Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.18 commit in: /
Date: Wed, 14 Nov 2018 13:16:04
Message-Id: 1542201339.9d152ea4454cd6ccffcb5738f232da5974d6a081.mpagano@gentoo
1 commit: 9d152ea4454cd6ccffcb5738f232da5974d6a081
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Fri Aug 24 11:46:20 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Wed Nov 14 13:15:39 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=9d152ea4
7
8 Linux patch 4.18.5
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1004_linux-4.18.5.patch | 742 ++++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 746 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index c7d6cc0..8da0979 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -59,6 +59,10 @@ Patch: 1003_linux-4.18.4.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.18.4
23
24 +Patch: 1004_linux-4.18.5.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.18.5
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1004_linux-4.18.5.patch b/1004_linux-4.18.5.patch
33 new file mode 100644
34 index 0000000..abf70a2
35 --- /dev/null
36 +++ b/1004_linux-4.18.5.patch
37 @@ -0,0 +1,742 @@
38 +diff --git a/Makefile b/Makefile
39 +index ef0dd566c104..a41692c5827a 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,7 +1,7 @@
43 + # SPDX-License-Identifier: GPL-2.0
44 + VERSION = 4
45 + PATCHLEVEL = 18
46 +-SUBLEVEL = 4
47 ++SUBLEVEL = 5
48 + EXTRAVERSION =
49 + NAME = Merciless Moray
50 +
51 +diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h
52 +index 6f84b6acc86e..8a63515f03bf 100644
53 +--- a/arch/parisc/include/asm/spinlock.h
54 ++++ b/arch/parisc/include/asm/spinlock.h
55 +@@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x,
56 + {
57 + volatile unsigned int *a;
58 +
59 +- mb();
60 + a = __ldcw_align(x);
61 + while (__ldcw(a) == 0)
62 + while (*a == 0)
63 +@@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x,
64 + local_irq_disable();
65 + } else
66 + cpu_relax();
67 +- mb();
68 + }
69 + #define arch_spin_lock_flags arch_spin_lock_flags
70 +
71 + static inline void arch_spin_unlock(arch_spinlock_t *x)
72 + {
73 + volatile unsigned int *a;
74 +- mb();
75 ++
76 + a = __ldcw_align(x);
77 +- *a = 1;
78 + mb();
79 ++ *a = 1;
80 + }
81 +
82 + static inline int arch_spin_trylock(arch_spinlock_t *x)
83 +@@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x)
84 + volatile unsigned int *a;
85 + int ret;
86 +
87 +- mb();
88 + a = __ldcw_align(x);
89 + ret = __ldcw(a) != 0;
90 +- mb();
91 +
92 + return ret;
93 + }
94 +diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S
95 +index 4886a6db42e9..5f7e57fcaeef 100644
96 +--- a/arch/parisc/kernel/syscall.S
97 ++++ b/arch/parisc/kernel/syscall.S
98 +@@ -629,12 +629,12 @@ cas_action:
99 + stw %r1, 4(%sr2,%r20)
100 + #endif
101 + /* The load and store could fail */
102 +-1: ldw,ma 0(%r26), %r28
103 ++1: ldw 0(%r26), %r28
104 + sub,<> %r28, %r25, %r0
105 +-2: stw,ma %r24, 0(%r26)
106 ++2: stw %r24, 0(%r26)
107 + /* Free lock */
108 + sync
109 +- stw,ma %r20, 0(%sr2,%r20)
110 ++ stw %r20, 0(%sr2,%r20)
111 + #if ENABLE_LWS_DEBUG
112 + /* Clear thread register indicator */
113 + stw %r0, 4(%sr2,%r20)
114 +@@ -798,30 +798,30 @@ cas2_action:
115 + ldo 1(%r0),%r28
116 +
117 + /* 8bit CAS */
118 +-13: ldb,ma 0(%r26), %r29
119 ++13: ldb 0(%r26), %r29
120 + sub,= %r29, %r25, %r0
121 + b,n cas2_end
122 +-14: stb,ma %r24, 0(%r26)
123 ++14: stb %r24, 0(%r26)
124 + b cas2_end
125 + copy %r0, %r28
126 + nop
127 + nop
128 +
129 + /* 16bit CAS */
130 +-15: ldh,ma 0(%r26), %r29
131 ++15: ldh 0(%r26), %r29
132 + sub,= %r29, %r25, %r0
133 + b,n cas2_end
134 +-16: sth,ma %r24, 0(%r26)
135 ++16: sth %r24, 0(%r26)
136 + b cas2_end
137 + copy %r0, %r28
138 + nop
139 + nop
140 +
141 + /* 32bit CAS */
142 +-17: ldw,ma 0(%r26), %r29
143 ++17: ldw 0(%r26), %r29
144 + sub,= %r29, %r25, %r0
145 + b,n cas2_end
146 +-18: stw,ma %r24, 0(%r26)
147 ++18: stw %r24, 0(%r26)
148 + b cas2_end
149 + copy %r0, %r28
150 + nop
151 +@@ -829,10 +829,10 @@ cas2_action:
152 +
153 + /* 64bit CAS */
154 + #ifdef CONFIG_64BIT
155 +-19: ldd,ma 0(%r26), %r29
156 ++19: ldd 0(%r26), %r29
157 + sub,*= %r29, %r25, %r0
158 + b,n cas2_end
159 +-20: std,ma %r24, 0(%r26)
160 ++20: std %r24, 0(%r26)
161 + copy %r0, %r28
162 + #else
163 + /* Compare first word */
164 +@@ -851,7 +851,7 @@ cas2_action:
165 + cas2_end:
166 + /* Free lock */
167 + sync
168 +- stw,ma %r20, 0(%sr2,%r20)
169 ++ stw %r20, 0(%sr2,%r20)
170 + /* Enable interrupts */
171 + ssm PSW_SM_I, %r0
172 + /* Return to userspace, set no error */
173 +diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
174 +index a8b277362931..4cb8f1f7b593 100644
175 +--- a/arch/powerpc/kernel/security.c
176 ++++ b/arch/powerpc/kernel/security.c
177 +@@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha
178 +
179 + ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
180 + {
181 +- if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
182 +- return sprintf(buf, "Not affected\n");
183 ++ struct seq_buf s;
184 ++
185 ++ seq_buf_init(&s, buf, PAGE_SIZE - 1);
186 +
187 +- if (barrier_nospec_enabled)
188 +- return sprintf(buf, "Mitigation: __user pointer sanitization\n");
189 ++ if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) {
190 ++ if (barrier_nospec_enabled)
191 ++ seq_buf_printf(&s, "Mitigation: __user pointer sanitization");
192 ++ else
193 ++ seq_buf_printf(&s, "Vulnerable");
194 +
195 +- return sprintf(buf, "Vulnerable\n");
196 ++ if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31))
197 ++ seq_buf_printf(&s, ", ori31 speculation barrier enabled");
198 ++
199 ++ seq_buf_printf(&s, "\n");
200 ++ } else
201 ++ seq_buf_printf(&s, "Not affected\n");
202 ++
203 ++ return s.len;
204 + }
205 +
206 + ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
207 + {
208 +- bool bcs, ccd, ori;
209 + struct seq_buf s;
210 ++ bool bcs, ccd;
211 +
212 + seq_buf_init(&s, buf, PAGE_SIZE - 1);
213 +
214 + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
215 + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
216 +- ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
217 +
218 + if (bcs || ccd) {
219 + seq_buf_printf(&s, "Mitigation: ");
220 +@@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c
221 + } else
222 + seq_buf_printf(&s, "Vulnerable");
223 +
224 +- if (ori)
225 +- seq_buf_printf(&s, ", ori31 speculation barrier enabled");
226 +-
227 + seq_buf_printf(&s, "\n");
228 +
229 + return s.len;
230 +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
231 +index 79e409974ccc..682286aca881 100644
232 +--- a/arch/x86/include/asm/processor.h
233 ++++ b/arch/x86/include/asm/processor.h
234 +@@ -971,6 +971,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
235 +
236 + extern unsigned long arch_align_stack(unsigned long sp);
237 + extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
238 ++extern void free_kernel_image_pages(void *begin, void *end);
239 +
240 + void default_idle(void);
241 + #ifdef CONFIG_XEN
242 +diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h
243 +index bd090367236c..34cffcef7375 100644
244 +--- a/arch/x86/include/asm/set_memory.h
245 ++++ b/arch/x86/include/asm/set_memory.h
246 +@@ -46,6 +46,7 @@ int set_memory_np(unsigned long addr, int numpages);
247 + int set_memory_4k(unsigned long addr, int numpages);
248 + int set_memory_encrypted(unsigned long addr, int numpages);
249 + int set_memory_decrypted(unsigned long addr, int numpages);
250 ++int set_memory_np_noalias(unsigned long addr, int numpages);
251 +
252 + int set_memory_array_uc(unsigned long *addr, int addrinarray);
253 + int set_memory_array_wc(unsigned long *addr, int addrinarray);
254 +diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
255 +index 83241eb71cd4..acfab322fbe0 100644
256 +--- a/arch/x86/mm/init.c
257 ++++ b/arch/x86/mm/init.c
258 +@@ -775,13 +775,44 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
259 + }
260 + }
261 +
262 ++/*
263 ++ * begin/end can be in the direct map or the "high kernel mapping"
264 ++ * used for the kernel image only. free_init_pages() will do the
265 ++ * right thing for either kind of address.
266 ++ */
267 ++void free_kernel_image_pages(void *begin, void *end)
268 ++{
269 ++ unsigned long begin_ul = (unsigned long)begin;
270 ++ unsigned long end_ul = (unsigned long)end;
271 ++ unsigned long len_pages = (end_ul - begin_ul) >> PAGE_SHIFT;
272 ++
273 ++
274 ++ free_init_pages("unused kernel image", begin_ul, end_ul);
275 ++
276 ++ /*
277 ++ * PTI maps some of the kernel into userspace. For performance,
278 ++ * this includes some kernel areas that do not contain secrets.
279 ++ * Those areas might be adjacent to the parts of the kernel image
280 ++ * being freed, which may contain secrets. Remove the "high kernel
281 ++ * image mapping" for these freed areas, ensuring they are not even
282 ++ * potentially vulnerable to Meltdown regardless of the specific
283 ++ * optimizations PTI is currently using.
284 ++ *
285 ++ * The "noalias" prevents unmapping the direct map alias which is
286 ++ * needed to access the freed pages.
287 ++ *
288 ++ * This is only valid for 64bit kernels. 32bit has only one mapping
289 ++ * which can't be treated in this way for obvious reasons.
290 ++ */
291 ++ if (IS_ENABLED(CONFIG_X86_64) && cpu_feature_enabled(X86_FEATURE_PTI))
292 ++ set_memory_np_noalias(begin_ul, len_pages);
293 ++}
294 ++
295 + void __ref free_initmem(void)
296 + {
297 + e820__reallocate_tables();
298 +
299 +- free_init_pages("unused kernel",
300 +- (unsigned long)(&__init_begin),
301 +- (unsigned long)(&__init_end));
302 ++ free_kernel_image_pages(&__init_begin, &__init_end);
303 + }
304 +
305 + #ifdef CONFIG_BLK_DEV_INITRD
306 +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
307 +index a688617c727e..68c292cb1ebf 100644
308 +--- a/arch/x86/mm/init_64.c
309 ++++ b/arch/x86/mm/init_64.c
310 +@@ -1283,12 +1283,8 @@ void mark_rodata_ro(void)
311 + set_memory_ro(start, (end-start) >> PAGE_SHIFT);
312 + #endif
313 +
314 +- free_init_pages("unused kernel",
315 +- (unsigned long) __va(__pa_symbol(text_end)),
316 +- (unsigned long) __va(__pa_symbol(rodata_start)));
317 +- free_init_pages("unused kernel",
318 +- (unsigned long) __va(__pa_symbol(rodata_end)),
319 +- (unsigned long) __va(__pa_symbol(_sdata)));
320 ++ free_kernel_image_pages((void *)text_end, (void *)rodata_start);
321 ++ free_kernel_image_pages((void *)rodata_end, (void *)_sdata);
322 +
323 + debug_checkwx();
324 +
325 +diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
326 +index 29505724202a..8d6c34fe49be 100644
327 +--- a/arch/x86/mm/pageattr.c
328 ++++ b/arch/x86/mm/pageattr.c
329 +@@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(cpa_lock);
330 + #define CPA_FLUSHTLB 1
331 + #define CPA_ARRAY 2
332 + #define CPA_PAGES_ARRAY 4
333 ++#define CPA_NO_CHECK_ALIAS 8 /* Do not search for aliases */
334 +
335 + #ifdef CONFIG_PROC_FS
336 + static unsigned long direct_pages_count[PG_LEVEL_NUM];
337 +@@ -1486,6 +1487,9 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages,
338 +
339 + /* No alias checking for _NX bit modifications */
340 + checkalias = (pgprot_val(mask_set) | pgprot_val(mask_clr)) != _PAGE_NX;
341 ++ /* Has caller explicitly disabled alias checking? */
342 ++ if (in_flag & CPA_NO_CHECK_ALIAS)
343 ++ checkalias = 0;
344 +
345 + ret = __change_page_attr_set_clr(&cpa, checkalias);
346 +
347 +@@ -1772,6 +1776,15 @@ int set_memory_np(unsigned long addr, int numpages)
348 + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_PRESENT), 0);
349 + }
350 +
351 ++int set_memory_np_noalias(unsigned long addr, int numpages)
352 ++{
353 ++ int cpa_flags = CPA_NO_CHECK_ALIAS;
354 ++
355 ++ return change_page_attr_set_clr(&addr, numpages, __pgprot(0),
356 ++ __pgprot(_PAGE_PRESENT), 0,
357 ++ cpa_flags, NULL);
358 ++}
359 ++
360 + int set_memory_4k(unsigned long addr, int numpages)
361 + {
362 + return change_page_attr_set_clr(&addr, numpages, __pgprot(0),
363 +diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
364 +index 3bb82e511eca..7d3edd713932 100644
365 +--- a/drivers/edac/edac_mc.c
366 ++++ b/drivers/edac/edac_mc.c
367 +@@ -215,6 +215,7 @@ const char * const edac_mem_types[] = {
368 + [MEM_LRDDR3] = "Load-Reduced-DDR3-RAM",
369 + [MEM_DDR4] = "Unbuffered-DDR4",
370 + [MEM_RDDR4] = "Registered-DDR4",
371 ++ [MEM_LRDDR4] = "Load-Reduced-DDR4-RAM",
372 + [MEM_NVDIMM] = "Non-volatile-RAM",
373 + };
374 + EXPORT_SYMBOL_GPL(edac_mem_types);
375 +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
376 +index fc818b4d849c..a44c3d58fef4 100644
377 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
378 ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
379 +@@ -31,7 +31,7 @@
380 + #include <linux/power_supply.h>
381 + #include <linux/hwmon.h>
382 + #include <linux/hwmon-sysfs.h>
383 +-
384 ++#include <linux/nospec.h>
385 +
386 + static int amdgpu_debugfs_pm_init(struct amdgpu_device *adev);
387 +
388 +@@ -393,6 +393,7 @@ static ssize_t amdgpu_set_pp_force_state(struct device *dev,
389 + count = -EINVAL;
390 + goto fail;
391 + }
392 ++ idx = array_index_nospec(idx, ARRAY_SIZE(data.states));
393 +
394 + amdgpu_dpm_get_pp_num_states(adev, &data);
395 + state = data.states[idx];
396 +diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
397 +index df4e4a07db3d..14dce5c201d5 100644
398 +--- a/drivers/gpu/drm/i915/gvt/kvmgt.c
399 ++++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
400 +@@ -43,6 +43,8 @@
401 + #include <linux/mdev.h>
402 + #include <linux/debugfs.h>
403 +
404 ++#include <linux/nospec.h>
405 ++
406 + #include "i915_drv.h"
407 + #include "gvt.h"
408 +
409 +@@ -1084,7 +1086,8 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
410 + } else if (cmd == VFIO_DEVICE_GET_REGION_INFO) {
411 + struct vfio_region_info info;
412 + struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
413 +- int i, ret;
414 ++ unsigned int i;
415 ++ int ret;
416 + struct vfio_region_info_cap_sparse_mmap *sparse = NULL;
417 + size_t size;
418 + int nr_areas = 1;
419 +@@ -1169,6 +1172,10 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
420 + if (info.index >= VFIO_PCI_NUM_REGIONS +
421 + vgpu->vdev.num_regions)
422 + return -EINVAL;
423 ++ info.index =
424 ++ array_index_nospec(info.index,
425 ++ VFIO_PCI_NUM_REGIONS +
426 ++ vgpu->vdev.num_regions);
427 +
428 + i = info.index - VFIO_PCI_NUM_REGIONS;
429 +
430 +diff --git a/drivers/i2c/busses/i2c-imx.c b/drivers/i2c/busses/i2c-imx.c
431 +index 498c5e891649..ad6adefb64da 100644
432 +--- a/drivers/i2c/busses/i2c-imx.c
433 ++++ b/drivers/i2c/busses/i2c-imx.c
434 +@@ -668,9 +668,6 @@ static int i2c_imx_dma_read(struct imx_i2c_struct *i2c_imx,
435 + struct imx_i2c_dma *dma = i2c_imx->dma;
436 + struct device *dev = &i2c_imx->adapter.dev;
437 +
438 +- temp = imx_i2c_read_reg(i2c_imx, IMX_I2C_I2CR);
439 +- temp |= I2CR_DMAEN;
440 +- imx_i2c_write_reg(temp, i2c_imx, IMX_I2C_I2CR);
441 +
442 + dma->chan_using = dma->chan_rx;
443 + dma->dma_transfer_dir = DMA_DEV_TO_MEM;
444 +@@ -783,6 +780,7 @@ static int i2c_imx_read(struct imx_i2c_struct *i2c_imx, struct i2c_msg *msgs, bo
445 + int i, result;
446 + unsigned int temp;
447 + int block_data = msgs->flags & I2C_M_RECV_LEN;
448 ++ int use_dma = i2c_imx->dma && msgs->len >= DMA_THRESHOLD && !block_data;
449 +
450 + dev_dbg(&i2c_imx->adapter.dev,
451 + "<%s> write slave address: addr=0x%x\n",
452 +@@ -809,12 +807,14 @@ static int i2c_imx_read(struct imx_i2c_struct *i2c_imx, struct i2c_msg *msgs, bo
453 + */
454 + if ((msgs->len - 1) || block_data)
455 + temp &= ~I2CR_TXAK;
456 ++ if (use_dma)
457 ++ temp |= I2CR_DMAEN;
458 + imx_i2c_write_reg(temp, i2c_imx, IMX_I2C_I2CR);
459 + imx_i2c_read_reg(i2c_imx, IMX_I2C_I2DR); /* dummy read */
460 +
461 + dev_dbg(&i2c_imx->adapter.dev, "<%s> read data\n", __func__);
462 +
463 +- if (i2c_imx->dma && msgs->len >= DMA_THRESHOLD && !block_data)
464 ++ if (use_dma)
465 + return i2c_imx_dma_read(i2c_imx, msgs, is_lastmsg);
466 +
467 + /* read data */
468 +diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c
469 +index 7c3b4740b94b..b8f303dea305 100644
470 +--- a/drivers/i2c/i2c-core-acpi.c
471 ++++ b/drivers/i2c/i2c-core-acpi.c
472 +@@ -482,11 +482,16 @@ static int acpi_gsb_i2c_write_bytes(struct i2c_client *client,
473 + msgs[0].buf = buffer;
474 +
475 + ret = i2c_transfer(client->adapter, msgs, ARRAY_SIZE(msgs));
476 +- if (ret < 0)
477 +- dev_err(&client->adapter->dev, "i2c write failed\n");
478 +
479 + kfree(buffer);
480 +- return ret;
481 ++
482 ++ if (ret < 0) {
483 ++ dev_err(&client->adapter->dev, "i2c write failed: %d\n", ret);
484 ++ return ret;
485 ++ }
486 ++
487 ++ /* 1 transfer must have completed successfully */
488 ++ return (ret == 1) ? 0 : -EIO;
489 + }
490 +
491 + static acpi_status
492 +diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c
493 +index 0fae816fba39..44604af23b3a 100644
494 +--- a/drivers/pci/controller/pci-aardvark.c
495 ++++ b/drivers/pci/controller/pci-aardvark.c
496 +@@ -952,6 +952,7 @@ static int advk_pcie_probe(struct platform_device *pdev)
497 +
498 + bus = bridge->bus;
499 +
500 ++ pci_bus_size_bridges(bus);
501 + pci_bus_assign_resources(bus);
502 +
503 + list_for_each_entry(child, &bus->children, node)
504 +diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c
505 +index af92fed46ab7..fd93783a87b0 100644
506 +--- a/drivers/pci/hotplug/pci_hotplug_core.c
507 ++++ b/drivers/pci/hotplug/pci_hotplug_core.c
508 +@@ -438,8 +438,17 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus,
509 + list_add(&slot->slot_list, &pci_hotplug_slot_list);
510 +
511 + result = fs_add_slot(pci_slot);
512 ++ if (result)
513 ++ goto err_list_del;
514 ++
515 + kobject_uevent(&pci_slot->kobj, KOBJ_ADD);
516 + dbg("Added slot %s to the list\n", name);
517 ++ goto out;
518 ++
519 ++err_list_del:
520 ++ list_del(&slot->slot_list);
521 ++ pci_slot->hotplug = NULL;
522 ++ pci_destroy_slot(pci_slot);
523 + out:
524 + mutex_unlock(&pci_hp_mutex);
525 + return result;
526 +diff --git a/drivers/pci/hotplug/pciehp.h b/drivers/pci/hotplug/pciehp.h
527 +index 5f892065585e..fca87a1a2b22 100644
528 +--- a/drivers/pci/hotplug/pciehp.h
529 ++++ b/drivers/pci/hotplug/pciehp.h
530 +@@ -119,6 +119,7 @@ int pciehp_unconfigure_device(struct slot *p_slot);
531 + void pciehp_queue_pushbutton_work(struct work_struct *work);
532 + struct controller *pcie_init(struct pcie_device *dev);
533 + int pcie_init_notification(struct controller *ctrl);
534 ++void pcie_shutdown_notification(struct controller *ctrl);
535 + int pciehp_enable_slot(struct slot *p_slot);
536 + int pciehp_disable_slot(struct slot *p_slot);
537 + void pcie_reenable_notification(struct controller *ctrl);
538 +diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c
539 +index 44a6a63802d5..2ba59fc94827 100644
540 +--- a/drivers/pci/hotplug/pciehp_core.c
541 ++++ b/drivers/pci/hotplug/pciehp_core.c
542 +@@ -62,6 +62,12 @@ static int reset_slot(struct hotplug_slot *slot, int probe);
543 + */
544 + static void release_slot(struct hotplug_slot *hotplug_slot)
545 + {
546 ++ struct slot *slot = hotplug_slot->private;
547 ++
548 ++ /* queued work needs hotplug_slot name */
549 ++ cancel_delayed_work(&slot->work);
550 ++ drain_workqueue(slot->wq);
551 ++
552 + kfree(hotplug_slot->ops);
553 + kfree(hotplug_slot->info);
554 + kfree(hotplug_slot);
555 +@@ -264,6 +270,7 @@ static void pciehp_remove(struct pcie_device *dev)
556 + {
557 + struct controller *ctrl = get_service_data(dev);
558 +
559 ++ pcie_shutdown_notification(ctrl);
560 + cleanup_slot(ctrl);
561 + pciehp_release_ctrl(ctrl);
562 + }
563 +diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c
564 +index 718b6073afad..aff191b4552c 100644
565 +--- a/drivers/pci/hotplug/pciehp_hpc.c
566 ++++ b/drivers/pci/hotplug/pciehp_hpc.c
567 +@@ -539,8 +539,6 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id)
568 + {
569 + struct controller *ctrl = (struct controller *)dev_id;
570 + struct pci_dev *pdev = ctrl_dev(ctrl);
571 +- struct pci_bus *subordinate = pdev->subordinate;
572 +- struct pci_dev *dev;
573 + struct slot *slot = ctrl->slot;
574 + u16 status, events;
575 + u8 present;
576 +@@ -588,14 +586,9 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id)
577 + wake_up(&ctrl->queue);
578 + }
579 +
580 +- if (subordinate) {
581 +- list_for_each_entry(dev, &subordinate->devices, bus_list) {
582 +- if (dev->ignore_hotplug) {
583 +- ctrl_dbg(ctrl, "ignoring hotplug event %#06x (%s requested no hotplug)\n",
584 +- events, pci_name(dev));
585 +- return IRQ_HANDLED;
586 +- }
587 +- }
588 ++ if (pdev->ignore_hotplug) {
589 ++ ctrl_dbg(ctrl, "ignoring hotplug event %#06x\n", events);
590 ++ return IRQ_HANDLED;
591 + }
592 +
593 + /* Check Attention Button Pressed */
594 +@@ -765,7 +758,7 @@ int pcie_init_notification(struct controller *ctrl)
595 + return 0;
596 + }
597 +
598 +-static void pcie_shutdown_notification(struct controller *ctrl)
599 ++void pcie_shutdown_notification(struct controller *ctrl)
600 + {
601 + if (ctrl->notification_enabled) {
602 + pcie_disable_notification(ctrl);
603 +@@ -800,7 +793,7 @@ abort:
604 + static void pcie_cleanup_slot(struct controller *ctrl)
605 + {
606 + struct slot *slot = ctrl->slot;
607 +- cancel_delayed_work(&slot->work);
608 ++
609 + destroy_workqueue(slot->wq);
610 + kfree(slot);
611 + }
612 +@@ -893,7 +886,6 @@ abort:
613 +
614 + void pciehp_release_ctrl(struct controller *ctrl)
615 + {
616 +- pcie_shutdown_notification(ctrl);
617 + pcie_cleanup_slot(ctrl);
618 + kfree(ctrl);
619 + }
620 +diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c
621 +index 89ee6a2b6eb8..5d1698265da5 100644
622 +--- a/drivers/pci/pci-acpi.c
623 ++++ b/drivers/pci/pci-acpi.c
624 +@@ -632,13 +632,11 @@ static bool acpi_pci_need_resume(struct pci_dev *dev)
625 + /*
626 + * In some cases (eg. Samsung 305V4A) leaving a bridge in suspend over
627 + * system-wide suspend/resume confuses the platform firmware, so avoid
628 +- * doing that, unless the bridge has a driver that should take care of
629 +- * the PM handling. According to Section 16.1.6 of ACPI 6.2, endpoint
630 ++ * doing that. According to Section 16.1.6 of ACPI 6.2, endpoint
631 + * devices are expected to be in D3 before invoking the S3 entry path
632 + * from the firmware, so they should not be affected by this issue.
633 + */
634 +- if (pci_is_bridge(dev) && !dev->driver &&
635 +- acpi_target_system_state() != ACPI_STATE_S0)
636 ++ if (pci_is_bridge(dev) && acpi_target_system_state() != ACPI_STATE_S0)
637 + return true;
638 +
639 + if (!adev || !acpi_device_power_manageable(adev))
640 +diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
641 +index 316496e99da9..0abe2865a3a5 100644
642 +--- a/drivers/pci/pci.c
643 ++++ b/drivers/pci/pci.c
644 +@@ -1171,6 +1171,33 @@ static void pci_restore_config_space(struct pci_dev *pdev)
645 + }
646 + }
647 +
648 ++static void pci_restore_rebar_state(struct pci_dev *pdev)
649 ++{
650 ++ unsigned int pos, nbars, i;
651 ++ u32 ctrl;
652 ++
653 ++ pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_REBAR);
654 ++ if (!pos)
655 ++ return;
656 ++
657 ++ pci_read_config_dword(pdev, pos + PCI_REBAR_CTRL, &ctrl);
658 ++ nbars = (ctrl & PCI_REBAR_CTRL_NBAR_MASK) >>
659 ++ PCI_REBAR_CTRL_NBAR_SHIFT;
660 ++
661 ++ for (i = 0; i < nbars; i++, pos += 8) {
662 ++ struct resource *res;
663 ++ int bar_idx, size;
664 ++
665 ++ pci_read_config_dword(pdev, pos + PCI_REBAR_CTRL, &ctrl);
666 ++ bar_idx = ctrl & PCI_REBAR_CTRL_BAR_IDX;
667 ++ res = pdev->resource + bar_idx;
668 ++ size = order_base_2((resource_size(res) >> 20) | 1) - 1;
669 ++ ctrl &= ~PCI_REBAR_CTRL_BAR_SIZE;
670 ++ ctrl |= size << 8;
671 ++ pci_write_config_dword(pdev, pos + PCI_REBAR_CTRL, ctrl);
672 ++ }
673 ++}
674 ++
675 + /**
676 + * pci_restore_state - Restore the saved state of a PCI device
677 + * @dev: - PCI device that we're dealing with
678 +@@ -1186,6 +1213,7 @@ void pci_restore_state(struct pci_dev *dev)
679 + pci_restore_pri_state(dev);
680 + pci_restore_ats_state(dev);
681 + pci_restore_vc_state(dev);
682 ++ pci_restore_rebar_state(dev);
683 +
684 + pci_cleanup_aer_error_status_regs(dev);
685 +
686 +diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
687 +index 611adcd9c169..b2857865c0aa 100644
688 +--- a/drivers/pci/probe.c
689 ++++ b/drivers/pci/probe.c
690 +@@ -1730,6 +1730,10 @@ static void pci_configure_mps(struct pci_dev *dev)
691 + if (!pci_is_pcie(dev) || !bridge || !pci_is_pcie(bridge))
692 + return;
693 +
694 ++ /* MPS and MRRS fields are of type 'RsvdP' for VFs, short-circuit out */
695 ++ if (dev->is_virtfn)
696 ++ return;
697 ++
698 + mps = pcie_get_mps(dev);
699 + p_mps = pcie_get_mps(bridge);
700 +
701 +diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
702 +index b0e2c4847a5d..678406e0948b 100644
703 +--- a/drivers/tty/pty.c
704 ++++ b/drivers/tty/pty.c
705 +@@ -625,7 +625,7 @@ int ptm_open_peer(struct file *master, struct tty_struct *tty, int flags)
706 + if (tty->driver != ptm_driver)
707 + return -EIO;
708 +
709 +- fd = get_unused_fd_flags(0);
710 ++ fd = get_unused_fd_flags(flags);
711 + if (fd < 0) {
712 + retval = fd;
713 + goto err;
714 +diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
715 +index f7ab34088162..8b24d3d42cb3 100644
716 +--- a/fs/ext4/mballoc.c
717 ++++ b/fs/ext4/mballoc.c
718 +@@ -14,6 +14,7 @@
719 + #include <linux/log2.h>
720 + #include <linux/module.h>
721 + #include <linux/slab.h>
722 ++#include <linux/nospec.h>
723 + #include <linux/backing-dev.h>
724 + #include <trace/events/ext4.h>
725 +
726 +@@ -2140,7 +2141,8 @@ ext4_mb_regular_allocator(struct ext4_allocation_context *ac)
727 + * This should tell if fe_len is exactly power of 2
728 + */
729 + if ((ac->ac_g_ex.fe_len & (~(1 << (i - 1)))) == 0)
730 +- ac->ac_2order = i - 1;
731 ++ ac->ac_2order = array_index_nospec(i - 1,
732 ++ sb->s_blocksize_bits + 2);
733 + }
734 +
735 + /* if stream allocation is enabled, use global goal */
736 +diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
737 +index ff94fad477e4..48cdfc81fe10 100644
738 +--- a/fs/reiserfs/xattr.c
739 ++++ b/fs/reiserfs/xattr.c
740 +@@ -792,8 +792,10 @@ static int listxattr_filler(struct dir_context *ctx, const char *name,
741 + return 0;
742 + size = namelen + 1;
743 + if (b->buf) {
744 +- if (size > b->size)
745 ++ if (b->pos + size > b->size) {
746 ++ b->pos = -ERANGE;
747 + return -ERANGE;
748 ++ }
749 + memcpy(b->buf + b->pos, name, namelen);
750 + b->buf[b->pos + namelen] = 0;
751 + }
752 +diff --git a/mm/page_alloc.c b/mm/page_alloc.c
753 +index a790ef4be74e..3222193c46c6 100644
754 +--- a/mm/page_alloc.c
755 ++++ b/mm/page_alloc.c
756 +@@ -6939,9 +6939,21 @@ unsigned long free_reserved_area(void *start, void *end, int poison, char *s)
757 + start = (void *)PAGE_ALIGN((unsigned long)start);
758 + end = (void *)((unsigned long)end & PAGE_MASK);
759 + for (pos = start; pos < end; pos += PAGE_SIZE, pages++) {
760 ++ struct page *page = virt_to_page(pos);
761 ++ void *direct_map_addr;
762 ++
763 ++ /*
764 ++ * 'direct_map_addr' might be different from 'pos'
765 ++ * because some architectures' virt_to_page()
766 ++ * work with aliases. Getting the direct map
767 ++ * address ensures that we get a _writeable_
768 ++ * alias for the memset().
769 ++ */
770 ++ direct_map_addr = page_address(page);
771 + if ((unsigned int)poison <= 0xFF)
772 +- memset(pos, poison, PAGE_SIZE);
773 +- free_reserved_page(virt_to_page(pos));
774 ++ memset(direct_map_addr, poison, PAGE_SIZE);
775 ++
776 ++ free_reserved_page(page);
777 + }
778 +
779 + if (pages && s)
Report Message
Find on MARC Find on Google Groups