1 |
commit: a830aee1944ccf0a758da9c5f5de62ae4aef091f |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Sep 5 15:30:20 2018 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Sep 5 15:30:20 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=a830aee1 |
7 |
|
8 |
Linux patch 4.18.6 |
9 |
|
10 |
0000_README | 4 + |
11 |
1005_linux-4.18.6.patch | 5123 +++++++++++++++++++++++++++++++++++++++++++++++ |
12 |
2 files changed, 5127 insertions(+) |
13 |
|
14 |
diff --git a/0000_README b/0000_README |
15 |
index 8da0979..8bfc2e4 100644 |
16 |
--- a/0000_README |
17 |
+++ b/0000_README |
18 |
@@ -63,6 +63,10 @@ Patch: 1004_linux-4.18.5.patch |
19 |
From: http://www.kernel.org |
20 |
Desc: Linux 4.18.5 |
21 |
|
22 |
+Patch: 1005_linux-4.18.6.patch |
23 |
+From: http://www.kernel.org |
24 |
+Desc: Linux 4.18.6 |
25 |
+ |
26 |
Patch: 1500_XATTR_USER_PREFIX.patch |
27 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
28 |
Desc: Support for namespace user.pax.* on tmpfs. |
29 |
|
30 |
diff --git a/1005_linux-4.18.6.patch b/1005_linux-4.18.6.patch |
31 |
new file mode 100644 |
32 |
index 0000000..99632b3 |
33 |
--- /dev/null |
34 |
+++ b/1005_linux-4.18.6.patch |
35 |
@@ -0,0 +1,5123 @@ |
36 |
+diff --git a/Makefile b/Makefile |
37 |
+index a41692c5827a..62524f4d42ad 100644 |
38 |
+--- a/Makefile |
39 |
++++ b/Makefile |
40 |
+@@ -1,7 +1,7 @@ |
41 |
+ # SPDX-License-Identifier: GPL-2.0 |
42 |
+ VERSION = 4 |
43 |
+ PATCHLEVEL = 18 |
44 |
+-SUBLEVEL = 5 |
45 |
++SUBLEVEL = 6 |
46 |
+ EXTRAVERSION = |
47 |
+ NAME = Merciless Moray |
48 |
+ |
49 |
+@@ -493,9 +493,13 @@ KBUILD_AFLAGS += $(call cc-option, -no-integrated-as) |
50 |
+ endif |
51 |
+ |
52 |
+ RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register |
53 |
++RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register |
54 |
+ RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk |
55 |
++RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline |
56 |
+ RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) |
57 |
++RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG))) |
58 |
+ export RETPOLINE_CFLAGS |
59 |
++export RETPOLINE_VDSO_CFLAGS |
60 |
+ |
61 |
+ KBUILD_CFLAGS += $(call cc-option,-fno-PIE) |
62 |
+ KBUILD_AFLAGS += $(call cc-option,-fno-PIE) |
63 |
+diff --git a/arch/Kconfig b/arch/Kconfig |
64 |
+index d1f2ed462ac8..f03b72644902 100644 |
65 |
+--- a/arch/Kconfig |
66 |
++++ b/arch/Kconfig |
67 |
+@@ -354,6 +354,9 @@ config HAVE_ARCH_JUMP_LABEL |
68 |
+ config HAVE_RCU_TABLE_FREE |
69 |
+ bool |
70 |
+ |
71 |
++config HAVE_RCU_TABLE_INVALIDATE |
72 |
++ bool |
73 |
++ |
74 |
+ config ARCH_HAVE_NMI_SAFE_CMPXCHG |
75 |
+ bool |
76 |
+ |
77 |
+diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c |
78 |
+index f6a62ae44a65..c864f6b045ba 100644 |
79 |
+--- a/arch/arm/net/bpf_jit_32.c |
80 |
++++ b/arch/arm/net/bpf_jit_32.c |
81 |
+@@ -238,7 +238,7 @@ static void jit_fill_hole(void *area, unsigned int size) |
82 |
+ #define STACK_SIZE ALIGN(_STACK_SIZE, STACK_ALIGNMENT) |
83 |
+ |
84 |
+ /* Get the offset of eBPF REGISTERs stored on scratch space. */ |
85 |
+-#define STACK_VAR(off) (STACK_SIZE - off) |
86 |
++#define STACK_VAR(off) (STACK_SIZE - off - 4) |
87 |
+ |
88 |
+ #if __LINUX_ARM_ARCH__ < 7 |
89 |
+ |
90 |
+diff --git a/arch/arm/probes/kprobes/core.c b/arch/arm/probes/kprobes/core.c |
91 |
+index e90cc8a08186..a8be6fe3946d 100644 |
92 |
+--- a/arch/arm/probes/kprobes/core.c |
93 |
++++ b/arch/arm/probes/kprobes/core.c |
94 |
+@@ -289,8 +289,8 @@ void __kprobes kprobe_handler(struct pt_regs *regs) |
95 |
+ break; |
96 |
+ case KPROBE_REENTER: |
97 |
+ /* A nested probe was hit in FIQ, it is a BUG */ |
98 |
+- pr_warn("Unrecoverable kprobe detected at %p.\n", |
99 |
+- p->addr); |
100 |
++ pr_warn("Unrecoverable kprobe detected.\n"); |
101 |
++ dump_kprobe(p); |
102 |
+ /* fall through */ |
103 |
+ default: |
104 |
+ /* impossible cases */ |
105 |
+diff --git a/arch/arm/probes/kprobes/test-core.c b/arch/arm/probes/kprobes/test-core.c |
106 |
+index 14db14152909..cc237fa9b90f 100644 |
107 |
+--- a/arch/arm/probes/kprobes/test-core.c |
108 |
++++ b/arch/arm/probes/kprobes/test-core.c |
109 |
+@@ -1461,7 +1461,6 @@ fail: |
110 |
+ print_registers(&result_regs); |
111 |
+ |
112 |
+ if (mem) { |
113 |
+- pr_err("current_stack=%p\n", current_stack); |
114 |
+ pr_err("expected_memory:\n"); |
115 |
+ print_memory(expected_memory, mem_size); |
116 |
+ pr_err("result_memory:\n"); |
117 |
+diff --git a/arch/arm64/boot/dts/rockchip/rk3328.dtsi b/arch/arm64/boot/dts/rockchip/rk3328.dtsi |
118 |
+index b8e9da15e00c..2c1aa84abeea 100644 |
119 |
+--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi |
120 |
++++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi |
121 |
+@@ -331,7 +331,7 @@ |
122 |
+ reg = <0x0 0xff120000 0x0 0x100>; |
123 |
+ interrupts = <GIC_SPI 56 IRQ_TYPE_LEVEL_HIGH>; |
124 |
+ clocks = <&cru SCLK_UART1>, <&cru PCLK_UART1>; |
125 |
+- clock-names = "sclk_uart", "pclk_uart"; |
126 |
++ clock-names = "baudclk", "apb_pclk"; |
127 |
+ dmas = <&dmac 4>, <&dmac 5>; |
128 |
+ dma-names = "tx", "rx"; |
129 |
+ pinctrl-names = "default"; |
130 |
+diff --git a/arch/arm64/include/asm/cache.h b/arch/arm64/include/asm/cache.h |
131 |
+index 5df5cfe1c143..5ee5bca8c24b 100644 |
132 |
+--- a/arch/arm64/include/asm/cache.h |
133 |
++++ b/arch/arm64/include/asm/cache.h |
134 |
+@@ -21,12 +21,16 @@ |
135 |
+ #define CTR_L1IP_SHIFT 14 |
136 |
+ #define CTR_L1IP_MASK 3 |
137 |
+ #define CTR_DMINLINE_SHIFT 16 |
138 |
++#define CTR_IMINLINE_SHIFT 0 |
139 |
+ #define CTR_ERG_SHIFT 20 |
140 |
+ #define CTR_CWG_SHIFT 24 |
141 |
+ #define CTR_CWG_MASK 15 |
142 |
+ #define CTR_IDC_SHIFT 28 |
143 |
+ #define CTR_DIC_SHIFT 29 |
144 |
+ |
145 |
++#define CTR_CACHE_MINLINE_MASK \ |
146 |
++ (0xf << CTR_DMINLINE_SHIFT | 0xf << CTR_IMINLINE_SHIFT) |
147 |
++ |
148 |
+ #define CTR_L1IP(ctr) (((ctr) >> CTR_L1IP_SHIFT) & CTR_L1IP_MASK) |
149 |
+ |
150 |
+ #define ICACHE_POLICY_VPIPT 0 |
151 |
+diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h |
152 |
+index 8a699c708fc9..be3bf3d08916 100644 |
153 |
+--- a/arch/arm64/include/asm/cpucaps.h |
154 |
++++ b/arch/arm64/include/asm/cpucaps.h |
155 |
+@@ -49,7 +49,8 @@ |
156 |
+ #define ARM64_HAS_CACHE_DIC 28 |
157 |
+ #define ARM64_HW_DBM 29 |
158 |
+ #define ARM64_SSBD 30 |
159 |
++#define ARM64_MISMATCHED_CACHE_TYPE 31 |
160 |
+ |
161 |
+-#define ARM64_NCAPS 31 |
162 |
++#define ARM64_NCAPS 32 |
163 |
+ |
164 |
+ #endif /* __ASM_CPUCAPS_H */ |
165 |
+diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c |
166 |
+index 1d2b6d768efe..5d59ff9a8da9 100644 |
167 |
+--- a/arch/arm64/kernel/cpu_errata.c |
168 |
++++ b/arch/arm64/kernel/cpu_errata.c |
169 |
+@@ -65,12 +65,18 @@ is_kryo_midr(const struct arm64_cpu_capabilities *entry, int scope) |
170 |
+ } |
171 |
+ |
172 |
+ static bool |
173 |
+-has_mismatched_cache_line_size(const struct arm64_cpu_capabilities *entry, |
174 |
+- int scope) |
175 |
++has_mismatched_cache_type(const struct arm64_cpu_capabilities *entry, |
176 |
++ int scope) |
177 |
+ { |
178 |
++ u64 mask = CTR_CACHE_MINLINE_MASK; |
179 |
++ |
180 |
++ /* Skip matching the min line sizes for cache type check */ |
181 |
++ if (entry->capability == ARM64_MISMATCHED_CACHE_TYPE) |
182 |
++ mask ^= arm64_ftr_reg_ctrel0.strict_mask; |
183 |
++ |
184 |
+ WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible()); |
185 |
+- return (read_cpuid_cachetype() & arm64_ftr_reg_ctrel0.strict_mask) != |
186 |
+- (arm64_ftr_reg_ctrel0.sys_val & arm64_ftr_reg_ctrel0.strict_mask); |
187 |
++ return (read_cpuid_cachetype() & mask) != |
188 |
++ (arm64_ftr_reg_ctrel0.sys_val & mask); |
189 |
+ } |
190 |
+ |
191 |
+ static void |
192 |
+@@ -613,7 +619,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { |
193 |
+ { |
194 |
+ .desc = "Mismatched cache line size", |
195 |
+ .capability = ARM64_MISMATCHED_CACHE_LINE_SIZE, |
196 |
+- .matches = has_mismatched_cache_line_size, |
197 |
++ .matches = has_mismatched_cache_type, |
198 |
++ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, |
199 |
++ .cpu_enable = cpu_enable_trap_ctr_access, |
200 |
++ }, |
201 |
++ { |
202 |
++ .desc = "Mismatched cache type", |
203 |
++ .capability = ARM64_MISMATCHED_CACHE_TYPE, |
204 |
++ .matches = has_mismatched_cache_type, |
205 |
+ .type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM, |
206 |
+ .cpu_enable = cpu_enable_trap_ctr_access, |
207 |
+ }, |
208 |
+diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c |
209 |
+index c6d80743f4ed..e4103b718a7c 100644 |
210 |
+--- a/arch/arm64/kernel/cpufeature.c |
211 |
++++ b/arch/arm64/kernel/cpufeature.c |
212 |
+@@ -214,7 +214,7 @@ static const struct arm64_ftr_bits ftr_ctr[] = { |
213 |
+ * If we have differing I-cache policies, report it as the weakest - VIPT. |
214 |
+ */ |
215 |
+ ARM64_FTR_BITS(FTR_VISIBLE, FTR_NONSTRICT, FTR_EXACT, 14, 2, ICACHE_POLICY_VIPT), /* L1Ip */ |
216 |
+- ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, 0, 4, 0), /* IminLine */ |
217 |
++ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IMINLINE_SHIFT, 4, 0), |
218 |
+ ARM64_FTR_END, |
219 |
+ }; |
220 |
+ |
221 |
+diff --git a/arch/arm64/kernel/probes/kprobes.c b/arch/arm64/kernel/probes/kprobes.c |
222 |
+index d849d9804011..22a5921562c7 100644 |
223 |
+--- a/arch/arm64/kernel/probes/kprobes.c |
224 |
++++ b/arch/arm64/kernel/probes/kprobes.c |
225 |
+@@ -275,7 +275,7 @@ static int __kprobes reenter_kprobe(struct kprobe *p, |
226 |
+ break; |
227 |
+ case KPROBE_HIT_SS: |
228 |
+ case KPROBE_REENTER: |
229 |
+- pr_warn("Unrecoverable kprobe detected at %p.\n", p->addr); |
230 |
++ pr_warn("Unrecoverable kprobe detected.\n"); |
231 |
+ dump_kprobe(p); |
232 |
+ BUG(); |
233 |
+ break; |
234 |
+diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c |
235 |
+index 9abf8a1e7b25..787e27964ab9 100644 |
236 |
+--- a/arch/arm64/mm/init.c |
237 |
++++ b/arch/arm64/mm/init.c |
238 |
+@@ -287,7 +287,11 @@ static void __init zone_sizes_init(unsigned long min, unsigned long max) |
239 |
+ #ifdef CONFIG_HAVE_ARCH_PFN_VALID |
240 |
+ int pfn_valid(unsigned long pfn) |
241 |
+ { |
242 |
+- return memblock_is_map_memory(pfn << PAGE_SHIFT); |
243 |
++ phys_addr_t addr = pfn << PAGE_SHIFT; |
244 |
++ |
245 |
++ if ((addr >> PAGE_SHIFT) != pfn) |
246 |
++ return 0; |
247 |
++ return memblock_is_map_memory(addr); |
248 |
+ } |
249 |
+ EXPORT_SYMBOL(pfn_valid); |
250 |
+ #endif |
251 |
+diff --git a/arch/mips/Makefile b/arch/mips/Makefile |
252 |
+index e2122cca4ae2..1e98d22ec119 100644 |
253 |
+--- a/arch/mips/Makefile |
254 |
++++ b/arch/mips/Makefile |
255 |
+@@ -155,15 +155,11 @@ cflags-$(CONFIG_CPU_R4300) += -march=r4300 -Wa,--trap |
256 |
+ cflags-$(CONFIG_CPU_VR41XX) += -march=r4100 -Wa,--trap |
257 |
+ cflags-$(CONFIG_CPU_R4X00) += -march=r4600 -Wa,--trap |
258 |
+ cflags-$(CONFIG_CPU_TX49XX) += -march=r4600 -Wa,--trap |
259 |
+-cflags-$(CONFIG_CPU_MIPS32_R1) += $(call cc-option,-march=mips32,-mips32 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ |
260 |
+- -Wa,-mips32 -Wa,--trap |
261 |
+-cflags-$(CONFIG_CPU_MIPS32_R2) += $(call cc-option,-march=mips32r2,-mips32r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS32) \ |
262 |
+- -Wa,-mips32r2 -Wa,--trap |
263 |
++cflags-$(CONFIG_CPU_MIPS32_R1) += -march=mips32 -Wa,--trap |
264 |
++cflags-$(CONFIG_CPU_MIPS32_R2) += -march=mips32r2 -Wa,--trap |
265 |
+ cflags-$(CONFIG_CPU_MIPS32_R6) += -march=mips32r6 -Wa,--trap -modd-spreg |
266 |
+-cflags-$(CONFIG_CPU_MIPS64_R1) += $(call cc-option,-march=mips64,-mips64 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \ |
267 |
+- -Wa,-mips64 -Wa,--trap |
268 |
+-cflags-$(CONFIG_CPU_MIPS64_R2) += $(call cc-option,-march=mips64r2,-mips64r2 -U_MIPS_ISA -D_MIPS_ISA=_MIPS_ISA_MIPS64) \ |
269 |
+- -Wa,-mips64r2 -Wa,--trap |
270 |
++cflags-$(CONFIG_CPU_MIPS64_R1) += -march=mips64 -Wa,--trap |
271 |
++cflags-$(CONFIG_CPU_MIPS64_R2) += -march=mips64r2 -Wa,--trap |
272 |
+ cflags-$(CONFIG_CPU_MIPS64_R6) += -march=mips64r6 -Wa,--trap |
273 |
+ cflags-$(CONFIG_CPU_R5000) += -march=r5000 -Wa,--trap |
274 |
+ cflags-$(CONFIG_CPU_R5432) += $(call cc-option,-march=r5400,-march=r5000) \ |
275 |
+diff --git a/arch/mips/include/asm/processor.h b/arch/mips/include/asm/processor.h |
276 |
+index af34afbc32d9..b2fa62922d88 100644 |
277 |
+--- a/arch/mips/include/asm/processor.h |
278 |
++++ b/arch/mips/include/asm/processor.h |
279 |
+@@ -141,7 +141,7 @@ struct mips_fpu_struct { |
280 |
+ |
281 |
+ #define NUM_DSP_REGS 6 |
282 |
+ |
283 |
+-typedef __u32 dspreg_t; |
284 |
++typedef unsigned long dspreg_t; |
285 |
+ |
286 |
+ struct mips_dsp_state { |
287 |
+ dspreg_t dspr[NUM_DSP_REGS]; |
288 |
+@@ -386,7 +386,20 @@ unsigned long get_wchan(struct task_struct *p); |
289 |
+ #define KSTK_ESP(tsk) (task_pt_regs(tsk)->regs[29]) |
290 |
+ #define KSTK_STATUS(tsk) (task_pt_regs(tsk)->cp0_status) |
291 |
+ |
292 |
++#ifdef CONFIG_CPU_LOONGSON3 |
293 |
++/* |
294 |
++ * Loongson-3's SFB (Store-Fill-Buffer) may buffer writes indefinitely when a |
295 |
++ * tight read loop is executed, because reads take priority over writes & the |
296 |
++ * hardware (incorrectly) doesn't ensure that writes will eventually occur. |
297 |
++ * |
298 |
++ * Since spin loops of any kind should have a cpu_relax() in them, force an SFB |
299 |
++ * flush from cpu_relax() such that any pending writes will become visible as |
300 |
++ * expected. |
301 |
++ */ |
302 |
++#define cpu_relax() smp_mb() |
303 |
++#else |
304 |
+ #define cpu_relax() barrier() |
305 |
++#endif |
306 |
+ |
307 |
+ /* |
308 |
+ * Return_address is a replacement for __builtin_return_address(count) |
309 |
+diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c |
310 |
+index 9f6c3f2aa2e2..8c8d42823bda 100644 |
311 |
+--- a/arch/mips/kernel/ptrace.c |
312 |
++++ b/arch/mips/kernel/ptrace.c |
313 |
+@@ -856,7 +856,7 @@ long arch_ptrace(struct task_struct *child, long request, |
314 |
+ goto out; |
315 |
+ } |
316 |
+ dregs = __get_dsp_regs(child); |
317 |
+- tmp = (unsigned long) (dregs[addr - DSP_BASE]); |
318 |
++ tmp = dregs[addr - DSP_BASE]; |
319 |
+ break; |
320 |
+ } |
321 |
+ case DSP_CONTROL: |
322 |
+diff --git a/arch/mips/kernel/ptrace32.c b/arch/mips/kernel/ptrace32.c |
323 |
+index 7edc629304c8..bc348d44d151 100644 |
324 |
+--- a/arch/mips/kernel/ptrace32.c |
325 |
++++ b/arch/mips/kernel/ptrace32.c |
326 |
+@@ -142,7 +142,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, |
327 |
+ goto out; |
328 |
+ } |
329 |
+ dregs = __get_dsp_regs(child); |
330 |
+- tmp = (unsigned long) (dregs[addr - DSP_BASE]); |
331 |
++ tmp = dregs[addr - DSP_BASE]; |
332 |
+ break; |
333 |
+ } |
334 |
+ case DSP_CONTROL: |
335 |
+diff --git a/arch/mips/lib/memset.S b/arch/mips/lib/memset.S |
336 |
+index 1cc306520a55..fac26ce64b2f 100644 |
337 |
+--- a/arch/mips/lib/memset.S |
338 |
++++ b/arch/mips/lib/memset.S |
339 |
+@@ -195,6 +195,7 @@ |
340 |
+ #endif |
341 |
+ #else |
342 |
+ PTR_SUBU t0, $0, a2 |
343 |
++ move a2, zero /* No remaining longs */ |
344 |
+ PTR_ADDIU t0, 1 |
345 |
+ STORE_BYTE(0) |
346 |
+ STORE_BYTE(1) |
347 |
+@@ -231,7 +232,7 @@ |
348 |
+ |
349 |
+ #ifdef CONFIG_CPU_MIPSR6 |
350 |
+ .Lbyte_fixup\@: |
351 |
+- PTR_SUBU a2, $0, t0 |
352 |
++ PTR_SUBU a2, t0 |
353 |
+ jr ra |
354 |
+ PTR_ADDIU a2, 1 |
355 |
+ #endif /* CONFIG_CPU_MIPSR6 */ |
356 |
+diff --git a/arch/mips/lib/multi3.c b/arch/mips/lib/multi3.c |
357 |
+index 111ad475aa0c..4c2483f410c2 100644 |
358 |
+--- a/arch/mips/lib/multi3.c |
359 |
++++ b/arch/mips/lib/multi3.c |
360 |
+@@ -4,12 +4,12 @@ |
361 |
+ #include "libgcc.h" |
362 |
+ |
363 |
+ /* |
364 |
+- * GCC 7 suboptimally generates __multi3 calls for mips64r6, so for that |
365 |
+- * specific case only we'll implement it here. |
366 |
++ * GCC 7 & older can suboptimally generate __multi3 calls for mips64r6, so for |
367 |
++ * that specific case only we implement that intrinsic here. |
368 |
+ * |
369 |
+ * See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82981 |
370 |
+ */ |
371 |
+-#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ == 7) |
372 |
++#if defined(CONFIG_64BIT) && defined(CONFIG_CPU_MIPSR6) && (__GNUC__ < 8) |
373 |
+ |
374 |
+ /* multiply 64-bit values, low 64-bits returned */ |
375 |
+ static inline long long notrace dmulu(long long a, long long b) |
376 |
+diff --git a/arch/s390/include/asm/qdio.h b/arch/s390/include/asm/qdio.h |
377 |
+index de11ecc99c7c..9c9970a5dfb1 100644 |
378 |
+--- a/arch/s390/include/asm/qdio.h |
379 |
++++ b/arch/s390/include/asm/qdio.h |
380 |
+@@ -262,7 +262,6 @@ struct qdio_outbuf_state { |
381 |
+ void *user; |
382 |
+ }; |
383 |
+ |
384 |
+-#define QDIO_OUTBUF_STATE_FLAG_NONE 0x00 |
385 |
+ #define QDIO_OUTBUF_STATE_FLAG_PENDING 0x01 |
386 |
+ |
387 |
+ #define CHSC_AC1_INITIATE_INPUTQ 0x80 |
388 |
+diff --git a/arch/s390/lib/mem.S b/arch/s390/lib/mem.S |
389 |
+index 2311f15be9cf..40c4d59c926e 100644 |
390 |
+--- a/arch/s390/lib/mem.S |
391 |
++++ b/arch/s390/lib/mem.S |
392 |
+@@ -17,7 +17,7 @@ |
393 |
+ ENTRY(memmove) |
394 |
+ ltgr %r4,%r4 |
395 |
+ lgr %r1,%r2 |
396 |
+- bzr %r14 |
397 |
++ jz .Lmemmove_exit |
398 |
+ aghi %r4,-1 |
399 |
+ clgr %r2,%r3 |
400 |
+ jnh .Lmemmove_forward |
401 |
+@@ -36,6 +36,7 @@ ENTRY(memmove) |
402 |
+ .Lmemmove_forward_remainder: |
403 |
+ larl %r5,.Lmemmove_mvc |
404 |
+ ex %r4,0(%r5) |
405 |
++.Lmemmove_exit: |
406 |
+ BR_EX %r14 |
407 |
+ .Lmemmove_reverse: |
408 |
+ ic %r0,0(%r4,%r3) |
409 |
+@@ -65,7 +66,7 @@ EXPORT_SYMBOL(memmove) |
410 |
+ */ |
411 |
+ ENTRY(memset) |
412 |
+ ltgr %r4,%r4 |
413 |
+- bzr %r14 |
414 |
++ jz .Lmemset_exit |
415 |
+ ltgr %r3,%r3 |
416 |
+ jnz .Lmemset_fill |
417 |
+ aghi %r4,-1 |
418 |
+@@ -80,6 +81,7 @@ ENTRY(memset) |
419 |
+ .Lmemset_clear_remainder: |
420 |
+ larl %r3,.Lmemset_xc |
421 |
+ ex %r4,0(%r3) |
422 |
++.Lmemset_exit: |
423 |
+ BR_EX %r14 |
424 |
+ .Lmemset_fill: |
425 |
+ cghi %r4,1 |
426 |
+@@ -115,7 +117,7 @@ EXPORT_SYMBOL(memset) |
427 |
+ */ |
428 |
+ ENTRY(memcpy) |
429 |
+ ltgr %r4,%r4 |
430 |
+- bzr %r14 |
431 |
++ jz .Lmemcpy_exit |
432 |
+ aghi %r4,-1 |
433 |
+ srlg %r5,%r4,8 |
434 |
+ ltgr %r5,%r5 |
435 |
+@@ -124,6 +126,7 @@ ENTRY(memcpy) |
436 |
+ .Lmemcpy_remainder: |
437 |
+ larl %r5,.Lmemcpy_mvc |
438 |
+ ex %r4,0(%r5) |
439 |
++.Lmemcpy_exit: |
440 |
+ BR_EX %r14 |
441 |
+ .Lmemcpy_loop: |
442 |
+ mvc 0(256,%r1),0(%r3) |
443 |
+@@ -145,9 +148,9 @@ EXPORT_SYMBOL(memcpy) |
444 |
+ .macro __MEMSET bits,bytes,insn |
445 |
+ ENTRY(__memset\bits) |
446 |
+ ltgr %r4,%r4 |
447 |
+- bzr %r14 |
448 |
++ jz .L__memset_exit\bits |
449 |
+ cghi %r4,\bytes |
450 |
+- je .L__memset_exit\bits |
451 |
++ je .L__memset_store\bits |
452 |
+ aghi %r4,-(\bytes+1) |
453 |
+ srlg %r5,%r4,8 |
454 |
+ ltgr %r5,%r5 |
455 |
+@@ -163,8 +166,9 @@ ENTRY(__memset\bits) |
456 |
+ larl %r5,.L__memset_mvc\bits |
457 |
+ ex %r4,0(%r5) |
458 |
+ BR_EX %r14 |
459 |
+-.L__memset_exit\bits: |
460 |
++.L__memset_store\bits: |
461 |
+ \insn %r3,0(%r2) |
462 |
++.L__memset_exit\bits: |
463 |
+ BR_EX %r14 |
464 |
+ .L__memset_mvc\bits: |
465 |
+ mvc \bytes(1,%r1),0(%r1) |
466 |
+diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c |
467 |
+index e074480d3598..4cc3f06b0ab3 100644 |
468 |
+--- a/arch/s390/mm/fault.c |
469 |
++++ b/arch/s390/mm/fault.c |
470 |
+@@ -502,6 +502,8 @@ retry: |
471 |
+ /* No reason to continue if interrupted by SIGKILL. */ |
472 |
+ if ((fault & VM_FAULT_RETRY) && fatal_signal_pending(current)) { |
473 |
+ fault = VM_FAULT_SIGNAL; |
474 |
++ if (flags & FAULT_FLAG_RETRY_NOWAIT) |
475 |
++ goto out_up; |
476 |
+ goto out; |
477 |
+ } |
478 |
+ if (unlikely(fault & VM_FAULT_ERROR)) |
479 |
+diff --git a/arch/s390/mm/page-states.c b/arch/s390/mm/page-states.c |
480 |
+index 382153ff17e3..dc3cede7f2ec 100644 |
481 |
+--- a/arch/s390/mm/page-states.c |
482 |
++++ b/arch/s390/mm/page-states.c |
483 |
+@@ -271,7 +271,7 @@ void arch_set_page_states(int make_stable) |
484 |
+ list_for_each(l, &zone->free_area[order].free_list[t]) { |
485 |
+ page = list_entry(l, struct page, lru); |
486 |
+ if (make_stable) |
487 |
+- set_page_stable_dat(page, 0); |
488 |
++ set_page_stable_dat(page, order); |
489 |
+ else |
490 |
+ set_page_unused(page, order); |
491 |
+ } |
492 |
+diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c |
493 |
+index 5f0234ec8038..d7052cbe984f 100644 |
494 |
+--- a/arch/s390/net/bpf_jit_comp.c |
495 |
++++ b/arch/s390/net/bpf_jit_comp.c |
496 |
+@@ -485,8 +485,6 @@ static void bpf_jit_epilogue(struct bpf_jit *jit, u32 stack_depth) |
497 |
+ /* br %r1 */ |
498 |
+ _EMIT2(0x07f1); |
499 |
+ } else { |
500 |
+- /* larl %r1,.+14 */ |
501 |
+- EMIT6_PCREL_RILB(0xc0000000, REG_1, jit->prg + 14); |
502 |
+ /* ex 0,S390_lowcore.br_r1_tampoline */ |
503 |
+ EMIT4_DISP(0x44000000, REG_0, REG_0, |
504 |
+ offsetof(struct lowcore, br_r1_trampoline)); |
505 |
+diff --git a/arch/s390/numa/numa.c b/arch/s390/numa/numa.c |
506 |
+index 06a80434cfe6..5bd374491f94 100644 |
507 |
+--- a/arch/s390/numa/numa.c |
508 |
++++ b/arch/s390/numa/numa.c |
509 |
+@@ -134,26 +134,14 @@ void __init numa_setup(void) |
510 |
+ { |
511 |
+ pr_info("NUMA mode: %s\n", mode->name); |
512 |
+ nodes_clear(node_possible_map); |
513 |
++ /* Initially attach all possible CPUs to node 0. */ |
514 |
++ cpumask_copy(&node_to_cpumask_map[0], cpu_possible_mask); |
515 |
+ if (mode->setup) |
516 |
+ mode->setup(); |
517 |
+ numa_setup_memory(); |
518 |
+ memblock_dump_all(); |
519 |
+ } |
520 |
+ |
521 |
+-/* |
522 |
+- * numa_init_early() - Initialization initcall |
523 |
+- * |
524 |
+- * This runs when only one CPU is online and before the first |
525 |
+- * topology update is called for by the scheduler. |
526 |
+- */ |
527 |
+-static int __init numa_init_early(void) |
528 |
+-{ |
529 |
+- /* Attach all possible CPUs to node 0 for now. */ |
530 |
+- cpumask_copy(&node_to_cpumask_map[0], cpu_possible_mask); |
531 |
+- return 0; |
532 |
+-} |
533 |
+-early_initcall(numa_init_early); |
534 |
+- |
535 |
+ /* |
536 |
+ * numa_init_late() - Initialization initcall |
537 |
+ * |
538 |
+diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c |
539 |
+index 4902fed221c0..8a505cfdd9b9 100644 |
540 |
+--- a/arch/s390/pci/pci.c |
541 |
++++ b/arch/s390/pci/pci.c |
542 |
+@@ -421,6 +421,8 @@ int arch_setup_msi_irqs(struct pci_dev *pdev, int nvec, int type) |
543 |
+ hwirq = 0; |
544 |
+ for_each_pci_msi_entry(msi, pdev) { |
545 |
+ rc = -EIO; |
546 |
++ if (hwirq >= msi_vecs) |
547 |
++ break; |
548 |
+ irq = irq_alloc_desc(0); /* Alloc irq on node 0 */ |
549 |
+ if (irq < 0) |
550 |
+ return -ENOMEM; |
551 |
+diff --git a/arch/s390/purgatory/Makefile b/arch/s390/purgatory/Makefile |
552 |
+index 1ace023cbdce..abfa8c7a6d9a 100644 |
553 |
+--- a/arch/s390/purgatory/Makefile |
554 |
++++ b/arch/s390/purgatory/Makefile |
555 |
+@@ -7,13 +7,13 @@ purgatory-y := head.o purgatory.o string.o sha256.o mem.o |
556 |
+ targets += $(purgatory-y) purgatory.ro kexec-purgatory.c |
557 |
+ PURGATORY_OBJS = $(addprefix $(obj)/,$(purgatory-y)) |
558 |
+ |
559 |
+-$(obj)/sha256.o: $(srctree)/lib/sha256.c |
560 |
++$(obj)/sha256.o: $(srctree)/lib/sha256.c FORCE |
561 |
+ $(call if_changed_rule,cc_o_c) |
562 |
+ |
563 |
+-$(obj)/mem.o: $(srctree)/arch/s390/lib/mem.S |
564 |
++$(obj)/mem.o: $(srctree)/arch/s390/lib/mem.S FORCE |
565 |
+ $(call if_changed_rule,as_o_S) |
566 |
+ |
567 |
+-$(obj)/string.o: $(srctree)/arch/s390/lib/string.c |
568 |
++$(obj)/string.o: $(srctree)/arch/s390/lib/string.c FORCE |
569 |
+ $(call if_changed_rule,cc_o_c) |
570 |
+ |
571 |
+ LDFLAGS_purgatory.ro := -e purgatory_start -r --no-undefined -nostdlib |
572 |
+@@ -23,6 +23,7 @@ KBUILD_CFLAGS += -Wno-pointer-sign -Wno-sign-compare |
573 |
+ KBUILD_CFLAGS += -fno-zero-initialized-in-bss -fno-builtin -ffreestanding |
574 |
+ KBUILD_CFLAGS += -c -MD -Os -m64 -msoft-float |
575 |
+ KBUILD_CFLAGS += $(call cc-option,-fno-PIE) |
576 |
++KBUILD_AFLAGS := $(filter-out -DCC_USING_EXPOLINE,$(KBUILD_AFLAGS)) |
577 |
+ |
578 |
+ $(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE |
579 |
+ $(call if_changed,ld) |
580 |
+diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
581 |
+index 6b8065d718bd..1aa4dd3b5687 100644 |
582 |
+--- a/arch/x86/Kconfig |
583 |
++++ b/arch/x86/Kconfig |
584 |
+@@ -179,6 +179,7 @@ config X86 |
585 |
+ select HAVE_PERF_REGS |
586 |
+ select HAVE_PERF_USER_STACK_DUMP |
587 |
+ select HAVE_RCU_TABLE_FREE |
588 |
++ select HAVE_RCU_TABLE_INVALIDATE if HAVE_RCU_TABLE_FREE |
589 |
+ select HAVE_REGS_AND_STACK_ACCESS_API |
590 |
+ select HAVE_RELIABLE_STACKTRACE if X86_64 && UNWINDER_FRAME_POINTER && STACK_VALIDATION |
591 |
+ select HAVE_STACKPROTECTOR if CC_HAS_SANE_STACKPROTECTOR |
592 |
+diff --git a/arch/x86/Makefile b/arch/x86/Makefile |
593 |
+index a08e82856563..d944b52649a4 100644 |
594 |
+--- a/arch/x86/Makefile |
595 |
++++ b/arch/x86/Makefile |
596 |
+@@ -180,10 +180,6 @@ ifdef CONFIG_FUNCTION_GRAPH_TRACER |
597 |
+ endif |
598 |
+ endif |
599 |
+ |
600 |
+-ifndef CC_HAVE_ASM_GOTO |
601 |
+- $(error Compiler lacks asm-goto support.) |
602 |
+-endif |
603 |
+- |
604 |
+ # |
605 |
+ # Jump labels need '-maccumulate-outgoing-args' for gcc < 4.5.2 to prevent a |
606 |
+ # GCC bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=46226). There's no way |
607 |
+@@ -317,6 +313,13 @@ PHONY += vdso_install |
608 |
+ vdso_install: |
609 |
+ $(Q)$(MAKE) $(build)=arch/x86/entry/vdso $@ |
610 |
+ |
611 |
++archprepare: checkbin |
612 |
++checkbin: |
613 |
++ifndef CC_HAVE_ASM_GOTO |
614 |
++ @echo Compiler lacks asm-goto support. |
615 |
++ @exit 1 |
616 |
++endif |
617 |
++ |
618 |
+ archclean: |
619 |
+ $(Q)rm -rf $(objtree)/arch/i386 |
620 |
+ $(Q)rm -rf $(objtree)/arch/x86_64 |
621 |
+diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile |
622 |
+index 261802b1cc50..9589878faf46 100644 |
623 |
+--- a/arch/x86/entry/vdso/Makefile |
624 |
++++ b/arch/x86/entry/vdso/Makefile |
625 |
+@@ -72,9 +72,9 @@ $(obj)/vdso-image-%.c: $(obj)/vdso%.so.dbg $(obj)/vdso%.so $(obj)/vdso2c FORCE |
626 |
+ CFL := $(PROFILING) -mcmodel=small -fPIC -O2 -fasynchronous-unwind-tables -m64 \ |
627 |
+ $(filter -g%,$(KBUILD_CFLAGS)) $(call cc-option, -fno-stack-protector) \ |
628 |
+ -fno-omit-frame-pointer -foptimize-sibling-calls \ |
629 |
+- -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO |
630 |
++ -DDISABLE_BRANCH_PROFILING -DBUILD_VDSO $(RETPOLINE_VDSO_CFLAGS) |
631 |
+ |
632 |
+-$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) |
633 |
++$(vobjs): KBUILD_CFLAGS := $(filter-out $(GCC_PLUGINS_CFLAGS) $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS)) $(CFL) |
634 |
+ |
635 |
+ # |
636 |
+ # vDSO code runs in userspace and -pg doesn't help with profiling anyway. |
637 |
+@@ -138,11 +138,13 @@ KBUILD_CFLAGS_32 := $(filter-out -mcmodel=kernel,$(KBUILD_CFLAGS_32)) |
638 |
+ KBUILD_CFLAGS_32 := $(filter-out -fno-pic,$(KBUILD_CFLAGS_32)) |
639 |
+ KBUILD_CFLAGS_32 := $(filter-out -mfentry,$(KBUILD_CFLAGS_32)) |
640 |
+ KBUILD_CFLAGS_32 := $(filter-out $(GCC_PLUGINS_CFLAGS),$(KBUILD_CFLAGS_32)) |
641 |
++KBUILD_CFLAGS_32 := $(filter-out $(RETPOLINE_CFLAGS),$(KBUILD_CFLAGS_32)) |
642 |
+ KBUILD_CFLAGS_32 += -m32 -msoft-float -mregparm=0 -fpic |
643 |
+ KBUILD_CFLAGS_32 += $(call cc-option, -fno-stack-protector) |
644 |
+ KBUILD_CFLAGS_32 += $(call cc-option, -foptimize-sibling-calls) |
645 |
+ KBUILD_CFLAGS_32 += -fno-omit-frame-pointer |
646 |
+ KBUILD_CFLAGS_32 += -DDISABLE_BRANCH_PROFILING |
647 |
++KBUILD_CFLAGS_32 += $(RETPOLINE_VDSO_CFLAGS) |
648 |
+ $(obj)/vdso32.so.dbg: KBUILD_CFLAGS = $(KBUILD_CFLAGS_32) |
649 |
+ |
650 |
+ $(obj)/vdso32.so.dbg: FORCE \ |
651 |
+diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c |
652 |
+index 5f4829f10129..dfb2f7c0d019 100644 |
653 |
+--- a/arch/x86/events/core.c |
654 |
++++ b/arch/x86/events/core.c |
655 |
+@@ -2465,7 +2465,7 @@ perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs |
656 |
+ |
657 |
+ perf_callchain_store(entry, regs->ip); |
658 |
+ |
659 |
+- if (!current->mm) |
660 |
++ if (!nmi_uaccess_okay()) |
661 |
+ return; |
662 |
+ |
663 |
+ if (perf_callchain_user32(regs, entry)) |
664 |
+diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h |
665 |
+index c14f2a74b2be..15450a675031 100644 |
666 |
+--- a/arch/x86/include/asm/irqflags.h |
667 |
++++ b/arch/x86/include/asm/irqflags.h |
668 |
+@@ -33,7 +33,8 @@ extern inline unsigned long native_save_fl(void) |
669 |
+ return flags; |
670 |
+ } |
671 |
+ |
672 |
+-static inline void native_restore_fl(unsigned long flags) |
673 |
++extern inline void native_restore_fl(unsigned long flags); |
674 |
++extern inline void native_restore_fl(unsigned long flags) |
675 |
+ { |
676 |
+ asm volatile("push %0 ; popf" |
677 |
+ : /* no output */ |
678 |
+diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h |
679 |
+index 682286aca881..d53c54b842da 100644 |
680 |
+--- a/arch/x86/include/asm/processor.h |
681 |
++++ b/arch/x86/include/asm/processor.h |
682 |
+@@ -132,6 +132,8 @@ struct cpuinfo_x86 { |
683 |
+ /* Index into per_cpu list: */ |
684 |
+ u16 cpu_index; |
685 |
+ u32 microcode; |
686 |
++ /* Address space bits used by the cache internally */ |
687 |
++ u8 x86_cache_bits; |
688 |
+ unsigned initialized : 1; |
689 |
+ } __randomize_layout; |
690 |
+ |
691 |
+@@ -181,9 +183,9 @@ extern const struct seq_operations cpuinfo_op; |
692 |
+ |
693 |
+ extern void cpu_detect(struct cpuinfo_x86 *c); |
694 |
+ |
695 |
+-static inline unsigned long l1tf_pfn_limit(void) |
696 |
++static inline unsigned long long l1tf_pfn_limit(void) |
697 |
+ { |
698 |
+- return BIT(boot_cpu_data.x86_phys_bits - 1 - PAGE_SHIFT) - 1; |
699 |
++ return BIT_ULL(boot_cpu_data.x86_cache_bits - 1 - PAGE_SHIFT); |
700 |
+ } |
701 |
+ |
702 |
+ extern void early_cpu_init(void); |
703 |
+diff --git a/arch/x86/include/asm/stacktrace.h b/arch/x86/include/asm/stacktrace.h |
704 |
+index b6dc698f992a..f335aad404a4 100644 |
705 |
+--- a/arch/x86/include/asm/stacktrace.h |
706 |
++++ b/arch/x86/include/asm/stacktrace.h |
707 |
+@@ -111,6 +111,6 @@ static inline unsigned long caller_frame_pointer(void) |
708 |
+ return (unsigned long)frame; |
709 |
+ } |
710 |
+ |
711 |
+-void show_opcodes(u8 *rip, const char *loglvl); |
712 |
++void show_opcodes(struct pt_regs *regs, const char *loglvl); |
713 |
+ void show_ip(struct pt_regs *regs, const char *loglvl); |
714 |
+ #endif /* _ASM_X86_STACKTRACE_H */ |
715 |
+diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h |
716 |
+index 6690cd3fc8b1..0af97e51e609 100644 |
717 |
+--- a/arch/x86/include/asm/tlbflush.h |
718 |
++++ b/arch/x86/include/asm/tlbflush.h |
719 |
+@@ -175,8 +175,16 @@ struct tlb_state { |
720 |
+ * are on. This means that it may not match current->active_mm, |
721 |
+ * which will contain the previous user mm when we're in lazy TLB |
722 |
+ * mode even if we've already switched back to swapper_pg_dir. |
723 |
++ * |
724 |
++ * During switch_mm_irqs_off(), loaded_mm will be set to |
725 |
++ * LOADED_MM_SWITCHING during the brief interrupts-off window |
726 |
++ * when CR3 and loaded_mm would otherwise be inconsistent. This |
727 |
++ * is for nmi_uaccess_okay()'s benefit. |
728 |
+ */ |
729 |
+ struct mm_struct *loaded_mm; |
730 |
++ |
731 |
++#define LOADED_MM_SWITCHING ((struct mm_struct *)1) |
732 |
++ |
733 |
+ u16 loaded_mm_asid; |
734 |
+ u16 next_asid; |
735 |
+ /* last user mm's ctx id */ |
736 |
+@@ -246,6 +254,38 @@ struct tlb_state { |
737 |
+ }; |
738 |
+ DECLARE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate); |
739 |
+ |
740 |
++/* |
741 |
++ * Blindly accessing user memory from NMI context can be dangerous |
742 |
++ * if we're in the middle of switching the current user task or |
743 |
++ * switching the loaded mm. It can also be dangerous if we |
744 |
++ * interrupted some kernel code that was temporarily using a |
745 |
++ * different mm. |
746 |
++ */ |
747 |
++static inline bool nmi_uaccess_okay(void) |
748 |
++{ |
749 |
++ struct mm_struct *loaded_mm = this_cpu_read(cpu_tlbstate.loaded_mm); |
750 |
++ struct mm_struct *current_mm = current->mm; |
751 |
++ |
752 |
++ VM_WARN_ON_ONCE(!loaded_mm); |
753 |
++ |
754 |
++ /* |
755 |
++ * The condition we want to check is |
756 |
++ * current_mm->pgd == __va(read_cr3_pa()). This may be slow, though, |
757 |
++ * if we're running in a VM with shadow paging, and nmi_uaccess_okay() |
758 |
++ * is supposed to be reasonably fast. |
759 |
++ * |
760 |
++ * Instead, we check the almost equivalent but somewhat conservative |
761 |
++ * condition below, and we rely on the fact that switch_mm_irqs_off() |
762 |
++ * sets loaded_mm to LOADED_MM_SWITCHING before writing to CR3. |
763 |
++ */ |
764 |
++ if (loaded_mm != current_mm) |
765 |
++ return false; |
766 |
++ |
767 |
++ VM_WARN_ON_ONCE(current_mm->pgd != __va(read_cr3_pa())); |
768 |
++ |
769 |
++ return true; |
770 |
++} |
771 |
++ |
772 |
+ /* Initialize cr4 shadow for this CPU. */ |
773 |
+ static inline void cr4_init_shadow(void) |
774 |
+ { |
775 |
+diff --git a/arch/x86/include/asm/vgtod.h b/arch/x86/include/asm/vgtod.h |
776 |
+index fb856c9f0449..53748541c487 100644 |
777 |
+--- a/arch/x86/include/asm/vgtod.h |
778 |
++++ b/arch/x86/include/asm/vgtod.h |
779 |
+@@ -93,7 +93,7 @@ static inline unsigned int __getcpu(void) |
780 |
+ * |
781 |
+ * If RDPID is available, use it. |
782 |
+ */ |
783 |
+- alternative_io ("lsl %[p],%[seg]", |
784 |
++ alternative_io ("lsl %[seg],%[p]", |
785 |
+ ".byte 0xf3,0x0f,0xc7,0xf8", /* RDPID %eax/rax */ |
786 |
+ X86_FEATURE_RDPID, |
787 |
+ [p] "=a" (p), [seg] "r" (__PER_CPU_SEG)); |
788 |
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
789 |
+index 664f161f96ff..4891a621a752 100644 |
790 |
+--- a/arch/x86/kernel/cpu/bugs.c |
791 |
++++ b/arch/x86/kernel/cpu/bugs.c |
792 |
+@@ -652,6 +652,45 @@ EXPORT_SYMBOL_GPL(l1tf_mitigation); |
793 |
+ enum vmx_l1d_flush_state l1tf_vmx_mitigation = VMENTER_L1D_FLUSH_AUTO; |
794 |
+ EXPORT_SYMBOL_GPL(l1tf_vmx_mitigation); |
795 |
+ |
796 |
++/* |
797 |
++ * These CPUs all support 44bits physical address space internally in the |
798 |
++ * cache but CPUID can report a smaller number of physical address bits. |
799 |
++ * |
800 |
++ * The L1TF mitigation uses the top most address bit for the inversion of |
801 |
++ * non present PTEs. When the installed memory reaches into the top most |
802 |
++ * address bit due to memory holes, which has been observed on machines |
803 |
++ * which report 36bits physical address bits and have 32G RAM installed, |
804 |
++ * then the mitigation range check in l1tf_select_mitigation() triggers. |
805 |
++ * This is a false positive because the mitigation is still possible due to |
806 |
++ * the fact that the cache uses 44bit internally. Use the cache bits |
807 |
++ * instead of the reported physical bits and adjust them on the affected |
808 |
++ * machines to 44bit if the reported bits are less than 44. |
809 |
++ */ |
810 |
++static void override_cache_bits(struct cpuinfo_x86 *c) |
811 |
++{ |
812 |
++ if (c->x86 != 6) |
813 |
++ return; |
814 |
++ |
815 |
++ switch (c->x86_model) { |
816 |
++ case INTEL_FAM6_NEHALEM: |
817 |
++ case INTEL_FAM6_WESTMERE: |
818 |
++ case INTEL_FAM6_SANDYBRIDGE: |
819 |
++ case INTEL_FAM6_IVYBRIDGE: |
820 |
++ case INTEL_FAM6_HASWELL_CORE: |
821 |
++ case INTEL_FAM6_HASWELL_ULT: |
822 |
++ case INTEL_FAM6_HASWELL_GT3E: |
823 |
++ case INTEL_FAM6_BROADWELL_CORE: |
824 |
++ case INTEL_FAM6_BROADWELL_GT3E: |
825 |
++ case INTEL_FAM6_SKYLAKE_MOBILE: |
826 |
++ case INTEL_FAM6_SKYLAKE_DESKTOP: |
827 |
++ case INTEL_FAM6_KABYLAKE_MOBILE: |
828 |
++ case INTEL_FAM6_KABYLAKE_DESKTOP: |
829 |
++ if (c->x86_cache_bits < 44) |
830 |
++ c->x86_cache_bits = 44; |
831 |
++ break; |
832 |
++ } |
833 |
++} |
834 |
++ |
835 |
+ static void __init l1tf_select_mitigation(void) |
836 |
+ { |
837 |
+ u64 half_pa; |
838 |
+@@ -659,6 +698,8 @@ static void __init l1tf_select_mitigation(void) |
839 |
+ if (!boot_cpu_has_bug(X86_BUG_L1TF)) |
840 |
+ return; |
841 |
+ |
842 |
++ override_cache_bits(&boot_cpu_data); |
843 |
++ |
844 |
+ switch (l1tf_mitigation) { |
845 |
+ case L1TF_MITIGATION_OFF: |
846 |
+ case L1TF_MITIGATION_FLUSH_NOWARN: |
847 |
+@@ -678,14 +719,13 @@ static void __init l1tf_select_mitigation(void) |
848 |
+ return; |
849 |
+ #endif |
850 |
+ |
851 |
+- /* |
852 |
+- * This is extremely unlikely to happen because almost all |
853 |
+- * systems have far more MAX_PA/2 than RAM can be fit into |
854 |
+- * DIMM slots. |
855 |
+- */ |
856 |
+ half_pa = (u64)l1tf_pfn_limit() << PAGE_SHIFT; |
857 |
+ if (e820__mapped_any(half_pa, ULLONG_MAX - half_pa, E820_TYPE_RAM)) { |
858 |
+ pr_warn("System has more than MAX_PA/2 memory. L1TF mitigation not effective.\n"); |
859 |
++ pr_info("You may make it effective by booting the kernel with mem=%llu parameter.\n", |
860 |
++ half_pa); |
861 |
++ pr_info("However, doing so will make a part of your RAM unusable.\n"); |
862 |
++ pr_info("Reading https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html might help you decide.\n"); |
863 |
+ return; |
864 |
+ } |
865 |
+ |
866 |
+diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
867 |
+index b41b72bd8bb8..1ee8ea36af30 100644 |
868 |
+--- a/arch/x86/kernel/cpu/common.c |
869 |
++++ b/arch/x86/kernel/cpu/common.c |
870 |
+@@ -919,6 +919,7 @@ void get_cpu_address_sizes(struct cpuinfo_x86 *c) |
871 |
+ else if (cpu_has(c, X86_FEATURE_PAE) || cpu_has(c, X86_FEATURE_PSE36)) |
872 |
+ c->x86_phys_bits = 36; |
873 |
+ #endif |
874 |
++ c->x86_cache_bits = c->x86_phys_bits; |
875 |
+ } |
876 |
+ |
877 |
+ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) |
878 |
+diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c |
879 |
+index 6602941cfebf..3f0abb62161b 100644 |
880 |
+--- a/arch/x86/kernel/cpu/intel.c |
881 |
++++ b/arch/x86/kernel/cpu/intel.c |
882 |
+@@ -150,6 +150,9 @@ static bool bad_spectre_microcode(struct cpuinfo_x86 *c) |
883 |
+ if (cpu_has(c, X86_FEATURE_HYPERVISOR)) |
884 |
+ return false; |
885 |
+ |
886 |
++ if (c->x86 != 6) |
887 |
++ return false; |
888 |
++ |
889 |
+ for (i = 0; i < ARRAY_SIZE(spectre_bad_microcodes); i++) { |
890 |
+ if (c->x86_model == spectre_bad_microcodes[i].model && |
891 |
+ c->x86_stepping == spectre_bad_microcodes[i].stepping) |
892 |
+diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c |
893 |
+index 666a284116ac..17b02adc79aa 100644 |
894 |
+--- a/arch/x86/kernel/dumpstack.c |
895 |
++++ b/arch/x86/kernel/dumpstack.c |
896 |
+@@ -17,6 +17,7 @@ |
897 |
+ #include <linux/bug.h> |
898 |
+ #include <linux/nmi.h> |
899 |
+ #include <linux/sysfs.h> |
900 |
++#include <linux/kasan.h> |
901 |
+ |
902 |
+ #include <asm/cpu_entry_area.h> |
903 |
+ #include <asm/stacktrace.h> |
904 |
+@@ -91,23 +92,32 @@ static void printk_stack_address(unsigned long address, int reliable, |
905 |
+ * Thus, the 2/3rds prologue and 64 byte OPCODE_BUFSIZE is just a random |
906 |
+ * guesstimate in attempt to achieve all of the above. |
907 |
+ */ |
908 |
+-void show_opcodes(u8 *rip, const char *loglvl) |
909 |
++void show_opcodes(struct pt_regs *regs, const char *loglvl) |
910 |
+ { |
911 |
+ unsigned int code_prologue = OPCODE_BUFSIZE * 2 / 3; |
912 |
+ u8 opcodes[OPCODE_BUFSIZE]; |
913 |
+- u8 *ip; |
914 |
++ unsigned long ip; |
915 |
+ int i; |
916 |
++ bool bad_ip; |
917 |
+ |
918 |
+ printk("%sCode: ", loglvl); |
919 |
+ |
920 |
+- ip = (u8 *)rip - code_prologue; |
921 |
+- if (probe_kernel_read(opcodes, ip, OPCODE_BUFSIZE)) { |
922 |
++ ip = regs->ip - code_prologue; |
923 |
++ |
924 |
++ /* |
925 |
++ * Make sure userspace isn't trying to trick us into dumping kernel |
926 |
++ * memory by pointing the userspace instruction pointer at it. |
927 |
++ */ |
928 |
++ bad_ip = user_mode(regs) && |
929 |
++ __chk_range_not_ok(ip, OPCODE_BUFSIZE, TASK_SIZE_MAX); |
930 |
++ |
931 |
++ if (bad_ip || probe_kernel_read(opcodes, (u8 *)ip, OPCODE_BUFSIZE)) { |
932 |
+ pr_cont("Bad RIP value.\n"); |
933 |
+ return; |
934 |
+ } |
935 |
+ |
936 |
+ for (i = 0; i < OPCODE_BUFSIZE; i++, ip++) { |
937 |
+- if (ip == rip) |
938 |
++ if (ip == regs->ip) |
939 |
+ pr_cont("<%02x> ", opcodes[i]); |
940 |
+ else |
941 |
+ pr_cont("%02x ", opcodes[i]); |
942 |
+@@ -122,7 +132,7 @@ void show_ip(struct pt_regs *regs, const char *loglvl) |
943 |
+ #else |
944 |
+ printk("%sRIP: %04x:%pS\n", loglvl, (int)regs->cs, (void *)regs->ip); |
945 |
+ #endif |
946 |
+- show_opcodes((u8 *)regs->ip, loglvl); |
947 |
++ show_opcodes(regs, loglvl); |
948 |
+ } |
949 |
+ |
950 |
+ void show_iret_regs(struct pt_regs *regs) |
951 |
+@@ -356,7 +366,10 @@ void oops_end(unsigned long flags, struct pt_regs *regs, int signr) |
952 |
+ * We're not going to return, but we might be on an IST stack or |
953 |
+ * have very little stack space left. Rewind the stack and kill |
954 |
+ * the task. |
955 |
++ * Before we rewind the stack, we have to tell KASAN that we're going to |
956 |
++ * reuse the task stack and that existing poisons are invalid. |
957 |
+ */ |
958 |
++ kasan_unpoison_task_stack(current); |
959 |
+ rewind_stack_do_exit(signr); |
960 |
+ } |
961 |
+ NOKPROBE_SYMBOL(oops_end); |
962 |
+diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c |
963 |
+index da5d8ac60062..50d5848bf22e 100644 |
964 |
+--- a/arch/x86/kernel/early-quirks.c |
965 |
++++ b/arch/x86/kernel/early-quirks.c |
966 |
+@@ -338,6 +338,18 @@ static resource_size_t __init gen3_stolen_base(int num, int slot, int func, |
967 |
+ return bsm & INTEL_BSM_MASK; |
968 |
+ } |
969 |
+ |
970 |
++static resource_size_t __init gen11_stolen_base(int num, int slot, int func, |
971 |
++ resource_size_t stolen_size) |
972 |
++{ |
973 |
++ u64 bsm; |
974 |
++ |
975 |
++ bsm = read_pci_config(num, slot, func, INTEL_GEN11_BSM_DW0); |
976 |
++ bsm &= INTEL_BSM_MASK; |
977 |
++ bsm |= (u64)read_pci_config(num, slot, func, INTEL_GEN11_BSM_DW1) << 32; |
978 |
++ |
979 |
++ return bsm; |
980 |
++} |
981 |
++ |
982 |
+ static resource_size_t __init i830_stolen_size(int num, int slot, int func) |
983 |
+ { |
984 |
+ u16 gmch_ctrl; |
985 |
+@@ -498,6 +510,11 @@ static const struct intel_early_ops chv_early_ops __initconst = { |
986 |
+ .stolen_size = chv_stolen_size, |
987 |
+ }; |
988 |
+ |
989 |
++static const struct intel_early_ops gen11_early_ops __initconst = { |
990 |
++ .stolen_base = gen11_stolen_base, |
991 |
++ .stolen_size = gen9_stolen_size, |
992 |
++}; |
993 |
++ |
994 |
+ static const struct pci_device_id intel_early_ids[] __initconst = { |
995 |
+ INTEL_I830_IDS(&i830_early_ops), |
996 |
+ INTEL_I845G_IDS(&i845_early_ops), |
997 |
+@@ -529,6 +546,7 @@ static const struct pci_device_id intel_early_ids[] __initconst = { |
998 |
+ INTEL_CFL_IDS(&gen9_early_ops), |
999 |
+ INTEL_GLK_IDS(&gen9_early_ops), |
1000 |
+ INTEL_CNL_IDS(&gen9_early_ops), |
1001 |
++ INTEL_ICL_11_IDS(&gen11_early_ops), |
1002 |
+ }; |
1003 |
+ |
1004 |
+ struct resource intel_graphics_stolen_res __ro_after_init = DEFINE_RES_MEM(0, 0); |
1005 |
+diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
1006 |
+index 12bb445fb98d..4344a032ebe6 100644 |
1007 |
+--- a/arch/x86/kernel/process_64.c |
1008 |
++++ b/arch/x86/kernel/process_64.c |
1009 |
+@@ -384,6 +384,7 @@ start_thread(struct pt_regs *regs, unsigned long new_ip, unsigned long new_sp) |
1010 |
+ start_thread_common(regs, new_ip, new_sp, |
1011 |
+ __USER_CS, __USER_DS, 0); |
1012 |
+ } |
1013 |
++EXPORT_SYMBOL_GPL(start_thread); |
1014 |
+ |
1015 |
+ #ifdef CONFIG_COMPAT |
1016 |
+ void compat_start_thread(struct pt_regs *regs, u32 new_ip, u32 new_sp) |
1017 |
+diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c |
1018 |
+index af8caf965baa..01d209ab5481 100644 |
1019 |
+--- a/arch/x86/kvm/hyperv.c |
1020 |
++++ b/arch/x86/kvm/hyperv.c |
1021 |
+@@ -235,7 +235,7 @@ static int synic_set_msr(struct kvm_vcpu_hv_synic *synic, |
1022 |
+ struct kvm_vcpu *vcpu = synic_to_vcpu(synic); |
1023 |
+ int ret; |
1024 |
+ |
1025 |
+- if (!synic->active) |
1026 |
++ if (!synic->active && !host) |
1027 |
+ return 1; |
1028 |
+ |
1029 |
+ trace_kvm_hv_synic_set_msr(vcpu->vcpu_id, msr, data, host); |
1030 |
+@@ -295,11 +295,12 @@ static int synic_set_msr(struct kvm_vcpu_hv_synic *synic, |
1031 |
+ return ret; |
1032 |
+ } |
1033 |
+ |
1034 |
+-static int synic_get_msr(struct kvm_vcpu_hv_synic *synic, u32 msr, u64 *pdata) |
1035 |
++static int synic_get_msr(struct kvm_vcpu_hv_synic *synic, u32 msr, u64 *pdata, |
1036 |
++ bool host) |
1037 |
+ { |
1038 |
+ int ret; |
1039 |
+ |
1040 |
+- if (!synic->active) |
1041 |
++ if (!synic->active && !host) |
1042 |
+ return 1; |
1043 |
+ |
1044 |
+ ret = 0; |
1045 |
+@@ -1014,6 +1015,11 @@ static int kvm_hv_set_msr_pw(struct kvm_vcpu *vcpu, u32 msr, u64 data, |
1046 |
+ case HV_X64_MSR_TSC_EMULATION_STATUS: |
1047 |
+ hv->hv_tsc_emulation_status = data; |
1048 |
+ break; |
1049 |
++ case HV_X64_MSR_TIME_REF_COUNT: |
1050 |
++ /* read-only, but still ignore it if host-initiated */ |
1051 |
++ if (!host) |
1052 |
++ return 1; |
1053 |
++ break; |
1054 |
+ default: |
1055 |
+ vcpu_unimpl(vcpu, "Hyper-V uhandled wrmsr: 0x%x data 0x%llx\n", |
1056 |
+ msr, data); |
1057 |
+@@ -1101,6 +1107,12 @@ static int kvm_hv_set_msr(struct kvm_vcpu *vcpu, u32 msr, u64 data, bool host) |
1058 |
+ return stimer_set_count(vcpu_to_stimer(vcpu, timer_index), |
1059 |
+ data, host); |
1060 |
+ } |
1061 |
++ case HV_X64_MSR_TSC_FREQUENCY: |
1062 |
++ case HV_X64_MSR_APIC_FREQUENCY: |
1063 |
++ /* read-only, but still ignore it if host-initiated */ |
1064 |
++ if (!host) |
1065 |
++ return 1; |
1066 |
++ break; |
1067 |
+ default: |
1068 |
+ vcpu_unimpl(vcpu, "Hyper-V uhandled wrmsr: 0x%x data 0x%llx\n", |
1069 |
+ msr, data); |
1070 |
+@@ -1156,7 +1168,8 @@ static int kvm_hv_get_msr_pw(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) |
1071 |
+ return 0; |
1072 |
+ } |
1073 |
+ |
1074 |
+-static int kvm_hv_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) |
1075 |
++static int kvm_hv_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, |
1076 |
++ bool host) |
1077 |
+ { |
1078 |
+ u64 data = 0; |
1079 |
+ struct kvm_vcpu_hv *hv = &vcpu->arch.hyperv; |
1080 |
+@@ -1183,7 +1196,7 @@ static int kvm_hv_get_msr(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) |
1081 |
+ case HV_X64_MSR_SIMP: |
1082 |
+ case HV_X64_MSR_EOM: |
1083 |
+ case HV_X64_MSR_SINT0 ... HV_X64_MSR_SINT15: |
1084 |
+- return synic_get_msr(vcpu_to_synic(vcpu), msr, pdata); |
1085 |
++ return synic_get_msr(vcpu_to_synic(vcpu), msr, pdata, host); |
1086 |
+ case HV_X64_MSR_STIMER0_CONFIG: |
1087 |
+ case HV_X64_MSR_STIMER1_CONFIG: |
1088 |
+ case HV_X64_MSR_STIMER2_CONFIG: |
1089 |
+@@ -1229,7 +1242,7 @@ int kvm_hv_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data, bool host) |
1090 |
+ return kvm_hv_set_msr(vcpu, msr, data, host); |
1091 |
+ } |
1092 |
+ |
1093 |
+-int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) |
1094 |
++int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host) |
1095 |
+ { |
1096 |
+ if (kvm_hv_msr_partition_wide(msr)) { |
1097 |
+ int r; |
1098 |
+@@ -1239,7 +1252,7 @@ int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) |
1099 |
+ mutex_unlock(&vcpu->kvm->arch.hyperv.hv_lock); |
1100 |
+ return r; |
1101 |
+ } else |
1102 |
+- return kvm_hv_get_msr(vcpu, msr, pdata); |
1103 |
++ return kvm_hv_get_msr(vcpu, msr, pdata, host); |
1104 |
+ } |
1105 |
+ |
1106 |
+ static __always_inline int get_sparse_bank_no(u64 valid_bank_mask, int bank_no) |
1107 |
+diff --git a/arch/x86/kvm/hyperv.h b/arch/x86/kvm/hyperv.h |
1108 |
+index 837465d69c6d..d6aa969e20f1 100644 |
1109 |
+--- a/arch/x86/kvm/hyperv.h |
1110 |
++++ b/arch/x86/kvm/hyperv.h |
1111 |
+@@ -48,7 +48,7 @@ static inline struct kvm_vcpu *synic_to_vcpu(struct kvm_vcpu_hv_synic *synic) |
1112 |
+ } |
1113 |
+ |
1114 |
+ int kvm_hv_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data, bool host); |
1115 |
+-int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata); |
1116 |
++int kvm_hv_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host); |
1117 |
+ |
1118 |
+ bool kvm_hv_hypercall_enabled(struct kvm *kvm); |
1119 |
+ int kvm_hv_hypercall(struct kvm_vcpu *vcpu); |
1120 |
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
1121 |
+index f059a73f0fd0..9799f86388e7 100644 |
1122 |
+--- a/arch/x86/kvm/svm.c |
1123 |
++++ b/arch/x86/kvm/svm.c |
1124 |
+@@ -5580,8 +5580,6 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) |
1125 |
+ |
1126 |
+ clgi(); |
1127 |
+ |
1128 |
+- local_irq_enable(); |
1129 |
+- |
1130 |
+ /* |
1131 |
+ * If this vCPU has touched SPEC_CTRL, restore the guest's value if |
1132 |
+ * it's non-zero. Since vmentry is serialising on affected CPUs, there |
1133 |
+@@ -5590,6 +5588,8 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) |
1134 |
+ */ |
1135 |
+ x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl); |
1136 |
+ |
1137 |
++ local_irq_enable(); |
1138 |
++ |
1139 |
+ asm volatile ( |
1140 |
+ "push %%" _ASM_BP "; \n\t" |
1141 |
+ "mov %c[rbx](%[svm]), %%" _ASM_BX " \n\t" |
1142 |
+@@ -5712,12 +5712,12 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) |
1143 |
+ if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL))) |
1144 |
+ svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL); |
1145 |
+ |
1146 |
+- x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); |
1147 |
+- |
1148 |
+ reload_tss(vcpu); |
1149 |
+ |
1150 |
+ local_irq_disable(); |
1151 |
+ |
1152 |
++ x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl); |
1153 |
++ |
1154 |
+ vcpu->arch.cr2 = svm->vmcb->save.cr2; |
1155 |
+ vcpu->arch.regs[VCPU_REGS_RAX] = svm->vmcb->save.rax; |
1156 |
+ vcpu->arch.regs[VCPU_REGS_RSP] = svm->vmcb->save.rsp; |
1157 |
+diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
1158 |
+index a5caa5e5480c..24c84aa87049 100644 |
1159 |
+--- a/arch/x86/kvm/x86.c |
1160 |
++++ b/arch/x86/kvm/x86.c |
1161 |
+@@ -2185,10 +2185,11 @@ static int set_msr_mce(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
1162 |
+ vcpu->arch.mcg_status = data; |
1163 |
+ break; |
1164 |
+ case MSR_IA32_MCG_CTL: |
1165 |
+- if (!(mcg_cap & MCG_CTL_P)) |
1166 |
++ if (!(mcg_cap & MCG_CTL_P) && |
1167 |
++ (data || !msr_info->host_initiated)) |
1168 |
+ return 1; |
1169 |
+ if (data != 0 && data != ~(u64)0) |
1170 |
+- return -1; |
1171 |
++ return 1; |
1172 |
+ vcpu->arch.mcg_ctl = data; |
1173 |
+ break; |
1174 |
+ default: |
1175 |
+@@ -2576,7 +2577,7 @@ int kvm_get_msr(struct kvm_vcpu *vcpu, struct msr_data *msr) |
1176 |
+ } |
1177 |
+ EXPORT_SYMBOL_GPL(kvm_get_msr); |
1178 |
+ |
1179 |
+-static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) |
1180 |
++static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata, bool host) |
1181 |
+ { |
1182 |
+ u64 data; |
1183 |
+ u64 mcg_cap = vcpu->arch.mcg_cap; |
1184 |
+@@ -2591,7 +2592,7 @@ static int get_msr_mce(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata) |
1185 |
+ data = vcpu->arch.mcg_cap; |
1186 |
+ break; |
1187 |
+ case MSR_IA32_MCG_CTL: |
1188 |
+- if (!(mcg_cap & MCG_CTL_P)) |
1189 |
++ if (!(mcg_cap & MCG_CTL_P) && !host) |
1190 |
+ return 1; |
1191 |
+ data = vcpu->arch.mcg_ctl; |
1192 |
+ break; |
1193 |
+@@ -2724,7 +2725,8 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
1194 |
+ case MSR_IA32_MCG_CTL: |
1195 |
+ case MSR_IA32_MCG_STATUS: |
1196 |
+ case MSR_IA32_MC0_CTL ... MSR_IA32_MCx_CTL(KVM_MAX_MCE_BANKS) - 1: |
1197 |
+- return get_msr_mce(vcpu, msr_info->index, &msr_info->data); |
1198 |
++ return get_msr_mce(vcpu, msr_info->index, &msr_info->data, |
1199 |
++ msr_info->host_initiated); |
1200 |
+ case MSR_K7_CLK_CTL: |
1201 |
+ /* |
1202 |
+ * Provide expected ramp-up count for K7. All other |
1203 |
+@@ -2745,7 +2747,8 @@ int kvm_get_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) |
1204 |
+ case HV_X64_MSR_TSC_EMULATION_CONTROL: |
1205 |
+ case HV_X64_MSR_TSC_EMULATION_STATUS: |
1206 |
+ return kvm_hv_get_msr_common(vcpu, |
1207 |
+- msr_info->index, &msr_info->data); |
1208 |
++ msr_info->index, &msr_info->data, |
1209 |
++ msr_info->host_initiated); |
1210 |
+ break; |
1211 |
+ case MSR_IA32_BBL_CR_CTL3: |
1212 |
+ /* This legacy MSR exists but isn't fully documented in current |
1213 |
+diff --git a/arch/x86/lib/usercopy.c b/arch/x86/lib/usercopy.c |
1214 |
+index c8c6ad0d58b8..3f435d7fca5e 100644 |
1215 |
+--- a/arch/x86/lib/usercopy.c |
1216 |
++++ b/arch/x86/lib/usercopy.c |
1217 |
+@@ -7,6 +7,8 @@ |
1218 |
+ #include <linux/uaccess.h> |
1219 |
+ #include <linux/export.h> |
1220 |
+ |
1221 |
++#include <asm/tlbflush.h> |
1222 |
++ |
1223 |
+ /* |
1224 |
+ * We rely on the nested NMI work to allow atomic faults from the NMI path; the |
1225 |
+ * nested NMI paths are careful to preserve CR2. |
1226 |
+@@ -19,6 +21,9 @@ copy_from_user_nmi(void *to, const void __user *from, unsigned long n) |
1227 |
+ if (__range_not_ok(from, n, TASK_SIZE)) |
1228 |
+ return n; |
1229 |
+ |
1230 |
++ if (!nmi_uaccess_okay()) |
1231 |
++ return n; |
1232 |
++ |
1233 |
+ /* |
1234 |
+ * Even though this function is typically called from NMI/IRQ context |
1235 |
+ * disable pagefaults so that its behaviour is consistent even when |
1236 |
+diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
1237 |
+index 2aafa6ab6103..d1f1612672c7 100644 |
1238 |
+--- a/arch/x86/mm/fault.c |
1239 |
++++ b/arch/x86/mm/fault.c |
1240 |
+@@ -838,7 +838,7 @@ show_signal_msg(struct pt_regs *regs, unsigned long error_code, |
1241 |
+ |
1242 |
+ printk(KERN_CONT "\n"); |
1243 |
+ |
1244 |
+- show_opcodes((u8 *)regs->ip, loglvl); |
1245 |
++ show_opcodes(regs, loglvl); |
1246 |
+ } |
1247 |
+ |
1248 |
+ static void |
1249 |
+diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c |
1250 |
+index acfab322fbe0..63a6f9fcaf20 100644 |
1251 |
+--- a/arch/x86/mm/init.c |
1252 |
++++ b/arch/x86/mm/init.c |
1253 |
+@@ -923,7 +923,7 @@ unsigned long max_swapfile_size(void) |
1254 |
+ |
1255 |
+ if (boot_cpu_has_bug(X86_BUG_L1TF)) { |
1256 |
+ /* Limit the swap file size to MAX_PA/2 for L1TF workaround */ |
1257 |
+- unsigned long l1tf_limit = l1tf_pfn_limit() + 1; |
1258 |
++ unsigned long long l1tf_limit = l1tf_pfn_limit(); |
1259 |
+ /* |
1260 |
+ * We encode swap offsets also with 3 bits below those for pfn |
1261 |
+ * which makes the usable limit higher. |
1262 |
+@@ -931,7 +931,7 @@ unsigned long max_swapfile_size(void) |
1263 |
+ #if CONFIG_PGTABLE_LEVELS > 2 |
1264 |
+ l1tf_limit <<= PAGE_SHIFT - SWP_OFFSET_FIRST_BIT; |
1265 |
+ #endif |
1266 |
+- pages = min_t(unsigned long, l1tf_limit, pages); |
1267 |
++ pages = min_t(unsigned long long, l1tf_limit, pages); |
1268 |
+ } |
1269 |
+ return pages; |
1270 |
+ } |
1271 |
+diff --git a/arch/x86/mm/mmap.c b/arch/x86/mm/mmap.c |
1272 |
+index f40ab8185d94..1e95d57760cf 100644 |
1273 |
+--- a/arch/x86/mm/mmap.c |
1274 |
++++ b/arch/x86/mm/mmap.c |
1275 |
+@@ -257,7 +257,7 @@ bool pfn_modify_allowed(unsigned long pfn, pgprot_t prot) |
1276 |
+ /* If it's real memory always allow */ |
1277 |
+ if (pfn_valid(pfn)) |
1278 |
+ return true; |
1279 |
+- if (pfn > l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) |
1280 |
++ if (pfn >= l1tf_pfn_limit() && !capable(CAP_SYS_ADMIN)) |
1281 |
+ return false; |
1282 |
+ return true; |
1283 |
+ } |
1284 |
+diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c |
1285 |
+index 6eb1f34c3c85..cd2617285e2e 100644 |
1286 |
+--- a/arch/x86/mm/tlb.c |
1287 |
++++ b/arch/x86/mm/tlb.c |
1288 |
+@@ -298,6 +298,10 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
1289 |
+ |
1290 |
+ choose_new_asid(next, next_tlb_gen, &new_asid, &need_flush); |
1291 |
+ |
1292 |
++ /* Let nmi_uaccess_okay() know that we're changing CR3. */ |
1293 |
++ this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING); |
1294 |
++ barrier(); |
1295 |
++ |
1296 |
+ if (need_flush) { |
1297 |
+ this_cpu_write(cpu_tlbstate.ctxs[new_asid].ctx_id, next->context.ctx_id); |
1298 |
+ this_cpu_write(cpu_tlbstate.ctxs[new_asid].tlb_gen, next_tlb_gen); |
1299 |
+@@ -328,6 +332,9 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
1300 |
+ if (next != &init_mm) |
1301 |
+ this_cpu_write(cpu_tlbstate.last_ctx_id, next->context.ctx_id); |
1302 |
+ |
1303 |
++ /* Make sure we write CR3 before loaded_mm. */ |
1304 |
++ barrier(); |
1305 |
++ |
1306 |
+ this_cpu_write(cpu_tlbstate.loaded_mm, next); |
1307 |
+ this_cpu_write(cpu_tlbstate.loaded_mm_asid, new_asid); |
1308 |
+ } |
1309 |
+diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c |
1310 |
+index cc71c63df381..984b37647b2f 100644 |
1311 |
+--- a/drivers/ata/libata-core.c |
1312 |
++++ b/drivers/ata/libata-core.c |
1313 |
+@@ -6424,6 +6424,7 @@ void ata_host_init(struct ata_host *host, struct device *dev, |
1314 |
+ host->n_tags = ATA_MAX_QUEUE; |
1315 |
+ host->dev = dev; |
1316 |
+ host->ops = ops; |
1317 |
++ kref_init(&host->kref); |
1318 |
+ } |
1319 |
+ |
1320 |
+ void __ata_port_probe(struct ata_port *ap) |
1321 |
+@@ -7391,3 +7392,5 @@ EXPORT_SYMBOL_GPL(ata_cable_80wire); |
1322 |
+ EXPORT_SYMBOL_GPL(ata_cable_unknown); |
1323 |
+ EXPORT_SYMBOL_GPL(ata_cable_ignore); |
1324 |
+ EXPORT_SYMBOL_GPL(ata_cable_sata); |
1325 |
++EXPORT_SYMBOL_GPL(ata_host_get); |
1326 |
++EXPORT_SYMBOL_GPL(ata_host_put); |
1327 |
+\ No newline at end of file |
1328 |
+diff --git a/drivers/ata/libata.h b/drivers/ata/libata.h |
1329 |
+index 9e21c49cf6be..f953cb4bb1ba 100644 |
1330 |
+--- a/drivers/ata/libata.h |
1331 |
++++ b/drivers/ata/libata.h |
1332 |
+@@ -100,8 +100,6 @@ extern int ata_port_probe(struct ata_port *ap); |
1333 |
+ extern void __ata_port_probe(struct ata_port *ap); |
1334 |
+ extern unsigned int ata_read_log_page(struct ata_device *dev, u8 log, |
1335 |
+ u8 page, void *buf, unsigned int sectors); |
1336 |
+-extern void ata_host_get(struct ata_host *host); |
1337 |
+-extern void ata_host_put(struct ata_host *host); |
1338 |
+ |
1339 |
+ #define to_ata_port(d) container_of(d, struct ata_port, tdev) |
1340 |
+ |
1341 |
+diff --git a/drivers/base/power/clock_ops.c b/drivers/base/power/clock_ops.c |
1342 |
+index 8e2e4757adcb..5a42ae4078c2 100644 |
1343 |
+--- a/drivers/base/power/clock_ops.c |
1344 |
++++ b/drivers/base/power/clock_ops.c |
1345 |
+@@ -185,7 +185,7 @@ EXPORT_SYMBOL_GPL(of_pm_clk_add_clk); |
1346 |
+ int of_pm_clk_add_clks(struct device *dev) |
1347 |
+ { |
1348 |
+ struct clk **clks; |
1349 |
+- unsigned int i, count; |
1350 |
++ int i, count; |
1351 |
+ int ret; |
1352 |
+ |
1353 |
+ if (!dev || !dev->of_node) |
1354 |
+diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c |
1355 |
+index a78b8e7085e9..66acbd063562 100644 |
1356 |
+--- a/drivers/cdrom/cdrom.c |
1357 |
++++ b/drivers/cdrom/cdrom.c |
1358 |
+@@ -2542,7 +2542,7 @@ static int cdrom_ioctl_drive_status(struct cdrom_device_info *cdi, |
1359 |
+ if (!CDROM_CAN(CDC_SELECT_DISC) || |
1360 |
+ (arg == CDSL_CURRENT || arg == CDSL_NONE)) |
1361 |
+ return cdi->ops->drive_status(cdi, CDSL_CURRENT); |
1362 |
+- if (((int)arg >= cdi->capacity)) |
1363 |
++ if (arg >= cdi->capacity) |
1364 |
+ return -EINVAL; |
1365 |
+ return cdrom_slot_status(cdi, arg); |
1366 |
+ } |
1367 |
+diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c |
1368 |
+index e32f6e85dc6d..3a3a7a548a85 100644 |
1369 |
+--- a/drivers/char/tpm/tpm-interface.c |
1370 |
++++ b/drivers/char/tpm/tpm-interface.c |
1371 |
+@@ -29,7 +29,6 @@ |
1372 |
+ #include <linux/mutex.h> |
1373 |
+ #include <linux/spinlock.h> |
1374 |
+ #include <linux/freezer.h> |
1375 |
+-#include <linux/pm_runtime.h> |
1376 |
+ #include <linux/tpm_eventlog.h> |
1377 |
+ |
1378 |
+ #include "tpm.h" |
1379 |
+@@ -369,10 +368,13 @@ err_len: |
1380 |
+ return -EINVAL; |
1381 |
+ } |
1382 |
+ |
1383 |
+-static int tpm_request_locality(struct tpm_chip *chip) |
1384 |
++static int tpm_request_locality(struct tpm_chip *chip, unsigned int flags) |
1385 |
+ { |
1386 |
+ int rc; |
1387 |
+ |
1388 |
++ if (flags & TPM_TRANSMIT_RAW) |
1389 |
++ return 0; |
1390 |
++ |
1391 |
+ if (!chip->ops->request_locality) |
1392 |
+ return 0; |
1393 |
+ |
1394 |
+@@ -385,10 +387,13 @@ static int tpm_request_locality(struct tpm_chip *chip) |
1395 |
+ return 0; |
1396 |
+ } |
1397 |
+ |
1398 |
+-static void tpm_relinquish_locality(struct tpm_chip *chip) |
1399 |
++static void tpm_relinquish_locality(struct tpm_chip *chip, unsigned int flags) |
1400 |
+ { |
1401 |
+ int rc; |
1402 |
+ |
1403 |
++ if (flags & TPM_TRANSMIT_RAW) |
1404 |
++ return; |
1405 |
++ |
1406 |
+ if (!chip->ops->relinquish_locality) |
1407 |
+ return; |
1408 |
+ |
1409 |
+@@ -399,6 +404,28 @@ static void tpm_relinquish_locality(struct tpm_chip *chip) |
1410 |
+ chip->locality = -1; |
1411 |
+ } |
1412 |
+ |
1413 |
++static int tpm_cmd_ready(struct tpm_chip *chip, unsigned int flags) |
1414 |
++{ |
1415 |
++ if (flags & TPM_TRANSMIT_RAW) |
1416 |
++ return 0; |
1417 |
++ |
1418 |
++ if (!chip->ops->cmd_ready) |
1419 |
++ return 0; |
1420 |
++ |
1421 |
++ return chip->ops->cmd_ready(chip); |
1422 |
++} |
1423 |
++ |
1424 |
++static int tpm_go_idle(struct tpm_chip *chip, unsigned int flags) |
1425 |
++{ |
1426 |
++ if (flags & TPM_TRANSMIT_RAW) |
1427 |
++ return 0; |
1428 |
++ |
1429 |
++ if (!chip->ops->go_idle) |
1430 |
++ return 0; |
1431 |
++ |
1432 |
++ return chip->ops->go_idle(chip); |
1433 |
++} |
1434 |
++ |
1435 |
+ static ssize_t tpm_try_transmit(struct tpm_chip *chip, |
1436 |
+ struct tpm_space *space, |
1437 |
+ u8 *buf, size_t bufsiz, |
1438 |
+@@ -423,7 +450,7 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, |
1439 |
+ header->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS); |
1440 |
+ header->return_code = cpu_to_be32(TPM2_RC_COMMAND_CODE | |
1441 |
+ TSS2_RESMGR_TPM_RC_LAYER); |
1442 |
+- return bufsiz; |
1443 |
++ return sizeof(*header); |
1444 |
+ } |
1445 |
+ |
1446 |
+ if (bufsiz > TPM_BUFSIZE) |
1447 |
+@@ -449,14 +476,15 @@ static ssize_t tpm_try_transmit(struct tpm_chip *chip, |
1448 |
+ /* Store the decision as chip->locality will be changed. */ |
1449 |
+ need_locality = chip->locality == -1; |
1450 |
+ |
1451 |
+- if (!(flags & TPM_TRANSMIT_RAW) && need_locality) { |
1452 |
+- rc = tpm_request_locality(chip); |
1453 |
++ if (need_locality) { |
1454 |
++ rc = tpm_request_locality(chip, flags); |
1455 |
+ if (rc < 0) |
1456 |
+ goto out_no_locality; |
1457 |
+ } |
1458 |
+ |
1459 |
+- if (chip->dev.parent) |
1460 |
+- pm_runtime_get_sync(chip->dev.parent); |
1461 |
++ rc = tpm_cmd_ready(chip, flags); |
1462 |
++ if (rc) |
1463 |
++ goto out; |
1464 |
+ |
1465 |
+ rc = tpm2_prepare_space(chip, space, ordinal, buf); |
1466 |
+ if (rc) |
1467 |
+@@ -516,13 +544,16 @@ out_recv: |
1468 |
+ } |
1469 |
+ |
1470 |
+ rc = tpm2_commit_space(chip, space, ordinal, buf, &len); |
1471 |
++ if (rc) |
1472 |
++ dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc); |
1473 |
+ |
1474 |
+ out: |
1475 |
+- if (chip->dev.parent) |
1476 |
+- pm_runtime_put_sync(chip->dev.parent); |
1477 |
++ rc = tpm_go_idle(chip, flags); |
1478 |
++ if (rc) |
1479 |
++ goto out; |
1480 |
+ |
1481 |
+ if (need_locality) |
1482 |
+- tpm_relinquish_locality(chip); |
1483 |
++ tpm_relinquish_locality(chip, flags); |
1484 |
+ |
1485 |
+ out_no_locality: |
1486 |
+ if (chip->ops->clk_enable != NULL) |
1487 |
+diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h |
1488 |
+index 4426649e431c..5f02dcd3df97 100644 |
1489 |
+--- a/drivers/char/tpm/tpm.h |
1490 |
++++ b/drivers/char/tpm/tpm.h |
1491 |
+@@ -511,9 +511,17 @@ extern const struct file_operations tpm_fops; |
1492 |
+ extern const struct file_operations tpmrm_fops; |
1493 |
+ extern struct idr dev_nums_idr; |
1494 |
+ |
1495 |
++/** |
1496 |
++ * enum tpm_transmit_flags |
1497 |
++ * |
1498 |
++ * @TPM_TRANSMIT_UNLOCKED: used to lock sequence of tpm_transmit calls. |
1499 |
++ * @TPM_TRANSMIT_RAW: prevent recursive calls into setup steps |
1500 |
++ * (go idle, locality,..). Always use with UNLOCKED |
1501 |
++ * as it will fail on double locking. |
1502 |
++ */ |
1503 |
+ enum tpm_transmit_flags { |
1504 |
+- TPM_TRANSMIT_UNLOCKED = BIT(0), |
1505 |
+- TPM_TRANSMIT_RAW = BIT(1), |
1506 |
++ TPM_TRANSMIT_UNLOCKED = BIT(0), |
1507 |
++ TPM_TRANSMIT_RAW = BIT(1), |
1508 |
+ }; |
1509 |
+ |
1510 |
+ ssize_t tpm_transmit(struct tpm_chip *chip, struct tpm_space *space, |
1511 |
+diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c |
1512 |
+index 6122d3276f72..11c85ed8c113 100644 |
1513 |
+--- a/drivers/char/tpm/tpm2-space.c |
1514 |
++++ b/drivers/char/tpm/tpm2-space.c |
1515 |
+@@ -39,7 +39,8 @@ static void tpm2_flush_sessions(struct tpm_chip *chip, struct tpm_space *space) |
1516 |
+ for (i = 0; i < ARRAY_SIZE(space->session_tbl); i++) { |
1517 |
+ if (space->session_tbl[i]) |
1518 |
+ tpm2_flush_context_cmd(chip, space->session_tbl[i], |
1519 |
+- TPM_TRANSMIT_UNLOCKED); |
1520 |
++ TPM_TRANSMIT_UNLOCKED | |
1521 |
++ TPM_TRANSMIT_RAW); |
1522 |
+ } |
1523 |
+ } |
1524 |
+ |
1525 |
+@@ -84,7 +85,7 @@ static int tpm2_load_context(struct tpm_chip *chip, u8 *buf, |
1526 |
+ tpm_buf_append(&tbuf, &buf[*offset], body_size); |
1527 |
+ |
1528 |
+ rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 4, |
1529 |
+- TPM_TRANSMIT_UNLOCKED, NULL); |
1530 |
++ TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); |
1531 |
+ if (rc < 0) { |
1532 |
+ dev_warn(&chip->dev, "%s: failed with a system error %d\n", |
1533 |
+ __func__, rc); |
1534 |
+@@ -133,7 +134,7 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, |
1535 |
+ tpm_buf_append_u32(&tbuf, handle); |
1536 |
+ |
1537 |
+ rc = tpm_transmit_cmd(chip, NULL, tbuf.data, PAGE_SIZE, 0, |
1538 |
+- TPM_TRANSMIT_UNLOCKED, NULL); |
1539 |
++ TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW, NULL); |
1540 |
+ if (rc < 0) { |
1541 |
+ dev_warn(&chip->dev, "%s: failed with a system error %d\n", |
1542 |
+ __func__, rc); |
1543 |
+@@ -170,7 +171,8 @@ static void tpm2_flush_space(struct tpm_chip *chip) |
1544 |
+ for (i = 0; i < ARRAY_SIZE(space->context_tbl); i++) |
1545 |
+ if (space->context_tbl[i] && ~space->context_tbl[i]) |
1546 |
+ tpm2_flush_context_cmd(chip, space->context_tbl[i], |
1547 |
+- TPM_TRANSMIT_UNLOCKED); |
1548 |
++ TPM_TRANSMIT_UNLOCKED | |
1549 |
++ TPM_TRANSMIT_RAW); |
1550 |
+ |
1551 |
+ tpm2_flush_sessions(chip, space); |
1552 |
+ } |
1553 |
+@@ -377,7 +379,8 @@ static int tpm2_map_response_header(struct tpm_chip *chip, u32 cc, u8 *rsp, |
1554 |
+ |
1555 |
+ return 0; |
1556 |
+ out_no_slots: |
1557 |
+- tpm2_flush_context_cmd(chip, phandle, TPM_TRANSMIT_UNLOCKED); |
1558 |
++ tpm2_flush_context_cmd(chip, phandle, |
1559 |
++ TPM_TRANSMIT_UNLOCKED | TPM_TRANSMIT_RAW); |
1560 |
+ dev_warn(&chip->dev, "%s: out of slots for 0x%08X\n", __func__, |
1561 |
+ phandle); |
1562 |
+ return -ENOMEM; |
1563 |
+@@ -465,7 +468,8 @@ static int tpm2_save_space(struct tpm_chip *chip) |
1564 |
+ return rc; |
1565 |
+ |
1566 |
+ tpm2_flush_context_cmd(chip, space->context_tbl[i], |
1567 |
+- TPM_TRANSMIT_UNLOCKED); |
1568 |
++ TPM_TRANSMIT_UNLOCKED | |
1569 |
++ TPM_TRANSMIT_RAW); |
1570 |
+ space->context_tbl[i] = ~0; |
1571 |
+ } |
1572 |
+ |
1573 |
+diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c |
1574 |
+index 34fbc6cb097b..36952ef98f90 100644 |
1575 |
+--- a/drivers/char/tpm/tpm_crb.c |
1576 |
++++ b/drivers/char/tpm/tpm_crb.c |
1577 |
+@@ -132,7 +132,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, |
1578 |
+ } |
1579 |
+ |
1580 |
+ /** |
1581 |
+- * crb_go_idle - request tpm crb device to go the idle state |
1582 |
++ * __crb_go_idle - request tpm crb device to go the idle state |
1583 |
+ * |
1584 |
+ * @dev: crb device |
1585 |
+ * @priv: crb private data |
1586 |
+@@ -147,7 +147,7 @@ static bool crb_wait_for_reg_32(u32 __iomem *reg, u32 mask, u32 value, |
1587 |
+ * |
1588 |
+ * Return: 0 always |
1589 |
+ */ |
1590 |
+-static int crb_go_idle(struct device *dev, struct crb_priv *priv) |
1591 |
++static int __crb_go_idle(struct device *dev, struct crb_priv *priv) |
1592 |
+ { |
1593 |
+ if ((priv->sm == ACPI_TPM2_START_METHOD) || |
1594 |
+ (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || |
1595 |
+@@ -163,11 +163,20 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) |
1596 |
+ dev_warn(dev, "goIdle timed out\n"); |
1597 |
+ return -ETIME; |
1598 |
+ } |
1599 |
++ |
1600 |
+ return 0; |
1601 |
+ } |
1602 |
+ |
1603 |
++static int crb_go_idle(struct tpm_chip *chip) |
1604 |
++{ |
1605 |
++ struct device *dev = &chip->dev; |
1606 |
++ struct crb_priv *priv = dev_get_drvdata(dev); |
1607 |
++ |
1608 |
++ return __crb_go_idle(dev, priv); |
1609 |
++} |
1610 |
++ |
1611 |
+ /** |
1612 |
+- * crb_cmd_ready - request tpm crb device to enter ready state |
1613 |
++ * __crb_cmd_ready - request tpm crb device to enter ready state |
1614 |
+ * |
1615 |
+ * @dev: crb device |
1616 |
+ * @priv: crb private data |
1617 |
+@@ -181,7 +190,7 @@ static int crb_go_idle(struct device *dev, struct crb_priv *priv) |
1618 |
+ * |
1619 |
+ * Return: 0 on success -ETIME on timeout; |
1620 |
+ */ |
1621 |
+-static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) |
1622 |
++static int __crb_cmd_ready(struct device *dev, struct crb_priv *priv) |
1623 |
+ { |
1624 |
+ if ((priv->sm == ACPI_TPM2_START_METHOD) || |
1625 |
+ (priv->sm == ACPI_TPM2_COMMAND_BUFFER_WITH_START_METHOD) || |
1626 |
+@@ -200,6 +209,14 @@ static int crb_cmd_ready(struct device *dev, struct crb_priv *priv) |
1627 |
+ return 0; |
1628 |
+ } |
1629 |
+ |
1630 |
++static int crb_cmd_ready(struct tpm_chip *chip) |
1631 |
++{ |
1632 |
++ struct device *dev = &chip->dev; |
1633 |
++ struct crb_priv *priv = dev_get_drvdata(dev); |
1634 |
++ |
1635 |
++ return __crb_cmd_ready(dev, priv); |
1636 |
++} |
1637 |
++ |
1638 |
+ static int __crb_request_locality(struct device *dev, |
1639 |
+ struct crb_priv *priv, int loc) |
1640 |
+ { |
1641 |
+@@ -401,6 +418,8 @@ static const struct tpm_class_ops tpm_crb = { |
1642 |
+ .send = crb_send, |
1643 |
+ .cancel = crb_cancel, |
1644 |
+ .req_canceled = crb_req_canceled, |
1645 |
++ .go_idle = crb_go_idle, |
1646 |
++ .cmd_ready = crb_cmd_ready, |
1647 |
+ .request_locality = crb_request_locality, |
1648 |
+ .relinquish_locality = crb_relinquish_locality, |
1649 |
+ .req_complete_mask = CRB_DRV_STS_COMPLETE, |
1650 |
+@@ -520,7 +539,7 @@ static int crb_map_io(struct acpi_device *device, struct crb_priv *priv, |
1651 |
+ * PTT HW bug w/a: wake up the device to access |
1652 |
+ * possibly not retained registers. |
1653 |
+ */ |
1654 |
+- ret = crb_cmd_ready(dev, priv); |
1655 |
++ ret = __crb_cmd_ready(dev, priv); |
1656 |
+ if (ret) |
1657 |
+ goto out_relinquish_locality; |
1658 |
+ |
1659 |
+@@ -565,7 +584,7 @@ out: |
1660 |
+ if (!ret) |
1661 |
+ priv->cmd_size = cmd_size; |
1662 |
+ |
1663 |
+- crb_go_idle(dev, priv); |
1664 |
++ __crb_go_idle(dev, priv); |
1665 |
+ |
1666 |
+ out_relinquish_locality: |
1667 |
+ |
1668 |
+@@ -628,32 +647,7 @@ static int crb_acpi_add(struct acpi_device *device) |
1669 |
+ chip->acpi_dev_handle = device->handle; |
1670 |
+ chip->flags = TPM_CHIP_FLAG_TPM2; |
1671 |
+ |
1672 |
+- rc = __crb_request_locality(dev, priv, 0); |
1673 |
+- if (rc) |
1674 |
+- return rc; |
1675 |
+- |
1676 |
+- rc = crb_cmd_ready(dev, priv); |
1677 |
+- if (rc) |
1678 |
+- goto out; |
1679 |
+- |
1680 |
+- pm_runtime_get_noresume(dev); |
1681 |
+- pm_runtime_set_active(dev); |
1682 |
+- pm_runtime_enable(dev); |
1683 |
+- |
1684 |
+- rc = tpm_chip_register(chip); |
1685 |
+- if (rc) { |
1686 |
+- crb_go_idle(dev, priv); |
1687 |
+- pm_runtime_put_noidle(dev); |
1688 |
+- pm_runtime_disable(dev); |
1689 |
+- goto out; |
1690 |
+- } |
1691 |
+- |
1692 |
+- pm_runtime_put_sync(dev); |
1693 |
+- |
1694 |
+-out: |
1695 |
+- __crb_relinquish_locality(dev, priv, 0); |
1696 |
+- |
1697 |
+- return rc; |
1698 |
++ return tpm_chip_register(chip); |
1699 |
+ } |
1700 |
+ |
1701 |
+ static int crb_acpi_remove(struct acpi_device *device) |
1702 |
+@@ -663,52 +657,11 @@ static int crb_acpi_remove(struct acpi_device *device) |
1703 |
+ |
1704 |
+ tpm_chip_unregister(chip); |
1705 |
+ |
1706 |
+- pm_runtime_disable(dev); |
1707 |
+- |
1708 |
+ return 0; |
1709 |
+ } |
1710 |
+ |
1711 |
+-static int __maybe_unused crb_pm_runtime_suspend(struct device *dev) |
1712 |
+-{ |
1713 |
+- struct tpm_chip *chip = dev_get_drvdata(dev); |
1714 |
+- struct crb_priv *priv = dev_get_drvdata(&chip->dev); |
1715 |
+- |
1716 |
+- return crb_go_idle(dev, priv); |
1717 |
+-} |
1718 |
+- |
1719 |
+-static int __maybe_unused crb_pm_runtime_resume(struct device *dev) |
1720 |
+-{ |
1721 |
+- struct tpm_chip *chip = dev_get_drvdata(dev); |
1722 |
+- struct crb_priv *priv = dev_get_drvdata(&chip->dev); |
1723 |
+- |
1724 |
+- return crb_cmd_ready(dev, priv); |
1725 |
+-} |
1726 |
+- |
1727 |
+-static int __maybe_unused crb_pm_suspend(struct device *dev) |
1728 |
+-{ |
1729 |
+- int ret; |
1730 |
+- |
1731 |
+- ret = tpm_pm_suspend(dev); |
1732 |
+- if (ret) |
1733 |
+- return ret; |
1734 |
+- |
1735 |
+- return crb_pm_runtime_suspend(dev); |
1736 |
+-} |
1737 |
+- |
1738 |
+-static int __maybe_unused crb_pm_resume(struct device *dev) |
1739 |
+-{ |
1740 |
+- int ret; |
1741 |
+- |
1742 |
+- ret = crb_pm_runtime_resume(dev); |
1743 |
+- if (ret) |
1744 |
+- return ret; |
1745 |
+- |
1746 |
+- return tpm_pm_resume(dev); |
1747 |
+-} |
1748 |
+- |
1749 |
+ static const struct dev_pm_ops crb_pm = { |
1750 |
+- SET_SYSTEM_SLEEP_PM_OPS(crb_pm_suspend, crb_pm_resume) |
1751 |
+- SET_RUNTIME_PM_OPS(crb_pm_runtime_suspend, crb_pm_runtime_resume, NULL) |
1752 |
++ SET_SYSTEM_SLEEP_PM_OPS(tpm_pm_suspend, tpm_pm_resume) |
1753 |
+ }; |
1754 |
+ |
1755 |
+ static const struct acpi_device_id crb_device_ids[] = { |
1756 |
+diff --git a/drivers/clk/clk-npcm7xx.c b/drivers/clk/clk-npcm7xx.c |
1757 |
+index 740af90a9508..c5edf8f2fd19 100644 |
1758 |
+--- a/drivers/clk/clk-npcm7xx.c |
1759 |
++++ b/drivers/clk/clk-npcm7xx.c |
1760 |
+@@ -558,8 +558,8 @@ static void __init npcm7xx_clk_init(struct device_node *clk_np) |
1761 |
+ if (!clk_base) |
1762 |
+ goto npcm7xx_init_error; |
1763 |
+ |
1764 |
+- npcm7xx_clk_data = kzalloc(sizeof(*npcm7xx_clk_data->hws) * |
1765 |
+- NPCM7XX_NUM_CLOCKS + sizeof(npcm7xx_clk_data), GFP_KERNEL); |
1766 |
++ npcm7xx_clk_data = kzalloc(struct_size(npcm7xx_clk_data, hws, |
1767 |
++ NPCM7XX_NUM_CLOCKS), GFP_KERNEL); |
1768 |
+ if (!npcm7xx_clk_data) |
1769 |
+ goto npcm7xx_init_np_err; |
1770 |
+ |
1771 |
+diff --git a/drivers/clk/rockchip/clk-rk3399.c b/drivers/clk/rockchip/clk-rk3399.c |
1772 |
+index bca10d618f0a..2a8634a52856 100644 |
1773 |
+--- a/drivers/clk/rockchip/clk-rk3399.c |
1774 |
++++ b/drivers/clk/rockchip/clk-rk3399.c |
1775 |
+@@ -631,7 +631,7 @@ static struct rockchip_clk_branch rk3399_clk_branches[] __initdata = { |
1776 |
+ MUX(0, "clk_i2sout_src", mux_i2sch_p, CLK_SET_RATE_PARENT, |
1777 |
+ RK3399_CLKSEL_CON(31), 0, 2, MFLAGS), |
1778 |
+ COMPOSITE_NODIV(SCLK_I2S_8CH_OUT, "clk_i2sout", mux_i2sout_p, CLK_SET_RATE_PARENT, |
1779 |
+- RK3399_CLKSEL_CON(30), 8, 2, MFLAGS, |
1780 |
++ RK3399_CLKSEL_CON(31), 2, 1, MFLAGS, |
1781 |
+ RK3399_CLKGATE_CON(8), 12, GFLAGS), |
1782 |
+ |
1783 |
+ /* uart */ |
1784 |
+diff --git a/drivers/gpu/drm/udl/udl_drv.h b/drivers/gpu/drm/udl/udl_drv.h |
1785 |
+index 55c0cc309198..7588a9eb0ee0 100644 |
1786 |
+--- a/drivers/gpu/drm/udl/udl_drv.h |
1787 |
++++ b/drivers/gpu/drm/udl/udl_drv.h |
1788 |
+@@ -112,7 +112,7 @@ udl_fb_user_fb_create(struct drm_device *dev, |
1789 |
+ struct drm_file *file, |
1790 |
+ const struct drm_mode_fb_cmd2 *mode_cmd); |
1791 |
+ |
1792 |
+-int udl_render_hline(struct drm_device *dev, int bpp, struct urb **urb_ptr, |
1793 |
++int udl_render_hline(struct drm_device *dev, int log_bpp, struct urb **urb_ptr, |
1794 |
+ const char *front, char **urb_buf_ptr, |
1795 |
+ u32 byte_offset, u32 device_byte_offset, u32 byte_width, |
1796 |
+ int *ident_ptr, int *sent_ptr); |
1797 |
+diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c |
1798 |
+index d5583190f3e4..8746eeeec44d 100644 |
1799 |
+--- a/drivers/gpu/drm/udl/udl_fb.c |
1800 |
++++ b/drivers/gpu/drm/udl/udl_fb.c |
1801 |
+@@ -90,7 +90,10 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y, |
1802 |
+ int bytes_identical = 0; |
1803 |
+ struct urb *urb; |
1804 |
+ int aligned_x; |
1805 |
+- int bpp = fb->base.format->cpp[0]; |
1806 |
++ int log_bpp; |
1807 |
++ |
1808 |
++ BUG_ON(!is_power_of_2(fb->base.format->cpp[0])); |
1809 |
++ log_bpp = __ffs(fb->base.format->cpp[0]); |
1810 |
+ |
1811 |
+ if (!fb->active_16) |
1812 |
+ return 0; |
1813 |
+@@ -125,12 +128,12 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y, |
1814 |
+ |
1815 |
+ for (i = y; i < y + height ; i++) { |
1816 |
+ const int line_offset = fb->base.pitches[0] * i; |
1817 |
+- const int byte_offset = line_offset + (x * bpp); |
1818 |
+- const int dev_byte_offset = (fb->base.width * bpp * i) + (x * bpp); |
1819 |
+- if (udl_render_hline(dev, bpp, &urb, |
1820 |
++ const int byte_offset = line_offset + (x << log_bpp); |
1821 |
++ const int dev_byte_offset = (fb->base.width * i + x) << log_bpp; |
1822 |
++ if (udl_render_hline(dev, log_bpp, &urb, |
1823 |
+ (char *) fb->obj->vmapping, |
1824 |
+ &cmd, byte_offset, dev_byte_offset, |
1825 |
+- width * bpp, |
1826 |
++ width << log_bpp, |
1827 |
+ &bytes_identical, &bytes_sent)) |
1828 |
+ goto error; |
1829 |
+ } |
1830 |
+@@ -149,7 +152,7 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y, |
1831 |
+ error: |
1832 |
+ atomic_add(bytes_sent, &udl->bytes_sent); |
1833 |
+ atomic_add(bytes_identical, &udl->bytes_identical); |
1834 |
+- atomic_add(width*height*bpp, &udl->bytes_rendered); |
1835 |
++ atomic_add((width * height) << log_bpp, &udl->bytes_rendered); |
1836 |
+ end_cycles = get_cycles(); |
1837 |
+ atomic_add(((unsigned int) ((end_cycles - start_cycles) |
1838 |
+ >> 10)), /* Kcycles */ |
1839 |
+@@ -221,7 +224,7 @@ static int udl_fb_open(struct fb_info *info, int user) |
1840 |
+ |
1841 |
+ struct fb_deferred_io *fbdefio; |
1842 |
+ |
1843 |
+- fbdefio = kmalloc(sizeof(struct fb_deferred_io), GFP_KERNEL); |
1844 |
++ fbdefio = kzalloc(sizeof(struct fb_deferred_io), GFP_KERNEL); |
1845 |
+ |
1846 |
+ if (fbdefio) { |
1847 |
+ fbdefio->delay = DL_DEFIO_WRITE_DELAY; |
1848 |
+diff --git a/drivers/gpu/drm/udl/udl_main.c b/drivers/gpu/drm/udl/udl_main.c |
1849 |
+index d518de8f496b..7e9ad926926a 100644 |
1850 |
+--- a/drivers/gpu/drm/udl/udl_main.c |
1851 |
++++ b/drivers/gpu/drm/udl/udl_main.c |
1852 |
+@@ -170,18 +170,13 @@ static void udl_free_urb_list(struct drm_device *dev) |
1853 |
+ struct list_head *node; |
1854 |
+ struct urb_node *unode; |
1855 |
+ struct urb *urb; |
1856 |
+- int ret; |
1857 |
+ unsigned long flags; |
1858 |
+ |
1859 |
+ DRM_DEBUG("Waiting for completes and freeing all render urbs\n"); |
1860 |
+ |
1861 |
+ /* keep waiting and freeing, until we've got 'em all */ |
1862 |
+ while (count--) { |
1863 |
+- |
1864 |
+- /* Getting interrupted means a leak, but ok at shutdown*/ |
1865 |
+- ret = down_interruptible(&udl->urbs.limit_sem); |
1866 |
+- if (ret) |
1867 |
+- break; |
1868 |
++ down(&udl->urbs.limit_sem); |
1869 |
+ |
1870 |
+ spin_lock_irqsave(&udl->urbs.lock, flags); |
1871 |
+ |
1872 |
+@@ -205,17 +200,22 @@ static void udl_free_urb_list(struct drm_device *dev) |
1873 |
+ static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size) |
1874 |
+ { |
1875 |
+ struct udl_device *udl = dev->dev_private; |
1876 |
+- int i = 0; |
1877 |
+ struct urb *urb; |
1878 |
+ struct urb_node *unode; |
1879 |
+ char *buf; |
1880 |
++ size_t wanted_size = count * size; |
1881 |
+ |
1882 |
+ spin_lock_init(&udl->urbs.lock); |
1883 |
+ |
1884 |
++retry: |
1885 |
+ udl->urbs.size = size; |
1886 |
+ INIT_LIST_HEAD(&udl->urbs.list); |
1887 |
+ |
1888 |
+- while (i < count) { |
1889 |
++ sema_init(&udl->urbs.limit_sem, 0); |
1890 |
++ udl->urbs.count = 0; |
1891 |
++ udl->urbs.available = 0; |
1892 |
++ |
1893 |
++ while (udl->urbs.count * size < wanted_size) { |
1894 |
+ unode = kzalloc(sizeof(struct urb_node), GFP_KERNEL); |
1895 |
+ if (!unode) |
1896 |
+ break; |
1897 |
+@@ -231,11 +231,16 @@ static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size) |
1898 |
+ } |
1899 |
+ unode->urb = urb; |
1900 |
+ |
1901 |
+- buf = usb_alloc_coherent(udl->udev, MAX_TRANSFER, GFP_KERNEL, |
1902 |
++ buf = usb_alloc_coherent(udl->udev, size, GFP_KERNEL, |
1903 |
+ &urb->transfer_dma); |
1904 |
+ if (!buf) { |
1905 |
+ kfree(unode); |
1906 |
+ usb_free_urb(urb); |
1907 |
++ if (size > PAGE_SIZE) { |
1908 |
++ size /= 2; |
1909 |
++ udl_free_urb_list(dev); |
1910 |
++ goto retry; |
1911 |
++ } |
1912 |
+ break; |
1913 |
+ } |
1914 |
+ |
1915 |
+@@ -246,16 +251,14 @@ static int udl_alloc_urb_list(struct drm_device *dev, int count, size_t size) |
1916 |
+ |
1917 |
+ list_add_tail(&unode->entry, &udl->urbs.list); |
1918 |
+ |
1919 |
+- i++; |
1920 |
++ up(&udl->urbs.limit_sem); |
1921 |
++ udl->urbs.count++; |
1922 |
++ udl->urbs.available++; |
1923 |
+ } |
1924 |
+ |
1925 |
+- sema_init(&udl->urbs.limit_sem, i); |
1926 |
+- udl->urbs.count = i; |
1927 |
+- udl->urbs.available = i; |
1928 |
+- |
1929 |
+- DRM_DEBUG("allocated %d %d byte urbs\n", i, (int) size); |
1930 |
++ DRM_DEBUG("allocated %d %d byte urbs\n", udl->urbs.count, (int) size); |
1931 |
+ |
1932 |
+- return i; |
1933 |
++ return udl->urbs.count; |
1934 |
+ } |
1935 |
+ |
1936 |
+ struct urb *udl_get_urb(struct drm_device *dev) |
1937 |
+diff --git a/drivers/gpu/drm/udl/udl_transfer.c b/drivers/gpu/drm/udl/udl_transfer.c |
1938 |
+index b992644c17e6..f3331d33547a 100644 |
1939 |
+--- a/drivers/gpu/drm/udl/udl_transfer.c |
1940 |
++++ b/drivers/gpu/drm/udl/udl_transfer.c |
1941 |
+@@ -83,12 +83,12 @@ static inline u16 pixel32_to_be16(const uint32_t pixel) |
1942 |
+ ((pixel >> 8) & 0xf800)); |
1943 |
+ } |
1944 |
+ |
1945 |
+-static inline u16 get_pixel_val16(const uint8_t *pixel, int bpp) |
1946 |
++static inline u16 get_pixel_val16(const uint8_t *pixel, int log_bpp) |
1947 |
+ { |
1948 |
+- u16 pixel_val16 = 0; |
1949 |
+- if (bpp == 2) |
1950 |
++ u16 pixel_val16; |
1951 |
++ if (log_bpp == 1) |
1952 |
+ pixel_val16 = *(const uint16_t *)pixel; |
1953 |
+- else if (bpp == 4) |
1954 |
++ else |
1955 |
+ pixel_val16 = pixel32_to_be16(*(const uint32_t *)pixel); |
1956 |
+ return pixel_val16; |
1957 |
+ } |
1958 |
+@@ -125,8 +125,9 @@ static void udl_compress_hline16( |
1959 |
+ const u8 *const pixel_end, |
1960 |
+ uint32_t *device_address_ptr, |
1961 |
+ uint8_t **command_buffer_ptr, |
1962 |
+- const uint8_t *const cmd_buffer_end, int bpp) |
1963 |
++ const uint8_t *const cmd_buffer_end, int log_bpp) |
1964 |
+ { |
1965 |
++ const int bpp = 1 << log_bpp; |
1966 |
+ const u8 *pixel = *pixel_start_ptr; |
1967 |
+ uint32_t dev_addr = *device_address_ptr; |
1968 |
+ uint8_t *cmd = *command_buffer_ptr; |
1969 |
+@@ -153,12 +154,12 @@ static void udl_compress_hline16( |
1970 |
+ raw_pixels_count_byte = cmd++; /* we'll know this later */ |
1971 |
+ raw_pixel_start = pixel; |
1972 |
+ |
1973 |
+- cmd_pixel_end = pixel + min3(MAX_CMD_PIXELS + 1UL, |
1974 |
+- (unsigned long)(pixel_end - pixel) / bpp, |
1975 |
+- (unsigned long)(cmd_buffer_end - 1 - cmd) / 2) * bpp; |
1976 |
++ cmd_pixel_end = pixel + (min3(MAX_CMD_PIXELS + 1UL, |
1977 |
++ (unsigned long)(pixel_end - pixel) >> log_bpp, |
1978 |
++ (unsigned long)(cmd_buffer_end - 1 - cmd) / 2) << log_bpp); |
1979 |
+ |
1980 |
+ prefetch_range((void *) pixel, cmd_pixel_end - pixel); |
1981 |
+- pixel_val16 = get_pixel_val16(pixel, bpp); |
1982 |
++ pixel_val16 = get_pixel_val16(pixel, log_bpp); |
1983 |
+ |
1984 |
+ while (pixel < cmd_pixel_end) { |
1985 |
+ const u8 *const start = pixel; |
1986 |
+@@ -170,7 +171,7 @@ static void udl_compress_hline16( |
1987 |
+ pixel += bpp; |
1988 |
+ |
1989 |
+ while (pixel < cmd_pixel_end) { |
1990 |
+- pixel_val16 = get_pixel_val16(pixel, bpp); |
1991 |
++ pixel_val16 = get_pixel_val16(pixel, log_bpp); |
1992 |
+ if (pixel_val16 != repeating_pixel_val16) |
1993 |
+ break; |
1994 |
+ pixel += bpp; |
1995 |
+@@ -179,10 +180,10 @@ static void udl_compress_hline16( |
1996 |
+ if (unlikely(pixel > start + bpp)) { |
1997 |
+ /* go back and fill in raw pixel count */ |
1998 |
+ *raw_pixels_count_byte = (((start - |
1999 |
+- raw_pixel_start) / bpp) + 1) & 0xFF; |
2000 |
++ raw_pixel_start) >> log_bpp) + 1) & 0xFF; |
2001 |
+ |
2002 |
+ /* immediately after raw data is repeat byte */ |
2003 |
+- *cmd++ = (((pixel - start) / bpp) - 1) & 0xFF; |
2004 |
++ *cmd++ = (((pixel - start) >> log_bpp) - 1) & 0xFF; |
2005 |
+ |
2006 |
+ /* Then start another raw pixel span */ |
2007 |
+ raw_pixel_start = pixel; |
2008 |
+@@ -192,14 +193,14 @@ static void udl_compress_hline16( |
2009 |
+ |
2010 |
+ if (pixel > raw_pixel_start) { |
2011 |
+ /* finalize last RAW span */ |
2012 |
+- *raw_pixels_count_byte = ((pixel-raw_pixel_start) / bpp) & 0xFF; |
2013 |
++ *raw_pixels_count_byte = ((pixel - raw_pixel_start) >> log_bpp) & 0xFF; |
2014 |
+ } else { |
2015 |
+ /* undo unused byte */ |
2016 |
+ cmd--; |
2017 |
+ } |
2018 |
+ |
2019 |
+- *cmd_pixels_count_byte = ((pixel - cmd_pixel_start) / bpp) & 0xFF; |
2020 |
+- dev_addr += ((pixel - cmd_pixel_start) / bpp) * 2; |
2021 |
++ *cmd_pixels_count_byte = ((pixel - cmd_pixel_start) >> log_bpp) & 0xFF; |
2022 |
++ dev_addr += ((pixel - cmd_pixel_start) >> log_bpp) * 2; |
2023 |
+ } |
2024 |
+ |
2025 |
+ if (cmd_buffer_end <= MIN_RLX_CMD_BYTES + cmd) { |
2026 |
+@@ -222,19 +223,19 @@ static void udl_compress_hline16( |
2027 |
+ * (that we can only write to, slowly, and can never read), and (optionally) |
2028 |
+ * our shadow copy that tracks what's been sent to that hardware buffer. |
2029 |
+ */ |
2030 |
+-int udl_render_hline(struct drm_device *dev, int bpp, struct urb **urb_ptr, |
2031 |
++int udl_render_hline(struct drm_device *dev, int log_bpp, struct urb **urb_ptr, |
2032 |
+ const char *front, char **urb_buf_ptr, |
2033 |
+ u32 byte_offset, u32 device_byte_offset, |
2034 |
+ u32 byte_width, |
2035 |
+ int *ident_ptr, int *sent_ptr) |
2036 |
+ { |
2037 |
+ const u8 *line_start, *line_end, *next_pixel; |
2038 |
+- u32 base16 = 0 + (device_byte_offset / bpp) * 2; |
2039 |
++ u32 base16 = 0 + (device_byte_offset >> log_bpp) * 2; |
2040 |
+ struct urb *urb = *urb_ptr; |
2041 |
+ u8 *cmd = *urb_buf_ptr; |
2042 |
+ u8 *cmd_end = (u8 *) urb->transfer_buffer + urb->transfer_buffer_length; |
2043 |
+ |
2044 |
+- BUG_ON(!(bpp == 2 || bpp == 4)); |
2045 |
++ BUG_ON(!(log_bpp == 1 || log_bpp == 2)); |
2046 |
+ |
2047 |
+ line_start = (u8 *) (front + byte_offset); |
2048 |
+ next_pixel = line_start; |
2049 |
+@@ -244,7 +245,7 @@ int udl_render_hline(struct drm_device *dev, int bpp, struct urb **urb_ptr, |
2050 |
+ |
2051 |
+ udl_compress_hline16(&next_pixel, |
2052 |
+ line_end, &base16, |
2053 |
+- (u8 **) &cmd, (u8 *) cmd_end, bpp); |
2054 |
++ (u8 **) &cmd, (u8 *) cmd_end, log_bpp); |
2055 |
+ |
2056 |
+ if (cmd >= cmd_end) { |
2057 |
+ int len = cmd - (u8 *) urb->transfer_buffer; |
2058 |
+diff --git a/drivers/hwmon/k10temp.c b/drivers/hwmon/k10temp.c |
2059 |
+index 17c6460ae351..577e2ede5a1a 100644 |
2060 |
+--- a/drivers/hwmon/k10temp.c |
2061 |
++++ b/drivers/hwmon/k10temp.c |
2062 |
+@@ -105,6 +105,8 @@ static const struct tctl_offset tctl_offset_table[] = { |
2063 |
+ { 0x17, "AMD Ryzen Threadripper 1950", 10000 }, |
2064 |
+ { 0x17, "AMD Ryzen Threadripper 1920", 10000 }, |
2065 |
+ { 0x17, "AMD Ryzen Threadripper 1910", 10000 }, |
2066 |
++ { 0x17, "AMD Ryzen Threadripper 2950X", 27000 }, |
2067 |
++ { 0x17, "AMD Ryzen Threadripper 2990WX", 27000 }, |
2068 |
+ }; |
2069 |
+ |
2070 |
+ static void read_htcreg_pci(struct pci_dev *pdev, u32 *regval) |
2071 |
+diff --git a/drivers/hwmon/nct6775.c b/drivers/hwmon/nct6775.c |
2072 |
+index f9d1349c3286..b89e8379d898 100644 |
2073 |
+--- a/drivers/hwmon/nct6775.c |
2074 |
++++ b/drivers/hwmon/nct6775.c |
2075 |
+@@ -63,6 +63,7 @@ |
2076 |
+ #include <linux/bitops.h> |
2077 |
+ #include <linux/dmi.h> |
2078 |
+ #include <linux/io.h> |
2079 |
++#include <linux/nospec.h> |
2080 |
+ #include "lm75.h" |
2081 |
+ |
2082 |
+ #define USE_ALTERNATE |
2083 |
+@@ -2689,6 +2690,7 @@ store_pwm_weight_temp_sel(struct device *dev, struct device_attribute *attr, |
2084 |
+ return err; |
2085 |
+ if (val > NUM_TEMP) |
2086 |
+ return -EINVAL; |
2087 |
++ val = array_index_nospec(val, NUM_TEMP + 1); |
2088 |
+ if (val && (!(data->have_temp & BIT(val - 1)) || |
2089 |
+ !data->temp_src[val - 1])) |
2090 |
+ return -EINVAL; |
2091 |
+diff --git a/drivers/iommu/arm-smmu.c b/drivers/iommu/arm-smmu.c |
2092 |
+index f7a96bcf94a6..5349e22b5c78 100644 |
2093 |
+--- a/drivers/iommu/arm-smmu.c |
2094 |
++++ b/drivers/iommu/arm-smmu.c |
2095 |
+@@ -2103,12 +2103,16 @@ static int arm_smmu_device_probe(struct platform_device *pdev) |
2096 |
+ if (err) |
2097 |
+ return err; |
2098 |
+ |
2099 |
+- if (smmu->version == ARM_SMMU_V2 && |
2100 |
+- smmu->num_context_banks != smmu->num_context_irqs) { |
2101 |
+- dev_err(dev, |
2102 |
+- "found only %d context interrupt(s) but %d required\n", |
2103 |
+- smmu->num_context_irqs, smmu->num_context_banks); |
2104 |
+- return -ENODEV; |
2105 |
++ if (smmu->version == ARM_SMMU_V2) { |
2106 |
++ if (smmu->num_context_banks > smmu->num_context_irqs) { |
2107 |
++ dev_err(dev, |
2108 |
++ "found only %d context irq(s) but %d required\n", |
2109 |
++ smmu->num_context_irqs, smmu->num_context_banks); |
2110 |
++ return -ENODEV; |
2111 |
++ } |
2112 |
++ |
2113 |
++ /* Ignore superfluous interrupts */ |
2114 |
++ smmu->num_context_irqs = smmu->num_context_banks; |
2115 |
+ } |
2116 |
+ |
2117 |
+ for (i = 0; i < smmu->num_global_irqs; ++i) { |
2118 |
+diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c |
2119 |
+index 7465f17e1559..38175ebd92d4 100644 |
2120 |
+--- a/drivers/misc/mei/main.c |
2121 |
++++ b/drivers/misc/mei/main.c |
2122 |
+@@ -312,7 +312,6 @@ static ssize_t mei_write(struct file *file, const char __user *ubuf, |
2123 |
+ } |
2124 |
+ } |
2125 |
+ |
2126 |
+- *offset = 0; |
2127 |
+ cb = mei_cl_alloc_cb(cl, length, MEI_FOP_WRITE, file); |
2128 |
+ if (!cb) { |
2129 |
+ rets = -ENOMEM; |
2130 |
+diff --git a/drivers/mtd/nand/raw/fsmc_nand.c b/drivers/mtd/nand/raw/fsmc_nand.c |
2131 |
+index f4a5a317d4ae..e1086a010b88 100644 |
2132 |
+--- a/drivers/mtd/nand/raw/fsmc_nand.c |
2133 |
++++ b/drivers/mtd/nand/raw/fsmc_nand.c |
2134 |
+@@ -740,7 +740,7 @@ static int fsmc_read_page_hwecc(struct mtd_info *mtd, struct nand_chip *chip, |
2135 |
+ for (i = 0, s = 0; s < eccsteps; s++, i += eccbytes, p += eccsize) { |
2136 |
+ nand_read_page_op(chip, page, s * eccsize, NULL, 0); |
2137 |
+ chip->ecc.hwctl(mtd, NAND_ECC_READ); |
2138 |
+- chip->read_buf(mtd, p, eccsize); |
2139 |
++ nand_read_data_op(chip, p, eccsize, false); |
2140 |
+ |
2141 |
+ for (j = 0; j < eccbytes;) { |
2142 |
+ struct mtd_oob_region oobregion; |
2143 |
+diff --git a/drivers/mtd/nand/raw/marvell_nand.c b/drivers/mtd/nand/raw/marvell_nand.c |
2144 |
+index ebb1d141b900..c88588815ca1 100644 |
2145 |
+--- a/drivers/mtd/nand/raw/marvell_nand.c |
2146 |
++++ b/drivers/mtd/nand/raw/marvell_nand.c |
2147 |
+@@ -2677,6 +2677,21 @@ static int marvell_nfc_init_dma(struct marvell_nfc *nfc) |
2148 |
+ return 0; |
2149 |
+ } |
2150 |
+ |
2151 |
++static void marvell_nfc_reset(struct marvell_nfc *nfc) |
2152 |
++{ |
2153 |
++ /* |
2154 |
++ * ECC operations and interruptions are only enabled when specifically |
2155 |
++ * needed. ECC shall not be activated in the early stages (fails probe). |
2156 |
++ * Arbiter flag, even if marked as "reserved", must be set (empirical). |
2157 |
++ * SPARE_EN bit must always be set or ECC bytes will not be at the same |
2158 |
++ * offset in the read page and this will fail the protection. |
2159 |
++ */ |
2160 |
++ writel_relaxed(NDCR_ALL_INT | NDCR_ND_ARB_EN | NDCR_SPARE_EN | |
2161 |
++ NDCR_RD_ID_CNT(NFCV1_READID_LEN), nfc->regs + NDCR); |
2162 |
++ writel_relaxed(0xFFFFFFFF, nfc->regs + NDSR); |
2163 |
++ writel_relaxed(0, nfc->regs + NDECCCTRL); |
2164 |
++} |
2165 |
++ |
2166 |
+ static int marvell_nfc_init(struct marvell_nfc *nfc) |
2167 |
+ { |
2168 |
+ struct device_node *np = nfc->dev->of_node; |
2169 |
+@@ -2715,17 +2730,7 @@ static int marvell_nfc_init(struct marvell_nfc *nfc) |
2170 |
+ if (!nfc->caps->is_nfcv2) |
2171 |
+ marvell_nfc_init_dma(nfc); |
2172 |
+ |
2173 |
+- /* |
2174 |
+- * ECC operations and interruptions are only enabled when specifically |
2175 |
+- * needed. ECC shall not be activated in the early stages (fails probe). |
2176 |
+- * Arbiter flag, even if marked as "reserved", must be set (empirical). |
2177 |
+- * SPARE_EN bit must always be set or ECC bytes will not be at the same |
2178 |
+- * offset in the read page and this will fail the protection. |
2179 |
+- */ |
2180 |
+- writel_relaxed(NDCR_ALL_INT | NDCR_ND_ARB_EN | NDCR_SPARE_EN | |
2181 |
+- NDCR_RD_ID_CNT(NFCV1_READID_LEN), nfc->regs + NDCR); |
2182 |
+- writel_relaxed(0xFFFFFFFF, nfc->regs + NDSR); |
2183 |
+- writel_relaxed(0, nfc->regs + NDECCCTRL); |
2184 |
++ marvell_nfc_reset(nfc); |
2185 |
+ |
2186 |
+ return 0; |
2187 |
+ } |
2188 |
+@@ -2840,6 +2845,51 @@ static int marvell_nfc_remove(struct platform_device *pdev) |
2189 |
+ return 0; |
2190 |
+ } |
2191 |
+ |
2192 |
++static int __maybe_unused marvell_nfc_suspend(struct device *dev) |
2193 |
++{ |
2194 |
++ struct marvell_nfc *nfc = dev_get_drvdata(dev); |
2195 |
++ struct marvell_nand_chip *chip; |
2196 |
++ |
2197 |
++ list_for_each_entry(chip, &nfc->chips, node) |
2198 |
++ marvell_nfc_wait_ndrun(&chip->chip); |
2199 |
++ |
2200 |
++ clk_disable_unprepare(nfc->reg_clk); |
2201 |
++ clk_disable_unprepare(nfc->core_clk); |
2202 |
++ |
2203 |
++ return 0; |
2204 |
++} |
2205 |
++ |
2206 |
++static int __maybe_unused marvell_nfc_resume(struct device *dev) |
2207 |
++{ |
2208 |
++ struct marvell_nfc *nfc = dev_get_drvdata(dev); |
2209 |
++ int ret; |
2210 |
++ |
2211 |
++ ret = clk_prepare_enable(nfc->core_clk); |
2212 |
++ if (ret < 0) |
2213 |
++ return ret; |
2214 |
++ |
2215 |
++ if (!IS_ERR(nfc->reg_clk)) { |
2216 |
++ ret = clk_prepare_enable(nfc->reg_clk); |
2217 |
++ if (ret < 0) |
2218 |
++ return ret; |
2219 |
++ } |
2220 |
++ |
2221 |
++ /* |
2222 |
++ * Reset nfc->selected_chip so the next command will cause the timing |
2223 |
++ * registers to be restored in marvell_nfc_select_chip(). |
2224 |
++ */ |
2225 |
++ nfc->selected_chip = NULL; |
2226 |
++ |
2227 |
++ /* Reset registers that have lost their contents */ |
2228 |
++ marvell_nfc_reset(nfc); |
2229 |
++ |
2230 |
++ return 0; |
2231 |
++} |
2232 |
++ |
2233 |
++static const struct dev_pm_ops marvell_nfc_pm_ops = { |
2234 |
++ SET_SYSTEM_SLEEP_PM_OPS(marvell_nfc_suspend, marvell_nfc_resume) |
2235 |
++}; |
2236 |
++ |
2237 |
+ static const struct marvell_nfc_caps marvell_armada_8k_nfc_caps = { |
2238 |
+ .max_cs_nb = 4, |
2239 |
+ .max_rb_nb = 2, |
2240 |
+@@ -2924,6 +2974,7 @@ static struct platform_driver marvell_nfc_driver = { |
2241 |
+ .driver = { |
2242 |
+ .name = "marvell-nfc", |
2243 |
+ .of_match_table = marvell_nfc_of_ids, |
2244 |
++ .pm = &marvell_nfc_pm_ops, |
2245 |
+ }, |
2246 |
+ .id_table = marvell_nfc_platform_ids, |
2247 |
+ .probe = marvell_nfc_probe, |
2248 |
+diff --git a/drivers/mtd/nand/raw/nand_hynix.c b/drivers/mtd/nand/raw/nand_hynix.c |
2249 |
+index d542908a0ebb..766df4134482 100644 |
2250 |
+--- a/drivers/mtd/nand/raw/nand_hynix.c |
2251 |
++++ b/drivers/mtd/nand/raw/nand_hynix.c |
2252 |
+@@ -100,6 +100,16 @@ static int hynix_nand_reg_write_op(struct nand_chip *chip, u8 addr, u8 val) |
2253 |
+ struct mtd_info *mtd = nand_to_mtd(chip); |
2254 |
+ u16 column = ((u16)addr << 8) | addr; |
2255 |
+ |
2256 |
++ if (chip->exec_op) { |
2257 |
++ struct nand_op_instr instrs[] = { |
2258 |
++ NAND_OP_ADDR(1, &addr, 0), |
2259 |
++ NAND_OP_8BIT_DATA_OUT(1, &val, 0), |
2260 |
++ }; |
2261 |
++ struct nand_operation op = NAND_OPERATION(instrs); |
2262 |
++ |
2263 |
++ return nand_exec_op(chip, &op); |
2264 |
++ } |
2265 |
++ |
2266 |
+ chip->cmdfunc(mtd, NAND_CMD_NONE, column, -1); |
2267 |
+ chip->write_byte(mtd, val); |
2268 |
+ |
2269 |
+diff --git a/drivers/mtd/nand/raw/qcom_nandc.c b/drivers/mtd/nand/raw/qcom_nandc.c |
2270 |
+index 6a5519f0ff25..49b4e70fefe7 100644 |
2271 |
+--- a/drivers/mtd/nand/raw/qcom_nandc.c |
2272 |
++++ b/drivers/mtd/nand/raw/qcom_nandc.c |
2273 |
+@@ -213,6 +213,8 @@ nandc_set_reg(nandc, NAND_READ_LOCATION_##reg, \ |
2274 |
+ #define QPIC_PER_CW_CMD_SGL 32 |
2275 |
+ #define QPIC_PER_CW_DATA_SGL 8 |
2276 |
+ |
2277 |
++#define QPIC_NAND_COMPLETION_TIMEOUT msecs_to_jiffies(2000) |
2278 |
++ |
2279 |
+ /* |
2280 |
+ * Flags used in DMA descriptor preparation helper functions |
2281 |
+ * (i.e. read_reg_dma/write_reg_dma/read_data_dma/write_data_dma) |
2282 |
+@@ -245,6 +247,11 @@ nandc_set_reg(nandc, NAND_READ_LOCATION_##reg, \ |
2283 |
+ * @tx_sgl_start - start index in data sgl for tx. |
2284 |
+ * @rx_sgl_pos - current index in data sgl for rx. |
2285 |
+ * @rx_sgl_start - start index in data sgl for rx. |
2286 |
++ * @wait_second_completion - wait for second DMA desc completion before making |
2287 |
++ * the NAND transfer completion. |
2288 |
++ * @txn_done - completion for NAND transfer. |
2289 |
++ * @last_data_desc - last DMA desc in data channel (tx/rx). |
2290 |
++ * @last_cmd_desc - last DMA desc in command channel. |
2291 |
+ */ |
2292 |
+ struct bam_transaction { |
2293 |
+ struct bam_cmd_element *bam_ce; |
2294 |
+@@ -258,6 +265,10 @@ struct bam_transaction { |
2295 |
+ u32 tx_sgl_start; |
2296 |
+ u32 rx_sgl_pos; |
2297 |
+ u32 rx_sgl_start; |
2298 |
++ bool wait_second_completion; |
2299 |
++ struct completion txn_done; |
2300 |
++ struct dma_async_tx_descriptor *last_data_desc; |
2301 |
++ struct dma_async_tx_descriptor *last_cmd_desc; |
2302 |
+ }; |
2303 |
+ |
2304 |
+ /* |
2305 |
+@@ -504,6 +515,8 @@ alloc_bam_transaction(struct qcom_nand_controller *nandc) |
2306 |
+ |
2307 |
+ bam_txn->data_sgl = bam_txn_buf; |
2308 |
+ |
2309 |
++ init_completion(&bam_txn->txn_done); |
2310 |
++ |
2311 |
+ return bam_txn; |
2312 |
+ } |
2313 |
+ |
2314 |
+@@ -523,11 +536,33 @@ static void clear_bam_transaction(struct qcom_nand_controller *nandc) |
2315 |
+ bam_txn->tx_sgl_start = 0; |
2316 |
+ bam_txn->rx_sgl_pos = 0; |
2317 |
+ bam_txn->rx_sgl_start = 0; |
2318 |
++ bam_txn->last_data_desc = NULL; |
2319 |
++ bam_txn->wait_second_completion = false; |
2320 |
+ |
2321 |
+ sg_init_table(bam_txn->cmd_sgl, nandc->max_cwperpage * |
2322 |
+ QPIC_PER_CW_CMD_SGL); |
2323 |
+ sg_init_table(bam_txn->data_sgl, nandc->max_cwperpage * |
2324 |
+ QPIC_PER_CW_DATA_SGL); |
2325 |
++ |
2326 |
++ reinit_completion(&bam_txn->txn_done); |
2327 |
++} |
2328 |
++ |
2329 |
++/* Callback for DMA descriptor completion */ |
2330 |
++static void qpic_bam_dma_done(void *data) |
2331 |
++{ |
2332 |
++ struct bam_transaction *bam_txn = data; |
2333 |
++ |
2334 |
++ /* |
2335 |
++ * In case of data transfer with NAND, 2 callbacks will be generated. |
2336 |
++ * One for command channel and another one for data channel. |
2337 |
++ * If current transaction has data descriptors |
2338 |
++ * (i.e. wait_second_completion is true), then set this to false |
2339 |
++ * and wait for second DMA descriptor completion. |
2340 |
++ */ |
2341 |
++ if (bam_txn->wait_second_completion) |
2342 |
++ bam_txn->wait_second_completion = false; |
2343 |
++ else |
2344 |
++ complete(&bam_txn->txn_done); |
2345 |
+ } |
2346 |
+ |
2347 |
+ static inline struct qcom_nand_host *to_qcom_nand_host(struct nand_chip *chip) |
2348 |
+@@ -756,6 +791,12 @@ static int prepare_bam_async_desc(struct qcom_nand_controller *nandc, |
2349 |
+ |
2350 |
+ desc->dma_desc = dma_desc; |
2351 |
+ |
2352 |
++ /* update last data/command descriptor */ |
2353 |
++ if (chan == nandc->cmd_chan) |
2354 |
++ bam_txn->last_cmd_desc = dma_desc; |
2355 |
++ else |
2356 |
++ bam_txn->last_data_desc = dma_desc; |
2357 |
++ |
2358 |
+ list_add_tail(&desc->node, &nandc->desc_list); |
2359 |
+ |
2360 |
+ return 0; |
2361 |
+@@ -1273,10 +1314,20 @@ static int submit_descs(struct qcom_nand_controller *nandc) |
2362 |
+ cookie = dmaengine_submit(desc->dma_desc); |
2363 |
+ |
2364 |
+ if (nandc->props->is_bam) { |
2365 |
++ bam_txn->last_cmd_desc->callback = qpic_bam_dma_done; |
2366 |
++ bam_txn->last_cmd_desc->callback_param = bam_txn; |
2367 |
++ if (bam_txn->last_data_desc) { |
2368 |
++ bam_txn->last_data_desc->callback = qpic_bam_dma_done; |
2369 |
++ bam_txn->last_data_desc->callback_param = bam_txn; |
2370 |
++ bam_txn->wait_second_completion = true; |
2371 |
++ } |
2372 |
++ |
2373 |
+ dma_async_issue_pending(nandc->tx_chan); |
2374 |
+ dma_async_issue_pending(nandc->rx_chan); |
2375 |
++ dma_async_issue_pending(nandc->cmd_chan); |
2376 |
+ |
2377 |
+- if (dma_sync_wait(nandc->cmd_chan, cookie) != DMA_COMPLETE) |
2378 |
++ if (!wait_for_completion_timeout(&bam_txn->txn_done, |
2379 |
++ QPIC_NAND_COMPLETION_TIMEOUT)) |
2380 |
+ return -ETIMEDOUT; |
2381 |
+ } else { |
2382 |
+ if (dma_sync_wait(nandc->chan, cookie) != DMA_COMPLETE) |
2383 |
+diff --git a/drivers/net/wireless/broadcom/b43/leds.c b/drivers/net/wireless/broadcom/b43/leds.c |
2384 |
+index cb987c2ecc6b..87131f663292 100644 |
2385 |
+--- a/drivers/net/wireless/broadcom/b43/leds.c |
2386 |
++++ b/drivers/net/wireless/broadcom/b43/leds.c |
2387 |
+@@ -131,7 +131,7 @@ static int b43_register_led(struct b43_wldev *dev, struct b43_led *led, |
2388 |
+ led->wl = dev->wl; |
2389 |
+ led->index = led_index; |
2390 |
+ led->activelow = activelow; |
2391 |
+- strncpy(led->name, name, sizeof(led->name)); |
2392 |
++ strlcpy(led->name, name, sizeof(led->name)); |
2393 |
+ atomic_set(&led->state, 0); |
2394 |
+ |
2395 |
+ led->led_dev.name = led->name; |
2396 |
+diff --git a/drivers/net/wireless/broadcom/b43legacy/leds.c b/drivers/net/wireless/broadcom/b43legacy/leds.c |
2397 |
+index fd4565389c77..bc922118b6ac 100644 |
2398 |
+--- a/drivers/net/wireless/broadcom/b43legacy/leds.c |
2399 |
++++ b/drivers/net/wireless/broadcom/b43legacy/leds.c |
2400 |
+@@ -101,7 +101,7 @@ static int b43legacy_register_led(struct b43legacy_wldev *dev, |
2401 |
+ led->dev = dev; |
2402 |
+ led->index = led_index; |
2403 |
+ led->activelow = activelow; |
2404 |
+- strncpy(led->name, name, sizeof(led->name)); |
2405 |
++ strlcpy(led->name, name, sizeof(led->name)); |
2406 |
+ |
2407 |
+ led->led_dev.name = led->name; |
2408 |
+ led->led_dev.default_trigger = default_trigger; |
2409 |
+diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c |
2410 |
+index ddd441b1516a..e10b0d20c4a7 100644 |
2411 |
+--- a/drivers/nvme/host/pci.c |
2412 |
++++ b/drivers/nvme/host/pci.c |
2413 |
+@@ -316,6 +316,14 @@ static bool nvme_dbbuf_update_and_check_event(u16 value, u32 *dbbuf_db, |
2414 |
+ old_value = *dbbuf_db; |
2415 |
+ *dbbuf_db = value; |
2416 |
+ |
2417 |
++ /* |
2418 |
++ * Ensure that the doorbell is updated before reading the event |
2419 |
++ * index from memory. The controller needs to provide similar |
2420 |
++ * ordering to ensure the envent index is updated before reading |
2421 |
++ * the doorbell. |
2422 |
++ */ |
2423 |
++ mb(); |
2424 |
++ |
2425 |
+ if (!nvme_dbbuf_need_event(*dbbuf_ei, value, old_value)) |
2426 |
+ return false; |
2427 |
+ } |
2428 |
+diff --git a/drivers/pinctrl/freescale/pinctrl-imx1-core.c b/drivers/pinctrl/freescale/pinctrl-imx1-core.c |
2429 |
+index c3bdd90b1422..deb7870b3d1a 100644 |
2430 |
+--- a/drivers/pinctrl/freescale/pinctrl-imx1-core.c |
2431 |
++++ b/drivers/pinctrl/freescale/pinctrl-imx1-core.c |
2432 |
+@@ -429,7 +429,7 @@ static void imx1_pinconf_group_dbg_show(struct pinctrl_dev *pctldev, |
2433 |
+ const char *name; |
2434 |
+ int i, ret; |
2435 |
+ |
2436 |
+- if (group > info->ngroups) |
2437 |
++ if (group >= info->ngroups) |
2438 |
+ return; |
2439 |
+ |
2440 |
+ seq_puts(s, "\n"); |
2441 |
+diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c |
2442 |
+index 45b7cb01f410..307403decf76 100644 |
2443 |
+--- a/drivers/platform/x86/ideapad-laptop.c |
2444 |
++++ b/drivers/platform/x86/ideapad-laptop.c |
2445 |
+@@ -1133,10 +1133,10 @@ static const struct dmi_system_id no_hw_rfkill_list[] = { |
2446 |
+ }, |
2447 |
+ }, |
2448 |
+ { |
2449 |
+- .ident = "Lenovo Legion Y520-15IKBN", |
2450 |
++ .ident = "Lenovo Legion Y520-15IKB", |
2451 |
+ .matches = { |
2452 |
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), |
2453 |
+- DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Y520-15IKBN"), |
2454 |
++ DMI_MATCH(DMI_PRODUCT_VERSION, "Lenovo Y520-15IKB"), |
2455 |
+ }, |
2456 |
+ }, |
2457 |
+ { |
2458 |
+diff --git a/drivers/platform/x86/wmi.c b/drivers/platform/x86/wmi.c |
2459 |
+index 8e3d0146ff8c..04791ea5d97b 100644 |
2460 |
+--- a/drivers/platform/x86/wmi.c |
2461 |
++++ b/drivers/platform/x86/wmi.c |
2462 |
+@@ -895,7 +895,6 @@ static int wmi_dev_probe(struct device *dev) |
2463 |
+ struct wmi_driver *wdriver = |
2464 |
+ container_of(dev->driver, struct wmi_driver, driver); |
2465 |
+ int ret = 0; |
2466 |
+- int count; |
2467 |
+ char *buf; |
2468 |
+ |
2469 |
+ if (ACPI_FAILURE(wmi_method_enable(wblock, 1))) |
2470 |
+@@ -917,9 +916,8 @@ static int wmi_dev_probe(struct device *dev) |
2471 |
+ goto probe_failure; |
2472 |
+ } |
2473 |
+ |
2474 |
+- count = get_order(wblock->req_buf_size); |
2475 |
+- wblock->handler_data = (void *)__get_free_pages(GFP_KERNEL, |
2476 |
+- count); |
2477 |
++ wblock->handler_data = kmalloc(wblock->req_buf_size, |
2478 |
++ GFP_KERNEL); |
2479 |
+ if (!wblock->handler_data) { |
2480 |
+ ret = -ENOMEM; |
2481 |
+ goto probe_failure; |
2482 |
+@@ -964,8 +962,7 @@ static int wmi_dev_remove(struct device *dev) |
2483 |
+ if (wdriver->filter_callback) { |
2484 |
+ misc_deregister(&wblock->char_dev); |
2485 |
+ kfree(wblock->char_dev.name); |
2486 |
+- free_pages((unsigned long)wblock->handler_data, |
2487 |
+- get_order(wblock->req_buf_size)); |
2488 |
++ kfree(wblock->handler_data); |
2489 |
+ } |
2490 |
+ |
2491 |
+ if (wdriver->remove) |
2492 |
+diff --git a/drivers/power/supply/generic-adc-battery.c b/drivers/power/supply/generic-adc-battery.c |
2493 |
+index 28dc056eaafa..bc462d1ec963 100644 |
2494 |
+--- a/drivers/power/supply/generic-adc-battery.c |
2495 |
++++ b/drivers/power/supply/generic-adc-battery.c |
2496 |
+@@ -241,10 +241,10 @@ static int gab_probe(struct platform_device *pdev) |
2497 |
+ struct power_supply_desc *psy_desc; |
2498 |
+ struct power_supply_config psy_cfg = {}; |
2499 |
+ struct gab_platform_data *pdata = pdev->dev.platform_data; |
2500 |
+- enum power_supply_property *properties; |
2501 |
+ int ret = 0; |
2502 |
+ int chan; |
2503 |
+- int index = 0; |
2504 |
++ int index = ARRAY_SIZE(gab_props); |
2505 |
++ bool any = false; |
2506 |
+ |
2507 |
+ adc_bat = devm_kzalloc(&pdev->dev, sizeof(*adc_bat), GFP_KERNEL); |
2508 |
+ if (!adc_bat) { |
2509 |
+@@ -278,8 +278,6 @@ static int gab_probe(struct platform_device *pdev) |
2510 |
+ } |
2511 |
+ |
2512 |
+ memcpy(psy_desc->properties, gab_props, sizeof(gab_props)); |
2513 |
+- properties = (enum power_supply_property *) |
2514 |
+- ((char *)psy_desc->properties + sizeof(gab_props)); |
2515 |
+ |
2516 |
+ /* |
2517 |
+ * getting channel from iio and copying the battery properties |
2518 |
+@@ -293,15 +291,22 @@ static int gab_probe(struct platform_device *pdev) |
2519 |
+ adc_bat->channel[chan] = NULL; |
2520 |
+ } else { |
2521 |
+ /* copying properties for supported channels only */ |
2522 |
+- memcpy(properties + sizeof(*(psy_desc->properties)) * index, |
2523 |
+- &gab_dyn_props[chan], |
2524 |
+- sizeof(gab_dyn_props[chan])); |
2525 |
+- index++; |
2526 |
++ int index2; |
2527 |
++ |
2528 |
++ for (index2 = 0; index2 < index; index2++) { |
2529 |
++ if (psy_desc->properties[index2] == |
2530 |
++ gab_dyn_props[chan]) |
2531 |
++ break; /* already known */ |
2532 |
++ } |
2533 |
++ if (index2 == index) /* really new */ |
2534 |
++ psy_desc->properties[index++] = |
2535 |
++ gab_dyn_props[chan]; |
2536 |
++ any = true; |
2537 |
+ } |
2538 |
+ } |
2539 |
+ |
2540 |
+ /* none of the channels are supported so let's bail out */ |
2541 |
+- if (index == 0) { |
2542 |
++ if (!any) { |
2543 |
+ ret = -ENODEV; |
2544 |
+ goto second_mem_fail; |
2545 |
+ } |
2546 |
+@@ -312,7 +317,7 @@ static int gab_probe(struct platform_device *pdev) |
2547 |
+ * as come channels may be not be supported by the device.So |
2548 |
+ * we need to take care of that. |
2549 |
+ */ |
2550 |
+- psy_desc->num_properties = ARRAY_SIZE(gab_props) + index; |
2551 |
++ psy_desc->num_properties = index; |
2552 |
+ |
2553 |
+ adc_bat->psy = power_supply_register(&pdev->dev, psy_desc, &psy_cfg); |
2554 |
+ if (IS_ERR(adc_bat->psy)) { |
2555 |
+diff --git a/drivers/regulator/arizona-ldo1.c b/drivers/regulator/arizona-ldo1.c |
2556 |
+index f6d6a4ad9e8a..e976d073f28d 100644 |
2557 |
+--- a/drivers/regulator/arizona-ldo1.c |
2558 |
++++ b/drivers/regulator/arizona-ldo1.c |
2559 |
+@@ -36,6 +36,8 @@ struct arizona_ldo1 { |
2560 |
+ |
2561 |
+ struct regulator_consumer_supply supply; |
2562 |
+ struct regulator_init_data init_data; |
2563 |
++ |
2564 |
++ struct gpio_desc *ena_gpiod; |
2565 |
+ }; |
2566 |
+ |
2567 |
+ static int arizona_ldo1_hc_list_voltage(struct regulator_dev *rdev, |
2568 |
+@@ -253,12 +255,17 @@ static int arizona_ldo1_common_init(struct platform_device *pdev, |
2569 |
+ } |
2570 |
+ } |
2571 |
+ |
2572 |
+- /* We assume that high output = regulator off */ |
2573 |
+- config.ena_gpiod = devm_gpiod_get_optional(&pdev->dev, "wlf,ldoena", |
2574 |
+- GPIOD_OUT_HIGH); |
2575 |
++ /* We assume that high output = regulator off |
2576 |
++ * Don't use devm, since we need to get against the parent device |
2577 |
++ * so clean up would happen at the wrong time |
2578 |
++ */ |
2579 |
++ config.ena_gpiod = gpiod_get_optional(parent_dev, "wlf,ldoena", |
2580 |
++ GPIOD_OUT_LOW); |
2581 |
+ if (IS_ERR(config.ena_gpiod)) |
2582 |
+ return PTR_ERR(config.ena_gpiod); |
2583 |
+ |
2584 |
++ ldo1->ena_gpiod = config.ena_gpiod; |
2585 |
++ |
2586 |
+ if (pdata->init_data) |
2587 |
+ config.init_data = pdata->init_data; |
2588 |
+ else |
2589 |
+@@ -276,6 +283,9 @@ static int arizona_ldo1_common_init(struct platform_device *pdev, |
2590 |
+ of_node_put(config.of_node); |
2591 |
+ |
2592 |
+ if (IS_ERR(ldo1->regulator)) { |
2593 |
++ if (config.ena_gpiod) |
2594 |
++ gpiod_put(config.ena_gpiod); |
2595 |
++ |
2596 |
+ ret = PTR_ERR(ldo1->regulator); |
2597 |
+ dev_err(&pdev->dev, "Failed to register LDO1 supply: %d\n", |
2598 |
+ ret); |
2599 |
+@@ -334,8 +344,19 @@ static int arizona_ldo1_probe(struct platform_device *pdev) |
2600 |
+ return ret; |
2601 |
+ } |
2602 |
+ |
2603 |
++static int arizona_ldo1_remove(struct platform_device *pdev) |
2604 |
++{ |
2605 |
++ struct arizona_ldo1 *ldo1 = platform_get_drvdata(pdev); |
2606 |
++ |
2607 |
++ if (ldo1->ena_gpiod) |
2608 |
++ gpiod_put(ldo1->ena_gpiod); |
2609 |
++ |
2610 |
++ return 0; |
2611 |
++} |
2612 |
++ |
2613 |
+ static struct platform_driver arizona_ldo1_driver = { |
2614 |
+ .probe = arizona_ldo1_probe, |
2615 |
++ .remove = arizona_ldo1_remove, |
2616 |
+ .driver = { |
2617 |
+ .name = "arizona-ldo1", |
2618 |
+ }, |
2619 |
+diff --git a/drivers/s390/cio/qdio_main.c b/drivers/s390/cio/qdio_main.c |
2620 |
+index f4ca72dd862f..9c7d9da42ba0 100644 |
2621 |
+--- a/drivers/s390/cio/qdio_main.c |
2622 |
++++ b/drivers/s390/cio/qdio_main.c |
2623 |
+@@ -631,21 +631,20 @@ static inline unsigned long qdio_aob_for_buffer(struct qdio_output_q *q, |
2624 |
+ unsigned long phys_aob = 0; |
2625 |
+ |
2626 |
+ if (!q->use_cq) |
2627 |
+- goto out; |
2628 |
++ return 0; |
2629 |
+ |
2630 |
+ if (!q->aobs[bufnr]) { |
2631 |
+ struct qaob *aob = qdio_allocate_aob(); |
2632 |
+ q->aobs[bufnr] = aob; |
2633 |
+ } |
2634 |
+ if (q->aobs[bufnr]) { |
2635 |
+- q->sbal_state[bufnr].flags = QDIO_OUTBUF_STATE_FLAG_NONE; |
2636 |
+ q->sbal_state[bufnr].aob = q->aobs[bufnr]; |
2637 |
+ q->aobs[bufnr]->user1 = (u64) q->sbal_state[bufnr].user; |
2638 |
+ phys_aob = virt_to_phys(q->aobs[bufnr]); |
2639 |
+ WARN_ON_ONCE(phys_aob & 0xFF); |
2640 |
+ } |
2641 |
+ |
2642 |
+-out: |
2643 |
++ q->sbal_state[bufnr].flags = 0; |
2644 |
+ return phys_aob; |
2645 |
+ } |
2646 |
+ |
2647 |
+diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c |
2648 |
+index ff1d612f6fb9..41cdda7a926b 100644 |
2649 |
+--- a/drivers/scsi/libsas/sas_ata.c |
2650 |
++++ b/drivers/scsi/libsas/sas_ata.c |
2651 |
+@@ -557,34 +557,46 @@ int sas_ata_init(struct domain_device *found_dev) |
2652 |
+ { |
2653 |
+ struct sas_ha_struct *ha = found_dev->port->ha; |
2654 |
+ struct Scsi_Host *shost = ha->core.shost; |
2655 |
++ struct ata_host *ata_host; |
2656 |
+ struct ata_port *ap; |
2657 |
+ int rc; |
2658 |
+ |
2659 |
+- ata_host_init(&found_dev->sata_dev.ata_host, ha->dev, &sas_sata_ops); |
2660 |
+- ap = ata_sas_port_alloc(&found_dev->sata_dev.ata_host, |
2661 |
+- &sata_port_info, |
2662 |
+- shost); |
2663 |
++ ata_host = kzalloc(sizeof(*ata_host), GFP_KERNEL); |
2664 |
++ if (!ata_host) { |
2665 |
++ SAS_DPRINTK("ata host alloc failed.\n"); |
2666 |
++ return -ENOMEM; |
2667 |
++ } |
2668 |
++ |
2669 |
++ ata_host_init(ata_host, ha->dev, &sas_sata_ops); |
2670 |
++ |
2671 |
++ ap = ata_sas_port_alloc(ata_host, &sata_port_info, shost); |
2672 |
+ if (!ap) { |
2673 |
+ SAS_DPRINTK("ata_sas_port_alloc failed.\n"); |
2674 |
+- return -ENODEV; |
2675 |
++ rc = -ENODEV; |
2676 |
++ goto free_host; |
2677 |
+ } |
2678 |
+ |
2679 |
+ ap->private_data = found_dev; |
2680 |
+ ap->cbl = ATA_CBL_SATA; |
2681 |
+ ap->scsi_host = shost; |
2682 |
+ rc = ata_sas_port_init(ap); |
2683 |
+- if (rc) { |
2684 |
+- ata_sas_port_destroy(ap); |
2685 |
+- return rc; |
2686 |
+- } |
2687 |
+- rc = ata_sas_tport_add(found_dev->sata_dev.ata_host.dev, ap); |
2688 |
+- if (rc) { |
2689 |
+- ata_sas_port_destroy(ap); |
2690 |
+- return rc; |
2691 |
+- } |
2692 |
++ if (rc) |
2693 |
++ goto destroy_port; |
2694 |
++ |
2695 |
++ rc = ata_sas_tport_add(ata_host->dev, ap); |
2696 |
++ if (rc) |
2697 |
++ goto destroy_port; |
2698 |
++ |
2699 |
++ found_dev->sata_dev.ata_host = ata_host; |
2700 |
+ found_dev->sata_dev.ap = ap; |
2701 |
+ |
2702 |
+ return 0; |
2703 |
++ |
2704 |
++destroy_port: |
2705 |
++ ata_sas_port_destroy(ap); |
2706 |
++free_host: |
2707 |
++ ata_host_put(ata_host); |
2708 |
++ return rc; |
2709 |
+ } |
2710 |
+ |
2711 |
+ void sas_ata_task_abort(struct sas_task *task) |
2712 |
+diff --git a/drivers/scsi/libsas/sas_discover.c b/drivers/scsi/libsas/sas_discover.c |
2713 |
+index 1ffca28fe6a8..0148ae62a52a 100644 |
2714 |
+--- a/drivers/scsi/libsas/sas_discover.c |
2715 |
++++ b/drivers/scsi/libsas/sas_discover.c |
2716 |
+@@ -316,6 +316,8 @@ void sas_free_device(struct kref *kref) |
2717 |
+ if (dev_is_sata(dev) && dev->sata_dev.ap) { |
2718 |
+ ata_sas_tport_delete(dev->sata_dev.ap); |
2719 |
+ ata_sas_port_destroy(dev->sata_dev.ap); |
2720 |
++ ata_host_put(dev->sata_dev.ata_host); |
2721 |
++ dev->sata_dev.ata_host = NULL; |
2722 |
+ dev->sata_dev.ap = NULL; |
2723 |
+ } |
2724 |
+ |
2725 |
+diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c |
2726 |
+index e44c91edf92d..3c8c17c0b547 100644 |
2727 |
+--- a/drivers/scsi/mpt3sas/mpt3sas_base.c |
2728 |
++++ b/drivers/scsi/mpt3sas/mpt3sas_base.c |
2729 |
+@@ -3284,6 +3284,7 @@ void mpt3sas_base_clear_st(struct MPT3SAS_ADAPTER *ioc, |
2730 |
+ st->cb_idx = 0xFF; |
2731 |
+ st->direct_io = 0; |
2732 |
+ atomic_set(&ioc->chain_lookup[st->smid - 1].chain_offset, 0); |
2733 |
++ st->smid = 0; |
2734 |
+ } |
2735 |
+ |
2736 |
+ /** |
2737 |
+diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c |
2738 |
+index b8d131a455d0..f3d727076e1f 100644 |
2739 |
+--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c |
2740 |
++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c |
2741 |
+@@ -1489,7 +1489,7 @@ mpt3sas_scsih_scsi_lookup_get(struct MPT3SAS_ADAPTER *ioc, u16 smid) |
2742 |
+ scmd = scsi_host_find_tag(ioc->shost, unique_tag); |
2743 |
+ if (scmd) { |
2744 |
+ st = scsi_cmd_priv(scmd); |
2745 |
+- if (st->cb_idx == 0xFF) |
2746 |
++ if (st->cb_idx == 0xFF || st->smid == 0) |
2747 |
+ scmd = NULL; |
2748 |
+ } |
2749 |
+ } |
2750 |
+diff --git a/drivers/scsi/mpt3sas/mpt3sas_transport.c b/drivers/scsi/mpt3sas/mpt3sas_transport.c |
2751 |
+index 3a143bb5ca72..6c71b20af9e3 100644 |
2752 |
+--- a/drivers/scsi/mpt3sas/mpt3sas_transport.c |
2753 |
++++ b/drivers/scsi/mpt3sas/mpt3sas_transport.c |
2754 |
+@@ -1936,12 +1936,12 @@ _transport_smp_handler(struct bsg_job *job, struct Scsi_Host *shost, |
2755 |
+ pr_info(MPT3SAS_FMT "%s: host reset in progress!\n", |
2756 |
+ __func__, ioc->name); |
2757 |
+ rc = -EFAULT; |
2758 |
+- goto out; |
2759 |
++ goto job_done; |
2760 |
+ } |
2761 |
+ |
2762 |
+ rc = mutex_lock_interruptible(&ioc->transport_cmds.mutex); |
2763 |
+ if (rc) |
2764 |
+- goto out; |
2765 |
++ goto job_done; |
2766 |
+ |
2767 |
+ if (ioc->transport_cmds.status != MPT3_CMD_NOT_USED) { |
2768 |
+ pr_err(MPT3SAS_FMT "%s: transport_cmds in use\n", ioc->name, |
2769 |
+@@ -2066,6 +2066,7 @@ _transport_smp_handler(struct bsg_job *job, struct Scsi_Host *shost, |
2770 |
+ out: |
2771 |
+ ioc->transport_cmds.status = MPT3_CMD_NOT_USED; |
2772 |
+ mutex_unlock(&ioc->transport_cmds.mutex); |
2773 |
++job_done: |
2774 |
+ bsg_job_done(job, rc, reslen); |
2775 |
+ } |
2776 |
+ |
2777 |
+diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c |
2778 |
+index 1b19b954bbae..ec550ee0108e 100644 |
2779 |
+--- a/drivers/scsi/qla2xxx/qla_init.c |
2780 |
++++ b/drivers/scsi/qla2xxx/qla_init.c |
2781 |
+@@ -382,7 +382,7 @@ qla2x00_async_adisc_sp_done(void *ptr, int res) |
2782 |
+ "Async done-%s res %x %8phC\n", |
2783 |
+ sp->name, res, sp->fcport->port_name); |
2784 |
+ |
2785 |
+- sp->fcport->flags &= ~FCF_ASYNC_SENT; |
2786 |
++ sp->fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE); |
2787 |
+ |
2788 |
+ memset(&ea, 0, sizeof(ea)); |
2789 |
+ ea.event = FCME_ADISC_DONE; |
2790 |
+diff --git a/drivers/scsi/qla2xxx/qla_iocb.c b/drivers/scsi/qla2xxx/qla_iocb.c |
2791 |
+index dd93a22fe843..667055cbe155 100644 |
2792 |
+--- a/drivers/scsi/qla2xxx/qla_iocb.c |
2793 |
++++ b/drivers/scsi/qla2xxx/qla_iocb.c |
2794 |
+@@ -2656,6 +2656,7 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t *vha, int els_opcode, |
2795 |
+ ql_dbg(ql_dbg_io, vha, 0x3073, |
2796 |
+ "Enter: PLOGI portid=%06x\n", fcport->d_id.b24); |
2797 |
+ |
2798 |
++ fcport->flags |= FCF_ASYNC_SENT; |
2799 |
+ sp->type = SRB_ELS_DCMD; |
2800 |
+ sp->name = "ELS_DCMD"; |
2801 |
+ sp->fcport = fcport; |
2802 |
+diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c |
2803 |
+index 7943b762c12d..87ef6714845b 100644 |
2804 |
+--- a/drivers/scsi/scsi_sysfs.c |
2805 |
++++ b/drivers/scsi/scsi_sysfs.c |
2806 |
+@@ -722,8 +722,24 @@ static ssize_t |
2807 |
+ sdev_store_delete(struct device *dev, struct device_attribute *attr, |
2808 |
+ const char *buf, size_t count) |
2809 |
+ { |
2810 |
+- if (device_remove_file_self(dev, attr)) |
2811 |
+- scsi_remove_device(to_scsi_device(dev)); |
2812 |
++ struct kernfs_node *kn; |
2813 |
++ |
2814 |
++ kn = sysfs_break_active_protection(&dev->kobj, &attr->attr); |
2815 |
++ WARN_ON_ONCE(!kn); |
2816 |
++ /* |
2817 |
++ * Concurrent writes into the "delete" sysfs attribute may trigger |
2818 |
++ * concurrent calls to device_remove_file() and scsi_remove_device(). |
2819 |
++ * device_remove_file() handles concurrent removal calls by |
2820 |
++ * serializing these and by ignoring the second and later removal |
2821 |
++ * attempts. Concurrent calls of scsi_remove_device() are |
2822 |
++ * serialized. The second and later calls of scsi_remove_device() are |
2823 |
++ * ignored because the first call of that function changes the device |
2824 |
++ * state into SDEV_DEL. |
2825 |
++ */ |
2826 |
++ device_remove_file(dev, attr); |
2827 |
++ scsi_remove_device(to_scsi_device(dev)); |
2828 |
++ if (kn) |
2829 |
++ sysfs_unbreak_active_protection(kn); |
2830 |
+ return count; |
2831 |
+ }; |
2832 |
+ static DEVICE_ATTR(delete, S_IWUSR, NULL, sdev_store_delete); |
2833 |
+diff --git a/drivers/soc/qcom/rmtfs_mem.c b/drivers/soc/qcom/rmtfs_mem.c |
2834 |
+index c8999e38b005..8a3678c2e83c 100644 |
2835 |
+--- a/drivers/soc/qcom/rmtfs_mem.c |
2836 |
++++ b/drivers/soc/qcom/rmtfs_mem.c |
2837 |
+@@ -184,6 +184,7 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) |
2838 |
+ device_initialize(&rmtfs_mem->dev); |
2839 |
+ rmtfs_mem->dev.parent = &pdev->dev; |
2840 |
+ rmtfs_mem->dev.groups = qcom_rmtfs_mem_groups; |
2841 |
++ rmtfs_mem->dev.release = qcom_rmtfs_mem_release_device; |
2842 |
+ |
2843 |
+ rmtfs_mem->base = devm_memremap(&rmtfs_mem->dev, rmtfs_mem->addr, |
2844 |
+ rmtfs_mem->size, MEMREMAP_WC); |
2845 |
+@@ -206,8 +207,6 @@ static int qcom_rmtfs_mem_probe(struct platform_device *pdev) |
2846 |
+ goto put_device; |
2847 |
+ } |
2848 |
+ |
2849 |
+- rmtfs_mem->dev.release = qcom_rmtfs_mem_release_device; |
2850 |
+- |
2851 |
+ ret = of_property_read_u32(node, "qcom,vmid", &vmid); |
2852 |
+ if (ret < 0 && ret != -EINVAL) { |
2853 |
+ dev_err(&pdev->dev, "failed to parse qcom,vmid\n"); |
2854 |
+diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c |
2855 |
+index 99501785cdc1..68b3eb00a9d0 100644 |
2856 |
+--- a/drivers/target/iscsi/iscsi_target_login.c |
2857 |
++++ b/drivers/target/iscsi/iscsi_target_login.c |
2858 |
+@@ -348,8 +348,7 @@ static int iscsi_login_zero_tsih_s1( |
2859 |
+ pr_err("idr_alloc() for sess_idr failed\n"); |
2860 |
+ iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, |
2861 |
+ ISCSI_LOGIN_STATUS_NO_RESOURCES); |
2862 |
+- kfree(sess); |
2863 |
+- return -ENOMEM; |
2864 |
++ goto free_sess; |
2865 |
+ } |
2866 |
+ |
2867 |
+ sess->creation_time = get_jiffies_64(); |
2868 |
+@@ -365,20 +364,28 @@ static int iscsi_login_zero_tsih_s1( |
2869 |
+ ISCSI_LOGIN_STATUS_NO_RESOURCES); |
2870 |
+ pr_err("Unable to allocate memory for" |
2871 |
+ " struct iscsi_sess_ops.\n"); |
2872 |
+- kfree(sess); |
2873 |
+- return -ENOMEM; |
2874 |
++ goto remove_idr; |
2875 |
+ } |
2876 |
+ |
2877 |
+ sess->se_sess = transport_init_session(TARGET_PROT_NORMAL); |
2878 |
+ if (IS_ERR(sess->se_sess)) { |
2879 |
+ iscsit_tx_login_rsp(conn, ISCSI_STATUS_CLS_TARGET_ERR, |
2880 |
+ ISCSI_LOGIN_STATUS_NO_RESOURCES); |
2881 |
+- kfree(sess->sess_ops); |
2882 |
+- kfree(sess); |
2883 |
+- return -ENOMEM; |
2884 |
++ goto free_ops; |
2885 |
+ } |
2886 |
+ |
2887 |
+ return 0; |
2888 |
++ |
2889 |
++free_ops: |
2890 |
++ kfree(sess->sess_ops); |
2891 |
++remove_idr: |
2892 |
++ spin_lock_bh(&sess_idr_lock); |
2893 |
++ idr_remove(&sess_idr, sess->session_index); |
2894 |
++ spin_unlock_bh(&sess_idr_lock); |
2895 |
++free_sess: |
2896 |
++ kfree(sess); |
2897 |
++ conn->sess = NULL; |
2898 |
++ return -ENOMEM; |
2899 |
+ } |
2900 |
+ |
2901 |
+ static int iscsi_login_zero_tsih_s2( |
2902 |
+@@ -1161,13 +1168,13 @@ void iscsi_target_login_sess_out(struct iscsi_conn *conn, |
2903 |
+ ISCSI_LOGIN_STATUS_INIT_ERR); |
2904 |
+ if (!zero_tsih || !conn->sess) |
2905 |
+ goto old_sess_out; |
2906 |
+- if (conn->sess->se_sess) |
2907 |
+- transport_free_session(conn->sess->se_sess); |
2908 |
+- if (conn->sess->session_index != 0) { |
2909 |
+- spin_lock_bh(&sess_idr_lock); |
2910 |
+- idr_remove(&sess_idr, conn->sess->session_index); |
2911 |
+- spin_unlock_bh(&sess_idr_lock); |
2912 |
+- } |
2913 |
++ |
2914 |
++ transport_free_session(conn->sess->se_sess); |
2915 |
++ |
2916 |
++ spin_lock_bh(&sess_idr_lock); |
2917 |
++ idr_remove(&sess_idr, conn->sess->session_index); |
2918 |
++ spin_unlock_bh(&sess_idr_lock); |
2919 |
++ |
2920 |
+ kfree(conn->sess->sess_ops); |
2921 |
+ kfree(conn->sess); |
2922 |
+ conn->sess = NULL; |
2923 |
+diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c |
2924 |
+index 205092dc9390..dfed08e70ec1 100644 |
2925 |
+--- a/fs/btrfs/disk-io.c |
2926 |
++++ b/fs/btrfs/disk-io.c |
2927 |
+@@ -961,8 +961,9 @@ static int btree_writepages(struct address_space *mapping, |
2928 |
+ |
2929 |
+ fs_info = BTRFS_I(mapping->host)->root->fs_info; |
2930 |
+ /* this is a bit racy, but that's ok */ |
2931 |
+- ret = percpu_counter_compare(&fs_info->dirty_metadata_bytes, |
2932 |
+- BTRFS_DIRTY_METADATA_THRESH); |
2933 |
++ ret = __percpu_counter_compare(&fs_info->dirty_metadata_bytes, |
2934 |
++ BTRFS_DIRTY_METADATA_THRESH, |
2935 |
++ fs_info->dirty_metadata_batch); |
2936 |
+ if (ret < 0) |
2937 |
+ return 0; |
2938 |
+ } |
2939 |
+@@ -4150,8 +4151,9 @@ static void __btrfs_btree_balance_dirty(struct btrfs_fs_info *fs_info, |
2940 |
+ if (flush_delayed) |
2941 |
+ btrfs_balance_delayed_items(fs_info); |
2942 |
+ |
2943 |
+- ret = percpu_counter_compare(&fs_info->dirty_metadata_bytes, |
2944 |
+- BTRFS_DIRTY_METADATA_THRESH); |
2945 |
++ ret = __percpu_counter_compare(&fs_info->dirty_metadata_bytes, |
2946 |
++ BTRFS_DIRTY_METADATA_THRESH, |
2947 |
++ fs_info->dirty_metadata_batch); |
2948 |
+ if (ret > 0) { |
2949 |
+ balance_dirty_pages_ratelimited(fs_info->btree_inode->i_mapping); |
2950 |
+ } |
2951 |
+diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c |
2952 |
+index 3d9fe58c0080..8aab7a6c1e58 100644 |
2953 |
+--- a/fs/btrfs/extent-tree.c |
2954 |
++++ b/fs/btrfs/extent-tree.c |
2955 |
+@@ -4358,7 +4358,7 @@ commit_trans: |
2956 |
+ data_sinfo->flags, bytes, 1); |
2957 |
+ spin_unlock(&data_sinfo->lock); |
2958 |
+ |
2959 |
+- return ret; |
2960 |
++ return 0; |
2961 |
+ } |
2962 |
+ |
2963 |
+ int btrfs_check_data_free_space(struct inode *inode, |
2964 |
+diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c |
2965 |
+index eba61bcb9bb3..071d949f69ec 100644 |
2966 |
+--- a/fs/btrfs/inode.c |
2967 |
++++ b/fs/btrfs/inode.c |
2968 |
+@@ -6027,32 +6027,6 @@ err: |
2969 |
+ return ret; |
2970 |
+ } |
2971 |
+ |
2972 |
+-int btrfs_write_inode(struct inode *inode, struct writeback_control *wbc) |
2973 |
+-{ |
2974 |
+- struct btrfs_root *root = BTRFS_I(inode)->root; |
2975 |
+- struct btrfs_trans_handle *trans; |
2976 |
+- int ret = 0; |
2977 |
+- bool nolock = false; |
2978 |
+- |
2979 |
+- if (test_bit(BTRFS_INODE_DUMMY, &BTRFS_I(inode)->runtime_flags)) |
2980 |
+- return 0; |
2981 |
+- |
2982 |
+- if (btrfs_fs_closing(root->fs_info) && |
2983 |
+- btrfs_is_free_space_inode(BTRFS_I(inode))) |
2984 |
+- nolock = true; |
2985 |
+- |
2986 |
+- if (wbc->sync_mode == WB_SYNC_ALL) { |
2987 |
+- if (nolock) |
2988 |
+- trans = btrfs_join_transaction_nolock(root); |
2989 |
+- else |
2990 |
+- trans = btrfs_join_transaction(root); |
2991 |
+- if (IS_ERR(trans)) |
2992 |
+- return PTR_ERR(trans); |
2993 |
+- ret = btrfs_commit_transaction(trans); |
2994 |
+- } |
2995 |
+- return ret; |
2996 |
+-} |
2997 |
+- |
2998 |
+ /* |
2999 |
+ * This is somewhat expensive, updating the tree every time the |
3000 |
+ * inode changes. But, it is most likely to find the inode in cache. |
3001 |
+diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c |
3002 |
+index c47f62b19226..b75b4abaa4a5 100644 |
3003 |
+--- a/fs/btrfs/send.c |
3004 |
++++ b/fs/btrfs/send.c |
3005 |
+@@ -100,6 +100,7 @@ struct send_ctx { |
3006 |
+ u64 cur_inode_rdev; |
3007 |
+ u64 cur_inode_last_extent; |
3008 |
+ u64 cur_inode_next_write_offset; |
3009 |
++ bool ignore_cur_inode; |
3010 |
+ |
3011 |
+ u64 send_progress; |
3012 |
+ |
3013 |
+@@ -5006,6 +5007,15 @@ static int send_hole(struct send_ctx *sctx, u64 end) |
3014 |
+ u64 len; |
3015 |
+ int ret = 0; |
3016 |
+ |
3017 |
++ /* |
3018 |
++ * A hole that starts at EOF or beyond it. Since we do not yet support |
3019 |
++ * fallocate (for extent preallocation and hole punching), sending a |
3020 |
++ * write of zeroes starting at EOF or beyond would later require issuing |
3021 |
++ * a truncate operation which would undo the write and achieve nothing. |
3022 |
++ */ |
3023 |
++ if (offset >= sctx->cur_inode_size) |
3024 |
++ return 0; |
3025 |
++ |
3026 |
+ if (sctx->flags & BTRFS_SEND_FLAG_NO_FILE_DATA) |
3027 |
+ return send_update_extent(sctx, offset, end - offset); |
3028 |
+ |
3029 |
+@@ -5799,6 +5809,9 @@ static int finish_inode_if_needed(struct send_ctx *sctx, int at_end) |
3030 |
+ int pending_move = 0; |
3031 |
+ int refs_processed = 0; |
3032 |
+ |
3033 |
++ if (sctx->ignore_cur_inode) |
3034 |
++ return 0; |
3035 |
++ |
3036 |
+ ret = process_recorded_refs_if_needed(sctx, at_end, &pending_move, |
3037 |
+ &refs_processed); |
3038 |
+ if (ret < 0) |
3039 |
+@@ -5917,6 +5930,93 @@ out: |
3040 |
+ return ret; |
3041 |
+ } |
3042 |
+ |
3043 |
++struct parent_paths_ctx { |
3044 |
++ struct list_head *refs; |
3045 |
++ struct send_ctx *sctx; |
3046 |
++}; |
3047 |
++ |
3048 |
++static int record_parent_ref(int num, u64 dir, int index, struct fs_path *name, |
3049 |
++ void *ctx) |
3050 |
++{ |
3051 |
++ struct parent_paths_ctx *ppctx = ctx; |
3052 |
++ |
3053 |
++ return record_ref(ppctx->sctx->parent_root, dir, name, ppctx->sctx, |
3054 |
++ ppctx->refs); |
3055 |
++} |
3056 |
++ |
3057 |
++/* |
3058 |
++ * Issue unlink operations for all paths of the current inode found in the |
3059 |
++ * parent snapshot. |
3060 |
++ */ |
3061 |
++static int btrfs_unlink_all_paths(struct send_ctx *sctx) |
3062 |
++{ |
3063 |
++ LIST_HEAD(deleted_refs); |
3064 |
++ struct btrfs_path *path; |
3065 |
++ struct btrfs_key key; |
3066 |
++ struct parent_paths_ctx ctx; |
3067 |
++ int ret; |
3068 |
++ |
3069 |
++ path = alloc_path_for_send(); |
3070 |
++ if (!path) |
3071 |
++ return -ENOMEM; |
3072 |
++ |
3073 |
++ key.objectid = sctx->cur_ino; |
3074 |
++ key.type = BTRFS_INODE_REF_KEY; |
3075 |
++ key.offset = 0; |
3076 |
++ ret = btrfs_search_slot(NULL, sctx->parent_root, &key, path, 0, 0); |
3077 |
++ if (ret < 0) |
3078 |
++ goto out; |
3079 |
++ |
3080 |
++ ctx.refs = &deleted_refs; |
3081 |
++ ctx.sctx = sctx; |
3082 |
++ |
3083 |
++ while (true) { |
3084 |
++ struct extent_buffer *eb = path->nodes[0]; |
3085 |
++ int slot = path->slots[0]; |
3086 |
++ |
3087 |
++ if (slot >= btrfs_header_nritems(eb)) { |
3088 |
++ ret = btrfs_next_leaf(sctx->parent_root, path); |
3089 |
++ if (ret < 0) |
3090 |
++ goto out; |
3091 |
++ else if (ret > 0) |
3092 |
++ break; |
3093 |
++ continue; |
3094 |
++ } |
3095 |
++ |
3096 |
++ btrfs_item_key_to_cpu(eb, &key, slot); |
3097 |
++ if (key.objectid != sctx->cur_ino) |
3098 |
++ break; |
3099 |
++ if (key.type != BTRFS_INODE_REF_KEY && |
3100 |
++ key.type != BTRFS_INODE_EXTREF_KEY) |
3101 |
++ break; |
3102 |
++ |
3103 |
++ ret = iterate_inode_ref(sctx->parent_root, path, &key, 1, |
3104 |
++ record_parent_ref, &ctx); |
3105 |
++ if (ret < 0) |
3106 |
++ goto out; |
3107 |
++ |
3108 |
++ path->slots[0]++; |
3109 |
++ } |
3110 |
++ |
3111 |
++ while (!list_empty(&deleted_refs)) { |
3112 |
++ struct recorded_ref *ref; |
3113 |
++ |
3114 |
++ ref = list_first_entry(&deleted_refs, struct recorded_ref, list); |
3115 |
++ ret = send_unlink(sctx, ref->full_path); |
3116 |
++ if (ret < 0) |
3117 |
++ goto out; |
3118 |
++ fs_path_free(ref->full_path); |
3119 |
++ list_del(&ref->list); |
3120 |
++ kfree(ref); |
3121 |
++ } |
3122 |
++ ret = 0; |
3123 |
++out: |
3124 |
++ btrfs_free_path(path); |
3125 |
++ if (ret) |
3126 |
++ __free_recorded_refs(&deleted_refs); |
3127 |
++ return ret; |
3128 |
++} |
3129 |
++ |
3130 |
+ static int changed_inode(struct send_ctx *sctx, |
3131 |
+ enum btrfs_compare_tree_result result) |
3132 |
+ { |
3133 |
+@@ -5931,6 +6031,7 @@ static int changed_inode(struct send_ctx *sctx, |
3134 |
+ sctx->cur_inode_new_gen = 0; |
3135 |
+ sctx->cur_inode_last_extent = (u64)-1; |
3136 |
+ sctx->cur_inode_next_write_offset = 0; |
3137 |
++ sctx->ignore_cur_inode = false; |
3138 |
+ |
3139 |
+ /* |
3140 |
+ * Set send_progress to current inode. This will tell all get_cur_xxx |
3141 |
+@@ -5971,6 +6072,33 @@ static int changed_inode(struct send_ctx *sctx, |
3142 |
+ sctx->cur_inode_new_gen = 1; |
3143 |
+ } |
3144 |
+ |
3145 |
++ /* |
3146 |
++ * Normally we do not find inodes with a link count of zero (orphans) |
3147 |
++ * because the most common case is to create a snapshot and use it |
3148 |
++ * for a send operation. However other less common use cases involve |
3149 |
++ * using a subvolume and send it after turning it to RO mode just |
3150 |
++ * after deleting all hard links of a file while holding an open |
3151 |
++ * file descriptor against it or turning a RO snapshot into RW mode, |
3152 |
++ * keep an open file descriptor against a file, delete it and then |
3153 |
++ * turn the snapshot back to RO mode before using it for a send |
3154 |
++ * operation. So if we find such cases, ignore the inode and all its |
3155 |
++ * items completely if it's a new inode, or if it's a changed inode |
3156 |
++ * make sure all its previous paths (from the parent snapshot) are all |
3157 |
++ * unlinked and all other the inode items are ignored. |
3158 |
++ */ |
3159 |
++ if (result == BTRFS_COMPARE_TREE_NEW || |
3160 |
++ result == BTRFS_COMPARE_TREE_CHANGED) { |
3161 |
++ u32 nlinks; |
3162 |
++ |
3163 |
++ nlinks = btrfs_inode_nlink(sctx->left_path->nodes[0], left_ii); |
3164 |
++ if (nlinks == 0) { |
3165 |
++ sctx->ignore_cur_inode = true; |
3166 |
++ if (result == BTRFS_COMPARE_TREE_CHANGED) |
3167 |
++ ret = btrfs_unlink_all_paths(sctx); |
3168 |
++ goto out; |
3169 |
++ } |
3170 |
++ } |
3171 |
++ |
3172 |
+ if (result == BTRFS_COMPARE_TREE_NEW) { |
3173 |
+ sctx->cur_inode_gen = left_gen; |
3174 |
+ sctx->cur_inode_new = 1; |
3175 |
+@@ -6309,15 +6437,17 @@ static int changed_cb(struct btrfs_path *left_path, |
3176 |
+ key->objectid == BTRFS_FREE_SPACE_OBJECTID) |
3177 |
+ goto out; |
3178 |
+ |
3179 |
+- if (key->type == BTRFS_INODE_ITEM_KEY) |
3180 |
++ if (key->type == BTRFS_INODE_ITEM_KEY) { |
3181 |
+ ret = changed_inode(sctx, result); |
3182 |
+- else if (key->type == BTRFS_INODE_REF_KEY || |
3183 |
+- key->type == BTRFS_INODE_EXTREF_KEY) |
3184 |
+- ret = changed_ref(sctx, result); |
3185 |
+- else if (key->type == BTRFS_XATTR_ITEM_KEY) |
3186 |
+- ret = changed_xattr(sctx, result); |
3187 |
+- else if (key->type == BTRFS_EXTENT_DATA_KEY) |
3188 |
+- ret = changed_extent(sctx, result); |
3189 |
++ } else if (!sctx->ignore_cur_inode) { |
3190 |
++ if (key->type == BTRFS_INODE_REF_KEY || |
3191 |
++ key->type == BTRFS_INODE_EXTREF_KEY) |
3192 |
++ ret = changed_ref(sctx, result); |
3193 |
++ else if (key->type == BTRFS_XATTR_ITEM_KEY) |
3194 |
++ ret = changed_xattr(sctx, result); |
3195 |
++ else if (key->type == BTRFS_EXTENT_DATA_KEY) |
3196 |
++ ret = changed_extent(sctx, result); |
3197 |
++ } |
3198 |
+ |
3199 |
+ out: |
3200 |
+ return ret; |
3201 |
+diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c |
3202 |
+index 81107ad49f3a..bddfc28b27c0 100644 |
3203 |
+--- a/fs/btrfs/super.c |
3204 |
++++ b/fs/btrfs/super.c |
3205 |
+@@ -2331,7 +2331,6 @@ static const struct super_operations btrfs_super_ops = { |
3206 |
+ .sync_fs = btrfs_sync_fs, |
3207 |
+ .show_options = btrfs_show_options, |
3208 |
+ .show_devname = btrfs_show_devname, |
3209 |
+- .write_inode = btrfs_write_inode, |
3210 |
+ .alloc_inode = btrfs_alloc_inode, |
3211 |
+ .destroy_inode = btrfs_destroy_inode, |
3212 |
+ .statfs = btrfs_statfs, |
3213 |
+diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c |
3214 |
+index f8220ec02036..84b00a29d531 100644 |
3215 |
+--- a/fs/btrfs/tree-log.c |
3216 |
++++ b/fs/btrfs/tree-log.c |
3217 |
+@@ -1291,6 +1291,46 @@ again: |
3218 |
+ return ret; |
3219 |
+ } |
3220 |
+ |
3221 |
++static int btrfs_inode_ref_exists(struct inode *inode, struct inode *dir, |
3222 |
++ const u8 ref_type, const char *name, |
3223 |
++ const int namelen) |
3224 |
++{ |
3225 |
++ struct btrfs_key key; |
3226 |
++ struct btrfs_path *path; |
3227 |
++ const u64 parent_id = btrfs_ino(BTRFS_I(dir)); |
3228 |
++ int ret; |
3229 |
++ |
3230 |
++ path = btrfs_alloc_path(); |
3231 |
++ if (!path) |
3232 |
++ return -ENOMEM; |
3233 |
++ |
3234 |
++ key.objectid = btrfs_ino(BTRFS_I(inode)); |
3235 |
++ key.type = ref_type; |
3236 |
++ if (key.type == BTRFS_INODE_REF_KEY) |
3237 |
++ key.offset = parent_id; |
3238 |
++ else |
3239 |
++ key.offset = btrfs_extref_hash(parent_id, name, namelen); |
3240 |
++ |
3241 |
++ ret = btrfs_search_slot(NULL, BTRFS_I(inode)->root, &key, path, 0, 0); |
3242 |
++ if (ret < 0) |
3243 |
++ goto out; |
3244 |
++ if (ret > 0) { |
3245 |
++ ret = 0; |
3246 |
++ goto out; |
3247 |
++ } |
3248 |
++ if (key.type == BTRFS_INODE_EXTREF_KEY) |
3249 |
++ ret = btrfs_find_name_in_ext_backref(path->nodes[0], |
3250 |
++ path->slots[0], parent_id, |
3251 |
++ name, namelen, NULL); |
3252 |
++ else |
3253 |
++ ret = btrfs_find_name_in_backref(path->nodes[0], path->slots[0], |
3254 |
++ name, namelen, NULL); |
3255 |
++ |
3256 |
++out: |
3257 |
++ btrfs_free_path(path); |
3258 |
++ return ret; |
3259 |
++} |
3260 |
++ |
3261 |
+ /* |
3262 |
+ * replay one inode back reference item found in the log tree. |
3263 |
+ * eb, slot and key refer to the buffer and key found in the log tree. |
3264 |
+@@ -1400,6 +1440,32 @@ static noinline int add_inode_ref(struct btrfs_trans_handle *trans, |
3265 |
+ } |
3266 |
+ } |
3267 |
+ |
3268 |
++ /* |
3269 |
++ * If a reference item already exists for this inode |
3270 |
++ * with the same parent and name, but different index, |
3271 |
++ * drop it and the corresponding directory index entries |
3272 |
++ * from the parent before adding the new reference item |
3273 |
++ * and dir index entries, otherwise we would fail with |
3274 |
++ * -EEXIST returned from btrfs_add_link() below. |
3275 |
++ */ |
3276 |
++ ret = btrfs_inode_ref_exists(inode, dir, key->type, |
3277 |
++ name, namelen); |
3278 |
++ if (ret > 0) { |
3279 |
++ ret = btrfs_unlink_inode(trans, root, |
3280 |
++ BTRFS_I(dir), |
3281 |
++ BTRFS_I(inode), |
3282 |
++ name, namelen); |
3283 |
++ /* |
3284 |
++ * If we dropped the link count to 0, bump it so |
3285 |
++ * that later the iput() on the inode will not |
3286 |
++ * free it. We will fixup the link count later. |
3287 |
++ */ |
3288 |
++ if (!ret && inode->i_nlink == 0) |
3289 |
++ inc_nlink(inode); |
3290 |
++ } |
3291 |
++ if (ret < 0) |
3292 |
++ goto out; |
3293 |
++ |
3294 |
+ /* insert our name */ |
3295 |
+ ret = btrfs_add_link(trans, BTRFS_I(dir), |
3296 |
+ BTRFS_I(inode), |
3297 |
+diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c |
3298 |
+index bfe999505815..991bfb271908 100644 |
3299 |
+--- a/fs/cifs/cifs_debug.c |
3300 |
++++ b/fs/cifs/cifs_debug.c |
3301 |
+@@ -160,25 +160,41 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v) |
3302 |
+ seq_printf(m, "CIFS Version %s\n", CIFS_VERSION); |
3303 |
+ seq_printf(m, "Features:"); |
3304 |
+ #ifdef CONFIG_CIFS_DFS_UPCALL |
3305 |
+- seq_printf(m, " dfs"); |
3306 |
++ seq_printf(m, " DFS"); |
3307 |
+ #endif |
3308 |
+ #ifdef CONFIG_CIFS_FSCACHE |
3309 |
+- seq_printf(m, " fscache"); |
3310 |
++ seq_printf(m, ",FSCACHE"); |
3311 |
++#endif |
3312 |
++#ifdef CONFIG_CIFS_SMB_DIRECT |
3313 |
++ seq_printf(m, ",SMB_DIRECT"); |
3314 |
++#endif |
3315 |
++#ifdef CONFIG_CIFS_STATS2 |
3316 |
++ seq_printf(m, ",STATS2"); |
3317 |
++#elif defined(CONFIG_CIFS_STATS) |
3318 |
++ seq_printf(m, ",STATS"); |
3319 |
++#endif |
3320 |
++#ifdef CONFIG_CIFS_DEBUG2 |
3321 |
++ seq_printf(m, ",DEBUG2"); |
3322 |
++#elif defined(CONFIG_CIFS_DEBUG) |
3323 |
++ seq_printf(m, ",DEBUG"); |
3324 |
++#endif |
3325 |
++#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY |
3326 |
++ seq_printf(m, ",ALLOW_INSECURE_LEGACY"); |
3327 |
+ #endif |
3328 |
+ #ifdef CONFIG_CIFS_WEAK_PW_HASH |
3329 |
+- seq_printf(m, " lanman"); |
3330 |
++ seq_printf(m, ",WEAK_PW_HASH"); |
3331 |
+ #endif |
3332 |
+ #ifdef CONFIG_CIFS_POSIX |
3333 |
+- seq_printf(m, " posix"); |
3334 |
++ seq_printf(m, ",CIFS_POSIX"); |
3335 |
+ #endif |
3336 |
+ #ifdef CONFIG_CIFS_UPCALL |
3337 |
+- seq_printf(m, " spnego"); |
3338 |
++ seq_printf(m, ",UPCALL(SPNEGO)"); |
3339 |
+ #endif |
3340 |
+ #ifdef CONFIG_CIFS_XATTR |
3341 |
+- seq_printf(m, " xattr"); |
3342 |
++ seq_printf(m, ",XATTR"); |
3343 |
+ #endif |
3344 |
+ #ifdef CONFIG_CIFS_ACL |
3345 |
+- seq_printf(m, " acl"); |
3346 |
++ seq_printf(m, ",ACL"); |
3347 |
+ #endif |
3348 |
+ seq_putc(m, '\n'); |
3349 |
+ seq_printf(m, "Active VFS Requests: %d\n", GlobalTotalActiveXid); |
3350 |
+diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c |
3351 |
+index d5aa7ae917bf..69ec5427769c 100644 |
3352 |
+--- a/fs/cifs/cifsfs.c |
3353 |
++++ b/fs/cifs/cifsfs.c |
3354 |
+@@ -209,14 +209,16 @@ cifs_statfs(struct dentry *dentry, struct kstatfs *buf) |
3355 |
+ |
3356 |
+ xid = get_xid(); |
3357 |
+ |
3358 |
+- /* |
3359 |
+- * PATH_MAX may be too long - it would presumably be total path, |
3360 |
+- * but note that some servers (includinng Samba 3) have a shorter |
3361 |
+- * maximum path. |
3362 |
+- * |
3363 |
+- * Instead could get the real value via SMB_QUERY_FS_ATTRIBUTE_INFO. |
3364 |
+- */ |
3365 |
+- buf->f_namelen = PATH_MAX; |
3366 |
++ if (le32_to_cpu(tcon->fsAttrInfo.MaxPathNameComponentLength) > 0) |
3367 |
++ buf->f_namelen = |
3368 |
++ le32_to_cpu(tcon->fsAttrInfo.MaxPathNameComponentLength); |
3369 |
++ else |
3370 |
++ buf->f_namelen = PATH_MAX; |
3371 |
++ |
3372 |
++ buf->f_fsid.val[0] = tcon->vol_serial_number; |
3373 |
++ /* are using part of create time for more randomness, see man statfs */ |
3374 |
++ buf->f_fsid.val[1] = (int)le64_to_cpu(tcon->vol_create_time); |
3375 |
++ |
3376 |
+ buf->f_files = 0; /* undefined */ |
3377 |
+ buf->f_ffree = 0; /* unlimited */ |
3378 |
+ |
3379 |
+diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h |
3380 |
+index c923c7854027..4b45d3ef3f9d 100644 |
3381 |
+--- a/fs/cifs/cifsglob.h |
3382 |
++++ b/fs/cifs/cifsglob.h |
3383 |
+@@ -913,6 +913,7 @@ cap_unix(struct cifs_ses *ses) |
3384 |
+ |
3385 |
+ struct cached_fid { |
3386 |
+ bool is_valid:1; /* Do we have a useable root fid */ |
3387 |
++ struct kref refcount; |
3388 |
+ struct cifs_fid *fid; |
3389 |
+ struct mutex fid_mutex; |
3390 |
+ struct cifs_tcon *tcon; |
3391 |
+diff --git a/fs/cifs/inode.c b/fs/cifs/inode.c |
3392 |
+index a2cfb33e85c1..9051b9dfd590 100644 |
3393 |
+--- a/fs/cifs/inode.c |
3394 |
++++ b/fs/cifs/inode.c |
3395 |
+@@ -1122,6 +1122,8 @@ cifs_set_file_info(struct inode *inode, struct iattr *attrs, unsigned int xid, |
3396 |
+ if (!server->ops->set_file_info) |
3397 |
+ return -ENOSYS; |
3398 |
+ |
3399 |
++ info_buf.Pad = 0; |
3400 |
++ |
3401 |
+ if (attrs->ia_valid & ATTR_ATIME) { |
3402 |
+ set_time = true; |
3403 |
+ info_buf.LastAccessTime = |
3404 |
+diff --git a/fs/cifs/link.c b/fs/cifs/link.c |
3405 |
+index de41f96aba49..2148b0f60e5e 100644 |
3406 |
+--- a/fs/cifs/link.c |
3407 |
++++ b/fs/cifs/link.c |
3408 |
+@@ -396,7 +396,7 @@ smb3_query_mf_symlink(unsigned int xid, struct cifs_tcon *tcon, |
3409 |
+ struct cifs_io_parms io_parms; |
3410 |
+ int buf_type = CIFS_NO_BUFFER; |
3411 |
+ __le16 *utf16_path; |
3412 |
+- __u8 oplock = SMB2_OPLOCK_LEVEL_II; |
3413 |
++ __u8 oplock = SMB2_OPLOCK_LEVEL_NONE; |
3414 |
+ struct smb2_file_all_info *pfile_info = NULL; |
3415 |
+ |
3416 |
+ oparms.tcon = tcon; |
3417 |
+@@ -459,7 +459,7 @@ smb3_create_mf_symlink(unsigned int xid, struct cifs_tcon *tcon, |
3418 |
+ struct cifs_io_parms io_parms; |
3419 |
+ int create_options = CREATE_NOT_DIR; |
3420 |
+ __le16 *utf16_path; |
3421 |
+- __u8 oplock = SMB2_OPLOCK_LEVEL_EXCLUSIVE; |
3422 |
++ __u8 oplock = SMB2_OPLOCK_LEVEL_NONE; |
3423 |
+ struct kvec iov[2]; |
3424 |
+ |
3425 |
+ if (backup_cred(cifs_sb)) |
3426 |
+diff --git a/fs/cifs/sess.c b/fs/cifs/sess.c |
3427 |
+index 8b0502cd39af..aa23c00367ec 100644 |
3428 |
+--- a/fs/cifs/sess.c |
3429 |
++++ b/fs/cifs/sess.c |
3430 |
+@@ -398,6 +398,12 @@ int build_ntlmssp_auth_blob(unsigned char **pbuffer, |
3431 |
+ goto setup_ntlmv2_ret; |
3432 |
+ } |
3433 |
+ *pbuffer = kmalloc(size_of_ntlmssp_blob(ses), GFP_KERNEL); |
3434 |
++ if (!*pbuffer) { |
3435 |
++ rc = -ENOMEM; |
3436 |
++ cifs_dbg(VFS, "Error %d during NTLMSSP allocation\n", rc); |
3437 |
++ *buflen = 0; |
3438 |
++ goto setup_ntlmv2_ret; |
3439 |
++ } |
3440 |
+ sec_blob = (AUTHENTICATE_MESSAGE *)*pbuffer; |
3441 |
+ |
3442 |
+ memcpy(sec_blob->Signature, NTLMSSP_SIGNATURE, 8); |
3443 |
+diff --git a/fs/cifs/smb2inode.c b/fs/cifs/smb2inode.c |
3444 |
+index d01ad706d7fc..1eef1791d0c4 100644 |
3445 |
+--- a/fs/cifs/smb2inode.c |
3446 |
++++ b/fs/cifs/smb2inode.c |
3447 |
+@@ -120,7 +120,9 @@ smb2_open_op_close(const unsigned int xid, struct cifs_tcon *tcon, |
3448 |
+ break; |
3449 |
+ } |
3450 |
+ |
3451 |
+- if (use_cached_root_handle == false) |
3452 |
++ if (use_cached_root_handle) |
3453 |
++ close_shroot(&tcon->crfid); |
3454 |
++ else |
3455 |
+ rc = SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); |
3456 |
+ if (tmprc) |
3457 |
+ rc = tmprc; |
3458 |
+@@ -281,7 +283,7 @@ smb2_set_file_info(struct inode *inode, const char *full_path, |
3459 |
+ int rc; |
3460 |
+ |
3461 |
+ if ((buf->CreationTime == 0) && (buf->LastAccessTime == 0) && |
3462 |
+- (buf->LastWriteTime == 0) && (buf->ChangeTime) && |
3463 |
++ (buf->LastWriteTime == 0) && (buf->ChangeTime == 0) && |
3464 |
+ (buf->Attributes == 0)) |
3465 |
+ return 0; /* would be a no op, no sense sending this */ |
3466 |
+ |
3467 |
+diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c |
3468 |
+index ea92a38b2f08..ee6c4a952ce9 100644 |
3469 |
+--- a/fs/cifs/smb2ops.c |
3470 |
++++ b/fs/cifs/smb2ops.c |
3471 |
+@@ -466,21 +466,36 @@ out: |
3472 |
+ return rc; |
3473 |
+ } |
3474 |
+ |
3475 |
+-void |
3476 |
+-smb2_cached_lease_break(struct work_struct *work) |
3477 |
++static void |
3478 |
++smb2_close_cached_fid(struct kref *ref) |
3479 |
+ { |
3480 |
+- struct cached_fid *cfid = container_of(work, |
3481 |
+- struct cached_fid, lease_break); |
3482 |
+- mutex_lock(&cfid->fid_mutex); |
3483 |
++ struct cached_fid *cfid = container_of(ref, struct cached_fid, |
3484 |
++ refcount); |
3485 |
++ |
3486 |
+ if (cfid->is_valid) { |
3487 |
+ cifs_dbg(FYI, "clear cached root file handle\n"); |
3488 |
+ SMB2_close(0, cfid->tcon, cfid->fid->persistent_fid, |
3489 |
+ cfid->fid->volatile_fid); |
3490 |
+ cfid->is_valid = false; |
3491 |
+ } |
3492 |
++} |
3493 |
++ |
3494 |
++void close_shroot(struct cached_fid *cfid) |
3495 |
++{ |
3496 |
++ mutex_lock(&cfid->fid_mutex); |
3497 |
++ kref_put(&cfid->refcount, smb2_close_cached_fid); |
3498 |
+ mutex_unlock(&cfid->fid_mutex); |
3499 |
+ } |
3500 |
+ |
3501 |
++void |
3502 |
++smb2_cached_lease_break(struct work_struct *work) |
3503 |
++{ |
3504 |
++ struct cached_fid *cfid = container_of(work, |
3505 |
++ struct cached_fid, lease_break); |
3506 |
++ |
3507 |
++ close_shroot(cfid); |
3508 |
++} |
3509 |
++ |
3510 |
+ /* |
3511 |
+ * Open the directory at the root of a share |
3512 |
+ */ |
3513 |
+@@ -495,6 +510,7 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid) |
3514 |
+ if (tcon->crfid.is_valid) { |
3515 |
+ cifs_dbg(FYI, "found a cached root file handle\n"); |
3516 |
+ memcpy(pfid, tcon->crfid.fid, sizeof(struct cifs_fid)); |
3517 |
++ kref_get(&tcon->crfid.refcount); |
3518 |
+ mutex_unlock(&tcon->crfid.fid_mutex); |
3519 |
+ return 0; |
3520 |
+ } |
3521 |
+@@ -511,6 +527,8 @@ int open_shroot(unsigned int xid, struct cifs_tcon *tcon, struct cifs_fid *pfid) |
3522 |
+ memcpy(tcon->crfid.fid, pfid, sizeof(struct cifs_fid)); |
3523 |
+ tcon->crfid.tcon = tcon; |
3524 |
+ tcon->crfid.is_valid = true; |
3525 |
++ kref_init(&tcon->crfid.refcount); |
3526 |
++ kref_get(&tcon->crfid.refcount); |
3527 |
+ } |
3528 |
+ mutex_unlock(&tcon->crfid.fid_mutex); |
3529 |
+ return rc; |
3530 |
+@@ -548,10 +566,15 @@ smb3_qfs_tcon(const unsigned int xid, struct cifs_tcon *tcon) |
3531 |
+ FS_ATTRIBUTE_INFORMATION); |
3532 |
+ SMB2_QFS_attr(xid, tcon, fid.persistent_fid, fid.volatile_fid, |
3533 |
+ FS_DEVICE_INFORMATION); |
3534 |
++ SMB2_QFS_attr(xid, tcon, fid.persistent_fid, fid.volatile_fid, |
3535 |
++ FS_VOLUME_INFORMATION); |
3536 |
+ SMB2_QFS_attr(xid, tcon, fid.persistent_fid, fid.volatile_fid, |
3537 |
+ FS_SECTOR_SIZE_INFORMATION); /* SMB3 specific */ |
3538 |
+ if (no_cached_open) |
3539 |
+ SMB2_close(xid, tcon, fid.persistent_fid, fid.volatile_fid); |
3540 |
++ else |
3541 |
++ close_shroot(&tcon->crfid); |
3542 |
++ |
3543 |
+ return; |
3544 |
+ } |
3545 |
+ |
3546 |
+@@ -1353,6 +1376,13 @@ smb3_set_integrity(const unsigned int xid, struct cifs_tcon *tcon, |
3547 |
+ |
3548 |
+ } |
3549 |
+ |
3550 |
++/* GMT Token is @GMT-YYYY.MM.DD-HH.MM.SS Unicode which is 48 bytes + null */ |
3551 |
++#define GMT_TOKEN_SIZE 50 |
3552 |
++ |
3553 |
++/* |
3554 |
++ * Input buffer contains (empty) struct smb_snapshot array with size filled in |
3555 |
++ * For output see struct SRV_SNAPSHOT_ARRAY in MS-SMB2 section 2.2.32.2 |
3556 |
++ */ |
3557 |
+ static int |
3558 |
+ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon, |
3559 |
+ struct cifsFileInfo *cfile, void __user *ioc_buf) |
3560 |
+@@ -1382,14 +1412,27 @@ smb3_enum_snapshots(const unsigned int xid, struct cifs_tcon *tcon, |
3561 |
+ kfree(retbuf); |
3562 |
+ return rc; |
3563 |
+ } |
3564 |
+- if (snapshot_in.snapshot_array_size < sizeof(struct smb_snapshot_array)) { |
3565 |
+- rc = -ERANGE; |
3566 |
+- kfree(retbuf); |
3567 |
+- return rc; |
3568 |
+- } |
3569 |
+ |
3570 |
+- if (ret_data_len > snapshot_in.snapshot_array_size) |
3571 |
+- ret_data_len = snapshot_in.snapshot_array_size; |
3572 |
++ /* |
3573 |
++ * Check for min size, ie not large enough to fit even one GMT |
3574 |
++ * token (snapshot). On the first ioctl some users may pass in |
3575 |
++ * smaller size (or zero) to simply get the size of the array |
3576 |
++ * so the user space caller can allocate sufficient memory |
3577 |
++ * and retry the ioctl again with larger array size sufficient |
3578 |
++ * to hold all of the snapshot GMT tokens on the second try. |
3579 |
++ */ |
3580 |
++ if (snapshot_in.snapshot_array_size < GMT_TOKEN_SIZE) |
3581 |
++ ret_data_len = sizeof(struct smb_snapshot_array); |
3582 |
++ |
3583 |
++ /* |
3584 |
++ * We return struct SRV_SNAPSHOT_ARRAY, followed by |
3585 |
++ * the snapshot array (of 50 byte GMT tokens) each |
3586 |
++ * representing an available previous version of the data |
3587 |
++ */ |
3588 |
++ if (ret_data_len > (snapshot_in.snapshot_array_size + |
3589 |
++ sizeof(struct smb_snapshot_array))) |
3590 |
++ ret_data_len = snapshot_in.snapshot_array_size + |
3591 |
++ sizeof(struct smb_snapshot_array); |
3592 |
+ |
3593 |
+ if (copy_to_user(ioc_buf, retbuf, ret_data_len)) |
3594 |
+ rc = -EFAULT; |
3595 |
+@@ -3366,6 +3409,11 @@ struct smb_version_operations smb311_operations = { |
3596 |
+ .query_all_EAs = smb2_query_eas, |
3597 |
+ .set_EA = smb2_set_ea, |
3598 |
+ #endif /* CIFS_XATTR */ |
3599 |
++#ifdef CONFIG_CIFS_ACL |
3600 |
++ .get_acl = get_smb2_acl, |
3601 |
++ .get_acl_by_fid = get_smb2_acl_by_fid, |
3602 |
++ .set_acl = set_smb2_acl, |
3603 |
++#endif /* CIFS_ACL */ |
3604 |
+ .next_header = smb2_next_header, |
3605 |
+ }; |
3606 |
+ #endif /* CIFS_SMB311 */ |
3607 |
+diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c |
3608 |
+index 3c92678cb45b..ffce77e00a58 100644 |
3609 |
+--- a/fs/cifs/smb2pdu.c |
3610 |
++++ b/fs/cifs/smb2pdu.c |
3611 |
+@@ -4046,6 +4046,9 @@ SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon, |
3612 |
+ } else if (level == FS_SECTOR_SIZE_INFORMATION) { |
3613 |
+ max_len = sizeof(struct smb3_fs_ss_info); |
3614 |
+ min_len = sizeof(struct smb3_fs_ss_info); |
3615 |
++ } else if (level == FS_VOLUME_INFORMATION) { |
3616 |
++ max_len = sizeof(struct smb3_fs_vol_info) + MAX_VOL_LABEL_LEN; |
3617 |
++ min_len = sizeof(struct smb3_fs_vol_info); |
3618 |
+ } else { |
3619 |
+ cifs_dbg(FYI, "Invalid qfsinfo level %d\n", level); |
3620 |
+ return -EINVAL; |
3621 |
+@@ -4090,6 +4093,11 @@ SMB2_QFS_attr(const unsigned int xid, struct cifs_tcon *tcon, |
3622 |
+ tcon->ss_flags = le32_to_cpu(ss_info->Flags); |
3623 |
+ tcon->perf_sector_size = |
3624 |
+ le32_to_cpu(ss_info->PhysicalBytesPerSectorForPerf); |
3625 |
++ } else if (level == FS_VOLUME_INFORMATION) { |
3626 |
++ struct smb3_fs_vol_info *vol_info = (struct smb3_fs_vol_info *) |
3627 |
++ (offset + (char *)rsp); |
3628 |
++ tcon->vol_serial_number = vol_info->VolumeSerialNumber; |
3629 |
++ tcon->vol_create_time = vol_info->VolumeCreationTime; |
3630 |
+ } |
3631 |
+ |
3632 |
+ qfsattr_exit: |
3633 |
+diff --git a/fs/cifs/smb2pdu.h b/fs/cifs/smb2pdu.h |
3634 |
+index a671adcc44a6..c2a4526512b5 100644 |
3635 |
+--- a/fs/cifs/smb2pdu.h |
3636 |
++++ b/fs/cifs/smb2pdu.h |
3637 |
+@@ -1248,6 +1248,17 @@ struct smb3_fs_ss_info { |
3638 |
+ __le32 ByteOffsetForPartitionAlignment; |
3639 |
+ } __packed; |
3640 |
+ |
3641 |
++/* volume info struct - see MS-FSCC 2.5.9 */ |
3642 |
++#define MAX_VOL_LABEL_LEN 32 |
3643 |
++struct smb3_fs_vol_info { |
3644 |
++ __le64 VolumeCreationTime; |
3645 |
++ __u32 VolumeSerialNumber; |
3646 |
++ __le32 VolumeLabelLength; /* includes trailing null */ |
3647 |
++ __u8 SupportsObjects; /* True if eg like NTFS, supports objects */ |
3648 |
++ __u8 Reserved; |
3649 |
++ __u8 VolumeLabel[0]; /* variable len */ |
3650 |
++} __packed; |
3651 |
++ |
3652 |
+ /* partial list of QUERY INFO levels */ |
3653 |
+ #define FILE_DIRECTORY_INFORMATION 1 |
3654 |
+ #define FILE_FULL_DIRECTORY_INFORMATION 2 |
3655 |
+diff --git a/fs/cifs/smb2proto.h b/fs/cifs/smb2proto.h |
3656 |
+index 6e6a4f2ec890..c1520b48d1e1 100644 |
3657 |
+--- a/fs/cifs/smb2proto.h |
3658 |
++++ b/fs/cifs/smb2proto.h |
3659 |
+@@ -68,6 +68,7 @@ extern int smb3_handle_read_data(struct TCP_Server_Info *server, |
3660 |
+ |
3661 |
+ extern int open_shroot(unsigned int xid, struct cifs_tcon *tcon, |
3662 |
+ struct cifs_fid *pfid); |
3663 |
++extern void close_shroot(struct cached_fid *cfid); |
3664 |
+ extern void move_smb2_info_to_cifs(FILE_ALL_INFO *dst, |
3665 |
+ struct smb2_file_all_info *src); |
3666 |
+ extern int smb2_query_path_info(const unsigned int xid, struct cifs_tcon *tcon, |
3667 |
+diff --git a/fs/cifs/smb2transport.c b/fs/cifs/smb2transport.c |
3668 |
+index 719d55e63d88..bf61c3774830 100644 |
3669 |
+--- a/fs/cifs/smb2transport.c |
3670 |
++++ b/fs/cifs/smb2transport.c |
3671 |
+@@ -173,7 +173,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) |
3672 |
+ struct kvec *iov = rqst->rq_iov; |
3673 |
+ struct smb2_sync_hdr *shdr = (struct smb2_sync_hdr *)iov[0].iov_base; |
3674 |
+ struct cifs_ses *ses; |
3675 |
+- struct shash_desc *shash = &server->secmech.sdeschmacsha256->shash; |
3676 |
++ struct shash_desc *shash; |
3677 |
+ struct smb_rqst drqst; |
3678 |
+ |
3679 |
+ ses = smb2_find_smb_ses(server, shdr->SessionId); |
3680 |
+@@ -187,7 +187,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) |
3681 |
+ |
3682 |
+ rc = smb2_crypto_shash_allocate(server); |
3683 |
+ if (rc) { |
3684 |
+- cifs_dbg(VFS, "%s: shah256 alloc failed\n", __func__); |
3685 |
++ cifs_dbg(VFS, "%s: sha256 alloc failed\n", __func__); |
3686 |
+ return rc; |
3687 |
+ } |
3688 |
+ |
3689 |
+@@ -198,6 +198,7 @@ smb2_calc_signature(struct smb_rqst *rqst, struct TCP_Server_Info *server) |
3690 |
+ return rc; |
3691 |
+ } |
3692 |
+ |
3693 |
++ shash = &server->secmech.sdeschmacsha256->shash; |
3694 |
+ rc = crypto_shash_init(shash); |
3695 |
+ if (rc) { |
3696 |
+ cifs_dbg(VFS, "%s: Could not init sha256", __func__); |
3697 |
+diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c |
3698 |
+index aa52d87985aa..e5d6ee61ff48 100644 |
3699 |
+--- a/fs/ext4/balloc.c |
3700 |
++++ b/fs/ext4/balloc.c |
3701 |
+@@ -426,9 +426,9 @@ ext4_read_block_bitmap_nowait(struct super_block *sb, ext4_group_t block_group) |
3702 |
+ } |
3703 |
+ bh = sb_getblk(sb, bitmap_blk); |
3704 |
+ if (unlikely(!bh)) { |
3705 |
+- ext4_error(sb, "Cannot get buffer for block bitmap - " |
3706 |
+- "block_group = %u, block_bitmap = %llu", |
3707 |
+- block_group, bitmap_blk); |
3708 |
++ ext4_warning(sb, "Cannot get buffer for block bitmap - " |
3709 |
++ "block_group = %u, block_bitmap = %llu", |
3710 |
++ block_group, bitmap_blk); |
3711 |
+ return ERR_PTR(-ENOMEM); |
3712 |
+ } |
3713 |
+ |
3714 |
+diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c |
3715 |
+index f336cbc6e932..796aa609bcb9 100644 |
3716 |
+--- a/fs/ext4/ialloc.c |
3717 |
++++ b/fs/ext4/ialloc.c |
3718 |
+@@ -138,9 +138,9 @@ ext4_read_inode_bitmap(struct super_block *sb, ext4_group_t block_group) |
3719 |
+ } |
3720 |
+ bh = sb_getblk(sb, bitmap_blk); |
3721 |
+ if (unlikely(!bh)) { |
3722 |
+- ext4_error(sb, "Cannot read inode bitmap - " |
3723 |
+- "block_group = %u, inode_bitmap = %llu", |
3724 |
+- block_group, bitmap_blk); |
3725 |
++ ext4_warning(sb, "Cannot read inode bitmap - " |
3726 |
++ "block_group = %u, inode_bitmap = %llu", |
3727 |
++ block_group, bitmap_blk); |
3728 |
+ return ERR_PTR(-ENOMEM); |
3729 |
+ } |
3730 |
+ if (bitmap_uptodate(bh)) |
3731 |
+diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c |
3732 |
+index 2a4c25c4681d..116ff68c5bd4 100644 |
3733 |
+--- a/fs/ext4/namei.c |
3734 |
++++ b/fs/ext4/namei.c |
3735 |
+@@ -1398,6 +1398,7 @@ static struct buffer_head * ext4_find_entry (struct inode *dir, |
3736 |
+ goto cleanup_and_exit; |
3737 |
+ dxtrace(printk(KERN_DEBUG "ext4_find_entry: dx failed, " |
3738 |
+ "falling back\n")); |
3739 |
++ ret = NULL; |
3740 |
+ } |
3741 |
+ nblocks = dir->i_size >> EXT4_BLOCK_SIZE_BITS(sb); |
3742 |
+ if (!nblocks) { |
3743 |
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c |
3744 |
+index b7f7922061be..130c12974e28 100644 |
3745 |
+--- a/fs/ext4/super.c |
3746 |
++++ b/fs/ext4/super.c |
3747 |
+@@ -776,26 +776,26 @@ void ext4_mark_group_bitmap_corrupted(struct super_block *sb, |
3748 |
+ struct ext4_sb_info *sbi = EXT4_SB(sb); |
3749 |
+ struct ext4_group_info *grp = ext4_get_group_info(sb, group); |
3750 |
+ struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); |
3751 |
++ int ret; |
3752 |
+ |
3753 |
+- if ((flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) && |
3754 |
+- !EXT4_MB_GRP_BBITMAP_CORRUPT(grp)) { |
3755 |
+- percpu_counter_sub(&sbi->s_freeclusters_counter, |
3756 |
+- grp->bb_free); |
3757 |
+- set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, |
3758 |
+- &grp->bb_state); |
3759 |
++ if (flags & EXT4_GROUP_INFO_BBITMAP_CORRUPT) { |
3760 |
++ ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_BBITMAP_CORRUPT_BIT, |
3761 |
++ &grp->bb_state); |
3762 |
++ if (!ret) |
3763 |
++ percpu_counter_sub(&sbi->s_freeclusters_counter, |
3764 |
++ grp->bb_free); |
3765 |
+ } |
3766 |
+ |
3767 |
+- if ((flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) && |
3768 |
+- !EXT4_MB_GRP_IBITMAP_CORRUPT(grp)) { |
3769 |
+- if (gdp) { |
3770 |
++ if (flags & EXT4_GROUP_INFO_IBITMAP_CORRUPT) { |
3771 |
++ ret = ext4_test_and_set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, |
3772 |
++ &grp->bb_state); |
3773 |
++ if (!ret && gdp) { |
3774 |
+ int count; |
3775 |
+ |
3776 |
+ count = ext4_free_inodes_count(sb, gdp); |
3777 |
+ percpu_counter_sub(&sbi->s_freeinodes_counter, |
3778 |
+ count); |
3779 |
+ } |
3780 |
+- set_bit(EXT4_GROUP_INFO_IBITMAP_CORRUPT_BIT, |
3781 |
+- &grp->bb_state); |
3782 |
+ } |
3783 |
+ } |
3784 |
+ |
3785 |
+diff --git a/fs/ext4/sysfs.c b/fs/ext4/sysfs.c |
3786 |
+index f34da0bb8f17..b970a200f20c 100644 |
3787 |
+--- a/fs/ext4/sysfs.c |
3788 |
++++ b/fs/ext4/sysfs.c |
3789 |
+@@ -274,8 +274,12 @@ static ssize_t ext4_attr_show(struct kobject *kobj, |
3790 |
+ case attr_pointer_ui: |
3791 |
+ if (!ptr) |
3792 |
+ return 0; |
3793 |
+- return snprintf(buf, PAGE_SIZE, "%u\n", |
3794 |
+- *((unsigned int *) ptr)); |
3795 |
++ if (a->attr_ptr == ptr_ext4_super_block_offset) |
3796 |
++ return snprintf(buf, PAGE_SIZE, "%u\n", |
3797 |
++ le32_to_cpup(ptr)); |
3798 |
++ else |
3799 |
++ return snprintf(buf, PAGE_SIZE, "%u\n", |
3800 |
++ *((unsigned int *) ptr)); |
3801 |
+ case attr_pointer_atomic: |
3802 |
+ if (!ptr) |
3803 |
+ return 0; |
3804 |
+@@ -308,7 +312,10 @@ static ssize_t ext4_attr_store(struct kobject *kobj, |
3805 |
+ ret = kstrtoul(skip_spaces(buf), 0, &t); |
3806 |
+ if (ret) |
3807 |
+ return ret; |
3808 |
+- *((unsigned int *) ptr) = t; |
3809 |
++ if (a->attr_ptr == ptr_ext4_super_block_offset) |
3810 |
++ *((__le32 *) ptr) = cpu_to_le32(t); |
3811 |
++ else |
3812 |
++ *((unsigned int *) ptr) = t; |
3813 |
+ return len; |
3814 |
+ case attr_inode_readahead: |
3815 |
+ return inode_readahead_blks_store(sbi, buf, len); |
3816 |
+diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c |
3817 |
+index 723df14f4084..f36fc5d5b257 100644 |
3818 |
+--- a/fs/ext4/xattr.c |
3819 |
++++ b/fs/ext4/xattr.c |
3820 |
+@@ -190,6 +190,8 @@ ext4_xattr_check_entries(struct ext4_xattr_entry *entry, void *end, |
3821 |
+ struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e); |
3822 |
+ if ((void *)next >= end) |
3823 |
+ return -EFSCORRUPTED; |
3824 |
++ if (strnlen(e->e_name, e->e_name_len) != e->e_name_len) |
3825 |
++ return -EFSCORRUPTED; |
3826 |
+ e = next; |
3827 |
+ } |
3828 |
+ |
3829 |
+diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c |
3830 |
+index c6b88fa85e2e..4a9ace7280b9 100644 |
3831 |
+--- a/fs/fuse/dev.c |
3832 |
++++ b/fs/fuse/dev.c |
3833 |
+@@ -127,6 +127,16 @@ static bool fuse_block_alloc(struct fuse_conn *fc, bool for_background) |
3834 |
+ return !fc->initialized || (for_background && fc->blocked); |
3835 |
+ } |
3836 |
+ |
3837 |
++static void fuse_drop_waiting(struct fuse_conn *fc) |
3838 |
++{ |
3839 |
++ if (fc->connected) { |
3840 |
++ atomic_dec(&fc->num_waiting); |
3841 |
++ } else if (atomic_dec_and_test(&fc->num_waiting)) { |
3842 |
++ /* wake up aborters */ |
3843 |
++ wake_up_all(&fc->blocked_waitq); |
3844 |
++ } |
3845 |
++} |
3846 |
++ |
3847 |
+ static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages, |
3848 |
+ bool for_background) |
3849 |
+ { |
3850 |
+@@ -175,7 +185,7 @@ static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages, |
3851 |
+ return req; |
3852 |
+ |
3853 |
+ out: |
3854 |
+- atomic_dec(&fc->num_waiting); |
3855 |
++ fuse_drop_waiting(fc); |
3856 |
+ return ERR_PTR(err); |
3857 |
+ } |
3858 |
+ |
3859 |
+@@ -285,7 +295,7 @@ void fuse_put_request(struct fuse_conn *fc, struct fuse_req *req) |
3860 |
+ |
3861 |
+ if (test_bit(FR_WAITING, &req->flags)) { |
3862 |
+ __clear_bit(FR_WAITING, &req->flags); |
3863 |
+- atomic_dec(&fc->num_waiting); |
3864 |
++ fuse_drop_waiting(fc); |
3865 |
+ } |
3866 |
+ |
3867 |
+ if (req->stolen_file) |
3868 |
+@@ -371,7 +381,7 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req) |
3869 |
+ struct fuse_iqueue *fiq = &fc->iq; |
3870 |
+ |
3871 |
+ if (test_and_set_bit(FR_FINISHED, &req->flags)) |
3872 |
+- return; |
3873 |
++ goto put_request; |
3874 |
+ |
3875 |
+ spin_lock(&fiq->waitq.lock); |
3876 |
+ list_del_init(&req->intr_entry); |
3877 |
+@@ -400,6 +410,7 @@ static void request_end(struct fuse_conn *fc, struct fuse_req *req) |
3878 |
+ wake_up(&req->waitq); |
3879 |
+ if (req->end) |
3880 |
+ req->end(fc, req); |
3881 |
++put_request: |
3882 |
+ fuse_put_request(fc, req); |
3883 |
+ } |
3884 |
+ |
3885 |
+@@ -1944,12 +1955,15 @@ static ssize_t fuse_dev_splice_write(struct pipe_inode_info *pipe, |
3886 |
+ if (!fud) |
3887 |
+ return -EPERM; |
3888 |
+ |
3889 |
++ pipe_lock(pipe); |
3890 |
++ |
3891 |
+ bufs = kmalloc_array(pipe->buffers, sizeof(struct pipe_buffer), |
3892 |
+ GFP_KERNEL); |
3893 |
+- if (!bufs) |
3894 |
++ if (!bufs) { |
3895 |
++ pipe_unlock(pipe); |
3896 |
+ return -ENOMEM; |
3897 |
++ } |
3898 |
+ |
3899 |
+- pipe_lock(pipe); |
3900 |
+ nbuf = 0; |
3901 |
+ rem = 0; |
3902 |
+ for (idx = 0; idx < pipe->nrbufs && rem < len; idx++) |
3903 |
+@@ -2105,6 +2119,7 @@ void fuse_abort_conn(struct fuse_conn *fc, bool is_abort) |
3904 |
+ set_bit(FR_ABORTED, &req->flags); |
3905 |
+ if (!test_bit(FR_LOCKED, &req->flags)) { |
3906 |
+ set_bit(FR_PRIVATE, &req->flags); |
3907 |
++ __fuse_get_request(req); |
3908 |
+ list_move(&req->list, &to_end1); |
3909 |
+ } |
3910 |
+ spin_unlock(&req->waitq.lock); |
3911 |
+@@ -2131,7 +2146,6 @@ void fuse_abort_conn(struct fuse_conn *fc, bool is_abort) |
3912 |
+ |
3913 |
+ while (!list_empty(&to_end1)) { |
3914 |
+ req = list_first_entry(&to_end1, struct fuse_req, list); |
3915 |
+- __fuse_get_request(req); |
3916 |
+ list_del_init(&req->list); |
3917 |
+ request_end(fc, req); |
3918 |
+ } |
3919 |
+@@ -2142,6 +2156,11 @@ void fuse_abort_conn(struct fuse_conn *fc, bool is_abort) |
3920 |
+ } |
3921 |
+ EXPORT_SYMBOL_GPL(fuse_abort_conn); |
3922 |
+ |
3923 |
++void fuse_wait_aborted(struct fuse_conn *fc) |
3924 |
++{ |
3925 |
++ wait_event(fc->blocked_waitq, atomic_read(&fc->num_waiting) == 0); |
3926 |
++} |
3927 |
++ |
3928 |
+ int fuse_dev_release(struct inode *inode, struct file *file) |
3929 |
+ { |
3930 |
+ struct fuse_dev *fud = fuse_get_dev(file); |
3931 |
+@@ -2149,9 +2168,15 @@ int fuse_dev_release(struct inode *inode, struct file *file) |
3932 |
+ if (fud) { |
3933 |
+ struct fuse_conn *fc = fud->fc; |
3934 |
+ struct fuse_pqueue *fpq = &fud->pq; |
3935 |
++ LIST_HEAD(to_end); |
3936 |
+ |
3937 |
++ spin_lock(&fpq->lock); |
3938 |
+ WARN_ON(!list_empty(&fpq->io)); |
3939 |
+- end_requests(fc, &fpq->processing); |
3940 |
++ list_splice_init(&fpq->processing, &to_end); |
3941 |
++ spin_unlock(&fpq->lock); |
3942 |
++ |
3943 |
++ end_requests(fc, &to_end); |
3944 |
++ |
3945 |
+ /* Are we the last open device? */ |
3946 |
+ if (atomic_dec_and_test(&fc->dev_count)) { |
3947 |
+ WARN_ON(fc->iq.fasync != NULL); |
3948 |
+diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c |
3949 |
+index 56231b31f806..606909ed5f21 100644 |
3950 |
+--- a/fs/fuse/dir.c |
3951 |
++++ b/fs/fuse/dir.c |
3952 |
+@@ -355,11 +355,12 @@ static struct dentry *fuse_lookup(struct inode *dir, struct dentry *entry, |
3953 |
+ struct inode *inode; |
3954 |
+ struct dentry *newent; |
3955 |
+ bool outarg_valid = true; |
3956 |
++ bool locked; |
3957 |
+ |
3958 |
+- fuse_lock_inode(dir); |
3959 |
++ locked = fuse_lock_inode(dir); |
3960 |
+ err = fuse_lookup_name(dir->i_sb, get_node_id(dir), &entry->d_name, |
3961 |
+ &outarg, &inode); |
3962 |
+- fuse_unlock_inode(dir); |
3963 |
++ fuse_unlock_inode(dir, locked); |
3964 |
+ if (err == -ENOENT) { |
3965 |
+ outarg_valid = false; |
3966 |
+ err = 0; |
3967 |
+@@ -1340,6 +1341,7 @@ static int fuse_readdir(struct file *file, struct dir_context *ctx) |
3968 |
+ struct fuse_conn *fc = get_fuse_conn(inode); |
3969 |
+ struct fuse_req *req; |
3970 |
+ u64 attr_version = 0; |
3971 |
++ bool locked; |
3972 |
+ |
3973 |
+ if (is_bad_inode(inode)) |
3974 |
+ return -EIO; |
3975 |
+@@ -1367,9 +1369,9 @@ static int fuse_readdir(struct file *file, struct dir_context *ctx) |
3976 |
+ fuse_read_fill(req, file, ctx->pos, PAGE_SIZE, |
3977 |
+ FUSE_READDIR); |
3978 |
+ } |
3979 |
+- fuse_lock_inode(inode); |
3980 |
++ locked = fuse_lock_inode(inode); |
3981 |
+ fuse_request_send(fc, req); |
3982 |
+- fuse_unlock_inode(inode); |
3983 |
++ fuse_unlock_inode(inode, locked); |
3984 |
+ nbytes = req->out.args[0].size; |
3985 |
+ err = req->out.h.error; |
3986 |
+ fuse_put_request(fc, req); |
3987 |
+diff --git a/fs/fuse/file.c b/fs/fuse/file.c |
3988 |
+index a201fb0ac64f..aa23749a943b 100644 |
3989 |
+--- a/fs/fuse/file.c |
3990 |
++++ b/fs/fuse/file.c |
3991 |
+@@ -866,6 +866,7 @@ static int fuse_readpages_fill(void *_data, struct page *page) |
3992 |
+ } |
3993 |
+ |
3994 |
+ if (WARN_ON(req->num_pages >= req->max_pages)) { |
3995 |
++ unlock_page(page); |
3996 |
+ fuse_put_request(fc, req); |
3997 |
+ return -EIO; |
3998 |
+ } |
3999 |
+diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h |
4000 |
+index 5256ad333b05..f78e9614bb5f 100644 |
4001 |
+--- a/fs/fuse/fuse_i.h |
4002 |
++++ b/fs/fuse/fuse_i.h |
4003 |
+@@ -862,6 +862,7 @@ void fuse_request_send_background_locked(struct fuse_conn *fc, |
4004 |
+ |
4005 |
+ /* Abort all requests */ |
4006 |
+ void fuse_abort_conn(struct fuse_conn *fc, bool is_abort); |
4007 |
++void fuse_wait_aborted(struct fuse_conn *fc); |
4008 |
+ |
4009 |
+ /** |
4010 |
+ * Invalidate inode attributes |
4011 |
+@@ -974,8 +975,8 @@ int fuse_do_setattr(struct dentry *dentry, struct iattr *attr, |
4012 |
+ |
4013 |
+ void fuse_set_initialized(struct fuse_conn *fc); |
4014 |
+ |
4015 |
+-void fuse_unlock_inode(struct inode *inode); |
4016 |
+-void fuse_lock_inode(struct inode *inode); |
4017 |
++void fuse_unlock_inode(struct inode *inode, bool locked); |
4018 |
++bool fuse_lock_inode(struct inode *inode); |
4019 |
+ |
4020 |
+ int fuse_setxattr(struct inode *inode, const char *name, const void *value, |
4021 |
+ size_t size, int flags); |
4022 |
+diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c |
4023 |
+index a24df8861b40..2dbd487390a3 100644 |
4024 |
+--- a/fs/fuse/inode.c |
4025 |
++++ b/fs/fuse/inode.c |
4026 |
+@@ -357,15 +357,21 @@ int fuse_reverse_inval_inode(struct super_block *sb, u64 nodeid, |
4027 |
+ return 0; |
4028 |
+ } |
4029 |
+ |
4030 |
+-void fuse_lock_inode(struct inode *inode) |
4031 |
++bool fuse_lock_inode(struct inode *inode) |
4032 |
+ { |
4033 |
+- if (!get_fuse_conn(inode)->parallel_dirops) |
4034 |
++ bool locked = false; |
4035 |
++ |
4036 |
++ if (!get_fuse_conn(inode)->parallel_dirops) { |
4037 |
+ mutex_lock(&get_fuse_inode(inode)->mutex); |
4038 |
++ locked = true; |
4039 |
++ } |
4040 |
++ |
4041 |
++ return locked; |
4042 |
+ } |
4043 |
+ |
4044 |
+-void fuse_unlock_inode(struct inode *inode) |
4045 |
++void fuse_unlock_inode(struct inode *inode, bool locked) |
4046 |
+ { |
4047 |
+- if (!get_fuse_conn(inode)->parallel_dirops) |
4048 |
++ if (locked) |
4049 |
+ mutex_unlock(&get_fuse_inode(inode)->mutex); |
4050 |
+ } |
4051 |
+ |
4052 |
+@@ -391,9 +397,6 @@ static void fuse_put_super(struct super_block *sb) |
4053 |
+ { |
4054 |
+ struct fuse_conn *fc = get_fuse_conn_super(sb); |
4055 |
+ |
4056 |
+- fuse_send_destroy(fc); |
4057 |
+- |
4058 |
+- fuse_abort_conn(fc, false); |
4059 |
+ mutex_lock(&fuse_mutex); |
4060 |
+ list_del(&fc->entry); |
4061 |
+ fuse_ctl_remove_conn(fc); |
4062 |
+@@ -1210,16 +1213,25 @@ static struct dentry *fuse_mount(struct file_system_type *fs_type, |
4063 |
+ return mount_nodev(fs_type, flags, raw_data, fuse_fill_super); |
4064 |
+ } |
4065 |
+ |
4066 |
+-static void fuse_kill_sb_anon(struct super_block *sb) |
4067 |
++static void fuse_sb_destroy(struct super_block *sb) |
4068 |
+ { |
4069 |
+ struct fuse_conn *fc = get_fuse_conn_super(sb); |
4070 |
+ |
4071 |
+ if (fc) { |
4072 |
++ fuse_send_destroy(fc); |
4073 |
++ |
4074 |
++ fuse_abort_conn(fc, false); |
4075 |
++ fuse_wait_aborted(fc); |
4076 |
++ |
4077 |
+ down_write(&fc->killsb); |
4078 |
+ fc->sb = NULL; |
4079 |
+ up_write(&fc->killsb); |
4080 |
+ } |
4081 |
++} |
4082 |
+ |
4083 |
++static void fuse_kill_sb_anon(struct super_block *sb) |
4084 |
++{ |
4085 |
++ fuse_sb_destroy(sb); |
4086 |
+ kill_anon_super(sb); |
4087 |
+ } |
4088 |
+ |
4089 |
+@@ -1242,14 +1254,7 @@ static struct dentry *fuse_mount_blk(struct file_system_type *fs_type, |
4090 |
+ |
4091 |
+ static void fuse_kill_sb_blk(struct super_block *sb) |
4092 |
+ { |
4093 |
+- struct fuse_conn *fc = get_fuse_conn_super(sb); |
4094 |
+- |
4095 |
+- if (fc) { |
4096 |
+- down_write(&fc->killsb); |
4097 |
+- fc->sb = NULL; |
4098 |
+- up_write(&fc->killsb); |
4099 |
+- } |
4100 |
+- |
4101 |
++ fuse_sb_destroy(sb); |
4102 |
+ kill_block_super(sb); |
4103 |
+ } |
4104 |
+ |
4105 |
+diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c |
4106 |
+index 5c13f29bfcdb..118fa197a35f 100644 |
4107 |
+--- a/fs/sysfs/file.c |
4108 |
++++ b/fs/sysfs/file.c |
4109 |
+@@ -405,6 +405,50 @@ int sysfs_chmod_file(struct kobject *kobj, const struct attribute *attr, |
4110 |
+ } |
4111 |
+ EXPORT_SYMBOL_GPL(sysfs_chmod_file); |
4112 |
+ |
4113 |
++/** |
4114 |
++ * sysfs_break_active_protection - break "active" protection |
4115 |
++ * @kobj: The kernel object @attr is associated with. |
4116 |
++ * @attr: The attribute to break the "active" protection for. |
4117 |
++ * |
4118 |
++ * With sysfs, just like kernfs, deletion of an attribute is postponed until |
4119 |
++ * all active .show() and .store() callbacks have finished unless this function |
4120 |
++ * is called. Hence this function is useful in methods that implement self |
4121 |
++ * deletion. |
4122 |
++ */ |
4123 |
++struct kernfs_node *sysfs_break_active_protection(struct kobject *kobj, |
4124 |
++ const struct attribute *attr) |
4125 |
++{ |
4126 |
++ struct kernfs_node *kn; |
4127 |
++ |
4128 |
++ kobject_get(kobj); |
4129 |
++ kn = kernfs_find_and_get(kobj->sd, attr->name); |
4130 |
++ if (kn) |
4131 |
++ kernfs_break_active_protection(kn); |
4132 |
++ return kn; |
4133 |
++} |
4134 |
++EXPORT_SYMBOL_GPL(sysfs_break_active_protection); |
4135 |
++ |
4136 |
++/** |
4137 |
++ * sysfs_unbreak_active_protection - restore "active" protection |
4138 |
++ * @kn: Pointer returned by sysfs_break_active_protection(). |
4139 |
++ * |
4140 |
++ * Undo the effects of sysfs_break_active_protection(). Since this function |
4141 |
++ * calls kernfs_put() on the kernfs node that corresponds to the 'attr' |
4142 |
++ * argument passed to sysfs_break_active_protection() that attribute may have |
4143 |
++ * been removed between the sysfs_break_active_protection() and |
4144 |
++ * sysfs_unbreak_active_protection() calls, it is not safe to access @kn after |
4145 |
++ * this function has returned. |
4146 |
++ */ |
4147 |
++void sysfs_unbreak_active_protection(struct kernfs_node *kn) |
4148 |
++{ |
4149 |
++ struct kobject *kobj = kn->parent->priv; |
4150 |
++ |
4151 |
++ kernfs_unbreak_active_protection(kn); |
4152 |
++ kernfs_put(kn); |
4153 |
++ kobject_put(kobj); |
4154 |
++} |
4155 |
++EXPORT_SYMBOL_GPL(sysfs_unbreak_active_protection); |
4156 |
++ |
4157 |
+ /** |
4158 |
+ * sysfs_remove_file_ns - remove an object attribute with a custom ns tag |
4159 |
+ * @kobj: object we're acting for |
4160 |
+diff --git a/include/drm/i915_drm.h b/include/drm/i915_drm.h |
4161 |
+index c9e5a6621b95..c44703f471b3 100644 |
4162 |
+--- a/include/drm/i915_drm.h |
4163 |
++++ b/include/drm/i915_drm.h |
4164 |
+@@ -95,7 +95,9 @@ extern struct resource intel_graphics_stolen_res; |
4165 |
+ #define I845_TSEG_SIZE_512K (2 << 1) |
4166 |
+ #define I845_TSEG_SIZE_1M (3 << 1) |
4167 |
+ |
4168 |
+-#define INTEL_BSM 0x5c |
4169 |
++#define INTEL_BSM 0x5c |
4170 |
++#define INTEL_GEN11_BSM_DW0 0xc0 |
4171 |
++#define INTEL_GEN11_BSM_DW1 0xc4 |
4172 |
+ #define INTEL_BSM_MASK (-(1u << 20)) |
4173 |
+ |
4174 |
+ #endif /* _I915_DRM_H_ */ |
4175 |
+diff --git a/include/linux/libata.h b/include/linux/libata.h |
4176 |
+index 32f247cb5e9e..bc4f87cbe7f4 100644 |
4177 |
+--- a/include/linux/libata.h |
4178 |
++++ b/include/linux/libata.h |
4179 |
+@@ -1111,6 +1111,8 @@ extern struct ata_host *ata_host_alloc(struct device *dev, int max_ports); |
4180 |
+ extern struct ata_host *ata_host_alloc_pinfo(struct device *dev, |
4181 |
+ const struct ata_port_info * const * ppi, int n_ports); |
4182 |
+ extern int ata_slave_link_init(struct ata_port *ap); |
4183 |
++extern void ata_host_get(struct ata_host *host); |
4184 |
++extern void ata_host_put(struct ata_host *host); |
4185 |
+ extern int ata_host_start(struct ata_host *host); |
4186 |
+ extern int ata_host_register(struct ata_host *host, |
4187 |
+ struct scsi_host_template *sht); |
4188 |
+diff --git a/include/linux/printk.h b/include/linux/printk.h |
4189 |
+index 6d7e800affd8..3ede9f46a494 100644 |
4190 |
+--- a/include/linux/printk.h |
4191 |
++++ b/include/linux/printk.h |
4192 |
+@@ -148,9 +148,13 @@ void early_printk(const char *s, ...) { } |
4193 |
+ #ifdef CONFIG_PRINTK_NMI |
4194 |
+ extern void printk_nmi_enter(void); |
4195 |
+ extern void printk_nmi_exit(void); |
4196 |
++extern void printk_nmi_direct_enter(void); |
4197 |
++extern void printk_nmi_direct_exit(void); |
4198 |
+ #else |
4199 |
+ static inline void printk_nmi_enter(void) { } |
4200 |
+ static inline void printk_nmi_exit(void) { } |
4201 |
++static inline void printk_nmi_direct_enter(void) { } |
4202 |
++static inline void printk_nmi_direct_exit(void) { } |
4203 |
+ #endif /* PRINTK_NMI */ |
4204 |
+ |
4205 |
+ #ifdef CONFIG_PRINTK |
4206 |
+diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h |
4207 |
+index b8bfdc173ec0..3c12198c0103 100644 |
4208 |
+--- a/include/linux/sysfs.h |
4209 |
++++ b/include/linux/sysfs.h |
4210 |
+@@ -237,6 +237,9 @@ int __must_check sysfs_create_files(struct kobject *kobj, |
4211 |
+ const struct attribute **attr); |
4212 |
+ int __must_check sysfs_chmod_file(struct kobject *kobj, |
4213 |
+ const struct attribute *attr, umode_t mode); |
4214 |
++struct kernfs_node *sysfs_break_active_protection(struct kobject *kobj, |
4215 |
++ const struct attribute *attr); |
4216 |
++void sysfs_unbreak_active_protection(struct kernfs_node *kn); |
4217 |
+ void sysfs_remove_file_ns(struct kobject *kobj, const struct attribute *attr, |
4218 |
+ const void *ns); |
4219 |
+ bool sysfs_remove_file_self(struct kobject *kobj, const struct attribute *attr); |
4220 |
+@@ -350,6 +353,17 @@ static inline int sysfs_chmod_file(struct kobject *kobj, |
4221 |
+ return 0; |
4222 |
+ } |
4223 |
+ |
4224 |
++static inline struct kernfs_node * |
4225 |
++sysfs_break_active_protection(struct kobject *kobj, |
4226 |
++ const struct attribute *attr) |
4227 |
++{ |
4228 |
++ return NULL; |
4229 |
++} |
4230 |
++ |
4231 |
++static inline void sysfs_unbreak_active_protection(struct kernfs_node *kn) |
4232 |
++{ |
4233 |
++} |
4234 |
++ |
4235 |
+ static inline void sysfs_remove_file_ns(struct kobject *kobj, |
4236 |
+ const struct attribute *attr, |
4237 |
+ const void *ns) |
4238 |
+diff --git a/include/linux/tpm.h b/include/linux/tpm.h |
4239 |
+index 06639fb6ab85..8eb5e5ebe136 100644 |
4240 |
+--- a/include/linux/tpm.h |
4241 |
++++ b/include/linux/tpm.h |
4242 |
+@@ -43,6 +43,8 @@ struct tpm_class_ops { |
4243 |
+ u8 (*status) (struct tpm_chip *chip); |
4244 |
+ bool (*update_timeouts)(struct tpm_chip *chip, |
4245 |
+ unsigned long *timeout_cap); |
4246 |
++ int (*go_idle)(struct tpm_chip *chip); |
4247 |
++ int (*cmd_ready)(struct tpm_chip *chip); |
4248 |
+ int (*request_locality)(struct tpm_chip *chip, int loc); |
4249 |
+ int (*relinquish_locality)(struct tpm_chip *chip, int loc); |
4250 |
+ void (*clk_enable)(struct tpm_chip *chip, bool value); |
4251 |
+diff --git a/include/scsi/libsas.h b/include/scsi/libsas.h |
4252 |
+index 225ab7783dfd..3de3b10da19a 100644 |
4253 |
+--- a/include/scsi/libsas.h |
4254 |
++++ b/include/scsi/libsas.h |
4255 |
+@@ -161,7 +161,7 @@ struct sata_device { |
4256 |
+ u8 port_no; /* port number, if this is a PM (Port) */ |
4257 |
+ |
4258 |
+ struct ata_port *ap; |
4259 |
+- struct ata_host ata_host; |
4260 |
++ struct ata_host *ata_host; |
4261 |
+ struct smp_resp rps_resp ____cacheline_aligned; /* report_phy_sata_resp */ |
4262 |
+ u8 fis[ATA_RESP_FIS_SIZE]; |
4263 |
+ }; |
4264 |
+diff --git a/kernel/kprobes.c b/kernel/kprobes.c |
4265 |
+index ea619021d901..f3183ad10d96 100644 |
4266 |
+--- a/kernel/kprobes.c |
4267 |
++++ b/kernel/kprobes.c |
4268 |
+@@ -710,9 +710,7 @@ static void reuse_unused_kprobe(struct kprobe *ap) |
4269 |
+ * there is still a relative jump) and disabled. |
4270 |
+ */ |
4271 |
+ op = container_of(ap, struct optimized_kprobe, kp); |
4272 |
+- if (unlikely(list_empty(&op->list))) |
4273 |
+- printk(KERN_WARNING "Warning: found a stray unused " |
4274 |
+- "aggrprobe@%p\n", ap->addr); |
4275 |
++ WARN_ON_ONCE(list_empty(&op->list)); |
4276 |
+ /* Enable the probe again */ |
4277 |
+ ap->flags &= ~KPROBE_FLAG_DISABLED; |
4278 |
+ /* Optimize it again (remove from op->list) */ |
4279 |
+@@ -985,7 +983,8 @@ static int arm_kprobe_ftrace(struct kprobe *p) |
4280 |
+ ret = ftrace_set_filter_ip(&kprobe_ftrace_ops, |
4281 |
+ (unsigned long)p->addr, 0, 0); |
4282 |
+ if (ret) { |
4283 |
+- pr_debug("Failed to arm kprobe-ftrace at %p (%d)\n", p->addr, ret); |
4284 |
++ pr_debug("Failed to arm kprobe-ftrace at %pS (%d)\n", |
4285 |
++ p->addr, ret); |
4286 |
+ return ret; |
4287 |
+ } |
4288 |
+ |
4289 |
+@@ -1025,7 +1024,8 @@ static int disarm_kprobe_ftrace(struct kprobe *p) |
4290 |
+ |
4291 |
+ ret = ftrace_set_filter_ip(&kprobe_ftrace_ops, |
4292 |
+ (unsigned long)p->addr, 1, 0); |
4293 |
+- WARN(ret < 0, "Failed to disarm kprobe-ftrace at %p (%d)\n", p->addr, ret); |
4294 |
++ WARN_ONCE(ret < 0, "Failed to disarm kprobe-ftrace at %pS (%d)\n", |
4295 |
++ p->addr, ret); |
4296 |
+ return ret; |
4297 |
+ } |
4298 |
+ #else /* !CONFIG_KPROBES_ON_FTRACE */ |
4299 |
+@@ -2169,11 +2169,12 @@ out: |
4300 |
+ } |
4301 |
+ EXPORT_SYMBOL_GPL(enable_kprobe); |
4302 |
+ |
4303 |
++/* Caller must NOT call this in usual path. This is only for critical case */ |
4304 |
+ void dump_kprobe(struct kprobe *kp) |
4305 |
+ { |
4306 |
+- printk(KERN_WARNING "Dumping kprobe:\n"); |
4307 |
+- printk(KERN_WARNING "Name: %s\nAddress: %p\nOffset: %x\n", |
4308 |
+- kp->symbol_name, kp->addr, kp->offset); |
4309 |
++ pr_err("Dumping kprobe:\n"); |
4310 |
++ pr_err("Name: %s\nOffset: %x\nAddress: %pS\n", |
4311 |
++ kp->symbol_name, kp->offset, kp->addr); |
4312 |
+ } |
4313 |
+ NOKPROBE_SYMBOL(dump_kprobe); |
4314 |
+ |
4315 |
+@@ -2196,11 +2197,8 @@ static int __init populate_kprobe_blacklist(unsigned long *start, |
4316 |
+ entry = arch_deref_entry_point((void *)*iter); |
4317 |
+ |
4318 |
+ if (!kernel_text_address(entry) || |
4319 |
+- !kallsyms_lookup_size_offset(entry, &size, &offset)) { |
4320 |
+- pr_err("Failed to find blacklist at %p\n", |
4321 |
+- (void *)entry); |
4322 |
++ !kallsyms_lookup_size_offset(entry, &size, &offset)) |
4323 |
+ continue; |
4324 |
+- } |
4325 |
+ |
4326 |
+ ent = kmalloc(sizeof(*ent), GFP_KERNEL); |
4327 |
+ if (!ent) |
4328 |
+@@ -2428,8 +2426,16 @@ static int kprobe_blacklist_seq_show(struct seq_file *m, void *v) |
4329 |
+ struct kprobe_blacklist_entry *ent = |
4330 |
+ list_entry(v, struct kprobe_blacklist_entry, list); |
4331 |
+ |
4332 |
+- seq_printf(m, "0x%px-0x%px\t%ps\n", (void *)ent->start_addr, |
4333 |
+- (void *)ent->end_addr, (void *)ent->start_addr); |
4334 |
++ /* |
4335 |
++ * If /proc/kallsyms is not showing kernel address, we won't |
4336 |
++ * show them here either. |
4337 |
++ */ |
4338 |
++ if (!kallsyms_show_value()) |
4339 |
++ seq_printf(m, "0x%px-0x%px\t%ps\n", NULL, NULL, |
4340 |
++ (void *)ent->start_addr); |
4341 |
++ else |
4342 |
++ seq_printf(m, "0x%px-0x%px\t%ps\n", (void *)ent->start_addr, |
4343 |
++ (void *)ent->end_addr, (void *)ent->start_addr); |
4344 |
+ return 0; |
4345 |
+ } |
4346 |
+ |
4347 |
+@@ -2611,7 +2617,7 @@ static int __init debugfs_kprobe_init(void) |
4348 |
+ if (!dir) |
4349 |
+ return -ENOMEM; |
4350 |
+ |
4351 |
+- file = debugfs_create_file("list", 0444, dir, NULL, |
4352 |
++ file = debugfs_create_file("list", 0400, dir, NULL, |
4353 |
+ &debugfs_kprobes_operations); |
4354 |
+ if (!file) |
4355 |
+ goto error; |
4356 |
+@@ -2621,7 +2627,7 @@ static int __init debugfs_kprobe_init(void) |
4357 |
+ if (!file) |
4358 |
+ goto error; |
4359 |
+ |
4360 |
+- file = debugfs_create_file("blacklist", 0444, dir, NULL, |
4361 |
++ file = debugfs_create_file("blacklist", 0400, dir, NULL, |
4362 |
+ &debugfs_kprobe_blacklist_ops); |
4363 |
+ if (!file) |
4364 |
+ goto error; |
4365 |
+diff --git a/kernel/printk/internal.h b/kernel/printk/internal.h |
4366 |
+index 2a7d04049af4..0f1898820cba 100644 |
4367 |
+--- a/kernel/printk/internal.h |
4368 |
++++ b/kernel/printk/internal.h |
4369 |
+@@ -19,11 +19,16 @@ |
4370 |
+ #ifdef CONFIG_PRINTK |
4371 |
+ |
4372 |
+ #define PRINTK_SAFE_CONTEXT_MASK 0x3fffffff |
4373 |
+-#define PRINTK_NMI_DEFERRED_CONTEXT_MASK 0x40000000 |
4374 |
++#define PRINTK_NMI_DIRECT_CONTEXT_MASK 0x40000000 |
4375 |
+ #define PRINTK_NMI_CONTEXT_MASK 0x80000000 |
4376 |
+ |
4377 |
+ extern raw_spinlock_t logbuf_lock; |
4378 |
+ |
4379 |
++__printf(5, 0) |
4380 |
++int vprintk_store(int facility, int level, |
4381 |
++ const char *dict, size_t dictlen, |
4382 |
++ const char *fmt, va_list args); |
4383 |
++ |
4384 |
+ __printf(1, 0) int vprintk_default(const char *fmt, va_list args); |
4385 |
+ __printf(1, 0) int vprintk_deferred(const char *fmt, va_list args); |
4386 |
+ __printf(1, 0) int vprintk_func(const char *fmt, va_list args); |
4387 |
+@@ -54,6 +59,8 @@ void __printk_safe_exit(void); |
4388 |
+ local_irq_enable(); \ |
4389 |
+ } while (0) |
4390 |
+ |
4391 |
++void defer_console_output(void); |
4392 |
++ |
4393 |
+ #else |
4394 |
+ |
4395 |
+ __printf(1, 0) int vprintk_func(const char *fmt, va_list args) { return 0; } |
4396 |
+diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c |
4397 |
+index 247808333ba4..1d1513215c22 100644 |
4398 |
+--- a/kernel/printk/printk.c |
4399 |
++++ b/kernel/printk/printk.c |
4400 |
+@@ -1824,28 +1824,16 @@ static size_t log_output(int facility, int level, enum log_flags lflags, const c |
4401 |
+ return log_store(facility, level, lflags, 0, dict, dictlen, text, text_len); |
4402 |
+ } |
4403 |
+ |
4404 |
+-asmlinkage int vprintk_emit(int facility, int level, |
4405 |
+- const char *dict, size_t dictlen, |
4406 |
+- const char *fmt, va_list args) |
4407 |
++/* Must be called under logbuf_lock. */ |
4408 |
++int vprintk_store(int facility, int level, |
4409 |
++ const char *dict, size_t dictlen, |
4410 |
++ const char *fmt, va_list args) |
4411 |
+ { |
4412 |
+ static char textbuf[LOG_LINE_MAX]; |
4413 |
+ char *text = textbuf; |
4414 |
+ size_t text_len; |
4415 |
+ enum log_flags lflags = 0; |
4416 |
+- unsigned long flags; |
4417 |
+- int printed_len; |
4418 |
+- bool in_sched = false; |
4419 |
+- |
4420 |
+- if (level == LOGLEVEL_SCHED) { |
4421 |
+- level = LOGLEVEL_DEFAULT; |
4422 |
+- in_sched = true; |
4423 |
+- } |
4424 |
+- |
4425 |
+- boot_delay_msec(level); |
4426 |
+- printk_delay(); |
4427 |
+ |
4428 |
+- /* This stops the holder of console_sem just where we want him */ |
4429 |
+- logbuf_lock_irqsave(flags); |
4430 |
+ /* |
4431 |
+ * The printf needs to come first; we need the syslog |
4432 |
+ * prefix which might be passed-in as a parameter. |
4433 |
+@@ -1886,8 +1874,29 @@ asmlinkage int vprintk_emit(int facility, int level, |
4434 |
+ if (dict) |
4435 |
+ lflags |= LOG_PREFIX|LOG_NEWLINE; |
4436 |
+ |
4437 |
+- printed_len = log_output(facility, level, lflags, dict, dictlen, text, text_len); |
4438 |
++ return log_output(facility, level, lflags, |
4439 |
++ dict, dictlen, text, text_len); |
4440 |
++} |
4441 |
+ |
4442 |
++asmlinkage int vprintk_emit(int facility, int level, |
4443 |
++ const char *dict, size_t dictlen, |
4444 |
++ const char *fmt, va_list args) |
4445 |
++{ |
4446 |
++ int printed_len; |
4447 |
++ bool in_sched = false; |
4448 |
++ unsigned long flags; |
4449 |
++ |
4450 |
++ if (level == LOGLEVEL_SCHED) { |
4451 |
++ level = LOGLEVEL_DEFAULT; |
4452 |
++ in_sched = true; |
4453 |
++ } |
4454 |
++ |
4455 |
++ boot_delay_msec(level); |
4456 |
++ printk_delay(); |
4457 |
++ |
4458 |
++ /* This stops the holder of console_sem just where we want him */ |
4459 |
++ logbuf_lock_irqsave(flags); |
4460 |
++ printed_len = vprintk_store(facility, level, dict, dictlen, fmt, args); |
4461 |
+ logbuf_unlock_irqrestore(flags); |
4462 |
+ |
4463 |
+ /* If called from the scheduler, we can not call up(). */ |
4464 |
+@@ -2878,16 +2887,20 @@ void wake_up_klogd(void) |
4465 |
+ preempt_enable(); |
4466 |
+ } |
4467 |
+ |
4468 |
+-int vprintk_deferred(const char *fmt, va_list args) |
4469 |
++void defer_console_output(void) |
4470 |
+ { |
4471 |
+- int r; |
4472 |
+- |
4473 |
+- r = vprintk_emit(0, LOGLEVEL_SCHED, NULL, 0, fmt, args); |
4474 |
+- |
4475 |
+ preempt_disable(); |
4476 |
+ __this_cpu_or(printk_pending, PRINTK_PENDING_OUTPUT); |
4477 |
+ irq_work_queue(this_cpu_ptr(&wake_up_klogd_work)); |
4478 |
+ preempt_enable(); |
4479 |
++} |
4480 |
++ |
4481 |
++int vprintk_deferred(const char *fmt, va_list args) |
4482 |
++{ |
4483 |
++ int r; |
4484 |
++ |
4485 |
++ r = vprintk_emit(0, LOGLEVEL_SCHED, NULL, 0, fmt, args); |
4486 |
++ defer_console_output(); |
4487 |
+ |
4488 |
+ return r; |
4489 |
+ } |
4490 |
+diff --git a/kernel/printk/printk_safe.c b/kernel/printk/printk_safe.c |
4491 |
+index d7d091309054..a0a74c533e4b 100644 |
4492 |
+--- a/kernel/printk/printk_safe.c |
4493 |
++++ b/kernel/printk/printk_safe.c |
4494 |
+@@ -308,24 +308,33 @@ static __printf(1, 0) int vprintk_nmi(const char *fmt, va_list args) |
4495 |
+ |
4496 |
+ void printk_nmi_enter(void) |
4497 |
+ { |
4498 |
+- /* |
4499 |
+- * The size of the extra per-CPU buffer is limited. Use it only when |
4500 |
+- * the main one is locked. If this CPU is not in the safe context, |
4501 |
+- * the lock must be taken on another CPU and we could wait for it. |
4502 |
+- */ |
4503 |
+- if ((this_cpu_read(printk_context) & PRINTK_SAFE_CONTEXT_MASK) && |
4504 |
+- raw_spin_is_locked(&logbuf_lock)) { |
4505 |
+- this_cpu_or(printk_context, PRINTK_NMI_CONTEXT_MASK); |
4506 |
+- } else { |
4507 |
+- this_cpu_or(printk_context, PRINTK_NMI_DEFERRED_CONTEXT_MASK); |
4508 |
+- } |
4509 |
++ this_cpu_or(printk_context, PRINTK_NMI_CONTEXT_MASK); |
4510 |
+ } |
4511 |
+ |
4512 |
+ void printk_nmi_exit(void) |
4513 |
+ { |
4514 |
+- this_cpu_and(printk_context, |
4515 |
+- ~(PRINTK_NMI_CONTEXT_MASK | |
4516 |
+- PRINTK_NMI_DEFERRED_CONTEXT_MASK)); |
4517 |
++ this_cpu_and(printk_context, ~PRINTK_NMI_CONTEXT_MASK); |
4518 |
++} |
4519 |
++ |
4520 |
++/* |
4521 |
++ * Marks a code that might produce many messages in NMI context |
4522 |
++ * and the risk of losing them is more critical than eventual |
4523 |
++ * reordering. |
4524 |
++ * |
4525 |
++ * It has effect only when called in NMI context. Then printk() |
4526 |
++ * will try to store the messages into the main logbuf directly |
4527 |
++ * and use the per-CPU buffers only as a fallback when the lock |
4528 |
++ * is not available. |
4529 |
++ */ |
4530 |
++void printk_nmi_direct_enter(void) |
4531 |
++{ |
4532 |
++ if (this_cpu_read(printk_context) & PRINTK_NMI_CONTEXT_MASK) |
4533 |
++ this_cpu_or(printk_context, PRINTK_NMI_DIRECT_CONTEXT_MASK); |
4534 |
++} |
4535 |
++ |
4536 |
++void printk_nmi_direct_exit(void) |
4537 |
++{ |
4538 |
++ this_cpu_and(printk_context, ~PRINTK_NMI_DIRECT_CONTEXT_MASK); |
4539 |
+ } |
4540 |
+ |
4541 |
+ #else |
4542 |
+@@ -363,6 +372,20 @@ void __printk_safe_exit(void) |
4543 |
+ |
4544 |
+ __printf(1, 0) int vprintk_func(const char *fmt, va_list args) |
4545 |
+ { |
4546 |
++ /* |
4547 |
++ * Try to use the main logbuf even in NMI. But avoid calling console |
4548 |
++ * drivers that might have their own locks. |
4549 |
++ */ |
4550 |
++ if ((this_cpu_read(printk_context) & PRINTK_NMI_DIRECT_CONTEXT_MASK) && |
4551 |
++ raw_spin_trylock(&logbuf_lock)) { |
4552 |
++ int len; |
4553 |
++ |
4554 |
++ len = vprintk_store(0, LOGLEVEL_DEFAULT, NULL, 0, fmt, args); |
4555 |
++ raw_spin_unlock(&logbuf_lock); |
4556 |
++ defer_console_output(); |
4557 |
++ return len; |
4558 |
++ } |
4559 |
++ |
4560 |
+ /* Use extra buffer in NMI when logbuf_lock is taken or in safe mode. */ |
4561 |
+ if (this_cpu_read(printk_context) & PRINTK_NMI_CONTEXT_MASK) |
4562 |
+ return vprintk_nmi(fmt, args); |
4563 |
+@@ -371,13 +394,6 @@ __printf(1, 0) int vprintk_func(const char *fmt, va_list args) |
4564 |
+ if (this_cpu_read(printk_context) & PRINTK_SAFE_CONTEXT_MASK) |
4565 |
+ return vprintk_safe(fmt, args); |
4566 |
+ |
4567 |
+- /* |
4568 |
+- * Use the main logbuf when logbuf_lock is available in NMI. |
4569 |
+- * But avoid calling console drivers that might have their own locks. |
4570 |
+- */ |
4571 |
+- if (this_cpu_read(printk_context) & PRINTK_NMI_DEFERRED_CONTEXT_MASK) |
4572 |
+- return vprintk_deferred(fmt, args); |
4573 |
+- |
4574 |
+ /* No obstacles. */ |
4575 |
+ return vprintk_default(fmt, args); |
4576 |
+ } |
4577 |
+diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c |
4578 |
+index e190d1ef3a23..067cb83f37ea 100644 |
4579 |
+--- a/kernel/stop_machine.c |
4580 |
++++ b/kernel/stop_machine.c |
4581 |
+@@ -81,6 +81,7 @@ static bool cpu_stop_queue_work(unsigned int cpu, struct cpu_stop_work *work) |
4582 |
+ unsigned long flags; |
4583 |
+ bool enabled; |
4584 |
+ |
4585 |
++ preempt_disable(); |
4586 |
+ raw_spin_lock_irqsave(&stopper->lock, flags); |
4587 |
+ enabled = stopper->enabled; |
4588 |
+ if (enabled) |
4589 |
+@@ -90,6 +91,7 @@ static bool cpu_stop_queue_work(unsigned int cpu, struct cpu_stop_work *work) |
4590 |
+ raw_spin_unlock_irqrestore(&stopper->lock, flags); |
4591 |
+ |
4592 |
+ wake_up_q(&wakeq); |
4593 |
++ preempt_enable(); |
4594 |
+ |
4595 |
+ return enabled; |
4596 |
+ } |
4597 |
+@@ -236,13 +238,24 @@ static int cpu_stop_queue_two_works(int cpu1, struct cpu_stop_work *work1, |
4598 |
+ struct cpu_stopper *stopper2 = per_cpu_ptr(&cpu_stopper, cpu2); |
4599 |
+ DEFINE_WAKE_Q(wakeq); |
4600 |
+ int err; |
4601 |
++ |
4602 |
+ retry: |
4603 |
++ /* |
4604 |
++ * The waking up of stopper threads has to happen in the same |
4605 |
++ * scheduling context as the queueing. Otherwise, there is a |
4606 |
++ * possibility of one of the above stoppers being woken up by another |
4607 |
++ * CPU, and preempting us. This will cause us to not wake up the other |
4608 |
++ * stopper forever. |
4609 |
++ */ |
4610 |
++ preempt_disable(); |
4611 |
+ raw_spin_lock_irq(&stopper1->lock); |
4612 |
+ raw_spin_lock_nested(&stopper2->lock, SINGLE_DEPTH_NESTING); |
4613 |
+ |
4614 |
+- err = -ENOENT; |
4615 |
+- if (!stopper1->enabled || !stopper2->enabled) |
4616 |
++ if (!stopper1->enabled || !stopper2->enabled) { |
4617 |
++ err = -ENOENT; |
4618 |
+ goto unlock; |
4619 |
++ } |
4620 |
++ |
4621 |
+ /* |
4622 |
+ * Ensure that if we race with __stop_cpus() the stoppers won't get |
4623 |
+ * queued up in reverse order leading to system deadlock. |
4624 |
+@@ -253,36 +266,30 @@ retry: |
4625 |
+ * It can be falsely true but it is safe to spin until it is cleared, |
4626 |
+ * queue_stop_cpus_work() does everything under preempt_disable(). |
4627 |
+ */ |
4628 |
+- err = -EDEADLK; |
4629 |
+- if (unlikely(stop_cpus_in_progress)) |
4630 |
+- goto unlock; |
4631 |
++ if (unlikely(stop_cpus_in_progress)) { |
4632 |
++ err = -EDEADLK; |
4633 |
++ goto unlock; |
4634 |
++ } |
4635 |
+ |
4636 |
+ err = 0; |
4637 |
+ __cpu_stop_queue_work(stopper1, work1, &wakeq); |
4638 |
+ __cpu_stop_queue_work(stopper2, work2, &wakeq); |
4639 |
+- /* |
4640 |
+- * The waking up of stopper threads has to happen |
4641 |
+- * in the same scheduling context as the queueing. |
4642 |
+- * Otherwise, there is a possibility of one of the |
4643 |
+- * above stoppers being woken up by another CPU, |
4644 |
+- * and preempting us. This will cause us to n ot |
4645 |
+- * wake up the other stopper forever. |
4646 |
+- */ |
4647 |
+- preempt_disable(); |
4648 |
++ |
4649 |
+ unlock: |
4650 |
+ raw_spin_unlock(&stopper2->lock); |
4651 |
+ raw_spin_unlock_irq(&stopper1->lock); |
4652 |
+ |
4653 |
+ if (unlikely(err == -EDEADLK)) { |
4654 |
++ preempt_enable(); |
4655 |
++ |
4656 |
+ while (stop_cpus_in_progress) |
4657 |
+ cpu_relax(); |
4658 |
++ |
4659 |
+ goto retry; |
4660 |
+ } |
4661 |
+ |
4662 |
+- if (!err) { |
4663 |
+- wake_up_q(&wakeq); |
4664 |
+- preempt_enable(); |
4665 |
+- } |
4666 |
++ wake_up_q(&wakeq); |
4667 |
++ preempt_enable(); |
4668 |
+ |
4669 |
+ return err; |
4670 |
+ } |
4671 |
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
4672 |
+index 823687997b01..176debd3481b 100644 |
4673 |
+--- a/kernel/trace/trace.c |
4674 |
++++ b/kernel/trace/trace.c |
4675 |
+@@ -8288,6 +8288,7 @@ void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) |
4676 |
+ tracing_off(); |
4677 |
+ |
4678 |
+ local_irq_save(flags); |
4679 |
++ printk_nmi_direct_enter(); |
4680 |
+ |
4681 |
+ /* Simulate the iterator */ |
4682 |
+ trace_init_global_iter(&iter); |
4683 |
+@@ -8367,7 +8368,8 @@ void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) |
4684 |
+ for_each_tracing_cpu(cpu) { |
4685 |
+ atomic_dec(&per_cpu_ptr(iter.trace_buffer->data, cpu)->disabled); |
4686 |
+ } |
4687 |
+- atomic_dec(&dump_running); |
4688 |
++ atomic_dec(&dump_running); |
4689 |
++ printk_nmi_direct_exit(); |
4690 |
+ local_irq_restore(flags); |
4691 |
+ } |
4692 |
+ EXPORT_SYMBOL_GPL(ftrace_dump); |
4693 |
+diff --git a/kernel/watchdog.c b/kernel/watchdog.c |
4694 |
+index 576d18045811..51f5a64d9ec2 100644 |
4695 |
+--- a/kernel/watchdog.c |
4696 |
++++ b/kernel/watchdog.c |
4697 |
+@@ -266,7 +266,7 @@ static void __touch_watchdog(void) |
4698 |
+ * entering idle state. This should only be used for scheduler events. |
4699 |
+ * Use touch_softlockup_watchdog() for everything else. |
4700 |
+ */ |
4701 |
+-void touch_softlockup_watchdog_sched(void) |
4702 |
++notrace void touch_softlockup_watchdog_sched(void) |
4703 |
+ { |
4704 |
+ /* |
4705 |
+ * Preemption can be enabled. It doesn't matter which CPU's timestamp |
4706 |
+@@ -275,7 +275,7 @@ void touch_softlockup_watchdog_sched(void) |
4707 |
+ raw_cpu_write(watchdog_touch_ts, 0); |
4708 |
+ } |
4709 |
+ |
4710 |
+-void touch_softlockup_watchdog(void) |
4711 |
++notrace void touch_softlockup_watchdog(void) |
4712 |
+ { |
4713 |
+ touch_softlockup_watchdog_sched(); |
4714 |
+ wq_watchdog_touch(raw_smp_processor_id()); |
4715 |
+diff --git a/kernel/watchdog_hld.c b/kernel/watchdog_hld.c |
4716 |
+index e449a23e9d59..4ece6028007a 100644 |
4717 |
+--- a/kernel/watchdog_hld.c |
4718 |
++++ b/kernel/watchdog_hld.c |
4719 |
+@@ -29,7 +29,7 @@ static struct cpumask dead_events_mask; |
4720 |
+ static unsigned long hardlockup_allcpu_dumped; |
4721 |
+ static atomic_t watchdog_cpus = ATOMIC_INIT(0); |
4722 |
+ |
4723 |
+-void arch_touch_nmi_watchdog(void) |
4724 |
++notrace void arch_touch_nmi_watchdog(void) |
4725 |
+ { |
4726 |
+ /* |
4727 |
+ * Using __raw here because some code paths have |
4728 |
+diff --git a/kernel/workqueue.c b/kernel/workqueue.c |
4729 |
+index 78b192071ef7..5f78c6e41796 100644 |
4730 |
+--- a/kernel/workqueue.c |
4731 |
++++ b/kernel/workqueue.c |
4732 |
+@@ -5559,7 +5559,7 @@ static void wq_watchdog_timer_fn(struct timer_list *unused) |
4733 |
+ mod_timer(&wq_watchdog_timer, jiffies + thresh); |
4734 |
+ } |
4735 |
+ |
4736 |
+-void wq_watchdog_touch(int cpu) |
4737 |
++notrace void wq_watchdog_touch(int cpu) |
4738 |
+ { |
4739 |
+ if (cpu >= 0) |
4740 |
+ per_cpu(wq_watchdog_touched_cpu, cpu) = jiffies; |
4741 |
+diff --git a/lib/nmi_backtrace.c b/lib/nmi_backtrace.c |
4742 |
+index 61a6b5aab07e..15ca78e1c7d4 100644 |
4743 |
+--- a/lib/nmi_backtrace.c |
4744 |
++++ b/lib/nmi_backtrace.c |
4745 |
+@@ -87,11 +87,9 @@ void nmi_trigger_cpumask_backtrace(const cpumask_t *mask, |
4746 |
+ |
4747 |
+ bool nmi_cpu_backtrace(struct pt_regs *regs) |
4748 |
+ { |
4749 |
+- static arch_spinlock_t lock = __ARCH_SPIN_LOCK_UNLOCKED; |
4750 |
+ int cpu = smp_processor_id(); |
4751 |
+ |
4752 |
+ if (cpumask_test_cpu(cpu, to_cpumask(backtrace_mask))) { |
4753 |
+- arch_spin_lock(&lock); |
4754 |
+ if (regs && cpu_in_idle(instruction_pointer(regs))) { |
4755 |
+ pr_warn("NMI backtrace for cpu %d skipped: idling at %pS\n", |
4756 |
+ cpu, (void *)instruction_pointer(regs)); |
4757 |
+@@ -102,7 +100,6 @@ bool nmi_cpu_backtrace(struct pt_regs *regs) |
4758 |
+ else |
4759 |
+ dump_stack(); |
4760 |
+ } |
4761 |
+- arch_spin_unlock(&lock); |
4762 |
+ cpumask_clear_cpu(cpu, to_cpumask(backtrace_mask)); |
4763 |
+ return true; |
4764 |
+ } |
4765 |
+diff --git a/lib/vsprintf.c b/lib/vsprintf.c |
4766 |
+index a48aaa79d352..cda186230287 100644 |
4767 |
+--- a/lib/vsprintf.c |
4768 |
++++ b/lib/vsprintf.c |
4769 |
+@@ -1942,6 +1942,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, |
4770 |
+ case 'F': |
4771 |
+ return device_node_string(buf, end, ptr, spec, fmt + 1); |
4772 |
+ } |
4773 |
++ break; |
4774 |
+ case 'x': |
4775 |
+ return pointer_string(buf, end, ptr, spec); |
4776 |
+ } |
4777 |
+diff --git a/mm/memory.c b/mm/memory.c |
4778 |
+index 0e356dd923c2..86d4329acb05 100644 |
4779 |
+--- a/mm/memory.c |
4780 |
++++ b/mm/memory.c |
4781 |
+@@ -245,9 +245,6 @@ static void tlb_flush_mmu_tlbonly(struct mmu_gather *tlb) |
4782 |
+ |
4783 |
+ tlb_flush(tlb); |
4784 |
+ mmu_notifier_invalidate_range(tlb->mm, tlb->start, tlb->end); |
4785 |
+-#ifdef CONFIG_HAVE_RCU_TABLE_FREE |
4786 |
+- tlb_table_flush(tlb); |
4787 |
+-#endif |
4788 |
+ __tlb_reset_range(tlb); |
4789 |
+ } |
4790 |
+ |
4791 |
+@@ -255,6 +252,9 @@ static void tlb_flush_mmu_free(struct mmu_gather *tlb) |
4792 |
+ { |
4793 |
+ struct mmu_gather_batch *batch; |
4794 |
+ |
4795 |
++#ifdef CONFIG_HAVE_RCU_TABLE_FREE |
4796 |
++ tlb_table_flush(tlb); |
4797 |
++#endif |
4798 |
+ for (batch = &tlb->local; batch && batch->nr; batch = batch->next) { |
4799 |
+ free_pages_and_swap_cache(batch->pages, batch->nr); |
4800 |
+ batch->nr = 0; |
4801 |
+@@ -330,6 +330,21 @@ bool __tlb_remove_page_size(struct mmu_gather *tlb, struct page *page, int page_ |
4802 |
+ * See the comment near struct mmu_table_batch. |
4803 |
+ */ |
4804 |
+ |
4805 |
++/* |
4806 |
++ * If we want tlb_remove_table() to imply TLB invalidates. |
4807 |
++ */ |
4808 |
++static inline void tlb_table_invalidate(struct mmu_gather *tlb) |
4809 |
++{ |
4810 |
++#ifdef CONFIG_HAVE_RCU_TABLE_INVALIDATE |
4811 |
++ /* |
4812 |
++ * Invalidate page-table caches used by hardware walkers. Then we still |
4813 |
++ * need to RCU-sched wait while freeing the pages because software |
4814 |
++ * walkers can still be in-flight. |
4815 |
++ */ |
4816 |
++ tlb_flush_mmu_tlbonly(tlb); |
4817 |
++#endif |
4818 |
++} |
4819 |
++ |
4820 |
+ static void tlb_remove_table_smp_sync(void *arg) |
4821 |
+ { |
4822 |
+ /* Simply deliver the interrupt */ |
4823 |
+@@ -366,6 +381,7 @@ void tlb_table_flush(struct mmu_gather *tlb) |
4824 |
+ struct mmu_table_batch **batch = &tlb->batch; |
4825 |
+ |
4826 |
+ if (*batch) { |
4827 |
++ tlb_table_invalidate(tlb); |
4828 |
+ call_rcu_sched(&(*batch)->rcu, tlb_remove_table_rcu); |
4829 |
+ *batch = NULL; |
4830 |
+ } |
4831 |
+@@ -387,11 +403,13 @@ void tlb_remove_table(struct mmu_gather *tlb, void *table) |
4832 |
+ if (*batch == NULL) { |
4833 |
+ *batch = (struct mmu_table_batch *)__get_free_page(GFP_NOWAIT | __GFP_NOWARN); |
4834 |
+ if (*batch == NULL) { |
4835 |
++ tlb_table_invalidate(tlb); |
4836 |
+ tlb_remove_table_one(table); |
4837 |
+ return; |
4838 |
+ } |
4839 |
+ (*batch)->nr = 0; |
4840 |
+ } |
4841 |
++ |
4842 |
+ (*batch)->tables[(*batch)->nr++] = table; |
4843 |
+ if ((*batch)->nr == MAX_TABLE_BATCH) |
4844 |
+ tlb_table_flush(tlb); |
4845 |
+diff --git a/net/sunrpc/xprtrdma/verbs.c b/net/sunrpc/xprtrdma/verbs.c |
4846 |
+index 16161a36dc73..e8d1024dc547 100644 |
4847 |
+--- a/net/sunrpc/xprtrdma/verbs.c |
4848 |
++++ b/net/sunrpc/xprtrdma/verbs.c |
4849 |
+@@ -280,7 +280,6 @@ rpcrdma_conn_upcall(struct rdma_cm_id *id, struct rdma_cm_event *event) |
4850 |
+ ++xprt->rx_xprt.connect_cookie; |
4851 |
+ connstate = -ECONNABORTED; |
4852 |
+ connected: |
4853 |
+- xprt->rx_buf.rb_credits = 1; |
4854 |
+ ep->rep_connected = connstate; |
4855 |
+ rpcrdma_conn_func(ep); |
4856 |
+ wake_up_all(&ep->rep_connect_wait); |
4857 |
+@@ -755,6 +754,7 @@ retry: |
4858 |
+ } |
4859 |
+ |
4860 |
+ ep->rep_connected = 0; |
4861 |
++ rpcrdma_post_recvs(r_xprt, true); |
4862 |
+ |
4863 |
+ rc = rdma_connect(ia->ri_id, &ep->rep_remote_cma); |
4864 |
+ if (rc) { |
4865 |
+@@ -773,8 +773,6 @@ retry: |
4866 |
+ |
4867 |
+ dprintk("RPC: %s: connected\n", __func__); |
4868 |
+ |
4869 |
+- rpcrdma_post_recvs(r_xprt, true); |
4870 |
+- |
4871 |
+ out: |
4872 |
+ if (rc) |
4873 |
+ ep->rep_connected = rc; |
4874 |
+@@ -1171,6 +1169,7 @@ rpcrdma_buffer_create(struct rpcrdma_xprt *r_xprt) |
4875 |
+ list_add(&req->rl_list, &buf->rb_send_bufs); |
4876 |
+ } |
4877 |
+ |
4878 |
++ buf->rb_credits = 1; |
4879 |
+ buf->rb_posted_receives = 0; |
4880 |
+ INIT_LIST_HEAD(&buf->rb_recv_bufs); |
4881 |
+ |
4882 |
+diff --git a/scripts/kernel-doc b/scripts/kernel-doc |
4883 |
+index 0057d8eafcc1..8f0f508a78e9 100755 |
4884 |
+--- a/scripts/kernel-doc |
4885 |
++++ b/scripts/kernel-doc |
4886 |
+@@ -1062,7 +1062,7 @@ sub dump_struct($$) { |
4887 |
+ my $x = shift; |
4888 |
+ my $file = shift; |
4889 |
+ |
4890 |
+- if ($x =~ /(struct|union)\s+(\w+)\s*{(.*)}/) { |
4891 |
++ if ($x =~ /(struct|union)\s+(\w+)\s*\{(.*)\}/) { |
4892 |
+ my $decl_type = $1; |
4893 |
+ $declaration_name = $2; |
4894 |
+ my $members = $3; |
4895 |
+@@ -1148,20 +1148,20 @@ sub dump_struct($$) { |
4896 |
+ } |
4897 |
+ } |
4898 |
+ } |
4899 |
+- $members =~ s/(struct|union)([^\{\};]+)\{([^\{\}]*)}([^\{\}\;]*)\;/$newmember/; |
4900 |
++ $members =~ s/(struct|union)([^\{\};]+)\{([^\{\}]*)\}([^\{\}\;]*)\;/$newmember/; |
4901 |
+ } |
4902 |
+ |
4903 |
+ # Ignore other nested elements, like enums |
4904 |
+- $members =~ s/({[^\{\}]*})//g; |
4905 |
++ $members =~ s/(\{[^\{\}]*\})//g; |
4906 |
+ |
4907 |
+ create_parameterlist($members, ';', $file, $declaration_name); |
4908 |
+ check_sections($file, $declaration_name, $decl_type, $sectcheck, $struct_actual); |
4909 |
+ |
4910 |
+ # Adjust declaration for better display |
4911 |
+- $declaration =~ s/([{;])/$1\n/g; |
4912 |
+- $declaration =~ s/}\s+;/};/g; |
4913 |
++ $declaration =~ s/([\{;])/$1\n/g; |
4914 |
++ $declaration =~ s/\}\s+;/};/g; |
4915 |
+ # Better handle inlined enums |
4916 |
+- do {} while ($declaration =~ s/(enum\s+{[^}]+),([^\n])/$1,\n$2/); |
4917 |
++ do {} while ($declaration =~ s/(enum\s+\{[^\}]+),([^\n])/$1,\n$2/); |
4918 |
+ |
4919 |
+ my @def_args = split /\n/, $declaration; |
4920 |
+ my $level = 1; |
4921 |
+@@ -1171,12 +1171,12 @@ sub dump_struct($$) { |
4922 |
+ $clause =~ s/\s+$//; |
4923 |
+ $clause =~ s/\s+/ /; |
4924 |
+ next if (!$clause); |
4925 |
+- $level-- if ($clause =~ m/(})/ && $level > 1); |
4926 |
++ $level-- if ($clause =~ m/(\})/ && $level > 1); |
4927 |
+ if (!($clause =~ m/^\s*#/)) { |
4928 |
+ $declaration .= "\t" x $level; |
4929 |
+ } |
4930 |
+ $declaration .= "\t" . $clause . "\n"; |
4931 |
+- $level++ if ($clause =~ m/({)/ && !($clause =~m/}/)); |
4932 |
++ $level++ if ($clause =~ m/(\{)/ && !($clause =~m/\}/)); |
4933 |
+ } |
4934 |
+ output_declaration($declaration_name, |
4935 |
+ 'struct', |
4936 |
+@@ -1244,7 +1244,7 @@ sub dump_enum($$) { |
4937 |
+ # strip #define macros inside enums |
4938 |
+ $x =~ s@#\s*((define|ifdef)\s+|endif)[^;]*;@@gos; |
4939 |
+ |
4940 |
+- if ($x =~ /enum\s+(\w+)\s*{(.*)}/) { |
4941 |
++ if ($x =~ /enum\s+(\w+)\s*\{(.*)\}/) { |
4942 |
+ $declaration_name = $1; |
4943 |
+ my $members = $2; |
4944 |
+ my %_members; |
4945 |
+@@ -1785,7 +1785,7 @@ sub process_proto_type($$) { |
4946 |
+ } |
4947 |
+ |
4948 |
+ while (1) { |
4949 |
+- if ( $x =~ /([^{};]*)([{};])(.*)/ ) { |
4950 |
++ if ( $x =~ /([^\{\};]*)([\{\};])(.*)/ ) { |
4951 |
+ if( length $prototype ) { |
4952 |
+ $prototype .= " " |
4953 |
+ } |
4954 |
+diff --git a/sound/soc/codecs/wm_adsp.c b/sound/soc/codecs/wm_adsp.c |
4955 |
+index 2fcdd84021a5..86c7805da997 100644 |
4956 |
+--- a/sound/soc/codecs/wm_adsp.c |
4957 |
++++ b/sound/soc/codecs/wm_adsp.c |
4958 |
+@@ -2642,7 +2642,10 @@ int wm_adsp2_preloader_get(struct snd_kcontrol *kcontrol, |
4959 |
+ struct snd_ctl_elem_value *ucontrol) |
4960 |
+ { |
4961 |
+ struct snd_soc_component *component = snd_soc_kcontrol_component(kcontrol); |
4962 |
+- struct wm_adsp *dsp = snd_soc_component_get_drvdata(component); |
4963 |
++ struct wm_adsp *dsps = snd_soc_component_get_drvdata(component); |
4964 |
++ struct soc_mixer_control *mc = |
4965 |
++ (struct soc_mixer_control *)kcontrol->private_value; |
4966 |
++ struct wm_adsp *dsp = &dsps[mc->shift - 1]; |
4967 |
+ |
4968 |
+ ucontrol->value.integer.value[0] = dsp->preloaded; |
4969 |
+ |
4970 |
+@@ -2654,10 +2657,11 @@ int wm_adsp2_preloader_put(struct snd_kcontrol *kcontrol, |
4971 |
+ struct snd_ctl_elem_value *ucontrol) |
4972 |
+ { |
4973 |
+ struct snd_soc_component *component = snd_soc_kcontrol_component(kcontrol); |
4974 |
+- struct wm_adsp *dsp = snd_soc_component_get_drvdata(component); |
4975 |
++ struct wm_adsp *dsps = snd_soc_component_get_drvdata(component); |
4976 |
+ struct snd_soc_dapm_context *dapm = snd_soc_component_get_dapm(component); |
4977 |
+ struct soc_mixer_control *mc = |
4978 |
+ (struct soc_mixer_control *)kcontrol->private_value; |
4979 |
++ struct wm_adsp *dsp = &dsps[mc->shift - 1]; |
4980 |
+ char preload[32]; |
4981 |
+ |
4982 |
+ snprintf(preload, ARRAY_SIZE(preload), "DSP%u Preload", mc->shift); |
4983 |
+diff --git a/sound/soc/sirf/sirf-usp.c b/sound/soc/sirf/sirf-usp.c |
4984 |
+index 77e7dcf969d0..d70fcd4a1adf 100644 |
4985 |
+--- a/sound/soc/sirf/sirf-usp.c |
4986 |
++++ b/sound/soc/sirf/sirf-usp.c |
4987 |
+@@ -370,10 +370,9 @@ static int sirf_usp_pcm_probe(struct platform_device *pdev) |
4988 |
+ platform_set_drvdata(pdev, usp); |
4989 |
+ |
4990 |
+ mem_res = platform_get_resource(pdev, IORESOURCE_MEM, 0); |
4991 |
+- base = devm_ioremap(&pdev->dev, mem_res->start, |
4992 |
+- resource_size(mem_res)); |
4993 |
+- if (base == NULL) |
4994 |
+- return -ENOMEM; |
4995 |
++ base = devm_ioremap_resource(&pdev->dev, mem_res); |
4996 |
++ if (IS_ERR(base)) |
4997 |
++ return PTR_ERR(base); |
4998 |
+ usp->regmap = devm_regmap_init_mmio(&pdev->dev, base, |
4999 |
+ &sirf_usp_regmap_config); |
5000 |
+ if (IS_ERR(usp->regmap)) |
5001 |
+diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c |
5002 |
+index 5e7ae47a9658..5feae9666822 100644 |
5003 |
+--- a/sound/soc/soc-pcm.c |
5004 |
++++ b/sound/soc/soc-pcm.c |
5005 |
+@@ -1694,6 +1694,14 @@ static u64 dpcm_runtime_base_format(struct snd_pcm_substream *substream) |
5006 |
+ int i; |
5007 |
+ |
5008 |
+ for (i = 0; i < be->num_codecs; i++) { |
5009 |
++ /* |
5010 |
++ * Skip CODECs which don't support the current stream |
5011 |
++ * type. See soc_pcm_init_runtime_hw() for more details |
5012 |
++ */ |
5013 |
++ if (!snd_soc_dai_stream_valid(be->codec_dais[i], |
5014 |
++ stream)) |
5015 |
++ continue; |
5016 |
++ |
5017 |
+ codec_dai_drv = be->codec_dais[i]->driver; |
5018 |
+ if (stream == SNDRV_PCM_STREAM_PLAYBACK) |
5019 |
+ codec_stream = &codec_dai_drv->playback; |
5020 |
+diff --git a/sound/soc/zte/zx-tdm.c b/sound/soc/zte/zx-tdm.c |
5021 |
+index dc955272f58b..389272eeba9a 100644 |
5022 |
+--- a/sound/soc/zte/zx-tdm.c |
5023 |
++++ b/sound/soc/zte/zx-tdm.c |
5024 |
+@@ -144,8 +144,8 @@ static void zx_tdm_rx_dma_en(struct zx_tdm_info *tdm, bool on) |
5025 |
+ #define ZX_TDM_RATES (SNDRV_PCM_RATE_8000 | SNDRV_PCM_RATE_16000) |
5026 |
+ |
5027 |
+ #define ZX_TDM_FMTBIT \ |
5028 |
+- (SNDRV_PCM_FMTBIT_S16_LE | SNDRV_PCM_FORMAT_MU_LAW | \ |
5029 |
+- SNDRV_PCM_FORMAT_A_LAW) |
5030 |
++ (SNDRV_PCM_FMTBIT_S16_LE | SNDRV_PCM_FMTBIT_MU_LAW | \ |
5031 |
++ SNDRV_PCM_FMTBIT_A_LAW) |
5032 |
+ |
5033 |
+ static int zx_tdm_dai_probe(struct snd_soc_dai *dai) |
5034 |
+ { |
5035 |
+diff --git a/tools/perf/arch/s390/util/kvm-stat.c b/tools/perf/arch/s390/util/kvm-stat.c |
5036 |
+index d233e2eb9592..aaabab5e2830 100644 |
5037 |
+--- a/tools/perf/arch/s390/util/kvm-stat.c |
5038 |
++++ b/tools/perf/arch/s390/util/kvm-stat.c |
5039 |
+@@ -102,7 +102,7 @@ const char * const kvm_skip_events[] = { |
5040 |
+ |
5041 |
+ int cpu_isa_init(struct perf_kvm_stat *kvm, const char *cpuid) |
5042 |
+ { |
5043 |
+- if (strstr(cpuid, "IBM/S390")) { |
5044 |
++ if (strstr(cpuid, "IBM")) { |
5045 |
+ kvm->exit_reasons = sie_exit_reasons; |
5046 |
+ kvm->exit_reasons_isa = "SIE"; |
5047 |
+ } else |
5048 |
+diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c |
5049 |
+index bd3d57f40f1b..17cecc96f735 100644 |
5050 |
+--- a/virt/kvm/arm/arch_timer.c |
5051 |
++++ b/virt/kvm/arm/arch_timer.c |
5052 |
+@@ -295,9 +295,9 @@ static void phys_timer_emulate(struct kvm_vcpu *vcpu) |
5053 |
+ struct arch_timer_context *ptimer = vcpu_ptimer(vcpu); |
5054 |
+ |
5055 |
+ /* |
5056 |
+- * If the timer can fire now we have just raised the IRQ line and we |
5057 |
+- * don't need to have a soft timer scheduled for the future. If the |
5058 |
+- * timer cannot fire at all, then we also don't need a soft timer. |
5059 |
++ * If the timer can fire now, we don't need to have a soft timer |
5060 |
++ * scheduled for the future. If the timer cannot fire at all, |
5061 |
++ * then we also don't need a soft timer. |
5062 |
+ */ |
5063 |
+ if (kvm_timer_should_fire(ptimer) || !kvm_timer_irq_can_fire(ptimer)) { |
5064 |
+ soft_timer_cancel(&timer->phys_timer, NULL); |
5065 |
+@@ -332,10 +332,10 @@ static void kvm_timer_update_state(struct kvm_vcpu *vcpu) |
5066 |
+ level = kvm_timer_should_fire(vtimer); |
5067 |
+ kvm_timer_update_irq(vcpu, level, vtimer); |
5068 |
+ |
5069 |
++ phys_timer_emulate(vcpu); |
5070 |
++ |
5071 |
+ if (kvm_timer_should_fire(ptimer) != ptimer->irq.level) |
5072 |
+ kvm_timer_update_irq(vcpu, !ptimer->irq.level, ptimer); |
5073 |
+- |
5074 |
+- phys_timer_emulate(vcpu); |
5075 |
+ } |
5076 |
+ |
5077 |
+ static void vtimer_save_state(struct kvm_vcpu *vcpu) |
5078 |
+@@ -487,6 +487,7 @@ void kvm_timer_vcpu_load(struct kvm_vcpu *vcpu) |
5079 |
+ { |
5080 |
+ struct arch_timer_cpu *timer = &vcpu->arch.timer_cpu; |
5081 |
+ struct arch_timer_context *vtimer = vcpu_vtimer(vcpu); |
5082 |
++ struct arch_timer_context *ptimer = vcpu_ptimer(vcpu); |
5083 |
+ |
5084 |
+ if (unlikely(!timer->enabled)) |
5085 |
+ return; |
5086 |
+@@ -502,6 +503,10 @@ void kvm_timer_vcpu_load(struct kvm_vcpu *vcpu) |
5087 |
+ |
5088 |
+ /* Set the background timer for the physical timer emulation. */ |
5089 |
+ phys_timer_emulate(vcpu); |
5090 |
++ |
5091 |
++ /* If the timer fired while we weren't running, inject it now */ |
5092 |
++ if (kvm_timer_should_fire(ptimer) != ptimer->irq.level) |
5093 |
++ kvm_timer_update_irq(vcpu, !ptimer->irq.level, ptimer); |
5094 |
+ } |
5095 |
+ |
5096 |
+ bool kvm_timer_should_notify_user(struct kvm_vcpu *vcpu) |
5097 |
+diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c |
5098 |
+index 1d90d79706bd..c2b95a22959b 100644 |
5099 |
+--- a/virt/kvm/arm/mmu.c |
5100 |
++++ b/virt/kvm/arm/mmu.c |
5101 |
+@@ -1015,19 +1015,35 @@ static int stage2_set_pmd_huge(struct kvm *kvm, struct kvm_mmu_memory_cache |
5102 |
+ pmd = stage2_get_pmd(kvm, cache, addr); |
5103 |
+ VM_BUG_ON(!pmd); |
5104 |
+ |
5105 |
+- /* |
5106 |
+- * Mapping in huge pages should only happen through a fault. If a |
5107 |
+- * page is merged into a transparent huge page, the individual |
5108 |
+- * subpages of that huge page should be unmapped through MMU |
5109 |
+- * notifiers before we get here. |
5110 |
+- * |
5111 |
+- * Merging of CompoundPages is not supported; they should become |
5112 |
+- * splitting first, unmapped, merged, and mapped back in on-demand. |
5113 |
+- */ |
5114 |
+- VM_BUG_ON(pmd_present(*pmd) && pmd_pfn(*pmd) != pmd_pfn(*new_pmd)); |
5115 |
+- |
5116 |
+ old_pmd = *pmd; |
5117 |
+ if (pmd_present(old_pmd)) { |
5118 |
++ /* |
5119 |
++ * Multiple vcpus faulting on the same PMD entry, can |
5120 |
++ * lead to them sequentially updating the PMD with the |
5121 |
++ * same value. Following the break-before-make |
5122 |
++ * (pmd_clear() followed by tlb_flush()) process can |
5123 |
++ * hinder forward progress due to refaults generated |
5124 |
++ * on missing translations. |
5125 |
++ * |
5126 |
++ * Skip updating the page table if the entry is |
5127 |
++ * unchanged. |
5128 |
++ */ |
5129 |
++ if (pmd_val(old_pmd) == pmd_val(*new_pmd)) |
5130 |
++ return 0; |
5131 |
++ |
5132 |
++ /* |
5133 |
++ * Mapping in huge pages should only happen through a |
5134 |
++ * fault. If a page is merged into a transparent huge |
5135 |
++ * page, the individual subpages of that huge page |
5136 |
++ * should be unmapped through MMU notifiers before we |
5137 |
++ * get here. |
5138 |
++ * |
5139 |
++ * Merging of CompoundPages is not supported; they |
5140 |
++ * should become splitting first, unmapped, merged, |
5141 |
++ * and mapped back in on-demand. |
5142 |
++ */ |
5143 |
++ VM_BUG_ON(pmd_pfn(old_pmd) != pmd_pfn(*new_pmd)); |
5144 |
++ |
5145 |
+ pmd_clear(pmd); |
5146 |
+ kvm_tlb_flush_vmid_ipa(kvm, addr); |
5147 |
+ } else { |
5148 |
+@@ -1102,6 +1118,10 @@ static int stage2_set_pte(struct kvm *kvm, struct kvm_mmu_memory_cache *cache, |
5149 |
+ /* Create 2nd stage page table mapping - Level 3 */ |
5150 |
+ old_pte = *pte; |
5151 |
+ if (pte_present(old_pte)) { |
5152 |
++ /* Skip page table update if there is no change */ |
5153 |
++ if (pte_val(old_pte) == pte_val(*new_pte)) |
5154 |
++ return 0; |
5155 |
++ |
5156 |
+ kvm_set_pte(pte, __pte(0)); |
5157 |
+ kvm_tlb_flush_vmid_ipa(kvm, addr); |
5158 |
+ } else { |