1 |
commit: 95a4b9c4036d7f10bd7b559ddb7326f70b142cc5 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 11 12:33:42 2022 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 11 12:33:42 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=95a4b9c4 |
7 |
|
8 |
Linux patch 5.15.60 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1059_linux-5.15.60.patch | 1475 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 1479 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 71e13cee..a6bf4af4 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -279,6 +279,10 @@ Patch: 1058_linux-5.15.59.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 5.15.59 |
23 |
|
24 |
+Patch: 1059_linux-5.15.60.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 5.15.60 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1059_linux-5.15.60.patch b/1059_linux-5.15.60.patch |
33 |
new file mode 100644 |
34 |
index 00000000..9afdb82b |
35 |
--- /dev/null |
36 |
+++ b/1059_linux-5.15.60.patch |
37 |
@@ -0,0 +1,1475 @@ |
38 |
+diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst |
39 |
+index 6bd97cd50d625..7e061ed449aaa 100644 |
40 |
+--- a/Documentation/admin-guide/hw-vuln/spectre.rst |
41 |
++++ b/Documentation/admin-guide/hw-vuln/spectre.rst |
42 |
+@@ -422,6 +422,14 @@ The possible values in this file are: |
43 |
+ 'RSB filling' Protection of RSB on context switch enabled |
44 |
+ ============= =========================================== |
45 |
+ |
46 |
++ - EIBRS Post-barrier Return Stack Buffer (PBRSB) protection status: |
47 |
++ |
48 |
++ =========================== ======================================================= |
49 |
++ 'PBRSB-eIBRS: SW sequence' CPU is affected and protection of RSB on VMEXIT enabled |
50 |
++ 'PBRSB-eIBRS: Vulnerable' CPU is vulnerable |
51 |
++ 'PBRSB-eIBRS: Not affected' CPU is not affected by PBRSB |
52 |
++ =========================== ======================================================= |
53 |
++ |
54 |
+ Full mitigation might require a microcode update from the CPU |
55 |
+ vendor. When the necessary microcode is not available, the kernel will |
56 |
+ report vulnerability. |
57 |
+diff --git a/Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml b/Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml |
58 |
+index fbdc2083bec4f..20ee96584aba2 100644 |
59 |
+--- a/Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml |
60 |
++++ b/Documentation/devicetree/bindings/net/broadcom-bluetooth.yaml |
61 |
+@@ -23,6 +23,7 @@ properties: |
62 |
+ - brcm,bcm4345c5 |
63 |
+ - brcm,bcm43540-bt |
64 |
+ - brcm,bcm4335a0 |
65 |
++ - brcm,bcm4349-bt |
66 |
+ |
67 |
+ shutdown-gpios: |
68 |
+ maxItems: 1 |
69 |
+diff --git a/Makefile b/Makefile |
70 |
+index 22bca3948306b..4ea646f496c9c 100644 |
71 |
+--- a/Makefile |
72 |
++++ b/Makefile |
73 |
+@@ -1,7 +1,7 @@ |
74 |
+ # SPDX-License-Identifier: GPL-2.0 |
75 |
+ VERSION = 5 |
76 |
+ PATCHLEVEL = 15 |
77 |
+-SUBLEVEL = 59 |
78 |
++SUBLEVEL = 60 |
79 |
+ EXTRAVERSION = |
80 |
+ NAME = Trick or Treat |
81 |
+ |
82 |
+diff --git a/arch/arm64/crypto/poly1305-glue.c b/arch/arm64/crypto/poly1305-glue.c |
83 |
+index 9c3d86e397bf3..1fae18ba11ed1 100644 |
84 |
+--- a/arch/arm64/crypto/poly1305-glue.c |
85 |
++++ b/arch/arm64/crypto/poly1305-glue.c |
86 |
+@@ -52,7 +52,7 @@ static void neon_poly1305_blocks(struct poly1305_desc_ctx *dctx, const u8 *src, |
87 |
+ { |
88 |
+ if (unlikely(!dctx->sset)) { |
89 |
+ if (!dctx->rset) { |
90 |
+- poly1305_init_arch(dctx, src); |
91 |
++ poly1305_init_arm64(&dctx->h, src); |
92 |
+ src += POLY1305_BLOCK_SIZE; |
93 |
+ len -= POLY1305_BLOCK_SIZE; |
94 |
+ dctx->rset = 1; |
95 |
+diff --git a/arch/arm64/include/asm/kernel-pgtable.h b/arch/arm64/include/asm/kernel-pgtable.h |
96 |
+index 96dc0f7da258d..a971d462f531c 100644 |
97 |
+--- a/arch/arm64/include/asm/kernel-pgtable.h |
98 |
++++ b/arch/arm64/include/asm/kernel-pgtable.h |
99 |
+@@ -103,8 +103,8 @@ |
100 |
+ /* |
101 |
+ * Initial memory map attributes. |
102 |
+ */ |
103 |
+-#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED) |
104 |
+-#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S) |
105 |
++#define SWAPPER_PTE_FLAGS (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED | PTE_UXN) |
106 |
++#define SWAPPER_PMD_FLAGS (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S | PMD_SECT_UXN) |
107 |
+ |
108 |
+ #if ARM64_KERNEL_USES_PMD_MAPS |
109 |
+ #define SWAPPER_MM_MMUFLAGS (PMD_ATTRINDX(MT_NORMAL) | SWAPPER_PMD_FLAGS) |
110 |
+diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S |
111 |
+index 17962452e31de..ab6566bf1c332 100644 |
112 |
+--- a/arch/arm64/kernel/head.S |
113 |
++++ b/arch/arm64/kernel/head.S |
114 |
+@@ -285,7 +285,7 @@ SYM_FUNC_START_LOCAL(__create_page_tables) |
115 |
+ subs x1, x1, #64 |
116 |
+ b.ne 1b |
117 |
+ |
118 |
+- mov x7, SWAPPER_MM_MMUFLAGS |
119 |
++ mov_q x7, SWAPPER_MM_MMUFLAGS |
120 |
+ |
121 |
+ /* |
122 |
+ * Create the identity mapping. |
123 |
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
124 |
+index a170cfdae2a7a..fe6981a387957 100644 |
125 |
+--- a/arch/x86/Kconfig |
126 |
++++ b/arch/x86/Kconfig |
127 |
+@@ -2427,7 +2427,7 @@ config RETPOLINE |
128 |
+ config RETHUNK |
129 |
+ bool "Enable return-thunks" |
130 |
+ depends on RETPOLINE && CC_HAS_RETURN_THUNK |
131 |
+- default y |
132 |
++ default y if X86_64 |
133 |
+ help |
134 |
+ Compile the kernel with the return-thunks compiler option to guard |
135 |
+ against kernel-to-user data leaks by avoiding return speculation. |
136 |
+@@ -2436,21 +2436,21 @@ config RETHUNK |
137 |
+ |
138 |
+ config CPU_UNRET_ENTRY |
139 |
+ bool "Enable UNRET on kernel entry" |
140 |
+- depends on CPU_SUP_AMD && RETHUNK |
141 |
++ depends on CPU_SUP_AMD && RETHUNK && X86_64 |
142 |
+ default y |
143 |
+ help |
144 |
+ Compile the kernel with support for the retbleed=unret mitigation. |
145 |
+ |
146 |
+ config CPU_IBPB_ENTRY |
147 |
+ bool "Enable IBPB on kernel entry" |
148 |
+- depends on CPU_SUP_AMD |
149 |
++ depends on CPU_SUP_AMD && X86_64 |
150 |
+ default y |
151 |
+ help |
152 |
+ Compile the kernel with support for the retbleed=ibpb mitigation. |
153 |
+ |
154 |
+ config CPU_IBRS_ENTRY |
155 |
+ bool "Enable IBRS on kernel entry" |
156 |
+- depends on CPU_SUP_INTEL |
157 |
++ depends on CPU_SUP_INTEL && X86_64 |
158 |
+ default y |
159 |
+ help |
160 |
+ Compile the kernel with support for the spectre_v2=ibrs mitigation. |
161 |
+diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
162 |
+index d370718e222ba..be744fa100048 100644 |
163 |
+--- a/arch/x86/include/asm/cpufeatures.h |
164 |
++++ b/arch/x86/include/asm/cpufeatures.h |
165 |
+@@ -301,6 +301,7 @@ |
166 |
+ #define X86_FEATURE_RETHUNK (11*32+14) /* "" Use REturn THUNK */ |
167 |
+ #define X86_FEATURE_UNRET (11*32+15) /* "" AMD BTB untrain return */ |
168 |
+ #define X86_FEATURE_USE_IBPB_FW (11*32+16) /* "" Use IBPB during runtime firmware calls */ |
169 |
++#define X86_FEATURE_RSB_VMEXIT_LITE (11*32+17) /* "" Fill RSB on VM exit when EIBRS is enabled */ |
170 |
+ |
171 |
+ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ |
172 |
+ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ |
173 |
+@@ -446,5 +447,6 @@ |
174 |
+ #define X86_BUG_SRBDS X86_BUG(24) /* CPU may leak RNG bits if not mitigated */ |
175 |
+ #define X86_BUG_MMIO_STALE_DATA X86_BUG(25) /* CPU is affected by Processor MMIO Stale Data vulnerabilities */ |
176 |
+ #define X86_BUG_RETBLEED X86_BUG(26) /* CPU is affected by RETBleed */ |
177 |
++#define X86_BUG_EIBRS_PBRSB X86_BUG(27) /* EIBRS is vulnerable to Post Barrier RSB Predictions */ |
178 |
+ |
179 |
+ #endif /* _ASM_X86_CPUFEATURES_H */ |
180 |
+diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h |
181 |
+index 49d814b2a341a..a35f5e23fc2ac 100644 |
182 |
+--- a/arch/x86/include/asm/kvm_host.h |
183 |
++++ b/arch/x86/include/asm/kvm_host.h |
184 |
+@@ -642,6 +642,7 @@ struct kvm_vcpu_arch { |
185 |
+ u64 ia32_misc_enable_msr; |
186 |
+ u64 smbase; |
187 |
+ u64 smi_count; |
188 |
++ bool at_instruction_boundary; |
189 |
+ bool tpr_access_reporting; |
190 |
+ bool xsaves_enabled; |
191 |
+ u64 ia32_xss; |
192 |
+@@ -1271,6 +1272,8 @@ struct kvm_vcpu_stat { |
193 |
+ u64 nested_run; |
194 |
+ u64 directed_yield_attempted; |
195 |
+ u64 directed_yield_successful; |
196 |
++ u64 preemption_reported; |
197 |
++ u64 preemption_other; |
198 |
+ u64 guest_mode; |
199 |
+ }; |
200 |
+ |
201 |
+diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h |
202 |
+index ec2967e7249f5..8f38265bc81dc 100644 |
203 |
+--- a/arch/x86/include/asm/msr-index.h |
204 |
++++ b/arch/x86/include/asm/msr-index.h |
205 |
+@@ -148,6 +148,10 @@ |
206 |
+ * are restricted to targets in |
207 |
+ * kernel. |
208 |
+ */ |
209 |
++#define ARCH_CAP_PBRSB_NO BIT(24) /* |
210 |
++ * Not susceptible to Post-Barrier |
211 |
++ * Return Stack Buffer Predictions. |
212 |
++ */ |
213 |
+ |
214 |
+ #define MSR_IA32_FLUSH_CMD 0x0000010b |
215 |
+ #define L1D_FLUSH BIT(0) /* |
216 |
+diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
217 |
+index 9a79b96e55214..6a59b2d58a3a9 100644 |
218 |
+--- a/arch/x86/include/asm/nospec-branch.h |
219 |
++++ b/arch/x86/include/asm/nospec-branch.h |
220 |
+@@ -60,7 +60,9 @@ |
221 |
+ 774: \ |
222 |
+ add $(BITS_PER_LONG/8) * 2, sp; \ |
223 |
+ dec reg; \ |
224 |
+- jnz 771b; |
225 |
++ jnz 771b; \ |
226 |
++ /* barrier for jnz misprediction */ \ |
227 |
++ lfence; |
228 |
+ |
229 |
+ #ifdef __ASSEMBLY__ |
230 |
+ |
231 |
+@@ -118,13 +120,28 @@ |
232 |
+ #endif |
233 |
+ .endm |
234 |
+ |
235 |
++.macro ISSUE_UNBALANCED_RET_GUARD |
236 |
++ ANNOTATE_INTRA_FUNCTION_CALL |
237 |
++ call .Lunbalanced_ret_guard_\@ |
238 |
++ int3 |
239 |
++.Lunbalanced_ret_guard_\@: |
240 |
++ add $(BITS_PER_LONG/8), %_ASM_SP |
241 |
++ lfence |
242 |
++.endm |
243 |
++ |
244 |
+ /* |
245 |
+ * A simpler FILL_RETURN_BUFFER macro. Don't make people use the CPP |
246 |
+ * monstrosity above, manually. |
247 |
+ */ |
248 |
+-.macro FILL_RETURN_BUFFER reg:req nr:req ftr:req |
249 |
++.macro FILL_RETURN_BUFFER reg:req nr:req ftr:req ftr2 |
250 |
++.ifb \ftr2 |
251 |
+ ALTERNATIVE "jmp .Lskip_rsb_\@", "", \ftr |
252 |
++.else |
253 |
++ ALTERNATIVE_2 "jmp .Lskip_rsb_\@", "", \ftr, "jmp .Lunbalanced_\@", \ftr2 |
254 |
++.endif |
255 |
+ __FILL_RETURN_BUFFER(\reg,\nr,%_ASM_SP) |
256 |
++.Lunbalanced_\@: |
257 |
++ ISSUE_UNBALANCED_RET_GUARD |
258 |
+ .Lskip_rsb_\@: |
259 |
+ .endm |
260 |
+ |
261 |
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
262 |
+index a37814c8547e4..837e617f3b76d 100644 |
263 |
+--- a/arch/x86/kernel/cpu/bugs.c |
264 |
++++ b/arch/x86/kernel/cpu/bugs.c |
265 |
+@@ -1328,6 +1328,53 @@ static void __init spec_ctrl_disable_kernel_rrsba(void) |
266 |
+ } |
267 |
+ } |
268 |
+ |
269 |
++static void __init spectre_v2_determine_rsb_fill_type_at_vmexit(enum spectre_v2_mitigation mode) |
270 |
++{ |
271 |
++ /* |
272 |
++ * Similar to context switches, there are two types of RSB attacks |
273 |
++ * after VM exit: |
274 |
++ * |
275 |
++ * 1) RSB underflow |
276 |
++ * |
277 |
++ * 2) Poisoned RSB entry |
278 |
++ * |
279 |
++ * When retpoline is enabled, both are mitigated by filling/clearing |
280 |
++ * the RSB. |
281 |
++ * |
282 |
++ * When IBRS is enabled, while #1 would be mitigated by the IBRS branch |
283 |
++ * prediction isolation protections, RSB still needs to be cleared |
284 |
++ * because of #2. Note that SMEP provides no protection here, unlike |
285 |
++ * user-space-poisoned RSB entries. |
286 |
++ * |
287 |
++ * eIBRS should protect against RSB poisoning, but if the EIBRS_PBRSB |
288 |
++ * bug is present then a LITE version of RSB protection is required, |
289 |
++ * just a single call needs to retire before a RET is executed. |
290 |
++ */ |
291 |
++ switch (mode) { |
292 |
++ case SPECTRE_V2_NONE: |
293 |
++ return; |
294 |
++ |
295 |
++ case SPECTRE_V2_EIBRS_LFENCE: |
296 |
++ case SPECTRE_V2_EIBRS: |
297 |
++ if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { |
298 |
++ setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT_LITE); |
299 |
++ pr_info("Spectre v2 / PBRSB-eIBRS: Retire a single CALL on VMEXIT\n"); |
300 |
++ } |
301 |
++ return; |
302 |
++ |
303 |
++ case SPECTRE_V2_EIBRS_RETPOLINE: |
304 |
++ case SPECTRE_V2_RETPOLINE: |
305 |
++ case SPECTRE_V2_LFENCE: |
306 |
++ case SPECTRE_V2_IBRS: |
307 |
++ setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT); |
308 |
++ pr_info("Spectre v2 / SpectreRSB : Filling RSB on VMEXIT\n"); |
309 |
++ return; |
310 |
++ } |
311 |
++ |
312 |
++ pr_warn_once("Unknown Spectre v2 mode, disabling RSB mitigation at VM exit"); |
313 |
++ dump_stack(); |
314 |
++} |
315 |
++ |
316 |
+ static void __init spectre_v2_select_mitigation(void) |
317 |
+ { |
318 |
+ enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); |
319 |
+@@ -1478,28 +1525,7 @@ static void __init spectre_v2_select_mitigation(void) |
320 |
+ setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); |
321 |
+ pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); |
322 |
+ |
323 |
+- /* |
324 |
+- * Similar to context switches, there are two types of RSB attacks |
325 |
+- * after vmexit: |
326 |
+- * |
327 |
+- * 1) RSB underflow |
328 |
+- * |
329 |
+- * 2) Poisoned RSB entry |
330 |
+- * |
331 |
+- * When retpoline is enabled, both are mitigated by filling/clearing |
332 |
+- * the RSB. |
333 |
+- * |
334 |
+- * When IBRS is enabled, while #1 would be mitigated by the IBRS branch |
335 |
+- * prediction isolation protections, RSB still needs to be cleared |
336 |
+- * because of #2. Note that SMEP provides no protection here, unlike |
337 |
+- * user-space-poisoned RSB entries. |
338 |
+- * |
339 |
+- * eIBRS, on the other hand, has RSB-poisoning protections, so it |
340 |
+- * doesn't need RSB clearing after vmexit. |
341 |
+- */ |
342 |
+- if (boot_cpu_has(X86_FEATURE_RETPOLINE) || |
343 |
+- boot_cpu_has(X86_FEATURE_KERNEL_IBRS)) |
344 |
+- setup_force_cpu_cap(X86_FEATURE_RSB_VMEXIT); |
345 |
++ spectre_v2_determine_rsb_fill_type_at_vmexit(mode); |
346 |
+ |
347 |
+ /* |
348 |
+ * Retpoline protects the kernel, but doesn't protect firmware. IBRS |
349 |
+@@ -2285,6 +2311,19 @@ static char *ibpb_state(void) |
350 |
+ return ""; |
351 |
+ } |
352 |
+ |
353 |
++static char *pbrsb_eibrs_state(void) |
354 |
++{ |
355 |
++ if (boot_cpu_has_bug(X86_BUG_EIBRS_PBRSB)) { |
356 |
++ if (boot_cpu_has(X86_FEATURE_RSB_VMEXIT_LITE) || |
357 |
++ boot_cpu_has(X86_FEATURE_RSB_VMEXIT)) |
358 |
++ return ", PBRSB-eIBRS: SW sequence"; |
359 |
++ else |
360 |
++ return ", PBRSB-eIBRS: Vulnerable"; |
361 |
++ } else { |
362 |
++ return ", PBRSB-eIBRS: Not affected"; |
363 |
++ } |
364 |
++} |
365 |
++ |
366 |
+ static ssize_t spectre_v2_show_state(char *buf) |
367 |
+ { |
368 |
+ if (spectre_v2_enabled == SPECTRE_V2_LFENCE) |
369 |
+@@ -2297,12 +2336,13 @@ static ssize_t spectre_v2_show_state(char *buf) |
370 |
+ spectre_v2_enabled == SPECTRE_V2_EIBRS_LFENCE) |
371 |
+ return sprintf(buf, "Vulnerable: eIBRS+LFENCE with unprivileged eBPF and SMT\n"); |
372 |
+ |
373 |
+- return sprintf(buf, "%s%s%s%s%s%s\n", |
374 |
++ return sprintf(buf, "%s%s%s%s%s%s%s\n", |
375 |
+ spectre_v2_strings[spectre_v2_enabled], |
376 |
+ ibpb_state(), |
377 |
+ boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", |
378 |
+ stibp_state(), |
379 |
+ boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", |
380 |
++ pbrsb_eibrs_state(), |
381 |
+ spectre_v2_module_string()); |
382 |
+ } |
383 |
+ |
384 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
385 |
+index 80cc41f797830..4a538ec413b8b 100644 |
386 |
+--- a/arch/x86/kernel/cpu/common.c |
387 |
++++ b/arch/x86/kernel/cpu/common.c |
388 |
+@@ -1027,6 +1027,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) |
389 |
+ #define NO_SWAPGS BIT(6) |
390 |
+ #define NO_ITLB_MULTIHIT BIT(7) |
391 |
+ #define NO_SPECTRE_V2 BIT(8) |
392 |
++#define NO_EIBRS_PBRSB BIT(9) |
393 |
+ |
394 |
+ #define VULNWL(vendor, family, model, whitelist) \ |
395 |
+ X86_MATCH_VENDOR_FAM_MODEL(vendor, family, model, whitelist) |
396 |
+@@ -1067,7 +1068,7 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { |
397 |
+ |
398 |
+ VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
399 |
+ VULNWL_INTEL(ATOM_GOLDMONT_D, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
400 |
+- VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT), |
401 |
++ VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS | NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB), |
402 |
+ |
403 |
+ /* |
404 |
+ * Technically, swapgs isn't serializing on AMD (despite it previously |
405 |
+@@ -1077,7 +1078,9 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { |
406 |
+ * good enough for our purposes. |
407 |
+ */ |
408 |
+ |
409 |
+- VULNWL_INTEL(ATOM_TREMONT_D, NO_ITLB_MULTIHIT), |
410 |
++ VULNWL_INTEL(ATOM_TREMONT, NO_EIBRS_PBRSB), |
411 |
++ VULNWL_INTEL(ATOM_TREMONT_L, NO_EIBRS_PBRSB), |
412 |
++ VULNWL_INTEL(ATOM_TREMONT_D, NO_ITLB_MULTIHIT | NO_EIBRS_PBRSB), |
413 |
+ |
414 |
+ /* AMD Family 0xf - 0x12 */ |
415 |
+ VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), |
416 |
+@@ -1255,6 +1258,11 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) |
417 |
+ setup_force_cpu_bug(X86_BUG_RETBLEED); |
418 |
+ } |
419 |
+ |
420 |
++ if (cpu_has(c, X86_FEATURE_IBRS_ENHANCED) && |
421 |
++ !cpu_matches(cpu_vuln_whitelist, NO_EIBRS_PBRSB) && |
422 |
++ !(ia32_cap & ARCH_CAP_PBRSB_NO)) |
423 |
++ setup_force_cpu_bug(X86_BUG_EIBRS_PBRSB); |
424 |
++ |
425 |
+ if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) |
426 |
+ return; |
427 |
+ |
428 |
+diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c |
429 |
+index 4a4dc105552e3..86f3096f042f7 100644 |
430 |
+--- a/arch/x86/kvm/svm/sev.c |
431 |
++++ b/arch/x86/kvm/svm/sev.c |
432 |
+@@ -832,7 +832,7 @@ static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr, |
433 |
+ |
434 |
+ /* If source buffer is not aligned then use an intermediate buffer */ |
435 |
+ if (!IS_ALIGNED((unsigned long)vaddr, 16)) { |
436 |
+- src_tpage = alloc_page(GFP_KERNEL); |
437 |
++ src_tpage = alloc_page(GFP_KERNEL_ACCOUNT); |
438 |
+ if (!src_tpage) |
439 |
+ return -ENOMEM; |
440 |
+ |
441 |
+@@ -853,7 +853,7 @@ static int __sev_dbg_encrypt_user(struct kvm *kvm, unsigned long paddr, |
442 |
+ if (!IS_ALIGNED((unsigned long)dst_vaddr, 16) || !IS_ALIGNED(size, 16)) { |
443 |
+ int dst_offset; |
444 |
+ |
445 |
+- dst_tpage = alloc_page(GFP_KERNEL); |
446 |
++ dst_tpage = alloc_page(GFP_KERNEL_ACCOUNT); |
447 |
+ if (!dst_tpage) { |
448 |
+ ret = -ENOMEM; |
449 |
+ goto e_free; |
450 |
+diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c |
451 |
+index 26f2da1590eda..5b51156712f74 100644 |
452 |
+--- a/arch/x86/kvm/svm/svm.c |
453 |
++++ b/arch/x86/kvm/svm/svm.c |
454 |
+@@ -4263,6 +4263,8 @@ out: |
455 |
+ |
456 |
+ static void svm_handle_exit_irqoff(struct kvm_vcpu *vcpu) |
457 |
+ { |
458 |
++ if (to_svm(vcpu)->vmcb->control.exit_code == SVM_EXIT_INTR) |
459 |
++ vcpu->arch.at_instruction_boundary = true; |
460 |
+ } |
461 |
+ |
462 |
+ static void svm_sched_in(struct kvm_vcpu *vcpu, int cpu) |
463 |
+diff --git a/arch/x86/kvm/vmx/vmenter.S b/arch/x86/kvm/vmx/vmenter.S |
464 |
+index 857fa0fc49faf..982138bebb70f 100644 |
465 |
+--- a/arch/x86/kvm/vmx/vmenter.S |
466 |
++++ b/arch/x86/kvm/vmx/vmenter.S |
467 |
+@@ -197,11 +197,13 @@ SYM_INNER_LABEL(vmx_vmexit, SYM_L_GLOBAL) |
468 |
+ * entries and (in some cases) RSB underflow. |
469 |
+ * |
470 |
+ * eIBRS has its own protection against poisoned RSB, so it doesn't |
471 |
+- * need the RSB filling sequence. But it does need to be enabled |
472 |
+- * before the first unbalanced RET. |
473 |
++ * need the RSB filling sequence. But it does need to be enabled, and a |
474 |
++ * single call to retire, before the first unbalanced RET. |
475 |
+ */ |
476 |
+ |
477 |
+- FILL_RETURN_BUFFER %_ASM_CX, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT |
478 |
++ FILL_RETURN_BUFFER %_ASM_CX, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_VMEXIT,\ |
479 |
++ X86_FEATURE_RSB_VMEXIT_LITE |
480 |
++ |
481 |
+ |
482 |
+ pop %_ASM_ARG2 /* @flags */ |
483 |
+ pop %_ASM_ARG1 /* @vmx */ |
484 |
+diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c |
485 |
+index a236104fc7439..359292767e177 100644 |
486 |
+--- a/arch/x86/kvm/vmx/vmx.c |
487 |
++++ b/arch/x86/kvm/vmx/vmx.c |
488 |
+@@ -6471,6 +6471,7 @@ static void handle_external_interrupt_irqoff(struct kvm_vcpu *vcpu) |
489 |
+ return; |
490 |
+ |
491 |
+ handle_interrupt_nmi_irqoff(vcpu, gate_offset(desc)); |
492 |
++ vcpu->arch.at_instruction_boundary = true; |
493 |
+ } |
494 |
+ |
495 |
+ static void vmx_handle_exit_irqoff(struct kvm_vcpu *vcpu) |
496 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
497 |
+index bd410926fda59..8a6ee5d8adc74 100644 |
498 |
+--- a/arch/x86/kvm/x86.c |
499 |
++++ b/arch/x86/kvm/x86.c |
500 |
+@@ -277,6 +277,8 @@ const struct _kvm_stats_desc kvm_vcpu_stats_desc[] = { |
501 |
+ STATS_DESC_COUNTER(VCPU, nested_run), |
502 |
+ STATS_DESC_COUNTER(VCPU, directed_yield_attempted), |
503 |
+ STATS_DESC_COUNTER(VCPU, directed_yield_successful), |
504 |
++ STATS_DESC_COUNTER(VCPU, preemption_reported), |
505 |
++ STATS_DESC_COUNTER(VCPU, preemption_other), |
506 |
+ STATS_DESC_ICOUNTER(VCPU, guest_mode) |
507 |
+ }; |
508 |
+ |
509 |
+@@ -4371,6 +4373,19 @@ static void kvm_steal_time_set_preempted(struct kvm_vcpu *vcpu) |
510 |
+ struct kvm_memslots *slots; |
511 |
+ static const u8 preempted = KVM_VCPU_PREEMPTED; |
512 |
+ |
513 |
++ /* |
514 |
++ * The vCPU can be marked preempted if and only if the VM-Exit was on |
515 |
++ * an instruction boundary and will not trigger guest emulation of any |
516 |
++ * kind (see vcpu_run). Vendor specific code controls (conservatively) |
517 |
++ * when this is true, for example allowing the vCPU to be marked |
518 |
++ * preempted if and only if the VM-Exit was due to a host interrupt. |
519 |
++ */ |
520 |
++ if (!vcpu->arch.at_instruction_boundary) { |
521 |
++ vcpu->stat.preemption_other++; |
522 |
++ return; |
523 |
++ } |
524 |
++ |
525 |
++ vcpu->stat.preemption_reported++; |
526 |
+ if (!(vcpu->arch.st.msr_val & KVM_MSR_ENABLED)) |
527 |
+ return; |
528 |
+ |
529 |
+@@ -4400,19 +4415,21 @@ void kvm_arch_vcpu_put(struct kvm_vcpu *vcpu) |
530 |
+ { |
531 |
+ int idx; |
532 |
+ |
533 |
+- if (vcpu->preempted && !vcpu->arch.guest_state_protected) |
534 |
+- vcpu->arch.preempted_in_kernel = !static_call(kvm_x86_get_cpl)(vcpu); |
535 |
++ if (vcpu->preempted) { |
536 |
++ if (!vcpu->arch.guest_state_protected) |
537 |
++ vcpu->arch.preempted_in_kernel = !static_call(kvm_x86_get_cpl)(vcpu); |
538 |
+ |
539 |
+- /* |
540 |
+- * Take the srcu lock as memslots will be accessed to check the gfn |
541 |
+- * cache generation against the memslots generation. |
542 |
+- */ |
543 |
+- idx = srcu_read_lock(&vcpu->kvm->srcu); |
544 |
+- if (kvm_xen_msr_enabled(vcpu->kvm)) |
545 |
+- kvm_xen_runstate_set_preempted(vcpu); |
546 |
+- else |
547 |
+- kvm_steal_time_set_preempted(vcpu); |
548 |
+- srcu_read_unlock(&vcpu->kvm->srcu, idx); |
549 |
++ /* |
550 |
++ * Take the srcu lock as memslots will be accessed to check the gfn |
551 |
++ * cache generation against the memslots generation. |
552 |
++ */ |
553 |
++ idx = srcu_read_lock(&vcpu->kvm->srcu); |
554 |
++ if (kvm_xen_msr_enabled(vcpu->kvm)) |
555 |
++ kvm_xen_runstate_set_preempted(vcpu); |
556 |
++ else |
557 |
++ kvm_steal_time_set_preempted(vcpu); |
558 |
++ srcu_read_unlock(&vcpu->kvm->srcu, idx); |
559 |
++ } |
560 |
+ |
561 |
+ static_call(kvm_x86_vcpu_put)(vcpu); |
562 |
+ vcpu->arch.last_host_tsc = rdtsc(); |
563 |
+@@ -9934,6 +9951,13 @@ static int vcpu_run(struct kvm_vcpu *vcpu) |
564 |
+ vcpu->arch.l1tf_flush_l1d = true; |
565 |
+ |
566 |
+ for (;;) { |
567 |
++ /* |
568 |
++ * If another guest vCPU requests a PV TLB flush in the middle |
569 |
++ * of instruction emulation, the rest of the emulation could |
570 |
++ * use a stale page translation. Assume that any code after |
571 |
++ * this point can start executing an instruction. |
572 |
++ */ |
573 |
++ vcpu->arch.at_instruction_boundary = false; |
574 |
+ if (kvm_vcpu_running(vcpu)) { |
575 |
+ r = vcpu_enter_guest(vcpu); |
576 |
+ } else { |
577 |
+diff --git a/arch/x86/kvm/xen.h b/arch/x86/kvm/xen.h |
578 |
+index cc0cf5f37450b..a7693a286e401 100644 |
579 |
+--- a/arch/x86/kvm/xen.h |
580 |
++++ b/arch/x86/kvm/xen.h |
581 |
+@@ -97,8 +97,10 @@ static inline void kvm_xen_runstate_set_preempted(struct kvm_vcpu *vcpu) |
582 |
+ * behalf of the vCPU. Only if the VMM does actually block |
583 |
+ * does it need to enter RUNSTATE_blocked. |
584 |
+ */ |
585 |
+- if (vcpu->preempted) |
586 |
+- kvm_xen_update_runstate_guest(vcpu, RUNSTATE_runnable); |
587 |
++ if (WARN_ON_ONCE(!vcpu->preempted)) |
588 |
++ return; |
589 |
++ |
590 |
++ kvm_xen_update_runstate_guest(vcpu, RUNSTATE_runnable); |
591 |
+ } |
592 |
+ |
593 |
+ /* 32-bit compatibility definitions, also used natively in 32-bit build */ |
594 |
+diff --git a/block/blk-ioc.c b/block/blk-ioc.c |
595 |
+index 57299f860d41e..90c05971f71e0 100644 |
596 |
+--- a/block/blk-ioc.c |
597 |
++++ b/block/blk-ioc.c |
598 |
+@@ -265,6 +265,7 @@ int create_task_io_context(struct task_struct *task, gfp_t gfp_flags, int node) |
599 |
+ INIT_RADIX_TREE(&ioc->icq_tree, GFP_ATOMIC); |
600 |
+ INIT_HLIST_HEAD(&ioc->icq_list); |
601 |
+ INIT_WORK(&ioc->release_work, ioc_release_fn); |
602 |
++ ioc->ioprio = IOPRIO_DEFAULT; |
603 |
+ |
604 |
+ /* |
605 |
+ * Try to install. ioc shouldn't be installed if someone else |
606 |
+diff --git a/block/ioprio.c b/block/ioprio.c |
607 |
+index 6f01d35a5145a..6c830154856fc 100644 |
608 |
+--- a/block/ioprio.c |
609 |
++++ b/block/ioprio.c |
610 |
+@@ -189,9 +189,9 @@ out: |
611 |
+ int ioprio_best(unsigned short aprio, unsigned short bprio) |
612 |
+ { |
613 |
+ if (!ioprio_valid(aprio)) |
614 |
+- aprio = IOPRIO_DEFAULT; |
615 |
++ aprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_BE_NORM); |
616 |
+ if (!ioprio_valid(bprio)) |
617 |
+- bprio = IOPRIO_DEFAULT; |
618 |
++ bprio = IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_BE_NORM); |
619 |
+ |
620 |
+ return min(aprio, bprio); |
621 |
+ } |
622 |
+diff --git a/drivers/acpi/apei/bert.c b/drivers/acpi/apei/bert.c |
623 |
+index 598fd19b65fa4..45973aa6e06d4 100644 |
624 |
+--- a/drivers/acpi/apei/bert.c |
625 |
++++ b/drivers/acpi/apei/bert.c |
626 |
+@@ -29,16 +29,26 @@ |
627 |
+ |
628 |
+ #undef pr_fmt |
629 |
+ #define pr_fmt(fmt) "BERT: " fmt |
630 |
++ |
631 |
++#define ACPI_BERT_PRINT_MAX_RECORDS 5 |
632 |
+ #define ACPI_BERT_PRINT_MAX_LEN 1024 |
633 |
+ |
634 |
+ static int bert_disable; |
635 |
+ |
636 |
++/* |
637 |
++ * Print "all" the error records in the BERT table, but avoid huge spam to |
638 |
++ * the console if the BIOS included oversize records, or too many records. |
639 |
++ * Skipping some records here does not lose anything because the full |
640 |
++ * data is available to user tools in: |
641 |
++ * /sys/firmware/acpi/tables/data/BERT |
642 |
++ */ |
643 |
+ static void __init bert_print_all(struct acpi_bert_region *region, |
644 |
+ unsigned int region_len) |
645 |
+ { |
646 |
+ struct acpi_hest_generic_status *estatus = |
647 |
+ (struct acpi_hest_generic_status *)region; |
648 |
+ int remain = region_len; |
649 |
++ int printed = 0, skipped = 0; |
650 |
+ u32 estatus_len; |
651 |
+ |
652 |
+ while (remain >= sizeof(struct acpi_bert_region)) { |
653 |
+@@ -46,24 +56,26 @@ static void __init bert_print_all(struct acpi_bert_region *region, |
654 |
+ if (remain < estatus_len) { |
655 |
+ pr_err(FW_BUG "Truncated status block (length: %u).\n", |
656 |
+ estatus_len); |
657 |
+- return; |
658 |
++ break; |
659 |
+ } |
660 |
+ |
661 |
+ /* No more error records. */ |
662 |
+ if (!estatus->block_status) |
663 |
+- return; |
664 |
++ break; |
665 |
+ |
666 |
+ if (cper_estatus_check(estatus)) { |
667 |
+ pr_err(FW_BUG "Invalid error record.\n"); |
668 |
+- return; |
669 |
++ break; |
670 |
+ } |
671 |
+ |
672 |
+- pr_info_once("Error records from previous boot:\n"); |
673 |
+- if (region_len < ACPI_BERT_PRINT_MAX_LEN) |
674 |
++ if (estatus_len < ACPI_BERT_PRINT_MAX_LEN && |
675 |
++ printed < ACPI_BERT_PRINT_MAX_RECORDS) { |
676 |
++ pr_info_once("Error records from previous boot:\n"); |
677 |
+ cper_estatus_print(KERN_INFO HW_ERR, estatus); |
678 |
+- else |
679 |
+- pr_info_once("Max print length exceeded, table data is available at:\n" |
680 |
+- "/sys/firmware/acpi/tables/data/BERT"); |
681 |
++ printed++; |
682 |
++ } else { |
683 |
++ skipped++; |
684 |
++ } |
685 |
+ |
686 |
+ /* |
687 |
+ * Because the boot error source is "one-time polled" type, |
688 |
+@@ -75,6 +87,9 @@ static void __init bert_print_all(struct acpi_bert_region *region, |
689 |
+ estatus = (void *)estatus + estatus_len; |
690 |
+ remain -= estatus_len; |
691 |
+ } |
692 |
++ |
693 |
++ if (skipped) |
694 |
++ pr_info(HW_ERR "Skipped %d error records\n", skipped); |
695 |
+ } |
696 |
+ |
697 |
+ static int __init setup_bert_disable(char *str) |
698 |
+diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c |
699 |
+index 7b9793cb55c50..e39d59ad64964 100644 |
700 |
+--- a/drivers/acpi/video_detect.c |
701 |
++++ b/drivers/acpi/video_detect.c |
702 |
+@@ -424,7 +424,6 @@ static const struct dmi_system_id video_detect_dmi_table[] = { |
703 |
+ .callback = video_detect_force_native, |
704 |
+ .ident = "Clevo NL5xRU", |
705 |
+ .matches = { |
706 |
+- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
707 |
+ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
708 |
+ }, |
709 |
+ }, |
710 |
+@@ -432,59 +431,75 @@ static const struct dmi_system_id video_detect_dmi_table[] = { |
711 |
+ .callback = video_detect_force_native, |
712 |
+ .ident = "Clevo NL5xRU", |
713 |
+ .matches = { |
714 |
+- DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), |
715 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
716 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
717 |
++ DMI_MATCH(DMI_BOARD_NAME, "AURA1501"), |
718 |
+ }, |
719 |
+ }, |
720 |
+ { |
721 |
+ .callback = video_detect_force_native, |
722 |
+ .ident = "Clevo NL5xRU", |
723 |
+ .matches = { |
724 |
+- DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), |
725 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), |
726 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
727 |
++ DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"), |
728 |
+ }, |
729 |
+ }, |
730 |
+ { |
731 |
+ .callback = video_detect_force_native, |
732 |
+- .ident = "Clevo NL5xRU", |
733 |
++ .ident = "Clevo NL5xNU", |
734 |
+ .matches = { |
735 |
+- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
736 |
+- DMI_MATCH(DMI_BOARD_NAME, "AURA1501"), |
737 |
++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
738 |
+ }, |
739 |
+ }, |
740 |
++ /* |
741 |
++ * The TongFang PF5PU1G, PF4NU1F, PF5NU1G, and PF5LUXG/TUXEDO BA15 Gen10, |
742 |
++ * Pulse 14/15 Gen1, and Pulse 15 Gen2 have the same problem as the Clevo |
743 |
++ * NL5xRU and NL5xNU/TUXEDO Aura 15 Gen1 and Gen2. See the description |
744 |
++ * above. |
745 |
++ */ |
746 |
+ { |
747 |
+ .callback = video_detect_force_native, |
748 |
+- .ident = "Clevo NL5xRU", |
749 |
++ .ident = "TongFang PF5PU1G", |
750 |
+ .matches = { |
751 |
+- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
752 |
+- DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"), |
753 |
++ DMI_MATCH(DMI_BOARD_NAME, "PF5PU1G"), |
754 |
+ }, |
755 |
+ }, |
756 |
+ { |
757 |
+ .callback = video_detect_force_native, |
758 |
+- .ident = "Clevo NL5xNU", |
759 |
++ .ident = "TongFang PF4NU1F", |
760 |
++ .matches = { |
761 |
++ DMI_MATCH(DMI_BOARD_NAME, "PF4NU1F"), |
762 |
++ }, |
763 |
++ }, |
764 |
++ { |
765 |
++ .callback = video_detect_force_native, |
766 |
++ .ident = "TongFang PF4NU1F", |
767 |
+ .matches = { |
768 |
+ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
769 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
770 |
++ DMI_MATCH(DMI_BOARD_NAME, "PULSE1401"), |
771 |
+ }, |
772 |
+ }, |
773 |
+ { |
774 |
+ .callback = video_detect_force_native, |
775 |
+- .ident = "Clevo NL5xNU", |
776 |
++ .ident = "TongFang PF5NU1G", |
777 |
+ .matches = { |
778 |
+- DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), |
779 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
780 |
++ DMI_MATCH(DMI_BOARD_NAME, "PF5NU1G"), |
781 |
+ }, |
782 |
+ }, |
783 |
+ { |
784 |
+ .callback = video_detect_force_native, |
785 |
+- .ident = "Clevo NL5xNU", |
786 |
++ .ident = "TongFang PF5NU1G", |
787 |
+ .matches = { |
788 |
+- DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), |
789 |
+- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), |
790 |
++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), |
791 |
++ DMI_MATCH(DMI_BOARD_NAME, "PULSE1501"), |
792 |
++ }, |
793 |
++ }, |
794 |
++ { |
795 |
++ .callback = video_detect_force_native, |
796 |
++ .ident = "TongFang PF5LUXG", |
797 |
++ .matches = { |
798 |
++ DMI_MATCH(DMI_BOARD_NAME, "PF5LUXG"), |
799 |
+ }, |
800 |
+ }, |
801 |
+- |
802 |
+ /* |
803 |
+ * Desktops which falsely report a backlight and which our heuristics |
804 |
+ * for this do not catch. |
805 |
+diff --git a/drivers/bluetooth/btbcm.c b/drivers/bluetooth/btbcm.c |
806 |
+index d9ceca7a7935c..a18f289d73466 100644 |
807 |
+--- a/drivers/bluetooth/btbcm.c |
808 |
++++ b/drivers/bluetooth/btbcm.c |
809 |
+@@ -453,6 +453,8 @@ static const struct bcm_subver_table bcm_uart_subver_table[] = { |
810 |
+ { 0x6606, "BCM4345C5" }, /* 003.006.006 */ |
811 |
+ { 0x230f, "BCM4356A2" }, /* 001.003.015 */ |
812 |
+ { 0x220e, "BCM20702A1" }, /* 001.002.014 */ |
813 |
++ { 0x420d, "BCM4349B1" }, /* 002.002.013 */ |
814 |
++ { 0x420e, "BCM4349B1" }, /* 002.002.014 */ |
815 |
+ { 0x4217, "BCM4329B1" }, /* 002.002.023 */ |
816 |
+ { 0x6106, "BCM4359C0" }, /* 003.001.006 */ |
817 |
+ { 0x4106, "BCM4335A0" }, /* 002.001.006 */ |
818 |
+diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c |
819 |
+index a68edbc7be0ff..627436329b502 100644 |
820 |
+--- a/drivers/bluetooth/btusb.c |
821 |
++++ b/drivers/bluetooth/btusb.c |
822 |
+@@ -420,6 +420,18 @@ static const struct usb_device_id blacklist_table[] = { |
823 |
+ { USB_DEVICE(0x04ca, 0x4006), .driver_info = BTUSB_REALTEK | |
824 |
+ BTUSB_WIDEBAND_SPEECH }, |
825 |
+ |
826 |
++ /* Realtek 8852CE Bluetooth devices */ |
827 |
++ { USB_DEVICE(0x04ca, 0x4007), .driver_info = BTUSB_REALTEK | |
828 |
++ BTUSB_WIDEBAND_SPEECH }, |
829 |
++ { USB_DEVICE(0x04c5, 0x1675), .driver_info = BTUSB_REALTEK | |
830 |
++ BTUSB_WIDEBAND_SPEECH }, |
831 |
++ { USB_DEVICE(0x0cb8, 0xc558), .driver_info = BTUSB_REALTEK | |
832 |
++ BTUSB_WIDEBAND_SPEECH }, |
833 |
++ { USB_DEVICE(0x13d3, 0x3587), .driver_info = BTUSB_REALTEK | |
834 |
++ BTUSB_WIDEBAND_SPEECH }, |
835 |
++ { USB_DEVICE(0x13d3, 0x3586), .driver_info = BTUSB_REALTEK | |
836 |
++ BTUSB_WIDEBAND_SPEECH }, |
837 |
++ |
838 |
+ /* Realtek Bluetooth devices */ |
839 |
+ { USB_VENDOR_AND_INTERFACE_INFO(0x0bda, 0xe0, 0x01, 0x01), |
840 |
+ .driver_info = BTUSB_REALTEK }, |
841 |
+@@ -459,6 +471,9 @@ static const struct usb_device_id blacklist_table[] = { |
842 |
+ { USB_DEVICE(0x0489, 0xe0d9), .driver_info = BTUSB_MEDIATEK | |
843 |
+ BTUSB_WIDEBAND_SPEECH | |
844 |
+ BTUSB_VALID_LE_STATES }, |
845 |
++ { USB_DEVICE(0x13d3, 0x3568), .driver_info = BTUSB_MEDIATEK | |
846 |
++ BTUSB_WIDEBAND_SPEECH | |
847 |
++ BTUSB_VALID_LE_STATES }, |
848 |
+ |
849 |
+ /* Additional Realtek 8723AE Bluetooth devices */ |
850 |
+ { USB_DEVICE(0x0930, 0x021d), .driver_info = BTUSB_REALTEK }, |
851 |
+diff --git a/drivers/bluetooth/hci_bcm.c b/drivers/bluetooth/hci_bcm.c |
852 |
+index 7abf99f0ee399..cf622e4596055 100644 |
853 |
+--- a/drivers/bluetooth/hci_bcm.c |
854 |
++++ b/drivers/bluetooth/hci_bcm.c |
855 |
+@@ -1515,8 +1515,10 @@ static const struct of_device_id bcm_bluetooth_of_match[] = { |
856 |
+ { .compatible = "brcm,bcm4345c5" }, |
857 |
+ { .compatible = "brcm,bcm4330-bt" }, |
858 |
+ { .compatible = "brcm,bcm43438-bt", .data = &bcm43438_device_data }, |
859 |
++ { .compatible = "brcm,bcm4349-bt", .data = &bcm43438_device_data }, |
860 |
+ { .compatible = "brcm,bcm43540-bt", .data = &bcm4354_device_data }, |
861 |
+ { .compatible = "brcm,bcm4335a0" }, |
862 |
++ { .compatible = "infineon,cyw55572-bt" }, |
863 |
+ { }, |
864 |
+ }; |
865 |
+ MODULE_DEVICE_TABLE(of, bcm_bluetooth_of_match); |
866 |
+diff --git a/drivers/macintosh/adb.c b/drivers/macintosh/adb.c |
867 |
+index 73b3961890397..afb0942ccc293 100644 |
868 |
+--- a/drivers/macintosh/adb.c |
869 |
++++ b/drivers/macintosh/adb.c |
870 |
+@@ -647,7 +647,7 @@ do_adb_query(struct adb_request *req) |
871 |
+ |
872 |
+ switch(req->data[1]) { |
873 |
+ case ADB_QUERY_GETDEVINFO: |
874 |
+- if (req->nbytes < 3) |
875 |
++ if (req->nbytes < 3 || req->data[2] >= 16) |
876 |
+ break; |
877 |
+ mutex_lock(&adb_handler_mutex); |
878 |
+ req->reply[0] = adb_handler[req->data[2]].original_address; |
879 |
+diff --git a/fs/btrfs/block-group.h b/fs/btrfs/block-group.h |
880 |
+index 37e55ebde735b..d73db0dfacb26 100644 |
881 |
+--- a/fs/btrfs/block-group.h |
882 |
++++ b/fs/btrfs/block-group.h |
883 |
+@@ -98,6 +98,7 @@ struct btrfs_block_group { |
884 |
+ unsigned int to_copy:1; |
885 |
+ unsigned int relocating_repair:1; |
886 |
+ unsigned int chunk_item_inserted:1; |
887 |
++ unsigned int zoned_data_reloc_ongoing:1; |
888 |
+ |
889 |
+ int disk_cache_state; |
890 |
+ |
891 |
+diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c |
892 |
+index e3514f9a4e8dd..248ea15c97346 100644 |
893 |
+--- a/fs/btrfs/extent-tree.c |
894 |
++++ b/fs/btrfs/extent-tree.c |
895 |
+@@ -3804,7 +3804,7 @@ static int do_allocation_zoned(struct btrfs_block_group *block_group, |
896 |
+ block_group->start == fs_info->data_reloc_bg || |
897 |
+ fs_info->data_reloc_bg == 0); |
898 |
+ |
899 |
+- if (block_group->ro) { |
900 |
++ if (block_group->ro || block_group->zoned_data_reloc_ongoing) { |
901 |
+ ret = 1; |
902 |
+ goto out; |
903 |
+ } |
904 |
+@@ -3865,8 +3865,24 @@ static int do_allocation_zoned(struct btrfs_block_group *block_group, |
905 |
+ out: |
906 |
+ if (ret && ffe_ctl->for_treelog) |
907 |
+ fs_info->treelog_bg = 0; |
908 |
+- if (ret && ffe_ctl->for_data_reloc) |
909 |
++ if (ret && ffe_ctl->for_data_reloc && |
910 |
++ fs_info->data_reloc_bg == block_group->start) { |
911 |
++ /* |
912 |
++ * Do not allow further allocations from this block group. |
913 |
++ * Compared to increasing the ->ro, setting the |
914 |
++ * ->zoned_data_reloc_ongoing flag still allows nocow |
915 |
++ * writers to come in. See btrfs_inc_nocow_writers(). |
916 |
++ * |
917 |
++ * We need to disable an allocation to avoid an allocation of |
918 |
++ * regular (non-relocation data) extent. With mix of relocation |
919 |
++ * extents and regular extents, we can dispatch WRITE commands |
920 |
++ * (for relocation extents) and ZONE APPEND commands (for |
921 |
++ * regular extents) at the same time to the same zone, which |
922 |
++ * easily break the write pointer. |
923 |
++ */ |
924 |
++ block_group->zoned_data_reloc_ongoing = 1; |
925 |
+ fs_info->data_reloc_bg = 0; |
926 |
++ } |
927 |
+ spin_unlock(&fs_info->relocation_bg_lock); |
928 |
+ spin_unlock(&fs_info->treelog_bg_lock); |
929 |
+ spin_unlock(&block_group->lock); |
930 |
+diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c |
931 |
+index b791e280af0ca..a90546b3107c5 100644 |
932 |
+--- a/fs/btrfs/extent_io.c |
933 |
++++ b/fs/btrfs/extent_io.c |
934 |
+@@ -5152,13 +5152,14 @@ int extent_writepages(struct address_space *mapping, |
935 |
+ */ |
936 |
+ btrfs_zoned_data_reloc_lock(BTRFS_I(inode)); |
937 |
+ ret = extent_write_cache_pages(mapping, wbc, &epd); |
938 |
+- btrfs_zoned_data_reloc_unlock(BTRFS_I(inode)); |
939 |
+ ASSERT(ret <= 0); |
940 |
+ if (ret < 0) { |
941 |
++ btrfs_zoned_data_reloc_unlock(BTRFS_I(inode)); |
942 |
+ end_write_bio(&epd, ret); |
943 |
+ return ret; |
944 |
+ } |
945 |
+ ret = flush_write_bio(&epd); |
946 |
++ btrfs_zoned_data_reloc_unlock(BTRFS_I(inode)); |
947 |
+ return ret; |
948 |
+ } |
949 |
+ |
950 |
+diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
951 |
+index ea72620507901..1b4fee8a2f28b 100644 |
952 |
+--- a/fs/btrfs/inode.c |
953 |
++++ b/fs/btrfs/inode.c |
954 |
+@@ -3069,6 +3069,8 @@ static int btrfs_finish_ordered_io(struct btrfs_ordered_extent *ordered_extent) |
955 |
+ ordered_extent->file_offset, |
956 |
+ ordered_extent->file_offset + |
957 |
+ logical_len); |
958 |
++ btrfs_zoned_release_data_reloc_bg(fs_info, ordered_extent->disk_bytenr, |
959 |
++ ordered_extent->disk_num_bytes); |
960 |
+ } else { |
961 |
+ BUG_ON(root == fs_info->tree_root); |
962 |
+ ret = insert_ordered_extent_file_extent(trans, ordered_extent); |
963 |
+diff --git a/fs/btrfs/zoned.c b/fs/btrfs/zoned.c |
964 |
+index 574769f921a22..fc791f7c71428 100644 |
965 |
+--- a/fs/btrfs/zoned.c |
966 |
++++ b/fs/btrfs/zoned.c |
967 |
+@@ -1623,3 +1623,30 @@ void btrfs_free_zone_cache(struct btrfs_fs_info *fs_info) |
968 |
+ } |
969 |
+ mutex_unlock(&fs_devices->device_list_mutex); |
970 |
+ } |
971 |
++ |
972 |
++void btrfs_zoned_release_data_reloc_bg(struct btrfs_fs_info *fs_info, u64 logical, |
973 |
++ u64 length) |
974 |
++{ |
975 |
++ struct btrfs_block_group *block_group; |
976 |
++ |
977 |
++ if (!btrfs_is_zoned(fs_info)) |
978 |
++ return; |
979 |
++ |
980 |
++ block_group = btrfs_lookup_block_group(fs_info, logical); |
981 |
++ /* It should be called on a previous data relocation block group. */ |
982 |
++ ASSERT(block_group && (block_group->flags & BTRFS_BLOCK_GROUP_DATA)); |
983 |
++ |
984 |
++ spin_lock(&block_group->lock); |
985 |
++ if (!block_group->zoned_data_reloc_ongoing) |
986 |
++ goto out; |
987 |
++ |
988 |
++ /* All relocation extents are written. */ |
989 |
++ if (block_group->start + block_group->alloc_offset == logical + length) { |
990 |
++ /* Now, release this block group for further allocations. */ |
991 |
++ block_group->zoned_data_reloc_ongoing = 0; |
992 |
++ } |
993 |
++ |
994 |
++out: |
995 |
++ spin_unlock(&block_group->lock); |
996 |
++ btrfs_put_block_group(block_group); |
997 |
++} |
998 |
+diff --git a/fs/btrfs/zoned.h b/fs/btrfs/zoned.h |
999 |
+index 3a826f7c20403..574490ea2cc87 100644 |
1000 |
+--- a/fs/btrfs/zoned.h |
1001 |
++++ b/fs/btrfs/zoned.h |
1002 |
+@@ -70,6 +70,8 @@ struct btrfs_device *btrfs_zoned_get_device(struct btrfs_fs_info *fs_info, |
1003 |
+ u64 logical, u64 length); |
1004 |
+ void btrfs_clear_data_reloc_bg(struct btrfs_block_group *bg); |
1005 |
+ void btrfs_free_zone_cache(struct btrfs_fs_info *fs_info); |
1006 |
++void btrfs_zoned_release_data_reloc_bg(struct btrfs_fs_info *fs_info, u64 logical, |
1007 |
++ u64 length); |
1008 |
+ #else /* CONFIG_BLK_DEV_ZONED */ |
1009 |
+ static inline int btrfs_get_dev_zone(struct btrfs_device *device, u64 pos, |
1010 |
+ struct blk_zone *zone) |
1011 |
+@@ -207,6 +209,9 @@ static inline struct btrfs_device *btrfs_zoned_get_device( |
1012 |
+ static inline void btrfs_clear_data_reloc_bg(struct btrfs_block_group *bg) { } |
1013 |
+ |
1014 |
+ static inline void btrfs_free_zone_cache(struct btrfs_fs_info *fs_info) { } |
1015 |
++ |
1016 |
++static inline void btrfs_zoned_release_data_reloc_bg(struct btrfs_fs_info *fs_info, |
1017 |
++ u64 logical, u64 length) { } |
1018 |
+ #endif |
1019 |
+ |
1020 |
+ static inline bool btrfs_dev_is_sequential(struct btrfs_device *device, u64 pos) |
1021 |
+diff --git a/include/linux/ioprio.h b/include/linux/ioprio.h |
1022 |
+index 3f53bc27a19bf..3d088a88f8320 100644 |
1023 |
+--- a/include/linux/ioprio.h |
1024 |
++++ b/include/linux/ioprio.h |
1025 |
+@@ -11,7 +11,7 @@ |
1026 |
+ /* |
1027 |
+ * Default IO priority. |
1028 |
+ */ |
1029 |
+-#define IOPRIO_DEFAULT IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, IOPRIO_BE_NORM) |
1030 |
++#define IOPRIO_DEFAULT IOPRIO_PRIO_VALUE(IOPRIO_CLASS_NONE, 0) |
1031 |
+ |
1032 |
+ /* |
1033 |
+ * Check that a priority value has a valid class. |
1034 |
+diff --git a/tools/arch/x86/include/asm/cpufeatures.h b/tools/arch/x86/include/asm/cpufeatures.h |
1035 |
+index 3781a7f489ef3..bcaedfe60572f 100644 |
1036 |
+--- a/tools/arch/x86/include/asm/cpufeatures.h |
1037 |
++++ b/tools/arch/x86/include/asm/cpufeatures.h |
1038 |
+@@ -300,6 +300,7 @@ |
1039 |
+ #define X86_FEATURE_RETPOLINE_LFENCE (11*32+13) /* "" Use LFENCE for Spectre variant 2 */ |
1040 |
+ #define X86_FEATURE_RETHUNK (11*32+14) /* "" Use REturn THUNK */ |
1041 |
+ #define X86_FEATURE_UNRET (11*32+15) /* "" AMD BTB untrain return */ |
1042 |
++#define X86_FEATURE_RSB_VMEXIT_LITE (11*32+17) /* "" Fill RSB on VM-Exit when EIBRS is enabled */ |
1043 |
+ |
1044 |
+ /* Intel-defined CPU features, CPUID level 0x00000007:1 (EAX), word 12 */ |
1045 |
+ #define X86_FEATURE_AVX_VNNI (12*32+ 4) /* AVX VNNI instructions */ |
1046 |
+diff --git a/tools/arch/x86/include/asm/msr-index.h b/tools/arch/x86/include/asm/msr-index.h |
1047 |
+index ec2967e7249f5..8f38265bc81dc 100644 |
1048 |
+--- a/tools/arch/x86/include/asm/msr-index.h |
1049 |
++++ b/tools/arch/x86/include/asm/msr-index.h |
1050 |
+@@ -148,6 +148,10 @@ |
1051 |
+ * are restricted to targets in |
1052 |
+ * kernel. |
1053 |
+ */ |
1054 |
++#define ARCH_CAP_PBRSB_NO BIT(24) /* |
1055 |
++ * Not susceptible to Post-Barrier |
1056 |
++ * Return Stack Buffer Predictions. |
1057 |
++ */ |
1058 |
+ |
1059 |
+ #define MSR_IA32_FLUSH_CMD 0x0000010b |
1060 |
+ #define L1D_FLUSH BIT(0) /* |
1061 |
+diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h |
1062 |
+index e2c8f946c5416..8330e3ca8fbfb 100644 |
1063 |
+--- a/tools/include/uapi/linux/bpf.h |
1064 |
++++ b/tools/include/uapi/linux/bpf.h |
1065 |
+@@ -5347,7 +5347,8 @@ struct bpf_sock { |
1066 |
+ __u32 src_ip4; |
1067 |
+ __u32 src_ip6[4]; |
1068 |
+ __u32 src_port; /* host byte order */ |
1069 |
+- __u32 dst_port; /* network byte order */ |
1070 |
++ __be16 dst_port; /* network byte order */ |
1071 |
++ __u16 :16; /* zero padding */ |
1072 |
+ __u32 dst_ip4; |
1073 |
+ __u32 dst_ip6[4]; |
1074 |
+ __u32 state; |
1075 |
+diff --git a/tools/kvm/kvm_stat/kvm_stat b/tools/kvm/kvm_stat/kvm_stat |
1076 |
+index 5a5bd74f55bd5..9c366b3a676db 100755 |
1077 |
+--- a/tools/kvm/kvm_stat/kvm_stat |
1078 |
++++ b/tools/kvm/kvm_stat/kvm_stat |
1079 |
+@@ -1646,7 +1646,8 @@ Press any other key to refresh statistics immediately. |
1080 |
+ .format(values)) |
1081 |
+ if len(pids) > 1: |
1082 |
+ sys.exit('Error: Multiple processes found (pids: {}). Use "-p"' |
1083 |
+- ' to specify the desired pid'.format(" ".join(pids))) |
1084 |
++ ' to specify the desired pid' |
1085 |
++ .format(" ".join(map(str, pids)))) |
1086 |
+ namespace.pid = pids[0] |
1087 |
+ |
1088 |
+ argparser = argparse.ArgumentParser(description=description_text, |
1089 |
+diff --git a/tools/testing/selftests/bpf/prog_tests/sock_fields.c b/tools/testing/selftests/bpf/prog_tests/sock_fields.c |
1090 |
+index 577d619fb07ed..197ec1d1b7026 100644 |
1091 |
+--- a/tools/testing/selftests/bpf/prog_tests/sock_fields.c |
1092 |
++++ b/tools/testing/selftests/bpf/prog_tests/sock_fields.c |
1093 |
+@@ -1,9 +1,11 @@ |
1094 |
+ // SPDX-License-Identifier: GPL-2.0 |
1095 |
+ /* Copyright (c) 2019 Facebook */ |
1096 |
+ |
1097 |
++#define _GNU_SOURCE |
1098 |
+ #include <netinet/in.h> |
1099 |
+ #include <arpa/inet.h> |
1100 |
+ #include <unistd.h> |
1101 |
++#include <sched.h> |
1102 |
+ #include <stdlib.h> |
1103 |
+ #include <string.h> |
1104 |
+ #include <errno.h> |
1105 |
+@@ -21,6 +23,7 @@ |
1106 |
+ enum bpf_linum_array_idx { |
1107 |
+ EGRESS_LINUM_IDX, |
1108 |
+ INGRESS_LINUM_IDX, |
1109 |
++ READ_SK_DST_PORT_LINUM_IDX, |
1110 |
+ __NR_BPF_LINUM_ARRAY_IDX, |
1111 |
+ }; |
1112 |
+ |
1113 |
+@@ -43,8 +46,16 @@ static __u64 child_cg_id; |
1114 |
+ static int linum_map_fd; |
1115 |
+ static __u32 duration; |
1116 |
+ |
1117 |
+-static __u32 egress_linum_idx = EGRESS_LINUM_IDX; |
1118 |
+-static __u32 ingress_linum_idx = INGRESS_LINUM_IDX; |
1119 |
++static bool create_netns(void) |
1120 |
++{ |
1121 |
++ if (!ASSERT_OK(unshare(CLONE_NEWNET), "create netns")) |
1122 |
++ return false; |
1123 |
++ |
1124 |
++ if (!ASSERT_OK(system("ip link set dev lo up"), "bring up lo")) |
1125 |
++ return false; |
1126 |
++ |
1127 |
++ return true; |
1128 |
++} |
1129 |
+ |
1130 |
+ static void print_sk(const struct bpf_sock *sk, const char *prefix) |
1131 |
+ { |
1132 |
+@@ -92,19 +103,24 @@ static void check_result(void) |
1133 |
+ { |
1134 |
+ struct bpf_tcp_sock srv_tp, cli_tp, listen_tp; |
1135 |
+ struct bpf_sock srv_sk, cli_sk, listen_sk; |
1136 |
+- __u32 ingress_linum, egress_linum; |
1137 |
++ __u32 idx, ingress_linum, egress_linum, linum; |
1138 |
+ int err; |
1139 |
+ |
1140 |
+- err = bpf_map_lookup_elem(linum_map_fd, &egress_linum_idx, |
1141 |
+- &egress_linum); |
1142 |
++ idx = EGRESS_LINUM_IDX; |
1143 |
++ err = bpf_map_lookup_elem(linum_map_fd, &idx, &egress_linum); |
1144 |
+ CHECK(err < 0, "bpf_map_lookup_elem(linum_map_fd)", |
1145 |
+ "err:%d errno:%d\n", err, errno); |
1146 |
+ |
1147 |
+- err = bpf_map_lookup_elem(linum_map_fd, &ingress_linum_idx, |
1148 |
+- &ingress_linum); |
1149 |
++ idx = INGRESS_LINUM_IDX; |
1150 |
++ err = bpf_map_lookup_elem(linum_map_fd, &idx, &ingress_linum); |
1151 |
+ CHECK(err < 0, "bpf_map_lookup_elem(linum_map_fd)", |
1152 |
+ "err:%d errno:%d\n", err, errno); |
1153 |
+ |
1154 |
++ idx = READ_SK_DST_PORT_LINUM_IDX; |
1155 |
++ err = bpf_map_lookup_elem(linum_map_fd, &idx, &linum); |
1156 |
++ ASSERT_OK(err, "bpf_map_lookup_elem(linum_map_fd, READ_SK_DST_PORT_IDX)"); |
1157 |
++ ASSERT_EQ(linum, 0, "failure in read_sk_dst_port on line"); |
1158 |
++ |
1159 |
+ memcpy(&srv_sk, &skel->bss->srv_sk, sizeof(srv_sk)); |
1160 |
+ memcpy(&srv_tp, &skel->bss->srv_tp, sizeof(srv_tp)); |
1161 |
+ memcpy(&cli_sk, &skel->bss->cli_sk, sizeof(cli_sk)); |
1162 |
+@@ -263,7 +279,7 @@ static void test(void) |
1163 |
+ char buf[DATA_LEN]; |
1164 |
+ |
1165 |
+ /* Prepare listen_fd */ |
1166 |
+- listen_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0, 0); |
1167 |
++ listen_fd = start_server(AF_INET6, SOCK_STREAM, "::1", 0xcafe, 0); |
1168 |
+ /* start_server() has logged the error details */ |
1169 |
+ if (CHECK_FAIL(listen_fd == -1)) |
1170 |
+ goto done; |
1171 |
+@@ -331,8 +347,12 @@ done: |
1172 |
+ |
1173 |
+ void test_sock_fields(void) |
1174 |
+ { |
1175 |
+- struct bpf_link *egress_link = NULL, *ingress_link = NULL; |
1176 |
+ int parent_cg_fd = -1, child_cg_fd = -1; |
1177 |
++ struct bpf_link *link; |
1178 |
++ |
1179 |
++ /* Use a dedicated netns to have a fixed listen port */ |
1180 |
++ if (!create_netns()) |
1181 |
++ return; |
1182 |
+ |
1183 |
+ /* Create a cgroup, get fd, and join it */ |
1184 |
+ parent_cg_fd = test__join_cgroup(PARENT_CGROUP); |
1185 |
+@@ -353,15 +373,20 @@ void test_sock_fields(void) |
1186 |
+ if (CHECK(!skel, "test_sock_fields__open_and_load", "failed\n")) |
1187 |
+ goto done; |
1188 |
+ |
1189 |
+- egress_link = bpf_program__attach_cgroup(skel->progs.egress_read_sock_fields, |
1190 |
+- child_cg_fd); |
1191 |
+- if (!ASSERT_OK_PTR(egress_link, "attach_cgroup(egress)")) |
1192 |
++ link = bpf_program__attach_cgroup(skel->progs.egress_read_sock_fields, child_cg_fd); |
1193 |
++ if (!ASSERT_OK_PTR(link, "attach_cgroup(egress_read_sock_fields)")) |
1194 |
++ goto done; |
1195 |
++ skel->links.egress_read_sock_fields = link; |
1196 |
++ |
1197 |
++ link = bpf_program__attach_cgroup(skel->progs.ingress_read_sock_fields, child_cg_fd); |
1198 |
++ if (!ASSERT_OK_PTR(link, "attach_cgroup(ingress_read_sock_fields)")) |
1199 |
+ goto done; |
1200 |
++ skel->links.ingress_read_sock_fields = link; |
1201 |
+ |
1202 |
+- ingress_link = bpf_program__attach_cgroup(skel->progs.ingress_read_sock_fields, |
1203 |
+- child_cg_fd); |
1204 |
+- if (!ASSERT_OK_PTR(ingress_link, "attach_cgroup(ingress)")) |
1205 |
++ link = bpf_program__attach_cgroup(skel->progs.read_sk_dst_port, child_cg_fd); |
1206 |
++ if (!ASSERT_OK_PTR(link, "attach_cgroup(read_sk_dst_port")) |
1207 |
+ goto done; |
1208 |
++ skel->links.read_sk_dst_port = link; |
1209 |
+ |
1210 |
+ linum_map_fd = bpf_map__fd(skel->maps.linum_map); |
1211 |
+ sk_pkt_out_cnt_fd = bpf_map__fd(skel->maps.sk_pkt_out_cnt); |
1212 |
+@@ -370,8 +395,7 @@ void test_sock_fields(void) |
1213 |
+ test(); |
1214 |
+ |
1215 |
+ done: |
1216 |
+- bpf_link__destroy(egress_link); |
1217 |
+- bpf_link__destroy(ingress_link); |
1218 |
++ test_sock_fields__detach(skel); |
1219 |
+ test_sock_fields__destroy(skel); |
1220 |
+ if (child_cg_fd >= 0) |
1221 |
+ close(child_cg_fd); |
1222 |
+diff --git a/tools/testing/selftests/bpf/progs/test_sock_fields.c b/tools/testing/selftests/bpf/progs/test_sock_fields.c |
1223 |
+index 7967348b11af6..43b31aa1fcf72 100644 |
1224 |
+--- a/tools/testing/selftests/bpf/progs/test_sock_fields.c |
1225 |
++++ b/tools/testing/selftests/bpf/progs/test_sock_fields.c |
1226 |
+@@ -12,6 +12,7 @@ |
1227 |
+ enum bpf_linum_array_idx { |
1228 |
+ EGRESS_LINUM_IDX, |
1229 |
+ INGRESS_LINUM_IDX, |
1230 |
++ READ_SK_DST_PORT_LINUM_IDX, |
1231 |
+ __NR_BPF_LINUM_ARRAY_IDX, |
1232 |
+ }; |
1233 |
+ |
1234 |
+@@ -250,4 +251,48 @@ int ingress_read_sock_fields(struct __sk_buff *skb) |
1235 |
+ return CG_OK; |
1236 |
+ } |
1237 |
+ |
1238 |
++static __noinline bool sk_dst_port__load_word(struct bpf_sock *sk) |
1239 |
++{ |
1240 |
++ __u32 *word = (__u32 *)&sk->dst_port; |
1241 |
++ return word[0] == bpf_htonl(0xcafe0000); |
1242 |
++} |
1243 |
++ |
1244 |
++static __noinline bool sk_dst_port__load_half(struct bpf_sock *sk) |
1245 |
++{ |
1246 |
++ __u16 *half = (__u16 *)&sk->dst_port; |
1247 |
++ return half[0] == bpf_htons(0xcafe); |
1248 |
++} |
1249 |
++ |
1250 |
++static __noinline bool sk_dst_port__load_byte(struct bpf_sock *sk) |
1251 |
++{ |
1252 |
++ __u8 *byte = (__u8 *)&sk->dst_port; |
1253 |
++ return byte[0] == 0xca && byte[1] == 0xfe; |
1254 |
++} |
1255 |
++ |
1256 |
++SEC("cgroup_skb/egress") |
1257 |
++int read_sk_dst_port(struct __sk_buff *skb) |
1258 |
++{ |
1259 |
++ __u32 linum, linum_idx; |
1260 |
++ struct bpf_sock *sk; |
1261 |
++ |
1262 |
++ linum_idx = READ_SK_DST_PORT_LINUM_IDX; |
1263 |
++ |
1264 |
++ sk = skb->sk; |
1265 |
++ if (!sk) |
1266 |
++ RET_LOG(); |
1267 |
++ |
1268 |
++ /* Ignore everything but the SYN from the client socket */ |
1269 |
++ if (sk->state != BPF_TCP_SYN_SENT) |
1270 |
++ return CG_OK; |
1271 |
++ |
1272 |
++ if (!sk_dst_port__load_word(sk)) |
1273 |
++ RET_LOG(); |
1274 |
++ if (!sk_dst_port__load_half(sk)) |
1275 |
++ RET_LOG(); |
1276 |
++ if (!sk_dst_port__load_byte(sk)) |
1277 |
++ RET_LOG(); |
1278 |
++ |
1279 |
++ return CG_OK; |
1280 |
++} |
1281 |
++ |
1282 |
+ char _license[] SEC("license") = "GPL"; |
1283 |
+diff --git a/tools/testing/selftests/bpf/verifier/sock.c b/tools/testing/selftests/bpf/verifier/sock.c |
1284 |
+index ce13ece08d51c..8c224eac93df7 100644 |
1285 |
+--- a/tools/testing/selftests/bpf/verifier/sock.c |
1286 |
++++ b/tools/testing/selftests/bpf/verifier/sock.c |
1287 |
+@@ -121,7 +121,25 @@ |
1288 |
+ .result = ACCEPT, |
1289 |
+ }, |
1290 |
+ { |
1291 |
+- "sk_fullsock(skb->sk): sk->dst_port [narrow load]", |
1292 |
++ "sk_fullsock(skb->sk): sk->dst_port [word load] (backward compatibility)", |
1293 |
++ .insns = { |
1294 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), |
1295 |
++ BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), |
1296 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1297 |
++ BPF_EXIT_INSN(), |
1298 |
++ BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), |
1299 |
++ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), |
1300 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1301 |
++ BPF_EXIT_INSN(), |
1302 |
++ BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port)), |
1303 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1304 |
++ BPF_EXIT_INSN(), |
1305 |
++ }, |
1306 |
++ .prog_type = BPF_PROG_TYPE_CGROUP_SKB, |
1307 |
++ .result = ACCEPT, |
1308 |
++}, |
1309 |
++{ |
1310 |
++ "sk_fullsock(skb->sk): sk->dst_port [half load]", |
1311 |
+ .insns = { |
1312 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), |
1313 |
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), |
1314 |
+@@ -139,7 +157,64 @@ |
1315 |
+ .result = ACCEPT, |
1316 |
+ }, |
1317 |
+ { |
1318 |
+- "sk_fullsock(skb->sk): sk->dst_port [load 2nd byte]", |
1319 |
++ "sk_fullsock(skb->sk): sk->dst_port [half load] (invalid)", |
1320 |
++ .insns = { |
1321 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), |
1322 |
++ BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), |
1323 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1324 |
++ BPF_EXIT_INSN(), |
1325 |
++ BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), |
1326 |
++ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), |
1327 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1328 |
++ BPF_EXIT_INSN(), |
1329 |
++ BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 2), |
1330 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1331 |
++ BPF_EXIT_INSN(), |
1332 |
++ }, |
1333 |
++ .prog_type = BPF_PROG_TYPE_CGROUP_SKB, |
1334 |
++ .result = REJECT, |
1335 |
++ .errstr = "invalid sock access", |
1336 |
++}, |
1337 |
++{ |
1338 |
++ "sk_fullsock(skb->sk): sk->dst_port [byte load]", |
1339 |
++ .insns = { |
1340 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), |
1341 |
++ BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), |
1342 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1343 |
++ BPF_EXIT_INSN(), |
1344 |
++ BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), |
1345 |
++ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), |
1346 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1347 |
++ BPF_EXIT_INSN(), |
1348 |
++ BPF_LDX_MEM(BPF_B, BPF_REG_2, BPF_REG_0, offsetof(struct bpf_sock, dst_port)), |
1349 |
++ BPF_LDX_MEM(BPF_B, BPF_REG_2, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 1), |
1350 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1351 |
++ BPF_EXIT_INSN(), |
1352 |
++ }, |
1353 |
++ .prog_type = BPF_PROG_TYPE_CGROUP_SKB, |
1354 |
++ .result = ACCEPT, |
1355 |
++}, |
1356 |
++{ |
1357 |
++ "sk_fullsock(skb->sk): sk->dst_port [byte load] (invalid)", |
1358 |
++ .insns = { |
1359 |
++ BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), |
1360 |
++ BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), |
1361 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1362 |
++ BPF_EXIT_INSN(), |
1363 |
++ BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), |
1364 |
++ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), |
1365 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1366 |
++ BPF_EXIT_INSN(), |
1367 |
++ BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 2), |
1368 |
++ BPF_MOV64_IMM(BPF_REG_0, 0), |
1369 |
++ BPF_EXIT_INSN(), |
1370 |
++ }, |
1371 |
++ .prog_type = BPF_PROG_TYPE_CGROUP_SKB, |
1372 |
++ .result = REJECT, |
1373 |
++ .errstr = "invalid sock access", |
1374 |
++}, |
1375 |
++{ |
1376 |
++ "sk_fullsock(skb->sk): past sk->dst_port [half load] (invalid)", |
1377 |
+ .insns = { |
1378 |
+ BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), |
1379 |
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), |
1380 |
+@@ -149,7 +224,7 @@ |
1381 |
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), |
1382 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
1383 |
+ BPF_EXIT_INSN(), |
1384 |
+- BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_0, offsetof(struct bpf_sock, dst_port) + 1), |
1385 |
++ BPF_LDX_MEM(BPF_H, BPF_REG_0, BPF_REG_0, offsetofend(struct bpf_sock, dst_port)), |
1386 |
+ BPF_MOV64_IMM(BPF_REG_0, 0), |
1387 |
+ BPF_EXIT_INSN(), |
1388 |
+ }, |
1389 |
+diff --git a/tools/testing/selftests/kvm/lib/aarch64/ucall.c b/tools/testing/selftests/kvm/lib/aarch64/ucall.c |
1390 |
+index e0b0164e9af85..be1d9728c4cea 100644 |
1391 |
+--- a/tools/testing/selftests/kvm/lib/aarch64/ucall.c |
1392 |
++++ b/tools/testing/selftests/kvm/lib/aarch64/ucall.c |
1393 |
+@@ -73,20 +73,19 @@ void ucall_uninit(struct kvm_vm *vm) |
1394 |
+ |
1395 |
+ void ucall(uint64_t cmd, int nargs, ...) |
1396 |
+ { |
1397 |
+- struct ucall uc = { |
1398 |
+- .cmd = cmd, |
1399 |
+- }; |
1400 |
++ struct ucall uc = {}; |
1401 |
+ va_list va; |
1402 |
+ int i; |
1403 |
+ |
1404 |
++ WRITE_ONCE(uc.cmd, cmd); |
1405 |
+ nargs = nargs <= UCALL_MAX_ARGS ? nargs : UCALL_MAX_ARGS; |
1406 |
+ |
1407 |
+ va_start(va, nargs); |
1408 |
+ for (i = 0; i < nargs; ++i) |
1409 |
+- uc.args[i] = va_arg(va, uint64_t); |
1410 |
++ WRITE_ONCE(uc.args[i], va_arg(va, uint64_t)); |
1411 |
+ va_end(va); |
1412 |
+ |
1413 |
+- *ucall_exit_mmio_addr = (vm_vaddr_t)&uc; |
1414 |
++ WRITE_ONCE(*ucall_exit_mmio_addr, (vm_vaddr_t)&uc); |
1415 |
+ } |
1416 |
+ |
1417 |
+ uint64_t get_ucall(struct kvm_vm *vm, uint32_t vcpu_id, struct ucall *uc) |
1418 |
+diff --git a/tools/testing/selftests/kvm/x86_64/hyperv_clock.c b/tools/testing/selftests/kvm/x86_64/hyperv_clock.c |
1419 |
+index e0b2bb1339b16..3330fb183c680 100644 |
1420 |
+--- a/tools/testing/selftests/kvm/x86_64/hyperv_clock.c |
1421 |
++++ b/tools/testing/selftests/kvm/x86_64/hyperv_clock.c |
1422 |
+@@ -44,7 +44,7 @@ static inline void nop_loop(void) |
1423 |
+ { |
1424 |
+ int i; |
1425 |
+ |
1426 |
+- for (i = 0; i < 1000000; i++) |
1427 |
++ for (i = 0; i < 100000000; i++) |
1428 |
+ asm volatile("nop"); |
1429 |
+ } |
1430 |
+ |
1431 |
+@@ -56,12 +56,14 @@ static inline void check_tsc_msr_rdtsc(void) |
1432 |
+ tsc_freq = rdmsr(HV_X64_MSR_TSC_FREQUENCY); |
1433 |
+ GUEST_ASSERT(tsc_freq > 0); |
1434 |
+ |
1435 |
+- /* First, check MSR-based clocksource */ |
1436 |
++ /* For increased accuracy, take mean rdtsc() before and afrer rdmsr() */ |
1437 |
+ r1 = rdtsc(); |
1438 |
+ t1 = rdmsr(HV_X64_MSR_TIME_REF_COUNT); |
1439 |
++ r1 = (r1 + rdtsc()) / 2; |
1440 |
+ nop_loop(); |
1441 |
+ r2 = rdtsc(); |
1442 |
+ t2 = rdmsr(HV_X64_MSR_TIME_REF_COUNT); |
1443 |
++ r2 = (r2 + rdtsc()) / 2; |
1444 |
+ |
1445 |
+ GUEST_ASSERT(r2 > r1 && t2 > t1); |
1446 |
+ |
1447 |
+@@ -181,12 +183,14 @@ static void host_check_tsc_msr_rdtsc(struct kvm_vm *vm) |
1448 |
+ tsc_freq = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TSC_FREQUENCY); |
1449 |
+ TEST_ASSERT(tsc_freq > 0, "TSC frequency must be nonzero"); |
1450 |
+ |
1451 |
+- /* First, check MSR-based clocksource */ |
1452 |
++ /* For increased accuracy, take mean rdtsc() before and afrer ioctl */ |
1453 |
+ r1 = rdtsc(); |
1454 |
+ t1 = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TIME_REF_COUNT); |
1455 |
++ r1 = (r1 + rdtsc()) / 2; |
1456 |
+ nop_loop(); |
1457 |
+ r2 = rdtsc(); |
1458 |
+ t2 = vcpu_get_msr(vm, VCPU_ID, HV_X64_MSR_TIME_REF_COUNT); |
1459 |
++ r2 = (r2 + rdtsc()) / 2; |
1460 |
+ |
1461 |
+ TEST_ASSERT(t2 > t1, "Time reference MSR is not monotonic (%ld <= %ld)", t1, t2); |
1462 |
+ |
1463 |
+diff --git a/tools/vm/slabinfo.c b/tools/vm/slabinfo.c |
1464 |
+index 9b68658b6bb85..5b98f3ee58a58 100644 |
1465 |
+--- a/tools/vm/slabinfo.c |
1466 |
++++ b/tools/vm/slabinfo.c |
1467 |
+@@ -233,6 +233,24 @@ static unsigned long read_slab_obj(struct slabinfo *s, const char *name) |
1468 |
+ return l; |
1469 |
+ } |
1470 |
+ |
1471 |
++static unsigned long read_debug_slab_obj(struct slabinfo *s, const char *name) |
1472 |
++{ |
1473 |
++ char x[128]; |
1474 |
++ FILE *f; |
1475 |
++ size_t l; |
1476 |
++ |
1477 |
++ snprintf(x, 128, "/sys/kernel/debug/slab/%s/%s", s->name, name); |
1478 |
++ f = fopen(x, "r"); |
1479 |
++ if (!f) { |
1480 |
++ buffer[0] = 0; |
1481 |
++ l = 0; |
1482 |
++ } else { |
1483 |
++ l = fread(buffer, 1, sizeof(buffer), f); |
1484 |
++ buffer[l] = 0; |
1485 |
++ fclose(f); |
1486 |
++ } |
1487 |
++ return l; |
1488 |
++} |
1489 |
+ |
1490 |
+ /* |
1491 |
+ * Put a size string together |
1492 |
+@@ -409,14 +427,18 @@ static void show_tracking(struct slabinfo *s) |
1493 |
+ { |
1494 |
+ printf("\n%s: Kernel object allocation\n", s->name); |
1495 |
+ printf("-----------------------------------------------------------------------\n"); |
1496 |
+- if (read_slab_obj(s, "alloc_calls")) |
1497 |
++ if (read_debug_slab_obj(s, "alloc_traces")) |
1498 |
++ printf("%s", buffer); |
1499 |
++ else if (read_slab_obj(s, "alloc_calls")) |
1500 |
+ printf("%s", buffer); |
1501 |
+ else |
1502 |
+ printf("No Data\n"); |
1503 |
+ |
1504 |
+ printf("\n%s: Kernel object freeing\n", s->name); |
1505 |
+ printf("------------------------------------------------------------------------\n"); |
1506 |
+- if (read_slab_obj(s, "free_calls")) |
1507 |
++ if (read_debug_slab_obj(s, "free_traces")) |
1508 |
++ printf("%s", buffer); |
1509 |
++ else if (read_slab_obj(s, "free_calls")) |
1510 |
+ printf("%s", buffer); |
1511 |
+ else |
1512 |
+ printf("No Data\n"); |