Annotation of /trunk/kernel-alx/patches-4.19/0164-4.19.65-all-fixes.patch
Parent Directory | Revision Log
Revision 3443 -
(hide annotations)
(download)
Thu Aug 15 09:33:22 2019 UTC (4 years, 9 months ago) by niro
File size: 94954 byte(s)
Thu Aug 15 09:33:22 2019 UTC (4 years, 9 months ago) by niro
File size: 94954 byte(s)
-linux-4.19.65
1 | niro | 3443 | diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst |
2 | index 25f3b2532198..e05e581af5cf 100644 | ||
3 | --- a/Documentation/admin-guide/hw-vuln/spectre.rst | ||
4 | +++ b/Documentation/admin-guide/hw-vuln/spectre.rst | ||
5 | @@ -41,10 +41,11 @@ Related CVEs | ||
6 | |||
7 | The following CVE entries describe Spectre variants: | ||
8 | |||
9 | - ============= ======================= ================= | ||
10 | + ============= ======================= ========================== | ||
11 | CVE-2017-5753 Bounds check bypass Spectre variant 1 | ||
12 | CVE-2017-5715 Branch target injection Spectre variant 2 | ||
13 | - ============= ======================= ================= | ||
14 | + CVE-2019-1125 Spectre v1 swapgs Spectre variant 1 (swapgs) | ||
15 | + ============= ======================= ========================== | ||
16 | |||
17 | Problem | ||
18 | ------- | ||
19 | @@ -78,6 +79,13 @@ There are some extensions of Spectre variant 1 attacks for reading data | ||
20 | over the network, see :ref:`[12] <spec_ref12>`. However such attacks | ||
21 | are difficult, low bandwidth, fragile, and are considered low risk. | ||
22 | |||
23 | +Note that, despite "Bounds Check Bypass" name, Spectre variant 1 is not | ||
24 | +only about user-controlled array bounds checks. It can affect any | ||
25 | +conditional checks. The kernel entry code interrupt, exception, and NMI | ||
26 | +handlers all have conditional swapgs checks. Those may be problematic | ||
27 | +in the context of Spectre v1, as kernel code can speculatively run with | ||
28 | +a user GS. | ||
29 | + | ||
30 | Spectre variant 2 (Branch Target Injection) | ||
31 | ------------------------------------------- | ||
32 | |||
33 | @@ -132,6 +140,9 @@ not cover all possible attack vectors. | ||
34 | 1. A user process attacking the kernel | ||
35 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
36 | |||
37 | +Spectre variant 1 | ||
38 | +~~~~~~~~~~~~~~~~~ | ||
39 | + | ||
40 | The attacker passes a parameter to the kernel via a register or | ||
41 | via a known address in memory during a syscall. Such parameter may | ||
42 | be used later by the kernel as an index to an array or to derive | ||
43 | @@ -144,7 +155,40 @@ not cover all possible attack vectors. | ||
44 | potentially be influenced for Spectre attacks, new "nospec" accessor | ||
45 | macros are used to prevent speculative loading of data. | ||
46 | |||
47 | - Spectre variant 2 attacker can :ref:`poison <poison_btb>` the branch | ||
48 | +Spectre variant 1 (swapgs) | ||
49 | +~~~~~~~~~~~~~~~~~~~~~~~~~~ | ||
50 | + | ||
51 | + An attacker can train the branch predictor to speculatively skip the | ||
52 | + swapgs path for an interrupt or exception. If they initialize | ||
53 | + the GS register to a user-space value, if the swapgs is speculatively | ||
54 | + skipped, subsequent GS-related percpu accesses in the speculation | ||
55 | + window will be done with the attacker-controlled GS value. This | ||
56 | + could cause privileged memory to be accessed and leaked. | ||
57 | + | ||
58 | + For example: | ||
59 | + | ||
60 | + :: | ||
61 | + | ||
62 | + if (coming from user space) | ||
63 | + swapgs | ||
64 | + mov %gs:<percpu_offset>, %reg | ||
65 | + mov (%reg), %reg1 | ||
66 | + | ||
67 | + When coming from user space, the CPU can speculatively skip the | ||
68 | + swapgs, and then do a speculative percpu load using the user GS | ||
69 | + value. So the user can speculatively force a read of any kernel | ||
70 | + value. If a gadget exists which uses the percpu value as an address | ||
71 | + in another load/store, then the contents of the kernel value may | ||
72 | + become visible via an L1 side channel attack. | ||
73 | + | ||
74 | + A similar attack exists when coming from kernel space. The CPU can | ||
75 | + speculatively do the swapgs, causing the user GS to get used for the | ||
76 | + rest of the speculative window. | ||
77 | + | ||
78 | +Spectre variant 2 | ||
79 | +~~~~~~~~~~~~~~~~~ | ||
80 | + | ||
81 | + A spectre variant 2 attacker can :ref:`poison <poison_btb>` the branch | ||
82 | target buffer (BTB) before issuing syscall to launch an attack. | ||
83 | After entering the kernel, the kernel could use the poisoned branch | ||
84 | target buffer on indirect jump and jump to gadget code in speculative | ||
85 | @@ -280,11 +324,18 @@ The sysfs file showing Spectre variant 1 mitigation status is: | ||
86 | |||
87 | The possible values in this file are: | ||
88 | |||
89 | - ======================================= ================================= | ||
90 | - 'Mitigation: __user pointer sanitation' Protection in kernel on a case by | ||
91 | - case base with explicit pointer | ||
92 | - sanitation. | ||
93 | - ======================================= ================================= | ||
94 | + .. list-table:: | ||
95 | + | ||
96 | + * - 'Not affected' | ||
97 | + - The processor is not vulnerable. | ||
98 | + * - 'Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers' | ||
99 | + - The swapgs protections are disabled; otherwise it has | ||
100 | + protection in the kernel on a case by case base with explicit | ||
101 | + pointer sanitation and usercopy LFENCE barriers. | ||
102 | + * - 'Mitigation: usercopy/swapgs barriers and __user pointer sanitization' | ||
103 | + - Protection in the kernel on a case by case base with explicit | ||
104 | + pointer sanitation, usercopy LFENCE barriers, and swapgs LFENCE | ||
105 | + barriers. | ||
106 | |||
107 | However, the protections are put in place on a case by case basis, | ||
108 | and there is no guarantee that all possible attack vectors for Spectre | ||
109 | @@ -366,12 +417,27 @@ Turning on mitigation for Spectre variant 1 and Spectre variant 2 | ||
110 | 1. Kernel mitigation | ||
111 | ^^^^^^^^^^^^^^^^^^^^ | ||
112 | |||
113 | +Spectre variant 1 | ||
114 | +~~~~~~~~~~~~~~~~~ | ||
115 | + | ||
116 | For the Spectre variant 1, vulnerable kernel code (as determined | ||
117 | by code audit or scanning tools) is annotated on a case by case | ||
118 | basis to use nospec accessor macros for bounds clipping :ref:`[2] | ||
119 | <spec_ref2>` to avoid any usable disclosure gadgets. However, it may | ||
120 | not cover all attack vectors for Spectre variant 1. | ||
121 | |||
122 | + Copy-from-user code has an LFENCE barrier to prevent the access_ok() | ||
123 | + check from being mis-speculated. The barrier is done by the | ||
124 | + barrier_nospec() macro. | ||
125 | + | ||
126 | + For the swapgs variant of Spectre variant 1, LFENCE barriers are | ||
127 | + added to interrupt, exception and NMI entry where needed. These | ||
128 | + barriers are done by the FENCE_SWAPGS_KERNEL_ENTRY and | ||
129 | + FENCE_SWAPGS_USER_ENTRY macros. | ||
130 | + | ||
131 | +Spectre variant 2 | ||
132 | +~~~~~~~~~~~~~~~~~ | ||
133 | + | ||
134 | For Spectre variant 2 mitigation, the compiler turns indirect calls or | ||
135 | jumps in the kernel into equivalent return trampolines (retpolines) | ||
136 | :ref:`[3] <spec_ref3>` :ref:`[9] <spec_ref9>` to go to the target | ||
137 | @@ -473,6 +539,12 @@ Mitigation control on the kernel command line | ||
138 | Spectre variant 2 mitigation can be disabled or force enabled at the | ||
139 | kernel command line. | ||
140 | |||
141 | + nospectre_v1 | ||
142 | + | ||
143 | + [X86,PPC] Disable mitigations for Spectre Variant 1 | ||
144 | + (bounds check bypass). With this option data leaks are | ||
145 | + possible in the system. | ||
146 | + | ||
147 | nospectre_v2 | ||
148 | |||
149 | [X86] Disable all mitigations for the Spectre variant 2 | ||
150 | diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt | ||
151 | index 1cee1174cde6..c96a8e9ad5c2 100644 | ||
152 | --- a/Documentation/admin-guide/kernel-parameters.txt | ||
153 | +++ b/Documentation/admin-guide/kernel-parameters.txt | ||
154 | @@ -2515,6 +2515,7 @@ | ||
155 | Equivalent to: nopti [X86,PPC] | ||
156 | nospectre_v1 [PPC] | ||
157 | nobp=0 [S390] | ||
158 | + nospectre_v1 [X86] | ||
159 | nospectre_v2 [X86,PPC,S390] | ||
160 | spectre_v2_user=off [X86] | ||
161 | spec_store_bypass_disable=off [X86,PPC] | ||
162 | @@ -2861,9 +2862,9 @@ | ||
163 | nosmt=force: Force disable SMT, cannot be undone | ||
164 | via the sysfs control file. | ||
165 | |||
166 | - nospectre_v1 [PPC] Disable mitigations for Spectre Variant 1 (bounds | ||
167 | - check bypass). With this option data leaks are possible | ||
168 | - in the system. | ||
169 | + nospectre_v1 [X66, PPC] Disable mitigations for Spectre Variant 1 | ||
170 | + (bounds check bypass). With this option data leaks | ||
171 | + are possible in the system. | ||
172 | |||
173 | nospectre_v2 [X86,PPC_FSL_BOOK3E] Disable all mitigations for the Spectre variant 2 | ||
174 | (indirect branch prediction) vulnerability. System may | ||
175 | diff --git a/Makefile b/Makefile | ||
176 | index 203d9e80a315..41a565770431 100644 | ||
177 | --- a/Makefile | ||
178 | +++ b/Makefile | ||
179 | @@ -1,7 +1,7 @@ | ||
180 | # SPDX-License-Identifier: GPL-2.0 | ||
181 | VERSION = 4 | ||
182 | PATCHLEVEL = 19 | ||
183 | -SUBLEVEL = 64 | ||
184 | +SUBLEVEL = 65 | ||
185 | EXTRAVERSION = | ||
186 | NAME = "People's Front" | ||
187 | |||
188 | @@ -430,6 +430,7 @@ KBUILD_CFLAGS_MODULE := -DMODULE | ||
189 | KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds | ||
190 | KBUILD_LDFLAGS := | ||
191 | GCC_PLUGINS_CFLAGS := | ||
192 | +CLANG_FLAGS := | ||
193 | |||
194 | export ARCH SRCARCH CONFIG_SHELL HOSTCC KBUILD_HOSTCFLAGS CROSS_COMPILE AS LD CC | ||
195 | export CPP AR NM STRIP OBJCOPY OBJDUMP KBUILD_HOSTLDFLAGS KBUILD_HOSTLDLIBS | ||
196 | @@ -482,7 +483,7 @@ endif | ||
197 | |||
198 | ifeq ($(cc-name),clang) | ||
199 | ifneq ($(CROSS_COMPILE),) | ||
200 | -CLANG_FLAGS := --target=$(notdir $(CROSS_COMPILE:%-=%)) | ||
201 | +CLANG_FLAGS += --target=$(notdir $(CROSS_COMPILE:%-=%)) | ||
202 | GCC_TOOLCHAIN_DIR := $(dir $(shell which $(CROSS_COMPILE)elfedit)) | ||
203 | CLANG_FLAGS += --prefix=$(GCC_TOOLCHAIN_DIR) | ||
204 | GCC_TOOLCHAIN := $(realpath $(GCC_TOOLCHAIN_DIR)/..) | ||
205 | diff --git a/arch/arc/Kconfig b/arch/arc/Kconfig | ||
206 | index 74953e76a57d..0cce54182cc5 100644 | ||
207 | --- a/arch/arc/Kconfig | ||
208 | +++ b/arch/arc/Kconfig | ||
209 | @@ -199,7 +199,6 @@ config NR_CPUS | ||
210 | |||
211 | config ARC_SMP_HALT_ON_RESET | ||
212 | bool "Enable Halt-on-reset boot mode" | ||
213 | - default y if ARC_UBOOT_SUPPORT | ||
214 | help | ||
215 | In SMP configuration cores can be configured as Halt-on-reset | ||
216 | or they could all start at same time. For Halt-on-reset, non | ||
217 | @@ -539,18 +538,6 @@ config ARC_DBG_TLB_PARANOIA | ||
218 | |||
219 | endif | ||
220 | |||
221 | -config ARC_UBOOT_SUPPORT | ||
222 | - bool "Support uboot arg Handling" | ||
223 | - default n | ||
224 | - help | ||
225 | - ARC Linux by default checks for uboot provided args as pointers to | ||
226 | - external cmdline or DTB. This however breaks in absence of uboot, | ||
227 | - when booting from Metaware debugger directly, as the registers are | ||
228 | - not zeroed out on reset by mdb and/or ARCv2 based cores. The bogus | ||
229 | - registers look like uboot args to kernel which then chokes. | ||
230 | - So only enable the uboot arg checking/processing if users are sure | ||
231 | - of uboot being in play. | ||
232 | - | ||
233 | config ARC_BUILTIN_DTB_NAME | ||
234 | string "Built in DTB" | ||
235 | help | ||
236 | diff --git a/arch/arc/configs/nps_defconfig b/arch/arc/configs/nps_defconfig | ||
237 | index 6e84060e7c90..621f59407d76 100644 | ||
238 | --- a/arch/arc/configs/nps_defconfig | ||
239 | +++ b/arch/arc/configs/nps_defconfig | ||
240 | @@ -31,7 +31,6 @@ CONFIG_ARC_CACHE_LINE_SHIFT=5 | ||
241 | # CONFIG_ARC_HAS_LLSC is not set | ||
242 | CONFIG_ARC_KVADDR_SIZE=402 | ||
243 | CONFIG_ARC_EMUL_UNALIGNED=y | ||
244 | -CONFIG_ARC_UBOOT_SUPPORT=y | ||
245 | CONFIG_PREEMPT=y | ||
246 | CONFIG_NET=y | ||
247 | CONFIG_UNIX=y | ||
248 | diff --git a/arch/arc/configs/vdk_hs38_defconfig b/arch/arc/configs/vdk_hs38_defconfig | ||
249 | index 1e59a2e9c602..e447ace6fa1c 100644 | ||
250 | --- a/arch/arc/configs/vdk_hs38_defconfig | ||
251 | +++ b/arch/arc/configs/vdk_hs38_defconfig | ||
252 | @@ -13,7 +13,6 @@ CONFIG_PARTITION_ADVANCED=y | ||
253 | CONFIG_ARC_PLAT_AXS10X=y | ||
254 | CONFIG_AXS103=y | ||
255 | CONFIG_ISA_ARCV2=y | ||
256 | -CONFIG_ARC_UBOOT_SUPPORT=y | ||
257 | CONFIG_ARC_BUILTIN_DTB_NAME="vdk_hs38" | ||
258 | CONFIG_PREEMPT=y | ||
259 | CONFIG_NET=y | ||
260 | diff --git a/arch/arc/configs/vdk_hs38_smp_defconfig b/arch/arc/configs/vdk_hs38_smp_defconfig | ||
261 | index b5c3f6c54b03..c82cdb10aaf4 100644 | ||
262 | --- a/arch/arc/configs/vdk_hs38_smp_defconfig | ||
263 | +++ b/arch/arc/configs/vdk_hs38_smp_defconfig | ||
264 | @@ -15,8 +15,6 @@ CONFIG_AXS103=y | ||
265 | CONFIG_ISA_ARCV2=y | ||
266 | CONFIG_SMP=y | ||
267 | # CONFIG_ARC_TIMERS_64BIT is not set | ||
268 | -# CONFIG_ARC_SMP_HALT_ON_RESET is not set | ||
269 | -CONFIG_ARC_UBOOT_SUPPORT=y | ||
270 | CONFIG_ARC_BUILTIN_DTB_NAME="vdk_hs38_smp" | ||
271 | CONFIG_PREEMPT=y | ||
272 | CONFIG_NET=y | ||
273 | diff --git a/arch/arc/kernel/head.S b/arch/arc/kernel/head.S | ||
274 | index 208bf2c9e7b0..a72bbda2f7aa 100644 | ||
275 | --- a/arch/arc/kernel/head.S | ||
276 | +++ b/arch/arc/kernel/head.S | ||
277 | @@ -100,7 +100,6 @@ ENTRY(stext) | ||
278 | st.ab 0, [r5, 4] | ||
279 | 1: | ||
280 | |||
281 | -#ifdef CONFIG_ARC_UBOOT_SUPPORT | ||
282 | ; Uboot - kernel ABI | ||
283 | ; r0 = [0] No uboot interaction, [1] cmdline in r2, [2] DTB in r2 | ||
284 | ; r1 = magic number (always zero as of now) | ||
285 | @@ -109,7 +108,6 @@ ENTRY(stext) | ||
286 | st r0, [@uboot_tag] | ||
287 | st r1, [@uboot_magic] | ||
288 | st r2, [@uboot_arg] | ||
289 | -#endif | ||
290 | |||
291 | ; setup "current" tsk and optionally cache it in dedicated r25 | ||
292 | mov r9, @init_task | ||
293 | diff --git a/arch/arc/kernel/setup.c b/arch/arc/kernel/setup.c | ||
294 | index a1218937abd6..89c97dcfa360 100644 | ||
295 | --- a/arch/arc/kernel/setup.c | ||
296 | +++ b/arch/arc/kernel/setup.c | ||
297 | @@ -493,7 +493,6 @@ void __init handle_uboot_args(void) | ||
298 | bool use_embedded_dtb = true; | ||
299 | bool append_cmdline = false; | ||
300 | |||
301 | -#ifdef CONFIG_ARC_UBOOT_SUPPORT | ||
302 | /* check that we know this tag */ | ||
303 | if (uboot_tag != UBOOT_TAG_NONE && | ||
304 | uboot_tag != UBOOT_TAG_CMDLINE && | ||
305 | @@ -525,7 +524,6 @@ void __init handle_uboot_args(void) | ||
306 | append_cmdline = true; | ||
307 | |||
308 | ignore_uboot_args: | ||
309 | -#endif | ||
310 | |||
311 | if (use_embedded_dtb) { | ||
312 | machine_desc = setup_machine_fdt(__dtb_start); | ||
313 | diff --git a/arch/arm/boot/dts/rk3288-veyron-mickey.dts b/arch/arm/boot/dts/rk3288-veyron-mickey.dts | ||
314 | index 1e0158acf895..a593d0a998fc 100644 | ||
315 | --- a/arch/arm/boot/dts/rk3288-veyron-mickey.dts | ||
316 | +++ b/arch/arm/boot/dts/rk3288-veyron-mickey.dts | ||
317 | @@ -124,10 +124,6 @@ | ||
318 | }; | ||
319 | }; | ||
320 | |||
321 | -&emmc { | ||
322 | - /delete-property/mmc-hs200-1_8v; | ||
323 | -}; | ||
324 | - | ||
325 | &i2c2 { | ||
326 | status = "disabled"; | ||
327 | }; | ||
328 | diff --git a/arch/arm/boot/dts/rk3288-veyron-minnie.dts b/arch/arm/boot/dts/rk3288-veyron-minnie.dts | ||
329 | index f95d0c5fcf71..6e8946052c78 100644 | ||
330 | --- a/arch/arm/boot/dts/rk3288-veyron-minnie.dts | ||
331 | +++ b/arch/arm/boot/dts/rk3288-veyron-minnie.dts | ||
332 | @@ -90,10 +90,6 @@ | ||
333 | pwm-off-delay-ms = <200>; | ||
334 | }; | ||
335 | |||
336 | -&emmc { | ||
337 | - /delete-property/mmc-hs200-1_8v; | ||
338 | -}; | ||
339 | - | ||
340 | &gpio_keys { | ||
341 | pinctrl-0 = <&pwr_key_l &ap_lid_int_l &volum_down_l &volum_up_l>; | ||
342 | |||
343 | diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi | ||
344 | index c706adf4aed2..440d6783faca 100644 | ||
345 | --- a/arch/arm/boot/dts/rk3288.dtsi | ||
346 | +++ b/arch/arm/boot/dts/rk3288.dtsi | ||
347 | @@ -227,6 +227,7 @@ | ||
348 | <GIC_PPI 11 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_HIGH)>, | ||
349 | <GIC_PPI 10 (GIC_CPU_MASK_SIMPLE(4) | IRQ_TYPE_LEVEL_HIGH)>; | ||
350 | clock-frequency = <24000000>; | ||
351 | + arm,no-tick-in-suspend; | ||
352 | }; | ||
353 | |||
354 | timer: timer@ff810000 { | ||
355 | diff --git a/arch/arm/mach-rpc/dma.c b/arch/arm/mach-rpc/dma.c | ||
356 | index fb48f3141fb4..c4c96661eb89 100644 | ||
357 | --- a/arch/arm/mach-rpc/dma.c | ||
358 | +++ b/arch/arm/mach-rpc/dma.c | ||
359 | @@ -131,7 +131,7 @@ static irqreturn_t iomd_dma_handle(int irq, void *dev_id) | ||
360 | } while (1); | ||
361 | |||
362 | idma->state = ~DMA_ST_AB; | ||
363 | - disable_irq(irq); | ||
364 | + disable_irq_nosync(irq); | ||
365 | |||
366 | return IRQ_HANDLED; | ||
367 | } | ||
368 | @@ -174,6 +174,9 @@ static void iomd_enable_dma(unsigned int chan, dma_t *dma) | ||
369 | DMA_FROM_DEVICE : DMA_TO_DEVICE); | ||
370 | } | ||
371 | |||
372 | + idma->dma_addr = idma->dma.sg->dma_address; | ||
373 | + idma->dma_len = idma->dma.sg->length; | ||
374 | + | ||
375 | iomd_writeb(DMA_CR_C, dma_base + CR); | ||
376 | idma->state = DMA_ST_AB; | ||
377 | } | ||
378 | diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi | ||
379 | index df7e62d9a670..cea44a7c7cf9 100644 | ||
380 | --- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi | ||
381 | +++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi | ||
382 | @@ -1643,11 +1643,11 @@ | ||
383 | reg = <0x0 0xff914000 0x0 0x100>, <0x0 0xff915000 0x0 0x100>; | ||
384 | interrupts = <GIC_SPI 43 IRQ_TYPE_LEVEL_HIGH 0>; | ||
385 | interrupt-names = "isp0_mmu"; | ||
386 | - clocks = <&cru ACLK_ISP0_NOC>, <&cru HCLK_ISP0_NOC>; | ||
387 | + clocks = <&cru ACLK_ISP0_WRAPPER>, <&cru HCLK_ISP0_WRAPPER>; | ||
388 | clock-names = "aclk", "iface"; | ||
389 | #iommu-cells = <0>; | ||
390 | + power-domains = <&power RK3399_PD_ISP0>; | ||
391 | rockchip,disable-mmu-reset; | ||
392 | - status = "disabled"; | ||
393 | }; | ||
394 | |||
395 | isp1_mmu: iommu@ff924000 { | ||
396 | @@ -1655,11 +1655,11 @@ | ||
397 | reg = <0x0 0xff924000 0x0 0x100>, <0x0 0xff925000 0x0 0x100>; | ||
398 | interrupts = <GIC_SPI 44 IRQ_TYPE_LEVEL_HIGH 0>; | ||
399 | interrupt-names = "isp1_mmu"; | ||
400 | - clocks = <&cru ACLK_ISP1_NOC>, <&cru HCLK_ISP1_NOC>; | ||
401 | + clocks = <&cru ACLK_ISP1_WRAPPER>, <&cru HCLK_ISP1_WRAPPER>; | ||
402 | clock-names = "aclk", "iface"; | ||
403 | #iommu-cells = <0>; | ||
404 | + power-domains = <&power RK3399_PD_ISP1>; | ||
405 | rockchip,disable-mmu-reset; | ||
406 | - status = "disabled"; | ||
407 | }; | ||
408 | |||
409 | hdmi_sound: hdmi-sound { | ||
410 | diff --git a/arch/arm64/include/asm/cpufeature.h b/arch/arm64/include/asm/cpufeature.h | ||
411 | index 1717ba1db35d..510f687d269a 100644 | ||
412 | --- a/arch/arm64/include/asm/cpufeature.h | ||
413 | +++ b/arch/arm64/include/asm/cpufeature.h | ||
414 | @@ -45,9 +45,10 @@ | ||
415 | */ | ||
416 | |||
417 | enum ftr_type { | ||
418 | - FTR_EXACT, /* Use a predefined safe value */ | ||
419 | - FTR_LOWER_SAFE, /* Smaller value is safe */ | ||
420 | - FTR_HIGHER_SAFE,/* Bigger value is safe */ | ||
421 | + FTR_EXACT, /* Use a predefined safe value */ | ||
422 | + FTR_LOWER_SAFE, /* Smaller value is safe */ | ||
423 | + FTR_HIGHER_SAFE, /* Bigger value is safe */ | ||
424 | + FTR_HIGHER_OR_ZERO_SAFE, /* Bigger value is safe, but 0 is biggest */ | ||
425 | }; | ||
426 | |||
427 | #define FTR_STRICT true /* SANITY check strict matching required */ | ||
428 | diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c | ||
429 | index 93f69d82225d..bce06083685d 100644 | ||
430 | --- a/arch/arm64/kernel/cpufeature.c | ||
431 | +++ b/arch/arm64/kernel/cpufeature.c | ||
432 | @@ -206,8 +206,8 @@ static const struct arm64_ftr_bits ftr_ctr[] = { | ||
433 | ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_EXACT, 31, 1, 1), /* RES1 */ | ||
434 | ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_DIC_SHIFT, 1, 1), | ||
435 | ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_IDC_SHIFT, 1, 1), | ||
436 | - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_SAFE, CTR_CWG_SHIFT, 4, 0), | ||
437 | - ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_SAFE, CTR_ERG_SHIFT, 4, 0), | ||
438 | + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_OR_ZERO_SAFE, CTR_CWG_SHIFT, 4, 0), | ||
439 | + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_HIGHER_OR_ZERO_SAFE, CTR_ERG_SHIFT, 4, 0), | ||
440 | ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, CTR_DMINLINE_SHIFT, 4, 1), | ||
441 | /* | ||
442 | * Linux can handle differing I-cache policies. Userspace JITs will | ||
443 | @@ -449,6 +449,10 @@ static s64 arm64_ftr_safe_value(const struct arm64_ftr_bits *ftrp, s64 new, | ||
444 | case FTR_LOWER_SAFE: | ||
445 | ret = new < cur ? new : cur; | ||
446 | break; | ||
447 | + case FTR_HIGHER_OR_ZERO_SAFE: | ||
448 | + if (!cur || !new) | ||
449 | + break; | ||
450 | + /* Fallthrough */ | ||
451 | case FTR_HIGHER_SAFE: | ||
452 | ret = new > cur ? new : cur; | ||
453 | break; | ||
454 | diff --git a/arch/arm64/kernel/hw_breakpoint.c b/arch/arm64/kernel/hw_breakpoint.c | ||
455 | index 8c9644376326..7c0611f5d2ce 100644 | ||
456 | --- a/arch/arm64/kernel/hw_breakpoint.c | ||
457 | +++ b/arch/arm64/kernel/hw_breakpoint.c | ||
458 | @@ -547,13 +547,14 @@ int hw_breakpoint_arch_parse(struct perf_event *bp, | ||
459 | /* Aligned */ | ||
460 | break; | ||
461 | case 1: | ||
462 | - /* Allow single byte watchpoint. */ | ||
463 | - if (hw->ctrl.len == ARM_BREAKPOINT_LEN_1) | ||
464 | - break; | ||
465 | case 2: | ||
466 | /* Allow halfword watchpoints and breakpoints. */ | ||
467 | if (hw->ctrl.len == ARM_BREAKPOINT_LEN_2) | ||
468 | break; | ||
469 | + case 3: | ||
470 | + /* Allow single byte watchpoint. */ | ||
471 | + if (hw->ctrl.len == ARM_BREAKPOINT_LEN_1) | ||
472 | + break; | ||
473 | default: | ||
474 | return -EINVAL; | ||
475 | } | ||
476 | diff --git a/arch/mips/lantiq/irq.c b/arch/mips/lantiq/irq.c | ||
477 | index c4ef1c31e0c4..37caeadb2964 100644 | ||
478 | --- a/arch/mips/lantiq/irq.c | ||
479 | +++ b/arch/mips/lantiq/irq.c | ||
480 | @@ -156,8 +156,9 @@ static int ltq_eiu_settype(struct irq_data *d, unsigned int type) | ||
481 | if (edge) | ||
482 | irq_set_handler(d->hwirq, handle_edge_irq); | ||
483 | |||
484 | - ltq_eiu_w32(ltq_eiu_r32(LTQ_EIU_EXIN_C) | | ||
485 | - (val << (i * 4)), LTQ_EIU_EXIN_C); | ||
486 | + ltq_eiu_w32((ltq_eiu_r32(LTQ_EIU_EXIN_C) & | ||
487 | + (~(7 << (i * 4)))) | (val << (i * 4)), | ||
488 | + LTQ_EIU_EXIN_C); | ||
489 | } | ||
490 | } | ||
491 | |||
492 | diff --git a/arch/parisc/boot/compressed/vmlinux.lds.S b/arch/parisc/boot/compressed/vmlinux.lds.S | ||
493 | index 4ebd4e65524c..41ebe97fad10 100644 | ||
494 | --- a/arch/parisc/boot/compressed/vmlinux.lds.S | ||
495 | +++ b/arch/parisc/boot/compressed/vmlinux.lds.S | ||
496 | @@ -42,8 +42,8 @@ SECTIONS | ||
497 | #endif | ||
498 | _startcode_end = .; | ||
499 | |||
500 | - /* bootloader code and data starts behind area of extracted kernel */ | ||
501 | - . = (SZ_end - SZparisc_kernel_start + KERNEL_BINARY_TEXT_START); | ||
502 | + /* bootloader code and data starts at least behind area of extracted kernel */ | ||
503 | + . = MAX(ABSOLUTE(.), (SZ_end - SZparisc_kernel_start + KERNEL_BINARY_TEXT_START)); | ||
504 | |||
505 | /* align on next page boundary */ | ||
506 | . = ALIGN(4096); | ||
507 | diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c | ||
508 | index 8dd1d5ccae58..0387d7a96c84 100644 | ||
509 | --- a/arch/x86/boot/compressed/misc.c | ||
510 | +++ b/arch/x86/boot/compressed/misc.c | ||
511 | @@ -17,6 +17,7 @@ | ||
512 | #include "pgtable.h" | ||
513 | #include "../string.h" | ||
514 | #include "../voffset.h" | ||
515 | +#include <asm/bootparam_utils.h> | ||
516 | |||
517 | /* | ||
518 | * WARNING!! | ||
519 | diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h | ||
520 | index a423bdb42686..47fd18db6b3b 100644 | ||
521 | --- a/arch/x86/boot/compressed/misc.h | ||
522 | +++ b/arch/x86/boot/compressed/misc.h | ||
523 | @@ -22,7 +22,6 @@ | ||
524 | #include <asm/page.h> | ||
525 | #include <asm/boot.h> | ||
526 | #include <asm/bootparam.h> | ||
527 | -#include <asm/bootparam_utils.h> | ||
528 | |||
529 | #define BOOT_BOOT_H | ||
530 | #include "../ctype.h" | ||
531 | diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h | ||
532 | index e699b2041665..578b5455334f 100644 | ||
533 | --- a/arch/x86/entry/calling.h | ||
534 | +++ b/arch/x86/entry/calling.h | ||
535 | @@ -329,6 +329,23 @@ For 32-bit we have the following conventions - kernel is built with | ||
536 | |||
537 | #endif | ||
538 | |||
539 | +/* | ||
540 | + * Mitigate Spectre v1 for conditional swapgs code paths. | ||
541 | + * | ||
542 | + * FENCE_SWAPGS_USER_ENTRY is used in the user entry swapgs code path, to | ||
543 | + * prevent a speculative swapgs when coming from kernel space. | ||
544 | + * | ||
545 | + * FENCE_SWAPGS_KERNEL_ENTRY is used in the kernel entry non-swapgs code path, | ||
546 | + * to prevent the swapgs from getting speculatively skipped when coming from | ||
547 | + * user space. | ||
548 | + */ | ||
549 | +.macro FENCE_SWAPGS_USER_ENTRY | ||
550 | + ALTERNATIVE "", "lfence", X86_FEATURE_FENCE_SWAPGS_USER | ||
551 | +.endm | ||
552 | +.macro FENCE_SWAPGS_KERNEL_ENTRY | ||
553 | + ALTERNATIVE "", "lfence", X86_FEATURE_FENCE_SWAPGS_KERNEL | ||
554 | +.endm | ||
555 | + | ||
556 | #endif /* CONFIG_X86_64 */ | ||
557 | |||
558 | /* | ||
559 | diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S | ||
560 | index 206df099950e..ccb5e3486aee 100644 | ||
561 | --- a/arch/x86/entry/entry_64.S | ||
562 | +++ b/arch/x86/entry/entry_64.S | ||
563 | @@ -582,7 +582,7 @@ ENTRY(interrupt_entry) | ||
564 | testb $3, CS-ORIG_RAX+8(%rsp) | ||
565 | jz 1f | ||
566 | SWAPGS | ||
567 | - | ||
568 | + FENCE_SWAPGS_USER_ENTRY | ||
569 | /* | ||
570 | * Switch to the thread stack. The IRET frame and orig_ax are | ||
571 | * on the stack, as well as the return address. RDI..R12 are | ||
572 | @@ -612,8 +612,10 @@ ENTRY(interrupt_entry) | ||
573 | UNWIND_HINT_FUNC | ||
574 | |||
575 | movq (%rdi), %rdi | ||
576 | + jmp 2f | ||
577 | 1: | ||
578 | - | ||
579 | + FENCE_SWAPGS_KERNEL_ENTRY | ||
580 | +2: | ||
581 | PUSH_AND_CLEAR_REGS save_ret=1 | ||
582 | ENCODE_FRAME_POINTER 8 | ||
583 | |||
584 | @@ -1196,7 +1198,6 @@ idtentry stack_segment do_stack_segment has_error_code=1 | ||
585 | #ifdef CONFIG_XEN | ||
586 | idtentry xennmi do_nmi has_error_code=0 | ||
587 | idtentry xendebug do_debug has_error_code=0 | ||
588 | -idtentry xenint3 do_int3 has_error_code=0 | ||
589 | #endif | ||
590 | |||
591 | idtentry general_protection do_general_protection has_error_code=1 | ||
592 | @@ -1241,6 +1242,13 @@ ENTRY(paranoid_entry) | ||
593 | */ | ||
594 | SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14 | ||
595 | |||
596 | + /* | ||
597 | + * The above SAVE_AND_SWITCH_TO_KERNEL_CR3 macro doesn't do an | ||
598 | + * unconditional CR3 write, even in the PTI case. So do an lfence | ||
599 | + * to prevent GS speculation, regardless of whether PTI is enabled. | ||
600 | + */ | ||
601 | + FENCE_SWAPGS_KERNEL_ENTRY | ||
602 | + | ||
603 | ret | ||
604 | END(paranoid_entry) | ||
605 | |||
606 | @@ -1291,6 +1299,7 @@ ENTRY(error_entry) | ||
607 | * from user mode due to an IRET fault. | ||
608 | */ | ||
609 | SWAPGS | ||
610 | + FENCE_SWAPGS_USER_ENTRY | ||
611 | /* We have user CR3. Change to kernel CR3. */ | ||
612 | SWITCH_TO_KERNEL_CR3 scratch_reg=%rax | ||
613 | |||
614 | @@ -1312,6 +1321,8 @@ ENTRY(error_entry) | ||
615 | CALL_enter_from_user_mode | ||
616 | ret | ||
617 | |||
618 | +.Lerror_entry_done_lfence: | ||
619 | + FENCE_SWAPGS_KERNEL_ENTRY | ||
620 | .Lerror_entry_done: | ||
621 | TRACE_IRQS_OFF | ||
622 | ret | ||
623 | @@ -1330,7 +1341,7 @@ ENTRY(error_entry) | ||
624 | cmpq %rax, RIP+8(%rsp) | ||
625 | je .Lbstep_iret | ||
626 | cmpq $.Lgs_change, RIP+8(%rsp) | ||
627 | - jne .Lerror_entry_done | ||
628 | + jne .Lerror_entry_done_lfence | ||
629 | |||
630 | /* | ||
631 | * hack: .Lgs_change can fail with user gsbase. If this happens, fix up | ||
632 | @@ -1338,6 +1349,7 @@ ENTRY(error_entry) | ||
633 | * .Lgs_change's error handler with kernel gsbase. | ||
634 | */ | ||
635 | SWAPGS | ||
636 | + FENCE_SWAPGS_USER_ENTRY | ||
637 | SWITCH_TO_KERNEL_CR3 scratch_reg=%rax | ||
638 | jmp .Lerror_entry_done | ||
639 | |||
640 | @@ -1352,6 +1364,7 @@ ENTRY(error_entry) | ||
641 | * gsbase and CR3. Switch to kernel gsbase and CR3: | ||
642 | */ | ||
643 | SWAPGS | ||
644 | + FENCE_SWAPGS_USER_ENTRY | ||
645 | SWITCH_TO_KERNEL_CR3 scratch_reg=%rax | ||
646 | |||
647 | /* | ||
648 | @@ -1443,6 +1456,7 @@ ENTRY(nmi) | ||
649 | |||
650 | swapgs | ||
651 | cld | ||
652 | + FENCE_SWAPGS_USER_ENTRY | ||
653 | SWITCH_TO_KERNEL_CR3 scratch_reg=%rdx | ||
654 | movq %rsp, %rdx | ||
655 | movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp | ||
656 | diff --git a/arch/x86/entry/vdso/vclock_gettime.c b/arch/x86/entry/vdso/vclock_gettime.c | ||
657 | index e48ca3afa091..8a88e738f87d 100644 | ||
658 | --- a/arch/x86/entry/vdso/vclock_gettime.c | ||
659 | +++ b/arch/x86/entry/vdso/vclock_gettime.c | ||
660 | @@ -29,12 +29,12 @@ extern int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz); | ||
661 | extern time_t __vdso_time(time_t *t); | ||
662 | |||
663 | #ifdef CONFIG_PARAVIRT_CLOCK | ||
664 | -extern u8 pvclock_page | ||
665 | +extern u8 pvclock_page[PAGE_SIZE] | ||
666 | __attribute__((visibility("hidden"))); | ||
667 | #endif | ||
668 | |||
669 | #ifdef CONFIG_HYPERV_TSCPAGE | ||
670 | -extern u8 hvclock_page | ||
671 | +extern u8 hvclock_page[PAGE_SIZE] | ||
672 | __attribute__((visibility("hidden"))); | ||
673 | #endif | ||
674 | |||
675 | @@ -191,13 +191,24 @@ notrace static inline u64 vgetsns(int *mode) | ||
676 | |||
677 | if (gtod->vclock_mode == VCLOCK_TSC) | ||
678 | cycles = vread_tsc(); | ||
679 | + | ||
680 | + /* | ||
681 | + * For any memory-mapped vclock type, we need to make sure that gcc | ||
682 | + * doesn't cleverly hoist a load before the mode check. Otherwise we | ||
683 | + * might end up touching the memory-mapped page even if the vclock in | ||
684 | + * question isn't enabled, which will segfault. Hence the barriers. | ||
685 | + */ | ||
686 | #ifdef CONFIG_PARAVIRT_CLOCK | ||
687 | - else if (gtod->vclock_mode == VCLOCK_PVCLOCK) | ||
688 | + else if (gtod->vclock_mode == VCLOCK_PVCLOCK) { | ||
689 | + barrier(); | ||
690 | cycles = vread_pvclock(mode); | ||
691 | + } | ||
692 | #endif | ||
693 | #ifdef CONFIG_HYPERV_TSCPAGE | ||
694 | - else if (gtod->vclock_mode == VCLOCK_HVCLOCK) | ||
695 | + else if (gtod->vclock_mode == VCLOCK_HVCLOCK) { | ||
696 | + barrier(); | ||
697 | cycles = vread_hvclock(mode); | ||
698 | + } | ||
699 | #endif | ||
700 | else | ||
701 | return 0; | ||
702 | diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h | ||
703 | index 130e81e10fc7..050368db9d35 100644 | ||
704 | --- a/arch/x86/include/asm/apic.h | ||
705 | +++ b/arch/x86/include/asm/apic.h | ||
706 | @@ -48,7 +48,7 @@ static inline void generic_apic_probe(void) | ||
707 | |||
708 | #ifdef CONFIG_X86_LOCAL_APIC | ||
709 | |||
710 | -extern unsigned int apic_verbosity; | ||
711 | +extern int apic_verbosity; | ||
712 | extern int local_apic_timer_c2_ok; | ||
713 | |||
714 | extern int disable_apic; | ||
715 | diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h | ||
716 | index ce95b8cbd229..68889ace9c4c 100644 | ||
717 | --- a/arch/x86/include/asm/cpufeature.h | ||
718 | +++ b/arch/x86/include/asm/cpufeature.h | ||
719 | @@ -22,8 +22,8 @@ enum cpuid_leafs | ||
720 | CPUID_LNX_3, | ||
721 | CPUID_7_0_EBX, | ||
722 | CPUID_D_1_EAX, | ||
723 | - CPUID_F_0_EDX, | ||
724 | - CPUID_F_1_EDX, | ||
725 | + CPUID_LNX_4, | ||
726 | + CPUID_DUMMY, | ||
727 | CPUID_8000_0008_EBX, | ||
728 | CPUID_6_EAX, | ||
729 | CPUID_8000_000A_EDX, | ||
730 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h | ||
731 | index 0cf704933f23..759f0a176612 100644 | ||
732 | --- a/arch/x86/include/asm/cpufeatures.h | ||
733 | +++ b/arch/x86/include/asm/cpufeatures.h | ||
734 | @@ -271,13 +271,18 @@ | ||
735 | #define X86_FEATURE_XGETBV1 (10*32+ 2) /* XGETBV with ECX = 1 instruction */ | ||
736 | #define X86_FEATURE_XSAVES (10*32+ 3) /* XSAVES/XRSTORS instructions */ | ||
737 | |||
738 | -/* Intel-defined CPU QoS Sub-leaf, CPUID level 0x0000000F:0 (EDX), word 11 */ | ||
739 | -#define X86_FEATURE_CQM_LLC (11*32+ 1) /* LLC QoS if 1 */ | ||
740 | - | ||
741 | -/* Intel-defined CPU QoS Sub-leaf, CPUID level 0x0000000F:1 (EDX), word 12 */ | ||
742 | -#define X86_FEATURE_CQM_OCCUP_LLC (12*32+ 0) /* LLC occupancy monitoring */ | ||
743 | -#define X86_FEATURE_CQM_MBM_TOTAL (12*32+ 1) /* LLC Total MBM monitoring */ | ||
744 | -#define X86_FEATURE_CQM_MBM_LOCAL (12*32+ 2) /* LLC Local MBM monitoring */ | ||
745 | +/* | ||
746 | + * Extended auxiliary flags: Linux defined - for features scattered in various | ||
747 | + * CPUID levels like 0xf, etc. | ||
748 | + * | ||
749 | + * Reuse free bits when adding new feature flags! | ||
750 | + */ | ||
751 | +#define X86_FEATURE_CQM_LLC (11*32+ 0) /* LLC QoS if 1 */ | ||
752 | +#define X86_FEATURE_CQM_OCCUP_LLC (11*32+ 1) /* LLC occupancy monitoring */ | ||
753 | +#define X86_FEATURE_CQM_MBM_TOTAL (11*32+ 2) /* LLC Total MBM monitoring */ | ||
754 | +#define X86_FEATURE_CQM_MBM_LOCAL (11*32+ 3) /* LLC Local MBM monitoring */ | ||
755 | +#define X86_FEATURE_FENCE_SWAPGS_USER (11*32+ 4) /* "" LFENCE in user entry SWAPGS path */ | ||
756 | +#define X86_FEATURE_FENCE_SWAPGS_KERNEL (11*32+ 5) /* "" LFENCE in kernel entry SWAPGS path */ | ||
757 | |||
758 | /* AMD-defined CPU features, CPUID level 0x80000008 (EBX), word 13 */ | ||
759 | #define X86_FEATURE_CLZERO (13*32+ 0) /* CLZERO instruction */ | ||
760 | @@ -383,5 +388,6 @@ | ||
761 | #define X86_BUG_L1TF X86_BUG(18) /* CPU is affected by L1 Terminal Fault */ | ||
762 | #define X86_BUG_MDS X86_BUG(19) /* CPU is affected by Microarchitectural data sampling */ | ||
763 | #define X86_BUG_MSBDS_ONLY X86_BUG(20) /* CPU is only affected by the MSDBS variant of BUG_MDS */ | ||
764 | +#define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */ | ||
765 | |||
766 | #endif /* _ASM_X86_CPUFEATURES_H */ | ||
767 | diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h | ||
768 | index 7014dba23d20..2877e1fbadd8 100644 | ||
769 | --- a/arch/x86/include/asm/kvm_host.h | ||
770 | +++ b/arch/x86/include/asm/kvm_host.h | ||
771 | @@ -1427,25 +1427,29 @@ enum { | ||
772 | #define kvm_arch_vcpu_memslots_id(vcpu) ((vcpu)->arch.hflags & HF_SMM_MASK ? 1 : 0) | ||
773 | #define kvm_memslots_for_spte_role(kvm, role) __kvm_memslots(kvm, (role).smm) | ||
774 | |||
775 | +asmlinkage void __noreturn kvm_spurious_fault(void); | ||
776 | + | ||
777 | /* | ||
778 | * Hardware virtualization extension instructions may fault if a | ||
779 | * reboot turns off virtualization while processes are running. | ||
780 | - * Trap the fault and ignore the instruction if that happens. | ||
781 | + * Usually after catching the fault we just panic; during reboot | ||
782 | + * instead the instruction is ignored. | ||
783 | */ | ||
784 | -asmlinkage void kvm_spurious_fault(void); | ||
785 | - | ||
786 | -#define ____kvm_handle_fault_on_reboot(insn, cleanup_insn) \ | ||
787 | - "666: " insn "\n\t" \ | ||
788 | - "668: \n\t" \ | ||
789 | - ".pushsection .fixup, \"ax\" \n" \ | ||
790 | - "667: \n\t" \ | ||
791 | - cleanup_insn "\n\t" \ | ||
792 | - "cmpb $0, kvm_rebooting \n\t" \ | ||
793 | - "jne 668b \n\t" \ | ||
794 | - __ASM_SIZE(push) " $666b \n\t" \ | ||
795 | - "jmp kvm_spurious_fault \n\t" \ | ||
796 | - ".popsection \n\t" \ | ||
797 | - _ASM_EXTABLE(666b, 667b) | ||
798 | +#define ____kvm_handle_fault_on_reboot(insn, cleanup_insn) \ | ||
799 | + "666: \n\t" \ | ||
800 | + insn "\n\t" \ | ||
801 | + "jmp 668f \n\t" \ | ||
802 | + "667: \n\t" \ | ||
803 | + "call kvm_spurious_fault \n\t" \ | ||
804 | + "668: \n\t" \ | ||
805 | + ".pushsection .fixup, \"ax\" \n\t" \ | ||
806 | + "700: \n\t" \ | ||
807 | + cleanup_insn "\n\t" \ | ||
808 | + "cmpb $0, kvm_rebooting\n\t" \ | ||
809 | + "je 667b \n\t" \ | ||
810 | + "jmp 668b \n\t" \ | ||
811 | + ".popsection \n\t" \ | ||
812 | + _ASM_EXTABLE(666b, 700b) | ||
813 | |||
814 | #define __kvm_handle_fault_on_reboot(insn) \ | ||
815 | ____kvm_handle_fault_on_reboot(insn, "") | ||
816 | diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h | ||
817 | index e375d4266b53..a04677038872 100644 | ||
818 | --- a/arch/x86/include/asm/paravirt.h | ||
819 | +++ b/arch/x86/include/asm/paravirt.h | ||
820 | @@ -768,6 +768,7 @@ static __always_inline bool pv_vcpu_is_preempted(long cpu) | ||
821 | PV_RESTORE_ALL_CALLER_REGS \ | ||
822 | FRAME_END \ | ||
823 | "ret;" \ | ||
824 | + ".size " PV_THUNK_NAME(func) ", .-" PV_THUNK_NAME(func) ";" \ | ||
825 | ".popsection") | ||
826 | |||
827 | /* Get a reference to a callee-save function */ | ||
828 | diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h | ||
829 | index afbc87206886..b771bb3d159b 100644 | ||
830 | --- a/arch/x86/include/asm/traps.h | ||
831 | +++ b/arch/x86/include/asm/traps.h | ||
832 | @@ -40,7 +40,7 @@ asmlinkage void simd_coprocessor_error(void); | ||
833 | asmlinkage void xen_divide_error(void); | ||
834 | asmlinkage void xen_xennmi(void); | ||
835 | asmlinkage void xen_xendebug(void); | ||
836 | -asmlinkage void xen_xenint3(void); | ||
837 | +asmlinkage void xen_int3(void); | ||
838 | asmlinkage void xen_overflow(void); | ||
839 | asmlinkage void xen_bounds(void); | ||
840 | asmlinkage void xen_invalid_op(void); | ||
841 | diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c | ||
842 | index 02020f2e0080..272a12865b2a 100644 | ||
843 | --- a/arch/x86/kernel/apic/apic.c | ||
844 | +++ b/arch/x86/kernel/apic/apic.c | ||
845 | @@ -181,7 +181,7 @@ EXPORT_SYMBOL_GPL(local_apic_timer_c2_ok); | ||
846 | /* | ||
847 | * Debug level, exported for io_apic.c | ||
848 | */ | ||
849 | -unsigned int apic_verbosity; | ||
850 | +int apic_verbosity; | ||
851 | |||
852 | int pic_mode; | ||
853 | |||
854 | diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c | ||
855 | index c5690440fbd4..ee7d17611ead 100644 | ||
856 | --- a/arch/x86/kernel/cpu/bugs.c | ||
857 | +++ b/arch/x86/kernel/cpu/bugs.c | ||
858 | @@ -32,6 +32,7 @@ | ||
859 | #include <asm/e820/api.h> | ||
860 | #include <asm/hypervisor.h> | ||
861 | |||
862 | +static void __init spectre_v1_select_mitigation(void); | ||
863 | static void __init spectre_v2_select_mitigation(void); | ||
864 | static void __init ssb_select_mitigation(void); | ||
865 | static void __init l1tf_select_mitigation(void); | ||
866 | @@ -96,17 +97,11 @@ void __init check_bugs(void) | ||
867 | if (boot_cpu_has(X86_FEATURE_STIBP)) | ||
868 | x86_spec_ctrl_mask |= SPEC_CTRL_STIBP; | ||
869 | |||
870 | - /* Select the proper spectre mitigation before patching alternatives */ | ||
871 | + /* Select the proper CPU mitigations before patching alternatives: */ | ||
872 | + spectre_v1_select_mitigation(); | ||
873 | spectre_v2_select_mitigation(); | ||
874 | - | ||
875 | - /* | ||
876 | - * Select proper mitigation for any exposure to the Speculative Store | ||
877 | - * Bypass vulnerability. | ||
878 | - */ | ||
879 | ssb_select_mitigation(); | ||
880 | - | ||
881 | l1tf_select_mitigation(); | ||
882 | - | ||
883 | mds_select_mitigation(); | ||
884 | |||
885 | arch_smt_update(); | ||
886 | @@ -271,6 +266,98 @@ static int __init mds_cmdline(char *str) | ||
887 | } | ||
888 | early_param("mds", mds_cmdline); | ||
889 | |||
890 | +#undef pr_fmt | ||
891 | +#define pr_fmt(fmt) "Spectre V1 : " fmt | ||
892 | + | ||
893 | +enum spectre_v1_mitigation { | ||
894 | + SPECTRE_V1_MITIGATION_NONE, | ||
895 | + SPECTRE_V1_MITIGATION_AUTO, | ||
896 | +}; | ||
897 | + | ||
898 | +static enum spectre_v1_mitigation spectre_v1_mitigation __ro_after_init = | ||
899 | + SPECTRE_V1_MITIGATION_AUTO; | ||
900 | + | ||
901 | +static const char * const spectre_v1_strings[] = { | ||
902 | + [SPECTRE_V1_MITIGATION_NONE] = "Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers", | ||
903 | + [SPECTRE_V1_MITIGATION_AUTO] = "Mitigation: usercopy/swapgs barriers and __user pointer sanitization", | ||
904 | +}; | ||
905 | + | ||
906 | +/* | ||
907 | + * Does SMAP provide full mitigation against speculative kernel access to | ||
908 | + * userspace? | ||
909 | + */ | ||
910 | +static bool smap_works_speculatively(void) | ||
911 | +{ | ||
912 | + if (!boot_cpu_has(X86_FEATURE_SMAP)) | ||
913 | + return false; | ||
914 | + | ||
915 | + /* | ||
916 | + * On CPUs which are vulnerable to Meltdown, SMAP does not | ||
917 | + * prevent speculative access to user data in the L1 cache. | ||
918 | + * Consider SMAP to be non-functional as a mitigation on these | ||
919 | + * CPUs. | ||
920 | + */ | ||
921 | + if (boot_cpu_has(X86_BUG_CPU_MELTDOWN)) | ||
922 | + return false; | ||
923 | + | ||
924 | + return true; | ||
925 | +} | ||
926 | + | ||
927 | +static void __init spectre_v1_select_mitigation(void) | ||
928 | +{ | ||
929 | + if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1) || cpu_mitigations_off()) { | ||
930 | + spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE; | ||
931 | + return; | ||
932 | + } | ||
933 | + | ||
934 | + if (spectre_v1_mitigation == SPECTRE_V1_MITIGATION_AUTO) { | ||
935 | + /* | ||
936 | + * With Spectre v1, a user can speculatively control either | ||
937 | + * path of a conditional swapgs with a user-controlled GS | ||
938 | + * value. The mitigation is to add lfences to both code paths. | ||
939 | + * | ||
940 | + * If FSGSBASE is enabled, the user can put a kernel address in | ||
941 | + * GS, in which case SMAP provides no protection. | ||
942 | + * | ||
943 | + * [ NOTE: Don't check for X86_FEATURE_FSGSBASE until the | ||
944 | + * FSGSBASE enablement patches have been merged. ] | ||
945 | + * | ||
946 | + * If FSGSBASE is disabled, the user can only put a user space | ||
947 | + * address in GS. That makes an attack harder, but still | ||
948 | + * possible if there's no SMAP protection. | ||
949 | + */ | ||
950 | + if (!smap_works_speculatively()) { | ||
951 | + /* | ||
952 | + * Mitigation can be provided from SWAPGS itself or | ||
953 | + * PTI as the CR3 write in the Meltdown mitigation | ||
954 | + * is serializing. | ||
955 | + * | ||
956 | + * If neither is there, mitigate with an LFENCE to | ||
957 | + * stop speculation through swapgs. | ||
958 | + */ | ||
959 | + if (boot_cpu_has_bug(X86_BUG_SWAPGS) && | ||
960 | + !boot_cpu_has(X86_FEATURE_PTI)) | ||
961 | + setup_force_cpu_cap(X86_FEATURE_FENCE_SWAPGS_USER); | ||
962 | + | ||
963 | + /* | ||
964 | + * Enable lfences in the kernel entry (non-swapgs) | ||
965 | + * paths, to prevent user entry from speculatively | ||
966 | + * skipping swapgs. | ||
967 | + */ | ||
968 | + setup_force_cpu_cap(X86_FEATURE_FENCE_SWAPGS_KERNEL); | ||
969 | + } | ||
970 | + } | ||
971 | + | ||
972 | + pr_info("%s\n", spectre_v1_strings[spectre_v1_mitigation]); | ||
973 | +} | ||
974 | + | ||
975 | +static int __init nospectre_v1_cmdline(char *str) | ||
976 | +{ | ||
977 | + spectre_v1_mitigation = SPECTRE_V1_MITIGATION_NONE; | ||
978 | + return 0; | ||
979 | +} | ||
980 | +early_param("nospectre_v1", nospectre_v1_cmdline); | ||
981 | + | ||
982 | #undef pr_fmt | ||
983 | #define pr_fmt(fmt) "Spectre V2 : " fmt | ||
984 | |||
985 | @@ -1258,7 +1345,7 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr | ||
986 | break; | ||
987 | |||
988 | case X86_BUG_SPECTRE_V1: | ||
989 | - return sprintf(buf, "Mitigation: __user pointer sanitization\n"); | ||
990 | + return sprintf(buf, "%s\n", spectre_v1_strings[spectre_v1_mitigation]); | ||
991 | |||
992 | case X86_BUG_SPECTRE_V2: | ||
993 | return sprintf(buf, "%s%s%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled], | ||
994 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | ||
995 | index 1073118b9bf0..b33fdfa0ff49 100644 | ||
996 | --- a/arch/x86/kernel/cpu/common.c | ||
997 | +++ b/arch/x86/kernel/cpu/common.c | ||
998 | @@ -808,6 +808,30 @@ static void init_speculation_control(struct cpuinfo_x86 *c) | ||
999 | } | ||
1000 | } | ||
1001 | |||
1002 | +static void init_cqm(struct cpuinfo_x86 *c) | ||
1003 | +{ | ||
1004 | + if (!cpu_has(c, X86_FEATURE_CQM_LLC)) { | ||
1005 | + c->x86_cache_max_rmid = -1; | ||
1006 | + c->x86_cache_occ_scale = -1; | ||
1007 | + return; | ||
1008 | + } | ||
1009 | + | ||
1010 | + /* will be overridden if occupancy monitoring exists */ | ||
1011 | + c->x86_cache_max_rmid = cpuid_ebx(0xf); | ||
1012 | + | ||
1013 | + if (cpu_has(c, X86_FEATURE_CQM_OCCUP_LLC) || | ||
1014 | + cpu_has(c, X86_FEATURE_CQM_MBM_TOTAL) || | ||
1015 | + cpu_has(c, X86_FEATURE_CQM_MBM_LOCAL)) { | ||
1016 | + u32 eax, ebx, ecx, edx; | ||
1017 | + | ||
1018 | + /* QoS sub-leaf, EAX=0Fh, ECX=1 */ | ||
1019 | + cpuid_count(0xf, 1, &eax, &ebx, &ecx, &edx); | ||
1020 | + | ||
1021 | + c->x86_cache_max_rmid = ecx; | ||
1022 | + c->x86_cache_occ_scale = ebx; | ||
1023 | + } | ||
1024 | +} | ||
1025 | + | ||
1026 | void get_cpu_cap(struct cpuinfo_x86 *c) | ||
1027 | { | ||
1028 | u32 eax, ebx, ecx, edx; | ||
1029 | @@ -839,33 +863,6 @@ void get_cpu_cap(struct cpuinfo_x86 *c) | ||
1030 | c->x86_capability[CPUID_D_1_EAX] = eax; | ||
1031 | } | ||
1032 | |||
1033 | - /* Additional Intel-defined flags: level 0x0000000F */ | ||
1034 | - if (c->cpuid_level >= 0x0000000F) { | ||
1035 | - | ||
1036 | - /* QoS sub-leaf, EAX=0Fh, ECX=0 */ | ||
1037 | - cpuid_count(0x0000000F, 0, &eax, &ebx, &ecx, &edx); | ||
1038 | - c->x86_capability[CPUID_F_0_EDX] = edx; | ||
1039 | - | ||
1040 | - if (cpu_has(c, X86_FEATURE_CQM_LLC)) { | ||
1041 | - /* will be overridden if occupancy monitoring exists */ | ||
1042 | - c->x86_cache_max_rmid = ebx; | ||
1043 | - | ||
1044 | - /* QoS sub-leaf, EAX=0Fh, ECX=1 */ | ||
1045 | - cpuid_count(0x0000000F, 1, &eax, &ebx, &ecx, &edx); | ||
1046 | - c->x86_capability[CPUID_F_1_EDX] = edx; | ||
1047 | - | ||
1048 | - if ((cpu_has(c, X86_FEATURE_CQM_OCCUP_LLC)) || | ||
1049 | - ((cpu_has(c, X86_FEATURE_CQM_MBM_TOTAL)) || | ||
1050 | - (cpu_has(c, X86_FEATURE_CQM_MBM_LOCAL)))) { | ||
1051 | - c->x86_cache_max_rmid = ecx; | ||
1052 | - c->x86_cache_occ_scale = ebx; | ||
1053 | - } | ||
1054 | - } else { | ||
1055 | - c->x86_cache_max_rmid = -1; | ||
1056 | - c->x86_cache_occ_scale = -1; | ||
1057 | - } | ||
1058 | - } | ||
1059 | - | ||
1060 | /* AMD-defined flags: level 0x80000001 */ | ||
1061 | eax = cpuid_eax(0x80000000); | ||
1062 | c->extended_cpuid_level = eax; | ||
1063 | @@ -896,6 +893,7 @@ void get_cpu_cap(struct cpuinfo_x86 *c) | ||
1064 | |||
1065 | init_scattered_cpuid_features(c); | ||
1066 | init_speculation_control(c); | ||
1067 | + init_cqm(c); | ||
1068 | |||
1069 | /* | ||
1070 | * Clear/Set all flags overridden by options, after probe. | ||
1071 | @@ -954,6 +952,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) | ||
1072 | #define NO_L1TF BIT(3) | ||
1073 | #define NO_MDS BIT(4) | ||
1074 | #define MSBDS_ONLY BIT(5) | ||
1075 | +#define NO_SWAPGS BIT(6) | ||
1076 | |||
1077 | #define VULNWL(_vendor, _family, _model, _whitelist) \ | ||
1078 | { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } | ||
1079 | @@ -977,29 +976,37 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { | ||
1080 | VULNWL_INTEL(ATOM_BONNELL, NO_SPECULATION), | ||
1081 | VULNWL_INTEL(ATOM_BONNELL_MID, NO_SPECULATION), | ||
1082 | |||
1083 | - VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY), | ||
1084 | - VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF | MSBDS_ONLY), | ||
1085 | - VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY), | ||
1086 | - VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY), | ||
1087 | - VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY), | ||
1088 | - VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY), | ||
1089 | + VULNWL_INTEL(ATOM_SILVERMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), | ||
1090 | + VULNWL_INTEL(ATOM_SILVERMONT_X, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), | ||
1091 | + VULNWL_INTEL(ATOM_SILVERMONT_MID, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), | ||
1092 | + VULNWL_INTEL(ATOM_AIRMONT, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), | ||
1093 | + VULNWL_INTEL(XEON_PHI_KNL, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), | ||
1094 | + VULNWL_INTEL(XEON_PHI_KNM, NO_SSB | NO_L1TF | MSBDS_ONLY | NO_SWAPGS), | ||
1095 | |||
1096 | VULNWL_INTEL(CORE_YONAH, NO_SSB), | ||
1097 | |||
1098 | - VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY), | ||
1099 | + VULNWL_INTEL(ATOM_AIRMONT_MID, NO_L1TF | MSBDS_ONLY | NO_SWAPGS), | ||
1100 | |||
1101 | - VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF), | ||
1102 | - VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF), | ||
1103 | - VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF), | ||
1104 | + VULNWL_INTEL(ATOM_GOLDMONT, NO_MDS | NO_L1TF | NO_SWAPGS), | ||
1105 | + VULNWL_INTEL(ATOM_GOLDMONT_X, NO_MDS | NO_L1TF | NO_SWAPGS), | ||
1106 | + VULNWL_INTEL(ATOM_GOLDMONT_PLUS, NO_MDS | NO_L1TF | NO_SWAPGS), | ||
1107 | + | ||
1108 | + /* | ||
1109 | + * Technically, swapgs isn't serializing on AMD (despite it previously | ||
1110 | + * being documented as such in the APM). But according to AMD, %gs is | ||
1111 | + * updated non-speculatively, and the issuing of %gs-relative memory | ||
1112 | + * operands will be blocked until the %gs update completes, which is | ||
1113 | + * good enough for our purposes. | ||
1114 | + */ | ||
1115 | |||
1116 | /* AMD Family 0xf - 0x12 */ | ||
1117 | - VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), | ||
1118 | - VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), | ||
1119 | - VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), | ||
1120 | - VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS), | ||
1121 | + VULNWL_AMD(0x0f, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), | ||
1122 | + VULNWL_AMD(0x10, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), | ||
1123 | + VULNWL_AMD(0x11, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), | ||
1124 | + VULNWL_AMD(0x12, NO_MELTDOWN | NO_SSB | NO_L1TF | NO_MDS | NO_SWAPGS), | ||
1125 | |||
1126 | /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ | ||
1127 | - VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS), | ||
1128 | + VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS), | ||
1129 | {} | ||
1130 | }; | ||
1131 | |||
1132 | @@ -1036,6 +1043,9 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) | ||
1133 | setup_force_cpu_bug(X86_BUG_MSBDS_ONLY); | ||
1134 | } | ||
1135 | |||
1136 | + if (!cpu_matches(NO_SWAPGS)) | ||
1137 | + setup_force_cpu_bug(X86_BUG_SWAPGS); | ||
1138 | + | ||
1139 | if (cpu_matches(NO_MELTDOWN)) | ||
1140 | return; | ||
1141 | |||
1142 | diff --git a/arch/x86/kernel/cpu/cpuid-deps.c b/arch/x86/kernel/cpu/cpuid-deps.c | ||
1143 | index 2c0bd38a44ab..fa07a224e7b9 100644 | ||
1144 | --- a/arch/x86/kernel/cpu/cpuid-deps.c | ||
1145 | +++ b/arch/x86/kernel/cpu/cpuid-deps.c | ||
1146 | @@ -59,6 +59,9 @@ static const struct cpuid_dep cpuid_deps[] = { | ||
1147 | { X86_FEATURE_AVX512_4VNNIW, X86_FEATURE_AVX512F }, | ||
1148 | { X86_FEATURE_AVX512_4FMAPS, X86_FEATURE_AVX512F }, | ||
1149 | { X86_FEATURE_AVX512_VPOPCNTDQ, X86_FEATURE_AVX512F }, | ||
1150 | + { X86_FEATURE_CQM_OCCUP_LLC, X86_FEATURE_CQM_LLC }, | ||
1151 | + { X86_FEATURE_CQM_MBM_TOTAL, X86_FEATURE_CQM_LLC }, | ||
1152 | + { X86_FEATURE_CQM_MBM_LOCAL, X86_FEATURE_CQM_LLC }, | ||
1153 | {} | ||
1154 | }; | ||
1155 | |||
1156 | diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c | ||
1157 | index 772c219b6889..5a52672e3f8b 100644 | ||
1158 | --- a/arch/x86/kernel/cpu/scattered.c | ||
1159 | +++ b/arch/x86/kernel/cpu/scattered.c | ||
1160 | @@ -21,6 +21,10 @@ struct cpuid_bit { | ||
1161 | static const struct cpuid_bit cpuid_bits[] = { | ||
1162 | { X86_FEATURE_APERFMPERF, CPUID_ECX, 0, 0x00000006, 0 }, | ||
1163 | { X86_FEATURE_EPB, CPUID_ECX, 3, 0x00000006, 0 }, | ||
1164 | + { X86_FEATURE_CQM_LLC, CPUID_EDX, 1, 0x0000000f, 0 }, | ||
1165 | + { X86_FEATURE_CQM_OCCUP_LLC, CPUID_EDX, 0, 0x0000000f, 1 }, | ||
1166 | + { X86_FEATURE_CQM_MBM_TOTAL, CPUID_EDX, 1, 0x0000000f, 1 }, | ||
1167 | + { X86_FEATURE_CQM_MBM_LOCAL, CPUID_EDX, 2, 0x0000000f, 1 }, | ||
1168 | { X86_FEATURE_CAT_L3, CPUID_EBX, 1, 0x00000010, 0 }, | ||
1169 | { X86_FEATURE_CAT_L2, CPUID_EBX, 2, 0x00000010, 0 }, | ||
1170 | { X86_FEATURE_CDP_L3, CPUID_ECX, 2, 0x00000010, 1 }, | ||
1171 | diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c | ||
1172 | index 7f89d609095a..cee45d46e67d 100644 | ||
1173 | --- a/arch/x86/kernel/kvm.c | ||
1174 | +++ b/arch/x86/kernel/kvm.c | ||
1175 | @@ -830,6 +830,7 @@ asm( | ||
1176 | "cmpb $0, " __stringify(KVM_STEAL_TIME_preempted) "+steal_time(%rax);" | ||
1177 | "setne %al;" | ||
1178 | "ret;" | ||
1179 | +".size __raw_callee_save___kvm_vcpu_is_preempted, .-__raw_callee_save___kvm_vcpu_is_preempted;" | ||
1180 | ".popsection"); | ||
1181 | |||
1182 | #endif | ||
1183 | diff --git a/arch/x86/kvm/cpuid.h b/arch/x86/kvm/cpuid.h | ||
1184 | index 9a327d5b6d1f..d78a61408243 100644 | ||
1185 | --- a/arch/x86/kvm/cpuid.h | ||
1186 | +++ b/arch/x86/kvm/cpuid.h | ||
1187 | @@ -47,8 +47,6 @@ static const struct cpuid_reg reverse_cpuid[] = { | ||
1188 | [CPUID_8000_0001_ECX] = {0x80000001, 0, CPUID_ECX}, | ||
1189 | [CPUID_7_0_EBX] = { 7, 0, CPUID_EBX}, | ||
1190 | [CPUID_D_1_EAX] = { 0xd, 1, CPUID_EAX}, | ||
1191 | - [CPUID_F_0_EDX] = { 0xf, 0, CPUID_EDX}, | ||
1192 | - [CPUID_F_1_EDX] = { 0xf, 1, CPUID_EDX}, | ||
1193 | [CPUID_8000_0008_EBX] = {0x80000008, 0, CPUID_EBX}, | ||
1194 | [CPUID_6_EAX] = { 6, 0, CPUID_EAX}, | ||
1195 | [CPUID_8000_000A_EDX] = {0x8000000a, 0, CPUID_EDX}, | ||
1196 | diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c | ||
1197 | index e0f982e35c96..cdc0c460950f 100644 | ||
1198 | --- a/arch/x86/kvm/mmu.c | ||
1199 | +++ b/arch/x86/kvm/mmu.c | ||
1200 | @@ -4532,11 +4532,11 @@ static void update_permission_bitmask(struct kvm_vcpu *vcpu, | ||
1201 | */ | ||
1202 | |||
1203 | /* Faults from writes to non-writable pages */ | ||
1204 | - u8 wf = (pfec & PFERR_WRITE_MASK) ? ~w : 0; | ||
1205 | + u8 wf = (pfec & PFERR_WRITE_MASK) ? (u8)~w : 0; | ||
1206 | /* Faults from user mode accesses to supervisor pages */ | ||
1207 | - u8 uf = (pfec & PFERR_USER_MASK) ? ~u : 0; | ||
1208 | + u8 uf = (pfec & PFERR_USER_MASK) ? (u8)~u : 0; | ||
1209 | /* Faults from fetches of non-executable pages*/ | ||
1210 | - u8 ff = (pfec & PFERR_FETCH_MASK) ? ~x : 0; | ||
1211 | + u8 ff = (pfec & PFERR_FETCH_MASK) ? (u8)~x : 0; | ||
1212 | /* Faults from kernel mode fetches of user pages */ | ||
1213 | u8 smepf = 0; | ||
1214 | /* Faults from kernel mode accesses of user pages */ | ||
1215 | diff --git a/arch/x86/math-emu/fpu_emu.h b/arch/x86/math-emu/fpu_emu.h | ||
1216 | index a5a41ec58072..0c122226ca56 100644 | ||
1217 | --- a/arch/x86/math-emu/fpu_emu.h | ||
1218 | +++ b/arch/x86/math-emu/fpu_emu.h | ||
1219 | @@ -177,7 +177,7 @@ static inline void reg_copy(FPU_REG const *x, FPU_REG *y) | ||
1220 | #define setexponentpos(x,y) { (*(short *)&((x)->exp)) = \ | ||
1221 | ((y) + EXTENDED_Ebias) & 0x7fff; } | ||
1222 | #define exponent16(x) (*(short *)&((x)->exp)) | ||
1223 | -#define setexponent16(x,y) { (*(short *)&((x)->exp)) = (y); } | ||
1224 | +#define setexponent16(x,y) { (*(short *)&((x)->exp)) = (u16)(y); } | ||
1225 | #define addexponent(x,y) { (*(short *)&((x)->exp)) += (y); } | ||
1226 | #define stdexp(x) { (*(short *)&((x)->exp)) += EXTENDED_Ebias; } | ||
1227 | |||
1228 | diff --git a/arch/x86/math-emu/reg_constant.c b/arch/x86/math-emu/reg_constant.c | ||
1229 | index 8dc9095bab22..742619e94bdf 100644 | ||
1230 | --- a/arch/x86/math-emu/reg_constant.c | ||
1231 | +++ b/arch/x86/math-emu/reg_constant.c | ||
1232 | @@ -18,7 +18,7 @@ | ||
1233 | #include "control_w.h" | ||
1234 | |||
1235 | #define MAKE_REG(s, e, l, h) { l, h, \ | ||
1236 | - ((EXTENDED_Ebias+(e)) | ((SIGN_##s != 0)*0x8000)) } | ||
1237 | + (u16)((EXTENDED_Ebias+(e)) | ((SIGN_##s != 0)*0x8000)) } | ||
1238 | |||
1239 | FPU_REG const CONST_1 = MAKE_REG(POS, 0, 0x00000000, 0x80000000); | ||
1240 | #if 0 | ||
1241 | diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c | ||
1242 | index 782f98b332f0..1730a26ff6ab 100644 | ||
1243 | --- a/arch/x86/xen/enlighten_pv.c | ||
1244 | +++ b/arch/x86/xen/enlighten_pv.c | ||
1245 | @@ -597,12 +597,12 @@ struct trap_array_entry { | ||
1246 | |||
1247 | static struct trap_array_entry trap_array[] = { | ||
1248 | { debug, xen_xendebug, true }, | ||
1249 | - { int3, xen_xenint3, true }, | ||
1250 | { double_fault, xen_double_fault, true }, | ||
1251 | #ifdef CONFIG_X86_MCE | ||
1252 | { machine_check, xen_machine_check, true }, | ||
1253 | #endif | ||
1254 | { nmi, xen_xennmi, true }, | ||
1255 | + { int3, xen_int3, false }, | ||
1256 | { overflow, xen_overflow, false }, | ||
1257 | #ifdef CONFIG_IA32_EMULATION | ||
1258 | { entry_INT80_compat, xen_entry_INT80_compat, false }, | ||
1259 | diff --git a/arch/x86/xen/xen-asm_64.S b/arch/x86/xen/xen-asm_64.S | ||
1260 | index 417b339e5c8e..3a6feed76dfc 100644 | ||
1261 | --- a/arch/x86/xen/xen-asm_64.S | ||
1262 | +++ b/arch/x86/xen/xen-asm_64.S | ||
1263 | @@ -30,7 +30,6 @@ xen_pv_trap divide_error | ||
1264 | xen_pv_trap debug | ||
1265 | xen_pv_trap xendebug | ||
1266 | xen_pv_trap int3 | ||
1267 | -xen_pv_trap xenint3 | ||
1268 | xen_pv_trap xennmi | ||
1269 | xen_pv_trap overflow | ||
1270 | xen_pv_trap bounds | ||
1271 | diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c | ||
1272 | index 995c4d8922b1..761f0c19a451 100644 | ||
1273 | --- a/drivers/acpi/blacklist.c | ||
1274 | +++ b/drivers/acpi/blacklist.c | ||
1275 | @@ -30,7 +30,9 @@ | ||
1276 | |||
1277 | #include "internal.h" | ||
1278 | |||
1279 | +#ifdef CONFIG_DMI | ||
1280 | static const struct dmi_system_id acpi_rev_dmi_table[] __initconst; | ||
1281 | +#endif | ||
1282 | |||
1283 | /* | ||
1284 | * POLICY: If *anything* doesn't work, put it on the blacklist. | ||
1285 | @@ -74,7 +76,9 @@ int __init acpi_blacklisted(void) | ||
1286 | } | ||
1287 | |||
1288 | (void)early_acpi_osi_init(); | ||
1289 | +#ifdef CONFIG_DMI | ||
1290 | dmi_check_system(acpi_rev_dmi_table); | ||
1291 | +#endif | ||
1292 | |||
1293 | return blacklisted; | ||
1294 | } | ||
1295 | diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c | ||
1296 | index c13a6d1796a7..fa60f265ee50 100644 | ||
1297 | --- a/drivers/block/nbd.c | ||
1298 | +++ b/drivers/block/nbd.c | ||
1299 | @@ -1218,7 +1218,7 @@ static void nbd_clear_sock_ioctl(struct nbd_device *nbd, | ||
1300 | struct block_device *bdev) | ||
1301 | { | ||
1302 | sock_shutdown(nbd); | ||
1303 | - kill_bdev(bdev); | ||
1304 | + __invalidate_device(bdev, true); | ||
1305 | nbd_bdev_reset(bdev); | ||
1306 | if (test_and_clear_bit(NBD_HAS_CONFIG_REF, | ||
1307 | &nbd->config->runtime_flags)) | ||
1308 | diff --git a/drivers/clk/sprd/sc9860-clk.c b/drivers/clk/sprd/sc9860-clk.c | ||
1309 | index 9980ab55271b..f76305b4bc8d 100644 | ||
1310 | --- a/drivers/clk/sprd/sc9860-clk.c | ||
1311 | +++ b/drivers/clk/sprd/sc9860-clk.c | ||
1312 | @@ -2023,6 +2023,7 @@ static int sc9860_clk_probe(struct platform_device *pdev) | ||
1313 | { | ||
1314 | const struct of_device_id *match; | ||
1315 | const struct sprd_clk_desc *desc; | ||
1316 | + int ret; | ||
1317 | |||
1318 | match = of_match_node(sprd_sc9860_clk_ids, pdev->dev.of_node); | ||
1319 | if (!match) { | ||
1320 | @@ -2031,7 +2032,9 @@ static int sc9860_clk_probe(struct platform_device *pdev) | ||
1321 | } | ||
1322 | |||
1323 | desc = match->data; | ||
1324 | - sprd_clk_regmap_init(pdev, desc); | ||
1325 | + ret = sprd_clk_regmap_init(pdev, desc); | ||
1326 | + if (ret) | ||
1327 | + return ret; | ||
1328 | |||
1329 | return sprd_clk_probe(&pdev->dev, desc->hw_clks); | ||
1330 | } | ||
1331 | diff --git a/drivers/clk/tegra/clk-tegra210.c b/drivers/clk/tegra/clk-tegra210.c | ||
1332 | index 9eb1cb14fce1..4e1bc23c9865 100644 | ||
1333 | --- a/drivers/clk/tegra/clk-tegra210.c | ||
1334 | +++ b/drivers/clk/tegra/clk-tegra210.c | ||
1335 | @@ -2214,9 +2214,9 @@ static struct div_nmp pllu_nmp = { | ||
1336 | }; | ||
1337 | |||
1338 | static struct tegra_clk_pll_freq_table pll_u_freq_table[] = { | ||
1339 | - { 12000000, 480000000, 40, 1, 0, 0 }, | ||
1340 | - { 13000000, 480000000, 36, 1, 0, 0 }, /* actual: 468.0 MHz */ | ||
1341 | - { 38400000, 480000000, 25, 2, 0, 0 }, | ||
1342 | + { 12000000, 480000000, 40, 1, 1, 0 }, | ||
1343 | + { 13000000, 480000000, 36, 1, 1, 0 }, /* actual: 468.0 MHz */ | ||
1344 | + { 38400000, 480000000, 25, 2, 1, 0 }, | ||
1345 | { 0, 0, 0, 0, 0, 0 }, | ||
1346 | }; | ||
1347 | |||
1348 | @@ -3343,6 +3343,7 @@ static struct tegra_clk_init_table init_table[] __initdata = { | ||
1349 | { TEGRA210_CLK_DFLL_REF, TEGRA210_CLK_PLL_P, 51000000, 1 }, | ||
1350 | { TEGRA210_CLK_SBC4, TEGRA210_CLK_PLL_P, 12000000, 1 }, | ||
1351 | { TEGRA210_CLK_PLL_RE_VCO, TEGRA210_CLK_CLK_MAX, 672000000, 1 }, | ||
1352 | + { TEGRA210_CLK_PLL_U_OUT1, TEGRA210_CLK_CLK_MAX, 48000000, 1 }, | ||
1353 | { TEGRA210_CLK_XUSB_GATE, TEGRA210_CLK_CLK_MAX, 0, 1 }, | ||
1354 | { TEGRA210_CLK_XUSB_SS_SRC, TEGRA210_CLK_PLL_U_480M, 120000000, 0 }, | ||
1355 | { TEGRA210_CLK_XUSB_FS_SRC, TEGRA210_CLK_PLL_U_48M, 48000000, 0 }, | ||
1356 | @@ -3367,7 +3368,6 @@ static struct tegra_clk_init_table init_table[] __initdata = { | ||
1357 | { TEGRA210_CLK_PLL_DP, TEGRA210_CLK_CLK_MAX, 270000000, 0 }, | ||
1358 | { TEGRA210_CLK_SOC_THERM, TEGRA210_CLK_PLL_P, 51000000, 0 }, | ||
1359 | { TEGRA210_CLK_CCLK_G, TEGRA210_CLK_CLK_MAX, 0, 1 }, | ||
1360 | - { TEGRA210_CLK_PLL_U_OUT1, TEGRA210_CLK_CLK_MAX, 48000000, 1 }, | ||
1361 | { TEGRA210_CLK_PLL_U_OUT2, TEGRA210_CLK_CLK_MAX, 60000000, 1 }, | ||
1362 | /* This MUST be the last entry. */ | ||
1363 | { TEGRA210_CLK_CLK_MAX, TEGRA210_CLK_CLK_MAX, 0, 0 }, | ||
1364 | diff --git a/drivers/dma/sh/rcar-dmac.c b/drivers/dma/sh/rcar-dmac.c | ||
1365 | index 0b05a1e08d21..041ce864097e 100644 | ||
1366 | --- a/drivers/dma/sh/rcar-dmac.c | ||
1367 | +++ b/drivers/dma/sh/rcar-dmac.c | ||
1368 | @@ -1164,7 +1164,7 @@ rcar_dmac_prep_slave_sg(struct dma_chan *chan, struct scatterlist *sgl, | ||
1369 | struct rcar_dmac_chan *rchan = to_rcar_dmac_chan(chan); | ||
1370 | |||
1371 | /* Someone calling slave DMA on a generic channel? */ | ||
1372 | - if (rchan->mid_rid < 0 || !sg_len) { | ||
1373 | + if (rchan->mid_rid < 0 || !sg_len || !sg_dma_len(sgl)) { | ||
1374 | dev_warn(chan->device->dev, | ||
1375 | "%s: bad parameter: len=%d, id=%d\n", | ||
1376 | __func__, sg_len, rchan->mid_rid); | ||
1377 | diff --git a/drivers/dma/tegra20-apb-dma.c b/drivers/dma/tegra20-apb-dma.c | ||
1378 | index 8219ab88a507..fb23993430d3 100644 | ||
1379 | --- a/drivers/dma/tegra20-apb-dma.c | ||
1380 | +++ b/drivers/dma/tegra20-apb-dma.c | ||
1381 | @@ -981,8 +981,12 @@ static struct dma_async_tx_descriptor *tegra_dma_prep_slave_sg( | ||
1382 | csr |= tdc->slave_id << TEGRA_APBDMA_CSR_REQ_SEL_SHIFT; | ||
1383 | } | ||
1384 | |||
1385 | - if (flags & DMA_PREP_INTERRUPT) | ||
1386 | + if (flags & DMA_PREP_INTERRUPT) { | ||
1387 | csr |= TEGRA_APBDMA_CSR_IE_EOC; | ||
1388 | + } else { | ||
1389 | + WARN_ON_ONCE(1); | ||
1390 | + return NULL; | ||
1391 | + } | ||
1392 | |||
1393 | apb_seq |= TEGRA_APBDMA_APBSEQ_WRAP_WORD_1; | ||
1394 | |||
1395 | @@ -1124,8 +1128,12 @@ static struct dma_async_tx_descriptor *tegra_dma_prep_dma_cyclic( | ||
1396 | csr |= tdc->slave_id << TEGRA_APBDMA_CSR_REQ_SEL_SHIFT; | ||
1397 | } | ||
1398 | |||
1399 | - if (flags & DMA_PREP_INTERRUPT) | ||
1400 | + if (flags & DMA_PREP_INTERRUPT) { | ||
1401 | csr |= TEGRA_APBDMA_CSR_IE_EOC; | ||
1402 | + } else { | ||
1403 | + WARN_ON_ONCE(1); | ||
1404 | + return NULL; | ||
1405 | + } | ||
1406 | |||
1407 | apb_seq |= TEGRA_APBDMA_APBSEQ_WRAP_WORD_1; | ||
1408 | |||
1409 | diff --git a/drivers/firmware/psci_checker.c b/drivers/firmware/psci_checker.c | ||
1410 | index 346943657962..cbd53cb1b2d4 100644 | ||
1411 | --- a/drivers/firmware/psci_checker.c | ||
1412 | +++ b/drivers/firmware/psci_checker.c | ||
1413 | @@ -366,16 +366,16 @@ static int suspend_test_thread(void *arg) | ||
1414 | for (;;) { | ||
1415 | /* Needs to be set first to avoid missing a wakeup. */ | ||
1416 | set_current_state(TASK_INTERRUPTIBLE); | ||
1417 | - if (kthread_should_stop()) { | ||
1418 | - __set_current_state(TASK_RUNNING); | ||
1419 | + if (kthread_should_park()) | ||
1420 | break; | ||
1421 | - } | ||
1422 | schedule(); | ||
1423 | } | ||
1424 | |||
1425 | pr_info("CPU %d suspend test results: success %d, shallow states %d, errors %d\n", | ||
1426 | cpu, nb_suspend, nb_shallow_sleep, nb_err); | ||
1427 | |||
1428 | + kthread_parkme(); | ||
1429 | + | ||
1430 | return nb_err; | ||
1431 | } | ||
1432 | |||
1433 | @@ -440,8 +440,10 @@ static int suspend_tests(void) | ||
1434 | |||
1435 | |||
1436 | /* Stop and destroy all threads, get return status. */ | ||
1437 | - for (i = 0; i < nb_threads; ++i) | ||
1438 | + for (i = 0; i < nb_threads; ++i) { | ||
1439 | + err += kthread_park(threads[i]); | ||
1440 | err += kthread_stop(threads[i]); | ||
1441 | + } | ||
1442 | out: | ||
1443 | cpuidle_resume_and_unlock(); | ||
1444 | kfree(threads); | ||
1445 | diff --git a/drivers/gpio/gpiolib.c b/drivers/gpio/gpiolib.c | ||
1446 | index 4a48c7c47709..b308ce92685d 100644 | ||
1447 | --- a/drivers/gpio/gpiolib.c | ||
1448 | +++ b/drivers/gpio/gpiolib.c | ||
1449 | @@ -946,9 +946,11 @@ static int lineevent_create(struct gpio_device *gdev, void __user *ip) | ||
1450 | } | ||
1451 | |||
1452 | if (eflags & GPIOEVENT_REQUEST_RISING_EDGE) | ||
1453 | - irqflags |= IRQF_TRIGGER_RISING; | ||
1454 | + irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ? | ||
1455 | + IRQF_TRIGGER_FALLING : IRQF_TRIGGER_RISING; | ||
1456 | if (eflags & GPIOEVENT_REQUEST_FALLING_EDGE) | ||
1457 | - irqflags |= IRQF_TRIGGER_FALLING; | ||
1458 | + irqflags |= test_bit(FLAG_ACTIVE_LOW, &desc->flags) ? | ||
1459 | + IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING; | ||
1460 | irqflags |= IRQF_ONESHOT; | ||
1461 | irqflags |= IRQF_SHARED; | ||
1462 | |||
1463 | diff --git a/drivers/gpu/drm/i915/gvt/kvmgt.c b/drivers/gpu/drm/i915/gvt/kvmgt.c | ||
1464 | index 12e4203c06db..66abe061f07b 100644 | ||
1465 | --- a/drivers/gpu/drm/i915/gvt/kvmgt.c | ||
1466 | +++ b/drivers/gpu/drm/i915/gvt/kvmgt.c | ||
1467 | @@ -1741,6 +1741,18 @@ int kvmgt_dma_map_guest_page(unsigned long handle, unsigned long gfn, | ||
1468 | |||
1469 | entry = __gvt_cache_find_gfn(info->vgpu, gfn); | ||
1470 | if (!entry) { | ||
1471 | + ret = gvt_dma_map_page(vgpu, gfn, dma_addr, size); | ||
1472 | + if (ret) | ||
1473 | + goto err_unlock; | ||
1474 | + | ||
1475 | + ret = __gvt_cache_add(info->vgpu, gfn, *dma_addr, size); | ||
1476 | + if (ret) | ||
1477 | + goto err_unmap; | ||
1478 | + } else if (entry->size != size) { | ||
1479 | + /* the same gfn with different size: unmap and re-map */ | ||
1480 | + gvt_dma_unmap_page(vgpu, gfn, entry->dma_addr, entry->size); | ||
1481 | + __gvt_cache_remove_entry(vgpu, entry); | ||
1482 | + | ||
1483 | ret = gvt_dma_map_page(vgpu, gfn, dma_addr, size); | ||
1484 | if (ret) | ||
1485 | goto err_unlock; | ||
1486 | diff --git a/drivers/gpu/drm/nouveau/nouveau_connector.c b/drivers/gpu/drm/nouveau/nouveau_connector.c | ||
1487 | index 247f72cc4d10..fb0094fc5583 100644 | ||
1488 | --- a/drivers/gpu/drm/nouveau/nouveau_connector.c | ||
1489 | +++ b/drivers/gpu/drm/nouveau/nouveau_connector.c | ||
1490 | @@ -251,7 +251,7 @@ nouveau_conn_reset(struct drm_connector *connector) | ||
1491 | return; | ||
1492 | |||
1493 | if (connector->state) | ||
1494 | - __drm_atomic_helper_connector_destroy_state(connector->state); | ||
1495 | + nouveau_conn_atomic_destroy_state(connector, connector->state); | ||
1496 | __drm_atomic_helper_connector_reset(connector, &asyc->state); | ||
1497 | asyc->dither.mode = DITHERING_MODE_AUTO; | ||
1498 | asyc->dither.depth = DITHERING_DEPTH_AUTO; | ||
1499 | diff --git a/drivers/infiniband/hw/hfi1/chip.c b/drivers/infiniband/hw/hfi1/chip.c | ||
1500 | index d8eb4dc04d69..6aa5a8a242ff 100644 | ||
1501 | --- a/drivers/infiniband/hw/hfi1/chip.c | ||
1502 | +++ b/drivers/infiniband/hw/hfi1/chip.c | ||
1503 | @@ -14586,7 +14586,7 @@ void hfi1_deinit_vnic_rsm(struct hfi1_devdata *dd) | ||
1504 | clear_rcvctrl(dd, RCV_CTRL_RCV_RSM_ENABLE_SMASK); | ||
1505 | } | ||
1506 | |||
1507 | -static void init_rxe(struct hfi1_devdata *dd) | ||
1508 | +static int init_rxe(struct hfi1_devdata *dd) | ||
1509 | { | ||
1510 | struct rsm_map_table *rmt; | ||
1511 | u64 val; | ||
1512 | @@ -14595,6 +14595,9 @@ static void init_rxe(struct hfi1_devdata *dd) | ||
1513 | write_csr(dd, RCV_ERR_MASK, ~0ull); | ||
1514 | |||
1515 | rmt = alloc_rsm_map_table(dd); | ||
1516 | + if (!rmt) | ||
1517 | + return -ENOMEM; | ||
1518 | + | ||
1519 | /* set up QOS, including the QPN map table */ | ||
1520 | init_qos(dd, rmt); | ||
1521 | init_user_fecn_handling(dd, rmt); | ||
1522 | @@ -14621,6 +14624,7 @@ static void init_rxe(struct hfi1_devdata *dd) | ||
1523 | val |= ((4ull & RCV_BYPASS_HDR_SIZE_MASK) << | ||
1524 | RCV_BYPASS_HDR_SIZE_SHIFT); | ||
1525 | write_csr(dd, RCV_BYPASS, val); | ||
1526 | + return 0; | ||
1527 | } | ||
1528 | |||
1529 | static void init_other(struct hfi1_devdata *dd) | ||
1530 | @@ -15163,7 +15167,10 @@ struct hfi1_devdata *hfi1_init_dd(struct pci_dev *pdev, | ||
1531 | goto bail_cleanup; | ||
1532 | |||
1533 | /* set initial RXE CSRs */ | ||
1534 | - init_rxe(dd); | ||
1535 | + ret = init_rxe(dd); | ||
1536 | + if (ret) | ||
1537 | + goto bail_cleanup; | ||
1538 | + | ||
1539 | /* set initial TXE CSRs */ | ||
1540 | init_txe(dd); | ||
1541 | /* set initial non-RXE, non-TXE CSRs */ | ||
1542 | diff --git a/drivers/infiniband/hw/hfi1/verbs.c b/drivers/infiniband/hw/hfi1/verbs.c | ||
1543 | index 27d9c4cefdc7..1ad38c8c1ef9 100644 | ||
1544 | --- a/drivers/infiniband/hw/hfi1/verbs.c | ||
1545 | +++ b/drivers/infiniband/hw/hfi1/verbs.c | ||
1546 | @@ -54,6 +54,7 @@ | ||
1547 | #include <linux/mm.h> | ||
1548 | #include <linux/vmalloc.h> | ||
1549 | #include <rdma/opa_addr.h> | ||
1550 | +#include <linux/nospec.h> | ||
1551 | |||
1552 | #include "hfi.h" | ||
1553 | #include "common.h" | ||
1554 | @@ -1596,6 +1597,7 @@ static int hfi1_check_ah(struct ib_device *ibdev, struct rdma_ah_attr *ah_attr) | ||
1555 | sl = rdma_ah_get_sl(ah_attr); | ||
1556 | if (sl >= ARRAY_SIZE(ibp->sl_to_sc)) | ||
1557 | return -EINVAL; | ||
1558 | + sl = array_index_nospec(sl, ARRAY_SIZE(ibp->sl_to_sc)); | ||
1559 | |||
1560 | sc5 = ibp->sl_to_sc[sl]; | ||
1561 | if (sc_to_vlt(dd, sc5) > num_vls && sc_to_vlt(dd, sc5) != 0xf) | ||
1562 | diff --git a/drivers/infiniband/hw/mlx5/mlx5_ib.h b/drivers/infiniband/hw/mlx5/mlx5_ib.h | ||
1563 | index 320d4dfe8c2f..941d1df54631 100644 | ||
1564 | --- a/drivers/infiniband/hw/mlx5/mlx5_ib.h | ||
1565 | +++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h | ||
1566 | @@ -467,6 +467,7 @@ struct mlx5_umr_wr { | ||
1567 | u64 length; | ||
1568 | int access_flags; | ||
1569 | u32 mkey; | ||
1570 | + u8 ignore_free_state:1; | ||
1571 | }; | ||
1572 | |||
1573 | static inline const struct mlx5_umr_wr *umr_wr(const struct ib_send_wr *wr) | ||
1574 | diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c | ||
1575 | index 7df4a4fe4af4..9bab4fb65c68 100644 | ||
1576 | --- a/drivers/infiniband/hw/mlx5/mr.c | ||
1577 | +++ b/drivers/infiniband/hw/mlx5/mr.c | ||
1578 | @@ -548,13 +548,16 @@ void mlx5_mr_cache_free(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) | ||
1579 | return; | ||
1580 | |||
1581 | c = order2idx(dev, mr->order); | ||
1582 | - if (c < 0 || c >= MAX_MR_CACHE_ENTRIES) { | ||
1583 | - mlx5_ib_warn(dev, "order %d, cache index %d\n", mr->order, c); | ||
1584 | - return; | ||
1585 | - } | ||
1586 | + WARN_ON(c < 0 || c >= MAX_MR_CACHE_ENTRIES); | ||
1587 | |||
1588 | - if (unreg_umr(dev, mr)) | ||
1589 | + if (unreg_umr(dev, mr)) { | ||
1590 | + mr->allocated_from_cache = false; | ||
1591 | + destroy_mkey(dev, mr); | ||
1592 | + ent = &cache->ent[c]; | ||
1593 | + if (ent->cur < ent->limit) | ||
1594 | + queue_work(cache->wq, &ent->work); | ||
1595 | return; | ||
1596 | + } | ||
1597 | |||
1598 | ent = &cache->ent[c]; | ||
1599 | spin_lock_irq(&ent->lock); | ||
1600 | @@ -1408,9 +1411,11 @@ static int unreg_umr(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) | ||
1601 | return 0; | ||
1602 | |||
1603 | umrwr.wr.send_flags = MLX5_IB_SEND_UMR_DISABLE_MR | | ||
1604 | - MLX5_IB_SEND_UMR_FAIL_IF_FREE; | ||
1605 | + MLX5_IB_SEND_UMR_UPDATE_PD_ACCESS; | ||
1606 | umrwr.wr.opcode = MLX5_IB_WR_UMR; | ||
1607 | + umrwr.pd = dev->umrc.pd; | ||
1608 | umrwr.mkey = mr->mmkey.key; | ||
1609 | + umrwr.ignore_free_state = 1; | ||
1610 | |||
1611 | return mlx5_ib_post_send_wait(dev, &umrwr); | ||
1612 | } | ||
1613 | @@ -1615,10 +1620,10 @@ static void clean_mr(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) | ||
1614 | mr->sig = NULL; | ||
1615 | } | ||
1616 | |||
1617 | - mlx5_free_priv_descs(mr); | ||
1618 | - | ||
1619 | - if (!allocated_from_cache) | ||
1620 | + if (!allocated_from_cache) { | ||
1621 | destroy_mkey(dev, mr); | ||
1622 | + mlx5_free_priv_descs(mr); | ||
1623 | + } | ||
1624 | } | ||
1625 | |||
1626 | static void dereg_mr(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) | ||
1627 | diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c | ||
1628 | index 183fe5c8ceb7..77b1f3fd086a 100644 | ||
1629 | --- a/drivers/infiniband/hw/mlx5/qp.c | ||
1630 | +++ b/drivers/infiniband/hw/mlx5/qp.c | ||
1631 | @@ -1501,7 +1501,6 @@ static int create_rss_raw_qp_tir(struct mlx5_ib_dev *dev, struct mlx5_ib_qp *qp, | ||
1632 | } | ||
1633 | |||
1634 | MLX5_SET(tirc, tirc, rx_hash_fn, MLX5_RX_HASH_FN_TOEPLITZ); | ||
1635 | - MLX5_SET(tirc, tirc, rx_hash_symmetric, 1); | ||
1636 | memcpy(rss_key, ucmd.rx_hash_key, len); | ||
1637 | break; | ||
1638 | } | ||
1639 | @@ -3717,10 +3716,14 @@ static int set_reg_umr_segment(struct mlx5_ib_dev *dev, | ||
1640 | |||
1641 | memset(umr, 0, sizeof(*umr)); | ||
1642 | |||
1643 | - if (wr->send_flags & MLX5_IB_SEND_UMR_FAIL_IF_FREE) | ||
1644 | - umr->flags = MLX5_UMR_CHECK_FREE; /* fail if free */ | ||
1645 | - else | ||
1646 | - umr->flags = MLX5_UMR_CHECK_NOT_FREE; /* fail if not free */ | ||
1647 | + if (!umrwr->ignore_free_state) { | ||
1648 | + if (wr->send_flags & MLX5_IB_SEND_UMR_FAIL_IF_FREE) | ||
1649 | + /* fail if free */ | ||
1650 | + umr->flags = MLX5_UMR_CHECK_FREE; | ||
1651 | + else | ||
1652 | + /* fail if not free */ | ||
1653 | + umr->flags = MLX5_UMR_CHECK_NOT_FREE; | ||
1654 | + } | ||
1655 | |||
1656 | umr->xlt_octowords = cpu_to_be16(get_xlt_octo(umrwr->xlt_size)); | ||
1657 | if (wr->send_flags & MLX5_IB_SEND_UMR_UPDATE_XLT) { | ||
1658 | diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c | ||
1659 | index ddfcf4ade7bf..dc3537651b80 100644 | ||
1660 | --- a/drivers/misc/eeprom/at24.c | ||
1661 | +++ b/drivers/misc/eeprom/at24.c | ||
1662 | @@ -724,7 +724,7 @@ static int at24_probe(struct i2c_client *client) | ||
1663 | nvmem_config.name = dev_name(dev); | ||
1664 | nvmem_config.dev = dev; | ||
1665 | nvmem_config.read_only = !writable; | ||
1666 | - nvmem_config.root_only = true; | ||
1667 | + nvmem_config.root_only = !(pdata.flags & AT24_FLAG_IRUGO); | ||
1668 | nvmem_config.owner = THIS_MODULE; | ||
1669 | nvmem_config.compat = true; | ||
1670 | nvmem_config.base_dev = dev; | ||
1671 | diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c | ||
1672 | index 80dc2fd6576c..942da07c9eb8 100644 | ||
1673 | --- a/drivers/mmc/host/dw_mmc.c | ||
1674 | +++ b/drivers/mmc/host/dw_mmc.c | ||
1675 | @@ -2038,8 +2038,7 @@ static void dw_mci_tasklet_func(unsigned long priv) | ||
1676 | * delayed. Allowing the transfer to take place | ||
1677 | * avoids races and keeps things simple. | ||
1678 | */ | ||
1679 | - if ((err != -ETIMEDOUT) && | ||
1680 | - (cmd->opcode == MMC_SEND_TUNING_BLOCK)) { | ||
1681 | + if (err != -ETIMEDOUT) { | ||
1682 | state = STATE_SENDING_DATA; | ||
1683 | continue; | ||
1684 | } | ||
1685 | diff --git a/drivers/mmc/host/meson-mx-sdio.c b/drivers/mmc/host/meson-mx-sdio.c | ||
1686 | index 9841b447ccde..f6c76be2be0d 100644 | ||
1687 | --- a/drivers/mmc/host/meson-mx-sdio.c | ||
1688 | +++ b/drivers/mmc/host/meson-mx-sdio.c | ||
1689 | @@ -76,7 +76,7 @@ | ||
1690 | #define MESON_MX_SDIO_IRQC_IF_CONFIG_MASK GENMASK(7, 6) | ||
1691 | #define MESON_MX_SDIO_IRQC_FORCE_DATA_CLK BIT(8) | ||
1692 | #define MESON_MX_SDIO_IRQC_FORCE_DATA_CMD BIT(9) | ||
1693 | - #define MESON_MX_SDIO_IRQC_FORCE_DATA_DAT_MASK GENMASK(10, 13) | ||
1694 | + #define MESON_MX_SDIO_IRQC_FORCE_DATA_DAT_MASK GENMASK(13, 10) | ||
1695 | #define MESON_MX_SDIO_IRQC_SOFT_RESET BIT(15) | ||
1696 | #define MESON_MX_SDIO_IRQC_FORCE_HALT BIT(30) | ||
1697 | #define MESON_MX_SDIO_IRQC_HALT_HOLE BIT(31) | ||
1698 | diff --git a/drivers/mtd/nand/raw/nand_micron.c b/drivers/mtd/nand/raw/nand_micron.c | ||
1699 | index f5dc0a7a2456..fb401c25732c 100644 | ||
1700 | --- a/drivers/mtd/nand/raw/nand_micron.c | ||
1701 | +++ b/drivers/mtd/nand/raw/nand_micron.c | ||
1702 | @@ -400,6 +400,14 @@ static int micron_supports_on_die_ecc(struct nand_chip *chip) | ||
1703 | (chip->id.data[4] & MICRON_ID_INTERNAL_ECC_MASK) != 0x2) | ||
1704 | return MICRON_ON_DIE_UNSUPPORTED; | ||
1705 | |||
1706 | + /* | ||
1707 | + * It seems that there are devices which do not support ECC officially. | ||
1708 | + * At least the MT29F2G08ABAGA / MT29F2G08ABBGA devices supports | ||
1709 | + * enabling the ECC feature but don't reflect that to the READ_ID table. | ||
1710 | + * So we have to guarantee that we disable the ECC feature directly | ||
1711 | + * after we did the READ_ID table command. Later we can evaluate the | ||
1712 | + * ECC_ENABLE support. | ||
1713 | + */ | ||
1714 | ret = micron_nand_on_die_ecc_setup(chip, true); | ||
1715 | if (ret) | ||
1716 | return MICRON_ON_DIE_UNSUPPORTED; | ||
1717 | @@ -408,13 +416,13 @@ static int micron_supports_on_die_ecc(struct nand_chip *chip) | ||
1718 | if (ret) | ||
1719 | return MICRON_ON_DIE_UNSUPPORTED; | ||
1720 | |||
1721 | - if (!(id[4] & MICRON_ID_ECC_ENABLED)) | ||
1722 | - return MICRON_ON_DIE_UNSUPPORTED; | ||
1723 | - | ||
1724 | ret = micron_nand_on_die_ecc_setup(chip, false); | ||
1725 | if (ret) | ||
1726 | return MICRON_ON_DIE_UNSUPPORTED; | ||
1727 | |||
1728 | + if (!(id[4] & MICRON_ID_ECC_ENABLED)) | ||
1729 | + return MICRON_ON_DIE_UNSUPPORTED; | ||
1730 | + | ||
1731 | ret = nand_readid_op(chip, 0, id, sizeof(id)); | ||
1732 | if (ret) | ||
1733 | return MICRON_ON_DIE_UNSUPPORTED; | ||
1734 | diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c | ||
1735 | index bff74752cef1..3fe6a28027fe 100644 | ||
1736 | --- a/drivers/net/ethernet/emulex/benet/be_main.c | ||
1737 | +++ b/drivers/net/ethernet/emulex/benet/be_main.c | ||
1738 | @@ -4700,8 +4700,12 @@ int be_update_queues(struct be_adapter *adapter) | ||
1739 | struct net_device *netdev = adapter->netdev; | ||
1740 | int status; | ||
1741 | |||
1742 | - if (netif_running(netdev)) | ||
1743 | + if (netif_running(netdev)) { | ||
1744 | + /* device cannot transmit now, avoid dev_watchdog timeouts */ | ||
1745 | + netif_carrier_off(netdev); | ||
1746 | + | ||
1747 | be_close(netdev); | ||
1748 | + } | ||
1749 | |||
1750 | be_cancel_worker(adapter); | ||
1751 | |||
1752 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | ||
1753 | index b25048c6c761..21296fa7f7fb 100644 | ||
1754 | --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | ||
1755 | +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_dcb.c | ||
1756 | @@ -408,14 +408,6 @@ static int mlxsw_sp_port_dcb_app_update(struct mlxsw_sp_port *mlxsw_sp_port) | ||
1757 | have_dscp = mlxsw_sp_port_dcb_app_prio_dscp_map(mlxsw_sp_port, | ||
1758 | &prio_map); | ||
1759 | |||
1760 | - if (!have_dscp) { | ||
1761 | - err = mlxsw_sp_port_dcb_toggle_trust(mlxsw_sp_port, | ||
1762 | - MLXSW_REG_QPTS_TRUST_STATE_PCP); | ||
1763 | - if (err) | ||
1764 | - netdev_err(mlxsw_sp_port->dev, "Couldn't switch to trust L2\n"); | ||
1765 | - return err; | ||
1766 | - } | ||
1767 | - | ||
1768 | mlxsw_sp_port_dcb_app_dscp_prio_map(mlxsw_sp_port, default_prio, | ||
1769 | &dscp_map); | ||
1770 | err = mlxsw_sp_port_dcb_app_update_qpdpm(mlxsw_sp_port, | ||
1771 | @@ -432,6 +424,14 @@ static int mlxsw_sp_port_dcb_app_update(struct mlxsw_sp_port *mlxsw_sp_port) | ||
1772 | return err; | ||
1773 | } | ||
1774 | |||
1775 | + if (!have_dscp) { | ||
1776 | + err = mlxsw_sp_port_dcb_toggle_trust(mlxsw_sp_port, | ||
1777 | + MLXSW_REG_QPTS_TRUST_STATE_PCP); | ||
1778 | + if (err) | ||
1779 | + netdev_err(mlxsw_sp_port->dev, "Couldn't switch to trust L2\n"); | ||
1780 | + return err; | ||
1781 | + } | ||
1782 | + | ||
1783 | err = mlxsw_sp_port_dcb_toggle_trust(mlxsw_sp_port, | ||
1784 | MLXSW_REG_QPTS_TRUST_STATE_DSCP); | ||
1785 | if (err) { | ||
1786 | diff --git a/drivers/perf/arm_pmu.c b/drivers/perf/arm_pmu.c | ||
1787 | index d0b7dd8fb184..77995df7fe54 100644 | ||
1788 | --- a/drivers/perf/arm_pmu.c | ||
1789 | +++ b/drivers/perf/arm_pmu.c | ||
1790 | @@ -730,8 +730,8 @@ static int cpu_pm_pmu_notify(struct notifier_block *b, unsigned long cmd, | ||
1791 | cpu_pm_pmu_setup(armpmu, cmd); | ||
1792 | break; | ||
1793 | case CPU_PM_EXIT: | ||
1794 | - cpu_pm_pmu_setup(armpmu, cmd); | ||
1795 | case CPU_PM_ENTER_FAILED: | ||
1796 | + cpu_pm_pmu_setup(armpmu, cmd); | ||
1797 | armpmu->start(armpmu); | ||
1798 | break; | ||
1799 | default: | ||
1800 | diff --git a/drivers/rapidio/devices/rio_mport_cdev.c b/drivers/rapidio/devices/rio_mport_cdev.c | ||
1801 | index cbe467ff1aba..fa0bbda4b3f2 100644 | ||
1802 | --- a/drivers/rapidio/devices/rio_mport_cdev.c | ||
1803 | +++ b/drivers/rapidio/devices/rio_mport_cdev.c | ||
1804 | @@ -1688,6 +1688,7 @@ static int rio_mport_add_riodev(struct mport_cdev_priv *priv, | ||
1805 | |||
1806 | if (copy_from_user(&dev_info, arg, sizeof(dev_info))) | ||
1807 | return -EFAULT; | ||
1808 | + dev_info.name[sizeof(dev_info.name) - 1] = '\0'; | ||
1809 | |||
1810 | rmcd_debug(RDEV, "name:%s ct:0x%x did:0x%x hc:0x%x", dev_info.name, | ||
1811 | dev_info.comptag, dev_info.destid, dev_info.hopcount); | ||
1812 | @@ -1819,6 +1820,7 @@ static int rio_mport_del_riodev(struct mport_cdev_priv *priv, void __user *arg) | ||
1813 | |||
1814 | if (copy_from_user(&dev_info, arg, sizeof(dev_info))) | ||
1815 | return -EFAULT; | ||
1816 | + dev_info.name[sizeof(dev_info.name) - 1] = '\0'; | ||
1817 | |||
1818 | mport = priv->md->mport; | ||
1819 | |||
1820 | diff --git a/drivers/s390/block/dasd_alias.c b/drivers/s390/block/dasd_alias.c | ||
1821 | index b9ce93e9df89..99f86612f775 100644 | ||
1822 | --- a/drivers/s390/block/dasd_alias.c | ||
1823 | +++ b/drivers/s390/block/dasd_alias.c | ||
1824 | @@ -383,6 +383,20 @@ suborder_not_supported(struct dasd_ccw_req *cqr) | ||
1825 | char msg_format; | ||
1826 | char msg_no; | ||
1827 | |||
1828 | + /* | ||
1829 | + * intrc values ENODEV, ENOLINK and EPERM | ||
1830 | + * will be optained from sleep_on to indicate that no | ||
1831 | + * IO operation can be started | ||
1832 | + */ | ||
1833 | + if (cqr->intrc == -ENODEV) | ||
1834 | + return 1; | ||
1835 | + | ||
1836 | + if (cqr->intrc == -ENOLINK) | ||
1837 | + return 1; | ||
1838 | + | ||
1839 | + if (cqr->intrc == -EPERM) | ||
1840 | + return 1; | ||
1841 | + | ||
1842 | sense = dasd_get_sense(&cqr->irb); | ||
1843 | if (!sense) | ||
1844 | return 0; | ||
1845 | @@ -447,12 +461,8 @@ static int read_unit_address_configuration(struct dasd_device *device, | ||
1846 | lcu->flags &= ~NEED_UAC_UPDATE; | ||
1847 | spin_unlock_irqrestore(&lcu->lock, flags); | ||
1848 | |||
1849 | - do { | ||
1850 | - rc = dasd_sleep_on(cqr); | ||
1851 | - if (rc && suborder_not_supported(cqr)) | ||
1852 | - return -EOPNOTSUPP; | ||
1853 | - } while (rc && (cqr->retries > 0)); | ||
1854 | - if (rc) { | ||
1855 | + rc = dasd_sleep_on(cqr); | ||
1856 | + if (rc && !suborder_not_supported(cqr)) { | ||
1857 | spin_lock_irqsave(&lcu->lock, flags); | ||
1858 | lcu->flags |= NEED_UAC_UPDATE; | ||
1859 | spin_unlock_irqrestore(&lcu->lock, flags); | ||
1860 | diff --git a/drivers/s390/scsi/zfcp_erp.c b/drivers/s390/scsi/zfcp_erp.c | ||
1861 | index ebdbc457003f..332701db7379 100644 | ||
1862 | --- a/drivers/s390/scsi/zfcp_erp.c | ||
1863 | +++ b/drivers/s390/scsi/zfcp_erp.c | ||
1864 | @@ -11,6 +11,7 @@ | ||
1865 | #define pr_fmt(fmt) KMSG_COMPONENT ": " fmt | ||
1866 | |||
1867 | #include <linux/kthread.h> | ||
1868 | +#include <linux/bug.h> | ||
1869 | #include "zfcp_ext.h" | ||
1870 | #include "zfcp_reqlist.h" | ||
1871 | |||
1872 | @@ -238,6 +239,12 @@ static struct zfcp_erp_action *zfcp_erp_setup_act(int need, u32 act_status, | ||
1873 | struct zfcp_erp_action *erp_action; | ||
1874 | struct zfcp_scsi_dev *zfcp_sdev; | ||
1875 | |||
1876 | + if (WARN_ON_ONCE(need != ZFCP_ERP_ACTION_REOPEN_LUN && | ||
1877 | + need != ZFCP_ERP_ACTION_REOPEN_PORT && | ||
1878 | + need != ZFCP_ERP_ACTION_REOPEN_PORT_FORCED && | ||
1879 | + need != ZFCP_ERP_ACTION_REOPEN_ADAPTER)) | ||
1880 | + return NULL; | ||
1881 | + | ||
1882 | switch (need) { | ||
1883 | case ZFCP_ERP_ACTION_REOPEN_LUN: | ||
1884 | zfcp_sdev = sdev_to_zfcp(sdev); | ||
1885 | diff --git a/drivers/scsi/mpt3sas/mpt3sas_base.c b/drivers/scsi/mpt3sas/mpt3sas_base.c | ||
1886 | index 8776330175e3..d2ab52026014 100644 | ||
1887 | --- a/drivers/scsi/mpt3sas/mpt3sas_base.c | ||
1888 | +++ b/drivers/scsi/mpt3sas/mpt3sas_base.c | ||
1889 | @@ -2565,12 +2565,14 @@ _base_config_dma_addressing(struct MPT3SAS_ADAPTER *ioc, struct pci_dev *pdev) | ||
1890 | { | ||
1891 | struct sysinfo s; | ||
1892 | u64 consistent_dma_mask; | ||
1893 | + /* Set 63 bit DMA mask for all SAS3 and SAS35 controllers */ | ||
1894 | + int dma_mask = (ioc->hba_mpi_version_belonged > MPI2_VERSION) ? 63 : 64; | ||
1895 | |||
1896 | if (ioc->is_mcpu_endpoint) | ||
1897 | goto try_32bit; | ||
1898 | |||
1899 | if (ioc->dma_mask) | ||
1900 | - consistent_dma_mask = DMA_BIT_MASK(64); | ||
1901 | + consistent_dma_mask = DMA_BIT_MASK(dma_mask); | ||
1902 | else | ||
1903 | consistent_dma_mask = DMA_BIT_MASK(32); | ||
1904 | |||
1905 | @@ -2578,11 +2580,11 @@ _base_config_dma_addressing(struct MPT3SAS_ADAPTER *ioc, struct pci_dev *pdev) | ||
1906 | const uint64_t required_mask = | ||
1907 | dma_get_required_mask(&pdev->dev); | ||
1908 | if ((required_mask > DMA_BIT_MASK(32)) && | ||
1909 | - !pci_set_dma_mask(pdev, DMA_BIT_MASK(64)) && | ||
1910 | + !pci_set_dma_mask(pdev, DMA_BIT_MASK(dma_mask)) && | ||
1911 | !pci_set_consistent_dma_mask(pdev, consistent_dma_mask)) { | ||
1912 | ioc->base_add_sg_single = &_base_add_sg_single_64; | ||
1913 | ioc->sge_size = sizeof(Mpi2SGESimple64_t); | ||
1914 | - ioc->dma_mask = 64; | ||
1915 | + ioc->dma_mask = dma_mask; | ||
1916 | goto out; | ||
1917 | } | ||
1918 | } | ||
1919 | @@ -2609,7 +2611,7 @@ static int | ||
1920 | _base_change_consistent_dma_mask(struct MPT3SAS_ADAPTER *ioc, | ||
1921 | struct pci_dev *pdev) | ||
1922 | { | ||
1923 | - if (pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(64))) { | ||
1924 | + if (pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(ioc->dma_mask))) { | ||
1925 | if (pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32))) | ||
1926 | return -ENODEV; | ||
1927 | } | ||
1928 | @@ -4545,7 +4547,7 @@ _base_allocate_memory_pools(struct MPT3SAS_ADAPTER *ioc) | ||
1929 | total_sz += sz; | ||
1930 | } while (ioc->rdpq_array_enable && (++i < ioc->reply_queue_count)); | ||
1931 | |||
1932 | - if (ioc->dma_mask == 64) { | ||
1933 | + if (ioc->dma_mask > 32) { | ||
1934 | if (_base_change_consistent_dma_mask(ioc, ioc->pdev) != 0) { | ||
1935 | pr_warn(MPT3SAS_FMT | ||
1936 | "no suitable consistent DMA mask for %s\n", | ||
1937 | diff --git a/drivers/xen/swiotlb-xen.c b/drivers/xen/swiotlb-xen.c | ||
1938 | index aa081f806728..3d9997595d90 100644 | ||
1939 | --- a/drivers/xen/swiotlb-xen.c | ||
1940 | +++ b/drivers/xen/swiotlb-xen.c | ||
1941 | @@ -357,8 +357,8 @@ xen_swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr, | ||
1942 | /* Convert the size to actually allocated. */ | ||
1943 | size = 1UL << (order + XEN_PAGE_SHIFT); | ||
1944 | |||
1945 | - if (((dev_addr + size - 1 <= dma_mask)) || | ||
1946 | - range_straddles_page_boundary(phys, size)) | ||
1947 | + if (!WARN_ON((dev_addr + size - 1 > dma_mask) || | ||
1948 | + range_straddles_page_boundary(phys, size))) | ||
1949 | xen_destroy_contiguous_region(phys, order); | ||
1950 | |||
1951 | xen_free_coherent_pages(hwdev, size, vaddr, (dma_addr_t)phys, attrs); | ||
1952 | diff --git a/fs/adfs/super.c b/fs/adfs/super.c | ||
1953 | index 7e099a7a4eb1..4dc15b263489 100644 | ||
1954 | --- a/fs/adfs/super.c | ||
1955 | +++ b/fs/adfs/super.c | ||
1956 | @@ -369,6 +369,7 @@ static int adfs_fill_super(struct super_block *sb, void *data, int silent) | ||
1957 | struct buffer_head *bh; | ||
1958 | struct object_info root_obj; | ||
1959 | unsigned char *b_data; | ||
1960 | + unsigned int blocksize; | ||
1961 | struct adfs_sb_info *asb; | ||
1962 | struct inode *root; | ||
1963 | int ret = -EINVAL; | ||
1964 | @@ -420,8 +421,10 @@ static int adfs_fill_super(struct super_block *sb, void *data, int silent) | ||
1965 | goto error_free_bh; | ||
1966 | } | ||
1967 | |||
1968 | + blocksize = 1 << dr->log2secsize; | ||
1969 | brelse(bh); | ||
1970 | - if (sb_set_blocksize(sb, 1 << dr->log2secsize)) { | ||
1971 | + | ||
1972 | + if (sb_set_blocksize(sb, blocksize)) { | ||
1973 | bh = sb_bread(sb, ADFS_DISCRECORD / sb->s_blocksize); | ||
1974 | if (!bh) { | ||
1975 | adfs_error(sb, "couldn't read superblock on " | ||
1976 | diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c | ||
1977 | index e46e83e87600..734866ab5194 100644 | ||
1978 | --- a/fs/btrfs/qgroup.c | ||
1979 | +++ b/fs/btrfs/qgroup.c | ||
1980 | @@ -2249,6 +2249,7 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, | ||
1981 | int ret = 0; | ||
1982 | int i; | ||
1983 | u64 *i_qgroups; | ||
1984 | + bool committing = false; | ||
1985 | struct btrfs_fs_info *fs_info = trans->fs_info; | ||
1986 | struct btrfs_root *quota_root; | ||
1987 | struct btrfs_qgroup *srcgroup; | ||
1988 | @@ -2256,7 +2257,25 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, | ||
1989 | u32 level_size = 0; | ||
1990 | u64 nums; | ||
1991 | |||
1992 | - mutex_lock(&fs_info->qgroup_ioctl_lock); | ||
1993 | + /* | ||
1994 | + * There are only two callers of this function. | ||
1995 | + * | ||
1996 | + * One in create_subvol() in the ioctl context, which needs to hold | ||
1997 | + * the qgroup_ioctl_lock. | ||
1998 | + * | ||
1999 | + * The other one in create_pending_snapshot() where no other qgroup | ||
2000 | + * code can modify the fs as they all need to either start a new trans | ||
2001 | + * or hold a trans handler, thus we don't need to hold | ||
2002 | + * qgroup_ioctl_lock. | ||
2003 | + * This would avoid long and complex lock chain and make lockdep happy. | ||
2004 | + */ | ||
2005 | + spin_lock(&fs_info->trans_lock); | ||
2006 | + if (trans->transaction->state == TRANS_STATE_COMMIT_DOING) | ||
2007 | + committing = true; | ||
2008 | + spin_unlock(&fs_info->trans_lock); | ||
2009 | + | ||
2010 | + if (!committing) | ||
2011 | + mutex_lock(&fs_info->qgroup_ioctl_lock); | ||
2012 | if (!test_bit(BTRFS_FS_QUOTA_ENABLED, &fs_info->flags)) | ||
2013 | goto out; | ||
2014 | |||
2015 | @@ -2420,7 +2439,8 @@ int btrfs_qgroup_inherit(struct btrfs_trans_handle *trans, u64 srcid, | ||
2016 | unlock: | ||
2017 | spin_unlock(&fs_info->qgroup_lock); | ||
2018 | out: | ||
2019 | - mutex_unlock(&fs_info->qgroup_ioctl_lock); | ||
2020 | + if (!committing) | ||
2021 | + mutex_unlock(&fs_info->qgroup_ioctl_lock); | ||
2022 | return ret; | ||
2023 | } | ||
2024 | |||
2025 | diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c | ||
2026 | index 258392b75048..48ddbc187e58 100644 | ||
2027 | --- a/fs/btrfs/send.c | ||
2028 | +++ b/fs/btrfs/send.c | ||
2029 | @@ -6272,68 +6272,21 @@ static int changed_extent(struct send_ctx *sctx, | ||
2030 | { | ||
2031 | int ret = 0; | ||
2032 | |||
2033 | - if (sctx->cur_ino != sctx->cmp_key->objectid) { | ||
2034 | - | ||
2035 | - if (result == BTRFS_COMPARE_TREE_CHANGED) { | ||
2036 | - struct extent_buffer *leaf_l; | ||
2037 | - struct extent_buffer *leaf_r; | ||
2038 | - struct btrfs_file_extent_item *ei_l; | ||
2039 | - struct btrfs_file_extent_item *ei_r; | ||
2040 | - | ||
2041 | - leaf_l = sctx->left_path->nodes[0]; | ||
2042 | - leaf_r = sctx->right_path->nodes[0]; | ||
2043 | - ei_l = btrfs_item_ptr(leaf_l, | ||
2044 | - sctx->left_path->slots[0], | ||
2045 | - struct btrfs_file_extent_item); | ||
2046 | - ei_r = btrfs_item_ptr(leaf_r, | ||
2047 | - sctx->right_path->slots[0], | ||
2048 | - struct btrfs_file_extent_item); | ||
2049 | - | ||
2050 | - /* | ||
2051 | - * We may have found an extent item that has changed | ||
2052 | - * only its disk_bytenr field and the corresponding | ||
2053 | - * inode item was not updated. This case happens due to | ||
2054 | - * very specific timings during relocation when a leaf | ||
2055 | - * that contains file extent items is COWed while | ||
2056 | - * relocation is ongoing and its in the stage where it | ||
2057 | - * updates data pointers. So when this happens we can | ||
2058 | - * safely ignore it since we know it's the same extent, | ||
2059 | - * but just at different logical and physical locations | ||
2060 | - * (when an extent is fully replaced with a new one, we | ||
2061 | - * know the generation number must have changed too, | ||
2062 | - * since snapshot creation implies committing the current | ||
2063 | - * transaction, and the inode item must have been updated | ||
2064 | - * as well). | ||
2065 | - * This replacement of the disk_bytenr happens at | ||
2066 | - * relocation.c:replace_file_extents() through | ||
2067 | - * relocation.c:btrfs_reloc_cow_block(). | ||
2068 | - */ | ||
2069 | - if (btrfs_file_extent_generation(leaf_l, ei_l) == | ||
2070 | - btrfs_file_extent_generation(leaf_r, ei_r) && | ||
2071 | - btrfs_file_extent_ram_bytes(leaf_l, ei_l) == | ||
2072 | - btrfs_file_extent_ram_bytes(leaf_r, ei_r) && | ||
2073 | - btrfs_file_extent_compression(leaf_l, ei_l) == | ||
2074 | - btrfs_file_extent_compression(leaf_r, ei_r) && | ||
2075 | - btrfs_file_extent_encryption(leaf_l, ei_l) == | ||
2076 | - btrfs_file_extent_encryption(leaf_r, ei_r) && | ||
2077 | - btrfs_file_extent_other_encoding(leaf_l, ei_l) == | ||
2078 | - btrfs_file_extent_other_encoding(leaf_r, ei_r) && | ||
2079 | - btrfs_file_extent_type(leaf_l, ei_l) == | ||
2080 | - btrfs_file_extent_type(leaf_r, ei_r) && | ||
2081 | - btrfs_file_extent_disk_bytenr(leaf_l, ei_l) != | ||
2082 | - btrfs_file_extent_disk_bytenr(leaf_r, ei_r) && | ||
2083 | - btrfs_file_extent_disk_num_bytes(leaf_l, ei_l) == | ||
2084 | - btrfs_file_extent_disk_num_bytes(leaf_r, ei_r) && | ||
2085 | - btrfs_file_extent_offset(leaf_l, ei_l) == | ||
2086 | - btrfs_file_extent_offset(leaf_r, ei_r) && | ||
2087 | - btrfs_file_extent_num_bytes(leaf_l, ei_l) == | ||
2088 | - btrfs_file_extent_num_bytes(leaf_r, ei_r)) | ||
2089 | - return 0; | ||
2090 | - } | ||
2091 | - | ||
2092 | - inconsistent_snapshot_error(sctx, result, "extent"); | ||
2093 | - return -EIO; | ||
2094 | - } | ||
2095 | + /* | ||
2096 | + * We have found an extent item that changed without the inode item | ||
2097 | + * having changed. This can happen either after relocation (where the | ||
2098 | + * disk_bytenr of an extent item is replaced at | ||
2099 | + * relocation.c:replace_file_extents()) or after deduplication into a | ||
2100 | + * file in both the parent and send snapshots (where an extent item can | ||
2101 | + * get modified or replaced with a new one). Note that deduplication | ||
2102 | + * updates the inode item, but it only changes the iversion (sequence | ||
2103 | + * field in the inode item) of the inode, so if a file is deduplicated | ||
2104 | + * the same amount of times in both the parent and send snapshots, its | ||
2105 | + * iversion becames the same in both snapshots, whence the inode item is | ||
2106 | + * the same on both snapshots. | ||
2107 | + */ | ||
2108 | + if (sctx->cur_ino != sctx->cmp_key->objectid) | ||
2109 | + return 0; | ||
2110 | |||
2111 | if (!sctx->cur_inode_new_gen && !sctx->cur_inode_deleted) { | ||
2112 | if (result != BTRFS_COMPARE_TREE_DELETED) | ||
2113 | diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c | ||
2114 | index bb8f6c020d22..f1ca53a3ff0b 100644 | ||
2115 | --- a/fs/btrfs/transaction.c | ||
2116 | +++ b/fs/btrfs/transaction.c | ||
2117 | @@ -2027,6 +2027,16 @@ int btrfs_commit_transaction(struct btrfs_trans_handle *trans) | ||
2118 | } | ||
2119 | } else { | ||
2120 | spin_unlock(&fs_info->trans_lock); | ||
2121 | + /* | ||
2122 | + * The previous transaction was aborted and was already removed | ||
2123 | + * from the list of transactions at fs_info->trans_list. So we | ||
2124 | + * abort to prevent writing a new superblock that reflects a | ||
2125 | + * corrupt state (pointing to trees with unwritten nodes/leafs). | ||
2126 | + */ | ||
2127 | + if (test_bit(BTRFS_FS_STATE_TRANS_ABORTED, &fs_info->fs_state)) { | ||
2128 | + ret = -EROFS; | ||
2129 | + goto cleanup_transaction; | ||
2130 | + } | ||
2131 | } | ||
2132 | |||
2133 | extwriter_counter_dec(cur_trans, trans->type); | ||
2134 | diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c | ||
2135 | index 2fd000308be7..6e008bd5c8cd 100644 | ||
2136 | --- a/fs/btrfs/volumes.c | ||
2137 | +++ b/fs/btrfs/volumes.c | ||
2138 | @@ -5040,8 +5040,7 @@ static inline int btrfs_chunk_max_errors(struct map_lookup *map) | ||
2139 | |||
2140 | if (map->type & (BTRFS_BLOCK_GROUP_RAID1 | | ||
2141 | BTRFS_BLOCK_GROUP_RAID10 | | ||
2142 | - BTRFS_BLOCK_GROUP_RAID5 | | ||
2143 | - BTRFS_BLOCK_GROUP_DUP)) { | ||
2144 | + BTRFS_BLOCK_GROUP_RAID5)) { | ||
2145 | max_errors = 1; | ||
2146 | } else if (map->type & BTRFS_BLOCK_GROUP_RAID6) { | ||
2147 | max_errors = 2; | ||
2148 | diff --git a/fs/ceph/super.h b/fs/ceph/super.h | ||
2149 | index 582e28fd1b7b..d8579a56e5dc 100644 | ||
2150 | --- a/fs/ceph/super.h | ||
2151 | +++ b/fs/ceph/super.h | ||
2152 | @@ -526,7 +526,12 @@ static inline void __ceph_dir_set_complete(struct ceph_inode_info *ci, | ||
2153 | long long release_count, | ||
2154 | long long ordered_count) | ||
2155 | { | ||
2156 | - smp_mb__before_atomic(); | ||
2157 | + /* | ||
2158 | + * Makes sure operations that setup readdir cache (update page | ||
2159 | + * cache and i_size) are strongly ordered w.r.t. the following | ||
2160 | + * atomic64_set() operations. | ||
2161 | + */ | ||
2162 | + smp_mb(); | ||
2163 | atomic64_set(&ci->i_complete_seq[0], release_count); | ||
2164 | atomic64_set(&ci->i_complete_seq[1], ordered_count); | ||
2165 | } | ||
2166 | diff --git a/fs/ceph/xattr.c b/fs/ceph/xattr.c | ||
2167 | index 5cc8b94f8206..0a2d4898ee16 100644 | ||
2168 | --- a/fs/ceph/xattr.c | ||
2169 | +++ b/fs/ceph/xattr.c | ||
2170 | @@ -79,7 +79,7 @@ static size_t ceph_vxattrcb_layout(struct ceph_inode_info *ci, char *val, | ||
2171 | const char *ns_field = " pool_namespace="; | ||
2172 | char buf[128]; | ||
2173 | size_t len, total_len = 0; | ||
2174 | - int ret; | ||
2175 | + ssize_t ret; | ||
2176 | |||
2177 | pool_ns = ceph_try_get_string(ci->i_layout.pool_ns); | ||
2178 | |||
2179 | @@ -103,11 +103,8 @@ static size_t ceph_vxattrcb_layout(struct ceph_inode_info *ci, char *val, | ||
2180 | if (pool_ns) | ||
2181 | total_len += strlen(ns_field) + pool_ns->len; | ||
2182 | |||
2183 | - if (!size) { | ||
2184 | - ret = total_len; | ||
2185 | - } else if (total_len > size) { | ||
2186 | - ret = -ERANGE; | ||
2187 | - } else { | ||
2188 | + ret = total_len; | ||
2189 | + if (size >= total_len) { | ||
2190 | memcpy(val, buf, len); | ||
2191 | ret = len; | ||
2192 | if (pool_name) { | ||
2193 | @@ -817,8 +814,11 @@ ssize_t __ceph_getxattr(struct inode *inode, const char *name, void *value, | ||
2194 | if (err) | ||
2195 | return err; | ||
2196 | err = -ENODATA; | ||
2197 | - if (!(vxattr->exists_cb && !vxattr->exists_cb(ci))) | ||
2198 | + if (!(vxattr->exists_cb && !vxattr->exists_cb(ci))) { | ||
2199 | err = vxattr->getxattr_cb(ci, value, size); | ||
2200 | + if (size && size < err) | ||
2201 | + err = -ERANGE; | ||
2202 | + } | ||
2203 | return err; | ||
2204 | } | ||
2205 | |||
2206 | diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c | ||
2207 | index f31339db45fd..c53a2e86ed54 100644 | ||
2208 | --- a/fs/cifs/connect.c | ||
2209 | +++ b/fs/cifs/connect.c | ||
2210 | @@ -563,10 +563,10 @@ static bool | ||
2211 | server_unresponsive(struct TCP_Server_Info *server) | ||
2212 | { | ||
2213 | /* | ||
2214 | - * We need to wait 2 echo intervals to make sure we handle such | ||
2215 | + * We need to wait 3 echo intervals to make sure we handle such | ||
2216 | * situations right: | ||
2217 | * 1s client sends a normal SMB request | ||
2218 | - * 2s client gets a response | ||
2219 | + * 3s client gets a response | ||
2220 | * 30s echo workqueue job pops, and decides we got a response recently | ||
2221 | * and don't need to send another | ||
2222 | * ... | ||
2223 | @@ -575,9 +575,9 @@ server_unresponsive(struct TCP_Server_Info *server) | ||
2224 | */ | ||
2225 | if ((server->tcpStatus == CifsGood || | ||
2226 | server->tcpStatus == CifsNeedNegotiate) && | ||
2227 | - time_after(jiffies, server->lstrp + 2 * server->echo_interval)) { | ||
2228 | + time_after(jiffies, server->lstrp + 3 * server->echo_interval)) { | ||
2229 | cifs_dbg(VFS, "Server %s has not responded in %lu seconds. Reconnecting...\n", | ||
2230 | - server->hostname, (2 * server->echo_interval) / HZ); | ||
2231 | + server->hostname, (3 * server->echo_interval) / HZ); | ||
2232 | cifs_reconnect(server); | ||
2233 | wake_up(&server->response_q); | ||
2234 | return true; | ||
2235 | diff --git a/fs/coda/psdev.c b/fs/coda/psdev.c | ||
2236 | index c5234c21b539..55824cba3245 100644 | ||
2237 | --- a/fs/coda/psdev.c | ||
2238 | +++ b/fs/coda/psdev.c | ||
2239 | @@ -187,8 +187,11 @@ static ssize_t coda_psdev_write(struct file *file, const char __user *buf, | ||
2240 | if (req->uc_opcode == CODA_OPEN_BY_FD) { | ||
2241 | struct coda_open_by_fd_out *outp = | ||
2242 | (struct coda_open_by_fd_out *)req->uc_data; | ||
2243 | - if (!outp->oh.result) | ||
2244 | + if (!outp->oh.result) { | ||
2245 | outp->fh = fget(outp->fd); | ||
2246 | + if (!outp->fh) | ||
2247 | + return -EBADF; | ||
2248 | + } | ||
2249 | } | ||
2250 | |||
2251 | wake_up(&req->uc_sleep); | ||
2252 | diff --git a/include/linux/acpi.h b/include/linux/acpi.h | ||
2253 | index de8d3d3fa651..b4d23b3a2ef2 100644 | ||
2254 | --- a/include/linux/acpi.h | ||
2255 | +++ b/include/linux/acpi.h | ||
2256 | @@ -326,7 +326,10 @@ void acpi_set_irq_model(enum acpi_irq_model_id model, | ||
2257 | #ifdef CONFIG_X86_IO_APIC | ||
2258 | extern int acpi_get_override_irq(u32 gsi, int *trigger, int *polarity); | ||
2259 | #else | ||
2260 | -#define acpi_get_override_irq(gsi, trigger, polarity) (-1) | ||
2261 | +static inline int acpi_get_override_irq(u32 gsi, int *trigger, int *polarity) | ||
2262 | +{ | ||
2263 | + return -1; | ||
2264 | +} | ||
2265 | #endif | ||
2266 | /* | ||
2267 | * This function undoes the effect of one call to acpi_register_gsi(). | ||
2268 | diff --git a/include/linux/coda.h b/include/linux/coda.h | ||
2269 | index d30209b9cef8..0ca0c83fdb1c 100644 | ||
2270 | --- a/include/linux/coda.h | ||
2271 | +++ b/include/linux/coda.h | ||
2272 | @@ -58,8 +58,7 @@ Mellon the rights to redistribute these changes without encumbrance. | ||
2273 | #ifndef _CODA_HEADER_ | ||
2274 | #define _CODA_HEADER_ | ||
2275 | |||
2276 | -#if defined(__linux__) | ||
2277 | typedef unsigned long long u_quad_t; | ||
2278 | -#endif | ||
2279 | + | ||
2280 | #include <uapi/linux/coda.h> | ||
2281 | #endif | ||
2282 | diff --git a/include/linux/coda_psdev.h b/include/linux/coda_psdev.h | ||
2283 | index 15170954aa2b..57d2b2faf6a3 100644 | ||
2284 | --- a/include/linux/coda_psdev.h | ||
2285 | +++ b/include/linux/coda_psdev.h | ||
2286 | @@ -19,6 +19,17 @@ struct venus_comm { | ||
2287 | struct mutex vc_mutex; | ||
2288 | }; | ||
2289 | |||
2290 | +/* messages between coda filesystem in kernel and Venus */ | ||
2291 | +struct upc_req { | ||
2292 | + struct list_head uc_chain; | ||
2293 | + caddr_t uc_data; | ||
2294 | + u_short uc_flags; | ||
2295 | + u_short uc_inSize; /* Size is at most 5000 bytes */ | ||
2296 | + u_short uc_outSize; | ||
2297 | + u_short uc_opcode; /* copied from data to save lookup */ | ||
2298 | + int uc_unique; | ||
2299 | + wait_queue_head_t uc_sleep; /* process' wait queue */ | ||
2300 | +}; | ||
2301 | |||
2302 | static inline struct venus_comm *coda_vcp(struct super_block *sb) | ||
2303 | { | ||
2304 | diff --git a/include/uapi/linux/coda_psdev.h b/include/uapi/linux/coda_psdev.h | ||
2305 | index aa6623efd2dd..d50d51a57fe4 100644 | ||
2306 | --- a/include/uapi/linux/coda_psdev.h | ||
2307 | +++ b/include/uapi/linux/coda_psdev.h | ||
2308 | @@ -7,19 +7,6 @@ | ||
2309 | #define CODA_PSDEV_MAJOR 67 | ||
2310 | #define MAX_CODADEVS 5 /* how many do we allow */ | ||
2311 | |||
2312 | - | ||
2313 | -/* messages between coda filesystem in kernel and Venus */ | ||
2314 | -struct upc_req { | ||
2315 | - struct list_head uc_chain; | ||
2316 | - caddr_t uc_data; | ||
2317 | - u_short uc_flags; | ||
2318 | - u_short uc_inSize; /* Size is at most 5000 bytes */ | ||
2319 | - u_short uc_outSize; | ||
2320 | - u_short uc_opcode; /* copied from data to save lookup */ | ||
2321 | - int uc_unique; | ||
2322 | - wait_queue_head_t uc_sleep; /* process' wait queue */ | ||
2323 | -}; | ||
2324 | - | ||
2325 | #define CODA_REQ_ASYNC 0x1 | ||
2326 | #define CODA_REQ_READ 0x2 | ||
2327 | #define CODA_REQ_WRITE 0x4 | ||
2328 | diff --git a/ipc/mqueue.c b/ipc/mqueue.c | ||
2329 | index bce7af1546d9..de4070d5472f 100644 | ||
2330 | --- a/ipc/mqueue.c | ||
2331 | +++ b/ipc/mqueue.c | ||
2332 | @@ -389,7 +389,6 @@ static void mqueue_evict_inode(struct inode *inode) | ||
2333 | { | ||
2334 | struct mqueue_inode_info *info; | ||
2335 | struct user_struct *user; | ||
2336 | - unsigned long mq_bytes, mq_treesize; | ||
2337 | struct ipc_namespace *ipc_ns; | ||
2338 | struct msg_msg *msg, *nmsg; | ||
2339 | LIST_HEAD(tmp_msg); | ||
2340 | @@ -412,16 +411,18 @@ static void mqueue_evict_inode(struct inode *inode) | ||
2341 | free_msg(msg); | ||
2342 | } | ||
2343 | |||
2344 | - /* Total amount of bytes accounted for the mqueue */ | ||
2345 | - mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) + | ||
2346 | - min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) * | ||
2347 | - sizeof(struct posix_msg_tree_node); | ||
2348 | - | ||
2349 | - mq_bytes = mq_treesize + (info->attr.mq_maxmsg * | ||
2350 | - info->attr.mq_msgsize); | ||
2351 | - | ||
2352 | user = info->user; | ||
2353 | if (user) { | ||
2354 | + unsigned long mq_bytes, mq_treesize; | ||
2355 | + | ||
2356 | + /* Total amount of bytes accounted for the mqueue */ | ||
2357 | + mq_treesize = info->attr.mq_maxmsg * sizeof(struct msg_msg) + | ||
2358 | + min_t(unsigned int, info->attr.mq_maxmsg, MQ_PRIO_MAX) * | ||
2359 | + sizeof(struct posix_msg_tree_node); | ||
2360 | + | ||
2361 | + mq_bytes = mq_treesize + (info->attr.mq_maxmsg * | ||
2362 | + info->attr.mq_msgsize); | ||
2363 | + | ||
2364 | spin_lock(&mq_lock); | ||
2365 | user->mq_bytes -= mq_bytes; | ||
2366 | /* | ||
2367 | diff --git a/kernel/module.c b/kernel/module.c | ||
2368 | index b8f37376856b..3fda10c549a2 100644 | ||
2369 | --- a/kernel/module.c | ||
2370 | +++ b/kernel/module.c | ||
2371 | @@ -3388,8 +3388,7 @@ static bool finished_loading(const char *name) | ||
2372 | sched_annotate_sleep(); | ||
2373 | mutex_lock(&module_mutex); | ||
2374 | mod = find_module_all(name, strlen(name), true); | ||
2375 | - ret = !mod || mod->state == MODULE_STATE_LIVE | ||
2376 | - || mod->state == MODULE_STATE_GOING; | ||
2377 | + ret = !mod || mod->state == MODULE_STATE_LIVE; | ||
2378 | mutex_unlock(&module_mutex); | ||
2379 | |||
2380 | return ret; | ||
2381 | @@ -3559,8 +3558,7 @@ again: | ||
2382 | mutex_lock(&module_mutex); | ||
2383 | old = find_module_all(mod->name, strlen(mod->name), true); | ||
2384 | if (old != NULL) { | ||
2385 | - if (old->state == MODULE_STATE_COMING | ||
2386 | - || old->state == MODULE_STATE_UNFORMED) { | ||
2387 | + if (old->state != MODULE_STATE_LIVE) { | ||
2388 | /* Wait in case it fails to load. */ | ||
2389 | mutex_unlock(&module_mutex); | ||
2390 | err = wait_event_interruptible(module_wq, | ||
2391 | diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c | ||
2392 | index 118ecce14386..d9dd709b3c12 100644 | ||
2393 | --- a/kernel/trace/ftrace.c | ||
2394 | +++ b/kernel/trace/ftrace.c | ||
2395 | @@ -1647,6 +1647,11 @@ static bool test_rec_ops_needs_regs(struct dyn_ftrace *rec) | ||
2396 | return keep_regs; | ||
2397 | } | ||
2398 | |||
2399 | +static struct ftrace_ops * | ||
2400 | +ftrace_find_tramp_ops_any(struct dyn_ftrace *rec); | ||
2401 | +static struct ftrace_ops * | ||
2402 | +ftrace_find_tramp_ops_next(struct dyn_ftrace *rec, struct ftrace_ops *ops); | ||
2403 | + | ||
2404 | static bool __ftrace_hash_rec_update(struct ftrace_ops *ops, | ||
2405 | int filter_hash, | ||
2406 | bool inc) | ||
2407 | @@ -1775,15 +1780,17 @@ static bool __ftrace_hash_rec_update(struct ftrace_ops *ops, | ||
2408 | } | ||
2409 | |||
2410 | /* | ||
2411 | - * If the rec had TRAMP enabled, then it needs to | ||
2412 | - * be cleared. As TRAMP can only be enabled iff | ||
2413 | - * there is only a single ops attached to it. | ||
2414 | - * In otherwords, always disable it on decrementing. | ||
2415 | - * In the future, we may set it if rec count is | ||
2416 | - * decremented to one, and the ops that is left | ||
2417 | - * has a trampoline. | ||
2418 | + * The TRAMP needs to be set only if rec count | ||
2419 | + * is decremented to one, and the ops that is | ||
2420 | + * left has a trampoline. As TRAMP can only be | ||
2421 | + * enabled if there is only a single ops attached | ||
2422 | + * to it. | ||
2423 | */ | ||
2424 | - rec->flags &= ~FTRACE_FL_TRAMP; | ||
2425 | + if (ftrace_rec_count(rec) == 1 && | ||
2426 | + ftrace_find_tramp_ops_any(rec)) | ||
2427 | + rec->flags |= FTRACE_FL_TRAMP; | ||
2428 | + else | ||
2429 | + rec->flags &= ~FTRACE_FL_TRAMP; | ||
2430 | |||
2431 | /* | ||
2432 | * flags will be cleared in ftrace_check_record() | ||
2433 | @@ -1976,11 +1983,6 @@ static void print_ip_ins(const char *fmt, const unsigned char *p) | ||
2434 | printk(KERN_CONT "%s%02x", i ? ":" : "", p[i]); | ||
2435 | } | ||
2436 | |||
2437 | -static struct ftrace_ops * | ||
2438 | -ftrace_find_tramp_ops_any(struct dyn_ftrace *rec); | ||
2439 | -static struct ftrace_ops * | ||
2440 | -ftrace_find_tramp_ops_next(struct dyn_ftrace *rec, struct ftrace_ops *ops); | ||
2441 | - | ||
2442 | enum ftrace_bug_type ftrace_bug_type; | ||
2443 | const void *ftrace_expected; | ||
2444 | |||
2445 | diff --git a/lib/test_overflow.c b/lib/test_overflow.c | ||
2446 | index fc680562d8b6..7a4b6f6c5473 100644 | ||
2447 | --- a/lib/test_overflow.c | ||
2448 | +++ b/lib/test_overflow.c | ||
2449 | @@ -486,16 +486,17 @@ static int __init test_overflow_shift(void) | ||
2450 | * Deal with the various forms of allocator arguments. See comments above | ||
2451 | * the DEFINE_TEST_ALLOC() instances for mapping of the "bits". | ||
2452 | */ | ||
2453 | -#define alloc010(alloc, arg, sz) alloc(sz, GFP_KERNEL) | ||
2454 | -#define alloc011(alloc, arg, sz) alloc(sz, GFP_KERNEL, NUMA_NO_NODE) | ||
2455 | +#define alloc_GFP (GFP_KERNEL | __GFP_NOWARN) | ||
2456 | +#define alloc010(alloc, arg, sz) alloc(sz, alloc_GFP) | ||
2457 | +#define alloc011(alloc, arg, sz) alloc(sz, alloc_GFP, NUMA_NO_NODE) | ||
2458 | #define alloc000(alloc, arg, sz) alloc(sz) | ||
2459 | #define alloc001(alloc, arg, sz) alloc(sz, NUMA_NO_NODE) | ||
2460 | -#define alloc110(alloc, arg, sz) alloc(arg, sz, GFP_KERNEL) | ||
2461 | +#define alloc110(alloc, arg, sz) alloc(arg, sz, alloc_GFP) | ||
2462 | #define free0(free, arg, ptr) free(ptr) | ||
2463 | #define free1(free, arg, ptr) free(arg, ptr) | ||
2464 | |||
2465 | -/* Wrap around to 8K */ | ||
2466 | -#define TEST_SIZE (9 << PAGE_SHIFT) | ||
2467 | +/* Wrap around to 16K */ | ||
2468 | +#define TEST_SIZE (5 * 4096) | ||
2469 | |||
2470 | #define DEFINE_TEST_ALLOC(func, free_func, want_arg, want_gfp, want_node)\ | ||
2471 | static int __init test_ ## func (void *arg) \ | ||
2472 | diff --git a/lib/test_string.c b/lib/test_string.c | ||
2473 | index 0fcdb82dca86..98a787e7a1fd 100644 | ||
2474 | --- a/lib/test_string.c | ||
2475 | +++ b/lib/test_string.c | ||
2476 | @@ -35,7 +35,7 @@ static __init int memset16_selftest(void) | ||
2477 | fail: | ||
2478 | kfree(p); | ||
2479 | if (i < 256) | ||
2480 | - return (i << 24) | (j << 16) | k; | ||
2481 | + return (i << 24) | (j << 16) | k | 0x8000; | ||
2482 | return 0; | ||
2483 | } | ||
2484 | |||
2485 | @@ -71,7 +71,7 @@ static __init int memset32_selftest(void) | ||
2486 | fail: | ||
2487 | kfree(p); | ||
2488 | if (i < 256) | ||
2489 | - return (i << 24) | (j << 16) | k; | ||
2490 | + return (i << 24) | (j << 16) | k | 0x8000; | ||
2491 | return 0; | ||
2492 | } | ||
2493 | |||
2494 | @@ -107,7 +107,7 @@ static __init int memset64_selftest(void) | ||
2495 | fail: | ||
2496 | kfree(p); | ||
2497 | if (i < 256) | ||
2498 | - return (i << 24) | (j << 16) | k; | ||
2499 | + return (i << 24) | (j << 16) | k | 0x8000; | ||
2500 | return 0; | ||
2501 | } | ||
2502 | |||
2503 | diff --git a/mm/cma.c b/mm/cma.c | ||
2504 | index 476dfe13a701..4c2864270a39 100644 | ||
2505 | --- a/mm/cma.c | ||
2506 | +++ b/mm/cma.c | ||
2507 | @@ -282,6 +282,12 @@ int __init cma_declare_contiguous(phys_addr_t base, | ||
2508 | */ | ||
2509 | alignment = max(alignment, (phys_addr_t)PAGE_SIZE << | ||
2510 | max_t(unsigned long, MAX_ORDER - 1, pageblock_order)); | ||
2511 | + if (fixed && base & (alignment - 1)) { | ||
2512 | + ret = -EINVAL; | ||
2513 | + pr_err("Region at %pa must be aligned to %pa bytes\n", | ||
2514 | + &base, &alignment); | ||
2515 | + goto err; | ||
2516 | + } | ||
2517 | base = ALIGN(base, alignment); | ||
2518 | size = ALIGN(size, alignment); | ||
2519 | limit &= ~(alignment - 1); | ||
2520 | @@ -312,6 +318,13 @@ int __init cma_declare_contiguous(phys_addr_t base, | ||
2521 | if (limit == 0 || limit > memblock_end) | ||
2522 | limit = memblock_end; | ||
2523 | |||
2524 | + if (base + size > limit) { | ||
2525 | + ret = -EINVAL; | ||
2526 | + pr_err("Size (%pa) of region at %pa exceeds limit (%pa)\n", | ||
2527 | + &size, &base, &limit); | ||
2528 | + goto err; | ||
2529 | + } | ||
2530 | + | ||
2531 | /* Reserve memory */ | ||
2532 | if (fixed) { | ||
2533 | if (memblock_is_region_reserved(base, size) || | ||
2534 | diff --git a/mm/vmscan.c b/mm/vmscan.c | ||
2535 | index 576379e87421..b37610c0eac6 100644 | ||
2536 | --- a/mm/vmscan.c | ||
2537 | +++ b/mm/vmscan.c | ||
2538 | @@ -670,7 +670,14 @@ static unsigned long shrink_slab(gfp_t gfp_mask, int nid, | ||
2539 | unsigned long ret, freed = 0; | ||
2540 | struct shrinker *shrinker; | ||
2541 | |||
2542 | - if (!mem_cgroup_is_root(memcg)) | ||
2543 | + /* | ||
2544 | + * The root memcg might be allocated even though memcg is disabled | ||
2545 | + * via "cgroup_disable=memory" boot parameter. This could make | ||
2546 | + * mem_cgroup_is_root() return false, then just run memcg slab | ||
2547 | + * shrink, but skip global shrink. This may result in premature | ||
2548 | + * oom. | ||
2549 | + */ | ||
2550 | + if (!mem_cgroup_disabled() && !mem_cgroup_is_root(memcg)) | ||
2551 | return shrink_slab_memcg(gfp_mask, nid, memcg, priority); | ||
2552 | |||
2553 | if (!down_read_trylock(&shrinker_rwsem)) | ||
2554 | diff --git a/scripts/kconfig/confdata.c b/scripts/kconfig/confdata.c | ||
2555 | index fd99ae90a618..0dde19cf7486 100644 | ||
2556 | --- a/scripts/kconfig/confdata.c | ||
2557 | +++ b/scripts/kconfig/confdata.c | ||
2558 | @@ -784,6 +784,7 @@ int conf_write(const char *name) | ||
2559 | const char *str; | ||
2560 | char dirname[PATH_MAX+1], tmpname[PATH_MAX+22], newname[PATH_MAX+8]; | ||
2561 | char *env; | ||
2562 | + int i; | ||
2563 | |||
2564 | dirname[0] = 0; | ||
2565 | if (name && name[0]) { | ||
2566 | @@ -860,6 +861,9 @@ next: | ||
2567 | } | ||
2568 | fclose(out); | ||
2569 | |||
2570 | + for_all_symbols(i, sym) | ||
2571 | + sym->flags &= ~SYMBOL_WRITTEN; | ||
2572 | + | ||
2573 | if (*tmpname) { | ||
2574 | strcat(dirname, basename); | ||
2575 | strcat(dirname, ".old"); | ||
2576 | diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c | ||
2577 | index d31a52e56b9e..91d259c87d10 100644 | ||
2578 | --- a/security/selinux/ss/policydb.c | ||
2579 | +++ b/security/selinux/ss/policydb.c | ||
2580 | @@ -275,6 +275,8 @@ static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) | ||
2581 | return v; | ||
2582 | } | ||
2583 | |||
2584 | +static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap); | ||
2585 | + | ||
2586 | /* | ||
2587 | * Initialize a policy database structure. | ||
2588 | */ | ||
2589 | @@ -322,8 +324,10 @@ static int policydb_init(struct policydb *p) | ||
2590 | out: | ||
2591 | hashtab_destroy(p->filename_trans); | ||
2592 | hashtab_destroy(p->range_tr); | ||
2593 | - for (i = 0; i < SYM_NUM; i++) | ||
2594 | + for (i = 0; i < SYM_NUM; i++) { | ||
2595 | + hashtab_map(p->symtab[i].table, destroy_f[i], NULL); | ||
2596 | hashtab_destroy(p->symtab[i].table); | ||
2597 | + } | ||
2598 | return rc; | ||
2599 | } | ||
2600 | |||
2601 | diff --git a/sound/hda/hdac_i915.c b/sound/hda/hdac_i915.c | ||
2602 | index 27eb0270a711..3847fe841d33 100644 | ||
2603 | --- a/sound/hda/hdac_i915.c | ||
2604 | +++ b/sound/hda/hdac_i915.c | ||
2605 | @@ -143,10 +143,12 @@ int snd_hdac_i915_init(struct hdac_bus *bus) | ||
2606 | if (!acomp) | ||
2607 | return -ENODEV; | ||
2608 | if (!acomp->ops) { | ||
2609 | - request_module("i915"); | ||
2610 | - /* 60s timeout */ | ||
2611 | - wait_for_completion_timeout(&bind_complete, | ||
2612 | - msecs_to_jiffies(60 * 1000)); | ||
2613 | + if (!IS_ENABLED(CONFIG_MODULES) || | ||
2614 | + !request_module("i915")) { | ||
2615 | + /* 60s timeout */ | ||
2616 | + wait_for_completion_timeout(&bind_complete, | ||
2617 | + msecs_to_jiffies(60 * 1000)); | ||
2618 | + } | ||
2619 | } | ||
2620 | if (!acomp->ops) { | ||
2621 | dev_info(bus->dev, "couldn't bind with audio component\n"); | ||
2622 | diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c | ||
2623 | index abed594a9653..b8f3cca8e58b 100644 | ||
2624 | --- a/tools/objtool/elf.c | ||
2625 | +++ b/tools/objtool/elf.c | ||
2626 | @@ -305,7 +305,7 @@ static int read_symbols(struct elf *elf) | ||
2627 | if (sym->type != STT_FUNC) | ||
2628 | continue; | ||
2629 | sym->pfunc = sym->cfunc = sym; | ||
2630 | - coldstr = strstr(sym->name, ".cold."); | ||
2631 | + coldstr = strstr(sym->name, ".cold"); | ||
2632 | if (!coldstr) | ||
2633 | continue; | ||
2634 | |||
2635 | diff --git a/tools/perf/builtin-version.c b/tools/perf/builtin-version.c | ||
2636 | index 50df168be326..b02c96104640 100644 | ||
2637 | --- a/tools/perf/builtin-version.c | ||
2638 | +++ b/tools/perf/builtin-version.c | ||
2639 | @@ -19,6 +19,7 @@ static struct version version; | ||
2640 | static struct option version_options[] = { | ||
2641 | OPT_BOOLEAN(0, "build-options", &version.build_options, | ||
2642 | "display the build options"), | ||
2643 | + OPT_END(), | ||
2644 | }; | ||
2645 | |||
2646 | static const char * const version_usage[] = { | ||
2647 | diff --git a/tools/testing/selftests/cgroup/cgroup_util.c b/tools/testing/selftests/cgroup/cgroup_util.c | ||
2648 | index 14c9fe284806..075cb0c73014 100644 | ||
2649 | --- a/tools/testing/selftests/cgroup/cgroup_util.c | ||
2650 | +++ b/tools/testing/selftests/cgroup/cgroup_util.c | ||
2651 | @@ -181,8 +181,7 @@ int cg_find_unified_root(char *root, size_t len) | ||
2652 | strtok(NULL, delim); | ||
2653 | strtok(NULL, delim); | ||
2654 | |||
2655 | - if (strcmp(fs, "cgroup") == 0 && | ||
2656 | - strcmp(type, "cgroup2") == 0) { | ||
2657 | + if (strcmp(type, "cgroup2") == 0) { | ||
2658 | strncpy(root, mount, len); | ||
2659 | return 0; | ||
2660 | } |