Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.18 commit in: /
Date: Fri, 24 Aug 2018 11:46:34
Message-Id: 1535111180.f6b7dd03deac6395d6e2c321ff32c5df7296c3a8.mpagano@gentoo
1 commit: f6b7dd03deac6395d6e2c321ff32c5df7296c3a8
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Fri Aug 24 11:46:20 2018 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Fri Aug 24 11:46:20 2018 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=f6b7dd03
7
8 Linux patch 4.18.5
9
10 0000_README | 4 +
11 1004_linux-4.18.5.patch | 742 ++++++++++++++++++++++++++++++++++++++++++++++++
12 2 files changed, 746 insertions(+)
13
14 diff --git a/0000_README b/0000_README
15 index c7d6cc0..8da0979 100644
16 --- a/0000_README
17 +++ b/0000_README
18 @@ -59,6 +59,10 @@ Patch: 1003_linux-4.18.4.patch
19 From: http://www.kernel.org
20 Desc: Linux 4.18.4
21
22 +Patch: 1004_linux-4.18.5.patch
23 +From: http://www.kernel.org
24 +Desc: Linux 4.18.5
25 +
26 Patch: 1500_XATTR_USER_PREFIX.patch
27 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
28 Desc: Support for namespace user.pax.* on tmpfs.
29
30 diff --git a/1004_linux-4.18.5.patch b/1004_linux-4.18.5.patch
31 new file mode 100644
32 index 0000000..abf70a2
33 --- /dev/null
34 +++ b/1004_linux-4.18.5.patch
35 @@ -0,0 +1,742 @@
36 +diff --git a/Makefile b/Makefile
37 +index ef0dd566c104..a41692c5827a 100644
38 +--- a/Makefile
39 ++++ b/Makefile
40 +@@ -1,7 +1,7 @@
41 + # SPDX-License-Identifier: GPL-2.0
42 + VERSION = 4
43 + PATCHLEVEL = 18
44 +-SUBLEVEL = 4
45 ++SUBLEVEL = 5
46 + EXTRAVERSION =
47 + NAME = Merciless Moray
48 +
49 +diff --git a/arch/parisc/include/asm/spinlock.h b/arch/parisc/include/asm/spinlock.h
50 +index 6f84b6acc86e..8a63515f03bf 100644
51 +--- a/arch/parisc/include/asm/spinlock.h
52 ++++ b/arch/parisc/include/asm/spinlock.h
53 +@@ -20,7 +20,6 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x,
54 + {
55 + volatile unsigned int *a;
56 +
57 +- mb();
58 + a = __ldcw_align(x);
59 + while (__ldcw(a) == 0)
60 + while (*a == 0)
61 +@@ -30,17 +29,16 @@ static inline void arch_spin_lock_flags(arch_spinlock_t *x,
62 + local_irq_disable();
63 + } else
64 + cpu_relax();
65 +- mb();
66 + }
67 + #define arch_spin_lock_flags arch_spin_lock_flags
68 +
69 + static inline void arch_spin_unlock(arch_spinlock_t *x)
70 + {
71 + volatile unsigned int *a;
72 +- mb();
73 ++
74 + a = __ldcw_align(x);
75 +- *a = 1;
76 + mb();
77 ++ *a = 1;
78 + }
79 +
80 + static inline int arch_spin_trylock(arch_spinlock_t *x)
81 +@@ -48,10 +46,8 @@ static inline int arch_spin_trylock(arch_spinlock_t *x)
82 + volatile unsigned int *a;
83 + int ret;
84 +
85 +- mb();
86 + a = __ldcw_align(x);
87 + ret = __ldcw(a) != 0;
88 +- mb();
89 +
90 + return ret;
91 + }
92 +diff --git a/arch/parisc/kernel/syscall.S b/arch/parisc/kernel/syscall.S
93 +index 4886a6db42e9..5f7e57fcaeef 100644
94 +--- a/arch/parisc/kernel/syscall.S
95 ++++ b/arch/parisc/kernel/syscall.S
96 +@@ -629,12 +629,12 @@ cas_action:
97 + stw %r1, 4(%sr2,%r20)
98 + #endif
99 + /* The load and store could fail */
100 +-1: ldw,ma 0(%r26), %r28
101 ++1: ldw 0(%r26), %r28
102 + sub,<> %r28, %r25, %r0
103 +-2: stw,ma %r24, 0(%r26)
104 ++2: stw %r24, 0(%r26)
105 + /* Free lock */
106 + sync
107 +- stw,ma %r20, 0(%sr2,%r20)
108 ++ stw %r20, 0(%sr2,%r20)
109 + #if ENABLE_LWS_DEBUG
110 + /* Clear thread register indicator */
111 + stw %r0, 4(%sr2,%r20)
112 +@@ -798,30 +798,30 @@ cas2_action:
113 + ldo 1(%r0),%r28
114 +
115 + /* 8bit CAS */
116 +-13: ldb,ma 0(%r26), %r29
117 ++13: ldb 0(%r26), %r29
118 + sub,= %r29, %r25, %r0
119 + b,n cas2_end
120 +-14: stb,ma %r24, 0(%r26)
121 ++14: stb %r24, 0(%r26)
122 + b cas2_end
123 + copy %r0, %r28
124 + nop
125 + nop
126 +
127 + /* 16bit CAS */
128 +-15: ldh,ma 0(%r26), %r29
129 ++15: ldh 0(%r26), %r29
130 + sub,= %r29, %r25, %r0
131 + b,n cas2_end
132 +-16: sth,ma %r24, 0(%r26)
133 ++16: sth %r24, 0(%r26)
134 + b cas2_end
135 + copy %r0, %r28
136 + nop
137 + nop
138 +
139 + /* 32bit CAS */
140 +-17: ldw,ma 0(%r26), %r29
141 ++17: ldw 0(%r26), %r29
142 + sub,= %r29, %r25, %r0
143 + b,n cas2_end
144 +-18: stw,ma %r24, 0(%r26)
145 ++18: stw %r24, 0(%r26)
146 + b cas2_end
147 + copy %r0, %r28
148 + nop
149 +@@ -829,10 +829,10 @@ cas2_action:
150 +
151 + /* 64bit CAS */
152 + #ifdef CONFIG_64BIT
153 +-19: ldd,ma 0(%r26), %r29
154 ++19: ldd 0(%r26), %r29
155 + sub,*= %r29, %r25, %r0
156 + b,n cas2_end
157 +-20: std,ma %r24, 0(%r26)
158 ++20: std %r24, 0(%r26)
159 + copy %r0, %r28
160 + #else
161 + /* Compare first word */
162 +@@ -851,7 +851,7 @@ cas2_action:
163 + cas2_end:
164 + /* Free lock */
165 + sync
166 +- stw,ma %r20, 0(%sr2,%r20)
167 ++ stw %r20, 0(%sr2,%r20)
168 + /* Enable interrupts */
169 + ssm PSW_SM_I, %r0
170 + /* Return to userspace, set no error */
171 +diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
172 +index a8b277362931..4cb8f1f7b593 100644
173 +--- a/arch/powerpc/kernel/security.c
174 ++++ b/arch/powerpc/kernel/security.c
175 +@@ -117,25 +117,35 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha
176 +
177 + ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
178 + {
179 +- if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
180 +- return sprintf(buf, "Not affected\n");
181 ++ struct seq_buf s;
182 ++
183 ++ seq_buf_init(&s, buf, PAGE_SIZE - 1);
184 +
185 +- if (barrier_nospec_enabled)
186 +- return sprintf(buf, "Mitigation: __user pointer sanitization\n");
187 ++ if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) {
188 ++ if (barrier_nospec_enabled)
189 ++ seq_buf_printf(&s, "Mitigation: __user pointer sanitization");
190 ++ else
191 ++ seq_buf_printf(&s, "Vulnerable");
192 +
193 +- return sprintf(buf, "Vulnerable\n");
194 ++ if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31))
195 ++ seq_buf_printf(&s, ", ori31 speculation barrier enabled");
196 ++
197 ++ seq_buf_printf(&s, "\n");
198 ++ } else
199 ++ seq_buf_printf(&s, "Not affected\n");
200 ++
201 ++ return s.len;
202 + }
203 +
204 + ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
205 + {
206 +- bool bcs, ccd, ori;
207 + struct seq_buf s;
208 ++ bool bcs, ccd;
209 +
210 + seq_buf_init(&s, buf, PAGE_SIZE - 1);
211 +
212 + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
213 + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
214 +- ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
215 +
216 + if (bcs || ccd) {
217 + seq_buf_printf(&s, "Mitigation: ");
218 +@@ -151,9 +161,6 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c
219 + } else
220 + seq_buf_printf(&s, "Vulnerable");
221 +
222 +- if (ori)
223 +- seq_buf_printf(&s, ", ori31 speculation barrier enabled");
224 +-
225 + seq_buf_printf(&s, "\n");
226 +
227 + return s.len;
228 +diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
229 +index 79e409974ccc..682286aca881 100644
230 +--- a/arch/x86/include/asm/processor.h
231 ++++ b/arch/x86/include/asm/processor.h
232 +@@ -971,6 +971,7 @@ static inline uint32_t hypervisor_cpuid_base(const char *sig, uint32_t leaves)
233 +
234 + extern unsigned long arch_align_stack(unsigned long sp);
235 + extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
236 ++extern void free_kernel_image_pages(void *begin, void *end);
237 +
238 + void default_idle(void);
239 + #ifdef CONFIG_XEN
240 +diff --git a/arch/x86/include/asm/set_memory.h b/arch/x86/include/asm/set_memory.h
241 +index bd090367236c..34cffcef7375 100644
242 +--- a/arch/x86/include/asm/set_memory.h
243 ++++ b/arch/x86/include/asm/set_memory.h
244 +@@ -46,6 +46,7 @@ int set_memory_np(unsigned long addr, int numpages);
245 + int set_memory_4k(unsigned long addr, int numpages);
246 + int set_memory_encrypted(unsigned long addr, int numpages);
247 + int set_memory_decrypted(unsigned long addr, int numpages);
248 ++int set_memory_np_noalias(unsigned long addr, int numpages);
249 +
250 + int set_memory_array_uc(unsigned long *addr, int addrinarray);
251 + int set_memory_array_wc(unsigned long *addr, int addrinarray);
252 +diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
253 +index 83241eb71cd4..acfab322fbe0 100644
254 +--- a/arch/x86/mm/init.c
255 ++++ b/arch/x86/mm/init.c
256 +@@ -775,13 +775,44 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
257 + }
258 + }
259 +
260 ++/*
261 ++ * begin/end can be in the direct map or the "high kernel mapping"
262 ++ * used for the kernel image only. free_init_pages() will do the
263 ++ * right thing for either kind of address.
264 ++ */
265 ++void free_kernel_image_pages(void *begin, void *end)
266 ++{
267 ++ unsigned long begin_ul = (unsigned long)begin;
268 ++ unsigned long end_ul = (unsigned long)end;
269 ++ unsigned long len_pages = (end_ul - begin_ul) >> PAGE_SHIFT;
270 ++
271 ++
272 ++ free_init_pages("unused kernel image", begin_ul, end_ul);
273 ++
274 ++ /*
275 ++ * PTI maps some of the kernel into userspace. For performance,
276 ++ * this includes some kernel areas that do not contain secrets.
277 ++ * Those areas might be adjacent to the parts of the kernel image
278 ++ * being freed, which may contain secrets. Remove the "high kernel
279 ++ * image mapping" for these freed areas, ensuring they are not even
280 ++ * potentially vulnerable to Meltdown regardless of the specific
281 ++ * optimizations PTI is currently using.
282 ++ *
283 ++ * The "noalias" prevents unmapping the direct map alias which is
284 ++ * needed to access the freed pages.
285 ++ *
286 ++ * This is only valid for 64bit kernels. 32bit has only one mapping
287 ++ * which can't be treated in this way for obvious reasons.
288 ++ */
289 ++ if (IS_ENABLED(CONFIG_X86_64) && cpu_feature_enabled(X86_FEATURE_PTI))
290 ++ set_memory_np_noalias(begin_ul, len_pages);
291 ++}
292 ++
293 + void __ref free_initmem(void)
294 + {
295 + e820__reallocate_tables();
296 +
297 +- free_init_pages("unused kernel",
298 +- (unsigned long)(&__init_begin),
299 +- (unsigned long)(&__init_end));
300 ++ free_kernel_image_pages(&__init_begin, &__init_end);
301 + }
302 +
303 + #ifdef CONFIG_BLK_DEV_INITRD
304 +diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
305 +index a688617c727e..68c292cb1ebf 100644
306 +--- a/arch/x86/mm/init_64.c
307 ++++ b/arch/x86/mm/init_64.c
308 +@@ -1283,12 +1283,8 @@ void mark_rodata_ro(void)
309 + set_memory_ro(start, (end-start) >> PAGE_SHIFT);
310 + #endif
311 +
312 +- free_init_pages("unused kernel",
313 +- (unsigned long) __va(__pa_symbol(text_end)),
314 +- (unsigned long) __va(__pa_symbol(rodata_start)));
315 +- free_init_pages("unused kernel",
316 +- (unsigned long) __va(__pa_symbol(rodata_end)),
317 +- (unsigned long) __va(__pa_symbol(_sdata)));
318 ++ free_kernel_image_pages((void *)text_end, (void *)rodata_start);
319 ++ free_kernel_image_pages((void *)rodata_end, (void *)_sdata);
320 +
321 + debug_checkwx();
322 +
323 +diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
324 +index 29505724202a..8d6c34fe49be 100644
325 +--- a/arch/x86/mm/pageattr.c
326 ++++ b/arch/x86/mm/pageattr.c
327 +@@ -53,6 +53,7 @@ static DEFINE_SPINLOCK(cpa_lock);
328 + #define CPA_FLUSHTLB 1
329 + #define CPA_ARRAY 2
330 + #define CPA_PAGES_ARRAY 4
331 ++#define CPA_NO_CHECK_ALIAS 8 /* Do not search for aliases */
332 +
333 + #ifdef CONFIG_PROC_FS
334 + static unsigned long direct_pages_count[PG_LEVEL_NUM];
335 +@@ -1486,6 +1487,9 @@ static int change_page_attr_set_clr(unsigned long *addr, int numpages,
336 +
337 + /* No alias checking for _NX bit modifications */
338 + checkalias = (pgprot_val(mask_set) | pgprot_val(mask_clr)) != _PAGE_NX;
339 ++ /* Has caller explicitly disabled alias checking? */
340 ++ if (in_flag & CPA_NO_CHECK_ALIAS)
341 ++ checkalias = 0;
342 +
343 + ret = __change_page_attr_set_clr(&cpa, checkalias);
344 +
345 +@@ -1772,6 +1776,15 @@ int set_memory_np(unsigned long addr, int numpages)
346 + return change_page_attr_clear(&addr, numpages, __pgprot(_PAGE_PRESENT), 0);
347 + }
348 +
349 ++int set_memory_np_noalias(unsigned long addr, int numpages)
350 ++{
351 ++ int cpa_flags = CPA_NO_CHECK_ALIAS;
352 ++
353 ++ return change_page_attr_set_clr(&addr, numpages, __pgprot(0),
354 ++ __pgprot(_PAGE_PRESENT), 0,
355 ++ cpa_flags, NULL);
356 ++}
357 ++
358 + int set_memory_4k(unsigned long addr, int numpages)
359 + {
360 + return change_page_attr_set_clr(&addr, numpages, __pgprot(0),
361 +diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
362 +index 3bb82e511eca..7d3edd713932 100644
363 +--- a/drivers/edac/edac_mc.c
364 ++++ b/drivers/edac/edac_mc.c
365 +@@ -215,6 +215,7 @@ const char * const edac_mem_types[] = {
366 + [MEM_LRDDR3] = "Load-Reduced-DDR3-RAM",
367 + [MEM_DDR4] = "Unbuffered-DDR4",
368 + [MEM_RDDR4] = "Registered-DDR4",
369 ++ [MEM_LRDDR4] = "Load-Reduced-DDR4-RAM",
370 + [MEM_NVDIMM] = "Non-volatile-RAM",
371 + };
372 + EXPORT_SYMBOL_GPL(edac_mem_types);
373 +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
374 +index fc818b4d849c..a44c3d58fef4 100644
375 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
376 ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
377 +@@ -31,7 +31,7 @@
378 + #include <linux/power_supply.h>
379 + #include <linux/hwmon.h>
380 + #include <linux/hwmon-sysfs.h>
381 +-
382 ++#include <linux/nospec.h>
383 +
384 + static int amdgpu_debugfs_pm_init(struct amdgpu_device *adev);
385 +
386 +@@ -393,6 +393,7 @@ static ssize_t amdgpu_set_pp_force_state(struct device *dev,
387 + count = -EINVAL;
388 + goto fail;
389 + }
390 ++ idx = array_index_nospec(idx, ARRAY_SIZE(data.states));
391 +
392 + amdgpu_dpm_get_pp_num_states(adev, &data);
393 + state = data.states[idx];
394 +diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c
395 +index df4e4a07db3d..14dce5c201d5 100644
396 +--- a/drivers/gpu/drm/i915/gvt/kvmgt.c
397 ++++ b/drivers/gpu/drm/i915/gvt/kvmgt.c
398 +@@ -43,6 +43,8 @@
399 + #include <linux/mdev.h>
400 + #include <linux/debugfs.h>
401 +
402 ++#include <linux/nospec.h>
403 ++
404 + #include "i915_drv.h"
405 + #include "gvt.h"
406 +
407 +@@ -1084,7 +1086,8 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
408 + } else if (cmd == VFIO_DEVICE_GET_REGION_INFO) {
409 + struct vfio_region_info info;
410 + struct vfio_info_cap caps = { .buf = NULL, .size = 0 };
411 +- int i, ret;
412 ++ unsigned int i;
413 ++ int ret;
414 + struct vfio_region_info_cap_sparse_mmap *sparse = NULL;
415 + size_t size;
416 + int nr_areas = 1;
417 +@@ -1169,6 +1172,10 @@ static long intel_vgpu_ioctl(struct mdev_device *mdev, unsigned int cmd,
418 + if (info.index >= VFIO_PCI_NUM_REGIONS +
419 + vgpu->vdev.num_regions)
420 + return -EINVAL;
421 ++ info.index =
422 ++ array_index_nospec(info.index,
423 ++ VFIO_PCI_NUM_REGIONS +
424 ++ vgpu->vdev.num_regions);
425 +
426 + i = info.index - VFIO_PCI_NUM_REGIONS;
427 +
428 +diff --git a/drivers/i2c/busses/i2c-imx.c b/drivers/i2c/busses/i2c-imx.c
429 +index 498c5e891649..ad6adefb64da 100644
430 +--- a/drivers/i2c/busses/i2c-imx.c
431 ++++ b/drivers/i2c/busses/i2c-imx.c
432 +@@ -668,9 +668,6 @@ static int i2c_imx_dma_read(struct imx_i2c_struct *i2c_imx,
433 + struct imx_i2c_dma *dma = i2c_imx->dma;
434 + struct device *dev = &i2c_imx->adapter.dev;
435 +
436 +- temp = imx_i2c_read_reg(i2c_imx, IMX_I2C_I2CR);
437 +- temp |= I2CR_DMAEN;
438 +- imx_i2c_write_reg(temp, i2c_imx, IMX_I2C_I2CR);
439 +
440 + dma->chan_using = dma->chan_rx;
441 + dma->dma_transfer_dir = DMA_DEV_TO_MEM;
442 +@@ -783,6 +780,7 @@ static int i2c_imx_read(struct imx_i2c_struct *i2c_imx, struct i2c_msg *msgs, bo
443 + int i, result;
444 + unsigned int temp;
445 + int block_data = msgs->flags & I2C_M_RECV_LEN;
446 ++ int use_dma = i2c_imx->dma && msgs->len >= DMA_THRESHOLD && !block_data;
447 +
448 + dev_dbg(&i2c_imx->adapter.dev,
449 + "<%s> write slave address: addr=0x%x\n",
450 +@@ -809,12 +807,14 @@ static int i2c_imx_read(struct imx_i2c_struct *i2c_imx, struct i2c_msg *msgs, bo
451 + */
452 + if ((msgs->len - 1) || block_data)
453 + temp &= ~I2CR_TXAK;
454 ++ if (use_dma)
455 ++ temp |= I2CR_DMAEN;
456 + imx_i2c_write_reg(temp, i2c_imx, IMX_I2C_I2CR);
457 + imx_i2c_read_reg(i2c_imx, IMX_I2C_I2DR); /* dummy read */
458 +
459 + dev_dbg(&i2c_imx->adapter.dev, "<%s> read data\n", __func__);
460 +
461 +- if (i2c_imx->dma && msgs->len >= DMA_THRESHOLD && !block_data)
462 ++ if (use_dma)
463 + return i2c_imx_dma_read(i2c_imx, msgs, is_lastmsg);
464 +
465 + /* read data */
466 +diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c
467 +index 7c3b4740b94b..b8f303dea305 100644
468 +--- a/drivers/i2c/i2c-core-acpi.c
469 ++++ b/drivers/i2c/i2c-core-acpi.c
470 +@@ -482,11 +482,16 @@ static int acpi_gsb_i2c_write_bytes(struct i2c_client *client,
471 + msgs[0].buf = buffer;
472 +
473 + ret = i2c_transfer(client->adapter, msgs, ARRAY_SIZE(msgs));
474 +- if (ret < 0)
475 +- dev_err(&client->adapter->dev, "i2c write failed\n");
476 +
477 + kfree(buffer);
478 +- return ret;
479 ++
480 ++ if (ret < 0) {
481 ++ dev_err(&client->adapter->dev, "i2c write failed: %d\n", ret);
482 ++ return ret;
483 ++ }
484 ++
485 ++ /* 1 transfer must have completed successfully */
486 ++ return (ret == 1) ? 0 : -EIO;
487 + }
488 +
489 + static acpi_status
490 +diff --git a/drivers/pci/controller/pci-aardvark.c b/drivers/pci/controller/pci-aardvark.c
491 +index 0fae816fba39..44604af23b3a 100644
492 +--- a/drivers/pci/controller/pci-aardvark.c
493 ++++ b/drivers/pci/controller/pci-aardvark.c
494 +@@ -952,6 +952,7 @@ static int advk_pcie_probe(struct platform_device *pdev)
495 +
496 + bus = bridge->bus;
497 +
498 ++ pci_bus_size_bridges(bus);
499 + pci_bus_assign_resources(bus);
500 +
501 + list_for_each_entry(child, &bus->children, node)
502 +diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c
503 +index af92fed46ab7..fd93783a87b0 100644
504 +--- a/drivers/pci/hotplug/pci_hotplug_core.c
505 ++++ b/drivers/pci/hotplug/pci_hotplug_core.c
506 +@@ -438,8 +438,17 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus,
507 + list_add(&slot->slot_list, &pci_hotplug_slot_list);
508 +
509 + result = fs_add_slot(pci_slot);
510 ++ if (result)
511 ++ goto err_list_del;
512 ++
513 + kobject_uevent(&pci_slot->kobj, KOBJ_ADD);
514 + dbg("Added slot %s to the list\n", name);
515 ++ goto out;
516 ++
517 ++err_list_del:
518 ++ list_del(&slot->slot_list);
519 ++ pci_slot->hotplug = NULL;
520 ++ pci_destroy_slot(pci_slot);
521 + out:
522 + mutex_unlock(&pci_hp_mutex);
523 + return result;
524 +diff --git a/drivers/pci/hotplug/pciehp.h b/drivers/pci/hotplug/pciehp.h
525 +index 5f892065585e..fca87a1a2b22 100644
526 +--- a/drivers/pci/hotplug/pciehp.h
527 ++++ b/drivers/pci/hotplug/pciehp.h
528 +@@ -119,6 +119,7 @@ int pciehp_unconfigure_device(struct slot *p_slot);
529 + void pciehp_queue_pushbutton_work(struct work_struct *work);
530 + struct controller *pcie_init(struct pcie_device *dev);
531 + int pcie_init_notification(struct controller *ctrl);
532 ++void pcie_shutdown_notification(struct controller *ctrl);
533 + int pciehp_enable_slot(struct slot *p_slot);
534 + int pciehp_disable_slot(struct slot *p_slot);
535 + void pcie_reenable_notification(struct controller *ctrl);
536 +diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c
537 +index 44a6a63802d5..2ba59fc94827 100644
538 +--- a/drivers/pci/hotplug/pciehp_core.c
539 ++++ b/drivers/pci/hotplug/pciehp_core.c
540 +@@ -62,6 +62,12 @@ static int reset_slot(struct hotplug_slot *slot, int probe);
541 + */
542 + static void release_slot(struct hotplug_slot *hotplug_slot)
543 + {
544 ++ struct slot *slot = hotplug_slot->private;
545 ++
546 ++ /* queued work needs hotplug_slot name */
547 ++ cancel_delayed_work(&slot->work);
548 ++ drain_workqueue(slot->wq);
549 ++
550 + kfree(hotplug_slot->ops);
551 + kfree(hotplug_slot->info);
552 + kfree(hotplug_slot);
553 +@@ -264,6 +270,7 @@ static void pciehp_remove(struct pcie_device *dev)
554 + {
555 + struct controller *ctrl = get_service_data(dev);
556 +
557 ++ pcie_shutdown_notification(ctrl);
558 + cleanup_slot(ctrl);
559 + pciehp_release_ctrl(ctrl);
560 + }
561 +diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c
562 +index 718b6073afad..aff191b4552c 100644
563 +--- a/drivers/pci/hotplug/pciehp_hpc.c
564 ++++ b/drivers/pci/hotplug/pciehp_hpc.c
565 +@@ -539,8 +539,6 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id)
566 + {
567 + struct controller *ctrl = (struct controller *)dev_id;
568 + struct pci_dev *pdev = ctrl_dev(ctrl);
569 +- struct pci_bus *subordinate = pdev->subordinate;
570 +- struct pci_dev *dev;
571 + struct slot *slot = ctrl->slot;
572 + u16 status, events;
573 + u8 present;
574 +@@ -588,14 +586,9 @@ static irqreturn_t pciehp_isr(int irq, void *dev_id)
575 + wake_up(&ctrl->queue);
576 + }
577 +
578 +- if (subordinate) {
579 +- list_for_each_entry(dev, &subordinate->devices, bus_list) {
580 +- if (dev->ignore_hotplug) {
581 +- ctrl_dbg(ctrl, "ignoring hotplug event %#06x (%s requested no hotplug)\n",
582 +- events, pci_name(dev));
583 +- return IRQ_HANDLED;
584 +- }
585 +- }
586 ++ if (pdev->ignore_hotplug) {
587 ++ ctrl_dbg(ctrl, "ignoring hotplug event %#06x\n", events);
588 ++ return IRQ_HANDLED;
589 + }
590 +
591 + /* Check Attention Button Pressed */
592 +@@ -765,7 +758,7 @@ int pcie_init_notification(struct controller *ctrl)
593 + return 0;
594 + }
595 +
596 +-static void pcie_shutdown_notification(struct controller *ctrl)
597 ++void pcie_shutdown_notification(struct controller *ctrl)
598 + {
599 + if (ctrl->notification_enabled) {
600 + pcie_disable_notification(ctrl);
601 +@@ -800,7 +793,7 @@ abort:
602 + static void pcie_cleanup_slot(struct controller *ctrl)
603 + {
604 + struct slot *slot = ctrl->slot;
605 +- cancel_delayed_work(&slot->work);
606 ++
607 + destroy_workqueue(slot->wq);
608 + kfree(slot);
609 + }
610 +@@ -893,7 +886,6 @@ abort:
611 +
612 + void pciehp_release_ctrl(struct controller *ctrl)
613 + {
614 +- pcie_shutdown_notification(ctrl);
615 + pcie_cleanup_slot(ctrl);
616 + kfree(ctrl);
617 + }
618 +diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c
619 +index 89ee6a2b6eb8..5d1698265da5 100644
620 +--- a/drivers/pci/pci-acpi.c
621 ++++ b/drivers/pci/pci-acpi.c
622 +@@ -632,13 +632,11 @@ static bool acpi_pci_need_resume(struct pci_dev *dev)
623 + /*
624 + * In some cases (eg. Samsung 305V4A) leaving a bridge in suspend over
625 + * system-wide suspend/resume confuses the platform firmware, so avoid
626 +- * doing that, unless the bridge has a driver that should take care of
627 +- * the PM handling. According to Section 16.1.6 of ACPI 6.2, endpoint
628 ++ * doing that. According to Section 16.1.6 of ACPI 6.2, endpoint
629 + * devices are expected to be in D3 before invoking the S3 entry path
630 + * from the firmware, so they should not be affected by this issue.
631 + */
632 +- if (pci_is_bridge(dev) && !dev->driver &&
633 +- acpi_target_system_state() != ACPI_STATE_S0)
634 ++ if (pci_is_bridge(dev) && acpi_target_system_state() != ACPI_STATE_S0)
635 + return true;
636 +
637 + if (!adev || !acpi_device_power_manageable(adev))
638 +diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c
639 +index 316496e99da9..0abe2865a3a5 100644
640 +--- a/drivers/pci/pci.c
641 ++++ b/drivers/pci/pci.c
642 +@@ -1171,6 +1171,33 @@ static void pci_restore_config_space(struct pci_dev *pdev)
643 + }
644 + }
645 +
646 ++static void pci_restore_rebar_state(struct pci_dev *pdev)
647 ++{
648 ++ unsigned int pos, nbars, i;
649 ++ u32 ctrl;
650 ++
651 ++ pos = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_REBAR);
652 ++ if (!pos)
653 ++ return;
654 ++
655 ++ pci_read_config_dword(pdev, pos + PCI_REBAR_CTRL, &ctrl);
656 ++ nbars = (ctrl & PCI_REBAR_CTRL_NBAR_MASK) >>
657 ++ PCI_REBAR_CTRL_NBAR_SHIFT;
658 ++
659 ++ for (i = 0; i < nbars; i++, pos += 8) {
660 ++ struct resource *res;
661 ++ int bar_idx, size;
662 ++
663 ++ pci_read_config_dword(pdev, pos + PCI_REBAR_CTRL, &ctrl);
664 ++ bar_idx = ctrl & PCI_REBAR_CTRL_BAR_IDX;
665 ++ res = pdev->resource + bar_idx;
666 ++ size = order_base_2((resource_size(res) >> 20) | 1) - 1;
667 ++ ctrl &= ~PCI_REBAR_CTRL_BAR_SIZE;
668 ++ ctrl |= size << 8;
669 ++ pci_write_config_dword(pdev, pos + PCI_REBAR_CTRL, ctrl);
670 ++ }
671 ++}
672 ++
673 + /**
674 + * pci_restore_state - Restore the saved state of a PCI device
675 + * @dev: - PCI device that we're dealing with
676 +@@ -1186,6 +1213,7 @@ void pci_restore_state(struct pci_dev *dev)
677 + pci_restore_pri_state(dev);
678 + pci_restore_ats_state(dev);
679 + pci_restore_vc_state(dev);
680 ++ pci_restore_rebar_state(dev);
681 +
682 + pci_cleanup_aer_error_status_regs(dev);
683 +
684 +diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
685 +index 611adcd9c169..b2857865c0aa 100644
686 +--- a/drivers/pci/probe.c
687 ++++ b/drivers/pci/probe.c
688 +@@ -1730,6 +1730,10 @@ static void pci_configure_mps(struct pci_dev *dev)
689 + if (!pci_is_pcie(dev) || !bridge || !pci_is_pcie(bridge))
690 + return;
691 +
692 ++ /* MPS and MRRS fields are of type 'RsvdP' for VFs, short-circuit out */
693 ++ if (dev->is_virtfn)
694 ++ return;
695 ++
696 + mps = pcie_get_mps(dev);
697 + p_mps = pcie_get_mps(bridge);
698 +
699 +diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
700 +index b0e2c4847a5d..678406e0948b 100644
701 +--- a/drivers/tty/pty.c
702 ++++ b/drivers/tty/pty.c
703 +@@ -625,7 +625,7 @@ int ptm_open_peer(struct file *master, struct tty_struct *tty, int flags)
704 + if (tty->driver != ptm_driver)
705 + return -EIO;
706 +
707 +- fd = get_unused_fd_flags(0);
708 ++ fd = get_unused_fd_flags(flags);
709 + if (fd < 0) {
710 + retval = fd;
711 + goto err;
712 +diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
713 +index f7ab34088162..8b24d3d42cb3 100644
714 +--- a/fs/ext4/mballoc.c
715 ++++ b/fs/ext4/mballoc.c
716 +@@ -14,6 +14,7 @@
717 + #include <linux/log2.h>
718 + #include <linux/module.h>
719 + #include <linux/slab.h>
720 ++#include <linux/nospec.h>
721 + #include <linux/backing-dev.h>
722 + #include <trace/events/ext4.h>
723 +
724 +@@ -2140,7 +2141,8 @@ ext4_mb_regular_allocator(struct ext4_allocation_context *ac)
725 + * This should tell if fe_len is exactly power of 2
726 + */
727 + if ((ac->ac_g_ex.fe_len & (~(1 << (i - 1)))) == 0)
728 +- ac->ac_2order = i - 1;
729 ++ ac->ac_2order = array_index_nospec(i - 1,
730 ++ sb->s_blocksize_bits + 2);
731 + }
732 +
733 + /* if stream allocation is enabled, use global goal */
734 +diff --git a/fs/reiserfs/xattr.c b/fs/reiserfs/xattr.c
735 +index ff94fad477e4..48cdfc81fe10 100644
736 +--- a/fs/reiserfs/xattr.c
737 ++++ b/fs/reiserfs/xattr.c
738 +@@ -792,8 +792,10 @@ static int listxattr_filler(struct dir_context *ctx, const char *name,
739 + return 0;
740 + size = namelen + 1;
741 + if (b->buf) {
742 +- if (size > b->size)
743 ++ if (b->pos + size > b->size) {
744 ++ b->pos = -ERANGE;
745 + return -ERANGE;
746 ++ }
747 + memcpy(b->buf + b->pos, name, namelen);
748 + b->buf[b->pos + namelen] = 0;
749 + }
750 +diff --git a/mm/page_alloc.c b/mm/page_alloc.c
751 +index a790ef4be74e..3222193c46c6 100644
752 +--- a/mm/page_alloc.c
753 ++++ b/mm/page_alloc.c
754 +@@ -6939,9 +6939,21 @@ unsigned long free_reserved_area(void *start, void *end, int poison, char *s)
755 + start = (void *)PAGE_ALIGN((unsigned long)start);
756 + end = (void *)((unsigned long)end & PAGE_MASK);
757 + for (pos = start; pos < end; pos += PAGE_SIZE, pages++) {
758 ++ struct page *page = virt_to_page(pos);
759 ++ void *direct_map_addr;
760 ++
761 ++ /*
762 ++ * 'direct_map_addr' might be different from 'pos'
763 ++ * because some architectures' virt_to_page()
764 ++ * work with aliases. Getting the direct map
765 ++ * address ensures that we get a _writeable_
766 ++ * alias for the memset().
767 ++ */
768 ++ direct_map_addr = page_address(page);
769 + if ((unsigned int)poison <= 0xFF)
770 +- memset(pos, poison, PAGE_SIZE);
771 +- free_reserved_page(virt_to_page(pos));
772 ++ memset(direct_map_addr, poison, PAGE_SIZE);
773 ++
774 ++ free_reserved_page(page);
775 + }
776 +
777 + if (pages && s)
Report Message
Find on MARC Find on Google Groups