Annotation of /trunk/kernel-alx/patches-4.14/0128-4.14.29-all-fixes.patch
Parent Directory | Revision Log
Revision 3238 -
(hide annotations)
(download)
Fri Nov 9 12:14:58 2018 UTC (5 years, 10 months ago) by niro
File size: 53609 byte(s)
Fri Nov 9 12:14:58 2018 UTC (5 years, 10 months ago) by niro
File size: 53609 byte(s)
-added up to patches-4.14.79
1 | niro | 3238 | diff --git a/Makefile b/Makefile |
2 | index 9ae370a47ff9..4b2aa0dd4043 100644 | ||
3 | --- a/Makefile | ||
4 | +++ b/Makefile | ||
5 | @@ -1,7 +1,7 @@ | ||
6 | # SPDX-License-Identifier: GPL-2.0 | ||
7 | VERSION = 4 | ||
8 | PATCHLEVEL = 14 | ||
9 | -SUBLEVEL = 28 | ||
10 | +SUBLEVEL = 29 | ||
11 | EXTRAVERSION = | ||
12 | NAME = Petit Gorille | ||
13 | |||
14 | diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c | ||
15 | index 79089778725b..e3b45546d589 100644 | ||
16 | --- a/arch/parisc/kernel/cache.c | ||
17 | +++ b/arch/parisc/kernel/cache.c | ||
18 | @@ -543,7 +543,8 @@ void flush_cache_mm(struct mm_struct *mm) | ||
19 | rp3440, etc. So, avoid it if the mm isn't too big. */ | ||
20 | if ((!IS_ENABLED(CONFIG_SMP) || !arch_irqs_disabled()) && | ||
21 | mm_total_size(mm) >= parisc_cache_flush_threshold) { | ||
22 | - flush_tlb_all(); | ||
23 | + if (mm->context) | ||
24 | + flush_tlb_all(); | ||
25 | flush_cache_all(); | ||
26 | return; | ||
27 | } | ||
28 | @@ -571,6 +572,8 @@ void flush_cache_mm(struct mm_struct *mm) | ||
29 | pfn = pte_pfn(*ptep); | ||
30 | if (!pfn_valid(pfn)) | ||
31 | continue; | ||
32 | + if (unlikely(mm->context)) | ||
33 | + flush_tlb_page(vma, addr); | ||
34 | __flush_cache_page(vma, addr, PFN_PHYS(pfn)); | ||
35 | } | ||
36 | } | ||
37 | @@ -579,26 +582,46 @@ void flush_cache_mm(struct mm_struct *mm) | ||
38 | void flush_cache_range(struct vm_area_struct *vma, | ||
39 | unsigned long start, unsigned long end) | ||
40 | { | ||
41 | + pgd_t *pgd; | ||
42 | + unsigned long addr; | ||
43 | + | ||
44 | if ((!IS_ENABLED(CONFIG_SMP) || !arch_irqs_disabled()) && | ||
45 | end - start >= parisc_cache_flush_threshold) { | ||
46 | - flush_tlb_range(vma, start, end); | ||
47 | + if (vma->vm_mm->context) | ||
48 | + flush_tlb_range(vma, start, end); | ||
49 | flush_cache_all(); | ||
50 | return; | ||
51 | } | ||
52 | |||
53 | - flush_user_dcache_range_asm(start, end); | ||
54 | - if (vma->vm_flags & VM_EXEC) | ||
55 | - flush_user_icache_range_asm(start, end); | ||
56 | - flush_tlb_range(vma, start, end); | ||
57 | + if (vma->vm_mm->context == mfsp(3)) { | ||
58 | + flush_user_dcache_range_asm(start, end); | ||
59 | + if (vma->vm_flags & VM_EXEC) | ||
60 | + flush_user_icache_range_asm(start, end); | ||
61 | + flush_tlb_range(vma, start, end); | ||
62 | + return; | ||
63 | + } | ||
64 | + | ||
65 | + pgd = vma->vm_mm->pgd; | ||
66 | + for (addr = vma->vm_start; addr < vma->vm_end; addr += PAGE_SIZE) { | ||
67 | + unsigned long pfn; | ||
68 | + pte_t *ptep = get_ptep(pgd, addr); | ||
69 | + if (!ptep) | ||
70 | + continue; | ||
71 | + pfn = pte_pfn(*ptep); | ||
72 | + if (pfn_valid(pfn)) { | ||
73 | + if (unlikely(vma->vm_mm->context)) | ||
74 | + flush_tlb_page(vma, addr); | ||
75 | + __flush_cache_page(vma, addr, PFN_PHYS(pfn)); | ||
76 | + } | ||
77 | + } | ||
78 | } | ||
79 | |||
80 | void | ||
81 | flush_cache_page(struct vm_area_struct *vma, unsigned long vmaddr, unsigned long pfn) | ||
82 | { | ||
83 | - BUG_ON(!vma->vm_mm->context); | ||
84 | - | ||
85 | if (pfn_valid(pfn)) { | ||
86 | - flush_tlb_page(vma, vmaddr); | ||
87 | + if (likely(vma->vm_mm->context)) | ||
88 | + flush_tlb_page(vma, vmaddr); | ||
89 | __flush_cache_page(vma, vmaddr, PFN_PHYS(pfn)); | ||
90 | } | ||
91 | } | ||
92 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h | ||
93 | index 66c14347c502..23a65439c37c 100644 | ||
94 | --- a/arch/x86/include/asm/cpufeatures.h | ||
95 | +++ b/arch/x86/include/asm/cpufeatures.h | ||
96 | @@ -314,6 +314,7 @@ | ||
97 | #define X86_FEATURE_VPCLMULQDQ (16*32+10) /* Carry-Less Multiplication Double Quadword */ | ||
98 | #define X86_FEATURE_AVX512_VNNI (16*32+11) /* Vector Neural Network Instructions */ | ||
99 | #define X86_FEATURE_AVX512_BITALG (16*32+12) /* Support for VPOPCNT[B,W] and VPSHUF-BITQMB instructions */ | ||
100 | +#define X86_FEATURE_TME (16*32+13) /* Intel Total Memory Encryption */ | ||
101 | #define X86_FEATURE_AVX512_VPOPCNTDQ (16*32+14) /* POPCNT for vectors of DW/QW */ | ||
102 | #define X86_FEATURE_LA57 (16*32+16) /* 5-level page tables */ | ||
103 | #define X86_FEATURE_RDPID (16*32+22) /* RDPID instruction */ | ||
104 | @@ -326,6 +327,7 @@ | ||
105 | /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */ | ||
106 | #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ | ||
107 | #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ | ||
108 | +#define X86_FEATURE_PCONFIG (18*32+18) /* Intel PCONFIG */ | ||
109 | #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */ | ||
110 | #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */ | ||
111 | #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ | ||
112 | diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h | ||
113 | index d0dabeae0505..f928ad9b143f 100644 | ||
114 | --- a/arch/x86/include/asm/nospec-branch.h | ||
115 | +++ b/arch/x86/include/asm/nospec-branch.h | ||
116 | @@ -183,7 +183,10 @@ | ||
117 | * otherwise we'll run out of registers. We don't care about CET | ||
118 | * here, anyway. | ||
119 | */ | ||
120 | -# define CALL_NOSPEC ALTERNATIVE("call *%[thunk_target]\n", \ | ||
121 | +# define CALL_NOSPEC \ | ||
122 | + ALTERNATIVE( \ | ||
123 | + ANNOTATE_RETPOLINE_SAFE \ | ||
124 | + "call *%[thunk_target]\n", \ | ||
125 | " jmp 904f;\n" \ | ||
126 | " .align 16\n" \ | ||
127 | "901: call 903f;\n" \ | ||
128 | diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c | ||
129 | index 4aa9fd379390..c3af167d0a70 100644 | ||
130 | --- a/arch/x86/kernel/cpu/intel.c | ||
131 | +++ b/arch/x86/kernel/cpu/intel.c | ||
132 | @@ -105,7 +105,7 @@ static void probe_xeon_phi_r3mwait(struct cpuinfo_x86 *c) | ||
133 | /* | ||
134 | * Early microcode releases for the Spectre v2 mitigation were broken. | ||
135 | * Information taken from; | ||
136 | - * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf | ||
137 | + * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf | ||
138 | * - https://kb.vmware.com/s/article/52345 | ||
139 | * - Microcode revisions observed in the wild | ||
140 | * - Release note from 20180108 microcode release | ||
141 | @@ -123,7 +123,6 @@ static const struct sku_microcode spectre_bad_microcodes[] = { | ||
142 | { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x80 }, | ||
143 | { INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e }, | ||
144 | { INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003c }, | ||
145 | - { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 }, | ||
146 | { INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 }, | ||
147 | { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x1b }, | ||
148 | { INTEL_FAM6_BROADWELL_XEON_D, 0x02, 0x14 }, | ||
149 | diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c | ||
150 | index 5edb27f1a2c4..9d0b5af7db91 100644 | ||
151 | --- a/arch/x86/kernel/vm86_32.c | ||
152 | +++ b/arch/x86/kernel/vm86_32.c | ||
153 | @@ -727,7 +727,8 @@ void handle_vm86_fault(struct kernel_vm86_regs *regs, long error_code) | ||
154 | return; | ||
155 | |||
156 | check_vip: | ||
157 | - if (VEFLAGS & X86_EFLAGS_VIP) { | ||
158 | + if ((VEFLAGS & (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) == | ||
159 | + (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) { | ||
160 | save_v86_state(regs, VM86_STI); | ||
161 | return; | ||
162 | } | ||
163 | diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c | ||
164 | index 2b6f8a4f2731..f438e0c4aa8c 100644 | ||
165 | --- a/arch/x86/kvm/mmu.c | ||
166 | +++ b/arch/x86/kvm/mmu.c | ||
167 | @@ -2758,8 +2758,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, | ||
168 | else | ||
169 | pte_access &= ~ACC_WRITE_MASK; | ||
170 | |||
171 | + if (!kvm_is_mmio_pfn(pfn)) | ||
172 | + spte |= shadow_me_mask; | ||
173 | + | ||
174 | spte |= (u64)pfn << PAGE_SHIFT; | ||
175 | - spte |= shadow_me_mask; | ||
176 | |||
177 | if (pte_access & ACC_WRITE_MASK) { | ||
178 | |||
179 | diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c | ||
180 | index 4c155ee0f89e..0133d26f16be 100644 | ||
181 | --- a/arch/x86/mm/fault.c | ||
182 | +++ b/arch/x86/mm/fault.c | ||
183 | @@ -330,7 +330,7 @@ static noinline int vmalloc_fault(unsigned long address) | ||
184 | if (!pmd_k) | ||
185 | return -1; | ||
186 | |||
187 | - if (pmd_huge(*pmd_k)) | ||
188 | + if (pmd_large(*pmd_k)) | ||
189 | return 0; | ||
190 | |||
191 | pte_k = pte_offset_kernel(pmd_k, address); | ||
192 | @@ -479,7 +479,7 @@ static noinline int vmalloc_fault(unsigned long address) | ||
193 | if (pud_none(*pud) || pud_pfn(*pud) != pud_pfn(*pud_ref)) | ||
194 | BUG(); | ||
195 | |||
196 | - if (pud_huge(*pud)) | ||
197 | + if (pud_large(*pud)) | ||
198 | return 0; | ||
199 | |||
200 | pmd = pmd_offset(pud, address); | ||
201 | @@ -490,7 +490,7 @@ static noinline int vmalloc_fault(unsigned long address) | ||
202 | if (pmd_none(*pmd) || pmd_pfn(*pmd) != pmd_pfn(*pmd_ref)) | ||
203 | BUG(); | ||
204 | |||
205 | - if (pmd_huge(*pmd)) | ||
206 | + if (pmd_large(*pmd)) | ||
207 | return 0; | ||
208 | |||
209 | pte_ref = pte_offset_kernel(pmd_ref, address); | ||
210 | diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | ||
211 | index 848242821ef3..1eff36a87595 100644 | ||
212 | --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | ||
213 | +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | ||
214 | @@ -69,25 +69,18 @@ void amdgpu_connector_hotplug(struct drm_connector *connector) | ||
215 | /* don't do anything if sink is not display port, i.e., | ||
216 | * passive dp->(dvi|hdmi) adaptor | ||
217 | */ | ||
218 | - if (dig_connector->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT) { | ||
219 | - int saved_dpms = connector->dpms; | ||
220 | - /* Only turn off the display if it's physically disconnected */ | ||
221 | - if (!amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd)) { | ||
222 | - drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF); | ||
223 | - } else if (amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) { | ||
224 | - /* Don't try to start link training before we | ||
225 | - * have the dpcd */ | ||
226 | - if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector)) | ||
227 | - return; | ||
228 | - | ||
229 | - /* set it to OFF so that drm_helper_connector_dpms() | ||
230 | - * won't return immediately since the current state | ||
231 | - * is ON at this point. | ||
232 | - */ | ||
233 | - connector->dpms = DRM_MODE_DPMS_OFF; | ||
234 | - drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON); | ||
235 | - } | ||
236 | - connector->dpms = saved_dpms; | ||
237 | + if (dig_connector->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT && | ||
238 | + amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd) && | ||
239 | + amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) { | ||
240 | + /* Don't start link training before we have the DPCD */ | ||
241 | + if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector)) | ||
242 | + return; | ||
243 | + | ||
244 | + /* Turn the connector off and back on immediately, which | ||
245 | + * will trigger link training | ||
246 | + */ | ||
247 | + drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF); | ||
248 | + drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON); | ||
249 | } | ||
250 | } | ||
251 | } | ||
252 | diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | ||
253 | index 7171968f261e..837332e84d78 100644 | ||
254 | --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | ||
255 | +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c | ||
256 | @@ -36,8 +36,6 @@ void amdgpu_gem_object_free(struct drm_gem_object *gobj) | ||
257 | struct amdgpu_bo *robj = gem_to_amdgpu_bo(gobj); | ||
258 | |||
259 | if (robj) { | ||
260 | - if (robj->gem_base.import_attach) | ||
261 | - drm_prime_gem_destroy(&robj->gem_base, robj->tbo.sg); | ||
262 | amdgpu_mn_unregister(robj); | ||
263 | amdgpu_bo_unref(&robj); | ||
264 | } | ||
265 | diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | ||
266 | index ffe483980362..4d08957d2108 100644 | ||
267 | --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | ||
268 | +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | ||
269 | @@ -46,6 +46,8 @@ static void amdgpu_ttm_bo_destroy(struct ttm_buffer_object *tbo) | ||
270 | |||
271 | amdgpu_bo_kunmap(bo); | ||
272 | |||
273 | + if (bo->gem_base.import_attach) | ||
274 | + drm_prime_gem_destroy(&bo->gem_base, bo->tbo.sg); | ||
275 | drm_gem_object_release(&bo->gem_base); | ||
276 | amdgpu_bo_unref(&bo->parent); | ||
277 | if (!list_empty(&bo->shadow_list)) { | ||
278 | diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c | ||
279 | index 380f340204e8..f56f60f695e1 100644 | ||
280 | --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c | ||
281 | +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c | ||
282 | @@ -268,13 +268,13 @@ nouveau_backlight_init(struct drm_device *dev) | ||
283 | struct nvif_device *device = &drm->client.device; | ||
284 | struct drm_connector *connector; | ||
285 | |||
286 | + INIT_LIST_HEAD(&drm->bl_connectors); | ||
287 | + | ||
288 | if (apple_gmux_present()) { | ||
289 | NV_INFO(drm, "Apple GMUX detected: not registering Nouveau backlight interface\n"); | ||
290 | return 0; | ||
291 | } | ||
292 | |||
293 | - INIT_LIST_HEAD(&drm->bl_connectors); | ||
294 | - | ||
295 | list_for_each_entry(connector, &dev->mode_config.connector_list, head) { | ||
296 | if (connector->connector_type != DRM_MODE_CONNECTOR_LVDS && | ||
297 | connector->connector_type != DRM_MODE_CONNECTOR_eDP) | ||
298 | diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c | ||
299 | index 3386452bd2f0..ac467b80edc7 100644 | ||
300 | --- a/drivers/gpu/drm/radeon/radeon_gem.c | ||
301 | +++ b/drivers/gpu/drm/radeon/radeon_gem.c | ||
302 | @@ -34,8 +34,6 @@ void radeon_gem_object_free(struct drm_gem_object *gobj) | ||
303 | struct radeon_bo *robj = gem_to_radeon_bo(gobj); | ||
304 | |||
305 | if (robj) { | ||
306 | - if (robj->gem_base.import_attach) | ||
307 | - drm_prime_gem_destroy(&robj->gem_base, robj->tbo.sg); | ||
308 | radeon_mn_unregister(robj); | ||
309 | radeon_bo_unref(&robj); | ||
310 | } | ||
311 | diff --git a/drivers/gpu/drm/radeon/radeon_object.c b/drivers/gpu/drm/radeon/radeon_object.c | ||
312 | index 093594976126..baadb706c276 100644 | ||
313 | --- a/drivers/gpu/drm/radeon/radeon_object.c | ||
314 | +++ b/drivers/gpu/drm/radeon/radeon_object.c | ||
315 | @@ -82,6 +82,8 @@ static void radeon_ttm_bo_destroy(struct ttm_buffer_object *tbo) | ||
316 | mutex_unlock(&bo->rdev->gem.mutex); | ||
317 | radeon_bo_clear_surface_reg(bo); | ||
318 | WARN_ON_ONCE(!list_empty(&bo->va)); | ||
319 | + if (bo->gem_base.import_attach) | ||
320 | + drm_prime_gem_destroy(&bo->gem_base, bo->tbo.sg); | ||
321 | drm_gem_object_release(&bo->gem_base); | ||
322 | kfree(bo); | ||
323 | } | ||
324 | diff --git a/drivers/infiniband/sw/rdmavt/mr.c b/drivers/infiniband/sw/rdmavt/mr.c | ||
325 | index 42713511b53b..524e6134642e 100644 | ||
326 | --- a/drivers/infiniband/sw/rdmavt/mr.c | ||
327 | +++ b/drivers/infiniband/sw/rdmavt/mr.c | ||
328 | @@ -489,11 +489,13 @@ static int rvt_check_refs(struct rvt_mregion *mr, const char *t) | ||
329 | unsigned long timeout; | ||
330 | struct rvt_dev_info *rdi = ib_to_rvt(mr->pd->device); | ||
331 | |||
332 | - if (percpu_ref_is_zero(&mr->refcount)) | ||
333 | - return 0; | ||
334 | - /* avoid dma mr */ | ||
335 | - if (mr->lkey) | ||
336 | + if (mr->lkey) { | ||
337 | + /* avoid dma mr */ | ||
338 | rvt_dereg_clean_qps(mr); | ||
339 | + /* @mr was indexed on rcu protected @lkey_table */ | ||
340 | + synchronize_rcu(); | ||
341 | + } | ||
342 | + | ||
343 | timeout = wait_for_completion_timeout(&mr->comp, 5 * HZ); | ||
344 | if (!timeout) { | ||
345 | rvt_pr_err(rdi, | ||
346 | diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c | ||
347 | index e88395605e32..af57f8473a88 100644 | ||
348 | --- a/drivers/irqchip/irq-gic-v3-its.c | ||
349 | +++ b/drivers/irqchip/irq-gic-v3-its.c | ||
350 | @@ -1310,7 +1310,7 @@ static struct irq_chip its_irq_chip = { | ||
351 | * This gives us (((1UL << id_bits) - 8192) >> 5) possible allocations. | ||
352 | */ | ||
353 | #define IRQS_PER_CHUNK_SHIFT 5 | ||
354 | -#define IRQS_PER_CHUNK (1 << IRQS_PER_CHUNK_SHIFT) | ||
355 | +#define IRQS_PER_CHUNK (1UL << IRQS_PER_CHUNK_SHIFT) | ||
356 | #define ITS_MAX_LPI_NRBITS 16 /* 64K LPIs */ | ||
357 | |||
358 | static unsigned long *lpi_bitmap; | ||
359 | @@ -2026,11 +2026,10 @@ static struct its_device *its_create_device(struct its_node *its, u32 dev_id, | ||
360 | |||
361 | dev = kzalloc(sizeof(*dev), GFP_KERNEL); | ||
362 | /* | ||
363 | - * At least one bit of EventID is being used, hence a minimum | ||
364 | - * of two entries. No, the architecture doesn't let you | ||
365 | - * express an ITT with a single entry. | ||
366 | + * We allocate at least one chunk worth of LPIs bet device, | ||
367 | + * and thus that many ITEs. The device may require less though. | ||
368 | */ | ||
369 | - nr_ites = max(2UL, roundup_pow_of_two(nvecs)); | ||
370 | + nr_ites = max(IRQS_PER_CHUNK, roundup_pow_of_two(nvecs)); | ||
371 | sz = nr_ites * its->ite_size; | ||
372 | sz = max(sz, ITS_ITT_ALIGN) + ITS_ITT_ALIGN - 1; | ||
373 | itt = kzalloc(sz, GFP_KERNEL); | ||
374 | diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c | ||
375 | index 9603886737b5..2300c02ab5e6 100644 | ||
376 | --- a/drivers/scsi/qla2xxx/qla_init.c | ||
377 | +++ b/drivers/scsi/qla2xxx/qla_init.c | ||
378 | @@ -102,11 +102,16 @@ qla2x00_async_iocb_timeout(void *data) | ||
379 | struct srb_iocb *lio = &sp->u.iocb_cmd; | ||
380 | struct event_arg ea; | ||
381 | |||
382 | - ql_dbg(ql_dbg_disc, fcport->vha, 0x2071, | ||
383 | - "Async-%s timeout - hdl=%x portid=%06x %8phC.\n", | ||
384 | - sp->name, sp->handle, fcport->d_id.b24, fcport->port_name); | ||
385 | + if (fcport) { | ||
386 | + ql_dbg(ql_dbg_disc, fcport->vha, 0x2071, | ||
387 | + "Async-%s timeout - hdl=%x portid=%06x %8phC.\n", | ||
388 | + sp->name, sp->handle, fcport->d_id.b24, fcport->port_name); | ||
389 | |||
390 | - fcport->flags &= ~FCF_ASYNC_SENT; | ||
391 | + fcport->flags &= ~FCF_ASYNC_SENT; | ||
392 | + } else { | ||
393 | + pr_info("Async-%s timeout - hdl=%x.\n", | ||
394 | + sp->name, sp->handle); | ||
395 | + } | ||
396 | |||
397 | switch (sp->type) { | ||
398 | case SRB_LOGIN_CMD: | ||
399 | diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c | ||
400 | index 78df7cfca568..d77dde89118e 100644 | ||
401 | --- a/drivers/scsi/qla2xxx/qla_mid.c | ||
402 | +++ b/drivers/scsi/qla2xxx/qla_mid.c | ||
403 | @@ -582,8 +582,9 @@ qla25xx_delete_req_que(struct scsi_qla_host *vha, struct req_que *req) | ||
404 | ret = qla25xx_init_req_que(vha, req); | ||
405 | if (ret != QLA_SUCCESS) | ||
406 | return QLA_FUNCTION_FAILED; | ||
407 | + | ||
408 | + qla25xx_free_req_que(vha, req); | ||
409 | } | ||
410 | - qla25xx_free_req_que(vha, req); | ||
411 | |||
412 | return ret; | ||
413 | } | ||
414 | @@ -598,8 +599,9 @@ qla25xx_delete_rsp_que(struct scsi_qla_host *vha, struct rsp_que *rsp) | ||
415 | ret = qla25xx_init_rsp_que(vha, rsp); | ||
416 | if (ret != QLA_SUCCESS) | ||
417 | return QLA_FUNCTION_FAILED; | ||
418 | + | ||
419 | + qla25xx_free_rsp_que(vha, rsp); | ||
420 | } | ||
421 | - qla25xx_free_rsp_que(vha, rsp); | ||
422 | |||
423 | return ret; | ||
424 | } | ||
425 | diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c | ||
426 | index cfe7654f6bd3..1e17175692d3 100644 | ||
427 | --- a/drivers/scsi/qla2xxx/qla_os.c | ||
428 | +++ b/drivers/scsi/qla2xxx/qla_os.c | ||
429 | @@ -442,7 +442,7 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req, | ||
430 | ha->req_q_map[0] = req; | ||
431 | set_bit(0, ha->rsp_qid_map); | ||
432 | set_bit(0, ha->req_qid_map); | ||
433 | - return 1; | ||
434 | + return 0; | ||
435 | |||
436 | fail_qpair_map: | ||
437 | kfree(ha->base_qpair); | ||
438 | @@ -459,6 +459,9 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req, | ||
439 | |||
440 | static void qla2x00_free_req_que(struct qla_hw_data *ha, struct req_que *req) | ||
441 | { | ||
442 | + if (!ha->req_q_map) | ||
443 | + return; | ||
444 | + | ||
445 | if (IS_QLAFX00(ha)) { | ||
446 | if (req && req->ring_fx00) | ||
447 | dma_free_coherent(&ha->pdev->dev, | ||
448 | @@ -469,14 +472,17 @@ static void qla2x00_free_req_que(struct qla_hw_data *ha, struct req_que *req) | ||
449 | (req->length + 1) * sizeof(request_t), | ||
450 | req->ring, req->dma); | ||
451 | |||
452 | - if (req) | ||
453 | + if (req) { | ||
454 | kfree(req->outstanding_cmds); | ||
455 | - | ||
456 | - kfree(req); | ||
457 | + kfree(req); | ||
458 | + } | ||
459 | } | ||
460 | |||
461 | static void qla2x00_free_rsp_que(struct qla_hw_data *ha, struct rsp_que *rsp) | ||
462 | { | ||
463 | + if (!ha->rsp_q_map) | ||
464 | + return; | ||
465 | + | ||
466 | if (IS_QLAFX00(ha)) { | ||
467 | if (rsp && rsp->ring) | ||
468 | dma_free_coherent(&ha->pdev->dev, | ||
469 | @@ -487,7 +493,8 @@ static void qla2x00_free_rsp_que(struct qla_hw_data *ha, struct rsp_que *rsp) | ||
470 | (rsp->length + 1) * sizeof(response_t), | ||
471 | rsp->ring, rsp->dma); | ||
472 | } | ||
473 | - kfree(rsp); | ||
474 | + if (rsp) | ||
475 | + kfree(rsp); | ||
476 | } | ||
477 | |||
478 | static void qla2x00_free_queues(struct qla_hw_data *ha) | ||
479 | @@ -1710,6 +1717,8 @@ qla2x00_abort_all_cmds(scsi_qla_host_t *vha, int res) | ||
480 | struct qla_tgt_cmd *cmd; | ||
481 | uint8_t trace = 0; | ||
482 | |||
483 | + if (!ha->req_q_map) | ||
484 | + return; | ||
485 | spin_lock_irqsave(&ha->hardware_lock, flags); | ||
486 | for (que = 0; que < ha->max_req_queues; que++) { | ||
487 | req = ha->req_q_map[que]; | ||
488 | @@ -3063,14 +3072,14 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) | ||
489 | /* Set up the irqs */ | ||
490 | ret = qla2x00_request_irqs(ha, rsp); | ||
491 | if (ret) | ||
492 | - goto probe_hw_failed; | ||
493 | + goto probe_failed; | ||
494 | |||
495 | /* Alloc arrays of request and response ring ptrs */ | ||
496 | - if (!qla2x00_alloc_queues(ha, req, rsp)) { | ||
497 | + if (qla2x00_alloc_queues(ha, req, rsp)) { | ||
498 | ql_log(ql_log_fatal, base_vha, 0x003d, | ||
499 | "Failed to allocate memory for queue pointers..." | ||
500 | "aborting.\n"); | ||
501 | - goto probe_init_failed; | ||
502 | + goto probe_failed; | ||
503 | } | ||
504 | |||
505 | if (ha->mqenable && shost_use_blk_mq(host)) { | ||
506 | @@ -3347,15 +3356,6 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) | ||
507 | |||
508 | return 0; | ||
509 | |||
510 | -probe_init_failed: | ||
511 | - qla2x00_free_req_que(ha, req); | ||
512 | - ha->req_q_map[0] = NULL; | ||
513 | - clear_bit(0, ha->req_qid_map); | ||
514 | - qla2x00_free_rsp_que(ha, rsp); | ||
515 | - ha->rsp_q_map[0] = NULL; | ||
516 | - clear_bit(0, ha->rsp_qid_map); | ||
517 | - ha->max_req_queues = ha->max_rsp_queues = 0; | ||
518 | - | ||
519 | probe_failed: | ||
520 | if (base_vha->timer_active) | ||
521 | qla2x00_stop_timer(base_vha); | ||
522 | @@ -4435,11 +4435,17 @@ qla2x00_mem_free(struct qla_hw_data *ha) | ||
523 | if (ha->init_cb) | ||
524 | dma_free_coherent(&ha->pdev->dev, ha->init_cb_size, | ||
525 | ha->init_cb, ha->init_cb_dma); | ||
526 | - vfree(ha->optrom_buffer); | ||
527 | - kfree(ha->nvram); | ||
528 | - kfree(ha->npiv_info); | ||
529 | - kfree(ha->swl); | ||
530 | - kfree(ha->loop_id_map); | ||
531 | + | ||
532 | + if (ha->optrom_buffer) | ||
533 | + vfree(ha->optrom_buffer); | ||
534 | + if (ha->nvram) | ||
535 | + kfree(ha->nvram); | ||
536 | + if (ha->npiv_info) | ||
537 | + kfree(ha->npiv_info); | ||
538 | + if (ha->swl) | ||
539 | + kfree(ha->swl); | ||
540 | + if (ha->loop_id_map) | ||
541 | + kfree(ha->loop_id_map); | ||
542 | |||
543 | ha->srb_mempool = NULL; | ||
544 | ha->ctx_mempool = NULL; | ||
545 | @@ -4455,6 +4461,15 @@ qla2x00_mem_free(struct qla_hw_data *ha) | ||
546 | ha->ex_init_cb_dma = 0; | ||
547 | ha->async_pd = NULL; | ||
548 | ha->async_pd_dma = 0; | ||
549 | + ha->loop_id_map = NULL; | ||
550 | + ha->npiv_info = NULL; | ||
551 | + ha->optrom_buffer = NULL; | ||
552 | + ha->swl = NULL; | ||
553 | + ha->nvram = NULL; | ||
554 | + ha->mctp_dump = NULL; | ||
555 | + ha->dcbx_tlv = NULL; | ||
556 | + ha->xgmac_data = NULL; | ||
557 | + ha->sfp_data = NULL; | ||
558 | |||
559 | ha->s_dma_pool = NULL; | ||
560 | ha->dl_dma_pool = NULL; | ||
561 | diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c | ||
562 | index 040a76011ffa..d6fe08de59a0 100644 | ||
563 | --- a/drivers/scsi/qla2xxx/qla_target.c | ||
564 | +++ b/drivers/scsi/qla2xxx/qla_target.c | ||
565 | @@ -971,6 +971,7 @@ static void qlt_free_session_done(struct work_struct *work) | ||
566 | |||
567 | logo.id = sess->d_id; | ||
568 | logo.cmd_count = 0; | ||
569 | + sess->send_els_logo = 0; | ||
570 | qlt_send_first_logo(vha, &logo); | ||
571 | } | ||
572 | |||
573 | diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h | ||
574 | index ea910acb4bb0..fc28819253f7 100644 | ||
575 | --- a/drivers/usb/dwc3/core.h | ||
576 | +++ b/drivers/usb/dwc3/core.h | ||
577 | @@ -166,13 +166,15 @@ | ||
578 | #define DWC3_GDBGFIFOSPACE_TYPE(n) (((n) << 5) & 0x1e0) | ||
579 | #define DWC3_GDBGFIFOSPACE_SPACE_AVAILABLE(n) (((n) >> 16) & 0xffff) | ||
580 | |||
581 | -#define DWC3_TXFIFOQ 1 | ||
582 | -#define DWC3_RXFIFOQ 3 | ||
583 | -#define DWC3_TXREQQ 5 | ||
584 | -#define DWC3_RXREQQ 7 | ||
585 | -#define DWC3_RXINFOQ 9 | ||
586 | -#define DWC3_DESCFETCHQ 13 | ||
587 | -#define DWC3_EVENTQ 15 | ||
588 | +#define DWC3_TXFIFOQ 0 | ||
589 | +#define DWC3_RXFIFOQ 1 | ||
590 | +#define DWC3_TXREQQ 2 | ||
591 | +#define DWC3_RXREQQ 3 | ||
592 | +#define DWC3_RXINFOQ 4 | ||
593 | +#define DWC3_PSTATQ 5 | ||
594 | +#define DWC3_DESCFETCHQ 6 | ||
595 | +#define DWC3_EVENTQ 7 | ||
596 | +#define DWC3_AUXEVENTQ 8 | ||
597 | |||
598 | /* Global RX Threshold Configuration Register */ | ||
599 | #define DWC3_GRXTHRCFG_MAXRXBURSTSIZE(n) (((n) & 0x1f) << 19) | ||
600 | diff --git a/drivers/usb/gadget/udc/bdc/bdc_pci.c b/drivers/usb/gadget/udc/bdc/bdc_pci.c | ||
601 | index 02968842b359..708e36f530d8 100644 | ||
602 | --- a/drivers/usb/gadget/udc/bdc/bdc_pci.c | ||
603 | +++ b/drivers/usb/gadget/udc/bdc/bdc_pci.c | ||
604 | @@ -82,6 +82,7 @@ static int bdc_pci_probe(struct pci_dev *pci, const struct pci_device_id *id) | ||
605 | if (ret) { | ||
606 | dev_err(&pci->dev, | ||
607 | "couldn't add resources to bdc device\n"); | ||
608 | + platform_device_put(bdc); | ||
609 | return ret; | ||
610 | } | ||
611 | |||
612 | diff --git a/fs/aio.c b/fs/aio.c | ||
613 | index 5a2487217072..c3ace7833a03 100644 | ||
614 | --- a/fs/aio.c | ||
615 | +++ b/fs/aio.c | ||
616 | @@ -68,9 +68,9 @@ struct aio_ring { | ||
617 | #define AIO_RING_PAGES 8 | ||
618 | |||
619 | struct kioctx_table { | ||
620 | - struct rcu_head rcu; | ||
621 | - unsigned nr; | ||
622 | - struct kioctx *table[]; | ||
623 | + struct rcu_head rcu; | ||
624 | + unsigned nr; | ||
625 | + struct kioctx __rcu *table[]; | ||
626 | }; | ||
627 | |||
628 | struct kioctx_cpu { | ||
629 | @@ -115,7 +115,8 @@ struct kioctx { | ||
630 | struct page **ring_pages; | ||
631 | long nr_pages; | ||
632 | |||
633 | - struct work_struct free_work; | ||
634 | + struct rcu_head free_rcu; | ||
635 | + struct work_struct free_work; /* see free_ioctx() */ | ||
636 | |||
637 | /* | ||
638 | * signals when all in-flight requests are done | ||
639 | @@ -329,7 +330,7 @@ static int aio_ring_mremap(struct vm_area_struct *vma) | ||
640 | for (i = 0; i < table->nr; i++) { | ||
641 | struct kioctx *ctx; | ||
642 | |||
643 | - ctx = table->table[i]; | ||
644 | + ctx = rcu_dereference(table->table[i]); | ||
645 | if (ctx && ctx->aio_ring_file == file) { | ||
646 | if (!atomic_read(&ctx->dead)) { | ||
647 | ctx->user_id = ctx->mmap_base = vma->vm_start; | ||
648 | @@ -588,6 +589,12 @@ static int kiocb_cancel(struct aio_kiocb *kiocb) | ||
649 | return cancel(&kiocb->common); | ||
650 | } | ||
651 | |||
652 | +/* | ||
653 | + * free_ioctx() should be RCU delayed to synchronize against the RCU | ||
654 | + * protected lookup_ioctx() and also needs process context to call | ||
655 | + * aio_free_ring(), so the double bouncing through kioctx->free_rcu and | ||
656 | + * ->free_work. | ||
657 | + */ | ||
658 | static void free_ioctx(struct work_struct *work) | ||
659 | { | ||
660 | struct kioctx *ctx = container_of(work, struct kioctx, free_work); | ||
661 | @@ -601,6 +608,14 @@ static void free_ioctx(struct work_struct *work) | ||
662 | kmem_cache_free(kioctx_cachep, ctx); | ||
663 | } | ||
664 | |||
665 | +static void free_ioctx_rcufn(struct rcu_head *head) | ||
666 | +{ | ||
667 | + struct kioctx *ctx = container_of(head, struct kioctx, free_rcu); | ||
668 | + | ||
669 | + INIT_WORK(&ctx->free_work, free_ioctx); | ||
670 | + schedule_work(&ctx->free_work); | ||
671 | +} | ||
672 | + | ||
673 | static void free_ioctx_reqs(struct percpu_ref *ref) | ||
674 | { | ||
675 | struct kioctx *ctx = container_of(ref, struct kioctx, reqs); | ||
676 | @@ -609,8 +624,8 @@ static void free_ioctx_reqs(struct percpu_ref *ref) | ||
677 | if (ctx->rq_wait && atomic_dec_and_test(&ctx->rq_wait->count)) | ||
678 | complete(&ctx->rq_wait->comp); | ||
679 | |||
680 | - INIT_WORK(&ctx->free_work, free_ioctx); | ||
681 | - schedule_work(&ctx->free_work); | ||
682 | + /* Synchronize against RCU protected table->table[] dereferences */ | ||
683 | + call_rcu(&ctx->free_rcu, free_ioctx_rcufn); | ||
684 | } | ||
685 | |||
686 | /* | ||
687 | @@ -651,9 +666,9 @@ static int ioctx_add_table(struct kioctx *ctx, struct mm_struct *mm) | ||
688 | while (1) { | ||
689 | if (table) | ||
690 | for (i = 0; i < table->nr; i++) | ||
691 | - if (!table->table[i]) { | ||
692 | + if (!rcu_access_pointer(table->table[i])) { | ||
693 | ctx->id = i; | ||
694 | - table->table[i] = ctx; | ||
695 | + rcu_assign_pointer(table->table[i], ctx); | ||
696 | spin_unlock(&mm->ioctx_lock); | ||
697 | |||
698 | /* While kioctx setup is in progress, | ||
699 | @@ -834,11 +849,11 @@ static int kill_ioctx(struct mm_struct *mm, struct kioctx *ctx, | ||
700 | } | ||
701 | |||
702 | table = rcu_dereference_raw(mm->ioctx_table); | ||
703 | - WARN_ON(ctx != table->table[ctx->id]); | ||
704 | - table->table[ctx->id] = NULL; | ||
705 | + WARN_ON(ctx != rcu_access_pointer(table->table[ctx->id])); | ||
706 | + RCU_INIT_POINTER(table->table[ctx->id], NULL); | ||
707 | spin_unlock(&mm->ioctx_lock); | ||
708 | |||
709 | - /* percpu_ref_kill() will do the necessary call_rcu() */ | ||
710 | + /* free_ioctx_reqs() will do the necessary RCU synchronization */ | ||
711 | wake_up_all(&ctx->wait); | ||
712 | |||
713 | /* | ||
714 | @@ -880,7 +895,8 @@ void exit_aio(struct mm_struct *mm) | ||
715 | |||
716 | skipped = 0; | ||
717 | for (i = 0; i < table->nr; ++i) { | ||
718 | - struct kioctx *ctx = table->table[i]; | ||
719 | + struct kioctx *ctx = | ||
720 | + rcu_dereference_protected(table->table[i], true); | ||
721 | |||
722 | if (!ctx) { | ||
723 | skipped++; | ||
724 | @@ -1069,7 +1085,7 @@ static struct kioctx *lookup_ioctx(unsigned long ctx_id) | ||
725 | if (!table || id >= table->nr) | ||
726 | goto out; | ||
727 | |||
728 | - ctx = table->table[id]; | ||
729 | + ctx = rcu_dereference(table->table[id]); | ||
730 | if (ctx && ctx->user_id == ctx_id) { | ||
731 | percpu_ref_get(&ctx->users); | ||
732 | ret = ctx; | ||
733 | diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c | ||
734 | index b517ef1477ea..0531cb9a3ba9 100644 | ||
735 | --- a/fs/btrfs/backref.c | ||
736 | +++ b/fs/btrfs/backref.c | ||
737 | @@ -1252,7 +1252,16 @@ static int find_parent_nodes(struct btrfs_trans_handle *trans, | ||
738 | while (node) { | ||
739 | ref = rb_entry(node, struct prelim_ref, rbnode); | ||
740 | node = rb_next(&ref->rbnode); | ||
741 | - WARN_ON(ref->count < 0); | ||
742 | + /* | ||
743 | + * ref->count < 0 can happen here if there are delayed | ||
744 | + * refs with a node->action of BTRFS_DROP_DELAYED_REF. | ||
745 | + * prelim_ref_insert() relies on this when merging | ||
746 | + * identical refs to keep the overall count correct. | ||
747 | + * prelim_ref_insert() will merge only those refs | ||
748 | + * which compare identically. Any refs having | ||
749 | + * e.g. different offsets would not be merged, | ||
750 | + * and would retain their original ref->count < 0. | ||
751 | + */ | ||
752 | if (roots && ref->count && ref->root_id && ref->parent == 0) { | ||
753 | if (sc && sc->root_objectid && | ||
754 | ref->root_id != sc->root_objectid) { | ||
755 | @@ -1496,6 +1505,7 @@ int btrfs_check_shared(struct btrfs_root *root, u64 inum, u64 bytenr) | ||
756 | if (!node) | ||
757 | break; | ||
758 | bytenr = node->val; | ||
759 | + shared.share_count = 0; | ||
760 | cond_resched(); | ||
761 | } | ||
762 | |||
763 | diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c | ||
764 | index 6154825c30e1..32b186c5694c 100644 | ||
765 | --- a/fs/btrfs/raid56.c | ||
766 | +++ b/fs/btrfs/raid56.c | ||
767 | @@ -1348,6 +1348,7 @@ static int find_bio_stripe(struct btrfs_raid_bio *rbio, | ||
768 | stripe_start = stripe->physical; | ||
769 | if (physical >= stripe_start && | ||
770 | physical < stripe_start + rbio->stripe_len && | ||
771 | + stripe->dev->bdev && | ||
772 | bio->bi_disk == stripe->dev->bdev->bd_disk && | ||
773 | bio->bi_partno == stripe->dev->bdev->bd_partno) { | ||
774 | return i; | ||
775 | diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c | ||
776 | index bc534fafacf9..71b3cd634436 100644 | ||
777 | --- a/fs/btrfs/volumes.c | ||
778 | +++ b/fs/btrfs/volumes.c | ||
779 | @@ -589,6 +589,7 @@ void btrfs_free_stale_device(struct btrfs_device *cur_dev) | ||
780 | btrfs_sysfs_remove_fsid(fs_devs); | ||
781 | list_del(&fs_devs->list); | ||
782 | free_fs_devices(fs_devs); | ||
783 | + break; | ||
784 | } else { | ||
785 | fs_devs->num_devices--; | ||
786 | list_del(&dev->dev_list); | ||
787 | @@ -4733,10 +4734,13 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans, | ||
788 | ndevs = min(ndevs, devs_max); | ||
789 | |||
790 | /* | ||
791 | - * the primary goal is to maximize the number of stripes, so use as many | ||
792 | - * devices as possible, even if the stripes are not maximum sized. | ||
793 | + * The primary goal is to maximize the number of stripes, so use as | ||
794 | + * many devices as possible, even if the stripes are not maximum sized. | ||
795 | + * | ||
796 | + * The DUP profile stores more than one stripe per device, the | ||
797 | + * max_avail is the total size so we have to adjust. | ||
798 | */ | ||
799 | - stripe_size = devices_info[ndevs-1].max_avail; | ||
800 | + stripe_size = div_u64(devices_info[ndevs - 1].max_avail, dev_stripes); | ||
801 | num_stripes = ndevs * dev_stripes; | ||
802 | |||
803 | /* | ||
804 | @@ -4771,8 +4775,6 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans, | ||
805 | stripe_size = devices_info[ndevs-1].max_avail; | ||
806 | } | ||
807 | |||
808 | - stripe_size = div_u64(stripe_size, dev_stripes); | ||
809 | - | ||
810 | /* align to BTRFS_STRIPE_LEN */ | ||
811 | stripe_size = round_down(stripe_size, BTRFS_STRIPE_LEN); | ||
812 | |||
813 | @@ -7080,10 +7082,24 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans, | ||
814 | |||
815 | mutex_lock(&fs_devices->device_list_mutex); | ||
816 | list_for_each_entry(device, &fs_devices->devices, dev_list) { | ||
817 | - if (!device->dev_stats_valid || !btrfs_dev_stats_dirty(device)) | ||
818 | + stats_cnt = atomic_read(&device->dev_stats_ccnt); | ||
819 | + if (!device->dev_stats_valid || stats_cnt == 0) | ||
820 | continue; | ||
821 | |||
822 | - stats_cnt = atomic_read(&device->dev_stats_ccnt); | ||
823 | + | ||
824 | + /* | ||
825 | + * There is a LOAD-LOAD control dependency between the value of | ||
826 | + * dev_stats_ccnt and updating the on-disk values which requires | ||
827 | + * reading the in-memory counters. Such control dependencies | ||
828 | + * require explicit read memory barriers. | ||
829 | + * | ||
830 | + * This memory barriers pairs with smp_mb__before_atomic in | ||
831 | + * btrfs_dev_stat_inc/btrfs_dev_stat_set and with the full | ||
832 | + * barrier implied by atomic_xchg in | ||
833 | + * btrfs_dev_stats_read_and_reset | ||
834 | + */ | ||
835 | + smp_rmb(); | ||
836 | + | ||
837 | ret = update_dev_stat_item(trans, fs_info, device); | ||
838 | if (!ret) | ||
839 | atomic_sub(stats_cnt, &device->dev_stats_ccnt); | ||
840 | diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h | ||
841 | index 6108fdfec67f..c5dd48eb7b3d 100644 | ||
842 | --- a/fs/btrfs/volumes.h | ||
843 | +++ b/fs/btrfs/volumes.h | ||
844 | @@ -498,6 +498,12 @@ static inline void btrfs_dev_stat_inc(struct btrfs_device *dev, | ||
845 | int index) | ||
846 | { | ||
847 | atomic_inc(dev->dev_stat_values + index); | ||
848 | + /* | ||
849 | + * This memory barrier orders stores updating statistics before stores | ||
850 | + * updating dev_stats_ccnt. | ||
851 | + * | ||
852 | + * It pairs with smp_rmb() in btrfs_run_dev_stats(). | ||
853 | + */ | ||
854 | smp_mb__before_atomic(); | ||
855 | atomic_inc(&dev->dev_stats_ccnt); | ||
856 | } | ||
857 | @@ -523,6 +529,12 @@ static inline void btrfs_dev_stat_set(struct btrfs_device *dev, | ||
858 | int index, unsigned long val) | ||
859 | { | ||
860 | atomic_set(dev->dev_stat_values + index, val); | ||
861 | + /* | ||
862 | + * This memory barrier orders stores updating statistics before stores | ||
863 | + * updating dev_stats_ccnt. | ||
864 | + * | ||
865 | + * It pairs with smp_rmb() in btrfs_run_dev_stats(). | ||
866 | + */ | ||
867 | smp_mb__before_atomic(); | ||
868 | atomic_inc(&dev->dev_stats_ccnt); | ||
869 | } | ||
870 | diff --git a/fs/dcache.c b/fs/dcache.c | ||
871 | index b8d999a5768b..a1417787e269 100644 | ||
872 | --- a/fs/dcache.c | ||
873 | +++ b/fs/dcache.c | ||
874 | @@ -644,11 +644,16 @@ static inline struct dentry *lock_parent(struct dentry *dentry) | ||
875 | spin_unlock(&parent->d_lock); | ||
876 | goto again; | ||
877 | } | ||
878 | - rcu_read_unlock(); | ||
879 | - if (parent != dentry) | ||
880 | + if (parent != dentry) { | ||
881 | spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); | ||
882 | - else | ||
883 | + if (unlikely(dentry->d_lockref.count < 0)) { | ||
884 | + spin_unlock(&parent->d_lock); | ||
885 | + parent = NULL; | ||
886 | + } | ||
887 | + } else { | ||
888 | parent = NULL; | ||
889 | + } | ||
890 | + rcu_read_unlock(); | ||
891 | return parent; | ||
892 | } | ||
893 | |||
894 | diff --git a/fs/namei.c b/fs/namei.c | ||
895 | index cbe24e367a70..f839b0750ca3 100644 | ||
896 | --- a/fs/namei.c | ||
897 | +++ b/fs/namei.c | ||
898 | @@ -578,9 +578,10 @@ static int __nd_alloc_stack(struct nameidata *nd) | ||
899 | static bool path_connected(const struct path *path) | ||
900 | { | ||
901 | struct vfsmount *mnt = path->mnt; | ||
902 | + struct super_block *sb = mnt->mnt_sb; | ||
903 | |||
904 | - /* Only bind mounts can have disconnected paths */ | ||
905 | - if (mnt->mnt_root == mnt->mnt_sb->s_root) | ||
906 | + /* Bind mounts and multi-root filesystems can have disconnected paths */ | ||
907 | + if (!(sb->s_iflags & SB_I_MULTIROOT) && (mnt->mnt_root == sb->s_root)) | ||
908 | return true; | ||
909 | |||
910 | return is_subdir(path->dentry, mnt->mnt_root); | ||
911 | diff --git a/fs/nfs/super.c b/fs/nfs/super.c | ||
912 | index 216f67d628b3..38de09b08e96 100644 | ||
913 | --- a/fs/nfs/super.c | ||
914 | +++ b/fs/nfs/super.c | ||
915 | @@ -2623,6 +2623,8 @@ struct dentry *nfs_fs_mount_common(struct nfs_server *server, | ||
916 | /* initial superblock/root creation */ | ||
917 | mount_info->fill_super(s, mount_info); | ||
918 | nfs_get_cache_cookie(s, mount_info->parsed, mount_info->cloned); | ||
919 | + if (!(server->flags & NFS_MOUNT_UNSHARED)) | ||
920 | + s->s_iflags |= SB_I_MULTIROOT; | ||
921 | } | ||
922 | |||
923 | mntroot = nfs_get_root(s, mount_info->mntfh, dev_name); | ||
924 | diff --git a/include/linux/fs.h b/include/linux/fs.h | ||
925 | index d54f41a63dbf..cc613f20e5a6 100644 | ||
926 | --- a/include/linux/fs.h | ||
927 | +++ b/include/linux/fs.h | ||
928 | @@ -1312,6 +1312,7 @@ extern int send_sigurg(struct fown_struct *fown); | ||
929 | #define SB_I_CGROUPWB 0x00000001 /* cgroup-aware writeback enabled */ | ||
930 | #define SB_I_NOEXEC 0x00000002 /* Ignore executables on this fs */ | ||
931 | #define SB_I_NODEV 0x00000004 /* Ignore devices on this fs */ | ||
932 | +#define SB_I_MULTIROOT 0x00000008 /* Multiple roots to the dentry tree */ | ||
933 | |||
934 | /* sb->s_iflags to limit user namespace mounts */ | ||
935 | #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */ | ||
936 | diff --git a/include/linux/irqchip/arm-gic-v3.h b/include/linux/irqchip/arm-gic-v3.h | ||
937 | index 14b74f22d43c..bacb499c512c 100644 | ||
938 | --- a/include/linux/irqchip/arm-gic-v3.h | ||
939 | +++ b/include/linux/irqchip/arm-gic-v3.h | ||
940 | @@ -501,6 +501,7 @@ | ||
941 | |||
942 | #define ICH_HCR_EN (1 << 0) | ||
943 | #define ICH_HCR_UIE (1 << 1) | ||
944 | +#define ICH_HCR_NPIE (1 << 3) | ||
945 | #define ICH_HCR_TC (1 << 10) | ||
946 | #define ICH_HCR_TALL0 (1 << 11) | ||
947 | #define ICH_HCR_TALL1 (1 << 12) | ||
948 | diff --git a/include/linux/irqchip/arm-gic.h b/include/linux/irqchip/arm-gic.h | ||
949 | index d3453ee072fc..68d8b1f73682 100644 | ||
950 | --- a/include/linux/irqchip/arm-gic.h | ||
951 | +++ b/include/linux/irqchip/arm-gic.h | ||
952 | @@ -84,6 +84,7 @@ | ||
953 | |||
954 | #define GICH_HCR_EN (1 << 0) | ||
955 | #define GICH_HCR_UIE (1 << 1) | ||
956 | +#define GICH_HCR_NPIE (1 << 3) | ||
957 | |||
958 | #define GICH_LR_VIRTUALID (0x3ff << 0) | ||
959 | #define GICH_LR_PHYSID_CPUID_SHIFT (10) | ||
960 | diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c | ||
961 | index c2db7e905f7d..012881461058 100644 | ||
962 | --- a/sound/core/oss/pcm_oss.c | ||
963 | +++ b/sound/core/oss/pcm_oss.c | ||
964 | @@ -1762,10 +1762,9 @@ static int snd_pcm_oss_get_formats(struct snd_pcm_oss_file *pcm_oss_file) | ||
965 | return -ENOMEM; | ||
966 | _snd_pcm_hw_params_any(params); | ||
967 | err = snd_pcm_hw_refine(substream, params); | ||
968 | - format_mask = hw_param_mask_c(params, SNDRV_PCM_HW_PARAM_FORMAT); | ||
969 | - kfree(params); | ||
970 | if (err < 0) | ||
971 | - return err; | ||
972 | + goto error; | ||
973 | + format_mask = hw_param_mask_c(params, SNDRV_PCM_HW_PARAM_FORMAT); | ||
974 | for (fmt = 0; fmt < 32; ++fmt) { | ||
975 | if (snd_mask_test(format_mask, fmt)) { | ||
976 | int f = snd_pcm_oss_format_to(fmt); | ||
977 | @@ -1773,7 +1772,10 @@ static int snd_pcm_oss_get_formats(struct snd_pcm_oss_file *pcm_oss_file) | ||
978 | formats |= f; | ||
979 | } | ||
980 | } | ||
981 | - return formats; | ||
982 | + | ||
983 | + error: | ||
984 | + kfree(params); | ||
985 | + return err < 0 ? err : formats; | ||
986 | } | ||
987 | |||
988 | static int snd_pcm_oss_set_format(struct snd_pcm_oss_file *pcm_oss_file, int format) | ||
989 | diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c | ||
990 | index 1f3aa466ac9b..a4c571cb3b87 100644 | ||
991 | --- a/sound/core/seq/seq_clientmgr.c | ||
992 | +++ b/sound/core/seq/seq_clientmgr.c | ||
993 | @@ -255,12 +255,12 @@ static int seq_free_client1(struct snd_seq_client *client) | ||
994 | |||
995 | if (!client) | ||
996 | return 0; | ||
997 | - snd_seq_delete_all_ports(client); | ||
998 | - snd_seq_queue_client_leave(client->number); | ||
999 | spin_lock_irqsave(&clients_lock, flags); | ||
1000 | clienttablock[client->number] = 1; | ||
1001 | clienttab[client->number] = NULL; | ||
1002 | spin_unlock_irqrestore(&clients_lock, flags); | ||
1003 | + snd_seq_delete_all_ports(client); | ||
1004 | + snd_seq_queue_client_leave(client->number); | ||
1005 | snd_use_lock_sync(&client->use_lock); | ||
1006 | snd_seq_queue_client_termination(client->number); | ||
1007 | if (client->pool) | ||
1008 | diff --git a/sound/core/seq/seq_prioq.c b/sound/core/seq/seq_prioq.c | ||
1009 | index bc1c8488fc2a..2bc6759e4adc 100644 | ||
1010 | --- a/sound/core/seq/seq_prioq.c | ||
1011 | +++ b/sound/core/seq/seq_prioq.c | ||
1012 | @@ -87,7 +87,7 @@ void snd_seq_prioq_delete(struct snd_seq_prioq **fifo) | ||
1013 | if (f->cells > 0) { | ||
1014 | /* drain prioQ */ | ||
1015 | while (f->cells > 0) | ||
1016 | - snd_seq_cell_free(snd_seq_prioq_cell_out(f)); | ||
1017 | + snd_seq_cell_free(snd_seq_prioq_cell_out(f, NULL)); | ||
1018 | } | ||
1019 | |||
1020 | kfree(f); | ||
1021 | @@ -214,8 +214,18 @@ int snd_seq_prioq_cell_in(struct snd_seq_prioq * f, | ||
1022 | return 0; | ||
1023 | } | ||
1024 | |||
1025 | +/* return 1 if the current time >= event timestamp */ | ||
1026 | +static int event_is_ready(struct snd_seq_event *ev, void *current_time) | ||
1027 | +{ | ||
1028 | + if ((ev->flags & SNDRV_SEQ_TIME_STAMP_MASK) == SNDRV_SEQ_TIME_STAMP_TICK) | ||
1029 | + return snd_seq_compare_tick_time(current_time, &ev->time.tick); | ||
1030 | + else | ||
1031 | + return snd_seq_compare_real_time(current_time, &ev->time.time); | ||
1032 | +} | ||
1033 | + | ||
1034 | /* dequeue cell from prioq */ | ||
1035 | -struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f) | ||
1036 | +struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f, | ||
1037 | + void *current_time) | ||
1038 | { | ||
1039 | struct snd_seq_event_cell *cell; | ||
1040 | unsigned long flags; | ||
1041 | @@ -227,6 +237,8 @@ struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f) | ||
1042 | spin_lock_irqsave(&f->lock, flags); | ||
1043 | |||
1044 | cell = f->head; | ||
1045 | + if (cell && current_time && !event_is_ready(&cell->event, current_time)) | ||
1046 | + cell = NULL; | ||
1047 | if (cell) { | ||
1048 | f->head = cell->next; | ||
1049 | |||
1050 | @@ -252,18 +264,6 @@ int snd_seq_prioq_avail(struct snd_seq_prioq * f) | ||
1051 | return f->cells; | ||
1052 | } | ||
1053 | |||
1054 | - | ||
1055 | -/* peek at cell at the head of the prioq */ | ||
1056 | -struct snd_seq_event_cell *snd_seq_prioq_cell_peek(struct snd_seq_prioq * f) | ||
1057 | -{ | ||
1058 | - if (f == NULL) { | ||
1059 | - pr_debug("ALSA: seq: snd_seq_prioq_cell_in() called with NULL prioq\n"); | ||
1060 | - return NULL; | ||
1061 | - } | ||
1062 | - return f->head; | ||
1063 | -} | ||
1064 | - | ||
1065 | - | ||
1066 | static inline int prioq_match(struct snd_seq_event_cell *cell, | ||
1067 | int client, int timestamp) | ||
1068 | { | ||
1069 | diff --git a/sound/core/seq/seq_prioq.h b/sound/core/seq/seq_prioq.h | ||
1070 | index d38bb78d9345..2c315ca10fc4 100644 | ||
1071 | --- a/sound/core/seq/seq_prioq.h | ||
1072 | +++ b/sound/core/seq/seq_prioq.h | ||
1073 | @@ -44,14 +44,12 @@ void snd_seq_prioq_delete(struct snd_seq_prioq **fifo); | ||
1074 | int snd_seq_prioq_cell_in(struct snd_seq_prioq *f, struct snd_seq_event_cell *cell); | ||
1075 | |||
1076 | /* dequeue cell from prioq */ | ||
1077 | -struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f); | ||
1078 | +struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f, | ||
1079 | + void *current_time); | ||
1080 | |||
1081 | /* return number of events available in prioq */ | ||
1082 | int snd_seq_prioq_avail(struct snd_seq_prioq *f); | ||
1083 | |||
1084 | -/* peek at cell at the head of the prioq */ | ||
1085 | -struct snd_seq_event_cell *snd_seq_prioq_cell_peek(struct snd_seq_prioq *f); | ||
1086 | - | ||
1087 | /* client left queue */ | ||
1088 | void snd_seq_prioq_leave(struct snd_seq_prioq *f, int client, int timestamp); | ||
1089 | |||
1090 | diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c | ||
1091 | index 79e0c5604ef8..1a6dc4ff44a6 100644 | ||
1092 | --- a/sound/core/seq/seq_queue.c | ||
1093 | +++ b/sound/core/seq/seq_queue.c | ||
1094 | @@ -277,30 +277,20 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) | ||
1095 | |||
1096 | __again: | ||
1097 | /* Process tick queue... */ | ||
1098 | - while ((cell = snd_seq_prioq_cell_peek(q->tickq)) != NULL) { | ||
1099 | - if (snd_seq_compare_tick_time(&q->timer->tick.cur_tick, | ||
1100 | - &cell->event.time.tick)) { | ||
1101 | - cell = snd_seq_prioq_cell_out(q->tickq); | ||
1102 | - if (cell) | ||
1103 | - snd_seq_dispatch_event(cell, atomic, hop); | ||
1104 | - } else { | ||
1105 | - /* event remains in the queue */ | ||
1106 | + for (;;) { | ||
1107 | + cell = snd_seq_prioq_cell_out(q->tickq, | ||
1108 | + &q->timer->tick.cur_tick); | ||
1109 | + if (!cell) | ||
1110 | break; | ||
1111 | - } | ||
1112 | + snd_seq_dispatch_event(cell, atomic, hop); | ||
1113 | } | ||
1114 | |||
1115 | - | ||
1116 | /* Process time queue... */ | ||
1117 | - while ((cell = snd_seq_prioq_cell_peek(q->timeq)) != NULL) { | ||
1118 | - if (snd_seq_compare_real_time(&q->timer->cur_time, | ||
1119 | - &cell->event.time.time)) { | ||
1120 | - cell = snd_seq_prioq_cell_out(q->timeq); | ||
1121 | - if (cell) | ||
1122 | - snd_seq_dispatch_event(cell, atomic, hop); | ||
1123 | - } else { | ||
1124 | - /* event remains in the queue */ | ||
1125 | + for (;;) { | ||
1126 | + cell = snd_seq_prioq_cell_out(q->timeq, &q->timer->cur_time); | ||
1127 | + if (!cell) | ||
1128 | break; | ||
1129 | - } | ||
1130 | + snd_seq_dispatch_event(cell, atomic, hop); | ||
1131 | } | ||
1132 | |||
1133 | /* free lock */ | ||
1134 | diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c | ||
1135 | index 96143df19b21..d5017adf9feb 100644 | ||
1136 | --- a/sound/pci/hda/hda_intel.c | ||
1137 | +++ b/sound/pci/hda/hda_intel.c | ||
1138 | @@ -181,11 +181,15 @@ static const struct kernel_param_ops param_ops_xint = { | ||
1139 | }; | ||
1140 | #define param_check_xint param_check_int | ||
1141 | |||
1142 | -static int power_save = -1; | ||
1143 | +static int power_save = CONFIG_SND_HDA_POWER_SAVE_DEFAULT; | ||
1144 | module_param(power_save, xint, 0644); | ||
1145 | MODULE_PARM_DESC(power_save, "Automatic power-saving timeout " | ||
1146 | "(in second, 0 = disable)."); | ||
1147 | |||
1148 | +static bool pm_blacklist = true; | ||
1149 | +module_param(pm_blacklist, bool, 0644); | ||
1150 | +MODULE_PARM_DESC(pm_blacklist, "Enable power-management blacklist"); | ||
1151 | + | ||
1152 | /* reset the HD-audio controller in power save mode. | ||
1153 | * this may give more power-saving, but will take longer time to | ||
1154 | * wake up. | ||
1155 | @@ -2300,10 +2304,9 @@ static int azx_probe_continue(struct azx *chip) | ||
1156 | |||
1157 | val = power_save; | ||
1158 | #ifdef CONFIG_PM | ||
1159 | - if (val == -1) { | ||
1160 | + if (pm_blacklist) { | ||
1161 | const struct snd_pci_quirk *q; | ||
1162 | |||
1163 | - val = CONFIG_SND_HDA_POWER_SAVE_DEFAULT; | ||
1164 | q = snd_pci_quirk_lookup(chip->pci, power_save_blacklist); | ||
1165 | if (q && val) { | ||
1166 | dev_info(chip->card->dev, "device %04x:%04x is on the power_save blacklist, forcing power_save to 0\n", | ||
1167 | diff --git a/tools/testing/selftests/x86/entry_from_vm86.c b/tools/testing/selftests/x86/entry_from_vm86.c | ||
1168 | index d075ea0e5ca1..ade443a88421 100644 | ||
1169 | --- a/tools/testing/selftests/x86/entry_from_vm86.c | ||
1170 | +++ b/tools/testing/selftests/x86/entry_from_vm86.c | ||
1171 | @@ -95,6 +95,31 @@ asm ( | ||
1172 | "int3\n\t" | ||
1173 | "vmcode_int80:\n\t" | ||
1174 | "int $0x80\n\t" | ||
1175 | + "vmcode_popf_hlt:\n\t" | ||
1176 | + "push %ax\n\t" | ||
1177 | + "popf\n\t" | ||
1178 | + "hlt\n\t" | ||
1179 | + "vmcode_umip:\n\t" | ||
1180 | + /* addressing via displacements */ | ||
1181 | + "smsw (2052)\n\t" | ||
1182 | + "sidt (2054)\n\t" | ||
1183 | + "sgdt (2060)\n\t" | ||
1184 | + /* addressing via registers */ | ||
1185 | + "mov $2066, %bx\n\t" | ||
1186 | + "smsw (%bx)\n\t" | ||
1187 | + "mov $2068, %bx\n\t" | ||
1188 | + "sidt (%bx)\n\t" | ||
1189 | + "mov $2074, %bx\n\t" | ||
1190 | + "sgdt (%bx)\n\t" | ||
1191 | + /* register operands, only for smsw */ | ||
1192 | + "smsw %ax\n\t" | ||
1193 | + "mov %ax, (2080)\n\t" | ||
1194 | + "int3\n\t" | ||
1195 | + "vmcode_umip_str:\n\t" | ||
1196 | + "str %eax\n\t" | ||
1197 | + "vmcode_umip_sldt:\n\t" | ||
1198 | + "sldt %eax\n\t" | ||
1199 | + "int3\n\t" | ||
1200 | ".size vmcode, . - vmcode\n\t" | ||
1201 | "end_vmcode:\n\t" | ||
1202 | ".code32\n\t" | ||
1203 | @@ -103,7 +128,8 @@ asm ( | ||
1204 | |||
1205 | extern unsigned char vmcode[], end_vmcode[]; | ||
1206 | extern unsigned char vmcode_bound[], vmcode_sysenter[], vmcode_syscall[], | ||
1207 | - vmcode_sti[], vmcode_int3[], vmcode_int80[]; | ||
1208 | + vmcode_sti[], vmcode_int3[], vmcode_int80[], vmcode_popf_hlt[], | ||
1209 | + vmcode_umip[], vmcode_umip_str[], vmcode_umip_sldt[]; | ||
1210 | |||
1211 | /* Returns false if the test was skipped. */ | ||
1212 | static bool do_test(struct vm86plus_struct *v86, unsigned long eip, | ||
1213 | @@ -153,13 +179,75 @@ static bool do_test(struct vm86plus_struct *v86, unsigned long eip, | ||
1214 | (VM86_TYPE(ret) == rettype && VM86_ARG(ret) == retarg)) { | ||
1215 | printf("[OK]\tReturned correctly\n"); | ||
1216 | } else { | ||
1217 | - printf("[FAIL]\tIncorrect return reason\n"); | ||
1218 | + printf("[FAIL]\tIncorrect return reason (started at eip = 0x%lx, ended at eip = 0x%lx)\n", eip, v86->regs.eip); | ||
1219 | nerrs++; | ||
1220 | } | ||
1221 | |||
1222 | return true; | ||
1223 | } | ||
1224 | |||
1225 | +void do_umip_tests(struct vm86plus_struct *vm86, unsigned char *test_mem) | ||
1226 | +{ | ||
1227 | + struct table_desc { | ||
1228 | + unsigned short limit; | ||
1229 | + unsigned long base; | ||
1230 | + } __attribute__((packed)); | ||
1231 | + | ||
1232 | + /* Initialize variables with arbitrary values */ | ||
1233 | + struct table_desc gdt1 = { .base = 0x3c3c3c3c, .limit = 0x9999 }; | ||
1234 | + struct table_desc gdt2 = { .base = 0x1a1a1a1a, .limit = 0xaeae }; | ||
1235 | + struct table_desc idt1 = { .base = 0x7b7b7b7b, .limit = 0xf1f1 }; | ||
1236 | + struct table_desc idt2 = { .base = 0x89898989, .limit = 0x1313 }; | ||
1237 | + unsigned short msw1 = 0x1414, msw2 = 0x2525, msw3 = 3737; | ||
1238 | + | ||
1239 | + /* UMIP -- exit with INT3 unless kernel emulation did not trap #GP */ | ||
1240 | + do_test(vm86, vmcode_umip - vmcode, VM86_TRAP, 3, "UMIP tests"); | ||
1241 | + | ||
1242 | + /* Results from displacement-only addressing */ | ||
1243 | + msw1 = *(unsigned short *)(test_mem + 2052); | ||
1244 | + memcpy(&idt1, test_mem + 2054, sizeof(idt1)); | ||
1245 | + memcpy(&gdt1, test_mem + 2060, sizeof(gdt1)); | ||
1246 | + | ||
1247 | + /* Results from register-indirect addressing */ | ||
1248 | + msw2 = *(unsigned short *)(test_mem + 2066); | ||
1249 | + memcpy(&idt2, test_mem + 2068, sizeof(idt2)); | ||
1250 | + memcpy(&gdt2, test_mem + 2074, sizeof(gdt2)); | ||
1251 | + | ||
1252 | + /* Results when using register operands */ | ||
1253 | + msw3 = *(unsigned short *)(test_mem + 2080); | ||
1254 | + | ||
1255 | + printf("[INFO]\tResult from SMSW:[0x%04x]\n", msw1); | ||
1256 | + printf("[INFO]\tResult from SIDT: limit[0x%04x]base[0x%08lx]\n", | ||
1257 | + idt1.limit, idt1.base); | ||
1258 | + printf("[INFO]\tResult from SGDT: limit[0x%04x]base[0x%08lx]\n", | ||
1259 | + gdt1.limit, gdt1.base); | ||
1260 | + | ||
1261 | + if (msw1 != msw2 || msw1 != msw3) | ||
1262 | + printf("[FAIL]\tAll the results of SMSW should be the same.\n"); | ||
1263 | + else | ||
1264 | + printf("[PASS]\tAll the results from SMSW are identical.\n"); | ||
1265 | + | ||
1266 | + if (memcmp(&gdt1, &gdt2, sizeof(gdt1))) | ||
1267 | + printf("[FAIL]\tAll the results of SGDT should be the same.\n"); | ||
1268 | + else | ||
1269 | + printf("[PASS]\tAll the results from SGDT are identical.\n"); | ||
1270 | + | ||
1271 | + if (memcmp(&idt1, &idt2, sizeof(idt1))) | ||
1272 | + printf("[FAIL]\tAll the results of SIDT should be the same.\n"); | ||
1273 | + else | ||
1274 | + printf("[PASS]\tAll the results from SIDT are identical.\n"); | ||
1275 | + | ||
1276 | + sethandler(SIGILL, sighandler, 0); | ||
1277 | + do_test(vm86, vmcode_umip_str - vmcode, VM86_SIGNAL, 0, | ||
1278 | + "STR instruction"); | ||
1279 | + clearhandler(SIGILL); | ||
1280 | + | ||
1281 | + sethandler(SIGILL, sighandler, 0); | ||
1282 | + do_test(vm86, vmcode_umip_sldt - vmcode, VM86_SIGNAL, 0, | ||
1283 | + "SLDT instruction"); | ||
1284 | + clearhandler(SIGILL); | ||
1285 | +} | ||
1286 | + | ||
1287 | int main(void) | ||
1288 | { | ||
1289 | struct vm86plus_struct v86; | ||
1290 | @@ -180,6 +268,9 @@ int main(void) | ||
1291 | v86.regs.ds = load_addr / 16; | ||
1292 | v86.regs.es = load_addr / 16; | ||
1293 | |||
1294 | + /* Use the end of the page as our stack. */ | ||
1295 | + v86.regs.esp = 4096; | ||
1296 | + | ||
1297 | assert((v86.regs.cs & 3) == 0); /* Looks like RPL = 0 */ | ||
1298 | |||
1299 | /* #BR -- should deliver SIG??? */ | ||
1300 | @@ -211,6 +302,23 @@ int main(void) | ||
1301 | v86.regs.eflags &= ~X86_EFLAGS_IF; | ||
1302 | do_test(&v86, vmcode_sti - vmcode, VM86_STI, 0, "STI with VIP set"); | ||
1303 | |||
1304 | + /* POPF with VIP set but IF clear: should not trap */ | ||
1305 | + v86.regs.eflags = X86_EFLAGS_VIP; | ||
1306 | + v86.regs.eax = 0; | ||
1307 | + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP set and IF clear"); | ||
1308 | + | ||
1309 | + /* POPF with VIP set and IF set: should trap */ | ||
1310 | + v86.regs.eflags = X86_EFLAGS_VIP; | ||
1311 | + v86.regs.eax = X86_EFLAGS_IF; | ||
1312 | + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_STI, 0, "POPF with VIP and IF set"); | ||
1313 | + | ||
1314 | + /* POPF with VIP clear and IF set: should not trap */ | ||
1315 | + v86.regs.eflags = 0; | ||
1316 | + v86.regs.eax = X86_EFLAGS_IF; | ||
1317 | + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP clear and IF set"); | ||
1318 | + | ||
1319 | + v86.regs.eflags = 0; | ||
1320 | + | ||
1321 | /* INT3 -- should cause #BP */ | ||
1322 | do_test(&v86, vmcode_int3 - vmcode, VM86_TRAP, 3, "INT3"); | ||
1323 | |||
1324 | @@ -218,6 +326,9 @@ int main(void) | ||
1325 | v86.regs.eax = (unsigned int)-1; | ||
1326 | do_test(&v86, vmcode_int80 - vmcode, VM86_INTx, 0x80, "int80"); | ||
1327 | |||
1328 | + /* UMIP -- should exit with INTx 0x80 unless UMIP was not disabled */ | ||
1329 | + do_umip_tests(&v86, addr); | ||
1330 | + | ||
1331 | /* Execute a null pointer */ | ||
1332 | v86.regs.cs = 0; | ||
1333 | v86.regs.ss = 0; | ||
1334 | @@ -231,7 +342,7 @@ int main(void) | ||
1335 | clearhandler(SIGSEGV); | ||
1336 | |||
1337 | /* Make sure nothing explodes if we fork. */ | ||
1338 | - if (fork() > 0) | ||
1339 | + if (fork() == 0) | ||
1340 | return 0; | ||
1341 | |||
1342 | return (nerrs == 0 ? 0 : 1); | ||
1343 | diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c | ||
1344 | index 8e89d63005c7..49a7d8c75937 100644 | ||
1345 | --- a/virt/kvm/arm/arch_timer.c | ||
1346 | +++ b/virt/kvm/arm/arch_timer.c | ||
1347 | @@ -602,7 +602,7 @@ int kvm_timer_hyp_init(void) | ||
1348 | return err; | ||
1349 | } | ||
1350 | |||
1351 | - kvm_info("virtual timer IRQ%d\n", host_vtimer_irq); | ||
1352 | + kvm_debug("virtual timer IRQ%d\n", host_vtimer_irq); | ||
1353 | |||
1354 | cpuhp_setup_state(CPUHP_AP_KVM_ARM_TIMER_STARTING, | ||
1355 | "kvm/arm/timer:starting", kvm_timer_starting_cpu, | ||
1356 | diff --git a/virt/kvm/arm/hyp/vgic-v3-sr.c b/virt/kvm/arm/hyp/vgic-v3-sr.c | ||
1357 | index 91728faa13fd..f2d1d4e8ae59 100644 | ||
1358 | --- a/virt/kvm/arm/hyp/vgic-v3-sr.c | ||
1359 | +++ b/virt/kvm/arm/hyp/vgic-v3-sr.c | ||
1360 | @@ -215,7 +215,8 @@ void __hyp_text __vgic_v3_save_state(struct kvm_vcpu *vcpu) | ||
1361 | * are now visible to the system register interface. | ||
1362 | */ | ||
1363 | if (!cpu_if->vgic_sre) { | ||
1364 | - dsb(st); | ||
1365 | + dsb(sy); | ||
1366 | + isb(); | ||
1367 | cpu_if->vgic_vmcr = read_gicreg(ICH_VMCR_EL2); | ||
1368 | } | ||
1369 | |||
1370 | diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c | ||
1371 | index 9dea96380339..b69798a7880e 100644 | ||
1372 | --- a/virt/kvm/arm/mmu.c | ||
1373 | +++ b/virt/kvm/arm/mmu.c | ||
1374 | @@ -1760,9 +1760,9 @@ int kvm_mmu_init(void) | ||
1375 | */ | ||
1376 | BUG_ON((hyp_idmap_start ^ (hyp_idmap_end - 1)) & PAGE_MASK); | ||
1377 | |||
1378 | - kvm_info("IDMAP page: %lx\n", hyp_idmap_start); | ||
1379 | - kvm_info("HYP VA range: %lx:%lx\n", | ||
1380 | - kern_hyp_va(PAGE_OFFSET), kern_hyp_va(~0UL)); | ||
1381 | + kvm_debug("IDMAP page: %lx\n", hyp_idmap_start); | ||
1382 | + kvm_debug("HYP VA range: %lx:%lx\n", | ||
1383 | + kern_hyp_va(PAGE_OFFSET), kern_hyp_va(~0UL)); | ||
1384 | |||
1385 | if (hyp_idmap_start >= kern_hyp_va(PAGE_OFFSET) && | ||
1386 | hyp_idmap_start < kern_hyp_va(~0UL) && | ||
1387 | diff --git a/virt/kvm/arm/vgic/vgic-v2.c b/virt/kvm/arm/vgic/vgic-v2.c | ||
1388 | index e4187e52bb26..841d4b27555a 100644 | ||
1389 | --- a/virt/kvm/arm/vgic/vgic-v2.c | ||
1390 | +++ b/virt/kvm/arm/vgic/vgic-v2.c | ||
1391 | @@ -37,6 +37,13 @@ void vgic_v2_init_lrs(void) | ||
1392 | vgic_v2_write_lr(i, 0); | ||
1393 | } | ||
1394 | |||
1395 | +void vgic_v2_set_npie(struct kvm_vcpu *vcpu) | ||
1396 | +{ | ||
1397 | + struct vgic_v2_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v2; | ||
1398 | + | ||
1399 | + cpuif->vgic_hcr |= GICH_HCR_NPIE; | ||
1400 | +} | ||
1401 | + | ||
1402 | void vgic_v2_set_underflow(struct kvm_vcpu *vcpu) | ||
1403 | { | ||
1404 | struct vgic_v2_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v2; | ||
1405 | @@ -63,7 +70,7 @@ void vgic_v2_fold_lr_state(struct kvm_vcpu *vcpu) | ||
1406 | struct vgic_v2_cpu_if *cpuif = &vgic_cpu->vgic_v2; | ||
1407 | int lr; | ||
1408 | |||
1409 | - cpuif->vgic_hcr &= ~GICH_HCR_UIE; | ||
1410 | + cpuif->vgic_hcr &= ~(GICH_HCR_UIE | GICH_HCR_NPIE); | ||
1411 | |||
1412 | for (lr = 0; lr < vgic_cpu->used_lrs; lr++) { | ||
1413 | u32 val = cpuif->vgic_lr[lr]; | ||
1414 | @@ -380,7 +387,7 @@ int vgic_v2_probe(const struct gic_kvm_info *info) | ||
1415 | kvm_vgic_global_state.type = VGIC_V2; | ||
1416 | kvm_vgic_global_state.max_gic_vcpus = VGIC_V2_MAX_CPUS; | ||
1417 | |||
1418 | - kvm_info("vgic-v2@%llx\n", info->vctrl.start); | ||
1419 | + kvm_debug("vgic-v2@%llx\n", info->vctrl.start); | ||
1420 | |||
1421 | return 0; | ||
1422 | out: | ||
1423 | diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c | ||
1424 | index 502f2100e7bf..9dcc31600a8b 100644 | ||
1425 | --- a/virt/kvm/arm/vgic/vgic-v3.c | ||
1426 | +++ b/virt/kvm/arm/vgic/vgic-v3.c | ||
1427 | @@ -25,6 +25,13 @@ static bool group0_trap; | ||
1428 | static bool group1_trap; | ||
1429 | static bool common_trap; | ||
1430 | |||
1431 | +void vgic_v3_set_npie(struct kvm_vcpu *vcpu) | ||
1432 | +{ | ||
1433 | + struct vgic_v3_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v3; | ||
1434 | + | ||
1435 | + cpuif->vgic_hcr |= ICH_HCR_NPIE; | ||
1436 | +} | ||
1437 | + | ||
1438 | void vgic_v3_set_underflow(struct kvm_vcpu *vcpu) | ||
1439 | { | ||
1440 | struct vgic_v3_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v3; | ||
1441 | @@ -45,7 +52,7 @@ void vgic_v3_fold_lr_state(struct kvm_vcpu *vcpu) | ||
1442 | u32 model = vcpu->kvm->arch.vgic.vgic_model; | ||
1443 | int lr; | ||
1444 | |||
1445 | - cpuif->vgic_hcr &= ~ICH_HCR_UIE; | ||
1446 | + cpuif->vgic_hcr &= ~(ICH_HCR_UIE | ICH_HCR_NPIE); | ||
1447 | |||
1448 | for (lr = 0; lr < vgic_cpu->used_lrs; lr++) { | ||
1449 | u64 val = cpuif->vgic_lr[lr]; | ||
1450 | diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c | ||
1451 | index da53c6e7d688..c9a8e7b7c300 100644 | ||
1452 | --- a/virt/kvm/arm/vgic/vgic.c | ||
1453 | +++ b/virt/kvm/arm/vgic/vgic.c | ||
1454 | @@ -610,22 +610,37 @@ static inline void vgic_set_underflow(struct kvm_vcpu *vcpu) | ||
1455 | vgic_v3_set_underflow(vcpu); | ||
1456 | } | ||
1457 | |||
1458 | +static inline void vgic_set_npie(struct kvm_vcpu *vcpu) | ||
1459 | +{ | ||
1460 | + if (kvm_vgic_global_state.type == VGIC_V2) | ||
1461 | + vgic_v2_set_npie(vcpu); | ||
1462 | + else | ||
1463 | + vgic_v3_set_npie(vcpu); | ||
1464 | +} | ||
1465 | + | ||
1466 | /* Requires the ap_list_lock to be held. */ | ||
1467 | -static int compute_ap_list_depth(struct kvm_vcpu *vcpu) | ||
1468 | +static int compute_ap_list_depth(struct kvm_vcpu *vcpu, | ||
1469 | + bool *multi_sgi) | ||
1470 | { | ||
1471 | struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; | ||
1472 | struct vgic_irq *irq; | ||
1473 | int count = 0; | ||
1474 | |||
1475 | + *multi_sgi = false; | ||
1476 | + | ||
1477 | DEBUG_SPINLOCK_BUG_ON(!spin_is_locked(&vgic_cpu->ap_list_lock)); | ||
1478 | |||
1479 | list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { | ||
1480 | spin_lock(&irq->irq_lock); | ||
1481 | /* GICv2 SGIs can count for more than one... */ | ||
1482 | - if (vgic_irq_is_sgi(irq->intid) && irq->source) | ||
1483 | - count += hweight8(irq->source); | ||
1484 | - else | ||
1485 | + if (vgic_irq_is_sgi(irq->intid) && irq->source) { | ||
1486 | + int w = hweight8(irq->source); | ||
1487 | + | ||
1488 | + count += w; | ||
1489 | + *multi_sgi |= (w > 1); | ||
1490 | + } else { | ||
1491 | count++; | ||
1492 | + } | ||
1493 | spin_unlock(&irq->irq_lock); | ||
1494 | } | ||
1495 | return count; | ||
1496 | @@ -636,28 +651,43 @@ static void vgic_flush_lr_state(struct kvm_vcpu *vcpu) | ||
1497 | { | ||
1498 | struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; | ||
1499 | struct vgic_irq *irq; | ||
1500 | - int count = 0; | ||
1501 | + int count; | ||
1502 | + bool npie = false; | ||
1503 | + bool multi_sgi; | ||
1504 | + u8 prio = 0xff; | ||
1505 | |||
1506 | DEBUG_SPINLOCK_BUG_ON(!spin_is_locked(&vgic_cpu->ap_list_lock)); | ||
1507 | |||
1508 | - if (compute_ap_list_depth(vcpu) > kvm_vgic_global_state.nr_lr) | ||
1509 | + count = compute_ap_list_depth(vcpu, &multi_sgi); | ||
1510 | + if (count > kvm_vgic_global_state.nr_lr || multi_sgi) | ||
1511 | vgic_sort_ap_list(vcpu); | ||
1512 | |||
1513 | + count = 0; | ||
1514 | + | ||
1515 | list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { | ||
1516 | spin_lock(&irq->irq_lock); | ||
1517 | |||
1518 | - if (unlikely(vgic_target_oracle(irq) != vcpu)) | ||
1519 | - goto next; | ||
1520 | - | ||
1521 | /* | ||
1522 | - * If we get an SGI with multiple sources, try to get | ||
1523 | - * them in all at once. | ||
1524 | + * If we have multi-SGIs in the pipeline, we need to | ||
1525 | + * guarantee that they are all seen before any IRQ of | ||
1526 | + * lower priority. In that case, we need to filter out | ||
1527 | + * these interrupts by exiting early. This is easy as | ||
1528 | + * the AP list has been sorted already. | ||
1529 | */ | ||
1530 | - do { | ||
1531 | + if (multi_sgi && irq->priority > prio) { | ||
1532 | + spin_unlock(&irq->irq_lock); | ||
1533 | + break; | ||
1534 | + } | ||
1535 | + | ||
1536 | + if (likely(vgic_target_oracle(irq) == vcpu)) { | ||
1537 | vgic_populate_lr(vcpu, irq, count++); | ||
1538 | - } while (irq->source && count < kvm_vgic_global_state.nr_lr); | ||
1539 | |||
1540 | -next: | ||
1541 | + if (irq->source) { | ||
1542 | + npie = true; | ||
1543 | + prio = irq->priority; | ||
1544 | + } | ||
1545 | + } | ||
1546 | + | ||
1547 | spin_unlock(&irq->irq_lock); | ||
1548 | |||
1549 | if (count == kvm_vgic_global_state.nr_lr) { | ||
1550 | @@ -668,6 +698,9 @@ static void vgic_flush_lr_state(struct kvm_vcpu *vcpu) | ||
1551 | } | ||
1552 | } | ||
1553 | |||
1554 | + if (npie) | ||
1555 | + vgic_set_npie(vcpu); | ||
1556 | + | ||
1557 | vcpu->arch.vgic_cpu.used_lrs = count; | ||
1558 | |||
1559 | /* Nuke remaining LRs */ | ||
1560 | diff --git a/virt/kvm/arm/vgic/vgic.h b/virt/kvm/arm/vgic/vgic.h | ||
1561 | index bf9ceab67c77..f7450dc41ab3 100644 | ||
1562 | --- a/virt/kvm/arm/vgic/vgic.h | ||
1563 | +++ b/virt/kvm/arm/vgic/vgic.h | ||
1564 | @@ -150,6 +150,7 @@ void vgic_v2_fold_lr_state(struct kvm_vcpu *vcpu); | ||
1565 | void vgic_v2_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr); | ||
1566 | void vgic_v2_clear_lr(struct kvm_vcpu *vcpu, int lr); | ||
1567 | void vgic_v2_set_underflow(struct kvm_vcpu *vcpu); | ||
1568 | +void vgic_v2_set_npie(struct kvm_vcpu *vcpu); | ||
1569 | int vgic_v2_has_attr_regs(struct kvm_device *dev, struct kvm_device_attr *attr); | ||
1570 | int vgic_v2_dist_uaccess(struct kvm_vcpu *vcpu, bool is_write, | ||
1571 | int offset, u32 *val); | ||
1572 | @@ -179,6 +180,7 @@ void vgic_v3_fold_lr_state(struct kvm_vcpu *vcpu); | ||
1573 | void vgic_v3_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr); | ||
1574 | void vgic_v3_clear_lr(struct kvm_vcpu *vcpu, int lr); | ||
1575 | void vgic_v3_set_underflow(struct kvm_vcpu *vcpu); | ||
1576 | +void vgic_v3_set_npie(struct kvm_vcpu *vcpu); | ||
1577 | void vgic_v3_set_vmcr(struct kvm_vcpu *vcpu, struct vgic_vmcr *vmcr); | ||
1578 | void vgic_v3_get_vmcr(struct kvm_vcpu *vcpu, struct vgic_vmcr *vmcr); | ||
1579 | void vgic_v3_enable(struct kvm_vcpu *vcpu); |