Contents of /trunk/kernel-alx/patches-4.14/0128-4.14.29-all-fixes.patch
Parent Directory | Revision Log
Revision 3238 -
(show annotations)
(download)
Fri Nov 9 12:14:58 2018 UTC (5 years, 10 months ago) by niro
File size: 53609 byte(s)
Fri Nov 9 12:14:58 2018 UTC (5 years, 10 months ago) by niro
File size: 53609 byte(s)
-added up to patches-4.14.79
1 | diff --git a/Makefile b/Makefile |
2 | index 9ae370a47ff9..4b2aa0dd4043 100644 |
3 | --- a/Makefile |
4 | +++ b/Makefile |
5 | @@ -1,7 +1,7 @@ |
6 | # SPDX-License-Identifier: GPL-2.0 |
7 | VERSION = 4 |
8 | PATCHLEVEL = 14 |
9 | -SUBLEVEL = 28 |
10 | +SUBLEVEL = 29 |
11 | EXTRAVERSION = |
12 | NAME = Petit Gorille |
13 | |
14 | diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c |
15 | index 79089778725b..e3b45546d589 100644 |
16 | --- a/arch/parisc/kernel/cache.c |
17 | +++ b/arch/parisc/kernel/cache.c |
18 | @@ -543,7 +543,8 @@ void flush_cache_mm(struct mm_struct *mm) |
19 | rp3440, etc. So, avoid it if the mm isn't too big. */ |
20 | if ((!IS_ENABLED(CONFIG_SMP) || !arch_irqs_disabled()) && |
21 | mm_total_size(mm) >= parisc_cache_flush_threshold) { |
22 | - flush_tlb_all(); |
23 | + if (mm->context) |
24 | + flush_tlb_all(); |
25 | flush_cache_all(); |
26 | return; |
27 | } |
28 | @@ -571,6 +572,8 @@ void flush_cache_mm(struct mm_struct *mm) |
29 | pfn = pte_pfn(*ptep); |
30 | if (!pfn_valid(pfn)) |
31 | continue; |
32 | + if (unlikely(mm->context)) |
33 | + flush_tlb_page(vma, addr); |
34 | __flush_cache_page(vma, addr, PFN_PHYS(pfn)); |
35 | } |
36 | } |
37 | @@ -579,26 +582,46 @@ void flush_cache_mm(struct mm_struct *mm) |
38 | void flush_cache_range(struct vm_area_struct *vma, |
39 | unsigned long start, unsigned long end) |
40 | { |
41 | + pgd_t *pgd; |
42 | + unsigned long addr; |
43 | + |
44 | if ((!IS_ENABLED(CONFIG_SMP) || !arch_irqs_disabled()) && |
45 | end - start >= parisc_cache_flush_threshold) { |
46 | - flush_tlb_range(vma, start, end); |
47 | + if (vma->vm_mm->context) |
48 | + flush_tlb_range(vma, start, end); |
49 | flush_cache_all(); |
50 | return; |
51 | } |
52 | |
53 | - flush_user_dcache_range_asm(start, end); |
54 | - if (vma->vm_flags & VM_EXEC) |
55 | - flush_user_icache_range_asm(start, end); |
56 | - flush_tlb_range(vma, start, end); |
57 | + if (vma->vm_mm->context == mfsp(3)) { |
58 | + flush_user_dcache_range_asm(start, end); |
59 | + if (vma->vm_flags & VM_EXEC) |
60 | + flush_user_icache_range_asm(start, end); |
61 | + flush_tlb_range(vma, start, end); |
62 | + return; |
63 | + } |
64 | + |
65 | + pgd = vma->vm_mm->pgd; |
66 | + for (addr = vma->vm_start; addr < vma->vm_end; addr += PAGE_SIZE) { |
67 | + unsigned long pfn; |
68 | + pte_t *ptep = get_ptep(pgd, addr); |
69 | + if (!ptep) |
70 | + continue; |
71 | + pfn = pte_pfn(*ptep); |
72 | + if (pfn_valid(pfn)) { |
73 | + if (unlikely(vma->vm_mm->context)) |
74 | + flush_tlb_page(vma, addr); |
75 | + __flush_cache_page(vma, addr, PFN_PHYS(pfn)); |
76 | + } |
77 | + } |
78 | } |
79 | |
80 | void |
81 | flush_cache_page(struct vm_area_struct *vma, unsigned long vmaddr, unsigned long pfn) |
82 | { |
83 | - BUG_ON(!vma->vm_mm->context); |
84 | - |
85 | if (pfn_valid(pfn)) { |
86 | - flush_tlb_page(vma, vmaddr); |
87 | + if (likely(vma->vm_mm->context)) |
88 | + flush_tlb_page(vma, vmaddr); |
89 | __flush_cache_page(vma, vmaddr, PFN_PHYS(pfn)); |
90 | } |
91 | } |
92 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
93 | index 66c14347c502..23a65439c37c 100644 |
94 | --- a/arch/x86/include/asm/cpufeatures.h |
95 | +++ b/arch/x86/include/asm/cpufeatures.h |
96 | @@ -314,6 +314,7 @@ |
97 | #define X86_FEATURE_VPCLMULQDQ (16*32+10) /* Carry-Less Multiplication Double Quadword */ |
98 | #define X86_FEATURE_AVX512_VNNI (16*32+11) /* Vector Neural Network Instructions */ |
99 | #define X86_FEATURE_AVX512_BITALG (16*32+12) /* Support for VPOPCNT[B,W] and VPSHUF-BITQMB instructions */ |
100 | +#define X86_FEATURE_TME (16*32+13) /* Intel Total Memory Encryption */ |
101 | #define X86_FEATURE_AVX512_VPOPCNTDQ (16*32+14) /* POPCNT for vectors of DW/QW */ |
102 | #define X86_FEATURE_LA57 (16*32+16) /* 5-level page tables */ |
103 | #define X86_FEATURE_RDPID (16*32+22) /* RDPID instruction */ |
104 | @@ -326,6 +327,7 @@ |
105 | /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */ |
106 | #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ |
107 | #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ |
108 | +#define X86_FEATURE_PCONFIG (18*32+18) /* Intel PCONFIG */ |
109 | #define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */ |
110 | #define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */ |
111 | #define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */ |
112 | diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
113 | index d0dabeae0505..f928ad9b143f 100644 |
114 | --- a/arch/x86/include/asm/nospec-branch.h |
115 | +++ b/arch/x86/include/asm/nospec-branch.h |
116 | @@ -183,7 +183,10 @@ |
117 | * otherwise we'll run out of registers. We don't care about CET |
118 | * here, anyway. |
119 | */ |
120 | -# define CALL_NOSPEC ALTERNATIVE("call *%[thunk_target]\n", \ |
121 | +# define CALL_NOSPEC \ |
122 | + ALTERNATIVE( \ |
123 | + ANNOTATE_RETPOLINE_SAFE \ |
124 | + "call *%[thunk_target]\n", \ |
125 | " jmp 904f;\n" \ |
126 | " .align 16\n" \ |
127 | "901: call 903f;\n" \ |
128 | diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c |
129 | index 4aa9fd379390..c3af167d0a70 100644 |
130 | --- a/arch/x86/kernel/cpu/intel.c |
131 | +++ b/arch/x86/kernel/cpu/intel.c |
132 | @@ -105,7 +105,7 @@ static void probe_xeon_phi_r3mwait(struct cpuinfo_x86 *c) |
133 | /* |
134 | * Early microcode releases for the Spectre v2 mitigation were broken. |
135 | * Information taken from; |
136 | - * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/microcode-update-guidance.pdf |
137 | + * - https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf |
138 | * - https://kb.vmware.com/s/article/52345 |
139 | * - Microcode revisions observed in the wild |
140 | * - Release note from 20180108 microcode release |
141 | @@ -123,7 +123,6 @@ static const struct sku_microcode spectre_bad_microcodes[] = { |
142 | { INTEL_FAM6_KABYLAKE_MOBILE, 0x09, 0x80 }, |
143 | { INTEL_FAM6_SKYLAKE_X, 0x03, 0x0100013e }, |
144 | { INTEL_FAM6_SKYLAKE_X, 0x04, 0x0200003c }, |
145 | - { INTEL_FAM6_SKYLAKE_DESKTOP, 0x03, 0xc2 }, |
146 | { INTEL_FAM6_BROADWELL_CORE, 0x04, 0x28 }, |
147 | { INTEL_FAM6_BROADWELL_GT3E, 0x01, 0x1b }, |
148 | { INTEL_FAM6_BROADWELL_XEON_D, 0x02, 0x14 }, |
149 | diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c |
150 | index 5edb27f1a2c4..9d0b5af7db91 100644 |
151 | --- a/arch/x86/kernel/vm86_32.c |
152 | +++ b/arch/x86/kernel/vm86_32.c |
153 | @@ -727,7 +727,8 @@ void handle_vm86_fault(struct kernel_vm86_regs *regs, long error_code) |
154 | return; |
155 | |
156 | check_vip: |
157 | - if (VEFLAGS & X86_EFLAGS_VIP) { |
158 | + if ((VEFLAGS & (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) == |
159 | + (X86_EFLAGS_VIP | X86_EFLAGS_VIF)) { |
160 | save_v86_state(regs, VM86_STI); |
161 | return; |
162 | } |
163 | diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c |
164 | index 2b6f8a4f2731..f438e0c4aa8c 100644 |
165 | --- a/arch/x86/kvm/mmu.c |
166 | +++ b/arch/x86/kvm/mmu.c |
167 | @@ -2758,8 +2758,10 @@ static int set_spte(struct kvm_vcpu *vcpu, u64 *sptep, |
168 | else |
169 | pte_access &= ~ACC_WRITE_MASK; |
170 | |
171 | + if (!kvm_is_mmio_pfn(pfn)) |
172 | + spte |= shadow_me_mask; |
173 | + |
174 | spte |= (u64)pfn << PAGE_SHIFT; |
175 | - spte |= shadow_me_mask; |
176 | |
177 | if (pte_access & ACC_WRITE_MASK) { |
178 | |
179 | diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
180 | index 4c155ee0f89e..0133d26f16be 100644 |
181 | --- a/arch/x86/mm/fault.c |
182 | +++ b/arch/x86/mm/fault.c |
183 | @@ -330,7 +330,7 @@ static noinline int vmalloc_fault(unsigned long address) |
184 | if (!pmd_k) |
185 | return -1; |
186 | |
187 | - if (pmd_huge(*pmd_k)) |
188 | + if (pmd_large(*pmd_k)) |
189 | return 0; |
190 | |
191 | pte_k = pte_offset_kernel(pmd_k, address); |
192 | @@ -479,7 +479,7 @@ static noinline int vmalloc_fault(unsigned long address) |
193 | if (pud_none(*pud) || pud_pfn(*pud) != pud_pfn(*pud_ref)) |
194 | BUG(); |
195 | |
196 | - if (pud_huge(*pud)) |
197 | + if (pud_large(*pud)) |
198 | return 0; |
199 | |
200 | pmd = pmd_offset(pud, address); |
201 | @@ -490,7 +490,7 @@ static noinline int vmalloc_fault(unsigned long address) |
202 | if (pmd_none(*pmd) || pmd_pfn(*pmd) != pmd_pfn(*pmd_ref)) |
203 | BUG(); |
204 | |
205 | - if (pmd_huge(*pmd)) |
206 | + if (pmd_large(*pmd)) |
207 | return 0; |
208 | |
209 | pte_ref = pte_offset_kernel(pmd_ref, address); |
210 | diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c |
211 | index 848242821ef3..1eff36a87595 100644 |
212 | --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c |
213 | +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c |
214 | @@ -69,25 +69,18 @@ void amdgpu_connector_hotplug(struct drm_connector *connector) |
215 | /* don't do anything if sink is not display port, i.e., |
216 | * passive dp->(dvi|hdmi) adaptor |
217 | */ |
218 | - if (dig_connector->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT) { |
219 | - int saved_dpms = connector->dpms; |
220 | - /* Only turn off the display if it's physically disconnected */ |
221 | - if (!amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd)) { |
222 | - drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF); |
223 | - } else if (amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) { |
224 | - /* Don't try to start link training before we |
225 | - * have the dpcd */ |
226 | - if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector)) |
227 | - return; |
228 | - |
229 | - /* set it to OFF so that drm_helper_connector_dpms() |
230 | - * won't return immediately since the current state |
231 | - * is ON at this point. |
232 | - */ |
233 | - connector->dpms = DRM_MODE_DPMS_OFF; |
234 | - drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON); |
235 | - } |
236 | - connector->dpms = saved_dpms; |
237 | + if (dig_connector->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT && |
238 | + amdgpu_display_hpd_sense(adev, amdgpu_connector->hpd.hpd) && |
239 | + amdgpu_atombios_dp_needs_link_train(amdgpu_connector)) { |
240 | + /* Don't start link training before we have the DPCD */ |
241 | + if (amdgpu_atombios_dp_get_dpcd(amdgpu_connector)) |
242 | + return; |
243 | + |
244 | + /* Turn the connector off and back on immediately, which |
245 | + * will trigger link training |
246 | + */ |
247 | + drm_helper_connector_dpms(connector, DRM_MODE_DPMS_OFF); |
248 | + drm_helper_connector_dpms(connector, DRM_MODE_DPMS_ON); |
249 | } |
250 | } |
251 | } |
252 | diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c |
253 | index 7171968f261e..837332e84d78 100644 |
254 | --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c |
255 | +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gem.c |
256 | @@ -36,8 +36,6 @@ void amdgpu_gem_object_free(struct drm_gem_object *gobj) |
257 | struct amdgpu_bo *robj = gem_to_amdgpu_bo(gobj); |
258 | |
259 | if (robj) { |
260 | - if (robj->gem_base.import_attach) |
261 | - drm_prime_gem_destroy(&robj->gem_base, robj->tbo.sg); |
262 | amdgpu_mn_unregister(robj); |
263 | amdgpu_bo_unref(&robj); |
264 | } |
265 | diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |
266 | index ffe483980362..4d08957d2108 100644 |
267 | --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |
268 | +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c |
269 | @@ -46,6 +46,8 @@ static void amdgpu_ttm_bo_destroy(struct ttm_buffer_object *tbo) |
270 | |
271 | amdgpu_bo_kunmap(bo); |
272 | |
273 | + if (bo->gem_base.import_attach) |
274 | + drm_prime_gem_destroy(&bo->gem_base, bo->tbo.sg); |
275 | drm_gem_object_release(&bo->gem_base); |
276 | amdgpu_bo_unref(&bo->parent); |
277 | if (!list_empty(&bo->shadow_list)) { |
278 | diff --git a/drivers/gpu/drm/nouveau/nouveau_backlight.c b/drivers/gpu/drm/nouveau/nouveau_backlight.c |
279 | index 380f340204e8..f56f60f695e1 100644 |
280 | --- a/drivers/gpu/drm/nouveau/nouveau_backlight.c |
281 | +++ b/drivers/gpu/drm/nouveau/nouveau_backlight.c |
282 | @@ -268,13 +268,13 @@ nouveau_backlight_init(struct drm_device *dev) |
283 | struct nvif_device *device = &drm->client.device; |
284 | struct drm_connector *connector; |
285 | |
286 | + INIT_LIST_HEAD(&drm->bl_connectors); |
287 | + |
288 | if (apple_gmux_present()) { |
289 | NV_INFO(drm, "Apple GMUX detected: not registering Nouveau backlight interface\n"); |
290 | return 0; |
291 | } |
292 | |
293 | - INIT_LIST_HEAD(&drm->bl_connectors); |
294 | - |
295 | list_for_each_entry(connector, &dev->mode_config.connector_list, head) { |
296 | if (connector->connector_type != DRM_MODE_CONNECTOR_LVDS && |
297 | connector->connector_type != DRM_MODE_CONNECTOR_eDP) |
298 | diff --git a/drivers/gpu/drm/radeon/radeon_gem.c b/drivers/gpu/drm/radeon/radeon_gem.c |
299 | index 3386452bd2f0..ac467b80edc7 100644 |
300 | --- a/drivers/gpu/drm/radeon/radeon_gem.c |
301 | +++ b/drivers/gpu/drm/radeon/radeon_gem.c |
302 | @@ -34,8 +34,6 @@ void radeon_gem_object_free(struct drm_gem_object *gobj) |
303 | struct radeon_bo *robj = gem_to_radeon_bo(gobj); |
304 | |
305 | if (robj) { |
306 | - if (robj->gem_base.import_attach) |
307 | - drm_prime_gem_destroy(&robj->gem_base, robj->tbo.sg); |
308 | radeon_mn_unregister(robj); |
309 | radeon_bo_unref(&robj); |
310 | } |
311 | diff --git a/drivers/gpu/drm/radeon/radeon_object.c b/drivers/gpu/drm/radeon/radeon_object.c |
312 | index 093594976126..baadb706c276 100644 |
313 | --- a/drivers/gpu/drm/radeon/radeon_object.c |
314 | +++ b/drivers/gpu/drm/radeon/radeon_object.c |
315 | @@ -82,6 +82,8 @@ static void radeon_ttm_bo_destroy(struct ttm_buffer_object *tbo) |
316 | mutex_unlock(&bo->rdev->gem.mutex); |
317 | radeon_bo_clear_surface_reg(bo); |
318 | WARN_ON_ONCE(!list_empty(&bo->va)); |
319 | + if (bo->gem_base.import_attach) |
320 | + drm_prime_gem_destroy(&bo->gem_base, bo->tbo.sg); |
321 | drm_gem_object_release(&bo->gem_base); |
322 | kfree(bo); |
323 | } |
324 | diff --git a/drivers/infiniband/sw/rdmavt/mr.c b/drivers/infiniband/sw/rdmavt/mr.c |
325 | index 42713511b53b..524e6134642e 100644 |
326 | --- a/drivers/infiniband/sw/rdmavt/mr.c |
327 | +++ b/drivers/infiniband/sw/rdmavt/mr.c |
328 | @@ -489,11 +489,13 @@ static int rvt_check_refs(struct rvt_mregion *mr, const char *t) |
329 | unsigned long timeout; |
330 | struct rvt_dev_info *rdi = ib_to_rvt(mr->pd->device); |
331 | |
332 | - if (percpu_ref_is_zero(&mr->refcount)) |
333 | - return 0; |
334 | - /* avoid dma mr */ |
335 | - if (mr->lkey) |
336 | + if (mr->lkey) { |
337 | + /* avoid dma mr */ |
338 | rvt_dereg_clean_qps(mr); |
339 | + /* @mr was indexed on rcu protected @lkey_table */ |
340 | + synchronize_rcu(); |
341 | + } |
342 | + |
343 | timeout = wait_for_completion_timeout(&mr->comp, 5 * HZ); |
344 | if (!timeout) { |
345 | rvt_pr_err(rdi, |
346 | diff --git a/drivers/irqchip/irq-gic-v3-its.c b/drivers/irqchip/irq-gic-v3-its.c |
347 | index e88395605e32..af57f8473a88 100644 |
348 | --- a/drivers/irqchip/irq-gic-v3-its.c |
349 | +++ b/drivers/irqchip/irq-gic-v3-its.c |
350 | @@ -1310,7 +1310,7 @@ static struct irq_chip its_irq_chip = { |
351 | * This gives us (((1UL << id_bits) - 8192) >> 5) possible allocations. |
352 | */ |
353 | #define IRQS_PER_CHUNK_SHIFT 5 |
354 | -#define IRQS_PER_CHUNK (1 << IRQS_PER_CHUNK_SHIFT) |
355 | +#define IRQS_PER_CHUNK (1UL << IRQS_PER_CHUNK_SHIFT) |
356 | #define ITS_MAX_LPI_NRBITS 16 /* 64K LPIs */ |
357 | |
358 | static unsigned long *lpi_bitmap; |
359 | @@ -2026,11 +2026,10 @@ static struct its_device *its_create_device(struct its_node *its, u32 dev_id, |
360 | |
361 | dev = kzalloc(sizeof(*dev), GFP_KERNEL); |
362 | /* |
363 | - * At least one bit of EventID is being used, hence a minimum |
364 | - * of two entries. No, the architecture doesn't let you |
365 | - * express an ITT with a single entry. |
366 | + * We allocate at least one chunk worth of LPIs bet device, |
367 | + * and thus that many ITEs. The device may require less though. |
368 | */ |
369 | - nr_ites = max(2UL, roundup_pow_of_two(nvecs)); |
370 | + nr_ites = max(IRQS_PER_CHUNK, roundup_pow_of_two(nvecs)); |
371 | sz = nr_ites * its->ite_size; |
372 | sz = max(sz, ITS_ITT_ALIGN) + ITS_ITT_ALIGN - 1; |
373 | itt = kzalloc(sz, GFP_KERNEL); |
374 | diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c |
375 | index 9603886737b5..2300c02ab5e6 100644 |
376 | --- a/drivers/scsi/qla2xxx/qla_init.c |
377 | +++ b/drivers/scsi/qla2xxx/qla_init.c |
378 | @@ -102,11 +102,16 @@ qla2x00_async_iocb_timeout(void *data) |
379 | struct srb_iocb *lio = &sp->u.iocb_cmd; |
380 | struct event_arg ea; |
381 | |
382 | - ql_dbg(ql_dbg_disc, fcport->vha, 0x2071, |
383 | - "Async-%s timeout - hdl=%x portid=%06x %8phC.\n", |
384 | - sp->name, sp->handle, fcport->d_id.b24, fcport->port_name); |
385 | + if (fcport) { |
386 | + ql_dbg(ql_dbg_disc, fcport->vha, 0x2071, |
387 | + "Async-%s timeout - hdl=%x portid=%06x %8phC.\n", |
388 | + sp->name, sp->handle, fcport->d_id.b24, fcport->port_name); |
389 | |
390 | - fcport->flags &= ~FCF_ASYNC_SENT; |
391 | + fcport->flags &= ~FCF_ASYNC_SENT; |
392 | + } else { |
393 | + pr_info("Async-%s timeout - hdl=%x.\n", |
394 | + sp->name, sp->handle); |
395 | + } |
396 | |
397 | switch (sp->type) { |
398 | case SRB_LOGIN_CMD: |
399 | diff --git a/drivers/scsi/qla2xxx/qla_mid.c b/drivers/scsi/qla2xxx/qla_mid.c |
400 | index 78df7cfca568..d77dde89118e 100644 |
401 | --- a/drivers/scsi/qla2xxx/qla_mid.c |
402 | +++ b/drivers/scsi/qla2xxx/qla_mid.c |
403 | @@ -582,8 +582,9 @@ qla25xx_delete_req_que(struct scsi_qla_host *vha, struct req_que *req) |
404 | ret = qla25xx_init_req_que(vha, req); |
405 | if (ret != QLA_SUCCESS) |
406 | return QLA_FUNCTION_FAILED; |
407 | + |
408 | + qla25xx_free_req_que(vha, req); |
409 | } |
410 | - qla25xx_free_req_que(vha, req); |
411 | |
412 | return ret; |
413 | } |
414 | @@ -598,8 +599,9 @@ qla25xx_delete_rsp_que(struct scsi_qla_host *vha, struct rsp_que *rsp) |
415 | ret = qla25xx_init_rsp_que(vha, rsp); |
416 | if (ret != QLA_SUCCESS) |
417 | return QLA_FUNCTION_FAILED; |
418 | + |
419 | + qla25xx_free_rsp_que(vha, rsp); |
420 | } |
421 | - qla25xx_free_rsp_que(vha, rsp); |
422 | |
423 | return ret; |
424 | } |
425 | diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c |
426 | index cfe7654f6bd3..1e17175692d3 100644 |
427 | --- a/drivers/scsi/qla2xxx/qla_os.c |
428 | +++ b/drivers/scsi/qla2xxx/qla_os.c |
429 | @@ -442,7 +442,7 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req, |
430 | ha->req_q_map[0] = req; |
431 | set_bit(0, ha->rsp_qid_map); |
432 | set_bit(0, ha->req_qid_map); |
433 | - return 1; |
434 | + return 0; |
435 | |
436 | fail_qpair_map: |
437 | kfree(ha->base_qpair); |
438 | @@ -459,6 +459,9 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req, |
439 | |
440 | static void qla2x00_free_req_que(struct qla_hw_data *ha, struct req_que *req) |
441 | { |
442 | + if (!ha->req_q_map) |
443 | + return; |
444 | + |
445 | if (IS_QLAFX00(ha)) { |
446 | if (req && req->ring_fx00) |
447 | dma_free_coherent(&ha->pdev->dev, |
448 | @@ -469,14 +472,17 @@ static void qla2x00_free_req_que(struct qla_hw_data *ha, struct req_que *req) |
449 | (req->length + 1) * sizeof(request_t), |
450 | req->ring, req->dma); |
451 | |
452 | - if (req) |
453 | + if (req) { |
454 | kfree(req->outstanding_cmds); |
455 | - |
456 | - kfree(req); |
457 | + kfree(req); |
458 | + } |
459 | } |
460 | |
461 | static void qla2x00_free_rsp_que(struct qla_hw_data *ha, struct rsp_que *rsp) |
462 | { |
463 | + if (!ha->rsp_q_map) |
464 | + return; |
465 | + |
466 | if (IS_QLAFX00(ha)) { |
467 | if (rsp && rsp->ring) |
468 | dma_free_coherent(&ha->pdev->dev, |
469 | @@ -487,7 +493,8 @@ static void qla2x00_free_rsp_que(struct qla_hw_data *ha, struct rsp_que *rsp) |
470 | (rsp->length + 1) * sizeof(response_t), |
471 | rsp->ring, rsp->dma); |
472 | } |
473 | - kfree(rsp); |
474 | + if (rsp) |
475 | + kfree(rsp); |
476 | } |
477 | |
478 | static void qla2x00_free_queues(struct qla_hw_data *ha) |
479 | @@ -1710,6 +1717,8 @@ qla2x00_abort_all_cmds(scsi_qla_host_t *vha, int res) |
480 | struct qla_tgt_cmd *cmd; |
481 | uint8_t trace = 0; |
482 | |
483 | + if (!ha->req_q_map) |
484 | + return; |
485 | spin_lock_irqsave(&ha->hardware_lock, flags); |
486 | for (que = 0; que < ha->max_req_queues; que++) { |
487 | req = ha->req_q_map[que]; |
488 | @@ -3063,14 +3072,14 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) |
489 | /* Set up the irqs */ |
490 | ret = qla2x00_request_irqs(ha, rsp); |
491 | if (ret) |
492 | - goto probe_hw_failed; |
493 | + goto probe_failed; |
494 | |
495 | /* Alloc arrays of request and response ring ptrs */ |
496 | - if (!qla2x00_alloc_queues(ha, req, rsp)) { |
497 | + if (qla2x00_alloc_queues(ha, req, rsp)) { |
498 | ql_log(ql_log_fatal, base_vha, 0x003d, |
499 | "Failed to allocate memory for queue pointers..." |
500 | "aborting.\n"); |
501 | - goto probe_init_failed; |
502 | + goto probe_failed; |
503 | } |
504 | |
505 | if (ha->mqenable && shost_use_blk_mq(host)) { |
506 | @@ -3347,15 +3356,6 @@ qla2x00_probe_one(struct pci_dev *pdev, const struct pci_device_id *id) |
507 | |
508 | return 0; |
509 | |
510 | -probe_init_failed: |
511 | - qla2x00_free_req_que(ha, req); |
512 | - ha->req_q_map[0] = NULL; |
513 | - clear_bit(0, ha->req_qid_map); |
514 | - qla2x00_free_rsp_que(ha, rsp); |
515 | - ha->rsp_q_map[0] = NULL; |
516 | - clear_bit(0, ha->rsp_qid_map); |
517 | - ha->max_req_queues = ha->max_rsp_queues = 0; |
518 | - |
519 | probe_failed: |
520 | if (base_vha->timer_active) |
521 | qla2x00_stop_timer(base_vha); |
522 | @@ -4435,11 +4435,17 @@ qla2x00_mem_free(struct qla_hw_data *ha) |
523 | if (ha->init_cb) |
524 | dma_free_coherent(&ha->pdev->dev, ha->init_cb_size, |
525 | ha->init_cb, ha->init_cb_dma); |
526 | - vfree(ha->optrom_buffer); |
527 | - kfree(ha->nvram); |
528 | - kfree(ha->npiv_info); |
529 | - kfree(ha->swl); |
530 | - kfree(ha->loop_id_map); |
531 | + |
532 | + if (ha->optrom_buffer) |
533 | + vfree(ha->optrom_buffer); |
534 | + if (ha->nvram) |
535 | + kfree(ha->nvram); |
536 | + if (ha->npiv_info) |
537 | + kfree(ha->npiv_info); |
538 | + if (ha->swl) |
539 | + kfree(ha->swl); |
540 | + if (ha->loop_id_map) |
541 | + kfree(ha->loop_id_map); |
542 | |
543 | ha->srb_mempool = NULL; |
544 | ha->ctx_mempool = NULL; |
545 | @@ -4455,6 +4461,15 @@ qla2x00_mem_free(struct qla_hw_data *ha) |
546 | ha->ex_init_cb_dma = 0; |
547 | ha->async_pd = NULL; |
548 | ha->async_pd_dma = 0; |
549 | + ha->loop_id_map = NULL; |
550 | + ha->npiv_info = NULL; |
551 | + ha->optrom_buffer = NULL; |
552 | + ha->swl = NULL; |
553 | + ha->nvram = NULL; |
554 | + ha->mctp_dump = NULL; |
555 | + ha->dcbx_tlv = NULL; |
556 | + ha->xgmac_data = NULL; |
557 | + ha->sfp_data = NULL; |
558 | |
559 | ha->s_dma_pool = NULL; |
560 | ha->dl_dma_pool = NULL; |
561 | diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c |
562 | index 040a76011ffa..d6fe08de59a0 100644 |
563 | --- a/drivers/scsi/qla2xxx/qla_target.c |
564 | +++ b/drivers/scsi/qla2xxx/qla_target.c |
565 | @@ -971,6 +971,7 @@ static void qlt_free_session_done(struct work_struct *work) |
566 | |
567 | logo.id = sess->d_id; |
568 | logo.cmd_count = 0; |
569 | + sess->send_els_logo = 0; |
570 | qlt_send_first_logo(vha, &logo); |
571 | } |
572 | |
573 | diff --git a/drivers/usb/dwc3/core.h b/drivers/usb/dwc3/core.h |
574 | index ea910acb4bb0..fc28819253f7 100644 |
575 | --- a/drivers/usb/dwc3/core.h |
576 | +++ b/drivers/usb/dwc3/core.h |
577 | @@ -166,13 +166,15 @@ |
578 | #define DWC3_GDBGFIFOSPACE_TYPE(n) (((n) << 5) & 0x1e0) |
579 | #define DWC3_GDBGFIFOSPACE_SPACE_AVAILABLE(n) (((n) >> 16) & 0xffff) |
580 | |
581 | -#define DWC3_TXFIFOQ 1 |
582 | -#define DWC3_RXFIFOQ 3 |
583 | -#define DWC3_TXREQQ 5 |
584 | -#define DWC3_RXREQQ 7 |
585 | -#define DWC3_RXINFOQ 9 |
586 | -#define DWC3_DESCFETCHQ 13 |
587 | -#define DWC3_EVENTQ 15 |
588 | +#define DWC3_TXFIFOQ 0 |
589 | +#define DWC3_RXFIFOQ 1 |
590 | +#define DWC3_TXREQQ 2 |
591 | +#define DWC3_RXREQQ 3 |
592 | +#define DWC3_RXINFOQ 4 |
593 | +#define DWC3_PSTATQ 5 |
594 | +#define DWC3_DESCFETCHQ 6 |
595 | +#define DWC3_EVENTQ 7 |
596 | +#define DWC3_AUXEVENTQ 8 |
597 | |
598 | /* Global RX Threshold Configuration Register */ |
599 | #define DWC3_GRXTHRCFG_MAXRXBURSTSIZE(n) (((n) & 0x1f) << 19) |
600 | diff --git a/drivers/usb/gadget/udc/bdc/bdc_pci.c b/drivers/usb/gadget/udc/bdc/bdc_pci.c |
601 | index 02968842b359..708e36f530d8 100644 |
602 | --- a/drivers/usb/gadget/udc/bdc/bdc_pci.c |
603 | +++ b/drivers/usb/gadget/udc/bdc/bdc_pci.c |
604 | @@ -82,6 +82,7 @@ static int bdc_pci_probe(struct pci_dev *pci, const struct pci_device_id *id) |
605 | if (ret) { |
606 | dev_err(&pci->dev, |
607 | "couldn't add resources to bdc device\n"); |
608 | + platform_device_put(bdc); |
609 | return ret; |
610 | } |
611 | |
612 | diff --git a/fs/aio.c b/fs/aio.c |
613 | index 5a2487217072..c3ace7833a03 100644 |
614 | --- a/fs/aio.c |
615 | +++ b/fs/aio.c |
616 | @@ -68,9 +68,9 @@ struct aio_ring { |
617 | #define AIO_RING_PAGES 8 |
618 | |
619 | struct kioctx_table { |
620 | - struct rcu_head rcu; |
621 | - unsigned nr; |
622 | - struct kioctx *table[]; |
623 | + struct rcu_head rcu; |
624 | + unsigned nr; |
625 | + struct kioctx __rcu *table[]; |
626 | }; |
627 | |
628 | struct kioctx_cpu { |
629 | @@ -115,7 +115,8 @@ struct kioctx { |
630 | struct page **ring_pages; |
631 | long nr_pages; |
632 | |
633 | - struct work_struct free_work; |
634 | + struct rcu_head free_rcu; |
635 | + struct work_struct free_work; /* see free_ioctx() */ |
636 | |
637 | /* |
638 | * signals when all in-flight requests are done |
639 | @@ -329,7 +330,7 @@ static int aio_ring_mremap(struct vm_area_struct *vma) |
640 | for (i = 0; i < table->nr; i++) { |
641 | struct kioctx *ctx; |
642 | |
643 | - ctx = table->table[i]; |
644 | + ctx = rcu_dereference(table->table[i]); |
645 | if (ctx && ctx->aio_ring_file == file) { |
646 | if (!atomic_read(&ctx->dead)) { |
647 | ctx->user_id = ctx->mmap_base = vma->vm_start; |
648 | @@ -588,6 +589,12 @@ static int kiocb_cancel(struct aio_kiocb *kiocb) |
649 | return cancel(&kiocb->common); |
650 | } |
651 | |
652 | +/* |
653 | + * free_ioctx() should be RCU delayed to synchronize against the RCU |
654 | + * protected lookup_ioctx() and also needs process context to call |
655 | + * aio_free_ring(), so the double bouncing through kioctx->free_rcu and |
656 | + * ->free_work. |
657 | + */ |
658 | static void free_ioctx(struct work_struct *work) |
659 | { |
660 | struct kioctx *ctx = container_of(work, struct kioctx, free_work); |
661 | @@ -601,6 +608,14 @@ static void free_ioctx(struct work_struct *work) |
662 | kmem_cache_free(kioctx_cachep, ctx); |
663 | } |
664 | |
665 | +static void free_ioctx_rcufn(struct rcu_head *head) |
666 | +{ |
667 | + struct kioctx *ctx = container_of(head, struct kioctx, free_rcu); |
668 | + |
669 | + INIT_WORK(&ctx->free_work, free_ioctx); |
670 | + schedule_work(&ctx->free_work); |
671 | +} |
672 | + |
673 | static void free_ioctx_reqs(struct percpu_ref *ref) |
674 | { |
675 | struct kioctx *ctx = container_of(ref, struct kioctx, reqs); |
676 | @@ -609,8 +624,8 @@ static void free_ioctx_reqs(struct percpu_ref *ref) |
677 | if (ctx->rq_wait && atomic_dec_and_test(&ctx->rq_wait->count)) |
678 | complete(&ctx->rq_wait->comp); |
679 | |
680 | - INIT_WORK(&ctx->free_work, free_ioctx); |
681 | - schedule_work(&ctx->free_work); |
682 | + /* Synchronize against RCU protected table->table[] dereferences */ |
683 | + call_rcu(&ctx->free_rcu, free_ioctx_rcufn); |
684 | } |
685 | |
686 | /* |
687 | @@ -651,9 +666,9 @@ static int ioctx_add_table(struct kioctx *ctx, struct mm_struct *mm) |
688 | while (1) { |
689 | if (table) |
690 | for (i = 0; i < table->nr; i++) |
691 | - if (!table->table[i]) { |
692 | + if (!rcu_access_pointer(table->table[i])) { |
693 | ctx->id = i; |
694 | - table->table[i] = ctx; |
695 | + rcu_assign_pointer(table->table[i], ctx); |
696 | spin_unlock(&mm->ioctx_lock); |
697 | |
698 | /* While kioctx setup is in progress, |
699 | @@ -834,11 +849,11 @@ static int kill_ioctx(struct mm_struct *mm, struct kioctx *ctx, |
700 | } |
701 | |
702 | table = rcu_dereference_raw(mm->ioctx_table); |
703 | - WARN_ON(ctx != table->table[ctx->id]); |
704 | - table->table[ctx->id] = NULL; |
705 | + WARN_ON(ctx != rcu_access_pointer(table->table[ctx->id])); |
706 | + RCU_INIT_POINTER(table->table[ctx->id], NULL); |
707 | spin_unlock(&mm->ioctx_lock); |
708 | |
709 | - /* percpu_ref_kill() will do the necessary call_rcu() */ |
710 | + /* free_ioctx_reqs() will do the necessary RCU synchronization */ |
711 | wake_up_all(&ctx->wait); |
712 | |
713 | /* |
714 | @@ -880,7 +895,8 @@ void exit_aio(struct mm_struct *mm) |
715 | |
716 | skipped = 0; |
717 | for (i = 0; i < table->nr; ++i) { |
718 | - struct kioctx *ctx = table->table[i]; |
719 | + struct kioctx *ctx = |
720 | + rcu_dereference_protected(table->table[i], true); |
721 | |
722 | if (!ctx) { |
723 | skipped++; |
724 | @@ -1069,7 +1085,7 @@ static struct kioctx *lookup_ioctx(unsigned long ctx_id) |
725 | if (!table || id >= table->nr) |
726 | goto out; |
727 | |
728 | - ctx = table->table[id]; |
729 | + ctx = rcu_dereference(table->table[id]); |
730 | if (ctx && ctx->user_id == ctx_id) { |
731 | percpu_ref_get(&ctx->users); |
732 | ret = ctx; |
733 | diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c |
734 | index b517ef1477ea..0531cb9a3ba9 100644 |
735 | --- a/fs/btrfs/backref.c |
736 | +++ b/fs/btrfs/backref.c |
737 | @@ -1252,7 +1252,16 @@ static int find_parent_nodes(struct btrfs_trans_handle *trans, |
738 | while (node) { |
739 | ref = rb_entry(node, struct prelim_ref, rbnode); |
740 | node = rb_next(&ref->rbnode); |
741 | - WARN_ON(ref->count < 0); |
742 | + /* |
743 | + * ref->count < 0 can happen here if there are delayed |
744 | + * refs with a node->action of BTRFS_DROP_DELAYED_REF. |
745 | + * prelim_ref_insert() relies on this when merging |
746 | + * identical refs to keep the overall count correct. |
747 | + * prelim_ref_insert() will merge only those refs |
748 | + * which compare identically. Any refs having |
749 | + * e.g. different offsets would not be merged, |
750 | + * and would retain their original ref->count < 0. |
751 | + */ |
752 | if (roots && ref->count && ref->root_id && ref->parent == 0) { |
753 | if (sc && sc->root_objectid && |
754 | ref->root_id != sc->root_objectid) { |
755 | @@ -1496,6 +1505,7 @@ int btrfs_check_shared(struct btrfs_root *root, u64 inum, u64 bytenr) |
756 | if (!node) |
757 | break; |
758 | bytenr = node->val; |
759 | + shared.share_count = 0; |
760 | cond_resched(); |
761 | } |
762 | |
763 | diff --git a/fs/btrfs/raid56.c b/fs/btrfs/raid56.c |
764 | index 6154825c30e1..32b186c5694c 100644 |
765 | --- a/fs/btrfs/raid56.c |
766 | +++ b/fs/btrfs/raid56.c |
767 | @@ -1348,6 +1348,7 @@ static int find_bio_stripe(struct btrfs_raid_bio *rbio, |
768 | stripe_start = stripe->physical; |
769 | if (physical >= stripe_start && |
770 | physical < stripe_start + rbio->stripe_len && |
771 | + stripe->dev->bdev && |
772 | bio->bi_disk == stripe->dev->bdev->bd_disk && |
773 | bio->bi_partno == stripe->dev->bdev->bd_partno) { |
774 | return i; |
775 | diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c |
776 | index bc534fafacf9..71b3cd634436 100644 |
777 | --- a/fs/btrfs/volumes.c |
778 | +++ b/fs/btrfs/volumes.c |
779 | @@ -589,6 +589,7 @@ void btrfs_free_stale_device(struct btrfs_device *cur_dev) |
780 | btrfs_sysfs_remove_fsid(fs_devs); |
781 | list_del(&fs_devs->list); |
782 | free_fs_devices(fs_devs); |
783 | + break; |
784 | } else { |
785 | fs_devs->num_devices--; |
786 | list_del(&dev->dev_list); |
787 | @@ -4733,10 +4734,13 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans, |
788 | ndevs = min(ndevs, devs_max); |
789 | |
790 | /* |
791 | - * the primary goal is to maximize the number of stripes, so use as many |
792 | - * devices as possible, even if the stripes are not maximum sized. |
793 | + * The primary goal is to maximize the number of stripes, so use as |
794 | + * many devices as possible, even if the stripes are not maximum sized. |
795 | + * |
796 | + * The DUP profile stores more than one stripe per device, the |
797 | + * max_avail is the total size so we have to adjust. |
798 | */ |
799 | - stripe_size = devices_info[ndevs-1].max_avail; |
800 | + stripe_size = div_u64(devices_info[ndevs - 1].max_avail, dev_stripes); |
801 | num_stripes = ndevs * dev_stripes; |
802 | |
803 | /* |
804 | @@ -4771,8 +4775,6 @@ static int __btrfs_alloc_chunk(struct btrfs_trans_handle *trans, |
805 | stripe_size = devices_info[ndevs-1].max_avail; |
806 | } |
807 | |
808 | - stripe_size = div_u64(stripe_size, dev_stripes); |
809 | - |
810 | /* align to BTRFS_STRIPE_LEN */ |
811 | stripe_size = round_down(stripe_size, BTRFS_STRIPE_LEN); |
812 | |
813 | @@ -7080,10 +7082,24 @@ int btrfs_run_dev_stats(struct btrfs_trans_handle *trans, |
814 | |
815 | mutex_lock(&fs_devices->device_list_mutex); |
816 | list_for_each_entry(device, &fs_devices->devices, dev_list) { |
817 | - if (!device->dev_stats_valid || !btrfs_dev_stats_dirty(device)) |
818 | + stats_cnt = atomic_read(&device->dev_stats_ccnt); |
819 | + if (!device->dev_stats_valid || stats_cnt == 0) |
820 | continue; |
821 | |
822 | - stats_cnt = atomic_read(&device->dev_stats_ccnt); |
823 | + |
824 | + /* |
825 | + * There is a LOAD-LOAD control dependency between the value of |
826 | + * dev_stats_ccnt and updating the on-disk values which requires |
827 | + * reading the in-memory counters. Such control dependencies |
828 | + * require explicit read memory barriers. |
829 | + * |
830 | + * This memory barriers pairs with smp_mb__before_atomic in |
831 | + * btrfs_dev_stat_inc/btrfs_dev_stat_set and with the full |
832 | + * barrier implied by atomic_xchg in |
833 | + * btrfs_dev_stats_read_and_reset |
834 | + */ |
835 | + smp_rmb(); |
836 | + |
837 | ret = update_dev_stat_item(trans, fs_info, device); |
838 | if (!ret) |
839 | atomic_sub(stats_cnt, &device->dev_stats_ccnt); |
840 | diff --git a/fs/btrfs/volumes.h b/fs/btrfs/volumes.h |
841 | index 6108fdfec67f..c5dd48eb7b3d 100644 |
842 | --- a/fs/btrfs/volumes.h |
843 | +++ b/fs/btrfs/volumes.h |
844 | @@ -498,6 +498,12 @@ static inline void btrfs_dev_stat_inc(struct btrfs_device *dev, |
845 | int index) |
846 | { |
847 | atomic_inc(dev->dev_stat_values + index); |
848 | + /* |
849 | + * This memory barrier orders stores updating statistics before stores |
850 | + * updating dev_stats_ccnt. |
851 | + * |
852 | + * It pairs with smp_rmb() in btrfs_run_dev_stats(). |
853 | + */ |
854 | smp_mb__before_atomic(); |
855 | atomic_inc(&dev->dev_stats_ccnt); |
856 | } |
857 | @@ -523,6 +529,12 @@ static inline void btrfs_dev_stat_set(struct btrfs_device *dev, |
858 | int index, unsigned long val) |
859 | { |
860 | atomic_set(dev->dev_stat_values + index, val); |
861 | + /* |
862 | + * This memory barrier orders stores updating statistics before stores |
863 | + * updating dev_stats_ccnt. |
864 | + * |
865 | + * It pairs with smp_rmb() in btrfs_run_dev_stats(). |
866 | + */ |
867 | smp_mb__before_atomic(); |
868 | atomic_inc(&dev->dev_stats_ccnt); |
869 | } |
870 | diff --git a/fs/dcache.c b/fs/dcache.c |
871 | index b8d999a5768b..a1417787e269 100644 |
872 | --- a/fs/dcache.c |
873 | +++ b/fs/dcache.c |
874 | @@ -644,11 +644,16 @@ static inline struct dentry *lock_parent(struct dentry *dentry) |
875 | spin_unlock(&parent->d_lock); |
876 | goto again; |
877 | } |
878 | - rcu_read_unlock(); |
879 | - if (parent != dentry) |
880 | + if (parent != dentry) { |
881 | spin_lock_nested(&dentry->d_lock, DENTRY_D_LOCK_NESTED); |
882 | - else |
883 | + if (unlikely(dentry->d_lockref.count < 0)) { |
884 | + spin_unlock(&parent->d_lock); |
885 | + parent = NULL; |
886 | + } |
887 | + } else { |
888 | parent = NULL; |
889 | + } |
890 | + rcu_read_unlock(); |
891 | return parent; |
892 | } |
893 | |
894 | diff --git a/fs/namei.c b/fs/namei.c |
895 | index cbe24e367a70..f839b0750ca3 100644 |
896 | --- a/fs/namei.c |
897 | +++ b/fs/namei.c |
898 | @@ -578,9 +578,10 @@ static int __nd_alloc_stack(struct nameidata *nd) |
899 | static bool path_connected(const struct path *path) |
900 | { |
901 | struct vfsmount *mnt = path->mnt; |
902 | + struct super_block *sb = mnt->mnt_sb; |
903 | |
904 | - /* Only bind mounts can have disconnected paths */ |
905 | - if (mnt->mnt_root == mnt->mnt_sb->s_root) |
906 | + /* Bind mounts and multi-root filesystems can have disconnected paths */ |
907 | + if (!(sb->s_iflags & SB_I_MULTIROOT) && (mnt->mnt_root == sb->s_root)) |
908 | return true; |
909 | |
910 | return is_subdir(path->dentry, mnt->mnt_root); |
911 | diff --git a/fs/nfs/super.c b/fs/nfs/super.c |
912 | index 216f67d628b3..38de09b08e96 100644 |
913 | --- a/fs/nfs/super.c |
914 | +++ b/fs/nfs/super.c |
915 | @@ -2623,6 +2623,8 @@ struct dentry *nfs_fs_mount_common(struct nfs_server *server, |
916 | /* initial superblock/root creation */ |
917 | mount_info->fill_super(s, mount_info); |
918 | nfs_get_cache_cookie(s, mount_info->parsed, mount_info->cloned); |
919 | + if (!(server->flags & NFS_MOUNT_UNSHARED)) |
920 | + s->s_iflags |= SB_I_MULTIROOT; |
921 | } |
922 | |
923 | mntroot = nfs_get_root(s, mount_info->mntfh, dev_name); |
924 | diff --git a/include/linux/fs.h b/include/linux/fs.h |
925 | index d54f41a63dbf..cc613f20e5a6 100644 |
926 | --- a/include/linux/fs.h |
927 | +++ b/include/linux/fs.h |
928 | @@ -1312,6 +1312,7 @@ extern int send_sigurg(struct fown_struct *fown); |
929 | #define SB_I_CGROUPWB 0x00000001 /* cgroup-aware writeback enabled */ |
930 | #define SB_I_NOEXEC 0x00000002 /* Ignore executables on this fs */ |
931 | #define SB_I_NODEV 0x00000004 /* Ignore devices on this fs */ |
932 | +#define SB_I_MULTIROOT 0x00000008 /* Multiple roots to the dentry tree */ |
933 | |
934 | /* sb->s_iflags to limit user namespace mounts */ |
935 | #define SB_I_USERNS_VISIBLE 0x00000010 /* fstype already mounted */ |
936 | diff --git a/include/linux/irqchip/arm-gic-v3.h b/include/linux/irqchip/arm-gic-v3.h |
937 | index 14b74f22d43c..bacb499c512c 100644 |
938 | --- a/include/linux/irqchip/arm-gic-v3.h |
939 | +++ b/include/linux/irqchip/arm-gic-v3.h |
940 | @@ -501,6 +501,7 @@ |
941 | |
942 | #define ICH_HCR_EN (1 << 0) |
943 | #define ICH_HCR_UIE (1 << 1) |
944 | +#define ICH_HCR_NPIE (1 << 3) |
945 | #define ICH_HCR_TC (1 << 10) |
946 | #define ICH_HCR_TALL0 (1 << 11) |
947 | #define ICH_HCR_TALL1 (1 << 12) |
948 | diff --git a/include/linux/irqchip/arm-gic.h b/include/linux/irqchip/arm-gic.h |
949 | index d3453ee072fc..68d8b1f73682 100644 |
950 | --- a/include/linux/irqchip/arm-gic.h |
951 | +++ b/include/linux/irqchip/arm-gic.h |
952 | @@ -84,6 +84,7 @@ |
953 | |
954 | #define GICH_HCR_EN (1 << 0) |
955 | #define GICH_HCR_UIE (1 << 1) |
956 | +#define GICH_HCR_NPIE (1 << 3) |
957 | |
958 | #define GICH_LR_VIRTUALID (0x3ff << 0) |
959 | #define GICH_LR_PHYSID_CPUID_SHIFT (10) |
960 | diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c |
961 | index c2db7e905f7d..012881461058 100644 |
962 | --- a/sound/core/oss/pcm_oss.c |
963 | +++ b/sound/core/oss/pcm_oss.c |
964 | @@ -1762,10 +1762,9 @@ static int snd_pcm_oss_get_formats(struct snd_pcm_oss_file *pcm_oss_file) |
965 | return -ENOMEM; |
966 | _snd_pcm_hw_params_any(params); |
967 | err = snd_pcm_hw_refine(substream, params); |
968 | - format_mask = hw_param_mask_c(params, SNDRV_PCM_HW_PARAM_FORMAT); |
969 | - kfree(params); |
970 | if (err < 0) |
971 | - return err; |
972 | + goto error; |
973 | + format_mask = hw_param_mask_c(params, SNDRV_PCM_HW_PARAM_FORMAT); |
974 | for (fmt = 0; fmt < 32; ++fmt) { |
975 | if (snd_mask_test(format_mask, fmt)) { |
976 | int f = snd_pcm_oss_format_to(fmt); |
977 | @@ -1773,7 +1772,10 @@ static int snd_pcm_oss_get_formats(struct snd_pcm_oss_file *pcm_oss_file) |
978 | formats |= f; |
979 | } |
980 | } |
981 | - return formats; |
982 | + |
983 | + error: |
984 | + kfree(params); |
985 | + return err < 0 ? err : formats; |
986 | } |
987 | |
988 | static int snd_pcm_oss_set_format(struct snd_pcm_oss_file *pcm_oss_file, int format) |
989 | diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c |
990 | index 1f3aa466ac9b..a4c571cb3b87 100644 |
991 | --- a/sound/core/seq/seq_clientmgr.c |
992 | +++ b/sound/core/seq/seq_clientmgr.c |
993 | @@ -255,12 +255,12 @@ static int seq_free_client1(struct snd_seq_client *client) |
994 | |
995 | if (!client) |
996 | return 0; |
997 | - snd_seq_delete_all_ports(client); |
998 | - snd_seq_queue_client_leave(client->number); |
999 | spin_lock_irqsave(&clients_lock, flags); |
1000 | clienttablock[client->number] = 1; |
1001 | clienttab[client->number] = NULL; |
1002 | spin_unlock_irqrestore(&clients_lock, flags); |
1003 | + snd_seq_delete_all_ports(client); |
1004 | + snd_seq_queue_client_leave(client->number); |
1005 | snd_use_lock_sync(&client->use_lock); |
1006 | snd_seq_queue_client_termination(client->number); |
1007 | if (client->pool) |
1008 | diff --git a/sound/core/seq/seq_prioq.c b/sound/core/seq/seq_prioq.c |
1009 | index bc1c8488fc2a..2bc6759e4adc 100644 |
1010 | --- a/sound/core/seq/seq_prioq.c |
1011 | +++ b/sound/core/seq/seq_prioq.c |
1012 | @@ -87,7 +87,7 @@ void snd_seq_prioq_delete(struct snd_seq_prioq **fifo) |
1013 | if (f->cells > 0) { |
1014 | /* drain prioQ */ |
1015 | while (f->cells > 0) |
1016 | - snd_seq_cell_free(snd_seq_prioq_cell_out(f)); |
1017 | + snd_seq_cell_free(snd_seq_prioq_cell_out(f, NULL)); |
1018 | } |
1019 | |
1020 | kfree(f); |
1021 | @@ -214,8 +214,18 @@ int snd_seq_prioq_cell_in(struct snd_seq_prioq * f, |
1022 | return 0; |
1023 | } |
1024 | |
1025 | +/* return 1 if the current time >= event timestamp */ |
1026 | +static int event_is_ready(struct snd_seq_event *ev, void *current_time) |
1027 | +{ |
1028 | + if ((ev->flags & SNDRV_SEQ_TIME_STAMP_MASK) == SNDRV_SEQ_TIME_STAMP_TICK) |
1029 | + return snd_seq_compare_tick_time(current_time, &ev->time.tick); |
1030 | + else |
1031 | + return snd_seq_compare_real_time(current_time, &ev->time.time); |
1032 | +} |
1033 | + |
1034 | /* dequeue cell from prioq */ |
1035 | -struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f) |
1036 | +struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f, |
1037 | + void *current_time) |
1038 | { |
1039 | struct snd_seq_event_cell *cell; |
1040 | unsigned long flags; |
1041 | @@ -227,6 +237,8 @@ struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f) |
1042 | spin_lock_irqsave(&f->lock, flags); |
1043 | |
1044 | cell = f->head; |
1045 | + if (cell && current_time && !event_is_ready(&cell->event, current_time)) |
1046 | + cell = NULL; |
1047 | if (cell) { |
1048 | f->head = cell->next; |
1049 | |
1050 | @@ -252,18 +264,6 @@ int snd_seq_prioq_avail(struct snd_seq_prioq * f) |
1051 | return f->cells; |
1052 | } |
1053 | |
1054 | - |
1055 | -/* peek at cell at the head of the prioq */ |
1056 | -struct snd_seq_event_cell *snd_seq_prioq_cell_peek(struct snd_seq_prioq * f) |
1057 | -{ |
1058 | - if (f == NULL) { |
1059 | - pr_debug("ALSA: seq: snd_seq_prioq_cell_in() called with NULL prioq\n"); |
1060 | - return NULL; |
1061 | - } |
1062 | - return f->head; |
1063 | -} |
1064 | - |
1065 | - |
1066 | static inline int prioq_match(struct snd_seq_event_cell *cell, |
1067 | int client, int timestamp) |
1068 | { |
1069 | diff --git a/sound/core/seq/seq_prioq.h b/sound/core/seq/seq_prioq.h |
1070 | index d38bb78d9345..2c315ca10fc4 100644 |
1071 | --- a/sound/core/seq/seq_prioq.h |
1072 | +++ b/sound/core/seq/seq_prioq.h |
1073 | @@ -44,14 +44,12 @@ void snd_seq_prioq_delete(struct snd_seq_prioq **fifo); |
1074 | int snd_seq_prioq_cell_in(struct snd_seq_prioq *f, struct snd_seq_event_cell *cell); |
1075 | |
1076 | /* dequeue cell from prioq */ |
1077 | -struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f); |
1078 | +struct snd_seq_event_cell *snd_seq_prioq_cell_out(struct snd_seq_prioq *f, |
1079 | + void *current_time); |
1080 | |
1081 | /* return number of events available in prioq */ |
1082 | int snd_seq_prioq_avail(struct snd_seq_prioq *f); |
1083 | |
1084 | -/* peek at cell at the head of the prioq */ |
1085 | -struct snd_seq_event_cell *snd_seq_prioq_cell_peek(struct snd_seq_prioq *f); |
1086 | - |
1087 | /* client left queue */ |
1088 | void snd_seq_prioq_leave(struct snd_seq_prioq *f, int client, int timestamp); |
1089 | |
1090 | diff --git a/sound/core/seq/seq_queue.c b/sound/core/seq/seq_queue.c |
1091 | index 79e0c5604ef8..1a6dc4ff44a6 100644 |
1092 | --- a/sound/core/seq/seq_queue.c |
1093 | +++ b/sound/core/seq/seq_queue.c |
1094 | @@ -277,30 +277,20 @@ void snd_seq_check_queue(struct snd_seq_queue *q, int atomic, int hop) |
1095 | |
1096 | __again: |
1097 | /* Process tick queue... */ |
1098 | - while ((cell = snd_seq_prioq_cell_peek(q->tickq)) != NULL) { |
1099 | - if (snd_seq_compare_tick_time(&q->timer->tick.cur_tick, |
1100 | - &cell->event.time.tick)) { |
1101 | - cell = snd_seq_prioq_cell_out(q->tickq); |
1102 | - if (cell) |
1103 | - snd_seq_dispatch_event(cell, atomic, hop); |
1104 | - } else { |
1105 | - /* event remains in the queue */ |
1106 | + for (;;) { |
1107 | + cell = snd_seq_prioq_cell_out(q->tickq, |
1108 | + &q->timer->tick.cur_tick); |
1109 | + if (!cell) |
1110 | break; |
1111 | - } |
1112 | + snd_seq_dispatch_event(cell, atomic, hop); |
1113 | } |
1114 | |
1115 | - |
1116 | /* Process time queue... */ |
1117 | - while ((cell = snd_seq_prioq_cell_peek(q->timeq)) != NULL) { |
1118 | - if (snd_seq_compare_real_time(&q->timer->cur_time, |
1119 | - &cell->event.time.time)) { |
1120 | - cell = snd_seq_prioq_cell_out(q->timeq); |
1121 | - if (cell) |
1122 | - snd_seq_dispatch_event(cell, atomic, hop); |
1123 | - } else { |
1124 | - /* event remains in the queue */ |
1125 | + for (;;) { |
1126 | + cell = snd_seq_prioq_cell_out(q->timeq, &q->timer->cur_time); |
1127 | + if (!cell) |
1128 | break; |
1129 | - } |
1130 | + snd_seq_dispatch_event(cell, atomic, hop); |
1131 | } |
1132 | |
1133 | /* free lock */ |
1134 | diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c |
1135 | index 96143df19b21..d5017adf9feb 100644 |
1136 | --- a/sound/pci/hda/hda_intel.c |
1137 | +++ b/sound/pci/hda/hda_intel.c |
1138 | @@ -181,11 +181,15 @@ static const struct kernel_param_ops param_ops_xint = { |
1139 | }; |
1140 | #define param_check_xint param_check_int |
1141 | |
1142 | -static int power_save = -1; |
1143 | +static int power_save = CONFIG_SND_HDA_POWER_SAVE_DEFAULT; |
1144 | module_param(power_save, xint, 0644); |
1145 | MODULE_PARM_DESC(power_save, "Automatic power-saving timeout " |
1146 | "(in second, 0 = disable)."); |
1147 | |
1148 | +static bool pm_blacklist = true; |
1149 | +module_param(pm_blacklist, bool, 0644); |
1150 | +MODULE_PARM_DESC(pm_blacklist, "Enable power-management blacklist"); |
1151 | + |
1152 | /* reset the HD-audio controller in power save mode. |
1153 | * this may give more power-saving, but will take longer time to |
1154 | * wake up. |
1155 | @@ -2300,10 +2304,9 @@ static int azx_probe_continue(struct azx *chip) |
1156 | |
1157 | val = power_save; |
1158 | #ifdef CONFIG_PM |
1159 | - if (val == -1) { |
1160 | + if (pm_blacklist) { |
1161 | const struct snd_pci_quirk *q; |
1162 | |
1163 | - val = CONFIG_SND_HDA_POWER_SAVE_DEFAULT; |
1164 | q = snd_pci_quirk_lookup(chip->pci, power_save_blacklist); |
1165 | if (q && val) { |
1166 | dev_info(chip->card->dev, "device %04x:%04x is on the power_save blacklist, forcing power_save to 0\n", |
1167 | diff --git a/tools/testing/selftests/x86/entry_from_vm86.c b/tools/testing/selftests/x86/entry_from_vm86.c |
1168 | index d075ea0e5ca1..ade443a88421 100644 |
1169 | --- a/tools/testing/selftests/x86/entry_from_vm86.c |
1170 | +++ b/tools/testing/selftests/x86/entry_from_vm86.c |
1171 | @@ -95,6 +95,31 @@ asm ( |
1172 | "int3\n\t" |
1173 | "vmcode_int80:\n\t" |
1174 | "int $0x80\n\t" |
1175 | + "vmcode_popf_hlt:\n\t" |
1176 | + "push %ax\n\t" |
1177 | + "popf\n\t" |
1178 | + "hlt\n\t" |
1179 | + "vmcode_umip:\n\t" |
1180 | + /* addressing via displacements */ |
1181 | + "smsw (2052)\n\t" |
1182 | + "sidt (2054)\n\t" |
1183 | + "sgdt (2060)\n\t" |
1184 | + /* addressing via registers */ |
1185 | + "mov $2066, %bx\n\t" |
1186 | + "smsw (%bx)\n\t" |
1187 | + "mov $2068, %bx\n\t" |
1188 | + "sidt (%bx)\n\t" |
1189 | + "mov $2074, %bx\n\t" |
1190 | + "sgdt (%bx)\n\t" |
1191 | + /* register operands, only for smsw */ |
1192 | + "smsw %ax\n\t" |
1193 | + "mov %ax, (2080)\n\t" |
1194 | + "int3\n\t" |
1195 | + "vmcode_umip_str:\n\t" |
1196 | + "str %eax\n\t" |
1197 | + "vmcode_umip_sldt:\n\t" |
1198 | + "sldt %eax\n\t" |
1199 | + "int3\n\t" |
1200 | ".size vmcode, . - vmcode\n\t" |
1201 | "end_vmcode:\n\t" |
1202 | ".code32\n\t" |
1203 | @@ -103,7 +128,8 @@ asm ( |
1204 | |
1205 | extern unsigned char vmcode[], end_vmcode[]; |
1206 | extern unsigned char vmcode_bound[], vmcode_sysenter[], vmcode_syscall[], |
1207 | - vmcode_sti[], vmcode_int3[], vmcode_int80[]; |
1208 | + vmcode_sti[], vmcode_int3[], vmcode_int80[], vmcode_popf_hlt[], |
1209 | + vmcode_umip[], vmcode_umip_str[], vmcode_umip_sldt[]; |
1210 | |
1211 | /* Returns false if the test was skipped. */ |
1212 | static bool do_test(struct vm86plus_struct *v86, unsigned long eip, |
1213 | @@ -153,13 +179,75 @@ static bool do_test(struct vm86plus_struct *v86, unsigned long eip, |
1214 | (VM86_TYPE(ret) == rettype && VM86_ARG(ret) == retarg)) { |
1215 | printf("[OK]\tReturned correctly\n"); |
1216 | } else { |
1217 | - printf("[FAIL]\tIncorrect return reason\n"); |
1218 | + printf("[FAIL]\tIncorrect return reason (started at eip = 0x%lx, ended at eip = 0x%lx)\n", eip, v86->regs.eip); |
1219 | nerrs++; |
1220 | } |
1221 | |
1222 | return true; |
1223 | } |
1224 | |
1225 | +void do_umip_tests(struct vm86plus_struct *vm86, unsigned char *test_mem) |
1226 | +{ |
1227 | + struct table_desc { |
1228 | + unsigned short limit; |
1229 | + unsigned long base; |
1230 | + } __attribute__((packed)); |
1231 | + |
1232 | + /* Initialize variables with arbitrary values */ |
1233 | + struct table_desc gdt1 = { .base = 0x3c3c3c3c, .limit = 0x9999 }; |
1234 | + struct table_desc gdt2 = { .base = 0x1a1a1a1a, .limit = 0xaeae }; |
1235 | + struct table_desc idt1 = { .base = 0x7b7b7b7b, .limit = 0xf1f1 }; |
1236 | + struct table_desc idt2 = { .base = 0x89898989, .limit = 0x1313 }; |
1237 | + unsigned short msw1 = 0x1414, msw2 = 0x2525, msw3 = 3737; |
1238 | + |
1239 | + /* UMIP -- exit with INT3 unless kernel emulation did not trap #GP */ |
1240 | + do_test(vm86, vmcode_umip - vmcode, VM86_TRAP, 3, "UMIP tests"); |
1241 | + |
1242 | + /* Results from displacement-only addressing */ |
1243 | + msw1 = *(unsigned short *)(test_mem + 2052); |
1244 | + memcpy(&idt1, test_mem + 2054, sizeof(idt1)); |
1245 | + memcpy(&gdt1, test_mem + 2060, sizeof(gdt1)); |
1246 | + |
1247 | + /* Results from register-indirect addressing */ |
1248 | + msw2 = *(unsigned short *)(test_mem + 2066); |
1249 | + memcpy(&idt2, test_mem + 2068, sizeof(idt2)); |
1250 | + memcpy(&gdt2, test_mem + 2074, sizeof(gdt2)); |
1251 | + |
1252 | + /* Results when using register operands */ |
1253 | + msw3 = *(unsigned short *)(test_mem + 2080); |
1254 | + |
1255 | + printf("[INFO]\tResult from SMSW:[0x%04x]\n", msw1); |
1256 | + printf("[INFO]\tResult from SIDT: limit[0x%04x]base[0x%08lx]\n", |
1257 | + idt1.limit, idt1.base); |
1258 | + printf("[INFO]\tResult from SGDT: limit[0x%04x]base[0x%08lx]\n", |
1259 | + gdt1.limit, gdt1.base); |
1260 | + |
1261 | + if (msw1 != msw2 || msw1 != msw3) |
1262 | + printf("[FAIL]\tAll the results of SMSW should be the same.\n"); |
1263 | + else |
1264 | + printf("[PASS]\tAll the results from SMSW are identical.\n"); |
1265 | + |
1266 | + if (memcmp(&gdt1, &gdt2, sizeof(gdt1))) |
1267 | + printf("[FAIL]\tAll the results of SGDT should be the same.\n"); |
1268 | + else |
1269 | + printf("[PASS]\tAll the results from SGDT are identical.\n"); |
1270 | + |
1271 | + if (memcmp(&idt1, &idt2, sizeof(idt1))) |
1272 | + printf("[FAIL]\tAll the results of SIDT should be the same.\n"); |
1273 | + else |
1274 | + printf("[PASS]\tAll the results from SIDT are identical.\n"); |
1275 | + |
1276 | + sethandler(SIGILL, sighandler, 0); |
1277 | + do_test(vm86, vmcode_umip_str - vmcode, VM86_SIGNAL, 0, |
1278 | + "STR instruction"); |
1279 | + clearhandler(SIGILL); |
1280 | + |
1281 | + sethandler(SIGILL, sighandler, 0); |
1282 | + do_test(vm86, vmcode_umip_sldt - vmcode, VM86_SIGNAL, 0, |
1283 | + "SLDT instruction"); |
1284 | + clearhandler(SIGILL); |
1285 | +} |
1286 | + |
1287 | int main(void) |
1288 | { |
1289 | struct vm86plus_struct v86; |
1290 | @@ -180,6 +268,9 @@ int main(void) |
1291 | v86.regs.ds = load_addr / 16; |
1292 | v86.regs.es = load_addr / 16; |
1293 | |
1294 | + /* Use the end of the page as our stack. */ |
1295 | + v86.regs.esp = 4096; |
1296 | + |
1297 | assert((v86.regs.cs & 3) == 0); /* Looks like RPL = 0 */ |
1298 | |
1299 | /* #BR -- should deliver SIG??? */ |
1300 | @@ -211,6 +302,23 @@ int main(void) |
1301 | v86.regs.eflags &= ~X86_EFLAGS_IF; |
1302 | do_test(&v86, vmcode_sti - vmcode, VM86_STI, 0, "STI with VIP set"); |
1303 | |
1304 | + /* POPF with VIP set but IF clear: should not trap */ |
1305 | + v86.regs.eflags = X86_EFLAGS_VIP; |
1306 | + v86.regs.eax = 0; |
1307 | + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP set and IF clear"); |
1308 | + |
1309 | + /* POPF with VIP set and IF set: should trap */ |
1310 | + v86.regs.eflags = X86_EFLAGS_VIP; |
1311 | + v86.regs.eax = X86_EFLAGS_IF; |
1312 | + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_STI, 0, "POPF with VIP and IF set"); |
1313 | + |
1314 | + /* POPF with VIP clear and IF set: should not trap */ |
1315 | + v86.regs.eflags = 0; |
1316 | + v86.regs.eax = X86_EFLAGS_IF; |
1317 | + do_test(&v86, vmcode_popf_hlt - vmcode, VM86_UNKNOWN, 0, "POPF with VIP clear and IF set"); |
1318 | + |
1319 | + v86.regs.eflags = 0; |
1320 | + |
1321 | /* INT3 -- should cause #BP */ |
1322 | do_test(&v86, vmcode_int3 - vmcode, VM86_TRAP, 3, "INT3"); |
1323 | |
1324 | @@ -218,6 +326,9 @@ int main(void) |
1325 | v86.regs.eax = (unsigned int)-1; |
1326 | do_test(&v86, vmcode_int80 - vmcode, VM86_INTx, 0x80, "int80"); |
1327 | |
1328 | + /* UMIP -- should exit with INTx 0x80 unless UMIP was not disabled */ |
1329 | + do_umip_tests(&v86, addr); |
1330 | + |
1331 | /* Execute a null pointer */ |
1332 | v86.regs.cs = 0; |
1333 | v86.regs.ss = 0; |
1334 | @@ -231,7 +342,7 @@ int main(void) |
1335 | clearhandler(SIGSEGV); |
1336 | |
1337 | /* Make sure nothing explodes if we fork. */ |
1338 | - if (fork() > 0) |
1339 | + if (fork() == 0) |
1340 | return 0; |
1341 | |
1342 | return (nerrs == 0 ? 0 : 1); |
1343 | diff --git a/virt/kvm/arm/arch_timer.c b/virt/kvm/arm/arch_timer.c |
1344 | index 8e89d63005c7..49a7d8c75937 100644 |
1345 | --- a/virt/kvm/arm/arch_timer.c |
1346 | +++ b/virt/kvm/arm/arch_timer.c |
1347 | @@ -602,7 +602,7 @@ int kvm_timer_hyp_init(void) |
1348 | return err; |
1349 | } |
1350 | |
1351 | - kvm_info("virtual timer IRQ%d\n", host_vtimer_irq); |
1352 | + kvm_debug("virtual timer IRQ%d\n", host_vtimer_irq); |
1353 | |
1354 | cpuhp_setup_state(CPUHP_AP_KVM_ARM_TIMER_STARTING, |
1355 | "kvm/arm/timer:starting", kvm_timer_starting_cpu, |
1356 | diff --git a/virt/kvm/arm/hyp/vgic-v3-sr.c b/virt/kvm/arm/hyp/vgic-v3-sr.c |
1357 | index 91728faa13fd..f2d1d4e8ae59 100644 |
1358 | --- a/virt/kvm/arm/hyp/vgic-v3-sr.c |
1359 | +++ b/virt/kvm/arm/hyp/vgic-v3-sr.c |
1360 | @@ -215,7 +215,8 @@ void __hyp_text __vgic_v3_save_state(struct kvm_vcpu *vcpu) |
1361 | * are now visible to the system register interface. |
1362 | */ |
1363 | if (!cpu_if->vgic_sre) { |
1364 | - dsb(st); |
1365 | + dsb(sy); |
1366 | + isb(); |
1367 | cpu_if->vgic_vmcr = read_gicreg(ICH_VMCR_EL2); |
1368 | } |
1369 | |
1370 | diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c |
1371 | index 9dea96380339..b69798a7880e 100644 |
1372 | --- a/virt/kvm/arm/mmu.c |
1373 | +++ b/virt/kvm/arm/mmu.c |
1374 | @@ -1760,9 +1760,9 @@ int kvm_mmu_init(void) |
1375 | */ |
1376 | BUG_ON((hyp_idmap_start ^ (hyp_idmap_end - 1)) & PAGE_MASK); |
1377 | |
1378 | - kvm_info("IDMAP page: %lx\n", hyp_idmap_start); |
1379 | - kvm_info("HYP VA range: %lx:%lx\n", |
1380 | - kern_hyp_va(PAGE_OFFSET), kern_hyp_va(~0UL)); |
1381 | + kvm_debug("IDMAP page: %lx\n", hyp_idmap_start); |
1382 | + kvm_debug("HYP VA range: %lx:%lx\n", |
1383 | + kern_hyp_va(PAGE_OFFSET), kern_hyp_va(~0UL)); |
1384 | |
1385 | if (hyp_idmap_start >= kern_hyp_va(PAGE_OFFSET) && |
1386 | hyp_idmap_start < kern_hyp_va(~0UL) && |
1387 | diff --git a/virt/kvm/arm/vgic/vgic-v2.c b/virt/kvm/arm/vgic/vgic-v2.c |
1388 | index e4187e52bb26..841d4b27555a 100644 |
1389 | --- a/virt/kvm/arm/vgic/vgic-v2.c |
1390 | +++ b/virt/kvm/arm/vgic/vgic-v2.c |
1391 | @@ -37,6 +37,13 @@ void vgic_v2_init_lrs(void) |
1392 | vgic_v2_write_lr(i, 0); |
1393 | } |
1394 | |
1395 | +void vgic_v2_set_npie(struct kvm_vcpu *vcpu) |
1396 | +{ |
1397 | + struct vgic_v2_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v2; |
1398 | + |
1399 | + cpuif->vgic_hcr |= GICH_HCR_NPIE; |
1400 | +} |
1401 | + |
1402 | void vgic_v2_set_underflow(struct kvm_vcpu *vcpu) |
1403 | { |
1404 | struct vgic_v2_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v2; |
1405 | @@ -63,7 +70,7 @@ void vgic_v2_fold_lr_state(struct kvm_vcpu *vcpu) |
1406 | struct vgic_v2_cpu_if *cpuif = &vgic_cpu->vgic_v2; |
1407 | int lr; |
1408 | |
1409 | - cpuif->vgic_hcr &= ~GICH_HCR_UIE; |
1410 | + cpuif->vgic_hcr &= ~(GICH_HCR_UIE | GICH_HCR_NPIE); |
1411 | |
1412 | for (lr = 0; lr < vgic_cpu->used_lrs; lr++) { |
1413 | u32 val = cpuif->vgic_lr[lr]; |
1414 | @@ -380,7 +387,7 @@ int vgic_v2_probe(const struct gic_kvm_info *info) |
1415 | kvm_vgic_global_state.type = VGIC_V2; |
1416 | kvm_vgic_global_state.max_gic_vcpus = VGIC_V2_MAX_CPUS; |
1417 | |
1418 | - kvm_info("vgic-v2@%llx\n", info->vctrl.start); |
1419 | + kvm_debug("vgic-v2@%llx\n", info->vctrl.start); |
1420 | |
1421 | return 0; |
1422 | out: |
1423 | diff --git a/virt/kvm/arm/vgic/vgic-v3.c b/virt/kvm/arm/vgic/vgic-v3.c |
1424 | index 502f2100e7bf..9dcc31600a8b 100644 |
1425 | --- a/virt/kvm/arm/vgic/vgic-v3.c |
1426 | +++ b/virt/kvm/arm/vgic/vgic-v3.c |
1427 | @@ -25,6 +25,13 @@ static bool group0_trap; |
1428 | static bool group1_trap; |
1429 | static bool common_trap; |
1430 | |
1431 | +void vgic_v3_set_npie(struct kvm_vcpu *vcpu) |
1432 | +{ |
1433 | + struct vgic_v3_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v3; |
1434 | + |
1435 | + cpuif->vgic_hcr |= ICH_HCR_NPIE; |
1436 | +} |
1437 | + |
1438 | void vgic_v3_set_underflow(struct kvm_vcpu *vcpu) |
1439 | { |
1440 | struct vgic_v3_cpu_if *cpuif = &vcpu->arch.vgic_cpu.vgic_v3; |
1441 | @@ -45,7 +52,7 @@ void vgic_v3_fold_lr_state(struct kvm_vcpu *vcpu) |
1442 | u32 model = vcpu->kvm->arch.vgic.vgic_model; |
1443 | int lr; |
1444 | |
1445 | - cpuif->vgic_hcr &= ~ICH_HCR_UIE; |
1446 | + cpuif->vgic_hcr &= ~(ICH_HCR_UIE | ICH_HCR_NPIE); |
1447 | |
1448 | for (lr = 0; lr < vgic_cpu->used_lrs; lr++) { |
1449 | u64 val = cpuif->vgic_lr[lr]; |
1450 | diff --git a/virt/kvm/arm/vgic/vgic.c b/virt/kvm/arm/vgic/vgic.c |
1451 | index da53c6e7d688..c9a8e7b7c300 100644 |
1452 | --- a/virt/kvm/arm/vgic/vgic.c |
1453 | +++ b/virt/kvm/arm/vgic/vgic.c |
1454 | @@ -610,22 +610,37 @@ static inline void vgic_set_underflow(struct kvm_vcpu *vcpu) |
1455 | vgic_v3_set_underflow(vcpu); |
1456 | } |
1457 | |
1458 | +static inline void vgic_set_npie(struct kvm_vcpu *vcpu) |
1459 | +{ |
1460 | + if (kvm_vgic_global_state.type == VGIC_V2) |
1461 | + vgic_v2_set_npie(vcpu); |
1462 | + else |
1463 | + vgic_v3_set_npie(vcpu); |
1464 | +} |
1465 | + |
1466 | /* Requires the ap_list_lock to be held. */ |
1467 | -static int compute_ap_list_depth(struct kvm_vcpu *vcpu) |
1468 | +static int compute_ap_list_depth(struct kvm_vcpu *vcpu, |
1469 | + bool *multi_sgi) |
1470 | { |
1471 | struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; |
1472 | struct vgic_irq *irq; |
1473 | int count = 0; |
1474 | |
1475 | + *multi_sgi = false; |
1476 | + |
1477 | DEBUG_SPINLOCK_BUG_ON(!spin_is_locked(&vgic_cpu->ap_list_lock)); |
1478 | |
1479 | list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { |
1480 | spin_lock(&irq->irq_lock); |
1481 | /* GICv2 SGIs can count for more than one... */ |
1482 | - if (vgic_irq_is_sgi(irq->intid) && irq->source) |
1483 | - count += hweight8(irq->source); |
1484 | - else |
1485 | + if (vgic_irq_is_sgi(irq->intid) && irq->source) { |
1486 | + int w = hweight8(irq->source); |
1487 | + |
1488 | + count += w; |
1489 | + *multi_sgi |= (w > 1); |
1490 | + } else { |
1491 | count++; |
1492 | + } |
1493 | spin_unlock(&irq->irq_lock); |
1494 | } |
1495 | return count; |
1496 | @@ -636,28 +651,43 @@ static void vgic_flush_lr_state(struct kvm_vcpu *vcpu) |
1497 | { |
1498 | struct vgic_cpu *vgic_cpu = &vcpu->arch.vgic_cpu; |
1499 | struct vgic_irq *irq; |
1500 | - int count = 0; |
1501 | + int count; |
1502 | + bool npie = false; |
1503 | + bool multi_sgi; |
1504 | + u8 prio = 0xff; |
1505 | |
1506 | DEBUG_SPINLOCK_BUG_ON(!spin_is_locked(&vgic_cpu->ap_list_lock)); |
1507 | |
1508 | - if (compute_ap_list_depth(vcpu) > kvm_vgic_global_state.nr_lr) |
1509 | + count = compute_ap_list_depth(vcpu, &multi_sgi); |
1510 | + if (count > kvm_vgic_global_state.nr_lr || multi_sgi) |
1511 | vgic_sort_ap_list(vcpu); |
1512 | |
1513 | + count = 0; |
1514 | + |
1515 | list_for_each_entry(irq, &vgic_cpu->ap_list_head, ap_list) { |
1516 | spin_lock(&irq->irq_lock); |
1517 | |
1518 | - if (unlikely(vgic_target_oracle(irq) != vcpu)) |
1519 | - goto next; |
1520 | - |
1521 | /* |
1522 | - * If we get an SGI with multiple sources, try to get |
1523 | - * them in all at once. |
1524 | + * If we have multi-SGIs in the pipeline, we need to |
1525 | + * guarantee that they are all seen before any IRQ of |
1526 | + * lower priority. In that case, we need to filter out |
1527 | + * these interrupts by exiting early. This is easy as |
1528 | + * the AP list has been sorted already. |
1529 | */ |
1530 | - do { |
1531 | + if (multi_sgi && irq->priority > prio) { |
1532 | + spin_unlock(&irq->irq_lock); |
1533 | + break; |
1534 | + } |
1535 | + |
1536 | + if (likely(vgic_target_oracle(irq) == vcpu)) { |
1537 | vgic_populate_lr(vcpu, irq, count++); |
1538 | - } while (irq->source && count < kvm_vgic_global_state.nr_lr); |
1539 | |
1540 | -next: |
1541 | + if (irq->source) { |
1542 | + npie = true; |
1543 | + prio = irq->priority; |
1544 | + } |
1545 | + } |
1546 | + |
1547 | spin_unlock(&irq->irq_lock); |
1548 | |
1549 | if (count == kvm_vgic_global_state.nr_lr) { |
1550 | @@ -668,6 +698,9 @@ static void vgic_flush_lr_state(struct kvm_vcpu *vcpu) |
1551 | } |
1552 | } |
1553 | |
1554 | + if (npie) |
1555 | + vgic_set_npie(vcpu); |
1556 | + |
1557 | vcpu->arch.vgic_cpu.used_lrs = count; |
1558 | |
1559 | /* Nuke remaining LRs */ |
1560 | diff --git a/virt/kvm/arm/vgic/vgic.h b/virt/kvm/arm/vgic/vgic.h |
1561 | index bf9ceab67c77..f7450dc41ab3 100644 |
1562 | --- a/virt/kvm/arm/vgic/vgic.h |
1563 | +++ b/virt/kvm/arm/vgic/vgic.h |
1564 | @@ -150,6 +150,7 @@ void vgic_v2_fold_lr_state(struct kvm_vcpu *vcpu); |
1565 | void vgic_v2_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr); |
1566 | void vgic_v2_clear_lr(struct kvm_vcpu *vcpu, int lr); |
1567 | void vgic_v2_set_underflow(struct kvm_vcpu *vcpu); |
1568 | +void vgic_v2_set_npie(struct kvm_vcpu *vcpu); |
1569 | int vgic_v2_has_attr_regs(struct kvm_device *dev, struct kvm_device_attr *attr); |
1570 | int vgic_v2_dist_uaccess(struct kvm_vcpu *vcpu, bool is_write, |
1571 | int offset, u32 *val); |
1572 | @@ -179,6 +180,7 @@ void vgic_v3_fold_lr_state(struct kvm_vcpu *vcpu); |
1573 | void vgic_v3_populate_lr(struct kvm_vcpu *vcpu, struct vgic_irq *irq, int lr); |
1574 | void vgic_v3_clear_lr(struct kvm_vcpu *vcpu, int lr); |
1575 | void vgic_v3_set_underflow(struct kvm_vcpu *vcpu); |
1576 | +void vgic_v3_set_npie(struct kvm_vcpu *vcpu); |
1577 | void vgic_v3_set_vmcr(struct kvm_vcpu *vcpu, struct vgic_vmcr *vmcr); |
1578 | void vgic_v3_get_vmcr(struct kvm_vcpu *vcpu, struct vgic_vmcr *vmcr); |
1579 | void vgic_v3_enable(struct kvm_vcpu *vcpu); |