Annotation of /trunk/kernel-alx/patches-5.4/0145-5.4.46-all-fixes.patch
Parent Directory | Revision Log
Revision 3526 -
(hide annotations)
(download)
Thu Jun 25 11:14:57 2020 UTC (3 years, 10 months ago) by niro
File size: 55939 byte(s)
Thu Jun 25 11:14:57 2020 UTC (3 years, 10 months ago) by niro
File size: 55939 byte(s)
-linux-5.4.46
1 | niro | 3526 | diff --git a/Documentation/ABI/testing/sysfs-devices-system-cpu b/Documentation/ABI/testing/sysfs-devices-system-cpu |
2 | index fc20cde63d1e..c24afa60a30e 100644 | ||
3 | --- a/Documentation/ABI/testing/sysfs-devices-system-cpu | ||
4 | +++ b/Documentation/ABI/testing/sysfs-devices-system-cpu | ||
5 | @@ -486,6 +486,7 @@ What: /sys/devices/system/cpu/vulnerabilities | ||
6 | /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | ||
7 | /sys/devices/system/cpu/vulnerabilities/l1tf | ||
8 | /sys/devices/system/cpu/vulnerabilities/mds | ||
9 | + /sys/devices/system/cpu/vulnerabilities/srbds | ||
10 | /sys/devices/system/cpu/vulnerabilities/tsx_async_abort | ||
11 | /sys/devices/system/cpu/vulnerabilities/itlb_multihit | ||
12 | Date: January 2018 | ||
13 | diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst | ||
14 | index 0795e3c2643f..ca4dbdd9016d 100644 | ||
15 | --- a/Documentation/admin-guide/hw-vuln/index.rst | ||
16 | +++ b/Documentation/admin-guide/hw-vuln/index.rst | ||
17 | @@ -14,3 +14,4 @@ are configurable at compile, boot or run time. | ||
18 | mds | ||
19 | tsx_async_abort | ||
20 | multihit.rst | ||
21 | + special-register-buffer-data-sampling.rst | ||
22 | diff --git a/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst | ||
23 | new file mode 100644 | ||
24 | index 000000000000..47b1b3afac99 | ||
25 | --- /dev/null | ||
26 | +++ b/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rst | ||
27 | @@ -0,0 +1,149 @@ | ||
28 | +.. SPDX-License-Identifier: GPL-2.0 | ||
29 | + | ||
30 | +SRBDS - Special Register Buffer Data Sampling | ||
31 | +============================================= | ||
32 | + | ||
33 | +SRBDS is a hardware vulnerability that allows MDS :doc:`mds` techniques to | ||
34 | +infer values returned from special register accesses. Special register | ||
35 | +accesses are accesses to off core registers. According to Intel's evaluation, | ||
36 | +the special register reads that have a security expectation of privacy are | ||
37 | +RDRAND, RDSEED and SGX EGETKEY. | ||
38 | + | ||
39 | +When RDRAND, RDSEED and EGETKEY instructions are used, the data is moved | ||
40 | +to the core through the special register mechanism that is susceptible | ||
41 | +to MDS attacks. | ||
42 | + | ||
43 | +Affected processors | ||
44 | +-------------------- | ||
45 | +Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may | ||
46 | +be affected. | ||
47 | + | ||
48 | +A processor is affected by SRBDS if its Family_Model and stepping is | ||
49 | +in the following list, with the exception of the listed processors | ||
50 | +exporting MDS_NO while Intel TSX is available yet not enabled. The | ||
51 | +latter class of processors are only affected when Intel TSX is enabled | ||
52 | +by software using TSX_CTRL_MSR otherwise they are not affected. | ||
53 | + | ||
54 | + ============= ============ ======== | ||
55 | + common name Family_Model Stepping | ||
56 | + ============= ============ ======== | ||
57 | + IvyBridge 06_3AH All | ||
58 | + | ||
59 | + Haswell 06_3CH All | ||
60 | + Haswell_L 06_45H All | ||
61 | + Haswell_G 06_46H All | ||
62 | + | ||
63 | + Broadwell_G 06_47H All | ||
64 | + Broadwell 06_3DH All | ||
65 | + | ||
66 | + Skylake_L 06_4EH All | ||
67 | + Skylake 06_5EH All | ||
68 | + | ||
69 | + Kabylake_L 06_8EH <= 0xC | ||
70 | + Kabylake 06_9EH <= 0xD | ||
71 | + ============= ============ ======== | ||
72 | + | ||
73 | +Related CVEs | ||
74 | +------------ | ||
75 | + | ||
76 | +The following CVE entry is related to this SRBDS issue: | ||
77 | + | ||
78 | + ============== ===== ===================================== | ||
79 | + CVE-2020-0543 SRBDS Special Register Buffer Data Sampling | ||
80 | + ============== ===== ===================================== | ||
81 | + | ||
82 | +Attack scenarios | ||
83 | +---------------- | ||
84 | +An unprivileged user can extract values returned from RDRAND and RDSEED | ||
85 | +executed on another core or sibling thread using MDS techniques. | ||
86 | + | ||
87 | + | ||
88 | +Mitigation mechanism | ||
89 | +------------------- | ||
90 | +Intel will release microcode updates that modify the RDRAND, RDSEED, and | ||
91 | +EGETKEY instructions to overwrite secret special register data in the shared | ||
92 | +staging buffer before the secret data can be accessed by another logical | ||
93 | +processor. | ||
94 | + | ||
95 | +During execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core | ||
96 | +accesses from other logical processors will be delayed until the special | ||
97 | +register read is complete and the secret data in the shared staging buffer is | ||
98 | +overwritten. | ||
99 | + | ||
100 | +This has three effects on performance: | ||
101 | + | ||
102 | +#. RDRAND, RDSEED, or EGETKEY instructions have higher latency. | ||
103 | + | ||
104 | +#. Executing RDRAND at the same time on multiple logical processors will be | ||
105 | + serialized, resulting in an overall reduction in the maximum RDRAND | ||
106 | + bandwidth. | ||
107 | + | ||
108 | +#. Executing RDRAND, RDSEED or EGETKEY will delay memory accesses from other | ||
109 | + logical processors that miss their core caches, with an impact similar to | ||
110 | + legacy locked cache-line-split accesses. | ||
111 | + | ||
112 | +The microcode updates provide an opt-out mechanism (RNGDS_MITG_DIS) to disable | ||
113 | +the mitigation for RDRAND and RDSEED instructions executed outside of Intel | ||
114 | +Software Guard Extensions (Intel SGX) enclaves. On logical processors that | ||
115 | +disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not | ||
116 | +take longer to execute and do not impact performance of sibling logical | ||
117 | +processors memory accesses. The opt-out mechanism does not affect Intel SGX | ||
118 | +enclaves (including execution of RDRAND or RDSEED inside an enclave, as well | ||
119 | +as EGETKEY execution). | ||
120 | + | ||
121 | +IA32_MCU_OPT_CTRL MSR Definition | ||
122 | +-------------------------------- | ||
123 | +Along with the mitigation for this issue, Intel added a new thread-scope | ||
124 | +IA32_MCU_OPT_CTRL MSR, (address 0x123). The presence of this MSR and | ||
125 | +RNGDS_MITG_DIS (bit 0) is enumerated by CPUID.(EAX=07H,ECX=0).EDX[SRBDS_CTRL = | ||
126 | +9]==1. This MSR is introduced through the microcode update. | ||
127 | + | ||
128 | +Setting IA32_MCU_OPT_CTRL[0] (RNGDS_MITG_DIS) to 1 for a logical processor | ||
129 | +disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX | ||
130 | +enclave on that logical processor. Opting out of the mitigation for a | ||
131 | +particular logical processor does not affect the RDRAND and RDSEED mitigations | ||
132 | +for other logical processors. | ||
133 | + | ||
134 | +Note that inside of an Intel SGX enclave, the mitigation is applied regardless | ||
135 | +of the value of RNGDS_MITG_DS. | ||
136 | + | ||
137 | +Mitigation control on the kernel command line | ||
138 | +--------------------------------------------- | ||
139 | +The kernel command line allows control over the SRBDS mitigation at boot time | ||
140 | +with the option "srbds=". The option for this is: | ||
141 | + | ||
142 | + ============= ============================================================= | ||
143 | + off This option disables SRBDS mitigation for RDRAND and RDSEED on | ||
144 | + affected platforms. | ||
145 | + ============= ============================================================= | ||
146 | + | ||
147 | +SRBDS System Information | ||
148 | +----------------------- | ||
149 | +The Linux kernel provides vulnerability status information through sysfs. For | ||
150 | +SRBDS this can be accessed by the following sysfs file: | ||
151 | +/sys/devices/system/cpu/vulnerabilities/srbds | ||
152 | + | ||
153 | +The possible values contained in this file are: | ||
154 | + | ||
155 | + ============================== ============================================= | ||
156 | + Not affected Processor not vulnerable | ||
157 | + Vulnerable Processor vulnerable and mitigation disabled | ||
158 | + Vulnerable: No microcode Processor vulnerable and microcode is missing | ||
159 | + mitigation | ||
160 | + Mitigation: Microcode Processor is vulnerable and mitigation is in | ||
161 | + effect. | ||
162 | + Mitigation: TSX disabled Processor is only vulnerable when TSX is | ||
163 | + enabled while this system was booted with TSX | ||
164 | + disabled. | ||
165 | + Unknown: Dependent on | ||
166 | + hypervisor status Running on virtual guest processor that is | ||
167 | + affected but with no way to know if host | ||
168 | + processor is mitigated or vulnerable. | ||
169 | + ============================== ============================================= | ||
170 | + | ||
171 | +SRBDS Default mitigation | ||
172 | +------------------------ | ||
173 | +This new microcode serializes processor access during execution of RDRAND, | ||
174 | +RDSEED ensures that the shared buffer is overwritten before it is released for | ||
175 | +reuse. Use the "srbds=off" kernel command line to disable the mitigation for | ||
176 | +RDRAND and RDSEED. | ||
177 | diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt | ||
178 | index 1f77c99e2cba..13984b6cc322 100644 | ||
179 | --- a/Documentation/admin-guide/kernel-parameters.txt | ||
180 | +++ b/Documentation/admin-guide/kernel-parameters.txt | ||
181 | @@ -4579,6 +4579,26 @@ | ||
182 | spia_pedr= | ||
183 | spia_peddr= | ||
184 | |||
185 | + srbds= [X86,INTEL] | ||
186 | + Control the Special Register Buffer Data Sampling | ||
187 | + (SRBDS) mitigation. | ||
188 | + | ||
189 | + Certain CPUs are vulnerable to an MDS-like | ||
190 | + exploit which can leak bits from the random | ||
191 | + number generator. | ||
192 | + | ||
193 | + By default, this issue is mitigated by | ||
194 | + microcode. However, the microcode fix can cause | ||
195 | + the RDRAND and RDSEED instructions to become | ||
196 | + much slower. Among other effects, this will | ||
197 | + result in reduced throughput from /dev/urandom. | ||
198 | + | ||
199 | + The microcode mitigation can be disabled with | ||
200 | + the following option: | ||
201 | + | ||
202 | + off: Disable mitigation and remove | ||
203 | + performance impact to RDRAND and RDSEED | ||
204 | + | ||
205 | srcutree.counter_wrap_check [KNL] | ||
206 | Specifies how frequently to check for | ||
207 | grace-period sequence counter wrap for the | ||
208 | diff --git a/Makefile b/Makefile | ||
209 | index d57c443d9073..4835d6734c3f 100644 | ||
210 | --- a/Makefile | ||
211 | +++ b/Makefile | ||
212 | @@ -1,7 +1,7 @@ | ||
213 | # SPDX-License-Identifier: GPL-2.0 | ||
214 | VERSION = 5 | ||
215 | PATCHLEVEL = 4 | ||
216 | -SUBLEVEL = 45 | ||
217 | +SUBLEVEL = 46 | ||
218 | EXTRAVERSION = | ||
219 | NAME = Kleptomaniac Octopus | ||
220 | |||
221 | diff --git a/arch/x86/include/asm/cpu_device_id.h b/arch/x86/include/asm/cpu_device_id.h | ||
222 | index 31c379c1da41..0c814cd9ea42 100644 | ||
223 | --- a/arch/x86/include/asm/cpu_device_id.h | ||
224 | +++ b/arch/x86/include/asm/cpu_device_id.h | ||
225 | @@ -9,6 +9,36 @@ | ||
226 | |||
227 | #include <linux/mod_devicetable.h> | ||
228 | |||
229 | +#define X86_CENTAUR_FAM6_C7_D 0xd | ||
230 | +#define X86_CENTAUR_FAM6_NANO 0xf | ||
231 | + | ||
232 | +#define X86_STEPPINGS(mins, maxs) GENMASK(maxs, mins) | ||
233 | + | ||
234 | +/** | ||
235 | + * X86_MATCH_VENDOR_FAM_MODEL_STEPPINGS_FEATURE - Base macro for CPU matching | ||
236 | + * @_vendor: The vendor name, e.g. INTEL, AMD, HYGON, ..., ANY | ||
237 | + * The name is expanded to X86_VENDOR_@_vendor | ||
238 | + * @_family: The family number or X86_FAMILY_ANY | ||
239 | + * @_model: The model number, model constant or X86_MODEL_ANY | ||
240 | + * @_steppings: Bitmask for steppings, stepping constant or X86_STEPPING_ANY | ||
241 | + * @_feature: A X86_FEATURE bit or X86_FEATURE_ANY | ||
242 | + * @_data: Driver specific data or NULL. The internal storage | ||
243 | + * format is unsigned long. The supplied value, pointer | ||
244 | + * etc. is casted to unsigned long internally. | ||
245 | + * | ||
246 | + * Backport version to keep the SRBDS pile consistant. No shorter variants | ||
247 | + * required for this. | ||
248 | + */ | ||
249 | +#define X86_MATCH_VENDOR_FAM_MODEL_STEPPINGS_FEATURE(_vendor, _family, _model, \ | ||
250 | + _steppings, _feature, _data) { \ | ||
251 | + .vendor = X86_VENDOR_##_vendor, \ | ||
252 | + .family = _family, \ | ||
253 | + .model = _model, \ | ||
254 | + .steppings = _steppings, \ | ||
255 | + .feature = _feature, \ | ||
256 | + .driver_data = (unsigned long) _data \ | ||
257 | +} | ||
258 | + | ||
259 | /* | ||
260 | * Match specific microcode revisions. | ||
261 | * | ||
262 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h | ||
263 | index c4fbe379cc0b..d912457f56a7 100644 | ||
264 | --- a/arch/x86/include/asm/cpufeatures.h | ||
265 | +++ b/arch/x86/include/asm/cpufeatures.h | ||
266 | @@ -357,6 +357,7 @@ | ||
267 | #define X86_FEATURE_AVX512_4VNNIW (18*32+ 2) /* AVX-512 Neural Network Instructions */ | ||
268 | #define X86_FEATURE_AVX512_4FMAPS (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */ | ||
269 | #define X86_FEATURE_AVX512_VP2INTERSECT (18*32+ 8) /* AVX-512 Intersect for D/Q */ | ||
270 | +#define X86_FEATURE_SRBDS_CTRL (18*32+ 9) /* "" SRBDS mitigation MSR available */ | ||
271 | #define X86_FEATURE_MD_CLEAR (18*32+10) /* VERW clears CPU buffers */ | ||
272 | #define X86_FEATURE_TSX_FORCE_ABORT (18*32+13) /* "" TSX_FORCE_ABORT */ | ||
273 | #define X86_FEATURE_PCONFIG (18*32+18) /* Intel PCONFIG */ | ||
274 | @@ -401,5 +402,6 @@ | ||
275 | #define X86_BUG_SWAPGS X86_BUG(21) /* CPU is affected by speculation through SWAPGS */ | ||
276 | #define X86_BUG_TAA X86_BUG(22) /* CPU is affected by TSX Async Abort(TAA) */ | ||
277 | #define X86_BUG_ITLB_MULTIHIT X86_BUG(23) /* CPU may incur MCE during certain page attribute changes */ | ||
278 | +#define X86_BUG_SRBDS X86_BUG(24) /* CPU may leak RNG bits if not mitigated */ | ||
279 | |||
280 | #endif /* _ASM_X86_CPUFEATURES_H */ | ||
281 | diff --git a/arch/x86/include/asm/msr-index.h b/arch/x86/include/asm/msr-index.h | ||
282 | index 1682e4b5ce75..391812e0384e 100644 | ||
283 | --- a/arch/x86/include/asm/msr-index.h | ||
284 | +++ b/arch/x86/include/asm/msr-index.h | ||
285 | @@ -119,6 +119,10 @@ | ||
286 | #define TSX_CTRL_RTM_DISABLE BIT(0) /* Disable RTM feature */ | ||
287 | #define TSX_CTRL_CPUID_CLEAR BIT(1) /* Disable TSX enumeration */ | ||
288 | |||
289 | +/* SRBDS support */ | ||
290 | +#define MSR_IA32_MCU_OPT_CTRL 0x00000123 | ||
291 | +#define RNGDS_MITG_DIS BIT(0) | ||
292 | + | ||
293 | #define MSR_IA32_SYSENTER_CS 0x00000174 | ||
294 | #define MSR_IA32_SYSENTER_ESP 0x00000175 | ||
295 | #define MSR_IA32_SYSENTER_EIP 0x00000176 | ||
296 | diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c | ||
297 | index 8bf64899f56a..3c3f3e02683a 100644 | ||
298 | --- a/arch/x86/kernel/cpu/bugs.c | ||
299 | +++ b/arch/x86/kernel/cpu/bugs.c | ||
300 | @@ -41,6 +41,7 @@ static void __init l1tf_select_mitigation(void); | ||
301 | static void __init mds_select_mitigation(void); | ||
302 | static void __init mds_print_mitigation(void); | ||
303 | static void __init taa_select_mitigation(void); | ||
304 | +static void __init srbds_select_mitigation(void); | ||
305 | |||
306 | /* The base value of the SPEC_CTRL MSR that always has to be preserved. */ | ||
307 | u64 x86_spec_ctrl_base; | ||
308 | @@ -108,6 +109,7 @@ void __init check_bugs(void) | ||
309 | l1tf_select_mitigation(); | ||
310 | mds_select_mitigation(); | ||
311 | taa_select_mitigation(); | ||
312 | + srbds_select_mitigation(); | ||
313 | |||
314 | /* | ||
315 | * As MDS and TAA mitigations are inter-related, print MDS | ||
316 | @@ -390,6 +392,97 @@ static int __init tsx_async_abort_parse_cmdline(char *str) | ||
317 | } | ||
318 | early_param("tsx_async_abort", tsx_async_abort_parse_cmdline); | ||
319 | |||
320 | +#undef pr_fmt | ||
321 | +#define pr_fmt(fmt) "SRBDS: " fmt | ||
322 | + | ||
323 | +enum srbds_mitigations { | ||
324 | + SRBDS_MITIGATION_OFF, | ||
325 | + SRBDS_MITIGATION_UCODE_NEEDED, | ||
326 | + SRBDS_MITIGATION_FULL, | ||
327 | + SRBDS_MITIGATION_TSX_OFF, | ||
328 | + SRBDS_MITIGATION_HYPERVISOR, | ||
329 | +}; | ||
330 | + | ||
331 | +static enum srbds_mitigations srbds_mitigation __ro_after_init = SRBDS_MITIGATION_FULL; | ||
332 | + | ||
333 | +static const char * const srbds_strings[] = { | ||
334 | + [SRBDS_MITIGATION_OFF] = "Vulnerable", | ||
335 | + [SRBDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", | ||
336 | + [SRBDS_MITIGATION_FULL] = "Mitigation: Microcode", | ||
337 | + [SRBDS_MITIGATION_TSX_OFF] = "Mitigation: TSX disabled", | ||
338 | + [SRBDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status", | ||
339 | +}; | ||
340 | + | ||
341 | +static bool srbds_off; | ||
342 | + | ||
343 | +void update_srbds_msr(void) | ||
344 | +{ | ||
345 | + u64 mcu_ctrl; | ||
346 | + | ||
347 | + if (!boot_cpu_has_bug(X86_BUG_SRBDS)) | ||
348 | + return; | ||
349 | + | ||
350 | + if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) | ||
351 | + return; | ||
352 | + | ||
353 | + if (srbds_mitigation == SRBDS_MITIGATION_UCODE_NEEDED) | ||
354 | + return; | ||
355 | + | ||
356 | + rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); | ||
357 | + | ||
358 | + switch (srbds_mitigation) { | ||
359 | + case SRBDS_MITIGATION_OFF: | ||
360 | + case SRBDS_MITIGATION_TSX_OFF: | ||
361 | + mcu_ctrl |= RNGDS_MITG_DIS; | ||
362 | + break; | ||
363 | + case SRBDS_MITIGATION_FULL: | ||
364 | + mcu_ctrl &= ~RNGDS_MITG_DIS; | ||
365 | + break; | ||
366 | + default: | ||
367 | + break; | ||
368 | + } | ||
369 | + | ||
370 | + wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); | ||
371 | +} | ||
372 | + | ||
373 | +static void __init srbds_select_mitigation(void) | ||
374 | +{ | ||
375 | + u64 ia32_cap; | ||
376 | + | ||
377 | + if (!boot_cpu_has_bug(X86_BUG_SRBDS)) | ||
378 | + return; | ||
379 | + | ||
380 | + /* | ||
381 | + * Check to see if this is one of the MDS_NO systems supporting | ||
382 | + * TSX that are only exposed to SRBDS when TSX is enabled. | ||
383 | + */ | ||
384 | + ia32_cap = x86_read_arch_cap_msr(); | ||
385 | + if ((ia32_cap & ARCH_CAP_MDS_NO) && !boot_cpu_has(X86_FEATURE_RTM)) | ||
386 | + srbds_mitigation = SRBDS_MITIGATION_TSX_OFF; | ||
387 | + else if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) | ||
388 | + srbds_mitigation = SRBDS_MITIGATION_HYPERVISOR; | ||
389 | + else if (!boot_cpu_has(X86_FEATURE_SRBDS_CTRL)) | ||
390 | + srbds_mitigation = SRBDS_MITIGATION_UCODE_NEEDED; | ||
391 | + else if (cpu_mitigations_off() || srbds_off) | ||
392 | + srbds_mitigation = SRBDS_MITIGATION_OFF; | ||
393 | + | ||
394 | + update_srbds_msr(); | ||
395 | + pr_info("%s\n", srbds_strings[srbds_mitigation]); | ||
396 | +} | ||
397 | + | ||
398 | +static int __init srbds_parse_cmdline(char *str) | ||
399 | +{ | ||
400 | + if (!str) | ||
401 | + return -EINVAL; | ||
402 | + | ||
403 | + if (!boot_cpu_has_bug(X86_BUG_SRBDS)) | ||
404 | + return 0; | ||
405 | + | ||
406 | + srbds_off = !strcmp(str, "off"); | ||
407 | + return 0; | ||
408 | +} | ||
409 | +early_param("srbds", srbds_parse_cmdline); | ||
410 | + | ||
411 | #undef pr_fmt | ||
412 | #define pr_fmt(fmt) "Spectre V1 : " fmt | ||
413 | |||
414 | @@ -1521,6 +1614,11 @@ static char *ibpb_state(void) | ||
415 | return ""; | ||
416 | } | ||
417 | |||
418 | +static ssize_t srbds_show_state(char *buf) | ||
419 | +{ | ||
420 | + return sprintf(buf, "%s\n", srbds_strings[srbds_mitigation]); | ||
421 | +} | ||
422 | + | ||
423 | static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr, | ||
424 | char *buf, unsigned int bug) | ||
425 | { | ||
426 | @@ -1565,6 +1663,9 @@ static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr | ||
427 | case X86_BUG_ITLB_MULTIHIT: | ||
428 | return itlb_multihit_show_state(buf); | ||
429 | |||
430 | + case X86_BUG_SRBDS: | ||
431 | + return srbds_show_state(buf); | ||
432 | + | ||
433 | default: | ||
434 | break; | ||
435 | } | ||
436 | @@ -1611,4 +1712,9 @@ ssize_t cpu_show_itlb_multihit(struct device *dev, struct device_attribute *attr | ||
437 | { | ||
438 | return cpu_show_common(dev, attr, buf, X86_BUG_ITLB_MULTIHIT); | ||
439 | } | ||
440 | + | ||
441 | +ssize_t cpu_show_srbds(struct device *dev, struct device_attribute *attr, char *buf) | ||
442 | +{ | ||
443 | + return cpu_show_common(dev, attr, buf, X86_BUG_SRBDS); | ||
444 | +} | ||
445 | #endif | ||
446 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c | ||
447 | index 704caec136cf..650df6d21049 100644 | ||
448 | --- a/arch/x86/kernel/cpu/common.c | ||
449 | +++ b/arch/x86/kernel/cpu/common.c | ||
450 | @@ -1024,6 +1024,7 @@ static void identify_cpu_without_cpuid(struct cpuinfo_x86 *c) | ||
451 | #define MSBDS_ONLY BIT(5) | ||
452 | #define NO_SWAPGS BIT(6) | ||
453 | #define NO_ITLB_MULTIHIT BIT(7) | ||
454 | +#define NO_SPECTRE_V2 BIT(8) | ||
455 | |||
456 | #define VULNWL(_vendor, _family, _model, _whitelist) \ | ||
457 | { X86_VENDOR_##_vendor, _family, _model, X86_FEATURE_ANY, _whitelist } | ||
458 | @@ -1085,12 +1086,37 @@ static const __initconst struct x86_cpu_id cpu_vuln_whitelist[] = { | ||
459 | /* FAMILY_ANY must be last, otherwise 0x0f - 0x12 matches won't work */ | ||
460 | VULNWL_AMD(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), | ||
461 | VULNWL_HYGON(X86_FAMILY_ANY, NO_MELTDOWN | NO_L1TF | NO_MDS | NO_SWAPGS | NO_ITLB_MULTIHIT), | ||
462 | + | ||
463 | + /* Zhaoxin Family 7 */ | ||
464 | + VULNWL(CENTAUR, 7, X86_MODEL_ANY, NO_SPECTRE_V2), | ||
465 | + VULNWL(ZHAOXIN, 7, X86_MODEL_ANY, NO_SPECTRE_V2), | ||
466 | + {} | ||
467 | +}; | ||
468 | + | ||
469 | +#define VULNBL_INTEL_STEPPINGS(model, steppings, issues) \ | ||
470 | + X86_MATCH_VENDOR_FAM_MODEL_STEPPINGS_FEATURE(INTEL, 6, \ | ||
471 | + INTEL_FAM6_##model, steppings, \ | ||
472 | + X86_FEATURE_ANY, issues) | ||
473 | + | ||
474 | +#define SRBDS BIT(0) | ||
475 | + | ||
476 | +static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { | ||
477 | + VULNBL_INTEL_STEPPINGS(IVYBRIDGE, X86_STEPPING_ANY, SRBDS), | ||
478 | + VULNBL_INTEL_STEPPINGS(HASWELL, X86_STEPPING_ANY, SRBDS), | ||
479 | + VULNBL_INTEL_STEPPINGS(HASWELL_L, X86_STEPPING_ANY, SRBDS), | ||
480 | + VULNBL_INTEL_STEPPINGS(HASWELL_G, X86_STEPPING_ANY, SRBDS), | ||
481 | + VULNBL_INTEL_STEPPINGS(BROADWELL_G, X86_STEPPING_ANY, SRBDS), | ||
482 | + VULNBL_INTEL_STEPPINGS(BROADWELL, X86_STEPPING_ANY, SRBDS), | ||
483 | + VULNBL_INTEL_STEPPINGS(SKYLAKE_L, X86_STEPPING_ANY, SRBDS), | ||
484 | + VULNBL_INTEL_STEPPINGS(SKYLAKE, X86_STEPPING_ANY, SRBDS), | ||
485 | + VULNBL_INTEL_STEPPINGS(KABYLAKE_L, X86_STEPPINGS(0x0, 0xC), SRBDS), | ||
486 | + VULNBL_INTEL_STEPPINGS(KABYLAKE, X86_STEPPINGS(0x0, 0xD), SRBDS), | ||
487 | {} | ||
488 | }; | ||
489 | |||
490 | -static bool __init cpu_matches(unsigned long which) | ||
491 | +static bool __init cpu_matches(const struct x86_cpu_id *table, unsigned long which) | ||
492 | { | ||
493 | - const struct x86_cpu_id *m = x86_match_cpu(cpu_vuln_whitelist); | ||
494 | + const struct x86_cpu_id *m = x86_match_cpu(table); | ||
495 | |||
496 | return m && !!(m->driver_data & which); | ||
497 | } | ||
498 | @@ -1110,29 +1136,34 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) | ||
499 | u64 ia32_cap = x86_read_arch_cap_msr(); | ||
500 | |||
501 | /* Set ITLB_MULTIHIT bug if cpu is not in the whitelist and not mitigated */ | ||
502 | - if (!cpu_matches(NO_ITLB_MULTIHIT) && !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO)) | ||
503 | + if (!cpu_matches(cpu_vuln_whitelist, NO_ITLB_MULTIHIT) && | ||
504 | + !(ia32_cap & ARCH_CAP_PSCHANGE_MC_NO)) | ||
505 | setup_force_cpu_bug(X86_BUG_ITLB_MULTIHIT); | ||
506 | |||
507 | - if (cpu_matches(NO_SPECULATION)) | ||
508 | + if (cpu_matches(cpu_vuln_whitelist, NO_SPECULATION)) | ||
509 | return; | ||
510 | |||
511 | setup_force_cpu_bug(X86_BUG_SPECTRE_V1); | ||
512 | - setup_force_cpu_bug(X86_BUG_SPECTRE_V2); | ||
513 | |||
514 | - if (!cpu_matches(NO_SSB) && !(ia32_cap & ARCH_CAP_SSB_NO) && | ||
515 | + if (!cpu_matches(cpu_vuln_whitelist, NO_SPECTRE_V2)) | ||
516 | + setup_force_cpu_bug(X86_BUG_SPECTRE_V2); | ||
517 | + | ||
518 | + if (!cpu_matches(cpu_vuln_whitelist, NO_SSB) && | ||
519 | + !(ia32_cap & ARCH_CAP_SSB_NO) && | ||
520 | !cpu_has(c, X86_FEATURE_AMD_SSB_NO)) | ||
521 | setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS); | ||
522 | |||
523 | if (ia32_cap & ARCH_CAP_IBRS_ALL) | ||
524 | setup_force_cpu_cap(X86_FEATURE_IBRS_ENHANCED); | ||
525 | |||
526 | - if (!cpu_matches(NO_MDS) && !(ia32_cap & ARCH_CAP_MDS_NO)) { | ||
527 | + if (!cpu_matches(cpu_vuln_whitelist, NO_MDS) && | ||
528 | + !(ia32_cap & ARCH_CAP_MDS_NO)) { | ||
529 | setup_force_cpu_bug(X86_BUG_MDS); | ||
530 | - if (cpu_matches(MSBDS_ONLY)) | ||
531 | + if (cpu_matches(cpu_vuln_whitelist, MSBDS_ONLY)) | ||
532 | setup_force_cpu_bug(X86_BUG_MSBDS_ONLY); | ||
533 | } | ||
534 | |||
535 | - if (!cpu_matches(NO_SWAPGS)) | ||
536 | + if (!cpu_matches(cpu_vuln_whitelist, NO_SWAPGS)) | ||
537 | setup_force_cpu_bug(X86_BUG_SWAPGS); | ||
538 | |||
539 | /* | ||
540 | @@ -1150,7 +1181,16 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) | ||
541 | (ia32_cap & ARCH_CAP_TSX_CTRL_MSR))) | ||
542 | setup_force_cpu_bug(X86_BUG_TAA); | ||
543 | |||
544 | - if (cpu_matches(NO_MELTDOWN)) | ||
545 | + /* | ||
546 | + * SRBDS affects CPUs which support RDRAND or RDSEED and are listed | ||
547 | + * in the vulnerability blacklist. | ||
548 | + */ | ||
549 | + if ((cpu_has(c, X86_FEATURE_RDRAND) || | ||
550 | + cpu_has(c, X86_FEATURE_RDSEED)) && | ||
551 | + cpu_matches(cpu_vuln_blacklist, SRBDS)) | ||
552 | + setup_force_cpu_bug(X86_BUG_SRBDS); | ||
553 | + | ||
554 | + if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) | ||
555 | return; | ||
556 | |||
557 | /* Rogue Data Cache Load? No! */ | ||
558 | @@ -1159,7 +1199,7 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) | ||
559 | |||
560 | setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN); | ||
561 | |||
562 | - if (cpu_matches(NO_L1TF)) | ||
563 | + if (cpu_matches(cpu_vuln_whitelist, NO_L1TF)) | ||
564 | return; | ||
565 | |||
566 | setup_force_cpu_bug(X86_BUG_L1TF); | ||
567 | @@ -1597,6 +1637,7 @@ void identify_secondary_cpu(struct cpuinfo_x86 *c) | ||
568 | mtrr_ap_init(); | ||
569 | validate_apic_and_package_id(c); | ||
570 | x86_spec_ctrl_setup_ap(); | ||
571 | + update_srbds_msr(); | ||
572 | } | ||
573 | |||
574 | static __init int setup_noclflush(char *arg) | ||
575 | diff --git a/arch/x86/kernel/cpu/cpu.h b/arch/x86/kernel/cpu/cpu.h | ||
576 | index 38ab6e115eac..9d033693519a 100644 | ||
577 | --- a/arch/x86/kernel/cpu/cpu.h | ||
578 | +++ b/arch/x86/kernel/cpu/cpu.h | ||
579 | @@ -77,6 +77,7 @@ extern void detect_ht(struct cpuinfo_x86 *c); | ||
580 | unsigned int aperfmperf_get_khz(int cpu); | ||
581 | |||
582 | extern void x86_spec_ctrl_setup_ap(void); | ||
583 | +extern void update_srbds_msr(void); | ||
584 | |||
585 | extern u64 x86_read_arch_cap_msr(void); | ||
586 | |||
587 | diff --git a/arch/x86/kernel/cpu/match.c b/arch/x86/kernel/cpu/match.c | ||
588 | index 6dd78d8235e4..2f163e6646b6 100644 | ||
589 | --- a/arch/x86/kernel/cpu/match.c | ||
590 | +++ b/arch/x86/kernel/cpu/match.c | ||
591 | @@ -34,13 +34,18 @@ const struct x86_cpu_id *x86_match_cpu(const struct x86_cpu_id *match) | ||
592 | const struct x86_cpu_id *m; | ||
593 | struct cpuinfo_x86 *c = &boot_cpu_data; | ||
594 | |||
595 | - for (m = match; m->vendor | m->family | m->model | m->feature; m++) { | ||
596 | + for (m = match; | ||
597 | + m->vendor | m->family | m->model | m->steppings | m->feature; | ||
598 | + m++) { | ||
599 | if (m->vendor != X86_VENDOR_ANY && c->x86_vendor != m->vendor) | ||
600 | continue; | ||
601 | if (m->family != X86_FAMILY_ANY && c->x86 != m->family) | ||
602 | continue; | ||
603 | if (m->model != X86_MODEL_ANY && c->x86_model != m->model) | ||
604 | continue; | ||
605 | + if (m->steppings != X86_STEPPING_ANY && | ||
606 | + !(BIT(c->x86_stepping) & m->steppings)) | ||
607 | + continue; | ||
608 | if (m->feature != X86_FEATURE_ANY && !cpu_has(c, m->feature)) | ||
609 | continue; | ||
610 | return m; | ||
611 | diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c | ||
612 | index 6265871a4af2..f00da44ae6fe 100644 | ||
613 | --- a/drivers/base/cpu.c | ||
614 | +++ b/drivers/base/cpu.c | ||
615 | @@ -567,6 +567,12 @@ ssize_t __weak cpu_show_itlb_multihit(struct device *dev, | ||
616 | return sprintf(buf, "Not affected\n"); | ||
617 | } | ||
618 | |||
619 | +ssize_t __weak cpu_show_srbds(struct device *dev, | ||
620 | + struct device_attribute *attr, char *buf) | ||
621 | +{ | ||
622 | + return sprintf(buf, "Not affected\n"); | ||
623 | +} | ||
624 | + | ||
625 | static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); | ||
626 | static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); | ||
627 | static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); | ||
628 | @@ -575,6 +581,7 @@ static DEVICE_ATTR(l1tf, 0444, cpu_show_l1tf, NULL); | ||
629 | static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL); | ||
630 | static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL); | ||
631 | static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL); | ||
632 | +static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL); | ||
633 | |||
634 | static struct attribute *cpu_root_vulnerabilities_attrs[] = { | ||
635 | &dev_attr_meltdown.attr, | ||
636 | @@ -585,6 +592,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { | ||
637 | &dev_attr_mds.attr, | ||
638 | &dev_attr_tsx_async_abort.attr, | ||
639 | &dev_attr_itlb_multihit.attr, | ||
640 | + &dev_attr_srbds.attr, | ||
641 | NULL | ||
642 | }; | ||
643 | |||
644 | diff --git a/drivers/iio/adc/stm32-adc-core.c b/drivers/iio/adc/stm32-adc-core.c | ||
645 | index 93a096a91f8c..74f3a2be17a6 100644 | ||
646 | --- a/drivers/iio/adc/stm32-adc-core.c | ||
647 | +++ b/drivers/iio/adc/stm32-adc-core.c | ||
648 | @@ -65,12 +65,14 @@ struct stm32_adc_priv; | ||
649 | * @clk_sel: clock selection routine | ||
650 | * @max_clk_rate_hz: maximum analog clock rate (Hz, from datasheet) | ||
651 | * @has_syscfg: SYSCFG capability flags | ||
652 | + * @num_irqs: number of interrupt lines | ||
653 | */ | ||
654 | struct stm32_adc_priv_cfg { | ||
655 | const struct stm32_adc_common_regs *regs; | ||
656 | int (*clk_sel)(struct platform_device *, struct stm32_adc_priv *); | ||
657 | u32 max_clk_rate_hz; | ||
658 | unsigned int has_syscfg; | ||
659 | + unsigned int num_irqs; | ||
660 | }; | ||
661 | |||
662 | /** | ||
663 | @@ -372,21 +374,15 @@ static int stm32_adc_irq_probe(struct platform_device *pdev, | ||
664 | struct device_node *np = pdev->dev.of_node; | ||
665 | unsigned int i; | ||
666 | |||
667 | - for (i = 0; i < STM32_ADC_MAX_ADCS; i++) { | ||
668 | + /* | ||
669 | + * Interrupt(s) must be provided, depending on the compatible: | ||
670 | + * - stm32f4/h7 shares a common interrupt line. | ||
671 | + * - stm32mp1, has one line per ADC | ||
672 | + */ | ||
673 | + for (i = 0; i < priv->cfg->num_irqs; i++) { | ||
674 | priv->irq[i] = platform_get_irq(pdev, i); | ||
675 | - if (priv->irq[i] < 0) { | ||
676 | - /* | ||
677 | - * At least one interrupt must be provided, make others | ||
678 | - * optional: | ||
679 | - * - stm32f4/h7 shares a common interrupt. | ||
680 | - * - stm32mp1, has one line per ADC (either for ADC1, | ||
681 | - * ADC2 or both). | ||
682 | - */ | ||
683 | - if (i && priv->irq[i] == -ENXIO) | ||
684 | - continue; | ||
685 | - | ||
686 | + if (priv->irq[i] < 0) | ||
687 | return priv->irq[i]; | ||
688 | - } | ||
689 | } | ||
690 | |||
691 | priv->domain = irq_domain_add_simple(np, STM32_ADC_MAX_ADCS, 0, | ||
692 | @@ -397,9 +393,7 @@ static int stm32_adc_irq_probe(struct platform_device *pdev, | ||
693 | return -ENOMEM; | ||
694 | } | ||
695 | |||
696 | - for (i = 0; i < STM32_ADC_MAX_ADCS; i++) { | ||
697 | - if (priv->irq[i] < 0) | ||
698 | - continue; | ||
699 | + for (i = 0; i < priv->cfg->num_irqs; i++) { | ||
700 | irq_set_chained_handler(priv->irq[i], stm32_adc_irq_handler); | ||
701 | irq_set_handler_data(priv->irq[i], priv); | ||
702 | } | ||
703 | @@ -417,11 +411,8 @@ static void stm32_adc_irq_remove(struct platform_device *pdev, | ||
704 | irq_dispose_mapping(irq_find_mapping(priv->domain, hwirq)); | ||
705 | irq_domain_remove(priv->domain); | ||
706 | |||
707 | - for (i = 0; i < STM32_ADC_MAX_ADCS; i++) { | ||
708 | - if (priv->irq[i] < 0) | ||
709 | - continue; | ||
710 | + for (i = 0; i < priv->cfg->num_irqs; i++) | ||
711 | irq_set_chained_handler(priv->irq[i], NULL); | ||
712 | - } | ||
713 | } | ||
714 | |||
715 | static int stm32_adc_core_switches_supply_en(struct stm32_adc_priv *priv, | ||
716 | @@ -803,6 +794,7 @@ static const struct stm32_adc_priv_cfg stm32f4_adc_priv_cfg = { | ||
717 | .regs = &stm32f4_adc_common_regs, | ||
718 | .clk_sel = stm32f4_adc_clk_sel, | ||
719 | .max_clk_rate_hz = 36000000, | ||
720 | + .num_irqs = 1, | ||
721 | }; | ||
722 | |||
723 | static const struct stm32_adc_priv_cfg stm32h7_adc_priv_cfg = { | ||
724 | @@ -810,6 +802,7 @@ static const struct stm32_adc_priv_cfg stm32h7_adc_priv_cfg = { | ||
725 | .clk_sel = stm32h7_adc_clk_sel, | ||
726 | .max_clk_rate_hz = 36000000, | ||
727 | .has_syscfg = HAS_VBOOSTER, | ||
728 | + .num_irqs = 1, | ||
729 | }; | ||
730 | |||
731 | static const struct stm32_adc_priv_cfg stm32mp1_adc_priv_cfg = { | ||
732 | @@ -817,6 +810,7 @@ static const struct stm32_adc_priv_cfg stm32mp1_adc_priv_cfg = { | ||
733 | .clk_sel = stm32h7_adc_clk_sel, | ||
734 | .max_clk_rate_hz = 40000000, | ||
735 | .has_syscfg = HAS_VBOOSTER | HAS_ANASWVDD, | ||
736 | + .num_irqs = 2, | ||
737 | }; | ||
738 | |||
739 | static const struct of_device_id stm32_adc_of_match[] = { | ||
740 | diff --git a/drivers/iio/chemical/pms7003.c b/drivers/iio/chemical/pms7003.c | ||
741 | index 23c9ab252470..07bb90d72434 100644 | ||
742 | --- a/drivers/iio/chemical/pms7003.c | ||
743 | +++ b/drivers/iio/chemical/pms7003.c | ||
744 | @@ -73,6 +73,11 @@ struct pms7003_state { | ||
745 | struct pms7003_frame frame; | ||
746 | struct completion frame_ready; | ||
747 | struct mutex lock; /* must be held whenever state gets touched */ | ||
748 | + /* Used to construct scan to push to the IIO buffer */ | ||
749 | + struct { | ||
750 | + u16 data[3]; /* PM1, PM2P5, PM10 */ | ||
751 | + s64 ts; | ||
752 | + } scan; | ||
753 | }; | ||
754 | |||
755 | static int pms7003_do_cmd(struct pms7003_state *state, enum pms7003_cmd cmd) | ||
756 | @@ -104,7 +109,6 @@ static irqreturn_t pms7003_trigger_handler(int irq, void *p) | ||
757 | struct iio_dev *indio_dev = pf->indio_dev; | ||
758 | struct pms7003_state *state = iio_priv(indio_dev); | ||
759 | struct pms7003_frame *frame = &state->frame; | ||
760 | - u16 data[3 + 1 + 4]; /* PM1, PM2P5, PM10, padding, timestamp */ | ||
761 | int ret; | ||
762 | |||
763 | mutex_lock(&state->lock); | ||
764 | @@ -114,12 +118,15 @@ static irqreturn_t pms7003_trigger_handler(int irq, void *p) | ||
765 | goto err; | ||
766 | } | ||
767 | |||
768 | - data[PM1] = pms7003_get_pm(frame->data + PMS7003_PM1_OFFSET); | ||
769 | - data[PM2P5] = pms7003_get_pm(frame->data + PMS7003_PM2P5_OFFSET); | ||
770 | - data[PM10] = pms7003_get_pm(frame->data + PMS7003_PM10_OFFSET); | ||
771 | + state->scan.data[PM1] = | ||
772 | + pms7003_get_pm(frame->data + PMS7003_PM1_OFFSET); | ||
773 | + state->scan.data[PM2P5] = | ||
774 | + pms7003_get_pm(frame->data + PMS7003_PM2P5_OFFSET); | ||
775 | + state->scan.data[PM10] = | ||
776 | + pms7003_get_pm(frame->data + PMS7003_PM10_OFFSET); | ||
777 | mutex_unlock(&state->lock); | ||
778 | |||
779 | - iio_push_to_buffers_with_timestamp(indio_dev, data, | ||
780 | + iio_push_to_buffers_with_timestamp(indio_dev, &state->scan, | ||
781 | iio_get_time_ns(indio_dev)); | ||
782 | err: | ||
783 | iio_trigger_notify_done(indio_dev->trig); | ||
784 | diff --git a/drivers/iio/chemical/sps30.c b/drivers/iio/chemical/sps30.c | ||
785 | index edbb956e81e8..c0845d892faa 100644 | ||
786 | --- a/drivers/iio/chemical/sps30.c | ||
787 | +++ b/drivers/iio/chemical/sps30.c | ||
788 | @@ -230,15 +230,18 @@ static irqreturn_t sps30_trigger_handler(int irq, void *p) | ||
789 | struct iio_dev *indio_dev = pf->indio_dev; | ||
790 | struct sps30_state *state = iio_priv(indio_dev); | ||
791 | int ret; | ||
792 | - s32 data[4 + 2]; /* PM1, PM2P5, PM4, PM10, timestamp */ | ||
793 | + struct { | ||
794 | + s32 data[4]; /* PM1, PM2P5, PM4, PM10 */ | ||
795 | + s64 ts; | ||
796 | + } scan; | ||
797 | |||
798 | mutex_lock(&state->lock); | ||
799 | - ret = sps30_do_meas(state, data, 4); | ||
800 | + ret = sps30_do_meas(state, scan.data, ARRAY_SIZE(scan.data)); | ||
801 | mutex_unlock(&state->lock); | ||
802 | if (ret) | ||
803 | goto err; | ||
804 | |||
805 | - iio_push_to_buffers_with_timestamp(indio_dev, data, | ||
806 | + iio_push_to_buffers_with_timestamp(indio_dev, &scan, | ||
807 | iio_get_time_ns(indio_dev)); | ||
808 | err: | ||
809 | iio_trigger_notify_done(indio_dev->trig); | ||
810 | diff --git a/drivers/iio/light/vcnl4000.c b/drivers/iio/light/vcnl4000.c | ||
811 | index e5b00a6611ac..7384a3ffcac4 100644 | ||
812 | --- a/drivers/iio/light/vcnl4000.c | ||
813 | +++ b/drivers/iio/light/vcnl4000.c | ||
814 | @@ -193,7 +193,6 @@ static int vcnl4000_measure(struct vcnl4000_data *data, u8 req_mask, | ||
815 | u8 rdy_mask, u8 data_reg, int *val) | ||
816 | { | ||
817 | int tries = 20; | ||
818 | - __be16 buf; | ||
819 | int ret; | ||
820 | |||
821 | mutex_lock(&data->vcnl4000_lock); | ||
822 | @@ -220,13 +219,12 @@ static int vcnl4000_measure(struct vcnl4000_data *data, u8 req_mask, | ||
823 | goto fail; | ||
824 | } | ||
825 | |||
826 | - ret = i2c_smbus_read_i2c_block_data(data->client, | ||
827 | - data_reg, sizeof(buf), (u8 *) &buf); | ||
828 | + ret = i2c_smbus_read_word_swapped(data->client, data_reg); | ||
829 | if (ret < 0) | ||
830 | goto fail; | ||
831 | |||
832 | mutex_unlock(&data->vcnl4000_lock); | ||
833 | - *val = be16_to_cpu(buf); | ||
834 | + *val = ret; | ||
835 | |||
836 | return 0; | ||
837 | |||
838 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | ||
839 | index 8d9aab45fd8e..86e6bbb57482 100644 | ||
840 | --- a/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | ||
841 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | ||
842 | @@ -417,12 +417,6 @@ static void del_sw_ns(struct fs_node *node) | ||
843 | |||
844 | static void del_sw_prio(struct fs_node *node) | ||
845 | { | ||
846 | - struct mlx5_flow_root_namespace *root_ns; | ||
847 | - struct mlx5_flow_namespace *ns; | ||
848 | - | ||
849 | - fs_get_obj(ns, node); | ||
850 | - root_ns = container_of(ns, struct mlx5_flow_root_namespace, ns); | ||
851 | - mutex_destroy(&root_ns->chain_lock); | ||
852 | kfree(node); | ||
853 | } | ||
854 | |||
855 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
856 | index 7dcdda9ca351..e4a690128b3a 100644 | ||
857 | --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
858 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c | ||
859 | @@ -1554,6 +1554,22 @@ static void shutdown(struct pci_dev *pdev) | ||
860 | mlx5_pci_disable_device(dev); | ||
861 | } | ||
862 | |||
863 | +static int mlx5_suspend(struct pci_dev *pdev, pm_message_t state) | ||
864 | +{ | ||
865 | + struct mlx5_core_dev *dev = pci_get_drvdata(pdev); | ||
866 | + | ||
867 | + mlx5_unload_one(dev, false); | ||
868 | + | ||
869 | + return 0; | ||
870 | +} | ||
871 | + | ||
872 | +static int mlx5_resume(struct pci_dev *pdev) | ||
873 | +{ | ||
874 | + struct mlx5_core_dev *dev = pci_get_drvdata(pdev); | ||
875 | + | ||
876 | + return mlx5_load_one(dev, false); | ||
877 | +} | ||
878 | + | ||
879 | static const struct pci_device_id mlx5_core_pci_table[] = { | ||
880 | { PCI_VDEVICE(MELLANOX, PCI_DEVICE_ID_MELLANOX_CONNECTIB) }, | ||
881 | { PCI_VDEVICE(MELLANOX, 0x1012), MLX5_PCI_DEV_IS_VF}, /* Connect-IB VF */ | ||
882 | @@ -1597,6 +1613,8 @@ static struct pci_driver mlx5_core_driver = { | ||
883 | .id_table = mlx5_core_pci_table, | ||
884 | .probe = init_one, | ||
885 | .remove = remove_one, | ||
886 | + .suspend = mlx5_suspend, | ||
887 | + .resume = mlx5_resume, | ||
888 | .shutdown = shutdown, | ||
889 | .err_handler = &mlx5_err_handler, | ||
890 | .sriov_configure = mlx5_core_sriov_configure, | ||
891 | diff --git a/drivers/net/ethernet/netronome/nfp/flower/offload.c b/drivers/net/ethernet/netronome/nfp/flower/offload.c | ||
892 | index 987ae221f6be..4dd3f8a5a9b8 100644 | ||
893 | --- a/drivers/net/ethernet/netronome/nfp/flower/offload.c | ||
894 | +++ b/drivers/net/ethernet/netronome/nfp/flower/offload.c | ||
895 | @@ -1368,7 +1368,8 @@ __nfp_flower_update_merge_stats(struct nfp_app *app, | ||
896 | ctx_id = be32_to_cpu(sub_flow->meta.host_ctx_id); | ||
897 | priv->stats[ctx_id].pkts += pkts; | ||
898 | priv->stats[ctx_id].bytes += bytes; | ||
899 | - max_t(u64, priv->stats[ctx_id].used, used); | ||
900 | + priv->stats[ctx_id].used = max_t(u64, used, | ||
901 | + priv->stats[ctx_id].used); | ||
902 | } | ||
903 | } | ||
904 | |||
905 | diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | ||
906 | index 1623516efb17..982be75fde83 100644 | ||
907 | --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | ||
908 | +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | ||
909 | @@ -630,7 +630,8 @@ static int stmmac_hwtstamp_set(struct net_device *dev, struct ifreq *ifr) | ||
910 | config.rx_filter = HWTSTAMP_FILTER_PTP_V2_EVENT; | ||
911 | ptp_v2 = PTP_TCR_TSVER2ENA; | ||
912 | snap_type_sel = PTP_TCR_SNAPTYPSEL_1; | ||
913 | - ts_event_en = PTP_TCR_TSEVNTENA; | ||
914 | + if (priv->synopsys_id != DWMAC_CORE_5_10) | ||
915 | + ts_event_en = PTP_TCR_TSEVNTENA; | ||
916 | ptp_over_ipv4_udp = PTP_TCR_TSIPV4ENA; | ||
917 | ptp_over_ipv6_udp = PTP_TCR_TSIPV6ENA; | ||
918 | ptp_over_ethernet = PTP_TCR_TSIPENA; | ||
919 | diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c | ||
920 | index 4bb8552a00d3..4a2c7355be63 100644 | ||
921 | --- a/drivers/net/usb/qmi_wwan.c | ||
922 | +++ b/drivers/net/usb/qmi_wwan.c | ||
923 | @@ -1324,6 +1324,7 @@ static const struct usb_device_id products[] = { | ||
924 | {QMI_FIXED_INTF(0x1bbb, 0x0203, 2)}, /* Alcatel L800MA */ | ||
925 | {QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */ | ||
926 | {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */ | ||
927 | + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */ | ||
928 | {QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */ | ||
929 | {QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */ | ||
930 | {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */ | ||
931 | diff --git a/drivers/nfc/st21nfca/dep.c b/drivers/nfc/st21nfca/dep.c | ||
932 | index 60acdfd1cb8c..856a10c293f8 100644 | ||
933 | --- a/drivers/nfc/st21nfca/dep.c | ||
934 | +++ b/drivers/nfc/st21nfca/dep.c | ||
935 | @@ -173,8 +173,10 @@ static int st21nfca_tm_send_atr_res(struct nfc_hci_dev *hdev, | ||
936 | memcpy(atr_res->gbi, atr_req->gbi, gb_len); | ||
937 | r = nfc_set_remote_general_bytes(hdev->ndev, atr_res->gbi, | ||
938 | gb_len); | ||
939 | - if (r < 0) | ||
940 | + if (r < 0) { | ||
941 | + kfree_skb(skb); | ||
942 | return r; | ||
943 | + } | ||
944 | } | ||
945 | |||
946 | info->dep_info.curr_nfc_dep_pni = 0; | ||
947 | diff --git a/drivers/nvmem/qfprom.c b/drivers/nvmem/qfprom.c | ||
948 | index d057f1bfb2e9..8a91717600be 100644 | ||
949 | --- a/drivers/nvmem/qfprom.c | ||
950 | +++ b/drivers/nvmem/qfprom.c | ||
951 | @@ -27,25 +27,11 @@ static int qfprom_reg_read(void *context, | ||
952 | return 0; | ||
953 | } | ||
954 | |||
955 | -static int qfprom_reg_write(void *context, | ||
956 | - unsigned int reg, void *_val, size_t bytes) | ||
957 | -{ | ||
958 | - struct qfprom_priv *priv = context; | ||
959 | - u8 *val = _val; | ||
960 | - int i = 0, words = bytes; | ||
961 | - | ||
962 | - while (words--) | ||
963 | - writeb(*val++, priv->base + reg + i++); | ||
964 | - | ||
965 | - return 0; | ||
966 | -} | ||
967 | - | ||
968 | static struct nvmem_config econfig = { | ||
969 | .name = "qfprom", | ||
970 | .stride = 1, | ||
971 | .word_size = 1, | ||
972 | .reg_read = qfprom_reg_read, | ||
973 | - .reg_write = qfprom_reg_write, | ||
974 | }; | ||
975 | |||
976 | static int qfprom_probe(struct platform_device *pdev) | ||
977 | diff --git a/drivers/staging/rtl8712/wifi.h b/drivers/staging/rtl8712/wifi.h | ||
978 | index be731f1a2209..91b65731fcaa 100644 | ||
979 | --- a/drivers/staging/rtl8712/wifi.h | ||
980 | +++ b/drivers/staging/rtl8712/wifi.h | ||
981 | @@ -440,7 +440,7 @@ static inline unsigned char *get_hdr_bssid(unsigned char *pframe) | ||
982 | /* block-ack parameters */ | ||
983 | #define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002 | ||
984 | #define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C | ||
985 | -#define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0 | ||
986 | +#define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFC0 | ||
987 | #define IEEE80211_DELBA_PARAM_TID_MASK 0xF000 | ||
988 | #define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800 | ||
989 | |||
990 | @@ -532,13 +532,6 @@ struct ieee80211_ht_addt_info { | ||
991 | #define IEEE80211_HT_IE_NON_GF_STA_PRSNT 0x0004 | ||
992 | #define IEEE80211_HT_IE_NON_HT_STA_PRSNT 0x0010 | ||
993 | |||
994 | -/* block-ack parameters */ | ||
995 | -#define IEEE80211_ADDBA_PARAM_POLICY_MASK 0x0002 | ||
996 | -#define IEEE80211_ADDBA_PARAM_TID_MASK 0x003C | ||
997 | -#define IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK 0xFFA0 | ||
998 | -#define IEEE80211_DELBA_PARAM_TID_MASK 0xF000 | ||
999 | -#define IEEE80211_DELBA_PARAM_INITIATOR_MASK 0x0800 | ||
1000 | - | ||
1001 | /* | ||
1002 | * A-PMDU buffer sizes | ||
1003 | * According to IEEE802.11n spec size varies from 8K to 64K (in powers of 2) | ||
1004 | diff --git a/drivers/tty/hvc/hvc_console.c b/drivers/tty/hvc/hvc_console.c | ||
1005 | index 436cc51c92c3..cdcc64ea2554 100644 | ||
1006 | --- a/drivers/tty/hvc/hvc_console.c | ||
1007 | +++ b/drivers/tty/hvc/hvc_console.c | ||
1008 | @@ -371,15 +371,14 @@ static int hvc_open(struct tty_struct *tty, struct file * filp) | ||
1009 | * tty fields and return the kref reference. | ||
1010 | */ | ||
1011 | if (rc) { | ||
1012 | - tty_port_tty_set(&hp->port, NULL); | ||
1013 | - tty->driver_data = NULL; | ||
1014 | - tty_port_put(&hp->port); | ||
1015 | printk(KERN_ERR "hvc_open: request_irq failed with rc %d.\n", rc); | ||
1016 | - } else | ||
1017 | + } else { | ||
1018 | /* We are ready... raise DTR/RTS */ | ||
1019 | if (C_BAUD(tty)) | ||
1020 | if (hp->ops->dtr_rts) | ||
1021 | hp->ops->dtr_rts(hp, 1); | ||
1022 | + tty_port_set_initialized(&hp->port, true); | ||
1023 | + } | ||
1024 | |||
1025 | /* Force wakeup of the polling thread */ | ||
1026 | hvc_kick(); | ||
1027 | @@ -389,22 +388,12 @@ static int hvc_open(struct tty_struct *tty, struct file * filp) | ||
1028 | |||
1029 | static void hvc_close(struct tty_struct *tty, struct file * filp) | ||
1030 | { | ||
1031 | - struct hvc_struct *hp; | ||
1032 | + struct hvc_struct *hp = tty->driver_data; | ||
1033 | unsigned long flags; | ||
1034 | |||
1035 | if (tty_hung_up_p(filp)) | ||
1036 | return; | ||
1037 | |||
1038 | - /* | ||
1039 | - * No driver_data means that this close was issued after a failed | ||
1040 | - * hvc_open by the tty layer's release_dev() function and we can just | ||
1041 | - * exit cleanly because the kref reference wasn't made. | ||
1042 | - */ | ||
1043 | - if (!tty->driver_data) | ||
1044 | - return; | ||
1045 | - | ||
1046 | - hp = tty->driver_data; | ||
1047 | - | ||
1048 | spin_lock_irqsave(&hp->port.lock, flags); | ||
1049 | |||
1050 | if (--hp->port.count == 0) { | ||
1051 | @@ -412,6 +401,9 @@ static void hvc_close(struct tty_struct *tty, struct file * filp) | ||
1052 | /* We are done with the tty pointer now. */ | ||
1053 | tty_port_tty_set(&hp->port, NULL); | ||
1054 | |||
1055 | + if (!tty_port_initialized(&hp->port)) | ||
1056 | + return; | ||
1057 | + | ||
1058 | if (C_HUPCL(tty)) | ||
1059 | if (hp->ops->dtr_rts) | ||
1060 | hp->ops->dtr_rts(hp, 0); | ||
1061 | @@ -428,6 +420,7 @@ static void hvc_close(struct tty_struct *tty, struct file * filp) | ||
1062 | * waking periodically to check chars_in_buffer(). | ||
1063 | */ | ||
1064 | tty_wait_until_sent(tty, HVC_CLOSE_WAIT); | ||
1065 | + tty_port_set_initialized(&hp->port, false); | ||
1066 | } else { | ||
1067 | if (hp->port.count < 0) | ||
1068 | printk(KERN_ERR "hvc_close %X: oops, count is %d\n", | ||
1069 | diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c | ||
1070 | index 15d33fa0c925..568b2171f335 100644 | ||
1071 | --- a/drivers/tty/vt/keyboard.c | ||
1072 | +++ b/drivers/tty/vt/keyboard.c | ||
1073 | @@ -127,7 +127,11 @@ static DEFINE_SPINLOCK(func_buf_lock); /* guard 'func_buf' and friends */ | ||
1074 | static unsigned long key_down[BITS_TO_LONGS(KEY_CNT)]; /* keyboard key bitmap */ | ||
1075 | static unsigned char shift_down[NR_SHIFT]; /* shift state counters.. */ | ||
1076 | static bool dead_key_next; | ||
1077 | -static int npadch = -1; /* -1 or number assembled on pad */ | ||
1078 | + | ||
1079 | +/* Handles a number being assembled on the number pad */ | ||
1080 | +static bool npadch_active; | ||
1081 | +static unsigned int npadch_value; | ||
1082 | + | ||
1083 | static unsigned int diacr; | ||
1084 | static char rep; /* flag telling character repeat */ | ||
1085 | |||
1086 | @@ -845,12 +849,12 @@ static void k_shift(struct vc_data *vc, unsigned char value, char up_flag) | ||
1087 | shift_state &= ~(1 << value); | ||
1088 | |||
1089 | /* kludge */ | ||
1090 | - if (up_flag && shift_state != old_state && npadch != -1) { | ||
1091 | + if (up_flag && shift_state != old_state && npadch_active) { | ||
1092 | if (kbd->kbdmode == VC_UNICODE) | ||
1093 | - to_utf8(vc, npadch); | ||
1094 | + to_utf8(vc, npadch_value); | ||
1095 | else | ||
1096 | - put_queue(vc, npadch & 0xff); | ||
1097 | - npadch = -1; | ||
1098 | + put_queue(vc, npadch_value & 0xff); | ||
1099 | + npadch_active = false; | ||
1100 | } | ||
1101 | } | ||
1102 | |||
1103 | @@ -868,7 +872,7 @@ static void k_meta(struct vc_data *vc, unsigned char value, char up_flag) | ||
1104 | |||
1105 | static void k_ascii(struct vc_data *vc, unsigned char value, char up_flag) | ||
1106 | { | ||
1107 | - int base; | ||
1108 | + unsigned int base; | ||
1109 | |||
1110 | if (up_flag) | ||
1111 | return; | ||
1112 | @@ -882,10 +886,12 @@ static void k_ascii(struct vc_data *vc, unsigned char value, char up_flag) | ||
1113 | base = 16; | ||
1114 | } | ||
1115 | |||
1116 | - if (npadch == -1) | ||
1117 | - npadch = value; | ||
1118 | - else | ||
1119 | - npadch = npadch * base + value; | ||
1120 | + if (!npadch_active) { | ||
1121 | + npadch_value = 0; | ||
1122 | + npadch_active = true; | ||
1123 | + } | ||
1124 | + | ||
1125 | + npadch_value = npadch_value * base + value; | ||
1126 | } | ||
1127 | |||
1128 | static void k_lock(struct vc_data *vc, unsigned char value, char up_flag) | ||
1129 | diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c | ||
1130 | index 8ca72d80501d..f67088bb8218 100644 | ||
1131 | --- a/drivers/usb/class/cdc-acm.c | ||
1132 | +++ b/drivers/usb/class/cdc-acm.c | ||
1133 | @@ -584,7 +584,7 @@ static void acm_softint(struct work_struct *work) | ||
1134 | } | ||
1135 | |||
1136 | if (test_and_clear_bit(ACM_ERROR_DELAY, &acm->flags)) { | ||
1137 | - for (i = 0; i < ACM_NR; i++) | ||
1138 | + for (i = 0; i < acm->rx_buflimit; i++) | ||
1139 | if (test_and_clear_bit(i, &acm->urbs_in_error_delay)) | ||
1140 | acm_submit_read_urb(acm, i, GFP_NOIO); | ||
1141 | } | ||
1142 | diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c | ||
1143 | index bf083c1f997f..0fbf9adef34b 100644 | ||
1144 | --- a/drivers/usb/musb/musb_core.c | ||
1145 | +++ b/drivers/usb/musb/musb_core.c | ||
1146 | @@ -2721,6 +2721,13 @@ static int musb_resume(struct device *dev) | ||
1147 | musb_enable_interrupts(musb); | ||
1148 | musb_platform_enable(musb); | ||
1149 | |||
1150 | + /* session might be disabled in suspend */ | ||
1151 | + if (musb->port_mode == MUSB_HOST && | ||
1152 | + !(musb->ops->quirks & MUSB_PRESERVE_SESSION)) { | ||
1153 | + devctl |= MUSB_DEVCTL_SESSION; | ||
1154 | + musb_writeb(musb->mregs, MUSB_DEVCTL, devctl); | ||
1155 | + } | ||
1156 | + | ||
1157 | spin_lock_irqsave(&musb->lock, flags); | ||
1158 | error = musb_run_resume_work(musb); | ||
1159 | if (error) | ||
1160 | diff --git a/drivers/usb/musb/musb_debugfs.c b/drivers/usb/musb/musb_debugfs.c | ||
1161 | index f42858e2b54c..0c6204add616 100644 | ||
1162 | --- a/drivers/usb/musb/musb_debugfs.c | ||
1163 | +++ b/drivers/usb/musb/musb_debugfs.c | ||
1164 | @@ -168,6 +168,11 @@ static ssize_t musb_test_mode_write(struct file *file, | ||
1165 | u8 test; | ||
1166 | char buf[24]; | ||
1167 | |||
1168 | + memset(buf, 0x00, sizeof(buf)); | ||
1169 | + | ||
1170 | + if (copy_from_user(buf, ubuf, min_t(size_t, sizeof(buf) - 1, count))) | ||
1171 | + return -EFAULT; | ||
1172 | + | ||
1173 | pm_runtime_get_sync(musb->controller); | ||
1174 | test = musb_readb(musb->mregs, MUSB_TESTMODE); | ||
1175 | if (test) { | ||
1176 | @@ -176,11 +181,6 @@ static ssize_t musb_test_mode_write(struct file *file, | ||
1177 | goto ret; | ||
1178 | } | ||
1179 | |||
1180 | - memset(buf, 0x00, sizeof(buf)); | ||
1181 | - | ||
1182 | - if (copy_from_user(buf, ubuf, min_t(size_t, sizeof(buf) - 1, count))) | ||
1183 | - return -EFAULT; | ||
1184 | - | ||
1185 | if (strstarts(buf, "force host full-speed")) | ||
1186 | test = MUSB_TEST_FORCE_HOST | MUSB_TEST_FORCE_FS; | ||
1187 | |||
1188 | diff --git a/drivers/usb/serial/ch341.c b/drivers/usb/serial/ch341.c | ||
1189 | index 955ab97b9b22..dcdd541b3291 100644 | ||
1190 | --- a/drivers/usb/serial/ch341.c | ||
1191 | +++ b/drivers/usb/serial/ch341.c | ||
1192 | @@ -93,6 +93,7 @@ struct ch341_private { | ||
1193 | u8 mcr; | ||
1194 | u8 msr; | ||
1195 | u8 lcr; | ||
1196 | + unsigned long quirks; | ||
1197 | }; | ||
1198 | |||
1199 | static void ch341_set_termios(struct tty_struct *tty, | ||
1200 | @@ -245,6 +246,53 @@ out: kfree(buffer); | ||
1201 | return r; | ||
1202 | } | ||
1203 | |||
1204 | +static int ch341_detect_quirks(struct usb_serial_port *port) | ||
1205 | +{ | ||
1206 | + struct ch341_private *priv = usb_get_serial_port_data(port); | ||
1207 | + struct usb_device *udev = port->serial->dev; | ||
1208 | + const unsigned int size = 2; | ||
1209 | + unsigned long quirks = 0; | ||
1210 | + char *buffer; | ||
1211 | + int r; | ||
1212 | + | ||
1213 | + buffer = kmalloc(size, GFP_KERNEL); | ||
1214 | + if (!buffer) | ||
1215 | + return -ENOMEM; | ||
1216 | + | ||
1217 | + /* | ||
1218 | + * A subset of CH34x devices does not support all features. The | ||
1219 | + * prescaler is limited and there is no support for sending a RS232 | ||
1220 | + * break condition. A read failure when trying to set up the latter is | ||
1221 | + * used to detect these devices. | ||
1222 | + */ | ||
1223 | + r = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0), CH341_REQ_READ_REG, | ||
1224 | + USB_TYPE_VENDOR | USB_RECIP_DEVICE | USB_DIR_IN, | ||
1225 | + CH341_REG_BREAK, 0, buffer, size, DEFAULT_TIMEOUT); | ||
1226 | + if (r == -EPIPE) { | ||
1227 | + dev_dbg(&port->dev, "break control not supported\n"); | ||
1228 | + r = 0; | ||
1229 | + goto out; | ||
1230 | + } | ||
1231 | + | ||
1232 | + if (r != size) { | ||
1233 | + if (r >= 0) | ||
1234 | + r = -EIO; | ||
1235 | + dev_err(&port->dev, "failed to read break control: %d\n", r); | ||
1236 | + goto out; | ||
1237 | + } | ||
1238 | + | ||
1239 | + r = 0; | ||
1240 | +out: | ||
1241 | + kfree(buffer); | ||
1242 | + | ||
1243 | + if (quirks) { | ||
1244 | + dev_dbg(&port->dev, "enabling quirk flags: 0x%02lx\n", quirks); | ||
1245 | + priv->quirks |= quirks; | ||
1246 | + } | ||
1247 | + | ||
1248 | + return r; | ||
1249 | +} | ||
1250 | + | ||
1251 | static int ch341_port_probe(struct usb_serial_port *port) | ||
1252 | { | ||
1253 | struct ch341_private *priv; | ||
1254 | @@ -267,6 +315,11 @@ static int ch341_port_probe(struct usb_serial_port *port) | ||
1255 | goto error; | ||
1256 | |||
1257 | usb_set_serial_port_data(port, priv); | ||
1258 | + | ||
1259 | + r = ch341_detect_quirks(port); | ||
1260 | + if (r < 0) | ||
1261 | + goto error; | ||
1262 | + | ||
1263 | return 0; | ||
1264 | |||
1265 | error: kfree(priv); | ||
1266 | diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c | ||
1267 | index 8bfffca3e4ae..254a8bbeea67 100644 | ||
1268 | --- a/drivers/usb/serial/option.c | ||
1269 | +++ b/drivers/usb/serial/option.c | ||
1270 | @@ -1157,6 +1157,10 @@ static const struct usb_device_id option_ids[] = { | ||
1271 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) }, | ||
1272 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) }, | ||
1273 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_UE910_V2) }, | ||
1274 | + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1031, 0xff), /* Telit LE910C1-EUX */ | ||
1275 | + .driver_info = NCTRL(0) | RSVD(3) }, | ||
1276 | + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1033, 0xff), /* Telit LE910C1-EUX (ECM) */ | ||
1277 | + .driver_info = NCTRL(0) }, | ||
1278 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG0), | ||
1279 | .driver_info = RSVD(0) | RSVD(1) | NCTRL(2) | RSVD(3) }, | ||
1280 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG1), | ||
1281 | diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c | ||
1282 | index ce0401d3137f..d147feae83e6 100644 | ||
1283 | --- a/drivers/usb/serial/qcserial.c | ||
1284 | +++ b/drivers/usb/serial/qcserial.c | ||
1285 | @@ -173,6 +173,7 @@ static const struct usb_device_id id_table[] = { | ||
1286 | {DEVICE_SWI(0x413c, 0x81b3)}, /* Dell Wireless 5809e Gobi(TM) 4G LTE Mobile Broadband Card (rev3) */ | ||
1287 | {DEVICE_SWI(0x413c, 0x81b5)}, /* Dell Wireless 5811e QDL */ | ||
1288 | {DEVICE_SWI(0x413c, 0x81b6)}, /* Dell Wireless 5811e QDL */ | ||
1289 | + {DEVICE_SWI(0x413c, 0x81cb)}, /* Dell Wireless 5816e QDL */ | ||
1290 | {DEVICE_SWI(0x413c, 0x81cc)}, /* Dell Wireless 5816e */ | ||
1291 | {DEVICE_SWI(0x413c, 0x81cf)}, /* Dell Wireless 5819 */ | ||
1292 | {DEVICE_SWI(0x413c, 0x81d0)}, /* Dell Wireless 5819 */ | ||
1293 | diff --git a/drivers/usb/serial/usb_wwan.c b/drivers/usb/serial/usb_wwan.c | ||
1294 | index 13be21aad2f4..4b9845807bee 100644 | ||
1295 | --- a/drivers/usb/serial/usb_wwan.c | ||
1296 | +++ b/drivers/usb/serial/usb_wwan.c | ||
1297 | @@ -270,6 +270,10 @@ static void usb_wwan_indat_callback(struct urb *urb) | ||
1298 | if (status) { | ||
1299 | dev_dbg(dev, "%s: nonzero status: %d on endpoint %02x.\n", | ||
1300 | __func__, status, endpoint); | ||
1301 | + | ||
1302 | + /* don't resubmit on fatal errors */ | ||
1303 | + if (status == -ESHUTDOWN || status == -ENOENT) | ||
1304 | + return; | ||
1305 | } else { | ||
1306 | if (urb->actual_length) { | ||
1307 | tty_insert_flip_string(&port->port, data, | ||
1308 | diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h | ||
1309 | index e3596db077dc..953d7ca01eb6 100644 | ||
1310 | --- a/include/linux/mod_devicetable.h | ||
1311 | +++ b/include/linux/mod_devicetable.h | ||
1312 | @@ -657,6 +657,10 @@ struct mips_cdmm_device_id { | ||
1313 | /* | ||
1314 | * MODULE_DEVICE_TABLE expects this struct to be called x86cpu_device_id. | ||
1315 | * Although gcc seems to ignore this error, clang fails without this define. | ||
1316 | + * | ||
1317 | + * Note: The ordering of the struct is different from upstream because the | ||
1318 | + * static initializers in kernels < 5.7 still use C89 style while upstream | ||
1319 | + * has been converted to proper C99 initializers. | ||
1320 | */ | ||
1321 | #define x86cpu_device_id x86_cpu_id | ||
1322 | struct x86_cpu_id { | ||
1323 | @@ -665,6 +669,7 @@ struct x86_cpu_id { | ||
1324 | __u16 model; | ||
1325 | __u16 feature; /* bit index */ | ||
1326 | kernel_ulong_t driver_data; | ||
1327 | + __u16 steppings; | ||
1328 | }; | ||
1329 | |||
1330 | #define X86_FEATURE_MATCH(x) \ | ||
1331 | @@ -673,6 +678,7 @@ struct x86_cpu_id { | ||
1332 | #define X86_VENDOR_ANY 0xffff | ||
1333 | #define X86_FAMILY_ANY 0 | ||
1334 | #define X86_MODEL_ANY 0 | ||
1335 | +#define X86_STEPPING_ANY 0 | ||
1336 | #define X86_FEATURE_ANY 0 /* Same as FPU, you can't test for that */ | ||
1337 | |||
1338 | /* | ||
1339 | diff --git a/include/linux/virtio_net.h b/include/linux/virtio_net.h | ||
1340 | index 6f6ade63b04c..e8a924eeea3d 100644 | ||
1341 | --- a/include/linux/virtio_net.h | ||
1342 | +++ b/include/linux/virtio_net.h | ||
1343 | @@ -31,6 +31,7 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, | ||
1344 | { | ||
1345 | unsigned int gso_type = 0; | ||
1346 | unsigned int thlen = 0; | ||
1347 | + unsigned int p_off = 0; | ||
1348 | unsigned int ip_proto; | ||
1349 | |||
1350 | if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { | ||
1351 | @@ -68,7 +69,8 @@ static inline int virtio_net_hdr_to_skb(struct sk_buff *skb, | ||
1352 | if (!skb_partial_csum_set(skb, start, off)) | ||
1353 | return -EINVAL; | ||
1354 | |||
1355 | - if (skb_transport_offset(skb) + thlen > skb_headlen(skb)) | ||
1356 | + p_off = skb_transport_offset(skb) + thlen; | ||
1357 | + if (p_off > skb_headlen(skb)) | ||
1358 | return -EINVAL; | ||
1359 | } else { | ||
1360 | /* gso packets without NEEDS_CSUM do not set transport_offset. | ||
1361 | @@ -92,23 +94,32 @@ retry: | ||
1362 | return -EINVAL; | ||
1363 | } | ||
1364 | |||
1365 | - if (keys.control.thoff + thlen > skb_headlen(skb) || | ||
1366 | + p_off = keys.control.thoff + thlen; | ||
1367 | + if (p_off > skb_headlen(skb) || | ||
1368 | keys.basic.ip_proto != ip_proto) | ||
1369 | return -EINVAL; | ||
1370 | |||
1371 | skb_set_transport_header(skb, keys.control.thoff); | ||
1372 | + } else if (gso_type) { | ||
1373 | + p_off = thlen; | ||
1374 | + if (p_off > skb_headlen(skb)) | ||
1375 | + return -EINVAL; | ||
1376 | } | ||
1377 | } | ||
1378 | |||
1379 | if (hdr->gso_type != VIRTIO_NET_HDR_GSO_NONE) { | ||
1380 | u16 gso_size = __virtio16_to_cpu(little_endian, hdr->gso_size); | ||
1381 | + struct skb_shared_info *shinfo = skb_shinfo(skb); | ||
1382 | |||
1383 | - skb_shinfo(skb)->gso_size = gso_size; | ||
1384 | - skb_shinfo(skb)->gso_type = gso_type; | ||
1385 | + /* Too small packets are not really GSO ones. */ | ||
1386 | + if (skb->len - p_off > gso_size) { | ||
1387 | + shinfo->gso_size = gso_size; | ||
1388 | + shinfo->gso_type = gso_type; | ||
1389 | |||
1390 | - /* Header must be checked, and gso_segs computed. */ | ||
1391 | - skb_shinfo(skb)->gso_type |= SKB_GSO_DODGY; | ||
1392 | - skb_shinfo(skb)->gso_segs = 0; | ||
1393 | + /* Header must be checked, and gso_segs computed. */ | ||
1394 | + shinfo->gso_type |= SKB_GSO_DODGY; | ||
1395 | + shinfo->gso_segs = 0; | ||
1396 | + } | ||
1397 | } | ||
1398 | |||
1399 | return 0; | ||
1400 | diff --git a/kernel/events/uprobes.c b/kernel/events/uprobes.c | ||
1401 | index c74761004ee5..291680ba8504 100644 | ||
1402 | --- a/kernel/events/uprobes.c | ||
1403 | +++ b/kernel/events/uprobes.c | ||
1404 | @@ -867,10 +867,6 @@ static int prepare_uprobe(struct uprobe *uprobe, struct file *file, | ||
1405 | if (ret) | ||
1406 | goto out; | ||
1407 | |||
1408 | - /* uprobe_write_opcode() assumes we don't cross page boundary */ | ||
1409 | - BUG_ON((uprobe->offset & ~PAGE_MASK) + | ||
1410 | - UPROBE_SWBP_INSN_SIZE > PAGE_SIZE); | ||
1411 | - | ||
1412 | smp_wmb(); /* pairs with the smp_rmb() in handle_swbp() */ | ||
1413 | set_bit(UPROBE_COPY_INSN, &uprobe->flags); | ||
1414 | |||
1415 | @@ -1166,6 +1162,15 @@ static int __uprobe_register(struct inode *inode, loff_t offset, | ||
1416 | if (offset > i_size_read(inode)) | ||
1417 | return -EINVAL; | ||
1418 | |||
1419 | + /* | ||
1420 | + * This ensures that copy_from_page(), copy_to_page() and | ||
1421 | + * __update_ref_ctr() can't cross page boundary. | ||
1422 | + */ | ||
1423 | + if (!IS_ALIGNED(offset, UPROBE_SWBP_INSN_SIZE)) | ||
1424 | + return -EINVAL; | ||
1425 | + if (!IS_ALIGNED(ref_ctr_offset, sizeof(short))) | ||
1426 | + return -EINVAL; | ||
1427 | + | ||
1428 | retry: | ||
1429 | uprobe = alloc_uprobe(inode, offset, ref_ctr_offset); | ||
1430 | if (!uprobe) | ||
1431 | @@ -2014,6 +2019,9 @@ static int is_trap_at_addr(struct mm_struct *mm, unsigned long vaddr) | ||
1432 | uprobe_opcode_t opcode; | ||
1433 | int result; | ||
1434 | |||
1435 | + if (WARN_ON_ONCE(!IS_ALIGNED(vaddr, UPROBE_SWBP_INSN_SIZE))) | ||
1436 | + return -EINVAL; | ||
1437 | + | ||
1438 | pagefault_disable(); | ||
1439 | result = __get_user(opcode, (uprobe_opcode_t __user *)vaddr); | ||
1440 | pagefault_enable(); | ||
1441 | diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c | ||
1442 | index 458dc6eb5a68..a27d034c85cc 100644 | ||
1443 | --- a/net/ipv4/devinet.c | ||
1444 | +++ b/net/ipv4/devinet.c | ||
1445 | @@ -276,6 +276,7 @@ static struct in_device *inetdev_init(struct net_device *dev) | ||
1446 | err = devinet_sysctl_register(in_dev); | ||
1447 | if (err) { | ||
1448 | in_dev->dead = 1; | ||
1449 | + neigh_parms_release(&arp_tbl, in_dev->arp_parms); | ||
1450 | in_dev_put(in_dev); | ||
1451 | in_dev = NULL; | ||
1452 | goto out; | ||
1453 | diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c | ||
1454 | index 425b95eb7e87..6dc3bfa12b1e 100644 | ||
1455 | --- a/net/l2tp/l2tp_core.c | ||
1456 | +++ b/net/l2tp/l2tp_core.c | ||
1457 | @@ -1460,6 +1460,9 @@ static int l2tp_validate_socket(const struct sock *sk, const struct net *net, | ||
1458 | if (sk->sk_type != SOCK_DGRAM) | ||
1459 | return -EPROTONOSUPPORT; | ||
1460 | |||
1461 | + if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) | ||
1462 | + return -EPROTONOSUPPORT; | ||
1463 | + | ||
1464 | if ((encap == L2TP_ENCAPTYPE_UDP && sk->sk_protocol != IPPROTO_UDP) || | ||
1465 | (encap == L2TP_ENCAPTYPE_IP && sk->sk_protocol != IPPROTO_L2TP)) | ||
1466 | return -EPROTONOSUPPORT; | ||
1467 | diff --git a/net/l2tp/l2tp_ip.c b/net/l2tp/l2tp_ip.c | ||
1468 | index 0d7c887a2b75..955662a6dee7 100644 | ||
1469 | --- a/net/l2tp/l2tp_ip.c | ||
1470 | +++ b/net/l2tp/l2tp_ip.c | ||
1471 | @@ -20,7 +20,6 @@ | ||
1472 | #include <net/icmp.h> | ||
1473 | #include <net/udp.h> | ||
1474 | #include <net/inet_common.h> | ||
1475 | -#include <net/inet_hashtables.h> | ||
1476 | #include <net/tcp_states.h> | ||
1477 | #include <net/protocol.h> | ||
1478 | #include <net/xfrm.h> | ||
1479 | @@ -209,15 +208,31 @@ discard: | ||
1480 | return 0; | ||
1481 | } | ||
1482 | |||
1483 | -static int l2tp_ip_open(struct sock *sk) | ||
1484 | +static int l2tp_ip_hash(struct sock *sk) | ||
1485 | { | ||
1486 | - /* Prevent autobind. We don't have ports. */ | ||
1487 | - inet_sk(sk)->inet_num = IPPROTO_L2TP; | ||
1488 | + if (sk_unhashed(sk)) { | ||
1489 | + write_lock_bh(&l2tp_ip_lock); | ||
1490 | + sk_add_node(sk, &l2tp_ip_table); | ||
1491 | + write_unlock_bh(&l2tp_ip_lock); | ||
1492 | + } | ||
1493 | + return 0; | ||
1494 | +} | ||
1495 | |||
1496 | +static void l2tp_ip_unhash(struct sock *sk) | ||
1497 | +{ | ||
1498 | + if (sk_unhashed(sk)) | ||
1499 | + return; | ||
1500 | write_lock_bh(&l2tp_ip_lock); | ||
1501 | - sk_add_node(sk, &l2tp_ip_table); | ||
1502 | + sk_del_node_init(sk); | ||
1503 | write_unlock_bh(&l2tp_ip_lock); | ||
1504 | +} | ||
1505 | + | ||
1506 | +static int l2tp_ip_open(struct sock *sk) | ||
1507 | +{ | ||
1508 | + /* Prevent autobind. We don't have ports. */ | ||
1509 | + inet_sk(sk)->inet_num = IPPROTO_L2TP; | ||
1510 | |||
1511 | + l2tp_ip_hash(sk); | ||
1512 | return 0; | ||
1513 | } | ||
1514 | |||
1515 | @@ -594,8 +609,8 @@ static struct proto l2tp_ip_prot = { | ||
1516 | .sendmsg = l2tp_ip_sendmsg, | ||
1517 | .recvmsg = l2tp_ip_recvmsg, | ||
1518 | .backlog_rcv = l2tp_ip_backlog_recv, | ||
1519 | - .hash = inet_hash, | ||
1520 | - .unhash = inet_unhash, | ||
1521 | + .hash = l2tp_ip_hash, | ||
1522 | + .unhash = l2tp_ip_unhash, | ||
1523 | .obj_size = sizeof(struct l2tp_ip_sock), | ||
1524 | #ifdef CONFIG_COMPAT | ||
1525 | .compat_setsockopt = compat_ip_setsockopt, | ||
1526 | diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c | ||
1527 | index d148766f40d1..0fa694bd3f6a 100644 | ||
1528 | --- a/net/l2tp/l2tp_ip6.c | ||
1529 | +++ b/net/l2tp/l2tp_ip6.c | ||
1530 | @@ -20,8 +20,6 @@ | ||
1531 | #include <net/icmp.h> | ||
1532 | #include <net/udp.h> | ||
1533 | #include <net/inet_common.h> | ||
1534 | -#include <net/inet_hashtables.h> | ||
1535 | -#include <net/inet6_hashtables.h> | ||
1536 | #include <net/tcp_states.h> | ||
1537 | #include <net/protocol.h> | ||
1538 | #include <net/xfrm.h> | ||
1539 | @@ -222,15 +220,31 @@ discard: | ||
1540 | return 0; | ||
1541 | } | ||
1542 | |||
1543 | -static int l2tp_ip6_open(struct sock *sk) | ||
1544 | +static int l2tp_ip6_hash(struct sock *sk) | ||
1545 | { | ||
1546 | - /* Prevent autobind. We don't have ports. */ | ||
1547 | - inet_sk(sk)->inet_num = IPPROTO_L2TP; | ||
1548 | + if (sk_unhashed(sk)) { | ||
1549 | + write_lock_bh(&l2tp_ip6_lock); | ||
1550 | + sk_add_node(sk, &l2tp_ip6_table); | ||
1551 | + write_unlock_bh(&l2tp_ip6_lock); | ||
1552 | + } | ||
1553 | + return 0; | ||
1554 | +} | ||
1555 | |||
1556 | +static void l2tp_ip6_unhash(struct sock *sk) | ||
1557 | +{ | ||
1558 | + if (sk_unhashed(sk)) | ||
1559 | + return; | ||
1560 | write_lock_bh(&l2tp_ip6_lock); | ||
1561 | - sk_add_node(sk, &l2tp_ip6_table); | ||
1562 | + sk_del_node_init(sk); | ||
1563 | write_unlock_bh(&l2tp_ip6_lock); | ||
1564 | +} | ||
1565 | + | ||
1566 | +static int l2tp_ip6_open(struct sock *sk) | ||
1567 | +{ | ||
1568 | + /* Prevent autobind. We don't have ports. */ | ||
1569 | + inet_sk(sk)->inet_num = IPPROTO_L2TP; | ||
1570 | |||
1571 | + l2tp_ip6_hash(sk); | ||
1572 | return 0; | ||
1573 | } | ||
1574 | |||
1575 | @@ -728,8 +742,8 @@ static struct proto l2tp_ip6_prot = { | ||
1576 | .sendmsg = l2tp_ip6_sendmsg, | ||
1577 | .recvmsg = l2tp_ip6_recvmsg, | ||
1578 | .backlog_rcv = l2tp_ip6_backlog_recv, | ||
1579 | - .hash = inet6_hash, | ||
1580 | - .unhash = inet_unhash, | ||
1581 | + .hash = l2tp_ip6_hash, | ||
1582 | + .unhash = l2tp_ip6_unhash, | ||
1583 | .obj_size = sizeof(struct l2tp_ip6_sock), | ||
1584 | #ifdef CONFIG_COMPAT | ||
1585 | .compat_setsockopt = compat_ipv6_setsockopt, | ||
1586 | diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c | ||
1587 | index 582a3e4dfce2..7bd6c8199ca6 100644 | ||
1588 | --- a/net/vmw_vsock/af_vsock.c | ||
1589 | +++ b/net/vmw_vsock/af_vsock.c | ||
1590 | @@ -1275,7 +1275,7 @@ static int vsock_accept(struct socket *sock, struct socket *newsock, int flags, | ||
1591 | /* Wait for children sockets to appear; these are the new sockets | ||
1592 | * created upon connection establishment. | ||
1593 | */ | ||
1594 | - timeout = sock_sndtimeo(listener, flags & O_NONBLOCK); | ||
1595 | + timeout = sock_rcvtimeo(listener, flags & O_NONBLOCK); | ||
1596 | prepare_to_wait(sk_sleep(listener), &wait, TASK_INTERRUPTIBLE); | ||
1597 | |||
1598 | while ((connected = vsock_dequeue_accept(listener)) == NULL && |