Annotation of /trunk/kernel-alx/patches-4.14/0112-4.14.13-all-fixes.patch
Parent Directory | Revision Log
Revision 3238 -
(hide annotations)
(download)
Fri Nov 9 12:14:58 2018 UTC (5 years, 10 months ago) by niro
File size: 49645 byte(s)
Fri Nov 9 12:14:58 2018 UTC (5 years, 10 months ago) by niro
File size: 49645 byte(s)
-added up to patches-4.14.79
1 | niro | 3238 | diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt |
2 | index ad41b3813f0a..ea91cb61a602 100644 | ||
3 | --- a/Documentation/x86/x86_64/mm.txt | ||
4 | +++ b/Documentation/x86/x86_64/mm.txt | ||
5 | @@ -12,8 +12,9 @@ ffffea0000000000 - ffffeaffffffffff (=40 bits) virtual memory map (1TB) | ||
6 | ... unused hole ... | ||
7 | ffffec0000000000 - fffffbffffffffff (=44 bits) kasan shadow memory (16TB) | ||
8 | ... unused hole ... | ||
9 | -fffffe0000000000 - fffffe7fffffffff (=39 bits) LDT remap for PTI | ||
10 | -fffffe8000000000 - fffffeffffffffff (=39 bits) cpu_entry_area mapping | ||
11 | + vaddr_end for KASLR | ||
12 | +fffffe0000000000 - fffffe7fffffffff (=39 bits) cpu_entry_area mapping | ||
13 | +fffffe8000000000 - fffffeffffffffff (=39 bits) LDT remap for PTI | ||
14 | ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks | ||
15 | ... unused hole ... | ||
16 | ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space | ||
17 | @@ -37,13 +38,15 @@ ffd4000000000000 - ffd5ffffffffffff (=49 bits) virtual memory map (512TB) | ||
18 | ... unused hole ... | ||
19 | ffdf000000000000 - fffffc0000000000 (=53 bits) kasan shadow memory (8PB) | ||
20 | ... unused hole ... | ||
21 | -fffffe8000000000 - fffffeffffffffff (=39 bits) cpu_entry_area mapping | ||
22 | + vaddr_end for KASLR | ||
23 | +fffffe0000000000 - fffffe7fffffffff (=39 bits) cpu_entry_area mapping | ||
24 | +... unused hole ... | ||
25 | ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks | ||
26 | ... unused hole ... | ||
27 | ffffffef00000000 - fffffffeffffffff (=64 GB) EFI region mapping space | ||
28 | ... unused hole ... | ||
29 | ffffffff80000000 - ffffffff9fffffff (=512 MB) kernel text mapping, from phys 0 | ||
30 | -ffffffffa0000000 - [fixmap start] (~1526 MB) module mapping space | ||
31 | +ffffffffa0000000 - fffffffffeffffff (1520 MB) module mapping space | ||
32 | [fixmap start] - ffffffffff5fffff kernel-internal fixmap range | ||
33 | ffffffffff600000 - ffffffffff600fff (=4 kB) legacy vsyscall ABI | ||
34 | ffffffffffe00000 - ffffffffffffffff (=2 MB) unused hole | ||
35 | @@ -67,9 +70,10 @@ memory window (this size is arbitrary, it can be raised later if needed). | ||
36 | The mappings are not part of any other kernel PGD and are only available | ||
37 | during EFI runtime calls. | ||
38 | |||
39 | -The module mapping space size changes based on the CONFIG requirements for the | ||
40 | -following fixmap section. | ||
41 | - | ||
42 | Note that if CONFIG_RANDOMIZE_MEMORY is enabled, the direct mapping of all | ||
43 | physical memory, vmalloc/ioremap space and virtual memory map are randomized. | ||
44 | Their order is preserved but their base will be offset early at boot time. | ||
45 | + | ||
46 | +Be very careful vs. KASLR when changing anything here. The KASLR address | ||
47 | +range must not overlap with anything except the KASAN shadow area, which is | ||
48 | +correct as KASAN disables KASLR. | ||
49 | diff --git a/Makefile b/Makefile | ||
50 | index 20f7d4de0f1c..a67c5179052a 100644 | ||
51 | --- a/Makefile | ||
52 | +++ b/Makefile | ||
53 | @@ -1,7 +1,7 @@ | ||
54 | # SPDX-License-Identifier: GPL-2.0 | ||
55 | VERSION = 4 | ||
56 | PATCHLEVEL = 14 | ||
57 | -SUBLEVEL = 12 | ||
58 | +SUBLEVEL = 13 | ||
59 | EXTRAVERSION = | ||
60 | NAME = Petit Gorille | ||
61 | |||
62 | diff --git a/arch/arc/include/asm/uaccess.h b/arch/arc/include/asm/uaccess.h | ||
63 | index f35974ee7264..c9173c02081c 100644 | ||
64 | --- a/arch/arc/include/asm/uaccess.h | ||
65 | +++ b/arch/arc/include/asm/uaccess.h | ||
66 | @@ -668,6 +668,7 @@ __arc_strncpy_from_user(char *dst, const char __user *src, long count) | ||
67 | return 0; | ||
68 | |||
69 | __asm__ __volatile__( | ||
70 | + " mov lp_count, %5 \n" | ||
71 | " lp 3f \n" | ||
72 | "1: ldb.ab %3, [%2, 1] \n" | ||
73 | " breq.d %3, 0, 3f \n" | ||
74 | @@ -684,8 +685,8 @@ __arc_strncpy_from_user(char *dst, const char __user *src, long count) | ||
75 | " .word 1b, 4b \n" | ||
76 | " .previous \n" | ||
77 | : "+r"(res), "+r"(dst), "+r"(src), "=r"(val) | ||
78 | - : "g"(-EFAULT), "l"(count) | ||
79 | - : "memory"); | ||
80 | + : "g"(-EFAULT), "r"(count) | ||
81 | + : "lp_count", "lp_start", "lp_end", "memory"); | ||
82 | |||
83 | return res; | ||
84 | } | ||
85 | diff --git a/arch/parisc/include/asm/ldcw.h b/arch/parisc/include/asm/ldcw.h | ||
86 | index dd5a08aaa4da..3eb4bfc1fb36 100644 | ||
87 | --- a/arch/parisc/include/asm/ldcw.h | ||
88 | +++ b/arch/parisc/include/asm/ldcw.h | ||
89 | @@ -12,6 +12,7 @@ | ||
90 | for the semaphore. */ | ||
91 | |||
92 | #define __PA_LDCW_ALIGNMENT 16 | ||
93 | +#define __PA_LDCW_ALIGN_ORDER 4 | ||
94 | #define __ldcw_align(a) ({ \ | ||
95 | unsigned long __ret = (unsigned long) &(a)->lock[0]; \ | ||
96 | __ret = (__ret + __PA_LDCW_ALIGNMENT - 1) \ | ||
97 | @@ -29,6 +30,7 @@ | ||
98 | ldcd). */ | ||
99 | |||
100 | #define __PA_LDCW_ALIGNMENT 4 | ||
101 | +#define __PA_LDCW_ALIGN_ORDER 2 | ||
102 | #define __ldcw_align(a) (&(a)->slock) | ||
103 | #define __LDCW "ldcw,co" | ||
104 | |||
105 | diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S | ||
106 | index f3cecf5117cf..e95207c0565e 100644 | ||
107 | --- a/arch/parisc/kernel/entry.S | ||
108 | +++ b/arch/parisc/kernel/entry.S | ||
109 | @@ -35,6 +35,7 @@ | ||
110 | #include <asm/pgtable.h> | ||
111 | #include <asm/signal.h> | ||
112 | #include <asm/unistd.h> | ||
113 | +#include <asm/ldcw.h> | ||
114 | #include <asm/thread_info.h> | ||
115 | |||
116 | #include <linux/linkage.h> | ||
117 | @@ -46,6 +47,14 @@ | ||
118 | #endif | ||
119 | |||
120 | .import pa_tlb_lock,data | ||
121 | + .macro load_pa_tlb_lock reg | ||
122 | +#if __PA_LDCW_ALIGNMENT > 4 | ||
123 | + load32 PA(pa_tlb_lock) + __PA_LDCW_ALIGNMENT-1, \reg | ||
124 | + depi 0,31,__PA_LDCW_ALIGN_ORDER, \reg | ||
125 | +#else | ||
126 | + load32 PA(pa_tlb_lock), \reg | ||
127 | +#endif | ||
128 | + .endm | ||
129 | |||
130 | /* space_to_prot macro creates a prot id from a space id */ | ||
131 | |||
132 | @@ -457,7 +466,7 @@ | ||
133 | .macro tlb_lock spc,ptp,pte,tmp,tmp1,fault | ||
134 | #ifdef CONFIG_SMP | ||
135 | cmpib,COND(=),n 0,\spc,2f | ||
136 | - load32 PA(pa_tlb_lock),\tmp | ||
137 | + load_pa_tlb_lock \tmp | ||
138 | 1: LDCW 0(\tmp),\tmp1 | ||
139 | cmpib,COND(=) 0,\tmp1,1b | ||
140 | nop | ||
141 | @@ -480,7 +489,7 @@ | ||
142 | /* Release pa_tlb_lock lock. */ | ||
143 | .macro tlb_unlock1 spc,tmp | ||
144 | #ifdef CONFIG_SMP | ||
145 | - load32 PA(pa_tlb_lock),\tmp | ||
146 | + load_pa_tlb_lock \tmp | ||
147 | tlb_unlock0 \spc,\tmp | ||
148 | #endif | ||
149 | .endm | ||
150 | diff --git a/arch/parisc/kernel/pacache.S b/arch/parisc/kernel/pacache.S | ||
151 | index adf7187f8951..2d40c4ff3f69 100644 | ||
152 | --- a/arch/parisc/kernel/pacache.S | ||
153 | +++ b/arch/parisc/kernel/pacache.S | ||
154 | @@ -36,6 +36,7 @@ | ||
155 | #include <asm/assembly.h> | ||
156 | #include <asm/pgtable.h> | ||
157 | #include <asm/cache.h> | ||
158 | +#include <asm/ldcw.h> | ||
159 | #include <linux/linkage.h> | ||
160 | |||
161 | .text | ||
162 | @@ -333,8 +334,12 @@ ENDPROC_CFI(flush_data_cache_local) | ||
163 | |||
164 | .macro tlb_lock la,flags,tmp | ||
165 | #ifdef CONFIG_SMP | ||
166 | - ldil L%pa_tlb_lock,%r1 | ||
167 | - ldo R%pa_tlb_lock(%r1),\la | ||
168 | +#if __PA_LDCW_ALIGNMENT > 4 | ||
169 | + load32 pa_tlb_lock + __PA_LDCW_ALIGNMENT-1, \la | ||
170 | + depi 0,31,__PA_LDCW_ALIGN_ORDER, \la | ||
171 | +#else | ||
172 | + load32 pa_tlb_lock, \la | ||
173 | +#endif | ||
174 | rsm PSW_SM_I,\flags | ||
175 | 1: LDCW 0(\la),\tmp | ||
176 | cmpib,<>,n 0,\tmp,3f | ||
177 | diff --git a/arch/parisc/kernel/process.c b/arch/parisc/kernel/process.c | ||
178 | index 30f92391a93e..cad3e8661cd6 100644 | ||
179 | --- a/arch/parisc/kernel/process.c | ||
180 | +++ b/arch/parisc/kernel/process.c | ||
181 | @@ -39,6 +39,7 @@ | ||
182 | #include <linux/kernel.h> | ||
183 | #include <linux/mm.h> | ||
184 | #include <linux/fs.h> | ||
185 | +#include <linux/cpu.h> | ||
186 | #include <linux/module.h> | ||
187 | #include <linux/personality.h> | ||
188 | #include <linux/ptrace.h> | ||
189 | @@ -183,6 +184,44 @@ int dump_task_fpu (struct task_struct *tsk, elf_fpregset_t *r) | ||
190 | return 1; | ||
191 | } | ||
192 | |||
193 | +/* | ||
194 | + * Idle thread support | ||
195 | + * | ||
196 | + * Detect when running on QEMU with SeaBIOS PDC Firmware and let | ||
197 | + * QEMU idle the host too. | ||
198 | + */ | ||
199 | + | ||
200 | +int running_on_qemu __read_mostly; | ||
201 | + | ||
202 | +void __cpuidle arch_cpu_idle_dead(void) | ||
203 | +{ | ||
204 | + /* nop on real hardware, qemu will offline CPU. */ | ||
205 | + asm volatile("or %%r31,%%r31,%%r31\n":::); | ||
206 | +} | ||
207 | + | ||
208 | +void __cpuidle arch_cpu_idle(void) | ||
209 | +{ | ||
210 | + local_irq_enable(); | ||
211 | + | ||
212 | + /* nop on real hardware, qemu will idle sleep. */ | ||
213 | + asm volatile("or %%r10,%%r10,%%r10\n":::); | ||
214 | +} | ||
215 | + | ||
216 | +static int __init parisc_idle_init(void) | ||
217 | +{ | ||
218 | + const char *marker; | ||
219 | + | ||
220 | + /* check QEMU/SeaBIOS marker in PAGE0 */ | ||
221 | + marker = (char *) &PAGE0->pad0; | ||
222 | + running_on_qemu = (memcmp(marker, "SeaBIOS", 8) == 0); | ||
223 | + | ||
224 | + if (!running_on_qemu) | ||
225 | + cpu_idle_poll_ctrl(1); | ||
226 | + | ||
227 | + return 0; | ||
228 | +} | ||
229 | +arch_initcall(parisc_idle_init); | ||
230 | + | ||
231 | /* | ||
232 | * Copy architecture-specific thread state | ||
233 | */ | ||
234 | diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c | ||
235 | index 4797d08581ce..6e1e39035380 100644 | ||
236 | --- a/arch/powerpc/mm/fault.c | ||
237 | +++ b/arch/powerpc/mm/fault.c | ||
238 | @@ -145,6 +145,11 @@ static noinline int bad_area(struct pt_regs *regs, unsigned long address) | ||
239 | return __bad_area(regs, address, SEGV_MAPERR); | ||
240 | } | ||
241 | |||
242 | +static noinline int bad_access(struct pt_regs *regs, unsigned long address) | ||
243 | +{ | ||
244 | + return __bad_area(regs, address, SEGV_ACCERR); | ||
245 | +} | ||
246 | + | ||
247 | static int do_sigbus(struct pt_regs *regs, unsigned long address, | ||
248 | unsigned int fault) | ||
249 | { | ||
250 | @@ -490,7 +495,7 @@ static int __do_page_fault(struct pt_regs *regs, unsigned long address, | ||
251 | |||
252 | good_area: | ||
253 | if (unlikely(access_error(is_write, is_exec, vma))) | ||
254 | - return bad_area(regs, address); | ||
255 | + return bad_access(regs, address); | ||
256 | |||
257 | /* | ||
258 | * If for any reason at all we couldn't handle the fault, | ||
259 | diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c | ||
260 | index 40d0a1a97889..b87a930c2201 100644 | ||
261 | --- a/arch/s390/kvm/kvm-s390.c | ||
262 | +++ b/arch/s390/kvm/kvm-s390.c | ||
263 | @@ -794,11 +794,12 @@ static int kvm_s390_vm_start_migration(struct kvm *kvm) | ||
264 | |||
265 | if (kvm->arch.use_cmma) { | ||
266 | /* | ||
267 | - * Get the last slot. They should be sorted by base_gfn, so the | ||
268 | - * last slot is also the one at the end of the address space. | ||
269 | - * We have verified above that at least one slot is present. | ||
270 | + * Get the first slot. They are reverse sorted by base_gfn, so | ||
271 | + * the first slot is also the one at the end of the address | ||
272 | + * space. We have verified above that at least one slot is | ||
273 | + * present. | ||
274 | */ | ||
275 | - ms = slots->memslots + slots->used_slots - 1; | ||
276 | + ms = slots->memslots; | ||
277 | /* round up so we only use full longs */ | ||
278 | ram_pages = roundup(ms->base_gfn + ms->npages, BITS_PER_LONG); | ||
279 | /* allocate enough bytes to store all the bits */ | ||
280 | diff --git a/arch/s390/kvm/priv.c b/arch/s390/kvm/priv.c | ||
281 | index 5b25287f449b..7bd3a59232f0 100644 | ||
282 | --- a/arch/s390/kvm/priv.c | ||
283 | +++ b/arch/s390/kvm/priv.c | ||
284 | @@ -1009,7 +1009,7 @@ static inline int do_essa(struct kvm_vcpu *vcpu, const int orc) | ||
285 | cbrlo[entries] = gfn << PAGE_SHIFT; | ||
286 | } | ||
287 | |||
288 | - if (orc) { | ||
289 | + if (orc && gfn < ms->bitmap_size) { | ||
290 | /* increment only if we are really flipping the bit to 1 */ | ||
291 | if (!test_and_set_bit(gfn, ms->pgste_bitmap)) | ||
292 | atomic64_inc(&ms->dirty_pages); | ||
293 | diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c | ||
294 | index 8f0aace08b87..8156e47da7ba 100644 | ||
295 | --- a/arch/x86/events/intel/ds.c | ||
296 | +++ b/arch/x86/events/intel/ds.c | ||
297 | @@ -5,6 +5,7 @@ | ||
298 | |||
299 | #include <asm/cpu_entry_area.h> | ||
300 | #include <asm/perf_event.h> | ||
301 | +#include <asm/tlbflush.h> | ||
302 | #include <asm/insn.h> | ||
303 | |||
304 | #include "../perf_event.h" | ||
305 | @@ -283,20 +284,35 @@ static DEFINE_PER_CPU(void *, insn_buffer); | ||
306 | |||
307 | static void ds_update_cea(void *cea, void *addr, size_t size, pgprot_t prot) | ||
308 | { | ||
309 | + unsigned long start = (unsigned long)cea; | ||
310 | phys_addr_t pa; | ||
311 | size_t msz = 0; | ||
312 | |||
313 | pa = virt_to_phys(addr); | ||
314 | + | ||
315 | + preempt_disable(); | ||
316 | for (; msz < size; msz += PAGE_SIZE, pa += PAGE_SIZE, cea += PAGE_SIZE) | ||
317 | cea_set_pte(cea, pa, prot); | ||
318 | + | ||
319 | + /* | ||
320 | + * This is a cross-CPU update of the cpu_entry_area, we must shoot down | ||
321 | + * all TLB entries for it. | ||
322 | + */ | ||
323 | + flush_tlb_kernel_range(start, start + size); | ||
324 | + preempt_enable(); | ||
325 | } | ||
326 | |||
327 | static void ds_clear_cea(void *cea, size_t size) | ||
328 | { | ||
329 | + unsigned long start = (unsigned long)cea; | ||
330 | size_t msz = 0; | ||
331 | |||
332 | + preempt_disable(); | ||
333 | for (; msz < size; msz += PAGE_SIZE, cea += PAGE_SIZE) | ||
334 | cea_set_pte(cea, 0, PAGE_NONE); | ||
335 | + | ||
336 | + flush_tlb_kernel_range(start, start + size); | ||
337 | + preempt_enable(); | ||
338 | } | ||
339 | |||
340 | static void *dsalloc_pages(size_t size, gfp_t flags, int cpu) | ||
341 | diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h | ||
342 | index dbfd0854651f..cf5961ca8677 100644 | ||
343 | --- a/arch/x86/include/asm/alternative.h | ||
344 | +++ b/arch/x86/include/asm/alternative.h | ||
345 | @@ -140,7 +140,7 @@ static inline int alternatives_text_reserved(void *start, void *end) | ||
346 | ".popsection\n" \ | ||
347 | ".pushsection .altinstr_replacement, \"ax\"\n" \ | ||
348 | ALTINSTR_REPLACEMENT(newinstr, feature, 1) \ | ||
349 | - ".popsection" | ||
350 | + ".popsection\n" | ||
351 | |||
352 | #define ALTERNATIVE_2(oldinstr, newinstr1, feature1, newinstr2, feature2)\ | ||
353 | OLDINSTR_2(oldinstr, 1, 2) \ | ||
354 | @@ -151,7 +151,7 @@ static inline int alternatives_text_reserved(void *start, void *end) | ||
355 | ".pushsection .altinstr_replacement, \"ax\"\n" \ | ||
356 | ALTINSTR_REPLACEMENT(newinstr1, feature1, 1) \ | ||
357 | ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \ | ||
358 | - ".popsection" | ||
359 | + ".popsection\n" | ||
360 | |||
361 | /* | ||
362 | * Alternative instructions for different CPU types or capabilities. | ||
363 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h | ||
364 | index 07cdd1715705..21ac898df2d8 100644 | ||
365 | --- a/arch/x86/include/asm/cpufeatures.h | ||
366 | +++ b/arch/x86/include/asm/cpufeatures.h | ||
367 | @@ -341,6 +341,6 @@ | ||
368 | #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on GS */ | ||
369 | #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */ | ||
370 | #define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */ | ||
371 | -#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */ | ||
372 | +#define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */ | ||
373 | |||
374 | #endif /* _ASM_X86_CPUFEATURES_H */ | ||
375 | diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h | ||
376 | index b97a539bcdee..6b8f73dcbc2c 100644 | ||
377 | --- a/arch/x86/include/asm/pgtable_64_types.h | ||
378 | +++ b/arch/x86/include/asm/pgtable_64_types.h | ||
379 | @@ -75,7 +75,13 @@ typedef struct { pteval_t pte; } pte_t; | ||
380 | #define PGDIR_SIZE (_AC(1, UL) << PGDIR_SHIFT) | ||
381 | #define PGDIR_MASK (~(PGDIR_SIZE - 1)) | ||
382 | |||
383 | -/* See Documentation/x86/x86_64/mm.txt for a description of the memory map. */ | ||
384 | +/* | ||
385 | + * See Documentation/x86/x86_64/mm.txt for a description of the memory map. | ||
386 | + * | ||
387 | + * Be very careful vs. KASLR when changing anything here. The KASLR address | ||
388 | + * range must not overlap with anything except the KASAN shadow area, which | ||
389 | + * is correct as KASAN disables KASLR. | ||
390 | + */ | ||
391 | #define MAXMEM _AC(__AC(1, UL) << MAX_PHYSMEM_BITS, UL) | ||
392 | |||
393 | #ifdef CONFIG_X86_5LEVEL | ||
394 | @@ -88,7 +94,7 @@ typedef struct { pteval_t pte; } pte_t; | ||
395 | # define VMALLOC_SIZE_TB _AC(32, UL) | ||
396 | # define __VMALLOC_BASE _AC(0xffffc90000000000, UL) | ||
397 | # define __VMEMMAP_BASE _AC(0xffffea0000000000, UL) | ||
398 | -# define LDT_PGD_ENTRY _AC(-4, UL) | ||
399 | +# define LDT_PGD_ENTRY _AC(-3, UL) | ||
400 | # define LDT_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT) | ||
401 | #endif | ||
402 | |||
403 | @@ -104,13 +110,13 @@ typedef struct { pteval_t pte; } pte_t; | ||
404 | |||
405 | #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) | ||
406 | /* The module sections ends with the start of the fixmap */ | ||
407 | -#define MODULES_END __fix_to_virt(__end_of_fixed_addresses + 1) | ||
408 | +#define MODULES_END _AC(0xffffffffff000000, UL) | ||
409 | #define MODULES_LEN (MODULES_END - MODULES_VADDR) | ||
410 | |||
411 | #define ESPFIX_PGD_ENTRY _AC(-2, UL) | ||
412 | #define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << P4D_SHIFT) | ||
413 | |||
414 | -#define CPU_ENTRY_AREA_PGD _AC(-3, UL) | ||
415 | +#define CPU_ENTRY_AREA_PGD _AC(-4, UL) | ||
416 | #define CPU_ENTRY_AREA_BASE (CPU_ENTRY_AREA_PGD << P4D_SHIFT) | ||
417 | |||
418 | #define EFI_VA_START ( -4 * (_AC(1, UL) << 30)) | ||
419 | diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile | ||
420 | index 90cb82dbba57..570e8bb1f386 100644 | ||
421 | --- a/arch/x86/kernel/cpu/Makefile | ||
422 | +++ b/arch/x86/kernel/cpu/Makefile | ||
423 | @@ -22,7 +22,7 @@ obj-y += common.o | ||
424 | obj-y += rdrand.o | ||
425 | obj-y += match.o | ||
426 | obj-y += bugs.o | ||
427 | -obj-$(CONFIG_CPU_FREQ) += aperfmperf.o | ||
428 | +obj-y += aperfmperf.o | ||
429 | obj-y += cpuid-deps.o | ||
430 | |||
431 | obj-$(CONFIG_PROC_FS) += proc.o | ||
432 | diff --git a/arch/x86/kernel/cpu/aperfmperf.c b/arch/x86/kernel/cpu/aperfmperf.c | ||
433 | index 0ee83321a313..7eba34df54c3 100644 | ||
434 | --- a/arch/x86/kernel/cpu/aperfmperf.c | ||
435 | +++ b/arch/x86/kernel/cpu/aperfmperf.c | ||
436 | @@ -14,6 +14,8 @@ | ||
437 | #include <linux/percpu.h> | ||
438 | #include <linux/smp.h> | ||
439 | |||
440 | +#include "cpu.h" | ||
441 | + | ||
442 | struct aperfmperf_sample { | ||
443 | unsigned int khz; | ||
444 | ktime_t time; | ||
445 | @@ -24,7 +26,7 @@ struct aperfmperf_sample { | ||
446 | static DEFINE_PER_CPU(struct aperfmperf_sample, samples); | ||
447 | |||
448 | #define APERFMPERF_CACHE_THRESHOLD_MS 10 | ||
449 | -#define APERFMPERF_REFRESH_DELAY_MS 20 | ||
450 | +#define APERFMPERF_REFRESH_DELAY_MS 10 | ||
451 | #define APERFMPERF_STALE_THRESHOLD_MS 1000 | ||
452 | |||
453 | /* | ||
454 | @@ -38,14 +40,8 @@ static void aperfmperf_snapshot_khz(void *dummy) | ||
455 | u64 aperf, aperf_delta; | ||
456 | u64 mperf, mperf_delta; | ||
457 | struct aperfmperf_sample *s = this_cpu_ptr(&samples); | ||
458 | - ktime_t now = ktime_get(); | ||
459 | - s64 time_delta = ktime_ms_delta(now, s->time); | ||
460 | unsigned long flags; | ||
461 | |||
462 | - /* Don't bother re-computing within the cache threshold time. */ | ||
463 | - if (time_delta < APERFMPERF_CACHE_THRESHOLD_MS) | ||
464 | - return; | ||
465 | - | ||
466 | local_irq_save(flags); | ||
467 | rdmsrl(MSR_IA32_APERF, aperf); | ||
468 | rdmsrl(MSR_IA32_MPERF, mperf); | ||
469 | @@ -61,31 +57,68 @@ static void aperfmperf_snapshot_khz(void *dummy) | ||
470 | if (mperf_delta == 0) | ||
471 | return; | ||
472 | |||
473 | - s->time = now; | ||
474 | + s->time = ktime_get(); | ||
475 | s->aperf = aperf; | ||
476 | s->mperf = mperf; | ||
477 | + s->khz = div64_u64((cpu_khz * aperf_delta), mperf_delta); | ||
478 | +} | ||
479 | |||
480 | - /* If the previous iteration was too long ago, discard it. */ | ||
481 | - if (time_delta > APERFMPERF_STALE_THRESHOLD_MS) | ||
482 | - s->khz = 0; | ||
483 | - else | ||
484 | - s->khz = div64_u64((cpu_khz * aperf_delta), mperf_delta); | ||
485 | +static bool aperfmperf_snapshot_cpu(int cpu, ktime_t now, bool wait) | ||
486 | +{ | ||
487 | + s64 time_delta = ktime_ms_delta(now, per_cpu(samples.time, cpu)); | ||
488 | + | ||
489 | + /* Don't bother re-computing within the cache threshold time. */ | ||
490 | + if (time_delta < APERFMPERF_CACHE_THRESHOLD_MS) | ||
491 | + return true; | ||
492 | + | ||
493 | + smp_call_function_single(cpu, aperfmperf_snapshot_khz, NULL, wait); | ||
494 | + | ||
495 | + /* Return false if the previous iteration was too long ago. */ | ||
496 | + return time_delta <= APERFMPERF_STALE_THRESHOLD_MS; | ||
497 | } | ||
498 | |||
499 | -unsigned int arch_freq_get_on_cpu(int cpu) | ||
500 | +unsigned int aperfmperf_get_khz(int cpu) | ||
501 | { | ||
502 | - unsigned int khz; | ||
503 | + if (!cpu_khz) | ||
504 | + return 0; | ||
505 | + | ||
506 | + if (!static_cpu_has(X86_FEATURE_APERFMPERF)) | ||
507 | + return 0; | ||
508 | |||
509 | + aperfmperf_snapshot_cpu(cpu, ktime_get(), true); | ||
510 | + return per_cpu(samples.khz, cpu); | ||
511 | +} | ||
512 | + | ||
513 | +void arch_freq_prepare_all(void) | ||
514 | +{ | ||
515 | + ktime_t now = ktime_get(); | ||
516 | + bool wait = false; | ||
517 | + int cpu; | ||
518 | + | ||
519 | + if (!cpu_khz) | ||
520 | + return; | ||
521 | + | ||
522 | + if (!static_cpu_has(X86_FEATURE_APERFMPERF)) | ||
523 | + return; | ||
524 | + | ||
525 | + for_each_online_cpu(cpu) | ||
526 | + if (!aperfmperf_snapshot_cpu(cpu, now, false)) | ||
527 | + wait = true; | ||
528 | + | ||
529 | + if (wait) | ||
530 | + msleep(APERFMPERF_REFRESH_DELAY_MS); | ||
531 | +} | ||
532 | + | ||
533 | +unsigned int arch_freq_get_on_cpu(int cpu) | ||
534 | +{ | ||
535 | if (!cpu_khz) | ||
536 | return 0; | ||
537 | |||
538 | if (!static_cpu_has(X86_FEATURE_APERFMPERF)) | ||
539 | return 0; | ||
540 | |||
541 | - smp_call_function_single(cpu, aperfmperf_snapshot_khz, NULL, 1); | ||
542 | - khz = per_cpu(samples.khz, cpu); | ||
543 | - if (khz) | ||
544 | - return khz; | ||
545 | + if (aperfmperf_snapshot_cpu(cpu, ktime_get(), true)) | ||
546 | + return per_cpu(samples.khz, cpu); | ||
547 | |||
548 | msleep(APERFMPERF_REFRESH_DELAY_MS); | ||
549 | smp_call_function_single(cpu, aperfmperf_snapshot_khz, NULL, 1); | ||
550 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | ||
551 | index b1be494ab4e8..2d3bd2215e5b 100644 | ||
552 | --- a/arch/x86/kernel/cpu/common.c | ||
553 | +++ b/arch/x86/kernel/cpu/common.c | ||
554 | @@ -900,7 +900,7 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) | ||
555 | setup_force_cpu_cap(X86_FEATURE_ALWAYS); | ||
556 | |||
557 | if (c->x86_vendor != X86_VENDOR_AMD) | ||
558 | - setup_force_cpu_bug(X86_BUG_CPU_INSECURE); | ||
559 | + setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); | ||
560 | |||
561 | fpu__init_system(c); | ||
562 | |||
563 | diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h | ||
564 | index f52a370b6c00..e806b11a99af 100644 | ||
565 | --- a/arch/x86/kernel/cpu/cpu.h | ||
566 | +++ b/arch/x86/kernel/cpu/cpu.h | ||
567 | @@ -47,4 +47,7 @@ extern const struct cpu_dev *const __x86_cpu_dev_start[], | ||
568 | |||
569 | extern void get_cpu_cap(struct cpuinfo_x86 *c); | ||
570 | extern void cpu_detect_cache_sizes(struct cpuinfo_x86 *c); | ||
571 | + | ||
572 | +unsigned int aperfmperf_get_khz(int cpu); | ||
573 | + | ||
574 | #endif /* ARCH_X86_CPU_H */ | ||
575 | diff --git a/arch/x86/kernel/cpu/microcode/amd.c b/arch/x86/kernel/cpu/microcode/amd.c | ||
576 | index c6daec4bdba5..330b8462d426 100644 | ||
577 | --- a/arch/x86/kernel/cpu/microcode/amd.c | ||
578 | +++ b/arch/x86/kernel/cpu/microcode/amd.c | ||
579 | @@ -470,6 +470,7 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size, | ||
580 | #define F14H_MPB_MAX_SIZE 1824 | ||
581 | #define F15H_MPB_MAX_SIZE 4096 | ||
582 | #define F16H_MPB_MAX_SIZE 3458 | ||
583 | +#define F17H_MPB_MAX_SIZE 3200 | ||
584 | |||
585 | switch (family) { | ||
586 | case 0x14: | ||
587 | @@ -481,6 +482,9 @@ static unsigned int verify_patch_size(u8 family, u32 patch_size, | ||
588 | case 0x16: | ||
589 | max_size = F16H_MPB_MAX_SIZE; | ||
590 | break; | ||
591 | + case 0x17: | ||
592 | + max_size = F17H_MPB_MAX_SIZE; | ||
593 | + break; | ||
594 | default: | ||
595 | max_size = F1XH_MPB_MAX_SIZE; | ||
596 | break; | ||
597 | diff --git a/arch/x86/kernel/cpu/proc.c b/arch/x86/kernel/cpu/proc.c | ||
598 | index 6b7e17bf0b71..e7ecedafa1c8 100644 | ||
599 | --- a/arch/x86/kernel/cpu/proc.c | ||
600 | +++ b/arch/x86/kernel/cpu/proc.c | ||
601 | @@ -5,6 +5,8 @@ | ||
602 | #include <linux/seq_file.h> | ||
603 | #include <linux/cpufreq.h> | ||
604 | |||
605 | +#include "cpu.h" | ||
606 | + | ||
607 | /* | ||
608 | * Get CPU information for use by the procfs. | ||
609 | */ | ||
610 | @@ -78,8 +80,10 @@ static int show_cpuinfo(struct seq_file *m, void *v) | ||
611 | seq_printf(m, "microcode\t: 0x%x\n", c->microcode); | ||
612 | |||
613 | if (cpu_has(c, X86_FEATURE_TSC)) { | ||
614 | - unsigned int freq = cpufreq_quick_get(cpu); | ||
615 | + unsigned int freq = aperfmperf_get_khz(cpu); | ||
616 | |||
617 | + if (!freq) | ||
618 | + freq = cpufreq_quick_get(cpu); | ||
619 | if (!freq) | ||
620 | freq = cpu_khz; | ||
621 | seq_printf(m, "cpu MHz\t\t: %u.%03u\n", | ||
622 | diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c | ||
623 | index f56902c1f04b..2a4849e92831 100644 | ||
624 | --- a/arch/x86/mm/dump_pagetables.c | ||
625 | +++ b/arch/x86/mm/dump_pagetables.c | ||
626 | @@ -61,10 +61,10 @@ enum address_markers_idx { | ||
627 | KASAN_SHADOW_START_NR, | ||
628 | KASAN_SHADOW_END_NR, | ||
629 | #endif | ||
630 | + CPU_ENTRY_AREA_NR, | ||
631 | #if defined(CONFIG_MODIFY_LDT_SYSCALL) && !defined(CONFIG_X86_5LEVEL) | ||
632 | LDT_NR, | ||
633 | #endif | ||
634 | - CPU_ENTRY_AREA_NR, | ||
635 | #ifdef CONFIG_X86_ESPFIX64 | ||
636 | ESPFIX_START_NR, | ||
637 | #endif | ||
638 | diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c | ||
639 | index 80259ad8c386..6b462a472a7b 100644 | ||
640 | --- a/arch/x86/mm/init.c | ||
641 | +++ b/arch/x86/mm/init.c | ||
642 | @@ -870,7 +870,7 @@ __visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate) = { | ||
643 | .next_asid = 1, | ||
644 | .cr4 = ~0UL, /* fail hard if we screw up cr4 shadow initialization */ | ||
645 | }; | ||
646 | -EXPORT_SYMBOL_GPL(cpu_tlbstate); | ||
647 | +EXPORT_PER_CPU_SYMBOL(cpu_tlbstate); | ||
648 | |||
649 | void update_cache_mode_entry(unsigned entry, enum page_cache_mode cache) | ||
650 | { | ||
651 | diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c | ||
652 | index 879ef930e2c2..aedebd2ebf1e 100644 | ||
653 | --- a/arch/x86/mm/kaslr.c | ||
654 | +++ b/arch/x86/mm/kaslr.c | ||
655 | @@ -34,25 +34,14 @@ | ||
656 | #define TB_SHIFT 40 | ||
657 | |||
658 | /* | ||
659 | - * Virtual address start and end range for randomization. The end changes base | ||
660 | - * on configuration to have the highest amount of space for randomization. | ||
661 | - * It increases the possible random position for each randomized region. | ||
662 | + * Virtual address start and end range for randomization. | ||
663 | * | ||
664 | - * You need to add an if/def entry if you introduce a new memory region | ||
665 | - * compatible with KASLR. Your entry must be in logical order with memory | ||
666 | - * layout. For example, ESPFIX is before EFI because its virtual address is | ||
667 | - * before. You also need to add a BUILD_BUG_ON() in kernel_randomize_memory() to | ||
668 | - * ensure that this order is correct and won't be changed. | ||
669 | + * The end address could depend on more configuration options to make the | ||
670 | + * highest amount of space for randomization available, but that's too hard | ||
671 | + * to keep straight and caused issues already. | ||
672 | */ | ||
673 | static const unsigned long vaddr_start = __PAGE_OFFSET_BASE; | ||
674 | - | ||
675 | -#if defined(CONFIG_X86_ESPFIX64) | ||
676 | -static const unsigned long vaddr_end = ESPFIX_BASE_ADDR; | ||
677 | -#elif defined(CONFIG_EFI) | ||
678 | -static const unsigned long vaddr_end = EFI_VA_END; | ||
679 | -#else | ||
680 | -static const unsigned long vaddr_end = __START_KERNEL_map; | ||
681 | -#endif | ||
682 | +static const unsigned long vaddr_end = CPU_ENTRY_AREA_BASE; | ||
683 | |||
684 | /* Default values */ | ||
685 | unsigned long page_offset_base = __PAGE_OFFSET_BASE; | ||
686 | @@ -101,15 +90,12 @@ void __init kernel_randomize_memory(void) | ||
687 | unsigned long remain_entropy; | ||
688 | |||
689 | /* | ||
690 | - * All these BUILD_BUG_ON checks ensures the memory layout is | ||
691 | - * consistent with the vaddr_start/vaddr_end variables. | ||
692 | + * These BUILD_BUG_ON checks ensure the memory layout is consistent | ||
693 | + * with the vaddr_start/vaddr_end variables. These checks are very | ||
694 | + * limited.... | ||
695 | */ | ||
696 | BUILD_BUG_ON(vaddr_start >= vaddr_end); | ||
697 | - BUILD_BUG_ON(IS_ENABLED(CONFIG_X86_ESPFIX64) && | ||
698 | - vaddr_end >= EFI_VA_END); | ||
699 | - BUILD_BUG_ON((IS_ENABLED(CONFIG_X86_ESPFIX64) || | ||
700 | - IS_ENABLED(CONFIG_EFI)) && | ||
701 | - vaddr_end >= __START_KERNEL_map); | ||
702 | + BUILD_BUG_ON(vaddr_end != CPU_ENTRY_AREA_BASE); | ||
703 | BUILD_BUG_ON(vaddr_end > __START_KERNEL_map); | ||
704 | |||
705 | if (!kaslr_memory_enabled()) | ||
706 | diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c | ||
707 | index 2da28ba97508..43d4a4a29037 100644 | ||
708 | --- a/arch/x86/mm/pti.c | ||
709 | +++ b/arch/x86/mm/pti.c | ||
710 | @@ -56,13 +56,13 @@ | ||
711 | |||
712 | static void __init pti_print_if_insecure(const char *reason) | ||
713 | { | ||
714 | - if (boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) | ||
715 | + if (boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) | ||
716 | pr_info("%s\n", reason); | ||
717 | } | ||
718 | |||
719 | static void __init pti_print_if_secure(const char *reason) | ||
720 | { | ||
721 | - if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) | ||
722 | + if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) | ||
723 | pr_info("%s\n", reason); | ||
724 | } | ||
725 | |||
726 | @@ -96,7 +96,7 @@ void __init pti_check_boottime_disable(void) | ||
727 | } | ||
728 | |||
729 | autosel: | ||
730 | - if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) | ||
731 | + if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN)) | ||
732 | return; | ||
733 | enable: | ||
734 | setup_force_cpu_cap(X86_FEATURE_PTI); | ||
735 | diff --git a/arch/x86/platform/efi/quirks.c b/arch/x86/platform/efi/quirks.c | ||
736 | index 8a99a2e96537..5b513ccffde4 100644 | ||
737 | --- a/arch/x86/platform/efi/quirks.c | ||
738 | +++ b/arch/x86/platform/efi/quirks.c | ||
739 | @@ -592,7 +592,18 @@ static int qrk_capsule_setup_info(struct capsule_info *cap_info, void **pkbuff, | ||
740 | /* | ||
741 | * Update the first page pointer to skip over the CSH header. | ||
742 | */ | ||
743 | - cap_info->pages[0] += csh->headersize; | ||
744 | + cap_info->phys[0] += csh->headersize; | ||
745 | + | ||
746 | + /* | ||
747 | + * cap_info->capsule should point at a virtual mapping of the entire | ||
748 | + * capsule, starting at the capsule header. Our image has the Quark | ||
749 | + * security header prepended, so we cannot rely on the default vmap() | ||
750 | + * mapping created by the generic capsule code. | ||
751 | + * Given that the Quark firmware does not appear to care about the | ||
752 | + * virtual mapping, let's just point cap_info->capsule at our copy | ||
753 | + * of the capsule header. | ||
754 | + */ | ||
755 | + cap_info->capsule = &cap_info->header; | ||
756 | |||
757 | return 1; | ||
758 | } | ||
759 | diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c | ||
760 | index db1bc3147bc4..600afa99941f 100644 | ||
761 | --- a/crypto/chacha20poly1305.c | ||
762 | +++ b/crypto/chacha20poly1305.c | ||
763 | @@ -610,6 +610,11 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb, | ||
764 | algt->mask)); | ||
765 | if (IS_ERR(poly)) | ||
766 | return PTR_ERR(poly); | ||
767 | + poly_hash = __crypto_hash_alg_common(poly); | ||
768 | + | ||
769 | + err = -EINVAL; | ||
770 | + if (poly_hash->digestsize != POLY1305_DIGEST_SIZE) | ||
771 | + goto out_put_poly; | ||
772 | |||
773 | err = -ENOMEM; | ||
774 | inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL); | ||
775 | @@ -618,7 +623,6 @@ static int chachapoly_create(struct crypto_template *tmpl, struct rtattr **tb, | ||
776 | |||
777 | ctx = aead_instance_ctx(inst); | ||
778 | ctx->saltlen = CHACHAPOLY_IV_SIZE - ivsize; | ||
779 | - poly_hash = __crypto_hash_alg_common(poly); | ||
780 | err = crypto_init_ahash_spawn(&ctx->poly, poly_hash, | ||
781 | aead_crypto_instance(inst)); | ||
782 | if (err) | ||
783 | diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c | ||
784 | index ee9cfb99fe25..f8ec3d4ba4a8 100644 | ||
785 | --- a/crypto/pcrypt.c | ||
786 | +++ b/crypto/pcrypt.c | ||
787 | @@ -254,6 +254,14 @@ static void pcrypt_aead_exit_tfm(struct crypto_aead *tfm) | ||
788 | crypto_free_aead(ctx->child); | ||
789 | } | ||
790 | |||
791 | +static void pcrypt_free(struct aead_instance *inst) | ||
792 | +{ | ||
793 | + struct pcrypt_instance_ctx *ctx = aead_instance_ctx(inst); | ||
794 | + | ||
795 | + crypto_drop_aead(&ctx->spawn); | ||
796 | + kfree(inst); | ||
797 | +} | ||
798 | + | ||
799 | static int pcrypt_init_instance(struct crypto_instance *inst, | ||
800 | struct crypto_alg *alg) | ||
801 | { | ||
802 | @@ -319,6 +327,8 @@ static int pcrypt_create_aead(struct crypto_template *tmpl, struct rtattr **tb, | ||
803 | inst->alg.encrypt = pcrypt_aead_encrypt; | ||
804 | inst->alg.decrypt = pcrypt_aead_decrypt; | ||
805 | |||
806 | + inst->free = pcrypt_free; | ||
807 | + | ||
808 | err = aead_register_instance(tmpl, inst); | ||
809 | if (err) | ||
810 | goto out_drop_aead; | ||
811 | @@ -349,14 +359,6 @@ static int pcrypt_create(struct crypto_template *tmpl, struct rtattr **tb) | ||
812 | return -EINVAL; | ||
813 | } | ||
814 | |||
815 | -static void pcrypt_free(struct crypto_instance *inst) | ||
816 | -{ | ||
817 | - struct pcrypt_instance_ctx *ctx = crypto_instance_ctx(inst); | ||
818 | - | ||
819 | - crypto_drop_aead(&ctx->spawn); | ||
820 | - kfree(inst); | ||
821 | -} | ||
822 | - | ||
823 | static int pcrypt_cpumask_change_notify(struct notifier_block *self, | ||
824 | unsigned long val, void *data) | ||
825 | { | ||
826 | @@ -469,7 +471,6 @@ static void pcrypt_fini_padata(struct padata_pcrypt *pcrypt) | ||
827 | static struct crypto_template pcrypt_tmpl = { | ||
828 | .name = "pcrypt", | ||
829 | .create = pcrypt_create, | ||
830 | - .free = pcrypt_free, | ||
831 | .module = THIS_MODULE, | ||
832 | }; | ||
833 | |||
834 | diff --git a/drivers/bus/sunxi-rsb.c b/drivers/bus/sunxi-rsb.c | ||
835 | index 328ca93781cf..1b76d9585902 100644 | ||
836 | --- a/drivers/bus/sunxi-rsb.c | ||
837 | +++ b/drivers/bus/sunxi-rsb.c | ||
838 | @@ -178,6 +178,7 @@ static struct bus_type sunxi_rsb_bus = { | ||
839 | .match = sunxi_rsb_device_match, | ||
840 | .probe = sunxi_rsb_device_probe, | ||
841 | .remove = sunxi_rsb_device_remove, | ||
842 | + .uevent = of_device_uevent_modalias, | ||
843 | }; | ||
844 | |||
845 | static void sunxi_rsb_dev_release(struct device *dev) | ||
846 | diff --git a/drivers/crypto/chelsio/Kconfig b/drivers/crypto/chelsio/Kconfig | ||
847 | index 3e104f5aa0c2..b56b3f711d94 100644 | ||
848 | --- a/drivers/crypto/chelsio/Kconfig | ||
849 | +++ b/drivers/crypto/chelsio/Kconfig | ||
850 | @@ -5,6 +5,7 @@ config CRYPTO_DEV_CHELSIO | ||
851 | select CRYPTO_SHA256 | ||
852 | select CRYPTO_SHA512 | ||
853 | select CRYPTO_AUTHENC | ||
854 | + select CRYPTO_GF128MUL | ||
855 | ---help--- | ||
856 | The Chelsio Crypto Co-processor driver for T6 adapters. | ||
857 | |||
858 | diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c | ||
859 | index a9fd8b9e86cd..699ee5a9a8f9 100644 | ||
860 | --- a/drivers/crypto/n2_core.c | ||
861 | +++ b/drivers/crypto/n2_core.c | ||
862 | @@ -1625,6 +1625,7 @@ static int queue_cache_init(void) | ||
863 | CWQ_ENTRY_SIZE, 0, NULL); | ||
864 | if (!queue_cache[HV_NCS_QTYPE_CWQ - 1]) { | ||
865 | kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_MAU - 1]); | ||
866 | + queue_cache[HV_NCS_QTYPE_MAU - 1] = NULL; | ||
867 | return -ENOMEM; | ||
868 | } | ||
869 | return 0; | ||
870 | @@ -1634,6 +1635,8 @@ static void queue_cache_destroy(void) | ||
871 | { | ||
872 | kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_MAU - 1]); | ||
873 | kmem_cache_destroy(queue_cache[HV_NCS_QTYPE_CWQ - 1]); | ||
874 | + queue_cache[HV_NCS_QTYPE_MAU - 1] = NULL; | ||
875 | + queue_cache[HV_NCS_QTYPE_CWQ - 1] = NULL; | ||
876 | } | ||
877 | |||
878 | static long spu_queue_register_workfn(void *arg) | ||
879 | diff --git a/drivers/firmware/efi/capsule-loader.c b/drivers/firmware/efi/capsule-loader.c | ||
880 | index ec8ac5c4dd84..055e2e8f985a 100644 | ||
881 | --- a/drivers/firmware/efi/capsule-loader.c | ||
882 | +++ b/drivers/firmware/efi/capsule-loader.c | ||
883 | @@ -20,10 +20,6 @@ | ||
884 | |||
885 | #define NO_FURTHER_WRITE_ACTION -1 | ||
886 | |||
887 | -#ifndef phys_to_page | ||
888 | -#define phys_to_page(x) pfn_to_page((x) >> PAGE_SHIFT) | ||
889 | -#endif | ||
890 | - | ||
891 | /** | ||
892 | * efi_free_all_buff_pages - free all previous allocated buffer pages | ||
893 | * @cap_info: pointer to current instance of capsule_info structure | ||
894 | @@ -35,7 +31,7 @@ | ||
895 | static void efi_free_all_buff_pages(struct capsule_info *cap_info) | ||
896 | { | ||
897 | while (cap_info->index > 0) | ||
898 | - __free_page(phys_to_page(cap_info->pages[--cap_info->index])); | ||
899 | + __free_page(cap_info->pages[--cap_info->index]); | ||
900 | |||
901 | cap_info->index = NO_FURTHER_WRITE_ACTION; | ||
902 | } | ||
903 | @@ -71,6 +67,14 @@ int __efi_capsule_setup_info(struct capsule_info *cap_info) | ||
904 | |||
905 | cap_info->pages = temp_page; | ||
906 | |||
907 | + temp_page = krealloc(cap_info->phys, | ||
908 | + pages_needed * sizeof(phys_addr_t *), | ||
909 | + GFP_KERNEL | __GFP_ZERO); | ||
910 | + if (!temp_page) | ||
911 | + return -ENOMEM; | ||
912 | + | ||
913 | + cap_info->phys = temp_page; | ||
914 | + | ||
915 | return 0; | ||
916 | } | ||
917 | |||
918 | @@ -105,9 +109,24 @@ int __weak efi_capsule_setup_info(struct capsule_info *cap_info, void *kbuff, | ||
919 | **/ | ||
920 | static ssize_t efi_capsule_submit_update(struct capsule_info *cap_info) | ||
921 | { | ||
922 | + bool do_vunmap = false; | ||
923 | int ret; | ||
924 | |||
925 | - ret = efi_capsule_update(&cap_info->header, cap_info->pages); | ||
926 | + /* | ||
927 | + * cap_info->capsule may have been assigned already by a quirk | ||
928 | + * handler, so only overwrite it if it is NULL | ||
929 | + */ | ||
930 | + if (!cap_info->capsule) { | ||
931 | + cap_info->capsule = vmap(cap_info->pages, cap_info->index, | ||
932 | + VM_MAP, PAGE_KERNEL); | ||
933 | + if (!cap_info->capsule) | ||
934 | + return -ENOMEM; | ||
935 | + do_vunmap = true; | ||
936 | + } | ||
937 | + | ||
938 | + ret = efi_capsule_update(cap_info->capsule, cap_info->phys); | ||
939 | + if (do_vunmap) | ||
940 | + vunmap(cap_info->capsule); | ||
941 | if (ret) { | ||
942 | pr_err("capsule update failed\n"); | ||
943 | return ret; | ||
944 | @@ -165,10 +184,12 @@ static ssize_t efi_capsule_write(struct file *file, const char __user *buff, | ||
945 | goto failed; | ||
946 | } | ||
947 | |||
948 | - cap_info->pages[cap_info->index++] = page_to_phys(page); | ||
949 | + cap_info->pages[cap_info->index] = page; | ||
950 | + cap_info->phys[cap_info->index] = page_to_phys(page); | ||
951 | cap_info->page_bytes_remain = PAGE_SIZE; | ||
952 | + cap_info->index++; | ||
953 | } else { | ||
954 | - page = phys_to_page(cap_info->pages[cap_info->index - 1]); | ||
955 | + page = cap_info->pages[cap_info->index - 1]; | ||
956 | } | ||
957 | |||
958 | kbuff = kmap(page); | ||
959 | @@ -252,6 +273,7 @@ static int efi_capsule_release(struct inode *inode, struct file *file) | ||
960 | struct capsule_info *cap_info = file->private_data; | ||
961 | |||
962 | kfree(cap_info->pages); | ||
963 | + kfree(cap_info->phys); | ||
964 | kfree(file->private_data); | ||
965 | file->private_data = NULL; | ||
966 | return 0; | ||
967 | @@ -281,6 +303,13 @@ static int efi_capsule_open(struct inode *inode, struct file *file) | ||
968 | return -ENOMEM; | ||
969 | } | ||
970 | |||
971 | + cap_info->phys = kzalloc(sizeof(void *), GFP_KERNEL); | ||
972 | + if (!cap_info->phys) { | ||
973 | + kfree(cap_info->pages); | ||
974 | + kfree(cap_info); | ||
975 | + return -ENOMEM; | ||
976 | + } | ||
977 | + | ||
978 | file->private_data = cap_info; | ||
979 | |||
980 | return 0; | ||
981 | diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h | ||
982 | index c9bcc6c45012..ce2ed16f2a30 100644 | ||
983 | --- a/drivers/gpu/drm/i915/i915_reg.h | ||
984 | +++ b/drivers/gpu/drm/i915/i915_reg.h | ||
985 | @@ -6944,6 +6944,7 @@ enum { | ||
986 | #define RESET_PCH_HANDSHAKE_ENABLE (1<<4) | ||
987 | |||
988 | #define GEN8_CHICKEN_DCPR_1 _MMIO(0x46430) | ||
989 | +#define SKL_SELECT_ALTERNATE_DC_EXIT (1<<30) | ||
990 | #define MASK_WAKEMEM (1<<13) | ||
991 | |||
992 | #define SKL_DFSM _MMIO(0x51000) | ||
993 | @@ -8475,6 +8476,7 @@ enum skl_power_gate { | ||
994 | #define BXT_CDCLK_CD2X_DIV_SEL_2 (2<<22) | ||
995 | #define BXT_CDCLK_CD2X_DIV_SEL_4 (3<<22) | ||
996 | #define BXT_CDCLK_CD2X_PIPE(pipe) ((pipe)<<20) | ||
997 | +#define CDCLK_DIVMUX_CD_OVERRIDE (1<<19) | ||
998 | #define BXT_CDCLK_CD2X_PIPE_NONE BXT_CDCLK_CD2X_PIPE(3) | ||
999 | #define BXT_CDCLK_SSA_PRECHARGE_ENABLE (1<<16) | ||
1000 | #define CDCLK_FREQ_DECIMAL_MASK (0x7ff) | ||
1001 | diff --git a/drivers/gpu/drm/i915/intel_cdclk.c b/drivers/gpu/drm/i915/intel_cdclk.c | ||
1002 | index 1241e5891b29..26a8dcd2c549 100644 | ||
1003 | --- a/drivers/gpu/drm/i915/intel_cdclk.c | ||
1004 | +++ b/drivers/gpu/drm/i915/intel_cdclk.c | ||
1005 | @@ -859,16 +859,10 @@ static void skl_set_preferred_cdclk_vco(struct drm_i915_private *dev_priv, | ||
1006 | |||
1007 | static void skl_dpll0_enable(struct drm_i915_private *dev_priv, int vco) | ||
1008 | { | ||
1009 | - int min_cdclk = skl_calc_cdclk(0, vco); | ||
1010 | u32 val; | ||
1011 | |||
1012 | WARN_ON(vco != 8100000 && vco != 8640000); | ||
1013 | |||
1014 | - /* select the minimum CDCLK before enabling DPLL 0 */ | ||
1015 | - val = CDCLK_FREQ_337_308 | skl_cdclk_decimal(min_cdclk); | ||
1016 | - I915_WRITE(CDCLK_CTL, val); | ||
1017 | - POSTING_READ(CDCLK_CTL); | ||
1018 | - | ||
1019 | /* | ||
1020 | * We always enable DPLL0 with the lowest link rate possible, but still | ||
1021 | * taking into account the VCO required to operate the eDP panel at the | ||
1022 | @@ -922,7 +916,7 @@ static void skl_set_cdclk(struct drm_i915_private *dev_priv, | ||
1023 | { | ||
1024 | int cdclk = cdclk_state->cdclk; | ||
1025 | int vco = cdclk_state->vco; | ||
1026 | - u32 freq_select, pcu_ack; | ||
1027 | + u32 freq_select, pcu_ack, cdclk_ctl; | ||
1028 | int ret; | ||
1029 | |||
1030 | WARN_ON((cdclk == 24000) != (vco == 0)); | ||
1031 | @@ -939,7 +933,7 @@ static void skl_set_cdclk(struct drm_i915_private *dev_priv, | ||
1032 | return; | ||
1033 | } | ||
1034 | |||
1035 | - /* set CDCLK_CTL */ | ||
1036 | + /* Choose frequency for this cdclk */ | ||
1037 | switch (cdclk) { | ||
1038 | case 450000: | ||
1039 | case 432000: | ||
1040 | @@ -967,10 +961,33 @@ static void skl_set_cdclk(struct drm_i915_private *dev_priv, | ||
1041 | dev_priv->cdclk.hw.vco != vco) | ||
1042 | skl_dpll0_disable(dev_priv); | ||
1043 | |||
1044 | + cdclk_ctl = I915_READ(CDCLK_CTL); | ||
1045 | + | ||
1046 | + if (dev_priv->cdclk.hw.vco != vco) { | ||
1047 | + /* Wa Display #1183: skl,kbl,cfl */ | ||
1048 | + cdclk_ctl &= ~(CDCLK_FREQ_SEL_MASK | CDCLK_FREQ_DECIMAL_MASK); | ||
1049 | + cdclk_ctl |= freq_select | skl_cdclk_decimal(cdclk); | ||
1050 | + I915_WRITE(CDCLK_CTL, cdclk_ctl); | ||
1051 | + } | ||
1052 | + | ||
1053 | + /* Wa Display #1183: skl,kbl,cfl */ | ||
1054 | + cdclk_ctl |= CDCLK_DIVMUX_CD_OVERRIDE; | ||
1055 | + I915_WRITE(CDCLK_CTL, cdclk_ctl); | ||
1056 | + POSTING_READ(CDCLK_CTL); | ||
1057 | + | ||
1058 | if (dev_priv->cdclk.hw.vco != vco) | ||
1059 | skl_dpll0_enable(dev_priv, vco); | ||
1060 | |||
1061 | - I915_WRITE(CDCLK_CTL, freq_select | skl_cdclk_decimal(cdclk)); | ||
1062 | + /* Wa Display #1183: skl,kbl,cfl */ | ||
1063 | + cdclk_ctl &= ~(CDCLK_FREQ_SEL_MASK | CDCLK_FREQ_DECIMAL_MASK); | ||
1064 | + I915_WRITE(CDCLK_CTL, cdclk_ctl); | ||
1065 | + | ||
1066 | + cdclk_ctl |= freq_select | skl_cdclk_decimal(cdclk); | ||
1067 | + I915_WRITE(CDCLK_CTL, cdclk_ctl); | ||
1068 | + | ||
1069 | + /* Wa Display #1183: skl,kbl,cfl */ | ||
1070 | + cdclk_ctl &= ~CDCLK_DIVMUX_CD_OVERRIDE; | ||
1071 | + I915_WRITE(CDCLK_CTL, cdclk_ctl); | ||
1072 | POSTING_READ(CDCLK_CTL); | ||
1073 | |||
1074 | /* inform PCU of the change */ | ||
1075 | diff --git a/drivers/gpu/drm/i915/intel_runtime_pm.c b/drivers/gpu/drm/i915/intel_runtime_pm.c | ||
1076 | index 49577eba8e7e..51cb5293bf43 100644 | ||
1077 | --- a/drivers/gpu/drm/i915/intel_runtime_pm.c | ||
1078 | +++ b/drivers/gpu/drm/i915/intel_runtime_pm.c | ||
1079 | @@ -598,6 +598,11 @@ void gen9_enable_dc5(struct drm_i915_private *dev_priv) | ||
1080 | |||
1081 | DRM_DEBUG_KMS("Enabling DC5\n"); | ||
1082 | |||
1083 | + /* Wa Display #1183: skl,kbl,cfl */ | ||
1084 | + if (IS_GEN9_BC(dev_priv)) | ||
1085 | + I915_WRITE(GEN8_CHICKEN_DCPR_1, I915_READ(GEN8_CHICKEN_DCPR_1) | | ||
1086 | + SKL_SELECT_ALTERNATE_DC_EXIT); | ||
1087 | + | ||
1088 | gen9_set_dc_state(dev_priv, DC_STATE_EN_UPTO_DC5); | ||
1089 | } | ||
1090 | |||
1091 | @@ -625,6 +630,11 @@ void skl_disable_dc6(struct drm_i915_private *dev_priv) | ||
1092 | { | ||
1093 | DRM_DEBUG_KMS("Disabling DC6\n"); | ||
1094 | |||
1095 | + /* Wa Display #1183: skl,kbl,cfl */ | ||
1096 | + if (IS_GEN9_BC(dev_priv)) | ||
1097 | + I915_WRITE(GEN8_CHICKEN_DCPR_1, I915_READ(GEN8_CHICKEN_DCPR_1) | | ||
1098 | + SKL_SELECT_ALTERNATE_DC_EXIT); | ||
1099 | + | ||
1100 | gen9_set_dc_state(dev_priv, DC_STATE_DISABLE); | ||
1101 | } | ||
1102 | |||
1103 | @@ -1786,6 +1796,7 @@ void intel_display_power_put(struct drm_i915_private *dev_priv, | ||
1104 | GLK_DISPLAY_POWERWELL_2_POWER_DOMAINS | \ | ||
1105 | BIT_ULL(POWER_DOMAIN_MODESET) | \ | ||
1106 | BIT_ULL(POWER_DOMAIN_AUX_A) | \ | ||
1107 | + BIT_ULL(POWER_DOMAIN_GMBUS) | \ | ||
1108 | BIT_ULL(POWER_DOMAIN_INIT)) | ||
1109 | |||
1110 | #define CNL_DISPLAY_POWERWELL_2_POWER_DOMAINS ( \ | ||
1111 | diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c | ||
1112 | index b84cd978fce2..a4aaa748e987 100644 | ||
1113 | --- a/drivers/input/mouse/elantech.c | ||
1114 | +++ b/drivers/input/mouse/elantech.c | ||
1115 | @@ -1613,7 +1613,7 @@ static int elantech_set_properties(struct elantech_data *etd) | ||
1116 | case 5: | ||
1117 | etd->hw_version = 3; | ||
1118 | break; | ||
1119 | - case 6 ... 14: | ||
1120 | + case 6 ... 15: | ||
1121 | etd->hw_version = 4; | ||
1122 | break; | ||
1123 | default: | ||
1124 | diff --git a/drivers/iommu/arm-smmu-v3.c b/drivers/iommu/arm-smmu-v3.c | ||
1125 | index e67ba6c40faf..8f7a3c00b6cf 100644 | ||
1126 | --- a/drivers/iommu/arm-smmu-v3.c | ||
1127 | +++ b/drivers/iommu/arm-smmu-v3.c | ||
1128 | @@ -1611,13 +1611,15 @@ static int arm_smmu_domain_finalise(struct iommu_domain *domain) | ||
1129 | domain->pgsize_bitmap = pgtbl_cfg.pgsize_bitmap; | ||
1130 | domain->geometry.aperture_end = (1UL << ias) - 1; | ||
1131 | domain->geometry.force_aperture = true; | ||
1132 | - smmu_domain->pgtbl_ops = pgtbl_ops; | ||
1133 | |||
1134 | ret = finalise_stage_fn(smmu_domain, &pgtbl_cfg); | ||
1135 | - if (ret < 0) | ||
1136 | + if (ret < 0) { | ||
1137 | free_io_pgtable_ops(pgtbl_ops); | ||
1138 | + return ret; | ||
1139 | + } | ||
1140 | |||
1141 | - return ret; | ||
1142 | + smmu_domain->pgtbl_ops = pgtbl_ops; | ||
1143 | + return 0; | ||
1144 | } | ||
1145 | |||
1146 | static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid) | ||
1147 | @@ -1644,7 +1646,7 @@ static __le64 *arm_smmu_get_step_for_sid(struct arm_smmu_device *smmu, u32 sid) | ||
1148 | |||
1149 | static void arm_smmu_install_ste_for_dev(struct iommu_fwspec *fwspec) | ||
1150 | { | ||
1151 | - int i; | ||
1152 | + int i, j; | ||
1153 | struct arm_smmu_master_data *master = fwspec->iommu_priv; | ||
1154 | struct arm_smmu_device *smmu = master->smmu; | ||
1155 | |||
1156 | @@ -1652,6 +1654,13 @@ static void arm_smmu_install_ste_for_dev(struct iommu_fwspec *fwspec) | ||
1157 | u32 sid = fwspec->ids[i]; | ||
1158 | __le64 *step = arm_smmu_get_step_for_sid(smmu, sid); | ||
1159 | |||
1160 | + /* Bridged PCI devices may end up with duplicated IDs */ | ||
1161 | + for (j = 0; j < i; j++) | ||
1162 | + if (fwspec->ids[j] == sid) | ||
1163 | + break; | ||
1164 | + if (j < i) | ||
1165 | + continue; | ||
1166 | + | ||
1167 | arm_smmu_write_strtab_ent(smmu, sid, step, &master->ste); | ||
1168 | } | ||
1169 | } | ||
1170 | diff --git a/drivers/mtd/nand/pxa3xx_nand.c b/drivers/mtd/nand/pxa3xx_nand.c | ||
1171 | index 85cff68643e0..125b744c9c28 100644 | ||
1172 | --- a/drivers/mtd/nand/pxa3xx_nand.c | ||
1173 | +++ b/drivers/mtd/nand/pxa3xx_nand.c | ||
1174 | @@ -950,6 +950,7 @@ static void prepare_start_command(struct pxa3xx_nand_info *info, int command) | ||
1175 | |||
1176 | switch (command) { | ||
1177 | case NAND_CMD_READ0: | ||
1178 | + case NAND_CMD_READOOB: | ||
1179 | case NAND_CMD_PAGEPROG: | ||
1180 | info->use_ecc = 1; | ||
1181 | break; | ||
1182 | diff --git a/fs/btrfs/delayed-inode.c b/fs/btrfs/delayed-inode.c | ||
1183 | index 19e4ad2f3f2e..0c4b690cf761 100644 | ||
1184 | --- a/fs/btrfs/delayed-inode.c | ||
1185 | +++ b/fs/btrfs/delayed-inode.c | ||
1186 | @@ -87,6 +87,7 @@ static struct btrfs_delayed_node *btrfs_get_delayed_node( | ||
1187 | |||
1188 | spin_lock(&root->inode_lock); | ||
1189 | node = radix_tree_lookup(&root->delayed_nodes_tree, ino); | ||
1190 | + | ||
1191 | if (node) { | ||
1192 | if (btrfs_inode->delayed_node) { | ||
1193 | refcount_inc(&node->refs); /* can be accessed */ | ||
1194 | @@ -94,9 +95,30 @@ static struct btrfs_delayed_node *btrfs_get_delayed_node( | ||
1195 | spin_unlock(&root->inode_lock); | ||
1196 | return node; | ||
1197 | } | ||
1198 | - btrfs_inode->delayed_node = node; | ||
1199 | - /* can be accessed and cached in the inode */ | ||
1200 | - refcount_add(2, &node->refs); | ||
1201 | + | ||
1202 | + /* | ||
1203 | + * It's possible that we're racing into the middle of removing | ||
1204 | + * this node from the radix tree. In this case, the refcount | ||
1205 | + * was zero and it should never go back to one. Just return | ||
1206 | + * NULL like it was never in the radix at all; our release | ||
1207 | + * function is in the process of removing it. | ||
1208 | + * | ||
1209 | + * Some implementations of refcount_inc refuse to bump the | ||
1210 | + * refcount once it has hit zero. If we don't do this dance | ||
1211 | + * here, refcount_inc() may decide to just WARN_ONCE() instead | ||
1212 | + * of actually bumping the refcount. | ||
1213 | + * | ||
1214 | + * If this node is properly in the radix, we want to bump the | ||
1215 | + * refcount twice, once for the inode and once for this get | ||
1216 | + * operation. | ||
1217 | + */ | ||
1218 | + if (refcount_inc_not_zero(&node->refs)) { | ||
1219 | + refcount_inc(&node->refs); | ||
1220 | + btrfs_inode->delayed_node = node; | ||
1221 | + } else { | ||
1222 | + node = NULL; | ||
1223 | + } | ||
1224 | + | ||
1225 | spin_unlock(&root->inode_lock); | ||
1226 | return node; | ||
1227 | } | ||
1228 | @@ -254,17 +276,18 @@ static void __btrfs_release_delayed_node( | ||
1229 | mutex_unlock(&delayed_node->mutex); | ||
1230 | |||
1231 | if (refcount_dec_and_test(&delayed_node->refs)) { | ||
1232 | - bool free = false; | ||
1233 | struct btrfs_root *root = delayed_node->root; | ||
1234 | + | ||
1235 | spin_lock(&root->inode_lock); | ||
1236 | - if (refcount_read(&delayed_node->refs) == 0) { | ||
1237 | - radix_tree_delete(&root->delayed_nodes_tree, | ||
1238 | - delayed_node->inode_id); | ||
1239 | - free = true; | ||
1240 | - } | ||
1241 | + /* | ||
1242 | + * Once our refcount goes to zero, nobody is allowed to bump it | ||
1243 | + * back up. We can delete it now. | ||
1244 | + */ | ||
1245 | + ASSERT(refcount_read(&delayed_node->refs) == 0); | ||
1246 | + radix_tree_delete(&root->delayed_nodes_tree, | ||
1247 | + delayed_node->inode_id); | ||
1248 | spin_unlock(&root->inode_lock); | ||
1249 | - if (free) | ||
1250 | - kmem_cache_free(delayed_node_cache, delayed_node); | ||
1251 | + kmem_cache_free(delayed_node_cache, delayed_node); | ||
1252 | } | ||
1253 | } | ||
1254 | |||
1255 | diff --git a/fs/proc/cpuinfo.c b/fs/proc/cpuinfo.c | ||
1256 | index e0f867cd8553..96f1087e372c 100644 | ||
1257 | --- a/fs/proc/cpuinfo.c | ||
1258 | +++ b/fs/proc/cpuinfo.c | ||
1259 | @@ -1,12 +1,18 @@ | ||
1260 | // SPDX-License-Identifier: GPL-2.0 | ||
1261 | +#include <linux/cpufreq.h> | ||
1262 | #include <linux/fs.h> | ||
1263 | #include <linux/init.h> | ||
1264 | #include <linux/proc_fs.h> | ||
1265 | #include <linux/seq_file.h> | ||
1266 | |||
1267 | +__weak void arch_freq_prepare_all(void) | ||
1268 | +{ | ||
1269 | +} | ||
1270 | + | ||
1271 | extern const struct seq_operations cpuinfo_op; | ||
1272 | static int cpuinfo_open(struct inode *inode, struct file *file) | ||
1273 | { | ||
1274 | + arch_freq_prepare_all(); | ||
1275 | return seq_open(file, &cpuinfo_op); | ||
1276 | } | ||
1277 | |||
1278 | diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c | ||
1279 | index 1c713fd5b3e6..5aa392eae1c3 100644 | ||
1280 | --- a/fs/userfaultfd.c | ||
1281 | +++ b/fs/userfaultfd.c | ||
1282 | @@ -570,11 +570,14 @@ int handle_userfault(struct vm_fault *vmf, unsigned long reason) | ||
1283 | static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx, | ||
1284 | struct userfaultfd_wait_queue *ewq) | ||
1285 | { | ||
1286 | + struct userfaultfd_ctx *release_new_ctx; | ||
1287 | + | ||
1288 | if (WARN_ON_ONCE(current->flags & PF_EXITING)) | ||
1289 | goto out; | ||
1290 | |||
1291 | ewq->ctx = ctx; | ||
1292 | init_waitqueue_entry(&ewq->wq, current); | ||
1293 | + release_new_ctx = NULL; | ||
1294 | |||
1295 | spin_lock(&ctx->event_wqh.lock); | ||
1296 | /* | ||
1297 | @@ -601,8 +604,7 @@ static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx, | ||
1298 | new = (struct userfaultfd_ctx *) | ||
1299 | (unsigned long) | ||
1300 | ewq->msg.arg.reserved.reserved1; | ||
1301 | - | ||
1302 | - userfaultfd_ctx_put(new); | ||
1303 | + release_new_ctx = new; | ||
1304 | } | ||
1305 | break; | ||
1306 | } | ||
1307 | @@ -617,6 +619,20 @@ static void userfaultfd_event_wait_completion(struct userfaultfd_ctx *ctx, | ||
1308 | __set_current_state(TASK_RUNNING); | ||
1309 | spin_unlock(&ctx->event_wqh.lock); | ||
1310 | |||
1311 | + if (release_new_ctx) { | ||
1312 | + struct vm_area_struct *vma; | ||
1313 | + struct mm_struct *mm = release_new_ctx->mm; | ||
1314 | + | ||
1315 | + /* the various vma->vm_userfaultfd_ctx still points to it */ | ||
1316 | + down_write(&mm->mmap_sem); | ||
1317 | + for (vma = mm->mmap; vma; vma = vma->vm_next) | ||
1318 | + if (vma->vm_userfaultfd_ctx.ctx == release_new_ctx) | ||
1319 | + vma->vm_userfaultfd_ctx = NULL_VM_UFFD_CTX; | ||
1320 | + up_write(&mm->mmap_sem); | ||
1321 | + | ||
1322 | + userfaultfd_ctx_put(release_new_ctx); | ||
1323 | + } | ||
1324 | + | ||
1325 | /* | ||
1326 | * ctx may go away after this if the userfault pseudo fd is | ||
1327 | * already released. | ||
1328 | diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h | ||
1329 | index 537ff842ff73..cbf85c4c745f 100644 | ||
1330 | --- a/include/linux/cpufreq.h | ||
1331 | +++ b/include/linux/cpufreq.h | ||
1332 | @@ -917,6 +917,7 @@ static inline bool policy_has_boost_freq(struct cpufreq_policy *policy) | ||
1333 | } | ||
1334 | #endif | ||
1335 | |||
1336 | +extern void arch_freq_prepare_all(void); | ||
1337 | extern unsigned int arch_freq_get_on_cpu(int cpu); | ||
1338 | |||
1339 | /* the following are really really optional */ | ||
1340 | diff --git a/include/linux/efi.h b/include/linux/efi.h | ||
1341 | index d813f7b04da7..29fdf8029cf6 100644 | ||
1342 | --- a/include/linux/efi.h | ||
1343 | +++ b/include/linux/efi.h | ||
1344 | @@ -140,11 +140,13 @@ struct efi_boot_memmap { | ||
1345 | |||
1346 | struct capsule_info { | ||
1347 | efi_capsule_header_t header; | ||
1348 | + efi_capsule_header_t *capsule; | ||
1349 | int reset_type; | ||
1350 | long index; | ||
1351 | size_t count; | ||
1352 | size_t total_size; | ||
1353 | - phys_addr_t *pages; | ||
1354 | + struct page **pages; | ||
1355 | + phys_addr_t *phys; | ||
1356 | size_t page_bytes_remain; | ||
1357 | }; | ||
1358 | |||
1359 | diff --git a/include/linux/fscache.h b/include/linux/fscache.h | ||
1360 | index f4ff47d4a893..fe0c349684fa 100644 | ||
1361 | --- a/include/linux/fscache.h | ||
1362 | +++ b/include/linux/fscache.h | ||
1363 | @@ -755,7 +755,7 @@ bool fscache_maybe_release_page(struct fscache_cookie *cookie, | ||
1364 | { | ||
1365 | if (fscache_cookie_valid(cookie) && PageFsCache(page)) | ||
1366 | return __fscache_maybe_release_page(cookie, page, gfp); | ||
1367 | - return false; | ||
1368 | + return true; | ||
1369 | } | ||
1370 | |||
1371 | /** | ||
1372 | diff --git a/kernel/acct.c b/kernel/acct.c | ||
1373 | index 6670fbd3e466..354578d253d5 100644 | ||
1374 | --- a/kernel/acct.c | ||
1375 | +++ b/kernel/acct.c | ||
1376 | @@ -102,7 +102,7 @@ static int check_free_space(struct bsd_acct_struct *acct) | ||
1377 | { | ||
1378 | struct kstatfs sbuf; | ||
1379 | |||
1380 | - if (time_is_before_jiffies(acct->needcheck)) | ||
1381 | + if (time_is_after_jiffies(acct->needcheck)) | ||
1382 | goto out; | ||
1383 | |||
1384 | /* May block */ | ||
1385 | diff --git a/kernel/signal.c b/kernel/signal.c | ||
1386 | index 8dcd8825b2de..1facff1dbbae 100644 | ||
1387 | --- a/kernel/signal.c | ||
1388 | +++ b/kernel/signal.c | ||
1389 | @@ -78,7 +78,7 @@ static int sig_task_ignored(struct task_struct *t, int sig, bool force) | ||
1390 | handler = sig_handler(t, sig); | ||
1391 | |||
1392 | if (unlikely(t->signal->flags & SIGNAL_UNKILLABLE) && | ||
1393 | - handler == SIG_DFL && !force) | ||
1394 | + handler == SIG_DFL && !(force && sig_kernel_only(sig))) | ||
1395 | return 1; | ||
1396 | |||
1397 | return sig_handler_ignored(handler, sig); | ||
1398 | @@ -94,13 +94,15 @@ static int sig_ignored(struct task_struct *t, int sig, bool force) | ||
1399 | if (sigismember(&t->blocked, sig) || sigismember(&t->real_blocked, sig)) | ||
1400 | return 0; | ||
1401 | |||
1402 | - if (!sig_task_ignored(t, sig, force)) | ||
1403 | - return 0; | ||
1404 | - | ||
1405 | /* | ||
1406 | - * Tracers may want to know about even ignored signals. | ||
1407 | + * Tracers may want to know about even ignored signal unless it | ||
1408 | + * is SIGKILL which can't be reported anyway but can be ignored | ||
1409 | + * by SIGNAL_UNKILLABLE task. | ||
1410 | */ | ||
1411 | - return !t->ptrace; | ||
1412 | + if (t->ptrace && sig != SIGKILL) | ||
1413 | + return 0; | ||
1414 | + | ||
1415 | + return sig_task_ignored(t, sig, force); | ||
1416 | } | ||
1417 | |||
1418 | /* | ||
1419 | @@ -929,9 +931,9 @@ static void complete_signal(int sig, struct task_struct *p, int group) | ||
1420 | * then start taking the whole group down immediately. | ||
1421 | */ | ||
1422 | if (sig_fatal(p, sig) && | ||
1423 | - !(signal->flags & (SIGNAL_UNKILLABLE | SIGNAL_GROUP_EXIT)) && | ||
1424 | + !(signal->flags & SIGNAL_GROUP_EXIT) && | ||
1425 | !sigismember(&t->real_blocked, sig) && | ||
1426 | - (sig == SIGKILL || !t->ptrace)) { | ||
1427 | + (sig == SIGKILL || !p->ptrace)) { | ||
1428 | /* | ||
1429 | * This signal will be fatal to the whole group. | ||
1430 | */ | ||
1431 | diff --git a/mm/mprotect.c b/mm/mprotect.c | ||
1432 | index ec39f730a0bf..58b629bb70de 100644 | ||
1433 | --- a/mm/mprotect.c | ||
1434 | +++ b/mm/mprotect.c | ||
1435 | @@ -166,7 +166,7 @@ static inline unsigned long change_pmd_range(struct vm_area_struct *vma, | ||
1436 | next = pmd_addr_end(addr, end); | ||
1437 | if (!is_swap_pmd(*pmd) && !pmd_trans_huge(*pmd) && !pmd_devmap(*pmd) | ||
1438 | && pmd_none_or_clear_bad(pmd)) | ||
1439 | - continue; | ||
1440 | + goto next; | ||
1441 | |||
1442 | /* invoke the mmu notifier if the pmd is populated */ | ||
1443 | if (!mni_start) { | ||
1444 | @@ -188,7 +188,7 @@ static inline unsigned long change_pmd_range(struct vm_area_struct *vma, | ||
1445 | } | ||
1446 | |||
1447 | /* huge pmd was handled */ | ||
1448 | - continue; | ||
1449 | + goto next; | ||
1450 | } | ||
1451 | } | ||
1452 | /* fall through, the trans huge pmd just split */ | ||
1453 | @@ -196,6 +196,8 @@ static inline unsigned long change_pmd_range(struct vm_area_struct *vma, | ||
1454 | this_pages = change_pte_range(vma, pmd, addr, next, newprot, | ||
1455 | dirty_accountable, prot_numa); | ||
1456 | pages += this_pages; | ||
1457 | +next: | ||
1458 | + cond_resched(); | ||
1459 | } while (pmd++, addr = next, addr != end); | ||
1460 | |||
1461 | if (mni_start) | ||
1462 | diff --git a/mm/sparse.c b/mm/sparse.c | ||
1463 | index 60805abf98af..30e56a100ee8 100644 | ||
1464 | --- a/mm/sparse.c | ||
1465 | +++ b/mm/sparse.c | ||
1466 | @@ -211,7 +211,7 @@ void __init memory_present(int nid, unsigned long start, unsigned long end) | ||
1467 | if (unlikely(!mem_section)) { | ||
1468 | unsigned long size, align; | ||
1469 | |||
1470 | - size = sizeof(struct mem_section) * NR_SECTION_ROOTS; | ||
1471 | + size = sizeof(struct mem_section*) * NR_SECTION_ROOTS; | ||
1472 | align = 1 << (INTERNODE_CACHE_SHIFT); | ||
1473 | mem_section = memblock_virt_alloc(size, align); | ||
1474 | } | ||
1475 | diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c | ||
1476 | index 82a64b58041d..e395137ecff1 100644 | ||
1477 | --- a/security/apparmor/mount.c | ||
1478 | +++ b/security/apparmor/mount.c | ||
1479 | @@ -330,6 +330,9 @@ static int match_mnt_path_str(struct aa_profile *profile, | ||
1480 | AA_BUG(!mntpath); | ||
1481 | AA_BUG(!buffer); | ||
1482 | |||
1483 | + if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) | ||
1484 | + return 0; | ||
1485 | + | ||
1486 | error = aa_path_name(mntpath, path_flags(profile, mntpath), buffer, | ||
1487 | &mntpnt, &info, profile->disconnected); | ||
1488 | if (error) | ||
1489 | @@ -381,6 +384,9 @@ static int match_mnt(struct aa_profile *profile, const struct path *path, | ||
1490 | AA_BUG(!profile); | ||
1491 | AA_BUG(devpath && !devbuffer); | ||
1492 | |||
1493 | + if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) | ||
1494 | + return 0; | ||
1495 | + | ||
1496 | if (devpath) { | ||
1497 | error = aa_path_name(devpath, path_flags(profile, devpath), | ||
1498 | devbuffer, &devname, &info, | ||
1499 | @@ -559,6 +565,9 @@ static int profile_umount(struct aa_profile *profile, struct path *path, | ||
1500 | AA_BUG(!profile); | ||
1501 | AA_BUG(!path); | ||
1502 | |||
1503 | + if (!PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) | ||
1504 | + return 0; | ||
1505 | + | ||
1506 | error = aa_path_name(path, path_flags(profile, path), buffer, &name, | ||
1507 | &info, profile->disconnected); | ||
1508 | if (error) | ||
1509 | @@ -614,7 +623,8 @@ static struct aa_label *build_pivotroot(struct aa_profile *profile, | ||
1510 | AA_BUG(!new_path); | ||
1511 | AA_BUG(!old_path); | ||
1512 | |||
1513 | - if (profile_unconfined(profile)) | ||
1514 | + if (profile_unconfined(profile) || | ||
1515 | + !PROFILE_MEDIATES(profile, AA_CLASS_MOUNT)) | ||
1516 | return aa_get_newest_label(&profile->label); | ||
1517 | |||
1518 | error = aa_path_name(old_path, path_flags(profile, old_path), |