Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:4.9 commit in: /
Date: Sat, 20 Apr 2019 23:26:16
Message-Id: 1555703635.be3f37519a9c9f700d9c4e582384b625b43a6996.mpagano@gentoo
1 commit: be3f37519a9c9f700d9c4e582384b625b43a6996
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Fri Apr 19 19:53:55 2019 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Fri Apr 19 19:53:55 2019 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=be3f3751
7
8 Linux patch 4.9.169
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1168_linux-4.9.169.patch | 3242 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 3246 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index 31f02c0..3f7c1b9 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -715,6 +715,10 @@ Patch: 1167_linux-4.9.168.patch
21 From: http://www.kernel.org
22 Desc: Linux 4.9.168
23
24 +Patch: 1168_linux-4.9.169.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 4.9.169
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1168_linux-4.9.169.patch b/1168_linux-4.9.169.patch
33 new file mode 100644
34 index 0000000..a466612
35 --- /dev/null
36 +++ b/1168_linux-4.9.169.patch
37 @@ -0,0 +1,3242 @@
38 +diff --git a/Makefile b/Makefile
39 +index f44094d2b147..23cc23c47adf 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,6 +1,6 @@
43 + VERSION = 4
44 + PATCHLEVEL = 9
45 +-SUBLEVEL = 168
46 ++SUBLEVEL = 169
47 + EXTRAVERSION =
48 + NAME = Roaring Lionus
49 +
50 +@@ -507,7 +507,7 @@ endif
51 + ifeq ($(cc-name),clang)
52 + ifneq ($(CROSS_COMPILE),)
53 + CLANG_FLAGS := --target=$(notdir $(CROSS_COMPILE:%-=%))
54 +-GCC_TOOLCHAIN_DIR := $(dir $(shell which $(LD)))
55 ++GCC_TOOLCHAIN_DIR := $(dir $(shell which $(CROSS_COMPILE)elfedit))
56 + CLANG_FLAGS += --prefix=$(GCC_TOOLCHAIN_DIR)
57 + GCC_TOOLCHAIN := $(realpath $(GCC_TOOLCHAIN_DIR)/..)
58 + endif
59 +diff --git a/arch/arm/boot/dts/sama5d2-pinfunc.h b/arch/arm/boot/dts/sama5d2-pinfunc.h
60 +index 8a394f336003..ee65702f9645 100644
61 +--- a/arch/arm/boot/dts/sama5d2-pinfunc.h
62 ++++ b/arch/arm/boot/dts/sama5d2-pinfunc.h
63 +@@ -517,7 +517,7 @@
64 + #define PIN_PC9__GPIO PINMUX_PIN(PIN_PC9, 0, 0)
65 + #define PIN_PC9__FIQ PINMUX_PIN(PIN_PC9, 1, 3)
66 + #define PIN_PC9__GTSUCOMP PINMUX_PIN(PIN_PC9, 2, 1)
67 +-#define PIN_PC9__ISC_D0 PINMUX_PIN(PIN_PC9, 2, 1)
68 ++#define PIN_PC9__ISC_D0 PINMUX_PIN(PIN_PC9, 3, 1)
69 + #define PIN_PC9__TIOA4 PINMUX_PIN(PIN_PC9, 4, 2)
70 + #define PIN_PC10 74
71 + #define PIN_PC10__GPIO PINMUX_PIN(PIN_PC10, 0, 0)
72 +diff --git a/arch/arm64/include/asm/futex.h b/arch/arm64/include/asm/futex.h
73 +index 2a5090fb9113..d7116f5935fb 100644
74 +--- a/arch/arm64/include/asm/futex.h
75 ++++ b/arch/arm64/include/asm/futex.h
76 +@@ -33,8 +33,8 @@
77 + " prfm pstl1strm, %2\n" \
78 + "1: ldxr %w1, %2\n" \
79 + insn "\n" \
80 +-"2: stlxr %w3, %w0, %2\n" \
81 +-" cbnz %w3, 1b\n" \
82 ++"2: stlxr %w0, %w3, %2\n" \
83 ++" cbnz %w0, 1b\n" \
84 + " dmb ish\n" \
85 + "3:\n" \
86 + " .pushsection .fixup,\"ax\"\n" \
87 +@@ -53,29 +53,29 @@
88 + static inline int
89 + arch_futex_atomic_op_inuser(int op, int oparg, int *oval, u32 __user *uaddr)
90 + {
91 +- int oldval = 0, ret, tmp;
92 ++ int oldval, ret, tmp;
93 +
94 + pagefault_disable();
95 +
96 + switch (op) {
97 + case FUTEX_OP_SET:
98 +- __futex_atomic_op("mov %w0, %w4",
99 ++ __futex_atomic_op("mov %w3, %w4",
100 + ret, oldval, uaddr, tmp, oparg);
101 + break;
102 + case FUTEX_OP_ADD:
103 +- __futex_atomic_op("add %w0, %w1, %w4",
104 ++ __futex_atomic_op("add %w3, %w1, %w4",
105 + ret, oldval, uaddr, tmp, oparg);
106 + break;
107 + case FUTEX_OP_OR:
108 +- __futex_atomic_op("orr %w0, %w1, %w4",
109 ++ __futex_atomic_op("orr %w3, %w1, %w4",
110 + ret, oldval, uaddr, tmp, oparg);
111 + break;
112 + case FUTEX_OP_ANDN:
113 +- __futex_atomic_op("and %w0, %w1, %w4",
114 ++ __futex_atomic_op("and %w3, %w1, %w4",
115 + ret, oldval, uaddr, tmp, ~oparg);
116 + break;
117 + case FUTEX_OP_XOR:
118 +- __futex_atomic_op("eor %w0, %w1, %w4",
119 ++ __futex_atomic_op("eor %w3, %w1, %w4",
120 + ret, oldval, uaddr, tmp, oparg);
121 + break;
122 + default:
123 +diff --git a/arch/arm64/mm/init.c b/arch/arm64/mm/init.c
124 +index fa6b2fad7a3d..5d3df68272f5 100644
125 +--- a/arch/arm64/mm/init.c
126 ++++ b/arch/arm64/mm/init.c
127 +@@ -272,7 +272,7 @@ void __init arm64_memblock_init(void)
128 + * memory spans, randomize the linear region as well.
129 + */
130 + if (memstart_offset_seed > 0 && range >= ARM64_MEMSTART_ALIGN) {
131 +- range = range / ARM64_MEMSTART_ALIGN + 1;
132 ++ range /= ARM64_MEMSTART_ALIGN;
133 + memstart_addr -= ARM64_MEMSTART_ALIGN *
134 + ((range * memstart_offset_seed) >> 16);
135 + }
136 +diff --git a/arch/parisc/include/asm/processor.h b/arch/parisc/include/asm/processor.h
137 +index 2e674e13e005..656984ec1958 100644
138 +--- a/arch/parisc/include/asm/processor.h
139 ++++ b/arch/parisc/include/asm/processor.h
140 +@@ -323,6 +323,8 @@ extern int _parisc_requires_coherency;
141 + #define parisc_requires_coherency() (0)
142 + #endif
143 +
144 ++extern int running_on_qemu;
145 ++
146 + #endif /* __ASSEMBLY__ */
147 +
148 + #endif /* __ASM_PARISC_PROCESSOR_H */
149 +diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c
150 +index c3a532abac03..2e5216c28bb1 100644
151 +--- a/arch/parisc/kernel/process.c
152 ++++ b/arch/parisc/kernel/process.c
153 +@@ -206,12 +206,6 @@ void __cpuidle arch_cpu_idle(void)
154 +
155 + static int __init parisc_idle_init(void)
156 + {
157 +- const char *marker;
158 +-
159 +- /* check QEMU/SeaBIOS marker in PAGE0 */
160 +- marker = (char *) &PAGE0->pad0;
161 +- running_on_qemu = (memcmp(marker, "SeaBIOS", 8) == 0);
162 +-
163 + if (!running_on_qemu)
164 + cpu_idle_poll_ctrl(1);
165 +
166 +diff --git a/arch/parisc/kernel/setup.c b/arch/parisc/kernel/setup.c
167 +index 2e66a887788e..581b0c66e521 100644
168 +--- a/arch/parisc/kernel/setup.c
169 ++++ b/arch/parisc/kernel/setup.c
170 +@@ -403,6 +403,9 @@ void start_parisc(void)
171 + int ret, cpunum;
172 + struct pdc_coproc_cfg coproc_cfg;
173 +
174 ++ /* check QEMU/SeaBIOS marker in PAGE0 */
175 ++ running_on_qemu = (memcmp(&PAGE0->pad0, "SeaBIOS", 8) == 0);
176 ++
177 + cpunum = smp_processor_id();
178 +
179 + set_firmware_width_unlocked();
180 +diff --git a/arch/parisc/kernel/time.c b/arch/parisc/kernel/time.c
181 +index 47ef8fdcd382..22754e0c3bda 100644
182 +--- a/arch/parisc/kernel/time.c
183 ++++ b/arch/parisc/kernel/time.c
184 +@@ -299,7 +299,7 @@ static int __init init_cr16_clocksource(void)
185 + * The cr16 interval timers are not syncronized across CPUs, so mark
186 + * them unstable and lower rating on SMP systems.
187 + */
188 +- if (num_online_cpus() > 1) {
189 ++ if (num_online_cpus() > 1 && !running_on_qemu) {
190 + clocksource_cr16.flags = CLOCK_SOURCE_UNSTABLE;
191 + clocksource_cr16.rating = 0;
192 + }
193 +diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
194 +index 0a6bb48854e3..fa8f2aa88189 100644
195 +--- a/arch/powerpc/Kconfig
196 ++++ b/arch/powerpc/Kconfig
197 +@@ -128,7 +128,7 @@ config PPC
198 + select ARCH_HAS_GCOV_PROFILE_ALL
199 + select GENERIC_SMP_IDLE_THREAD
200 + select GENERIC_CMOS_UPDATE
201 +- select GENERIC_CPU_VULNERABILITIES if PPC_BOOK3S_64
202 ++ select GENERIC_CPU_VULNERABILITIES if PPC_BARRIER_NOSPEC
203 + select GENERIC_TIME_VSYSCALL_OLD
204 + select GENERIC_CLOCKEVENTS
205 + select GENERIC_CLOCKEVENTS_BROADCAST if SMP
206 +@@ -164,6 +164,11 @@ config PPC
207 + select HAVE_ARCH_HARDENED_USERCOPY
208 + select HAVE_KERNEL_GZIP
209 +
210 ++config PPC_BARRIER_NOSPEC
211 ++ bool
212 ++ default y
213 ++ depends on PPC_BOOK3S_64 || PPC_FSL_BOOK3E
214 ++
215 + config GENERIC_CSUM
216 + def_bool CPU_LITTLE_ENDIAN
217 +
218 +diff --git a/arch/powerpc/include/asm/asm-prototypes.h b/arch/powerpc/include/asm/asm-prototypes.h
219 +index e0baba1535e6..f3daa175f86c 100644
220 +--- a/arch/powerpc/include/asm/asm-prototypes.h
221 ++++ b/arch/powerpc/include/asm/asm-prototypes.h
222 +@@ -121,4 +121,10 @@ extern s64 __ashrdi3(s64, int);
223 + extern int __cmpdi2(s64, s64);
224 + extern int __ucmpdi2(u64, u64);
225 +
226 ++/* Patch sites */
227 ++extern s32 patch__call_flush_count_cache;
228 ++extern s32 patch__flush_count_cache_return;
229 ++
230 ++extern long flush_count_cache;
231 ++
232 + #endif /* _ASM_POWERPC_ASM_PROTOTYPES_H */
233 +diff --git a/arch/powerpc/include/asm/barrier.h b/arch/powerpc/include/asm/barrier.h
234 +index 798ab37c9930..80024c4f2093 100644
235 +--- a/arch/powerpc/include/asm/barrier.h
236 ++++ b/arch/powerpc/include/asm/barrier.h
237 +@@ -77,6 +77,27 @@ do { \
238 +
239 + #define smp_mb__before_spinlock() smp_mb()
240 +
241 ++#ifdef CONFIG_PPC_BOOK3S_64
242 ++#define NOSPEC_BARRIER_SLOT nop
243 ++#elif defined(CONFIG_PPC_FSL_BOOK3E)
244 ++#define NOSPEC_BARRIER_SLOT nop; nop
245 ++#endif
246 ++
247 ++#ifdef CONFIG_PPC_BARRIER_NOSPEC
248 ++/*
249 ++ * Prevent execution of subsequent instructions until preceding branches have
250 ++ * been fully resolved and are no longer executing speculatively.
251 ++ */
252 ++#define barrier_nospec_asm NOSPEC_BARRIER_FIXUP_SECTION; NOSPEC_BARRIER_SLOT
253 ++
254 ++// This also acts as a compiler barrier due to the memory clobber.
255 ++#define barrier_nospec() asm (stringify_in_c(barrier_nospec_asm) ::: "memory")
256 ++
257 ++#else /* !CONFIG_PPC_BARRIER_NOSPEC */
258 ++#define barrier_nospec_asm
259 ++#define barrier_nospec()
260 ++#endif /* CONFIG_PPC_BARRIER_NOSPEC */
261 ++
262 + #include <asm-generic/barrier.h>
263 +
264 + #endif /* _ASM_POWERPC_BARRIER_H */
265 +diff --git a/arch/powerpc/include/asm/code-patching-asm.h b/arch/powerpc/include/asm/code-patching-asm.h
266 +new file mode 100644
267 +index 000000000000..ed7b1448493a
268 +--- /dev/null
269 ++++ b/arch/powerpc/include/asm/code-patching-asm.h
270 +@@ -0,0 +1,18 @@
271 ++/* SPDX-License-Identifier: GPL-2.0+ */
272 ++/*
273 ++ * Copyright 2018, Michael Ellerman, IBM Corporation.
274 ++ */
275 ++#ifndef _ASM_POWERPC_CODE_PATCHING_ASM_H
276 ++#define _ASM_POWERPC_CODE_PATCHING_ASM_H
277 ++
278 ++/* Define a "site" that can be patched */
279 ++.macro patch_site label name
280 ++ .pushsection ".rodata"
281 ++ .balign 4
282 ++ .global \name
283 ++\name:
284 ++ .4byte \label - .
285 ++ .popsection
286 ++.endm
287 ++
288 ++#endif /* _ASM_POWERPC_CODE_PATCHING_ASM_H */
289 +diff --git a/arch/powerpc/include/asm/code-patching.h b/arch/powerpc/include/asm/code-patching.h
290 +index b4ab1f497335..ab934f8232bd 100644
291 +--- a/arch/powerpc/include/asm/code-patching.h
292 ++++ b/arch/powerpc/include/asm/code-patching.h
293 +@@ -28,6 +28,8 @@ unsigned int create_cond_branch(const unsigned int *addr,
294 + unsigned long target, int flags);
295 + int patch_branch(unsigned int *addr, unsigned long target, int flags);
296 + int patch_instruction(unsigned int *addr, unsigned int instr);
297 ++int patch_instruction_site(s32 *addr, unsigned int instr);
298 ++int patch_branch_site(s32 *site, unsigned long target, int flags);
299 +
300 + int instr_is_relative_branch(unsigned int instr);
301 + int instr_is_relative_link_branch(unsigned int instr);
302 +diff --git a/arch/powerpc/include/asm/feature-fixups.h b/arch/powerpc/include/asm/feature-fixups.h
303 +index 0bf8202feca6..175128e19025 100644
304 +--- a/arch/powerpc/include/asm/feature-fixups.h
305 ++++ b/arch/powerpc/include/asm/feature-fixups.h
306 +@@ -213,6 +213,25 @@ void setup_feature_keys(void);
307 + FTR_ENTRY_OFFSET 951b-952b; \
308 + .popsection;
309 +
310 ++#define NOSPEC_BARRIER_FIXUP_SECTION \
311 ++953: \
312 ++ .pushsection __barrier_nospec_fixup,"a"; \
313 ++ .align 2; \
314 ++954: \
315 ++ FTR_ENTRY_OFFSET 953b-954b; \
316 ++ .popsection;
317 ++
318 ++#define START_BTB_FLUSH_SECTION \
319 ++955: \
320 ++
321 ++#define END_BTB_FLUSH_SECTION \
322 ++956: \
323 ++ .pushsection __btb_flush_fixup,"a"; \
324 ++ .align 2; \
325 ++957: \
326 ++ FTR_ENTRY_OFFSET 955b-957b; \
327 ++ FTR_ENTRY_OFFSET 956b-957b; \
328 ++ .popsection;
329 +
330 + #ifndef __ASSEMBLY__
331 +
332 +@@ -220,6 +239,8 @@ extern long stf_barrier_fallback;
333 + extern long __start___stf_entry_barrier_fixup, __stop___stf_entry_barrier_fixup;
334 + extern long __start___stf_exit_barrier_fixup, __stop___stf_exit_barrier_fixup;
335 + extern long __start___rfi_flush_fixup, __stop___rfi_flush_fixup;
336 ++extern long __start___barrier_nospec_fixup, __stop___barrier_nospec_fixup;
337 ++extern long __start__btb_flush_fixup, __stop__btb_flush_fixup;
338 +
339 + #endif
340 +
341 +diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h
342 +index 9d978102bf0d..9587d301db55 100644
343 +--- a/arch/powerpc/include/asm/hvcall.h
344 ++++ b/arch/powerpc/include/asm/hvcall.h
345 +@@ -316,10 +316,12 @@
346 + #define H_CPU_CHAR_BRANCH_HINTS_HONORED (1ull << 58) // IBM bit 5
347 + #define H_CPU_CHAR_THREAD_RECONFIG_CTRL (1ull << 57) // IBM bit 6
348 + #define H_CPU_CHAR_COUNT_CACHE_DISABLED (1ull << 56) // IBM bit 7
349 ++#define H_CPU_CHAR_BCCTR_FLUSH_ASSIST (1ull << 54) // IBM bit 9
350 +
351 + #define H_CPU_BEHAV_FAVOUR_SECURITY (1ull << 63) // IBM bit 0
352 + #define H_CPU_BEHAV_L1D_FLUSH_PR (1ull << 62) // IBM bit 1
353 + #define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR (1ull << 61) // IBM bit 2
354 ++#define H_CPU_BEHAV_FLUSH_COUNT_CACHE (1ull << 58) // IBM bit 5
355 +
356 + #ifndef __ASSEMBLY__
357 + #include <linux/types.h>
358 +diff --git a/arch/powerpc/include/asm/ppc_asm.h b/arch/powerpc/include/asm/ppc_asm.h
359 +index c73750b0d9fa..bbd35ba36a22 100644
360 +--- a/arch/powerpc/include/asm/ppc_asm.h
361 ++++ b/arch/powerpc/include/asm/ppc_asm.h
362 +@@ -437,7 +437,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_601)
363 + .machine push ; \
364 + .machine "power4" ; \
365 + lis scratch,0x60000000@h; \
366 +- dcbt r0,scratch,0b01010; \
367 ++ dcbt 0,scratch,0b01010; \
368 + .machine pop
369 +
370 + /*
371 +@@ -780,4 +780,25 @@ END_FTR_SECTION_IFCLR(CPU_FTR_601)
372 + .long 0x2400004c /* rfid */
373 + #endif /* !CONFIG_PPC_BOOK3E */
374 + #endif /* __ASSEMBLY__ */
375 ++
376 ++/*
377 ++ * Helper macro for exception table entries
378 ++ */
379 ++#define EX_TABLE(_fault, _target) \
380 ++ stringify_in_c(.section __ex_table,"a";)\
381 ++ stringify_in_c(.balign 4;) \
382 ++ stringify_in_c(.long (_fault) - . ;) \
383 ++ stringify_in_c(.long (_target) - . ;) \
384 ++ stringify_in_c(.previous)
385 ++
386 ++#ifdef CONFIG_PPC_FSL_BOOK3E
387 ++#define BTB_FLUSH(reg) \
388 ++ lis reg,BUCSR_INIT@h; \
389 ++ ori reg,reg,BUCSR_INIT@l; \
390 ++ mtspr SPRN_BUCSR,reg; \
391 ++ isync;
392 ++#else
393 ++#define BTB_FLUSH(reg)
394 ++#endif /* CONFIG_PPC_FSL_BOOK3E */
395 ++
396 + #endif /* _ASM_POWERPC_PPC_ASM_H */
397 +diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h
398 +index 44989b22383c..759597bf0fd8 100644
399 +--- a/arch/powerpc/include/asm/security_features.h
400 ++++ b/arch/powerpc/include/asm/security_features.h
401 +@@ -22,6 +22,7 @@ enum stf_barrier_type {
402 +
403 + void setup_stf_barrier(void);
404 + void do_stf_barrier_fixups(enum stf_barrier_type types);
405 ++void setup_count_cache_flush(void);
406 +
407 + static inline void security_ftr_set(unsigned long feature)
408 + {
409 +@@ -59,6 +60,9 @@ static inline bool security_ftr_enabled(unsigned long feature)
410 + // Indirect branch prediction cache disabled
411 + #define SEC_FTR_COUNT_CACHE_DISABLED 0x0000000000000020ull
412 +
413 ++// bcctr 2,0,0 triggers a hardware assisted count cache flush
414 ++#define SEC_FTR_BCCTR_FLUSH_ASSIST 0x0000000000000800ull
415 ++
416 +
417 + // Features indicating need for Spectre/Meltdown mitigations
418 +
419 +@@ -74,6 +78,9 @@ static inline bool security_ftr_enabled(unsigned long feature)
420 + // Firmware configuration indicates user favours security over performance
421 + #define SEC_FTR_FAVOUR_SECURITY 0x0000000000000200ull
422 +
423 ++// Software required to flush count cache on context switch
424 ++#define SEC_FTR_FLUSH_COUNT_CACHE 0x0000000000000400ull
425 ++
426 +
427 + // Features enabled by default
428 + #define SEC_FTR_DEFAULT \
429 +diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h
430 +index 3f160cd20107..862ebce3ae54 100644
431 +--- a/arch/powerpc/include/asm/setup.h
432 ++++ b/arch/powerpc/include/asm/setup.h
433 +@@ -8,6 +8,7 @@ extern void ppc_printk_progress(char *s, unsigned short hex);
434 +
435 + extern unsigned int rtas_data;
436 + extern unsigned long long memory_limit;
437 ++extern bool init_mem_is_free;
438 + extern unsigned long klimit;
439 + extern void *zalloc_maybe_bootmem(size_t size, gfp_t mask);
440 +
441 +@@ -50,6 +51,26 @@ enum l1d_flush_type {
442 +
443 + void setup_rfi_flush(enum l1d_flush_type, bool enable);
444 + void do_rfi_flush_fixups(enum l1d_flush_type types);
445 ++#ifdef CONFIG_PPC_BARRIER_NOSPEC
446 ++void setup_barrier_nospec(void);
447 ++#else
448 ++static inline void setup_barrier_nospec(void) { };
449 ++#endif
450 ++void do_barrier_nospec_fixups(bool enable);
451 ++extern bool barrier_nospec_enabled;
452 ++
453 ++#ifdef CONFIG_PPC_BARRIER_NOSPEC
454 ++void do_barrier_nospec_fixups_range(bool enable, void *start, void *end);
455 ++#else
456 ++static inline void do_barrier_nospec_fixups_range(bool enable, void *start, void *end) { };
457 ++#endif
458 ++
459 ++#ifdef CONFIG_PPC_FSL_BOOK3E
460 ++void setup_spectre_v2(void);
461 ++#else
462 ++static inline void setup_spectre_v2(void) {};
463 ++#endif
464 ++void do_btb_flush_fixups(void);
465 +
466 + #endif /* !__ASSEMBLY__ */
467 +
468 +diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h
469 +index 31913b3ac7ab..da852153c1f8 100644
470 +--- a/arch/powerpc/include/asm/uaccess.h
471 ++++ b/arch/powerpc/include/asm/uaccess.h
472 +@@ -269,6 +269,7 @@ do { \
473 + __chk_user_ptr(ptr); \
474 + if (!is_kernel_addr((unsigned long)__gu_addr)) \
475 + might_fault(); \
476 ++ barrier_nospec(); \
477 + __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
478 + (x) = (__typeof__(*(ptr)))__gu_val; \
479 + __gu_err; \
480 +@@ -280,8 +281,10 @@ do { \
481 + unsigned long __gu_val = 0; \
482 + __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
483 + might_fault(); \
484 +- if (access_ok(VERIFY_READ, __gu_addr, (size))) \
485 ++ if (access_ok(VERIFY_READ, __gu_addr, (size))) { \
486 ++ barrier_nospec(); \
487 + __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
488 ++ } \
489 + (x) = (__force __typeof__(*(ptr)))__gu_val; \
490 + __gu_err; \
491 + })
492 +@@ -292,6 +295,7 @@ do { \
493 + unsigned long __gu_val; \
494 + __typeof__(*(ptr)) __user *__gu_addr = (ptr); \
495 + __chk_user_ptr(ptr); \
496 ++ barrier_nospec(); \
497 + __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \
498 + (x) = (__force __typeof__(*(ptr)))__gu_val; \
499 + __gu_err; \
500 +@@ -348,15 +352,19 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
501 +
502 + switch (n) {
503 + case 1:
504 ++ barrier_nospec();
505 + __get_user_size(*(u8 *)to, from, 1, ret);
506 + break;
507 + case 2:
508 ++ barrier_nospec();
509 + __get_user_size(*(u16 *)to, from, 2, ret);
510 + break;
511 + case 4:
512 ++ barrier_nospec();
513 + __get_user_size(*(u32 *)to, from, 4, ret);
514 + break;
515 + case 8:
516 ++ barrier_nospec();
517 + __get_user_size(*(u64 *)to, from, 8, ret);
518 + break;
519 + }
520 +@@ -366,6 +374,7 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
521 +
522 + check_object_size(to, n, false);
523 +
524 ++ barrier_nospec();
525 + return __copy_tofrom_user((__force void __user *)to, from, n);
526 + }
527 +
528 +diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile
529 +index 13885786282b..d80fbf0884ff 100644
530 +--- a/arch/powerpc/kernel/Makefile
531 ++++ b/arch/powerpc/kernel/Makefile
532 +@@ -44,9 +44,10 @@ obj-$(CONFIG_PPC64) += setup_64.o sys_ppc32.o \
533 + obj-$(CONFIG_VDSO32) += vdso32/
534 + obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o
535 + obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_ppc970.o cpu_setup_pa6t.o
536 +-obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o security.o
537 ++obj-$(CONFIG_PPC_BOOK3S_64) += cpu_setup_power.o
538 + obj-$(CONFIG_PPC_BOOK3S_64) += mce.o mce_power.o
539 + obj-$(CONFIG_PPC_BOOK3E_64) += exceptions-64e.o idle_book3e.o
540 ++obj-$(CONFIG_PPC_BARRIER_NOSPEC) += security.o
541 + obj-$(CONFIG_PPC64) += vdso64/
542 + obj-$(CONFIG_ALTIVEC) += vecemu.o
543 + obj-$(CONFIG_PPC_970_NAP) += idle_power4.o
544 +diff --git a/arch/powerpc/kernel/entry_32.S b/arch/powerpc/kernel/entry_32.S
545 +index 370645687cc7..bdd88f9d7926 100644
546 +--- a/arch/powerpc/kernel/entry_32.S
547 ++++ b/arch/powerpc/kernel/entry_32.S
548 +@@ -34,6 +34,7 @@
549 + #include <asm/ftrace.h>
550 + #include <asm/ptrace.h>
551 + #include <asm/export.h>
552 ++#include <asm/barrier.h>
553 +
554 + /*
555 + * MSR_KERNEL is > 0x10000 on 4xx/Book-E since it include MSR_CE.
556 +@@ -347,6 +348,15 @@ syscall_dotrace_cont:
557 + ori r10,r10,sys_call_table@l
558 + slwi r0,r0,2
559 + bge- 66f
560 ++
561 ++ barrier_nospec_asm
562 ++ /*
563 ++ * Prevent the load of the handler below (based on the user-passed
564 ++ * system call number) being speculatively executed until the test
565 ++ * against NR_syscalls and branch to .66f above has
566 ++ * committed.
567 ++ */
568 ++
569 + lwzx r10,r10,r0 /* Fetch system call handler [ptr] */
570 + mtlr r10
571 + addi r9,r1,STACK_FRAME_OVERHEAD
572 +diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S
573 +index e24ae0fa80ed..390ebf4ef384 100644
574 +--- a/arch/powerpc/kernel/entry_64.S
575 ++++ b/arch/powerpc/kernel/entry_64.S
576 +@@ -26,6 +26,7 @@
577 + #include <asm/page.h>
578 + #include <asm/mmu.h>
579 + #include <asm/thread_info.h>
580 ++#include <asm/code-patching-asm.h>
581 + #include <asm/ppc_asm.h>
582 + #include <asm/asm-offsets.h>
583 + #include <asm/cputable.h>
584 +@@ -38,6 +39,7 @@
585 + #include <asm/context_tracking.h>
586 + #include <asm/tm.h>
587 + #include <asm/ppc-opcode.h>
588 ++#include <asm/barrier.h>
589 + #include <asm/export.h>
590 + #ifdef CONFIG_PPC_BOOK3S
591 + #include <asm/exception-64s.h>
592 +@@ -78,6 +80,11 @@ END_FTR_SECTION_IFSET(CPU_FTR_TM)
593 + std r0,GPR0(r1)
594 + std r10,GPR1(r1)
595 + beq 2f /* if from kernel mode */
596 ++#ifdef CONFIG_PPC_FSL_BOOK3E
597 ++START_BTB_FLUSH_SECTION
598 ++ BTB_FLUSH(r10)
599 ++END_BTB_FLUSH_SECTION
600 ++#endif
601 + ACCOUNT_CPU_USER_ENTRY(r13, r10, r11)
602 + 2: std r2,GPR2(r1)
603 + std r3,GPR3(r1)
604 +@@ -180,6 +187,15 @@ system_call: /* label this so stack traces look sane */
605 + clrldi r8,r8,32
606 + 15:
607 + slwi r0,r0,4
608 ++
609 ++ barrier_nospec_asm
610 ++ /*
611 ++ * Prevent the load of the handler below (based on the user-passed
612 ++ * system call number) being speculatively executed until the test
613 ++ * against NR_syscalls and branch to .Lsyscall_enosys above has
614 ++ * committed.
615 ++ */
616 ++
617 + ldx r12,r11,r0 /* Fetch system call handler [ptr] */
618 + mtctr r12
619 + bctrl /* Call handler */
620 +@@ -473,6 +489,57 @@ _GLOBAL(ret_from_kernel_thread)
621 + li r3,0
622 + b .Lsyscall_exit
623 +
624 ++#ifdef CONFIG_PPC_BOOK3S_64
625 ++
626 ++#define FLUSH_COUNT_CACHE \
627 ++1: nop; \
628 ++ patch_site 1b, patch__call_flush_count_cache
629 ++
630 ++
631 ++#define BCCTR_FLUSH .long 0x4c400420
632 ++
633 ++.macro nops number
634 ++ .rept \number
635 ++ nop
636 ++ .endr
637 ++.endm
638 ++
639 ++.balign 32
640 ++.global flush_count_cache
641 ++flush_count_cache:
642 ++ /* Save LR into r9 */
643 ++ mflr r9
644 ++
645 ++ .rept 64
646 ++ bl .+4
647 ++ .endr
648 ++ b 1f
649 ++ nops 6
650 ++
651 ++ .balign 32
652 ++ /* Restore LR */
653 ++1: mtlr r9
654 ++ li r9,0x7fff
655 ++ mtctr r9
656 ++
657 ++ BCCTR_FLUSH
658 ++
659 ++2: nop
660 ++ patch_site 2b patch__flush_count_cache_return
661 ++
662 ++ nops 3
663 ++
664 ++ .rept 278
665 ++ .balign 32
666 ++ BCCTR_FLUSH
667 ++ nops 7
668 ++ .endr
669 ++
670 ++ blr
671 ++#else
672 ++#define FLUSH_COUNT_CACHE
673 ++#endif /* CONFIG_PPC_BOOK3S_64 */
674 ++
675 + /*
676 + * This routine switches between two different tasks. The process
677 + * state of one is saved on its kernel stack. Then the state
678 +@@ -504,6 +571,8 @@ _GLOBAL(_switch)
679 + std r23,_CCR(r1)
680 + std r1,KSP(r3) /* Set old stack pointer */
681 +
682 ++ FLUSH_COUNT_CACHE
683 ++
684 + #ifdef CONFIG_SMP
685 + /* We need a sync somewhere here to make sure that if the
686 + * previous task gets rescheduled on another CPU, it sees all
687 +diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
688 +index ca03eb229a9a..423b5257d3a1 100644
689 +--- a/arch/powerpc/kernel/exceptions-64e.S
690 ++++ b/arch/powerpc/kernel/exceptions-64e.S
691 +@@ -295,7 +295,8 @@ ret_from_mc_except:
692 + andi. r10,r11,MSR_PR; /* save stack pointer */ \
693 + beq 1f; /* branch around if supervisor */ \
694 + ld r1,PACAKSAVE(r13); /* get kernel stack coming from usr */\
695 +-1: cmpdi cr1,r1,0; /* check if SP makes sense */ \
696 ++1: type##_BTB_FLUSH \
697 ++ cmpdi cr1,r1,0; /* check if SP makes sense */ \
698 + bge- cr1,exc_##n##_bad_stack;/* bad stack (TODO: out of line) */ \
699 + mfspr r10,SPRN_##type##_SRR0; /* read SRR0 before touching stack */
700 +
701 +@@ -327,6 +328,30 @@ ret_from_mc_except:
702 + #define SPRN_MC_SRR0 SPRN_MCSRR0
703 + #define SPRN_MC_SRR1 SPRN_MCSRR1
704 +
705 ++#ifdef CONFIG_PPC_FSL_BOOK3E
706 ++#define GEN_BTB_FLUSH \
707 ++ START_BTB_FLUSH_SECTION \
708 ++ beq 1f; \
709 ++ BTB_FLUSH(r10) \
710 ++ 1: \
711 ++ END_BTB_FLUSH_SECTION
712 ++
713 ++#define CRIT_BTB_FLUSH \
714 ++ START_BTB_FLUSH_SECTION \
715 ++ BTB_FLUSH(r10) \
716 ++ END_BTB_FLUSH_SECTION
717 ++
718 ++#define DBG_BTB_FLUSH CRIT_BTB_FLUSH
719 ++#define MC_BTB_FLUSH CRIT_BTB_FLUSH
720 ++#define GDBELL_BTB_FLUSH GEN_BTB_FLUSH
721 ++#else
722 ++#define GEN_BTB_FLUSH
723 ++#define CRIT_BTB_FLUSH
724 ++#define DBG_BTB_FLUSH
725 ++#define MC_BTB_FLUSH
726 ++#define GDBELL_BTB_FLUSH
727 ++#endif
728 ++
729 + #define NORMAL_EXCEPTION_PROLOG(n, intnum, addition) \
730 + EXCEPTION_PROLOG(n, intnum, GEN, addition##_GEN(n))
731 +
732 +diff --git a/arch/powerpc/kernel/head_booke.h b/arch/powerpc/kernel/head_booke.h
733 +index a620203f7de3..7b98c7351f6c 100644
734 +--- a/arch/powerpc/kernel/head_booke.h
735 ++++ b/arch/powerpc/kernel/head_booke.h
736 +@@ -31,6 +31,16 @@
737 + */
738 + #define THREAD_NORMSAVE(offset) (THREAD_NORMSAVES + (offset * 4))
739 +
740 ++#ifdef CONFIG_PPC_FSL_BOOK3E
741 ++#define BOOKE_CLEAR_BTB(reg) \
742 ++START_BTB_FLUSH_SECTION \
743 ++ BTB_FLUSH(reg) \
744 ++END_BTB_FLUSH_SECTION
745 ++#else
746 ++#define BOOKE_CLEAR_BTB(reg)
747 ++#endif
748 ++
749 ++
750 + #define NORMAL_EXCEPTION_PROLOG(intno) \
751 + mtspr SPRN_SPRG_WSCRATCH0, r10; /* save one register */ \
752 + mfspr r10, SPRN_SPRG_THREAD; \
753 +@@ -42,6 +52,7 @@
754 + andi. r11, r11, MSR_PR; /* check whether user or kernel */\
755 + mr r11, r1; \
756 + beq 1f; \
757 ++ BOOKE_CLEAR_BTB(r11) \
758 + /* if from user, start at top of this thread's kernel stack */ \
759 + lwz r11, THREAD_INFO-THREAD(r10); \
760 + ALLOC_STACK_FRAME(r11, THREAD_SIZE); \
761 +@@ -127,6 +138,7 @@
762 + stw r9,_CCR(r8); /* save CR on stack */\
763 + mfspr r11,exc_level_srr1; /* check whether user or kernel */\
764 + DO_KVM BOOKE_INTERRUPT_##intno exc_level_srr1; \
765 ++ BOOKE_CLEAR_BTB(r10) \
766 + andi. r11,r11,MSR_PR; \
767 + mfspr r11,SPRN_SPRG_THREAD; /* if from user, start at top of */\
768 + lwz r11,THREAD_INFO-THREAD(r11); /* this thread's kernel stack */\
769 +diff --git a/arch/powerpc/kernel/head_fsl_booke.S b/arch/powerpc/kernel/head_fsl_booke.S
770 +index bf4c6021515f..60a0aeefc4a7 100644
771 +--- a/arch/powerpc/kernel/head_fsl_booke.S
772 ++++ b/arch/powerpc/kernel/head_fsl_booke.S
773 +@@ -452,6 +452,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
774 + mfcr r13
775 + stw r13, THREAD_NORMSAVE(3)(r10)
776 + DO_KVM BOOKE_INTERRUPT_DTLB_MISS SPRN_SRR1
777 ++START_BTB_FLUSH_SECTION
778 ++ mfspr r11, SPRN_SRR1
779 ++ andi. r10,r11,MSR_PR
780 ++ beq 1f
781 ++ BTB_FLUSH(r10)
782 ++1:
783 ++END_BTB_FLUSH_SECTION
784 + mfspr r10, SPRN_DEAR /* Get faulting address */
785 +
786 + /* If we are faulting a kernel address, we have to use the
787 +@@ -546,6 +553,14 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
788 + mfcr r13
789 + stw r13, THREAD_NORMSAVE(3)(r10)
790 + DO_KVM BOOKE_INTERRUPT_ITLB_MISS SPRN_SRR1
791 ++START_BTB_FLUSH_SECTION
792 ++ mfspr r11, SPRN_SRR1
793 ++ andi. r10,r11,MSR_PR
794 ++ beq 1f
795 ++ BTB_FLUSH(r10)
796 ++1:
797 ++END_BTB_FLUSH_SECTION
798 ++
799 + mfspr r10, SPRN_SRR0 /* Get faulting address */
800 +
801 + /* If we are faulting a kernel address, we have to use the
802 +diff --git a/arch/powerpc/kernel/module.c b/arch/powerpc/kernel/module.c
803 +index 30b89d5cbb03..3b1c3bb91025 100644
804 +--- a/arch/powerpc/kernel/module.c
805 ++++ b/arch/powerpc/kernel/module.c
806 +@@ -72,7 +72,15 @@ int module_finalize(const Elf_Ehdr *hdr,
807 + do_feature_fixups(powerpc_firmware_features,
808 + (void *)sect->sh_addr,
809 + (void *)sect->sh_addr + sect->sh_size);
810 +-#endif
811 ++#endif /* CONFIG_PPC64 */
812 ++
813 ++#ifdef CONFIG_PPC_BARRIER_NOSPEC
814 ++ sect = find_section(hdr, sechdrs, "__spec_barrier_fixup");
815 ++ if (sect != NULL)
816 ++ do_barrier_nospec_fixups_range(barrier_nospec_enabled,
817 ++ (void *)sect->sh_addr,
818 ++ (void *)sect->sh_addr + sect->sh_size);
819 ++#endif /* CONFIG_PPC_BARRIER_NOSPEC */
820 +
821 + sect = find_section(hdr, sechdrs, "__lwsync_fixup");
822 + if (sect != NULL)
823 +diff --git a/arch/powerpc/kernel/security.c b/arch/powerpc/kernel/security.c
824 +index 2277df84ef6e..30542e833ebe 100644
825 +--- a/arch/powerpc/kernel/security.c
826 ++++ b/arch/powerpc/kernel/security.c
827 +@@ -9,11 +9,121 @@
828 + #include <linux/device.h>
829 + #include <linux/seq_buf.h>
830 +
831 ++#include <asm/asm-prototypes.h>
832 ++#include <asm/code-patching.h>
833 ++#include <asm/debug.h>
834 + #include <asm/security_features.h>
835 ++#include <asm/setup.h>
836 +
837 +
838 + unsigned long powerpc_security_features __read_mostly = SEC_FTR_DEFAULT;
839 +
840 ++enum count_cache_flush_type {
841 ++ COUNT_CACHE_FLUSH_NONE = 0x1,
842 ++ COUNT_CACHE_FLUSH_SW = 0x2,
843 ++ COUNT_CACHE_FLUSH_HW = 0x4,
844 ++};
845 ++static enum count_cache_flush_type count_cache_flush_type = COUNT_CACHE_FLUSH_NONE;
846 ++
847 ++bool barrier_nospec_enabled;
848 ++static bool no_nospec;
849 ++static bool btb_flush_enabled;
850 ++#ifdef CONFIG_PPC_FSL_BOOK3E
851 ++static bool no_spectrev2;
852 ++#endif
853 ++
854 ++static void enable_barrier_nospec(bool enable)
855 ++{
856 ++ barrier_nospec_enabled = enable;
857 ++ do_barrier_nospec_fixups(enable);
858 ++}
859 ++
860 ++void setup_barrier_nospec(void)
861 ++{
862 ++ bool enable;
863 ++
864 ++ /*
865 ++ * It would make sense to check SEC_FTR_SPEC_BAR_ORI31 below as well.
866 ++ * But there's a good reason not to. The two flags we check below are
867 ++ * both are enabled by default in the kernel, so if the hcall is not
868 ++ * functional they will be enabled.
869 ++ * On a system where the host firmware has been updated (so the ori
870 ++ * functions as a barrier), but on which the hypervisor (KVM/Qemu) has
871 ++ * not been updated, we would like to enable the barrier. Dropping the
872 ++ * check for SEC_FTR_SPEC_BAR_ORI31 achieves that. The only downside is
873 ++ * we potentially enable the barrier on systems where the host firmware
874 ++ * is not updated, but that's harmless as it's a no-op.
875 ++ */
876 ++ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
877 ++ security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR);
878 ++
879 ++ if (!no_nospec)
880 ++ enable_barrier_nospec(enable);
881 ++}
882 ++
883 ++static int __init handle_nospectre_v1(char *p)
884 ++{
885 ++ no_nospec = true;
886 ++
887 ++ return 0;
888 ++}
889 ++early_param("nospectre_v1", handle_nospectre_v1);
890 ++
891 ++#ifdef CONFIG_DEBUG_FS
892 ++static int barrier_nospec_set(void *data, u64 val)
893 ++{
894 ++ switch (val) {
895 ++ case 0:
896 ++ case 1:
897 ++ break;
898 ++ default:
899 ++ return -EINVAL;
900 ++ }
901 ++
902 ++ if (!!val == !!barrier_nospec_enabled)
903 ++ return 0;
904 ++
905 ++ enable_barrier_nospec(!!val);
906 ++
907 ++ return 0;
908 ++}
909 ++
910 ++static int barrier_nospec_get(void *data, u64 *val)
911 ++{
912 ++ *val = barrier_nospec_enabled ? 1 : 0;
913 ++ return 0;
914 ++}
915 ++
916 ++DEFINE_SIMPLE_ATTRIBUTE(fops_barrier_nospec,
917 ++ barrier_nospec_get, barrier_nospec_set, "%llu\n");
918 ++
919 ++static __init int barrier_nospec_debugfs_init(void)
920 ++{
921 ++ debugfs_create_file("barrier_nospec", 0600, powerpc_debugfs_root, NULL,
922 ++ &fops_barrier_nospec);
923 ++ return 0;
924 ++}
925 ++device_initcall(barrier_nospec_debugfs_init);
926 ++#endif /* CONFIG_DEBUG_FS */
927 ++
928 ++#ifdef CONFIG_PPC_FSL_BOOK3E
929 ++static int __init handle_nospectre_v2(char *p)
930 ++{
931 ++ no_spectrev2 = true;
932 ++
933 ++ return 0;
934 ++}
935 ++early_param("nospectre_v2", handle_nospectre_v2);
936 ++void setup_spectre_v2(void)
937 ++{
938 ++ if (no_spectrev2)
939 ++ do_btb_flush_fixups();
940 ++ else
941 ++ btb_flush_enabled = true;
942 ++}
943 ++#endif /* CONFIG_PPC_FSL_BOOK3E */
944 ++
945 ++#ifdef CONFIG_PPC_BOOK3S_64
946 + ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
947 + {
948 + bool thread_priv;
949 +@@ -46,25 +156,39 @@ ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, cha
950 +
951 + return sprintf(buf, "Vulnerable\n");
952 + }
953 ++#endif
954 +
955 + ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
956 + {
957 +- if (!security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR))
958 +- return sprintf(buf, "Not affected\n");
959 ++ struct seq_buf s;
960 +
961 +- return sprintf(buf, "Vulnerable\n");
962 ++ seq_buf_init(&s, buf, PAGE_SIZE - 1);
963 ++
964 ++ if (security_ftr_enabled(SEC_FTR_BNDS_CHK_SPEC_BAR)) {
965 ++ if (barrier_nospec_enabled)
966 ++ seq_buf_printf(&s, "Mitigation: __user pointer sanitization");
967 ++ else
968 ++ seq_buf_printf(&s, "Vulnerable");
969 ++
970 ++ if (security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31))
971 ++ seq_buf_printf(&s, ", ori31 speculation barrier enabled");
972 ++
973 ++ seq_buf_printf(&s, "\n");
974 ++ } else
975 ++ seq_buf_printf(&s, "Not affected\n");
976 ++
977 ++ return s.len;
978 + }
979 +
980 + ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
981 + {
982 +- bool bcs, ccd, ori;
983 + struct seq_buf s;
984 ++ bool bcs, ccd;
985 +
986 + seq_buf_init(&s, buf, PAGE_SIZE - 1);
987 +
988 + bcs = security_ftr_enabled(SEC_FTR_BCCTRL_SERIALISED);
989 + ccd = security_ftr_enabled(SEC_FTR_COUNT_CACHE_DISABLED);
990 +- ori = security_ftr_enabled(SEC_FTR_SPEC_BAR_ORI31);
991 +
992 + if (bcs || ccd) {
993 + seq_buf_printf(&s, "Mitigation: ");
994 +@@ -77,17 +201,23 @@ ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, c
995 +
996 + if (ccd)
997 + seq_buf_printf(&s, "Indirect branch cache disabled");
998 +- } else
999 ++ } else if (count_cache_flush_type != COUNT_CACHE_FLUSH_NONE) {
1000 ++ seq_buf_printf(&s, "Mitigation: Software count cache flush");
1001 ++
1002 ++ if (count_cache_flush_type == COUNT_CACHE_FLUSH_HW)
1003 ++ seq_buf_printf(&s, " (hardware accelerated)");
1004 ++ } else if (btb_flush_enabled) {
1005 ++ seq_buf_printf(&s, "Mitigation: Branch predictor state flush");
1006 ++ } else {
1007 + seq_buf_printf(&s, "Vulnerable");
1008 +-
1009 +- if (ori)
1010 +- seq_buf_printf(&s, ", ori31 speculation barrier enabled");
1011 ++ }
1012 +
1013 + seq_buf_printf(&s, "\n");
1014 +
1015 + return s.len;
1016 + }
1017 +
1018 ++#ifdef CONFIG_PPC_BOOK3S_64
1019 + /*
1020 + * Store-forwarding barrier support.
1021 + */
1022 +@@ -235,3 +365,71 @@ static __init int stf_barrier_debugfs_init(void)
1023 + }
1024 + device_initcall(stf_barrier_debugfs_init);
1025 + #endif /* CONFIG_DEBUG_FS */
1026 ++
1027 ++static void toggle_count_cache_flush(bool enable)
1028 ++{
1029 ++ if (!enable || !security_ftr_enabled(SEC_FTR_FLUSH_COUNT_CACHE)) {
1030 ++ patch_instruction_site(&patch__call_flush_count_cache, PPC_INST_NOP);
1031 ++ count_cache_flush_type = COUNT_CACHE_FLUSH_NONE;
1032 ++ pr_info("count-cache-flush: software flush disabled.\n");
1033 ++ return;
1034 ++ }
1035 ++
1036 ++ patch_branch_site(&patch__call_flush_count_cache,
1037 ++ (u64)&flush_count_cache, BRANCH_SET_LINK);
1038 ++
1039 ++ if (!security_ftr_enabled(SEC_FTR_BCCTR_FLUSH_ASSIST)) {
1040 ++ count_cache_flush_type = COUNT_CACHE_FLUSH_SW;
1041 ++ pr_info("count-cache-flush: full software flush sequence enabled.\n");
1042 ++ return;
1043 ++ }
1044 ++
1045 ++ patch_instruction_site(&patch__flush_count_cache_return, PPC_INST_BLR);
1046 ++ count_cache_flush_type = COUNT_CACHE_FLUSH_HW;
1047 ++ pr_info("count-cache-flush: hardware assisted flush sequence enabled\n");
1048 ++}
1049 ++
1050 ++void setup_count_cache_flush(void)
1051 ++{
1052 ++ toggle_count_cache_flush(true);
1053 ++}
1054 ++
1055 ++#ifdef CONFIG_DEBUG_FS
1056 ++static int count_cache_flush_set(void *data, u64 val)
1057 ++{
1058 ++ bool enable;
1059 ++
1060 ++ if (val == 1)
1061 ++ enable = true;
1062 ++ else if (val == 0)
1063 ++ enable = false;
1064 ++ else
1065 ++ return -EINVAL;
1066 ++
1067 ++ toggle_count_cache_flush(enable);
1068 ++
1069 ++ return 0;
1070 ++}
1071 ++
1072 ++static int count_cache_flush_get(void *data, u64 *val)
1073 ++{
1074 ++ if (count_cache_flush_type == COUNT_CACHE_FLUSH_NONE)
1075 ++ *val = 0;
1076 ++ else
1077 ++ *val = 1;
1078 ++
1079 ++ return 0;
1080 ++}
1081 ++
1082 ++DEFINE_SIMPLE_ATTRIBUTE(fops_count_cache_flush, count_cache_flush_get,
1083 ++ count_cache_flush_set, "%llu\n");
1084 ++
1085 ++static __init int count_cache_flush_debugfs_init(void)
1086 ++{
1087 ++ debugfs_create_file("count_cache_flush", 0600, powerpc_debugfs_root,
1088 ++ NULL, &fops_count_cache_flush);
1089 ++ return 0;
1090 ++}
1091 ++device_initcall(count_cache_flush_debugfs_init);
1092 ++#endif /* CONFIG_DEBUG_FS */
1093 ++#endif /* CONFIG_PPC_BOOK3S_64 */
1094 +diff --git a/arch/powerpc/kernel/setup-common.c b/arch/powerpc/kernel/setup-common.c
1095 +index bf0f712ac0e0..5e7d70c5d065 100644
1096 +--- a/arch/powerpc/kernel/setup-common.c
1097 ++++ b/arch/powerpc/kernel/setup-common.c
1098 +@@ -918,6 +918,9 @@ void __init setup_arch(char **cmdline_p)
1099 + if (ppc_md.setup_arch)
1100 + ppc_md.setup_arch();
1101 +
1102 ++ setup_barrier_nospec();
1103 ++ setup_spectre_v2();
1104 ++
1105 + paging_init();
1106 +
1107 + /* Initialize the MMU context management stuff. */
1108 +diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
1109 +index d929afab7b24..bdf2f7b995bb 100644
1110 +--- a/arch/powerpc/kernel/signal_64.c
1111 ++++ b/arch/powerpc/kernel/signal_64.c
1112 +@@ -746,12 +746,25 @@ int sys_rt_sigreturn(unsigned long r3, unsigned long r4, unsigned long r5,
1113 + if (restore_tm_sigcontexts(current, &uc->uc_mcontext,
1114 + &uc_transact->uc_mcontext))
1115 + goto badframe;
1116 +- }
1117 +- else
1118 +- /* Fall through, for non-TM restore */
1119 ++ } else
1120 + #endif
1121 +- if (restore_sigcontext(current, NULL, 1, &uc->uc_mcontext))
1122 +- goto badframe;
1123 ++ {
1124 ++ /*
1125 ++ * Fall through, for non-TM restore
1126 ++ *
1127 ++ * Unset MSR[TS] on the thread regs since MSR from user
1128 ++ * context does not have MSR active, and recheckpoint was
1129 ++ * not called since restore_tm_sigcontexts() was not called
1130 ++ * also.
1131 ++ *
1132 ++ * If not unsetting it, the code can RFID to userspace with
1133 ++ * MSR[TS] set, but without CPU in the proper state,
1134 ++ * causing a TM bad thing.
1135 ++ */
1136 ++ current->thread.regs->msr &= ~MSR_TS_MASK;
1137 ++ if (restore_sigcontext(current, NULL, 1, &uc->uc_mcontext))
1138 ++ goto badframe;
1139 ++ }
1140 +
1141 + if (restore_altstack(&uc->uc_stack))
1142 + goto badframe;
1143 +diff --git a/arch/powerpc/kernel/swsusp_asm64.S b/arch/powerpc/kernel/swsusp_asm64.S
1144 +index 988f38dced0f..82d8aae81c6a 100644
1145 +--- a/arch/powerpc/kernel/swsusp_asm64.S
1146 ++++ b/arch/powerpc/kernel/swsusp_asm64.S
1147 +@@ -179,7 +179,7 @@ nothing_to_copy:
1148 + sld r3, r3, r0
1149 + li r0, 0
1150 + 1:
1151 +- dcbf r0,r3
1152 ++ dcbf 0,r3
1153 + addi r3,r3,0x20
1154 + bdnz 1b
1155 +
1156 +diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S
1157 +index c16fddbb6ab8..50d365060855 100644
1158 +--- a/arch/powerpc/kernel/vmlinux.lds.S
1159 ++++ b/arch/powerpc/kernel/vmlinux.lds.S
1160 +@@ -153,8 +153,25 @@ SECTIONS
1161 + *(__rfi_flush_fixup)
1162 + __stop___rfi_flush_fixup = .;
1163 + }
1164 +-#endif
1165 ++#endif /* CONFIG_PPC64 */
1166 ++
1167 ++#ifdef CONFIG_PPC_BARRIER_NOSPEC
1168 ++ . = ALIGN(8);
1169 ++ __spec_barrier_fixup : AT(ADDR(__spec_barrier_fixup) - LOAD_OFFSET) {
1170 ++ __start___barrier_nospec_fixup = .;
1171 ++ *(__barrier_nospec_fixup)
1172 ++ __stop___barrier_nospec_fixup = .;
1173 ++ }
1174 ++#endif /* CONFIG_PPC_BARRIER_NOSPEC */
1175 +
1176 ++#ifdef CONFIG_PPC_FSL_BOOK3E
1177 ++ . = ALIGN(8);
1178 ++ __spec_btb_flush_fixup : AT(ADDR(__spec_btb_flush_fixup) - LOAD_OFFSET) {
1179 ++ __start__btb_flush_fixup = .;
1180 ++ *(__btb_flush_fixup)
1181 ++ __stop__btb_flush_fixup = .;
1182 ++ }
1183 ++#endif
1184 + EXCEPTION_TABLE(0)
1185 +
1186 + NOTES :kernel :notes
1187 +diff --git a/arch/powerpc/kvm/bookehv_interrupts.S b/arch/powerpc/kvm/bookehv_interrupts.S
1188 +index 81bd8a07aa51..612b7f6a887f 100644
1189 +--- a/arch/powerpc/kvm/bookehv_interrupts.S
1190 ++++ b/arch/powerpc/kvm/bookehv_interrupts.S
1191 +@@ -75,6 +75,10 @@
1192 + PPC_LL r1, VCPU_HOST_STACK(r4)
1193 + PPC_LL r2, HOST_R2(r1)
1194 +
1195 ++START_BTB_FLUSH_SECTION
1196 ++ BTB_FLUSH(r10)
1197 ++END_BTB_FLUSH_SECTION
1198 ++
1199 + mfspr r10, SPRN_PID
1200 + lwz r8, VCPU_HOST_PID(r4)
1201 + PPC_LL r11, VCPU_SHARED(r4)
1202 +diff --git a/arch/powerpc/kvm/e500_emulate.c b/arch/powerpc/kvm/e500_emulate.c
1203 +index 990db69a1d0b..fa88f641ac03 100644
1204 +--- a/arch/powerpc/kvm/e500_emulate.c
1205 ++++ b/arch/powerpc/kvm/e500_emulate.c
1206 +@@ -277,6 +277,13 @@ int kvmppc_core_emulate_mtspr_e500(struct kvm_vcpu *vcpu, int sprn, ulong spr_va
1207 + vcpu->arch.pwrmgtcr0 = spr_val;
1208 + break;
1209 +
1210 ++ case SPRN_BUCSR:
1211 ++ /*
1212 ++ * If we are here, it means that we have already flushed the
1213 ++ * branch predictor, so just return to guest.
1214 ++ */
1215 ++ break;
1216 ++
1217 + /* extra exceptions */
1218 + #ifdef CONFIG_SPE_POSSIBLE
1219 + case SPRN_IVOR32:
1220 +diff --git a/arch/powerpc/lib/code-patching.c b/arch/powerpc/lib/code-patching.c
1221 +index 753d591f1b52..14535ad4cdd1 100644
1222 +--- a/arch/powerpc/lib/code-patching.c
1223 ++++ b/arch/powerpc/lib/code-patching.c
1224 +@@ -14,12 +14,20 @@
1225 + #include <asm/page.h>
1226 + #include <asm/code-patching.h>
1227 + #include <asm/uaccess.h>
1228 ++#include <asm/setup.h>
1229 ++#include <asm/sections.h>
1230 +
1231 +
1232 + int patch_instruction(unsigned int *addr, unsigned int instr)
1233 + {
1234 + int err;
1235 +
1236 ++ /* Make sure we aren't patching a freed init section */
1237 ++ if (init_mem_is_free && init_section_contains(addr, 4)) {
1238 ++ pr_debug("Skipping init section patching addr: 0x%px\n", addr);
1239 ++ return 0;
1240 ++ }
1241 ++
1242 + __put_user_size(instr, addr, 4, err);
1243 + if (err)
1244 + return err;
1245 +@@ -32,6 +40,22 @@ int patch_branch(unsigned int *addr, unsigned long target, int flags)
1246 + return patch_instruction(addr, create_branch(addr, target, flags));
1247 + }
1248 +
1249 ++int patch_branch_site(s32 *site, unsigned long target, int flags)
1250 ++{
1251 ++ unsigned int *addr;
1252 ++
1253 ++ addr = (unsigned int *)((unsigned long)site + *site);
1254 ++ return patch_instruction(addr, create_branch(addr, target, flags));
1255 ++}
1256 ++
1257 ++int patch_instruction_site(s32 *site, unsigned int instr)
1258 ++{
1259 ++ unsigned int *addr;
1260 ++
1261 ++ addr = (unsigned int *)((unsigned long)site + *site);
1262 ++ return patch_instruction(addr, instr);
1263 ++}
1264 ++
1265 + unsigned int create_branch(const unsigned int *addr,
1266 + unsigned long target, int flags)
1267 + {
1268 +diff --git a/arch/powerpc/lib/copypage_power7.S b/arch/powerpc/lib/copypage_power7.S
1269 +index a84d333ecb09..ca5fc8fa7efc 100644
1270 +--- a/arch/powerpc/lib/copypage_power7.S
1271 ++++ b/arch/powerpc/lib/copypage_power7.S
1272 +@@ -45,13 +45,13 @@ _GLOBAL(copypage_power7)
1273 + .machine push
1274 + .machine "power4"
1275 + /* setup read stream 0 */
1276 +- dcbt r0,r4,0b01000 /* addr from */
1277 +- dcbt r0,r7,0b01010 /* length and depth from */
1278 ++ dcbt 0,r4,0b01000 /* addr from */
1279 ++ dcbt 0,r7,0b01010 /* length and depth from */
1280 + /* setup write stream 1 */
1281 +- dcbtst r0,r9,0b01000 /* addr to */
1282 +- dcbtst r0,r10,0b01010 /* length and depth to */
1283 ++ dcbtst 0,r9,0b01000 /* addr to */
1284 ++ dcbtst 0,r10,0b01010 /* length and depth to */
1285 + eieio
1286 +- dcbt r0,r8,0b01010 /* all streams GO */
1287 ++ dcbt 0,r8,0b01010 /* all streams GO */
1288 + .machine pop
1289 +
1290 + #ifdef CONFIG_ALTIVEC
1291 +@@ -83,7 +83,7 @@ _GLOBAL(copypage_power7)
1292 + li r12,112
1293 +
1294 + .align 5
1295 +-1: lvx v7,r0,r4
1296 ++1: lvx v7,0,r4
1297 + lvx v6,r4,r6
1298 + lvx v5,r4,r7
1299 + lvx v4,r4,r8
1300 +@@ -92,7 +92,7 @@ _GLOBAL(copypage_power7)
1301 + lvx v1,r4,r11
1302 + lvx v0,r4,r12
1303 + addi r4,r4,128
1304 +- stvx v7,r0,r3
1305 ++ stvx v7,0,r3
1306 + stvx v6,r3,r6
1307 + stvx v5,r3,r7
1308 + stvx v4,r3,r8
1309 +diff --git a/arch/powerpc/lib/copyuser_power7.S b/arch/powerpc/lib/copyuser_power7.S
1310 +index da0c568d18c4..391694814691 100644
1311 +--- a/arch/powerpc/lib/copyuser_power7.S
1312 ++++ b/arch/powerpc/lib/copyuser_power7.S
1313 +@@ -327,13 +327,13 @@ err1; stb r0,0(r3)
1314 + .machine push
1315 + .machine "power4"
1316 + /* setup read stream 0 */
1317 +- dcbt r0,r6,0b01000 /* addr from */
1318 +- dcbt r0,r7,0b01010 /* length and depth from */
1319 ++ dcbt 0,r6,0b01000 /* addr from */
1320 ++ dcbt 0,r7,0b01010 /* length and depth from */
1321 + /* setup write stream 1 */
1322 +- dcbtst r0,r9,0b01000 /* addr to */
1323 +- dcbtst r0,r10,0b01010 /* length and depth to */
1324 ++ dcbtst 0,r9,0b01000 /* addr to */
1325 ++ dcbtst 0,r10,0b01010 /* length and depth to */
1326 + eieio
1327 +- dcbt r0,r8,0b01010 /* all streams GO */
1328 ++ dcbt 0,r8,0b01010 /* all streams GO */
1329 + .machine pop
1330 +
1331 + beq cr1,.Lunwind_stack_nonvmx_copy
1332 +@@ -388,26 +388,26 @@ err3; std r0,0(r3)
1333 + li r11,48
1334 +
1335 + bf cr7*4+3,5f
1336 +-err3; lvx v1,r0,r4
1337 ++err3; lvx v1,0,r4
1338 + addi r4,r4,16
1339 +-err3; stvx v1,r0,r3
1340 ++err3; stvx v1,0,r3
1341 + addi r3,r3,16
1342 +
1343 + 5: bf cr7*4+2,6f
1344 +-err3; lvx v1,r0,r4
1345 ++err3; lvx v1,0,r4
1346 + err3; lvx v0,r4,r9
1347 + addi r4,r4,32
1348 +-err3; stvx v1,r0,r3
1349 ++err3; stvx v1,0,r3
1350 + err3; stvx v0,r3,r9
1351 + addi r3,r3,32
1352 +
1353 + 6: bf cr7*4+1,7f
1354 +-err3; lvx v3,r0,r4
1355 ++err3; lvx v3,0,r4
1356 + err3; lvx v2,r4,r9
1357 + err3; lvx v1,r4,r10
1358 + err3; lvx v0,r4,r11
1359 + addi r4,r4,64
1360 +-err3; stvx v3,r0,r3
1361 ++err3; stvx v3,0,r3
1362 + err3; stvx v2,r3,r9
1363 + err3; stvx v1,r3,r10
1364 + err3; stvx v0,r3,r11
1365 +@@ -433,7 +433,7 @@ err3; stvx v0,r3,r11
1366 + */
1367 + .align 5
1368 + 8:
1369 +-err4; lvx v7,r0,r4
1370 ++err4; lvx v7,0,r4
1371 + err4; lvx v6,r4,r9
1372 + err4; lvx v5,r4,r10
1373 + err4; lvx v4,r4,r11
1374 +@@ -442,7 +442,7 @@ err4; lvx v2,r4,r14
1375 + err4; lvx v1,r4,r15
1376 + err4; lvx v0,r4,r16
1377 + addi r4,r4,128
1378 +-err4; stvx v7,r0,r3
1379 ++err4; stvx v7,0,r3
1380 + err4; stvx v6,r3,r9
1381 + err4; stvx v5,r3,r10
1382 + err4; stvx v4,r3,r11
1383 +@@ -463,29 +463,29 @@ err4; stvx v0,r3,r16
1384 + mtocrf 0x01,r6
1385 +
1386 + bf cr7*4+1,9f
1387 +-err3; lvx v3,r0,r4
1388 ++err3; lvx v3,0,r4
1389 + err3; lvx v2,r4,r9
1390 + err3; lvx v1,r4,r10
1391 + err3; lvx v0,r4,r11
1392 + addi r4,r4,64
1393 +-err3; stvx v3,r0,r3
1394 ++err3; stvx v3,0,r3
1395 + err3; stvx v2,r3,r9
1396 + err3; stvx v1,r3,r10
1397 + err3; stvx v0,r3,r11
1398 + addi r3,r3,64
1399 +
1400 + 9: bf cr7*4+2,10f
1401 +-err3; lvx v1,r0,r4
1402 ++err3; lvx v1,0,r4
1403 + err3; lvx v0,r4,r9
1404 + addi r4,r4,32
1405 +-err3; stvx v1,r0,r3
1406 ++err3; stvx v1,0,r3
1407 + err3; stvx v0,r3,r9
1408 + addi r3,r3,32
1409 +
1410 + 10: bf cr7*4+3,11f
1411 +-err3; lvx v1,r0,r4
1412 ++err3; lvx v1,0,r4
1413 + addi r4,r4,16
1414 +-err3; stvx v1,r0,r3
1415 ++err3; stvx v1,0,r3
1416 + addi r3,r3,16
1417 +
1418 + /* Up to 15B to go */
1419 +@@ -565,25 +565,25 @@ err3; lvx v0,0,r4
1420 + addi r4,r4,16
1421 +
1422 + bf cr7*4+3,5f
1423 +-err3; lvx v1,r0,r4
1424 ++err3; lvx v1,0,r4
1425 + VPERM(v8,v0,v1,v16)
1426 + addi r4,r4,16
1427 +-err3; stvx v8,r0,r3
1428 ++err3; stvx v8,0,r3
1429 + addi r3,r3,16
1430 + vor v0,v1,v1
1431 +
1432 + 5: bf cr7*4+2,6f
1433 +-err3; lvx v1,r0,r4
1434 ++err3; lvx v1,0,r4
1435 + VPERM(v8,v0,v1,v16)
1436 + err3; lvx v0,r4,r9
1437 + VPERM(v9,v1,v0,v16)
1438 + addi r4,r4,32
1439 +-err3; stvx v8,r0,r3
1440 ++err3; stvx v8,0,r3
1441 + err3; stvx v9,r3,r9
1442 + addi r3,r3,32
1443 +
1444 + 6: bf cr7*4+1,7f
1445 +-err3; lvx v3,r0,r4
1446 ++err3; lvx v3,0,r4
1447 + VPERM(v8,v0,v3,v16)
1448 + err3; lvx v2,r4,r9
1449 + VPERM(v9,v3,v2,v16)
1450 +@@ -592,7 +592,7 @@ err3; lvx v1,r4,r10
1451 + err3; lvx v0,r4,r11
1452 + VPERM(v11,v1,v0,v16)
1453 + addi r4,r4,64
1454 +-err3; stvx v8,r0,r3
1455 ++err3; stvx v8,0,r3
1456 + err3; stvx v9,r3,r9
1457 + err3; stvx v10,r3,r10
1458 + err3; stvx v11,r3,r11
1459 +@@ -618,7 +618,7 @@ err3; stvx v11,r3,r11
1460 + */
1461 + .align 5
1462 + 8:
1463 +-err4; lvx v7,r0,r4
1464 ++err4; lvx v7,0,r4
1465 + VPERM(v8,v0,v7,v16)
1466 + err4; lvx v6,r4,r9
1467 + VPERM(v9,v7,v6,v16)
1468 +@@ -635,7 +635,7 @@ err4; lvx v1,r4,r15
1469 + err4; lvx v0,r4,r16
1470 + VPERM(v15,v1,v0,v16)
1471 + addi r4,r4,128
1472 +-err4; stvx v8,r0,r3
1473 ++err4; stvx v8,0,r3
1474 + err4; stvx v9,r3,r9
1475 + err4; stvx v10,r3,r10
1476 + err4; stvx v11,r3,r11
1477 +@@ -656,7 +656,7 @@ err4; stvx v15,r3,r16
1478 + mtocrf 0x01,r6
1479 +
1480 + bf cr7*4+1,9f
1481 +-err3; lvx v3,r0,r4
1482 ++err3; lvx v3,0,r4
1483 + VPERM(v8,v0,v3,v16)
1484 + err3; lvx v2,r4,r9
1485 + VPERM(v9,v3,v2,v16)
1486 +@@ -665,27 +665,27 @@ err3; lvx v1,r4,r10
1487 + err3; lvx v0,r4,r11
1488 + VPERM(v11,v1,v0,v16)
1489 + addi r4,r4,64
1490 +-err3; stvx v8,r0,r3
1491 ++err3; stvx v8,0,r3
1492 + err3; stvx v9,r3,r9
1493 + err3; stvx v10,r3,r10
1494 + err3; stvx v11,r3,r11
1495 + addi r3,r3,64
1496 +
1497 + 9: bf cr7*4+2,10f
1498 +-err3; lvx v1,r0,r4
1499 ++err3; lvx v1,0,r4
1500 + VPERM(v8,v0,v1,v16)
1501 + err3; lvx v0,r4,r9
1502 + VPERM(v9,v1,v0,v16)
1503 + addi r4,r4,32
1504 +-err3; stvx v8,r0,r3
1505 ++err3; stvx v8,0,r3
1506 + err3; stvx v9,r3,r9
1507 + addi r3,r3,32
1508 +
1509 + 10: bf cr7*4+3,11f
1510 +-err3; lvx v1,r0,r4
1511 ++err3; lvx v1,0,r4
1512 + VPERM(v8,v0,v1,v16)
1513 + addi r4,r4,16
1514 +-err3; stvx v8,r0,r3
1515 ++err3; stvx v8,0,r3
1516 + addi r3,r3,16
1517 +
1518 + /* Up to 15B to go */
1519 +diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c
1520 +index cf1398e3c2e0..e6ed0ec94bc8 100644
1521 +--- a/arch/powerpc/lib/feature-fixups.c
1522 ++++ b/arch/powerpc/lib/feature-fixups.c
1523 +@@ -277,8 +277,101 @@ void do_rfi_flush_fixups(enum l1d_flush_type types)
1524 + (types & L1D_FLUSH_MTTRIG) ? "mttrig type"
1525 + : "unknown");
1526 + }
1527 ++
1528 ++void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
1529 ++{
1530 ++ unsigned int instr, *dest;
1531 ++ long *start, *end;
1532 ++ int i;
1533 ++
1534 ++ start = fixup_start;
1535 ++ end = fixup_end;
1536 ++
1537 ++ instr = 0x60000000; /* nop */
1538 ++
1539 ++ if (enable) {
1540 ++ pr_info("barrier-nospec: using ORI speculation barrier\n");
1541 ++ instr = 0x63ff0000; /* ori 31,31,0 speculation barrier */
1542 ++ }
1543 ++
1544 ++ for (i = 0; start < end; start++, i++) {
1545 ++ dest = (void *)start + *start;
1546 ++
1547 ++ pr_devel("patching dest %lx\n", (unsigned long)dest);
1548 ++ patch_instruction(dest, instr);
1549 ++ }
1550 ++
1551 ++ printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
1552 ++}
1553 ++
1554 + #endif /* CONFIG_PPC_BOOK3S_64 */
1555 +
1556 ++#ifdef CONFIG_PPC_BARRIER_NOSPEC
1557 ++void do_barrier_nospec_fixups(bool enable)
1558 ++{
1559 ++ void *start, *end;
1560 ++
1561 ++ start = PTRRELOC(&__start___barrier_nospec_fixup),
1562 ++ end = PTRRELOC(&__stop___barrier_nospec_fixup);
1563 ++
1564 ++ do_barrier_nospec_fixups_range(enable, start, end);
1565 ++}
1566 ++#endif /* CONFIG_PPC_BARRIER_NOSPEC */
1567 ++
1568 ++#ifdef CONFIG_PPC_FSL_BOOK3E
1569 ++void do_barrier_nospec_fixups_range(bool enable, void *fixup_start, void *fixup_end)
1570 ++{
1571 ++ unsigned int instr[2], *dest;
1572 ++ long *start, *end;
1573 ++ int i;
1574 ++
1575 ++ start = fixup_start;
1576 ++ end = fixup_end;
1577 ++
1578 ++ instr[0] = PPC_INST_NOP;
1579 ++ instr[1] = PPC_INST_NOP;
1580 ++
1581 ++ if (enable) {
1582 ++ pr_info("barrier-nospec: using isync; sync as speculation barrier\n");
1583 ++ instr[0] = PPC_INST_ISYNC;
1584 ++ instr[1] = PPC_INST_SYNC;
1585 ++ }
1586 ++
1587 ++ for (i = 0; start < end; start++, i++) {
1588 ++ dest = (void *)start + *start;
1589 ++
1590 ++ pr_devel("patching dest %lx\n", (unsigned long)dest);
1591 ++ patch_instruction(dest, instr[0]);
1592 ++ patch_instruction(dest + 1, instr[1]);
1593 ++ }
1594 ++
1595 ++ printk(KERN_DEBUG "barrier-nospec: patched %d locations\n", i);
1596 ++}
1597 ++
1598 ++static void patch_btb_flush_section(long *curr)
1599 ++{
1600 ++ unsigned int *start, *end;
1601 ++
1602 ++ start = (void *)curr + *curr;
1603 ++ end = (void *)curr + *(curr + 1);
1604 ++ for (; start < end; start++) {
1605 ++ pr_devel("patching dest %lx\n", (unsigned long)start);
1606 ++ patch_instruction(start, PPC_INST_NOP);
1607 ++ }
1608 ++}
1609 ++
1610 ++void do_btb_flush_fixups(void)
1611 ++{
1612 ++ long *start, *end;
1613 ++
1614 ++ start = PTRRELOC(&__start__btb_flush_fixup);
1615 ++ end = PTRRELOC(&__stop__btb_flush_fixup);
1616 ++
1617 ++ for (; start < end; start += 2)
1618 ++ patch_btb_flush_section(start);
1619 ++}
1620 ++#endif /* CONFIG_PPC_FSL_BOOK3E */
1621 ++
1622 + void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end)
1623 + {
1624 + long *start, *end;
1625 +diff --git a/arch/powerpc/lib/memcpy_power7.S b/arch/powerpc/lib/memcpy_power7.S
1626 +index 786234fd4e91..193909abd18b 100644
1627 +--- a/arch/powerpc/lib/memcpy_power7.S
1628 ++++ b/arch/powerpc/lib/memcpy_power7.S
1629 +@@ -261,12 +261,12 @@ _GLOBAL(memcpy_power7)
1630 +
1631 + .machine push
1632 + .machine "power4"
1633 +- dcbt r0,r6,0b01000
1634 +- dcbt r0,r7,0b01010
1635 +- dcbtst r0,r9,0b01000
1636 +- dcbtst r0,r10,0b01010
1637 ++ dcbt 0,r6,0b01000
1638 ++ dcbt 0,r7,0b01010
1639 ++ dcbtst 0,r9,0b01000
1640 ++ dcbtst 0,r10,0b01010
1641 + eieio
1642 +- dcbt r0,r8,0b01010 /* GO */
1643 ++ dcbt 0,r8,0b01010 /* GO */
1644 + .machine pop
1645 +
1646 + beq cr1,.Lunwind_stack_nonvmx_copy
1647 +@@ -321,26 +321,26 @@ _GLOBAL(memcpy_power7)
1648 + li r11,48
1649 +
1650 + bf cr7*4+3,5f
1651 +- lvx v1,r0,r4
1652 ++ lvx v1,0,r4
1653 + addi r4,r4,16
1654 +- stvx v1,r0,r3
1655 ++ stvx v1,0,r3
1656 + addi r3,r3,16
1657 +
1658 + 5: bf cr7*4+2,6f
1659 +- lvx v1,r0,r4
1660 ++ lvx v1,0,r4
1661 + lvx v0,r4,r9
1662 + addi r4,r4,32
1663 +- stvx v1,r0,r3
1664 ++ stvx v1,0,r3
1665 + stvx v0,r3,r9
1666 + addi r3,r3,32
1667 +
1668 + 6: bf cr7*4+1,7f
1669 +- lvx v3,r0,r4
1670 ++ lvx v3,0,r4
1671 + lvx v2,r4,r9
1672 + lvx v1,r4,r10
1673 + lvx v0,r4,r11
1674 + addi r4,r4,64
1675 +- stvx v3,r0,r3
1676 ++ stvx v3,0,r3
1677 + stvx v2,r3,r9
1678 + stvx v1,r3,r10
1679 + stvx v0,r3,r11
1680 +@@ -366,7 +366,7 @@ _GLOBAL(memcpy_power7)
1681 + */
1682 + .align 5
1683 + 8:
1684 +- lvx v7,r0,r4
1685 ++ lvx v7,0,r4
1686 + lvx v6,r4,r9
1687 + lvx v5,r4,r10
1688 + lvx v4,r4,r11
1689 +@@ -375,7 +375,7 @@ _GLOBAL(memcpy_power7)
1690 + lvx v1,r4,r15
1691 + lvx v0,r4,r16
1692 + addi r4,r4,128
1693 +- stvx v7,r0,r3
1694 ++ stvx v7,0,r3
1695 + stvx v6,r3,r9
1696 + stvx v5,r3,r10
1697 + stvx v4,r3,r11
1698 +@@ -396,29 +396,29 @@ _GLOBAL(memcpy_power7)
1699 + mtocrf 0x01,r6
1700 +
1701 + bf cr7*4+1,9f
1702 +- lvx v3,r0,r4
1703 ++ lvx v3,0,r4
1704 + lvx v2,r4,r9
1705 + lvx v1,r4,r10
1706 + lvx v0,r4,r11
1707 + addi r4,r4,64
1708 +- stvx v3,r0,r3
1709 ++ stvx v3,0,r3
1710 + stvx v2,r3,r9
1711 + stvx v1,r3,r10
1712 + stvx v0,r3,r11
1713 + addi r3,r3,64
1714 +
1715 + 9: bf cr7*4+2,10f
1716 +- lvx v1,r0,r4
1717 ++ lvx v1,0,r4
1718 + lvx v0,r4,r9
1719 + addi r4,r4,32
1720 +- stvx v1,r0,r3
1721 ++ stvx v1,0,r3
1722 + stvx v0,r3,r9
1723 + addi r3,r3,32
1724 +
1725 + 10: bf cr7*4+3,11f
1726 +- lvx v1,r0,r4
1727 ++ lvx v1,0,r4
1728 + addi r4,r4,16
1729 +- stvx v1,r0,r3
1730 ++ stvx v1,0,r3
1731 + addi r3,r3,16
1732 +
1733 + /* Up to 15B to go */
1734 +@@ -499,25 +499,25 @@ _GLOBAL(memcpy_power7)
1735 + addi r4,r4,16
1736 +
1737 + bf cr7*4+3,5f
1738 +- lvx v1,r0,r4
1739 ++ lvx v1,0,r4
1740 + VPERM(v8,v0,v1,v16)
1741 + addi r4,r4,16
1742 +- stvx v8,r0,r3
1743 ++ stvx v8,0,r3
1744 + addi r3,r3,16
1745 + vor v0,v1,v1
1746 +
1747 + 5: bf cr7*4+2,6f
1748 +- lvx v1,r0,r4
1749 ++ lvx v1,0,r4
1750 + VPERM(v8,v0,v1,v16)
1751 + lvx v0,r4,r9
1752 + VPERM(v9,v1,v0,v16)
1753 + addi r4,r4,32
1754 +- stvx v8,r0,r3
1755 ++ stvx v8,0,r3
1756 + stvx v9,r3,r9
1757 + addi r3,r3,32
1758 +
1759 + 6: bf cr7*4+1,7f
1760 +- lvx v3,r0,r4
1761 ++ lvx v3,0,r4
1762 + VPERM(v8,v0,v3,v16)
1763 + lvx v2,r4,r9
1764 + VPERM(v9,v3,v2,v16)
1765 +@@ -526,7 +526,7 @@ _GLOBAL(memcpy_power7)
1766 + lvx v0,r4,r11
1767 + VPERM(v11,v1,v0,v16)
1768 + addi r4,r4,64
1769 +- stvx v8,r0,r3
1770 ++ stvx v8,0,r3
1771 + stvx v9,r3,r9
1772 + stvx v10,r3,r10
1773 + stvx v11,r3,r11
1774 +@@ -552,7 +552,7 @@ _GLOBAL(memcpy_power7)
1775 + */
1776 + .align 5
1777 + 8:
1778 +- lvx v7,r0,r4
1779 ++ lvx v7,0,r4
1780 + VPERM(v8,v0,v7,v16)
1781 + lvx v6,r4,r9
1782 + VPERM(v9,v7,v6,v16)
1783 +@@ -569,7 +569,7 @@ _GLOBAL(memcpy_power7)
1784 + lvx v0,r4,r16
1785 + VPERM(v15,v1,v0,v16)
1786 + addi r4,r4,128
1787 +- stvx v8,r0,r3
1788 ++ stvx v8,0,r3
1789 + stvx v9,r3,r9
1790 + stvx v10,r3,r10
1791 + stvx v11,r3,r11
1792 +@@ -590,7 +590,7 @@ _GLOBAL(memcpy_power7)
1793 + mtocrf 0x01,r6
1794 +
1795 + bf cr7*4+1,9f
1796 +- lvx v3,r0,r4
1797 ++ lvx v3,0,r4
1798 + VPERM(v8,v0,v3,v16)
1799 + lvx v2,r4,r9
1800 + VPERM(v9,v3,v2,v16)
1801 +@@ -599,27 +599,27 @@ _GLOBAL(memcpy_power7)
1802 + lvx v0,r4,r11
1803 + VPERM(v11,v1,v0,v16)
1804 + addi r4,r4,64
1805 +- stvx v8,r0,r3
1806 ++ stvx v8,0,r3
1807 + stvx v9,r3,r9
1808 + stvx v10,r3,r10
1809 + stvx v11,r3,r11
1810 + addi r3,r3,64
1811 +
1812 + 9: bf cr7*4+2,10f
1813 +- lvx v1,r0,r4
1814 ++ lvx v1,0,r4
1815 + VPERM(v8,v0,v1,v16)
1816 + lvx v0,r4,r9
1817 + VPERM(v9,v1,v0,v16)
1818 + addi r4,r4,32
1819 +- stvx v8,r0,r3
1820 ++ stvx v8,0,r3
1821 + stvx v9,r3,r9
1822 + addi r3,r3,32
1823 +
1824 + 10: bf cr7*4+3,11f
1825 +- lvx v1,r0,r4
1826 ++ lvx v1,0,r4
1827 + VPERM(v8,v0,v1,v16)
1828 + addi r4,r4,16
1829 +- stvx v8,r0,r3
1830 ++ stvx v8,0,r3
1831 + addi r3,r3,16
1832 +
1833 + /* Up to 15B to go */
1834 +diff --git a/arch/powerpc/lib/string_64.S b/arch/powerpc/lib/string_64.S
1835 +index 57ace356c949..11e6372537fd 100644
1836 +--- a/arch/powerpc/lib/string_64.S
1837 ++++ b/arch/powerpc/lib/string_64.S
1838 +@@ -192,7 +192,7 @@ err1; std r0,8(r3)
1839 + mtctr r6
1840 + mr r8,r3
1841 + 14:
1842 +-err1; dcbz r0,r3
1843 ++err1; dcbz 0,r3
1844 + add r3,r3,r9
1845 + bdnz 14b
1846 +
1847 +diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c
1848 +index 5f844337de21..1e93dbc88e80 100644
1849 +--- a/arch/powerpc/mm/mem.c
1850 ++++ b/arch/powerpc/mm/mem.c
1851 +@@ -62,6 +62,7 @@
1852 + #endif
1853 +
1854 + unsigned long long memory_limit;
1855 ++bool init_mem_is_free;
1856 +
1857 + #ifdef CONFIG_HIGHMEM
1858 + pte_t *kmap_pte;
1859 +@@ -396,6 +397,7 @@ void __init mem_init(void)
1860 + void free_initmem(void)
1861 + {
1862 + ppc_md.progress = ppc_printk_progress;
1863 ++ init_mem_is_free = true;
1864 + free_initmem_default(POISON_FREE_INITMEM);
1865 + }
1866 +
1867 +diff --git a/arch/powerpc/mm/tlb_low_64e.S b/arch/powerpc/mm/tlb_low_64e.S
1868 +index eb82d787d99a..b7e9c09dfe19 100644
1869 +--- a/arch/powerpc/mm/tlb_low_64e.S
1870 ++++ b/arch/powerpc/mm/tlb_low_64e.S
1871 +@@ -69,6 +69,13 @@ END_FTR_SECTION_IFSET(CPU_FTR_EMB_HV)
1872 + std r15,EX_TLB_R15(r12)
1873 + std r10,EX_TLB_CR(r12)
1874 + #ifdef CONFIG_PPC_FSL_BOOK3E
1875 ++START_BTB_FLUSH_SECTION
1876 ++ mfspr r11, SPRN_SRR1
1877 ++ andi. r10,r11,MSR_PR
1878 ++ beq 1f
1879 ++ BTB_FLUSH(r10)
1880 ++1:
1881 ++END_BTB_FLUSH_SECTION
1882 + std r7,EX_TLB_R7(r12)
1883 + #endif
1884 + TLB_MISS_PROLOG_STATS
1885 +diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c
1886 +index 17203abf38e8..365e2b620201 100644
1887 +--- a/arch/powerpc/platforms/powernv/setup.c
1888 ++++ b/arch/powerpc/platforms/powernv/setup.c
1889 +@@ -77,6 +77,12 @@ static void init_fw_feat_flags(struct device_node *np)
1890 + if (fw_feature_is("enabled", "fw-count-cache-disabled", np))
1891 + security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
1892 +
1893 ++ if (fw_feature_is("enabled", "fw-count-cache-flush-bcctr2,0,0", np))
1894 ++ security_ftr_set(SEC_FTR_BCCTR_FLUSH_ASSIST);
1895 ++
1896 ++ if (fw_feature_is("enabled", "needs-count-cache-flush-on-context-switch", np))
1897 ++ security_ftr_set(SEC_FTR_FLUSH_COUNT_CACHE);
1898 ++
1899 + /*
1900 + * The features below are enabled by default, so we instead look to see
1901 + * if firmware has *disabled* them, and clear them if so.
1902 +@@ -123,6 +129,7 @@ static void pnv_setup_rfi_flush(void)
1903 + security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV));
1904 +
1905 + setup_rfi_flush(type, enable);
1906 ++ setup_count_cache_flush();
1907 + }
1908 +
1909 + static void __init pnv_setup_arch(void)
1910 +diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c
1911 +index 91ade7755823..adb09ab87f7c 100644
1912 +--- a/arch/powerpc/platforms/pseries/setup.c
1913 ++++ b/arch/powerpc/platforms/pseries/setup.c
1914 +@@ -475,6 +475,12 @@ static void init_cpu_char_feature_flags(struct h_cpu_char_result *result)
1915 + if (result->character & H_CPU_CHAR_COUNT_CACHE_DISABLED)
1916 + security_ftr_set(SEC_FTR_COUNT_CACHE_DISABLED);
1917 +
1918 ++ if (result->character & H_CPU_CHAR_BCCTR_FLUSH_ASSIST)
1919 ++ security_ftr_set(SEC_FTR_BCCTR_FLUSH_ASSIST);
1920 ++
1921 ++ if (result->behaviour & H_CPU_BEHAV_FLUSH_COUNT_CACHE)
1922 ++ security_ftr_set(SEC_FTR_FLUSH_COUNT_CACHE);
1923 ++
1924 + /*
1925 + * The features below are enabled by default, so we instead look to see
1926 + * if firmware has *disabled* them, and clear them if so.
1927 +@@ -525,6 +531,7 @@ void pseries_setup_rfi_flush(void)
1928 + security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR);
1929 +
1930 + setup_rfi_flush(types, enable);
1931 ++ setup_count_cache_flush();
1932 + }
1933 +
1934 + static void __init pSeries_setup_arch(void)
1935 +diff --git a/arch/x86/entry/vdso/Makefile b/arch/x86/entry/vdso/Makefile
1936 +index d5409660f5de..756dc9432d15 100644
1937 +--- a/arch/x86/entry/vdso/Makefile
1938 ++++ b/arch/x86/entry/vdso/Makefile
1939 +@@ -47,10 +47,8 @@ targets += $(vdso_img_sodbg)
1940 +
1941 + export CPPFLAGS_vdso.lds += -P -C
1942 +
1943 +-VDSO_LDFLAGS_vdso.lds = -m64 -Wl,-soname=linux-vdso.so.1 \
1944 +- -Wl,--no-undefined \
1945 +- -Wl,-z,max-page-size=4096 -Wl,-z,common-page-size=4096 \
1946 +- $(DISABLE_LTO)
1947 ++VDSO_LDFLAGS_vdso.lds = -m elf_x86_64 -soname linux-vdso.so.1 --no-undefined \
1948 ++ -z max-page-size=4096
1949 +
1950 + $(obj)/vdso64.so.dbg: $(src)/vdso.lds $(vobjs) FORCE
1951 + $(call if_changed,vdso)
1952 +@@ -96,10 +94,8 @@ CFLAGS_REMOVE_vvar.o = -pg
1953 + #
1954 +
1955 + CPPFLAGS_vdsox32.lds = $(CPPFLAGS_vdso.lds)
1956 +-VDSO_LDFLAGS_vdsox32.lds = -Wl,-m,elf32_x86_64 \
1957 +- -Wl,-soname=linux-vdso.so.1 \
1958 +- -Wl,-z,max-page-size=4096 \
1959 +- -Wl,-z,common-page-size=4096
1960 ++VDSO_LDFLAGS_vdsox32.lds = -m elf32_x86_64 -soname linux-vdso.so.1 \
1961 ++ -z max-page-size=4096
1962 +
1963 + # 64-bit objects to re-brand as x32
1964 + vobjs64-for-x32 := $(filter-out $(vobjs-nox32),$(vobjs-y))
1965 +@@ -127,7 +123,7 @@ $(obj)/vdsox32.so.dbg: $(src)/vdsox32.lds $(vobjx32s) FORCE
1966 + $(call if_changed,vdso)
1967 +
1968 + CPPFLAGS_vdso32.lds = $(CPPFLAGS_vdso.lds)
1969 +-VDSO_LDFLAGS_vdso32.lds = -m32 -Wl,-m,elf_i386 -Wl,-soname=linux-gate.so.1
1970 ++VDSO_LDFLAGS_vdso32.lds = -m elf_i386 -soname linux-gate.so.1
1971 +
1972 + # This makes sure the $(obj) subdirectory exists even though vdso32/
1973 + # is not a kbuild sub-make subdirectory.
1974 +@@ -165,13 +161,13 @@ $(obj)/vdso32.so.dbg: FORCE \
1975 + # The DSO images are built using a special linker script.
1976 + #
1977 + quiet_cmd_vdso = VDSO $@
1978 +- cmd_vdso = $(CC) -nostdlib -o $@ \
1979 ++ cmd_vdso = $(LD) -nostdlib -o $@ \
1980 + $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
1981 +- -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^) && \
1982 ++ -T $(filter %.lds,$^) $(filter %.o,$^) && \
1983 + sh $(srctree)/$(src)/checkundef.sh '$(NM)' '$@'
1984 +
1985 +-VDSO_LDFLAGS = -fPIC -shared $(call cc-ldoption, -Wl$(comma)--hash-style=both) \
1986 +- $(call cc-ldoption, -Wl$(comma)--build-id) -Wl,-Bsymbolic $(LTO_CFLAGS)
1987 ++VDSO_LDFLAGS = -shared $(call ld-option, --hash-style=both) \
1988 ++ $(call ld-option, --build-id) -Bsymbolic
1989 + GCOV_PROFILE := n
1990 +
1991 + #
1992 +diff --git a/arch/x86/include/asm/suspend_32.h b/arch/x86/include/asm/suspend_32.h
1993 +index 8e9dbe7b73a1..5cc2ce4ab8a3 100644
1994 +--- a/arch/x86/include/asm/suspend_32.h
1995 ++++ b/arch/x86/include/asm/suspend_32.h
1996 +@@ -11,7 +11,13 @@
1997 +
1998 + /* image of the saved processor state */
1999 + struct saved_context {
2000 +- u16 es, fs, gs, ss;
2001 ++ /*
2002 ++ * On x86_32, all segment registers, with the possible exception of
2003 ++ * gs, are saved at kernel entry in pt_regs.
2004 ++ */
2005 ++#ifdef CONFIG_X86_32_LAZY_GS
2006 ++ u16 gs;
2007 ++#endif
2008 + unsigned long cr0, cr2, cr3, cr4;
2009 + u64 misc_enable;
2010 + bool misc_enable_saved;
2011 +diff --git a/arch/x86/include/asm/suspend_64.h b/arch/x86/include/asm/suspend_64.h
2012 +index 2bd96b4df140..701751918921 100644
2013 +--- a/arch/x86/include/asm/suspend_64.h
2014 ++++ b/arch/x86/include/asm/suspend_64.h
2015 +@@ -19,8 +19,20 @@
2016 + */
2017 + struct saved_context {
2018 + struct pt_regs regs;
2019 +- u16 ds, es, fs, gs, ss;
2020 +- unsigned long gs_base, gs_kernel_base, fs_base;
2021 ++
2022 ++ /*
2023 ++ * User CS and SS are saved in current_pt_regs(). The rest of the
2024 ++ * segment selectors need to be saved and restored here.
2025 ++ */
2026 ++ u16 ds, es, fs, gs;
2027 ++
2028 ++ /*
2029 ++ * Usermode FSBASE and GSBASE may not match the fs and gs selectors,
2030 ++ * so we save them separately. We save the kernelmode GSBASE to
2031 ++ * restore percpu access after resume.
2032 ++ */
2033 ++ unsigned long kernelmode_gs_base, usermode_gs_base, fs_base;
2034 ++
2035 + unsigned long cr0, cr2, cr3, cr4, cr8;
2036 + u64 misc_enable;
2037 + bool misc_enable_saved;
2038 +@@ -29,8 +41,7 @@ struct saved_context {
2039 + u16 gdt_pad; /* Unused */
2040 + struct desc_ptr gdt_desc;
2041 + u16 idt_pad;
2042 +- u16 idt_limit;
2043 +- unsigned long idt_base;
2044 ++ struct desc_ptr idt;
2045 + u16 ldt;
2046 + u16 tss;
2047 + unsigned long tr;
2048 +diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
2049 +index ccdc23d89b60..9f694537a103 100644
2050 +--- a/arch/x86/include/asm/xen/hypercall.h
2051 ++++ b/arch/x86/include/asm/xen/hypercall.h
2052 +@@ -216,6 +216,9 @@ privcmd_call(unsigned call,
2053 + __HYPERCALL_DECLS;
2054 + __HYPERCALL_5ARG(a1, a2, a3, a4, a5);
2055 +
2056 ++ if (call >= PAGE_SIZE / sizeof(hypercall_page[0]))
2057 ++ return -EINVAL;
2058 ++
2059 + stac();
2060 + asm volatile(CALL_NOSPEC
2061 + : __HYPERCALL_5PARAM
2062 +diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
2063 +index 53cace2ec0e2..054e27671df9 100644
2064 +--- a/arch/x86/power/cpu.c
2065 ++++ b/arch/x86/power/cpu.c
2066 +@@ -82,12 +82,8 @@ static void __save_processor_state(struct saved_context *ctxt)
2067 + /*
2068 + * descriptor tables
2069 + */
2070 +-#ifdef CONFIG_X86_32
2071 + store_idt(&ctxt->idt);
2072 +-#else
2073 +-/* CONFIG_X86_64 */
2074 +- store_idt((struct desc_ptr *)&ctxt->idt_limit);
2075 +-#endif
2076 ++
2077 + /*
2078 + * We save it here, but restore it only in the hibernate case.
2079 + * For ACPI S3 resume, this is loaded via 'early_gdt_desc' in 64-bit
2080 +@@ -103,22 +99,18 @@ static void __save_processor_state(struct saved_context *ctxt)
2081 + /*
2082 + * segment registers
2083 + */
2084 +-#ifdef CONFIG_X86_32
2085 +- savesegment(es, ctxt->es);
2086 +- savesegment(fs, ctxt->fs);
2087 ++#ifdef CONFIG_X86_32_LAZY_GS
2088 + savesegment(gs, ctxt->gs);
2089 +- savesegment(ss, ctxt->ss);
2090 +-#else
2091 +-/* CONFIG_X86_64 */
2092 +- asm volatile ("movw %%ds, %0" : "=m" (ctxt->ds));
2093 +- asm volatile ("movw %%es, %0" : "=m" (ctxt->es));
2094 +- asm volatile ("movw %%fs, %0" : "=m" (ctxt->fs));
2095 +- asm volatile ("movw %%gs, %0" : "=m" (ctxt->gs));
2096 +- asm volatile ("movw %%ss, %0" : "=m" (ctxt->ss));
2097 ++#endif
2098 ++#ifdef CONFIG_X86_64
2099 ++ savesegment(gs, ctxt->gs);
2100 ++ savesegment(fs, ctxt->fs);
2101 ++ savesegment(ds, ctxt->ds);
2102 ++ savesegment(es, ctxt->es);
2103 +
2104 + rdmsrl(MSR_FS_BASE, ctxt->fs_base);
2105 +- rdmsrl(MSR_GS_BASE, ctxt->gs_base);
2106 +- rdmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base);
2107 ++ rdmsrl(MSR_GS_BASE, ctxt->kernelmode_gs_base);
2108 ++ rdmsrl(MSR_KERNEL_GS_BASE, ctxt->usermode_gs_base);
2109 + mtrr_save_fixed_ranges(NULL);
2110 +
2111 + rdmsrl(MSR_EFER, ctxt->efer);
2112 +@@ -178,6 +170,9 @@ static void fix_processor_context(void)
2113 + write_gdt_entry(desc, GDT_ENTRY_TSS, &tss, DESC_TSS);
2114 +
2115 + syscall_init(); /* This sets MSR_*STAR and related */
2116 ++#else
2117 ++ if (boot_cpu_has(X86_FEATURE_SEP))
2118 ++ enable_sep_cpu();
2119 + #endif
2120 + load_TR_desc(); /* This does ltr */
2121 + load_mm_ldt(current->active_mm); /* This does lldt */
2122 +@@ -186,9 +181,12 @@ static void fix_processor_context(void)
2123 + }
2124 +
2125 + /**
2126 +- * __restore_processor_state - restore the contents of CPU registers saved
2127 +- * by __save_processor_state()
2128 +- * @ctxt - structure to load the registers contents from
2129 ++ * __restore_processor_state - restore the contents of CPU registers saved
2130 ++ * by __save_processor_state()
2131 ++ * @ctxt - structure to load the registers contents from
2132 ++ *
2133 ++ * The asm code that gets us here will have restored a usable GDT, although
2134 ++ * it will be pointing to the wrong alias.
2135 + */
2136 + static void notrace __restore_processor_state(struct saved_context *ctxt)
2137 + {
2138 +@@ -211,46 +209,52 @@ static void notrace __restore_processor_state(struct saved_context *ctxt)
2139 + write_cr2(ctxt->cr2);
2140 + write_cr0(ctxt->cr0);
2141 +
2142 ++ /* Restore the IDT. */
2143 ++ load_idt(&ctxt->idt);
2144 ++
2145 + /*
2146 +- * now restore the descriptor tables to their proper values
2147 +- * ltr is done i fix_processor_context().
2148 ++ * Just in case the asm code got us here with the SS, DS, or ES
2149 ++ * out of sync with the GDT, update them.
2150 + */
2151 +-#ifdef CONFIG_X86_32
2152 +- load_idt(&ctxt->idt);
2153 ++ loadsegment(ss, __KERNEL_DS);
2154 ++ loadsegment(ds, __USER_DS);
2155 ++ loadsegment(es, __USER_DS);
2156 ++
2157 ++ /*
2158 ++ * Restore percpu access. Percpu access can happen in exception
2159 ++ * handlers or in complicated helpers like load_gs_index().
2160 ++ */
2161 ++#ifdef CONFIG_X86_64
2162 ++ wrmsrl(MSR_GS_BASE, ctxt->kernelmode_gs_base);
2163 + #else
2164 +-/* CONFIG_X86_64 */
2165 +- load_idt((const struct desc_ptr *)&ctxt->idt_limit);
2166 ++ loadsegment(fs, __KERNEL_PERCPU);
2167 ++ loadsegment(gs, __KERNEL_STACK_CANARY);
2168 + #endif
2169 +
2170 ++ /* Restore the TSS, RO GDT, LDT, and usermode-relevant MSRs. */
2171 ++ fix_processor_context();
2172 ++
2173 + /*
2174 +- * segment registers
2175 ++ * Now that we have descriptor tables fully restored and working
2176 ++ * exception handling, restore the usermode segments.
2177 + */
2178 +-#ifdef CONFIG_X86_32
2179 ++#ifdef CONFIG_X86_64
2180 ++ loadsegment(ds, ctxt->es);
2181 + loadsegment(es, ctxt->es);
2182 + loadsegment(fs, ctxt->fs);
2183 +- loadsegment(gs, ctxt->gs);
2184 +- loadsegment(ss, ctxt->ss);
2185 ++ load_gs_index(ctxt->gs);
2186 +
2187 + /*
2188 +- * sysenter MSRs
2189 ++ * Restore FSBASE and GSBASE after restoring the selectors, since
2190 ++ * restoring the selectors clobbers the bases. Keep in mind
2191 ++ * that MSR_KERNEL_GS_BASE is horribly misnamed.
2192 + */
2193 +- if (boot_cpu_has(X86_FEATURE_SEP))
2194 +- enable_sep_cpu();
2195 +-#else
2196 +-/* CONFIG_X86_64 */
2197 +- asm volatile ("movw %0, %%ds" :: "r" (ctxt->ds));
2198 +- asm volatile ("movw %0, %%es" :: "r" (ctxt->es));
2199 +- asm volatile ("movw %0, %%fs" :: "r" (ctxt->fs));
2200 +- load_gs_index(ctxt->gs);
2201 +- asm volatile ("movw %0, %%ss" :: "r" (ctxt->ss));
2202 +-
2203 + wrmsrl(MSR_FS_BASE, ctxt->fs_base);
2204 +- wrmsrl(MSR_GS_BASE, ctxt->gs_base);
2205 +- wrmsrl(MSR_KERNEL_GS_BASE, ctxt->gs_kernel_base);
2206 ++ wrmsrl(MSR_KERNEL_GS_BASE, ctxt->usermode_gs_base);
2207 ++#elif defined(CONFIG_X86_32_LAZY_GS)
2208 ++ loadsegment(gs, ctxt->gs);
2209 + #endif
2210 +
2211 +- fix_processor_context();
2212 +-
2213 + do_fpu_end();
2214 + x86_platform.restore_sched_clock_state();
2215 + mtrr_bp_restore();
2216 +diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c
2217 +index 7538d802b65a..483593068139 100644
2218 +--- a/arch/xtensa/kernel/stacktrace.c
2219 ++++ b/arch/xtensa/kernel/stacktrace.c
2220 +@@ -272,10 +272,14 @@ static int return_address_cb(struct stackframe *frame, void *data)
2221 + return 1;
2222 + }
2223 +
2224 ++/*
2225 ++ * level == 0 is for the return address from the caller of this function,
2226 ++ * not from this function itself.
2227 ++ */
2228 + unsigned long return_address(unsigned level)
2229 + {
2230 + struct return_addr_data r = {
2231 +- .skip = level + 1,
2232 ++ .skip = level,
2233 + };
2234 + walk_stackframe(stack_pointer(NULL), return_address_cb, &r);
2235 + return r.addr;
2236 +diff --git a/block/bio.c b/block/bio.c
2237 +index 68972e3d3f5c..4c18a68913de 100644
2238 +--- a/block/bio.c
2239 ++++ b/block/bio.c
2240 +@@ -1214,8 +1214,11 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
2241 + }
2242 + }
2243 +
2244 +- if (bio_add_pc_page(q, bio, page, bytes, offset) < bytes)
2245 ++ if (bio_add_pc_page(q, bio, page, bytes, offset) < bytes) {
2246 ++ if (!map_data)
2247 ++ __free_page(page);
2248 + break;
2249 ++ }
2250 +
2251 + len -= bytes;
2252 + offset = 0;
2253 +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig
2254 +index 8453a49471d7..f4ae000eb285 100644
2255 +--- a/drivers/char/Kconfig
2256 ++++ b/drivers/char/Kconfig
2257 +@@ -377,7 +377,7 @@ config XILINX_HWICAP
2258 +
2259 + config R3964
2260 + tristate "Siemens R3964 line discipline"
2261 +- depends on TTY
2262 ++ depends on TTY && BROKEN
2263 + ---help---
2264 + This driver allows synchronous communication with devices using the
2265 + Siemens R3964 packet protocol. Unless you are dealing with special
2266 +diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
2267 +index 737f0f6f4075..45ea2718c65d 100644
2268 +--- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c
2269 ++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c
2270 +@@ -959,6 +959,8 @@ static void bnxt_tpa_start(struct bnxt *bp, struct bnxt_rx_ring_info *rxr,
2271 + tpa_info = &rxr->rx_tpa[agg_id];
2272 +
2273 + if (unlikely(cons != rxr->rx_next_cons)) {
2274 ++ netdev_warn(bp->dev, "TPA cons %x != expected cons %x\n",
2275 ++ cons, rxr->rx_next_cons);
2276 + bnxt_sched_reset(bp, rxr);
2277 + return;
2278 + }
2279 +@@ -1377,14 +1379,16 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct bnxt_napi *bnapi, u32 *raw_cons,
2280 + }
2281 +
2282 + cons = rxcmp->rx_cmp_opaque;
2283 +- rx_buf = &rxr->rx_buf_ring[cons];
2284 +- data = rx_buf->data;
2285 + if (unlikely(cons != rxr->rx_next_cons)) {
2286 + int rc1 = bnxt_discard_rx(bp, bnapi, raw_cons, rxcmp);
2287 +
2288 ++ netdev_warn(bp->dev, "RX cons %x != expected cons %x\n",
2289 ++ cons, rxr->rx_next_cons);
2290 + bnxt_sched_reset(bp, rxr);
2291 + return rc1;
2292 + }
2293 ++ rx_buf = &rxr->rx_buf_ring[cons];
2294 ++ data = rx_buf->data;
2295 + prefetch(data);
2296 +
2297 + agg_bufs = (le32_to_cpu(rxcmp->rx_cmp_misc_v1) & RX_CMP_AGG_BUFS) >>
2298 +@@ -1400,11 +1404,17 @@ static int bnxt_rx_pkt(struct bnxt *bp, struct bnxt_napi *bnapi, u32 *raw_cons,
2299 +
2300 + rx_buf->data = NULL;
2301 + if (rxcmp1->rx_cmp_cfa_code_errors_v2 & RX_CMP_L2_ERRORS) {
2302 ++ u32 rx_err = le32_to_cpu(rxcmp1->rx_cmp_cfa_code_errors_v2);
2303 ++
2304 + bnxt_reuse_rx_data(rxr, cons, data);
2305 + if (agg_bufs)
2306 + bnxt_reuse_rx_agg_bufs(bnapi, cp_cons, agg_bufs);
2307 +
2308 + rc = -EIO;
2309 ++ if (rx_err & RX_CMPL_ERRORS_BUFFER_ERROR_MASK) {
2310 ++ netdev_warn(bp->dev, "RX buffer error %x\n", rx_err);
2311 ++ bnxt_sched_reset(bp, rxr);
2312 ++ }
2313 + goto next_rx;
2314 + }
2315 +
2316 +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_common.c b/drivers/net/ethernet/mellanox/mlx5/core/en_common.c
2317 +index 029e856f72a0..dc809c2ea413 100644
2318 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_common.c
2319 ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_common.c
2320 +@@ -45,7 +45,9 @@ int mlx5e_create_tir(struct mlx5_core_dev *mdev,
2321 + if (err)
2322 + return err;
2323 +
2324 ++ mutex_lock(&mdev->mlx5e_res.td.list_lock);
2325 + list_add(&tir->list, &mdev->mlx5e_res.td.tirs_list);
2326 ++ mutex_unlock(&mdev->mlx5e_res.td.list_lock);
2327 +
2328 + return 0;
2329 + }
2330 +@@ -53,8 +55,10 @@ int mlx5e_create_tir(struct mlx5_core_dev *mdev,
2331 + void mlx5e_destroy_tir(struct mlx5_core_dev *mdev,
2332 + struct mlx5e_tir *tir)
2333 + {
2334 ++ mutex_lock(&mdev->mlx5e_res.td.list_lock);
2335 + mlx5_core_destroy_tir(mdev, tir->tirn);
2336 + list_del(&tir->list);
2337 ++ mutex_unlock(&mdev->mlx5e_res.td.list_lock);
2338 + }
2339 +
2340 + static int mlx5e_create_mkey(struct mlx5_core_dev *mdev, u32 pdn,
2341 +@@ -114,6 +118,7 @@ int mlx5e_create_mdev_resources(struct mlx5_core_dev *mdev)
2342 + }
2343 +
2344 + INIT_LIST_HEAD(&mdev->mlx5e_res.td.tirs_list);
2345 ++ mutex_init(&mdev->mlx5e_res.td.list_lock);
2346 +
2347 + return 0;
2348 +
2349 +@@ -151,6 +156,7 @@ int mlx5e_refresh_tirs_self_loopback_enable(struct mlx5_core_dev *mdev)
2350 +
2351 + MLX5_SET(modify_tir_in, in, bitmask.self_lb_en, 1);
2352 +
2353 ++ mutex_lock(&mdev->mlx5e_res.td.list_lock);
2354 + list_for_each_entry(tir, &mdev->mlx5e_res.td.tirs_list, list) {
2355 + err = mlx5_core_modify_tir(mdev, tir->tirn, in, inlen);
2356 + if (err)
2357 +@@ -159,6 +165,7 @@ int mlx5e_refresh_tirs_self_loopback_enable(struct mlx5_core_dev *mdev)
2358 +
2359 + out:
2360 + kvfree(in);
2361 ++ mutex_unlock(&mdev->mlx5e_res.td.list_lock);
2362 +
2363 + return err;
2364 + }
2365 +diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
2366 +index 16e5c8cd104d..d51ad140f46d 100644
2367 +--- a/drivers/net/usb/qmi_wwan.c
2368 ++++ b/drivers/net/usb/qmi_wwan.c
2369 +@@ -890,6 +890,7 @@ static const struct usb_device_id products[] = {
2370 + {QMI_FIXED_INTF(0x19d2, 0x2002, 4)}, /* ZTE (Vodafone) K3765-Z */
2371 + {QMI_FIXED_INTF(0x2001, 0x7e19, 4)}, /* D-Link DWM-221 B1 */
2372 + {QMI_FIXED_INTF(0x2001, 0x7e35, 4)}, /* D-Link DWM-222 */
2373 ++ {QMI_FIXED_INTF(0x2020, 0x2031, 4)}, /* Olicard 600 */
2374 + {QMI_FIXED_INTF(0x2020, 0x2033, 4)}, /* BroadMobi BM806U */
2375 + {QMI_FIXED_INTF(0x0f3d, 0x68a2, 8)}, /* Sierra Wireless MC7700 */
2376 + {QMI_FIXED_INTF(0x114f, 0x68a2, 8)}, /* Sierra Wireless MC7750 */
2377 +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
2378 +index dedb12083d86..6663b76934ad 100644
2379 +--- a/drivers/pci/quirks.c
2380 ++++ b/drivers/pci/quirks.c
2381 +@@ -3866,6 +3866,8 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9128,
2382 + /* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c14 */
2383 + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9130,
2384 + quirk_dma_func1_alias);
2385 ++DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9170,
2386 ++ quirk_dma_func1_alias);
2387 + /* https://bugzilla.kernel.org/show_bug.cgi?id=42679#c47 + c57 */
2388 + DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_MARVELL_EXT, 0x9172,
2389 + quirk_dma_func1_alias);
2390 +diff --git a/drivers/tty/Kconfig b/drivers/tty/Kconfig
2391 +index 95103054c0e4..fdd2860cb9bd 100644
2392 +--- a/drivers/tty/Kconfig
2393 ++++ b/drivers/tty/Kconfig
2394 +@@ -455,4 +455,27 @@ config MIPS_EJTAG_FDC_KGDB_CHAN
2395 + help
2396 + FDC channel number to use for KGDB.
2397 +
2398 ++config LDISC_AUTOLOAD
2399 ++ bool "Automatically load TTY Line Disciplines"
2400 ++ default y
2401 ++ help
2402 ++ Historically the kernel has always automatically loaded any
2403 ++ line discipline that is in a kernel module when a user asks
2404 ++ for it to be loaded with the TIOCSETD ioctl, or through other
2405 ++ means. This is not always the best thing to do on systems
2406 ++ where you know you will not be using some of the more
2407 ++ "ancient" line disciplines, so prevent the kernel from doing
2408 ++ this unless the request is coming from a process with the
2409 ++ CAP_SYS_MODULE permissions.
2410 ++
2411 ++ Say 'Y' here if you trust your userspace users to do the right
2412 ++ thing, or if you have only provided the line disciplines that
2413 ++ you know you will be using, or if you wish to continue to use
2414 ++ the traditional method of on-demand loading of these modules
2415 ++ by any user.
2416 ++
2417 ++ This functionality can be changed at runtime with the
2418 ++ dev.tty.ldisc_autoload sysctl, this configuration option will
2419 ++ only set the default value of this functionality.
2420 ++
2421 + endif # TTY
2422 +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
2423 +index 19fe1e8fc124..15e0116e1232 100644
2424 +--- a/drivers/tty/tty_io.c
2425 ++++ b/drivers/tty/tty_io.c
2426 +@@ -520,6 +520,8 @@ void proc_clear_tty(struct task_struct *p)
2427 + tty_kref_put(tty);
2428 + }
2429 +
2430 ++extern void tty_sysctl_init(void);
2431 ++
2432 + /**
2433 + * proc_set_tty - set the controlling terminal
2434 + *
2435 +@@ -3705,6 +3707,7 @@ void console_sysfs_notify(void)
2436 + */
2437 + int __init tty_init(void)
2438 + {
2439 ++ tty_sysctl_init();
2440 + cdev_init(&tty_cdev, &tty_fops);
2441 + if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
2442 + register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
2443 +diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
2444 +index 4ab518d43758..3eb3f2a03bbb 100644
2445 +--- a/drivers/tty/tty_ldisc.c
2446 ++++ b/drivers/tty/tty_ldisc.c
2447 +@@ -155,6 +155,13 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
2448 + * takes tty_ldiscs_lock to guard against ldisc races
2449 + */
2450 +
2451 ++#if defined(CONFIG_LDISC_AUTOLOAD)
2452 ++ #define INITIAL_AUTOLOAD_STATE 1
2453 ++#else
2454 ++ #define INITIAL_AUTOLOAD_STATE 0
2455 ++#endif
2456 ++static int tty_ldisc_autoload = INITIAL_AUTOLOAD_STATE;
2457 ++
2458 + static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc)
2459 + {
2460 + struct tty_ldisc *ld;
2461 +@@ -169,6 +176,8 @@ static struct tty_ldisc *tty_ldisc_get(struct tty_struct *tty, int disc)
2462 + */
2463 + ldops = get_ldops(disc);
2464 + if (IS_ERR(ldops)) {
2465 ++ if (!capable(CAP_SYS_MODULE) && !tty_ldisc_autoload)
2466 ++ return ERR_PTR(-EPERM);
2467 + request_module("tty-ldisc-%d", disc);
2468 + ldops = get_ldops(disc);
2469 + if (IS_ERR(ldops))
2470 +@@ -774,3 +783,41 @@ void tty_ldisc_deinit(struct tty_struct *tty)
2471 + tty_ldisc_put(tty->ldisc);
2472 + tty->ldisc = NULL;
2473 + }
2474 ++
2475 ++static int zero;
2476 ++static int one = 1;
2477 ++static struct ctl_table tty_table[] = {
2478 ++ {
2479 ++ .procname = "ldisc_autoload",
2480 ++ .data = &tty_ldisc_autoload,
2481 ++ .maxlen = sizeof(tty_ldisc_autoload),
2482 ++ .mode = 0644,
2483 ++ .proc_handler = proc_dointvec,
2484 ++ .extra1 = &zero,
2485 ++ .extra2 = &one,
2486 ++ },
2487 ++ { }
2488 ++};
2489 ++
2490 ++static struct ctl_table tty_dir_table[] = {
2491 ++ {
2492 ++ .procname = "tty",
2493 ++ .mode = 0555,
2494 ++ .child = tty_table,
2495 ++ },
2496 ++ { }
2497 ++};
2498 ++
2499 ++static struct ctl_table tty_root_table[] = {
2500 ++ {
2501 ++ .procname = "dev",
2502 ++ .mode = 0555,
2503 ++ .child = tty_dir_table,
2504 ++ },
2505 ++ { }
2506 ++};
2507 ++
2508 ++void tty_sysctl_init(void)
2509 ++{
2510 ++ register_sysctl_table(tty_root_table);
2511 ++}
2512 +diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c
2513 +index 8977f40ea441..2f09294c5946 100644
2514 +--- a/drivers/virtio/virtio_ring.c
2515 ++++ b/drivers/virtio/virtio_ring.c
2516 +@@ -1040,6 +1040,8 @@ struct virtqueue *vring_create_virtqueue(
2517 + GFP_KERNEL|__GFP_NOWARN|__GFP_ZERO);
2518 + if (queue)
2519 + break;
2520 ++ if (!may_reduce_num)
2521 ++ return NULL;
2522 + }
2523 +
2524 + if (!num)
2525 +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
2526 +index 242584a0d3b5..a67143c579aa 100644
2527 +--- a/fs/btrfs/ioctl.c
2528 ++++ b/fs/btrfs/ioctl.c
2529 +@@ -385,6 +385,16 @@ static noinline int btrfs_ioctl_fitrim(struct file *file, void __user *arg)
2530 + if (!capable(CAP_SYS_ADMIN))
2531 + return -EPERM;
2532 +
2533 ++ /*
2534 ++ * If the fs is mounted with nologreplay, which requires it to be
2535 ++ * mounted in RO mode as well, we can not allow discard on free space
2536 ++ * inside block groups, because log trees refer to extents that are not
2537 ++ * pinned in a block group's free space cache (pinning the extents is
2538 ++ * precisely the first phase of replaying a log tree).
2539 ++ */
2540 ++ if (btrfs_test_opt(fs_info, NOLOGREPLAY))
2541 ++ return -EROFS;
2542 ++
2543 + rcu_read_lock();
2544 + list_for_each_entry_rcu(device, &fs_info->fs_devices->devices,
2545 + dev_list) {
2546 +diff --git a/include/linux/bitrev.h b/include/linux/bitrev.h
2547 +index fb790b8449c1..333e42cf08de 100644
2548 +--- a/include/linux/bitrev.h
2549 ++++ b/include/linux/bitrev.h
2550 +@@ -31,32 +31,32 @@ static inline u32 __bitrev32(u32 x)
2551 +
2552 + #define __constant_bitrev32(x) \
2553 + ({ \
2554 +- u32 __x = x; \
2555 +- __x = (__x >> 16) | (__x << 16); \
2556 +- __x = ((__x & (u32)0xFF00FF00UL) >> 8) | ((__x & (u32)0x00FF00FFUL) << 8); \
2557 +- __x = ((__x & (u32)0xF0F0F0F0UL) >> 4) | ((__x & (u32)0x0F0F0F0FUL) << 4); \
2558 +- __x = ((__x & (u32)0xCCCCCCCCUL) >> 2) | ((__x & (u32)0x33333333UL) << 2); \
2559 +- __x = ((__x & (u32)0xAAAAAAAAUL) >> 1) | ((__x & (u32)0x55555555UL) << 1); \
2560 +- __x; \
2561 ++ u32 ___x = x; \
2562 ++ ___x = (___x >> 16) | (___x << 16); \
2563 ++ ___x = ((___x & (u32)0xFF00FF00UL) >> 8) | ((___x & (u32)0x00FF00FFUL) << 8); \
2564 ++ ___x = ((___x & (u32)0xF0F0F0F0UL) >> 4) | ((___x & (u32)0x0F0F0F0FUL) << 4); \
2565 ++ ___x = ((___x & (u32)0xCCCCCCCCUL) >> 2) | ((___x & (u32)0x33333333UL) << 2); \
2566 ++ ___x = ((___x & (u32)0xAAAAAAAAUL) >> 1) | ((___x & (u32)0x55555555UL) << 1); \
2567 ++ ___x; \
2568 + })
2569 +
2570 + #define __constant_bitrev16(x) \
2571 + ({ \
2572 +- u16 __x = x; \
2573 +- __x = (__x >> 8) | (__x << 8); \
2574 +- __x = ((__x & (u16)0xF0F0U) >> 4) | ((__x & (u16)0x0F0FU) << 4); \
2575 +- __x = ((__x & (u16)0xCCCCU) >> 2) | ((__x & (u16)0x3333U) << 2); \
2576 +- __x = ((__x & (u16)0xAAAAU) >> 1) | ((__x & (u16)0x5555U) << 1); \
2577 +- __x; \
2578 ++ u16 ___x = x; \
2579 ++ ___x = (___x >> 8) | (___x << 8); \
2580 ++ ___x = ((___x & (u16)0xF0F0U) >> 4) | ((___x & (u16)0x0F0FU) << 4); \
2581 ++ ___x = ((___x & (u16)0xCCCCU) >> 2) | ((___x & (u16)0x3333U) << 2); \
2582 ++ ___x = ((___x & (u16)0xAAAAU) >> 1) | ((___x & (u16)0x5555U) << 1); \
2583 ++ ___x; \
2584 + })
2585 +
2586 + #define __constant_bitrev8(x) \
2587 + ({ \
2588 +- u8 __x = x; \
2589 +- __x = (__x >> 4) | (__x << 4); \
2590 +- __x = ((__x & (u8)0xCCU) >> 2) | ((__x & (u8)0x33U) << 2); \
2591 +- __x = ((__x & (u8)0xAAU) >> 1) | ((__x & (u8)0x55U) << 1); \
2592 +- __x; \
2593 ++ u8 ___x = x; \
2594 ++ ___x = (___x >> 4) | (___x << 4); \
2595 ++ ___x = ((___x & (u8)0xCCU) >> 2) | ((___x & (u8)0x33U) << 2); \
2596 ++ ___x = ((___x & (u8)0xAAU) >> 1) | ((___x & (u8)0x55U) << 1); \
2597 ++ ___x; \
2598 + })
2599 +
2600 + #define bitrev32(x) \
2601 +diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h
2602 +index 859fd209603a..509e99076c57 100644
2603 +--- a/include/linux/mlx5/driver.h
2604 ++++ b/include/linux/mlx5/driver.h
2605 +@@ -578,6 +578,8 @@ enum mlx5_pci_status {
2606 + };
2607 +
2608 + struct mlx5_td {
2609 ++ /* protects tirs list changes while tirs refresh */
2610 ++ struct mutex list_lock;
2611 + struct list_head tirs_list;
2612 + u32 tdn;
2613 + };
2614 +diff --git a/include/linux/string.h b/include/linux/string.h
2615 +index 60042e5e88ff..42eed573ebb6 100644
2616 +--- a/include/linux/string.h
2617 ++++ b/include/linux/string.h
2618 +@@ -111,6 +111,9 @@ extern void * memscan(void *,int,__kernel_size_t);
2619 + #ifndef __HAVE_ARCH_MEMCMP
2620 + extern int memcmp(const void *,const void *,__kernel_size_t);
2621 + #endif
2622 ++#ifndef __HAVE_ARCH_BCMP
2623 ++extern int bcmp(const void *,const void *,__kernel_size_t);
2624 ++#endif
2625 + #ifndef __HAVE_ARCH_MEMCHR
2626 + extern void * memchr(const void *,int,__kernel_size_t);
2627 + #endif
2628 +diff --git a/include/linux/virtio_ring.h b/include/linux/virtio_ring.h
2629 +index e8d36938f09a..b38c1871b735 100644
2630 +--- a/include/linux/virtio_ring.h
2631 ++++ b/include/linux/virtio_ring.h
2632 +@@ -62,7 +62,7 @@ struct virtqueue;
2633 + /*
2634 + * Creates a virtqueue and allocates the descriptor ring. If
2635 + * may_reduce_num is set, then this may allocate a smaller ring than
2636 +- * expected. The caller should query virtqueue_get_ring_size to learn
2637 ++ * expected. The caller should query virtqueue_get_vring_size to learn
2638 + * the actual size of the ring.
2639 + */
2640 + struct virtqueue *vring_create_virtqueue(unsigned int index,
2641 +diff --git a/include/net/ip.h b/include/net/ip.h
2642 +index f06cd30bb44c..a3c1b9dfc9a1 100644
2643 +--- a/include/net/ip.h
2644 ++++ b/include/net/ip.h
2645 +@@ -580,7 +580,7 @@ int ip_options_get_from_user(struct net *net, struct ip_options_rcu **optp,
2646 + unsigned char __user *data, int optlen);
2647 + void ip_options_undo(struct ip_options *opt);
2648 + void ip_forward_options(struct sk_buff *skb);
2649 +-int ip_options_rcv_srr(struct sk_buff *skb);
2650 ++int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev);
2651 +
2652 + /*
2653 + * Functions provided by ip_sockglue.c
2654 +diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
2655 +index c05db6ff2515..0cdafe3935a6 100644
2656 +--- a/include/net/net_namespace.h
2657 ++++ b/include/net/net_namespace.h
2658 +@@ -53,6 +53,7 @@ struct net {
2659 + */
2660 + spinlock_t rules_mod_lock;
2661 +
2662 ++ u32 hash_mix;
2663 + atomic64_t cookie_gen;
2664 +
2665 + struct list_head list; /* list of network namespaces */
2666 +diff --git a/include/net/netns/hash.h b/include/net/netns/hash.h
2667 +index 69a6715d9f3f..a347b2f9e748 100644
2668 +--- a/include/net/netns/hash.h
2669 ++++ b/include/net/netns/hash.h
2670 +@@ -1,21 +1,10 @@
2671 + #ifndef __NET_NS_HASH_H__
2672 + #define __NET_NS_HASH_H__
2673 +
2674 +-#include <asm/cache.h>
2675 +-
2676 +-struct net;
2677 ++#include <net/net_namespace.h>
2678 +
2679 + static inline u32 net_hash_mix(const struct net *net)
2680 + {
2681 +-#ifdef CONFIG_NET_NS
2682 +- /*
2683 +- * shift this right to eliminate bits, that are
2684 +- * always zeroed
2685 +- */
2686 +-
2687 +- return (u32)(((unsigned long)net) >> L1_CACHE_SHIFT);
2688 +-#else
2689 +- return 0;
2690 +-#endif
2691 ++ return net->hash_mix;
2692 + }
2693 + #endif
2694 +diff --git a/kernel/irq/chip.c b/kernel/irq/chip.c
2695 +index 9e745cc0726d..9f13667ccb9c 100644
2696 +--- a/kernel/irq/chip.c
2697 ++++ b/kernel/irq/chip.c
2698 +@@ -1142,6 +1142,10 @@ int irq_chip_set_vcpu_affinity_parent(struct irq_data *data, void *vcpu_info)
2699 + int irq_chip_set_wake_parent(struct irq_data *data, unsigned int on)
2700 + {
2701 + data = data->parent_data;
2702 ++
2703 ++ if (data->chip->flags & IRQCHIP_SKIP_SET_WAKE)
2704 ++ return 0;
2705 ++
2706 + if (data->chip->irq_set_wake)
2707 + return data->chip->irq_set_wake(data, on);
2708 +
2709 +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
2710 +index 0c91d72f3e8f..1c630d94f86b 100644
2711 +--- a/kernel/sched/fair.c
2712 ++++ b/kernel/sched/fair.c
2713 +@@ -6634,10 +6634,10 @@ static void update_cfs_rq_h_load(struct cfs_rq *cfs_rq)
2714 + if (cfs_rq->last_h_load_update == now)
2715 + return;
2716 +
2717 +- cfs_rq->h_load_next = NULL;
2718 ++ WRITE_ONCE(cfs_rq->h_load_next, NULL);
2719 + for_each_sched_entity(se) {
2720 + cfs_rq = cfs_rq_of(se);
2721 +- cfs_rq->h_load_next = se;
2722 ++ WRITE_ONCE(cfs_rq->h_load_next, se);
2723 + if (cfs_rq->last_h_load_update == now)
2724 + break;
2725 + }
2726 +@@ -6647,7 +6647,7 @@ static void update_cfs_rq_h_load(struct cfs_rq *cfs_rq)
2727 + cfs_rq->last_h_load_update = now;
2728 + }
2729 +
2730 +- while ((se = cfs_rq->h_load_next) != NULL) {
2731 ++ while ((se = READ_ONCE(cfs_rq->h_load_next)) != NULL) {
2732 + load = cfs_rq->h_load;
2733 + load = div64_ul(load * se->avg.load_avg,
2734 + cfs_rq_load_avg(cfs_rq) + 1);
2735 +diff --git a/lib/string.c b/lib/string.c
2736 +index ed83562a53ae..1cd9757291b1 100644
2737 +--- a/lib/string.c
2738 ++++ b/lib/string.c
2739 +@@ -772,6 +772,26 @@ __visible int memcmp(const void *cs, const void *ct, size_t count)
2740 + EXPORT_SYMBOL(memcmp);
2741 + #endif
2742 +
2743 ++#ifndef __HAVE_ARCH_BCMP
2744 ++/**
2745 ++ * bcmp - returns 0 if and only if the buffers have identical contents.
2746 ++ * @a: pointer to first buffer.
2747 ++ * @b: pointer to second buffer.
2748 ++ * @len: size of buffers.
2749 ++ *
2750 ++ * The sign or magnitude of a non-zero return value has no particular
2751 ++ * meaning, and architectures may implement their own more efficient bcmp(). So
2752 ++ * while this particular implementation is a simple (tail) call to memcmp, do
2753 ++ * not rely on anything but whether the return value is zero or non-zero.
2754 ++ */
2755 ++#undef bcmp
2756 ++int bcmp(const void *a, const void *b, size_t len)
2757 ++{
2758 ++ return memcmp(a, b, len);
2759 ++}
2760 ++EXPORT_SYMBOL(bcmp);
2761 ++#endif
2762 ++
2763 + #ifndef __HAVE_ARCH_MEMSCAN
2764 + /**
2765 + * memscan - Find a character in an area of memory.
2766 +diff --git a/net/core/ethtool.c b/net/core/ethtool.c
2767 +index a8a9938aeceb..20ae57fbe009 100644
2768 +--- a/net/core/ethtool.c
2769 ++++ b/net/core/ethtool.c
2770 +@@ -1801,17 +1801,22 @@ static int ethtool_get_strings(struct net_device *dev, void __user *useraddr)
2771 +
2772 + gstrings.len = ret;
2773 +
2774 +- data = kcalloc(gstrings.len, ETH_GSTRING_LEN, GFP_USER);
2775 +- if (!data)
2776 +- return -ENOMEM;
2777 ++ if (gstrings.len) {
2778 ++ data = kcalloc(gstrings.len, ETH_GSTRING_LEN, GFP_USER);
2779 ++ if (!data)
2780 ++ return -ENOMEM;
2781 +
2782 +- __ethtool_get_strings(dev, gstrings.string_set, data);
2783 ++ __ethtool_get_strings(dev, gstrings.string_set, data);
2784 ++ } else {
2785 ++ data = NULL;
2786 ++ }
2787 +
2788 + ret = -EFAULT;
2789 + if (copy_to_user(useraddr, &gstrings, sizeof(gstrings)))
2790 + goto out;
2791 + useraddr += sizeof(gstrings);
2792 +- if (copy_to_user(useraddr, data, gstrings.len * ETH_GSTRING_LEN))
2793 ++ if (gstrings.len &&
2794 ++ copy_to_user(useraddr, data, gstrings.len * ETH_GSTRING_LEN))
2795 + goto out;
2796 + ret = 0;
2797 +
2798 +@@ -1899,17 +1904,21 @@ static int ethtool_get_stats(struct net_device *dev, void __user *useraddr)
2799 + return -EFAULT;
2800 +
2801 + stats.n_stats = n_stats;
2802 +- data = kmalloc(n_stats * sizeof(u64), GFP_USER);
2803 +- if (!data)
2804 +- return -ENOMEM;
2805 ++ if (n_stats) {
2806 ++ data = kmalloc(n_stats * sizeof(u64), GFP_USER);
2807 ++ if (!data)
2808 ++ return -ENOMEM;
2809 +
2810 +- ops->get_ethtool_stats(dev, &stats, data);
2811 ++ ops->get_ethtool_stats(dev, &stats, data);
2812 ++ } else {
2813 ++ data = NULL;
2814 ++ }
2815 +
2816 + ret = -EFAULT;
2817 + if (copy_to_user(useraddr, &stats, sizeof(stats)))
2818 + goto out;
2819 + useraddr += sizeof(stats);
2820 +- if (copy_to_user(useraddr, data, stats.n_stats * sizeof(u64)))
2821 ++ if (n_stats && copy_to_user(useraddr, data, n_stats * sizeof(u64)))
2822 + goto out;
2823 + ret = 0;
2824 +
2825 +@@ -1938,19 +1947,23 @@ static int ethtool_get_phy_stats(struct net_device *dev, void __user *useraddr)
2826 + return -EFAULT;
2827 +
2828 + stats.n_stats = n_stats;
2829 +- data = kmalloc_array(n_stats, sizeof(u64), GFP_USER);
2830 +- if (!data)
2831 +- return -ENOMEM;
2832 ++ if (n_stats) {
2833 ++ data = kmalloc_array(n_stats, sizeof(u64), GFP_USER);
2834 ++ if (!data)
2835 ++ return -ENOMEM;
2836 +
2837 +- mutex_lock(&phydev->lock);
2838 +- phydev->drv->get_stats(phydev, &stats, data);
2839 +- mutex_unlock(&phydev->lock);
2840 ++ mutex_lock(&phydev->lock);
2841 ++ phydev->drv->get_stats(phydev, &stats, data);
2842 ++ mutex_unlock(&phydev->lock);
2843 ++ } else {
2844 ++ data = NULL;
2845 ++ }
2846 +
2847 + ret = -EFAULT;
2848 + if (copy_to_user(useraddr, &stats, sizeof(stats)))
2849 + goto out;
2850 + useraddr += sizeof(stats);
2851 +- if (copy_to_user(useraddr, data, stats.n_stats * sizeof(u64)))
2852 ++ if (n_stats && copy_to_user(useraddr, data, n_stats * sizeof(u64)))
2853 + goto out;
2854 + ret = 0;
2855 +
2856 +diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
2857 +index 04fd04ccaa04..4509dec7bd1c 100644
2858 +--- a/net/core/net_namespace.c
2859 ++++ b/net/core/net_namespace.c
2860 +@@ -282,6 +282,7 @@ static __net_init int setup_net(struct net *net, struct user_namespace *user_ns)
2861 +
2862 + atomic_set(&net->count, 1);
2863 + atomic_set(&net->passive, 1);
2864 ++ get_random_bytes(&net->hash_mix, sizeof(u32));
2865 + net->dev_base_seq = 1;
2866 + net->user_ns = user_ns;
2867 + idr_init(&net->netns_ids);
2868 +diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
2869 +index bcadca26523b..ce0ce1401f28 100644
2870 +--- a/net/ipv4/ip_input.c
2871 ++++ b/net/ipv4/ip_input.c
2872 +@@ -259,11 +259,10 @@ int ip_local_deliver(struct sk_buff *skb)
2873 + ip_local_deliver_finish);
2874 + }
2875 +
2876 +-static inline bool ip_rcv_options(struct sk_buff *skb)
2877 ++static inline bool ip_rcv_options(struct sk_buff *skb, struct net_device *dev)
2878 + {
2879 + struct ip_options *opt;
2880 + const struct iphdr *iph;
2881 +- struct net_device *dev = skb->dev;
2882 +
2883 + /* It looks as overkill, because not all
2884 + IP options require packet mangling.
2885 +@@ -299,7 +298,7 @@ static inline bool ip_rcv_options(struct sk_buff *skb)
2886 + }
2887 + }
2888 +
2889 +- if (ip_options_rcv_srr(skb))
2890 ++ if (ip_options_rcv_srr(skb, dev))
2891 + goto drop;
2892 + }
2893 +
2894 +@@ -361,7 +360,7 @@ static int ip_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
2895 + }
2896 + #endif
2897 +
2898 +- if (iph->ihl > 5 && ip_rcv_options(skb))
2899 ++ if (iph->ihl > 5 && ip_rcv_options(skb, dev))
2900 + goto drop;
2901 +
2902 + rt = skb_rtable(skb);
2903 +diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
2904 +index 4cd3b5ad9cee..570cdb547234 100644
2905 +--- a/net/ipv4/ip_options.c
2906 ++++ b/net/ipv4/ip_options.c
2907 +@@ -614,7 +614,7 @@ void ip_forward_options(struct sk_buff *skb)
2908 + }
2909 + }
2910 +
2911 +-int ip_options_rcv_srr(struct sk_buff *skb)
2912 ++int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev)
2913 + {
2914 + struct ip_options *opt = &(IPCB(skb)->opt);
2915 + int srrspace, srrptr;
2916 +@@ -649,7 +649,7 @@ int ip_options_rcv_srr(struct sk_buff *skb)
2917 +
2918 + orefdst = skb->_skb_refdst;
2919 + skb_dst_set(skb, NULL);
2920 +- err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev);
2921 ++ err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, dev);
2922 + rt2 = skb_rtable(skb);
2923 + if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) {
2924 + skb_dst_drop(skb);
2925 +diff --git a/net/ipv4/tcp_dctcp.c b/net/ipv4/tcp_dctcp.c
2926 +index a08cedf9d286..910ef01759e7 100644
2927 +--- a/net/ipv4/tcp_dctcp.c
2928 ++++ b/net/ipv4/tcp_dctcp.c
2929 +@@ -66,11 +66,6 @@ static unsigned int dctcp_alpha_on_init __read_mostly = DCTCP_MAX_ALPHA;
2930 + module_param(dctcp_alpha_on_init, uint, 0644);
2931 + MODULE_PARM_DESC(dctcp_alpha_on_init, "parameter for initial alpha value");
2932 +
2933 +-static unsigned int dctcp_clamp_alpha_on_loss __read_mostly;
2934 +-module_param(dctcp_clamp_alpha_on_loss, uint, 0644);
2935 +-MODULE_PARM_DESC(dctcp_clamp_alpha_on_loss,
2936 +- "parameter for clamping alpha on loss");
2937 +-
2938 + static struct tcp_congestion_ops dctcp_reno;
2939 +
2940 + static void dctcp_reset(const struct tcp_sock *tp, struct dctcp *ca)
2941 +@@ -211,21 +206,23 @@ static void dctcp_update_alpha(struct sock *sk, u32 flags)
2942 + }
2943 + }
2944 +
2945 +-static void dctcp_state(struct sock *sk, u8 new_state)
2946 ++static void dctcp_react_to_loss(struct sock *sk)
2947 + {
2948 +- if (dctcp_clamp_alpha_on_loss && new_state == TCP_CA_Loss) {
2949 +- struct dctcp *ca = inet_csk_ca(sk);
2950 ++ struct dctcp *ca = inet_csk_ca(sk);
2951 ++ struct tcp_sock *tp = tcp_sk(sk);
2952 +
2953 +- /* If this extension is enabled, we clamp dctcp_alpha to
2954 +- * max on packet loss; the motivation is that dctcp_alpha
2955 +- * is an indicator to the extend of congestion and packet
2956 +- * loss is an indicator of extreme congestion; setting
2957 +- * this in practice turned out to be beneficial, and
2958 +- * effectively assumes total congestion which reduces the
2959 +- * window by half.
2960 +- */
2961 +- ca->dctcp_alpha = DCTCP_MAX_ALPHA;
2962 +- }
2963 ++ ca->loss_cwnd = tp->snd_cwnd;
2964 ++ tp->snd_ssthresh = max(tp->snd_cwnd >> 1U, 2U);
2965 ++}
2966 ++
2967 ++static void dctcp_state(struct sock *sk, u8 new_state)
2968 ++{
2969 ++ if (new_state == TCP_CA_Recovery &&
2970 ++ new_state != inet_csk(sk)->icsk_ca_state)
2971 ++ dctcp_react_to_loss(sk);
2972 ++ /* We handle RTO in dctcp_cwnd_event to ensure that we perform only
2973 ++ * one loss-adjustment per RTT.
2974 ++ */
2975 + }
2976 +
2977 + static void dctcp_cwnd_event(struct sock *sk, enum tcp_ca_event ev)
2978 +@@ -237,6 +234,9 @@ static void dctcp_cwnd_event(struct sock *sk, enum tcp_ca_event ev)
2979 + case CA_EVENT_ECN_NO_CE:
2980 + dctcp_ce_state_1_to_0(sk);
2981 + break;
2982 ++ case CA_EVENT_LOSS:
2983 ++ dctcp_react_to_loss(sk);
2984 ++ break;
2985 + default:
2986 + /* Don't care for the rest. */
2987 + break;
2988 +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
2989 +index b723987761be..11407dd6bc7c 100644
2990 +--- a/net/ipv6/ip6_output.c
2991 ++++ b/net/ipv6/ip6_output.c
2992 +@@ -592,7 +592,7 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
2993 + inet6_sk(skb->sk) : NULL;
2994 + struct ipv6hdr *tmp_hdr;
2995 + struct frag_hdr *fh;
2996 +- unsigned int mtu, hlen, left, len;
2997 ++ unsigned int mtu, hlen, left, len, nexthdr_offset;
2998 + int hroom, troom;
2999 + __be32 frag_id;
3000 + int ptr, offset = 0, err = 0;
3001 +@@ -603,6 +603,7 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
3002 + goto fail;
3003 + hlen = err;
3004 + nexthdr = *prevhdr;
3005 ++ nexthdr_offset = prevhdr - skb_network_header(skb);
3006 +
3007 + mtu = ip6_skb_dst_mtu(skb);
3008 +
3009 +@@ -637,6 +638,7 @@ int ip6_fragment(struct net *net, struct sock *sk, struct sk_buff *skb,
3010 + (err = skb_checksum_help(skb)))
3011 + goto fail;
3012 +
3013 ++ prevhdr = skb_network_header(skb) + nexthdr_offset;
3014 + hroom = LL_RESERVED_SPACE(rt->dst.dev);
3015 + if (skb_has_frag_list(skb)) {
3016 + int first_len = skb_pagelen(skb);
3017 +diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
3018 +index f89516d04150..42f363661d25 100644
3019 +--- a/net/ipv6/ip6_tunnel.c
3020 ++++ b/net/ipv6/ip6_tunnel.c
3021 +@@ -634,7 +634,7 @@ ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
3022 + IPPROTO_IPIP,
3023 + RT_TOS(eiph->tos), 0);
3024 + if (IS_ERR(rt) ||
3025 +- rt->dst.dev->type != ARPHRD_TUNNEL) {
3026 ++ rt->dst.dev->type != ARPHRD_TUNNEL6) {
3027 + if (!IS_ERR(rt))
3028 + ip_rt_put(rt);
3029 + goto out;
3030 +@@ -644,7 +644,7 @@ ip4ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
3031 + ip_rt_put(rt);
3032 + if (ip_route_input(skb2, eiph->daddr, eiph->saddr, eiph->tos,
3033 + skb2->dev) ||
3034 +- skb_dst(skb2)->dev->type != ARPHRD_TUNNEL)
3035 ++ skb_dst(skb2)->dev->type != ARPHRD_TUNNEL6)
3036 + goto out;
3037 + }
3038 +
3039 +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
3040 +index c9c6a5e829ab..be74eee0e8ff 100644
3041 +--- a/net/ipv6/sit.c
3042 ++++ b/net/ipv6/sit.c
3043 +@@ -661,6 +661,10 @@ static int ipip6_rcv(struct sk_buff *skb)
3044 + !net_eq(tunnel->net, dev_net(tunnel->dev))))
3045 + goto out;
3046 +
3047 ++ /* skb can be uncloned in iptunnel_pull_header, so
3048 ++ * old iph is no longer valid
3049 ++ */
3050 ++ iph = (const struct iphdr *)skb_mac_header(skb);
3051 + err = IP_ECN_decapsulate(iph, skb);
3052 + if (unlikely(err)) {
3053 + if (log_ecn_error)
3054 +diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
3055 +index 553d0ad4a2fa..2f3cd09ee0df 100644
3056 +--- a/net/kcm/kcmsock.c
3057 ++++ b/net/kcm/kcmsock.c
3058 +@@ -2058,14 +2058,14 @@ static int __init kcm_init(void)
3059 + if (err)
3060 + goto fail;
3061 +
3062 +- err = sock_register(&kcm_family_ops);
3063 +- if (err)
3064 +- goto sock_register_fail;
3065 +-
3066 + err = register_pernet_device(&kcm_net_ops);
3067 + if (err)
3068 + goto net_ops_fail;
3069 +
3070 ++ err = sock_register(&kcm_family_ops);
3071 ++ if (err)
3072 ++ goto sock_register_fail;
3073 ++
3074 + err = kcm_proc_init();
3075 + if (err)
3076 + goto proc_init_fail;
3077 +@@ -2073,12 +2073,12 @@ static int __init kcm_init(void)
3078 + return 0;
3079 +
3080 + proc_init_fail:
3081 +- unregister_pernet_device(&kcm_net_ops);
3082 +-
3083 +-net_ops_fail:
3084 + sock_unregister(PF_KCM);
3085 +
3086 + sock_register_fail:
3087 ++ unregister_pernet_device(&kcm_net_ops);
3088 ++
3089 ++net_ops_fail:
3090 + proto_unregister(&kcm_proto);
3091 +
3092 + fail:
3093 +@@ -2094,8 +2094,8 @@ fail:
3094 + static void __exit kcm_exit(void)
3095 + {
3096 + kcm_proc_exit();
3097 +- unregister_pernet_device(&kcm_net_ops);
3098 + sock_unregister(PF_KCM);
3099 ++ unregister_pernet_device(&kcm_net_ops);
3100 + proto_unregister(&kcm_proto);
3101 + destroy_workqueue(kcm_wq);
3102 +
3103 +diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
3104 +index 3bd4d5d0c346..50ea76180afa 100644
3105 +--- a/net/openvswitch/flow_netlink.c
3106 ++++ b/net/openvswitch/flow_netlink.c
3107 +@@ -1853,14 +1853,14 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa,
3108 +
3109 + struct sw_flow_actions *acts;
3110 + int new_acts_size;
3111 +- int req_size = NLA_ALIGN(attr_len);
3112 ++ size_t req_size = NLA_ALIGN(attr_len);
3113 + int next_offset = offsetof(struct sw_flow_actions, actions) +
3114 + (*sfa)->actions_len;
3115 +
3116 + if (req_size <= (ksize(*sfa) - next_offset))
3117 + goto out;
3118 +
3119 +- new_acts_size = ksize(*sfa) * 2;
3120 ++ new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2);
3121 +
3122 + if (new_acts_size > MAX_ACTIONS_BUFSIZE) {
3123 + if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) {
3124 +diff --git a/net/rds/tcp.c b/net/rds/tcp.c
3125 +index d36effbf7614..2daba5316caa 100644
3126 +--- a/net/rds/tcp.c
3127 ++++ b/net/rds/tcp.c
3128 +@@ -527,7 +527,7 @@ static void rds_tcp_kill_sock(struct net *net)
3129 + list_for_each_entry_safe(tc, _tc, &rds_tcp_conn_list, t_tcp_node) {
3130 + struct net *c_net = read_pnet(&tc->t_cpath->cp_conn->c_net);
3131 +
3132 +- if (net != c_net || !tc->t_sock)
3133 ++ if (net != c_net)
3134 + continue;
3135 + if (!list_has_conn(&tmp_list, tc->t_cpath->cp_conn)) {
3136 + list_move_tail(&tc->t_tcp_node, &tmp_list);
3137 +diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
3138 +index 8ea8217db960..d6af93a24aa0 100644
3139 +--- a/net/sctp/protocol.c
3140 ++++ b/net/sctp/protocol.c
3141 +@@ -600,6 +600,7 @@ out:
3142 + static int sctp_v4_addr_to_user(struct sctp_sock *sp, union sctp_addr *addr)
3143 + {
3144 + /* No address mapping for V4 sockets */
3145 ++ memset(addr->v4.sin_zero, 0, sizeof(addr->v4.sin_zero));
3146 + return sizeof(struct sockaddr_in);
3147 + }
3148 +
3149 +diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c
3150 +index 965473d4129c..09491b27092e 100644
3151 +--- a/sound/core/seq/seq_clientmgr.c
3152 ++++ b/sound/core/seq/seq_clientmgr.c
3153 +@@ -1249,7 +1249,7 @@ static int snd_seq_ioctl_set_client_info(struct snd_seq_client *client,
3154 +
3155 + /* fill the info fields */
3156 + if (client_info->name[0])
3157 +- strlcpy(client->name, client_info->name, sizeof(client->name));
3158 ++ strscpy(client->name, client_info->name, sizeof(client->name));
3159 +
3160 + client->filter = client_info->filter;
3161 + client->event_lost = client_info->event_lost;
3162 +@@ -1527,7 +1527,7 @@ static int snd_seq_ioctl_create_queue(struct snd_seq_client *client, void *arg)
3163 + /* set queue name */
3164 + if (!info->name[0])
3165 + snprintf(info->name, sizeof(info->name), "Queue-%d", q->queue);
3166 +- strlcpy(q->name, info->name, sizeof(q->name));
3167 ++ strscpy(q->name, info->name, sizeof(q->name));
3168 + snd_use_lock_free(&q->use_lock);
3169 +
3170 + return 0;
3171 +@@ -1589,7 +1589,7 @@ static int snd_seq_ioctl_set_queue_info(struct snd_seq_client *client,
3172 + queuefree(q);
3173 + return -EPERM;
3174 + }
3175 +- strlcpy(q->name, info->name, sizeof(q->name));
3176 ++ strscpy(q->name, info->name, sizeof(q->name));
3177 + queuefree(q);
3178 +
3179 + return 0;
3180 +diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c
3181 +index 23ab0d169c11..fa64cc2b1729 100644
3182 +--- a/sound/soc/fsl/fsl_esai.c
3183 ++++ b/sound/soc/fsl/fsl_esai.c
3184 +@@ -59,6 +59,8 @@ struct fsl_esai {
3185 + u32 fifo_depth;
3186 + u32 slot_width;
3187 + u32 slots;
3188 ++ u32 tx_mask;
3189 ++ u32 rx_mask;
3190 + u32 hck_rate[2];
3191 + u32 sck_rate[2];
3192 + bool hck_dir[2];
3193 +@@ -359,21 +361,13 @@ static int fsl_esai_set_dai_tdm_slot(struct snd_soc_dai *dai, u32 tx_mask,
3194 + regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR,
3195 + ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(slots));
3196 +
3197 +- regmap_update_bits(esai_priv->regmap, REG_ESAI_TSMA,
3198 +- ESAI_xSMA_xS_MASK, ESAI_xSMA_xS(tx_mask));
3199 +- regmap_update_bits(esai_priv->regmap, REG_ESAI_TSMB,
3200 +- ESAI_xSMB_xS_MASK, ESAI_xSMB_xS(tx_mask));
3201 +-
3202 + regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR,
3203 + ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(slots));
3204 +
3205 +- regmap_update_bits(esai_priv->regmap, REG_ESAI_RSMA,
3206 +- ESAI_xSMA_xS_MASK, ESAI_xSMA_xS(rx_mask));
3207 +- regmap_update_bits(esai_priv->regmap, REG_ESAI_RSMB,
3208 +- ESAI_xSMB_xS_MASK, ESAI_xSMB_xS(rx_mask));
3209 +-
3210 + esai_priv->slot_width = slot_width;
3211 + esai_priv->slots = slots;
3212 ++ esai_priv->tx_mask = tx_mask;
3213 ++ esai_priv->rx_mask = rx_mask;
3214 +
3215 + return 0;
3216 + }
3217 +@@ -594,6 +588,7 @@ static int fsl_esai_trigger(struct snd_pcm_substream *substream, int cmd,
3218 + bool tx = substream->stream == SNDRV_PCM_STREAM_PLAYBACK;
3219 + u8 i, channels = substream->runtime->channels;
3220 + u32 pins = DIV_ROUND_UP(channels, esai_priv->slots);
3221 ++ u32 mask;
3222 +
3223 + switch (cmd) {
3224 + case SNDRV_PCM_TRIGGER_START:
3225 +@@ -606,15 +601,38 @@ static int fsl_esai_trigger(struct snd_pcm_substream *substream, int cmd,
3226 + for (i = 0; tx && i < channels; i++)
3227 + regmap_write(esai_priv->regmap, REG_ESAI_ETDR, 0x0);
3228 +
3229 ++ /*
3230 ++ * When set the TE/RE in the end of enablement flow, there
3231 ++ * will be channel swap issue for multi data line case.
3232 ++ * In order to workaround this issue, we switch the bit
3233 ++ * enablement sequence to below sequence
3234 ++ * 1) clear the xSMB & xSMA: which is done in probe and
3235 ++ * stop state.
3236 ++ * 2) set TE/RE
3237 ++ * 3) set xSMB
3238 ++ * 4) set xSMA: xSMA is the last one in this flow, which
3239 ++ * will trigger esai to start.
3240 ++ */
3241 + regmap_update_bits(esai_priv->regmap, REG_ESAI_xCR(tx),
3242 + tx ? ESAI_xCR_TE_MASK : ESAI_xCR_RE_MASK,
3243 + tx ? ESAI_xCR_TE(pins) : ESAI_xCR_RE(pins));
3244 ++ mask = tx ? esai_priv->tx_mask : esai_priv->rx_mask;
3245 ++
3246 ++ regmap_update_bits(esai_priv->regmap, REG_ESAI_xSMB(tx),
3247 ++ ESAI_xSMB_xS_MASK, ESAI_xSMB_xS(mask));
3248 ++ regmap_update_bits(esai_priv->regmap, REG_ESAI_xSMA(tx),
3249 ++ ESAI_xSMA_xS_MASK, ESAI_xSMA_xS(mask));
3250 ++
3251 + break;
3252 + case SNDRV_PCM_TRIGGER_SUSPEND:
3253 + case SNDRV_PCM_TRIGGER_STOP:
3254 + case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
3255 + regmap_update_bits(esai_priv->regmap, REG_ESAI_xCR(tx),
3256 + tx ? ESAI_xCR_TE_MASK : ESAI_xCR_RE_MASK, 0);
3257 ++ regmap_update_bits(esai_priv->regmap, REG_ESAI_xSMA(tx),
3258 ++ ESAI_xSMA_xS_MASK, 0);
3259 ++ regmap_update_bits(esai_priv->regmap, REG_ESAI_xSMB(tx),
3260 ++ ESAI_xSMB_xS_MASK, 0);
3261 +
3262 + /* Disable and reset FIFO */
3263 + regmap_update_bits(esai_priv->regmap, REG_ESAI_xFCR(tx),
3264 +@@ -904,6 +922,15 @@ static int fsl_esai_probe(struct platform_device *pdev)
3265 + return ret;
3266 + }
3267 +
3268 ++ esai_priv->tx_mask = 0xFFFFFFFF;
3269 ++ esai_priv->rx_mask = 0xFFFFFFFF;
3270 ++
3271 ++ /* Clear the TSMA, TSMB, RSMA, RSMB */
3272 ++ regmap_write(esai_priv->regmap, REG_ESAI_TSMA, 0);
3273 ++ regmap_write(esai_priv->regmap, REG_ESAI_TSMB, 0);
3274 ++ regmap_write(esai_priv->regmap, REG_ESAI_RSMA, 0);
3275 ++ regmap_write(esai_priv->regmap, REG_ESAI_RSMB, 0);
3276 ++
3277 + ret = devm_snd_soc_register_component(&pdev->dev, &fsl_esai_component,
3278 + &fsl_esai_dai, 1);
3279 + if (ret) {
Report Message
Find on MARC Find on Google Groups