1732 |
+--- a/drivers/net/ethernet/qlogic/qed/qed_dcbx.c |
1733 |
++++ b/drivers/net/ethernet/qlogic/qed/qed_dcbx.c |
1734 |
+@@ -1266,9 +1266,11 @@ int qed_dcbx_get_config_params(struct qed_hwfn *p_hwfn, |
1735 |
+ p_hwfn->p_dcbx_info->set.ver_num |= DCBX_CONFIG_VERSION_STATIC; |
1736 |
+ |
1737 |
+ p_hwfn->p_dcbx_info->set.enabled = dcbx_info->operational.enabled; |
1738 |
++ BUILD_BUG_ON(sizeof(dcbx_info->operational.params) != |
1739 |
++ sizeof(p_hwfn->p_dcbx_info->set.config.params)); |
1740 |
+ memcpy(&p_hwfn->p_dcbx_info->set.config.params, |
1741 |
+ &dcbx_info->operational.params, |
1742 |
+- sizeof(struct qed_dcbx_admin_params)); |
1743 |
++ sizeof(p_hwfn->p_dcbx_info->set.config.params)); |
1744 |
+ p_hwfn->p_dcbx_info->set.config.valid = true; |
1745 |
+ |
1746 |
+ memcpy(params, &p_hwfn->p_dcbx_info->set, sizeof(struct qed_dcbx_set)); |
1747 |
+diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c |
1748 |
+index 1df2c002c9f64..f7a56e05ec8a4 100644 |
1749 |
+--- a/drivers/net/ethernet/realtek/r8169_main.c |
1750 |
++++ b/drivers/net/ethernet/realtek/r8169_main.c |
1751 |
+@@ -1673,7 +1673,7 @@ static void rtl8169_get_strings(struct net_device *dev, u32 stringset, u8 *data) |
1752 |
+ { |
1753 |
+ switch(stringset) { |
1754 |
+ case ETH_SS_STATS: |
1755 |
+- memcpy(data, *rtl8169_gstrings, sizeof(rtl8169_gstrings)); |
1756 |
++ memcpy(data, rtl8169_gstrings, sizeof(rtl8169_gstrings)); |
1757 |
+ break; |
1758 |
+ } |
1759 |
+ } |
1760 |
+diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c |
1761 |
+index f029c7c03804f..393cf99856ed3 100644 |
1762 |
+--- a/drivers/net/ethernet/renesas/sh_eth.c |
1763 |
++++ b/drivers/net/ethernet/renesas/sh_eth.c |
1764 |
+@@ -2287,7 +2287,7 @@ static void sh_eth_get_strings(struct net_device *ndev, u32 stringset, u8 *data) |
1765 |
+ { |
1766 |
+ switch (stringset) { |
1767 |
+ case ETH_SS_STATS: |
1768 |
+- memcpy(data, *sh_eth_gstrings_stats, |
1769 |
++ memcpy(data, sh_eth_gstrings_stats, |
1770 |
+ sizeof(sh_eth_gstrings_stats)); |
1771 |
+ break; |
1772 |
+ } |
1773 |
+diff --git a/drivers/net/ethernet/xilinx/ll_temac_main.c b/drivers/net/ethernet/xilinx/ll_temac_main.c |
1774 |
+index 01bb36e7cff0a..6bd3a389d389c 100644 |
1775 |
+--- a/drivers/net/ethernet/xilinx/ll_temac_main.c |
1776 |
++++ b/drivers/net/ethernet/xilinx/ll_temac_main.c |
1777 |
+@@ -774,12 +774,15 @@ static void temac_start_xmit_done(struct net_device *ndev) |
1778 |
+ stat = be32_to_cpu(cur_p->app0); |
1779 |
+ |
1780 |
+ while (stat & STS_CTRL_APP0_CMPLT) { |
1781 |
++ /* Make sure that the other fields are read after bd is |
1782 |
++ * released by dma |
1783 |
++ */ |
1784 |
++ rmb(); |
1785 |
+ dma_unmap_single(ndev->dev.parent, be32_to_cpu(cur_p->phys), |
1786 |
+ be32_to_cpu(cur_p->len), DMA_TO_DEVICE); |
1787 |
+ skb = (struct sk_buff *)ptr_from_txbd(cur_p); |
1788 |
+ if (skb) |
1789 |
+ dev_consume_skb_irq(skb); |
1790 |
+- cur_p->app0 = 0; |
1791 |
+ cur_p->app1 = 0; |
1792 |
+ cur_p->app2 = 0; |
1793 |
+ cur_p->app3 = 0; |
1794 |
+@@ -788,6 +791,12 @@ static void temac_start_xmit_done(struct net_device *ndev) |
1795 |
+ ndev->stats.tx_packets++; |
1796 |
+ ndev->stats.tx_bytes += be32_to_cpu(cur_p->len); |
1797 |
+ |
1798 |
++ /* app0 must be visible last, as it is used to flag |
1799 |
++ * availability of the bd |
1800 |
++ */ |
1801 |
++ smp_mb(); |
1802 |
++ cur_p->app0 = 0; |
1803 |
++ |
1804 |
+ lp->tx_bd_ci++; |
1805 |
+ if (lp->tx_bd_ci >= lp->tx_bd_num) |
1806 |
+ lp->tx_bd_ci = 0; |
1807 |
+@@ -814,6 +823,9 @@ static inline int temac_check_tx_bd_space(struct temac_local *lp, int num_frag) |
1808 |
+ if (cur_p->app0) |
1809 |
+ return NETDEV_TX_BUSY; |
1810 |
+ |
1811 |
++ /* Make sure to read next bd app0 after this one */ |
1812 |
++ rmb(); |
1813 |
++ |
1814 |
+ tail++; |
1815 |
+ if (tail >= lp->tx_bd_num) |
1816 |
+ tail = 0; |
1817 |
+@@ -930,6 +942,11 @@ temac_start_xmit(struct sk_buff *skb, struct net_device *ndev) |
1818 |
+ wmb(); |
1819 |
+ lp->dma_out(lp, TX_TAILDESC_PTR, tail_p); /* DMA start */ |
1820 |
+ |
1821 |
++ if (temac_check_tx_bd_space(lp, MAX_SKB_FRAGS + 1)) { |
1822 |
++ netdev_info(ndev, "%s -> netif_stop_queue\n", __func__); |
1823 |
++ netif_stop_queue(ndev); |
1824 |
++ } |
1825 |
++ |
1826 |
+ return NETDEV_TX_OK; |
1827 |
+ } |
1828 |
+ |
1829 |
+diff --git a/drivers/net/phy/dp83867.c b/drivers/net/phy/dp83867.c |
1830 |
+index 9bd9a5c0b1db3..6bbc81ad295fb 100644 |
1831 |
+--- a/drivers/net/phy/dp83867.c |
1832 |
++++ b/drivers/net/phy/dp83867.c |
1833 |
+@@ -826,16 +826,12 @@ static int dp83867_phy_reset(struct phy_device *phydev) |
1834 |
+ { |
1835 |
+ int err; |
1836 |
+ |
1837 |
+- err = phy_write(phydev, DP83867_CTRL, DP83867_SW_RESET); |
1838 |
++ err = phy_write(phydev, DP83867_CTRL, DP83867_SW_RESTART); |
1839 |
+ if (err < 0) |
1840 |
+ return err; |
1841 |
+ |
1842 |
+ usleep_range(10, 20); |
1843 |
+ |
1844 |
+- /* After reset FORCE_LINK_GOOD bit is set. Although the |
1845 |
+- * default value should be unset. Disable FORCE_LINK_GOOD |
1846 |
+- * for the phy to work properly. |
1847 |
+- */ |
1848 |
+ return phy_modify(phydev, MII_DP83867_PHYCTRL, |
1849 |
+ DP83867_PHYCR_FORCE_LINK_GOOD, 0); |
1850 |
+ } |
1851 |
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
1852 |
+index 6700f1970b240..bc55ec739af90 100644 |
1853 |
+--- a/drivers/net/usb/qmi_wwan.c |
1854 |
++++ b/drivers/net/usb/qmi_wwan.c |
1855 |
+@@ -575,7 +575,7 @@ static int qmi_wwan_rx_fixup(struct usbnet *dev, struct sk_buff *skb) |
1856 |
+ |
1857 |
+ if (info->flags & QMI_WWAN_FLAG_PASS_THROUGH) { |
1858 |
+ skb->protocol = htons(ETH_P_MAP); |
1859 |
+- return (netif_rx(skb) == NET_RX_SUCCESS); |
1860 |
++ return 1; |
1861 |
+ } |
1862 |
+ |
1863 |
+ switch (skb->data[0] & 0xf0) { |
1864 |
+diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c |
1865 |
+index 20fb5638ac653..23fae943a1192 100644 |
1866 |
+--- a/drivers/net/usb/r8152.c |
1867 |
++++ b/drivers/net/usb/r8152.c |
1868 |
+@@ -6078,7 +6078,7 @@ static void rtl8152_get_strings(struct net_device *dev, u32 stringset, u8 *data) |
1869 |
+ { |
1870 |
+ switch (stringset) { |
1871 |
+ case ETH_SS_STATS: |
1872 |
+- memcpy(data, *rtl8152_gstrings, sizeof(rtl8152_gstrings)); |
1873 |
++ memcpy(data, rtl8152_gstrings, sizeof(rtl8152_gstrings)); |
1874 |
+ break; |
1875 |
+ } |
1876 |
+ } |
1877 |
+diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c |
1878 |
+index fa7d4c20dc13a..30b39cb4056a3 100644 |
1879 |
+--- a/drivers/net/wireless/mac80211_hwsim.c |
1880 |
++++ b/drivers/net/wireless/mac80211_hwsim.c |
1881 |
+@@ -1693,8 +1693,13 @@ static int mac80211_hwsim_start(struct ieee80211_hw *hw) |
1882 |
+ static void mac80211_hwsim_stop(struct ieee80211_hw *hw) |
1883 |
+ { |
1884 |
+ struct mac80211_hwsim_data *data = hw->priv; |
1885 |
++ |
1886 |
+ data->started = false; |
1887 |
+ hrtimer_cancel(&data->beacon_timer); |
1888 |
++ |
1889 |
++ while (!skb_queue_empty(&data->pending)) |
1890 |
++ ieee80211_free_txskb(hw, skb_dequeue(&data->pending)); |
1891 |
++ |
1892 |
+ wiphy_dbg(hw->wiphy, "%s\n", __func__); |
1893 |
+ } |
1894 |
+ |
1895 |
+diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c |
1896 |
+index e4d4e399004b4..16a17215f633d 100644 |
1897 |
+--- a/drivers/pci/pci.c |
1898 |
++++ b/drivers/pci/pci.c |
1899 |
+@@ -1870,11 +1870,21 @@ static int pci_enable_device_flags(struct pci_dev *dev, unsigned long flags) |
1900 |
+ int err; |
1901 |
+ int i, bars = 0; |
1902 |
+ |
1903 |
+- if (atomic_inc_return(&dev->enable_cnt) > 1) { |
1904 |
+- pci_update_current_state(dev, dev->current_state); |
1905 |
+- return 0; /* already enabled */ |
1906 |
++ /* |
1907 |
++ * Power state could be unknown at this point, either due to a fresh |
1908 |
++ * boot or a device removal call. So get the current power state |
1909 |
++ * so that things like MSI message writing will behave as expected |
1910 |
++ * (e.g. if the device really is in D0 at enable time). |
1911 |
++ */ |
1912 |
++ if (dev->pm_cap) { |
1913 |
++ u16 pmcsr; |
1914 |
++ pci_read_config_word(dev, dev->pm_cap + PCI_PM_CTRL, &pmcsr); |
1915 |
++ dev->current_state = (pmcsr & PCI_PM_CTRL_STATE_MASK); |
1916 |
+ } |
1917 |
+ |
1918 |
++ if (atomic_inc_return(&dev->enable_cnt) > 1) |
1919 |
++ return 0; /* already enabled */ |
1920 |
++ |
1921 |
+ bridge = pci_upstream_bridge(dev); |
1922 |
+ if (bridge) |
1923 |
+ pci_enable_bridge(bridge); |
1924 |
+diff --git a/drivers/pinctrl/pinctrl-microchip-sgpio.c b/drivers/pinctrl/pinctrl-microchip-sgpio.c |
1925 |
+index c12fa57ebd12c..165cb7a597155 100644 |
1926 |
+--- a/drivers/pinctrl/pinctrl-microchip-sgpio.c |
1927 |
++++ b/drivers/pinctrl/pinctrl-microchip-sgpio.c |
1928 |
+@@ -845,8 +845,10 @@ static int microchip_sgpio_probe(struct platform_device *pdev) |
1929 |
+ i = 0; |
1930 |
+ device_for_each_child_node(dev, fwnode) { |
1931 |
+ ret = microchip_sgpio_register_bank(dev, priv, fwnode, i++); |
1932 |
+- if (ret) |
1933 |
++ if (ret) { |
1934 |
++ fwnode_handle_put(fwnode); |
1935 |
+ return ret; |
1936 |
++ } |
1937 |
+ } |
1938 |
+ |
1939 |
+ if (priv->in.gpio.ngpio != priv->out.gpio.ngpio) { |
1940 |
+diff --git a/drivers/pinctrl/stm32/pinctrl-stm32.c b/drivers/pinctrl/stm32/pinctrl-stm32.c |
1941 |
+index 7d9bdedcd71bb..3af4430543dca 100644 |
1942 |
+--- a/drivers/pinctrl/stm32/pinctrl-stm32.c |
1943 |
++++ b/drivers/pinctrl/stm32/pinctrl-stm32.c |
1944 |
+@@ -1229,7 +1229,7 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, |
1945 |
+ struct device *dev = pctl->dev; |
1946 |
+ struct resource res; |
1947 |
+ int npins = STM32_GPIO_PINS_PER_BANK; |
1948 |
+- int bank_nr, err; |
1949 |
++ int bank_nr, err, i = 0; |
1950 |
+ |
1951 |
+ if (!IS_ERR(bank->rstc)) |
1952 |
+ reset_control_deassert(bank->rstc); |
1953 |
+@@ -1251,9 +1251,14 @@ static int stm32_gpiolib_register_bank(struct stm32_pinctrl *pctl, |
1954 |
+ |
1955 |
+ of_property_read_string(np, "st,bank-name", &bank->gpio_chip.label); |
1956 |
+ |
1957 |
+- if (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, 0, &args)) { |
1958 |
++ if (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, i, &args)) { |
1959 |
+ bank_nr = args.args[1] / STM32_GPIO_PINS_PER_BANK; |
1960 |
+ bank->gpio_chip.base = args.args[1]; |
1961 |
++ |
1962 |
++ npins = args.args[2]; |
1963 |
++ while (!of_parse_phandle_with_fixed_args(np, "gpio-ranges", 3, |
1964 |
++ ++i, &args)) |
1965 |
++ npins += args.args[2]; |
1966 |
+ } else { |
1967 |
+ bank_nr = pctl->nbanks; |
1968 |
+ bank->gpio_chip.base = bank_nr * STM32_GPIO_PINS_PER_BANK; |
1969 |
+diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c |
1970 |
+index ed0b1bb99f083..a0356f3707b86 100644 |
1971 |
+--- a/drivers/scsi/sd.c |
1972 |
++++ b/drivers/scsi/sd.c |
1973 |
+@@ -1387,6 +1387,22 @@ static void sd_uninit_command(struct scsi_cmnd *SCpnt) |
1974 |
+ } |
1975 |
+ } |
1976 |
+ |
1977 |
++static bool sd_need_revalidate(struct block_device *bdev, |
1978 |
++ struct scsi_disk *sdkp) |
1979 |
++{ |
1980 |
++ if (sdkp->device->removable || sdkp->write_prot) { |
1981 |
++ if (bdev_check_media_change(bdev)) |
1982 |
++ return true; |
1983 |
++ } |
1984 |
++ |
1985 |
++ /* |
1986 |
++ * Force a full rescan after ioctl(BLKRRPART). While the disk state has |
1987 |
++ * nothing to do with partitions, BLKRRPART is used to force a full |
1988 |
++ * revalidate after things like a format for historical reasons. |
1989 |
++ */ |
1990 |
++ return test_bit(GD_NEED_PART_SCAN, &bdev->bd_disk->state); |
1991 |
++} |
1992 |
++ |
1993 |
+ /** |
1994 |
+ * sd_open - open a scsi disk device |
1995 |
+ * @bdev: Block device of the scsi disk to open |
1996 |
+@@ -1423,10 +1439,8 @@ static int sd_open(struct block_device *bdev, fmode_t mode) |
1997 |
+ if (!scsi_block_when_processing_errors(sdev)) |
1998 |
+ goto error_out; |
1999 |
+ |
2000 |
+- if (sdev->removable || sdkp->write_prot) { |
2001 |
+- if (bdev_check_media_change(bdev)) |
2002 |
+- sd_revalidate_disk(bdev->bd_disk); |
2003 |
+- } |
2004 |
++ if (sd_need_revalidate(bdev, sdkp)) |
2005 |
++ sd_revalidate_disk(bdev->bd_disk); |
2006 |
+ |
2007 |
+ /* |
2008 |
+ * If the drive is empty, just let the open fail. |
2009 |
+diff --git a/drivers/spi/spi-nxp-fspi.c b/drivers/spi/spi-nxp-fspi.c |
2010 |
+index ab9035662717a..bcc0b5a3a459c 100644 |
2011 |
+--- a/drivers/spi/spi-nxp-fspi.c |
2012 |
++++ b/drivers/spi/spi-nxp-fspi.c |
2013 |
+@@ -1033,12 +1033,6 @@ static int nxp_fspi_probe(struct platform_device *pdev) |
2014 |
+ goto err_put_ctrl; |
2015 |
+ } |
2016 |
+ |
2017 |
+- /* Clear potential interrupts */ |
2018 |
+- reg = fspi_readl(f, f->iobase + FSPI_INTR); |
2019 |
+- if (reg) |
2020 |
+- fspi_writel(f, reg, f->iobase + FSPI_INTR); |
2021 |
+- |
2022 |
+- |
2023 |
+ /* find the resources - controller memory mapped space */ |
2024 |
+ if (is_acpi_node(f->dev->fwnode)) |
2025 |
+ res = platform_get_resource(pdev, IORESOURCE_MEM, 1); |
2026 |
+@@ -1076,6 +1070,11 @@ static int nxp_fspi_probe(struct platform_device *pdev) |
2027 |
+ } |
2028 |
+ } |
2029 |
+ |
2030 |
++ /* Clear potential interrupts */ |
2031 |
++ reg = fspi_readl(f, f->iobase + FSPI_INTR); |
2032 |
++ if (reg) |
2033 |
++ fspi_writel(f, reg, f->iobase + FSPI_INTR); |
2034 |
++ |
2035 |
+ /* find the irq */ |
2036 |
+ ret = platform_get_irq(pdev, 0); |
2037 |
+ if (ret < 0) |
2038 |
+diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c |
2039 |
+index 7bbfd58958bcc..d7e361fb05482 100644 |
2040 |
+--- a/drivers/xen/events/events_base.c |
2041 |
++++ b/drivers/xen/events/events_base.c |
2042 |
+@@ -642,6 +642,9 @@ static void xen_irq_lateeoi_locked(struct irq_info *info, bool spurious) |
2043 |
+ } |
2044 |
+ |
2045 |
+ info->eoi_time = 0; |
2046 |
++ |
2047 |
++ /* is_active hasn't been reset yet, do it now. */ |
2048 |
++ smp_store_release(&info->is_active, 0); |
2049 |
+ do_unmask(info, EVT_MASK_REASON_EOI_PENDING); |
2050 |
+ } |
2051 |
+ |
2052 |
+@@ -811,6 +814,7 @@ static void xen_evtchn_close(evtchn_port_t port) |
2053 |
+ BUG(); |
2054 |
+ } |
2055 |
+ |
2056 |
++/* Not called for lateeoi events. */ |
2057 |
+ static void event_handler_exit(struct irq_info *info) |
2058 |
+ { |
2059 |
+ smp_store_release(&info->is_active, 0); |
2060 |
+@@ -1883,7 +1887,12 @@ static void lateeoi_ack_dynirq(struct irq_data *data) |
2061 |
+ |
2062 |
+ if (VALID_EVTCHN(evtchn)) { |
2063 |
+ do_mask(info, EVT_MASK_REASON_EOI_PENDING); |
2064 |
+- event_handler_exit(info); |
2065 |
++ /* |
2066 |
++ * Don't call event_handler_exit(). |
2067 |
++ * Need to keep is_active non-zero in order to ignore re-raised |
2068 |
++ * events after cpu affinity changes while a lateeoi is pending. |
2069 |
++ */ |
2070 |
++ clear_evtchn(evtchn); |
2071 |
+ } |
2072 |
+ } |
2073 |
+ |
2074 |
+diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c |
2075 |
+index 26e66436f0058..c000fe338f7e0 100644 |
2076 |
+--- a/fs/ceph/addr.c |
2077 |
++++ b/fs/ceph/addr.c |
2078 |
+@@ -1302,6 +1302,45 @@ ceph_find_incompatible(struct page *page) |
2079 |
+ return NULL; |
2080 |
+ } |
2081 |
+ |
2082 |
++/** |
2083 |
++ * prep_noread_page - prep a page for writing without reading first |
2084 |
++ * @page: page being prepared |
2085 |
++ * @pos: starting position for the write |
2086 |
++ * @len: length of write |
2087 |
++ * |
2088 |
++ * In some cases, write_begin doesn't need to read at all: |
2089 |
++ * - full page write |
2090 |
++ * - file is currently zero-length |
2091 |
++ * - write that lies in a page that is completely beyond EOF |
2092 |
++ * - write that covers the the page from start to EOF or beyond it |
2093 |
++ * |
2094 |
++ * If any of these criteria are met, then zero out the unwritten parts |
2095 |
++ * of the page and return true. Otherwise, return false. |
2096 |
++ */ |
2097 |
++static bool skip_page_read(struct page *page, loff_t pos, size_t len) |
2098 |
++{ |
2099 |
++ struct inode *inode = page->mapping->host; |
2100 |
++ loff_t i_size = i_size_read(inode); |
2101 |
++ size_t offset = offset_in_page(pos); |
2102 |
++ |
2103 |
++ /* Full page write */ |
2104 |
++ if (offset == 0 && len >= PAGE_SIZE) |
2105 |
++ return true; |
2106 |
++ |
2107 |
++ /* pos beyond last page in the file */ |
2108 |
++ if (pos - offset >= i_size) |
2109 |
++ goto zero_out; |
2110 |
++ |
2111 |
++ /* write that covers the whole page from start to EOF or beyond it */ |
2112 |
++ if (offset == 0 && (pos + len) >= i_size) |
2113 |
++ goto zero_out; |
2114 |
++ |
2115 |
++ return false; |
2116 |
++zero_out: |
2117 |
++ zero_user_segments(page, 0, offset, offset + len, PAGE_SIZE); |
2118 |
++ return true; |
2119 |
++} |
2120 |
++ |
2121 |
+ /* |
2122 |
+ * We are only allowed to write into/dirty the page if the page is |
2123 |
+ * clean, or already dirty within the same snap context. |
2124 |
+@@ -1315,7 +1354,6 @@ static int ceph_write_begin(struct file *file, struct address_space *mapping, |
2125 |
+ struct ceph_snap_context *snapc; |
2126 |
+ struct page *page = NULL; |
2127 |
+ pgoff_t index = pos >> PAGE_SHIFT; |
2128 |
+- int pos_in_page = pos & ~PAGE_MASK; |
2129 |
+ int r = 0; |
2130 |
+ |
2131 |
+ dout("write_begin file %p inode %p page %p %d~%d\n", file, inode, page, (int)pos, (int)len); |
2132 |
+@@ -1350,19 +1388,9 @@ static int ceph_write_begin(struct file *file, struct address_space *mapping, |
2133 |
+ break; |
2134 |
+ } |
2135 |
+ |
2136 |
+- /* |
2137 |
+- * In some cases we don't need to read at all: |
2138 |
+- * - full page write |
2139 |
+- * - write that lies completely beyond EOF |
2140 |
+- * - write that covers the the page from start to EOF or beyond it |
2141 |
+- */ |
2142 |
+- if ((pos_in_page == 0 && len == PAGE_SIZE) || |
2143 |
+- (pos >= i_size_read(inode)) || |
2144 |
+- (pos_in_page == 0 && (pos + len) >= i_size_read(inode))) { |
2145 |
+- zero_user_segments(page, 0, pos_in_page, |
2146 |
+- pos_in_page + len, PAGE_SIZE); |
2147 |
++ /* No need to read in some cases */ |
2148 |
++ if (skip_page_read(page, pos, len)) |
2149 |
+ break; |
2150 |
+- } |
2151 |
+ |
2152 |
+ /* |
2153 |
+ * We need to read it. If we get back -EINPROGRESS, then the page was |
2154 |
+diff --git a/fs/ceph/file.c b/fs/ceph/file.c |
2155 |
+index 209535d5b8d38..3d2e3dd4ee01d 100644 |
2156 |
+--- a/fs/ceph/file.c |
2157 |
++++ b/fs/ceph/file.c |
2158 |
+@@ -578,6 +578,7 @@ static int ceph_finish_async_create(struct inode *dir, struct dentry *dentry, |
2159 |
+ struct ceph_inode_info *ci = ceph_inode(dir); |
2160 |
+ struct inode *inode; |
2161 |
+ struct timespec64 now; |
2162 |
++ struct ceph_mds_client *mdsc = ceph_sb_to_mdsc(dir->i_sb); |
2163 |
+ struct ceph_vino vino = { .ino = req->r_deleg_ino, |
2164 |
+ .snap = CEPH_NOSNAP }; |
2165 |
+ |
2166 |
+@@ -615,8 +616,10 @@ static int ceph_finish_async_create(struct inode *dir, struct dentry *dentry, |
2167 |
+ |
2168 |
+ ceph_file_layout_to_legacy(lo, &in.layout); |
2169 |
+ |
2170 |
++ down_read(&mdsc->snap_rwsem); |
2171 |
+ ret = ceph_fill_inode(inode, NULL, &iinfo, NULL, req->r_session, |
2172 |
+ req->r_fmode, NULL); |
2173 |
++ up_read(&mdsc->snap_rwsem); |
2174 |
+ if (ret) { |
2175 |
+ dout("%s failed to fill inode: %d\n", __func__, ret); |
2176 |
+ ceph_dir_clear_complete(dir); |
2177 |
+diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c |
2178 |
+index 179d2ef69a24a..7ee6023adb363 100644 |
2179 |
+--- a/fs/ceph/inode.c |
2180 |
++++ b/fs/ceph/inode.c |
2181 |
+@@ -762,6 +762,8 @@ int ceph_fill_inode(struct inode *inode, struct page *locked_page, |
2182 |
+ bool new_version = false; |
2183 |
+ bool fill_inline = false; |
2184 |
+ |
2185 |
++ lockdep_assert_held(&mdsc->snap_rwsem); |
2186 |
++ |
2187 |
+ dout("%s %p ino %llx.%llx v %llu had %llu\n", __func__, |
2188 |
+ inode, ceph_vinop(inode), le64_to_cpu(info->version), |
2189 |
+ ci->i_version); |
2190 |
+diff --git a/fs/nilfs2/sysfs.c b/fs/nilfs2/sysfs.c |
2191 |
+index 303d71430bdd1..9c6c0e2e5880a 100644 |
2192 |
+--- a/fs/nilfs2/sysfs.c |
2193 |
++++ b/fs/nilfs2/sysfs.c |
2194 |
+@@ -1053,6 +1053,7 @@ void nilfs_sysfs_delete_device_group(struct the_nilfs *nilfs) |
2195 |
+ nilfs_sysfs_delete_superblock_group(nilfs); |
2196 |
+ nilfs_sysfs_delete_segctor_group(nilfs); |
2197 |
+ kobject_del(&nilfs->ns_dev_kobj); |
2198 |
++ kobject_put(&nilfs->ns_dev_kobj); |
2199 |
+ kfree(nilfs->ns_dev_subgroups); |
2200 |
+ } |
2201 |
+ |
2202 |
+diff --git a/include/keys/system_keyring.h b/include/keys/system_keyring.h |
2203 |
+index fb8b07daa9d15..875e002a41804 100644 |
2204 |
+--- a/include/keys/system_keyring.h |
2205 |
++++ b/include/keys/system_keyring.h |
2206 |
+@@ -31,6 +31,7 @@ extern int restrict_link_by_builtin_and_secondary_trusted( |
2207 |
+ #define restrict_link_by_builtin_and_secondary_trusted restrict_link_by_builtin_trusted |
2208 |
+ #endif |
2209 |
+ |
2210 |
++extern struct pkcs7_message *pkcs7; |
2211 |
+ #ifdef CONFIG_SYSTEM_BLACKLIST_KEYRING |
2212 |
+ extern int mark_hash_blacklisted(const char *hash); |
2213 |
+ extern int is_hash_blacklisted(const u8 *hash, size_t hash_len, |
2214 |
+@@ -49,6 +50,20 @@ static inline int is_binary_blacklisted(const u8 *hash, size_t hash_len) |
2215 |
+ } |
2216 |
+ #endif |
2217 |
+ |
2218 |
++#ifdef CONFIG_SYSTEM_REVOCATION_LIST |
2219 |
++extern int add_key_to_revocation_list(const char *data, size_t size); |
2220 |
++extern int is_key_on_revocation_list(struct pkcs7_message *pkcs7); |
2221 |
++#else |
2222 |
++static inline int add_key_to_revocation_list(const char *data, size_t size) |
2223 |
++{ |
2224 |
++ return 0; |
2225 |
++} |
2226 |
++static inline int is_key_on_revocation_list(struct pkcs7_message *pkcs7) |
2227 |
++{ |
2228 |
++ return -ENOKEY; |
2229 |
++} |
2230 |
++#endif |
2231 |
++ |
2232 |
+ #ifdef CONFIG_IMA_BLACKLIST_KEYRING |
2233 |
+ extern struct key *ima_blacklist_keyring; |
2234 |
+ |
2235 |
+diff --git a/include/linux/debug_locks.h b/include/linux/debug_locks.h |
2236 |
+index 2915f56ad4214..edb5c186b0b7a 100644 |
2237 |
+--- a/include/linux/debug_locks.h |
2238 |
++++ b/include/linux/debug_locks.h |
2239 |
+@@ -27,8 +27,10 @@ extern int debug_locks_off(void); |
2240 |
+ int __ret = 0; \ |
2241 |
+ \ |
2242 |
+ if (!oops_in_progress && unlikely(c)) { \ |
2243 |
++ instrumentation_begin(); \ |
2244 |
+ if (debug_locks_off() && !debug_locks_silent) \ |
2245 |
+ WARN(1, "DEBUG_LOCKS_WARN_ON(%s)", #c); \ |
2246 |
++ instrumentation_end(); \ |
2247 |
+ __ret = 1; \ |
2248 |
+ } \ |
2249 |
+ __ret; \ |
2250 |
+diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h |
2251 |
+index ba973efcd3692..6686a0baa91d3 100644 |
2252 |
+--- a/include/linux/huge_mm.h |
2253 |
++++ b/include/linux/huge_mm.h |
2254 |
+@@ -289,6 +289,7 @@ struct page *follow_devmap_pud(struct vm_area_struct *vma, unsigned long addr, |
2255 |
+ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf, pmd_t orig_pmd); |
2256 |
+ |
2257 |
+ extern struct page *huge_zero_page; |
2258 |
++extern unsigned long huge_zero_pfn; |
2259 |
+ |
2260 |
+ static inline bool is_huge_zero_page(struct page *page) |
2261 |
+ { |
2262 |
+@@ -297,7 +298,7 @@ static inline bool is_huge_zero_page(struct page *page) |
2263 |
+ |
2264 |
+ static inline bool is_huge_zero_pmd(pmd_t pmd) |
2265 |
+ { |
2266 |
+- return is_huge_zero_page(pmd_page(pmd)); |
2267 |
++ return READ_ONCE(huge_zero_pfn) == pmd_pfn(pmd) && pmd_present(pmd); |
2268 |
+ } |
2269 |
+ |
2270 |
+ static inline bool is_huge_zero_pud(pud_t pud) |
2271 |
+@@ -443,6 +444,11 @@ static inline bool is_huge_zero_page(struct page *page) |
2272 |
+ return false; |
2273 |
+ } |
2274 |
+ |
2275 |
++static inline bool is_huge_zero_pmd(pmd_t pmd) |
2276 |
++{ |
2277 |
++ return false; |
2278 |
++} |
2279 |
++ |
2280 |
+ static inline bool is_huge_zero_pud(pud_t pud) |
2281 |
+ { |
2282 |
+ return false; |
2283 |
+diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h |
2284 |
+index 5dae4187210d9..28fa3f9bbbfdd 100644 |
2285 |
+--- a/include/linux/hugetlb.h |
2286 |
++++ b/include/linux/hugetlb.h |
2287 |
+@@ -728,17 +728,6 @@ static inline int hstate_index(struct hstate *h) |
2288 |
+ return h - hstates; |
2289 |
+ } |
2290 |
+ |
2291 |
+-pgoff_t __basepage_index(struct page *page); |
2292 |
+- |
2293 |
+-/* Return page->index in PAGE_SIZE units */ |
2294 |
+-static inline pgoff_t basepage_index(struct page *page) |
2295 |
+-{ |
2296 |
+- if (!PageCompound(page)) |
2297 |
+- return page->index; |
2298 |
+- |
2299 |
+- return __basepage_index(page); |
2300 |
+-} |
2301 |
+- |
2302 |
+ extern int dissolve_free_huge_page(struct page *page); |
2303 |
+ extern int dissolve_free_huge_pages(unsigned long start_pfn, |
2304 |
+ unsigned long end_pfn); |
2305 |
+@@ -969,11 +958,6 @@ static inline int hstate_index(struct hstate *h) |
2306 |
+ return 0; |
2307 |
+ } |
2308 |
+ |
2309 |
+-static inline pgoff_t basepage_index(struct page *page) |
2310 |
+-{ |
2311 |
+- return page->index; |
2312 |
+-} |
2313 |
+- |
2314 |
+ static inline int dissolve_free_huge_page(struct page *page) |
2315 |
+ { |
2316 |
+ return 0; |
2317 |
+diff --git a/include/linux/mm.h b/include/linux/mm.h |
2318 |
+index 6c1b29bb35636..cfb0842a7fb96 100644 |
2319 |
+--- a/include/linux/mm.h |
2320 |
++++ b/include/linux/mm.h |
2321 |
+@@ -1680,6 +1680,7 @@ struct zap_details { |
2322 |
+ struct address_space *check_mapping; /* Check page->mapping if set */ |
2323 |
+ pgoff_t first_index; /* Lowest page->index to unmap */ |
2324 |
+ pgoff_t last_index; /* Highest page->index to unmap */ |
2325 |
++ struct page *single_page; /* Locked page to be unmapped */ |
2326 |
+ }; |
2327 |
+ |
2328 |
+ struct page *vm_normal_page(struct vm_area_struct *vma, unsigned long addr, |
2329 |
+@@ -1727,6 +1728,7 @@ extern vm_fault_t handle_mm_fault(struct vm_area_struct *vma, |
2330 |
+ extern int fixup_user_fault(struct mm_struct *mm, |
2331 |
+ unsigned long address, unsigned int fault_flags, |
2332 |
+ bool *unlocked); |
2333 |
++void unmap_mapping_page(struct page *page); |
2334 |
+ void unmap_mapping_pages(struct address_space *mapping, |
2335 |
+ pgoff_t start, pgoff_t nr, bool even_cows); |
2336 |
+ void unmap_mapping_range(struct address_space *mapping, |
2337 |
+@@ -1747,6 +1749,7 @@ static inline int fixup_user_fault(struct mm_struct *mm, unsigned long address, |
2338 |
+ BUG(); |
2339 |
+ return -EFAULT; |
2340 |
+ } |
2341 |
++static inline void unmap_mapping_page(struct page *page) { } |
2342 |
+ static inline void unmap_mapping_pages(struct address_space *mapping, |
2343 |
+ pgoff_t start, pgoff_t nr, bool even_cows) { } |
2344 |
+ static inline void unmap_mapping_range(struct address_space *mapping, |
2345 |
+diff --git a/include/linux/pagemap.h b/include/linux/pagemap.h |
2346 |
+index 8c9947fd62f30..e0023e5f9aa67 100644 |
2347 |
+--- a/include/linux/pagemap.h |
2348 |
++++ b/include/linux/pagemap.h |
2349 |
+@@ -501,7 +501,7 @@ static inline struct page *read_mapping_page(struct address_space *mapping, |
2350 |
+ } |
2351 |
+ |
2352 |
+ /* |
2353 |
+- * Get index of the page with in radix-tree |
2354 |
++ * Get index of the page within radix-tree (but not for hugetlb pages). |
2355 |
+ * (TODO: remove once hugetlb pages will have ->index in PAGE_SIZE) |
2356 |
+ */ |
2357 |
+ static inline pgoff_t page_to_index(struct page *page) |
2358 |
+@@ -520,15 +520,16 @@ static inline pgoff_t page_to_index(struct page *page) |
2359 |
+ return pgoff; |
2360 |
+ } |
2361 |
+ |
2362 |
++extern pgoff_t hugetlb_basepage_index(struct page *page); |
2363 |
++ |
2364 |
+ /* |
2365 |
+- * Get the offset in PAGE_SIZE. |
2366 |
+- * (TODO: hugepage should have ->index in PAGE_SIZE) |
2367 |
++ * Get the offset in PAGE_SIZE (even for hugetlb pages). |
2368 |
++ * (TODO: hugetlb pages should have ->index in PAGE_SIZE) |
2369 |
+ */ |
2370 |
+ static inline pgoff_t page_to_pgoff(struct page *page) |
2371 |
+ { |
2372 |
+- if (unlikely(PageHeadHuge(page))) |
2373 |
+- return page->index << compound_order(page); |
2374 |
+- |
2375 |
++ if (unlikely(PageHuge(page))) |
2376 |
++ return hugetlb_basepage_index(page); |
2377 |
+ return page_to_index(page); |
2378 |
+ } |
2379 |
+ |
2380 |
+diff --git a/include/linux/rmap.h b/include/linux/rmap.h |
2381 |
+index def5c62c93b3b..8d04e7deedc66 100644 |
2382 |
+--- a/include/linux/rmap.h |
2383 |
++++ b/include/linux/rmap.h |
2384 |
+@@ -91,6 +91,7 @@ enum ttu_flags { |
2385 |
+ |
2386 |
+ TTU_SPLIT_HUGE_PMD = 0x4, /* split huge PMD if any */ |
2387 |
+ TTU_IGNORE_MLOCK = 0x8, /* ignore mlock */ |
2388 |
++ TTU_SYNC = 0x10, /* avoid racy checks with PVMW_SYNC */ |
2389 |
+ TTU_IGNORE_HWPOISON = 0x20, /* corrupted page is recoverable */ |
2390 |
+ TTU_BATCH_FLUSH = 0x40, /* Batch TLB flushes where possible |
2391 |
+ * and caller guarantees they will |
2392 |
+diff --git a/include/net/sock.h b/include/net/sock.h |
2393 |
+index 62e3811e95a78..b9bdeca1d784f 100644 |
2394 |
+--- a/include/net/sock.h |
2395 |
++++ b/include/net/sock.h |
2396 |
+@@ -1928,7 +1928,8 @@ static inline u32 net_tx_rndhash(void) |
2397 |
+ |
2398 |
+ static inline void sk_set_txhash(struct sock *sk) |
2399 |
+ { |
2400 |
+- sk->sk_txhash = net_tx_rndhash(); |
2401 |
++ /* This pairs with READ_ONCE() in skb_set_hash_from_sk() */ |
2402 |
++ WRITE_ONCE(sk->sk_txhash, net_tx_rndhash()); |
2403 |
+ } |
2404 |
+ |
2405 |
+ static inline bool sk_rethink_txhash(struct sock *sk) |
2406 |
+@@ -2200,9 +2201,12 @@ static inline void sock_poll_wait(struct file *filp, struct socket *sock, |
2407 |
+ |
2408 |
+ static inline void skb_set_hash_from_sk(struct sk_buff *skb, struct sock *sk) |
2409 |
+ { |
2410 |
+- if (sk->sk_txhash) { |
2411 |
++ /* This pairs with WRITE_ONCE() in sk_set_txhash() */ |
2412 |
++ u32 txhash = READ_ONCE(sk->sk_txhash); |
2413 |
++ |
2414 |
++ if (txhash) { |
2415 |
+ skb->l4_hash = 1; |
2416 |
+- skb->hash = sk->sk_txhash; |
2417 |
++ skb->hash = txhash; |
2418 |
+ } |
2419 |
+ } |
2420 |
+ |
2421 |
+@@ -2260,8 +2264,13 @@ struct sk_buff *sock_dequeue_err_skb(struct sock *sk); |
2422 |
+ static inline int sock_error(struct sock *sk) |
2423 |
+ { |
2424 |
+ int err; |
2425 |
+- if (likely(!sk->sk_err)) |
2426 |
++ |
2427 |
++ /* Avoid an atomic operation for the common case. |
2428 |
++ * This is racy since another cpu/thread can change sk_err under us. |
2429 |
++ */ |
2430 |
++ if (likely(data_race(!sk->sk_err))) |
2431 |
+ return 0; |
2432 |
++ |
2433 |
+ err = xchg(&sk->sk_err, 0); |
2434 |
+ return -err; |
2435 |
+ } |
2436 |
+diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c |
2437 |
+index fe4c01c14ab2c..e96f3808e4316 100644 |
2438 |
+--- a/kernel/dma/swiotlb.c |
2439 |
++++ b/kernel/dma/swiotlb.c |
2440 |
+@@ -724,11 +724,17 @@ void swiotlb_tbl_sync_single(struct device *hwdev, phys_addr_t tlb_addr, |
2441 |
+ int index = (tlb_addr - io_tlb_start) >> IO_TLB_SHIFT; |
2442 |
+ size_t orig_size = io_tlb_orig_size[index]; |
2443 |
+ phys_addr_t orig_addr = io_tlb_orig_addr[index]; |
2444 |
++ unsigned int tlb_offset; |
2445 |
+ |
2446 |
+ if (orig_addr == INVALID_PHYS_ADDR) |
2447 |
+ return; |
2448 |
+ |
2449 |
+- validate_sync_size_and_truncate(hwdev, orig_size, &size); |
2450 |
++ tlb_offset = (tlb_addr & (IO_TLB_SIZE - 1)) - |
2451 |
++ swiotlb_align_offset(hwdev, orig_addr); |
2452 |
++ |
2453 |
++ orig_addr += tlb_offset; |
2454 |
++ |
2455 |
++ validate_sync_size_and_truncate(hwdev, orig_size - tlb_offset, &size); |
2456 |
+ |
2457 |
+ switch (target) { |
2458 |
+ case SYNC_FOR_CPU: |
2459 |
+diff --git a/kernel/futex.c b/kernel/futex.c |
2460 |
+index a8629b695d38e..5aa6d0a6c7677 100644 |
2461 |
+--- a/kernel/futex.c |
2462 |
++++ b/kernel/futex.c |
2463 |
+@@ -35,7 +35,6 @@ |
2464 |
+ #include <linux/jhash.h> |
2465 |
+ #include <linux/pagemap.h> |
2466 |
+ #include <linux/syscalls.h> |
2467 |
+-#include <linux/hugetlb.h> |
2468 |
+ #include <linux/freezer.h> |
2469 |
+ #include <linux/memblock.h> |
2470 |
+ #include <linux/fault-inject.h> |
2471 |
+@@ -650,7 +649,7 @@ again: |
2472 |
+ |
2473 |
+ key->both.offset |= FUT_OFF_INODE; /* inode-based key */ |
2474 |
+ key->shared.i_seq = get_inode_sequence_number(inode); |
2475 |
+- key->shared.pgoff = basepage_index(tail); |
2476 |
++ key->shared.pgoff = page_to_pgoff(tail); |
2477 |
+ rcu_read_unlock(); |
2478 |
+ } |
2479 |
+ |
2480 |
+diff --git a/kernel/kthread.c b/kernel/kthread.c |
2481 |
+index 6d3c488a0f824..4fdf2bd9b5589 100644 |
2482 |
+--- a/kernel/kthread.c |
2483 |
++++ b/kernel/kthread.c |
2484 |
+@@ -1092,8 +1092,38 @@ void kthread_flush_work(struct kthread_work *work) |
2485 |
+ EXPORT_SYMBOL_GPL(kthread_flush_work); |
2486 |
+ |
2487 |
+ /* |
2488 |
+- * This function removes the work from the worker queue. Also it makes sure |
2489 |
+- * that it won't get queued later via the delayed work's timer. |
2490 |
++ * Make sure that the timer is neither set nor running and could |
2491 |
++ * not manipulate the work list_head any longer. |
2492 |
++ * |
2493 |
++ * The function is called under worker->lock. The lock is temporary |
2494 |
++ * released but the timer can't be set again in the meantime. |
2495 |
++ */ |
2496 |
++static void kthread_cancel_delayed_work_timer(struct kthread_work *work, |
2497 |
++ unsigned long *flags) |
2498 |
++{ |
2499 |
++ struct kthread_delayed_work *dwork = |
2500 |
++ container_of(work, struct kthread_delayed_work, work); |
2501 |
++ struct kthread_worker *worker = work->worker; |
2502 |
++ |
2503 |
++ /* |
2504 |
++ * del_timer_sync() must be called to make sure that the timer |
2505 |
++ * callback is not running. The lock must be temporary released |
2506 |
++ * to avoid a deadlock with the callback. In the meantime, |
2507 |
++ * any queuing is blocked by setting the canceling counter. |
2508 |
++ */ |
2509 |
++ work->canceling++; |
2510 |
++ raw_spin_unlock_irqrestore(&worker->lock, *flags); |
2511 |
++ del_timer_sync(&dwork->timer); |
2512 |
++ raw_spin_lock_irqsave(&worker->lock, *flags); |
2513 |
++ work->canceling--; |
2514 |
++} |
2515 |
++ |
2516 |
++/* |
2517 |
++ * This function removes the work from the worker queue. |
2518 |
++ * |
2519 |
++ * It is called under worker->lock. The caller must make sure that |
2520 |
++ * the timer used by delayed work is not running, e.g. by calling |
2521 |
++ * kthread_cancel_delayed_work_timer(). |
2522 |
+ * |
2523 |
+ * The work might still be in use when this function finishes. See the |
2524 |
+ * current_work proceed by the worker. |
2525 |
+@@ -1101,28 +1131,8 @@ EXPORT_SYMBOL_GPL(kthread_flush_work); |
2526 |
+ * Return: %true if @work was pending and successfully canceled, |
2527 |
+ * %false if @work was not pending |
2528 |
+ */ |
2529 |
+-static bool __kthread_cancel_work(struct kthread_work *work, bool is_dwork, |
2530 |
+- unsigned long *flags) |
2531 |
++static bool __kthread_cancel_work(struct kthread_work *work) |
2532 |
+ { |
2533 |
+- /* Try to cancel the timer if exists. */ |
2534 |
+- if (is_dwork) { |
2535 |
+- struct kthread_delayed_work *dwork = |
2536 |
+- container_of(work, struct kthread_delayed_work, work); |
2537 |
+- struct kthread_worker *worker = work->worker; |
2538 |
+- |
2539 |
+- /* |
2540 |
+- * del_timer_sync() must be called to make sure that the timer |
2541 |
+- * callback is not running. The lock must be temporary released |
2542 |
+- * to avoid a deadlock with the callback. In the meantime, |
2543 |
+- * any queuing is blocked by setting the canceling counter. |
2544 |
+- */ |
2545 |
+- work->canceling++; |
2546 |
+- raw_spin_unlock_irqrestore(&worker->lock, *flags); |
2547 |
+- del_timer_sync(&dwork->timer); |
2548 |
+- raw_spin_lock_irqsave(&worker->lock, *flags); |
2549 |
+- work->canceling--; |
2550 |
+- } |
2551 |
+- |
2552 |
+ /* |
2553 |
+ * Try to remove the work from a worker list. It might either |
2554 |
+ * be from worker->work_list or from worker->delayed_work_list. |
2555 |
+@@ -1175,11 +1185,23 @@ bool kthread_mod_delayed_work(struct kthread_worker *worker, |
2556 |
+ /* Work must not be used with >1 worker, see kthread_queue_work() */ |
2557 |
+ WARN_ON_ONCE(work->worker != worker); |
2558 |
+ |
2559 |
+- /* Do not fight with another command that is canceling this work. */ |
2560 |
++ /* |
2561 |
++ * Temporary cancel the work but do not fight with another command |
2562 |
++ * that is canceling the work as well. |
2563 |
++ * |
2564 |
++ * It is a bit tricky because of possible races with another |
2565 |
++ * mod_delayed_work() and cancel_delayed_work() callers. |
2566 |
++ * |
2567 |
++ * The timer must be canceled first because worker->lock is released |
2568 |
++ * when doing so. But the work can be removed from the queue (list) |
2569 |
++ * only when it can be queued again so that the return value can |
2570 |
++ * be used for reference counting. |
2571 |
++ */ |
2572 |
++ kthread_cancel_delayed_work_timer(work, &flags); |
2573 |
+ if (work->canceling) |
2574 |
+ goto out; |
2575 |
++ ret = __kthread_cancel_work(work); |
2576 |
+ |
2577 |
+- ret = __kthread_cancel_work(work, true, &flags); |
2578 |
+ fast_queue: |
2579 |
+ __kthread_queue_delayed_work(worker, dwork, delay); |
2580 |
+ out: |
2581 |
+@@ -1201,7 +1223,10 @@ static bool __kthread_cancel_work_sync(struct kthread_work *work, bool is_dwork) |
2582 |
+ /* Work must not be used with >1 worker, see kthread_queue_work(). */ |
2583 |
+ WARN_ON_ONCE(work->worker != worker); |
2584 |
+ |
2585 |
+- ret = __kthread_cancel_work(work, is_dwork, &flags); |
2586 |
++ if (is_dwork) |
2587 |
++ kthread_cancel_delayed_work_timer(work, &flags); |
2588 |
++ |
2589 |
++ ret = __kthread_cancel_work(work); |
2590 |
+ |
2591 |
+ if (worker->current_work != work) |
2592 |
+ goto out_fast; |
2593 |
+diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c |
2594 |
+index f39c383c71804..5bf6b1659215d 100644 |
2595 |
+--- a/kernel/locking/lockdep.c |
2596 |
++++ b/kernel/locking/lockdep.c |
2597 |
+@@ -842,7 +842,7 @@ static int count_matching_names(struct lock_class *new_class) |
2598 |
+ } |
2599 |
+ |
2600 |
+ /* used from NMI context -- must be lockless */ |
2601 |
+-static __always_inline struct lock_class * |
2602 |
++static noinstr struct lock_class * |
2603 |
+ look_up_lock_class(const struct lockdep_map *lock, unsigned int subclass) |
2604 |
+ { |
2605 |
+ struct lockdep_subclass_key *key; |
2606 |
+@@ -850,12 +850,14 @@ look_up_lock_class(const struct lockdep_map *lock, unsigned int subclass) |
2607 |
+ struct lock_class *class; |
2608 |
+ |
2609 |
+ if (unlikely(subclass >= MAX_LOCKDEP_SUBCLASSES)) { |
2610 |
++ instrumentation_begin(); |
2611 |
+ debug_locks_off(); |
2612 |
+ printk(KERN_ERR |
2613 |
+ "BUG: looking up invalid subclass: %u\n", subclass); |
2614 |
+ printk(KERN_ERR |
2615 |
+ "turning off the locking correctness validator.\n"); |
2616 |
+ dump_stack(); |
2617 |
++ instrumentation_end(); |
2618 |
+ return NULL; |
2619 |
+ } |
2620 |
+ |
2621 |
+diff --git a/kernel/module.c b/kernel/module.c |
2622 |
+index 30479355ab850..260d6f3f6d68f 100644 |
2623 |
+--- a/kernel/module.c |
2624 |
++++ b/kernel/module.c |
2625 |
+@@ -266,9 +266,18 @@ static void module_assert_mutex_or_preempt(void) |
2626 |
+ #endif |
2627 |
+ } |
2628 |
+ |
2629 |
++#ifdef CONFIG_MODULE_SIG |
2630 |
+ static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE); |
2631 |
+ module_param(sig_enforce, bool_enable_only, 0644); |
2632 |
+ |
2633 |
++void set_module_sig_enforced(void) |
2634 |
++{ |
2635 |
++ sig_enforce = true; |
2636 |
++} |
2637 |
++#else |
2638 |
++#define sig_enforce false |
2639 |
++#endif |
2640 |
++ |
2641 |
+ /* |
2642 |
+ * Export sig_enforce kernel cmdline parameter to allow other subsystems rely |
2643 |
+ * on that instead of directly to CONFIG_MODULE_SIG_FORCE config. |
2644 |
+@@ -279,11 +288,6 @@ bool is_module_sig_enforced(void) |
2645 |
+ } |
2646 |
+ EXPORT_SYMBOL(is_module_sig_enforced); |
2647 |
+ |
2648 |
+-void set_module_sig_enforced(void) |
2649 |
+-{ |
2650 |
+- sig_enforce = true; |
2651 |
+-} |
2652 |
+- |
2653 |
+ /* Block module loading/unloading? */ |
2654 |
+ int modules_disabled = 0; |
2655 |
+ core_param(nomodule, modules_disabled, bint, 0); |
2656 |
+diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c |
2657 |
+index 651218ded9817..ef37acd28e4ac 100644 |
2658 |
+--- a/kernel/sched/psi.c |
2659 |
++++ b/kernel/sched/psi.c |
2660 |
+@@ -965,7 +965,7 @@ void psi_cgroup_free(struct cgroup *cgroup) |
2661 |
+ */ |
2662 |
+ void cgroup_move_task(struct task_struct *task, struct css_set *to) |
2663 |
+ { |
2664 |
+- unsigned int task_flags = 0; |
2665 |
++ unsigned int task_flags; |
2666 |
+ struct rq_flags rf; |
2667 |
+ struct rq *rq; |
2668 |
+ |
2669 |
+@@ -980,15 +980,31 @@ void cgroup_move_task(struct task_struct *task, struct css_set *to) |
2670 |
+ |
2671 |
+ rq = task_rq_lock(task, &rf); |
2672 |
+ |
2673 |
+- if (task_on_rq_queued(task)) { |
2674 |
+- task_flags = TSK_RUNNING; |
2675 |
+- if (task_current(rq, task)) |
2676 |
+- task_flags |= TSK_ONCPU; |
2677 |
+- } else if (task->in_iowait) |
2678 |
+- task_flags = TSK_IOWAIT; |
2679 |
+- |
2680 |
+- if (task->in_memstall) |
2681 |
+- task_flags |= TSK_MEMSTALL; |
2682 |
++ /* |
2683 |
++ * We may race with schedule() dropping the rq lock between |
2684 |
++ * deactivating prev and switching to next. Because the psi |
2685 |
++ * updates from the deactivation are deferred to the switch |
2686 |
++ * callback to save cgroup tree updates, the task's scheduling |
2687 |
++ * state here is not coherent with its psi state: |
2688 |
++ * |
2689 |
++ * schedule() cgroup_move_task() |
2690 |
++ * rq_lock() |
2691 |
++ * deactivate_task() |
2692 |
++ * p->on_rq = 0 |
2693 |
++ * psi_dequeue() // defers TSK_RUNNING & TSK_IOWAIT updates |
2694 |
++ * pick_next_task() |
2695 |
++ * rq_unlock() |
2696 |
++ * rq_lock() |
2697 |
++ * psi_task_change() // old cgroup |
2698 |
++ * task->cgroups = to |
2699 |
++ * psi_task_change() // new cgroup |
2700 |
++ * rq_unlock() |
2701 |
++ * rq_lock() |
2702 |
++ * psi_sched_switch() // does deferred updates in new cgroup |
2703 |
++ * |
2704 |
++ * Don't rely on the scheduling state. Use psi_flags instead. |
2705 |
++ */ |
2706 |
++ task_flags = task->psi_flags; |
2707 |
+ |
2708 |
+ if (task_flags) |
2709 |
+ psi_task_change(task, task_flags, 0); |
2710 |
+diff --git a/lib/debug_locks.c b/lib/debug_locks.c |
2711 |
+index 06d3135bd184c..a75ee30b77cb8 100644 |
2712 |
+--- a/lib/debug_locks.c |
2713 |
++++ b/lib/debug_locks.c |
2714 |
+@@ -36,7 +36,7 @@ EXPORT_SYMBOL_GPL(debug_locks_silent); |
2715 |
+ /* |
2716 |
+ * Generic 'turn off all lock debugging' function: |
2717 |
+ */ |
2718 |
+-noinstr int debug_locks_off(void) |
2719 |
++int debug_locks_off(void) |
2720 |
+ { |
2721 |
+ if (debug_locks && __debug_locks_off()) { |
2722 |
+ if (!debug_locks_silent) { |
2723 |
+diff --git a/mm/huge_memory.c b/mm/huge_memory.c |
2724 |
+index ae907a9c20506..44c455dbbd637 100644 |
2725 |
+--- a/mm/huge_memory.c |
2726 |
++++ b/mm/huge_memory.c |
2727 |
+@@ -61,6 +61,7 @@ static struct shrinker deferred_split_shrinker; |
2728 |
+ |
2729 |
+ static atomic_t huge_zero_refcount; |
2730 |
+ struct page *huge_zero_page __read_mostly; |
2731 |
++unsigned long huge_zero_pfn __read_mostly = ~0UL; |
2732 |
+ |
2733 |
+ bool transparent_hugepage_enabled(struct vm_area_struct *vma) |
2734 |
+ { |
2735 |
+@@ -97,6 +98,7 @@ retry: |
2736 |
+ __free_pages(zero_page, compound_order(zero_page)); |
2737 |
+ goto retry; |
2738 |
+ } |
2739 |
++ WRITE_ONCE(huge_zero_pfn, page_to_pfn(zero_page)); |
2740 |
+ |
2741 |
+ /* We take additional reference here. It will be put back by shrinker */ |
2742 |
+ atomic_set(&huge_zero_refcount, 2); |
2743 |
+@@ -146,6 +148,7 @@ static unsigned long shrink_huge_zero_page_scan(struct shrinker *shrink, |
2744 |
+ if (atomic_cmpxchg(&huge_zero_refcount, 1, 0) == 1) { |
2745 |
+ struct page *zero_page = xchg(&huge_zero_page, NULL); |
2746 |
+ BUG_ON(zero_page == NULL); |
2747 |
++ WRITE_ONCE(huge_zero_pfn, ~0UL); |
2748 |
+ __free_pages(zero_page, compound_order(zero_page)); |
2749 |
+ return HPAGE_PMD_NR; |
2750 |
+ } |
2751 |
+@@ -2046,7 +2049,7 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, |
2752 |
+ count_vm_event(THP_SPLIT_PMD); |
2753 |
+ |
2754 |
+ if (!vma_is_anonymous(vma)) { |
2755 |
+- _pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd); |
2756 |
++ old_pmd = pmdp_huge_clear_flush_notify(vma, haddr, pmd); |
2757 |
+ /* |
2758 |
+ * We are going to unmap this huge page. So |
2759 |
+ * just go ahead and zap it |
2760 |
+@@ -2055,16 +2058,25 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, |
2761 |
+ zap_deposited_table(mm, pmd); |
2762 |
+ if (vma_is_special_huge(vma)) |
2763 |
+ return; |
2764 |
+- page = pmd_page(_pmd); |
2765 |
+- if (!PageDirty(page) && pmd_dirty(_pmd)) |
2766 |
+- set_page_dirty(page); |
2767 |
+- if (!PageReferenced(page) && pmd_young(_pmd)) |
2768 |
+- SetPageReferenced(page); |
2769 |
+- page_remove_rmap(page, true); |
2770 |
+- put_page(page); |
2771 |
++ if (unlikely(is_pmd_migration_entry(old_pmd))) { |
2772 |
++ swp_entry_t entry; |
2773 |
++ |
2774 |
++ entry = pmd_to_swp_entry(old_pmd); |
2775 |
++ page = migration_entry_to_page(entry); |
2776 |
++ } else { |
2777 |
++ page = pmd_page(old_pmd); |
2778 |
++ if (!PageDirty(page) && pmd_dirty(old_pmd)) |
2779 |
++ set_page_dirty(page); |
2780 |
++ if (!PageReferenced(page) && pmd_young(old_pmd)) |
2781 |
++ SetPageReferenced(page); |
2782 |
++ page_remove_rmap(page, true); |
2783 |
++ put_page(page); |
2784 |
++ } |
2785 |
+ add_mm_counter(mm, mm_counter_file(page), -HPAGE_PMD_NR); |
2786 |
+ return; |
2787 |
+- } else if (pmd_trans_huge(*pmd) && is_huge_zero_pmd(*pmd)) { |
2788 |
++ } |
2789 |
++ |
2790 |
++ if (is_huge_zero_pmd(*pmd)) { |
2791 |
+ /* |
2792 |
+ * FIXME: Do we want to invalidate secondary mmu by calling |
2793 |
+ * mmu_notifier_invalidate_range() see comments below inside |
2794 |
+@@ -2346,17 +2358,17 @@ void vma_adjust_trans_huge(struct vm_area_struct *vma, |
2795 |
+ |
2796 |
+ static void unmap_page(struct page *page) |
2797 |
+ { |
2798 |
+- enum ttu_flags ttu_flags = TTU_IGNORE_MLOCK | |
2799 |
++ enum ttu_flags ttu_flags = TTU_IGNORE_MLOCK | TTU_SYNC | |
2800 |
+ TTU_RMAP_LOCKED | TTU_SPLIT_HUGE_PMD; |
2801 |
+- bool unmap_success; |
2802 |
+ |
2803 |
+ VM_BUG_ON_PAGE(!PageHead(page), page); |
2804 |
+ |
2805 |
+ if (PageAnon(page)) |
2806 |
+ ttu_flags |= TTU_SPLIT_FREEZE; |
2807 |
+ |
2808 |
+- unmap_success = try_to_unmap(page, ttu_flags); |
2809 |
+- VM_BUG_ON_PAGE(!unmap_success, page); |
2810 |
++ try_to_unmap(page, ttu_flags); |
2811 |
++ |
2812 |
++ VM_WARN_ON_ONCE_PAGE(page_mapped(page), page); |
2813 |
+ } |
2814 |
+ |
2815 |
+ static void remap_page(struct page *page, unsigned int nr) |
2816 |
+@@ -2667,7 +2679,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
2817 |
+ struct deferred_split *ds_queue = get_deferred_split_queue(head); |
2818 |
+ struct anon_vma *anon_vma = NULL; |
2819 |
+ struct address_space *mapping = NULL; |
2820 |
+- int count, mapcount, extra_pins, ret; |
2821 |
++ int extra_pins, ret; |
2822 |
+ pgoff_t end; |
2823 |
+ |
2824 |
+ VM_BUG_ON_PAGE(is_huge_zero_page(head), head); |
2825 |
+@@ -2726,7 +2738,6 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
2826 |
+ } |
2827 |
+ |
2828 |
+ unmap_page(head); |
2829 |
+- VM_BUG_ON_PAGE(compound_mapcount(head), head); |
2830 |
+ |
2831 |
+ /* block interrupt reentry in xa_lock and spinlock */ |
2832 |
+ local_irq_disable(); |
2833 |
+@@ -2744,9 +2755,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
2834 |
+ |
2835 |
+ /* Prevent deferred_split_scan() touching ->_refcount */ |
2836 |
+ spin_lock(&ds_queue->split_queue_lock); |
2837 |
+- count = page_count(head); |
2838 |
+- mapcount = total_mapcount(head); |
2839 |
+- if (!mapcount && page_ref_freeze(head, 1 + extra_pins)) { |
2840 |
++ if (page_ref_freeze(head, 1 + extra_pins)) { |
2841 |
+ if (!list_empty(page_deferred_list(head))) { |
2842 |
+ ds_queue->split_queue_len--; |
2843 |
+ list_del(page_deferred_list(head)); |
2844 |
+@@ -2766,16 +2775,9 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
2845 |
+ __split_huge_page(page, list, end); |
2846 |
+ ret = 0; |
2847 |
+ } else { |
2848 |
+- if (IS_ENABLED(CONFIG_DEBUG_VM) && mapcount) { |
2849 |
+- pr_alert("total_mapcount: %u, page_count(): %u\n", |
2850 |
+- mapcount, count); |
2851 |
+- if (PageTail(page)) |
2852 |
+- dump_page(head, NULL); |
2853 |
+- dump_page(page, "total_mapcount(head) > 0"); |
2854 |
+- BUG(); |
2855 |
+- } |
2856 |
+ spin_unlock(&ds_queue->split_queue_lock); |
2857 |
+-fail: if (mapping) |
2858 |
++fail: |
2859 |
++ if (mapping) |
2860 |
+ xa_unlock(&mapping->i_pages); |
2861 |
+ local_irq_enable(); |
2862 |
+ remap_page(head, thp_nr_pages(head)); |
2863 |
+diff --git a/mm/hugetlb.c b/mm/hugetlb.c |
2864 |
+index 3da4817190f3d..7ba7d9b20494a 100644 |
2865 |
+--- a/mm/hugetlb.c |
2866 |
++++ b/mm/hugetlb.c |
2867 |
+@@ -1584,15 +1584,12 @@ struct address_space *hugetlb_page_mapping_lock_write(struct page *hpage) |
2868 |
+ return NULL; |
2869 |
+ } |
2870 |
+ |
2871 |
+-pgoff_t __basepage_index(struct page *page) |
2872 |
++pgoff_t hugetlb_basepage_index(struct page *page) |
2873 |
+ { |
2874 |
+ struct page *page_head = compound_head(page); |
2875 |
+ pgoff_t index = page_index(page_head); |
2876 |
+ unsigned long compound_idx; |
2877 |
+ |
2878 |
+- if (!PageHuge(page_head)) |
2879 |
+- return page_index(page); |
2880 |
+- |
2881 |
+ if (compound_order(page_head) >= MAX_ORDER) |
2882 |
+ compound_idx = page_to_pfn(page) - page_to_pfn(page_head); |
2883 |
+ else |
2884 |
+diff --git a/mm/internal.h b/mm/internal.h |
2885 |
+index 1432feec62df0..08323e622bbd1 100644 |
2886 |
+--- a/mm/internal.h |
2887 |
++++ b/mm/internal.h |
2888 |
+@@ -379,27 +379,52 @@ static inline void mlock_migrate_page(struct page *newpage, struct page *page) |
2889 |
+ extern pmd_t maybe_pmd_mkwrite(pmd_t pmd, struct vm_area_struct *vma); |
2890 |
+ |
2891 |
+ /* |
2892 |
+- * At what user virtual address is page expected in @vma? |
2893 |
++ * At what user virtual address is page expected in vma? |
2894 |
++ * Returns -EFAULT if all of the page is outside the range of vma. |
2895 |
++ * If page is a compound head, the entire compound page is considered. |
2896 |
+ */ |
2897 |
+ static inline unsigned long |
2898 |
+-__vma_address(struct page *page, struct vm_area_struct *vma) |
2899 |
++vma_address(struct page *page, struct vm_area_struct *vma) |
2900 |
+ { |
2901 |
+- pgoff_t pgoff = page_to_pgoff(page); |
2902 |
+- return vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT); |
2903 |
++ pgoff_t pgoff; |
2904 |
++ unsigned long address; |
2905 |
++ |
2906 |
++ VM_BUG_ON_PAGE(PageKsm(page), page); /* KSM page->index unusable */ |
2907 |
++ pgoff = page_to_pgoff(page); |
2908 |
++ if (pgoff >= vma->vm_pgoff) { |
2909 |
++ address = vma->vm_start + |
2910 |
++ ((pgoff - vma->vm_pgoff) << PAGE_SHIFT); |
2911 |
++ /* Check for address beyond vma (or wrapped through 0?) */ |
2912 |
++ if (address < vma->vm_start || address >= vma->vm_end) |
2913 |
++ address = -EFAULT; |
2914 |
++ } else if (PageHead(page) && |
2915 |
++ pgoff + compound_nr(page) - 1 >= vma->vm_pgoff) { |
2916 |
++ /* Test above avoids possibility of wrap to 0 on 32-bit */ |
2917 |
++ address = vma->vm_start; |
2918 |
++ } else { |
2919 |
++ address = -EFAULT; |
2920 |
++ } |
2921 |
++ return address; |
2922 |
+ } |
2923 |
+ |
2924 |
++/* |
2925 |
++ * Then at what user virtual address will none of the page be found in vma? |
2926 |
++ * Assumes that vma_address() already returned a good starting address. |
2927 |
++ * If page is a compound head, the entire compound page is considered. |
2928 |
++ */ |
2929 |
+ static inline unsigned long |
2930 |
+-vma_address(struct page *page, struct vm_area_struct *vma) |
2931 |
++vma_address_end(struct page *page, struct vm_area_struct *vma) |
2932 |
+ { |
2933 |
+- unsigned long start, end; |
2934 |
+- |
2935 |
+- start = __vma_address(page, vma); |
2936 |
+- end = start + thp_size(page) - PAGE_SIZE; |
2937 |
+- |
2938 |
+- /* page should be within @vma mapping range */ |
2939 |
+- VM_BUG_ON_VMA(end < vma->vm_start || start >= vma->vm_end, vma); |
2940 |
+- |
2941 |
+- return max(start, vma->vm_start); |
2942 |
++ pgoff_t pgoff; |
2943 |
++ unsigned long address; |
2944 |
++ |
2945 |
++ VM_BUG_ON_PAGE(PageKsm(page), page); /* KSM page->index unusable */ |
2946 |
++ pgoff = page_to_pgoff(page) + compound_nr(page); |
2947 |
++ address = vma->vm_start + ((pgoff - vma->vm_pgoff) << PAGE_SHIFT); |
2948 |
++ /* Check for address beyond vma (or wrapped through 0?) */ |
2949 |
++ if (address < vma->vm_start || address > vma->vm_end) |
2950 |
++ address = vma->vm_end; |
2951 |
++ return address; |
2952 |
+ } |
2953 |
+ |
2954 |
+ static inline struct file *maybe_unlock_mmap_for_io(struct vm_fault *vmf, |
2955 |
+diff --git a/mm/memory-failure.c b/mm/memory-failure.c |
2956 |
+index 704d05057d8c3..4db6f95e55be0 100644 |
2957 |
+--- a/mm/memory-failure.c |
2958 |
++++ b/mm/memory-failure.c |
2959 |
+@@ -658,6 +658,7 @@ static int truncate_error_page(struct page *p, unsigned long pfn, |
2960 |
+ */ |
2961 |
+ static int me_kernel(struct page *p, unsigned long pfn) |
2962 |
+ { |
2963 |
++ unlock_page(p); |
2964 |
+ return MF_IGNORED; |
2965 |
+ } |
2966 |
+ |
2967 |
+@@ -667,6 +668,7 @@ static int me_kernel(struct page *p, unsigned long pfn) |
2968 |
+ static int me_unknown(struct page *p, unsigned long pfn) |
2969 |
+ { |
2970 |
+ pr_err("Memory failure: %#lx: Unknown page state\n", pfn); |
2971 |
++ unlock_page(p); |
2972 |
+ return MF_FAILED; |
2973 |
+ } |
2974 |
+ |
2975 |
+@@ -675,6 +677,7 @@ static int me_unknown(struct page *p, unsigned long pfn) |
2976 |
+ */ |
2977 |
+ static int me_pagecache_clean(struct page *p, unsigned long pfn) |
2978 |
+ { |
2979 |
++ int ret; |
2980 |
+ struct address_space *mapping; |
2981 |
+ |
2982 |
+ delete_from_lru_cache(p); |
2983 |
+@@ -683,8 +686,10 @@ static int me_pagecache_clean(struct page *p, unsigned long pfn) |
2984 |
+ * For anonymous pages we're done the only reference left |
2985 |
+ * should be the one m_f() holds. |
2986 |
+ */ |
2987 |
+- if (PageAnon(p)) |
2988 |
+- return MF_RECOVERED; |
2989 |
++ if (PageAnon(p)) { |
2990 |
++ ret = MF_RECOVERED; |
2991 |
++ goto out; |
2992 |
++ } |
2993 |
+ |
2994 |
+ /* |
2995 |
+ * Now truncate the page in the page cache. This is really |
2996 |
+@@ -698,7 +703,8 @@ static int me_pagecache_clean(struct page *p, unsigned long pfn) |
2997 |
+ /* |
2998 |
+ * Page has been teared down in the meanwhile |
2999 |
+ */ |
3000 |
+- return MF_FAILED; |
3001 |
++ ret = MF_FAILED; |
3002 |
++ goto out; |
3003 |
+ } |
3004 |
+ |
3005 |
+ /* |
3006 |
+@@ -706,7 +712,10 @@ static int me_pagecache_clean(struct page *p, unsigned long pfn) |
3007 |
+ * |
3008 |
+ * Open: to take i_mutex or not for this? Right now we don't. |
3009 |
+ */ |
3010 |
+- return truncate_error_page(p, pfn, mapping); |
3011 |
++ ret = truncate_error_page(p, pfn, mapping); |
3012 |
++out: |
3013 |
++ unlock_page(p); |
3014 |
++ return ret; |
3015 |
+ } |
3016 |
+ |
3017 |
+ /* |
3018 |
+@@ -782,24 +791,26 @@ static int me_pagecache_dirty(struct page *p, unsigned long pfn) |
3019 |
+ */ |
3020 |
+ static int me_swapcache_dirty(struct page *p, unsigned long pfn) |
3021 |
+ { |
3022 |
++ int ret; |
3023 |
++ |
3024 |
+ ClearPageDirty(p); |
3025 |
+ /* Trigger EIO in shmem: */ |
3026 |
+ ClearPageUptodate(p); |
3027 |
+ |
3028 |
+- if (!delete_from_lru_cache(p)) |
3029 |
+- return MF_DELAYED; |
3030 |
+- else |
3031 |
+- return MF_FAILED; |
3032 |
++ ret = delete_from_lru_cache(p) ? MF_FAILED : MF_DELAYED; |
3033 |
++ unlock_page(p); |
3034 |
++ return ret; |
3035 |
+ } |
3036 |
+ |
3037 |
+ static int me_swapcache_clean(struct page *p, unsigned long pfn) |
3038 |
+ { |
3039 |
++ int ret; |
3040 |
++ |
3041 |
+ delete_from_swap_cache(p); |
3042 |
+ |
3043 |
+- if (!delete_from_lru_cache(p)) |
3044 |
+- return MF_RECOVERED; |
3045 |
+- else |
3046 |
+- return MF_FAILED; |
3047 |
++ ret = delete_from_lru_cache(p) ? MF_FAILED : MF_RECOVERED; |
3048 |
++ unlock_page(p); |
3049 |
++ return ret; |
3050 |
+ } |
3051 |
+ |
3052 |
+ /* |
3053 |
+@@ -820,6 +831,7 @@ static int me_huge_page(struct page *p, unsigned long pfn) |
3054 |
+ mapping = page_mapping(hpage); |
3055 |
+ if (mapping) { |
3056 |
+ res = truncate_error_page(hpage, pfn, mapping); |
3057 |
++ unlock_page(hpage); |
3058 |
+ } else { |
3059 |
+ res = MF_FAILED; |
3060 |
+ unlock_page(hpage); |
3061 |
+@@ -834,7 +846,6 @@ static int me_huge_page(struct page *p, unsigned long pfn) |
3062 |
+ page_ref_inc(p); |
3063 |
+ res = MF_RECOVERED; |
3064 |
+ } |
3065 |
+- lock_page(hpage); |
3066 |
+ } |
3067 |
+ |
3068 |
+ return res; |
3069 |
+@@ -866,6 +877,8 @@ static struct page_state { |
3070 |
+ unsigned long mask; |
3071 |
+ unsigned long res; |
3072 |
+ enum mf_action_page_type type; |
3073 |
++ |
3074 |
++ /* Callback ->action() has to unlock the relevant page inside it. */ |
3075 |
+ int (*action)(struct page *p, unsigned long pfn); |
3076 |
+ } error_states[] = { |
3077 |
+ { reserved, reserved, MF_MSG_KERNEL, me_kernel }, |
3078 |
+@@ -929,6 +942,7 @@ static int page_action(struct page_state *ps, struct page *p, |
3079 |
+ int result; |
3080 |
+ int count; |
3081 |
+ |
3082 |
++ /* page p should be unlocked after returning from ps->action(). */ |
3083 |
+ result = ps->action(p, pfn); |
3084 |
+ |
3085 |
+ count = page_count(p) - 1; |
3086 |
+@@ -1313,7 +1327,7 @@ static int memory_failure_hugetlb(unsigned long pfn, int flags) |
3087 |
+ goto out; |
3088 |
+ } |
3089 |
+ |
3090 |
+- res = identify_page_state(pfn, p, page_flags); |
3091 |
++ return identify_page_state(pfn, p, page_flags); |
3092 |
+ out: |
3093 |
+ unlock_page(head); |
3094 |
+ return res; |
3095 |
+@@ -1429,9 +1443,10 @@ int memory_failure(unsigned long pfn, int flags) |
3096 |
+ struct page *hpage; |
3097 |
+ struct page *orig_head; |
3098 |
+ struct dev_pagemap *pgmap; |
3099 |
+- int res; |
3100 |
++ int res = 0; |
3101 |
+ unsigned long page_flags; |
3102 |
+ bool retry = true; |
3103 |
++ static DEFINE_MUTEX(mf_mutex); |
3104 |
+ |
3105 |
+ if (!sysctl_memory_failure_recovery) |
3106 |
+ panic("Memory failure on page %lx", pfn); |
3107 |
+@@ -1449,13 +1464,18 @@ int memory_failure(unsigned long pfn, int flags) |
3108 |
+ return -ENXIO; |
3109 |
+ } |
3110 |
+ |
3111 |
++ mutex_lock(&mf_mutex); |
3112 |
++ |
3113 |
+ try_again: |
3114 |
+- if (PageHuge(p)) |
3115 |
+- return memory_failure_hugetlb(pfn, flags); |
3116 |
++ if (PageHuge(p)) { |
3117 |
++ res = memory_failure_hugetlb(pfn, flags); |
3118 |
++ goto unlock_mutex; |
3119 |
++ } |
3120 |
++ |
3121 |
+ if (TestSetPageHWPoison(p)) { |
3122 |
+ pr_err("Memory failure: %#lx: already hardware poisoned\n", |
3123 |
+ pfn); |
3124 |
+- return 0; |
3125 |
++ goto unlock_mutex; |
3126 |
+ } |
3127 |
+ |
3128 |
+ orig_head = hpage = compound_head(p); |
3129 |
+@@ -1488,17 +1508,19 @@ try_again: |
3130 |
+ res = MF_FAILED; |
3131 |
+ } |
3132 |
+ action_result(pfn, MF_MSG_BUDDY, res); |
3133 |
+- return res == MF_RECOVERED ? 0 : -EBUSY; |
3134 |
++ res = res == MF_RECOVERED ? 0 : -EBUSY; |
3135 |
+ } else { |
3136 |
+ action_result(pfn, MF_MSG_KERNEL_HIGH_ORDER, MF_IGNORED); |
3137 |
+- return -EBUSY; |
3138 |
++ res = -EBUSY; |
3139 |
+ } |
3140 |
++ goto unlock_mutex; |
3141 |
+ } |
3142 |
+ |
3143 |
+ if (PageTransHuge(hpage)) { |
3144 |
+ if (try_to_split_thp_page(p, "Memory Failure") < 0) { |
3145 |
+ action_result(pfn, MF_MSG_UNSPLIT_THP, MF_IGNORED); |
3146 |
+- return -EBUSY; |
3147 |
++ res = -EBUSY; |
3148 |
++ goto unlock_mutex; |
3149 |
+ } |
3150 |
+ VM_BUG_ON_PAGE(!page_count(p), p); |
3151 |
+ } |
3152 |
+@@ -1522,7 +1544,7 @@ try_again: |
3153 |
+ if (PageCompound(p) && compound_head(p) != orig_head) { |
3154 |
+ action_result(pfn, MF_MSG_DIFFERENT_COMPOUND, MF_IGNORED); |
3155 |
+ res = -EBUSY; |
3156 |
+- goto out; |
3157 |
++ goto unlock_page; |
3158 |
+ } |
3159 |
+ |
3160 |
+ /* |
3161 |
+@@ -1542,14 +1564,14 @@ try_again: |
3162 |
+ num_poisoned_pages_dec(); |
3163 |
+ unlock_page(p); |
3164 |
+ put_page(p); |
3165 |
+- return 0; |
3166 |
++ goto unlock_mutex; |
3167 |
+ } |
3168 |
+ if (hwpoison_filter(p)) { |
3169 |
+ if (TestClearPageHWPoison(p)) |
3170 |
+ num_poisoned_pages_dec(); |
3171 |
+ unlock_page(p); |
3172 |
+ put_page(p); |
3173 |
+- return 0; |
3174 |
++ goto unlock_mutex; |
3175 |
+ } |
3176 |
+ |
3177 |
+ /* |
3178 |
+@@ -1573,7 +1595,7 @@ try_again: |
3179 |
+ if (!hwpoison_user_mappings(p, pfn, flags, &p)) { |
3180 |
+ action_result(pfn, MF_MSG_UNMAP_FAILED, MF_IGNORED); |
3181 |
+ res = -EBUSY; |
3182 |
+- goto out; |
3183 |
++ goto unlock_page; |
3184 |
+ } |
3185 |
+ |
3186 |
+ /* |
3187 |
+@@ -1582,13 +1604,17 @@ try_again: |
3188 |
+ if (PageLRU(p) && !PageSwapCache(p) && p->mapping == NULL) { |
3189 |
+ action_result(pfn, MF_MSG_TRUNCATED_LRU, MF_IGNORED); |
3190 |
+ res = -EBUSY; |
3191 |
+- goto out; |
3192 |
++ goto unlock_page; |
3193 |
+ } |
3194 |
+ |
3195 |
+ identify_page_state: |
3196 |
+ res = identify_page_state(pfn, p, page_flags); |
3197 |
+-out: |
3198 |
++ mutex_unlock(&mf_mutex); |
3199 |
++ return res; |
3200 |
++unlock_page: |
3201 |
+ unlock_page(p); |
3202 |
++unlock_mutex: |
3203 |
++ mutex_unlock(&mf_mutex); |
3204 |
+ return res; |
3205 |
+ } |
3206 |
+ EXPORT_SYMBOL_GPL(memory_failure); |
3207 |
+diff --git a/mm/memory.c b/mm/memory.c |
3208 |
+index 14a6c66b37483..36624986130be 100644 |
3209 |
+--- a/mm/memory.c |
3210 |
++++ b/mm/memory.c |
3211 |
+@@ -1361,7 +1361,18 @@ static inline unsigned long zap_pmd_range(struct mmu_gather *tlb, |
3212 |
+ else if (zap_huge_pmd(tlb, vma, pmd, addr)) |
3213 |
+ goto next; |
3214 |
+ /* fall through */ |
3215 |
++ } else if (details && details->single_page && |
3216 |
++ PageTransCompound(details->single_page) && |
3217 |
++ next - addr == HPAGE_PMD_SIZE && pmd_none(*pmd)) { |
3218 |
++ spinlock_t *ptl = pmd_lock(tlb->mm, pmd); |
3219 |
++ /* |
3220 |
++ * Take and drop THP pmd lock so that we cannot return |
3221 |
++ * prematurely, while zap_huge_pmd() has cleared *pmd, |
3222 |
++ * but not yet decremented compound_mapcount(). |
3223 |
++ */ |
3224 |
++ spin_unlock(ptl); |
3225 |
+ } |
3226 |
++ |
3227 |
+ /* |
3228 |
+ * Here there can be other concurrent MADV_DONTNEED or |
3229 |
+ * trans huge page faults running, and if the pmd is |
3230 |
+@@ -3193,6 +3204,36 @@ static inline void unmap_mapping_range_tree(struct rb_root_cached *root, |
3231 |
+ } |
3232 |
+ } |
3233 |
+ |
3234 |
++/** |
3235 |
++ * unmap_mapping_page() - Unmap single page from processes. |
3236 |
++ * @page: The locked page to be unmapped. |
3237 |
++ * |
3238 |
++ * Unmap this page from any userspace process which still has it mmaped. |
3239 |
++ * Typically, for efficiency, the range of nearby pages has already been |
3240 |
++ * unmapped by unmap_mapping_pages() or unmap_mapping_range(). But once |
3241 |
++ * truncation or invalidation holds the lock on a page, it may find that |
3242 |
++ * the page has been remapped again: and then uses unmap_mapping_page() |
3243 |
++ * to unmap it finally. |
3244 |
++ */ |
3245 |
++void unmap_mapping_page(struct page *page) |
3246 |
++{ |
3247 |
++ struct address_space *mapping = page->mapping; |
3248 |
++ struct zap_details details = { }; |
3249 |
++ |
3250 |
++ VM_BUG_ON(!PageLocked(page)); |
3251 |
++ VM_BUG_ON(PageTail(page)); |
3252 |
++ |
3253 |
++ details.check_mapping = mapping; |
3254 |
++ details.first_index = page->index; |
3255 |
++ details.last_index = page->index + thp_nr_pages(page) - 1; |
3256 |
++ details.single_page = page; |
3257 |
++ |
3258 |
++ i_mmap_lock_write(mapping); |
3259 |
++ if (unlikely(!RB_EMPTY_ROOT(&mapping->i_mmap.rb_root))) |
3260 |
++ unmap_mapping_range_tree(&mapping->i_mmap, &details); |
3261 |
++ i_mmap_unlock_write(mapping); |
3262 |
++} |
3263 |
++ |
3264 |
+ /** |
3265 |
+ * unmap_mapping_pages() - Unmap pages from processes. |
3266 |
+ * @mapping: The address space containing pages to be unmapped. |
3267 |
+diff --git a/mm/migrate.c b/mm/migrate.c |
3268 |
+index 773622cffe779..40455e753c5b4 100644 |
3269 |
+--- a/mm/migrate.c |
3270 |
++++ b/mm/migrate.c |
3271 |
+@@ -322,6 +322,7 @@ void __migration_entry_wait(struct mm_struct *mm, pte_t *ptep, |
3272 |
+ goto out; |
3273 |
+ |
3274 |
+ page = migration_entry_to_page(entry); |
3275 |
++ page = compound_head(page); |
3276 |
+ |
3277 |
+ /* |
3278 |
+ * Once page cache replacement of page migration started, page_count |
3279 |
+diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c |
3280 |
+index 86e3a3688d592..3350faeb199a6 100644 |
3281 |
+--- a/mm/page_vma_mapped.c |
3282 |
++++ b/mm/page_vma_mapped.c |
3283 |
+@@ -116,6 +116,13 @@ static bool check_pte(struct page_vma_mapped_walk *pvmw) |
3284 |
+ return pfn_is_match(pvmw->page, pfn); |
3285 |
+ } |
3286 |
+ |
3287 |
++static void step_forward(struct page_vma_mapped_walk *pvmw, unsigned long size) |
3288 |
++{ |
3289 |
++ pvmw->address = (pvmw->address + size) & ~(size - 1); |
3290 |
++ if (!pvmw->address) |
3291 |
++ pvmw->address = ULONG_MAX; |
3292 |
++} |
3293 |
++ |
3294 |
+ /** |
3295 |
+ * page_vma_mapped_walk - check if @pvmw->page is mapped in @pvmw->vma at |
3296 |
+ * @pvmw->address |
3297 |
+@@ -144,6 +151,7 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw) |
3298 |
+ { |
3299 |
+ struct mm_struct *mm = pvmw->vma->vm_mm; |
3300 |
+ struct page *page = pvmw->page; |
3301 |
++ unsigned long end; |
3302 |
+ pgd_t *pgd; |
3303 |
+ p4d_t *p4d; |
3304 |
+ pud_t *pud; |
3305 |
+@@ -153,10 +161,11 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw) |
3306 |
+ if (pvmw->pmd && !pvmw->pte) |
3307 |
+ return not_found(pvmw); |
3308 |
+ |
3309 |
+- if (pvmw->pte) |
3310 |
+- goto next_pte; |
3311 |
++ if (unlikely(PageHuge(page))) { |
3312 |
++ /* The only possible mapping was handled on last iteration */ |
3313 |
++ if (pvmw->pte) |
3314 |
++ return not_found(pvmw); |
3315 |
+ |
3316 |
+- if (unlikely(PageHuge(pvmw->page))) { |
3317 |
+ /* when pud is not present, pte will be NULL */ |
3318 |
+ pvmw->pte = huge_pte_offset(mm, pvmw->address, page_size(page)); |
3319 |
+ if (!pvmw->pte) |
3320 |
+@@ -168,78 +177,108 @@ bool page_vma_mapped_walk(struct page_vma_mapped_walk *pvmw) |
3321 |
+ return not_found(pvmw); |
3322 |
+ return true; |
3323 |
+ } |
3324 |
+-restart: |
3325 |
+- pgd = pgd_offset(mm, pvmw->address); |
3326 |
+- if (!pgd_present(*pgd)) |
3327 |
+- return false; |
3328 |
+- p4d = p4d_offset(pgd, pvmw->address); |
3329 |
+- if (!p4d_present(*p4d)) |
3330 |
+- return false; |
3331 |
+- pud = pud_offset(p4d, pvmw->address); |
3332 |
+- if (!pud_present(*pud)) |
3333 |
+- return false; |
3334 |
+- pvmw->pmd = pmd_offset(pud, pvmw->address); |
3335 |
++ |
3336 |
+ /* |
3337 |
+- * Make sure the pmd value isn't cached in a register by the |
3338 |
+- * compiler and used as a stale value after we've observed a |
3339 |
+- * subsequent update. |
3340 |
++ * Seek to next pte only makes sense for THP. |
3341 |
++ * But more important than that optimization, is to filter out |
3342 |
++ * any PageKsm page: whose page->index misleads vma_address() |
3343 |
++ * and vma_address_end() to disaster. |
3344 |
+ */ |
3345 |
+- pmde = READ_ONCE(*pvmw->pmd); |
3346 |
+- if (pmd_trans_huge(pmde) || is_pmd_migration_entry(pmde)) { |
3347 |
+- pvmw->ptl = pmd_lock(mm, pvmw->pmd); |
3348 |
+- if (likely(pmd_trans_huge(*pvmw->pmd))) { |
3349 |
+- if (pvmw->flags & PVMW_MIGRATION) |
3350 |
+- return not_found(pvmw); |
3351 |
+- if (pmd_page(*pvmw->pmd) != page) |
3352 |
+- return not_found(pvmw); |
3353 |
+- return true; |
3354 |
+- } else if (!pmd_present(*pvmw->pmd)) { |
3355 |
+- if (thp_migration_supported()) { |
3356 |
+- if (!(pvmw->flags & PVMW_MIGRATION)) |
3357 |
++ end = PageTransCompound(page) ? |
3358 |
++ vma_address_end(page, pvmw->vma) : |
3359 |
++ pvmw->address + PAGE_SIZE; |
3360 |
++ if (pvmw->pte) |
3361 |
++ goto next_pte; |
3362 |
++restart: |
3363 |
++ do { |
3364 |
++ pgd = pgd_offset(mm, pvmw->address); |
3365 |
++ if (!pgd_present(*pgd)) { |
3366 |
++ step_forward(pvmw, PGDIR_SIZE); |
3367 |
++ continue; |
3368 |
++ } |
3369 |
++ p4d = p4d_offset(pgd, pvmw->address); |
3370 |
++ if (!p4d_present(*p4d)) { |
3371 |
++ step_forward(pvmw, P4D_SIZE); |
3372 |
++ continue; |
3373 |
++ } |
3374 |
++ pud = pud_offset(p4d, pvmw->address); |
3375 |
++ if (!pud_present(*pud)) { |
3376 |
++ step_forward(pvmw, PUD_SIZE); |
3377 |
++ continue; |
3378 |
++ } |
3379 |
++ |
3380 |
++ pvmw->pmd = pmd_offset(pud, pvmw->address); |
3381 |
++ /* |
3382 |
++ * Make sure the pmd value isn't cached in a register by the |
3383 |
++ * compiler and used as a stale value after we've observed a |
3384 |
++ * subsequent update. |
3385 |
++ */ |
3386 |
++ pmde = READ_ONCE(*pvmw->pmd); |
3387 |
++ |
3388 |
++ if (pmd_trans_huge(pmde) || is_pmd_migration_entry(pmde)) { |
3389 |
++ pvmw->ptl = pmd_lock(mm, pvmw->pmd); |
3390 |
++ pmde = *pvmw->pmd; |
3391 |
++ if (likely(pmd_trans_huge(pmde))) { |
3392 |
++ if (pvmw->flags & PVMW_MIGRATION) |
3393 |
+ return not_found(pvmw); |
3394 |
+- if (is_migration_entry(pmd_to_swp_entry(*pvmw->pmd))) { |
3395 |
+- swp_entry_t entry = pmd_to_swp_entry(*pvmw->pmd); |
3396 |
++ if (pmd_page(pmde) != page) |
3397 |
++ return not_found(pvmw); |
3398 |
++ return true; |
3399 |
++ } |
3400 |
++ if (!pmd_present(pmde)) { |
3401 |
++ swp_entry_t entry; |
3402 |
+ |
3403 |
+- if (migration_entry_to_page(entry) != page) |
3404 |
+- return not_found(pvmw); |
3405 |
+- return true; |
3406 |
+- } |
3407 |
++ if (!thp_migration_supported() || |
3408 |
++ !(pvmw->flags & PVMW_MIGRATION)) |
3409 |
++ return not_found(pvmw); |
3410 |
++ entry = pmd_to_swp_entry(pmde); |
3411 |
++ if (!is_migration_entry(entry) || |
3412 |
++ migration_entry_to_page(entry) != page) |
3413 |
++ return not_found(pvmw); |
3414 |
++ return true; |
3415 |
+ } |
3416 |
+- return not_found(pvmw); |
3417 |
+- } else { |
3418 |
+ /* THP pmd was split under us: handle on pte level */ |
3419 |
+ spin_unlock(pvmw->ptl); |
3420 |
+ pvmw->ptl = NULL; |
3421 |
++ } else if (!pmd_present(pmde)) { |
3422 |
++ /* |
3423 |
++ * If PVMW_SYNC, take and drop THP pmd lock so that we |
3424 |
++ * cannot return prematurely, while zap_huge_pmd() has |
3425 |
++ * cleared *pmd but not decremented compound_mapcount(). |
3426 |
++ */ |
3427 |
++ if ((pvmw->flags & PVMW_SYNC) && |
3428 |
++ PageTransCompound(page)) { |
3429 |
++ spinlock_t *ptl = pmd_lock(mm, pvmw->pmd); |
3430 |
++ |
3431 |
++ spin_unlock(ptl); |
3432 |
++ } |
3433 |
++ step_forward(pvmw, PMD_SIZE); |
3434 |
++ continue; |
3435 |
+ } |
3436 |
+- } else if (!pmd_present(pmde)) { |
3437 |
+- return false; |
3438 |
+- } |
3439 |
+- if (!map_pte(pvmw)) |
3440 |
+- goto next_pte; |
3441 |
+- while (1) { |
3442 |
++ if (!map_pte(pvmw)) |
3443 |
++ goto next_pte; |
3444 |
++this_pte: |
3445 |
+ if (check_pte(pvmw)) |
3446 |
+ return true; |
3447 |
+ next_pte: |
3448 |
+- /* Seek to next pte only makes sense for THP */ |
3449 |
+- if (!PageTransHuge(pvmw->page) || PageHuge(pvmw->page)) |
3450 |
+- return not_found(pvmw); |
3451 |
+ do { |
3452 |
+ pvmw->address += PAGE_SIZE; |
3453 |
+- if (pvmw->address >= pvmw->vma->vm_end || |
3454 |
+- pvmw->address >= |
3455 |
+- __vma_address(pvmw->page, pvmw->vma) + |
3456 |
+- thp_size(pvmw->page)) |
3457 |
++ if (pvmw->address >= end) |
3458 |
+ return not_found(pvmw); |
3459 |
+ /* Did we cross page table boundary? */ |
3460 |
+- if (pvmw->address % PMD_SIZE == 0) { |
3461 |
+- pte_unmap(pvmw->pte); |
3462 |
++ if ((pvmw->address & (PMD_SIZE - PAGE_SIZE)) == 0) { |
3463 |
+ if (pvmw->ptl) { |
3464 |
+ spin_unlock(pvmw->ptl); |
3465 |
+ pvmw->ptl = NULL; |
3466 |
+ } |
3467 |
++ pte_unmap(pvmw->pte); |
3468 |
++ pvmw->pte = NULL; |
3469 |
+ goto restart; |
3470 |
+- } else { |
3471 |
+- pvmw->pte++; |
3472 |
++ } |
3473 |
++ pvmw->pte++; |
3474 |
++ if ((pvmw->flags & PVMW_SYNC) && !pvmw->ptl) { |
3475 |
++ pvmw->ptl = pte_lockptr(mm, pvmw->pmd); |
3476 |
++ spin_lock(pvmw->ptl); |
3477 |
+ } |
3478 |
+ } while (pte_none(*pvmw->pte)); |
3479 |
+ |
3480 |
+@@ -247,7 +286,10 @@ next_pte: |
3481 |
+ pvmw->ptl = pte_lockptr(mm, pvmw->pmd); |
3482 |
+ spin_lock(pvmw->ptl); |
3483 |
+ } |
3484 |
+- } |
3485 |
++ goto this_pte; |
3486 |
++ } while (pvmw->address < end); |
3487 |
++ |
3488 |
++ return false; |
3489 |
+ } |
3490 |
+ |
3491 |
+ /** |
3492 |
+@@ -266,14 +308,10 @@ int page_mapped_in_vma(struct page *page, struct vm_area_struct *vma) |
3493 |
+ .vma = vma, |
3494 |
+ .flags = PVMW_SYNC, |
3495 |
+ }; |
3496 |
+- unsigned long start, end; |
3497 |
+- |
3498 |
+- start = __vma_address(page, vma); |
3499 |
+- end = start + thp_size(page) - PAGE_SIZE; |
3500 |
+ |
3501 |
+- if (unlikely(end < vma->vm_start || start >= vma->vm_end)) |
3502 |
++ pvmw.address = vma_address(page, vma); |
3503 |
++ if (pvmw.address == -EFAULT) |
3504 |
+ return 0; |
3505 |
+- pvmw.address = max(start, vma->vm_start); |
3506 |
+ if (!page_vma_mapped_walk(&pvmw)) |
3507 |
+ return 0; |
3508 |
+ page_vma_mapped_walk_done(&pvmw); |
3509 |
+diff --git a/mm/pgtable-generic.c b/mm/pgtable-generic.c |
3510 |
+index c2210e1cdb515..4e640baf97948 100644 |
3511 |
+--- a/mm/pgtable-generic.c |
3512 |
++++ b/mm/pgtable-generic.c |
3513 |
+@@ -135,9 +135,8 @@ pmd_t pmdp_huge_clear_flush(struct vm_area_struct *vma, unsigned long address, |
3514 |
+ { |
3515 |
+ pmd_t pmd; |
3516 |
+ VM_BUG_ON(address & ~HPAGE_PMD_MASK); |
3517 |
+- VM_BUG_ON(!pmd_present(*pmdp)); |
3518 |
+- /* Below assumes pmd_present() is true */ |
3519 |
+- VM_BUG_ON(!pmd_trans_huge(*pmdp) && !pmd_devmap(*pmdp)); |
3520 |
++ VM_BUG_ON(pmd_present(*pmdp) && !pmd_trans_huge(*pmdp) && |
3521 |
++ !pmd_devmap(*pmdp)); |
3522 |
+ pmd = pmdp_huge_get_and_clear(vma->vm_mm, address, pmdp); |
3523 |
+ flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE); |
3524 |
+ return pmd; |
3525 |
+diff --git a/mm/rmap.c b/mm/rmap.c |
3526 |
+index b0fc27e77d6d7..3665d062cc9ce 100644 |
3527 |
+--- a/mm/rmap.c |
3528 |
++++ b/mm/rmap.c |
3529 |
+@@ -707,7 +707,6 @@ static bool should_defer_flush(struct mm_struct *mm, enum ttu_flags flags) |
3530 |
+ */ |
3531 |
+ unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma) |
3532 |
+ { |
3533 |
+- unsigned long address; |
3534 |
+ if (PageAnon(page)) { |
3535 |
+ struct anon_vma *page__anon_vma = page_anon_vma(page); |
3536 |
+ /* |
3537 |
+@@ -717,15 +716,13 @@ unsigned long page_address_in_vma(struct page *page, struct vm_area_struct *vma) |
3538 |
+ if (!vma->anon_vma || !page__anon_vma || |
3539 |
+ vma->anon_vma->root != page__anon_vma->root) |
3540 |
+ return -EFAULT; |
3541 |
+- } else if (page->mapping) { |
3542 |
+- if (!vma->vm_file || vma->vm_file->f_mapping != page->mapping) |
3543 |
+- return -EFAULT; |
3544 |
+- } else |
3545 |
++ } else if (!vma->vm_file) { |
3546 |
+ return -EFAULT; |
3547 |
+- address = __vma_address(page, vma); |
3548 |
+- if (unlikely(address < vma->vm_start || address >= vma->vm_end)) |
3549 |
++ } else if (vma->vm_file->f_mapping != compound_head(page)->mapping) { |
3550 |
+ return -EFAULT; |
3551 |
+- return address; |
3552 |
++ } |
3553 |
++ |
3554 |
++ return vma_address(page, vma); |
3555 |
+ } |
3556 |
+ |
3557 |
+ pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address) |
3558 |
+@@ -919,7 +916,7 @@ static bool page_mkclean_one(struct page *page, struct vm_area_struct *vma, |
3559 |
+ */ |
3560 |
+ mmu_notifier_range_init(&range, MMU_NOTIFY_PROTECTION_PAGE, |
3561 |
+ 0, vma, vma->vm_mm, address, |
3562 |
+- min(vma->vm_end, address + page_size(page))); |
3563 |
++ vma_address_end(page, vma)); |
3564 |
+ mmu_notifier_invalidate_range_start(&range); |
3565 |
+ |
3566 |
+ while (page_vma_mapped_walk(&pvmw)) { |
3567 |
+@@ -1405,6 +1402,15 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, |
3568 |
+ struct mmu_notifier_range range; |
3569 |
+ enum ttu_flags flags = (enum ttu_flags)(long)arg; |
3570 |
+ |
3571 |
++ /* |
3572 |
++ * When racing against e.g. zap_pte_range() on another cpu, |
3573 |
++ * in between its ptep_get_and_clear_full() and page_remove_rmap(), |
3574 |
++ * try_to_unmap() may return false when it is about to become true, |
3575 |
++ * if page table locking is skipped: use TTU_SYNC to wait for that. |
3576 |
++ */ |
3577 |
++ if (flags & TTU_SYNC) |
3578 |
++ pvmw.flags = PVMW_SYNC; |
3579 |
++ |
3580 |
+ /* munlock has nothing to gain from examining un-locked vmas */ |
3581 |
+ if ((flags & TTU_MUNLOCK) && !(vma->vm_flags & VM_LOCKED)) |
3582 |
+ return true; |
3583 |
+@@ -1426,9 +1432,10 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, |
3584 |
+ * Note that the page can not be free in this function as call of |
3585 |
+ * try_to_unmap() must hold a reference on the page. |
3586 |
+ */ |
3587 |
++ range.end = PageKsm(page) ? |
3588 |
++ address + PAGE_SIZE : vma_address_end(page, vma); |
3589 |
+ mmu_notifier_range_init(&range, MMU_NOTIFY_CLEAR, 0, vma, vma->vm_mm, |
3590 |
+- address, |
3591 |
+- min(vma->vm_end, address + page_size(page))); |
3592 |
++ address, range.end); |
3593 |
+ if (PageHuge(page)) { |
3594 |
+ /* |
3595 |
+ * If sharing is possible, start and end will be adjusted |
3596 |
+@@ -1777,7 +1784,13 @@ bool try_to_unmap(struct page *page, enum ttu_flags flags) |
3597 |
+ else |
3598 |
+ rmap_walk(page, &rwc); |
3599 |
+ |
3600 |
+- return !page_mapcount(page) ? true : false; |
3601 |
++ /* |
3602 |
++ * When racing against e.g. zap_pte_range() on another cpu, |
3603 |
++ * in between its ptep_get_and_clear_full() and page_remove_rmap(), |
3604 |
++ * try_to_unmap() may return false when it is about to become true, |
3605 |
++ * if page table locking is skipped: use TTU_SYNC to wait for that. |
3606 |
++ */ |
3607 |
++ return !page_mapcount(page); |
3608 |
+ } |
3609 |
+ |
3610 |
+ /** |
3611 |
+@@ -1874,6 +1887,7 @@ static void rmap_walk_anon(struct page *page, struct rmap_walk_control *rwc, |
3612 |
+ struct vm_area_struct *vma = avc->vma; |
3613 |
+ unsigned long address = vma_address(page, vma); |
3614 |
+ |
3615 |
++ VM_BUG_ON_VMA(address == -EFAULT, vma); |
3616 |
+ cond_resched(); |
3617 |
+ |
3618 |
+ if (rwc->invalid_vma && rwc->invalid_vma(vma, rwc->arg)) |
3619 |
+@@ -1928,6 +1942,7 @@ static void rmap_walk_file(struct page *page, struct rmap_walk_control *rwc, |
3620 |
+ pgoff_start, pgoff_end) { |
3621 |
+ unsigned long address = vma_address(page, vma); |
3622 |
+ |
3623 |
++ VM_BUG_ON_VMA(address == -EFAULT, vma); |
3624 |
+ cond_resched(); |
3625 |
+ |
3626 |
+ if (rwc->invalid_vma && rwc->invalid_vma(vma, rwc->arg)) |
3627 |
+diff --git a/mm/truncate.c b/mm/truncate.c |
3628 |
+index 455944264663e..bf092be0a6f01 100644 |
3629 |
+--- a/mm/truncate.c |
3630 |
++++ b/mm/truncate.c |
3631 |
+@@ -168,13 +168,10 @@ void do_invalidatepage(struct page *page, unsigned int offset, |
3632 |
+ * its lock, b) when a concurrent invalidate_mapping_pages got there first and |
3633 |
+ * c) when tmpfs swizzles a page between a tmpfs inode and swapper_space. |
3634 |
+ */ |
3635 |
+-static void |
3636 |
+-truncate_cleanup_page(struct address_space *mapping, struct page *page) |
3637 |
++static void truncate_cleanup_page(struct page *page) |
3638 |
+ { |
3639 |
+- if (page_mapped(page)) { |
3640 |
+- unsigned int nr = thp_nr_pages(page); |
3641 |
+- unmap_mapping_pages(mapping, page->index, nr, false); |
3642 |
+- } |
3643 |
++ if (page_mapped(page)) |
3644 |
++ unmap_mapping_page(page); |
3645 |
+ |
3646 |
+ if (page_has_private(page)) |
3647 |
+ do_invalidatepage(page, 0, thp_size(page)); |
3648 |
+@@ -219,7 +216,7 @@ int truncate_inode_page(struct address_space *mapping, struct page *page) |
3649 |
+ if (page->mapping != mapping) |
3650 |
+ return -EIO; |
3651 |
+ |
3652 |
+- truncate_cleanup_page(mapping, page); |
3653 |
++ truncate_cleanup_page(page); |
3654 |
+ delete_from_page_cache(page); |
3655 |
+ return 0; |
3656 |
+ } |
3657 |
+@@ -326,7 +323,7 @@ void truncate_inode_pages_range(struct address_space *mapping, |
3658 |
+ index = indices[pagevec_count(&pvec) - 1] + 1; |
3659 |
+ truncate_exceptional_pvec_entries(mapping, &pvec, indices); |
3660 |
+ for (i = 0; i < pagevec_count(&pvec); i++) |
3661 |
+- truncate_cleanup_page(mapping, pvec.pages[i]); |
3662 |
++ truncate_cleanup_page(pvec.pages[i]); |
3663 |
+ delete_from_page_cache_batch(mapping, &pvec); |
3664 |
+ for (i = 0; i < pagevec_count(&pvec); i++) |
3665 |
+ unlock_page(pvec.pages[i]); |
3666 |
+@@ -652,6 +649,16 @@ int invalidate_inode_pages2_range(struct address_space *mapping, |
3667 |
+ continue; |
3668 |
+ } |
3669 |
+ |
3670 |
++ if (!did_range_unmap && page_mapped(page)) { |
3671 |
++ /* |
3672 |
++ * If page is mapped, before taking its lock, |
3673 |
++ * zap the rest of the file in one hit. |
3674 |
++ */ |
3675 |
++ unmap_mapping_pages(mapping, index, |
3676 |
++ (1 + end - index), false); |
3677 |
++ did_range_unmap = 1; |
3678 |
++ } |
3679 |
++ |
3680 |
+ lock_page(page); |
3681 |
+ WARN_ON(page_to_index(page) != index); |
3682 |
+ if (page->mapping != mapping) { |
3683 |
+@@ -659,23 +666,11 @@ int invalidate_inode_pages2_range(struct address_space *mapping, |
3684 |
+ continue; |
3685 |
+ } |
3686 |
+ wait_on_page_writeback(page); |
3687 |
+- if (page_mapped(page)) { |
3688 |
+- if (!did_range_unmap) { |
3689 |
+- /* |
3690 |
+- * Zap the rest of the file in one hit. |
3691 |
+- */ |
3692 |
+- unmap_mapping_pages(mapping, index, |
3693 |
+- (1 + end - index), false); |
3694 |
+- did_range_unmap = 1; |
3695 |
+- } else { |
3696 |
+- /* |
3697 |
+- * Just zap this page |
3698 |
+- */ |
3699 |
+- unmap_mapping_pages(mapping, index, |
3700 |
+- 1, false); |
3701 |
+- } |
3702 |
+- } |
3703 |
++ |
3704 |
++ if (page_mapped(page)) |
3705 |
++ unmap_mapping_page(page); |
3706 |
+ BUG_ON(page_mapped(page)); |
3707 |
++ |
3708 |
+ ret2 = do_launder_page(mapping, page); |
3709 |
+ if (ret2 == 0) { |
3710 |
+ if (!invalidate_complete_page2(mapping, page)) |
3711 |
+diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c |
3712 |
+index 2603966da904d..e910890a868c1 100644 |
3713 |
+--- a/net/ethtool/ioctl.c |
3714 |
++++ b/net/ethtool/ioctl.c |
3715 |
+@@ -1421,7 +1421,7 @@ static int ethtool_get_any_eeprom(struct net_device *dev, void __user *useraddr, |
3716 |
+ if (eeprom.offset + eeprom.len > total_len) |
3717 |
+ return -EINVAL; |
3718 |
+ |
3719 |
+- data = kmalloc(PAGE_SIZE, GFP_USER); |
3720 |
++ data = kzalloc(PAGE_SIZE, GFP_USER); |
3721 |
+ if (!data) |
3722 |
+ return -ENOMEM; |
3723 |
+ |
3724 |
+@@ -1486,7 +1486,7 @@ static int ethtool_set_eeprom(struct net_device *dev, void __user *useraddr) |
3725 |
+ if (eeprom.offset + eeprom.len > ops->get_eeprom_len(dev)) |
3726 |
+ return -EINVAL; |
3727 |
+ |
3728 |
+- data = kmalloc(PAGE_SIZE, GFP_USER); |
3729 |
++ data = kzalloc(PAGE_SIZE, GFP_USER); |
3730 |
+ if (!data) |
3731 |
+ return -ENOMEM; |
3732 |
+ |
3733 |
+@@ -1765,7 +1765,7 @@ static int ethtool_self_test(struct net_device *dev, char __user *useraddr) |
3734 |
+ return -EFAULT; |
3735 |
+ |
3736 |
+ test.len = test_len; |
3737 |
+- data = kmalloc_array(test_len, sizeof(u64), GFP_USER); |
3738 |
++ data = kcalloc(test_len, sizeof(u64), GFP_USER); |
3739 |
+ if (!data) |
3740 |
+ return -ENOMEM; |
3741 |
+ |
3742 |
+@@ -2281,7 +2281,7 @@ static int ethtool_get_tunable(struct net_device *dev, void __user *useraddr) |
3743 |
+ ret = ethtool_tunable_valid(&tuna); |
3744 |
+ if (ret) |
3745 |
+ return ret; |
3746 |
+- data = kmalloc(tuna.len, GFP_USER); |
3747 |
++ data = kzalloc(tuna.len, GFP_USER); |
3748 |
+ if (!data) |
3749 |
+ return -ENOMEM; |
3750 |
+ ret = ops->get_tunable(dev, &tuna, data); |
3751 |
+@@ -2473,7 +2473,7 @@ static int get_phy_tunable(struct net_device *dev, void __user *useraddr) |
3752 |
+ ret = ethtool_phy_tunable_valid(&tuna); |
3753 |
+ if (ret) |
3754 |
+ return ret; |
3755 |
+- data = kmalloc(tuna.len, GFP_USER); |
3756 |
++ data = kzalloc(tuna.len, GFP_USER); |
3757 |
+ if (!data) |
3758 |
+ return -ENOMEM; |
3759 |
+ if (phy_drv_tunable) { |
3760 |
+diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c |
3761 |
+index 1355e6c0d5677..faa7856c7fb07 100644 |
3762 |
+--- a/net/ipv4/af_inet.c |
3763 |
++++ b/net/ipv4/af_inet.c |
3764 |
+@@ -575,7 +575,7 @@ int inet_dgram_connect(struct socket *sock, struct sockaddr *uaddr, |
3765 |
+ return err; |
3766 |
+ } |
3767 |
+ |
3768 |
+- if (!inet_sk(sk)->inet_num && inet_autobind(sk)) |
3769 |
++ if (data_race(!inet_sk(sk)->inet_num) && inet_autobind(sk)) |
3770 |
+ return -EAGAIN; |
3771 |
+ return sk->sk_prot->connect(sk, uaddr, addr_len); |
3772 |
+ } |
3773 |
+@@ -803,7 +803,7 @@ int inet_send_prepare(struct sock *sk) |
3774 |
+ sock_rps_record_flow(sk); |
3775 |
+ |
3776 |
+ /* We may need to bind the socket. */ |
3777 |
+- if (!inet_sk(sk)->inet_num && !sk->sk_prot->no_autobind && |
3778 |
++ if (data_race(!inet_sk(sk)->inet_num) && !sk->sk_prot->no_autobind && |
3779 |
+ inet_autobind(sk)) |
3780 |
+ return -EAGAIN; |
3781 |
+ |
3782 |
+diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c |
3783 |
+index 2e35f68da40a7..1c6429c353a96 100644 |
3784 |
+--- a/net/ipv4/devinet.c |
3785 |
++++ b/net/ipv4/devinet.c |
3786 |
+@@ -1989,7 +1989,7 @@ static int inet_set_link_af(struct net_device *dev, const struct nlattr *nla, |
3787 |
+ return -EAFNOSUPPORT; |
3788 |
+ |
3789 |
+ if (nla_parse_nested_deprecated(tb, IFLA_INET_MAX, nla, NULL, NULL) < 0) |
3790 |
+- BUG(); |
3791 |
++ return -EINVAL; |
3792 |
+ |
3793 |
+ if (tb[IFLA_INET_CONF]) { |
3794 |
+ nla_for_each_nested(a, tb[IFLA_INET_CONF], rem) |
3795 |
+diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c |
3796 |
+index 8b943f85fff9d..ea22768f76b8a 100644 |
3797 |
+--- a/net/ipv4/ping.c |
3798 |
++++ b/net/ipv4/ping.c |
3799 |
+@@ -952,6 +952,7 @@ bool ping_rcv(struct sk_buff *skb) |
3800 |
+ struct sock *sk; |
3801 |
+ struct net *net = dev_net(skb->dev); |
3802 |
+ struct icmphdr *icmph = icmp_hdr(skb); |
3803 |
++ bool rc = false; |
3804 |
+ |
3805 |
+ /* We assume the packet has already been checked by icmp_rcv */ |
3806 |
+ |
3807 |
+@@ -966,14 +967,15 @@ bool ping_rcv(struct sk_buff *skb) |
3808 |
+ struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC); |
3809 |
+ |
3810 |
+ pr_debug("rcv on socket %p\n", sk); |
3811 |
+- if (skb2) |
3812 |
+- ping_queue_rcv_skb(sk, skb2); |
3813 |
++ if (skb2 && !ping_queue_rcv_skb(sk, skb2)) |
3814 |
++ rc = true; |
3815 |
+ sock_put(sk); |
3816 |
+- return true; |
3817 |
+ } |
3818 |
+- pr_debug("no socket, dropping\n"); |
3819 |
+ |
3820 |
+- return false; |
3821 |
++ if (!rc) |
3822 |
++ pr_debug("no socket, dropping\n"); |
3823 |
++ |
3824 |
++ return rc; |
3825 |
+ } |
3826 |
+ EXPORT_SYMBOL_GPL(ping_rcv); |
3827 |
+ |
3828 |
+diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
3829 |
+index a9e53f5942fae..eab0a46983c0b 100644 |
3830 |
+--- a/net/ipv6/addrconf.c |
3831 |
++++ b/net/ipv6/addrconf.c |
3832 |
+@@ -5822,7 +5822,7 @@ static int inet6_set_link_af(struct net_device *dev, const struct nlattr *nla, |
3833 |
+ return -EAFNOSUPPORT; |
3834 |
+ |
3835 |
+ if (nla_parse_nested_deprecated(tb, IFLA_INET6_MAX, nla, NULL, NULL) < 0) |
3836 |
+- BUG(); |
3837 |
++ return -EINVAL; |
3838 |
+ |
3839 |
+ if (tb[IFLA_INET6_TOKEN]) { |
3840 |
+ err = inet6_set_iftoken(idev, nla_data(tb[IFLA_INET6_TOKEN]), |
3841 |
+diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h |
3842 |
+index 02e818d740f60..5ec437e8e7132 100644 |
3843 |
+--- a/net/mac80211/ieee80211_i.h |
3844 |
++++ b/net/mac80211/ieee80211_i.h |
3845 |
+@@ -1442,7 +1442,7 @@ ieee80211_get_sband(struct ieee80211_sub_if_data *sdata) |
3846 |
+ rcu_read_lock(); |
3847 |
+ chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); |
3848 |
+ |
3849 |
+- if (WARN_ON_ONCE(!chanctx_conf)) { |
3850 |
++ if (!chanctx_conf) { |
3851 |
+ rcu_read_unlock(); |
3852 |
+ return NULL; |
3853 |
+ } |
3854 |
+diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c |
3855 |
+index 0fe91dc9817eb..437d88822d8f8 100644 |
3856 |
+--- a/net/mac80211/mlme.c |
3857 |
++++ b/net/mac80211/mlme.c |
3858 |
+@@ -4062,10 +4062,14 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata, |
3859 |
+ if (elems.mbssid_config_ie) |
3860 |
+ bss_conf->profile_periodicity = |
3861 |
+ elems.mbssid_config_ie->profile_periodicity; |
3862 |
++ else |
3863 |
++ bss_conf->profile_periodicity = 0; |
3864 |
+ |
3865 |
+ if (elems.ext_capab_len >= 11 && |
3866 |
+ (elems.ext_capab[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) |
3867 |
+ bss_conf->ema_ap = true; |
3868 |
++ else |
3869 |
++ bss_conf->ema_ap = false; |
3870 |
+ |
3871 |
+ /* continue assoc process */ |
3872 |
+ ifmgd->assoc_data->timeout = jiffies; |
3873 |
+@@ -5802,12 +5806,16 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, |
3874 |
+ beacon_ies->data, beacon_ies->len); |
3875 |
+ if (elem && elem->datalen >= 3) |
3876 |
+ sdata->vif.bss_conf.profile_periodicity = elem->data[2]; |
3877 |
++ else |
3878 |
++ sdata->vif.bss_conf.profile_periodicity = 0; |
3879 |
+ |
3880 |
+ elem = cfg80211_find_elem(WLAN_EID_EXT_CAPABILITY, |
3881 |
+ beacon_ies->data, beacon_ies->len); |
3882 |
+ if (elem && elem->datalen >= 11 && |
3883 |
+ (elem->data[10] & WLAN_EXT_CAPA11_EMA_SUPPORT)) |
3884 |
+ sdata->vif.bss_conf.ema_ap = true; |
3885 |
++ else |
3886 |
++ sdata->vif.bss_conf.ema_ap = false; |
3887 |
+ } else { |
3888 |
+ assoc_data->timeout = jiffies; |
3889 |
+ assoc_data->timeout_started = true; |
3890 |
+diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c |
3891 |
+index 59de7a86599dc..cb5cbf02dbac9 100644 |
3892 |
+--- a/net/mac80211/rx.c |
3893 |
++++ b/net/mac80211/rx.c |
3894 |
+@@ -2239,17 +2239,15 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) |
3895 |
+ sc = le16_to_cpu(hdr->seq_ctrl); |
3896 |
+ frag = sc & IEEE80211_SCTL_FRAG; |
3897 |
+ |
3898 |
+- if (is_multicast_ether_addr(hdr->addr1)) { |
3899 |
+- I802_DEBUG_INC(rx->local->dot11MulticastReceivedFrameCount); |
3900 |
+- goto out_no_led; |
3901 |
+- } |
3902 |
+- |
3903 |
+ if (rx->sta) |
3904 |
+ cache = &rx->sta->frags; |
3905 |
+ |
3906 |
+ if (likely(!ieee80211_has_morefrags(fc) && frag == 0)) |
3907 |
+ goto out; |
3908 |
+ |
3909 |
++ if (is_multicast_ether_addr(hdr->addr1)) |
3910 |
++ return RX_DROP_MONITOR; |
3911 |
++ |
3912 |
+ I802_DEBUG_INC(rx->local->rx_handlers_fragments); |
3913 |
+ |
3914 |
+ if (skb_linearize(rx->skb)) |
3915 |
+@@ -2375,7 +2373,6 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx) |
3916 |
+ |
3917 |
+ out: |
3918 |
+ ieee80211_led_rx(rx->local); |
3919 |
+- out_no_led: |
3920 |
+ if (rx->sta) |
3921 |
+ rx->sta->rx_stats.packets++; |
3922 |
+ return RX_CONTINUE; |
3923 |
+diff --git a/net/mac80211/util.c b/net/mac80211/util.c |
3924 |
+index 53755a05f73b5..06342693799eb 100644 |
3925 |
+--- a/net/mac80211/util.c |
3926 |
++++ b/net/mac80211/util.c |
3927 |
+@@ -955,7 +955,7 @@ static void ieee80211_parse_extension_element(u32 *crc, |
3928 |
+ |
3929 |
+ switch (elem->data[0]) { |
3930 |
+ case WLAN_EID_EXT_HE_MU_EDCA: |
3931 |
+- if (len == sizeof(*elems->mu_edca_param_set)) { |
3932 |
++ if (len >= sizeof(*elems->mu_edca_param_set)) { |
3933 |
+ elems->mu_edca_param_set = data; |
3934 |
+ if (crc) |
3935 |
+ *crc = crc32_be(*crc, (void *)elem, |
3936 |
+@@ -976,7 +976,7 @@ static void ieee80211_parse_extension_element(u32 *crc, |
3937 |
+ } |
3938 |
+ break; |
3939 |
+ case WLAN_EID_EXT_UORA: |
3940 |
+- if (len == 1) |
3941 |
++ if (len >= 1) |
3942 |
+ elems->uora_element = data; |
3943 |
+ break; |
3944 |
+ case WLAN_EID_EXT_MAX_CHANNEL_SWITCH_TIME: |
3945 |
+@@ -984,7 +984,7 @@ static void ieee80211_parse_extension_element(u32 *crc, |
3946 |
+ elems->max_channel_switch_time = data; |
3947 |
+ break; |
3948 |
+ case WLAN_EID_EXT_MULTIPLE_BSSID_CONFIGURATION: |
3949 |
+- if (len == sizeof(*elems->mbssid_config_ie)) |
3950 |
++ if (len >= sizeof(*elems->mbssid_config_ie)) |
3951 |
+ elems->mbssid_config_ie = data; |
3952 |
+ break; |
3953 |
+ case WLAN_EID_EXT_HE_SPR: |
3954 |
+@@ -993,7 +993,7 @@ static void ieee80211_parse_extension_element(u32 *crc, |
3955 |
+ elems->he_spr = data; |
3956 |
+ break; |
3957 |
+ case WLAN_EID_EXT_HE_6GHZ_CAPA: |
3958 |
+- if (len == sizeof(*elems->he_6ghz_capa)) |
3959 |
++ if (len >= sizeof(*elems->he_6ghz_capa)) |
3960 |
+ elems->he_6ghz_capa = data; |
3961 |
+ break; |
3962 |
+ } |
3963 |
+@@ -1082,14 +1082,14 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, |
3964 |
+ |
3965 |
+ switch (id) { |
3966 |
+ case WLAN_EID_LINK_ID: |
3967 |
+- if (elen + 2 != sizeof(struct ieee80211_tdls_lnkie)) { |
3968 |
++ if (elen + 2 < sizeof(struct ieee80211_tdls_lnkie)) { |
3969 |
+ elem_parse_failed = true; |
3970 |
+ break; |
3971 |
+ } |
3972 |
+ elems->lnk_id = (void *)(pos - 2); |
3973 |
+ break; |
3974 |
+ case WLAN_EID_CHAN_SWITCH_TIMING: |
3975 |
+- if (elen != sizeof(struct ieee80211_ch_switch_timing)) { |
3976 |
++ if (elen < sizeof(struct ieee80211_ch_switch_timing)) { |
3977 |
+ elem_parse_failed = true; |
3978 |
+ break; |
3979 |
+ } |
3980 |
+@@ -1252,7 +1252,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, |
3981 |
+ elems->sec_chan_offs = (void *)pos; |
3982 |
+ break; |
3983 |
+ case WLAN_EID_CHAN_SWITCH_PARAM: |
3984 |
+- if (elen != |
3985 |
++ if (elen < |
3986 |
+ sizeof(*elems->mesh_chansw_params_ie)) { |
3987 |
+ elem_parse_failed = true; |
3988 |
+ break; |
3989 |
+@@ -1261,7 +1261,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, |
3990 |
+ break; |
3991 |
+ case WLAN_EID_WIDE_BW_CHANNEL_SWITCH: |
3992 |
+ if (!action || |
3993 |
+- elen != sizeof(*elems->wide_bw_chansw_ie)) { |
3994 |
++ elen < sizeof(*elems->wide_bw_chansw_ie)) { |
3995 |
+ elem_parse_failed = true; |
3996 |
+ break; |
3997 |
+ } |
3998 |
+@@ -1280,7 +1280,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, |
3999 |
+ ie = cfg80211_find_ie(WLAN_EID_WIDE_BW_CHANNEL_SWITCH, |
4000 |
+ pos, elen); |
4001 |
+ if (ie) { |
4002 |
+- if (ie[1] == sizeof(*elems->wide_bw_chansw_ie)) |
4003 |
++ if (ie[1] >= sizeof(*elems->wide_bw_chansw_ie)) |
4004 |
+ elems->wide_bw_chansw_ie = |
4005 |
+ (void *)(ie + 2); |
4006 |
+ else |
4007 |
+@@ -1324,7 +1324,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, |
4008 |
+ elems->cisco_dtpc_elem = pos; |
4009 |
+ break; |
4010 |
+ case WLAN_EID_ADDBA_EXT: |
4011 |
+- if (elen != sizeof(struct ieee80211_addba_ext_ie)) { |
4012 |
++ if (elen < sizeof(struct ieee80211_addba_ext_ie)) { |
4013 |
+ elem_parse_failed = true; |
4014 |
+ break; |
4015 |
+ } |
4016 |
+@@ -1350,7 +1350,7 @@ _ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action, |
4017 |
+ elem, elems); |
4018 |
+ break; |
4019 |
+ case WLAN_EID_S1G_CAPABILITIES: |
4020 |
+- if (elen == sizeof(*elems->s1g_capab)) |
4021 |
++ if (elen >= sizeof(*elems->s1g_capab)) |
4022 |
+ elems->s1g_capab = (void *)pos; |
4023 |
+ else |
4024 |
+ elem_parse_failed = true; |
4025 |
+diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
4026 |
+index c52557ec7fb33..68a4dd2512427 100644 |
4027 |
+--- a/net/packet/af_packet.c |
4028 |
++++ b/net/packet/af_packet.c |
4029 |
+@@ -2683,7 +2683,7 @@ static int tpacket_snd(struct packet_sock *po, struct msghdr *msg) |
4030 |
+ } |
4031 |
+ if (likely(saddr == NULL)) { |
4032 |
+ dev = packet_cached_dev_get(po); |
4033 |
+- proto = po->num; |
4034 |
++ proto = READ_ONCE(po->num); |
4035 |
+ } else { |
4036 |
+ err = -EINVAL; |
4037 |
+ if (msg->msg_namelen < sizeof(struct sockaddr_ll)) |
4038 |
+@@ -2896,7 +2896,7 @@ static int packet_snd(struct socket *sock, struct msghdr *msg, size_t len) |
4039 |
+ |
4040 |
+ if (likely(saddr == NULL)) { |
4041 |
+ dev = packet_cached_dev_get(po); |
4042 |
+- proto = po->num; |
4043 |
++ proto = READ_ONCE(po->num); |
4044 |
+ } else { |
4045 |
+ err = -EINVAL; |
4046 |
+ if (msg->msg_namelen < sizeof(struct sockaddr_ll)) |
4047 |
+@@ -3034,10 +3034,13 @@ static int packet_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) |
4048 |
+ struct sock *sk = sock->sk; |
4049 |
+ struct packet_sock *po = pkt_sk(sk); |
4050 |
+ |
4051 |
+- if (po->tx_ring.pg_vec) |
4052 |
++ /* Reading tx_ring.pg_vec without holding pg_vec_lock is racy. |
4053 |
++ * tpacket_snd() will redo the check safely. |
4054 |
++ */ |
4055 |
++ if (data_race(po->tx_ring.pg_vec)) |
4056 |
+ return tpacket_snd(po, msg); |
4057 |
+- else |
4058 |
+- return packet_snd(sock, msg, len); |
4059 |
++ |
4060 |
++ return packet_snd(sock, msg, len); |
4061 |
+ } |
4062 |
+ |
4063 |
+ /* |
4064 |
+@@ -3168,7 +3171,7 @@ static int packet_do_bind(struct sock *sk, const char *name, int ifindex, |
4065 |
+ /* prevents packet_notifier() from calling |
4066 |
+ * register_prot_hook() |
4067 |
+ */ |
4068 |
+- po->num = 0; |
4069 |
++ WRITE_ONCE(po->num, 0); |
4070 |
+ __unregister_prot_hook(sk, true); |
4071 |
+ rcu_read_lock(); |
4072 |
+ dev_curr = po->prot_hook.dev; |
4073 |
+@@ -3178,17 +3181,17 @@ static int packet_do_bind(struct sock *sk, const char *name, int ifindex, |
4074 |
+ } |
4075 |
+ |
4076 |
+ BUG_ON(po->running); |
4077 |
+- po->num = proto; |
4078 |
++ WRITE_ONCE(po->num, proto); |
4079 |
+ po->prot_hook.type = proto; |
4080 |
+ |
4081 |
+ if (unlikely(unlisted)) { |
4082 |
+ dev_put(dev); |
4083 |
+ po->prot_hook.dev = NULL; |
4084 |
+- po->ifindex = -1; |
4085 |
++ WRITE_ONCE(po->ifindex, -1); |
4086 |
+ packet_cached_dev_reset(po); |
4087 |
+ } else { |
4088 |
+ po->prot_hook.dev = dev; |
4089 |
+- po->ifindex = dev ? dev->ifindex : 0; |
4090 |
++ WRITE_ONCE(po->ifindex, dev ? dev->ifindex : 0); |
4091 |
+ packet_cached_dev_assign(po, dev); |
4092 |
+ } |
4093 |
+ } |
4094 |
+@@ -3502,7 +3505,7 @@ static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr, |
4095 |
+ uaddr->sa_family = AF_PACKET; |
4096 |
+ memset(uaddr->sa_data, 0, sizeof(uaddr->sa_data)); |
4097 |
+ rcu_read_lock(); |
4098 |
+- dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex); |
4099 |
++ dev = dev_get_by_index_rcu(sock_net(sk), READ_ONCE(pkt_sk(sk)->ifindex)); |
4100 |
+ if (dev) |
4101 |
+ strlcpy(uaddr->sa_data, dev->name, sizeof(uaddr->sa_data)); |
4102 |
+ rcu_read_unlock(); |
4103 |
+@@ -3517,16 +3520,18 @@ static int packet_getname(struct socket *sock, struct sockaddr *uaddr, |
4104 |
+ struct sock *sk = sock->sk; |
4105 |
+ struct packet_sock *po = pkt_sk(sk); |
4106 |
+ DECLARE_SOCKADDR(struct sockaddr_ll *, sll, uaddr); |
4107 |
++ int ifindex; |
4108 |
+ |
4109 |
+ if (peer) |
4110 |
+ return -EOPNOTSUPP; |
4111 |
+ |
4112 |
++ ifindex = READ_ONCE(po->ifindex); |
4113 |
+ sll->sll_family = AF_PACKET; |
4114 |
+- sll->sll_ifindex = po->ifindex; |
4115 |
+- sll->sll_protocol = po->num; |
4116 |
++ sll->sll_ifindex = ifindex; |
4117 |
++ sll->sll_protocol = READ_ONCE(po->num); |
4118 |
+ sll->sll_pkttype = 0; |
4119 |
+ rcu_read_lock(); |
4120 |
+- dev = dev_get_by_index_rcu(sock_net(sk), po->ifindex); |
4121 |
++ dev = dev_get_by_index_rcu(sock_net(sk), ifindex); |
4122 |
+ if (dev) { |
4123 |
+ sll->sll_hatype = dev->type; |
4124 |
+ sll->sll_halen = dev->addr_len; |
4125 |
+@@ -4105,7 +4110,7 @@ static int packet_notifier(struct notifier_block *this, |
4126 |
+ } |
4127 |
+ if (msg == NETDEV_UNREGISTER) { |
4128 |
+ packet_cached_dev_reset(po); |
4129 |
+- po->ifindex = -1; |
4130 |
++ WRITE_ONCE(po->ifindex, -1); |
4131 |
+ if (po->prot_hook.dev) |
4132 |
+ dev_put(po->prot_hook.dev); |
4133 |
+ po->prot_hook.dev = NULL; |
4134 |
+@@ -4411,7 +4416,7 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, |
4135 |
+ was_running = po->running; |
4136 |
+ num = po->num; |
4137 |
+ if (was_running) { |
4138 |
+- po->num = 0; |
4139 |
++ WRITE_ONCE(po->num, 0); |
4140 |
+ __unregister_prot_hook(sk, false); |
4141 |
+ } |
4142 |
+ spin_unlock(&po->bind_lock); |
4143 |
+@@ -4446,7 +4451,7 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, |
4144 |
+ |
4145 |
+ spin_lock(&po->bind_lock); |
4146 |
+ if (was_running) { |
4147 |
+- po->num = num; |
4148 |
++ WRITE_ONCE(po->num, num); |
4149 |
+ register_prot_hook(sk); |
4150 |
+ } |
4151 |
+ spin_unlock(&po->bind_lock); |
4152 |
+@@ -4616,8 +4621,8 @@ static int packet_seq_show(struct seq_file *seq, void *v) |
4153 |
+ s, |
4154 |
+ refcount_read(&s->sk_refcnt), |
4155 |
+ s->sk_type, |
4156 |
+- ntohs(po->num), |
4157 |
+- po->ifindex, |
4158 |
++ ntohs(READ_ONCE(po->num)), |
4159 |
++ READ_ONCE(po->ifindex), |
4160 |
+ po->running, |
4161 |
+ atomic_read(&s->sk_rmem_alloc), |
4162 |
+ from_kuid_munged(seq_user_ns(seq), sock_i_uid(s)), |
4163 |
+diff --git a/net/wireless/util.c b/net/wireless/util.c |
4164 |
+index f342b61476754..726e7d2342bd5 100644 |
4165 |
+--- a/net/wireless/util.c |
4166 |
++++ b/net/wireless/util.c |
4167 |
+@@ -1059,6 +1059,9 @@ int cfg80211_change_iface(struct cfg80211_registered_device *rdev, |
4168 |
+ case NL80211_IFTYPE_MESH_POINT: |
4169 |
+ /* mesh should be handled? */ |
4170 |
+ break; |
4171 |
++ case NL80211_IFTYPE_OCB: |
4172 |
++ cfg80211_leave_ocb(rdev, dev); |
4173 |
++ break; |
4174 |
+ default: |
4175 |
+ break; |
4176 |
+ } |
4177 |
+diff --git a/scripts/Makefile b/scripts/Makefile |
4178 |
+index c36106bce80ee..9adb6d247818f 100644 |
4179 |
+--- a/scripts/Makefile |
4180 |
++++ b/scripts/Makefile |
4181 |
+@@ -14,6 +14,7 @@ hostprogs-always-$(CONFIG_ASN1) += asn1_compiler |
4182 |
+ hostprogs-always-$(CONFIG_MODULE_SIG_FORMAT) += sign-file |
4183 |
+ hostprogs-always-$(CONFIG_SYSTEM_TRUSTED_KEYRING) += extract-cert |
4184 |
+ hostprogs-always-$(CONFIG_SYSTEM_EXTRA_CERTIFICATE) += insert-sys-cert |
4185 |
++hostprogs-always-$(CONFIG_SYSTEM_REVOCATION_LIST) += extract-cert |
4186 |
+ |
4187 |
+ HOSTCFLAGS_sorttable.o = -I$(srctree)/tools/include |
4188 |
+ HOSTCFLAGS_asn1_compiler.o = -I$(srctree)/include |
4189 |
+diff --git a/scripts/recordmcount.h b/scripts/recordmcount.h |
4190 |
+index f9b19524da112..1e9baa5c4fc6e 100644 |
4191 |
+--- a/scripts/recordmcount.h |
4192 |
++++ b/scripts/recordmcount.h |
4193 |
+@@ -192,15 +192,20 @@ static unsigned int get_symindex(Elf_Sym const *sym, Elf32_Word const *symtab, |
4194 |
+ Elf32_Word const *symtab_shndx) |
4195 |
+ { |
4196 |
+ unsigned long offset; |
4197 |
++ unsigned short shndx = w2(sym->st_shndx); |
4198 |
+ int index; |
4199 |
+ |
4200 |
+- if (sym->st_shndx != SHN_XINDEX) |
4201 |
+- return w2(sym->st_shndx); |
4202 |
++ if (shndx > SHN_UNDEF && shndx < SHN_LORESERVE) |
4203 |
++ return shndx; |
4204 |
+ |
4205 |
+- offset = (unsigned long)sym - (unsigned long)symtab; |
4206 |
+- index = offset / sizeof(*sym); |
4207 |
++ if (shndx == SHN_XINDEX) { |
4208 |
++ offset = (unsigned long)sym - (unsigned long)symtab; |
4209 |
++ index = offset / sizeof(*sym); |
4210 |
+ |
4211 |
+- return w(symtab_shndx[index]); |
4212 |
++ return w(symtab_shndx[index]); |
4213 |
++ } |
4214 |
++ |
4215 |
++ return 0; |
4216 |
+ } |
4217 |
+ |
4218 |
+ static unsigned int get_shnum(Elf_Ehdr const *ehdr, Elf_Shdr const *shdr0) |
4219 |
+diff --git a/security/integrity/platform_certs/keyring_handler.c b/security/integrity/platform_certs/keyring_handler.c |
4220 |
+index c5ba695c10e3a..5604bd57c9907 100644 |
4221 |
+--- a/security/integrity/platform_certs/keyring_handler.c |
4222 |
++++ b/security/integrity/platform_certs/keyring_handler.c |
4223 |
+@@ -55,6 +55,15 @@ static __init void uefi_blacklist_binary(const char *source, |
4224 |
+ uefi_blacklist_hash(source, data, len, "bin:", 4); |
4225 |
+ } |
4226 |
+ |
4227 |
++/* |
4228 |
++ * Add an X509 cert to the revocation list. |
4229 |
++ */ |
4230 |
++static __init void uefi_revocation_list_x509(const char *source, |
4231 |
++ const void *data, size_t len) |
4232 |
++{ |
4233 |
++ add_key_to_revocation_list(data, len); |
4234 |
++} |
4235 |
++ |
4236 |
+ /* |
4237 |
+ * Return the appropriate handler for particular signature list types found in |
4238 |
+ * the UEFI db and MokListRT tables. |
4239 |
+@@ -76,5 +85,7 @@ __init efi_element_handler_t get_handler_for_dbx(const efi_guid_t *sig_type) |
4240 |
+ return uefi_blacklist_x509_tbs; |
4241 |
+ if (efi_guidcmp(*sig_type, efi_cert_sha256_guid) == 0) |
4242 |
+ return uefi_blacklist_binary; |
4243 |
++ if (efi_guidcmp(*sig_type, efi_cert_x509_guid) == 0) |
4244 |
++ return uefi_revocation_list_x509; |
4245 |
+ return 0; |
4246 |
+ } |
4247 |
+diff --git a/security/integrity/platform_certs/load_uefi.c b/security/integrity/platform_certs/load_uefi.c |
4248 |
+index ee4b4c666854f..f290f78c3f301 100644 |
4249 |
+--- a/security/integrity/platform_certs/load_uefi.c |
4250 |
++++ b/security/integrity/platform_certs/load_uefi.c |
4251 |
+@@ -132,8 +132,9 @@ static int __init load_moklist_certs(void) |
4252 |
+ static int __init load_uefi_certs(void) |
4253 |
+ { |
4254 |
+ efi_guid_t secure_var = EFI_IMAGE_SECURITY_DATABASE_GUID; |
4255 |
+- void *db = NULL, *dbx = NULL; |
4256 |
+- unsigned long dbsize = 0, dbxsize = 0; |
4257 |
++ efi_guid_t mok_var = EFI_SHIM_LOCK_GUID; |
4258 |
++ void *db = NULL, *dbx = NULL, *mokx = NULL; |
4259 |
++ unsigned long dbsize = 0, dbxsize = 0, mokxsize = 0; |
4260 |
+ efi_status_t status; |
4261 |
+ int rc = 0; |
4262 |
+ |
4263 |
+@@ -175,6 +176,21 @@ static int __init load_uefi_certs(void) |
4264 |
+ kfree(dbx); |
4265 |
+ } |
4266 |
+ |
4267 |
++ mokx = get_cert_list(L"MokListXRT", &mok_var, &mokxsize, &status); |
4268 |
++ if (!mokx) { |
4269 |
++ if (status == EFI_NOT_FOUND) |
4270 |
++ pr_debug("mokx variable wasn't found\n"); |
4271 |
++ else |
4272 |
++ pr_info("Couldn't get mokx list\n"); |
4273 |
++ } else { |
4274 |
++ rc = parse_efi_signature_list("UEFI:MokListXRT", |
4275 |
++ mokx, mokxsize, |
4276 |
++ get_handler_for_dbx); |
4277 |
++ if (rc) |
4278 |
++ pr_err("Couldn't parse mokx signatures %d\n", rc); |
4279 |
++ kfree(mokx); |
4280 |
++ } |
4281 |
++ |
4282 |
+ /* Load the MokListRT certs */ |
4283 |
+ rc = load_moklist_certs(); |
4284 |
+ |
4285 |
+diff --git a/tools/testing/selftests/bpf/test_verifier.c b/tools/testing/selftests/bpf/test_verifier.c |
4286 |
+index 58b5a349d3baf..ea3158b0d551d 100644 |
4287 |
+--- a/tools/testing/selftests/bpf/test_verifier.c |
4288 |
++++ b/tools/testing/selftests/bpf/test_verifier.c |
4289 |
+@@ -1147,7 +1147,7 @@ static void do_test_single(struct bpf_test *test, bool unpriv, |
4290 |
+ } |
4291 |
+ } |
4292 |
+ |
4293 |
+- if (test->insn_processed) { |
4294 |
++ if (!unpriv && test->insn_processed) { |
4295 |
+ uint32_t insn_processed; |
4296 |
+ char *proc; |
4297 |
+ |
4298 |
+diff --git a/tools/testing/selftests/bpf/verifier/and.c b/tools/testing/selftests/bpf/verifier/and.c |
4299 |
+index ca8fdb1b3f015..7d7ebee5cc7a8 100644 |
4300 |
+--- a/tools/testing/selftests/bpf/verifier/and.c |
4301 |
++++ b/tools/testing/selftests/bpf/verifier/and.c |
4302 |
+@@ -61,6 +61,8 @@ |
4303 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
4304 |
+ BPF_EXIT_INSN(), |
4305 |
+ }, |
4306 |
++ .errstr_unpriv = "R1 !read_ok", |
4307 |
++ .result_unpriv = REJECT, |
4308 |
+ .result = ACCEPT, |
4309 |
+ .retval = 0 |
4310 |
+ }, |
4311 |
+diff --git a/tools/testing/selftests/bpf/verifier/bounds.c b/tools/testing/selftests/bpf/verifier/bounds.c |
4312 |
+index 8a1caf46ffbc3..e061e8799ce23 100644 |
4313 |
+--- a/tools/testing/selftests/bpf/verifier/bounds.c |
4314 |
++++ b/tools/testing/selftests/bpf/verifier/bounds.c |
4315 |
+@@ -508,6 +508,8 @@ |
4316 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, -1), |
4317 |
+ BPF_EXIT_INSN(), |
4318 |
+ }, |
4319 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4320 |
++ .result_unpriv = REJECT, |
4321 |
+ .result = ACCEPT |
4322 |
+ }, |
4323 |
+ { |
4324 |
+@@ -528,6 +530,8 @@ |
4325 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, -1), |
4326 |
+ BPF_EXIT_INSN(), |
4327 |
+ }, |
4328 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4329 |
++ .result_unpriv = REJECT, |
4330 |
+ .result = ACCEPT |
4331 |
+ }, |
4332 |
+ { |
4333 |
+@@ -569,6 +573,8 @@ |
4334 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
4335 |
+ BPF_EXIT_INSN(), |
4336 |
+ }, |
4337 |
++ .errstr_unpriv = "R0 min value is outside of the allowed memory range", |
4338 |
++ .result_unpriv = REJECT, |
4339 |
+ .fixup_map_hash_8b = { 3 }, |
4340 |
+ .result = ACCEPT, |
4341 |
+ }, |
4342 |
+@@ -589,6 +595,8 @@ |
4343 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
4344 |
+ BPF_EXIT_INSN(), |
4345 |
+ }, |
4346 |
++ .errstr_unpriv = "R0 min value is outside of the allowed memory range", |
4347 |
++ .result_unpriv = REJECT, |
4348 |
+ .fixup_map_hash_8b = { 3 }, |
4349 |
+ .result = ACCEPT, |
4350 |
+ }, |
4351 |
+@@ -609,6 +617,8 @@ |
4352 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
4353 |
+ BPF_EXIT_INSN(), |
4354 |
+ }, |
4355 |
++ .errstr_unpriv = "R0 min value is outside of the allowed memory range", |
4356 |
++ .result_unpriv = REJECT, |
4357 |
+ .fixup_map_hash_8b = { 3 }, |
4358 |
+ .result = ACCEPT, |
4359 |
+ }, |
4360 |
+@@ -674,6 +684,8 @@ |
4361 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
4362 |
+ BPF_EXIT_INSN(), |
4363 |
+ }, |
4364 |
++ .errstr_unpriv = "R0 min value is outside of the allowed memory range", |
4365 |
++ .result_unpriv = REJECT, |
4366 |
+ .fixup_map_hash_8b = { 3 }, |
4367 |
+ .result = ACCEPT, |
4368 |
+ }, |
4369 |
+@@ -695,6 +707,8 @@ |
4370 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
4371 |
+ BPF_EXIT_INSN(), |
4372 |
+ }, |
4373 |
++ .errstr_unpriv = "R0 min value is outside of the allowed memory range", |
4374 |
++ .result_unpriv = REJECT, |
4375 |
+ .fixup_map_hash_8b = { 3 }, |
4376 |
+ .result = ACCEPT, |
4377 |
+ }, |
4378 |
+diff --git a/tools/testing/selftests/bpf/verifier/dead_code.c b/tools/testing/selftests/bpf/verifier/dead_code.c |
4379 |
+index 5cf361d8eb1cc..721ec9391be5a 100644 |
4380 |
+--- a/tools/testing/selftests/bpf/verifier/dead_code.c |
4381 |
++++ b/tools/testing/selftests/bpf/verifier/dead_code.c |
4382 |
+@@ -8,6 +8,8 @@ |
4383 |
+ BPF_JMP_IMM(BPF_JGE, BPF_REG_0, 10, -4), |
4384 |
+ BPF_EXIT_INSN(), |
4385 |
+ }, |
4386 |
++ .errstr_unpriv = "R9 !read_ok", |
4387 |
++ .result_unpriv = REJECT, |
4388 |
+ .result = ACCEPT, |
4389 |
+ .retval = 7, |
4390 |
+ }, |
4391 |
+diff --git a/tools/testing/selftests/bpf/verifier/jmp32.c b/tools/testing/selftests/bpf/verifier/jmp32.c |
4392 |
+index bd5cae4a7f733..1c857b2fbdf0a 100644 |
4393 |
+--- a/tools/testing/selftests/bpf/verifier/jmp32.c |
4394 |
++++ b/tools/testing/selftests/bpf/verifier/jmp32.c |
4395 |
+@@ -87,6 +87,8 @@ |
4396 |
+ BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), |
4397 |
+ BPF_EXIT_INSN(), |
4398 |
+ }, |
4399 |
++ .errstr_unpriv = "R9 !read_ok", |
4400 |
++ .result_unpriv = REJECT, |
4401 |
+ .result = ACCEPT, |
4402 |
+ }, |
4403 |
+ { |
4404 |
+@@ -150,6 +152,8 @@ |
4405 |
+ BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), |
4406 |
+ BPF_EXIT_INSN(), |
4407 |
+ }, |
4408 |
++ .errstr_unpriv = "R9 !read_ok", |
4409 |
++ .result_unpriv = REJECT, |
4410 |
+ .result = ACCEPT, |
4411 |
+ }, |
4412 |
+ { |
4413 |
+@@ -213,6 +217,8 @@ |
4414 |
+ BPF_LDX_MEM(BPF_B, BPF_REG_8, BPF_REG_9, 0), |
4415 |
+ BPF_EXIT_INSN(), |
4416 |
+ }, |
4417 |
++ .errstr_unpriv = "R9 !read_ok", |
4418 |
++ .result_unpriv = REJECT, |
4419 |
+ .result = ACCEPT, |
4420 |
+ }, |
4421 |
+ { |
4422 |
+@@ -280,6 +286,8 @@ |
4423 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
4424 |
+ BPF_EXIT_INSN(), |
4425 |
+ }, |
4426 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4427 |
++ .result_unpriv = REJECT, |
4428 |
+ .result = ACCEPT, |
4429 |
+ .retval = 2, |
4430 |
+ }, |
4431 |
+@@ -348,6 +356,8 @@ |
4432 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
4433 |
+ BPF_EXIT_INSN(), |
4434 |
+ }, |
4435 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4436 |
++ .result_unpriv = REJECT, |
4437 |
+ .result = ACCEPT, |
4438 |
+ .retval = 2, |
4439 |
+ }, |
4440 |
+@@ -416,6 +426,8 @@ |
4441 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
4442 |
+ BPF_EXIT_INSN(), |
4443 |
+ }, |
4444 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4445 |
++ .result_unpriv = REJECT, |
4446 |
+ .result = ACCEPT, |
4447 |
+ .retval = 2, |
4448 |
+ }, |
4449 |
+@@ -484,6 +496,8 @@ |
4450 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
4451 |
+ BPF_EXIT_INSN(), |
4452 |
+ }, |
4453 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4454 |
++ .result_unpriv = REJECT, |
4455 |
+ .result = ACCEPT, |
4456 |
+ .retval = 2, |
4457 |
+ }, |
4458 |
+@@ -552,6 +566,8 @@ |
4459 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
4460 |
+ BPF_EXIT_INSN(), |
4461 |
+ }, |
4462 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4463 |
++ .result_unpriv = REJECT, |
4464 |
+ .result = ACCEPT, |
4465 |
+ .retval = 2, |
4466 |
+ }, |
4467 |
+@@ -620,6 +636,8 @@ |
4468 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
4469 |
+ BPF_EXIT_INSN(), |
4470 |
+ }, |
4471 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4472 |
++ .result_unpriv = REJECT, |
4473 |
+ .result = ACCEPT, |
4474 |
+ .retval = 2, |
4475 |
+ }, |
4476 |
+@@ -688,6 +706,8 @@ |
4477 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
4478 |
+ BPF_EXIT_INSN(), |
4479 |
+ }, |
4480 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4481 |
++ .result_unpriv = REJECT, |
4482 |
+ .result = ACCEPT, |
4483 |
+ .retval = 2, |
4484 |
+ }, |
4485 |
+@@ -756,6 +776,8 @@ |
4486 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_0, 0), |
4487 |
+ BPF_EXIT_INSN(), |
4488 |
+ }, |
4489 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4490 |
++ .result_unpriv = REJECT, |
4491 |
+ .result = ACCEPT, |
4492 |
+ .retval = 2, |
4493 |
+ }, |
4494 |
+diff --git a/tools/testing/selftests/bpf/verifier/jset.c b/tools/testing/selftests/bpf/verifier/jset.c |
4495 |
+index 8dcd4e0383d57..11fc68da735ea 100644 |
4496 |
+--- a/tools/testing/selftests/bpf/verifier/jset.c |
4497 |
++++ b/tools/testing/selftests/bpf/verifier/jset.c |
4498 |
+@@ -82,8 +82,8 @@ |
4499 |
+ BPF_EXIT_INSN(), |
4500 |
+ }, |
4501 |
+ .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, |
4502 |
+- .retval_unpriv = 1, |
4503 |
+- .result_unpriv = ACCEPT, |
4504 |
++ .errstr_unpriv = "R9 !read_ok", |
4505 |
++ .result_unpriv = REJECT, |
4506 |
+ .retval = 1, |
4507 |
+ .result = ACCEPT, |
4508 |
+ }, |
4509 |
+@@ -141,7 +141,8 @@ |
4510 |
+ BPF_EXIT_INSN(), |
4511 |
+ }, |
4512 |
+ .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, |
4513 |
+- .result_unpriv = ACCEPT, |
4514 |
++ .errstr_unpriv = "R9 !read_ok", |
4515 |
++ .result_unpriv = REJECT, |
4516 |
+ .result = ACCEPT, |
4517 |
+ }, |
4518 |
+ { |
4519 |
+@@ -162,6 +163,7 @@ |
4520 |
+ BPF_EXIT_INSN(), |
4521 |
+ }, |
4522 |
+ .prog_type = BPF_PROG_TYPE_SOCKET_FILTER, |
4523 |
+- .result_unpriv = ACCEPT, |
4524 |
++ .errstr_unpriv = "R9 !read_ok", |
4525 |
++ .result_unpriv = REJECT, |
4526 |
+ .result = ACCEPT, |
4527 |
+ }, |
4528 |
+diff --git a/tools/testing/selftests/bpf/verifier/unpriv.c b/tools/testing/selftests/bpf/verifier/unpriv.c |
4529 |
+index bd436df5cc326..111801aea5e35 100644 |
4530 |
+--- a/tools/testing/selftests/bpf/verifier/unpriv.c |
4531 |
++++ b/tools/testing/selftests/bpf/verifier/unpriv.c |
4532 |
+@@ -420,6 +420,8 @@ |
4533 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_7, 0), |
4534 |
+ BPF_EXIT_INSN(), |
4535 |
+ }, |
4536 |
++ .errstr_unpriv = "R7 invalid mem access 'inv'", |
4537 |
++ .result_unpriv = REJECT, |
4538 |
+ .result = ACCEPT, |
4539 |
+ .retval = 0, |
4540 |
+ }, |
4541 |
+diff --git a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
4542 |
+index 7ae2859d495c5..a3e593ddfafc9 100644 |
4543 |
+--- a/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
4544 |
++++ b/tools/testing/selftests/bpf/verifier/value_ptr_arith.c |
4545 |
+@@ -120,7 +120,7 @@ |
4546 |
+ .fixup_map_array_48b = { 1 }, |
4547 |
+ .result = ACCEPT, |
4548 |
+ .result_unpriv = REJECT, |
4549 |
+- .errstr_unpriv = "R2 tried to add from different maps, paths or scalars", |
4550 |
++ .errstr_unpriv = "R2 pointer comparison prohibited", |
4551 |
+ .retval = 0, |
4552 |
+ }, |
4553 |
+ { |
4554 |
+@@ -159,7 +159,8 @@ |
4555 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
4556 |
+ BPF_EXIT_INSN(), |
4557 |
+ // fake-dead code; targeted from branch A to |
4558 |
+- // prevent dead code sanitization |
4559 |
++ // prevent dead code sanitization, rejected |
4560 |
++ // via branch B however |
4561 |
+ BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, 0), |
4562 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
4563 |
+ BPF_EXIT_INSN(), |
4564 |
+@@ -167,7 +168,7 @@ |
4565 |
+ .fixup_map_array_48b = { 1 }, |
4566 |
+ .result = ACCEPT, |
4567 |
+ .result_unpriv = REJECT, |
4568 |
+- .errstr_unpriv = "R2 tried to add from different maps, paths or scalars", |
4569 |
++ .errstr_unpriv = "R0 invalid mem access 'inv'", |
4570 |
+ .retval = 0, |
4571 |
+ }, |
4572 |
+ { |
4573 |
+diff --git a/tools/testing/selftests/kvm/lib/kvm_util.c b/tools/testing/selftests/kvm/lib/kvm_util.c |
4574 |
+index 2f0e4365f61bd..8b90256bca96d 100644 |
4575 |
+--- a/tools/testing/selftests/kvm/lib/kvm_util.c |
4576 |
++++ b/tools/testing/selftests/kvm/lib/kvm_util.c |
4577 |
+@@ -58,7 +58,7 @@ int kvm_check_cap(long cap) |
4578 |
+ exit(KSFT_SKIP); |
4579 |
+ |
4580 |
+ ret = ioctl(kvm_fd, KVM_CHECK_EXTENSION, cap); |
4581 |
+- TEST_ASSERT(ret != -1, "KVM_CHECK_EXTENSION IOCTL failed,\n" |
4582 |
++ TEST_ASSERT(ret >= 0, "KVM_CHECK_EXTENSION IOCTL failed,\n" |
4583 |
+ " rc: %i errno: %i", ret, errno); |
4584 |
+ |
4585 |
+ close(kvm_fd); |
4586 |
+diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c |
4587 |
+index 5cabc6c748db1..4cce5735271ef 100644 |
4588 |
+--- a/virt/kvm/kvm_main.c |
4589 |
++++ b/virt/kvm/kvm_main.c |
4590 |
+@@ -1919,6 +1919,13 @@ static bool vma_is_valid(struct vm_area_struct *vma, bool write_fault) |
4591 |
+ return true; |
4592 |
+ } |
4593 |
+ |
4594 |
++static int kvm_try_get_pfn(kvm_pfn_t pfn) |
4595 |
++{ |
4596 |
++ if (kvm_is_reserved_pfn(pfn)) |
4597 |
++ return 1; |
4598 |
++ return get_page_unless_zero(pfn_to_page(pfn)); |
4599 |
++} |
4600 |
++ |
4601 |
+ static int hva_to_pfn_remapped(struct vm_area_struct *vma, |
4602 |
+ unsigned long addr, bool *async, |
4603 |
+ bool write_fault, bool *writable, |
4604 |
+@@ -1968,13 +1975,21 @@ static int hva_to_pfn_remapped(struct vm_area_struct *vma, |
4605 |
+ * Whoever called remap_pfn_range is also going to call e.g. |
4606 |
+ * unmap_mapping_range before the underlying pages are freed, |
4607 |
+ * causing a call to our MMU notifier. |
4608 |
++ * |
4609 |
++ * Certain IO or PFNMAP mappings can be backed with valid |
4610 |
++ * struct pages, but be allocated without refcounting e.g., |
4611 |
++ * tail pages of non-compound higher order allocations, which |
4612 |
++ * would then underflow the refcount when the caller does the |
4613 |
++ * required put_page. Don't allow those pages here. |
4614 |
+ */ |
4615 |
+- kvm_get_pfn(pfn); |
4616 |
++ if (!kvm_try_get_pfn(pfn)) |
4617 |
++ r = -EFAULT; |
4618 |
+ |
4619 |
+ out: |
4620 |
+ pte_unmap_unlock(ptep, ptl); |
4621 |
+ *p_pfn = pfn; |
4622 |
+- return 0; |
4623 |
++ |
4624 |
++ return r; |
4625 |
+ } |
4626 |
+ |
4627 |
+ /* |