Contents of /trunk/kernel-alx/patches-4.19/0106-4.19.7-all-fixes.patch
Parent Directory | Revision Log
Revision 3385 -
(show annotations)
(download)
Fri Aug 2 11:47:07 2019 UTC (5 years, 1 month ago) by niro
File size: 184818 byte(s)
Fri Aug 2 11:47:07 2019 UTC (5 years, 1 month ago) by niro
File size: 184818 byte(s)
-linux-4.19.7
1 | diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt |
2 | index fa4eec22816d..0c404cda531a 100644 |
3 | --- a/Documentation/admin-guide/kernel-parameters.txt |
4 | +++ b/Documentation/admin-guide/kernel-parameters.txt |
5 | @@ -4169,9 +4169,13 @@ |
6 | |
7 | spectre_v2= [X86] Control mitigation of Spectre variant 2 |
8 | (indirect branch speculation) vulnerability. |
9 | + The default operation protects the kernel from |
10 | + user space attacks. |
11 | |
12 | - on - unconditionally enable |
13 | - off - unconditionally disable |
14 | + on - unconditionally enable, implies |
15 | + spectre_v2_user=on |
16 | + off - unconditionally disable, implies |
17 | + spectre_v2_user=off |
18 | auto - kernel detects whether your CPU model is |
19 | vulnerable |
20 | |
21 | @@ -4181,6 +4185,12 @@ |
22 | CONFIG_RETPOLINE configuration option, and the |
23 | compiler with which the kernel was built. |
24 | |
25 | + Selecting 'on' will also enable the mitigation |
26 | + against user space to user space task attacks. |
27 | + |
28 | + Selecting 'off' will disable both the kernel and |
29 | + the user space protections. |
30 | + |
31 | Specific mitigations can also be selected manually: |
32 | |
33 | retpoline - replace indirect branches |
34 | @@ -4190,6 +4200,48 @@ |
35 | Not specifying this option is equivalent to |
36 | spectre_v2=auto. |
37 | |
38 | + spectre_v2_user= |
39 | + [X86] Control mitigation of Spectre variant 2 |
40 | + (indirect branch speculation) vulnerability between |
41 | + user space tasks |
42 | + |
43 | + on - Unconditionally enable mitigations. Is |
44 | + enforced by spectre_v2=on |
45 | + |
46 | + off - Unconditionally disable mitigations. Is |
47 | + enforced by spectre_v2=off |
48 | + |
49 | + prctl - Indirect branch speculation is enabled, |
50 | + but mitigation can be enabled via prctl |
51 | + per thread. The mitigation control state |
52 | + is inherited on fork. |
53 | + |
54 | + prctl,ibpb |
55 | + - Like "prctl" above, but only STIBP is |
56 | + controlled per thread. IBPB is issued |
57 | + always when switching between different user |
58 | + space processes. |
59 | + |
60 | + seccomp |
61 | + - Same as "prctl" above, but all seccomp |
62 | + threads will enable the mitigation unless |
63 | + they explicitly opt out. |
64 | + |
65 | + seccomp,ibpb |
66 | + - Like "seccomp" above, but only STIBP is |
67 | + controlled per thread. IBPB is issued |
68 | + always when switching between different |
69 | + user space processes. |
70 | + |
71 | + auto - Kernel selects the mitigation depending on |
72 | + the available CPU features and vulnerability. |
73 | + |
74 | + Default mitigation: |
75 | + If CONFIG_SECCOMP=y then "seccomp", otherwise "prctl" |
76 | + |
77 | + Not specifying this option is equivalent to |
78 | + spectre_v2_user=auto. |
79 | + |
80 | spec_store_bypass_disable= |
81 | [HW] Control Speculative Store Bypass (SSB) Disable mitigation |
82 | (Speculative Store Bypass vulnerability) |
83 | diff --git a/Documentation/userspace-api/spec_ctrl.rst b/Documentation/userspace-api/spec_ctrl.rst |
84 | index 32f3d55c54b7..c4dbe6f7cdae 100644 |
85 | --- a/Documentation/userspace-api/spec_ctrl.rst |
86 | +++ b/Documentation/userspace-api/spec_ctrl.rst |
87 | @@ -92,3 +92,12 @@ Speculation misfeature controls |
88 | * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0); |
89 | * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); |
90 | * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0); |
91 | + |
92 | +- PR_SPEC_INDIR_BRANCH: Indirect Branch Speculation in User Processes |
93 | + (Mitigate Spectre V2 style attacks against user processes) |
94 | + |
95 | + Invocations: |
96 | + * prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, 0, 0, 0); |
97 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_ENABLE, 0, 0); |
98 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_DISABLE, 0, 0); |
99 | + * prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_INDIRECT_BRANCH, PR_SPEC_FORCE_DISABLE, 0, 0); |
100 | diff --git a/Makefile b/Makefile |
101 | index 20cbb8e84650..d2b4efcfb388 100644 |
102 | --- a/Makefile |
103 | +++ b/Makefile |
104 | @@ -1,7 +1,7 @@ |
105 | # SPDX-License-Identifier: GPL-2.0 |
106 | VERSION = 4 |
107 | PATCHLEVEL = 19 |
108 | -SUBLEVEL = 6 |
109 | +SUBLEVEL = 7 |
110 | EXTRAVERSION = |
111 | NAME = "People's Front" |
112 | |
113 | diff --git a/arch/arm/boot/dts/rk3288-veyron.dtsi b/arch/arm/boot/dts/rk3288-veyron.dtsi |
114 | index 2075120cfc4d..d8bf939a3aff 100644 |
115 | --- a/arch/arm/boot/dts/rk3288-veyron.dtsi |
116 | +++ b/arch/arm/boot/dts/rk3288-veyron.dtsi |
117 | @@ -10,7 +10,11 @@ |
118 | #include "rk3288.dtsi" |
119 | |
120 | / { |
121 | - memory@0 { |
122 | + /* |
123 | + * The default coreboot on veyron devices ignores memory@0 nodes |
124 | + * and would instead create another memory node. |
125 | + */ |
126 | + memory { |
127 | device_type = "memory"; |
128 | reg = <0x0 0x0 0x0 0x80000000>; |
129 | }; |
130 | diff --git a/arch/arm/kernel/ftrace.c b/arch/arm/kernel/ftrace.c |
131 | index 5617932a83df..ee673c09aa6c 100644 |
132 | --- a/arch/arm/kernel/ftrace.c |
133 | +++ b/arch/arm/kernel/ftrace.c |
134 | @@ -227,9 +227,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
135 | unsigned long frame_pointer) |
136 | { |
137 | unsigned long return_hooker = (unsigned long) &return_to_handler; |
138 | - struct ftrace_graph_ent trace; |
139 | unsigned long old; |
140 | - int err; |
141 | |
142 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
143 | return; |
144 | @@ -237,21 +235,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
145 | old = *parent; |
146 | *parent = return_hooker; |
147 | |
148 | - trace.func = self_addr; |
149 | - trace.depth = current->curr_ret_stack + 1; |
150 | - |
151 | - /* Only trace if the calling function expects to */ |
152 | - if (!ftrace_graph_entry(&trace)) { |
153 | + if (function_graph_enter(old, self_addr, frame_pointer, NULL)) |
154 | *parent = old; |
155 | - return; |
156 | - } |
157 | - |
158 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, |
159 | - frame_pointer, NULL); |
160 | - if (err == -EBUSY) { |
161 | - *parent = old; |
162 | - return; |
163 | - } |
164 | } |
165 | |
166 | #ifdef CONFIG_DYNAMIC_FTRACE |
167 | diff --git a/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts b/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts |
168 | index e0d64f862322..8ce4a79d9360 100644 |
169 | --- a/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts |
170 | +++ b/arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts |
171 | @@ -153,7 +153,7 @@ |
172 | }; |
173 | |
174 | &pcie0 { |
175 | - ep-gpios = <&gpio4 RK_PC6 GPIO_ACTIVE_LOW>; |
176 | + ep-gpios = <&gpio4 RK_PC6 GPIO_ACTIVE_HIGH>; |
177 | num-lanes = <4>; |
178 | pinctrl-names = "default"; |
179 | pinctrl-0 = <&pcie_clkreqn_cpm>; |
180 | diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c |
181 | index 50986e388d2b..57e962290df3 100644 |
182 | --- a/arch/arm64/kernel/ftrace.c |
183 | +++ b/arch/arm64/kernel/ftrace.c |
184 | @@ -216,8 +216,6 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
185 | { |
186 | unsigned long return_hooker = (unsigned long)&return_to_handler; |
187 | unsigned long old; |
188 | - struct ftrace_graph_ent trace; |
189 | - int err; |
190 | |
191 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
192 | return; |
193 | @@ -229,18 +227,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
194 | */ |
195 | old = *parent; |
196 | |
197 | - trace.func = self_addr; |
198 | - trace.depth = current->curr_ret_stack + 1; |
199 | - |
200 | - /* Only trace if the calling function expects to */ |
201 | - if (!ftrace_graph_entry(&trace)) |
202 | - return; |
203 | - |
204 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, |
205 | - frame_pointer, NULL); |
206 | - if (err == -EBUSY) |
207 | - return; |
208 | - else |
209 | + if (!function_graph_enter(old, self_addr, frame_pointer, NULL)) |
210 | *parent = return_hooker; |
211 | } |
212 | |
213 | diff --git a/arch/microblaze/kernel/ftrace.c b/arch/microblaze/kernel/ftrace.c |
214 | index d57563c58a26..224eea40e1ee 100644 |
215 | --- a/arch/microblaze/kernel/ftrace.c |
216 | +++ b/arch/microblaze/kernel/ftrace.c |
217 | @@ -22,8 +22,7 @@ |
218 | void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) |
219 | { |
220 | unsigned long old; |
221 | - int faulted, err; |
222 | - struct ftrace_graph_ent trace; |
223 | + int faulted; |
224 | unsigned long return_hooker = (unsigned long) |
225 | &return_to_handler; |
226 | |
227 | @@ -63,18 +62,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) |
228 | return; |
229 | } |
230 | |
231 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, 0, NULL); |
232 | - if (err == -EBUSY) { |
233 | + if (function_graph_enter(old, self_addr, 0, NULL)) |
234 | *parent = old; |
235 | - return; |
236 | - } |
237 | - |
238 | - trace.func = self_addr; |
239 | - /* Only trace if the calling function expects to */ |
240 | - if (!ftrace_graph_entry(&trace)) { |
241 | - current->curr_ret_stack--; |
242 | - *parent = old; |
243 | - } |
244 | } |
245 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
246 | |
247 | diff --git a/arch/mips/kernel/ftrace.c b/arch/mips/kernel/ftrace.c |
248 | index 7f3dfdbc3657..b122cbb4aad1 100644 |
249 | --- a/arch/mips/kernel/ftrace.c |
250 | +++ b/arch/mips/kernel/ftrace.c |
251 | @@ -322,7 +322,6 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, |
252 | unsigned long fp) |
253 | { |
254 | unsigned long old_parent_ra; |
255 | - struct ftrace_graph_ent trace; |
256 | unsigned long return_hooker = (unsigned long) |
257 | &return_to_handler; |
258 | int faulted, insns; |
259 | @@ -369,12 +368,6 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, |
260 | if (unlikely(faulted)) |
261 | goto out; |
262 | |
263 | - if (ftrace_push_return_trace(old_parent_ra, self_ra, &trace.depth, fp, |
264 | - NULL) == -EBUSY) { |
265 | - *parent_ra_addr = old_parent_ra; |
266 | - return; |
267 | - } |
268 | - |
269 | /* |
270 | * Get the recorded ip of the current mcount calling site in the |
271 | * __mcount_loc section, which will be used to filter the function |
272 | @@ -382,13 +375,10 @@ void prepare_ftrace_return(unsigned long *parent_ra_addr, unsigned long self_ra, |
273 | */ |
274 | |
275 | insns = core_kernel_text(self_ra) ? 2 : MCOUNT_OFFSET_INSNS + 1; |
276 | - trace.func = self_ra - (MCOUNT_INSN_SIZE * insns); |
277 | + self_ra -= (MCOUNT_INSN_SIZE * insns); |
278 | |
279 | - /* Only trace if the calling function expects to */ |
280 | - if (!ftrace_graph_entry(&trace)) { |
281 | - current->curr_ret_stack--; |
282 | + if (function_graph_enter(old_parent_ra, self_ra, fp, NULL)) |
283 | *parent_ra_addr = old_parent_ra; |
284 | - } |
285 | return; |
286 | out: |
287 | ftrace_graph_stop(); |
288 | diff --git a/arch/nds32/kernel/ftrace.c b/arch/nds32/kernel/ftrace.c |
289 | index a0a9679ad5de..8a41372551ff 100644 |
290 | --- a/arch/nds32/kernel/ftrace.c |
291 | +++ b/arch/nds32/kernel/ftrace.c |
292 | @@ -211,29 +211,15 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
293 | unsigned long frame_pointer) |
294 | { |
295 | unsigned long return_hooker = (unsigned long)&return_to_handler; |
296 | - struct ftrace_graph_ent trace; |
297 | unsigned long old; |
298 | - int err; |
299 | |
300 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
301 | return; |
302 | |
303 | old = *parent; |
304 | |
305 | - trace.func = self_addr; |
306 | - trace.depth = current->curr_ret_stack + 1; |
307 | - |
308 | - /* Only trace if the calling function expects to */ |
309 | - if (!ftrace_graph_entry(&trace)) |
310 | - return; |
311 | - |
312 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, |
313 | - frame_pointer, NULL); |
314 | - |
315 | - if (err == -EBUSY) |
316 | - return; |
317 | - |
318 | - *parent = return_hooker; |
319 | + if (!function_graph_enter(old, self_addr, frame_pointer, NULL)) |
320 | + *parent = return_hooker; |
321 | } |
322 | |
323 | noinline void ftrace_graph_caller(void) |
324 | diff --git a/arch/parisc/kernel/ftrace.c b/arch/parisc/kernel/ftrace.c |
325 | index 6fa8535d3cce..e46a4157a894 100644 |
326 | --- a/arch/parisc/kernel/ftrace.c |
327 | +++ b/arch/parisc/kernel/ftrace.c |
328 | @@ -30,7 +30,6 @@ static void __hot prepare_ftrace_return(unsigned long *parent, |
329 | unsigned long self_addr) |
330 | { |
331 | unsigned long old; |
332 | - struct ftrace_graph_ent trace; |
333 | extern int parisc_return_to_handler; |
334 | |
335 | if (unlikely(ftrace_graph_is_dead())) |
336 | @@ -41,19 +40,9 @@ static void __hot prepare_ftrace_return(unsigned long *parent, |
337 | |
338 | old = *parent; |
339 | |
340 | - trace.func = self_addr; |
341 | - trace.depth = current->curr_ret_stack + 1; |
342 | - |
343 | - /* Only trace if the calling function expects to */ |
344 | - if (!ftrace_graph_entry(&trace)) |
345 | - return; |
346 | - |
347 | - if (ftrace_push_return_trace(old, self_addr, &trace.depth, |
348 | - 0, NULL) == -EBUSY) |
349 | - return; |
350 | - |
351 | - /* activate parisc_return_to_handler() as return point */ |
352 | - *parent = (unsigned long) &parisc_return_to_handler; |
353 | + if (!function_graph_enter(old, self_addr, 0, NULL)) |
354 | + /* activate parisc_return_to_handler() as return point */ |
355 | + *parent = (unsigned long) &parisc_return_to_handler; |
356 | } |
357 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
358 | |
359 | diff --git a/arch/powerpc/kernel/trace/ftrace.c b/arch/powerpc/kernel/trace/ftrace.c |
360 | index 4bfbb54dee51..19ef4f5866b6 100644 |
361 | --- a/arch/powerpc/kernel/trace/ftrace.c |
362 | +++ b/arch/powerpc/kernel/trace/ftrace.c |
363 | @@ -697,7 +697,6 @@ int ftrace_disable_ftrace_graph_caller(void) |
364 | */ |
365 | unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) |
366 | { |
367 | - struct ftrace_graph_ent trace; |
368 | unsigned long return_hooker; |
369 | |
370 | if (unlikely(ftrace_graph_is_dead())) |
371 | @@ -708,18 +707,8 @@ unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) |
372 | |
373 | return_hooker = ppc_function_entry(return_to_handler); |
374 | |
375 | - trace.func = ip; |
376 | - trace.depth = current->curr_ret_stack + 1; |
377 | - |
378 | - /* Only trace if the calling function expects to */ |
379 | - if (!ftrace_graph_entry(&trace)) |
380 | - goto out; |
381 | - |
382 | - if (ftrace_push_return_trace(parent, ip, &trace.depth, 0, |
383 | - NULL) == -EBUSY) |
384 | - goto out; |
385 | - |
386 | - parent = return_hooker; |
387 | + if (!function_graph_enter(parent, ip, 0, NULL)) |
388 | + parent = return_hooker; |
389 | out: |
390 | return parent; |
391 | } |
392 | diff --git a/arch/riscv/kernel/ftrace.c b/arch/riscv/kernel/ftrace.c |
393 | index 1157b6b52d25..c433f6d3dd64 100644 |
394 | --- a/arch/riscv/kernel/ftrace.c |
395 | +++ b/arch/riscv/kernel/ftrace.c |
396 | @@ -132,7 +132,6 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
397 | { |
398 | unsigned long return_hooker = (unsigned long)&return_to_handler; |
399 | unsigned long old; |
400 | - struct ftrace_graph_ent trace; |
401 | int err; |
402 | |
403 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
404 | @@ -144,17 +143,8 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr, |
405 | */ |
406 | old = *parent; |
407 | |
408 | - trace.func = self_addr; |
409 | - trace.depth = current->curr_ret_stack + 1; |
410 | - |
411 | - if (!ftrace_graph_entry(&trace)) |
412 | - return; |
413 | - |
414 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, |
415 | - frame_pointer, parent); |
416 | - if (err == -EBUSY) |
417 | - return; |
418 | - *parent = return_hooker; |
419 | + if (function_graph_enter(old, self_addr, frame_pointer, parent)) |
420 | + *parent = return_hooker; |
421 | } |
422 | |
423 | #ifdef CONFIG_DYNAMIC_FTRACE |
424 | diff --git a/arch/s390/kernel/ftrace.c b/arch/s390/kernel/ftrace.c |
425 | index 84be7f02d0c2..39b13d71a8fe 100644 |
426 | --- a/arch/s390/kernel/ftrace.c |
427 | +++ b/arch/s390/kernel/ftrace.c |
428 | @@ -203,22 +203,13 @@ device_initcall(ftrace_plt_init); |
429 | */ |
430 | unsigned long prepare_ftrace_return(unsigned long parent, unsigned long ip) |
431 | { |
432 | - struct ftrace_graph_ent trace; |
433 | - |
434 | if (unlikely(ftrace_graph_is_dead())) |
435 | goto out; |
436 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
437 | goto out; |
438 | ip -= MCOUNT_INSN_SIZE; |
439 | - trace.func = ip; |
440 | - trace.depth = current->curr_ret_stack + 1; |
441 | - /* Only trace if the calling function expects to. */ |
442 | - if (!ftrace_graph_entry(&trace)) |
443 | - goto out; |
444 | - if (ftrace_push_return_trace(parent, ip, &trace.depth, 0, |
445 | - NULL) == -EBUSY) |
446 | - goto out; |
447 | - parent = (unsigned long) return_to_handler; |
448 | + if (!function_graph_enter(parent, ip, 0, NULL)) |
449 | + parent = (unsigned long) return_to_handler; |
450 | out: |
451 | return parent; |
452 | } |
453 | diff --git a/arch/sh/kernel/ftrace.c b/arch/sh/kernel/ftrace.c |
454 | index 96dd9f7da250..1b04270e5460 100644 |
455 | --- a/arch/sh/kernel/ftrace.c |
456 | +++ b/arch/sh/kernel/ftrace.c |
457 | @@ -321,8 +321,7 @@ int ftrace_disable_ftrace_graph_caller(void) |
458 | void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) |
459 | { |
460 | unsigned long old; |
461 | - int faulted, err; |
462 | - struct ftrace_graph_ent trace; |
463 | + int faulted; |
464 | unsigned long return_hooker = (unsigned long)&return_to_handler; |
465 | |
466 | if (unlikely(ftrace_graph_is_dead())) |
467 | @@ -365,18 +364,7 @@ void prepare_ftrace_return(unsigned long *parent, unsigned long self_addr) |
468 | return; |
469 | } |
470 | |
471 | - err = ftrace_push_return_trace(old, self_addr, &trace.depth, 0, NULL); |
472 | - if (err == -EBUSY) { |
473 | + if (function_graph_enter(old, self_addr, 0, NULL)) |
474 | __raw_writel(old, parent); |
475 | - return; |
476 | - } |
477 | - |
478 | - trace.func = self_addr; |
479 | - |
480 | - /* Only trace if the calling function expects to */ |
481 | - if (!ftrace_graph_entry(&trace)) { |
482 | - current->curr_ret_stack--; |
483 | - __raw_writel(old, parent); |
484 | - } |
485 | } |
486 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
487 | diff --git a/arch/sparc/kernel/ftrace.c b/arch/sparc/kernel/ftrace.c |
488 | index 915dda4ae412..684b84ce397f 100644 |
489 | --- a/arch/sparc/kernel/ftrace.c |
490 | +++ b/arch/sparc/kernel/ftrace.c |
491 | @@ -126,20 +126,11 @@ unsigned long prepare_ftrace_return(unsigned long parent, |
492 | unsigned long frame_pointer) |
493 | { |
494 | unsigned long return_hooker = (unsigned long) &return_to_handler; |
495 | - struct ftrace_graph_ent trace; |
496 | |
497 | if (unlikely(atomic_read(¤t->tracing_graph_pause))) |
498 | return parent + 8UL; |
499 | |
500 | - trace.func = self_addr; |
501 | - trace.depth = current->curr_ret_stack + 1; |
502 | - |
503 | - /* Only trace if the calling function expects to */ |
504 | - if (!ftrace_graph_entry(&trace)) |
505 | - return parent + 8UL; |
506 | - |
507 | - if (ftrace_push_return_trace(parent, self_addr, &trace.depth, |
508 | - frame_pointer, NULL) == -EBUSY) |
509 | + if (function_graph_enter(parent, self_addr, frame_pointer, NULL)) |
510 | return parent + 8UL; |
511 | |
512 | return return_hooker; |
513 | diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
514 | index 1a0be022f91d..44c6a82b7ce5 100644 |
515 | --- a/arch/x86/Kconfig |
516 | +++ b/arch/x86/Kconfig |
517 | @@ -441,10 +441,6 @@ config RETPOLINE |
518 | branches. Requires a compiler with -mindirect-branch=thunk-extern |
519 | support for full protection. The kernel may run slower. |
520 | |
521 | - Without compiler support, at least indirect branches in assembler |
522 | - code are eliminated. Since this includes the syscall entry path, |
523 | - it is not entirely pointless. |
524 | - |
525 | config INTEL_RDT |
526 | bool "Intel Resource Director Technology support" |
527 | default n |
528 | @@ -1005,13 +1001,7 @@ config NR_CPUS |
529 | to the kernel image. |
530 | |
531 | config SCHED_SMT |
532 | - bool "SMT (Hyperthreading) scheduler support" |
533 | - depends on SMP |
534 | - ---help--- |
535 | - SMT scheduler support improves the CPU scheduler's decision making |
536 | - when dealing with Intel Pentium 4 chips with HyperThreading at a |
537 | - cost of slightly increased overhead in some places. If unsure say |
538 | - N here. |
539 | + def_bool y if SMP |
540 | |
541 | config SCHED_MC |
542 | def_bool y |
543 | diff --git a/arch/x86/Makefile b/arch/x86/Makefile |
544 | index 8f6e7eb8ae9f..9298f0f3817a 100644 |
545 | --- a/arch/x86/Makefile |
546 | +++ b/arch/x86/Makefile |
547 | @@ -223,9 +223,10 @@ KBUILD_CFLAGS += -fno-asynchronous-unwind-tables |
548 | |
549 | # Avoid indirect branches in kernel to deal with Spectre |
550 | ifdef CONFIG_RETPOLINE |
551 | -ifneq ($(RETPOLINE_CFLAGS),) |
552 | - KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) -DRETPOLINE |
553 | +ifeq ($(RETPOLINE_CFLAGS),) |
554 | + $(error You are building kernel with non-retpoline compiler, please update your compiler.) |
555 | endif |
556 | + KBUILD_CFLAGS += $(RETPOLINE_CFLAGS) |
557 | endif |
558 | |
559 | archscripts: scripts_basic |
560 | diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c |
561 | index dfb2f7c0d019..c8d08da5b308 100644 |
562 | --- a/arch/x86/events/core.c |
563 | +++ b/arch/x86/events/core.c |
564 | @@ -438,26 +438,6 @@ int x86_setup_perfctr(struct perf_event *event) |
565 | if (config == -1LL) |
566 | return -EINVAL; |
567 | |
568 | - /* |
569 | - * Branch tracing: |
570 | - */ |
571 | - if (attr->config == PERF_COUNT_HW_BRANCH_INSTRUCTIONS && |
572 | - !attr->freq && hwc->sample_period == 1) { |
573 | - /* BTS is not supported by this architecture. */ |
574 | - if (!x86_pmu.bts_active) |
575 | - return -EOPNOTSUPP; |
576 | - |
577 | - /* BTS is currently only allowed for user-mode. */ |
578 | - if (!attr->exclude_kernel) |
579 | - return -EOPNOTSUPP; |
580 | - |
581 | - /* disallow bts if conflicting events are present */ |
582 | - if (x86_add_exclusive(x86_lbr_exclusive_lbr)) |
583 | - return -EBUSY; |
584 | - |
585 | - event->destroy = hw_perf_lbr_event_destroy; |
586 | - } |
587 | - |
588 | hwc->config |= config; |
589 | |
590 | return 0; |
591 | diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c |
592 | index 035c37481f57..155fa4b53c56 100644 |
593 | --- a/arch/x86/events/intel/core.c |
594 | +++ b/arch/x86/events/intel/core.c |
595 | @@ -2358,16 +2358,7 @@ done: |
596 | static struct event_constraint * |
597 | intel_bts_constraints(struct perf_event *event) |
598 | { |
599 | - struct hw_perf_event *hwc = &event->hw; |
600 | - unsigned int hw_event, bts_event; |
601 | - |
602 | - if (event->attr.freq) |
603 | - return NULL; |
604 | - |
605 | - hw_event = hwc->config & INTEL_ARCH_EVENT_MASK; |
606 | - bts_event = x86_pmu.event_map(PERF_COUNT_HW_BRANCH_INSTRUCTIONS); |
607 | - |
608 | - if (unlikely(hw_event == bts_event && hwc->sample_period == 1)) |
609 | + if (unlikely(intel_pmu_has_bts(event))) |
610 | return &bts_constraint; |
611 | |
612 | return NULL; |
613 | @@ -2986,10 +2977,51 @@ static unsigned long intel_pmu_large_pebs_flags(struct perf_event *event) |
614 | return flags; |
615 | } |
616 | |
617 | +static int intel_pmu_bts_config(struct perf_event *event) |
618 | +{ |
619 | + struct perf_event_attr *attr = &event->attr; |
620 | + |
621 | + if (unlikely(intel_pmu_has_bts(event))) { |
622 | + /* BTS is not supported by this architecture. */ |
623 | + if (!x86_pmu.bts_active) |
624 | + return -EOPNOTSUPP; |
625 | + |
626 | + /* BTS is currently only allowed for user-mode. */ |
627 | + if (!attr->exclude_kernel) |
628 | + return -EOPNOTSUPP; |
629 | + |
630 | + /* BTS is not allowed for precise events. */ |
631 | + if (attr->precise_ip) |
632 | + return -EOPNOTSUPP; |
633 | + |
634 | + /* disallow bts if conflicting events are present */ |
635 | + if (x86_add_exclusive(x86_lbr_exclusive_lbr)) |
636 | + return -EBUSY; |
637 | + |
638 | + event->destroy = hw_perf_lbr_event_destroy; |
639 | + } |
640 | + |
641 | + return 0; |
642 | +} |
643 | + |
644 | +static int core_pmu_hw_config(struct perf_event *event) |
645 | +{ |
646 | + int ret = x86_pmu_hw_config(event); |
647 | + |
648 | + if (ret) |
649 | + return ret; |
650 | + |
651 | + return intel_pmu_bts_config(event); |
652 | +} |
653 | + |
654 | static int intel_pmu_hw_config(struct perf_event *event) |
655 | { |
656 | int ret = x86_pmu_hw_config(event); |
657 | |
658 | + if (ret) |
659 | + return ret; |
660 | + |
661 | + ret = intel_pmu_bts_config(event); |
662 | if (ret) |
663 | return ret; |
664 | |
665 | @@ -3015,7 +3047,7 @@ static int intel_pmu_hw_config(struct perf_event *event) |
666 | /* |
667 | * BTS is set up earlier in this path, so don't account twice |
668 | */ |
669 | - if (!intel_pmu_has_bts(event)) { |
670 | + if (!unlikely(intel_pmu_has_bts(event))) { |
671 | /* disallow lbr if conflicting events are present */ |
672 | if (x86_add_exclusive(x86_lbr_exclusive_lbr)) |
673 | return -EBUSY; |
674 | @@ -3478,7 +3510,7 @@ static __initconst const struct x86_pmu core_pmu = { |
675 | .enable_all = core_pmu_enable_all, |
676 | .enable = core_pmu_enable_event, |
677 | .disable = x86_pmu_disable_event, |
678 | - .hw_config = x86_pmu_hw_config, |
679 | + .hw_config = core_pmu_hw_config, |
680 | .schedule_events = x86_schedule_events, |
681 | .eventsel = MSR_ARCH_PERFMON_EVENTSEL0, |
682 | .perfctr = MSR_ARCH_PERFMON_PERFCTR0, |
683 | diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h |
684 | index 156286335351..c5ad9cc61f4b 100644 |
685 | --- a/arch/x86/events/perf_event.h |
686 | +++ b/arch/x86/events/perf_event.h |
687 | @@ -857,11 +857,16 @@ static inline int amd_pmu_init(void) |
688 | |
689 | static inline bool intel_pmu_has_bts(struct perf_event *event) |
690 | { |
691 | - if (event->attr.config == PERF_COUNT_HW_BRANCH_INSTRUCTIONS && |
692 | - !event->attr.freq && event->hw.sample_period == 1) |
693 | - return true; |
694 | + struct hw_perf_event *hwc = &event->hw; |
695 | + unsigned int hw_event, bts_event; |
696 | + |
697 | + if (event->attr.freq) |
698 | + return false; |
699 | + |
700 | + hw_event = hwc->config & INTEL_ARCH_EVENT_MASK; |
701 | + bts_event = x86_pmu.event_map(PERF_COUNT_HW_BRANCH_INSTRUCTIONS); |
702 | |
703 | - return false; |
704 | + return hw_event == bts_event && hwc->sample_period == 1; |
705 | } |
706 | |
707 | int intel_pmu_save_and_restart(struct perf_event *event); |
708 | diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h |
709 | index 1c09a0d1771f..022845ee0c88 100644 |
710 | --- a/arch/x86/include/asm/kvm_host.h |
711 | +++ b/arch/x86/include/asm/kvm_host.h |
712 | @@ -1046,7 +1046,8 @@ struct kvm_x86_ops { |
713 | bool (*has_wbinvd_exit)(void); |
714 | |
715 | u64 (*read_l1_tsc_offset)(struct kvm_vcpu *vcpu); |
716 | - void (*write_tsc_offset)(struct kvm_vcpu *vcpu, u64 offset); |
717 | + /* Returns actual tsc_offset set in active VMCS */ |
718 | + u64 (*write_l1_tsc_offset)(struct kvm_vcpu *vcpu, u64 offset); |
719 | |
720 | void (*get_exit_info)(struct kvm_vcpu *vcpu, u64 *info1, u64 *info2); |
721 | |
722 | diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h |
723 | index 4731f0cf97c5..b3486c8b570a 100644 |
724 | --- a/arch/x86/include/asm/msr-index.h |
725 | +++ b/arch/x86/include/asm/msr-index.h |
726 | @@ -41,9 +41,10 @@ |
727 | |
728 | #define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */ |
729 | #define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */ |
730 | -#define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */ |
731 | +#define SPEC_CTRL_STIBP_SHIFT 1 /* Single Thread Indirect Branch Predictor (STIBP) bit */ |
732 | +#define SPEC_CTRL_STIBP (1 << SPEC_CTRL_STIBP_SHIFT) /* STIBP mask */ |
733 | #define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */ |
734 | -#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ |
735 | +#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */ |
736 | |
737 | #define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */ |
738 | #define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */ |
739 | diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h |
740 | index fd2a8c1b88bc..032b6009baab 100644 |
741 | --- a/arch/x86/include/asm/nospec-branch.h |
742 | +++ b/arch/x86/include/asm/nospec-branch.h |
743 | @@ -3,6 +3,8 @@ |
744 | #ifndef _ASM_X86_NOSPEC_BRANCH_H_ |
745 | #define _ASM_X86_NOSPEC_BRANCH_H_ |
746 | |
747 | +#include <linux/static_key.h> |
748 | + |
749 | #include <asm/alternative.h> |
750 | #include <asm/alternative-asm.h> |
751 | #include <asm/cpufeatures.h> |
752 | @@ -162,29 +164,35 @@ |
753 | _ASM_PTR " 999b\n\t" \ |
754 | ".popsection\n\t" |
755 | |
756 | -#if defined(CONFIG_X86_64) && defined(RETPOLINE) |
757 | +#ifdef CONFIG_RETPOLINE |
758 | +#ifdef CONFIG_X86_64 |
759 | |
760 | /* |
761 | - * Since the inline asm uses the %V modifier which is only in newer GCC, |
762 | - * the 64-bit one is dependent on RETPOLINE not CONFIG_RETPOLINE. |
763 | + * Inline asm uses the %V modifier which is only in newer GCC |
764 | + * which is ensured when CONFIG_RETPOLINE is defined. |
765 | */ |
766 | # define CALL_NOSPEC \ |
767 | ANNOTATE_NOSPEC_ALTERNATIVE \ |
768 | - ALTERNATIVE( \ |
769 | + ALTERNATIVE_2( \ |
770 | ANNOTATE_RETPOLINE_SAFE \ |
771 | "call *%[thunk_target]\n", \ |
772 | "call __x86_indirect_thunk_%V[thunk_target]\n", \ |
773 | - X86_FEATURE_RETPOLINE) |
774 | + X86_FEATURE_RETPOLINE, \ |
775 | + "lfence;\n" \ |
776 | + ANNOTATE_RETPOLINE_SAFE \ |
777 | + "call *%[thunk_target]\n", \ |
778 | + X86_FEATURE_RETPOLINE_AMD) |
779 | # define THUNK_TARGET(addr) [thunk_target] "r" (addr) |
780 | |
781 | -#elif defined(CONFIG_X86_32) && defined(CONFIG_RETPOLINE) |
782 | +#else /* CONFIG_X86_32 */ |
783 | /* |
784 | * For i386 we use the original ret-equivalent retpoline, because |
785 | * otherwise we'll run out of registers. We don't care about CET |
786 | * here, anyway. |
787 | */ |
788 | # define CALL_NOSPEC \ |
789 | - ALTERNATIVE( \ |
790 | + ANNOTATE_NOSPEC_ALTERNATIVE \ |
791 | + ALTERNATIVE_2( \ |
792 | ANNOTATE_RETPOLINE_SAFE \ |
793 | "call *%[thunk_target]\n", \ |
794 | " jmp 904f;\n" \ |
795 | @@ -199,9 +207,14 @@ |
796 | " ret;\n" \ |
797 | " .align 16\n" \ |
798 | "904: call 901b;\n", \ |
799 | - X86_FEATURE_RETPOLINE) |
800 | + X86_FEATURE_RETPOLINE, \ |
801 | + "lfence;\n" \ |
802 | + ANNOTATE_RETPOLINE_SAFE \ |
803 | + "call *%[thunk_target]\n", \ |
804 | + X86_FEATURE_RETPOLINE_AMD) |
805 | |
806 | # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) |
807 | +#endif |
808 | #else /* No retpoline for C / inline asm */ |
809 | # define CALL_NOSPEC "call *%[thunk_target]\n" |
810 | # define THUNK_TARGET(addr) [thunk_target] "rm" (addr) |
811 | @@ -210,13 +223,19 @@ |
812 | /* The Spectre V2 mitigation variants */ |
813 | enum spectre_v2_mitigation { |
814 | SPECTRE_V2_NONE, |
815 | - SPECTRE_V2_RETPOLINE_MINIMAL, |
816 | - SPECTRE_V2_RETPOLINE_MINIMAL_AMD, |
817 | SPECTRE_V2_RETPOLINE_GENERIC, |
818 | SPECTRE_V2_RETPOLINE_AMD, |
819 | SPECTRE_V2_IBRS_ENHANCED, |
820 | }; |
821 | |
822 | +/* The indirect branch speculation control variants */ |
823 | +enum spectre_v2_user_mitigation { |
824 | + SPECTRE_V2_USER_NONE, |
825 | + SPECTRE_V2_USER_STRICT, |
826 | + SPECTRE_V2_USER_PRCTL, |
827 | + SPECTRE_V2_USER_SECCOMP, |
828 | +}; |
829 | + |
830 | /* The Speculative Store Bypass disable variants */ |
831 | enum ssb_mitigation { |
832 | SPEC_STORE_BYPASS_NONE, |
833 | @@ -294,6 +313,10 @@ do { \ |
834 | preempt_enable(); \ |
835 | } while (0) |
836 | |
837 | +DECLARE_STATIC_KEY_FALSE(switch_to_cond_stibp); |
838 | +DECLARE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); |
839 | +DECLARE_STATIC_KEY_FALSE(switch_mm_always_ibpb); |
840 | + |
841 | #endif /* __ASSEMBLY__ */ |
842 | |
843 | /* |
844 | diff --git a/arch/x86/include/asm/spec-ctrl.h b/arch/x86/include/asm/spec-ctrl.h |
845 | index ae7c2c5cd7f0..5393babc0598 100644 |
846 | --- a/arch/x86/include/asm/spec-ctrl.h |
847 | +++ b/arch/x86/include/asm/spec-ctrl.h |
848 | @@ -53,12 +53,24 @@ static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn) |
849 | return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); |
850 | } |
851 | |
852 | +static inline u64 stibp_tif_to_spec_ctrl(u64 tifn) |
853 | +{ |
854 | + BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); |
855 | + return (tifn & _TIF_SPEC_IB) >> (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); |
856 | +} |
857 | + |
858 | static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl) |
859 | { |
860 | BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT); |
861 | return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT); |
862 | } |
863 | |
864 | +static inline unsigned long stibp_spec_ctrl_to_tif(u64 spec_ctrl) |
865 | +{ |
866 | + BUILD_BUG_ON(TIF_SPEC_IB < SPEC_CTRL_STIBP_SHIFT); |
867 | + return (spec_ctrl & SPEC_CTRL_STIBP) << (TIF_SPEC_IB - SPEC_CTRL_STIBP_SHIFT); |
868 | +} |
869 | + |
870 | static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn) |
871 | { |
872 | return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL; |
873 | @@ -70,11 +82,7 @@ extern void speculative_store_bypass_ht_init(void); |
874 | static inline void speculative_store_bypass_ht_init(void) { } |
875 | #endif |
876 | |
877 | -extern void speculative_store_bypass_update(unsigned long tif); |
878 | - |
879 | -static inline void speculative_store_bypass_update_current(void) |
880 | -{ |
881 | - speculative_store_bypass_update(current_thread_info()->flags); |
882 | -} |
883 | +extern void speculation_ctrl_update(unsigned long tif); |
884 | +extern void speculation_ctrl_update_current(void); |
885 | |
886 | #endif |
887 | diff --git a/arch/x86/include/asm/switch_to.h b/arch/x86/include/asm/switch_to.h |
888 | index 36bd243843d6..7cf1a270d891 100644 |
889 | --- a/arch/x86/include/asm/switch_to.h |
890 | +++ b/arch/x86/include/asm/switch_to.h |
891 | @@ -11,9 +11,6 @@ struct task_struct *__switch_to_asm(struct task_struct *prev, |
892 | |
893 | __visible struct task_struct *__switch_to(struct task_struct *prev, |
894 | struct task_struct *next); |
895 | -struct tss_struct; |
896 | -void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
897 | - struct tss_struct *tss); |
898 | |
899 | /* This runs runs on the previous thread's stack. */ |
900 | static inline void prepare_switch_to(struct task_struct *next) |
901 | diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h |
902 | index 2ff2a30a264f..82b73b75d67c 100644 |
903 | --- a/arch/x86/include/asm/thread_info.h |
904 | +++ b/arch/x86/include/asm/thread_info.h |
905 | @@ -79,10 +79,12 @@ struct thread_info { |
906 | #define TIF_SIGPENDING 2 /* signal pending */ |
907 | #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ |
908 | #define TIF_SINGLESTEP 4 /* reenable singlestep on user return*/ |
909 | -#define TIF_SSBD 5 /* Reduced data speculation */ |
910 | +#define TIF_SSBD 5 /* Speculative store bypass disable */ |
911 | #define TIF_SYSCALL_EMU 6 /* syscall emulation active */ |
912 | #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ |
913 | #define TIF_SECCOMP 8 /* secure computing */ |
914 | +#define TIF_SPEC_IB 9 /* Indirect branch speculation mitigation */ |
915 | +#define TIF_SPEC_FORCE_UPDATE 10 /* Force speculation MSR update in context switch */ |
916 | #define TIF_USER_RETURN_NOTIFY 11 /* notify kernel of userspace return */ |
917 | #define TIF_UPROBE 12 /* breakpointed or singlestepping */ |
918 | #define TIF_PATCH_PENDING 13 /* pending live patching update */ |
919 | @@ -110,6 +112,8 @@ struct thread_info { |
920 | #define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU) |
921 | #define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT) |
922 | #define _TIF_SECCOMP (1 << TIF_SECCOMP) |
923 | +#define _TIF_SPEC_IB (1 << TIF_SPEC_IB) |
924 | +#define _TIF_SPEC_FORCE_UPDATE (1 << TIF_SPEC_FORCE_UPDATE) |
925 | #define _TIF_USER_RETURN_NOTIFY (1 << TIF_USER_RETURN_NOTIFY) |
926 | #define _TIF_UPROBE (1 << TIF_UPROBE) |
927 | #define _TIF_PATCH_PENDING (1 << TIF_PATCH_PENDING) |
928 | @@ -145,8 +149,18 @@ struct thread_info { |
929 | _TIF_FSCHECK) |
930 | |
931 | /* flags to check in __switch_to() */ |
932 | -#define _TIF_WORK_CTXSW \ |
933 | - (_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD) |
934 | +#define _TIF_WORK_CTXSW_BASE \ |
935 | + (_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP| \ |
936 | + _TIF_SSBD | _TIF_SPEC_FORCE_UPDATE) |
937 | + |
938 | +/* |
939 | + * Avoid calls to __switch_to_xtra() on UP as STIBP is not evaluated. |
940 | + */ |
941 | +#ifdef CONFIG_SMP |
942 | +# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE | _TIF_SPEC_IB) |
943 | +#else |
944 | +# define _TIF_WORK_CTXSW (_TIF_WORK_CTXSW_BASE) |
945 | +#endif |
946 | |
947 | #define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY) |
948 | #define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW) |
949 | diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h |
950 | index 0e2130d8d6b1..79ec7add5f98 100644 |
951 | --- a/arch/x86/include/asm/tlbflush.h |
952 | +++ b/arch/x86/include/asm/tlbflush.h |
953 | @@ -185,10 +185,14 @@ struct tlb_state { |
954 | |
955 | #define LOADED_MM_SWITCHING ((struct mm_struct *)1) |
956 | |
957 | + /* Last user mm for optimizing IBPB */ |
958 | + union { |
959 | + struct mm_struct *last_user_mm; |
960 | + unsigned long last_user_mm_ibpb; |
961 | + }; |
962 | + |
963 | u16 loaded_mm_asid; |
964 | u16 next_asid; |
965 | - /* last user mm's ctx id */ |
966 | - u64 last_ctx_id; |
967 | |
968 | /* |
969 | * We can be in one of several states: |
970 | diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
971 | index 40bdaea97fe7..78928f56cf72 100644 |
972 | --- a/arch/x86/kernel/cpu/bugs.c |
973 | +++ b/arch/x86/kernel/cpu/bugs.c |
974 | @@ -14,6 +14,7 @@ |
975 | #include <linux/module.h> |
976 | #include <linux/nospec.h> |
977 | #include <linux/prctl.h> |
978 | +#include <linux/sched/smt.h> |
979 | |
980 | #include <asm/spec-ctrl.h> |
981 | #include <asm/cmdline.h> |
982 | @@ -35,12 +36,10 @@ static void __init spectre_v2_select_mitigation(void); |
983 | static void __init ssb_select_mitigation(void); |
984 | static void __init l1tf_select_mitigation(void); |
985 | |
986 | -/* |
987 | - * Our boot-time value of the SPEC_CTRL MSR. We read it once so that any |
988 | - * writes to SPEC_CTRL contain whatever reserved bits have been set. |
989 | - */ |
990 | -u64 __ro_after_init x86_spec_ctrl_base; |
991 | +/* The base value of the SPEC_CTRL MSR that always has to be preserved. */ |
992 | +u64 x86_spec_ctrl_base; |
993 | EXPORT_SYMBOL_GPL(x86_spec_ctrl_base); |
994 | +static DEFINE_MUTEX(spec_ctrl_mutex); |
995 | |
996 | /* |
997 | * The vendor and possibly platform specific bits which can be modified in |
998 | @@ -55,6 +54,13 @@ static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS; |
999 | u64 __ro_after_init x86_amd_ls_cfg_base; |
1000 | u64 __ro_after_init x86_amd_ls_cfg_ssbd_mask; |
1001 | |
1002 | +/* Control conditional STIPB in switch_to() */ |
1003 | +DEFINE_STATIC_KEY_FALSE(switch_to_cond_stibp); |
1004 | +/* Control conditional IBPB in switch_mm() */ |
1005 | +DEFINE_STATIC_KEY_FALSE(switch_mm_cond_ibpb); |
1006 | +/* Control unconditional IBPB in switch_mm() */ |
1007 | +DEFINE_STATIC_KEY_FALSE(switch_mm_always_ibpb); |
1008 | + |
1009 | void __init check_bugs(void) |
1010 | { |
1011 | identify_boot_cpu(); |
1012 | @@ -125,31 +131,6 @@ void __init check_bugs(void) |
1013 | #endif |
1014 | } |
1015 | |
1016 | -/* The kernel command line selection */ |
1017 | -enum spectre_v2_mitigation_cmd { |
1018 | - SPECTRE_V2_CMD_NONE, |
1019 | - SPECTRE_V2_CMD_AUTO, |
1020 | - SPECTRE_V2_CMD_FORCE, |
1021 | - SPECTRE_V2_CMD_RETPOLINE, |
1022 | - SPECTRE_V2_CMD_RETPOLINE_GENERIC, |
1023 | - SPECTRE_V2_CMD_RETPOLINE_AMD, |
1024 | -}; |
1025 | - |
1026 | -static const char *spectre_v2_strings[] = { |
1027 | - [SPECTRE_V2_NONE] = "Vulnerable", |
1028 | - [SPECTRE_V2_RETPOLINE_MINIMAL] = "Vulnerable: Minimal generic ASM retpoline", |
1029 | - [SPECTRE_V2_RETPOLINE_MINIMAL_AMD] = "Vulnerable: Minimal AMD ASM retpoline", |
1030 | - [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", |
1031 | - [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", |
1032 | - [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", |
1033 | -}; |
1034 | - |
1035 | -#undef pr_fmt |
1036 | -#define pr_fmt(fmt) "Spectre V2 : " fmt |
1037 | - |
1038 | -static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = |
1039 | - SPECTRE_V2_NONE; |
1040 | - |
1041 | void |
1042 | x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) |
1043 | { |
1044 | @@ -171,6 +152,10 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) |
1045 | static_cpu_has(X86_FEATURE_AMD_SSBD)) |
1046 | hostval |= ssbd_tif_to_spec_ctrl(ti->flags); |
1047 | |
1048 | + /* Conditional STIBP enabled? */ |
1049 | + if (static_branch_unlikely(&switch_to_cond_stibp)) |
1050 | + hostval |= stibp_tif_to_spec_ctrl(ti->flags); |
1051 | + |
1052 | if (hostval != guestval) { |
1053 | msrval = setguest ? guestval : hostval; |
1054 | wrmsrl(MSR_IA32_SPEC_CTRL, msrval); |
1055 | @@ -204,7 +189,7 @@ x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest) |
1056 | tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) : |
1057 | ssbd_spec_ctrl_to_tif(hostval); |
1058 | |
1059 | - speculative_store_bypass_update(tif); |
1060 | + speculation_ctrl_update(tif); |
1061 | } |
1062 | } |
1063 | EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl); |
1064 | @@ -219,6 +204,15 @@ static void x86_amd_ssb_disable(void) |
1065 | wrmsrl(MSR_AMD64_LS_CFG, msrval); |
1066 | } |
1067 | |
1068 | +#undef pr_fmt |
1069 | +#define pr_fmt(fmt) "Spectre V2 : " fmt |
1070 | + |
1071 | +static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init = |
1072 | + SPECTRE_V2_NONE; |
1073 | + |
1074 | +static enum spectre_v2_user_mitigation spectre_v2_user __ro_after_init = |
1075 | + SPECTRE_V2_USER_NONE; |
1076 | + |
1077 | #ifdef RETPOLINE |
1078 | static bool spectre_v2_bad_module; |
1079 | |
1080 | @@ -240,67 +234,217 @@ static inline const char *spectre_v2_module_string(void) |
1081 | static inline const char *spectre_v2_module_string(void) { return ""; } |
1082 | #endif |
1083 | |
1084 | -static void __init spec2_print_if_insecure(const char *reason) |
1085 | +static inline bool match_option(const char *arg, int arglen, const char *opt) |
1086 | { |
1087 | - if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) |
1088 | - pr_info("%s selected on command line.\n", reason); |
1089 | + int len = strlen(opt); |
1090 | + |
1091 | + return len == arglen && !strncmp(arg, opt, len); |
1092 | } |
1093 | |
1094 | -static void __init spec2_print_if_secure(const char *reason) |
1095 | +/* The kernel command line selection for spectre v2 */ |
1096 | +enum spectre_v2_mitigation_cmd { |
1097 | + SPECTRE_V2_CMD_NONE, |
1098 | + SPECTRE_V2_CMD_AUTO, |
1099 | + SPECTRE_V2_CMD_FORCE, |
1100 | + SPECTRE_V2_CMD_RETPOLINE, |
1101 | + SPECTRE_V2_CMD_RETPOLINE_GENERIC, |
1102 | + SPECTRE_V2_CMD_RETPOLINE_AMD, |
1103 | +}; |
1104 | + |
1105 | +enum spectre_v2_user_cmd { |
1106 | + SPECTRE_V2_USER_CMD_NONE, |
1107 | + SPECTRE_V2_USER_CMD_AUTO, |
1108 | + SPECTRE_V2_USER_CMD_FORCE, |
1109 | + SPECTRE_V2_USER_CMD_PRCTL, |
1110 | + SPECTRE_V2_USER_CMD_PRCTL_IBPB, |
1111 | + SPECTRE_V2_USER_CMD_SECCOMP, |
1112 | + SPECTRE_V2_USER_CMD_SECCOMP_IBPB, |
1113 | +}; |
1114 | + |
1115 | +static const char * const spectre_v2_user_strings[] = { |
1116 | + [SPECTRE_V2_USER_NONE] = "User space: Vulnerable", |
1117 | + [SPECTRE_V2_USER_STRICT] = "User space: Mitigation: STIBP protection", |
1118 | + [SPECTRE_V2_USER_PRCTL] = "User space: Mitigation: STIBP via prctl", |
1119 | + [SPECTRE_V2_USER_SECCOMP] = "User space: Mitigation: STIBP via seccomp and prctl", |
1120 | +}; |
1121 | + |
1122 | +static const struct { |
1123 | + const char *option; |
1124 | + enum spectre_v2_user_cmd cmd; |
1125 | + bool secure; |
1126 | +} v2_user_options[] __initdata = { |
1127 | + { "auto", SPECTRE_V2_USER_CMD_AUTO, false }, |
1128 | + { "off", SPECTRE_V2_USER_CMD_NONE, false }, |
1129 | + { "on", SPECTRE_V2_USER_CMD_FORCE, true }, |
1130 | + { "prctl", SPECTRE_V2_USER_CMD_PRCTL, false }, |
1131 | + { "prctl,ibpb", SPECTRE_V2_USER_CMD_PRCTL_IBPB, false }, |
1132 | + { "seccomp", SPECTRE_V2_USER_CMD_SECCOMP, false }, |
1133 | + { "seccomp,ibpb", SPECTRE_V2_USER_CMD_SECCOMP_IBPB, false }, |
1134 | +}; |
1135 | + |
1136 | +static void __init spec_v2_user_print_cond(const char *reason, bool secure) |
1137 | { |
1138 | - if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) |
1139 | - pr_info("%s selected on command line.\n", reason); |
1140 | + if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure) |
1141 | + pr_info("spectre_v2_user=%s forced on command line.\n", reason); |
1142 | } |
1143 | |
1144 | -static inline bool retp_compiler(void) |
1145 | +static enum spectre_v2_user_cmd __init |
1146 | +spectre_v2_parse_user_cmdline(enum spectre_v2_mitigation_cmd v2_cmd) |
1147 | { |
1148 | - return __is_defined(RETPOLINE); |
1149 | + char arg[20]; |
1150 | + int ret, i; |
1151 | + |
1152 | + switch (v2_cmd) { |
1153 | + case SPECTRE_V2_CMD_NONE: |
1154 | + return SPECTRE_V2_USER_CMD_NONE; |
1155 | + case SPECTRE_V2_CMD_FORCE: |
1156 | + return SPECTRE_V2_USER_CMD_FORCE; |
1157 | + default: |
1158 | + break; |
1159 | + } |
1160 | + |
1161 | + ret = cmdline_find_option(boot_command_line, "spectre_v2_user", |
1162 | + arg, sizeof(arg)); |
1163 | + if (ret < 0) |
1164 | + return SPECTRE_V2_USER_CMD_AUTO; |
1165 | + |
1166 | + for (i = 0; i < ARRAY_SIZE(v2_user_options); i++) { |
1167 | + if (match_option(arg, ret, v2_user_options[i].option)) { |
1168 | + spec_v2_user_print_cond(v2_user_options[i].option, |
1169 | + v2_user_options[i].secure); |
1170 | + return v2_user_options[i].cmd; |
1171 | + } |
1172 | + } |
1173 | + |
1174 | + pr_err("Unknown user space protection option (%s). Switching to AUTO select\n", arg); |
1175 | + return SPECTRE_V2_USER_CMD_AUTO; |
1176 | } |
1177 | |
1178 | -static inline bool match_option(const char *arg, int arglen, const char *opt) |
1179 | +static void __init |
1180 | +spectre_v2_user_select_mitigation(enum spectre_v2_mitigation_cmd v2_cmd) |
1181 | { |
1182 | - int len = strlen(opt); |
1183 | + enum spectre_v2_user_mitigation mode = SPECTRE_V2_USER_NONE; |
1184 | + bool smt_possible = IS_ENABLED(CONFIG_SMP); |
1185 | + enum spectre_v2_user_cmd cmd; |
1186 | |
1187 | - return len == arglen && !strncmp(arg, opt, len); |
1188 | + if (!boot_cpu_has(X86_FEATURE_IBPB) && !boot_cpu_has(X86_FEATURE_STIBP)) |
1189 | + return; |
1190 | + |
1191 | + if (cpu_smt_control == CPU_SMT_FORCE_DISABLED || |
1192 | + cpu_smt_control == CPU_SMT_NOT_SUPPORTED) |
1193 | + smt_possible = false; |
1194 | + |
1195 | + cmd = spectre_v2_parse_user_cmdline(v2_cmd); |
1196 | + switch (cmd) { |
1197 | + case SPECTRE_V2_USER_CMD_NONE: |
1198 | + goto set_mode; |
1199 | + case SPECTRE_V2_USER_CMD_FORCE: |
1200 | + mode = SPECTRE_V2_USER_STRICT; |
1201 | + break; |
1202 | + case SPECTRE_V2_USER_CMD_PRCTL: |
1203 | + case SPECTRE_V2_USER_CMD_PRCTL_IBPB: |
1204 | + mode = SPECTRE_V2_USER_PRCTL; |
1205 | + break; |
1206 | + case SPECTRE_V2_USER_CMD_AUTO: |
1207 | + case SPECTRE_V2_USER_CMD_SECCOMP: |
1208 | + case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: |
1209 | + if (IS_ENABLED(CONFIG_SECCOMP)) |
1210 | + mode = SPECTRE_V2_USER_SECCOMP; |
1211 | + else |
1212 | + mode = SPECTRE_V2_USER_PRCTL; |
1213 | + break; |
1214 | + } |
1215 | + |
1216 | + /* Initialize Indirect Branch Prediction Barrier */ |
1217 | + if (boot_cpu_has(X86_FEATURE_IBPB)) { |
1218 | + setup_force_cpu_cap(X86_FEATURE_USE_IBPB); |
1219 | + |
1220 | + switch (cmd) { |
1221 | + case SPECTRE_V2_USER_CMD_FORCE: |
1222 | + case SPECTRE_V2_USER_CMD_PRCTL_IBPB: |
1223 | + case SPECTRE_V2_USER_CMD_SECCOMP_IBPB: |
1224 | + static_branch_enable(&switch_mm_always_ibpb); |
1225 | + break; |
1226 | + case SPECTRE_V2_USER_CMD_PRCTL: |
1227 | + case SPECTRE_V2_USER_CMD_AUTO: |
1228 | + case SPECTRE_V2_USER_CMD_SECCOMP: |
1229 | + static_branch_enable(&switch_mm_cond_ibpb); |
1230 | + break; |
1231 | + default: |
1232 | + break; |
1233 | + } |
1234 | + |
1235 | + pr_info("mitigation: Enabling %s Indirect Branch Prediction Barrier\n", |
1236 | + static_key_enabled(&switch_mm_always_ibpb) ? |
1237 | + "always-on" : "conditional"); |
1238 | + } |
1239 | + |
1240 | + /* If enhanced IBRS is enabled no STIPB required */ |
1241 | + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) |
1242 | + return; |
1243 | + |
1244 | + /* |
1245 | + * If SMT is not possible or STIBP is not available clear the STIPB |
1246 | + * mode. |
1247 | + */ |
1248 | + if (!smt_possible || !boot_cpu_has(X86_FEATURE_STIBP)) |
1249 | + mode = SPECTRE_V2_USER_NONE; |
1250 | +set_mode: |
1251 | + spectre_v2_user = mode; |
1252 | + /* Only print the STIBP mode when SMT possible */ |
1253 | + if (smt_possible) |
1254 | + pr_info("%s\n", spectre_v2_user_strings[mode]); |
1255 | } |
1256 | |
1257 | +static const char * const spectre_v2_strings[] = { |
1258 | + [SPECTRE_V2_NONE] = "Vulnerable", |
1259 | + [SPECTRE_V2_RETPOLINE_GENERIC] = "Mitigation: Full generic retpoline", |
1260 | + [SPECTRE_V2_RETPOLINE_AMD] = "Mitigation: Full AMD retpoline", |
1261 | + [SPECTRE_V2_IBRS_ENHANCED] = "Mitigation: Enhanced IBRS", |
1262 | +}; |
1263 | + |
1264 | static const struct { |
1265 | const char *option; |
1266 | enum spectre_v2_mitigation_cmd cmd; |
1267 | bool secure; |
1268 | -} mitigation_options[] = { |
1269 | - { "off", SPECTRE_V2_CMD_NONE, false }, |
1270 | - { "on", SPECTRE_V2_CMD_FORCE, true }, |
1271 | - { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, |
1272 | - { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, |
1273 | - { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, |
1274 | - { "auto", SPECTRE_V2_CMD_AUTO, false }, |
1275 | +} mitigation_options[] __initdata = { |
1276 | + { "off", SPECTRE_V2_CMD_NONE, false }, |
1277 | + { "on", SPECTRE_V2_CMD_FORCE, true }, |
1278 | + { "retpoline", SPECTRE_V2_CMD_RETPOLINE, false }, |
1279 | + { "retpoline,amd", SPECTRE_V2_CMD_RETPOLINE_AMD, false }, |
1280 | + { "retpoline,generic", SPECTRE_V2_CMD_RETPOLINE_GENERIC, false }, |
1281 | + { "auto", SPECTRE_V2_CMD_AUTO, false }, |
1282 | }; |
1283 | |
1284 | +static void __init spec_v2_print_cond(const char *reason, bool secure) |
1285 | +{ |
1286 | + if (boot_cpu_has_bug(X86_BUG_SPECTRE_V2) != secure) |
1287 | + pr_info("%s selected on command line.\n", reason); |
1288 | +} |
1289 | + |
1290 | static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) |
1291 | { |
1292 | + enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; |
1293 | char arg[20]; |
1294 | int ret, i; |
1295 | - enum spectre_v2_mitigation_cmd cmd = SPECTRE_V2_CMD_AUTO; |
1296 | |
1297 | if (cmdline_find_option_bool(boot_command_line, "nospectre_v2")) |
1298 | return SPECTRE_V2_CMD_NONE; |
1299 | - else { |
1300 | - ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); |
1301 | - if (ret < 0) |
1302 | - return SPECTRE_V2_CMD_AUTO; |
1303 | |
1304 | - for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { |
1305 | - if (!match_option(arg, ret, mitigation_options[i].option)) |
1306 | - continue; |
1307 | - cmd = mitigation_options[i].cmd; |
1308 | - break; |
1309 | - } |
1310 | + ret = cmdline_find_option(boot_command_line, "spectre_v2", arg, sizeof(arg)); |
1311 | + if (ret < 0) |
1312 | + return SPECTRE_V2_CMD_AUTO; |
1313 | |
1314 | - if (i >= ARRAY_SIZE(mitigation_options)) { |
1315 | - pr_err("unknown option (%s). Switching to AUTO select\n", arg); |
1316 | - return SPECTRE_V2_CMD_AUTO; |
1317 | - } |
1318 | + for (i = 0; i < ARRAY_SIZE(mitigation_options); i++) { |
1319 | + if (!match_option(arg, ret, mitigation_options[i].option)) |
1320 | + continue; |
1321 | + cmd = mitigation_options[i].cmd; |
1322 | + break; |
1323 | + } |
1324 | + |
1325 | + if (i >= ARRAY_SIZE(mitigation_options)) { |
1326 | + pr_err("unknown option (%s). Switching to AUTO select\n", arg); |
1327 | + return SPECTRE_V2_CMD_AUTO; |
1328 | } |
1329 | |
1330 | if ((cmd == SPECTRE_V2_CMD_RETPOLINE || |
1331 | @@ -317,11 +461,8 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) |
1332 | return SPECTRE_V2_CMD_AUTO; |
1333 | } |
1334 | |
1335 | - if (mitigation_options[i].secure) |
1336 | - spec2_print_if_secure(mitigation_options[i].option); |
1337 | - else |
1338 | - spec2_print_if_insecure(mitigation_options[i].option); |
1339 | - |
1340 | + spec_v2_print_cond(mitigation_options[i].option, |
1341 | + mitigation_options[i].secure); |
1342 | return cmd; |
1343 | } |
1344 | |
1345 | @@ -377,14 +518,12 @@ retpoline_auto: |
1346 | pr_err("Spectre mitigation: LFENCE not serializing, switching to generic retpoline\n"); |
1347 | goto retpoline_generic; |
1348 | } |
1349 | - mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_AMD : |
1350 | - SPECTRE_V2_RETPOLINE_MINIMAL_AMD; |
1351 | + mode = SPECTRE_V2_RETPOLINE_AMD; |
1352 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE_AMD); |
1353 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE); |
1354 | } else { |
1355 | retpoline_generic: |
1356 | - mode = retp_compiler() ? SPECTRE_V2_RETPOLINE_GENERIC : |
1357 | - SPECTRE_V2_RETPOLINE_MINIMAL; |
1358 | + mode = SPECTRE_V2_RETPOLINE_GENERIC; |
1359 | setup_force_cpu_cap(X86_FEATURE_RETPOLINE); |
1360 | } |
1361 | |
1362 | @@ -403,12 +542,6 @@ specv2_set_mode: |
1363 | setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); |
1364 | pr_info("Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch\n"); |
1365 | |
1366 | - /* Initialize Indirect Branch Prediction Barrier if supported */ |
1367 | - if (boot_cpu_has(X86_FEATURE_IBPB)) { |
1368 | - setup_force_cpu_cap(X86_FEATURE_USE_IBPB); |
1369 | - pr_info("Spectre v2 mitigation: Enabling Indirect Branch Prediction Barrier\n"); |
1370 | - } |
1371 | - |
1372 | /* |
1373 | * Retpoline means the kernel is safe because it has no indirect |
1374 | * branches. Enhanced IBRS protects firmware too, so, enable restricted |
1375 | @@ -424,6 +557,66 @@ specv2_set_mode: |
1376 | setup_force_cpu_cap(X86_FEATURE_USE_IBRS_FW); |
1377 | pr_info("Enabling Restricted Speculation for firmware calls\n"); |
1378 | } |
1379 | + |
1380 | + /* Set up IBPB and STIBP depending on the general spectre V2 command */ |
1381 | + spectre_v2_user_select_mitigation(cmd); |
1382 | + |
1383 | + /* Enable STIBP if appropriate */ |
1384 | + arch_smt_update(); |
1385 | +} |
1386 | + |
1387 | +static void update_stibp_msr(void * __unused) |
1388 | +{ |
1389 | + wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base); |
1390 | +} |
1391 | + |
1392 | +/* Update x86_spec_ctrl_base in case SMT state changed. */ |
1393 | +static void update_stibp_strict(void) |
1394 | +{ |
1395 | + u64 mask = x86_spec_ctrl_base & ~SPEC_CTRL_STIBP; |
1396 | + |
1397 | + if (sched_smt_active()) |
1398 | + mask |= SPEC_CTRL_STIBP; |
1399 | + |
1400 | + if (mask == x86_spec_ctrl_base) |
1401 | + return; |
1402 | + |
1403 | + pr_info("Update user space SMT mitigation: STIBP %s\n", |
1404 | + mask & SPEC_CTRL_STIBP ? "always-on" : "off"); |
1405 | + x86_spec_ctrl_base = mask; |
1406 | + on_each_cpu(update_stibp_msr, NULL, 1); |
1407 | +} |
1408 | + |
1409 | +/* Update the static key controlling the evaluation of TIF_SPEC_IB */ |
1410 | +static void update_indir_branch_cond(void) |
1411 | +{ |
1412 | + if (sched_smt_active()) |
1413 | + static_branch_enable(&switch_to_cond_stibp); |
1414 | + else |
1415 | + static_branch_disable(&switch_to_cond_stibp); |
1416 | +} |
1417 | + |
1418 | +void arch_smt_update(void) |
1419 | +{ |
1420 | + /* Enhanced IBRS implies STIBP. No update required. */ |
1421 | + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) |
1422 | + return; |
1423 | + |
1424 | + mutex_lock(&spec_ctrl_mutex); |
1425 | + |
1426 | + switch (spectre_v2_user) { |
1427 | + case SPECTRE_V2_USER_NONE: |
1428 | + break; |
1429 | + case SPECTRE_V2_USER_STRICT: |
1430 | + update_stibp_strict(); |
1431 | + break; |
1432 | + case SPECTRE_V2_USER_PRCTL: |
1433 | + case SPECTRE_V2_USER_SECCOMP: |
1434 | + update_indir_branch_cond(); |
1435 | + break; |
1436 | + } |
1437 | + |
1438 | + mutex_unlock(&spec_ctrl_mutex); |
1439 | } |
1440 | |
1441 | #undef pr_fmt |
1442 | @@ -440,7 +633,7 @@ enum ssb_mitigation_cmd { |
1443 | SPEC_STORE_BYPASS_CMD_SECCOMP, |
1444 | }; |
1445 | |
1446 | -static const char *ssb_strings[] = { |
1447 | +static const char * const ssb_strings[] = { |
1448 | [SPEC_STORE_BYPASS_NONE] = "Vulnerable", |
1449 | [SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled", |
1450 | [SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl", |
1451 | @@ -450,7 +643,7 @@ static const char *ssb_strings[] = { |
1452 | static const struct { |
1453 | const char *option; |
1454 | enum ssb_mitigation_cmd cmd; |
1455 | -} ssb_mitigation_options[] = { |
1456 | +} ssb_mitigation_options[] __initdata = { |
1457 | { "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */ |
1458 | { "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */ |
1459 | { "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */ |
1460 | @@ -561,10 +754,25 @@ static void ssb_select_mitigation(void) |
1461 | #undef pr_fmt |
1462 | #define pr_fmt(fmt) "Speculation prctl: " fmt |
1463 | |
1464 | -static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) |
1465 | +static void task_update_spec_tif(struct task_struct *tsk) |
1466 | { |
1467 | - bool update; |
1468 | + /* Force the update of the real TIF bits */ |
1469 | + set_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE); |
1470 | |
1471 | + /* |
1472 | + * Immediately update the speculation control MSRs for the current |
1473 | + * task, but for a non-current task delay setting the CPU |
1474 | + * mitigation until it is scheduled next. |
1475 | + * |
1476 | + * This can only happen for SECCOMP mitigation. For PRCTL it's |
1477 | + * always the current task. |
1478 | + */ |
1479 | + if (tsk == current) |
1480 | + speculation_ctrl_update_current(); |
1481 | +} |
1482 | + |
1483 | +static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) |
1484 | +{ |
1485 | if (ssb_mode != SPEC_STORE_BYPASS_PRCTL && |
1486 | ssb_mode != SPEC_STORE_BYPASS_SECCOMP) |
1487 | return -ENXIO; |
1488 | @@ -575,28 +783,56 @@ static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl) |
1489 | if (task_spec_ssb_force_disable(task)) |
1490 | return -EPERM; |
1491 | task_clear_spec_ssb_disable(task); |
1492 | - update = test_and_clear_tsk_thread_flag(task, TIF_SSBD); |
1493 | + task_update_spec_tif(task); |
1494 | break; |
1495 | case PR_SPEC_DISABLE: |
1496 | task_set_spec_ssb_disable(task); |
1497 | - update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); |
1498 | + task_update_spec_tif(task); |
1499 | break; |
1500 | case PR_SPEC_FORCE_DISABLE: |
1501 | task_set_spec_ssb_disable(task); |
1502 | task_set_spec_ssb_force_disable(task); |
1503 | - update = !test_and_set_tsk_thread_flag(task, TIF_SSBD); |
1504 | + task_update_spec_tif(task); |
1505 | break; |
1506 | default: |
1507 | return -ERANGE; |
1508 | } |
1509 | + return 0; |
1510 | +} |
1511 | |
1512 | - /* |
1513 | - * If being set on non-current task, delay setting the CPU |
1514 | - * mitigation until it is next scheduled. |
1515 | - */ |
1516 | - if (task == current && update) |
1517 | - speculative_store_bypass_update_current(); |
1518 | - |
1519 | +static int ib_prctl_set(struct task_struct *task, unsigned long ctrl) |
1520 | +{ |
1521 | + switch (ctrl) { |
1522 | + case PR_SPEC_ENABLE: |
1523 | + if (spectre_v2_user == SPECTRE_V2_USER_NONE) |
1524 | + return 0; |
1525 | + /* |
1526 | + * Indirect branch speculation is always disabled in strict |
1527 | + * mode. |
1528 | + */ |
1529 | + if (spectre_v2_user == SPECTRE_V2_USER_STRICT) |
1530 | + return -EPERM; |
1531 | + task_clear_spec_ib_disable(task); |
1532 | + task_update_spec_tif(task); |
1533 | + break; |
1534 | + case PR_SPEC_DISABLE: |
1535 | + case PR_SPEC_FORCE_DISABLE: |
1536 | + /* |
1537 | + * Indirect branch speculation is always allowed when |
1538 | + * mitigation is force disabled. |
1539 | + */ |
1540 | + if (spectre_v2_user == SPECTRE_V2_USER_NONE) |
1541 | + return -EPERM; |
1542 | + if (spectre_v2_user == SPECTRE_V2_USER_STRICT) |
1543 | + return 0; |
1544 | + task_set_spec_ib_disable(task); |
1545 | + if (ctrl == PR_SPEC_FORCE_DISABLE) |
1546 | + task_set_spec_ib_force_disable(task); |
1547 | + task_update_spec_tif(task); |
1548 | + break; |
1549 | + default: |
1550 | + return -ERANGE; |
1551 | + } |
1552 | return 0; |
1553 | } |
1554 | |
1555 | @@ -606,6 +842,8 @@ int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which, |
1556 | switch (which) { |
1557 | case PR_SPEC_STORE_BYPASS: |
1558 | return ssb_prctl_set(task, ctrl); |
1559 | + case PR_SPEC_INDIRECT_BRANCH: |
1560 | + return ib_prctl_set(task, ctrl); |
1561 | default: |
1562 | return -ENODEV; |
1563 | } |
1564 | @@ -616,6 +854,8 @@ void arch_seccomp_spec_mitigate(struct task_struct *task) |
1565 | { |
1566 | if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP) |
1567 | ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE); |
1568 | + if (spectre_v2_user == SPECTRE_V2_USER_SECCOMP) |
1569 | + ib_prctl_set(task, PR_SPEC_FORCE_DISABLE); |
1570 | } |
1571 | #endif |
1572 | |
1573 | @@ -638,11 +878,35 @@ static int ssb_prctl_get(struct task_struct *task) |
1574 | } |
1575 | } |
1576 | |
1577 | +static int ib_prctl_get(struct task_struct *task) |
1578 | +{ |
1579 | + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2)) |
1580 | + return PR_SPEC_NOT_AFFECTED; |
1581 | + |
1582 | + switch (spectre_v2_user) { |
1583 | + case SPECTRE_V2_USER_NONE: |
1584 | + return PR_SPEC_ENABLE; |
1585 | + case SPECTRE_V2_USER_PRCTL: |
1586 | + case SPECTRE_V2_USER_SECCOMP: |
1587 | + if (task_spec_ib_force_disable(task)) |
1588 | + return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE; |
1589 | + if (task_spec_ib_disable(task)) |
1590 | + return PR_SPEC_PRCTL | PR_SPEC_DISABLE; |
1591 | + return PR_SPEC_PRCTL | PR_SPEC_ENABLE; |
1592 | + case SPECTRE_V2_USER_STRICT: |
1593 | + return PR_SPEC_DISABLE; |
1594 | + default: |
1595 | + return PR_SPEC_NOT_AFFECTED; |
1596 | + } |
1597 | +} |
1598 | + |
1599 | int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which) |
1600 | { |
1601 | switch (which) { |
1602 | case PR_SPEC_STORE_BYPASS: |
1603 | return ssb_prctl_get(task); |
1604 | + case PR_SPEC_INDIRECT_BRANCH: |
1605 | + return ib_prctl_get(task); |
1606 | default: |
1607 | return -ENODEV; |
1608 | } |
1609 | @@ -780,7 +1044,7 @@ early_param("l1tf", l1tf_cmdline); |
1610 | #define L1TF_DEFAULT_MSG "Mitigation: PTE Inversion" |
1611 | |
1612 | #if IS_ENABLED(CONFIG_KVM_INTEL) |
1613 | -static const char *l1tf_vmx_states[] = { |
1614 | +static const char * const l1tf_vmx_states[] = { |
1615 | [VMENTER_L1D_FLUSH_AUTO] = "auto", |
1616 | [VMENTER_L1D_FLUSH_NEVER] = "vulnerable", |
1617 | [VMENTER_L1D_FLUSH_COND] = "conditional cache flushes", |
1618 | @@ -796,13 +1060,14 @@ static ssize_t l1tf_show_state(char *buf) |
1619 | |
1620 | if (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_EPT_DISABLED || |
1621 | (l1tf_vmx_mitigation == VMENTER_L1D_FLUSH_NEVER && |
1622 | - cpu_smt_control == CPU_SMT_ENABLED)) |
1623 | + sched_smt_active())) { |
1624 | return sprintf(buf, "%s; VMX: %s\n", L1TF_DEFAULT_MSG, |
1625 | l1tf_vmx_states[l1tf_vmx_mitigation]); |
1626 | + } |
1627 | |
1628 | return sprintf(buf, "%s; VMX: %s, SMT %s\n", L1TF_DEFAULT_MSG, |
1629 | l1tf_vmx_states[l1tf_vmx_mitigation], |
1630 | - cpu_smt_control == CPU_SMT_ENABLED ? "vulnerable" : "disabled"); |
1631 | + sched_smt_active() ? "vulnerable" : "disabled"); |
1632 | } |
1633 | #else |
1634 | static ssize_t l1tf_show_state(char *buf) |
1635 | @@ -811,6 +1076,36 @@ static ssize_t l1tf_show_state(char *buf) |
1636 | } |
1637 | #endif |
1638 | |
1639 | +static char *stibp_state(void) |
1640 | +{ |
1641 | + if (spectre_v2_enabled == SPECTRE_V2_IBRS_ENHANCED) |
1642 | + return ""; |
1643 | + |
1644 | + switch (spectre_v2_user) { |
1645 | + case SPECTRE_V2_USER_NONE: |
1646 | + return ", STIBP: disabled"; |
1647 | + case SPECTRE_V2_USER_STRICT: |
1648 | + return ", STIBP: forced"; |
1649 | + case SPECTRE_V2_USER_PRCTL: |
1650 | + case SPECTRE_V2_USER_SECCOMP: |
1651 | + if (static_key_enabled(&switch_to_cond_stibp)) |
1652 | + return ", STIBP: conditional"; |
1653 | + } |
1654 | + return ""; |
1655 | +} |
1656 | + |
1657 | +static char *ibpb_state(void) |
1658 | +{ |
1659 | + if (boot_cpu_has(X86_FEATURE_IBPB)) { |
1660 | + if (static_key_enabled(&switch_mm_always_ibpb)) |
1661 | + return ", IBPB: always-on"; |
1662 | + if (static_key_enabled(&switch_mm_cond_ibpb)) |
1663 | + return ", IBPB: conditional"; |
1664 | + return ", IBPB: disabled"; |
1665 | + } |
1666 | + return ""; |
1667 | +} |
1668 | + |
1669 | static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, |
1670 | char *buf, unsigned int bug) |
1671 | { |
1672 | @@ -831,9 +1126,11 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr |
1673 | return sprintf(buf, "Mitigation: __user pointer sanitization\n"); |
1674 | |
1675 | case X86_BUG_SPECTRE_V2: |
1676 | - return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], |
1677 | - boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "", |
1678 | + return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], |
1679 | + ibpb_state(), |
1680 | boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "", |
1681 | + stibp_state(), |
1682 | + boot_cpu_has(X86_FEATURE_RSB_CTXSW) ? ", RSB filling" : "", |
1683 | spectre_v2_module_string()); |
1684 | |
1685 | case X86_BUG_SPEC_STORE_BYPASS: |
1686 | diff --git a/arch/x86/kernel/cpu/mcheck/mce_amd.c b/arch/x86/kernel/cpu/mcheck/mce_amd.c |
1687 | index dd33c357548f..e12454e21b8a 100644 |
1688 | --- a/arch/x86/kernel/cpu/mcheck/mce_amd.c |
1689 | +++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c |
1690 | @@ -56,7 +56,7 @@ |
1691 | /* Threshold LVT offset is at MSR0xC0000410[15:12] */ |
1692 | #define SMCA_THR_LVT_OFF 0xF000 |
1693 | |
1694 | -static bool thresholding_en; |
1695 | +static bool thresholding_irq_en; |
1696 | |
1697 | static const char * const th_names[] = { |
1698 | "load_store", |
1699 | @@ -534,9 +534,8 @@ prepare_threshold_block(unsigned int bank, unsigned int block, u32 addr, |
1700 | |
1701 | set_offset: |
1702 | offset = setup_APIC_mce_threshold(offset, new); |
1703 | - |
1704 | - if ((offset == new) && (mce_threshold_vector != amd_threshold_interrupt)) |
1705 | - mce_threshold_vector = amd_threshold_interrupt; |
1706 | + if (offset == new) |
1707 | + thresholding_irq_en = true; |
1708 | |
1709 | done: |
1710 | mce_threshold_block_init(&b, offset); |
1711 | @@ -1357,9 +1356,6 @@ int mce_threshold_remove_device(unsigned int cpu) |
1712 | { |
1713 | unsigned int bank; |
1714 | |
1715 | - if (!thresholding_en) |
1716 | - return 0; |
1717 | - |
1718 | for (bank = 0; bank < mca_cfg.banks; ++bank) { |
1719 | if (!(per_cpu(bank_map, cpu) & (1 << bank))) |
1720 | continue; |
1721 | @@ -1377,9 +1373,6 @@ int mce_threshold_create_device(unsigned int cpu) |
1722 | struct threshold_bank **bp; |
1723 | int err = 0; |
1724 | |
1725 | - if (!thresholding_en) |
1726 | - return 0; |
1727 | - |
1728 | bp = per_cpu(threshold_banks, cpu); |
1729 | if (bp) |
1730 | return 0; |
1731 | @@ -1408,9 +1401,6 @@ static __init int threshold_init_device(void) |
1732 | { |
1733 | unsigned lcpu = 0; |
1734 | |
1735 | - if (mce_threshold_vector == amd_threshold_interrupt) |
1736 | - thresholding_en = true; |
1737 | - |
1738 | /* to hit CPUs online before the notifier is up */ |
1739 | for_each_online_cpu(lcpu) { |
1740 | int err = mce_threshold_create_device(lcpu); |
1741 | @@ -1419,6 +1409,9 @@ static __init int threshold_init_device(void) |
1742 | return err; |
1743 | } |
1744 | |
1745 | + if (thresholding_irq_en) |
1746 | + mce_threshold_vector = amd_threshold_interrupt; |
1747 | + |
1748 | return 0; |
1749 | } |
1750 | /* |
1751 | diff --git a/arch/x86/kernel/fpu/signal.c b/arch/x86/kernel/fpu/signal.c |
1752 | index 61a949d84dfa..d99a8ee9e185 100644 |
1753 | --- a/arch/x86/kernel/fpu/signal.c |
1754 | +++ b/arch/x86/kernel/fpu/signal.c |
1755 | @@ -344,10 +344,10 @@ static int __fpu__restore_sig(void __user *buf, void __user *buf_fx, int size) |
1756 | sanitize_restored_xstate(tsk, &env, xfeatures, fx_only); |
1757 | } |
1758 | |
1759 | + local_bh_disable(); |
1760 | fpu->initialized = 1; |
1761 | - preempt_disable(); |
1762 | fpu__restore(fpu); |
1763 | - preempt_enable(); |
1764 | + local_bh_enable(); |
1765 | |
1766 | return err; |
1767 | } else { |
1768 | diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c |
1769 | index 01ebcb6f263e..7ee8067cbf45 100644 |
1770 | --- a/arch/x86/kernel/ftrace.c |
1771 | +++ b/arch/x86/kernel/ftrace.c |
1772 | @@ -994,7 +994,6 @@ void prepare_ftrace_return(unsigned long self_addr, unsigned long *parent, |
1773 | { |
1774 | unsigned long old; |
1775 | int faulted; |
1776 | - struct ftrace_graph_ent trace; |
1777 | unsigned long return_hooker = (unsigned long) |
1778 | &return_to_handler; |
1779 | |
1780 | @@ -1046,19 +1045,7 @@ void prepare_ftrace_return(unsigned long self_addr, unsigned long *parent, |
1781 | return; |
1782 | } |
1783 | |
1784 | - trace.func = self_addr; |
1785 | - trace.depth = current->curr_ret_stack + 1; |
1786 | - |
1787 | - /* Only trace if the calling function expects to */ |
1788 | - if (!ftrace_graph_entry(&trace)) { |
1789 | + if (function_graph_enter(old, self_addr, frame_pointer, parent)) |
1790 | *parent = old; |
1791 | - return; |
1792 | - } |
1793 | - |
1794 | - if (ftrace_push_return_trace(old, self_addr, &trace.depth, |
1795 | - frame_pointer, parent) == -EBUSY) { |
1796 | - *parent = old; |
1797 | - return; |
1798 | - } |
1799 | } |
1800 | #endif /* CONFIG_FUNCTION_GRAPH_TRACER */ |
1801 | diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c |
1802 | index c93fcfdf1673..7d31192296a8 100644 |
1803 | --- a/arch/x86/kernel/process.c |
1804 | +++ b/arch/x86/kernel/process.c |
1805 | @@ -40,6 +40,8 @@ |
1806 | #include <asm/prctl.h> |
1807 | #include <asm/spec-ctrl.h> |
1808 | |
1809 | +#include "process.h" |
1810 | + |
1811 | /* |
1812 | * per-CPU TSS segments. Threads are completely 'soft' on Linux, |
1813 | * no more per-task TSS's. The TSS size is kept cacheline-aligned |
1814 | @@ -252,11 +254,12 @@ void arch_setup_new_exec(void) |
1815 | enable_cpuid(); |
1816 | } |
1817 | |
1818 | -static inline void switch_to_bitmap(struct tss_struct *tss, |
1819 | - struct thread_struct *prev, |
1820 | +static inline void switch_to_bitmap(struct thread_struct *prev, |
1821 | struct thread_struct *next, |
1822 | unsigned long tifp, unsigned long tifn) |
1823 | { |
1824 | + struct tss_struct *tss = this_cpu_ptr(&cpu_tss_rw); |
1825 | + |
1826 | if (tifn & _TIF_IO_BITMAP) { |
1827 | /* |
1828 | * Copy the relevant range of the IO bitmap. |
1829 | @@ -395,32 +398,85 @@ static __always_inline void amd_set_ssb_virt_state(unsigned long tifn) |
1830 | wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn)); |
1831 | } |
1832 | |
1833 | -static __always_inline void intel_set_ssb_state(unsigned long tifn) |
1834 | +/* |
1835 | + * Update the MSRs managing speculation control, during context switch. |
1836 | + * |
1837 | + * tifp: Previous task's thread flags |
1838 | + * tifn: Next task's thread flags |
1839 | + */ |
1840 | +static __always_inline void __speculation_ctrl_update(unsigned long tifp, |
1841 | + unsigned long tifn) |
1842 | { |
1843 | - u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn); |
1844 | + unsigned long tif_diff = tifp ^ tifn; |
1845 | + u64 msr = x86_spec_ctrl_base; |
1846 | + bool updmsr = false; |
1847 | + |
1848 | + /* |
1849 | + * If TIF_SSBD is different, select the proper mitigation |
1850 | + * method. Note that if SSBD mitigation is disabled or permanentely |
1851 | + * enabled this branch can't be taken because nothing can set |
1852 | + * TIF_SSBD. |
1853 | + */ |
1854 | + if (tif_diff & _TIF_SSBD) { |
1855 | + if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) { |
1856 | + amd_set_ssb_virt_state(tifn); |
1857 | + } else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) { |
1858 | + amd_set_core_ssb_state(tifn); |
1859 | + } else if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD) || |
1860 | + static_cpu_has(X86_FEATURE_AMD_SSBD)) { |
1861 | + msr |= ssbd_tif_to_spec_ctrl(tifn); |
1862 | + updmsr = true; |
1863 | + } |
1864 | + } |
1865 | + |
1866 | + /* |
1867 | + * Only evaluate TIF_SPEC_IB if conditional STIBP is enabled, |
1868 | + * otherwise avoid the MSR write. |
1869 | + */ |
1870 | + if (IS_ENABLED(CONFIG_SMP) && |
1871 | + static_branch_unlikely(&switch_to_cond_stibp)) { |
1872 | + updmsr |= !!(tif_diff & _TIF_SPEC_IB); |
1873 | + msr |= stibp_tif_to_spec_ctrl(tifn); |
1874 | + } |
1875 | |
1876 | - wrmsrl(MSR_IA32_SPEC_CTRL, msr); |
1877 | + if (updmsr) |
1878 | + wrmsrl(MSR_IA32_SPEC_CTRL, msr); |
1879 | } |
1880 | |
1881 | -static __always_inline void __speculative_store_bypass_update(unsigned long tifn) |
1882 | +static unsigned long speculation_ctrl_update_tif(struct task_struct *tsk) |
1883 | { |
1884 | - if (static_cpu_has(X86_FEATURE_VIRT_SSBD)) |
1885 | - amd_set_ssb_virt_state(tifn); |
1886 | - else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD)) |
1887 | - amd_set_core_ssb_state(tifn); |
1888 | - else |
1889 | - intel_set_ssb_state(tifn); |
1890 | + if (test_and_clear_tsk_thread_flag(tsk, TIF_SPEC_FORCE_UPDATE)) { |
1891 | + if (task_spec_ssb_disable(tsk)) |
1892 | + set_tsk_thread_flag(tsk, TIF_SSBD); |
1893 | + else |
1894 | + clear_tsk_thread_flag(tsk, TIF_SSBD); |
1895 | + |
1896 | + if (task_spec_ib_disable(tsk)) |
1897 | + set_tsk_thread_flag(tsk, TIF_SPEC_IB); |
1898 | + else |
1899 | + clear_tsk_thread_flag(tsk, TIF_SPEC_IB); |
1900 | + } |
1901 | + /* Return the updated threadinfo flags*/ |
1902 | + return task_thread_info(tsk)->flags; |
1903 | } |
1904 | |
1905 | -void speculative_store_bypass_update(unsigned long tif) |
1906 | +void speculation_ctrl_update(unsigned long tif) |
1907 | { |
1908 | + /* Forced update. Make sure all relevant TIF flags are different */ |
1909 | preempt_disable(); |
1910 | - __speculative_store_bypass_update(tif); |
1911 | + __speculation_ctrl_update(~tif, tif); |
1912 | preempt_enable(); |
1913 | } |
1914 | |
1915 | -void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
1916 | - struct tss_struct *tss) |
1917 | +/* Called from seccomp/prctl update */ |
1918 | +void speculation_ctrl_update_current(void) |
1919 | +{ |
1920 | + preempt_disable(); |
1921 | + speculation_ctrl_update(speculation_ctrl_update_tif(current)); |
1922 | + preempt_enable(); |
1923 | +} |
1924 | + |
1925 | +void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p) |
1926 | { |
1927 | struct thread_struct *prev, *next; |
1928 | unsigned long tifp, tifn; |
1929 | @@ -430,7 +486,7 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
1930 | |
1931 | tifn = READ_ONCE(task_thread_info(next_p)->flags); |
1932 | tifp = READ_ONCE(task_thread_info(prev_p)->flags); |
1933 | - switch_to_bitmap(tss, prev, next, tifp, tifn); |
1934 | + switch_to_bitmap(prev, next, tifp, tifn); |
1935 | |
1936 | propagate_user_return_notify(prev_p, next_p); |
1937 | |
1938 | @@ -451,8 +507,15 @@ void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p, |
1939 | if ((tifp ^ tifn) & _TIF_NOCPUID) |
1940 | set_cpuid_faulting(!!(tifn & _TIF_NOCPUID)); |
1941 | |
1942 | - if ((tifp ^ tifn) & _TIF_SSBD) |
1943 | - __speculative_store_bypass_update(tifn); |
1944 | + if (likely(!((tifp | tifn) & _TIF_SPEC_FORCE_UPDATE))) { |
1945 | + __speculation_ctrl_update(tifp, tifn); |
1946 | + } else { |
1947 | + speculation_ctrl_update_tif(prev_p); |
1948 | + tifn = speculation_ctrl_update_tif(next_p); |
1949 | + |
1950 | + /* Enforce MSR update to ensure consistent state */ |
1951 | + __speculation_ctrl_update(~tifn, tifn); |
1952 | + } |
1953 | } |
1954 | |
1955 | /* |
1956 | diff --git a/arch/x86/kernel/process.h b/arch/x86/kernel/process.h |
1957 | new file mode 100644 |
1958 | index 000000000000..898e97cf6629 |
1959 | --- /dev/null |
1960 | +++ b/arch/x86/kernel/process.h |
1961 | @@ -0,0 +1,39 @@ |
1962 | +// SPDX-License-Identifier: GPL-2.0 |
1963 | +// |
1964 | +// Code shared between 32 and 64 bit |
1965 | + |
1966 | +#include <asm/spec-ctrl.h> |
1967 | + |
1968 | +void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p); |
1969 | + |
1970 | +/* |
1971 | + * This needs to be inline to optimize for the common case where no extra |
1972 | + * work needs to be done. |
1973 | + */ |
1974 | +static inline void switch_to_extra(struct task_struct *prev, |
1975 | + struct task_struct *next) |
1976 | +{ |
1977 | + unsigned long next_tif = task_thread_info(next)->flags; |
1978 | + unsigned long prev_tif = task_thread_info(prev)->flags; |
1979 | + |
1980 | + if (IS_ENABLED(CONFIG_SMP)) { |
1981 | + /* |
1982 | + * Avoid __switch_to_xtra() invocation when conditional |
1983 | + * STIPB is disabled and the only different bit is |
1984 | + * TIF_SPEC_IB. For CONFIG_SMP=n TIF_SPEC_IB is not |
1985 | + * in the TIF_WORK_CTXSW masks. |
1986 | + */ |
1987 | + if (!static_branch_likely(&switch_to_cond_stibp)) { |
1988 | + prev_tif &= ~_TIF_SPEC_IB; |
1989 | + next_tif &= ~_TIF_SPEC_IB; |
1990 | + } |
1991 | + } |
1992 | + |
1993 | + /* |
1994 | + * __switch_to_xtra() handles debug registers, i/o bitmaps, |
1995 | + * speculation mitigations etc. |
1996 | + */ |
1997 | + if (unlikely(next_tif & _TIF_WORK_CTXSW_NEXT || |
1998 | + prev_tif & _TIF_WORK_CTXSW_PREV)) |
1999 | + __switch_to_xtra(prev, next); |
2000 | +} |
2001 | diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c |
2002 | index 5046a3c9dec2..d3e593eb189f 100644 |
2003 | --- a/arch/x86/kernel/process_32.c |
2004 | +++ b/arch/x86/kernel/process_32.c |
2005 | @@ -59,6 +59,8 @@ |
2006 | #include <asm/intel_rdt_sched.h> |
2007 | #include <asm/proto.h> |
2008 | |
2009 | +#include "process.h" |
2010 | + |
2011 | void __show_regs(struct pt_regs *regs, enum show_regs_mode mode) |
2012 | { |
2013 | unsigned long cr0 = 0L, cr2 = 0L, cr3 = 0L, cr4 = 0L; |
2014 | @@ -232,7 +234,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
2015 | struct fpu *prev_fpu = &prev->fpu; |
2016 | struct fpu *next_fpu = &next->fpu; |
2017 | int cpu = smp_processor_id(); |
2018 | - struct tss_struct *tss = &per_cpu(cpu_tss_rw, cpu); |
2019 | |
2020 | /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ |
2021 | |
2022 | @@ -264,12 +265,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
2023 | if (get_kernel_rpl() && unlikely(prev->iopl != next->iopl)) |
2024 | set_iopl_mask(next->iopl); |
2025 | |
2026 | - /* |
2027 | - * Now maybe handle debug registers and/or IO bitmaps |
2028 | - */ |
2029 | - if (unlikely(task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV || |
2030 | - task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT)) |
2031 | - __switch_to_xtra(prev_p, next_p, tss); |
2032 | + switch_to_extra(prev_p, next_p); |
2033 | |
2034 | /* |
2035 | * Leave lazy mode, flushing any hypercalls made here. |
2036 | diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
2037 | index ea5ea850348d..a0854f283efd 100644 |
2038 | --- a/arch/x86/kernel/process_64.c |
2039 | +++ b/arch/x86/kernel/process_64.c |
2040 | @@ -59,6 +59,8 @@ |
2041 | #include <asm/unistd_32_ia32.h> |
2042 | #endif |
2043 | |
2044 | +#include "process.h" |
2045 | + |
2046 | __visible DEFINE_PER_CPU(unsigned long, rsp_scratch); |
2047 | |
2048 | /* Prints also some state that isn't saved in the pt_regs */ |
2049 | @@ -422,7 +424,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
2050 | struct fpu *prev_fpu = &prev->fpu; |
2051 | struct fpu *next_fpu = &next->fpu; |
2052 | int cpu = smp_processor_id(); |
2053 | - struct tss_struct *tss = &per_cpu(cpu_tss_rw, cpu); |
2054 | |
2055 | WARN_ON_ONCE(IS_ENABLED(CONFIG_DEBUG_ENTRY) && |
2056 | this_cpu_read(irq_count) != -1); |
2057 | @@ -489,12 +490,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) |
2058 | /* Reload sp0. */ |
2059 | update_task_stack(next_p); |
2060 | |
2061 | - /* |
2062 | - * Now maybe reload the debug registers and handle I/O bitmaps |
2063 | - */ |
2064 | - if (unlikely(task_thread_info(next_p)->flags & _TIF_WORK_CTXSW_NEXT || |
2065 | - task_thread_info(prev_p)->flags & _TIF_WORK_CTXSW_PREV)) |
2066 | - __switch_to_xtra(prev_p, next_p, tss); |
2067 | + switch_to_extra(prev_p, next_p); |
2068 | |
2069 | #ifdef CONFIG_XEN_PV |
2070 | /* |
2071 | diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c |
2072 | index fbb0e6df121b..2216d21e955d 100644 |
2073 | --- a/arch/x86/kvm/lapic.c |
2074 | +++ b/arch/x86/kvm/lapic.c |
2075 | @@ -571,6 +571,11 @@ int kvm_pv_send_ipi(struct kvm *kvm, unsigned long ipi_bitmap_low, |
2076 | rcu_read_lock(); |
2077 | map = rcu_dereference(kvm->arch.apic_map); |
2078 | |
2079 | + if (unlikely(!map)) { |
2080 | + count = -EOPNOTSUPP; |
2081 | + goto out; |
2082 | + } |
2083 | + |
2084 | if (min > map->max_apic_id) |
2085 | goto out; |
2086 | /* Bits above cluster_size are masked in the caller. */ |
2087 | diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c |
2088 | index 51b953ad9d4e..1b82bc7c3cca 100644 |
2089 | --- a/arch/x86/kvm/mmu.c |
2090 | +++ b/arch/x86/kvm/mmu.c |
2091 | @@ -5013,9 +5013,9 @@ static bool need_remote_flush(u64 old, u64 new) |
2092 | } |
2093 | |
2094 | static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa, |
2095 | - const u8 *new, int *bytes) |
2096 | + int *bytes) |
2097 | { |
2098 | - u64 gentry; |
2099 | + u64 gentry = 0; |
2100 | int r; |
2101 | |
2102 | /* |
2103 | @@ -5027,22 +5027,12 @@ static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa, |
2104 | /* Handle a 32-bit guest writing two halves of a 64-bit gpte */ |
2105 | *gpa &= ~(gpa_t)7; |
2106 | *bytes = 8; |
2107 | - r = kvm_vcpu_read_guest(vcpu, *gpa, &gentry, 8); |
2108 | - if (r) |
2109 | - gentry = 0; |
2110 | - new = (const u8 *)&gentry; |
2111 | } |
2112 | |
2113 | - switch (*bytes) { |
2114 | - case 4: |
2115 | - gentry = *(const u32 *)new; |
2116 | - break; |
2117 | - case 8: |
2118 | - gentry = *(const u64 *)new; |
2119 | - break; |
2120 | - default: |
2121 | - gentry = 0; |
2122 | - break; |
2123 | + if (*bytes == 4 || *bytes == 8) { |
2124 | + r = kvm_vcpu_read_guest_atomic(vcpu, *gpa, &gentry, *bytes); |
2125 | + if (r) |
2126 | + gentry = 0; |
2127 | } |
2128 | |
2129 | return gentry; |
2130 | @@ -5146,8 +5136,6 @@ static void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, |
2131 | |
2132 | pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes); |
2133 | |
2134 | - gentry = mmu_pte_write_fetch_gpte(vcpu, &gpa, new, &bytes); |
2135 | - |
2136 | /* |
2137 | * No need to care whether allocation memory is successful |
2138 | * or not since pte prefetch is skiped if it does not have |
2139 | @@ -5156,6 +5144,9 @@ static void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, |
2140 | mmu_topup_memory_caches(vcpu); |
2141 | |
2142 | spin_lock(&vcpu->kvm->mmu_lock); |
2143 | + |
2144 | + gentry = mmu_pte_write_fetch_gpte(vcpu, &gpa, &bytes); |
2145 | + |
2146 | ++vcpu->kvm->stat.mmu_pte_write; |
2147 | kvm_mmu_audit(vcpu, AUDIT_PRE_PTE_WRITE); |
2148 | |
2149 | diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c |
2150 | index 61ccfb13899e..4397fa0c448f 100644 |
2151 | --- a/arch/x86/kvm/svm.c |
2152 | +++ b/arch/x86/kvm/svm.c |
2153 | @@ -1444,7 +1444,7 @@ static u64 svm_read_l1_tsc_offset(struct kvm_vcpu *vcpu) |
2154 | return vcpu->arch.tsc_offset; |
2155 | } |
2156 | |
2157 | -static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2158 | +static u64 svm_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2159 | { |
2160 | struct vcpu_svm *svm = to_svm(vcpu); |
2161 | u64 g_tsc_offset = 0; |
2162 | @@ -1462,6 +1462,7 @@ static void svm_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2163 | svm->vmcb->control.tsc_offset = offset + g_tsc_offset; |
2164 | |
2165 | mark_dirty(svm->vmcb, VMCB_INTERCEPTS); |
2166 | + return svm->vmcb->control.tsc_offset; |
2167 | } |
2168 | |
2169 | static void avic_init_vmcb(struct vcpu_svm *svm) |
2170 | @@ -2187,21 +2188,31 @@ out: |
2171 | return ERR_PTR(err); |
2172 | } |
2173 | |
2174 | +static void svm_clear_current_vmcb(struct vmcb *vmcb) |
2175 | +{ |
2176 | + int i; |
2177 | + |
2178 | + for_each_online_cpu(i) |
2179 | + cmpxchg(&per_cpu(svm_data, i)->current_vmcb, vmcb, NULL); |
2180 | +} |
2181 | + |
2182 | static void svm_free_vcpu(struct kvm_vcpu *vcpu) |
2183 | { |
2184 | struct vcpu_svm *svm = to_svm(vcpu); |
2185 | |
2186 | + /* |
2187 | + * The vmcb page can be recycled, causing a false negative in |
2188 | + * svm_vcpu_load(). So, ensure that no logical CPU has this |
2189 | + * vmcb page recorded as its current vmcb. |
2190 | + */ |
2191 | + svm_clear_current_vmcb(svm->vmcb); |
2192 | + |
2193 | __free_page(pfn_to_page(__sme_clr(svm->vmcb_pa) >> PAGE_SHIFT)); |
2194 | __free_pages(virt_to_page(svm->msrpm), MSRPM_ALLOC_ORDER); |
2195 | __free_page(virt_to_page(svm->nested.hsave)); |
2196 | __free_pages(virt_to_page(svm->nested.msrpm), MSRPM_ALLOC_ORDER); |
2197 | kvm_vcpu_uninit(vcpu); |
2198 | kmem_cache_free(kvm_vcpu_cache, svm); |
2199 | - /* |
2200 | - * The vmcb page can be recycled, causing a false negative in |
2201 | - * svm_vcpu_load(). So do a full IBPB now. |
2202 | - */ |
2203 | - indirect_branch_prediction_barrier(); |
2204 | } |
2205 | |
2206 | static void svm_vcpu_load(struct kvm_vcpu *vcpu, int cpu) |
2207 | @@ -7145,7 +7156,7 @@ static struct kvm_x86_ops svm_x86_ops __ro_after_init = { |
2208 | .has_wbinvd_exit = svm_has_wbinvd_exit, |
2209 | |
2210 | .read_l1_tsc_offset = svm_read_l1_tsc_offset, |
2211 | - .write_tsc_offset = svm_write_tsc_offset, |
2212 | + .write_l1_tsc_offset = svm_write_l1_tsc_offset, |
2213 | |
2214 | .set_tdp_cr3 = set_tdp_cr3, |
2215 | |
2216 | diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c |
2217 | index 9f3def7baa6d..e55f7a90d4b2 100644 |
2218 | --- a/arch/x86/kvm/vmx.c |
2219 | +++ b/arch/x86/kvm/vmx.c |
2220 | @@ -170,6 +170,7 @@ module_param_named(preemption_timer, enable_preemption_timer, bool, S_IRUGO); |
2221 | * refer SDM volume 3b section 21.6.13 & 22.1.3. |
2222 | */ |
2223 | static unsigned int ple_gap = KVM_DEFAULT_PLE_GAP; |
2224 | +module_param(ple_gap, uint, 0444); |
2225 | |
2226 | static unsigned int ple_window = KVM_VMX_DEFAULT_PLE_WINDOW; |
2227 | module_param(ple_window, uint, 0444); |
2228 | @@ -3433,11 +3434,9 @@ static u64 vmx_read_l1_tsc_offset(struct kvm_vcpu *vcpu) |
2229 | return vcpu->arch.tsc_offset; |
2230 | } |
2231 | |
2232 | -/* |
2233 | - * writes 'offset' into guest's timestamp counter offset register |
2234 | - */ |
2235 | -static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2236 | +static u64 vmx_write_l1_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2237 | { |
2238 | + u64 active_offset = offset; |
2239 | if (is_guest_mode(vcpu)) { |
2240 | /* |
2241 | * We're here if L1 chose not to trap WRMSR to TSC. According |
2242 | @@ -3445,17 +3444,16 @@ static void vmx_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2243 | * set for L2 remains unchanged, and still needs to be added |
2244 | * to the newly set TSC to get L2's TSC. |
2245 | */ |
2246 | - struct vmcs12 *vmcs12; |
2247 | - /* recalculate vmcs02.TSC_OFFSET: */ |
2248 | - vmcs12 = get_vmcs12(vcpu); |
2249 | - vmcs_write64(TSC_OFFSET, offset + |
2250 | - (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETING) ? |
2251 | - vmcs12->tsc_offset : 0)); |
2252 | + struct vmcs12 *vmcs12 = get_vmcs12(vcpu); |
2253 | + if (nested_cpu_has(vmcs12, CPU_BASED_USE_TSC_OFFSETING)) |
2254 | + active_offset += vmcs12->tsc_offset; |
2255 | } else { |
2256 | trace_kvm_write_tsc_offset(vcpu->vcpu_id, |
2257 | vmcs_read64(TSC_OFFSET), offset); |
2258 | - vmcs_write64(TSC_OFFSET, offset); |
2259 | } |
2260 | + |
2261 | + vmcs_write64(TSC_OFFSET, active_offset); |
2262 | + return active_offset; |
2263 | } |
2264 | |
2265 | /* |
2266 | @@ -14203,7 +14201,7 @@ static struct kvm_x86_ops vmx_x86_ops __ro_after_init = { |
2267 | .has_wbinvd_exit = cpu_has_vmx_wbinvd_exit, |
2268 | |
2269 | .read_l1_tsc_offset = vmx_read_l1_tsc_offset, |
2270 | - .write_tsc_offset = vmx_write_tsc_offset, |
2271 | + .write_l1_tsc_offset = vmx_write_l1_tsc_offset, |
2272 | |
2273 | .set_tdp_cr3 = vmx_set_cr3, |
2274 | |
2275 | diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c |
2276 | index ca717737347e..68b53f05a420 100644 |
2277 | --- a/arch/x86/kvm/x86.c |
2278 | +++ b/arch/x86/kvm/x86.c |
2279 | @@ -1582,8 +1582,7 @@ EXPORT_SYMBOL_GPL(kvm_read_l1_tsc); |
2280 | |
2281 | static void kvm_vcpu_write_tsc_offset(struct kvm_vcpu *vcpu, u64 offset) |
2282 | { |
2283 | - kvm_x86_ops->write_tsc_offset(vcpu, offset); |
2284 | - vcpu->arch.tsc_offset = offset; |
2285 | + vcpu->arch.tsc_offset = kvm_x86_ops->write_l1_tsc_offset(vcpu, offset); |
2286 | } |
2287 | |
2288 | static inline bool kvm_check_tsc_unstable(void) |
2289 | @@ -1711,7 +1710,8 @@ EXPORT_SYMBOL_GPL(kvm_write_tsc); |
2290 | static inline void adjust_tsc_offset_guest(struct kvm_vcpu *vcpu, |
2291 | s64 adjustment) |
2292 | { |
2293 | - kvm_vcpu_write_tsc_offset(vcpu, vcpu->arch.tsc_offset + adjustment); |
2294 | + u64 tsc_offset = kvm_x86_ops->read_l1_tsc_offset(vcpu); |
2295 | + kvm_vcpu_write_tsc_offset(vcpu, tsc_offset + adjustment); |
2296 | } |
2297 | |
2298 | static inline void adjust_tsc_offset_host(struct kvm_vcpu *vcpu, s64 adjustment) |
2299 | @@ -6788,6 +6788,7 @@ static int kvm_pv_clock_pairing(struct kvm_vcpu *vcpu, gpa_t paddr, |
2300 | clock_pairing.nsec = ts.tv_nsec; |
2301 | clock_pairing.tsc = kvm_read_l1_tsc(vcpu, cycle); |
2302 | clock_pairing.flags = 0; |
2303 | + memset(&clock_pairing.pad, 0, sizeof(clock_pairing.pad)); |
2304 | |
2305 | ret = 0; |
2306 | if (kvm_write_guest(vcpu->kvm, paddr, &clock_pairing, |
2307 | @@ -7313,7 +7314,8 @@ static void vcpu_scan_ioapic(struct kvm_vcpu *vcpu) |
2308 | else { |
2309 | if (vcpu->arch.apicv_active) |
2310 | kvm_x86_ops->sync_pir_to_irr(vcpu); |
2311 | - kvm_ioapic_scan_entry(vcpu, vcpu->arch.ioapic_handled_vectors); |
2312 | + if (ioapic_in_kernel(vcpu->kvm)) |
2313 | + kvm_ioapic_scan_entry(vcpu, vcpu->arch.ioapic_handled_vectors); |
2314 | } |
2315 | |
2316 | if (is_guest_mode(vcpu)) |
2317 | diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c |
2318 | index e96b99eb800c..a6d1b0241aea 100644 |
2319 | --- a/arch/x86/mm/tlb.c |
2320 | +++ b/arch/x86/mm/tlb.c |
2321 | @@ -29,6 +29,12 @@ |
2322 | * Implement flush IPI by CALL_FUNCTION_VECTOR, Alex Shi |
2323 | */ |
2324 | |
2325 | +/* |
2326 | + * Use bit 0 to mangle the TIF_SPEC_IB state into the mm pointer which is |
2327 | + * stored in cpu_tlb_state.last_user_mm_ibpb. |
2328 | + */ |
2329 | +#define LAST_USER_MM_IBPB 0x1UL |
2330 | + |
2331 | /* |
2332 | * We get here when we do something requiring a TLB invalidation |
2333 | * but could not go invalidate all of the contexts. We do the |
2334 | @@ -180,6 +186,89 @@ static void sync_current_stack_to_mm(struct mm_struct *mm) |
2335 | } |
2336 | } |
2337 | |
2338 | +static inline unsigned long mm_mangle_tif_spec_ib(struct task_struct *next) |
2339 | +{ |
2340 | + unsigned long next_tif = task_thread_info(next)->flags; |
2341 | + unsigned long ibpb = (next_tif >> TIF_SPEC_IB) & LAST_USER_MM_IBPB; |
2342 | + |
2343 | + return (unsigned long)next->mm | ibpb; |
2344 | +} |
2345 | + |
2346 | +static void cond_ibpb(struct task_struct *next) |
2347 | +{ |
2348 | + if (!next || !next->mm) |
2349 | + return; |
2350 | + |
2351 | + /* |
2352 | + * Both, the conditional and the always IBPB mode use the mm |
2353 | + * pointer to avoid the IBPB when switching between tasks of the |
2354 | + * same process. Using the mm pointer instead of mm->context.ctx_id |
2355 | + * opens a hypothetical hole vs. mm_struct reuse, which is more or |
2356 | + * less impossible to control by an attacker. Aside of that it |
2357 | + * would only affect the first schedule so the theoretically |
2358 | + * exposed data is not really interesting. |
2359 | + */ |
2360 | + if (static_branch_likely(&switch_mm_cond_ibpb)) { |
2361 | + unsigned long prev_mm, next_mm; |
2362 | + |
2363 | + /* |
2364 | + * This is a bit more complex than the always mode because |
2365 | + * it has to handle two cases: |
2366 | + * |
2367 | + * 1) Switch from a user space task (potential attacker) |
2368 | + * which has TIF_SPEC_IB set to a user space task |
2369 | + * (potential victim) which has TIF_SPEC_IB not set. |
2370 | + * |
2371 | + * 2) Switch from a user space task (potential attacker) |
2372 | + * which has TIF_SPEC_IB not set to a user space task |
2373 | + * (potential victim) which has TIF_SPEC_IB set. |
2374 | + * |
2375 | + * This could be done by unconditionally issuing IBPB when |
2376 | + * a task which has TIF_SPEC_IB set is either scheduled in |
2377 | + * or out. Though that results in two flushes when: |
2378 | + * |
2379 | + * - the same user space task is scheduled out and later |
2380 | + * scheduled in again and only a kernel thread ran in |
2381 | + * between. |
2382 | + * |
2383 | + * - a user space task belonging to the same process is |
2384 | + * scheduled in after a kernel thread ran in between |
2385 | + * |
2386 | + * - a user space task belonging to the same process is |
2387 | + * scheduled in immediately. |
2388 | + * |
2389 | + * Optimize this with reasonably small overhead for the |
2390 | + * above cases. Mangle the TIF_SPEC_IB bit into the mm |
2391 | + * pointer of the incoming task which is stored in |
2392 | + * cpu_tlbstate.last_user_mm_ibpb for comparison. |
2393 | + */ |
2394 | + next_mm = mm_mangle_tif_spec_ib(next); |
2395 | + prev_mm = this_cpu_read(cpu_tlbstate.last_user_mm_ibpb); |
2396 | + |
2397 | + /* |
2398 | + * Issue IBPB only if the mm's are different and one or |
2399 | + * both have the IBPB bit set. |
2400 | + */ |
2401 | + if (next_mm != prev_mm && |
2402 | + (next_mm | prev_mm) & LAST_USER_MM_IBPB) |
2403 | + indirect_branch_prediction_barrier(); |
2404 | + |
2405 | + this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, next_mm); |
2406 | + } |
2407 | + |
2408 | + if (static_branch_unlikely(&switch_mm_always_ibpb)) { |
2409 | + /* |
2410 | + * Only flush when switching to a user space task with a |
2411 | + * different context than the user space task which ran |
2412 | + * last on this CPU. |
2413 | + */ |
2414 | + if (this_cpu_read(cpu_tlbstate.last_user_mm) != next->mm) { |
2415 | + indirect_branch_prediction_barrier(); |
2416 | + this_cpu_write(cpu_tlbstate.last_user_mm, next->mm); |
2417 | + } |
2418 | + } |
2419 | +} |
2420 | + |
2421 | void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
2422 | struct task_struct *tsk) |
2423 | { |
2424 | @@ -254,27 +343,13 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
2425 | } else { |
2426 | u16 new_asid; |
2427 | bool need_flush; |
2428 | - u64 last_ctx_id = this_cpu_read(cpu_tlbstate.last_ctx_id); |
2429 | |
2430 | /* |
2431 | * Avoid user/user BTB poisoning by flushing the branch |
2432 | * predictor when switching between processes. This stops |
2433 | * one process from doing Spectre-v2 attacks on another. |
2434 | - * |
2435 | - * As an optimization, flush indirect branches only when |
2436 | - * switching into processes that disable dumping. This |
2437 | - * protects high value processes like gpg, without having |
2438 | - * too high performance overhead. IBPB is *expensive*! |
2439 | - * |
2440 | - * This will not flush branches when switching into kernel |
2441 | - * threads. It will also not flush if we switch to idle |
2442 | - * thread and back to the same process. It will flush if we |
2443 | - * switch to a different non-dumpable process. |
2444 | */ |
2445 | - if (tsk && tsk->mm && |
2446 | - tsk->mm->context.ctx_id != last_ctx_id && |
2447 | - get_dumpable(tsk->mm) != SUID_DUMP_USER) |
2448 | - indirect_branch_prediction_barrier(); |
2449 | + cond_ibpb(tsk); |
2450 | |
2451 | if (IS_ENABLED(CONFIG_VMAP_STACK)) { |
2452 | /* |
2453 | @@ -331,14 +406,6 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
2454 | trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, 0); |
2455 | } |
2456 | |
2457 | - /* |
2458 | - * Record last user mm's context id, so we can avoid |
2459 | - * flushing branch buffer with IBPB if we switch back |
2460 | - * to the same user. |
2461 | - */ |
2462 | - if (next != &init_mm) |
2463 | - this_cpu_write(cpu_tlbstate.last_ctx_id, next->context.ctx_id); |
2464 | - |
2465 | /* Make sure we write CR3 before loaded_mm. */ |
2466 | barrier(); |
2467 | |
2468 | @@ -419,7 +486,7 @@ void initialize_tlbstate_and_flush(void) |
2469 | write_cr3(build_cr3(mm->pgd, 0)); |
2470 | |
2471 | /* Reinitialize tlbstate. */ |
2472 | - this_cpu_write(cpu_tlbstate.last_ctx_id, mm->context.ctx_id); |
2473 | + this_cpu_write(cpu_tlbstate.last_user_mm_ibpb, LAST_USER_MM_IBPB); |
2474 | this_cpu_write(cpu_tlbstate.loaded_mm_asid, 0); |
2475 | this_cpu_write(cpu_tlbstate.next_asid, 1); |
2476 | this_cpu_write(cpu_tlbstate.ctxs[0].ctx_id, mm->context.ctx_id); |
2477 | diff --git a/arch/xtensa/kernel/asm-offsets.c b/arch/xtensa/kernel/asm-offsets.c |
2478 | index 67904f55f188..120dd746a147 100644 |
2479 | --- a/arch/xtensa/kernel/asm-offsets.c |
2480 | +++ b/arch/xtensa/kernel/asm-offsets.c |
2481 | @@ -94,14 +94,14 @@ int main(void) |
2482 | DEFINE(THREAD_SP, offsetof (struct task_struct, thread.sp)); |
2483 | DEFINE(THREAD_CPENABLE, offsetof (struct thread_info, cpenable)); |
2484 | #if XTENSA_HAVE_COPROCESSORS |
2485 | - DEFINE(THREAD_XTREGS_CP0, offsetof (struct thread_info, xtregs_cp)); |
2486 | - DEFINE(THREAD_XTREGS_CP1, offsetof (struct thread_info, xtregs_cp)); |
2487 | - DEFINE(THREAD_XTREGS_CP2, offsetof (struct thread_info, xtregs_cp)); |
2488 | - DEFINE(THREAD_XTREGS_CP3, offsetof (struct thread_info, xtregs_cp)); |
2489 | - DEFINE(THREAD_XTREGS_CP4, offsetof (struct thread_info, xtregs_cp)); |
2490 | - DEFINE(THREAD_XTREGS_CP5, offsetof (struct thread_info, xtregs_cp)); |
2491 | - DEFINE(THREAD_XTREGS_CP6, offsetof (struct thread_info, xtregs_cp)); |
2492 | - DEFINE(THREAD_XTREGS_CP7, offsetof (struct thread_info, xtregs_cp)); |
2493 | + DEFINE(THREAD_XTREGS_CP0, offsetof(struct thread_info, xtregs_cp.cp0)); |
2494 | + DEFINE(THREAD_XTREGS_CP1, offsetof(struct thread_info, xtregs_cp.cp1)); |
2495 | + DEFINE(THREAD_XTREGS_CP2, offsetof(struct thread_info, xtregs_cp.cp2)); |
2496 | + DEFINE(THREAD_XTREGS_CP3, offsetof(struct thread_info, xtregs_cp.cp3)); |
2497 | + DEFINE(THREAD_XTREGS_CP4, offsetof(struct thread_info, xtregs_cp.cp4)); |
2498 | + DEFINE(THREAD_XTREGS_CP5, offsetof(struct thread_info, xtregs_cp.cp5)); |
2499 | + DEFINE(THREAD_XTREGS_CP6, offsetof(struct thread_info, xtregs_cp.cp6)); |
2500 | + DEFINE(THREAD_XTREGS_CP7, offsetof(struct thread_info, xtregs_cp.cp7)); |
2501 | #endif |
2502 | DEFINE(THREAD_XTREGS_USER, offsetof (struct thread_info, xtregs_user)); |
2503 | DEFINE(XTREGS_USER_SIZE, sizeof(xtregs_user_t)); |
2504 | diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c |
2505 | index 483dcfb6e681..4bb68133a72a 100644 |
2506 | --- a/arch/xtensa/kernel/process.c |
2507 | +++ b/arch/xtensa/kernel/process.c |
2508 | @@ -94,18 +94,21 @@ void coprocessor_release_all(struct thread_info *ti) |
2509 | |
2510 | void coprocessor_flush_all(struct thread_info *ti) |
2511 | { |
2512 | - unsigned long cpenable; |
2513 | + unsigned long cpenable, old_cpenable; |
2514 | int i; |
2515 | |
2516 | preempt_disable(); |
2517 | |
2518 | + RSR_CPENABLE(old_cpenable); |
2519 | cpenable = ti->cpenable; |
2520 | + WSR_CPENABLE(cpenable); |
2521 | |
2522 | for (i = 0; i < XCHAL_CP_MAX; i++) { |
2523 | if ((cpenable & 1) != 0 && coprocessor_owner[i] == ti) |
2524 | coprocessor_flush(ti, i); |
2525 | cpenable >>= 1; |
2526 | } |
2527 | + WSR_CPENABLE(old_cpenable); |
2528 | |
2529 | preempt_enable(); |
2530 | } |
2531 | diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c |
2532 | index c0845cb1cbb9..d9541be0605a 100644 |
2533 | --- a/arch/xtensa/kernel/ptrace.c |
2534 | +++ b/arch/xtensa/kernel/ptrace.c |
2535 | @@ -127,12 +127,37 @@ static int ptrace_setregs(struct task_struct *child, void __user *uregs) |
2536 | } |
2537 | |
2538 | |
2539 | +#if XTENSA_HAVE_COPROCESSORS |
2540 | +#define CP_OFFSETS(cp) \ |
2541 | + { \ |
2542 | + .elf_xtregs_offset = offsetof(elf_xtregs_t, cp), \ |
2543 | + .ti_offset = offsetof(struct thread_info, xtregs_cp.cp), \ |
2544 | + .sz = sizeof(xtregs_ ## cp ## _t), \ |
2545 | + } |
2546 | + |
2547 | +static const struct { |
2548 | + size_t elf_xtregs_offset; |
2549 | + size_t ti_offset; |
2550 | + size_t sz; |
2551 | +} cp_offsets[] = { |
2552 | + CP_OFFSETS(cp0), |
2553 | + CP_OFFSETS(cp1), |
2554 | + CP_OFFSETS(cp2), |
2555 | + CP_OFFSETS(cp3), |
2556 | + CP_OFFSETS(cp4), |
2557 | + CP_OFFSETS(cp5), |
2558 | + CP_OFFSETS(cp6), |
2559 | + CP_OFFSETS(cp7), |
2560 | +}; |
2561 | +#endif |
2562 | + |
2563 | static int ptrace_getxregs(struct task_struct *child, void __user *uregs) |
2564 | { |
2565 | struct pt_regs *regs = task_pt_regs(child); |
2566 | struct thread_info *ti = task_thread_info(child); |
2567 | elf_xtregs_t __user *xtregs = uregs; |
2568 | int ret = 0; |
2569 | + int i __maybe_unused; |
2570 | |
2571 | if (!access_ok(VERIFY_WRITE, uregs, sizeof(elf_xtregs_t))) |
2572 | return -EIO; |
2573 | @@ -140,8 +165,13 @@ static int ptrace_getxregs(struct task_struct *child, void __user *uregs) |
2574 | #if XTENSA_HAVE_COPROCESSORS |
2575 | /* Flush all coprocessor registers to memory. */ |
2576 | coprocessor_flush_all(ti); |
2577 | - ret |= __copy_to_user(&xtregs->cp0, &ti->xtregs_cp, |
2578 | - sizeof(xtregs_coprocessor_t)); |
2579 | + |
2580 | + for (i = 0; i < ARRAY_SIZE(cp_offsets); ++i) |
2581 | + ret |= __copy_to_user((char __user *)xtregs + |
2582 | + cp_offsets[i].elf_xtregs_offset, |
2583 | + (const char *)ti + |
2584 | + cp_offsets[i].ti_offset, |
2585 | + cp_offsets[i].sz); |
2586 | #endif |
2587 | ret |= __copy_to_user(&xtregs->opt, ®s->xtregs_opt, |
2588 | sizeof(xtregs->opt)); |
2589 | @@ -157,6 +187,7 @@ static int ptrace_setxregs(struct task_struct *child, void __user *uregs) |
2590 | struct pt_regs *regs = task_pt_regs(child); |
2591 | elf_xtregs_t *xtregs = uregs; |
2592 | int ret = 0; |
2593 | + int i __maybe_unused; |
2594 | |
2595 | if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t))) |
2596 | return -EFAULT; |
2597 | @@ -166,8 +197,11 @@ static int ptrace_setxregs(struct task_struct *child, void __user *uregs) |
2598 | coprocessor_flush_all(ti); |
2599 | coprocessor_release_all(ti); |
2600 | |
2601 | - ret |= __copy_from_user(&ti->xtregs_cp, &xtregs->cp0, |
2602 | - sizeof(xtregs_coprocessor_t)); |
2603 | + for (i = 0; i < ARRAY_SIZE(cp_offsets); ++i) |
2604 | + ret |= __copy_from_user((char *)ti + cp_offsets[i].ti_offset, |
2605 | + (const char __user *)xtregs + |
2606 | + cp_offsets[i].elf_xtregs_offset, |
2607 | + cp_offsets[i].sz); |
2608 | #endif |
2609 | ret |= __copy_from_user(®s->xtregs_opt, &xtregs->opt, |
2610 | sizeof(xtregs->opt)); |
2611 | diff --git a/drivers/android/binder.c b/drivers/android/binder.c |
2612 | index d58763b6b009..ce0e4d317d24 100644 |
2613 | --- a/drivers/android/binder.c |
2614 | +++ b/drivers/android/binder.c |
2615 | @@ -2971,7 +2971,6 @@ static void binder_transaction(struct binder_proc *proc, |
2616 | t->buffer = NULL; |
2617 | goto err_binder_alloc_buf_failed; |
2618 | } |
2619 | - t->buffer->allow_user_free = 0; |
2620 | t->buffer->debug_id = t->debug_id; |
2621 | t->buffer->transaction = t; |
2622 | t->buffer->target_node = target_node; |
2623 | @@ -3465,14 +3464,18 @@ static int binder_thread_write(struct binder_proc *proc, |
2624 | |
2625 | buffer = binder_alloc_prepare_to_free(&proc->alloc, |
2626 | data_ptr); |
2627 | - if (buffer == NULL) { |
2628 | - binder_user_error("%d:%d BC_FREE_BUFFER u%016llx no match\n", |
2629 | - proc->pid, thread->pid, (u64)data_ptr); |
2630 | - break; |
2631 | - } |
2632 | - if (!buffer->allow_user_free) { |
2633 | - binder_user_error("%d:%d BC_FREE_BUFFER u%016llx matched unreturned buffer\n", |
2634 | - proc->pid, thread->pid, (u64)data_ptr); |
2635 | + if (IS_ERR_OR_NULL(buffer)) { |
2636 | + if (PTR_ERR(buffer) == -EPERM) { |
2637 | + binder_user_error( |
2638 | + "%d:%d BC_FREE_BUFFER u%016llx matched unreturned or currently freeing buffer\n", |
2639 | + proc->pid, thread->pid, |
2640 | + (u64)data_ptr); |
2641 | + } else { |
2642 | + binder_user_error( |
2643 | + "%d:%d BC_FREE_BUFFER u%016llx no match\n", |
2644 | + proc->pid, thread->pid, |
2645 | + (u64)data_ptr); |
2646 | + } |
2647 | break; |
2648 | } |
2649 | binder_debug(BINDER_DEBUG_FREE_BUFFER, |
2650 | diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c |
2651 | index 64fd96eada31..030c98f35cca 100644 |
2652 | --- a/drivers/android/binder_alloc.c |
2653 | +++ b/drivers/android/binder_alloc.c |
2654 | @@ -151,16 +151,12 @@ static struct binder_buffer *binder_alloc_prepare_to_free_locked( |
2655 | else { |
2656 | /* |
2657 | * Guard against user threads attempting to |
2658 | - * free the buffer twice |
2659 | + * free the buffer when in use by kernel or |
2660 | + * after it's already been freed. |
2661 | */ |
2662 | - if (buffer->free_in_progress) { |
2663 | - binder_alloc_debug(BINDER_DEBUG_USER_ERROR, |
2664 | - "%d:%d FREE_BUFFER u%016llx user freed buffer twice\n", |
2665 | - alloc->pid, current->pid, |
2666 | - (u64)user_ptr); |
2667 | - return NULL; |
2668 | - } |
2669 | - buffer->free_in_progress = 1; |
2670 | + if (!buffer->allow_user_free) |
2671 | + return ERR_PTR(-EPERM); |
2672 | + buffer->allow_user_free = 0; |
2673 | return buffer; |
2674 | } |
2675 | } |
2676 | @@ -500,7 +496,7 @@ static struct binder_buffer *binder_alloc_new_buf_locked( |
2677 | |
2678 | rb_erase(best_fit, &alloc->free_buffers); |
2679 | buffer->free = 0; |
2680 | - buffer->free_in_progress = 0; |
2681 | + buffer->allow_user_free = 0; |
2682 | binder_insert_allocated_buffer_locked(alloc, buffer); |
2683 | binder_alloc_debug(BINDER_DEBUG_BUFFER_ALLOC, |
2684 | "%d: binder_alloc_buf size %zd got %pK\n", |
2685 | diff --git a/drivers/android/binder_alloc.h b/drivers/android/binder_alloc.h |
2686 | index 9ef64e563856..fb3238c74c8a 100644 |
2687 | --- a/drivers/android/binder_alloc.h |
2688 | +++ b/drivers/android/binder_alloc.h |
2689 | @@ -50,8 +50,7 @@ struct binder_buffer { |
2690 | unsigned free:1; |
2691 | unsigned allow_user_free:1; |
2692 | unsigned async_transaction:1; |
2693 | - unsigned free_in_progress:1; |
2694 | - unsigned debug_id:28; |
2695 | + unsigned debug_id:29; |
2696 | |
2697 | struct binder_transaction *transaction; |
2698 | |
2699 | diff --git a/drivers/dma/at_hdmac.c b/drivers/dma/at_hdmac.c |
2700 | index 75f38d19fcbe..dbc51154f122 100644 |
2701 | --- a/drivers/dma/at_hdmac.c |
2702 | +++ b/drivers/dma/at_hdmac.c |
2703 | @@ -1641,6 +1641,12 @@ static void atc_free_chan_resources(struct dma_chan *chan) |
2704 | atchan->descs_allocated = 0; |
2705 | atchan->status = 0; |
2706 | |
2707 | + /* |
2708 | + * Free atslave allocated in at_dma_xlate() |
2709 | + */ |
2710 | + kfree(chan->private); |
2711 | + chan->private = NULL; |
2712 | + |
2713 | dev_vdbg(chan2dev(chan), "free_chan_resources: done\n"); |
2714 | } |
2715 | |
2716 | @@ -1675,7 +1681,7 @@ static struct dma_chan *at_dma_xlate(struct of_phandle_args *dma_spec, |
2717 | dma_cap_zero(mask); |
2718 | dma_cap_set(DMA_SLAVE, mask); |
2719 | |
2720 | - atslave = devm_kzalloc(&dmac_pdev->dev, sizeof(*atslave), GFP_KERNEL); |
2721 | + atslave = kzalloc(sizeof(*atslave), GFP_KERNEL); |
2722 | if (!atslave) |
2723 | return NULL; |
2724 | |
2725 | @@ -2000,6 +2006,8 @@ static int at_dma_remove(struct platform_device *pdev) |
2726 | struct resource *io; |
2727 | |
2728 | at_dma_off(atdma); |
2729 | + if (pdev->dev.of_node) |
2730 | + of_dma_controller_free(pdev->dev.of_node); |
2731 | dma_async_device_unregister(&atdma->dma_common); |
2732 | |
2733 | dma_pool_destroy(atdma->memset_pool); |
2734 | diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c |
2735 | index e8a114157f87..bb012bc032e0 100644 |
2736 | --- a/drivers/hid/hid-sensor-custom.c |
2737 | +++ b/drivers/hid/hid-sensor-custom.c |
2738 | @@ -358,7 +358,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr, |
2739 | sensor_inst->hsdev, |
2740 | sensor_inst->hsdev->usage, |
2741 | usage, report_id, |
2742 | - SENSOR_HUB_SYNC); |
2743 | + SENSOR_HUB_SYNC, false); |
2744 | } else if (!strncmp(name, "units", strlen("units"))) |
2745 | value = sensor_inst->fields[field_index].attribute.units; |
2746 | else if (!strncmp(name, "unit-expo", strlen("unit-expo"))) |
2747 | diff --git a/drivers/hid/hid-sensor-hub.c b/drivers/hid/hid-sensor-hub.c |
2748 | index 2b63487057c2..4256fdc5cd6d 100644 |
2749 | --- a/drivers/hid/hid-sensor-hub.c |
2750 | +++ b/drivers/hid/hid-sensor-hub.c |
2751 | @@ -299,7 +299,8 @@ EXPORT_SYMBOL_GPL(sensor_hub_get_feature); |
2752 | int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, |
2753 | u32 usage_id, |
2754 | u32 attr_usage_id, u32 report_id, |
2755 | - enum sensor_hub_read_flags flag) |
2756 | + enum sensor_hub_read_flags flag, |
2757 | + bool is_signed) |
2758 | { |
2759 | struct sensor_hub_data *data = hid_get_drvdata(hsdev->hdev); |
2760 | unsigned long flags; |
2761 | @@ -331,10 +332,16 @@ int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, |
2762 | &hsdev->pending.ready, HZ*5); |
2763 | switch (hsdev->pending.raw_size) { |
2764 | case 1: |
2765 | - ret_val = *(u8 *)hsdev->pending.raw_data; |
2766 | + if (is_signed) |
2767 | + ret_val = *(s8 *)hsdev->pending.raw_data; |
2768 | + else |
2769 | + ret_val = *(u8 *)hsdev->pending.raw_data; |
2770 | break; |
2771 | case 2: |
2772 | - ret_val = *(u16 *)hsdev->pending.raw_data; |
2773 | + if (is_signed) |
2774 | + ret_val = *(s16 *)hsdev->pending.raw_data; |
2775 | + else |
2776 | + ret_val = *(u16 *)hsdev->pending.raw_data; |
2777 | break; |
2778 | case 4: |
2779 | ret_val = *(u32 *)hsdev->pending.raw_data; |
2780 | diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c |
2781 | index 741857d80da1..2f164bd74687 100644 |
2782 | --- a/drivers/hv/channel.c |
2783 | +++ b/drivers/hv/channel.c |
2784 | @@ -482,6 +482,14 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, |
2785 | } |
2786 | wait_for_completion(&msginfo->waitevent); |
2787 | |
2788 | + if (msginfo->response.gpadl_created.creation_status != 0) { |
2789 | + pr_err("Failed to establish GPADL: err = 0x%x\n", |
2790 | + msginfo->response.gpadl_created.creation_status); |
2791 | + |
2792 | + ret = -EDQUOT; |
2793 | + goto cleanup; |
2794 | + } |
2795 | + |
2796 | if (channel->rescind) { |
2797 | ret = -ENODEV; |
2798 | goto cleanup; |
2799 | diff --git a/drivers/iio/accel/hid-sensor-accel-3d.c b/drivers/iio/accel/hid-sensor-accel-3d.c |
2800 | index 41d97faf5013..38ff374a3ca4 100644 |
2801 | --- a/drivers/iio/accel/hid-sensor-accel-3d.c |
2802 | +++ b/drivers/iio/accel/hid-sensor-accel-3d.c |
2803 | @@ -149,6 +149,7 @@ static int accel_3d_read_raw(struct iio_dev *indio_dev, |
2804 | int report_id = -1; |
2805 | u32 address; |
2806 | int ret_type; |
2807 | + s32 min; |
2808 | struct hid_sensor_hub_device *hsdev = |
2809 | accel_state->common_attributes.hsdev; |
2810 | |
2811 | @@ -158,12 +159,14 @@ static int accel_3d_read_raw(struct iio_dev *indio_dev, |
2812 | case IIO_CHAN_INFO_RAW: |
2813 | hid_sensor_power_state(&accel_state->common_attributes, true); |
2814 | report_id = accel_state->accel[chan->scan_index].report_id; |
2815 | + min = accel_state->accel[chan->scan_index].logical_minimum; |
2816 | address = accel_3d_addresses[chan->scan_index]; |
2817 | if (report_id >= 0) |
2818 | *val = sensor_hub_input_attr_get_raw_value( |
2819 | accel_state->common_attributes.hsdev, |
2820 | hsdev->usage, address, report_id, |
2821 | - SENSOR_HUB_SYNC); |
2822 | + SENSOR_HUB_SYNC, |
2823 | + min < 0); |
2824 | else { |
2825 | *val = 0; |
2826 | hid_sensor_power_state(&accel_state->common_attributes, |
2827 | diff --git a/drivers/iio/gyro/hid-sensor-gyro-3d.c b/drivers/iio/gyro/hid-sensor-gyro-3d.c |
2828 | index 36941e69f959..88e857c4baf4 100644 |
2829 | --- a/drivers/iio/gyro/hid-sensor-gyro-3d.c |
2830 | +++ b/drivers/iio/gyro/hid-sensor-gyro-3d.c |
2831 | @@ -111,6 +111,7 @@ static int gyro_3d_read_raw(struct iio_dev *indio_dev, |
2832 | int report_id = -1; |
2833 | u32 address; |
2834 | int ret_type; |
2835 | + s32 min; |
2836 | |
2837 | *val = 0; |
2838 | *val2 = 0; |
2839 | @@ -118,13 +119,15 @@ static int gyro_3d_read_raw(struct iio_dev *indio_dev, |
2840 | case IIO_CHAN_INFO_RAW: |
2841 | hid_sensor_power_state(&gyro_state->common_attributes, true); |
2842 | report_id = gyro_state->gyro[chan->scan_index].report_id; |
2843 | + min = gyro_state->gyro[chan->scan_index].logical_minimum; |
2844 | address = gyro_3d_addresses[chan->scan_index]; |
2845 | if (report_id >= 0) |
2846 | *val = sensor_hub_input_attr_get_raw_value( |
2847 | gyro_state->common_attributes.hsdev, |
2848 | HID_USAGE_SENSOR_GYRO_3D, address, |
2849 | report_id, |
2850 | - SENSOR_HUB_SYNC); |
2851 | + SENSOR_HUB_SYNC, |
2852 | + min < 0); |
2853 | else { |
2854 | *val = 0; |
2855 | hid_sensor_power_state(&gyro_state->common_attributes, |
2856 | diff --git a/drivers/iio/humidity/hid-sensor-humidity.c b/drivers/iio/humidity/hid-sensor-humidity.c |
2857 | index beab6d6fd6e1..4bc95f31c730 100644 |
2858 | --- a/drivers/iio/humidity/hid-sensor-humidity.c |
2859 | +++ b/drivers/iio/humidity/hid-sensor-humidity.c |
2860 | @@ -75,7 +75,8 @@ static int humidity_read_raw(struct iio_dev *indio_dev, |
2861 | HID_USAGE_SENSOR_HUMIDITY, |
2862 | HID_USAGE_SENSOR_ATMOSPHERIC_HUMIDITY, |
2863 | humid_st->humidity_attr.report_id, |
2864 | - SENSOR_HUB_SYNC); |
2865 | + SENSOR_HUB_SYNC, |
2866 | + humid_st->humidity_attr.logical_minimum < 0); |
2867 | hid_sensor_power_state(&humid_st->common_attributes, false); |
2868 | |
2869 | return IIO_VAL_INT; |
2870 | diff --git a/drivers/iio/light/hid-sensor-als.c b/drivers/iio/light/hid-sensor-als.c |
2871 | index 406caaee9a3c..94f33250ba5a 100644 |
2872 | --- a/drivers/iio/light/hid-sensor-als.c |
2873 | +++ b/drivers/iio/light/hid-sensor-als.c |
2874 | @@ -93,6 +93,7 @@ static int als_read_raw(struct iio_dev *indio_dev, |
2875 | int report_id = -1; |
2876 | u32 address; |
2877 | int ret_type; |
2878 | + s32 min; |
2879 | |
2880 | *val = 0; |
2881 | *val2 = 0; |
2882 | @@ -102,8 +103,8 @@ static int als_read_raw(struct iio_dev *indio_dev, |
2883 | case CHANNEL_SCAN_INDEX_INTENSITY: |
2884 | case CHANNEL_SCAN_INDEX_ILLUM: |
2885 | report_id = als_state->als_illum.report_id; |
2886 | - address = |
2887 | - HID_USAGE_SENSOR_LIGHT_ILLUM; |
2888 | + min = als_state->als_illum.logical_minimum; |
2889 | + address = HID_USAGE_SENSOR_LIGHT_ILLUM; |
2890 | break; |
2891 | default: |
2892 | report_id = -1; |
2893 | @@ -116,7 +117,8 @@ static int als_read_raw(struct iio_dev *indio_dev, |
2894 | als_state->common_attributes.hsdev, |
2895 | HID_USAGE_SENSOR_ALS, address, |
2896 | report_id, |
2897 | - SENSOR_HUB_SYNC); |
2898 | + SENSOR_HUB_SYNC, |
2899 | + min < 0); |
2900 | hid_sensor_power_state(&als_state->common_attributes, |
2901 | false); |
2902 | } else { |
2903 | diff --git a/drivers/iio/light/hid-sensor-prox.c b/drivers/iio/light/hid-sensor-prox.c |
2904 | index 45107f7537b5..cf5a0c242609 100644 |
2905 | --- a/drivers/iio/light/hid-sensor-prox.c |
2906 | +++ b/drivers/iio/light/hid-sensor-prox.c |
2907 | @@ -73,6 +73,7 @@ static int prox_read_raw(struct iio_dev *indio_dev, |
2908 | int report_id = -1; |
2909 | u32 address; |
2910 | int ret_type; |
2911 | + s32 min; |
2912 | |
2913 | *val = 0; |
2914 | *val2 = 0; |
2915 | @@ -81,8 +82,8 @@ static int prox_read_raw(struct iio_dev *indio_dev, |
2916 | switch (chan->scan_index) { |
2917 | case CHANNEL_SCAN_INDEX_PRESENCE: |
2918 | report_id = prox_state->prox_attr.report_id; |
2919 | - address = |
2920 | - HID_USAGE_SENSOR_HUMAN_PRESENCE; |
2921 | + min = prox_state->prox_attr.logical_minimum; |
2922 | + address = HID_USAGE_SENSOR_HUMAN_PRESENCE; |
2923 | break; |
2924 | default: |
2925 | report_id = -1; |
2926 | @@ -95,7 +96,8 @@ static int prox_read_raw(struct iio_dev *indio_dev, |
2927 | prox_state->common_attributes.hsdev, |
2928 | HID_USAGE_SENSOR_PROX, address, |
2929 | report_id, |
2930 | - SENSOR_HUB_SYNC); |
2931 | + SENSOR_HUB_SYNC, |
2932 | + min < 0); |
2933 | hid_sensor_power_state(&prox_state->common_attributes, |
2934 | false); |
2935 | } else { |
2936 | diff --git a/drivers/iio/magnetometer/hid-sensor-magn-3d.c b/drivers/iio/magnetometer/hid-sensor-magn-3d.c |
2937 | index d55c4885211a..f3c0d41e5a8c 100644 |
2938 | --- a/drivers/iio/magnetometer/hid-sensor-magn-3d.c |
2939 | +++ b/drivers/iio/magnetometer/hid-sensor-magn-3d.c |
2940 | @@ -163,21 +163,23 @@ static int magn_3d_read_raw(struct iio_dev *indio_dev, |
2941 | int report_id = -1; |
2942 | u32 address; |
2943 | int ret_type; |
2944 | + s32 min; |
2945 | |
2946 | *val = 0; |
2947 | *val2 = 0; |
2948 | switch (mask) { |
2949 | case IIO_CHAN_INFO_RAW: |
2950 | hid_sensor_power_state(&magn_state->magn_flux_attributes, true); |
2951 | - report_id = |
2952 | - magn_state->magn[chan->address].report_id; |
2953 | + report_id = magn_state->magn[chan->address].report_id; |
2954 | + min = magn_state->magn[chan->address].logical_minimum; |
2955 | address = magn_3d_addresses[chan->address]; |
2956 | if (report_id >= 0) |
2957 | *val = sensor_hub_input_attr_get_raw_value( |
2958 | magn_state->magn_flux_attributes.hsdev, |
2959 | HID_USAGE_SENSOR_COMPASS_3D, address, |
2960 | report_id, |
2961 | - SENSOR_HUB_SYNC); |
2962 | + SENSOR_HUB_SYNC, |
2963 | + min < 0); |
2964 | else { |
2965 | *val = 0; |
2966 | hid_sensor_power_state( |
2967 | diff --git a/drivers/iio/magnetometer/st_magn_buffer.c b/drivers/iio/magnetometer/st_magn_buffer.c |
2968 | index 0a9e8fadfa9d..37ab30566464 100644 |
2969 | --- a/drivers/iio/magnetometer/st_magn_buffer.c |
2970 | +++ b/drivers/iio/magnetometer/st_magn_buffer.c |
2971 | @@ -30,11 +30,6 @@ int st_magn_trig_set_state(struct iio_trigger *trig, bool state) |
2972 | return st_sensors_set_dataready_irq(indio_dev, state); |
2973 | } |
2974 | |
2975 | -static int st_magn_buffer_preenable(struct iio_dev *indio_dev) |
2976 | -{ |
2977 | - return st_sensors_set_enable(indio_dev, true); |
2978 | -} |
2979 | - |
2980 | static int st_magn_buffer_postenable(struct iio_dev *indio_dev) |
2981 | { |
2982 | int err; |
2983 | @@ -50,7 +45,7 @@ static int st_magn_buffer_postenable(struct iio_dev *indio_dev) |
2984 | if (err < 0) |
2985 | goto st_magn_buffer_postenable_error; |
2986 | |
2987 | - return err; |
2988 | + return st_sensors_set_enable(indio_dev, true); |
2989 | |
2990 | st_magn_buffer_postenable_error: |
2991 | kfree(mdata->buffer_data); |
2992 | @@ -63,11 +58,11 @@ static int st_magn_buffer_predisable(struct iio_dev *indio_dev) |
2993 | int err; |
2994 | struct st_sensor_data *mdata = iio_priv(indio_dev); |
2995 | |
2996 | - err = iio_triggered_buffer_predisable(indio_dev); |
2997 | + err = st_sensors_set_enable(indio_dev, false); |
2998 | if (err < 0) |
2999 | goto st_magn_buffer_predisable_error; |
3000 | |
3001 | - err = st_sensors_set_enable(indio_dev, false); |
3002 | + err = iio_triggered_buffer_predisable(indio_dev); |
3003 | |
3004 | st_magn_buffer_predisable_error: |
3005 | kfree(mdata->buffer_data); |
3006 | @@ -75,7 +70,6 @@ st_magn_buffer_predisable_error: |
3007 | } |
3008 | |
3009 | static const struct iio_buffer_setup_ops st_magn_buffer_setup_ops = { |
3010 | - .preenable = &st_magn_buffer_preenable, |
3011 | .postenable = &st_magn_buffer_postenable, |
3012 | .predisable = &st_magn_buffer_predisable, |
3013 | }; |
3014 | diff --git a/drivers/iio/orientation/hid-sensor-incl-3d.c b/drivers/iio/orientation/hid-sensor-incl-3d.c |
3015 | index 1e5451d1ff88..bdc5e4554ee4 100644 |
3016 | --- a/drivers/iio/orientation/hid-sensor-incl-3d.c |
3017 | +++ b/drivers/iio/orientation/hid-sensor-incl-3d.c |
3018 | @@ -111,21 +111,23 @@ static int incl_3d_read_raw(struct iio_dev *indio_dev, |
3019 | int report_id = -1; |
3020 | u32 address; |
3021 | int ret_type; |
3022 | + s32 min; |
3023 | |
3024 | *val = 0; |
3025 | *val2 = 0; |
3026 | switch (mask) { |
3027 | case IIO_CHAN_INFO_RAW: |
3028 | hid_sensor_power_state(&incl_state->common_attributes, true); |
3029 | - report_id = |
3030 | - incl_state->incl[chan->scan_index].report_id; |
3031 | + report_id = incl_state->incl[chan->scan_index].report_id; |
3032 | + min = incl_state->incl[chan->scan_index].logical_minimum; |
3033 | address = incl_3d_addresses[chan->scan_index]; |
3034 | if (report_id >= 0) |
3035 | *val = sensor_hub_input_attr_get_raw_value( |
3036 | incl_state->common_attributes.hsdev, |
3037 | HID_USAGE_SENSOR_INCLINOMETER_3D, address, |
3038 | report_id, |
3039 | - SENSOR_HUB_SYNC); |
3040 | + SENSOR_HUB_SYNC, |
3041 | + min < 0); |
3042 | else { |
3043 | hid_sensor_power_state(&incl_state->common_attributes, |
3044 | false); |
3045 | diff --git a/drivers/iio/pressure/hid-sensor-press.c b/drivers/iio/pressure/hid-sensor-press.c |
3046 | index 4c437918f1d2..d7b1c00ceb4d 100644 |
3047 | --- a/drivers/iio/pressure/hid-sensor-press.c |
3048 | +++ b/drivers/iio/pressure/hid-sensor-press.c |
3049 | @@ -77,6 +77,7 @@ static int press_read_raw(struct iio_dev *indio_dev, |
3050 | int report_id = -1; |
3051 | u32 address; |
3052 | int ret_type; |
3053 | + s32 min; |
3054 | |
3055 | *val = 0; |
3056 | *val2 = 0; |
3057 | @@ -85,8 +86,8 @@ static int press_read_raw(struct iio_dev *indio_dev, |
3058 | switch (chan->scan_index) { |
3059 | case CHANNEL_SCAN_INDEX_PRESSURE: |
3060 | report_id = press_state->press_attr.report_id; |
3061 | - address = |
3062 | - HID_USAGE_SENSOR_ATMOSPHERIC_PRESSURE; |
3063 | + min = press_state->press_attr.logical_minimum; |
3064 | + address = HID_USAGE_SENSOR_ATMOSPHERIC_PRESSURE; |
3065 | break; |
3066 | default: |
3067 | report_id = -1; |
3068 | @@ -99,7 +100,8 @@ static int press_read_raw(struct iio_dev *indio_dev, |
3069 | press_state->common_attributes.hsdev, |
3070 | HID_USAGE_SENSOR_PRESSURE, address, |
3071 | report_id, |
3072 | - SENSOR_HUB_SYNC); |
3073 | + SENSOR_HUB_SYNC, |
3074 | + min < 0); |
3075 | hid_sensor_power_state(&press_state->common_attributes, |
3076 | false); |
3077 | } else { |
3078 | diff --git a/drivers/iio/temperature/hid-sensor-temperature.c b/drivers/iio/temperature/hid-sensor-temperature.c |
3079 | index beaf6fd3e337..b592fc4f007e 100644 |
3080 | --- a/drivers/iio/temperature/hid-sensor-temperature.c |
3081 | +++ b/drivers/iio/temperature/hid-sensor-temperature.c |
3082 | @@ -76,7 +76,8 @@ static int temperature_read_raw(struct iio_dev *indio_dev, |
3083 | HID_USAGE_SENSOR_TEMPERATURE, |
3084 | HID_USAGE_SENSOR_DATA_ENVIRONMENTAL_TEMPERATURE, |
3085 | temp_st->temperature_attr.report_id, |
3086 | - SENSOR_HUB_SYNC); |
3087 | + SENSOR_HUB_SYNC, |
3088 | + temp_st->temperature_attr.logical_minimum < 0); |
3089 | hid_sensor_power_state( |
3090 | &temp_st->common_attributes, |
3091 | false); |
3092 | diff --git a/drivers/misc/mic/scif/scif_rma.c b/drivers/misc/mic/scif/scif_rma.c |
3093 | index c824329f7012..0e4193cb08cf 100644 |
3094 | --- a/drivers/misc/mic/scif/scif_rma.c |
3095 | +++ b/drivers/misc/mic/scif/scif_rma.c |
3096 | @@ -416,7 +416,7 @@ static int scif_create_remote_lookup(struct scif_dev *remote_dev, |
3097 | if (err) |
3098 | goto error_window; |
3099 | err = scif_map_page(&window->num_pages_lookup.lookup[j], |
3100 | - vmalloc_dma_phys ? |
3101 | + vmalloc_num_pages ? |
3102 | vmalloc_to_page(&window->num_pages[i]) : |
3103 | virt_to_page(&window->num_pages[i]), |
3104 | remote_dev); |
3105 | diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_main.c b/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
3106 | index 768f584f8392..88f8a8fa93cd 100644 |
3107 | --- a/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
3108 | +++ b/drivers/net/ethernet/cavium/thunder/nicvf_main.c |
3109 | @@ -1784,6 +1784,7 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) |
3110 | bool if_up = netif_running(nic->netdev); |
3111 | struct bpf_prog *old_prog; |
3112 | bool bpf_attached = false; |
3113 | + int ret = 0; |
3114 | |
3115 | /* For now just support only the usual MTU sized frames */ |
3116 | if (prog && (dev->mtu > 1500)) { |
3117 | @@ -1817,8 +1818,12 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) |
3118 | if (nic->xdp_prog) { |
3119 | /* Attach BPF program */ |
3120 | nic->xdp_prog = bpf_prog_add(nic->xdp_prog, nic->rx_queues - 1); |
3121 | - if (!IS_ERR(nic->xdp_prog)) |
3122 | + if (!IS_ERR(nic->xdp_prog)) { |
3123 | bpf_attached = true; |
3124 | + } else { |
3125 | + ret = PTR_ERR(nic->xdp_prog); |
3126 | + nic->xdp_prog = NULL; |
3127 | + } |
3128 | } |
3129 | |
3130 | /* Calculate Tx queues needed for XDP and network stack */ |
3131 | @@ -1830,7 +1835,7 @@ static int nicvf_xdp_setup(struct nicvf *nic, struct bpf_prog *prog) |
3132 | netif_trans_update(nic->netdev); |
3133 | } |
3134 | |
3135 | - return 0; |
3136 | + return ret; |
3137 | } |
3138 | |
3139 | static int nicvf_xdp(struct net_device *netdev, struct netdev_bpf *xdp) |
3140 | diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c |
3141 | index 187a249ff2d1..fcaf18fa3904 100644 |
3142 | --- a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c |
3143 | +++ b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c |
3144 | @@ -585,10 +585,12 @@ static void nicvf_free_snd_queue(struct nicvf *nic, struct snd_queue *sq) |
3145 | if (!sq->dmem.base) |
3146 | return; |
3147 | |
3148 | - if (sq->tso_hdrs) |
3149 | + if (sq->tso_hdrs) { |
3150 | dma_free_coherent(&nic->pdev->dev, |
3151 | sq->dmem.q_len * TSO_HEADER_SIZE, |
3152 | sq->tso_hdrs, sq->tso_hdrs_phys); |
3153 | + sq->tso_hdrs = NULL; |
3154 | + } |
3155 | |
3156 | /* Free pending skbs in the queue */ |
3157 | smp_rmb(); |
3158 | diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c |
3159 | index 1c9ad3630c77..dfd1ad0b1cb9 100644 |
3160 | --- a/drivers/net/ethernet/cortina/gemini.c |
3161 | +++ b/drivers/net/ethernet/cortina/gemini.c |
3162 | @@ -661,7 +661,7 @@ static void gmac_clean_txq(struct net_device *netdev, struct gmac_txq *txq, |
3163 | |
3164 | u64_stats_update_begin(&port->tx_stats_syncp); |
3165 | port->tx_frag_stats[nfrags]++; |
3166 | - u64_stats_update_end(&port->ir_stats_syncp); |
3167 | + u64_stats_update_end(&port->tx_stats_syncp); |
3168 | } |
3169 | } |
3170 | |
3171 | diff --git a/drivers/net/ethernet/microchip/lan743x_main.c b/drivers/net/ethernet/microchip/lan743x_main.c |
3172 | index 001b5f714c1b..aaedf1072460 100644 |
3173 | --- a/drivers/net/ethernet/microchip/lan743x_main.c |
3174 | +++ b/drivers/net/ethernet/microchip/lan743x_main.c |
3175 | @@ -1675,7 +1675,7 @@ static int lan743x_tx_napi_poll(struct napi_struct *napi, int weight) |
3176 | netif_wake_queue(adapter->netdev); |
3177 | } |
3178 | |
3179 | - if (!napi_complete_done(napi, weight)) |
3180 | + if (!napi_complete(napi)) |
3181 | goto done; |
3182 | |
3183 | /* enable isr */ |
3184 | @@ -1684,7 +1684,7 @@ static int lan743x_tx_napi_poll(struct napi_struct *napi, int weight) |
3185 | lan743x_csr_read(adapter, INT_STS); |
3186 | |
3187 | done: |
3188 | - return weight; |
3189 | + return 0; |
3190 | } |
3191 | |
3192 | static void lan743x_tx_ring_cleanup(struct lan743x_tx *tx) |
3193 | @@ -1873,9 +1873,9 @@ static int lan743x_tx_open(struct lan743x_tx *tx) |
3194 | tx->vector_flags = lan743x_intr_get_vector_flags(adapter, |
3195 | INT_BIT_DMA_TX_ |
3196 | (tx->channel_number)); |
3197 | - netif_napi_add(adapter->netdev, |
3198 | - &tx->napi, lan743x_tx_napi_poll, |
3199 | - tx->ring_size - 1); |
3200 | + netif_tx_napi_add(adapter->netdev, |
3201 | + &tx->napi, lan743x_tx_napi_poll, |
3202 | + tx->ring_size - 1); |
3203 | napi_enable(&tx->napi); |
3204 | |
3205 | data = 0; |
3206 | @@ -3020,6 +3020,7 @@ static const struct dev_pm_ops lan743x_pm_ops = { |
3207 | |
3208 | static const struct pci_device_id lan743x_pcidev_tbl[] = { |
3209 | { PCI_DEVICE(PCI_VENDOR_ID_SMSC, PCI_DEVICE_ID_SMSC_LAN7430) }, |
3210 | + { PCI_DEVICE(PCI_VENDOR_ID_SMSC, PCI_DEVICE_ID_SMSC_LAN7431) }, |
3211 | { 0, } |
3212 | }; |
3213 | |
3214 | diff --git a/drivers/net/ethernet/microchip/lan743x_main.h b/drivers/net/ethernet/microchip/lan743x_main.h |
3215 | index 0e82b6368798..2d6eea18973e 100644 |
3216 | --- a/drivers/net/ethernet/microchip/lan743x_main.h |
3217 | +++ b/drivers/net/ethernet/microchip/lan743x_main.h |
3218 | @@ -548,6 +548,7 @@ struct lan743x_adapter; |
3219 | /* SMSC acquired EFAR late 1990's, MCHP acquired SMSC 2012 */ |
3220 | #define PCI_VENDOR_ID_SMSC PCI_VENDOR_ID_EFAR |
3221 | #define PCI_DEVICE_ID_SMSC_LAN7430 (0x7430) |
3222 | +#define PCI_DEVICE_ID_SMSC_LAN7431 (0x7431) |
3223 | |
3224 | #define PCI_CONFIG_LENGTH (0x1000) |
3225 | |
3226 | diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c |
3227 | index 19ab8a7d1e48..733e35b7c4bb 100644 |
3228 | --- a/drivers/net/phy/phy_device.c |
3229 | +++ b/drivers/net/phy/phy_device.c |
3230 | @@ -1930,6 +1930,14 @@ int phy_driver_register(struct phy_driver *new_driver, struct module *owner) |
3231 | new_driver->mdiodrv.driver.remove = phy_remove; |
3232 | new_driver->mdiodrv.driver.owner = owner; |
3233 | |
3234 | + /* The following works around an issue where the PHY driver doesn't bind |
3235 | + * to the device, resulting in the genphy driver being used instead of |
3236 | + * the dedicated driver. The root cause of the issue isn't known yet |
3237 | + * and seems to be in the base driver core. Once this is fixed we may |
3238 | + * remove this workaround. |
3239 | + */ |
3240 | + new_driver->mdiodrv.driver.probe_type = PROBE_FORCE_SYNCHRONOUS; |
3241 | + |
3242 | retval = driver_register(&new_driver->mdiodrv.driver); |
3243 | if (retval) { |
3244 | pr_err("%s: Error %d in registering driver\n", |
3245 | diff --git a/drivers/net/rionet.c b/drivers/net/rionet.c |
3246 | index e9f101c9bae2..bfbb39f93554 100644 |
3247 | --- a/drivers/net/rionet.c |
3248 | +++ b/drivers/net/rionet.c |
3249 | @@ -216,9 +216,9 @@ static int rionet_start_xmit(struct sk_buff *skb, struct net_device *ndev) |
3250 | * it just report sending a packet to the target |
3251 | * (without actual packet transfer). |
3252 | */ |
3253 | - dev_kfree_skb_any(skb); |
3254 | ndev->stats.tx_packets++; |
3255 | ndev->stats.tx_bytes += skb->len; |
3256 | + dev_kfree_skb_any(skb); |
3257 | } |
3258 | } |
3259 | |
3260 | diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c |
3261 | index 7275761a1177..3d8a70d3ea9b 100644 |
3262 | --- a/drivers/net/usb/ipheth.c |
3263 | +++ b/drivers/net/usb/ipheth.c |
3264 | @@ -140,7 +140,6 @@ struct ipheth_device { |
3265 | struct usb_device *udev; |
3266 | struct usb_interface *intf; |
3267 | struct net_device *net; |
3268 | - struct sk_buff *tx_skb; |
3269 | struct urb *tx_urb; |
3270 | struct urb *rx_urb; |
3271 | unsigned char *tx_buf; |
3272 | @@ -230,6 +229,7 @@ static void ipheth_rcvbulk_callback(struct urb *urb) |
3273 | case -ENOENT: |
3274 | case -ECONNRESET: |
3275 | case -ESHUTDOWN: |
3276 | + case -EPROTO: |
3277 | return; |
3278 | case 0: |
3279 | break; |
3280 | @@ -281,7 +281,6 @@ static void ipheth_sndbulk_callback(struct urb *urb) |
3281 | dev_err(&dev->intf->dev, "%s: urb status: %d\n", |
3282 | __func__, status); |
3283 | |
3284 | - dev_kfree_skb_irq(dev->tx_skb); |
3285 | if (status == 0) |
3286 | netif_wake_queue(dev->net); |
3287 | else |
3288 | @@ -423,7 +422,7 @@ static int ipheth_tx(struct sk_buff *skb, struct net_device *net) |
3289 | if (skb->len > IPHETH_BUF_SIZE) { |
3290 | WARN(1, "%s: skb too large: %d bytes\n", __func__, skb->len); |
3291 | dev->net->stats.tx_dropped++; |
3292 | - dev_kfree_skb_irq(skb); |
3293 | + dev_kfree_skb_any(skb); |
3294 | return NETDEV_TX_OK; |
3295 | } |
3296 | |
3297 | @@ -443,12 +442,11 @@ static int ipheth_tx(struct sk_buff *skb, struct net_device *net) |
3298 | dev_err(&dev->intf->dev, "%s: usb_submit_urb: %d\n", |
3299 | __func__, retval); |
3300 | dev->net->stats.tx_errors++; |
3301 | - dev_kfree_skb_irq(skb); |
3302 | + dev_kfree_skb_any(skb); |
3303 | } else { |
3304 | - dev->tx_skb = skb; |
3305 | - |
3306 | dev->net->stats.tx_packets++; |
3307 | dev->net->stats.tx_bytes += skb->len; |
3308 | + dev_consume_skb_any(skb); |
3309 | netif_stop_queue(net); |
3310 | } |
3311 | |
3312 | diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c |
3313 | index ddfa3f24204c..c2ca6cd3fbe0 100644 |
3314 | --- a/drivers/net/virtio_net.c |
3315 | +++ b/drivers/net/virtio_net.c |
3316 | @@ -70,7 +70,8 @@ static const unsigned long guest_offloads[] = { |
3317 | VIRTIO_NET_F_GUEST_TSO4, |
3318 | VIRTIO_NET_F_GUEST_TSO6, |
3319 | VIRTIO_NET_F_GUEST_ECN, |
3320 | - VIRTIO_NET_F_GUEST_UFO |
3321 | + VIRTIO_NET_F_GUEST_UFO, |
3322 | + VIRTIO_NET_F_GUEST_CSUM |
3323 | }; |
3324 | |
3325 | struct virtnet_stat_desc { |
3326 | @@ -2285,9 +2286,6 @@ static int virtnet_clear_guest_offloads(struct virtnet_info *vi) |
3327 | if (!vi->guest_offloads) |
3328 | return 0; |
3329 | |
3330 | - if (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM)) |
3331 | - offloads = 1ULL << VIRTIO_NET_F_GUEST_CSUM; |
3332 | - |
3333 | return virtnet_set_guest_offloads(vi, offloads); |
3334 | } |
3335 | |
3336 | @@ -2297,8 +2295,6 @@ static int virtnet_restore_guest_offloads(struct virtnet_info *vi) |
3337 | |
3338 | if (!vi->guest_offloads) |
3339 | return 0; |
3340 | - if (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM)) |
3341 | - offloads |= 1ULL << VIRTIO_NET_F_GUEST_CSUM; |
3342 | |
3343 | return virtnet_set_guest_offloads(vi, offloads); |
3344 | } |
3345 | @@ -2316,8 +2312,9 @@ static int virtnet_xdp_set(struct net_device *dev, struct bpf_prog *prog, |
3346 | && (virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_TSO4) || |
3347 | virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_TSO6) || |
3348 | virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_ECN) || |
3349 | - virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_UFO))) { |
3350 | - NL_SET_ERR_MSG_MOD(extack, "Can't set XDP while host is implementing LRO, disable LRO first"); |
3351 | + virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_UFO) || |
3352 | + virtio_has_feature(vi->vdev, VIRTIO_NET_F_GUEST_CSUM))) { |
3353 | + NL_SET_ERR_MSG_MOD(extack, "Can't set XDP while host is implementing LRO/CSUM, disable LRO/CSUM first"); |
3354 | return -EOPNOTSUPP; |
3355 | } |
3356 | |
3357 | diff --git a/drivers/pci/controller/dwc/pci-layerscape.c b/drivers/pci/controller/dwc/pci-layerscape.c |
3358 | index 3724d3ef7008..7aa9a82b7ebd 100644 |
3359 | --- a/drivers/pci/controller/dwc/pci-layerscape.c |
3360 | +++ b/drivers/pci/controller/dwc/pci-layerscape.c |
3361 | @@ -88,7 +88,7 @@ static void ls_pcie_disable_outbound_atus(struct ls_pcie *pcie) |
3362 | int i; |
3363 | |
3364 | for (i = 0; i < PCIE_IATU_NUM; i++) |
3365 | - dw_pcie_disable_atu(pcie->pci, DW_PCIE_REGION_OUTBOUND, i); |
3366 | + dw_pcie_disable_atu(pcie->pci, i, DW_PCIE_REGION_OUTBOUND); |
3367 | } |
3368 | |
3369 | static int ls1021_pcie_link_up(struct dw_pcie *pci) |
3370 | diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c |
3371 | index 1e7b02221eac..de8635af4cde 100644 |
3372 | --- a/drivers/pci/controller/dwc/pcie-designware-ep.c |
3373 | +++ b/drivers/pci/controller/dwc/pcie-designware-ep.c |
3374 | @@ -440,7 +440,6 @@ int dw_pcie_ep_raise_msix_irq(struct dw_pcie_ep *ep, u8 func_no, |
3375 | tbl_offset = dw_pcie_readl_dbi(pci, reg); |
3376 | bir = (tbl_offset & PCI_MSIX_TABLE_BIR); |
3377 | tbl_offset &= PCI_MSIX_TABLE_OFFSET; |
3378 | - tbl_offset >>= 3; |
3379 | |
3380 | reg = PCI_BASE_ADDRESS_0 + (4 * bir); |
3381 | bar_addr_upper = 0; |
3382 | diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c |
3383 | index 51b6c81671c1..afc4680c584f 100644 |
3384 | --- a/drivers/pci/pci.c |
3385 | +++ b/drivers/pci/pci.c |
3386 | @@ -5473,9 +5473,13 @@ enum pci_bus_speed pcie_get_speed_cap(struct pci_dev *dev) |
3387 | u32 lnkcap2, lnkcap; |
3388 | |
3389 | /* |
3390 | - * PCIe r4.0 sec 7.5.3.18 recommends using the Supported Link |
3391 | - * Speeds Vector in Link Capabilities 2 when supported, falling |
3392 | - * back to Max Link Speed in Link Capabilities otherwise. |
3393 | + * Link Capabilities 2 was added in PCIe r3.0, sec 7.8.18. The |
3394 | + * implementation note there recommends using the Supported Link |
3395 | + * Speeds Vector in Link Capabilities 2 when supported. |
3396 | + * |
3397 | + * Without Link Capabilities 2, i.e., prior to PCIe r3.0, software |
3398 | + * should use the Supported Link Speeds field in Link Capabilities, |
3399 | + * where only 2.5 GT/s and 5.0 GT/s speeds were defined. |
3400 | */ |
3401 | pcie_capability_read_dword(dev, PCI_EXP_LNKCAP2, &lnkcap2); |
3402 | if (lnkcap2) { /* PCIe r3.0-compliant */ |
3403 | @@ -5491,16 +5495,10 @@ enum pci_bus_speed pcie_get_speed_cap(struct pci_dev *dev) |
3404 | } |
3405 | |
3406 | pcie_capability_read_dword(dev, PCI_EXP_LNKCAP, &lnkcap); |
3407 | - if (lnkcap) { |
3408 | - if (lnkcap & PCI_EXP_LNKCAP_SLS_16_0GB) |
3409 | - return PCIE_SPEED_16_0GT; |
3410 | - else if (lnkcap & PCI_EXP_LNKCAP_SLS_8_0GB) |
3411 | - return PCIE_SPEED_8_0GT; |
3412 | - else if (lnkcap & PCI_EXP_LNKCAP_SLS_5_0GB) |
3413 | - return PCIE_SPEED_5_0GT; |
3414 | - else if (lnkcap & PCI_EXP_LNKCAP_SLS_2_5GB) |
3415 | - return PCIE_SPEED_2_5GT; |
3416 | - } |
3417 | + if ((lnkcap & PCI_EXP_LNKCAP_SLS) == PCI_EXP_LNKCAP_SLS_5_0GB) |
3418 | + return PCIE_SPEED_5_0GT; |
3419 | + else if ((lnkcap & PCI_EXP_LNKCAP_SLS) == PCI_EXP_LNKCAP_SLS_2_5GB) |
3420 | + return PCIE_SPEED_2_5GT; |
3421 | |
3422 | return PCI_SPEED_UNKNOWN; |
3423 | } |
3424 | diff --git a/drivers/rtc/rtc-hid-sensor-time.c b/drivers/rtc/rtc-hid-sensor-time.c |
3425 | index 2751dba850c6..3e1abb455472 100644 |
3426 | --- a/drivers/rtc/rtc-hid-sensor-time.c |
3427 | +++ b/drivers/rtc/rtc-hid-sensor-time.c |
3428 | @@ -213,7 +213,7 @@ static int hid_rtc_read_time(struct device *dev, struct rtc_time *tm) |
3429 | /* get a report with all values through requesting one value */ |
3430 | sensor_hub_input_attr_get_raw_value(time_state->common_attributes.hsdev, |
3431 | HID_USAGE_SENSOR_TIME, hid_time_addresses[0], |
3432 | - time_state->info[0].report_id, SENSOR_HUB_SYNC); |
3433 | + time_state->info[0].report_id, SENSOR_HUB_SYNC, false); |
3434 | /* wait for all values (event) */ |
3435 | ret = wait_for_completion_killable_timeout( |
3436 | &time_state->comp_last_time, HZ*6); |
3437 | diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c |
3438 | index ffce6f39828a..b03515d43745 100644 |
3439 | --- a/drivers/s390/net/qeth_core_main.c |
3440 | +++ b/drivers/s390/net/qeth_core_main.c |
3441 | @@ -4524,8 +4524,8 @@ static int qeth_snmp_command_cb(struct qeth_card *card, |
3442 | { |
3443 | struct qeth_ipa_cmd *cmd; |
3444 | struct qeth_arp_query_info *qinfo; |
3445 | - struct qeth_snmp_cmd *snmp; |
3446 | unsigned char *data; |
3447 | + void *snmp_data; |
3448 | __u16 data_len; |
3449 | |
3450 | QETH_CARD_TEXT(card, 3, "snpcmdcb"); |
3451 | @@ -4533,7 +4533,6 @@ static int qeth_snmp_command_cb(struct qeth_card *card, |
3452 | cmd = (struct qeth_ipa_cmd *) sdata; |
3453 | data = (unsigned char *)((char *)cmd - reply->offset); |
3454 | qinfo = (struct qeth_arp_query_info *) reply->param; |
3455 | - snmp = &cmd->data.setadapterparms.data.snmp; |
3456 | |
3457 | if (cmd->hdr.return_code) { |
3458 | QETH_CARD_TEXT_(card, 4, "scer1%x", cmd->hdr.return_code); |
3459 | @@ -4546,10 +4545,15 @@ static int qeth_snmp_command_cb(struct qeth_card *card, |
3460 | return 0; |
3461 | } |
3462 | data_len = *((__u16 *)QETH_IPA_PDU_LEN_PDU1(data)); |
3463 | - if (cmd->data.setadapterparms.hdr.seq_no == 1) |
3464 | - data_len -= (__u16)((char *)&snmp->data - (char *)cmd); |
3465 | - else |
3466 | - data_len -= (__u16)((char *)&snmp->request - (char *)cmd); |
3467 | + if (cmd->data.setadapterparms.hdr.seq_no == 1) { |
3468 | + snmp_data = &cmd->data.setadapterparms.data.snmp; |
3469 | + data_len -= offsetof(struct qeth_ipa_cmd, |
3470 | + data.setadapterparms.data.snmp); |
3471 | + } else { |
3472 | + snmp_data = &cmd->data.setadapterparms.data.snmp.request; |
3473 | + data_len -= offsetof(struct qeth_ipa_cmd, |
3474 | + data.setadapterparms.data.snmp.request); |
3475 | + } |
3476 | |
3477 | /* check if there is enough room in userspace */ |
3478 | if ((qinfo->udata_len - qinfo->udata_offset) < data_len) { |
3479 | @@ -4562,16 +4566,9 @@ static int qeth_snmp_command_cb(struct qeth_card *card, |
3480 | QETH_CARD_TEXT_(card, 4, "sseqn%i", |
3481 | cmd->data.setadapterparms.hdr.seq_no); |
3482 | /*copy entries to user buffer*/ |
3483 | - if (cmd->data.setadapterparms.hdr.seq_no == 1) { |
3484 | - memcpy(qinfo->udata + qinfo->udata_offset, |
3485 | - (char *)snmp, |
3486 | - data_len + offsetof(struct qeth_snmp_cmd, data)); |
3487 | - qinfo->udata_offset += offsetof(struct qeth_snmp_cmd, data); |
3488 | - } else { |
3489 | - memcpy(qinfo->udata + qinfo->udata_offset, |
3490 | - (char *)&snmp->request, data_len); |
3491 | - } |
3492 | + memcpy(qinfo->udata + qinfo->udata_offset, snmp_data, data_len); |
3493 | qinfo->udata_offset += data_len; |
3494 | + |
3495 | /* check if all replies received ... */ |
3496 | QETH_CARD_TEXT_(card, 4, "srtot%i", |
3497 | cmd->data.setadapterparms.hdr.used_total); |
3498 | diff --git a/drivers/staging/most/core.c b/drivers/staging/most/core.c |
3499 | index f4c464625a67..52ad62722996 100644 |
3500 | --- a/drivers/staging/most/core.c |
3501 | +++ b/drivers/staging/most/core.c |
3502 | @@ -351,7 +351,7 @@ static ssize_t set_datatype_show(struct device *dev, |
3503 | |
3504 | for (i = 0; i < ARRAY_SIZE(ch_data_type); i++) { |
3505 | if (c->cfg.data_type & ch_data_type[i].most_ch_data_type) |
3506 | - return snprintf(buf, PAGE_SIZE, ch_data_type[i].name); |
3507 | + return snprintf(buf, PAGE_SIZE, "%s", ch_data_type[i].name); |
3508 | } |
3509 | return snprintf(buf, PAGE_SIZE, "unconfigured\n"); |
3510 | } |
3511 | diff --git a/drivers/staging/mt7621-dma/mtk-hsdma.c b/drivers/staging/mt7621-dma/mtk-hsdma.c |
3512 | index df6ebf41bdea..5831f816c17b 100644 |
3513 | --- a/drivers/staging/mt7621-dma/mtk-hsdma.c |
3514 | +++ b/drivers/staging/mt7621-dma/mtk-hsdma.c |
3515 | @@ -335,6 +335,8 @@ static int mtk_hsdma_start_transfer(struct mtk_hsdam_engine *hsdma, |
3516 | /* tx desc */ |
3517 | src = sg->src_addr; |
3518 | for (i = 0; i < chan->desc->num_sgs; i++) { |
3519 | + tx_desc = &chan->tx_ring[chan->tx_idx]; |
3520 | + |
3521 | if (len > HSDMA_MAX_PLEN) |
3522 | tlen = HSDMA_MAX_PLEN; |
3523 | else |
3524 | @@ -344,7 +346,6 @@ static int mtk_hsdma_start_transfer(struct mtk_hsdam_engine *hsdma, |
3525 | tx_desc->addr1 = src; |
3526 | tx_desc->flags |= HSDMA_DESC_PLEN1(tlen); |
3527 | } else { |
3528 | - tx_desc = &chan->tx_ring[chan->tx_idx]; |
3529 | tx_desc->addr0 = src; |
3530 | tx_desc->flags = HSDMA_DESC_PLEN0(tlen); |
3531 | |
3532 | diff --git a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c |
3533 | index b8566ed898f1..aa98fbb17013 100644 |
3534 | --- a/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c |
3535 | +++ b/drivers/staging/mt7621-pinctrl/pinctrl-rt2880.c |
3536 | @@ -82,7 +82,7 @@ static int rt2880_pinctrl_dt_node_to_map(struct pinctrl_dev *pctrldev, |
3537 | struct property *prop; |
3538 | const char *function_name, *group_name; |
3539 | int ret; |
3540 | - int ngroups; |
3541 | + int ngroups = 0; |
3542 | unsigned int reserved_maps = 0; |
3543 | |
3544 | for_each_node_with_property(np_config, "group") |
3545 | diff --git a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c |
3546 | index 85077947b9b8..85aba8a503cd 100644 |
3547 | --- a/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c |
3548 | +++ b/drivers/staging/rtl8723bs/hal/rtl8723bs_recv.c |
3549 | @@ -109,12 +109,12 @@ static void update_recvframe_phyinfo(union recv_frame *precvframe, |
3550 | rx_bssid = get_hdr_bssid(wlanhdr); |
3551 | pkt_info.bssid_match = ((!IsFrameTypeCtrl(wlanhdr)) && |
3552 | !pattrib->icv_err && !pattrib->crc_err && |
3553 | - !ether_addr_equal(rx_bssid, my_bssid)); |
3554 | + ether_addr_equal(rx_bssid, my_bssid)); |
3555 | |
3556 | rx_ra = get_ra(wlanhdr); |
3557 | my_hwaddr = myid(&padapter->eeprompriv); |
3558 | pkt_info.to_self = pkt_info.bssid_match && |
3559 | - !ether_addr_equal(rx_ra, my_hwaddr); |
3560 | + ether_addr_equal(rx_ra, my_hwaddr); |
3561 | |
3562 | |
3563 | pkt_info.is_beacon = pkt_info.bssid_match && |
3564 | diff --git a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c |
3565 | index af2234798fa8..db553f2e4c0b 100644 |
3566 | --- a/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c |
3567 | +++ b/drivers/staging/rtl8723bs/os_dep/ioctl_cfg80211.c |
3568 | @@ -1277,7 +1277,7 @@ static int cfg80211_rtw_get_station(struct wiphy *wiphy, |
3569 | |
3570 | sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS); |
3571 | sinfo->tx_packets = psta->sta_stats.tx_pkts; |
3572 | - |
3573 | + sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED); |
3574 | } |
3575 | |
3576 | /* for Ad-Hoc/AP mode */ |
3577 | diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c |
3578 | index bc05c69383b8..fe431302a030 100644 |
3579 | --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c |
3580 | +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c |
3581 | @@ -1787,6 +1787,7 @@ vchiq_compat_ioctl_await_completion(struct file *file, |
3582 | struct vchiq_await_completion32 args32; |
3583 | struct vchiq_completion_data32 completion32; |
3584 | unsigned int *msgbufcount32; |
3585 | + unsigned int msgbufcount_native; |
3586 | compat_uptr_t msgbuf32; |
3587 | void *msgbuf; |
3588 | void **msgbufptr; |
3589 | @@ -1898,7 +1899,11 @@ vchiq_compat_ioctl_await_completion(struct file *file, |
3590 | sizeof(completion32))) |
3591 | return -EFAULT; |
3592 | |
3593 | - args32.msgbufcount--; |
3594 | + if (get_user(msgbufcount_native, &args->msgbufcount)) |
3595 | + return -EFAULT; |
3596 | + |
3597 | + if (!msgbufcount_native) |
3598 | + args32.msgbufcount--; |
3599 | |
3600 | msgbufcount32 = |
3601 | &((struct vchiq_await_completion32 __user *)arg)->msgbufcount; |
3602 | diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c |
3603 | index f9ff03e6af93..0690fcff0ea2 100644 |
3604 | --- a/drivers/usb/core/quirks.c |
3605 | +++ b/drivers/usb/core/quirks.c |
3606 | @@ -209,6 +209,9 @@ static const struct usb_device_id usb_quirk_list[] = { |
3607 | /* Microsoft LifeCam-VX700 v2.0 */ |
3608 | { USB_DEVICE(0x045e, 0x0770), .driver_info = USB_QUIRK_RESET_RESUME }, |
3609 | |
3610 | + /* Cherry Stream G230 2.0 (G85-231) and 3.0 (G85-232) */ |
3611 | + { USB_DEVICE(0x046a, 0x0023), .driver_info = USB_QUIRK_RESET_RESUME }, |
3612 | + |
3613 | /* Logitech HD Pro Webcams C920, C920-C, C925e and C930e */ |
3614 | { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT }, |
3615 | { USB_DEVICE(0x046d, 0x0841), .driver_info = USB_QUIRK_DELAY_INIT }, |
3616 | diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c |
3617 | index 2de1a3971a26..558949b826d0 100644 |
3618 | --- a/drivers/usb/dwc3/gadget.c |
3619 | +++ b/drivers/usb/dwc3/gadget.c |
3620 | @@ -1461,9 +1461,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) |
3621 | unsigned transfer_in_flight; |
3622 | unsigned started; |
3623 | |
3624 | - if (dep->flags & DWC3_EP_STALL) |
3625 | - return 0; |
3626 | - |
3627 | if (dep->number > 1) |
3628 | trb = dwc3_ep_prev_trb(dep, dep->trb_enqueue); |
3629 | else |
3630 | @@ -1485,8 +1482,6 @@ int __dwc3_gadget_ep_set_halt(struct dwc3_ep *dep, int value, int protocol) |
3631 | else |
3632 | dep->flags |= DWC3_EP_STALL; |
3633 | } else { |
3634 | - if (!(dep->flags & DWC3_EP_STALL)) |
3635 | - return 0; |
3636 | |
3637 | ret = dwc3_send_clear_stall_ep_cmd(dep); |
3638 | if (ret) |
3639 | diff --git a/drivers/usb/storage/unusual_realtek.h b/drivers/usb/storage/unusual_realtek.h |
3640 | index d17cd95b55bb..6b2140f966ef 100644 |
3641 | --- a/drivers/usb/storage/unusual_realtek.h |
3642 | +++ b/drivers/usb/storage/unusual_realtek.h |
3643 | @@ -27,4 +27,14 @@ UNUSUAL_DEV(0x0bda, 0x0159, 0x0000, 0x9999, |
3644 | "USB Card Reader", |
3645 | USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), |
3646 | |
3647 | +UNUSUAL_DEV(0x0bda, 0x0177, 0x0000, 0x9999, |
3648 | + "Realtek", |
3649 | + "USB Card Reader", |
3650 | + USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), |
3651 | + |
3652 | +UNUSUAL_DEV(0x0bda, 0x0184, 0x0000, 0x9999, |
3653 | + "Realtek", |
3654 | + "USB Card Reader", |
3655 | + USB_SC_DEVICE, USB_PR_DEVICE, init_realtek_cr, 0), |
3656 | + |
3657 | #endif /* defined(CONFIG_USB_STORAGE_REALTEK) || ... */ |
3658 | diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c |
3659 | index dc52ce5e495f..834a3f5ef642 100644 |
3660 | --- a/fs/btrfs/disk-io.c |
3661 | +++ b/fs/btrfs/disk-io.c |
3662 | @@ -477,9 +477,9 @@ static int btree_read_extent_buffer_pages(struct btrfs_fs_info *fs_info, |
3663 | int mirror_num = 0; |
3664 | int failed_mirror = 0; |
3665 | |
3666 | - clear_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags); |
3667 | io_tree = &BTRFS_I(fs_info->btree_inode)->io_tree; |
3668 | while (1) { |
3669 | + clear_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags); |
3670 | ret = read_extent_buffer_pages(io_tree, eb, WAIT_COMPLETE, |
3671 | mirror_num); |
3672 | if (!ret) { |
3673 | @@ -493,15 +493,6 @@ static int btree_read_extent_buffer_pages(struct btrfs_fs_info *fs_info, |
3674 | break; |
3675 | } |
3676 | |
3677 | - /* |
3678 | - * This buffer's crc is fine, but its contents are corrupted, so |
3679 | - * there is no reason to read the other copies, they won't be |
3680 | - * any less wrong. |
3681 | - */ |
3682 | - if (test_bit(EXTENT_BUFFER_CORRUPT, &eb->bflags) || |
3683 | - ret == -EUCLEAN) |
3684 | - break; |
3685 | - |
3686 | num_copies = btrfs_num_copies(fs_info, |
3687 | eb->start, eb->len); |
3688 | if (num_copies == 1) |
3689 | diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c |
3690 | index 7d81cc415264..ca4902c66dc4 100644 |
3691 | --- a/fs/btrfs/file.c |
3692 | +++ b/fs/btrfs/file.c |
3693 | @@ -2088,6 +2088,30 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) |
3694 | |
3695 | atomic_inc(&root->log_batch); |
3696 | |
3697 | + /* |
3698 | + * Before we acquired the inode's lock, someone may have dirtied more |
3699 | + * pages in the target range. We need to make sure that writeback for |
3700 | + * any such pages does not start while we are logging the inode, because |
3701 | + * if it does, any of the following might happen when we are not doing a |
3702 | + * full inode sync: |
3703 | + * |
3704 | + * 1) We log an extent after its writeback finishes but before its |
3705 | + * checksums are added to the csum tree, leading to -EIO errors |
3706 | + * when attempting to read the extent after a log replay. |
3707 | + * |
3708 | + * 2) We can end up logging an extent before its writeback finishes. |
3709 | + * Therefore after the log replay we will have a file extent item |
3710 | + * pointing to an unwritten extent (and no data checksums as well). |
3711 | + * |
3712 | + * So trigger writeback for any eventual new dirty pages and then we |
3713 | + * wait for all ordered extents to complete below. |
3714 | + */ |
3715 | + ret = start_ordered_ops(inode, start, end); |
3716 | + if (ret) { |
3717 | + inode_unlock(inode); |
3718 | + goto out; |
3719 | + } |
3720 | + |
3721 | /* |
3722 | * We have to do this here to avoid the priority inversion of waiting on |
3723 | * IO of a lower priority task while holding a transaciton open. |
3724 | diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c |
3725 | index b070401406be..ff434663d65b 100644 |
3726 | --- a/fs/btrfs/qgroup.c |
3727 | +++ b/fs/btrfs/qgroup.c |
3728 | @@ -2244,7 +2244,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, |
3729 | int i; |
3730 | u64 *i_qgroups; |
3731 | struct btrfs_fs_info *fs_info = trans->fs_info; |
3732 | - struct btrfs_root *quota_root = fs_info->quota_root; |
3733 | + struct btrfs_root *quota_root; |
3734 | struct btrfs_qgroup *srcgroup; |
3735 | struct btrfs_qgroup *dstgroup; |
3736 | u32 level_size = 0; |
3737 | @@ -2254,6 +2254,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, |
3738 | if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags)) |
3739 | goto out; |
3740 | |
3741 | + quota_root = fs_info->quota_root; |
3742 | if (!quota_root) { |
3743 | ret = -EINVAL; |
3744 | goto out; |
3745 | diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c |
3746 | index 60bf8dfe7df4..0526b6c473c7 100644 |
3747 | --- a/fs/btrfs/relocation.c |
3748 | +++ b/fs/btrfs/relocation.c |
3749 | @@ -3963,6 +3963,7 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) |
3750 | restart: |
3751 | if (update_backref_cache(trans, &rc->backref_cache)) { |
3752 | btrfs_end_transaction(trans); |
3753 | + trans = NULL; |
3754 | continue; |
3755 | } |
3756 | |
3757 | diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c |
3758 | index 6601c9aa5e35..8ad145820ea8 100644 |
3759 | --- a/fs/btrfs/super.c |
3760 | +++ b/fs/btrfs/super.c |
3761 | @@ -2235,6 +2235,7 @@ static long btrfs_control_ioctl(struct file *file, unsigned int cmd, |
3762 | vol = memdup_user((void __user *)arg, sizeof(*vol)); |
3763 | if (IS_ERR(vol)) |
3764 | return PTR_ERR(vol); |
3765 | + vol->name[BTRFS_PATH_NAME_MAX] = '\0'; |
3766 | |
3767 | switch (cmd) { |
3768 | case BTRFS_IOC_SCAN_DEV: |
3769 | diff --git a/fs/direct-io.c b/fs/direct-io.c |
3770 | index 093fb54cd316..199146036093 100644 |
3771 | --- a/fs/direct-io.c |
3772 | +++ b/fs/direct-io.c |
3773 | @@ -325,8 +325,8 @@ static ssize_t dio_complete(struct dio *dio, ssize_t ret, unsigned int flags) |
3774 | */ |
3775 | dio->iocb->ki_pos += transferred; |
3776 | |
3777 | - if (dio->op == REQ_OP_WRITE) |
3778 | - ret = generic_write_sync(dio->iocb, transferred); |
3779 | + if (ret > 0 && dio->op == REQ_OP_WRITE) |
3780 | + ret = generic_write_sync(dio->iocb, ret); |
3781 | dio->iocb->ki_complete(dio->iocb, ret, 0); |
3782 | } |
3783 | |
3784 | diff --git a/fs/ext2/super.c b/fs/ext2/super.c |
3785 | index 73bd58fa13de..0c38e31ec938 100644 |
3786 | --- a/fs/ext2/super.c |
3787 | +++ b/fs/ext2/super.c |
3788 | @@ -895,6 +895,7 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent) |
3789 | if (sb->s_magic != EXT2_SUPER_MAGIC) |
3790 | goto cantfind_ext2; |
3791 | |
3792 | + opts.s_mount_opt = 0; |
3793 | /* Set defaults before we parse the mount options */ |
3794 | def_mount_opts = le32_to_cpu(es->s_default_mount_opts); |
3795 | if (def_mount_opts & EXT2_DEFM_DEBUG) |
3796 | diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c |
3797 | index 62d9a659a8ff..dd8f10db82e9 100644 |
3798 | --- a/fs/ext2/xattr.c |
3799 | +++ b/fs/ext2/xattr.c |
3800 | @@ -612,9 +612,9 @@ skip_replace: |
3801 | } |
3802 | |
3803 | cleanup: |
3804 | - brelse(bh); |
3805 | if (!(bh && header == HDR(bh))) |
3806 | kfree(header); |
3807 | + brelse(bh); |
3808 | up_write(&EXT2_I(inode)->xattr_sem); |
3809 | |
3810 | return error; |
3811 | diff --git a/fs/udf/super.c b/fs/udf/super.c |
3812 | index b997e3116e37..c495db7165ae 100644 |
3813 | --- a/fs/udf/super.c |
3814 | +++ b/fs/udf/super.c |
3815 | @@ -831,16 +831,20 @@ static int udf_load_pvoldesc(struct super_block *sb, sector_t block) |
3816 | |
3817 | |
3818 | ret = udf_dstrCS0toChar(sb, outstr, 31, pvoldesc->volIdent, 32); |
3819 | - if (ret < 0) |
3820 | - goto out_bh; |
3821 | - |
3822 | - strncpy(UDF_SB(sb)->s_volume_ident, outstr, ret); |
3823 | + if (ret < 0) { |
3824 | + strcpy(UDF_SB(sb)->s_volume_ident, "InvalidName"); |
3825 | + pr_warn("incorrect volume identification, setting to " |
3826 | + "'InvalidName'\n"); |
3827 | + } else { |
3828 | + strncpy(UDF_SB(sb)->s_volume_ident, outstr, ret); |
3829 | + } |
3830 | udf_debug("volIdent[] = '%s'\n", UDF_SB(sb)->s_volume_ident); |
3831 | |
3832 | ret = udf_dstrCS0toChar(sb, outstr, 127, pvoldesc->volSetIdent, 128); |
3833 | - if (ret < 0) |
3834 | + if (ret < 0) { |
3835 | + ret = 0; |
3836 | goto out_bh; |
3837 | - |
3838 | + } |
3839 | outstr[ret] = 0; |
3840 | udf_debug("volSetIdent[] = '%s'\n", outstr); |
3841 | |
3842 | diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c |
3843 | index 45234791fec2..5fcfa96463eb 100644 |
3844 | --- a/fs/udf/unicode.c |
3845 | +++ b/fs/udf/unicode.c |
3846 | @@ -351,6 +351,11 @@ try_again: |
3847 | return u_len; |
3848 | } |
3849 | |
3850 | +/* |
3851 | + * Convert CS0 dstring to output charset. Warning: This function may truncate |
3852 | + * input string if it is too long as it is used for informational strings only |
3853 | + * and it is better to truncate the string than to refuse mounting a media. |
3854 | + */ |
3855 | int udf_dstrCS0toChar(struct super_block *sb, uint8_t *utf_o, int o_len, |
3856 | const uint8_t *ocu_i, int i_len) |
3857 | { |
3858 | @@ -359,9 +364,12 @@ int udf_dstrCS0toChar(struct super_block *sb, uint8_t *utf_o, int o_len, |
3859 | if (i_len > 0) { |
3860 | s_len = ocu_i[i_len - 1]; |
3861 | if (s_len >= i_len) { |
3862 | - pr_err("incorrect dstring lengths (%d/%d)\n", |
3863 | - s_len, i_len); |
3864 | - return -EINVAL; |
3865 | + pr_warn("incorrect dstring lengths (%d/%d)," |
3866 | + " truncating\n", s_len, i_len); |
3867 | + s_len = i_len - 1; |
3868 | + /* 2-byte encoding? Need to round properly... */ |
3869 | + if (ocu_i[0] == 16) |
3870 | + s_len -= (s_len - 1) & 2; |
3871 | } |
3872 | } |
3873 | |
3874 | diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c |
3875 | index 356d2b8568c1..cd58939dc977 100644 |
3876 | --- a/fs/userfaultfd.c |
3877 | +++ b/fs/userfaultfd.c |
3878 | @@ -1361,6 +1361,19 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, |
3879 | ret = -EINVAL; |
3880 | if (!vma_can_userfault(cur)) |
3881 | goto out_unlock; |
3882 | + |
3883 | + /* |
3884 | + * UFFDIO_COPY will fill file holes even without |
3885 | + * PROT_WRITE. This check enforces that if this is a |
3886 | + * MAP_SHARED, the process has write permission to the backing |
3887 | + * file. If VM_MAYWRITE is set it also enforces that on a |
3888 | + * MAP_SHARED vma: there is no F_WRITE_SEAL and no further |
3889 | + * F_WRITE_SEAL can be taken until the vma is destroyed. |
3890 | + */ |
3891 | + ret = -EPERM; |
3892 | + if (unlikely(!(cur->vm_flags & VM_MAYWRITE))) |
3893 | + goto out_unlock; |
3894 | + |
3895 | /* |
3896 | * If this vma contains ending address, and huge pages |
3897 | * check alignment. |
3898 | @@ -1406,6 +1419,7 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, |
3899 | BUG_ON(!vma_can_userfault(vma)); |
3900 | BUG_ON(vma->vm_userfaultfd_ctx.ctx && |
3901 | vma->vm_userfaultfd_ctx.ctx != ctx); |
3902 | + WARN_ON(!(vma->vm_flags & VM_MAYWRITE)); |
3903 | |
3904 | /* |
3905 | * Nothing to do: this vma is already registered into this |
3906 | @@ -1552,6 +1566,7 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, |
3907 | cond_resched(); |
3908 | |
3909 | BUG_ON(!vma_can_userfault(vma)); |
3910 | + WARN_ON(!(vma->vm_flags & VM_MAYWRITE)); |
3911 | |
3912 | /* |
3913 | * Nothing to do: this vma is already registered into this |
3914 | diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h |
3915 | index a397907e8d72..dd16e8218db3 100644 |
3916 | --- a/include/linux/ftrace.h |
3917 | +++ b/include/linux/ftrace.h |
3918 | @@ -777,8 +777,8 @@ struct ftrace_ret_stack { |
3919 | extern void return_to_handler(void); |
3920 | |
3921 | extern int |
3922 | -ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, |
3923 | - unsigned long frame_pointer, unsigned long *retp); |
3924 | +function_graph_enter(unsigned long ret, unsigned long func, |
3925 | + unsigned long frame_pointer, unsigned long *retp); |
3926 | |
3927 | unsigned long ftrace_graph_ret_addr(struct task_struct *task, int *idx, |
3928 | unsigned long ret, unsigned long *retp); |
3929 | diff --git a/include/linux/hid-sensor-hub.h b/include/linux/hid-sensor-hub.h |
3930 | index 331dc377c275..dc12f5c4b076 100644 |
3931 | --- a/include/linux/hid-sensor-hub.h |
3932 | +++ b/include/linux/hid-sensor-hub.h |
3933 | @@ -177,6 +177,7 @@ int sensor_hub_input_get_attribute_info(struct hid_sensor_hub_device *hsdev, |
3934 | * @attr_usage_id: Attribute usage id as per spec |
3935 | * @report_id: Report id to look for |
3936 | * @flag: Synchronous or asynchronous read |
3937 | +* @is_signed: If true then fields < 32 bits will be sign-extended |
3938 | * |
3939 | * Issues a synchronous or asynchronous read request for an input attribute. |
3940 | * Returns data upto 32 bits. |
3941 | @@ -190,7 +191,8 @@ enum sensor_hub_read_flags { |
3942 | int sensor_hub_input_attr_get_raw_value(struct hid_sensor_hub_device *hsdev, |
3943 | u32 usage_id, |
3944 | u32 attr_usage_id, u32 report_id, |
3945 | - enum sensor_hub_read_flags flag |
3946 | + enum sensor_hub_read_flags flag, |
3947 | + bool is_signed |
3948 | ); |
3949 | |
3950 | /** |
3951 | diff --git a/include/linux/net_dim.h b/include/linux/net_dim.h |
3952 | index c79e859408e6..fd458389f7d1 100644 |
3953 | --- a/include/linux/net_dim.h |
3954 | +++ b/include/linux/net_dim.h |
3955 | @@ -406,6 +406,8 @@ static inline void net_dim(struct net_dim *dim, |
3956 | } |
3957 | /* fall through */ |
3958 | case NET_DIM_START_MEASURE: |
3959 | + net_dim_sample(end_sample.event_ctr, end_sample.pkt_ctr, end_sample.byte_ctr, |
3960 | + &dim->start_sample); |
3961 | dim->state = NET_DIM_MEASURE_IN_PROGRESS; |
3962 | break; |
3963 | case NET_DIM_APPLY_NEW_PROFILE: |
3964 | diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h |
3965 | index 4f36431c380b..561feb560619 100644 |
3966 | --- a/include/linux/ptrace.h |
3967 | +++ b/include/linux/ptrace.h |
3968 | @@ -62,8 +62,8 @@ extern void exit_ptrace(struct task_struct *tracer, struct list_head *dead); |
3969 | #define PTRACE_MODE_READ 0x01 |
3970 | #define PTRACE_MODE_ATTACH 0x02 |
3971 | #define PTRACE_MODE_NOAUDIT 0x04 |
3972 | -#define PTRACE_MODE_FSCREDS 0x08 |
3973 | -#define PTRACE_MODE_REALCREDS 0x10 |
3974 | +#define PTRACE_MODE_FSCREDS 0x08 |
3975 | +#define PTRACE_MODE_REALCREDS 0x10 |
3976 | |
3977 | /* shorthands for READ/ATTACH and FSCREDS/REALCREDS combinations */ |
3978 | #define PTRACE_MODE_READ_FSCREDS (PTRACE_MODE_READ | PTRACE_MODE_FSCREDS) |
3979 | diff --git a/include/linux/sched.h b/include/linux/sched.h |
3980 | index 977cb57d7bc9..4abb5bd74b04 100644 |
3981 | --- a/include/linux/sched.h |
3982 | +++ b/include/linux/sched.h |
3983 | @@ -1108,6 +1108,7 @@ struct task_struct { |
3984 | #ifdef CONFIG_FUNCTION_GRAPH_TRACER |
3985 | /* Index of current stored address in ret_stack: */ |
3986 | int curr_ret_stack; |
3987 | + int curr_ret_depth; |
3988 | |
3989 | /* Stack of return addresses for return function tracing: */ |
3990 | struct ftrace_ret_stack *ret_stack; |
3991 | @@ -1439,6 +1440,8 @@ static inline bool is_percpu_thread(void) |
3992 | #define PFA_SPREAD_SLAB 2 /* Spread some slab caches over cpuset */ |
3993 | #define PFA_SPEC_SSB_DISABLE 3 /* Speculative Store Bypass disabled */ |
3994 | #define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/ |
3995 | +#define PFA_SPEC_IB_DISABLE 5 /* Indirect branch speculation restricted */ |
3996 | +#define PFA_SPEC_IB_FORCE_DISABLE 6 /* Indirect branch speculation permanently restricted */ |
3997 | |
3998 | #define TASK_PFA_TEST(name, func) \ |
3999 | static inline bool task_##func(struct task_struct *p) \ |
4000 | @@ -1470,6 +1473,13 @@ TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable) |
4001 | TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) |
4002 | TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable) |
4003 | |
4004 | +TASK_PFA_TEST(SPEC_IB_DISABLE, spec_ib_disable) |
4005 | +TASK_PFA_SET(SPEC_IB_DISABLE, spec_ib_disable) |
4006 | +TASK_PFA_CLEAR(SPEC_IB_DISABLE, spec_ib_disable) |
4007 | + |
4008 | +TASK_PFA_TEST(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable) |
4009 | +TASK_PFA_SET(SPEC_IB_FORCE_DISABLE, spec_ib_force_disable) |
4010 | + |
4011 | static inline void |
4012 | current_restore_flags(unsigned long orig_flags, unsigned long flags) |
4013 | { |
4014 | diff --git a/include/linux/sched/smt.h b/include/linux/sched/smt.h |
4015 | new file mode 100644 |
4016 | index 000000000000..59d3736c454c |
4017 | --- /dev/null |
4018 | +++ b/include/linux/sched/smt.h |
4019 | @@ -0,0 +1,20 @@ |
4020 | +/* SPDX-License-Identifier: GPL-2.0 */ |
4021 | +#ifndef _LINUX_SCHED_SMT_H |
4022 | +#define _LINUX_SCHED_SMT_H |
4023 | + |
4024 | +#include <linux/static_key.h> |
4025 | + |
4026 | +#ifdef CONFIG_SCHED_SMT |
4027 | +extern struct static_key_false sched_smt_present; |
4028 | + |
4029 | +static __always_inline bool sched_smt_active(void) |
4030 | +{ |
4031 | + return static_branch_likely(&sched_smt_present); |
4032 | +} |
4033 | +#else |
4034 | +static inline bool sched_smt_active(void) { return false; } |
4035 | +#endif |
4036 | + |
4037 | +void arch_smt_update(void); |
4038 | + |
4039 | +#endif |
4040 | diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h |
4041 | index 17a13e4785fc..e6ef9cc05e60 100644 |
4042 | --- a/include/linux/skbuff.h |
4043 | +++ b/include/linux/skbuff.h |
4044 | @@ -1311,6 +1311,22 @@ static inline void skb_zcopy_set(struct sk_buff *skb, struct ubuf_info *uarg) |
4045 | } |
4046 | } |
4047 | |
4048 | +static inline void skb_zcopy_set_nouarg(struct sk_buff *skb, void *val) |
4049 | +{ |
4050 | + skb_shinfo(skb)->destructor_arg = (void *)((uintptr_t) val | 0x1UL); |
4051 | + skb_shinfo(skb)->tx_flags |= SKBTX_ZEROCOPY_FRAG; |
4052 | +} |
4053 | + |
4054 | +static inline bool skb_zcopy_is_nouarg(struct sk_buff *skb) |
4055 | +{ |
4056 | + return (uintptr_t) skb_shinfo(skb)->destructor_arg & 0x1UL; |
4057 | +} |
4058 | + |
4059 | +static inline void *skb_zcopy_get_nouarg(struct sk_buff *skb) |
4060 | +{ |
4061 | + return (void *)((uintptr_t) skb_shinfo(skb)->destructor_arg & ~0x1UL); |
4062 | +} |
4063 | + |
4064 | /* Release a reference on a zerocopy structure */ |
4065 | static inline void skb_zcopy_clear(struct sk_buff *skb, bool zerocopy) |
4066 | { |
4067 | @@ -1320,7 +1336,7 @@ static inline void skb_zcopy_clear(struct sk_buff *skb, bool zerocopy) |
4068 | if (uarg->callback == sock_zerocopy_callback) { |
4069 | uarg->zerocopy = uarg->zerocopy && zerocopy; |
4070 | sock_zerocopy_put(uarg); |
4071 | - } else { |
4072 | + } else if (!skb_zcopy_is_nouarg(skb)) { |
4073 | uarg->callback(uarg, zerocopy); |
4074 | } |
4075 | |
4076 | diff --git a/include/linux/tcp.h b/include/linux/tcp.h |
4077 | index 263e37271afd..d2c8f280e48f 100644 |
4078 | --- a/include/linux/tcp.h |
4079 | +++ b/include/linux/tcp.h |
4080 | @@ -196,6 +196,7 @@ struct tcp_sock { |
4081 | u32 rcv_tstamp; /* timestamp of last received ACK (for keepalives) */ |
4082 | u32 lsndtime; /* timestamp of last sent data packet (for restart window) */ |
4083 | u32 last_oow_ack_time; /* timestamp of last out-of-window ACK */ |
4084 | + u32 compressed_ack_rcv_nxt; |
4085 | |
4086 | u32 tsoffset; /* timestamp offset */ |
4087 | |
4088 | diff --git a/include/uapi/linux/prctl.h b/include/uapi/linux/prctl.h |
4089 | index c0d7ea0bf5b6..b17201edfa09 100644 |
4090 | --- a/include/uapi/linux/prctl.h |
4091 | +++ b/include/uapi/linux/prctl.h |
4092 | @@ -212,6 +212,7 @@ struct prctl_mm_map { |
4093 | #define PR_SET_SPECULATION_CTRL 53 |
4094 | /* Speculation control variants */ |
4095 | # define PR_SPEC_STORE_BYPASS 0 |
4096 | +# define PR_SPEC_INDIRECT_BRANCH 1 |
4097 | /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ |
4098 | # define PR_SPEC_NOT_AFFECTED 0 |
4099 | # define PR_SPEC_PRCTL (1UL << 0) |
4100 | diff --git a/kernel/cpu.c b/kernel/cpu.c |
4101 | index 0097acec1c71..1699ff68c412 100644 |
4102 | --- a/kernel/cpu.c |
4103 | +++ b/kernel/cpu.c |
4104 | @@ -10,6 +10,7 @@ |
4105 | #include <linux/sched/signal.h> |
4106 | #include <linux/sched/hotplug.h> |
4107 | #include <linux/sched/task.h> |
4108 | +#include <linux/sched/smt.h> |
4109 | #include <linux/unistd.h> |
4110 | #include <linux/cpu.h> |
4111 | #include <linux/oom.h> |
4112 | @@ -346,6 +347,12 @@ void cpu_hotplug_enable(void) |
4113 | EXPORT_SYMBOL_GPL(cpu_hotplug_enable); |
4114 | #endif /* CONFIG_HOTPLUG_CPU */ |
4115 | |
4116 | +/* |
4117 | + * Architectures that need SMT-specific errata handling during SMT hotplug |
4118 | + * should override this. |
4119 | + */ |
4120 | +void __weak arch_smt_update(void) { } |
4121 | + |
4122 | #ifdef CONFIG_HOTPLUG_SMT |
4123 | enum cpuhp_smt_control cpu_smt_control __read_mostly = CPU_SMT_ENABLED; |
4124 | EXPORT_SYMBOL_GPL(cpu_smt_control); |
4125 | @@ -982,6 +989,7 @@ out: |
4126 | * concurrent CPU hotplug via cpu_add_remove_lock. |
4127 | */ |
4128 | lockup_detector_cleanup(); |
4129 | + arch_smt_update(); |
4130 | return ret; |
4131 | } |
4132 | |
4133 | @@ -1110,6 +1118,7 @@ static int _cpu_up(unsigned int cpu, int tasks_frozen, enum cpuhp_state target) |
4134 | ret = cpuhp_up_callbacks(cpu, st, target); |
4135 | out: |
4136 | cpus_write_unlock(); |
4137 | + arch_smt_update(); |
4138 | return ret; |
4139 | } |
4140 | |
4141 | @@ -2052,8 +2061,10 @@ static int cpuhp_smt_disable(enum cpuhp_smt_control ctrlval) |
4142 | */ |
4143 | cpuhp_offline_cpu_device(cpu); |
4144 | } |
4145 | - if (!ret) |
4146 | + if (!ret) { |
4147 | cpu_smt_control = ctrlval; |
4148 | + arch_smt_update(); |
4149 | + } |
4150 | cpu_maps_update_done(); |
4151 | return ret; |
4152 | } |
4153 | @@ -2064,6 +2075,7 @@ static int cpuhp_smt_enable(void) |
4154 | |
4155 | cpu_maps_update_begin(); |
4156 | cpu_smt_control = CPU_SMT_ENABLED; |
4157 | + arch_smt_update(); |
4158 | for_each_present_cpu(cpu) { |
4159 | /* Skip online CPUs and CPUs on offline nodes */ |
4160 | if (cpu_online(cpu) || !node_online(cpu_to_node(cpu))) |
4161 | diff --git a/kernel/sched/core.c b/kernel/sched/core.c |
4162 | index 35551110d277..2beda4b726e2 100644 |
4163 | --- a/kernel/sched/core.c |
4164 | +++ b/kernel/sched/core.c |
4165 | @@ -5741,15 +5741,10 @@ int sched_cpu_activate(unsigned int cpu) |
4166 | |
4167 | #ifdef CONFIG_SCHED_SMT |
4168 | /* |
4169 | - * The sched_smt_present static key needs to be evaluated on every |
4170 | - * hotplug event because at boot time SMT might be disabled when |
4171 | - * the number of booted CPUs is limited. |
4172 | - * |
4173 | - * If then later a sibling gets hotplugged, then the key would stay |
4174 | - * off and SMT scheduling would never be functional. |
4175 | + * When going up, increment the number of cores with SMT present. |
4176 | */ |
4177 | - if (cpumask_weight(cpu_smt_mask(cpu)) > 1) |
4178 | - static_branch_enable_cpuslocked(&sched_smt_present); |
4179 | + if (cpumask_weight(cpu_smt_mask(cpu)) == 2) |
4180 | + static_branch_inc_cpuslocked(&sched_smt_present); |
4181 | #endif |
4182 | set_cpu_active(cpu, true); |
4183 | |
4184 | @@ -5793,6 +5788,14 @@ int sched_cpu_deactivate(unsigned int cpu) |
4185 | */ |
4186 | synchronize_rcu_mult(call_rcu, call_rcu_sched); |
4187 | |
4188 | +#ifdef CONFIG_SCHED_SMT |
4189 | + /* |
4190 | + * When going down, decrement the number of cores with SMT present. |
4191 | + */ |
4192 | + if (cpumask_weight(cpu_smt_mask(cpu)) == 2) |
4193 | + static_branch_dec_cpuslocked(&sched_smt_present); |
4194 | +#endif |
4195 | + |
4196 | if (!sched_smp_initialized) |
4197 | return 0; |
4198 | |
4199 | diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h |
4200 | index 9683f458aec7..6c25bbe87bd3 100644 |
4201 | --- a/kernel/sched/sched.h |
4202 | +++ b/kernel/sched/sched.h |
4203 | @@ -23,6 +23,7 @@ |
4204 | #include <linux/sched/prio.h> |
4205 | #include <linux/sched/rt.h> |
4206 | #include <linux/sched/signal.h> |
4207 | +#include <linux/sched/smt.h> |
4208 | #include <linux/sched/stat.h> |
4209 | #include <linux/sched/sysctl.h> |
4210 | #include <linux/sched/task.h> |
4211 | @@ -930,9 +931,6 @@ static inline int cpu_of(struct rq *rq) |
4212 | |
4213 | |
4214 | #ifdef CONFIG_SCHED_SMT |
4215 | - |
4216 | -extern struct static_key_false sched_smt_present; |
4217 | - |
4218 | extern void __update_idle_core(struct rq *rq); |
4219 | |
4220 | static inline void update_idle_core(struct rq *rq) |
4221 | diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c |
4222 | index f536f601bd46..77734451cb05 100644 |
4223 | --- a/kernel/trace/ftrace.c |
4224 | +++ b/kernel/trace/ftrace.c |
4225 | @@ -817,7 +817,7 @@ function_profile_call(unsigned long ip, unsigned long parent_ip, |
4226 | #ifdef CONFIG_FUNCTION_GRAPH_TRACER |
4227 | static int profile_graph_entry(struct ftrace_graph_ent *trace) |
4228 | { |
4229 | - int index = trace->depth; |
4230 | + int index = current->curr_ret_stack; |
4231 | |
4232 | function_profile_call(trace->func, 0, NULL, NULL); |
4233 | |
4234 | @@ -852,7 +852,7 @@ static void profile_graph_return(struct ftrace_graph_ret *trace) |
4235 | if (!fgraph_graph_time) { |
4236 | int index; |
4237 | |
4238 | - index = trace->depth; |
4239 | + index = current->curr_ret_stack; |
4240 | |
4241 | /* Append this call time to the parent time to subtract */ |
4242 | if (index) |
4243 | @@ -6814,6 +6814,7 @@ static int alloc_retstack_tasklist(struct ftrace_ret_stack **ret_stack_list) |
4244 | atomic_set(&t->tracing_graph_pause, 0); |
4245 | atomic_set(&t->trace_overrun, 0); |
4246 | t->curr_ret_stack = -1; |
4247 | + t->curr_ret_depth = -1; |
4248 | /* Make sure the tasks see the -1 first: */ |
4249 | smp_wmb(); |
4250 | t->ret_stack = ret_stack_list[start++]; |
4251 | @@ -7038,6 +7039,7 @@ graph_init_task(struct task_struct *t, struct ftrace_ret_stack *ret_stack) |
4252 | void ftrace_graph_init_idle_task(struct task_struct *t, int cpu) |
4253 | { |
4254 | t->curr_ret_stack = -1; |
4255 | + t->curr_ret_depth = -1; |
4256 | /* |
4257 | * The idle task has no parent, it either has its own |
4258 | * stack or no stack at all. |
4259 | @@ -7068,6 +7070,7 @@ void ftrace_graph_init_task(struct task_struct *t) |
4260 | /* Make sure we do not use the parent ret_stack */ |
4261 | t->ret_stack = NULL; |
4262 | t->curr_ret_stack = -1; |
4263 | + t->curr_ret_depth = -1; |
4264 | |
4265 | if (ftrace_graph_active) { |
4266 | struct ftrace_ret_stack *ret_stack; |
4267 | diff --git a/kernel/trace/trace_functions_graph.c b/kernel/trace/trace_functions_graph.c |
4268 | index 169b3c44ee97..2561460d7baf 100644 |
4269 | --- a/kernel/trace/trace_functions_graph.c |
4270 | +++ b/kernel/trace/trace_functions_graph.c |
4271 | @@ -118,8 +118,8 @@ print_graph_duration(struct trace_array *tr, unsigned long long duration, |
4272 | struct trace_seq *s, u32 flags); |
4273 | |
4274 | /* Add a function return address to the trace stack on thread info.*/ |
4275 | -int |
4276 | -ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, |
4277 | +static int |
4278 | +ftrace_push_return_trace(unsigned long ret, unsigned long func, |
4279 | unsigned long frame_pointer, unsigned long *retp) |
4280 | { |
4281 | unsigned long long calltime; |
4282 | @@ -177,9 +177,31 @@ ftrace_push_return_trace(unsigned long ret, unsigned long func, int *depth, |
4283 | #ifdef HAVE_FUNCTION_GRAPH_RET_ADDR_PTR |
4284 | current->ret_stack[index].retp = retp; |
4285 | #endif |
4286 | - *depth = current->curr_ret_stack; |
4287 | + return 0; |
4288 | +} |
4289 | + |
4290 | +int function_graph_enter(unsigned long ret, unsigned long func, |
4291 | + unsigned long frame_pointer, unsigned long *retp) |
4292 | +{ |
4293 | + struct ftrace_graph_ent trace; |
4294 | + |
4295 | + trace.func = func; |
4296 | + trace.depth = ++current->curr_ret_depth; |
4297 | + |
4298 | + if (ftrace_push_return_trace(ret, func, |
4299 | + frame_pointer, retp)) |
4300 | + goto out; |
4301 | + |
4302 | + /* Only trace if the calling function expects to */ |
4303 | + if (!ftrace_graph_entry(&trace)) |
4304 | + goto out_ret; |
4305 | |
4306 | return 0; |
4307 | + out_ret: |
4308 | + current->curr_ret_stack--; |
4309 | + out: |
4310 | + current->curr_ret_depth--; |
4311 | + return -EBUSY; |
4312 | } |
4313 | |
4314 | /* Retrieve a function return address to the trace stack on thread info.*/ |
4315 | @@ -241,7 +263,13 @@ ftrace_pop_return_trace(struct ftrace_graph_ret *trace, unsigned long *ret, |
4316 | trace->func = current->ret_stack[index].func; |
4317 | trace->calltime = current->ret_stack[index].calltime; |
4318 | trace->overrun = atomic_read(¤t->trace_overrun); |
4319 | - trace->depth = index; |
4320 | + trace->depth = current->curr_ret_depth--; |
4321 | + /* |
4322 | + * We still want to trace interrupts coming in if |
4323 | + * max_depth is set to 1. Make sure the decrement is |
4324 | + * seen before ftrace_graph_return. |
4325 | + */ |
4326 | + barrier(); |
4327 | } |
4328 | |
4329 | /* |
4330 | @@ -255,6 +283,12 @@ unsigned long ftrace_return_to_handler(unsigned long frame_pointer) |
4331 | |
4332 | ftrace_pop_return_trace(&trace, &ret, frame_pointer); |
4333 | trace.rettime = trace_clock_local(); |
4334 | + ftrace_graph_return(&trace); |
4335 | + /* |
4336 | + * The ftrace_graph_return() may still access the current |
4337 | + * ret_stack structure, we need to make sure the update of |
4338 | + * curr_ret_stack is after that. |
4339 | + */ |
4340 | barrier(); |
4341 | current->curr_ret_stack--; |
4342 | /* |
4343 | @@ -267,13 +301,6 @@ unsigned long ftrace_return_to_handler(unsigned long frame_pointer) |
4344 | return ret; |
4345 | } |
4346 | |
4347 | - /* |
4348 | - * The trace should run after decrementing the ret counter |
4349 | - * in case an interrupt were to come in. We don't want to |
4350 | - * lose the interrupt if max_depth is set. |
4351 | - */ |
4352 | - ftrace_graph_return(&trace); |
4353 | - |
4354 | if (unlikely(!ret)) { |
4355 | ftrace_graph_stop(); |
4356 | WARN_ON(1); |
4357 | diff --git a/lib/test_kmod.c b/lib/test_kmod.c |
4358 | index e3ddd836491f..d82d022111e0 100644 |
4359 | --- a/lib/test_kmod.c |
4360 | +++ b/lib/test_kmod.c |
4361 | @@ -1214,7 +1214,6 @@ void unregister_test_dev_kmod(struct kmod_test_device *test_dev) |
4362 | |
4363 | dev_info(test_dev->dev, "removing interface\n"); |
4364 | misc_deregister(&test_dev->misc_dev); |
4365 | - kfree(&test_dev->misc_dev.name); |
4366 | |
4367 | mutex_unlock(&test_dev->config_mutex); |
4368 | mutex_unlock(&test_dev->trigger_mutex); |
4369 | diff --git a/mm/huge_memory.c b/mm/huge_memory.c |
4370 | index deed97fba979..15310f14c25e 100644 |
4371 | --- a/mm/huge_memory.c |
4372 | +++ b/mm/huge_memory.c |
4373 | @@ -2322,7 +2322,7 @@ void vma_adjust_trans_huge(struct vm_area_struct *vma, |
4374 | } |
4375 | } |
4376 | |
4377 | -static void freeze_page(struct page *page) |
4378 | +static void unmap_page(struct page *page) |
4379 | { |
4380 | enum ttu_flags ttu_flags = TTU_IGNORE_MLOCK | TTU_IGNORE_ACCESS | |
4381 | TTU_RMAP_LOCKED | TTU_SPLIT_HUGE_PMD; |
4382 | @@ -2337,7 +2337,7 @@ static void freeze_page(struct page *page) |
4383 | VM_BUG_ON_PAGE(!unmap_success, page); |
4384 | } |
4385 | |
4386 | -static void unfreeze_page(struct page *page) |
4387 | +static void remap_page(struct page *page) |
4388 | { |
4389 | int i; |
4390 | if (PageTransHuge(page)) { |
4391 | @@ -2373,6 +2373,12 @@ static void __split_huge_page_tail(struct page *head, int tail, |
4392 | (1L << PG_unevictable) | |
4393 | (1L << PG_dirty))); |
4394 | |
4395 | + /* ->mapping in first tail page is compound_mapcount */ |
4396 | + VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING, |
4397 | + page_tail); |
4398 | + page_tail->mapping = head->mapping; |
4399 | + page_tail->index = head->index + tail; |
4400 | + |
4401 | /* Page flags must be visible before we make the page non-compound. */ |
4402 | smp_wmb(); |
4403 | |
4404 | @@ -2393,12 +2399,6 @@ static void __split_huge_page_tail(struct page *head, int tail, |
4405 | if (page_is_idle(head)) |
4406 | set_page_idle(page_tail); |
4407 | |
4408 | - /* ->mapping in first tail page is compound_mapcount */ |
4409 | - VM_BUG_ON_PAGE(tail > 2 && page_tail->mapping != TAIL_MAPPING, |
4410 | - page_tail); |
4411 | - page_tail->mapping = head->mapping; |
4412 | - |
4413 | - page_tail->index = head->index + tail; |
4414 | page_cpupid_xchg_last(page_tail, page_cpupid_last(head)); |
4415 | |
4416 | /* |
4417 | @@ -2410,12 +2410,11 @@ static void __split_huge_page_tail(struct page *head, int tail, |
4418 | } |
4419 | |
4420 | static void __split_huge_page(struct page *page, struct list_head *list, |
4421 | - unsigned long flags) |
4422 | + pgoff_t end, unsigned long flags) |
4423 | { |
4424 | struct page *head = compound_head(page); |
4425 | struct zone *zone = page_zone(head); |
4426 | struct lruvec *lruvec; |
4427 | - pgoff_t end = -1; |
4428 | int i; |
4429 | |
4430 | lruvec = mem_cgroup_page_lruvec(head, zone->zone_pgdat); |
4431 | @@ -2423,9 +2422,6 @@ static void __split_huge_page(struct page *page, struct list_head *list, |
4432 | /* complete memcg works before add pages to LRU */ |
4433 | mem_cgroup_split_huge_fixup(head); |
4434 | |
4435 | - if (!PageAnon(page)) |
4436 | - end = DIV_ROUND_UP(i_size_read(head->mapping->host), PAGE_SIZE); |
4437 | - |
4438 | for (i = HPAGE_PMD_NR - 1; i >= 1; i--) { |
4439 | __split_huge_page_tail(head, i, lruvec, list); |
4440 | /* Some pages can be beyond i_size: drop them from page cache */ |
4441 | @@ -2454,7 +2450,7 @@ static void __split_huge_page(struct page *page, struct list_head *list, |
4442 | |
4443 | spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); |
4444 | |
4445 | - unfreeze_page(head); |
4446 | + remap_page(head); |
4447 | |
4448 | for (i = 0; i < HPAGE_PMD_NR; i++) { |
4449 | struct page *subpage = head + i; |
4450 | @@ -2597,6 +2593,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4451 | int count, mapcount, extra_pins, ret; |
4452 | bool mlocked; |
4453 | unsigned long flags; |
4454 | + pgoff_t end; |
4455 | |
4456 | VM_BUG_ON_PAGE(is_huge_zero_page(page), page); |
4457 | VM_BUG_ON_PAGE(!PageLocked(page), page); |
4458 | @@ -2619,6 +2616,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4459 | ret = -EBUSY; |
4460 | goto out; |
4461 | } |
4462 | + end = -1; |
4463 | mapping = NULL; |
4464 | anon_vma_lock_write(anon_vma); |
4465 | } else { |
4466 | @@ -2632,10 +2630,19 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4467 | |
4468 | anon_vma = NULL; |
4469 | i_mmap_lock_read(mapping); |
4470 | + |
4471 | + /* |
4472 | + *__split_huge_page() may need to trim off pages beyond EOF: |
4473 | + * but on 32-bit, i_size_read() takes an irq-unsafe seqlock, |
4474 | + * which cannot be nested inside the page tree lock. So note |
4475 | + * end now: i_size itself may be changed at any moment, but |
4476 | + * head page lock is good enough to serialize the trimming. |
4477 | + */ |
4478 | + end = DIV_ROUND_UP(i_size_read(mapping->host), PAGE_SIZE); |
4479 | } |
4480 | |
4481 | /* |
4482 | - * Racy check if we can split the page, before freeze_page() will |
4483 | + * Racy check if we can split the page, before unmap_page() will |
4484 | * split PMDs |
4485 | */ |
4486 | if (!can_split_huge_page(head, &extra_pins)) { |
4487 | @@ -2644,7 +2651,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4488 | } |
4489 | |
4490 | mlocked = PageMlocked(page); |
4491 | - freeze_page(head); |
4492 | + unmap_page(head); |
4493 | VM_BUG_ON_PAGE(compound_mapcount(head), head); |
4494 | |
4495 | /* Make sure the page is not on per-CPU pagevec as it takes pin */ |
4496 | @@ -2681,7 +2688,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4497 | if (mapping) |
4498 | __dec_node_page_state(page, NR_SHMEM_THPS); |
4499 | spin_unlock(&pgdata->split_queue_lock); |
4500 | - __split_huge_page(page, list, flags); |
4501 | + __split_huge_page(page, list, end, flags); |
4502 | if (PageSwapCache(head)) { |
4503 | swp_entry_t entry = { .val = page_private(head) }; |
4504 | |
4505 | @@ -2701,7 +2708,7 @@ int split_huge_page_to_list(struct page *page, struct list_head *list) |
4506 | fail: if (mapping) |
4507 | xa_unlock(&mapping->i_pages); |
4508 | spin_unlock_irqrestore(zone_lru_lock(page_zone(head)), flags); |
4509 | - unfreeze_page(head); |
4510 | + remap_page(head); |
4511 | ret = -EBUSY; |
4512 | } |
4513 | |
4514 | diff --git a/mm/khugepaged.c b/mm/khugepaged.c |
4515 | index a31d740e6cd1..fde5820be24d 100644 |
4516 | --- a/mm/khugepaged.c |
4517 | +++ b/mm/khugepaged.c |
4518 | @@ -1287,7 +1287,7 @@ static void retract_page_tables(struct address_space *mapping, pgoff_t pgoff) |
4519 | * collapse_shmem - collapse small tmpfs/shmem pages into huge one. |
4520 | * |
4521 | * Basic scheme is simple, details are more complex: |
4522 | - * - allocate and freeze a new huge page; |
4523 | + * - allocate and lock a new huge page; |
4524 | * - scan over radix tree replacing old pages the new one |
4525 | * + swap in pages if necessary; |
4526 | * + fill in gaps; |
4527 | @@ -1295,11 +1295,11 @@ static void retract_page_tables(struct address_space *mapping, pgoff_t pgoff) |
4528 | * - if replacing succeed: |
4529 | * + copy data over; |
4530 | * + free old pages; |
4531 | - * + unfreeze huge page; |
4532 | + * + unlock huge page; |
4533 | * - if replacing failed; |
4534 | * + put all pages back and unfreeze them; |
4535 | * + restore gaps in the radix-tree; |
4536 | - * + free huge page; |
4537 | + * + unlock and free huge page; |
4538 | */ |
4539 | static void collapse_shmem(struct mm_struct *mm, |
4540 | struct address_space *mapping, pgoff_t start, |
4541 | @@ -1330,18 +1330,15 @@ static void collapse_shmem(struct mm_struct *mm, |
4542 | goto out; |
4543 | } |
4544 | |
4545 | + __SetPageLocked(new_page); |
4546 | + __SetPageSwapBacked(new_page); |
4547 | new_page->index = start; |
4548 | new_page->mapping = mapping; |
4549 | - __SetPageSwapBacked(new_page); |
4550 | - __SetPageLocked(new_page); |
4551 | - BUG_ON(!page_ref_freeze(new_page, 1)); |
4552 | - |
4553 | |
4554 | /* |
4555 | - * At this point the new_page is 'frozen' (page_count() is zero), locked |
4556 | - * and not up-to-date. It's safe to insert it into radix tree, because |
4557 | - * nobody would be able to map it or use it in other way until we |
4558 | - * unfreeze it. |
4559 | + * At this point the new_page is locked and not up-to-date. |
4560 | + * It's safe to insert it into the page cache, because nobody would |
4561 | + * be able to map it or use it in another way until we unlock it. |
4562 | */ |
4563 | |
4564 | index = start; |
4565 | @@ -1349,19 +1346,29 @@ static void collapse_shmem(struct mm_struct *mm, |
4566 | radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) { |
4567 | int n = min(iter.index, end) - index; |
4568 | |
4569 | + /* |
4570 | + * Stop if extent has been hole-punched, and is now completely |
4571 | + * empty (the more obvious i_size_read() check would take an |
4572 | + * irq-unsafe seqlock on 32-bit). |
4573 | + */ |
4574 | + if (n >= HPAGE_PMD_NR) { |
4575 | + result = SCAN_TRUNCATED; |
4576 | + goto tree_locked; |
4577 | + } |
4578 | + |
4579 | /* |
4580 | * Handle holes in the radix tree: charge it from shmem and |
4581 | * insert relevant subpage of new_page into the radix-tree. |
4582 | */ |
4583 | if (n && !shmem_charge(mapping->host, n)) { |
4584 | result = SCAN_FAIL; |
4585 | - break; |
4586 | + goto tree_locked; |
4587 | } |
4588 | - nr_none += n; |
4589 | for (; index < min(iter.index, end); index++) { |
4590 | radix_tree_insert(&mapping->i_pages, index, |
4591 | new_page + (index % HPAGE_PMD_NR)); |
4592 | } |
4593 | + nr_none += n; |
4594 | |
4595 | /* We are done. */ |
4596 | if (index >= end) |
4597 | @@ -1377,12 +1384,12 @@ static void collapse_shmem(struct mm_struct *mm, |
4598 | result = SCAN_FAIL; |
4599 | goto tree_unlocked; |
4600 | } |
4601 | - xa_lock_irq(&mapping->i_pages); |
4602 | } else if (trylock_page(page)) { |
4603 | get_page(page); |
4604 | + xa_unlock_irq(&mapping->i_pages); |
4605 | } else { |
4606 | result = SCAN_PAGE_LOCK; |
4607 | - break; |
4608 | + goto tree_locked; |
4609 | } |
4610 | |
4611 | /* |
4612 | @@ -1391,17 +1398,24 @@ static void collapse_shmem(struct mm_struct *mm, |
4613 | */ |
4614 | VM_BUG_ON_PAGE(!PageLocked(page), page); |
4615 | VM_BUG_ON_PAGE(!PageUptodate(page), page); |
4616 | - VM_BUG_ON_PAGE(PageTransCompound(page), page); |
4617 | + |
4618 | + /* |
4619 | + * If file was truncated then extended, or hole-punched, before |
4620 | + * we locked the first page, then a THP might be there already. |
4621 | + */ |
4622 | + if (PageTransCompound(page)) { |
4623 | + result = SCAN_PAGE_COMPOUND; |
4624 | + goto out_unlock; |
4625 | + } |
4626 | |
4627 | if (page_mapping(page) != mapping) { |
4628 | result = SCAN_TRUNCATED; |
4629 | goto out_unlock; |
4630 | } |
4631 | - xa_unlock_irq(&mapping->i_pages); |
4632 | |
4633 | if (isolate_lru_page(page)) { |
4634 | result = SCAN_DEL_PAGE_LRU; |
4635 | - goto out_isolate_failed; |
4636 | + goto out_unlock; |
4637 | } |
4638 | |
4639 | if (page_mapped(page)) |
4640 | @@ -1422,7 +1436,9 @@ static void collapse_shmem(struct mm_struct *mm, |
4641 | */ |
4642 | if (!page_ref_freeze(page, 3)) { |
4643 | result = SCAN_PAGE_COUNT; |
4644 | - goto out_lru; |
4645 | + xa_unlock_irq(&mapping->i_pages); |
4646 | + putback_lru_page(page); |
4647 | + goto out_unlock; |
4648 | } |
4649 | |
4650 | /* |
4651 | @@ -1438,17 +1454,10 @@ static void collapse_shmem(struct mm_struct *mm, |
4652 | slot = radix_tree_iter_resume(slot, &iter); |
4653 | index++; |
4654 | continue; |
4655 | -out_lru: |
4656 | - xa_unlock_irq(&mapping->i_pages); |
4657 | - putback_lru_page(page); |
4658 | -out_isolate_failed: |
4659 | - unlock_page(page); |
4660 | - put_page(page); |
4661 | - goto tree_unlocked; |
4662 | out_unlock: |
4663 | unlock_page(page); |
4664 | put_page(page); |
4665 | - break; |
4666 | + goto tree_unlocked; |
4667 | } |
4668 | |
4669 | /* |
4670 | @@ -1456,14 +1465,18 @@ out_unlock: |
4671 | * This code only triggers if there's nothing in radix tree |
4672 | * beyond 'end'. |
4673 | */ |
4674 | - if (result == SCAN_SUCCEED && index < end) { |
4675 | + if (index < end) { |
4676 | int n = end - index; |
4677 | |
4678 | + /* Stop if extent has been truncated, and is now empty */ |
4679 | + if (n >= HPAGE_PMD_NR) { |
4680 | + result = SCAN_TRUNCATED; |
4681 | + goto tree_locked; |
4682 | + } |
4683 | if (!shmem_charge(mapping->host, n)) { |
4684 | result = SCAN_FAIL; |
4685 | goto tree_locked; |
4686 | } |
4687 | - |
4688 | for (; index < end; index++) { |
4689 | radix_tree_insert(&mapping->i_pages, index, |
4690 | new_page + (index % HPAGE_PMD_NR)); |
4691 | @@ -1471,59 +1484,64 @@ out_unlock: |
4692 | nr_none += n; |
4693 | } |
4694 | |
4695 | + __inc_node_page_state(new_page, NR_SHMEM_THPS); |
4696 | + if (nr_none) { |
4697 | + struct zone *zone = page_zone(new_page); |
4698 | + |
4699 | + __mod_node_page_state(zone->zone_pgdat, NR_FILE_PAGES, nr_none); |
4700 | + __mod_node_page_state(zone->zone_pgdat, NR_SHMEM, nr_none); |
4701 | + } |
4702 | + |
4703 | tree_locked: |
4704 | xa_unlock_irq(&mapping->i_pages); |
4705 | tree_unlocked: |
4706 | |
4707 | if (result == SCAN_SUCCEED) { |
4708 | - unsigned long flags; |
4709 | - struct zone *zone = page_zone(new_page); |
4710 | - |
4711 | /* |
4712 | * Replacing old pages with new one has succeed, now we need to |
4713 | * copy the content and free old pages. |
4714 | */ |
4715 | + index = start; |
4716 | list_for_each_entry_safe(page, tmp, &pagelist, lru) { |
4717 | + while (index < page->index) { |
4718 | + clear_highpage(new_page + (index % HPAGE_PMD_NR)); |
4719 | + index++; |
4720 | + } |
4721 | copy_highpage(new_page + (page->index % HPAGE_PMD_NR), |
4722 | page); |
4723 | list_del(&page->lru); |
4724 | - unlock_page(page); |
4725 | - page_ref_unfreeze(page, 1); |
4726 | page->mapping = NULL; |
4727 | + page_ref_unfreeze(page, 1); |
4728 | ClearPageActive(page); |
4729 | ClearPageUnevictable(page); |
4730 | + unlock_page(page); |
4731 | put_page(page); |
4732 | + index++; |
4733 | } |
4734 | - |
4735 | - local_irq_save(flags); |
4736 | - __inc_node_page_state(new_page, NR_SHMEM_THPS); |
4737 | - if (nr_none) { |
4738 | - __mod_node_page_state(zone->zone_pgdat, NR_FILE_PAGES, nr_none); |
4739 | - __mod_node_page_state(zone->zone_pgdat, NR_SHMEM, nr_none); |
4740 | + while (index < end) { |
4741 | + clear_highpage(new_page + (index % HPAGE_PMD_NR)); |
4742 | + index++; |
4743 | } |
4744 | - local_irq_restore(flags); |
4745 | |
4746 | - /* |
4747 | - * Remove pte page tables, so we can re-faulti |
4748 | - * the page as huge. |
4749 | - */ |
4750 | - retract_page_tables(mapping, start); |
4751 | - |
4752 | - /* Everything is ready, let's unfreeze the new_page */ |
4753 | - set_page_dirty(new_page); |
4754 | SetPageUptodate(new_page); |
4755 | - page_ref_unfreeze(new_page, HPAGE_PMD_NR); |
4756 | + page_ref_add(new_page, HPAGE_PMD_NR - 1); |
4757 | + set_page_dirty(new_page); |
4758 | mem_cgroup_commit_charge(new_page, memcg, false, true); |
4759 | lru_cache_add_anon(new_page); |
4760 | - unlock_page(new_page); |
4761 | |
4762 | + /* |
4763 | + * Remove pte page tables, so we can re-fault the page as huge. |
4764 | + */ |
4765 | + retract_page_tables(mapping, start); |
4766 | *hpage = NULL; |
4767 | |
4768 | khugepaged_pages_collapsed++; |
4769 | } else { |
4770 | /* Something went wrong: rollback changes to the radix-tree */ |
4771 | - shmem_uncharge(mapping->host, nr_none); |
4772 | xa_lock_irq(&mapping->i_pages); |
4773 | + mapping->nrpages -= nr_none; |
4774 | + shmem_uncharge(mapping->host, nr_none); |
4775 | + |
4776 | radix_tree_for_each_slot(slot, &mapping->i_pages, &iter, start) { |
4777 | if (iter.index >= end) |
4778 | break; |
4779 | @@ -1546,19 +1564,18 @@ tree_unlocked: |
4780 | radix_tree_replace_slot(&mapping->i_pages, slot, page); |
4781 | slot = radix_tree_iter_resume(slot, &iter); |
4782 | xa_unlock_irq(&mapping->i_pages); |
4783 | - putback_lru_page(page); |
4784 | unlock_page(page); |
4785 | + putback_lru_page(page); |
4786 | xa_lock_irq(&mapping->i_pages); |
4787 | } |
4788 | VM_BUG_ON(nr_none); |
4789 | xa_unlock_irq(&mapping->i_pages); |
4790 | |
4791 | - /* Unfreeze new_page, caller would take care about freeing it */ |
4792 | - page_ref_unfreeze(new_page, 1); |
4793 | mem_cgroup_cancel_charge(new_page, memcg, true); |
4794 | - unlock_page(new_page); |
4795 | new_page->mapping = NULL; |
4796 | } |
4797 | + |
4798 | + unlock_page(new_page); |
4799 | out: |
4800 | VM_BUG_ON(!list_empty(&pagelist)); |
4801 | /* TODO: tracepoints */ |
4802 | diff --git a/mm/rmap.c b/mm/rmap.c |
4803 | index 1e79fac3186b..85b7f9423352 100644 |
4804 | --- a/mm/rmap.c |
4805 | +++ b/mm/rmap.c |
4806 | @@ -1627,16 +1627,9 @@ static bool try_to_unmap_one(struct page *page, struct vm_area_struct *vma, |
4807 | address + PAGE_SIZE); |
4808 | } else { |
4809 | /* |
4810 | - * We should not need to notify here as we reach this |
4811 | - * case only from freeze_page() itself only call from |
4812 | - * split_huge_page_to_list() so everything below must |
4813 | - * be true: |
4814 | - * - page is not anonymous |
4815 | - * - page is locked |
4816 | - * |
4817 | - * So as it is a locked file back page thus it can not |
4818 | - * be remove from the page cache and replace by a new |
4819 | - * page before mmu_notifier_invalidate_range_end so no |
4820 | + * This is a locked file-backed page, thus it cannot |
4821 | + * be removed from the page cache and replaced by a new |
4822 | + * page before mmu_notifier_invalidate_range_end, so no |
4823 | * concurrent thread might update its page table to |
4824 | * point at new page while a device still is using this |
4825 | * page. |
4826 | diff --git a/mm/shmem.c b/mm/shmem.c |
4827 | index 38d228a30fdc..0b02b539072e 100644 |
4828 | --- a/mm/shmem.c |
4829 | +++ b/mm/shmem.c |
4830 | @@ -297,12 +297,14 @@ bool shmem_charge(struct inode *inode, long pages) |
4831 | if (!shmem_inode_acct_block(inode, pages)) |
4832 | return false; |
4833 | |
4834 | + /* nrpages adjustment first, then shmem_recalc_inode() when balanced */ |
4835 | + inode->i_mapping->nrpages += pages; |
4836 | + |
4837 | spin_lock_irqsave(&info->lock, flags); |
4838 | info->alloced += pages; |
4839 | inode->i_blocks += pages * BLOCKS_PER_PAGE; |
4840 | shmem_recalc_inode(inode); |
4841 | spin_unlock_irqrestore(&info->lock, flags); |
4842 | - inode->i_mapping->nrpages += pages; |
4843 | |
4844 | return true; |
4845 | } |
4846 | @@ -312,6 +314,8 @@ void shmem_uncharge(struct inode *inode, long pages) |
4847 | struct shmem_inode_info *info = SHMEM_I(inode); |
4848 | unsigned long flags; |
4849 | |
4850 | + /* nrpages adjustment done by __delete_from_page_cache() or caller */ |
4851 | + |
4852 | spin_lock_irqsave(&info->lock, flags); |
4853 | info->alloced -= pages; |
4854 | inode->i_blocks -= pages * BLOCKS_PER_PAGE; |
4855 | @@ -1547,11 +1551,13 @@ static int shmem_replace_page(struct page **pagep, gfp_t gfp, |
4856 | { |
4857 | struct page *oldpage, *newpage; |
4858 | struct address_space *swap_mapping; |
4859 | + swp_entry_t entry; |
4860 | pgoff_t swap_index; |
4861 | int error; |
4862 | |
4863 | oldpage = *pagep; |
4864 | - swap_index = page_private(oldpage); |
4865 | + entry.val = page_private(oldpage); |
4866 | + swap_index = swp_offset(entry); |
4867 | swap_mapping = page_mapping(oldpage); |
4868 | |
4869 | /* |
4870 | @@ -1570,7 +1576,7 @@ static int shmem_replace_page(struct page **pagep, gfp_t gfp, |
4871 | __SetPageLocked(newpage); |
4872 | __SetPageSwapBacked(newpage); |
4873 | SetPageUptodate(newpage); |
4874 | - set_page_private(newpage, swap_index); |
4875 | + set_page_private(newpage, entry.val); |
4876 | SetPageSwapCache(newpage); |
4877 | |
4878 | /* |
4879 | diff --git a/mm/truncate.c b/mm/truncate.c |
4880 | index 1d2fb2dca96f..71b65aab8077 100644 |
4881 | --- a/mm/truncate.c |
4882 | +++ b/mm/truncate.c |
4883 | @@ -520,9 +520,13 @@ void truncate_inode_pages_final(struct address_space *mapping) |
4884 | */ |
4885 | xa_lock_irq(&mapping->i_pages); |
4886 | xa_unlock_irq(&mapping->i_pages); |
4887 | - |
4888 | - truncate_inode_pages(mapping, 0); |
4889 | } |
4890 | + |
4891 | + /* |
4892 | + * Cleancache needs notification even if there are no pages or shadow |
4893 | + * entries. |
4894 | + */ |
4895 | + truncate_inode_pages(mapping, 0); |
4896 | } |
4897 | EXPORT_SYMBOL(truncate_inode_pages_final); |
4898 | |
4899 | diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c |
4900 | index 5029f241908f..f0af11b1cdf3 100644 |
4901 | --- a/mm/userfaultfd.c |
4902 | +++ b/mm/userfaultfd.c |
4903 | @@ -205,8 +205,9 @@ retry: |
4904 | if (!dst_vma || !is_vm_hugetlb_page(dst_vma)) |
4905 | goto out_unlock; |
4906 | /* |
4907 | - * Only allow __mcopy_atomic_hugetlb on userfaultfd |
4908 | - * registered ranges. |
4909 | + * Check the vma is registered in uffd, this is |
4910 | + * required to enforce the VM_MAYWRITE check done at |
4911 | + * uffd registration time. |
4912 | */ |
4913 | if (!dst_vma->vm_userfaultfd_ctx.ctx) |
4914 | goto out_unlock; |
4915 | @@ -449,13 +450,9 @@ retry: |
4916 | if (!dst_vma) |
4917 | goto out_unlock; |
4918 | /* |
4919 | - * Be strict and only allow __mcopy_atomic on userfaultfd |
4920 | - * registered ranges to prevent userland errors going |
4921 | - * unnoticed. As far as the VM consistency is concerned, it |
4922 | - * would be perfectly safe to remove this check, but there's |
4923 | - * no useful usage for __mcopy_atomic ouside of userfaultfd |
4924 | - * registered ranges. This is after all why these are ioctls |
4925 | - * belonging to the userfaultfd and not syscalls. |
4926 | + * Check the vma is registered in uffd, this is required to |
4927 | + * enforce the VM_MAYWRITE check done at uffd registration |
4928 | + * time. |
4929 | */ |
4930 | if (!dst_vma->vm_userfaultfd_ctx.ctx) |
4931 | goto out_unlock; |
4932 | diff --git a/net/core/dev.c b/net/core/dev.c |
4933 | index 097c02101450..22af88c47756 100644 |
4934 | --- a/net/core/dev.c |
4935 | +++ b/net/core/dev.c |
4936 | @@ -5945,11 +5945,14 @@ bool napi_complete_done(struct napi_struct *n, int work_done) |
4937 | if (work_done) |
4938 | timeout = n->dev->gro_flush_timeout; |
4939 | |
4940 | + /* When the NAPI instance uses a timeout and keeps postponing |
4941 | + * it, we need to bound somehow the time packets are kept in |
4942 | + * the GRO layer |
4943 | + */ |
4944 | + napi_gro_flush(n, !!timeout); |
4945 | if (timeout) |
4946 | hrtimer_start(&n->timer, ns_to_ktime(timeout), |
4947 | HRTIMER_MODE_REL_PINNED); |
4948 | - else |
4949 | - napi_gro_flush(n, false); |
4950 | } |
4951 | if (unlikely(!list_empty(&n->poll_list))) { |
4952 | /* If n->poll_list is not empty, we need to mask irqs */ |
4953 | diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
4954 | index f817f336595d..abbbd7fd17fe 100644 |
4955 | --- a/net/core/skbuff.c |
4956 | +++ b/net/core/skbuff.c |
4957 | @@ -4912,6 +4912,11 @@ void skb_scrub_packet(struct sk_buff *skb, bool xnet) |
4958 | nf_reset(skb); |
4959 | nf_reset_trace(skb); |
4960 | |
4961 | +#ifdef CONFIG_NET_SWITCHDEV |
4962 | + skb->offload_fwd_mark = 0; |
4963 | + skb->offload_mr_fwd_mark = 0; |
4964 | +#endif |
4965 | + |
4966 | if (!xnet) |
4967 | return; |
4968 | |
4969 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
4970 | index 72898cbef43d..664fa7d8f7d9 100644 |
4971 | --- a/net/ipv4/tcp_input.c |
4972 | +++ b/net/ipv4/tcp_input.c |
4973 | @@ -4276,7 +4276,7 @@ static void tcp_sack_new_ofo_skb(struct sock *sk, u32 seq, u32 end_seq) |
4974 | * If the sack array is full, forget about the last one. |
4975 | */ |
4976 | if (this_sack >= TCP_NUM_SACKS) { |
4977 | - if (tp->compressed_ack) |
4978 | + if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) |
4979 | tcp_send_ack(sk); |
4980 | this_sack--; |
4981 | tp->rx_opt.num_sacks--; |
4982 | @@ -5196,7 +5196,17 @@ send_now: |
4983 | if (!tcp_is_sack(tp) || |
4984 | tp->compressed_ack >= sock_net(sk)->ipv4.sysctl_tcp_comp_sack_nr) |
4985 | goto send_now; |
4986 | - tp->compressed_ack++; |
4987 | + |
4988 | + if (tp->compressed_ack_rcv_nxt != tp->rcv_nxt) { |
4989 | + tp->compressed_ack_rcv_nxt = tp->rcv_nxt; |
4990 | + if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) |
4991 | + NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED, |
4992 | + tp->compressed_ack - TCP_FASTRETRANS_THRESH); |
4993 | + tp->compressed_ack = 0; |
4994 | + } |
4995 | + |
4996 | + if (++tp->compressed_ack <= TCP_FASTRETRANS_THRESH) |
4997 | + goto send_now; |
4998 | |
4999 | if (hrtimer_is_queued(&tp->compressed_ack_timer)) |
5000 | return; |
5001 | diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c |
5002 | index 597dbd749f05..68f65ddf9e3c 100644 |
5003 | --- a/net/ipv4/tcp_output.c |
5004 | +++ b/net/ipv4/tcp_output.c |
5005 | @@ -165,10 +165,10 @@ static inline void tcp_event_ack_sent(struct sock *sk, unsigned int pkts, |
5006 | { |
5007 | struct tcp_sock *tp = tcp_sk(sk); |
5008 | |
5009 | - if (unlikely(tp->compressed_ack)) { |
5010 | + if (unlikely(tp->compressed_ack > TCP_FASTRETRANS_THRESH)) { |
5011 | NET_ADD_STATS(sock_net(sk), LINUX_MIB_TCPACKCOMPRESSED, |
5012 | - tp->compressed_ack); |
5013 | - tp->compressed_ack = 0; |
5014 | + tp->compressed_ack - TCP_FASTRETRANS_THRESH); |
5015 | + tp->compressed_ack = TCP_FASTRETRANS_THRESH; |
5016 | if (hrtimer_try_to_cancel(&tp->compressed_ack_timer) == 1) |
5017 | __sock_put(sk); |
5018 | } |
5019 | diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c |
5020 | index 7fdf222a0bdf..57eae8d70ba1 100644 |
5021 | --- a/net/ipv4/tcp_timer.c |
5022 | +++ b/net/ipv4/tcp_timer.c |
5023 | @@ -740,7 +740,7 @@ static enum hrtimer_restart tcp_compressed_ack_kick(struct hrtimer *timer) |
5024 | |
5025 | bh_lock_sock(sk); |
5026 | if (!sock_owned_by_user(sk)) { |
5027 | - if (tp->compressed_ack) |
5028 | + if (tp->compressed_ack > TCP_FASTRETRANS_THRESH) |
5029 | tcp_send_ack(sk); |
5030 | } else { |
5031 | if (!test_and_set_bit(TCP_DELACK_TIMER_DEFERRED, |
5032 | diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c |
5033 | index d6e94dc7e290..6477b131e809 100644 |
5034 | --- a/net/packet/af_packet.c |
5035 | +++ b/net/packet/af_packet.c |
5036 | @@ -2394,7 +2394,7 @@ static void tpacket_destruct_skb(struct sk_buff *skb) |
5037 | void *ph; |
5038 | __u32 ts; |
5039 | |
5040 | - ph = skb_shinfo(skb)->destructor_arg; |
5041 | + ph = skb_zcopy_get_nouarg(skb); |
5042 | packet_dec_pending(&po->tx_ring); |
5043 | |
5044 | ts = __packet_set_timestamp(po, ph, skb); |
5045 | @@ -2461,7 +2461,7 @@ static int tpacket_fill_skb(struct packet_sock *po, struct sk_buff *skb, |
5046 | skb->mark = po->sk.sk_mark; |
5047 | skb->tstamp = sockc->transmit_time; |
5048 | sock_tx_timestamp(&po->sk, sockc->tsflags, &skb_shinfo(skb)->tx_flags); |
5049 | - skb_shinfo(skb)->destructor_arg = ph.raw; |
5050 | + skb_zcopy_set_nouarg(skb, ph.raw); |
5051 | |
5052 | skb_reserve(skb, hlen); |
5053 | skb_reset_network_header(skb); |
5054 | diff --git a/net/tipc/node.c b/net/tipc/node.c |
5055 | index 2afc4f8c37a7..488019766433 100644 |
5056 | --- a/net/tipc/node.c |
5057 | +++ b/net/tipc/node.c |
5058 | @@ -584,12 +584,15 @@ static void tipc_node_clear_links(struct tipc_node *node) |
5059 | /* tipc_node_cleanup - delete nodes that does not |
5060 | * have active links for NODE_CLEANUP_AFTER time |
5061 | */ |
5062 | -static int tipc_node_cleanup(struct tipc_node *peer) |
5063 | +static bool tipc_node_cleanup(struct tipc_node *peer) |
5064 | { |
5065 | struct tipc_net *tn = tipc_net(peer->net); |
5066 | bool deleted = false; |
5067 | |
5068 | - spin_lock_bh(&tn->node_list_lock); |
5069 | + /* If lock held by tipc_node_stop() the node will be deleted anyway */ |
5070 | + if (!spin_trylock_bh(&tn->node_list_lock)) |
5071 | + return false; |
5072 | + |
5073 | tipc_node_write_lock(peer); |
5074 | |
5075 | if (!node_is_up(peer) && time_after(jiffies, peer->delete_at)) { |
5076 | diff --git a/scripts/Makefile.build b/scripts/Makefile.build |
5077 | index 54da4b070db3..64fac0ad32d6 100644 |
5078 | --- a/scripts/Makefile.build |
5079 | +++ b/scripts/Makefile.build |
5080 | @@ -248,10 +248,8 @@ ifdef CONFIG_GCOV_KERNEL |
5081 | objtool_args += --no-unreachable |
5082 | endif |
5083 | ifdef CONFIG_RETPOLINE |
5084 | -ifneq ($(RETPOLINE_CFLAGS),) |
5085 | objtool_args += --retpoline |
5086 | endif |
5087 | -endif |
5088 | |
5089 | |
5090 | ifdef CONFIG_MODVERSIONS |
5091 | diff --git a/sound/core/control.c b/sound/core/control.c |
5092 | index 9aa15bfc7936..649d3217590e 100644 |
5093 | --- a/sound/core/control.c |
5094 | +++ b/sound/core/control.c |
5095 | @@ -348,6 +348,40 @@ static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) |
5096 | return 0; |
5097 | } |
5098 | |
5099 | +/* add a new kcontrol object; call with card->controls_rwsem locked */ |
5100 | +static int __snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) |
5101 | +{ |
5102 | + struct snd_ctl_elem_id id; |
5103 | + unsigned int idx; |
5104 | + unsigned int count; |
5105 | + |
5106 | + id = kcontrol->id; |
5107 | + if (id.index > UINT_MAX - kcontrol->count) |
5108 | + return -EINVAL; |
5109 | + |
5110 | + if (snd_ctl_find_id(card, &id)) { |
5111 | + dev_err(card->dev, |
5112 | + "control %i:%i:%i:%s:%i is already present\n", |
5113 | + id.iface, id.device, id.subdevice, id.name, id.index); |
5114 | + return -EBUSY; |
5115 | + } |
5116 | + |
5117 | + if (snd_ctl_find_hole(card, kcontrol->count) < 0) |
5118 | + return -ENOMEM; |
5119 | + |
5120 | + list_add_tail(&kcontrol->list, &card->controls); |
5121 | + card->controls_count += kcontrol->count; |
5122 | + kcontrol->id.numid = card->last_numid + 1; |
5123 | + card->last_numid += kcontrol->count; |
5124 | + |
5125 | + id = kcontrol->id; |
5126 | + count = kcontrol->count; |
5127 | + for (idx = 0; idx < count; idx++, id.index++, id.numid++) |
5128 | + snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); |
5129 | + |
5130 | + return 0; |
5131 | +} |
5132 | + |
5133 | /** |
5134 | * snd_ctl_add - add the control instance to the card |
5135 | * @card: the card instance |
5136 | @@ -364,45 +398,18 @@ static int snd_ctl_find_hole(struct snd_card *card, unsigned int count) |
5137 | */ |
5138 | int snd_ctl_add(struct snd_card *card, struct snd_kcontrol *kcontrol) |
5139 | { |
5140 | - struct snd_ctl_elem_id id; |
5141 | - unsigned int idx; |
5142 | - unsigned int count; |
5143 | int err = -EINVAL; |
5144 | |
5145 | if (! kcontrol) |
5146 | return err; |
5147 | if (snd_BUG_ON(!card || !kcontrol->info)) |
5148 | goto error; |
5149 | - id = kcontrol->id; |
5150 | - if (id.index > UINT_MAX - kcontrol->count) |
5151 | - goto error; |
5152 | |
5153 | down_write(&card->controls_rwsem); |
5154 | - if (snd_ctl_find_id(card, &id)) { |
5155 | - up_write(&card->controls_rwsem); |
5156 | - dev_err(card->dev, "control %i:%i:%i:%s:%i is already present\n", |
5157 | - id.iface, |
5158 | - id.device, |
5159 | - id.subdevice, |
5160 | - id.name, |
5161 | - id.index); |
5162 | - err = -EBUSY; |
5163 | - goto error; |
5164 | - } |
5165 | - if (snd_ctl_find_hole(card, kcontrol->count) < 0) { |
5166 | - up_write(&card->controls_rwsem); |
5167 | - err = -ENOMEM; |
5168 | - goto error; |
5169 | - } |
5170 | - list_add_tail(&kcontrol->list, &card->controls); |
5171 | - card->controls_count += kcontrol->count; |
5172 | - kcontrol->id.numid = card->last_numid + 1; |
5173 | - card->last_numid += kcontrol->count; |
5174 | - id = kcontrol->id; |
5175 | - count = kcontrol->count; |
5176 | + err = __snd_ctl_add(card, kcontrol); |
5177 | up_write(&card->controls_rwsem); |
5178 | - for (idx = 0; idx < count; idx++, id.index++, id.numid++) |
5179 | - snd_ctl_notify(card, SNDRV_CTL_EVENT_MASK_ADD, &id); |
5180 | + if (err < 0) |
5181 | + goto error; |
5182 | return 0; |
5183 | |
5184 | error: |
5185 | @@ -1361,9 +1368,12 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file, |
5186 | kctl->tlv.c = snd_ctl_elem_user_tlv; |
5187 | |
5188 | /* This function manage to free the instance on failure. */ |
5189 | - err = snd_ctl_add(card, kctl); |
5190 | - if (err < 0) |
5191 | - return err; |
5192 | + down_write(&card->controls_rwsem); |
5193 | + err = __snd_ctl_add(card, kctl); |
5194 | + if (err < 0) { |
5195 | + snd_ctl_free_one(kctl); |
5196 | + goto unlock; |
5197 | + } |
5198 | offset = snd_ctl_get_ioff(kctl, &info->id); |
5199 | snd_ctl_build_ioff(&info->id, kctl, offset); |
5200 | /* |
5201 | @@ -1374,10 +1384,10 @@ static int snd_ctl_elem_add(struct snd_ctl_file *file, |
5202 | * which locks the element. |
5203 | */ |
5204 | |
5205 | - down_write(&card->controls_rwsem); |
5206 | card->user_ctl_count++; |
5207 | - up_write(&card->controls_rwsem); |
5208 | |
5209 | + unlock: |
5210 | + up_write(&card->controls_rwsem); |
5211 | return 0; |
5212 | } |
5213 | |
5214 | diff --git a/sound/isa/wss/wss_lib.c b/sound/isa/wss/wss_lib.c |
5215 | index 32453f81b95a..3a5008837576 100644 |
5216 | --- a/sound/isa/wss/wss_lib.c |
5217 | +++ b/sound/isa/wss/wss_lib.c |
5218 | @@ -1531,7 +1531,6 @@ static int snd_wss_playback_open(struct snd_pcm_substream *substream) |
5219 | if (err < 0) { |
5220 | if (chip->release_dma) |
5221 | chip->release_dma(chip, chip->dma_private_data, chip->dma1); |
5222 | - snd_free_pages(runtime->dma_area, runtime->dma_bytes); |
5223 | return err; |
5224 | } |
5225 | chip->playback_substream = substream; |
5226 | @@ -1572,7 +1571,6 @@ static int snd_wss_capture_open(struct snd_pcm_substream *substream) |
5227 | if (err < 0) { |
5228 | if (chip->release_dma) |
5229 | chip->release_dma(chip, chip->dma_private_data, chip->dma2); |
5230 | - snd_free_pages(runtime->dma_area, runtime->dma_bytes); |
5231 | return err; |
5232 | } |
5233 | chip->capture_substream = substream; |
5234 | diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c |
5235 | index f4459d1a9d67..27b468f057dd 100644 |
5236 | --- a/sound/pci/ac97/ac97_codec.c |
5237 | +++ b/sound/pci/ac97/ac97_codec.c |
5238 | @@ -824,7 +824,7 @@ static int snd_ac97_put_spsa(struct snd_kcontrol *kcontrol, struct snd_ctl_elem_ |
5239 | { |
5240 | struct snd_ac97 *ac97 = snd_kcontrol_chip(kcontrol); |
5241 | int reg = kcontrol->private_value & 0xff; |
5242 | - int shift = (kcontrol->private_value >> 8) & 0xff; |
5243 | + int shift = (kcontrol->private_value >> 8) & 0x0f; |
5244 | int mask = (kcontrol->private_value >> 16) & 0xff; |
5245 | // int invert = (kcontrol->private_value >> 24) & 0xff; |
5246 | unsigned short value, old, new; |
5247 | diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c |
5248 | index 625cb6c7b7d6..5810be2c6c34 100644 |
5249 | --- a/sound/pci/hda/hda_intel.c |
5250 | +++ b/sound/pci/hda/hda_intel.c |
5251 | @@ -2256,6 +2256,8 @@ static struct snd_pci_quirk power_save_blacklist[] = { |
5252 | /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
5253 | SND_PCI_QUIRK(0x1849, 0xc892, "Asrock B85M-ITX", 0), |
5254 | /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
5255 | + SND_PCI_QUIRK(0x1849, 0x0397, "Asrock N68C-S UCC", 0), |
5256 | + /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
5257 | SND_PCI_QUIRK(0x1849, 0x7662, "Asrock H81M-HDS", 0), |
5258 | /* https://bugzilla.redhat.com/show_bug.cgi?id=1525104 */ |
5259 | SND_PCI_QUIRK(0x1043, 0x8733, "Asus Prime X370-Pro", 0), |
5260 | diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
5261 | index e58537e13ad3..cf5d26642bcd 100644 |
5262 | --- a/sound/pci/hda/patch_realtek.c |
5263 | +++ b/sound/pci/hda/patch_realtek.c |
5264 | @@ -388,6 +388,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec) |
5265 | case 0x10ec0285: |
5266 | case 0x10ec0298: |
5267 | case 0x10ec0289: |
5268 | + case 0x10ec0300: |
5269 | alc_update_coef_idx(codec, 0x10, 1<<9, 0); |
5270 | break; |
5271 | case 0x10ec0275: |
5272 | @@ -2830,6 +2831,7 @@ enum { |
5273 | ALC269_TYPE_ALC215, |
5274 | ALC269_TYPE_ALC225, |
5275 | ALC269_TYPE_ALC294, |
5276 | + ALC269_TYPE_ALC300, |
5277 | ALC269_TYPE_ALC700, |
5278 | }; |
5279 | |
5280 | @@ -2864,6 +2866,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec) |
5281 | case ALC269_TYPE_ALC215: |
5282 | case ALC269_TYPE_ALC225: |
5283 | case ALC269_TYPE_ALC294: |
5284 | + case ALC269_TYPE_ALC300: |
5285 | case ALC269_TYPE_ALC700: |
5286 | ssids = alc269_ssids; |
5287 | break; |
5288 | @@ -5358,6 +5361,16 @@ static void alc274_fixup_bind_dacs(struct hda_codec *codec, |
5289 | spec->gen.preferred_dacs = preferred_pairs; |
5290 | } |
5291 | |
5292 | +/* The DAC of NID 0x3 will introduce click/pop noise on headphones, so invalidate it */ |
5293 | +static void alc285_fixup_invalidate_dacs(struct hda_codec *codec, |
5294 | + const struct hda_fixup *fix, int action) |
5295 | +{ |
5296 | + if (action != HDA_FIXUP_ACT_PRE_PROBE) |
5297 | + return; |
5298 | + |
5299 | + snd_hda_override_wcaps(codec, 0x03, 0); |
5300 | +} |
5301 | + |
5302 | /* for hda_fixup_thinkpad_acpi() */ |
5303 | #include "thinkpad_helper.c" |
5304 | |
5305 | @@ -5495,6 +5508,8 @@ enum { |
5306 | ALC255_FIXUP_DELL_HEADSET_MIC, |
5307 | ALC295_FIXUP_HP_X360, |
5308 | ALC221_FIXUP_HP_HEADSET_MIC, |
5309 | + ALC285_FIXUP_LENOVO_HEADPHONE_NOISE, |
5310 | + ALC295_FIXUP_HP_AUTO_MUTE, |
5311 | }; |
5312 | |
5313 | static const struct hda_fixup alc269_fixups[] = { |
5314 | @@ -5659,6 +5674,8 @@ static const struct hda_fixup alc269_fixups[] = { |
5315 | [ALC269_FIXUP_HP_MUTE_LED_MIC3] = { |
5316 | .type = HDA_FIXUP_FUNC, |
5317 | .v.func = alc269_fixup_hp_mute_led_mic3, |
5318 | + .chained = true, |
5319 | + .chain_id = ALC295_FIXUP_HP_AUTO_MUTE |
5320 | }, |
5321 | [ALC269_FIXUP_HP_GPIO_LED] = { |
5322 | .type = HDA_FIXUP_FUNC, |
5323 | @@ -6362,6 +6379,14 @@ static const struct hda_fixup alc269_fixups[] = { |
5324 | .chained = true, |
5325 | .chain_id = ALC269_FIXUP_HEADSET_MIC |
5326 | }, |
5327 | + [ALC285_FIXUP_LENOVO_HEADPHONE_NOISE] = { |
5328 | + .type = HDA_FIXUP_FUNC, |
5329 | + .v.func = alc285_fixup_invalidate_dacs, |
5330 | + }, |
5331 | + [ALC295_FIXUP_HP_AUTO_MUTE] = { |
5332 | + .type = HDA_FIXUP_FUNC, |
5333 | + .v.func = alc_fixup_auto_mute_via_amp, |
5334 | + }, |
5335 | }; |
5336 | |
5337 | static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
5338 | @@ -6532,6 +6557,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
5339 | SND_PCI_QUIRK(0x144d, 0xc740, "Samsung Ativ book 8 (NP870Z5G)", ALC269_FIXUP_ATIV_BOOK_8), |
5340 | SND_PCI_QUIRK(0x1458, 0xfa53, "Gigabyte BXBT-2807", ALC283_FIXUP_HEADSET_MIC), |
5341 | SND_PCI_QUIRK(0x1462, 0xb120, "MSI Cubi MS-B120", ALC283_FIXUP_HEADSET_MIC), |
5342 | + SND_PCI_QUIRK(0x1462, 0xb171, "Cubi N 8GL (MS-B171)", ALC283_FIXUP_HEADSET_MIC), |
5343 | SND_PCI_QUIRK(0x17aa, 0x1036, "Lenovo P520", ALC233_FIXUP_LENOVO_MULTI_CODECS), |
5344 | SND_PCI_QUIRK(0x17aa, 0x20f2, "Thinkpad SL410/510", ALC269_FIXUP_SKU_IGNORE), |
5345 | SND_PCI_QUIRK(0x17aa, 0x215e, "Thinkpad L512", ALC269_FIXUP_SKU_IGNORE), |
5346 | @@ -7034,6 +7060,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { |
5347 | {0x12, 0x90a60130}, |
5348 | {0x19, 0x03a11020}, |
5349 | {0x21, 0x0321101f}), |
5350 | + SND_HDA_PIN_QUIRK(0x10ec0285, 0x17aa, "Lenovo", ALC285_FIXUP_LENOVO_HEADPHONE_NOISE, |
5351 | + {0x12, 0x90a60130}, |
5352 | + {0x14, 0x90170110}, |
5353 | + {0x19, 0x04a11040}, |
5354 | + {0x21, 0x04211020}), |
5355 | SND_HDA_PIN_QUIRK(0x10ec0288, 0x1028, "Dell", ALC288_FIXUP_DELL1_MIC_NO_PRESENCE, |
5356 | {0x12, 0x90a60120}, |
5357 | {0x14, 0x90170110}, |
5358 | @@ -7295,6 +7326,10 @@ static int patch_alc269(struct hda_codec *codec) |
5359 | spec->gen.mixer_nid = 0; /* ALC2x4 does not have any loopback mixer path */ |
5360 | alc_update_coef_idx(codec, 0x6b, 0x0018, (1<<4) | (1<<3)); /* UAJ MIC Vref control by verb */ |
5361 | break; |
5362 | + case 0x10ec0300: |
5363 | + spec->codec_variant = ALC269_TYPE_ALC300; |
5364 | + spec->gen.mixer_nid = 0; /* no loopback on ALC300 */ |
5365 | + break; |
5366 | case 0x10ec0700: |
5367 | case 0x10ec0701: |
5368 | case 0x10ec0703: |
5369 | @@ -8404,6 +8439,7 @@ static const struct hda_device_id snd_hda_id_realtek[] = { |
5370 | HDA_CODEC_ENTRY(0x10ec0295, "ALC295", patch_alc269), |
5371 | HDA_CODEC_ENTRY(0x10ec0298, "ALC298", patch_alc269), |
5372 | HDA_CODEC_ENTRY(0x10ec0299, "ALC299", patch_alc269), |
5373 | + HDA_CODEC_ENTRY(0x10ec0300, "ALC300", patch_alc269), |
5374 | HDA_CODEC_REV_ENTRY(0x10ec0861, 0x100340, "ALC660", patch_alc861), |
5375 | HDA_CODEC_ENTRY(0x10ec0660, "ALC660-VD", patch_alc861vd), |
5376 | HDA_CODEC_ENTRY(0x10ec0861, "ALC861", patch_alc861), |
5377 | diff --git a/sound/soc/codecs/pcm186x.h b/sound/soc/codecs/pcm186x.h |
5378 | index 2c6ba55bf394..bb3f0c42a1cd 100644 |
5379 | --- a/sound/soc/codecs/pcm186x.h |
5380 | +++ b/sound/soc/codecs/pcm186x.h |
5381 | @@ -139,7 +139,7 @@ enum pcm186x_type { |
5382 | #define PCM186X_MAX_REGISTER PCM186X_CURR_TRIM_CTRL |
5383 | |
5384 | /* PCM186X_PAGE */ |
5385 | -#define PCM186X_RESET 0xff |
5386 | +#define PCM186X_RESET 0xfe |
5387 | |
5388 | /* PCM186X_ADCX_INPUT_SEL_X */ |
5389 | #define PCM186X_ADC_INPUT_SEL_POL BIT(7) |
5390 | diff --git a/sound/soc/intel/boards/cht_bsw_max98090_ti.c b/sound/soc/intel/boards/cht_bsw_max98090_ti.c |
5391 | index db6976f4ddaa..9d9f6e41d81c 100644 |
5392 | --- a/sound/soc/intel/boards/cht_bsw_max98090_ti.c |
5393 | +++ b/sound/soc/intel/boards/cht_bsw_max98090_ti.c |
5394 | @@ -19,6 +19,7 @@ |
5395 | * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
5396 | */ |
5397 | |
5398 | +#include <linux/dmi.h> |
5399 | #include <linux/module.h> |
5400 | #include <linux/platform_device.h> |
5401 | #include <linux/slab.h> |
5402 | @@ -35,6 +36,8 @@ |
5403 | #define CHT_PLAT_CLK_3_HZ 19200000 |
5404 | #define CHT_CODEC_DAI "HiFi" |
5405 | |
5406 | +#define QUIRK_PMC_PLT_CLK_0 0x01 |
5407 | + |
5408 | struct cht_mc_private { |
5409 | struct clk *mclk; |
5410 | struct snd_soc_jack jack; |
5411 | @@ -385,11 +388,29 @@ static struct snd_soc_card snd_soc_card_cht = { |
5412 | .num_controls = ARRAY_SIZE(cht_mc_controls), |
5413 | }; |
5414 | |
5415 | +static const struct dmi_system_id cht_max98090_quirk_table[] = { |
5416 | + { |
5417 | + /* Swanky model Chromebook (Toshiba Chromebook 2) */ |
5418 | + .matches = { |
5419 | + DMI_MATCH(DMI_PRODUCT_NAME, "Swanky"), |
5420 | + }, |
5421 | + .driver_data = (void *)QUIRK_PMC_PLT_CLK_0, |
5422 | + }, |
5423 | + {} |
5424 | +}; |
5425 | + |
5426 | static int snd_cht_mc_probe(struct platform_device *pdev) |
5427 | { |
5428 | + const struct dmi_system_id *dmi_id; |
5429 | struct device *dev = &pdev->dev; |
5430 | int ret_val = 0; |
5431 | struct cht_mc_private *drv; |
5432 | + const char *mclk_name; |
5433 | + int quirks = 0; |
5434 | + |
5435 | + dmi_id = dmi_first_match(cht_max98090_quirk_table); |
5436 | + if (dmi_id) |
5437 | + quirks = (unsigned long)dmi_id->driver_data; |
5438 | |
5439 | drv = devm_kzalloc(&pdev->dev, sizeof(*drv), GFP_KERNEL); |
5440 | if (!drv) |
5441 | @@ -411,11 +432,16 @@ static int snd_cht_mc_probe(struct platform_device *pdev) |
5442 | snd_soc_card_cht.dev = &pdev->dev; |
5443 | snd_soc_card_set_drvdata(&snd_soc_card_cht, drv); |
5444 | |
5445 | - drv->mclk = devm_clk_get(&pdev->dev, "pmc_plt_clk_3"); |
5446 | + if (quirks & QUIRK_PMC_PLT_CLK_0) |
5447 | + mclk_name = "pmc_plt_clk_0"; |
5448 | + else |
5449 | + mclk_name = "pmc_plt_clk_3"; |
5450 | + |
5451 | + drv->mclk = devm_clk_get(&pdev->dev, mclk_name); |
5452 | if (IS_ERR(drv->mclk)) { |
5453 | dev_err(&pdev->dev, |
5454 | - "Failed to get MCLK from pmc_plt_clk_3: %ld\n", |
5455 | - PTR_ERR(drv->mclk)); |
5456 | + "Failed to get MCLK from %s: %ld\n", |
5457 | + mclk_name, PTR_ERR(drv->mclk)); |
5458 | return PTR_ERR(drv->mclk); |
5459 | } |
5460 | |
5461 | diff --git a/sound/sparc/cs4231.c b/sound/sparc/cs4231.c |
5462 | index e73c962590eb..079063d8038d 100644 |
5463 | --- a/sound/sparc/cs4231.c |
5464 | +++ b/sound/sparc/cs4231.c |
5465 | @@ -1146,10 +1146,8 @@ static int snd_cs4231_playback_open(struct snd_pcm_substream *substream) |
5466 | runtime->hw = snd_cs4231_playback; |
5467 | |
5468 | err = snd_cs4231_open(chip, CS4231_MODE_PLAY); |
5469 | - if (err < 0) { |
5470 | - snd_free_pages(runtime->dma_area, runtime->dma_bytes); |
5471 | + if (err < 0) |
5472 | return err; |
5473 | - } |
5474 | chip->playback_substream = substream; |
5475 | chip->p_periods_sent = 0; |
5476 | snd_pcm_set_sync(substream); |
5477 | @@ -1167,10 +1165,8 @@ static int snd_cs4231_capture_open(struct snd_pcm_substream *substream) |
5478 | runtime->hw = snd_cs4231_capture; |
5479 | |
5480 | err = snd_cs4231_open(chip, CS4231_MODE_RECORD); |
5481 | - if (err < 0) { |
5482 | - snd_free_pages(runtime->dma_area, runtime->dma_bytes); |
5483 | + if (err < 0) |
5484 | return err; |
5485 | - } |
5486 | chip->capture_substream = substream; |
5487 | chip->c_periods_sent = 0; |
5488 | snd_pcm_set_sync(substream); |
5489 | diff --git a/tools/include/uapi/linux/prctl.h b/tools/include/uapi/linux/prctl.h |
5490 | index c0d7ea0bf5b6..b17201edfa09 100644 |
5491 | --- a/tools/include/uapi/linux/prctl.h |
5492 | +++ b/tools/include/uapi/linux/prctl.h |
5493 | @@ -212,6 +212,7 @@ struct prctl_mm_map { |
5494 | #define PR_SET_SPECULATION_CTRL 53 |
5495 | /* Speculation control variants */ |
5496 | # define PR_SPEC_STORE_BYPASS 0 |
5497 | +# define PR_SPEC_INDIRECT_BRANCH 1 |
5498 | /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ |
5499 | # define PR_SPEC_NOT_AFFECTED 0 |
5500 | # define PR_SPEC_PRCTL (1UL << 0) |