Contents of /trunk/kernel-magellan/patches-4.14/0110-4.14.11-all-fixes.patch
Parent Directory | Revision Log
Revision 3071 -
(show annotations)
(download)
Wed Jan 17 13:27:01 2018 UTC (6 years, 8 months ago) by niro
File size: 234762 byte(s)
Wed Jan 17 13:27:01 2018 UTC (6 years, 8 months ago) by niro
File size: 234762 byte(s)
-linux-4.14.11
1 | diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt |
2 | index 05496622b4ef..520fdec15bbb 100644 |
3 | --- a/Documentation/admin-guide/kernel-parameters.txt |
4 | +++ b/Documentation/admin-guide/kernel-parameters.txt |
5 | @@ -2685,6 +2685,8 @@ |
6 | steal time is computed, but won't influence scheduler |
7 | behaviour |
8 | |
9 | + nopti [X86-64] Disable kernel page table isolation |
10 | + |
11 | nolapic [X86-32,APIC] Do not enable or use the local APIC. |
12 | |
13 | nolapic_timer [X86-32,APIC] Do not use the local APIC timer. |
14 | @@ -3253,6 +3255,12 @@ |
15 | pt. [PARIDE] |
16 | See Documentation/blockdev/paride.txt. |
17 | |
18 | + pti= [X86_64] |
19 | + Control user/kernel address space isolation: |
20 | + on - enable |
21 | + off - disable |
22 | + auto - default setting |
23 | + |
24 | pty.legacy_count= |
25 | [KNL] Number of legacy pty's. Overwrites compiled-in |
26 | default number. |
27 | diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt |
28 | index 51101708a03a..ad41b3813f0a 100644 |
29 | --- a/Documentation/x86/x86_64/mm.txt |
30 | +++ b/Documentation/x86/x86_64/mm.txt |
31 | @@ -12,6 +12,7 @@ ffffea0000000000 - ffffeaffffffffff (=40 bits) virtual memory map (1TB) |
32 | ... unused hole ... |
33 | ffffec0000000000 - fffffbffffffffff (=44 bits) kasan shadow memory (16TB) |
34 | ... unused hole ... |
35 | +fffffe0000000000 - fffffe7fffffffff (=39 bits) LDT remap for PTI |
36 | fffffe8000000000 - fffffeffffffffff (=39 bits) cpu_entry_area mapping |
37 | ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks |
38 | ... unused hole ... |
39 | @@ -29,8 +30,8 @@ Virtual memory map with 5 level page tables: |
40 | hole caused by [56:63] sign extension |
41 | ff00000000000000 - ff0fffffffffffff (=52 bits) guard hole, reserved for hypervisor |
42 | ff10000000000000 - ff8fffffffffffff (=55 bits) direct mapping of all phys. memory |
43 | -ff90000000000000 - ff91ffffffffffff (=49 bits) hole |
44 | -ff92000000000000 - ffd1ffffffffffff (=54 bits) vmalloc/ioremap space |
45 | +ff90000000000000 - ff9fffffffffffff (=52 bits) LDT remap for PTI |
46 | +ffa0000000000000 - ffd1ffffffffffff (=54 bits) vmalloc/ioremap space (12800 TB) |
47 | ffd2000000000000 - ffd3ffffffffffff (=49 bits) hole |
48 | ffd4000000000000 - ffd5ffffffffffff (=49 bits) virtual memory map (512TB) |
49 | ... unused hole ... |
50 | diff --git a/Makefile b/Makefile |
51 | index 9edfb78836a9..655887067dc7 100644 |
52 | --- a/Makefile |
53 | +++ b/Makefile |
54 | @@ -1,7 +1,7 @@ |
55 | # SPDX-License-Identifier: GPL-2.0 |
56 | VERSION = 4 |
57 | PATCHLEVEL = 14 |
58 | -SUBLEVEL = 10 |
59 | +SUBLEVEL = 11 |
60 | EXTRAVERSION = |
61 | NAME = Petit Gorille |
62 | |
63 | @@ -802,6 +802,9 @@ KBUILD_CFLAGS += $(call cc-disable-warning, pointer-sign) |
64 | # disable invalid "can't wrap" optimizations for signed / pointers |
65 | KBUILD_CFLAGS += $(call cc-option,-fno-strict-overflow) |
66 | |
67 | +# Make sure -fstack-check isn't enabled (like gentoo apparently did) |
68 | +KBUILD_CFLAGS += $(call cc-option,-fno-stack-check,) |
69 | + |
70 | # conserve stack if available |
71 | KBUILD_CFLAGS += $(call cc-option,-fconserve-stack) |
72 | |
73 | diff --git a/arch/sparc/lib/hweight.S b/arch/sparc/lib/hweight.S |
74 | index e5547b22cd18..0ddbbb031822 100644 |
75 | --- a/arch/sparc/lib/hweight.S |
76 | +++ b/arch/sparc/lib/hweight.S |
77 | @@ -44,8 +44,8 @@ EXPORT_SYMBOL(__arch_hweight32) |
78 | .previous |
79 | |
80 | ENTRY(__arch_hweight64) |
81 | - sethi %hi(__sw_hweight16), %g1 |
82 | - jmpl %g1 + %lo(__sw_hweight16), %g0 |
83 | + sethi %hi(__sw_hweight64), %g1 |
84 | + jmpl %g1 + %lo(__sw_hweight64), %g0 |
85 | nop |
86 | ENDPROC(__arch_hweight64) |
87 | EXPORT_SYMBOL(__arch_hweight64) |
88 | diff --git a/arch/x86/boot/compressed/pagetable.c b/arch/x86/boot/compressed/pagetable.c |
89 | index 972319ff5b01..e691ff734cb5 100644 |
90 | --- a/arch/x86/boot/compressed/pagetable.c |
91 | +++ b/arch/x86/boot/compressed/pagetable.c |
92 | @@ -23,6 +23,9 @@ |
93 | */ |
94 | #undef CONFIG_AMD_MEM_ENCRYPT |
95 | |
96 | +/* No PAGE_TABLE_ISOLATION support needed either: */ |
97 | +#undef CONFIG_PAGE_TABLE_ISOLATION |
98 | + |
99 | #include "misc.h" |
100 | |
101 | /* These actually do the work of building the kernel identity maps. */ |
102 | diff --git a/arch/x86/entry/calling.h b/arch/x86/entry/calling.h |
103 | index 3fd8bc560fae..45a63e00a6af 100644 |
104 | --- a/arch/x86/entry/calling.h |
105 | +++ b/arch/x86/entry/calling.h |
106 | @@ -1,6 +1,11 @@ |
107 | /* SPDX-License-Identifier: GPL-2.0 */ |
108 | #include <linux/jump_label.h> |
109 | #include <asm/unwind_hints.h> |
110 | +#include <asm/cpufeatures.h> |
111 | +#include <asm/page_types.h> |
112 | +#include <asm/percpu.h> |
113 | +#include <asm/asm-offsets.h> |
114 | +#include <asm/processor-flags.h> |
115 | |
116 | /* |
117 | |
118 | @@ -187,6 +192,146 @@ For 32-bit we have the following conventions - kernel is built with |
119 | #endif |
120 | .endm |
121 | |
122 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
123 | + |
124 | +/* |
125 | + * PAGE_TABLE_ISOLATION PGDs are 8k. Flip bit 12 to switch between the two |
126 | + * halves: |
127 | + */ |
128 | +#define PTI_SWITCH_PGTABLES_MASK (1<<PAGE_SHIFT) |
129 | +#define PTI_SWITCH_MASK (PTI_SWITCH_PGTABLES_MASK|(1<<X86_CR3_PTI_SWITCH_BIT)) |
130 | + |
131 | +.macro SET_NOFLUSH_BIT reg:req |
132 | + bts $X86_CR3_PCID_NOFLUSH_BIT, \reg |
133 | +.endm |
134 | + |
135 | +.macro ADJUST_KERNEL_CR3 reg:req |
136 | + ALTERNATIVE "", "SET_NOFLUSH_BIT \reg", X86_FEATURE_PCID |
137 | + /* Clear PCID and "PAGE_TABLE_ISOLATION bit", point CR3 at kernel pagetables: */ |
138 | + andq $(~PTI_SWITCH_MASK), \reg |
139 | +.endm |
140 | + |
141 | +.macro SWITCH_TO_KERNEL_CR3 scratch_reg:req |
142 | + ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI |
143 | + mov %cr3, \scratch_reg |
144 | + ADJUST_KERNEL_CR3 \scratch_reg |
145 | + mov \scratch_reg, %cr3 |
146 | +.Lend_\@: |
147 | +.endm |
148 | + |
149 | +#define THIS_CPU_user_pcid_flush_mask \ |
150 | + PER_CPU_VAR(cpu_tlbstate) + TLB_STATE_user_pcid_flush_mask |
151 | + |
152 | +.macro SWITCH_TO_USER_CR3_NOSTACK scratch_reg:req scratch_reg2:req |
153 | + ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI |
154 | + mov %cr3, \scratch_reg |
155 | + |
156 | + ALTERNATIVE "jmp .Lwrcr3_\@", "", X86_FEATURE_PCID |
157 | + |
158 | + /* |
159 | + * Test if the ASID needs a flush. |
160 | + */ |
161 | + movq \scratch_reg, \scratch_reg2 |
162 | + andq $(0x7FF), \scratch_reg /* mask ASID */ |
163 | + bt \scratch_reg, THIS_CPU_user_pcid_flush_mask |
164 | + jnc .Lnoflush_\@ |
165 | + |
166 | + /* Flush needed, clear the bit */ |
167 | + btr \scratch_reg, THIS_CPU_user_pcid_flush_mask |
168 | + movq \scratch_reg2, \scratch_reg |
169 | + jmp .Lwrcr3_\@ |
170 | + |
171 | +.Lnoflush_\@: |
172 | + movq \scratch_reg2, \scratch_reg |
173 | + SET_NOFLUSH_BIT \scratch_reg |
174 | + |
175 | +.Lwrcr3_\@: |
176 | + /* Flip the PGD and ASID to the user version */ |
177 | + orq $(PTI_SWITCH_MASK), \scratch_reg |
178 | + mov \scratch_reg, %cr3 |
179 | +.Lend_\@: |
180 | +.endm |
181 | + |
182 | +.macro SWITCH_TO_USER_CR3_STACK scratch_reg:req |
183 | + pushq %rax |
184 | + SWITCH_TO_USER_CR3_NOSTACK scratch_reg=\scratch_reg scratch_reg2=%rax |
185 | + popq %rax |
186 | +.endm |
187 | + |
188 | +.macro SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg:req save_reg:req |
189 | + ALTERNATIVE "jmp .Ldone_\@", "", X86_FEATURE_PTI |
190 | + movq %cr3, \scratch_reg |
191 | + movq \scratch_reg, \save_reg |
192 | + /* |
193 | + * Is the "switch mask" all zero? That means that both of |
194 | + * these are zero: |
195 | + * |
196 | + * 1. The user/kernel PCID bit, and |
197 | + * 2. The user/kernel "bit" that points CR3 to the |
198 | + * bottom half of the 8k PGD |
199 | + * |
200 | + * That indicates a kernel CR3 value, not a user CR3. |
201 | + */ |
202 | + testq $(PTI_SWITCH_MASK), \scratch_reg |
203 | + jz .Ldone_\@ |
204 | + |
205 | + ADJUST_KERNEL_CR3 \scratch_reg |
206 | + movq \scratch_reg, %cr3 |
207 | + |
208 | +.Ldone_\@: |
209 | +.endm |
210 | + |
211 | +.macro RESTORE_CR3 scratch_reg:req save_reg:req |
212 | + ALTERNATIVE "jmp .Lend_\@", "", X86_FEATURE_PTI |
213 | + |
214 | + ALTERNATIVE "jmp .Lwrcr3_\@", "", X86_FEATURE_PCID |
215 | + |
216 | + /* |
217 | + * KERNEL pages can always resume with NOFLUSH as we do |
218 | + * explicit flushes. |
219 | + */ |
220 | + bt $X86_CR3_PTI_SWITCH_BIT, \save_reg |
221 | + jnc .Lnoflush_\@ |
222 | + |
223 | + /* |
224 | + * Check if there's a pending flush for the user ASID we're |
225 | + * about to set. |
226 | + */ |
227 | + movq \save_reg, \scratch_reg |
228 | + andq $(0x7FF), \scratch_reg |
229 | + bt \scratch_reg, THIS_CPU_user_pcid_flush_mask |
230 | + jnc .Lnoflush_\@ |
231 | + |
232 | + btr \scratch_reg, THIS_CPU_user_pcid_flush_mask |
233 | + jmp .Lwrcr3_\@ |
234 | + |
235 | +.Lnoflush_\@: |
236 | + SET_NOFLUSH_BIT \save_reg |
237 | + |
238 | +.Lwrcr3_\@: |
239 | + /* |
240 | + * The CR3 write could be avoided when not changing its value, |
241 | + * but would require a CR3 read *and* a scratch register. |
242 | + */ |
243 | + movq \save_reg, %cr3 |
244 | +.Lend_\@: |
245 | +.endm |
246 | + |
247 | +#else /* CONFIG_PAGE_TABLE_ISOLATION=n: */ |
248 | + |
249 | +.macro SWITCH_TO_KERNEL_CR3 scratch_reg:req |
250 | +.endm |
251 | +.macro SWITCH_TO_USER_CR3_NOSTACK scratch_reg:req scratch_reg2:req |
252 | +.endm |
253 | +.macro SWITCH_TO_USER_CR3_STACK scratch_reg:req |
254 | +.endm |
255 | +.macro SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg:req save_reg:req |
256 | +.endm |
257 | +.macro RESTORE_CR3 scratch_reg:req save_reg:req |
258 | +.endm |
259 | + |
260 | +#endif |
261 | + |
262 | #endif /* CONFIG_X86_64 */ |
263 | |
264 | /* |
265 | diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S |
266 | index 22c891c3b78d..dd696b966e58 100644 |
267 | --- a/arch/x86/entry/entry_64.S |
268 | +++ b/arch/x86/entry/entry_64.S |
269 | @@ -23,7 +23,6 @@ |
270 | #include <asm/segment.h> |
271 | #include <asm/cache.h> |
272 | #include <asm/errno.h> |
273 | -#include "calling.h" |
274 | #include <asm/asm-offsets.h> |
275 | #include <asm/msr.h> |
276 | #include <asm/unistd.h> |
277 | @@ -40,6 +39,8 @@ |
278 | #include <asm/frame.h> |
279 | #include <linux/err.h> |
280 | |
281 | +#include "calling.h" |
282 | + |
283 | .code64 |
284 | .section .entry.text, "ax" |
285 | |
286 | @@ -164,6 +165,9 @@ ENTRY(entry_SYSCALL_64_trampoline) |
287 | /* Stash the user RSP. */ |
288 | movq %rsp, RSP_SCRATCH |
289 | |
290 | + /* Note: using %rsp as a scratch reg. */ |
291 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp |
292 | + |
293 | /* Load the top of the task stack into RSP */ |
294 | movq CPU_ENTRY_AREA_tss + TSS_sp1 + CPU_ENTRY_AREA, %rsp |
295 | |
296 | @@ -203,6 +207,10 @@ ENTRY(entry_SYSCALL_64) |
297 | */ |
298 | |
299 | swapgs |
300 | + /* |
301 | + * This path is not taken when PAGE_TABLE_ISOLATION is disabled so it |
302 | + * is not required to switch CR3. |
303 | + */ |
304 | movq %rsp, PER_CPU_VAR(rsp_scratch) |
305 | movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp |
306 | |
307 | @@ -399,6 +407,7 @@ syscall_return_via_sysret: |
308 | * We are on the trampoline stack. All regs except RDI are live. |
309 | * We can do future final exit work right here. |
310 | */ |
311 | + SWITCH_TO_USER_CR3_STACK scratch_reg=%rdi |
312 | |
313 | popq %rdi |
314 | popq %rsp |
315 | @@ -736,6 +745,8 @@ GLOBAL(swapgs_restore_regs_and_return_to_usermode) |
316 | * We can do future final exit work right here. |
317 | */ |
318 | |
319 | + SWITCH_TO_USER_CR3_STACK scratch_reg=%rdi |
320 | + |
321 | /* Restore RDI. */ |
322 | popq %rdi |
323 | SWAPGS |
324 | @@ -818,7 +829,9 @@ native_irq_return_ldt: |
325 | */ |
326 | |
327 | pushq %rdi /* Stash user RDI */ |
328 | - SWAPGS |
329 | + SWAPGS /* to kernel GS */ |
330 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi /* to kernel CR3 */ |
331 | + |
332 | movq PER_CPU_VAR(espfix_waddr), %rdi |
333 | movq %rax, (0*8)(%rdi) /* user RAX */ |
334 | movq (1*8)(%rsp), %rax /* user RIP */ |
335 | @@ -834,7 +847,6 @@ native_irq_return_ldt: |
336 | /* Now RAX == RSP. */ |
337 | |
338 | andl $0xffff0000, %eax /* RAX = (RSP & 0xffff0000) */ |
339 | - popq %rdi /* Restore user RDI */ |
340 | |
341 | /* |
342 | * espfix_stack[31:16] == 0. The page tables are set up such that |
343 | @@ -845,7 +857,11 @@ native_irq_return_ldt: |
344 | * still points to an RO alias of the ESPFIX stack. |
345 | */ |
346 | orq PER_CPU_VAR(espfix_stack), %rax |
347 | - SWAPGS |
348 | + |
349 | + SWITCH_TO_USER_CR3_STACK scratch_reg=%rdi |
350 | + SWAPGS /* to user GS */ |
351 | + popq %rdi /* Restore user RDI */ |
352 | + |
353 | movq %rax, %rsp |
354 | UNWIND_HINT_IRET_REGS offset=8 |
355 | |
356 | @@ -945,6 +961,8 @@ ENTRY(switch_to_thread_stack) |
357 | UNWIND_HINT_FUNC |
358 | |
359 | pushq %rdi |
360 | + /* Need to switch before accessing the thread stack. */ |
361 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi |
362 | movq %rsp, %rdi |
363 | movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp |
364 | UNWIND_HINT sp_offset=16 sp_reg=ORC_REG_DI |
365 | @@ -1244,7 +1262,11 @@ ENTRY(paranoid_entry) |
366 | js 1f /* negative -> in kernel */ |
367 | SWAPGS |
368 | xorl %ebx, %ebx |
369 | -1: ret |
370 | + |
371 | +1: |
372 | + SAVE_AND_SWITCH_TO_KERNEL_CR3 scratch_reg=%rax save_reg=%r14 |
373 | + |
374 | + ret |
375 | END(paranoid_entry) |
376 | |
377 | /* |
378 | @@ -1266,6 +1288,7 @@ ENTRY(paranoid_exit) |
379 | testl %ebx, %ebx /* swapgs needed? */ |
380 | jnz .Lparanoid_exit_no_swapgs |
381 | TRACE_IRQS_IRETQ |
382 | + RESTORE_CR3 scratch_reg=%rbx save_reg=%r14 |
383 | SWAPGS_UNSAFE_STACK |
384 | jmp .Lparanoid_exit_restore |
385 | .Lparanoid_exit_no_swapgs: |
386 | @@ -1293,6 +1316,8 @@ ENTRY(error_entry) |
387 | * from user mode due to an IRET fault. |
388 | */ |
389 | SWAPGS |
390 | + /* We have user CR3. Change to kernel CR3. */ |
391 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rax |
392 | |
393 | .Lerror_entry_from_usermode_after_swapgs: |
394 | /* Put us onto the real thread stack. */ |
395 | @@ -1339,6 +1364,7 @@ ENTRY(error_entry) |
396 | * .Lgs_change's error handler with kernel gsbase. |
397 | */ |
398 | SWAPGS |
399 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rax |
400 | jmp .Lerror_entry_done |
401 | |
402 | .Lbstep_iret: |
403 | @@ -1348,10 +1374,11 @@ ENTRY(error_entry) |
404 | |
405 | .Lerror_bad_iret: |
406 | /* |
407 | - * We came from an IRET to user mode, so we have user gsbase. |
408 | - * Switch to kernel gsbase: |
409 | + * We came from an IRET to user mode, so we have user |
410 | + * gsbase and CR3. Switch to kernel gsbase and CR3: |
411 | */ |
412 | SWAPGS |
413 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rax |
414 | |
415 | /* |
416 | * Pretend that the exception came from user mode: set up pt_regs |
417 | @@ -1383,6 +1410,10 @@ END(error_exit) |
418 | /* |
419 | * Runs on exception stack. Xen PV does not go through this path at all, |
420 | * so we can use real assembly here. |
421 | + * |
422 | + * Registers: |
423 | + * %r14: Used to save/restore the CR3 of the interrupted context |
424 | + * when PAGE_TABLE_ISOLATION is in use. Do not clobber. |
425 | */ |
426 | ENTRY(nmi) |
427 | UNWIND_HINT_IRET_REGS |
428 | @@ -1446,6 +1477,7 @@ ENTRY(nmi) |
429 | |
430 | swapgs |
431 | cld |
432 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rdx |
433 | movq %rsp, %rdx |
434 | movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp |
435 | UNWIND_HINT_IRET_REGS base=%rdx offset=8 |
436 | @@ -1698,6 +1730,8 @@ end_repeat_nmi: |
437 | movq $-1, %rsi |
438 | call do_nmi |
439 | |
440 | + RESTORE_CR3 scratch_reg=%r15 save_reg=%r14 |
441 | + |
442 | testl %ebx, %ebx /* swapgs needed? */ |
443 | jnz nmi_restore |
444 | nmi_swapgs: |
445 | diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S |
446 | index 95ad40eb7eff..40f17009ec20 100644 |
447 | --- a/arch/x86/entry/entry_64_compat.S |
448 | +++ b/arch/x86/entry/entry_64_compat.S |
449 | @@ -49,6 +49,10 @@ |
450 | ENTRY(entry_SYSENTER_compat) |
451 | /* Interrupts are off on entry. */ |
452 | SWAPGS |
453 | + |
454 | + /* We are about to clobber %rsp anyway, clobbering here is OK */ |
455 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rsp |
456 | + |
457 | movq PER_CPU_VAR(cpu_current_top_of_stack), %rsp |
458 | |
459 | /* |
460 | @@ -215,6 +219,12 @@ GLOBAL(entry_SYSCALL_compat_after_hwframe) |
461 | pushq $0 /* pt_regs->r14 = 0 */ |
462 | pushq $0 /* pt_regs->r15 = 0 */ |
463 | |
464 | + /* |
465 | + * We just saved %rdi so it is safe to clobber. It is not |
466 | + * preserved during the C calls inside TRACE_IRQS_OFF anyway. |
467 | + */ |
468 | + SWITCH_TO_KERNEL_CR3 scratch_reg=%rdi |
469 | + |
470 | /* |
471 | * User mode is traced as though IRQs are on, and SYSENTER |
472 | * turned them off. |
473 | @@ -256,10 +266,22 @@ sysret32_from_system_call: |
474 | * when the system call started, which is already known to user |
475 | * code. We zero R8-R10 to avoid info leaks. |
476 | */ |
477 | + movq RSP-ORIG_RAX(%rsp), %rsp |
478 | + |
479 | + /* |
480 | + * The original userspace %rsp (RSP-ORIG_RAX(%rsp)) is stored |
481 | + * on the process stack which is not mapped to userspace and |
482 | + * not readable after we SWITCH_TO_USER_CR3. Delay the CR3 |
483 | + * switch until after after the last reference to the process |
484 | + * stack. |
485 | + * |
486 | + * %r8/%r9 are zeroed before the sysret, thus safe to clobber. |
487 | + */ |
488 | + SWITCH_TO_USER_CR3_NOSTACK scratch_reg=%r8 scratch_reg2=%r9 |
489 | + |
490 | xorq %r8, %r8 |
491 | xorq %r9, %r9 |
492 | xorq %r10, %r10 |
493 | - movq RSP-ORIG_RAX(%rsp), %rsp |
494 | swapgs |
495 | sysretl |
496 | END(entry_SYSCALL_compat) |
497 | diff --git a/arch/x86/entry/vsyscall/vsyscall_64.c b/arch/x86/entry/vsyscall/vsyscall_64.c |
498 | index 1faf40f2dda9..577fa8adb785 100644 |
499 | --- a/arch/x86/entry/vsyscall/vsyscall_64.c |
500 | +++ b/arch/x86/entry/vsyscall/vsyscall_64.c |
501 | @@ -344,14 +344,14 @@ int in_gate_area_no_mm(unsigned long addr) |
502 | * vsyscalls but leave the page not present. If so, we skip calling |
503 | * this. |
504 | */ |
505 | -static void __init set_vsyscall_pgtable_user_bits(void) |
506 | +void __init set_vsyscall_pgtable_user_bits(pgd_t *root) |
507 | { |
508 | pgd_t *pgd; |
509 | p4d_t *p4d; |
510 | pud_t *pud; |
511 | pmd_t *pmd; |
512 | |
513 | - pgd = pgd_offset_k(VSYSCALL_ADDR); |
514 | + pgd = pgd_offset_pgd(root, VSYSCALL_ADDR); |
515 | set_pgd(pgd, __pgd(pgd_val(*pgd) | _PAGE_USER)); |
516 | p4d = p4d_offset(pgd, VSYSCALL_ADDR); |
517 | #if CONFIG_PGTABLE_LEVELS >= 5 |
518 | @@ -373,7 +373,7 @@ void __init map_vsyscall(void) |
519 | vsyscall_mode == NATIVE |
520 | ? PAGE_KERNEL_VSYSCALL |
521 | : PAGE_KERNEL_VVAR); |
522 | - set_vsyscall_pgtable_user_bits(); |
523 | + set_vsyscall_pgtable_user_bits(swapper_pg_dir); |
524 | } |
525 | |
526 | BUILD_BUG_ON((unsigned long)__fix_to_virt(VSYSCALL_PAGE) != |
527 | diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c |
528 | index 3674a4b6f8bd..8f0aace08b87 100644 |
529 | --- a/arch/x86/events/intel/ds.c |
530 | +++ b/arch/x86/events/intel/ds.c |
531 | @@ -3,16 +3,18 @@ |
532 | #include <linux/types.h> |
533 | #include <linux/slab.h> |
534 | |
535 | +#include <asm/cpu_entry_area.h> |
536 | #include <asm/perf_event.h> |
537 | #include <asm/insn.h> |
538 | |
539 | #include "../perf_event.h" |
540 | |
541 | +/* Waste a full page so it can be mapped into the cpu_entry_area */ |
542 | +DEFINE_PER_CPU_PAGE_ALIGNED(struct debug_store, cpu_debug_store); |
543 | + |
544 | /* The size of a BTS record in bytes: */ |
545 | #define BTS_RECORD_SIZE 24 |
546 | |
547 | -#define BTS_BUFFER_SIZE (PAGE_SIZE << 4) |
548 | -#define PEBS_BUFFER_SIZE (PAGE_SIZE << 4) |
549 | #define PEBS_FIXUP_SIZE PAGE_SIZE |
550 | |
551 | /* |
552 | @@ -279,17 +281,52 @@ void fini_debug_store_on_cpu(int cpu) |
553 | |
554 | static DEFINE_PER_CPU(void *, insn_buffer); |
555 | |
556 | -static int alloc_pebs_buffer(int cpu) |
557 | +static void ds_update_cea(void *cea, void *addr, size_t size, pgprot_t prot) |
558 | { |
559 | - struct debug_store *ds = per_cpu(cpu_hw_events, cpu).ds; |
560 | + phys_addr_t pa; |
561 | + size_t msz = 0; |
562 | + |
563 | + pa = virt_to_phys(addr); |
564 | + for (; msz < size; msz += PAGE_SIZE, pa += PAGE_SIZE, cea += PAGE_SIZE) |
565 | + cea_set_pte(cea, pa, prot); |
566 | +} |
567 | + |
568 | +static void ds_clear_cea(void *cea, size_t size) |
569 | +{ |
570 | + size_t msz = 0; |
571 | + |
572 | + for (; msz < size; msz += PAGE_SIZE, cea += PAGE_SIZE) |
573 | + cea_set_pte(cea, 0, PAGE_NONE); |
574 | +} |
575 | + |
576 | +static void *dsalloc_pages(size_t size, gfp_t flags, int cpu) |
577 | +{ |
578 | + unsigned int order = get_order(size); |
579 | int node = cpu_to_node(cpu); |
580 | - int max; |
581 | - void *buffer, *ibuffer; |
582 | + struct page *page; |
583 | + |
584 | + page = __alloc_pages_node(node, flags | __GFP_ZERO, order); |
585 | + return page ? page_address(page) : NULL; |
586 | +} |
587 | + |
588 | +static void dsfree_pages(const void *buffer, size_t size) |
589 | +{ |
590 | + if (buffer) |
591 | + free_pages((unsigned long)buffer, get_order(size)); |
592 | +} |
593 | + |
594 | +static int alloc_pebs_buffer(int cpu) |
595 | +{ |
596 | + struct cpu_hw_events *hwev = per_cpu_ptr(&cpu_hw_events, cpu); |
597 | + struct debug_store *ds = hwev->ds; |
598 | + size_t bsiz = x86_pmu.pebs_buffer_size; |
599 | + int max, node = cpu_to_node(cpu); |
600 | + void *buffer, *ibuffer, *cea; |
601 | |
602 | if (!x86_pmu.pebs) |
603 | return 0; |
604 | |
605 | - buffer = kzalloc_node(x86_pmu.pebs_buffer_size, GFP_KERNEL, node); |
606 | + buffer = dsalloc_pages(bsiz, GFP_KERNEL, cpu); |
607 | if (unlikely(!buffer)) |
608 | return -ENOMEM; |
609 | |
610 | @@ -300,25 +337,27 @@ static int alloc_pebs_buffer(int cpu) |
611 | if (x86_pmu.intel_cap.pebs_format < 2) { |
612 | ibuffer = kzalloc_node(PEBS_FIXUP_SIZE, GFP_KERNEL, node); |
613 | if (!ibuffer) { |
614 | - kfree(buffer); |
615 | + dsfree_pages(buffer, bsiz); |
616 | return -ENOMEM; |
617 | } |
618 | per_cpu(insn_buffer, cpu) = ibuffer; |
619 | } |
620 | - |
621 | - max = x86_pmu.pebs_buffer_size / x86_pmu.pebs_record_size; |
622 | - |
623 | - ds->pebs_buffer_base = (u64)(unsigned long)buffer; |
624 | + hwev->ds_pebs_vaddr = buffer; |
625 | + /* Update the cpu entry area mapping */ |
626 | + cea = &get_cpu_entry_area(cpu)->cpu_debug_buffers.pebs_buffer; |
627 | + ds->pebs_buffer_base = (unsigned long) cea; |
628 | + ds_update_cea(cea, buffer, bsiz, PAGE_KERNEL); |
629 | ds->pebs_index = ds->pebs_buffer_base; |
630 | - ds->pebs_absolute_maximum = ds->pebs_buffer_base + |
631 | - max * x86_pmu.pebs_record_size; |
632 | - |
633 | + max = x86_pmu.pebs_record_size * (bsiz / x86_pmu.pebs_record_size); |
634 | + ds->pebs_absolute_maximum = ds->pebs_buffer_base + max; |
635 | return 0; |
636 | } |
637 | |
638 | static void release_pebs_buffer(int cpu) |
639 | { |
640 | - struct debug_store *ds = per_cpu(cpu_hw_events, cpu).ds; |
641 | + struct cpu_hw_events *hwev = per_cpu_ptr(&cpu_hw_events, cpu); |
642 | + struct debug_store *ds = hwev->ds; |
643 | + void *cea; |
644 | |
645 | if (!ds || !x86_pmu.pebs) |
646 | return; |
647 | @@ -326,73 +365,70 @@ static void release_pebs_buffer(int cpu) |
648 | kfree(per_cpu(insn_buffer, cpu)); |
649 | per_cpu(insn_buffer, cpu) = NULL; |
650 | |
651 | - kfree((void *)(unsigned long)ds->pebs_buffer_base); |
652 | + /* Clear the fixmap */ |
653 | + cea = &get_cpu_entry_area(cpu)->cpu_debug_buffers.pebs_buffer; |
654 | + ds_clear_cea(cea, x86_pmu.pebs_buffer_size); |
655 | ds->pebs_buffer_base = 0; |
656 | + dsfree_pages(hwev->ds_pebs_vaddr, x86_pmu.pebs_buffer_size); |
657 | + hwev->ds_pebs_vaddr = NULL; |
658 | } |
659 | |
660 | static int alloc_bts_buffer(int cpu) |
661 | { |
662 | - struct debug_store *ds = per_cpu(cpu_hw_events, cpu).ds; |
663 | - int node = cpu_to_node(cpu); |
664 | - int max, thresh; |
665 | - void *buffer; |
666 | + struct cpu_hw_events *hwev = per_cpu_ptr(&cpu_hw_events, cpu); |
667 | + struct debug_store *ds = hwev->ds; |
668 | + void *buffer, *cea; |
669 | + int max; |
670 | |
671 | if (!x86_pmu.bts) |
672 | return 0; |
673 | |
674 | - buffer = kzalloc_node(BTS_BUFFER_SIZE, GFP_KERNEL | __GFP_NOWARN, node); |
675 | + buffer = dsalloc_pages(BTS_BUFFER_SIZE, GFP_KERNEL | __GFP_NOWARN, cpu); |
676 | if (unlikely(!buffer)) { |
677 | WARN_ONCE(1, "%s: BTS buffer allocation failure\n", __func__); |
678 | return -ENOMEM; |
679 | } |
680 | - |
681 | - max = BTS_BUFFER_SIZE / BTS_RECORD_SIZE; |
682 | - thresh = max / 16; |
683 | - |
684 | - ds->bts_buffer_base = (u64)(unsigned long)buffer; |
685 | + hwev->ds_bts_vaddr = buffer; |
686 | + /* Update the fixmap */ |
687 | + cea = &get_cpu_entry_area(cpu)->cpu_debug_buffers.bts_buffer; |
688 | + ds->bts_buffer_base = (unsigned long) cea; |
689 | + ds_update_cea(cea, buffer, BTS_BUFFER_SIZE, PAGE_KERNEL); |
690 | ds->bts_index = ds->bts_buffer_base; |
691 | - ds->bts_absolute_maximum = ds->bts_buffer_base + |
692 | - max * BTS_RECORD_SIZE; |
693 | - ds->bts_interrupt_threshold = ds->bts_absolute_maximum - |
694 | - thresh * BTS_RECORD_SIZE; |
695 | - |
696 | + max = BTS_RECORD_SIZE * (BTS_BUFFER_SIZE / BTS_RECORD_SIZE); |
697 | + ds->bts_absolute_maximum = ds->bts_buffer_base + max; |
698 | + ds->bts_interrupt_threshold = ds->bts_absolute_maximum - (max / 16); |
699 | return 0; |
700 | } |
701 | |
702 | static void release_bts_buffer(int cpu) |
703 | { |
704 | - struct debug_store *ds = per_cpu(cpu_hw_events, cpu).ds; |
705 | + struct cpu_hw_events *hwev = per_cpu_ptr(&cpu_hw_events, cpu); |
706 | + struct debug_store *ds = hwev->ds; |
707 | + void *cea; |
708 | |
709 | if (!ds || !x86_pmu.bts) |
710 | return; |
711 | |
712 | - kfree((void *)(unsigned long)ds->bts_buffer_base); |
713 | + /* Clear the fixmap */ |
714 | + cea = &get_cpu_entry_area(cpu)->cpu_debug_buffers.bts_buffer; |
715 | + ds_clear_cea(cea, BTS_BUFFER_SIZE); |
716 | ds->bts_buffer_base = 0; |
717 | + dsfree_pages(hwev->ds_bts_vaddr, BTS_BUFFER_SIZE); |
718 | + hwev->ds_bts_vaddr = NULL; |
719 | } |
720 | |
721 | static int alloc_ds_buffer(int cpu) |
722 | { |
723 | - int node = cpu_to_node(cpu); |
724 | - struct debug_store *ds; |
725 | - |
726 | - ds = kzalloc_node(sizeof(*ds), GFP_KERNEL, node); |
727 | - if (unlikely(!ds)) |
728 | - return -ENOMEM; |
729 | + struct debug_store *ds = &get_cpu_entry_area(cpu)->cpu_debug_store; |
730 | |
731 | + memset(ds, 0, sizeof(*ds)); |
732 | per_cpu(cpu_hw_events, cpu).ds = ds; |
733 | - |
734 | return 0; |
735 | } |
736 | |
737 | static void release_ds_buffer(int cpu) |
738 | { |
739 | - struct debug_store *ds = per_cpu(cpu_hw_events, cpu).ds; |
740 | - |
741 | - if (!ds) |
742 | - return; |
743 | - |
744 | per_cpu(cpu_hw_events, cpu).ds = NULL; |
745 | - kfree(ds); |
746 | } |
747 | |
748 | void release_ds_buffers(void) |
749 | diff --git a/arch/x86/events/perf_event.h b/arch/x86/events/perf_event.h |
750 | index f7aaadf9331f..8e4ea143ed96 100644 |
751 | --- a/arch/x86/events/perf_event.h |
752 | +++ b/arch/x86/events/perf_event.h |
753 | @@ -14,6 +14,8 @@ |
754 | |
755 | #include <linux/perf_event.h> |
756 | |
757 | +#include <asm/intel_ds.h> |
758 | + |
759 | /* To enable MSR tracing please use the generic trace points. */ |
760 | |
761 | /* |
762 | @@ -77,8 +79,6 @@ struct amd_nb { |
763 | struct event_constraint event_constraints[X86_PMC_IDX_MAX]; |
764 | }; |
765 | |
766 | -/* The maximal number of PEBS events: */ |
767 | -#define MAX_PEBS_EVENTS 8 |
768 | #define PEBS_COUNTER_MASK ((1ULL << MAX_PEBS_EVENTS) - 1) |
769 | |
770 | /* |
771 | @@ -95,23 +95,6 @@ struct amd_nb { |
772 | PERF_SAMPLE_TRANSACTION | PERF_SAMPLE_PHYS_ADDR | \ |
773 | PERF_SAMPLE_REGS_INTR | PERF_SAMPLE_REGS_USER) |
774 | |
775 | -/* |
776 | - * A debug store configuration. |
777 | - * |
778 | - * We only support architectures that use 64bit fields. |
779 | - */ |
780 | -struct debug_store { |
781 | - u64 bts_buffer_base; |
782 | - u64 bts_index; |
783 | - u64 bts_absolute_maximum; |
784 | - u64 bts_interrupt_threshold; |
785 | - u64 pebs_buffer_base; |
786 | - u64 pebs_index; |
787 | - u64 pebs_absolute_maximum; |
788 | - u64 pebs_interrupt_threshold; |
789 | - u64 pebs_event_reset[MAX_PEBS_EVENTS]; |
790 | -}; |
791 | - |
792 | #define PEBS_REGS \ |
793 | (PERF_REG_X86_AX | \ |
794 | PERF_REG_X86_BX | \ |
795 | @@ -216,6 +199,8 @@ struct cpu_hw_events { |
796 | * Intel DebugStore bits |
797 | */ |
798 | struct debug_store *ds; |
799 | + void *ds_pebs_vaddr; |
800 | + void *ds_bts_vaddr; |
801 | u64 pebs_enabled; |
802 | int n_pebs; |
803 | int n_large_pebs; |
804 | diff --git a/arch/x86/include/asm/cpu_entry_area.h b/arch/x86/include/asm/cpu_entry_area.h |
805 | index 2fbc69a0916e..4a7884b8dca5 100644 |
806 | --- a/arch/x86/include/asm/cpu_entry_area.h |
807 | +++ b/arch/x86/include/asm/cpu_entry_area.h |
808 | @@ -5,6 +5,7 @@ |
809 | |
810 | #include <linux/percpu-defs.h> |
811 | #include <asm/processor.h> |
812 | +#include <asm/intel_ds.h> |
813 | |
814 | /* |
815 | * cpu_entry_area is a percpu region that contains things needed by the CPU |
816 | @@ -40,6 +41,18 @@ struct cpu_entry_area { |
817 | */ |
818 | char exception_stacks[(N_EXCEPTION_STACKS - 1) * EXCEPTION_STKSZ + DEBUG_STKSZ]; |
819 | #endif |
820 | +#ifdef CONFIG_CPU_SUP_INTEL |
821 | + /* |
822 | + * Per CPU debug store for Intel performance monitoring. Wastes a |
823 | + * full page at the moment. |
824 | + */ |
825 | + struct debug_store cpu_debug_store; |
826 | + /* |
827 | + * The actual PEBS/BTS buffers must be mapped to user space |
828 | + * Reserve enough fixmap PTEs. |
829 | + */ |
830 | + struct debug_store_buffers cpu_debug_buffers; |
831 | +#endif |
832 | }; |
833 | |
834 | #define CPU_ENTRY_AREA_SIZE (sizeof(struct cpu_entry_area)) |
835 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h |
836 | index 800104c8a3ed..07cdd1715705 100644 |
837 | --- a/arch/x86/include/asm/cpufeatures.h |
838 | +++ b/arch/x86/include/asm/cpufeatures.h |
839 | @@ -197,11 +197,12 @@ |
840 | #define X86_FEATURE_CAT_L3 ( 7*32+ 4) /* Cache Allocation Technology L3 */ |
841 | #define X86_FEATURE_CAT_L2 ( 7*32+ 5) /* Cache Allocation Technology L2 */ |
842 | #define X86_FEATURE_CDP_L3 ( 7*32+ 6) /* Code and Data Prioritization L3 */ |
843 | +#define X86_FEATURE_INVPCID_SINGLE ( 7*32+ 7) /* Effectively INVPCID && CR4.PCIDE=1 */ |
844 | |
845 | #define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */ |
846 | #define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */ |
847 | #define X86_FEATURE_SME ( 7*32+10) /* AMD Secure Memory Encryption */ |
848 | - |
849 | +#define X86_FEATURE_PTI ( 7*32+11) /* Kernel Page Table Isolation enabled */ |
850 | #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */ |
851 | #define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ |
852 | #define X86_FEATURE_AVX512_4VNNIW ( 7*32+16) /* AVX-512 Neural Network Instructions */ |
853 | @@ -340,5 +341,6 @@ |
854 | #define X86_BUG_SWAPGS_FENCE X86_BUG(11) /* SWAPGS without input dep on GS */ |
855 | #define X86_BUG_MONITOR X86_BUG(12) /* IPI required to wake up remote CPU */ |
856 | #define X86_BUG_AMD_E400 X86_BUG(13) /* CPU is among the affected by Erratum 400 */ |
857 | +#define X86_BUG_CPU_INSECURE X86_BUG(14) /* CPU is insecure and needs kernel page table isolation */ |
858 | |
859 | #endif /* _ASM_X86_CPUFEATURES_H */ |
860 | diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h |
861 | index bc359dd2f7f6..85e23bb7b34e 100644 |
862 | --- a/arch/x86/include/asm/desc.h |
863 | +++ b/arch/x86/include/asm/desc.h |
864 | @@ -21,6 +21,8 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in |
865 | |
866 | desc->type = (info->read_exec_only ^ 1) << 1; |
867 | desc->type |= info->contents << 2; |
868 | + /* Set the ACCESS bit so it can be mapped RO */ |
869 | + desc->type |= 1; |
870 | |
871 | desc->s = 1; |
872 | desc->dpl = 0x3; |
873 | diff --git a/arch/x86/include/asm/disabled-features.h b/arch/x86/include/asm/disabled-features.h |
874 | index c10c9128f54e..e428e16dd822 100644 |
875 | --- a/arch/x86/include/asm/disabled-features.h |
876 | +++ b/arch/x86/include/asm/disabled-features.h |
877 | @@ -44,6 +44,12 @@ |
878 | # define DISABLE_LA57 (1<<(X86_FEATURE_LA57 & 31)) |
879 | #endif |
880 | |
881 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
882 | +# define DISABLE_PTI 0 |
883 | +#else |
884 | +# define DISABLE_PTI (1 << (X86_FEATURE_PTI & 31)) |
885 | +#endif |
886 | + |
887 | /* |
888 | * Make sure to add features to the correct mask |
889 | */ |
890 | @@ -54,7 +60,7 @@ |
891 | #define DISABLED_MASK4 (DISABLE_PCID) |
892 | #define DISABLED_MASK5 0 |
893 | #define DISABLED_MASK6 0 |
894 | -#define DISABLED_MASK7 0 |
895 | +#define DISABLED_MASK7 (DISABLE_PTI) |
896 | #define DISABLED_MASK8 0 |
897 | #define DISABLED_MASK9 (DISABLE_MPX) |
898 | #define DISABLED_MASK10 0 |
899 | diff --git a/arch/x86/include/asm/intel_ds.h b/arch/x86/include/asm/intel_ds.h |
900 | new file mode 100644 |
901 | index 000000000000..62a9f4966b42 |
902 | --- /dev/null |
903 | +++ b/arch/x86/include/asm/intel_ds.h |
904 | @@ -0,0 +1,36 @@ |
905 | +#ifndef _ASM_INTEL_DS_H |
906 | +#define _ASM_INTEL_DS_H |
907 | + |
908 | +#include <linux/percpu-defs.h> |
909 | + |
910 | +#define BTS_BUFFER_SIZE (PAGE_SIZE << 4) |
911 | +#define PEBS_BUFFER_SIZE (PAGE_SIZE << 4) |
912 | + |
913 | +/* The maximal number of PEBS events: */ |
914 | +#define MAX_PEBS_EVENTS 8 |
915 | + |
916 | +/* |
917 | + * A debug store configuration. |
918 | + * |
919 | + * We only support architectures that use 64bit fields. |
920 | + */ |
921 | +struct debug_store { |
922 | + u64 bts_buffer_base; |
923 | + u64 bts_index; |
924 | + u64 bts_absolute_maximum; |
925 | + u64 bts_interrupt_threshold; |
926 | + u64 pebs_buffer_base; |
927 | + u64 pebs_index; |
928 | + u64 pebs_absolute_maximum; |
929 | + u64 pebs_interrupt_threshold; |
930 | + u64 pebs_event_reset[MAX_PEBS_EVENTS]; |
931 | +} __aligned(PAGE_SIZE); |
932 | + |
933 | +DECLARE_PER_CPU_PAGE_ALIGNED(struct debug_store, cpu_debug_store); |
934 | + |
935 | +struct debug_store_buffers { |
936 | + char bts_buffer[BTS_BUFFER_SIZE]; |
937 | + char pebs_buffer[PEBS_BUFFER_SIZE]; |
938 | +}; |
939 | + |
940 | +#endif |
941 | diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h |
942 | index 5ede7cae1d67..c931b88982a0 100644 |
943 | --- a/arch/x86/include/asm/mmu_context.h |
944 | +++ b/arch/x86/include/asm/mmu_context.h |
945 | @@ -50,10 +50,33 @@ struct ldt_struct { |
946 | * call gates. On native, we could merge the ldt_struct and LDT |
947 | * allocations, but it's not worth trying to optimize. |
948 | */ |
949 | - struct desc_struct *entries; |
950 | - unsigned int nr_entries; |
951 | + struct desc_struct *entries; |
952 | + unsigned int nr_entries; |
953 | + |
954 | + /* |
955 | + * If PTI is in use, then the entries array is not mapped while we're |
956 | + * in user mode. The whole array will be aliased at the addressed |
957 | + * given by ldt_slot_va(slot). We use two slots so that we can allocate |
958 | + * and map, and enable a new LDT without invalidating the mapping |
959 | + * of an older, still-in-use LDT. |
960 | + * |
961 | + * slot will be -1 if this LDT doesn't have an alias mapping. |
962 | + */ |
963 | + int slot; |
964 | }; |
965 | |
966 | +/* This is a multiple of PAGE_SIZE. */ |
967 | +#define LDT_SLOT_STRIDE (LDT_ENTRIES * LDT_ENTRY_SIZE) |
968 | + |
969 | +static inline void *ldt_slot_va(int slot) |
970 | +{ |
971 | +#ifdef CONFIG_X86_64 |
972 | + return (void *)(LDT_BASE_ADDR + LDT_SLOT_STRIDE * slot); |
973 | +#else |
974 | + BUG(); |
975 | +#endif |
976 | +} |
977 | + |
978 | /* |
979 | * Used for LDT copy/destruction. |
980 | */ |
981 | @@ -64,6 +87,7 @@ static inline void init_new_context_ldt(struct mm_struct *mm) |
982 | } |
983 | int ldt_dup_context(struct mm_struct *oldmm, struct mm_struct *mm); |
984 | void destroy_context_ldt(struct mm_struct *mm); |
985 | +void ldt_arch_exit_mmap(struct mm_struct *mm); |
986 | #else /* CONFIG_MODIFY_LDT_SYSCALL */ |
987 | static inline void init_new_context_ldt(struct mm_struct *mm) { } |
988 | static inline int ldt_dup_context(struct mm_struct *oldmm, |
989 | @@ -71,7 +95,8 @@ static inline int ldt_dup_context(struct mm_struct *oldmm, |
990 | { |
991 | return 0; |
992 | } |
993 | -static inline void destroy_context_ldt(struct mm_struct *mm) {} |
994 | +static inline void destroy_context_ldt(struct mm_struct *mm) { } |
995 | +static inline void ldt_arch_exit_mmap(struct mm_struct *mm) { } |
996 | #endif |
997 | |
998 | static inline void load_mm_ldt(struct mm_struct *mm) |
999 | @@ -96,10 +121,31 @@ static inline void load_mm_ldt(struct mm_struct *mm) |
1000 | * that we can see. |
1001 | */ |
1002 | |
1003 | - if (unlikely(ldt)) |
1004 | - set_ldt(ldt->entries, ldt->nr_entries); |
1005 | - else |
1006 | + if (unlikely(ldt)) { |
1007 | + if (static_cpu_has(X86_FEATURE_PTI)) { |
1008 | + if (WARN_ON_ONCE((unsigned long)ldt->slot > 1)) { |
1009 | + /* |
1010 | + * Whoops -- either the new LDT isn't mapped |
1011 | + * (if slot == -1) or is mapped into a bogus |
1012 | + * slot (if slot > 1). |
1013 | + */ |
1014 | + clear_LDT(); |
1015 | + return; |
1016 | + } |
1017 | + |
1018 | + /* |
1019 | + * If page table isolation is enabled, ldt->entries |
1020 | + * will not be mapped in the userspace pagetables. |
1021 | + * Tell the CPU to access the LDT through the alias |
1022 | + * at ldt_slot_va(ldt->slot). |
1023 | + */ |
1024 | + set_ldt(ldt_slot_va(ldt->slot), ldt->nr_entries); |
1025 | + } else { |
1026 | + set_ldt(ldt->entries, ldt->nr_entries); |
1027 | + } |
1028 | + } else { |
1029 | clear_LDT(); |
1030 | + } |
1031 | #else |
1032 | clear_LDT(); |
1033 | #endif |
1034 | @@ -194,6 +240,7 @@ static inline int arch_dup_mmap(struct mm_struct *oldmm, struct mm_struct *mm) |
1035 | static inline void arch_exit_mmap(struct mm_struct *mm) |
1036 | { |
1037 | paravirt_arch_exit_mmap(mm); |
1038 | + ldt_arch_exit_mmap(mm); |
1039 | } |
1040 | |
1041 | #ifdef CONFIG_X86_64 |
1042 | diff --git a/arch/x86/include/asm/pgalloc.h b/arch/x86/include/asm/pgalloc.h |
1043 | index 4b5e1eafada7..aff42e1da6ee 100644 |
1044 | --- a/arch/x86/include/asm/pgalloc.h |
1045 | +++ b/arch/x86/include/asm/pgalloc.h |
1046 | @@ -30,6 +30,17 @@ static inline void paravirt_release_p4d(unsigned long pfn) {} |
1047 | */ |
1048 | extern gfp_t __userpte_alloc_gfp; |
1049 | |
1050 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1051 | +/* |
1052 | + * Instead of one PGD, we acquire two PGDs. Being order-1, it is |
1053 | + * both 8k in size and 8k-aligned. That lets us just flip bit 12 |
1054 | + * in a pointer to swap between the two 4k halves. |
1055 | + */ |
1056 | +#define PGD_ALLOCATION_ORDER 1 |
1057 | +#else |
1058 | +#define PGD_ALLOCATION_ORDER 0 |
1059 | +#endif |
1060 | + |
1061 | /* |
1062 | * Allocate and free page tables. |
1063 | */ |
1064 | diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h |
1065 | index f02de8bc1f72..211368922cad 100644 |
1066 | --- a/arch/x86/include/asm/pgtable.h |
1067 | +++ b/arch/x86/include/asm/pgtable.h |
1068 | @@ -28,6 +28,7 @@ extern pgd_t early_top_pgt[PTRS_PER_PGD]; |
1069 | int __init __early_make_pgtable(unsigned long address, pmdval_t pmd); |
1070 | |
1071 | void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd); |
1072 | +void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd, bool user); |
1073 | void ptdump_walk_pgd_level_checkwx(void); |
1074 | |
1075 | #ifdef CONFIG_DEBUG_WX |
1076 | @@ -846,7 +847,12 @@ static inline pud_t *pud_offset(p4d_t *p4d, unsigned long address) |
1077 | |
1078 | static inline int p4d_bad(p4d_t p4d) |
1079 | { |
1080 | - return (p4d_flags(p4d) & ~(_KERNPG_TABLE | _PAGE_USER)) != 0; |
1081 | + unsigned long ignore_flags = _KERNPG_TABLE | _PAGE_USER; |
1082 | + |
1083 | + if (IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION)) |
1084 | + ignore_flags |= _PAGE_NX; |
1085 | + |
1086 | + return (p4d_flags(p4d) & ~ignore_flags) != 0; |
1087 | } |
1088 | #endif /* CONFIG_PGTABLE_LEVELS > 3 */ |
1089 | |
1090 | @@ -880,7 +886,12 @@ static inline p4d_t *p4d_offset(pgd_t *pgd, unsigned long address) |
1091 | |
1092 | static inline int pgd_bad(pgd_t pgd) |
1093 | { |
1094 | - return (pgd_flags(pgd) & ~_PAGE_USER) != _KERNPG_TABLE; |
1095 | + unsigned long ignore_flags = _PAGE_USER; |
1096 | + |
1097 | + if (IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION)) |
1098 | + ignore_flags |= _PAGE_NX; |
1099 | + |
1100 | + return (pgd_flags(pgd) & ~ignore_flags) != _KERNPG_TABLE; |
1101 | } |
1102 | |
1103 | static inline int pgd_none(pgd_t pgd) |
1104 | @@ -909,7 +920,11 @@ static inline int pgd_none(pgd_t pgd) |
1105 | * pgd_offset() returns a (pgd_t *) |
1106 | * pgd_index() is used get the offset into the pgd page's array of pgd_t's; |
1107 | */ |
1108 | -#define pgd_offset(mm, address) ((mm)->pgd + pgd_index((address))) |
1109 | +#define pgd_offset_pgd(pgd, address) (pgd + pgd_index((address))) |
1110 | +/* |
1111 | + * a shortcut to get a pgd_t in a given mm |
1112 | + */ |
1113 | +#define pgd_offset(mm, address) pgd_offset_pgd((mm)->pgd, (address)) |
1114 | /* |
1115 | * a shortcut which implies the use of the kernel's pgd, instead |
1116 | * of a process's |
1117 | @@ -1111,7 +1126,14 @@ static inline int pud_write(pud_t pud) |
1118 | */ |
1119 | static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count) |
1120 | { |
1121 | - memcpy(dst, src, count * sizeof(pgd_t)); |
1122 | + memcpy(dst, src, count * sizeof(pgd_t)); |
1123 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1124 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
1125 | + return; |
1126 | + /* Clone the user space pgd as well */ |
1127 | + memcpy(kernel_to_user_pgdp(dst), kernel_to_user_pgdp(src), |
1128 | + count * sizeof(pgd_t)); |
1129 | +#endif |
1130 | } |
1131 | |
1132 | #define PTE_SHIFT ilog2(PTRS_PER_PTE) |
1133 | diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h |
1134 | index e9f05331e732..81462e9a34f6 100644 |
1135 | --- a/arch/x86/include/asm/pgtable_64.h |
1136 | +++ b/arch/x86/include/asm/pgtable_64.h |
1137 | @@ -131,9 +131,97 @@ static inline pud_t native_pudp_get_and_clear(pud_t *xp) |
1138 | #endif |
1139 | } |
1140 | |
1141 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1142 | +/* |
1143 | + * All top-level PAGE_TABLE_ISOLATION page tables are order-1 pages |
1144 | + * (8k-aligned and 8k in size). The kernel one is at the beginning 4k and |
1145 | + * the user one is in the last 4k. To switch between them, you |
1146 | + * just need to flip the 12th bit in their addresses. |
1147 | + */ |
1148 | +#define PTI_PGTABLE_SWITCH_BIT PAGE_SHIFT |
1149 | + |
1150 | +/* |
1151 | + * This generates better code than the inline assembly in |
1152 | + * __set_bit(). |
1153 | + */ |
1154 | +static inline void *ptr_set_bit(void *ptr, int bit) |
1155 | +{ |
1156 | + unsigned long __ptr = (unsigned long)ptr; |
1157 | + |
1158 | + __ptr |= BIT(bit); |
1159 | + return (void *)__ptr; |
1160 | +} |
1161 | +static inline void *ptr_clear_bit(void *ptr, int bit) |
1162 | +{ |
1163 | + unsigned long __ptr = (unsigned long)ptr; |
1164 | + |
1165 | + __ptr &= ~BIT(bit); |
1166 | + return (void *)__ptr; |
1167 | +} |
1168 | + |
1169 | +static inline pgd_t *kernel_to_user_pgdp(pgd_t *pgdp) |
1170 | +{ |
1171 | + return ptr_set_bit(pgdp, PTI_PGTABLE_SWITCH_BIT); |
1172 | +} |
1173 | + |
1174 | +static inline pgd_t *user_to_kernel_pgdp(pgd_t *pgdp) |
1175 | +{ |
1176 | + return ptr_clear_bit(pgdp, PTI_PGTABLE_SWITCH_BIT); |
1177 | +} |
1178 | + |
1179 | +static inline p4d_t *kernel_to_user_p4dp(p4d_t *p4dp) |
1180 | +{ |
1181 | + return ptr_set_bit(p4dp, PTI_PGTABLE_SWITCH_BIT); |
1182 | +} |
1183 | + |
1184 | +static inline p4d_t *user_to_kernel_p4dp(p4d_t *p4dp) |
1185 | +{ |
1186 | + return ptr_clear_bit(p4dp, PTI_PGTABLE_SWITCH_BIT); |
1187 | +} |
1188 | +#endif /* CONFIG_PAGE_TABLE_ISOLATION */ |
1189 | + |
1190 | +/* |
1191 | + * Page table pages are page-aligned. The lower half of the top |
1192 | + * level is used for userspace and the top half for the kernel. |
1193 | + * |
1194 | + * Returns true for parts of the PGD that map userspace and |
1195 | + * false for the parts that map the kernel. |
1196 | + */ |
1197 | +static inline bool pgdp_maps_userspace(void *__ptr) |
1198 | +{ |
1199 | + unsigned long ptr = (unsigned long)__ptr; |
1200 | + |
1201 | + return (ptr & ~PAGE_MASK) < (PAGE_SIZE / 2); |
1202 | +} |
1203 | + |
1204 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1205 | +pgd_t __pti_set_user_pgd(pgd_t *pgdp, pgd_t pgd); |
1206 | + |
1207 | +/* |
1208 | + * Take a PGD location (pgdp) and a pgd value that needs to be set there. |
1209 | + * Populates the user and returns the resulting PGD that must be set in |
1210 | + * the kernel copy of the page tables. |
1211 | + */ |
1212 | +static inline pgd_t pti_set_user_pgd(pgd_t *pgdp, pgd_t pgd) |
1213 | +{ |
1214 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
1215 | + return pgd; |
1216 | + return __pti_set_user_pgd(pgdp, pgd); |
1217 | +} |
1218 | +#else |
1219 | +static inline pgd_t pti_set_user_pgd(pgd_t *pgdp, pgd_t pgd) |
1220 | +{ |
1221 | + return pgd; |
1222 | +} |
1223 | +#endif |
1224 | + |
1225 | static inline void native_set_p4d(p4d_t *p4dp, p4d_t p4d) |
1226 | { |
1227 | +#if defined(CONFIG_PAGE_TABLE_ISOLATION) && !defined(CONFIG_X86_5LEVEL) |
1228 | + p4dp->pgd = pti_set_user_pgd(&p4dp->pgd, p4d.pgd); |
1229 | +#else |
1230 | *p4dp = p4d; |
1231 | +#endif |
1232 | } |
1233 | |
1234 | static inline void native_p4d_clear(p4d_t *p4d) |
1235 | @@ -147,7 +235,11 @@ static inline void native_p4d_clear(p4d_t *p4d) |
1236 | |
1237 | static inline void native_set_pgd(pgd_t *pgdp, pgd_t pgd) |
1238 | { |
1239 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1240 | + *pgdp = pti_set_user_pgd(pgdp, pgd); |
1241 | +#else |
1242 | *pgdp = pgd; |
1243 | +#endif |
1244 | } |
1245 | |
1246 | static inline void native_pgd_clear(pgd_t *pgd) |
1247 | diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h |
1248 | index 3d27831bc58d..b97a539bcdee 100644 |
1249 | --- a/arch/x86/include/asm/pgtable_64_types.h |
1250 | +++ b/arch/x86/include/asm/pgtable_64_types.h |
1251 | @@ -79,13 +79,17 @@ typedef struct { pteval_t pte; } pte_t; |
1252 | #define MAXMEM _AC(__AC(1, UL) << MAX_PHYSMEM_BITS, UL) |
1253 | |
1254 | #ifdef CONFIG_X86_5LEVEL |
1255 | -# define VMALLOC_SIZE_TB _AC(16384, UL) |
1256 | -# define __VMALLOC_BASE _AC(0xff92000000000000, UL) |
1257 | +# define VMALLOC_SIZE_TB _AC(12800, UL) |
1258 | +# define __VMALLOC_BASE _AC(0xffa0000000000000, UL) |
1259 | # define __VMEMMAP_BASE _AC(0xffd4000000000000, UL) |
1260 | +# define LDT_PGD_ENTRY _AC(-112, UL) |
1261 | +# define LDT_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT) |
1262 | #else |
1263 | # define VMALLOC_SIZE_TB _AC(32, UL) |
1264 | # define __VMALLOC_BASE _AC(0xffffc90000000000, UL) |
1265 | # define __VMEMMAP_BASE _AC(0xffffea0000000000, UL) |
1266 | +# define LDT_PGD_ENTRY _AC(-4, UL) |
1267 | +# define LDT_BASE_ADDR (LDT_PGD_ENTRY << PGDIR_SHIFT) |
1268 | #endif |
1269 | |
1270 | #ifdef CONFIG_RANDOMIZE_MEMORY |
1271 | diff --git a/arch/x86/include/asm/processor-flags.h b/arch/x86/include/asm/processor-flags.h |
1272 | index 43212a43ee69..6a60fea90b9d 100644 |
1273 | --- a/arch/x86/include/asm/processor-flags.h |
1274 | +++ b/arch/x86/include/asm/processor-flags.h |
1275 | @@ -38,6 +38,11 @@ |
1276 | #define CR3_ADDR_MASK __sme_clr(0x7FFFFFFFFFFFF000ull) |
1277 | #define CR3_PCID_MASK 0xFFFull |
1278 | #define CR3_NOFLUSH BIT_ULL(63) |
1279 | + |
1280 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1281 | +# define X86_CR3_PTI_SWITCH_BIT 11 |
1282 | +#endif |
1283 | + |
1284 | #else |
1285 | /* |
1286 | * CR3_ADDR_MASK needs at least bits 31:5 set on PAE systems, and we save |
1287 | diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h |
1288 | index 9e482d8b0b97..9c18da64daa9 100644 |
1289 | --- a/arch/x86/include/asm/processor.h |
1290 | +++ b/arch/x86/include/asm/processor.h |
1291 | @@ -851,13 +851,22 @@ static inline void spin_lock_prefetch(const void *x) |
1292 | |
1293 | #else |
1294 | /* |
1295 | - * User space process size. 47bits minus one guard page. The guard |
1296 | - * page is necessary on Intel CPUs: if a SYSCALL instruction is at |
1297 | - * the highest possible canonical userspace address, then that |
1298 | - * syscall will enter the kernel with a non-canonical return |
1299 | - * address, and SYSRET will explode dangerously. We avoid this |
1300 | - * particular problem by preventing anything from being mapped |
1301 | - * at the maximum canonical address. |
1302 | + * User space process size. This is the first address outside the user range. |
1303 | + * There are a few constraints that determine this: |
1304 | + * |
1305 | + * On Intel CPUs, if a SYSCALL instruction is at the highest canonical |
1306 | + * address, then that syscall will enter the kernel with a |
1307 | + * non-canonical return address, and SYSRET will explode dangerously. |
1308 | + * We avoid this particular problem by preventing anything executable |
1309 | + * from being mapped at the maximum canonical address. |
1310 | + * |
1311 | + * On AMD CPUs in the Ryzen family, there's a nasty bug in which the |
1312 | + * CPUs malfunction if they execute code from the highest canonical page. |
1313 | + * They'll speculate right off the end of the canonical space, and |
1314 | + * bad things happen. This is worked around in the same way as the |
1315 | + * Intel problem. |
1316 | + * |
1317 | + * With page table isolation enabled, we map the LDT in ... [stay tuned] |
1318 | */ |
1319 | #define TASK_SIZE_MAX ((1UL << __VIRTUAL_MASK_SHIFT) - PAGE_SIZE) |
1320 | |
1321 | diff --git a/arch/x86/include/asm/pti.h b/arch/x86/include/asm/pti.h |
1322 | new file mode 100644 |
1323 | index 000000000000..0b5ef05b2d2d |
1324 | --- /dev/null |
1325 | +++ b/arch/x86/include/asm/pti.h |
1326 | @@ -0,0 +1,14 @@ |
1327 | +// SPDX-License-Identifier: GPL-2.0 |
1328 | +#ifndef _ASM_X86_PTI_H |
1329 | +#define _ASM_X86_PTI_H |
1330 | +#ifndef __ASSEMBLY__ |
1331 | + |
1332 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1333 | +extern void pti_init(void); |
1334 | +extern void pti_check_boottime_disable(void); |
1335 | +#else |
1336 | +static inline void pti_check_boottime_disable(void) { } |
1337 | +#endif |
1338 | + |
1339 | +#endif /* __ASSEMBLY__ */ |
1340 | +#endif /* _ASM_X86_PTI_H */ |
1341 | diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h |
1342 | index 171b429f43a2..f9b48ce152eb 100644 |
1343 | --- a/arch/x86/include/asm/tlbflush.h |
1344 | +++ b/arch/x86/include/asm/tlbflush.h |
1345 | @@ -10,38 +10,90 @@ |
1346 | #include <asm/special_insns.h> |
1347 | #include <asm/smp.h> |
1348 | #include <asm/invpcid.h> |
1349 | +#include <asm/pti.h> |
1350 | +#include <asm/processor-flags.h> |
1351 | |
1352 | -static inline u64 inc_mm_tlb_gen(struct mm_struct *mm) |
1353 | -{ |
1354 | - /* |
1355 | - * Bump the generation count. This also serves as a full barrier |
1356 | - * that synchronizes with switch_mm(): callers are required to order |
1357 | - * their read of mm_cpumask after their writes to the paging |
1358 | - * structures. |
1359 | - */ |
1360 | - return atomic64_inc_return(&mm->context.tlb_gen); |
1361 | -} |
1362 | +/* |
1363 | + * The x86 feature is called PCID (Process Context IDentifier). It is similar |
1364 | + * to what is traditionally called ASID on the RISC processors. |
1365 | + * |
1366 | + * We don't use the traditional ASID implementation, where each process/mm gets |
1367 | + * its own ASID and flush/restart when we run out of ASID space. |
1368 | + * |
1369 | + * Instead we have a small per-cpu array of ASIDs and cache the last few mm's |
1370 | + * that came by on this CPU, allowing cheaper switch_mm between processes on |
1371 | + * this CPU. |
1372 | + * |
1373 | + * We end up with different spaces for different things. To avoid confusion we |
1374 | + * use different names for each of them: |
1375 | + * |
1376 | + * ASID - [0, TLB_NR_DYN_ASIDS-1] |
1377 | + * the canonical identifier for an mm |
1378 | + * |
1379 | + * kPCID - [1, TLB_NR_DYN_ASIDS] |
1380 | + * the value we write into the PCID part of CR3; corresponds to the |
1381 | + * ASID+1, because PCID 0 is special. |
1382 | + * |
1383 | + * uPCID - [2048 + 1, 2048 + TLB_NR_DYN_ASIDS] |
1384 | + * for KPTI each mm has two address spaces and thus needs two |
1385 | + * PCID values, but we can still do with a single ASID denomination |
1386 | + * for each mm. Corresponds to kPCID + 2048. |
1387 | + * |
1388 | + */ |
1389 | |
1390 | /* There are 12 bits of space for ASIDS in CR3 */ |
1391 | #define CR3_HW_ASID_BITS 12 |
1392 | + |
1393 | /* |
1394 | * When enabled, PAGE_TABLE_ISOLATION consumes a single bit for |
1395 | * user/kernel switches |
1396 | */ |
1397 | -#define PTI_CONSUMED_ASID_BITS 0 |
1398 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1399 | +# define PTI_CONSUMED_PCID_BITS 1 |
1400 | +#else |
1401 | +# define PTI_CONSUMED_PCID_BITS 0 |
1402 | +#endif |
1403 | + |
1404 | +#define CR3_AVAIL_PCID_BITS (X86_CR3_PCID_BITS - PTI_CONSUMED_PCID_BITS) |
1405 | |
1406 | -#define CR3_AVAIL_ASID_BITS (CR3_HW_ASID_BITS - PTI_CONSUMED_ASID_BITS) |
1407 | /* |
1408 | * ASIDs are zero-based: 0->MAX_AVAIL_ASID are valid. -1 below to account |
1409 | - * for them being zero-based. Another -1 is because ASID 0 is reserved for |
1410 | + * for them being zero-based. Another -1 is because PCID 0 is reserved for |
1411 | * use by non-PCID-aware users. |
1412 | */ |
1413 | -#define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_ASID_BITS) - 2) |
1414 | +#define MAX_ASID_AVAILABLE ((1 << CR3_AVAIL_PCID_BITS) - 2) |
1415 | + |
1416 | +/* |
1417 | + * 6 because 6 should be plenty and struct tlb_state will fit in two cache |
1418 | + * lines. |
1419 | + */ |
1420 | +#define TLB_NR_DYN_ASIDS 6 |
1421 | |
1422 | +/* |
1423 | + * Given @asid, compute kPCID |
1424 | + */ |
1425 | static inline u16 kern_pcid(u16 asid) |
1426 | { |
1427 | VM_WARN_ON_ONCE(asid > MAX_ASID_AVAILABLE); |
1428 | + |
1429 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1430 | + /* |
1431 | + * Make sure that the dynamic ASID space does not confict with the |
1432 | + * bit we are using to switch between user and kernel ASIDs. |
1433 | + */ |
1434 | + BUILD_BUG_ON(TLB_NR_DYN_ASIDS >= (1 << X86_CR3_PTI_SWITCH_BIT)); |
1435 | + |
1436 | /* |
1437 | + * The ASID being passed in here should have respected the |
1438 | + * MAX_ASID_AVAILABLE and thus never have the switch bit set. |
1439 | + */ |
1440 | + VM_WARN_ON_ONCE(asid & (1 << X86_CR3_PTI_SWITCH_BIT)); |
1441 | +#endif |
1442 | + /* |
1443 | + * The dynamically-assigned ASIDs that get passed in are small |
1444 | + * (<TLB_NR_DYN_ASIDS). They never have the high switch bit set, |
1445 | + * so do not bother to clear it. |
1446 | + * |
1447 | * If PCID is on, ASID-aware code paths put the ASID+1 into the |
1448 | * PCID bits. This serves two purposes. It prevents a nasty |
1449 | * situation in which PCID-unaware code saves CR3, loads some other |
1450 | @@ -53,6 +105,18 @@ static inline u16 kern_pcid(u16 asid) |
1451 | return asid + 1; |
1452 | } |
1453 | |
1454 | +/* |
1455 | + * Given @asid, compute uPCID |
1456 | + */ |
1457 | +static inline u16 user_pcid(u16 asid) |
1458 | +{ |
1459 | + u16 ret = kern_pcid(asid); |
1460 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1461 | + ret |= 1 << X86_CR3_PTI_SWITCH_BIT; |
1462 | +#endif |
1463 | + return ret; |
1464 | +} |
1465 | + |
1466 | struct pgd_t; |
1467 | static inline unsigned long build_cr3(pgd_t *pgd, u16 asid) |
1468 | { |
1469 | @@ -95,12 +159,6 @@ static inline bool tlb_defer_switch_to_init_mm(void) |
1470 | return !static_cpu_has(X86_FEATURE_PCID); |
1471 | } |
1472 | |
1473 | -/* |
1474 | - * 6 because 6 should be plenty and struct tlb_state will fit in |
1475 | - * two cache lines. |
1476 | - */ |
1477 | -#define TLB_NR_DYN_ASIDS 6 |
1478 | - |
1479 | struct tlb_context { |
1480 | u64 ctx_id; |
1481 | u64 tlb_gen; |
1482 | @@ -134,6 +192,24 @@ struct tlb_state { |
1483 | */ |
1484 | bool is_lazy; |
1485 | |
1486 | + /* |
1487 | + * If set we changed the page tables in such a way that we |
1488 | + * needed an invalidation of all contexts (aka. PCIDs / ASIDs). |
1489 | + * This tells us to go invalidate all the non-loaded ctxs[] |
1490 | + * on the next context switch. |
1491 | + * |
1492 | + * The current ctx was kept up-to-date as it ran and does not |
1493 | + * need to be invalidated. |
1494 | + */ |
1495 | + bool invalidate_other; |
1496 | + |
1497 | + /* |
1498 | + * Mask that contains TLB_NR_DYN_ASIDS+1 bits to indicate |
1499 | + * the corresponding user PCID needs a flush next time we |
1500 | + * switch to it; see SWITCH_TO_USER_CR3. |
1501 | + */ |
1502 | + unsigned short user_pcid_flush_mask; |
1503 | + |
1504 | /* |
1505 | * Access to this CR4 shadow and to H/W CR4 is protected by |
1506 | * disabling interrupts when modifying either one. |
1507 | @@ -211,6 +287,14 @@ static inline unsigned long cr4_read_shadow(void) |
1508 | return this_cpu_read(cpu_tlbstate.cr4); |
1509 | } |
1510 | |
1511 | +/* |
1512 | + * Mark all other ASIDs as invalid, preserves the current. |
1513 | + */ |
1514 | +static inline void invalidate_other_asid(void) |
1515 | +{ |
1516 | + this_cpu_write(cpu_tlbstate.invalidate_other, true); |
1517 | +} |
1518 | + |
1519 | /* |
1520 | * Save some of cr4 feature set we're using (e.g. Pentium 4MB |
1521 | * enable and PPro Global page enable), so that any CPU's that boot |
1522 | @@ -230,19 +314,48 @@ static inline void cr4_set_bits_and_update_boot(unsigned long mask) |
1523 | |
1524 | extern void initialize_tlbstate_and_flush(void); |
1525 | |
1526 | +/* |
1527 | + * Given an ASID, flush the corresponding user ASID. We can delay this |
1528 | + * until the next time we switch to it. |
1529 | + * |
1530 | + * See SWITCH_TO_USER_CR3. |
1531 | + */ |
1532 | +static inline void invalidate_user_asid(u16 asid) |
1533 | +{ |
1534 | + /* There is no user ASID if address space separation is off */ |
1535 | + if (!IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION)) |
1536 | + return; |
1537 | + |
1538 | + /* |
1539 | + * We only have a single ASID if PCID is off and the CR3 |
1540 | + * write will have flushed it. |
1541 | + */ |
1542 | + if (!cpu_feature_enabled(X86_FEATURE_PCID)) |
1543 | + return; |
1544 | + |
1545 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
1546 | + return; |
1547 | + |
1548 | + __set_bit(kern_pcid(asid), |
1549 | + (unsigned long *)this_cpu_ptr(&cpu_tlbstate.user_pcid_flush_mask)); |
1550 | +} |
1551 | + |
1552 | /* |
1553 | * flush the entire current user mapping |
1554 | */ |
1555 | static inline void __native_flush_tlb(void) |
1556 | { |
1557 | /* |
1558 | - * If current->mm == NULL then we borrow a mm which may change during a |
1559 | - * task switch and therefore we must not be preempted while we write CR3 |
1560 | - * back: |
1561 | + * Preemption or interrupts must be disabled to protect the access |
1562 | + * to the per CPU variable and to prevent being preempted between |
1563 | + * read_cr3() and write_cr3(). |
1564 | */ |
1565 | - preempt_disable(); |
1566 | + WARN_ON_ONCE(preemptible()); |
1567 | + |
1568 | + invalidate_user_asid(this_cpu_read(cpu_tlbstate.loaded_mm_asid)); |
1569 | + |
1570 | + /* If current->mm == NULL then the read_cr3() "borrows" an mm */ |
1571 | native_write_cr3(__native_read_cr3()); |
1572 | - preempt_enable(); |
1573 | } |
1574 | |
1575 | /* |
1576 | @@ -256,6 +369,8 @@ static inline void __native_flush_tlb_global(void) |
1577 | /* |
1578 | * Using INVPCID is considerably faster than a pair of writes |
1579 | * to CR4 sandwiched inside an IRQ flag save/restore. |
1580 | + * |
1581 | + * Note, this works with CR4.PCIDE=0 or 1. |
1582 | */ |
1583 | invpcid_flush_all(); |
1584 | return; |
1585 | @@ -282,7 +397,21 @@ static inline void __native_flush_tlb_global(void) |
1586 | */ |
1587 | static inline void __native_flush_tlb_single(unsigned long addr) |
1588 | { |
1589 | + u32 loaded_mm_asid = this_cpu_read(cpu_tlbstate.loaded_mm_asid); |
1590 | + |
1591 | asm volatile("invlpg (%0)" ::"r" (addr) : "memory"); |
1592 | + |
1593 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
1594 | + return; |
1595 | + |
1596 | + /* |
1597 | + * Some platforms #GP if we call invpcid(type=1/2) before CR4.PCIDE=1. |
1598 | + * Just use invalidate_user_asid() in case we are called early. |
1599 | + */ |
1600 | + if (!this_cpu_has(X86_FEATURE_INVPCID_SINGLE)) |
1601 | + invalidate_user_asid(loaded_mm_asid); |
1602 | + else |
1603 | + invpcid_flush_one(user_pcid(loaded_mm_asid), addr); |
1604 | } |
1605 | |
1606 | /* |
1607 | @@ -298,14 +427,6 @@ static inline void __flush_tlb_all(void) |
1608 | */ |
1609 | __flush_tlb(); |
1610 | } |
1611 | - |
1612 | - /* |
1613 | - * Note: if we somehow had PCID but not PGE, then this wouldn't work -- |
1614 | - * we'd end up flushing kernel translations for the current ASID but |
1615 | - * we might fail to flush kernel translations for other cached ASIDs. |
1616 | - * |
1617 | - * To avoid this issue, we force PCID off if PGE is off. |
1618 | - */ |
1619 | } |
1620 | |
1621 | /* |
1622 | @@ -315,6 +436,16 @@ static inline void __flush_tlb_one(unsigned long addr) |
1623 | { |
1624 | count_vm_tlb_event(NR_TLB_LOCAL_FLUSH_ONE); |
1625 | __flush_tlb_single(addr); |
1626 | + |
1627 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
1628 | + return; |
1629 | + |
1630 | + /* |
1631 | + * __flush_tlb_single() will have cleared the TLB entry for this ASID, |
1632 | + * but since kernel space is replicated across all, we must also |
1633 | + * invalidate all others. |
1634 | + */ |
1635 | + invalidate_other_asid(); |
1636 | } |
1637 | |
1638 | #define TLB_FLUSH_ALL -1UL |
1639 | @@ -375,6 +506,17 @@ static inline void flush_tlb_page(struct vm_area_struct *vma, unsigned long a) |
1640 | void native_flush_tlb_others(const struct cpumask *cpumask, |
1641 | const struct flush_tlb_info *info); |
1642 | |
1643 | +static inline u64 inc_mm_tlb_gen(struct mm_struct *mm) |
1644 | +{ |
1645 | + /* |
1646 | + * Bump the generation count. This also serves as a full barrier |
1647 | + * that synchronizes with switch_mm(): callers are required to order |
1648 | + * their read of mm_cpumask after their writes to the paging |
1649 | + * structures. |
1650 | + */ |
1651 | + return atomic64_inc_return(&mm->context.tlb_gen); |
1652 | +} |
1653 | + |
1654 | static inline void arch_tlbbatch_add_mm(struct arch_tlbflush_unmap_batch *batch, |
1655 | struct mm_struct *mm) |
1656 | { |
1657 | diff --git a/arch/x86/include/asm/vsyscall.h b/arch/x86/include/asm/vsyscall.h |
1658 | index d9a7c659009c..b986b2ca688a 100644 |
1659 | --- a/arch/x86/include/asm/vsyscall.h |
1660 | +++ b/arch/x86/include/asm/vsyscall.h |
1661 | @@ -7,6 +7,7 @@ |
1662 | |
1663 | #ifdef CONFIG_X86_VSYSCALL_EMULATION |
1664 | extern void map_vsyscall(void); |
1665 | +extern void set_vsyscall_pgtable_user_bits(pgd_t *root); |
1666 | |
1667 | /* |
1668 | * Called on instruction fetch fault in vsyscall page. |
1669 | diff --git a/arch/x86/include/uapi/asm/processor-flags.h b/arch/x86/include/uapi/asm/processor-flags.h |
1670 | index 53b4ca55ebb6..97abdaab9535 100644 |
1671 | --- a/arch/x86/include/uapi/asm/processor-flags.h |
1672 | +++ b/arch/x86/include/uapi/asm/processor-flags.h |
1673 | @@ -78,7 +78,12 @@ |
1674 | #define X86_CR3_PWT _BITUL(X86_CR3_PWT_BIT) |
1675 | #define X86_CR3_PCD_BIT 4 /* Page Cache Disable */ |
1676 | #define X86_CR3_PCD _BITUL(X86_CR3_PCD_BIT) |
1677 | -#define X86_CR3_PCID_MASK _AC(0x00000fff,UL) /* PCID Mask */ |
1678 | + |
1679 | +#define X86_CR3_PCID_BITS 12 |
1680 | +#define X86_CR3_PCID_MASK (_AC((1UL << X86_CR3_PCID_BITS) - 1, UL)) |
1681 | + |
1682 | +#define X86_CR3_PCID_NOFLUSH_BIT 63 /* Preserve old PCID */ |
1683 | +#define X86_CR3_PCID_NOFLUSH _BITULL(X86_CR3_PCID_NOFLUSH_BIT) |
1684 | |
1685 | /* |
1686 | * Intel CPU features in CR4 |
1687 | diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c |
1688 | index 676b7cf4b62b..76417a9aab73 100644 |
1689 | --- a/arch/x86/kernel/asm-offsets.c |
1690 | +++ b/arch/x86/kernel/asm-offsets.c |
1691 | @@ -17,6 +17,7 @@ |
1692 | #include <asm/sigframe.h> |
1693 | #include <asm/bootparam.h> |
1694 | #include <asm/suspend.h> |
1695 | +#include <asm/tlbflush.h> |
1696 | |
1697 | #ifdef CONFIG_XEN |
1698 | #include <xen/interface/xen.h> |
1699 | @@ -94,6 +95,9 @@ void common(void) { |
1700 | BLANK(); |
1701 | DEFINE(PTREGS_SIZE, sizeof(struct pt_regs)); |
1702 | |
1703 | + /* TLB state for the entry code */ |
1704 | + OFFSET(TLB_STATE_user_pcid_flush_mask, tlb_state, user_pcid_flush_mask); |
1705 | + |
1706 | /* Layout info for cpu_entry_area */ |
1707 | OFFSET(CPU_ENTRY_AREA_tss, cpu_entry_area, tss); |
1708 | OFFSET(CPU_ENTRY_AREA_entry_trampoline, cpu_entry_area, entry_trampoline); |
1709 | diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c |
1710 | index 8ddcfa4d4165..f2a94dfb434e 100644 |
1711 | --- a/arch/x86/kernel/cpu/common.c |
1712 | +++ b/arch/x86/kernel/cpu/common.c |
1713 | @@ -898,6 +898,10 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) |
1714 | } |
1715 | |
1716 | setup_force_cpu_cap(X86_FEATURE_ALWAYS); |
1717 | + |
1718 | + /* Assume for now that ALL x86 CPUs are insecure */ |
1719 | + setup_force_cpu_bug(X86_BUG_CPU_INSECURE); |
1720 | + |
1721 | fpu__init_system(c); |
1722 | |
1723 | #ifdef CONFIG_X86_32 |
1724 | @@ -1335,7 +1339,10 @@ void syscall_init(void) |
1725 | (entry_SYSCALL_64_trampoline - _entry_trampoline); |
1726 | |
1727 | wrmsr(MSR_STAR, 0, (__USER32_CS << 16) | __KERNEL_CS); |
1728 | - wrmsrl(MSR_LSTAR, SYSCALL64_entry_trampoline); |
1729 | + if (static_cpu_has(X86_FEATURE_PTI)) |
1730 | + wrmsrl(MSR_LSTAR, SYSCALL64_entry_trampoline); |
1731 | + else |
1732 | + wrmsrl(MSR_LSTAR, (unsigned long)entry_SYSCALL_64); |
1733 | |
1734 | #ifdef CONFIG_IA32_EMULATION |
1735 | wrmsrl(MSR_CSTAR, (unsigned long)entry_SYSCALL_compat); |
1736 | diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c |
1737 | index 36b17e0febe8..5fa110699ed2 100644 |
1738 | --- a/arch/x86/kernel/dumpstack.c |
1739 | +++ b/arch/x86/kernel/dumpstack.c |
1740 | @@ -297,11 +297,13 @@ int __die(const char *str, struct pt_regs *regs, long err) |
1741 | unsigned long sp; |
1742 | #endif |
1743 | printk(KERN_DEFAULT |
1744 | - "%s: %04lx [#%d]%s%s%s%s\n", str, err & 0xffff, ++die_counter, |
1745 | + "%s: %04lx [#%d]%s%s%s%s%s\n", str, err & 0xffff, ++die_counter, |
1746 | IS_ENABLED(CONFIG_PREEMPT) ? " PREEMPT" : "", |
1747 | IS_ENABLED(CONFIG_SMP) ? " SMP" : "", |
1748 | debug_pagealloc_enabled() ? " DEBUG_PAGEALLOC" : "", |
1749 | - IS_ENABLED(CONFIG_KASAN) ? " KASAN" : ""); |
1750 | + IS_ENABLED(CONFIG_KASAN) ? " KASAN" : "", |
1751 | + IS_ENABLED(CONFIG_PAGE_TABLE_ISOLATION) ? |
1752 | + (boot_cpu_has(X86_FEATURE_PTI) ? " PTI" : " NOPTI") : ""); |
1753 | |
1754 | if (notify_die(DIE_OOPS, str, regs, err, |
1755 | current->thread.trap_nr, SIGSEGV) == NOTIFY_STOP) |
1756 | diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S |
1757 | index 7dca675fe78d..04a625f0fcda 100644 |
1758 | --- a/arch/x86/kernel/head_64.S |
1759 | +++ b/arch/x86/kernel/head_64.S |
1760 | @@ -341,6 +341,27 @@ GLOBAL(early_recursion_flag) |
1761 | .balign PAGE_SIZE; \ |
1762 | GLOBAL(name) |
1763 | |
1764 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1765 | +/* |
1766 | + * Each PGD needs to be 8k long and 8k aligned. We do not |
1767 | + * ever go out to userspace with these, so we do not |
1768 | + * strictly *need* the second page, but this allows us to |
1769 | + * have a single set_pgd() implementation that does not |
1770 | + * need to worry about whether it has 4k or 8k to work |
1771 | + * with. |
1772 | + * |
1773 | + * This ensures PGDs are 8k long: |
1774 | + */ |
1775 | +#define PTI_USER_PGD_FILL 512 |
1776 | +/* This ensures they are 8k-aligned: */ |
1777 | +#define NEXT_PGD_PAGE(name) \ |
1778 | + .balign 2 * PAGE_SIZE; \ |
1779 | +GLOBAL(name) |
1780 | +#else |
1781 | +#define NEXT_PGD_PAGE(name) NEXT_PAGE(name) |
1782 | +#define PTI_USER_PGD_FILL 0 |
1783 | +#endif |
1784 | + |
1785 | /* Automate the creation of 1 to 1 mapping pmd entries */ |
1786 | #define PMDS(START, PERM, COUNT) \ |
1787 | i = 0 ; \ |
1788 | @@ -350,13 +371,14 @@ GLOBAL(name) |
1789 | .endr |
1790 | |
1791 | __INITDATA |
1792 | -NEXT_PAGE(early_top_pgt) |
1793 | +NEXT_PGD_PAGE(early_top_pgt) |
1794 | .fill 511,8,0 |
1795 | #ifdef CONFIG_X86_5LEVEL |
1796 | .quad level4_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE_NOENC |
1797 | #else |
1798 | .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE_NOENC |
1799 | #endif |
1800 | + .fill PTI_USER_PGD_FILL,8,0 |
1801 | |
1802 | NEXT_PAGE(early_dynamic_pgts) |
1803 | .fill 512*EARLY_DYNAMIC_PAGE_TABLES,8,0 |
1804 | @@ -364,13 +386,14 @@ NEXT_PAGE(early_dynamic_pgts) |
1805 | .data |
1806 | |
1807 | #if defined(CONFIG_XEN_PV) || defined(CONFIG_XEN_PVH) |
1808 | -NEXT_PAGE(init_top_pgt) |
1809 | +NEXT_PGD_PAGE(init_top_pgt) |
1810 | .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE_NOENC |
1811 | .org init_top_pgt + PGD_PAGE_OFFSET*8, 0 |
1812 | .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE_NOENC |
1813 | .org init_top_pgt + PGD_START_KERNEL*8, 0 |
1814 | /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */ |
1815 | .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE_NOENC |
1816 | + .fill PTI_USER_PGD_FILL,8,0 |
1817 | |
1818 | NEXT_PAGE(level3_ident_pgt) |
1819 | .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE_NOENC |
1820 | @@ -381,8 +404,9 @@ NEXT_PAGE(level2_ident_pgt) |
1821 | */ |
1822 | PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD) |
1823 | #else |
1824 | -NEXT_PAGE(init_top_pgt) |
1825 | +NEXT_PGD_PAGE(init_top_pgt) |
1826 | .fill 512,8,0 |
1827 | + .fill PTI_USER_PGD_FILL,8,0 |
1828 | #endif |
1829 | |
1830 | #ifdef CONFIG_X86_5LEVEL |
1831 | diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c |
1832 | index a6b5d62f45a7..26d713ecad34 100644 |
1833 | --- a/arch/x86/kernel/ldt.c |
1834 | +++ b/arch/x86/kernel/ldt.c |
1835 | @@ -24,6 +24,7 @@ |
1836 | #include <linux/uaccess.h> |
1837 | |
1838 | #include <asm/ldt.h> |
1839 | +#include <asm/tlb.h> |
1840 | #include <asm/desc.h> |
1841 | #include <asm/mmu_context.h> |
1842 | #include <asm/syscalls.h> |
1843 | @@ -51,13 +52,11 @@ static void refresh_ldt_segments(void) |
1844 | static void flush_ldt(void *__mm) |
1845 | { |
1846 | struct mm_struct *mm = __mm; |
1847 | - mm_context_t *pc; |
1848 | |
1849 | if (this_cpu_read(cpu_tlbstate.loaded_mm) != mm) |
1850 | return; |
1851 | |
1852 | - pc = &mm->context; |
1853 | - set_ldt(pc->ldt->entries, pc->ldt->nr_entries); |
1854 | + load_mm_ldt(mm); |
1855 | |
1856 | refresh_ldt_segments(); |
1857 | } |
1858 | @@ -94,10 +93,126 @@ static struct ldt_struct *alloc_ldt_struct(unsigned int num_entries) |
1859 | return NULL; |
1860 | } |
1861 | |
1862 | + /* The new LDT isn't aliased for PTI yet. */ |
1863 | + new_ldt->slot = -1; |
1864 | + |
1865 | new_ldt->nr_entries = num_entries; |
1866 | return new_ldt; |
1867 | } |
1868 | |
1869 | +/* |
1870 | + * If PTI is enabled, this maps the LDT into the kernelmode and |
1871 | + * usermode tables for the given mm. |
1872 | + * |
1873 | + * There is no corresponding unmap function. Even if the LDT is freed, we |
1874 | + * leave the PTEs around until the slot is reused or the mm is destroyed. |
1875 | + * This is harmless: the LDT is always in ordinary memory, and no one will |
1876 | + * access the freed slot. |
1877 | + * |
1878 | + * If we wanted to unmap freed LDTs, we'd also need to do a flush to make |
1879 | + * it useful, and the flush would slow down modify_ldt(). |
1880 | + */ |
1881 | +static int |
1882 | +map_ldt_struct(struct mm_struct *mm, struct ldt_struct *ldt, int slot) |
1883 | +{ |
1884 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1885 | + bool is_vmalloc, had_top_level_entry; |
1886 | + unsigned long va; |
1887 | + spinlock_t *ptl; |
1888 | + pgd_t *pgd; |
1889 | + int i; |
1890 | + |
1891 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
1892 | + return 0; |
1893 | + |
1894 | + /* |
1895 | + * Any given ldt_struct should have map_ldt_struct() called at most |
1896 | + * once. |
1897 | + */ |
1898 | + WARN_ON(ldt->slot != -1); |
1899 | + |
1900 | + /* |
1901 | + * Did we already have the top level entry allocated? We can't |
1902 | + * use pgd_none() for this because it doens't do anything on |
1903 | + * 4-level page table kernels. |
1904 | + */ |
1905 | + pgd = pgd_offset(mm, LDT_BASE_ADDR); |
1906 | + had_top_level_entry = (pgd->pgd != 0); |
1907 | + |
1908 | + is_vmalloc = is_vmalloc_addr(ldt->entries); |
1909 | + |
1910 | + for (i = 0; i * PAGE_SIZE < ldt->nr_entries * LDT_ENTRY_SIZE; i++) { |
1911 | + unsigned long offset = i << PAGE_SHIFT; |
1912 | + const void *src = (char *)ldt->entries + offset; |
1913 | + unsigned long pfn; |
1914 | + pte_t pte, *ptep; |
1915 | + |
1916 | + va = (unsigned long)ldt_slot_va(slot) + offset; |
1917 | + pfn = is_vmalloc ? vmalloc_to_pfn(src) : |
1918 | + page_to_pfn(virt_to_page(src)); |
1919 | + /* |
1920 | + * Treat the PTI LDT range as a *userspace* range. |
1921 | + * get_locked_pte() will allocate all needed pagetables |
1922 | + * and account for them in this mm. |
1923 | + */ |
1924 | + ptep = get_locked_pte(mm, va, &ptl); |
1925 | + if (!ptep) |
1926 | + return -ENOMEM; |
1927 | + /* |
1928 | + * Map it RO so the easy to find address is not a primary |
1929 | + * target via some kernel interface which misses a |
1930 | + * permission check. |
1931 | + */ |
1932 | + pte = pfn_pte(pfn, __pgprot(__PAGE_KERNEL_RO & ~_PAGE_GLOBAL)); |
1933 | + set_pte_at(mm, va, ptep, pte); |
1934 | + pte_unmap_unlock(ptep, ptl); |
1935 | + } |
1936 | + |
1937 | + if (mm->context.ldt) { |
1938 | + /* |
1939 | + * We already had an LDT. The top-level entry should already |
1940 | + * have been allocated and synchronized with the usermode |
1941 | + * tables. |
1942 | + */ |
1943 | + WARN_ON(!had_top_level_entry); |
1944 | + if (static_cpu_has(X86_FEATURE_PTI)) |
1945 | + WARN_ON(!kernel_to_user_pgdp(pgd)->pgd); |
1946 | + } else { |
1947 | + /* |
1948 | + * This is the first time we're mapping an LDT for this process. |
1949 | + * Sync the pgd to the usermode tables. |
1950 | + */ |
1951 | + WARN_ON(had_top_level_entry); |
1952 | + if (static_cpu_has(X86_FEATURE_PTI)) { |
1953 | + WARN_ON(kernel_to_user_pgdp(pgd)->pgd); |
1954 | + set_pgd(kernel_to_user_pgdp(pgd), *pgd); |
1955 | + } |
1956 | + } |
1957 | + |
1958 | + va = (unsigned long)ldt_slot_va(slot); |
1959 | + flush_tlb_mm_range(mm, va, va + LDT_SLOT_STRIDE, 0); |
1960 | + |
1961 | + ldt->slot = slot; |
1962 | +#endif |
1963 | + return 0; |
1964 | +} |
1965 | + |
1966 | +static void free_ldt_pgtables(struct mm_struct *mm) |
1967 | +{ |
1968 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
1969 | + struct mmu_gather tlb; |
1970 | + unsigned long start = LDT_BASE_ADDR; |
1971 | + unsigned long end = start + (1UL << PGDIR_SHIFT); |
1972 | + |
1973 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
1974 | + return; |
1975 | + |
1976 | + tlb_gather_mmu(&tlb, mm, start, end); |
1977 | + free_pgd_range(&tlb, start, end, start, end); |
1978 | + tlb_finish_mmu(&tlb, start, end); |
1979 | +#endif |
1980 | +} |
1981 | + |
1982 | /* After calling this, the LDT is immutable. */ |
1983 | static void finalize_ldt_struct(struct ldt_struct *ldt) |
1984 | { |
1985 | @@ -156,6 +271,12 @@ int ldt_dup_context(struct mm_struct *old_mm, struct mm_struct *mm) |
1986 | new_ldt->nr_entries * LDT_ENTRY_SIZE); |
1987 | finalize_ldt_struct(new_ldt); |
1988 | |
1989 | + retval = map_ldt_struct(mm, new_ldt, 0); |
1990 | + if (retval) { |
1991 | + free_ldt_pgtables(mm); |
1992 | + free_ldt_struct(new_ldt); |
1993 | + goto out_unlock; |
1994 | + } |
1995 | mm->context.ldt = new_ldt; |
1996 | |
1997 | out_unlock: |
1998 | @@ -174,6 +295,11 @@ void destroy_context_ldt(struct mm_struct *mm) |
1999 | mm->context.ldt = NULL; |
2000 | } |
2001 | |
2002 | +void ldt_arch_exit_mmap(struct mm_struct *mm) |
2003 | +{ |
2004 | + free_ldt_pgtables(mm); |
2005 | +} |
2006 | + |
2007 | static int read_ldt(void __user *ptr, unsigned long bytecount) |
2008 | { |
2009 | struct mm_struct *mm = current->mm; |
2010 | @@ -287,6 +413,25 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) |
2011 | new_ldt->entries[ldt_info.entry_number] = ldt; |
2012 | finalize_ldt_struct(new_ldt); |
2013 | |
2014 | + /* |
2015 | + * If we are using PTI, map the new LDT into the userspace pagetables. |
2016 | + * If there is already an LDT, use the other slot so that other CPUs |
2017 | + * will continue to use the old LDT until install_ldt() switches |
2018 | + * them over to the new LDT. |
2019 | + */ |
2020 | + error = map_ldt_struct(mm, new_ldt, old_ldt ? !old_ldt->slot : 0); |
2021 | + if (error) { |
2022 | + /* |
2023 | + * This only can fail for the first LDT setup. If an LDT is |
2024 | + * already installed then the PTE page is already |
2025 | + * populated. Mop up a half populated page table. |
2026 | + */ |
2027 | + if (!WARN_ON_ONCE(old_ldt)) |
2028 | + free_ldt_pgtables(mm); |
2029 | + free_ldt_struct(new_ldt); |
2030 | + goto out_unlock; |
2031 | + } |
2032 | + |
2033 | install_ldt(mm, new_ldt); |
2034 | free_ldt_struct(old_ldt); |
2035 | error = 0; |
2036 | diff --git a/arch/x86/kernel/machine_kexec_32.c b/arch/x86/kernel/machine_kexec_32.c |
2037 | index 00bc751c861c..edfede768688 100644 |
2038 | --- a/arch/x86/kernel/machine_kexec_32.c |
2039 | +++ b/arch/x86/kernel/machine_kexec_32.c |
2040 | @@ -48,8 +48,6 @@ static void load_segments(void) |
2041 | "\tmovl $"STR(__KERNEL_DS)",%%eax\n" |
2042 | "\tmovl %%eax,%%ds\n" |
2043 | "\tmovl %%eax,%%es\n" |
2044 | - "\tmovl %%eax,%%fs\n" |
2045 | - "\tmovl %%eax,%%gs\n" |
2046 | "\tmovl %%eax,%%ss\n" |
2047 | : : : "eax", "memory"); |
2048 | #undef STR |
2049 | @@ -232,8 +230,8 @@ void machine_kexec(struct kimage *image) |
2050 | * The gdt & idt are now invalid. |
2051 | * If you want to load them you must set up your own idt & gdt. |
2052 | */ |
2053 | - set_gdt(phys_to_virt(0), 0); |
2054 | idt_invalidate(phys_to_virt(0)); |
2055 | + set_gdt(phys_to_virt(0), 0); |
2056 | |
2057 | /* now call it */ |
2058 | image->start = relocate_kernel_ptr((unsigned long)image->head, |
2059 | diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c |
2060 | index 12bf07d44dfe..2651ca2112c4 100644 |
2061 | --- a/arch/x86/kernel/smpboot.c |
2062 | +++ b/arch/x86/kernel/smpboot.c |
2063 | @@ -128,25 +128,16 @@ static inline void smpboot_setup_warm_reset_vector(unsigned long start_eip) |
2064 | spin_lock_irqsave(&rtc_lock, flags); |
2065 | CMOS_WRITE(0xa, 0xf); |
2066 | spin_unlock_irqrestore(&rtc_lock, flags); |
2067 | - local_flush_tlb(); |
2068 | - pr_debug("1.\n"); |
2069 | *((volatile unsigned short *)phys_to_virt(TRAMPOLINE_PHYS_HIGH)) = |
2070 | start_eip >> 4; |
2071 | - pr_debug("2.\n"); |
2072 | *((volatile unsigned short *)phys_to_virt(TRAMPOLINE_PHYS_LOW)) = |
2073 | start_eip & 0xf; |
2074 | - pr_debug("3.\n"); |
2075 | } |
2076 | |
2077 | static inline void smpboot_restore_warm_reset_vector(void) |
2078 | { |
2079 | unsigned long flags; |
2080 | |
2081 | - /* |
2082 | - * Install writable page 0 entry to set BIOS data area. |
2083 | - */ |
2084 | - local_flush_tlb(); |
2085 | - |
2086 | /* |
2087 | * Paranoid: Set warm reset code and vector here back |
2088 | * to default values. |
2089 | diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c |
2090 | index 9a9c9b076955..a5b802a12212 100644 |
2091 | --- a/arch/x86/kernel/tls.c |
2092 | +++ b/arch/x86/kernel/tls.c |
2093 | @@ -93,17 +93,10 @@ static void set_tls_desc(struct task_struct *p, int idx, |
2094 | cpu = get_cpu(); |
2095 | |
2096 | while (n-- > 0) { |
2097 | - if (LDT_empty(info) || LDT_zero(info)) { |
2098 | + if (LDT_empty(info) || LDT_zero(info)) |
2099 | memset(desc, 0, sizeof(*desc)); |
2100 | - } else { |
2101 | + else |
2102 | fill_ldt(desc, info); |
2103 | - |
2104 | - /* |
2105 | - * Always set the accessed bit so that the CPU |
2106 | - * doesn't try to write to the (read-only) GDT. |
2107 | - */ |
2108 | - desc->type |= 1; |
2109 | - } |
2110 | ++info; |
2111 | ++desc; |
2112 | } |
2113 | diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c |
2114 | index 7c16fe0b60c2..b33e860d32fe 100644 |
2115 | --- a/arch/x86/kernel/traps.c |
2116 | +++ b/arch/x86/kernel/traps.c |
2117 | @@ -361,7 +361,7 @@ dotraplinkage void do_double_fault(struct pt_regs *regs, long error_code) |
2118 | * |
2119 | * No need for ist_enter here because we don't use RCU. |
2120 | */ |
2121 | - if (((long)regs->sp >> PGDIR_SHIFT) == ESPFIX_PGD_ENTRY && |
2122 | + if (((long)regs->sp >> P4D_SHIFT) == ESPFIX_PGD_ENTRY && |
2123 | regs->cs == __KERNEL_CS && |
2124 | regs->ip == (unsigned long)native_irq_return_iret) |
2125 | { |
2126 | diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S |
2127 | index d2a8b5a24a44..1e413a9326aa 100644 |
2128 | --- a/arch/x86/kernel/vmlinux.lds.S |
2129 | +++ b/arch/x86/kernel/vmlinux.lds.S |
2130 | @@ -61,11 +61,17 @@ jiffies_64 = jiffies; |
2131 | . = ALIGN(HPAGE_SIZE); \ |
2132 | __end_rodata_hpage_align = .; |
2133 | |
2134 | +#define ALIGN_ENTRY_TEXT_BEGIN . = ALIGN(PMD_SIZE); |
2135 | +#define ALIGN_ENTRY_TEXT_END . = ALIGN(PMD_SIZE); |
2136 | + |
2137 | #else |
2138 | |
2139 | #define X64_ALIGN_RODATA_BEGIN |
2140 | #define X64_ALIGN_RODATA_END |
2141 | |
2142 | +#define ALIGN_ENTRY_TEXT_BEGIN |
2143 | +#define ALIGN_ENTRY_TEXT_END |
2144 | + |
2145 | #endif |
2146 | |
2147 | PHDRS { |
2148 | @@ -102,8 +108,10 @@ SECTIONS |
2149 | CPUIDLE_TEXT |
2150 | LOCK_TEXT |
2151 | KPROBES_TEXT |
2152 | + ALIGN_ENTRY_TEXT_BEGIN |
2153 | ENTRY_TEXT |
2154 | IRQENTRY_TEXT |
2155 | + ALIGN_ENTRY_TEXT_END |
2156 | SOFTIRQENTRY_TEXT |
2157 | *(.fixup) |
2158 | *(.gnu.warning) |
2159 | diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile |
2160 | index 2e0017af8f9b..52906808e277 100644 |
2161 | --- a/arch/x86/mm/Makefile |
2162 | +++ b/arch/x86/mm/Makefile |
2163 | @@ -43,9 +43,10 @@ obj-$(CONFIG_AMD_NUMA) += amdtopology.o |
2164 | obj-$(CONFIG_ACPI_NUMA) += srat.o |
2165 | obj-$(CONFIG_NUMA_EMU) += numa_emulation.o |
2166 | |
2167 | -obj-$(CONFIG_X86_INTEL_MPX) += mpx.o |
2168 | -obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o |
2169 | -obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o |
2170 | +obj-$(CONFIG_X86_INTEL_MPX) += mpx.o |
2171 | +obj-$(CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS) += pkeys.o |
2172 | +obj-$(CONFIG_RANDOMIZE_MEMORY) += kaslr.o |
2173 | +obj-$(CONFIG_PAGE_TABLE_ISOLATION) += pti.o |
2174 | |
2175 | obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt.o |
2176 | obj-$(CONFIG_AMD_MEM_ENCRYPT) += mem_encrypt_boot.o |
2177 | diff --git a/arch/x86/mm/cpu_entry_area.c b/arch/x86/mm/cpu_entry_area.c |
2178 | index fe814fd5e014..b9283cc27622 100644 |
2179 | --- a/arch/x86/mm/cpu_entry_area.c |
2180 | +++ b/arch/x86/mm/cpu_entry_area.c |
2181 | @@ -38,6 +38,32 @@ cea_map_percpu_pages(void *cea_vaddr, void *ptr, int pages, pgprot_t prot) |
2182 | cea_set_pte(cea_vaddr, per_cpu_ptr_to_phys(ptr), prot); |
2183 | } |
2184 | |
2185 | +static void percpu_setup_debug_store(int cpu) |
2186 | +{ |
2187 | +#ifdef CONFIG_CPU_SUP_INTEL |
2188 | + int npages; |
2189 | + void *cea; |
2190 | + |
2191 | + if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) |
2192 | + return; |
2193 | + |
2194 | + cea = &get_cpu_entry_area(cpu)->cpu_debug_store; |
2195 | + npages = sizeof(struct debug_store) / PAGE_SIZE; |
2196 | + BUILD_BUG_ON(sizeof(struct debug_store) % PAGE_SIZE != 0); |
2197 | + cea_map_percpu_pages(cea, &per_cpu(cpu_debug_store, cpu), npages, |
2198 | + PAGE_KERNEL); |
2199 | + |
2200 | + cea = &get_cpu_entry_area(cpu)->cpu_debug_buffers; |
2201 | + /* |
2202 | + * Force the population of PMDs for not yet allocated per cpu |
2203 | + * memory like debug store buffers. |
2204 | + */ |
2205 | + npages = sizeof(struct debug_store_buffers) / PAGE_SIZE; |
2206 | + for (; npages; npages--, cea += PAGE_SIZE) |
2207 | + cea_set_pte(cea, 0, PAGE_NONE); |
2208 | +#endif |
2209 | +} |
2210 | + |
2211 | /* Setup the fixmap mappings only once per-processor */ |
2212 | static void __init setup_cpu_entry_area(int cpu) |
2213 | { |
2214 | @@ -109,6 +135,7 @@ static void __init setup_cpu_entry_area(int cpu) |
2215 | cea_set_pte(&get_cpu_entry_area(cpu)->entry_trampoline, |
2216 | __pa_symbol(_entry_trampoline), PAGE_KERNEL_RX); |
2217 | #endif |
2218 | + percpu_setup_debug_store(cpu); |
2219 | } |
2220 | |
2221 | static __init void setup_cpu_entry_area_ptes(void) |
2222 | diff --git a/arch/x86/mm/debug_pagetables.c b/arch/x86/mm/debug_pagetables.c |
2223 | index bfcffdf6c577..421f2664ffa0 100644 |
2224 | --- a/arch/x86/mm/debug_pagetables.c |
2225 | +++ b/arch/x86/mm/debug_pagetables.c |
2226 | @@ -5,7 +5,7 @@ |
2227 | |
2228 | static int ptdump_show(struct seq_file *m, void *v) |
2229 | { |
2230 | - ptdump_walk_pgd_level(m, NULL); |
2231 | + ptdump_walk_pgd_level_debugfs(m, NULL, false); |
2232 | return 0; |
2233 | } |
2234 | |
2235 | @@ -22,21 +22,89 @@ static const struct file_operations ptdump_fops = { |
2236 | .release = single_release, |
2237 | }; |
2238 | |
2239 | -static struct dentry *pe; |
2240 | +static int ptdump_show_curknl(struct seq_file *m, void *v) |
2241 | +{ |
2242 | + if (current->mm->pgd) { |
2243 | + down_read(¤t->mm->mmap_sem); |
2244 | + ptdump_walk_pgd_level_debugfs(m, current->mm->pgd, false); |
2245 | + up_read(¤t->mm->mmap_sem); |
2246 | + } |
2247 | + return 0; |
2248 | +} |
2249 | + |
2250 | +static int ptdump_open_curknl(struct inode *inode, struct file *filp) |
2251 | +{ |
2252 | + return single_open(filp, ptdump_show_curknl, NULL); |
2253 | +} |
2254 | + |
2255 | +static const struct file_operations ptdump_curknl_fops = { |
2256 | + .owner = THIS_MODULE, |
2257 | + .open = ptdump_open_curknl, |
2258 | + .read = seq_read, |
2259 | + .llseek = seq_lseek, |
2260 | + .release = single_release, |
2261 | +}; |
2262 | + |
2263 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
2264 | +static struct dentry *pe_curusr; |
2265 | + |
2266 | +static int ptdump_show_curusr(struct seq_file *m, void *v) |
2267 | +{ |
2268 | + if (current->mm->pgd) { |
2269 | + down_read(¤t->mm->mmap_sem); |
2270 | + ptdump_walk_pgd_level_debugfs(m, current->mm->pgd, true); |
2271 | + up_read(¤t->mm->mmap_sem); |
2272 | + } |
2273 | + return 0; |
2274 | +} |
2275 | + |
2276 | +static int ptdump_open_curusr(struct inode *inode, struct file *filp) |
2277 | +{ |
2278 | + return single_open(filp, ptdump_show_curusr, NULL); |
2279 | +} |
2280 | + |
2281 | +static const struct file_operations ptdump_curusr_fops = { |
2282 | + .owner = THIS_MODULE, |
2283 | + .open = ptdump_open_curusr, |
2284 | + .read = seq_read, |
2285 | + .llseek = seq_lseek, |
2286 | + .release = single_release, |
2287 | +}; |
2288 | +#endif |
2289 | + |
2290 | +static struct dentry *dir, *pe_knl, *pe_curknl; |
2291 | |
2292 | static int __init pt_dump_debug_init(void) |
2293 | { |
2294 | - pe = debugfs_create_file("kernel_page_tables", S_IRUSR, NULL, NULL, |
2295 | - &ptdump_fops); |
2296 | - if (!pe) |
2297 | + dir = debugfs_create_dir("page_tables", NULL); |
2298 | + if (!dir) |
2299 | return -ENOMEM; |
2300 | |
2301 | + pe_knl = debugfs_create_file("kernel", 0400, dir, NULL, |
2302 | + &ptdump_fops); |
2303 | + if (!pe_knl) |
2304 | + goto err; |
2305 | + |
2306 | + pe_curknl = debugfs_create_file("current_kernel", 0400, |
2307 | + dir, NULL, &ptdump_curknl_fops); |
2308 | + if (!pe_curknl) |
2309 | + goto err; |
2310 | + |
2311 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
2312 | + pe_curusr = debugfs_create_file("current_user", 0400, |
2313 | + dir, NULL, &ptdump_curusr_fops); |
2314 | + if (!pe_curusr) |
2315 | + goto err; |
2316 | +#endif |
2317 | return 0; |
2318 | +err: |
2319 | + debugfs_remove_recursive(dir); |
2320 | + return -ENOMEM; |
2321 | } |
2322 | |
2323 | static void __exit pt_dump_debug_exit(void) |
2324 | { |
2325 | - debugfs_remove_recursive(pe); |
2326 | + debugfs_remove_recursive(dir); |
2327 | } |
2328 | |
2329 | module_init(pt_dump_debug_init); |
2330 | diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c |
2331 | index 43dedbfb7257..f56902c1f04b 100644 |
2332 | --- a/arch/x86/mm/dump_pagetables.c |
2333 | +++ b/arch/x86/mm/dump_pagetables.c |
2334 | @@ -52,11 +52,17 @@ enum address_markers_idx { |
2335 | USER_SPACE_NR = 0, |
2336 | KERNEL_SPACE_NR, |
2337 | LOW_KERNEL_NR, |
2338 | +#if defined(CONFIG_MODIFY_LDT_SYSCALL) && defined(CONFIG_X86_5LEVEL) |
2339 | + LDT_NR, |
2340 | +#endif |
2341 | VMALLOC_START_NR, |
2342 | VMEMMAP_START_NR, |
2343 | #ifdef CONFIG_KASAN |
2344 | KASAN_SHADOW_START_NR, |
2345 | KASAN_SHADOW_END_NR, |
2346 | +#endif |
2347 | +#if defined(CONFIG_MODIFY_LDT_SYSCALL) && !defined(CONFIG_X86_5LEVEL) |
2348 | + LDT_NR, |
2349 | #endif |
2350 | CPU_ENTRY_AREA_NR, |
2351 | #ifdef CONFIG_X86_ESPFIX64 |
2352 | @@ -81,6 +87,9 @@ static struct addr_marker address_markers[] = { |
2353 | #ifdef CONFIG_KASAN |
2354 | [KASAN_SHADOW_START_NR] = { KASAN_SHADOW_START, "KASAN shadow" }, |
2355 | [KASAN_SHADOW_END_NR] = { KASAN_SHADOW_END, "KASAN shadow end" }, |
2356 | +#endif |
2357 | +#ifdef CONFIG_MODIFY_LDT_SYSCALL |
2358 | + [LDT_NR] = { LDT_BASE_ADDR, "LDT remap" }, |
2359 | #endif |
2360 | [CPU_ENTRY_AREA_NR] = { CPU_ENTRY_AREA_BASE,"CPU entry Area" }, |
2361 | #ifdef CONFIG_X86_ESPFIX64 |
2362 | @@ -467,7 +476,7 @@ static inline bool is_hypervisor_range(int idx) |
2363 | } |
2364 | |
2365 | static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd, |
2366 | - bool checkwx) |
2367 | + bool checkwx, bool dmesg) |
2368 | { |
2369 | #ifdef CONFIG_X86_64 |
2370 | pgd_t *start = (pgd_t *) &init_top_pgt; |
2371 | @@ -480,7 +489,7 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd, |
2372 | |
2373 | if (pgd) { |
2374 | start = pgd; |
2375 | - st.to_dmesg = true; |
2376 | + st.to_dmesg = dmesg; |
2377 | } |
2378 | |
2379 | st.check_wx = checkwx; |
2380 | @@ -518,13 +527,37 @@ static void ptdump_walk_pgd_level_core(struct seq_file *m, pgd_t *pgd, |
2381 | |
2382 | void ptdump_walk_pgd_level(struct seq_file *m, pgd_t *pgd) |
2383 | { |
2384 | - ptdump_walk_pgd_level_core(m, pgd, false); |
2385 | + ptdump_walk_pgd_level_core(m, pgd, false, true); |
2386 | +} |
2387 | + |
2388 | +void ptdump_walk_pgd_level_debugfs(struct seq_file *m, pgd_t *pgd, bool user) |
2389 | +{ |
2390 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
2391 | + if (user && static_cpu_has(X86_FEATURE_PTI)) |
2392 | + pgd = kernel_to_user_pgdp(pgd); |
2393 | +#endif |
2394 | + ptdump_walk_pgd_level_core(m, pgd, false, false); |
2395 | +} |
2396 | +EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level_debugfs); |
2397 | + |
2398 | +static void ptdump_walk_user_pgd_level_checkwx(void) |
2399 | +{ |
2400 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
2401 | + pgd_t *pgd = (pgd_t *) &init_top_pgt; |
2402 | + |
2403 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
2404 | + return; |
2405 | + |
2406 | + pr_info("x86/mm: Checking user space page tables\n"); |
2407 | + pgd = kernel_to_user_pgdp(pgd); |
2408 | + ptdump_walk_pgd_level_core(NULL, pgd, true, false); |
2409 | +#endif |
2410 | } |
2411 | -EXPORT_SYMBOL_GPL(ptdump_walk_pgd_level); |
2412 | |
2413 | void ptdump_walk_pgd_level_checkwx(void) |
2414 | { |
2415 | - ptdump_walk_pgd_level_core(NULL, NULL, true); |
2416 | + ptdump_walk_pgd_level_core(NULL, NULL, true, false); |
2417 | + ptdump_walk_user_pgd_level_checkwx(); |
2418 | } |
2419 | |
2420 | static int __init pt_dump_init(void) |
2421 | diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c |
2422 | index a22c2b95e513..80259ad8c386 100644 |
2423 | --- a/arch/x86/mm/init.c |
2424 | +++ b/arch/x86/mm/init.c |
2425 | @@ -20,6 +20,7 @@ |
2426 | #include <asm/kaslr.h> |
2427 | #include <asm/hypervisor.h> |
2428 | #include <asm/cpufeature.h> |
2429 | +#include <asm/pti.h> |
2430 | |
2431 | /* |
2432 | * We need to define the tracepoints somewhere, and tlb.c |
2433 | @@ -161,6 +162,12 @@ struct map_range { |
2434 | |
2435 | static int page_size_mask; |
2436 | |
2437 | +static void enable_global_pages(void) |
2438 | +{ |
2439 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
2440 | + __supported_pte_mask |= _PAGE_GLOBAL; |
2441 | +} |
2442 | + |
2443 | static void __init probe_page_size_mask(void) |
2444 | { |
2445 | /* |
2446 | @@ -179,11 +186,11 @@ static void __init probe_page_size_mask(void) |
2447 | cr4_set_bits_and_update_boot(X86_CR4_PSE); |
2448 | |
2449 | /* Enable PGE if available */ |
2450 | + __supported_pte_mask &= ~_PAGE_GLOBAL; |
2451 | if (boot_cpu_has(X86_FEATURE_PGE)) { |
2452 | cr4_set_bits_and_update_boot(X86_CR4_PGE); |
2453 | - __supported_pte_mask |= _PAGE_GLOBAL; |
2454 | - } else |
2455 | - __supported_pte_mask &= ~_PAGE_GLOBAL; |
2456 | + enable_global_pages(); |
2457 | + } |
2458 | |
2459 | /* Enable 1 GB linear kernel mappings if available: */ |
2460 | if (direct_gbpages && boot_cpu_has(X86_FEATURE_GBPAGES)) { |
2461 | @@ -196,34 +203,44 @@ static void __init probe_page_size_mask(void) |
2462 | |
2463 | static void setup_pcid(void) |
2464 | { |
2465 | -#ifdef CONFIG_X86_64 |
2466 | - if (boot_cpu_has(X86_FEATURE_PCID)) { |
2467 | - if (boot_cpu_has(X86_FEATURE_PGE)) { |
2468 | - /* |
2469 | - * This can't be cr4_set_bits_and_update_boot() -- |
2470 | - * the trampoline code can't handle CR4.PCIDE and |
2471 | - * it wouldn't do any good anyway. Despite the name, |
2472 | - * cr4_set_bits_and_update_boot() doesn't actually |
2473 | - * cause the bits in question to remain set all the |
2474 | - * way through the secondary boot asm. |
2475 | - * |
2476 | - * Instead, we brute-force it and set CR4.PCIDE |
2477 | - * manually in start_secondary(). |
2478 | - */ |
2479 | - cr4_set_bits(X86_CR4_PCIDE); |
2480 | - } else { |
2481 | - /* |
2482 | - * flush_tlb_all(), as currently implemented, won't |
2483 | - * work if PCID is on but PGE is not. Since that |
2484 | - * combination doesn't exist on real hardware, there's |
2485 | - * no reason to try to fully support it, but it's |
2486 | - * polite to avoid corrupting data if we're on |
2487 | - * an improperly configured VM. |
2488 | - */ |
2489 | - setup_clear_cpu_cap(X86_FEATURE_PCID); |
2490 | - } |
2491 | + if (!IS_ENABLED(CONFIG_X86_64)) |
2492 | + return; |
2493 | + |
2494 | + if (!boot_cpu_has(X86_FEATURE_PCID)) |
2495 | + return; |
2496 | + |
2497 | + if (boot_cpu_has(X86_FEATURE_PGE)) { |
2498 | + /* |
2499 | + * This can't be cr4_set_bits_and_update_boot() -- the |
2500 | + * trampoline code can't handle CR4.PCIDE and it wouldn't |
2501 | + * do any good anyway. Despite the name, |
2502 | + * cr4_set_bits_and_update_boot() doesn't actually cause |
2503 | + * the bits in question to remain set all the way through |
2504 | + * the secondary boot asm. |
2505 | + * |
2506 | + * Instead, we brute-force it and set CR4.PCIDE manually in |
2507 | + * start_secondary(). |
2508 | + */ |
2509 | + cr4_set_bits(X86_CR4_PCIDE); |
2510 | + |
2511 | + /* |
2512 | + * INVPCID's single-context modes (2/3) only work if we set |
2513 | + * X86_CR4_PCIDE, *and* we INVPCID support. It's unusable |
2514 | + * on systems that have X86_CR4_PCIDE clear, or that have |
2515 | + * no INVPCID support at all. |
2516 | + */ |
2517 | + if (boot_cpu_has(X86_FEATURE_INVPCID)) |
2518 | + setup_force_cpu_cap(X86_FEATURE_INVPCID_SINGLE); |
2519 | + } else { |
2520 | + /* |
2521 | + * flush_tlb_all(), as currently implemented, won't work if |
2522 | + * PCID is on but PGE is not. Since that combination |
2523 | + * doesn't exist on real hardware, there's no reason to try |
2524 | + * to fully support it, but it's polite to avoid corrupting |
2525 | + * data if we're on an improperly configured VM. |
2526 | + */ |
2527 | + setup_clear_cpu_cap(X86_FEATURE_PCID); |
2528 | } |
2529 | -#endif |
2530 | } |
2531 | |
2532 | #ifdef CONFIG_X86_32 |
2533 | @@ -624,6 +641,7 @@ void __init init_mem_mapping(void) |
2534 | { |
2535 | unsigned long end; |
2536 | |
2537 | + pti_check_boottime_disable(); |
2538 | probe_page_size_mask(); |
2539 | setup_pcid(); |
2540 | |
2541 | @@ -847,7 +865,7 @@ void __init zone_sizes_init(void) |
2542 | free_area_init_nodes(max_zone_pfns); |
2543 | } |
2544 | |
2545 | -DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate) = { |
2546 | +__visible DEFINE_PER_CPU_SHARED_ALIGNED(struct tlb_state, cpu_tlbstate) = { |
2547 | .loaded_mm = &init_mm, |
2548 | .next_asid = 1, |
2549 | .cr4 = ~0UL, /* fail hard if we screw up cr4 shadow initialization */ |
2550 | diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c |
2551 | index 17ebc5a978cc..9b7bcbd33cc2 100644 |
2552 | --- a/arch/x86/mm/pgtable.c |
2553 | +++ b/arch/x86/mm/pgtable.c |
2554 | @@ -355,14 +355,15 @@ static inline void _pgd_free(pgd_t *pgd) |
2555 | kmem_cache_free(pgd_cache, pgd); |
2556 | } |
2557 | #else |
2558 | + |
2559 | static inline pgd_t *_pgd_alloc(void) |
2560 | { |
2561 | - return (pgd_t *)__get_free_page(PGALLOC_GFP); |
2562 | + return (pgd_t *)__get_free_pages(PGALLOC_GFP, PGD_ALLOCATION_ORDER); |
2563 | } |
2564 | |
2565 | static inline void _pgd_free(pgd_t *pgd) |
2566 | { |
2567 | - free_page((unsigned long)pgd); |
2568 | + free_pages((unsigned long)pgd, PGD_ALLOCATION_ORDER); |
2569 | } |
2570 | #endif /* CONFIG_X86_PAE */ |
2571 | |
2572 | diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c |
2573 | new file mode 100644 |
2574 | index 000000000000..bce8aea65606 |
2575 | --- /dev/null |
2576 | +++ b/arch/x86/mm/pti.c |
2577 | @@ -0,0 +1,387 @@ |
2578 | +/* |
2579 | + * Copyright(c) 2017 Intel Corporation. All rights reserved. |
2580 | + * |
2581 | + * This program is free software; you can redistribute it and/or modify |
2582 | + * it under the terms of version 2 of the GNU General Public License as |
2583 | + * published by the Free Software Foundation. |
2584 | + * |
2585 | + * This program is distributed in the hope that it will be useful, but |
2586 | + * WITHOUT ANY WARRANTY; without even the implied warranty of |
2587 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
2588 | + * General Public License for more details. |
2589 | + * |
2590 | + * This code is based in part on work published here: |
2591 | + * |
2592 | + * https://github.com/IAIK/KAISER |
2593 | + * |
2594 | + * The original work was written by and and signed off by for the Linux |
2595 | + * kernel by: |
2596 | + * |
2597 | + * Signed-off-by: Richard Fellner <richard.fellner@student.tugraz.at> |
2598 | + * Signed-off-by: Moritz Lipp <moritz.lipp@iaik.tugraz.at> |
2599 | + * Signed-off-by: Daniel Gruss <daniel.gruss@iaik.tugraz.at> |
2600 | + * Signed-off-by: Michael Schwarz <michael.schwarz@iaik.tugraz.at> |
2601 | + * |
2602 | + * Major changes to the original code by: Dave Hansen <dave.hansen@intel.com> |
2603 | + * Mostly rewritten by Thomas Gleixner <tglx@linutronix.de> and |
2604 | + * Andy Lutomirsky <luto@amacapital.net> |
2605 | + */ |
2606 | +#include <linux/kernel.h> |
2607 | +#include <linux/errno.h> |
2608 | +#include <linux/string.h> |
2609 | +#include <linux/types.h> |
2610 | +#include <linux/bug.h> |
2611 | +#include <linux/init.h> |
2612 | +#include <linux/spinlock.h> |
2613 | +#include <linux/mm.h> |
2614 | +#include <linux/uaccess.h> |
2615 | + |
2616 | +#include <asm/cpufeature.h> |
2617 | +#include <asm/hypervisor.h> |
2618 | +#include <asm/vsyscall.h> |
2619 | +#include <asm/cmdline.h> |
2620 | +#include <asm/pti.h> |
2621 | +#include <asm/pgtable.h> |
2622 | +#include <asm/pgalloc.h> |
2623 | +#include <asm/tlbflush.h> |
2624 | +#include <asm/desc.h> |
2625 | + |
2626 | +#undef pr_fmt |
2627 | +#define pr_fmt(fmt) "Kernel/User page tables isolation: " fmt |
2628 | + |
2629 | +/* Backporting helper */ |
2630 | +#ifndef __GFP_NOTRACK |
2631 | +#define __GFP_NOTRACK 0 |
2632 | +#endif |
2633 | + |
2634 | +static void __init pti_print_if_insecure(const char *reason) |
2635 | +{ |
2636 | + if (boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) |
2637 | + pr_info("%s\n", reason); |
2638 | +} |
2639 | + |
2640 | +static void __init pti_print_if_secure(const char *reason) |
2641 | +{ |
2642 | + if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) |
2643 | + pr_info("%s\n", reason); |
2644 | +} |
2645 | + |
2646 | +void __init pti_check_boottime_disable(void) |
2647 | +{ |
2648 | + char arg[5]; |
2649 | + int ret; |
2650 | + |
2651 | + if (hypervisor_is_type(X86_HYPER_XEN_PV)) { |
2652 | + pti_print_if_insecure("disabled on XEN PV."); |
2653 | + return; |
2654 | + } |
2655 | + |
2656 | + ret = cmdline_find_option(boot_command_line, "pti", arg, sizeof(arg)); |
2657 | + if (ret > 0) { |
2658 | + if (ret == 3 && !strncmp(arg, "off", 3)) { |
2659 | + pti_print_if_insecure("disabled on command line."); |
2660 | + return; |
2661 | + } |
2662 | + if (ret == 2 && !strncmp(arg, "on", 2)) { |
2663 | + pti_print_if_secure("force enabled on command line."); |
2664 | + goto enable; |
2665 | + } |
2666 | + if (ret == 4 && !strncmp(arg, "auto", 4)) |
2667 | + goto autosel; |
2668 | + } |
2669 | + |
2670 | + if (cmdline_find_option_bool(boot_command_line, "nopti")) { |
2671 | + pti_print_if_insecure("disabled on command line."); |
2672 | + return; |
2673 | + } |
2674 | + |
2675 | +autosel: |
2676 | + if (!boot_cpu_has_bug(X86_BUG_CPU_INSECURE)) |
2677 | + return; |
2678 | +enable: |
2679 | + setup_force_cpu_cap(X86_FEATURE_PTI); |
2680 | +} |
2681 | + |
2682 | +pgd_t __pti_set_user_pgd(pgd_t *pgdp, pgd_t pgd) |
2683 | +{ |
2684 | + /* |
2685 | + * Changes to the high (kernel) portion of the kernelmode page |
2686 | + * tables are not automatically propagated to the usermode tables. |
2687 | + * |
2688 | + * Users should keep in mind that, unlike the kernelmode tables, |
2689 | + * there is no vmalloc_fault equivalent for the usermode tables. |
2690 | + * Top-level entries added to init_mm's usermode pgd after boot |
2691 | + * will not be automatically propagated to other mms. |
2692 | + */ |
2693 | + if (!pgdp_maps_userspace(pgdp)) |
2694 | + return pgd; |
2695 | + |
2696 | + /* |
2697 | + * The user page tables get the full PGD, accessible from |
2698 | + * userspace: |
2699 | + */ |
2700 | + kernel_to_user_pgdp(pgdp)->pgd = pgd.pgd; |
2701 | + |
2702 | + /* |
2703 | + * If this is normal user memory, make it NX in the kernel |
2704 | + * pagetables so that, if we somehow screw up and return to |
2705 | + * usermode with the kernel CR3 loaded, we'll get a page fault |
2706 | + * instead of allowing user code to execute with the wrong CR3. |
2707 | + * |
2708 | + * As exceptions, we don't set NX if: |
2709 | + * - _PAGE_USER is not set. This could be an executable |
2710 | + * EFI runtime mapping or something similar, and the kernel |
2711 | + * may execute from it |
2712 | + * - we don't have NX support |
2713 | + * - we're clearing the PGD (i.e. the new pgd is not present). |
2714 | + */ |
2715 | + if ((pgd.pgd & (_PAGE_USER|_PAGE_PRESENT)) == (_PAGE_USER|_PAGE_PRESENT) && |
2716 | + (__supported_pte_mask & _PAGE_NX)) |
2717 | + pgd.pgd |= _PAGE_NX; |
2718 | + |
2719 | + /* return the copy of the PGD we want the kernel to use: */ |
2720 | + return pgd; |
2721 | +} |
2722 | + |
2723 | +/* |
2724 | + * Walk the user copy of the page tables (optionally) trying to allocate |
2725 | + * page table pages on the way down. |
2726 | + * |
2727 | + * Returns a pointer to a P4D on success, or NULL on failure. |
2728 | + */ |
2729 | +static p4d_t *pti_user_pagetable_walk_p4d(unsigned long address) |
2730 | +{ |
2731 | + pgd_t *pgd = kernel_to_user_pgdp(pgd_offset_k(address)); |
2732 | + gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO); |
2733 | + |
2734 | + if (address < PAGE_OFFSET) { |
2735 | + WARN_ONCE(1, "attempt to walk user address\n"); |
2736 | + return NULL; |
2737 | + } |
2738 | + |
2739 | + if (pgd_none(*pgd)) { |
2740 | + unsigned long new_p4d_page = __get_free_page(gfp); |
2741 | + if (!new_p4d_page) |
2742 | + return NULL; |
2743 | + |
2744 | + if (pgd_none(*pgd)) { |
2745 | + set_pgd(pgd, __pgd(_KERNPG_TABLE | __pa(new_p4d_page))); |
2746 | + new_p4d_page = 0; |
2747 | + } |
2748 | + if (new_p4d_page) |
2749 | + free_page(new_p4d_page); |
2750 | + } |
2751 | + BUILD_BUG_ON(pgd_large(*pgd) != 0); |
2752 | + |
2753 | + return p4d_offset(pgd, address); |
2754 | +} |
2755 | + |
2756 | +/* |
2757 | + * Walk the user copy of the page tables (optionally) trying to allocate |
2758 | + * page table pages on the way down. |
2759 | + * |
2760 | + * Returns a pointer to a PMD on success, or NULL on failure. |
2761 | + */ |
2762 | +static pmd_t *pti_user_pagetable_walk_pmd(unsigned long address) |
2763 | +{ |
2764 | + gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO); |
2765 | + p4d_t *p4d = pti_user_pagetable_walk_p4d(address); |
2766 | + pud_t *pud; |
2767 | + |
2768 | + BUILD_BUG_ON(p4d_large(*p4d) != 0); |
2769 | + if (p4d_none(*p4d)) { |
2770 | + unsigned long new_pud_page = __get_free_page(gfp); |
2771 | + if (!new_pud_page) |
2772 | + return NULL; |
2773 | + |
2774 | + if (p4d_none(*p4d)) { |
2775 | + set_p4d(p4d, __p4d(_KERNPG_TABLE | __pa(new_pud_page))); |
2776 | + new_pud_page = 0; |
2777 | + } |
2778 | + if (new_pud_page) |
2779 | + free_page(new_pud_page); |
2780 | + } |
2781 | + |
2782 | + pud = pud_offset(p4d, address); |
2783 | + /* The user page tables do not use large mappings: */ |
2784 | + if (pud_large(*pud)) { |
2785 | + WARN_ON(1); |
2786 | + return NULL; |
2787 | + } |
2788 | + if (pud_none(*pud)) { |
2789 | + unsigned long new_pmd_page = __get_free_page(gfp); |
2790 | + if (!new_pmd_page) |
2791 | + return NULL; |
2792 | + |
2793 | + if (pud_none(*pud)) { |
2794 | + set_pud(pud, __pud(_KERNPG_TABLE | __pa(new_pmd_page))); |
2795 | + new_pmd_page = 0; |
2796 | + } |
2797 | + if (new_pmd_page) |
2798 | + free_page(new_pmd_page); |
2799 | + } |
2800 | + |
2801 | + return pmd_offset(pud, address); |
2802 | +} |
2803 | + |
2804 | +#ifdef CONFIG_X86_VSYSCALL_EMULATION |
2805 | +/* |
2806 | + * Walk the shadow copy of the page tables (optionally) trying to allocate |
2807 | + * page table pages on the way down. Does not support large pages. |
2808 | + * |
2809 | + * Note: this is only used when mapping *new* kernel data into the |
2810 | + * user/shadow page tables. It is never used for userspace data. |
2811 | + * |
2812 | + * Returns a pointer to a PTE on success, or NULL on failure. |
2813 | + */ |
2814 | +static __init pte_t *pti_user_pagetable_walk_pte(unsigned long address) |
2815 | +{ |
2816 | + gfp_t gfp = (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO); |
2817 | + pmd_t *pmd = pti_user_pagetable_walk_pmd(address); |
2818 | + pte_t *pte; |
2819 | + |
2820 | + /* We can't do anything sensible if we hit a large mapping. */ |
2821 | + if (pmd_large(*pmd)) { |
2822 | + WARN_ON(1); |
2823 | + return NULL; |
2824 | + } |
2825 | + |
2826 | + if (pmd_none(*pmd)) { |
2827 | + unsigned long new_pte_page = __get_free_page(gfp); |
2828 | + if (!new_pte_page) |
2829 | + return NULL; |
2830 | + |
2831 | + if (pmd_none(*pmd)) { |
2832 | + set_pmd(pmd, __pmd(_KERNPG_TABLE | __pa(new_pte_page))); |
2833 | + new_pte_page = 0; |
2834 | + } |
2835 | + if (new_pte_page) |
2836 | + free_page(new_pte_page); |
2837 | + } |
2838 | + |
2839 | + pte = pte_offset_kernel(pmd, address); |
2840 | + if (pte_flags(*pte) & _PAGE_USER) { |
2841 | + WARN_ONCE(1, "attempt to walk to user pte\n"); |
2842 | + return NULL; |
2843 | + } |
2844 | + return pte; |
2845 | +} |
2846 | + |
2847 | +static void __init pti_setup_vsyscall(void) |
2848 | +{ |
2849 | + pte_t *pte, *target_pte; |
2850 | + unsigned int level; |
2851 | + |
2852 | + pte = lookup_address(VSYSCALL_ADDR, &level); |
2853 | + if (!pte || WARN_ON(level != PG_LEVEL_4K) || pte_none(*pte)) |
2854 | + return; |
2855 | + |
2856 | + target_pte = pti_user_pagetable_walk_pte(VSYSCALL_ADDR); |
2857 | + if (WARN_ON(!target_pte)) |
2858 | + return; |
2859 | + |
2860 | + *target_pte = *pte; |
2861 | + set_vsyscall_pgtable_user_bits(kernel_to_user_pgdp(swapper_pg_dir)); |
2862 | +} |
2863 | +#else |
2864 | +static void __init pti_setup_vsyscall(void) { } |
2865 | +#endif |
2866 | + |
2867 | +static void __init |
2868 | +pti_clone_pmds(unsigned long start, unsigned long end, pmdval_t clear) |
2869 | +{ |
2870 | + unsigned long addr; |
2871 | + |
2872 | + /* |
2873 | + * Clone the populated PMDs which cover start to end. These PMD areas |
2874 | + * can have holes. |
2875 | + */ |
2876 | + for (addr = start; addr < end; addr += PMD_SIZE) { |
2877 | + pmd_t *pmd, *target_pmd; |
2878 | + pgd_t *pgd; |
2879 | + p4d_t *p4d; |
2880 | + pud_t *pud; |
2881 | + |
2882 | + pgd = pgd_offset_k(addr); |
2883 | + if (WARN_ON(pgd_none(*pgd))) |
2884 | + return; |
2885 | + p4d = p4d_offset(pgd, addr); |
2886 | + if (WARN_ON(p4d_none(*p4d))) |
2887 | + return; |
2888 | + pud = pud_offset(p4d, addr); |
2889 | + if (pud_none(*pud)) |
2890 | + continue; |
2891 | + pmd = pmd_offset(pud, addr); |
2892 | + if (pmd_none(*pmd)) |
2893 | + continue; |
2894 | + |
2895 | + target_pmd = pti_user_pagetable_walk_pmd(addr); |
2896 | + if (WARN_ON(!target_pmd)) |
2897 | + return; |
2898 | + |
2899 | + /* |
2900 | + * Copy the PMD. That is, the kernelmode and usermode |
2901 | + * tables will share the last-level page tables of this |
2902 | + * address range |
2903 | + */ |
2904 | + *target_pmd = pmd_clear_flags(*pmd, clear); |
2905 | + } |
2906 | +} |
2907 | + |
2908 | +/* |
2909 | + * Clone a single p4d (i.e. a top-level entry on 4-level systems and a |
2910 | + * next-level entry on 5-level systems. |
2911 | + */ |
2912 | +static void __init pti_clone_p4d(unsigned long addr) |
2913 | +{ |
2914 | + p4d_t *kernel_p4d, *user_p4d; |
2915 | + pgd_t *kernel_pgd; |
2916 | + |
2917 | + user_p4d = pti_user_pagetable_walk_p4d(addr); |
2918 | + kernel_pgd = pgd_offset_k(addr); |
2919 | + kernel_p4d = p4d_offset(kernel_pgd, addr); |
2920 | + *user_p4d = *kernel_p4d; |
2921 | +} |
2922 | + |
2923 | +/* |
2924 | + * Clone the CPU_ENTRY_AREA into the user space visible page table. |
2925 | + */ |
2926 | +static void __init pti_clone_user_shared(void) |
2927 | +{ |
2928 | + pti_clone_p4d(CPU_ENTRY_AREA_BASE); |
2929 | +} |
2930 | + |
2931 | +/* |
2932 | + * Clone the ESPFIX P4D into the user space visinble page table |
2933 | + */ |
2934 | +static void __init pti_setup_espfix64(void) |
2935 | +{ |
2936 | +#ifdef CONFIG_X86_ESPFIX64 |
2937 | + pti_clone_p4d(ESPFIX_BASE_ADDR); |
2938 | +#endif |
2939 | +} |
2940 | + |
2941 | +/* |
2942 | + * Clone the populated PMDs of the entry and irqentry text and force it RO. |
2943 | + */ |
2944 | +static void __init pti_clone_entry_text(void) |
2945 | +{ |
2946 | + pti_clone_pmds((unsigned long) __entry_text_start, |
2947 | + (unsigned long) __irqentry_text_end, _PAGE_RW); |
2948 | +} |
2949 | + |
2950 | +/* |
2951 | + * Initialize kernel page table isolation |
2952 | + */ |
2953 | +void __init pti_init(void) |
2954 | +{ |
2955 | + if (!static_cpu_has(X86_FEATURE_PTI)) |
2956 | + return; |
2957 | + |
2958 | + pr_info("enabled\n"); |
2959 | + |
2960 | + pti_clone_user_shared(); |
2961 | + pti_clone_entry_text(); |
2962 | + pti_setup_espfix64(); |
2963 | + pti_setup_vsyscall(); |
2964 | +} |
2965 | diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c |
2966 | index 0a1be3adc97e..a1561957dccb 100644 |
2967 | --- a/arch/x86/mm/tlb.c |
2968 | +++ b/arch/x86/mm/tlb.c |
2969 | @@ -28,6 +28,38 @@ |
2970 | * Implement flush IPI by CALL_FUNCTION_VECTOR, Alex Shi |
2971 | */ |
2972 | |
2973 | +/* |
2974 | + * We get here when we do something requiring a TLB invalidation |
2975 | + * but could not go invalidate all of the contexts. We do the |
2976 | + * necessary invalidation by clearing out the 'ctx_id' which |
2977 | + * forces a TLB flush when the context is loaded. |
2978 | + */ |
2979 | +void clear_asid_other(void) |
2980 | +{ |
2981 | + u16 asid; |
2982 | + |
2983 | + /* |
2984 | + * This is only expected to be set if we have disabled |
2985 | + * kernel _PAGE_GLOBAL pages. |
2986 | + */ |
2987 | + if (!static_cpu_has(X86_FEATURE_PTI)) { |
2988 | + WARN_ON_ONCE(1); |
2989 | + return; |
2990 | + } |
2991 | + |
2992 | + for (asid = 0; asid < TLB_NR_DYN_ASIDS; asid++) { |
2993 | + /* Do not need to flush the current asid */ |
2994 | + if (asid == this_cpu_read(cpu_tlbstate.loaded_mm_asid)) |
2995 | + continue; |
2996 | + /* |
2997 | + * Make sure the next time we go to switch to |
2998 | + * this asid, we do a flush: |
2999 | + */ |
3000 | + this_cpu_write(cpu_tlbstate.ctxs[asid].ctx_id, 0); |
3001 | + } |
3002 | + this_cpu_write(cpu_tlbstate.invalidate_other, false); |
3003 | +} |
3004 | + |
3005 | atomic64_t last_mm_ctx_id = ATOMIC64_INIT(1); |
3006 | |
3007 | |
3008 | @@ -42,6 +74,9 @@ static void choose_new_asid(struct mm_struct *next, u64 next_tlb_gen, |
3009 | return; |
3010 | } |
3011 | |
3012 | + if (this_cpu_read(cpu_tlbstate.invalidate_other)) |
3013 | + clear_asid_other(); |
3014 | + |
3015 | for (asid = 0; asid < TLB_NR_DYN_ASIDS; asid++) { |
3016 | if (this_cpu_read(cpu_tlbstate.ctxs[asid].ctx_id) != |
3017 | next->context.ctx_id) |
3018 | @@ -65,6 +100,25 @@ static void choose_new_asid(struct mm_struct *next, u64 next_tlb_gen, |
3019 | *need_flush = true; |
3020 | } |
3021 | |
3022 | +static void load_new_mm_cr3(pgd_t *pgdir, u16 new_asid, bool need_flush) |
3023 | +{ |
3024 | + unsigned long new_mm_cr3; |
3025 | + |
3026 | + if (need_flush) { |
3027 | + invalidate_user_asid(new_asid); |
3028 | + new_mm_cr3 = build_cr3(pgdir, new_asid); |
3029 | + } else { |
3030 | + new_mm_cr3 = build_cr3_noflush(pgdir, new_asid); |
3031 | + } |
3032 | + |
3033 | + /* |
3034 | + * Caution: many callers of this function expect |
3035 | + * that load_cr3() is serializing and orders TLB |
3036 | + * fills with respect to the mm_cpumask writes. |
3037 | + */ |
3038 | + write_cr3(new_mm_cr3); |
3039 | +} |
3040 | + |
3041 | void leave_mm(int cpu) |
3042 | { |
3043 | struct mm_struct *loaded_mm = this_cpu_read(cpu_tlbstate.loaded_mm); |
3044 | @@ -195,7 +249,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
3045 | if (need_flush) { |
3046 | this_cpu_write(cpu_tlbstate.ctxs[new_asid].ctx_id, next->context.ctx_id); |
3047 | this_cpu_write(cpu_tlbstate.ctxs[new_asid].tlb_gen, next_tlb_gen); |
3048 | - write_cr3(build_cr3(next->pgd, new_asid)); |
3049 | + load_new_mm_cr3(next->pgd, new_asid, true); |
3050 | |
3051 | /* |
3052 | * NB: This gets called via leave_mm() in the idle path |
3053 | @@ -208,7 +262,7 @@ void switch_mm_irqs_off(struct mm_struct *prev, struct mm_struct *next, |
3054 | trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, TLB_FLUSH_ALL); |
3055 | } else { |
3056 | /* The new ASID is already up to date. */ |
3057 | - write_cr3(build_cr3_noflush(next->pgd, new_asid)); |
3058 | + load_new_mm_cr3(next->pgd, new_asid, false); |
3059 | |
3060 | /* See above wrt _rcuidle. */ |
3061 | trace_tlb_flush_rcuidle(TLB_FLUSH_ON_TASK_SWITCH, 0); |
3062 | diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c |
3063 | index 20fb31579b69..39c4b35ac7a4 100644 |
3064 | --- a/arch/x86/platform/efi/efi_64.c |
3065 | +++ b/arch/x86/platform/efi/efi_64.c |
3066 | @@ -195,6 +195,9 @@ static pgd_t *efi_pgd; |
3067 | * because we want to avoid inserting EFI region mappings (EFI_VA_END |
3068 | * to EFI_VA_START) into the standard kernel page tables. Everything |
3069 | * else can be shared, see efi_sync_low_kernel_mappings(). |
3070 | + * |
3071 | + * We don't want the pgd on the pgd_list and cannot use pgd_alloc() for the |
3072 | + * allocation. |
3073 | */ |
3074 | int __init efi_alloc_page_tables(void) |
3075 | { |
3076 | @@ -207,7 +210,7 @@ int __init efi_alloc_page_tables(void) |
3077 | return 0; |
3078 | |
3079 | gfp_mask = GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO; |
3080 | - efi_pgd = (pgd_t *)__get_free_page(gfp_mask); |
3081 | + efi_pgd = (pgd_t *)__get_free_pages(gfp_mask, PGD_ALLOCATION_ORDER); |
3082 | if (!efi_pgd) |
3083 | return -ENOMEM; |
3084 | |
3085 | diff --git a/block/blk-map.c b/block/blk-map.c |
3086 | index d5251edcc0dd..368daa02714e 100644 |
3087 | --- a/block/blk-map.c |
3088 | +++ b/block/blk-map.c |
3089 | @@ -12,22 +12,29 @@ |
3090 | #include "blk.h" |
3091 | |
3092 | /* |
3093 | - * Append a bio to a passthrough request. Only works can be merged into |
3094 | - * the request based on the driver constraints. |
3095 | + * Append a bio to a passthrough request. Only works if the bio can be merged |
3096 | + * into the request based on the driver constraints. |
3097 | */ |
3098 | -int blk_rq_append_bio(struct request *rq, struct bio *bio) |
3099 | +int blk_rq_append_bio(struct request *rq, struct bio **bio) |
3100 | { |
3101 | - blk_queue_bounce(rq->q, &bio); |
3102 | + struct bio *orig_bio = *bio; |
3103 | + |
3104 | + blk_queue_bounce(rq->q, bio); |
3105 | |
3106 | if (!rq->bio) { |
3107 | - blk_rq_bio_prep(rq->q, rq, bio); |
3108 | + blk_rq_bio_prep(rq->q, rq, *bio); |
3109 | } else { |
3110 | - if (!ll_back_merge_fn(rq->q, rq, bio)) |
3111 | + if (!ll_back_merge_fn(rq->q, rq, *bio)) { |
3112 | + if (orig_bio != *bio) { |
3113 | + bio_put(*bio); |
3114 | + *bio = orig_bio; |
3115 | + } |
3116 | return -EINVAL; |
3117 | + } |
3118 | |
3119 | - rq->biotail->bi_next = bio; |
3120 | - rq->biotail = bio; |
3121 | - rq->__data_len += bio->bi_iter.bi_size; |
3122 | + rq->biotail->bi_next = *bio; |
3123 | + rq->biotail = *bio; |
3124 | + rq->__data_len += (*bio)->bi_iter.bi_size; |
3125 | } |
3126 | |
3127 | return 0; |
3128 | @@ -80,14 +87,12 @@ static int __blk_rq_map_user_iov(struct request *rq, |
3129 | * We link the bounce buffer in and could have to traverse it |
3130 | * later so we have to get a ref to prevent it from being freed |
3131 | */ |
3132 | - ret = blk_rq_append_bio(rq, bio); |
3133 | - bio_get(bio); |
3134 | + ret = blk_rq_append_bio(rq, &bio); |
3135 | if (ret) { |
3136 | - bio_endio(bio); |
3137 | __blk_rq_unmap_user(orig_bio); |
3138 | - bio_put(bio); |
3139 | return ret; |
3140 | } |
3141 | + bio_get(bio); |
3142 | |
3143 | return 0; |
3144 | } |
3145 | @@ -220,7 +225,7 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf, |
3146 | int reading = rq_data_dir(rq) == READ; |
3147 | unsigned long addr = (unsigned long) kbuf; |
3148 | int do_copy = 0; |
3149 | - struct bio *bio; |
3150 | + struct bio *bio, *orig_bio; |
3151 | int ret; |
3152 | |
3153 | if (len > (queue_max_hw_sectors(q) << 9)) |
3154 | @@ -243,10 +248,11 @@ int blk_rq_map_kern(struct request_queue *q, struct request *rq, void *kbuf, |
3155 | if (do_copy) |
3156 | rq->rq_flags |= RQF_COPY_USER; |
3157 | |
3158 | - ret = blk_rq_append_bio(rq, bio); |
3159 | + orig_bio = bio; |
3160 | + ret = blk_rq_append_bio(rq, &bio); |
3161 | if (unlikely(ret)) { |
3162 | /* request is too big */ |
3163 | - bio_put(bio); |
3164 | + bio_put(orig_bio); |
3165 | return ret; |
3166 | } |
3167 | |
3168 | diff --git a/block/bounce.c b/block/bounce.c |
3169 | index fceb1a96480b..1d05c422c932 100644 |
3170 | --- a/block/bounce.c |
3171 | +++ b/block/bounce.c |
3172 | @@ -200,6 +200,7 @@ static void __blk_queue_bounce(struct request_queue *q, struct bio **bio_orig, |
3173 | unsigned i = 0; |
3174 | bool bounce = false; |
3175 | int sectors = 0; |
3176 | + bool passthrough = bio_is_passthrough(*bio_orig); |
3177 | |
3178 | bio_for_each_segment(from, *bio_orig, iter) { |
3179 | if (i++ < BIO_MAX_PAGES) |
3180 | @@ -210,13 +211,14 @@ static void __blk_queue_bounce(struct request_queue *q, struct bio **bio_orig, |
3181 | if (!bounce) |
3182 | return; |
3183 | |
3184 | - if (sectors < bio_sectors(*bio_orig)) { |
3185 | + if (!passthrough && sectors < bio_sectors(*bio_orig)) { |
3186 | bio = bio_split(*bio_orig, sectors, GFP_NOIO, bounce_bio_split); |
3187 | bio_chain(bio, *bio_orig); |
3188 | generic_make_request(*bio_orig); |
3189 | *bio_orig = bio; |
3190 | } |
3191 | - bio = bio_clone_bioset(*bio_orig, GFP_NOIO, bounce_bio_set); |
3192 | + bio = bio_clone_bioset(*bio_orig, GFP_NOIO, passthrough ? NULL : |
3193 | + bounce_bio_set); |
3194 | |
3195 | bio_for_each_segment_all(to, bio, i) { |
3196 | struct page *page = to->bv_page; |
3197 | diff --git a/drivers/android/binder.c b/drivers/android/binder.c |
3198 | index 88b4bbe58100..a340766b51fe 100644 |
3199 | --- a/drivers/android/binder.c |
3200 | +++ b/drivers/android/binder.c |
3201 | @@ -482,7 +482,8 @@ enum binder_deferred_state { |
3202 | * @tsk task_struct for group_leader of process |
3203 | * (invariant after initialized) |
3204 | * @files files_struct for process |
3205 | - * (invariant after initialized) |
3206 | + * (protected by @files_lock) |
3207 | + * @files_lock mutex to protect @files |
3208 | * @deferred_work_node: element for binder_deferred_list |
3209 | * (protected by binder_deferred_lock) |
3210 | * @deferred_work: bitmap of deferred work to perform |
3211 | @@ -530,6 +531,7 @@ struct binder_proc { |
3212 | int pid; |
3213 | struct task_struct *tsk; |
3214 | struct files_struct *files; |
3215 | + struct mutex files_lock; |
3216 | struct hlist_node deferred_work_node; |
3217 | int deferred_work; |
3218 | bool is_dead; |
3219 | @@ -877,20 +879,26 @@ static void binder_inc_node_tmpref_ilocked(struct binder_node *node); |
3220 | |
3221 | static int task_get_unused_fd_flags(struct binder_proc *proc, int flags) |
3222 | { |
3223 | - struct files_struct *files = proc->files; |
3224 | unsigned long rlim_cur; |
3225 | unsigned long irqs; |
3226 | + int ret; |
3227 | |
3228 | - if (files == NULL) |
3229 | - return -ESRCH; |
3230 | - |
3231 | - if (!lock_task_sighand(proc->tsk, &irqs)) |
3232 | - return -EMFILE; |
3233 | - |
3234 | + mutex_lock(&proc->files_lock); |
3235 | + if (proc->files == NULL) { |
3236 | + ret = -ESRCH; |
3237 | + goto err; |
3238 | + } |
3239 | + if (!lock_task_sighand(proc->tsk, &irqs)) { |
3240 | + ret = -EMFILE; |
3241 | + goto err; |
3242 | + } |
3243 | rlim_cur = task_rlimit(proc->tsk, RLIMIT_NOFILE); |
3244 | unlock_task_sighand(proc->tsk, &irqs); |
3245 | |
3246 | - return __alloc_fd(files, 0, rlim_cur, flags); |
3247 | + ret = __alloc_fd(proc->files, 0, rlim_cur, flags); |
3248 | +err: |
3249 | + mutex_unlock(&proc->files_lock); |
3250 | + return ret; |
3251 | } |
3252 | |
3253 | /* |
3254 | @@ -899,8 +907,10 @@ static int task_get_unused_fd_flags(struct binder_proc *proc, int flags) |
3255 | static void task_fd_install( |
3256 | struct binder_proc *proc, unsigned int fd, struct file *file) |
3257 | { |
3258 | + mutex_lock(&proc->files_lock); |
3259 | if (proc->files) |
3260 | __fd_install(proc->files, fd, file); |
3261 | + mutex_unlock(&proc->files_lock); |
3262 | } |
3263 | |
3264 | /* |
3265 | @@ -910,9 +920,11 @@ static long task_close_fd(struct binder_proc *proc, unsigned int fd) |
3266 | { |
3267 | int retval; |
3268 | |
3269 | - if (proc->files == NULL) |
3270 | - return -ESRCH; |
3271 | - |
3272 | + mutex_lock(&proc->files_lock); |
3273 | + if (proc->files == NULL) { |
3274 | + retval = -ESRCH; |
3275 | + goto err; |
3276 | + } |
3277 | retval = __close_fd(proc->files, fd); |
3278 | /* can't restart close syscall because file table entry was cleared */ |
3279 | if (unlikely(retval == -ERESTARTSYS || |
3280 | @@ -920,7 +932,8 @@ static long task_close_fd(struct binder_proc *proc, unsigned int fd) |
3281 | retval == -ERESTARTNOHAND || |
3282 | retval == -ERESTART_RESTARTBLOCK)) |
3283 | retval = -EINTR; |
3284 | - |
3285 | +err: |
3286 | + mutex_unlock(&proc->files_lock); |
3287 | return retval; |
3288 | } |
3289 | |
3290 | @@ -4627,7 +4640,9 @@ static int binder_mmap(struct file *filp, struct vm_area_struct *vma) |
3291 | ret = binder_alloc_mmap_handler(&proc->alloc, vma); |
3292 | if (ret) |
3293 | return ret; |
3294 | + mutex_lock(&proc->files_lock); |
3295 | proc->files = get_files_struct(current); |
3296 | + mutex_unlock(&proc->files_lock); |
3297 | return 0; |
3298 | |
3299 | err_bad_arg: |
3300 | @@ -4651,6 +4666,7 @@ static int binder_open(struct inode *nodp, struct file *filp) |
3301 | spin_lock_init(&proc->outer_lock); |
3302 | get_task_struct(current->group_leader); |
3303 | proc->tsk = current->group_leader; |
3304 | + mutex_init(&proc->files_lock); |
3305 | INIT_LIST_HEAD(&proc->todo); |
3306 | proc->default_priority = task_nice(current); |
3307 | binder_dev = container_of(filp->private_data, struct binder_device, |
3308 | @@ -4903,9 +4919,11 @@ static void binder_deferred_func(struct work_struct *work) |
3309 | |
3310 | files = NULL; |
3311 | if (defer & BINDER_DEFERRED_PUT_FILES) { |
3312 | + mutex_lock(&proc->files_lock); |
3313 | files = proc->files; |
3314 | if (files) |
3315 | proc->files = NULL; |
3316 | + mutex_unlock(&proc->files_lock); |
3317 | } |
3318 | |
3319 | if (defer & BINDER_DEFERRED_FLUSH) |
3320 | diff --git a/drivers/base/cacheinfo.c b/drivers/base/cacheinfo.c |
3321 | index eb3af2739537..07532d83be0b 100644 |
3322 | --- a/drivers/base/cacheinfo.c |
3323 | +++ b/drivers/base/cacheinfo.c |
3324 | @@ -186,6 +186,11 @@ static void cache_associativity(struct cacheinfo *this_leaf) |
3325 | this_leaf->ways_of_associativity = (size / nr_sets) / line_size; |
3326 | } |
3327 | |
3328 | +static bool cache_node_is_unified(struct cacheinfo *this_leaf) |
3329 | +{ |
3330 | + return of_property_read_bool(this_leaf->of_node, "cache-unified"); |
3331 | +} |
3332 | + |
3333 | static void cache_of_override_properties(unsigned int cpu) |
3334 | { |
3335 | int index; |
3336 | @@ -194,6 +199,14 @@ static void cache_of_override_properties(unsigned int cpu) |
3337 | |
3338 | for (index = 0; index < cache_leaves(cpu); index++) { |
3339 | this_leaf = this_cpu_ci->info_list + index; |
3340 | + /* |
3341 | + * init_cache_level must setup the cache level correctly |
3342 | + * overriding the architecturally specified levels, so |
3343 | + * if type is NONE at this stage, it should be unified |
3344 | + */ |
3345 | + if (this_leaf->type == CACHE_TYPE_NOCACHE && |
3346 | + cache_node_is_unified(this_leaf)) |
3347 | + this_leaf->type = CACHE_TYPE_UNIFIED; |
3348 | cache_size(this_leaf); |
3349 | cache_get_line_size(this_leaf); |
3350 | cache_nr_sets(this_leaf); |
3351 | diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c |
3352 | index eb4528c87c0b..d6f3d9ee1350 100644 |
3353 | --- a/drivers/gpio/gpiolib-acpi.c |
3354 | +++ b/drivers/gpio/gpiolib-acpi.c |
3355 | @@ -1074,7 +1074,7 @@ void acpi_gpiochip_add(struct gpio_chip *chip) |
3356 | } |
3357 | |
3358 | if (!chip->names) |
3359 | - devprop_gpiochip_set_names(chip); |
3360 | + devprop_gpiochip_set_names(chip, dev_fwnode(chip->parent)); |
3361 | |
3362 | acpi_gpiochip_request_regions(acpi_gpio); |
3363 | acpi_gpiochip_scan_gpios(acpi_gpio); |
3364 | diff --git a/drivers/gpio/gpiolib-devprop.c b/drivers/gpio/gpiolib-devprop.c |
3365 | index 27f383bda7d9..f748aa3e77f7 100644 |
3366 | --- a/drivers/gpio/gpiolib-devprop.c |
3367 | +++ b/drivers/gpio/gpiolib-devprop.c |
3368 | @@ -19,30 +19,27 @@ |
3369 | /** |
3370 | * devprop_gpiochip_set_names - Set GPIO line names using device properties |
3371 | * @chip: GPIO chip whose lines should be named, if possible |
3372 | + * @fwnode: Property Node containing the gpio-line-names property |
3373 | * |
3374 | * Looks for device property "gpio-line-names" and if it exists assigns |
3375 | * GPIO line names for the chip. The memory allocated for the assigned |
3376 | * names belong to the underlying firmware node and should not be released |
3377 | * by the caller. |
3378 | */ |
3379 | -void devprop_gpiochip_set_names(struct gpio_chip *chip) |
3380 | +void devprop_gpiochip_set_names(struct gpio_chip *chip, |
3381 | + const struct fwnode_handle *fwnode) |
3382 | { |
3383 | struct gpio_device *gdev = chip->gpiodev; |
3384 | const char **names; |
3385 | int ret, i; |
3386 | |
3387 | - if (!chip->parent) { |
3388 | - dev_warn(&gdev->dev, "GPIO chip parent is NULL\n"); |
3389 | - return; |
3390 | - } |
3391 | - |
3392 | - ret = device_property_read_string_array(chip->parent, "gpio-line-names", |
3393 | + ret = fwnode_property_read_string_array(fwnode, "gpio-line-names", |
3394 | NULL, 0); |
3395 | if (ret < 0) |
3396 | return; |
3397 | |
3398 | if (ret != gdev->ngpio) { |
3399 | - dev_warn(chip->parent, |
3400 | + dev_warn(&gdev->dev, |
3401 | "names %d do not match number of GPIOs %d\n", ret, |
3402 | gdev->ngpio); |
3403 | return; |
3404 | @@ -52,10 +49,10 @@ void devprop_gpiochip_set_names(struct gpio_chip *chip) |
3405 | if (!names) |
3406 | return; |
3407 | |
3408 | - ret = device_property_read_string_array(chip->parent, "gpio-line-names", |
3409 | + ret = fwnode_property_read_string_array(fwnode, "gpio-line-names", |
3410 | names, gdev->ngpio); |
3411 | if (ret < 0) { |
3412 | - dev_warn(chip->parent, "failed to read GPIO line names\n"); |
3413 | + dev_warn(&gdev->dev, "failed to read GPIO line names\n"); |
3414 | kfree(names); |
3415 | return; |
3416 | } |
3417 | diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c |
3418 | index bfcd20699ec8..ba38f530e403 100644 |
3419 | --- a/drivers/gpio/gpiolib-of.c |
3420 | +++ b/drivers/gpio/gpiolib-of.c |
3421 | @@ -493,7 +493,8 @@ int of_gpiochip_add(struct gpio_chip *chip) |
3422 | |
3423 | /* If the chip defines names itself, these take precedence */ |
3424 | if (!chip->names) |
3425 | - devprop_gpiochip_set_names(chip); |
3426 | + devprop_gpiochip_set_names(chip, |
3427 | + of_fwnode_handle(chip->of_node)); |
3428 | |
3429 | of_node_get(chip->of_node); |
3430 | |
3431 | diff --git a/drivers/gpio/gpiolib.h b/drivers/gpio/gpiolib.h |
3432 | index d003ccb12781..3d4d0634c9dd 100644 |
3433 | --- a/drivers/gpio/gpiolib.h |
3434 | +++ b/drivers/gpio/gpiolib.h |
3435 | @@ -224,7 +224,8 @@ static inline int gpio_chip_hwgpio(const struct gpio_desc *desc) |
3436 | return desc - &desc->gdev->descs[0]; |
3437 | } |
3438 | |
3439 | -void devprop_gpiochip_set_names(struct gpio_chip *chip); |
3440 | +void devprop_gpiochip_set_names(struct gpio_chip *chip, |
3441 | + const struct fwnode_handle *fwnode); |
3442 | |
3443 | /* With descriptor prefix */ |
3444 | |
3445 | diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c |
3446 | index feafdb961c48..59b2f96d986a 100644 |
3447 | --- a/drivers/infiniband/core/security.c |
3448 | +++ b/drivers/infiniband/core/security.c |
3449 | @@ -386,6 +386,9 @@ int ib_open_shared_qp_security(struct ib_qp *qp, struct ib_device *dev) |
3450 | if (ret) |
3451 | return ret; |
3452 | |
3453 | + if (!qp->qp_sec) |
3454 | + return 0; |
3455 | + |
3456 | mutex_lock(&real_qp->qp_sec->mutex); |
3457 | ret = check_qp_port_pkey_settings(real_qp->qp_sec->ports_pkeys, |
3458 | qp->qp_sec); |
3459 | diff --git a/drivers/infiniband/core/uverbs_cmd.c b/drivers/infiniband/core/uverbs_cmd.c |
3460 | index d8f540054392..93c1a57dbff1 100644 |
3461 | --- a/drivers/infiniband/core/uverbs_cmd.c |
3462 | +++ b/drivers/infiniband/core/uverbs_cmd.c |
3463 | @@ -2085,8 +2085,8 @@ int ib_uverbs_ex_modify_qp(struct ib_uverbs_file *file, |
3464 | return -EOPNOTSUPP; |
3465 | |
3466 | if (ucore->inlen > sizeof(cmd)) { |
3467 | - if (ib_is_udata_cleared(ucore, sizeof(cmd), |
3468 | - ucore->inlen - sizeof(cmd))) |
3469 | + if (!ib_is_udata_cleared(ucore, sizeof(cmd), |
3470 | + ucore->inlen - sizeof(cmd))) |
3471 | return -EOPNOTSUPP; |
3472 | } |
3473 | |
3474 | diff --git a/drivers/infiniband/core/verbs.c b/drivers/infiniband/core/verbs.c |
3475 | index de57d6c11a25..9032f77cc38d 100644 |
3476 | --- a/drivers/infiniband/core/verbs.c |
3477 | +++ b/drivers/infiniband/core/verbs.c |
3478 | @@ -1400,7 +1400,8 @@ int ib_close_qp(struct ib_qp *qp) |
3479 | spin_unlock_irqrestore(&real_qp->device->event_handler_lock, flags); |
3480 | |
3481 | atomic_dec(&real_qp->usecnt); |
3482 | - ib_close_shared_qp_security(qp->qp_sec); |
3483 | + if (qp->qp_sec) |
3484 | + ib_close_shared_qp_security(qp->qp_sec); |
3485 | kfree(qp); |
3486 | |
3487 | return 0; |
3488 | diff --git a/drivers/infiniband/hw/cxgb4/cq.c b/drivers/infiniband/hw/cxgb4/cq.c |
3489 | index eae8ea81c6e2..514c1000ded1 100644 |
3490 | --- a/drivers/infiniband/hw/cxgb4/cq.c |
3491 | +++ b/drivers/infiniband/hw/cxgb4/cq.c |
3492 | @@ -586,10 +586,10 @@ static int poll_cq(struct t4_wq *wq, struct t4_cq *cq, struct t4_cqe *cqe, |
3493 | ret = -EAGAIN; |
3494 | goto skip_cqe; |
3495 | } |
3496 | - if (unlikely((CQE_WRID_MSN(hw_cqe) != (wq->rq.msn)))) { |
3497 | + if (unlikely(!CQE_STATUS(hw_cqe) && |
3498 | + CQE_WRID_MSN(hw_cqe) != wq->rq.msn)) { |
3499 | t4_set_wq_in_error(wq); |
3500 | - hw_cqe->header |= htonl(CQE_STATUS_V(T4_ERR_MSN)); |
3501 | - goto proc_cqe; |
3502 | + hw_cqe->header |= cpu_to_be32(CQE_STATUS_V(T4_ERR_MSN)); |
3503 | } |
3504 | goto proc_cqe; |
3505 | } |
3506 | diff --git a/drivers/infiniband/hw/hfi1/hfi.h b/drivers/infiniband/hw/hfi1/hfi.h |
3507 | index 6ff44dc606eb..3409eee16092 100644 |
3508 | --- a/drivers/infiniband/hw/hfi1/hfi.h |
3509 | +++ b/drivers/infiniband/hw/hfi1/hfi.h |
3510 | @@ -1129,7 +1129,6 @@ struct hfi1_devdata { |
3511 | u16 pcie_lnkctl; |
3512 | u16 pcie_devctl2; |
3513 | u32 pci_msix0; |
3514 | - u32 pci_lnkctl3; |
3515 | u32 pci_tph2; |
3516 | |
3517 | /* |
3518 | diff --git a/drivers/infiniband/hw/hfi1/pcie.c b/drivers/infiniband/hw/hfi1/pcie.c |
3519 | index 09e50fd2a08f..8c7e7a60b715 100644 |
3520 | --- a/drivers/infiniband/hw/hfi1/pcie.c |
3521 | +++ b/drivers/infiniband/hw/hfi1/pcie.c |
3522 | @@ -411,15 +411,12 @@ int restore_pci_variables(struct hfi1_devdata *dd) |
3523 | if (ret) |
3524 | goto error; |
3525 | |
3526 | - ret = pci_write_config_dword(dd->pcidev, PCIE_CFG_SPCIE1, |
3527 | - dd->pci_lnkctl3); |
3528 | - if (ret) |
3529 | - goto error; |
3530 | - |
3531 | - ret = pci_write_config_dword(dd->pcidev, PCIE_CFG_TPH2, dd->pci_tph2); |
3532 | - if (ret) |
3533 | - goto error; |
3534 | - |
3535 | + if (pci_find_ext_capability(dd->pcidev, PCI_EXT_CAP_ID_TPH)) { |
3536 | + ret = pci_write_config_dword(dd->pcidev, PCIE_CFG_TPH2, |
3537 | + dd->pci_tph2); |
3538 | + if (ret) |
3539 | + goto error; |
3540 | + } |
3541 | return 0; |
3542 | |
3543 | error: |
3544 | @@ -469,15 +466,12 @@ int save_pci_variables(struct hfi1_devdata *dd) |
3545 | if (ret) |
3546 | goto error; |
3547 | |
3548 | - ret = pci_read_config_dword(dd->pcidev, PCIE_CFG_SPCIE1, |
3549 | - &dd->pci_lnkctl3); |
3550 | - if (ret) |
3551 | - goto error; |
3552 | - |
3553 | - ret = pci_read_config_dword(dd->pcidev, PCIE_CFG_TPH2, &dd->pci_tph2); |
3554 | - if (ret) |
3555 | - goto error; |
3556 | - |
3557 | + if (pci_find_ext_capability(dd->pcidev, PCI_EXT_CAP_ID_TPH)) { |
3558 | + ret = pci_read_config_dword(dd->pcidev, PCIE_CFG_TPH2, |
3559 | + &dd->pci_tph2); |
3560 | + if (ret) |
3561 | + goto error; |
3562 | + } |
3563 | return 0; |
3564 | |
3565 | error: |
3566 | diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c |
3567 | index 5aff1e33d984..30d479f87cb8 100644 |
3568 | --- a/drivers/infiniband/hw/mlx5/main.c |
3569 | +++ b/drivers/infiniband/hw/mlx5/main.c |
3570 | @@ -1415,6 +1415,7 @@ static struct ib_ucontext *mlx5_ib_alloc_ucontext(struct ib_device *ibdev, |
3571 | } |
3572 | |
3573 | INIT_LIST_HEAD(&context->vma_private_list); |
3574 | + mutex_init(&context->vma_private_list_mutex); |
3575 | INIT_LIST_HEAD(&context->db_page_list); |
3576 | mutex_init(&context->db_page_mutex); |
3577 | |
3578 | @@ -1576,7 +1577,9 @@ static void mlx5_ib_vma_close(struct vm_area_struct *area) |
3579 | * mlx5_ib_disassociate_ucontext(). |
3580 | */ |
3581 | mlx5_ib_vma_priv_data->vma = NULL; |
3582 | + mutex_lock(mlx5_ib_vma_priv_data->vma_private_list_mutex); |
3583 | list_del(&mlx5_ib_vma_priv_data->list); |
3584 | + mutex_unlock(mlx5_ib_vma_priv_data->vma_private_list_mutex); |
3585 | kfree(mlx5_ib_vma_priv_data); |
3586 | } |
3587 | |
3588 | @@ -1596,10 +1599,13 @@ static int mlx5_ib_set_vma_data(struct vm_area_struct *vma, |
3589 | return -ENOMEM; |
3590 | |
3591 | vma_prv->vma = vma; |
3592 | + vma_prv->vma_private_list_mutex = &ctx->vma_private_list_mutex; |
3593 | vma->vm_private_data = vma_prv; |
3594 | vma->vm_ops = &mlx5_ib_vm_ops; |
3595 | |
3596 | + mutex_lock(&ctx->vma_private_list_mutex); |
3597 | list_add(&vma_prv->list, vma_head); |
3598 | + mutex_unlock(&ctx->vma_private_list_mutex); |
3599 | |
3600 | return 0; |
3601 | } |
3602 | @@ -1642,6 +1648,7 @@ static void mlx5_ib_disassociate_ucontext(struct ib_ucontext *ibcontext) |
3603 | * mlx5_ib_vma_close. |
3604 | */ |
3605 | down_write(&owning_mm->mmap_sem); |
3606 | + mutex_lock(&context->vma_private_list_mutex); |
3607 | list_for_each_entry_safe(vma_private, n, &context->vma_private_list, |
3608 | list) { |
3609 | vma = vma_private->vma; |
3610 | @@ -1656,6 +1663,7 @@ static void mlx5_ib_disassociate_ucontext(struct ib_ucontext *ibcontext) |
3611 | list_del(&vma_private->list); |
3612 | kfree(vma_private); |
3613 | } |
3614 | + mutex_unlock(&context->vma_private_list_mutex); |
3615 | up_write(&owning_mm->mmap_sem); |
3616 | mmput(owning_mm); |
3617 | put_task_struct(owning_process); |
3618 | diff --git a/drivers/infiniband/hw/mlx5/mlx5_ib.h b/drivers/infiniband/hw/mlx5/mlx5_ib.h |
3619 | index 189e80cd6b2f..754103372faa 100644 |
3620 | --- a/drivers/infiniband/hw/mlx5/mlx5_ib.h |
3621 | +++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h |
3622 | @@ -115,6 +115,8 @@ enum { |
3623 | struct mlx5_ib_vma_private_data { |
3624 | struct list_head list; |
3625 | struct vm_area_struct *vma; |
3626 | + /* protect vma_private_list add/del */ |
3627 | + struct mutex *vma_private_list_mutex; |
3628 | }; |
3629 | |
3630 | struct mlx5_ib_ucontext { |
3631 | @@ -129,6 +131,8 @@ struct mlx5_ib_ucontext { |
3632 | /* Transport Domain number */ |
3633 | u32 tdn; |
3634 | struct list_head vma_private_list; |
3635 | + /* protect vma_private_list add/del */ |
3636 | + struct mutex vma_private_list_mutex; |
3637 | |
3638 | unsigned long upd_xlt_page; |
3639 | /* protect ODP/KSM */ |
3640 | diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c |
3641 | index d7b53d53c116..72d6ffbfd638 100644 |
3642 | --- a/drivers/net/dsa/bcm_sf2.c |
3643 | +++ b/drivers/net/dsa/bcm_sf2.c |
3644 | @@ -167,7 +167,7 @@ static void bcm_sf2_gphy_enable_set(struct dsa_switch *ds, bool enable) |
3645 | reg = reg_readl(priv, REG_SPHY_CNTRL); |
3646 | if (enable) { |
3647 | reg |= PHY_RESET; |
3648 | - reg &= ~(EXT_PWR_DOWN | IDDQ_BIAS | CK25_DIS); |
3649 | + reg &= ~(EXT_PWR_DOWN | IDDQ_BIAS | IDDQ_GLOBAL_PWR | CK25_DIS); |
3650 | reg_writel(priv, reg, REG_SPHY_CNTRL); |
3651 | udelay(21); |
3652 | reg = reg_readl(priv, REG_SPHY_CNTRL); |
3653 | diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.c b/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
3654 | index dc5de275352a..aa764c5e3c6b 100644 |
3655 | --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
3656 | +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.c |
3657 | @@ -1875,7 +1875,7 @@ static int bnxt_poll_work(struct bnxt *bp, struct bnxt_napi *bnapi, int budget) |
3658 | * here forever if we consistently cannot allocate |
3659 | * buffers. |
3660 | */ |
3661 | - else if (rc == -ENOMEM) |
3662 | + else if (rc == -ENOMEM && budget) |
3663 | rx_pkts++; |
3664 | else if (rc == -EBUSY) /* partial completion */ |
3665 | break; |
3666 | @@ -1961,7 +1961,7 @@ static int bnxt_poll_nitroa0(struct napi_struct *napi, int budget) |
3667 | cpu_to_le32(RX_CMPL_ERRORS_CRC_ERROR); |
3668 | |
3669 | rc = bnxt_rx_pkt(bp, bnapi, &raw_cons, &event); |
3670 | - if (likely(rc == -EIO)) |
3671 | + if (likely(rc == -EIO) && budget) |
3672 | rx_pkts++; |
3673 | else if (rc == -EBUSY) /* partial completion */ |
3674 | break; |
3675 | diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c |
3676 | index 656e6af70f0a..aef3fcf2f5b9 100644 |
3677 | --- a/drivers/net/ethernet/broadcom/tg3.c |
3678 | +++ b/drivers/net/ethernet/broadcom/tg3.c |
3679 | @@ -14227,7 +14227,9 @@ static int tg3_change_mtu(struct net_device *dev, int new_mtu) |
3680 | /* Reset PHY, otherwise the read DMA engine will be in a mode that |
3681 | * breaks all requests to 256 bytes. |
3682 | */ |
3683 | - if (tg3_asic_rev(tp) == ASIC_REV_57766) |
3684 | + if (tg3_asic_rev(tp) == ASIC_REV_57766 || |
3685 | + tg3_asic_rev(tp) == ASIC_REV_5717 || |
3686 | + tg3_asic_rev(tp) == ASIC_REV_5719) |
3687 | reset_phy = true; |
3688 | |
3689 | err = tg3_restart_hw(tp, reset_phy); |
3690 | diff --git a/drivers/net/ethernet/freescale/fec_main.c b/drivers/net/ethernet/freescale/fec_main.c |
3691 | index 3dc2d771a222..faf7cdc97ebf 100644 |
3692 | --- a/drivers/net/ethernet/freescale/fec_main.c |
3693 | +++ b/drivers/net/ethernet/freescale/fec_main.c |
3694 | @@ -818,6 +818,12 @@ static void fec_enet_bd_init(struct net_device *dev) |
3695 | for (i = 0; i < txq->bd.ring_size; i++) { |
3696 | /* Initialize the BD for every fragment in the page. */ |
3697 | bdp->cbd_sc = cpu_to_fec16(0); |
3698 | + if (bdp->cbd_bufaddr && |
3699 | + !IS_TSO_HEADER(txq, fec32_to_cpu(bdp->cbd_bufaddr))) |
3700 | + dma_unmap_single(&fep->pdev->dev, |
3701 | + fec32_to_cpu(bdp->cbd_bufaddr), |
3702 | + fec16_to_cpu(bdp->cbd_datlen), |
3703 | + DMA_TO_DEVICE); |
3704 | if (txq->tx_skbuff[i]) { |
3705 | dev_kfree_skb_any(txq->tx_skbuff[i]); |
3706 | txq->tx_skbuff[i] = NULL; |
3707 | diff --git a/drivers/net/ethernet/marvell/mvmdio.c b/drivers/net/ethernet/marvell/mvmdio.c |
3708 | index c9798210fa0f..0495487f7b42 100644 |
3709 | --- a/drivers/net/ethernet/marvell/mvmdio.c |
3710 | +++ b/drivers/net/ethernet/marvell/mvmdio.c |
3711 | @@ -344,7 +344,8 @@ static int orion_mdio_probe(struct platform_device *pdev) |
3712 | dev->regs + MVMDIO_ERR_INT_MASK); |
3713 | |
3714 | } else if (dev->err_interrupt == -EPROBE_DEFER) { |
3715 | - return -EPROBE_DEFER; |
3716 | + ret = -EPROBE_DEFER; |
3717 | + goto out_mdio; |
3718 | } |
3719 | |
3720 | if (pdev->dev.of_node) |
3721 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c |
3722 | index 1fffdebbc9e8..e9a1fbcc4adf 100644 |
3723 | --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c |
3724 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c |
3725 | @@ -362,7 +362,7 @@ static int mlx5_internal_err_ret_value(struct mlx5_core_dev *dev, u16 op, |
3726 | case MLX5_CMD_OP_QUERY_VPORT_COUNTER: |
3727 | case MLX5_CMD_OP_ALLOC_Q_COUNTER: |
3728 | case MLX5_CMD_OP_QUERY_Q_COUNTER: |
3729 | - case MLX5_CMD_OP_SET_RATE_LIMIT: |
3730 | + case MLX5_CMD_OP_SET_PP_RATE_LIMIT: |
3731 | case MLX5_CMD_OP_QUERY_RATE_LIMIT: |
3732 | case MLX5_CMD_OP_CREATE_SCHEDULING_ELEMENT: |
3733 | case MLX5_CMD_OP_QUERY_SCHEDULING_ELEMENT: |
3734 | @@ -505,7 +505,7 @@ const char *mlx5_command_str(int command) |
3735 | MLX5_COMMAND_STR_CASE(ALLOC_Q_COUNTER); |
3736 | MLX5_COMMAND_STR_CASE(DEALLOC_Q_COUNTER); |
3737 | MLX5_COMMAND_STR_CASE(QUERY_Q_COUNTER); |
3738 | - MLX5_COMMAND_STR_CASE(SET_RATE_LIMIT); |
3739 | + MLX5_COMMAND_STR_CASE(SET_PP_RATE_LIMIT); |
3740 | MLX5_COMMAND_STR_CASE(QUERY_RATE_LIMIT); |
3741 | MLX5_COMMAND_STR_CASE(CREATE_SCHEDULING_ELEMENT); |
3742 | MLX5_COMMAND_STR_CASE(DESTROY_SCHEDULING_ELEMENT); |
3743 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en.h b/drivers/net/ethernet/mellanox/mlx5/core/en.h |
3744 | index 13b5ef9d8703..5fa071620104 100644 |
3745 | --- a/drivers/net/ethernet/mellanox/mlx5/core/en.h |
3746 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/en.h |
3747 | @@ -590,6 +590,7 @@ struct mlx5e_channel { |
3748 | struct mlx5_core_dev *mdev; |
3749 | struct mlx5e_tstamp *tstamp; |
3750 | int ix; |
3751 | + int cpu; |
3752 | }; |
3753 | |
3754 | struct mlx5e_channels { |
3755 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
3756 | index cc11bbbd0309..3cdb932cae76 100644 |
3757 | --- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
3758 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c |
3759 | @@ -71,11 +71,6 @@ struct mlx5e_channel_param { |
3760 | struct mlx5e_cq_param icosq_cq; |
3761 | }; |
3762 | |
3763 | -static int mlx5e_get_node(struct mlx5e_priv *priv, int ix) |
3764 | -{ |
3765 | - return pci_irq_get_node(priv->mdev->pdev, MLX5_EQ_VEC_COMP_BASE + ix); |
3766 | -} |
3767 | - |
3768 | static bool mlx5e_check_fragmented_striding_rq_cap(struct mlx5_core_dev *mdev) |
3769 | { |
3770 | return MLX5_CAP_GEN(mdev, striding_rq) && |
3771 | @@ -452,17 +447,16 @@ static int mlx5e_rq_alloc_mpwqe_info(struct mlx5e_rq *rq, |
3772 | int wq_sz = mlx5_wq_ll_get_size(&rq->wq); |
3773 | int mtt_sz = mlx5e_get_wqe_mtt_sz(); |
3774 | int mtt_alloc = mtt_sz + MLX5_UMR_ALIGN - 1; |
3775 | - int node = mlx5e_get_node(c->priv, c->ix); |
3776 | int i; |
3777 | |
3778 | rq->mpwqe.info = kzalloc_node(wq_sz * sizeof(*rq->mpwqe.info), |
3779 | - GFP_KERNEL, node); |
3780 | + GFP_KERNEL, cpu_to_node(c->cpu)); |
3781 | if (!rq->mpwqe.info) |
3782 | goto err_out; |
3783 | |
3784 | /* We allocate more than mtt_sz as we will align the pointer */ |
3785 | - rq->mpwqe.mtt_no_align = kzalloc_node(mtt_alloc * wq_sz, |
3786 | - GFP_KERNEL, node); |
3787 | + rq->mpwqe.mtt_no_align = kzalloc_node(mtt_alloc * wq_sz, GFP_KERNEL, |
3788 | + cpu_to_node(c->cpu)); |
3789 | if (unlikely(!rq->mpwqe.mtt_no_align)) |
3790 | goto err_free_wqe_info; |
3791 | |
3792 | @@ -570,7 +564,7 @@ static int mlx5e_alloc_rq(struct mlx5e_channel *c, |
3793 | int err; |
3794 | int i; |
3795 | |
3796 | - rqp->wq.db_numa_node = mlx5e_get_node(c->priv, c->ix); |
3797 | + rqp->wq.db_numa_node = cpu_to_node(c->cpu); |
3798 | |
3799 | err = mlx5_wq_ll_create(mdev, &rqp->wq, rqc_wq, &rq->wq, |
3800 | &rq->wq_ctrl); |
3801 | @@ -636,8 +630,7 @@ static int mlx5e_alloc_rq(struct mlx5e_channel *c, |
3802 | default: /* MLX5_WQ_TYPE_LINKED_LIST */ |
3803 | rq->wqe.frag_info = |
3804 | kzalloc_node(wq_sz * sizeof(*rq->wqe.frag_info), |
3805 | - GFP_KERNEL, |
3806 | - mlx5e_get_node(c->priv, c->ix)); |
3807 | + GFP_KERNEL, cpu_to_node(c->cpu)); |
3808 | if (!rq->wqe.frag_info) { |
3809 | err = -ENOMEM; |
3810 | goto err_rq_wq_destroy; |
3811 | @@ -1007,13 +1000,13 @@ static int mlx5e_alloc_xdpsq(struct mlx5e_channel *c, |
3812 | sq->uar_map = mdev->mlx5e_res.bfreg.map; |
3813 | sq->min_inline_mode = params->tx_min_inline_mode; |
3814 | |
3815 | - param->wq.db_numa_node = mlx5e_get_node(c->priv, c->ix); |
3816 | + param->wq.db_numa_node = cpu_to_node(c->cpu); |
3817 | err = mlx5_wq_cyc_create(mdev, ¶m->wq, sqc_wq, &sq->wq, &sq->wq_ctrl); |
3818 | if (err) |
3819 | return err; |
3820 | sq->wq.db = &sq->wq.db[MLX5_SND_DBR]; |
3821 | |
3822 | - err = mlx5e_alloc_xdpsq_db(sq, mlx5e_get_node(c->priv, c->ix)); |
3823 | + err = mlx5e_alloc_xdpsq_db(sq, cpu_to_node(c->cpu)); |
3824 | if (err) |
3825 | goto err_sq_wq_destroy; |
3826 | |
3827 | @@ -1060,13 +1053,13 @@ static int mlx5e_alloc_icosq(struct mlx5e_channel *c, |
3828 | sq->channel = c; |
3829 | sq->uar_map = mdev->mlx5e_res.bfreg.map; |
3830 | |
3831 | - param->wq.db_numa_node = mlx5e_get_node(c->priv, c->ix); |
3832 | + param->wq.db_numa_node = cpu_to_node(c->cpu); |
3833 | err = mlx5_wq_cyc_create(mdev, ¶m->wq, sqc_wq, &sq->wq, &sq->wq_ctrl); |
3834 | if (err) |
3835 | return err; |
3836 | sq->wq.db = &sq->wq.db[MLX5_SND_DBR]; |
3837 | |
3838 | - err = mlx5e_alloc_icosq_db(sq, mlx5e_get_node(c->priv, c->ix)); |
3839 | + err = mlx5e_alloc_icosq_db(sq, cpu_to_node(c->cpu)); |
3840 | if (err) |
3841 | goto err_sq_wq_destroy; |
3842 | |
3843 | @@ -1132,13 +1125,13 @@ static int mlx5e_alloc_txqsq(struct mlx5e_channel *c, |
3844 | if (MLX5_IPSEC_DEV(c->priv->mdev)) |
3845 | set_bit(MLX5E_SQ_STATE_IPSEC, &sq->state); |
3846 | |
3847 | - param->wq.db_numa_node = mlx5e_get_node(c->priv, c->ix); |
3848 | + param->wq.db_numa_node = cpu_to_node(c->cpu); |
3849 | err = mlx5_wq_cyc_create(mdev, ¶m->wq, sqc_wq, &sq->wq, &sq->wq_ctrl); |
3850 | if (err) |
3851 | return err; |
3852 | sq->wq.db = &sq->wq.db[MLX5_SND_DBR]; |
3853 | |
3854 | - err = mlx5e_alloc_txqsq_db(sq, mlx5e_get_node(c->priv, c->ix)); |
3855 | + err = mlx5e_alloc_txqsq_db(sq, cpu_to_node(c->cpu)); |
3856 | if (err) |
3857 | goto err_sq_wq_destroy; |
3858 | |
3859 | @@ -1510,8 +1503,8 @@ static int mlx5e_alloc_cq(struct mlx5e_channel *c, |
3860 | struct mlx5_core_dev *mdev = c->priv->mdev; |
3861 | int err; |
3862 | |
3863 | - param->wq.buf_numa_node = mlx5e_get_node(c->priv, c->ix); |
3864 | - param->wq.db_numa_node = mlx5e_get_node(c->priv, c->ix); |
3865 | + param->wq.buf_numa_node = cpu_to_node(c->cpu); |
3866 | + param->wq.db_numa_node = cpu_to_node(c->cpu); |
3867 | param->eq_ix = c->ix; |
3868 | |
3869 | err = mlx5e_alloc_cq_common(mdev, param, cq); |
3870 | @@ -1610,6 +1603,11 @@ static void mlx5e_close_cq(struct mlx5e_cq *cq) |
3871 | mlx5e_free_cq(cq); |
3872 | } |
3873 | |
3874 | +static int mlx5e_get_cpu(struct mlx5e_priv *priv, int ix) |
3875 | +{ |
3876 | + return cpumask_first(priv->mdev->priv.irq_info[ix].mask); |
3877 | +} |
3878 | + |
3879 | static int mlx5e_open_tx_cqs(struct mlx5e_channel *c, |
3880 | struct mlx5e_params *params, |
3881 | struct mlx5e_channel_param *cparam) |
3882 | @@ -1758,12 +1756,13 @@ static int mlx5e_open_channel(struct mlx5e_priv *priv, int ix, |
3883 | { |
3884 | struct mlx5e_cq_moder icocq_moder = {0, 0}; |
3885 | struct net_device *netdev = priv->netdev; |
3886 | + int cpu = mlx5e_get_cpu(priv, ix); |
3887 | struct mlx5e_channel *c; |
3888 | unsigned int irq; |
3889 | int err; |
3890 | int eqn; |
3891 | |
3892 | - c = kzalloc_node(sizeof(*c), GFP_KERNEL, mlx5e_get_node(priv, ix)); |
3893 | + c = kzalloc_node(sizeof(*c), GFP_KERNEL, cpu_to_node(cpu)); |
3894 | if (!c) |
3895 | return -ENOMEM; |
3896 | |
3897 | @@ -1771,6 +1770,7 @@ static int mlx5e_open_channel(struct mlx5e_priv *priv, int ix, |
3898 | c->mdev = priv->mdev; |
3899 | c->tstamp = &priv->tstamp; |
3900 | c->ix = ix; |
3901 | + c->cpu = cpu; |
3902 | c->pdev = &priv->mdev->pdev->dev; |
3903 | c->netdev = priv->netdev; |
3904 | c->mkey_be = cpu_to_be32(priv->mdev->mlx5e_res.mkey.key); |
3905 | @@ -1859,8 +1859,7 @@ static void mlx5e_activate_channel(struct mlx5e_channel *c) |
3906 | for (tc = 0; tc < c->num_tc; tc++) |
3907 | mlx5e_activate_txqsq(&c->sq[tc]); |
3908 | mlx5e_activate_rq(&c->rq); |
3909 | - netif_set_xps_queue(c->netdev, |
3910 | - mlx5_get_vector_affinity(c->priv->mdev, c->ix), c->ix); |
3911 | + netif_set_xps_queue(c->netdev, get_cpu_mask(c->cpu), c->ix); |
3912 | } |
3913 | |
3914 | static void mlx5e_deactivate_channel(struct mlx5e_channel *c) |
3915 | @@ -3554,6 +3553,7 @@ static netdev_features_t mlx5e_tunnel_features_check(struct mlx5e_priv *priv, |
3916 | struct sk_buff *skb, |
3917 | netdev_features_t features) |
3918 | { |
3919 | + unsigned int offset = 0; |
3920 | struct udphdr *udph; |
3921 | u8 proto; |
3922 | u16 port; |
3923 | @@ -3563,7 +3563,7 @@ static netdev_features_t mlx5e_tunnel_features_check(struct mlx5e_priv *priv, |
3924 | proto = ip_hdr(skb)->protocol; |
3925 | break; |
3926 | case htons(ETH_P_IPV6): |
3927 | - proto = ipv6_hdr(skb)->nexthdr; |
3928 | + proto = ipv6_find_hdr(skb, &offset, -1, NULL, NULL); |
3929 | break; |
3930 | default: |
3931 | goto out; |
3932 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/fpga/sdk.c b/drivers/net/ethernet/mellanox/mlx5/core/fpga/sdk.c |
3933 | index 3c11d6e2160a..14962969c5ba 100644 |
3934 | --- a/drivers/net/ethernet/mellanox/mlx5/core/fpga/sdk.c |
3935 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/fpga/sdk.c |
3936 | @@ -66,6 +66,9 @@ static int mlx5_fpga_mem_read_i2c(struct mlx5_fpga_device *fdev, size_t size, |
3937 | u8 actual_size; |
3938 | int err; |
3939 | |
3940 | + if (!size) |
3941 | + return -EINVAL; |
3942 | + |
3943 | if (!fdev->mdev) |
3944 | return -ENOTCONN; |
3945 | |
3946 | @@ -95,6 +98,9 @@ static int mlx5_fpga_mem_write_i2c(struct mlx5_fpga_device *fdev, size_t size, |
3947 | u8 actual_size; |
3948 | int err; |
3949 | |
3950 | + if (!size) |
3951 | + return -EINVAL; |
3952 | + |
3953 | if (!fdev->mdev) |
3954 | return -ENOTCONN; |
3955 | |
3956 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c |
3957 | index 06562c9a6b9c..8bfc37e4ec87 100644 |
3958 | --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c |
3959 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c |
3960 | @@ -316,9 +316,6 @@ static int mlx5_alloc_irq_vectors(struct mlx5_core_dev *dev) |
3961 | { |
3962 | struct mlx5_priv *priv = &dev->priv; |
3963 | struct mlx5_eq_table *table = &priv->eq_table; |
3964 | - struct irq_affinity irqdesc = { |
3965 | - .pre_vectors = MLX5_EQ_VEC_COMP_BASE, |
3966 | - }; |
3967 | int num_eqs = 1 << MLX5_CAP_GEN(dev, log_max_eq); |
3968 | int nvec; |
3969 | |
3970 | @@ -332,10 +329,9 @@ static int mlx5_alloc_irq_vectors(struct mlx5_core_dev *dev) |
3971 | if (!priv->irq_info) |
3972 | goto err_free_msix; |
3973 | |
3974 | - nvec = pci_alloc_irq_vectors_affinity(dev->pdev, |
3975 | + nvec = pci_alloc_irq_vectors(dev->pdev, |
3976 | MLX5_EQ_VEC_COMP_BASE + 1, nvec, |
3977 | - PCI_IRQ_MSIX | PCI_IRQ_AFFINITY, |
3978 | - &irqdesc); |
3979 | + PCI_IRQ_MSIX); |
3980 | if (nvec < 0) |
3981 | return nvec; |
3982 | |
3983 | @@ -621,6 +617,63 @@ u64 mlx5_read_internal_timer(struct mlx5_core_dev *dev) |
3984 | return (u64)timer_l | (u64)timer_h1 << 32; |
3985 | } |
3986 | |
3987 | +static int mlx5_irq_set_affinity_hint(struct mlx5_core_dev *mdev, int i) |
3988 | +{ |
3989 | + struct mlx5_priv *priv = &mdev->priv; |
3990 | + int irq = pci_irq_vector(mdev->pdev, MLX5_EQ_VEC_COMP_BASE + i); |
3991 | + |
3992 | + if (!zalloc_cpumask_var(&priv->irq_info[i].mask, GFP_KERNEL)) { |
3993 | + mlx5_core_warn(mdev, "zalloc_cpumask_var failed"); |
3994 | + return -ENOMEM; |
3995 | + } |
3996 | + |
3997 | + cpumask_set_cpu(cpumask_local_spread(i, priv->numa_node), |
3998 | + priv->irq_info[i].mask); |
3999 | + |
4000 | + if (IS_ENABLED(CONFIG_SMP) && |
4001 | + irq_set_affinity_hint(irq, priv->irq_info[i].mask)) |
4002 | + mlx5_core_warn(mdev, "irq_set_affinity_hint failed, irq 0x%.4x", irq); |
4003 | + |
4004 | + return 0; |
4005 | +} |
4006 | + |
4007 | +static void mlx5_irq_clear_affinity_hint(struct mlx5_core_dev *mdev, int i) |
4008 | +{ |
4009 | + struct mlx5_priv *priv = &mdev->priv; |
4010 | + int irq = pci_irq_vector(mdev->pdev, MLX5_EQ_VEC_COMP_BASE + i); |
4011 | + |
4012 | + irq_set_affinity_hint(irq, NULL); |
4013 | + free_cpumask_var(priv->irq_info[i].mask); |
4014 | +} |
4015 | + |
4016 | +static int mlx5_irq_set_affinity_hints(struct mlx5_core_dev *mdev) |
4017 | +{ |
4018 | + int err; |
4019 | + int i; |
4020 | + |
4021 | + for (i = 0; i < mdev->priv.eq_table.num_comp_vectors; i++) { |
4022 | + err = mlx5_irq_set_affinity_hint(mdev, i); |
4023 | + if (err) |
4024 | + goto err_out; |
4025 | + } |
4026 | + |
4027 | + return 0; |
4028 | + |
4029 | +err_out: |
4030 | + for (i--; i >= 0; i--) |
4031 | + mlx5_irq_clear_affinity_hint(mdev, i); |
4032 | + |
4033 | + return err; |
4034 | +} |
4035 | + |
4036 | +static void mlx5_irq_clear_affinity_hints(struct mlx5_core_dev *mdev) |
4037 | +{ |
4038 | + int i; |
4039 | + |
4040 | + for (i = 0; i < mdev->priv.eq_table.num_comp_vectors; i++) |
4041 | + mlx5_irq_clear_affinity_hint(mdev, i); |
4042 | +} |
4043 | + |
4044 | int mlx5_vector2eqn(struct mlx5_core_dev *dev, int vector, int *eqn, |
4045 | unsigned int *irqn) |
4046 | { |
4047 | @@ -1093,6 +1146,12 @@ static int mlx5_load_one(struct mlx5_core_dev *dev, struct mlx5_priv *priv, |
4048 | goto err_stop_eqs; |
4049 | } |
4050 | |
4051 | + err = mlx5_irq_set_affinity_hints(dev); |
4052 | + if (err) { |
4053 | + dev_err(&pdev->dev, "Failed to alloc affinity hint cpumask\n"); |
4054 | + goto err_affinity_hints; |
4055 | + } |
4056 | + |
4057 | err = mlx5_init_fs(dev); |
4058 | if (err) { |
4059 | dev_err(&pdev->dev, "Failed to init flow steering\n"); |
4060 | @@ -1150,6 +1209,9 @@ static int mlx5_load_one(struct mlx5_core_dev *dev, struct mlx5_priv *priv, |
4061 | mlx5_cleanup_fs(dev); |
4062 | |
4063 | err_fs: |
4064 | + mlx5_irq_clear_affinity_hints(dev); |
4065 | + |
4066 | +err_affinity_hints: |
4067 | free_comp_eqs(dev); |
4068 | |
4069 | err_stop_eqs: |
4070 | @@ -1218,6 +1280,7 @@ static int mlx5_unload_one(struct mlx5_core_dev *dev, struct mlx5_priv *priv, |
4071 | |
4072 | mlx5_sriov_detach(dev); |
4073 | mlx5_cleanup_fs(dev); |
4074 | + mlx5_irq_clear_affinity_hints(dev); |
4075 | free_comp_eqs(dev); |
4076 | mlx5_stop_eqs(dev); |
4077 | mlx5_put_uars_page(dev, priv->uar); |
4078 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/qp.c b/drivers/net/ethernet/mellanox/mlx5/core/qp.c |
4079 | index db9e665ab104..889130edb715 100644 |
4080 | --- a/drivers/net/ethernet/mellanox/mlx5/core/qp.c |
4081 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/qp.c |
4082 | @@ -213,8 +213,8 @@ int mlx5_core_create_qp(struct mlx5_core_dev *dev, |
4083 | err_cmd: |
4084 | memset(din, 0, sizeof(din)); |
4085 | memset(dout, 0, sizeof(dout)); |
4086 | - MLX5_SET(destroy_qp_in, in, opcode, MLX5_CMD_OP_DESTROY_QP); |
4087 | - MLX5_SET(destroy_qp_in, in, qpn, qp->qpn); |
4088 | + MLX5_SET(destroy_qp_in, din, opcode, MLX5_CMD_OP_DESTROY_QP); |
4089 | + MLX5_SET(destroy_qp_in, din, qpn, qp->qpn); |
4090 | mlx5_cmd_exec(dev, din, sizeof(din), dout, sizeof(dout)); |
4091 | return err; |
4092 | } |
4093 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/rl.c b/drivers/net/ethernet/mellanox/mlx5/core/rl.c |
4094 | index e651e4c02867..d3c33e9eea72 100644 |
4095 | --- a/drivers/net/ethernet/mellanox/mlx5/core/rl.c |
4096 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/rl.c |
4097 | @@ -125,16 +125,16 @@ static struct mlx5_rl_entry *find_rl_entry(struct mlx5_rl_table *table, |
4098 | return ret_entry; |
4099 | } |
4100 | |
4101 | -static int mlx5_set_rate_limit_cmd(struct mlx5_core_dev *dev, |
4102 | +static int mlx5_set_pp_rate_limit_cmd(struct mlx5_core_dev *dev, |
4103 | u32 rate, u16 index) |
4104 | { |
4105 | - u32 in[MLX5_ST_SZ_DW(set_rate_limit_in)] = {0}; |
4106 | - u32 out[MLX5_ST_SZ_DW(set_rate_limit_out)] = {0}; |
4107 | + u32 in[MLX5_ST_SZ_DW(set_pp_rate_limit_in)] = {0}; |
4108 | + u32 out[MLX5_ST_SZ_DW(set_pp_rate_limit_out)] = {0}; |
4109 | |
4110 | - MLX5_SET(set_rate_limit_in, in, opcode, |
4111 | - MLX5_CMD_OP_SET_RATE_LIMIT); |
4112 | - MLX5_SET(set_rate_limit_in, in, rate_limit_index, index); |
4113 | - MLX5_SET(set_rate_limit_in, in, rate_limit, rate); |
4114 | + MLX5_SET(set_pp_rate_limit_in, in, opcode, |
4115 | + MLX5_CMD_OP_SET_PP_RATE_LIMIT); |
4116 | + MLX5_SET(set_pp_rate_limit_in, in, rate_limit_index, index); |
4117 | + MLX5_SET(set_pp_rate_limit_in, in, rate_limit, rate); |
4118 | return mlx5_cmd_exec(dev, in, sizeof(in), out, sizeof(out)); |
4119 | } |
4120 | |
4121 | @@ -173,7 +173,7 @@ int mlx5_rl_add_rate(struct mlx5_core_dev *dev, u32 rate, u16 *index) |
4122 | entry->refcount++; |
4123 | } else { |
4124 | /* new rate limit */ |
4125 | - err = mlx5_set_rate_limit_cmd(dev, rate, entry->index); |
4126 | + err = mlx5_set_pp_rate_limit_cmd(dev, rate, entry->index); |
4127 | if (err) { |
4128 | mlx5_core_err(dev, "Failed configuring rate: %u (%d)\n", |
4129 | rate, err); |
4130 | @@ -209,7 +209,7 @@ void mlx5_rl_remove_rate(struct mlx5_core_dev *dev, u32 rate) |
4131 | entry->refcount--; |
4132 | if (!entry->refcount) { |
4133 | /* need to remove rate */ |
4134 | - mlx5_set_rate_limit_cmd(dev, 0, entry->index); |
4135 | + mlx5_set_pp_rate_limit_cmd(dev, 0, entry->index); |
4136 | entry->rate = 0; |
4137 | } |
4138 | |
4139 | @@ -262,8 +262,8 @@ void mlx5_cleanup_rl_table(struct mlx5_core_dev *dev) |
4140 | /* Clear all configured rates */ |
4141 | for (i = 0; i < table->max_size; i++) |
4142 | if (table->rl_entry[i].rate) |
4143 | - mlx5_set_rate_limit_cmd(dev, 0, |
4144 | - table->rl_entry[i].index); |
4145 | + mlx5_set_pp_rate_limit_cmd(dev, 0, |
4146 | + table->rl_entry[i].index); |
4147 | |
4148 | kfree(dev->priv.rl_table.rl_entry); |
4149 | } |
4150 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vxlan.c b/drivers/net/ethernet/mellanox/mlx5/core/vxlan.c |
4151 | index 07a9ba6cfc70..2f74953e4561 100644 |
4152 | --- a/drivers/net/ethernet/mellanox/mlx5/core/vxlan.c |
4153 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/vxlan.c |
4154 | @@ -71,9 +71,9 @@ struct mlx5e_vxlan *mlx5e_vxlan_lookup_port(struct mlx5e_priv *priv, u16 port) |
4155 | struct mlx5e_vxlan_db *vxlan_db = &priv->vxlan; |
4156 | struct mlx5e_vxlan *vxlan; |
4157 | |
4158 | - spin_lock(&vxlan_db->lock); |
4159 | + spin_lock_bh(&vxlan_db->lock); |
4160 | vxlan = radix_tree_lookup(&vxlan_db->tree, port); |
4161 | - spin_unlock(&vxlan_db->lock); |
4162 | + spin_unlock_bh(&vxlan_db->lock); |
4163 | |
4164 | return vxlan; |
4165 | } |
4166 | @@ -88,8 +88,12 @@ static void mlx5e_vxlan_add_port(struct work_struct *work) |
4167 | struct mlx5e_vxlan *vxlan; |
4168 | int err; |
4169 | |
4170 | - if (mlx5e_vxlan_lookup_port(priv, port)) |
4171 | + mutex_lock(&priv->state_lock); |
4172 | + vxlan = mlx5e_vxlan_lookup_port(priv, port); |
4173 | + if (vxlan) { |
4174 | + atomic_inc(&vxlan->refcount); |
4175 | goto free_work; |
4176 | + } |
4177 | |
4178 | if (mlx5e_vxlan_core_add_port_cmd(priv->mdev, port)) |
4179 | goto free_work; |
4180 | @@ -99,10 +103,11 @@ static void mlx5e_vxlan_add_port(struct work_struct *work) |
4181 | goto err_delete_port; |
4182 | |
4183 | vxlan->udp_port = port; |
4184 | + atomic_set(&vxlan->refcount, 1); |
4185 | |
4186 | - spin_lock_irq(&vxlan_db->lock); |
4187 | + spin_lock_bh(&vxlan_db->lock); |
4188 | err = radix_tree_insert(&vxlan_db->tree, vxlan->udp_port, vxlan); |
4189 | - spin_unlock_irq(&vxlan_db->lock); |
4190 | + spin_unlock_bh(&vxlan_db->lock); |
4191 | if (err) |
4192 | goto err_free; |
4193 | |
4194 | @@ -113,35 +118,39 @@ static void mlx5e_vxlan_add_port(struct work_struct *work) |
4195 | err_delete_port: |
4196 | mlx5e_vxlan_core_del_port_cmd(priv->mdev, port); |
4197 | free_work: |
4198 | + mutex_unlock(&priv->state_lock); |
4199 | kfree(vxlan_work); |
4200 | } |
4201 | |
4202 | -static void __mlx5e_vxlan_core_del_port(struct mlx5e_priv *priv, u16 port) |
4203 | +static void mlx5e_vxlan_del_port(struct work_struct *work) |
4204 | { |
4205 | + struct mlx5e_vxlan_work *vxlan_work = |
4206 | + container_of(work, struct mlx5e_vxlan_work, work); |
4207 | + struct mlx5e_priv *priv = vxlan_work->priv; |
4208 | struct mlx5e_vxlan_db *vxlan_db = &priv->vxlan; |
4209 | + u16 port = vxlan_work->port; |
4210 | struct mlx5e_vxlan *vxlan; |
4211 | + bool remove = false; |
4212 | |
4213 | - spin_lock_irq(&vxlan_db->lock); |
4214 | - vxlan = radix_tree_delete(&vxlan_db->tree, port); |
4215 | - spin_unlock_irq(&vxlan_db->lock); |
4216 | - |
4217 | + mutex_lock(&priv->state_lock); |
4218 | + spin_lock_bh(&vxlan_db->lock); |
4219 | + vxlan = radix_tree_lookup(&vxlan_db->tree, port); |
4220 | if (!vxlan) |
4221 | - return; |
4222 | - |
4223 | - mlx5e_vxlan_core_del_port_cmd(priv->mdev, vxlan->udp_port); |
4224 | - |
4225 | - kfree(vxlan); |
4226 | -} |
4227 | + goto out_unlock; |
4228 | |
4229 | -static void mlx5e_vxlan_del_port(struct work_struct *work) |
4230 | -{ |
4231 | - struct mlx5e_vxlan_work *vxlan_work = |
4232 | - container_of(work, struct mlx5e_vxlan_work, work); |
4233 | - struct mlx5e_priv *priv = vxlan_work->priv; |
4234 | - u16 port = vxlan_work->port; |
4235 | + if (atomic_dec_and_test(&vxlan->refcount)) { |
4236 | + radix_tree_delete(&vxlan_db->tree, port); |
4237 | + remove = true; |
4238 | + } |
4239 | |
4240 | - __mlx5e_vxlan_core_del_port(priv, port); |
4241 | +out_unlock: |
4242 | + spin_unlock_bh(&vxlan_db->lock); |
4243 | |
4244 | + if (remove) { |
4245 | + mlx5e_vxlan_core_del_port_cmd(priv->mdev, port); |
4246 | + kfree(vxlan); |
4247 | + } |
4248 | + mutex_unlock(&priv->state_lock); |
4249 | kfree(vxlan_work); |
4250 | } |
4251 | |
4252 | @@ -171,12 +180,11 @@ void mlx5e_vxlan_cleanup(struct mlx5e_priv *priv) |
4253 | struct mlx5e_vxlan *vxlan; |
4254 | unsigned int port = 0; |
4255 | |
4256 | - spin_lock_irq(&vxlan_db->lock); |
4257 | + /* Lockless since we are the only radix-tree consumers, wq is disabled */ |
4258 | while (radix_tree_gang_lookup(&vxlan_db->tree, (void **)&vxlan, port, 1)) { |
4259 | port = vxlan->udp_port; |
4260 | - spin_unlock_irq(&vxlan_db->lock); |
4261 | - __mlx5e_vxlan_core_del_port(priv, (u16)port); |
4262 | - spin_lock_irq(&vxlan_db->lock); |
4263 | + radix_tree_delete(&vxlan_db->tree, port); |
4264 | + mlx5e_vxlan_core_del_port_cmd(priv->mdev, port); |
4265 | + kfree(vxlan); |
4266 | } |
4267 | - spin_unlock_irq(&vxlan_db->lock); |
4268 | } |
4269 | diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vxlan.h b/drivers/net/ethernet/mellanox/mlx5/core/vxlan.h |
4270 | index 5def12c048e3..5ef6ae7d568a 100644 |
4271 | --- a/drivers/net/ethernet/mellanox/mlx5/core/vxlan.h |
4272 | +++ b/drivers/net/ethernet/mellanox/mlx5/core/vxlan.h |
4273 | @@ -36,6 +36,7 @@ |
4274 | #include "en.h" |
4275 | |
4276 | struct mlx5e_vxlan { |
4277 | + atomic_t refcount; |
4278 | u16 udp_port; |
4279 | }; |
4280 | |
4281 | diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c |
4282 | index db38880f54b4..3ead7439821c 100644 |
4283 | --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c |
4284 | +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c |
4285 | @@ -4164,6 +4164,7 @@ static int mlxsw_sp_port_stp_set(struct mlxsw_sp_port *mlxsw_sp_port, |
4286 | |
4287 | static int mlxsw_sp_port_ovs_join(struct mlxsw_sp_port *mlxsw_sp_port) |
4288 | { |
4289 | + u16 vid = 1; |
4290 | int err; |
4291 | |
4292 | err = mlxsw_sp_port_vp_mode_set(mlxsw_sp_port, true); |
4293 | @@ -4176,8 +4177,19 @@ static int mlxsw_sp_port_ovs_join(struct mlxsw_sp_port *mlxsw_sp_port) |
4294 | true, false); |
4295 | if (err) |
4296 | goto err_port_vlan_set; |
4297 | + |
4298 | + for (; vid <= VLAN_N_VID - 1; vid++) { |
4299 | + err = mlxsw_sp_port_vid_learning_set(mlxsw_sp_port, |
4300 | + vid, false); |
4301 | + if (err) |
4302 | + goto err_vid_learning_set; |
4303 | + } |
4304 | + |
4305 | return 0; |
4306 | |
4307 | +err_vid_learning_set: |
4308 | + for (vid--; vid >= 1; vid--) |
4309 | + mlxsw_sp_port_vid_learning_set(mlxsw_sp_port, vid, true); |
4310 | err_port_vlan_set: |
4311 | mlxsw_sp_port_stp_set(mlxsw_sp_port, false); |
4312 | err_port_stp_set: |
4313 | @@ -4187,6 +4199,12 @@ static int mlxsw_sp_port_ovs_join(struct mlxsw_sp_port *mlxsw_sp_port) |
4314 | |
4315 | static void mlxsw_sp_port_ovs_leave(struct mlxsw_sp_port *mlxsw_sp_port) |
4316 | { |
4317 | + u16 vid; |
4318 | + |
4319 | + for (vid = VLAN_N_VID - 1; vid >= 1; vid--) |
4320 | + mlxsw_sp_port_vid_learning_set(mlxsw_sp_port, |
4321 | + vid, true); |
4322 | + |
4323 | mlxsw_sp_port_vlan_set(mlxsw_sp_port, 2, VLAN_N_VID - 1, |
4324 | false, false); |
4325 | mlxsw_sp_port_stp_set(mlxsw_sp_port, false); |
4326 | diff --git a/drivers/net/ethernet/sfc/tx.c b/drivers/net/ethernet/sfc/tx.c |
4327 | index 32bf1fecf864..9b85cbd5a231 100644 |
4328 | --- a/drivers/net/ethernet/sfc/tx.c |
4329 | +++ b/drivers/net/ethernet/sfc/tx.c |
4330 | @@ -77,6 +77,7 @@ static void efx_dequeue_buffer(struct efx_tx_queue *tx_queue, |
4331 | } |
4332 | |
4333 | if (buffer->flags & EFX_TX_BUF_SKB) { |
4334 | + EFX_WARN_ON_PARANOID(!pkts_compl || !bytes_compl); |
4335 | (*pkts_compl)++; |
4336 | (*bytes_compl) += buffer->skb->len; |
4337 | dev_consume_skb_any((struct sk_buff *)buffer->skb); |
4338 | @@ -426,12 +427,14 @@ static int efx_tx_map_data(struct efx_tx_queue *tx_queue, struct sk_buff *skb, |
4339 | static void efx_enqueue_unwind(struct efx_tx_queue *tx_queue) |
4340 | { |
4341 | struct efx_tx_buffer *buffer; |
4342 | + unsigned int bytes_compl = 0; |
4343 | + unsigned int pkts_compl = 0; |
4344 | |
4345 | /* Work backwards until we hit the original insert pointer value */ |
4346 | while (tx_queue->insert_count != tx_queue->write_count) { |
4347 | --tx_queue->insert_count; |
4348 | buffer = __efx_tx_queue_get_insert_buffer(tx_queue); |
4349 | - efx_dequeue_buffer(tx_queue, buffer, NULL, NULL); |
4350 | + efx_dequeue_buffer(tx_queue, buffer, &pkts_compl, &bytes_compl); |
4351 | } |
4352 | } |
4353 | |
4354 | diff --git a/drivers/net/phy/marvell.c b/drivers/net/phy/marvell.c |
4355 | index 4d02b27df044..a3f456b91c99 100644 |
4356 | --- a/drivers/net/phy/marvell.c |
4357 | +++ b/drivers/net/phy/marvell.c |
4358 | @@ -2069,7 +2069,7 @@ static struct phy_driver marvell_drivers[] = { |
4359 | .flags = PHY_HAS_INTERRUPT, |
4360 | .probe = marvell_probe, |
4361 | .config_init = &m88e1145_config_init, |
4362 | - .config_aneg = &marvell_config_aneg, |
4363 | + .config_aneg = &m88e1101_config_aneg, |
4364 | .read_status = &genphy_read_status, |
4365 | .ack_interrupt = &marvell_ack_interrupt, |
4366 | .config_intr = &marvell_config_intr, |
4367 | diff --git a/drivers/net/phy/micrel.c b/drivers/net/phy/micrel.c |
4368 | index fdb43dd9b5cd..6c45ff650ec7 100644 |
4369 | --- a/drivers/net/phy/micrel.c |
4370 | +++ b/drivers/net/phy/micrel.c |
4371 | @@ -622,6 +622,7 @@ static int ksz9031_read_status(struct phy_device *phydev) |
4372 | phydev->link = 0; |
4373 | if (phydev->drv->config_intr && phy_interrupt_is_valid(phydev)) |
4374 | phydev->drv->config_intr(phydev); |
4375 | + return genphy_config_aneg(phydev); |
4376 | } |
4377 | |
4378 | return 0; |
4379 | diff --git a/drivers/net/phy/phylink.c b/drivers/net/phy/phylink.c |
4380 | index bcb4755bcd95..4b377b978a0b 100644 |
4381 | --- a/drivers/net/phy/phylink.c |
4382 | +++ b/drivers/net/phy/phylink.c |
4383 | @@ -525,6 +525,7 @@ struct phylink *phylink_create(struct net_device *ndev, struct device_node *np, |
4384 | pl->link_config.pause = MLO_PAUSE_AN; |
4385 | pl->link_config.speed = SPEED_UNKNOWN; |
4386 | pl->link_config.duplex = DUPLEX_UNKNOWN; |
4387 | + pl->link_config.an_enabled = true; |
4388 | pl->ops = ops; |
4389 | __set_bit(PHYLINK_DISABLE_STOPPED, &pl->phylink_disable_state); |
4390 | |
4391 | @@ -948,6 +949,7 @@ int phylink_ethtool_ksettings_set(struct phylink *pl, |
4392 | mutex_lock(&pl->state_mutex); |
4393 | /* Configure the MAC to match the new settings */ |
4394 | linkmode_copy(pl->link_config.advertising, our_kset.link_modes.advertising); |
4395 | + pl->link_config.interface = config.interface; |
4396 | pl->link_config.speed = our_kset.base.speed; |
4397 | pl->link_config.duplex = our_kset.base.duplex; |
4398 | pl->link_config.an_enabled = our_kset.base.autoneg != AUTONEG_DISABLE; |
4399 | diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c |
4400 | index 81394a4b2803..2092febfcb42 100644 |
4401 | --- a/drivers/net/usb/qmi_wwan.c |
4402 | +++ b/drivers/net/usb/qmi_wwan.c |
4403 | @@ -1204,6 +1204,7 @@ static const struct usb_device_id products[] = { |
4404 | {QMI_FIXED_INTF(0x1199, 0x9079, 10)}, /* Sierra Wireless EM74xx */ |
4405 | {QMI_FIXED_INTF(0x1199, 0x907b, 8)}, /* Sierra Wireless EM74xx */ |
4406 | {QMI_FIXED_INTF(0x1199, 0x907b, 10)}, /* Sierra Wireless EM74xx */ |
4407 | + {QMI_FIXED_INTF(0x1199, 0x9091, 8)}, /* Sierra Wireless EM7565 */ |
4408 | {QMI_FIXED_INTF(0x1bbb, 0x011e, 4)}, /* Telekom Speedstick LTE II (Alcatel One Touch L100V LTE) */ |
4409 | {QMI_FIXED_INTF(0x1bbb, 0x0203, 2)}, /* Alcatel L800MA */ |
4410 | {QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */ |
4411 | diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c |
4412 | index a2f4e52fadb5..9e9202b50e73 100644 |
4413 | --- a/drivers/net/vxlan.c |
4414 | +++ b/drivers/net/vxlan.c |
4415 | @@ -3105,6 +3105,11 @@ static void vxlan_config_apply(struct net_device *dev, |
4416 | |
4417 | max_mtu = lowerdev->mtu - (use_ipv6 ? VXLAN6_HEADROOM : |
4418 | VXLAN_HEADROOM); |
4419 | + if (max_mtu < ETH_MIN_MTU) |
4420 | + max_mtu = ETH_MIN_MTU; |
4421 | + |
4422 | + if (!changelink && !conf->mtu) |
4423 | + dev->mtu = max_mtu; |
4424 | } |
4425 | |
4426 | if (dev->mtu > max_mtu) |
4427 | diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c |
4428 | index 4307bf0013e1..63e916d4d069 100644 |
4429 | --- a/drivers/phy/tegra/xusb.c |
4430 | +++ b/drivers/phy/tegra/xusb.c |
4431 | @@ -75,14 +75,14 @@ MODULE_DEVICE_TABLE(of, tegra_xusb_padctl_of_match); |
4432 | static struct device_node * |
4433 | tegra_xusb_find_pad_node(struct tegra_xusb_padctl *padctl, const char *name) |
4434 | { |
4435 | - /* |
4436 | - * of_find_node_by_name() drops a reference, so make sure to grab one. |
4437 | - */ |
4438 | - struct device_node *np = of_node_get(padctl->dev->of_node); |
4439 | + struct device_node *pads, *np; |
4440 | + |
4441 | + pads = of_get_child_by_name(padctl->dev->of_node, "pads"); |
4442 | + if (!pads) |
4443 | + return NULL; |
4444 | |
4445 | - np = of_find_node_by_name(np, "pads"); |
4446 | - if (np) |
4447 | - np = of_find_node_by_name(np, name); |
4448 | + np = of_get_child_by_name(pads, name); |
4449 | + of_node_put(pads); |
4450 | |
4451 | return np; |
4452 | } |
4453 | @@ -90,16 +90,16 @@ tegra_xusb_find_pad_node(struct tegra_xusb_padctl *padctl, const char *name) |
4454 | static struct device_node * |
4455 | tegra_xusb_pad_find_phy_node(struct tegra_xusb_pad *pad, unsigned int index) |
4456 | { |
4457 | - /* |
4458 | - * of_find_node_by_name() drops a reference, so make sure to grab one. |
4459 | - */ |
4460 | - struct device_node *np = of_node_get(pad->dev.of_node); |
4461 | + struct device_node *np, *lanes; |
4462 | |
4463 | - np = of_find_node_by_name(np, "lanes"); |
4464 | - if (!np) |
4465 | + lanes = of_get_child_by_name(pad->dev.of_node, "lanes"); |
4466 | + if (!lanes) |
4467 | return NULL; |
4468 | |
4469 | - return of_find_node_by_name(np, pad->soc->lanes[index].name); |
4470 | + np = of_get_child_by_name(lanes, pad->soc->lanes[index].name); |
4471 | + of_node_put(lanes); |
4472 | + |
4473 | + return np; |
4474 | } |
4475 | |
4476 | static int |
4477 | @@ -195,7 +195,7 @@ int tegra_xusb_pad_register(struct tegra_xusb_pad *pad, |
4478 | unsigned int i; |
4479 | int err; |
4480 | |
4481 | - children = of_find_node_by_name(pad->dev.of_node, "lanes"); |
4482 | + children = of_get_child_by_name(pad->dev.of_node, "lanes"); |
4483 | if (!children) |
4484 | return -ENODEV; |
4485 | |
4486 | @@ -444,21 +444,21 @@ static struct device_node * |
4487 | tegra_xusb_find_port_node(struct tegra_xusb_padctl *padctl, const char *type, |
4488 | unsigned int index) |
4489 | { |
4490 | - /* |
4491 | - * of_find_node_by_name() drops a reference, so make sure to grab one. |
4492 | - */ |
4493 | - struct device_node *np = of_node_get(padctl->dev->of_node); |
4494 | + struct device_node *ports, *np; |
4495 | + char *name; |
4496 | |
4497 | - np = of_find_node_by_name(np, "ports"); |
4498 | - if (np) { |
4499 | - char *name; |
4500 | + ports = of_get_child_by_name(padctl->dev->of_node, "ports"); |
4501 | + if (!ports) |
4502 | + return NULL; |
4503 | |
4504 | - name = kasprintf(GFP_KERNEL, "%s-%u", type, index); |
4505 | - if (!name) |
4506 | - return ERR_PTR(-ENOMEM); |
4507 | - np = of_find_node_by_name(np, name); |
4508 | - kfree(name); |
4509 | + name = kasprintf(GFP_KERNEL, "%s-%u", type, index); |
4510 | + if (!name) { |
4511 | + of_node_put(ports); |
4512 | + return ERR_PTR(-ENOMEM); |
4513 | } |
4514 | + np = of_get_child_by_name(ports, name); |
4515 | + kfree(name); |
4516 | + of_node_put(ports); |
4517 | |
4518 | return np; |
4519 | } |
4520 | @@ -847,7 +847,7 @@ static void tegra_xusb_remove_ports(struct tegra_xusb_padctl *padctl) |
4521 | |
4522 | static int tegra_xusb_padctl_probe(struct platform_device *pdev) |
4523 | { |
4524 | - struct device_node *np = of_node_get(pdev->dev.of_node); |
4525 | + struct device_node *np = pdev->dev.of_node; |
4526 | const struct tegra_xusb_padctl_soc *soc; |
4527 | struct tegra_xusb_padctl *padctl; |
4528 | const struct of_device_id *match; |
4529 | @@ -855,7 +855,7 @@ static int tegra_xusb_padctl_probe(struct platform_device *pdev) |
4530 | int err; |
4531 | |
4532 | /* for backwards compatibility with old device trees */ |
4533 | - np = of_find_node_by_name(np, "pads"); |
4534 | + np = of_get_child_by_name(np, "pads"); |
4535 | if (!np) { |
4536 | dev_warn(&pdev->dev, "deprecated DT, using legacy driver\n"); |
4537 | return tegra_xusb_padctl_legacy_probe(pdev); |
4538 | diff --git a/drivers/s390/net/qeth_core.h b/drivers/s390/net/qeth_core.h |
4539 | index 5340efc673a9..92dd4aef21a3 100644 |
4540 | --- a/drivers/s390/net/qeth_core.h |
4541 | +++ b/drivers/s390/net/qeth_core.h |
4542 | @@ -564,9 +564,9 @@ enum qeth_cq { |
4543 | }; |
4544 | |
4545 | struct qeth_ipato { |
4546 | - int enabled; |
4547 | - int invert4; |
4548 | - int invert6; |
4549 | + bool enabled; |
4550 | + bool invert4; |
4551 | + bool invert6; |
4552 | struct list_head entries; |
4553 | }; |
4554 | |
4555 | diff --git a/drivers/s390/net/qeth_core_main.c b/drivers/s390/net/qeth_core_main.c |
4556 | index 330e5d3dadf3..7c7a244b6684 100644 |
4557 | --- a/drivers/s390/net/qeth_core_main.c |
4558 | +++ b/drivers/s390/net/qeth_core_main.c |
4559 | @@ -1479,9 +1479,9 @@ static int qeth_setup_card(struct qeth_card *card) |
4560 | qeth_set_intial_options(card); |
4561 | /* IP address takeover */ |
4562 | INIT_LIST_HEAD(&card->ipato.entries); |
4563 | - card->ipato.enabled = 0; |
4564 | - card->ipato.invert4 = 0; |
4565 | - card->ipato.invert6 = 0; |
4566 | + card->ipato.enabled = false; |
4567 | + card->ipato.invert4 = false; |
4568 | + card->ipato.invert6 = false; |
4569 | /* init QDIO stuff */ |
4570 | qeth_init_qdio_info(card); |
4571 | INIT_DELAYED_WORK(&card->buffer_reclaim_work, qeth_buffer_reclaim_work); |
4572 | @@ -5445,6 +5445,13 @@ int qeth_poll(struct napi_struct *napi, int budget) |
4573 | } |
4574 | EXPORT_SYMBOL_GPL(qeth_poll); |
4575 | |
4576 | +static int qeth_setassparms_inspect_rc(struct qeth_ipa_cmd *cmd) |
4577 | +{ |
4578 | + if (!cmd->hdr.return_code) |
4579 | + cmd->hdr.return_code = cmd->data.setassparms.hdr.return_code; |
4580 | + return cmd->hdr.return_code; |
4581 | +} |
4582 | + |
4583 | int qeth_setassparms_cb(struct qeth_card *card, |
4584 | struct qeth_reply *reply, unsigned long data) |
4585 | { |
4586 | @@ -6304,7 +6311,7 @@ static int qeth_ipa_checksum_run_cmd_cb(struct qeth_card *card, |
4587 | (struct qeth_checksum_cmd *)reply->param; |
4588 | |
4589 | QETH_CARD_TEXT(card, 4, "chkdoccb"); |
4590 | - if (cmd->hdr.return_code) |
4591 | + if (qeth_setassparms_inspect_rc(cmd)) |
4592 | return 0; |
4593 | |
4594 | memset(chksum_cb, 0, sizeof(*chksum_cb)); |
4595 | diff --git a/drivers/s390/net/qeth_l3.h b/drivers/s390/net/qeth_l3.h |
4596 | index 194ae9b577cc..e5833837b799 100644 |
4597 | --- a/drivers/s390/net/qeth_l3.h |
4598 | +++ b/drivers/s390/net/qeth_l3.h |
4599 | @@ -82,7 +82,7 @@ void qeth_l3_del_vipa(struct qeth_card *, enum qeth_prot_versions, const u8 *); |
4600 | int qeth_l3_add_rxip(struct qeth_card *, enum qeth_prot_versions, const u8 *); |
4601 | void qeth_l3_del_rxip(struct qeth_card *card, enum qeth_prot_versions, |
4602 | const u8 *); |
4603 | -int qeth_l3_is_addr_covered_by_ipato(struct qeth_card *, struct qeth_ipaddr *); |
4604 | +void qeth_l3_update_ipato(struct qeth_card *card); |
4605 | struct qeth_ipaddr *qeth_l3_get_addr_buffer(enum qeth_prot_versions); |
4606 | int qeth_l3_add_ip(struct qeth_card *, struct qeth_ipaddr *); |
4607 | int qeth_l3_delete_ip(struct qeth_card *, struct qeth_ipaddr *); |
4608 | diff --git a/drivers/s390/net/qeth_l3_main.c b/drivers/s390/net/qeth_l3_main.c |
4609 | index 27185ab38136..36dee176f8e2 100644 |
4610 | --- a/drivers/s390/net/qeth_l3_main.c |
4611 | +++ b/drivers/s390/net/qeth_l3_main.c |
4612 | @@ -163,8 +163,8 @@ static void qeth_l3_convert_addr_to_bits(u8 *addr, u8 *bits, int len) |
4613 | } |
4614 | } |
4615 | |
4616 | -int qeth_l3_is_addr_covered_by_ipato(struct qeth_card *card, |
4617 | - struct qeth_ipaddr *addr) |
4618 | +static bool qeth_l3_is_addr_covered_by_ipato(struct qeth_card *card, |
4619 | + struct qeth_ipaddr *addr) |
4620 | { |
4621 | struct qeth_ipato_entry *ipatoe; |
4622 | u8 addr_bits[128] = {0, }; |
4623 | @@ -173,6 +173,8 @@ int qeth_l3_is_addr_covered_by_ipato(struct qeth_card *card, |
4624 | |
4625 | if (!card->ipato.enabled) |
4626 | return 0; |
4627 | + if (addr->type != QETH_IP_TYPE_NORMAL) |
4628 | + return 0; |
4629 | |
4630 | qeth_l3_convert_addr_to_bits((u8 *) &addr->u, addr_bits, |
4631 | (addr->proto == QETH_PROT_IPV4)? 4:16); |
4632 | @@ -289,8 +291,7 @@ int qeth_l3_add_ip(struct qeth_card *card, struct qeth_ipaddr *tmp_addr) |
4633 | memcpy(addr, tmp_addr, sizeof(struct qeth_ipaddr)); |
4634 | addr->ref_counter = 1; |
4635 | |
4636 | - if (addr->type == QETH_IP_TYPE_NORMAL && |
4637 | - qeth_l3_is_addr_covered_by_ipato(card, addr)) { |
4638 | + if (qeth_l3_is_addr_covered_by_ipato(card, addr)) { |
4639 | QETH_CARD_TEXT(card, 2, "tkovaddr"); |
4640 | addr->set_flags |= QETH_IPA_SETIP_TAKEOVER_FLAG; |
4641 | } |
4642 | @@ -604,6 +605,27 @@ int qeth_l3_setrouting_v6(struct qeth_card *card) |
4643 | /* |
4644 | * IP address takeover related functions |
4645 | */ |
4646 | + |
4647 | +/** |
4648 | + * qeth_l3_update_ipato() - Update 'takeover' property, for all NORMAL IPs. |
4649 | + * |
4650 | + * Caller must hold ip_lock. |
4651 | + */ |
4652 | +void qeth_l3_update_ipato(struct qeth_card *card) |
4653 | +{ |
4654 | + struct qeth_ipaddr *addr; |
4655 | + unsigned int i; |
4656 | + |
4657 | + hash_for_each(card->ip_htable, i, addr, hnode) { |
4658 | + if (addr->type != QETH_IP_TYPE_NORMAL) |
4659 | + continue; |
4660 | + if (qeth_l3_is_addr_covered_by_ipato(card, addr)) |
4661 | + addr->set_flags |= QETH_IPA_SETIP_TAKEOVER_FLAG; |
4662 | + else |
4663 | + addr->set_flags &= ~QETH_IPA_SETIP_TAKEOVER_FLAG; |
4664 | + } |
4665 | +} |
4666 | + |
4667 | static void qeth_l3_clear_ipato_list(struct qeth_card *card) |
4668 | { |
4669 | struct qeth_ipato_entry *ipatoe, *tmp; |
4670 | @@ -615,6 +637,7 @@ static void qeth_l3_clear_ipato_list(struct qeth_card *card) |
4671 | kfree(ipatoe); |
4672 | } |
4673 | |
4674 | + qeth_l3_update_ipato(card); |
4675 | spin_unlock_bh(&card->ip_lock); |
4676 | } |
4677 | |
4678 | @@ -639,8 +662,10 @@ int qeth_l3_add_ipato_entry(struct qeth_card *card, |
4679 | } |
4680 | } |
4681 | |
4682 | - if (!rc) |
4683 | + if (!rc) { |
4684 | list_add_tail(&new->entry, &card->ipato.entries); |
4685 | + qeth_l3_update_ipato(card); |
4686 | + } |
4687 | |
4688 | spin_unlock_bh(&card->ip_lock); |
4689 | |
4690 | @@ -663,6 +688,7 @@ void qeth_l3_del_ipato_entry(struct qeth_card *card, |
4691 | (proto == QETH_PROT_IPV4)? 4:16) && |
4692 | (ipatoe->mask_bits == mask_bits)) { |
4693 | list_del(&ipatoe->entry); |
4694 | + qeth_l3_update_ipato(card); |
4695 | kfree(ipatoe); |
4696 | } |
4697 | } |
4698 | diff --git a/drivers/s390/net/qeth_l3_sys.c b/drivers/s390/net/qeth_l3_sys.c |
4699 | index 7a829ad77783..1295dd8ec849 100644 |
4700 | --- a/drivers/s390/net/qeth_l3_sys.c |
4701 | +++ b/drivers/s390/net/qeth_l3_sys.c |
4702 | @@ -370,8 +370,8 @@ static ssize_t qeth_l3_dev_ipato_enable_store(struct device *dev, |
4703 | struct device_attribute *attr, const char *buf, size_t count) |
4704 | { |
4705 | struct qeth_card *card = dev_get_drvdata(dev); |
4706 | - struct qeth_ipaddr *addr; |
4707 | - int i, rc = 0; |
4708 | + bool enable; |
4709 | + int rc = 0; |
4710 | |
4711 | if (!card) |
4712 | return -EINVAL; |
4713 | @@ -384,25 +384,18 @@ static ssize_t qeth_l3_dev_ipato_enable_store(struct device *dev, |
4714 | } |
4715 | |
4716 | if (sysfs_streq(buf, "toggle")) { |
4717 | - card->ipato.enabled = (card->ipato.enabled)? 0 : 1; |
4718 | - } else if (sysfs_streq(buf, "1")) { |
4719 | - card->ipato.enabled = 1; |
4720 | - hash_for_each(card->ip_htable, i, addr, hnode) { |
4721 | - if ((addr->type == QETH_IP_TYPE_NORMAL) && |
4722 | - qeth_l3_is_addr_covered_by_ipato(card, addr)) |
4723 | - addr->set_flags |= |
4724 | - QETH_IPA_SETIP_TAKEOVER_FLAG; |
4725 | - } |
4726 | - } else if (sysfs_streq(buf, "0")) { |
4727 | - card->ipato.enabled = 0; |
4728 | - hash_for_each(card->ip_htable, i, addr, hnode) { |
4729 | - if (addr->set_flags & |
4730 | - QETH_IPA_SETIP_TAKEOVER_FLAG) |
4731 | - addr->set_flags &= |
4732 | - ~QETH_IPA_SETIP_TAKEOVER_FLAG; |
4733 | - } |
4734 | - } else |
4735 | + enable = !card->ipato.enabled; |
4736 | + } else if (kstrtobool(buf, &enable)) { |
4737 | rc = -EINVAL; |
4738 | + goto out; |
4739 | + } |
4740 | + |
4741 | + if (card->ipato.enabled != enable) { |
4742 | + card->ipato.enabled = enable; |
4743 | + spin_lock_bh(&card->ip_lock); |
4744 | + qeth_l3_update_ipato(card); |
4745 | + spin_unlock_bh(&card->ip_lock); |
4746 | + } |
4747 | out: |
4748 | mutex_unlock(&card->conf_mutex); |
4749 | return rc ? rc : count; |
4750 | @@ -428,20 +421,27 @@ static ssize_t qeth_l3_dev_ipato_invert4_store(struct device *dev, |
4751 | const char *buf, size_t count) |
4752 | { |
4753 | struct qeth_card *card = dev_get_drvdata(dev); |
4754 | + bool invert; |
4755 | int rc = 0; |
4756 | |
4757 | if (!card) |
4758 | return -EINVAL; |
4759 | |
4760 | mutex_lock(&card->conf_mutex); |
4761 | - if (sysfs_streq(buf, "toggle")) |
4762 | - card->ipato.invert4 = (card->ipato.invert4)? 0 : 1; |
4763 | - else if (sysfs_streq(buf, "1")) |
4764 | - card->ipato.invert4 = 1; |
4765 | - else if (sysfs_streq(buf, "0")) |
4766 | - card->ipato.invert4 = 0; |
4767 | - else |
4768 | + if (sysfs_streq(buf, "toggle")) { |
4769 | + invert = !card->ipato.invert4; |
4770 | + } else if (kstrtobool(buf, &invert)) { |
4771 | rc = -EINVAL; |
4772 | + goto out; |
4773 | + } |
4774 | + |
4775 | + if (card->ipato.invert4 != invert) { |
4776 | + card->ipato.invert4 = invert; |
4777 | + spin_lock_bh(&card->ip_lock); |
4778 | + qeth_l3_update_ipato(card); |
4779 | + spin_unlock_bh(&card->ip_lock); |
4780 | + } |
4781 | +out: |
4782 | mutex_unlock(&card->conf_mutex); |
4783 | return rc ? rc : count; |
4784 | } |
4785 | @@ -607,20 +607,27 @@ static ssize_t qeth_l3_dev_ipato_invert6_store(struct device *dev, |
4786 | struct device_attribute *attr, const char *buf, size_t count) |
4787 | { |
4788 | struct qeth_card *card = dev_get_drvdata(dev); |
4789 | + bool invert; |
4790 | int rc = 0; |
4791 | |
4792 | if (!card) |
4793 | return -EINVAL; |
4794 | |
4795 | mutex_lock(&card->conf_mutex); |
4796 | - if (sysfs_streq(buf, "toggle")) |
4797 | - card->ipato.invert6 = (card->ipato.invert6)? 0 : 1; |
4798 | - else if (sysfs_streq(buf, "1")) |
4799 | - card->ipato.invert6 = 1; |
4800 | - else if (sysfs_streq(buf, "0")) |
4801 | - card->ipato.invert6 = 0; |
4802 | - else |
4803 | + if (sysfs_streq(buf, "toggle")) { |
4804 | + invert = !card->ipato.invert6; |
4805 | + } else if (kstrtobool(buf, &invert)) { |
4806 | rc = -EINVAL; |
4807 | + goto out; |
4808 | + } |
4809 | + |
4810 | + if (card->ipato.invert6 != invert) { |
4811 | + card->ipato.invert6 = invert; |
4812 | + spin_lock_bh(&card->ip_lock); |
4813 | + qeth_l3_update_ipato(card); |
4814 | + spin_unlock_bh(&card->ip_lock); |
4815 | + } |
4816 | +out: |
4817 | mutex_unlock(&card->conf_mutex); |
4818 | return rc ? rc : count; |
4819 | } |
4820 | diff --git a/drivers/scsi/osd/osd_initiator.c b/drivers/scsi/osd/osd_initiator.c |
4821 | index a4f28b7e4c65..e18877177f1b 100644 |
4822 | --- a/drivers/scsi/osd/osd_initiator.c |
4823 | +++ b/drivers/scsi/osd/osd_initiator.c |
4824 | @@ -1576,7 +1576,9 @@ static struct request *_make_request(struct request_queue *q, bool has_write, |
4825 | return req; |
4826 | |
4827 | for_each_bio(bio) { |
4828 | - ret = blk_rq_append_bio(req, bio); |
4829 | + struct bio *bounce_bio = bio; |
4830 | + |
4831 | + ret = blk_rq_append_bio(req, &bounce_bio); |
4832 | if (ret) |
4833 | return ERR_PTR(ret); |
4834 | } |
4835 | diff --git a/drivers/staging/android/ion/ion.c b/drivers/staging/android/ion/ion.c |
4836 | index 93e2c90fa77d..83dc3292e9ab 100644 |
4837 | --- a/drivers/staging/android/ion/ion.c |
4838 | +++ b/drivers/staging/android/ion/ion.c |
4839 | @@ -348,7 +348,7 @@ static int ion_dma_buf_begin_cpu_access(struct dma_buf *dmabuf, |
4840 | mutex_lock(&buffer->lock); |
4841 | list_for_each_entry(a, &buffer->attachments, list) { |
4842 | dma_sync_sg_for_cpu(a->dev, a->table->sgl, a->table->nents, |
4843 | - DMA_BIDIRECTIONAL); |
4844 | + direction); |
4845 | } |
4846 | mutex_unlock(&buffer->lock); |
4847 | |
4848 | @@ -370,7 +370,7 @@ static int ion_dma_buf_end_cpu_access(struct dma_buf *dmabuf, |
4849 | mutex_lock(&buffer->lock); |
4850 | list_for_each_entry(a, &buffer->attachments, list) { |
4851 | dma_sync_sg_for_device(a->dev, a->table->sgl, a->table->nents, |
4852 | - DMA_BIDIRECTIONAL); |
4853 | + direction); |
4854 | } |
4855 | mutex_unlock(&buffer->lock); |
4856 | |
4857 | diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c |
4858 | index 7c69b4a9694d..0d99b242e82e 100644 |
4859 | --- a/drivers/target/target_core_pscsi.c |
4860 | +++ b/drivers/target/target_core_pscsi.c |
4861 | @@ -920,7 +920,7 @@ pscsi_map_sg(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents, |
4862 | " %d i: %d bio: %p, allocating another" |
4863 | " bio\n", bio->bi_vcnt, i, bio); |
4864 | |
4865 | - rc = blk_rq_append_bio(req, bio); |
4866 | + rc = blk_rq_append_bio(req, &bio); |
4867 | if (rc) { |
4868 | pr_err("pSCSI: failed to append bio\n"); |
4869 | goto fail; |
4870 | @@ -938,7 +938,7 @@ pscsi_map_sg(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents, |
4871 | } |
4872 | |
4873 | if (bio) { |
4874 | - rc = blk_rq_append_bio(req, bio); |
4875 | + rc = blk_rq_append_bio(req, &bio); |
4876 | if (rc) { |
4877 | pr_err("pSCSI: failed to append bio\n"); |
4878 | goto fail; |
4879 | diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c |
4880 | index bdf0e6e89991..faf50df81622 100644 |
4881 | --- a/drivers/tty/n_tty.c |
4882 | +++ b/drivers/tty/n_tty.c |
4883 | @@ -1764,7 +1764,7 @@ static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old) |
4884 | { |
4885 | struct n_tty_data *ldata = tty->disc_data; |
4886 | |
4887 | - if (!old || (old->c_lflag ^ tty->termios.c_lflag) & ICANON) { |
4888 | + if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) { |
4889 | bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE); |
4890 | ldata->line_start = ldata->read_tail; |
4891 | if (!L_ICANON(tty) || !read_cnt(ldata)) { |
4892 | @@ -2427,7 +2427,7 @@ static int n_tty_ioctl(struct tty_struct *tty, struct file *file, |
4893 | return put_user(tty_chars_in_buffer(tty), (int __user *) arg); |
4894 | case TIOCINQ: |
4895 | down_write(&tty->termios_rwsem); |
4896 | - if (L_ICANON(tty)) |
4897 | + if (L_ICANON(tty) && !L_EXTPROC(tty)) |
4898 | retval = inq_canon(ldata); |
4899 | else |
4900 | retval = read_cnt(ldata); |
4901 | diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c |
4902 | index f8eba1c5412f..677fa99b7747 100644 |
4903 | --- a/drivers/tty/tty_buffer.c |
4904 | +++ b/drivers/tty/tty_buffer.c |
4905 | @@ -446,7 +446,7 @@ EXPORT_SYMBOL_GPL(tty_prepare_flip_string); |
4906 | * Callers other than flush_to_ldisc() need to exclude the kworker |
4907 | * from concurrent use of the line discipline, see paste_selection(). |
4908 | * |
4909 | - * Returns the number of bytes not processed |
4910 | + * Returns the number of bytes processed |
4911 | */ |
4912 | int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p, |
4913 | char *f, int count) |
4914 | diff --git a/drivers/usb/chipidea/ci_hdrc_msm.c b/drivers/usb/chipidea/ci_hdrc_msm.c |
4915 | index bb626120296f..53f3bf459dd1 100644 |
4916 | --- a/drivers/usb/chipidea/ci_hdrc_msm.c |
4917 | +++ b/drivers/usb/chipidea/ci_hdrc_msm.c |
4918 | @@ -251,7 +251,7 @@ static int ci_hdrc_msm_probe(struct platform_device *pdev) |
4919 | if (ret) |
4920 | goto err_mux; |
4921 | |
4922 | - ulpi_node = of_find_node_by_name(of_node_get(pdev->dev.of_node), "ulpi"); |
4923 | + ulpi_node = of_get_child_by_name(pdev->dev.of_node, "ulpi"); |
4924 | if (ulpi_node) { |
4925 | phy_node = of_get_next_available_child(ulpi_node, NULL); |
4926 | ci->hsic = of_device_is_compatible(phy_node, "qcom,usb-hsic-phy"); |
4927 | diff --git a/drivers/usb/core/config.c b/drivers/usb/core/config.c |
4928 | index 843ef46d2537..9e3355b97396 100644 |
4929 | --- a/drivers/usb/core/config.c |
4930 | +++ b/drivers/usb/core/config.c |
4931 | @@ -1007,7 +1007,7 @@ int usb_get_bos_descriptor(struct usb_device *dev) |
4932 | case USB_SSP_CAP_TYPE: |
4933 | ssp_cap = (struct usb_ssp_cap_descriptor *)buffer; |
4934 | ssac = (le32_to_cpu(ssp_cap->bmAttributes) & |
4935 | - USB_SSP_SUBLINK_SPEED_ATTRIBS) + 1; |
4936 | + USB_SSP_SUBLINK_SPEED_ATTRIBS); |
4937 | if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac)) |
4938 | dev->bos->ssp_cap = ssp_cap; |
4939 | break; |
4940 | diff --git a/drivers/usb/core/quirks.c b/drivers/usb/core/quirks.c |
4941 | index 50010282c010..c05c4f877750 100644 |
4942 | --- a/drivers/usb/core/quirks.c |
4943 | +++ b/drivers/usb/core/quirks.c |
4944 | @@ -57,10 +57,11 @@ static const struct usb_device_id usb_quirk_list[] = { |
4945 | /* Microsoft LifeCam-VX700 v2.0 */ |
4946 | { USB_DEVICE(0x045e, 0x0770), .driver_info = USB_QUIRK_RESET_RESUME }, |
4947 | |
4948 | - /* Logitech HD Pro Webcams C920, C920-C and C930e */ |
4949 | + /* Logitech HD Pro Webcams C920, C920-C, C925e and C930e */ |
4950 | { USB_DEVICE(0x046d, 0x082d), .driver_info = USB_QUIRK_DELAY_INIT }, |
4951 | { USB_DEVICE(0x046d, 0x0841), .driver_info = USB_QUIRK_DELAY_INIT }, |
4952 | { USB_DEVICE(0x046d, 0x0843), .driver_info = USB_QUIRK_DELAY_INIT }, |
4953 | + { USB_DEVICE(0x046d, 0x085b), .driver_info = USB_QUIRK_DELAY_INIT }, |
4954 | |
4955 | /* Logitech ConferenceCam CC3000e */ |
4956 | { USB_DEVICE(0x046d, 0x0847), .driver_info = USB_QUIRK_DELAY_INIT }, |
4957 | @@ -154,6 +155,9 @@ static const struct usb_device_id usb_quirk_list[] = { |
4958 | /* Genesys Logic hub, internally used by KY-688 USB 3.1 Type-C Hub */ |
4959 | { USB_DEVICE(0x05e3, 0x0612), .driver_info = USB_QUIRK_NO_LPM }, |
4960 | |
4961 | + /* ELSA MicroLink 56K */ |
4962 | + { USB_DEVICE(0x05cc, 0x2267), .driver_info = USB_QUIRK_RESET_RESUME }, |
4963 | + |
4964 | /* Genesys Logic hub, internally used by Moshi USB to Ethernet Adapter */ |
4965 | { USB_DEVICE(0x05e3, 0x0616), .driver_info = USB_QUIRK_NO_LPM }, |
4966 | |
4967 | diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c |
4968 | index 76f392954733..abb8f19ae40f 100644 |
4969 | --- a/drivers/usb/host/xhci-pci.c |
4970 | +++ b/drivers/usb/host/xhci-pci.c |
4971 | @@ -189,6 +189,9 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) |
4972 | xhci->quirks |= XHCI_TRUST_TX_LENGTH; |
4973 | xhci->quirks |= XHCI_BROKEN_STREAMS; |
4974 | } |
4975 | + if (pdev->vendor == PCI_VENDOR_ID_RENESAS && |
4976 | + pdev->device == 0x0014) |
4977 | + xhci->quirks |= XHCI_TRUST_TX_LENGTH; |
4978 | if (pdev->vendor == PCI_VENDOR_ID_RENESAS && |
4979 | pdev->device == 0x0015) |
4980 | xhci->quirks |= XHCI_RESET_ON_RESUME; |
4981 | diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c |
4982 | index 49d1b2d4606d..d038e543c246 100644 |
4983 | --- a/drivers/usb/serial/ftdi_sio.c |
4984 | +++ b/drivers/usb/serial/ftdi_sio.c |
4985 | @@ -1017,6 +1017,7 @@ static const struct usb_device_id id_table_combined[] = { |
4986 | .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, |
4987 | { USB_DEVICE(CYPRESS_VID, CYPRESS_WICED_BT_USB_PID) }, |
4988 | { USB_DEVICE(CYPRESS_VID, CYPRESS_WICED_WL_USB_PID) }, |
4989 | + { USB_DEVICE(AIRBUS_DS_VID, AIRBUS_DS_P8GR) }, |
4990 | { } /* Terminating entry */ |
4991 | }; |
4992 | |
4993 | diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h |
4994 | index 4faa09fe308c..8b4ecd2bd297 100644 |
4995 | --- a/drivers/usb/serial/ftdi_sio_ids.h |
4996 | +++ b/drivers/usb/serial/ftdi_sio_ids.h |
4997 | @@ -914,6 +914,12 @@ |
4998 | #define ICPDAS_I7561U_PID 0x0104 |
4999 | #define ICPDAS_I7563U_PID 0x0105 |
5000 | |
5001 | +/* |
5002 | + * Airbus Defence and Space |
5003 | + */ |
5004 | +#define AIRBUS_DS_VID 0x1e8e /* Vendor ID */ |
5005 | +#define AIRBUS_DS_P8GR 0x6001 /* Tetra P8GR */ |
5006 | + |
5007 | /* |
5008 | * RT Systems programming cables for various ham radios |
5009 | */ |
5010 | diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c |
5011 | index 54e316b1892d..a9400458ccea 100644 |
5012 | --- a/drivers/usb/serial/option.c |
5013 | +++ b/drivers/usb/serial/option.c |
5014 | @@ -236,6 +236,8 @@ static void option_instat_callback(struct urb *urb); |
5015 | /* These Quectel products use Qualcomm's vendor ID */ |
5016 | #define QUECTEL_PRODUCT_UC20 0x9003 |
5017 | #define QUECTEL_PRODUCT_UC15 0x9090 |
5018 | +/* These Yuga products use Qualcomm's vendor ID */ |
5019 | +#define YUGA_PRODUCT_CLM920_NC5 0x9625 |
5020 | |
5021 | #define QUECTEL_VENDOR_ID 0x2c7c |
5022 | /* These Quectel products use Quectel's vendor ID */ |
5023 | @@ -283,6 +285,7 @@ static void option_instat_callback(struct urb *urb); |
5024 | #define TELIT_PRODUCT_LE922_USBCFG3 0x1043 |
5025 | #define TELIT_PRODUCT_LE922_USBCFG5 0x1045 |
5026 | #define TELIT_PRODUCT_ME910 0x1100 |
5027 | +#define TELIT_PRODUCT_ME910_DUAL_MODEM 0x1101 |
5028 | #define TELIT_PRODUCT_LE920 0x1200 |
5029 | #define TELIT_PRODUCT_LE910 0x1201 |
5030 | #define TELIT_PRODUCT_LE910_USBCFG4 0x1206 |
5031 | @@ -648,6 +651,11 @@ static const struct option_blacklist_info telit_me910_blacklist = { |
5032 | .reserved = BIT(1) | BIT(3), |
5033 | }; |
5034 | |
5035 | +static const struct option_blacklist_info telit_me910_dual_modem_blacklist = { |
5036 | + .sendsetup = BIT(0), |
5037 | + .reserved = BIT(3), |
5038 | +}; |
5039 | + |
5040 | static const struct option_blacklist_info telit_le910_blacklist = { |
5041 | .sendsetup = BIT(0), |
5042 | .reserved = BIT(1) | BIT(2), |
5043 | @@ -677,6 +685,10 @@ static const struct option_blacklist_info cinterion_rmnet2_blacklist = { |
5044 | .reserved = BIT(4) | BIT(5), |
5045 | }; |
5046 | |
5047 | +static const struct option_blacklist_info yuga_clm920_nc5_blacklist = { |
5048 | + .reserved = BIT(1) | BIT(4), |
5049 | +}; |
5050 | + |
5051 | static const struct usb_device_id option_ids[] = { |
5052 | { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, |
5053 | { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) }, |
5054 | @@ -1181,6 +1193,9 @@ static const struct usb_device_id option_ids[] = { |
5055 | { USB_DEVICE(QUALCOMM_VENDOR_ID, QUECTEL_PRODUCT_UC15)}, |
5056 | { USB_DEVICE(QUALCOMM_VENDOR_ID, QUECTEL_PRODUCT_UC20), |
5057 | .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, |
5058 | + /* Yuga products use Qualcomm vendor ID */ |
5059 | + { USB_DEVICE(QUALCOMM_VENDOR_ID, YUGA_PRODUCT_CLM920_NC5), |
5060 | + .driver_info = (kernel_ulong_t)&yuga_clm920_nc5_blacklist }, |
5061 | /* Quectel products using Quectel vendor ID */ |
5062 | { USB_DEVICE(QUECTEL_VENDOR_ID, QUECTEL_PRODUCT_EC21), |
5063 | .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, |
5064 | @@ -1247,6 +1262,8 @@ static const struct usb_device_id option_ids[] = { |
5065 | .driver_info = (kernel_ulong_t)&telit_le922_blacklist_usbcfg0 }, |
5066 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910), |
5067 | .driver_info = (kernel_ulong_t)&telit_me910_blacklist }, |
5068 | + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM), |
5069 | + .driver_info = (kernel_ulong_t)&telit_me910_dual_modem_blacklist }, |
5070 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910), |
5071 | .driver_info = (kernel_ulong_t)&telit_le910_blacklist }, |
5072 | { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE910_USBCFG4), |
5073 | diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c |
5074 | index 9f9d3a904464..55a8fb25ce2b 100644 |
5075 | --- a/drivers/usb/serial/qcserial.c |
5076 | +++ b/drivers/usb/serial/qcserial.c |
5077 | @@ -166,6 +166,8 @@ static const struct usb_device_id id_table[] = { |
5078 | {DEVICE_SWI(0x1199, 0x9079)}, /* Sierra Wireless EM74xx */ |
5079 | {DEVICE_SWI(0x1199, 0x907a)}, /* Sierra Wireless EM74xx QDL */ |
5080 | {DEVICE_SWI(0x1199, 0x907b)}, /* Sierra Wireless EM74xx */ |
5081 | + {DEVICE_SWI(0x1199, 0x9090)}, /* Sierra Wireless EM7565 QDL */ |
5082 | + {DEVICE_SWI(0x1199, 0x9091)}, /* Sierra Wireless EM7565 */ |
5083 | {DEVICE_SWI(0x413c, 0x81a2)}, /* Dell Wireless 5806 Gobi(TM) 4G LTE Mobile Broadband Card */ |
5084 | {DEVICE_SWI(0x413c, 0x81a3)}, /* Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card */ |
5085 | {DEVICE_SWI(0x413c, 0x81a4)}, /* Dell Wireless 5570e HSPA+ (42Mbps) Mobile Broadband Card */ |
5086 | @@ -346,6 +348,7 @@ static int qcprobe(struct usb_serial *serial, const struct usb_device_id *id) |
5087 | break; |
5088 | case 2: |
5089 | dev_dbg(dev, "NMEA GPS interface found\n"); |
5090 | + sendsetup = true; |
5091 | break; |
5092 | case 3: |
5093 | dev_dbg(dev, "Modem port found\n"); |
5094 | diff --git a/drivers/usb/usbip/stub_dev.c b/drivers/usb/usbip/stub_dev.c |
5095 | index c653ce533430..720408d39f11 100644 |
5096 | --- a/drivers/usb/usbip/stub_dev.c |
5097 | +++ b/drivers/usb/usbip/stub_dev.c |
5098 | @@ -163,8 +163,7 @@ static void stub_shutdown_connection(struct usbip_device *ud) |
5099 | * step 1? |
5100 | */ |
5101 | if (ud->tcp_socket) { |
5102 | - dev_dbg(&sdev->udev->dev, "shutdown tcp_socket %p\n", |
5103 | - ud->tcp_socket); |
5104 | + dev_dbg(&sdev->udev->dev, "shutdown sockfd %d\n", ud->sockfd); |
5105 | kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR); |
5106 | } |
5107 | |
5108 | diff --git a/drivers/usb/usbip/stub_main.c b/drivers/usb/usbip/stub_main.c |
5109 | index 7170404e8979..6968c906fa29 100644 |
5110 | --- a/drivers/usb/usbip/stub_main.c |
5111 | +++ b/drivers/usb/usbip/stub_main.c |
5112 | @@ -251,11 +251,12 @@ void stub_device_cleanup_urbs(struct stub_device *sdev) |
5113 | struct stub_priv *priv; |
5114 | struct urb *urb; |
5115 | |
5116 | - dev_dbg(&sdev->udev->dev, "free sdev %p\n", sdev); |
5117 | + dev_dbg(&sdev->udev->dev, "Stub device cleaning up urbs\n"); |
5118 | |
5119 | while ((priv = stub_priv_pop(sdev))) { |
5120 | urb = priv->urb; |
5121 | - dev_dbg(&sdev->udev->dev, "free urb %p\n", urb); |
5122 | + dev_dbg(&sdev->udev->dev, "free urb seqnum %lu\n", |
5123 | + priv->seqnum); |
5124 | usb_kill_urb(urb); |
5125 | |
5126 | kmem_cache_free(stub_priv_cache, priv); |
5127 | diff --git a/drivers/usb/usbip/stub_rx.c b/drivers/usb/usbip/stub_rx.c |
5128 | index 283a9be77a22..5b807185f79e 100644 |
5129 | --- a/drivers/usb/usbip/stub_rx.c |
5130 | +++ b/drivers/usb/usbip/stub_rx.c |
5131 | @@ -225,9 +225,6 @@ static int stub_recv_cmd_unlink(struct stub_device *sdev, |
5132 | if (priv->seqnum != pdu->u.cmd_unlink.seqnum) |
5133 | continue; |
5134 | |
5135 | - dev_info(&priv->urb->dev->dev, "unlink urb %p\n", |
5136 | - priv->urb); |
5137 | - |
5138 | /* |
5139 | * This matched urb is not completed yet (i.e., be in |
5140 | * flight in usb hcd hardware/driver). Now we are |
5141 | @@ -266,8 +263,8 @@ static int stub_recv_cmd_unlink(struct stub_device *sdev, |
5142 | ret = usb_unlink_urb(priv->urb); |
5143 | if (ret != -EINPROGRESS) |
5144 | dev_err(&priv->urb->dev->dev, |
5145 | - "failed to unlink a urb %p, ret %d\n", |
5146 | - priv->urb, ret); |
5147 | + "failed to unlink a urb # %lu, ret %d\n", |
5148 | + priv->seqnum, ret); |
5149 | |
5150 | return 0; |
5151 | } |
5152 | diff --git a/drivers/usb/usbip/stub_tx.c b/drivers/usb/usbip/stub_tx.c |
5153 | index 87ff94be4235..96aa375b80d9 100644 |
5154 | --- a/drivers/usb/usbip/stub_tx.c |
5155 | +++ b/drivers/usb/usbip/stub_tx.c |
5156 | @@ -102,7 +102,7 @@ void stub_complete(struct urb *urb) |
5157 | /* link a urb to the queue of tx. */ |
5158 | spin_lock_irqsave(&sdev->priv_lock, flags); |
5159 | if (sdev->ud.tcp_socket == NULL) { |
5160 | - usbip_dbg_stub_tx("ignore urb for closed connection %p", urb); |
5161 | + usbip_dbg_stub_tx("ignore urb for closed connection\n"); |
5162 | /* It will be freed in stub_device_cleanup_urbs(). */ |
5163 | } else if (priv->unlinking) { |
5164 | stub_enqueue_ret_unlink(sdev, priv->seqnum, urb->status); |
5165 | @@ -204,8 +204,8 @@ static int stub_send_ret_submit(struct stub_device *sdev) |
5166 | |
5167 | /* 1. setup usbip_header */ |
5168 | setup_ret_submit_pdu(&pdu_header, urb); |
5169 | - usbip_dbg_stub_tx("setup txdata seqnum: %d urb: %p\n", |
5170 | - pdu_header.base.seqnum, urb); |
5171 | + usbip_dbg_stub_tx("setup txdata seqnum: %d\n", |
5172 | + pdu_header.base.seqnum); |
5173 | usbip_header_correct_endian(&pdu_header, 1); |
5174 | |
5175 | iov[iovnum].iov_base = &pdu_header; |
5176 | diff --git a/drivers/usb/usbip/usbip_common.c b/drivers/usb/usbip/usbip_common.c |
5177 | index 2281f3562870..17b599b923f3 100644 |
5178 | --- a/drivers/usb/usbip/usbip_common.c |
5179 | +++ b/drivers/usb/usbip/usbip_common.c |
5180 | @@ -331,26 +331,20 @@ int usbip_recv(struct socket *sock, void *buf, int size) |
5181 | struct msghdr msg = {.msg_flags = MSG_NOSIGNAL}; |
5182 | int total = 0; |
5183 | |
5184 | + if (!sock || !buf || !size) |
5185 | + return -EINVAL; |
5186 | + |
5187 | iov_iter_kvec(&msg.msg_iter, READ|ITER_KVEC, &iov, 1, size); |
5188 | |
5189 | usbip_dbg_xmit("enter\n"); |
5190 | |
5191 | - if (!sock || !buf || !size) { |
5192 | - pr_err("invalid arg, sock %p buff %p size %d\n", sock, buf, |
5193 | - size); |
5194 | - return -EINVAL; |
5195 | - } |
5196 | - |
5197 | do { |
5198 | - int sz = msg_data_left(&msg); |
5199 | + msg_data_left(&msg); |
5200 | sock->sk->sk_allocation = GFP_NOIO; |
5201 | |
5202 | result = sock_recvmsg(sock, &msg, MSG_WAITALL); |
5203 | - if (result <= 0) { |
5204 | - pr_debug("receive sock %p buf %p size %u ret %d total %d\n", |
5205 | - sock, buf + total, sz, result, total); |
5206 | + if (result <= 0) |
5207 | goto err; |
5208 | - } |
5209 | |
5210 | total += result; |
5211 | } while (msg_data_left(&msg)); |
5212 | diff --git a/drivers/usb/usbip/vhci_hcd.c b/drivers/usb/usbip/vhci_hcd.c |
5213 | index 1f0cf81cc145..692cfdef667e 100644 |
5214 | --- a/drivers/usb/usbip/vhci_hcd.c |
5215 | +++ b/drivers/usb/usbip/vhci_hcd.c |
5216 | @@ -670,9 +670,6 @@ static int vhci_urb_enqueue(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flag |
5217 | struct vhci_device *vdev; |
5218 | unsigned long flags; |
5219 | |
5220 | - usbip_dbg_vhci_hc("enter, usb_hcd %p urb %p mem_flags %d\n", |
5221 | - hcd, urb, mem_flags); |
5222 | - |
5223 | if (portnum > VHCI_HC_PORTS) { |
5224 | pr_err("invalid port number %d\n", portnum); |
5225 | return -ENODEV; |
5226 | @@ -836,8 +833,6 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) |
5227 | struct vhci_device *vdev; |
5228 | unsigned long flags; |
5229 | |
5230 | - pr_info("dequeue a urb %p\n", urb); |
5231 | - |
5232 | spin_lock_irqsave(&vhci->lock, flags); |
5233 | |
5234 | priv = urb->hcpriv; |
5235 | @@ -865,7 +860,6 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) |
5236 | /* tcp connection is closed */ |
5237 | spin_lock(&vdev->priv_lock); |
5238 | |
5239 | - pr_info("device %p seems to be disconnected\n", vdev); |
5240 | list_del(&priv->list); |
5241 | kfree(priv); |
5242 | urb->hcpriv = NULL; |
5243 | @@ -877,8 +871,6 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) |
5244 | * vhci_rx will receive RET_UNLINK and give back the URB. |
5245 | * Otherwise, we give back it here. |
5246 | */ |
5247 | - pr_info("gives back urb %p\n", urb); |
5248 | - |
5249 | usb_hcd_unlink_urb_from_ep(hcd, urb); |
5250 | |
5251 | spin_unlock_irqrestore(&vhci->lock, flags); |
5252 | @@ -906,8 +898,6 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) |
5253 | |
5254 | unlink->unlink_seqnum = priv->seqnum; |
5255 | |
5256 | - pr_info("device %p seems to be still connected\n", vdev); |
5257 | - |
5258 | /* send cmd_unlink and try to cancel the pending URB in the |
5259 | * peer */ |
5260 | list_add_tail(&unlink->list, &vdev->unlink_tx); |
5261 | @@ -989,7 +979,7 @@ static void vhci_shutdown_connection(struct usbip_device *ud) |
5262 | |
5263 | /* need this? see stub_dev.c */ |
5264 | if (ud->tcp_socket) { |
5265 | - pr_debug("shutdown tcp_socket %p\n", ud->tcp_socket); |
5266 | + pr_debug("shutdown tcp_socket %d\n", ud->sockfd); |
5267 | kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR); |
5268 | } |
5269 | |
5270 | diff --git a/drivers/usb/usbip/vhci_rx.c b/drivers/usb/usbip/vhci_rx.c |
5271 | index ef2f2d5ca6b2..1343037d00f9 100644 |
5272 | --- a/drivers/usb/usbip/vhci_rx.c |
5273 | +++ b/drivers/usb/usbip/vhci_rx.c |
5274 | @@ -37,24 +37,23 @@ struct urb *pickup_urb_and_free_priv(struct vhci_device *vdev, __u32 seqnum) |
5275 | urb = priv->urb; |
5276 | status = urb->status; |
5277 | |
5278 | - usbip_dbg_vhci_rx("find urb %p vurb %p seqnum %u\n", |
5279 | - urb, priv, seqnum); |
5280 | + usbip_dbg_vhci_rx("find urb seqnum %u\n", seqnum); |
5281 | |
5282 | switch (status) { |
5283 | case -ENOENT: |
5284 | /* fall through */ |
5285 | case -ECONNRESET: |
5286 | - dev_info(&urb->dev->dev, |
5287 | - "urb %p was unlinked %ssynchronuously.\n", urb, |
5288 | - status == -ENOENT ? "" : "a"); |
5289 | + dev_dbg(&urb->dev->dev, |
5290 | + "urb seq# %u was unlinked %ssynchronuously\n", |
5291 | + seqnum, status == -ENOENT ? "" : "a"); |
5292 | break; |
5293 | case -EINPROGRESS: |
5294 | /* no info output */ |
5295 | break; |
5296 | default: |
5297 | - dev_info(&urb->dev->dev, |
5298 | - "urb %p may be in a error, status %d\n", urb, |
5299 | - status); |
5300 | + dev_dbg(&urb->dev->dev, |
5301 | + "urb seq# %u may be in a error, status %d\n", |
5302 | + seqnum, status); |
5303 | } |
5304 | |
5305 | list_del(&priv->list); |
5306 | @@ -81,8 +80,8 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, |
5307 | spin_unlock_irqrestore(&vdev->priv_lock, flags); |
5308 | |
5309 | if (!urb) { |
5310 | - pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); |
5311 | - pr_info("max seqnum %d\n", |
5312 | + pr_err("cannot find a urb of seqnum %u max seqnum %d\n", |
5313 | + pdu->base.seqnum, |
5314 | atomic_read(&vhci_hcd->seqnum)); |
5315 | usbip_event_add(ud, VDEV_EVENT_ERROR_TCP); |
5316 | return; |
5317 | @@ -105,7 +104,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, |
5318 | if (usbip_dbg_flag_vhci_rx) |
5319 | usbip_dump_urb(urb); |
5320 | |
5321 | - usbip_dbg_vhci_rx("now giveback urb %p\n", urb); |
5322 | + usbip_dbg_vhci_rx("now giveback urb %u\n", pdu->base.seqnum); |
5323 | |
5324 | spin_lock_irqsave(&vhci->lock, flags); |
5325 | usb_hcd_unlink_urb_from_ep(vhci_hcd_to_hcd(vhci_hcd), urb); |
5326 | @@ -172,7 +171,7 @@ static void vhci_recv_ret_unlink(struct vhci_device *vdev, |
5327 | pr_info("the urb (seqnum %d) was already given back\n", |
5328 | pdu->base.seqnum); |
5329 | } else { |
5330 | - usbip_dbg_vhci_rx("now giveback urb %p\n", urb); |
5331 | + usbip_dbg_vhci_rx("now giveback urb %d\n", pdu->base.seqnum); |
5332 | |
5333 | /* If unlink is successful, status is -ECONNRESET */ |
5334 | urb->status = pdu->u.ret_unlink.status; |
5335 | diff --git a/drivers/usb/usbip/vhci_tx.c b/drivers/usb/usbip/vhci_tx.c |
5336 | index 3e7878fe2fd4..a9a663a578b6 100644 |
5337 | --- a/drivers/usb/usbip/vhci_tx.c |
5338 | +++ b/drivers/usb/usbip/vhci_tx.c |
5339 | @@ -83,7 +83,8 @@ static int vhci_send_cmd_submit(struct vhci_device *vdev) |
5340 | memset(&msg, 0, sizeof(msg)); |
5341 | memset(&iov, 0, sizeof(iov)); |
5342 | |
5343 | - usbip_dbg_vhci_tx("setup txdata urb %p\n", urb); |
5344 | + usbip_dbg_vhci_tx("setup txdata urb seqnum %lu\n", |
5345 | + priv->seqnum); |
5346 | |
5347 | /* 1. setup usbip_header */ |
5348 | setup_cmd_submit_pdu(&pdu_header, urb); |
5349 | diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h |
5350 | index fd47bd96b5d3..6362e3606aa5 100644 |
5351 | --- a/include/linux/blkdev.h |
5352 | +++ b/include/linux/blkdev.h |
5353 | @@ -241,14 +241,24 @@ struct request { |
5354 | struct request *next_rq; |
5355 | }; |
5356 | |
5357 | +static inline bool blk_op_is_scsi(unsigned int op) |
5358 | +{ |
5359 | + return op == REQ_OP_SCSI_IN || op == REQ_OP_SCSI_OUT; |
5360 | +} |
5361 | + |
5362 | +static inline bool blk_op_is_private(unsigned int op) |
5363 | +{ |
5364 | + return op == REQ_OP_DRV_IN || op == REQ_OP_DRV_OUT; |
5365 | +} |
5366 | + |
5367 | static inline bool blk_rq_is_scsi(struct request *rq) |
5368 | { |
5369 | - return req_op(rq) == REQ_OP_SCSI_IN || req_op(rq) == REQ_OP_SCSI_OUT; |
5370 | + return blk_op_is_scsi(req_op(rq)); |
5371 | } |
5372 | |
5373 | static inline bool blk_rq_is_private(struct request *rq) |
5374 | { |
5375 | - return req_op(rq) == REQ_OP_DRV_IN || req_op(rq) == REQ_OP_DRV_OUT; |
5376 | + return blk_op_is_private(req_op(rq)); |
5377 | } |
5378 | |
5379 | static inline bool blk_rq_is_passthrough(struct request *rq) |
5380 | @@ -256,6 +266,13 @@ static inline bool blk_rq_is_passthrough(struct request *rq) |
5381 | return blk_rq_is_scsi(rq) || blk_rq_is_private(rq); |
5382 | } |
5383 | |
5384 | +static inline bool bio_is_passthrough(struct bio *bio) |
5385 | +{ |
5386 | + unsigned op = bio_op(bio); |
5387 | + |
5388 | + return blk_op_is_scsi(op) || blk_op_is_private(op); |
5389 | +} |
5390 | + |
5391 | static inline unsigned short req_get_ioprio(struct request *req) |
5392 | { |
5393 | return req->ioprio; |
5394 | @@ -952,7 +969,7 @@ extern int blk_rq_prep_clone(struct request *rq, struct request *rq_src, |
5395 | extern void blk_rq_unprep_clone(struct request *rq); |
5396 | extern blk_status_t blk_insert_cloned_request(struct request_queue *q, |
5397 | struct request *rq); |
5398 | -extern int blk_rq_append_bio(struct request *rq, struct bio *bio); |
5399 | +extern int blk_rq_append_bio(struct request *rq, struct bio **bio); |
5400 | extern void blk_delay_queue(struct request_queue *, unsigned long); |
5401 | extern void blk_queue_split(struct request_queue *, struct bio **); |
5402 | extern void blk_recount_segments(struct request_queue *, struct bio *); |
5403 | diff --git a/include/linux/cpuhotplug.h b/include/linux/cpuhotplug.h |
5404 | index 2477a5cb5bd5..fb83dee528a1 100644 |
5405 | --- a/include/linux/cpuhotplug.h |
5406 | +++ b/include/linux/cpuhotplug.h |
5407 | @@ -86,7 +86,7 @@ enum cpuhp_state { |
5408 | CPUHP_MM_ZSWP_POOL_PREPARE, |
5409 | CPUHP_KVM_PPC_BOOK3S_PREPARE, |
5410 | CPUHP_ZCOMP_PREPARE, |
5411 | - CPUHP_TIMERS_DEAD, |
5412 | + CPUHP_TIMERS_PREPARE, |
5413 | CPUHP_MIPS_SOC_PREPARE, |
5414 | CPUHP_BP_PREPARE_DYN, |
5415 | CPUHP_BP_PREPARE_DYN_END = CPUHP_BP_PREPARE_DYN + 20, |
5416 | diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h |
5417 | index ea04ca024f0d..067a6fa675ed 100644 |
5418 | --- a/include/linux/ipv6.h |
5419 | +++ b/include/linux/ipv6.h |
5420 | @@ -272,7 +272,8 @@ struct ipv6_pinfo { |
5421 | * 100: prefer care-of address |
5422 | */ |
5423 | dontfrag:1, |
5424 | - autoflowlabel:1; |
5425 | + autoflowlabel:1, |
5426 | + autoflowlabel_set:1; |
5427 | __u8 min_hopcount; |
5428 | __u8 tclass; |
5429 | __be32 rcv_flowinfo; |
5430 | diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h |
5431 | index 401c8972cc3a..8b3d0103c03a 100644 |
5432 | --- a/include/linux/mlx5/driver.h |
5433 | +++ b/include/linux/mlx5/driver.h |
5434 | @@ -546,6 +546,7 @@ struct mlx5_core_sriov { |
5435 | }; |
5436 | |
5437 | struct mlx5_irq_info { |
5438 | + cpumask_var_t mask; |
5439 | char name[MLX5_MAX_IRQ_NAME]; |
5440 | }; |
5441 | |
5442 | diff --git a/include/linux/mlx5/mlx5_ifc.h b/include/linux/mlx5/mlx5_ifc.h |
5443 | index 69772347f866..c8091f06eaa4 100644 |
5444 | --- a/include/linux/mlx5/mlx5_ifc.h |
5445 | +++ b/include/linux/mlx5/mlx5_ifc.h |
5446 | @@ -147,7 +147,7 @@ enum { |
5447 | MLX5_CMD_OP_ALLOC_Q_COUNTER = 0x771, |
5448 | MLX5_CMD_OP_DEALLOC_Q_COUNTER = 0x772, |
5449 | MLX5_CMD_OP_QUERY_Q_COUNTER = 0x773, |
5450 | - MLX5_CMD_OP_SET_RATE_LIMIT = 0x780, |
5451 | + MLX5_CMD_OP_SET_PP_RATE_LIMIT = 0x780, |
5452 | MLX5_CMD_OP_QUERY_RATE_LIMIT = 0x781, |
5453 | MLX5_CMD_OP_CREATE_SCHEDULING_ELEMENT = 0x782, |
5454 | MLX5_CMD_OP_DESTROY_SCHEDULING_ELEMENT = 0x783, |
5455 | @@ -7233,7 +7233,7 @@ struct mlx5_ifc_add_vxlan_udp_dport_in_bits { |
5456 | u8 vxlan_udp_port[0x10]; |
5457 | }; |
5458 | |
5459 | -struct mlx5_ifc_set_rate_limit_out_bits { |
5460 | +struct mlx5_ifc_set_pp_rate_limit_out_bits { |
5461 | u8 status[0x8]; |
5462 | u8 reserved_at_8[0x18]; |
5463 | |
5464 | @@ -7242,7 +7242,7 @@ struct mlx5_ifc_set_rate_limit_out_bits { |
5465 | u8 reserved_at_40[0x40]; |
5466 | }; |
5467 | |
5468 | -struct mlx5_ifc_set_rate_limit_in_bits { |
5469 | +struct mlx5_ifc_set_pp_rate_limit_in_bits { |
5470 | u8 opcode[0x10]; |
5471 | u8 reserved_at_10[0x10]; |
5472 | |
5473 | @@ -7255,6 +7255,8 @@ struct mlx5_ifc_set_rate_limit_in_bits { |
5474 | u8 reserved_at_60[0x20]; |
5475 | |
5476 | u8 rate_limit[0x20]; |
5477 | + |
5478 | + u8 reserved_at_a0[0x160]; |
5479 | }; |
5480 | |
5481 | struct mlx5_ifc_access_register_out_bits { |
5482 | diff --git a/include/linux/pti.h b/include/linux/pti.h |
5483 | new file mode 100644 |
5484 | index 000000000000..0174883a935a |
5485 | --- /dev/null |
5486 | +++ b/include/linux/pti.h |
5487 | @@ -0,0 +1,11 @@ |
5488 | +// SPDX-License-Identifier: GPL-2.0 |
5489 | +#ifndef _INCLUDE_PTI_H |
5490 | +#define _INCLUDE_PTI_H |
5491 | + |
5492 | +#ifdef CONFIG_PAGE_TABLE_ISOLATION |
5493 | +#include <asm/pti.h> |
5494 | +#else |
5495 | +static inline void pti_init(void) { } |
5496 | +#endif |
5497 | + |
5498 | +#endif |
5499 | diff --git a/include/linux/ptr_ring.h b/include/linux/ptr_ring.h |
5500 | index 37b4bb2545b3..6866df4f31b5 100644 |
5501 | --- a/include/linux/ptr_ring.h |
5502 | +++ b/include/linux/ptr_ring.h |
5503 | @@ -101,12 +101,18 @@ static inline bool ptr_ring_full_bh(struct ptr_ring *r) |
5504 | |
5505 | /* Note: callers invoking this in a loop must use a compiler barrier, |
5506 | * for example cpu_relax(). Callers must hold producer_lock. |
5507 | + * Callers are responsible for making sure pointer that is being queued |
5508 | + * points to a valid data. |
5509 | */ |
5510 | static inline int __ptr_ring_produce(struct ptr_ring *r, void *ptr) |
5511 | { |
5512 | if (unlikely(!r->size) || r->queue[r->producer]) |
5513 | return -ENOSPC; |
5514 | |
5515 | + /* Make sure the pointer we are storing points to a valid data. */ |
5516 | + /* Pairs with smp_read_barrier_depends in __ptr_ring_consume. */ |
5517 | + smp_wmb(); |
5518 | + |
5519 | r->queue[r->producer++] = ptr; |
5520 | if (unlikely(r->producer >= r->size)) |
5521 | r->producer = 0; |
5522 | @@ -275,6 +281,9 @@ static inline void *__ptr_ring_consume(struct ptr_ring *r) |
5523 | if (ptr) |
5524 | __ptr_ring_discard_one(r); |
5525 | |
5526 | + /* Make sure anyone accessing data through the pointer is up to date. */ |
5527 | + /* Pairs with smp_wmb in __ptr_ring_produce. */ |
5528 | + smp_read_barrier_depends(); |
5529 | return ptr; |
5530 | } |
5531 | |
5532 | diff --git a/include/linux/tcp.h b/include/linux/tcp.h |
5533 | index 4aa40ef02d32..e8418fc77a43 100644 |
5534 | --- a/include/linux/tcp.h |
5535 | +++ b/include/linux/tcp.h |
5536 | @@ -214,7 +214,8 @@ struct tcp_sock { |
5537 | u8 chrono_type:2, /* current chronograph type */ |
5538 | rate_app_limited:1, /* rate_{delivered,interval_us} limited? */ |
5539 | fastopen_connect:1, /* FASTOPEN_CONNECT sockopt */ |
5540 | - unused:4; |
5541 | + is_sack_reneg:1, /* in recovery from loss with SACK reneg? */ |
5542 | + unused:3; |
5543 | u8 nonagle : 4,/* Disable Nagle algorithm? */ |
5544 | thin_lto : 1,/* Use linear timeouts for thin streams */ |
5545 | unused1 : 1, |
5546 | diff --git a/include/linux/tick.h b/include/linux/tick.h |
5547 | index cf413b344ddb..5cdac11dd317 100644 |
5548 | --- a/include/linux/tick.h |
5549 | +++ b/include/linux/tick.h |
5550 | @@ -119,6 +119,7 @@ extern void tick_nohz_idle_exit(void); |
5551 | extern void tick_nohz_irq_exit(void); |
5552 | extern ktime_t tick_nohz_get_sleep_length(void); |
5553 | extern unsigned long tick_nohz_get_idle_calls(void); |
5554 | +extern unsigned long tick_nohz_get_idle_calls_cpu(int cpu); |
5555 | extern u64 get_cpu_idle_time_us(int cpu, u64 *last_update_time); |
5556 | extern u64 get_cpu_iowait_time_us(int cpu, u64 *last_update_time); |
5557 | #else /* !CONFIG_NO_HZ_COMMON */ |
5558 | diff --git a/include/linux/timer.h b/include/linux/timer.h |
5559 | index ac66f29c6916..e0ea1fe87572 100644 |
5560 | --- a/include/linux/timer.h |
5561 | +++ b/include/linux/timer.h |
5562 | @@ -246,9 +246,11 @@ unsigned long round_jiffies_up(unsigned long j); |
5563 | unsigned long round_jiffies_up_relative(unsigned long j); |
5564 | |
5565 | #ifdef CONFIG_HOTPLUG_CPU |
5566 | +int timers_prepare_cpu(unsigned int cpu); |
5567 | int timers_dead_cpu(unsigned int cpu); |
5568 | #else |
5569 | -#define timers_dead_cpu NULL |
5570 | +#define timers_prepare_cpu NULL |
5571 | +#define timers_dead_cpu NULL |
5572 | #endif |
5573 | |
5574 | #endif |
5575 | diff --git a/include/net/ip.h b/include/net/ip.h |
5576 | index 9896f46cbbf1..af8addbaa3c1 100644 |
5577 | --- a/include/net/ip.h |
5578 | +++ b/include/net/ip.h |
5579 | @@ -34,6 +34,7 @@ |
5580 | #include <net/flow_dissector.h> |
5581 | |
5582 | #define IPV4_MAX_PMTU 65535U /* RFC 2675, Section 5.1 */ |
5583 | +#define IPV4_MIN_MTU 68 /* RFC 791 */ |
5584 | |
5585 | struct sock; |
5586 | |
5587 | diff --git a/include/net/tcp.h b/include/net/tcp.h |
5588 | index 6ced69940f5c..0a13574134b8 100644 |
5589 | --- a/include/net/tcp.h |
5590 | +++ b/include/net/tcp.h |
5591 | @@ -1085,7 +1085,7 @@ void tcp_rate_skb_sent(struct sock *sk, struct sk_buff *skb); |
5592 | void tcp_rate_skb_delivered(struct sock *sk, struct sk_buff *skb, |
5593 | struct rate_sample *rs); |
5594 | void tcp_rate_gen(struct sock *sk, u32 delivered, u32 lost, |
5595 | - struct rate_sample *rs); |
5596 | + bool is_sack_reneg, struct rate_sample *rs); |
5597 | void tcp_rate_check_app_limited(struct sock *sk); |
5598 | |
5599 | /* These functions determine how the current flow behaves in respect of SACK |
5600 | diff --git a/init/main.c b/init/main.c |
5601 | index 8a390f60ec81..b32ec72cdf3d 100644 |
5602 | --- a/init/main.c |
5603 | +++ b/init/main.c |
5604 | @@ -75,6 +75,7 @@ |
5605 | #include <linux/slab.h> |
5606 | #include <linux/perf_event.h> |
5607 | #include <linux/ptrace.h> |
5608 | +#include <linux/pti.h> |
5609 | #include <linux/blkdev.h> |
5610 | #include <linux/elevator.h> |
5611 | #include <linux/sched_clock.h> |
5612 | @@ -506,6 +507,8 @@ static void __init mm_init(void) |
5613 | ioremap_huge_init(); |
5614 | /* Should be run before the first non-init thread is created */ |
5615 | init_espfix_bsp(); |
5616 | + /* Should be run after espfix64 is set up. */ |
5617 | + pti_init(); |
5618 | } |
5619 | |
5620 | asmlinkage __visible void __init start_kernel(void) |
5621 | diff --git a/kernel/cpu.c b/kernel/cpu.c |
5622 | index 7891aecc6aec..f21bfa3172d8 100644 |
5623 | --- a/kernel/cpu.c |
5624 | +++ b/kernel/cpu.c |
5625 | @@ -1277,9 +1277,9 @@ static struct cpuhp_step cpuhp_bp_states[] = { |
5626 | * before blk_mq_queue_reinit_notify() from notify_dead(), |
5627 | * otherwise a RCU stall occurs. |
5628 | */ |
5629 | - [CPUHP_TIMERS_DEAD] = { |
5630 | + [CPUHP_TIMERS_PREPARE] = { |
5631 | .name = "timers:dead", |
5632 | - .startup.single = NULL, |
5633 | + .startup.single = timers_prepare_cpu, |
5634 | .teardown.single = timers_dead_cpu, |
5635 | }, |
5636 | /* Kicks the plugged cpu into life */ |
5637 | diff --git a/kernel/sched/cpufreq_schedutil.c b/kernel/sched/cpufreq_schedutil.c |
5638 | index 2f52ec0f1539..d6717a3331a1 100644 |
5639 | --- a/kernel/sched/cpufreq_schedutil.c |
5640 | +++ b/kernel/sched/cpufreq_schedutil.c |
5641 | @@ -244,7 +244,7 @@ static void sugov_iowait_boost(struct sugov_cpu *sg_cpu, unsigned long *util, |
5642 | #ifdef CONFIG_NO_HZ_COMMON |
5643 | static bool sugov_cpu_is_busy(struct sugov_cpu *sg_cpu) |
5644 | { |
5645 | - unsigned long idle_calls = tick_nohz_get_idle_calls(); |
5646 | + unsigned long idle_calls = tick_nohz_get_idle_calls_cpu(sg_cpu->cpu); |
5647 | bool ret = idle_calls == sg_cpu->saved_idle_calls; |
5648 | |
5649 | sg_cpu->saved_idle_calls = idle_calls; |
5650 | diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c |
5651 | index c7a899c5ce64..dfa4a117fee3 100644 |
5652 | --- a/kernel/time/tick-sched.c |
5653 | +++ b/kernel/time/tick-sched.c |
5654 | @@ -674,6 +674,11 @@ static void tick_nohz_restart(struct tick_sched *ts, ktime_t now) |
5655 | ts->next_tick = 0; |
5656 | } |
5657 | |
5658 | +static inline bool local_timer_softirq_pending(void) |
5659 | +{ |
5660 | + return local_softirq_pending() & TIMER_SOFTIRQ; |
5661 | +} |
5662 | + |
5663 | static ktime_t tick_nohz_stop_sched_tick(struct tick_sched *ts, |
5664 | ktime_t now, int cpu) |
5665 | { |
5666 | @@ -690,8 +695,18 @@ static ktime_t tick_nohz_stop_sched_tick(struct tick_sched *ts, |
5667 | } while (read_seqretry(&jiffies_lock, seq)); |
5668 | ts->last_jiffies = basejiff; |
5669 | |
5670 | - if (rcu_needs_cpu(basemono, &next_rcu) || |
5671 | - arch_needs_cpu() || irq_work_needs_cpu()) { |
5672 | + /* |
5673 | + * Keep the periodic tick, when RCU, architecture or irq_work |
5674 | + * requests it. |
5675 | + * Aside of that check whether the local timer softirq is |
5676 | + * pending. If so its a bad idea to call get_next_timer_interrupt() |
5677 | + * because there is an already expired timer, so it will request |
5678 | + * immeditate expiry, which rearms the hardware timer with a |
5679 | + * minimal delta which brings us back to this place |
5680 | + * immediately. Lather, rinse and repeat... |
5681 | + */ |
5682 | + if (rcu_needs_cpu(basemono, &next_rcu) || arch_needs_cpu() || |
5683 | + irq_work_needs_cpu() || local_timer_softirq_pending()) { |
5684 | next_tick = basemono + TICK_NSEC; |
5685 | } else { |
5686 | /* |
5687 | @@ -1009,6 +1024,19 @@ ktime_t tick_nohz_get_sleep_length(void) |
5688 | return ts->sleep_length; |
5689 | } |
5690 | |
5691 | +/** |
5692 | + * tick_nohz_get_idle_calls_cpu - return the current idle calls counter value |
5693 | + * for a particular CPU. |
5694 | + * |
5695 | + * Called from the schedutil frequency scaling governor in scheduler context. |
5696 | + */ |
5697 | +unsigned long tick_nohz_get_idle_calls_cpu(int cpu) |
5698 | +{ |
5699 | + struct tick_sched *ts = tick_get_tick_sched(cpu); |
5700 | + |
5701 | + return ts->idle_calls; |
5702 | +} |
5703 | + |
5704 | /** |
5705 | * tick_nohz_get_idle_calls - return the current idle calls counter value |
5706 | * |
5707 | diff --git a/kernel/time/timer.c b/kernel/time/timer.c |
5708 | index f2674a056c26..73e3cdbc61f1 100644 |
5709 | --- a/kernel/time/timer.c |
5710 | +++ b/kernel/time/timer.c |
5711 | @@ -814,11 +814,10 @@ static inline struct timer_base *get_timer_cpu_base(u32 tflags, u32 cpu) |
5712 | struct timer_base *base = per_cpu_ptr(&timer_bases[BASE_STD], cpu); |
5713 | |
5714 | /* |
5715 | - * If the timer is deferrable and nohz is active then we need to use |
5716 | - * the deferrable base. |
5717 | + * If the timer is deferrable and NO_HZ_COMMON is set then we need |
5718 | + * to use the deferrable base. |
5719 | */ |
5720 | - if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active && |
5721 | - (tflags & TIMER_DEFERRABLE)) |
5722 | + if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE)) |
5723 | base = per_cpu_ptr(&timer_bases[BASE_DEF], cpu); |
5724 | return base; |
5725 | } |
5726 | @@ -828,11 +827,10 @@ static inline struct timer_base *get_timer_this_cpu_base(u32 tflags) |
5727 | struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]); |
5728 | |
5729 | /* |
5730 | - * If the timer is deferrable and nohz is active then we need to use |
5731 | - * the deferrable base. |
5732 | + * If the timer is deferrable and NO_HZ_COMMON is set then we need |
5733 | + * to use the deferrable base. |
5734 | */ |
5735 | - if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active && |
5736 | - (tflags & TIMER_DEFERRABLE)) |
5737 | + if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE)) |
5738 | base = this_cpu_ptr(&timer_bases[BASE_DEF]); |
5739 | return base; |
5740 | } |
5741 | @@ -984,8 +982,6 @@ __mod_timer(struct timer_list *timer, unsigned long expires, bool pending_only) |
5742 | if (!ret && pending_only) |
5743 | goto out_unlock; |
5744 | |
5745 | - debug_activate(timer, expires); |
5746 | - |
5747 | new_base = get_target_base(base, timer->flags); |
5748 | |
5749 | if (base != new_base) { |
5750 | @@ -1009,6 +1005,8 @@ __mod_timer(struct timer_list *timer, unsigned long expires, bool pending_only) |
5751 | } |
5752 | } |
5753 | |
5754 | + debug_activate(timer, expires); |
5755 | + |
5756 | timer->expires = expires; |
5757 | /* |
5758 | * If 'idx' was calculated above and the base time did not advance |
5759 | @@ -1644,7 +1642,7 @@ static __latent_entropy void run_timer_softirq(struct softirq_action *h) |
5760 | base->must_forward_clk = false; |
5761 | |
5762 | __run_timers(base); |
5763 | - if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active) |
5764 | + if (IS_ENABLED(CONFIG_NO_HZ_COMMON)) |
5765 | __run_timers(this_cpu_ptr(&timer_bases[BASE_DEF])); |
5766 | } |
5767 | |
5768 | @@ -1803,6 +1801,21 @@ static void migrate_timer_list(struct timer_base *new_base, struct hlist_head *h |
5769 | } |
5770 | } |
5771 | |
5772 | +int timers_prepare_cpu(unsigned int cpu) |
5773 | +{ |
5774 | + struct timer_base *base; |
5775 | + int b; |
5776 | + |
5777 | + for (b = 0; b < NR_BASES; b++) { |
5778 | + base = per_cpu_ptr(&timer_bases[b], cpu); |
5779 | + base->clk = jiffies; |
5780 | + base->next_expiry = base->clk + NEXT_TIMER_MAX_DELTA; |
5781 | + base->is_idle = false; |
5782 | + base->must_forward_clk = true; |
5783 | + } |
5784 | + return 0; |
5785 | +} |
5786 | + |
5787 | int timers_dead_cpu(unsigned int cpu) |
5788 | { |
5789 | struct timer_base *old_base; |
5790 | diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c |
5791 | index 81279c6602ff..0476a9372014 100644 |
5792 | --- a/kernel/trace/ring_buffer.c |
5793 | +++ b/kernel/trace/ring_buffer.c |
5794 | @@ -281,6 +281,8 @@ EXPORT_SYMBOL_GPL(ring_buffer_event_data); |
5795 | /* Missed count stored at end */ |
5796 | #define RB_MISSED_STORED (1 << 30) |
5797 | |
5798 | +#define RB_MISSED_FLAGS (RB_MISSED_EVENTS|RB_MISSED_STORED) |
5799 | + |
5800 | struct buffer_data_page { |
5801 | u64 time_stamp; /* page time stamp */ |
5802 | local_t commit; /* write committed index */ |
5803 | @@ -332,7 +334,9 @@ static void rb_init_page(struct buffer_data_page *bpage) |
5804 | */ |
5805 | size_t ring_buffer_page_len(void *page) |
5806 | { |
5807 | - return local_read(&((struct buffer_data_page *)page)->commit) |
5808 | + struct buffer_data_page *bpage = page; |
5809 | + |
5810 | + return (local_read(&bpage->commit) & ~RB_MISSED_FLAGS) |
5811 | + BUF_PAGE_HDR_SIZE; |
5812 | } |
5813 | |
5814 | @@ -4439,8 +4443,13 @@ void ring_buffer_free_read_page(struct ring_buffer *buffer, int cpu, void *data) |
5815 | { |
5816 | struct ring_buffer_per_cpu *cpu_buffer = buffer->buffers[cpu]; |
5817 | struct buffer_data_page *bpage = data; |
5818 | + struct page *page = virt_to_page(bpage); |
5819 | unsigned long flags; |
5820 | |
5821 | + /* If the page is still in use someplace else, we can't reuse it */ |
5822 | + if (page_ref_count(page) > 1) |
5823 | + goto out; |
5824 | + |
5825 | local_irq_save(flags); |
5826 | arch_spin_lock(&cpu_buffer->lock); |
5827 | |
5828 | @@ -4452,6 +4461,7 @@ void ring_buffer_free_read_page(struct ring_buffer *buffer, int cpu, void *data) |
5829 | arch_spin_unlock(&cpu_buffer->lock); |
5830 | local_irq_restore(flags); |
5831 | |
5832 | + out: |
5833 | free_page((unsigned long)bpage); |
5834 | } |
5835 | EXPORT_SYMBOL_GPL(ring_buffer_free_read_page); |
5836 | diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c |
5837 | index 80de14973b42..76bcc80b893e 100644 |
5838 | --- a/kernel/trace/trace.c |
5839 | +++ b/kernel/trace/trace.c |
5840 | @@ -6769,7 +6769,7 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos, |
5841 | .spd_release = buffer_spd_release, |
5842 | }; |
5843 | struct buffer_ref *ref; |
5844 | - int entries, size, i; |
5845 | + int entries, i; |
5846 | ssize_t ret = 0; |
5847 | |
5848 | #ifdef CONFIG_TRACER_MAX_TRACE |
5849 | @@ -6823,14 +6823,6 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos, |
5850 | break; |
5851 | } |
5852 | |
5853 | - /* |
5854 | - * zero out any left over data, this is going to |
5855 | - * user land. |
5856 | - */ |
5857 | - size = ring_buffer_page_len(ref->page); |
5858 | - if (size < PAGE_SIZE) |
5859 | - memset(ref->page + size, 0, PAGE_SIZE - size); |
5860 | - |
5861 | page = virt_to_page(ref->page); |
5862 | |
5863 | spd.pages[i] = page; |
5864 | @@ -7588,6 +7580,7 @@ allocate_trace_buffer(struct trace_array *tr, struct trace_buffer *buf, int size |
5865 | buf->data = alloc_percpu(struct trace_array_cpu); |
5866 | if (!buf->data) { |
5867 | ring_buffer_free(buf->buffer); |
5868 | + buf->buffer = NULL; |
5869 | return -ENOMEM; |
5870 | } |
5871 | |
5872 | @@ -7611,7 +7604,9 @@ static int allocate_trace_buffers(struct trace_array *tr, int size) |
5873 | allocate_snapshot ? size : 1); |
5874 | if (WARN_ON(ret)) { |
5875 | ring_buffer_free(tr->trace_buffer.buffer); |
5876 | + tr->trace_buffer.buffer = NULL; |
5877 | free_percpu(tr->trace_buffer.data); |
5878 | + tr->trace_buffer.data = NULL; |
5879 | return -ENOMEM; |
5880 | } |
5881 | tr->allocated_snapshot = allocate_snapshot; |
5882 | diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c |
5883 | index de2152730809..08190db0a2dc 100644 |
5884 | --- a/net/bridge/br_netlink.c |
5885 | +++ b/net/bridge/br_netlink.c |
5886 | @@ -1223,19 +1223,20 @@ static int br_dev_newlink(struct net *src_net, struct net_device *dev, |
5887 | struct net_bridge *br = netdev_priv(dev); |
5888 | int err; |
5889 | |
5890 | + err = register_netdevice(dev); |
5891 | + if (err) |
5892 | + return err; |
5893 | + |
5894 | if (tb[IFLA_ADDRESS]) { |
5895 | spin_lock_bh(&br->lock); |
5896 | br_stp_change_bridge_id(br, nla_data(tb[IFLA_ADDRESS])); |
5897 | spin_unlock_bh(&br->lock); |
5898 | } |
5899 | |
5900 | - err = register_netdevice(dev); |
5901 | - if (err) |
5902 | - return err; |
5903 | - |
5904 | err = br_changelink(dev, tb, data, extack); |
5905 | if (err) |
5906 | - unregister_netdevice(dev); |
5907 | + br_dev_delete(dev, NULL); |
5908 | + |
5909 | return err; |
5910 | } |
5911 | |
5912 | diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c |
5913 | index 6cfdc7c84c48..0dd6359e5924 100644 |
5914 | --- a/net/core/net_namespace.c |
5915 | +++ b/net/core/net_namespace.c |
5916 | @@ -266,7 +266,7 @@ struct net *get_net_ns_by_id(struct net *net, int id) |
5917 | spin_lock_bh(&net->nsid_lock); |
5918 | peer = idr_find(&net->netns_ids, id); |
5919 | if (peer) |
5920 | - get_net(peer); |
5921 | + peer = maybe_get_net(peer); |
5922 | spin_unlock_bh(&net->nsid_lock); |
5923 | rcu_read_unlock(); |
5924 | |
5925 | diff --git a/net/core/skbuff.c b/net/core/skbuff.c |
5926 | index e140ba49b30a..15fa5baa8fae 100644 |
5927 | --- a/net/core/skbuff.c |
5928 | +++ b/net/core/skbuff.c |
5929 | @@ -1181,12 +1181,12 @@ int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask) |
5930 | int i, new_frags; |
5931 | u32 d_off; |
5932 | |
5933 | - if (!num_frags) |
5934 | - return 0; |
5935 | - |
5936 | if (skb_shared(skb) || skb_unclone(skb, gfp_mask)) |
5937 | return -EINVAL; |
5938 | |
5939 | + if (!num_frags) |
5940 | + goto release; |
5941 | + |
5942 | new_frags = (__skb_pagelen(skb) + PAGE_SIZE - 1) >> PAGE_SHIFT; |
5943 | for (i = 0; i < new_frags; i++) { |
5944 | page = alloc_page(gfp_mask); |
5945 | @@ -1242,6 +1242,7 @@ int skb_copy_ubufs(struct sk_buff *skb, gfp_t gfp_mask) |
5946 | __skb_fill_page_desc(skb, new_frags - 1, head, 0, d_off); |
5947 | skb_shinfo(skb)->nr_frags = new_frags; |
5948 | |
5949 | +release: |
5950 | skb_zcopy_clear(skb, false); |
5951 | return 0; |
5952 | } |
5953 | @@ -3657,8 +3658,6 @@ struct sk_buff *skb_segment(struct sk_buff *head_skb, |
5954 | |
5955 | skb_shinfo(nskb)->tx_flags |= skb_shinfo(head_skb)->tx_flags & |
5956 | SKBTX_SHARED_FRAG; |
5957 | - if (skb_zerocopy_clone(nskb, head_skb, GFP_ATOMIC)) |
5958 | - goto err; |
5959 | |
5960 | while (pos < offset + len) { |
5961 | if (i >= nfrags) { |
5962 | @@ -3684,6 +3683,8 @@ struct sk_buff *skb_segment(struct sk_buff *head_skb, |
5963 | |
5964 | if (unlikely(skb_orphan_frags(frag_skb, GFP_ATOMIC))) |
5965 | goto err; |
5966 | + if (skb_zerocopy_clone(nskb, frag_skb, GFP_ATOMIC)) |
5967 | + goto err; |
5968 | |
5969 | *nskb_frag = *frag; |
5970 | __skb_frag_ref(nskb_frag); |
5971 | @@ -4296,7 +4297,7 @@ void skb_complete_tx_timestamp(struct sk_buff *skb, |
5972 | struct sock *sk = skb->sk; |
5973 | |
5974 | if (!skb_may_tx_timestamp(sk, false)) |
5975 | - return; |
5976 | + goto err; |
5977 | |
5978 | /* Take a reference to prevent skb_orphan() from freeing the socket, |
5979 | * but only if the socket refcount is not zero. |
5980 | @@ -4305,7 +4306,11 @@ void skb_complete_tx_timestamp(struct sk_buff *skb, |
5981 | *skb_hwtstamps(skb) = *hwtstamps; |
5982 | __skb_complete_tx_timestamp(skb, sk, SCM_TSTAMP_SND, false); |
5983 | sock_put(sk); |
5984 | + return; |
5985 | } |
5986 | + |
5987 | +err: |
5988 | + kfree_skb(skb); |
5989 | } |
5990 | EXPORT_SYMBOL_GPL(skb_complete_tx_timestamp); |
5991 | |
5992 | diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c |
5993 | index d7adc0616599..bffa88ecc534 100644 |
5994 | --- a/net/ipv4/devinet.c |
5995 | +++ b/net/ipv4/devinet.c |
5996 | @@ -1420,7 +1420,7 @@ static void inetdev_changename(struct net_device *dev, struct in_device *in_dev) |
5997 | |
5998 | static bool inetdev_valid_mtu(unsigned int mtu) |
5999 | { |
6000 | - return mtu >= 68; |
6001 | + return mtu >= IPV4_MIN_MTU; |
6002 | } |
6003 | |
6004 | static void inetdev_send_gratuitous_arp(struct net_device *dev, |
6005 | diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c |
6006 | index 37819ab4cc74..d72874150905 100644 |
6007 | --- a/net/ipv4/fib_frontend.c |
6008 | +++ b/net/ipv4/fib_frontend.c |
6009 | @@ -1274,14 +1274,19 @@ static int __net_init ip_fib_net_init(struct net *net) |
6010 | |
6011 | static void ip_fib_net_exit(struct net *net) |
6012 | { |
6013 | - unsigned int i; |
6014 | + int i; |
6015 | |
6016 | rtnl_lock(); |
6017 | #ifdef CONFIG_IP_MULTIPLE_TABLES |
6018 | RCU_INIT_POINTER(net->ipv4.fib_main, NULL); |
6019 | RCU_INIT_POINTER(net->ipv4.fib_default, NULL); |
6020 | #endif |
6021 | - for (i = 0; i < FIB_TABLE_HASHSZ; i++) { |
6022 | + /* Destroy the tables in reverse order to guarantee that the |
6023 | + * local table, ID 255, is destroyed before the main table, ID |
6024 | + * 254. This is necessary as the local table may contain |
6025 | + * references to data contained in the main table. |
6026 | + */ |
6027 | + for (i = FIB_TABLE_HASHSZ - 1; i >= 0; i--) { |
6028 | struct hlist_head *head = &net->ipv4.fib_table_hash[i]; |
6029 | struct hlist_node *tmp; |
6030 | struct fib_table *tb; |
6031 | diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c |
6032 | index 01ed22139ac2..aff3751df950 100644 |
6033 | --- a/net/ipv4/fib_semantics.c |
6034 | +++ b/net/ipv4/fib_semantics.c |
6035 | @@ -706,7 +706,7 @@ bool fib_metrics_match(struct fib_config *cfg, struct fib_info *fi) |
6036 | |
6037 | nla_for_each_attr(nla, cfg->fc_mx, cfg->fc_mx_len, remaining) { |
6038 | int type = nla_type(nla); |
6039 | - u32 val; |
6040 | + u32 fi_val, val; |
6041 | |
6042 | if (!type) |
6043 | continue; |
6044 | @@ -723,7 +723,11 @@ bool fib_metrics_match(struct fib_config *cfg, struct fib_info *fi) |
6045 | val = nla_get_u32(nla); |
6046 | } |
6047 | |
6048 | - if (fi->fib_metrics->metrics[type - 1] != val) |
6049 | + fi_val = fi->fib_metrics->metrics[type - 1]; |
6050 | + if (type == RTAX_FEATURES) |
6051 | + fi_val &= ~DST_FEATURE_ECN_CA; |
6052 | + |
6053 | + if (fi_val != val) |
6054 | return false; |
6055 | } |
6056 | |
6057 | diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c |
6058 | index ab183af0b5b6..c621266e0306 100644 |
6059 | --- a/net/ipv4/igmp.c |
6060 | +++ b/net/ipv4/igmp.c |
6061 | @@ -89,6 +89,7 @@ |
6062 | #include <linux/rtnetlink.h> |
6063 | #include <linux/times.h> |
6064 | #include <linux/pkt_sched.h> |
6065 | +#include <linux/byteorder/generic.h> |
6066 | |
6067 | #include <net/net_namespace.h> |
6068 | #include <net/arp.h> |
6069 | @@ -321,6 +322,23 @@ igmp_scount(struct ip_mc_list *pmc, int type, int gdeleted, int sdeleted) |
6070 | return scount; |
6071 | } |
6072 | |
6073 | +/* source address selection per RFC 3376 section 4.2.13 */ |
6074 | +static __be32 igmpv3_get_srcaddr(struct net_device *dev, |
6075 | + const struct flowi4 *fl4) |
6076 | +{ |
6077 | + struct in_device *in_dev = __in_dev_get_rcu(dev); |
6078 | + |
6079 | + if (!in_dev) |
6080 | + return htonl(INADDR_ANY); |
6081 | + |
6082 | + for_ifa(in_dev) { |
6083 | + if (inet_ifa_match(fl4->saddr, ifa)) |
6084 | + return fl4->saddr; |
6085 | + } endfor_ifa(in_dev); |
6086 | + |
6087 | + return htonl(INADDR_ANY); |
6088 | +} |
6089 | + |
6090 | static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) |
6091 | { |
6092 | struct sk_buff *skb; |
6093 | @@ -368,7 +386,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, unsigned int mtu) |
6094 | pip->frag_off = htons(IP_DF); |
6095 | pip->ttl = 1; |
6096 | pip->daddr = fl4.daddr; |
6097 | - pip->saddr = fl4.saddr; |
6098 | + pip->saddr = igmpv3_get_srcaddr(dev, &fl4); |
6099 | pip->protocol = IPPROTO_IGMP; |
6100 | pip->tot_len = 0; /* filled in later */ |
6101 | ip_select_ident(net, skb, NULL); |
6102 | @@ -404,16 +422,17 @@ static int grec_size(struct ip_mc_list *pmc, int type, int gdel, int sdel) |
6103 | } |
6104 | |
6105 | static struct sk_buff *add_grhead(struct sk_buff *skb, struct ip_mc_list *pmc, |
6106 | - int type, struct igmpv3_grec **ppgr) |
6107 | + int type, struct igmpv3_grec **ppgr, unsigned int mtu) |
6108 | { |
6109 | struct net_device *dev = pmc->interface->dev; |
6110 | struct igmpv3_report *pih; |
6111 | struct igmpv3_grec *pgr; |
6112 | |
6113 | - if (!skb) |
6114 | - skb = igmpv3_newpack(dev, dev->mtu); |
6115 | - if (!skb) |
6116 | - return NULL; |
6117 | + if (!skb) { |
6118 | + skb = igmpv3_newpack(dev, mtu); |
6119 | + if (!skb) |
6120 | + return NULL; |
6121 | + } |
6122 | pgr = skb_put(skb, sizeof(struct igmpv3_grec)); |
6123 | pgr->grec_type = type; |
6124 | pgr->grec_auxwords = 0; |
6125 | @@ -436,12 +455,17 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, |
6126 | struct igmpv3_grec *pgr = NULL; |
6127 | struct ip_sf_list *psf, *psf_next, *psf_prev, **psf_list; |
6128 | int scount, stotal, first, isquery, truncate; |
6129 | + unsigned int mtu; |
6130 | |
6131 | if (pmc->multiaddr == IGMP_ALL_HOSTS) |
6132 | return skb; |
6133 | if (ipv4_is_local_multicast(pmc->multiaddr) && !net->ipv4.sysctl_igmp_llm_reports) |
6134 | return skb; |
6135 | |
6136 | + mtu = READ_ONCE(dev->mtu); |
6137 | + if (mtu < IPV4_MIN_MTU) |
6138 | + return skb; |
6139 | + |
6140 | isquery = type == IGMPV3_MODE_IS_INCLUDE || |
6141 | type == IGMPV3_MODE_IS_EXCLUDE; |
6142 | truncate = type == IGMPV3_MODE_IS_EXCLUDE || |
6143 | @@ -462,7 +486,7 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, |
6144 | AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { |
6145 | if (skb) |
6146 | igmpv3_sendpack(skb); |
6147 | - skb = igmpv3_newpack(dev, dev->mtu); |
6148 | + skb = igmpv3_newpack(dev, mtu); |
6149 | } |
6150 | } |
6151 | first = 1; |
6152 | @@ -498,12 +522,12 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, |
6153 | pgr->grec_nsrcs = htons(scount); |
6154 | if (skb) |
6155 | igmpv3_sendpack(skb); |
6156 | - skb = igmpv3_newpack(dev, dev->mtu); |
6157 | + skb = igmpv3_newpack(dev, mtu); |
6158 | first = 1; |
6159 | scount = 0; |
6160 | } |
6161 | if (first) { |
6162 | - skb = add_grhead(skb, pmc, type, &pgr); |
6163 | + skb = add_grhead(skb, pmc, type, &pgr, mtu); |
6164 | first = 0; |
6165 | } |
6166 | if (!skb) |
6167 | @@ -538,7 +562,7 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc, |
6168 | igmpv3_sendpack(skb); |
6169 | skb = NULL; /* add_grhead will get a new one */ |
6170 | } |
6171 | - skb = add_grhead(skb, pmc, type, &pgr); |
6172 | + skb = add_grhead(skb, pmc, type, &pgr, mtu); |
6173 | } |
6174 | } |
6175 | if (pgr) |
6176 | diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c |
6177 | index e9805ad664ac..4e90082b23a6 100644 |
6178 | --- a/net/ipv4/ip_tunnel.c |
6179 | +++ b/net/ipv4/ip_tunnel.c |
6180 | @@ -349,8 +349,8 @@ static int ip_tunnel_bind_dev(struct net_device *dev) |
6181 | dev->needed_headroom = t_hlen + hlen; |
6182 | mtu -= (dev->hard_header_len + t_hlen); |
6183 | |
6184 | - if (mtu < 68) |
6185 | - mtu = 68; |
6186 | + if (mtu < IPV4_MIN_MTU) |
6187 | + mtu = IPV4_MIN_MTU; |
6188 | |
6189 | return mtu; |
6190 | } |
6191 | diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c |
6192 | index 33b70bfd1122..125c1eab3eaa 100644 |
6193 | --- a/net/ipv4/raw.c |
6194 | +++ b/net/ipv4/raw.c |
6195 | @@ -513,11 +513,16 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
6196 | int err; |
6197 | struct ip_options_data opt_copy; |
6198 | struct raw_frag_vec rfv; |
6199 | + int hdrincl; |
6200 | |
6201 | err = -EMSGSIZE; |
6202 | if (len > 0xFFFF) |
6203 | goto out; |
6204 | |
6205 | + /* hdrincl should be READ_ONCE(inet->hdrincl) |
6206 | + * but READ_ONCE() doesn't work with bit fields |
6207 | + */ |
6208 | + hdrincl = inet->hdrincl; |
6209 | /* |
6210 | * Check the flags. |
6211 | */ |
6212 | @@ -593,7 +598,7 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
6213 | /* Linux does not mangle headers on raw sockets, |
6214 | * so that IP options + IP_HDRINCL is non-sense. |
6215 | */ |
6216 | - if (inet->hdrincl) |
6217 | + if (hdrincl) |
6218 | goto done; |
6219 | if (ipc.opt->opt.srr) { |
6220 | if (!daddr) |
6221 | @@ -615,12 +620,12 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
6222 | |
6223 | flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos, |
6224 | RT_SCOPE_UNIVERSE, |
6225 | - inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol, |
6226 | + hdrincl ? IPPROTO_RAW : sk->sk_protocol, |
6227 | inet_sk_flowi_flags(sk) | |
6228 | - (inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0), |
6229 | + (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0), |
6230 | daddr, saddr, 0, 0, sk->sk_uid); |
6231 | |
6232 | - if (!inet->hdrincl) { |
6233 | + if (!hdrincl) { |
6234 | rfv.msg = msg; |
6235 | rfv.hlen = 0; |
6236 | |
6237 | @@ -645,7 +650,7 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) |
6238 | goto do_confirm; |
6239 | back_from_confirm: |
6240 | |
6241 | - if (inet->hdrincl) |
6242 | + if (hdrincl) |
6243 | err = raw_send_hdrinc(sk, &fl4, msg, len, |
6244 | &rt, msg->msg_flags, &ipc.sockc); |
6245 | |
6246 | diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c |
6247 | index 5091402720ab..a0c72b09cefc 100644 |
6248 | --- a/net/ipv4/tcp.c |
6249 | +++ b/net/ipv4/tcp.c |
6250 | @@ -2356,6 +2356,7 @@ int tcp_disconnect(struct sock *sk, int flags) |
6251 | tp->snd_cwnd_cnt = 0; |
6252 | tp->window_clamp = 0; |
6253 | tcp_set_ca_state(sk, TCP_CA_Open); |
6254 | + tp->is_sack_reneg = 0; |
6255 | tcp_clear_retrans(tp); |
6256 | inet_csk_delack_init(sk); |
6257 | /* Initialize rcv_mss to TCP_MIN_MSS to avoid division by 0 |
6258 | diff --git a/net/ipv4/tcp_bbr.c b/net/ipv4/tcp_bbr.c |
6259 | index 69ee877574d0..8322f26e770e 100644 |
6260 | --- a/net/ipv4/tcp_bbr.c |
6261 | +++ b/net/ipv4/tcp_bbr.c |
6262 | @@ -110,7 +110,8 @@ struct bbr { |
6263 | u32 lt_last_lost; /* LT intvl start: tp->lost */ |
6264 | u32 pacing_gain:10, /* current gain for setting pacing rate */ |
6265 | cwnd_gain:10, /* current gain for setting cwnd */ |
6266 | - full_bw_cnt:3, /* number of rounds without large bw gains */ |
6267 | + full_bw_reached:1, /* reached full bw in Startup? */ |
6268 | + full_bw_cnt:2, /* number of rounds without large bw gains */ |
6269 | cycle_idx:3, /* current index in pacing_gain cycle array */ |
6270 | has_seen_rtt:1, /* have we seen an RTT sample yet? */ |
6271 | unused_b:5; |
6272 | @@ -180,7 +181,7 @@ static bool bbr_full_bw_reached(const struct sock *sk) |
6273 | { |
6274 | const struct bbr *bbr = inet_csk_ca(sk); |
6275 | |
6276 | - return bbr->full_bw_cnt >= bbr_full_bw_cnt; |
6277 | + return bbr->full_bw_reached; |
6278 | } |
6279 | |
6280 | /* Return the windowed max recent bandwidth sample, in pkts/uS << BW_SCALE. */ |
6281 | @@ -717,6 +718,7 @@ static void bbr_check_full_bw_reached(struct sock *sk, |
6282 | return; |
6283 | } |
6284 | ++bbr->full_bw_cnt; |
6285 | + bbr->full_bw_reached = bbr->full_bw_cnt >= bbr_full_bw_cnt; |
6286 | } |
6287 | |
6288 | /* If pipe is probably full, drain the queue and then enter steady-state. */ |
6289 | @@ -850,6 +852,7 @@ static void bbr_init(struct sock *sk) |
6290 | bbr->restore_cwnd = 0; |
6291 | bbr->round_start = 0; |
6292 | bbr->idle_restart = 0; |
6293 | + bbr->full_bw_reached = 0; |
6294 | bbr->full_bw = 0; |
6295 | bbr->full_bw_cnt = 0; |
6296 | bbr->cycle_mstamp = 0; |
6297 | @@ -871,6 +874,11 @@ static u32 bbr_sndbuf_expand(struct sock *sk) |
6298 | */ |
6299 | static u32 bbr_undo_cwnd(struct sock *sk) |
6300 | { |
6301 | + struct bbr *bbr = inet_csk_ca(sk); |
6302 | + |
6303 | + bbr->full_bw = 0; /* spurious slow-down; reset full pipe detection */ |
6304 | + bbr->full_bw_cnt = 0; |
6305 | + bbr_reset_lt_bw_sampling(sk); |
6306 | return tcp_sk(sk)->snd_cwnd; |
6307 | } |
6308 | |
6309 | diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c |
6310 | index c5447b9f8517..ff48ac654e5a 100644 |
6311 | --- a/net/ipv4/tcp_input.c |
6312 | +++ b/net/ipv4/tcp_input.c |
6313 | @@ -521,9 +521,6 @@ static void tcp_rcv_rtt_update(struct tcp_sock *tp, u32 sample, int win_dep) |
6314 | u32 new_sample = tp->rcv_rtt_est.rtt_us; |
6315 | long m = sample; |
6316 | |
6317 | - if (m == 0) |
6318 | - m = 1; |
6319 | - |
6320 | if (new_sample != 0) { |
6321 | /* If we sample in larger samples in the non-timestamp |
6322 | * case, we could grossly overestimate the RTT especially |
6323 | @@ -560,6 +557,8 @@ static inline void tcp_rcv_rtt_measure(struct tcp_sock *tp) |
6324 | if (before(tp->rcv_nxt, tp->rcv_rtt_est.seq)) |
6325 | return; |
6326 | delta_us = tcp_stamp_us_delta(tp->tcp_mstamp, tp->rcv_rtt_est.time); |
6327 | + if (!delta_us) |
6328 | + delta_us = 1; |
6329 | tcp_rcv_rtt_update(tp, delta_us, 1); |
6330 | |
6331 | new_measure: |
6332 | @@ -576,8 +575,11 @@ static inline void tcp_rcv_rtt_measure_ts(struct sock *sk, |
6333 | (TCP_SKB_CB(skb)->end_seq - |
6334 | TCP_SKB_CB(skb)->seq >= inet_csk(sk)->icsk_ack.rcv_mss)) { |
6335 | u32 delta = tcp_time_stamp(tp) - tp->rx_opt.rcv_tsecr; |
6336 | - u32 delta_us = delta * (USEC_PER_SEC / TCP_TS_HZ); |
6337 | + u32 delta_us; |
6338 | |
6339 | + if (!delta) |
6340 | + delta = 1; |
6341 | + delta_us = delta * (USEC_PER_SEC / TCP_TS_HZ); |
6342 | tcp_rcv_rtt_update(tp, delta_us, 0); |
6343 | } |
6344 | } |
6345 | @@ -1975,6 +1977,8 @@ void tcp_enter_loss(struct sock *sk) |
6346 | NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPSACKRENEGING); |
6347 | tp->sacked_out = 0; |
6348 | tp->fackets_out = 0; |
6349 | + /* Mark SACK reneging until we recover from this loss event. */ |
6350 | + tp->is_sack_reneg = 1; |
6351 | } |
6352 | tcp_clear_all_retrans_hints(tp); |
6353 | |
6354 | @@ -2428,6 +2432,7 @@ static bool tcp_try_undo_recovery(struct sock *sk) |
6355 | return true; |
6356 | } |
6357 | tcp_set_ca_state(sk, TCP_CA_Open); |
6358 | + tp->is_sack_reneg = 0; |
6359 | return false; |
6360 | } |
6361 | |
6362 | @@ -2459,8 +2464,10 @@ static bool tcp_try_undo_loss(struct sock *sk, bool frto_undo) |
6363 | NET_INC_STATS(sock_net(sk), |
6364 | LINUX_MIB_TCPSPURIOUSRTOS); |
6365 | inet_csk(sk)->icsk_retransmits = 0; |
6366 | - if (frto_undo || tcp_is_sack(tp)) |
6367 | + if (frto_undo || tcp_is_sack(tp)) { |
6368 | tcp_set_ca_state(sk, TCP_CA_Open); |
6369 | + tp->is_sack_reneg = 0; |
6370 | + } |
6371 | return true; |
6372 | } |
6373 | return false; |
6374 | @@ -3551,6 +3558,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) |
6375 | struct tcp_sacktag_state sack_state; |
6376 | struct rate_sample rs = { .prior_delivered = 0 }; |
6377 | u32 prior_snd_una = tp->snd_una; |
6378 | + bool is_sack_reneg = tp->is_sack_reneg; |
6379 | u32 ack_seq = TCP_SKB_CB(skb)->seq; |
6380 | u32 ack = TCP_SKB_CB(skb)->ack_seq; |
6381 | bool is_dupack = false; |
6382 | @@ -3666,7 +3674,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) |
6383 | |
6384 | delivered = tp->delivered - delivered; /* freshly ACKed or SACKed */ |
6385 | lost = tp->lost - lost; /* freshly marked lost */ |
6386 | - tcp_rate_gen(sk, delivered, lost, sack_state.rate); |
6387 | + tcp_rate_gen(sk, delivered, lost, is_sack_reneg, sack_state.rate); |
6388 | tcp_cong_control(sk, ack, delivered, flag, sack_state.rate); |
6389 | tcp_xmit_recovery(sk, rexmit); |
6390 | return 1; |
6391 | diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c |
6392 | index 5a5ed4f14678..cab4b935e474 100644 |
6393 | --- a/net/ipv4/tcp_ipv4.c |
6394 | +++ b/net/ipv4/tcp_ipv4.c |
6395 | @@ -844,7 +844,7 @@ static void tcp_v4_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, |
6396 | tcp_time_stamp_raw() + tcp_rsk(req)->ts_off, |
6397 | req->ts_recent, |
6398 | 0, |
6399 | - tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->daddr, |
6400 | + tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&ip_hdr(skb)->saddr, |
6401 | AF_INET), |
6402 | inet_rsk(req)->no_srccheck ? IP_REPLY_ARG_NOSRCCHECK : 0, |
6403 | ip_hdr(skb)->tos); |
6404 | diff --git a/net/ipv4/tcp_rate.c b/net/ipv4/tcp_rate.c |
6405 | index 3330a370d306..c61240e43923 100644 |
6406 | --- a/net/ipv4/tcp_rate.c |
6407 | +++ b/net/ipv4/tcp_rate.c |
6408 | @@ -106,7 +106,7 @@ void tcp_rate_skb_delivered(struct sock *sk, struct sk_buff *skb, |
6409 | |
6410 | /* Update the connection delivery information and generate a rate sample. */ |
6411 | void tcp_rate_gen(struct sock *sk, u32 delivered, u32 lost, |
6412 | - struct rate_sample *rs) |
6413 | + bool is_sack_reneg, struct rate_sample *rs) |
6414 | { |
6415 | struct tcp_sock *tp = tcp_sk(sk); |
6416 | u32 snd_us, ack_us; |
6417 | @@ -124,8 +124,12 @@ void tcp_rate_gen(struct sock *sk, u32 delivered, u32 lost, |
6418 | |
6419 | rs->acked_sacked = delivered; /* freshly ACKed or SACKed */ |
6420 | rs->losses = lost; /* freshly marked lost */ |
6421 | - /* Return an invalid sample if no timing information is available. */ |
6422 | - if (!rs->prior_mstamp) { |
6423 | + /* Return an invalid sample if no timing information is available or |
6424 | + * in recovery from loss with SACK reneging. Rate samples taken during |
6425 | + * a SACK reneging event may overestimate bw by including packets that |
6426 | + * were SACKed before the reneg. |
6427 | + */ |
6428 | + if (!rs->prior_mstamp || is_sack_reneg) { |
6429 | rs->delivered = -1; |
6430 | rs->interval_us = -1; |
6431 | return; |
6432 | diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c |
6433 | index 655dd8d7f064..e9af1879cd53 100644 |
6434 | --- a/net/ipv4/tcp_timer.c |
6435 | +++ b/net/ipv4/tcp_timer.c |
6436 | @@ -264,6 +264,7 @@ void tcp_delack_timer_handler(struct sock *sk) |
6437 | icsk->icsk_ack.pingpong = 0; |
6438 | icsk->icsk_ack.ato = TCP_ATO_MIN; |
6439 | } |
6440 | + tcp_mstamp_refresh(tcp_sk(sk)); |
6441 | tcp_send_ack(sk); |
6442 | __NET_INC_STATS(sock_net(sk), LINUX_MIB_DELAYEDACKS); |
6443 | } |
6444 | @@ -627,6 +628,7 @@ static void tcp_keepalive_timer (unsigned long data) |
6445 | goto out; |
6446 | } |
6447 | |
6448 | + tcp_mstamp_refresh(tp); |
6449 | if (sk->sk_state == TCP_FIN_WAIT2 && sock_flag(sk, SOCK_DEAD)) { |
6450 | if (tp->linger2 >= 0) { |
6451 | const int tmo = tcp_fin_time(sk) - TCP_TIMEWAIT_LEN; |
6452 | diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c |
6453 | index 2ec39404c449..c5318f5f6a14 100644 |
6454 | --- a/net/ipv6/addrconf.c |
6455 | +++ b/net/ipv6/addrconf.c |
6456 | @@ -231,7 +231,7 @@ static struct ipv6_devconf ipv6_devconf __read_mostly = { |
6457 | .proxy_ndp = 0, |
6458 | .accept_source_route = 0, /* we do not accept RH0 by default. */ |
6459 | .disable_ipv6 = 0, |
6460 | - .accept_dad = 1, |
6461 | + .accept_dad = 0, |
6462 | .suppress_frag_ndisc = 1, |
6463 | .accept_ra_mtu = 1, |
6464 | .stable_secret = { |
6465 | diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c |
6466 | index fe5262fd6aa5..bcbd5f3bf8bd 100644 |
6467 | --- a/net/ipv6/af_inet6.c |
6468 | +++ b/net/ipv6/af_inet6.c |
6469 | @@ -210,7 +210,6 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol, |
6470 | np->mcast_hops = IPV6_DEFAULT_MCASTHOPS; |
6471 | np->mc_loop = 1; |
6472 | np->pmtudisc = IPV6_PMTUDISC_WANT; |
6473 | - np->autoflowlabel = ip6_default_np_autolabel(net); |
6474 | np->repflow = net->ipv6.sysctl.flowlabel_reflect; |
6475 | sk->sk_ipv6only = net->ipv6.sysctl.bindv6only; |
6476 | |
6477 | diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c |
6478 | index 5d6bee070871..7a2df6646486 100644 |
6479 | --- a/net/ipv6/ip6_gre.c |
6480 | +++ b/net/ipv6/ip6_gre.c |
6481 | @@ -1020,6 +1020,36 @@ static void ip6gre_tunnel_setup(struct net_device *dev) |
6482 | eth_random_addr(dev->perm_addr); |
6483 | } |
6484 | |
6485 | +#define GRE6_FEATURES (NETIF_F_SG | \ |
6486 | + NETIF_F_FRAGLIST | \ |
6487 | + NETIF_F_HIGHDMA | \ |
6488 | + NETIF_F_HW_CSUM) |
6489 | + |
6490 | +static void ip6gre_tnl_init_features(struct net_device *dev) |
6491 | +{ |
6492 | + struct ip6_tnl *nt = netdev_priv(dev); |
6493 | + |
6494 | + dev->features |= GRE6_FEATURES; |
6495 | + dev->hw_features |= GRE6_FEATURES; |
6496 | + |
6497 | + if (!(nt->parms.o_flags & TUNNEL_SEQ)) { |
6498 | + /* TCP offload with GRE SEQ is not supported, nor |
6499 | + * can we support 2 levels of outer headers requiring |
6500 | + * an update. |
6501 | + */ |
6502 | + if (!(nt->parms.o_flags & TUNNEL_CSUM) || |
6503 | + nt->encap.type == TUNNEL_ENCAP_NONE) { |
6504 | + dev->features |= NETIF_F_GSO_SOFTWARE; |
6505 | + dev->hw_features |= NETIF_F_GSO_SOFTWARE; |
6506 | + } |
6507 | + |
6508 | + /* Can use a lockless transmit, unless we generate |
6509 | + * output sequences |
6510 | + */ |
6511 | + dev->features |= NETIF_F_LLTX; |
6512 | + } |
6513 | +} |
6514 | + |
6515 | static int ip6gre_tunnel_init_common(struct net_device *dev) |
6516 | { |
6517 | struct ip6_tnl *tunnel; |
6518 | @@ -1054,6 +1084,8 @@ static int ip6gre_tunnel_init_common(struct net_device *dev) |
6519 | if (!(tunnel->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) |
6520 | dev->mtu -= 8; |
6521 | |
6522 | + ip6gre_tnl_init_features(dev); |
6523 | + |
6524 | return 0; |
6525 | } |
6526 | |
6527 | @@ -1302,11 +1334,6 @@ static const struct net_device_ops ip6gre_tap_netdev_ops = { |
6528 | .ndo_get_iflink = ip6_tnl_get_iflink, |
6529 | }; |
6530 | |
6531 | -#define GRE6_FEATURES (NETIF_F_SG | \ |
6532 | - NETIF_F_FRAGLIST | \ |
6533 | - NETIF_F_HIGHDMA | \ |
6534 | - NETIF_F_HW_CSUM) |
6535 | - |
6536 | static void ip6gre_tap_setup(struct net_device *dev) |
6537 | { |
6538 | |
6539 | @@ -1386,26 +1413,6 @@ static int ip6gre_newlink(struct net *src_net, struct net_device *dev, |
6540 | nt->net = dev_net(dev); |
6541 | ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]); |
6542 | |
6543 | - dev->features |= GRE6_FEATURES; |
6544 | - dev->hw_features |= GRE6_FEATURES; |
6545 | - |
6546 | - if (!(nt->parms.o_flags & TUNNEL_SEQ)) { |
6547 | - /* TCP offload with GRE SEQ is not supported, nor |
6548 | - * can we support 2 levels of outer headers requiring |
6549 | - * an update. |
6550 | - */ |
6551 | - if (!(nt->parms.o_flags & TUNNEL_CSUM) || |
6552 | - (nt->encap.type == TUNNEL_ENCAP_NONE)) { |
6553 | - dev->features |= NETIF_F_GSO_SOFTWARE; |
6554 | - dev->hw_features |= NETIF_F_GSO_SOFTWARE; |
6555 | - } |
6556 | - |
6557 | - /* Can use a lockless transmit, unless we generate |
6558 | - * output sequences |
6559 | - */ |
6560 | - dev->features |= NETIF_F_LLTX; |
6561 | - } |
6562 | - |
6563 | err = register_netdevice(dev); |
6564 | if (err) |
6565 | goto out; |
6566 | diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c |
6567 | index 5110a418cc4d..f7dd51c42314 100644 |
6568 | --- a/net/ipv6/ip6_output.c |
6569 | +++ b/net/ipv6/ip6_output.c |
6570 | @@ -166,6 +166,14 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb) |
6571 | !(IP6CB(skb)->flags & IP6SKB_REROUTED)); |
6572 | } |
6573 | |
6574 | +static bool ip6_autoflowlabel(struct net *net, const struct ipv6_pinfo *np) |
6575 | +{ |
6576 | + if (!np->autoflowlabel_set) |
6577 | + return ip6_default_np_autolabel(net); |
6578 | + else |
6579 | + return np->autoflowlabel; |
6580 | +} |
6581 | + |
6582 | /* |
6583 | * xmit an sk_buff (used by TCP, SCTP and DCCP) |
6584 | * Note : socket lock is not held for SYNACK packets, but might be modified |
6585 | @@ -230,7 +238,7 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, |
6586 | hlimit = ip6_dst_hoplimit(dst); |
6587 | |
6588 | ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel, |
6589 | - np->autoflowlabel, fl6)); |
6590 | + ip6_autoflowlabel(net, np), fl6)); |
6591 | |
6592 | hdr->payload_len = htons(seg_len); |
6593 | hdr->nexthdr = proto; |
6594 | @@ -1626,7 +1634,7 @@ struct sk_buff *__ip6_make_skb(struct sock *sk, |
6595 | |
6596 | ip6_flow_hdr(hdr, v6_cork->tclass, |
6597 | ip6_make_flowlabel(net, skb, fl6->flowlabel, |
6598 | - np->autoflowlabel, fl6)); |
6599 | + ip6_autoflowlabel(net, np), fl6)); |
6600 | hdr->hop_limit = v6_cork->hop_limit; |
6601 | hdr->nexthdr = proto; |
6602 | hdr->saddr = fl6->saddr; |
6603 | diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c |
6604 | index a1c24443cd9e..ef958d50746b 100644 |
6605 | --- a/net/ipv6/ip6_tunnel.c |
6606 | +++ b/net/ipv6/ip6_tunnel.c |
6607 | @@ -912,7 +912,7 @@ static int ipxip6_rcv(struct sk_buff *skb, u8 ipproto, |
6608 | if (t->parms.collect_md) { |
6609 | tun_dst = ipv6_tun_rx_dst(skb, 0, 0, 0); |
6610 | if (!tun_dst) |
6611 | - return 0; |
6612 | + goto drop; |
6613 | } |
6614 | ret = __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate, |
6615 | log_ecn_error); |
6616 | diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c |
6617 | index a5e466d4e093..90dbfa78a390 100644 |
6618 | --- a/net/ipv6/ipv6_sockglue.c |
6619 | +++ b/net/ipv6/ipv6_sockglue.c |
6620 | @@ -878,6 +878,7 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname, |
6621 | break; |
6622 | case IPV6_AUTOFLOWLABEL: |
6623 | np->autoflowlabel = valbool; |
6624 | + np->autoflowlabel_set = 1; |
6625 | retv = 0; |
6626 | break; |
6627 | case IPV6_RECVFRAGSIZE: |
6628 | diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c |
6629 | index 12b7c27ce5ce..9a38a2c641fa 100644 |
6630 | --- a/net/ipv6/mcast.c |
6631 | +++ b/net/ipv6/mcast.c |
6632 | @@ -1682,16 +1682,16 @@ static int grec_size(struct ifmcaddr6 *pmc, int type, int gdel, int sdel) |
6633 | } |
6634 | |
6635 | static struct sk_buff *add_grhead(struct sk_buff *skb, struct ifmcaddr6 *pmc, |
6636 | - int type, struct mld2_grec **ppgr) |
6637 | + int type, struct mld2_grec **ppgr, unsigned int mtu) |
6638 | { |
6639 | - struct net_device *dev = pmc->idev->dev; |
6640 | struct mld2_report *pmr; |
6641 | struct mld2_grec *pgr; |
6642 | |
6643 | - if (!skb) |
6644 | - skb = mld_newpack(pmc->idev, dev->mtu); |
6645 | - if (!skb) |
6646 | - return NULL; |
6647 | + if (!skb) { |
6648 | + skb = mld_newpack(pmc->idev, mtu); |
6649 | + if (!skb) |
6650 | + return NULL; |
6651 | + } |
6652 | pgr = skb_put(skb, sizeof(struct mld2_grec)); |
6653 | pgr->grec_type = type; |
6654 | pgr->grec_auxwords = 0; |
6655 | @@ -1714,10 +1714,15 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc, |
6656 | struct mld2_grec *pgr = NULL; |
6657 | struct ip6_sf_list *psf, *psf_next, *psf_prev, **psf_list; |
6658 | int scount, stotal, first, isquery, truncate; |
6659 | + unsigned int mtu; |
6660 | |
6661 | if (pmc->mca_flags & MAF_NOREPORT) |
6662 | return skb; |
6663 | |
6664 | + mtu = READ_ONCE(dev->mtu); |
6665 | + if (mtu < IPV6_MIN_MTU) |
6666 | + return skb; |
6667 | + |
6668 | isquery = type == MLD2_MODE_IS_INCLUDE || |
6669 | type == MLD2_MODE_IS_EXCLUDE; |
6670 | truncate = type == MLD2_MODE_IS_EXCLUDE || |
6671 | @@ -1738,7 +1743,7 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc, |
6672 | AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) { |
6673 | if (skb) |
6674 | mld_sendpack(skb); |
6675 | - skb = mld_newpack(idev, dev->mtu); |
6676 | + skb = mld_newpack(idev, mtu); |
6677 | } |
6678 | } |
6679 | first = 1; |
6680 | @@ -1774,12 +1779,12 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc, |
6681 | pgr->grec_nsrcs = htons(scount); |
6682 | if (skb) |
6683 | mld_sendpack(skb); |
6684 | - skb = mld_newpack(idev, dev->mtu); |
6685 | + skb = mld_newpack(idev, mtu); |
6686 | first = 1; |
6687 | scount = 0; |
6688 | } |
6689 | if (first) { |
6690 | - skb = add_grhead(skb, pmc, type, &pgr); |
6691 | + skb = add_grhead(skb, pmc, type, &pgr, mtu); |
6692 | first = 0; |
6693 | } |
6694 | if (!skb) |
6695 | @@ -1814,7 +1819,7 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc, |
6696 | mld_sendpack(skb); |
6697 | skb = NULL; /* add_grhead will get a new one */ |
6698 | } |
6699 | - skb = add_grhead(skb, pmc, type, &pgr); |
6700 | + skb = add_grhead(skb, pmc, type, &pgr, mtu); |
6701 | } |
6702 | } |
6703 | if (pgr) |
6704 | diff --git a/net/ipv6/route.c b/net/ipv6/route.c |
6705 | index 598efa8cfe25..ca8d3266e92e 100644 |
6706 | --- a/net/ipv6/route.c |
6707 | +++ b/net/ipv6/route.c |
6708 | @@ -3700,19 +3700,13 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, |
6709 | if (!ipv6_addr_any(&fl6.saddr)) |
6710 | flags |= RT6_LOOKUP_F_HAS_SADDR; |
6711 | |
6712 | - if (!fibmatch) |
6713 | - dst = ip6_route_input_lookup(net, dev, &fl6, flags); |
6714 | - else |
6715 | - dst = ip6_route_lookup(net, &fl6, 0); |
6716 | + dst = ip6_route_input_lookup(net, dev, &fl6, flags); |
6717 | |
6718 | rcu_read_unlock(); |
6719 | } else { |
6720 | fl6.flowi6_oif = oif; |
6721 | |
6722 | - if (!fibmatch) |
6723 | - dst = ip6_route_output(net, NULL, &fl6); |
6724 | - else |
6725 | - dst = ip6_route_lookup(net, &fl6, 0); |
6726 | + dst = ip6_route_output(net, NULL, &fl6); |
6727 | } |
6728 | |
6729 | |
6730 | @@ -3729,6 +3723,15 @@ static int inet6_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, |
6731 | goto errout; |
6732 | } |
6733 | |
6734 | + if (fibmatch && rt->dst.from) { |
6735 | + struct rt6_info *ort = container_of(rt->dst.from, |
6736 | + struct rt6_info, dst); |
6737 | + |
6738 | + dst_hold(&ort->dst); |
6739 | + ip6_rt_put(rt); |
6740 | + rt = ort; |
6741 | + } |
6742 | + |
6743 | skb = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); |
6744 | if (!skb) { |
6745 | ip6_rt_put(rt); |
6746 | diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c |
6747 | index 32ded300633d..237cc6187c5a 100644 |
6748 | --- a/net/ipv6/tcp_ipv6.c |
6749 | +++ b/net/ipv6/tcp_ipv6.c |
6750 | @@ -988,7 +988,7 @@ static void tcp_v6_reqsk_send_ack(const struct sock *sk, struct sk_buff *skb, |
6751 | req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale, |
6752 | tcp_time_stamp_raw() + tcp_rsk(req)->ts_off, |
6753 | req->ts_recent, sk->sk_bound_dev_if, |
6754 | - tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->daddr), |
6755 | + tcp_v6_md5_do_lookup(sk, &ipv6_hdr(skb)->saddr), |
6756 | 0, 0); |
6757 | } |
6758 | |
6759 | diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c |
6760 | index 15c99dfa3d72..aac9d68b4636 100644 |
6761 | --- a/net/netlink/af_netlink.c |
6762 | +++ b/net/netlink/af_netlink.c |
6763 | @@ -254,6 +254,9 @@ static int __netlink_deliver_tap_skb(struct sk_buff *skb, |
6764 | struct sock *sk = skb->sk; |
6765 | int ret = -ENOMEM; |
6766 | |
6767 | + if (!net_eq(dev_net(dev), sock_net(sk))) |
6768 | + return 0; |
6769 | + |
6770 | dev_hold(dev); |
6771 | |
6772 | if (is_vmalloc_addr(skb->head)) |
6773 | diff --git a/net/openvswitch/flow.c b/net/openvswitch/flow.c |
6774 | index cfb652a4e007..dbe1079a1651 100644 |
6775 | --- a/net/openvswitch/flow.c |
6776 | +++ b/net/openvswitch/flow.c |
6777 | @@ -532,6 +532,7 @@ static int key_extract(struct sk_buff *skb, struct sw_flow_key *key) |
6778 | return -EINVAL; |
6779 | |
6780 | skb_reset_network_header(skb); |
6781 | + key->eth.type = skb->protocol; |
6782 | } else { |
6783 | eth = eth_hdr(skb); |
6784 | ether_addr_copy(key->eth.src, eth->h_source); |
6785 | @@ -545,15 +546,23 @@ static int key_extract(struct sk_buff *skb, struct sw_flow_key *key) |
6786 | if (unlikely(parse_vlan(skb, key))) |
6787 | return -ENOMEM; |
6788 | |
6789 | - skb->protocol = parse_ethertype(skb); |
6790 | - if (unlikely(skb->protocol == htons(0))) |
6791 | + key->eth.type = parse_ethertype(skb); |
6792 | + if (unlikely(key->eth.type == htons(0))) |
6793 | return -ENOMEM; |
6794 | |
6795 | + /* Multiple tagged packets need to retain TPID to satisfy |
6796 | + * skb_vlan_pop(), which will later shift the ethertype into |
6797 | + * skb->protocol. |
6798 | + */ |
6799 | + if (key->eth.cvlan.tci & htons(VLAN_TAG_PRESENT)) |
6800 | + skb->protocol = key->eth.cvlan.tpid; |
6801 | + else |
6802 | + skb->protocol = key->eth.type; |
6803 | + |
6804 | skb_reset_network_header(skb); |
6805 | __skb_push(skb, skb->data - skb_mac_header(skb)); |
6806 | } |
6807 | skb_reset_mac_len(skb); |
6808 | - key->eth.type = skb->protocol; |
6809 | |
6810 | /* Network layer. */ |
6811 | if (key->eth.type == htons(ETH_P_IP)) { |
6812 | diff --git a/net/rds/send.c b/net/rds/send.c |
6813 | index b52cdc8ae428..f72466c63f0c 100644 |
6814 | --- a/net/rds/send.c |
6815 | +++ b/net/rds/send.c |
6816 | @@ -1009,6 +1009,9 @@ static int rds_rdma_bytes(struct msghdr *msg, size_t *rdma_bytes) |
6817 | continue; |
6818 | |
6819 | if (cmsg->cmsg_type == RDS_CMSG_RDMA_ARGS) { |
6820 | + if (cmsg->cmsg_len < |
6821 | + CMSG_LEN(sizeof(struct rds_rdma_args))) |
6822 | + return -EINVAL; |
6823 | args = CMSG_DATA(cmsg); |
6824 | *rdma_bytes += args->remote_vec.bytes; |
6825 | } |
6826 | diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c |
6827 | index 44de4ee51ce9..a08a32fa0949 100644 |
6828 | --- a/net/sched/sch_ingress.c |
6829 | +++ b/net/sched/sch_ingress.c |
6830 | @@ -59,11 +59,12 @@ static int ingress_init(struct Qdisc *sch, struct nlattr *opt) |
6831 | struct net_device *dev = qdisc_dev(sch); |
6832 | int err; |
6833 | |
6834 | + net_inc_ingress_queue(); |
6835 | + |
6836 | err = tcf_block_get(&q->block, &dev->ingress_cl_list); |
6837 | if (err) |
6838 | return err; |
6839 | |
6840 | - net_inc_ingress_queue(); |
6841 | sch->flags |= TCQ_F_CPUSTATS; |
6842 | |
6843 | return 0; |
6844 | @@ -153,6 +154,9 @@ static int clsact_init(struct Qdisc *sch, struct nlattr *opt) |
6845 | struct net_device *dev = qdisc_dev(sch); |
6846 | int err; |
6847 | |
6848 | + net_inc_ingress_queue(); |
6849 | + net_inc_egress_queue(); |
6850 | + |
6851 | err = tcf_block_get(&q->ingress_block, &dev->ingress_cl_list); |
6852 | if (err) |
6853 | return err; |
6854 | @@ -161,9 +165,6 @@ static int clsact_init(struct Qdisc *sch, struct nlattr *opt) |
6855 | if (err) |
6856 | return err; |
6857 | |
6858 | - net_inc_ingress_queue(); |
6859 | - net_inc_egress_queue(); |
6860 | - |
6861 | sch->flags |= TCQ_F_CPUSTATS; |
6862 | |
6863 | return 0; |
6864 | diff --git a/net/sctp/socket.c b/net/sctp/socket.c |
6865 | index d6163f7aefb1..df806b8819aa 100644 |
6866 | --- a/net/sctp/socket.c |
6867 | +++ b/net/sctp/socket.c |
6868 | @@ -3874,13 +3874,17 @@ static int sctp_setsockopt_reset_streams(struct sock *sk, |
6869 | struct sctp_association *asoc; |
6870 | int retval = -EINVAL; |
6871 | |
6872 | - if (optlen < sizeof(struct sctp_reset_streams)) |
6873 | + if (optlen < sizeof(*params)) |
6874 | return -EINVAL; |
6875 | |
6876 | params = memdup_user(optval, optlen); |
6877 | if (IS_ERR(params)) |
6878 | return PTR_ERR(params); |
6879 | |
6880 | + if (params->srs_number_streams * sizeof(__u16) > |
6881 | + optlen - sizeof(*params)) |
6882 | + goto out; |
6883 | + |
6884 | asoc = sctp_id2assoc(sk, params->srs_assoc_id); |
6885 | if (!asoc) |
6886 | goto out; |
6887 | @@ -4413,7 +4417,7 @@ static int sctp_init_sock(struct sock *sk) |
6888 | SCTP_DBG_OBJCNT_INC(sock); |
6889 | |
6890 | local_bh_disable(); |
6891 | - percpu_counter_inc(&sctp_sockets_allocated); |
6892 | + sk_sockets_allocated_inc(sk); |
6893 | sock_prot_inuse_add(net, sk->sk_prot, 1); |
6894 | |
6895 | /* Nothing can fail after this block, otherwise |
6896 | @@ -4457,7 +4461,7 @@ static void sctp_destroy_sock(struct sock *sk) |
6897 | } |
6898 | sctp_endpoint_free(sp->ep); |
6899 | local_bh_disable(); |
6900 | - percpu_counter_dec(&sctp_sockets_allocated); |
6901 | + sk_sockets_allocated_dec(sk); |
6902 | sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1); |
6903 | local_bh_enable(); |
6904 | } |
6905 | diff --git a/net/tipc/socket.c b/net/tipc/socket.c |
6906 | index d50edd6e0019..98a44ecb11e7 100644 |
6907 | --- a/net/tipc/socket.c |
6908 | +++ b/net/tipc/socket.c |
6909 | @@ -709,11 +709,11 @@ static unsigned int tipc_poll(struct file *file, struct socket *sock, |
6910 | |
6911 | switch (sk->sk_state) { |
6912 | case TIPC_ESTABLISHED: |
6913 | + case TIPC_CONNECTING: |
6914 | if (!tsk->cong_link_cnt && !tsk_conn_cong(tsk)) |
6915 | mask |= POLLOUT; |
6916 | /* fall thru' */ |
6917 | case TIPC_LISTEN: |
6918 | - case TIPC_CONNECTING: |
6919 | if (!skb_queue_empty(&sk->sk_receive_queue)) |
6920 | mask |= (POLLIN | POLLRDNORM); |
6921 | break; |
6922 | diff --git a/security/Kconfig b/security/Kconfig |
6923 | index e8e449444e65..6614b9312b45 100644 |
6924 | --- a/security/Kconfig |
6925 | +++ b/security/Kconfig |
6926 | @@ -54,6 +54,17 @@ config SECURITY_NETWORK |
6927 | implement socket and networking access controls. |
6928 | If you are unsure how to answer this question, answer N. |
6929 | |
6930 | +config PAGE_TABLE_ISOLATION |
6931 | + bool "Remove the kernel mapping in user mode" |
6932 | + depends on X86_64 && !UML |
6933 | + default y |
6934 | + help |
6935 | + This feature reduces the number of hardware side channels by |
6936 | + ensuring that the majority of kernel addresses are not mapped |
6937 | + into userspace. |
6938 | + |
6939 | + See Documentation/x86/pagetable-isolation.txt for more details. |
6940 | + |
6941 | config SECURITY_INFINIBAND |
6942 | bool "Infiniband Security Hooks" |
6943 | depends on SECURITY && INFINIBAND |
6944 | diff --git a/sound/hda/hdac_i915.c b/sound/hda/hdac_i915.c |
6945 | index 038a180d3f81..cbe818eda336 100644 |
6946 | --- a/sound/hda/hdac_i915.c |
6947 | +++ b/sound/hda/hdac_i915.c |
6948 | @@ -325,7 +325,7 @@ static int hdac_component_master_match(struct device *dev, void *data) |
6949 | */ |
6950 | int snd_hdac_i915_register_notifier(const struct i915_audio_component_audio_ops *aops) |
6951 | { |
6952 | - if (WARN_ON(!hdac_acomp)) |
6953 | + if (!hdac_acomp) |
6954 | return -ENODEV; |
6955 | |
6956 | hdac_acomp->audio_ops = aops; |
6957 | diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c |
6958 | index a81aacf684b2..37e1cf8218ff 100644 |
6959 | --- a/sound/pci/hda/patch_conexant.c |
6960 | +++ b/sound/pci/hda/patch_conexant.c |
6961 | @@ -271,6 +271,8 @@ enum { |
6962 | CXT_FIXUP_HP_SPECTRE, |
6963 | CXT_FIXUP_HP_GATE_MIC, |
6964 | CXT_FIXUP_MUTE_LED_GPIO, |
6965 | + CXT_FIXUP_HEADSET_MIC, |
6966 | + CXT_FIXUP_HP_MIC_NO_PRESENCE, |
6967 | }; |
6968 | |
6969 | /* for hda_fixup_thinkpad_acpi() */ |
6970 | @@ -350,6 +352,18 @@ static void cxt_fixup_headphone_mic(struct hda_codec *codec, |
6971 | } |
6972 | } |
6973 | |
6974 | +static void cxt_fixup_headset_mic(struct hda_codec *codec, |
6975 | + const struct hda_fixup *fix, int action) |
6976 | +{ |
6977 | + struct conexant_spec *spec = codec->spec; |
6978 | + |
6979 | + switch (action) { |
6980 | + case HDA_FIXUP_ACT_PRE_PROBE: |
6981 | + spec->parse_flags |= HDA_PINCFG_HEADSET_MIC; |
6982 | + break; |
6983 | + } |
6984 | +} |
6985 | + |
6986 | /* OPLC XO 1.5 fixup */ |
6987 | |
6988 | /* OLPC XO-1.5 supports DC input mode (e.g. for use with analog sensors) |
6989 | @@ -880,6 +894,19 @@ static const struct hda_fixup cxt_fixups[] = { |
6990 | .type = HDA_FIXUP_FUNC, |
6991 | .v.func = cxt_fixup_mute_led_gpio, |
6992 | }, |
6993 | + [CXT_FIXUP_HEADSET_MIC] = { |
6994 | + .type = HDA_FIXUP_FUNC, |
6995 | + .v.func = cxt_fixup_headset_mic, |
6996 | + }, |
6997 | + [CXT_FIXUP_HP_MIC_NO_PRESENCE] = { |
6998 | + .type = HDA_FIXUP_PINS, |
6999 | + .v.pins = (const struct hda_pintbl[]) { |
7000 | + { 0x1a, 0x02a1113c }, |
7001 | + { } |
7002 | + }, |
7003 | + .chained = true, |
7004 | + .chain_id = CXT_FIXUP_HEADSET_MIC, |
7005 | + }, |
7006 | }; |
7007 | |
7008 | static const struct snd_pci_quirk cxt5045_fixups[] = { |
7009 | @@ -934,6 +961,8 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { |
7010 | SND_PCI_QUIRK(0x103c, 0x8115, "HP Z1 Gen3", CXT_FIXUP_HP_GATE_MIC), |
7011 | SND_PCI_QUIRK(0x103c, 0x814f, "HP ZBook 15u G3", CXT_FIXUP_MUTE_LED_GPIO), |
7012 | SND_PCI_QUIRK(0x103c, 0x822e, "HP ProBook 440 G4", CXT_FIXUP_MUTE_LED_GPIO), |
7013 | + SND_PCI_QUIRK(0x103c, 0x8299, "HP 800 G3 SFF", CXT_FIXUP_HP_MIC_NO_PRESENCE), |
7014 | + SND_PCI_QUIRK(0x103c, 0x829a, "HP 800 G3 DM", CXT_FIXUP_HP_MIC_NO_PRESENCE), |
7015 | SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN), |
7016 | SND_PCI_QUIRK(0x152d, 0x0833, "OLPC XO-1.5", CXT_FIXUP_OLPC_XO), |
7017 | SND_PCI_QUIRK(0x17aa, 0x20f2, "Lenovo T400", CXT_PINCFG_LENOVO_TP410), |
7018 | diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c |
7019 | index 9ac4b9076ee2..acdb196ddb44 100644 |
7020 | --- a/sound/pci/hda/patch_realtek.c |
7021 | +++ b/sound/pci/hda/patch_realtek.c |
7022 | @@ -324,8 +324,12 @@ static void alc_fill_eapd_coef(struct hda_codec *codec) |
7023 | case 0x10ec0292: |
7024 | alc_update_coef_idx(codec, 0x4, 1<<15, 0); |
7025 | break; |
7026 | - case 0x10ec0215: |
7027 | case 0x10ec0225: |
7028 | + case 0x10ec0295: |
7029 | + case 0x10ec0299: |
7030 | + alc_update_coef_idx(codec, 0x67, 0xf000, 0x3000); |
7031 | + /* fallthrough */ |
7032 | + case 0x10ec0215: |
7033 | case 0x10ec0233: |
7034 | case 0x10ec0236: |
7035 | case 0x10ec0255: |
7036 | @@ -336,10 +340,8 @@ static void alc_fill_eapd_coef(struct hda_codec *codec) |
7037 | case 0x10ec0286: |
7038 | case 0x10ec0288: |
7039 | case 0x10ec0285: |
7040 | - case 0x10ec0295: |
7041 | case 0x10ec0298: |
7042 | case 0x10ec0289: |
7043 | - case 0x10ec0299: |
7044 | alc_update_coef_idx(codec, 0x10, 1<<9, 0); |
7045 | break; |
7046 | case 0x10ec0275: |
7047 | @@ -6305,6 +6307,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { |
7048 | SND_PCI_QUIRK(0x17aa, 0x30bb, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY), |
7049 | SND_PCI_QUIRK(0x17aa, 0x30e2, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY), |
7050 | SND_PCI_QUIRK(0x17aa, 0x310c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), |
7051 | + SND_PCI_QUIRK(0x17aa, 0x313c, "ThinkCentre Station", ALC294_FIXUP_LENOVO_MIC_LOCATION), |
7052 | SND_PCI_QUIRK(0x17aa, 0x3112, "ThinkCentre AIO", ALC233_FIXUP_LENOVO_LINE2_MIC_HOTKEY), |
7053 | SND_PCI_QUIRK(0x17aa, 0x3902, "Lenovo E50-80", ALC269_FIXUP_DMIC_THINKPAD_ACPI), |
7054 | SND_PCI_QUIRK(0x17aa, 0x3977, "IdeaPad S210", ALC283_FIXUP_INT_MIC), |
7055 | @@ -6557,6 +6560,11 @@ static const struct snd_hda_pin_quirk alc269_pin_fixup_tbl[] = { |
7056 | SND_HDA_PIN_QUIRK(0x10ec0255, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, |
7057 | {0x1b, 0x01011020}, |
7058 | {0x21, 0x02211010}), |
7059 | + SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, |
7060 | + {0x12, 0x90a60130}, |
7061 | + {0x14, 0x90170110}, |
7062 | + {0x1b, 0x01011020}, |
7063 | + {0x21, 0x0221101f}), |
7064 | SND_HDA_PIN_QUIRK(0x10ec0256, 0x1028, "Dell", ALC255_FIXUP_DELL1_MIC_NO_PRESENCE, |
7065 | {0x12, 0x90a60160}, |
7066 | {0x14, 0x90170120}, |
7067 | diff --git a/sound/soc/codecs/da7218.c b/sound/soc/codecs/da7218.c |
7068 | index b2d42ec1dcd9..56564ce90cb6 100644 |
7069 | --- a/sound/soc/codecs/da7218.c |
7070 | +++ b/sound/soc/codecs/da7218.c |
7071 | @@ -2520,7 +2520,7 @@ static struct da7218_pdata *da7218_of_to_pdata(struct snd_soc_codec *codec) |
7072 | } |
7073 | |
7074 | if (da7218->dev_id == DA7218_DEV_ID) { |
7075 | - hpldet_np = of_find_node_by_name(np, "da7218_hpldet"); |
7076 | + hpldet_np = of_get_child_by_name(np, "da7218_hpldet"); |
7077 | if (!hpldet_np) |
7078 | return pdata; |
7079 | |
7080 | diff --git a/sound/soc/codecs/msm8916-wcd-analog.c b/sound/soc/codecs/msm8916-wcd-analog.c |
7081 | index 18933bf6473f..8c7063e1aa46 100644 |
7082 | --- a/sound/soc/codecs/msm8916-wcd-analog.c |
7083 | +++ b/sound/soc/codecs/msm8916-wcd-analog.c |
7084 | @@ -267,7 +267,7 @@ |
7085 | #define MSM8916_WCD_ANALOG_RATES (SNDRV_PCM_RATE_8000 | SNDRV_PCM_RATE_16000 |\ |
7086 | SNDRV_PCM_RATE_32000 | SNDRV_PCM_RATE_48000) |
7087 | #define MSM8916_WCD_ANALOG_FORMATS (SNDRV_PCM_FMTBIT_S16_LE |\ |
7088 | - SNDRV_PCM_FMTBIT_S24_LE) |
7089 | + SNDRV_PCM_FMTBIT_S32_LE) |
7090 | |
7091 | static int btn_mask = SND_JACK_BTN_0 | SND_JACK_BTN_1 | |
7092 | SND_JACK_BTN_2 | SND_JACK_BTN_3 | SND_JACK_BTN_4; |
7093 | diff --git a/sound/soc/codecs/msm8916-wcd-digital.c b/sound/soc/codecs/msm8916-wcd-digital.c |
7094 | index 66df8f810f0d..694db27b11fa 100644 |
7095 | --- a/sound/soc/codecs/msm8916-wcd-digital.c |
7096 | +++ b/sound/soc/codecs/msm8916-wcd-digital.c |
7097 | @@ -194,7 +194,7 @@ |
7098 | SNDRV_PCM_RATE_32000 | \ |
7099 | SNDRV_PCM_RATE_48000) |
7100 | #define MSM8916_WCD_DIGITAL_FORMATS (SNDRV_PCM_FMTBIT_S16_LE |\ |
7101 | - SNDRV_PCM_FMTBIT_S24_LE) |
7102 | + SNDRV_PCM_FMTBIT_S32_LE) |
7103 | |
7104 | struct msm8916_wcd_digital_priv { |
7105 | struct clk *ahbclk, *mclk; |
7106 | @@ -645,7 +645,7 @@ static int msm8916_wcd_digital_hw_params(struct snd_pcm_substream *substream, |
7107 | RX_I2S_CTL_RX_I2S_MODE_MASK, |
7108 | RX_I2S_CTL_RX_I2S_MODE_16); |
7109 | break; |
7110 | - case SNDRV_PCM_FORMAT_S24_LE: |
7111 | + case SNDRV_PCM_FORMAT_S32_LE: |
7112 | snd_soc_update_bits(dai->codec, LPASS_CDC_CLK_TX_I2S_CTL, |
7113 | TX_I2S_CTL_TX_I2S_MODE_MASK, |
7114 | TX_I2S_CTL_TX_I2S_MODE_32); |
7115 | diff --git a/sound/soc/codecs/tlv320aic31xx.h b/sound/soc/codecs/tlv320aic31xx.h |
7116 | index 730fb2058869..1ff3edb7bbb6 100644 |
7117 | --- a/sound/soc/codecs/tlv320aic31xx.h |
7118 | +++ b/sound/soc/codecs/tlv320aic31xx.h |
7119 | @@ -116,7 +116,7 @@ struct aic31xx_pdata { |
7120 | /* INT2 interrupt control */ |
7121 | #define AIC31XX_INT2CTRL AIC31XX_REG(0, 49) |
7122 | /* GPIO1 control */ |
7123 | -#define AIC31XX_GPIO1 AIC31XX_REG(0, 50) |
7124 | +#define AIC31XX_GPIO1 AIC31XX_REG(0, 51) |
7125 | |
7126 | #define AIC31XX_DACPRB AIC31XX_REG(0, 60) |
7127 | /* ADC Instruction Set Register */ |
7128 | diff --git a/sound/soc/codecs/twl4030.c b/sound/soc/codecs/twl4030.c |
7129 | index c482b2e7a7d2..cfe72b9d4356 100644 |
7130 | --- a/sound/soc/codecs/twl4030.c |
7131 | +++ b/sound/soc/codecs/twl4030.c |
7132 | @@ -232,7 +232,7 @@ static struct twl4030_codec_data *twl4030_get_pdata(struct snd_soc_codec *codec) |
7133 | struct twl4030_codec_data *pdata = dev_get_platdata(codec->dev); |
7134 | struct device_node *twl4030_codec_node = NULL; |
7135 | |
7136 | - twl4030_codec_node = of_find_node_by_name(codec->dev->parent->of_node, |
7137 | + twl4030_codec_node = of_get_child_by_name(codec->dev->parent->of_node, |
7138 | "codec"); |
7139 | |
7140 | if (!pdata && twl4030_codec_node) { |
7141 | @@ -241,9 +241,11 @@ static struct twl4030_codec_data *twl4030_get_pdata(struct snd_soc_codec *codec) |
7142 | GFP_KERNEL); |
7143 | if (!pdata) { |
7144 | dev_err(codec->dev, "Can not allocate memory\n"); |
7145 | + of_node_put(twl4030_codec_node); |
7146 | return NULL; |
7147 | } |
7148 | twl4030_setup_pdata_of(pdata, twl4030_codec_node); |
7149 | + of_node_put(twl4030_codec_node); |
7150 | } |
7151 | |
7152 | return pdata; |
7153 | diff --git a/sound/soc/codecs/wm_adsp.c b/sound/soc/codecs/wm_adsp.c |
7154 | index 65c059b5ffd7..66e32f5d2917 100644 |
7155 | --- a/sound/soc/codecs/wm_adsp.c |
7156 | +++ b/sound/soc/codecs/wm_adsp.c |
7157 | @@ -1733,7 +1733,7 @@ static int wm_adsp_load(struct wm_adsp *dsp) |
7158 | le64_to_cpu(footer->timestamp)); |
7159 | |
7160 | while (pos < firmware->size && |
7161 | - pos - firmware->size > sizeof(*region)) { |
7162 | + sizeof(*region) < firmware->size - pos) { |
7163 | region = (void *)&(firmware->data[pos]); |
7164 | region_name = "Unknown"; |
7165 | reg = 0; |
7166 | @@ -1782,8 +1782,8 @@ static int wm_adsp_load(struct wm_adsp *dsp) |
7167 | regions, le32_to_cpu(region->len), offset, |
7168 | region_name); |
7169 | |
7170 | - if ((pos + le32_to_cpu(region->len) + sizeof(*region)) > |
7171 | - firmware->size) { |
7172 | + if (le32_to_cpu(region->len) > |
7173 | + firmware->size - pos - sizeof(*region)) { |
7174 | adsp_err(dsp, |
7175 | "%s.%d: %s region len %d bytes exceeds file length %zu\n", |
7176 | file, regions, region_name, |
7177 | @@ -2253,7 +2253,7 @@ static int wm_adsp_load_coeff(struct wm_adsp *dsp) |
7178 | |
7179 | blocks = 0; |
7180 | while (pos < firmware->size && |
7181 | - pos - firmware->size > sizeof(*blk)) { |
7182 | + sizeof(*blk) < firmware->size - pos) { |
7183 | blk = (void *)(&firmware->data[pos]); |
7184 | |
7185 | type = le16_to_cpu(blk->type); |
7186 | @@ -2327,8 +2327,8 @@ static int wm_adsp_load_coeff(struct wm_adsp *dsp) |
7187 | } |
7188 | |
7189 | if (reg) { |
7190 | - if ((pos + le32_to_cpu(blk->len) + sizeof(*blk)) > |
7191 | - firmware->size) { |
7192 | + if (le32_to_cpu(blk->len) > |
7193 | + firmware->size - pos - sizeof(*blk)) { |
7194 | adsp_err(dsp, |
7195 | "%s.%d: %s region len %d bytes exceeds file length %zu\n", |
7196 | file, blocks, region_name, |
7197 | diff --git a/sound/soc/fsl/fsl_ssi.c b/sound/soc/fsl/fsl_ssi.c |
7198 | index 64598d1183f8..3ffbb498cc70 100644 |
7199 | --- a/sound/soc/fsl/fsl_ssi.c |
7200 | +++ b/sound/soc/fsl/fsl_ssi.c |
7201 | @@ -1452,12 +1452,6 @@ static int fsl_ssi_probe(struct platform_device *pdev) |
7202 | sizeof(fsl_ssi_ac97_dai)); |
7203 | |
7204 | fsl_ac97_data = ssi_private; |
7205 | - |
7206 | - ret = snd_soc_set_ac97_ops_of_reset(&fsl_ssi_ac97_ops, pdev); |
7207 | - if (ret) { |
7208 | - dev_err(&pdev->dev, "could not set AC'97 ops\n"); |
7209 | - return ret; |
7210 | - } |
7211 | } else { |
7212 | /* Initialize this copy of the CPU DAI driver structure */ |
7213 | memcpy(&ssi_private->cpu_dai_drv, &fsl_ssi_dai_template, |
7214 | @@ -1568,6 +1562,14 @@ static int fsl_ssi_probe(struct platform_device *pdev) |
7215 | return ret; |
7216 | } |
7217 | |
7218 | + if (fsl_ssi_is_ac97(ssi_private)) { |
7219 | + ret = snd_soc_set_ac97_ops_of_reset(&fsl_ssi_ac97_ops, pdev); |
7220 | + if (ret) { |
7221 | + dev_err(&pdev->dev, "could not set AC'97 ops\n"); |
7222 | + goto error_ac97_ops; |
7223 | + } |
7224 | + } |
7225 | + |
7226 | ret = devm_snd_soc_register_component(&pdev->dev, &fsl_ssi_component, |
7227 | &ssi_private->cpu_dai_drv, 1); |
7228 | if (ret) { |
7229 | @@ -1651,6 +1653,10 @@ static int fsl_ssi_probe(struct platform_device *pdev) |
7230 | fsl_ssi_debugfs_remove(&ssi_private->dbg_stats); |
7231 | |
7232 | error_asoc_register: |
7233 | + if (fsl_ssi_is_ac97(ssi_private)) |
7234 | + snd_soc_set_ac97_ops(NULL); |
7235 | + |
7236 | +error_ac97_ops: |
7237 | if (ssi_private->soc->imx) |
7238 | fsl_ssi_imx_clean(pdev, ssi_private); |
7239 | |
7240 | diff --git a/tools/testing/selftests/x86/ldt_gdt.c b/tools/testing/selftests/x86/ldt_gdt.c |
7241 | index 0304ffb714f2..1aef72df20a1 100644 |
7242 | --- a/tools/testing/selftests/x86/ldt_gdt.c |
7243 | +++ b/tools/testing/selftests/x86/ldt_gdt.c |
7244 | @@ -122,8 +122,7 @@ static void check_valid_segment(uint16_t index, int ldt, |
7245 | * NB: Different Linux versions do different things with the |
7246 | * accessed bit in set_thread_area(). |
7247 | */ |
7248 | - if (ar != expected_ar && |
7249 | - (ldt || ar != (expected_ar | AR_ACCESSED))) { |
7250 | + if (ar != expected_ar && ar != (expected_ar | AR_ACCESSED)) { |
7251 | printf("[FAIL]\t%s entry %hu has AR 0x%08X but expected 0x%08X\n", |
7252 | (ldt ? "LDT" : "GDT"), index, ar, expected_ar); |
7253 | nerrs++; |
7254 | diff --git a/tools/usb/usbip/src/utils.c b/tools/usb/usbip/src/utils.c |
7255 | index 2b3d6d235015..3d7b42e77299 100644 |
7256 | --- a/tools/usb/usbip/src/utils.c |
7257 | +++ b/tools/usb/usbip/src/utils.c |
7258 | @@ -30,6 +30,7 @@ int modify_match_busid(char *busid, int add) |
7259 | char command[SYSFS_BUS_ID_SIZE + 4]; |
7260 | char match_busid_attr_path[SYSFS_PATH_MAX]; |
7261 | int rc; |
7262 | + int cmd_size; |
7263 | |
7264 | snprintf(match_busid_attr_path, sizeof(match_busid_attr_path), |
7265 | "%s/%s/%s/%s/%s/%s", SYSFS_MNT_PATH, SYSFS_BUS_NAME, |
7266 | @@ -37,12 +38,14 @@ int modify_match_busid(char *busid, int add) |
7267 | attr_name); |
7268 | |
7269 | if (add) |
7270 | - snprintf(command, SYSFS_BUS_ID_SIZE + 4, "add %s", busid); |
7271 | + cmd_size = snprintf(command, SYSFS_BUS_ID_SIZE + 4, "add %s", |
7272 | + busid); |
7273 | else |
7274 | - snprintf(command, SYSFS_BUS_ID_SIZE + 4, "del %s", busid); |
7275 | + cmd_size = snprintf(command, SYSFS_BUS_ID_SIZE + 4, "del %s", |
7276 | + busid); |
7277 | |
7278 | rc = write_sysfs_attribute(match_busid_attr_path, command, |
7279 | - sizeof(command)); |
7280 | + cmd_size); |
7281 | if (rc < 0) { |
7282 | dbg("failed to write match_busid: %s", strerror(errno)); |
7283 | return -1; |