Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Alice Ferrazzi <alicef@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:5.4 commit in: /
Date: Wed, 13 Oct 2021 14:55:35
Message-Id: 1634136911.81a34615b341a71c5e2b00d1a595366dbfeb102a.alicef@gentoo
1 commit: 81a34615b341a71c5e2b00d1a595366dbfeb102a
2 Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org>
3 AuthorDate: Wed Oct 13 14:54:56 2021 +0000
4 Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org>
5 CommitDate: Wed Oct 13 14:55:11 2021 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=81a34615
7
8 Linux patch 5.4.153
9
10 Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org>
11
12 0000_README | 4 +
13 1152_linux-5.4.153.patch | 3064 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 3068 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index d41d541..01db703 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -651,6 +651,10 @@ Patch: 1151_linux-5.4.152.patch
21 From: http://www.kernel.org
22 Desc: Linux 5.4.152
23
24 +Patch: 1152_linux-5.4.153.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 5.4.153
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1152_linux-5.4.153.patch b/1152_linux-5.4.153.patch
33 new file mode 100644
34 index 0000000..bd62172
35 --- /dev/null
36 +++ b/1152_linux-5.4.153.patch
37 @@ -0,0 +1,3064 @@
38 +diff --git a/Makefile b/Makefile
39 +index ffcdc36c56f54..df9b1d07ca097 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,7 +1,7 @@
43 + # SPDX-License-Identifier: GPL-2.0
44 + VERSION = 5
45 + PATCHLEVEL = 4
46 +-SUBLEVEL = 152
47 ++SUBLEVEL = 153
48 + EXTRAVERSION =
49 + NAME = Kleptomaniac Octopus
50 +
51 +diff --git a/arch/arm/boot/dts/imx53-m53menlo.dts b/arch/arm/boot/dts/imx53-m53menlo.dts
52 +index 64faf5b46d92f..03c43c1912a7e 100644
53 +--- a/arch/arm/boot/dts/imx53-m53menlo.dts
54 ++++ b/arch/arm/boot/dts/imx53-m53menlo.dts
55 +@@ -56,6 +56,7 @@
56 + panel {
57 + compatible = "edt,etm0700g0dh6";
58 + pinctrl-0 = <&pinctrl_display_gpio>;
59 ++ pinctrl-names = "default";
60 + enable-gpios = <&gpio6 0 GPIO_ACTIVE_HIGH>;
61 +
62 + port {
63 +@@ -76,8 +77,7 @@
64 + regulator-name = "vbus";
65 + regulator-min-microvolt = <5000000>;
66 + regulator-max-microvolt = <5000000>;
67 +- gpio = <&gpio1 2 GPIO_ACTIVE_HIGH>;
68 +- enable-active-high;
69 ++ gpio = <&gpio1 2 0>;
70 + };
71 + };
72 +
73 +diff --git a/arch/arm/boot/dts/omap3430-sdp.dts b/arch/arm/boot/dts/omap3430-sdp.dts
74 +index 0abd61108a539..ec16979825378 100644
75 +--- a/arch/arm/boot/dts/omap3430-sdp.dts
76 ++++ b/arch/arm/boot/dts/omap3430-sdp.dts
77 +@@ -101,7 +101,7 @@
78 +
79 + nand@1,0 {
80 + compatible = "ti,omap2-nand";
81 +- reg = <0 0 4>; /* CS0, offset 0, IO size 4 */
82 ++ reg = <1 0 4>; /* CS1, offset 0, IO size 4 */
83 + interrupt-parent = <&gpmc>;
84 + interrupts = <0 IRQ_TYPE_NONE>, /* fifoevent */
85 + <1 IRQ_TYPE_NONE>; /* termcount */
86 +diff --git a/arch/arm/boot/dts/qcom-apq8064.dtsi b/arch/arm/boot/dts/qcom-apq8064.dtsi
87 +index 2b075e287610f..764984c95c686 100644
88 +--- a/arch/arm/boot/dts/qcom-apq8064.dtsi
89 ++++ b/arch/arm/boot/dts/qcom-apq8064.dtsi
90 +@@ -198,7 +198,7 @@
91 + clock-frequency = <19200000>;
92 + };
93 +
94 +- pxo_board {
95 ++ pxo_board: pxo_board {
96 + compatible = "fixed-clock";
97 + #clock-cells = <0>;
98 + clock-frequency = <27000000>;
99 +@@ -1147,7 +1147,7 @@
100 + };
101 +
102 + gpu: adreno-3xx@4300000 {
103 +- compatible = "qcom,adreno-3xx";
104 ++ compatible = "qcom,adreno-320.2", "qcom,adreno";
105 + reg = <0x04300000 0x20000>;
106 + reg-names = "kgsl_3d0_reg_memory";
107 + interrupts = <GIC_SPI 80 IRQ_TYPE_LEVEL_HIGH>;
108 +@@ -1162,7 +1162,6 @@
109 + <&mmcc GFX3D_AHB_CLK>,
110 + <&mmcc GFX3D_AXI_CLK>,
111 + <&mmcc MMSS_IMEM_AHB_CLK>;
112 +- qcom,chipid = <0x03020002>;
113 +
114 + iommus = <&gfx3d 0
115 + &gfx3d 1
116 +@@ -1305,7 +1304,7 @@
117 + reg-names = "dsi_pll", "dsi_phy", "dsi_phy_regulator";
118 + clock-names = "iface_clk", "ref";
119 + clocks = <&mmcc DSI_M_AHB_CLK>,
120 +- <&cxo_board>;
121 ++ <&pxo_board>;
122 + };
123 +
124 +
125 +diff --git a/arch/arm/mach-imx/pm-imx6.c b/arch/arm/mach-imx/pm-imx6.c
126 +index baf3b47601af0..1b73e4e76310c 100644
127 +--- a/arch/arm/mach-imx/pm-imx6.c
128 ++++ b/arch/arm/mach-imx/pm-imx6.c
129 +@@ -9,6 +9,7 @@
130 + #include <linux/io.h>
131 + #include <linux/irq.h>
132 + #include <linux/genalloc.h>
133 ++#include <linux/irqchip/arm-gic.h>
134 + #include <linux/mfd/syscon.h>
135 + #include <linux/mfd/syscon/imx6q-iomuxc-gpr.h>
136 + #include <linux/of.h>
137 +@@ -618,6 +619,7 @@ static void __init imx6_pm_common_init(const struct imx6_pm_socdata
138 +
139 + static void imx6_pm_stby_poweroff(void)
140 + {
141 ++ gic_cpu_if_down(0);
142 + imx6_set_lpm(STOP_POWER_OFF);
143 + imx6q_suspend_finish(0);
144 +
145 +diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
146 +index eb74aa1826614..6289b288d60a6 100644
147 +--- a/arch/arm/mach-omap2/omap_hwmod.c
148 ++++ b/arch/arm/mach-omap2/omap_hwmod.c
149 +@@ -3656,6 +3656,8 @@ int omap_hwmod_init_module(struct device *dev,
150 + oh->flags |= HWMOD_SWSUP_SIDLE_ACT;
151 + if (data->cfg->quirks & SYSC_QUIRK_SWSUP_MSTANDBY)
152 + oh->flags |= HWMOD_SWSUP_MSTANDBY;
153 ++ if (data->cfg->quirks & SYSC_QUIRK_CLKDM_NOAUTO)
154 ++ oh->flags |= HWMOD_CLKDM_NOAUTO;
155 +
156 + error = omap_hwmod_check_module(dev, oh, data, sysc_fields,
157 + rev_offs, sysc_offs, syss_offs,
158 +diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c
159 +index b51a8c7b01114..1c6e57f1dbc48 100644
160 +--- a/arch/arm/net/bpf_jit_32.c
161 ++++ b/arch/arm/net/bpf_jit_32.c
162 +@@ -36,6 +36,10 @@
163 + * +-----+
164 + * |RSVD | JIT scratchpad
165 + * current ARM_SP => +-----+ <= (BPF_FP - STACK_SIZE + SCRATCH_SIZE)
166 ++ * | ... | caller-saved registers
167 ++ * +-----+
168 ++ * | ... | arguments passed on stack
169 ++ * ARM_SP during call => +-----|
170 + * | |
171 + * | ... | Function call stack
172 + * | |
173 +@@ -63,6 +67,12 @@
174 + *
175 + * When popping registers off the stack at the end of a BPF function, we
176 + * reference them via the current ARM_FP register.
177 ++ *
178 ++ * Some eBPF operations are implemented via a call to a helper function.
179 ++ * Such calls are "invisible" in the eBPF code, so it is up to the calling
180 ++ * program to preserve any caller-saved ARM registers during the call. The
181 ++ * JIT emits code to push and pop those registers onto the stack, immediately
182 ++ * above the callee stack frame.
183 + */
184 + #define CALLEE_MASK (1 << ARM_R4 | 1 << ARM_R5 | 1 << ARM_R6 | \
185 + 1 << ARM_R7 | 1 << ARM_R8 | 1 << ARM_R9 | \
186 +@@ -70,6 +80,8 @@
187 + #define CALLEE_PUSH_MASK (CALLEE_MASK | 1 << ARM_LR)
188 + #define CALLEE_POP_MASK (CALLEE_MASK | 1 << ARM_PC)
189 +
190 ++#define CALLER_MASK (1 << ARM_R0 | 1 << ARM_R1 | 1 << ARM_R2 | 1 << ARM_R3)
191 ++
192 + enum {
193 + /* Stack layout - these are offsets from (top of stack - 4) */
194 + BPF_R2_HI,
195 +@@ -464,6 +476,7 @@ static inline int epilogue_offset(const struct jit_ctx *ctx)
196 +
197 + static inline void emit_udivmod(u8 rd, u8 rm, u8 rn, struct jit_ctx *ctx, u8 op)
198 + {
199 ++ const int exclude_mask = BIT(ARM_R0) | BIT(ARM_R1);
200 + const s8 *tmp = bpf2a32[TMP_REG_1];
201 +
202 + #if __LINUX_ARM_ARCH__ == 7
203 +@@ -495,11 +508,17 @@ static inline void emit_udivmod(u8 rd, u8 rm, u8 rn, struct jit_ctx *ctx, u8 op)
204 + emit(ARM_MOV_R(ARM_R0, rm), ctx);
205 + }
206 +
207 ++ /* Push caller-saved registers on stack */
208 ++ emit(ARM_PUSH(CALLER_MASK & ~exclude_mask), ctx);
209 ++
210 + /* Call appropriate function */
211 + emit_mov_i(ARM_IP, op == BPF_DIV ?
212 + (u32)jit_udiv32 : (u32)jit_mod32, ctx);
213 + emit_blx_r(ARM_IP, ctx);
214 +
215 ++ /* Restore caller-saved registers from stack */
216 ++ emit(ARM_POP(CALLER_MASK & ~exclude_mask), ctx);
217 ++
218 + /* Save return value */
219 + if (rd != ARM_R0)
220 + emit(ARM_MOV_R(rd, ARM_R0), ctx);
221 +diff --git a/arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi b/arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi
222 +index 5716ac20bddd1..02ae6bfff5658 100644
223 +--- a/arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi
224 ++++ b/arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi
225 +@@ -287,6 +287,24 @@
226 + status = "disabled";
227 + };
228 +
229 ++ can0: can@2180000 {
230 ++ compatible = "fsl,ls1028ar1-flexcan", "fsl,lx2160ar1-flexcan";
231 ++ reg = <0x0 0x2180000 0x0 0x10000>;
232 ++ interrupts = <GIC_SPI 21 IRQ_TYPE_LEVEL_HIGH>;
233 ++ clocks = <&sysclk>, <&clockgen 4 1>;
234 ++ clock-names = "ipg", "per";
235 ++ status = "disabled";
236 ++ };
237 ++
238 ++ can1: can@2190000 {
239 ++ compatible = "fsl,ls1028ar1-flexcan", "fsl,lx2160ar1-flexcan";
240 ++ reg = <0x0 0x2190000 0x0 0x10000>;
241 ++ interrupts = <GIC_SPI 22 IRQ_TYPE_LEVEL_HIGH>;
242 ++ clocks = <&sysclk>, <&clockgen 4 1>;
243 ++ clock-names = "ipg", "per";
244 ++ status = "disabled";
245 ++ };
246 ++
247 + duart0: serial@21c0500 {
248 + compatible = "fsl,ns16550", "ns16550a";
249 + reg = <0x00 0x21c0500 0x0 0x100>;
250 +@@ -496,14 +514,14 @@
251 + compatible = "arm,sp805", "arm,primecell";
252 + reg = <0x0 0xc000000 0x0 0x1000>;
253 + clocks = <&clockgen 4 15>, <&clockgen 4 15>;
254 +- clock-names = "apb_pclk", "wdog_clk";
255 ++ clock-names = "wdog_clk", "apb_pclk";
256 + };
257 +
258 + cluster1_core1_watchdog: watchdog@c010000 {
259 + compatible = "arm,sp805", "arm,primecell";
260 + reg = <0x0 0xc010000 0x0 0x1000>;
261 + clocks = <&clockgen 4 15>, <&clockgen 4 15>;
262 +- clock-names = "apb_pclk", "wdog_clk";
263 ++ clock-names = "wdog_clk", "apb_pclk";
264 + };
265 +
266 + sai1: audio-controller@f100000 {
267 +diff --git a/arch/arm64/boot/dts/freescale/fsl-ls1088a.dtsi b/arch/arm64/boot/dts/freescale/fsl-ls1088a.dtsi
268 +index c676d0771762f..407ebdb35cd2e 100644
269 +--- a/arch/arm64/boot/dts/freescale/fsl-ls1088a.dtsi
270 ++++ b/arch/arm64/boot/dts/freescale/fsl-ls1088a.dtsi
271 +@@ -640,56 +640,56 @@
272 + compatible = "arm,sp805-wdt", "arm,primecell";
273 + reg = <0x0 0xc000000 0x0 0x1000>;
274 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
275 +- clock-names = "apb_pclk", "wdog_clk";
276 ++ clock-names = "wdog_clk", "apb_pclk";
277 + };
278 +
279 + cluster1_core1_watchdog: wdt@c010000 {
280 + compatible = "arm,sp805-wdt", "arm,primecell";
281 + reg = <0x0 0xc010000 0x0 0x1000>;
282 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
283 +- clock-names = "apb_pclk", "wdog_clk";
284 ++ clock-names = "wdog_clk", "apb_pclk";
285 + };
286 +
287 + cluster1_core2_watchdog: wdt@c020000 {
288 + compatible = "arm,sp805-wdt", "arm,primecell";
289 + reg = <0x0 0xc020000 0x0 0x1000>;
290 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
291 +- clock-names = "apb_pclk", "wdog_clk";
292 ++ clock-names = "wdog_clk", "apb_pclk";
293 + };
294 +
295 + cluster1_core3_watchdog: wdt@c030000 {
296 + compatible = "arm,sp805-wdt", "arm,primecell";
297 + reg = <0x0 0xc030000 0x0 0x1000>;
298 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
299 +- clock-names = "apb_pclk", "wdog_clk";
300 ++ clock-names = "wdog_clk", "apb_pclk";
301 + };
302 +
303 + cluster2_core0_watchdog: wdt@c100000 {
304 + compatible = "arm,sp805-wdt", "arm,primecell";
305 + reg = <0x0 0xc100000 0x0 0x1000>;
306 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
307 +- clock-names = "apb_pclk", "wdog_clk";
308 ++ clock-names = "wdog_clk", "apb_pclk";
309 + };
310 +
311 + cluster2_core1_watchdog: wdt@c110000 {
312 + compatible = "arm,sp805-wdt", "arm,primecell";
313 + reg = <0x0 0xc110000 0x0 0x1000>;
314 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
315 +- clock-names = "apb_pclk", "wdog_clk";
316 ++ clock-names = "wdog_clk", "apb_pclk";
317 + };
318 +
319 + cluster2_core2_watchdog: wdt@c120000 {
320 + compatible = "arm,sp805-wdt", "arm,primecell";
321 + reg = <0x0 0xc120000 0x0 0x1000>;
322 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
323 +- clock-names = "apb_pclk", "wdog_clk";
324 ++ clock-names = "wdog_clk", "apb_pclk";
325 + };
326 +
327 + cluster2_core3_watchdog: wdt@c130000 {
328 + compatible = "arm,sp805-wdt", "arm,primecell";
329 + reg = <0x0 0xc130000 0x0 0x1000>;
330 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
331 +- clock-names = "apb_pclk", "wdog_clk";
332 ++ clock-names = "wdog_clk", "apb_pclk";
333 + };
334 +
335 + fsl_mc: fsl-mc@80c000000 {
336 +diff --git a/arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi b/arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi
337 +index cdb2fa47637da..82f0fe6acbfb7 100644
338 +--- a/arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi
339 ++++ b/arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi
340 +@@ -230,56 +230,56 @@
341 + compatible = "arm,sp805-wdt", "arm,primecell";
342 + reg = <0x0 0xc000000 0x0 0x1000>;
343 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
344 +- clock-names = "apb_pclk", "wdog_clk";
345 ++ clock-names = "wdog_clk", "apb_pclk";
346 + };
347 +
348 + cluster1_core1_watchdog: wdt@c010000 {
349 + compatible = "arm,sp805-wdt", "arm,primecell";
350 + reg = <0x0 0xc010000 0x0 0x1000>;
351 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
352 +- clock-names = "apb_pclk", "wdog_clk";
353 ++ clock-names = "wdog_clk", "apb_pclk";
354 + };
355 +
356 + cluster2_core0_watchdog: wdt@c100000 {
357 + compatible = "arm,sp805-wdt", "arm,primecell";
358 + reg = <0x0 0xc100000 0x0 0x1000>;
359 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
360 +- clock-names = "apb_pclk", "wdog_clk";
361 ++ clock-names = "wdog_clk", "apb_pclk";
362 + };
363 +
364 + cluster2_core1_watchdog: wdt@c110000 {
365 + compatible = "arm,sp805-wdt", "arm,primecell";
366 + reg = <0x0 0xc110000 0x0 0x1000>;
367 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
368 +- clock-names = "apb_pclk", "wdog_clk";
369 ++ clock-names = "wdog_clk", "apb_pclk";
370 + };
371 +
372 + cluster3_core0_watchdog: wdt@c200000 {
373 + compatible = "arm,sp805-wdt", "arm,primecell";
374 + reg = <0x0 0xc200000 0x0 0x1000>;
375 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
376 +- clock-names = "apb_pclk", "wdog_clk";
377 ++ clock-names = "wdog_clk", "apb_pclk";
378 + };
379 +
380 + cluster3_core1_watchdog: wdt@c210000 {
381 + compatible = "arm,sp805-wdt", "arm,primecell";
382 + reg = <0x0 0xc210000 0x0 0x1000>;
383 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
384 +- clock-names = "apb_pclk", "wdog_clk";
385 ++ clock-names = "wdog_clk", "apb_pclk";
386 + };
387 +
388 + cluster4_core0_watchdog: wdt@c300000 {
389 + compatible = "arm,sp805-wdt", "arm,primecell";
390 + reg = <0x0 0xc300000 0x0 0x1000>;
391 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
392 +- clock-names = "apb_pclk", "wdog_clk";
393 ++ clock-names = "wdog_clk", "apb_pclk";
394 + };
395 +
396 + cluster4_core1_watchdog: wdt@c310000 {
397 + compatible = "arm,sp805-wdt", "arm,primecell";
398 + reg = <0x0 0xc310000 0x0 0x1000>;
399 + clocks = <&clockgen 4 3>, <&clockgen 4 3>;
400 +- clock-names = "apb_pclk", "wdog_clk";
401 ++ clock-names = "wdog_clk", "apb_pclk";
402 + };
403 +
404 + crypto: crypto@8000000 {
405 +diff --git a/arch/arm64/boot/dts/qcom/pm8150.dtsi b/arch/arm64/boot/dts/qcom/pm8150.dtsi
406 +index c0b197458665d..6f7dfcb8c0421 100644
407 +--- a/arch/arm64/boot/dts/qcom/pm8150.dtsi
408 ++++ b/arch/arm64/boot/dts/qcom/pm8150.dtsi
409 +@@ -17,7 +17,7 @@
410 + #size-cells = <0>;
411 +
412 + pon: power-on@800 {
413 +- compatible = "qcom,pm8916-pon";
414 ++ compatible = "qcom,pm8998-pon";
415 + reg = <0x0800>;
416 + pwrkey {
417 + compatible = "qcom,pm8941-pwrkey";
418 +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
419 +index 6ecdc690f7336..2bfef67d52c63 100644
420 +--- a/arch/mips/Kconfig
421 ++++ b/arch/mips/Kconfig
422 +@@ -46,6 +46,7 @@ config MIPS
423 + select HAVE_ARCH_TRACEHOOK
424 + select HAVE_ARCH_TRANSPARENT_HUGEPAGE if CPU_SUPPORTS_HUGEPAGES
425 + select HAVE_ASM_MODVERSIONS
426 ++ select HAVE_CBPF_JIT if !64BIT && !CPU_MICROMIPS
427 + select HAVE_EBPF_JIT if 64BIT && !CPU_MICROMIPS && TARGET_ISA_REV >= 2
428 + select HAVE_CONTEXT_TRACKING
429 + select HAVE_COPY_THREAD_TLS
430 +diff --git a/arch/mips/net/Makefile b/arch/mips/net/Makefile
431 +index 2d03af7d6b19d..d55912349039c 100644
432 +--- a/arch/mips/net/Makefile
433 ++++ b/arch/mips/net/Makefile
434 +@@ -1,4 +1,5 @@
435 + # SPDX-License-Identifier: GPL-2.0-only
436 + # MIPS networking code
437 +
438 ++obj-$(CONFIG_MIPS_CBPF_JIT) += bpf_jit.o bpf_jit_asm.o
439 + obj-$(CONFIG_MIPS_EBPF_JIT) += ebpf_jit.o
440 +diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c
441 +new file mode 100644
442 +index 0000000000000..29a288ff4f183
443 +--- /dev/null
444 ++++ b/arch/mips/net/bpf_jit.c
445 +@@ -0,0 +1,1299 @@
446 ++/*
447 ++ * Just-In-Time compiler for BPF filters on MIPS
448 ++ *
449 ++ * Copyright (c) 2014 Imagination Technologies Ltd.
450 ++ * Author: Markos Chandras <markos.chandras@××××××.com>
451 ++ *
452 ++ * This program is free software; you can redistribute it and/or modify it
453 ++ * under the terms of the GNU General Public License as published by the
454 ++ * Free Software Foundation; version 2 of the License.
455 ++ */
456 ++
457 ++#include <linux/bitops.h>
458 ++#include <linux/compiler.h>
459 ++#include <linux/errno.h>
460 ++#include <linux/filter.h>
461 ++#include <linux/if_vlan.h>
462 ++#include <linux/moduleloader.h>
463 ++#include <linux/netdevice.h>
464 ++#include <linux/string.h>
465 ++#include <linux/slab.h>
466 ++#include <linux/types.h>
467 ++#include <asm/asm.h>
468 ++#include <asm/bitops.h>
469 ++#include <asm/cacheflush.h>
470 ++#include <asm/cpu-features.h>
471 ++#include <asm/uasm.h>
472 ++
473 ++#include "bpf_jit.h"
474 ++
475 ++/* ABI
476 ++ * r_skb_hl SKB header length
477 ++ * r_data SKB data pointer
478 ++ * r_off Offset
479 ++ * r_A BPF register A
480 ++ * r_X BPF register X
481 ++ * r_skb *skb
482 ++ * r_M *scratch memory
483 ++ * r_skb_len SKB length
484 ++ *
485 ++ * On entry (*bpf_func)(*skb, *filter)
486 ++ * a0 = MIPS_R_A0 = skb;
487 ++ * a1 = MIPS_R_A1 = filter;
488 ++ *
489 ++ * Stack
490 ++ * ...
491 ++ * M[15]
492 ++ * M[14]
493 ++ * M[13]
494 ++ * ...
495 ++ * M[0] <-- r_M
496 ++ * saved reg k-1
497 ++ * saved reg k-2
498 ++ * ...
499 ++ * saved reg 0 <-- r_sp
500 ++ * <no argument area>
501 ++ *
502 ++ * Packet layout
503 ++ *
504 ++ * <--------------------- len ------------------------>
505 ++ * <--skb-len(r_skb_hl)-->< ----- skb->data_len ------>
506 ++ * ----------------------------------------------------
507 ++ * | skb->data |
508 ++ * ----------------------------------------------------
509 ++ */
510 ++
511 ++#define ptr typeof(unsigned long)
512 ++
513 ++#define SCRATCH_OFF(k) (4 * (k))
514 ++
515 ++/* JIT flags */
516 ++#define SEEN_CALL (1 << BPF_MEMWORDS)
517 ++#define SEEN_SREG_SFT (BPF_MEMWORDS + 1)
518 ++#define SEEN_SREG_BASE (1 << SEEN_SREG_SFT)
519 ++#define SEEN_SREG(x) (SEEN_SREG_BASE << (x))
520 ++#define SEEN_OFF SEEN_SREG(2)
521 ++#define SEEN_A SEEN_SREG(3)
522 ++#define SEEN_X SEEN_SREG(4)
523 ++#define SEEN_SKB SEEN_SREG(5)
524 ++#define SEEN_MEM SEEN_SREG(6)
525 ++/* SEEN_SK_DATA also implies skb_hl an skb_len */
526 ++#define SEEN_SKB_DATA (SEEN_SREG(7) | SEEN_SREG(1) | SEEN_SREG(0))
527 ++
528 ++/* Arguments used by JIT */
529 ++#define ARGS_USED_BY_JIT 2 /* only applicable to 64-bit */
530 ++
531 ++#define SBIT(x) (1 << (x)) /* Signed version of BIT() */
532 ++
533 ++/**
534 ++ * struct jit_ctx - JIT context
535 ++ * @skf: The sk_filter
536 ++ * @prologue_bytes: Number of bytes for prologue
537 ++ * @idx: Instruction index
538 ++ * @flags: JIT flags
539 ++ * @offsets: Instruction offsets
540 ++ * @target: Memory location for the compiled filter
541 ++ */
542 ++struct jit_ctx {
543 ++ const struct bpf_prog *skf;
544 ++ unsigned int prologue_bytes;
545 ++ u32 idx;
546 ++ u32 flags;
547 ++ u32 *offsets;
548 ++ u32 *target;
549 ++};
550 ++
551 ++
552 ++static inline int optimize_div(u32 *k)
553 ++{
554 ++ /* power of 2 divides can be implemented with right shift */
555 ++ if (!(*k & (*k-1))) {
556 ++ *k = ilog2(*k);
557 ++ return 1;
558 ++ }
559 ++
560 ++ return 0;
561 ++}
562 ++
563 ++static inline void emit_jit_reg_move(ptr dst, ptr src, struct jit_ctx *ctx);
564 ++
565 ++/* Simply emit the instruction if the JIT memory space has been allocated */
566 ++#define emit_instr(ctx, func, ...) \
567 ++do { \
568 ++ if ((ctx)->target != NULL) { \
569 ++ u32 *p = &(ctx)->target[ctx->idx]; \
570 ++ uasm_i_##func(&p, ##__VA_ARGS__); \
571 ++ } \
572 ++ (ctx)->idx++; \
573 ++} while (0)
574 ++
575 ++/*
576 ++ * Similar to emit_instr but it must be used when we need to emit
577 ++ * 32-bit or 64-bit instructions
578 ++ */
579 ++#define emit_long_instr(ctx, func, ...) \
580 ++do { \
581 ++ if ((ctx)->target != NULL) { \
582 ++ u32 *p = &(ctx)->target[ctx->idx]; \
583 ++ UASM_i_##func(&p, ##__VA_ARGS__); \
584 ++ } \
585 ++ (ctx)->idx++; \
586 ++} while (0)
587 ++
588 ++/* Determine if immediate is within the 16-bit signed range */
589 ++static inline bool is_range16(s32 imm)
590 ++{
591 ++ return !(imm >= SBIT(15) || imm < -SBIT(15));
592 ++}
593 ++
594 ++static inline void emit_addu(unsigned int dst, unsigned int src1,
595 ++ unsigned int src2, struct jit_ctx *ctx)
596 ++{
597 ++ emit_instr(ctx, addu, dst, src1, src2);
598 ++}
599 ++
600 ++static inline void emit_nop(struct jit_ctx *ctx)
601 ++{
602 ++ emit_instr(ctx, nop);
603 ++}
604 ++
605 ++/* Load a u32 immediate to a register */
606 ++static inline void emit_load_imm(unsigned int dst, u32 imm, struct jit_ctx *ctx)
607 ++{
608 ++ if (ctx->target != NULL) {
609 ++ /* addiu can only handle s16 */
610 ++ if (!is_range16(imm)) {
611 ++ u32 *p = &ctx->target[ctx->idx];
612 ++ uasm_i_lui(&p, r_tmp_imm, (s32)imm >> 16);
613 ++ p = &ctx->target[ctx->idx + 1];
614 ++ uasm_i_ori(&p, dst, r_tmp_imm, imm & 0xffff);
615 ++ } else {
616 ++ u32 *p = &ctx->target[ctx->idx];
617 ++ uasm_i_addiu(&p, dst, r_zero, imm);
618 ++ }
619 ++ }
620 ++ ctx->idx++;
621 ++
622 ++ if (!is_range16(imm))
623 ++ ctx->idx++;
624 ++}
625 ++
626 ++static inline void emit_or(unsigned int dst, unsigned int src1,
627 ++ unsigned int src2, struct jit_ctx *ctx)
628 ++{
629 ++ emit_instr(ctx, or, dst, src1, src2);
630 ++}
631 ++
632 ++static inline void emit_ori(unsigned int dst, unsigned src, u32 imm,
633 ++ struct jit_ctx *ctx)
634 ++{
635 ++ if (imm >= BIT(16)) {
636 ++ emit_load_imm(r_tmp, imm, ctx);
637 ++ emit_or(dst, src, r_tmp, ctx);
638 ++ } else {
639 ++ emit_instr(ctx, ori, dst, src, imm);
640 ++ }
641 ++}
642 ++
643 ++static inline void emit_daddiu(unsigned int dst, unsigned int src,
644 ++ int imm, struct jit_ctx *ctx)
645 ++{
646 ++ /*
647 ++ * Only used for stack, so the imm is relatively small
648 ++ * and it fits in 15-bits
649 ++ */
650 ++ emit_instr(ctx, daddiu, dst, src, imm);
651 ++}
652 ++
653 ++static inline void emit_addiu(unsigned int dst, unsigned int src,
654 ++ u32 imm, struct jit_ctx *ctx)
655 ++{
656 ++ if (!is_range16(imm)) {
657 ++ emit_load_imm(r_tmp, imm, ctx);
658 ++ emit_addu(dst, r_tmp, src, ctx);
659 ++ } else {
660 ++ emit_instr(ctx, addiu, dst, src, imm);
661 ++ }
662 ++}
663 ++
664 ++static inline void emit_and(unsigned int dst, unsigned int src1,
665 ++ unsigned int src2, struct jit_ctx *ctx)
666 ++{
667 ++ emit_instr(ctx, and, dst, src1, src2);
668 ++}
669 ++
670 ++static inline void emit_andi(unsigned int dst, unsigned int src,
671 ++ u32 imm, struct jit_ctx *ctx)
672 ++{
673 ++ /* If imm does not fit in u16 then load it to register */
674 ++ if (imm >= BIT(16)) {
675 ++ emit_load_imm(r_tmp, imm, ctx);
676 ++ emit_and(dst, src, r_tmp, ctx);
677 ++ } else {
678 ++ emit_instr(ctx, andi, dst, src, imm);
679 ++ }
680 ++}
681 ++
682 ++static inline void emit_xor(unsigned int dst, unsigned int src1,
683 ++ unsigned int src2, struct jit_ctx *ctx)
684 ++{
685 ++ emit_instr(ctx, xor, dst, src1, src2);
686 ++}
687 ++
688 ++static inline void emit_xori(ptr dst, ptr src, u32 imm, struct jit_ctx *ctx)
689 ++{
690 ++ /* If imm does not fit in u16 then load it to register */
691 ++ if (imm >= BIT(16)) {
692 ++ emit_load_imm(r_tmp, imm, ctx);
693 ++ emit_xor(dst, src, r_tmp, ctx);
694 ++ } else {
695 ++ emit_instr(ctx, xori, dst, src, imm);
696 ++ }
697 ++}
698 ++
699 ++static inline void emit_stack_offset(int offset, struct jit_ctx *ctx)
700 ++{
701 ++ emit_long_instr(ctx, ADDIU, r_sp, r_sp, offset);
702 ++}
703 ++
704 ++static inline void emit_subu(unsigned int dst, unsigned int src1,
705 ++ unsigned int src2, struct jit_ctx *ctx)
706 ++{
707 ++ emit_instr(ctx, subu, dst, src1, src2);
708 ++}
709 ++
710 ++static inline void emit_neg(unsigned int reg, struct jit_ctx *ctx)
711 ++{
712 ++ emit_subu(reg, r_zero, reg, ctx);
713 ++}
714 ++
715 ++static inline void emit_sllv(unsigned int dst, unsigned int src,
716 ++ unsigned int sa, struct jit_ctx *ctx)
717 ++{
718 ++ emit_instr(ctx, sllv, dst, src, sa);
719 ++}
720 ++
721 ++static inline void emit_sll(unsigned int dst, unsigned int src,
722 ++ unsigned int sa, struct jit_ctx *ctx)
723 ++{
724 ++ /* sa is 5-bits long */
725 ++ if (sa >= BIT(5))
726 ++ /* Shifting >= 32 results in zero */
727 ++ emit_jit_reg_move(dst, r_zero, ctx);
728 ++ else
729 ++ emit_instr(ctx, sll, dst, src, sa);
730 ++}
731 ++
732 ++static inline void emit_srlv(unsigned int dst, unsigned int src,
733 ++ unsigned int sa, struct jit_ctx *ctx)
734 ++{
735 ++ emit_instr(ctx, srlv, dst, src, sa);
736 ++}
737 ++
738 ++static inline void emit_srl(unsigned int dst, unsigned int src,
739 ++ unsigned int sa, struct jit_ctx *ctx)
740 ++{
741 ++ /* sa is 5-bits long */
742 ++ if (sa >= BIT(5))
743 ++ /* Shifting >= 32 results in zero */
744 ++ emit_jit_reg_move(dst, r_zero, ctx);
745 ++ else
746 ++ emit_instr(ctx, srl, dst, src, sa);
747 ++}
748 ++
749 ++static inline void emit_slt(unsigned int dst, unsigned int src1,
750 ++ unsigned int src2, struct jit_ctx *ctx)
751 ++{
752 ++ emit_instr(ctx, slt, dst, src1, src2);
753 ++}
754 ++
755 ++static inline void emit_sltu(unsigned int dst, unsigned int src1,
756 ++ unsigned int src2, struct jit_ctx *ctx)
757 ++{
758 ++ emit_instr(ctx, sltu, dst, src1, src2);
759 ++}
760 ++
761 ++static inline void emit_sltiu(unsigned dst, unsigned int src,
762 ++ unsigned int imm, struct jit_ctx *ctx)
763 ++{
764 ++ /* 16 bit immediate */
765 ++ if (!is_range16((s32)imm)) {
766 ++ emit_load_imm(r_tmp, imm, ctx);
767 ++ emit_sltu(dst, src, r_tmp, ctx);
768 ++ } else {
769 ++ emit_instr(ctx, sltiu, dst, src, imm);
770 ++ }
771 ++
772 ++}
773 ++
774 ++/* Store register on the stack */
775 ++static inline void emit_store_stack_reg(ptr reg, ptr base,
776 ++ unsigned int offset,
777 ++ struct jit_ctx *ctx)
778 ++{
779 ++ emit_long_instr(ctx, SW, reg, offset, base);
780 ++}
781 ++
782 ++static inline void emit_store(ptr reg, ptr base, unsigned int offset,
783 ++ struct jit_ctx *ctx)
784 ++{
785 ++ emit_instr(ctx, sw, reg, offset, base);
786 ++}
787 ++
788 ++static inline void emit_load_stack_reg(ptr reg, ptr base,
789 ++ unsigned int offset,
790 ++ struct jit_ctx *ctx)
791 ++{
792 ++ emit_long_instr(ctx, LW, reg, offset, base);
793 ++}
794 ++
795 ++static inline void emit_load(unsigned int reg, unsigned int base,
796 ++ unsigned int offset, struct jit_ctx *ctx)
797 ++{
798 ++ emit_instr(ctx, lw, reg, offset, base);
799 ++}
800 ++
801 ++static inline void emit_load_byte(unsigned int reg, unsigned int base,
802 ++ unsigned int offset, struct jit_ctx *ctx)
803 ++{
804 ++ emit_instr(ctx, lb, reg, offset, base);
805 ++}
806 ++
807 ++static inline void emit_half_load(unsigned int reg, unsigned int base,
808 ++ unsigned int offset, struct jit_ctx *ctx)
809 ++{
810 ++ emit_instr(ctx, lh, reg, offset, base);
811 ++}
812 ++
813 ++static inline void emit_half_load_unsigned(unsigned int reg, unsigned int base,
814 ++ unsigned int offset, struct jit_ctx *ctx)
815 ++{
816 ++ emit_instr(ctx, lhu, reg, offset, base);
817 ++}
818 ++
819 ++static inline void emit_mul(unsigned int dst, unsigned int src1,
820 ++ unsigned int src2, struct jit_ctx *ctx)
821 ++{
822 ++ emit_instr(ctx, mul, dst, src1, src2);
823 ++}
824 ++
825 ++static inline void emit_div(unsigned int dst, unsigned int src,
826 ++ struct jit_ctx *ctx)
827 ++{
828 ++ if (ctx->target != NULL) {
829 ++ u32 *p = &ctx->target[ctx->idx];
830 ++ uasm_i_divu(&p, dst, src);
831 ++ p = &ctx->target[ctx->idx + 1];
832 ++ uasm_i_mflo(&p, dst);
833 ++ }
834 ++ ctx->idx += 2; /* 2 insts */
835 ++}
836 ++
837 ++static inline void emit_mod(unsigned int dst, unsigned int src,
838 ++ struct jit_ctx *ctx)
839 ++{
840 ++ if (ctx->target != NULL) {
841 ++ u32 *p = &ctx->target[ctx->idx];
842 ++ uasm_i_divu(&p, dst, src);
843 ++ p = &ctx->target[ctx->idx + 1];
844 ++ uasm_i_mfhi(&p, dst);
845 ++ }
846 ++ ctx->idx += 2; /* 2 insts */
847 ++}
848 ++
849 ++static inline void emit_dsll(unsigned int dst, unsigned int src,
850 ++ unsigned int sa, struct jit_ctx *ctx)
851 ++{
852 ++ emit_instr(ctx, dsll, dst, src, sa);
853 ++}
854 ++
855 ++static inline void emit_dsrl32(unsigned int dst, unsigned int src,
856 ++ unsigned int sa, struct jit_ctx *ctx)
857 ++{
858 ++ emit_instr(ctx, dsrl32, dst, src, sa);
859 ++}
860 ++
861 ++static inline void emit_wsbh(unsigned int dst, unsigned int src,
862 ++ struct jit_ctx *ctx)
863 ++{
864 ++ emit_instr(ctx, wsbh, dst, src);
865 ++}
866 ++
867 ++/* load pointer to register */
868 ++static inline void emit_load_ptr(unsigned int dst, unsigned int src,
869 ++ int imm, struct jit_ctx *ctx)
870 ++{
871 ++ /* src contains the base addr of the 32/64-pointer */
872 ++ emit_long_instr(ctx, LW, dst, imm, src);
873 ++}
874 ++
875 ++/* load a function pointer to register */
876 ++static inline void emit_load_func(unsigned int reg, ptr imm,
877 ++ struct jit_ctx *ctx)
878 ++{
879 ++ if (IS_ENABLED(CONFIG_64BIT)) {
880 ++ /* At this point imm is always 64-bit */
881 ++ emit_load_imm(r_tmp, (u64)imm >> 32, ctx);
882 ++ emit_dsll(r_tmp_imm, r_tmp, 16, ctx); /* left shift by 16 */
883 ++ emit_ori(r_tmp, r_tmp_imm, (imm >> 16) & 0xffff, ctx);
884 ++ emit_dsll(r_tmp_imm, r_tmp, 16, ctx); /* left shift by 16 */
885 ++ emit_ori(reg, r_tmp_imm, imm & 0xffff, ctx);
886 ++ } else {
887 ++ emit_load_imm(reg, imm, ctx);
888 ++ }
889 ++}
890 ++
891 ++/* Move to real MIPS register */
892 ++static inline void emit_reg_move(ptr dst, ptr src, struct jit_ctx *ctx)
893 ++{
894 ++ emit_long_instr(ctx, ADDU, dst, src, r_zero);
895 ++}
896 ++
897 ++/* Move to JIT (32-bit) register */
898 ++static inline void emit_jit_reg_move(ptr dst, ptr src, struct jit_ctx *ctx)
899 ++{
900 ++ emit_addu(dst, src, r_zero, ctx);
901 ++}
902 ++
903 ++/* Compute the immediate value for PC-relative branches. */
904 ++static inline u32 b_imm(unsigned int tgt, struct jit_ctx *ctx)
905 ++{
906 ++ if (ctx->target == NULL)
907 ++ return 0;
908 ++
909 ++ /*
910 ++ * We want a pc-relative branch. We only do forward branches
911 ++ * so tgt is always after pc. tgt is the instruction offset
912 ++ * we want to jump to.
913 ++
914 ++ * Branch on MIPS:
915 ++ * I: target_offset <- sign_extend(offset)
916 ++ * I+1: PC += target_offset (delay slot)
917 ++ *
918 ++ * ctx->idx currently points to the branch instruction
919 ++ * but the offset is added to the delay slot so we need
920 ++ * to subtract 4.
921 ++ */
922 ++ return ctx->offsets[tgt] -
923 ++ (ctx->idx * 4 - ctx->prologue_bytes) - 4;
924 ++}
925 ++
926 ++static inline void emit_bcond(int cond, unsigned int reg1, unsigned int reg2,
927 ++ unsigned int imm, struct jit_ctx *ctx)
928 ++{
929 ++ if (ctx->target != NULL) {
930 ++ u32 *p = &ctx->target[ctx->idx];
931 ++
932 ++ switch (cond) {
933 ++ case MIPS_COND_EQ:
934 ++ uasm_i_beq(&p, reg1, reg2, imm);
935 ++ break;
936 ++ case MIPS_COND_NE:
937 ++ uasm_i_bne(&p, reg1, reg2, imm);
938 ++ break;
939 ++ case MIPS_COND_ALL:
940 ++ uasm_i_b(&p, imm);
941 ++ break;
942 ++ default:
943 ++ pr_warn("%s: Unhandled branch conditional: %d\n",
944 ++ __func__, cond);
945 ++ }
946 ++ }
947 ++ ctx->idx++;
948 ++}
949 ++
950 ++static inline void emit_b(unsigned int imm, struct jit_ctx *ctx)
951 ++{
952 ++ emit_bcond(MIPS_COND_ALL, r_zero, r_zero, imm, ctx);
953 ++}
954 ++
955 ++static inline void emit_jalr(unsigned int link, unsigned int reg,
956 ++ struct jit_ctx *ctx)
957 ++{
958 ++ emit_instr(ctx, jalr, link, reg);
959 ++}
960 ++
961 ++static inline void emit_jr(unsigned int reg, struct jit_ctx *ctx)
962 ++{
963 ++ emit_instr(ctx, jr, reg);
964 ++}
965 ++
966 ++static inline u16 align_sp(unsigned int num)
967 ++{
968 ++ /* Double word alignment for 32-bit, quadword for 64-bit */
969 ++ unsigned int align = IS_ENABLED(CONFIG_64BIT) ? 16 : 8;
970 ++ num = (num + (align - 1)) & -align;
971 ++ return num;
972 ++}
973 ++
974 ++static void save_bpf_jit_regs(struct jit_ctx *ctx, unsigned offset)
975 ++{
976 ++ int i = 0, real_off = 0;
977 ++ u32 sflags, tmp_flags;
978 ++
979 ++ /* Adjust the stack pointer */
980 ++ if (offset)
981 ++ emit_stack_offset(-align_sp(offset), ctx);
982 ++
983 ++ tmp_flags = sflags = ctx->flags >> SEEN_SREG_SFT;
984 ++ /* sflags is essentially a bitmap */
985 ++ while (tmp_flags) {
986 ++ if ((sflags >> i) & 0x1) {
987 ++ emit_store_stack_reg(MIPS_R_S0 + i, r_sp, real_off,
988 ++ ctx);
989 ++ real_off += SZREG;
990 ++ }
991 ++ i++;
992 ++ tmp_flags >>= 1;
993 ++ }
994 ++
995 ++ /* save return address */
996 ++ if (ctx->flags & SEEN_CALL) {
997 ++ emit_store_stack_reg(r_ra, r_sp, real_off, ctx);
998 ++ real_off += SZREG;
999 ++ }
1000 ++
1001 ++ /* Setup r_M leaving the alignment gap if necessary */
1002 ++ if (ctx->flags & SEEN_MEM) {
1003 ++ if (real_off % (SZREG * 2))
1004 ++ real_off += SZREG;
1005 ++ emit_long_instr(ctx, ADDIU, r_M, r_sp, real_off);
1006 ++ }
1007 ++}
1008 ++
1009 ++static void restore_bpf_jit_regs(struct jit_ctx *ctx,
1010 ++ unsigned int offset)
1011 ++{
1012 ++ int i, real_off = 0;
1013 ++ u32 sflags, tmp_flags;
1014 ++
1015 ++ tmp_flags = sflags = ctx->flags >> SEEN_SREG_SFT;
1016 ++ /* sflags is a bitmap */
1017 ++ i = 0;
1018 ++ while (tmp_flags) {
1019 ++ if ((sflags >> i) & 0x1) {
1020 ++ emit_load_stack_reg(MIPS_R_S0 + i, r_sp, real_off,
1021 ++ ctx);
1022 ++ real_off += SZREG;
1023 ++ }
1024 ++ i++;
1025 ++ tmp_flags >>= 1;
1026 ++ }
1027 ++
1028 ++ /* restore return address */
1029 ++ if (ctx->flags & SEEN_CALL)
1030 ++ emit_load_stack_reg(r_ra, r_sp, real_off, ctx);
1031 ++
1032 ++ /* Restore the sp and discard the scrach memory */
1033 ++ if (offset)
1034 ++ emit_stack_offset(align_sp(offset), ctx);
1035 ++}
1036 ++
1037 ++static unsigned int get_stack_depth(struct jit_ctx *ctx)
1038 ++{
1039 ++ int sp_off = 0;
1040 ++
1041 ++
1042 ++ /* How may s* regs do we need to preserved? */
1043 ++ sp_off += hweight32(ctx->flags >> SEEN_SREG_SFT) * SZREG;
1044 ++
1045 ++ if (ctx->flags & SEEN_MEM)
1046 ++ sp_off += 4 * BPF_MEMWORDS; /* BPF_MEMWORDS are 32-bit */
1047 ++
1048 ++ if (ctx->flags & SEEN_CALL)
1049 ++ sp_off += SZREG; /* Space for our ra register */
1050 ++
1051 ++ return sp_off;
1052 ++}
1053 ++
1054 ++static void build_prologue(struct jit_ctx *ctx)
1055 ++{
1056 ++ int sp_off;
1057 ++
1058 ++ /* Calculate the total offset for the stack pointer */
1059 ++ sp_off = get_stack_depth(ctx);
1060 ++ save_bpf_jit_regs(ctx, sp_off);
1061 ++
1062 ++ if (ctx->flags & SEEN_SKB)
1063 ++ emit_reg_move(r_skb, MIPS_R_A0, ctx);
1064 ++
1065 ++ if (ctx->flags & SEEN_SKB_DATA) {
1066 ++ /* Load packet length */
1067 ++ emit_load(r_skb_len, r_skb, offsetof(struct sk_buff, len),
1068 ++ ctx);
1069 ++ emit_load(r_tmp, r_skb, offsetof(struct sk_buff, data_len),
1070 ++ ctx);
1071 ++ /* Load the data pointer */
1072 ++ emit_load_ptr(r_skb_data, r_skb,
1073 ++ offsetof(struct sk_buff, data), ctx);
1074 ++ /* Load the header length */
1075 ++ emit_subu(r_skb_hl, r_skb_len, r_tmp, ctx);
1076 ++ }
1077 ++
1078 ++ if (ctx->flags & SEEN_X)
1079 ++ emit_jit_reg_move(r_X, r_zero, ctx);
1080 ++
1081 ++ /*
1082 ++ * Do not leak kernel data to userspace, we only need to clear
1083 ++ * r_A if it is ever used. In fact if it is never used, we
1084 ++ * will not save/restore it, so clearing it in this case would
1085 ++ * corrupt the state of the caller.
1086 ++ */
1087 ++ if (bpf_needs_clear_a(&ctx->skf->insns[0]) &&
1088 ++ (ctx->flags & SEEN_A))
1089 ++ emit_jit_reg_move(r_A, r_zero, ctx);
1090 ++}
1091 ++
1092 ++static void build_epilogue(struct jit_ctx *ctx)
1093 ++{
1094 ++ unsigned int sp_off;
1095 ++
1096 ++ /* Calculate the total offset for the stack pointer */
1097 ++
1098 ++ sp_off = get_stack_depth(ctx);
1099 ++ restore_bpf_jit_regs(ctx, sp_off);
1100 ++
1101 ++ /* Return */
1102 ++ emit_jr(r_ra, ctx);
1103 ++ emit_nop(ctx);
1104 ++}
1105 ++
1106 ++#define CHOOSE_LOAD_FUNC(K, func) \
1107 ++ ((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative : func) : \
1108 ++ func##_positive)
1109 ++
1110 ++static bool is_bad_offset(int b_off)
1111 ++{
1112 ++ return b_off > 0x1ffff || b_off < -0x20000;
1113 ++}
1114 ++
1115 ++static int build_body(struct jit_ctx *ctx)
1116 ++{
1117 ++ const struct bpf_prog *prog = ctx->skf;
1118 ++ const struct sock_filter *inst;
1119 ++ unsigned int i, off, condt;
1120 ++ u32 k, b_off __maybe_unused;
1121 ++ u8 (*sk_load_func)(unsigned long *skb, int offset);
1122 ++
1123 ++ for (i = 0; i < prog->len; i++) {
1124 ++ u16 code;
1125 ++
1126 ++ inst = &(prog->insns[i]);
1127 ++ pr_debug("%s: code->0x%02x, jt->0x%x, jf->0x%x, k->0x%x\n",
1128 ++ __func__, inst->code, inst->jt, inst->jf, inst->k);
1129 ++ k = inst->k;
1130 ++ code = bpf_anc_helper(inst);
1131 ++
1132 ++ if (ctx->target == NULL)
1133 ++ ctx->offsets[i] = ctx->idx * 4;
1134 ++
1135 ++ switch (code) {
1136 ++ case BPF_LD | BPF_IMM:
1137 ++ /* A <- k ==> li r_A, k */
1138 ++ ctx->flags |= SEEN_A;
1139 ++ emit_load_imm(r_A, k, ctx);
1140 ++ break;
1141 ++ case BPF_LD | BPF_W | BPF_LEN:
1142 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4);
1143 ++ /* A <- len ==> lw r_A, offset(skb) */
1144 ++ ctx->flags |= SEEN_SKB | SEEN_A;
1145 ++ off = offsetof(struct sk_buff, len);
1146 ++ emit_load(r_A, r_skb, off, ctx);
1147 ++ break;
1148 ++ case BPF_LD | BPF_MEM:
1149 ++ /* A <- M[k] ==> lw r_A, offset(M) */
1150 ++ ctx->flags |= SEEN_MEM | SEEN_A;
1151 ++ emit_load(r_A, r_M, SCRATCH_OFF(k), ctx);
1152 ++ break;
1153 ++ case BPF_LD | BPF_W | BPF_ABS:
1154 ++ /* A <- P[k:4] */
1155 ++ sk_load_func = CHOOSE_LOAD_FUNC(k, sk_load_word);
1156 ++ goto load;
1157 ++ case BPF_LD | BPF_H | BPF_ABS:
1158 ++ /* A <- P[k:2] */
1159 ++ sk_load_func = CHOOSE_LOAD_FUNC(k, sk_load_half);
1160 ++ goto load;
1161 ++ case BPF_LD | BPF_B | BPF_ABS:
1162 ++ /* A <- P[k:1] */
1163 ++ sk_load_func = CHOOSE_LOAD_FUNC(k, sk_load_byte);
1164 ++load:
1165 ++ emit_load_imm(r_off, k, ctx);
1166 ++load_common:
1167 ++ ctx->flags |= SEEN_CALL | SEEN_OFF |
1168 ++ SEEN_SKB | SEEN_A | SEEN_SKB_DATA;
1169 ++
1170 ++ emit_load_func(r_s0, (ptr)sk_load_func, ctx);
1171 ++ emit_reg_move(MIPS_R_A0, r_skb, ctx);
1172 ++ emit_jalr(MIPS_R_RA, r_s0, ctx);
1173 ++ /* Load second argument to delay slot */
1174 ++ emit_reg_move(MIPS_R_A1, r_off, ctx);
1175 ++ /* Check the error value */
1176 ++ emit_bcond(MIPS_COND_EQ, r_ret, 0, b_imm(i + 1, ctx),
1177 ++ ctx);
1178 ++ /* Load return register on DS for failures */
1179 ++ emit_reg_move(r_ret, r_zero, ctx);
1180 ++ /* Return with error */
1181 ++ b_off = b_imm(prog->len, ctx);
1182 ++ if (is_bad_offset(b_off))
1183 ++ return -E2BIG;
1184 ++ emit_b(b_off, ctx);
1185 ++ emit_nop(ctx);
1186 ++ break;
1187 ++ case BPF_LD | BPF_W | BPF_IND:
1188 ++ /* A <- P[X + k:4] */
1189 ++ sk_load_func = sk_load_word;
1190 ++ goto load_ind;
1191 ++ case BPF_LD | BPF_H | BPF_IND:
1192 ++ /* A <- P[X + k:2] */
1193 ++ sk_load_func = sk_load_half;
1194 ++ goto load_ind;
1195 ++ case BPF_LD | BPF_B | BPF_IND:
1196 ++ /* A <- P[X + k:1] */
1197 ++ sk_load_func = sk_load_byte;
1198 ++load_ind:
1199 ++ ctx->flags |= SEEN_OFF | SEEN_X;
1200 ++ emit_addiu(r_off, r_X, k, ctx);
1201 ++ goto load_common;
1202 ++ case BPF_LDX | BPF_IMM:
1203 ++ /* X <- k */
1204 ++ ctx->flags |= SEEN_X;
1205 ++ emit_load_imm(r_X, k, ctx);
1206 ++ break;
1207 ++ case BPF_LDX | BPF_MEM:
1208 ++ /* X <- M[k] */
1209 ++ ctx->flags |= SEEN_X | SEEN_MEM;
1210 ++ emit_load(r_X, r_M, SCRATCH_OFF(k), ctx);
1211 ++ break;
1212 ++ case BPF_LDX | BPF_W | BPF_LEN:
1213 ++ /* X <- len */
1214 ++ ctx->flags |= SEEN_X | SEEN_SKB;
1215 ++ off = offsetof(struct sk_buff, len);
1216 ++ emit_load(r_X, r_skb, off, ctx);
1217 ++ break;
1218 ++ case BPF_LDX | BPF_B | BPF_MSH:
1219 ++ /* X <- 4 * (P[k:1] & 0xf) */
1220 ++ ctx->flags |= SEEN_X | SEEN_CALL | SEEN_SKB;
1221 ++ /* Load offset to a1 */
1222 ++ emit_load_func(r_s0, (ptr)sk_load_byte, ctx);
1223 ++ /*
1224 ++ * This may emit two instructions so it may not fit
1225 ++ * in the delay slot. So use a0 in the delay slot.
1226 ++ */
1227 ++ emit_load_imm(MIPS_R_A1, k, ctx);
1228 ++ emit_jalr(MIPS_R_RA, r_s0, ctx);
1229 ++ emit_reg_move(MIPS_R_A0, r_skb, ctx); /* delay slot */
1230 ++ /* Check the error value */
1231 ++ b_off = b_imm(prog->len, ctx);
1232 ++ if (is_bad_offset(b_off))
1233 ++ return -E2BIG;
1234 ++ emit_bcond(MIPS_COND_NE, r_ret, 0, b_off, ctx);
1235 ++ emit_reg_move(r_ret, r_zero, ctx);
1236 ++ /* We are good */
1237 ++ /* X <- P[1:K] & 0xf */
1238 ++ emit_andi(r_X, r_A, 0xf, ctx);
1239 ++ /* X << 2 */
1240 ++ emit_b(b_imm(i + 1, ctx), ctx);
1241 ++ emit_sll(r_X, r_X, 2, ctx); /* delay slot */
1242 ++ break;
1243 ++ case BPF_ST:
1244 ++ /* M[k] <- A */
1245 ++ ctx->flags |= SEEN_MEM | SEEN_A;
1246 ++ emit_store(r_A, r_M, SCRATCH_OFF(k), ctx);
1247 ++ break;
1248 ++ case BPF_STX:
1249 ++ /* M[k] <- X */
1250 ++ ctx->flags |= SEEN_MEM | SEEN_X;
1251 ++ emit_store(r_X, r_M, SCRATCH_OFF(k), ctx);
1252 ++ break;
1253 ++ case BPF_ALU | BPF_ADD | BPF_K:
1254 ++ /* A += K */
1255 ++ ctx->flags |= SEEN_A;
1256 ++ emit_addiu(r_A, r_A, k, ctx);
1257 ++ break;
1258 ++ case BPF_ALU | BPF_ADD | BPF_X:
1259 ++ /* A += X */
1260 ++ ctx->flags |= SEEN_A | SEEN_X;
1261 ++ emit_addu(r_A, r_A, r_X, ctx);
1262 ++ break;
1263 ++ case BPF_ALU | BPF_SUB | BPF_K:
1264 ++ /* A -= K */
1265 ++ ctx->flags |= SEEN_A;
1266 ++ emit_addiu(r_A, r_A, -k, ctx);
1267 ++ break;
1268 ++ case BPF_ALU | BPF_SUB | BPF_X:
1269 ++ /* A -= X */
1270 ++ ctx->flags |= SEEN_A | SEEN_X;
1271 ++ emit_subu(r_A, r_A, r_X, ctx);
1272 ++ break;
1273 ++ case BPF_ALU | BPF_MUL | BPF_K:
1274 ++ /* A *= K */
1275 ++ /* Load K to scratch register before MUL */
1276 ++ ctx->flags |= SEEN_A;
1277 ++ emit_load_imm(r_s0, k, ctx);
1278 ++ emit_mul(r_A, r_A, r_s0, ctx);
1279 ++ break;
1280 ++ case BPF_ALU | BPF_MUL | BPF_X:
1281 ++ /* A *= X */
1282 ++ ctx->flags |= SEEN_A | SEEN_X;
1283 ++ emit_mul(r_A, r_A, r_X, ctx);
1284 ++ break;
1285 ++ case BPF_ALU | BPF_DIV | BPF_K:
1286 ++ /* A /= k */
1287 ++ if (k == 1)
1288 ++ break;
1289 ++ if (optimize_div(&k)) {
1290 ++ ctx->flags |= SEEN_A;
1291 ++ emit_srl(r_A, r_A, k, ctx);
1292 ++ break;
1293 ++ }
1294 ++ ctx->flags |= SEEN_A;
1295 ++ emit_load_imm(r_s0, k, ctx);
1296 ++ emit_div(r_A, r_s0, ctx);
1297 ++ break;
1298 ++ case BPF_ALU | BPF_MOD | BPF_K:
1299 ++ /* A %= k */
1300 ++ if (k == 1) {
1301 ++ ctx->flags |= SEEN_A;
1302 ++ emit_jit_reg_move(r_A, r_zero, ctx);
1303 ++ } else {
1304 ++ ctx->flags |= SEEN_A;
1305 ++ emit_load_imm(r_s0, k, ctx);
1306 ++ emit_mod(r_A, r_s0, ctx);
1307 ++ }
1308 ++ break;
1309 ++ case BPF_ALU | BPF_DIV | BPF_X:
1310 ++ /* A /= X */
1311 ++ ctx->flags |= SEEN_X | SEEN_A;
1312 ++ /* Check if r_X is zero */
1313 ++ b_off = b_imm(prog->len, ctx);
1314 ++ if (is_bad_offset(b_off))
1315 ++ return -E2BIG;
1316 ++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx);
1317 ++ emit_load_imm(r_ret, 0, ctx); /* delay slot */
1318 ++ emit_div(r_A, r_X, ctx);
1319 ++ break;
1320 ++ case BPF_ALU | BPF_MOD | BPF_X:
1321 ++ /* A %= X */
1322 ++ ctx->flags |= SEEN_X | SEEN_A;
1323 ++ /* Check if r_X is zero */
1324 ++ b_off = b_imm(prog->len, ctx);
1325 ++ if (is_bad_offset(b_off))
1326 ++ return -E2BIG;
1327 ++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx);
1328 ++ emit_load_imm(r_ret, 0, ctx); /* delay slot */
1329 ++ emit_mod(r_A, r_X, ctx);
1330 ++ break;
1331 ++ case BPF_ALU | BPF_OR | BPF_K:
1332 ++ /* A |= K */
1333 ++ ctx->flags |= SEEN_A;
1334 ++ emit_ori(r_A, r_A, k, ctx);
1335 ++ break;
1336 ++ case BPF_ALU | BPF_OR | BPF_X:
1337 ++ /* A |= X */
1338 ++ ctx->flags |= SEEN_A;
1339 ++ emit_ori(r_A, r_A, r_X, ctx);
1340 ++ break;
1341 ++ case BPF_ALU | BPF_XOR | BPF_K:
1342 ++ /* A ^= k */
1343 ++ ctx->flags |= SEEN_A;
1344 ++ emit_xori(r_A, r_A, k, ctx);
1345 ++ break;
1346 ++ case BPF_ANC | SKF_AD_ALU_XOR_X:
1347 ++ case BPF_ALU | BPF_XOR | BPF_X:
1348 ++ /* A ^= X */
1349 ++ ctx->flags |= SEEN_A;
1350 ++ emit_xor(r_A, r_A, r_X, ctx);
1351 ++ break;
1352 ++ case BPF_ALU | BPF_AND | BPF_K:
1353 ++ /* A &= K */
1354 ++ ctx->flags |= SEEN_A;
1355 ++ emit_andi(r_A, r_A, k, ctx);
1356 ++ break;
1357 ++ case BPF_ALU | BPF_AND | BPF_X:
1358 ++ /* A &= X */
1359 ++ ctx->flags |= SEEN_A | SEEN_X;
1360 ++ emit_and(r_A, r_A, r_X, ctx);
1361 ++ break;
1362 ++ case BPF_ALU | BPF_LSH | BPF_K:
1363 ++ /* A <<= K */
1364 ++ ctx->flags |= SEEN_A;
1365 ++ emit_sll(r_A, r_A, k, ctx);
1366 ++ break;
1367 ++ case BPF_ALU | BPF_LSH | BPF_X:
1368 ++ /* A <<= X */
1369 ++ ctx->flags |= SEEN_A | SEEN_X;
1370 ++ emit_sllv(r_A, r_A, r_X, ctx);
1371 ++ break;
1372 ++ case BPF_ALU | BPF_RSH | BPF_K:
1373 ++ /* A >>= K */
1374 ++ ctx->flags |= SEEN_A;
1375 ++ emit_srl(r_A, r_A, k, ctx);
1376 ++ break;
1377 ++ case BPF_ALU | BPF_RSH | BPF_X:
1378 ++ ctx->flags |= SEEN_A | SEEN_X;
1379 ++ emit_srlv(r_A, r_A, r_X, ctx);
1380 ++ break;
1381 ++ case BPF_ALU | BPF_NEG:
1382 ++ /* A = -A */
1383 ++ ctx->flags |= SEEN_A;
1384 ++ emit_neg(r_A, ctx);
1385 ++ break;
1386 ++ case BPF_JMP | BPF_JA:
1387 ++ /* pc += K */
1388 ++ b_off = b_imm(i + k + 1, ctx);
1389 ++ if (is_bad_offset(b_off))
1390 ++ return -E2BIG;
1391 ++ emit_b(b_off, ctx);
1392 ++ emit_nop(ctx);
1393 ++ break;
1394 ++ case BPF_JMP | BPF_JEQ | BPF_K:
1395 ++ /* pc += ( A == K ) ? pc->jt : pc->jf */
1396 ++ condt = MIPS_COND_EQ | MIPS_COND_K;
1397 ++ goto jmp_cmp;
1398 ++ case BPF_JMP | BPF_JEQ | BPF_X:
1399 ++ ctx->flags |= SEEN_X;
1400 ++ /* pc += ( A == X ) ? pc->jt : pc->jf */
1401 ++ condt = MIPS_COND_EQ | MIPS_COND_X;
1402 ++ goto jmp_cmp;
1403 ++ case BPF_JMP | BPF_JGE | BPF_K:
1404 ++ /* pc += ( A >= K ) ? pc->jt : pc->jf */
1405 ++ condt = MIPS_COND_GE | MIPS_COND_K;
1406 ++ goto jmp_cmp;
1407 ++ case BPF_JMP | BPF_JGE | BPF_X:
1408 ++ ctx->flags |= SEEN_X;
1409 ++ /* pc += ( A >= X ) ? pc->jt : pc->jf */
1410 ++ condt = MIPS_COND_GE | MIPS_COND_X;
1411 ++ goto jmp_cmp;
1412 ++ case BPF_JMP | BPF_JGT | BPF_K:
1413 ++ /* pc += ( A > K ) ? pc->jt : pc->jf */
1414 ++ condt = MIPS_COND_GT | MIPS_COND_K;
1415 ++ goto jmp_cmp;
1416 ++ case BPF_JMP | BPF_JGT | BPF_X:
1417 ++ ctx->flags |= SEEN_X;
1418 ++ /* pc += ( A > X ) ? pc->jt : pc->jf */
1419 ++ condt = MIPS_COND_GT | MIPS_COND_X;
1420 ++jmp_cmp:
1421 ++ /* Greater or Equal */
1422 ++ if ((condt & MIPS_COND_GE) ||
1423 ++ (condt & MIPS_COND_GT)) {
1424 ++ if (condt & MIPS_COND_K) { /* K */
1425 ++ ctx->flags |= SEEN_A;
1426 ++ emit_sltiu(r_s0, r_A, k, ctx);
1427 ++ } else { /* X */
1428 ++ ctx->flags |= SEEN_A |
1429 ++ SEEN_X;
1430 ++ emit_sltu(r_s0, r_A, r_X, ctx);
1431 ++ }
1432 ++ /* A < (K|X) ? r_scrach = 1 */
1433 ++ b_off = b_imm(i + inst->jf + 1, ctx);
1434 ++ emit_bcond(MIPS_COND_NE, r_s0, r_zero, b_off,
1435 ++ ctx);
1436 ++ emit_nop(ctx);
1437 ++ /* A > (K|X) ? scratch = 0 */
1438 ++ if (condt & MIPS_COND_GT) {
1439 ++ /* Checking for equality */
1440 ++ ctx->flags |= SEEN_A | SEEN_X;
1441 ++ if (condt & MIPS_COND_K)
1442 ++ emit_load_imm(r_s0, k, ctx);
1443 ++ else
1444 ++ emit_jit_reg_move(r_s0, r_X,
1445 ++ ctx);
1446 ++ b_off = b_imm(i + inst->jf + 1, ctx);
1447 ++ emit_bcond(MIPS_COND_EQ, r_A, r_s0,
1448 ++ b_off, ctx);
1449 ++ emit_nop(ctx);
1450 ++ /* Finally, A > K|X */
1451 ++ b_off = b_imm(i + inst->jt + 1, ctx);
1452 ++ emit_b(b_off, ctx);
1453 ++ emit_nop(ctx);
1454 ++ } else {
1455 ++ /* A >= (K|X) so jump */
1456 ++ b_off = b_imm(i + inst->jt + 1, ctx);
1457 ++ emit_b(b_off, ctx);
1458 ++ emit_nop(ctx);
1459 ++ }
1460 ++ } else {
1461 ++ /* A == K|X */
1462 ++ if (condt & MIPS_COND_K) { /* K */
1463 ++ ctx->flags |= SEEN_A;
1464 ++ emit_load_imm(r_s0, k, ctx);
1465 ++ /* jump true */
1466 ++ b_off = b_imm(i + inst->jt + 1, ctx);
1467 ++ emit_bcond(MIPS_COND_EQ, r_A, r_s0,
1468 ++ b_off, ctx);
1469 ++ emit_nop(ctx);
1470 ++ /* jump false */
1471 ++ b_off = b_imm(i + inst->jf + 1,
1472 ++ ctx);
1473 ++ emit_bcond(MIPS_COND_NE, r_A, r_s0,
1474 ++ b_off, ctx);
1475 ++ emit_nop(ctx);
1476 ++ } else { /* X */
1477 ++ /* jump true */
1478 ++ ctx->flags |= SEEN_A | SEEN_X;
1479 ++ b_off = b_imm(i + inst->jt + 1,
1480 ++ ctx);
1481 ++ emit_bcond(MIPS_COND_EQ, r_A, r_X,
1482 ++ b_off, ctx);
1483 ++ emit_nop(ctx);
1484 ++ /* jump false */
1485 ++ b_off = b_imm(i + inst->jf + 1, ctx);
1486 ++ emit_bcond(MIPS_COND_NE, r_A, r_X,
1487 ++ b_off, ctx);
1488 ++ emit_nop(ctx);
1489 ++ }
1490 ++ }
1491 ++ break;
1492 ++ case BPF_JMP | BPF_JSET | BPF_K:
1493 ++ ctx->flags |= SEEN_A;
1494 ++ /* pc += (A & K) ? pc -> jt : pc -> jf */
1495 ++ emit_load_imm(r_s1, k, ctx);
1496 ++ emit_and(r_s0, r_A, r_s1, ctx);
1497 ++ /* jump true */
1498 ++ b_off = b_imm(i + inst->jt + 1, ctx);
1499 ++ emit_bcond(MIPS_COND_NE, r_s0, r_zero, b_off, ctx);
1500 ++ emit_nop(ctx);
1501 ++ /* jump false */
1502 ++ b_off = b_imm(i + inst->jf + 1, ctx);
1503 ++ emit_b(b_off, ctx);
1504 ++ emit_nop(ctx);
1505 ++ break;
1506 ++ case BPF_JMP | BPF_JSET | BPF_X:
1507 ++ ctx->flags |= SEEN_X | SEEN_A;
1508 ++ /* pc += (A & X) ? pc -> jt : pc -> jf */
1509 ++ emit_and(r_s0, r_A, r_X, ctx);
1510 ++ /* jump true */
1511 ++ b_off = b_imm(i + inst->jt + 1, ctx);
1512 ++ emit_bcond(MIPS_COND_NE, r_s0, r_zero, b_off, ctx);
1513 ++ emit_nop(ctx);
1514 ++ /* jump false */
1515 ++ b_off = b_imm(i + inst->jf + 1, ctx);
1516 ++ emit_b(b_off, ctx);
1517 ++ emit_nop(ctx);
1518 ++ break;
1519 ++ case BPF_RET | BPF_A:
1520 ++ ctx->flags |= SEEN_A;
1521 ++ if (i != prog->len - 1) {
1522 ++ /*
1523 ++ * If this is not the last instruction
1524 ++ * then jump to the epilogue
1525 ++ */
1526 ++ b_off = b_imm(prog->len, ctx);
1527 ++ if (is_bad_offset(b_off))
1528 ++ return -E2BIG;
1529 ++ emit_b(b_off, ctx);
1530 ++ }
1531 ++ emit_reg_move(r_ret, r_A, ctx); /* delay slot */
1532 ++ break;
1533 ++ case BPF_RET | BPF_K:
1534 ++ /*
1535 ++ * It can emit two instructions so it does not fit on
1536 ++ * the delay slot.
1537 ++ */
1538 ++ emit_load_imm(r_ret, k, ctx);
1539 ++ if (i != prog->len - 1) {
1540 ++ /*
1541 ++ * If this is not the last instruction
1542 ++ * then jump to the epilogue
1543 ++ */
1544 ++ b_off = b_imm(prog->len, ctx);
1545 ++ if (is_bad_offset(b_off))
1546 ++ return -E2BIG;
1547 ++ emit_b(b_off, ctx);
1548 ++ emit_nop(ctx);
1549 ++ }
1550 ++ break;
1551 ++ case BPF_MISC | BPF_TAX:
1552 ++ /* X = A */
1553 ++ ctx->flags |= SEEN_X | SEEN_A;
1554 ++ emit_jit_reg_move(r_X, r_A, ctx);
1555 ++ break;
1556 ++ case BPF_MISC | BPF_TXA:
1557 ++ /* A = X */
1558 ++ ctx->flags |= SEEN_A | SEEN_X;
1559 ++ emit_jit_reg_move(r_A, r_X, ctx);
1560 ++ break;
1561 ++ /* AUX */
1562 ++ case BPF_ANC | SKF_AD_PROTOCOL:
1563 ++ /* A = ntohs(skb->protocol */
1564 ++ ctx->flags |= SEEN_SKB | SEEN_OFF | SEEN_A;
1565 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff,
1566 ++ protocol) != 2);
1567 ++ off = offsetof(struct sk_buff, protocol);
1568 ++ emit_half_load(r_A, r_skb, off, ctx);
1569 ++#ifdef CONFIG_CPU_LITTLE_ENDIAN
1570 ++ /* This needs little endian fixup */
1571 ++ if (cpu_has_wsbh) {
1572 ++ /* R2 and later have the wsbh instruction */
1573 ++ emit_wsbh(r_A, r_A, ctx);
1574 ++ } else {
1575 ++ /* Get first byte */
1576 ++ emit_andi(r_tmp_imm, r_A, 0xff, ctx);
1577 ++ /* Shift it */
1578 ++ emit_sll(r_tmp, r_tmp_imm, 8, ctx);
1579 ++ /* Get second byte */
1580 ++ emit_srl(r_tmp_imm, r_A, 8, ctx);
1581 ++ emit_andi(r_tmp_imm, r_tmp_imm, 0xff, ctx);
1582 ++ /* Put everyting together in r_A */
1583 ++ emit_or(r_A, r_tmp, r_tmp_imm, ctx);
1584 ++ }
1585 ++#endif
1586 ++ break;
1587 ++ case BPF_ANC | SKF_AD_CPU:
1588 ++ ctx->flags |= SEEN_A | SEEN_OFF;
1589 ++ /* A = current_thread_info()->cpu */
1590 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct thread_info,
1591 ++ cpu) != 4);
1592 ++ off = offsetof(struct thread_info, cpu);
1593 ++ /* $28/gp points to the thread_info struct */
1594 ++ emit_load(r_A, 28, off, ctx);
1595 ++ break;
1596 ++ case BPF_ANC | SKF_AD_IFINDEX:
1597 ++ /* A = skb->dev->ifindex */
1598 ++ case BPF_ANC | SKF_AD_HATYPE:
1599 ++ /* A = skb->dev->type */
1600 ++ ctx->flags |= SEEN_SKB | SEEN_A;
1601 ++ off = offsetof(struct sk_buff, dev);
1602 ++ /* Load *dev pointer */
1603 ++ emit_load_ptr(r_s0, r_skb, off, ctx);
1604 ++ /* error (0) in the delay slot */
1605 ++ b_off = b_imm(prog->len, ctx);
1606 ++ if (is_bad_offset(b_off))
1607 ++ return -E2BIG;
1608 ++ emit_bcond(MIPS_COND_EQ, r_s0, r_zero, b_off, ctx);
1609 ++ emit_reg_move(r_ret, r_zero, ctx);
1610 ++ if (code == (BPF_ANC | SKF_AD_IFINDEX)) {
1611 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4);
1612 ++ off = offsetof(struct net_device, ifindex);
1613 ++ emit_load(r_A, r_s0, off, ctx);
1614 ++ } else { /* (code == (BPF_ANC | SKF_AD_HATYPE) */
1615 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, type) != 2);
1616 ++ off = offsetof(struct net_device, type);
1617 ++ emit_half_load_unsigned(r_A, r_s0, off, ctx);
1618 ++ }
1619 ++ break;
1620 ++ case BPF_ANC | SKF_AD_MARK:
1621 ++ ctx->flags |= SEEN_SKB | SEEN_A;
1622 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, mark) != 4);
1623 ++ off = offsetof(struct sk_buff, mark);
1624 ++ emit_load(r_A, r_skb, off, ctx);
1625 ++ break;
1626 ++ case BPF_ANC | SKF_AD_RXHASH:
1627 ++ ctx->flags |= SEEN_SKB | SEEN_A;
1628 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, hash) != 4);
1629 ++ off = offsetof(struct sk_buff, hash);
1630 ++ emit_load(r_A, r_skb, off, ctx);
1631 ++ break;
1632 ++ case BPF_ANC | SKF_AD_VLAN_TAG:
1633 ++ ctx->flags |= SEEN_SKB | SEEN_A;
1634 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff,
1635 ++ vlan_tci) != 2);
1636 ++ off = offsetof(struct sk_buff, vlan_tci);
1637 ++ emit_half_load_unsigned(r_A, r_skb, off, ctx);
1638 ++ break;
1639 ++ case BPF_ANC | SKF_AD_VLAN_TAG_PRESENT:
1640 ++ ctx->flags |= SEEN_SKB | SEEN_A;
1641 ++ emit_load_byte(r_A, r_skb, PKT_VLAN_PRESENT_OFFSET(), ctx);
1642 ++ if (PKT_VLAN_PRESENT_BIT)
1643 ++ emit_srl(r_A, r_A, PKT_VLAN_PRESENT_BIT, ctx);
1644 ++ if (PKT_VLAN_PRESENT_BIT < 7)
1645 ++ emit_andi(r_A, r_A, 1, ctx);
1646 ++ break;
1647 ++ case BPF_ANC | SKF_AD_PKTTYPE:
1648 ++ ctx->flags |= SEEN_SKB;
1649 ++
1650 ++ emit_load_byte(r_tmp, r_skb, PKT_TYPE_OFFSET(), ctx);
1651 ++ /* Keep only the last 3 bits */
1652 ++ emit_andi(r_A, r_tmp, PKT_TYPE_MAX, ctx);
1653 ++#ifdef __BIG_ENDIAN_BITFIELD
1654 ++ /* Get the actual packet type to the lower 3 bits */
1655 ++ emit_srl(r_A, r_A, 5, ctx);
1656 ++#endif
1657 ++ break;
1658 ++ case BPF_ANC | SKF_AD_QUEUE:
1659 ++ ctx->flags |= SEEN_SKB | SEEN_A;
1660 ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff,
1661 ++ queue_mapping) != 2);
1662 ++ BUILD_BUG_ON(offsetof(struct sk_buff,
1663 ++ queue_mapping) > 0xff);
1664 ++ off = offsetof(struct sk_buff, queue_mapping);
1665 ++ emit_half_load_unsigned(r_A, r_skb, off, ctx);
1666 ++ break;
1667 ++ default:
1668 ++ pr_debug("%s: Unhandled opcode: 0x%02x\n", __FILE__,
1669 ++ inst->code);
1670 ++ return -1;
1671 ++ }
1672 ++ }
1673 ++
1674 ++ /* compute offsets only during the first pass */
1675 ++ if (ctx->target == NULL)
1676 ++ ctx->offsets[i] = ctx->idx * 4;
1677 ++
1678 ++ return 0;
1679 ++}
1680 ++
1681 ++void bpf_jit_compile(struct bpf_prog *fp)
1682 ++{
1683 ++ struct jit_ctx ctx;
1684 ++ unsigned int alloc_size, tmp_idx;
1685 ++
1686 ++ if (!bpf_jit_enable)
1687 ++ return;
1688 ++
1689 ++ memset(&ctx, 0, sizeof(ctx));
1690 ++
1691 ++ ctx.offsets = kcalloc(fp->len + 1, sizeof(*ctx.offsets), GFP_KERNEL);
1692 ++ if (ctx.offsets == NULL)
1693 ++ return;
1694 ++
1695 ++ ctx.skf = fp;
1696 ++
1697 ++ if (build_body(&ctx))
1698 ++ goto out;
1699 ++
1700 ++ tmp_idx = ctx.idx;
1701 ++ build_prologue(&ctx);
1702 ++ ctx.prologue_bytes = (ctx.idx - tmp_idx) * 4;
1703 ++ /* just to complete the ctx.idx count */
1704 ++ build_epilogue(&ctx);
1705 ++
1706 ++ alloc_size = 4 * ctx.idx;
1707 ++ ctx.target = module_alloc(alloc_size);
1708 ++ if (ctx.target == NULL)
1709 ++ goto out;
1710 ++
1711 ++ /* Clean it */
1712 ++ memset(ctx.target, 0, alloc_size);
1713 ++
1714 ++ ctx.idx = 0;
1715 ++
1716 ++ /* Generate the actual JIT code */
1717 ++ build_prologue(&ctx);
1718 ++ if (build_body(&ctx)) {
1719 ++ module_memfree(ctx.target);
1720 ++ goto out;
1721 ++ }
1722 ++ build_epilogue(&ctx);
1723 ++
1724 ++ /* Update the icache */
1725 ++ flush_icache_range((ptr)ctx.target, (ptr)(ctx.target + ctx.idx));
1726 ++
1727 ++ if (bpf_jit_enable > 1)
1728 ++ /* Dump JIT code */
1729 ++ bpf_jit_dump(fp->len, alloc_size, 2, ctx.target);
1730 ++
1731 ++ fp->bpf_func = (void *)ctx.target;
1732 ++ fp->jited = 1;
1733 ++
1734 ++out:
1735 ++ kfree(ctx.offsets);
1736 ++}
1737 ++
1738 ++void bpf_jit_free(struct bpf_prog *fp)
1739 ++{
1740 ++ if (fp->jited)
1741 ++ module_memfree(fp->bpf_func);
1742 ++
1743 ++ bpf_prog_unlock_free(fp);
1744 ++}
1745 +diff --git a/arch/mips/net/bpf_jit_asm.S b/arch/mips/net/bpf_jit_asm.S
1746 +new file mode 100644
1747 +index 0000000000000..57154c5883b6f
1748 +--- /dev/null
1749 ++++ b/arch/mips/net/bpf_jit_asm.S
1750 +@@ -0,0 +1,285 @@
1751 ++/*
1752 ++ * bpf_jib_asm.S: Packet/header access helper functions for MIPS/MIPS64 BPF
1753 ++ * compiler.
1754 ++ *
1755 ++ * Copyright (C) 2015 Imagination Technologies Ltd.
1756 ++ * Author: Markos Chandras <markos.chandras@××××××.com>
1757 ++ *
1758 ++ * This program is free software; you can redistribute it and/or modify it
1759 ++ * under the terms of the GNU General Public License as published by the
1760 ++ * Free Software Foundation; version 2 of the License.
1761 ++ */
1762 ++
1763 ++#include <asm/asm.h>
1764 ++#include <asm/isa-rev.h>
1765 ++#include <asm/regdef.h>
1766 ++#include "bpf_jit.h"
1767 ++
1768 ++/* ABI
1769 ++ *
1770 ++ * r_skb_hl skb header length
1771 ++ * r_skb_data skb data
1772 ++ * r_off(a1) offset register
1773 ++ * r_A BPF register A
1774 ++ * r_X PF register X
1775 ++ * r_skb(a0) *skb
1776 ++ * r_M *scratch memory
1777 ++ * r_skb_le skb length
1778 ++ * r_s0 Scratch register 0
1779 ++ * r_s1 Scratch register 1
1780 ++ *
1781 ++ * On entry:
1782 ++ * a0: *skb
1783 ++ * a1: offset (imm or imm + X)
1784 ++ *
1785 ++ * All non-BPF-ABI registers are free for use. On return, we only
1786 ++ * care about r_ret. The BPF-ABI registers are assumed to remain
1787 ++ * unmodified during the entire filter operation.
1788 ++ */
1789 ++
1790 ++#define skb a0
1791 ++#define offset a1
1792 ++#define SKF_LL_OFF (-0x200000) /* Can't include linux/filter.h in assembly */
1793 ++
1794 ++ /* We know better :) so prevent assembler reordering etc */
1795 ++ .set noreorder
1796 ++
1797 ++#define is_offset_negative(TYPE) \
1798 ++ /* If offset is negative we have more work to do */ \
1799 ++ slti t0, offset, 0; \
1800 ++ bgtz t0, bpf_slow_path_##TYPE##_neg; \
1801 ++ /* Be careful what follows in DS. */
1802 ++
1803 ++#define is_offset_in_header(SIZE, TYPE) \
1804 ++ /* Reading from header? */ \
1805 ++ addiu $r_s0, $r_skb_hl, -SIZE; \
1806 ++ slt t0, $r_s0, offset; \
1807 ++ bgtz t0, bpf_slow_path_##TYPE; \
1808 ++
1809 ++LEAF(sk_load_word)
1810 ++ is_offset_negative(word)
1811 ++FEXPORT(sk_load_word_positive)
1812 ++ is_offset_in_header(4, word)
1813 ++ /* Offset within header boundaries */
1814 ++ PTR_ADDU t1, $r_skb_data, offset
1815 ++ .set reorder
1816 ++ lw $r_A, 0(t1)
1817 ++ .set noreorder
1818 ++#ifdef CONFIG_CPU_LITTLE_ENDIAN
1819 ++# if MIPS_ISA_REV >= 2
1820 ++ wsbh t0, $r_A
1821 ++ rotr $r_A, t0, 16
1822 ++# else
1823 ++ sll t0, $r_A, 24
1824 ++ srl t1, $r_A, 24
1825 ++ srl t2, $r_A, 8
1826 ++ or t0, t0, t1
1827 ++ andi t2, t2, 0xff00
1828 ++ andi t1, $r_A, 0xff00
1829 ++ or t0, t0, t2
1830 ++ sll t1, t1, 8
1831 ++ or $r_A, t0, t1
1832 ++# endif
1833 ++#endif
1834 ++ jr $r_ra
1835 ++ move $r_ret, zero
1836 ++ END(sk_load_word)
1837 ++
1838 ++LEAF(sk_load_half)
1839 ++ is_offset_negative(half)
1840 ++FEXPORT(sk_load_half_positive)
1841 ++ is_offset_in_header(2, half)
1842 ++ /* Offset within header boundaries */
1843 ++ PTR_ADDU t1, $r_skb_data, offset
1844 ++ lhu $r_A, 0(t1)
1845 ++#ifdef CONFIG_CPU_LITTLE_ENDIAN
1846 ++# if MIPS_ISA_REV >= 2
1847 ++ wsbh $r_A, $r_A
1848 ++# else
1849 ++ sll t0, $r_A, 8
1850 ++ srl t1, $r_A, 8
1851 ++ andi t0, t0, 0xff00
1852 ++ or $r_A, t0, t1
1853 ++# endif
1854 ++#endif
1855 ++ jr $r_ra
1856 ++ move $r_ret, zero
1857 ++ END(sk_load_half)
1858 ++
1859 ++LEAF(sk_load_byte)
1860 ++ is_offset_negative(byte)
1861 ++FEXPORT(sk_load_byte_positive)
1862 ++ is_offset_in_header(1, byte)
1863 ++ /* Offset within header boundaries */
1864 ++ PTR_ADDU t1, $r_skb_data, offset
1865 ++ lbu $r_A, 0(t1)
1866 ++ jr $r_ra
1867 ++ move $r_ret, zero
1868 ++ END(sk_load_byte)
1869 ++
1870 ++/*
1871 ++ * call skb_copy_bits:
1872 ++ * (prototype in linux/skbuff.h)
1873 ++ *
1874 ++ * int skb_copy_bits(sk_buff *skb, int offset, void *to, int len)
1875 ++ *
1876 ++ * o32 mandates we leave 4 spaces for argument registers in case
1877 ++ * the callee needs to use them. Even though we don't care about
1878 ++ * the argument registers ourselves, we need to allocate that space
1879 ++ * to remain ABI compliant since the callee may want to use that space.
1880 ++ * We also allocate 2 more spaces for $r_ra and our return register (*to).
1881 ++ *
1882 ++ * n64 is a bit different. The *caller* will allocate the space to preserve
1883 ++ * the arguments. So in 64-bit kernels, we allocate the 4-arg space for no
1884 ++ * good reason but it does not matter that much really.
1885 ++ *
1886 ++ * (void *to) is returned in r_s0
1887 ++ *
1888 ++ */
1889 ++#ifdef CONFIG_CPU_LITTLE_ENDIAN
1890 ++#define DS_OFFSET(SIZE) (4 * SZREG)
1891 ++#else
1892 ++#define DS_OFFSET(SIZE) ((4 * SZREG) + (4 - SIZE))
1893 ++#endif
1894 ++#define bpf_slow_path_common(SIZE) \
1895 ++ /* Quick check. Are we within reasonable boundaries? */ \
1896 ++ LONG_ADDIU $r_s1, $r_skb_len, -SIZE; \
1897 ++ sltu $r_s0, offset, $r_s1; \
1898 ++ beqz $r_s0, fault; \
1899 ++ /* Load 4th argument in DS */ \
1900 ++ LONG_ADDIU a3, zero, SIZE; \
1901 ++ PTR_ADDIU $r_sp, $r_sp, -(6 * SZREG); \
1902 ++ PTR_LA t0, skb_copy_bits; \
1903 ++ PTR_S $r_ra, (5 * SZREG)($r_sp); \
1904 ++ /* Assign low slot to a2 */ \
1905 ++ PTR_ADDIU a2, $r_sp, DS_OFFSET(SIZE); \
1906 ++ jalr t0; \
1907 ++ /* Reset our destination slot (DS but it's ok) */ \
1908 ++ INT_S zero, (4 * SZREG)($r_sp); \
1909 ++ /* \
1910 ++ * skb_copy_bits returns 0 on success and -EFAULT \
1911 ++ * on error. Our data live in a2. Do not bother with \
1912 ++ * our data if an error has been returned. \
1913 ++ */ \
1914 ++ /* Restore our frame */ \
1915 ++ PTR_L $r_ra, (5 * SZREG)($r_sp); \
1916 ++ INT_L $r_s0, (4 * SZREG)($r_sp); \
1917 ++ bltz v0, fault; \
1918 ++ PTR_ADDIU $r_sp, $r_sp, 6 * SZREG; \
1919 ++ move $r_ret, zero; \
1920 ++
1921 ++NESTED(bpf_slow_path_word, (6 * SZREG), $r_sp)
1922 ++ bpf_slow_path_common(4)
1923 ++#ifdef CONFIG_CPU_LITTLE_ENDIAN
1924 ++# if MIPS_ISA_REV >= 2
1925 ++ wsbh t0, $r_s0
1926 ++ jr $r_ra
1927 ++ rotr $r_A, t0, 16
1928 ++# else
1929 ++ sll t0, $r_s0, 24
1930 ++ srl t1, $r_s0, 24
1931 ++ srl t2, $r_s0, 8
1932 ++ or t0, t0, t1
1933 ++ andi t2, t2, 0xff00
1934 ++ andi t1, $r_s0, 0xff00
1935 ++ or t0, t0, t2
1936 ++ sll t1, t1, 8
1937 ++ jr $r_ra
1938 ++ or $r_A, t0, t1
1939 ++# endif
1940 ++#else
1941 ++ jr $r_ra
1942 ++ move $r_A, $r_s0
1943 ++#endif
1944 ++
1945 ++ END(bpf_slow_path_word)
1946 ++
1947 ++NESTED(bpf_slow_path_half, (6 * SZREG), $r_sp)
1948 ++ bpf_slow_path_common(2)
1949 ++#ifdef CONFIG_CPU_LITTLE_ENDIAN
1950 ++# if MIPS_ISA_REV >= 2
1951 ++ jr $r_ra
1952 ++ wsbh $r_A, $r_s0
1953 ++# else
1954 ++ sll t0, $r_s0, 8
1955 ++ andi t1, $r_s0, 0xff00
1956 ++ andi t0, t0, 0xff00
1957 ++ srl t1, t1, 8
1958 ++ jr $r_ra
1959 ++ or $r_A, t0, t1
1960 ++# endif
1961 ++#else
1962 ++ jr $r_ra
1963 ++ move $r_A, $r_s0
1964 ++#endif
1965 ++
1966 ++ END(bpf_slow_path_half)
1967 ++
1968 ++NESTED(bpf_slow_path_byte, (6 * SZREG), $r_sp)
1969 ++ bpf_slow_path_common(1)
1970 ++ jr $r_ra
1971 ++ move $r_A, $r_s0
1972 ++
1973 ++ END(bpf_slow_path_byte)
1974 ++
1975 ++/*
1976 ++ * Negative entry points
1977 ++ */
1978 ++ .macro bpf_is_end_of_data
1979 ++ li t0, SKF_LL_OFF
1980 ++ /* Reading link layer data? */
1981 ++ slt t1, offset, t0
1982 ++ bgtz t1, fault
1983 ++ /* Be careful what follows in DS. */
1984 ++ .endm
1985 ++/*
1986 ++ * call skb_copy_bits:
1987 ++ * (prototype in linux/filter.h)
1988 ++ *
1989 ++ * void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb,
1990 ++ * int k, unsigned int size)
1991 ++ *
1992 ++ * see above (bpf_slow_path_common) for ABI restrictions
1993 ++ */
1994 ++#define bpf_negative_common(SIZE) \
1995 ++ PTR_ADDIU $r_sp, $r_sp, -(6 * SZREG); \
1996 ++ PTR_LA t0, bpf_internal_load_pointer_neg_helper; \
1997 ++ PTR_S $r_ra, (5 * SZREG)($r_sp); \
1998 ++ jalr t0; \
1999 ++ li a2, SIZE; \
2000 ++ PTR_L $r_ra, (5 * SZREG)($r_sp); \
2001 ++ /* Check return pointer */ \
2002 ++ beqz v0, fault; \
2003 ++ PTR_ADDIU $r_sp, $r_sp, 6 * SZREG; \
2004 ++ /* Preserve our pointer */ \
2005 ++ move $r_s0, v0; \
2006 ++ /* Set return value */ \
2007 ++ move $r_ret, zero; \
2008 ++
2009 ++bpf_slow_path_word_neg:
2010 ++ bpf_is_end_of_data
2011 ++NESTED(sk_load_word_negative, (6 * SZREG), $r_sp)
2012 ++ bpf_negative_common(4)
2013 ++ jr $r_ra
2014 ++ lw $r_A, 0($r_s0)
2015 ++ END(sk_load_word_negative)
2016 ++
2017 ++bpf_slow_path_half_neg:
2018 ++ bpf_is_end_of_data
2019 ++NESTED(sk_load_half_negative, (6 * SZREG), $r_sp)
2020 ++ bpf_negative_common(2)
2021 ++ jr $r_ra
2022 ++ lhu $r_A, 0($r_s0)
2023 ++ END(sk_load_half_negative)
2024 ++
2025 ++bpf_slow_path_byte_neg:
2026 ++ bpf_is_end_of_data
2027 ++NESTED(sk_load_byte_negative, (6 * SZREG), $r_sp)
2028 ++ bpf_negative_common(1)
2029 ++ jr $r_ra
2030 ++ lbu $r_A, 0($r_s0)
2031 ++ END(sk_load_byte_negative)
2032 ++
2033 ++fault:
2034 ++ jr $r_ra
2035 ++ addiu $r_ret, zero, 1
2036 +diff --git a/arch/powerpc/boot/dts/fsl/t1023rdb.dts b/arch/powerpc/boot/dts/fsl/t1023rdb.dts
2037 +index 5ba6fbfca2742..f82f85c65964c 100644
2038 +--- a/arch/powerpc/boot/dts/fsl/t1023rdb.dts
2039 ++++ b/arch/powerpc/boot/dts/fsl/t1023rdb.dts
2040 +@@ -154,7 +154,7 @@
2041 +
2042 + fm1mac3: ethernet@e4000 {
2043 + phy-handle = <&sgmii_aqr_phy3>;
2044 +- phy-connection-type = "sgmii-2500";
2045 ++ phy-connection-type = "2500base-x";
2046 + sleep = <&rcpm 0x20000000>;
2047 + };
2048 +
2049 +diff --git a/arch/riscv/include/uapi/asm/unistd.h b/arch/riscv/include/uapi/asm/unistd.h
2050 +index 13ce76cc5affe..80dff2c2bf677 100644
2051 +--- a/arch/riscv/include/uapi/asm/unistd.h
2052 ++++ b/arch/riscv/include/uapi/asm/unistd.h
2053 +@@ -18,9 +18,10 @@
2054 + #ifdef __LP64__
2055 + #define __ARCH_WANT_NEW_STAT
2056 + #define __ARCH_WANT_SET_GET_RLIMIT
2057 +-#define __ARCH_WANT_SYS_CLONE3
2058 + #endif /* __LP64__ */
2059 +
2060 ++#define __ARCH_WANT_SYS_CLONE3
2061 ++
2062 + #include <asm-generic/unistd.h>
2063 +
2064 + /*
2065 +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c
2066 +index 2d29966276296..f63e4cb6c9b31 100644
2067 +--- a/arch/s390/net/bpf_jit_comp.c
2068 ++++ b/arch/s390/net/bpf_jit_comp.c
2069 +@@ -1385,7 +1385,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp)
2070 + jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL);
2071 + if (jit.addrs == NULL) {
2072 + fp = orig_fp;
2073 +- goto out;
2074 ++ goto free_addrs;
2075 + }
2076 + /*
2077 + * Three initial passes:
2078 +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
2079 +index 36a28b9e46cbd..8c1590432e866 100644
2080 +--- a/arch/x86/Kconfig
2081 ++++ b/arch/x86/Kconfig
2082 +@@ -1425,7 +1425,7 @@ config HIGHMEM4G
2083 +
2084 + config HIGHMEM64G
2085 + bool "64GB"
2086 +- depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !WINCHIP3D && !MK6
2087 ++ depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6
2088 + select X86_PAE
2089 + ---help---
2090 + Select this if you have a 32-bit processor and more than 4
2091 +diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c
2092 +index 2f9ec14be3b11..6f6b1d04dadf9 100644
2093 +--- a/arch/x86/kernel/early-quirks.c
2094 ++++ b/arch/x86/kernel/early-quirks.c
2095 +@@ -710,12 +710,6 @@ static struct chipset early_qrk[] __initdata = {
2096 + */
2097 + { PCI_VENDOR_ID_INTEL, 0x0f00,
2098 + PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet},
2099 +- { PCI_VENDOR_ID_INTEL, 0x3e20,
2100 +- PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet},
2101 +- { PCI_VENDOR_ID_INTEL, 0x3ec4,
2102 +- PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet},
2103 +- { PCI_VENDOR_ID_INTEL, 0x8a12,
2104 +- PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet},
2105 + { PCI_VENDOR_ID_BROADCOM, 0x4331,
2106 + PCI_CLASS_NETWORK_OTHER, PCI_ANY_ID, 0, apple_airport_reset},
2107 + {}
2108 +diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c
2109 +index c6f791bc481eb..9834d221e390f 100644
2110 +--- a/arch/x86/kernel/hpet.c
2111 ++++ b/arch/x86/kernel/hpet.c
2112 +@@ -9,6 +9,7 @@
2113 +
2114 + #include <asm/hpet.h>
2115 + #include <asm/time.h>
2116 ++#include <asm/mwait.h>
2117 +
2118 + #undef pr_fmt
2119 + #define pr_fmt(fmt) "hpet: " fmt
2120 +@@ -806,6 +807,83 @@ static bool __init hpet_counting(void)
2121 + return false;
2122 + }
2123 +
2124 ++static bool __init mwait_pc10_supported(void)
2125 ++{
2126 ++ unsigned int eax, ebx, ecx, mwait_substates;
2127 ++
2128 ++ if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL)
2129 ++ return false;
2130 ++
2131 ++ if (!cpu_feature_enabled(X86_FEATURE_MWAIT))
2132 ++ return false;
2133 ++
2134 ++ if (boot_cpu_data.cpuid_level < CPUID_MWAIT_LEAF)
2135 ++ return false;
2136 ++
2137 ++ cpuid(CPUID_MWAIT_LEAF, &eax, &ebx, &ecx, &mwait_substates);
2138 ++
2139 ++ return (ecx & CPUID5_ECX_EXTENSIONS_SUPPORTED) &&
2140 ++ (ecx & CPUID5_ECX_INTERRUPT_BREAK) &&
2141 ++ (mwait_substates & (0xF << 28));
2142 ++}
2143 ++
2144 ++/*
2145 ++ * Check whether the system supports PC10. If so force disable HPET as that
2146 ++ * stops counting in PC10. This check is overbroad as it does not take any
2147 ++ * of the following into account:
2148 ++ *
2149 ++ * - ACPI tables
2150 ++ * - Enablement of intel_idle
2151 ++ * - Command line arguments which limit intel_idle C-state support
2152 ++ *
2153 ++ * That's perfectly fine. HPET is a piece of hardware designed by committee
2154 ++ * and the only reasons why it is still in use on modern systems is the
2155 ++ * fact that it is impossible to reliably query TSC and CPU frequency via
2156 ++ * CPUID or firmware.
2157 ++ *
2158 ++ * If HPET is functional it is useful for calibrating TSC, but this can be
2159 ++ * done via PMTIMER as well which seems to be the last remaining timer on
2160 ++ * X86/INTEL platforms that has not been completely wreckaged by feature
2161 ++ * creep.
2162 ++ *
2163 ++ * In theory HPET support should be removed altogether, but there are older
2164 ++ * systems out there which depend on it because TSC and APIC timer are
2165 ++ * dysfunctional in deeper C-states.
2166 ++ *
2167 ++ * It's only 20 years now that hardware people have been asked to provide
2168 ++ * reliable and discoverable facilities which can be used for timekeeping
2169 ++ * and per CPU timer interrupts.
2170 ++ *
2171 ++ * The probability that this problem is going to be solved in the
2172 ++ * forseeable future is close to zero, so the kernel has to be cluttered
2173 ++ * with heuristics to keep up with the ever growing amount of hardware and
2174 ++ * firmware trainwrecks. Hopefully some day hardware people will understand
2175 ++ * that the approach of "This can be fixed in software" is not sustainable.
2176 ++ * Hope dies last...
2177 ++ */
2178 ++static bool __init hpet_is_pc10_damaged(void)
2179 ++{
2180 ++ unsigned long long pcfg;
2181 ++
2182 ++ /* Check whether PC10 substates are supported */
2183 ++ if (!mwait_pc10_supported())
2184 ++ return false;
2185 ++
2186 ++ /* Check whether PC10 is enabled in PKG C-state limit */
2187 ++ rdmsrl(MSR_PKG_CST_CONFIG_CONTROL, pcfg);
2188 ++ if ((pcfg & 0xF) < 8)
2189 ++ return false;
2190 ++
2191 ++ if (hpet_force_user) {
2192 ++ pr_warn("HPET force enabled via command line, but dysfunctional in PC10.\n");
2193 ++ return false;
2194 ++ }
2195 ++
2196 ++ pr_info("HPET dysfunctional in PC10. Force disabled.\n");
2197 ++ boot_hpet_disable = true;
2198 ++ return true;
2199 ++}
2200 ++
2201 + /**
2202 + * hpet_enable - Try to setup the HPET timer. Returns 1 on success.
2203 + */
2204 +@@ -819,6 +897,9 @@ int __init hpet_enable(void)
2205 + if (!is_hpet_capable())
2206 + return 0;
2207 +
2208 ++ if (hpet_is_pc10_damaged())
2209 ++ return 0;
2210 ++
2211 + hpet_set_mapping();
2212 + if (!hpet_virt_address)
2213 + return 0;
2214 +diff --git a/arch/x86/platform/olpc/olpc.c b/arch/x86/platform/olpc/olpc.c
2215 +index ee2beda590d0d..1d4a00e767ece 100644
2216 +--- a/arch/x86/platform/olpc/olpc.c
2217 ++++ b/arch/x86/platform/olpc/olpc.c
2218 +@@ -274,7 +274,7 @@ static struct olpc_ec_driver ec_xo1_driver = {
2219 +
2220 + static struct olpc_ec_driver ec_xo1_5_driver = {
2221 + .ec_cmd = olpc_xo1_ec_cmd,
2222 +-#ifdef CONFIG_OLPC_XO1_5_SCI
2223 ++#ifdef CONFIG_OLPC_XO15_SCI
2224 + /*
2225 + * XO-1.5 EC wakeups are available when olpc-xo15-sci driver is
2226 + * compiled in
2227 +diff --git a/arch/xtensa/include/asm/kmem_layout.h b/arch/xtensa/include/asm/kmem_layout.h
2228 +index 9c12babc016cd..6fc05cba61a27 100644
2229 +--- a/arch/xtensa/include/asm/kmem_layout.h
2230 ++++ b/arch/xtensa/include/asm/kmem_layout.h
2231 +@@ -11,6 +11,7 @@
2232 + #ifndef _XTENSA_KMEM_LAYOUT_H
2233 + #define _XTENSA_KMEM_LAYOUT_H
2234 +
2235 ++#include <asm/core.h>
2236 + #include <asm/types.h>
2237 +
2238 + #ifdef CONFIG_MMU
2239 +@@ -65,6 +66,34 @@
2240 +
2241 + #endif
2242 +
2243 ++/* KIO definition */
2244 ++
2245 ++#if XCHAL_HAVE_PTP_MMU
2246 ++#define XCHAL_KIO_CACHED_VADDR 0xe0000000
2247 ++#define XCHAL_KIO_BYPASS_VADDR 0xf0000000
2248 ++#define XCHAL_KIO_DEFAULT_PADDR 0xf0000000
2249 ++#else
2250 ++#define XCHAL_KIO_BYPASS_VADDR XCHAL_KIO_PADDR
2251 ++#define XCHAL_KIO_DEFAULT_PADDR 0x90000000
2252 ++#endif
2253 ++#define XCHAL_KIO_SIZE 0x10000000
2254 ++
2255 ++#if (!XCHAL_HAVE_PTP_MMU || XCHAL_HAVE_SPANNING_WAY) && defined(CONFIG_USE_OF)
2256 ++#define XCHAL_KIO_PADDR xtensa_get_kio_paddr()
2257 ++#ifndef __ASSEMBLY__
2258 ++extern unsigned long xtensa_kio_paddr;
2259 ++
2260 ++static inline unsigned long xtensa_get_kio_paddr(void)
2261 ++{
2262 ++ return xtensa_kio_paddr;
2263 ++}
2264 ++#endif
2265 ++#else
2266 ++#define XCHAL_KIO_PADDR XCHAL_KIO_DEFAULT_PADDR
2267 ++#endif
2268 ++
2269 ++/* KERNEL_STACK definition */
2270 ++
2271 + #ifndef CONFIG_KASAN
2272 + #define KERNEL_STACK_SHIFT 13
2273 + #else
2274 +diff --git a/arch/xtensa/include/asm/vectors.h b/arch/xtensa/include/asm/vectors.h
2275 +index 79fe3007919eb..4220c6dac44f4 100644
2276 +--- a/arch/xtensa/include/asm/vectors.h
2277 ++++ b/arch/xtensa/include/asm/vectors.h
2278 +@@ -21,50 +21,14 @@
2279 + #include <asm/core.h>
2280 + #include <asm/kmem_layout.h>
2281 +
2282 +-#if XCHAL_HAVE_PTP_MMU
2283 +-#define XCHAL_KIO_CACHED_VADDR 0xe0000000
2284 +-#define XCHAL_KIO_BYPASS_VADDR 0xf0000000
2285 +-#define XCHAL_KIO_DEFAULT_PADDR 0xf0000000
2286 +-#else
2287 +-#define XCHAL_KIO_BYPASS_VADDR XCHAL_KIO_PADDR
2288 +-#define XCHAL_KIO_DEFAULT_PADDR 0x90000000
2289 +-#endif
2290 +-#define XCHAL_KIO_SIZE 0x10000000
2291 +-
2292 +-#if (!XCHAL_HAVE_PTP_MMU || XCHAL_HAVE_SPANNING_WAY) && defined(CONFIG_OF)
2293 +-#define XCHAL_KIO_PADDR xtensa_get_kio_paddr()
2294 +-#ifndef __ASSEMBLY__
2295 +-extern unsigned long xtensa_kio_paddr;
2296 +-
2297 +-static inline unsigned long xtensa_get_kio_paddr(void)
2298 +-{
2299 +- return xtensa_kio_paddr;
2300 +-}
2301 +-#endif
2302 +-#else
2303 +-#define XCHAL_KIO_PADDR XCHAL_KIO_DEFAULT_PADDR
2304 +-#endif
2305 +-
2306 +-#if defined(CONFIG_MMU)
2307 +-
2308 +-#if XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY
2309 +-/* Image Virtual Start Address */
2310 +-#define KERNELOFFSET (XCHAL_KSEG_CACHED_VADDR + \
2311 +- CONFIG_KERNEL_LOAD_ADDRESS - \
2312 ++#if defined(CONFIG_MMU) && XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY
2313 ++#define KERNELOFFSET (CONFIG_KERNEL_LOAD_ADDRESS + \
2314 ++ XCHAL_KSEG_CACHED_VADDR - \
2315 + XCHAL_KSEG_PADDR)
2316 + #else
2317 + #define KERNELOFFSET CONFIG_KERNEL_LOAD_ADDRESS
2318 + #endif
2319 +
2320 +-#else /* !defined(CONFIG_MMU) */
2321 +- /* MMU Not being used - Virtual == Physical */
2322 +-
2323 +-/* Location of the start of the kernel text, _start */
2324 +-#define KERNELOFFSET CONFIG_KERNEL_LOAD_ADDRESS
2325 +-
2326 +-
2327 +-#endif /* CONFIG_MMU */
2328 +-
2329 + #define RESET_VECTOR1_VADDR (XCHAL_RESET_VECTOR1_VADDR)
2330 + #ifdef CONFIG_VECTORS_OFFSET
2331 + #define VECBASE_VADDR (KERNELOFFSET - CONFIG_VECTORS_OFFSET)
2332 +diff --git a/arch/xtensa/kernel/irq.c b/arch/xtensa/kernel/irq.c
2333 +index a48bf2d10ac2d..80cc9770a8d2d 100644
2334 +--- a/arch/xtensa/kernel/irq.c
2335 ++++ b/arch/xtensa/kernel/irq.c
2336 +@@ -145,7 +145,7 @@ unsigned xtensa_get_ext_irq_no(unsigned irq)
2337 +
2338 + void __init init_IRQ(void)
2339 + {
2340 +-#ifdef CONFIG_OF
2341 ++#ifdef CONFIG_USE_OF
2342 + irqchip_init();
2343 + #else
2344 + #ifdef CONFIG_HAVE_SMP
2345 +diff --git a/arch/xtensa/kernel/setup.c b/arch/xtensa/kernel/setup.c
2346 +index d08172138369b..5a25bc2b80521 100644
2347 +--- a/arch/xtensa/kernel/setup.c
2348 ++++ b/arch/xtensa/kernel/setup.c
2349 +@@ -64,7 +64,7 @@ extern unsigned long initrd_end;
2350 + extern int initrd_below_start_ok;
2351 + #endif
2352 +
2353 +-#ifdef CONFIG_OF
2354 ++#ifdef CONFIG_USE_OF
2355 + void *dtb_start = __dtb_start;
2356 + #endif
2357 +
2358 +@@ -126,7 +126,7 @@ __tagtable(BP_TAG_INITRD, parse_tag_initrd);
2359 +
2360 + #endif /* CONFIG_BLK_DEV_INITRD */
2361 +
2362 +-#ifdef CONFIG_OF
2363 ++#ifdef CONFIG_USE_OF
2364 +
2365 + static int __init parse_tag_fdt(const bp_tag_t *tag)
2366 + {
2367 +@@ -136,7 +136,7 @@ static int __init parse_tag_fdt(const bp_tag_t *tag)
2368 +
2369 + __tagtable(BP_TAG_FDT, parse_tag_fdt);
2370 +
2371 +-#endif /* CONFIG_OF */
2372 ++#endif /* CONFIG_USE_OF */
2373 +
2374 + static int __init parse_tag_cmdline(const bp_tag_t* tag)
2375 + {
2376 +@@ -184,7 +184,7 @@ static int __init parse_bootparam(const bp_tag_t *tag)
2377 + }
2378 + #endif
2379 +
2380 +-#ifdef CONFIG_OF
2381 ++#ifdef CONFIG_USE_OF
2382 +
2383 + #if !XCHAL_HAVE_PTP_MMU || XCHAL_HAVE_SPANNING_WAY
2384 + unsigned long xtensa_kio_paddr = XCHAL_KIO_DEFAULT_PADDR;
2385 +@@ -233,7 +233,7 @@ void __init early_init_devtree(void *params)
2386 + strlcpy(command_line, boot_command_line, COMMAND_LINE_SIZE);
2387 + }
2388 +
2389 +-#endif /* CONFIG_OF */
2390 ++#endif /* CONFIG_USE_OF */
2391 +
2392 + /*
2393 + * Initialize architecture. (Early stage)
2394 +@@ -254,7 +254,7 @@ void __init init_arch(bp_tag_t *bp_start)
2395 + if (bp_start)
2396 + parse_bootparam(bp_start);
2397 +
2398 +-#ifdef CONFIG_OF
2399 ++#ifdef CONFIG_USE_OF
2400 + early_init_devtree(dtb_start);
2401 + #endif
2402 +
2403 +diff --git a/arch/xtensa/mm/mmu.c b/arch/xtensa/mm/mmu.c
2404 +index 03678c4afc39b..bc858a7f98ba4 100644
2405 +--- a/arch/xtensa/mm/mmu.c
2406 ++++ b/arch/xtensa/mm/mmu.c
2407 +@@ -101,7 +101,7 @@ void init_mmu(void)
2408 +
2409 + void init_kio(void)
2410 + {
2411 +-#if XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY && defined(CONFIG_OF)
2412 ++#if XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY && defined(CONFIG_USE_OF)
2413 + /*
2414 + * Update the IO area mapping in case xtensa_kio_paddr has changed
2415 + */
2416 +diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c
2417 +index 90053c4a8290d..469ca73de4ce7 100644
2418 +--- a/drivers/bus/ti-sysc.c
2419 ++++ b/drivers/bus/ti-sysc.c
2420 +@@ -1388,6 +1388,9 @@ static const struct sysc_revision_quirk sysc_revision_quirks[] = {
2421 + /* Quirks that need to be set based on detected module */
2422 + SYSC_QUIRK("aess", 0, 0, 0x10, -ENODEV, 0x40000000, 0xffffffff,
2423 + SYSC_MODULE_QUIRK_AESS),
2424 ++ /* Errata i893 handling for dra7 dcan1 and 2 */
2425 ++ SYSC_QUIRK("dcan", 0x4ae3c000, 0x20, -ENODEV, -ENODEV, 0xa3170504, 0xffffffff,
2426 ++ SYSC_QUIRK_CLKDM_NOAUTO),
2427 + SYSC_QUIRK("dcan", 0x48480000, 0x20, -ENODEV, -ENODEV, 0xa3170504, 0xffffffff,
2428 + SYSC_QUIRK_CLKDM_NOAUTO),
2429 + SYSC_QUIRK("dss", 0x4832a000, 0, 0x10, 0x14, 0x00000020, 0xffffffff,
2430 +diff --git a/drivers/gpu/drm/nouveau/nouveau_debugfs.c b/drivers/gpu/drm/nouveau/nouveau_debugfs.c
2431 +index 3b13feca970f7..3c54d61e4fa94 100644
2432 +--- a/drivers/gpu/drm/nouveau/nouveau_debugfs.c
2433 ++++ b/drivers/gpu/drm/nouveau/nouveau_debugfs.c
2434 +@@ -207,6 +207,7 @@ static const struct file_operations nouveau_pstate_fops = {
2435 + .open = nouveau_debugfs_pstate_open,
2436 + .read = seq_read,
2437 + .write = nouveau_debugfs_pstate_set,
2438 ++ .release = single_release,
2439 + };
2440 +
2441 + static struct drm_info_list nouveau_debugfs_list[] = {
2442 +diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c
2443 +index c70983780ae79..fe466ee4c49bf 100644
2444 +--- a/drivers/i2c/i2c-core-acpi.c
2445 ++++ b/drivers/i2c/i2c-core-acpi.c
2446 +@@ -436,6 +436,7 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value,
2447 + break;
2448 +
2449 + i2c_acpi_register_device(adapter, adev, &info);
2450 ++ put_device(&adapter->dev);
2451 + break;
2452 + case ACPI_RECONFIG_DEVICE_REMOVE:
2453 + if (!acpi_device_enumerated(adev))
2454 +diff --git a/drivers/mmc/host/meson-gx-mmc.c b/drivers/mmc/host/meson-gx-mmc.c
2455 +index a3e3b274f0ea3..cdd57ce55b2fa 100644
2456 +--- a/drivers/mmc/host/meson-gx-mmc.c
2457 ++++ b/drivers/mmc/host/meson-gx-mmc.c
2458 +@@ -738,7 +738,7 @@ static void meson_mmc_desc_chain_transfer(struct mmc_host *mmc, u32 cmd_cfg)
2459 + writel(start, host->regs + SD_EMMC_START);
2460 + }
2461 +
2462 +-/* local sg copy to buffer version with _to/fromio usage for dram_access_quirk */
2463 ++/* local sg copy for dram_access_quirk */
2464 + static void meson_mmc_copy_buffer(struct meson_host *host, struct mmc_data *data,
2465 + size_t buflen, bool to_buffer)
2466 + {
2467 +@@ -756,21 +756,27 @@ static void meson_mmc_copy_buffer(struct meson_host *host, struct mmc_data *data
2468 + sg_miter_start(&miter, sgl, nents, sg_flags);
2469 +
2470 + while ((offset < buflen) && sg_miter_next(&miter)) {
2471 +- unsigned int len;
2472 ++ unsigned int buf_offset = 0;
2473 ++ unsigned int len, left;
2474 ++ u32 *buf = miter.addr;
2475 +
2476 + len = min(miter.length, buflen - offset);
2477 ++ left = len;
2478 +
2479 +- /* When dram_access_quirk, the bounce buffer is a iomem mapping */
2480 +- if (host->dram_access_quirk) {
2481 +- if (to_buffer)
2482 +- memcpy_toio(host->bounce_iomem_buf + offset, miter.addr, len);
2483 +- else
2484 +- memcpy_fromio(miter.addr, host->bounce_iomem_buf + offset, len);
2485 ++ if (to_buffer) {
2486 ++ do {
2487 ++ writel(*buf++, host->bounce_iomem_buf + offset + buf_offset);
2488 ++
2489 ++ buf_offset += 4;
2490 ++ left -= 4;
2491 ++ } while (left);
2492 + } else {
2493 +- if (to_buffer)
2494 +- memcpy(host->bounce_buf + offset, miter.addr, len);
2495 +- else
2496 +- memcpy(miter.addr, host->bounce_buf + offset, len);
2497 ++ do {
2498 ++ *buf++ = readl(host->bounce_iomem_buf + offset + buf_offset);
2499 ++
2500 ++ buf_offset += 4;
2501 ++ left -= 4;
2502 ++ } while (left);
2503 + }
2504 +
2505 + offset += len;
2506 +@@ -822,7 +828,11 @@ static void meson_mmc_start_cmd(struct mmc_host *mmc, struct mmc_command *cmd)
2507 + if (data->flags & MMC_DATA_WRITE) {
2508 + cmd_cfg |= CMD_CFG_DATA_WR;
2509 + WARN_ON(xfer_bytes > host->bounce_buf_size);
2510 +- meson_mmc_copy_buffer(host, data, xfer_bytes, true);
2511 ++ if (host->dram_access_quirk)
2512 ++ meson_mmc_copy_buffer(host, data, xfer_bytes, true);
2513 ++ else
2514 ++ sg_copy_to_buffer(data->sg, data->sg_len,
2515 ++ host->bounce_buf, xfer_bytes);
2516 + dma_wmb();
2517 + }
2518 +
2519 +@@ -841,12 +851,43 @@ static void meson_mmc_start_cmd(struct mmc_host *mmc, struct mmc_command *cmd)
2520 + writel(cmd->arg, host->regs + SD_EMMC_CMD_ARG);
2521 + }
2522 +
2523 ++static int meson_mmc_validate_dram_access(struct mmc_host *mmc, struct mmc_data *data)
2524 ++{
2525 ++ struct scatterlist *sg;
2526 ++ int i;
2527 ++
2528 ++ /* Reject request if any element offset or size is not 32bit aligned */
2529 ++ for_each_sg(data->sg, sg, data->sg_len, i) {
2530 ++ if (!IS_ALIGNED(sg->offset, sizeof(u32)) ||
2531 ++ !IS_ALIGNED(sg->length, sizeof(u32))) {
2532 ++ dev_err(mmc_dev(mmc), "unaligned sg offset %u len %u\n",
2533 ++ data->sg->offset, data->sg->length);
2534 ++ return -EINVAL;
2535 ++ }
2536 ++ }
2537 ++
2538 ++ return 0;
2539 ++}
2540 ++
2541 + static void meson_mmc_request(struct mmc_host *mmc, struct mmc_request *mrq)
2542 + {
2543 + struct meson_host *host = mmc_priv(mmc);
2544 + bool needs_pre_post_req = mrq->data &&
2545 + !(mrq->data->host_cookie & SD_EMMC_PRE_REQ_DONE);
2546 +
2547 ++ /*
2548 ++ * The memory at the end of the controller used as bounce buffer for
2549 ++ * the dram_access_quirk only accepts 32bit read/write access,
2550 ++ * check the aligment and length of the data before starting the request.
2551 ++ */
2552 ++ if (host->dram_access_quirk && mrq->data) {
2553 ++ mrq->cmd->error = meson_mmc_validate_dram_access(mmc, mrq->data);
2554 ++ if (mrq->cmd->error) {
2555 ++ mmc_request_done(mmc, mrq);
2556 ++ return;
2557 ++ }
2558 ++ }
2559 ++
2560 + if (needs_pre_post_req) {
2561 + meson_mmc_get_transfer_mode(mmc, mrq);
2562 + if (!meson_mmc_desc_chain_mode(mrq->data))
2563 +@@ -991,7 +1032,11 @@ static irqreturn_t meson_mmc_irq_thread(int irq, void *dev_id)
2564 + if (meson_mmc_bounce_buf_read(data)) {
2565 + xfer_bytes = data->blksz * data->blocks;
2566 + WARN_ON(xfer_bytes > host->bounce_buf_size);
2567 +- meson_mmc_copy_buffer(host, data, xfer_bytes, false);
2568 ++ if (host->dram_access_quirk)
2569 ++ meson_mmc_copy_buffer(host, data, xfer_bytes, false);
2570 ++ else
2571 ++ sg_copy_from_buffer(data->sg, data->sg_len,
2572 ++ host->bounce_buf, xfer_bytes);
2573 + }
2574 +
2575 + next_cmd = meson_mmc_get_next_command(cmd);
2576 +diff --git a/drivers/net/ethernet/google/gve/gve.h b/drivers/net/ethernet/google/gve/gve.h
2577 +index ebc37e2569221..f19edd4c6c5bb 100644
2578 +--- a/drivers/net/ethernet/google/gve/gve.h
2579 ++++ b/drivers/net/ethernet/google/gve/gve.h
2580 +@@ -391,7 +391,7 @@ struct gve_queue_page_list *gve_assign_rx_qpl(struct gve_priv *priv)
2581 + gve_num_tx_qpls(priv));
2582 +
2583 + /* we are out of rx qpls */
2584 +- if (id == priv->qpl_cfg.qpl_map_size)
2585 ++ if (id == gve_num_tx_qpls(priv) + gve_num_rx_qpls(priv))
2586 + return NULL;
2587 +
2588 + set_bit(id, priv->qpl_cfg.qpl_id_map);
2589 +diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c
2590 +index f8dfa7501f65a..5b450c6100add 100644
2591 +--- a/drivers/net/ethernet/google/gve/gve_main.c
2592 ++++ b/drivers/net/ethernet/google/gve/gve_main.c
2593 +@@ -30,6 +30,7 @@ static void gve_get_stats(struct net_device *dev, struct rtnl_link_stats64 *s)
2594 + {
2595 + struct gve_priv *priv = netdev_priv(dev);
2596 + unsigned int start;
2597 ++ u64 packets, bytes;
2598 + int ring;
2599 +
2600 + if (priv->rx) {
2601 +@@ -37,10 +38,12 @@ static void gve_get_stats(struct net_device *dev, struct rtnl_link_stats64 *s)
2602 + do {
2603 + start =
2604 + u64_stats_fetch_begin(&priv->rx[ring].statss);
2605 +- s->rx_packets += priv->rx[ring].rpackets;
2606 +- s->rx_bytes += priv->rx[ring].rbytes;
2607 ++ packets = priv->rx[ring].rpackets;
2608 ++ bytes = priv->rx[ring].rbytes;
2609 + } while (u64_stats_fetch_retry(&priv->rx[ring].statss,
2610 + start));
2611 ++ s->rx_packets += packets;
2612 ++ s->rx_bytes += bytes;
2613 + }
2614 + }
2615 + if (priv->tx) {
2616 +@@ -48,10 +51,12 @@ static void gve_get_stats(struct net_device *dev, struct rtnl_link_stats64 *s)
2617 + do {
2618 + start =
2619 + u64_stats_fetch_begin(&priv->tx[ring].statss);
2620 +- s->tx_packets += priv->tx[ring].pkt_done;
2621 +- s->tx_bytes += priv->tx[ring].bytes_done;
2622 ++ packets = priv->tx[ring].pkt_done;
2623 ++ bytes = priv->tx[ring].bytes_done;
2624 + } while (u64_stats_fetch_retry(&priv->tx[ring].statss,
2625 + start));
2626 ++ s->tx_packets += packets;
2627 ++ s->tx_bytes += bytes;
2628 + }
2629 + }
2630 + }
2631 +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
2632 +index 21ab7d2caddf5..917be10a5cf5c 100644
2633 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
2634 ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
2635 +@@ -4817,7 +4817,8 @@ static void i40e_clear_interrupt_scheme(struct i40e_pf *pf)
2636 + {
2637 + int i;
2638 +
2639 +- i40e_free_misc_vector(pf);
2640 ++ if (test_bit(__I40E_MISC_IRQ_REQUESTED, pf->state))
2641 ++ i40e_free_misc_vector(pf);
2642 +
2643 + i40e_put_lump(pf->irq_pile, pf->iwarp_base_vector,
2644 + I40E_IWARP_IRQ_PILE_ID);
2645 +@@ -9616,7 +9617,7 @@ static int i40e_get_capabilities(struct i40e_pf *pf,
2646 + if (pf->hw.aq.asq_last_status == I40E_AQ_RC_ENOMEM) {
2647 + /* retry with a larger buffer */
2648 + buf_len = data_size;
2649 +- } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK) {
2650 ++ } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK || err) {
2651 + dev_info(&pf->pdev->dev,
2652 + "capability discovery failed, err %s aq_err %s\n",
2653 + i40e_stat_str(&pf->hw, err),
2654 +diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c
2655 +index 5bf06eac04ba3..bec73f0640d03 100644
2656 +--- a/drivers/net/phy/mdio_bus.c
2657 ++++ b/drivers/net/phy/mdio_bus.c
2658 +@@ -385,6 +385,13 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner)
2659 + bus->dev.groups = NULL;
2660 + dev_set_name(&bus->dev, "%s", bus->id);
2661 +
2662 ++ /* We need to set state to MDIOBUS_UNREGISTERED to correctly release
2663 ++ * the device in mdiobus_free()
2664 ++ *
2665 ++ * State will be updated later in this function in case of success
2666 ++ */
2667 ++ bus->state = MDIOBUS_UNREGISTERED;
2668 ++
2669 + err = device_register(&bus->dev);
2670 + if (err) {
2671 + pr_err("mii_bus %s failed to register\n", bus->id);
2672 +diff --git a/drivers/net/phy/sfp.c b/drivers/net/phy/sfp.c
2673 +index 27b67f12ec455..5657c604602e8 100644
2674 +--- a/drivers/net/phy/sfp.c
2675 ++++ b/drivers/net/phy/sfp.c
2676 +@@ -115,7 +115,7 @@ static const char * const sm_state_strings[] = {
2677 + [SFP_S_LINK_UP] = "link_up",
2678 + [SFP_S_TX_FAULT] = "tx_fault",
2679 + [SFP_S_REINIT] = "reinit",
2680 +- [SFP_S_TX_DISABLE] = "rx_disable",
2681 ++ [SFP_S_TX_DISABLE] = "tx_disable",
2682 + };
2683 +
2684 + static const char *sm_state_to_str(unsigned short sm_state)
2685 +diff --git a/drivers/ptp/ptp_pch.c b/drivers/ptp/ptp_pch.c
2686 +index dcd6e00c80467..a50656632df93 100644
2687 +--- a/drivers/ptp/ptp_pch.c
2688 ++++ b/drivers/ptp/ptp_pch.c
2689 +@@ -683,6 +683,7 @@ static const struct pci_device_id pch_ieee1588_pcidev_id[] = {
2690 + },
2691 + {0}
2692 + };
2693 ++MODULE_DEVICE_TABLE(pci, pch_ieee1588_pcidev_id);
2694 +
2695 + static struct pci_driver pch_driver = {
2696 + .name = KBUILD_MODNAME,
2697 +diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c
2698 +index eba7f76f9d61a..6034cd8992b0e 100644
2699 +--- a/drivers/soc/qcom/mdt_loader.c
2700 ++++ b/drivers/soc/qcom/mdt_loader.c
2701 +@@ -98,7 +98,7 @@ void *qcom_mdt_read_metadata(const struct firmware *fw, size_t *data_len)
2702 + if (ehdr->e_phnum < 2)
2703 + return ERR_PTR(-EINVAL);
2704 +
2705 +- if (phdrs[0].p_type == PT_LOAD || phdrs[1].p_type == PT_LOAD)
2706 ++ if (phdrs[0].p_type == PT_LOAD)
2707 + return ERR_PTR(-EINVAL);
2708 +
2709 + if ((phdrs[1].p_flags & QCOM_MDT_TYPE_MASK) != QCOM_MDT_TYPE_HASH)
2710 +diff --git a/drivers/soc/qcom/socinfo.c b/drivers/soc/qcom/socinfo.c
2711 +index 176696f8f38d1..3303bcaf67154 100644
2712 +--- a/drivers/soc/qcom/socinfo.c
2713 ++++ b/drivers/soc/qcom/socinfo.c
2714 +@@ -447,7 +447,7 @@ static int qcom_socinfo_probe(struct platform_device *pdev)
2715 + /* Feed the soc specific unique data into entropy pool */
2716 + add_device_randomness(info, item_size);
2717 +
2718 +- platform_set_drvdata(pdev, qs->soc_dev);
2719 ++ platform_set_drvdata(pdev, qs);
2720 +
2721 + return 0;
2722 + }
2723 +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c
2724 +index e139cda35f639..5dc8827ede7e8 100644
2725 +--- a/drivers/usb/class/cdc-acm.c
2726 ++++ b/drivers/usb/class/cdc-acm.c
2727 +@@ -339,6 +339,9 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf)
2728 + acm->iocount.overrun++;
2729 + spin_unlock_irqrestore(&acm->read_lock, flags);
2730 +
2731 ++ if (newctrl & ACM_CTRL_BRK)
2732 ++ tty_flip_buffer_push(&acm->port);
2733 ++
2734 + if (difference)
2735 + wake_up_all(&acm->wioctl);
2736 +
2737 +@@ -474,11 +477,16 @@ static int acm_submit_read_urbs(struct acm *acm, gfp_t mem_flags)
2738 +
2739 + static void acm_process_read_urb(struct acm *acm, struct urb *urb)
2740 + {
2741 ++ unsigned long flags;
2742 ++
2743 + if (!urb->actual_length)
2744 + return;
2745 +
2746 ++ spin_lock_irqsave(&acm->read_lock, flags);
2747 + tty_insert_flip_string(&acm->port, urb->transfer_buffer,
2748 + urb->actual_length);
2749 ++ spin_unlock_irqrestore(&acm->read_lock, flags);
2750 ++
2751 + tty_flip_buffer_push(&acm->port);
2752 + }
2753 +
2754 +diff --git a/drivers/usb/common/Kconfig b/drivers/usb/common/Kconfig
2755 +index d611477aae414..196f4a3975871 100644
2756 +--- a/drivers/usb/common/Kconfig
2757 ++++ b/drivers/usb/common/Kconfig
2758 +@@ -6,8 +6,7 @@ config USB_COMMON
2759 +
2760 + config USB_LED_TRIG
2761 + bool "USB LED Triggers"
2762 +- depends on LEDS_CLASS && LEDS_TRIGGERS
2763 +- select USB_COMMON
2764 ++ depends on LEDS_CLASS && USB_COMMON && LEDS_TRIGGERS
2765 + help
2766 + This option adds LED triggers for USB host and/or gadget activity.
2767 +
2768 +diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
2769 +index b40db48f8874d..89391939630bd 100644
2770 +--- a/drivers/usb/typec/tcpm/tcpm.c
2771 ++++ b/drivers/usb/typec/tcpm/tcpm.c
2772 +@@ -3679,6 +3679,7 @@ static void _tcpm_cc_change(struct tcpm_port *port, enum typec_cc_status cc1,
2773 + tcpm_set_state(port, SRC_ATTACH_WAIT, 0);
2774 + break;
2775 + case SRC_ATTACHED:
2776 ++ case SRC_STARTUP:
2777 + case SRC_SEND_CAPABILITIES:
2778 + case SRC_READY:
2779 + if (tcpm_port_is_disconnected(port) ||
2780 +diff --git a/drivers/video/fbdev/gbefb.c b/drivers/video/fbdev/gbefb.c
2781 +index b9f6a82a04953..6fdc6ab3ceb87 100644
2782 +--- a/drivers/video/fbdev/gbefb.c
2783 ++++ b/drivers/video/fbdev/gbefb.c
2784 +@@ -1269,7 +1269,7 @@ static struct platform_device *gbefb_device;
2785 + static int __init gbefb_init(void)
2786 + {
2787 + int ret = platform_driver_register(&gbefb_driver);
2788 +- if (!ret) {
2789 ++ if (IS_ENABLED(CONFIG_SGI_IP32) && !ret) {
2790 + gbefb_device = platform_device_alloc("gbefb", 0);
2791 + if (gbefb_device) {
2792 + ret = platform_device_add(gbefb_device);
2793 +diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c
2794 +index be31c296eed4c..07f362c63ae90 100644
2795 +--- a/drivers/xen/balloon.c
2796 ++++ b/drivers/xen/balloon.c
2797 +@@ -508,12 +508,12 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp)
2798 + }
2799 +
2800 + /*
2801 +- * Stop waiting if either state is not BP_EAGAIN and ballooning action is
2802 +- * needed, or if the credit has changed while state is BP_EAGAIN.
2803 ++ * Stop waiting if either state is BP_DONE and ballooning action is
2804 ++ * needed, or if the credit has changed while state is not BP_DONE.
2805 + */
2806 + static bool balloon_thread_cond(enum bp_state state, long credit)
2807 + {
2808 +- if (state != BP_EAGAIN)
2809 ++ if (state == BP_DONE)
2810 + credit = 0;
2811 +
2812 + return current_credit() != credit || kthread_should_stop();
2813 +@@ -533,10 +533,19 @@ static int balloon_thread(void *unused)
2814 +
2815 + set_freezable();
2816 + for (;;) {
2817 +- if (state == BP_EAGAIN)
2818 +- timeout = balloon_stats.schedule_delay * HZ;
2819 +- else
2820 ++ switch (state) {
2821 ++ case BP_DONE:
2822 ++ case BP_ECANCELED:
2823 + timeout = 3600 * HZ;
2824 ++ break;
2825 ++ case BP_EAGAIN:
2826 ++ timeout = balloon_stats.schedule_delay * HZ;
2827 ++ break;
2828 ++ case BP_WAIT:
2829 ++ timeout = HZ;
2830 ++ break;
2831 ++ }
2832 ++
2833 + credit = current_credit();
2834 +
2835 + wait_event_freezable_timeout(balloon_thread_wq,
2836 +diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c
2837 +index 9c9422e9fac4d..d4ff944cd16e1 100644
2838 +--- a/drivers/xen/privcmd.c
2839 ++++ b/drivers/xen/privcmd.c
2840 +@@ -810,11 +810,12 @@ static long privcmd_ioctl_mmap_resource(struct file *file,
2841 + unsigned int domid =
2842 + (xdata.flags & XENMEM_rsrc_acq_caller_owned) ?
2843 + DOMID_SELF : kdata.dom;
2844 +- int num;
2845 ++ int num, *errs = (int *)pfns;
2846 +
2847 ++ BUILD_BUG_ON(sizeof(*errs) > sizeof(*pfns));
2848 + num = xen_remap_domain_mfn_array(vma,
2849 + kdata.addr & PAGE_MASK,
2850 +- pfns, kdata.num, (int *)pfns,
2851 ++ pfns, kdata.num, errs,
2852 + vma->vm_page_prot,
2853 + domid,
2854 + vma->vm_private_data);
2855 +@@ -824,7 +825,7 @@ static long privcmd_ioctl_mmap_resource(struct file *file,
2856 + unsigned int i;
2857 +
2858 + for (i = 0; i < num; i++) {
2859 +- rc = pfns[i];
2860 ++ rc = errs[i];
2861 + if (rc < 0)
2862 + break;
2863 + }
2864 +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
2865 +index d6f244559e759..e61d9c4359573 100644
2866 +--- a/fs/nfsd/nfs4xdr.c
2867 ++++ b/fs/nfsd/nfs4xdr.c
2868 +@@ -3131,15 +3131,18 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen,
2869 + goto fail;
2870 + cd->rd_maxcount -= entry_bytes;
2871 + /*
2872 +- * RFC 3530 14.2.24 describes rd_dircount as only a "hint", so
2873 +- * let's always let through the first entry, at least:
2874 ++ * RFC 3530 14.2.24 describes rd_dircount as only a "hint", and
2875 ++ * notes that it could be zero. If it is zero, then the server
2876 ++ * should enforce only the rd_maxcount value.
2877 + */
2878 +- if (!cd->rd_dircount)
2879 +- goto fail;
2880 +- name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8;
2881 +- if (name_and_cookie > cd->rd_dircount && cd->cookie_offset)
2882 +- goto fail;
2883 +- cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie);
2884 ++ if (cd->rd_dircount) {
2885 ++ name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8;
2886 ++ if (name_and_cookie > cd->rd_dircount && cd->cookie_offset)
2887 ++ goto fail;
2888 ++ cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie);
2889 ++ if (!cd->rd_dircount)
2890 ++ cd->rd_maxcount = 0;
2891 ++ }
2892 +
2893 + cd->cookie_offset = cookie_offset;
2894 + skip_entry:
2895 +diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c
2896 +index 7f39d6091dfa0..8e03d6c25097a 100644
2897 +--- a/fs/nfsd/nfsctl.c
2898 ++++ b/fs/nfsd/nfsctl.c
2899 +@@ -1549,7 +1549,7 @@ static int __init init_nfsd(void)
2900 + goto out_free_all;
2901 + return 0;
2902 + out_free_all:
2903 +- unregister_pernet_subsys(&nfsd_net_ops);
2904 ++ unregister_filesystem(&nfsd_fs_type);
2905 + out_free_exports:
2906 + remove_proc_entry("fs/nfs/exports", NULL);
2907 + remove_proc_entry("fs/nfs", NULL);
2908 +diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
2909 +index 073be36b0686c..876de87f604cd 100644
2910 +--- a/fs/overlayfs/dir.c
2911 ++++ b/fs/overlayfs/dir.c
2912 +@@ -1162,9 +1162,13 @@ static int ovl_rename(struct inode *olddir, struct dentry *old,
2913 + goto out_dput;
2914 + }
2915 + } else {
2916 +- if (!d_is_negative(newdentry) &&
2917 +- (!new_opaque || !ovl_is_whiteout(newdentry)))
2918 +- goto out_dput;
2919 ++ if (!d_is_negative(newdentry)) {
2920 ++ if (!new_opaque || !ovl_is_whiteout(newdentry))
2921 ++ goto out_dput;
2922 ++ } else {
2923 ++ if (flags & RENAME_EXCHANGE)
2924 ++ goto out_dput;
2925 ++ }
2926 + }
2927 +
2928 + if (olddentry == trap)
2929 +diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c
2930 +index fba2ade28fb3a..49c7a09d688d7 100644
2931 +--- a/kernel/bpf/stackmap.c
2932 ++++ b/kernel/bpf/stackmap.c
2933 +@@ -60,7 +60,8 @@ static inline int stack_map_data_size(struct bpf_map *map)
2934 +
2935 + static int prealloc_elems_and_freelist(struct bpf_stack_map *smap)
2936 + {
2937 +- u32 elem_size = sizeof(struct stack_map_bucket) + smap->map.value_size;
2938 ++ u64 elem_size = sizeof(struct stack_map_bucket) +
2939 ++ (u64)smap->map.value_size;
2940 + int err;
2941 +
2942 + smap->elems = bpf_map_area_alloc(elem_size * smap->map.max_entries,
2943 +diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
2944 +index 8a664148f57aa..cbcbc19efcb34 100644
2945 +--- a/net/bridge/br_netlink.c
2946 ++++ b/net/bridge/br_netlink.c
2947 +@@ -1536,7 +1536,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr)
2948 + }
2949 +
2950 + return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) +
2951 +- nla_total_size(sizeof(struct br_mcast_stats)) +
2952 ++ nla_total_size_64bit(sizeof(struct br_mcast_stats)) +
2953 + nla_total_size(0);
2954 + }
2955 +
2956 +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
2957 +index 6fbc9cb09dc0e..a53b101ce41ae 100644
2958 +--- a/net/core/rtnetlink.c
2959 ++++ b/net/core/rtnetlink.c
2960 +@@ -4950,7 +4950,7 @@ nla_put_failure:
2961 + static size_t if_nlmsg_stats_size(const struct net_device *dev,
2962 + u32 filter_mask)
2963 + {
2964 +- size_t size = 0;
2965 ++ size_t size = NLMSG_ALIGN(sizeof(struct if_stats_msg));
2966 +
2967 + if (stats_attr_valid(filter_mask, IFLA_STATS_LINK_64, 0))
2968 + size += nla_total_size_64bit(sizeof(struct rtnl_link_stats64));
2969 +diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
2970 +index 006a34b185378..72fdf1fcbcaa9 100644
2971 +--- a/net/ipv4/inet_hashtables.c
2972 ++++ b/net/ipv4/inet_hashtables.c
2973 +@@ -239,8 +239,10 @@ static inline int compute_score(struct sock *sk, struct net *net,
2974 +
2975 + if (!inet_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
2976 + return -1;
2977 ++ score = sk->sk_bound_dev_if ? 2 : 1;
2978 +
2979 +- score = sk->sk_family == PF_INET ? 2 : 1;
2980 ++ if (sk->sk_family == PF_INET)
2981 ++ score++;
2982 + if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
2983 + score++;
2984 + }
2985 +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
2986 +index de04d99418850..fdbd56ee1300c 100644
2987 +--- a/net/ipv4/udp.c
2988 ++++ b/net/ipv4/udp.c
2989 +@@ -386,7 +386,8 @@ static int compute_score(struct sock *sk, struct net *net,
2990 + dif, sdif);
2991 + if (!dev_match)
2992 + return -1;
2993 +- score += 4;
2994 ++ if (sk->sk_bound_dev_if)
2995 ++ score += 4;
2996 +
2997 + if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
2998 + score++;
2999 +diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
3000 +index fbe9d4295eac3..ab12e00f6bfff 100644
3001 +--- a/net/ipv6/inet6_hashtables.c
3002 ++++ b/net/ipv6/inet6_hashtables.c
3003 +@@ -104,7 +104,7 @@ static inline int compute_score(struct sock *sk, struct net *net,
3004 + if (!inet_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif))
3005 + return -1;
3006 +
3007 +- score = 1;
3008 ++ score = sk->sk_bound_dev_if ? 2 : 1;
3009 + if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
3010 + score++;
3011 + }
3012 +diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
3013 +index 5b8266f3e47f0..0f57c682afdd8 100644
3014 +--- a/net/ipv6/udp.c
3015 ++++ b/net/ipv6/udp.c
3016 +@@ -133,7 +133,8 @@ static int compute_score(struct sock *sk, struct net *net,
3017 + dev_match = udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif);
3018 + if (!dev_match)
3019 + return -1;
3020 +- score++;
3021 ++ if (sk->sk_bound_dev_if)
3022 ++ score++;
3023 +
3024 + if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id())
3025 + score++;
3026 +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
3027 +index acc76a738cfd8..cb35680db9b29 100644
3028 +--- a/net/netlink/af_netlink.c
3029 ++++ b/net/netlink/af_netlink.c
3030 +@@ -585,7 +585,10 @@ static int netlink_insert(struct sock *sk, u32 portid)
3031 +
3032 + /* We need to ensure that the socket is hashed and visible. */
3033 + smp_wmb();
3034 +- nlk_sk(sk)->bound = portid;
3035 ++ /* Paired with lockless reads from netlink_bind(),
3036 ++ * netlink_connect() and netlink_sendmsg().
3037 ++ */
3038 ++ WRITE_ONCE(nlk_sk(sk)->bound, portid);
3039 +
3040 + err:
3041 + release_sock(sk);
3042 +@@ -1003,7 +1006,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
3043 + if (nlk->ngroups < BITS_PER_LONG)
3044 + groups &= (1UL << nlk->ngroups) - 1;
3045 +
3046 +- bound = nlk->bound;
3047 ++ /* Paired with WRITE_ONCE() in netlink_insert() */
3048 ++ bound = READ_ONCE(nlk->bound);
3049 + if (bound) {
3050 + /* Ensure nlk->portid is up-to-date. */
3051 + smp_rmb();
3052 +@@ -1089,8 +1093,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
3053 +
3054 + /* No need for barriers here as we return to user-space without
3055 + * using any of the bound attributes.
3056 ++ * Paired with WRITE_ONCE() in netlink_insert().
3057 + */
3058 +- if (!nlk->bound)
3059 ++ if (!READ_ONCE(nlk->bound))
3060 + err = netlink_autobind(sock);
3061 +
3062 + if (err == 0) {
3063 +@@ -1879,7 +1884,8 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
3064 + dst_group = nlk->dst_group;
3065 + }
3066 +
3067 +- if (!nlk->bound) {
3068 ++ /* Paired with WRITE_ONCE() in netlink_insert() */
3069 ++ if (!READ_ONCE(nlk->bound)) {
3070 + err = netlink_autobind(sock);
3071 + if (err)
3072 + goto out;
3073 +diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c
3074 +index 37c8aa75d70c5..56f4c1621e444 100644
3075 +--- a/net/sched/sch_fifo.c
3076 ++++ b/net/sched/sch_fifo.c
3077 +@@ -148,6 +148,9 @@ int fifo_set_limit(struct Qdisc *q, unsigned int limit)
3078 + if (strncmp(q->ops->id + 1, "fifo", 4) != 0)
3079 + return 0;
3080 +
3081 ++ if (!q->ops->change)
3082 ++ return 0;
3083 ++
3084 + nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)), GFP_KERNEL);
3085 + if (nla) {
3086 + nla->nla_type = RTM_NEWQDISC;
3087 +diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c
3088 +index da9ed0613eb7b..e14a66ce4884d 100644
3089 +--- a/net/sched/sch_taprio.c
3090 ++++ b/net/sched/sch_taprio.c
3091 +@@ -1630,6 +1630,10 @@ static void taprio_destroy(struct Qdisc *sch)
3092 + list_del(&q->taprio_list);
3093 + spin_unlock(&taprio_list_lock);
3094 +
3095 ++ /* Note that taprio_reset() might not be called if an error
3096 ++ * happens in qdisc_create(), after taprio_init() has been called.
3097 ++ */
3098 ++ hrtimer_cancel(&q->advance_timer);
3099 +
3100 + taprio_disable_offload(dev, q, NULL);
3101 +
Report Message
Find on MARC Find on Google Groups