Contents of /trunk/kernel-alx/patches-4.14/0114-4.14.15-all-fixes.patch
Parent Directory | Revision Log
Revision 3238 -
(show annotations)
(download)
Fri Nov 9 12:14:58 2018 UTC (5 years, 10 months ago) by niro
File size: 138786 byte(s)
Fri Nov 9 12:14:58 2018 UTC (5 years, 10 months ago) by niro
File size: 138786 byte(s)
-added up to patches-4.14.79
1 | diff --git a/Documentation/x86/pti.txt b/Documentation/x86/pti.txt |
2 | index d11eff61fc9a..5cd58439ad2d 100644 |
3 | --- a/Documentation/x86/pti.txt |
4 | +++ b/Documentation/x86/pti.txt |
5 | @@ -78,7 +78,7 @@ this protection comes at a cost: |
6 | non-PTI SYSCALL entry code, so requires mapping fewer |
7 | things into the userspace page tables. The downside is |
8 | that stacks must be switched at entry time. |
9 | - d. Global pages are disabled for all kernel structures not |
10 | + c. Global pages are disabled for all kernel structures not |
11 | mapped into both kernel and userspace page tables. This |
12 | feature of the MMU allows different processes to share TLB |
13 | entries mapping the kernel. Losing the feature means more |
14 | diff --git a/Makefile b/Makefile |
15 | index 4951305eb867..bf1a277a67a4 100644 |
16 | --- a/Makefile |
17 | +++ b/Makefile |
18 | @@ -1,7 +1,7 @@ |
19 | # SPDX-License-Identifier: GPL-2.0 |
20 | VERSION = 4 |
21 | PATCHLEVEL = 14 |
22 | -SUBLEVEL = 14 |
23 | +SUBLEVEL = 15 |
24 | EXTRAVERSION = |
25 | NAME = Petit Gorille |
26 | |
27 | diff --git a/arch/alpha/kernel/sys_sio.c b/arch/alpha/kernel/sys_sio.c |
28 | index 37bd6d9b8eb9..a6bdc1da47ad 100644 |
29 | --- a/arch/alpha/kernel/sys_sio.c |
30 | +++ b/arch/alpha/kernel/sys_sio.c |
31 | @@ -102,6 +102,15 @@ sio_pci_route(void) |
32 | alpha_mv.sys.sio.route_tab); |
33 | } |
34 | |
35 | +static bool sio_pci_dev_irq_needs_level(const struct pci_dev *dev) |
36 | +{ |
37 | + if ((dev->class >> 16 == PCI_BASE_CLASS_BRIDGE) && |
38 | + (dev->class >> 8 != PCI_CLASS_BRIDGE_PCMCIA)) |
39 | + return false; |
40 | + |
41 | + return true; |
42 | +} |
43 | + |
44 | static unsigned int __init |
45 | sio_collect_irq_levels(void) |
46 | { |
47 | @@ -110,8 +119,7 @@ sio_collect_irq_levels(void) |
48 | |
49 | /* Iterate through the devices, collecting IRQ levels. */ |
50 | for_each_pci_dev(dev) { |
51 | - if ((dev->class >> 16 == PCI_BASE_CLASS_BRIDGE) && |
52 | - (dev->class >> 8 != PCI_CLASS_BRIDGE_PCMCIA)) |
53 | + if (!sio_pci_dev_irq_needs_level(dev)) |
54 | continue; |
55 | |
56 | if (dev->irq) |
57 | @@ -120,8 +128,7 @@ sio_collect_irq_levels(void) |
58 | return level_bits; |
59 | } |
60 | |
61 | -static void __init |
62 | -sio_fixup_irq_levels(unsigned int level_bits) |
63 | +static void __sio_fixup_irq_levels(unsigned int level_bits, bool reset) |
64 | { |
65 | unsigned int old_level_bits; |
66 | |
67 | @@ -139,12 +146,21 @@ sio_fixup_irq_levels(unsigned int level_bits) |
68 | */ |
69 | old_level_bits = inb(0x4d0) | (inb(0x4d1) << 8); |
70 | |
71 | - level_bits |= (old_level_bits & 0x71ff); |
72 | + if (reset) |
73 | + old_level_bits &= 0x71ff; |
74 | + |
75 | + level_bits |= old_level_bits; |
76 | |
77 | outb((level_bits >> 0) & 0xff, 0x4d0); |
78 | outb((level_bits >> 8) & 0xff, 0x4d1); |
79 | } |
80 | |
81 | +static inline void |
82 | +sio_fixup_irq_levels(unsigned int level_bits) |
83 | +{ |
84 | + __sio_fixup_irq_levels(level_bits, true); |
85 | +} |
86 | + |
87 | static inline int |
88 | noname_map_irq(const struct pci_dev *dev, u8 slot, u8 pin) |
89 | { |
90 | @@ -181,7 +197,14 @@ noname_map_irq(const struct pci_dev *dev, u8 slot, u8 pin) |
91 | const long min_idsel = 6, max_idsel = 14, irqs_per_slot = 5; |
92 | int irq = COMMON_TABLE_LOOKUP, tmp; |
93 | tmp = __kernel_extbl(alpha_mv.sys.sio.route_tab, irq); |
94 | - return irq >= 0 ? tmp : -1; |
95 | + |
96 | + irq = irq >= 0 ? tmp : -1; |
97 | + |
98 | + /* Fixup IRQ level if an actual IRQ mapping is detected */ |
99 | + if (sio_pci_dev_irq_needs_level(dev) && irq >= 0) |
100 | + __sio_fixup_irq_levels(1 << irq, false); |
101 | + |
102 | + return irq; |
103 | } |
104 | |
105 | static inline int |
106 | diff --git a/arch/arm/boot/dts/kirkwood-openblocks_a7.dts b/arch/arm/boot/dts/kirkwood-openblocks_a7.dts |
107 | index cf2f5240e176..27cc913ca0f5 100644 |
108 | --- a/arch/arm/boot/dts/kirkwood-openblocks_a7.dts |
109 | +++ b/arch/arm/boot/dts/kirkwood-openblocks_a7.dts |
110 | @@ -53,7 +53,8 @@ |
111 | }; |
112 | |
113 | pinctrl: pin-controller@10000 { |
114 | - pinctrl-0 = <&pmx_dip_switches &pmx_gpio_header>; |
115 | + pinctrl-0 = <&pmx_dip_switches &pmx_gpio_header |
116 | + &pmx_gpio_header_gpo>; |
117 | pinctrl-names = "default"; |
118 | |
119 | pmx_uart0: pmx-uart0 { |
120 | @@ -85,11 +86,16 @@ |
121 | * ground. |
122 | */ |
123 | pmx_gpio_header: pmx-gpio-header { |
124 | - marvell,pins = "mpp17", "mpp7", "mpp29", "mpp28", |
125 | + marvell,pins = "mpp17", "mpp29", "mpp28", |
126 | "mpp35", "mpp34", "mpp40"; |
127 | marvell,function = "gpio"; |
128 | }; |
129 | |
130 | + pmx_gpio_header_gpo: pxm-gpio-header-gpo { |
131 | + marvell,pins = "mpp7"; |
132 | + marvell,function = "gpo"; |
133 | + }; |
134 | + |
135 | pmx_gpio_init: pmx-init { |
136 | marvell,pins = "mpp38"; |
137 | marvell,function = "gpio"; |
138 | diff --git a/arch/arm/configs/sunxi_defconfig b/arch/arm/configs/sunxi_defconfig |
139 | index 5caaf971fb50..df433abfcb02 100644 |
140 | --- a/arch/arm/configs/sunxi_defconfig |
141 | +++ b/arch/arm/configs/sunxi_defconfig |
142 | @@ -10,6 +10,7 @@ CONFIG_SMP=y |
143 | CONFIG_NR_CPUS=8 |
144 | CONFIG_AEABI=y |
145 | CONFIG_HIGHMEM=y |
146 | +CONFIG_CMA=y |
147 | CONFIG_ARM_APPENDED_DTB=y |
148 | CONFIG_ARM_ATAG_DTB_COMPAT=y |
149 | CONFIG_CPU_FREQ=y |
150 | @@ -33,6 +34,7 @@ CONFIG_CAN_SUN4I=y |
151 | # CONFIG_WIRELESS is not set |
152 | CONFIG_DEVTMPFS=y |
153 | CONFIG_DEVTMPFS_MOUNT=y |
154 | +CONFIG_DMA_CMA=y |
155 | CONFIG_BLK_DEV_SD=y |
156 | CONFIG_ATA=y |
157 | CONFIG_AHCI_SUNXI=y |
158 | diff --git a/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c b/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c |
159 | index c3276436b0ae..c12e7b572a41 100644 |
160 | --- a/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c |
161 | +++ b/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c |
162 | @@ -1656,6 +1656,7 @@ static struct omap_hwmod omap3xxx_mmc3_hwmod = { |
163 | .main_clk = "mmchs3_fck", |
164 | .prcm = { |
165 | .omap2 = { |
166 | + .module_offs = CORE_MOD, |
167 | .prcm_reg_id = 1, |
168 | .module_bit = OMAP3430_EN_MMC3_SHIFT, |
169 | .idlest_reg_id = 1, |
170 | diff --git a/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi |
171 | index f2aa2a81de4d..32690107c1cc 100644 |
172 | --- a/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi |
173 | +++ b/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi |
174 | @@ -63,8 +63,10 @@ |
175 | cpm_ethernet: ethernet@0 { |
176 | compatible = "marvell,armada-7k-pp22"; |
177 | reg = <0x0 0x100000>, <0x129000 0xb000>; |
178 | - clocks = <&cpm_clk 1 3>, <&cpm_clk 1 9>, <&cpm_clk 1 5>; |
179 | - clock-names = "pp_clk", "gop_clk", "mg_clk"; |
180 | + clocks = <&cpm_clk 1 3>, <&cpm_clk 1 9>, |
181 | + <&cpm_clk 1 5>, <&cpm_clk 1 18>; |
182 | + clock-names = "pp_clk", "gop_clk", |
183 | + "mg_clk","axi_clk"; |
184 | marvell,system-controller = <&cpm_syscon0>; |
185 | status = "disabled"; |
186 | dma-coherent; |
187 | @@ -114,7 +116,8 @@ |
188 | #size-cells = <0>; |
189 | compatible = "marvell,orion-mdio"; |
190 | reg = <0x12a200 0x10>; |
191 | - clocks = <&cpm_clk 1 9>, <&cpm_clk 1 5>; |
192 | + clocks = <&cpm_clk 1 9>, <&cpm_clk 1 5>, |
193 | + <&cpm_clk 1 6>, <&cpm_clk 1 18>; |
194 | status = "disabled"; |
195 | }; |
196 | |
197 | @@ -295,8 +298,8 @@ |
198 | compatible = "marvell,armada-cp110-sdhci"; |
199 | reg = <0x780000 0x300>; |
200 | interrupts = <ICU_GRP_NSR 27 IRQ_TYPE_LEVEL_HIGH>; |
201 | - clock-names = "core"; |
202 | - clocks = <&cpm_clk 1 4>; |
203 | + clock-names = "core","axi"; |
204 | + clocks = <&cpm_clk 1 4>, <&cpm_clk 1 18>; |
205 | dma-coherent; |
206 | status = "disabled"; |
207 | }; |
208 | diff --git a/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi |
209 | index 4fe70323abb3..14e47c5c3816 100644 |
210 | --- a/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi |
211 | +++ b/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi |
212 | @@ -63,8 +63,10 @@ |
213 | cps_ethernet: ethernet@0 { |
214 | compatible = "marvell,armada-7k-pp22"; |
215 | reg = <0x0 0x100000>, <0x129000 0xb000>; |
216 | - clocks = <&cps_clk 1 3>, <&cps_clk 1 9>, <&cps_clk 1 5>; |
217 | - clock-names = "pp_clk", "gop_clk", "mg_clk"; |
218 | + clocks = <&cps_clk 1 3>, <&cps_clk 1 9>, |
219 | + <&cps_clk 1 5>, <&cps_clk 1 18>; |
220 | + clock-names = "pp_clk", "gop_clk", |
221 | + "mg_clk", "axi_clk"; |
222 | marvell,system-controller = <&cps_syscon0>; |
223 | status = "disabled"; |
224 | dma-coherent; |
225 | @@ -114,7 +116,8 @@ |
226 | #size-cells = <0>; |
227 | compatible = "marvell,orion-mdio"; |
228 | reg = <0x12a200 0x10>; |
229 | - clocks = <&cps_clk 1 9>, <&cps_clk 1 5>; |
230 | + clocks = <&cps_clk 1 9>, <&cps_clk 1 5>, |
231 | + <&cps_clk 1 6>, <&cps_clk 1 18>; |
232 | status = "disabled"; |
233 | }; |
234 | |
235 | diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c |
236 | index 7debb74843a0..380261e258ef 100644 |
237 | --- a/arch/arm64/kvm/handle_exit.c |
238 | +++ b/arch/arm64/kvm/handle_exit.c |
239 | @@ -44,7 +44,7 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run) |
240 | |
241 | ret = kvm_psci_call(vcpu); |
242 | if (ret < 0) { |
243 | - kvm_inject_undefined(vcpu); |
244 | + vcpu_set_reg(vcpu, 0, ~0UL); |
245 | return 1; |
246 | } |
247 | |
248 | @@ -53,7 +53,7 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run) |
249 | |
250 | static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run) |
251 | { |
252 | - kvm_inject_undefined(vcpu); |
253 | + vcpu_set_reg(vcpu, 0, ~0UL); |
254 | return 1; |
255 | } |
256 | |
257 | diff --git a/arch/mips/ar7/platform.c b/arch/mips/ar7/platform.c |
258 | index 4674f1efbe7a..e1675c25d5d4 100644 |
259 | --- a/arch/mips/ar7/platform.c |
260 | +++ b/arch/mips/ar7/platform.c |
261 | @@ -575,7 +575,7 @@ static int __init ar7_register_uarts(void) |
262 | uart_port.type = PORT_AR7; |
263 | uart_port.uartclk = clk_get_rate(bus_clk) / 2; |
264 | uart_port.iotype = UPIO_MEM32; |
265 | - uart_port.flags = UPF_FIXED_TYPE; |
266 | + uart_port.flags = UPF_FIXED_TYPE | UPF_BOOT_AUTOCONF; |
267 | uart_port.regshift = 2; |
268 | |
269 | uart_port.line = 0; |
270 | diff --git a/arch/mips/kernel/mips-cm.c b/arch/mips/kernel/mips-cm.c |
271 | index dd5567b1e305..8f5bd04f320a 100644 |
272 | --- a/arch/mips/kernel/mips-cm.c |
273 | +++ b/arch/mips/kernel/mips-cm.c |
274 | @@ -292,7 +292,6 @@ void mips_cm_lock_other(unsigned int cluster, unsigned int core, |
275 | *this_cpu_ptr(&cm_core_lock_flags)); |
276 | } else { |
277 | WARN_ON(cluster != 0); |
278 | - WARN_ON(vp != 0); |
279 | WARN_ON(block != CM_GCR_Cx_OTHER_BLOCK_LOCAL); |
280 | |
281 | /* |
282 | diff --git a/arch/powerpc/include/asm/exception-64e.h b/arch/powerpc/include/asm/exception-64e.h |
283 | index a703452d67b6..555e22d5e07f 100644 |
284 | --- a/arch/powerpc/include/asm/exception-64e.h |
285 | +++ b/arch/powerpc/include/asm/exception-64e.h |
286 | @@ -209,5 +209,11 @@ exc_##label##_book3e: |
287 | ori r3,r3,vector_offset@l; \ |
288 | mtspr SPRN_IVOR##vector_number,r3; |
289 | |
290 | +#define RFI_TO_KERNEL \ |
291 | + rfi |
292 | + |
293 | +#define RFI_TO_USER \ |
294 | + rfi |
295 | + |
296 | #endif /* _ASM_POWERPC_EXCEPTION_64E_H */ |
297 | |
298 | diff --git a/arch/powerpc/include/asm/exception-64s.h b/arch/powerpc/include/asm/exception-64s.h |
299 | index 9a318973af05..ccf10c2f8899 100644 |
300 | --- a/arch/powerpc/include/asm/exception-64s.h |
301 | +++ b/arch/powerpc/include/asm/exception-64s.h |
302 | @@ -69,6 +69,59 @@ |
303 | */ |
304 | #define EX_R3 EX_DAR |
305 | |
306 | +/* |
307 | + * Macros for annotating the expected destination of (h)rfid |
308 | + * |
309 | + * The nop instructions allow us to insert one or more instructions to flush the |
310 | + * L1-D cache when returning to userspace or a guest. |
311 | + */ |
312 | +#define RFI_FLUSH_SLOT \ |
313 | + RFI_FLUSH_FIXUP_SECTION; \ |
314 | + nop; \ |
315 | + nop; \ |
316 | + nop |
317 | + |
318 | +#define RFI_TO_KERNEL \ |
319 | + rfid |
320 | + |
321 | +#define RFI_TO_USER \ |
322 | + RFI_FLUSH_SLOT; \ |
323 | + rfid; \ |
324 | + b rfi_flush_fallback |
325 | + |
326 | +#define RFI_TO_USER_OR_KERNEL \ |
327 | + RFI_FLUSH_SLOT; \ |
328 | + rfid; \ |
329 | + b rfi_flush_fallback |
330 | + |
331 | +#define RFI_TO_GUEST \ |
332 | + RFI_FLUSH_SLOT; \ |
333 | + rfid; \ |
334 | + b rfi_flush_fallback |
335 | + |
336 | +#define HRFI_TO_KERNEL \ |
337 | + hrfid |
338 | + |
339 | +#define HRFI_TO_USER \ |
340 | + RFI_FLUSH_SLOT; \ |
341 | + hrfid; \ |
342 | + b hrfi_flush_fallback |
343 | + |
344 | +#define HRFI_TO_USER_OR_KERNEL \ |
345 | + RFI_FLUSH_SLOT; \ |
346 | + hrfid; \ |
347 | + b hrfi_flush_fallback |
348 | + |
349 | +#define HRFI_TO_GUEST \ |
350 | + RFI_FLUSH_SLOT; \ |
351 | + hrfid; \ |
352 | + b hrfi_flush_fallback |
353 | + |
354 | +#define HRFI_TO_UNKNOWN \ |
355 | + RFI_FLUSH_SLOT; \ |
356 | + hrfid; \ |
357 | + b hrfi_flush_fallback |
358 | + |
359 | #ifdef CONFIG_RELOCATABLE |
360 | #define __EXCEPTION_RELON_PROLOG_PSERIES_1(label, h) \ |
361 | mfspr r11,SPRN_##h##SRR0; /* save SRR0 */ \ |
362 | @@ -213,7 +266,7 @@ END_FTR_SECTION_NESTED(ftr,ftr,943) |
363 | mtspr SPRN_##h##SRR0,r12; \ |
364 | mfspr r12,SPRN_##h##SRR1; /* and SRR1 */ \ |
365 | mtspr SPRN_##h##SRR1,r10; \ |
366 | - h##rfid; \ |
367 | + h##RFI_TO_KERNEL; \ |
368 | b . /* prevent speculative execution */ |
369 | #define EXCEPTION_PROLOG_PSERIES_1(label, h) \ |
370 | __EXCEPTION_PROLOG_PSERIES_1(label, h) |
371 | @@ -227,7 +280,7 @@ END_FTR_SECTION_NESTED(ftr,ftr,943) |
372 | mtspr SPRN_##h##SRR0,r12; \ |
373 | mfspr r12,SPRN_##h##SRR1; /* and SRR1 */ \ |
374 | mtspr SPRN_##h##SRR1,r10; \ |
375 | - h##rfid; \ |
376 | + h##RFI_TO_KERNEL; \ |
377 | b . /* prevent speculative execution */ |
378 | |
379 | #define EXCEPTION_PROLOG_PSERIES_1_NORI(label, h) \ |
380 | diff --git a/arch/powerpc/include/asm/feature-fixups.h b/arch/powerpc/include/asm/feature-fixups.h |
381 | index 8f88f771cc55..1e82eb3caabd 100644 |
382 | --- a/arch/powerpc/include/asm/feature-fixups.h |
383 | +++ b/arch/powerpc/include/asm/feature-fixups.h |
384 | @@ -187,7 +187,20 @@ label##3: \ |
385 | FTR_ENTRY_OFFSET label##1b-label##3b; \ |
386 | .popsection; |
387 | |
388 | +#define RFI_FLUSH_FIXUP_SECTION \ |
389 | +951: \ |
390 | + .pushsection __rfi_flush_fixup,"a"; \ |
391 | + .align 2; \ |
392 | +952: \ |
393 | + FTR_ENTRY_OFFSET 951b-952b; \ |
394 | + .popsection; |
395 | + |
396 | + |
397 | #ifndef __ASSEMBLY__ |
398 | +#include <linux/types.h> |
399 | + |
400 | +extern long __start___rfi_flush_fixup, __stop___rfi_flush_fixup; |
401 | + |
402 | void apply_feature_fixups(void); |
403 | void setup_feature_keys(void); |
404 | #endif |
405 | diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h |
406 | index a409177be8bd..f0461618bf7b 100644 |
407 | --- a/arch/powerpc/include/asm/hvcall.h |
408 | +++ b/arch/powerpc/include/asm/hvcall.h |
409 | @@ -241,6 +241,7 @@ |
410 | #define H_GET_HCA_INFO 0x1B8 |
411 | #define H_GET_PERF_COUNT 0x1BC |
412 | #define H_MANAGE_TRACE 0x1C0 |
413 | +#define H_GET_CPU_CHARACTERISTICS 0x1C8 |
414 | #define H_FREE_LOGICAL_LAN_BUFFER 0x1D4 |
415 | #define H_QUERY_INT_STATE 0x1E4 |
416 | #define H_POLL_PENDING 0x1D8 |
417 | @@ -330,6 +331,17 @@ |
418 | #define H_SIGNAL_SYS_RESET_ALL_OTHERS -2 |
419 | /* >= 0 values are CPU number */ |
420 | |
421 | +/* H_GET_CPU_CHARACTERISTICS return values */ |
422 | +#define H_CPU_CHAR_SPEC_BAR_ORI31 (1ull << 63) // IBM bit 0 |
423 | +#define H_CPU_CHAR_BCCTRL_SERIALISED (1ull << 62) // IBM bit 1 |
424 | +#define H_CPU_CHAR_L1D_FLUSH_ORI30 (1ull << 61) // IBM bit 2 |
425 | +#define H_CPU_CHAR_L1D_FLUSH_TRIG2 (1ull << 60) // IBM bit 3 |
426 | +#define H_CPU_CHAR_L1D_THREAD_PRIV (1ull << 59) // IBM bit 4 |
427 | + |
428 | +#define H_CPU_BEHAV_FAVOUR_SECURITY (1ull << 63) // IBM bit 0 |
429 | +#define H_CPU_BEHAV_L1D_FLUSH_PR (1ull << 62) // IBM bit 1 |
430 | +#define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR (1ull << 61) // IBM bit 2 |
431 | + |
432 | /* Flag values used in H_REGISTER_PROC_TBL hcall */ |
433 | #define PROC_TABLE_OP_MASK 0x18 |
434 | #define PROC_TABLE_DEREG 0x10 |
435 | @@ -436,6 +448,11 @@ static inline unsigned int get_longbusy_msecs(int longbusy_rc) |
436 | } |
437 | } |
438 | |
439 | +struct h_cpu_char_result { |
440 | + u64 character; |
441 | + u64 behaviour; |
442 | +}; |
443 | + |
444 | #endif /* __ASSEMBLY__ */ |
445 | #endif /* __KERNEL__ */ |
446 | #endif /* _ASM_POWERPC_HVCALL_H */ |
447 | diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h |
448 | index 04b60af027ae..b8366df50d19 100644 |
449 | --- a/arch/powerpc/include/asm/paca.h |
450 | +++ b/arch/powerpc/include/asm/paca.h |
451 | @@ -231,6 +231,16 @@ struct paca_struct { |
452 | struct sibling_subcore_state *sibling_subcore_state; |
453 | #endif |
454 | #endif |
455 | +#ifdef CONFIG_PPC_BOOK3S_64 |
456 | + /* |
457 | + * rfi fallback flush must be in its own cacheline to prevent |
458 | + * other paca data leaking into the L1d |
459 | + */ |
460 | + u64 exrfi[EX_SIZE] __aligned(0x80); |
461 | + void *rfi_flush_fallback_area; |
462 | + u64 l1d_flush_congruence; |
463 | + u64 l1d_flush_sets; |
464 | +#endif |
465 | }; |
466 | |
467 | extern void copy_mm_to_paca(struct mm_struct *mm); |
468 | diff --git a/arch/powerpc/include/asm/plpar_wrappers.h b/arch/powerpc/include/asm/plpar_wrappers.h |
469 | index 7f01b22fa6cb..55eddf50d149 100644 |
470 | --- a/arch/powerpc/include/asm/plpar_wrappers.h |
471 | +++ b/arch/powerpc/include/asm/plpar_wrappers.h |
472 | @@ -326,4 +326,18 @@ static inline long plapr_signal_sys_reset(long cpu) |
473 | return plpar_hcall_norets(H_SIGNAL_SYS_RESET, cpu); |
474 | } |
475 | |
476 | +static inline long plpar_get_cpu_characteristics(struct h_cpu_char_result *p) |
477 | +{ |
478 | + unsigned long retbuf[PLPAR_HCALL_BUFSIZE]; |
479 | + long rc; |
480 | + |
481 | + rc = plpar_hcall(H_GET_CPU_CHARACTERISTICS, retbuf); |
482 | + if (rc == H_SUCCESS) { |
483 | + p->character = retbuf[0]; |
484 | + p->behaviour = retbuf[1]; |
485 | + } |
486 | + |
487 | + return rc; |
488 | +} |
489 | + |
490 | #endif /* _ASM_POWERPC_PLPAR_WRAPPERS_H */ |
491 | diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h |
492 | index cf00ec26303a..469b7fdc9be4 100644 |
493 | --- a/arch/powerpc/include/asm/setup.h |
494 | +++ b/arch/powerpc/include/asm/setup.h |
495 | @@ -39,6 +39,19 @@ static inline void pseries_big_endian_exceptions(void) {} |
496 | static inline void pseries_little_endian_exceptions(void) {} |
497 | #endif /* CONFIG_PPC_PSERIES */ |
498 | |
499 | +void rfi_flush_enable(bool enable); |
500 | + |
501 | +/* These are bit flags */ |
502 | +enum l1d_flush_type { |
503 | + L1D_FLUSH_NONE = 0x1, |
504 | + L1D_FLUSH_FALLBACK = 0x2, |
505 | + L1D_FLUSH_ORI = 0x4, |
506 | + L1D_FLUSH_MTTRIG = 0x8, |
507 | +}; |
508 | + |
509 | +void __init setup_rfi_flush(enum l1d_flush_type, bool enable); |
510 | +void do_rfi_flush_fixups(enum l1d_flush_type types); |
511 | + |
512 | #endif /* !__ASSEMBLY__ */ |
513 | |
514 | #endif /* _ASM_POWERPC_SETUP_H */ |
515 | diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c |
516 | index 8cfb20e38cfe..748cdc4bb89a 100644 |
517 | --- a/arch/powerpc/kernel/asm-offsets.c |
518 | +++ b/arch/powerpc/kernel/asm-offsets.c |
519 | @@ -237,6 +237,11 @@ int main(void) |
520 | OFFSET(PACA_NMI_EMERG_SP, paca_struct, nmi_emergency_sp); |
521 | OFFSET(PACA_IN_MCE, paca_struct, in_mce); |
522 | OFFSET(PACA_IN_NMI, paca_struct, in_nmi); |
523 | + OFFSET(PACA_RFI_FLUSH_FALLBACK_AREA, paca_struct, rfi_flush_fallback_area); |
524 | + OFFSET(PACA_EXRFI, paca_struct, exrfi); |
525 | + OFFSET(PACA_L1D_FLUSH_CONGRUENCE, paca_struct, l1d_flush_congruence); |
526 | + OFFSET(PACA_L1D_FLUSH_SETS, paca_struct, l1d_flush_sets); |
527 | + |
528 | #endif |
529 | OFFSET(PACAHWCPUID, paca_struct, hw_cpu_id); |
530 | OFFSET(PACAKEXECSTATE, paca_struct, kexec_state); |
531 | diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S |
532 | index 4a0fd4f40245..8a8a6d7ddcc6 100644 |
533 | --- a/arch/powerpc/kernel/entry_64.S |
534 | +++ b/arch/powerpc/kernel/entry_64.S |
535 | @@ -37,6 +37,11 @@ |
536 | #include <asm/tm.h> |
537 | #include <asm/ppc-opcode.h> |
538 | #include <asm/export.h> |
539 | +#ifdef CONFIG_PPC_BOOK3S |
540 | +#include <asm/exception-64s.h> |
541 | +#else |
542 | +#include <asm/exception-64e.h> |
543 | +#endif |
544 | |
545 | /* |
546 | * System calls. |
547 | @@ -262,13 +267,23 @@ BEGIN_FTR_SECTION |
548 | END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) |
549 | |
550 | ld r13,GPR13(r1) /* only restore r13 if returning to usermode */ |
551 | + ld r2,GPR2(r1) |
552 | + ld r1,GPR1(r1) |
553 | + mtlr r4 |
554 | + mtcr r5 |
555 | + mtspr SPRN_SRR0,r7 |
556 | + mtspr SPRN_SRR1,r8 |
557 | + RFI_TO_USER |
558 | + b . /* prevent speculative execution */ |
559 | + |
560 | + /* exit to kernel */ |
561 | 1: ld r2,GPR2(r1) |
562 | ld r1,GPR1(r1) |
563 | mtlr r4 |
564 | mtcr r5 |
565 | mtspr SPRN_SRR0,r7 |
566 | mtspr SPRN_SRR1,r8 |
567 | - RFI |
568 | + RFI_TO_KERNEL |
569 | b . /* prevent speculative execution */ |
570 | |
571 | .Lsyscall_error: |
572 | @@ -397,8 +412,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) |
573 | mtmsrd r10, 1 |
574 | mtspr SPRN_SRR0, r11 |
575 | mtspr SPRN_SRR1, r12 |
576 | - |
577 | - rfid |
578 | + RFI_TO_USER |
579 | b . /* prevent speculative execution */ |
580 | #endif |
581 | _ASM_NOKPROBE_SYMBOL(system_call_common); |
582 | @@ -878,7 +892,7 @@ BEGIN_FTR_SECTION |
583 | END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) |
584 | ACCOUNT_CPU_USER_EXIT(r13, r2, r4) |
585 | REST_GPR(13, r1) |
586 | -1: |
587 | + |
588 | mtspr SPRN_SRR1,r3 |
589 | |
590 | ld r2,_CCR(r1) |
591 | @@ -891,8 +905,22 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) |
592 | ld r3,GPR3(r1) |
593 | ld r4,GPR4(r1) |
594 | ld r1,GPR1(r1) |
595 | + RFI_TO_USER |
596 | + b . /* prevent speculative execution */ |
597 | |
598 | - rfid |
599 | +1: mtspr SPRN_SRR1,r3 |
600 | + |
601 | + ld r2,_CCR(r1) |
602 | + mtcrf 0xFF,r2 |
603 | + ld r2,_NIP(r1) |
604 | + mtspr SPRN_SRR0,r2 |
605 | + |
606 | + ld r0,GPR0(r1) |
607 | + ld r2,GPR2(r1) |
608 | + ld r3,GPR3(r1) |
609 | + ld r4,GPR4(r1) |
610 | + ld r1,GPR1(r1) |
611 | + RFI_TO_KERNEL |
612 | b . /* prevent speculative execution */ |
613 | |
614 | #endif /* CONFIG_PPC_BOOK3E */ |
615 | @@ -1073,7 +1101,7 @@ __enter_rtas: |
616 | |
617 | mtspr SPRN_SRR0,r5 |
618 | mtspr SPRN_SRR1,r6 |
619 | - rfid |
620 | + RFI_TO_KERNEL |
621 | b . /* prevent speculative execution */ |
622 | |
623 | rtas_return_loc: |
624 | @@ -1098,7 +1126,7 @@ rtas_return_loc: |
625 | |
626 | mtspr SPRN_SRR0,r3 |
627 | mtspr SPRN_SRR1,r4 |
628 | - rfid |
629 | + RFI_TO_KERNEL |
630 | b . /* prevent speculative execution */ |
631 | _ASM_NOKPROBE_SYMBOL(__enter_rtas) |
632 | _ASM_NOKPROBE_SYMBOL(rtas_return_loc) |
633 | @@ -1171,7 +1199,7 @@ _GLOBAL(enter_prom) |
634 | LOAD_REG_IMMEDIATE(r12, MSR_SF | MSR_ISF | MSR_LE) |
635 | andc r11,r11,r12 |
636 | mtsrr1 r11 |
637 | - rfid |
638 | + RFI_TO_KERNEL |
639 | #endif /* CONFIG_PPC_BOOK3E */ |
640 | |
641 | 1: /* Return from OF */ |
642 | diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S |
643 | index 06598142d755..e9f72abc52b7 100644 |
644 | --- a/arch/powerpc/kernel/exceptions-64s.S |
645 | +++ b/arch/powerpc/kernel/exceptions-64s.S |
646 | @@ -254,7 +254,7 @@ BEGIN_FTR_SECTION |
647 | LOAD_HANDLER(r12, machine_check_handle_early) |
648 | 1: mtspr SPRN_SRR0,r12 |
649 | mtspr SPRN_SRR1,r11 |
650 | - rfid |
651 | + RFI_TO_KERNEL |
652 | b . /* prevent speculative execution */ |
653 | 2: |
654 | /* Stack overflow. Stay on emergency stack and panic. |
655 | @@ -443,7 +443,7 @@ EXC_COMMON_BEGIN(machine_check_handle_early) |
656 | li r3,MSR_ME |
657 | andc r10,r10,r3 /* Turn off MSR_ME */ |
658 | mtspr SPRN_SRR1,r10 |
659 | - rfid |
660 | + RFI_TO_KERNEL |
661 | b . |
662 | 2: |
663 | /* |
664 | @@ -461,7 +461,7 @@ EXC_COMMON_BEGIN(machine_check_handle_early) |
665 | */ |
666 | bl machine_check_queue_event |
667 | MACHINE_CHECK_HANDLER_WINDUP |
668 | - rfid |
669 | + RFI_TO_USER_OR_KERNEL |
670 | 9: |
671 | /* Deliver the machine check to host kernel in V mode. */ |
672 | MACHINE_CHECK_HANDLER_WINDUP |
673 | @@ -596,6 +596,9 @@ EXC_COMMON_BEGIN(slb_miss_common) |
674 | stw r9,PACA_EXSLB+EX_CCR(r13) /* save CR in exc. frame */ |
675 | std r10,PACA_EXSLB+EX_LR(r13) /* save LR */ |
676 | |
677 | + andi. r9,r11,MSR_PR // Check for exception from userspace |
678 | + cmpdi cr4,r9,MSR_PR // And save the result in CR4 for later |
679 | + |
680 | /* |
681 | * Test MSR_RI before calling slb_allocate_realmode, because the |
682 | * MSR in r11 gets clobbered. However we still want to allocate |
683 | @@ -622,9 +625,12 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_RADIX) |
684 | |
685 | /* All done -- return from exception. */ |
686 | |
687 | + bne cr4,1f /* returning to kernel */ |
688 | + |
689 | .machine push |
690 | .machine "power4" |
691 | mtcrf 0x80,r9 |
692 | + mtcrf 0x08,r9 /* MSR[PR] indication is in cr4 */ |
693 | mtcrf 0x04,r9 /* MSR[RI] indication is in cr5 */ |
694 | mtcrf 0x02,r9 /* I/D indication is in cr6 */ |
695 | mtcrf 0x01,r9 /* slb_allocate uses cr0 and cr7 */ |
696 | @@ -638,9 +644,30 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_RADIX) |
697 | ld r11,PACA_EXSLB+EX_R11(r13) |
698 | ld r12,PACA_EXSLB+EX_R12(r13) |
699 | ld r13,PACA_EXSLB+EX_R13(r13) |
700 | - rfid |
701 | + RFI_TO_USER |
702 | + b . /* prevent speculative execution */ |
703 | +1: |
704 | +.machine push |
705 | +.machine "power4" |
706 | + mtcrf 0x80,r9 |
707 | + mtcrf 0x08,r9 /* MSR[PR] indication is in cr4 */ |
708 | + mtcrf 0x04,r9 /* MSR[RI] indication is in cr5 */ |
709 | + mtcrf 0x02,r9 /* I/D indication is in cr6 */ |
710 | + mtcrf 0x01,r9 /* slb_allocate uses cr0 and cr7 */ |
711 | +.machine pop |
712 | + |
713 | + RESTORE_CTR(r9, PACA_EXSLB) |
714 | + RESTORE_PPR_PACA(PACA_EXSLB, r9) |
715 | + mr r3,r12 |
716 | + ld r9,PACA_EXSLB+EX_R9(r13) |
717 | + ld r10,PACA_EXSLB+EX_R10(r13) |
718 | + ld r11,PACA_EXSLB+EX_R11(r13) |
719 | + ld r12,PACA_EXSLB+EX_R12(r13) |
720 | + ld r13,PACA_EXSLB+EX_R13(r13) |
721 | + RFI_TO_KERNEL |
722 | b . /* prevent speculative execution */ |
723 | |
724 | + |
725 | 2: std r3,PACA_EXSLB+EX_DAR(r13) |
726 | mr r3,r12 |
727 | mfspr r11,SPRN_SRR0 |
728 | @@ -649,7 +676,7 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_RADIX) |
729 | mtspr SPRN_SRR0,r10 |
730 | ld r10,PACAKMSR(r13) |
731 | mtspr SPRN_SRR1,r10 |
732 | - rfid |
733 | + RFI_TO_KERNEL |
734 | b . |
735 | |
736 | 8: std r3,PACA_EXSLB+EX_DAR(r13) |
737 | @@ -660,7 +687,7 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_RADIX) |
738 | mtspr SPRN_SRR0,r10 |
739 | ld r10,PACAKMSR(r13) |
740 | mtspr SPRN_SRR1,r10 |
741 | - rfid |
742 | + RFI_TO_KERNEL |
743 | b . |
744 | |
745 | EXC_COMMON_BEGIN(unrecov_slb) |
746 | @@ -905,7 +932,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_REAL_LE) \ |
747 | mtspr SPRN_SRR0,r10 ; \ |
748 | ld r10,PACAKMSR(r13) ; \ |
749 | mtspr SPRN_SRR1,r10 ; \ |
750 | - rfid ; \ |
751 | + RFI_TO_KERNEL ; \ |
752 | b . ; /* prevent speculative execution */ |
753 | |
754 | #define SYSCALL_FASTENDIAN \ |
755 | @@ -914,7 +941,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_REAL_LE) \ |
756 | xori r12,r12,MSR_LE ; \ |
757 | mtspr SPRN_SRR1,r12 ; \ |
758 | mr r13,r9 ; \ |
759 | - rfid ; /* return to userspace */ \ |
760 | + RFI_TO_USER ; /* return to userspace */ \ |
761 | b . ; /* prevent speculative execution */ |
762 | |
763 | #if defined(CONFIG_RELOCATABLE) |
764 | @@ -1299,7 +1326,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_CFAR) |
765 | ld r11,PACA_EXGEN+EX_R11(r13) |
766 | ld r12,PACA_EXGEN+EX_R12(r13) |
767 | ld r13,PACA_EXGEN+EX_R13(r13) |
768 | - HRFID |
769 | + HRFI_TO_UNKNOWN |
770 | b . |
771 | #endif |
772 | |
773 | @@ -1403,10 +1430,94 @@ masked_##_H##interrupt: \ |
774 | ld r10,PACA_EXGEN+EX_R10(r13); \ |
775 | ld r11,PACA_EXGEN+EX_R11(r13); \ |
776 | /* returns to kernel where r13 must be set up, so don't restore it */ \ |
777 | - ##_H##rfid; \ |
778 | + ##_H##RFI_TO_KERNEL; \ |
779 | b .; \ |
780 | MASKED_DEC_HANDLER(_H) |
781 | |
782 | +TRAMP_REAL_BEGIN(rfi_flush_fallback) |
783 | + SET_SCRATCH0(r13); |
784 | + GET_PACA(r13); |
785 | + std r9,PACA_EXRFI+EX_R9(r13) |
786 | + std r10,PACA_EXRFI+EX_R10(r13) |
787 | + std r11,PACA_EXRFI+EX_R11(r13) |
788 | + std r12,PACA_EXRFI+EX_R12(r13) |
789 | + std r8,PACA_EXRFI+EX_R13(r13) |
790 | + mfctr r9 |
791 | + ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13) |
792 | + ld r11,PACA_L1D_FLUSH_SETS(r13) |
793 | + ld r12,PACA_L1D_FLUSH_CONGRUENCE(r13) |
794 | + /* |
795 | + * The load adresses are at staggered offsets within cachelines, |
796 | + * which suits some pipelines better (on others it should not |
797 | + * hurt). |
798 | + */ |
799 | + addi r12,r12,8 |
800 | + mtctr r11 |
801 | + DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */ |
802 | + |
803 | + /* order ld/st prior to dcbt stop all streams with flushing */ |
804 | + sync |
805 | +1: li r8,0 |
806 | + .rept 8 /* 8-way set associative */ |
807 | + ldx r11,r10,r8 |
808 | + add r8,r8,r12 |
809 | + xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not |
810 | + add r8,r8,r11 // Add 0, this creates a dependency on the ldx |
811 | + .endr |
812 | + addi r10,r10,128 /* 128 byte cache line */ |
813 | + bdnz 1b |
814 | + |
815 | + mtctr r9 |
816 | + ld r9,PACA_EXRFI+EX_R9(r13) |
817 | + ld r10,PACA_EXRFI+EX_R10(r13) |
818 | + ld r11,PACA_EXRFI+EX_R11(r13) |
819 | + ld r12,PACA_EXRFI+EX_R12(r13) |
820 | + ld r8,PACA_EXRFI+EX_R13(r13) |
821 | + GET_SCRATCH0(r13); |
822 | + rfid |
823 | + |
824 | +TRAMP_REAL_BEGIN(hrfi_flush_fallback) |
825 | + SET_SCRATCH0(r13); |
826 | + GET_PACA(r13); |
827 | + std r9,PACA_EXRFI+EX_R9(r13) |
828 | + std r10,PACA_EXRFI+EX_R10(r13) |
829 | + std r11,PACA_EXRFI+EX_R11(r13) |
830 | + std r12,PACA_EXRFI+EX_R12(r13) |
831 | + std r8,PACA_EXRFI+EX_R13(r13) |
832 | + mfctr r9 |
833 | + ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13) |
834 | + ld r11,PACA_L1D_FLUSH_SETS(r13) |
835 | + ld r12,PACA_L1D_FLUSH_CONGRUENCE(r13) |
836 | + /* |
837 | + * The load adresses are at staggered offsets within cachelines, |
838 | + * which suits some pipelines better (on others it should not |
839 | + * hurt). |
840 | + */ |
841 | + addi r12,r12,8 |
842 | + mtctr r11 |
843 | + DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */ |
844 | + |
845 | + /* order ld/st prior to dcbt stop all streams with flushing */ |
846 | + sync |
847 | +1: li r8,0 |
848 | + .rept 8 /* 8-way set associative */ |
849 | + ldx r11,r10,r8 |
850 | + add r8,r8,r12 |
851 | + xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not |
852 | + add r8,r8,r11 // Add 0, this creates a dependency on the ldx |
853 | + .endr |
854 | + addi r10,r10,128 /* 128 byte cache line */ |
855 | + bdnz 1b |
856 | + |
857 | + mtctr r9 |
858 | + ld r9,PACA_EXRFI+EX_R9(r13) |
859 | + ld r10,PACA_EXRFI+EX_R10(r13) |
860 | + ld r11,PACA_EXRFI+EX_R11(r13) |
861 | + ld r12,PACA_EXRFI+EX_R12(r13) |
862 | + ld r8,PACA_EXRFI+EX_R13(r13) |
863 | + GET_SCRATCH0(r13); |
864 | + hrfid |
865 | + |
866 | /* |
867 | * Real mode exceptions actually use this too, but alternate |
868 | * instruction code patches (which end up in the common .text area) |
869 | @@ -1426,7 +1537,7 @@ TRAMP_REAL_BEGIN(kvmppc_skip_interrupt) |
870 | addi r13, r13, 4 |
871 | mtspr SPRN_SRR0, r13 |
872 | GET_SCRATCH0(r13) |
873 | - rfid |
874 | + RFI_TO_KERNEL |
875 | b . |
876 | |
877 | TRAMP_REAL_BEGIN(kvmppc_skip_Hinterrupt) |
878 | @@ -1438,7 +1549,7 @@ TRAMP_REAL_BEGIN(kvmppc_skip_Hinterrupt) |
879 | addi r13, r13, 4 |
880 | mtspr SPRN_HSRR0, r13 |
881 | GET_SCRATCH0(r13) |
882 | - hrfid |
883 | + HRFI_TO_KERNEL |
884 | b . |
885 | #endif |
886 | |
887 | diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c |
888 | index b89c6aac48c9..935059cb9e40 100644 |
889 | --- a/arch/powerpc/kernel/setup_64.c |
890 | +++ b/arch/powerpc/kernel/setup_64.c |
891 | @@ -784,3 +784,104 @@ static int __init disable_hardlockup_detector(void) |
892 | return 0; |
893 | } |
894 | early_initcall(disable_hardlockup_detector); |
895 | + |
896 | +#ifdef CONFIG_PPC_BOOK3S_64 |
897 | +static enum l1d_flush_type enabled_flush_types; |
898 | +static void *l1d_flush_fallback_area; |
899 | +static bool no_rfi_flush; |
900 | +bool rfi_flush; |
901 | + |
902 | +static int __init handle_no_rfi_flush(char *p) |
903 | +{ |
904 | + pr_info("rfi-flush: disabled on command line."); |
905 | + no_rfi_flush = true; |
906 | + return 0; |
907 | +} |
908 | +early_param("no_rfi_flush", handle_no_rfi_flush); |
909 | + |
910 | +/* |
911 | + * The RFI flush is not KPTI, but because users will see doco that says to use |
912 | + * nopti we hijack that option here to also disable the RFI flush. |
913 | + */ |
914 | +static int __init handle_no_pti(char *p) |
915 | +{ |
916 | + pr_info("rfi-flush: disabling due to 'nopti' on command line.\n"); |
917 | + handle_no_rfi_flush(NULL); |
918 | + return 0; |
919 | +} |
920 | +early_param("nopti", handle_no_pti); |
921 | + |
922 | +static void do_nothing(void *unused) |
923 | +{ |
924 | + /* |
925 | + * We don't need to do the flush explicitly, just enter+exit kernel is |
926 | + * sufficient, the RFI exit handlers will do the right thing. |
927 | + */ |
928 | +} |
929 | + |
930 | +void rfi_flush_enable(bool enable) |
931 | +{ |
932 | + if (rfi_flush == enable) |
933 | + return; |
934 | + |
935 | + if (enable) { |
936 | + do_rfi_flush_fixups(enabled_flush_types); |
937 | + on_each_cpu(do_nothing, NULL, 1); |
938 | + } else |
939 | + do_rfi_flush_fixups(L1D_FLUSH_NONE); |
940 | + |
941 | + rfi_flush = enable; |
942 | +} |
943 | + |
944 | +static void init_fallback_flush(void) |
945 | +{ |
946 | + u64 l1d_size, limit; |
947 | + int cpu; |
948 | + |
949 | + l1d_size = ppc64_caches.l1d.size; |
950 | + limit = min(safe_stack_limit(), ppc64_rma_size); |
951 | + |
952 | + /* |
953 | + * Align to L1d size, and size it at 2x L1d size, to catch possible |
954 | + * hardware prefetch runoff. We don't have a recipe for load patterns to |
955 | + * reliably avoid the prefetcher. |
956 | + */ |
957 | + l1d_flush_fallback_area = __va(memblock_alloc_base(l1d_size * 2, l1d_size, limit)); |
958 | + memset(l1d_flush_fallback_area, 0, l1d_size * 2); |
959 | + |
960 | + for_each_possible_cpu(cpu) { |
961 | + /* |
962 | + * The fallback flush is currently coded for 8-way |
963 | + * associativity. Different associativity is possible, but it |
964 | + * will be treated as 8-way and may not evict the lines as |
965 | + * effectively. |
966 | + * |
967 | + * 128 byte lines are mandatory. |
968 | + */ |
969 | + u64 c = l1d_size / 8; |
970 | + |
971 | + paca[cpu].rfi_flush_fallback_area = l1d_flush_fallback_area; |
972 | + paca[cpu].l1d_flush_congruence = c; |
973 | + paca[cpu].l1d_flush_sets = c / 128; |
974 | + } |
975 | +} |
976 | + |
977 | +void __init setup_rfi_flush(enum l1d_flush_type types, bool enable) |
978 | +{ |
979 | + if (types & L1D_FLUSH_FALLBACK) { |
980 | + pr_info("rfi-flush: Using fallback displacement flush\n"); |
981 | + init_fallback_flush(); |
982 | + } |
983 | + |
984 | + if (types & L1D_FLUSH_ORI) |
985 | + pr_info("rfi-flush: Using ori type flush\n"); |
986 | + |
987 | + if (types & L1D_FLUSH_MTTRIG) |
988 | + pr_info("rfi-flush: Using mttrig type flush\n"); |
989 | + |
990 | + enabled_flush_types = types; |
991 | + |
992 | + if (!no_rfi_flush) |
993 | + rfi_flush_enable(enable); |
994 | +} |
995 | +#endif /* CONFIG_PPC_BOOK3S_64 */ |
996 | diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S |
997 | index 0494e1566ee2..307843d23682 100644 |
998 | --- a/arch/powerpc/kernel/vmlinux.lds.S |
999 | +++ b/arch/powerpc/kernel/vmlinux.lds.S |
1000 | @@ -132,6 +132,15 @@ SECTIONS |
1001 | /* Read-only data */ |
1002 | RO_DATA(PAGE_SIZE) |
1003 | |
1004 | +#ifdef CONFIG_PPC64 |
1005 | + . = ALIGN(8); |
1006 | + __rfi_flush_fixup : AT(ADDR(__rfi_flush_fixup) - LOAD_OFFSET) { |
1007 | + __start___rfi_flush_fixup = .; |
1008 | + *(__rfi_flush_fixup) |
1009 | + __stop___rfi_flush_fixup = .; |
1010 | + } |
1011 | +#endif |
1012 | + |
1013 | EXCEPTION_TABLE(0) |
1014 | |
1015 | NOTES :kernel :notes |
1016 | diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
1017 | index 42639fba89e8..c85ac5c83bd4 100644 |
1018 | --- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
1019 | +++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S |
1020 | @@ -78,7 +78,7 @@ _GLOBAL_TOC(kvmppc_hv_entry_trampoline) |
1021 | mtmsrd r0,1 /* clear RI in MSR */ |
1022 | mtsrr0 r5 |
1023 | mtsrr1 r6 |
1024 | - RFI |
1025 | + RFI_TO_KERNEL |
1026 | |
1027 | kvmppc_call_hv_entry: |
1028 | ld r4, HSTATE_KVM_VCPU(r13) |
1029 | @@ -187,7 +187,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_300) |
1030 | mtmsrd r6, 1 /* Clear RI in MSR */ |
1031 | mtsrr0 r8 |
1032 | mtsrr1 r7 |
1033 | - RFI |
1034 | + RFI_TO_KERNEL |
1035 | |
1036 | /* Virtual-mode return */ |
1037 | .Lvirt_return: |
1038 | @@ -1131,8 +1131,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300) |
1039 | |
1040 | ld r0, VCPU_GPR(R0)(r4) |
1041 | ld r4, VCPU_GPR(R4)(r4) |
1042 | - |
1043 | - hrfid |
1044 | + HRFI_TO_GUEST |
1045 | b . |
1046 | |
1047 | secondary_too_late: |
1048 | diff --git a/arch/powerpc/kvm/book3s_rmhandlers.S b/arch/powerpc/kvm/book3s_rmhandlers.S |
1049 | index 42a4b237df5f..34a5adeff084 100644 |
1050 | --- a/arch/powerpc/kvm/book3s_rmhandlers.S |
1051 | +++ b/arch/powerpc/kvm/book3s_rmhandlers.S |
1052 | @@ -46,6 +46,9 @@ |
1053 | |
1054 | #define FUNC(name) name |
1055 | |
1056 | +#define RFI_TO_KERNEL RFI |
1057 | +#define RFI_TO_GUEST RFI |
1058 | + |
1059 | .macro INTERRUPT_TRAMPOLINE intno |
1060 | |
1061 | .global kvmppc_trampoline_\intno |
1062 | @@ -141,7 +144,7 @@ kvmppc_handler_skip_ins: |
1063 | GET_SCRATCH0(r13) |
1064 | |
1065 | /* And get back into the code */ |
1066 | - RFI |
1067 | + RFI_TO_KERNEL |
1068 | #endif |
1069 | |
1070 | /* |
1071 | @@ -164,6 +167,6 @@ _GLOBAL_TOC(kvmppc_entry_trampoline) |
1072 | ori r5, r5, MSR_EE |
1073 | mtsrr0 r7 |
1074 | mtsrr1 r6 |
1075 | - RFI |
1076 | + RFI_TO_KERNEL |
1077 | |
1078 | #include "book3s_segment.S" |
1079 | diff --git a/arch/powerpc/kvm/book3s_segment.S b/arch/powerpc/kvm/book3s_segment.S |
1080 | index 2a2b96d53999..93a180ceefad 100644 |
1081 | --- a/arch/powerpc/kvm/book3s_segment.S |
1082 | +++ b/arch/powerpc/kvm/book3s_segment.S |
1083 | @@ -156,7 +156,7 @@ no_dcbz32_on: |
1084 | PPC_LL r9, SVCPU_R9(r3) |
1085 | PPC_LL r3, (SVCPU_R3)(r3) |
1086 | |
1087 | - RFI |
1088 | + RFI_TO_GUEST |
1089 | kvmppc_handler_trampoline_enter_end: |
1090 | |
1091 | |
1092 | @@ -407,5 +407,5 @@ END_FTR_SECTION_IFSET(CPU_FTR_HVMODE) |
1093 | cmpwi r12, BOOK3S_INTERRUPT_DOORBELL |
1094 | beqa BOOK3S_INTERRUPT_DOORBELL |
1095 | |
1096 | - RFI |
1097 | + RFI_TO_KERNEL |
1098 | kvmppc_handler_trampoline_exit_end: |
1099 | diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c |
1100 | index 41cf5ae273cf..a95ea007d654 100644 |
1101 | --- a/arch/powerpc/lib/feature-fixups.c |
1102 | +++ b/arch/powerpc/lib/feature-fixups.c |
1103 | @@ -116,6 +116,47 @@ void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end) |
1104 | } |
1105 | } |
1106 | |
1107 | +#ifdef CONFIG_PPC_BOOK3S_64 |
1108 | +void do_rfi_flush_fixups(enum l1d_flush_type types) |
1109 | +{ |
1110 | + unsigned int instrs[3], *dest; |
1111 | + long *start, *end; |
1112 | + int i; |
1113 | + |
1114 | + start = PTRRELOC(&__start___rfi_flush_fixup), |
1115 | + end = PTRRELOC(&__stop___rfi_flush_fixup); |
1116 | + |
1117 | + instrs[0] = 0x60000000; /* nop */ |
1118 | + instrs[1] = 0x60000000; /* nop */ |
1119 | + instrs[2] = 0x60000000; /* nop */ |
1120 | + |
1121 | + if (types & L1D_FLUSH_FALLBACK) |
1122 | + /* b .+16 to fallback flush */ |
1123 | + instrs[0] = 0x48000010; |
1124 | + |
1125 | + i = 0; |
1126 | + if (types & L1D_FLUSH_ORI) { |
1127 | + instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */ |
1128 | + instrs[i++] = 0x63de0000; /* ori 30,30,0 L1d flush*/ |
1129 | + } |
1130 | + |
1131 | + if (types & L1D_FLUSH_MTTRIG) |
1132 | + instrs[i++] = 0x7c12dba6; /* mtspr TRIG2,r0 (SPR #882) */ |
1133 | + |
1134 | + for (i = 0; start < end; start++, i++) { |
1135 | + dest = (void *)start + *start; |
1136 | + |
1137 | + pr_devel("patching dest %lx\n", (unsigned long)dest); |
1138 | + |
1139 | + patch_instruction(dest, instrs[0]); |
1140 | + patch_instruction(dest + 1, instrs[1]); |
1141 | + patch_instruction(dest + 2, instrs[2]); |
1142 | + } |
1143 | + |
1144 | + printk(KERN_DEBUG "rfi-flush: patched %d locations\n", i); |
1145 | +} |
1146 | +#endif /* CONFIG_PPC_BOOK3S_64 */ |
1147 | + |
1148 | void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end) |
1149 | { |
1150 | long *start, *end; |
1151 | diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c |
1152 | index bfe2aa702973..7966a314d93a 100644 |
1153 | --- a/arch/powerpc/platforms/powernv/setup.c |
1154 | +++ b/arch/powerpc/platforms/powernv/setup.c |
1155 | @@ -36,13 +36,62 @@ |
1156 | #include <asm/opal.h> |
1157 | #include <asm/kexec.h> |
1158 | #include <asm/smp.h> |
1159 | +#include <asm/setup.h> |
1160 | |
1161 | #include "powernv.h" |
1162 | |
1163 | +static void pnv_setup_rfi_flush(void) |
1164 | +{ |
1165 | + struct device_node *np, *fw_features; |
1166 | + enum l1d_flush_type type; |
1167 | + int enable; |
1168 | + |
1169 | + /* Default to fallback in case fw-features are not available */ |
1170 | + type = L1D_FLUSH_FALLBACK; |
1171 | + enable = 1; |
1172 | + |
1173 | + np = of_find_node_by_name(NULL, "ibm,opal"); |
1174 | + fw_features = of_get_child_by_name(np, "fw-features"); |
1175 | + of_node_put(np); |
1176 | + |
1177 | + if (fw_features) { |
1178 | + np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2"); |
1179 | + if (np && of_property_read_bool(np, "enabled")) |
1180 | + type = L1D_FLUSH_MTTRIG; |
1181 | + |
1182 | + of_node_put(np); |
1183 | + |
1184 | + np = of_get_child_by_name(fw_features, "inst-l1d-flush-ori30,30,0"); |
1185 | + if (np && of_property_read_bool(np, "enabled")) |
1186 | + type = L1D_FLUSH_ORI; |
1187 | + |
1188 | + of_node_put(np); |
1189 | + |
1190 | + /* Enable unless firmware says NOT to */ |
1191 | + enable = 2; |
1192 | + np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-hv-1-to-0"); |
1193 | + if (np && of_property_read_bool(np, "disabled")) |
1194 | + enable--; |
1195 | + |
1196 | + of_node_put(np); |
1197 | + |
1198 | + np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-pr-0-to-1"); |
1199 | + if (np && of_property_read_bool(np, "disabled")) |
1200 | + enable--; |
1201 | + |
1202 | + of_node_put(np); |
1203 | + of_node_put(fw_features); |
1204 | + } |
1205 | + |
1206 | + setup_rfi_flush(type, enable > 0); |
1207 | +} |
1208 | + |
1209 | static void __init pnv_setup_arch(void) |
1210 | { |
1211 | set_arch_panic_timeout(10, ARCH_PANIC_TIMEOUT); |
1212 | |
1213 | + pnv_setup_rfi_flush(); |
1214 | + |
1215 | /* Initialize SMP */ |
1216 | pnv_smp_init(); |
1217 | |
1218 | diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c |
1219 | index a8531e012658..ae4f596273b5 100644 |
1220 | --- a/arch/powerpc/platforms/pseries/setup.c |
1221 | +++ b/arch/powerpc/platforms/pseries/setup.c |
1222 | @@ -459,6 +459,39 @@ static void __init find_and_init_phbs(void) |
1223 | of_pci_check_probe_only(); |
1224 | } |
1225 | |
1226 | +static void pseries_setup_rfi_flush(void) |
1227 | +{ |
1228 | + struct h_cpu_char_result result; |
1229 | + enum l1d_flush_type types; |
1230 | + bool enable; |
1231 | + long rc; |
1232 | + |
1233 | + /* Enable by default */ |
1234 | + enable = true; |
1235 | + |
1236 | + rc = plpar_get_cpu_characteristics(&result); |
1237 | + if (rc == H_SUCCESS) { |
1238 | + types = L1D_FLUSH_NONE; |
1239 | + |
1240 | + if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2) |
1241 | + types |= L1D_FLUSH_MTTRIG; |
1242 | + if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30) |
1243 | + types |= L1D_FLUSH_ORI; |
1244 | + |
1245 | + /* Use fallback if nothing set in hcall */ |
1246 | + if (types == L1D_FLUSH_NONE) |
1247 | + types = L1D_FLUSH_FALLBACK; |
1248 | + |
1249 | + if (!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) |
1250 | + enable = false; |
1251 | + } else { |
1252 | + /* Default to fallback if case hcall is not available */ |
1253 | + types = L1D_FLUSH_FALLBACK; |
1254 | + } |
1255 | + |
1256 | + setup_rfi_flush(types, enable); |
1257 | +} |
1258 | + |
1259 | static void __init pSeries_setup_arch(void) |
1260 | { |
1261 | set_arch_panic_timeout(10, ARCH_PANIC_TIMEOUT); |
1262 | @@ -476,6 +509,8 @@ static void __init pSeries_setup_arch(void) |
1263 | |
1264 | fwnmi_init(); |
1265 | |
1266 | + pseries_setup_rfi_flush(); |
1267 | + |
1268 | /* By default, only probe PCI (can be overridden by rtas_pci) */ |
1269 | pci_add_flags(PCI_PROBE_ONLY); |
1270 | |
1271 | diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S |
1272 | index a1f28a54f23a..60c4c342316c 100644 |
1273 | --- a/arch/x86/entry/entry_32.S |
1274 | +++ b/arch/x86/entry/entry_32.S |
1275 | @@ -244,6 +244,17 @@ ENTRY(__switch_to_asm) |
1276 | movl %ebx, PER_CPU_VAR(stack_canary)+stack_canary_offset |
1277 | #endif |
1278 | |
1279 | +#ifdef CONFIG_RETPOLINE |
1280 | + /* |
1281 | + * When switching from a shallower to a deeper call stack |
1282 | + * the RSB may either underflow or use entries populated |
1283 | + * with userspace addresses. On CPUs where those concerns |
1284 | + * exist, overwrite the RSB with entries which capture |
1285 | + * speculative execution to prevent attack. |
1286 | + */ |
1287 | + FILL_RETURN_BUFFER %ebx, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_CTXSW |
1288 | +#endif |
1289 | + |
1290 | /* restore callee-saved registers */ |
1291 | popl %esi |
1292 | popl %edi |
1293 | diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S |
1294 | index f5fda5f26e34..be6b66464f6a 100644 |
1295 | --- a/arch/x86/entry/entry_64.S |
1296 | +++ b/arch/x86/entry/entry_64.S |
1297 | @@ -487,6 +487,17 @@ ENTRY(__switch_to_asm) |
1298 | movq %rbx, PER_CPU_VAR(irq_stack_union)+stack_canary_offset |
1299 | #endif |
1300 | |
1301 | +#ifdef CONFIG_RETPOLINE |
1302 | + /* |
1303 | + * When switching from a shallower to a deeper call stack |
1304 | + * the RSB may either underflow or use entries populated |
1305 | + * with userspace addresses. On CPUs where those concerns |
1306 | + * exist, overwrite the RSB with entries which capture |
1307 | + * speculative execution to prevent attack. |
1308 | + */ |
1309 | + FILL_RETURN_BUFFER %r12, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_CTXSW |
1310 | +#endif |
1311 | + |
1312 | /* restore callee-saved registers */ |
1313 | popq %r15 |
1314 | popq %r14 |
1315 | @@ -1247,7 +1258,7 @@ idtentry async_page_fault do_async_page_fault has_error_code=1 |
1316 | #endif |
1317 | |
1318 | #ifdef CONFIG_X86_MCE |
1319 | -idtentry machine_check has_error_code=0 paranoid=1 do_sym=*machine_check_vector(%rip) |
1320 | +idtentry machine_check do_mce has_error_code=0 paranoid=1 |
1321 | #endif |
1322 | |
1323 | /* |
1324 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
1325 | index f275447862f4..25b9375c1484 100644 |
1326 | --- a/arch/x86/include/asm/cpufeatures.h |
1327 | +++ b/arch/x86/include/asm/cpufeatures.h |
1328 | @@ -206,11 +206,11 @@ |
1329 | #define X86_FEATURE_RETPOLINE ( 7*32+12) /* Generic Retpoline mitigation for Spectre variant 2 */ |
1330 | #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* AMD Retpoline mitigation for Spectre variant 2 */ |
1331 | #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */ |
1332 | -#define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ |
1333 | #define X86_FEATURE_AVX512_4VNNIW ( 7*32+16) /* AVX-512 Neural Network Instructions */ |
1334 | #define X86_FEATURE_AVX512_4FMAPS ( 7*32+17) /* AVX-512 Multiply Accumulation Single precision */ |
1335 | |
1336 | #define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */ |
1337 | +#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */ |
1338 | |
1339 | /* Virtualization flags: Linux defined, word 8 */ |
1340 | #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ |
1341 | @@ -245,6 +245,7 @@ |
1342 | #define X86_FEATURE_AVX512IFMA ( 9*32+21) /* AVX-512 Integer Fused Multiply-Add instructions */ |
1343 | #define X86_FEATURE_CLFLUSHOPT ( 9*32+23) /* CLFLUSHOPT instruction */ |
1344 | #define X86_FEATURE_CLWB ( 9*32+24) /* CLWB instruction */ |
1345 | +#define X86_FEATURE_INTEL_PT ( 9*32+25) /* Intel Processor Trace */ |
1346 | #define X86_FEATURE_AVX512PF ( 9*32+26) /* AVX-512 Prefetch */ |
1347 | #define X86_FEATURE_AVX512ER ( 9*32+27) /* AVX-512 Exponential and Reciprocal */ |
1348 | #define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */ |
1349 | diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h |
1350 | index 6a77c63540f7..e7d96c0766fe 100644 |
1351 | --- a/arch/x86/include/asm/mem_encrypt.h |
1352 | +++ b/arch/x86/include/asm/mem_encrypt.h |
1353 | @@ -39,7 +39,7 @@ void __init sme_unmap_bootdata(char *real_mode_data); |
1354 | |
1355 | void __init sme_early_init(void); |
1356 | |
1357 | -void __init sme_encrypt_kernel(void); |
1358 | +void __init sme_encrypt_kernel(struct boot_params *bp); |
1359 | void __init sme_enable(struct boot_params *bp); |
1360 | |
1361 | /* Architecture __weak replacement functions */ |
1362 | @@ -61,7 +61,7 @@ static inline void __init sme_unmap_bootdata(char *real_mode_data) { } |
1363 | |
1364 | static inline void __init sme_early_init(void) { } |
1365 | |
1366 | -static inline void __init sme_encrypt_kernel(void) { } |
1367 | +static inline void __init sme_encrypt_kernel(struct boot_params *bp) { } |
1368 | static inline void __init sme_enable(struct boot_params *bp) { } |
1369 | |
1370 | #endif /* CONFIG_AMD_MEM_ENCRYPT */ |
1371 | diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
1372 | index 402a11c803c3..4ad41087ce0e 100644 |
1373 | --- a/arch/x86/include/asm/nospec-branch.h |
1374 | +++ b/arch/x86/include/asm/nospec-branch.h |
1375 | @@ -11,7 +11,7 @@ |
1376 | * Fill the CPU return stack buffer. |
1377 | * |
1378 | * Each entry in the RSB, if used for a speculative 'ret', contains an |
1379 | - * infinite 'pause; jmp' loop to capture speculative execution. |
1380 | + * infinite 'pause; lfence; jmp' loop to capture speculative execution. |
1381 | * |
1382 | * This is required in various cases for retpoline and IBRS-based |
1383 | * mitigations for the Spectre variant 2 vulnerability. Sometimes to |
1384 | @@ -38,11 +38,13 @@ |
1385 | call 772f; \ |
1386 | 773: /* speculation trap */ \ |
1387 | pause; \ |
1388 | + lfence; \ |
1389 | jmp 773b; \ |
1390 | 772: \ |
1391 | call 774f; \ |
1392 | 775: /* speculation trap */ \ |
1393 | pause; \ |
1394 | + lfence; \ |
1395 | jmp 775b; \ |
1396 | 774: \ |
1397 | dec reg; \ |
1398 | @@ -73,6 +75,7 @@ |
1399 | call .Ldo_rop_\@ |
1400 | .Lspec_trap_\@: |
1401 | pause |
1402 | + lfence |
1403 | jmp .Lspec_trap_\@ |
1404 | .Ldo_rop_\@: |
1405 | mov \reg, (%_ASM_SP) |
1406 | @@ -165,6 +168,7 @@ |
1407 | " .align 16\n" \ |
1408 | "901: call 903f;\n" \ |
1409 | "902: pause;\n" \ |
1410 | + " lfence;\n" \ |
1411 | " jmp 902b;\n" \ |
1412 | " .align 16\n" \ |
1413 | "903: addl $4, %%esp;\n" \ |
1414 | @@ -190,6 +194,9 @@ enum spectre_v2_mitigation { |
1415 | SPECTRE_V2_IBRS, |
1416 | }; |
1417 | |
1418 | +extern char __indirect_thunk_start[]; |
1419 | +extern char __indirect_thunk_end[]; |
1420 | + |
1421 | /* |
1422 | * On VMEXIT we must ensure that no RSB predictions learned in the guest |
1423 | * can be followed in the host, by overwriting the RSB completely. Both |
1424 | @@ -199,16 +206,17 @@ enum spectre_v2_mitigation { |
1425 | static inline void vmexit_fill_RSB(void) |
1426 | { |
1427 | #ifdef CONFIG_RETPOLINE |
1428 | - unsigned long loops = RSB_CLEAR_LOOPS / 2; |
1429 | + unsigned long loops; |
1430 | |
1431 | asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE |
1432 | ALTERNATIVE("jmp 910f", |
1433 | __stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1)), |
1434 | X86_FEATURE_RETPOLINE) |
1435 | "910:" |
1436 | - : "=&r" (loops), ASM_CALL_CONSTRAINT |
1437 | - : "r" (loops) : "memory" ); |
1438 | + : "=r" (loops), ASM_CALL_CONSTRAINT |
1439 | + : : "memory" ); |
1440 | #endif |
1441 | } |
1442 | + |
1443 | #endif /* __ASSEMBLY__ */ |
1444 | #endif /* __NOSPEC_BRANCH_H__ */ |
1445 | diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h |
1446 | index 31051f35cbb7..3de69330e6c5 100644 |
1447 | --- a/arch/x86/include/asm/traps.h |
1448 | +++ b/arch/x86/include/asm/traps.h |
1449 | @@ -88,6 +88,7 @@ dotraplinkage void do_simd_coprocessor_error(struct pt_regs *, long); |
1450 | #ifdef CONFIG_X86_32 |
1451 | dotraplinkage void do_iret_error(struct pt_regs *, long); |
1452 | #endif |
1453 | +dotraplinkage void do_mce(struct pt_regs *, long); |
1454 | |
1455 | static inline int get_si_code(unsigned long condition) |
1456 | { |
1457 | diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c |
1458 | index 88c214e75a6b..2ce1c708b8ee 100644 |
1459 | --- a/arch/x86/kernel/apic/vector.c |
1460 | +++ b/arch/x86/kernel/apic/vector.c |
1461 | @@ -369,8 +369,11 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq, |
1462 | irq_data->hwirq = virq + i; |
1463 | err = assign_irq_vector_policy(virq + i, node, data, info, |
1464 | irq_data); |
1465 | - if (err) |
1466 | + if (err) { |
1467 | + irq_data->chip_data = NULL; |
1468 | + free_apic_chip_data(data); |
1469 | goto error; |
1470 | + } |
1471 | /* |
1472 | * If the apic destination mode is physical, then the |
1473 | * effective affinity is restricted to a single target |
1474 | @@ -383,7 +386,7 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq, |
1475 | return 0; |
1476 | |
1477 | error: |
1478 | - x86_vector_free_irqs(domain, virq, i + 1); |
1479 | + x86_vector_free_irqs(domain, virq, i); |
1480 | return err; |
1481 | } |
1482 | |
1483 | diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
1484 | index e4dc26185aa7..390b3dc3d438 100644 |
1485 | --- a/arch/x86/kernel/cpu/bugs.c |
1486 | +++ b/arch/x86/kernel/cpu/bugs.c |
1487 | @@ -23,6 +23,7 @@ |
1488 | #include <asm/alternative.h> |
1489 | #include <asm/pgtable.h> |
1490 | #include <asm/set_memory.h> |
1491 | +#include <asm/intel-family.h> |
1492 | |
1493 | static void __init spectre_v2_select_mitigation(void); |
1494 | |
1495 | @@ -155,6 +156,23 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) |
1496 | return SPECTRE_V2_CMD_NONE; |
1497 | } |
1498 | |
1499 | +/* Check for Skylake-like CPUs (for RSB handling) */ |
1500 | +static bool __init is_skylake_era(void) |
1501 | +{ |
1502 | + if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && |
1503 | + boot_cpu_data.x86 == 6) { |
1504 | + switch (boot_cpu_data.x86_model) { |
1505 | + case INTEL_FAM6_SKYLAKE_MOBILE: |
1506 | + case INTEL_FAM6_SKYLAKE_DESKTOP: |
1507 | + case INTEL_FAM6_SKYLAKE_X: |
1508 | + case INTEL_FAM6_KABYLAKE_MOBILE: |
1509 | + case INTEL_FAM6_KABYLAKE_DESKTOP: |
1510 | + return true; |
1511 | + } |
1512 | + } |
1513 | + return false; |
1514 | +} |
1515 | + |
1516 | static void __init spectre_v2_select_mitigation(void) |
1517 | { |
1518 | enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); |
1519 | @@ -213,6 +231,24 @@ static void __init spectre_v2_select_mitigation(void) |
1520 | |
1521 | spectre_v2_enabled = mode; |
1522 | pr_info("%s\n", spectre_v2_strings[mode]); |
1523 | + |
1524 | + /* |
1525 | + * If neither SMEP or KPTI are available, there is a risk of |
1526 | + * hitting userspace addresses in the RSB after a context switch |
1527 | + * from a shallow call stack to a deeper one. To prevent this fill |
1528 | + * the entire RSB, even when using IBRS. |
1529 | + * |
1530 | + * Skylake era CPUs have a separate issue with *underflow* of the |
1531 | + * RSB, when they will predict 'ret' targets from the generic BTB. |
1532 | + * The proper mitigation for this is IBRS. If IBRS is not supported |
1533 | + * or deactivated in favour of retpolines the RSB fill on context |
1534 | + * switch is required. |
1535 | + */ |
1536 | + if ((!boot_cpu_has(X86_FEATURE_PTI) && |
1537 | + !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { |
1538 | + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); |
1539 | + pr_info("Filling RSB on context switch\n"); |
1540 | + } |
1541 | } |
1542 | |
1543 | #undef pr_fmt |
1544 | diff --git a/arch/x86/kernel/cpu/intel_rdt.c b/arch/x86/kernel/cpu/intel_rdt.c |
1545 | index 88dcf8479013..99442370de40 100644 |
1546 | --- a/arch/x86/kernel/cpu/intel_rdt.c |
1547 | +++ b/arch/x86/kernel/cpu/intel_rdt.c |
1548 | @@ -525,10 +525,6 @@ static void domain_remove_cpu(int cpu, struct rdt_resource *r) |
1549 | */ |
1550 | if (static_branch_unlikely(&rdt_mon_enable_key)) |
1551 | rmdir_mondata_subdir_allrdtgrp(r, d->id); |
1552 | - kfree(d->ctrl_val); |
1553 | - kfree(d->rmid_busy_llc); |
1554 | - kfree(d->mbm_total); |
1555 | - kfree(d->mbm_local); |
1556 | list_del(&d->list); |
1557 | if (is_mbm_enabled()) |
1558 | cancel_delayed_work(&d->mbm_over); |
1559 | @@ -545,6 +541,10 @@ static void domain_remove_cpu(int cpu, struct rdt_resource *r) |
1560 | cancel_delayed_work(&d->cqm_limbo); |
1561 | } |
1562 | |
1563 | + kfree(d->ctrl_val); |
1564 | + kfree(d->rmid_busy_llc); |
1565 | + kfree(d->mbm_total); |
1566 | + kfree(d->mbm_local); |
1567 | kfree(d); |
1568 | return; |
1569 | } |
1570 | diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c |
1571 | index 3b413065c613..a9e898b71208 100644 |
1572 | --- a/arch/x86/kernel/cpu/mcheck/mce.c |
1573 | +++ b/arch/x86/kernel/cpu/mcheck/mce.c |
1574 | @@ -1788,6 +1788,11 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) |
1575 | void (*machine_check_vector)(struct pt_regs *, long error_code) = |
1576 | unexpected_machine_check; |
1577 | |
1578 | +dotraplinkage void do_mce(struct pt_regs *regs, long error_code) |
1579 | +{ |
1580 | + machine_check_vector(regs, error_code); |
1581 | +} |
1582 | + |
1583 | /* |
1584 | * Called for each booted CPU to set up machine checks. |
1585 | * Must be called with preempt off: |
1586 | diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c |
1587 | index 05459ad3db46..d0e69769abfd 100644 |
1588 | --- a/arch/x86/kernel/cpu/scattered.c |
1589 | +++ b/arch/x86/kernel/cpu/scattered.c |
1590 | @@ -21,7 +21,6 @@ struct cpuid_bit { |
1591 | static const struct cpuid_bit cpuid_bits[] = { |
1592 | { X86_FEATURE_APERFMPERF, CPUID_ECX, 0, 0x00000006, 0 }, |
1593 | { X86_FEATURE_EPB, CPUID_ECX, 3, 0x00000006, 0 }, |
1594 | - { X86_FEATURE_INTEL_PT, CPUID_EBX, 25, 0x00000007, 0 }, |
1595 | { X86_FEATURE_AVX512_4VNNIW, CPUID_EDX, 2, 0x00000007, 0 }, |
1596 | { X86_FEATURE_AVX512_4FMAPS, CPUID_EDX, 3, 0x00000007, 0 }, |
1597 | { X86_FEATURE_CAT_L3, CPUID_EBX, 1, 0x00000010, 0 }, |
1598 | diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c |
1599 | index 6a5d757b9cfd..7ba5d819ebe3 100644 |
1600 | --- a/arch/x86/kernel/head64.c |
1601 | +++ b/arch/x86/kernel/head64.c |
1602 | @@ -157,8 +157,8 @@ unsigned long __head __startup_64(unsigned long physaddr, |
1603 | p = fixup_pointer(&phys_base, physaddr); |
1604 | *p += load_delta - sme_get_me_mask(); |
1605 | |
1606 | - /* Encrypt the kernel (if SME is active) */ |
1607 | - sme_encrypt_kernel(); |
1608 | + /* Encrypt the kernel and related (if SME is active) */ |
1609 | + sme_encrypt_kernel(bp); |
1610 | |
1611 | /* |
1612 | * Return the SME encryption mask (if SME is active) to be used as a |
1613 | diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c |
1614 | index 014cb2fc47ff..236917bac5f2 100644 |
1615 | --- a/arch/x86/kernel/idt.c |
1616 | +++ b/arch/x86/kernel/idt.c |
1617 | @@ -56,7 +56,7 @@ struct idt_data { |
1618 | * Early traps running on the DEFAULT_STACK because the other interrupt |
1619 | * stacks work only after cpu_init(). |
1620 | */ |
1621 | -static const __initdata struct idt_data early_idts[] = { |
1622 | +static const __initconst struct idt_data early_idts[] = { |
1623 | INTG(X86_TRAP_DB, debug), |
1624 | SYSG(X86_TRAP_BP, int3), |
1625 | #ifdef CONFIG_X86_32 |
1626 | @@ -70,7 +70,7 @@ static const __initdata struct idt_data early_idts[] = { |
1627 | * the traps which use them are reinitialized with IST after cpu_init() has |
1628 | * set up TSS. |
1629 | */ |
1630 | -static const __initdata struct idt_data def_idts[] = { |
1631 | +static const __initconst struct idt_data def_idts[] = { |
1632 | INTG(X86_TRAP_DE, divide_error), |
1633 | INTG(X86_TRAP_NMI, nmi), |
1634 | INTG(X86_TRAP_BR, bounds), |
1635 | @@ -108,7 +108,7 @@ static const __initdata struct idt_data def_idts[] = { |
1636 | /* |
1637 | * The APIC and SMP idt entries |
1638 | */ |
1639 | -static const __initdata struct idt_data apic_idts[] = { |
1640 | +static const __initconst struct idt_data apic_idts[] = { |
1641 | #ifdef CONFIG_SMP |
1642 | INTG(RESCHEDULE_VECTOR, reschedule_interrupt), |
1643 | INTG(CALL_FUNCTION_VECTOR, call_function_interrupt), |
1644 | @@ -150,7 +150,7 @@ static const __initdata struct idt_data apic_idts[] = { |
1645 | * Early traps running on the DEFAULT_STACK because the other interrupt |
1646 | * stacks work only after cpu_init(). |
1647 | */ |
1648 | -static const __initdata struct idt_data early_pf_idts[] = { |
1649 | +static const __initconst struct idt_data early_pf_idts[] = { |
1650 | INTG(X86_TRAP_PF, page_fault), |
1651 | }; |
1652 | |
1653 | @@ -158,7 +158,7 @@ static const __initdata struct idt_data early_pf_idts[] = { |
1654 | * Override for the debug_idt. Same as the default, but with interrupt |
1655 | * stack set to DEFAULT_STACK (0). Required for NMI trap handling. |
1656 | */ |
1657 | -static const __initdata struct idt_data dbg_idts[] = { |
1658 | +static const __initconst struct idt_data dbg_idts[] = { |
1659 | INTG(X86_TRAP_DB, debug), |
1660 | INTG(X86_TRAP_BP, int3), |
1661 | }; |
1662 | @@ -180,7 +180,7 @@ gate_desc debug_idt_table[IDT_ENTRIES] __page_aligned_bss; |
1663 | * The exceptions which use Interrupt stacks. They are setup after |
1664 | * cpu_init() when the TSS has been initialized. |
1665 | */ |
1666 | -static const __initdata struct idt_data ist_idts[] = { |
1667 | +static const __initconst struct idt_data ist_idts[] = { |
1668 | ISTG(X86_TRAP_DB, debug, DEBUG_STACK), |
1669 | ISTG(X86_TRAP_NMI, nmi, NMI_STACK), |
1670 | SISTG(X86_TRAP_BP, int3, DEBUG_STACK), |
1671 | diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c |
1672 | index 4f98aad38237..3668f28cf5fc 100644 |
1673 | --- a/arch/x86/kernel/kprobes/opt.c |
1674 | +++ b/arch/x86/kernel/kprobes/opt.c |
1675 | @@ -40,6 +40,7 @@ |
1676 | #include <asm/debugreg.h> |
1677 | #include <asm/set_memory.h> |
1678 | #include <asm/sections.h> |
1679 | +#include <asm/nospec-branch.h> |
1680 | |
1681 | #include "common.h" |
1682 | |
1683 | @@ -205,7 +206,7 @@ static int copy_optimized_instructions(u8 *dest, u8 *src) |
1684 | } |
1685 | |
1686 | /* Check whether insn is indirect jump */ |
1687 | -static int insn_is_indirect_jump(struct insn *insn) |
1688 | +static int __insn_is_indirect_jump(struct insn *insn) |
1689 | { |
1690 | return ((insn->opcode.bytes[0] == 0xff && |
1691 | (X86_MODRM_REG(insn->modrm.value) & 6) == 4) || /* Jump */ |
1692 | @@ -239,6 +240,26 @@ static int insn_jump_into_range(struct insn *insn, unsigned long start, int len) |
1693 | return (start <= target && target <= start + len); |
1694 | } |
1695 | |
1696 | +static int insn_is_indirect_jump(struct insn *insn) |
1697 | +{ |
1698 | + int ret = __insn_is_indirect_jump(insn); |
1699 | + |
1700 | +#ifdef CONFIG_RETPOLINE |
1701 | + /* |
1702 | + * Jump to x86_indirect_thunk_* is treated as an indirect jump. |
1703 | + * Note that even with CONFIG_RETPOLINE=y, the kernel compiled with |
1704 | + * older gcc may use indirect jump. So we add this check instead of |
1705 | + * replace indirect-jump check. |
1706 | + */ |
1707 | + if (!ret) |
1708 | + ret = insn_jump_into_range(insn, |
1709 | + (unsigned long)__indirect_thunk_start, |
1710 | + (unsigned long)__indirect_thunk_end - |
1711 | + (unsigned long)__indirect_thunk_start); |
1712 | +#endif |
1713 | + return ret; |
1714 | +} |
1715 | + |
1716 | /* Decode whole function to ensure any instructions don't jump into target */ |
1717 | static int can_optimize(unsigned long paddr) |
1718 | { |
1719 | diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c |
1720 | index 3cb2486c47e4..8bd1d8292cf7 100644 |
1721 | --- a/arch/x86/kernel/process.c |
1722 | +++ b/arch/x86/kernel/process.c |
1723 | @@ -380,19 +380,24 @@ void stop_this_cpu(void *dummy) |
1724 | disable_local_APIC(); |
1725 | mcheck_cpu_clear(this_cpu_ptr(&cpu_info)); |
1726 | |
1727 | + /* |
1728 | + * Use wbinvd on processors that support SME. This provides support |
1729 | + * for performing a successful kexec when going from SME inactive |
1730 | + * to SME active (or vice-versa). The cache must be cleared so that |
1731 | + * if there are entries with the same physical address, both with and |
1732 | + * without the encryption bit, they don't race each other when flushed |
1733 | + * and potentially end up with the wrong entry being committed to |
1734 | + * memory. |
1735 | + */ |
1736 | + if (boot_cpu_has(X86_FEATURE_SME)) |
1737 | + native_wbinvd(); |
1738 | for (;;) { |
1739 | /* |
1740 | - * Use wbinvd followed by hlt to stop the processor. This |
1741 | - * provides support for kexec on a processor that supports |
1742 | - * SME. With kexec, going from SME inactive to SME active |
1743 | - * requires clearing cache entries so that addresses without |
1744 | - * the encryption bit set don't corrupt the same physical |
1745 | - * address that has the encryption bit set when caches are |
1746 | - * flushed. To achieve this a wbinvd is performed followed by |
1747 | - * a hlt. Even if the processor is not in the kexec/SME |
1748 | - * scenario this only adds a wbinvd to a halting processor. |
1749 | + * Use native_halt() so that memory contents don't change |
1750 | + * (stack usage and variables) after possibly issuing the |
1751 | + * native_wbinvd() above. |
1752 | */ |
1753 | - asm volatile("wbinvd; hlt" : : : "memory"); |
1754 | + native_halt(); |
1755 | } |
1756 | } |
1757 | |
1758 | diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c |
1759 | index 0957dd73d127..e84cb4c75cd0 100644 |
1760 | --- a/arch/x86/kernel/setup.c |
1761 | +++ b/arch/x86/kernel/setup.c |
1762 | @@ -376,14 +376,6 @@ static void __init reserve_initrd(void) |
1763 | !ramdisk_image || !ramdisk_size) |
1764 | return; /* No initrd provided by bootloader */ |
1765 | |
1766 | - /* |
1767 | - * If SME is active, this memory will be marked encrypted by the |
1768 | - * kernel when it is accessed (including relocation). However, the |
1769 | - * ramdisk image was loaded decrypted by the bootloader, so make |
1770 | - * sure that it is encrypted before accessing it. |
1771 | - */ |
1772 | - sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); |
1773 | - |
1774 | initrd_start = 0; |
1775 | |
1776 | mapped_size = memblock_mem_size(max_pfn_mapped); |
1777 | diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c |
1778 | index ad2b925a808e..47506567435e 100644 |
1779 | --- a/arch/x86/kernel/tsc.c |
1780 | +++ b/arch/x86/kernel/tsc.c |
1781 | @@ -602,7 +602,6 @@ unsigned long native_calibrate_tsc(void) |
1782 | case INTEL_FAM6_KABYLAKE_DESKTOP: |
1783 | crystal_khz = 24000; /* 24.0 MHz */ |
1784 | break; |
1785 | - case INTEL_FAM6_SKYLAKE_X: |
1786 | case INTEL_FAM6_ATOM_DENVERTON: |
1787 | crystal_khz = 25000; /* 25.0 MHz */ |
1788 | break; |
1789 | @@ -612,6 +611,8 @@ unsigned long native_calibrate_tsc(void) |
1790 | } |
1791 | } |
1792 | |
1793 | + if (crystal_khz == 0) |
1794 | + return 0; |
1795 | /* |
1796 | * TSC frequency determined by CPUID is a "hardware reported" |
1797 | * frequency and is the most accurate one so far we have. This |
1798 | diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S |
1799 | index 1e413a9326aa..9b138a06c1a4 100644 |
1800 | --- a/arch/x86/kernel/vmlinux.lds.S |
1801 | +++ b/arch/x86/kernel/vmlinux.lds.S |
1802 | @@ -124,6 +124,12 @@ SECTIONS |
1803 | ASSERT(. - _entry_trampoline == PAGE_SIZE, "entry trampoline is too big"); |
1804 | #endif |
1805 | |
1806 | +#ifdef CONFIG_RETPOLINE |
1807 | + __indirect_thunk_start = .; |
1808 | + *(.text.__x86.indirect_thunk) |
1809 | + __indirect_thunk_end = .; |
1810 | +#endif |
1811 | + |
1812 | /* End of text section */ |
1813 | _etext = .; |
1814 | } :text = 0x9090 |
1815 | diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S |
1816 | index cb45c6cb465f..dfb2ba91b670 100644 |
1817 | --- a/arch/x86/lib/retpoline.S |
1818 | +++ b/arch/x86/lib/retpoline.S |
1819 | @@ -9,7 +9,7 @@ |
1820 | #include <asm/nospec-branch.h> |
1821 | |
1822 | .macro THUNK reg |
1823 | - .section .text.__x86.indirect_thunk.\reg |
1824 | + .section .text.__x86.indirect_thunk |
1825 | |
1826 | ENTRY(__x86_indirect_thunk_\reg) |
1827 | CFI_STARTPROC |
1828 | @@ -25,7 +25,8 @@ ENDPROC(__x86_indirect_thunk_\reg) |
1829 | * than one per register with the correct names. So we do it |
1830 | * the simple and nasty way... |
1831 | */ |
1832 | -#define EXPORT_THUNK(reg) EXPORT_SYMBOL(__x86_indirect_thunk_ ## reg) |
1833 | +#define __EXPORT_THUNK(sym) _ASM_NOKPROBE(sym); EXPORT_SYMBOL(sym) |
1834 | +#define EXPORT_THUNK(reg) __EXPORT_THUNK(__x86_indirect_thunk_ ## reg) |
1835 | #define GENERATE_THUNK(reg) THUNK reg ; EXPORT_THUNK(reg) |
1836 | |
1837 | GENERATE_THUNK(_ASM_AX) |
1838 | diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
1839 | index 3109ba6c6ede..b264b590eeec 100644 |
1840 | --- a/arch/x86/mm/fault.c |
1841 | +++ b/arch/x86/mm/fault.c |
1842 | @@ -173,14 +173,15 @@ is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr) |
1843 | * 6. T1 : reaches here, sees vma_pkey(vma)=5, when we really |
1844 | * faulted on a pte with its pkey=4. |
1845 | */ |
1846 | -static void fill_sig_info_pkey(int si_code, siginfo_t *info, u32 *pkey) |
1847 | +static void fill_sig_info_pkey(int si_signo, int si_code, siginfo_t *info, |
1848 | + u32 *pkey) |
1849 | { |
1850 | /* This is effectively an #ifdef */ |
1851 | if (!boot_cpu_has(X86_FEATURE_OSPKE)) |
1852 | return; |
1853 | |
1854 | /* Fault not from Protection Keys: nothing to do */ |
1855 | - if (si_code != SEGV_PKUERR) |
1856 | + if ((si_code != SEGV_PKUERR) || (si_signo != SIGSEGV)) |
1857 | return; |
1858 | /* |
1859 | * force_sig_info_fault() is called from a number of |
1860 | @@ -219,7 +220,7 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address, |
1861 | lsb = PAGE_SHIFT; |
1862 | info.si_addr_lsb = lsb; |
1863 | |
1864 | - fill_sig_info_pkey(si_code, &info, pkey); |
1865 | + fill_sig_info_pkey(si_signo, si_code, &info, pkey); |
1866 | |
1867 | force_sig_info(si_signo, &info, tsk); |
1868 | } |
1869 | diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c |
1870 | index 47388f0c0e59..af6f2f9c6a26 100644 |
1871 | --- a/arch/x86/mm/kasan_init_64.c |
1872 | +++ b/arch/x86/mm/kasan_init_64.c |
1873 | @@ -21,10 +21,14 @@ extern struct range pfn_mapped[E820_MAX_ENTRIES]; |
1874 | |
1875 | static p4d_t tmp_p4d_table[PTRS_PER_P4D] __initdata __aligned(PAGE_SIZE); |
1876 | |
1877 | -static __init void *early_alloc(size_t size, int nid) |
1878 | +static __init void *early_alloc(size_t size, int nid, bool panic) |
1879 | { |
1880 | - return memblock_virt_alloc_try_nid_nopanic(size, size, |
1881 | - __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); |
1882 | + if (panic) |
1883 | + return memblock_virt_alloc_try_nid(size, size, |
1884 | + __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); |
1885 | + else |
1886 | + return memblock_virt_alloc_try_nid_nopanic(size, size, |
1887 | + __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); |
1888 | } |
1889 | |
1890 | static void __init kasan_populate_pmd(pmd_t *pmd, unsigned long addr, |
1891 | @@ -38,14 +42,14 @@ static void __init kasan_populate_pmd(pmd_t *pmd, unsigned long addr, |
1892 | if (boot_cpu_has(X86_FEATURE_PSE) && |
1893 | ((end - addr) == PMD_SIZE) && |
1894 | IS_ALIGNED(addr, PMD_SIZE)) { |
1895 | - p = early_alloc(PMD_SIZE, nid); |
1896 | + p = early_alloc(PMD_SIZE, nid, false); |
1897 | if (p && pmd_set_huge(pmd, __pa(p), PAGE_KERNEL)) |
1898 | return; |
1899 | else if (p) |
1900 | memblock_free(__pa(p), PMD_SIZE); |
1901 | } |
1902 | |
1903 | - p = early_alloc(PAGE_SIZE, nid); |
1904 | + p = early_alloc(PAGE_SIZE, nid, true); |
1905 | pmd_populate_kernel(&init_mm, pmd, p); |
1906 | } |
1907 | |
1908 | @@ -57,7 +61,7 @@ static void __init kasan_populate_pmd(pmd_t *pmd, unsigned long addr, |
1909 | if (!pte_none(*pte)) |
1910 | continue; |
1911 | |
1912 | - p = early_alloc(PAGE_SIZE, nid); |
1913 | + p = early_alloc(PAGE_SIZE, nid, true); |
1914 | entry = pfn_pte(PFN_DOWN(__pa(p)), PAGE_KERNEL); |
1915 | set_pte_at(&init_mm, addr, pte, entry); |
1916 | } while (pte++, addr += PAGE_SIZE, addr != end); |
1917 | @@ -75,14 +79,14 @@ static void __init kasan_populate_pud(pud_t *pud, unsigned long addr, |
1918 | if (boot_cpu_has(X86_FEATURE_GBPAGES) && |
1919 | ((end - addr) == PUD_SIZE) && |
1920 | IS_ALIGNED(addr, PUD_SIZE)) { |
1921 | - p = early_alloc(PUD_SIZE, nid); |
1922 | + p = early_alloc(PUD_SIZE, nid, false); |
1923 | if (p && pud_set_huge(pud, __pa(p), PAGE_KERNEL)) |
1924 | return; |
1925 | else if (p) |
1926 | memblock_free(__pa(p), PUD_SIZE); |
1927 | } |
1928 | |
1929 | - p = early_alloc(PAGE_SIZE, nid); |
1930 | + p = early_alloc(PAGE_SIZE, nid, true); |
1931 | pud_populate(&init_mm, pud, p); |
1932 | } |
1933 | |
1934 | @@ -101,7 +105,7 @@ static void __init kasan_populate_p4d(p4d_t *p4d, unsigned long addr, |
1935 | unsigned long next; |
1936 | |
1937 | if (p4d_none(*p4d)) { |
1938 | - void *p = early_alloc(PAGE_SIZE, nid); |
1939 | + void *p = early_alloc(PAGE_SIZE, nid, true); |
1940 | |
1941 | p4d_populate(&init_mm, p4d, p); |
1942 | } |
1943 | @@ -122,7 +126,7 @@ static void __init kasan_populate_pgd(pgd_t *pgd, unsigned long addr, |
1944 | unsigned long next; |
1945 | |
1946 | if (pgd_none(*pgd)) { |
1947 | - p = early_alloc(PAGE_SIZE, nid); |
1948 | + p = early_alloc(PAGE_SIZE, nid, true); |
1949 | pgd_populate(&init_mm, pgd, p); |
1950 | } |
1951 | |
1952 | diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c |
1953 | index 0286327e65fa..48c03c74c7f4 100644 |
1954 | --- a/arch/x86/mm/mem_encrypt.c |
1955 | +++ b/arch/x86/mm/mem_encrypt.c |
1956 | @@ -213,37 +213,62 @@ void swiotlb_set_mem_attributes(void *vaddr, unsigned long size) |
1957 | set_memory_decrypted((unsigned long)vaddr, size >> PAGE_SHIFT); |
1958 | } |
1959 | |
1960 | -static void __init sme_clear_pgd(pgd_t *pgd_base, unsigned long start, |
1961 | - unsigned long end) |
1962 | +struct sme_populate_pgd_data { |
1963 | + void *pgtable_area; |
1964 | + pgd_t *pgd; |
1965 | + |
1966 | + pmdval_t pmd_flags; |
1967 | + pteval_t pte_flags; |
1968 | + unsigned long paddr; |
1969 | + |
1970 | + unsigned long vaddr; |
1971 | + unsigned long vaddr_end; |
1972 | +}; |
1973 | + |
1974 | +static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) |
1975 | { |
1976 | unsigned long pgd_start, pgd_end, pgd_size; |
1977 | pgd_t *pgd_p; |
1978 | |
1979 | - pgd_start = start & PGDIR_MASK; |
1980 | - pgd_end = end & PGDIR_MASK; |
1981 | + pgd_start = ppd->vaddr & PGDIR_MASK; |
1982 | + pgd_end = ppd->vaddr_end & PGDIR_MASK; |
1983 | |
1984 | - pgd_size = (((pgd_end - pgd_start) / PGDIR_SIZE) + 1); |
1985 | - pgd_size *= sizeof(pgd_t); |
1986 | + pgd_size = (((pgd_end - pgd_start) / PGDIR_SIZE) + 1) * sizeof(pgd_t); |
1987 | |
1988 | - pgd_p = pgd_base + pgd_index(start); |
1989 | + pgd_p = ppd->pgd + pgd_index(ppd->vaddr); |
1990 | |
1991 | memset(pgd_p, 0, pgd_size); |
1992 | } |
1993 | |
1994 | -#define PGD_FLAGS _KERNPG_TABLE_NOENC |
1995 | -#define P4D_FLAGS _KERNPG_TABLE_NOENC |
1996 | -#define PUD_FLAGS _KERNPG_TABLE_NOENC |
1997 | -#define PMD_FLAGS (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) |
1998 | +#define PGD_FLAGS _KERNPG_TABLE_NOENC |
1999 | +#define P4D_FLAGS _KERNPG_TABLE_NOENC |
2000 | +#define PUD_FLAGS _KERNPG_TABLE_NOENC |
2001 | +#define PMD_FLAGS _KERNPG_TABLE_NOENC |
2002 | + |
2003 | +#define PMD_FLAGS_LARGE (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) |
2004 | + |
2005 | +#define PMD_FLAGS_DEC PMD_FLAGS_LARGE |
2006 | +#define PMD_FLAGS_DEC_WP ((PMD_FLAGS_DEC & ~_PAGE_CACHE_MASK) | \ |
2007 | + (_PAGE_PAT | _PAGE_PWT)) |
2008 | + |
2009 | +#define PMD_FLAGS_ENC (PMD_FLAGS_LARGE | _PAGE_ENC) |
2010 | + |
2011 | +#define PTE_FLAGS (__PAGE_KERNEL_EXEC & ~_PAGE_GLOBAL) |
2012 | + |
2013 | +#define PTE_FLAGS_DEC PTE_FLAGS |
2014 | +#define PTE_FLAGS_DEC_WP ((PTE_FLAGS_DEC & ~_PAGE_CACHE_MASK) | \ |
2015 | + (_PAGE_PAT | _PAGE_PWT)) |
2016 | + |
2017 | +#define PTE_FLAGS_ENC (PTE_FLAGS | _PAGE_ENC) |
2018 | |
2019 | -static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, |
2020 | - unsigned long vaddr, pmdval_t pmd_val) |
2021 | +static pmd_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) |
2022 | { |
2023 | pgd_t *pgd_p; |
2024 | p4d_t *p4d_p; |
2025 | pud_t *pud_p; |
2026 | pmd_t *pmd_p; |
2027 | |
2028 | - pgd_p = pgd_base + pgd_index(vaddr); |
2029 | + pgd_p = ppd->pgd + pgd_index(ppd->vaddr); |
2030 | if (native_pgd_val(*pgd_p)) { |
2031 | if (IS_ENABLED(CONFIG_X86_5LEVEL)) |
2032 | p4d_p = (p4d_t *)(native_pgd_val(*pgd_p) & ~PTE_FLAGS_MASK); |
2033 | @@ -253,15 +278,15 @@ static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, |
2034 | pgd_t pgd; |
2035 | |
2036 | if (IS_ENABLED(CONFIG_X86_5LEVEL)) { |
2037 | - p4d_p = pgtable_area; |
2038 | + p4d_p = ppd->pgtable_area; |
2039 | memset(p4d_p, 0, sizeof(*p4d_p) * PTRS_PER_P4D); |
2040 | - pgtable_area += sizeof(*p4d_p) * PTRS_PER_P4D; |
2041 | + ppd->pgtable_area += sizeof(*p4d_p) * PTRS_PER_P4D; |
2042 | |
2043 | pgd = native_make_pgd((pgdval_t)p4d_p + PGD_FLAGS); |
2044 | } else { |
2045 | - pud_p = pgtable_area; |
2046 | + pud_p = ppd->pgtable_area; |
2047 | memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD); |
2048 | - pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; |
2049 | + ppd->pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; |
2050 | |
2051 | pgd = native_make_pgd((pgdval_t)pud_p + PGD_FLAGS); |
2052 | } |
2053 | @@ -269,58 +294,160 @@ static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, |
2054 | } |
2055 | |
2056 | if (IS_ENABLED(CONFIG_X86_5LEVEL)) { |
2057 | - p4d_p += p4d_index(vaddr); |
2058 | + p4d_p += p4d_index(ppd->vaddr); |
2059 | if (native_p4d_val(*p4d_p)) { |
2060 | pud_p = (pud_t *)(native_p4d_val(*p4d_p) & ~PTE_FLAGS_MASK); |
2061 | } else { |
2062 | p4d_t p4d; |
2063 | |
2064 | - pud_p = pgtable_area; |
2065 | + pud_p = ppd->pgtable_area; |
2066 | memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD); |
2067 | - pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; |
2068 | + ppd->pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; |
2069 | |
2070 | p4d = native_make_p4d((pudval_t)pud_p + P4D_FLAGS); |
2071 | native_set_p4d(p4d_p, p4d); |
2072 | } |
2073 | } |
2074 | |
2075 | - pud_p += pud_index(vaddr); |
2076 | + pud_p += pud_index(ppd->vaddr); |
2077 | if (native_pud_val(*pud_p)) { |
2078 | if (native_pud_val(*pud_p) & _PAGE_PSE) |
2079 | - goto out; |
2080 | + return NULL; |
2081 | |
2082 | pmd_p = (pmd_t *)(native_pud_val(*pud_p) & ~PTE_FLAGS_MASK); |
2083 | } else { |
2084 | pud_t pud; |
2085 | |
2086 | - pmd_p = pgtable_area; |
2087 | + pmd_p = ppd->pgtable_area; |
2088 | memset(pmd_p, 0, sizeof(*pmd_p) * PTRS_PER_PMD); |
2089 | - pgtable_area += sizeof(*pmd_p) * PTRS_PER_PMD; |
2090 | + ppd->pgtable_area += sizeof(*pmd_p) * PTRS_PER_PMD; |
2091 | |
2092 | pud = native_make_pud((pmdval_t)pmd_p + PUD_FLAGS); |
2093 | native_set_pud(pud_p, pud); |
2094 | } |
2095 | |
2096 | - pmd_p += pmd_index(vaddr); |
2097 | + return pmd_p; |
2098 | +} |
2099 | + |
2100 | +static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *ppd) |
2101 | +{ |
2102 | + pmd_t *pmd_p; |
2103 | + |
2104 | + pmd_p = sme_prepare_pgd(ppd); |
2105 | + if (!pmd_p) |
2106 | + return; |
2107 | + |
2108 | + pmd_p += pmd_index(ppd->vaddr); |
2109 | if (!native_pmd_val(*pmd_p) || !(native_pmd_val(*pmd_p) & _PAGE_PSE)) |
2110 | - native_set_pmd(pmd_p, native_make_pmd(pmd_val)); |
2111 | + native_set_pmd(pmd_p, native_make_pmd(ppd->paddr | ppd->pmd_flags)); |
2112 | +} |
2113 | + |
2114 | +static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) |
2115 | +{ |
2116 | + pmd_t *pmd_p; |
2117 | + pte_t *pte_p; |
2118 | + |
2119 | + pmd_p = sme_prepare_pgd(ppd); |
2120 | + if (!pmd_p) |
2121 | + return; |
2122 | + |
2123 | + pmd_p += pmd_index(ppd->vaddr); |
2124 | + if (native_pmd_val(*pmd_p)) { |
2125 | + if (native_pmd_val(*pmd_p) & _PAGE_PSE) |
2126 | + return; |
2127 | + |
2128 | + pte_p = (pte_t *)(native_pmd_val(*pmd_p) & ~PTE_FLAGS_MASK); |
2129 | + } else { |
2130 | + pmd_t pmd; |
2131 | + |
2132 | + pte_p = ppd->pgtable_area; |
2133 | + memset(pte_p, 0, sizeof(*pte_p) * PTRS_PER_PTE); |
2134 | + ppd->pgtable_area += sizeof(*pte_p) * PTRS_PER_PTE; |
2135 | + |
2136 | + pmd = native_make_pmd((pteval_t)pte_p + PMD_FLAGS); |
2137 | + native_set_pmd(pmd_p, pmd); |
2138 | + } |
2139 | |
2140 | -out: |
2141 | - return pgtable_area; |
2142 | + pte_p += pte_index(ppd->vaddr); |
2143 | + if (!native_pte_val(*pte_p)) |
2144 | + native_set_pte(pte_p, native_make_pte(ppd->paddr | ppd->pte_flags)); |
2145 | +} |
2146 | + |
2147 | +static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) |
2148 | +{ |
2149 | + while (ppd->vaddr < ppd->vaddr_end) { |
2150 | + sme_populate_pgd_large(ppd); |
2151 | + |
2152 | + ppd->vaddr += PMD_PAGE_SIZE; |
2153 | + ppd->paddr += PMD_PAGE_SIZE; |
2154 | + } |
2155 | +} |
2156 | + |
2157 | +static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) |
2158 | +{ |
2159 | + while (ppd->vaddr < ppd->vaddr_end) { |
2160 | + sme_populate_pgd(ppd); |
2161 | + |
2162 | + ppd->vaddr += PAGE_SIZE; |
2163 | + ppd->paddr += PAGE_SIZE; |
2164 | + } |
2165 | +} |
2166 | + |
2167 | +static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, |
2168 | + pmdval_t pmd_flags, pteval_t pte_flags) |
2169 | +{ |
2170 | + unsigned long vaddr_end; |
2171 | + |
2172 | + ppd->pmd_flags = pmd_flags; |
2173 | + ppd->pte_flags = pte_flags; |
2174 | + |
2175 | + /* Save original end value since we modify the struct value */ |
2176 | + vaddr_end = ppd->vaddr_end; |
2177 | + |
2178 | + /* If start is not 2MB aligned, create PTE entries */ |
2179 | + ppd->vaddr_end = ALIGN(ppd->vaddr, PMD_PAGE_SIZE); |
2180 | + __sme_map_range_pte(ppd); |
2181 | + |
2182 | + /* Create PMD entries */ |
2183 | + ppd->vaddr_end = vaddr_end & PMD_PAGE_MASK; |
2184 | + __sme_map_range_pmd(ppd); |
2185 | + |
2186 | + /* If end is not 2MB aligned, create PTE entries */ |
2187 | + ppd->vaddr_end = vaddr_end; |
2188 | + __sme_map_range_pte(ppd); |
2189 | +} |
2190 | + |
2191 | +static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) |
2192 | +{ |
2193 | + __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); |
2194 | +} |
2195 | + |
2196 | +static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) |
2197 | +{ |
2198 | + __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); |
2199 | +} |
2200 | + |
2201 | +static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data *ppd) |
2202 | +{ |
2203 | + __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); |
2204 | } |
2205 | |
2206 | static unsigned long __init sme_pgtable_calc(unsigned long len) |
2207 | { |
2208 | - unsigned long p4d_size, pud_size, pmd_size; |
2209 | + unsigned long p4d_size, pud_size, pmd_size, pte_size; |
2210 | unsigned long total; |
2211 | |
2212 | /* |
2213 | * Perform a relatively simplistic calculation of the pagetable |
2214 | - * entries that are needed. That mappings will be covered by 2MB |
2215 | - * PMD entries so we can conservatively calculate the required |
2216 | + * entries that are needed. Those mappings will be covered mostly |
2217 | + * by 2MB PMD entries so we can conservatively calculate the required |
2218 | * number of P4D, PUD and PMD structures needed to perform the |
2219 | - * mappings. Incrementing the count for each covers the case where |
2220 | - * the addresses cross entries. |
2221 | + * mappings. For mappings that are not 2MB aligned, PTE mappings |
2222 | + * would be needed for the start and end portion of the address range |
2223 | + * that fall outside of the 2MB alignment. This results in, at most, |
2224 | + * two extra pages to hold PTE entries for each range that is mapped. |
2225 | + * Incrementing the count for each covers the case where the addresses |
2226 | + * cross entries. |
2227 | */ |
2228 | if (IS_ENABLED(CONFIG_X86_5LEVEL)) { |
2229 | p4d_size = (ALIGN(len, PGDIR_SIZE) / PGDIR_SIZE) + 1; |
2230 | @@ -334,8 +461,9 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) |
2231 | } |
2232 | pmd_size = (ALIGN(len, PUD_SIZE) / PUD_SIZE) + 1; |
2233 | pmd_size *= sizeof(pmd_t) * PTRS_PER_PMD; |
2234 | + pte_size = 2 * sizeof(pte_t) * PTRS_PER_PTE; |
2235 | |
2236 | - total = p4d_size + pud_size + pmd_size; |
2237 | + total = p4d_size + pud_size + pmd_size + pte_size; |
2238 | |
2239 | /* |
2240 | * Now calculate the added pagetable structures needed to populate |
2241 | @@ -359,29 +487,29 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) |
2242 | return total; |
2243 | } |
2244 | |
2245 | -void __init sme_encrypt_kernel(void) |
2246 | +void __init __nostackprotector sme_encrypt_kernel(struct boot_params *bp) |
2247 | { |
2248 | unsigned long workarea_start, workarea_end, workarea_len; |
2249 | unsigned long execute_start, execute_end, execute_len; |
2250 | unsigned long kernel_start, kernel_end, kernel_len; |
2251 | + unsigned long initrd_start, initrd_end, initrd_len; |
2252 | + struct sme_populate_pgd_data ppd; |
2253 | unsigned long pgtable_area_len; |
2254 | - unsigned long paddr, pmd_flags; |
2255 | unsigned long decrypted_base; |
2256 | - void *pgtable_area; |
2257 | - pgd_t *pgd; |
2258 | |
2259 | if (!sme_active()) |
2260 | return; |
2261 | |
2262 | /* |
2263 | - * Prepare for encrypting the kernel by building new pagetables with |
2264 | - * the necessary attributes needed to encrypt the kernel in place. |
2265 | + * Prepare for encrypting the kernel and initrd by building new |
2266 | + * pagetables with the necessary attributes needed to encrypt the |
2267 | + * kernel in place. |
2268 | * |
2269 | * One range of virtual addresses will map the memory occupied |
2270 | - * by the kernel as encrypted. |
2271 | + * by the kernel and initrd as encrypted. |
2272 | * |
2273 | * Another range of virtual addresses will map the memory occupied |
2274 | - * by the kernel as decrypted and write-protected. |
2275 | + * by the kernel and initrd as decrypted and write-protected. |
2276 | * |
2277 | * The use of write-protect attribute will prevent any of the |
2278 | * memory from being cached. |
2279 | @@ -392,6 +520,20 @@ void __init sme_encrypt_kernel(void) |
2280 | kernel_end = ALIGN(__pa_symbol(_end), PMD_PAGE_SIZE); |
2281 | kernel_len = kernel_end - kernel_start; |
2282 | |
2283 | + initrd_start = 0; |
2284 | + initrd_end = 0; |
2285 | + initrd_len = 0; |
2286 | +#ifdef CONFIG_BLK_DEV_INITRD |
2287 | + initrd_len = (unsigned long)bp->hdr.ramdisk_size | |
2288 | + ((unsigned long)bp->ext_ramdisk_size << 32); |
2289 | + if (initrd_len) { |
2290 | + initrd_start = (unsigned long)bp->hdr.ramdisk_image | |
2291 | + ((unsigned long)bp->ext_ramdisk_image << 32); |
2292 | + initrd_end = PAGE_ALIGN(initrd_start + initrd_len); |
2293 | + initrd_len = initrd_end - initrd_start; |
2294 | + } |
2295 | +#endif |
2296 | + |
2297 | /* Set the encryption workarea to be immediately after the kernel */ |
2298 | workarea_start = kernel_end; |
2299 | |
2300 | @@ -414,16 +556,21 @@ void __init sme_encrypt_kernel(void) |
2301 | */ |
2302 | pgtable_area_len = sizeof(pgd_t) * PTRS_PER_PGD; |
2303 | pgtable_area_len += sme_pgtable_calc(execute_end - kernel_start) * 2; |
2304 | + if (initrd_len) |
2305 | + pgtable_area_len += sme_pgtable_calc(initrd_len) * 2; |
2306 | |
2307 | /* PUDs and PMDs needed in the current pagetables for the workarea */ |
2308 | pgtable_area_len += sme_pgtable_calc(execute_len + pgtable_area_len); |
2309 | |
2310 | /* |
2311 | * The total workarea includes the executable encryption area and |
2312 | - * the pagetable area. |
2313 | + * the pagetable area. The start of the workarea is already 2MB |
2314 | + * aligned, align the end of the workarea on a 2MB boundary so that |
2315 | + * we don't try to create/allocate PTE entries from the workarea |
2316 | + * before it is mapped. |
2317 | */ |
2318 | workarea_len = execute_len + pgtable_area_len; |
2319 | - workarea_end = workarea_start + workarea_len; |
2320 | + workarea_end = ALIGN(workarea_start + workarea_len, PMD_PAGE_SIZE); |
2321 | |
2322 | /* |
2323 | * Set the address to the start of where newly created pagetable |
2324 | @@ -432,45 +579,30 @@ void __init sme_encrypt_kernel(void) |
2325 | * pagetables and when the new encrypted and decrypted kernel |
2326 | * mappings are populated. |
2327 | */ |
2328 | - pgtable_area = (void *)execute_end; |
2329 | + ppd.pgtable_area = (void *)execute_end; |
2330 | |
2331 | /* |
2332 | * Make sure the current pagetable structure has entries for |
2333 | * addressing the workarea. |
2334 | */ |
2335 | - pgd = (pgd_t *)native_read_cr3_pa(); |
2336 | - paddr = workarea_start; |
2337 | - while (paddr < workarea_end) { |
2338 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, |
2339 | - paddr, |
2340 | - paddr + PMD_FLAGS); |
2341 | - |
2342 | - paddr += PMD_PAGE_SIZE; |
2343 | - } |
2344 | + ppd.pgd = (pgd_t *)native_read_cr3_pa(); |
2345 | + ppd.paddr = workarea_start; |
2346 | + ppd.vaddr = workarea_start; |
2347 | + ppd.vaddr_end = workarea_end; |
2348 | + sme_map_range_decrypted(&ppd); |
2349 | |
2350 | /* Flush the TLB - no globals so cr3 is enough */ |
2351 | native_write_cr3(__native_read_cr3()); |
2352 | |
2353 | /* |
2354 | * A new pagetable structure is being built to allow for the kernel |
2355 | - * to be encrypted. It starts with an empty PGD that will then be |
2356 | - * populated with new PUDs and PMDs as the encrypted and decrypted |
2357 | - * kernel mappings are created. |
2358 | + * and initrd to be encrypted. It starts with an empty PGD that will |
2359 | + * then be populated with new PUDs and PMDs as the encrypted and |
2360 | + * decrypted kernel mappings are created. |
2361 | */ |
2362 | - pgd = pgtable_area; |
2363 | - memset(pgd, 0, sizeof(*pgd) * PTRS_PER_PGD); |
2364 | - pgtable_area += sizeof(*pgd) * PTRS_PER_PGD; |
2365 | - |
2366 | - /* Add encrypted kernel (identity) mappings */ |
2367 | - pmd_flags = PMD_FLAGS | _PAGE_ENC; |
2368 | - paddr = kernel_start; |
2369 | - while (paddr < kernel_end) { |
2370 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, |
2371 | - paddr, |
2372 | - paddr + pmd_flags); |
2373 | - |
2374 | - paddr += PMD_PAGE_SIZE; |
2375 | - } |
2376 | + ppd.pgd = ppd.pgtable_area; |
2377 | + memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); |
2378 | + ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; |
2379 | |
2380 | /* |
2381 | * A different PGD index/entry must be used to get different |
2382 | @@ -479,47 +611,79 @@ void __init sme_encrypt_kernel(void) |
2383 | * the base of the mapping. |
2384 | */ |
2385 | decrypted_base = (pgd_index(workarea_end) + 1) & (PTRS_PER_PGD - 1); |
2386 | + if (initrd_len) { |
2387 | + unsigned long check_base; |
2388 | + |
2389 | + check_base = (pgd_index(initrd_end) + 1) & (PTRS_PER_PGD - 1); |
2390 | + decrypted_base = max(decrypted_base, check_base); |
2391 | + } |
2392 | decrypted_base <<= PGDIR_SHIFT; |
2393 | |
2394 | + /* Add encrypted kernel (identity) mappings */ |
2395 | + ppd.paddr = kernel_start; |
2396 | + ppd.vaddr = kernel_start; |
2397 | + ppd.vaddr_end = kernel_end; |
2398 | + sme_map_range_encrypted(&ppd); |
2399 | + |
2400 | /* Add decrypted, write-protected kernel (non-identity) mappings */ |
2401 | - pmd_flags = (PMD_FLAGS & ~_PAGE_CACHE_MASK) | (_PAGE_PAT | _PAGE_PWT); |
2402 | - paddr = kernel_start; |
2403 | - while (paddr < kernel_end) { |
2404 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, |
2405 | - paddr + decrypted_base, |
2406 | - paddr + pmd_flags); |
2407 | - |
2408 | - paddr += PMD_PAGE_SIZE; |
2409 | + ppd.paddr = kernel_start; |
2410 | + ppd.vaddr = kernel_start + decrypted_base; |
2411 | + ppd.vaddr_end = kernel_end + decrypted_base; |
2412 | + sme_map_range_decrypted_wp(&ppd); |
2413 | + |
2414 | + if (initrd_len) { |
2415 | + /* Add encrypted initrd (identity) mappings */ |
2416 | + ppd.paddr = initrd_start; |
2417 | + ppd.vaddr = initrd_start; |
2418 | + ppd.vaddr_end = initrd_end; |
2419 | + sme_map_range_encrypted(&ppd); |
2420 | + /* |
2421 | + * Add decrypted, write-protected initrd (non-identity) mappings |
2422 | + */ |
2423 | + ppd.paddr = initrd_start; |
2424 | + ppd.vaddr = initrd_start + decrypted_base; |
2425 | + ppd.vaddr_end = initrd_end + decrypted_base; |
2426 | + sme_map_range_decrypted_wp(&ppd); |
2427 | } |
2428 | |
2429 | /* Add decrypted workarea mappings to both kernel mappings */ |
2430 | - paddr = workarea_start; |
2431 | - while (paddr < workarea_end) { |
2432 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, |
2433 | - paddr, |
2434 | - paddr + PMD_FLAGS); |
2435 | + ppd.paddr = workarea_start; |
2436 | + ppd.vaddr = workarea_start; |
2437 | + ppd.vaddr_end = workarea_end; |
2438 | + sme_map_range_decrypted(&ppd); |
2439 | |
2440 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, |
2441 | - paddr + decrypted_base, |
2442 | - paddr + PMD_FLAGS); |
2443 | - |
2444 | - paddr += PMD_PAGE_SIZE; |
2445 | - } |
2446 | + ppd.paddr = workarea_start; |
2447 | + ppd.vaddr = workarea_start + decrypted_base; |
2448 | + ppd.vaddr_end = workarea_end + decrypted_base; |
2449 | + sme_map_range_decrypted(&ppd); |
2450 | |
2451 | /* Perform the encryption */ |
2452 | sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, |
2453 | - kernel_len, workarea_start, (unsigned long)pgd); |
2454 | + kernel_len, workarea_start, (unsigned long)ppd.pgd); |
2455 | + |
2456 | + if (initrd_len) |
2457 | + sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, |
2458 | + initrd_len, workarea_start, |
2459 | + (unsigned long)ppd.pgd); |
2460 | |
2461 | /* |
2462 | * At this point we are running encrypted. Remove the mappings for |
2463 | * the decrypted areas - all that is needed for this is to remove |
2464 | * the PGD entry/entries. |
2465 | */ |
2466 | - sme_clear_pgd(pgd, kernel_start + decrypted_base, |
2467 | - kernel_end + decrypted_base); |
2468 | + ppd.vaddr = kernel_start + decrypted_base; |
2469 | + ppd.vaddr_end = kernel_end + decrypted_base; |
2470 | + sme_clear_pgd(&ppd); |
2471 | + |
2472 | + if (initrd_len) { |
2473 | + ppd.vaddr = initrd_start + decrypted_base; |
2474 | + ppd.vaddr_end = initrd_end + decrypted_base; |
2475 | + sme_clear_pgd(&ppd); |
2476 | + } |
2477 | |
2478 | - sme_clear_pgd(pgd, workarea_start + decrypted_base, |
2479 | - workarea_end + decrypted_base); |
2480 | + ppd.vaddr = workarea_start + decrypted_base; |
2481 | + ppd.vaddr_end = workarea_end + decrypted_base; |
2482 | + sme_clear_pgd(&ppd); |
2483 | |
2484 | /* Flush the TLB - no globals so cr3 is enough */ |
2485 | native_write_cr3(__native_read_cr3()); |
2486 | diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S |
2487 | index 730e6d541df1..01f682cf77a8 100644 |
2488 | --- a/arch/x86/mm/mem_encrypt_boot.S |
2489 | +++ b/arch/x86/mm/mem_encrypt_boot.S |
2490 | @@ -22,9 +22,9 @@ ENTRY(sme_encrypt_execute) |
2491 | |
2492 | /* |
2493 | * Entry parameters: |
2494 | - * RDI - virtual address for the encrypted kernel mapping |
2495 | - * RSI - virtual address for the decrypted kernel mapping |
2496 | - * RDX - length of kernel |
2497 | + * RDI - virtual address for the encrypted mapping |
2498 | + * RSI - virtual address for the decrypted mapping |
2499 | + * RDX - length to encrypt |
2500 | * RCX - virtual address of the encryption workarea, including: |
2501 | * - stack page (PAGE_SIZE) |
2502 | * - encryption routine page (PAGE_SIZE) |
2503 | @@ -41,9 +41,9 @@ ENTRY(sme_encrypt_execute) |
2504 | addq $PAGE_SIZE, %rax /* Workarea encryption routine */ |
2505 | |
2506 | push %r12 |
2507 | - movq %rdi, %r10 /* Encrypted kernel */ |
2508 | - movq %rsi, %r11 /* Decrypted kernel */ |
2509 | - movq %rdx, %r12 /* Kernel length */ |
2510 | + movq %rdi, %r10 /* Encrypted area */ |
2511 | + movq %rsi, %r11 /* Decrypted area */ |
2512 | + movq %rdx, %r12 /* Area length */ |
2513 | |
2514 | /* Copy encryption routine into the workarea */ |
2515 | movq %rax, %rdi /* Workarea encryption routine */ |
2516 | @@ -52,10 +52,10 @@ ENTRY(sme_encrypt_execute) |
2517 | rep movsb |
2518 | |
2519 | /* Setup registers for call */ |
2520 | - movq %r10, %rdi /* Encrypted kernel */ |
2521 | - movq %r11, %rsi /* Decrypted kernel */ |
2522 | + movq %r10, %rdi /* Encrypted area */ |
2523 | + movq %r11, %rsi /* Decrypted area */ |
2524 | movq %r8, %rdx /* Pagetables used for encryption */ |
2525 | - movq %r12, %rcx /* Kernel length */ |
2526 | + movq %r12, %rcx /* Area length */ |
2527 | movq %rax, %r8 /* Workarea encryption routine */ |
2528 | addq $PAGE_SIZE, %r8 /* Workarea intermediate copy buffer */ |
2529 | |
2530 | @@ -71,7 +71,7 @@ ENDPROC(sme_encrypt_execute) |
2531 | |
2532 | ENTRY(__enc_copy) |
2533 | /* |
2534 | - * Routine used to encrypt kernel. |
2535 | + * Routine used to encrypt memory in place. |
2536 | * This routine must be run outside of the kernel proper since |
2537 | * the kernel will be encrypted during the process. So this |
2538 | * routine is defined here and then copied to an area outside |
2539 | @@ -79,19 +79,19 @@ ENTRY(__enc_copy) |
2540 | * during execution. |
2541 | * |
2542 | * On entry the registers must be: |
2543 | - * RDI - virtual address for the encrypted kernel mapping |
2544 | - * RSI - virtual address for the decrypted kernel mapping |
2545 | + * RDI - virtual address for the encrypted mapping |
2546 | + * RSI - virtual address for the decrypted mapping |
2547 | * RDX - address of the pagetables to use for encryption |
2548 | - * RCX - length of kernel |
2549 | + * RCX - length of area |
2550 | * R8 - intermediate copy buffer |
2551 | * |
2552 | * RAX - points to this routine |
2553 | * |
2554 | - * The kernel will be encrypted by copying from the non-encrypted |
2555 | - * kernel space to an intermediate buffer and then copying from the |
2556 | - * intermediate buffer back to the encrypted kernel space. The physical |
2557 | - * addresses of the two kernel space mappings are the same which |
2558 | - * results in the kernel being encrypted "in place". |
2559 | + * The area will be encrypted by copying from the non-encrypted |
2560 | + * memory space to an intermediate buffer and then copying from the |
2561 | + * intermediate buffer back to the encrypted memory space. The physical |
2562 | + * addresses of the two mappings are the same which results in the area |
2563 | + * being encrypted "in place". |
2564 | */ |
2565 | /* Enable the new page tables */ |
2566 | mov %rdx, %cr3 |
2567 | @@ -103,47 +103,55 @@ ENTRY(__enc_copy) |
2568 | orq $X86_CR4_PGE, %rdx |
2569 | mov %rdx, %cr4 |
2570 | |
2571 | + push %r15 |
2572 | + push %r12 |
2573 | + |
2574 | + movq %rcx, %r9 /* Save area length */ |
2575 | + movq %rdi, %r10 /* Save encrypted area address */ |
2576 | + movq %rsi, %r11 /* Save decrypted area address */ |
2577 | + |
2578 | /* Set the PAT register PA5 entry to write-protect */ |
2579 | - push %rcx |
2580 | movl $MSR_IA32_CR_PAT, %ecx |
2581 | rdmsr |
2582 | - push %rdx /* Save original PAT value */ |
2583 | + mov %rdx, %r15 /* Save original PAT value */ |
2584 | andl $0xffff00ff, %edx /* Clear PA5 */ |
2585 | orl $0x00000500, %edx /* Set PA5 to WP */ |
2586 | wrmsr |
2587 | - pop %rdx /* RDX contains original PAT value */ |
2588 | - pop %rcx |
2589 | - |
2590 | - movq %rcx, %r9 /* Save kernel length */ |
2591 | - movq %rdi, %r10 /* Save encrypted kernel address */ |
2592 | - movq %rsi, %r11 /* Save decrypted kernel address */ |
2593 | |
2594 | wbinvd /* Invalidate any cache entries */ |
2595 | |
2596 | - /* Copy/encrypt 2MB at a time */ |
2597 | + /* Copy/encrypt up to 2MB at a time */ |
2598 | + movq $PMD_PAGE_SIZE, %r12 |
2599 | 1: |
2600 | - movq %r11, %rsi /* Source - decrypted kernel */ |
2601 | + cmpq %r12, %r9 |
2602 | + jnb 2f |
2603 | + movq %r9, %r12 |
2604 | + |
2605 | +2: |
2606 | + movq %r11, %rsi /* Source - decrypted area */ |
2607 | movq %r8, %rdi /* Dest - intermediate copy buffer */ |
2608 | - movq $PMD_PAGE_SIZE, %rcx /* 2MB length */ |
2609 | + movq %r12, %rcx |
2610 | rep movsb |
2611 | |
2612 | movq %r8, %rsi /* Source - intermediate copy buffer */ |
2613 | - movq %r10, %rdi /* Dest - encrypted kernel */ |
2614 | - movq $PMD_PAGE_SIZE, %rcx /* 2MB length */ |
2615 | + movq %r10, %rdi /* Dest - encrypted area */ |
2616 | + movq %r12, %rcx |
2617 | rep movsb |
2618 | |
2619 | - addq $PMD_PAGE_SIZE, %r11 |
2620 | - addq $PMD_PAGE_SIZE, %r10 |
2621 | - subq $PMD_PAGE_SIZE, %r9 /* Kernel length decrement */ |
2622 | + addq %r12, %r11 |
2623 | + addq %r12, %r10 |
2624 | + subq %r12, %r9 /* Kernel length decrement */ |
2625 | jnz 1b /* Kernel length not zero? */ |
2626 | |
2627 | /* Restore PAT register */ |
2628 | - push %rdx /* Save original PAT value */ |
2629 | movl $MSR_IA32_CR_PAT, %ecx |
2630 | rdmsr |
2631 | - pop %rdx /* Restore original PAT value */ |
2632 | + mov %r15, %rdx /* Restore original PAT value */ |
2633 | wrmsr |
2634 | |
2635 | + pop %r12 |
2636 | + pop %r15 |
2637 | + |
2638 | ret |
2639 | .L__enc_copy_end: |
2640 | ENDPROC(__enc_copy) |
2641 | diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c |
2642 | index ee4c1ec9dca0..e7ded346d94b 100644 |
2643 | --- a/drivers/ata/libata-core.c |
2644 | +++ b/drivers/ata/libata-core.c |
2645 | @@ -4439,6 +4439,7 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { |
2646 | * https://bugzilla.kernel.org/show_bug.cgi?id=121671 |
2647 | */ |
2648 | { "LITEON CX1-JB*-HP", NULL, ATA_HORKAGE_MAX_SEC_1024 }, |
2649 | + { "LITEON EP1-*", NULL, ATA_HORKAGE_MAX_SEC_1024 }, |
2650 | |
2651 | /* Devices we expect to fail diagnostics */ |
2652 | |
2653 | diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c |
2654 | index a2978a37b4f3..700fc754f28a 100644 |
2655 | --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c |
2656 | +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c |
2657 | @@ -174,6 +174,7 @@ gf119_sor = { |
2658 | .links = gf119_sor_dp_links, |
2659 | .power = g94_sor_dp_power, |
2660 | .pattern = gf119_sor_dp_pattern, |
2661 | + .drive = gf119_sor_dp_drive, |
2662 | .vcpi = gf119_sor_dp_vcpi, |
2663 | .audio = gf119_sor_dp_audio, |
2664 | .audio_sym = gf119_sor_dp_audio_sym, |
2665 | diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c |
2666 | index b8a09807c5de..3824595fece1 100644 |
2667 | --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c |
2668 | +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c |
2669 | @@ -266,8 +266,8 @@ static const struct drm_connector_funcs vmw_legacy_connector_funcs = { |
2670 | .set_property = vmw_du_connector_set_property, |
2671 | .destroy = vmw_ldu_connector_destroy, |
2672 | .reset = vmw_du_connector_reset, |
2673 | - .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state, |
2674 | - .atomic_destroy_state = drm_atomic_helper_connector_destroy_state, |
2675 | + .atomic_duplicate_state = vmw_du_connector_duplicate_state, |
2676 | + .atomic_destroy_state = vmw_du_connector_destroy_state, |
2677 | .atomic_set_property = vmw_du_connector_atomic_set_property, |
2678 | .atomic_get_property = vmw_du_connector_atomic_get_property, |
2679 | }; |
2680 | diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c |
2681 | index d1552d3e0652..7ae38a67388c 100644 |
2682 | --- a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c |
2683 | +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c |
2684 | @@ -420,8 +420,8 @@ static const struct drm_connector_funcs vmw_sou_connector_funcs = { |
2685 | .set_property = vmw_du_connector_set_property, |
2686 | .destroy = vmw_sou_connector_destroy, |
2687 | .reset = vmw_du_connector_reset, |
2688 | - .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state, |
2689 | - .atomic_destroy_state = drm_atomic_helper_connector_destroy_state, |
2690 | + .atomic_duplicate_state = vmw_du_connector_duplicate_state, |
2691 | + .atomic_destroy_state = vmw_du_connector_destroy_state, |
2692 | .atomic_set_property = vmw_du_connector_atomic_set_property, |
2693 | .atomic_get_property = vmw_du_connector_atomic_get_property, |
2694 | }; |
2695 | diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c |
2696 | index 10f00a82ec9d..e54a9b835b62 100644 |
2697 | --- a/drivers/i2c/i2c-core-smbus.c |
2698 | +++ b/drivers/i2c/i2c-core-smbus.c |
2699 | @@ -396,16 +396,17 @@ static s32 i2c_smbus_xfer_emulated(struct i2c_adapter *adapter, u16 addr, |
2700 | the underlying bus driver */ |
2701 | break; |
2702 | case I2C_SMBUS_I2C_BLOCK_DATA: |
2703 | + if (data->block[0] > I2C_SMBUS_BLOCK_MAX) { |
2704 | + dev_err(&adapter->dev, "Invalid block %s size %d\n", |
2705 | + read_write == I2C_SMBUS_READ ? "read" : "write", |
2706 | + data->block[0]); |
2707 | + return -EINVAL; |
2708 | + } |
2709 | + |
2710 | if (read_write == I2C_SMBUS_READ) { |
2711 | msg[1].len = data->block[0]; |
2712 | } else { |
2713 | msg[0].len = data->block[0] + 1; |
2714 | - if (msg[0].len > I2C_SMBUS_BLOCK_MAX + 1) { |
2715 | - dev_err(&adapter->dev, |
2716 | - "Invalid block write size %d\n", |
2717 | - data->block[0]); |
2718 | - return -EINVAL; |
2719 | - } |
2720 | for (i = 1; i <= data->block[0]; i++) |
2721 | msgbuf0[i] = data->block[i]; |
2722 | } |
2723 | diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c |
2724 | index d9a1e9893136..fd28f09b4445 100644 |
2725 | --- a/drivers/infiniband/hw/hfi1/file_ops.c |
2726 | +++ b/drivers/infiniband/hw/hfi1/file_ops.c |
2727 | @@ -881,11 +881,11 @@ static int complete_subctxt(struct hfi1_filedata *fd) |
2728 | } |
2729 | |
2730 | if (ret) { |
2731 | - hfi1_rcd_put(fd->uctxt); |
2732 | - fd->uctxt = NULL; |
2733 | spin_lock_irqsave(&fd->dd->uctxt_lock, flags); |
2734 | __clear_bit(fd->subctxt, fd->uctxt->in_use_ctxts); |
2735 | spin_unlock_irqrestore(&fd->dd->uctxt_lock, flags); |
2736 | + hfi1_rcd_put(fd->uctxt); |
2737 | + fd->uctxt = NULL; |
2738 | } |
2739 | |
2740 | return ret; |
2741 | diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c |
2742 | index acb79d3a4f1d..756ece6118c0 100644 |
2743 | --- a/drivers/infiniband/hw/mlx5/qp.c |
2744 | +++ b/drivers/infiniband/hw/mlx5/qp.c |
2745 | @@ -4303,12 +4303,11 @@ static void to_rdma_ah_attr(struct mlx5_ib_dev *ibdev, |
2746 | |
2747 | memset(ah_attr, 0, sizeof(*ah_attr)); |
2748 | |
2749 | - ah_attr->type = rdma_ah_find_type(&ibdev->ib_dev, path->port); |
2750 | - rdma_ah_set_port_num(ah_attr, path->port); |
2751 | - if (rdma_ah_get_port_num(ah_attr) == 0 || |
2752 | - rdma_ah_get_port_num(ah_attr) > MLX5_CAP_GEN(dev, num_ports)) |
2753 | + if (!path->port || path->port > MLX5_CAP_GEN(dev, num_ports)) |
2754 | return; |
2755 | |
2756 | + ah_attr->type = rdma_ah_find_type(&ibdev->ib_dev, path->port); |
2757 | + |
2758 | rdma_ah_set_port_num(ah_attr, path->port); |
2759 | rdma_ah_set_sl(ah_attr, path->dci_cfi_prio_sl & 0xf); |
2760 | |
2761 | diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c |
2762 | index ceabdb85df8b..9d4785ba24cb 100644 |
2763 | --- a/drivers/infiniband/ulp/isert/ib_isert.c |
2764 | +++ b/drivers/infiniband/ulp/isert/ib_isert.c |
2765 | @@ -741,6 +741,7 @@ isert_connect_error(struct rdma_cm_id *cma_id) |
2766 | { |
2767 | struct isert_conn *isert_conn = cma_id->qp->qp_context; |
2768 | |
2769 | + ib_drain_qp(isert_conn->qp); |
2770 | list_del_init(&isert_conn->node); |
2771 | isert_conn->cm_id = NULL; |
2772 | isert_put_conn(isert_conn); |
2773 | diff --git a/drivers/input/misc/twl4030-vibra.c b/drivers/input/misc/twl4030-vibra.c |
2774 | index 6c51d404874b..c37aea9ac272 100644 |
2775 | --- a/drivers/input/misc/twl4030-vibra.c |
2776 | +++ b/drivers/input/misc/twl4030-vibra.c |
2777 | @@ -178,12 +178,14 @@ static SIMPLE_DEV_PM_OPS(twl4030_vibra_pm_ops, |
2778 | twl4030_vibra_suspend, twl4030_vibra_resume); |
2779 | |
2780 | static bool twl4030_vibra_check_coexist(struct twl4030_vibra_data *pdata, |
2781 | - struct device_node *node) |
2782 | + struct device_node *parent) |
2783 | { |
2784 | + struct device_node *node; |
2785 | + |
2786 | if (pdata && pdata->coexist) |
2787 | return true; |
2788 | |
2789 | - node = of_find_node_by_name(node, "codec"); |
2790 | + node = of_get_child_by_name(parent, "codec"); |
2791 | if (node) { |
2792 | of_node_put(node); |
2793 | return true; |
2794 | diff --git a/drivers/input/misc/twl6040-vibra.c b/drivers/input/misc/twl6040-vibra.c |
2795 | index 5690eb7ff954..15e0d352c4cc 100644 |
2796 | --- a/drivers/input/misc/twl6040-vibra.c |
2797 | +++ b/drivers/input/misc/twl6040-vibra.c |
2798 | @@ -248,8 +248,7 @@ static int twl6040_vibra_probe(struct platform_device *pdev) |
2799 | int vddvibr_uV = 0; |
2800 | int error; |
2801 | |
2802 | - of_node_get(twl6040_core_dev->of_node); |
2803 | - twl6040_core_node = of_find_node_by_name(twl6040_core_dev->of_node, |
2804 | + twl6040_core_node = of_get_child_by_name(twl6040_core_dev->of_node, |
2805 | "vibra"); |
2806 | if (!twl6040_core_node) { |
2807 | dev_err(&pdev->dev, "parent of node is missing?\n"); |
2808 | diff --git a/drivers/input/mouse/alps.c b/drivers/input/mouse/alps.c |
2809 | index 850b00e3ad8e..3d9c294e84db 100644 |
2810 | --- a/drivers/input/mouse/alps.c |
2811 | +++ b/drivers/input/mouse/alps.c |
2812 | @@ -1250,29 +1250,32 @@ static int alps_decode_ss4_v2(struct alps_fields *f, |
2813 | case SS4_PACKET_ID_MULTI: |
2814 | if (priv->flags & ALPS_BUTTONPAD) { |
2815 | if (IS_SS4PLUS_DEV(priv->dev_id)) { |
2816 | - f->mt[0].x = SS4_PLUS_BTL_MF_X_V2(p, 0); |
2817 | - f->mt[1].x = SS4_PLUS_BTL_MF_X_V2(p, 1); |
2818 | + f->mt[2].x = SS4_PLUS_BTL_MF_X_V2(p, 0); |
2819 | + f->mt[3].x = SS4_PLUS_BTL_MF_X_V2(p, 1); |
2820 | + no_data_x = SS4_PLUS_MFPACKET_NO_AX_BL; |
2821 | } else { |
2822 | f->mt[2].x = SS4_BTL_MF_X_V2(p, 0); |
2823 | f->mt[3].x = SS4_BTL_MF_X_V2(p, 1); |
2824 | + no_data_x = SS4_MFPACKET_NO_AX_BL; |
2825 | } |
2826 | + no_data_y = SS4_MFPACKET_NO_AY_BL; |
2827 | |
2828 | f->mt[2].y = SS4_BTL_MF_Y_V2(p, 0); |
2829 | f->mt[3].y = SS4_BTL_MF_Y_V2(p, 1); |
2830 | - no_data_x = SS4_MFPACKET_NO_AX_BL; |
2831 | - no_data_y = SS4_MFPACKET_NO_AY_BL; |
2832 | } else { |
2833 | if (IS_SS4PLUS_DEV(priv->dev_id)) { |
2834 | - f->mt[0].x = SS4_PLUS_STD_MF_X_V2(p, 0); |
2835 | - f->mt[1].x = SS4_PLUS_STD_MF_X_V2(p, 1); |
2836 | + f->mt[2].x = SS4_PLUS_STD_MF_X_V2(p, 0); |
2837 | + f->mt[3].x = SS4_PLUS_STD_MF_X_V2(p, 1); |
2838 | + no_data_x = SS4_PLUS_MFPACKET_NO_AX; |
2839 | } else { |
2840 | - f->mt[0].x = SS4_STD_MF_X_V2(p, 0); |
2841 | - f->mt[1].x = SS4_STD_MF_X_V2(p, 1); |
2842 | + f->mt[2].x = SS4_STD_MF_X_V2(p, 0); |
2843 | + f->mt[3].x = SS4_STD_MF_X_V2(p, 1); |
2844 | + no_data_x = SS4_MFPACKET_NO_AX; |
2845 | } |
2846 | + no_data_y = SS4_MFPACKET_NO_AY; |
2847 | + |
2848 | f->mt[2].y = SS4_STD_MF_Y_V2(p, 0); |
2849 | f->mt[3].y = SS4_STD_MF_Y_V2(p, 1); |
2850 | - no_data_x = SS4_MFPACKET_NO_AX; |
2851 | - no_data_y = SS4_MFPACKET_NO_AY; |
2852 | } |
2853 | |
2854 | f->first_mp = 0; |
2855 | diff --git a/drivers/input/mouse/alps.h b/drivers/input/mouse/alps.h |
2856 | index c80a7c76cb76..79b6d69d1486 100644 |
2857 | --- a/drivers/input/mouse/alps.h |
2858 | +++ b/drivers/input/mouse/alps.h |
2859 | @@ -141,10 +141,12 @@ enum SS4_PACKET_ID { |
2860 | #define SS4_TS_Z_V2(_b) (s8)(_b[4] & 0x7F) |
2861 | |
2862 | |
2863 | -#define SS4_MFPACKET_NO_AX 8160 /* X-Coordinate value */ |
2864 | -#define SS4_MFPACKET_NO_AY 4080 /* Y-Coordinate value */ |
2865 | -#define SS4_MFPACKET_NO_AX_BL 8176 /* Buttonless X-Coordinate value */ |
2866 | -#define SS4_MFPACKET_NO_AY_BL 4088 /* Buttonless Y-Coordinate value */ |
2867 | +#define SS4_MFPACKET_NO_AX 8160 /* X-Coordinate value */ |
2868 | +#define SS4_MFPACKET_NO_AY 4080 /* Y-Coordinate value */ |
2869 | +#define SS4_MFPACKET_NO_AX_BL 8176 /* Buttonless X-Coord value */ |
2870 | +#define SS4_MFPACKET_NO_AY_BL 4088 /* Buttonless Y-Coord value */ |
2871 | +#define SS4_PLUS_MFPACKET_NO_AX 4080 /* SS4 PLUS, X */ |
2872 | +#define SS4_PLUS_MFPACKET_NO_AX_BL 4088 /* Buttonless SS4 PLUS, X */ |
2873 | |
2874 | /* |
2875 | * enum V7_PACKET_ID - defines the packet type for V7 |
2876 | diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c |
2877 | index 4f2bb5947a4e..141ea228aac6 100644 |
2878 | --- a/drivers/input/rmi4/rmi_driver.c |
2879 | +++ b/drivers/input/rmi4/rmi_driver.c |
2880 | @@ -230,8 +230,10 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id) |
2881 | rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, |
2882 | "Failed to process interrupt request: %d\n", ret); |
2883 | |
2884 | - if (count) |
2885 | + if (count) { |
2886 | kfree(attn_data.data); |
2887 | + attn_data.data = NULL; |
2888 | + } |
2889 | |
2890 | if (!kfifo_is_empty(&drvdata->attn_fifo)) |
2891 | return rmi_irq_fn(irq, dev_id); |
2892 | diff --git a/drivers/input/touchscreen/88pm860x-ts.c b/drivers/input/touchscreen/88pm860x-ts.c |
2893 | index 7ed828a51f4c..3486d9403805 100644 |
2894 | --- a/drivers/input/touchscreen/88pm860x-ts.c |
2895 | +++ b/drivers/input/touchscreen/88pm860x-ts.c |
2896 | @@ -126,7 +126,7 @@ static int pm860x_touch_dt_init(struct platform_device *pdev, |
2897 | int data, n, ret; |
2898 | if (!np) |
2899 | return -ENODEV; |
2900 | - np = of_find_node_by_name(np, "touch"); |
2901 | + np = of_get_child_by_name(np, "touch"); |
2902 | if (!np) { |
2903 | dev_err(&pdev->dev, "Can't find touch node\n"); |
2904 | return -EINVAL; |
2905 | @@ -144,13 +144,13 @@ static int pm860x_touch_dt_init(struct platform_device *pdev, |
2906 | if (data) { |
2907 | ret = pm860x_reg_write(i2c, PM8607_GPADC_MISC1, data); |
2908 | if (ret < 0) |
2909 | - return -EINVAL; |
2910 | + goto err_put_node; |
2911 | } |
2912 | /* set tsi prebias time */ |
2913 | if (!of_property_read_u32(np, "marvell,88pm860x-tsi-prebias", &data)) { |
2914 | ret = pm860x_reg_write(i2c, PM8607_TSI_PREBIAS, data); |
2915 | if (ret < 0) |
2916 | - return -EINVAL; |
2917 | + goto err_put_node; |
2918 | } |
2919 | /* set prebias & prechg time of pen detect */ |
2920 | data = 0; |
2921 | @@ -161,10 +161,18 @@ static int pm860x_touch_dt_init(struct platform_device *pdev, |
2922 | if (data) { |
2923 | ret = pm860x_reg_write(i2c, PM8607_PD_PREBIAS, data); |
2924 | if (ret < 0) |
2925 | - return -EINVAL; |
2926 | + goto err_put_node; |
2927 | } |
2928 | of_property_read_u32(np, "marvell,88pm860x-resistor-X", res_x); |
2929 | + |
2930 | + of_node_put(np); |
2931 | + |
2932 | return 0; |
2933 | + |
2934 | +err_put_node: |
2935 | + of_node_put(np); |
2936 | + |
2937 | + return -EINVAL; |
2938 | } |
2939 | #else |
2940 | #define pm860x_touch_dt_init(x, y, z) (-1) |
2941 | diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c |
2942 | index 9fc12f556534..554d60394c06 100644 |
2943 | --- a/drivers/md/dm-crypt.c |
2944 | +++ b/drivers/md/dm-crypt.c |
2945 | @@ -1954,10 +1954,15 @@ static int crypt_setkey(struct crypt_config *cc) |
2946 | /* Ignore extra keys (which are used for IV etc) */ |
2947 | subkey_size = crypt_subkey_size(cc); |
2948 | |
2949 | - if (crypt_integrity_hmac(cc)) |
2950 | + if (crypt_integrity_hmac(cc)) { |
2951 | + if (subkey_size < cc->key_mac_size) |
2952 | + return -EINVAL; |
2953 | + |
2954 | crypt_copy_authenckey(cc->authenc_key, cc->key, |
2955 | subkey_size - cc->key_mac_size, |
2956 | cc->key_mac_size); |
2957 | + } |
2958 | + |
2959 | for (i = 0; i < cc->tfms_count; i++) { |
2960 | if (crypt_integrity_hmac(cc)) |
2961 | r = crypto_aead_setkey(cc->cipher_tfm.tfms_aead[i], |
2962 | @@ -2053,9 +2058,6 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string |
2963 | |
2964 | ret = crypt_setkey(cc); |
2965 | |
2966 | - /* wipe the kernel key payload copy in each case */ |
2967 | - memset(cc->key, 0, cc->key_size * sizeof(u8)); |
2968 | - |
2969 | if (!ret) { |
2970 | set_bit(DM_CRYPT_KEY_VALID, &cc->flags); |
2971 | kzfree(cc->key_string); |
2972 | @@ -2523,6 +2525,10 @@ static int crypt_ctr_cipher(struct dm_target *ti, char *cipher_in, char *key) |
2973 | } |
2974 | } |
2975 | |
2976 | + /* wipe the kernel key payload copy */ |
2977 | + if (cc->key_string) |
2978 | + memset(cc->key, 0, cc->key_size * sizeof(u8)); |
2979 | + |
2980 | return ret; |
2981 | } |
2982 | |
2983 | @@ -2740,6 +2746,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) |
2984 | cc->tag_pool_max_sectors * cc->on_disk_tag_size); |
2985 | if (!cc->tag_pool) { |
2986 | ti->error = "Cannot allocate integrity tags mempool"; |
2987 | + ret = -ENOMEM; |
2988 | goto bad; |
2989 | } |
2990 | |
2991 | @@ -2961,6 +2968,9 @@ static int crypt_message(struct dm_target *ti, unsigned argc, char **argv) |
2992 | return ret; |
2993 | if (cc->iv_gen_ops && cc->iv_gen_ops->init) |
2994 | ret = cc->iv_gen_ops->init(cc); |
2995 | + /* wipe the kernel key payload copy */ |
2996 | + if (cc->key_string) |
2997 | + memset(cc->key, 0, cc->key_size * sizeof(u8)); |
2998 | return ret; |
2999 | } |
3000 | if (argc == 2 && !strcasecmp(argv[1], "wipe")) { |
3001 | @@ -3007,7 +3017,7 @@ static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits) |
3002 | |
3003 | static struct target_type crypt_target = { |
3004 | .name = "crypt", |
3005 | - .version = {1, 18, 0}, |
3006 | + .version = {1, 18, 1}, |
3007 | .module = THIS_MODULE, |
3008 | .ctr = crypt_ctr, |
3009 | .dtr = crypt_dtr, |
3010 | diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c |
3011 | index 5e6737a44468..3cc2052f972c 100644 |
3012 | --- a/drivers/md/dm-integrity.c |
3013 | +++ b/drivers/md/dm-integrity.c |
3014 | @@ -2558,7 +2558,8 @@ static int create_journal(struct dm_integrity_c *ic, char **error) |
3015 | int r = 0; |
3016 | unsigned i; |
3017 | __u64 journal_pages, journal_desc_size, journal_tree_size; |
3018 | - unsigned char *crypt_data = NULL; |
3019 | + unsigned char *crypt_data = NULL, *crypt_iv = NULL; |
3020 | + struct skcipher_request *req = NULL; |
3021 | |
3022 | ic->commit_ids[0] = cpu_to_le64(0x1111111111111111ULL); |
3023 | ic->commit_ids[1] = cpu_to_le64(0x2222222222222222ULL); |
3024 | @@ -2616,9 +2617,20 @@ static int create_journal(struct dm_integrity_c *ic, char **error) |
3025 | |
3026 | if (blocksize == 1) { |
3027 | struct scatterlist *sg; |
3028 | - SKCIPHER_REQUEST_ON_STACK(req, ic->journal_crypt); |
3029 | - unsigned char iv[ivsize]; |
3030 | - skcipher_request_set_tfm(req, ic->journal_crypt); |
3031 | + |
3032 | + req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); |
3033 | + if (!req) { |
3034 | + *error = "Could not allocate crypt request"; |
3035 | + r = -ENOMEM; |
3036 | + goto bad; |
3037 | + } |
3038 | + |
3039 | + crypt_iv = kmalloc(ivsize, GFP_KERNEL); |
3040 | + if (!crypt_iv) { |
3041 | + *error = "Could not allocate iv"; |
3042 | + r = -ENOMEM; |
3043 | + goto bad; |
3044 | + } |
3045 | |
3046 | ic->journal_xor = dm_integrity_alloc_page_list(ic); |
3047 | if (!ic->journal_xor) { |
3048 | @@ -2640,9 +2652,9 @@ static int create_journal(struct dm_integrity_c *ic, char **error) |
3049 | sg_set_buf(&sg[i], va, PAGE_SIZE); |
3050 | } |
3051 | sg_set_buf(&sg[i], &ic->commit_ids, sizeof ic->commit_ids); |
3052 | - memset(iv, 0x00, ivsize); |
3053 | + memset(crypt_iv, 0x00, ivsize); |
3054 | |
3055 | - skcipher_request_set_crypt(req, sg, sg, PAGE_SIZE * ic->journal_pages + sizeof ic->commit_ids, iv); |
3056 | + skcipher_request_set_crypt(req, sg, sg, PAGE_SIZE * ic->journal_pages + sizeof ic->commit_ids, crypt_iv); |
3057 | init_completion(&comp.comp); |
3058 | comp.in_flight = (atomic_t)ATOMIC_INIT(1); |
3059 | if (do_crypt(true, req, &comp)) |
3060 | @@ -2658,10 +2670,22 @@ static int create_journal(struct dm_integrity_c *ic, char **error) |
3061 | crypto_free_skcipher(ic->journal_crypt); |
3062 | ic->journal_crypt = NULL; |
3063 | } else { |
3064 | - SKCIPHER_REQUEST_ON_STACK(req, ic->journal_crypt); |
3065 | - unsigned char iv[ivsize]; |
3066 | unsigned crypt_len = roundup(ivsize, blocksize); |
3067 | |
3068 | + req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); |
3069 | + if (!req) { |
3070 | + *error = "Could not allocate crypt request"; |
3071 | + r = -ENOMEM; |
3072 | + goto bad; |
3073 | + } |
3074 | + |
3075 | + crypt_iv = kmalloc(ivsize, GFP_KERNEL); |
3076 | + if (!crypt_iv) { |
3077 | + *error = "Could not allocate iv"; |
3078 | + r = -ENOMEM; |
3079 | + goto bad; |
3080 | + } |
3081 | + |
3082 | crypt_data = kmalloc(crypt_len, GFP_KERNEL); |
3083 | if (!crypt_data) { |
3084 | *error = "Unable to allocate crypt data"; |
3085 | @@ -2669,8 +2693,6 @@ static int create_journal(struct dm_integrity_c *ic, char **error) |
3086 | goto bad; |
3087 | } |
3088 | |
3089 | - skcipher_request_set_tfm(req, ic->journal_crypt); |
3090 | - |
3091 | ic->journal_scatterlist = dm_integrity_alloc_journal_scatterlist(ic, ic->journal); |
3092 | if (!ic->journal_scatterlist) { |
3093 | *error = "Unable to allocate sg list"; |
3094 | @@ -2694,12 +2716,12 @@ static int create_journal(struct dm_integrity_c *ic, char **error) |
3095 | struct skcipher_request *section_req; |
3096 | __u32 section_le = cpu_to_le32(i); |
3097 | |
3098 | - memset(iv, 0x00, ivsize); |
3099 | + memset(crypt_iv, 0x00, ivsize); |
3100 | memset(crypt_data, 0x00, crypt_len); |
3101 | memcpy(crypt_data, §ion_le, min((size_t)crypt_len, sizeof(section_le))); |
3102 | |
3103 | sg_init_one(&sg, crypt_data, crypt_len); |
3104 | - skcipher_request_set_crypt(req, &sg, &sg, crypt_len, iv); |
3105 | + skcipher_request_set_crypt(req, &sg, &sg, crypt_len, crypt_iv); |
3106 | init_completion(&comp.comp); |
3107 | comp.in_flight = (atomic_t)ATOMIC_INIT(1); |
3108 | if (do_crypt(true, req, &comp)) |
3109 | @@ -2757,6 +2779,9 @@ static int create_journal(struct dm_integrity_c *ic, char **error) |
3110 | } |
3111 | bad: |
3112 | kfree(crypt_data); |
3113 | + kfree(crypt_iv); |
3114 | + skcipher_request_free(req); |
3115 | + |
3116 | return r; |
3117 | } |
3118 | |
3119 | diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c |
3120 | index d31d18d9727c..36ef284ad086 100644 |
3121 | --- a/drivers/md/dm-thin-metadata.c |
3122 | +++ b/drivers/md/dm-thin-metadata.c |
3123 | @@ -80,10 +80,14 @@ |
3124 | #define SECTOR_TO_BLOCK_SHIFT 3 |
3125 | |
3126 | /* |
3127 | + * For btree insert: |
3128 | * 3 for btree insert + |
3129 | * 2 for btree lookup used within space map |
3130 | + * For btree remove: |
3131 | + * 2 for shadow spine + |
3132 | + * 4 for rebalance 3 child node |
3133 | */ |
3134 | -#define THIN_MAX_CONCURRENT_LOCKS 5 |
3135 | +#define THIN_MAX_CONCURRENT_LOCKS 6 |
3136 | |
3137 | /* This should be plenty */ |
3138 | #define SPACE_MAP_ROOT_SIZE 128 |
3139 | diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c |
3140 | index f21ce6a3d4cf..58b319757b1e 100644 |
3141 | --- a/drivers/md/persistent-data/dm-btree.c |
3142 | +++ b/drivers/md/persistent-data/dm-btree.c |
3143 | @@ -683,23 +683,8 @@ static int btree_split_beneath(struct shadow_spine *s, uint64_t key) |
3144 | pn->keys[1] = rn->keys[0]; |
3145 | memcpy_disk(value_ptr(pn, 1), &val, sizeof(__le64)); |
3146 | |
3147 | - /* |
3148 | - * rejig the spine. This is ugly, since it knows too |
3149 | - * much about the spine |
3150 | - */ |
3151 | - if (s->nodes[0] != new_parent) { |
3152 | - unlock_block(s->info, s->nodes[0]); |
3153 | - s->nodes[0] = new_parent; |
3154 | - } |
3155 | - if (key < le64_to_cpu(rn->keys[0])) { |
3156 | - unlock_block(s->info, right); |
3157 | - s->nodes[1] = left; |
3158 | - } else { |
3159 | - unlock_block(s->info, left); |
3160 | - s->nodes[1] = right; |
3161 | - } |
3162 | - s->count = 2; |
3163 | - |
3164 | + unlock_block(s->info, left); |
3165 | + unlock_block(s->info, right); |
3166 | return 0; |
3167 | } |
3168 | |
3169 | diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c |
3170 | index 85140c9af581..8b941f814472 100644 |
3171 | --- a/drivers/mmc/host/sdhci-esdhc-imx.c |
3172 | +++ b/drivers/mmc/host/sdhci-esdhc-imx.c |
3173 | @@ -687,6 +687,20 @@ static inline void esdhc_pltfm_set_clock(struct sdhci_host *host, |
3174 | return; |
3175 | } |
3176 | |
3177 | + /* For i.MX53 eSDHCv3, SYSCTL.SDCLKFS may not be set to 0. */ |
3178 | + if (is_imx53_esdhc(imx_data)) { |
3179 | + /* |
3180 | + * According to the i.MX53 reference manual, if DLLCTRL[10] can |
3181 | + * be set, then the controller is eSDHCv3, else it is eSDHCv2. |
3182 | + */ |
3183 | + val = readl(host->ioaddr + ESDHC_DLL_CTRL); |
3184 | + writel(val | BIT(10), host->ioaddr + ESDHC_DLL_CTRL); |
3185 | + temp = readl(host->ioaddr + ESDHC_DLL_CTRL); |
3186 | + writel(val, host->ioaddr + ESDHC_DLL_CTRL); |
3187 | + if (temp & BIT(10)) |
3188 | + pre_div = 2; |
3189 | + } |
3190 | + |
3191 | temp = sdhci_readl(host, ESDHC_SYSTEM_CONTROL); |
3192 | temp &= ~(ESDHC_CLOCK_IPGEN | ESDHC_CLOCK_HCKEN | ESDHC_CLOCK_PEREN |
3193 | | ESDHC_CLOCK_MASK); |
3194 | diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c |
3195 | index 7ccdc3e30c98..53d6bb045e9e 100644 |
3196 | --- a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c |
3197 | +++ b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c |
3198 | @@ -184,7 +184,7 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail) |
3199 | void *cmd_head = pcan_usb_fd_cmd_buffer(dev); |
3200 | int err = 0; |
3201 | u8 *packet_ptr; |
3202 | - int i, n = 1, packet_len; |
3203 | + int packet_len; |
3204 | ptrdiff_t cmd_len; |
3205 | |
3206 | /* usb device unregistered? */ |
3207 | @@ -201,17 +201,13 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail) |
3208 | } |
3209 | |
3210 | packet_ptr = cmd_head; |
3211 | + packet_len = cmd_len; |
3212 | |
3213 | /* firmware is not able to re-assemble 512 bytes buffer in full-speed */ |
3214 | - if ((dev->udev->speed != USB_SPEED_HIGH) && |
3215 | - (cmd_len > PCAN_UFD_LOSPD_PKT_SIZE)) { |
3216 | - packet_len = PCAN_UFD_LOSPD_PKT_SIZE; |
3217 | - n += cmd_len / packet_len; |
3218 | - } else { |
3219 | - packet_len = cmd_len; |
3220 | - } |
3221 | + if (unlikely(dev->udev->speed != USB_SPEED_HIGH)) |
3222 | + packet_len = min(packet_len, PCAN_UFD_LOSPD_PKT_SIZE); |
3223 | |
3224 | - for (i = 0; i < n; i++) { |
3225 | + do { |
3226 | err = usb_bulk_msg(dev->udev, |
3227 | usb_sndbulkpipe(dev->udev, |
3228 | PCAN_USBPRO_EP_CMDOUT), |
3229 | @@ -224,7 +220,12 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail) |
3230 | } |
3231 | |
3232 | packet_ptr += packet_len; |
3233 | - } |
3234 | + cmd_len -= packet_len; |
3235 | + |
3236 | + if (cmd_len < PCAN_UFD_LOSPD_PKT_SIZE) |
3237 | + packet_len = cmd_len; |
3238 | + |
3239 | + } while (packet_len > 0); |
3240 | |
3241 | return err; |
3242 | } |
3243 | diff --git a/drivers/net/ethernet/marvell/mvpp2.c b/drivers/net/ethernet/marvell/mvpp2.c |
3244 | index fcf9ba5eb8d1..d147dc7d0f77 100644 |
3245 | --- a/drivers/net/ethernet/marvell/mvpp2.c |
3246 | +++ b/drivers/net/ethernet/marvell/mvpp2.c |
3247 | @@ -4552,11 +4552,6 @@ static void mvpp2_port_mii_gmac_configure_mode(struct mvpp2_port *port) |
3248 | MVPP22_CTRL4_QSGMII_BYPASS_ACTIVE; |
3249 | val &= ~MVPP22_CTRL4_EXT_PIN_GMII_SEL; |
3250 | writel(val, port->base + MVPP22_GMAC_CTRL_4_REG); |
3251 | - |
3252 | - val = readl(port->base + MVPP2_GMAC_CTRL_2_REG); |
3253 | - val |= MVPP2_GMAC_DISABLE_PADDING; |
3254 | - val &= ~MVPP2_GMAC_FLOW_CTRL_MASK; |
3255 | - writel(val, port->base + MVPP2_GMAC_CTRL_2_REG); |
3256 | } else if (phy_interface_mode_is_rgmii(port->phy_interface)) { |
3257 | val = readl(port->base + MVPP22_GMAC_CTRL_4_REG); |
3258 | val |= MVPP22_CTRL4_EXT_PIN_GMII_SEL | |
3259 | @@ -4564,10 +4559,6 @@ static void mvpp2_port_mii_gmac_configure_mode(struct mvpp2_port *port) |
3260 | MVPP22_CTRL4_QSGMII_BYPASS_ACTIVE; |
3261 | val &= ~MVPP22_CTRL4_DP_CLK_SEL; |
3262 | writel(val, port->base + MVPP22_GMAC_CTRL_4_REG); |
3263 | - |
3264 | - val = readl(port->base + MVPP2_GMAC_CTRL_2_REG); |
3265 | - val &= ~MVPP2_GMAC_DISABLE_PADDING; |
3266 | - writel(val, port->base + MVPP2_GMAC_CTRL_2_REG); |
3267 | } |
3268 | |
3269 | /* The port is connected to a copper PHY */ |
3270 | diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c |
3271 | index a268f4d6f3e9..48a365e303e5 100644 |
3272 | --- a/drivers/phy/phy-core.c |
3273 | +++ b/drivers/phy/phy-core.c |
3274 | @@ -395,6 +395,10 @@ static struct phy *_of_phy_get(struct device_node *np, int index) |
3275 | if (ret) |
3276 | return ERR_PTR(-ENODEV); |
3277 | |
3278 | + /* This phy type handled by the usb-phy subsystem for now */ |
3279 | + if (of_device_is_compatible(args.np, "usb-nop-xceiv")) |
3280 | + return ERR_PTR(-ENODEV); |
3281 | + |
3282 | mutex_lock(&phy_provider_mutex); |
3283 | phy_provider = of_phy_provider_lookup(args.np); |
3284 | if (IS_ERR(phy_provider) || !try_module_get(phy_provider->owner)) { |
3285 | diff --git a/drivers/scsi/libsas/sas_scsi_host.c b/drivers/scsi/libsas/sas_scsi_host.c |
3286 | index ea8ad06ff582..10b17da20176 100644 |
3287 | --- a/drivers/scsi/libsas/sas_scsi_host.c |
3288 | +++ b/drivers/scsi/libsas/sas_scsi_host.c |
3289 | @@ -486,15 +486,28 @@ static int sas_queue_reset(struct domain_device *dev, int reset_type, |
3290 | |
3291 | int sas_eh_abort_handler(struct scsi_cmnd *cmd) |
3292 | { |
3293 | - int res; |
3294 | + int res = TMF_RESP_FUNC_FAILED; |
3295 | struct sas_task *task = TO_SAS_TASK(cmd); |
3296 | struct Scsi_Host *host = cmd->device->host; |
3297 | + struct domain_device *dev = cmd_to_domain_dev(cmd); |
3298 | struct sas_internal *i = to_sas_internal(host->transportt); |
3299 | + unsigned long flags; |
3300 | |
3301 | if (!i->dft->lldd_abort_task) |
3302 | return FAILED; |
3303 | |
3304 | - res = i->dft->lldd_abort_task(task); |
3305 | + spin_lock_irqsave(host->host_lock, flags); |
3306 | + /* We cannot do async aborts for SATA devices */ |
3307 | + if (dev_is_sata(dev) && !host->host_eh_scheduled) { |
3308 | + spin_unlock_irqrestore(host->host_lock, flags); |
3309 | + return FAILED; |
3310 | + } |
3311 | + spin_unlock_irqrestore(host->host_lock, flags); |
3312 | + |
3313 | + if (task) |
3314 | + res = i->dft->lldd_abort_task(task); |
3315 | + else |
3316 | + SAS_DPRINTK("no task to abort\n"); |
3317 | if (res == TMF_RESP_FUNC_SUCC || res == TMF_RESP_FUNC_COMPLETE) |
3318 | return SUCCESS; |
3319 | |
3320 | diff --git a/fs/pipe.c b/fs/pipe.c |
3321 | index 3909c55ed389..f0f4ab36c444 100644 |
3322 | --- a/fs/pipe.c |
3323 | +++ b/fs/pipe.c |
3324 | @@ -1018,13 +1018,19 @@ const struct file_operations pipefifo_fops = { |
3325 | |
3326 | /* |
3327 | * Currently we rely on the pipe array holding a power-of-2 number |
3328 | - * of pages. |
3329 | + * of pages. Returns 0 on error. |
3330 | */ |
3331 | static inline unsigned int round_pipe_size(unsigned int size) |
3332 | { |
3333 | unsigned long nr_pages; |
3334 | |
3335 | + if (size < pipe_min_size) |
3336 | + size = pipe_min_size; |
3337 | + |
3338 | nr_pages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT; |
3339 | + if (nr_pages == 0) |
3340 | + return 0; |
3341 | + |
3342 | return roundup_pow_of_two(nr_pages) << PAGE_SHIFT; |
3343 | } |
3344 | |
3345 | @@ -1040,6 +1046,8 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long arg) |
3346 | long ret = 0; |
3347 | |
3348 | size = round_pipe_size(arg); |
3349 | + if (size == 0) |
3350 | + return -EINVAL; |
3351 | nr_pages = size >> PAGE_SHIFT; |
3352 | |
3353 | if (!nr_pages) |
3354 | @@ -1123,13 +1131,18 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long arg) |
3355 | int pipe_proc_fn(struct ctl_table *table, int write, void __user *buf, |
3356 | size_t *lenp, loff_t *ppos) |
3357 | { |
3358 | + unsigned int rounded_pipe_max_size; |
3359 | int ret; |
3360 | |
3361 | ret = proc_douintvec_minmax(table, write, buf, lenp, ppos); |
3362 | if (ret < 0 || !write) |
3363 | return ret; |
3364 | |
3365 | - pipe_max_size = round_pipe_size(pipe_max_size); |
3366 | + rounded_pipe_max_size = round_pipe_size(pipe_max_size); |
3367 | + if (rounded_pipe_max_size == 0) |
3368 | + return -EINVAL; |
3369 | + |
3370 | + pipe_max_size = rounded_pipe_max_size; |
3371 | return ret; |
3372 | } |
3373 | |
3374 | diff --git a/fs/proc/array.c b/fs/proc/array.c |
3375 | index 9390032a11e1..e6094a15ef30 100644 |
3376 | --- a/fs/proc/array.c |
3377 | +++ b/fs/proc/array.c |
3378 | @@ -424,8 +424,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, |
3379 | * safe because the task has stopped executing permanently. |
3380 | */ |
3381 | if (permitted && (task->flags & PF_DUMPCORE)) { |
3382 | - eip = KSTK_EIP(task); |
3383 | - esp = KSTK_ESP(task); |
3384 | + if (try_get_task_stack(task)) { |
3385 | + eip = KSTK_EIP(task); |
3386 | + esp = KSTK_ESP(task); |
3387 | + put_task_stack(task); |
3388 | + } |
3389 | } |
3390 | } |
3391 | |
3392 | diff --git a/include/linux/delayacct.h b/include/linux/delayacct.h |
3393 | index 4178d2493547..5e335b6203f4 100644 |
3394 | --- a/include/linux/delayacct.h |
3395 | +++ b/include/linux/delayacct.h |
3396 | @@ -71,7 +71,7 @@ extern void delayacct_init(void); |
3397 | extern void __delayacct_tsk_init(struct task_struct *); |
3398 | extern void __delayacct_tsk_exit(struct task_struct *); |
3399 | extern void __delayacct_blkio_start(void); |
3400 | -extern void __delayacct_blkio_end(void); |
3401 | +extern void __delayacct_blkio_end(struct task_struct *); |
3402 | extern int __delayacct_add_tsk(struct taskstats *, struct task_struct *); |
3403 | extern __u64 __delayacct_blkio_ticks(struct task_struct *); |
3404 | extern void __delayacct_freepages_start(void); |
3405 | @@ -122,10 +122,10 @@ static inline void delayacct_blkio_start(void) |
3406 | __delayacct_blkio_start(); |
3407 | } |
3408 | |
3409 | -static inline void delayacct_blkio_end(void) |
3410 | +static inline void delayacct_blkio_end(struct task_struct *p) |
3411 | { |
3412 | if (current->delays) |
3413 | - __delayacct_blkio_end(); |
3414 | + __delayacct_blkio_end(p); |
3415 | delayacct_clear_flag(DELAYACCT_PF_BLKIO); |
3416 | } |
3417 | |
3418 | @@ -169,7 +169,7 @@ static inline void delayacct_tsk_free(struct task_struct *tsk) |
3419 | {} |
3420 | static inline void delayacct_blkio_start(void) |
3421 | {} |
3422 | -static inline void delayacct_blkio_end(void) |
3423 | +static inline void delayacct_blkio_end(struct task_struct *p) |
3424 | {} |
3425 | static inline int delayacct_add_tsk(struct taskstats *d, |
3426 | struct task_struct *tsk) |
3427 | diff --git a/include/linux/swapops.h b/include/linux/swapops.h |
3428 | index 9c5a2628d6ce..1d3877c39a00 100644 |
3429 | --- a/include/linux/swapops.h |
3430 | +++ b/include/linux/swapops.h |
3431 | @@ -124,6 +124,11 @@ static inline bool is_write_device_private_entry(swp_entry_t entry) |
3432 | return unlikely(swp_type(entry) == SWP_DEVICE_WRITE); |
3433 | } |
3434 | |
3435 | +static inline unsigned long device_private_entry_to_pfn(swp_entry_t entry) |
3436 | +{ |
3437 | + return swp_offset(entry); |
3438 | +} |
3439 | + |
3440 | static inline struct page *device_private_entry_to_page(swp_entry_t entry) |
3441 | { |
3442 | return pfn_to_page(swp_offset(entry)); |
3443 | @@ -154,6 +159,11 @@ static inline bool is_write_device_private_entry(swp_entry_t entry) |
3444 | return false; |
3445 | } |
3446 | |
3447 | +static inline unsigned long device_private_entry_to_pfn(swp_entry_t entry) |
3448 | +{ |
3449 | + return 0; |
3450 | +} |
3451 | + |
3452 | static inline struct page *device_private_entry_to_page(swp_entry_t entry) |
3453 | { |
3454 | return NULL; |
3455 | @@ -189,6 +199,11 @@ static inline int is_write_migration_entry(swp_entry_t entry) |
3456 | return unlikely(swp_type(entry) == SWP_MIGRATION_WRITE); |
3457 | } |
3458 | |
3459 | +static inline unsigned long migration_entry_to_pfn(swp_entry_t entry) |
3460 | +{ |
3461 | + return swp_offset(entry); |
3462 | +} |
3463 | + |
3464 | static inline struct page *migration_entry_to_page(swp_entry_t entry) |
3465 | { |
3466 | struct page *p = pfn_to_page(swp_offset(entry)); |
3467 | @@ -218,6 +233,12 @@ static inline int is_migration_entry(swp_entry_t swp) |
3468 | { |
3469 | return 0; |
3470 | } |
3471 | + |
3472 | +static inline unsigned long migration_entry_to_pfn(swp_entry_t entry) |
3473 | +{ |
3474 | + return 0; |
3475 | +} |
3476 | + |
3477 | static inline struct page *migration_entry_to_page(swp_entry_t entry) |
3478 | { |
3479 | return NULL; |
3480 | diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h |
3481 | index bae807eb2933..853291714ae0 100644 |
3482 | --- a/include/linux/vermagic.h |
3483 | +++ b/include/linux/vermagic.h |
3484 | @@ -31,11 +31,17 @@ |
3485 | #else |
3486 | #define MODULE_RANDSTRUCT_PLUGIN |
3487 | #endif |
3488 | +#ifdef RETPOLINE |
3489 | +#define MODULE_VERMAGIC_RETPOLINE "retpoline " |
3490 | +#else |
3491 | +#define MODULE_VERMAGIC_RETPOLINE "" |
3492 | +#endif |
3493 | |
3494 | #define VERMAGIC_STRING \ |
3495 | UTS_RELEASE " " \ |
3496 | MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \ |
3497 | MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \ |
3498 | MODULE_ARCH_VERMAGIC \ |
3499 | - MODULE_RANDSTRUCT_PLUGIN |
3500 | + MODULE_RANDSTRUCT_PLUGIN \ |
3501 | + MODULE_VERMAGIC_RETPOLINE |
3502 | |
3503 | diff --git a/kernel/delayacct.c b/kernel/delayacct.c |
3504 | index 4a1c33416b6a..e2764d767f18 100644 |
3505 | --- a/kernel/delayacct.c |
3506 | +++ b/kernel/delayacct.c |
3507 | @@ -51,16 +51,16 @@ void __delayacct_tsk_init(struct task_struct *tsk) |
3508 | * Finish delay accounting for a statistic using its timestamps (@start), |
3509 | * accumalator (@total) and @count |
3510 | */ |
3511 | -static void delayacct_end(u64 *start, u64 *total, u32 *count) |
3512 | +static void delayacct_end(spinlock_t *lock, u64 *start, u64 *total, u32 *count) |
3513 | { |
3514 | s64 ns = ktime_get_ns() - *start; |
3515 | unsigned long flags; |
3516 | |
3517 | if (ns > 0) { |
3518 | - spin_lock_irqsave(¤t->delays->lock, flags); |
3519 | + spin_lock_irqsave(lock, flags); |
3520 | *total += ns; |
3521 | (*count)++; |
3522 | - spin_unlock_irqrestore(¤t->delays->lock, flags); |
3523 | + spin_unlock_irqrestore(lock, flags); |
3524 | } |
3525 | } |
3526 | |
3527 | @@ -69,17 +69,25 @@ void __delayacct_blkio_start(void) |
3528 | current->delays->blkio_start = ktime_get_ns(); |
3529 | } |
3530 | |
3531 | -void __delayacct_blkio_end(void) |
3532 | +/* |
3533 | + * We cannot rely on the `current` macro, as we haven't yet switched back to |
3534 | + * the process being woken. |
3535 | + */ |
3536 | +void __delayacct_blkio_end(struct task_struct *p) |
3537 | { |
3538 | - if (current->delays->flags & DELAYACCT_PF_SWAPIN) |
3539 | - /* Swapin block I/O */ |
3540 | - delayacct_end(¤t->delays->blkio_start, |
3541 | - ¤t->delays->swapin_delay, |
3542 | - ¤t->delays->swapin_count); |
3543 | - else /* Other block I/O */ |
3544 | - delayacct_end(¤t->delays->blkio_start, |
3545 | - ¤t->delays->blkio_delay, |
3546 | - ¤t->delays->blkio_count); |
3547 | + struct task_delay_info *delays = p->delays; |
3548 | + u64 *total; |
3549 | + u32 *count; |
3550 | + |
3551 | + if (p->delays->flags & DELAYACCT_PF_SWAPIN) { |
3552 | + total = &delays->swapin_delay; |
3553 | + count = &delays->swapin_count; |
3554 | + } else { |
3555 | + total = &delays->blkio_delay; |
3556 | + count = &delays->blkio_count; |
3557 | + } |
3558 | + |
3559 | + delayacct_end(&delays->lock, &delays->blkio_start, total, count); |
3560 | } |
3561 | |
3562 | int __delayacct_add_tsk(struct taskstats *d, struct task_struct *tsk) |
3563 | @@ -153,8 +161,10 @@ void __delayacct_freepages_start(void) |
3564 | |
3565 | void __delayacct_freepages_end(void) |
3566 | { |
3567 | - delayacct_end(¤t->delays->freepages_start, |
3568 | - ¤t->delays->freepages_delay, |
3569 | - ¤t->delays->freepages_count); |
3570 | + delayacct_end( |
3571 | + ¤t->delays->lock, |
3572 | + ¤t->delays->freepages_start, |
3573 | + ¤t->delays->freepages_delay, |
3574 | + ¤t->delays->freepages_count); |
3575 | } |
3576 | |
3577 | diff --git a/kernel/futex.c b/kernel/futex.c |
3578 | index 76ed5921117a..52b3f4703158 100644 |
3579 | --- a/kernel/futex.c |
3580 | +++ b/kernel/futex.c |
3581 | @@ -1878,6 +1878,9 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, |
3582 | struct futex_q *this, *next; |
3583 | DEFINE_WAKE_Q(wake_q); |
3584 | |
3585 | + if (nr_wake < 0 || nr_requeue < 0) |
3586 | + return -EINVAL; |
3587 | + |
3588 | /* |
3589 | * When PI not supported: return -ENOSYS if requeue_pi is true, |
3590 | * consequently the compiler knows requeue_pi is always false past |
3591 | @@ -2294,21 +2297,17 @@ static void unqueue_me_pi(struct futex_q *q) |
3592 | spin_unlock(q->lock_ptr); |
3593 | } |
3594 | |
3595 | -/* |
3596 | - * Fixup the pi_state owner with the new owner. |
3597 | - * |
3598 | - * Must be called with hash bucket lock held and mm->sem held for non |
3599 | - * private futexes. |
3600 | - */ |
3601 | static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, |
3602 | - struct task_struct *newowner) |
3603 | + struct task_struct *argowner) |
3604 | { |
3605 | - u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; |
3606 | struct futex_pi_state *pi_state = q->pi_state; |
3607 | u32 uval, uninitialized_var(curval), newval; |
3608 | - struct task_struct *oldowner; |
3609 | + struct task_struct *oldowner, *newowner; |
3610 | + u32 newtid; |
3611 | int ret; |
3612 | |
3613 | + lockdep_assert_held(q->lock_ptr); |
3614 | + |
3615 | raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); |
3616 | |
3617 | oldowner = pi_state->owner; |
3618 | @@ -2317,11 +2316,17 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, |
3619 | newtid |= FUTEX_OWNER_DIED; |
3620 | |
3621 | /* |
3622 | - * We are here either because we stole the rtmutex from the |
3623 | - * previous highest priority waiter or we are the highest priority |
3624 | - * waiter but have failed to get the rtmutex the first time. |
3625 | + * We are here because either: |
3626 | + * |
3627 | + * - we stole the lock and pi_state->owner needs updating to reflect |
3628 | + * that (@argowner == current), |
3629 | + * |
3630 | + * or: |
3631 | + * |
3632 | + * - someone stole our lock and we need to fix things to point to the |
3633 | + * new owner (@argowner == NULL). |
3634 | * |
3635 | - * We have to replace the newowner TID in the user space variable. |
3636 | + * Either way, we have to replace the TID in the user space variable. |
3637 | * This must be atomic as we have to preserve the owner died bit here. |
3638 | * |
3639 | * Note: We write the user space value _before_ changing the pi_state |
3640 | @@ -2334,6 +2339,42 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, |
3641 | * in the PID check in lookup_pi_state. |
3642 | */ |
3643 | retry: |
3644 | + if (!argowner) { |
3645 | + if (oldowner != current) { |
3646 | + /* |
3647 | + * We raced against a concurrent self; things are |
3648 | + * already fixed up. Nothing to do. |
3649 | + */ |
3650 | + ret = 0; |
3651 | + goto out_unlock; |
3652 | + } |
3653 | + |
3654 | + if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) { |
3655 | + /* We got the lock after all, nothing to fix. */ |
3656 | + ret = 0; |
3657 | + goto out_unlock; |
3658 | + } |
3659 | + |
3660 | + /* |
3661 | + * Since we just failed the trylock; there must be an owner. |
3662 | + */ |
3663 | + newowner = rt_mutex_owner(&pi_state->pi_mutex); |
3664 | + BUG_ON(!newowner); |
3665 | + } else { |
3666 | + WARN_ON_ONCE(argowner != current); |
3667 | + if (oldowner == current) { |
3668 | + /* |
3669 | + * We raced against a concurrent self; things are |
3670 | + * already fixed up. Nothing to do. |
3671 | + */ |
3672 | + ret = 0; |
3673 | + goto out_unlock; |
3674 | + } |
3675 | + newowner = argowner; |
3676 | + } |
3677 | + |
3678 | + newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; |
3679 | + |
3680 | if (get_futex_value_locked(&uval, uaddr)) |
3681 | goto handle_fault; |
3682 | |
3683 | @@ -2434,15 +2475,28 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) |
3684 | * Got the lock. We might not be the anticipated owner if we |
3685 | * did a lock-steal - fix up the PI-state in that case: |
3686 | * |
3687 | - * We can safely read pi_state->owner without holding wait_lock |
3688 | - * because we now own the rt_mutex, only the owner will attempt |
3689 | - * to change it. |
3690 | + * Speculative pi_state->owner read (we don't hold wait_lock); |
3691 | + * since we own the lock pi_state->owner == current is the |
3692 | + * stable state, anything else needs more attention. |
3693 | */ |
3694 | if (q->pi_state->owner != current) |
3695 | ret = fixup_pi_state_owner(uaddr, q, current); |
3696 | goto out; |
3697 | } |
3698 | |
3699 | + /* |
3700 | + * If we didn't get the lock; check if anybody stole it from us. In |
3701 | + * that case, we need to fix up the uval to point to them instead of |
3702 | + * us, otherwise bad things happen. [10] |
3703 | + * |
3704 | + * Another speculative read; pi_state->owner == current is unstable |
3705 | + * but needs our attention. |
3706 | + */ |
3707 | + if (q->pi_state->owner == current) { |
3708 | + ret = fixup_pi_state_owner(uaddr, q, NULL); |
3709 | + goto out; |
3710 | + } |
3711 | + |
3712 | /* |
3713 | * Paranoia check. If we did not take the lock, then we should not be |
3714 | * the owner of the rt_mutex. |
3715 | diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c |
3716 | index 6f3dba6e4e9e..65cc0cb984e6 100644 |
3717 | --- a/kernel/locking/rtmutex.c |
3718 | +++ b/kernel/locking/rtmutex.c |
3719 | @@ -1290,6 +1290,19 @@ rt_mutex_slowlock(struct rt_mutex *lock, int state, |
3720 | return ret; |
3721 | } |
3722 | |
3723 | +static inline int __rt_mutex_slowtrylock(struct rt_mutex *lock) |
3724 | +{ |
3725 | + int ret = try_to_take_rt_mutex(lock, current, NULL); |
3726 | + |
3727 | + /* |
3728 | + * try_to_take_rt_mutex() sets the lock waiters bit |
3729 | + * unconditionally. Clean this up. |
3730 | + */ |
3731 | + fixup_rt_mutex_waiters(lock); |
3732 | + |
3733 | + return ret; |
3734 | +} |
3735 | + |
3736 | /* |
3737 | * Slow path try-lock function: |
3738 | */ |
3739 | @@ -1312,13 +1325,7 @@ static inline int rt_mutex_slowtrylock(struct rt_mutex *lock) |
3740 | */ |
3741 | raw_spin_lock_irqsave(&lock->wait_lock, flags); |
3742 | |
3743 | - ret = try_to_take_rt_mutex(lock, current, NULL); |
3744 | - |
3745 | - /* |
3746 | - * try_to_take_rt_mutex() sets the lock waiters bit |
3747 | - * unconditionally. Clean this up. |
3748 | - */ |
3749 | - fixup_rt_mutex_waiters(lock); |
3750 | + ret = __rt_mutex_slowtrylock(lock); |
3751 | |
3752 | raw_spin_unlock_irqrestore(&lock->wait_lock, flags); |
3753 | |
3754 | @@ -1505,6 +1512,11 @@ int __sched rt_mutex_futex_trylock(struct rt_mutex *lock) |
3755 | return rt_mutex_slowtrylock(lock); |
3756 | } |
3757 | |
3758 | +int __sched __rt_mutex_futex_trylock(struct rt_mutex *lock) |
3759 | +{ |
3760 | + return __rt_mutex_slowtrylock(lock); |
3761 | +} |
3762 | + |
3763 | /** |
3764 | * rt_mutex_timed_lock - lock a rt_mutex interruptible |
3765 | * the timeout structure is provided |
3766 | diff --git a/kernel/locking/rtmutex_common.h b/kernel/locking/rtmutex_common.h |
3767 | index 124e98ca0b17..68686b3ec3c1 100644 |
3768 | --- a/kernel/locking/rtmutex_common.h |
3769 | +++ b/kernel/locking/rtmutex_common.h |
3770 | @@ -148,6 +148,7 @@ extern bool rt_mutex_cleanup_proxy_lock(struct rt_mutex *lock, |
3771 | struct rt_mutex_waiter *waiter); |
3772 | |
3773 | extern int rt_mutex_futex_trylock(struct rt_mutex *l); |
3774 | +extern int __rt_mutex_futex_trylock(struct rt_mutex *l); |
3775 | |
3776 | extern void rt_mutex_futex_unlock(struct rt_mutex *lock); |
3777 | extern bool __rt_mutex_futex_unlock(struct rt_mutex *lock, |
3778 | diff --git a/kernel/sched/core.c b/kernel/sched/core.c |
3779 | index 8fa7b6f9e19b..55062461b2fd 100644 |
3780 | --- a/kernel/sched/core.c |
3781 | +++ b/kernel/sched/core.c |
3782 | @@ -2046,7 +2046,7 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags) |
3783 | p->state = TASK_WAKING; |
3784 | |
3785 | if (p->in_iowait) { |
3786 | - delayacct_blkio_end(); |
3787 | + delayacct_blkio_end(p); |
3788 | atomic_dec(&task_rq(p)->nr_iowait); |
3789 | } |
3790 | |
3791 | @@ -2059,7 +2059,7 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags) |
3792 | #else /* CONFIG_SMP */ |
3793 | |
3794 | if (p->in_iowait) { |
3795 | - delayacct_blkio_end(); |
3796 | + delayacct_blkio_end(p); |
3797 | atomic_dec(&task_rq(p)->nr_iowait); |
3798 | } |
3799 | |
3800 | @@ -2112,7 +2112,7 @@ static void try_to_wake_up_local(struct task_struct *p, struct rq_flags *rf) |
3801 | |
3802 | if (!task_on_rq_queued(p)) { |
3803 | if (p->in_iowait) { |
3804 | - delayacct_blkio_end(); |
3805 | + delayacct_blkio_end(p); |
3806 | atomic_dec(&rq->nr_iowait); |
3807 | } |
3808 | ttwu_activate(rq, p, ENQUEUE_WAKEUP | ENQUEUE_NOCLOCK); |
3809 | diff --git a/kernel/time/timer.c b/kernel/time/timer.c |
3810 | index 73e3cdbc61f1..db5e6daadd94 100644 |
3811 | --- a/kernel/time/timer.c |
3812 | +++ b/kernel/time/timer.c |
3813 | @@ -1656,7 +1656,7 @@ void run_local_timers(void) |
3814 | hrtimer_run_queues(); |
3815 | /* Raise the softirq only if required. */ |
3816 | if (time_before(jiffies, base->clk)) { |
3817 | - if (!IS_ENABLED(CONFIG_NO_HZ_COMMON) || !base->nohz_active) |
3818 | + if (!IS_ENABLED(CONFIG_NO_HZ_COMMON)) |
3819 | return; |
3820 | /* CPU is awake, so check the deferrable base. */ |
3821 | base++; |
3822 | diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c |
3823 | index 87468398b9ed..d53268a4e167 100644 |
3824 | --- a/kernel/trace/trace_events.c |
3825 | +++ b/kernel/trace/trace_events.c |
3826 | @@ -2213,6 +2213,7 @@ void trace_event_eval_update(struct trace_eval_map **map, int len) |
3827 | { |
3828 | struct trace_event_call *call, *p; |
3829 | const char *last_system = NULL; |
3830 | + bool first = false; |
3831 | int last_i; |
3832 | int i; |
3833 | |
3834 | @@ -2220,15 +2221,28 @@ void trace_event_eval_update(struct trace_eval_map **map, int len) |
3835 | list_for_each_entry_safe(call, p, &ftrace_events, list) { |
3836 | /* events are usually grouped together with systems */ |
3837 | if (!last_system || call->class->system != last_system) { |
3838 | + first = true; |
3839 | last_i = 0; |
3840 | last_system = call->class->system; |
3841 | } |
3842 | |
3843 | + /* |
3844 | + * Since calls are grouped by systems, the likelyhood that the |
3845 | + * next call in the iteration belongs to the same system as the |
3846 | + * previous call is high. As an optimization, we skip seaching |
3847 | + * for a map[] that matches the call's system if the last call |
3848 | + * was from the same system. That's what last_i is for. If the |
3849 | + * call has the same system as the previous call, then last_i |
3850 | + * will be the index of the first map[] that has a matching |
3851 | + * system. |
3852 | + */ |
3853 | for (i = last_i; i < len; i++) { |
3854 | if (call->class->system == map[i]->system) { |
3855 | /* Save the first system if need be */ |
3856 | - if (!last_i) |
3857 | + if (first) { |
3858 | last_i = i; |
3859 | + first = false; |
3860 | + } |
3861 | update_event_printk(call, map[i]); |
3862 | } |
3863 | } |
3864 | diff --git a/kernel/workqueue.c b/kernel/workqueue.c |
3865 | index a2dccfe1acec..8365a52a74c5 100644 |
3866 | --- a/kernel/workqueue.c |
3867 | +++ b/kernel/workqueue.c |
3868 | @@ -48,6 +48,7 @@ |
3869 | #include <linux/nodemask.h> |
3870 | #include <linux/moduleparam.h> |
3871 | #include <linux/uaccess.h> |
3872 | +#include <linux/nmi.h> |
3873 | |
3874 | #include "workqueue_internal.h" |
3875 | |
3876 | @@ -4479,6 +4480,12 @@ void show_workqueue_state(void) |
3877 | if (pwq->nr_active || !list_empty(&pwq->delayed_works)) |
3878 | show_pwq(pwq); |
3879 | spin_unlock_irqrestore(&pwq->pool->lock, flags); |
3880 | + /* |
3881 | + * We could be printing a lot from atomic context, e.g. |
3882 | + * sysrq-t -> show_workqueue_state(). Avoid triggering |
3883 | + * hard lockup. |
3884 | + */ |
3885 | + touch_nmi_watchdog(); |
3886 | } |
3887 | } |
3888 | |
3889 | @@ -4506,6 +4513,12 @@ void show_workqueue_state(void) |
3890 | pr_cont("\n"); |
3891 | next_pool: |
3892 | spin_unlock_irqrestore(&pool->lock, flags); |
3893 | + /* |
3894 | + * We could be printing a lot from atomic context, e.g. |
3895 | + * sysrq-t -> show_workqueue_state(). Avoid triggering |
3896 | + * hard lockup. |
3897 | + */ |
3898 | + touch_nmi_watchdog(); |
3899 | } |
3900 | |
3901 | rcu_read_unlock_sched(); |
3902 | diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c |
3903 | index d22b84310f6d..956015614395 100644 |
3904 | --- a/mm/page_vma_mapped.c |
3905 | +++ b/mm/page_vma_mapped.c |
3906 | @@ -30,10 +30,29 @@ static bool map_pte(struct page_vma_mapped_walk *pvmw) |
3907 | return true; |
3908 | } |
3909 | |
3910 | +/** |
3911 | + * check_pte - check if @pvmw->page is mapped at the @pvmw->pte |
3912 | + * |
3913 | + * page_vma_mapped_walk() found a place where @pvmw->page is *potentially* |
3914 | + * mapped. check_pte() has to validate this. |
3915 | + * |
3916 | + * @pvmw->pte may point to empty PTE, swap PTE or PTE pointing to arbitrary |
3917 | + * page. |
3918 | + * |
3919 | + * If PVMW_MIGRATION flag is set, returns true if @pvmw->pte contains migration |
3920 | + * entry that points to @pvmw->page or any subpage in case of THP. |
3921 | + * |
3922 | + * If PVMW_MIGRATION flag is not set, returns true if @pvmw->pte points to |
3923 | + * @pvmw->page or any subpage in case of THP. |
3924 | + * |
3925 | + * Otherwise, return false. |
3926 | + * |
3927 | + */ |
3928 | static bool check_pte(struct page_vma_mapped_walk *pvmw) |
3929 | { |
3930 | + unsigned long pfn; |
3931 | + |
3932 | if (pvmw->flags & PVMW_MIGRATION) { |
3933 | -#ifdef CONFIG_MIGRATION |
3934 | swp_entry_t entry; |
3935 | if (!is_swap_pte(*pvmw->pte)) |
3936 | return false; |
3937 | @@ -41,37 +60,31 @@ static bool check_pte(struct page_vma_mapped_walk *pvmw) |
3938 | |
3939 | if (!is_migration_entry(entry)) |
3940 | return false; |
3941 | - if (migration_entry_to_page(entry) - pvmw->page >= |
3942 | - hpage_nr_pages(pvmw->page)) { |
3943 | - return false; |
3944 | - } |
3945 | - if (migration_entry_to_page(entry) < pvmw->page) |
3946 | - return false; |
3947 | -#else |
3948 | - WARN_ON_ONCE(1); |
3949 | -#endif |
3950 | - } else { |
3951 | - if (is_swap_pte(*pvmw->pte)) { |
3952 | - swp_entry_t entry; |
3953 | |
3954 | - entry = pte_to_swp_entry(*pvmw->pte); |
3955 | - if (is_device_private_entry(entry) && |
3956 | - device_private_entry_to_page(entry) == pvmw->page) |
3957 | - return true; |
3958 | - } |
3959 | + pfn = migration_entry_to_pfn(entry); |
3960 | + } else if (is_swap_pte(*pvmw->pte)) { |
3961 | + swp_entry_t entry; |
3962 | |
3963 | - if (!pte_present(*pvmw->pte)) |
3964 | + /* Handle un-addressable ZONE_DEVICE memory */ |
3965 | + entry = pte_to_swp_entry(*pvmw->pte); |
3966 | + if (!is_device_private_entry(entry)) |
3967 | return false; |
3968 | |
3969 | - /* THP can be referenced by any subpage */ |
3970 | - if (pte_page(*pvmw->pte) - pvmw->page >= |
3971 | - hpage_nr_pages(pvmw->page)) { |
3972 | - return false; |
3973 | - } |
3974 | - if (pte_page(*pvmw->pte) < pvmw->page) |
3975 | + pfn = device_private_entry_to_pfn(entry); |
3976 | + } else { |
3977 | + if (!pte_present(*pvmw->pte)) |
3978 | return false; |
3979 | + |
3980 | + pfn = pte_pfn(*pvmw->pte); |
3981 | } |
3982 | |
3983 | + if (pfn < page_to_pfn(pvmw->page)) |
3984 | + return false; |
3985 | + |
3986 | + /* THP can be referenced by any subpage */ |
3987 | + if (pfn - page_to_pfn(pvmw->page) >= hpage_nr_pages(pvmw->page)) |
3988 | + return false; |
3989 | + |
3990 | return true; |
3991 | } |
3992 | |
3993 | diff --git a/net/can/af_can.c b/net/can/af_can.c |
3994 | index ecd5c703d11e..e3626e8500c2 100644 |
3995 | --- a/net/can/af_can.c |
3996 | +++ b/net/can/af_can.c |
3997 | @@ -721,20 +721,16 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev, |
3998 | { |
3999 | struct canfd_frame *cfd = (struct canfd_frame *)skb->data; |
4000 | |
4001 | - if (WARN_ONCE(dev->type != ARPHRD_CAN || |
4002 | - skb->len != CAN_MTU || |
4003 | - cfd->len > CAN_MAX_DLEN, |
4004 | - "PF_CAN: dropped non conform CAN skbuf: " |
4005 | - "dev type %d, len %d, datalen %d\n", |
4006 | - dev->type, skb->len, cfd->len)) |
4007 | - goto drop; |
4008 | + if (unlikely(dev->type != ARPHRD_CAN || skb->len != CAN_MTU || |
4009 | + cfd->len > CAN_MAX_DLEN)) { |
4010 | + pr_warn_once("PF_CAN: dropped non conform CAN skbuf: dev type %d, len %d, datalen %d\n", |
4011 | + dev->type, skb->len, cfd->len); |
4012 | + kfree_skb(skb); |
4013 | + return NET_RX_DROP; |
4014 | + } |
4015 | |
4016 | can_receive(skb, dev); |
4017 | return NET_RX_SUCCESS; |
4018 | - |
4019 | -drop: |
4020 | - kfree_skb(skb); |
4021 | - return NET_RX_DROP; |
4022 | } |
4023 | |
4024 | static int canfd_rcv(struct sk_buff *skb, struct net_device *dev, |
4025 | @@ -742,20 +738,16 @@ static int canfd_rcv(struct sk_buff *skb, struct net_device *dev, |
4026 | { |
4027 | struct canfd_frame *cfd = (struct canfd_frame *)skb->data; |
4028 | |
4029 | - if (WARN_ONCE(dev->type != ARPHRD_CAN || |
4030 | - skb->len != CANFD_MTU || |
4031 | - cfd->len > CANFD_MAX_DLEN, |
4032 | - "PF_CAN: dropped non conform CAN FD skbuf: " |
4033 | - "dev type %d, len %d, datalen %d\n", |
4034 | - dev->type, skb->len, cfd->len)) |
4035 | - goto drop; |
4036 | + if (unlikely(dev->type != ARPHRD_CAN || skb->len != CANFD_MTU || |
4037 | + cfd->len > CANFD_MAX_DLEN)) { |
4038 | + pr_warn_once("PF_CAN: dropped non conform CAN FD skbuf: dev type %d, len %d, datalen %d\n", |
4039 | + dev->type, skb->len, cfd->len); |
4040 | + kfree_skb(skb); |
4041 | + return NET_RX_DROP; |
4042 | + } |
4043 | |
4044 | can_receive(skb, dev); |
4045 | return NET_RX_SUCCESS; |
4046 | - |
4047 | -drop: |
4048 | - kfree_skb(skb); |
4049 | - return NET_RX_DROP; |
4050 | } |
4051 | |
4052 | /* |
4053 | diff --git a/net/key/af_key.c b/net/key/af_key.c |
4054 | index a00d607e7224..2ad693232f74 100644 |
4055 | --- a/net/key/af_key.c |
4056 | +++ b/net/key/af_key.c |
4057 | @@ -401,6 +401,11 @@ static int verify_address_len(const void *p) |
4058 | #endif |
4059 | int len; |
4060 | |
4061 | + if (sp->sadb_address_len < |
4062 | + DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family), |
4063 | + sizeof(uint64_t))) |
4064 | + return -EINVAL; |
4065 | + |
4066 | switch (addr->sa_family) { |
4067 | case AF_INET: |
4068 | len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t)); |
4069 | @@ -511,6 +516,9 @@ static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void * |
4070 | uint16_t ext_type; |
4071 | int ext_len; |
4072 | |
4073 | + if (len < sizeof(*ehdr)) |
4074 | + return -EINVAL; |
4075 | + |
4076 | ext_len = ehdr->sadb_ext_len; |
4077 | ext_len *= sizeof(uint64_t); |
4078 | ext_type = ehdr->sadb_ext_type; |
4079 | diff --git a/scripts/Makefile.build b/scripts/Makefile.build |
4080 | index e63af4e19382..6bed45dc2cb1 100644 |
4081 | --- a/scripts/Makefile.build |
4082 | +++ b/scripts/Makefile.build |
4083 | @@ -270,12 +270,18 @@ else |
4084 | objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) |
4085 | endif |
4086 | |
4087 | +ifdef CONFIG_MODVERSIONS |
4088 | +objtool_o = $(@D)/.tmp_$(@F) |
4089 | +else |
4090 | +objtool_o = $(@) |
4091 | +endif |
4092 | + |
4093 | # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory |
4094 | # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file |
4095 | # 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file |
4096 | cmd_objtool = $(if $(patsubst y%,, \ |
4097 | $(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \ |
4098 | - $(__objtool_obj) $(objtool_args) "$(@)";) |
4099 | + $(__objtool_obj) $(objtool_args) "$(objtool_o)";) |
4100 | objtool_obj = $(if $(patsubst y%,, \ |
4101 | $(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \ |
4102 | $(__objtool_obj)) |
4103 | @@ -291,15 +297,15 @@ objtool_dep = $(objtool_obj) \ |
4104 | define rule_cc_o_c |
4105 | $(call echo-cmd,checksrc) $(cmd_checksrc) \ |
4106 | $(call cmd_and_fixdep,cc_o_c) \ |
4107 | - $(cmd_modversions_c) \ |
4108 | $(call echo-cmd,objtool) $(cmd_objtool) \ |
4109 | + $(cmd_modversions_c) \ |
4110 | $(call echo-cmd,record_mcount) $(cmd_record_mcount) |
4111 | endef |
4112 | |
4113 | define rule_as_o_S |
4114 | $(call cmd_and_fixdep,as_o_S) \ |
4115 | - $(cmd_modversions_S) \ |
4116 | - $(call echo-cmd,objtool) $(cmd_objtool) |
4117 | + $(call echo-cmd,objtool) $(cmd_objtool) \ |
4118 | + $(cmd_modversions_S) |
4119 | endef |
4120 | |
4121 | # List module undefined symbols (or empty line if not enabled) |
4122 | diff --git a/scripts/gdb/linux/tasks.py b/scripts/gdb/linux/tasks.py |
4123 | index 1bf949c43b76..f6ab3ccf698f 100644 |
4124 | --- a/scripts/gdb/linux/tasks.py |
4125 | +++ b/scripts/gdb/linux/tasks.py |
4126 | @@ -96,6 +96,8 @@ def get_thread_info(task): |
4127 | thread_info_addr = task.address + ia64_task_size |
4128 | thread_info = thread_info_addr.cast(thread_info_ptr_type) |
4129 | else: |
4130 | + if task.type.fields()[0].type == thread_info_type.get_type(): |
4131 | + return task['thread_info'] |
4132 | thread_info = task['stack'].cast(thread_info_ptr_type) |
4133 | return thread_info.dereference() |
4134 | |
4135 | diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c |
4136 | index db7894bb028c..faa67861cbc1 100644 |
4137 | --- a/sound/core/pcm_lib.c |
4138 | +++ b/sound/core/pcm_lib.c |
4139 | @@ -560,7 +560,6 @@ static inline unsigned int muldiv32(unsigned int a, unsigned int b, |
4140 | { |
4141 | u_int64_t n = (u_int64_t) a * b; |
4142 | if (c == 0) { |
4143 | - snd_BUG_ON(!n); |
4144 | *r = 0; |
4145 | return UINT_MAX; |
4146 | } |
4147 | diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c |
4148 | index d10c780dfd54..ac30fc1ab98b 100644 |
4149 | --- a/sound/core/seq/seq_clientmgr.c |
4150 | +++ b/sound/core/seq/seq_clientmgr.c |
4151 | @@ -221,6 +221,7 @@ static struct snd_seq_client *seq_create_client1(int client_index, int poolsize) |
4152 | rwlock_init(&client->ports_lock); |
4153 | mutex_init(&client->ports_mutex); |
4154 | INIT_LIST_HEAD(&client->ports_list_head); |
4155 | + mutex_init(&client->ioctl_mutex); |
4156 | |
4157 | /* find free slot in the client table */ |
4158 | spin_lock_irqsave(&clients_lock, flags); |
4159 | @@ -2126,7 +2127,9 @@ static long snd_seq_ioctl(struct file *file, unsigned int cmd, |
4160 | return -EFAULT; |
4161 | } |
4162 | |
4163 | + mutex_lock(&client->ioctl_mutex); |
4164 | err = handler->func(client, &buf); |
4165 | + mutex_unlock(&client->ioctl_mutex); |
4166 | if (err >= 0) { |
4167 | /* Some commands includes a bug in 'dir' field. */ |
4168 | if (handler->cmd == SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT || |
4169 | diff --git a/sound/core/seq/seq_clientmgr.h b/sound/core/seq/seq_clientmgr.h |
4170 | index c6614254ef8a..0611e1e0ed5b 100644 |
4171 | --- a/sound/core/seq/seq_clientmgr.h |
4172 | +++ b/sound/core/seq/seq_clientmgr.h |
4173 | @@ -61,6 +61,7 @@ struct snd_seq_client { |
4174 | struct list_head ports_list_head; |
4175 | rwlock_t ports_lock; |
4176 | struct mutex ports_mutex; |
4177 | + struct mutex ioctl_mutex; |
4178 | int convert32; /* convert 32->64bit */ |
4179 | |
4180 | /* output pool */ |
4181 | diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c |
4182 | index 80bbadc83721..d6e079f4ec09 100644 |
4183 | --- a/sound/pci/hda/patch_cirrus.c |
4184 | +++ b/sound/pci/hda/patch_cirrus.c |
4185 | @@ -408,6 +408,7 @@ static const struct snd_pci_quirk cs420x_fixup_tbl[] = { |
4186 | /*SND_PCI_QUIRK(0x8086, 0x7270, "IMac 27 Inch", CS420X_IMAC27),*/ |
4187 | |
4188 | /* codec SSID */ |
4189 | + SND_PCI_QUIRK(0x106b, 0x0600, "iMac 14,1", CS420X_IMAC27_122), |
4190 | SND_PCI_QUIRK(0x106b, 0x1c00, "MacBookPro 8,1", CS420X_MBP81), |
4191 | SND_PCI_QUIRK(0x106b, 0x2000, "iMac 12,2", CS420X_IMAC27_122), |
4192 | SND_PCI_QUIRK(0x106b, 0x2800, "MacBookPro 10,1", CS420X_MBP101), |
4193 | diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
4194 | index acdb196ddb44..145e92d6ca94 100644 |
4195 | --- a/sound/pci/hda/patch_realtek.c |
4196 | +++ b/sound/pci/hda/patch_realtek.c |
4197 | @@ -6173,6 +6173,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
4198 | SND_PCI_QUIRK(0x1028, 0x075b, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE), |
4199 | SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME), |
4200 | SND_PCI_QUIRK(0x1028, 0x0798, "Dell Inspiron 17 7000 Gaming", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER), |
4201 | + SND_PCI_QUIRK(0x1028, 0x082a, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE), |
4202 | SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), |
4203 | SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), |
4204 | SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2), |
4205 | diff --git a/tools/objtool/Makefile b/tools/objtool/Makefile |
4206 | index ae0272f9a091..e6acc281dd37 100644 |
4207 | --- a/tools/objtool/Makefile |
4208 | +++ b/tools/objtool/Makefile |
4209 | @@ -46,7 +46,7 @@ $(OBJTOOL_IN): fixdep FORCE |
4210 | @$(MAKE) $(build)=objtool |
4211 | |
4212 | $(OBJTOOL): $(LIBSUBCMD) $(OBJTOOL_IN) |
4213 | - @./sync-check.sh |
4214 | + @$(CONFIG_SHELL) ./sync-check.sh |
4215 | $(QUIET_LINK)$(CC) $(OBJTOOL_IN) $(LDFLAGS) -o $@ |
4216 | |
4217 | |
4218 | diff --git a/tools/objtool/arch/x86/decode.c b/tools/objtool/arch/x86/decode.c |
4219 | index 8acfc47af70e..540a209b78ab 100644 |
4220 | --- a/tools/objtool/arch/x86/decode.c |
4221 | +++ b/tools/objtool/arch/x86/decode.c |
4222 | @@ -138,7 +138,7 @@ int arch_decode_instruction(struct elf *elf, struct section *sec, |
4223 | *type = INSN_STACK; |
4224 | op->src.type = OP_SRC_ADD; |
4225 | op->src.reg = op_to_cfi_reg[modrm_reg][rex_r]; |
4226 | - op->dest.type = OP_SRC_REG; |
4227 | + op->dest.type = OP_DEST_REG; |
4228 | op->dest.reg = CFI_SP; |
4229 | } |
4230 | break; |
4231 | diff --git a/tools/objtool/builtin-orc.c b/tools/objtool/builtin-orc.c |
4232 | index 4c6b5c9ef073..91e8e19ff5e0 100644 |
4233 | --- a/tools/objtool/builtin-orc.c |
4234 | +++ b/tools/objtool/builtin-orc.c |
4235 | @@ -44,6 +44,9 @@ int cmd_orc(int argc, const char **argv) |
4236 | const char *objname; |
4237 | |
4238 | argc--; argv++; |
4239 | + if (argc <= 0) |
4240 | + usage_with_options(orc_usage, check_options); |
4241 | + |
4242 | if (!strncmp(argv[0], "gen", 3)) { |
4243 | argc = parse_options(argc, argv, check_options, orc_usage, 0); |
4244 | if (argc != 1) |
4245 | @@ -52,7 +55,6 @@ int cmd_orc(int argc, const char **argv) |
4246 | objname = argv[0]; |
4247 | |
4248 | return check(objname, no_fp, no_unreachable, true); |
4249 | - |
4250 | } |
4251 | |
4252 | if (!strcmp(argv[0], "dump")) { |
4253 | diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c |
4254 | index 24460155c82c..c1c338661699 100644 |
4255 | --- a/tools/objtool/elf.c |
4256 | +++ b/tools/objtool/elf.c |
4257 | @@ -26,6 +26,7 @@ |
4258 | #include <stdlib.h> |
4259 | #include <string.h> |
4260 | #include <unistd.h> |
4261 | +#include <errno.h> |
4262 | |
4263 | #include "elf.h" |
4264 | #include "warn.h" |
4265 | @@ -358,7 +359,8 @@ struct elf *elf_open(const char *name, int flags) |
4266 | |
4267 | elf->fd = open(name, flags); |
4268 | if (elf->fd == -1) { |
4269 | - perror("open"); |
4270 | + fprintf(stderr, "objtool: Can't open '%s': %s\n", |
4271 | + name, strerror(errno)); |
4272 | goto err; |
4273 | } |
4274 | |
4275 | diff --git a/tools/objtool/orc_gen.c b/tools/objtool/orc_gen.c |
4276 | index e5ca31429c9b..e61fe703197b 100644 |
4277 | --- a/tools/objtool/orc_gen.c |
4278 | +++ b/tools/objtool/orc_gen.c |
4279 | @@ -165,6 +165,8 @@ int create_orc_sections(struct objtool_file *file) |
4280 | |
4281 | /* create .orc_unwind_ip and .rela.orc_unwind_ip sections */ |
4282 | sec = elf_create_section(file->elf, ".orc_unwind_ip", sizeof(int), idx); |
4283 | + if (!sec) |
4284 | + return -1; |
4285 | |
4286 | ip_relasec = elf_create_rela_section(file->elf, sec); |
4287 | if (!ip_relasec) |
4288 | diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c |
4289 | index b4b69c2d1012..9dea96380339 100644 |
4290 | --- a/virt/kvm/arm/mmu.c |
4291 | +++ b/virt/kvm/arm/mmu.c |
4292 | @@ -1310,7 +1310,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, |
4293 | return -EFAULT; |
4294 | } |
4295 | |
4296 | - if (is_vm_hugetlb_page(vma) && !logging_active) { |
4297 | + if (vma_kernel_pagesize(vma) == PMD_SIZE && !logging_active) { |
4298 | hugetlb = true; |
4299 | gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT; |
4300 | } else { |