Annotation of /trunk/kernel-alx/patches-4.19/0106-4.19.7-all-fixes.patch
Parent Directory
|
Revision Log
Revision 3385 -
(hide annotations)
(download)
Fri Aug 2 11:47:07 2019 UTC (4 years, 10 months ago) by niro
File size: 184818 byte(s)
Fri Aug 2 11:47:07 2019 UTC (4 years, 10 months ago) by niro
File size: 184818 byte(s)
-linux-4.19.7
1 | niro | 3385 | diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt |
2 | index fa4eec22816d..0c404cda531a 100644 | ||
3 | --- a/Documentation/admin-guide/kernel-parameters.txt | ||
4 | +++ b/Documentation/admin-guide/kernel-parameters.txt | ||
5 | @@ -4169,9 +4169,13 @@ | ||
6 | |||
7 | spectre_v2= [X86] Control mitigation of Spectre variant 2 | ||
8 | (indirect branch speculation) vulnerability. | ||
9 | + The default operation protects the kernel from | ||
10 | + user space attacks. | ||
11 | |||
12 | - on - unconditionally enable | ||
13 | - off - unconditionally disable | ||
14 | + on - unconditionally enable, implies | ||
15 | + spectre_v2_user=on | ||
16 | + off - unconditionally disable, implies | ||
17 | + spectre_v2_user=off | ||
18 | auto - kernel detects whether your CPU model is | ||
19 | vulnerable | ||
20 | |||
21 | @@ -4181,6 +4185,12 @@ | ||
22 | CONFIG_RETPOLINE configuration option, and the | ||
23 | compiler with which the kernel was built. | ||
24 | |||
25 | + Selecting 'on' will also enable the mitigation | ||
26 | + against user space to user space task attacks. | ||
27 | + | ||
28 | + Selecting 'off' will disable both the kernel and | ||
29 | + the user space protections. | ||
30 | + | ||
31 | Specific mitigations can also be selected manually: | ||
32 | |||
33 | retpoline - replace indirect branches | ||
34 | @@ -4190,6 +4200,48 @@ | ||
35 | Not specifying this option is equivalent to | ||
36 | spectre_v2=auto. | ||
37 | |||
38 | + spectre_v2_user= | ||
39 | + [X86] Control mitigation of Spectre variant 2 | ||
40 | + (indirect branch speculation) vulnerability between | ||
41 | + user space tasks | ||
42 | + | ||
43 | + on - Unconditionally enable mitigations. Is | ||
44 | + enforced by spectre_v2=on | ||
45 | + | ||
46 | + off - Unconditionally disable mitigations. Is | ||
47 | + enforced by spectre_v2=off | ||
48 | + | ||
49 | + prctl - Indirect branch speculation is enabled, | ||
50 | + but mitigation can be enabled via prctl | ||
51 | + per thread. The mitigation control state | ||
52 | + is inherited on fork. | ||
53 | + | ||
54 | + prctl,ibpb | ||
55 | + - Like "prctl" above, but only STIBP is | ||
56 | + controlled per thread. IBPB is issued | ||
57 | + always when switching between different user | ||
58 | + space processes. | ||
59 | + | ||
60 | + seccomp | ||
61 | + - Same as "prctl" above, but all seccomp | ||
62 | + threads will enable the mitigation unless | ||
63 | + they explicitly opt out. | ||
64 | + | ||
65 | + seccomp,ibpb | ||
66 | + - Like "seccomp" above, but only STIBP is | ||
67 | + controlled per thread. IBPB is issued | ||
68 | + always when switching between different | ||
69 | + user space processes. | ||
70 | + | ||
71 | + auto - Kernel selects the mitigation depending on | ||
72 | + the available CPU features and vulnerability. | ||
73 | + | ||
74 | + Default mitigation: | ||
75 | + If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl" | ||
76 | + | ||
77 | + Not specifying this option is equivalent to | ||
78 | + spectre_v2_user=auto. | ||
79 | + | ||
80 | spec_store_bypass_disable= | ||
81 | [HW] Control Speculative Store Bypass (SSB) Disable mitigation | ||
82 | (Speculative Store Bypass vulnerability) | ||
83 | diff --git a/Documentation/userspace-api/spec_ctrl.rst b/Documentation/userspace-api/spec_ctrl.rst | ||
84 | index 32f3d55c54b7..c4dbe6f7cdae 100644 | ||
85 | --- a/Documentation/userspace-api/spec_ctrl.rst | ||
86 | +++ b/Documentation/userspace-api/spec_ctrl.rst | ||
87 | @@ -92,3 +92,12 @@ Speculation misfeature controls | ||
88 | * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); | ||
89 | * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); | ||
90 | * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); | ||
91 | + | ||
92 | +- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes | ||
93 | + (Mitigate Spectre V2 style attacks against user processes) | ||
94 | + | ||
95 | + Invocations: | ||
96 | + * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0); | ||
97 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); | ||
98 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); | ||
99 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); | ||
100 | diff --git a/Makefile b/Makefile | ||
101 | index 20cbb8e84650..d2b4efcfb388 100644 | ||
102 | --- a/Makefile | ||
103 | +++ b/Makefile | ||
104 | @@ -1,7 +1,7 @@ | ||
105 | # SPDX-License-Identifier: GPL-2.0 | ||
106 | VERSION = 4 | ||
107 | PATCHLEVEL = 19 | ||
108 | -SUBLEVEL = 6 | ||
109 | +SUBLEVEL = 7 | ||
110 | EXTRAVERSION = | ||
111 | NAME = "People's Front" | ||
112 | |||
113 | diff --git a/arch/arm/boot/dts/rk3288-veyron.dtsi b/arch/arm/boot/dts/rk3288-veyron.dtsi | ||
114 | index 2075120cfc4d..d8bf939a3aff 100644 | ||
115 | --- a/arch/arm/boot/dts/rk3288-veyron.dtsi | ||
116 | +++ b/arch/arm/boot/dts/rk3288-veyron.dtsi | ||
117 | @@ -10,7 +10,11 @@ | ||
118 | #include "rk3288.dtsi" | ||
119 | |||
120 | / { | ||
121 | - memory@0 { | ||
122 | + /* | ||
123 | + * The default coreboot on veyron devices ignores memory@0 nodes | ||
124 | + * and would instead create another memory node. | ||
125 | + */ | ||
126 | + memory { | ||
127 | device_type = "memory"; | ||
128 | reg = <0x0 0x0 0x0 0x80000000>; | ||
129 | }; | ||
130 | diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c | ||
131 | index 5617932a83df..ee673c09aa6c 100644 | ||
132 | --- a/arch/arm/kernel/ftrace.c | ||
133 | +++ b/arch/arm/kernel/ftrace.c | ||
134 | @@ -227,9 +227,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, | ||
135 | unsigned long frame_pointer) | ||
136 | { | ||
137 | unsigned long return_hooker = (unsigned long) &return_to_handler; | ||
138 | - struct ftrace_graph_ent trace; | ||
139 | unsigned long old; | ||
140 | - int err; | ||
141 | |||
142 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) | ||
143 | return; | ||
144 | @@ -237,21 +235,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, | ||
145 | old = *parent; | ||
146 | *parent = return_hooker; | ||
147 | |||
148 | - trace.func = self_addr; | ||
149 | - trace.depth = current->curr_ret_stack + 1; | ||
150 | - | ||
151 | - /* Only trace if the calling function expects to */ | ||
152 | - if (!ftrace_graph_entry(&trace)) { | ||
153 | + if (function_graph_enter(old, self_addr, frame_pointer, NULL)) | ||
154 | *parent = old; | ||
155 | - return; | ||
156 | - } | ||
157 | - | ||
158 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, | ||
159 | - frame_pointer, NULL); | ||
160 | - if (err == -EBUSY) { | ||
161 | - *parent = old; | ||
162 | - return; | ||
163 | - } | ||
164 | } | ||
165 | |||
166 | #ifdef CONFIG_DYNAMIC_FTRACE | ||
167 | diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts b/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | ||
168 | index e0d64f862322..8ce4a79d9360 100644 | ||
169 | --- a/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | ||
170 | +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | ||
171 | @@ -153,7 +153,7 @@ | ||
172 | }; | ||
173 | |||
174 | &pcie0 { | ||
175 | - ep-gpios = <&gpio4 RK_PC6 GPIO_ACTIVE_LOW>; | ||
176 | + ep-gpios = <&gpio4 RK_PC6 GPIO_ACTIVE_HIGH>; | ||
177 | num-lanes = <4>; | ||
178 | pinctrl-names = "default"; | ||
179 | pinctrl-0 = <&pcie_clkreqn_cpm>; | ||
180 | diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c | ||
181 | index 50986e388d2b..57e962290df3 100644 | ||
182 | --- a/arch/arm64/kernel/ftrace.c | ||
183 | +++ b/arch/arm64/kernel/ftrace.c | ||
184 | @@ -216,8 +216,6 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, | ||
185 | { | ||
186 | unsigned long return_hooker = (unsigned long)&return_to_handler; | ||
187 | unsigned long old; | ||
188 | - struct ftrace_graph_ent trace; | ||
189 | - int err; | ||
190 | |||
191 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) | ||
192 | return; | ||
193 | @@ -229,18 +227,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, | ||
194 | */ | ||
195 | old = *parent; | ||
196 | |||
197 | - trace.func = self_addr; | ||
198 | - trace.depth = current->curr_ret_stack + 1; | ||
199 | - | ||
200 | - /* Only trace if the calling function expects to */ | ||
201 | - if (!ftrace_graph_entry(&trace)) | ||
202 | - return; | ||
203 | - | ||
204 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, | ||
205 | - frame_pointer, NULL); | ||
206 | - if (err == -EBUSY) | ||
207 | - return; | ||
208 | - else | ||
209 | + if (!function_graph_enter(old, self_addr, frame_pointer, NULL)) | ||
210 | *parent = return_hooker; | ||
211 | } | ||
212 | |||
213 | diff --git a/arch/microblaze/kernel/ftrace.c b/arch/microblaze/kernel/ftrace.c | ||
214 | index d57563c58a26..224eea40e1ee 100644 | ||
215 | --- a/arch/microblaze/kernel/ftrace.c | ||
216 | +++ b/arch/microblaze/kernel/ftrace.c | ||
217 | @@ -22,8 +22,7 @@ | ||
218 | void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) | ||
219 | { | ||
220 | unsigned long old; | ||
221 | - int faulted, err; | ||
222 | - struct ftrace_graph_ent trace; | ||
223 | + int faulted; | ||
224 | unsigned long return_hooker = (unsigned long) | ||
225 | &return_to_handler; | ||
226 | |||
227 | @@ -63,18 +62,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) | ||
228 | return; | ||
229 | } | ||
230 | |||
231 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, 0, NULL); | ||
232 | - if (err == -EBUSY) { | ||
233 | + if (function_graph_enter(old, self_addr, 0, NULL)) | ||
234 | *parent = old; | ||
235 | - return; | ||
236 | - } | ||
237 | - | ||
238 | - trace.func = self_addr; | ||
239 | - /* Only trace if the calling function expects to */ | ||
240 | - if (!ftrace_graph_entry(&trace)) { | ||
241 | - current->curr_ret_stack--; | ||
242 | - *parent = old; | ||
243 | - } | ||
244 | } | ||
245 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ | ||
246 | |||
247 | diff --git a/arch/mips/kernel/ftrace.c b/arch/mips/kernel/ftrace.c | ||
248 | index 7f3dfdbc3657..b122cbb4aad1 100644 | ||
249 | --- a/arch/mips/kernel/ftrace.c | ||
250 | +++ b/arch/mips/kernel/ftrace.c | ||
251 | @@ -322,7 +322,6 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, | ||
252 | unsigned long fp) | ||
253 | { | ||
254 | unsigned long old_parent_ra; | ||
255 | - struct ftrace_graph_ent trace; | ||
256 | unsigned long return_hooker = (unsigned long) | ||
257 | &return_to_handler; | ||
258 | int faulted, insns; | ||
259 | @@ -369,12 +368,6 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, | ||
260 | if (unlikely(faulted)) | ||
261 | goto out; | ||
262 | |||
263 | - if (ftrace_push_return_trace(old_parent_ra, self_ra, &trace.depth, fp, | ||
264 | - NULL) == -EBUSY) { | ||
265 | - *parent_ra_addr = old_parent_ra; | ||
266 | - return; | ||
267 | - } | ||
268 | - | ||
269 | /* | ||
270 | * Get the recorded ip of the current mcount calling site in the | ||
271 | * __mcount_loc section, which will be used to filter the function | ||
272 | @@ -382,13 +375,10 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, | ||
273 | */ | ||
274 | |||
275 | insns = core_kernel_text(self_ra) ? 2 : MCOUNT_OFFSET_INSNS + 1; | ||
276 | - trace.func = self_ra - (MCOUNT_INSN_SIZE * insns); | ||
277 | + self_ra -= (MCOUNT_INSN_SIZE * insns); | ||
278 | |||
279 | - /* Only trace if the calling function expects to */ | ||
280 | - if (!ftrace_graph_entry(&trace)) { | ||
281 | - current->curr_ret_stack--; | ||
282 | + if (function_graph_enter(old_parent_ra, self_ra, fp, NULL)) | ||
283 | *parent_ra_addr = old_parent_ra; | ||
284 | - } | ||
285 | return; | ||
286 | out: | ||
287 | ftrace_graph_stop(); | ||
288 | diff --git a/arch/nds32/kernel/ftrace.c b/arch/nds32/kernel/ftrace.c | ||
289 | index a0a9679ad5de..8a41372551ff 100644 | ||
290 | --- a/arch/nds32/kernel/ftrace.c | ||
291 | +++ b/arch/nds32/kernel/ftrace.c | ||
292 | @@ -211,29 +211,15 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, | ||
293 | unsigned long frame_pointer) | ||
294 | { | ||
295 | unsigned long return_hooker = (unsigned long)&return_to_handler; | ||
296 | - struct ftrace_graph_ent trace; | ||
297 | unsigned long old; | ||
298 | - int err; | ||
299 | |||
300 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) | ||
301 | return; | ||
302 | |||
303 | old = *parent; | ||
304 | |||
305 | - trace.func = self_addr; | ||
306 | - trace.depth = current->curr_ret_stack + 1; | ||
307 | - | ||
308 | - /* Only trace if the calling function expects to */ | ||
309 | - if (!ftrace_graph_entry(&trace)) | ||
310 | - return; | ||
311 | - | ||
312 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, | ||
313 | - frame_pointer, NULL); | ||
314 | - | ||
315 | - if (err == -EBUSY) | ||
316 | - return; | ||
317 | - | ||
318 | - *parent = return_hooker; | ||
319 | + if (!function_graph_enter(old, self_addr, frame_pointer, NULL)) | ||
320 | + *parent = return_hooker; | ||
321 | } | ||
322 | |||
323 | noinline void ftrace_graph_caller(void) | ||
324 | diff --git a/arch/parisc/kernel/ftrace.c b/arch/parisc/kernel/ftrace.c | ||
325 | index 6fa8535d3cce..e46a4157a894 100644 | ||
326 | --- a/arch/parisc/kernel/ftrace.c | ||
327 | +++ b/arch/parisc/kernel/ftrace.c | ||
328 | @@ -30,7 +30,6 @@ static void __hot prepare_ftrace_return(unsigned long *parent, | ||
329 | unsigned long self_addr) | ||
330 | { | ||
331 | unsigned long old; | ||
332 | - struct ftrace_graph_ent trace; | ||
333 | extern int parisc_return_to_handler; | ||
334 | |||
335 | if (unlikely(ftrace_graph_is_dead())) | ||
336 | @@ -41,19 +40,9 @@ static void __hot prepare_ftrace_return(unsigned long *parent, | ||
337 | |||
338 | old = *parent; | ||
339 | |||
340 | - trace.func = self_addr; | ||
341 | - trace.depth = current->curr_ret_stack + 1; | ||
342 | - | ||
343 | - /* Only trace if the calling function expects to */ | ||
344 | - if (!ftrace_graph_entry(&trace)) | ||
345 | - return; | ||
346 | - | ||
347 | - if (ftrace_push_return_trace(old, self_addr, &trace.depth, | ||
348 | - 0, NULL) == -EBUSY) | ||
349 | - return; | ||
350 | - | ||
351 | - /* activate parisc_return_to_handler() as return point */ | ||
352 | - *parent = (unsigned long) &parisc_return_to_handler; | ||
353 | + if (!function_graph_enter(old, self_addr, 0, NULL)) | ||
354 | + /* activate parisc_return_to_handler() as return point */ | ||
355 | + *parent = (unsigned long) &parisc_return_to_handler; | ||
356 | } | ||
357 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ | ||
358 | |||
359 | diff --git a/arch/powerpc/kernel/trace/ftrace.c b/arch/powerpc/kernel/trace/ftrace.c | ||
360 | index 4bfbb54dee51..19ef4f5866b6 100644 | ||
361 | --- a/arch/powerpc/kernel/trace/ftrace.c | ||
362 | +++ b/arch/powerpc/kernel/trace/ftrace.c | ||
363 | @@ -697,7 +697,6 @@ int ftrace_disable_ftrace_graph_caller(void) | ||
364 | */ | ||
365 | unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) | ||
366 | { | ||
367 | - struct ftrace_graph_ent trace; | ||
368 | unsigned long return_hooker; | ||
369 | |||
370 | if (unlikely(ftrace_graph_is_dead())) | ||
371 | @@ -708,18 +707,8 @@ unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) | ||
372 | |||
373 | return_hooker = ppc_function_entry(return_to_handler); | ||
374 | |||
375 | - trace.func = ip; | ||
376 | - trace.depth = current->curr_ret_stack + 1; | ||
377 | - | ||
378 | - /* Only trace if the calling function expects to */ | ||
379 | - if (!ftrace_graph_entry(&trace)) | ||
380 | - goto out; | ||
381 | - | ||
382 | - if (ftrace_push_return_trace(parent, ip, &trace.depth, 0, | ||
383 | - NULL) == -EBUSY) | ||
384 | - goto out; | ||
385 | - | ||
386 | - parent = return_hooker; | ||
387 | + if (!function_graph_enter(parent, ip, 0, NULL)) | ||
388 | + parent = return_hooker; | ||
389 | out: | ||
390 | return parent; | ||
391 | } | ||
392 | diff --git a/arch/riscv/kernel/ftrace.c b/arch/riscv/kernel/ftrace.c | ||
393 | index 1157b6b52d25..c433f6d3dd64 100644 | ||
394 | --- a/arch/riscv/kernel/ftrace.c | ||
395 | +++ b/arch/riscv/kernel/ftrace.c | ||
396 | @@ -132,7 +132,6 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, | ||
397 | { | ||
398 | unsigned long return_hooker = (unsigned long)&return_to_handler; | ||
399 | unsigned long old; | ||
400 | - struct ftrace_graph_ent trace; | ||
401 | int err; | ||
402 | |||
403 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) | ||
404 | @@ -144,17 +143,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, | ||
405 | */ | ||
406 | old = *parent; | ||
407 | |||
408 | - trace.func = self_addr; | ||
409 | - trace.depth = current->curr_ret_stack + 1; | ||
410 | - | ||
411 | - if (!ftrace_graph_entry(&trace)) | ||
412 | - return; | ||
413 | - | ||
414 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, | ||
415 | - frame_pointer, parent); | ||
416 | - if (err == -EBUSY) | ||
417 | - return; | ||
418 | - *parent = return_hooker; | ||
419 | + if (function_graph_enter(old, self_addr, frame_pointer, parent)) | ||
420 | + *parent = return_hooker; | ||
421 | } | ||
422 | |||
423 | #ifdef CONFIG_DYNAMIC_FTRACE | ||
424 | diff --git a/arch/s390/kernel/ftrace.c b/arch/s390/kernel/ftrace.c | ||
425 | index 84be7f02d0c2..39b13d71a8fe 100644 | ||
426 | --- a/arch/s390/kernel/ftrace.c | ||
427 | +++ b/arch/s390/kernel/ftrace.c | ||
428 | @@ -203,22 +203,13 @@ device_initcall(ftrace_plt_init); | ||
429 | */ | ||
430 | unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) | ||
431 | { | ||
432 | - struct ftrace_graph_ent trace; | ||
433 | - | ||
434 | if (unlikely(ftrace_graph_is_dead())) | ||
435 | goto out; | ||
436 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) | ||
437 | goto out; | ||
438 | ip -= MCOUNT_INSN_SIZE; | ||
439 | - trace.func = ip; | ||
440 | - trace.depth = current->curr_ret_stack + 1; | ||
441 | - /* Only trace if the calling function expects to. */ | ||
442 | - if (!ftrace_graph_entry(&trace)) | ||
443 | - goto out; | ||
444 | - if (ftrace_push_return_trace(parent, ip, &trace.depth, 0, | ||
445 | - NULL) == -EBUSY) | ||
446 | - goto out; | ||
447 | - parent = (unsigned long) return_to_handler; | ||
448 | + if (!function_graph_enter(parent, ip, 0, NULL)) | ||
449 | + parent = (unsigned long) return_to_handler; | ||
450 | out: | ||
451 | return parent; | ||
452 | } | ||
453 | diff --git a/arch/sh/kernel/ftrace.c b/arch/sh/kernel/ftrace.c | ||
454 | index 96dd9f7da250..1b04270e5460 100644 | ||
455 | --- a/arch/sh/kernel/ftrace.c | ||
456 | +++ b/arch/sh/kernel/ftrace.c | ||
457 | @@ -321,8 +321,7 @@ int ftrace_disable_ftrace_graph_caller(void) | ||
458 | void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) | ||
459 | { | ||
460 | unsigned long old; | ||
461 | - int faulted, err; | ||
462 | - struct ftrace_graph_ent trace; | ||
463 | + int faulted; | ||
464 | unsigned long return_hooker = (unsigned long)&return_to_handler; | ||
465 | |||
466 | if (unlikely(ftrace_graph_is_dead())) | ||
467 | @@ -365,18 +364,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) | ||
468 | return; | ||
469 | } | ||
470 | |||
471 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, 0, NULL); | ||
472 | - if (err == -EBUSY) { | ||
473 | + if (function_graph_enter(old, self_addr, 0, NULL)) | ||
474 | __raw_writel(old, parent); | ||
475 | - return; | ||
476 | - } | ||
477 | - | ||
478 | - trace.func = self_addr; | ||
479 | - | ||
480 | - /* Only trace if the calling function expects to */ | ||
481 | - if (!ftrace_graph_entry(&trace)) { | ||
482 | - current->curr_ret_stack--; | ||
483 | - __raw_writel(old, parent); | ||
484 | - } | ||
485 | } | ||
486 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ | ||
487 | diff --git a/arch/sparc/kernel/ftrace.c b/arch/sparc/kernel/ftrace.c | ||
488 | index 915dda4ae412..684b84ce397f 100644 | ||
489 | --- a/arch/sparc/kernel/ftrace.c | ||
490 | +++ b/arch/sparc/kernel/ftrace.c | ||
491 | @@ -126,20 +126,11 @@ unsigned long prepare_ftrace_return(unsigned long parent, | ||
492 | unsigned long frame_pointer) | ||
493 | { | ||
494 | unsigned long return_hooker = (unsigned long) &return_to_handler; | ||
495 | - struct ftrace_graph_ent trace; | ||
496 | |||
497 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) | ||
498 | return parent + 8UL; | ||
499 | |||
500 | - trace.func = self_addr; | ||
501 | - trace.depth = current->curr_ret_stack + 1; | ||
502 | - | ||
503 | - /* Only trace if the calling function expects to */ | ||
504 | - if (!ftrace_graph_entry(&trace)) | ||
505 | - return parent + 8UL; | ||
506 | - | ||
507 | - if (ftrace_push_return_trace(parent, self_addr, &trace.depth, | ||
508 | - frame_pointer, NULL) == -EBUSY) | ||
509 | + if (function_graph_enter(parent, self_addr, frame_pointer, NULL)) | ||
510 | return parent + 8UL; | ||
511 | |||
512 | return return_hooker; | ||
513 | diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig | ||
514 | index 1a0be022f91d..44c6a82b7ce5 100644 | ||
515 | --- a/arch/x86/Kconfig | ||
516 | +++ b/arch/x86/Kconfig | ||
517 | @@ -441,10 +441,6 @@ config RETPOLINE | ||
518 | branches. Requires a compiler with -mindirect-branch=thunk-extern | ||
519 | support for full protection. The kernel may run slower. | ||
520 | |||
521 | - Without compiler support, at least indirect branches in assembler | ||
522 | - code are eliminated. Since this includes the syscall entry path, | ||
523 | - it is not entirely pointless. | ||
524 | - | ||
525 | config INTEL_RDT | ||
526 | bool "Intel Resource Director Technology support" | ||
527 | default n | ||
528 | @@ -1005,13 +1001,7 @@ config NR_CPUS | ||
529 | to the kernel image. | ||
530 | |||
531 | config SCHED_SMT | ||
532 | - bool "SMT (Hyperthreading) scheduler support" | ||
533 | - depends on SMP | ||
534 | - ---help--- | ||
535 | - SMT scheduler support improves the CPU scheduler's decision making | ||
536 | - when dealing with Intel Pentium 4 chips with HyperThreading at a | ||
537 | - cost of slightly increased overhead in some places. If unsure say | ||
538 | - N here. | ||
539 | + def_bool y if SMP | ||
540 | |||
541 | config SCHED_MC | ||
542 | def_bool y | ||
543 | diff --git a/arch/x86/Makefile b/arch/x86/Makefile | ||
544 | index 8f6e7eb8ae9f..9298f0f3817a 100644 | ||
545 | --- a/arch/x86/Makefile | ||
546 | +++ b/arch/x86/Makefile | ||
547 | @@ -223,9 +223,10 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables | ||
548 | |||
549 | # Avoid indirect branches in kernel to deal with Spectre | ||
550 | ifdef CONFIG_RETPOLINE | ||
551 | -ifneq ($(RETPOLINE_CFLAGS),) | ||
552 | - KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE | ||
553 | +ifeq ($(RETPOLINE_CFLAGS),) | ||
554 | + $(error You are building kernel with non-retpoline compiler, please update your compiler.) | ||
555 | endif | ||
556 | + KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) | ||
557 | endif | ||
558 | |||
559 | archscripts: scripts_basic | ||
560 | diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c | ||
561 | index dfb2f7c0d019..c8d08da5b308 100644 | ||
562 | --- a/arch/x86/events/core.c | ||
563 | +++ b/arch/x86/events/core.c | ||
564 | @@ -438,26 +438,6 @@ int x86_setup_perfctr(struct perf_event *event) | ||
565 | if (config == -1LL) | ||
566 | return -EINVAL; | ||
567 | |||
568 | - /* | ||
569 | - * Branch tracing: | ||
570 | - */ | ||
571 | - if (attr->config == PERF_COUNT_HW_BRANCH_INSTRUCTIONS && | ||
572 | - !attr->freq && hwc->sample_period == 1) { | ||
573 | - /* BTS is not supported by this architecture. */ | ||
574 | - if (!x86_pmu.bts_active) | ||
575 | - return -EOPNOTSUPP; | ||
576 | - | ||
577 | - /* BTS is currently only allowed for user-mode. */ | ||
578 | - if (!attr->exclude_kernel) | ||
579 | - return -EOPNOTSUPP; | ||
580 | - | ||
581 | - /* disallow bts if conflicting events are present */ | ||
582 | - if (x86_add_exclusive(x86_lbr_exclusive_lbr)) | ||
583 | - return -EBUSY; | ||
584 | - | ||
585 | - event->destroy = hw_perf_lbr_event_destroy; | ||
586 | - } | ||
587 | - | ||
588 | hwc->config |= config; | ||
589 | |||
590 | return 0; | ||
591 | diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c | ||
592 | index 035c37481f57..155fa4b53c56 100644 | ||
593 | --- a/arch/x86/events/intel/core.c | ||
594 | +++ b/arch/x86/events/intel/core.c | ||
595 | @@ -2358,16 +2358,7 @@ done: | ||
596 | static struct event_constraint * | ||
597 | intel_bts_constraints(struct perf_event *event) | ||
598 | { | ||
599 | - struct hw_perf_event *hwc = &event->hw; | ||
600 | - unsigned int hw_event, bts_event; | ||
601 | - | ||
602 | - if (event->attr.freq) | ||
603 | - return NULL; | ||
604 | - | ||
605 | - hw_event = hwc->config & INTEL_ARCH_EVENT_MASK; | ||
606 | - bts_event = x86_pmu.event_map(PERF_COUNT_HW_BRANCH_INSTRUCTIONS); | ||
607 | - | ||
608 | - if (unlikely(hw_event == bts_event && hwc->sample_period == 1)) | ||
609 | + if (unlikely(intel_pmu_has_bts(event))) | ||
610 | return &bts_constraint; | ||
611 | |||
612 | return NULL; | ||
613 | @@ -2986,10 +2977,51 @@ static unsigned long intel_pmu_large_pebs_flags(struct perf_event *event) | ||
614 | return flags; | ||
615 | } | ||
616 | |||
617 | +static int intel_pmu_bts_config(struct perf_event *event) | ||
618 | +{ | ||
619 | + struct perf_event_attr *attr = &event->attr; | ||
620 | + | ||
621 | + if (unlikely(intel_pmu_has_bts(event))) { | ||
622 | + /* BTS is not supported by this architecture. */ | ||
623 | + if (!x86_pmu.bts_active) | ||
624 | + return -EOPNOTSUPP; | ||
625 | + | ||
626 | + /* BTS is currently only allowed for user-mode. */ | ||
627 | + if (!attr->exclude_kernel) | ||
628 | + return -EOPNOTSUPP; | ||
629 | + | ||
630 | + /* BTS is not allowed for precise events. */ | ||
631 | + if (attr->precise_ip) | ||
632 | + return -EOPNOTSUPP; | ||
633 | + | ||
634 | + /* disallow bts if conflicting events are present */ | ||
635 | + if (x86_add_exclusive(x86_lbr_exclusive_lbr)) | ||
636 | + return -EBUSY; | ||
637 | + | ||
638 | + event->destroy = hw_perf_lbr_event_destroy; | ||
639 | + } | ||
640 | + | ||
641 | + return 0; | ||
642 | +} | ||
643 | + | ||
644 | +static int core_pmu_hw_config(struct perf_event *event) | ||
645 | +{ | ||
646 | + int ret = x86_pmu_hw_config(event); | ||
647 | + | ||
648 | + if (ret) | ||
649 | + return ret; | ||
650 | + | ||
651 | + return intel_pmu_bts_config(event); | ||
652 | +} | ||
653 | + | ||
654 | static int intel_pmu_hw_config(struct perf_event *event) | ||
655 | { | ||
656 | int ret = x86_pmu_hw_config(event); | ||
657 | |||
658 | + if (ret) | ||
659 | + return ret; | ||
660 | + | ||
661 | + ret = intel_pmu_bts_config(event); | ||
662 | if (ret) | ||
663 | return ret; | ||
664 | |||
665 | @@ -3015,7 +3047,7 @@ static int intel_pmu_hw_config(struct perf_event *event) | ||
666 | /* | ||
667 | * BTS is set up earlier in this path, so don't account twice | ||
668 | */ | ||
669 | - if (!intel_pmu_has_bts(event)) { | ||
670 | + if (!unlikely(intel_pmu_has_bts(event))) { | ||
671 | /* disallow lbr if conflicting events are present */ | ||
672 | if (x86_add_exclusive(x86_lbr_exclusive_lbr)) | ||
673 | return -EBUSY; | ||
674 | @@ -3478,7 +3510,7 @@ static __initconst const struct x86_pmu core_pmu = { | ||
675 | .enable_all = core_pmu_enable_all, | ||
676 | .enable = core_pmu_enable_event, | ||
677 | .disable = x86_pmu_disable_event, | ||
678 | - .hw_config = x86_pmu_hw_config, | ||
679 | + .hw_config = core_pmu_hw_config, | ||
680 | .schedule_events = x86_schedule_events, | ||
681 | .eventsel = MSR_ARCH_PERFMON_EVENTSEL0, | ||
682 | .perfctr = MSR_ARCH_PERFMON_PERFCTR0, | ||
683 | diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h | ||
684 | index 156286335351..c5ad9cc61f4b 100644 | ||
685 | --- a/arch/x86/events/perf_event.h | ||
686 | +++ b/arch/x86/events/perf_event.h | ||
687 | @@ -857,11 +857,16 @@ static inline int amd_pmu_init(void) | ||
688 | |||
689 | static inline bool intel_pmu_has_bts(struct perf_event *event) | ||
690 | { | ||
691 | - if (event->attr.config == PERF_COUNT_HW_BRANCH_INSTRUCTIONS && | ||
692 | - !event->attr.freq && event->hw.sample_period == 1) | ||
693 | - return true; | ||
694 | + struct hw_perf_event *hwc = &event->hw; | ||
695 | + unsigned int hw_event, bts_event; | ||
696 | + | ||
697 | + if (event->attr.freq) | ||
698 | + return false; | ||
699 | + | ||
700 | + hw_event = hwc->config & INTEL_ARCH_EVENT_MASK; | ||
701 | + bts_event = x86_pmu.event_map(PERF_COUNT_HW_BRANCH_INSTRUCTIONS); | ||
702 | |||
703 | - return false; | ||
704 | + return hw_event == bts_event && hwc->sample_period == 1; | ||
705 | } | ||
706 | |||
707 | int intel_pmu_save_and_restart(struct perf_event *event); | ||
708 | diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h | ||
709 | index 1c09a0d1771f..022845ee0c88 100644 | ||
710 | --- a/arch/x86/include/asm/kvm_host.h | ||
711 | +++ b/arch/x86/include/asm/kvm_host.h | ||
712 | @@ -1046,7 +1046,8 @@ struct kvm_x86_ops { | ||
713 | bool (*has_wbinvd_exit)(void); | ||
714 | |||
715 | u64 (*read_l1_tsc_offset)(struct kvm_vcpu *vcpu); | ||
716 | - void (*write_tsc_offset)(struct kvm_vcpu *vcpu, u64 offset); | ||
717 | + /* Returns actual tsc_offset set in active VMCS */ | ||
718 | + u64 (*write_l1_tsc_offset)(struct kvm_vcpu *vcpu, u64 offset); | ||
719 | |||
720 | void (*get_exit_info)(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2); | ||
721 | |||
722 | diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h | ||
723 | index 4731f0cf97c5..b3486c8b570a 100644 | ||
724 | --- a/arch/x86/include/asm/msr-index.h | ||
725 | +++ b/arch/x86/include/asm/msr-index.h | ||
726 | @@ -41,9 +41,10 @@ | ||
727 | |||
728 | #define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */ | ||
729 | #define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */ | ||
730 | -#define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */ | ||
731 | +#define SPEC_CTRL_STIBP_SHIFT 1 /* Single Thread Indirect Branch Predictor (STIBP) bit */ | ||
732 | +#define SPEC_CTRL_STIBP (1 << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */ | ||
733 | #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */ | ||
734 | -#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ | ||
735 | +#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ | ||
736 | |||
737 | #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ | ||
738 | #define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */ | ||
739 | diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h | ||
740 | index fd2a8c1b88bc..032b6009baab 100644 | ||
741 | --- a/arch/x86/include/asm/nospec-branch.h | ||
742 | +++ b/arch/x86/include/asm/nospec-branch.h | ||
743 | @@ -3,6 +3,8 @@ | ||
744 | #ifndef _ASM_X86_NOSPEC_BRANCH_H_ | ||
745 | #define _ASM_X86_NOSPEC_BRANCH_H_ | ||
746 | |||
747 | +#include <linux/static_key.h> | ||
748 | + | ||
749 | #include <asm/alternative.h> | ||
750 | #include <asm/alternative-asm.h> | ||
751 | #include <asm/cpufeatures.h> | ||
752 | @@ -162,29 +164,35 @@ | ||
753 | _ASM_PTR " 999b\n\t" \ | ||
754 | ".popsection\n\t" | ||
755 | |||
756 | -#if defined(CONFIG_X86_64) && defined(RETPOLINE) | ||
757 | +#ifdef CONFIG_RETPOLINE | ||
758 | +#ifdef CONFIG_X86_64 | ||
759 | |||
760 | /* | ||
761 | - * Since the inline asm uses the %V modifier which is only in newer GCC, | ||
762 | - * the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE. | ||
763 | + * Inline asm uses the %V modifier which is only in newer GCC | ||
764 | + * which is ensured when CONFIG_RETPOLINE is defined. | ||
765 | */ | ||
766 | # define CALL_NOSPEC \ | ||
767 | ANNOTATE_NOSPEC_ALTERNATIVE \ | ||
768 | - ALTERNATIVE( \ | ||
769 | + ALTERNATIVE_2( \ | ||
770 | ANNOTATE_RETPOLINE_SAFE \ | ||
771 | "call *%[thunk_target]\n", \ | ||
772 | "call __x86_indirect_thunk_%V[thunk_target]\n", \ | ||
773 | - X86_FEATURE_RETPOLINE) | ||
774 | + X86_FEATURE_RETPOLINE, \ | ||
775 | + "lfence;\n" \ | ||
776 | + ANNOTATE_RETPOLINE_SAFE \ | ||
777 | + "call *%[thunk_target]\n", \ | ||
778 | + X86_FEATURE_RETPOLINE_AMD) | ||
779 | # define THUNK_TARGET(addr) [thunk_target] "r" (addr) | ||
780 | |||
781 | -#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE) | ||
782 | +#else /* CONFIG_X86_32 */ | ||
783 | /* | ||
784 | * For i386 we use the original ret-equivalent retpoline, because | ||
785 | * otherwise we'll run out of registers. We don't care about CET | ||
786 | * here, anyway. | ||
787 | */ | ||
788 | # define CALL_NOSPEC \ | ||
789 | - ALTERNATIVE( \ | ||
790 | + ANNOTATE_NOSPEC_ALTERNATIVE \ | ||
791 | + ALTERNATIVE_2( \ | ||
792 | ANNOTATE_RETPOLINE_SAFE \ | ||
793 | "call *%[thunk_target]\n", \ | ||
794 | " jmp 904f;\n" \ | ||
795 | @@ -199,9 +207,14 @@ | ||
796 | " ret;\n" \ | ||
797 | " .align 16\n" \ | ||
798 | "904: call 901b;\n", \ | ||
799 | - X86_FEATURE_RETPOLINE) | ||
800 | + X86_FEATURE_RETPOLINE, \ | ||
801 | + "lfence;\n" \ | ||
802 | + ANNOTATE_RETPOLINE_SAFE \ | ||
803 | + "call *%[thunk_target]\n", \ | ||
804 | + X86_FEATURE_RETPOLINE_AMD) | ||
805 | |||
806 | # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) | ||
807 | +#endif | ||
808 | #else /* No retpoline for C / inline asm */ | ||
809 | # define CALL_NOSPEC "call *%[thunk_target]\n" | ||
810 | # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) | ||
811 | @@ -210,13 +223,19 @@ | ||
812 | /* The Spectre V2 mitigation variants */ | ||
813 | enum spectre_v2_mitigation { | ||
814 | SPECTRE_V2_NONE, | ||
815 | - SPECTRE_V2_RETPOLINE_MINIMAL, | ||
816 | - SPECTRE_V2_RETPOLINE_MINIMAL_AMD, | ||
817 | SPECTRE_V2_RETPOLINE_GENERIC, | ||
818 | SPECTRE_V2_RETPOLINE_AMD, | ||
819 | SPECTRE_V2_IBRS_ENHANCED, | ||
820 | }; | ||
821 | |||
822 | +/* The indirect branch speculation control variants */ | ||
823 | +enum spectre_v2_user_mitigation { | ||
824 | + SPECTRE_V2_USER_NONE, | ||
825 | + SPECTRE_V2_USER_STRICT, | ||
826 | + SPECTRE_V2_USER_PRCTL, | ||
827 | + SPECTRE_V2_USER_SECCOMP, | ||
828 | +}; | ||
829 | + | ||
830 | /* The Speculative Store Bypass disable variants */ | ||
831 | enum ssb_mitigation { | ||
832 | SPEC_STORE_BYPASS_NONE, | ||
833 | @@ -294,6 +313,10 @@ do { \ | ||
834 | preempt_enable(); \ | ||
835 | } while (0) | ||
836 | |||
837 | +DECLARE_STATIC_KEY_FALSE(switch_to_cond_stibp); | ||
838 | +DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); | ||
839 | +DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); | ||
840 | + | ||
841 | #endif /* __ASSEMBLY__ */ | ||
842 | |||
843 | /* | ||
844 | diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h | ||
845 | index ae7c2c5cd7f0..5393babc0598 100644 | ||
846 | --- a/arch/x86/include/asm/spec-ctrl.h | ||
847 | +++ b/arch/x86/include/asm/spec-ctrl.h | ||
848 | @@ -53,12 +53,24 @@ static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn) | ||
849 | return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); | ||
850 | } | ||
851 | |||
852 | +static inline u64 stibp_tif_to_spec_ctrl(u64 tifn) | ||
853 | +{ | ||
854 | + BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); | ||
855 | + return (tifn & _TIF_SPEC_IB) >> (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); | ||
856 | +} | ||
857 | + | ||
858 | static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl) | ||
859 | { | ||
860 | BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT); | ||
861 | return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); | ||
862 | } | ||
863 | |||
864 | +static inline unsigned long stibp_spec_ctrl_to_tif(u64 spec_ctrl) | ||
865 | +{ | ||
866 | + BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); | ||
867 | + return (spec_ctrl & SPEC_CTRL_STIBP) << (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); | ||
868 | +} | ||
869 | + | ||
870 | static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn) | ||
871 | { | ||
872 | return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL; | ||
873 | @@ -70,11 +82,7 @@ extern void speculative_store_bypass_ht_init(void); | ||
874 | static inline void speculative_store_bypass_ht_init(void) { } | ||
875 | #endif | ||
876 | |||
877 | -extern void speculative_store_bypass_update(unsigned long tif); | ||
878 | - | ||
879 | -static inline void speculative_store_bypass_update_current(void) | ||
880 | -{ | ||
881 | - speculative_store_bypass_update(current_thread_info()->flags); | ||
882 | -} | ||
883 | +extern void speculation_ctrl_update(unsigned long tif); | ||
884 | +extern void speculation_ctrl_update_current(void); | ||
885 | |||
886 | #endif | ||
887 | diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h | ||
888 | index 36bd243843d6..7cf1a270d891 100644 | ||
889 | --- a/arch/x86/include/asm/switch_to.h | ||
890 | +++ b/arch/x86/include/asm/switch_to.h | ||
891 | @@ -11,9 +11,6 @@ struct task_struct *__switch_to_asm(struct task_struct *prev, | ||
892 | |||
893 | __visible struct task_struct *__switch_to(struct task_struct *prev, | ||
894 | struct task_struct *next); | ||
895 | -struct tss_struct; | ||
896 | -void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, | ||
897 | - struct tss_struct *tss); | ||
898 | |||
899 | /* This runs runs on the previous thread's stack. */ | ||
900 | static inline void prepare_switch_to(struct task_struct *next) | ||
901 | diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h | ||
902 | index 2ff2a30a264f..82b73b75d67c 100644 | ||
903 | --- a/arch/x86/include/asm/thread_info.h | ||
904 | +++ b/arch/x86/include/asm/thread_info.h | ||
905 | @@ -79,10 +79,12 @@ struct thread_info { | ||
906 | #define TIF_SIGPENDING 2 /* signal pending */ | ||
907 | #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ | ||
908 | #define TIF_SINGLESTEP 4 /* reenable singlestep on user return*/ | ||
909 | -#define TIF_SSBD 5 /* Reduced data speculation */ | ||
910 | +#define TIF_SSBD 5 /* Speculative store bypass disable */ | ||
911 | #define TIF_SYSCALL_EMU 6 /* syscall emulation active */ | ||
912 | #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ | ||
913 | #define TIF_SECCOMP 8 /* secure computing */ | ||
914 | +#define TIF_SPEC_IB 9 /* Indirect branch speculation mitigation */ | ||
915 | +#define TIF_SPEC_FORCE_UPDATE 10 /* Force speculation MSR update in context switch */ | ||
916 | #define TIF_USER_RETURN_NOTIFY 11 /* notify kernel of userspace return */ | ||
917 | #define TIF_UPROBE 12 /* breakpointed or singlestepping */ | ||
918 | #define TIF_PATCH_PENDING 13 /* pending live patching update */ | ||
919 | @@ -110,6 +112,8 @@ struct thread_info { | ||
920 | #define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU) | ||
921 | #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) | ||
922 | #define _TIF_SECCOMP (1 << TIF_SECCOMP) | ||
923 | +#define _TIF_SPEC_IB (1 << TIF_SPEC_IB) | ||
924 | +#define _TIF_SPEC_FORCE_UPDATE (1 << TIF_SPEC_FORCE_UPDATE) | ||
925 | #define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY) | ||
926 | #define _TIF_UPROBE (1 << TIF_UPROBE) | ||
927 | #define _TIF_PATCH_PENDING (1 << TIF_PATCH_PENDING) | ||
928 | @@ -145,8 +149,18 @@ struct thread_info { | ||
929 | _TIF_FSCHECK) | ||
930 | |||
931 | /* flags to check in __switch_to() */ | ||
932 | -#define _TIF_WORK_CTXSW \ | ||
933 | - (_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD) | ||
934 | +#define _TIF_WORK_CTXSW_BASE \ | ||
935 | + (_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP| \ | ||
936 | + _TIF_SSBD | _TIF_SPEC_FORCE_UPDATE) | ||
937 | + | ||
938 | +/* | ||
939 | + * Avoid calls to __switch_to_xtra() on UP as STIBP is not evaluated. | ||
940 | + */ | ||
941 | +#ifdef CONFIG_SMP | ||
942 | +# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE | _TIF_SPEC_IB) | ||
943 | +#else | ||
944 | +# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE) | ||
945 | +#endif | ||
946 | |||
947 | #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY) | ||
948 | #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW) | ||
949 | diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h | ||
950 | index 0e2130d8d6b1..79ec7add5f98 100644 | ||
951 | --- a/arch/x86/include/asm/tlbflush.h | ||
952 | +++ b/arch/x86/include/asm/tlbflush.h | ||
953 | @@ -185,10 +185,14 @@ struct tlb_state { | ||
954 | |||
955 | #define LOADED_MM_SWITCHING ((struct mm_struct *)1) | ||
956 | |||
957 | + /* Last user mm for optimizing IBPB */ | ||
958 | + union { | ||
959 | + struct mm_struct *last_user_mm; | ||
960 | + unsigned long last_user_mm_ibpb; | ||
961 | + }; | ||
962 | + | ||
963 | u16 loaded_mm_asid; | ||
964 | u16 next_asid; | ||
965 | - /* last user mm's ctx id */ | ||
966 | - u64 last_ctx_id; | ||
967 | |||
968 | /* | ||
969 | * We can be in one of several states: | ||
970 | diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c | ||
971 | index 40bdaea97fe7..78928f56cf72 100644 | ||
972 | --- a/arch/x86/kernel/cpu/bugs.c | ||
973 | +++ b/arch/x86/kernel/cpu/bugs.c | ||
974 | @@ -14,6 +14,7 @@ | ||
975 | #include <linux/module.h> | ||
976 | #include <linux/nospec.h> | ||
977 | #include <linux/prctl.h> | ||
978 | +#include <linux/sched/smt.h> | ||
979 | |||
980 | #include <asm/spec-ctrl.h> | ||
981 | #include <asm/cmdline.h> | ||
982 | @@ -35,12 +36,10 @@ static void __init spectre_v2_select_mitigation(void); | ||
983 | static void __init ssb_select_mitigation(void); | ||
984 | static void __init l1tf_select_mitigation(void); | ||
985 | |||
986 | -/* | ||
987 | - * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any | ||
988 | - * writes to SPEC_CTRL contain whatever reserved bits have been set. | ||
989 | - */ | ||
990 | -u64 __ro_after_init x86_spec_ctrl_base; | ||
991 | +/* The base value of the SPEC_CTRL MSR that always has to be preserved. */ | ||
992 | +u64 x86_spec_ctrl_base; | ||
993 | EXPORT_SYMBOL_GPL(x86_spec_ctrl_base); | ||
994 | +static DEFINE_MUTEX(spec_ctrl_mutex); | ||
995 | |||
996 | /* | ||
997 | * The vendor and possibly platform specific bits which can be modified in | ||
998 | @@ -55,6 +54,13 @@ static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS; | ||
999 | u64 __ro_after_init x86_amd_ls_cfg_base; | ||
1000 | u64 __ro_after_init x86_amd_ls_cfg_ssbd_mask; | ||
1001 | |||
1002 | +/* Control conditional STIPB in switch_to() */ | ||
1003 | +DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp); | ||
1004 | +/* Control conditional IBPB in switch_mm() */ | ||
1005 | +DEFINE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); | ||
1006 | +/* Control unconditional IBPB in switch_mm() */ | ||
1007 | +DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb); | ||
1008 | + | ||
1009 | void __init check_bugs(void) | ||
1010 | { | ||
1011 | identify_boot_cpu(); | ||
1012 | @@ -125,31 +131,6 @@ void __init check_bugs(void) | ||
1013 | #endif | ||
1014 | } | ||
1015 | |||
1016 | -/* The kernel command line selection */ | ||
1017 | -enum spectre_v2_mitigation_cmd { | ||
1018 | - SPECTRE_V2_CMD_NONE, | ||
1019 | - SPECTRE_V2_CMD_AUTO, | ||
1020 | - SPECTRE_V2_CMD_FORCE, | ||
1021 | - SPECTRE_V2_CMD_RETPOLINE, | ||
1022 | - SPECTRE_V2_CMD_RETPOLINE_GENERIC, | ||
1023 | - SPECTRE_V2_CMD_RETPOLINE_AMD, | ||
1024 | -}; | ||
1025 | - | ||
1026 | -static const char *spectre_v2_strings[] = { | ||
1027 | - [SPECTRE_V2_NONE] = "Vulnerable", | ||
1028 | - [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", | ||
1029 | - [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", | ||
1030 | - [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", | ||
1031 | - [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", | ||
1032 | - [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", | ||
1033 | -}; | ||
1034 | - | ||
1035 | -#undef pr_fmt | ||
1036 | -#define pr_fmt(fmt) "Spectre V2 : " fmt | ||
1037 | - | ||
1038 | -static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = | ||
1039 | - SPECTRE_V2_NONE; | ||
1040 | - | ||
1041 | void | ||
1042 | x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) | ||
1043 | { | ||
1044 | @@ -171,6 +152,10 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) | ||
1045 | static_cpu_has(X86_FEATURE_AMD_SSBD)) | ||
1046 | hostval |= ssbd_tif_to_spec_ctrl(ti->flags); | ||
1047 | |||
1048 | + /* Conditional STIBP enabled? */ | ||
1049 | + if (static_branch_unlikely(&switch_to_cond_stibp)) | ||
1050 | + hostval |= stibp_tif_to_spec_ctrl(ti->flags); | ||
1051 | + | ||
1052 | if (hostval != guestval) { | ||
1053 | msrval = setguest ? guestval : hostval; | ||
1054 | wrmsrl(MSR_IA32_SPEC_CTRL, msrval); | ||
1055 | @@ -204,7 +189,7 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) | ||
1056 | tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) : | ||
1057 | ssbd_spec_ctrl_to_tif(hostval); | ||
1058 | |||
1059 | - speculative_store_bypass_update(tif); | ||
1060 | + speculation_ctrl_update(tif); | ||
1061 | } | ||
1062 | } | ||
1063 | EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl); | ||
1064 | @@ -219,6 +204,15 @@ static void x86_amd_ssb_disable(void) | ||
1065 | wrmsrl(MSR_AMD64_LS_CFG, msrval); | ||
1066 | } | ||
1067 | |||
1068 | +#undef pr_fmt | ||
1069 | +#define pr_fmt(fmt) "Spectre V2 : " fmt | ||
1070 | + | ||
1071 | +static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = | ||
1072 | + SPECTRE_V2_NONE; | ||
1073 | + | ||
1074 | +static enum spectre_v2_user_mitigation spectre_v2_user __ro_after_init = | ||
1075 | + SPECTRE_V2_USER_NONE; | ||
1076 | + | ||
1077 | #ifdef RETPOLINE | ||
1078 | static bool spectre_v2_bad_module; | ||
1079 | |||
1080 | @@ -240,67 +234,217 @@ static inline const char *spectre_v2_module_string(void) | ||
1081 | static inline const char *spectre_v2_module_string(void) { return ""; } | ||
1082 | #endif | ||
1083 | |||
1084 | -static void __init spec2_print_if_insecure(const char *reason) | ||
1085 | +static inline bool match_option(const char *arg, int arglen, const char *opt) | ||
1086 | { | ||
1087 | - if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) | ||
1088 | - pr_info("%s selected on command line.\n", reason); | ||
1089 | + int len = strlen(opt); | ||
1090 | + | ||
1091 | + return len == arglen && !strncmp(arg, opt, len); | ||
1092 | } | ||
1093 | |||
1094 | -static void __init spec2_print_if_secure(const char *reason) | ||
1095 | +/* The kernel command line selection for spectre v2 */ | ||
1096 | +enum spectre_v2_mitigation_cmd { | ||
1097 | + SPECTRE_V2_CMD_NONE, | ||
1098 | + SPECTRE_V2_CMD_AUTO, | ||
1099 | + SPECTRE_V2_CMD_FORCE, | ||
1100 | + SPECTRE_V2_CMD_RETPOLINE, | ||
1101 | + SPECTRE_V2_CMD_RETPOLINE_GENERIC, | ||
1102 | + SPECTRE_V2_CMD_RETPOLINE_AMD, | ||
1103 | +}; | ||
1104 | + | ||
1105 | +enum spectre_v2_user_cmd { | ||
1106 | + SPECTRE_V2_USER_CMD_NONE, | ||
1107 | + SPECTRE_V2_USER_CMD_AUTO, | ||
1108 | + SPECTRE_V2_USER_CMD_FORCE, | ||
1109 | + SPECTRE_V2_USER_CMD_PRCTL, | ||
1110 | + SPECTRE_V2_USER_CMD_PRCTL_IBPB, | ||
1111 | + SPECTRE_V2_USER_CMD_SECCOMP, | ||
1112 | + SPECTRE_V2_USER_CMD_SECCOMP_IBPB, | ||
1113 | +}; | ||
1114 | + | ||
1115 | +static const char * const spectre_v2_user_strings[] = { | ||
1116 | + [SPECTRE_V2_USER_NONE] = "User space: Vulnerable", | ||
1117 | + [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection", | ||
1118 | + [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl", | ||
1119 | + [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl", | ||
1120 | +}; | ||
1121 | + | ||
1122 | +static const struct { | ||
1123 | + const char *option; | ||
1124 | + enum spectre_v2_user_cmd cmd; | ||
1125 | + bool secure; | ||
1126 | +} v2_user_options[] __initdata = { | ||
1127 | + { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, | ||
1128 | + { "off", SPECTRE_V2_USER_CMD_NONE, false }, | ||
1129 | + { "on", SPECTRE_V2_USER_CMD_FORCE, true }, | ||
1130 | + { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, | ||
1131 | + { "prctl,ibpb", SPECTRE_V2_USER_CMD_PRCTL_IBPB, false }, | ||
1132 | + { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, | ||
1133 | + { "seccomp,ibpb", SPECTRE_V2_USER_CMD_SECCOMP_IBPB, false }, | ||
1134 | +}; | ||
1135 | + | ||
1136 | +static void __init spec_v2_user_print_cond(const char *reason, bool secure) | ||
1137 | { | ||
1138 | - if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) | ||
1139 | - pr_info("%s selected on command line.\n", reason); | ||
1140 | + if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure) | ||
1141 | + pr_info("spectre_v2_user=%s forced on command line.\n", reason); | ||
1142 | } | ||
1143 | |||
1144 | -static inline bool retp_compiler(void) | ||
1145 | +static enum spectre_v2_user_cmd __init | ||
1146 | +spectre_v2_parse_user_cmdline(enum spectre_v2_mitigation_cmd v2_cmd) | ||
1147 | { | ||
1148 | - return __is_defined(RETPOLINE); | ||
1149 | + char arg[20]; | ||
1150 | + int ret, i; | ||
1151 | + | ||
1152 | + switch (v2_cmd) { | ||
1153 | + case SPECTRE_V2_CMD_NONE: | ||
1154 | + return SPECTRE_V2_USER_CMD_NONE; | ||
1155 | + case SPECTRE_V2_CMD_FORCE: | ||
1156 | + return SPECTRE_V2_USER_CMD_FORCE; | ||
1157 | + default: | ||
1158 | + break; | ||
1159 | + } | ||
1160 | + | ||
1161 | + ret = cmdline_find_option(boot_command_line, "spectre_v2_user", | ||
1162 | + arg, sizeof(arg)); | ||
1163 | + if (ret < 0) | ||
1164 | + return SPECTRE_V2_USER_CMD_AUTO; | ||
1165 | + | ||
1166 | + for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { | ||
1167 | + if (match_option(arg, ret, v2_user_options[i].option)) { | ||
1168 | + spec_v2_user_print_cond(v2_user_options[i].option, | ||
1169 | + v2_user_options[i].secure); | ||
1170 | + return v2_user_options[i].cmd; | ||
1171 | + } | ||
1172 | + } | ||
1173 | + | ||
1174 | + pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg); | ||
1175 | + return SPECTRE_V2_USER_CMD_AUTO; | ||
1176 | } | ||
1177 | |||
1178 | -static inline bool match_option(const char *arg, int arglen, const char *opt) | ||
1179 | +static void __init | ||
1180 | +spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) | ||
1181 | { | ||
1182 | - int len = strlen(opt); | ||
1183 | + enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE; | ||
1184 | + bool smt_possible = IS_ENABLED(CONFIG_SMP); | ||
1185 | + enum spectre_v2_user_cmd cmd; | ||
1186 | |||
1187 | - return len == arglen && !strncmp(arg, opt, len); | ||
1188 | + if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) | ||
1189 | + return; | ||
1190 | + | ||
1191 | + if (cpu_smt_control == CPU_SMT_FORCE_DISABLED || | ||
1192 | + cpu_smt_control == CPU_SMT_NOT_SUPPORTED) | ||
1193 | + smt_possible = false; | ||
1194 | + | ||
1195 | + cmd = spectre_v2_parse_user_cmdline(v2_cmd); | ||
1196 | + switch (cmd) { | ||
1197 | + case SPECTRE_V2_USER_CMD_NONE: | ||
1198 | + goto set_mode; | ||
1199 | + case SPECTRE_V2_USER_CMD_FORCE: | ||
1200 | + mode = SPECTRE_V2_USER_STRICT; | ||
1201 | + break; | ||
1202 | + case SPECTRE_V2_USER_CMD_PRCTL: | ||
1203 | + case SPECTRE_V2_USER_CMD_PRCTL_IBPB: | ||
1204 | + mode = SPECTRE_V2_USER_PRCTL; | ||
1205 | + break; | ||
1206 | + case SPECTRE_V2_USER_CMD_AUTO: | ||
1207 | + case SPECTRE_V2_USER_CMD_SECCOMP: | ||
1208 | + case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: | ||
1209 | + if (IS_ENABLED(CONFIG_SECCOMP)) | ||
1210 | + mode = SPECTRE_V2_USER_SECCOMP; | ||
1211 | + else | ||
1212 | + mode = SPECTRE_V2_USER_PRCTL; | ||
1213 | + break; | ||
1214 | + } | ||
1215 | + | ||
1216 | + /* Initialize Indirect Branch Prediction Barrier */ | ||
1217 | + if (boot_cpu_has(X86_FEATURE_IBPB)) { | ||
1218 | + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); | ||
1219 | + | ||
1220 | + switch (cmd) { | ||
1221 | + case SPECTRE_V2_USER_CMD_FORCE: | ||
1222 | + case SPECTRE_V2_USER_CMD_PRCTL_IBPB: | ||
1223 | + case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: | ||
1224 | + static_branch_enable(&switch_mm_always_ibpb); | ||
1225 | + break; | ||
1226 | + case SPECTRE_V2_USER_CMD_PRCTL: | ||
1227 | + case SPECTRE_V2_USER_CMD_AUTO: | ||
1228 | + case SPECTRE_V2_USER_CMD_SECCOMP: | ||
1229 | + static_branch_enable(&switch_mm_cond_ibpb); | ||
1230 | + break; | ||
1231 | + default: | ||
1232 | + break; | ||
1233 | + } | ||
1234 | + | ||
1235 | + pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", | ||
1236 | + static_key_enabled(&switch_mm_always_ibpb) ? | ||
1237 | + "always-on" : "conditional"); | ||
1238 | + } | ||
1239 | + | ||
1240 | + /* If enhanced IBRS is enabled no STIPB required */ | ||
1241 | + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) | ||
1242 | + return; | ||
1243 | + | ||
1244 | + /* | ||
1245 | + * If SMT is not possible or STIBP is not available clear the STIPB | ||
1246 | + * mode. | ||
1247 | + */ | ||
1248 | + if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP)) | ||
1249 | + mode = SPECTRE_V2_USER_NONE; | ||
1250 | +set_mode: | ||
1251 | + spectre_v2_user = mode; | ||
1252 | + /* Only print the STIBP mode when SMT possible */ | ||
1253 | + if (smt_possible) | ||
1254 | + pr_info("%s\n", spectre_v2_user_strings[mode]); | ||
1255 | } | ||
1256 | |||
1257 | +static const char * const spectre_v2_strings[] = { | ||
1258 | + [SPECTRE_V2_NONE] = "Vulnerable", | ||
1259 | + [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", | ||
1260 | + [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", | ||
1261 | + [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", | ||
1262 | +}; | ||
1263 | + | ||
1264 | static const struct { | ||
1265 | const char *option; | ||
1266 | enum spectre_v2_mitigation_cmd cmd; | ||
1267 | bool secure; | ||
1268 | -} mitigation_options[] = { | ||
1269 | - { "off", SPECTRE_V2_CMD_NONE, false }, | ||
1270 | - { "on", SPECTRE_V2_CMD_FORCE, true }, | ||
1271 | - { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, | ||
1272 | - { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, | ||
1273 | - { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, | ||
1274 | - { "auto", SPECTRE_V2_CMD_AUTO, false }, | ||
1275 | +} mitigation_options[] __initdata = { | ||
1276 | + { "off", SPECTRE_V2_CMD_NONE, false }, | ||
1277 | + { "on", SPECTRE_V2_CMD_FORCE, true }, | ||
1278 | + { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, | ||
1279 | + { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, | ||
1280 | + { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, | ||
1281 | + { "auto", SPECTRE_V2_CMD_AUTO, false }, | ||
1282 | }; | ||
1283 | |||
1284 | +static void __init spec_v2_print_cond(const char *reason, bool secure) | ||
1285 | +{ | ||
1286 | + if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure) | ||
1287 | + pr_info("%s selected on command line.\n", reason); | ||
1288 | +} | ||
1289 | + | ||
1290 | static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) | ||
1291 | { | ||
1292 | + enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; | ||
1293 | char arg[20]; | ||
1294 | int ret, i; | ||
1295 | - enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; | ||
1296 | |||
1297 | if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) | ||
1298 | return SPECTRE_V2_CMD_NONE; | ||
1299 | - else { | ||
1300 | - ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); | ||
1301 | - if (ret < 0) | ||
1302 | - return SPECTRE_V2_CMD_AUTO; | ||
1303 | |||
1304 | - for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { | ||
1305 | - if (!match_option(arg, ret, mitigation_options[i].option)) | ||
1306 | - continue; | ||
1307 | - cmd = mitigation_options[i].cmd; | ||
1308 | - break; | ||
1309 | - } | ||
1310 | + ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); | ||
1311 | + if (ret < 0) | ||
1312 | + return SPECTRE_V2_CMD_AUTO; | ||
1313 | |||
1314 | - if (i >= ARRAY_SIZE(mitigation_options)) { | ||
1315 | - pr_err("unknown option (%s). Switching to AUTO select\n", arg); | ||
1316 | - return SPECTRE_V2_CMD_AUTO; | ||
1317 | - } | ||
1318 | + for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { | ||
1319 | + if (!match_option(arg, ret, mitigation_options[i].option)) | ||
1320 | + continue; | ||
1321 | + cmd = mitigation_options[i].cmd; | ||
1322 | + break; | ||
1323 | + } | ||
1324 | + | ||
1325 | + if (i >= ARRAY_SIZE(mitigation_options)) { | ||
1326 | + pr_err("unknown option (%s). Switching to AUTO select\n", arg); | ||
1327 | + return SPECTRE_V2_CMD_AUTO; | ||
1328 | } | ||
1329 | |||
1330 | if ((cmd == SPECTRE_V2_CMD_RETPOLINE || | ||
1331 | @@ -317,11 +461,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) | ||
1332 | return SPECTRE_V2_CMD_AUTO; | ||
1333 | } | ||
1334 | |||
1335 | - if (mitigation_options[i].secure) | ||
1336 | - spec2_print_if_secure(mitigation_options[i].option); | ||
1337 | - else | ||
1338 | - spec2_print_if_insecure(mitigation_options[i].option); | ||
1339 | - | ||
1340 | + spec_v2_print_cond(mitigation_options[i].option, | ||
1341 | + mitigation_options[i].secure); | ||
1342 | return cmd; | ||
1343 | } | ||
1344 | |||
1345 | @@ -377,14 +518,12 @@ retpoline_auto: | ||
1346 | pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n"); | ||
1347 | goto retpoline_generic; | ||
1348 | } | ||
1349 | - mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : | ||
1350 | - SPECTRE_V2_RETPOLINE_MINIMAL_AMD; | ||
1351 | + mode = SPECTRE_V2_RETPOLINE_AMD; | ||
1352 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); | ||
1353 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE); | ||
1354 | } else { | ||
1355 | retpoline_generic: | ||
1356 | - mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC : | ||
1357 | - SPECTRE_V2_RETPOLINE_MINIMAL; | ||
1358 | + mode = SPECTRE_V2_RETPOLINE_GENERIC; | ||
1359 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE); | ||
1360 | } | ||
1361 | |||
1362 | @@ -403,12 +542,6 @@ specv2_set_mode: | ||
1363 | setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); | ||
1364 | pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); | ||
1365 | |||
1366 | - /* Initialize Indirect Branch Prediction Barrier if supported */ | ||
1367 | - if (boot_cpu_has(X86_FEATURE_IBPB)) { | ||
1368 | - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); | ||
1369 | - pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); | ||
1370 | - } | ||
1371 | - | ||
1372 | /* | ||
1373 | * Retpoline means the kernel is safe because it has no indirect | ||
1374 | * branches. Enhanced IBRS protects firmware too, so, enable restricted | ||
1375 | @@ -424,6 +557,66 @@ specv2_set_mode: | ||
1376 | setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); | ||
1377 | pr_info("Enabling Restricted Speculation for firmware calls\n"); | ||
1378 | } | ||
1379 | + | ||
1380 | + /* Set up IBPB and STIBP depending on the general spectre V2 command */ | ||
1381 | + spectre_v2_user_select_mitigation(cmd); | ||
1382 | + | ||
1383 | + /* Enable STIBP if appropriate */ | ||
1384 | + arch_smt_update(); | ||
1385 | +} | ||
1386 | + | ||
1387 | +static void update_stibp_msr(void * __unused) | ||
1388 | +{ | ||
1389 | + wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); | ||
1390 | +} | ||
1391 | + | ||
1392 | +/* Update x86_spec_ctrl_base in case SMT state changed. */ | ||
1393 | +static void update_stibp_strict(void) | ||
1394 | +{ | ||
1395 | + u64 mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP; | ||
1396 | + | ||
1397 | + if (sched_smt_active()) | ||
1398 | + mask |= SPEC_CTRL_STIBP; | ||
1399 | + | ||
1400 | + if (mask == x86_spec_ctrl_base) | ||
1401 | + return; | ||
1402 | + | ||
1403 | + pr_info("Update user space SMT mitigation: STIBP %s\n", | ||
1404 | + mask & SPEC_CTRL_STIBP ? "always-on" : "off"); | ||
1405 | + x86_spec_ctrl_base = mask; | ||
1406 | + on_each_cpu(update_stibp_msr, NULL, 1); | ||
1407 | +} | ||
1408 | + | ||
1409 | +/* Update the static key controlling the evaluation of TIF_SPEC_IB */ | ||
1410 | +static void update_indir_branch_cond(void) | ||
1411 | +{ | ||
1412 | + if (sched_smt_active()) | ||
1413 | + static_branch_enable(&switch_to_cond_stibp); | ||
1414 | + else | ||
1415 | + static_branch_disable(&switch_to_cond_stibp); | ||
1416 | +} | ||
1417 | + | ||
1418 | +void arch_smt_update(void) | ||
1419 | +{ | ||
1420 | + /* Enhanced IBRS implies STIBP. No update required. */ | ||
1421 | + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) | ||
1422 | + return; | ||
1423 | + | ||
1424 | + mutex_lock(&spec_ctrl_mutex); | ||
1425 | + | ||
1426 | + switch (spectre_v2_user) { | ||
1427 | + case SPECTRE_V2_USER_NONE: | ||
1428 | + break; | ||
1429 | + case SPECTRE_V2_USER_STRICT: | ||
1430 | + update_stibp_strict(); | ||
1431 | + break; | ||
1432 | + case SPECTRE_V2_USER_PRCTL: | ||
1433 | + case SPECTRE_V2_USER_SECCOMP: | ||
1434 | + update_indir_branch_cond(); | ||
1435 | + break; | ||
1436 | + } | ||
1437 | + | ||
1438 | + mutex_unlock(&spec_ctrl_mutex); | ||
1439 | } | ||
1440 | |||
1441 | #undef pr_fmt | ||
1442 | @@ -440,7 +633,7 @@ enum ssb_mitigation_cmd { | ||
1443 | SPEC_STORE_BYPASS_CMD_SECCOMP, | ||
1444 | }; | ||
1445 | |||
1446 | -static const char *ssb_strings[] = { | ||
1447 | +static const char * const ssb_strings[] = { | ||
1448 | [SPEC_STORE_BYPASS_NONE] = "Vulnerable", | ||
1449 | [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled", | ||
1450 | [SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl", | ||
1451 | @@ -450,7 +643,7 @@ static const char *ssb_strings[] = { | ||
1452 | static const struct { | ||
1453 | const char *option; | ||
1454 | enum ssb_mitigation_cmd cmd; | ||
1455 | -} ssb_mitigation_options[] = { | ||
1456 | +} ssb_mitigation_options[] __initdata = { | ||
1457 | { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ | ||
1458 | { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ | ||
1459 | { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ | ||
1460 | @@ -561,10 +754,25 @@ static void ssb_select_mitigation(void) | ||
1461 | #undef pr_fmt | ||
1462 | #define pr_fmt(fmt) "Speculation prctl: " fmt | ||
1463 | |||
1464 | -static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) | ||
1465 | +static void task_update_spec_tif(struct task_struct *tsk) | ||
1466 | { | ||
1467 | - bool update; | ||
1468 | + /* Force the update of the real TIF bits */ | ||
1469 | + set_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE); | ||
1470 | |||
1471 | + /* | ||
1472 | + * Immediately update the speculation control MSRs for the current | ||
1473 | + * task, but for a non-current task delay setting the CPU | ||
1474 | + * mitigation until it is scheduled next. | ||
1475 | + * | ||
1476 | + * This can only happen for SECCOMP mitigation. For PRCTL it's | ||
1477 | + * always the current task. | ||
1478 | + */ | ||
1479 | + if (tsk == current) | ||
1480 | + speculation_ctrl_update_current(); | ||
1481 | +} | ||
1482 | + | ||
1483 | +static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) | ||
1484 | +{ | ||
1485 | if (ssb_mode != SPEC_STORE_BYPASS_PRCTL && | ||
1486 | ssb_mode != SPEC_STORE_BYPASS_SECCOMP) | ||
1487 | return -ENXIO; | ||
1488 | @@ -575,28 +783,56 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) | ||
1489 | if (task_spec_ssb_force_disable(task)) | ||
1490 | return -EPERM; | ||
1491 | task_clear_spec_ssb_disable(task); | ||
1492 | - update = test_and_clear_tsk_thread_flag(task, TIF_SSBD); | ||
1493 | + task_update_spec_tif(task); | ||
1494 | break; | ||
1495 | case PR_SPEC_DISABLE: | ||
1496 | task_set_spec_ssb_disable(task); | ||
1497 | - update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); | ||
1498 | + task_update_spec_tif(task); | ||
1499 | break; | ||
1500 | case PR_SPEC_FORCE_DISABLE: | ||
1501 | task_set_spec_ssb_disable(task); | ||
1502 | task_set_spec_ssb_force_disable(task); | ||
1503 | - update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); | ||
1504 | + task_update_spec_tif(task); | ||
1505 | break; | ||
1506 | default: | ||
1507 | return -ERANGE; | ||
1508 | } | ||
1509 | + return 0; | ||
1510 | +} | ||
1511 | |||
1512 | - /* | ||
1513 | - * If being set on non-current task, delay setting the CPU | ||
1514 | - * mitigation until it is next scheduled. | ||
1515 | - */ | ||
1516 | - if (task == current && update) | ||
1517 | - speculative_store_bypass_update_current(); | ||
1518 | - | ||
1519 | +static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) | ||
1520 | +{ | ||
1521 | + switch (ctrl) { | ||
1522 | + case PR_SPEC_ENABLE: | ||
1523 | + if (spectre_v2_user == SPECTRE_V2_USER_NONE) | ||
1524 | + return 0; | ||
1525 | + /* | ||
1526 | + * Indirect branch speculation is always disabled in strict | ||
1527 | + * mode. | ||
1528 | + */ | ||
1529 | + if (spectre_v2_user == SPECTRE_V2_USER_STRICT) | ||
1530 | + return -EPERM; | ||
1531 | + task_clear_spec_ib_disable(task); | ||
1532 | + task_update_spec_tif(task); | ||
1533 | + break; | ||
1534 | + case PR_SPEC_DISABLE: | ||
1535 | + case PR_SPEC_FORCE_DISABLE: | ||
1536 | + /* | ||
1537 | + * Indirect branch speculation is always allowed when | ||
1538 | + * mitigation is force disabled. | ||
1539 | + */ | ||
1540 | + if (spectre_v2_user == SPECTRE_V2_USER_NONE) | ||
1541 | + return -EPERM; | ||
1542 | + if (spectre_v2_user == SPECTRE_V2_USER_STRICT) | ||
1543 | + return 0; | ||
1544 | + task_set_spec_ib_disable(task); | ||
1545 | + if (ctrl == PR_SPEC_FORCE_DISABLE) | ||
1546 | + task_set_spec_ib_force_disable(task); | ||
1547 | + task_update_spec_tif(task); | ||
1548 | + break; | ||
1549 | + default: | ||
1550 | + return -ERANGE; | ||
1551 | + } | ||
1552 | return 0; | ||
1553 | } | ||
1554 | |||
1555 | @@ -606,6 +842,8 @@ int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, | ||
1556 | switch (which) { | ||
1557 | case PR_SPEC_STORE_BYPASS: | ||
1558 | return ssb_prctl_set(task, ctrl); | ||
1559 | + case PR_SPEC_INDIRECT_BRANCH: | ||
1560 | + return ib_prctl_set(task, ctrl); | ||
1561 | default: | ||
1562 | return -ENODEV; | ||
1563 | } | ||
1564 | @@ -616,6 +854,8 @@ void arch_seccomp_spec_mitigate(struct task_struct *task) | ||
1565 | { | ||
1566 | if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP) | ||
1567 | ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE); | ||
1568 | + if (spectre_v2_user == SPECTRE_V2_USER_SECCOMP) | ||
1569 | + ib_prctl_set(task, PR_SPEC_FORCE_DISABLE); | ||
1570 | } | ||
1571 | #endif | ||
1572 | |||
1573 | @@ -638,11 +878,35 @@ static int ssb_prctl_get(struct task_struct *task) | ||
1574 | } | ||
1575 | } | ||
1576 | |||
1577 | +static int ib_prctl_get(struct task_struct *task) | ||
1578 | +{ | ||
1579 | + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) | ||
1580 | + return PR_SPEC_NOT_AFFECTED; | ||
1581 | + | ||
1582 | + switch (spectre_v2_user) { | ||
1583 | + case SPECTRE_V2_USER_NONE: | ||
1584 | + return PR_SPEC_ENABLE; | ||
1585 | + case SPECTRE_V2_USER_PRCTL: | ||
1586 | + case SPECTRE_V2_USER_SECCOMP: | ||
1587 | + if (task_spec_ib_force_disable(task)) | ||
1588 | + return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; | ||
1589 | + if (task_spec_ib_disable(task)) | ||
1590 | + return PR_SPEC_PRCTL | PR_SPEC_DISABLE; | ||
1591 | + return PR_SPEC_PRCTL | PR_SPEC_ENABLE; | ||
1592 | + case SPECTRE_V2_USER_STRICT: | ||
1593 | + return PR_SPEC_DISABLE; | ||
1594 | + default: | ||
1595 | + return PR_SPEC_NOT_AFFECTED; | ||
1596 | + } | ||
1597 | +} | ||
1598 | + | ||
1599 | int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which) | ||
1600 | { | ||
1601 | switch (which) { | ||
1602 | case PR_SPEC_STORE_BYPASS: | ||
1603 | return ssb_prctl_get(task); | ||
1604 | + case PR_SPEC_INDIRECT_BRANCH: | ||
1605 | + return ib_prctl_get(task); | ||
1606 | default: | ||
1607 | return -ENODEV; | ||
1608 | } | ||
1609 | @@ -780,7 +1044,7 @@ early_param("l1tf", l1tf_cmdline); | ||
1610 | #define L1TF_DEFAULT_MSG "Mitigation: PTE Inversion" | ||
1611 | |||
1612 | #if IS_ENABLED(CONFIG_KVM_INTEL) | ||
1613 | -static const char *l1tf_vmx_states[] = { | ||
1614 | +static const char * const l1tf_vmx_states[] = { | ||
1615 | [VMENTER_L1D_FLUSH_AUTO] = "auto", | ||
1616 | [VMENTER_L1D_FLUSH_NEVER] = "vulnerable", | ||
1617 | [VMENTER_L1D_FLUSH_COND] = "conditional cache flushes", | ||
1618 | @@ -796,13 +1060,14 @@ static ssize_t l1tf_show_state(char *buf) | ||
1619 | |||
1620 | if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED || | ||
1621 | (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER && | ||
1622 | - cpu_smt_control == CPU_SMT_ENABLED)) | ||
1623 | + sched_smt_active())) { | ||
1624 | return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG, | ||
1625 | l1tf_vmx_states[l1tf_vmx_mitigation]); | ||
1626 | + } | ||
1627 | |||
1628 | return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG, | ||
1629 | l1tf_vmx_states[l1tf_vmx_mitigation], | ||
1630 | - cpu_smt_control == CPU_SMT_ENABLED ? "vulnerable" : "disabled"); | ||
1631 | + sched_smt_active() ? "vulnerable" : "disabled"); | ||
1632 | } | ||
1633 | #else | ||
1634 | static ssize_t l1tf_show_state(char *buf) | ||
1635 | @@ -811,6 +1076,36 @@ static ssize_t l1tf_show_state(char *buf) | ||
1636 | } | ||
1637 | #endif | ||
1638 | |||
1639 | +static char *stibp_state(void) | ||
1640 | +{ | ||
1641 | + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) | ||
1642 | + return ""; | ||
1643 | + | ||
1644 | + switch (spectre_v2_user) { | ||
1645 | + case SPECTRE_V2_USER_NONE: | ||
1646 | + return ", STIBP: disabled"; | ||
1647 | + case SPECTRE_V2_USER_STRICT: | ||
1648 | + return ", STIBP: forced"; | ||
1649 | + case SPECTRE_V2_USER_PRCTL: | ||
1650 | + case SPECTRE_V2_USER_SECCOMP: | ||
1651 | + if (static_key_enabled(&switch_to_cond_stibp)) | ||
1652 | + return ", STIBP: conditional"; | ||
1653 | + } | ||
1654 | + return ""; | ||
1655 | +} | ||
1656 | + | ||
1657 | +static char *ibpb_state(void) | ||
1658 | +{ | ||
1659 | + if (boot_cpu_has(X86_FEATURE_IBPB)) { | ||
1660 | + if (static_key_enabled(&switch_mm_always_ibpb)) | ||
1661 | + return ", IBPB: always-on"; | ||
1662 | + if (static_key_enabled(&switch_mm_cond_ibpb)) | ||
1663 | + return ", IBPB: conditional"; | ||
1664 | + return ", IBPB: disabled"; | ||
1665 | + } | ||
1666 | + return ""; | ||
1667 | +} | ||
1668 | + | ||
1669 | static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, | ||
1670 | char *buf, unsigned int bug) | ||
1671 | { | ||
1672 | @@ -831,9 +1126,11 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr | ||
1673 | return sprintf(buf, "Mitigation: __user pointer sanitization\n"); | ||
1674 | |||
1675 | case X86_BUG_SPECTRE_V2: | ||
1676 | - return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], | ||
1677 | - boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", | ||
1678 | + return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], | ||
1679 | + ibpb_state(), | ||
1680 | boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", | ||
1681 | + stibp_state(), | ||
1682 | + boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", | ||
1683 | spectre_v2_module_string()); | ||
1684 | |||
1685 | case X86_BUG_SPEC_STORE_BYPASS: | ||
1686 | diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c | ||
1687 | index dd33c357548f..e12454e21b8a 100644 | ||
1688 | --- a/arch/x86/kernel/cpu/mcheck/mce_amd.c | ||
1689 | +++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c | ||
1690 | @@ -56,7 +56,7 @@ | ||
1691 | /* Threshold LVT offset is at MSR0xC0000410[15:12] */ | ||
1692 | #define SMCA_THR_LVT_OFF 0xF000 | ||
1693 | |||
1694 | -static bool thresholding_en; | ||
1695 | +static bool thresholding_irq_en; | ||
1696 | |||
1697 | static const char * const th_names[] = { | ||
1698 | "load_store", | ||
1699 | @@ -534,9 +534,8 @@ prepare_threshold_block(unsigned int bank, unsigned int block, u32 addr, | ||
1700 | |||
1701 | set_offset: | ||
1702 | offset = setup_APIC_mce_threshold(offset, new); | ||
1703 | - | ||
1704 | - if ((offset == new) && (mce_threshold_vector != amd_threshold_interrupt)) | ||
1705 | - mce_threshold_vector = amd_threshold_interrupt; | ||
1706 | + if (offset == new) | ||
1707 | + thresholding_irq_en = true; | ||
1708 | |||
1709 | done: | ||
1710 | mce_threshold_block_init(&b, offset); | ||
1711 | @@ -1357,9 +1356,6 @@ int mce_threshold_remove_device(unsigned int cpu) | ||
1712 | { | ||
1713 | unsigned int bank; | ||
1714 | |||
1715 | - if (!thresholding_en) | ||
1716 | - return 0; | ||
1717 | - | ||
1718 | for (bank = 0; bank < mca_cfg.banks; ++bank) { | ||
1719 | if (!(per_cpu(bank_map, cpu) & (1 << bank))) | ||
1720 | continue; | ||
1721 | @@ -1377,9 +1373,6 @@ int mce_threshold_create_device(unsigned int cpu) | ||
1722 | struct threshold_bank **bp; | ||
1723 | int err = 0; | ||
1724 | |||
1725 | - if (!thresholding_en) | ||
1726 | - return 0; | ||
1727 | - | ||
1728 | bp = per_cpu(threshold_banks, cpu); | ||
1729 | if (bp) | ||
1730 | return 0; | ||
1731 | @@ -1408,9 +1401,6 @@ static __init int threshold_init_device(void) | ||
1732 | { | ||
1733 | unsigned lcpu = 0; | ||
1734 | |||
1735 | - if (mce_threshold_vector == amd_threshold_interrupt) | ||
1736 | - thresholding_en = true; | ||
1737 | - | ||
1738 | /* to hit CPUs online before the notifier is up */ | ||
1739 | for_each_online_cpu(lcpu) { | ||
1740 | int err = mce_threshold_create_device(lcpu); | ||
1741 | @@ -1419,6 +1409,9 @@ static __init int threshold_init_device(void) | ||
1742 | return err; | ||
1743 | } | ||
1744 | |||
1745 | + if (thresholding_irq_en) | ||
1746 | + mce_threshold_vector = amd_threshold_interrupt; | ||
1747 | + | ||
1748 | return 0; | ||
1749 | } | ||
1750 | /* | ||
1751 | diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c | ||
1752 | index 61a949d84dfa..d99a8ee9e185 100644 | ||
1753 | --- a/arch/x86/kernel/fpu/signal.c | ||
1754 | +++ b/arch/x86/kernel/fpu/signal.c | ||
1755 | @@ -344,10 +344,10 @@ static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size) | ||
1756 | sanitize_restored_xstate(tsk, &env, xfeatures, fx_only); | ||
1757 | } | ||
1758 | |||
1759 | + local_bh_disable(); | ||
1760 | fpu->initialized = 1; | ||
1761 | - preempt_disable(); | ||
1762 | fpu__restore(fpu); | ||
1763 | - preempt_enable(); | ||
1764 | + local_bh_enable(); | ||
1765 | |||
1766 | return err; | ||
1767 | } else { | ||
1768 | diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c | ||
1769 | index 01ebcb6f263e..7ee8067cbf45 100644 | ||
1770 | --- a/arch/x86/kernel/ftrace.c | ||
1771 | +++ b/arch/x86/kernel/ftrace.c | ||
1772 | @@ -994,7 +994,6 @@ void prepare_ftrace_return(unsigned long self_addr, unsigned long *parent, | ||
1773 | { | ||
1774 | unsigned long old; | ||
1775 | int faulted; | ||
1776 | - struct ftrace_graph_ent trace; | ||
1777 | unsigned long return_hooker = (unsigned long) | ||
1778 | &return_to_handler; | ||
1779 | |||
1780 | @@ -1046,19 +1045,7 @@ void prepare_ftrace_return(unsigned long self_addr, unsigned long *parent, | ||
1781 | return; | ||
1782 | } | ||
1783 | |||
1784 | - trace.func = self_addr; | ||
1785 | - trace.depth = current->curr_ret_stack + 1; | ||
1786 | - | ||
1787 | - /* Only trace if the calling function expects to */ | ||
1788 | - if (!ftrace_graph_entry(&trace)) { | ||
1789 | + if (function_graph_enter(old, self_addr, frame_pointer, parent)) | ||
1790 | *parent = old; | ||
1791 | - return; | ||
1792 | - } | ||
1793 | - | ||
1794 | - if (ftrace_push_return_trace(old, self_addr, &trace.depth, | ||
1795 | - frame_pointer, parent) == -EBUSY) { | ||
1796 | - *parent = old; | ||
1797 | - return; | ||
1798 | - } | ||
1799 | } | ||
1800 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ | ||
1801 | diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c | ||
1802 | index c93fcfdf1673..7d31192296a8 100644 | ||
1803 | --- a/arch/x86/kernel/process.c | ||
1804 | +++ b/arch/x86/kernel/process.c | ||
1805 | @@ -40,6 +40,8 @@ | ||
1806 | #include <asm/prctl.h> | ||
1807 | #include <asm/spec-ctrl.h> | ||
1808 | |||
1809 | +#include "process.h" | ||
1810 | + | ||
1811 | /* | ||
1812 | * per-CPU TSS segments. Threads are completely 'soft' on Linux, | ||
1813 | * no more per-task TSS's. The TSS size is kept cacheline-aligned | ||
1814 | @@ -252,11 +254,12 @@ void arch_setup_new_exec(void) | ||
1815 | enable_cpuid(); | ||
1816 | } | ||
1817 | |||
1818 | -static inline void switch_to_bitmap(struct tss_struct *tss, | ||
1819 | - struct thread_struct *prev, | ||
1820 | +static inline void switch_to_bitmap(struct thread_struct *prev, | ||
1821 | struct thread_struct *next, | ||
1822 | unsigned long tifp, unsigned long tifn) | ||
1823 | { | ||
1824 | + struct tss_struct *tss = this_cpu_ptr(&cpu_tss_rw); | ||
1825 | + | ||
1826 | if (tifn & _TIF_IO_BITMAP) { | ||
1827 | /* | ||
1828 | * Copy the relevant range of the IO bitmap. | ||
1829 | @@ -395,32 +398,85 @@ static __always_inline void amd_set_ssb_virt_state(unsigned long tifn) | ||
1830 | wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn)); | ||
1831 | } | ||
1832 | |||
1833 | -static __always_inline void intel_set_ssb_state(unsigned long tifn) | ||
1834 | +/* | ||
1835 | + * Update the MSRs managing speculation control, during context switch. | ||
1836 | + * | ||
1837 | + * tifp: Previous task's thread flags | ||
1838 | + * tifn: Next task's thread flags | ||
1839 | + */ | ||
1840 | +static __always_inline void __speculation_ctrl_update(unsigned long tifp, | ||
1841 | + unsigned long tifn) | ||
1842 | { | ||
1843 | - u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn); | ||
1844 | + unsigned long tif_diff = tifp ^ tifn; | ||
1845 | + u64 msr = x86_spec_ctrl_base; | ||
1846 | + bool updmsr = false; | ||
1847 | + | ||
1848 | + /* | ||
1849 | + * If TIF_SSBD is different, select the proper mitigation | ||
1850 | + * method. Note that if SSBD mitigation is disabled or permanentely | ||
1851 | + * enabled this branch can't be taken because nothing can set | ||
1852 | + * TIF_SSBD. | ||
1853 | + */ | ||
1854 | + if (tif_diff & _TIF_SSBD) { | ||
1855 | + if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) { | ||
1856 | + amd_set_ssb_virt_state(tifn); | ||
1857 | + } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) { | ||
1858 | + amd_set_core_ssb_state(tifn); | ||
1859 | + } else if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) || | ||
1860 | + static_cpu_has(X86_FEATURE_AMD_SSBD)) { | ||
1861 | + msr |= ssbd_tif_to_spec_ctrl(tifn); | ||
1862 | + updmsr = true; | ||
1863 | + } | ||
1864 | + } | ||
1865 | + | ||
1866 | + /* | ||
1867 | + * Only evaluate TIF_SPEC_IB if conditional STIBP is enabled, | ||
1868 | + * otherwise avoid the MSR write. | ||
1869 | + */ | ||
1870 | + if (IS_ENABLED(CONFIG_SMP) && | ||
1871 | + static_branch_unlikely(&switch_to_cond_stibp)) { | ||
1872 | + updmsr |= !!(tif_diff & _TIF_SPEC_IB); | ||
1873 | + msr |= stibp_tif_to_spec_ctrl(tifn); | ||
1874 | + } | ||
1875 | |||
1876 | - wrmsrl(MSR_IA32_SPEC_CTRL, msr); | ||
1877 | + if (updmsr) | ||
1878 | + wrmsrl(MSR_IA32_SPEC_CTRL, msr); | ||
1879 | } | ||
1880 | |||
1881 | -static __always_inline void __speculative_store_bypass_update(unsigned long tifn) | ||
1882 | +static unsigned long speculation_ctrl_update_tif(struct task_struct *tsk) | ||
1883 | { | ||
1884 | - if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) | ||
1885 | - amd_set_ssb_virt_state(tifn); | ||
1886 | - else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) | ||
1887 | - amd_set_core_ssb_state(tifn); | ||
1888 | - else | ||
1889 | - intel_set_ssb_state(tifn); | ||
1890 | + if (test_and_clear_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE)) { | ||
1891 | + if (task_spec_ssb_disable(tsk)) | ||
1892 | + set_tsk_thread_flag(tsk, TIF_SSBD); | ||
1893 | + else | ||
1894 | + clear_tsk_thread_flag(tsk, TIF_SSBD); | ||
1895 | + | ||
1896 | + if (task_spec_ib_disable(tsk)) | ||
1897 | + set_tsk_thread_flag(tsk, TIF_SPEC_IB); | ||
1898 | + else | ||
1899 | + clear_tsk_thread_flag(tsk, TIF_SPEC_IB); | ||
1900 | + } | ||
1901 | + /* Return the updated threadinfo flags*/ | ||
1902 | + return task_thread_info(tsk)->flags; | ||
1903 | } | ||
1904 | |||
1905 | -void speculative_store_bypass_update(unsigned long tif) | ||
1906 | +void speculation_ctrl_update(unsigned long tif) | ||
1907 | { | ||
1908 | + /* Forced update. Make sure all relevant TIF flags are different */ | ||
1909 | preempt_disable(); | ||
1910 | - __speculative_store_bypass_update(tif); | ||
1911 | + __speculation_ctrl_update(~tif, tif); | ||
1912 | preempt_enable(); | ||
1913 | } | ||
1914 | |||
1915 | -void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, | ||
1916 | - struct tss_struct *tss) | ||
1917 | +/* Called from seccomp/prctl update */ | ||
1918 | +void speculation_ctrl_update_current(void) | ||
1919 | +{ | ||
1920 | + preempt_disable(); | ||
1921 | + speculation_ctrl_update(speculation_ctrl_update_tif(current)); | ||
1922 | + preempt_enable(); | ||
1923 | +} | ||
1924 | + | ||
1925 | +void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p) | ||
1926 | { | ||
1927 | struct thread_struct *prev, *next; | ||
1928 | unsigned long tifp, tifn; | ||
1929 | @@ -430,7 +486,7 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, | ||
1930 | |||
1931 | tifn = READ_ONCE(task_thread_info(next_p)->flags); | ||
1932 | tifp = READ_ONCE(task_thread_info(prev_p)->flags); | ||
1933 | - switch_to_bitmap(tss, prev, next, tifp, tifn); | ||
1934 | + switch_to_bitmap(prev, next, tifp, tifn); | ||
1935 | |||
1936 | propagate_user_return_notify(prev_p, next_p); | ||
1937 | |||
1938 | @@ -451,8 +507,15 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, | ||
1939 | if ((tifp ^ tifn) & _TIF_NOCPUID) | ||
1940 | set_cpuid_faulting(!!(tifn & _TIF_NOCPUID)); | ||
1941 | |||
1942 | - if ((tifp ^ tifn) & _TIF_SSBD) | ||
1943 | - __speculative_store_bypass_update(tifn); | ||
1944 | + if (likely(!((tifp | tifn) & _TIF_SPEC_FORCE_UPDATE))) { | ||
1945 | + __speculation_ctrl_update(tifp, tifn); | ||
1946 | + } else { | ||
1947 | + speculation_ctrl_update_tif(prev_p); | ||
1948 | + tifn = speculation_ctrl_update_tif(next_p); | ||
1949 | + | ||
1950 | + /* Enforce MSR update to ensure consistent state */ | ||
1951 | + __speculation_ctrl_update(~tifn, tifn); | ||
1952 | + } | ||
1953 | } | ||
1954 | |||
1955 | /* | ||
1956 | diff --git a/arch/x86/kernel/process.h b/arch/x86/kernel/process.h | ||
1957 | new file mode 100644 | ||
1958 | index 000000000000..898e97cf6629 | ||
1959 | --- /dev/null | ||
1960 | +++ b/arch/x86/kernel/process.h | ||
1961 | @@ -0,0 +1,39 @@ | ||
1962 | +// SPDX-License-Identifier: GPL-2.0 | ||
1963 | +// | ||
1964 | +// Code shared between 32 and 64 bit | ||
1965 | + | ||
1966 | +#include <asm/spec-ctrl.h> | ||
1967 | + | ||
1968 | +void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p); | ||
1969 | + | ||
1970 | +/* | ||
1971 | + * This needs to be inline to optimize for the common case where no extra | ||
1972 | + * work needs to be done. | ||
1973 | + */ | ||
1974 | +static inline void switch_to_extra(struct task_struct *prev, | ||
1975 | + struct task_struct *next) | ||
1976 | +{ | ||
1977 | + unsigned long next_tif = task_thread_info(next)->flags; | ||
1978 | + unsigned long prev_tif = task_thread_info(prev)->flags; | ||
1979 | + | ||
1980 | + if (IS_ENABLED(CONFIG_SMP)) { | ||
1981 | + /* | ||
1982 | + * Avoid __switch_to_xtra() invocation when conditional | ||
1983 | + * STIPB is disabled and the only different bit is | ||
1984 | + * TIF_SPEC_IB. For CONFIG_SMP=n TIF_SPEC_IB is not | ||
1985 | + * in the TIF_WORK_CTXSW masks. | ||
1986 | + */ | ||
1987 | + if (!static_branch_likely(&switch_to_cond_stibp)) { | ||
1988 | + prev_tif &= ~_TIF_SPEC_IB; | ||
1989 | + next_tif &= ~_TIF_SPEC_IB; | ||
1990 | + } | ||
1991 | + } | ||
1992 | + | ||
1993 | + /* | ||
1994 | + * __switch_to_xtra() handles debug registers, i/o bitmaps, | ||
1995 | + * speculation mitigations etc. | ||
1996 | + */ | ||
1997 | + if (unlikely(next_tif & _TIF_WORK_CTXSW_NEXT || | ||
1998 | + prev_tif & _TIF_WORK_CTXSW_PREV)) | ||
1999 | + __switch_to_xtra(prev, next); | ||
2000 | +} | ||
2001 | diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c | ||
2002 | index 5046a3c9dec2..d3e593eb189f 100644 | ||
2003 | --- a/arch/x86/kernel/process_32.c | ||
2004 | +++ b/arch/x86/kernel/process_32.c | ||
2005 | @@ -59,6 +59,8 @@ | ||
2006 | #include <asm/intel_rdt_sched.h> | ||
2007 | #include <asm/proto.h> | ||
2008 | |||
2009 | +#include "process.h" | ||
2010 | + | ||
2011 | void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) | ||
2012 | { | ||
2013 | unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L; | ||
2014 | @@ -232,7 +234,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | ||
2015 | struct fpu *prev_fpu = &prev->fpu; | ||
2016 | struct fpu *next_fpu = &next->fpu; | ||
2017 | int cpu = smp_processor_id(); | ||
2018 | - struct tss_struct *tss = &per_cpu(cpu_tss_rw, cpu); | ||
2019 | |||
2020 | /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ | ||
2021 | |||
2022 | @@ -264,12 +265,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | ||
2023 | if (get_kernel_rpl() && unlikely(prev->iopl != next->iopl)) | ||
2024 | set_iopl_mask(next->iopl); | ||
2025 | |||
2026 | - /* | ||
2027 | - * Now maybe handle debug registers and/or IO bitmaps | ||
2028 | - */ | ||
2029 | - if (unlikely(task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV || | ||
2030 | - task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT)) | ||
2031 | - __switch_to_xtra(prev_p, next_p, tss); | ||
2032 | + switch_to_extra(prev_p, next_p); | ||
2033 | |||
2034 | /* | ||
2035 | * Leave lazy mode, flushing any hypercalls made here. | ||
2036 | diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c | ||
2037 | index ea5ea850348d..a0854f283efd 100644 | ||
2038 | --- a/arch/x86/kernel/process_64.c | ||
2039 | +++ b/arch/x86/kernel/process_64.c | ||
2040 | @@ -59,6 +59,8 @@ | ||
2041 | #include <asm/unistd_32_ia32.h> | ||
2042 | #endif | ||
2043 | |||
2044 | +#include "process.h" | ||
2045 | + | ||
2046 | __visible DEFINE_PER_CPU(unsigned long, rsp_scratch); | ||
2047 | |||
2048 | /* Prints also some state that isn't saved in the pt_regs */ | ||
2049 | @@ -422,7 +424,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | ||
2050 | struct fpu *prev_fpu = &prev->fpu; | ||
2051 | struct fpu *next_fpu = &next->fpu; | ||
2052 | int cpu = smp_processor_id(); | ||
2053 | - struct tss_struct *tss = &per_cpu(cpu_tss_rw, cpu); | ||
2054 | |||
2055 | WARN_ON_ONCE(IS_ENABLED(CONFIG_DEBUG_ENTRY) && | ||
2056 | this_cpu_read(irq_count) != -1); | ||
2057 | @@ -489,12 +490,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) | ||
2058 | /* Reload sp0. */ | ||
2059 | update_task_stack(next_p); | ||
2060 | |||
2061 | - /* | ||
2062 | - * Now maybe reload the debug registers and handle I/O bitmaps | ||
2063 | - */ | ||
2064 | - if (unlikely(task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT || | ||
2065 | - task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV)) | ||
2066 | - __switch_to_xtra(prev_p, next_p, tss); | ||
2067 | + switch_to_extra(prev_p, next_p); | ||
2068 | |||
2069 | #ifdef CONFIG_XEN_PV | ||
2070 | /* | ||
2071 | diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c | ||
2072 | index fbb0e6df121b..2216d21e955d 100644 | ||
2073 | --- a/arch/x86/kvm/lapic.c | ||
2074 | +++ b/arch/x86/kvm/lapic.c | ||
2075 | @@ -571,6 +571,11 @@ int kvm_pv_send_ipi(struct kvm *kvm, unsigned long ipi_bitmap_low, | ||
2076 | rcu_read_lock(); | ||
2077 | map = rcu_dereference(kvm->arch.apic_map); | ||
2078 | |||
2079 | + if (unlikely(!map)) { | ||
2080 | + count = -EOPNOTSUPP; | ||
2081 | + goto out; | ||
2082 | + } | ||
2083 | + | ||
2084 | if (min > map->max_apic_id) | ||
2085 | goto out; | ||
2086 | /* Bits above cluster_size are masked in the caller. */ | ||
2087 | diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c | ||
2088 | index 51b953ad9d4e..1b82bc7c3cca 100644 | ||
2089 | --- a/arch/x86/kvm/mmu.c | ||
2090 | +++ b/arch/x86/kvm/mmu.c | ||
2091 | @@ -5013,9 +5013,9 @@ static bool need_remote_flush(u64 old, u64 new) | ||
2092 | } | ||
2093 | |||
2094 | static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa, | ||
2095 | - const u8 *new, int *bytes) | ||
2096 | + int *bytes) | ||
2097 | { | ||
2098 | - u64 gentry; | ||
2099 | + u64 gentry = 0; | ||
2100 | int r; | ||
2101 | |||
2102 | /* | ||
2103 | @@ -5027,22 +5027,12 @@ static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa, | ||
2104 | /* Handle a 32-bit guest writing two halves of a 64-bit gpte */ | ||
2105 | *gpa &= ~(gpa_t)7; | ||
2106 | *bytes = 8; | ||
2107 | - r = kvm_vcpu_read_guest(vcpu, *gpa, &gentry, 8); | ||
2108 | - if (r) | ||
2109 | - gentry = 0; | ||
2110 | - new = (const u8 *)&gentry; | ||
2111 | } | ||
2112 | |||
2113 | - switch (*bytes) { | ||
2114 | - case 4: | ||
2115 | - gentry = *(const u32 *)new; | ||
2116 | - break; | ||
2117 | - case 8: | ||
2118 | - gentry = *(const u64 *)new; | ||
2119 | - break; | ||
2120 | - default: | ||
2121 | - gentry = 0; | ||
2122 | - break; | ||
2123 | + if (*bytes == 4 || *bytes == 8) { | ||
2124 | + r = kvm_vcpu_read_guest_atomic(vcpu, *gpa, &gentry, *bytes); | ||
2125 | + if (r) | ||
2126 | + gentry = 0; | ||
2127 | } | ||
2128 | |||
2129 | return gentry; | ||
2130 | @@ -5146,8 +5136,6 @@ static void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, | ||
2131 | |||
2132 | pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes); | ||
2133 | |||
2134 | - gentry = mmu_pte_write_fetch_gpte(vcpu, &gpa, new, &bytes); | ||
2135 | - | ||
2136 | /* | ||
2137 | * No need to care whether allocation memory is successful | ||
2138 | * or not since pte prefetch is skiped if it does not have | ||
2139 | @@ -5156,6 +5144,9 @@ static void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, | ||
2140 | mmu_topup_memory_caches(vcpu); | ||
2141 | |||
2142 | spin_lock(&vcpu->kvm->mmu_lock); | ||
2143 | + | ||
2144 | + gentry = mmu_pte_write_fetch_gpte(vcpu, &gpa, &bytes); | ||
2145 | + | ||
2146 | ++vcpu->kvm->stat.mmu_pte_write; | ||
2147 | kvm_mmu_audit(vcpu, AUDIT_PRE_PTE_WRITE); | ||
2148 | |||
2149 | diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c | ||
2150 | index 61ccfb13899e..4397fa0c448f 100644 | ||
2151 | --- a/arch/x86/kvm/svm.c | ||
2152 | +++ b/arch/x86/kvm/svm.c | ||
2153 | @@ -1444,7 +1444,7 @@ static u64 svm_read_l1_tsc_offset(struct kvm_vcpu *vcpu) | ||
2154 | return vcpu->arch.tsc_offset; | ||
2155 | } | ||
2156 | |||
2157 | -static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) | ||
2158 | +static u64 svm_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) | ||
2159 | { | ||
2160 | struct vcpu_svm *svm = to_svm(vcpu); | ||
2161 | u64 g_tsc_offset = 0; | ||
2162 | @@ -1462,6 +1462,7 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) | ||
2163 | svm->vmcb->control.tsc_offset = offset + g_tsc_offset; | ||
2164 | |||
2165 | mark_dirty(svm->vmcb, VMCB_INTERCEPTS); | ||
2166 | + return svm->vmcb->control.tsc_offset; | ||
2167 | } | ||
2168 | |||
2169 | static void avic_init_vmcb(struct vcpu_svm *svm) | ||
2170 | @@ -2187,21 +2188,31 @@ out: | ||
2171 | return ERR_PTR(err); | ||
2172 | } | ||
2173 | |||
2174 | +static void svm_clear_current_vmcb(struct vmcb *vmcb) | ||
2175 | +{ | ||
2176 | + int i; | ||
2177 | + | ||
2178 | + for_each_online_cpu(i) | ||
2179 | + cmpxchg(&per_cpu(svm_data, i)->current_vmcb, vmcb, NULL); | ||
2180 | +} | ||
2181 | + | ||
2182 | static void svm_free_vcpu(struct kvm_vcpu *vcpu) | ||
2183 | { | ||
2184 | struct vcpu_svm *svm = to_svm(vcpu); | ||
2185 | |||
2186 | + /* | ||
2187 | + * The vmcb page can be recycled, causing a false negative in | ||
2188 | + * svm_vcpu_load(). So, ensure that no logical CPU has this | ||
2189 | + * vmcb page recorded as its current vmcb. | ||
2190 | + */ | ||
2191 | + svm_clear_current_vmcb(svm->vmcb); | ||
2192 | + | ||
2193 | __free_page(pfn_to_page(__sme_clr(svm->vmcb_pa) >> PAGE_SHIFT)); | ||
2194 | __free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER); | ||
2195 | __free_page(virt_to_page(svm->nested.hsave)); | ||
2196 | __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER); | ||
2197 | kvm_vcpu_uninit(vcpu); | ||
2198 | kmem_cache_free(kvm_vcpu_cache, svm); | ||
2199 | - /* | ||
2200 | - * The vmcb page can be recycled, causing a false negative in | ||
2201 | - * svm_vcpu_load(). So do a full IBPB now. | ||
2202 | - */ | ||
2203 | - indirect_branch_prediction_barrier(); | ||
2204 | } | ||
2205 | |||
2206 | static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) | ||
2207 | @@ -7145,7 +7156,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { | ||
2208 | .has_wbinvd_exit = svm_has_wbinvd_exit, | ||
2209 | |||
2210 | .read_l1_tsc_offset = svm_read_l1_tsc_offset, | ||
2211 | - .write_tsc_offset = svm_write_tsc_offset, | ||
2212 | + .write_l1_tsc_offset = svm_write_l1_tsc_offset, | ||
2213 | |||
2214 | .set_tdp_cr3 = set_tdp_cr3, | ||
2215 | |||
2216 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c | ||
2217 | index 9f3def7baa6d..e55f7a90d4b2 100644 | ||
2218 | --- a/arch/x86/kvm/vmx.c | ||
2219 | +++ b/arch/x86/kvm/vmx.c | ||
2220 | @@ -170,6 +170,7 @@ module_param_named(preemption_timer, enable_preemption_timer, bool, S_IRUGO); | ||
2221 | * refer SDM volume 3b section 21.6.13 & 22.1.3. | ||
2222 | */ | ||
2223 | static unsigned int ple_gap = KVM_DEFAULT_PLE_GAP; | ||
2224 | +module_param(ple_gap, uint, 0444); | ||
2225 | |||
2226 | static unsigned int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW; | ||
2227 | module_param(ple_window, uint, 0444); | ||
2228 | @@ -3433,11 +3434,9 @@ static u64 vmx_read_l1_tsc_offset(struct kvm_vcpu *vcpu) | ||
2229 | return vcpu->arch.tsc_offset; | ||
2230 | } | ||
2231 | |||
2232 | -/* | ||
2233 | - * writes 'offset' into guest's timestamp counter offset register | ||
2234 | - */ | ||
2235 | -static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) | ||
2236 | +static u64 vmx_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) | ||
2237 | { | ||
2238 | + u64 active_offset = offset; | ||
2239 | if (is_guest_mode(vcpu)) { | ||
2240 | /* | ||
2241 | * We're here if L1 chose not to trap WRMSR to TSC. According | ||
2242 | @@ -3445,17 +3444,16 @@ static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) | ||
2243 | * set for L2 remains unchanged, and still needs to be added | ||
2244 | * to the newly set TSC to get L2's TSC. | ||
2245 | */ | ||
2246 | - struct vmcs12 *vmcs12; | ||
2247 | - /* recalculate vmcs02.TSC_OFFSET: */ | ||
2248 | - vmcs12 = get_vmcs12(vcpu); | ||
2249 | - vmcs_write64(TSC_OFFSET, offset + | ||
2250 | - (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETING) ? | ||
2251 | - vmcs12->tsc_offset : 0)); | ||
2252 | + struct vmcs12 *vmcs12 = get_vmcs12(vcpu); | ||
2253 | + if (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETING)) | ||
2254 | + active_offset += vmcs12->tsc_offset; | ||
2255 | } else { | ||
2256 | trace_kvm_write_tsc_offset(vcpu->vcpu_id, | ||
2257 | vmcs_read64(TSC_OFFSET), offset); | ||
2258 | - vmcs_write64(TSC_OFFSET, offset); | ||
2259 | } | ||
2260 | + | ||
2261 | + vmcs_write64(TSC_OFFSET, active_offset); | ||
2262 | + return active_offset; | ||
2263 | } | ||
2264 | |||
2265 | /* | ||
2266 | @@ -14203,7 +14201,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { | ||
2267 | .has_wbinvd_exit = cpu_has_vmx_wbinvd_exit, | ||
2268 | |||
2269 | .read_l1_tsc_offset = vmx_read_l1_tsc_offset, | ||
2270 | - .write_tsc_offset = vmx_write_tsc_offset, | ||
2271 | + .write_l1_tsc_offset = vmx_write_l1_tsc_offset, | ||
2272 | |||
2273 | .set_tdp_cr3 = vmx_set_cr3, | ||
2274 | |||
2275 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c | ||
2276 | index ca717737347e..68b53f05a420 100644 | ||
2277 | --- a/arch/x86/kvm/x86.c | ||
2278 | +++ b/arch/x86/kvm/x86.c | ||
2279 | @@ -1582,8 +1582,7 @@ EXPORT_SYMBOL_GPL(kvm_read_l1_tsc); | ||
2280 | |||
2281 | static void kvm_vcpu_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) | ||
2282 | { | ||
2283 | - kvm_x86_ops->write_tsc_offset(vcpu, offset); | ||
2284 | - vcpu->arch.tsc_offset = offset; | ||
2285 | + vcpu->arch.tsc_offset = kvm_x86_ops->write_l1_tsc_offset(vcpu, offset); | ||
2286 | } | ||
2287 | |||
2288 | static inline bool kvm_check_tsc_unstable(void) | ||
2289 | @@ -1711,7 +1710,8 @@ EXPORT_SYMBOL_GPL(kvm_write_tsc); | ||
2290 | static inline void adjust_tsc_offset_guest(struct kvm_vcpu *vcpu, | ||
2291 | s64 adjustment) | ||
2292 | { | ||
2293 | - kvm_vcpu_write_tsc_offset(vcpu, vcpu->arch.tsc_offset + adjustment); | ||
2294 | + u64 tsc_offset = kvm_x86_ops->read_l1_tsc_offset(vcpu); | ||
2295 | + kvm_vcpu_write_tsc_offset(vcpu, tsc_offset + adjustment); | ||
2296 | } | ||
2297 | |||
2298 | static inline void adjust_tsc_offset_host(struct kvm_vcpu *vcpu, s64 adjustment) | ||
2299 | @@ -6788,6 +6788,7 @@ static int kvm_pv_clock_pairing(struct kvm_vcpu *vcpu, gpa_t paddr, | ||
2300 | clock_pairing.nsec = ts.tv_nsec; | ||
2301 | clock_pairing.tsc = kvm_read_l1_tsc(vcpu, cycle); | ||
2302 | clock_pairing.flags = 0; | ||
2303 | + memset(&clock_pairing.pad, 0, sizeof(clock_pairing.pad)); | ||
2304 | |||
2305 | ret = 0; | ||
2306 | if (kvm_write_guest(vcpu->kvm, paddr, &clock_pairing, | ||
2307 | @@ -7313,7 +7314,8 @@ static void vcpu_scan_ioapic(struct kvm_vcpu *vcpu) | ||
2308 | else { | ||
2309 | if (vcpu->arch.apicv_active) | ||
2310 | kvm_x86_ops->sync_pir_to_irr(vcpu); | ||
2311 | - kvm_ioapic_scan_entry(vcpu, vcpu->arch.ioapic_handled_vectors); | ||
2312 | + if (ioapic_in_kernel(vcpu->kvm)) | ||
2313 | + kvm_ioapic_scan_entry(vcpu, vcpu->arch.ioapic_handled_vectors); | ||
2314 | } | ||
2315 | |||
2316 | if (is_guest_mode(vcpu)) | ||
2317 | diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c | ||
2318 | index e96b99eb800c..a6d1b0241aea 100644 | ||
2319 | --- a/arch/x86/mm/tlb.c | ||
2320 | +++ b/arch/x86/mm/tlb.c | ||
2321 | @@ -29,6 +29,12 @@ | ||
2322 | * Implement flush IPI by CALL_FUNCTION_VECTOR, Alex Shi | ||
2323 | */ | ||
2324 | |||
2325 | +/* | ||
2326 | + * Use bit 0 to mangle the TIF_SPEC_IB state into the mm pointer which is | ||
2327 | + * stored in cpu_tlb_state.last_user_mm_ibpb. | ||
2328 | + */ | ||
2329 | +#define LAST_USER_MM_IBPB 0x1UL | ||
2330 | + | ||
2331 | /* | ||
2332 | * We get here when we do something requiring a TLB invalidation | ||
2333 | * but could not go invalidate all of the contexts. We do the | ||
2334 | @@ -180,6 +186,89 @@ static void sync_current_stack_to_mm(struct mm_struct *mm) | ||
2335 | } | ||
2336 | } | ||
2337 | |||
2338 | +static inline unsigned long mm_mangle_tif_spec_ib(struct task_struct *next) | ||
2339 | +{ | ||
2340 | + unsigned long next_tif = task_thread_info(next)->flags; | ||
2341 | + unsigned long ibpb = (next_tif >> TIF_SPEC_IB) & LAST_USER_MM_IBPB; | ||
2342 | + | ||
2343 | + return (unsigned long)next->mm | ibpb; | ||
2344 | +} | ||
2345 | + | ||
2346 | +static void cond_ibpb(struct task_struct *next) | ||
2347 | +{ | ||
2348 | + if (!next || !next->mm) | ||
2349 | + return; | ||
2350 | + | ||
2351 | + /* | ||
2352 | + * Both, the conditional and the always IBPB mode use the mm | ||
2353 | + * pointer to avoid the IBPB when switching between tasks of the | ||
2354 | + * same process. Using the mm pointer instead of mm->context.ctx_id | ||
2355 | + * opens a hypothetical hole vs. mm_struct reuse, which is more or | ||
2356 | + * less impossible to control by an attacker. Aside of that it | ||
2357 | + * would only affect the first schedule so the theoretically | ||
2358 | + * exposed data is not really interesting. | ||
2359 | + */ | ||
2360 | + if (static_branch_likely(&switch_mm_cond_ibpb)) { | ||
2361 | + unsigned long prev_mm, next_mm; | ||
2362 | + | ||
2363 | + /* | ||
2364 | + * This is a bit more complex than the always mode because | ||
2365 | + * it has to handle two cases: | ||
2366 | + * | ||
2367 | + * 1) Switch from a user space task (potential attacker) | ||
2368 | + * which has TIF_SPEC_IB set to a user space task | ||
2369 | + * (potential victim) which has TIF_SPEC_IB not set. | ||
2370 | + * | ||
2371 | + * 2) Switch from a user space task (potential attacker) | ||
2372 | + * which has TIF_SPEC_IB not set to a user space task | ||
2373 | + * (potential victim) which has TIF_SPEC_IB set. | ||
2374 | + * | ||
2375 | + * This could be done by unconditionally issuing IBPB when | ||
2376 | + * a task which has TIF_SPEC_IB set is either scheduled in | ||
2377 | + * or out. Though that results in two flushes when: | ||
2378 | + * | ||
2379 | + * - the same user space task is scheduled out and later | ||
2380 | + * scheduled in again and only a kernel thread ran in | ||
2381 | + * between. | ||
2382 | + * | ||
2383 | + * - a user space task belonging to the same process is | ||
2384 | + * scheduled in after a kernel thread ran in between | ||
2385 | + * | ||
2386 | + * - a user space task belonging to the same process is | ||
2387 | + * scheduled in immediately. | ||
2388 | + * | ||
2389 | + * Optimize this with reasonably small overhead for the | ||
2390 | + * above cases. Mangle the TIF_SPEC_IB bit into the mm | ||
2391 | + * pointer of the incoming task which is stored in | ||
2392 | + * cpu_tlbstate.last_user_mm_ibpb for comparison. | ||
2393 | + */ | ||
2394 | + next_mm = mm_mangle_tif_spec_ib(next); | ||
2395 | + prev_mm = this_cpu_read(cpu_tlbstate.last_user_mm_ibpb); | ||
2396 | + | ||
2397 | + /* | ||
2398 | + * Issue IBPB only if the mm's are different and one or | ||
2399 | + * both have the IBPB bit set. | ||
2400 | + */ | ||
2401 | + if (next_mm != prev_mm && | ||
2402 | + (next_mm | prev_mm) & LAST_USER_MM_IBPB) | ||
2403 | + indirect_branch_prediction_barrier(); | ||
2404 | + | ||
2405 | + this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, next_mm); | ||
2406 | + } | ||
2407 | + | ||
2408 | + if (static_branch_unlikely(&switch_mm_always_ibpb)) { | ||
2409 | + /* | ||
2410 | + * Only flush when switching to a user space task with a | ||
2411 | + * different context than the user space task which ran | ||
2412 | + * last on this CPU. | ||
2413 | + */ | ||
2414 | + if (this_cpu_read(cpu_tlbstate.last_user_mm) != next->mm) { | ||
2415 | + indirect_branch_prediction_barrier(); | ||
2416 | + this_cpu_write(cpu_tlbstate.last_user_mm, next->mm); | ||
2417 | + } | ||
2418 | + } | ||
2419 | +} | ||
2420 | + | ||
2421 | void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, | ||
2422 | struct task_struct *tsk) | ||
2423 | { | ||
2424 | @@ -254,27 +343,13 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, | ||
2425 | } else { | ||
2426 | u16 new_asid; | ||
2427 | bool need_flush; | ||
2428 | - u64 last_ctx_id = this_cpu_read(cpu_tlbstate.last_ctx_id); | ||
2429 | |||
2430 | /* | ||
2431 | * Avoid user/user BTB poisoning by flushing the branch | ||
2432 | * predictor when switching between processes. This stops | ||
2433 | * one process from doing Spectre-v2 attacks on another. | ||
2434 | - * | ||
2435 | - * As an optimization, flush indirect branches only when | ||
2436 | - * switching into processes that disable dumping. This | ||
2437 | - * protects high value processes like gpg, without having | ||
2438 | - * too high performance overhead. IBPB is *expensive*! | ||
2439 | - * | ||
2440 | - * This will not flush branches when switching into kernel | ||
2441 | - * threads. It will also not flush if we switch to idle | ||
2442 | - * thread and back to the same process. It will flush if we | ||
2443 | - * switch to a different non-dumpable process. | ||
2444 | */ | ||
2445 | - if (tsk && tsk->mm && | ||
2446 | - tsk->mm->context.ctx_id != last_ctx_id && | ||
2447 | - get_dumpable(tsk->mm) != SUID_DUMP_USER) | ||
2448 | - indirect_branch_prediction_barrier(); | ||
2449 | + cond_ibpb(tsk); | ||
2450 | |||
2451 | if (IS_ENABLED(CONFIG_VMAP_STACK)) { | ||
2452 | /* | ||
2453 | @@ -331,14 +406,6 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, | ||
2454 | trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, 0); | ||
2455 | } | ||
2456 | |||
2457 | - /* | ||
2458 | - * Record last user mm's context id, so we can avoid | ||
2459 | - * flushing branch buffer with IBPB if we switch back | ||
2460 | - * to the same user. | ||
2461 | - */ | ||
2462 | - if (next != &init_mm) | ||
2463 | - this_cpu_write(cpu_tlbstate.last_ctx_id, next->context.ctx_id); | ||
2464 | - | ||
2465 | /* Make sure we write CR3 before loaded_mm. */ | ||
2466 | barrier(); | ||
2467 | |||
2468 | @@ -419,7 +486,7 @@ void initialize_tlbstate_and_flush(void) | ||
2469 | write_cr3(build_cr3(mm->pgd, 0)); | ||
2470 | |||
2471 | /* Reinitialize tlbstate. */ | ||
2472 | - this_cpu_write(cpu_tlbstate.last_ctx_id, mm->context.ctx_id); | ||
2473 | + this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, LAST_USER_MM_IBPB); | ||
2474 | this_cpu_write(cpu_tlbstate.loaded_mm_asid, 0); | ||
2475 | this_cpu_write(cpu_tlbstate.next_asid, 1); | ||
2476 | this_cpu_write(cpu_tlbstate.ctxs[0].ctx_id, mm->context.ctx_id); | ||
2477 | diff --git a/arch/xtensa/kernel/asm-offsets.c b/arch/xtensa/kernel/asm-offsets.c | ||
2478 | index 67904f55f188..120dd746a147 100644 | ||
2479 | --- a/arch/xtensa/kernel/asm-offsets.c | ||
2480 | +++ b/arch/xtensa/kernel/asm-offsets.c | ||
2481 | @@ -94,14 +94,14 @@ int main(void) | ||
2482 | DEFINE(THREAD_SP, offsetof (struct task_struct, thread.sp)); | ||
2483 | DEFINE(THREAD_CPENABLE, offsetof (struct thread_info, cpenable)); | ||
2484 | #if XTENSA_HAVE_COPROCESSORS | ||
2485 | - DEFINE(THREAD_XTREGS_CP0, offsetof (struct thread_info, xtregs_cp)); | ||
2486 | - DEFINE(THREAD_XTREGS_CP1, offsetof (struct thread_info, xtregs_cp)); | ||
2487 | - DEFINE(THREAD_XTREGS_CP2, offsetof (struct thread_info, xtregs_cp)); | ||
2488 | - DEFINE(THREAD_XTREGS_CP3, offsetof (struct thread_info, xtregs_cp)); | ||
2489 | - DEFINE(THREAD_XTREGS_CP4, offsetof (struct thread_info, xtregs_cp)); | ||
2490 | - DEFINE(THREAD_XTREGS_CP5, offsetof (struct thread_info, xtregs_cp)); | ||
2491 | - DEFINE(THREAD_XTREGS_CP6, offsetof (struct thread_info, xtregs_cp)); | ||
2492 | - DEFINE(THREAD_XTREGS_CP7, offsetof (struct thread_info, xtregs_cp)); | ||
2493 | + DEFINE(THREAD_XTREGS_CP0, offsetof(struct thread_info, xtregs_cp.cp0)); | ||
2494 | + DEFINE(THREAD_XTREGS_CP1, offsetof(struct thread_info, xtregs_cp.cp1)); | ||
2495 | + DEFINE(THREAD_XTREGS_CP2, offsetof(struct thread_info, xtregs_cp.cp2)); | ||
2496 | + DEFINE(THREAD_XTREGS_CP3, offsetof(struct thread_info, xtregs_cp.cp3)); | ||
2497 | + DEFINE(THREAD_XTREGS_CP4, offsetof(struct thread_info, xtregs_cp.cp4)); | ||
2498 | + DEFINE(THREAD_XTREGS_CP5, offsetof(struct thread_info, xtregs_cp.cp5)); | ||
2499 | + DEFINE(THREAD_XTREGS_CP6, offsetof(struct thread_info, xtregs_cp.cp6)); | ||
2500 | + DEFINE(THREAD_XTREGS_CP7, offsetof(struct thread_info, xtregs_cp.cp7)); | ||
2501 | #endif | ||
2502 | DEFINE(THREAD_XTREGS_USER, offsetof (struct thread_info, xtregs_user)); | ||
2503 | DEFINE(XTREGS_USER_SIZE, sizeof(xtregs_user_t)); | ||
2504 | diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c | ||
2505 | index 483dcfb6e681..4bb68133a72a 100644 | ||
2506 | --- a/arch/xtensa/kernel/process.c | ||
2507 | +++ b/arch/xtensa/kernel/process.c | ||
2508 | @@ -94,18 +94,21 @@ void coprocessor_release_all(struct thread_info *ti) | ||
2509 | |||
2510 | void coprocessor_flush_all(struct thread_info *ti) | ||
2511 | { | ||
2512 | - unsigned long cpenable; | ||
2513 | + unsigned long cpenable, old_cpenable; | ||
2514 | int i; | ||
2515 | |||
2516 | preempt_disable(); | ||
2517 | |||
2518 | + RSR_CPENABLE(old_cpenable); | ||
2519 | cpenable = ti->cpenable; | ||
2520 | + WSR_CPENABLE(cpenable); | ||
2521 | |||
2522 | for (i = 0; i < XCHAL_CP_MAX; i++) { | ||
2523 | if ((cpenable & 1) != 0 && coprocessor_owner[i] == ti) | ||
2524 | coprocessor_flush(ti, i); | ||
2525 | cpenable >>= 1; | ||
2526 | } | ||
2527 | + WSR_CPENABLE(old_cpenable); | ||
2528 | |||
2529 | preempt_enable(); | ||
2530 | } | ||
2531 | diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c | ||
2532 | index c0845cb1cbb9..d9541be0605a 100644 | ||
2533 | --- a/arch/xtensa/kernel/ptrace.c | ||
2534 | +++ b/arch/xtensa/kernel/ptrace.c | ||
2535 | @@ -127,12 +127,37 @@ static int ptrace_setregs(struct task_struct *child, void __user *uregs) | ||
2536 | } | ||
2537 | |||
2538 | |||
2539 | +#if XTENSA_HAVE_COPROCESSORS | ||
2540 | +#define CP_OFFSETS(cp) \ | ||
2541 | + { \ | ||
2542 | + .elf_xtregs_offset = offsetof(elf_xtregs_t, cp), \ | ||
2543 | + .ti_offset = offsetof(struct thread_info, xtregs_cp.cp), \ | ||
2544 | + .sz = sizeof(xtregs_ ## cp ## _t), \ | ||
2545 | + } | ||
2546 | + | ||
2547 | +static const struct { | ||
2548 | + size_t elf_xtregs_offset; | ||
2549 | + size_t ti_offset; | ||
2550 | + size_t sz; | ||
2551 | +} cp_offsets[] = { | ||
2552 | + CP_OFFSETS(cp0), | ||
2553 | + CP_OFFSETS(cp1), | ||
2554 | + CP_OFFSETS(cp2), | ||
2555 | + CP_OFFSETS(cp3), | ||
2556 | + CP_OFFSETS(cp4), | ||
2557 | + CP_OFFSETS(cp5), | ||
2558 | + CP_OFFSETS(cp6), | ||
2559 | + CP_OFFSETS(cp7), | ||
2560 | +}; | ||
2561 | +#endif | ||
2562 | + | ||
2563 | static int ptrace_getxregs(struct task_struct *child, void __user *uregs) | ||
2564 | { | ||
2565 | struct pt_regs *regs = task_pt_regs(child); | ||
2566 | struct thread_info *ti = task_thread_info(child); | ||
2567 | elf_xtregs_t __user *xtregs = uregs; | ||
2568 | int ret = 0; | ||
2569 | + int i __maybe_unused; | ||
2570 | |||
2571 | if (!access_ok(VERIFY_WRITE, uregs, sizeof(elf_xtregs_t))) | ||
2572 | return -EIO; | ||
2573 | @@ -140,8 +165,13 @@ static int ptrace_getxregs(struct task_struct *child, void __user *uregs) | ||
2574 | #if XTENSA_HAVE_COPROCESSORS | ||
2575 | /* Flush all coprocessor registers to memory. */ | ||
2576 | coprocessor_flush_all(ti); | ||
2577 | - ret |= __copy_to_user(&xtregs->cp0, &ti->xtregs_cp, | ||
2578 | - sizeof(xtregs_coprocessor_t)); | ||
2579 | + | ||
2580 | + for (i = 0; i < ARRAY_SIZE(cp_offsets); ++i) | ||
2581 | + ret |= __copy_to_user((char __user *)xtregs + | ||
2582 | + cp_offsets[i].elf_xtregs_offset, | ||
2583 | + (const char *)ti + | ||
2584 | + cp_offsets[i].ti_offset, | ||
2585 | + cp_offsets[i].sz); | ||
2586 | #endif | ||
2587 | ret |= __copy_to_user(&xtregs->opt, ®s->xtregs_opt, | ||
2588 | sizeof(xtregs->opt)); | ||
2589 | @@ -157,6 +187,7 @@ static int ptrace_setxregs(struct task_struct *child, void __user *uregs) | ||
2590 | struct pt_regs *regs = task_pt_regs(child); | ||
2591 | elf_xtregs_t *xtregs = uregs; | ||
2592 | int ret = 0; | ||
2593 | + int i __maybe_unused; | ||
2594 | |||
2595 | if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t))) | ||
2596 | return -EFAULT; | ||
2597 | @@ -166,8 +197,11 @@ static int ptrace_setxregs(struct task_struct *child, void __user *uregs) | ||
2598 | coprocessor_flush_all(ti); | ||
2599 | coprocessor_release_all(ti); | ||
2600 | |||
2601 | - ret |= __copy_from_user(&ti->xtregs_cp, &xtregs->cp0, | ||
2602 | - sizeof(xtregs_coprocessor_t)); | ||
2603 | + for (i = 0; i < ARRAY_SIZE(cp_offsets); ++i) | ||
2604 | + ret |= __copy_from_user((char *)ti + cp_offsets[i].ti_offset, | ||
2605 | + (const char __user *)xtregs + | ||
2606 | + cp_offsets[i].elf_xtregs_offset, | ||
2607 | + cp_offsets[i].sz); | ||
2608 | #endif | ||
2609 | ret |= __copy_from_user(®s->xtregs_opt, &xtregs->opt, | ||
2610 | sizeof(xtregs->opt)); | ||
2611 | diff --git a/drivers/android/binder.c b/drivers/android/binder.c | ||
2612 | index d58763b6b009..ce0e4d317d24 100644 | ||
2613 | --- a/drivers/android/binder.c | ||
2614 | +++ b/drivers/android/binder.c | ||
2615 | @@ -2971,7 +2971,6 @@ static void binder_transaction(struct binder_proc *proc, | ||
2616 | t->buffer = NULL; | ||
2617 | goto err_binder_alloc_buf_failed; | ||
2618 | } | ||
2619 | - t->buffer->allow_user_free = 0; | ||
2620 | t->buffer->debug_id = t->debug_id; | ||
2621 | t->buffer->transaction = t; | ||
2622 | t->buffer->target_node = target_node; | ||
2623 | @@ -3465,14 +3464,18 @@ static int binder_thread_write(struct binder_proc *proc, | ||
2624 | |||
2625 | buffer = binder_alloc_prepare_to_free(&proc->alloc, | ||
2626 | data_ptr); | ||
2627 | - if (buffer == NULL) { | ||
2628 | - binder_user_error("%d:%d BC_FREE_BUFFER u%016llx no match\n", | ||
2629 | - proc->pid, thread->pid, (u64)data_ptr); | ||
2630 | - break; | ||
2631 | - } | ||
2632 | - if (!buffer->allow_user_free) { | ||
2633 | - binder_user_error("%d:%d BC_FREE_BUFFER u%016llx matched unreturned buffer\n", | ||
2634 | - proc->pid, thread->pid, (u64)data_ptr); | ||
2635 | + if (IS_ERR_OR_NULL(buffer)) { | ||
2636 | + if (PTR_ERR(buffer) == -EPERM) { | ||
2637 | + binder_user_error( | ||
2638 | + "%d:%d BC_FREE_BUFFER u%016llx matched unreturned or currently freeing buffer\n", | ||
2639 | + proc->pid, thread->pid, | ||
2640 | + (u64)data_ptr); | ||
2641 | + } else { | ||
2642 | + binder_user_error( | ||
2643 | + "%d:%d BC_FREE_BUFFER u%016llx no match\n", | ||
2644 | + proc->pid, thread->pid, | ||
2645 | + (u64)data_ptr); | ||
2646 | + } | ||
2647 | break; | ||
2648 | } | ||
2649 | binder_debug(BINDER_DEBUG_FREE_BUFFER, | ||
2650 | diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c | ||
2651 | index 64fd96eada31..030c98f35cca 100644 | ||
2652 | --- a/drivers/android/binder_alloc.c | ||
2653 | +++ b/drivers/android/binder_alloc.c | ||
2654 | @@ -151,16 +151,12 @@ static struct binder_buffer *binder_alloc_prepare_to_free_locked( | ||
2655 | else { | ||
2656 | /* | ||
2657 | * Guard against user threads attempting to | ||
2658 | - * free the buffer twice | ||
2659 | + * free the buffer when in use by kernel or | ||
2660 | + * after it's already been freed. | ||
2661 | */ | ||
2662 | - if (buffer->free_in_progress) { | ||
2663 | - binder_alloc_debug(BINDER_DEBUG_USER_ERROR, | ||
2664 | - "%d:%d FREE_BUFFER u%016llx user freed buffer twice\n", | ||
2665 | - alloc->pid, current->pid, | ||
2666 | - (u64)user_ptr); | ||
2667 | - return NULL; | ||
2668 | - } | ||
2669 | - buffer->free_in_progress = 1; | ||
2670 | + if (!buffer->allow_user_free) | ||
2671 | + return ERR_PTR(-EPERM); | ||
2672 | + buffer->allow_user_free = 0; | ||
2673 | return buffer; | ||
2674 | } | ||
2675 | } | ||
2676 | @@ -500,7 +496,7 @@ static struct binder_buffer *binder_alloc_new_buf_locked( | ||
2677 | |||
2678 | rb_erase(best_fit, &alloc->free_buffers); | ||
2679 | buffer->free = 0; | ||
2680 | - buffer->free_in_progress = 0; | ||
2681 | + buffer->allow_user_free = 0; | ||
2682 | binder_insert_allocated_buffer_locked(alloc, buffer); | ||
2683 | binder_alloc_debug(BINDER_DEBUG_BUFFER_ALLOC, | ||
2684 | "%d: binder_alloc_buf size %zd got %pK\n", | ||
2685 | diff --git a/drivers/android/binder_alloc.h b/drivers/android/binder_alloc.h | ||
2686 | index 9ef64e563856..fb3238c74c8a 100644 | ||
2687 | --- a/drivers/android/binder_alloc.h | ||
2688 | +++ b/drivers/android/binder_alloc.h | ||
2689 | @@ -50,8 +50,7 @@ struct binder_buffer { | ||
2690 | unsigned free:1; | ||
2691 | unsigned allow_user_free:1; | ||
2692 | unsigned async_transaction:1; | ||
2693 | - unsigned free_in_progress:1; | ||
2694 | - unsigned debug_id:28; | ||
2695 | + unsigned debug_id:29; | ||
2696 | |||
2697 | struct binder_transaction *transaction; | ||
2698 | |||
2699 | diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c | ||
2700 | index 75f38d19fcbe..dbc51154f122 100644 | ||
2701 | --- a/drivers/dma/at_hdmac.c | ||
2702 | +++ b/drivers/dma/at_hdmac.c | ||
2703 | @@ -1641,6 +1641,12 @@ static void atc_free_chan_resources(struct dma_chan *chan) | ||
2704 | atchan->descs_allocated = 0; | ||
2705 | atchan->status = 0; | ||
2706 | |||
2707 | + /* | ||
2708 | + * Free atslave allocated in at_dma_xlate() | ||
2709 | + */ | ||
2710 | + kfree(chan->private); | ||
2711 | + chan->private = NULL; | ||
2712 | + | ||
2713 | dev_vdbg(chan2dev(chan), "free_chan_resources: done\n"); | ||
2714 | } | ||
2715 | |||
2716 | @@ -1675,7 +1681,7 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, | ||
2717 | dma_cap_zero(mask); | ||
2718 | dma_cap_set(DMA_SLAVE, mask); | ||
2719 | |||
2720 | - atslave = devm_kzalloc(&dmac_pdev->dev, sizeof(*atslave), GFP_KERNEL); | ||
2721 | + atslave = kzalloc(sizeof(*atslave), GFP_KERNEL); | ||
2722 | if (!atslave) | ||
2723 | return NULL; | ||
2724 | |||
2725 | @@ -2000,6 +2006,8 @@ static int at_dma_remove(struct platform_device *pdev) | ||
2726 | struct resource *io; | ||
2727 | |||
2728 | at_dma_off(atdma); | ||
2729 | + if (pdev->dev.of_node) | ||
2730 | + of_dma_controller_free(pdev->dev.of_node); | ||
2731 | dma_async_device_unregister(&atdma->dma_common); | ||
2732 | |||
2733 | dma_pool_destroy(atdma->memset_pool); | ||
2734 | diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c | ||
2735 | index e8a114157f87..bb012bc032e0 100644 | ||
2736 | --- a/drivers/hid/hid-sensor-custom.c | ||
2737 | +++ b/drivers/hid/hid-sensor-custom.c | ||
2738 | @@ -358,7 +358,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr, | ||
2739 | sensor_inst->hsdev, | ||
2740 | sensor_inst->hsdev->usage, | ||
2741 | usage, report_id, | ||
2742 | - SENSOR_HUB_SYNC); | ||
2743 | + SENSOR_HUB_SYNC, false); | ||
2744 | } else if (!strncmp(name, "units", strlen("units"))) | ||
2745 | value = sensor_inst->fields[field_index].attribute.units; | ||
2746 | else if (!strncmp(name, "unit-expo", strlen("unit-expo"))) | ||
2747 | diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c | ||
2748 | index 2b63487057c2..4256fdc5cd6d 100644 | ||
2749 | --- a/drivers/hid/hid-sensor-hub.c | ||
2750 | +++ b/drivers/hid/hid-sensor-hub.c | ||
2751 | @@ -299,7 +299,8 @@ EXPORT_SYMBOL_GPL(sensor_hub_get_feature); | ||
2752 | int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, | ||
2753 | u32 usage_id, | ||
2754 | u32 attr_usage_id, u32 report_id, | ||
2755 | - enum sensor_hub_read_flags flag) | ||
2756 | + enum sensor_hub_read_flags flag, | ||
2757 | + bool is_signed) | ||
2758 | { | ||
2759 | struct sensor_hub_data *data = hid_get_drvdata(hsdev->hdev); | ||
2760 | unsigned long flags; | ||
2761 | @@ -331,10 +332,16 @@ int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, | ||
2762 | &hsdev->pending.ready, HZ*5); | ||
2763 | switch (hsdev->pending.raw_size) { | ||
2764 | case 1: | ||
2765 | - ret_val = *(u8 *)hsdev->pending.raw_data; | ||
2766 | + if (is_signed) | ||
2767 | + ret_val = *(s8 *)hsdev->pending.raw_data; | ||
2768 | + else | ||
2769 | + ret_val = *(u8 *)hsdev->pending.raw_data; | ||
2770 | break; | ||
2771 | case 2: | ||
2772 | - ret_val = *(u16 *)hsdev->pending.raw_data; | ||
2773 | + if (is_signed) | ||
2774 | + ret_val = *(s16 *)hsdev->pending.raw_data; | ||
2775 | + else | ||
2776 | + ret_val = *(u16 *)hsdev->pending.raw_data; | ||
2777 | break; | ||
2778 | case 4: | ||
2779 | ret_val = *(u32 *)hsdev->pending.raw_data; | ||
2780 | diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c | ||
2781 | index 741857d80da1..2f164bd74687 100644 | ||
2782 | --- a/drivers/hv/channel.c | ||
2783 | +++ b/drivers/hv/channel.c | ||
2784 | @@ -482,6 +482,14 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, | ||
2785 | } | ||
2786 | wait_for_completion(&msginfo->waitevent); | ||
2787 | |||
2788 | + if (msginfo->response.gpadl_created.creation_status != 0) { | ||
2789 | + pr_err("Failed to establish GPADL: err = 0x%x\n", | ||
2790 | + msginfo->response.gpadl_created.creation_status); | ||
2791 | + | ||
2792 | + ret = -EDQUOT; | ||
2793 | + goto cleanup; | ||
2794 | + } | ||
2795 | + | ||
2796 | if (channel->rescind) { | ||
2797 | ret = -ENODEV; | ||
2798 | goto cleanup; | ||
2799 | diff --git a/drivers/iio/accel/hid-sensor-accel-3d.c b/drivers/iio/accel/hid-sensor-accel-3d.c | ||
2800 | index 41d97faf5013..38ff374a3ca4 100644 | ||
2801 | --- a/drivers/iio/accel/hid-sensor-accel-3d.c | ||
2802 | +++ b/drivers/iio/accel/hid-sensor-accel-3d.c | ||
2803 | @@ -149,6 +149,7 @@ static int accel_3d_read_raw(struct iio_dev *indio_dev, | ||
2804 | int report_id = -1; | ||
2805 | u32 address; | ||
2806 | int ret_type; | ||
2807 | + s32 min; | ||
2808 | struct hid_sensor_hub_device *hsdev = | ||
2809 | accel_state->common_attributes.hsdev; | ||
2810 | |||
2811 | @@ -158,12 +159,14 @@ static int accel_3d_read_raw(struct iio_dev *indio_dev, | ||
2812 | case IIO_CHAN_INFO_RAW: | ||
2813 | hid_sensor_power_state(&accel_state->common_attributes, true); | ||
2814 | report_id = accel_state->accel[chan->scan_index].report_id; | ||
2815 | + min = accel_state->accel[chan->scan_index].logical_minimum; | ||
2816 | address = accel_3d_addresses[chan->scan_index]; | ||
2817 | if (report_id >= 0) | ||
2818 | *val = sensor_hub_input_attr_get_raw_value( | ||
2819 | accel_state->common_attributes.hsdev, | ||
2820 | hsdev->usage, address, report_id, | ||
2821 | - SENSOR_HUB_SYNC); | ||
2822 | + SENSOR_HUB_SYNC, | ||
2823 | + min < 0); | ||
2824 | else { | ||
2825 | *val = 0; | ||
2826 | hid_sensor_power_state(&accel_state->common_attributes, | ||
2827 | diff --git a/drivers/iio/gyro/hid-sensor-gyro-3d.c b/drivers/iio/gyro/hid-sensor-gyro-3d.c | ||
2828 | index 36941e69f959..88e857c4baf4 100644 | ||
2829 | --- a/drivers/iio/gyro/hid-sensor-gyro-3d.c | ||
2830 | +++ b/drivers/iio/gyro/hid-sensor-gyro-3d.c | ||
2831 | @@ -111,6 +111,7 @@ static int gyro_3d_read_raw(struct iio_dev *indio_dev, | ||
2832 | int report_id = -1; | ||
2833 | u32 address; | ||
2834 | int ret_type; | ||
2835 | + s32 min; | ||
2836 | |||
2837 | *val = 0; | ||
2838 | *val2 = 0; | ||
2839 | @@ -118,13 +119,15 @@ static int gyro_3d_read_raw(struct iio_dev *indio_dev, | ||
2840 | case IIO_CHAN_INFO_RAW: | ||
2841 | hid_sensor_power_state(&gyro_state->common_attributes, true); | ||
2842 | report_id = gyro_state->gyro[chan->scan_index].report_id; | ||
2843 | + min = gyro_state->gyro[chan->scan_index].logical_minimum; | ||
2844 | address = gyro_3d_addresses[chan->scan_index]; | ||
2845 | if (report_id >= 0) | ||
2846 | *val = sensor_hub_input_attr_get_raw_value( | ||
2847 | gyro_state->common_attributes.hsdev, | ||
2848 | HID_USAGE_SENSOR_GYRO_3D, address, | ||
2849 | report_id, | ||
2850 | - SENSOR_HUB_SYNC); | ||
2851 | + SENSOR_HUB_SYNC, | ||
2852 | + min < 0); | ||
2853 | else { | ||
2854 | *val = 0; | ||
2855 | hid_sensor_power_state(&gyro_state->common_attributes, | ||
2856 | diff --git a/drivers/iio/humidity/hid-sensor-humidity.c b/drivers/iio/humidity/hid-sensor-humidity.c | ||
2857 | index beab6d6fd6e1..4bc95f31c730 100644 | ||
2858 | --- a/drivers/iio/humidity/hid-sensor-humidity.c | ||
2859 | +++ b/drivers/iio/humidity/hid-sensor-humidity.c | ||
2860 | @@ -75,7 +75,8 @@ static int humidity_read_raw(struct iio_dev *indio_dev, | ||
2861 | HID_USAGE_SENSOR_HUMIDITY, | ||
2862 | HID_USAGE_SENSOR_ATMOSPHERIC_HUMIDITY, | ||
2863 | humid_st->humidity_attr.report_id, | ||
2864 | - SENSOR_HUB_SYNC); | ||
2865 | + SENSOR_HUB_SYNC, | ||
2866 | + humid_st->humidity_attr.logical_minimum < 0); | ||
2867 | hid_sensor_power_state(&humid_st->common_attributes, false); | ||
2868 | |||
2869 | return IIO_VAL_INT; | ||
2870 | diff --git a/drivers/iio/light/hid-sensor-als.c b/drivers/iio/light/hid-sensor-als.c | ||
2871 | index 406caaee9a3c..94f33250ba5a 100644 | ||
2872 | --- a/drivers/iio/light/hid-sensor-als.c | ||
2873 | +++ b/drivers/iio/light/hid-sensor-als.c | ||
2874 | @@ -93,6 +93,7 @@ static int als_read_raw(struct iio_dev *indio_dev, | ||
2875 | int report_id = -1; | ||
2876 | u32 address; | ||
2877 | int ret_type; | ||
2878 | + s32 min; | ||
2879 | |||
2880 | *val = 0; | ||
2881 | *val2 = 0; | ||
2882 | @@ -102,8 +103,8 @@ static int als_read_raw(struct iio_dev *indio_dev, | ||
2883 | case CHANNEL_SCAN_INDEX_INTENSITY: | ||
2884 | case CHANNEL_SCAN_INDEX_ILLUM: | ||
2885 | report_id = als_state->als_illum.report_id; | ||
2886 | - address = | ||
2887 | - HID_USAGE_SENSOR_LIGHT_ILLUM; | ||
2888 | + min = als_state->als_illum.logical_minimum; | ||
2889 | + address = HID_USAGE_SENSOR_LIGHT_ILLUM; | ||
2890 | break; | ||
2891 | default: | ||
2892 | report_id = -1; | ||
2893 | @@ -116,7 +117,8 @@ static int als_read_raw(struct iio_dev *indio_dev, | ||
2894 | als_state->common_attributes.hsdev, | ||
2895 | HID_USAGE_SENSOR_ALS, address, | ||
2896 | report_id, | ||
2897 | - SENSOR_HUB_SYNC); | ||
2898 | + SENSOR_HUB_SYNC, | ||
2899 | + min < 0); | ||
2900 | hid_sensor_power_state(&als_state->common_attributes, | ||
2901 | false); | ||
2902 | } else { | ||
2903 | diff --git a/drivers/iio/light/hid-sensor-prox.c b/drivers/iio/light/hid-sensor-prox.c | ||
2904 | index 45107f7537b5..cf5a0c242609 100644 | ||
2905 | --- a/drivers/iio/light/hid-sensor-prox.c | ||
2906 | +++ b/drivers/iio/light/hid-sensor-prox.c | ||
2907 | @@ -73,6 +73,7 @@ static int prox_read_raw(struct iio_dev *indio_dev, | ||
2908 | int report_id = -1; | ||
2909 | u32 address; | ||
2910 | int ret_type; | ||
2911 | + s32 min; | ||
2912 | |||
2913 | *val = 0; | ||
2914 | *val2 = 0; | ||
2915 | @@ -81,8 +82,8 @@ static int prox_read_raw(struct iio_dev *indio_dev, | ||
2916 | switch (chan->scan_index) { | ||
2917 | case CHANNEL_SCAN_INDEX_PRESENCE: | ||
2918 | report_id = prox_state->prox_attr.report_id; | ||
2919 | - address = | ||
2920 | - HID_USAGE_SENSOR_HUMAN_PRESENCE; | ||
2921 | + min = prox_state->prox_attr.logical_minimum; | ||
2922 | + address = HID_USAGE_SENSOR_HUMAN_PRESENCE; | ||
2923 | break; | ||
2924 | default: | ||
2925 | report_id = -1; | ||
2926 | @@ -95,7 +96,8 @@ static int prox_read_raw(struct iio_dev *indio_dev, | ||
2927 | prox_state->common_attributes.hsdev, | ||
2928 | HID_USAGE_SENSOR_PROX, address, | ||
2929 | report_id, | ||
2930 | - SENSOR_HUB_SYNC); | ||
2931 | + SENSOR_HUB_SYNC, | ||
2932 | + min < 0); | ||
2933 | hid_sensor_power_state(&prox_state->common_attributes, | ||
2934 | false); | ||
2935 | } else { | ||
2936 | diff --git a/drivers/iio/magnetometer/hid-sensor-magn-3d.c b/drivers/iio/magnetometer/hid-sensor-magn-3d.c | ||
2937 | index d55c4885211a..f3c0d41e5a8c 100644 | ||
2938 | --- a/drivers/iio/magnetometer/hid-sensor-magn-3d.c | ||
2939 | +++ b/drivers/iio/magnetometer/hid-sensor-magn-3d.c | ||
2940 | @@ -163,21 +163,23 @@ static int magn_3d_read_raw(struct iio_dev *indio_dev, | ||
2941 | int report_id = -1; | ||
2942 | u32 address; | ||
2943 | int ret_type; | ||
2944 | + s32 min; | ||
2945 | |||
2946 | *val = 0; | ||
2947 | *val2 = 0; | ||
2948 | switch (mask) { | ||
2949 | case IIO_CHAN_INFO_RAW: | ||
2950 | hid_sensor_power_state(&magn_state->magn_flux_attributes, true); | ||
2951 | - report_id = | ||
2952 | - magn_state->magn[chan->address].report_id; | ||
2953 | + report_id = magn_state->magn[chan->address].report_id; | ||
2954 | + min = magn_state->magn[chan->address].logical_minimum; | ||
2955 | address = magn_3d_addresses[chan->address]; | ||
2956 | if (report_id >= 0) | ||
2957 | *val = sensor_hub_input_attr_get_raw_value( | ||
2958 | magn_state->magn_flux_attributes.hsdev, | ||
2959 | HID_USAGE_SENSOR_COMPASS_3D, address, | ||
2960 | report_id, | ||
2961 | - SENSOR_HUB_SYNC); | ||
2962 | + SENSOR_HUB_SYNC, | ||
2963 | + min < 0); | ||
2964 | else { | ||
2965 | *val = 0; | ||
2966 | hid_sensor_power_state( | ||
2967 | diff --git a/drivers/iio/magnetometer/st_magn_buffer.c b/drivers/iio/magnetometer/st_magn_buffer.c | ||
2968 | index 0a9e8fadfa9d..37ab30566464 100644 | ||
2969 | --- a/drivers/iio/magnetometer/st_magn_buffer.c | ||
2970 | +++ b/drivers/iio/magnetometer/st_magn_buffer.c | ||
2971 | @@ -30,11 +30,6 @@ int st_magn_trig_set_state(struct iio_trigger *trig, bool state) | ||
2972 | return st_sensors_set_dataready_irq(indio_dev, state); | ||
2973 | } | ||
2974 | |||
2975 | -static int st_magn_buffer_preenable(struct iio_dev *indio_dev) | ||
2976 | -{ | ||
2977 | - return st_sensors_set_enable(indio_dev, true); | ||
2978 | -} | ||
2979 | - | ||
2980 | static int st_magn_buffer_postenable(struct iio_dev *indio_dev) | ||
2981 | { | ||
2982 | int err; | ||
2983 | @@ -50,7 +45,7 @@ static int st_magn_buffer_postenable(struct iio_dev *indio_dev) | ||
2984 | if (err < 0) | ||
2985 | goto st_magn_buffer_postenable_error; | ||
2986 | |||
2987 | - return err; | ||
2988 | + return st_sensors_set_enable(indio_dev, true); | ||
2989 | |||
2990 | st_magn_buffer_postenable_error: | ||
2991 | kfree(mdata->buffer_data); | ||
2992 | @@ -63,11 +58,11 @@ static int st_magn_buffer_predisable(struct iio_dev *indio_dev) | ||
2993 | int err; | ||
2994 | struct st_sensor_data *mdata = iio_priv(indio_dev); | ||
2995 | |||
2996 | - err = iio_triggered_buffer_predisable(indio_dev); | ||
2997 | + err = st_sensors_set_enable(indio_dev, false); | ||
2998 | if (err < 0) | ||
2999 | goto st_magn_buffer_predisable_error; | ||
3000 | |||
3001 | - err = st_sensors_set_enable(indio_dev, false); | ||
3002 | + err = iio_triggered_buffer_predisable(indio_dev); | ||
3003 | |||
3004 | st_magn_buffer_predisable_error: | ||
3005 | kfree(mdata->buffer_data); | ||
3006 | @@ -75,7 +70,6 @@ st_magn_buffer_predisable_error: | ||
3007 | } | ||
3008 | |||
3009 | static const struct iio_buffer_setup_ops st_magn_buffer_setup_ops = { | ||
3010 | - .preenable = &st_magn_buffer_preenable, | ||
3011 | .postenable = &st_magn_buffer_postenable, | ||
3012 | .predisable = &st_magn_buffer_predisable, | ||
3013 | }; | ||
3014 | diff --git a/drivers/iio/orientation/hid-sensor-incl-3d.c b/drivers/iio/orientation/hid-sensor-incl-3d.c | ||
3015 | index 1e5451d1ff88..bdc5e4554ee4 100644 | ||
3016 | --- a/drivers/iio/orientation/hid-sensor-incl-3d.c | ||
3017 | +++ b/drivers/iio/orientation/hid-sensor-incl-3d.c | ||
3018 | @@ -111,21 +111,23 @@ static int incl_3d_read_raw(struct iio_dev *indio_dev, | ||
3019 | int report_id = -1; | ||
3020 | u32 address; | ||
3021 | int ret_type; | ||
3022 | + s32 min; | ||
3023 | |||
3024 | *val = 0; | ||
3025 | *val2 = 0; | ||
3026 | switch (mask) { | ||
3027 | case IIO_CHAN_INFO_RAW: | ||
3028 | hid_sensor_power_state(&incl_state->common_attributes, true); | ||
3029 | - report_id = | ||
3030 | - incl_state->incl[chan->scan_index].report_id; | ||
3031 | + report_id = incl_state->incl[chan->scan_index].report_id; | ||
3032 | + min = incl_state->incl[chan->scan_index].logical_minimum; | ||
3033 | address = incl_3d_addresses[chan->scan_index]; | ||
3034 | if (report_id >= 0) | ||
3035 | *val = sensor_hub_input_attr_get_raw_value( | ||
3036 | incl_state->common_attributes.hsdev, | ||
3037 | HID_USAGE_SENSOR_INCLINOMETER_3D, address, | ||
3038 | report_id, | ||
3039 | - SENSOR_HUB_SYNC); | ||
3040 | + SENSOR_HUB_SYNC, | ||
3041 | + min < 0); | ||
3042 | else { | ||
3043 | hid_sensor_power_state(&incl_state->common_attributes, | ||
3044 | false); | ||
3045 | diff --git a/drivers/iio/pressure/hid-sensor-press.c b/drivers/iio/pressure/hid-sensor-press.c | ||
3046 | index 4c437918f1d2..d7b1c00ceb4d 100644 | ||
3047 | --- a/drivers/iio/pressure/hid-sensor-press.c | ||
3048 | +++ b/drivers/iio/pressure/hid-sensor-press.c | ||
3049 | @@ -77,6 +77,7 @@ static int press_read_raw(struct iio_dev *indio_dev, | ||
3050 | int report_id = -1; | ||
3051 | u32 address; | ||
3052 | int ret_type; | ||
3053 | + s32 min; | ||
3054 | |||
3055 | *val = 0; | ||
3056 | *val2 = 0; | ||
3057 | @@ -85,8 +86,8 @@ static int press_read_raw(struct iio_dev *indio_dev, | ||
3058 | switch (chan->scan_index) { | ||
3059 | case CHANNEL_SCAN_INDEX_PRESSURE: | ||
3060 | report_id = press_state->press_attr.report_id; | ||
3061 | - address = | ||
3062 | - HID_USAGE_SENSOR_ATMOSPHERIC_PRESSURE; | ||
3063 | + min = press_state->press_attr.logical_minimum; | ||
3064 | + address = HID_USAGE_SENSOR_ATMOSPHERIC_PRESSURE; | ||
3065 | break; | ||
3066 | default: | ||
3067 | report_id = -1; | ||
3068 | @@ -99,7 +100,8 @@ static int press_read_raw(struct iio_dev *indio_dev, | ||
3069 | press_state->common_attributes.hsdev, | ||
3070 | HID_USAGE_SENSOR_PRESSURE, address, | ||
3071 | report_id, | ||
3072 | - SENSOR_HUB_SYNC); | ||
3073 | + SENSOR_HUB_SYNC, | ||
3074 | + min < 0); | ||
3075 | hid_sensor_power_state(&press_state->common_attributes, | ||
3076 | false); | ||
3077 | } else { | ||
3078 | diff --git a/drivers/iio/temperature/hid-sensor-temperature.c b/drivers/iio/temperature/hid-sensor-temperature.c | ||
3079 | index beaf6fd3e337..b592fc4f007e 100644 | ||
3080 | --- a/drivers/iio/temperature/hid-sensor-temperature.c | ||
3081 | +++ b/drivers/iio/temperature/hid-sensor-temperature.c | ||
3082 | @@ -76,7 +76,8 @@ static int temperature_read_raw(struct iio_dev *indio_dev, | ||
3083 | HID_USAGE_SENSOR_TEMPERATURE, | ||
3084 | HID_USAGE_SENSOR_DATA_ENVIRONMENTAL_TEMPERATURE, | ||
3085 | temp_st->temperature_attr.report_id, | ||
3086 | - SENSOR_HUB_SYNC); | ||
3087 | + SENSOR_HUB_SYNC, | ||
3088 | + temp_st->temperature_attr.logical_minimum < 0); | ||
3089 | hid_sensor_power_state( | ||
3090 | &temp_st->common_attributes, | ||
3091 | false); | ||
3092 | diff --git a/drivers/misc/mic/scif/scif_rma.c b/drivers/misc/mic/scif/scif_rma.c | ||
3093 | index c824329f7012..0e4193cb08cf 100644 | ||
3094 | --- a/drivers/misc/mic/scif/scif_rma.c | ||
3095 | +++ b/drivers/misc/mic/scif/scif_rma.c | ||
3096 | @@ -416,7 +416,7 @@ static int scif_create_remote_lookup(struct scif_dev *remote_dev, | ||
3097 | if (err) | ||
3098 | goto error_window; | ||
3099 | err = scif_map_page(&window->num_pages_lookup.lookup[j], | ||
3100 | - vmalloc_dma_phys ? | ||
3101 | + vmalloc_num_pages ? | ||
3102 | vmalloc_to_page(&window->num_pages[i]) : | ||
3103 | virt_to_page(&window->num_pages[i]), | ||
3104 | remote_dev); | ||
3105 | diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_main.c b/drivers/net/ethernet/cavium/thunder/nicvf_main.c | ||
3106 | index 768f584f8392..88f8a8fa93cd 100644 | ||
3107 | --- a/drivers/net/ethernet/cavium/thunder/nicvf_main.c | ||
3108 | +++ b/drivers/net/ethernet/cavium/thunder/nicvf_main.c | ||
3109 | @@ -1784,6 +1784,7 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) | ||
3110 | bool if_up = netif_running(nic->netdev); | ||
3111 | struct bpf_prog *old_prog; | ||
3112 | bool bpf_attached = false; | ||
3113 | + int ret = 0; | ||
3114 | |||
3115 | /* For now just support only the usual MTU sized frames */ | ||
3116 | if (prog && (dev->mtu > 1500)) { | ||
3117 | @@ -1817,8 +1818,12 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) | ||
3118 | if (nic->xdp_prog) { | ||
3119 | /* Attach BPF program */ | ||
3120 | nic->xdp_prog = bpf_prog_add(nic->xdp_prog, nic->rx_queues - 1); | ||
3121 | - if (!IS_ERR(nic->xdp_prog)) | ||
3122 | + if (!IS_ERR(nic->xdp_prog)) { | ||
3123 | bpf_attached = true; | ||
3124 | + } else { | ||
3125 | + ret = PTR_ERR(nic->xdp_prog); | ||
3126 | + nic->xdp_prog = NULL; | ||
3127 | + } | ||
3128 | } | ||
3129 | |||
3130 | /* Calculate Tx queues needed for XDP and network stack */ | ||
3131 | @@ -1830,7 +1835,7 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) | ||
3132 | netif_trans_update(nic->netdev); | ||
3133 | } | ||
3134 | |||
3135 | - return 0; | ||
3136 | + return ret; | ||
3137 | } | ||
3138 | |||
3139 | static int nicvf_xdp(struct net_device *netdev, struct netdev_bpf *xdp) | ||
3140 | diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c | ||
3141 | index 187a249ff2d1..fcaf18fa3904 100644 | ||
3142 | --- a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c | ||
3143 | +++ b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c | ||
3144 | @@ -585,10 +585,12 @@ static void nicvf_free_snd_queue(struct nicvf *nic, struct snd_queue *sq) | ||
3145 | if (!sq->dmem.base) | ||
3146 | return; | ||
3147 | |||
3148 | - if (sq->tso_hdrs) | ||
3149 | + if (sq->tso_hdrs) { | ||
3150 | dma_free_coherent(&nic->pdev->dev, | ||
3151 | sq->dmem.q_len * TSO_HEADER_SIZE, | ||
3152 | sq->tso_hdrs, sq->tso_hdrs_phys); | ||
3153 | + sq->tso_hdrs = NULL; | ||
3154 | + } | ||
3155 | |||
3156 | /* Free pending skbs in the queue */ | ||
3157 | smp_rmb(); | ||
3158 | diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c | ||
3159 | index 1c9ad3630c77..dfd1ad0b1cb9 100644 | ||
3160 | --- a/drivers/net/ethernet/cortina/gemini.c | ||
3161 | +++ b/drivers/net/ethernet/cortina/gemini.c | ||
3162 | @@ -661,7 +661,7 @@ static void gmac_clean_txq(struct net_device *netdev, struct gmac_txq *txq, | ||
3163 | |||
3164 | u64_stats_update_begin(&port->tx_stats_syncp); | ||
3165 | port->tx_frag_stats[nfrags]++; | ||
3166 | - u64_stats_update_end(&port->ir_stats_syncp); | ||
3167 | + u64_stats_update_end(&port->tx_stats_syncp); | ||
3168 | } | ||
3169 | } | ||
3170 | |||
3171 | diff --git a/drivers/net/ethernet/microchip/lan743x_main.c b/drivers/net/ethernet/microchip/lan743x_main.c | ||
3172 | index 001b5f714c1b..aaedf1072460 100644 | ||
3173 | --- a/drivers/net/ethernet/microchip/lan743x_main.c | ||
3174 | +++ b/drivers/net/ethernet/microchip/lan743x_main.c | ||
3175 | @@ -1675,7 +1675,7 @@ static int lan743x_tx_napi_poll(struct napi_struct *napi, int weight) | ||
3176 | netif_wake_queue(adapter->netdev); | ||
3177 | } | ||
3178 | |||
3179 | - if (!napi_complete_done(napi, weight)) | ||
3180 | + if (!napi_complete(napi)) | ||
3181 | goto done; | ||
3182 | |||
3183 | /* enable isr */ | ||
3184 | @@ -1684,7 +1684,7 @@ static int lan743x_tx_napi_poll(struct napi_struct *napi, int weight) | ||
3185 | lan743x_csr_read(adapter, INT_STS); | ||
3186 | |||
3187 | done: | ||
3188 | - return weight; | ||
3189 | + return 0; | ||
3190 | } | ||
3191 | |||
3192 | static void lan743x_tx_ring_cleanup(struct lan743x_tx *tx) | ||
3193 | @@ -1873,9 +1873,9 @@ static int lan743x_tx_open(struct lan743x_tx *tx) | ||
3194 | tx->vector_flags = lan743x_intr_get_vector_flags(adapter, | ||
3195 | INT_BIT_DMA_TX_ | ||
3196 | (tx->channel_number)); | ||
3197 | - netif_napi_add(adapter->netdev, | ||
3198 | - &tx->napi, lan743x_tx_napi_poll, | ||
3199 | - tx->ring_size - 1); | ||
3200 | + netif_tx_napi_add(adapter->netdev, | ||
3201 | + &tx->napi, lan743x_tx_napi_poll, | ||
3202 | + tx->ring_size - 1); | ||
3203 | napi_enable(&tx->napi); | ||
3204 | |||
3205 | data = 0; | ||
3206 | @@ -3020,6 +3020,7 @@ static const struct dev_pm_ops lan743x_pm_ops = { | ||
3207 | |||
3208 | static const struct pci_device_id lan743x_pcidev_tbl[] = { | ||
3209 | { PCI_DEVICE(PCI_VENDOR_ID_SMSC, PCI_DEVICE_ID_SMSC_LAN7430) }, | ||
3210 | + { PCI_DEVICE(PCI_VENDOR_ID_SMSC, PCI_DEVICE_ID_SMSC_LAN7431) }, | ||
3211 | { 0, } | ||
3212 | }; | ||
3213 | |||
3214 | diff --git a/drivers/net/ethernet/microchip/lan743x_main.h b/drivers/net/ethernet/microchip/lan743x_main.h | ||
3215 | index 0e82b6368798..2d6eea18973e 100644 | ||
3216 | --- a/drivers/net/ethernet/microchip/lan743x_main.h | ||
3217 | +++ b/drivers/net/ethernet/microchip/lan743x_main.h | ||
3218 | @@ -548,6 +548,7 @@ struct lan743x_adapter; | ||
3219 | /* SMSC acquired EFAR late 1990's, MCHP acquired SMSC 2012 */ | ||
3220 | #define PCI_VENDOR_ID_SMSC PCI_VENDOR_ID_EFAR | ||
3221 | #define PCI_DEVICE_ID_SMSC_LAN7430 (0x7430) | ||
3222 | +#define PCI_DEVICE_ID_SMSC_LAN7431 (0x7431) | ||
3223 | |||
3224 | #define PCI_CONFIG_LENGTH (0x1000) | ||
3225 | |||
3226 | diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c | ||
3227 | index 19ab8a7d1e48..733e35b7c4bb 100644 | ||
3228 | --- a/drivers/net/phy/phy_device.c | ||
3229 | +++ b/drivers/net/phy/phy_device.c | ||
3230 | @@ -1930,6 +1930,14 @@ int phy_driver_register(struct phy_driver *new_driver, struct module *owner) | ||
3231 | new_driver->mdiodrv.driver.remove = phy_remove; | ||
3232 | new_driver->mdiodrv.driver.owner = owner; | ||
3233 | |||
3234 | + /* The following works around an issue where the PHY driver doesn't bind | ||
3235 | + * to the device, resulting in the genphy driver being used instead of | ||
3236 | + * the dedicated driver. The root cause of the issue isn't known yet | ||
3237 | + * and seems to be in the base driver core. Once this is fixed we may | ||
3238 | + * remove this workaround. | ||
3239 | + */ | ||
3240 | + new_driver->mdiodrv.driver.probe_type = PROBE_FORCE_SYNCHRONOUS; | ||
3241 | + | ||
3242 | retval = driver_register(&new_driver->mdiodrv.driver); | ||
3243 | if (retval) { | ||
3244 | pr_err("%s: Error %d in registering driver\n", | ||
3245 | diff --git a/drivers/net/rionet.c b/drivers/net/rionet.c | ||
3246 | index e9f101c9bae2..bfbb39f93554 100644 | ||
3247 | --- a/drivers/net/rionet.c | ||
3248 | +++ b/drivers/net/rionet.c | ||
3249 | @@ -216,9 +216,9 @@ static int rionet_start_xmit(struct sk_buff *skb, struct net_device *ndev) | ||
3250 | * it just report sending a packet to the target | ||
3251 | * (without actual packet transfer). | ||
3252 | */ | ||
3253 | - dev_kfree_skb_any(skb); | ||
3254 | ndev->stats.tx_packets++; | ||
3255 | ndev->stats.tx_bytes += skb->len; | ||
3256 | + dev_kfree_skb_any(skb); | ||
3257 | } | ||
3258 | } | ||
3259 | |||
3260 | diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c | ||
3261 | index 7275761a1177..3d8a70d3ea9b 100644 | ||
3262 | --- a/drivers/net/usb/ipheth.c | ||
3263 | +++ b/drivers/net/usb/ipheth.c | ||
3264 | @@ -140,7 +140,6 @@ struct ipheth_device { | ||
3265 | struct usb_device *udev; | ||
3266 | struct usb_interface *intf; | ||
3267 | struct net_device *net; | ||
3268 | - struct sk_buff *tx_skb; | ||
3269 | struct urb *tx_urb; | ||
3270 | struct urb *rx_urb; | ||
3271 | unsigned char *tx_buf; | ||
3272 | @@ -230,6 +229,7 @@ static void ipheth_rcvbulk_callback(struct urb *urb) | ||
3273 | case -ENOENT: | ||
3274 | case -ECONNRESET: | ||
3275 | case -ESHUTDOWN: | ||
3276 | + case -EPROTO: | ||
3277 | return; | ||
3278 | case 0: | ||
3279 | break; | ||
3280 | @@ -281,7 +281,6 @@ static void ipheth_sndbulk_callback(struct urb *urb) | ||
3281 | dev_err(&dev->intf->dev, "%s: urb status: %d\n", | ||
3282 | __func__, status); | ||
3283 | |||
3284 | - dev_kfree_skb_irq(dev->tx_skb); | ||
3285 | if (status == 0) | ||
3286 | netif_wake_queue(dev->net); | ||
3287 | else | ||
3288 | @@ -423,7 +422,7 @@ static int ipheth_tx(struct sk_buff *skb, struct net_device *net) | ||
3289 | if (skb->len > IPHETH_BUF_SIZE) { | ||
3290 | WARN(1, "%s: skb too large: %d bytes\n", __func__, skb->len); | ||
3291 | dev->net->stats.tx_dropped++; | ||
3292 | - dev_kfree_skb_irq(skb); | ||
3293 | + dev_kfree_skb_any(skb); | ||
3294 | return NETDEV_TX_OK; | ||
3295 | } | ||
3296 | |||
3297 | @@ -443,12 +442,11 @@ static int ipheth_tx(struct sk_buff *skb, struct net_device *net) | ||
3298 | dev_err(&dev->intf->dev, "%s: usb_submit_urb: %d\n", | ||
3299 | __func__, retval); | ||
3300 | dev->net->stats.tx_errors++; | ||
3301 | - dev_kfree_skb_irq(skb); | ||
3302 | + dev_kfree_skb_any(skb); | ||
3303 | } else { | ||
3304 | - dev->tx_skb = skb; | ||
3305 | - | ||
3306 | dev->net->stats.tx_packets++; | ||
3307 | dev->net->stats.tx_bytes += skb->len; | ||
3308 | + dev_consume_skb_any(skb); | ||
3309 | netif_stop_queue(net); | ||
3310 | } | ||
3311 | |||
3312 | diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c | ||
3313 | index ddfa3f24204c..c2ca6cd3fbe0 100644 | ||
3314 | --- a/drivers/net/virtio_net.c | ||
3315 | +++ b/drivers/net/virtio_net.c | ||
3316 | @@ -70,7 +70,8 @@ static const unsigned long guest_offloads[] = { | ||
3317 | VIRTIO_NET_F_GUEST_TSO4, | ||
3318 | VIRTIO_NET_F_GUEST_TSO6, | ||
3319 | VIRTIO_NET_F_GUEST_ECN, | ||
3320 | - VIRTIO_NET_F_GUEST_UFO | ||
3321 | + VIRTIO_NET_F_GUEST_UFO, | ||
3322 | + VIRTIO_NET_F_GUEST_CSUM | ||
3323 | }; | ||
3324 | |||
3325 | struct virtnet_stat_desc { | ||
3326 | @@ -2285,9 +2286,6 @@ static int virtnet_clear_guest_offloads(struct virtnet_info *vi) | ||
3327 | if (!vi->guest_offloads) | ||
3328 | return 0; | ||
3329 | |||
3330 | - if (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM)) | ||
3331 | - offloads = 1ULL << VIRTIO_NET_F_GUEST_CSUM; | ||
3332 | - | ||
3333 | return virtnet_set_guest_offloads(vi, offloads); | ||
3334 | } | ||
3335 | |||
3336 | @@ -2297,8 +2295,6 @@ static int virtnet_restore_guest_offloads(struct virtnet_info *vi) | ||
3337 | |||
3338 | if (!vi->guest_offloads) | ||
3339 | return 0; | ||
3340 | - if (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM)) | ||
3341 | - offloads |= 1ULL << VIRTIO_NET_F_GUEST_CSUM; | ||
3342 | |||
3343 | return virtnet_set_guest_offloads(vi, offloads); | ||
3344 | } | ||
3345 | @@ -2316,8 +2312,9 @@ static int virtnet_xdp_set(struct net_device *dev, struct bpf_prog *prog, | ||
3346 | && (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_TSO4) || | ||
3347 | virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_TSO6) || | ||
3348 | virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_ECN) || | ||
3349 | - virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_UFO))) { | ||
3350 | - NL_SET_ERR_MSG_MOD(extack, "Can't set XDP while host is implementing LRO, disable LRO first"); | ||
3351 | + virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_UFO) || | ||
3352 | + virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM))) { | ||
3353 | + NL_SET_ERR_MSG_MOD(extack, "Can't set XDP while host is implementing LRO/CSUM, disable LRO/CSUM first"); | ||
3354 | return -EOPNOTSUPP; | ||
3355 | } | ||
3356 | |||
3357 | diff --git a/drivers/pci/controller/dwc/pci-layerscape.c b/drivers/pci/controller/dwc/pci-layerscape.c | ||
3358 | index 3724d3ef7008..7aa9a82b7ebd 100644 | ||
3359 | --- a/drivers/pci/controller/dwc/pci-layerscape.c | ||
3360 | +++ b/drivers/pci/controller/dwc/pci-layerscape.c | ||
3361 | @@ -88,7 +88,7 @@ static void ls_pcie_disable_outbound_atus(struct ls_pcie *pcie) | ||
3362 | int i; | ||
3363 | |||
3364 | for (i = 0; i < PCIE_IATU_NUM; i++) | ||
3365 | - dw_pcie_disable_atu(pcie->pci, DW_PCIE_REGION_OUTBOUND, i); | ||
3366 | + dw_pcie_disable_atu(pcie->pci, i, DW_PCIE_REGION_OUTBOUND); | ||
3367 | } | ||
3368 | |||
3369 | static int ls1021_pcie_link_up(struct dw_pcie *pci) | ||
3370 | diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c | ||
3371 | index 1e7b02221eac..de8635af4cde 100644 | ||
3372 | --- a/drivers/pci/controller/dwc/pcie-designware-ep.c | ||
3373 | +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c | ||
3374 | @@ -440,7 +440,6 @@ int dw_pcie_ep_raise_msix_irq(struct dw_pcie_ep *ep, u8 func_no, | ||
3375 | tbl_offset = dw_pcie_readl_dbi(pci, reg); | ||
3376 | bir = (tbl_offset & PCI_MSIX_TABLE_BIR); | ||
3377 | tbl_offset &= PCI_MSIX_TABLE_OFFSET; | ||
3378 | - tbl_offset >>= 3; | ||
3379 | |||
3380 | reg = PCI_BASE_ADDRESS_0 + (4 * bir); | ||
3381 | bar_addr_upper = 0; | ||
3382 | diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c | ||
3383 | index 51b6c81671c1..afc4680c584f 100644 | ||
3384 | --- a/drivers/pci/pci.c | ||
3385 | +++ b/drivers/pci/pci.c | ||
3386 | @@ -5473,9 +5473,13 @@ enum pci_bus_speed pcie_get_speed_cap(struct pci_dev *dev) | ||
3387 | u32 lnkcap2, lnkcap; | ||
3388 | |||
3389 | /* | ||
3390 | - * PCIe r4.0 sec 7.5.3.18 recommends using the Supported Link | ||
3391 | - * Speeds Vector in Link Capabilities 2 when supported, falling | ||
3392 | - * back to Max Link Speed in Link Capabilities otherwise. | ||
3393 | + * Link Capabilities 2 was added in PCIe r3.0, sec 7.8.18. The | ||
3394 | + * implementation note there recommends using the Supported Link | ||
3395 | + * Speeds Vector in Link Capabilities 2 when supported. | ||
3396 | + * | ||
3397 | + * Without Link Capabilities 2, i.e., prior to PCIe r3.0, software | ||
3398 | + * should use the Supported Link Speeds field in Link Capabilities, | ||
3399 | + * where only 2.5 GT/s and 5.0 GT/s speeds were defined. | ||
3400 | */ | ||
3401 | pcie_capability_read_dword(dev, PCI_EXP_LNKCAP2, &lnkcap2); | ||
3402 | if (lnkcap2) { /* PCIe r3.0-compliant */ | ||
3403 | @@ -5491,16 +5495,10 @@ enum pci_bus_speed pcie_get_speed_cap(struct pci_dev *dev) | ||
3404 | } | ||
3405 | |||
3406 | pcie_capability_read_dword(dev, PCI_EXP_LNKCAP, &lnkcap); | ||
3407 | - if (lnkcap) { | ||
3408 | - if (lnkcap & PCI_EXP_LNKCAP_SLS_16_0GB) | ||
3409 | - return PCIE_SPEED_16_0GT; | ||
3410 | - else if (lnkcap & PCI_EXP_LNKCAP_SLS_8_0GB) | ||
3411 | - return PCIE_SPEED_8_0GT; | ||
3412 | - else if (lnkcap & PCI_EXP_LNKCAP_SLS_5_0GB) | ||
3413 | - return PCIE_SPEED_5_0GT; | ||
3414 | - else if (lnkcap & PCI_EXP_LNKCAP_SLS_2_5GB) | ||
3415 | - return PCIE_SPEED_2_5GT; | ||
3416 | - } | ||
3417 | + if ((lnkcap & PCI_EXP_LNKCAP_SLS) == PCI_EXP_LNKCAP_SLS_5_0GB) | ||
3418 | + return PCIE_SPEED_5_0GT; | ||
3419 | + else if ((lnkcap & PCI_EXP_LNKCAP_SLS) == PCI_EXP_LNKCAP_SLS_2_5GB) | ||
3420 | + return PCIE_SPEED_2_5GT; | ||
3421 | |||
3422 | return PCI_SPEED_UNKNOWN; | ||
3423 | } | ||
3424 | diff --git a/drivers/rtc/rtc-hid-sensor-time.c b/drivers/rtc/rtc-hid-sensor-time.c | ||
3425 | index 2751dba850c6..3e1abb455472 100644 | ||
3426 | --- a/drivers/rtc/rtc-hid-sensor-time.c | ||
3427 | +++ b/drivers/rtc/rtc-hid-sensor-time.c | ||
3428 | @@ -213,7 +213,7 @@ static int hid_rtc_read_time(struct device *dev, struct rtc_time *tm) | ||
3429 | /* get a report with all values through requesting one value */ | ||
3430 | sensor_hub_input_attr_get_raw_value(time_state->common_attributes.hsdev, | ||
3431 | HID_USAGE_SENSOR_TIME, hid_time_addresses[0], | ||
3432 | - time_state->info[0].report_id, SENSOR_HUB_SYNC); | ||
3433 | + time_state->info[0].report_id, SENSOR_HUB_SYNC, false); | ||
3434 | /* wait for all values (event) */ | ||
3435 | ret = wait_for_completion_killable_timeout( | ||
3436 | &time_state->comp_last_time, HZ*6); | ||
3437 | diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c | ||
3438 | index ffce6f39828a..b03515d43745 100644 | ||
3439 | --- a/drivers/s390/net/qeth_core_main.c | ||
3440 | +++ b/drivers/s390/net/qeth_core_main.c | ||
3441 | @@ -4524,8 +4524,8 @@ static int qeth_snmp_command_cb(struct qeth_card *card, | ||
3442 | { | ||
3443 | struct qeth_ipa_cmd *cmd; | ||
3444 | struct qeth_arp_query_info *qinfo; | ||
3445 | - struct qeth_snmp_cmd *snmp; | ||
3446 | unsigned char *data; | ||
3447 | + void *snmp_data; | ||
3448 | __u16 data_len; | ||
3449 | |||
3450 | QETH_CARD_TEXT(card, 3, "snpcmdcb"); | ||
3451 | @@ -4533,7 +4533,6 @@ static int qeth_snmp_command_cb(struct qeth_card *card, | ||
3452 | cmd = (struct qeth_ipa_cmd *) sdata; | ||
3453 | data = (unsigned char *)((char *)cmd - reply->offset); | ||
3454 | qinfo = (struct qeth_arp_query_info *) reply->param; | ||
3455 | - snmp = &cmd->data.setadapterparms.data.snmp; | ||
3456 | |||
3457 | if (cmd->hdr.return_code) { | ||
3458 | QETH_CARD_TEXT_(card, 4, "scer1%x", cmd->hdr.return_code); | ||
3459 | @@ -4546,10 +4545,15 @@ static int qeth_snmp_command_cb(struct qeth_card *card, | ||
3460 | return 0; | ||
3461 | } | ||
3462 | data_len = *((__u16 *)QETH_IPA_PDU_LEN_PDU1(data)); | ||
3463 | - if (cmd->data.setadapterparms.hdr.seq_no == 1) | ||
3464 | - data_len -= (__u16)((char *)&snmp->data - (char *)cmd); | ||
3465 | - else | ||
3466 | - data_len -= (__u16)((char *)&snmp->request - (char *)cmd); | ||
3467 | + if (cmd->data.setadapterparms.hdr.seq_no == 1) { | ||
3468 | + snmp_data = &cmd->data.setadapterparms.data.snmp; | ||
3469 | + data_len -= offsetof(struct qeth_ipa_cmd, | ||
3470 | + data.setadapterparms.data.snmp); | ||
3471 | + } else { | ||
3472 | + snmp_data = &cmd->data.setadapterparms.data.snmp.request; | ||
3473 | + data_len -= offsetof(struct qeth_ipa_cmd, | ||
3474 | + data.setadapterparms.data.snmp.request); | ||
3475 | + } | ||
3476 | |||
3477 | /* check if there is enough room in userspace */ | ||
3478 | if ((qinfo->udata_len - qinfo->udata_offset) < data_len) { | ||
3479 | @@ -4562,16 +4566,9 @@ static int qeth_snmp_command_cb(struct qeth_card *card, | ||
3480 | QETH_CARD_TEXT_(card, 4, "sseqn%i", | ||
3481 | cmd->data.setadapterparms.hdr.seq_no); | ||
3482 | /*copy entries to user buffer*/ | ||
3483 | - if (cmd->data.setadapterparms.hdr.seq_no == 1) { | ||
3484 | - memcpy(qinfo->udata + qinfo->udata_offset, | ||
3485 | - (char *)snmp, | ||
3486 | - data_len + offsetof(struct qeth_snmp_cmd, data)); | ||
3487 | - qinfo->udata_offset += offsetof(struct qeth_snmp_cmd, data); | ||
3488 | - } else { | ||
3489 | - memcpy(qinfo->udata + qinfo->udata_offset, | ||
3490 | - (char *)&snmp->request, data_len); | ||
3491 | - } | ||
3492 | + memcpy(qinfo->udata + qinfo->udata_offset, snmp_data, data_len); | ||
3493 | qinfo->udata_offset += data_len; | ||
3494 | + | ||
3495 | /* check if all replies received ... */ | ||
3496 | QETH_CARD_TEXT_(card, 4, "srtot%i", | ||
3497 | cmd->data.setadapterparms.hdr.used_total); | ||
3498 | diff --git a/drivers/staging/most/core.c b/drivers/staging/most/core.c | ||
3499 | index f4c464625a67..52ad62722996 100644 | ||
3500 | --- a/drivers/staging/most/core.c | ||
3501 | +++ b/drivers/staging/most/core.c | ||
3502 | @@ -351,7 +351,7 @@ static ssize_t set_datatype_show(struct device *dev, | ||
3503 | |||
3504 | for (i = 0; i < ARRAY_SIZE(ch_data_type); i++) { | ||
3505 | if (c->cfg.data_type & ch_data_type[i].most_ch_data_type) | ||
3506 | - return snprintf(buf, PAGE_SIZE, ch_data_type[i].name); | ||
3507 | + return snprintf(buf, PAGE_SIZE, "%s", ch_data_type[i].name); | ||
3508 | } | ||
3509 | return snprintf(buf, PAGE_SIZE, "unconfigured\n"); | ||
3510 | } | ||
3511 | diff --git a/drivers/staging/mt7621-dma/mtk-hsdma.c b/drivers/staging/mt7621-dma/mtk-hsdma.c | ||
3512 | index df6ebf41bdea..5831f816c17b 100644 | ||
3513 | --- a/drivers/staging/mt7621-dma/mtk-hsdma.c | ||
3514 | +++ b/drivers/staging/mt7621-dma/mtk-hsdma.c | ||
3515 | @@ -335,6 +335,8 @@ static int mtk_hsdma_start_transfer(struct mtk_hsdam_engine *hsdma, | ||
3516 | /* tx desc */ | ||
3517 | src = sg->src_addr; | ||
3518 | for (i = 0; i < chan->desc->num_sgs; i++) { | ||
3519 | + tx_desc = &chan->tx_ring[chan->tx_idx]; | ||
3520 | + | ||
3521 | if (len > HSDMA_MAX_PLEN) | ||
3522 | tlen = HSDMA_MAX_PLEN; | ||
3523 | else | ||
3524 | @@ -344,7 +346,6 @@ static int mtk_hsdma_start_transfer(struct mtk_hsdam_engine *hsdma, | ||
3525 | tx_desc->addr1 = src; | ||
3526 | tx_desc->flags |= HSDMA_DESC_PLEN1(tlen); | ||
3527 | } else { | ||
3528 | - tx_desc = &chan->tx_ring[chan->tx_idx]; | ||
3529 | tx_desc->addr0 = src; | ||
3530 | tx_desc->flags = HSDMA_DESC_PLEN0(tlen); | ||
3531 | |||
3532 | diff --git a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c | ||
3533 | index b8566ed898f1..aa98fbb17013 100644 | ||
3534 | --- a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c | ||
3535 | +++ b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c | ||
3536 | @@ -82,7 +82,7 @@ static int rt2880_pinctrl_dt_node_to_map(struct pinctrl_dev *pctrldev, | ||
3537 | struct property *prop; | ||
3538 | const char *function_name, *group_name; | ||
3539 | int ret; | ||
3540 | - int ngroups; | ||
3541 | + int ngroups = 0; | ||
3542 | unsigned int reserved_maps = 0; | ||
3543 | |||
3544 | for_each_node_with_property(np_config, "group") | ||
3545 | diff --git a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c | ||
3546 | index 85077947b9b8..85aba8a503cd 100644 | ||
3547 | --- a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c | ||
3548 | +++ b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c | ||
3549 | @@ -109,12 +109,12 @@ static void update_recvframe_phyinfo(union recv_frame *precvframe, | ||
3550 | rx_bssid = get_hdr_bssid(wlanhdr); | ||
3551 | pkt_info.bssid_match = ((!IsFrameTypeCtrl(wlanhdr)) && | ||
3552 | !pattrib->icv_err && !pattrib->crc_err && | ||
3553 | - !ether_addr_equal(rx_bssid, my_bssid)); | ||
3554 | + ether_addr_equal(rx_bssid, my_bssid)); | ||
3555 | |||
3556 | rx_ra = get_ra(wlanhdr); | ||
3557 | my_hwaddr = myid(&padapter->eeprompriv); | ||
3558 | pkt_info.to_self = pkt_info.bssid_match && | ||
3559 | - !ether_addr_equal(rx_ra, my_hwaddr); | ||
3560 | + ether_addr_equal(rx_ra, my_hwaddr); | ||
3561 | |||
3562 | |||
3563 | pkt_info.is_beacon = pkt_info.bssid_match && | ||
3564 | diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c | ||
3565 | index af2234798fa8..db553f2e4c0b 100644 | ||
3566 | --- a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c | ||
3567 | +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c | ||
3568 | @@ -1277,7 +1277,7 @@ static int cfg80211_rtw_get_station(struct wiphy *wiphy, | ||
3569 | |||
3570 | sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS); | ||
3571 | sinfo->tx_packets = psta->sta_stats.tx_pkts; | ||
3572 | - | ||
3573 | + sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED); | ||
3574 | } | ||
3575 | |||
3576 | /* for Ad-Hoc/AP mode */ | ||
3577 | diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | ||
3578 | index bc05c69383b8..fe431302a030 100644 | ||
3579 | --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | ||
3580 | +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | ||
3581 | @@ -1787,6 +1787,7 @@ vchiq_compat_ioctl_await_completion(struct file *file, | ||
3582 | struct vchiq_await_completion32 args32; | ||
3583 | struct vchiq_completion_data32 completion32; | ||
3584 | unsigned int *msgbufcount32; | ||
3585 | + unsigned int msgbufcount_native; | ||
3586 | compat_uptr_t msgbuf32; | ||
3587 | void *msgbuf; | ||
3588 | void **msgbufptr; | ||
3589 | @@ -1898,7 +1899,11 @@ vchiq_compat_ioctl_await_completion(struct file *file, | ||
3590 | sizeof(completion32))) | ||
3591 | return -EFAULT; | ||
3592 | |||
3593 | - args32.msgbufcount--; | ||
3594 | + if (get_user(msgbufcount_native, &args->msgbufcount)) | ||
3595 | + return -EFAULT; | ||
3596 | + | ||
3597 | + if (!msgbufcount_native) | ||
3598 | + args32.msgbufcount--; | ||
3599 | |||
3600 | msgbufcount32 = | ||
3601 | &((struct vchiq_await_completion32 __user *)arg)->msgbufcount; | ||
3602 | diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c | ||
3603 | index f9ff03e6af93..0690fcff0ea2 100644 | ||
3604 | --- a/drivers/usb/core/quirks.c | ||
3605 | +++ b/drivers/usb/core/quirks.c | ||
3606 | @@ -209,6 +209,9 @@ static const struct usb_device_id usb_quirk_list[] = { | ||
3607 | /* Microsoft LifeCam-VX700 v2.0 */ | ||
3608 | { USB_DEVICE(0x045e, 0x0770), .driver_info = USB_QUIRK_RESET_RESUME }, | ||
3609 | |||
3610 | + /* Cherry Stream G230 2.0 (G85-231) and 3.0 (G85-232) */ | ||
3611 | + { USB_DEVICE(0x046a, 0x0023), .driver_info = USB_QUIRK_RESET_RESUME }, | ||
3612 | + | ||
3613 | /* Logitech HD Pro Webcams C920, C920-C, C925e and C930e */ | ||
3614 | { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT }, | ||
3615 | { USB_DEVICE(0x046d, 0x0841), .driver_info = USB_QUIRK_DELAY_INIT }, | ||
3616 | diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c | ||
3617 | index 2de1a3971a26..558949b826d0 100644 | ||
3618 | --- a/drivers/usb/dwc3/gadget.c | ||
3619 | +++ b/drivers/usb/dwc3/gadget.c | ||
3620 | @@ -1461,9 +1461,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) | ||
3621 | unsigned transfer_in_flight; | ||
3622 | unsigned started; | ||
3623 | |||
3624 | - if (dep->flags & DWC3_EP_STALL) | ||
3625 | - return 0; | ||
3626 | - | ||
3627 | if (dep->number > 1) | ||
3628 | trb = dwc3_ep_prev_trb(dep, dep->trb_enqueue); | ||
3629 | else | ||
3630 | @@ -1485,8 +1482,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) | ||
3631 | else | ||
3632 | dep->flags |= DWC3_EP_STALL; | ||
3633 | } else { | ||
3634 | - if (!(dep->flags & DWC3_EP_STALL)) | ||
3635 | - return 0; | ||
3636 | |||
3637 | ret = dwc3_send_clear_stall_ep_cmd(dep); | ||
3638 | if (ret) | ||
3639 | diff --git a/drivers/usb/storage/unusual_realtek.h b/drivers/usb/storage/unusual_realtek.h | ||
3640 | index d17cd95b55bb..6b2140f966ef 100644 | ||
3641 | --- a/drivers/usb/storage/unusual_realtek.h | ||
3642 | +++ b/drivers/usb/storage/unusual_realtek.h | ||
3643 | @@ -27,4 +27,14 @@ UNUSUAL_DEV(0x0bda, 0x0159, 0x0000, 0x9999, | ||
3644 | "USB Card Reader", | ||
3645 | USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), | ||
3646 | |||
3647 | +UNUSUAL_DEV(0x0bda, 0x0177, 0x0000, 0x9999, | ||
3648 | + "Realtek", | ||
3649 | + "USB Card Reader", | ||
3650 | + USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), | ||
3651 | + | ||
3652 | +UNUSUAL_DEV(0x0bda, 0x0184, 0x0000, 0x9999, | ||
3653 | + "Realtek", | ||
3654 | + "USB Card Reader", | ||
3655 | + USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), | ||
3656 | + | ||
3657 | #endif /* defined(CONFIG_USB_STORAGE_REALTEK) || ... */ | ||
3658 | diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c | ||
3659 | index dc52ce5e495f..834a3f5ef642 100644 | ||
3660 | --- a/fs/btrfs/disk-io.c | ||
3661 | +++ b/fs/btrfs/disk-io.c | ||
3662 | @@ -477,9 +477,9 @@ static int btree_read_extent_buffer_pages(struct btrfs_fs_info *fs_info, | ||
3663 | int mirror_num = 0; | ||
3664 | int failed_mirror = 0; | ||
3665 | |||
3666 | - clear_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags); | ||
3667 | io_tree = &BTRFS_I(fs_info->btree_inode)->io_tree; | ||
3668 | while (1) { | ||
3669 | + clear_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags); | ||
3670 | ret = read_extent_buffer_pages(io_tree, eb, WAIT_COMPLETE, | ||
3671 | mirror_num); | ||
3672 | if (!ret) { | ||
3673 | @@ -493,15 +493,6 @@ static int btree_read_extent_buffer_pages(struct btrfs_fs_info *fs_info, | ||
3674 | break; | ||
3675 | } | ||
3676 | |||
3677 | - /* | ||
3678 | - * This buffer's crc is fine, but its contents are corrupted, so | ||
3679 | - * there is no reason to read the other copies, they won't be | ||
3680 | - * any less wrong. | ||
3681 | - */ | ||
3682 | - if (test_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags) || | ||
3683 | - ret == -EUCLEAN) | ||
3684 | - break; | ||
3685 | - | ||
3686 | num_copies = btrfs_num_copies(fs_info, | ||
3687 | eb->start, eb->len); | ||
3688 | if (num_copies == 1) | ||
3689 | diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c | ||
3690 | index 7d81cc415264..ca4902c66dc4 100644 | ||
3691 | --- a/fs/btrfs/file.c | ||
3692 | +++ b/fs/btrfs/file.c | ||
3693 | @@ -2088,6 +2088,30 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) | ||
3694 | |||
3695 | atomic_inc(&root->log_batch); | ||
3696 | |||
3697 | + /* | ||
3698 | + * Before we acquired the inode's lock, someone may have dirtied more | ||
3699 | + * pages in the target range. We need to make sure that writeback for | ||
3700 | + * any such pages does not start while we are logging the inode, because | ||
3701 | + * if it does, any of the following might happen when we are not doing a | ||
3702 | + * full inode sync: | ||
3703 | + * | ||
3704 | + * 1) We log an extent after its writeback finishes but before its | ||
3705 | + * checksums are added to the csum tree, leading to -EIO errors | ||
3706 | + * when attempting to read the extent after a log replay. | ||
3707 | + * | ||
3708 | + * 2) We can end up logging an extent before its writeback finishes. | ||
3709 | + * Therefore after the log replay we will have a file extent item | ||
3710 | + * pointing to an unwritten extent (and no data checksums as well). | ||
3711 | + * | ||
3712 | + * So trigger writeback for any eventual new dirty pages and then we | ||
3713 | + * wait for all ordered extents to complete below. | ||
3714 | + */ | ||
3715 | + ret = start_ordered_ops(inode, start, end); | ||
3716 | + if (ret) { | ||
3717 | + inode_unlock(inode); | ||
3718 | + goto out; | ||
3719 | + } | ||
3720 | + | ||
3721 | /* | ||
3722 | * We have to do this here to avoid the priority inversion of waiting on | ||
3723 | * IO of a lower priority task while holding a transaciton open. | ||
3724 | diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c | ||
3725 | index b070401406be..ff434663d65b 100644 | ||
3726 | --- a/fs/btrfs/qgroup.c | ||
3727 | +++ b/fs/btrfs/qgroup.c | ||
3728 | @@ -2244,7 +2244,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, | ||
3729 | int i; | ||
3730 | u64 *i_qgroups; | ||
3731 | struct btrfs_fs_info *fs_info = trans->fs_info; | ||
3732 | - struct btrfs_root *quota_root = fs_info->quota_root; | ||
3733 | + struct btrfs_root *quota_root; | ||
3734 | struct btrfs_qgroup *srcgroup; | ||
3735 | struct btrfs_qgroup *dstgroup; | ||
3736 | u32 level_size = 0; | ||
3737 | @@ -2254,6 +2254,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, | ||
3738 | if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags)) | ||
3739 | goto out; | ||
3740 | |||
3741 | + quota_root = fs_info->quota_root; | ||
3742 | if (!quota_root) { | ||
3743 | ret = -EINVAL; | ||
3744 | goto out; | ||
3745 | diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c | ||
3746 | index 60bf8dfe7df4..0526b6c473c7 100644 | ||
3747 | --- a/fs/btrfs/relocation.c | ||
3748 | +++ b/fs/btrfs/relocation.c | ||
3749 | @@ -3963,6 +3963,7 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) | ||
3750 | restart: | ||
3751 | if (update_backref_cache(trans, &rc->backref_cache)) { | ||
3752 | btrfs_end_transaction(trans); | ||
3753 | + trans = NULL; | ||
3754 | continue; | ||
3755 | } | ||
3756 | |||
3757 | diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c | ||
3758 | index 6601c9aa5e35..8ad145820ea8 100644 | ||
3759 | --- a/fs/btrfs/super.c | ||
3760 | +++ b/fs/btrfs/super.c | ||
3761 | @@ -2235,6 +2235,7 @@ static long btrfs_control_ioctl(struct file *file, unsigned int cmd, | ||
3762 | vol = memdup_user((void __user *)arg, sizeof(*vol)); | ||
3763 | if (IS_ERR(vol)) | ||
3764 | return PTR_ERR(vol); | ||
3765 | + vol->name[BTRFS_PATH_NAME_MAX] = '\0'; | ||
3766 | |||
3767 | switch (cmd) { | ||
3768 | case BTRFS_IOC_SCAN_DEV: | ||
3769 | diff --git a/fs/direct-io.c b/fs/direct-io.c | ||
3770 | index 093fb54cd316..199146036093 100644 | ||
3771 | --- a/fs/direct-io.c | ||
3772 | +++ b/fs/direct-io.c | ||
3773 | @@ -325,8 +325,8 @@ static ssize_t dio_complete(struct dio *dio, ssize_t ret, unsigned int flags) | ||
3774 | */ | ||
3775 | dio->iocb->ki_pos += transferred; | ||
3776 | |||
3777 | - if (dio->op == REQ_OP_WRITE) | ||
3778 | - ret = generic_write_sync(dio->iocb, transferred); | ||
3779 | + if (ret > 0 && dio->op == REQ_OP_WRITE) | ||
3780 | + ret = generic_write_sync(dio->iocb, ret); | ||
3781 | dio->iocb->ki_complete(dio->iocb, ret, 0); | ||
3782 | } | ||
3783 | |||
3784 | diff --git a/fs/ext2/super.c b/fs/ext2/super.c | ||
3785 | index 73bd58fa13de..0c38e31ec938 100644 | ||
3786 | --- a/fs/ext2/super.c | ||
3787 | +++ b/fs/ext2/super.c | ||
3788 | @@ -895,6 +895,7 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent) | ||
3789 | if (sb->s_magic != EXT2_SUPER_MAGIC) | ||
3790 | goto cantfind_ext2; | ||
3791 | |||
3792 | + opts.s_mount_opt = 0; | ||
3793 | /* Set defaults before we parse the mount options */ | ||
3794 | def_mount_opts = le32_to_cpu(es->s_default_mount_opts); | ||
3795 | if (def_mount_opts & EXT2_DEFM_DEBUG) | ||
3796 | diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c | ||
3797 | index 62d9a659a8ff..dd8f10db82e9 100644 | ||
3798 | --- a/fs/ext2/xattr.c | ||
3799 | +++ b/fs/ext2/xattr.c | ||
3800 | @@ -612,9 +612,9 @@ skip_replace: | ||
3801 | } | ||
3802 | |||
3803 | cleanup: | ||
3804 | - brelse(bh); | ||
3805 | if (!(bh && header == HDR(bh))) | ||
3806 | kfree(header); | ||
3807 | + brelse(bh); | ||
3808 | up_write(&EXT2_I(inode)->xattr_sem); | ||
3809 | |||
3810 | return error; | ||
3811 | diff --git a/fs/udf/super.c b/fs/udf/super.c | ||
3812 | index b997e3116e37..c495db7165ae 100644 | ||
3813 | --- a/fs/udf/super.c | ||
3814 | +++ b/fs/udf/super.c | ||
3815 | @@ -831,16 +831,20 @@ static int udf_load_pvoldesc(struct super_block *sb, sector_t block) | ||
3816 | |||
3817 | |||
3818 | ret = udf_dstrCS0toChar(sb, outstr, 31, pvoldesc->volIdent, 32); | ||
3819 | - if (ret < 0) | ||
3820 | - goto out_bh; | ||
3821 | - | ||
3822 | - strncpy(UDF_SB(sb)->s_volume_ident, outstr, ret); | ||
3823 | + if (ret < 0) { | ||
3824 | + strcpy(UDF_SB(sb)->s_volume_ident, "InvalidName"); | ||
3825 | + pr_warn("incorrect volume identification, setting to " | ||
3826 | + "'InvalidName'\n"); | ||
3827 | + } else { | ||
3828 | + strncpy(UDF_SB(sb)->s_volume_ident, outstr, ret); | ||
3829 | + } | ||
3830 | udf_debug("volIdent[] = '%s'\n", UDF_SB(sb)->s_volume_ident); | ||
3831 | |||
3832 | ret = udf_dstrCS0toChar(sb, outstr, 127, pvoldesc->volSetIdent, 128); | ||
3833 | - if (ret < 0) | ||
3834 | + if (ret < 0) { | ||
3835 | + ret = 0; | ||
3836 | goto out_bh; | ||
3837 | - | ||
3838 | + } | ||
3839 | outstr[ret] = 0; | ||
3840 | udf_debug("volSetIdent[] = '%s'\n", outstr); | ||
3841 | |||
3842 | diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c | ||
3843 | index 45234791fec2..5fcfa96463eb 100644 | ||
3844 | --- a/fs/udf/unicode.c | ||
3845 | +++ b/fs/udf/unicode.c | ||
3846 | @@ -351,6 +351,11 @@ try_again: | ||
3847 | return u_len; | ||
3848 | } | ||
3849 | |||
3850 | +/* | ||
3851 | + * Convert CS0 dstring to output charset. Warning: This function may truncate | ||
3852 | + * input string if it is too long as it is used for informational strings only | ||
3853 | + * and it is better to truncate the string than to refuse mounting a media. | ||
3854 | + */ | ||
3855 | int udf_dstrCS0toChar(struct super_block *sb, uint8_t *utf_o, int o_len, | ||
3856 | const uint8_t *ocu_i, int i_len) | ||
3857 | { | ||
3858 | @@ -359,9 +364,12 @@ int udf_dstrCS0toChar(struct super_block *sb, uint8_t *utf_o, int o_len, | ||
3859 | if (i_len > 0) { | ||
3860 | s_len = ocu_i[i_len - 1]; | ||
3861 | if (s_len >= i_len) { | ||
3862 | - pr_err("incorrect dstring lengths (%d/%d)\n", | ||
3863 | - s_len, i_len); | ||
3864 | - return -EINVAL; | ||
3865 | + pr_warn("incorrect dstring lengths (%d/%d)," | ||
3866 | + " truncating\n", s_len, i_len); | ||
3867 | + s_len = i_len - 1; | ||
3868 | + /* 2-byte encoding? Need to round properly... */ | ||
3869 | + if (ocu_i[0] == 16) | ||
3870 | + s_len -= (s_len - 1) & 2; | ||
3871 | } | ||
3872 | } | ||
3873 | |||
3874 | diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c | ||
3875 | index 356d2b8568c1..cd58939dc977 100644 | ||
3876 | --- a/fs/userfaultfd.c | ||
3877 | +++ b/fs/userfaultfd.c | ||
3878 | @@ -1361,6 +1361,19 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, | ||
3879 | ret = -EINVAL; | ||
3880 | if (!vma_can_userfault(cur)) | ||
3881 | goto out_unlock; | ||
3882 | + | ||
3883 | + /* | ||
3884 | + * UFFDIO_COPY will fill file holes even without | ||
3885 | + * PROT_WRITE. This check enforces that if this is a | ||
3886 | + * MAP_SHARED, the process has write permission to the backing | ||
3887 | + * file. If VM_MAYWRITE is set it also enforces that on a | ||
3888 | + * MAP_SHARED vma: there is no F_WRITE_SEAL and no further | ||
3889 | + * F_WRITE_SEAL can be taken until the vma is destroyed. | ||
3890 | + */ | ||
3891 | + ret = -EPERM; | ||
3892 | + if (unlikely(!(cur->vm_flags & VM_MAYWRITE))) | ||
3893 | + goto out_unlock; | ||
3894 | + | ||
3895 | /* | ||
3896 | * If this vma contains ending address, and huge pages | ||
3897 | * check alignment. | ||
3898 | @@ -1406,6 +1419,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, | ||
3899 | BUG_ON(!vma_can_userfault(vma)); | ||
3900 | BUG_ON(vma->vm_userfaultfd_ctx.ctx && | ||
3901 | vma->vm_userfaultfd_ctx.ctx != ctx); | ||
3902 | + WARN_ON(!(vma->vm_flags & VM_MAYWRITE)); | ||
3903 | |||
3904 | /* | ||
3905 | * Nothing to do: this vma is already registered into this | ||
3906 | @@ -1552,6 +1566,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, | ||
3907 | cond_resched(); | ||
3908 | |||
3909 | BUG_ON(!vma_can_userfault(vma)); | ||
3910 | + WARN_ON(!(vma->vm_flags & VM_MAYWRITE)); | ||
3911 | |||
3912 | /* | ||
3913 | * Nothing to do: this vma is already registered into this | ||
3914 | diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h | ||
3915 | index a397907e8d72..dd16e8218db3 100644 | ||
3916 | --- a/include/linux/ftrace.h | ||
3917 | +++ b/include/linux/ftrace.h | ||
3918 | @@ -777,8 +777,8 @@ struct ftrace_ret_stack { | ||
3919 | extern void return_to_handler(void); | ||
3920 | |||
3921 | extern int | ||
3922 | -ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, | ||
3923 | - unsigned long frame_pointer, unsigned long *retp); | ||
3924 | +function_graph_enter(unsigned long ret, unsigned long func, | ||
3925 | + unsigned long frame_pointer, unsigned long *retp); | ||
3926 | |||
3927 | unsigned long ftrace_graph_ret_addr(struct task_struct *task, int *idx, | ||
3928 | unsigned long ret, unsigned long *retp); | ||
3929 | diff --git a/include/linux/hid-sensor-hub.h b/include/linux/hid-sensor-hub.h | ||
3930 | index 331dc377c275..dc12f5c4b076 100644 | ||
3931 | --- a/include/linux/hid-sensor-hub.h | ||
3932 | +++ b/include/linux/hid-sensor-hub.h | ||
3933 | @@ -177,6 +177,7 @@ int sensor_hub_input_get_attribute_info(struct hid_sensor_hub_device *hsdev, | ||
3934 | * @attr_usage_id: Attribute usage id as per spec | ||
3935 | * @report_id: Report id to look for | ||
3936 | * @flag: Synchronous or asynchronous read | ||
3937 | +* @is_signed: If true then fields < 32 bits will be sign-extended | ||
3938 | * | ||
3939 | * Issues a synchronous or asynchronous read request for an input attribute. | ||
3940 | * Returns data upto 32 bits. | ||
3941 | @@ -190,7 +191,8 @@ enum sensor_hub_read_flags { | ||
3942 | int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, | ||
3943 | u32 usage_id, | ||
3944 | u32 attr_usage_id, u32 report_id, | ||
3945 | - enum sensor_hub_read_flags flag | ||
3946 | + enum sensor_hub_read_flags flag, | ||
3947 | + bool is_signed | ||
3948 | ); | ||
3949 | |||
3950 | /** | ||
3951 | diff --git a/include/linux/net_dim.h b/include/linux/net_dim.h | ||
3952 | index c79e859408e6..fd458389f7d1 100644 | ||
3953 | --- a/include/linux/net_dim.h | ||
3954 | +++ b/include/linux/net_dim.h | ||
3955 | @@ -406,6 +406,8 @@ static inline void net_dim(struct net_dim *dim, | ||
3956 | } | ||
3957 | /* fall through */ | ||
3958 | case NET_DIM_START_MEASURE: | ||
3959 | + net_dim_sample(end_sample.event_ctr, end_sample.pkt_ctr, end_sample.byte_ctr, | ||
3960 | + &dim->start_sample); | ||
3961 | dim->state = NET_DIM_MEASURE_IN_PROGRESS; | ||
3962 | break; | ||
3963 | case NET_DIM_APPLY_NEW_PROFILE: | ||
3964 | diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h | ||
3965 | index 4f36431c380b..561feb560619 100644 | ||
3966 | --- a/include/linux/ptrace.h | ||
3967 | +++ b/include/linux/ptrace.h | ||
3968 | @@ -62,8 +62,8 @@ extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead); | ||
3969 | #define PTRACE_MODE_READ 0x01 | ||
3970 | #define PTRACE_MODE_ATTACH 0x02 | ||
3971 | #define PTRACE_MODE_NOAUDIT 0x04 | ||
3972 | -#define PTRACE_MODE_FSCREDS 0x08 | ||
3973 | -#define PTRACE_MODE_REALCREDS 0x10 | ||
3974 | +#define PTRACE_MODE_FSCREDS 0x08 | ||
3975 | +#define PTRACE_MODE_REALCREDS 0x10 | ||
3976 | |||
3977 | /* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */ | ||
3978 | #define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS) | ||
3979 | diff --git a/include/linux/sched.h b/include/linux/sched.h | ||
3980 | index 977cb57d7bc9..4abb5bd74b04 100644 | ||
3981 | --- a/include/linux/sched.h | ||
3982 | +++ b/include/linux/sched.h | ||
3983 | @@ -1108,6 +1108,7 @@ struct task_struct { | ||
3984 | #ifdef CONFIG_FUNCTION_GRAPH_TRACER | ||
3985 | /* Index of current stored address in ret_stack: */ | ||
3986 | int curr_ret_stack; | ||
3987 | + int curr_ret_depth; | ||
3988 | |||
3989 | /* Stack of return addresses for return function tracing: */ | ||
3990 | struct ftrace_ret_stack *ret_stack; | ||
3991 | @@ -1439,6 +1440,8 @@ static inline bool is_percpu_thread(void) | ||
3992 | #define PFA_SPREAD_SLAB 2 /* Spread some slab caches over cpuset */ | ||
3993 | #define PFA_SPEC_SSB_DISABLE 3 /* Speculative Store Bypass disabled */ | ||
3994 | #define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/ | ||
3995 | +#define PFA_SPEC_IB_DISABLE 5 /* Indirect branch speculation restricted */ | ||
3996 | +#define PFA_SPEC_IB_FORCE_DISABLE 6 /* Indirect branch speculation permanently restricted */ | ||
3997 | |||
3998 | #define TASK_PFA_TEST(name, func) \ | ||
3999 | static inline bool task_##func(struct task_struct *p) \ | ||
4000 | @@ -1470,6 +1473,13 @@ TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable) | ||
4001 | TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) | ||
4002 | TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) | ||
4003 | |||
4004 | +TASK_PFA_TEST(SPEC_IB_DISABLE, spec_ib_disable) | ||
4005 | +TASK_PFA_SET(SPEC_IB_DISABLE, spec_ib_disable) | ||
4006 | +TASK_PFA_CLEAR(SPEC_IB_DISABLE, spec_ib_disable) | ||
4007 | + | ||
4008 | +TASK_PFA_TEST(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable) | ||
4009 | +TASK_PFA_SET(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable) | ||
4010 | + | ||
4011 | static inline void | ||
4012 | current_restore_flags(unsigned long orig_flags, unsigned long flags) | ||
4013 | { | ||
4014 | diff --git a/include/linux/sched/smt.h b/include/linux/sched/smt.h | ||
4015 | new file mode 100644 | ||
4016 | index 000000000000..59d3736c454c | ||
4017 | --- /dev/null | ||
4018 | +++ b/include/linux/sched/smt.h | ||
4019 | @@ -0,0 +1,20 @@ | ||
4020 | +/* SPDX-License-Identifier: GPL-2.0 */ | ||
4021 | +#ifndef _LINUX_SCHED_SMT_H | ||
4022 | +#define _LINUX_SCHED_SMT_H | ||
4023 | + | ||
4024 | +#include <linux/static_key.h> | ||
4025 | + | ||
4026 | +#ifdef CONFIG_SCHED_SMT | ||
4027 | +extern struct static_key_false sched_smt_present; | ||
4028 | + | ||
4029 | +static __always_inline bool sched_smt_active(void) | ||
4030 | +{ | ||
4031 | + return static_branch_likely(&sched_smt_present); | ||
4032 | +} | ||
4033 | +#else | ||
4034 | +static inline bool sched_smt_active(void) { return false; } | ||
4035 | +#endif | ||
4036 | + | ||
4037 | +void arch_smt_update(void); | ||
4038 | + | ||
4039 | +#endif | ||
4040 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h | ||
4041 | index 17a13e4785fc..e6ef9cc05e60 100644 | ||
4042 | --- a/include/linux/skbuff.h | ||
4043 | +++ b/include/linux/skbuff.h | ||
4044 | @@ -1311,6 +1311,22 @@ static inline void skb_zcopy_set(struct sk_buff *skb, struct ubuf_info *uarg) | ||
4045 | } | ||
4046 | } | ||
4047 | |||
4048 | +static inline void skb_zcopy_set_nouarg(struct sk_buff *skb, void *val) | ||
4049 | +{ | ||
4050 | + skb_shinfo(skb)->destructor_arg = (void *)((uintptr_t) val | 0x1UL); | ||
4051 | + skb_shinfo(skb)->tx_flags |= SKBTX_ZEROCOPY_FRAG; | ||
4052 | +} | ||
4053 | + | ||
4054 | +static inline bool skb_zcopy_is_nouarg(struct sk_buff *skb) | ||
4055 | +{ | ||
4056 | + return (uintptr_t) skb_shinfo(skb)->destructor_arg & 0x1UL; | ||
4057 | +} | ||
4058 | + | ||
4059 | +static inline void *skb_zcopy_get_nouarg(struct sk_buff *skb) | ||
4060 | +{ | ||
4061 | + return (void *)((uintptr_t) skb_shinfo(skb)->destructor_arg & ~0x1UL); | ||
4062 | +} | ||
4063 | + | ||
4064 | /* Release a reference on a zerocopy structure */ | ||
4065 | static inline void skb_zcopy_clear(struct sk_buff *skb, bool zerocopy) | ||
4066 | { | ||
4067 | @@ -1320,7 +1336,7 @@ static inline void skb_zcopy_clear(struct sk_buff *skb, bool zerocopy) | ||
4068 | if (uarg->callback == sock_zerocopy_callback) { | ||
4069 | uarg->zerocopy = uarg->zerocopy && zerocopy; | ||
4070 | sock_zerocopy_put(uarg); | ||
4071 | - } else { | ||
4072 | + } else if (!skb_zcopy_is_nouarg(skb)) { | ||
4073 | uarg->callback(uarg, zerocopy); | ||
4074 | } | ||
4075 | |||
4076 | diff --git a/include/linux/tcp.h b/include/linux/tcp.h | ||
4077 | index 263e37271afd..d2c8f280e48f 100644 | ||
4078 | --- a/include/linux/tcp.h | ||
4079 | +++ b/include/linux/tcp.h | ||
4080 | @@ -196,6 +196,7 @@ struct tcp_sock { | ||
4081 | u32 rcv_tstamp; /* timestamp of last received ACK (for keepalives) */ | ||
4082 | u32 lsndtime; /* timestamp of last sent data packet (for restart window) */ | ||
4083 | u32 last_oow_ack_time; /* timestamp of last out-of-window ACK */ | ||
4084 | + u32 compressed_ack_rcv_nxt; | ||
4085 | |||
4086 | u32 tsoffset; /* timestamp offset */ | ||
4087 | |||
4088 | diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h | ||
4089 | index c0d7ea0bf5b6..b17201edfa09 100644 | ||
4090 | --- a/include/uapi/linux/prctl.h | ||
4091 | +++ b/include/uapi/linux/prctl.h | ||
4092 | @@ -212,6 +212,7 @@ struct prctl_mm_map { | ||
4093 | #define PR_SET_SPECULATION_CTRL 53 | ||
4094 | /* Speculation control variants */ | ||
4095 | # define PR_SPEC_STORE_BYPASS 0 | ||
4096 | +# define PR_SPEC_INDIRECT_BRANCH 1 | ||
4097 | /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ | ||
4098 | # define PR_SPEC_NOT_AFFECTED 0 | ||
4099 | # define PR_SPEC_PRCTL (1UL << 0) | ||
4100 | diff --git a/kernel/cpu.c b/kernel/cpu.c | ||
4101 | index 0097acec1c71..1699ff68c412 100644 | ||
4102 | --- a/kernel/cpu.c | ||
4103 | +++ b/kernel/cpu.c | ||
4104 | @@ -10,6 +10,7 @@ | ||
4105 | #include <linux/sched/signal.h> | ||
4106 | #include <linux/sched/hotplug.h> | ||
4107 | #include <linux/sched/task.h> | ||
4108 | +#include <linux/sched/smt.h> | ||
4109 | #include <linux/unistd.h> | ||
4110 | #include <linux/cpu.h> | ||
4111 | #include <linux/oom.h> | ||
4112 | @@ -346,6 +347,12 @@ void cpu_hotplug_enable(void) | ||
4113 | EXPORT_SYMBOL_GPL(cpu_hotplug_enable); | ||
4114 | #endif /* CONFIG_HOTPLUG_CPU */ | ||
4115 | |||
4116 | +/* | ||
4117 | + * Architectures that need SMT-specific errata handling during SMT hotplug | ||
4118 | + * should override this. | ||
4119 | + */ | ||
4120 | +void __weak arch_smt_update(void) { } | ||
4121 | + | ||
4122 | #ifdef CONFIG_HOTPLUG_SMT | ||
4123 | enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; | ||
4124 | EXPORT_SYMBOL_GPL(cpu_smt_control); | ||
4125 | @@ -982,6 +989,7 @@ out: | ||
4126 | * concurrent CPU hotplug via cpu_add_remove_lock. | ||
4127 | */ | ||
4128 | lockup_detector_cleanup(); | ||
4129 | + arch_smt_update(); | ||
4130 | return ret; | ||
4131 | } | ||
4132 | |||
4133 | @@ -1110,6 +1118,7 @@ static int _cpu_up(unsigned int cpu, int tasks_frozen, enum cpuhp_state target) | ||
4134 | ret = cpuhp_up_callbacks(cpu, st, target); | ||
4135 | out: | ||
4136 | cpus_write_unlock(); | ||
4137 | + arch_smt_update(); | ||
4138 | return ret; | ||
4139 | } | ||
4140 | |||
4141 | @@ -2052,8 +2061,10 @@ static int cpuhp_smt_disable(enum cpuhp_smt_control ctrlval) | ||
4142 | */ | ||
4143 | cpuhp_offline_cpu_device(cpu); | ||
4144 | } | ||
4145 | - if (!ret) | ||
4146 | + if (!ret) { | ||
4147 | cpu_smt_control = ctrlval; | ||
4148 | + arch_smt_update(); | ||
4149 | + } | ||
4150 | cpu_maps_update_done(); | ||
4151 | return ret; | ||
4152 | } | ||
4153 | @@ -2064,6 +2075,7 @@ static int cpuhp_smt_enable(void) | ||
4154 | |||
4155 | cpu_maps_update_begin(); | ||
4156 | cpu_smt_control = CPU_SMT_ENABLED; | ||
4157 | + arch_smt_update(); | ||
4158 | for_each_present_cpu(cpu) { | ||
4159 | /* Skip online CPUs and CPUs on offline nodes */ | ||
4160 | if (cpu_online(cpu) || !node_online(cpu_to_node(cpu))) | ||
4161 | diff --git a/kernel/sched/core.c b/kernel/sched/core.c | ||
4162 | index 35551110d277..2beda4b726e2 100644 | ||
4163 | --- a/kernel/sched/core.c | ||
4164 | +++ b/kernel/sched/core.c | ||
4165 | @@ -5741,15 +5741,10 @@ int sched_cpu_activate(unsigned int cpu) | ||
4166 | |||
4167 | #ifdef CONFIG_SCHED_SMT | ||
4168 | /* | ||
4169 | - * The sched_smt_present static key needs to be evaluated on every | ||
4170 | - * hotplug event because at boot time SMT might be disabled when | ||
4171 | - * the number of booted CPUs is limited. | ||
4172 | - * | ||
4173 | - * If then later a sibling gets hotplugged, then the key would stay | ||
4174 | - * off and SMT scheduling would never be functional. | ||
4175 | + * When going up, increment the number of cores with SMT present. | ||
4176 | */ | ||
4177 | - if (cpumask_weight(cpu_smt_mask(cpu)) > 1) | ||
4178 | - static_branch_enable_cpuslocked(&sched_smt_present); | ||
4179 | + if (cpumask_weight(cpu_smt_mask(cpu)) == 2) | ||
4180 | + static_branch_inc_cpuslocked(&sched_smt_present); | ||
4181 | #endif | ||
4182 | set_cpu_active(cpu, true); | ||
4183 | |||
4184 | @@ -5793,6 +5788,14 @@ int sched_cpu_deactivate(unsigned int cpu) | ||
4185 | */ | ||
4186 | synchronize_rcu_mult(call_rcu, call_rcu_sched); | ||
4187 | |||
4188 | +#ifdef CONFIG_SCHED_SMT | ||
4189 | + /* | ||
4190 | + * When going down, decrement the number of cores with SMT present. | ||
4191 | + */ | ||
4192 | + if (cpumask_weight(cpu_smt_mask(cpu)) == 2) | ||
4193 | + static_branch_dec_cpuslocked(&sched_smt_present); | ||
4194 | +#endif | ||
4195 | + | ||
4196 | if (!sched_smp_initialized) | ||
4197 | return 0; | ||
4198 | |||
4199 | diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h | ||
4200 | index 9683f458aec7..6c25bbe87bd3 100644 | ||
4201 | --- a/kernel/sched/sched.h | ||
4202 | +++ b/kernel/sched/sched.h | ||
4203 | @@ -23,6 +23,7 @@ | ||
4204 | #include <linux/sched/prio.h> | ||
4205 | #include <linux/sched/rt.h> | ||
4206 | #include <linux/sched/signal.h> | ||
4207 | +#include <linux/sched/smt.h> | ||
4208 | #include <linux/sched/stat.h> | ||
4209 | #include <linux/sched/sysctl.h> | ||
4210 | #include <linux/sched/task.h> | ||
4211 | @@ -930,9 +931,6 @@ static inline int cpu_of(struct rq *rq) | ||
4212 | |||
4213 | |||
4214 | #ifdef CONFIG_SCHED_SMT | ||
4215 | - | ||
4216 | -extern struct static_key_false sched_smt_present; | ||
4217 | - | ||
4218 | extern void __update_idle_core(struct rq *rq); | ||
4219 | |||
4220 | static inline void update_idle_core(struct rq *rq) | ||
4221 | diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c | ||
4222 | index f536f601bd46..77734451cb05 100644 | ||
4223 | --- a/kernel/trace/ftrace.c | ||
4224 | +++ b/kernel/trace/ftrace.c | ||
4225 | @@ -817,7 +817,7 @@ function_profile_call(unsigned long ip, unsigned long parent_ip, | ||
4226 | #ifdef CONFIG_FUNCTION_GRAPH_TRACER | ||
4227 | static int profile_graph_entry(struct ftrace_graph_ent *trace) | ||
4228 | { | ||
4229 | - int index = trace->depth; | ||
4230 | + int index = current->curr_ret_stack; | ||
4231 | |||
4232 | function_profile_call(trace->func, 0, NULL, NULL); | ||
4233 | |||
4234 | @@ -852,7 +852,7 @@ static void profile_graph_return(struct ftrace_graph_ret *trace) | ||
4235 | if (!fgraph_graph_time) { | ||
4236 | int index; | ||
4237 | |||
4238 | - index = trace->depth; | ||
4239 | + index = current->curr_ret_stack; | ||
4240 | |||
4241 | /* Append this call time to the parent time to subtract */ | ||
4242 | if (index) | ||
4243 | @@ -6814,6 +6814,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list) | ||
4244 | atomic_set(&t->tracing_graph_pause, 0); | ||
4245 | atomic_set(&t->trace_overrun, 0); | ||
4246 | t->curr_ret_stack = -1; | ||
4247 | + t->curr_ret_depth = -1; | ||
4248 | /* Make sure the tasks see the -1 first: */ | ||
4249 | smp_wmb(); | ||
4250 | t->ret_stack = ret_stack_list[start++]; | ||
4251 | @@ -7038,6 +7039,7 @@ graph_init_task(struct task_struct *t, struct ftrace_ret_stack *ret_stack) | ||
4252 | void ftrace_graph_init_idle_task(struct task_struct *t, int cpu) | ||
4253 | { | ||
4254 | t->curr_ret_stack = -1; | ||
4255 | + t->curr_ret_depth = -1; | ||
4256 | /* | ||
4257 | * The idle task has no parent, it either has its own | ||
4258 | * stack or no stack at all. | ||
4259 | @@ -7068,6 +7070,7 @@ void ftrace_graph_init_task(struct task_struct *t) | ||
4260 | /* Make sure we do not use the parent ret_stack */ | ||
4261 | t->ret_stack = NULL; | ||
4262 | t->curr_ret_stack = -1; | ||
4263 | + t->curr_ret_depth = -1; | ||
4264 | |||
4265 | if (ftrace_graph_active) { | ||
4266 | struct ftrace_ret_stack *ret_stack; | ||
4267 | diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c | ||
4268 | index 169b3c44ee97..2561460d7baf 100644 | ||
4269 | --- a/kernel/trace/trace_functions_graph.c | ||
4270 | +++ b/kernel/trace/trace_functions_graph.c | ||
4271 | @@ -118,8 +118,8 @@ print_graph_duration(struct trace_array *tr, unsigned long long duration, | ||
4272 | struct trace_seq *s, u32 flags); | ||
4273 | |||
4274 | /* Add a function return address to the trace stack on thread info.*/ | ||
4275 | -int | ||
4276 | -ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, | ||
4277 | +static int | ||
4278 | +ftrace_push_return_trace(unsigned long ret, unsigned long func, | ||
4279 | unsigned long frame_pointer, unsigned long *retp) | ||
4280 | { | ||
4281 | unsigned long long calltime; | ||
4282 | @@ -177,9 +177,31 @@ ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, | ||
4283 | #ifdef HAVE_FUNCTION_GRAPH_RET_ADDR_PTR | ||
4284 | current->ret_stack[index].retp = retp; | ||
4285 | #endif | ||
4286 | - *depth = current->curr_ret_stack; | ||
4287 | + return 0; | ||
4288 | +} | ||
4289 | + | ||
4290 | +int function_graph_enter(unsigned long ret, unsigned long func, | ||
4291 | + unsigned long frame_pointer, unsigned long *retp) | ||
4292 | +{ | ||
4293 | + struct ftrace_graph_ent trace; | ||
4294 | + | ||
4295 | + trace.func = func; | ||
4296 | + trace.depth = ++current->curr_ret_depth; | ||
4297 | + | ||
4298 | + if (ftrace_push_return_trace(ret, func, | ||
4299 | + frame_pointer, retp)) | ||
4300 | + goto out; | ||
4301 | + | ||
4302 | + /* Only trace if the calling function expects to */ | ||
4303 | + if (!ftrace_graph_entry(&trace)) | ||
4304 | + goto out_ret; | ||
4305 | |||
4306 | return 0; | ||
4307 | + out_ret: | ||
4308 | + current->curr_ret_stack--; | ||
4309 | + out: | ||
4310 | + current->curr_ret_depth--; | ||
4311 | + return -EBUSY; | ||
4312 | } | ||
4313 | |||
4314 | /* Retrieve a function return address to the trace stack on thread info.*/ | ||
4315 | @@ -241,7 +263,13 @@ ftrace_pop_return_trace(struct ftrace_graph_ret *trace, unsigned long *ret, | ||
4316 | trace->func = current->ret_stack[index].func; | ||
4317 | trace->calltime = current->ret_stack[index].calltime; | ||
4318 | trace->overrun = atomic_read(¤t->trace_overrun); | ||
4319 | - trace->depth = index; | ||
4320 | + trace->depth = current->curr_ret_depth--; | ||
4321 | + /* | ||
4322 | + * We still want to trace interrupts coming in if | ||
4323 | + * max_depth is set to 1. Make sure the decrement is | ||
4324 | + * seen before ftrace_graph_return. | ||
4325 | + */ | ||
4326 | + barrier(); | ||
4327 | } | ||
4328 | |||
4329 | /* | ||
4330 | @@ -255,6 +283,12 @@ unsigned long ftrace_return_to_handler(unsigned long frame_pointer) | ||
4331 | |||
4332 | ftrace_pop_return_trace(&trace, &ret, frame_pointer); | ||
4333 | trace.rettime = trace_clock_local(); | ||
4334 | + ftrace_graph_return(&trace); | ||
4335 | + /* | ||
4336 | + * The ftrace_graph_return() may still access the current | ||
4337 | + * ret_stack structure, we need to make sure the update of | ||
4338 | + * curr_ret_stack is after that. | ||
4339 | + */ | ||
4340 | barrier(); | ||
4341 | current->curr_ret_stack--; | ||
4342 | /* | ||
4343 | @@ -267,13 +301,6 @@ unsigned long ftrace_return_to_handler(unsigned long frame_pointer) | ||
4344 | return ret; | ||
4345 | } | ||
4346 | |||
4347 | - /* | ||
4348 | - * The trace should run after decrementing the ret counter | ||
4349 | - * in case an interrupt were to come in. We don't want to | ||
4350 | - * lose the interrupt if max_depth is set. | ||
4351 | - */ | ||
4352 | - ftrace_graph_return(&trace); | ||
4353 | - | ||
4354 | if (unlikely(!ret)) { | ||
4355 | ftrace_graph_stop(); | ||
4356 | WARN_ON(1); | ||
4357 | diff --git a/lib/test_kmod.c b/lib/test_kmod.c | ||
4358 | index e3ddd836491f..d82d022111e0 100644 | ||
4359 | --- a/lib/test_kmod.c | ||
4360 | +++ b/lib/test_kmod.c | ||
4361 | @@ -1214,7 +1214,6 @@ void unregister_test_dev_kmod(struct kmod_test_device *test_dev) | ||
4362 | |||
4363 | dev_info(test_dev->dev, "removing interface\n"); | ||
4364 | misc_deregister(&test_dev->misc_dev); | ||
4365 | - kfree(&test_dev->misc_dev.name); | ||
4366 | |||
4367 | mutex_unlock(&test_dev->config_mutex); | ||
4368 | mutex_unlock(&test_dev->trigger_mutex); | ||
4369 | diff --git a/mm/huge_memory.c b/mm/huge_memory.c | ||
4370 | index deed97fba979..15310f14c25e 100644 | ||
4371 | --- a/mm/huge_memory.c | ||
4372 | +++ b/mm/huge_memory.c | ||
4373 | @@ -2322,7 +2322,7 @@ void vma_adjust_trans_huge(struct vm_area_struct *vma, | ||
4374 | } | ||
4375 | } | ||
4376 | |||
4377 | -static void freeze_page(struct page *page) | ||
4378 | +static void unmap_page(struct page *page) | ||
4379 | { | ||
4380 | enum ttu_flags ttu_flags = TTU_IGNORE_MLOCK | TTU_IGNORE_ACCESS | | ||
4381 | TTU_RMAP_LOCKED | TTU_SPLIT_HUGE_PMD; | ||
4382 | @@ -2337,7 +2337,7 @@ static void freeze_page(struct page *page) | ||
4383 | VM_BUG_ON_PAGE(!unmap_success, page); | ||
4384 | } | ||
4385 | |||
4386 | -static void unfreeze_page(struct page *page) | ||
4387 | +static void remap_page(struct page *page) | ||
4388 | { | ||
4389 | int i; | ||
4390 | if (PageTransHuge(page)) { | ||
4391 | @@ -2373,6 +2373,12 @@ static void __split_huge_page_tail(struct page *head, int tail, | ||
4392 | (1L << PG_unevictable) | | ||
4393 | (1L << PG_dirty))); | ||
4394 | |||
4395 | + /* ->mapping in first tail page is compound_mapcount */ | ||
4396 | + VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING, | ||
4397 | + page_tail); | ||
4398 | + page_tail->mapping = head->mapping; | ||
4399 | + page_tail->index = head->index + tail; | ||
4400 | + | ||
4401 | /* Page flags must be visible before we make the page non-compound. */ | ||
4402 | smp_wmb(); | ||
4403 | |||
4404 | @@ -2393,12 +2399,6 @@ static void __split_huge_page_tail(struct page *head, int tail, | ||
4405 | if (page_is_idle(head)) | ||
4406 | set_page_idle(page_tail); | ||
4407 | |||
4408 | - /* ->mapping in first tail page is compound_mapcount */ | ||
4409 | - VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING, | ||
4410 | - page_tail); | ||
4411 | - page_tail->mapping = head->mapping; | ||
4412 | - | ||
4413 | - page_tail->index = head->index + tail; | ||
4414 | page_cpupid_xchg_last(page_tail, page_cpupid_last(head)); | ||
4415 | |||
4416 | /* | ||
4417 | @@ -2410,12 +2410,11 @@ static void __split_huge_page_tail(struct page *head, int tail, | ||
4418 | } | ||
4419 | |||
4420 | static void __split_huge_page(struct page *page, struct list_head *list, | ||
4421 | - unsigned long flags) | ||
4422 | + pgoff_t end, unsigned long flags) | ||
4423 | { | ||
4424 | struct page *head = compound_head(page); | ||
4425 | struct zone *zone = page_zone(head); | ||
4426 | struct lruvec *lruvec; | ||
4427 | - pgoff_t end = -1; | ||
4428 | int i; | ||
4429 | |||
4430 | lruvec = mem_cgroup_page_lruvec(head, zone->zone_pgdat); | ||
4431 | @@ -2423,9 +2422,6 @@ static void __split_huge_page(struct page *page, struct list_head *list, | ||
4432 | /* complete memcg works before add pages to LRU */ | ||
4433 | mem_cgroup_split_huge_fixup(head); | ||
4434 | |||
4435 | - if (!PageAnon(page)) | ||
4436 | - end = DIV_ROUND_UP(i_size_read(head->mapping->host), PAGE_SIZE); | ||
4437 | - | ||
4438 | for (i = HPAGE_PMD_NR - 1; i >= 1; i--) { | ||
4439 | __split_huge_page_tail(head, i, lruvec, list); | ||
4440 | /* Some pages can be beyond i_size: drop them from page cache */ | ||
4441 | @@ -2454,7 +2450,7 @@ static void __split_huge_page(struct page *page, struct list_head *list, | ||
4442 | |||
4443 | spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); | ||
4444 | |||
4445 | - unfreeze_page(head); | ||
4446 | + remap_page(head); | ||
4447 | |||
4448 | for (i = 0; i < HPAGE_PMD_NR; i++) { | ||
4449 | struct page *subpage = head + i; | ||
4450 | @@ -2597,6 +2593,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) | ||
4451 | int count, mapcount, extra_pins, ret; | ||
4452 | bool mlocked; | ||
4453 | unsigned long flags; | ||
4454 | + pgoff_t end; | ||
4455 | |||
4456 | VM_BUG_ON_PAGE(is_huge_zero_page(page), page); | ||
4457 | VM_BUG_ON_PAGE(!PageLocked(page), page); | ||
4458 | @@ -2619,6 +2616,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) | ||
4459 | ret = -EBUSY; | ||
4460 | goto out; | ||
4461 | } | ||
4462 | + end = -1; | ||
4463 | mapping = NULL; | ||
4464 | anon_vma_lock_write(anon_vma); | ||
4465 | } else { | ||
4466 | @@ -2632,10 +2630,19 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) | ||
4467 | |||
4468 | anon_vma = NULL; | ||
4469 | i_mmap_lock_read(mapping); | ||
4470 | + | ||
4471 | + /* | ||
4472 | + *__split_huge_page() may need to trim off pages beyond EOF: | ||
4473 | + * but on 32-bit, i_size_read() takes an irq-unsafe seqlock, | ||
4474 | + * which cannot be nested inside the page tree lock. So note | ||
4475 | + * end now: i_size itself may be changed at any moment, but | ||
4476 | + * head page lock is good enough to serialize the trimming. | ||
4477 | + */ | ||
4478 | + end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE); | ||
4479 | } | ||
4480 | |||
4481 | /* | ||
4482 | - * Racy check if we can split the page, before freeze_page() will | ||
4483 | + * Racy check if we can split the page, before unmap_page() will | ||
4484 | * split PMDs | ||
4485 | */ | ||
4486 | if (!can_split_huge_page(head, &extra_pins)) { | ||
4487 | @@ -2644,7 +2651,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) | ||
4488 | } | ||
4489 | |||
4490 | mlocked = PageMlocked(page); | ||
4491 | - freeze_page(head); | ||
4492 | + unmap_page(head); | ||
4493 | VM_BUG_ON_PAGE(compound_mapcount(head), head); | ||
4494 | |||
4495 | /* Make sure the page is not on per-CPU pagevec as it takes pin */ | ||
4496 | @@ -2681,7 +2688,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) | ||
4497 | if (mapping) | ||
4498 | __dec_node_page_state(page, NR_SHMEM_THPS); | ||
4499 | spin_unlock(&pgdata->split_queue_lock); | ||
4500 | - __split_huge_page(page, list, flags); | ||
4501 | + __split_huge_page(page, list, end, flags); | ||
4502 | if (PageSwapCache(head)) { | ||
4503 | swp_entry_t entry = { .val = page_private(head) }; | ||
4504 | |||
4505 | @@ -2701,7 +2708,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) | ||
4506 | fail: if (mapping) | ||
4507 | xa_unlock(&mapping->i_pages); | ||
4508 | spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); | ||
4509 | - unfreeze_page(head); | ||
4510 | + remap_page(head); | ||
4511 | ret = -EBUSY; | ||
4512 | } | ||
4513 | |||
4514 | diff --git a/mm/khugepaged.c b/mm/khugepaged.c | ||
4515 | index a31d740e6cd1..fde5820be24d 100644 | ||
4516 | --- a/mm/khugepaged.c | ||
4517 | +++ b/mm/khugepaged.c | ||
4518 | @@ -1287,7 +1287,7 @@ static void retract_page_tables(struct address_space *mapping, pgoff_t pgoff) | ||
4519 | * collapse_shmem - collapse small tmpfs/shmem pages into huge one. | ||
4520 | * | ||
4521 | * Basic scheme is simple, details are more complex: | ||
4522 | - * - allocate and freeze a new huge page; | ||
4523 | + * - allocate and lock a new huge page; | ||
4524 | * - scan over radix tree replacing old pages the new one | ||
4525 | * + swap in pages if necessary; | ||
4526 | * + fill in gaps; | ||
4527 | @@ -1295,11 +1295,11 @@ static void retract_page_tables(struct address_space *mapping, pgoff_t pgoff) | ||
4528 | * - if replacing succeed: | ||
4529 | * + copy data over; | ||
4530 | * + free old pages; | ||
4531 | - * + unfreeze huge page; | ||
4532 | + * + unlock huge page; | ||
4533 | * - if replacing failed; | ||
4534 | * + put all pages back and unfreeze them; | ||
4535 | * + restore gaps in the radix-tree; | ||
4536 | - * + free huge page; | ||
4537 | + * + unlock and free huge page; | ||
4538 | */ | ||
4539 | static void collapse_shmem(struct mm_struct *mm, | ||
4540 | struct address_space *mapping, pgoff_t start, | ||
4541 | @@ -1330,18 +1330,15 @@ static void collapse_shmem(struct mm_struct *mm, | ||
4542 | goto out; | ||
4543 | } | ||
4544 | |||
4545 | + __SetPageLocked(new_page); | ||
4546 | + __SetPageSwapBacked(new_page); | ||
4547 | new_page->index = start; | ||
4548 | new_page->mapping = mapping; | ||
4549 | - __SetPageSwapBacked(new_page); | ||
4550 | - __SetPageLocked(new_page); | ||
4551 | - BUG_ON(!page_ref_freeze(new_page, 1)); | ||
4552 | - | ||
4553 | |||
4554 | /* | ||
4555 | - * At this point the new_page is 'frozen' (page_count() is zero), locked | ||
4556 | - * and not up-to-date. It's safe to insert it into radix tree, because | ||
4557 | - * nobody would be able to map it or use it in other way until we | ||
4558 | - * unfreeze it. | ||
4559 | + * At this point the new_page is locked and not up-to-date. | ||
4560 | + * It's safe to insert it into the page cache, because nobody would | ||
4561 | + * be able to map it or use it in another way until we unlock it. | ||
4562 | */ | ||
4563 | |||
4564 | index = start; | ||
4565 | @@ -1349,19 +1346,29 @@ static void collapse_shmem(struct mm_struct *mm, | ||
4566 | radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) { | ||
4567 | int n = min(iter.index, end) - index; | ||
4568 | |||
4569 | + /* | ||
4570 | + * Stop if extent has been hole-punched, and is now completely | ||
4571 | + * empty (the more obvious i_size_read() check would take an | ||
4572 | + * irq-unsafe seqlock on 32-bit). | ||
4573 | + */ | ||
4574 | + if (n >= HPAGE_PMD_NR) { | ||
4575 | + result = SCAN_TRUNCATED; | ||
4576 | + goto tree_locked; | ||
4577 | + } | ||
4578 | + | ||
4579 | /* | ||
4580 | * Handle holes in the radix tree: charge it from shmem and | ||
4581 | * insert relevant subpage of new_page into the radix-tree. | ||
4582 | */ | ||
4583 | if (n && !shmem_charge(mapping->host, n)) { | ||
4584 | result = SCAN_FAIL; | ||
4585 | - break; | ||
4586 | + goto tree_locked; | ||
4587 | } | ||
4588 | - nr_none += n; | ||
4589 | for (; index < min(iter.index, end); index++) { | ||
4590 | radix_tree_insert(&mapping->i_pages, index, | ||
4591 | new_page + (index % HPAGE_PMD_NR)); | ||
4592 | } | ||
4593 | + nr_none += n; | ||
4594 | |||
4595 | /* We are done. */ | ||
4596 | if (index >= end) | ||
4597 | @@ -1377,12 +1384,12 @@ static void collapse_shmem(struct mm_struct *mm, | ||
4598 | result = SCAN_FAIL; | ||
4599 | goto tree_unlocked; | ||
4600 | } | ||
4601 | - xa_lock_irq(&mapping->i_pages); | ||
4602 | } else if (trylock_page(page)) { | ||
4603 | get_page(page); | ||
4604 | + xa_unlock_irq(&mapping->i_pages); | ||
4605 | } else { | ||
4606 | result = SCAN_PAGE_LOCK; | ||
4607 | - break; | ||
4608 | + goto tree_locked; | ||
4609 | } | ||
4610 | |||
4611 | /* | ||
4612 | @@ -1391,17 +1398,24 @@ static void collapse_shmem(struct mm_struct *mm, | ||
4613 | */ | ||
4614 | VM_BUG_ON_PAGE(!PageLocked(page), page); | ||
4615 | VM_BUG_ON_PAGE(!PageUptodate(page), page); | ||
4616 | - VM_BUG_ON_PAGE(PageTransCompound(page), page); | ||
4617 | + | ||
4618 | + /* | ||
4619 | + * If file was truncated then extended, or hole-punched, before | ||
4620 | + * we locked the first page, then a THP might be there already. | ||
4621 | + */ | ||
4622 | + if (PageTransCompound(page)) { | ||
4623 | + result = SCAN_PAGE_COMPOUND; | ||
4624 | + goto out_unlock; | ||
4625 | + } | ||
4626 | |||
4627 | if (page_mapping(page) != mapping) { | ||
4628 | result = SCAN_TRUNCATED; | ||
4629 | goto out_unlock; | ||
4630 | } | ||
4631 | - xa_unlock_irq(&mapping->i_pages); | ||
4632 | |||
4633 | if (isolate_lru_page(page)) { | ||
4634 | result = SCAN_DEL_PAGE_LRU; | ||
4635 | - goto out_isolate_failed; | ||
4636 | + goto out_unlock; | ||
4637 | } | ||
4638 | |||
4639 | if (page_mapped(page)) | ||
4640 | @@ -1422,7 +1436,9 @@ static void collapse_shmem(struct mm_struct *mm, | ||
4641 | */ | ||
4642 | if (!page_ref_freeze(page, 3)) { | ||
4643 | result = SCAN_PAGE_COUNT; | ||
4644 | - goto out_lru; | ||
4645 | + xa_unlock_irq(&mapping->i_pages); | ||
4646 | + putback_lru_page(page); | ||
4647 | + goto out_unlock; | ||
4648 | } | ||
4649 | |||
4650 | /* | ||
4651 | @@ -1438,17 +1454,10 @@ static void collapse_shmem(struct mm_struct *mm, | ||
4652 | slot = radix_tree_iter_resume(slot, &iter); | ||
4653 | index++; | ||
4654 | continue; | ||
4655 | -out_lru: | ||
4656 | - xa_unlock_irq(&mapping->i_pages); | ||
4657 | - putback_lru_page(page); | ||
4658 | -out_isolate_failed: | ||
4659 | - unlock_page(page); | ||
4660 | - put_page(page); | ||
4661 | - goto tree_unlocked; | ||
4662 | out_unlock: | ||
4663 | unlock_page(page); | ||
4664 | put_page(page); | ||
4665 | - break; | ||
4666 | + goto tree_unlocked; | ||
4667 | } | ||
4668 | |||
4669 | /* | ||
4670 | @@ -1456,14 +1465,18 @@ out_unlock: | ||
4671 | * This code only triggers if there's nothing in radix tree | ||
4672 | * beyond 'end'. | ||
4673 | */ | ||
4674 | - if (result == SCAN_SUCCEED && index < end) { | ||
4675 | + if (index < end) { | ||
4676 | int n = end - index; | ||
4677 | |||
4678 | + /* Stop if extent has been truncated, and is now empty */ | ||
4679 | + if (n >= HPAGE_PMD_NR) { | ||
4680 | + result = SCAN_TRUNCATED; | ||
4681 | + goto tree_locked; | ||
4682 | + } | ||
4683 | if (!shmem_charge(mapping->host, n)) { | ||
4684 | result = SCAN_FAIL; | ||
4685 | goto tree_locked; | ||
4686 | } | ||
4687 | - | ||
4688 | for (; index < end; index++) { | ||
4689 | radix_tree_insert(&mapping->i_pages, index, | ||
4690 | new_page + (index % HPAGE_PMD_NR)); | ||
4691 | @@ -1471,59 +1484,64 @@ out_unlock: | ||
4692 | nr_none += n; | ||
4693 | } | ||
4694 | |||
4695 | + __inc_node_page_state(new_page, NR_SHMEM_THPS); | ||
4696 | + if (nr_none) { | ||
4697 | + struct zone *zone = page_zone(new_page); | ||
4698 | + | ||
4699 | + __mod_node_page_state(zone->zone_pgdat, NR_FILE_PAGES, nr_none); | ||
4700 | + __mod_node_page_state(zone->zone_pgdat, NR_SHMEM, nr_none); | ||
4701 | + } | ||
4702 | + | ||
4703 | tree_locked: | ||
4704 | xa_unlock_irq(&mapping->i_pages); | ||
4705 | tree_unlocked: | ||
4706 | |||
4707 | if (result == SCAN_SUCCEED) { | ||
4708 | - unsigned long flags; | ||
4709 | - struct zone *zone = page_zone(new_page); | ||
4710 | - | ||
4711 | /* | ||
4712 | * Replacing old pages with new one has succeed, now we need to | ||
4713 | * copy the content and free old pages. | ||
4714 | */ | ||
4715 | + index = start; | ||
4716 | list_for_each_entry_safe(page, tmp, &pagelist, lru) { | ||
4717 | + while (index < page->index) { | ||
4718 | + clear_highpage(new_page + (index % HPAGE_PMD_NR)); | ||
4719 | + index++; | ||
4720 | + } | ||
4721 | copy_highpage(new_page + (page->index % HPAGE_PMD_NR), | ||
4722 | page); | ||
4723 | list_del(&page->lru); | ||
4724 | - unlock_page(page); | ||
4725 | - page_ref_unfreeze(page, 1); | ||
4726 | page->mapping = NULL; | ||
4727 | + page_ref_unfreeze(page, 1); | ||
4728 | ClearPageActive(page); | ||
4729 | ClearPageUnevictable(page); | ||
4730 | + unlock_page(page); | ||
4731 | put_page(page); | ||
4732 | + index++; | ||
4733 | } | ||
4734 | - | ||
4735 | - local_irq_save(flags); | ||
4736 | - __inc_node_page_state(new_page, NR_SHMEM_THPS); | ||
4737 | - if (nr_none) { | ||
4738 | - __mod_node_page_state(zone->zone_pgdat, NR_FILE_PAGES, nr_none); | ||
4739 | - __mod_node_page_state(zone->zone_pgdat, NR_SHMEM, nr_none); | ||
4740 | + while (index < end) { | ||
4741 | + clear_highpage(new_page + (index % HPAGE_PMD_NR)); | ||
4742 | + index++; | ||
4743 | } | ||
4744 | - local_irq_restore(flags); | ||
4745 | |||
4746 | - /* | ||
4747 | - * Remove pte page tables, so we can re-faulti | ||
4748 | - * the page as huge. | ||
4749 | - */ | ||
4750 | - retract_page_tables(mapping, start); | ||
4751 | - | ||
4752 | - /* Everything is ready, let's unfreeze the new_page */ | ||
4753 | - set_page_dirty(new_page); | ||
4754 | SetPageUptodate(new_page); | ||
4755 | - page_ref_unfreeze(new_page, HPAGE_PMD_NR); | ||
4756 | + page_ref_add(new_page, HPAGE_PMD_NR - 1); | ||
4757 | + set_page_dirty(new_page); | ||
4758 | mem_cgroup_commit_charge(new_page, memcg, false, true); | ||
4759 | lru_cache_add_anon(new_page); | ||
4760 | - unlock_page(new_page); | ||
4761 | |||
4762 | + /* | ||
4763 | + * Remove pte page tables, so we can re-fault the page as huge. | ||
4764 | + */ | ||
4765 | + retract_page_tables(mapping, start); | ||
4766 | *hpage = NULL; | ||
4767 | |||
4768 | khugepaged_pages_collapsed++; | ||
4769 | } else { | ||
4770 | /* Something went wrong: rollback changes to the radix-tree */ | ||
4771 | - shmem_uncharge(mapping->host, nr_none); | ||
4772 | xa_lock_irq(&mapping->i_pages); | ||
4773 | + mapping->nrpages -= nr_none; | ||
4774 | + shmem_uncharge(mapping->host, nr_none); | ||
4775 | + | ||
4776 | radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) { | ||
4777 | if (iter.index >= end) | ||
4778 | break; | ||
4779 | @@ -1546,19 +1564,18 @@ tree_unlocked: | ||
4780 | radix_tree_replace_slot(&mapping->i_pages, slot, page); | ||
4781 | slot = radix_tree_iter_resume(slot, &iter); | ||
4782 | xa_unlock_irq(&mapping->i_pages); | ||
4783 | - putback_lru_page(page); | ||
4784 | unlock_page(page); | ||
4785 | + putback_lru_page(page); | ||
4786 | xa_lock_irq(&mapping->i_pages); | ||
4787 | } | ||
4788 | VM_BUG_ON(nr_none); | ||
4789 | xa_unlock_irq(&mapping->i_pages); | ||
4790 | |||
4791 | - /* Unfreeze new_page, caller would take care about freeing it */ | ||
4792 | - page_ref_unfreeze(new_page, 1); | ||
4793 | mem_cgroup_cancel_charge(new_page, memcg, true); | ||
4794 | - unlock_page(new_page); | ||
4795 | new_page->mapping = NULL; | ||
4796 | } | ||
4797 | + | ||
4798 | + unlock_page(new_page); | ||
4799 | out: | ||
4800 | VM_BUG_ON(!list_empty(&pagelist)); | ||
4801 | /* TODO: tracepoints */ | ||
4802 | diff --git a/mm/rmap.c b/mm/rmap.c | ||
4803 | index 1e79fac3186b..85b7f9423352 100644 | ||
4804 | --- a/mm/rmap.c | ||
4805 | +++ b/mm/rmap.c | ||
4806 | @@ -1627,16 +1627,9 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, | ||
4807 | address + PAGE_SIZE); | ||
4808 | } else { | ||
4809 | /* | ||
4810 | - * We should not need to notify here as we reach this | ||
4811 | - * case only from freeze_page() itself only call from | ||
4812 | - * split_huge_page_to_list() so everything below must | ||
4813 | - * be true: | ||
4814 | - * - page is not anonymous | ||
4815 | - * - page is locked | ||
4816 | - * | ||
4817 | - * So as it is a locked file back page thus it can not | ||
4818 | - * be remove from the page cache and replace by a new | ||
4819 | - * page before mmu_notifier_invalidate_range_end so no | ||
4820 | + * This is a locked file-backed page, thus it cannot | ||
4821 | + * be removed from the page cache and replaced by a new | ||
4822 | + * page before mmu_notifier_invalidate_range_end, so no | ||
4823 | * concurrent thread might update its page table to | ||
4824 | * point at new page while a device still is using this | ||
4825 | * page. | ||
4826 | diff --git a/mm/shmem.c b/mm/shmem.c | ||
4827 | index 38d228a30fdc..0b02b539072e 100644 | ||
4828 | --- a/mm/shmem.c | ||
4829 | +++ b/mm/shmem.c | ||
4830 | @@ -297,12 +297,14 @@ bool shmem_charge(struct inode *inode, long pages) | ||
4831 | if (!shmem_inode_acct_block(inode, pages)) | ||
4832 | return false; | ||
4833 | |||
4834 | + /* nrpages adjustment first, then shmem_recalc_inode() when balanced */ | ||
4835 | + inode->i_mapping->nrpages += pages; | ||
4836 | + | ||
4837 | spin_lock_irqsave(&info->lock, flags); | ||
4838 | info->alloced += pages; | ||
4839 | inode->i_blocks += pages * BLOCKS_PER_PAGE; | ||
4840 | shmem_recalc_inode(inode); | ||
4841 | spin_unlock_irqrestore(&info->lock, flags); | ||
4842 | - inode->i_mapping->nrpages += pages; | ||
4843 | |||
4844 | return true; | ||
4845 | } | ||
4846 | @@ -312,6 +314,8 @@ void shmem_uncharge(struct inode *inode, long pages) | ||
4847 | struct shmem_inode_info *info = SHMEM_I(inode); | ||
4848 | unsigned long flags; | ||
4849 | |||
4850 | + /* nrpages adjustment done by __delete_from_page_cache() or caller */ | ||
4851 | + | ||
4852 | spin_lock_irqsave(&info->lock, flags); | ||
4853 | info->alloced -= pages; | ||
4854 | inode->i_blocks -= pages * BLOCKS_PER_PAGE; | ||
4855 | @@ -1547,11 +1551,13 @@ static int shmem_replace_page(struct page **pagep, gfp_t gfp, | ||
4856 | { | ||
4857 | struct page *oldpage, *newpage; | ||
4858 | struct address_space *swap_mapping; | ||
4859 | + swp_entry_t entry; | ||
4860 | pgoff_t swap_index; | ||
4861 | int error; | ||
4862 | |||
4863 | oldpage = *pagep; | ||
4864 | - swap_index = page_private(oldpage); | ||
4865 | + entry.val = page_private(oldpage); | ||
4866 | + swap_index = swp_offset(entry); | ||
4867 | swap_mapping = page_mapping(oldpage); | ||
4868 | |||
4869 | /* | ||
4870 | @@ -1570,7 +1576,7 @@ static int shmem_replace_page(struct page **pagep, gfp_t gfp, | ||
4871 | __SetPageLocked(newpage); | ||
4872 | __SetPageSwapBacked(newpage); | ||
4873 | SetPageUptodate(newpage); | ||
4874 | - set_page_private(newpage, swap_index); | ||
4875 | + set_page_private(newpage, entry.val); | ||
4876 | SetPageSwapCache(newpage); | ||
4877 | |||
4878 | /* | ||
4879 | diff --git a/mm/truncate.c b/mm/truncate.c | ||
4880 | index 1d2fb2dca96f..71b65aab8077 100644 | ||
4881 | --- a/mm/truncate.c | ||
4882 | +++ b/mm/truncate.c | ||
4883 | @@ -520,9 +520,13 @@ void truncate_inode_pages_final(struct address_space *mapping) | ||
4884 | */ | ||
4885 | xa_lock_irq(&mapping->i_pages); | ||
4886 | xa_unlock_irq(&mapping->i_pages); | ||
4887 | - | ||
4888 | - truncate_inode_pages(mapping, 0); | ||
4889 | } | ||
4890 | + | ||
4891 | + /* | ||
4892 | + * Cleancache needs notification even if there are no pages or shadow | ||
4893 | + * entries. | ||
4894 | + */ | ||
4895 | + truncate_inode_pages(mapping, 0); | ||
4896 | } | ||
4897 | EXPORT_SYMBOL(truncate_inode_pages_final); | ||
4898 | |||
4899 | diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c | ||
4900 | index 5029f241908f..f0af11b1cdf3 100644 | ||
4901 | --- a/mm/userfaultfd.c | ||
4902 | +++ b/mm/userfaultfd.c | ||
4903 | @@ -205,8 +205,9 @@ retry: | ||
4904 | if (!dst_vma || !is_vm_hugetlb_page(dst_vma)) | ||
4905 | goto out_unlock; | ||
4906 | /* | ||
4907 | - * Only allow __mcopy_atomic_hugetlb on userfaultfd | ||
4908 | - * registered ranges. | ||
4909 | + * Check the vma is registered in uffd, this is | ||
4910 | + * required to enforce the VM_MAYWRITE check done at | ||
4911 | + * uffd registration time. | ||
4912 | */ | ||
4913 | if (!dst_vma->vm_userfaultfd_ctx.ctx) | ||
4914 | goto out_unlock; | ||
4915 | @@ -449,13 +450,9 @@ retry: | ||
4916 | if (!dst_vma) | ||
4917 | goto out_unlock; | ||
4918 | /* | ||
4919 | - * Be strict and only allow __mcopy_atomic on userfaultfd | ||
4920 | - * registered ranges to prevent userland errors going | ||
4921 | - * unnoticed. As far as the VM consistency is concerned, it | ||
4922 | - * would be perfectly safe to remove this check, but there's | ||
4923 | - * no useful usage for __mcopy_atomic ouside of userfaultfd | ||
4924 | - * registered ranges. This is after all why these are ioctls | ||
4925 | - * belonging to the userfaultfd and not syscalls. | ||
4926 | + * Check the vma is registered in uffd, this is required to | ||
4927 | + * enforce the VM_MAYWRITE check done at uffd registration | ||
4928 | + * time. | ||
4929 | */ | ||
4930 | if (!dst_vma->vm_userfaultfd_ctx.ctx) | ||
4931 | goto out_unlock; | ||
4932 | diff --git a/net/core/dev.c b/net/core/dev.c | ||
4933 | index 097c02101450..22af88c47756 100644 | ||
4934 | --- a/net/core/dev.c | ||
4935 | +++ b/net/core/dev.c | ||
4936 | @@ -5945,11 +5945,14 @@ bool napi_complete_done(struct napi_struct *n, int work_done) | ||
4937 | if (work_done) | ||
4938 | timeout = n->dev->gro_flush_timeout; | ||
4939 | |||
4940 | + /* When the NAPI instance uses a timeout and keeps postponing | ||
4941 | + * it, we need to bound somehow the time packets are kept in | ||
4942 | + * the GRO layer | ||
4943 | + */ | ||
4944 | + napi_gro_flush(n, !!timeout); | ||
4945 | if (timeout) | ||
4946 | hrtimer_start(&n->timer, ns_to_ktime(timeout), | ||
4947 | HRTIMER_MODE_REL_PINNED); | ||
4948 | - else | ||
4949 | - napi_gro_flush(n, false); | ||
4950 | } | ||
4951 | if (unlikely(!list_empty(&n->poll_list))) { | ||
4952 | /* If n->poll_list is not empty, we need to mask irqs */ | ||
4953 | diff --git a/net/core/skbuff.c b/net/core/skbuff.c | ||
4954 | index f817f336595d..abbbd7fd17fe 100644 | ||
4955 | --- a/net/core/skbuff.c | ||
4956 | +++ b/net/core/skbuff.c | ||
4957 | @@ -4912,6 +4912,11 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet) | ||
4958 | nf_reset(skb); | ||
4959 | nf_reset_trace(skb); | ||
4960 | |||
4961 | +#ifdef CONFIG_NET_SWITCHDEV | ||
4962 | + skb->offload_fwd_mark = 0; | ||
4963 | + skb->offload_mr_fwd_mark = 0; | ||
4964 | +#endif | ||
4965 | + | ||
4966 | if (!xnet) | ||
4967 | return; | ||
4968 | |||
4969 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c | ||
4970 | index 72898cbef43d..664fa7d8f7d9 100644 | ||
4971 | --- a/net/ipv4/tcp_input.c | ||
4972 | +++ b/net/ipv4/tcp_input.c | ||
4973 | @@ -4276,7 +4276,7 @@ static void tcp_sack_new_ofo_skb(struct sock *sk, u32 seq, u32 end_seq) | ||
4974 | * If the sack array is full, forget about the last one. | ||
4975 | */ | ||
4976 | if (this_sack >= TCP_NUM_SACKS) { | ||
4977 | - if (tp->compressed_ack) | ||
4978 | + if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) | ||
4979 | tcp_send_ack(sk); | ||
4980 | this_sack--; | ||
4981 | tp->rx_opt.num_sacks--; | ||
4982 | @@ -5196,7 +5196,17 @@ send_now: | ||
4983 | if (!tcp_is_sack(tp) || | ||
4984 | tp->compressed_ack >= sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr) | ||
4985 | goto send_now; | ||
4986 | - tp->compressed_ack++; | ||
4987 | + | ||
4988 | + if (tp->compressed_ack_rcv_nxt != tp->rcv_nxt) { | ||
4989 | + tp->compressed_ack_rcv_nxt = tp->rcv_nxt; | ||
4990 | + if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) | ||
4991 | + NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED, | ||
4992 | + tp->compressed_ack - TCP_FASTRETRANS_THRESH); | ||
4993 | + tp->compressed_ack = 0; | ||
4994 | + } | ||
4995 | + | ||
4996 | + if (++tp->compressed_ack <= TCP_FASTRETRANS_THRESH) | ||
4997 | + goto send_now; | ||
4998 | |||
4999 | if (hrtimer_is_queued(&tp->compressed_ack_timer)) | ||
5000 | return; | ||
5001 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c | ||
5002 | index 597dbd749f05..68f65ddf9e3c 100644 | ||
5003 | --- a/net/ipv4/tcp_output.c | ||
5004 | +++ b/net/ipv4/tcp_output.c | ||
5005 | @@ -165,10 +165,10 @@ static inline void tcp_event_ack_sent(struct sock *sk, unsigned int pkts, | ||
5006 | { | ||
5007 | struct tcp_sock *tp = tcp_sk(sk); | ||
5008 | |||
5009 | - if (unlikely(tp->compressed_ack)) { | ||
5010 | + if (unlikely(tp->compressed_ack > TCP_FASTRETRANS_THRESH)) { | ||
5011 | NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED, | ||
5012 | - tp->compressed_ack); | ||
5013 | - tp->compressed_ack = 0; | ||
5014 | + tp->compressed_ack - TCP_FASTRETRANS_THRESH); | ||
5015 | + tp->compressed_ack = TCP_FASTRETRANS_THRESH; | ||
5016 | if (hrtimer_try_to_cancel(&tp->compressed_ack_timer) == 1) | ||
5017 | __sock_put(sk); | ||
5018 | } | ||
5019 | diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c | ||
5020 | index 7fdf222a0bdf..57eae8d70ba1 100644 | ||
5021 | --- a/net/ipv4/tcp_timer.c | ||
5022 | +++ b/net/ipv4/tcp_timer.c | ||
5023 | @@ -740,7 +740,7 @@ static enum hrtimer_restart tcp_compressed_ack_kick(struct hrtimer *timer) | ||
5024 | |||
5025 | bh_lock_sock(sk); | ||
5026 | if (!sock_owned_by_user(sk)) { | ||
5027 | - if (tp->compressed_ack) | ||
5028 | + if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) | ||
5029 | tcp_send_ack(sk); | ||
5030 | } else { | ||
5031 | if (!test_and_set_bit(TCP_DELACK_TIMER_DEFERRED, | ||
5032 | diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c | ||
5033 | index d6e94dc7e290..6477b131e809 100644 | ||
5034 | --- a/net/packet/af_packet.c | ||
5035 | +++ b/net/packet/af_packet.c | ||
5036 | @@ -2394,7 +2394,7 @@ static void tpacket_destruct_skb(struct sk_buff *skb) | ||
5037 | void *ph; | ||
5038 | __u32 ts; | ||
5039 | |||
5040 | - ph = skb_shinfo(skb)->destructor_arg; | ||
5041 | + ph = skb_zcopy_get_nouarg(skb); | ||
5042 | packet_dec_pending(&po->tx_ring); | ||
5043 | |||
5044 | ts = __packet_set_timestamp(po, ph, skb); | ||
5045 | @@ -2461,7 +2461,7 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, | ||
5046 | skb->mark = po->sk.sk_mark; | ||
5047 | skb->tstamp = sockc->transmit_time; | ||
5048 | sock_tx_timestamp(&po->sk, sockc->tsflags, &skb_shinfo(skb)->tx_flags); | ||
5049 | - skb_shinfo(skb)->destructor_arg = ph.raw; | ||
5050 | + skb_zcopy_set_nouarg(skb, ph.raw); | ||
5051 | |||
5052 | skb_reserve(skb, hlen); | ||
5053 | skb_reset_network_header(skb); | ||
5054 | diff --git a/net/tipc/node.c b/net/tipc/node.c | ||
5055 | index 2afc4f8c37a7..488019766433 100644 | ||
5056 | --- a/net/tipc/node.c | ||
5057 | +++ b/net/tipc/node.c | ||
5058 | @@ -584,12 +584,15 @@ static void tipc_node_clear_links(struct tipc_node *node) | ||
5059 | /* tipc_node_cleanup - delete nodes that does not | ||
5060 | * have active links for NODE_CLEANUP_AFTER time | ||
5061 | */ | ||
5062 | -static int tipc_node_cleanup(struct tipc_node *peer) | ||
5063 | +static bool tipc_node_cleanup(struct tipc_node *peer) | ||
5064 | { | ||
5065 | struct tipc_net *tn = tipc_net(peer->net); | ||
5066 | bool deleted = false; | ||
5067 | |||
5068 | - spin_lock_bh(&tn->node_list_lock); | ||
5069 | + /* If lock held by tipc_node_stop() the node will be deleted anyway */ | ||
5070 | + if (!spin_trylock_bh(&tn->node_list_lock)) | ||
5071 | + return false; | ||
5072 | + | ||
5073 | tipc_node_write_lock(peer); | ||
5074 | |||
5075 | if (!node_is_up(peer) && time_after(jiffies, peer->delete_at)) { | ||
5076 | diff --git a/scripts/Makefile.build b/scripts/Makefile.build | ||
5077 | index 54da4b070db3..64fac0ad32d6 100644 | ||
5078 | --- a/scripts/Makefile.build | ||
5079 | +++ b/scripts/Makefile.build | ||
5080 | @@ -248,10 +248,8 @@ ifdef CONFIG_GCOV_KERNEL | ||
5081 | objtool_args += --no-unreachable | ||
5082 | endif | ||
5083 | ifdef CONFIG_RETPOLINE | ||
5084 | -ifneq ($(RETPOLINE_CFLAGS),) | ||
5085 | objtool_args += --retpoline | ||
5086 | endif | ||
5087 | -endif | ||
5088 | |||
5089 | |||
5090 | ifdef CONFIG_MODVERSIONS | ||
5091 | diff --git a/sound/core/control.c b/sound/core/control.c | ||
5092 | index 9aa15bfc7936..649d3217590e 100644 | ||
5093 | --- a/sound/core/control.c | ||
5094 | +++ b/sound/core/control.c | ||
5095 | @@ -348,6 +348,40 @@ static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) | ||
5096 | return 0; | ||
5097 | } | ||
5098 | |||
5099 | +/* add a new kcontrol object; call with card->controls_rwsem locked */ | ||
5100 | +static int __snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) | ||
5101 | +{ | ||
5102 | + struct snd_ctl_elem_id id; | ||
5103 | + unsigned int idx; | ||
5104 | + unsigned int count; | ||
5105 | + | ||
5106 | + id = kcontrol->id; | ||
5107 | + if (id.index > UINT_MAX - kcontrol->count) | ||
5108 | + return -EINVAL; | ||
5109 | + | ||
5110 | + if (snd_ctl_find_id(card, &id)) { | ||
5111 | + dev_err(card->dev, | ||
5112 | + "control %i:%i:%i:%s:%i is already present\n", | ||
5113 | + id.iface, id.device, id.subdevice, id.name, id.index); | ||
5114 | + return -EBUSY; | ||
5115 | + } | ||
5116 | + | ||
5117 | + if (snd_ctl_find_hole(card, kcontrol->count) < 0) | ||
5118 | + return -ENOMEM; | ||
5119 | + | ||
5120 | + list_add_tail(&kcontrol->list, &card->controls); | ||
5121 | + card->controls_count += kcontrol->count; | ||
5122 | + kcontrol->id.numid = card->last_numid + 1; | ||
5123 | + card->last_numid += kcontrol->count; | ||
5124 | + | ||
5125 | + id = kcontrol->id; | ||
5126 | + count = kcontrol->count; | ||
5127 | + for (idx = 0; idx < count; idx++, id.index++, id.numid++) | ||
5128 | + snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); | ||
5129 | + | ||
5130 | + return 0; | ||
5131 | +} | ||
5132 | + | ||
5133 | /** | ||
5134 | * snd_ctl_add - add the control instance to the card | ||
5135 | * @card: the card instance | ||
5136 | @@ -364,45 +398,18 @@ static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) | ||
5137 | */ | ||
5138 | int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) | ||
5139 | { | ||
5140 | - struct snd_ctl_elem_id id; | ||
5141 | - unsigned int idx; | ||
5142 | - unsigned int count; | ||
5143 | int err = -EINVAL; | ||
5144 | |||
5145 | if (! kcontrol) | ||
5146 | return err; | ||
5147 | if (snd_BUG_ON(!card || !kcontrol->info)) | ||
5148 | goto error; | ||
5149 | - id = kcontrol->id; | ||
5150 | - if (id.index > UINT_MAX - kcontrol->count) | ||
5151 | - goto error; | ||
5152 | |||
5153 | down_write(&card->controls_rwsem); | ||
5154 | - if (snd_ctl_find_id(card, &id)) { | ||
5155 | - up_write(&card->controls_rwsem); | ||
5156 | - dev_err(card->dev, "control %i:%i:%i:%s:%i is already present\n", | ||
5157 | - id.iface, | ||
5158 | - id.device, | ||
5159 | - id.subdevice, | ||
5160 | - id.name, | ||
5161 | - id.index); | ||
5162 | - err = -EBUSY; | ||
5163 | - goto error; | ||
5164 | - } | ||
5165 | - if (snd_ctl_find_hole(card, kcontrol->count) < 0) { | ||
5166 | - up_write(&card->controls_rwsem); | ||
5167 | - err = -ENOMEM; | ||
5168 | - goto error; | ||
5169 | - } | ||
5170 | - list_add_tail(&kcontrol->list, &card->controls); | ||
5171 | - card->controls_count += kcontrol->count; | ||
5172 | - kcontrol->id.numid = card->last_numid + 1; | ||
5173 | - card->last_numid += kcontrol->count; | ||
5174 | - id = kcontrol->id; | ||
5175 | - count = kcontrol->count; | ||
5176 | + err = __snd_ctl_add(card, kcontrol); | ||
5177 | up_write(&card->controls_rwsem); | ||
5178 | - for (idx = 0; idx < count; idx++, id.index++, id.numid++) | ||
5179 | - snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); | ||
5180 | + if (err < 0) | ||
5181 | + goto error; | ||
5182 | return 0; | ||
5183 | |||
5184 | error: | ||
5185 | @@ -1361,9 +1368,12 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file, | ||
5186 | kctl->tlv.c = snd_ctl_elem_user_tlv; | ||
5187 | |||
5188 | /* This function manage to free the instance on failure. */ | ||
5189 | - err = snd_ctl_add(card, kctl); | ||
5190 | - if (err < 0) | ||
5191 | - return err; | ||
5192 | + down_write(&card->controls_rwsem); | ||
5193 | + err = __snd_ctl_add(card, kctl); | ||
5194 | + if (err < 0) { | ||
5195 | + snd_ctl_free_one(kctl); | ||
5196 | + goto unlock; | ||
5197 | + } | ||
5198 | offset = snd_ctl_get_ioff(kctl, &info->id); | ||
5199 | snd_ctl_build_ioff(&info->id, kctl, offset); | ||
5200 | /* | ||
5201 | @@ -1374,10 +1384,10 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file, | ||
5202 | * which locks the element. | ||
5203 | */ | ||
5204 | |||
5205 | - down_write(&card->controls_rwsem); | ||
5206 | card->user_ctl_count++; | ||
5207 | - up_write(&card->controls_rwsem); | ||
5208 | |||
5209 | + unlock: | ||
5210 | + up_write(&card->controls_rwsem); | ||
5211 | return 0; | ||
5212 | } | ||
5213 | |||
5214 | diff --git a/sound/isa/wss/wss_lib.c b/sound/isa/wss/wss_lib.c | ||
5215 | index 32453f81b95a..3a5008837576 100644 | ||
5216 | --- a/sound/isa/wss/wss_lib.c | ||
5217 | +++ b/sound/isa/wss/wss_lib.c | ||
5218 | @@ -1531,7 +1531,6 @@ static int snd_wss_playback_open(struct snd_pcm_substream *substream) | ||
5219 | if (err < 0) { | ||
5220 | if (chip->release_dma) | ||
5221 | chip->release_dma(chip, chip->dma_private_data, chip->dma1); | ||
5222 | - snd_free_pages(runtime->dma_area, runtime->dma_bytes); | ||
5223 | return err; | ||
5224 | } | ||
5225 | chip->playback_substream = substream; | ||
5226 | @@ -1572,7 +1571,6 @@ static int snd_wss_capture_open(struct snd_pcm_substream *substream) | ||
5227 | if (err < 0) { | ||
5228 | if (chip->release_dma) | ||
5229 | chip->release_dma(chip, chip->dma_private_data, chip->dma2); | ||
5230 | - snd_free_pages(runtime->dma_area, runtime->dma_bytes); | ||
5231 | return err; | ||
5232 | } | ||
5233 | chip->capture_substream = substream; | ||
5234 | diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c | ||
5235 | index f4459d1a9d67..27b468f057dd 100644 | ||
5236 | --- a/sound/pci/ac97/ac97_codec.c | ||
5237 | +++ b/sound/pci/ac97/ac97_codec.c | ||
5238 | @@ -824,7 +824,7 @@ static int snd_ac97_put_spsa(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_ | ||
5239 | { | ||
5240 | struct snd_ac97 *ac97 = snd_kcontrol_chip(kcontrol); | ||
5241 | int reg = kcontrol->private_value & 0xff; | ||
5242 | - int shift = (kcontrol->private_value >> 8) & 0xff; | ||
5243 | + int shift = (kcontrol->private_value >> 8) & 0x0f; | ||
5244 | int mask = (kcontrol->private_value >> 16) & 0xff; | ||
5245 | // int invert = (kcontrol->private_value >> 24) & 0xff; | ||
5246 | unsigned short value, old, new; | ||
5247 | diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c | ||
5248 | index 625cb6c7b7d6..5810be2c6c34 100644 | ||
5249 | --- a/sound/pci/hda/hda_intel.c | ||
5250 | +++ b/sound/pci/hda/hda_intel.c | ||
5251 | @@ -2256,6 +2256,8 @@ static struct snd_pci_quirk power_save_blacklist[] = { | ||
5252 | /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ | ||
5253 | SND_PCI_QUIRK(0x1849, 0xc892, "Asrock B85M-ITX", 0), | ||
5254 | /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ | ||
5255 | + SND_PCI_QUIRK(0x1849, 0x0397, "Asrock N68C-S UCC", 0), | ||
5256 | + /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ | ||
5257 | SND_PCI_QUIRK(0x1849, 0x7662, "Asrock H81M-HDS", 0), | ||
5258 | /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ | ||
5259 | SND_PCI_QUIRK(0x1043, 0x8733, "Asus Prime X370-Pro", 0), | ||
5260 | diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c | ||
5261 | index e58537e13ad3..cf5d26642bcd 100644 | ||
5262 | --- a/sound/pci/hda/patch_realtek.c | ||
5263 | +++ b/sound/pci/hda/patch_realtek.c | ||
5264 | @@ -388,6 +388,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec) | ||
5265 | case 0x10ec0285: | ||
5266 | case 0x10ec0298: | ||
5267 | case 0x10ec0289: | ||
5268 | + case 0x10ec0300: | ||
5269 | alc_update_coef_idx(codec, 0x10, 1<<9, 0); | ||
5270 | break; | ||
5271 | case 0x10ec0275: | ||
5272 | @@ -2830,6 +2831,7 @@ enum { | ||
5273 | ALC269_TYPE_ALC215, | ||
5274 | ALC269_TYPE_ALC225, | ||
5275 | ALC269_TYPE_ALC294, | ||
5276 | + ALC269_TYPE_ALC300, | ||
5277 | ALC269_TYPE_ALC700, | ||
5278 | }; | ||
5279 | |||
5280 | @@ -2864,6 +2866,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec) | ||
5281 | case ALC269_TYPE_ALC215: | ||
5282 | case ALC269_TYPE_ALC225: | ||
5283 | case ALC269_TYPE_ALC294: | ||
5284 | + case ALC269_TYPE_ALC300: | ||
5285 | case ALC269_TYPE_ALC700: | ||
5286 | ssids = alc269_ssids; | ||
5287 | break; | ||
5288 | @@ -5358,6 +5361,16 @@ static void alc274_fixup_bind_dacs(struct hda_codec *codec, | ||
5289 | spec->gen.preferred_dacs = preferred_pairs; | ||
5290 | } | ||
5291 | |||
5292 | +/* The DAC of NID 0x3 will introduce click/pop noise on headphones, so invalidate it */ | ||
5293 | +static void alc285_fixup_invalidate_dacs(struct hda_codec *codec, | ||
5294 | + const struct hda_fixup *fix, int action) | ||
5295 | +{ | ||
5296 | + if (action != HDA_FIXUP_ACT_PRE_PROBE) | ||
5297 | + return; | ||
5298 | + | ||
5299 | + snd_hda_override_wcaps(codec, 0x03, 0); | ||
5300 | +} | ||
5301 | + | ||
5302 | /* for hda_fixup_thinkpad_acpi() */ | ||
5303 | #include "thinkpad_helper.c" | ||
5304 | |||
5305 | @@ -5495,6 +5508,8 @@ enum { | ||
5306 | ALC255_FIXUP_DELL_HEADSET_MIC, | ||
5307 | ALC295_FIXUP_HP_X360, | ||
5308 | ALC221_FIXUP_HP_HEADSET_MIC, | ||
5309 | + ALC285_FIXUP_LENOVO_HEADPHONE_NOISE, | ||
5310 | + ALC295_FIXUP_HP_AUTO_MUTE, | ||
5311 | }; | ||
5312 | |||
5313 | static const struct hda_fixup alc269_fixups[] = { | ||
5314 | @@ -5659,6 +5674,8 @@ static const struct hda_fixup alc269_fixups[] = { | ||
5315 | [ALC269_FIXUP_HP_MUTE_LED_MIC3] = { | ||
5316 | .type = HDA_FIXUP_FUNC, | ||
5317 | .v.func = alc269_fixup_hp_mute_led_mic3, | ||
5318 | + .chained = true, | ||
5319 | + .chain_id = ALC295_FIXUP_HP_AUTO_MUTE | ||
5320 | }, | ||
5321 | [ALC269_FIXUP_HP_GPIO_LED] = { | ||
5322 | .type = HDA_FIXUP_FUNC, | ||
5323 | @@ -6362,6 +6379,14 @@ static const struct hda_fixup alc269_fixups[] = { | ||
5324 | .chained = true, | ||
5325 | .chain_id = ALC269_FIXUP_HEADSET_MIC | ||
5326 | }, | ||
5327 | + [ALC285_FIXUP_LENOVO_HEADPHONE_NOISE] = { | ||
5328 | + .type = HDA_FIXUP_FUNC, | ||
5329 | + .v.func = alc285_fixup_invalidate_dacs, | ||
5330 | + }, | ||
5331 | + [ALC295_FIXUP_HP_AUTO_MUTE] = { | ||
5332 | + .type = HDA_FIXUP_FUNC, | ||
5333 | + .v.func = alc_fixup_auto_mute_via_amp, | ||
5334 | + }, | ||
5335 | }; | ||
5336 | |||
5337 | static const struct snd_pci_quirk alc269_fixup_tbl[] = { | ||
5338 | @@ -6532,6 +6557,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { | ||
5339 | SND_PCI_QUIRK(0x144d, 0xc740, "Samsung Ativ book 8 (NP870Z5G)", ALC269_FIXUP_ATIV_BOOK_8), | ||
5340 | SND_PCI_QUIRK(0x1458, 0xfa53, "Gigabyte BXBT-2807", ALC283_FIXUP_HEADSET_MIC), | ||
5341 | SND_PCI_QUIRK(0x1462, 0xb120, "MSI Cubi MS-B120", ALC283_FIXUP_HEADSET_MIC), | ||
5342 | + SND_PCI_QUIRK(0x1462, 0xb171, "Cubi N 8GL (MS-B171)", ALC283_FIXUP_HEADSET_MIC), | ||
5343 | SND_PCI_QUIRK(0x17aa, 0x1036, "Lenovo P520", ALC233_FIXUP_LENOVO_MULTI_CODECS), | ||
5344 | SND_PCI_QUIRK(0x17aa, 0x20f2, "Thinkpad SL410/510", ALC269_FIXUP_SKU_IGNORE), | ||
5345 | SND_PCI_QUIRK(0x17aa, 0x215e, "Thinkpad L512", ALC269_FIXUP_SKU_IGNORE), | ||
5346 | @@ -7034,6 +7060,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { | ||
5347 | {0x12, 0x90a60130}, | ||
5348 | {0x19, 0x03a11020}, | ||
5349 | {0x21, 0x0321101f}), | ||
5350 | + SND_HDA_PIN_QUIRK(0x10ec0285, 0x17aa, "Lenovo", ALC285_FIXUP_LENOVO_HEADPHONE_NOISE, | ||
5351 | + {0x12, 0x90a60130}, | ||
5352 | + {0x14, 0x90170110}, | ||
5353 | + {0x19, 0x04a11040}, | ||
5354 | + {0x21, 0x04211020}), | ||
5355 | SND_HDA_PIN_QUIRK(0x10ec0288, 0x1028, "Dell", ALC288_FIXUP_DELL1_MIC_NO_PRESENCE, | ||
5356 | {0x12, 0x90a60120}, | ||
5357 | {0x14, 0x90170110}, | ||
5358 | @@ -7295,6 +7326,10 @@ static int patch_alc269(struct hda_codec *codec) | ||
5359 | spec->gen.mixer_nid = 0; /* ALC2x4 does not have any loopback mixer path */ | ||
5360 | alc_update_coef_idx(codec, 0x6b, 0x0018, (1<<4) | (1<<3)); /* UAJ MIC Vref control by verb */ | ||
5361 | break; | ||
5362 | + case 0x10ec0300: | ||
5363 | + spec->codec_variant = ALC269_TYPE_ALC300; | ||
5364 | + spec->gen.mixer_nid = 0; /* no loopback on ALC300 */ | ||
5365 | + break; | ||
5366 | case 0x10ec0700: | ||
5367 | case 0x10ec0701: | ||
5368 | case 0x10ec0703: | ||
5369 | @@ -8404,6 +8439,7 @@ static const struct hda_device_id snd_hda_id_realtek[] = { | ||
5370 | HDA_CODEC_ENTRY(0x10ec0295, "ALC295", patch_alc269), | ||
5371 | HDA_CODEC_ENTRY(0x10ec0298, "ALC298", patch_alc269), | ||
5372 | HDA_CODEC_ENTRY(0x10ec0299, "ALC299", patch_alc269), | ||
5373 | + HDA_CODEC_ENTRY(0x10ec0300, "ALC300", patch_alc269), | ||
5374 | HDA_CODEC_REV_ENTRY(0x10ec0861, 0x100340, "ALC660", patch_alc861), | ||
5375 | HDA_CODEC_ENTRY(0x10ec0660, "ALC660-VD", patch_alc861vd), | ||
5376 | HDA_CODEC_ENTRY(0x10ec0861, "ALC861", patch_alc861), | ||
5377 | diff --git a/sound/soc/codecs/pcm186x.h b/sound/soc/codecs/pcm186x.h | ||
5378 | index 2c6ba55bf394..bb3f0c42a1cd 100644 | ||
5379 | --- a/sound/soc/codecs/pcm186x.h | ||
5380 | +++ b/sound/soc/codecs/pcm186x.h | ||
5381 | @@ -139,7 +139,7 @@ enum pcm186x_type { | ||
5382 | #define PCM186X_MAX_REGISTER PCM186X_CURR_TRIM_CTRL | ||
5383 | |||
5384 | /* PCM186X_PAGE */ | ||
5385 | -#define PCM186X_RESET 0xff | ||
5386 | +#define PCM186X_RESET 0xfe | ||
5387 | |||
5388 | /* PCM186X_ADCX_INPUT_SEL_X */ | ||
5389 | #define PCM186X_ADC_INPUT_SEL_POL BIT(7) | ||
5390 | diff --git a/sound/soc/intel/boards/cht_bsw_max98090_ti.c b/sound/soc/intel/boards/cht_bsw_max98090_ti.c | ||
5391 | index db6976f4ddaa..9d9f6e41d81c 100644 | ||
5392 | --- a/sound/soc/intel/boards/cht_bsw_max98090_ti.c | ||
5393 | +++ b/sound/soc/intel/boards/cht_bsw_max98090_ti.c | ||
5394 | @@ -19,6 +19,7 @@ | ||
5395 | * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
5396 | */ | ||
5397 | |||
5398 | +#include <linux/dmi.h> | ||
5399 | #include <linux/module.h> | ||
5400 | #include <linux/platform_device.h> | ||
5401 | #include <linux/slab.h> | ||
5402 | @@ -35,6 +36,8 @@ | ||
5403 | #define CHT_PLAT_CLK_3_HZ 19200000 | ||
5404 | #define CHT_CODEC_DAI "HiFi" | ||
5405 | |||
5406 | +#define QUIRK_PMC_PLT_CLK_0 0x01 | ||
5407 | + | ||
5408 | struct cht_mc_private { | ||
5409 | struct clk *mclk; | ||
5410 | struct snd_soc_jack jack; | ||
5411 | @@ -385,11 +388,29 @@ static struct snd_soc_card snd_soc_card_cht = { | ||
5412 | .num_controls = ARRAY_SIZE(cht_mc_controls), | ||
5413 | }; | ||
5414 | |||
5415 | +static const struct dmi_system_id cht_max98090_quirk_table[] = { | ||
5416 | + { | ||
5417 | + /* Swanky model Chromebook (Toshiba Chromebook 2) */ | ||
5418 | + .matches = { | ||
5419 | + DMI_MATCH(DMI_PRODUCT_NAME, "Swanky"), | ||
5420 | + }, | ||
5421 | + .driver_data = (void *)QUIRK_PMC_PLT_CLK_0, | ||
5422 | + }, | ||
5423 | + {} | ||
5424 | +}; | ||
5425 | + | ||
5426 | static int snd_cht_mc_probe(struct platform_device *pdev) | ||
5427 | { | ||
5428 | + const struct dmi_system_id *dmi_id; | ||
5429 | struct device *dev = &pdev->dev; | ||
5430 | int ret_val = 0; | ||
5431 | struct cht_mc_private *drv; | ||
5432 | + const char *mclk_name; | ||
5433 | + int quirks = 0; | ||
5434 | + | ||
5435 | + dmi_id = dmi_first_match(cht_max98090_quirk_table); | ||
5436 | + if (dmi_id) | ||
5437 | + quirks = (unsigned long)dmi_id->driver_data; | ||
5438 | |||
5439 | drv = devm_kzalloc(&pdev->dev, sizeof(*drv), GFP_KERNEL); | ||
5440 | if (!drv) | ||
5441 | @@ -411,11 +432,16 @@ static int snd_cht_mc_probe(struct platform_device *pdev) | ||
5442 | snd_soc_card_cht.dev = &pdev->dev; | ||
5443 | snd_soc_card_set_drvdata(&snd_soc_card_cht, drv); | ||
5444 | |||
5445 | - drv->mclk = devm_clk_get(&pdev->dev, "pmc_plt_clk_3"); | ||
5446 | + if (quirks & QUIRK_PMC_PLT_CLK_0) | ||
5447 | + mclk_name = "pmc_plt_clk_0"; | ||
5448 | + else | ||
5449 | + mclk_name = "pmc_plt_clk_3"; | ||
5450 | + | ||
5451 | + drv->mclk = devm_clk_get(&pdev->dev, mclk_name); | ||
5452 | if (IS_ERR(drv->mclk)) { | ||
5453 | dev_err(&pdev->dev, | ||
5454 | - "Failed to get MCLK from pmc_plt_clk_3: %ld\n", | ||
5455 | - PTR_ERR(drv->mclk)); | ||
5456 | + "Failed to get MCLK from %s: %ld\n", | ||
5457 | + mclk_name, PTR_ERR(drv->mclk)); | ||
5458 | return PTR_ERR(drv->mclk); | ||
5459 | } | ||
5460 | |||
5461 | diff --git a/sound/sparc/cs4231.c b/sound/sparc/cs4231.c | ||
5462 | index e73c962590eb..079063d8038d 100644 | ||
5463 | --- a/sound/sparc/cs4231.c | ||
5464 | +++ b/sound/sparc/cs4231.c | ||
5465 | @@ -1146,10 +1146,8 @@ static int snd_cs4231_playback_open(struct snd_pcm_substream *substream) | ||
5466 | runtime->hw = snd_cs4231_playback; | ||
5467 | |||
5468 | err = snd_cs4231_open(chip, CS4231_MODE_PLAY); | ||
5469 | - if (err < 0) { | ||
5470 | - snd_free_pages(runtime->dma_area, runtime->dma_bytes); | ||
5471 | + if (err < 0) | ||
5472 | return err; | ||
5473 | - } | ||
5474 | chip->playback_substream = substream; | ||
5475 | chip->p_periods_sent = 0; | ||
5476 | snd_pcm_set_sync(substream); | ||
5477 | @@ -1167,10 +1165,8 @@ static int snd_cs4231_capture_open(struct snd_pcm_substream *substream) | ||
5478 | runtime->hw = snd_cs4231_capture; | ||
5479 | |||
5480 | err = snd_cs4231_open(chip, CS4231_MODE_RECORD); | ||
5481 | - if (err < 0) { | ||
5482 | - snd_free_pages(runtime->dma_area, runtime->dma_bytes); | ||
5483 | + if (err < 0) | ||
5484 | return err; | ||
5485 | - } | ||
5486 | chip->capture_substream = substream; | ||
5487 | chip->c_periods_sent = 0; | ||
5488 | snd_pcm_set_sync(substream); | ||
5489 | diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/prctl.h | ||
5490 | index c0d7ea0bf5b6..b17201edfa09 100644 | ||
5491 | --- a/tools/include/uapi/linux/prctl.h | ||
5492 | +++ b/tools/include/uapi/linux/prctl.h | ||
5493 | @@ -212,6 +212,7 @@ struct prctl_mm_map { | ||
5494 | #define PR_SET_SPECULATION_CTRL 53 | ||
5495 | /* Speculation control variants */ | ||
5496 | # define PR_SPEC_STORE_BYPASS 0 | ||
5497 | +# define PR_SPEC_INDIRECT_BRANCH 1 | ||
5498 | /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ | ||
5499 | # define PR_SPEC_NOT_AFFECTED 0 | ||
5500 | # define PR_SPEC_PRCTL (1UL << 0) |