1 |
commit: be3f37519a9c9f700d9c4e582384b625b43a6996 |
2 |
Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Apr 19 19:53:55 2019 +0000 |
4 |
Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Apr 19 19:53:55 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=be3f3751 |
7 |
|
8 |
Linux patch 4.9.169 |
9 |
|
10 |
Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> |
11 |
|
12 |
0000_README | 4 + |
13 |
1168_linux-4.9.169.patch | 3242 ++++++++++++++++++++++++++++++++++++++++++++++ |
14 |
2 files changed, 3246 insertions(+) |
15 |
|
16 |
diff --git a/0000_README b/0000_README |
17 |
index 31f02c0..3f7c1b9 100644 |
18 |
--- a/0000_README |
19 |
+++ b/0000_README |
20 |
@@ -715,6 +715,10 @@ Patch: 1167_linux-4.9.168.patch |
21 |
From: http://www.kernel.org |
22 |
Desc: Linux 4.9.168 |
23 |
|
24 |
+Patch: 1168_linux-4.9.169.patch |
25 |
+From: http://www.kernel.org |
26 |
+Desc: Linux 4.9.169 |
27 |
+ |
28 |
Patch: 1500_XATTR_USER_PREFIX.patch |
29 |
From: https://bugs.gentoo.org/show_bug.cgi?id=470644 |
30 |
Desc: Support for namespace user.pax.* on tmpfs. |
31 |
|
32 |
diff --git a/1168_linux-4.9.169.patch b/1168_linux-4.9.169.patch |
33 |
new file mode 100644 |
34 |
index 0000000..a466612 |
35 |
--- /dev/null |
36 |
+++ b/1168_linux-4.9.169.patch |
37 |
@@ -0,0 +1,3242 @@ |
38 |
+diff --git a/Makefile b/Makefile |
39 |
+index f44094d2b147..23cc23c47adf 100644 |
40 |
+--- a/Makefile |
41 |
++++ b/Makefile |
42 |
+@@ -1,6 +1,6 @@ |
43 |
+ VERSION = 4 |
44 |
+ PATCHLEVEL = 9 |
45 |
+-SUBLEVEL = 168 |
46 |
++SUBLEVEL = 169 |
47 |
+ EXTRAVERSION = |
48 |
+ NAME = Roaring Lionus |
49 |
+ |
50 |
+@@ -507,7 +507,7 @@ endif |
51 |
+ ifeq ($(cc-name),clang) |
52 |
+ ifneq ($(CROSS_COMPILE),) |
53 |
+ CLANG_FLAGS := --target=$(notdir $(CROSS_COMPILE:%-=%)) |
54 |
+-GCC_TOOLCHAIN_DIR := $(dir $(shell which $(LD))) |
55 |
++GCC_TOOLCHAIN_DIR := $(dir $(shell which $(CROSS_COMPILE)elfedit)) |
56 |
+ CLANG_FLAGS += --prefix=$(GCC_TOOLCHAIN_DIR) |
57 |
+ GCC_TOOLCHAIN := $(realpath $(GCC_TOOLCHAIN_DIR)/..) |
58 |
+ endif |
59 |
+diff --git a/arch/arm/boot/dts/sama5d2-pinfunc.h b/arch/arm/boot/dts/sama5d2-pinfunc.h |
60 |
+index 8a394f336003..ee65702f9645 100644 |
61 |
+--- a/arch/arm/boot/dts/sama5d2-pinfunc.h |
62 |
++++ b/arch/arm/boot/dts/sama5d2-pinfunc.h |
63 |
+@@ -517,7 +517,7 @@ |
64 |
+ #define PIN_PC9__GPIO PINMUX_PIN(PIN_PC9, 0, 0) |
65 |
+ #define PIN_PC9__FIQ PINMUX_PIN(PIN_PC9, 1, 3) |
66 |
+ #define PIN_PC9__GTSUCOMP PINMUX_PIN(PIN_PC9, 2, 1) |
67 |
+-#define PIN_PC9__ISC_D0 PINMUX_PIN(PIN_PC9, 2, 1) |
68 |
++#define PIN_PC9__ISC_D0 PINMUX_PIN(PIN_PC9, 3, 1) |
69 |
+ #define PIN_PC9__TIOA4 PINMUX_PIN(PIN_PC9, 4, 2) |
70 |
+ #define PIN_PC10 74 |
71 |
+ #define PIN_PC10__GPIO PINMUX_PIN(PIN_PC10, 0, 0) |
72 |
+diff --git a/arch/arm64/include/asm/futex.h b/arch/arm64/include/asm/futex.h |
73 |
+index 2a5090fb9113..d7116f5935fb 100644 |
74 |
+--- a/arch/arm64/include/asm/futex.h |
75 |
++++ b/arch/arm64/include/asm/futex.h |
76 |
+@@ -33,8 +33,8 @@ |
77 |
+ " prfm pstl1strm, %2\n" \ |
78 |
+ "1: ldxr %w1, %2\n" \ |
79 |
+ insn "\n" \ |
80 |
+-"2: stlxr %w3, %w0, %2\n" \ |
81 |
+-" cbnz %w3, 1b\n" \ |
82 |
++"2: stlxr %w0, %w3, %2\n" \ |
83 |
++" cbnz %w0, 1b\n" \ |
84 |
+ " dmb ish\n" \ |
85 |
+ "3:\n" \ |
86 |
+ " .pushsection .fixup,\"ax\"\n" \ |
87 |
+@@ -53,29 +53,29 @@ |
88 |
+ static inline int |
89 |
+ arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr) |
90 |
+ { |
91 |
+- int oldval = 0, ret, tmp; |
92 |
++ int oldval, ret, tmp; |
93 |
+ |
94 |
+ pagefault_disable(); |
95 |
+ |
96 |
+ switch (op) { |
97 |
+ case FUTEX_OP_SET: |
98 |
+- __futex_atomic_op("mov %w0, %w4", |
99 |
++ __futex_atomic_op("mov %w3, %w4", |
100 |
+ ret, oldval, uaddr, tmp, oparg); |
101 |
+ break; |
102 |
+ case FUTEX_OP_ADD: |
103 |
+- __futex_atomic_op("add %w0, %w1, %w4", |
104 |
++ __futex_atomic_op("add %w3, %w1, %w4", |
105 |
+ ret, oldval, uaddr, tmp, oparg); |
106 |
+ break; |
107 |
+ case FUTEX_OP_OR: |
108 |
+- __futex_atomic_op("orr %w0, %w1, %w4", |
109 |
++ __futex_atomic_op("orr %w3, %w1, %w4", |
110 |
+ ret, oldval, uaddr, tmp, oparg); |
111 |
+ break; |
112 |
+ case FUTEX_OP_ANDN: |
113 |
+- __futex_atomic_op("and %w0, %w1, %w4", |
114 |
++ __futex_atomic_op("and %w3, %w1, %w4", |
115 |
+ ret, oldval, uaddr, tmp, ~oparg); |
116 |
+ break; |
117 |
+ case FUTEX_OP_XOR: |
118 |
+- __futex_atomic_op("eor %w0, %w1, %w4", |
119 |
++ __futex_atomic_op("eor %w3, %w1, %w4", |
120 |
+ ret, oldval, uaddr, tmp, oparg); |
121 |
+ break; |
122 |
+ default: |
123 |
+diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c |
124 |
+index fa6b2fad7a3d..5d3df68272f5 100644 |
125 |
+--- a/arch/arm64/mm/init.c |
126 |
++++ b/arch/arm64/mm/init.c |
127 |
+@@ -272,7 +272,7 @@ void __init arm64_memblock_init(void) |
128 |
+ * memory spans, randomize the linear region as well. |
129 |
+ */ |
130 |
+ if (memstart_offset_seed > 0 && range >= ARM64_MEMSTART_ALIGN) { |
131 |
+- range = range / ARM64_MEMSTART_ALIGN + 1; |
132 |
++ range /= ARM64_MEMSTART_ALIGN; |
133 |
+ memstart_addr -= ARM64_MEMSTART_ALIGN * |
134 |
+ ((range * memstart_offset_seed) >> 16); |
135 |
+ } |
136 |
+diff --git a/arch/parisc/include/asm/processor.h b/arch/parisc/include/asm/processor.h |
137 |
+index 2e674e13e005..656984ec1958 100644 |
138 |
+--- a/arch/parisc/include/asm/processor.h |
139 |
++++ b/arch/parisc/include/asm/processor.h |
140 |
+@@ -323,6 +323,8 @@ extern int _parisc_requires_coherency; |
141 |
+ #define parisc_requires_coherency() (0) |
142 |
+ #endif |
143 |
+ |
144 |
++extern int running_on_qemu; |
145 |
++ |
146 |
+ #endif /* __ASSEMBLY__ */ |
147 |
+ |
148 |
+ #endif /* __ASM_PARISC_PROCESSOR_H */ |
149 |
+diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c |
150 |
+index c3a532abac03..2e5216c28bb1 100644 |
151 |
+--- a/arch/parisc/kernel/process.c |
152 |
++++ b/arch/parisc/kernel/process.c |
153 |
+@@ -206,12 +206,6 @@ void __cpuidle arch_cpu_idle(void) |
154 |
+ |
155 |
+ static int __init parisc_idle_init(void) |
156 |
+ { |
157 |
+- const char *marker; |
158 |
+- |
159 |
+- /* check QEMU/SeaBIOS marker in PAGE0 */ |
160 |
+- marker = (char *) &PAGE0->pad0; |
161 |
+- running_on_qemu = (memcmp(marker, "SeaBIOS", 8) == 0); |
162 |
+- |
163 |
+ if (!running_on_qemu) |
164 |
+ cpu_idle_poll_ctrl(1); |
165 |
+ |
166 |
+diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c |
167 |
+index 2e66a887788e..581b0c66e521 100644 |
168 |
+--- a/arch/parisc/kernel/setup.c |
169 |
++++ b/arch/parisc/kernel/setup.c |
170 |
+@@ -403,6 +403,9 @@ void start_parisc(void) |
171 |
+ int ret, cpunum; |
172 |
+ struct pdc_coproc_cfg coproc_cfg; |
173 |
+ |
174 |
++ /* check QEMU/SeaBIOS marker in PAGE0 */ |
175 |
++ running_on_qemu = (memcmp(&PAGE0->pad0, "SeaBIOS", 8) == 0); |
176 |
++ |
177 |
+ cpunum = smp_processor_id(); |
178 |
+ |
179 |
+ set_firmware_width_unlocked(); |
180 |
+diff --git a/arch/parisc/kernel/time.c b/arch/parisc/kernel/time.c |
181 |
+index 47ef8fdcd382..22754e0c3bda 100644 |
182 |
+--- a/arch/parisc/kernel/time.c |
183 |
++++ b/arch/parisc/kernel/time.c |
184 |
+@@ -299,7 +299,7 @@ static int __init init_cr16_clocksource(void) |
185 |
+ * The cr16 interval timers are not syncronized across CPUs, so mark |
186 |
+ * them unstable and lower rating on SMP systems. |
187 |
+ */ |
188 |
+- if (num_online_cpus() > 1) { |
189 |
++ if (num_online_cpus() > 1 && !running_on_qemu) { |
190 |
+ clocksource_cr16.flags = CLOCK_SOURCE_UNSTABLE; |
191 |
+ clocksource_cr16.rating = 0; |
192 |
+ } |
193 |
+diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig |
194 |
+index 0a6bb48854e3..fa8f2aa88189 100644 |
195 |
+--- a/arch/powerpc/Kconfig |
196 |
++++ b/arch/powerpc/Kconfig |
197 |
+@@ -128,7 +128,7 @@ config PPC |
198 |
+ select ARCH_HAS_GCOV_PROFILE_ALL |
199 |
+ select GENERIC_SMP_IDLE_THREAD |
200 |
+ select GENERIC_CMOS_UPDATE |
201 |
+- select GENERIC_CPU_VULNERABILITIES if PPC_BOOK3S_64 |
202 |
++ select GENERIC_CPU_VULNERABILITIES if PPC_BARRIER_NOSPEC |
203 |
+ select GENERIC_TIME_VSYSCALL_OLD |
204 |
+ select GENERIC_CLOCKEVENTS |
205 |
+ select GENERIC_CLOCKEVENTS_BROADCAST if SMP |
206 |
+@@ -164,6 +164,11 @@ config PPC |
207 |
+ select HAVE_ARCH_HARDENED_USERCOPY |
208 |
+ select HAVE_KERNEL_GZIP |
209 |
+ |
210 |
++config PPC_BARRIER_NOSPEC |
211 |
++ bool |
212 |
++ default y |
213 |
++ depends on PPC_BOOK3S_64 || PPC_FSL_BOOK3E |
214 |
++ |
215 |
+ config GENERIC_CSUM |
216 |
+ def_bool CPU_LITTLE_ENDIAN |
217 |
+ |
218 |
+diff --git a/arch/powerpc/include/asm/asm-prototypes.h b/arch/powerpc/include/asm/asm-prototypes.h |
219 |
+index e0baba1535e6..f3daa175f86c 100644 |
220 |
+--- a/arch/powerpc/include/asm/asm-prototypes.h |
221 |
++++ b/arch/powerpc/include/asm/asm-prototypes.h |
222 |
+@@ -121,4 +121,10 @@ extern s64 __ashrdi3(s64, int); |
223 |
+ extern int __cmpdi2(s64, s64); |
224 |
+ extern int __ucmpdi2(u64, u64); |
225 |
+ |
226 |
++/* Patch sites */ |
227 |
++extern s32 patch__call_flush_count_cache; |
228 |
++extern s32 patch__flush_count_cache_return; |
229 |
++ |
230 |
++extern long flush_count_cache; |
231 |
++ |
232 |
+ #endif /* _ASM_POWERPC_ASM_PROTOTYPES_H */ |
233 |
+diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h |
234 |
+index 798ab37c9930..80024c4f2093 100644 |
235 |
+--- a/arch/powerpc/include/asm/barrier.h |
236 |
++++ b/arch/powerpc/include/asm/barrier.h |
237 |
+@@ -77,6 +77,27 @@ do { \ |
238 |
+ |
239 |
+ #define smp_mb__before_spinlock() smp_mb() |
240 |
+ |
241 |
++#ifdef CONFIG_PPC_BOOK3S_64 |
242 |
++#define NOSPEC_BARRIER_SLOT nop |
243 |
++#elif defined(CONFIG_PPC_FSL_BOOK3E) |
244 |
++#define NOSPEC_BARRIER_SLOT nop; nop |
245 |
++#endif |
246 |
++ |
247 |
++#ifdef CONFIG_PPC_BARRIER_NOSPEC |
248 |
++/* |
249 |
++ * Prevent execution of subsequent instructions until preceding branches have |
250 |
++ * been fully resolved and are no longer executing speculatively. |
251 |
++ */ |
252 |
++#define barrier_nospec_asm NOSPEC_BARRIER_FIXUP_SECTION; NOSPEC_BARRIER_SLOT |
253 |
++ |
254 |
++// This also acts as a compiler barrier due to the memory clobber. |
255 |
++#define barrier_nospec() asm (stringify_in_c(barrier_nospec_asm) ::: "memory") |
256 |
++ |
257 |
++#else /* !CONFIG_PPC_BARRIER_NOSPEC */ |
258 |
++#define barrier_nospec_asm |
259 |
++#define barrier_nospec() |
260 |
++#endif /* CONFIG_PPC_BARRIER_NOSPEC */ |
261 |
++ |
262 |
+ #include <asm-generic/barrier.h> |
263 |
+ |
264 |
+ #endif /* _ASM_POWERPC_BARRIER_H */ |
265 |
+diff --git a/arch/powerpc/include/asm/code-patching-asm.h b/arch/powerpc/include/asm/code-patching-asm.h |
266 |
+new file mode 100644 |
267 |
+index 000000000000..ed7b1448493a |
268 |
+--- /dev/null |
269 |
++++ b/arch/powerpc/include/asm/code-patching-asm.h |
270 |
+@@ -0,0 +1,18 @@ |
271 |
++/* SPDX-License-Identifier: GPL-2.0+ */ |
272 |
++/* |
273 |
++ * Copyright 2018, Michael Ellerman, IBM Corporation. |
274 |
++ */ |
275 |
++#ifndef _ASM_POWERPC_CODE_PATCHING_ASM_H |
276 |
++#define _ASM_POWERPC_CODE_PATCHING_ASM_H |
277 |
++ |
278 |
++/* Define a "site" that can be patched */ |
279 |
++.macro patch_site label name |
280 |
++ .pushsection ".rodata" |
281 |
++ .balign 4 |
282 |
++ .global \name |
283 |
++\name: |
284 |
++ .4byte \label - . |
285 |
++ .popsection |
286 |
++.endm |
287 |
++ |
288 |
++#endif /* _ASM_POWERPC_CODE_PATCHING_ASM_H */ |
289 |
+diff --git a/arch/powerpc/include/asm/code-patching.h b/arch/powerpc/include/asm/code-patching.h |
290 |
+index b4ab1f497335..ab934f8232bd 100644 |
291 |
+--- a/arch/powerpc/include/asm/code-patching.h |
292 |
++++ b/arch/powerpc/include/asm/code-patching.h |
293 |
+@@ -28,6 +28,8 @@ unsigned int create_cond_branch(const unsigned int *addr, |
294 |
+ unsigned long target, int flags); |
295 |
+ int patch_branch(unsigned int *addr, unsigned long target, int flags); |
296 |
+ int patch_instruction(unsigned int *addr, unsigned int instr); |
297 |
++int patch_instruction_site(s32 *addr, unsigned int instr); |
298 |
++int patch_branch_site(s32 *site, unsigned long target, int flags); |
299 |
+ |
300 |
+ int instr_is_relative_branch(unsigned int instr); |
301 |
+ int instr_is_relative_link_branch(unsigned int instr); |
302 |
+diff --git a/arch/powerpc/include/asm/feature-fixups.h b/arch/powerpc/include/asm/feature-fixups.h |
303 |
+index 0bf8202feca6..175128e19025 100644 |
304 |
+--- a/arch/powerpc/include/asm/feature-fixups.h |
305 |
++++ b/arch/powerpc/include/asm/feature-fixups.h |
306 |
+@@ -213,6 +213,25 @@ void setup_feature_keys(void); |
307 |
+ FTR_ENTRY_OFFSET 951b-952b; \ |
308 |
+ .popsection; |
309 |
+ |
310 |
++#define NOSPEC_BARRIER_FIXUP_SECTION \ |
311 |
++953: \ |
312 |
++ .pushsection __barrier_nospec_fixup,"a"; \ |
313 |
++ .align 2; \ |
314 |
++954: \ |
315 |
++ FTR_ENTRY_OFFSET 953b-954b; \ |
316 |
++ .popsection; |
317 |
++ |
318 |
++#define START_BTB_FLUSH_SECTION \ |
319 |
++955: \ |
320 |
++ |
321 |
++#define END_BTB_FLUSH_SECTION \ |
322 |
++956: \ |
323 |
++ .pushsection __btb_flush_fixup,"a"; \ |
324 |
++ .align 2; \ |
325 |
++957: \ |
326 |
++ FTR_ENTRY_OFFSET 955b-957b; \ |
327 |
++ FTR_ENTRY_OFFSET 956b-957b; \ |
328 |
++ .popsection; |
329 |
+ |
330 |
+ #ifndef __ASSEMBLY__ |
331 |
+ |
332 |
+@@ -220,6 +239,8 @@ extern long stf_barrier_fallback; |
333 |
+ extern long __start___stf_entry_barrier_fixup, __stop___stf_entry_barrier_fixup; |
334 |
+ extern long __start___stf_exit_barrier_fixup, __stop___stf_exit_barrier_fixup; |
335 |
+ extern long __start___rfi_flush_fixup, __stop___rfi_flush_fixup; |
336 |
++extern long __start___barrier_nospec_fixup, __stop___barrier_nospec_fixup; |
337 |
++extern long __start__btb_flush_fixup, __stop__btb_flush_fixup; |
338 |
+ |
339 |
+ #endif |
340 |
+ |
341 |
+diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h |
342 |
+index 9d978102bf0d..9587d301db55 100644 |
343 |
+--- a/arch/powerpc/include/asm/hvcall.h |
344 |
++++ b/arch/powerpc/include/asm/hvcall.h |
345 |
+@@ -316,10 +316,12 @@ |
346 |
+ #define H_CPU_CHAR_BRANCH_HINTS_HONORED (1ull << 58) // IBM bit 5 |
347 |
+ #define H_CPU_CHAR_THREAD_RECONFIG_CTRL (1ull << 57) // IBM bit 6 |
348 |
+ #define H_CPU_CHAR_COUNT_CACHE_DISABLED (1ull << 56) // IBM bit 7 |
349 |
++#define H_CPU_CHAR_BCCTR_FLUSH_ASSIST (1ull << 54) // IBM bit 9 |
350 |
+ |
351 |
+ #define H_CPU_BEHAV_FAVOUR_SECURITY (1ull << 63) // IBM bit 0 |
352 |
+ #define H_CPU_BEHAV_L1D_FLUSH_PR (1ull << 62) // IBM bit 1 |
353 |
+ #define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR (1ull << 61) // IBM bit 2 |
354 |
++#define H_CPU_BEHAV_FLUSH_COUNT_CACHE (1ull << 58) // IBM bit 5 |
355 |
+ |
356 |
+ #ifndef __ASSEMBLY__ |
357 |
+ #include <linux/types.h> |
358 |
+diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h |
359 |
+index c73750b0d9fa..bbd35ba36a22 100644 |
360 |
+--- a/arch/powerpc/include/asm/ppc_asm.h |
361 |
++++ b/arch/powerpc/include/asm/ppc_asm.h |
362 |
+@@ -437,7 +437,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_601) |
363 |
+ .machine push ; \ |
364 |
+ .machine "power4" ; \ |
365 |
+ lis scratch,0x60000000@h; \ |
366 |
+- dcbt r0,scratch,0b01010; \ |
367 |
++ dcbt 0,scratch,0b01010; \ |
368 |
+ .machine pop |
369 |
+ |
370 |
+ /* |
371 |
+@@ -780,4 +780,25 @@ END_FTR_SECTION_IFCLR(CPU_FTR_601) |
372 |
+ .long 0x2400004c /* rfid */ |
373 |
+ #endif /* !CONFIG_PPC_BOOK3E */ |
374 |
+ #endif /* __ASSEMBLY__ */ |
375 |
++ |
376 |
++/* |
377 |
++ * Helper macro for exception table entries |
378 |
++ */ |
379 |
++#define EX_TABLE(_fault, _target) \ |
380 |
++ stringify_in_c(.section __ex_table,"a";)\ |
381 |
++ stringify_in_c(.balign 4;) \ |
382 |
++ stringify_in_c(.long (_fault) - . ;) \ |
383 |
++ stringify_in_c(.long (_target) - . ;) \ |
384 |
++ stringify_in_c(.previous) |
385 |
++ |
386 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
387 |
++#define BTB_FLUSH(reg) \ |
388 |
++ lis reg,BUCSR_INIT@h; \ |
389 |
++ ori reg,reg,BUCSR_INIT@l; \ |
390 |
++ mtspr SPRN_BUCSR,reg; \ |
391 |
++ isync; |
392 |
++#else |
393 |
++#define BTB_FLUSH(reg) |
394 |
++#endif /* CONFIG_PPC_FSL_BOOK3E */ |
395 |
++ |
396 |
+ #endif /* _ASM_POWERPC_PPC_ASM_H */ |
397 |
+diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h |
398 |
+index 44989b22383c..759597bf0fd8 100644 |
399 |
+--- a/arch/powerpc/include/asm/security_features.h |
400 |
++++ b/arch/powerpc/include/asm/security_features.h |
401 |
+@@ -22,6 +22,7 @@ enum stf_barrier_type { |
402 |
+ |
403 |
+ void setup_stf_barrier(void); |
404 |
+ void do_stf_barrier_fixups(enum stf_barrier_type types); |
405 |
++void setup_count_cache_flush(void); |
406 |
+ |
407 |
+ static inline void security_ftr_set(unsigned long feature) |
408 |
+ { |
409 |
+@@ -59,6 +60,9 @@ static inline bool security_ftr_enabled(unsigned long feature) |
410 |
+ // Indirect branch prediction cache disabled |
411 |
+ #define SEC_FTR_COUNT_CACHE_DISABLED 0x0000000000000020ull |
412 |
+ |
413 |
++// bcctr 2,0,0 triggers a hardware assisted count cache flush |
414 |
++#define SEC_FTR_BCCTR_FLUSH_ASSIST 0x0000000000000800ull |
415 |
++ |
416 |
+ |
417 |
+ // Features indicating need for Spectre/Meltdown mitigations |
418 |
+ |
419 |
+@@ -74,6 +78,9 @@ static inline bool security_ftr_enabled(unsigned long feature) |
420 |
+ // Firmware configuration indicates user favours security over performance |
421 |
+ #define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull |
422 |
+ |
423 |
++// Software required to flush count cache on context switch |
424 |
++#define SEC_FTR_FLUSH_COUNT_CACHE 0x0000000000000400ull |
425 |
++ |
426 |
+ |
427 |
+ // Features enabled by default |
428 |
+ #define SEC_FTR_DEFAULT \ |
429 |
+diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h |
430 |
+index 3f160cd20107..862ebce3ae54 100644 |
431 |
+--- a/arch/powerpc/include/asm/setup.h |
432 |
++++ b/arch/powerpc/include/asm/setup.h |
433 |
+@@ -8,6 +8,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex); |
434 |
+ |
435 |
+ extern unsigned int rtas_data; |
436 |
+ extern unsigned long long memory_limit; |
437 |
++extern bool init_mem_is_free; |
438 |
+ extern unsigned long klimit; |
439 |
+ extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask); |
440 |
+ |
441 |
+@@ -50,6 +51,26 @@ enum l1d_flush_type { |
442 |
+ |
443 |
+ void setup_rfi_flush(enum l1d_flush_type, bool enable); |
444 |
+ void do_rfi_flush_fixups(enum l1d_flush_type types); |
445 |
++#ifdef CONFIG_PPC_BARRIER_NOSPEC |
446 |
++void setup_barrier_nospec(void); |
447 |
++#else |
448 |
++static inline void setup_barrier_nospec(void) { }; |
449 |
++#endif |
450 |
++void do_barrier_nospec_fixups(bool enable); |
451 |
++extern bool barrier_nospec_enabled; |
452 |
++ |
453 |
++#ifdef CONFIG_PPC_BARRIER_NOSPEC |
454 |
++void do_barrier_nospec_fixups_range(bool enable, void *start, void *end); |
455 |
++#else |
456 |
++static inline void do_barrier_nospec_fixups_range(bool enable, void *start, void *end) { }; |
457 |
++#endif |
458 |
++ |
459 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
460 |
++void setup_spectre_v2(void); |
461 |
++#else |
462 |
++static inline void setup_spectre_v2(void) {}; |
463 |
++#endif |
464 |
++void do_btb_flush_fixups(void); |
465 |
+ |
466 |
+ #endif /* !__ASSEMBLY__ */ |
467 |
+ |
468 |
+diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h |
469 |
+index 31913b3ac7ab..da852153c1f8 100644 |
470 |
+--- a/arch/powerpc/include/asm/uaccess.h |
471 |
++++ b/arch/powerpc/include/asm/uaccess.h |
472 |
+@@ -269,6 +269,7 @@ do { \ |
473 |
+ __chk_user_ptr(ptr); \ |
474 |
+ if (!is_kernel_addr((unsigned long)__gu_addr)) \ |
475 |
+ might_fault(); \ |
476 |
++ barrier_nospec(); \ |
477 |
+ __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
478 |
+ (x) = (__typeof__(*(ptr)))__gu_val; \ |
479 |
+ __gu_err; \ |
480 |
+@@ -280,8 +281,10 @@ do { \ |
481 |
+ unsigned long __gu_val = 0; \ |
482 |
+ __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ |
483 |
+ might_fault(); \ |
484 |
+- if (access_ok(VERIFY_READ, __gu_addr, (size))) \ |
485 |
++ if (access_ok(VERIFY_READ, __gu_addr, (size))) { \ |
486 |
++ barrier_nospec(); \ |
487 |
+ __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
488 |
++ } \ |
489 |
+ (x) = (__force __typeof__(*(ptr)))__gu_val; \ |
490 |
+ __gu_err; \ |
491 |
+ }) |
492 |
+@@ -292,6 +295,7 @@ do { \ |
493 |
+ unsigned long __gu_val; \ |
494 |
+ __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ |
495 |
+ __chk_user_ptr(ptr); \ |
496 |
++ barrier_nospec(); \ |
497 |
+ __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ |
498 |
+ (x) = (__force __typeof__(*(ptr)))__gu_val; \ |
499 |
+ __gu_err; \ |
500 |
+@@ -348,15 +352,19 @@ static inline unsigned long __copy_from_user_inatomic(void *to, |
501 |
+ |
502 |
+ switch (n) { |
503 |
+ case 1: |
504 |
++ barrier_nospec(); |
505 |
+ __get_user_size(*(u8 *)to, from, 1, ret); |
506 |
+ break; |
507 |
+ case 2: |
508 |
++ barrier_nospec(); |
509 |
+ __get_user_size(*(u16 *)to, from, 2, ret); |
510 |
+ break; |
511 |
+ case 4: |
512 |
++ barrier_nospec(); |
513 |
+ __get_user_size(*(u32 *)to, from, 4, ret); |
514 |
+ break; |
515 |
+ case 8: |
516 |
++ barrier_nospec(); |
517 |
+ __get_user_size(*(u64 *)to, from, 8, ret); |
518 |
+ break; |
519 |
+ } |
520 |
+@@ -366,6 +374,7 @@ static inline unsigned long __copy_from_user_inatomic(void *to, |
521 |
+ |
522 |
+ check_object_size(to, n, false); |
523 |
+ |
524 |
++ barrier_nospec(); |
525 |
+ return __copy_tofrom_user((__force void __user *)to, from, n); |
526 |
+ } |
527 |
+ |
528 |
+diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile |
529 |
+index 13885786282b..d80fbf0884ff 100644 |
530 |
+--- a/arch/powerpc/kernel/Makefile |
531 |
++++ b/arch/powerpc/kernel/Makefile |
532 |
+@@ -44,9 +44,10 @@ obj-$(CONFIG_PPC64) += setup_64.o sys_ppc32.o \ |
533 |
+ obj-$(CONFIG_VDSO32) += vdso32/ |
534 |
+ obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o |
535 |
+ obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_ppc970.o cpu_setup_pa6t.o |
536 |
+-obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o security.o |
537 |
++obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o |
538 |
+ obj-$(CONFIG_PPC_BOOK3S_64) += mce.o mce_power.o |
539 |
+ obj-$(CONFIG_PPC_BOOK3E_64) += exceptions-64e.o idle_book3e.o |
540 |
++obj-$(CONFIG_PPC_BARRIER_NOSPEC) += security.o |
541 |
+ obj-$(CONFIG_PPC64) += vdso64/ |
542 |
+ obj-$(CONFIG_ALTIVEC) += vecemu.o |
543 |
+ obj-$(CONFIG_PPC_970_NAP) += idle_power4.o |
544 |
+diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S |
545 |
+index 370645687cc7..bdd88f9d7926 100644 |
546 |
+--- a/arch/powerpc/kernel/entry_32.S |
547 |
++++ b/arch/powerpc/kernel/entry_32.S |
548 |
+@@ -34,6 +34,7 @@ |
549 |
+ #include <asm/ftrace.h> |
550 |
+ #include <asm/ptrace.h> |
551 |
+ #include <asm/export.h> |
552 |
++#include <asm/barrier.h> |
553 |
+ |
554 |
+ /* |
555 |
+ * MSR_KERNEL is > 0x10000 on 4xx/Book-E since it include MSR_CE. |
556 |
+@@ -347,6 +348,15 @@ syscall_dotrace_cont: |
557 |
+ ori r10,r10,sys_call_table@l |
558 |
+ slwi r0,r0,2 |
559 |
+ bge- 66f |
560 |
++ |
561 |
++ barrier_nospec_asm |
562 |
++ /* |
563 |
++ * Prevent the load of the handler below (based on the user-passed |
564 |
++ * system call number) being speculatively executed until the test |
565 |
++ * against NR_syscalls and branch to .66f above has |
566 |
++ * committed. |
567 |
++ */ |
568 |
++ |
569 |
+ lwzx r10,r10,r0 /* Fetch system call handler [ptr] */ |
570 |
+ mtlr r10 |
571 |
+ addi r9,r1,STACK_FRAME_OVERHEAD |
572 |
+diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S |
573 |
+index e24ae0fa80ed..390ebf4ef384 100644 |
574 |
+--- a/arch/powerpc/kernel/entry_64.S |
575 |
++++ b/arch/powerpc/kernel/entry_64.S |
576 |
+@@ -26,6 +26,7 @@ |
577 |
+ #include <asm/page.h> |
578 |
+ #include <asm/mmu.h> |
579 |
+ #include <asm/thread_info.h> |
580 |
++#include <asm/code-patching-asm.h> |
581 |
+ #include <asm/ppc_asm.h> |
582 |
+ #include <asm/asm-offsets.h> |
583 |
+ #include <asm/cputable.h> |
584 |
+@@ -38,6 +39,7 @@ |
585 |
+ #include <asm/context_tracking.h> |
586 |
+ #include <asm/tm.h> |
587 |
+ #include <asm/ppc-opcode.h> |
588 |
++#include <asm/barrier.h> |
589 |
+ #include <asm/export.h> |
590 |
+ #ifdef CONFIG_PPC_BOOK3S |
591 |
+ #include <asm/exception-64s.h> |
592 |
+@@ -78,6 +80,11 @@ END_FTR_SECTION_IFSET(CPU_FTR_TM) |
593 |
+ std r0,GPR0(r1) |
594 |
+ std r10,GPR1(r1) |
595 |
+ beq 2f /* if from kernel mode */ |
596 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
597 |
++START_BTB_FLUSH_SECTION |
598 |
++ BTB_FLUSH(r10) |
599 |
++END_BTB_FLUSH_SECTION |
600 |
++#endif |
601 |
+ ACCOUNT_CPU_USER_ENTRY(r13, r10, r11) |
602 |
+ 2: std r2,GPR2(r1) |
603 |
+ std r3,GPR3(r1) |
604 |
+@@ -180,6 +187,15 @@ system_call: /* label this so stack traces look sane */ |
605 |
+ clrldi r8,r8,32 |
606 |
+ 15: |
607 |
+ slwi r0,r0,4 |
608 |
++ |
609 |
++ barrier_nospec_asm |
610 |
++ /* |
611 |
++ * Prevent the load of the handler below (based on the user-passed |
612 |
++ * system call number) being speculatively executed until the test |
613 |
++ * against NR_syscalls and branch to .Lsyscall_enosys above has |
614 |
++ * committed. |
615 |
++ */ |
616 |
++ |
617 |
+ ldx r12,r11,r0 /* Fetch system call handler [ptr] */ |
618 |
+ mtctr r12 |
619 |
+ bctrl /* Call handler */ |
620 |
+@@ -473,6 +489,57 @@ _GLOBAL(ret_from_kernel_thread) |
621 |
+ li r3,0 |
622 |
+ b .Lsyscall_exit |
623 |
+ |
624 |
++#ifdef CONFIG_PPC_BOOK3S_64 |
625 |
++ |
626 |
++#define FLUSH_COUNT_CACHE \ |
627 |
++1: nop; \ |
628 |
++ patch_site 1b, patch__call_flush_count_cache |
629 |
++ |
630 |
++ |
631 |
++#define BCCTR_FLUSH .long 0x4c400420 |
632 |
++ |
633 |
++.macro nops number |
634 |
++ .rept \number |
635 |
++ nop |
636 |
++ .endr |
637 |
++.endm |
638 |
++ |
639 |
++.balign 32 |
640 |
++.global flush_count_cache |
641 |
++flush_count_cache: |
642 |
++ /* Save LR into r9 */ |
643 |
++ mflr r9 |
644 |
++ |
645 |
++ .rept 64 |
646 |
++ bl .+4 |
647 |
++ .endr |
648 |
++ b 1f |
649 |
++ nops 6 |
650 |
++ |
651 |
++ .balign 32 |
652 |
++ /* Restore LR */ |
653 |
++1: mtlr r9 |
654 |
++ li r9,0x7fff |
655 |
++ mtctr r9 |
656 |
++ |
657 |
++ BCCTR_FLUSH |
658 |
++ |
659 |
++2: nop |
660 |
++ patch_site 2b patch__flush_count_cache_return |
661 |
++ |
662 |
++ nops 3 |
663 |
++ |
664 |
++ .rept 278 |
665 |
++ .balign 32 |
666 |
++ BCCTR_FLUSH |
667 |
++ nops 7 |
668 |
++ .endr |
669 |
++ |
670 |
++ blr |
671 |
++#else |
672 |
++#define FLUSH_COUNT_CACHE |
673 |
++#endif /* CONFIG_PPC_BOOK3S_64 */ |
674 |
++ |
675 |
+ /* |
676 |
+ * This routine switches between two different tasks. The process |
677 |
+ * state of one is saved on its kernel stack. Then the state |
678 |
+@@ -504,6 +571,8 @@ _GLOBAL(_switch) |
679 |
+ std r23,_CCR(r1) |
680 |
+ std r1,KSP(r3) /* Set old stack pointer */ |
681 |
+ |
682 |
++ FLUSH_COUNT_CACHE |
683 |
++ |
684 |
+ #ifdef CONFIG_SMP |
685 |
+ /* We need a sync somewhere here to make sure that if the |
686 |
+ * previous task gets rescheduled on another CPU, it sees all |
687 |
+diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S |
688 |
+index ca03eb229a9a..423b5257d3a1 100644 |
689 |
+--- a/arch/powerpc/kernel/exceptions-64e.S |
690 |
++++ b/arch/powerpc/kernel/exceptions-64e.S |
691 |
+@@ -295,7 +295,8 @@ ret_from_mc_except: |
692 |
+ andi. r10,r11,MSR_PR; /* save stack pointer */ \ |
693 |
+ beq 1f; /* branch around if supervisor */ \ |
694 |
+ ld r1,PACAKSAVE(r13); /* get kernel stack coming from usr */\ |
695 |
+-1: cmpdi cr1,r1,0; /* check if SP makes sense */ \ |
696 |
++1: type##_BTB_FLUSH \ |
697 |
++ cmpdi cr1,r1,0; /* check if SP makes sense */ \ |
698 |
+ bge- cr1,exc_##n##_bad_stack;/* bad stack (TODO: out of line) */ \ |
699 |
+ mfspr r10,SPRN_##type##_SRR0; /* read SRR0 before touching stack */ |
700 |
+ |
701 |
+@@ -327,6 +328,30 @@ ret_from_mc_except: |
702 |
+ #define SPRN_MC_SRR0 SPRN_MCSRR0 |
703 |
+ #define SPRN_MC_SRR1 SPRN_MCSRR1 |
704 |
+ |
705 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
706 |
++#define GEN_BTB_FLUSH \ |
707 |
++ START_BTB_FLUSH_SECTION \ |
708 |
++ beq 1f; \ |
709 |
++ BTB_FLUSH(r10) \ |
710 |
++ 1: \ |
711 |
++ END_BTB_FLUSH_SECTION |
712 |
++ |
713 |
++#define CRIT_BTB_FLUSH \ |
714 |
++ START_BTB_FLUSH_SECTION \ |
715 |
++ BTB_FLUSH(r10) \ |
716 |
++ END_BTB_FLUSH_SECTION |
717 |
++ |
718 |
++#define DBG_BTB_FLUSH CRIT_BTB_FLUSH |
719 |
++#define MC_BTB_FLUSH CRIT_BTB_FLUSH |
720 |
++#define GDBELL_BTB_FLUSH GEN_BTB_FLUSH |
721 |
++#else |
722 |
++#define GEN_BTB_FLUSH |
723 |
++#define CRIT_BTB_FLUSH |
724 |
++#define DBG_BTB_FLUSH |
725 |
++#define MC_BTB_FLUSH |
726 |
++#define GDBELL_BTB_FLUSH |
727 |
++#endif |
728 |
++ |
729 |
+ #define NORMAL_EXCEPTION_PROLOG(n, intnum, addition) \ |
730 |
+ EXCEPTION_PROLOG(n, intnum, GEN, addition##_GEN(n)) |
731 |
+ |
732 |
+diff --git a/arch/powerpc/kernel/head_booke.h b/arch/powerpc/kernel/head_booke.h |
733 |
+index a620203f7de3..7b98c7351f6c 100644 |
734 |
+--- a/arch/powerpc/kernel/head_booke.h |
735 |
++++ b/arch/powerpc/kernel/head_booke.h |
736 |
+@@ -31,6 +31,16 @@ |
737 |
+ */ |
738 |
+ #define THREAD_NORMSAVE(offset) (THREAD_NORMSAVES + (offset * 4)) |
739 |
+ |
740 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
741 |
++#define BOOKE_CLEAR_BTB(reg) \ |
742 |
++START_BTB_FLUSH_SECTION \ |
743 |
++ BTB_FLUSH(reg) \ |
744 |
++END_BTB_FLUSH_SECTION |
745 |
++#else |
746 |
++#define BOOKE_CLEAR_BTB(reg) |
747 |
++#endif |
748 |
++ |
749 |
++ |
750 |
+ #define NORMAL_EXCEPTION_PROLOG(intno) \ |
751 |
+ mtspr SPRN_SPRG_WSCRATCH0, r10; /* save one register */ \ |
752 |
+ mfspr r10, SPRN_SPRG_THREAD; \ |
753 |
+@@ -42,6 +52,7 @@ |
754 |
+ andi. r11, r11, MSR_PR; /* check whether user or kernel */\ |
755 |
+ mr r11, r1; \ |
756 |
+ beq 1f; \ |
757 |
++ BOOKE_CLEAR_BTB(r11) \ |
758 |
+ /* if from user, start at top of this thread's kernel stack */ \ |
759 |
+ lwz r11, THREAD_INFO-THREAD(r10); \ |
760 |
+ ALLOC_STACK_FRAME(r11, THREAD_SIZE); \ |
761 |
+@@ -127,6 +138,7 @@ |
762 |
+ stw r9,_CCR(r8); /* save CR on stack */\ |
763 |
+ mfspr r11,exc_level_srr1; /* check whether user or kernel */\ |
764 |
+ DO_KVM BOOKE_INTERRUPT_##intno exc_level_srr1; \ |
765 |
++ BOOKE_CLEAR_BTB(r10) \ |
766 |
+ andi. r11,r11,MSR_PR; \ |
767 |
+ mfspr r11,SPRN_SPRG_THREAD; /* if from user, start at top of */\ |
768 |
+ lwz r11,THREAD_INFO-THREAD(r11); /* this thread's kernel stack */\ |
769 |
+diff --git a/arch/powerpc/kernel/head_fsl_booke.S b/arch/powerpc/kernel/head_fsl_booke.S |
770 |
+index bf4c6021515f..60a0aeefc4a7 100644 |
771 |
+--- a/arch/powerpc/kernel/head_fsl_booke.S |
772 |
++++ b/arch/powerpc/kernel/head_fsl_booke.S |
773 |
+@@ -452,6 +452,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV) |
774 |
+ mfcr r13 |
775 |
+ stw r13, THREAD_NORMSAVE(3)(r10) |
776 |
+ DO_KVM BOOKE_INTERRUPT_DTLB_MISS SPRN_SRR1 |
777 |
++START_BTB_FLUSH_SECTION |
778 |
++ mfspr r11, SPRN_SRR1 |
779 |
++ andi. r10,r11,MSR_PR |
780 |
++ beq 1f |
781 |
++ BTB_FLUSH(r10) |
782 |
++1: |
783 |
++END_BTB_FLUSH_SECTION |
784 |
+ mfspr r10, SPRN_DEAR /* Get faulting address */ |
785 |
+ |
786 |
+ /* If we are faulting a kernel address, we have to use the |
787 |
+@@ -546,6 +553,14 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV) |
788 |
+ mfcr r13 |
789 |
+ stw r13, THREAD_NORMSAVE(3)(r10) |
790 |
+ DO_KVM BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR1 |
791 |
++START_BTB_FLUSH_SECTION |
792 |
++ mfspr r11, SPRN_SRR1 |
793 |
++ andi. r10,r11,MSR_PR |
794 |
++ beq 1f |
795 |
++ BTB_FLUSH(r10) |
796 |
++1: |
797 |
++END_BTB_FLUSH_SECTION |
798 |
++ |
799 |
+ mfspr r10, SPRN_SRR0 /* Get faulting address */ |
800 |
+ |
801 |
+ /* If we are faulting a kernel address, we have to use the |
802 |
+diff --git a/arch/powerpc/kernel/module.c b/arch/powerpc/kernel/module.c |
803 |
+index 30b89d5cbb03..3b1c3bb91025 100644 |
804 |
+--- a/arch/powerpc/kernel/module.c |
805 |
++++ b/arch/powerpc/kernel/module.c |
806 |
+@@ -72,7 +72,15 @@ int module_finalize(const Elf_Ehdr *hdr, |
807 |
+ do_feature_fixups(powerpc_firmware_features, |
808 |
+ (void *)sect->sh_addr, |
809 |
+ (void *)sect->sh_addr + sect->sh_size); |
810 |
+-#endif |
811 |
++#endif /* CONFIG_PPC64 */ |
812 |
++ |
813 |
++#ifdef CONFIG_PPC_BARRIER_NOSPEC |
814 |
++ sect = find_section(hdr, sechdrs, "__spec_barrier_fixup"); |
815 |
++ if (sect != NULL) |
816 |
++ do_barrier_nospec_fixups_range(barrier_nospec_enabled, |
817 |
++ (void *)sect->sh_addr, |
818 |
++ (void *)sect->sh_addr + sect->sh_size); |
819 |
++#endif /* CONFIG_PPC_BARRIER_NOSPEC */ |
820 |
+ |
821 |
+ sect = find_section(hdr, sechdrs, "__lwsync_fixup"); |
822 |
+ if (sect != NULL) |
823 |
+diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c |
824 |
+index 2277df84ef6e..30542e833ebe 100644 |
825 |
+--- a/arch/powerpc/kernel/security.c |
826 |
++++ b/arch/powerpc/kernel/security.c |
827 |
+@@ -9,11 +9,121 @@ |
828 |
+ #include <linux/device.h> |
829 |
+ #include <linux/seq_buf.h> |
830 |
+ |
831 |
++#include <asm/asm-prototypes.h> |
832 |
++#include <asm/code-patching.h> |
833 |
++#include <asm/debug.h> |
834 |
+ #include <asm/security_features.h> |
835 |
++#include <asm/setup.h> |
836 |
+ |
837 |
+ |
838 |
+ unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT; |
839 |
+ |
840 |
++enum count_cache_flush_type { |
841 |
++ COUNT_CACHE_FLUSH_NONE = 0x1, |
842 |
++ COUNT_CACHE_FLUSH_SW = 0x2, |
843 |
++ COUNT_CACHE_FLUSH_HW = 0x4, |
844 |
++}; |
845 |
++static enum count_cache_flush_type count_cache_flush_type = COUNT_CACHE_FLUSH_NONE; |
846 |
++ |
847 |
++bool barrier_nospec_enabled; |
848 |
++static bool no_nospec; |
849 |
++static bool btb_flush_enabled; |
850 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
851 |
++static bool no_spectrev2; |
852 |
++#endif |
853 |
++ |
854 |
++static void enable_barrier_nospec(bool enable) |
855 |
++{ |
856 |
++ barrier_nospec_enabled = enable; |
857 |
++ do_barrier_nospec_fixups(enable); |
858 |
++} |
859 |
++ |
860 |
++void setup_barrier_nospec(void) |
861 |
++{ |
862 |
++ bool enable; |
863 |
++ |
864 |
++ /* |
865 |
++ * It would make sense to check SEC_FTR_SPEC_BAR_ORI31 below as well. |
866 |
++ * But there's a good reason not to. The two flags we check below are |
867 |
++ * both are enabled by default in the kernel, so if the hcall is not |
868 |
++ * functional they will be enabled. |
869 |
++ * On a system where the host firmware has been updated (so the ori |
870 |
++ * functions as a barrier), but on which the hypervisor (KVM/Qemu) has |
871 |
++ * not been updated, we would like to enable the barrier. Dropping the |
872 |
++ * check for SEC_FTR_SPEC_BAR_ORI31 achieves that. The only downside is |
873 |
++ * we potentially enable the barrier on systems where the host firmware |
874 |
++ * is not updated, but that's harmless as it's a no-op. |
875 |
++ */ |
876 |
++ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && |
877 |
++ security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR); |
878 |
++ |
879 |
++ if (!no_nospec) |
880 |
++ enable_barrier_nospec(enable); |
881 |
++} |
882 |
++ |
883 |
++static int __init handle_nospectre_v1(char *p) |
884 |
++{ |
885 |
++ no_nospec = true; |
886 |
++ |
887 |
++ return 0; |
888 |
++} |
889 |
++early_param("nospectre_v1", handle_nospectre_v1); |
890 |
++ |
891 |
++#ifdef CONFIG_DEBUG_FS |
892 |
++static int barrier_nospec_set(void *data, u64 val) |
893 |
++{ |
894 |
++ switch (val) { |
895 |
++ case 0: |
896 |
++ case 1: |
897 |
++ break; |
898 |
++ default: |
899 |
++ return -EINVAL; |
900 |
++ } |
901 |
++ |
902 |
++ if (!!val == !!barrier_nospec_enabled) |
903 |
++ return 0; |
904 |
++ |
905 |
++ enable_barrier_nospec(!!val); |
906 |
++ |
907 |
++ return 0; |
908 |
++} |
909 |
++ |
910 |
++static int barrier_nospec_get(void *data, u64 *val) |
911 |
++{ |
912 |
++ *val = barrier_nospec_enabled ? 1 : 0; |
913 |
++ return 0; |
914 |
++} |
915 |
++ |
916 |
++DEFINE_SIMPLE_ATTRIBUTE(fops_barrier_nospec, |
917 |
++ barrier_nospec_get, barrier_nospec_set, "%llu\n"); |
918 |
++ |
919 |
++static __init int barrier_nospec_debugfs_init(void) |
920 |
++{ |
921 |
++ debugfs_create_file("barrier_nospec", 0600, powerpc_debugfs_root, NULL, |
922 |
++ &fops_barrier_nospec); |
923 |
++ return 0; |
924 |
++} |
925 |
++device_initcall(barrier_nospec_debugfs_init); |
926 |
++#endif /* CONFIG_DEBUG_FS */ |
927 |
++ |
928 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
929 |
++static int __init handle_nospectre_v2(char *p) |
930 |
++{ |
931 |
++ no_spectrev2 = true; |
932 |
++ |
933 |
++ return 0; |
934 |
++} |
935 |
++early_param("nospectre_v2", handle_nospectre_v2); |
936 |
++void setup_spectre_v2(void) |
937 |
++{ |
938 |
++ if (no_spectrev2) |
939 |
++ do_btb_flush_fixups(); |
940 |
++ else |
941 |
++ btb_flush_enabled = true; |
942 |
++} |
943 |
++#endif /* CONFIG_PPC_FSL_BOOK3E */ |
944 |
++ |
945 |
++#ifdef CONFIG_PPC_BOOK3S_64 |
946 |
+ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) |
947 |
+ { |
948 |
+ bool thread_priv; |
949 |
+@@ -46,25 +156,39 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha |
950 |
+ |
951 |
+ return sprintf(buf, "Vulnerable\n"); |
952 |
+ } |
953 |
++#endif |
954 |
+ |
955 |
+ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf) |
956 |
+ { |
957 |
+- if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) |
958 |
+- return sprintf(buf, "Not affected\n"); |
959 |
++ struct seq_buf s; |
960 |
+ |
961 |
+- return sprintf(buf, "Vulnerable\n"); |
962 |
++ seq_buf_init(&s, buf, PAGE_SIZE - 1); |
963 |
++ |
964 |
++ if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) { |
965 |
++ if (barrier_nospec_enabled) |
966 |
++ seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); |
967 |
++ else |
968 |
++ seq_buf_printf(&s, "Vulnerable"); |
969 |
++ |
970 |
++ if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31)) |
971 |
++ seq_buf_printf(&s, ", ori31 speculation barrier enabled"); |
972 |
++ |
973 |
++ seq_buf_printf(&s, "\n"); |
974 |
++ } else |
975 |
++ seq_buf_printf(&s, "Not affected\n"); |
976 |
++ |
977 |
++ return s.len; |
978 |
+ } |
979 |
+ |
980 |
+ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf) |
981 |
+ { |
982 |
+- bool bcs, ccd, ori; |
983 |
+ struct seq_buf s; |
984 |
++ bool bcs, ccd; |
985 |
+ |
986 |
+ seq_buf_init(&s, buf, PAGE_SIZE - 1); |
987 |
+ |
988 |
+ bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED); |
989 |
+ ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED); |
990 |
+- ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31); |
991 |
+ |
992 |
+ if (bcs || ccd) { |
993 |
+ seq_buf_printf(&s, "Mitigation: "); |
994 |
+@@ -77,17 +201,23 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c |
995 |
+ |
996 |
+ if (ccd) |
997 |
+ seq_buf_printf(&s, "Indirect branch cache disabled"); |
998 |
+- } else |
999 |
++ } else if (count_cache_flush_type != COUNT_CACHE_FLUSH_NONE) { |
1000 |
++ seq_buf_printf(&s, "Mitigation: Software count cache flush"); |
1001 |
++ |
1002 |
++ if (count_cache_flush_type == COUNT_CACHE_FLUSH_HW) |
1003 |
++ seq_buf_printf(&s, " (hardware accelerated)"); |
1004 |
++ } else if (btb_flush_enabled) { |
1005 |
++ seq_buf_printf(&s, "Mitigation: Branch predictor state flush"); |
1006 |
++ } else { |
1007 |
+ seq_buf_printf(&s, "Vulnerable"); |
1008 |
+- |
1009 |
+- if (ori) |
1010 |
+- seq_buf_printf(&s, ", ori31 speculation barrier enabled"); |
1011 |
++ } |
1012 |
+ |
1013 |
+ seq_buf_printf(&s, "\n"); |
1014 |
+ |
1015 |
+ return s.len; |
1016 |
+ } |
1017 |
+ |
1018 |
++#ifdef CONFIG_PPC_BOOK3S_64 |
1019 |
+ /* |
1020 |
+ * Store-forwarding barrier support. |
1021 |
+ */ |
1022 |
+@@ -235,3 +365,71 @@ static __init int stf_barrier_debugfs_init(void) |
1023 |
+ } |
1024 |
+ device_initcall(stf_barrier_debugfs_init); |
1025 |
+ #endif /* CONFIG_DEBUG_FS */ |
1026 |
++ |
1027 |
++static void toggle_count_cache_flush(bool enable) |
1028 |
++{ |
1029 |
++ if (!enable || !security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE)) { |
1030 |
++ patch_instruction_site(&patch__call_flush_count_cache, PPC_INST_NOP); |
1031 |
++ count_cache_flush_type = COUNT_CACHE_FLUSH_NONE; |
1032 |
++ pr_info("count-cache-flush: software flush disabled.\n"); |
1033 |
++ return; |
1034 |
++ } |
1035 |
++ |
1036 |
++ patch_branch_site(&patch__call_flush_count_cache, |
1037 |
++ (u64)&flush_count_cache, BRANCH_SET_LINK); |
1038 |
++ |
1039 |
++ if (!security_ftr_enabled(SEC_FTR_BCCTR_FLUSH_ASSIST)) { |
1040 |
++ count_cache_flush_type = COUNT_CACHE_FLUSH_SW; |
1041 |
++ pr_info("count-cache-flush: full software flush sequence enabled.\n"); |
1042 |
++ return; |
1043 |
++ } |
1044 |
++ |
1045 |
++ patch_instruction_site(&patch__flush_count_cache_return, PPC_INST_BLR); |
1046 |
++ count_cache_flush_type = COUNT_CACHE_FLUSH_HW; |
1047 |
++ pr_info("count-cache-flush: hardware assisted flush sequence enabled\n"); |
1048 |
++} |
1049 |
++ |
1050 |
++void setup_count_cache_flush(void) |
1051 |
++{ |
1052 |
++ toggle_count_cache_flush(true); |
1053 |
++} |
1054 |
++ |
1055 |
++#ifdef CONFIG_DEBUG_FS |
1056 |
++static int count_cache_flush_set(void *data, u64 val) |
1057 |
++{ |
1058 |
++ bool enable; |
1059 |
++ |
1060 |
++ if (val == 1) |
1061 |
++ enable = true; |
1062 |
++ else if (val == 0) |
1063 |
++ enable = false; |
1064 |
++ else |
1065 |
++ return -EINVAL; |
1066 |
++ |
1067 |
++ toggle_count_cache_flush(enable); |
1068 |
++ |
1069 |
++ return 0; |
1070 |
++} |
1071 |
++ |
1072 |
++static int count_cache_flush_get(void *data, u64 *val) |
1073 |
++{ |
1074 |
++ if (count_cache_flush_type == COUNT_CACHE_FLUSH_NONE) |
1075 |
++ *val = 0; |
1076 |
++ else |
1077 |
++ *val = 1; |
1078 |
++ |
1079 |
++ return 0; |
1080 |
++} |
1081 |
++ |
1082 |
++DEFINE_SIMPLE_ATTRIBUTE(fops_count_cache_flush, count_cache_flush_get, |
1083 |
++ count_cache_flush_set, "%llu\n"); |
1084 |
++ |
1085 |
++static __init int count_cache_flush_debugfs_init(void) |
1086 |
++{ |
1087 |
++ debugfs_create_file("count_cache_flush", 0600, powerpc_debugfs_root, |
1088 |
++ NULL, &fops_count_cache_flush); |
1089 |
++ return 0; |
1090 |
++} |
1091 |
++device_initcall(count_cache_flush_debugfs_init); |
1092 |
++#endif /* CONFIG_DEBUG_FS */ |
1093 |
++#endif /* CONFIG_PPC_BOOK3S_64 */ |
1094 |
+diff --git a/arch/powerpc/kernel/setup-common.c b/arch/powerpc/kernel/setup-common.c |
1095 |
+index bf0f712ac0e0..5e7d70c5d065 100644 |
1096 |
+--- a/arch/powerpc/kernel/setup-common.c |
1097 |
++++ b/arch/powerpc/kernel/setup-common.c |
1098 |
+@@ -918,6 +918,9 @@ void __init setup_arch(char **cmdline_p) |
1099 |
+ if (ppc_md.setup_arch) |
1100 |
+ ppc_md.setup_arch(); |
1101 |
+ |
1102 |
++ setup_barrier_nospec(); |
1103 |
++ setup_spectre_v2(); |
1104 |
++ |
1105 |
+ paging_init(); |
1106 |
+ |
1107 |
+ /* Initialize the MMU context management stuff. */ |
1108 |
+diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c |
1109 |
+index d929afab7b24..bdf2f7b995bb 100644 |
1110 |
+--- a/arch/powerpc/kernel/signal_64.c |
1111 |
++++ b/arch/powerpc/kernel/signal_64.c |
1112 |
+@@ -746,12 +746,25 @@ int sys_rt_sigreturn(unsigned long r3, unsigned long r4, unsigned long r5, |
1113 |
+ if (restore_tm_sigcontexts(current, &uc->uc_mcontext, |
1114 |
+ &uc_transact->uc_mcontext)) |
1115 |
+ goto badframe; |
1116 |
+- } |
1117 |
+- else |
1118 |
+- /* Fall through, for non-TM restore */ |
1119 |
++ } else |
1120 |
+ #endif |
1121 |
+- if (restore_sigcontext(current, NULL, 1, &uc->uc_mcontext)) |
1122 |
+- goto badframe; |
1123 |
++ { |
1124 |
++ /* |
1125 |
++ * Fall through, for non-TM restore |
1126 |
++ * |
1127 |
++ * Unset MSR[TS] on the thread regs since MSR from user |
1128 |
++ * context does not have MSR active, and recheckpoint was |
1129 |
++ * not called since restore_tm_sigcontexts() was not called |
1130 |
++ * also. |
1131 |
++ * |
1132 |
++ * If not unsetting it, the code can RFID to userspace with |
1133 |
++ * MSR[TS] set, but without CPU in the proper state, |
1134 |
++ * causing a TM bad thing. |
1135 |
++ */ |
1136 |
++ current->thread.regs->msr &= ~MSR_TS_MASK; |
1137 |
++ if (restore_sigcontext(current, NULL, 1, &uc->uc_mcontext)) |
1138 |
++ goto badframe; |
1139 |
++ } |
1140 |
+ |
1141 |
+ if (restore_altstack(&uc->uc_stack)) |
1142 |
+ goto badframe; |
1143 |
+diff --git a/arch/powerpc/kernel/swsusp_asm64.S b/arch/powerpc/kernel/swsusp_asm64.S |
1144 |
+index 988f38dced0f..82d8aae81c6a 100644 |
1145 |
+--- a/arch/powerpc/kernel/swsusp_asm64.S |
1146 |
++++ b/arch/powerpc/kernel/swsusp_asm64.S |
1147 |
+@@ -179,7 +179,7 @@ nothing_to_copy: |
1148 |
+ sld r3, r3, r0 |
1149 |
+ li r0, 0 |
1150 |
+ 1: |
1151 |
+- dcbf r0,r3 |
1152 |
++ dcbf 0,r3 |
1153 |
+ addi r3,r3,0x20 |
1154 |
+ bdnz 1b |
1155 |
+ |
1156 |
+diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S |
1157 |
+index c16fddbb6ab8..50d365060855 100644 |
1158 |
+--- a/arch/powerpc/kernel/vmlinux.lds.S |
1159 |
++++ b/arch/powerpc/kernel/vmlinux.lds.S |
1160 |
+@@ -153,8 +153,25 @@ SECTIONS |
1161 |
+ *(__rfi_flush_fixup) |
1162 |
+ __stop___rfi_flush_fixup = .; |
1163 |
+ } |
1164 |
+-#endif |
1165 |
++#endif /* CONFIG_PPC64 */ |
1166 |
++ |
1167 |
++#ifdef CONFIG_PPC_BARRIER_NOSPEC |
1168 |
++ . = ALIGN(8); |
1169 |
++ __spec_barrier_fixup : AT(ADDR(__spec_barrier_fixup) - LOAD_OFFSET) { |
1170 |
++ __start___barrier_nospec_fixup = .; |
1171 |
++ *(__barrier_nospec_fixup) |
1172 |
++ __stop___barrier_nospec_fixup = .; |
1173 |
++ } |
1174 |
++#endif /* CONFIG_PPC_BARRIER_NOSPEC */ |
1175 |
+ |
1176 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
1177 |
++ . = ALIGN(8); |
1178 |
++ __spec_btb_flush_fixup : AT(ADDR(__spec_btb_flush_fixup) - LOAD_OFFSET) { |
1179 |
++ __start__btb_flush_fixup = .; |
1180 |
++ *(__btb_flush_fixup) |
1181 |
++ __stop__btb_flush_fixup = .; |
1182 |
++ } |
1183 |
++#endif |
1184 |
+ EXCEPTION_TABLE(0) |
1185 |
+ |
1186 |
+ NOTES :kernel :notes |
1187 |
+diff --git a/arch/powerpc/kvm/bookehv_interrupts.S b/arch/powerpc/kvm/bookehv_interrupts.S |
1188 |
+index 81bd8a07aa51..612b7f6a887f 100644 |
1189 |
+--- a/arch/powerpc/kvm/bookehv_interrupts.S |
1190 |
++++ b/arch/powerpc/kvm/bookehv_interrupts.S |
1191 |
+@@ -75,6 +75,10 @@ |
1192 |
+ PPC_LL r1, VCPU_HOST_STACK(r4) |
1193 |
+ PPC_LL r2, HOST_R2(r1) |
1194 |
+ |
1195 |
++START_BTB_FLUSH_SECTION |
1196 |
++ BTB_FLUSH(r10) |
1197 |
++END_BTB_FLUSH_SECTION |
1198 |
++ |
1199 |
+ mfspr r10, SPRN_PID |
1200 |
+ lwz r8, VCPU_HOST_PID(r4) |
1201 |
+ PPC_LL r11, VCPU_SHARED(r4) |
1202 |
+diff --git a/arch/powerpc/kvm/e500_emulate.c b/arch/powerpc/kvm/e500_emulate.c |
1203 |
+index 990db69a1d0b..fa88f641ac03 100644 |
1204 |
+--- a/arch/powerpc/kvm/e500_emulate.c |
1205 |
++++ b/arch/powerpc/kvm/e500_emulate.c |
1206 |
+@@ -277,6 +277,13 @@ int kvmppc_core_emulate_mtspr_e500(struct kvm_vcpu *vcpu, int sprn, ulong spr_va |
1207 |
+ vcpu->arch.pwrmgtcr0 = spr_val; |
1208 |
+ break; |
1209 |
+ |
1210 |
++ case SPRN_BUCSR: |
1211 |
++ /* |
1212 |
++ * If we are here, it means that we have already flushed the |
1213 |
++ * branch predictor, so just return to guest. |
1214 |
++ */ |
1215 |
++ break; |
1216 |
++ |
1217 |
+ /* extra exceptions */ |
1218 |
+ #ifdef CONFIG_SPE_POSSIBLE |
1219 |
+ case SPRN_IVOR32: |
1220 |
+diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c |
1221 |
+index 753d591f1b52..14535ad4cdd1 100644 |
1222 |
+--- a/arch/powerpc/lib/code-patching.c |
1223 |
++++ b/arch/powerpc/lib/code-patching.c |
1224 |
+@@ -14,12 +14,20 @@ |
1225 |
+ #include <asm/page.h> |
1226 |
+ #include <asm/code-patching.h> |
1227 |
+ #include <asm/uaccess.h> |
1228 |
++#include <asm/setup.h> |
1229 |
++#include <asm/sections.h> |
1230 |
+ |
1231 |
+ |
1232 |
+ int patch_instruction(unsigned int *addr, unsigned int instr) |
1233 |
+ { |
1234 |
+ int err; |
1235 |
+ |
1236 |
++ /* Make sure we aren't patching a freed init section */ |
1237 |
++ if (init_mem_is_free && init_section_contains(addr, 4)) { |
1238 |
++ pr_debug("Skipping init section patching addr: 0x%px\n", addr); |
1239 |
++ return 0; |
1240 |
++ } |
1241 |
++ |
1242 |
+ __put_user_size(instr, addr, 4, err); |
1243 |
+ if (err) |
1244 |
+ return err; |
1245 |
+@@ -32,6 +40,22 @@ int patch_branch(unsigned int *addr, unsigned long target, int flags) |
1246 |
+ return patch_instruction(addr, create_branch(addr, target, flags)); |
1247 |
+ } |
1248 |
+ |
1249 |
++int patch_branch_site(s32 *site, unsigned long target, int flags) |
1250 |
++{ |
1251 |
++ unsigned int *addr; |
1252 |
++ |
1253 |
++ addr = (unsigned int *)((unsigned long)site + *site); |
1254 |
++ return patch_instruction(addr, create_branch(addr, target, flags)); |
1255 |
++} |
1256 |
++ |
1257 |
++int patch_instruction_site(s32 *site, unsigned int instr) |
1258 |
++{ |
1259 |
++ unsigned int *addr; |
1260 |
++ |
1261 |
++ addr = (unsigned int *)((unsigned long)site + *site); |
1262 |
++ return patch_instruction(addr, instr); |
1263 |
++} |
1264 |
++ |
1265 |
+ unsigned int create_branch(const unsigned int *addr, |
1266 |
+ unsigned long target, int flags) |
1267 |
+ { |
1268 |
+diff --git a/arch/powerpc/lib/copypage_power7.S b/arch/powerpc/lib/copypage_power7.S |
1269 |
+index a84d333ecb09..ca5fc8fa7efc 100644 |
1270 |
+--- a/arch/powerpc/lib/copypage_power7.S |
1271 |
++++ b/arch/powerpc/lib/copypage_power7.S |
1272 |
+@@ -45,13 +45,13 @@ _GLOBAL(copypage_power7) |
1273 |
+ .machine push |
1274 |
+ .machine "power4" |
1275 |
+ /* setup read stream 0 */ |
1276 |
+- dcbt r0,r4,0b01000 /* addr from */ |
1277 |
+- dcbt r0,r7,0b01010 /* length and depth from */ |
1278 |
++ dcbt 0,r4,0b01000 /* addr from */ |
1279 |
++ dcbt 0,r7,0b01010 /* length and depth from */ |
1280 |
+ /* setup write stream 1 */ |
1281 |
+- dcbtst r0,r9,0b01000 /* addr to */ |
1282 |
+- dcbtst r0,r10,0b01010 /* length and depth to */ |
1283 |
++ dcbtst 0,r9,0b01000 /* addr to */ |
1284 |
++ dcbtst 0,r10,0b01010 /* length and depth to */ |
1285 |
+ eieio |
1286 |
+- dcbt r0,r8,0b01010 /* all streams GO */ |
1287 |
++ dcbt 0,r8,0b01010 /* all streams GO */ |
1288 |
+ .machine pop |
1289 |
+ |
1290 |
+ #ifdef CONFIG_ALTIVEC |
1291 |
+@@ -83,7 +83,7 @@ _GLOBAL(copypage_power7) |
1292 |
+ li r12,112 |
1293 |
+ |
1294 |
+ .align 5 |
1295 |
+-1: lvx v7,r0,r4 |
1296 |
++1: lvx v7,0,r4 |
1297 |
+ lvx v6,r4,r6 |
1298 |
+ lvx v5,r4,r7 |
1299 |
+ lvx v4,r4,r8 |
1300 |
+@@ -92,7 +92,7 @@ _GLOBAL(copypage_power7) |
1301 |
+ lvx v1,r4,r11 |
1302 |
+ lvx v0,r4,r12 |
1303 |
+ addi r4,r4,128 |
1304 |
+- stvx v7,r0,r3 |
1305 |
++ stvx v7,0,r3 |
1306 |
+ stvx v6,r3,r6 |
1307 |
+ stvx v5,r3,r7 |
1308 |
+ stvx v4,r3,r8 |
1309 |
+diff --git a/arch/powerpc/lib/copyuser_power7.S b/arch/powerpc/lib/copyuser_power7.S |
1310 |
+index da0c568d18c4..391694814691 100644 |
1311 |
+--- a/arch/powerpc/lib/copyuser_power7.S |
1312 |
++++ b/arch/powerpc/lib/copyuser_power7.S |
1313 |
+@@ -327,13 +327,13 @@ err1; stb r0,0(r3) |
1314 |
+ .machine push |
1315 |
+ .machine "power4" |
1316 |
+ /* setup read stream 0 */ |
1317 |
+- dcbt r0,r6,0b01000 /* addr from */ |
1318 |
+- dcbt r0,r7,0b01010 /* length and depth from */ |
1319 |
++ dcbt 0,r6,0b01000 /* addr from */ |
1320 |
++ dcbt 0,r7,0b01010 /* length and depth from */ |
1321 |
+ /* setup write stream 1 */ |
1322 |
+- dcbtst r0,r9,0b01000 /* addr to */ |
1323 |
+- dcbtst r0,r10,0b01010 /* length and depth to */ |
1324 |
++ dcbtst 0,r9,0b01000 /* addr to */ |
1325 |
++ dcbtst 0,r10,0b01010 /* length and depth to */ |
1326 |
+ eieio |
1327 |
+- dcbt r0,r8,0b01010 /* all streams GO */ |
1328 |
++ dcbt 0,r8,0b01010 /* all streams GO */ |
1329 |
+ .machine pop |
1330 |
+ |
1331 |
+ beq cr1,.Lunwind_stack_nonvmx_copy |
1332 |
+@@ -388,26 +388,26 @@ err3; std r0,0(r3) |
1333 |
+ li r11,48 |
1334 |
+ |
1335 |
+ bf cr7*4+3,5f |
1336 |
+-err3; lvx v1,r0,r4 |
1337 |
++err3; lvx v1,0,r4 |
1338 |
+ addi r4,r4,16 |
1339 |
+-err3; stvx v1,r0,r3 |
1340 |
++err3; stvx v1,0,r3 |
1341 |
+ addi r3,r3,16 |
1342 |
+ |
1343 |
+ 5: bf cr7*4+2,6f |
1344 |
+-err3; lvx v1,r0,r4 |
1345 |
++err3; lvx v1,0,r4 |
1346 |
+ err3; lvx v0,r4,r9 |
1347 |
+ addi r4,r4,32 |
1348 |
+-err3; stvx v1,r0,r3 |
1349 |
++err3; stvx v1,0,r3 |
1350 |
+ err3; stvx v0,r3,r9 |
1351 |
+ addi r3,r3,32 |
1352 |
+ |
1353 |
+ 6: bf cr7*4+1,7f |
1354 |
+-err3; lvx v3,r0,r4 |
1355 |
++err3; lvx v3,0,r4 |
1356 |
+ err3; lvx v2,r4,r9 |
1357 |
+ err3; lvx v1,r4,r10 |
1358 |
+ err3; lvx v0,r4,r11 |
1359 |
+ addi r4,r4,64 |
1360 |
+-err3; stvx v3,r0,r3 |
1361 |
++err3; stvx v3,0,r3 |
1362 |
+ err3; stvx v2,r3,r9 |
1363 |
+ err3; stvx v1,r3,r10 |
1364 |
+ err3; stvx v0,r3,r11 |
1365 |
+@@ -433,7 +433,7 @@ err3; stvx v0,r3,r11 |
1366 |
+ */ |
1367 |
+ .align 5 |
1368 |
+ 8: |
1369 |
+-err4; lvx v7,r0,r4 |
1370 |
++err4; lvx v7,0,r4 |
1371 |
+ err4; lvx v6,r4,r9 |
1372 |
+ err4; lvx v5,r4,r10 |
1373 |
+ err4; lvx v4,r4,r11 |
1374 |
+@@ -442,7 +442,7 @@ err4; lvx v2,r4,r14 |
1375 |
+ err4; lvx v1,r4,r15 |
1376 |
+ err4; lvx v0,r4,r16 |
1377 |
+ addi r4,r4,128 |
1378 |
+-err4; stvx v7,r0,r3 |
1379 |
++err4; stvx v7,0,r3 |
1380 |
+ err4; stvx v6,r3,r9 |
1381 |
+ err4; stvx v5,r3,r10 |
1382 |
+ err4; stvx v4,r3,r11 |
1383 |
+@@ -463,29 +463,29 @@ err4; stvx v0,r3,r16 |
1384 |
+ mtocrf 0x01,r6 |
1385 |
+ |
1386 |
+ bf cr7*4+1,9f |
1387 |
+-err3; lvx v3,r0,r4 |
1388 |
++err3; lvx v3,0,r4 |
1389 |
+ err3; lvx v2,r4,r9 |
1390 |
+ err3; lvx v1,r4,r10 |
1391 |
+ err3; lvx v0,r4,r11 |
1392 |
+ addi r4,r4,64 |
1393 |
+-err3; stvx v3,r0,r3 |
1394 |
++err3; stvx v3,0,r3 |
1395 |
+ err3; stvx v2,r3,r9 |
1396 |
+ err3; stvx v1,r3,r10 |
1397 |
+ err3; stvx v0,r3,r11 |
1398 |
+ addi r3,r3,64 |
1399 |
+ |
1400 |
+ 9: bf cr7*4+2,10f |
1401 |
+-err3; lvx v1,r0,r4 |
1402 |
++err3; lvx v1,0,r4 |
1403 |
+ err3; lvx v0,r4,r9 |
1404 |
+ addi r4,r4,32 |
1405 |
+-err3; stvx v1,r0,r3 |
1406 |
++err3; stvx v1,0,r3 |
1407 |
+ err3; stvx v0,r3,r9 |
1408 |
+ addi r3,r3,32 |
1409 |
+ |
1410 |
+ 10: bf cr7*4+3,11f |
1411 |
+-err3; lvx v1,r0,r4 |
1412 |
++err3; lvx v1,0,r4 |
1413 |
+ addi r4,r4,16 |
1414 |
+-err3; stvx v1,r0,r3 |
1415 |
++err3; stvx v1,0,r3 |
1416 |
+ addi r3,r3,16 |
1417 |
+ |
1418 |
+ /* Up to 15B to go */ |
1419 |
+@@ -565,25 +565,25 @@ err3; lvx v0,0,r4 |
1420 |
+ addi r4,r4,16 |
1421 |
+ |
1422 |
+ bf cr7*4+3,5f |
1423 |
+-err3; lvx v1,r0,r4 |
1424 |
++err3; lvx v1,0,r4 |
1425 |
+ VPERM(v8,v0,v1,v16) |
1426 |
+ addi r4,r4,16 |
1427 |
+-err3; stvx v8,r0,r3 |
1428 |
++err3; stvx v8,0,r3 |
1429 |
+ addi r3,r3,16 |
1430 |
+ vor v0,v1,v1 |
1431 |
+ |
1432 |
+ 5: bf cr7*4+2,6f |
1433 |
+-err3; lvx v1,r0,r4 |
1434 |
++err3; lvx v1,0,r4 |
1435 |
+ VPERM(v8,v0,v1,v16) |
1436 |
+ err3; lvx v0,r4,r9 |
1437 |
+ VPERM(v9,v1,v0,v16) |
1438 |
+ addi r4,r4,32 |
1439 |
+-err3; stvx v8,r0,r3 |
1440 |
++err3; stvx v8,0,r3 |
1441 |
+ err3; stvx v9,r3,r9 |
1442 |
+ addi r3,r3,32 |
1443 |
+ |
1444 |
+ 6: bf cr7*4+1,7f |
1445 |
+-err3; lvx v3,r0,r4 |
1446 |
++err3; lvx v3,0,r4 |
1447 |
+ VPERM(v8,v0,v3,v16) |
1448 |
+ err3; lvx v2,r4,r9 |
1449 |
+ VPERM(v9,v3,v2,v16) |
1450 |
+@@ -592,7 +592,7 @@ err3; lvx v1,r4,r10 |
1451 |
+ err3; lvx v0,r4,r11 |
1452 |
+ VPERM(v11,v1,v0,v16) |
1453 |
+ addi r4,r4,64 |
1454 |
+-err3; stvx v8,r0,r3 |
1455 |
++err3; stvx v8,0,r3 |
1456 |
+ err3; stvx v9,r3,r9 |
1457 |
+ err3; stvx v10,r3,r10 |
1458 |
+ err3; stvx v11,r3,r11 |
1459 |
+@@ -618,7 +618,7 @@ err3; stvx v11,r3,r11 |
1460 |
+ */ |
1461 |
+ .align 5 |
1462 |
+ 8: |
1463 |
+-err4; lvx v7,r0,r4 |
1464 |
++err4; lvx v7,0,r4 |
1465 |
+ VPERM(v8,v0,v7,v16) |
1466 |
+ err4; lvx v6,r4,r9 |
1467 |
+ VPERM(v9,v7,v6,v16) |
1468 |
+@@ -635,7 +635,7 @@ err4; lvx v1,r4,r15 |
1469 |
+ err4; lvx v0,r4,r16 |
1470 |
+ VPERM(v15,v1,v0,v16) |
1471 |
+ addi r4,r4,128 |
1472 |
+-err4; stvx v8,r0,r3 |
1473 |
++err4; stvx v8,0,r3 |
1474 |
+ err4; stvx v9,r3,r9 |
1475 |
+ err4; stvx v10,r3,r10 |
1476 |
+ err4; stvx v11,r3,r11 |
1477 |
+@@ -656,7 +656,7 @@ err4; stvx v15,r3,r16 |
1478 |
+ mtocrf 0x01,r6 |
1479 |
+ |
1480 |
+ bf cr7*4+1,9f |
1481 |
+-err3; lvx v3,r0,r4 |
1482 |
++err3; lvx v3,0,r4 |
1483 |
+ VPERM(v8,v0,v3,v16) |
1484 |
+ err3; lvx v2,r4,r9 |
1485 |
+ VPERM(v9,v3,v2,v16) |
1486 |
+@@ -665,27 +665,27 @@ err3; lvx v1,r4,r10 |
1487 |
+ err3; lvx v0,r4,r11 |
1488 |
+ VPERM(v11,v1,v0,v16) |
1489 |
+ addi r4,r4,64 |
1490 |
+-err3; stvx v8,r0,r3 |
1491 |
++err3; stvx v8,0,r3 |
1492 |
+ err3; stvx v9,r3,r9 |
1493 |
+ err3; stvx v10,r3,r10 |
1494 |
+ err3; stvx v11,r3,r11 |
1495 |
+ addi r3,r3,64 |
1496 |
+ |
1497 |
+ 9: bf cr7*4+2,10f |
1498 |
+-err3; lvx v1,r0,r4 |
1499 |
++err3; lvx v1,0,r4 |
1500 |
+ VPERM(v8,v0,v1,v16) |
1501 |
+ err3; lvx v0,r4,r9 |
1502 |
+ VPERM(v9,v1,v0,v16) |
1503 |
+ addi r4,r4,32 |
1504 |
+-err3; stvx v8,r0,r3 |
1505 |
++err3; stvx v8,0,r3 |
1506 |
+ err3; stvx v9,r3,r9 |
1507 |
+ addi r3,r3,32 |
1508 |
+ |
1509 |
+ 10: bf cr7*4+3,11f |
1510 |
+-err3; lvx v1,r0,r4 |
1511 |
++err3; lvx v1,0,r4 |
1512 |
+ VPERM(v8,v0,v1,v16) |
1513 |
+ addi r4,r4,16 |
1514 |
+-err3; stvx v8,r0,r3 |
1515 |
++err3; stvx v8,0,r3 |
1516 |
+ addi r3,r3,16 |
1517 |
+ |
1518 |
+ /* Up to 15B to go */ |
1519 |
+diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c |
1520 |
+index cf1398e3c2e0..e6ed0ec94bc8 100644 |
1521 |
+--- a/arch/powerpc/lib/feature-fixups.c |
1522 |
++++ b/arch/powerpc/lib/feature-fixups.c |
1523 |
+@@ -277,8 +277,101 @@ void do_rfi_flush_fixups(enum l1d_flush_type types) |
1524 |
+ (types & L1D_FLUSH_MTTRIG) ? "mttrig type" |
1525 |
+ : "unknown"); |
1526 |
+ } |
1527 |
++ |
1528 |
++void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end) |
1529 |
++{ |
1530 |
++ unsigned int instr, *dest; |
1531 |
++ long *start, *end; |
1532 |
++ int i; |
1533 |
++ |
1534 |
++ start = fixup_start; |
1535 |
++ end = fixup_end; |
1536 |
++ |
1537 |
++ instr = 0x60000000; /* nop */ |
1538 |
++ |
1539 |
++ if (enable) { |
1540 |
++ pr_info("barrier-nospec: using ORI speculation barrier\n"); |
1541 |
++ instr = 0x63ff0000; /* ori 31,31,0 speculation barrier */ |
1542 |
++ } |
1543 |
++ |
1544 |
++ for (i = 0; start < end; start++, i++) { |
1545 |
++ dest = (void *)start + *start; |
1546 |
++ |
1547 |
++ pr_devel("patching dest %lx\n", (unsigned long)dest); |
1548 |
++ patch_instruction(dest, instr); |
1549 |
++ } |
1550 |
++ |
1551 |
++ printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i); |
1552 |
++} |
1553 |
++ |
1554 |
+ #endif /* CONFIG_PPC_BOOK3S_64 */ |
1555 |
+ |
1556 |
++#ifdef CONFIG_PPC_BARRIER_NOSPEC |
1557 |
++void do_barrier_nospec_fixups(bool enable) |
1558 |
++{ |
1559 |
++ void *start, *end; |
1560 |
++ |
1561 |
++ start = PTRRELOC(&__start___barrier_nospec_fixup), |
1562 |
++ end = PTRRELOC(&__stop___barrier_nospec_fixup); |
1563 |
++ |
1564 |
++ do_barrier_nospec_fixups_range(enable, start, end); |
1565 |
++} |
1566 |
++#endif /* CONFIG_PPC_BARRIER_NOSPEC */ |
1567 |
++ |
1568 |
++#ifdef CONFIG_PPC_FSL_BOOK3E |
1569 |
++void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end) |
1570 |
++{ |
1571 |
++ unsigned int instr[2], *dest; |
1572 |
++ long *start, *end; |
1573 |
++ int i; |
1574 |
++ |
1575 |
++ start = fixup_start; |
1576 |
++ end = fixup_end; |
1577 |
++ |
1578 |
++ instr[0] = PPC_INST_NOP; |
1579 |
++ instr[1] = PPC_INST_NOP; |
1580 |
++ |
1581 |
++ if (enable) { |
1582 |
++ pr_info("barrier-nospec: using isync; sync as speculation barrier\n"); |
1583 |
++ instr[0] = PPC_INST_ISYNC; |
1584 |
++ instr[1] = PPC_INST_SYNC; |
1585 |
++ } |
1586 |
++ |
1587 |
++ for (i = 0; start < end; start++, i++) { |
1588 |
++ dest = (void *)start + *start; |
1589 |
++ |
1590 |
++ pr_devel("patching dest %lx\n", (unsigned long)dest); |
1591 |
++ patch_instruction(dest, instr[0]); |
1592 |
++ patch_instruction(dest + 1, instr[1]); |
1593 |
++ } |
1594 |
++ |
1595 |
++ printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i); |
1596 |
++} |
1597 |
++ |
1598 |
++static void patch_btb_flush_section(long *curr) |
1599 |
++{ |
1600 |
++ unsigned int *start, *end; |
1601 |
++ |
1602 |
++ start = (void *)curr + *curr; |
1603 |
++ end = (void *)curr + *(curr + 1); |
1604 |
++ for (; start < end; start++) { |
1605 |
++ pr_devel("patching dest %lx\n", (unsigned long)start); |
1606 |
++ patch_instruction(start, PPC_INST_NOP); |
1607 |
++ } |
1608 |
++} |
1609 |
++ |
1610 |
++void do_btb_flush_fixups(void) |
1611 |
++{ |
1612 |
++ long *start, *end; |
1613 |
++ |
1614 |
++ start = PTRRELOC(&__start__btb_flush_fixup); |
1615 |
++ end = PTRRELOC(&__stop__btb_flush_fixup); |
1616 |
++ |
1617 |
++ for (; start < end; start += 2) |
1618 |
++ patch_btb_flush_section(start); |
1619 |
++} |
1620 |
++#endif /* CONFIG_PPC_FSL_BOOK3E */ |
1621 |
++ |
1622 |
+ void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end) |
1623 |
+ { |
1624 |
+ long *start, *end; |
1625 |
+diff --git a/arch/powerpc/lib/memcpy_power7.S b/arch/powerpc/lib/memcpy_power7.S |
1626 |
+index 786234fd4e91..193909abd18b 100644 |
1627 |
+--- a/arch/powerpc/lib/memcpy_power7.S |
1628 |
++++ b/arch/powerpc/lib/memcpy_power7.S |
1629 |
+@@ -261,12 +261,12 @@ _GLOBAL(memcpy_power7) |
1630 |
+ |
1631 |
+ .machine push |
1632 |
+ .machine "power4" |
1633 |
+- dcbt r0,r6,0b01000 |
1634 |
+- dcbt r0,r7,0b01010 |
1635 |
+- dcbtst r0,r9,0b01000 |
1636 |
+- dcbtst r0,r10,0b01010 |
1637 |
++ dcbt 0,r6,0b01000 |
1638 |
++ dcbt 0,r7,0b01010 |
1639 |
++ dcbtst 0,r9,0b01000 |
1640 |
++ dcbtst 0,r10,0b01010 |
1641 |
+ eieio |
1642 |
+- dcbt r0,r8,0b01010 /* GO */ |
1643 |
++ dcbt 0,r8,0b01010 /* GO */ |
1644 |
+ .machine pop |
1645 |
+ |
1646 |
+ beq cr1,.Lunwind_stack_nonvmx_copy |
1647 |
+@@ -321,26 +321,26 @@ _GLOBAL(memcpy_power7) |
1648 |
+ li r11,48 |
1649 |
+ |
1650 |
+ bf cr7*4+3,5f |
1651 |
+- lvx v1,r0,r4 |
1652 |
++ lvx v1,0,r4 |
1653 |
+ addi r4,r4,16 |
1654 |
+- stvx v1,r0,r3 |
1655 |
++ stvx v1,0,r3 |
1656 |
+ addi r3,r3,16 |
1657 |
+ |
1658 |
+ 5: bf cr7*4+2,6f |
1659 |
+- lvx v1,r0,r4 |
1660 |
++ lvx v1,0,r4 |
1661 |
+ lvx v0,r4,r9 |
1662 |
+ addi r4,r4,32 |
1663 |
+- stvx v1,r0,r3 |
1664 |
++ stvx v1,0,r3 |
1665 |
+ stvx v0,r3,r9 |
1666 |
+ addi r3,r3,32 |
1667 |
+ |
1668 |
+ 6: bf cr7*4+1,7f |
1669 |
+- lvx v3,r0,r4 |
1670 |
++ lvx v3,0,r4 |
1671 |
+ lvx v2,r4,r9 |
1672 |
+ lvx v1,r4,r10 |
1673 |
+ lvx v0,r4,r11 |
1674 |
+ addi r4,r4,64 |
1675 |
+- stvx v3,r0,r3 |
1676 |
++ stvx v3,0,r3 |
1677 |
+ stvx v2,r3,r9 |
1678 |
+ stvx v1,r3,r10 |
1679 |
+ stvx v0,r3,r11 |
1680 |
+@@ -366,7 +366,7 @@ _GLOBAL(memcpy_power7) |
1681 |
+ */ |
1682 |
+ .align 5 |
1683 |
+ 8: |
1684 |
+- lvx v7,r0,r4 |
1685 |
++ lvx v7,0,r4 |
1686 |
+ lvx v6,r4,r9 |
1687 |
+ lvx v5,r4,r10 |
1688 |
+ lvx v4,r4,r11 |
1689 |
+@@ -375,7 +375,7 @@ _GLOBAL(memcpy_power7) |
1690 |
+ lvx v1,r4,r15 |
1691 |
+ lvx v0,r4,r16 |
1692 |
+ addi r4,r4,128 |
1693 |
+- stvx v7,r0,r3 |
1694 |
++ stvx v7,0,r3 |
1695 |
+ stvx v6,r3,r9 |
1696 |
+ stvx v5,r3,r10 |
1697 |
+ stvx v4,r3,r11 |
1698 |
+@@ -396,29 +396,29 @@ _GLOBAL(memcpy_power7) |
1699 |
+ mtocrf 0x01,r6 |
1700 |
+ |
1701 |
+ bf cr7*4+1,9f |
1702 |
+- lvx v3,r0,r4 |
1703 |
++ lvx v3,0,r4 |
1704 |
+ lvx v2,r4,r9 |
1705 |
+ lvx v1,r4,r10 |
1706 |
+ lvx v0,r4,r11 |
1707 |
+ addi r4,r4,64 |
1708 |
+- stvx v3,r0,r3 |
1709 |
++ stvx v3,0,r3 |
1710 |
+ stvx v2,r3,r9 |
1711 |
+ stvx v1,r3,r10 |
1712 |
+ stvx v0,r3,r11 |
1713 |
+ addi r3,r3,64 |
1714 |
+ |
1715 |
+ 9: bf cr7*4+2,10f |
1716 |
+- lvx v1,r0,r4 |
1717 |
++ lvx v1,0,r4 |
1718 |
+ lvx v0,r4,r9 |
1719 |
+ addi r4,r4,32 |
1720 |
+- stvx v1,r0,r3 |
1721 |
++ stvx v1,0,r3 |
1722 |
+ stvx v0,r3,r9 |
1723 |
+ addi r3,r3,32 |
1724 |
+ |
1725 |
+ 10: bf cr7*4+3,11f |
1726 |
+- lvx v1,r0,r4 |
1727 |
++ lvx v1,0,r4 |
1728 |
+ addi r4,r4,16 |
1729 |
+- stvx v1,r0,r3 |
1730 |
++ stvx v1,0,r3 |
1731 |
+ addi r3,r3,16 |
1732 |
+ |
1733 |
+ /* Up to 15B to go */ |
1734 |
+@@ -499,25 +499,25 @@ _GLOBAL(memcpy_power7) |
1735 |
+ addi r4,r4,16 |
1736 |
+ |
1737 |
+ bf cr7*4+3,5f |
1738 |
+- lvx v1,r0,r4 |
1739 |
++ lvx v1,0,r4 |
1740 |
+ VPERM(v8,v0,v1,v16) |
1741 |
+ addi r4,r4,16 |
1742 |
+- stvx v8,r0,r3 |
1743 |
++ stvx v8,0,r3 |
1744 |
+ addi r3,r3,16 |
1745 |
+ vor v0,v1,v1 |
1746 |
+ |
1747 |
+ 5: bf cr7*4+2,6f |
1748 |
+- lvx v1,r0,r4 |
1749 |
++ lvx v1,0,r4 |
1750 |
+ VPERM(v8,v0,v1,v16) |
1751 |
+ lvx v0,r4,r9 |
1752 |
+ VPERM(v9,v1,v0,v16) |
1753 |
+ addi r4,r4,32 |
1754 |
+- stvx v8,r0,r3 |
1755 |
++ stvx v8,0,r3 |
1756 |
+ stvx v9,r3,r9 |
1757 |
+ addi r3,r3,32 |
1758 |
+ |
1759 |
+ 6: bf cr7*4+1,7f |
1760 |
+- lvx v3,r0,r4 |
1761 |
++ lvx v3,0,r4 |
1762 |
+ VPERM(v8,v0,v3,v16) |
1763 |
+ lvx v2,r4,r9 |
1764 |
+ VPERM(v9,v3,v2,v16) |
1765 |
+@@ -526,7 +526,7 @@ _GLOBAL(memcpy_power7) |
1766 |
+ lvx v0,r4,r11 |
1767 |
+ VPERM(v11,v1,v0,v16) |
1768 |
+ addi r4,r4,64 |
1769 |
+- stvx v8,r0,r3 |
1770 |
++ stvx v8,0,r3 |
1771 |
+ stvx v9,r3,r9 |
1772 |
+ stvx v10,r3,r10 |
1773 |
+ stvx v11,r3,r11 |
1774 |
+@@ -552,7 +552,7 @@ _GLOBAL(memcpy_power7) |
1775 |
+ */ |
1776 |
+ .align 5 |
1777 |
+ 8: |
1778 |
+- lvx v7,r0,r4 |
1779 |
++ lvx v7,0,r4 |
1780 |
+ VPERM(v8,v0,v7,v16) |
1781 |
+ lvx v6,r4,r9 |
1782 |
+ VPERM(v9,v7,v6,v16) |
1783 |
+@@ -569,7 +569,7 @@ _GLOBAL(memcpy_power7) |
1784 |
+ lvx v0,r4,r16 |
1785 |
+ VPERM(v15,v1,v0,v16) |
1786 |
+ addi r4,r4,128 |
1787 |
+- stvx v8,r0,r3 |
1788 |
++ stvx v8,0,r3 |
1789 |
+ stvx v9,r3,r9 |
1790 |
+ stvx v10,r3,r10 |
1791 |
+ stvx v11,r3,r11 |
1792 |
+@@ -590,7 +590,7 @@ _GLOBAL(memcpy_power7) |
1793 |
+ mtocrf 0x01,r6 |
1794 |
+ |
1795 |
+ bf cr7*4+1,9f |
1796 |
+- lvx v3,r0,r4 |
1797 |
++ lvx v3,0,r4 |
1798 |
+ VPERM(v8,v0,v3,v16) |
1799 |
+ lvx v2,r4,r9 |
1800 |
+ VPERM(v9,v3,v2,v16) |
1801 |
+@@ -599,27 +599,27 @@ _GLOBAL(memcpy_power7) |
1802 |
+ lvx v0,r4,r11 |
1803 |
+ VPERM(v11,v1,v0,v16) |
1804 |
+ addi r4,r4,64 |
1805 |
+- stvx v8,r0,r3 |
1806 |
++ stvx v8,0,r3 |
1807 |
+ stvx v9,r3,r9 |
1808 |
+ stvx v10,r3,r10 |
1809 |
+ stvx v11,r3,r11 |
1810 |
+ addi r3,r3,64 |
1811 |
+ |
1812 |
+ 9: bf cr7*4+2,10f |
1813 |
+- lvx v1,r0,r4 |
1814 |
++ lvx v1,0,r4 |
1815 |
+ VPERM(v8,v0,v1,v16) |
1816 |
+ lvx v0,r4,r9 |
1817 |
+ VPERM(v9,v1,v0,v16) |
1818 |
+ addi r4,r4,32 |
1819 |
+- stvx v8,r0,r3 |
1820 |
++ stvx v8,0,r3 |
1821 |
+ stvx v9,r3,r9 |
1822 |
+ addi r3,r3,32 |
1823 |
+ |
1824 |
+ 10: bf cr7*4+3,11f |
1825 |
+- lvx v1,r0,r4 |
1826 |
++ lvx v1,0,r4 |
1827 |
+ VPERM(v8,v0,v1,v16) |
1828 |
+ addi r4,r4,16 |
1829 |
+- stvx v8,r0,r3 |
1830 |
++ stvx v8,0,r3 |
1831 |
+ addi r3,r3,16 |
1832 |
+ |
1833 |
+ /* Up to 15B to go */ |
1834 |
+diff --git a/arch/powerpc/lib/string_64.S b/arch/powerpc/lib/string_64.S |
1835 |
+index 57ace356c949..11e6372537fd 100644 |
1836 |
+--- a/arch/powerpc/lib/string_64.S |
1837 |
++++ b/arch/powerpc/lib/string_64.S |
1838 |
+@@ -192,7 +192,7 @@ err1; std r0,8(r3) |
1839 |
+ mtctr r6 |
1840 |
+ mr r8,r3 |
1841 |
+ 14: |
1842 |
+-err1; dcbz r0,r3 |
1843 |
++err1; dcbz 0,r3 |
1844 |
+ add r3,r3,r9 |
1845 |
+ bdnz 14b |
1846 |
+ |
1847 |
+diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c |
1848 |
+index 5f844337de21..1e93dbc88e80 100644 |
1849 |
+--- a/arch/powerpc/mm/mem.c |
1850 |
++++ b/arch/powerpc/mm/mem.c |
1851 |
+@@ -62,6 +62,7 @@ |
1852 |
+ #endif |
1853 |
+ |
1854 |
+ unsigned long long memory_limit; |
1855 |
++bool init_mem_is_free; |
1856 |
+ |
1857 |
+ #ifdef CONFIG_HIGHMEM |
1858 |
+ pte_t *kmap_pte; |
1859 |
+@@ -396,6 +397,7 @@ void __init mem_init(void) |
1860 |
+ void free_initmem(void) |
1861 |
+ { |
1862 |
+ ppc_md.progress = ppc_printk_progress; |
1863 |
++ init_mem_is_free = true; |
1864 |
+ free_initmem_default(POISON_FREE_INITMEM); |
1865 |
+ } |
1866 |
+ |
1867 |
+diff --git a/arch/powerpc/mm/tlb_low_64e.S b/arch/powerpc/mm/tlb_low_64e.S |
1868 |
+index eb82d787d99a..b7e9c09dfe19 100644 |
1869 |
+--- a/arch/powerpc/mm/tlb_low_64e.S |
1870 |
++++ b/arch/powerpc/mm/tlb_low_64e.S |
1871 |
+@@ -69,6 +69,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV) |
1872 |
+ std r15,EX_TLB_R15(r12) |
1873 |
+ std r10,EX_TLB_CR(r12) |
1874 |
+ #ifdef CONFIG_PPC_FSL_BOOK3E |
1875 |
++START_BTB_FLUSH_SECTION |
1876 |
++ mfspr r11, SPRN_SRR1 |
1877 |
++ andi. r10,r11,MSR_PR |
1878 |
++ beq 1f |
1879 |
++ BTB_FLUSH(r10) |
1880 |
++1: |
1881 |
++END_BTB_FLUSH_SECTION |
1882 |
+ std r7,EX_TLB_R7(r12) |
1883 |
+ #endif |
1884 |
+ TLB_MISS_PROLOG_STATS |
1885 |
+diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c |
1886 |
+index 17203abf38e8..365e2b620201 100644 |
1887 |
+--- a/arch/powerpc/platforms/powernv/setup.c |
1888 |
++++ b/arch/powerpc/platforms/powernv/setup.c |
1889 |
+@@ -77,6 +77,12 @@ static void init_fw_feat_flags(struct device_node *np) |
1890 |
+ if (fw_feature_is("enabled", "fw-count-cache-disabled", np)) |
1891 |
+ security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED); |
1892 |
+ |
1893 |
++ if (fw_feature_is("enabled", "fw-count-cache-flush-bcctr2,0,0", np)) |
1894 |
++ security_ftr_set(SEC_FTR_BCCTR_FLUSH_ASSIST); |
1895 |
++ |
1896 |
++ if (fw_feature_is("enabled", "needs-count-cache-flush-on-context-switch", np)) |
1897 |
++ security_ftr_set(SEC_FTR_FLUSH_COUNT_CACHE); |
1898 |
++ |
1899 |
+ /* |
1900 |
+ * The features below are enabled by default, so we instead look to see |
1901 |
+ * if firmware has *disabled* them, and clear them if so. |
1902 |
+@@ -123,6 +129,7 @@ static void pnv_setup_rfi_flush(void) |
1903 |
+ security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV)); |
1904 |
+ |
1905 |
+ setup_rfi_flush(type, enable); |
1906 |
++ setup_count_cache_flush(); |
1907 |
+ } |
1908 |
+ |
1909 |
+ static void __init pnv_setup_arch(void) |
1910 |
+diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c |
1911 |
+index 91ade7755823..adb09ab87f7c 100644 |
1912 |
+--- a/arch/powerpc/platforms/pseries/setup.c |
1913 |
++++ b/arch/powerpc/platforms/pseries/setup.c |
1914 |
+@@ -475,6 +475,12 @@ static void init_cpu_char_feature_flags(struct h_cpu_char_result *result) |
1915 |
+ if (result->character & H_CPU_CHAR_COUNT_CACHE_DISABLED) |
1916 |
+ security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED); |
1917 |
+ |
1918 |
++ if (result->character & H_CPU_CHAR_BCCTR_FLUSH_ASSIST) |
1919 |
++ security_ftr_set(SEC_FTR_BCCTR_FLUSH_ASSIST); |
1920 |
++ |
1921 |
++ if (result->behaviour & H_CPU_BEHAV_FLUSH_COUNT_CACHE) |
1922 |
++ security_ftr_set(SEC_FTR_FLUSH_COUNT_CACHE); |
1923 |
++ |
1924 |
+ /* |
1925 |
+ * The features below are enabled by default, so we instead look to see |
1926 |
+ * if firmware has *disabled* them, and clear them if so. |
1927 |
+@@ -525,6 +531,7 @@ void pseries_setup_rfi_flush(void) |
1928 |
+ security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR); |
1929 |
+ |
1930 |
+ setup_rfi_flush(types, enable); |
1931 |
++ setup_count_cache_flush(); |
1932 |
+ } |
1933 |
+ |
1934 |
+ static void __init pSeries_setup_arch(void) |
1935 |
+diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile |
1936 |
+index d5409660f5de..756dc9432d15 100644 |
1937 |
+--- a/arch/x86/entry/vdso/Makefile |
1938 |
++++ b/arch/x86/entry/vdso/Makefile |
1939 |
+@@ -47,10 +47,8 @@ targets += $(vdso_img_sodbg) |
1940 |
+ |
1941 |
+ export CPPFLAGS_vdso.lds += -P -C |
1942 |
+ |
1943 |
+-VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \ |
1944 |
+- -Wl,--no-undefined \ |
1945 |
+- -Wl,-z,max-page-size=4096 -Wl,-z,common-page-size=4096 \ |
1946 |
+- $(DISABLE_LTO) |
1947 |
++VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -soname linux-vdso.so.1 --no-undefined \ |
1948 |
++ -z max-page-size=4096 |
1949 |
+ |
1950 |
+ $(obj)/vdso64.so.dbg: $(src)/vdso.lds $(vobjs) FORCE |
1951 |
+ $(call if_changed,vdso) |
1952 |
+@@ -96,10 +94,8 @@ CFLAGS_REMOVE_vvar.o = -pg |
1953 |
+ # |
1954 |
+ |
1955 |
+ CPPFLAGS_vdsox32.lds = $(CPPFLAGS_vdso.lds) |
1956 |
+-VDSO_LDFLAGS_vdsox32.lds = -Wl,-m,elf32_x86_64 \ |
1957 |
+- -Wl,-soname=linux-vdso.so.1 \ |
1958 |
+- -Wl,-z,max-page-size=4096 \ |
1959 |
+- -Wl,-z,common-page-size=4096 |
1960 |
++VDSO_LDFLAGS_vdsox32.lds = -m elf32_x86_64 -soname linux-vdso.so.1 \ |
1961 |
++ -z max-page-size=4096 |
1962 |
+ |
1963 |
+ # 64-bit objects to re-brand as x32 |
1964 |
+ vobjs64-for-x32 := $(filter-out $(vobjs-nox32),$(vobjs-y)) |
1965 |
+@@ -127,7 +123,7 @@ $(obj)/vdsox32.so.dbg: $(src)/vdsox32.lds $(vobjx32s) FORCE |
1966 |
+ $(call if_changed,vdso) |
1967 |
+ |
1968 |
+ CPPFLAGS_vdso32.lds = $(CPPFLAGS_vdso.lds) |
1969 |
+-VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-m,elf_i386 -Wl,-soname=linux-gate.so.1 |
1970 |
++VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -soname linux-gate.so.1 |
1971 |
+ |
1972 |
+ # This makes sure the $(obj) subdirectory exists even though vdso32/ |
1973 |
+ # is not a kbuild sub-make subdirectory. |
1974 |
+@@ -165,13 +161,13 @@ $(obj)/vdso32.so.dbg: FORCE \ |
1975 |
+ # The DSO images are built using a special linker script. |
1976 |
+ # |
1977 |
+ quiet_cmd_vdso = VDSO $@ |
1978 |
+- cmd_vdso = $(CC) -nostdlib -o $@ \ |
1979 |
++ cmd_vdso = $(LD) -nostdlib -o $@ \ |
1980 |
+ $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \ |
1981 |
+- -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \ |
1982 |
++ -T $(filter %.lds,$^) $(filter %.o,$^) && \ |
1983 |
+ sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@' |
1984 |
+ |
1985 |
+-VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \ |
1986 |
+- $(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS) |
1987 |
++VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \ |
1988 |
++ $(call ld-option, --build-id) -Bsymbolic |
1989 |
+ GCOV_PROFILE := n |
1990 |
+ |
1991 |
+ # |
1992 |
+diff --git a/arch/x86/include/asm/suspend_32.h b/arch/x86/include/asm/suspend_32.h |
1993 |
+index 8e9dbe7b73a1..5cc2ce4ab8a3 100644 |
1994 |
+--- a/arch/x86/include/asm/suspend_32.h |
1995 |
++++ b/arch/x86/include/asm/suspend_32.h |
1996 |
+@@ -11,7 +11,13 @@ |
1997 |
+ |
1998 |
+ /* image of the saved processor state */ |
1999 |
+ struct saved_context { |
2000 |
+- u16 es, fs, gs, ss; |
2001 |
++ /* |
2002 |
++ * On x86_32, all segment registers, with the possible exception of |
2003 |
++ * gs, are saved at kernel entry in pt_regs. |
2004 |
++ */ |
2005 |
++#ifdef CONFIG_X86_32_LAZY_GS |
2006 |
++ u16 gs; |
2007 |
++#endif |
2008 |
+ unsigned long cr0, cr2, cr3, cr4; |
2009 |
+ u64 misc_enable; |
2010 |
+ bool misc_enable_saved; |
2011 |
+diff --git a/arch/x86/include/asm/suspend_64.h b/arch/x86/include/asm/suspend_64.h |
2012 |
+index 2bd96b4df140..701751918921 100644 |
2013 |
+--- a/arch/x86/include/asm/suspend_64.h |
2014 |
++++ b/arch/x86/include/asm/suspend_64.h |
2015 |
+@@ -19,8 +19,20 @@ |
2016 |
+ */ |
2017 |
+ struct saved_context { |
2018 |
+ struct pt_regs regs; |
2019 |
+- u16 ds, es, fs, gs, ss; |
2020 |
+- unsigned long gs_base, gs_kernel_base, fs_base; |
2021 |
++ |
2022 |
++ /* |
2023 |
++ * User CS and SS are saved in current_pt_regs(). The rest of the |
2024 |
++ * segment selectors need to be saved and restored here. |
2025 |
++ */ |
2026 |
++ u16 ds, es, fs, gs; |
2027 |
++ |
2028 |
++ /* |
2029 |
++ * Usermode FSBASE and GSBASE may not match the fs and gs selectors, |
2030 |
++ * so we save them separately. We save the kernelmode GSBASE to |
2031 |
++ * restore percpu access after resume. |
2032 |
++ */ |
2033 |
++ unsigned long kernelmode_gs_base, usermode_gs_base, fs_base; |
2034 |
++ |
2035 |
+ unsigned long cr0, cr2, cr3, cr4, cr8; |
2036 |
+ u64 misc_enable; |
2037 |
+ bool misc_enable_saved; |
2038 |
+@@ -29,8 +41,7 @@ struct saved_context { |
2039 |
+ u16 gdt_pad; /* Unused */ |
2040 |
+ struct desc_ptr gdt_desc; |
2041 |
+ u16 idt_pad; |
2042 |
+- u16 idt_limit; |
2043 |
+- unsigned long idt_base; |
2044 |
++ struct desc_ptr idt; |
2045 |
+ u16 ldt; |
2046 |
+ u16 tss; |
2047 |
+ unsigned long tr; |
2048 |
+diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h |
2049 |
+index ccdc23d89b60..9f694537a103 100644 |
2050 |
+--- a/arch/x86/include/asm/xen/hypercall.h |
2051 |
++++ b/arch/x86/include/asm/xen/hypercall.h |
2052 |
+@@ -216,6 +216,9 @@ privcmd_call(unsigned call, |
2053 |
+ __HYPERCALL_DECLS; |
2054 |
+ __HYPERCALL_5ARG(a1, a2, a3, a4, a5); |
2055 |
+ |
2056 |
++ if (call >= PAGE_SIZE / sizeof(hypercall_page[0])) |
2057 |
++ return -EINVAL; |
2058 |
++ |
2059 |
+ stac(); |
2060 |
+ asm volatile(CALL_NOSPEC |
2061 |
+ : __HYPERCALL_5PARAM |
2062 |
+diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c |
2063 |
+index 53cace2ec0e2..054e27671df9 100644 |
2064 |
+--- a/arch/x86/power/cpu.c |
2065 |
++++ b/arch/x86/power/cpu.c |
2066 |
+@@ -82,12 +82,8 @@ static void __save_processor_state(struct saved_context *ctxt) |
2067 |
+ /* |
2068 |
+ * descriptor tables |
2069 |
+ */ |
2070 |
+-#ifdef CONFIG_X86_32 |
2071 |
+ store_idt(&ctxt->idt); |
2072 |
+-#else |
2073 |
+-/* CONFIG_X86_64 */ |
2074 |
+- store_idt((struct desc_ptr *)&ctxt->idt_limit); |
2075 |
+-#endif |
2076 |
++ |
2077 |
+ /* |
2078 |
+ * We save it here, but restore it only in the hibernate case. |
2079 |
+ * For ACPI S3 resume, this is loaded via 'early_gdt_desc' in 64-bit |
2080 |
+@@ -103,22 +99,18 @@ static void __save_processor_state(struct saved_context *ctxt) |
2081 |
+ /* |
2082 |
+ * segment registers |
2083 |
+ */ |
2084 |
+-#ifdef CONFIG_X86_32 |
2085 |
+- savesegment(es, ctxt->es); |
2086 |
+- savesegment(fs, ctxt->fs); |
2087 |
++#ifdef CONFIG_X86_32_LAZY_GS |
2088 |
+ savesegment(gs, ctxt->gs); |
2089 |
+- savesegment(ss, ctxt->ss); |
2090 |
+-#else |
2091 |
+-/* CONFIG_X86_64 */ |
2092 |
+- asm volatile ("movw %%ds, %0" : "=m" (ctxt->ds)); |
2093 |
+- asm volatile ("movw %%es, %0" : "=m" (ctxt->es)); |
2094 |
+- asm volatile ("movw %%fs, %0" : "=m" (ctxt->fs)); |
2095 |
+- asm volatile ("movw %%gs, %0" : "=m" (ctxt->gs)); |
2096 |
+- asm volatile ("movw %%ss, %0" : "=m" (ctxt->ss)); |
2097 |
++#endif |
2098 |
++#ifdef CONFIG_X86_64 |
2099 |
++ savesegment(gs, ctxt->gs); |
2100 |
++ savesegment(fs, ctxt->fs); |
2101 |
++ savesegment(ds, ctxt->ds); |
2102 |
++ savesegment(es, ctxt->es); |
2103 |
+ |
2104 |
+ rdmsrl(MSR_FS_BASE, ctxt->fs_base); |
2105 |
+- rdmsrl(MSR_GS_BASE, ctxt->gs_base); |
2106 |
+- rdmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base); |
2107 |
++ rdmsrl(MSR_GS_BASE, ctxt->kernelmode_gs_base); |
2108 |
++ rdmsrl(MSR_KERNEL_GS_BASE, ctxt->usermode_gs_base); |
2109 |
+ mtrr_save_fixed_ranges(NULL); |
2110 |
+ |
2111 |
+ rdmsrl(MSR_EFER, ctxt->efer); |
2112 |
+@@ -178,6 +170,9 @@ static void fix_processor_context(void) |
2113 |
+ write_gdt_entry(desc, GDT_ENTRY_TSS, &tss, DESC_TSS); |
2114 |
+ |
2115 |
+ syscall_init(); /* This sets MSR_*STAR and related */ |
2116 |
++#else |
2117 |
++ if (boot_cpu_has(X86_FEATURE_SEP)) |
2118 |
++ enable_sep_cpu(); |
2119 |
+ #endif |
2120 |
+ load_TR_desc(); /* This does ltr */ |
2121 |
+ load_mm_ldt(current->active_mm); /* This does lldt */ |
2122 |
+@@ -186,9 +181,12 @@ static void fix_processor_context(void) |
2123 |
+ } |
2124 |
+ |
2125 |
+ /** |
2126 |
+- * __restore_processor_state - restore the contents of CPU registers saved |
2127 |
+- * by __save_processor_state() |
2128 |
+- * @ctxt - structure to load the registers contents from |
2129 |
++ * __restore_processor_state - restore the contents of CPU registers saved |
2130 |
++ * by __save_processor_state() |
2131 |
++ * @ctxt - structure to load the registers contents from |
2132 |
++ * |
2133 |
++ * The asm code that gets us here will have restored a usable GDT, although |
2134 |
++ * it will be pointing to the wrong alias. |
2135 |
+ */ |
2136 |
+ static void notrace __restore_processor_state(struct saved_context *ctxt) |
2137 |
+ { |
2138 |
+@@ -211,46 +209,52 @@ static void notrace __restore_processor_state(struct saved_context *ctxt) |
2139 |
+ write_cr2(ctxt->cr2); |
2140 |
+ write_cr0(ctxt->cr0); |
2141 |
+ |
2142 |
++ /* Restore the IDT. */ |
2143 |
++ load_idt(&ctxt->idt); |
2144 |
++ |
2145 |
+ /* |
2146 |
+- * now restore the descriptor tables to their proper values |
2147 |
+- * ltr is done i fix_processor_context(). |
2148 |
++ * Just in case the asm code got us here with the SS, DS, or ES |
2149 |
++ * out of sync with the GDT, update them. |
2150 |
+ */ |
2151 |
+-#ifdef CONFIG_X86_32 |
2152 |
+- load_idt(&ctxt->idt); |
2153 |
++ loadsegment(ss, __KERNEL_DS); |
2154 |
++ loadsegment(ds, __USER_DS); |
2155 |
++ loadsegment(es, __USER_DS); |
2156 |
++ |
2157 |
++ /* |
2158 |
++ * Restore percpu access. Percpu access can happen in exception |
2159 |
++ * handlers or in complicated helpers like load_gs_index(). |
2160 |
++ */ |
2161 |
++#ifdef CONFIG_X86_64 |
2162 |
++ wrmsrl(MSR_GS_BASE, ctxt->kernelmode_gs_base); |
2163 |
+ #else |
2164 |
+-/* CONFIG_X86_64 */ |
2165 |
+- load_idt((const struct desc_ptr *)&ctxt->idt_limit); |
2166 |
++ loadsegment(fs, __KERNEL_PERCPU); |
2167 |
++ loadsegment(gs, __KERNEL_STACK_CANARY); |
2168 |
+ #endif |
2169 |
+ |
2170 |
++ /* Restore the TSS, RO GDT, LDT, and usermode-relevant MSRs. */ |
2171 |
++ fix_processor_context(); |
2172 |
++ |
2173 |
+ /* |
2174 |
+- * segment registers |
2175 |
++ * Now that we have descriptor tables fully restored and working |
2176 |
++ * exception handling, restore the usermode segments. |
2177 |
+ */ |
2178 |
+-#ifdef CONFIG_X86_32 |
2179 |
++#ifdef CONFIG_X86_64 |
2180 |
++ loadsegment(ds, ctxt->es); |
2181 |
+ loadsegment(es, ctxt->es); |
2182 |
+ loadsegment(fs, ctxt->fs); |
2183 |
+- loadsegment(gs, ctxt->gs); |
2184 |
+- loadsegment(ss, ctxt->ss); |
2185 |
++ load_gs_index(ctxt->gs); |
2186 |
+ |
2187 |
+ /* |
2188 |
+- * sysenter MSRs |
2189 |
++ * Restore FSBASE and GSBASE after restoring the selectors, since |
2190 |
++ * restoring the selectors clobbers the bases. Keep in mind |
2191 |
++ * that MSR_KERNEL_GS_BASE is horribly misnamed. |
2192 |
+ */ |
2193 |
+- if (boot_cpu_has(X86_FEATURE_SEP)) |
2194 |
+- enable_sep_cpu(); |
2195 |
+-#else |
2196 |
+-/* CONFIG_X86_64 */ |
2197 |
+- asm volatile ("movw %0, %%ds" :: "r" (ctxt->ds)); |
2198 |
+- asm volatile ("movw %0, %%es" :: "r" (ctxt->es)); |
2199 |
+- asm volatile ("movw %0, %%fs" :: "r" (ctxt->fs)); |
2200 |
+- load_gs_index(ctxt->gs); |
2201 |
+- asm volatile ("movw %0, %%ss" :: "r" (ctxt->ss)); |
2202 |
+- |
2203 |
+ wrmsrl(MSR_FS_BASE, ctxt->fs_base); |
2204 |
+- wrmsrl(MSR_GS_BASE, ctxt->gs_base); |
2205 |
+- wrmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base); |
2206 |
++ wrmsrl(MSR_KERNEL_GS_BASE, ctxt->usermode_gs_base); |
2207 |
++#elif defined(CONFIG_X86_32_LAZY_GS) |
2208 |
++ loadsegment(gs, ctxt->gs); |
2209 |
+ #endif |
2210 |
+ |
2211 |
+- fix_processor_context(); |
2212 |
+- |
2213 |
+ do_fpu_end(); |
2214 |
+ x86_platform.restore_sched_clock_state(); |
2215 |
+ mtrr_bp_restore(); |
2216 |
+diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c |
2217 |
+index 7538d802b65a..483593068139 100644 |
2218 |
+--- a/arch/xtensa/kernel/stacktrace.c |
2219 |
++++ b/arch/xtensa/kernel/stacktrace.c |
2220 |
+@@ -272,10 +272,14 @@ static int return_address_cb(struct stackframe *frame, void *data) |
2221 |
+ return 1; |
2222 |
+ } |
2223 |
+ |
2224 |
++/* |
2225 |
++ * level == 0 is for the return address from the caller of this function, |
2226 |
++ * not from this function itself. |
2227 |
++ */ |
2228 |
+ unsigned long return_address(unsigned level) |
2229 |
+ { |
2230 |
+ struct return_addr_data r = { |
2231 |
+- .skip = level + 1, |
2232 |
++ .skip = level, |
2233 |
+ }; |
2234 |
+ walk_stackframe(stack_pointer(NULL), return_address_cb, &r); |
2235 |
+ return r.addr; |
2236 |
+diff --git a/block/bio.c b/block/bio.c |
2237 |
+index 68972e3d3f5c..4c18a68913de 100644 |
2238 |
+--- a/block/bio.c |
2239 |
++++ b/block/bio.c |
2240 |
+@@ -1214,8 +1214,11 @@ struct bio *bio_copy_user_iov(struct request_queue *q, |
2241 |
+ } |
2242 |
+ } |
2243 |
+ |
2244 |
+- if (bio_add_pc_page(q, bio, page, bytes, offset) < bytes) |
2245 |
++ if (bio_add_pc_page(q, bio, page, bytes, offset) < bytes) { |
2246 |
++ if (!map_data) |
2247 |
++ __free_page(page); |
2248 |
+ break; |
2249 |
++ } |
2250 |
+ |
2251 |
+ len -= bytes; |
2252 |
+ offset = 0; |
2253 |
+diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig |
2254 |
+index 8453a49471d7..f4ae000eb285 100644 |
2255 |
+--- a/drivers/char/Kconfig |
2256 |
++++ b/drivers/char/Kconfig |
2257 |
+@@ -377,7 +377,7 @@ config XILINX_HWICAP |
2258 |
+ |
2259 |
+ config R3964 |
2260 |
+ tristate "Siemens R3964 line discipline" |
2261 |
+- depends on TTY |
2262 |
++ depends on TTY && BROKEN |
2263 |
+ ---help--- |
2264 |
+ This driver allows synchronous communication with devices using the |
2265 |
+ Siemens R3964 packet protocol. Unless you are dealing with special |
2266 |
+diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
2267 |
+index 737f0f6f4075..45ea2718c65d 100644 |
2268 |
+--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
2269 |
++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
2270 |
+@@ -959,6 +959,8 @@ static void bnxt_tpa_start(struct bnxt *bp, struct bnxt_rx_ring_info *rxr, |
2271 |
+ tpa_info = &rxr->rx_tpa[agg_id]; |
2272 |
+ |
2273 |
+ if (unlikely(cons != rxr->rx_next_cons)) { |
2274 |
++ netdev_warn(bp->dev, "TPA cons %x != expected cons %x\n", |
2275 |
++ cons, rxr->rx_next_cons); |
2276 |
+ bnxt_sched_reset(bp, rxr); |
2277 |
+ return; |
2278 |
+ } |
2279 |
+@@ -1377,14 +1379,16 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct bnxt_napi *bnapi, u32 *raw_cons, |
2280 |
+ } |
2281 |
+ |
2282 |
+ cons = rxcmp->rx_cmp_opaque; |
2283 |
+- rx_buf = &rxr->rx_buf_ring[cons]; |
2284 |
+- data = rx_buf->data; |
2285 |
+ if (unlikely(cons != rxr->rx_next_cons)) { |
2286 |
+ int rc1 = bnxt_discard_rx(bp, bnapi, raw_cons, rxcmp); |
2287 |
+ |
2288 |
++ netdev_warn(bp->dev, "RX cons %x != expected cons %x\n", |
2289 |
++ cons, rxr->rx_next_cons); |
2290 |
+ bnxt_sched_reset(bp, rxr); |
2291 |
+ return rc1; |
2292 |
+ } |
2293 |
++ rx_buf = &rxr->rx_buf_ring[cons]; |
2294 |
++ data = rx_buf->data; |
2295 |
+ prefetch(data); |
2296 |
+ |
2297 |
+ agg_bufs = (le32_to_cpu(rxcmp->rx_cmp_misc_v1) & RX_CMP_AGG_BUFS) >> |
2298 |
+@@ -1400,11 +1404,17 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct bnxt_napi *bnapi, u32 *raw_cons, |
2299 |
+ |
2300 |
+ rx_buf->data = NULL; |
2301 |
+ if (rxcmp1->rx_cmp_cfa_code_errors_v2 & RX_CMP_L2_ERRORS) { |
2302 |
++ u32 rx_err = le32_to_cpu(rxcmp1->rx_cmp_cfa_code_errors_v2); |
2303 |
++ |
2304 |
+ bnxt_reuse_rx_data(rxr, cons, data); |
2305 |
+ if (agg_bufs) |
2306 |
+ bnxt_reuse_rx_agg_bufs(bnapi, cp_cons, agg_bufs); |
2307 |
+ |
2308 |
+ rc = -EIO; |
2309 |
++ if (rx_err & RX_CMPL_ERRORS_BUFFER_ERROR_MASK) { |
2310 |
++ netdev_warn(bp->dev, "RX buffer error %x\n", rx_err); |
2311 |
++ bnxt_sched_reset(bp, rxr); |
2312 |
++ } |
2313 |
+ goto next_rx; |
2314 |
+ } |
2315 |
+ |
2316 |
+diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_common.c b/drivers/net/ethernet/mellanox/mlx5/core/en_common.c |
2317 |
+index 029e856f72a0..dc809c2ea413 100644 |
2318 |
+--- a/drivers/net/ethernet/mellanox/mlx5/core/en_common.c |
2319 |
++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_common.c |
2320 |
+@@ -45,7 +45,9 @@ int mlx5e_create_tir(struct mlx5_core_dev *mdev, |
2321 |
+ if (err) |
2322 |
+ return err; |
2323 |
+ |
2324 |
++ mutex_lock(&mdev->mlx5e_res.td.list_lock); |
2325 |
+ list_add(&tir->list, &mdev->mlx5e_res.td.tirs_list); |
2326 |
++ mutex_unlock(&mdev->mlx5e_res.td.list_lock); |
2327 |
+ |
2328 |
+ return 0; |
2329 |
+ } |
2330 |
+@@ -53,8 +55,10 @@ int mlx5e_create_tir(struct mlx5_core_dev *mdev, |
2331 |
+ void mlx5e_destroy_tir(struct mlx5_core_dev *mdev, |
2332 |
+ struct mlx5e_tir *tir) |
2333 |
+ { |
2334 |
++ mutex_lock(&mdev->mlx5e_res.td.list_lock); |
2335 |
+ mlx5_core_destroy_tir(mdev, tir->tirn); |
2336 |
+ list_del(&tir->list); |
2337 |
++ mutex_unlock(&mdev->mlx5e_res.td.list_lock); |
2338 |
+ } |
2339 |
+ |
2340 |
+ static int mlx5e_create_mkey(struct mlx5_core_dev *mdev, u32 pdn, |
2341 |
+@@ -114,6 +118,7 @@ int mlx5e_create_mdev_resources(struct mlx5_core_dev *mdev) |
2342 |
+ } |
2343 |
+ |
2344 |
+ INIT_LIST_HEAD(&mdev->mlx5e_res.td.tirs_list); |
2345 |
++ mutex_init(&mdev->mlx5e_res.td.list_lock); |
2346 |
+ |
2347 |
+ return 0; |
2348 |
+ |
2349 |
+@@ -151,6 +156,7 @@ int mlx5e_refresh_tirs_self_loopback_enable(struct mlx5_core_dev *mdev) |
2350 |
+ |
2351 |
+ MLX5_SET(modify_tir_in, in, bitmask.self_lb_en, 1); |
2352 |
+ |
2353 |
++ mutex_lock(&mdev->mlx5e_res.td.list_lock); |
2354 |
+ list_for_each_entry(tir, &mdev->mlx5e_res.td.tirs_list, list) { |
2355 |
+ err = mlx5_core_modify_tir(mdev, tir->tirn, in, inlen); |
2356 |
+ if (err) |
2357 |
+@@ -159,6 +165,7 @@ int mlx5e_refresh_tirs_self_loopback_enable(struct mlx5_core_dev *mdev) |
2358 |
+ |
2359 |
+ out: |
2360 |
+ kvfree(in); |
2361 |
++ mutex_unlock(&mdev->mlx5e_res.td.list_lock); |
2362 |
+ |
2363 |
+ return err; |
2364 |
+ } |
2365 |
+diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
2366 |
+index 16e5c8cd104d..d51ad140f46d 100644 |
2367 |
+--- a/drivers/net/usb/qmi_wwan.c |
2368 |
++++ b/drivers/net/usb/qmi_wwan.c |
2369 |
+@@ -890,6 +890,7 @@ static const struct usb_device_id products[] = { |
2370 |
+ {QMI_FIXED_INTF(0x19d2, 0x2002, 4)}, /* ZTE (Vodafone) K3765-Z */ |
2371 |
+ {QMI_FIXED_INTF(0x2001, 0x7e19, 4)}, /* D-Link DWM-221 B1 */ |
2372 |
+ {QMI_FIXED_INTF(0x2001, 0x7e35, 4)}, /* D-Link DWM-222 */ |
2373 |
++ {QMI_FIXED_INTF(0x2020, 0x2031, 4)}, /* Olicard 600 */ |
2374 |
+ {QMI_FIXED_INTF(0x2020, 0x2033, 4)}, /* BroadMobi BM806U */ |
2375 |
+ {QMI_FIXED_INTF(0x0f3d, 0x68a2, 8)}, /* Sierra Wireless MC7700 */ |
2376 |
+ {QMI_FIXED_INTF(0x114f, 0x68a2, 8)}, /* Sierra Wireless MC7750 */ |
2377 |
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c |
2378 |
+index dedb12083d86..6663b76934ad 100644 |
2379 |
+--- a/drivers/pci/quirks.c |
2380 |
++++ b/drivers/pci/quirks.c |
2381 |
+@@ -3866,6 +3866,8 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9128, |
2382 |
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c14 */ |
2383 |
+ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9130, |
2384 |
+ quirk_dma_func1_alias); |
2385 |
++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9170, |
2386 |
++ quirk_dma_func1_alias); |
2387 |
+ /* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c47 + c57 */ |
2388 |
+ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9172, |
2389 |
+ quirk_dma_func1_alias); |
2390 |
+diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig |
2391 |
+index 95103054c0e4..fdd2860cb9bd 100644 |
2392 |
+--- a/drivers/tty/Kconfig |
2393 |
++++ b/drivers/tty/Kconfig |
2394 |
+@@ -455,4 +455,27 @@ config MIPS_EJTAG_FDC_KGDB_CHAN |
2395 |
+ help |
2396 |
+ FDC channel number to use for KGDB. |
2397 |
+ |
2398 |
++config LDISC_AUTOLOAD |
2399 |
++ bool "Automatically load TTY Line Disciplines" |
2400 |
++ default y |
2401 |
++ help |
2402 |
++ Historically the kernel has always automatically loaded any |
2403 |
++ line discipline that is in a kernel module when a user asks |
2404 |
++ for it to be loaded with the TIOCSETD ioctl, or through other |
2405 |
++ means. This is not always the best thing to do on systems |
2406 |
++ where you know you will not be using some of the more |
2407 |
++ "ancient" line disciplines, so prevent the kernel from doing |
2408 |
++ this unless the request is coming from a process with the |
2409 |
++ CAP_SYS_MODULE permissions. |
2410 |
++ |
2411 |
++ Say 'Y' here if you trust your userspace users to do the right |
2412 |
++ thing, or if you have only provided the line disciplines that |
2413 |
++ you know you will be using, or if you wish to continue to use |
2414 |
++ the traditional method of on-demand loading of these modules |
2415 |
++ by any user. |
2416 |
++ |
2417 |
++ This functionality can be changed at runtime with the |
2418 |
++ dev.tty.ldisc_autoload sysctl, this configuration option will |
2419 |
++ only set the default value of this functionality. |
2420 |
++ |
2421 |
+ endif # TTY |
2422 |
+diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c |
2423 |
+index 19fe1e8fc124..15e0116e1232 100644 |
2424 |
+--- a/drivers/tty/tty_io.c |
2425 |
++++ b/drivers/tty/tty_io.c |
2426 |
+@@ -520,6 +520,8 @@ void proc_clear_tty(struct task_struct *p) |
2427 |
+ tty_kref_put(tty); |
2428 |
+ } |
2429 |
+ |
2430 |
++extern void tty_sysctl_init(void); |
2431 |
++ |
2432 |
+ /** |
2433 |
+ * proc_set_tty - set the controlling terminal |
2434 |
+ * |
2435 |
+@@ -3705,6 +3707,7 @@ void console_sysfs_notify(void) |
2436 |
+ */ |
2437 |
+ int __init tty_init(void) |
2438 |
+ { |
2439 |
++ tty_sysctl_init(); |
2440 |
+ cdev_init(&tty_cdev, &tty_fops); |
2441 |
+ if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) || |
2442 |
+ register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0) |
2443 |
+diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c |
2444 |
+index 4ab518d43758..3eb3f2a03bbb 100644 |
2445 |
+--- a/drivers/tty/tty_ldisc.c |
2446 |
++++ b/drivers/tty/tty_ldisc.c |
2447 |
+@@ -155,6 +155,13 @@ static void put_ldops(struct tty_ldisc_ops *ldops) |
2448 |
+ * takes tty_ldiscs_lock to guard against ldisc races |
2449 |
+ */ |
2450 |
+ |
2451 |
++#if defined(CONFIG_LDISC_AUTOLOAD) |
2452 |
++ #define INITIAL_AUTOLOAD_STATE 1 |
2453 |
++#else |
2454 |
++ #define INITIAL_AUTOLOAD_STATE 0 |
2455 |
++#endif |
2456 |
++static int tty_ldisc_autoload = INITIAL_AUTOLOAD_STATE; |
2457 |
++ |
2458 |
+ static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc) |
2459 |
+ { |
2460 |
+ struct tty_ldisc *ld; |
2461 |
+@@ -169,6 +176,8 @@ static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc) |
2462 |
+ */ |
2463 |
+ ldops = get_ldops(disc); |
2464 |
+ if (IS_ERR(ldops)) { |
2465 |
++ if (!capable(CAP_SYS_MODULE) && !tty_ldisc_autoload) |
2466 |
++ return ERR_PTR(-EPERM); |
2467 |
+ request_module("tty-ldisc-%d", disc); |
2468 |
+ ldops = get_ldops(disc); |
2469 |
+ if (IS_ERR(ldops)) |
2470 |
+@@ -774,3 +783,41 @@ void tty_ldisc_deinit(struct tty_struct *tty) |
2471 |
+ tty_ldisc_put(tty->ldisc); |
2472 |
+ tty->ldisc = NULL; |
2473 |
+ } |
2474 |
++ |
2475 |
++static int zero; |
2476 |
++static int one = 1; |
2477 |
++static struct ctl_table tty_table[] = { |
2478 |
++ { |
2479 |
++ .procname = "ldisc_autoload", |
2480 |
++ .data = &tty_ldisc_autoload, |
2481 |
++ .maxlen = sizeof(tty_ldisc_autoload), |
2482 |
++ .mode = 0644, |
2483 |
++ .proc_handler = proc_dointvec, |
2484 |
++ .extra1 = &zero, |
2485 |
++ .extra2 = &one, |
2486 |
++ }, |
2487 |
++ { } |
2488 |
++}; |
2489 |
++ |
2490 |
++static struct ctl_table tty_dir_table[] = { |
2491 |
++ { |
2492 |
++ .procname = "tty", |
2493 |
++ .mode = 0555, |
2494 |
++ .child = tty_table, |
2495 |
++ }, |
2496 |
++ { } |
2497 |
++}; |
2498 |
++ |
2499 |
++static struct ctl_table tty_root_table[] = { |
2500 |
++ { |
2501 |
++ .procname = "dev", |
2502 |
++ .mode = 0555, |
2503 |
++ .child = tty_dir_table, |
2504 |
++ }, |
2505 |
++ { } |
2506 |
++}; |
2507 |
++ |
2508 |
++void tty_sysctl_init(void) |
2509 |
++{ |
2510 |
++ register_sysctl_table(tty_root_table); |
2511 |
++} |
2512 |
+diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c |
2513 |
+index 8977f40ea441..2f09294c5946 100644 |
2514 |
+--- a/drivers/virtio/virtio_ring.c |
2515 |
++++ b/drivers/virtio/virtio_ring.c |
2516 |
+@@ -1040,6 +1040,8 @@ struct virtqueue *vring_create_virtqueue( |
2517 |
+ GFP_KERNEL|__GFP_NOWARN|__GFP_ZERO); |
2518 |
+ if (queue) |
2519 |
+ break; |
2520 |
++ if (!may_reduce_num) |
2521 |
++ return NULL; |
2522 |
+ } |
2523 |
+ |
2524 |
+ if (!num) |
2525 |
+diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c |
2526 |
+index 242584a0d3b5..a67143c579aa 100644 |
2527 |
+--- a/fs/btrfs/ioctl.c |
2528 |
++++ b/fs/btrfs/ioctl.c |
2529 |
+@@ -385,6 +385,16 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg) |
2530 |
+ if (!capable(CAP_SYS_ADMIN)) |
2531 |
+ return -EPERM; |
2532 |
+ |
2533 |
++ /* |
2534 |
++ * If the fs is mounted with nologreplay, which requires it to be |
2535 |
++ * mounted in RO mode as well, we can not allow discard on free space |
2536 |
++ * inside block groups, because log trees refer to extents that are not |
2537 |
++ * pinned in a block group's free space cache (pinning the extents is |
2538 |
++ * precisely the first phase of replaying a log tree). |
2539 |
++ */ |
2540 |
++ if (btrfs_test_opt(fs_info, NOLOGREPLAY)) |
2541 |
++ return -EROFS; |
2542 |
++ |
2543 |
+ rcu_read_lock(); |
2544 |
+ list_for_each_entry_rcu(device, &fs_info->fs_devices->devices, |
2545 |
+ dev_list) { |
2546 |
+diff --git a/include/linux/bitrev.h b/include/linux/bitrev.h |
2547 |
+index fb790b8449c1..333e42cf08de 100644 |
2548 |
+--- a/include/linux/bitrev.h |
2549 |
++++ b/include/linux/bitrev.h |
2550 |
+@@ -31,32 +31,32 @@ static inline u32 __bitrev32(u32 x) |
2551 |
+ |
2552 |
+ #define __constant_bitrev32(x) \ |
2553 |
+ ({ \ |
2554 |
+- u32 __x = x; \ |
2555 |
+- __x = (__x >> 16) | (__x << 16); \ |
2556 |
+- __x = ((__x & (u32)0xFF00FF00UL) >> 8) | ((__x & (u32)0x00FF00FFUL) << 8); \ |
2557 |
+- __x = ((__x & (u32)0xF0F0F0F0UL) >> 4) | ((__x & (u32)0x0F0F0F0FUL) << 4); \ |
2558 |
+- __x = ((__x & (u32)0xCCCCCCCCUL) >> 2) | ((__x & (u32)0x33333333UL) << 2); \ |
2559 |
+- __x = ((__x & (u32)0xAAAAAAAAUL) >> 1) | ((__x & (u32)0x55555555UL) << 1); \ |
2560 |
+- __x; \ |
2561 |
++ u32 ___x = x; \ |
2562 |
++ ___x = (___x >> 16) | (___x << 16); \ |
2563 |
++ ___x = ((___x & (u32)0xFF00FF00UL) >> 8) | ((___x & (u32)0x00FF00FFUL) << 8); \ |
2564 |
++ ___x = ((___x & (u32)0xF0F0F0F0UL) >> 4) | ((___x & (u32)0x0F0F0F0FUL) << 4); \ |
2565 |
++ ___x = ((___x & (u32)0xCCCCCCCCUL) >> 2) | ((___x & (u32)0x33333333UL) << 2); \ |
2566 |
++ ___x = ((___x & (u32)0xAAAAAAAAUL) >> 1) | ((___x & (u32)0x55555555UL) << 1); \ |
2567 |
++ ___x; \ |
2568 |
+ }) |
2569 |
+ |
2570 |
+ #define __constant_bitrev16(x) \ |
2571 |
+ ({ \ |
2572 |
+- u16 __x = x; \ |
2573 |
+- __x = (__x >> 8) | (__x << 8); \ |
2574 |
+- __x = ((__x & (u16)0xF0F0U) >> 4) | ((__x & (u16)0x0F0FU) << 4); \ |
2575 |
+- __x = ((__x & (u16)0xCCCCU) >> 2) | ((__x & (u16)0x3333U) << 2); \ |
2576 |
+- __x = ((__x & (u16)0xAAAAU) >> 1) | ((__x & (u16)0x5555U) << 1); \ |
2577 |
+- __x; \ |
2578 |
++ u16 ___x = x; \ |
2579 |
++ ___x = (___x >> 8) | (___x << 8); \ |
2580 |
++ ___x = ((___x & (u16)0xF0F0U) >> 4) | ((___x & (u16)0x0F0FU) << 4); \ |
2581 |
++ ___x = ((___x & (u16)0xCCCCU) >> 2) | ((___x & (u16)0x3333U) << 2); \ |
2582 |
++ ___x = ((___x & (u16)0xAAAAU) >> 1) | ((___x & (u16)0x5555U) << 1); \ |
2583 |
++ ___x; \ |
2584 |
+ }) |
2585 |
+ |
2586 |
+ #define __constant_bitrev8(x) \ |
2587 |
+ ({ \ |
2588 |
+- u8 __x = x; \ |
2589 |
+- __x = (__x >> 4) | (__x << 4); \ |
2590 |
+- __x = ((__x & (u8)0xCCU) >> 2) | ((__x & (u8)0x33U) << 2); \ |
2591 |
+- __x = ((__x & (u8)0xAAU) >> 1) | ((__x & (u8)0x55U) << 1); \ |
2592 |
+- __x; \ |
2593 |
++ u8 ___x = x; \ |
2594 |
++ ___x = (___x >> 4) | (___x << 4); \ |
2595 |
++ ___x = ((___x & (u8)0xCCU) >> 2) | ((___x & (u8)0x33U) << 2); \ |
2596 |
++ ___x = ((___x & (u8)0xAAU) >> 1) | ((___x & (u8)0x55U) << 1); \ |
2597 |
++ ___x; \ |
2598 |
+ }) |
2599 |
+ |
2600 |
+ #define bitrev32(x) \ |
2601 |
+diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h |
2602 |
+index 859fd209603a..509e99076c57 100644 |
2603 |
+--- a/include/linux/mlx5/driver.h |
2604 |
++++ b/include/linux/mlx5/driver.h |
2605 |
+@@ -578,6 +578,8 @@ enum mlx5_pci_status { |
2606 |
+ }; |
2607 |
+ |
2608 |
+ struct mlx5_td { |
2609 |
++ /* protects tirs list changes while tirs refresh */ |
2610 |
++ struct mutex list_lock; |
2611 |
+ struct list_head tirs_list; |
2612 |
+ u32 tdn; |
2613 |
+ }; |
2614 |
+diff --git a/include/linux/string.h b/include/linux/string.h |
2615 |
+index 60042e5e88ff..42eed573ebb6 100644 |
2616 |
+--- a/include/linux/string.h |
2617 |
++++ b/include/linux/string.h |
2618 |
+@@ -111,6 +111,9 @@ extern void * memscan(void *,int,__kernel_size_t); |
2619 |
+ #ifndef __HAVE_ARCH_MEMCMP |
2620 |
+ extern int memcmp(const void *,const void *,__kernel_size_t); |
2621 |
+ #endif |
2622 |
++#ifndef __HAVE_ARCH_BCMP |
2623 |
++extern int bcmp(const void *,const void *,__kernel_size_t); |
2624 |
++#endif |
2625 |
+ #ifndef __HAVE_ARCH_MEMCHR |
2626 |
+ extern void * memchr(const void *,int,__kernel_size_t); |
2627 |
+ #endif |
2628 |
+diff --git a/include/linux/virtio_ring.h b/include/linux/virtio_ring.h |
2629 |
+index e8d36938f09a..b38c1871b735 100644 |
2630 |
+--- a/include/linux/virtio_ring.h |
2631 |
++++ b/include/linux/virtio_ring.h |
2632 |
+@@ -62,7 +62,7 @@ struct virtqueue; |
2633 |
+ /* |
2634 |
+ * Creates a virtqueue and allocates the descriptor ring. If |
2635 |
+ * may_reduce_num is set, then this may allocate a smaller ring than |
2636 |
+- * expected. The caller should query virtqueue_get_ring_size to learn |
2637 |
++ * expected. The caller should query virtqueue_get_vring_size to learn |
2638 |
+ * the actual size of the ring. |
2639 |
+ */ |
2640 |
+ struct virtqueue *vring_create_virtqueue(unsigned int index, |
2641 |
+diff --git a/include/net/ip.h b/include/net/ip.h |
2642 |
+index f06cd30bb44c..a3c1b9dfc9a1 100644 |
2643 |
+--- a/include/net/ip.h |
2644 |
++++ b/include/net/ip.h |
2645 |
+@@ -580,7 +580,7 @@ int ip_options_get_from_user(struct net *net, struct ip_options_rcu **optp, |
2646 |
+ unsigned char __user *data, int optlen); |
2647 |
+ void ip_options_undo(struct ip_options *opt); |
2648 |
+ void ip_forward_options(struct sk_buff *skb); |
2649 |
+-int ip_options_rcv_srr(struct sk_buff *skb); |
2650 |
++int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev); |
2651 |
+ |
2652 |
+ /* |
2653 |
+ * Functions provided by ip_sockglue.c |
2654 |
+diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h |
2655 |
+index c05db6ff2515..0cdafe3935a6 100644 |
2656 |
+--- a/include/net/net_namespace.h |
2657 |
++++ b/include/net/net_namespace.h |
2658 |
+@@ -53,6 +53,7 @@ struct net { |
2659 |
+ */ |
2660 |
+ spinlock_t rules_mod_lock; |
2661 |
+ |
2662 |
++ u32 hash_mix; |
2663 |
+ atomic64_t cookie_gen; |
2664 |
+ |
2665 |
+ struct list_head list; /* list of network namespaces */ |
2666 |
+diff --git a/include/net/netns/hash.h b/include/net/netns/hash.h |
2667 |
+index 69a6715d9f3f..a347b2f9e748 100644 |
2668 |
+--- a/include/net/netns/hash.h |
2669 |
++++ b/include/net/netns/hash.h |
2670 |
+@@ -1,21 +1,10 @@ |
2671 |
+ #ifndef __NET_NS_HASH_H__ |
2672 |
+ #define __NET_NS_HASH_H__ |
2673 |
+ |
2674 |
+-#include <asm/cache.h> |
2675 |
+- |
2676 |
+-struct net; |
2677 |
++#include <net/net_namespace.h> |
2678 |
+ |
2679 |
+ static inline u32 net_hash_mix(const struct net *net) |
2680 |
+ { |
2681 |
+-#ifdef CONFIG_NET_NS |
2682 |
+- /* |
2683 |
+- * shift this right to eliminate bits, that are |
2684 |
+- * always zeroed |
2685 |
+- */ |
2686 |
+- |
2687 |
+- return (u32)(((unsigned long)net) >> L1_CACHE_SHIFT); |
2688 |
+-#else |
2689 |
+- return 0; |
2690 |
+-#endif |
2691 |
++ return net->hash_mix; |
2692 |
+ } |
2693 |
+ #endif |
2694 |
+diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c |
2695 |
+index 9e745cc0726d..9f13667ccb9c 100644 |
2696 |
+--- a/kernel/irq/chip.c |
2697 |
++++ b/kernel/irq/chip.c |
2698 |
+@@ -1142,6 +1142,10 @@ int irq_chip_set_vcpu_affinity_parent(struct irq_data *data, void *vcpu_info) |
2699 |
+ int irq_chip_set_wake_parent(struct irq_data *data, unsigned int on) |
2700 |
+ { |
2701 |
+ data = data->parent_data; |
2702 |
++ |
2703 |
++ if (data->chip->flags & IRQCHIP_SKIP_SET_WAKE) |
2704 |
++ return 0; |
2705 |
++ |
2706 |
+ if (data->chip->irq_set_wake) |
2707 |
+ return data->chip->irq_set_wake(data, on); |
2708 |
+ |
2709 |
+diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c |
2710 |
+index 0c91d72f3e8f..1c630d94f86b 100644 |
2711 |
+--- a/kernel/sched/fair.c |
2712 |
++++ b/kernel/sched/fair.c |
2713 |
+@@ -6634,10 +6634,10 @@ static void update_cfs_rq_h_load(struct cfs_rq *cfs_rq) |
2714 |
+ if (cfs_rq->last_h_load_update == now) |
2715 |
+ return; |
2716 |
+ |
2717 |
+- cfs_rq->h_load_next = NULL; |
2718 |
++ WRITE_ONCE(cfs_rq->h_load_next, NULL); |
2719 |
+ for_each_sched_entity(se) { |
2720 |
+ cfs_rq = cfs_rq_of(se); |
2721 |
+- cfs_rq->h_load_next = se; |
2722 |
++ WRITE_ONCE(cfs_rq->h_load_next, se); |
2723 |
+ if (cfs_rq->last_h_load_update == now) |
2724 |
+ break; |
2725 |
+ } |
2726 |
+@@ -6647,7 +6647,7 @@ static void update_cfs_rq_h_load(struct cfs_rq *cfs_rq) |
2727 |
+ cfs_rq->last_h_load_update = now; |
2728 |
+ } |
2729 |
+ |
2730 |
+- while ((se = cfs_rq->h_load_next) != NULL) { |
2731 |
++ while ((se = READ_ONCE(cfs_rq->h_load_next)) != NULL) { |
2732 |
+ load = cfs_rq->h_load; |
2733 |
+ load = div64_ul(load * se->avg.load_avg, |
2734 |
+ cfs_rq_load_avg(cfs_rq) + 1); |
2735 |
+diff --git a/lib/string.c b/lib/string.c |
2736 |
+index ed83562a53ae..1cd9757291b1 100644 |
2737 |
+--- a/lib/string.c |
2738 |
++++ b/lib/string.c |
2739 |
+@@ -772,6 +772,26 @@ __visible int memcmp(const void *cs, const void *ct, size_t count) |
2740 |
+ EXPORT_SYMBOL(memcmp); |
2741 |
+ #endif |
2742 |
+ |
2743 |
++#ifndef __HAVE_ARCH_BCMP |
2744 |
++/** |
2745 |
++ * bcmp - returns 0 if and only if the buffers have identical contents. |
2746 |
++ * @a: pointer to first buffer. |
2747 |
++ * @b: pointer to second buffer. |
2748 |
++ * @len: size of buffers. |
2749 |
++ * |
2750 |
++ * The sign or magnitude of a non-zero return value has no particular |
2751 |
++ * meaning, and architectures may implement their own more efficient bcmp(). So |
2752 |
++ * while this particular implementation is a simple (tail) call to memcmp, do |
2753 |
++ * not rely on anything but whether the return value is zero or non-zero. |
2754 |
++ */ |
2755 |
++#undef bcmp |
2756 |
++int bcmp(const void *a, const void *b, size_t len) |
2757 |
++{ |
2758 |
++ return memcmp(a, b, len); |
2759 |
++} |
2760 |
++EXPORT_SYMBOL(bcmp); |
2761 |
++#endif |
2762 |
++ |
2763 |
+ #ifndef __HAVE_ARCH_MEMSCAN |
2764 |
+ /** |
2765 |
+ * memscan - Find a character in an area of memory. |
2766 |
+diff --git a/net/core/ethtool.c b/net/core/ethtool.c |
2767 |
+index a8a9938aeceb..20ae57fbe009 100644 |
2768 |
+--- a/net/core/ethtool.c |
2769 |
++++ b/net/core/ethtool.c |
2770 |
+@@ -1801,17 +1801,22 @@ static int ethtool_get_strings(struct net_device *dev, void __user *useraddr) |
2771 |
+ |
2772 |
+ gstrings.len = ret; |
2773 |
+ |
2774 |
+- data = kcalloc(gstrings.len, ETH_GSTRING_LEN, GFP_USER); |
2775 |
+- if (!data) |
2776 |
+- return -ENOMEM; |
2777 |
++ if (gstrings.len) { |
2778 |
++ data = kcalloc(gstrings.len, ETH_GSTRING_LEN, GFP_USER); |
2779 |
++ if (!data) |
2780 |
++ return -ENOMEM; |
2781 |
+ |
2782 |
+- __ethtool_get_strings(dev, gstrings.string_set, data); |
2783 |
++ __ethtool_get_strings(dev, gstrings.string_set, data); |
2784 |
++ } else { |
2785 |
++ data = NULL; |
2786 |
++ } |
2787 |
+ |
2788 |
+ ret = -EFAULT; |
2789 |
+ if (copy_to_user(useraddr, &gstrings, sizeof(gstrings))) |
2790 |
+ goto out; |
2791 |
+ useraddr += sizeof(gstrings); |
2792 |
+- if (copy_to_user(useraddr, data, gstrings.len * ETH_GSTRING_LEN)) |
2793 |
++ if (gstrings.len && |
2794 |
++ copy_to_user(useraddr, data, gstrings.len * ETH_GSTRING_LEN)) |
2795 |
+ goto out; |
2796 |
+ ret = 0; |
2797 |
+ |
2798 |
+@@ -1899,17 +1904,21 @@ static int ethtool_get_stats(struct net_device *dev, void __user *useraddr) |
2799 |
+ return -EFAULT; |
2800 |
+ |
2801 |
+ stats.n_stats = n_stats; |
2802 |
+- data = kmalloc(n_stats * sizeof(u64), GFP_USER); |
2803 |
+- if (!data) |
2804 |
+- return -ENOMEM; |
2805 |
++ if (n_stats) { |
2806 |
++ data = kmalloc(n_stats * sizeof(u64), GFP_USER); |
2807 |
++ if (!data) |
2808 |
++ return -ENOMEM; |
2809 |
+ |
2810 |
+- ops->get_ethtool_stats(dev, &stats, data); |
2811 |
++ ops->get_ethtool_stats(dev, &stats, data); |
2812 |
++ } else { |
2813 |
++ data = NULL; |
2814 |
++ } |
2815 |
+ |
2816 |
+ ret = -EFAULT; |
2817 |
+ if (copy_to_user(useraddr, &stats, sizeof(stats))) |
2818 |
+ goto out; |
2819 |
+ useraddr += sizeof(stats); |
2820 |
+- if (copy_to_user(useraddr, data, stats.n_stats * sizeof(u64))) |
2821 |
++ if (n_stats && copy_to_user(useraddr, data, n_stats * sizeof(u64))) |
2822 |
+ goto out; |
2823 |
+ ret = 0; |
2824 |
+ |
2825 |
+@@ -1938,19 +1947,23 @@ static int ethtool_get_phy_stats(struct net_device *dev, void __user *useraddr) |
2826 |
+ return -EFAULT; |
2827 |
+ |
2828 |
+ stats.n_stats = n_stats; |
2829 |
+- data = kmalloc_array(n_stats, sizeof(u64), GFP_USER); |
2830 |
+- if (!data) |
2831 |
+- return -ENOMEM; |
2832 |
++ if (n_stats) { |
2833 |
++ data = kmalloc_array(n_stats, sizeof(u64), GFP_USER); |
2834 |
++ if (!data) |
2835 |
++ return -ENOMEM; |
2836 |
+ |
2837 |
+- mutex_lock(&phydev->lock); |
2838 |
+- phydev->drv->get_stats(phydev, &stats, data); |
2839 |
+- mutex_unlock(&phydev->lock); |
2840 |
++ mutex_lock(&phydev->lock); |
2841 |
++ phydev->drv->get_stats(phydev, &stats, data); |
2842 |
++ mutex_unlock(&phydev->lock); |
2843 |
++ } else { |
2844 |
++ data = NULL; |
2845 |
++ } |
2846 |
+ |
2847 |
+ ret = -EFAULT; |
2848 |
+ if (copy_to_user(useraddr, &stats, sizeof(stats))) |
2849 |
+ goto out; |
2850 |
+ useraddr += sizeof(stats); |
2851 |
+- if (copy_to_user(useraddr, data, stats.n_stats * sizeof(u64))) |
2852 |
++ if (n_stats && copy_to_user(useraddr, data, n_stats * sizeof(u64))) |
2853 |
+ goto out; |
2854 |
+ ret = 0; |
2855 |
+ |
2856 |
+diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c |
2857 |
+index 04fd04ccaa04..4509dec7bd1c 100644 |
2858 |
+--- a/net/core/net_namespace.c |
2859 |
++++ b/net/core/net_namespace.c |
2860 |
+@@ -282,6 +282,7 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns) |
2861 |
+ |
2862 |
+ atomic_set(&net->count, 1); |
2863 |
+ atomic_set(&net->passive, 1); |
2864 |
++ get_random_bytes(&net->hash_mix, sizeof(u32)); |
2865 |
+ net->dev_base_seq = 1; |
2866 |
+ net->user_ns = user_ns; |
2867 |
+ idr_init(&net->netns_ids); |
2868 |
+diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c |
2869 |
+index bcadca26523b..ce0ce1401f28 100644 |
2870 |
+--- a/net/ipv4/ip_input.c |
2871 |
++++ b/net/ipv4/ip_input.c |
2872 |
+@@ -259,11 +259,10 @@ int ip_local_deliver(struct sk_buff *skb) |
2873 |
+ ip_local_deliver_finish); |
2874 |
+ } |
2875 |
+ |
2876 |
+-static inline bool ip_rcv_options(struct sk_buff *skb) |
2877 |
++static inline bool ip_rcv_options(struct sk_buff *skb, struct net_device *dev) |
2878 |
+ { |
2879 |
+ struct ip_options *opt; |
2880 |
+ const struct iphdr *iph; |
2881 |
+- struct net_device *dev = skb->dev; |
2882 |
+ |
2883 |
+ /* It looks as overkill, because not all |
2884 |
+ IP options require packet mangling. |
2885 |
+@@ -299,7 +298,7 @@ static inline bool ip_rcv_options(struct sk_buff *skb) |
2886 |
+ } |
2887 |
+ } |
2888 |
+ |
2889 |
+- if (ip_options_rcv_srr(skb)) |
2890 |
++ if (ip_options_rcv_srr(skb, dev)) |
2891 |
+ goto drop; |
2892 |
+ } |
2893 |
+ |
2894 |
+@@ -361,7 +360,7 @@ static int ip_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb) |
2895 |
+ } |
2896 |
+ #endif |
2897 |
+ |
2898 |
+- if (iph->ihl > 5 && ip_rcv_options(skb)) |
2899 |
++ if (iph->ihl > 5 && ip_rcv_options(skb, dev)) |
2900 |
+ goto drop; |
2901 |
+ |
2902 |
+ rt = skb_rtable(skb); |
2903 |
+diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c |
2904 |
+index 4cd3b5ad9cee..570cdb547234 100644 |
2905 |
+--- a/net/ipv4/ip_options.c |
2906 |
++++ b/net/ipv4/ip_options.c |
2907 |
+@@ -614,7 +614,7 @@ void ip_forward_options(struct sk_buff *skb) |
2908 |
+ } |
2909 |
+ } |
2910 |
+ |
2911 |
+-int ip_options_rcv_srr(struct sk_buff *skb) |
2912 |
++int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev) |
2913 |
+ { |
2914 |
+ struct ip_options *opt = &(IPCB(skb)->opt); |
2915 |
+ int srrspace, srrptr; |
2916 |
+@@ -649,7 +649,7 @@ int ip_options_rcv_srr(struct sk_buff *skb) |
2917 |
+ |
2918 |
+ orefdst = skb->_skb_refdst; |
2919 |
+ skb_dst_set(skb, NULL); |
2920 |
+- err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev); |
2921 |
++ err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, dev); |
2922 |
+ rt2 = skb_rtable(skb); |
2923 |
+ if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) { |
2924 |
+ skb_dst_drop(skb); |
2925 |
+diff --git a/net/ipv4/tcp_dctcp.c b/net/ipv4/tcp_dctcp.c |
2926 |
+index a08cedf9d286..910ef01759e7 100644 |
2927 |
+--- a/net/ipv4/tcp_dctcp.c |
2928 |
++++ b/net/ipv4/tcp_dctcp.c |
2929 |
+@@ -66,11 +66,6 @@ static unsigned int dctcp_alpha_on_init __read_mostly = DCTCP_MAX_ALPHA; |
2930 |
+ module_param(dctcp_alpha_on_init, uint, 0644); |
2931 |
+ MODULE_PARM_DESC(dctcp_alpha_on_init, "parameter for initial alpha value"); |
2932 |
+ |
2933 |
+-static unsigned int dctcp_clamp_alpha_on_loss __read_mostly; |
2934 |
+-module_param(dctcp_clamp_alpha_on_loss, uint, 0644); |
2935 |
+-MODULE_PARM_DESC(dctcp_clamp_alpha_on_loss, |
2936 |
+- "parameter for clamping alpha on loss"); |
2937 |
+- |
2938 |
+ static struct tcp_congestion_ops dctcp_reno; |
2939 |
+ |
2940 |
+ static void dctcp_reset(const struct tcp_sock *tp, struct dctcp *ca) |
2941 |
+@@ -211,21 +206,23 @@ static void dctcp_update_alpha(struct sock *sk, u32 flags) |
2942 |
+ } |
2943 |
+ } |
2944 |
+ |
2945 |
+-static void dctcp_state(struct sock *sk, u8 new_state) |
2946 |
++static void dctcp_react_to_loss(struct sock *sk) |
2947 |
+ { |
2948 |
+- if (dctcp_clamp_alpha_on_loss && new_state == TCP_CA_Loss) { |
2949 |
+- struct dctcp *ca = inet_csk_ca(sk); |
2950 |
++ struct dctcp *ca = inet_csk_ca(sk); |
2951 |
++ struct tcp_sock *tp = tcp_sk(sk); |
2952 |
+ |
2953 |
+- /* If this extension is enabled, we clamp dctcp_alpha to |
2954 |
+- * max on packet loss; the motivation is that dctcp_alpha |
2955 |
+- * is an indicator to the extend of congestion and packet |
2956 |
+- * loss is an indicator of extreme congestion; setting |
2957 |
+- * this in practice turned out to be beneficial, and |
2958 |
+- * effectively assumes total congestion which reduces the |
2959 |
+- * window by half. |
2960 |
+- */ |
2961 |
+- ca->dctcp_alpha = DCTCP_MAX_ALPHA; |
2962 |
+- } |
2963 |
++ ca->loss_cwnd = tp->snd_cwnd; |
2964 |
++ tp->snd_ssthresh = max(tp->snd_cwnd >> 1U, 2U); |
2965 |
++} |
2966 |
++ |
2967 |
++static void dctcp_state(struct sock *sk, u8 new_state) |
2968 |
++{ |
2969 |
++ if (new_state == TCP_CA_Recovery && |
2970 |
++ new_state != inet_csk(sk)->icsk_ca_state) |
2971 |
++ dctcp_react_to_loss(sk); |
2972 |
++ /* We handle RTO in dctcp_cwnd_event to ensure that we perform only |
2973 |
++ * one loss-adjustment per RTT. |
2974 |
++ */ |
2975 |
+ } |
2976 |
+ |
2977 |
+ static void dctcp_cwnd_event(struct sock *sk, enum tcp_ca_event ev) |
2978 |
+@@ -237,6 +234,9 @@ static void dctcp_cwnd_event(struct sock *sk, enum tcp_ca_event ev) |
2979 |
+ case CA_EVENT_ECN_NO_CE: |
2980 |
+ dctcp_ce_state_1_to_0(sk); |
2981 |
+ break; |
2982 |
++ case CA_EVENT_LOSS: |
2983 |
++ dctcp_react_to_loss(sk); |
2984 |
++ break; |
2985 |
+ default: |
2986 |
+ /* Don't care for the rest. */ |
2987 |
+ break; |
2988 |
+diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
2989 |
+index b723987761be..11407dd6bc7c 100644 |
2990 |
+--- a/net/ipv6/ip6_output.c |
2991 |
++++ b/net/ipv6/ip6_output.c |
2992 |
+@@ -592,7 +592,7 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, |
2993 |
+ inet6_sk(skb->sk) : NULL; |
2994 |
+ struct ipv6hdr *tmp_hdr; |
2995 |
+ struct frag_hdr *fh; |
2996 |
+- unsigned int mtu, hlen, left, len; |
2997 |
++ unsigned int mtu, hlen, left, len, nexthdr_offset; |
2998 |
+ int hroom, troom; |
2999 |
+ __be32 frag_id; |
3000 |
+ int ptr, offset = 0, err = 0; |
3001 |
+@@ -603,6 +603,7 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, |
3002 |
+ goto fail; |
3003 |
+ hlen = err; |
3004 |
+ nexthdr = *prevhdr; |
3005 |
++ nexthdr_offset = prevhdr - skb_network_header(skb); |
3006 |
+ |
3007 |
+ mtu = ip6_skb_dst_mtu(skb); |
3008 |
+ |
3009 |
+@@ -637,6 +638,7 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb, |
3010 |
+ (err = skb_checksum_help(skb))) |
3011 |
+ goto fail; |
3012 |
+ |
3013 |
++ prevhdr = skb_network_header(skb) + nexthdr_offset; |
3014 |
+ hroom = LL_RESERVED_SPACE(rt->dst.dev); |
3015 |
+ if (skb_has_frag_list(skb)) { |
3016 |
+ int first_len = skb_pagelen(skb); |
3017 |
+diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
3018 |
+index f89516d04150..42f363661d25 100644 |
3019 |
+--- a/net/ipv6/ip6_tunnel.c |
3020 |
++++ b/net/ipv6/ip6_tunnel.c |
3021 |
+@@ -634,7 +634,7 @@ ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
3022 |
+ IPPROTO_IPIP, |
3023 |
+ RT_TOS(eiph->tos), 0); |
3024 |
+ if (IS_ERR(rt) || |
3025 |
+- rt->dst.dev->type != ARPHRD_TUNNEL) { |
3026 |
++ rt->dst.dev->type != ARPHRD_TUNNEL6) { |
3027 |
+ if (!IS_ERR(rt)) |
3028 |
+ ip_rt_put(rt); |
3029 |
+ goto out; |
3030 |
+@@ -644,7 +644,7 @@ ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, |
3031 |
+ ip_rt_put(rt); |
3032 |
+ if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos, |
3033 |
+ skb2->dev) || |
3034 |
+- skb_dst(skb2)->dev->type != ARPHRD_TUNNEL) |
3035 |
++ skb_dst(skb2)->dev->type != ARPHRD_TUNNEL6) |
3036 |
+ goto out; |
3037 |
+ } |
3038 |
+ |
3039 |
+diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c |
3040 |
+index c9c6a5e829ab..be74eee0e8ff 100644 |
3041 |
+--- a/net/ipv6/sit.c |
3042 |
++++ b/net/ipv6/sit.c |
3043 |
+@@ -661,6 +661,10 @@ static int ipip6_rcv(struct sk_buff *skb) |
3044 |
+ !net_eq(tunnel->net, dev_net(tunnel->dev)))) |
3045 |
+ goto out; |
3046 |
+ |
3047 |
++ /* skb can be uncloned in iptunnel_pull_header, so |
3048 |
++ * old iph is no longer valid |
3049 |
++ */ |
3050 |
++ iph = (const struct iphdr *)skb_mac_header(skb); |
3051 |
+ err = IP_ECN_decapsulate(iph, skb); |
3052 |
+ if (unlikely(err)) { |
3053 |
+ if (log_ecn_error) |
3054 |
+diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c |
3055 |
+index 553d0ad4a2fa..2f3cd09ee0df 100644 |
3056 |
+--- a/net/kcm/kcmsock.c |
3057 |
++++ b/net/kcm/kcmsock.c |
3058 |
+@@ -2058,14 +2058,14 @@ static int __init kcm_init(void) |
3059 |
+ if (err) |
3060 |
+ goto fail; |
3061 |
+ |
3062 |
+- err = sock_register(&kcm_family_ops); |
3063 |
+- if (err) |
3064 |
+- goto sock_register_fail; |
3065 |
+- |
3066 |
+ err = register_pernet_device(&kcm_net_ops); |
3067 |
+ if (err) |
3068 |
+ goto net_ops_fail; |
3069 |
+ |
3070 |
++ err = sock_register(&kcm_family_ops); |
3071 |
++ if (err) |
3072 |
++ goto sock_register_fail; |
3073 |
++ |
3074 |
+ err = kcm_proc_init(); |
3075 |
+ if (err) |
3076 |
+ goto proc_init_fail; |
3077 |
+@@ -2073,12 +2073,12 @@ static int __init kcm_init(void) |
3078 |
+ return 0; |
3079 |
+ |
3080 |
+ proc_init_fail: |
3081 |
+- unregister_pernet_device(&kcm_net_ops); |
3082 |
+- |
3083 |
+-net_ops_fail: |
3084 |
+ sock_unregister(PF_KCM); |
3085 |
+ |
3086 |
+ sock_register_fail: |
3087 |
++ unregister_pernet_device(&kcm_net_ops); |
3088 |
++ |
3089 |
++net_ops_fail: |
3090 |
+ proto_unregister(&kcm_proto); |
3091 |
+ |
3092 |
+ fail: |
3093 |
+@@ -2094,8 +2094,8 @@ fail: |
3094 |
+ static void __exit kcm_exit(void) |
3095 |
+ { |
3096 |
+ kcm_proc_exit(); |
3097 |
+- unregister_pernet_device(&kcm_net_ops); |
3098 |
+ sock_unregister(PF_KCM); |
3099 |
++ unregister_pernet_device(&kcm_net_ops); |
3100 |
+ proto_unregister(&kcm_proto); |
3101 |
+ destroy_workqueue(kcm_wq); |
3102 |
+ |
3103 |
+diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c |
3104 |
+index 3bd4d5d0c346..50ea76180afa 100644 |
3105 |
+--- a/net/openvswitch/flow_netlink.c |
3106 |
++++ b/net/openvswitch/flow_netlink.c |
3107 |
+@@ -1853,14 +1853,14 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, |
3108 |
+ |
3109 |
+ struct sw_flow_actions *acts; |
3110 |
+ int new_acts_size; |
3111 |
+- int req_size = NLA_ALIGN(attr_len); |
3112 |
++ size_t req_size = NLA_ALIGN(attr_len); |
3113 |
+ int next_offset = offsetof(struct sw_flow_actions, actions) + |
3114 |
+ (*sfa)->actions_len; |
3115 |
+ |
3116 |
+ if (req_size <= (ksize(*sfa) - next_offset)) |
3117 |
+ goto out; |
3118 |
+ |
3119 |
+- new_acts_size = ksize(*sfa) * 2; |
3120 |
++ new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); |
3121 |
+ |
3122 |
+ if (new_acts_size > MAX_ACTIONS_BUFSIZE) { |
3123 |
+ if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { |
3124 |
+diff --git a/net/rds/tcp.c b/net/rds/tcp.c |
3125 |
+index d36effbf7614..2daba5316caa 100644 |
3126 |
+--- a/net/rds/tcp.c |
3127 |
++++ b/net/rds/tcp.c |
3128 |
+@@ -527,7 +527,7 @@ static void rds_tcp_kill_sock(struct net *net) |
3129 |
+ list_for_each_entry_safe(tc, _tc, &rds_tcp_conn_list, t_tcp_node) { |
3130 |
+ struct net *c_net = read_pnet(&tc->t_cpath->cp_conn->c_net); |
3131 |
+ |
3132 |
+- if (net != c_net || !tc->t_sock) |
3133 |
++ if (net != c_net) |
3134 |
+ continue; |
3135 |
+ if (!list_has_conn(&tmp_list, tc->t_cpath->cp_conn)) { |
3136 |
+ list_move_tail(&tc->t_tcp_node, &tmp_list); |
3137 |
+diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c |
3138 |
+index 8ea8217db960..d6af93a24aa0 100644 |
3139 |
+--- a/net/sctp/protocol.c |
3140 |
++++ b/net/sctp/protocol.c |
3141 |
+@@ -600,6 +600,7 @@ out: |
3142 |
+ static int sctp_v4_addr_to_user(struct sctp_sock *sp, union sctp_addr *addr) |
3143 |
+ { |
3144 |
+ /* No address mapping for V4 sockets */ |
3145 |
++ memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero)); |
3146 |
+ return sizeof(struct sockaddr_in); |
3147 |
+ } |
3148 |
+ |
3149 |
+diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c |
3150 |
+index 965473d4129c..09491b27092e 100644 |
3151 |
+--- a/sound/core/seq/seq_clientmgr.c |
3152 |
++++ b/sound/core/seq/seq_clientmgr.c |
3153 |
+@@ -1249,7 +1249,7 @@ static int snd_seq_ioctl_set_client_info(struct snd_seq_client *client, |
3154 |
+ |
3155 |
+ /* fill the info fields */ |
3156 |
+ if (client_info->name[0]) |
3157 |
+- strlcpy(client->name, client_info->name, sizeof(client->name)); |
3158 |
++ strscpy(client->name, client_info->name, sizeof(client->name)); |
3159 |
+ |
3160 |
+ client->filter = client_info->filter; |
3161 |
+ client->event_lost = client_info->event_lost; |
3162 |
+@@ -1527,7 +1527,7 @@ static int snd_seq_ioctl_create_queue(struct snd_seq_client *client, void *arg) |
3163 |
+ /* set queue name */ |
3164 |
+ if (!info->name[0]) |
3165 |
+ snprintf(info->name, sizeof(info->name), "Queue-%d", q->queue); |
3166 |
+- strlcpy(q->name, info->name, sizeof(q->name)); |
3167 |
++ strscpy(q->name, info->name, sizeof(q->name)); |
3168 |
+ snd_use_lock_free(&q->use_lock); |
3169 |
+ |
3170 |
+ return 0; |
3171 |
+@@ -1589,7 +1589,7 @@ static int snd_seq_ioctl_set_queue_info(struct snd_seq_client *client, |
3172 |
+ queuefree(q); |
3173 |
+ return -EPERM; |
3174 |
+ } |
3175 |
+- strlcpy(q->name, info->name, sizeof(q->name)); |
3176 |
++ strscpy(q->name, info->name, sizeof(q->name)); |
3177 |
+ queuefree(q); |
3178 |
+ |
3179 |
+ return 0; |
3180 |
+diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c |
3181 |
+index 23ab0d169c11..fa64cc2b1729 100644 |
3182 |
+--- a/sound/soc/fsl/fsl_esai.c |
3183 |
++++ b/sound/soc/fsl/fsl_esai.c |
3184 |
+@@ -59,6 +59,8 @@ struct fsl_esai { |
3185 |
+ u32 fifo_depth; |
3186 |
+ u32 slot_width; |
3187 |
+ u32 slots; |
3188 |
++ u32 tx_mask; |
3189 |
++ u32 rx_mask; |
3190 |
+ u32 hck_rate[2]; |
3191 |
+ u32 sck_rate[2]; |
3192 |
+ bool hck_dir[2]; |
3193 |
+@@ -359,21 +361,13 @@ static int fsl_esai_set_dai_tdm_slot(struct snd_soc_dai *dai, u32 tx_mask, |
3194 |
+ regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR, |
3195 |
+ ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(slots)); |
3196 |
+ |
3197 |
+- regmap_update_bits(esai_priv->regmap, REG_ESAI_TSMA, |
3198 |
+- ESAI_xSMA_xS_MASK, ESAI_xSMA_xS(tx_mask)); |
3199 |
+- regmap_update_bits(esai_priv->regmap, REG_ESAI_TSMB, |
3200 |
+- ESAI_xSMB_xS_MASK, ESAI_xSMB_xS(tx_mask)); |
3201 |
+- |
3202 |
+ regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR, |
3203 |
+ ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(slots)); |
3204 |
+ |
3205 |
+- regmap_update_bits(esai_priv->regmap, REG_ESAI_RSMA, |
3206 |
+- ESAI_xSMA_xS_MASK, ESAI_xSMA_xS(rx_mask)); |
3207 |
+- regmap_update_bits(esai_priv->regmap, REG_ESAI_RSMB, |
3208 |
+- ESAI_xSMB_xS_MASK, ESAI_xSMB_xS(rx_mask)); |
3209 |
+- |
3210 |
+ esai_priv->slot_width = slot_width; |
3211 |
+ esai_priv->slots = slots; |
3212 |
++ esai_priv->tx_mask = tx_mask; |
3213 |
++ esai_priv->rx_mask = rx_mask; |
3214 |
+ |
3215 |
+ return 0; |
3216 |
+ } |
3217 |
+@@ -594,6 +588,7 @@ static int fsl_esai_trigger(struct snd_pcm_substream *substream, int cmd, |
3218 |
+ bool tx = substream->stream == SNDRV_PCM_STREAM_PLAYBACK; |
3219 |
+ u8 i, channels = substream->runtime->channels; |
3220 |
+ u32 pins = DIV_ROUND_UP(channels, esai_priv->slots); |
3221 |
++ u32 mask; |
3222 |
+ |
3223 |
+ switch (cmd) { |
3224 |
+ case SNDRV_PCM_TRIGGER_START: |
3225 |
+@@ -606,15 +601,38 @@ static int fsl_esai_trigger(struct snd_pcm_substream *substream, int cmd, |
3226 |
+ for (i = 0; tx && i < channels; i++) |
3227 |
+ regmap_write(esai_priv->regmap, REG_ESAI_ETDR, 0x0); |
3228 |
+ |
3229 |
++ /* |
3230 |
++ * When set the TE/RE in the end of enablement flow, there |
3231 |
++ * will be channel swap issue for multi data line case. |
3232 |
++ * In order to workaround this issue, we switch the bit |
3233 |
++ * enablement sequence to below sequence |
3234 |
++ * 1) clear the xSMB & xSMA: which is done in probe and |
3235 |
++ * stop state. |
3236 |
++ * 2) set TE/RE |
3237 |
++ * 3) set xSMB |
3238 |
++ * 4) set xSMA: xSMA is the last one in this flow, which |
3239 |
++ * will trigger esai to start. |
3240 |
++ */ |
3241 |
+ regmap_update_bits(esai_priv->regmap, REG_ESAI_xCR(tx), |
3242 |
+ tx ? ESAI_xCR_TE_MASK : ESAI_xCR_RE_MASK, |
3243 |
+ tx ? ESAI_xCR_TE(pins) : ESAI_xCR_RE(pins)); |
3244 |
++ mask = tx ? esai_priv->tx_mask : esai_priv->rx_mask; |
3245 |
++ |
3246 |
++ regmap_update_bits(esai_priv->regmap, REG_ESAI_xSMB(tx), |
3247 |
++ ESAI_xSMB_xS_MASK, ESAI_xSMB_xS(mask)); |
3248 |
++ regmap_update_bits(esai_priv->regmap, REG_ESAI_xSMA(tx), |
3249 |
++ ESAI_xSMA_xS_MASK, ESAI_xSMA_xS(mask)); |
3250 |
++ |
3251 |
+ break; |
3252 |
+ case SNDRV_PCM_TRIGGER_SUSPEND: |
3253 |
+ case SNDRV_PCM_TRIGGER_STOP: |
3254 |
+ case SNDRV_PCM_TRIGGER_PAUSE_PUSH: |
3255 |
+ regmap_update_bits(esai_priv->regmap, REG_ESAI_xCR(tx), |
3256 |
+ tx ? ESAI_xCR_TE_MASK : ESAI_xCR_RE_MASK, 0); |
3257 |
++ regmap_update_bits(esai_priv->regmap, REG_ESAI_xSMA(tx), |
3258 |
++ ESAI_xSMA_xS_MASK, 0); |
3259 |
++ regmap_update_bits(esai_priv->regmap, REG_ESAI_xSMB(tx), |
3260 |
++ ESAI_xSMB_xS_MASK, 0); |
3261 |
+ |
3262 |
+ /* Disable and reset FIFO */ |
3263 |
+ regmap_update_bits(esai_priv->regmap, REG_ESAI_xFCR(tx), |
3264 |
+@@ -904,6 +922,15 @@ static int fsl_esai_probe(struct platform_device *pdev) |
3265 |
+ return ret; |
3266 |
+ } |
3267 |
+ |
3268 |
++ esai_priv->tx_mask = 0xFFFFFFFF; |
3269 |
++ esai_priv->rx_mask = 0xFFFFFFFF; |
3270 |
++ |
3271 |
++ /* Clear the TSMA, TSMB, RSMA, RSMB */ |
3272 |
++ regmap_write(esai_priv->regmap, REG_ESAI_TSMA, 0); |
3273 |
++ regmap_write(esai_priv->regmap, REG_ESAI_TSMB, 0); |
3274 |
++ regmap_write(esai_priv->regmap, REG_ESAI_RSMA, 0); |
3275 |
++ regmap_write(esai_priv->regmap, REG_ESAI_RSMB, 0); |
3276 |
++ |
3277 |
+ ret = devm_snd_soc_register_component(&pdev->dev, &fsl_esai_component, |
3278 |
+ &fsl_esai_dai, 1); |
3279 |
+ if (ret) { |