Annotation of /trunk/kernel-magellan/patches-4.14/0114-4.14.15-all-fixes.patch
Parent Directory | Revision Log
Revision 3078 -
(hide annotations)
(download)
Tue Jan 30 12:50:42 2018 UTC (6 years, 7 months ago) by niro
File size: 138786 byte(s)
Tue Jan 30 12:50:42 2018 UTC (6 years, 7 months ago) by niro
File size: 138786 byte(s)
-linux-4.14.15
1 | niro | 3078 | diff --git a/Documentation/x86/pti.txt b/Documentation/x86/pti.txt |
2 | index d11eff61fc9a..5cd58439ad2d 100644 | ||
3 | --- a/Documentation/x86/pti.txt | ||
4 | +++ b/Documentation/x86/pti.txt | ||
5 | @@ -78,7 +78,7 @@ this protection comes at a cost: | ||
6 | non-PTI SYSCALL entry code, so requires mapping fewer | ||
7 | things into the userspace page tables. The downside is | ||
8 | that stacks must be switched at entry time. | ||
9 | - d. Global pages are disabled for all kernel structures not | ||
10 | + c. Global pages are disabled for all kernel structures not | ||
11 | mapped into both kernel and userspace page tables. This | ||
12 | feature of the MMU allows different processes to share TLB | ||
13 | entries mapping the kernel. Losing the feature means more | ||
14 | diff --git a/Makefile b/Makefile | ||
15 | index 4951305eb867..bf1a277a67a4 100644 | ||
16 | --- a/Makefile | ||
17 | +++ b/Makefile | ||
18 | @@ -1,7 +1,7 @@ | ||
19 | # SPDX-License-Identifier: GPL-2.0 | ||
20 | VERSION = 4 | ||
21 | PATCHLEVEL = 14 | ||
22 | -SUBLEVEL = 14 | ||
23 | +SUBLEVEL = 15 | ||
24 | EXTRAVERSION = | ||
25 | NAME = Petit Gorille | ||
26 | |||
27 | diff --git a/arch/alpha/kernel/sys_sio.c b/arch/alpha/kernel/sys_sio.c | ||
28 | index 37bd6d9b8eb9..a6bdc1da47ad 100644 | ||
29 | --- a/arch/alpha/kernel/sys_sio.c | ||
30 | +++ b/arch/alpha/kernel/sys_sio.c | ||
31 | @@ -102,6 +102,15 @@ sio_pci_route(void) | ||
32 | alpha_mv.sys.sio.route_tab); | ||
33 | } | ||
34 | |||
35 | +static bool sio_pci_dev_irq_needs_level(const struct pci_dev *dev) | ||
36 | +{ | ||
37 | + if ((dev->class >> 16 == PCI_BASE_CLASS_BRIDGE) && | ||
38 | + (dev->class >> 8 != PCI_CLASS_BRIDGE_PCMCIA)) | ||
39 | + return false; | ||
40 | + | ||
41 | + return true; | ||
42 | +} | ||
43 | + | ||
44 | static unsigned int __init | ||
45 | sio_collect_irq_levels(void) | ||
46 | { | ||
47 | @@ -110,8 +119,7 @@ sio_collect_irq_levels(void) | ||
48 | |||
49 | /* Iterate through the devices, collecting IRQ levels. */ | ||
50 | for_each_pci_dev(dev) { | ||
51 | - if ((dev->class >> 16 == PCI_BASE_CLASS_BRIDGE) && | ||
52 | - (dev->class >> 8 != PCI_CLASS_BRIDGE_PCMCIA)) | ||
53 | + if (!sio_pci_dev_irq_needs_level(dev)) | ||
54 | continue; | ||
55 | |||
56 | if (dev->irq) | ||
57 | @@ -120,8 +128,7 @@ sio_collect_irq_levels(void) | ||
58 | return level_bits; | ||
59 | } | ||
60 | |||
61 | -static void __init | ||
62 | -sio_fixup_irq_levels(unsigned int level_bits) | ||
63 | +static void __sio_fixup_irq_levels(unsigned int level_bits, bool reset) | ||
64 | { | ||
65 | unsigned int old_level_bits; | ||
66 | |||
67 | @@ -139,12 +146,21 @@ sio_fixup_irq_levels(unsigned int level_bits) | ||
68 | */ | ||
69 | old_level_bits = inb(0x4d0) | (inb(0x4d1) << 8); | ||
70 | |||
71 | - level_bits |= (old_level_bits & 0x71ff); | ||
72 | + if (reset) | ||
73 | + old_level_bits &= 0x71ff; | ||
74 | + | ||
75 | + level_bits |= old_level_bits; | ||
76 | |||
77 | outb((level_bits >> 0) & 0xff, 0x4d0); | ||
78 | outb((level_bits >> 8) & 0xff, 0x4d1); | ||
79 | } | ||
80 | |||
81 | +static inline void | ||
82 | +sio_fixup_irq_levels(unsigned int level_bits) | ||
83 | +{ | ||
84 | + __sio_fixup_irq_levels(level_bits, true); | ||
85 | +} | ||
86 | + | ||
87 | static inline int | ||
88 | noname_map_irq(const struct pci_dev *dev, u8 slot, u8 pin) | ||
89 | { | ||
90 | @@ -181,7 +197,14 @@ noname_map_irq(const struct pci_dev *dev, u8 slot, u8 pin) | ||
91 | const long min_idsel = 6, max_idsel = 14, irqs_per_slot = 5; | ||
92 | int irq = COMMON_TABLE_LOOKUP, tmp; | ||
93 | tmp = __kernel_extbl(alpha_mv.sys.sio.route_tab, irq); | ||
94 | - return irq >= 0 ? tmp : -1; | ||
95 | + | ||
96 | + irq = irq >= 0 ? tmp : -1; | ||
97 | + | ||
98 | + /* Fixup IRQ level if an actual IRQ mapping is detected */ | ||
99 | + if (sio_pci_dev_irq_needs_level(dev) && irq >= 0) | ||
100 | + __sio_fixup_irq_levels(1 << irq, false); | ||
101 | + | ||
102 | + return irq; | ||
103 | } | ||
104 | |||
105 | static inline int | ||
106 | diff --git a/arch/arm/boot/dts/kirkwood-openblocks_a7.dts b/arch/arm/boot/dts/kirkwood-openblocks_a7.dts | ||
107 | index cf2f5240e176..27cc913ca0f5 100644 | ||
108 | --- a/arch/arm/boot/dts/kirkwood-openblocks_a7.dts | ||
109 | +++ b/arch/arm/boot/dts/kirkwood-openblocks_a7.dts | ||
110 | @@ -53,7 +53,8 @@ | ||
111 | }; | ||
112 | |||
113 | pinctrl: pin-controller@10000 { | ||
114 | - pinctrl-0 = <&pmx_dip_switches &pmx_gpio_header>; | ||
115 | + pinctrl-0 = <&pmx_dip_switches &pmx_gpio_header | ||
116 | + &pmx_gpio_header_gpo>; | ||
117 | pinctrl-names = "default"; | ||
118 | |||
119 | pmx_uart0: pmx-uart0 { | ||
120 | @@ -85,11 +86,16 @@ | ||
121 | * ground. | ||
122 | */ | ||
123 | pmx_gpio_header: pmx-gpio-header { | ||
124 | - marvell,pins = "mpp17", "mpp7", "mpp29", "mpp28", | ||
125 | + marvell,pins = "mpp17", "mpp29", "mpp28", | ||
126 | "mpp35", "mpp34", "mpp40"; | ||
127 | marvell,function = "gpio"; | ||
128 | }; | ||
129 | |||
130 | + pmx_gpio_header_gpo: pxm-gpio-header-gpo { | ||
131 | + marvell,pins = "mpp7"; | ||
132 | + marvell,function = "gpo"; | ||
133 | + }; | ||
134 | + | ||
135 | pmx_gpio_init: pmx-init { | ||
136 | marvell,pins = "mpp38"; | ||
137 | marvell,function = "gpio"; | ||
138 | diff --git a/arch/arm/configs/sunxi_defconfig b/arch/arm/configs/sunxi_defconfig | ||
139 | index 5caaf971fb50..df433abfcb02 100644 | ||
140 | --- a/arch/arm/configs/sunxi_defconfig | ||
141 | +++ b/arch/arm/configs/sunxi_defconfig | ||
142 | @@ -10,6 +10,7 @@ CONFIG_SMP=y | ||
143 | CONFIG_NR_CPUS=8 | ||
144 | CONFIG_AEABI=y | ||
145 | CONFIG_HIGHMEM=y | ||
146 | +CONFIG_CMA=y | ||
147 | CONFIG_ARM_APPENDED_DTB=y | ||
148 | CONFIG_ARM_ATAG_DTB_COMPAT=y | ||
149 | CONFIG_CPU_FREQ=y | ||
150 | @@ -33,6 +34,7 @@ CONFIG_CAN_SUN4I=y | ||
151 | # CONFIG_WIRELESS is not set | ||
152 | CONFIG_DEVTMPFS=y | ||
153 | CONFIG_DEVTMPFS_MOUNT=y | ||
154 | +CONFIG_DMA_CMA=y | ||
155 | CONFIG_BLK_DEV_SD=y | ||
156 | CONFIG_ATA=y | ||
157 | CONFIG_AHCI_SUNXI=y | ||
158 | diff --git a/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c b/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | ||
159 | index c3276436b0ae..c12e7b572a41 100644 | ||
160 | --- a/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | ||
161 | +++ b/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | ||
162 | @@ -1656,6 +1656,7 @@ static struct omap_hwmod omap3xxx_mmc3_hwmod = { | ||
163 | .main_clk = "mmchs3_fck", | ||
164 | .prcm = { | ||
165 | .omap2 = { | ||
166 | + .module_offs = CORE_MOD, | ||
167 | .prcm_reg_id = 1, | ||
168 | .module_bit = OMAP3430_EN_MMC3_SHIFT, | ||
169 | .idlest_reg_id = 1, | ||
170 | diff --git a/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi | ||
171 | index f2aa2a81de4d..32690107c1cc 100644 | ||
172 | --- a/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi | ||
173 | +++ b/arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi | ||
174 | @@ -63,8 +63,10 @@ | ||
175 | cpm_ethernet: ethernet@0 { | ||
176 | compatible = "marvell,armada-7k-pp22"; | ||
177 | reg = <0x0 0x100000>, <0x129000 0xb000>; | ||
178 | - clocks = <&cpm_clk 1 3>, <&cpm_clk 1 9>, <&cpm_clk 1 5>; | ||
179 | - clock-names = "pp_clk", "gop_clk", "mg_clk"; | ||
180 | + clocks = <&cpm_clk 1 3>, <&cpm_clk 1 9>, | ||
181 | + <&cpm_clk 1 5>, <&cpm_clk 1 18>; | ||
182 | + clock-names = "pp_clk", "gop_clk", | ||
183 | + "mg_clk","axi_clk"; | ||
184 | marvell,system-controller = <&cpm_syscon0>; | ||
185 | status = "disabled"; | ||
186 | dma-coherent; | ||
187 | @@ -114,7 +116,8 @@ | ||
188 | #size-cells = <0>; | ||
189 | compatible = "marvell,orion-mdio"; | ||
190 | reg = <0x12a200 0x10>; | ||
191 | - clocks = <&cpm_clk 1 9>, <&cpm_clk 1 5>; | ||
192 | + clocks = <&cpm_clk 1 9>, <&cpm_clk 1 5>, | ||
193 | + <&cpm_clk 1 6>, <&cpm_clk 1 18>; | ||
194 | status = "disabled"; | ||
195 | }; | ||
196 | |||
197 | @@ -295,8 +298,8 @@ | ||
198 | compatible = "marvell,armada-cp110-sdhci"; | ||
199 | reg = <0x780000 0x300>; | ||
200 | interrupts = <ICU_GRP_NSR 27 IRQ_TYPE_LEVEL_HIGH>; | ||
201 | - clock-names = "core"; | ||
202 | - clocks = <&cpm_clk 1 4>; | ||
203 | + clock-names = "core","axi"; | ||
204 | + clocks = <&cpm_clk 1 4>, <&cpm_clk 1 18>; | ||
205 | dma-coherent; | ||
206 | status = "disabled"; | ||
207 | }; | ||
208 | diff --git a/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi b/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi | ||
209 | index 4fe70323abb3..14e47c5c3816 100644 | ||
210 | --- a/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi | ||
211 | +++ b/arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi | ||
212 | @@ -63,8 +63,10 @@ | ||
213 | cps_ethernet: ethernet@0 { | ||
214 | compatible = "marvell,armada-7k-pp22"; | ||
215 | reg = <0x0 0x100000>, <0x129000 0xb000>; | ||
216 | - clocks = <&cps_clk 1 3>, <&cps_clk 1 9>, <&cps_clk 1 5>; | ||
217 | - clock-names = "pp_clk", "gop_clk", "mg_clk"; | ||
218 | + clocks = <&cps_clk 1 3>, <&cps_clk 1 9>, | ||
219 | + <&cps_clk 1 5>, <&cps_clk 1 18>; | ||
220 | + clock-names = "pp_clk", "gop_clk", | ||
221 | + "mg_clk", "axi_clk"; | ||
222 | marvell,system-controller = <&cps_syscon0>; | ||
223 | status = "disabled"; | ||
224 | dma-coherent; | ||
225 | @@ -114,7 +116,8 @@ | ||
226 | #size-cells = <0>; | ||
227 | compatible = "marvell,orion-mdio"; | ||
228 | reg = <0x12a200 0x10>; | ||
229 | - clocks = <&cps_clk 1 9>, <&cps_clk 1 5>; | ||
230 | + clocks = <&cps_clk 1 9>, <&cps_clk 1 5>, | ||
231 | + <&cps_clk 1 6>, <&cps_clk 1 18>; | ||
232 | status = "disabled"; | ||
233 | }; | ||
234 | |||
235 | diff --git a/arch/arm64/kvm/handle_exit.c b/arch/arm64/kvm/handle_exit.c | ||
236 | index 7debb74843a0..380261e258ef 100644 | ||
237 | --- a/arch/arm64/kvm/handle_exit.c | ||
238 | +++ b/arch/arm64/kvm/handle_exit.c | ||
239 | @@ -44,7 +44,7 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run) | ||
240 | |||
241 | ret = kvm_psci_call(vcpu); | ||
242 | if (ret < 0) { | ||
243 | - kvm_inject_undefined(vcpu); | ||
244 | + vcpu_set_reg(vcpu, 0, ~0UL); | ||
245 | return 1; | ||
246 | } | ||
247 | |||
248 | @@ -53,7 +53,7 @@ static int handle_hvc(struct kvm_vcpu *vcpu, struct kvm_run *run) | ||
249 | |||
250 | static int handle_smc(struct kvm_vcpu *vcpu, struct kvm_run *run) | ||
251 | { | ||
252 | - kvm_inject_undefined(vcpu); | ||
253 | + vcpu_set_reg(vcpu, 0, ~0UL); | ||
254 | return 1; | ||
255 | } | ||
256 | |||
257 | diff --git a/arch/mips/ar7/platform.c b/arch/mips/ar7/platform.c | ||
258 | index 4674f1efbe7a..e1675c25d5d4 100644 | ||
259 | --- a/arch/mips/ar7/platform.c | ||
260 | +++ b/arch/mips/ar7/platform.c | ||
261 | @@ -575,7 +575,7 @@ static int __init ar7_register_uarts(void) | ||
262 | uart_port.type = PORT_AR7; | ||
263 | uart_port.uartclk = clk_get_rate(bus_clk) / 2; | ||
264 | uart_port.iotype = UPIO_MEM32; | ||
265 | - uart_port.flags = UPF_FIXED_TYPE; | ||
266 | + uart_port.flags = UPF_FIXED_TYPE | UPF_BOOT_AUTOCONF; | ||
267 | uart_port.regshift = 2; | ||
268 | |||
269 | uart_port.line = 0; | ||
270 | diff --git a/arch/mips/kernel/mips-cm.c b/arch/mips/kernel/mips-cm.c | ||
271 | index dd5567b1e305..8f5bd04f320a 100644 | ||
272 | --- a/arch/mips/kernel/mips-cm.c | ||
273 | +++ b/arch/mips/kernel/mips-cm.c | ||
274 | @@ -292,7 +292,6 @@ void mips_cm_lock_other(unsigned int cluster, unsigned int core, | ||
275 | *this_cpu_ptr(&cm_core_lock_flags)); | ||
276 | } else { | ||
277 | WARN_ON(cluster != 0); | ||
278 | - WARN_ON(vp != 0); | ||
279 | WARN_ON(block != CM_GCR_Cx_OTHER_BLOCK_LOCAL); | ||
280 | |||
281 | /* | ||
282 | diff --git a/arch/powerpc/include/asm/exception-64e.h b/arch/powerpc/include/asm/exception-64e.h | ||
283 | index a703452d67b6..555e22d5e07f 100644 | ||
284 | --- a/arch/powerpc/include/asm/exception-64e.h | ||
285 | +++ b/arch/powerpc/include/asm/exception-64e.h | ||
286 | @@ -209,5 +209,11 @@ exc_##label##_book3e: | ||
287 | ori r3,r3,vector_offset@l; \ | ||
288 | mtspr SPRN_IVOR##vector_number,r3; | ||
289 | |||
290 | +#define RFI_TO_KERNEL \ | ||
291 | + rfi | ||
292 | + | ||
293 | +#define RFI_TO_USER \ | ||
294 | + rfi | ||
295 | + | ||
296 | #endif /* _ASM_POWERPC_EXCEPTION_64E_H */ | ||
297 | |||
298 | diff --git a/arch/powerpc/include/asm/exception-64s.h b/arch/powerpc/include/asm/exception-64s.h | ||
299 | index 9a318973af05..ccf10c2f8899 100644 | ||
300 | --- a/arch/powerpc/include/asm/exception-64s.h | ||
301 | +++ b/arch/powerpc/include/asm/exception-64s.h | ||
302 | @@ -69,6 +69,59 @@ | ||
303 | */ | ||
304 | #define EX_R3 EX_DAR | ||
305 | |||
306 | +/* | ||
307 | + * Macros for annotating the expected destination of (h)rfid | ||
308 | + * | ||
309 | + * The nop instructions allow us to insert one or more instructions to flush the | ||
310 | + * L1-D cache when returning to userspace or a guest. | ||
311 | + */ | ||
312 | +#define RFI_FLUSH_SLOT \ | ||
313 | + RFI_FLUSH_FIXUP_SECTION; \ | ||
314 | + nop; \ | ||
315 | + nop; \ | ||
316 | + nop | ||
317 | + | ||
318 | +#define RFI_TO_KERNEL \ | ||
319 | + rfid | ||
320 | + | ||
321 | +#define RFI_TO_USER \ | ||
322 | + RFI_FLUSH_SLOT; \ | ||
323 | + rfid; \ | ||
324 | + b rfi_flush_fallback | ||
325 | + | ||
326 | +#define RFI_TO_USER_OR_KERNEL \ | ||
327 | + RFI_FLUSH_SLOT; \ | ||
328 | + rfid; \ | ||
329 | + b rfi_flush_fallback | ||
330 | + | ||
331 | +#define RFI_TO_GUEST \ | ||
332 | + RFI_FLUSH_SLOT; \ | ||
333 | + rfid; \ | ||
334 | + b rfi_flush_fallback | ||
335 | + | ||
336 | +#define HRFI_TO_KERNEL \ | ||
337 | + hrfid | ||
338 | + | ||
339 | +#define HRFI_TO_USER \ | ||
340 | + RFI_FLUSH_SLOT; \ | ||
341 | + hrfid; \ | ||
342 | + b hrfi_flush_fallback | ||
343 | + | ||
344 | +#define HRFI_TO_USER_OR_KERNEL \ | ||
345 | + RFI_FLUSH_SLOT; \ | ||
346 | + hrfid; \ | ||
347 | + b hrfi_flush_fallback | ||
348 | + | ||
349 | +#define HRFI_TO_GUEST \ | ||
350 | + RFI_FLUSH_SLOT; \ | ||
351 | + hrfid; \ | ||
352 | + b hrfi_flush_fallback | ||
353 | + | ||
354 | +#define HRFI_TO_UNKNOWN \ | ||
355 | + RFI_FLUSH_SLOT; \ | ||
356 | + hrfid; \ | ||
357 | + b hrfi_flush_fallback | ||
358 | + | ||
359 | #ifdef CONFIG_RELOCATABLE | ||
360 | #define __EXCEPTION_RELON_PROLOG_PSERIES_1(label, h) \ | ||
361 | mfspr r11,SPRN_##h##SRR0; /* save SRR0 */ \ | ||
362 | @@ -213,7 +266,7 @@ END_FTR_SECTION_NESTED(ftr,ftr,943) | ||
363 | mtspr SPRN_##h##SRR0,r12; \ | ||
364 | mfspr r12,SPRN_##h##SRR1; /* and SRR1 */ \ | ||
365 | mtspr SPRN_##h##SRR1,r10; \ | ||
366 | - h##rfid; \ | ||
367 | + h##RFI_TO_KERNEL; \ | ||
368 | b . /* prevent speculative execution */ | ||
369 | #define EXCEPTION_PROLOG_PSERIES_1(label, h) \ | ||
370 | __EXCEPTION_PROLOG_PSERIES_1(label, h) | ||
371 | @@ -227,7 +280,7 @@ END_FTR_SECTION_NESTED(ftr,ftr,943) | ||
372 | mtspr SPRN_##h##SRR0,r12; \ | ||
373 | mfspr r12,SPRN_##h##SRR1; /* and SRR1 */ \ | ||
374 | mtspr SPRN_##h##SRR1,r10; \ | ||
375 | - h##rfid; \ | ||
376 | + h##RFI_TO_KERNEL; \ | ||
377 | b . /* prevent speculative execution */ | ||
378 | |||
379 | #define EXCEPTION_PROLOG_PSERIES_1_NORI(label, h) \ | ||
380 | diff --git a/arch/powerpc/include/asm/feature-fixups.h b/arch/powerpc/include/asm/feature-fixups.h | ||
381 | index 8f88f771cc55..1e82eb3caabd 100644 | ||
382 | --- a/arch/powerpc/include/asm/feature-fixups.h | ||
383 | +++ b/arch/powerpc/include/asm/feature-fixups.h | ||
384 | @@ -187,7 +187,20 @@ label##3: \ | ||
385 | FTR_ENTRY_OFFSET label##1b-label##3b; \ | ||
386 | .popsection; | ||
387 | |||
388 | +#define RFI_FLUSH_FIXUP_SECTION \ | ||
389 | +951: \ | ||
390 | + .pushsection __rfi_flush_fixup,"a"; \ | ||
391 | + .align 2; \ | ||
392 | +952: \ | ||
393 | + FTR_ENTRY_OFFSET 951b-952b; \ | ||
394 | + .popsection; | ||
395 | + | ||
396 | + | ||
397 | #ifndef __ASSEMBLY__ | ||
398 | +#include <linux/types.h> | ||
399 | + | ||
400 | +extern long __start___rfi_flush_fixup, __stop___rfi_flush_fixup; | ||
401 | + | ||
402 | void apply_feature_fixups(void); | ||
403 | void setup_feature_keys(void); | ||
404 | #endif | ||
405 | diff --git a/arch/powerpc/include/asm/hvcall.h b/arch/powerpc/include/asm/hvcall.h | ||
406 | index a409177be8bd..f0461618bf7b 100644 | ||
407 | --- a/arch/powerpc/include/asm/hvcall.h | ||
408 | +++ b/arch/powerpc/include/asm/hvcall.h | ||
409 | @@ -241,6 +241,7 @@ | ||
410 | #define H_GET_HCA_INFO 0x1B8 | ||
411 | #define H_GET_PERF_COUNT 0x1BC | ||
412 | #define H_MANAGE_TRACE 0x1C0 | ||
413 | +#define H_GET_CPU_CHARACTERISTICS 0x1C8 | ||
414 | #define H_FREE_LOGICAL_LAN_BUFFER 0x1D4 | ||
415 | #define H_QUERY_INT_STATE 0x1E4 | ||
416 | #define H_POLL_PENDING 0x1D8 | ||
417 | @@ -330,6 +331,17 @@ | ||
418 | #define H_SIGNAL_SYS_RESET_ALL_OTHERS -2 | ||
419 | /* >= 0 values are CPU number */ | ||
420 | |||
421 | +/* H_GET_CPU_CHARACTERISTICS return values */ | ||
422 | +#define H_CPU_CHAR_SPEC_BAR_ORI31 (1ull << 63) // IBM bit 0 | ||
423 | +#define H_CPU_CHAR_BCCTRL_SERIALISED (1ull << 62) // IBM bit 1 | ||
424 | +#define H_CPU_CHAR_L1D_FLUSH_ORI30 (1ull << 61) // IBM bit 2 | ||
425 | +#define H_CPU_CHAR_L1D_FLUSH_TRIG2 (1ull << 60) // IBM bit 3 | ||
426 | +#define H_CPU_CHAR_L1D_THREAD_PRIV (1ull << 59) // IBM bit 4 | ||
427 | + | ||
428 | +#define H_CPU_BEHAV_FAVOUR_SECURITY (1ull << 63) // IBM bit 0 | ||
429 | +#define H_CPU_BEHAV_L1D_FLUSH_PR (1ull << 62) // IBM bit 1 | ||
430 | +#define H_CPU_BEHAV_BNDS_CHK_SPEC_BAR (1ull << 61) // IBM bit 2 | ||
431 | + | ||
432 | /* Flag values used in H_REGISTER_PROC_TBL hcall */ | ||
433 | #define PROC_TABLE_OP_MASK 0x18 | ||
434 | #define PROC_TABLE_DEREG 0x10 | ||
435 | @@ -436,6 +448,11 @@ static inline unsigned int get_longbusy_msecs(int longbusy_rc) | ||
436 | } | ||
437 | } | ||
438 | |||
439 | +struct h_cpu_char_result { | ||
440 | + u64 character; | ||
441 | + u64 behaviour; | ||
442 | +}; | ||
443 | + | ||
444 | #endif /* __ASSEMBLY__ */ | ||
445 | #endif /* __KERNEL__ */ | ||
446 | #endif /* _ASM_POWERPC_HVCALL_H */ | ||
447 | diff --git a/arch/powerpc/include/asm/paca.h b/arch/powerpc/include/asm/paca.h | ||
448 | index 04b60af027ae..b8366df50d19 100644 | ||
449 | --- a/arch/powerpc/include/asm/paca.h | ||
450 | +++ b/arch/powerpc/include/asm/paca.h | ||
451 | @@ -231,6 +231,16 @@ struct paca_struct { | ||
452 | struct sibling_subcore_state *sibling_subcore_state; | ||
453 | #endif | ||
454 | #endif | ||
455 | +#ifdef CONFIG_PPC_BOOK3S_64 | ||
456 | + /* | ||
457 | + * rfi fallback flush must be in its own cacheline to prevent | ||
458 | + * other paca data leaking into the L1d | ||
459 | + */ | ||
460 | + u64 exrfi[EX_SIZE] __aligned(0x80); | ||
461 | + void *rfi_flush_fallback_area; | ||
462 | + u64 l1d_flush_congruence; | ||
463 | + u64 l1d_flush_sets; | ||
464 | +#endif | ||
465 | }; | ||
466 | |||
467 | extern void copy_mm_to_paca(struct mm_struct *mm); | ||
468 | diff --git a/arch/powerpc/include/asm/plpar_wrappers.h b/arch/powerpc/include/asm/plpar_wrappers.h | ||
469 | index 7f01b22fa6cb..55eddf50d149 100644 | ||
470 | --- a/arch/powerpc/include/asm/plpar_wrappers.h | ||
471 | +++ b/arch/powerpc/include/asm/plpar_wrappers.h | ||
472 | @@ -326,4 +326,18 @@ static inline long plapr_signal_sys_reset(long cpu) | ||
473 | return plpar_hcall_norets(H_SIGNAL_SYS_RESET, cpu); | ||
474 | } | ||
475 | |||
476 | +static inline long plpar_get_cpu_characteristics(struct h_cpu_char_result *p) | ||
477 | +{ | ||
478 | + unsigned long retbuf[PLPAR_HCALL_BUFSIZE]; | ||
479 | + long rc; | ||
480 | + | ||
481 | + rc = plpar_hcall(H_GET_CPU_CHARACTERISTICS, retbuf); | ||
482 | + if (rc == H_SUCCESS) { | ||
483 | + p->character = retbuf[0]; | ||
484 | + p->behaviour = retbuf[1]; | ||
485 | + } | ||
486 | + | ||
487 | + return rc; | ||
488 | +} | ||
489 | + | ||
490 | #endif /* _ASM_POWERPC_PLPAR_WRAPPERS_H */ | ||
491 | diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h | ||
492 | index cf00ec26303a..469b7fdc9be4 100644 | ||
493 | --- a/arch/powerpc/include/asm/setup.h | ||
494 | +++ b/arch/powerpc/include/asm/setup.h | ||
495 | @@ -39,6 +39,19 @@ static inline void pseries_big_endian_exceptions(void) {} | ||
496 | static inline void pseries_little_endian_exceptions(void) {} | ||
497 | #endif /* CONFIG_PPC_PSERIES */ | ||
498 | |||
499 | +void rfi_flush_enable(bool enable); | ||
500 | + | ||
501 | +/* These are bit flags */ | ||
502 | +enum l1d_flush_type { | ||
503 | + L1D_FLUSH_NONE = 0x1, | ||
504 | + L1D_FLUSH_FALLBACK = 0x2, | ||
505 | + L1D_FLUSH_ORI = 0x4, | ||
506 | + L1D_FLUSH_MTTRIG = 0x8, | ||
507 | +}; | ||
508 | + | ||
509 | +void __init setup_rfi_flush(enum l1d_flush_type, bool enable); | ||
510 | +void do_rfi_flush_fixups(enum l1d_flush_type types); | ||
511 | + | ||
512 | #endif /* !__ASSEMBLY__ */ | ||
513 | |||
514 | #endif /* _ASM_POWERPC_SETUP_H */ | ||
515 | diff --git a/arch/powerpc/kernel/asm-offsets.c b/arch/powerpc/kernel/asm-offsets.c | ||
516 | index 8cfb20e38cfe..748cdc4bb89a 100644 | ||
517 | --- a/arch/powerpc/kernel/asm-offsets.c | ||
518 | +++ b/arch/powerpc/kernel/asm-offsets.c | ||
519 | @@ -237,6 +237,11 @@ int main(void) | ||
520 | OFFSET(PACA_NMI_EMERG_SP, paca_struct, nmi_emergency_sp); | ||
521 | OFFSET(PACA_IN_MCE, paca_struct, in_mce); | ||
522 | OFFSET(PACA_IN_NMI, paca_struct, in_nmi); | ||
523 | + OFFSET(PACA_RFI_FLUSH_FALLBACK_AREA, paca_struct, rfi_flush_fallback_area); | ||
524 | + OFFSET(PACA_EXRFI, paca_struct, exrfi); | ||
525 | + OFFSET(PACA_L1D_FLUSH_CONGRUENCE, paca_struct, l1d_flush_congruence); | ||
526 | + OFFSET(PACA_L1D_FLUSH_SETS, paca_struct, l1d_flush_sets); | ||
527 | + | ||
528 | #endif | ||
529 | OFFSET(PACAHWCPUID, paca_struct, hw_cpu_id); | ||
530 | OFFSET(PACAKEXECSTATE, paca_struct, kexec_state); | ||
531 | diff --git a/arch/powerpc/kernel/entry_64.S b/arch/powerpc/kernel/entry_64.S | ||
532 | index 4a0fd4f40245..8a8a6d7ddcc6 100644 | ||
533 | --- a/arch/powerpc/kernel/entry_64.S | ||
534 | +++ b/arch/powerpc/kernel/entry_64.S | ||
535 | @@ -37,6 +37,11 @@ | ||
536 | #include <asm/tm.h> | ||
537 | #include <asm/ppc-opcode.h> | ||
538 | #include <asm/export.h> | ||
539 | +#ifdef CONFIG_PPC_BOOK3S | ||
540 | +#include <asm/exception-64s.h> | ||
541 | +#else | ||
542 | +#include <asm/exception-64e.h> | ||
543 | +#endif | ||
544 | |||
545 | /* | ||
546 | * System calls. | ||
547 | @@ -262,13 +267,23 @@ BEGIN_FTR_SECTION | ||
548 | END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) | ||
549 | |||
550 | ld r13,GPR13(r1) /* only restore r13 if returning to usermode */ | ||
551 | + ld r2,GPR2(r1) | ||
552 | + ld r1,GPR1(r1) | ||
553 | + mtlr r4 | ||
554 | + mtcr r5 | ||
555 | + mtspr SPRN_SRR0,r7 | ||
556 | + mtspr SPRN_SRR1,r8 | ||
557 | + RFI_TO_USER | ||
558 | + b . /* prevent speculative execution */ | ||
559 | + | ||
560 | + /* exit to kernel */ | ||
561 | 1: ld r2,GPR2(r1) | ||
562 | ld r1,GPR1(r1) | ||
563 | mtlr r4 | ||
564 | mtcr r5 | ||
565 | mtspr SPRN_SRR0,r7 | ||
566 | mtspr SPRN_SRR1,r8 | ||
567 | - RFI | ||
568 | + RFI_TO_KERNEL | ||
569 | b . /* prevent speculative execution */ | ||
570 | |||
571 | .Lsyscall_error: | ||
572 | @@ -397,8 +412,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) | ||
573 | mtmsrd r10, 1 | ||
574 | mtspr SPRN_SRR0, r11 | ||
575 | mtspr SPRN_SRR1, r12 | ||
576 | - | ||
577 | - rfid | ||
578 | + RFI_TO_USER | ||
579 | b . /* prevent speculative execution */ | ||
580 | #endif | ||
581 | _ASM_NOKPROBE_SYMBOL(system_call_common); | ||
582 | @@ -878,7 +892,7 @@ BEGIN_FTR_SECTION | ||
583 | END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) | ||
584 | ACCOUNT_CPU_USER_EXIT(r13, r2, r4) | ||
585 | REST_GPR(13, r1) | ||
586 | -1: | ||
587 | + | ||
588 | mtspr SPRN_SRR1,r3 | ||
589 | |||
590 | ld r2,_CCR(r1) | ||
591 | @@ -891,8 +905,22 @@ END_FTR_SECTION_IFSET(CPU_FTR_HAS_PPR) | ||
592 | ld r3,GPR3(r1) | ||
593 | ld r4,GPR4(r1) | ||
594 | ld r1,GPR1(r1) | ||
595 | + RFI_TO_USER | ||
596 | + b . /* prevent speculative execution */ | ||
597 | |||
598 | - rfid | ||
599 | +1: mtspr SPRN_SRR1,r3 | ||
600 | + | ||
601 | + ld r2,_CCR(r1) | ||
602 | + mtcrf 0xFF,r2 | ||
603 | + ld r2,_NIP(r1) | ||
604 | + mtspr SPRN_SRR0,r2 | ||
605 | + | ||
606 | + ld r0,GPR0(r1) | ||
607 | + ld r2,GPR2(r1) | ||
608 | + ld r3,GPR3(r1) | ||
609 | + ld r4,GPR4(r1) | ||
610 | + ld r1,GPR1(r1) | ||
611 | + RFI_TO_KERNEL | ||
612 | b . /* prevent speculative execution */ | ||
613 | |||
614 | #endif /* CONFIG_PPC_BOOK3E */ | ||
615 | @@ -1073,7 +1101,7 @@ __enter_rtas: | ||
616 | |||
617 | mtspr SPRN_SRR0,r5 | ||
618 | mtspr SPRN_SRR1,r6 | ||
619 | - rfid | ||
620 | + RFI_TO_KERNEL | ||
621 | b . /* prevent speculative execution */ | ||
622 | |||
623 | rtas_return_loc: | ||
624 | @@ -1098,7 +1126,7 @@ rtas_return_loc: | ||
625 | |||
626 | mtspr SPRN_SRR0,r3 | ||
627 | mtspr SPRN_SRR1,r4 | ||
628 | - rfid | ||
629 | + RFI_TO_KERNEL | ||
630 | b . /* prevent speculative execution */ | ||
631 | _ASM_NOKPROBE_SYMBOL(__enter_rtas) | ||
632 | _ASM_NOKPROBE_SYMBOL(rtas_return_loc) | ||
633 | @@ -1171,7 +1199,7 @@ _GLOBAL(enter_prom) | ||
634 | LOAD_REG_IMMEDIATE(r12, MSR_SF | MSR_ISF | MSR_LE) | ||
635 | andc r11,r11,r12 | ||
636 | mtsrr1 r11 | ||
637 | - rfid | ||
638 | + RFI_TO_KERNEL | ||
639 | #endif /* CONFIG_PPC_BOOK3E */ | ||
640 | |||
641 | 1: /* Return from OF */ | ||
642 | diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S | ||
643 | index 06598142d755..e9f72abc52b7 100644 | ||
644 | --- a/arch/powerpc/kernel/exceptions-64s.S | ||
645 | +++ b/arch/powerpc/kernel/exceptions-64s.S | ||
646 | @@ -254,7 +254,7 @@ BEGIN_FTR_SECTION | ||
647 | LOAD_HANDLER(r12, machine_check_handle_early) | ||
648 | 1: mtspr SPRN_SRR0,r12 | ||
649 | mtspr SPRN_SRR1,r11 | ||
650 | - rfid | ||
651 | + RFI_TO_KERNEL | ||
652 | b . /* prevent speculative execution */ | ||
653 | 2: | ||
654 | /* Stack overflow. Stay on emergency stack and panic. | ||
655 | @@ -443,7 +443,7 @@ EXC_COMMON_BEGIN(machine_check_handle_early) | ||
656 | li r3,MSR_ME | ||
657 | andc r10,r10,r3 /* Turn off MSR_ME */ | ||
658 | mtspr SPRN_SRR1,r10 | ||
659 | - rfid | ||
660 | + RFI_TO_KERNEL | ||
661 | b . | ||
662 | 2: | ||
663 | /* | ||
664 | @@ -461,7 +461,7 @@ EXC_COMMON_BEGIN(machine_check_handle_early) | ||
665 | */ | ||
666 | bl machine_check_queue_event | ||
667 | MACHINE_CHECK_HANDLER_WINDUP | ||
668 | - rfid | ||
669 | + RFI_TO_USER_OR_KERNEL | ||
670 | 9: | ||
671 | /* Deliver the machine check to host kernel in V mode. */ | ||
672 | MACHINE_CHECK_HANDLER_WINDUP | ||
673 | @@ -596,6 +596,9 @@ EXC_COMMON_BEGIN(slb_miss_common) | ||
674 | stw r9,PACA_EXSLB+EX_CCR(r13) /* save CR in exc. frame */ | ||
675 | std r10,PACA_EXSLB+EX_LR(r13) /* save LR */ | ||
676 | |||
677 | + andi. r9,r11,MSR_PR // Check for exception from userspace | ||
678 | + cmpdi cr4,r9,MSR_PR // And save the result in CR4 for later | ||
679 | + | ||
680 | /* | ||
681 | * Test MSR_RI before calling slb_allocate_realmode, because the | ||
682 | * MSR in r11 gets clobbered. However we still want to allocate | ||
683 | @@ -622,9 +625,12 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_RADIX) | ||
684 | |||
685 | /* All done -- return from exception. */ | ||
686 | |||
687 | + bne cr4,1f /* returning to kernel */ | ||
688 | + | ||
689 | .machine push | ||
690 | .machine "power4" | ||
691 | mtcrf 0x80,r9 | ||
692 | + mtcrf 0x08,r9 /* MSR[PR] indication is in cr4 */ | ||
693 | mtcrf 0x04,r9 /* MSR[RI] indication is in cr5 */ | ||
694 | mtcrf 0x02,r9 /* I/D indication is in cr6 */ | ||
695 | mtcrf 0x01,r9 /* slb_allocate uses cr0 and cr7 */ | ||
696 | @@ -638,9 +644,30 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_RADIX) | ||
697 | ld r11,PACA_EXSLB+EX_R11(r13) | ||
698 | ld r12,PACA_EXSLB+EX_R12(r13) | ||
699 | ld r13,PACA_EXSLB+EX_R13(r13) | ||
700 | - rfid | ||
701 | + RFI_TO_USER | ||
702 | + b . /* prevent speculative execution */ | ||
703 | +1: | ||
704 | +.machine push | ||
705 | +.machine "power4" | ||
706 | + mtcrf 0x80,r9 | ||
707 | + mtcrf 0x08,r9 /* MSR[PR] indication is in cr4 */ | ||
708 | + mtcrf 0x04,r9 /* MSR[RI] indication is in cr5 */ | ||
709 | + mtcrf 0x02,r9 /* I/D indication is in cr6 */ | ||
710 | + mtcrf 0x01,r9 /* slb_allocate uses cr0 and cr7 */ | ||
711 | +.machine pop | ||
712 | + | ||
713 | + RESTORE_CTR(r9, PACA_EXSLB) | ||
714 | + RESTORE_PPR_PACA(PACA_EXSLB, r9) | ||
715 | + mr r3,r12 | ||
716 | + ld r9,PACA_EXSLB+EX_R9(r13) | ||
717 | + ld r10,PACA_EXSLB+EX_R10(r13) | ||
718 | + ld r11,PACA_EXSLB+EX_R11(r13) | ||
719 | + ld r12,PACA_EXSLB+EX_R12(r13) | ||
720 | + ld r13,PACA_EXSLB+EX_R13(r13) | ||
721 | + RFI_TO_KERNEL | ||
722 | b . /* prevent speculative execution */ | ||
723 | |||
724 | + | ||
725 | 2: std r3,PACA_EXSLB+EX_DAR(r13) | ||
726 | mr r3,r12 | ||
727 | mfspr r11,SPRN_SRR0 | ||
728 | @@ -649,7 +676,7 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_RADIX) | ||
729 | mtspr SPRN_SRR0,r10 | ||
730 | ld r10,PACAKMSR(r13) | ||
731 | mtspr SPRN_SRR1,r10 | ||
732 | - rfid | ||
733 | + RFI_TO_KERNEL | ||
734 | b . | ||
735 | |||
736 | 8: std r3,PACA_EXSLB+EX_DAR(r13) | ||
737 | @@ -660,7 +687,7 @@ END_MMU_FTR_SECTION_IFCLR(MMU_FTR_TYPE_RADIX) | ||
738 | mtspr SPRN_SRR0,r10 | ||
739 | ld r10,PACAKMSR(r13) | ||
740 | mtspr SPRN_SRR1,r10 | ||
741 | - rfid | ||
742 | + RFI_TO_KERNEL | ||
743 | b . | ||
744 | |||
745 | EXC_COMMON_BEGIN(unrecov_slb) | ||
746 | @@ -905,7 +932,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_REAL_LE) \ | ||
747 | mtspr SPRN_SRR0,r10 ; \ | ||
748 | ld r10,PACAKMSR(r13) ; \ | ||
749 | mtspr SPRN_SRR1,r10 ; \ | ||
750 | - rfid ; \ | ||
751 | + RFI_TO_KERNEL ; \ | ||
752 | b . ; /* prevent speculative execution */ | ||
753 | |||
754 | #define SYSCALL_FASTENDIAN \ | ||
755 | @@ -914,7 +941,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_REAL_LE) \ | ||
756 | xori r12,r12,MSR_LE ; \ | ||
757 | mtspr SPRN_SRR1,r12 ; \ | ||
758 | mr r13,r9 ; \ | ||
759 | - rfid ; /* return to userspace */ \ | ||
760 | + RFI_TO_USER ; /* return to userspace */ \ | ||
761 | b . ; /* prevent speculative execution */ | ||
762 | |||
763 | #if defined(CONFIG_RELOCATABLE) | ||
764 | @@ -1299,7 +1326,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_CFAR) | ||
765 | ld r11,PACA_EXGEN+EX_R11(r13) | ||
766 | ld r12,PACA_EXGEN+EX_R12(r13) | ||
767 | ld r13,PACA_EXGEN+EX_R13(r13) | ||
768 | - HRFID | ||
769 | + HRFI_TO_UNKNOWN | ||
770 | b . | ||
771 | #endif | ||
772 | |||
773 | @@ -1403,10 +1430,94 @@ masked_##_H##interrupt: \ | ||
774 | ld r10,PACA_EXGEN+EX_R10(r13); \ | ||
775 | ld r11,PACA_EXGEN+EX_R11(r13); \ | ||
776 | /* returns to kernel where r13 must be set up, so don't restore it */ \ | ||
777 | - ##_H##rfid; \ | ||
778 | + ##_H##RFI_TO_KERNEL; \ | ||
779 | b .; \ | ||
780 | MASKED_DEC_HANDLER(_H) | ||
781 | |||
782 | +TRAMP_REAL_BEGIN(rfi_flush_fallback) | ||
783 | + SET_SCRATCH0(r13); | ||
784 | + GET_PACA(r13); | ||
785 | + std r9,PACA_EXRFI+EX_R9(r13) | ||
786 | + std r10,PACA_EXRFI+EX_R10(r13) | ||
787 | + std r11,PACA_EXRFI+EX_R11(r13) | ||
788 | + std r12,PACA_EXRFI+EX_R12(r13) | ||
789 | + std r8,PACA_EXRFI+EX_R13(r13) | ||
790 | + mfctr r9 | ||
791 | + ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13) | ||
792 | + ld r11,PACA_L1D_FLUSH_SETS(r13) | ||
793 | + ld r12,PACA_L1D_FLUSH_CONGRUENCE(r13) | ||
794 | + /* | ||
795 | + * The load adresses are at staggered offsets within cachelines, | ||
796 | + * which suits some pipelines better (on others it should not | ||
797 | + * hurt). | ||
798 | + */ | ||
799 | + addi r12,r12,8 | ||
800 | + mtctr r11 | ||
801 | + DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */ | ||
802 | + | ||
803 | + /* order ld/st prior to dcbt stop all streams with flushing */ | ||
804 | + sync | ||
805 | +1: li r8,0 | ||
806 | + .rept 8 /* 8-way set associative */ | ||
807 | + ldx r11,r10,r8 | ||
808 | + add r8,r8,r12 | ||
809 | + xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not | ||
810 | + add r8,r8,r11 // Add 0, this creates a dependency on the ldx | ||
811 | + .endr | ||
812 | + addi r10,r10,128 /* 128 byte cache line */ | ||
813 | + bdnz 1b | ||
814 | + | ||
815 | + mtctr r9 | ||
816 | + ld r9,PACA_EXRFI+EX_R9(r13) | ||
817 | + ld r10,PACA_EXRFI+EX_R10(r13) | ||
818 | + ld r11,PACA_EXRFI+EX_R11(r13) | ||
819 | + ld r12,PACA_EXRFI+EX_R12(r13) | ||
820 | + ld r8,PACA_EXRFI+EX_R13(r13) | ||
821 | + GET_SCRATCH0(r13); | ||
822 | + rfid | ||
823 | + | ||
824 | +TRAMP_REAL_BEGIN(hrfi_flush_fallback) | ||
825 | + SET_SCRATCH0(r13); | ||
826 | + GET_PACA(r13); | ||
827 | + std r9,PACA_EXRFI+EX_R9(r13) | ||
828 | + std r10,PACA_EXRFI+EX_R10(r13) | ||
829 | + std r11,PACA_EXRFI+EX_R11(r13) | ||
830 | + std r12,PACA_EXRFI+EX_R12(r13) | ||
831 | + std r8,PACA_EXRFI+EX_R13(r13) | ||
832 | + mfctr r9 | ||
833 | + ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13) | ||
834 | + ld r11,PACA_L1D_FLUSH_SETS(r13) | ||
835 | + ld r12,PACA_L1D_FLUSH_CONGRUENCE(r13) | ||
836 | + /* | ||
837 | + * The load adresses are at staggered offsets within cachelines, | ||
838 | + * which suits some pipelines better (on others it should not | ||
839 | + * hurt). | ||
840 | + */ | ||
841 | + addi r12,r12,8 | ||
842 | + mtctr r11 | ||
843 | + DCBT_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */ | ||
844 | + | ||
845 | + /* order ld/st prior to dcbt stop all streams with flushing */ | ||
846 | + sync | ||
847 | +1: li r8,0 | ||
848 | + .rept 8 /* 8-way set associative */ | ||
849 | + ldx r11,r10,r8 | ||
850 | + add r8,r8,r12 | ||
851 | + xor r11,r11,r11 // Ensure r11 is 0 even if fallback area is not | ||
852 | + add r8,r8,r11 // Add 0, this creates a dependency on the ldx | ||
853 | + .endr | ||
854 | + addi r10,r10,128 /* 128 byte cache line */ | ||
855 | + bdnz 1b | ||
856 | + | ||
857 | + mtctr r9 | ||
858 | + ld r9,PACA_EXRFI+EX_R9(r13) | ||
859 | + ld r10,PACA_EXRFI+EX_R10(r13) | ||
860 | + ld r11,PACA_EXRFI+EX_R11(r13) | ||
861 | + ld r12,PACA_EXRFI+EX_R12(r13) | ||
862 | + ld r8,PACA_EXRFI+EX_R13(r13) | ||
863 | + GET_SCRATCH0(r13); | ||
864 | + hrfid | ||
865 | + | ||
866 | /* | ||
867 | * Real mode exceptions actually use this too, but alternate | ||
868 | * instruction code patches (which end up in the common .text area) | ||
869 | @@ -1426,7 +1537,7 @@ TRAMP_REAL_BEGIN(kvmppc_skip_interrupt) | ||
870 | addi r13, r13, 4 | ||
871 | mtspr SPRN_SRR0, r13 | ||
872 | GET_SCRATCH0(r13) | ||
873 | - rfid | ||
874 | + RFI_TO_KERNEL | ||
875 | b . | ||
876 | |||
877 | TRAMP_REAL_BEGIN(kvmppc_skip_Hinterrupt) | ||
878 | @@ -1438,7 +1549,7 @@ TRAMP_REAL_BEGIN(kvmppc_skip_Hinterrupt) | ||
879 | addi r13, r13, 4 | ||
880 | mtspr SPRN_HSRR0, r13 | ||
881 | GET_SCRATCH0(r13) | ||
882 | - hrfid | ||
883 | + HRFI_TO_KERNEL | ||
884 | b . | ||
885 | #endif | ||
886 | |||
887 | diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c | ||
888 | index b89c6aac48c9..935059cb9e40 100644 | ||
889 | --- a/arch/powerpc/kernel/setup_64.c | ||
890 | +++ b/arch/powerpc/kernel/setup_64.c | ||
891 | @@ -784,3 +784,104 @@ static int __init disable_hardlockup_detector(void) | ||
892 | return 0; | ||
893 | } | ||
894 | early_initcall(disable_hardlockup_detector); | ||
895 | + | ||
896 | +#ifdef CONFIG_PPC_BOOK3S_64 | ||
897 | +static enum l1d_flush_type enabled_flush_types; | ||
898 | +static void *l1d_flush_fallback_area; | ||
899 | +static bool no_rfi_flush; | ||
900 | +bool rfi_flush; | ||
901 | + | ||
902 | +static int __init handle_no_rfi_flush(char *p) | ||
903 | +{ | ||
904 | + pr_info("rfi-flush: disabled on command line."); | ||
905 | + no_rfi_flush = true; | ||
906 | + return 0; | ||
907 | +} | ||
908 | +early_param("no_rfi_flush", handle_no_rfi_flush); | ||
909 | + | ||
910 | +/* | ||
911 | + * The RFI flush is not KPTI, but because users will see doco that says to use | ||
912 | + * nopti we hijack that option here to also disable the RFI flush. | ||
913 | + */ | ||
914 | +static int __init handle_no_pti(char *p) | ||
915 | +{ | ||
916 | + pr_info("rfi-flush: disabling due to 'nopti' on command line.\n"); | ||
917 | + handle_no_rfi_flush(NULL); | ||
918 | + return 0; | ||
919 | +} | ||
920 | +early_param("nopti", handle_no_pti); | ||
921 | + | ||
922 | +static void do_nothing(void *unused) | ||
923 | +{ | ||
924 | + /* | ||
925 | + * We don't need to do the flush explicitly, just enter+exit kernel is | ||
926 | + * sufficient, the RFI exit handlers will do the right thing. | ||
927 | + */ | ||
928 | +} | ||
929 | + | ||
930 | +void rfi_flush_enable(bool enable) | ||
931 | +{ | ||
932 | + if (rfi_flush == enable) | ||
933 | + return; | ||
934 | + | ||
935 | + if (enable) { | ||
936 | + do_rfi_flush_fixups(enabled_flush_types); | ||
937 | + on_each_cpu(do_nothing, NULL, 1); | ||
938 | + } else | ||
939 | + do_rfi_flush_fixups(L1D_FLUSH_NONE); | ||
940 | + | ||
941 | + rfi_flush = enable; | ||
942 | +} | ||
943 | + | ||
944 | +static void init_fallback_flush(void) | ||
945 | +{ | ||
946 | + u64 l1d_size, limit; | ||
947 | + int cpu; | ||
948 | + | ||
949 | + l1d_size = ppc64_caches.l1d.size; | ||
950 | + limit = min(safe_stack_limit(), ppc64_rma_size); | ||
951 | + | ||
952 | + /* | ||
953 | + * Align to L1d size, and size it at 2x L1d size, to catch possible | ||
954 | + * hardware prefetch runoff. We don't have a recipe for load patterns to | ||
955 | + * reliably avoid the prefetcher. | ||
956 | + */ | ||
957 | + l1d_flush_fallback_area = __va(memblock_alloc_base(l1d_size * 2, l1d_size, limit)); | ||
958 | + memset(l1d_flush_fallback_area, 0, l1d_size * 2); | ||
959 | + | ||
960 | + for_each_possible_cpu(cpu) { | ||
961 | + /* | ||
962 | + * The fallback flush is currently coded for 8-way | ||
963 | + * associativity. Different associativity is possible, but it | ||
964 | + * will be treated as 8-way and may not evict the lines as | ||
965 | + * effectively. | ||
966 | + * | ||
967 | + * 128 byte lines are mandatory. | ||
968 | + */ | ||
969 | + u64 c = l1d_size / 8; | ||
970 | + | ||
971 | + paca[cpu].rfi_flush_fallback_area = l1d_flush_fallback_area; | ||
972 | + paca[cpu].l1d_flush_congruence = c; | ||
973 | + paca[cpu].l1d_flush_sets = c / 128; | ||
974 | + } | ||
975 | +} | ||
976 | + | ||
977 | +void __init setup_rfi_flush(enum l1d_flush_type types, bool enable) | ||
978 | +{ | ||
979 | + if (types & L1D_FLUSH_FALLBACK) { | ||
980 | + pr_info("rfi-flush: Using fallback displacement flush\n"); | ||
981 | + init_fallback_flush(); | ||
982 | + } | ||
983 | + | ||
984 | + if (types & L1D_FLUSH_ORI) | ||
985 | + pr_info("rfi-flush: Using ori type flush\n"); | ||
986 | + | ||
987 | + if (types & L1D_FLUSH_MTTRIG) | ||
988 | + pr_info("rfi-flush: Using mttrig type flush\n"); | ||
989 | + | ||
990 | + enabled_flush_types = types; | ||
991 | + | ||
992 | + if (!no_rfi_flush) | ||
993 | + rfi_flush_enable(enable); | ||
994 | +} | ||
995 | +#endif /* CONFIG_PPC_BOOK3S_64 */ | ||
996 | diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S | ||
997 | index 0494e1566ee2..307843d23682 100644 | ||
998 | --- a/arch/powerpc/kernel/vmlinux.lds.S | ||
999 | +++ b/arch/powerpc/kernel/vmlinux.lds.S | ||
1000 | @@ -132,6 +132,15 @@ SECTIONS | ||
1001 | /* Read-only data */ | ||
1002 | RO_DATA(PAGE_SIZE) | ||
1003 | |||
1004 | +#ifdef CONFIG_PPC64 | ||
1005 | + . = ALIGN(8); | ||
1006 | + __rfi_flush_fixup : AT(ADDR(__rfi_flush_fixup) - LOAD_OFFSET) { | ||
1007 | + __start___rfi_flush_fixup = .; | ||
1008 | + *(__rfi_flush_fixup) | ||
1009 | + __stop___rfi_flush_fixup = .; | ||
1010 | + } | ||
1011 | +#endif | ||
1012 | + | ||
1013 | EXCEPTION_TABLE(0) | ||
1014 | |||
1015 | NOTES :kernel :notes | ||
1016 | diff --git a/arch/powerpc/kvm/book3s_hv_rmhandlers.S b/arch/powerpc/kvm/book3s_hv_rmhandlers.S | ||
1017 | index 42639fba89e8..c85ac5c83bd4 100644 | ||
1018 | --- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S | ||
1019 | +++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S | ||
1020 | @@ -78,7 +78,7 @@ _GLOBAL_TOC(kvmppc_hv_entry_trampoline) | ||
1021 | mtmsrd r0,1 /* clear RI in MSR */ | ||
1022 | mtsrr0 r5 | ||
1023 | mtsrr1 r6 | ||
1024 | - RFI | ||
1025 | + RFI_TO_KERNEL | ||
1026 | |||
1027 | kvmppc_call_hv_entry: | ||
1028 | ld r4, HSTATE_KVM_VCPU(r13) | ||
1029 | @@ -187,7 +187,7 @@ END_FTR_SECTION_IFCLR(CPU_FTR_ARCH_300) | ||
1030 | mtmsrd r6, 1 /* Clear RI in MSR */ | ||
1031 | mtsrr0 r8 | ||
1032 | mtsrr1 r7 | ||
1033 | - RFI | ||
1034 | + RFI_TO_KERNEL | ||
1035 | |||
1036 | /* Virtual-mode return */ | ||
1037 | .Lvirt_return: | ||
1038 | @@ -1131,8 +1131,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300) | ||
1039 | |||
1040 | ld r0, VCPU_GPR(R0)(r4) | ||
1041 | ld r4, VCPU_GPR(R4)(r4) | ||
1042 | - | ||
1043 | - hrfid | ||
1044 | + HRFI_TO_GUEST | ||
1045 | b . | ||
1046 | |||
1047 | secondary_too_late: | ||
1048 | diff --git a/arch/powerpc/kvm/book3s_rmhandlers.S b/arch/powerpc/kvm/book3s_rmhandlers.S | ||
1049 | index 42a4b237df5f..34a5adeff084 100644 | ||
1050 | --- a/arch/powerpc/kvm/book3s_rmhandlers.S | ||
1051 | +++ b/arch/powerpc/kvm/book3s_rmhandlers.S | ||
1052 | @@ -46,6 +46,9 @@ | ||
1053 | |||
1054 | #define FUNC(name) name | ||
1055 | |||
1056 | +#define RFI_TO_KERNEL RFI | ||
1057 | +#define RFI_TO_GUEST RFI | ||
1058 | + | ||
1059 | .macro INTERRUPT_TRAMPOLINE intno | ||
1060 | |||
1061 | .global kvmppc_trampoline_\intno | ||
1062 | @@ -141,7 +144,7 @@ kvmppc_handler_skip_ins: | ||
1063 | GET_SCRATCH0(r13) | ||
1064 | |||
1065 | /* And get back into the code */ | ||
1066 | - RFI | ||
1067 | + RFI_TO_KERNEL | ||
1068 | #endif | ||
1069 | |||
1070 | /* | ||
1071 | @@ -164,6 +167,6 @@ _GLOBAL_TOC(kvmppc_entry_trampoline) | ||
1072 | ori r5, r5, MSR_EE | ||
1073 | mtsrr0 r7 | ||
1074 | mtsrr1 r6 | ||
1075 | - RFI | ||
1076 | + RFI_TO_KERNEL | ||
1077 | |||
1078 | #include "book3s_segment.S" | ||
1079 | diff --git a/arch/powerpc/kvm/book3s_segment.S b/arch/powerpc/kvm/book3s_segment.S | ||
1080 | index 2a2b96d53999..93a180ceefad 100644 | ||
1081 | --- a/arch/powerpc/kvm/book3s_segment.S | ||
1082 | +++ b/arch/powerpc/kvm/book3s_segment.S | ||
1083 | @@ -156,7 +156,7 @@ no_dcbz32_on: | ||
1084 | PPC_LL r9, SVCPU_R9(r3) | ||
1085 | PPC_LL r3, (SVCPU_R3)(r3) | ||
1086 | |||
1087 | - RFI | ||
1088 | + RFI_TO_GUEST | ||
1089 | kvmppc_handler_trampoline_enter_end: | ||
1090 | |||
1091 | |||
1092 | @@ -407,5 +407,5 @@ END_FTR_SECTION_IFSET(CPU_FTR_HVMODE) | ||
1093 | cmpwi r12, BOOK3S_INTERRUPT_DOORBELL | ||
1094 | beqa BOOK3S_INTERRUPT_DOORBELL | ||
1095 | |||
1096 | - RFI | ||
1097 | + RFI_TO_KERNEL | ||
1098 | kvmppc_handler_trampoline_exit_end: | ||
1099 | diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c | ||
1100 | index 41cf5ae273cf..a95ea007d654 100644 | ||
1101 | --- a/arch/powerpc/lib/feature-fixups.c | ||
1102 | +++ b/arch/powerpc/lib/feature-fixups.c | ||
1103 | @@ -116,6 +116,47 @@ void do_feature_fixups(unsigned long value, void *fixup_start, void *fixup_end) | ||
1104 | } | ||
1105 | } | ||
1106 | |||
1107 | +#ifdef CONFIG_PPC_BOOK3S_64 | ||
1108 | +void do_rfi_flush_fixups(enum l1d_flush_type types) | ||
1109 | +{ | ||
1110 | + unsigned int instrs[3], *dest; | ||
1111 | + long *start, *end; | ||
1112 | + int i; | ||
1113 | + | ||
1114 | + start = PTRRELOC(&__start___rfi_flush_fixup), | ||
1115 | + end = PTRRELOC(&__stop___rfi_flush_fixup); | ||
1116 | + | ||
1117 | + instrs[0] = 0x60000000; /* nop */ | ||
1118 | + instrs[1] = 0x60000000; /* nop */ | ||
1119 | + instrs[2] = 0x60000000; /* nop */ | ||
1120 | + | ||
1121 | + if (types & L1D_FLUSH_FALLBACK) | ||
1122 | + /* b .+16 to fallback flush */ | ||
1123 | + instrs[0] = 0x48000010; | ||
1124 | + | ||
1125 | + i = 0; | ||
1126 | + if (types & L1D_FLUSH_ORI) { | ||
1127 | + instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */ | ||
1128 | + instrs[i++] = 0x63de0000; /* ori 30,30,0 L1d flush*/ | ||
1129 | + } | ||
1130 | + | ||
1131 | + if (types & L1D_FLUSH_MTTRIG) | ||
1132 | + instrs[i++] = 0x7c12dba6; /* mtspr TRIG2,r0 (SPR #882) */ | ||
1133 | + | ||
1134 | + for (i = 0; start < end; start++, i++) { | ||
1135 | + dest = (void *)start + *start; | ||
1136 | + | ||
1137 | + pr_devel("patching dest %lx\n", (unsigned long)dest); | ||
1138 | + | ||
1139 | + patch_instruction(dest, instrs[0]); | ||
1140 | + patch_instruction(dest + 1, instrs[1]); | ||
1141 | + patch_instruction(dest + 2, instrs[2]); | ||
1142 | + } | ||
1143 | + | ||
1144 | + printk(KERN_DEBUG "rfi-flush: patched %d locations\n", i); | ||
1145 | +} | ||
1146 | +#endif /* CONFIG_PPC_BOOK3S_64 */ | ||
1147 | + | ||
1148 | void do_lwsync_fixups(unsigned long value, void *fixup_start, void *fixup_end) | ||
1149 | { | ||
1150 | long *start, *end; | ||
1151 | diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c | ||
1152 | index bfe2aa702973..7966a314d93a 100644 | ||
1153 | --- a/arch/powerpc/platforms/powernv/setup.c | ||
1154 | +++ b/arch/powerpc/platforms/powernv/setup.c | ||
1155 | @@ -36,13 +36,62 @@ | ||
1156 | #include <asm/opal.h> | ||
1157 | #include <asm/kexec.h> | ||
1158 | #include <asm/smp.h> | ||
1159 | +#include <asm/setup.h> | ||
1160 | |||
1161 | #include "powernv.h" | ||
1162 | |||
1163 | +static void pnv_setup_rfi_flush(void) | ||
1164 | +{ | ||
1165 | + struct device_node *np, *fw_features; | ||
1166 | + enum l1d_flush_type type; | ||
1167 | + int enable; | ||
1168 | + | ||
1169 | + /* Default to fallback in case fw-features are not available */ | ||
1170 | + type = L1D_FLUSH_FALLBACK; | ||
1171 | + enable = 1; | ||
1172 | + | ||
1173 | + np = of_find_node_by_name(NULL, "ibm,opal"); | ||
1174 | + fw_features = of_get_child_by_name(np, "fw-features"); | ||
1175 | + of_node_put(np); | ||
1176 | + | ||
1177 | + if (fw_features) { | ||
1178 | + np = of_get_child_by_name(fw_features, "inst-l1d-flush-trig2"); | ||
1179 | + if (np && of_property_read_bool(np, "enabled")) | ||
1180 | + type = L1D_FLUSH_MTTRIG; | ||
1181 | + | ||
1182 | + of_node_put(np); | ||
1183 | + | ||
1184 | + np = of_get_child_by_name(fw_features, "inst-l1d-flush-ori30,30,0"); | ||
1185 | + if (np && of_property_read_bool(np, "enabled")) | ||
1186 | + type = L1D_FLUSH_ORI; | ||
1187 | + | ||
1188 | + of_node_put(np); | ||
1189 | + | ||
1190 | + /* Enable unless firmware says NOT to */ | ||
1191 | + enable = 2; | ||
1192 | + np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-hv-1-to-0"); | ||
1193 | + if (np && of_property_read_bool(np, "disabled")) | ||
1194 | + enable--; | ||
1195 | + | ||
1196 | + of_node_put(np); | ||
1197 | + | ||
1198 | + np = of_get_child_by_name(fw_features, "needs-l1d-flush-msr-pr-0-to-1"); | ||
1199 | + if (np && of_property_read_bool(np, "disabled")) | ||
1200 | + enable--; | ||
1201 | + | ||
1202 | + of_node_put(np); | ||
1203 | + of_node_put(fw_features); | ||
1204 | + } | ||
1205 | + | ||
1206 | + setup_rfi_flush(type, enable > 0); | ||
1207 | +} | ||
1208 | + | ||
1209 | static void __init pnv_setup_arch(void) | ||
1210 | { | ||
1211 | set_arch_panic_timeout(10, ARCH_PANIC_TIMEOUT); | ||
1212 | |||
1213 | + pnv_setup_rfi_flush(); | ||
1214 | + | ||
1215 | /* Initialize SMP */ | ||
1216 | pnv_smp_init(); | ||
1217 | |||
1218 | diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c | ||
1219 | index a8531e012658..ae4f596273b5 100644 | ||
1220 | --- a/arch/powerpc/platforms/pseries/setup.c | ||
1221 | +++ b/arch/powerpc/platforms/pseries/setup.c | ||
1222 | @@ -459,6 +459,39 @@ static void __init find_and_init_phbs(void) | ||
1223 | of_pci_check_probe_only(); | ||
1224 | } | ||
1225 | |||
1226 | +static void pseries_setup_rfi_flush(void) | ||
1227 | +{ | ||
1228 | + struct h_cpu_char_result result; | ||
1229 | + enum l1d_flush_type types; | ||
1230 | + bool enable; | ||
1231 | + long rc; | ||
1232 | + | ||
1233 | + /* Enable by default */ | ||
1234 | + enable = true; | ||
1235 | + | ||
1236 | + rc = plpar_get_cpu_characteristics(&result); | ||
1237 | + if (rc == H_SUCCESS) { | ||
1238 | + types = L1D_FLUSH_NONE; | ||
1239 | + | ||
1240 | + if (result.character & H_CPU_CHAR_L1D_FLUSH_TRIG2) | ||
1241 | + types |= L1D_FLUSH_MTTRIG; | ||
1242 | + if (result.character & H_CPU_CHAR_L1D_FLUSH_ORI30) | ||
1243 | + types |= L1D_FLUSH_ORI; | ||
1244 | + | ||
1245 | + /* Use fallback if nothing set in hcall */ | ||
1246 | + if (types == L1D_FLUSH_NONE) | ||
1247 | + types = L1D_FLUSH_FALLBACK; | ||
1248 | + | ||
1249 | + if (!(result.behaviour & H_CPU_BEHAV_L1D_FLUSH_PR)) | ||
1250 | + enable = false; | ||
1251 | + } else { | ||
1252 | + /* Default to fallback if case hcall is not available */ | ||
1253 | + types = L1D_FLUSH_FALLBACK; | ||
1254 | + } | ||
1255 | + | ||
1256 | + setup_rfi_flush(types, enable); | ||
1257 | +} | ||
1258 | + | ||
1259 | static void __init pSeries_setup_arch(void) | ||
1260 | { | ||
1261 | set_arch_panic_timeout(10, ARCH_PANIC_TIMEOUT); | ||
1262 | @@ -476,6 +509,8 @@ static void __init pSeries_setup_arch(void) | ||
1263 | |||
1264 | fwnmi_init(); | ||
1265 | |||
1266 | + pseries_setup_rfi_flush(); | ||
1267 | + | ||
1268 | /* By default, only probe PCI (can be overridden by rtas_pci) */ | ||
1269 | pci_add_flags(PCI_PROBE_ONLY); | ||
1270 | |||
1271 | diff --git a/arch/x86/entry/entry_32.S b/arch/x86/entry/entry_32.S | ||
1272 | index a1f28a54f23a..60c4c342316c 100644 | ||
1273 | --- a/arch/x86/entry/entry_32.S | ||
1274 | +++ b/arch/x86/entry/entry_32.S | ||
1275 | @@ -244,6 +244,17 @@ ENTRY(__switch_to_asm) | ||
1276 | movl %ebx, PER_CPU_VAR(stack_canary)+stack_canary_offset | ||
1277 | #endif | ||
1278 | |||
1279 | +#ifdef CONFIG_RETPOLINE | ||
1280 | + /* | ||
1281 | + * When switching from a shallower to a deeper call stack | ||
1282 | + * the RSB may either underflow or use entries populated | ||
1283 | + * with userspace addresses. On CPUs where those concerns | ||
1284 | + * exist, overwrite the RSB with entries which capture | ||
1285 | + * speculative execution to prevent attack. | ||
1286 | + */ | ||
1287 | + FILL_RETURN_BUFFER %ebx, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_CTXSW | ||
1288 | +#endif | ||
1289 | + | ||
1290 | /* restore callee-saved registers */ | ||
1291 | popl %esi | ||
1292 | popl %edi | ||
1293 | diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S | ||
1294 | index f5fda5f26e34..be6b66464f6a 100644 | ||
1295 | --- a/arch/x86/entry/entry_64.S | ||
1296 | +++ b/arch/x86/entry/entry_64.S | ||
1297 | @@ -487,6 +487,17 @@ ENTRY(__switch_to_asm) | ||
1298 | movq %rbx, PER_CPU_VAR(irq_stack_union)+stack_canary_offset | ||
1299 | #endif | ||
1300 | |||
1301 | +#ifdef CONFIG_RETPOLINE | ||
1302 | + /* | ||
1303 | + * When switching from a shallower to a deeper call stack | ||
1304 | + * the RSB may either underflow or use entries populated | ||
1305 | + * with userspace addresses. On CPUs where those concerns | ||
1306 | + * exist, overwrite the RSB with entries which capture | ||
1307 | + * speculative execution to prevent attack. | ||
1308 | + */ | ||
1309 | + FILL_RETURN_BUFFER %r12, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_CTXSW | ||
1310 | +#endif | ||
1311 | + | ||
1312 | /* restore callee-saved registers */ | ||
1313 | popq %r15 | ||
1314 | popq %r14 | ||
1315 | @@ -1247,7 +1258,7 @@ idtentry async_page_fault do_async_page_fault has_error_code=1 | ||
1316 | #endif | ||
1317 | |||
1318 | #ifdef CONFIG_X86_MCE | ||
1319 | -idtentry machine_check has_error_code=0 paranoid=1 do_sym=*machine_check_vector(%rip) | ||
1320 | +idtentry machine_check do_mce has_error_code=0 paranoid=1 | ||
1321 | #endif | ||
1322 | |||
1323 | /* | ||
1324 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h | ||
1325 | index f275447862f4..25b9375c1484 100644 | ||
1326 | --- a/arch/x86/include/asm/cpufeatures.h | ||
1327 | +++ b/arch/x86/include/asm/cpufeatures.h | ||
1328 | @@ -206,11 +206,11 @@ | ||
1329 | #define X86_FEATURE_RETPOLINE ( 7*32+12) /* Generic Retpoline mitigation for Spectre variant 2 */ | ||
1330 | #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* AMD Retpoline mitigation for Spectre variant 2 */ | ||
1331 | #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */ | ||
1332 | -#define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ | ||
1333 | #define X86_FEATURE_AVX512_4VNNIW ( 7*32+16) /* AVX-512 Neural Network Instructions */ | ||
1334 | #define X86_FEATURE_AVX512_4FMAPS ( 7*32+17) /* AVX-512 Multiply Accumulation Single precision */ | ||
1335 | |||
1336 | #define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */ | ||
1337 | +#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */ | ||
1338 | |||
1339 | /* Virtualization flags: Linux defined, word 8 */ | ||
1340 | #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ | ||
1341 | @@ -245,6 +245,7 @@ | ||
1342 | #define X86_FEATURE_AVX512IFMA ( 9*32+21) /* AVX-512 Integer Fused Multiply-Add instructions */ | ||
1343 | #define X86_FEATURE_CLFLUSHOPT ( 9*32+23) /* CLFLUSHOPT instruction */ | ||
1344 | #define X86_FEATURE_CLWB ( 9*32+24) /* CLWB instruction */ | ||
1345 | +#define X86_FEATURE_INTEL_PT ( 9*32+25) /* Intel Processor Trace */ | ||
1346 | #define X86_FEATURE_AVX512PF ( 9*32+26) /* AVX-512 Prefetch */ | ||
1347 | #define X86_FEATURE_AVX512ER ( 9*32+27) /* AVX-512 Exponential and Reciprocal */ | ||
1348 | #define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */ | ||
1349 | diff --git a/arch/x86/include/asm/mem_encrypt.h b/arch/x86/include/asm/mem_encrypt.h | ||
1350 | index 6a77c63540f7..e7d96c0766fe 100644 | ||
1351 | --- a/arch/x86/include/asm/mem_encrypt.h | ||
1352 | +++ b/arch/x86/include/asm/mem_encrypt.h | ||
1353 | @@ -39,7 +39,7 @@ void __init sme_unmap_bootdata(char *real_mode_data); | ||
1354 | |||
1355 | void __init sme_early_init(void); | ||
1356 | |||
1357 | -void __init sme_encrypt_kernel(void); | ||
1358 | +void __init sme_encrypt_kernel(struct boot_params *bp); | ||
1359 | void __init sme_enable(struct boot_params *bp); | ||
1360 | |||
1361 | /* Architecture __weak replacement functions */ | ||
1362 | @@ -61,7 +61,7 @@ static inline void __init sme_unmap_bootdata(char *real_mode_data) { } | ||
1363 | |||
1364 | static inline void __init sme_early_init(void) { } | ||
1365 | |||
1366 | -static inline void __init sme_encrypt_kernel(void) { } | ||
1367 | +static inline void __init sme_encrypt_kernel(struct boot_params *bp) { } | ||
1368 | static inline void __init sme_enable(struct boot_params *bp) { } | ||
1369 | |||
1370 | #endif /* CONFIG_AMD_MEM_ENCRYPT */ | ||
1371 | diff --git a/arch/x86/include/asm/nospec-branch.h b/arch/x86/include/asm/nospec-branch.h | ||
1372 | index 402a11c803c3..4ad41087ce0e 100644 | ||
1373 | --- a/arch/x86/include/asm/nospec-branch.h | ||
1374 | +++ b/arch/x86/include/asm/nospec-branch.h | ||
1375 | @@ -11,7 +11,7 @@ | ||
1376 | * Fill the CPU return stack buffer. | ||
1377 | * | ||
1378 | * Each entry in the RSB, if used for a speculative 'ret', contains an | ||
1379 | - * infinite 'pause; jmp' loop to capture speculative execution. | ||
1380 | + * infinite 'pause; lfence; jmp' loop to capture speculative execution. | ||
1381 | * | ||
1382 | * This is required in various cases for retpoline and IBRS-based | ||
1383 | * mitigations for the Spectre variant 2 vulnerability. Sometimes to | ||
1384 | @@ -38,11 +38,13 @@ | ||
1385 | call 772f; \ | ||
1386 | 773: /* speculation trap */ \ | ||
1387 | pause; \ | ||
1388 | + lfence; \ | ||
1389 | jmp 773b; \ | ||
1390 | 772: \ | ||
1391 | call 774f; \ | ||
1392 | 775: /* speculation trap */ \ | ||
1393 | pause; \ | ||
1394 | + lfence; \ | ||
1395 | jmp 775b; \ | ||
1396 | 774: \ | ||
1397 | dec reg; \ | ||
1398 | @@ -73,6 +75,7 @@ | ||
1399 | call .Ldo_rop_\@ | ||
1400 | .Lspec_trap_\@: | ||
1401 | pause | ||
1402 | + lfence | ||
1403 | jmp .Lspec_trap_\@ | ||
1404 | .Ldo_rop_\@: | ||
1405 | mov \reg, (%_ASM_SP) | ||
1406 | @@ -165,6 +168,7 @@ | ||
1407 | " .align 16\n" \ | ||
1408 | "901: call 903f;\n" \ | ||
1409 | "902: pause;\n" \ | ||
1410 | + " lfence;\n" \ | ||
1411 | " jmp 902b;\n" \ | ||
1412 | " .align 16\n" \ | ||
1413 | "903: addl $4, %%esp;\n" \ | ||
1414 | @@ -190,6 +194,9 @@ enum spectre_v2_mitigation { | ||
1415 | SPECTRE_V2_IBRS, | ||
1416 | }; | ||
1417 | |||
1418 | +extern char __indirect_thunk_start[]; | ||
1419 | +extern char __indirect_thunk_end[]; | ||
1420 | + | ||
1421 | /* | ||
1422 | * On VMEXIT we must ensure that no RSB predictions learned in the guest | ||
1423 | * can be followed in the host, by overwriting the RSB completely. Both | ||
1424 | @@ -199,16 +206,17 @@ enum spectre_v2_mitigation { | ||
1425 | static inline void vmexit_fill_RSB(void) | ||
1426 | { | ||
1427 | #ifdef CONFIG_RETPOLINE | ||
1428 | - unsigned long loops = RSB_CLEAR_LOOPS / 2; | ||
1429 | + unsigned long loops; | ||
1430 | |||
1431 | asm volatile (ANNOTATE_NOSPEC_ALTERNATIVE | ||
1432 | ALTERNATIVE("jmp 910f", | ||
1433 | __stringify(__FILL_RETURN_BUFFER(%0, RSB_CLEAR_LOOPS, %1)), | ||
1434 | X86_FEATURE_RETPOLINE) | ||
1435 | "910:" | ||
1436 | - : "=&r" (loops), ASM_CALL_CONSTRAINT | ||
1437 | - : "r" (loops) : "memory" ); | ||
1438 | + : "=r" (loops), ASM_CALL_CONSTRAINT | ||
1439 | + : : "memory" ); | ||
1440 | #endif | ||
1441 | } | ||
1442 | + | ||
1443 | #endif /* __ASSEMBLY__ */ | ||
1444 | #endif /* __NOSPEC_BRANCH_H__ */ | ||
1445 | diff --git a/arch/x86/include/asm/traps.h b/arch/x86/include/asm/traps.h | ||
1446 | index 31051f35cbb7..3de69330e6c5 100644 | ||
1447 | --- a/arch/x86/include/asm/traps.h | ||
1448 | +++ b/arch/x86/include/asm/traps.h | ||
1449 | @@ -88,6 +88,7 @@ dotraplinkage void do_simd_coprocessor_error(struct pt_regs *, long); | ||
1450 | #ifdef CONFIG_X86_32 | ||
1451 | dotraplinkage void do_iret_error(struct pt_regs *, long); | ||
1452 | #endif | ||
1453 | +dotraplinkage void do_mce(struct pt_regs *, long); | ||
1454 | |||
1455 | static inline int get_si_code(unsigned long condition) | ||
1456 | { | ||
1457 | diff --git a/arch/x86/kernel/apic/vector.c b/arch/x86/kernel/apic/vector.c | ||
1458 | index 88c214e75a6b..2ce1c708b8ee 100644 | ||
1459 | --- a/arch/x86/kernel/apic/vector.c | ||
1460 | +++ b/arch/x86/kernel/apic/vector.c | ||
1461 | @@ -369,8 +369,11 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq, | ||
1462 | irq_data->hwirq = virq + i; | ||
1463 | err = assign_irq_vector_policy(virq + i, node, data, info, | ||
1464 | irq_data); | ||
1465 | - if (err) | ||
1466 | + if (err) { | ||
1467 | + irq_data->chip_data = NULL; | ||
1468 | + free_apic_chip_data(data); | ||
1469 | goto error; | ||
1470 | + } | ||
1471 | /* | ||
1472 | * If the apic destination mode is physical, then the | ||
1473 | * effective affinity is restricted to a single target | ||
1474 | @@ -383,7 +386,7 @@ static int x86_vector_alloc_irqs(struct irq_domain *domain, unsigned int virq, | ||
1475 | return 0; | ||
1476 | |||
1477 | error: | ||
1478 | - x86_vector_free_irqs(domain, virq, i + 1); | ||
1479 | + x86_vector_free_irqs(domain, virq, i); | ||
1480 | return err; | ||
1481 | } | ||
1482 | |||
1483 | diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c | ||
1484 | index e4dc26185aa7..390b3dc3d438 100644 | ||
1485 | --- a/arch/x86/kernel/cpu/bugs.c | ||
1486 | +++ b/arch/x86/kernel/cpu/bugs.c | ||
1487 | @@ -23,6 +23,7 @@ | ||
1488 | #include <asm/alternative.h> | ||
1489 | #include <asm/pgtable.h> | ||
1490 | #include <asm/set_memory.h> | ||
1491 | +#include <asm/intel-family.h> | ||
1492 | |||
1493 | static void __init spectre_v2_select_mitigation(void); | ||
1494 | |||
1495 | @@ -155,6 +156,23 @@ static enum spectre_v2_mitigation_cmd __init spectre_v2_parse_cmdline(void) | ||
1496 | return SPECTRE_V2_CMD_NONE; | ||
1497 | } | ||
1498 | |||
1499 | +/* Check for Skylake-like CPUs (for RSB handling) */ | ||
1500 | +static bool __init is_skylake_era(void) | ||
1501 | +{ | ||
1502 | + if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && | ||
1503 | + boot_cpu_data.x86 == 6) { | ||
1504 | + switch (boot_cpu_data.x86_model) { | ||
1505 | + case INTEL_FAM6_SKYLAKE_MOBILE: | ||
1506 | + case INTEL_FAM6_SKYLAKE_DESKTOP: | ||
1507 | + case INTEL_FAM6_SKYLAKE_X: | ||
1508 | + case INTEL_FAM6_KABYLAKE_MOBILE: | ||
1509 | + case INTEL_FAM6_KABYLAKE_DESKTOP: | ||
1510 | + return true; | ||
1511 | + } | ||
1512 | + } | ||
1513 | + return false; | ||
1514 | +} | ||
1515 | + | ||
1516 | static void __init spectre_v2_select_mitigation(void) | ||
1517 | { | ||
1518 | enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); | ||
1519 | @@ -213,6 +231,24 @@ static void __init spectre_v2_select_mitigation(void) | ||
1520 | |||
1521 | spectre_v2_enabled = mode; | ||
1522 | pr_info("%s\n", spectre_v2_strings[mode]); | ||
1523 | + | ||
1524 | + /* | ||
1525 | + * If neither SMEP or KPTI are available, there is a risk of | ||
1526 | + * hitting userspace addresses in the RSB after a context switch | ||
1527 | + * from a shallow call stack to a deeper one. To prevent this fill | ||
1528 | + * the entire RSB, even when using IBRS. | ||
1529 | + * | ||
1530 | + * Skylake era CPUs have a separate issue with *underflow* of the | ||
1531 | + * RSB, when they will predict 'ret' targets from the generic BTB. | ||
1532 | + * The proper mitigation for this is IBRS. If IBRS is not supported | ||
1533 | + * or deactivated in favour of retpolines the RSB fill on context | ||
1534 | + * switch is required. | ||
1535 | + */ | ||
1536 | + if ((!boot_cpu_has(X86_FEATURE_PTI) && | ||
1537 | + !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { | ||
1538 | + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); | ||
1539 | + pr_info("Filling RSB on context switch\n"); | ||
1540 | + } | ||
1541 | } | ||
1542 | |||
1543 | #undef pr_fmt | ||
1544 | diff --git a/arch/x86/kernel/cpu/intel_rdt.c b/arch/x86/kernel/cpu/intel_rdt.c | ||
1545 | index 88dcf8479013..99442370de40 100644 | ||
1546 | --- a/arch/x86/kernel/cpu/intel_rdt.c | ||
1547 | +++ b/arch/x86/kernel/cpu/intel_rdt.c | ||
1548 | @@ -525,10 +525,6 @@ static void domain_remove_cpu(int cpu, struct rdt_resource *r) | ||
1549 | */ | ||
1550 | if (static_branch_unlikely(&rdt_mon_enable_key)) | ||
1551 | rmdir_mondata_subdir_allrdtgrp(r, d->id); | ||
1552 | - kfree(d->ctrl_val); | ||
1553 | - kfree(d->rmid_busy_llc); | ||
1554 | - kfree(d->mbm_total); | ||
1555 | - kfree(d->mbm_local); | ||
1556 | list_del(&d->list); | ||
1557 | if (is_mbm_enabled()) | ||
1558 | cancel_delayed_work(&d->mbm_over); | ||
1559 | @@ -545,6 +541,10 @@ static void domain_remove_cpu(int cpu, struct rdt_resource *r) | ||
1560 | cancel_delayed_work(&d->cqm_limbo); | ||
1561 | } | ||
1562 | |||
1563 | + kfree(d->ctrl_val); | ||
1564 | + kfree(d->rmid_busy_llc); | ||
1565 | + kfree(d->mbm_total); | ||
1566 | + kfree(d->mbm_local); | ||
1567 | kfree(d); | ||
1568 | return; | ||
1569 | } | ||
1570 | diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c | ||
1571 | index 3b413065c613..a9e898b71208 100644 | ||
1572 | --- a/arch/x86/kernel/cpu/mcheck/mce.c | ||
1573 | +++ b/arch/x86/kernel/cpu/mcheck/mce.c | ||
1574 | @@ -1788,6 +1788,11 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) | ||
1575 | void (*machine_check_vector)(struct pt_regs *, long error_code) = | ||
1576 | unexpected_machine_check; | ||
1577 | |||
1578 | +dotraplinkage void do_mce(struct pt_regs *regs, long error_code) | ||
1579 | +{ | ||
1580 | + machine_check_vector(regs, error_code); | ||
1581 | +} | ||
1582 | + | ||
1583 | /* | ||
1584 | * Called for each booted CPU to set up machine checks. | ||
1585 | * Must be called with preempt off: | ||
1586 | diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c | ||
1587 | index 05459ad3db46..d0e69769abfd 100644 | ||
1588 | --- a/arch/x86/kernel/cpu/scattered.c | ||
1589 | +++ b/arch/x86/kernel/cpu/scattered.c | ||
1590 | @@ -21,7 +21,6 @@ struct cpuid_bit { | ||
1591 | static const struct cpuid_bit cpuid_bits[] = { | ||
1592 | { X86_FEATURE_APERFMPERF, CPUID_ECX, 0, 0x00000006, 0 }, | ||
1593 | { X86_FEATURE_EPB, CPUID_ECX, 3, 0x00000006, 0 }, | ||
1594 | - { X86_FEATURE_INTEL_PT, CPUID_EBX, 25, 0x00000007, 0 }, | ||
1595 | { X86_FEATURE_AVX512_4VNNIW, CPUID_EDX, 2, 0x00000007, 0 }, | ||
1596 | { X86_FEATURE_AVX512_4FMAPS, CPUID_EDX, 3, 0x00000007, 0 }, | ||
1597 | { X86_FEATURE_CAT_L3, CPUID_EBX, 1, 0x00000010, 0 }, | ||
1598 | diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c | ||
1599 | index 6a5d757b9cfd..7ba5d819ebe3 100644 | ||
1600 | --- a/arch/x86/kernel/head64.c | ||
1601 | +++ b/arch/x86/kernel/head64.c | ||
1602 | @@ -157,8 +157,8 @@ unsigned long __head __startup_64(unsigned long physaddr, | ||
1603 | p = fixup_pointer(&phys_base, physaddr); | ||
1604 | *p += load_delta - sme_get_me_mask(); | ||
1605 | |||
1606 | - /* Encrypt the kernel (if SME is active) */ | ||
1607 | - sme_encrypt_kernel(); | ||
1608 | + /* Encrypt the kernel and related (if SME is active) */ | ||
1609 | + sme_encrypt_kernel(bp); | ||
1610 | |||
1611 | /* | ||
1612 | * Return the SME encryption mask (if SME is active) to be used as a | ||
1613 | diff --git a/arch/x86/kernel/idt.c b/arch/x86/kernel/idt.c | ||
1614 | index 014cb2fc47ff..236917bac5f2 100644 | ||
1615 | --- a/arch/x86/kernel/idt.c | ||
1616 | +++ b/arch/x86/kernel/idt.c | ||
1617 | @@ -56,7 +56,7 @@ struct idt_data { | ||
1618 | * Early traps running on the DEFAULT_STACK because the other interrupt | ||
1619 | * stacks work only after cpu_init(). | ||
1620 | */ | ||
1621 | -static const __initdata struct idt_data early_idts[] = { | ||
1622 | +static const __initconst struct idt_data early_idts[] = { | ||
1623 | INTG(X86_TRAP_DB, debug), | ||
1624 | SYSG(X86_TRAP_BP, int3), | ||
1625 | #ifdef CONFIG_X86_32 | ||
1626 | @@ -70,7 +70,7 @@ static const __initdata struct idt_data early_idts[] = { | ||
1627 | * the traps which use them are reinitialized with IST after cpu_init() has | ||
1628 | * set up TSS. | ||
1629 | */ | ||
1630 | -static const __initdata struct idt_data def_idts[] = { | ||
1631 | +static const __initconst struct idt_data def_idts[] = { | ||
1632 | INTG(X86_TRAP_DE, divide_error), | ||
1633 | INTG(X86_TRAP_NMI, nmi), | ||
1634 | INTG(X86_TRAP_BR, bounds), | ||
1635 | @@ -108,7 +108,7 @@ static const __initdata struct idt_data def_idts[] = { | ||
1636 | /* | ||
1637 | * The APIC and SMP idt entries | ||
1638 | */ | ||
1639 | -static const __initdata struct idt_data apic_idts[] = { | ||
1640 | +static const __initconst struct idt_data apic_idts[] = { | ||
1641 | #ifdef CONFIG_SMP | ||
1642 | INTG(RESCHEDULE_VECTOR, reschedule_interrupt), | ||
1643 | INTG(CALL_FUNCTION_VECTOR, call_function_interrupt), | ||
1644 | @@ -150,7 +150,7 @@ static const __initdata struct idt_data apic_idts[] = { | ||
1645 | * Early traps running on the DEFAULT_STACK because the other interrupt | ||
1646 | * stacks work only after cpu_init(). | ||
1647 | */ | ||
1648 | -static const __initdata struct idt_data early_pf_idts[] = { | ||
1649 | +static const __initconst struct idt_data early_pf_idts[] = { | ||
1650 | INTG(X86_TRAP_PF, page_fault), | ||
1651 | }; | ||
1652 | |||
1653 | @@ -158,7 +158,7 @@ static const __initdata struct idt_data early_pf_idts[] = { | ||
1654 | * Override for the debug_idt. Same as the default, but with interrupt | ||
1655 | * stack set to DEFAULT_STACK (0). Required for NMI trap handling. | ||
1656 | */ | ||
1657 | -static const __initdata struct idt_data dbg_idts[] = { | ||
1658 | +static const __initconst struct idt_data dbg_idts[] = { | ||
1659 | INTG(X86_TRAP_DB, debug), | ||
1660 | INTG(X86_TRAP_BP, int3), | ||
1661 | }; | ||
1662 | @@ -180,7 +180,7 @@ gate_desc debug_idt_table[IDT_ENTRIES] __page_aligned_bss; | ||
1663 | * The exceptions which use Interrupt stacks. They are setup after | ||
1664 | * cpu_init() when the TSS has been initialized. | ||
1665 | */ | ||
1666 | -static const __initdata struct idt_data ist_idts[] = { | ||
1667 | +static const __initconst struct idt_data ist_idts[] = { | ||
1668 | ISTG(X86_TRAP_DB, debug, DEBUG_STACK), | ||
1669 | ISTG(X86_TRAP_NMI, nmi, NMI_STACK), | ||
1670 | SISTG(X86_TRAP_BP, int3, DEBUG_STACK), | ||
1671 | diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c | ||
1672 | index 4f98aad38237..3668f28cf5fc 100644 | ||
1673 | --- a/arch/x86/kernel/kprobes/opt.c | ||
1674 | +++ b/arch/x86/kernel/kprobes/opt.c | ||
1675 | @@ -40,6 +40,7 @@ | ||
1676 | #include <asm/debugreg.h> | ||
1677 | #include <asm/set_memory.h> | ||
1678 | #include <asm/sections.h> | ||
1679 | +#include <asm/nospec-branch.h> | ||
1680 | |||
1681 | #include "common.h" | ||
1682 | |||
1683 | @@ -205,7 +206,7 @@ static int copy_optimized_instructions(u8 *dest, u8 *src) | ||
1684 | } | ||
1685 | |||
1686 | /* Check whether insn is indirect jump */ | ||
1687 | -static int insn_is_indirect_jump(struct insn *insn) | ||
1688 | +static int __insn_is_indirect_jump(struct insn *insn) | ||
1689 | { | ||
1690 | return ((insn->opcode.bytes[0] == 0xff && | ||
1691 | (X86_MODRM_REG(insn->modrm.value) & 6) == 4) || /* Jump */ | ||
1692 | @@ -239,6 +240,26 @@ static int insn_jump_into_range(struct insn *insn, unsigned long start, int len) | ||
1693 | return (start <= target && target <= start + len); | ||
1694 | } | ||
1695 | |||
1696 | +static int insn_is_indirect_jump(struct insn *insn) | ||
1697 | +{ | ||
1698 | + int ret = __insn_is_indirect_jump(insn); | ||
1699 | + | ||
1700 | +#ifdef CONFIG_RETPOLINE | ||
1701 | + /* | ||
1702 | + * Jump to x86_indirect_thunk_* is treated as an indirect jump. | ||
1703 | + * Note that even with CONFIG_RETPOLINE=y, the kernel compiled with | ||
1704 | + * older gcc may use indirect jump. So we add this check instead of | ||
1705 | + * replace indirect-jump check. | ||
1706 | + */ | ||
1707 | + if (!ret) | ||
1708 | + ret = insn_jump_into_range(insn, | ||
1709 | + (unsigned long)__indirect_thunk_start, | ||
1710 | + (unsigned long)__indirect_thunk_end - | ||
1711 | + (unsigned long)__indirect_thunk_start); | ||
1712 | +#endif | ||
1713 | + return ret; | ||
1714 | +} | ||
1715 | + | ||
1716 | /* Decode whole function to ensure any instructions don't jump into target */ | ||
1717 | static int can_optimize(unsigned long paddr) | ||
1718 | { | ||
1719 | diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c | ||
1720 | index 3cb2486c47e4..8bd1d8292cf7 100644 | ||
1721 | --- a/arch/x86/kernel/process.c | ||
1722 | +++ b/arch/x86/kernel/process.c | ||
1723 | @@ -380,19 +380,24 @@ void stop_this_cpu(void *dummy) | ||
1724 | disable_local_APIC(); | ||
1725 | mcheck_cpu_clear(this_cpu_ptr(&cpu_info)); | ||
1726 | |||
1727 | + /* | ||
1728 | + * Use wbinvd on processors that support SME. This provides support | ||
1729 | + * for performing a successful kexec when going from SME inactive | ||
1730 | + * to SME active (or vice-versa). The cache must be cleared so that | ||
1731 | + * if there are entries with the same physical address, both with and | ||
1732 | + * without the encryption bit, they don't race each other when flushed | ||
1733 | + * and potentially end up with the wrong entry being committed to | ||
1734 | + * memory. | ||
1735 | + */ | ||
1736 | + if (boot_cpu_has(X86_FEATURE_SME)) | ||
1737 | + native_wbinvd(); | ||
1738 | for (;;) { | ||
1739 | /* | ||
1740 | - * Use wbinvd followed by hlt to stop the processor. This | ||
1741 | - * provides support for kexec on a processor that supports | ||
1742 | - * SME. With kexec, going from SME inactive to SME active | ||
1743 | - * requires clearing cache entries so that addresses without | ||
1744 | - * the encryption bit set don't corrupt the same physical | ||
1745 | - * address that has the encryption bit set when caches are | ||
1746 | - * flushed. To achieve this a wbinvd is performed followed by | ||
1747 | - * a hlt. Even if the processor is not in the kexec/SME | ||
1748 | - * scenario this only adds a wbinvd to a halting processor. | ||
1749 | + * Use native_halt() so that memory contents don't change | ||
1750 | + * (stack usage and variables) after possibly issuing the | ||
1751 | + * native_wbinvd() above. | ||
1752 | */ | ||
1753 | - asm volatile("wbinvd; hlt" : : : "memory"); | ||
1754 | + native_halt(); | ||
1755 | } | ||
1756 | } | ||
1757 | |||
1758 | diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c | ||
1759 | index 0957dd73d127..e84cb4c75cd0 100644 | ||
1760 | --- a/arch/x86/kernel/setup.c | ||
1761 | +++ b/arch/x86/kernel/setup.c | ||
1762 | @@ -376,14 +376,6 @@ static void __init reserve_initrd(void) | ||
1763 | !ramdisk_image || !ramdisk_size) | ||
1764 | return; /* No initrd provided by bootloader */ | ||
1765 | |||
1766 | - /* | ||
1767 | - * If SME is active, this memory will be marked encrypted by the | ||
1768 | - * kernel when it is accessed (including relocation). However, the | ||
1769 | - * ramdisk image was loaded decrypted by the bootloader, so make | ||
1770 | - * sure that it is encrypted before accessing it. | ||
1771 | - */ | ||
1772 | - sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); | ||
1773 | - | ||
1774 | initrd_start = 0; | ||
1775 | |||
1776 | mapped_size = memblock_mem_size(max_pfn_mapped); | ||
1777 | diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c | ||
1778 | index ad2b925a808e..47506567435e 100644 | ||
1779 | --- a/arch/x86/kernel/tsc.c | ||
1780 | +++ b/arch/x86/kernel/tsc.c | ||
1781 | @@ -602,7 +602,6 @@ unsigned long native_calibrate_tsc(void) | ||
1782 | case INTEL_FAM6_KABYLAKE_DESKTOP: | ||
1783 | crystal_khz = 24000; /* 24.0 MHz */ | ||
1784 | break; | ||
1785 | - case INTEL_FAM6_SKYLAKE_X: | ||
1786 | case INTEL_FAM6_ATOM_DENVERTON: | ||
1787 | crystal_khz = 25000; /* 25.0 MHz */ | ||
1788 | break; | ||
1789 | @@ -612,6 +611,8 @@ unsigned long native_calibrate_tsc(void) | ||
1790 | } | ||
1791 | } | ||
1792 | |||
1793 | + if (crystal_khz == 0) | ||
1794 | + return 0; | ||
1795 | /* | ||
1796 | * TSC frequency determined by CPUID is a "hardware reported" | ||
1797 | * frequency and is the most accurate one so far we have. This | ||
1798 | diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S | ||
1799 | index 1e413a9326aa..9b138a06c1a4 100644 | ||
1800 | --- a/arch/x86/kernel/vmlinux.lds.S | ||
1801 | +++ b/arch/x86/kernel/vmlinux.lds.S | ||
1802 | @@ -124,6 +124,12 @@ SECTIONS | ||
1803 | ASSERT(. - _entry_trampoline == PAGE_SIZE, "entry trampoline is too big"); | ||
1804 | #endif | ||
1805 | |||
1806 | +#ifdef CONFIG_RETPOLINE | ||
1807 | + __indirect_thunk_start = .; | ||
1808 | + *(.text.__x86.indirect_thunk) | ||
1809 | + __indirect_thunk_end = .; | ||
1810 | +#endif | ||
1811 | + | ||
1812 | /* End of text section */ | ||
1813 | _etext = .; | ||
1814 | } :text = 0x9090 | ||
1815 | diff --git a/arch/x86/lib/retpoline.S b/arch/x86/lib/retpoline.S | ||
1816 | index cb45c6cb465f..dfb2ba91b670 100644 | ||
1817 | --- a/arch/x86/lib/retpoline.S | ||
1818 | +++ b/arch/x86/lib/retpoline.S | ||
1819 | @@ -9,7 +9,7 @@ | ||
1820 | #include <asm/nospec-branch.h> | ||
1821 | |||
1822 | .macro THUNK reg | ||
1823 | - .section .text.__x86.indirect_thunk.\reg | ||
1824 | + .section .text.__x86.indirect_thunk | ||
1825 | |||
1826 | ENTRY(__x86_indirect_thunk_\reg) | ||
1827 | CFI_STARTPROC | ||
1828 | @@ -25,7 +25,8 @@ ENDPROC(__x86_indirect_thunk_\reg) | ||
1829 | * than one per register with the correct names. So we do it | ||
1830 | * the simple and nasty way... | ||
1831 | */ | ||
1832 | -#define EXPORT_THUNK(reg) EXPORT_SYMBOL(__x86_indirect_thunk_ ## reg) | ||
1833 | +#define __EXPORT_THUNK(sym) _ASM_NOKPROBE(sym); EXPORT_SYMBOL(sym) | ||
1834 | +#define EXPORT_THUNK(reg) __EXPORT_THUNK(__x86_indirect_thunk_ ## reg) | ||
1835 | #define GENERATE_THUNK(reg) THUNK reg ; EXPORT_THUNK(reg) | ||
1836 | |||
1837 | GENERATE_THUNK(_ASM_AX) | ||
1838 | diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c | ||
1839 | index 3109ba6c6ede..b264b590eeec 100644 | ||
1840 | --- a/arch/x86/mm/fault.c | ||
1841 | +++ b/arch/x86/mm/fault.c | ||
1842 | @@ -173,14 +173,15 @@ is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr) | ||
1843 | * 6. T1 : reaches here, sees vma_pkey(vma)=5, when we really | ||
1844 | * faulted on a pte with its pkey=4. | ||
1845 | */ | ||
1846 | -static void fill_sig_info_pkey(int si_code, siginfo_t *info, u32 *pkey) | ||
1847 | +static void fill_sig_info_pkey(int si_signo, int si_code, siginfo_t *info, | ||
1848 | + u32 *pkey) | ||
1849 | { | ||
1850 | /* This is effectively an #ifdef */ | ||
1851 | if (!boot_cpu_has(X86_FEATURE_OSPKE)) | ||
1852 | return; | ||
1853 | |||
1854 | /* Fault not from Protection Keys: nothing to do */ | ||
1855 | - if (si_code != SEGV_PKUERR) | ||
1856 | + if ((si_code != SEGV_PKUERR) || (si_signo != SIGSEGV)) | ||
1857 | return; | ||
1858 | /* | ||
1859 | * force_sig_info_fault() is called from a number of | ||
1860 | @@ -219,7 +220,7 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address, | ||
1861 | lsb = PAGE_SHIFT; | ||
1862 | info.si_addr_lsb = lsb; | ||
1863 | |||
1864 | - fill_sig_info_pkey(si_code, &info, pkey); | ||
1865 | + fill_sig_info_pkey(si_signo, si_code, &info, pkey); | ||
1866 | |||
1867 | force_sig_info(si_signo, &info, tsk); | ||
1868 | } | ||
1869 | diff --git a/arch/x86/mm/kasan_init_64.c b/arch/x86/mm/kasan_init_64.c | ||
1870 | index 47388f0c0e59..af6f2f9c6a26 100644 | ||
1871 | --- a/arch/x86/mm/kasan_init_64.c | ||
1872 | +++ b/arch/x86/mm/kasan_init_64.c | ||
1873 | @@ -21,10 +21,14 @@ extern struct range pfn_mapped[E820_MAX_ENTRIES]; | ||
1874 | |||
1875 | static p4d_t tmp_p4d_table[PTRS_PER_P4D] __initdata __aligned(PAGE_SIZE); | ||
1876 | |||
1877 | -static __init void *early_alloc(size_t size, int nid) | ||
1878 | +static __init void *early_alloc(size_t size, int nid, bool panic) | ||
1879 | { | ||
1880 | - return memblock_virt_alloc_try_nid_nopanic(size, size, | ||
1881 | - __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); | ||
1882 | + if (panic) | ||
1883 | + return memblock_virt_alloc_try_nid(size, size, | ||
1884 | + __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); | ||
1885 | + else | ||
1886 | + return memblock_virt_alloc_try_nid_nopanic(size, size, | ||
1887 | + __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); | ||
1888 | } | ||
1889 | |||
1890 | static void __init kasan_populate_pmd(pmd_t *pmd, unsigned long addr, | ||
1891 | @@ -38,14 +42,14 @@ static void __init kasan_populate_pmd(pmd_t *pmd, unsigned long addr, | ||
1892 | if (boot_cpu_has(X86_FEATURE_PSE) && | ||
1893 | ((end - addr) == PMD_SIZE) && | ||
1894 | IS_ALIGNED(addr, PMD_SIZE)) { | ||
1895 | - p = early_alloc(PMD_SIZE, nid); | ||
1896 | + p = early_alloc(PMD_SIZE, nid, false); | ||
1897 | if (p && pmd_set_huge(pmd, __pa(p), PAGE_KERNEL)) | ||
1898 | return; | ||
1899 | else if (p) | ||
1900 | memblock_free(__pa(p), PMD_SIZE); | ||
1901 | } | ||
1902 | |||
1903 | - p = early_alloc(PAGE_SIZE, nid); | ||
1904 | + p = early_alloc(PAGE_SIZE, nid, true); | ||
1905 | pmd_populate_kernel(&init_mm, pmd, p); | ||
1906 | } | ||
1907 | |||
1908 | @@ -57,7 +61,7 @@ static void __init kasan_populate_pmd(pmd_t *pmd, unsigned long addr, | ||
1909 | if (!pte_none(*pte)) | ||
1910 | continue; | ||
1911 | |||
1912 | - p = early_alloc(PAGE_SIZE, nid); | ||
1913 | + p = early_alloc(PAGE_SIZE, nid, true); | ||
1914 | entry = pfn_pte(PFN_DOWN(__pa(p)), PAGE_KERNEL); | ||
1915 | set_pte_at(&init_mm, addr, pte, entry); | ||
1916 | } while (pte++, addr += PAGE_SIZE, addr != end); | ||
1917 | @@ -75,14 +79,14 @@ static void __init kasan_populate_pud(pud_t *pud, unsigned long addr, | ||
1918 | if (boot_cpu_has(X86_FEATURE_GBPAGES) && | ||
1919 | ((end - addr) == PUD_SIZE) && | ||
1920 | IS_ALIGNED(addr, PUD_SIZE)) { | ||
1921 | - p = early_alloc(PUD_SIZE, nid); | ||
1922 | + p = early_alloc(PUD_SIZE, nid, false); | ||
1923 | if (p && pud_set_huge(pud, __pa(p), PAGE_KERNEL)) | ||
1924 | return; | ||
1925 | else if (p) | ||
1926 | memblock_free(__pa(p), PUD_SIZE); | ||
1927 | } | ||
1928 | |||
1929 | - p = early_alloc(PAGE_SIZE, nid); | ||
1930 | + p = early_alloc(PAGE_SIZE, nid, true); | ||
1931 | pud_populate(&init_mm, pud, p); | ||
1932 | } | ||
1933 | |||
1934 | @@ -101,7 +105,7 @@ static void __init kasan_populate_p4d(p4d_t *p4d, unsigned long addr, | ||
1935 | unsigned long next; | ||
1936 | |||
1937 | if (p4d_none(*p4d)) { | ||
1938 | - void *p = early_alloc(PAGE_SIZE, nid); | ||
1939 | + void *p = early_alloc(PAGE_SIZE, nid, true); | ||
1940 | |||
1941 | p4d_populate(&init_mm, p4d, p); | ||
1942 | } | ||
1943 | @@ -122,7 +126,7 @@ static void __init kasan_populate_pgd(pgd_t *pgd, unsigned long addr, | ||
1944 | unsigned long next; | ||
1945 | |||
1946 | if (pgd_none(*pgd)) { | ||
1947 | - p = early_alloc(PAGE_SIZE, nid); | ||
1948 | + p = early_alloc(PAGE_SIZE, nid, true); | ||
1949 | pgd_populate(&init_mm, pgd, p); | ||
1950 | } | ||
1951 | |||
1952 | diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c | ||
1953 | index 0286327e65fa..48c03c74c7f4 100644 | ||
1954 | --- a/arch/x86/mm/mem_encrypt.c | ||
1955 | +++ b/arch/x86/mm/mem_encrypt.c | ||
1956 | @@ -213,37 +213,62 @@ void swiotlb_set_mem_attributes(void *vaddr, unsigned long size) | ||
1957 | set_memory_decrypted((unsigned long)vaddr, size >> PAGE_SHIFT); | ||
1958 | } | ||
1959 | |||
1960 | -static void __init sme_clear_pgd(pgd_t *pgd_base, unsigned long start, | ||
1961 | - unsigned long end) | ||
1962 | +struct sme_populate_pgd_data { | ||
1963 | + void *pgtable_area; | ||
1964 | + pgd_t *pgd; | ||
1965 | + | ||
1966 | + pmdval_t pmd_flags; | ||
1967 | + pteval_t pte_flags; | ||
1968 | + unsigned long paddr; | ||
1969 | + | ||
1970 | + unsigned long vaddr; | ||
1971 | + unsigned long vaddr_end; | ||
1972 | +}; | ||
1973 | + | ||
1974 | +static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) | ||
1975 | { | ||
1976 | unsigned long pgd_start, pgd_end, pgd_size; | ||
1977 | pgd_t *pgd_p; | ||
1978 | |||
1979 | - pgd_start = start & PGDIR_MASK; | ||
1980 | - pgd_end = end & PGDIR_MASK; | ||
1981 | + pgd_start = ppd->vaddr & PGDIR_MASK; | ||
1982 | + pgd_end = ppd->vaddr_end & PGDIR_MASK; | ||
1983 | |||
1984 | - pgd_size = (((pgd_end - pgd_start) / PGDIR_SIZE) + 1); | ||
1985 | - pgd_size *= sizeof(pgd_t); | ||
1986 | + pgd_size = (((pgd_end - pgd_start) / PGDIR_SIZE) + 1) * sizeof(pgd_t); | ||
1987 | |||
1988 | - pgd_p = pgd_base + pgd_index(start); | ||
1989 | + pgd_p = ppd->pgd + pgd_index(ppd->vaddr); | ||
1990 | |||
1991 | memset(pgd_p, 0, pgd_size); | ||
1992 | } | ||
1993 | |||
1994 | -#define PGD_FLAGS _KERNPG_TABLE_NOENC | ||
1995 | -#define P4D_FLAGS _KERNPG_TABLE_NOENC | ||
1996 | -#define PUD_FLAGS _KERNPG_TABLE_NOENC | ||
1997 | -#define PMD_FLAGS (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) | ||
1998 | +#define PGD_FLAGS _KERNPG_TABLE_NOENC | ||
1999 | +#define P4D_FLAGS _KERNPG_TABLE_NOENC | ||
2000 | +#define PUD_FLAGS _KERNPG_TABLE_NOENC | ||
2001 | +#define PMD_FLAGS _KERNPG_TABLE_NOENC | ||
2002 | + | ||
2003 | +#define PMD_FLAGS_LARGE (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) | ||
2004 | + | ||
2005 | +#define PMD_FLAGS_DEC PMD_FLAGS_LARGE | ||
2006 | +#define PMD_FLAGS_DEC_WP ((PMD_FLAGS_DEC & ~_PAGE_CACHE_MASK) | \ | ||
2007 | + (_PAGE_PAT | _PAGE_PWT)) | ||
2008 | + | ||
2009 | +#define PMD_FLAGS_ENC (PMD_FLAGS_LARGE | _PAGE_ENC) | ||
2010 | + | ||
2011 | +#define PTE_FLAGS (__PAGE_KERNEL_EXEC & ~_PAGE_GLOBAL) | ||
2012 | + | ||
2013 | +#define PTE_FLAGS_DEC PTE_FLAGS | ||
2014 | +#define PTE_FLAGS_DEC_WP ((PTE_FLAGS_DEC & ~_PAGE_CACHE_MASK) | \ | ||
2015 | + (_PAGE_PAT | _PAGE_PWT)) | ||
2016 | + | ||
2017 | +#define PTE_FLAGS_ENC (PTE_FLAGS | _PAGE_ENC) | ||
2018 | |||
2019 | -static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, | ||
2020 | - unsigned long vaddr, pmdval_t pmd_val) | ||
2021 | +static pmd_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) | ||
2022 | { | ||
2023 | pgd_t *pgd_p; | ||
2024 | p4d_t *p4d_p; | ||
2025 | pud_t *pud_p; | ||
2026 | pmd_t *pmd_p; | ||
2027 | |||
2028 | - pgd_p = pgd_base + pgd_index(vaddr); | ||
2029 | + pgd_p = ppd->pgd + pgd_index(ppd->vaddr); | ||
2030 | if (native_pgd_val(*pgd_p)) { | ||
2031 | if (IS_ENABLED(CONFIG_X86_5LEVEL)) | ||
2032 | p4d_p = (p4d_t *)(native_pgd_val(*pgd_p) & ~PTE_FLAGS_MASK); | ||
2033 | @@ -253,15 +278,15 @@ static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, | ||
2034 | pgd_t pgd; | ||
2035 | |||
2036 | if (IS_ENABLED(CONFIG_X86_5LEVEL)) { | ||
2037 | - p4d_p = pgtable_area; | ||
2038 | + p4d_p = ppd->pgtable_area; | ||
2039 | memset(p4d_p, 0, sizeof(*p4d_p) * PTRS_PER_P4D); | ||
2040 | - pgtable_area += sizeof(*p4d_p) * PTRS_PER_P4D; | ||
2041 | + ppd->pgtable_area += sizeof(*p4d_p) * PTRS_PER_P4D; | ||
2042 | |||
2043 | pgd = native_make_pgd((pgdval_t)p4d_p + PGD_FLAGS); | ||
2044 | } else { | ||
2045 | - pud_p = pgtable_area; | ||
2046 | + pud_p = ppd->pgtable_area; | ||
2047 | memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD); | ||
2048 | - pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; | ||
2049 | + ppd->pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; | ||
2050 | |||
2051 | pgd = native_make_pgd((pgdval_t)pud_p + PGD_FLAGS); | ||
2052 | } | ||
2053 | @@ -269,58 +294,160 @@ static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, | ||
2054 | } | ||
2055 | |||
2056 | if (IS_ENABLED(CONFIG_X86_5LEVEL)) { | ||
2057 | - p4d_p += p4d_index(vaddr); | ||
2058 | + p4d_p += p4d_index(ppd->vaddr); | ||
2059 | if (native_p4d_val(*p4d_p)) { | ||
2060 | pud_p = (pud_t *)(native_p4d_val(*p4d_p) & ~PTE_FLAGS_MASK); | ||
2061 | } else { | ||
2062 | p4d_t p4d; | ||
2063 | |||
2064 | - pud_p = pgtable_area; | ||
2065 | + pud_p = ppd->pgtable_area; | ||
2066 | memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD); | ||
2067 | - pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; | ||
2068 | + ppd->pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; | ||
2069 | |||
2070 | p4d = native_make_p4d((pudval_t)pud_p + P4D_FLAGS); | ||
2071 | native_set_p4d(p4d_p, p4d); | ||
2072 | } | ||
2073 | } | ||
2074 | |||
2075 | - pud_p += pud_index(vaddr); | ||
2076 | + pud_p += pud_index(ppd->vaddr); | ||
2077 | if (native_pud_val(*pud_p)) { | ||
2078 | if (native_pud_val(*pud_p) & _PAGE_PSE) | ||
2079 | - goto out; | ||
2080 | + return NULL; | ||
2081 | |||
2082 | pmd_p = (pmd_t *)(native_pud_val(*pud_p) & ~PTE_FLAGS_MASK); | ||
2083 | } else { | ||
2084 | pud_t pud; | ||
2085 | |||
2086 | - pmd_p = pgtable_area; | ||
2087 | + pmd_p = ppd->pgtable_area; | ||
2088 | memset(pmd_p, 0, sizeof(*pmd_p) * PTRS_PER_PMD); | ||
2089 | - pgtable_area += sizeof(*pmd_p) * PTRS_PER_PMD; | ||
2090 | + ppd->pgtable_area += sizeof(*pmd_p) * PTRS_PER_PMD; | ||
2091 | |||
2092 | pud = native_make_pud((pmdval_t)pmd_p + PUD_FLAGS); | ||
2093 | native_set_pud(pud_p, pud); | ||
2094 | } | ||
2095 | |||
2096 | - pmd_p += pmd_index(vaddr); | ||
2097 | + return pmd_p; | ||
2098 | +} | ||
2099 | + | ||
2100 | +static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *ppd) | ||
2101 | +{ | ||
2102 | + pmd_t *pmd_p; | ||
2103 | + | ||
2104 | + pmd_p = sme_prepare_pgd(ppd); | ||
2105 | + if (!pmd_p) | ||
2106 | + return; | ||
2107 | + | ||
2108 | + pmd_p += pmd_index(ppd->vaddr); | ||
2109 | if (!native_pmd_val(*pmd_p) || !(native_pmd_val(*pmd_p) & _PAGE_PSE)) | ||
2110 | - native_set_pmd(pmd_p, native_make_pmd(pmd_val)); | ||
2111 | + native_set_pmd(pmd_p, native_make_pmd(ppd->paddr | ppd->pmd_flags)); | ||
2112 | +} | ||
2113 | + | ||
2114 | +static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) | ||
2115 | +{ | ||
2116 | + pmd_t *pmd_p; | ||
2117 | + pte_t *pte_p; | ||
2118 | + | ||
2119 | + pmd_p = sme_prepare_pgd(ppd); | ||
2120 | + if (!pmd_p) | ||
2121 | + return; | ||
2122 | + | ||
2123 | + pmd_p += pmd_index(ppd->vaddr); | ||
2124 | + if (native_pmd_val(*pmd_p)) { | ||
2125 | + if (native_pmd_val(*pmd_p) & _PAGE_PSE) | ||
2126 | + return; | ||
2127 | + | ||
2128 | + pte_p = (pte_t *)(native_pmd_val(*pmd_p) & ~PTE_FLAGS_MASK); | ||
2129 | + } else { | ||
2130 | + pmd_t pmd; | ||
2131 | + | ||
2132 | + pte_p = ppd->pgtable_area; | ||
2133 | + memset(pte_p, 0, sizeof(*pte_p) * PTRS_PER_PTE); | ||
2134 | + ppd->pgtable_area += sizeof(*pte_p) * PTRS_PER_PTE; | ||
2135 | + | ||
2136 | + pmd = native_make_pmd((pteval_t)pte_p + PMD_FLAGS); | ||
2137 | + native_set_pmd(pmd_p, pmd); | ||
2138 | + } | ||
2139 | |||
2140 | -out: | ||
2141 | - return pgtable_area; | ||
2142 | + pte_p += pte_index(ppd->vaddr); | ||
2143 | + if (!native_pte_val(*pte_p)) | ||
2144 | + native_set_pte(pte_p, native_make_pte(ppd->paddr | ppd->pte_flags)); | ||
2145 | +} | ||
2146 | + | ||
2147 | +static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) | ||
2148 | +{ | ||
2149 | + while (ppd->vaddr < ppd->vaddr_end) { | ||
2150 | + sme_populate_pgd_large(ppd); | ||
2151 | + | ||
2152 | + ppd->vaddr += PMD_PAGE_SIZE; | ||
2153 | + ppd->paddr += PMD_PAGE_SIZE; | ||
2154 | + } | ||
2155 | +} | ||
2156 | + | ||
2157 | +static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) | ||
2158 | +{ | ||
2159 | + while (ppd->vaddr < ppd->vaddr_end) { | ||
2160 | + sme_populate_pgd(ppd); | ||
2161 | + | ||
2162 | + ppd->vaddr += PAGE_SIZE; | ||
2163 | + ppd->paddr += PAGE_SIZE; | ||
2164 | + } | ||
2165 | +} | ||
2166 | + | ||
2167 | +static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, | ||
2168 | + pmdval_t pmd_flags, pteval_t pte_flags) | ||
2169 | +{ | ||
2170 | + unsigned long vaddr_end; | ||
2171 | + | ||
2172 | + ppd->pmd_flags = pmd_flags; | ||
2173 | + ppd->pte_flags = pte_flags; | ||
2174 | + | ||
2175 | + /* Save original end value since we modify the struct value */ | ||
2176 | + vaddr_end = ppd->vaddr_end; | ||
2177 | + | ||
2178 | + /* If start is not 2MB aligned, create PTE entries */ | ||
2179 | + ppd->vaddr_end = ALIGN(ppd->vaddr, PMD_PAGE_SIZE); | ||
2180 | + __sme_map_range_pte(ppd); | ||
2181 | + | ||
2182 | + /* Create PMD entries */ | ||
2183 | + ppd->vaddr_end = vaddr_end & PMD_PAGE_MASK; | ||
2184 | + __sme_map_range_pmd(ppd); | ||
2185 | + | ||
2186 | + /* If end is not 2MB aligned, create PTE entries */ | ||
2187 | + ppd->vaddr_end = vaddr_end; | ||
2188 | + __sme_map_range_pte(ppd); | ||
2189 | +} | ||
2190 | + | ||
2191 | +static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) | ||
2192 | +{ | ||
2193 | + __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); | ||
2194 | +} | ||
2195 | + | ||
2196 | +static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) | ||
2197 | +{ | ||
2198 | + __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); | ||
2199 | +} | ||
2200 | + | ||
2201 | +static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data *ppd) | ||
2202 | +{ | ||
2203 | + __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); | ||
2204 | } | ||
2205 | |||
2206 | static unsigned long __init sme_pgtable_calc(unsigned long len) | ||
2207 | { | ||
2208 | - unsigned long p4d_size, pud_size, pmd_size; | ||
2209 | + unsigned long p4d_size, pud_size, pmd_size, pte_size; | ||
2210 | unsigned long total; | ||
2211 | |||
2212 | /* | ||
2213 | * Perform a relatively simplistic calculation of the pagetable | ||
2214 | - * entries that are needed. That mappings will be covered by 2MB | ||
2215 | - * PMD entries so we can conservatively calculate the required | ||
2216 | + * entries that are needed. Those mappings will be covered mostly | ||
2217 | + * by 2MB PMD entries so we can conservatively calculate the required | ||
2218 | * number of P4D, PUD and PMD structures needed to perform the | ||
2219 | - * mappings. Incrementing the count for each covers the case where | ||
2220 | - * the addresses cross entries. | ||
2221 | + * mappings. For mappings that are not 2MB aligned, PTE mappings | ||
2222 | + * would be needed for the start and end portion of the address range | ||
2223 | + * that fall outside of the 2MB alignment. This results in, at most, | ||
2224 | + * two extra pages to hold PTE entries for each range that is mapped. | ||
2225 | + * Incrementing the count for each covers the case where the addresses | ||
2226 | + * cross entries. | ||
2227 | */ | ||
2228 | if (IS_ENABLED(CONFIG_X86_5LEVEL)) { | ||
2229 | p4d_size = (ALIGN(len, PGDIR_SIZE) / PGDIR_SIZE) + 1; | ||
2230 | @@ -334,8 +461,9 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) | ||
2231 | } | ||
2232 | pmd_size = (ALIGN(len, PUD_SIZE) / PUD_SIZE) + 1; | ||
2233 | pmd_size *= sizeof(pmd_t) * PTRS_PER_PMD; | ||
2234 | + pte_size = 2 * sizeof(pte_t) * PTRS_PER_PTE; | ||
2235 | |||
2236 | - total = p4d_size + pud_size + pmd_size; | ||
2237 | + total = p4d_size + pud_size + pmd_size + pte_size; | ||
2238 | |||
2239 | /* | ||
2240 | * Now calculate the added pagetable structures needed to populate | ||
2241 | @@ -359,29 +487,29 @@ static unsigned long __init sme_pgtable_calc(unsigned long len) | ||
2242 | return total; | ||
2243 | } | ||
2244 | |||
2245 | -void __init sme_encrypt_kernel(void) | ||
2246 | +void __init __nostackprotector sme_encrypt_kernel(struct boot_params *bp) | ||
2247 | { | ||
2248 | unsigned long workarea_start, workarea_end, workarea_len; | ||
2249 | unsigned long execute_start, execute_end, execute_len; | ||
2250 | unsigned long kernel_start, kernel_end, kernel_len; | ||
2251 | + unsigned long initrd_start, initrd_end, initrd_len; | ||
2252 | + struct sme_populate_pgd_data ppd; | ||
2253 | unsigned long pgtable_area_len; | ||
2254 | - unsigned long paddr, pmd_flags; | ||
2255 | unsigned long decrypted_base; | ||
2256 | - void *pgtable_area; | ||
2257 | - pgd_t *pgd; | ||
2258 | |||
2259 | if (!sme_active()) | ||
2260 | return; | ||
2261 | |||
2262 | /* | ||
2263 | - * Prepare for encrypting the kernel by building new pagetables with | ||
2264 | - * the necessary attributes needed to encrypt the kernel in place. | ||
2265 | + * Prepare for encrypting the kernel and initrd by building new | ||
2266 | + * pagetables with the necessary attributes needed to encrypt the | ||
2267 | + * kernel in place. | ||
2268 | * | ||
2269 | * One range of virtual addresses will map the memory occupied | ||
2270 | - * by the kernel as encrypted. | ||
2271 | + * by the kernel and initrd as encrypted. | ||
2272 | * | ||
2273 | * Another range of virtual addresses will map the memory occupied | ||
2274 | - * by the kernel as decrypted and write-protected. | ||
2275 | + * by the kernel and initrd as decrypted and write-protected. | ||
2276 | * | ||
2277 | * The use of write-protect attribute will prevent any of the | ||
2278 | * memory from being cached. | ||
2279 | @@ -392,6 +520,20 @@ void __init sme_encrypt_kernel(void) | ||
2280 | kernel_end = ALIGN(__pa_symbol(_end), PMD_PAGE_SIZE); | ||
2281 | kernel_len = kernel_end - kernel_start; | ||
2282 | |||
2283 | + initrd_start = 0; | ||
2284 | + initrd_end = 0; | ||
2285 | + initrd_len = 0; | ||
2286 | +#ifdef CONFIG_BLK_DEV_INITRD | ||
2287 | + initrd_len = (unsigned long)bp->hdr.ramdisk_size | | ||
2288 | + ((unsigned long)bp->ext_ramdisk_size << 32); | ||
2289 | + if (initrd_len) { | ||
2290 | + initrd_start = (unsigned long)bp->hdr.ramdisk_image | | ||
2291 | + ((unsigned long)bp->ext_ramdisk_image << 32); | ||
2292 | + initrd_end = PAGE_ALIGN(initrd_start + initrd_len); | ||
2293 | + initrd_len = initrd_end - initrd_start; | ||
2294 | + } | ||
2295 | +#endif | ||
2296 | + | ||
2297 | /* Set the encryption workarea to be immediately after the kernel */ | ||
2298 | workarea_start = kernel_end; | ||
2299 | |||
2300 | @@ -414,16 +556,21 @@ void __init sme_encrypt_kernel(void) | ||
2301 | */ | ||
2302 | pgtable_area_len = sizeof(pgd_t) * PTRS_PER_PGD; | ||
2303 | pgtable_area_len += sme_pgtable_calc(execute_end - kernel_start) * 2; | ||
2304 | + if (initrd_len) | ||
2305 | + pgtable_area_len += sme_pgtable_calc(initrd_len) * 2; | ||
2306 | |||
2307 | /* PUDs and PMDs needed in the current pagetables for the workarea */ | ||
2308 | pgtable_area_len += sme_pgtable_calc(execute_len + pgtable_area_len); | ||
2309 | |||
2310 | /* | ||
2311 | * The total workarea includes the executable encryption area and | ||
2312 | - * the pagetable area. | ||
2313 | + * the pagetable area. The start of the workarea is already 2MB | ||
2314 | + * aligned, align the end of the workarea on a 2MB boundary so that | ||
2315 | + * we don't try to create/allocate PTE entries from the workarea | ||
2316 | + * before it is mapped. | ||
2317 | */ | ||
2318 | workarea_len = execute_len + pgtable_area_len; | ||
2319 | - workarea_end = workarea_start + workarea_len; | ||
2320 | + workarea_end = ALIGN(workarea_start + workarea_len, PMD_PAGE_SIZE); | ||
2321 | |||
2322 | /* | ||
2323 | * Set the address to the start of where newly created pagetable | ||
2324 | @@ -432,45 +579,30 @@ void __init sme_encrypt_kernel(void) | ||
2325 | * pagetables and when the new encrypted and decrypted kernel | ||
2326 | * mappings are populated. | ||
2327 | */ | ||
2328 | - pgtable_area = (void *)execute_end; | ||
2329 | + ppd.pgtable_area = (void *)execute_end; | ||
2330 | |||
2331 | /* | ||
2332 | * Make sure the current pagetable structure has entries for | ||
2333 | * addressing the workarea. | ||
2334 | */ | ||
2335 | - pgd = (pgd_t *)native_read_cr3_pa(); | ||
2336 | - paddr = workarea_start; | ||
2337 | - while (paddr < workarea_end) { | ||
2338 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, | ||
2339 | - paddr, | ||
2340 | - paddr + PMD_FLAGS); | ||
2341 | - | ||
2342 | - paddr += PMD_PAGE_SIZE; | ||
2343 | - } | ||
2344 | + ppd.pgd = (pgd_t *)native_read_cr3_pa(); | ||
2345 | + ppd.paddr = workarea_start; | ||
2346 | + ppd.vaddr = workarea_start; | ||
2347 | + ppd.vaddr_end = workarea_end; | ||
2348 | + sme_map_range_decrypted(&ppd); | ||
2349 | |||
2350 | /* Flush the TLB - no globals so cr3 is enough */ | ||
2351 | native_write_cr3(__native_read_cr3()); | ||
2352 | |||
2353 | /* | ||
2354 | * A new pagetable structure is being built to allow for the kernel | ||
2355 | - * to be encrypted. It starts with an empty PGD that will then be | ||
2356 | - * populated with new PUDs and PMDs as the encrypted and decrypted | ||
2357 | - * kernel mappings are created. | ||
2358 | + * and initrd to be encrypted. It starts with an empty PGD that will | ||
2359 | + * then be populated with new PUDs and PMDs as the encrypted and | ||
2360 | + * decrypted kernel mappings are created. | ||
2361 | */ | ||
2362 | - pgd = pgtable_area; | ||
2363 | - memset(pgd, 0, sizeof(*pgd) * PTRS_PER_PGD); | ||
2364 | - pgtable_area += sizeof(*pgd) * PTRS_PER_PGD; | ||
2365 | - | ||
2366 | - /* Add encrypted kernel (identity) mappings */ | ||
2367 | - pmd_flags = PMD_FLAGS | _PAGE_ENC; | ||
2368 | - paddr = kernel_start; | ||
2369 | - while (paddr < kernel_end) { | ||
2370 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, | ||
2371 | - paddr, | ||
2372 | - paddr + pmd_flags); | ||
2373 | - | ||
2374 | - paddr += PMD_PAGE_SIZE; | ||
2375 | - } | ||
2376 | + ppd.pgd = ppd.pgtable_area; | ||
2377 | + memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); | ||
2378 | + ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; | ||
2379 | |||
2380 | /* | ||
2381 | * A different PGD index/entry must be used to get different | ||
2382 | @@ -479,47 +611,79 @@ void __init sme_encrypt_kernel(void) | ||
2383 | * the base of the mapping. | ||
2384 | */ | ||
2385 | decrypted_base = (pgd_index(workarea_end) + 1) & (PTRS_PER_PGD - 1); | ||
2386 | + if (initrd_len) { | ||
2387 | + unsigned long check_base; | ||
2388 | + | ||
2389 | + check_base = (pgd_index(initrd_end) + 1) & (PTRS_PER_PGD - 1); | ||
2390 | + decrypted_base = max(decrypted_base, check_base); | ||
2391 | + } | ||
2392 | decrypted_base <<= PGDIR_SHIFT; | ||
2393 | |||
2394 | + /* Add encrypted kernel (identity) mappings */ | ||
2395 | + ppd.paddr = kernel_start; | ||
2396 | + ppd.vaddr = kernel_start; | ||
2397 | + ppd.vaddr_end = kernel_end; | ||
2398 | + sme_map_range_encrypted(&ppd); | ||
2399 | + | ||
2400 | /* Add decrypted, write-protected kernel (non-identity) mappings */ | ||
2401 | - pmd_flags = (PMD_FLAGS & ~_PAGE_CACHE_MASK) | (_PAGE_PAT | _PAGE_PWT); | ||
2402 | - paddr = kernel_start; | ||
2403 | - while (paddr < kernel_end) { | ||
2404 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, | ||
2405 | - paddr + decrypted_base, | ||
2406 | - paddr + pmd_flags); | ||
2407 | - | ||
2408 | - paddr += PMD_PAGE_SIZE; | ||
2409 | + ppd.paddr = kernel_start; | ||
2410 | + ppd.vaddr = kernel_start + decrypted_base; | ||
2411 | + ppd.vaddr_end = kernel_end + decrypted_base; | ||
2412 | + sme_map_range_decrypted_wp(&ppd); | ||
2413 | + | ||
2414 | + if (initrd_len) { | ||
2415 | + /* Add encrypted initrd (identity) mappings */ | ||
2416 | + ppd.paddr = initrd_start; | ||
2417 | + ppd.vaddr = initrd_start; | ||
2418 | + ppd.vaddr_end = initrd_end; | ||
2419 | + sme_map_range_encrypted(&ppd); | ||
2420 | + /* | ||
2421 | + * Add decrypted, write-protected initrd (non-identity) mappings | ||
2422 | + */ | ||
2423 | + ppd.paddr = initrd_start; | ||
2424 | + ppd.vaddr = initrd_start + decrypted_base; | ||
2425 | + ppd.vaddr_end = initrd_end + decrypted_base; | ||
2426 | + sme_map_range_decrypted_wp(&ppd); | ||
2427 | } | ||
2428 | |||
2429 | /* Add decrypted workarea mappings to both kernel mappings */ | ||
2430 | - paddr = workarea_start; | ||
2431 | - while (paddr < workarea_end) { | ||
2432 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, | ||
2433 | - paddr, | ||
2434 | - paddr + PMD_FLAGS); | ||
2435 | + ppd.paddr = workarea_start; | ||
2436 | + ppd.vaddr = workarea_start; | ||
2437 | + ppd.vaddr_end = workarea_end; | ||
2438 | + sme_map_range_decrypted(&ppd); | ||
2439 | |||
2440 | - pgtable_area = sme_populate_pgd(pgd, pgtable_area, | ||
2441 | - paddr + decrypted_base, | ||
2442 | - paddr + PMD_FLAGS); | ||
2443 | - | ||
2444 | - paddr += PMD_PAGE_SIZE; | ||
2445 | - } | ||
2446 | + ppd.paddr = workarea_start; | ||
2447 | + ppd.vaddr = workarea_start + decrypted_base; | ||
2448 | + ppd.vaddr_end = workarea_end + decrypted_base; | ||
2449 | + sme_map_range_decrypted(&ppd); | ||
2450 | |||
2451 | /* Perform the encryption */ | ||
2452 | sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, | ||
2453 | - kernel_len, workarea_start, (unsigned long)pgd); | ||
2454 | + kernel_len, workarea_start, (unsigned long)ppd.pgd); | ||
2455 | + | ||
2456 | + if (initrd_len) | ||
2457 | + sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, | ||
2458 | + initrd_len, workarea_start, | ||
2459 | + (unsigned long)ppd.pgd); | ||
2460 | |||
2461 | /* | ||
2462 | * At this point we are running encrypted. Remove the mappings for | ||
2463 | * the decrypted areas - all that is needed for this is to remove | ||
2464 | * the PGD entry/entries. | ||
2465 | */ | ||
2466 | - sme_clear_pgd(pgd, kernel_start + decrypted_base, | ||
2467 | - kernel_end + decrypted_base); | ||
2468 | + ppd.vaddr = kernel_start + decrypted_base; | ||
2469 | + ppd.vaddr_end = kernel_end + decrypted_base; | ||
2470 | + sme_clear_pgd(&ppd); | ||
2471 | + | ||
2472 | + if (initrd_len) { | ||
2473 | + ppd.vaddr = initrd_start + decrypted_base; | ||
2474 | + ppd.vaddr_end = initrd_end + decrypted_base; | ||
2475 | + sme_clear_pgd(&ppd); | ||
2476 | + } | ||
2477 | |||
2478 | - sme_clear_pgd(pgd, workarea_start + decrypted_base, | ||
2479 | - workarea_end + decrypted_base); | ||
2480 | + ppd.vaddr = workarea_start + decrypted_base; | ||
2481 | + ppd.vaddr_end = workarea_end + decrypted_base; | ||
2482 | + sme_clear_pgd(&ppd); | ||
2483 | |||
2484 | /* Flush the TLB - no globals so cr3 is enough */ | ||
2485 | native_write_cr3(__native_read_cr3()); | ||
2486 | diff --git a/arch/x86/mm/mem_encrypt_boot.S b/arch/x86/mm/mem_encrypt_boot.S | ||
2487 | index 730e6d541df1..01f682cf77a8 100644 | ||
2488 | --- a/arch/x86/mm/mem_encrypt_boot.S | ||
2489 | +++ b/arch/x86/mm/mem_encrypt_boot.S | ||
2490 | @@ -22,9 +22,9 @@ ENTRY(sme_encrypt_execute) | ||
2491 | |||
2492 | /* | ||
2493 | * Entry parameters: | ||
2494 | - * RDI - virtual address for the encrypted kernel mapping | ||
2495 | - * RSI - virtual address for the decrypted kernel mapping | ||
2496 | - * RDX - length of kernel | ||
2497 | + * RDI - virtual address for the encrypted mapping | ||
2498 | + * RSI - virtual address for the decrypted mapping | ||
2499 | + * RDX - length to encrypt | ||
2500 | * RCX - virtual address of the encryption workarea, including: | ||
2501 | * - stack page (PAGE_SIZE) | ||
2502 | * - encryption routine page (PAGE_SIZE) | ||
2503 | @@ -41,9 +41,9 @@ ENTRY(sme_encrypt_execute) | ||
2504 | addq $PAGE_SIZE, %rax /* Workarea encryption routine */ | ||
2505 | |||
2506 | push %r12 | ||
2507 | - movq %rdi, %r10 /* Encrypted kernel */ | ||
2508 | - movq %rsi, %r11 /* Decrypted kernel */ | ||
2509 | - movq %rdx, %r12 /* Kernel length */ | ||
2510 | + movq %rdi, %r10 /* Encrypted area */ | ||
2511 | + movq %rsi, %r11 /* Decrypted area */ | ||
2512 | + movq %rdx, %r12 /* Area length */ | ||
2513 | |||
2514 | /* Copy encryption routine into the workarea */ | ||
2515 | movq %rax, %rdi /* Workarea encryption routine */ | ||
2516 | @@ -52,10 +52,10 @@ ENTRY(sme_encrypt_execute) | ||
2517 | rep movsb | ||
2518 | |||
2519 | /* Setup registers for call */ | ||
2520 | - movq %r10, %rdi /* Encrypted kernel */ | ||
2521 | - movq %r11, %rsi /* Decrypted kernel */ | ||
2522 | + movq %r10, %rdi /* Encrypted area */ | ||
2523 | + movq %r11, %rsi /* Decrypted area */ | ||
2524 | movq %r8, %rdx /* Pagetables used for encryption */ | ||
2525 | - movq %r12, %rcx /* Kernel length */ | ||
2526 | + movq %r12, %rcx /* Area length */ | ||
2527 | movq %rax, %r8 /* Workarea encryption routine */ | ||
2528 | addq $PAGE_SIZE, %r8 /* Workarea intermediate copy buffer */ | ||
2529 | |||
2530 | @@ -71,7 +71,7 @@ ENDPROC(sme_encrypt_execute) | ||
2531 | |||
2532 | ENTRY(__enc_copy) | ||
2533 | /* | ||
2534 | - * Routine used to encrypt kernel. | ||
2535 | + * Routine used to encrypt memory in place. | ||
2536 | * This routine must be run outside of the kernel proper since | ||
2537 | * the kernel will be encrypted during the process. So this | ||
2538 | * routine is defined here and then copied to an area outside | ||
2539 | @@ -79,19 +79,19 @@ ENTRY(__enc_copy) | ||
2540 | * during execution. | ||
2541 | * | ||
2542 | * On entry the registers must be: | ||
2543 | - * RDI - virtual address for the encrypted kernel mapping | ||
2544 | - * RSI - virtual address for the decrypted kernel mapping | ||
2545 | + * RDI - virtual address for the encrypted mapping | ||
2546 | + * RSI - virtual address for the decrypted mapping | ||
2547 | * RDX - address of the pagetables to use for encryption | ||
2548 | - * RCX - length of kernel | ||
2549 | + * RCX - length of area | ||
2550 | * R8 - intermediate copy buffer | ||
2551 | * | ||
2552 | * RAX - points to this routine | ||
2553 | * | ||
2554 | - * The kernel will be encrypted by copying from the non-encrypted | ||
2555 | - * kernel space to an intermediate buffer and then copying from the | ||
2556 | - * intermediate buffer back to the encrypted kernel space. The physical | ||
2557 | - * addresses of the two kernel space mappings are the same which | ||
2558 | - * results in the kernel being encrypted "in place". | ||
2559 | + * The area will be encrypted by copying from the non-encrypted | ||
2560 | + * memory space to an intermediate buffer and then copying from the | ||
2561 | + * intermediate buffer back to the encrypted memory space. The physical | ||
2562 | + * addresses of the two mappings are the same which results in the area | ||
2563 | + * being encrypted "in place". | ||
2564 | */ | ||
2565 | /* Enable the new page tables */ | ||
2566 | mov %rdx, %cr3 | ||
2567 | @@ -103,47 +103,55 @@ ENTRY(__enc_copy) | ||
2568 | orq $X86_CR4_PGE, %rdx | ||
2569 | mov %rdx, %cr4 | ||
2570 | |||
2571 | + push %r15 | ||
2572 | + push %r12 | ||
2573 | + | ||
2574 | + movq %rcx, %r9 /* Save area length */ | ||
2575 | + movq %rdi, %r10 /* Save encrypted area address */ | ||
2576 | + movq %rsi, %r11 /* Save decrypted area address */ | ||
2577 | + | ||
2578 | /* Set the PAT register PA5 entry to write-protect */ | ||
2579 | - push %rcx | ||
2580 | movl $MSR_IA32_CR_PAT, %ecx | ||
2581 | rdmsr | ||
2582 | - push %rdx /* Save original PAT value */ | ||
2583 | + mov %rdx, %r15 /* Save original PAT value */ | ||
2584 | andl $0xffff00ff, %edx /* Clear PA5 */ | ||
2585 | orl $0x00000500, %edx /* Set PA5 to WP */ | ||
2586 | wrmsr | ||
2587 | - pop %rdx /* RDX contains original PAT value */ | ||
2588 | - pop %rcx | ||
2589 | - | ||
2590 | - movq %rcx, %r9 /* Save kernel length */ | ||
2591 | - movq %rdi, %r10 /* Save encrypted kernel address */ | ||
2592 | - movq %rsi, %r11 /* Save decrypted kernel address */ | ||
2593 | |||
2594 | wbinvd /* Invalidate any cache entries */ | ||
2595 | |||
2596 | - /* Copy/encrypt 2MB at a time */ | ||
2597 | + /* Copy/encrypt up to 2MB at a time */ | ||
2598 | + movq $PMD_PAGE_SIZE, %r12 | ||
2599 | 1: | ||
2600 | - movq %r11, %rsi /* Source - decrypted kernel */ | ||
2601 | + cmpq %r12, %r9 | ||
2602 | + jnb 2f | ||
2603 | + movq %r9, %r12 | ||
2604 | + | ||
2605 | +2: | ||
2606 | + movq %r11, %rsi /* Source - decrypted area */ | ||
2607 | movq %r8, %rdi /* Dest - intermediate copy buffer */ | ||
2608 | - movq $PMD_PAGE_SIZE, %rcx /* 2MB length */ | ||
2609 | + movq %r12, %rcx | ||
2610 | rep movsb | ||
2611 | |||
2612 | movq %r8, %rsi /* Source - intermediate copy buffer */ | ||
2613 | - movq %r10, %rdi /* Dest - encrypted kernel */ | ||
2614 | - movq $PMD_PAGE_SIZE, %rcx /* 2MB length */ | ||
2615 | + movq %r10, %rdi /* Dest - encrypted area */ | ||
2616 | + movq %r12, %rcx | ||
2617 | rep movsb | ||
2618 | |||
2619 | - addq $PMD_PAGE_SIZE, %r11 | ||
2620 | - addq $PMD_PAGE_SIZE, %r10 | ||
2621 | - subq $PMD_PAGE_SIZE, %r9 /* Kernel length decrement */ | ||
2622 | + addq %r12, %r11 | ||
2623 | + addq %r12, %r10 | ||
2624 | + subq %r12, %r9 /* Kernel length decrement */ | ||
2625 | jnz 1b /* Kernel length not zero? */ | ||
2626 | |||
2627 | /* Restore PAT register */ | ||
2628 | - push %rdx /* Save original PAT value */ | ||
2629 | movl $MSR_IA32_CR_PAT, %ecx | ||
2630 | rdmsr | ||
2631 | - pop %rdx /* Restore original PAT value */ | ||
2632 | + mov %r15, %rdx /* Restore original PAT value */ | ||
2633 | wrmsr | ||
2634 | |||
2635 | + pop %r12 | ||
2636 | + pop %r15 | ||
2637 | + | ||
2638 | ret | ||
2639 | .L__enc_copy_end: | ||
2640 | ENDPROC(__enc_copy) | ||
2641 | diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c | ||
2642 | index ee4c1ec9dca0..e7ded346d94b 100644 | ||
2643 | --- a/drivers/ata/libata-core.c | ||
2644 | +++ b/drivers/ata/libata-core.c | ||
2645 | @@ -4439,6 +4439,7 @@ static const struct ata_blacklist_entry ata_device_blacklist [] = { | ||
2646 | * https://bugzilla.kernel.org/show_bug.cgi?id=121671 | ||
2647 | */ | ||
2648 | { "LITEON CX1-JB*-HP", NULL, ATA_HORKAGE_MAX_SEC_1024 }, | ||
2649 | + { "LITEON EP1-*", NULL, ATA_HORKAGE_MAX_SEC_1024 }, | ||
2650 | |||
2651 | /* Devices we expect to fail diagnostics */ | ||
2652 | |||
2653 | diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c | ||
2654 | index a2978a37b4f3..700fc754f28a 100644 | ||
2655 | --- a/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c | ||
2656 | +++ b/drivers/gpu/drm/nouveau/nvkm/engine/disp/sorgf119.c | ||
2657 | @@ -174,6 +174,7 @@ gf119_sor = { | ||
2658 | .links = gf119_sor_dp_links, | ||
2659 | .power = g94_sor_dp_power, | ||
2660 | .pattern = gf119_sor_dp_pattern, | ||
2661 | + .drive = gf119_sor_dp_drive, | ||
2662 | .vcpi = gf119_sor_dp_vcpi, | ||
2663 | .audio = gf119_sor_dp_audio, | ||
2664 | .audio_sym = gf119_sor_dp_audio_sym, | ||
2665 | diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c | ||
2666 | index b8a09807c5de..3824595fece1 100644 | ||
2667 | --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c | ||
2668 | +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c | ||
2669 | @@ -266,8 +266,8 @@ static const struct drm_connector_funcs vmw_legacy_connector_funcs = { | ||
2670 | .set_property = vmw_du_connector_set_property, | ||
2671 | .destroy = vmw_ldu_connector_destroy, | ||
2672 | .reset = vmw_du_connector_reset, | ||
2673 | - .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state, | ||
2674 | - .atomic_destroy_state = drm_atomic_helper_connector_destroy_state, | ||
2675 | + .atomic_duplicate_state = vmw_du_connector_duplicate_state, | ||
2676 | + .atomic_destroy_state = vmw_du_connector_destroy_state, | ||
2677 | .atomic_set_property = vmw_du_connector_atomic_set_property, | ||
2678 | .atomic_get_property = vmw_du_connector_atomic_get_property, | ||
2679 | }; | ||
2680 | diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | ||
2681 | index d1552d3e0652..7ae38a67388c 100644 | ||
2682 | --- a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | ||
2683 | +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | ||
2684 | @@ -420,8 +420,8 @@ static const struct drm_connector_funcs vmw_sou_connector_funcs = { | ||
2685 | .set_property = vmw_du_connector_set_property, | ||
2686 | .destroy = vmw_sou_connector_destroy, | ||
2687 | .reset = vmw_du_connector_reset, | ||
2688 | - .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state, | ||
2689 | - .atomic_destroy_state = drm_atomic_helper_connector_destroy_state, | ||
2690 | + .atomic_duplicate_state = vmw_du_connector_duplicate_state, | ||
2691 | + .atomic_destroy_state = vmw_du_connector_destroy_state, | ||
2692 | .atomic_set_property = vmw_du_connector_atomic_set_property, | ||
2693 | .atomic_get_property = vmw_du_connector_atomic_get_property, | ||
2694 | }; | ||
2695 | diff --git a/drivers/i2c/i2c-core-smbus.c b/drivers/i2c/i2c-core-smbus.c | ||
2696 | index 10f00a82ec9d..e54a9b835b62 100644 | ||
2697 | --- a/drivers/i2c/i2c-core-smbus.c | ||
2698 | +++ b/drivers/i2c/i2c-core-smbus.c | ||
2699 | @@ -396,16 +396,17 @@ static s32 i2c_smbus_xfer_emulated(struct i2c_adapter *adapter, u16 addr, | ||
2700 | the underlying bus driver */ | ||
2701 | break; | ||
2702 | case I2C_SMBUS_I2C_BLOCK_DATA: | ||
2703 | + if (data->block[0] > I2C_SMBUS_BLOCK_MAX) { | ||
2704 | + dev_err(&adapter->dev, "Invalid block %s size %d\n", | ||
2705 | + read_write == I2C_SMBUS_READ ? "read" : "write", | ||
2706 | + data->block[0]); | ||
2707 | + return -EINVAL; | ||
2708 | + } | ||
2709 | + | ||
2710 | if (read_write == I2C_SMBUS_READ) { | ||
2711 | msg[1].len = data->block[0]; | ||
2712 | } else { | ||
2713 | msg[0].len = data->block[0] + 1; | ||
2714 | - if (msg[0].len > I2C_SMBUS_BLOCK_MAX + 1) { | ||
2715 | - dev_err(&adapter->dev, | ||
2716 | - "Invalid block write size %d\n", | ||
2717 | - data->block[0]); | ||
2718 | - return -EINVAL; | ||
2719 | - } | ||
2720 | for (i = 1; i <= data->block[0]; i++) | ||
2721 | msgbuf0[i] = data->block[i]; | ||
2722 | } | ||
2723 | diff --git a/drivers/infiniband/hw/hfi1/file_ops.c b/drivers/infiniband/hw/hfi1/file_ops.c | ||
2724 | index d9a1e9893136..fd28f09b4445 100644 | ||
2725 | --- a/drivers/infiniband/hw/hfi1/file_ops.c | ||
2726 | +++ b/drivers/infiniband/hw/hfi1/file_ops.c | ||
2727 | @@ -881,11 +881,11 @@ static int complete_subctxt(struct hfi1_filedata *fd) | ||
2728 | } | ||
2729 | |||
2730 | if (ret) { | ||
2731 | - hfi1_rcd_put(fd->uctxt); | ||
2732 | - fd->uctxt = NULL; | ||
2733 | spin_lock_irqsave(&fd->dd->uctxt_lock, flags); | ||
2734 | __clear_bit(fd->subctxt, fd->uctxt->in_use_ctxts); | ||
2735 | spin_unlock_irqrestore(&fd->dd->uctxt_lock, flags); | ||
2736 | + hfi1_rcd_put(fd->uctxt); | ||
2737 | + fd->uctxt = NULL; | ||
2738 | } | ||
2739 | |||
2740 | return ret; | ||
2741 | diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c | ||
2742 | index acb79d3a4f1d..756ece6118c0 100644 | ||
2743 | --- a/drivers/infiniband/hw/mlx5/qp.c | ||
2744 | +++ b/drivers/infiniband/hw/mlx5/qp.c | ||
2745 | @@ -4303,12 +4303,11 @@ static void to_rdma_ah_attr(struct mlx5_ib_dev *ibdev, | ||
2746 | |||
2747 | memset(ah_attr, 0, sizeof(*ah_attr)); | ||
2748 | |||
2749 | - ah_attr->type = rdma_ah_find_type(&ibdev->ib_dev, path->port); | ||
2750 | - rdma_ah_set_port_num(ah_attr, path->port); | ||
2751 | - if (rdma_ah_get_port_num(ah_attr) == 0 || | ||
2752 | - rdma_ah_get_port_num(ah_attr) > MLX5_CAP_GEN(dev, num_ports)) | ||
2753 | + if (!path->port || path->port > MLX5_CAP_GEN(dev, num_ports)) | ||
2754 | return; | ||
2755 | |||
2756 | + ah_attr->type = rdma_ah_find_type(&ibdev->ib_dev, path->port); | ||
2757 | + | ||
2758 | rdma_ah_set_port_num(ah_attr, path->port); | ||
2759 | rdma_ah_set_sl(ah_attr, path->dci_cfi_prio_sl & 0xf); | ||
2760 | |||
2761 | diff --git a/drivers/infiniband/ulp/isert/ib_isert.c b/drivers/infiniband/ulp/isert/ib_isert.c | ||
2762 | index ceabdb85df8b..9d4785ba24cb 100644 | ||
2763 | --- a/drivers/infiniband/ulp/isert/ib_isert.c | ||
2764 | +++ b/drivers/infiniband/ulp/isert/ib_isert.c | ||
2765 | @@ -741,6 +741,7 @@ isert_connect_error(struct rdma_cm_id *cma_id) | ||
2766 | { | ||
2767 | struct isert_conn *isert_conn = cma_id->qp->qp_context; | ||
2768 | |||
2769 | + ib_drain_qp(isert_conn->qp); | ||
2770 | list_del_init(&isert_conn->node); | ||
2771 | isert_conn->cm_id = NULL; | ||
2772 | isert_put_conn(isert_conn); | ||
2773 | diff --git a/drivers/input/misc/twl4030-vibra.c b/drivers/input/misc/twl4030-vibra.c | ||
2774 | index 6c51d404874b..c37aea9ac272 100644 | ||
2775 | --- a/drivers/input/misc/twl4030-vibra.c | ||
2776 | +++ b/drivers/input/misc/twl4030-vibra.c | ||
2777 | @@ -178,12 +178,14 @@ static SIMPLE_DEV_PM_OPS(twl4030_vibra_pm_ops, | ||
2778 | twl4030_vibra_suspend, twl4030_vibra_resume); | ||
2779 | |||
2780 | static bool twl4030_vibra_check_coexist(struct twl4030_vibra_data *pdata, | ||
2781 | - struct device_node *node) | ||
2782 | + struct device_node *parent) | ||
2783 | { | ||
2784 | + struct device_node *node; | ||
2785 | + | ||
2786 | if (pdata && pdata->coexist) | ||
2787 | return true; | ||
2788 | |||
2789 | - node = of_find_node_by_name(node, "codec"); | ||
2790 | + node = of_get_child_by_name(parent, "codec"); | ||
2791 | if (node) { | ||
2792 | of_node_put(node); | ||
2793 | return true; | ||
2794 | diff --git a/drivers/input/misc/twl6040-vibra.c b/drivers/input/misc/twl6040-vibra.c | ||
2795 | index 5690eb7ff954..15e0d352c4cc 100644 | ||
2796 | --- a/drivers/input/misc/twl6040-vibra.c | ||
2797 | +++ b/drivers/input/misc/twl6040-vibra.c | ||
2798 | @@ -248,8 +248,7 @@ static int twl6040_vibra_probe(struct platform_device *pdev) | ||
2799 | int vddvibr_uV = 0; | ||
2800 | int error; | ||
2801 | |||
2802 | - of_node_get(twl6040_core_dev->of_node); | ||
2803 | - twl6040_core_node = of_find_node_by_name(twl6040_core_dev->of_node, | ||
2804 | + twl6040_core_node = of_get_child_by_name(twl6040_core_dev->of_node, | ||
2805 | "vibra"); | ||
2806 | if (!twl6040_core_node) { | ||
2807 | dev_err(&pdev->dev, "parent of node is missing?\n"); | ||
2808 | diff --git a/drivers/input/mouse/alps.c b/drivers/input/mouse/alps.c | ||
2809 | index 850b00e3ad8e..3d9c294e84db 100644 | ||
2810 | --- a/drivers/input/mouse/alps.c | ||
2811 | +++ b/drivers/input/mouse/alps.c | ||
2812 | @@ -1250,29 +1250,32 @@ static int alps_decode_ss4_v2(struct alps_fields *f, | ||
2813 | case SS4_PACKET_ID_MULTI: | ||
2814 | if (priv->flags & ALPS_BUTTONPAD) { | ||
2815 | if (IS_SS4PLUS_DEV(priv->dev_id)) { | ||
2816 | - f->mt[0].x = SS4_PLUS_BTL_MF_X_V2(p, 0); | ||
2817 | - f->mt[1].x = SS4_PLUS_BTL_MF_X_V2(p, 1); | ||
2818 | + f->mt[2].x = SS4_PLUS_BTL_MF_X_V2(p, 0); | ||
2819 | + f->mt[3].x = SS4_PLUS_BTL_MF_X_V2(p, 1); | ||
2820 | + no_data_x = SS4_PLUS_MFPACKET_NO_AX_BL; | ||
2821 | } else { | ||
2822 | f->mt[2].x = SS4_BTL_MF_X_V2(p, 0); | ||
2823 | f->mt[3].x = SS4_BTL_MF_X_V2(p, 1); | ||
2824 | + no_data_x = SS4_MFPACKET_NO_AX_BL; | ||
2825 | } | ||
2826 | + no_data_y = SS4_MFPACKET_NO_AY_BL; | ||
2827 | |||
2828 | f->mt[2].y = SS4_BTL_MF_Y_V2(p, 0); | ||
2829 | f->mt[3].y = SS4_BTL_MF_Y_V2(p, 1); | ||
2830 | - no_data_x = SS4_MFPACKET_NO_AX_BL; | ||
2831 | - no_data_y = SS4_MFPACKET_NO_AY_BL; | ||
2832 | } else { | ||
2833 | if (IS_SS4PLUS_DEV(priv->dev_id)) { | ||
2834 | - f->mt[0].x = SS4_PLUS_STD_MF_X_V2(p, 0); | ||
2835 | - f->mt[1].x = SS4_PLUS_STD_MF_X_V2(p, 1); | ||
2836 | + f->mt[2].x = SS4_PLUS_STD_MF_X_V2(p, 0); | ||
2837 | + f->mt[3].x = SS4_PLUS_STD_MF_X_V2(p, 1); | ||
2838 | + no_data_x = SS4_PLUS_MFPACKET_NO_AX; | ||
2839 | } else { | ||
2840 | - f->mt[0].x = SS4_STD_MF_X_V2(p, 0); | ||
2841 | - f->mt[1].x = SS4_STD_MF_X_V2(p, 1); | ||
2842 | + f->mt[2].x = SS4_STD_MF_X_V2(p, 0); | ||
2843 | + f->mt[3].x = SS4_STD_MF_X_V2(p, 1); | ||
2844 | + no_data_x = SS4_MFPACKET_NO_AX; | ||
2845 | } | ||
2846 | + no_data_y = SS4_MFPACKET_NO_AY; | ||
2847 | + | ||
2848 | f->mt[2].y = SS4_STD_MF_Y_V2(p, 0); | ||
2849 | f->mt[3].y = SS4_STD_MF_Y_V2(p, 1); | ||
2850 | - no_data_x = SS4_MFPACKET_NO_AX; | ||
2851 | - no_data_y = SS4_MFPACKET_NO_AY; | ||
2852 | } | ||
2853 | |||
2854 | f->first_mp = 0; | ||
2855 | diff --git a/drivers/input/mouse/alps.h b/drivers/input/mouse/alps.h | ||
2856 | index c80a7c76cb76..79b6d69d1486 100644 | ||
2857 | --- a/drivers/input/mouse/alps.h | ||
2858 | +++ b/drivers/input/mouse/alps.h | ||
2859 | @@ -141,10 +141,12 @@ enum SS4_PACKET_ID { | ||
2860 | #define SS4_TS_Z_V2(_b) (s8)(_b[4] & 0x7F) | ||
2861 | |||
2862 | |||
2863 | -#define SS4_MFPACKET_NO_AX 8160 /* X-Coordinate value */ | ||
2864 | -#define SS4_MFPACKET_NO_AY 4080 /* Y-Coordinate value */ | ||
2865 | -#define SS4_MFPACKET_NO_AX_BL 8176 /* Buttonless X-Coordinate value */ | ||
2866 | -#define SS4_MFPACKET_NO_AY_BL 4088 /* Buttonless Y-Coordinate value */ | ||
2867 | +#define SS4_MFPACKET_NO_AX 8160 /* X-Coordinate value */ | ||
2868 | +#define SS4_MFPACKET_NO_AY 4080 /* Y-Coordinate value */ | ||
2869 | +#define SS4_MFPACKET_NO_AX_BL 8176 /* Buttonless X-Coord value */ | ||
2870 | +#define SS4_MFPACKET_NO_AY_BL 4088 /* Buttonless Y-Coord value */ | ||
2871 | +#define SS4_PLUS_MFPACKET_NO_AX 4080 /* SS4 PLUS, X */ | ||
2872 | +#define SS4_PLUS_MFPACKET_NO_AX_BL 4088 /* Buttonless SS4 PLUS, X */ | ||
2873 | |||
2874 | /* | ||
2875 | * enum V7_PACKET_ID - defines the packet type for V7 | ||
2876 | diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c | ||
2877 | index 4f2bb5947a4e..141ea228aac6 100644 | ||
2878 | --- a/drivers/input/rmi4/rmi_driver.c | ||
2879 | +++ b/drivers/input/rmi4/rmi_driver.c | ||
2880 | @@ -230,8 +230,10 @@ static irqreturn_t rmi_irq_fn(int irq, void *dev_id) | ||
2881 | rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, | ||
2882 | "Failed to process interrupt request: %d\n", ret); | ||
2883 | |||
2884 | - if (count) | ||
2885 | + if (count) { | ||
2886 | kfree(attn_data.data); | ||
2887 | + attn_data.data = NULL; | ||
2888 | + } | ||
2889 | |||
2890 | if (!kfifo_is_empty(&drvdata->attn_fifo)) | ||
2891 | return rmi_irq_fn(irq, dev_id); | ||
2892 | diff --git a/drivers/input/touchscreen/88pm860x-ts.c b/drivers/input/touchscreen/88pm860x-ts.c | ||
2893 | index 7ed828a51f4c..3486d9403805 100644 | ||
2894 | --- a/drivers/input/touchscreen/88pm860x-ts.c | ||
2895 | +++ b/drivers/input/touchscreen/88pm860x-ts.c | ||
2896 | @@ -126,7 +126,7 @@ static int pm860x_touch_dt_init(struct platform_device *pdev, | ||
2897 | int data, n, ret; | ||
2898 | if (!np) | ||
2899 | return -ENODEV; | ||
2900 | - np = of_find_node_by_name(np, "touch"); | ||
2901 | + np = of_get_child_by_name(np, "touch"); | ||
2902 | if (!np) { | ||
2903 | dev_err(&pdev->dev, "Can't find touch node\n"); | ||
2904 | return -EINVAL; | ||
2905 | @@ -144,13 +144,13 @@ static int pm860x_touch_dt_init(struct platform_device *pdev, | ||
2906 | if (data) { | ||
2907 | ret = pm860x_reg_write(i2c, PM8607_GPADC_MISC1, data); | ||
2908 | if (ret < 0) | ||
2909 | - return -EINVAL; | ||
2910 | + goto err_put_node; | ||
2911 | } | ||
2912 | /* set tsi prebias time */ | ||
2913 | if (!of_property_read_u32(np, "marvell,88pm860x-tsi-prebias", &data)) { | ||
2914 | ret = pm860x_reg_write(i2c, PM8607_TSI_PREBIAS, data); | ||
2915 | if (ret < 0) | ||
2916 | - return -EINVAL; | ||
2917 | + goto err_put_node; | ||
2918 | } | ||
2919 | /* set prebias & prechg time of pen detect */ | ||
2920 | data = 0; | ||
2921 | @@ -161,10 +161,18 @@ static int pm860x_touch_dt_init(struct platform_device *pdev, | ||
2922 | if (data) { | ||
2923 | ret = pm860x_reg_write(i2c, PM8607_PD_PREBIAS, data); | ||
2924 | if (ret < 0) | ||
2925 | - return -EINVAL; | ||
2926 | + goto err_put_node; | ||
2927 | } | ||
2928 | of_property_read_u32(np, "marvell,88pm860x-resistor-X", res_x); | ||
2929 | + | ||
2930 | + of_node_put(np); | ||
2931 | + | ||
2932 | return 0; | ||
2933 | + | ||
2934 | +err_put_node: | ||
2935 | + of_node_put(np); | ||
2936 | + | ||
2937 | + return -EINVAL; | ||
2938 | } | ||
2939 | #else | ||
2940 | #define pm860x_touch_dt_init(x, y, z) (-1) | ||
2941 | diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c | ||
2942 | index 9fc12f556534..554d60394c06 100644 | ||
2943 | --- a/drivers/md/dm-crypt.c | ||
2944 | +++ b/drivers/md/dm-crypt.c | ||
2945 | @@ -1954,10 +1954,15 @@ static int crypt_setkey(struct crypt_config *cc) | ||
2946 | /* Ignore extra keys (which are used for IV etc) */ | ||
2947 | subkey_size = crypt_subkey_size(cc); | ||
2948 | |||
2949 | - if (crypt_integrity_hmac(cc)) | ||
2950 | + if (crypt_integrity_hmac(cc)) { | ||
2951 | + if (subkey_size < cc->key_mac_size) | ||
2952 | + return -EINVAL; | ||
2953 | + | ||
2954 | crypt_copy_authenckey(cc->authenc_key, cc->key, | ||
2955 | subkey_size - cc->key_mac_size, | ||
2956 | cc->key_mac_size); | ||
2957 | + } | ||
2958 | + | ||
2959 | for (i = 0; i < cc->tfms_count; i++) { | ||
2960 | if (crypt_integrity_hmac(cc)) | ||
2961 | r = crypto_aead_setkey(cc->cipher_tfm.tfms_aead[i], | ||
2962 | @@ -2053,9 +2058,6 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string | ||
2963 | |||
2964 | ret = crypt_setkey(cc); | ||
2965 | |||
2966 | - /* wipe the kernel key payload copy in each case */ | ||
2967 | - memset(cc->key, 0, cc->key_size * sizeof(u8)); | ||
2968 | - | ||
2969 | if (!ret) { | ||
2970 | set_bit(DM_CRYPT_KEY_VALID, &cc->flags); | ||
2971 | kzfree(cc->key_string); | ||
2972 | @@ -2523,6 +2525,10 @@ static int crypt_ctr_cipher(struct dm_target *ti, char *cipher_in, char *key) | ||
2973 | } | ||
2974 | } | ||
2975 | |||
2976 | + /* wipe the kernel key payload copy */ | ||
2977 | + if (cc->key_string) | ||
2978 | + memset(cc->key, 0, cc->key_size * sizeof(u8)); | ||
2979 | + | ||
2980 | return ret; | ||
2981 | } | ||
2982 | |||
2983 | @@ -2740,6 +2746,7 @@ static int crypt_ctr(struct dm_target *ti, unsigned int argc, char **argv) | ||
2984 | cc->tag_pool_max_sectors * cc->on_disk_tag_size); | ||
2985 | if (!cc->tag_pool) { | ||
2986 | ti->error = "Cannot allocate integrity tags mempool"; | ||
2987 | + ret = -ENOMEM; | ||
2988 | goto bad; | ||
2989 | } | ||
2990 | |||
2991 | @@ -2961,6 +2968,9 @@ static int crypt_message(struct dm_target *ti, unsigned argc, char **argv) | ||
2992 | return ret; | ||
2993 | if (cc->iv_gen_ops && cc->iv_gen_ops->init) | ||
2994 | ret = cc->iv_gen_ops->init(cc); | ||
2995 | + /* wipe the kernel key payload copy */ | ||
2996 | + if (cc->key_string) | ||
2997 | + memset(cc->key, 0, cc->key_size * sizeof(u8)); | ||
2998 | return ret; | ||
2999 | } | ||
3000 | if (argc == 2 && !strcasecmp(argv[1], "wipe")) { | ||
3001 | @@ -3007,7 +3017,7 @@ static void crypt_io_hints(struct dm_target *ti, struct queue_limits *limits) | ||
3002 | |||
3003 | static struct target_type crypt_target = { | ||
3004 | .name = "crypt", | ||
3005 | - .version = {1, 18, 0}, | ||
3006 | + .version = {1, 18, 1}, | ||
3007 | .module = THIS_MODULE, | ||
3008 | .ctr = crypt_ctr, | ||
3009 | .dtr = crypt_dtr, | ||
3010 | diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c | ||
3011 | index 5e6737a44468..3cc2052f972c 100644 | ||
3012 | --- a/drivers/md/dm-integrity.c | ||
3013 | +++ b/drivers/md/dm-integrity.c | ||
3014 | @@ -2558,7 +2558,8 @@ static int create_journal(struct dm_integrity_c *ic, char **error) | ||
3015 | int r = 0; | ||
3016 | unsigned i; | ||
3017 | __u64 journal_pages, journal_desc_size, journal_tree_size; | ||
3018 | - unsigned char *crypt_data = NULL; | ||
3019 | + unsigned char *crypt_data = NULL, *crypt_iv = NULL; | ||
3020 | + struct skcipher_request *req = NULL; | ||
3021 | |||
3022 | ic->commit_ids[0] = cpu_to_le64(0x1111111111111111ULL); | ||
3023 | ic->commit_ids[1] = cpu_to_le64(0x2222222222222222ULL); | ||
3024 | @@ -2616,9 +2617,20 @@ static int create_journal(struct dm_integrity_c *ic, char **error) | ||
3025 | |||
3026 | if (blocksize == 1) { | ||
3027 | struct scatterlist *sg; | ||
3028 | - SKCIPHER_REQUEST_ON_STACK(req, ic->journal_crypt); | ||
3029 | - unsigned char iv[ivsize]; | ||
3030 | - skcipher_request_set_tfm(req, ic->journal_crypt); | ||
3031 | + | ||
3032 | + req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); | ||
3033 | + if (!req) { | ||
3034 | + *error = "Could not allocate crypt request"; | ||
3035 | + r = -ENOMEM; | ||
3036 | + goto bad; | ||
3037 | + } | ||
3038 | + | ||
3039 | + crypt_iv = kmalloc(ivsize, GFP_KERNEL); | ||
3040 | + if (!crypt_iv) { | ||
3041 | + *error = "Could not allocate iv"; | ||
3042 | + r = -ENOMEM; | ||
3043 | + goto bad; | ||
3044 | + } | ||
3045 | |||
3046 | ic->journal_xor = dm_integrity_alloc_page_list(ic); | ||
3047 | if (!ic->journal_xor) { | ||
3048 | @@ -2640,9 +2652,9 @@ static int create_journal(struct dm_integrity_c *ic, char **error) | ||
3049 | sg_set_buf(&sg[i], va, PAGE_SIZE); | ||
3050 | } | ||
3051 | sg_set_buf(&sg[i], &ic->commit_ids, sizeof ic->commit_ids); | ||
3052 | - memset(iv, 0x00, ivsize); | ||
3053 | + memset(crypt_iv, 0x00, ivsize); | ||
3054 | |||
3055 | - skcipher_request_set_crypt(req, sg, sg, PAGE_SIZE * ic->journal_pages + sizeof ic->commit_ids, iv); | ||
3056 | + skcipher_request_set_crypt(req, sg, sg, PAGE_SIZE * ic->journal_pages + sizeof ic->commit_ids, crypt_iv); | ||
3057 | init_completion(&comp.comp); | ||
3058 | comp.in_flight = (atomic_t)ATOMIC_INIT(1); | ||
3059 | if (do_crypt(true, req, &comp)) | ||
3060 | @@ -2658,10 +2670,22 @@ static int create_journal(struct dm_integrity_c *ic, char **error) | ||
3061 | crypto_free_skcipher(ic->journal_crypt); | ||
3062 | ic->journal_crypt = NULL; | ||
3063 | } else { | ||
3064 | - SKCIPHER_REQUEST_ON_STACK(req, ic->journal_crypt); | ||
3065 | - unsigned char iv[ivsize]; | ||
3066 | unsigned crypt_len = roundup(ivsize, blocksize); | ||
3067 | |||
3068 | + req = skcipher_request_alloc(ic->journal_crypt, GFP_KERNEL); | ||
3069 | + if (!req) { | ||
3070 | + *error = "Could not allocate crypt request"; | ||
3071 | + r = -ENOMEM; | ||
3072 | + goto bad; | ||
3073 | + } | ||
3074 | + | ||
3075 | + crypt_iv = kmalloc(ivsize, GFP_KERNEL); | ||
3076 | + if (!crypt_iv) { | ||
3077 | + *error = "Could not allocate iv"; | ||
3078 | + r = -ENOMEM; | ||
3079 | + goto bad; | ||
3080 | + } | ||
3081 | + | ||
3082 | crypt_data = kmalloc(crypt_len, GFP_KERNEL); | ||
3083 | if (!crypt_data) { | ||
3084 | *error = "Unable to allocate crypt data"; | ||
3085 | @@ -2669,8 +2693,6 @@ static int create_journal(struct dm_integrity_c *ic, char **error) | ||
3086 | goto bad; | ||
3087 | } | ||
3088 | |||
3089 | - skcipher_request_set_tfm(req, ic->journal_crypt); | ||
3090 | - | ||
3091 | ic->journal_scatterlist = dm_integrity_alloc_journal_scatterlist(ic, ic->journal); | ||
3092 | if (!ic->journal_scatterlist) { | ||
3093 | *error = "Unable to allocate sg list"; | ||
3094 | @@ -2694,12 +2716,12 @@ static int create_journal(struct dm_integrity_c *ic, char **error) | ||
3095 | struct skcipher_request *section_req; | ||
3096 | __u32 section_le = cpu_to_le32(i); | ||
3097 | |||
3098 | - memset(iv, 0x00, ivsize); | ||
3099 | + memset(crypt_iv, 0x00, ivsize); | ||
3100 | memset(crypt_data, 0x00, crypt_len); | ||
3101 | memcpy(crypt_data, §ion_le, min((size_t)crypt_len, sizeof(section_le))); | ||
3102 | |||
3103 | sg_init_one(&sg, crypt_data, crypt_len); | ||
3104 | - skcipher_request_set_crypt(req, &sg, &sg, crypt_len, iv); | ||
3105 | + skcipher_request_set_crypt(req, &sg, &sg, crypt_len, crypt_iv); | ||
3106 | init_completion(&comp.comp); | ||
3107 | comp.in_flight = (atomic_t)ATOMIC_INIT(1); | ||
3108 | if (do_crypt(true, req, &comp)) | ||
3109 | @@ -2757,6 +2779,9 @@ static int create_journal(struct dm_integrity_c *ic, char **error) | ||
3110 | } | ||
3111 | bad: | ||
3112 | kfree(crypt_data); | ||
3113 | + kfree(crypt_iv); | ||
3114 | + skcipher_request_free(req); | ||
3115 | + | ||
3116 | return r; | ||
3117 | } | ||
3118 | |||
3119 | diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c | ||
3120 | index d31d18d9727c..36ef284ad086 100644 | ||
3121 | --- a/drivers/md/dm-thin-metadata.c | ||
3122 | +++ b/drivers/md/dm-thin-metadata.c | ||
3123 | @@ -80,10 +80,14 @@ | ||
3124 | #define SECTOR_TO_BLOCK_SHIFT 3 | ||
3125 | |||
3126 | /* | ||
3127 | + * For btree insert: | ||
3128 | * 3 for btree insert + | ||
3129 | * 2 for btree lookup used within space map | ||
3130 | + * For btree remove: | ||
3131 | + * 2 for shadow spine + | ||
3132 | + * 4 for rebalance 3 child node | ||
3133 | */ | ||
3134 | -#define THIN_MAX_CONCURRENT_LOCKS 5 | ||
3135 | +#define THIN_MAX_CONCURRENT_LOCKS 6 | ||
3136 | |||
3137 | /* This should be plenty */ | ||
3138 | #define SPACE_MAP_ROOT_SIZE 128 | ||
3139 | diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c | ||
3140 | index f21ce6a3d4cf..58b319757b1e 100644 | ||
3141 | --- a/drivers/md/persistent-data/dm-btree.c | ||
3142 | +++ b/drivers/md/persistent-data/dm-btree.c | ||
3143 | @@ -683,23 +683,8 @@ static int btree_split_beneath(struct shadow_spine *s, uint64_t key) | ||
3144 | pn->keys[1] = rn->keys[0]; | ||
3145 | memcpy_disk(value_ptr(pn, 1), &val, sizeof(__le64)); | ||
3146 | |||
3147 | - /* | ||
3148 | - * rejig the spine. This is ugly, since it knows too | ||
3149 | - * much about the spine | ||
3150 | - */ | ||
3151 | - if (s->nodes[0] != new_parent) { | ||
3152 | - unlock_block(s->info, s->nodes[0]); | ||
3153 | - s->nodes[0] = new_parent; | ||
3154 | - } | ||
3155 | - if (key < le64_to_cpu(rn->keys[0])) { | ||
3156 | - unlock_block(s->info, right); | ||
3157 | - s->nodes[1] = left; | ||
3158 | - } else { | ||
3159 | - unlock_block(s->info, left); | ||
3160 | - s->nodes[1] = right; | ||
3161 | - } | ||
3162 | - s->count = 2; | ||
3163 | - | ||
3164 | + unlock_block(s->info, left); | ||
3165 | + unlock_block(s->info, right); | ||
3166 | return 0; | ||
3167 | } | ||
3168 | |||
3169 | diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c | ||
3170 | index 85140c9af581..8b941f814472 100644 | ||
3171 | --- a/drivers/mmc/host/sdhci-esdhc-imx.c | ||
3172 | +++ b/drivers/mmc/host/sdhci-esdhc-imx.c | ||
3173 | @@ -687,6 +687,20 @@ static inline void esdhc_pltfm_set_clock(struct sdhci_host *host, | ||
3174 | return; | ||
3175 | } | ||
3176 | |||
3177 | + /* For i.MX53 eSDHCv3, SYSCTL.SDCLKFS may not be set to 0. */ | ||
3178 | + if (is_imx53_esdhc(imx_data)) { | ||
3179 | + /* | ||
3180 | + * According to the i.MX53 reference manual, if DLLCTRL[10] can | ||
3181 | + * be set, then the controller is eSDHCv3, else it is eSDHCv2. | ||
3182 | + */ | ||
3183 | + val = readl(host->ioaddr + ESDHC_DLL_CTRL); | ||
3184 | + writel(val | BIT(10), host->ioaddr + ESDHC_DLL_CTRL); | ||
3185 | + temp = readl(host->ioaddr + ESDHC_DLL_CTRL); | ||
3186 | + writel(val, host->ioaddr + ESDHC_DLL_CTRL); | ||
3187 | + if (temp & BIT(10)) | ||
3188 | + pre_div = 2; | ||
3189 | + } | ||
3190 | + | ||
3191 | temp = sdhci_readl(host, ESDHC_SYSTEM_CONTROL); | ||
3192 | temp &= ~(ESDHC_CLOCK_IPGEN | ESDHC_CLOCK_HCKEN | ESDHC_CLOCK_PEREN | ||
3193 | | ESDHC_CLOCK_MASK); | ||
3194 | diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c | ||
3195 | index 7ccdc3e30c98..53d6bb045e9e 100644 | ||
3196 | --- a/drivers/net/can/usb/peak_usb/pcan_usb_fd.c | ||
3197 | +++ b/drivers/net/can/usb/peak_usb/pcan_usb_fd.c | ||
3198 | @@ -184,7 +184,7 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail) | ||
3199 | void *cmd_head = pcan_usb_fd_cmd_buffer(dev); | ||
3200 | int err = 0; | ||
3201 | u8 *packet_ptr; | ||
3202 | - int i, n = 1, packet_len; | ||
3203 | + int packet_len; | ||
3204 | ptrdiff_t cmd_len; | ||
3205 | |||
3206 | /* usb device unregistered? */ | ||
3207 | @@ -201,17 +201,13 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail) | ||
3208 | } | ||
3209 | |||
3210 | packet_ptr = cmd_head; | ||
3211 | + packet_len = cmd_len; | ||
3212 | |||
3213 | /* firmware is not able to re-assemble 512 bytes buffer in full-speed */ | ||
3214 | - if ((dev->udev->speed != USB_SPEED_HIGH) && | ||
3215 | - (cmd_len > PCAN_UFD_LOSPD_PKT_SIZE)) { | ||
3216 | - packet_len = PCAN_UFD_LOSPD_PKT_SIZE; | ||
3217 | - n += cmd_len / packet_len; | ||
3218 | - } else { | ||
3219 | - packet_len = cmd_len; | ||
3220 | - } | ||
3221 | + if (unlikely(dev->udev->speed != USB_SPEED_HIGH)) | ||
3222 | + packet_len = min(packet_len, PCAN_UFD_LOSPD_PKT_SIZE); | ||
3223 | |||
3224 | - for (i = 0; i < n; i++) { | ||
3225 | + do { | ||
3226 | err = usb_bulk_msg(dev->udev, | ||
3227 | usb_sndbulkpipe(dev->udev, | ||
3228 | PCAN_USBPRO_EP_CMDOUT), | ||
3229 | @@ -224,7 +220,12 @@ static int pcan_usb_fd_send_cmd(struct peak_usb_device *dev, void *cmd_tail) | ||
3230 | } | ||
3231 | |||
3232 | packet_ptr += packet_len; | ||
3233 | - } | ||
3234 | + cmd_len -= packet_len; | ||
3235 | + | ||
3236 | + if (cmd_len < PCAN_UFD_LOSPD_PKT_SIZE) | ||
3237 | + packet_len = cmd_len; | ||
3238 | + | ||
3239 | + } while (packet_len > 0); | ||
3240 | |||
3241 | return err; | ||
3242 | } | ||
3243 | diff --git a/drivers/net/ethernet/marvell/mvpp2.c b/drivers/net/ethernet/marvell/mvpp2.c | ||
3244 | index fcf9ba5eb8d1..d147dc7d0f77 100644 | ||
3245 | --- a/drivers/net/ethernet/marvell/mvpp2.c | ||
3246 | +++ b/drivers/net/ethernet/marvell/mvpp2.c | ||
3247 | @@ -4552,11 +4552,6 @@ static void mvpp2_port_mii_gmac_configure_mode(struct mvpp2_port *port) | ||
3248 | MVPP22_CTRL4_QSGMII_BYPASS_ACTIVE; | ||
3249 | val &= ~MVPP22_CTRL4_EXT_PIN_GMII_SEL; | ||
3250 | writel(val, port->base + MVPP22_GMAC_CTRL_4_REG); | ||
3251 | - | ||
3252 | - val = readl(port->base + MVPP2_GMAC_CTRL_2_REG); | ||
3253 | - val |= MVPP2_GMAC_DISABLE_PADDING; | ||
3254 | - val &= ~MVPP2_GMAC_FLOW_CTRL_MASK; | ||
3255 | - writel(val, port->base + MVPP2_GMAC_CTRL_2_REG); | ||
3256 | } else if (phy_interface_mode_is_rgmii(port->phy_interface)) { | ||
3257 | val = readl(port->base + MVPP22_GMAC_CTRL_4_REG); | ||
3258 | val |= MVPP22_CTRL4_EXT_PIN_GMII_SEL | | ||
3259 | @@ -4564,10 +4559,6 @@ static void mvpp2_port_mii_gmac_configure_mode(struct mvpp2_port *port) | ||
3260 | MVPP22_CTRL4_QSGMII_BYPASS_ACTIVE; | ||
3261 | val &= ~MVPP22_CTRL4_DP_CLK_SEL; | ||
3262 | writel(val, port->base + MVPP22_GMAC_CTRL_4_REG); | ||
3263 | - | ||
3264 | - val = readl(port->base + MVPP2_GMAC_CTRL_2_REG); | ||
3265 | - val &= ~MVPP2_GMAC_DISABLE_PADDING; | ||
3266 | - writel(val, port->base + MVPP2_GMAC_CTRL_2_REG); | ||
3267 | } | ||
3268 | |||
3269 | /* The port is connected to a copper PHY */ | ||
3270 | diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c | ||
3271 | index a268f4d6f3e9..48a365e303e5 100644 | ||
3272 | --- a/drivers/phy/phy-core.c | ||
3273 | +++ b/drivers/phy/phy-core.c | ||
3274 | @@ -395,6 +395,10 @@ static struct phy *_of_phy_get(struct device_node *np, int index) | ||
3275 | if (ret) | ||
3276 | return ERR_PTR(-ENODEV); | ||
3277 | |||
3278 | + /* This phy type handled by the usb-phy subsystem for now */ | ||
3279 | + if (of_device_is_compatible(args.np, "usb-nop-xceiv")) | ||
3280 | + return ERR_PTR(-ENODEV); | ||
3281 | + | ||
3282 | mutex_lock(&phy_provider_mutex); | ||
3283 | phy_provider = of_phy_provider_lookup(args.np); | ||
3284 | if (IS_ERR(phy_provider) || !try_module_get(phy_provider->owner)) { | ||
3285 | diff --git a/drivers/scsi/libsas/sas_scsi_host.c b/drivers/scsi/libsas/sas_scsi_host.c | ||
3286 | index ea8ad06ff582..10b17da20176 100644 | ||
3287 | --- a/drivers/scsi/libsas/sas_scsi_host.c | ||
3288 | +++ b/drivers/scsi/libsas/sas_scsi_host.c | ||
3289 | @@ -486,15 +486,28 @@ static int sas_queue_reset(struct domain_device *dev, int reset_type, | ||
3290 | |||
3291 | int sas_eh_abort_handler(struct scsi_cmnd *cmd) | ||
3292 | { | ||
3293 | - int res; | ||
3294 | + int res = TMF_RESP_FUNC_FAILED; | ||
3295 | struct sas_task *task = TO_SAS_TASK(cmd); | ||
3296 | struct Scsi_Host *host = cmd->device->host; | ||
3297 | + struct domain_device *dev = cmd_to_domain_dev(cmd); | ||
3298 | struct sas_internal *i = to_sas_internal(host->transportt); | ||
3299 | + unsigned long flags; | ||
3300 | |||
3301 | if (!i->dft->lldd_abort_task) | ||
3302 | return FAILED; | ||
3303 | |||
3304 | - res = i->dft->lldd_abort_task(task); | ||
3305 | + spin_lock_irqsave(host->host_lock, flags); | ||
3306 | + /* We cannot do async aborts for SATA devices */ | ||
3307 | + if (dev_is_sata(dev) && !host->host_eh_scheduled) { | ||
3308 | + spin_unlock_irqrestore(host->host_lock, flags); | ||
3309 | + return FAILED; | ||
3310 | + } | ||
3311 | + spin_unlock_irqrestore(host->host_lock, flags); | ||
3312 | + | ||
3313 | + if (task) | ||
3314 | + res = i->dft->lldd_abort_task(task); | ||
3315 | + else | ||
3316 | + SAS_DPRINTK("no task to abort\n"); | ||
3317 | if (res == TMF_RESP_FUNC_SUCC || res == TMF_RESP_FUNC_COMPLETE) | ||
3318 | return SUCCESS; | ||
3319 | |||
3320 | diff --git a/fs/pipe.c b/fs/pipe.c | ||
3321 | index 3909c55ed389..f0f4ab36c444 100644 | ||
3322 | --- a/fs/pipe.c | ||
3323 | +++ b/fs/pipe.c | ||
3324 | @@ -1018,13 +1018,19 @@ const struct file_operations pipefifo_fops = { | ||
3325 | |||
3326 | /* | ||
3327 | * Currently we rely on the pipe array holding a power-of-2 number | ||
3328 | - * of pages. | ||
3329 | + * of pages. Returns 0 on error. | ||
3330 | */ | ||
3331 | static inline unsigned int round_pipe_size(unsigned int size) | ||
3332 | { | ||
3333 | unsigned long nr_pages; | ||
3334 | |||
3335 | + if (size < pipe_min_size) | ||
3336 | + size = pipe_min_size; | ||
3337 | + | ||
3338 | nr_pages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT; | ||
3339 | + if (nr_pages == 0) | ||
3340 | + return 0; | ||
3341 | + | ||
3342 | return roundup_pow_of_two(nr_pages) << PAGE_SHIFT; | ||
3343 | } | ||
3344 | |||
3345 | @@ -1040,6 +1046,8 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long arg) | ||
3346 | long ret = 0; | ||
3347 | |||
3348 | size = round_pipe_size(arg); | ||
3349 | + if (size == 0) | ||
3350 | + return -EINVAL; | ||
3351 | nr_pages = size >> PAGE_SHIFT; | ||
3352 | |||
3353 | if (!nr_pages) | ||
3354 | @@ -1123,13 +1131,18 @@ static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long arg) | ||
3355 | int pipe_proc_fn(struct ctl_table *table, int write, void __user *buf, | ||
3356 | size_t *lenp, loff_t *ppos) | ||
3357 | { | ||
3358 | + unsigned int rounded_pipe_max_size; | ||
3359 | int ret; | ||
3360 | |||
3361 | ret = proc_douintvec_minmax(table, write, buf, lenp, ppos); | ||
3362 | if (ret < 0 || !write) | ||
3363 | return ret; | ||
3364 | |||
3365 | - pipe_max_size = round_pipe_size(pipe_max_size); | ||
3366 | + rounded_pipe_max_size = round_pipe_size(pipe_max_size); | ||
3367 | + if (rounded_pipe_max_size == 0) | ||
3368 | + return -EINVAL; | ||
3369 | + | ||
3370 | + pipe_max_size = rounded_pipe_max_size; | ||
3371 | return ret; | ||
3372 | } | ||
3373 | |||
3374 | diff --git a/fs/proc/array.c b/fs/proc/array.c | ||
3375 | index 9390032a11e1..e6094a15ef30 100644 | ||
3376 | --- a/fs/proc/array.c | ||
3377 | +++ b/fs/proc/array.c | ||
3378 | @@ -424,8 +424,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, | ||
3379 | * safe because the task has stopped executing permanently. | ||
3380 | */ | ||
3381 | if (permitted && (task->flags & PF_DUMPCORE)) { | ||
3382 | - eip = KSTK_EIP(task); | ||
3383 | - esp = KSTK_ESP(task); | ||
3384 | + if (try_get_task_stack(task)) { | ||
3385 | + eip = KSTK_EIP(task); | ||
3386 | + esp = KSTK_ESP(task); | ||
3387 | + put_task_stack(task); | ||
3388 | + } | ||
3389 | } | ||
3390 | } | ||
3391 | |||
3392 | diff --git a/include/linux/delayacct.h b/include/linux/delayacct.h | ||
3393 | index 4178d2493547..5e335b6203f4 100644 | ||
3394 | --- a/include/linux/delayacct.h | ||
3395 | +++ b/include/linux/delayacct.h | ||
3396 | @@ -71,7 +71,7 @@ extern void delayacct_init(void); | ||
3397 | extern void __delayacct_tsk_init(struct task_struct *); | ||
3398 | extern void __delayacct_tsk_exit(struct task_struct *); | ||
3399 | extern void __delayacct_blkio_start(void); | ||
3400 | -extern void __delayacct_blkio_end(void); | ||
3401 | +extern void __delayacct_blkio_end(struct task_struct *); | ||
3402 | extern int __delayacct_add_tsk(struct taskstats *, struct task_struct *); | ||
3403 | extern __u64 __delayacct_blkio_ticks(struct task_struct *); | ||
3404 | extern void __delayacct_freepages_start(void); | ||
3405 | @@ -122,10 +122,10 @@ static inline void delayacct_blkio_start(void) | ||
3406 | __delayacct_blkio_start(); | ||
3407 | } | ||
3408 | |||
3409 | -static inline void delayacct_blkio_end(void) | ||
3410 | +static inline void delayacct_blkio_end(struct task_struct *p) | ||
3411 | { | ||
3412 | if (current->delays) | ||
3413 | - __delayacct_blkio_end(); | ||
3414 | + __delayacct_blkio_end(p); | ||
3415 | delayacct_clear_flag(DELAYACCT_PF_BLKIO); | ||
3416 | } | ||
3417 | |||
3418 | @@ -169,7 +169,7 @@ static inline void delayacct_tsk_free(struct task_struct *tsk) | ||
3419 | {} | ||
3420 | static inline void delayacct_blkio_start(void) | ||
3421 | {} | ||
3422 | -static inline void delayacct_blkio_end(void) | ||
3423 | +static inline void delayacct_blkio_end(struct task_struct *p) | ||
3424 | {} | ||
3425 | static inline int delayacct_add_tsk(struct taskstats *d, | ||
3426 | struct task_struct *tsk) | ||
3427 | diff --git a/include/linux/swapops.h b/include/linux/swapops.h | ||
3428 | index 9c5a2628d6ce..1d3877c39a00 100644 | ||
3429 | --- a/include/linux/swapops.h | ||
3430 | +++ b/include/linux/swapops.h | ||
3431 | @@ -124,6 +124,11 @@ static inline bool is_write_device_private_entry(swp_entry_t entry) | ||
3432 | return unlikely(swp_type(entry) == SWP_DEVICE_WRITE); | ||
3433 | } | ||
3434 | |||
3435 | +static inline unsigned long device_private_entry_to_pfn(swp_entry_t entry) | ||
3436 | +{ | ||
3437 | + return swp_offset(entry); | ||
3438 | +} | ||
3439 | + | ||
3440 | static inline struct page *device_private_entry_to_page(swp_entry_t entry) | ||
3441 | { | ||
3442 | return pfn_to_page(swp_offset(entry)); | ||
3443 | @@ -154,6 +159,11 @@ static inline bool is_write_device_private_entry(swp_entry_t entry) | ||
3444 | return false; | ||
3445 | } | ||
3446 | |||
3447 | +static inline unsigned long device_private_entry_to_pfn(swp_entry_t entry) | ||
3448 | +{ | ||
3449 | + return 0; | ||
3450 | +} | ||
3451 | + | ||
3452 | static inline struct page *device_private_entry_to_page(swp_entry_t entry) | ||
3453 | { | ||
3454 | return NULL; | ||
3455 | @@ -189,6 +199,11 @@ static inline int is_write_migration_entry(swp_entry_t entry) | ||
3456 | return unlikely(swp_type(entry) == SWP_MIGRATION_WRITE); | ||
3457 | } | ||
3458 | |||
3459 | +static inline unsigned long migration_entry_to_pfn(swp_entry_t entry) | ||
3460 | +{ | ||
3461 | + return swp_offset(entry); | ||
3462 | +} | ||
3463 | + | ||
3464 | static inline struct page *migration_entry_to_page(swp_entry_t entry) | ||
3465 | { | ||
3466 | struct page *p = pfn_to_page(swp_offset(entry)); | ||
3467 | @@ -218,6 +233,12 @@ static inline int is_migration_entry(swp_entry_t swp) | ||
3468 | { | ||
3469 | return 0; | ||
3470 | } | ||
3471 | + | ||
3472 | +static inline unsigned long migration_entry_to_pfn(swp_entry_t entry) | ||
3473 | +{ | ||
3474 | + return 0; | ||
3475 | +} | ||
3476 | + | ||
3477 | static inline struct page *migration_entry_to_page(swp_entry_t entry) | ||
3478 | { | ||
3479 | return NULL; | ||
3480 | diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h | ||
3481 | index bae807eb2933..853291714ae0 100644 | ||
3482 | --- a/include/linux/vermagic.h | ||
3483 | +++ b/include/linux/vermagic.h | ||
3484 | @@ -31,11 +31,17 @@ | ||
3485 | #else | ||
3486 | #define MODULE_RANDSTRUCT_PLUGIN | ||
3487 | #endif | ||
3488 | +#ifdef RETPOLINE | ||
3489 | +#define MODULE_VERMAGIC_RETPOLINE "retpoline " | ||
3490 | +#else | ||
3491 | +#define MODULE_VERMAGIC_RETPOLINE "" | ||
3492 | +#endif | ||
3493 | |||
3494 | #define VERMAGIC_STRING \ | ||
3495 | UTS_RELEASE " " \ | ||
3496 | MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \ | ||
3497 | MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \ | ||
3498 | MODULE_ARCH_VERMAGIC \ | ||
3499 | - MODULE_RANDSTRUCT_PLUGIN | ||
3500 | + MODULE_RANDSTRUCT_PLUGIN \ | ||
3501 | + MODULE_VERMAGIC_RETPOLINE | ||
3502 | |||
3503 | diff --git a/kernel/delayacct.c b/kernel/delayacct.c | ||
3504 | index 4a1c33416b6a..e2764d767f18 100644 | ||
3505 | --- a/kernel/delayacct.c | ||
3506 | +++ b/kernel/delayacct.c | ||
3507 | @@ -51,16 +51,16 @@ void __delayacct_tsk_init(struct task_struct *tsk) | ||
3508 | * Finish delay accounting for a statistic using its timestamps (@start), | ||
3509 | * accumalator (@total) and @count | ||
3510 | */ | ||
3511 | -static void delayacct_end(u64 *start, u64 *total, u32 *count) | ||
3512 | +static void delayacct_end(spinlock_t *lock, u64 *start, u64 *total, u32 *count) | ||
3513 | { | ||
3514 | s64 ns = ktime_get_ns() - *start; | ||
3515 | unsigned long flags; | ||
3516 | |||
3517 | if (ns > 0) { | ||
3518 | - spin_lock_irqsave(¤t->delays->lock, flags); | ||
3519 | + spin_lock_irqsave(lock, flags); | ||
3520 | *total += ns; | ||
3521 | (*count)++; | ||
3522 | - spin_unlock_irqrestore(¤t->delays->lock, flags); | ||
3523 | + spin_unlock_irqrestore(lock, flags); | ||
3524 | } | ||
3525 | } | ||
3526 | |||
3527 | @@ -69,17 +69,25 @@ void __delayacct_blkio_start(void) | ||
3528 | current->delays->blkio_start = ktime_get_ns(); | ||
3529 | } | ||
3530 | |||
3531 | -void __delayacct_blkio_end(void) | ||
3532 | +/* | ||
3533 | + * We cannot rely on the `current` macro, as we haven't yet switched back to | ||
3534 | + * the process being woken. | ||
3535 | + */ | ||
3536 | +void __delayacct_blkio_end(struct task_struct *p) | ||
3537 | { | ||
3538 | - if (current->delays->flags & DELAYACCT_PF_SWAPIN) | ||
3539 | - /* Swapin block I/O */ | ||
3540 | - delayacct_end(¤t->delays->blkio_start, | ||
3541 | - ¤t->delays->swapin_delay, | ||
3542 | - ¤t->delays->swapin_count); | ||
3543 | - else /* Other block I/O */ | ||
3544 | - delayacct_end(¤t->delays->blkio_start, | ||
3545 | - ¤t->delays->blkio_delay, | ||
3546 | - ¤t->delays->blkio_count); | ||
3547 | + struct task_delay_info *delays = p->delays; | ||
3548 | + u64 *total; | ||
3549 | + u32 *count; | ||
3550 | + | ||
3551 | + if (p->delays->flags & DELAYACCT_PF_SWAPIN) { | ||
3552 | + total = &delays->swapin_delay; | ||
3553 | + count = &delays->swapin_count; | ||
3554 | + } else { | ||
3555 | + total = &delays->blkio_delay; | ||
3556 | + count = &delays->blkio_count; | ||
3557 | + } | ||
3558 | + | ||
3559 | + delayacct_end(&delays->lock, &delays->blkio_start, total, count); | ||
3560 | } | ||
3561 | |||
3562 | int __delayacct_add_tsk(struct taskstats *d, struct task_struct *tsk) | ||
3563 | @@ -153,8 +161,10 @@ void __delayacct_freepages_start(void) | ||
3564 | |||
3565 | void __delayacct_freepages_end(void) | ||
3566 | { | ||
3567 | - delayacct_end(¤t->delays->freepages_start, | ||
3568 | - ¤t->delays->freepages_delay, | ||
3569 | - ¤t->delays->freepages_count); | ||
3570 | + delayacct_end( | ||
3571 | + ¤t->delays->lock, | ||
3572 | + ¤t->delays->freepages_start, | ||
3573 | + ¤t->delays->freepages_delay, | ||
3574 | + ¤t->delays->freepages_count); | ||
3575 | } | ||
3576 | |||
3577 | diff --git a/kernel/futex.c b/kernel/futex.c | ||
3578 | index 76ed5921117a..52b3f4703158 100644 | ||
3579 | --- a/kernel/futex.c | ||
3580 | +++ b/kernel/futex.c | ||
3581 | @@ -1878,6 +1878,9 @@ static int futex_requeue(u32 __user *uaddr1, unsigned int flags, | ||
3582 | struct futex_q *this, *next; | ||
3583 | DEFINE_WAKE_Q(wake_q); | ||
3584 | |||
3585 | + if (nr_wake < 0 || nr_requeue < 0) | ||
3586 | + return -EINVAL; | ||
3587 | + | ||
3588 | /* | ||
3589 | * When PI not supported: return -ENOSYS if requeue_pi is true, | ||
3590 | * consequently the compiler knows requeue_pi is always false past | ||
3591 | @@ -2294,21 +2297,17 @@ static void unqueue_me_pi(struct futex_q *q) | ||
3592 | spin_unlock(q->lock_ptr); | ||
3593 | } | ||
3594 | |||
3595 | -/* | ||
3596 | - * Fixup the pi_state owner with the new owner. | ||
3597 | - * | ||
3598 | - * Must be called with hash bucket lock held and mm->sem held for non | ||
3599 | - * private futexes. | ||
3600 | - */ | ||
3601 | static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, | ||
3602 | - struct task_struct *newowner) | ||
3603 | + struct task_struct *argowner) | ||
3604 | { | ||
3605 | - u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; | ||
3606 | struct futex_pi_state *pi_state = q->pi_state; | ||
3607 | u32 uval, uninitialized_var(curval), newval; | ||
3608 | - struct task_struct *oldowner; | ||
3609 | + struct task_struct *oldowner, *newowner; | ||
3610 | + u32 newtid; | ||
3611 | int ret; | ||
3612 | |||
3613 | + lockdep_assert_held(q->lock_ptr); | ||
3614 | + | ||
3615 | raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); | ||
3616 | |||
3617 | oldowner = pi_state->owner; | ||
3618 | @@ -2317,11 +2316,17 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, | ||
3619 | newtid |= FUTEX_OWNER_DIED; | ||
3620 | |||
3621 | /* | ||
3622 | - * We are here either because we stole the rtmutex from the | ||
3623 | - * previous highest priority waiter or we are the highest priority | ||
3624 | - * waiter but have failed to get the rtmutex the first time. | ||
3625 | + * We are here because either: | ||
3626 | + * | ||
3627 | + * - we stole the lock and pi_state->owner needs updating to reflect | ||
3628 | + * that (@argowner == current), | ||
3629 | + * | ||
3630 | + * or: | ||
3631 | + * | ||
3632 | + * - someone stole our lock and we need to fix things to point to the | ||
3633 | + * new owner (@argowner == NULL). | ||
3634 | * | ||
3635 | - * We have to replace the newowner TID in the user space variable. | ||
3636 | + * Either way, we have to replace the TID in the user space variable. | ||
3637 | * This must be atomic as we have to preserve the owner died bit here. | ||
3638 | * | ||
3639 | * Note: We write the user space value _before_ changing the pi_state | ||
3640 | @@ -2334,6 +2339,42 @@ static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, | ||
3641 | * in the PID check in lookup_pi_state. | ||
3642 | */ | ||
3643 | retry: | ||
3644 | + if (!argowner) { | ||
3645 | + if (oldowner != current) { | ||
3646 | + /* | ||
3647 | + * We raced against a concurrent self; things are | ||
3648 | + * already fixed up. Nothing to do. | ||
3649 | + */ | ||
3650 | + ret = 0; | ||
3651 | + goto out_unlock; | ||
3652 | + } | ||
3653 | + | ||
3654 | + if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) { | ||
3655 | + /* We got the lock after all, nothing to fix. */ | ||
3656 | + ret = 0; | ||
3657 | + goto out_unlock; | ||
3658 | + } | ||
3659 | + | ||
3660 | + /* | ||
3661 | + * Since we just failed the trylock; there must be an owner. | ||
3662 | + */ | ||
3663 | + newowner = rt_mutex_owner(&pi_state->pi_mutex); | ||
3664 | + BUG_ON(!newowner); | ||
3665 | + } else { | ||
3666 | + WARN_ON_ONCE(argowner != current); | ||
3667 | + if (oldowner == current) { | ||
3668 | + /* | ||
3669 | + * We raced against a concurrent self; things are | ||
3670 | + * already fixed up. Nothing to do. | ||
3671 | + */ | ||
3672 | + ret = 0; | ||
3673 | + goto out_unlock; | ||
3674 | + } | ||
3675 | + newowner = argowner; | ||
3676 | + } | ||
3677 | + | ||
3678 | + newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; | ||
3679 | + | ||
3680 | if (get_futex_value_locked(&uval, uaddr)) | ||
3681 | goto handle_fault; | ||
3682 | |||
3683 | @@ -2434,15 +2475,28 @@ static int fixup_owner(u32 __user *uaddr, struct futex_q *q, int locked) | ||
3684 | * Got the lock. We might not be the anticipated owner if we | ||
3685 | * did a lock-steal - fix up the PI-state in that case: | ||
3686 | * | ||
3687 | - * We can safely read pi_state->owner without holding wait_lock | ||
3688 | - * because we now own the rt_mutex, only the owner will attempt | ||
3689 | - * to change it. | ||
3690 | + * Speculative pi_state->owner read (we don't hold wait_lock); | ||
3691 | + * since we own the lock pi_state->owner == current is the | ||
3692 | + * stable state, anything else needs more attention. | ||
3693 | */ | ||
3694 | if (q->pi_state->owner != current) | ||
3695 | ret = fixup_pi_state_owner(uaddr, q, current); | ||
3696 | goto out; | ||
3697 | } | ||
3698 | |||
3699 | + /* | ||
3700 | + * If we didn't get the lock; check if anybody stole it from us. In | ||
3701 | + * that case, we need to fix up the uval to point to them instead of | ||
3702 | + * us, otherwise bad things happen. [10] | ||
3703 | + * | ||
3704 | + * Another speculative read; pi_state->owner == current is unstable | ||
3705 | + * but needs our attention. | ||
3706 | + */ | ||
3707 | + if (q->pi_state->owner == current) { | ||
3708 | + ret = fixup_pi_state_owner(uaddr, q, NULL); | ||
3709 | + goto out; | ||
3710 | + } | ||
3711 | + | ||
3712 | /* | ||
3713 | * Paranoia check. If we did not take the lock, then we should not be | ||
3714 | * the owner of the rt_mutex. | ||
3715 | diff --git a/kernel/locking/rtmutex.c b/kernel/locking/rtmutex.c | ||
3716 | index 6f3dba6e4e9e..65cc0cb984e6 100644 | ||
3717 | --- a/kernel/locking/rtmutex.c | ||
3718 | +++ b/kernel/locking/rtmutex.c | ||
3719 | @@ -1290,6 +1290,19 @@ rt_mutex_slowlock(struct rt_mutex *lock, int state, | ||
3720 | return ret; | ||
3721 | } | ||
3722 | |||
3723 | +static inline int __rt_mutex_slowtrylock(struct rt_mutex *lock) | ||
3724 | +{ | ||
3725 | + int ret = try_to_take_rt_mutex(lock, current, NULL); | ||
3726 | + | ||
3727 | + /* | ||
3728 | + * try_to_take_rt_mutex() sets the lock waiters bit | ||
3729 | + * unconditionally. Clean this up. | ||
3730 | + */ | ||
3731 | + fixup_rt_mutex_waiters(lock); | ||
3732 | + | ||
3733 | + return ret; | ||
3734 | +} | ||
3735 | + | ||
3736 | /* | ||
3737 | * Slow path try-lock function: | ||
3738 | */ | ||
3739 | @@ -1312,13 +1325,7 @@ static inline int rt_mutex_slowtrylock(struct rt_mutex *lock) | ||
3740 | */ | ||
3741 | raw_spin_lock_irqsave(&lock->wait_lock, flags); | ||
3742 | |||
3743 | - ret = try_to_take_rt_mutex(lock, current, NULL); | ||
3744 | - | ||
3745 | - /* | ||
3746 | - * try_to_take_rt_mutex() sets the lock waiters bit | ||
3747 | - * unconditionally. Clean this up. | ||
3748 | - */ | ||
3749 | - fixup_rt_mutex_waiters(lock); | ||
3750 | + ret = __rt_mutex_slowtrylock(lock); | ||
3751 | |||
3752 | raw_spin_unlock_irqrestore(&lock->wait_lock, flags); | ||
3753 | |||
3754 | @@ -1505,6 +1512,11 @@ int __sched rt_mutex_futex_trylock(struct rt_mutex *lock) | ||
3755 | return rt_mutex_slowtrylock(lock); | ||
3756 | } | ||
3757 | |||
3758 | +int __sched __rt_mutex_futex_trylock(struct rt_mutex *lock) | ||
3759 | +{ | ||
3760 | + return __rt_mutex_slowtrylock(lock); | ||
3761 | +} | ||
3762 | + | ||
3763 | /** | ||
3764 | * rt_mutex_timed_lock - lock a rt_mutex interruptible | ||
3765 | * the timeout structure is provided | ||
3766 | diff --git a/kernel/locking/rtmutex_common.h b/kernel/locking/rtmutex_common.h | ||
3767 | index 124e98ca0b17..68686b3ec3c1 100644 | ||
3768 | --- a/kernel/locking/rtmutex_common.h | ||
3769 | +++ b/kernel/locking/rtmutex_common.h | ||
3770 | @@ -148,6 +148,7 @@ extern bool rt_mutex_cleanup_proxy_lock(struct rt_mutex *lock, | ||
3771 | struct rt_mutex_waiter *waiter); | ||
3772 | |||
3773 | extern int rt_mutex_futex_trylock(struct rt_mutex *l); | ||
3774 | +extern int __rt_mutex_futex_trylock(struct rt_mutex *l); | ||
3775 | |||
3776 | extern void rt_mutex_futex_unlock(struct rt_mutex *lock); | ||
3777 | extern bool __rt_mutex_futex_unlock(struct rt_mutex *lock, | ||
3778 | diff --git a/kernel/sched/core.c b/kernel/sched/core.c | ||
3779 | index 8fa7b6f9e19b..55062461b2fd 100644 | ||
3780 | --- a/kernel/sched/core.c | ||
3781 | +++ b/kernel/sched/core.c | ||
3782 | @@ -2046,7 +2046,7 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags) | ||
3783 | p->state = TASK_WAKING; | ||
3784 | |||
3785 | if (p->in_iowait) { | ||
3786 | - delayacct_blkio_end(); | ||
3787 | + delayacct_blkio_end(p); | ||
3788 | atomic_dec(&task_rq(p)->nr_iowait); | ||
3789 | } | ||
3790 | |||
3791 | @@ -2059,7 +2059,7 @@ try_to_wake_up(struct task_struct *p, unsigned int state, int wake_flags) | ||
3792 | #else /* CONFIG_SMP */ | ||
3793 | |||
3794 | if (p->in_iowait) { | ||
3795 | - delayacct_blkio_end(); | ||
3796 | + delayacct_blkio_end(p); | ||
3797 | atomic_dec(&task_rq(p)->nr_iowait); | ||
3798 | } | ||
3799 | |||
3800 | @@ -2112,7 +2112,7 @@ static void try_to_wake_up_local(struct task_struct *p, struct rq_flags *rf) | ||
3801 | |||
3802 | if (!task_on_rq_queued(p)) { | ||
3803 | if (p->in_iowait) { | ||
3804 | - delayacct_blkio_end(); | ||
3805 | + delayacct_blkio_end(p); | ||
3806 | atomic_dec(&rq->nr_iowait); | ||
3807 | } | ||
3808 | ttwu_activate(rq, p, ENQUEUE_WAKEUP | ENQUEUE_NOCLOCK); | ||
3809 | diff --git a/kernel/time/timer.c b/kernel/time/timer.c | ||
3810 | index 73e3cdbc61f1..db5e6daadd94 100644 | ||
3811 | --- a/kernel/time/timer.c | ||
3812 | +++ b/kernel/time/timer.c | ||
3813 | @@ -1656,7 +1656,7 @@ void run_local_timers(void) | ||
3814 | hrtimer_run_queues(); | ||
3815 | /* Raise the softirq only if required. */ | ||
3816 | if (time_before(jiffies, base->clk)) { | ||
3817 | - if (!IS_ENABLED(CONFIG_NO_HZ_COMMON) || !base->nohz_active) | ||
3818 | + if (!IS_ENABLED(CONFIG_NO_HZ_COMMON)) | ||
3819 | return; | ||
3820 | /* CPU is awake, so check the deferrable base. */ | ||
3821 | base++; | ||
3822 | diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c | ||
3823 | index 87468398b9ed..d53268a4e167 100644 | ||
3824 | --- a/kernel/trace/trace_events.c | ||
3825 | +++ b/kernel/trace/trace_events.c | ||
3826 | @@ -2213,6 +2213,7 @@ void trace_event_eval_update(struct trace_eval_map **map, int len) | ||
3827 | { | ||
3828 | struct trace_event_call *call, *p; | ||
3829 | const char *last_system = NULL; | ||
3830 | + bool first = false; | ||
3831 | int last_i; | ||
3832 | int i; | ||
3833 | |||
3834 | @@ -2220,15 +2221,28 @@ void trace_event_eval_update(struct trace_eval_map **map, int len) | ||
3835 | list_for_each_entry_safe(call, p, &ftrace_events, list) { | ||
3836 | /* events are usually grouped together with systems */ | ||
3837 | if (!last_system || call->class->system != last_system) { | ||
3838 | + first = true; | ||
3839 | last_i = 0; | ||
3840 | last_system = call->class->system; | ||
3841 | } | ||
3842 | |||
3843 | + /* | ||
3844 | + * Since calls are grouped by systems, the likelyhood that the | ||
3845 | + * next call in the iteration belongs to the same system as the | ||
3846 | + * previous call is high. As an optimization, we skip seaching | ||
3847 | + * for a map[] that matches the call's system if the last call | ||
3848 | + * was from the same system. That's what last_i is for. If the | ||
3849 | + * call has the same system as the previous call, then last_i | ||
3850 | + * will be the index of the first map[] that has a matching | ||
3851 | + * system. | ||
3852 | + */ | ||
3853 | for (i = last_i; i < len; i++) { | ||
3854 | if (call->class->system == map[i]->system) { | ||
3855 | /* Save the first system if need be */ | ||
3856 | - if (!last_i) | ||
3857 | + if (first) { | ||
3858 | last_i = i; | ||
3859 | + first = false; | ||
3860 | + } | ||
3861 | update_event_printk(call, map[i]); | ||
3862 | } | ||
3863 | } | ||
3864 | diff --git a/kernel/workqueue.c b/kernel/workqueue.c | ||
3865 | index a2dccfe1acec..8365a52a74c5 100644 | ||
3866 | --- a/kernel/workqueue.c | ||
3867 | +++ b/kernel/workqueue.c | ||
3868 | @@ -48,6 +48,7 @@ | ||
3869 | #include <linux/nodemask.h> | ||
3870 | #include <linux/moduleparam.h> | ||
3871 | #include <linux/uaccess.h> | ||
3872 | +#include <linux/nmi.h> | ||
3873 | |||
3874 | #include "workqueue_internal.h" | ||
3875 | |||
3876 | @@ -4479,6 +4480,12 @@ void show_workqueue_state(void) | ||
3877 | if (pwq->nr_active || !list_empty(&pwq->delayed_works)) | ||
3878 | show_pwq(pwq); | ||
3879 | spin_unlock_irqrestore(&pwq->pool->lock, flags); | ||
3880 | + /* | ||
3881 | + * We could be printing a lot from atomic context, e.g. | ||
3882 | + * sysrq-t -> show_workqueue_state(). Avoid triggering | ||
3883 | + * hard lockup. | ||
3884 | + */ | ||
3885 | + touch_nmi_watchdog(); | ||
3886 | } | ||
3887 | } | ||
3888 | |||
3889 | @@ -4506,6 +4513,12 @@ void show_workqueue_state(void) | ||
3890 | pr_cont("\n"); | ||
3891 | next_pool: | ||
3892 | spin_unlock_irqrestore(&pool->lock, flags); | ||
3893 | + /* | ||
3894 | + * We could be printing a lot from atomic context, e.g. | ||
3895 | + * sysrq-t -> show_workqueue_state(). Avoid triggering | ||
3896 | + * hard lockup. | ||
3897 | + */ | ||
3898 | + touch_nmi_watchdog(); | ||
3899 | } | ||
3900 | |||
3901 | rcu_read_unlock_sched(); | ||
3902 | diff --git a/mm/page_vma_mapped.c b/mm/page_vma_mapped.c | ||
3903 | index d22b84310f6d..956015614395 100644 | ||
3904 | --- a/mm/page_vma_mapped.c | ||
3905 | +++ b/mm/page_vma_mapped.c | ||
3906 | @@ -30,10 +30,29 @@ static bool map_pte(struct page_vma_mapped_walk *pvmw) | ||
3907 | return true; | ||
3908 | } | ||
3909 | |||
3910 | +/** | ||
3911 | + * check_pte - check if @pvmw->page is mapped at the @pvmw->pte | ||
3912 | + * | ||
3913 | + * page_vma_mapped_walk() found a place where @pvmw->page is *potentially* | ||
3914 | + * mapped. check_pte() has to validate this. | ||
3915 | + * | ||
3916 | + * @pvmw->pte may point to empty PTE, swap PTE or PTE pointing to arbitrary | ||
3917 | + * page. | ||
3918 | + * | ||
3919 | + * If PVMW_MIGRATION flag is set, returns true if @pvmw->pte contains migration | ||
3920 | + * entry that points to @pvmw->page or any subpage in case of THP. | ||
3921 | + * | ||
3922 | + * If PVMW_MIGRATION flag is not set, returns true if @pvmw->pte points to | ||
3923 | + * @pvmw->page or any subpage in case of THP. | ||
3924 | + * | ||
3925 | + * Otherwise, return false. | ||
3926 | + * | ||
3927 | + */ | ||
3928 | static bool check_pte(struct page_vma_mapped_walk *pvmw) | ||
3929 | { | ||
3930 | + unsigned long pfn; | ||
3931 | + | ||
3932 | if (pvmw->flags & PVMW_MIGRATION) { | ||
3933 | -#ifdef CONFIG_MIGRATION | ||
3934 | swp_entry_t entry; | ||
3935 | if (!is_swap_pte(*pvmw->pte)) | ||
3936 | return false; | ||
3937 | @@ -41,37 +60,31 @@ static bool check_pte(struct page_vma_mapped_walk *pvmw) | ||
3938 | |||
3939 | if (!is_migration_entry(entry)) | ||
3940 | return false; | ||
3941 | - if (migration_entry_to_page(entry) - pvmw->page >= | ||
3942 | - hpage_nr_pages(pvmw->page)) { | ||
3943 | - return false; | ||
3944 | - } | ||
3945 | - if (migration_entry_to_page(entry) < pvmw->page) | ||
3946 | - return false; | ||
3947 | -#else | ||
3948 | - WARN_ON_ONCE(1); | ||
3949 | -#endif | ||
3950 | - } else { | ||
3951 | - if (is_swap_pte(*pvmw->pte)) { | ||
3952 | - swp_entry_t entry; | ||
3953 | |||
3954 | - entry = pte_to_swp_entry(*pvmw->pte); | ||
3955 | - if (is_device_private_entry(entry) && | ||
3956 | - device_private_entry_to_page(entry) == pvmw->page) | ||
3957 | - return true; | ||
3958 | - } | ||
3959 | + pfn = migration_entry_to_pfn(entry); | ||
3960 | + } else if (is_swap_pte(*pvmw->pte)) { | ||
3961 | + swp_entry_t entry; | ||
3962 | |||
3963 | - if (!pte_present(*pvmw->pte)) | ||
3964 | + /* Handle un-addressable ZONE_DEVICE memory */ | ||
3965 | + entry = pte_to_swp_entry(*pvmw->pte); | ||
3966 | + if (!is_device_private_entry(entry)) | ||
3967 | return false; | ||
3968 | |||
3969 | - /* THP can be referenced by any subpage */ | ||
3970 | - if (pte_page(*pvmw->pte) - pvmw->page >= | ||
3971 | - hpage_nr_pages(pvmw->page)) { | ||
3972 | - return false; | ||
3973 | - } | ||
3974 | - if (pte_page(*pvmw->pte) < pvmw->page) | ||
3975 | + pfn = device_private_entry_to_pfn(entry); | ||
3976 | + } else { | ||
3977 | + if (!pte_present(*pvmw->pte)) | ||
3978 | return false; | ||
3979 | + | ||
3980 | + pfn = pte_pfn(*pvmw->pte); | ||
3981 | } | ||
3982 | |||
3983 | + if (pfn < page_to_pfn(pvmw->page)) | ||
3984 | + return false; | ||
3985 | + | ||
3986 | + /* THP can be referenced by any subpage */ | ||
3987 | + if (pfn - page_to_pfn(pvmw->page) >= hpage_nr_pages(pvmw->page)) | ||
3988 | + return false; | ||
3989 | + | ||
3990 | return true; | ||
3991 | } | ||
3992 | |||
3993 | diff --git a/net/can/af_can.c b/net/can/af_can.c | ||
3994 | index ecd5c703d11e..e3626e8500c2 100644 | ||
3995 | --- a/net/can/af_can.c | ||
3996 | +++ b/net/can/af_can.c | ||
3997 | @@ -721,20 +721,16 @@ static int can_rcv(struct sk_buff *skb, struct net_device *dev, | ||
3998 | { | ||
3999 | struct canfd_frame *cfd = (struct canfd_frame *)skb->data; | ||
4000 | |||
4001 | - if (WARN_ONCE(dev->type != ARPHRD_CAN || | ||
4002 | - skb->len != CAN_MTU || | ||
4003 | - cfd->len > CAN_MAX_DLEN, | ||
4004 | - "PF_CAN: dropped non conform CAN skbuf: " | ||
4005 | - "dev type %d, len %d, datalen %d\n", | ||
4006 | - dev->type, skb->len, cfd->len)) | ||
4007 | - goto drop; | ||
4008 | + if (unlikely(dev->type != ARPHRD_CAN || skb->len != CAN_MTU || | ||
4009 | + cfd->len > CAN_MAX_DLEN)) { | ||
4010 | + pr_warn_once("PF_CAN: dropped non conform CAN skbuf: dev type %d, len %d, datalen %d\n", | ||
4011 | + dev->type, skb->len, cfd->len); | ||
4012 | + kfree_skb(skb); | ||
4013 | + return NET_RX_DROP; | ||
4014 | + } | ||
4015 | |||
4016 | can_receive(skb, dev); | ||
4017 | return NET_RX_SUCCESS; | ||
4018 | - | ||
4019 | -drop: | ||
4020 | - kfree_skb(skb); | ||
4021 | - return NET_RX_DROP; | ||
4022 | } | ||
4023 | |||
4024 | static int canfd_rcv(struct sk_buff *skb, struct net_device *dev, | ||
4025 | @@ -742,20 +738,16 @@ static int canfd_rcv(struct sk_buff *skb, struct net_device *dev, | ||
4026 | { | ||
4027 | struct canfd_frame *cfd = (struct canfd_frame *)skb->data; | ||
4028 | |||
4029 | - if (WARN_ONCE(dev->type != ARPHRD_CAN || | ||
4030 | - skb->len != CANFD_MTU || | ||
4031 | - cfd->len > CANFD_MAX_DLEN, | ||
4032 | - "PF_CAN: dropped non conform CAN FD skbuf: " | ||
4033 | - "dev type %d, len %d, datalen %d\n", | ||
4034 | - dev->type, skb->len, cfd->len)) | ||
4035 | - goto drop; | ||
4036 | + if (unlikely(dev->type != ARPHRD_CAN || skb->len != CANFD_MTU || | ||
4037 | + cfd->len > CANFD_MAX_DLEN)) { | ||
4038 | + pr_warn_once("PF_CAN: dropped non conform CAN FD skbuf: dev type %d, len %d, datalen %d\n", | ||
4039 | + dev->type, skb->len, cfd->len); | ||
4040 | + kfree_skb(skb); | ||
4041 | + return NET_RX_DROP; | ||
4042 | + } | ||
4043 | |||
4044 | can_receive(skb, dev); | ||
4045 | return NET_RX_SUCCESS; | ||
4046 | - | ||
4047 | -drop: | ||
4048 | - kfree_skb(skb); | ||
4049 | - return NET_RX_DROP; | ||
4050 | } | ||
4051 | |||
4052 | /* | ||
4053 | diff --git a/net/key/af_key.c b/net/key/af_key.c | ||
4054 | index a00d607e7224..2ad693232f74 100644 | ||
4055 | --- a/net/key/af_key.c | ||
4056 | +++ b/net/key/af_key.c | ||
4057 | @@ -401,6 +401,11 @@ static int verify_address_len(const void *p) | ||
4058 | #endif | ||
4059 | int len; | ||
4060 | |||
4061 | + if (sp->sadb_address_len < | ||
4062 | + DIV_ROUND_UP(sizeof(*sp) + offsetofend(typeof(*addr), sa_family), | ||
4063 | + sizeof(uint64_t))) | ||
4064 | + return -EINVAL; | ||
4065 | + | ||
4066 | switch (addr->sa_family) { | ||
4067 | case AF_INET: | ||
4068 | len = DIV_ROUND_UP(sizeof(*sp) + sizeof(*sin), sizeof(uint64_t)); | ||
4069 | @@ -511,6 +516,9 @@ static int parse_exthdrs(struct sk_buff *skb, const struct sadb_msg *hdr, void * | ||
4070 | uint16_t ext_type; | ||
4071 | int ext_len; | ||
4072 | |||
4073 | + if (len < sizeof(*ehdr)) | ||
4074 | + return -EINVAL; | ||
4075 | + | ||
4076 | ext_len = ehdr->sadb_ext_len; | ||
4077 | ext_len *= sizeof(uint64_t); | ||
4078 | ext_type = ehdr->sadb_ext_type; | ||
4079 | diff --git a/scripts/Makefile.build b/scripts/Makefile.build | ||
4080 | index e63af4e19382..6bed45dc2cb1 100644 | ||
4081 | --- a/scripts/Makefile.build | ||
4082 | +++ b/scripts/Makefile.build | ||
4083 | @@ -270,12 +270,18 @@ else | ||
4084 | objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) | ||
4085 | endif | ||
4086 | |||
4087 | +ifdef CONFIG_MODVERSIONS | ||
4088 | +objtool_o = $(@D)/.tmp_$(@F) | ||
4089 | +else | ||
4090 | +objtool_o = $(@) | ||
4091 | +endif | ||
4092 | + | ||
4093 | # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory | ||
4094 | # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file | ||
4095 | # 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file | ||
4096 | cmd_objtool = $(if $(patsubst y%,, \ | ||
4097 | $(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \ | ||
4098 | - $(__objtool_obj) $(objtool_args) "$(@)";) | ||
4099 | + $(__objtool_obj) $(objtool_args) "$(objtool_o)";) | ||
4100 | objtool_obj = $(if $(patsubst y%,, \ | ||
4101 | $(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \ | ||
4102 | $(__objtool_obj)) | ||
4103 | @@ -291,15 +297,15 @@ objtool_dep = $(objtool_obj) \ | ||
4104 | define rule_cc_o_c | ||
4105 | $(call echo-cmd,checksrc) $(cmd_checksrc) \ | ||
4106 | $(call cmd_and_fixdep,cc_o_c) \ | ||
4107 | - $(cmd_modversions_c) \ | ||
4108 | $(call echo-cmd,objtool) $(cmd_objtool) \ | ||
4109 | + $(cmd_modversions_c) \ | ||
4110 | $(call echo-cmd,record_mcount) $(cmd_record_mcount) | ||
4111 | endef | ||
4112 | |||
4113 | define rule_as_o_S | ||
4114 | $(call cmd_and_fixdep,as_o_S) \ | ||
4115 | - $(cmd_modversions_S) \ | ||
4116 | - $(call echo-cmd,objtool) $(cmd_objtool) | ||
4117 | + $(call echo-cmd,objtool) $(cmd_objtool) \ | ||
4118 | + $(cmd_modversions_S) | ||
4119 | endef | ||
4120 | |||
4121 | # List module undefined symbols (or empty line if not enabled) | ||
4122 | diff --git a/scripts/gdb/linux/tasks.py b/scripts/gdb/linux/tasks.py | ||
4123 | index 1bf949c43b76..f6ab3ccf698f 100644 | ||
4124 | --- a/scripts/gdb/linux/tasks.py | ||
4125 | +++ b/scripts/gdb/linux/tasks.py | ||
4126 | @@ -96,6 +96,8 @@ def get_thread_info(task): | ||
4127 | thread_info_addr = task.address + ia64_task_size | ||
4128 | thread_info = thread_info_addr.cast(thread_info_ptr_type) | ||
4129 | else: | ||
4130 | + if task.type.fields()[0].type == thread_info_type.get_type(): | ||
4131 | + return task['thread_info'] | ||
4132 | thread_info = task['stack'].cast(thread_info_ptr_type) | ||
4133 | return thread_info.dereference() | ||
4134 | |||
4135 | diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c | ||
4136 | index db7894bb028c..faa67861cbc1 100644 | ||
4137 | --- a/sound/core/pcm_lib.c | ||
4138 | +++ b/sound/core/pcm_lib.c | ||
4139 | @@ -560,7 +560,6 @@ static inline unsigned int muldiv32(unsigned int a, unsigned int b, | ||
4140 | { | ||
4141 | u_int64_t n = (u_int64_t) a * b; | ||
4142 | if (c == 0) { | ||
4143 | - snd_BUG_ON(!n); | ||
4144 | *r = 0; | ||
4145 | return UINT_MAX; | ||
4146 | } | ||
4147 | diff --git a/sound/core/seq/seq_clientmgr.c b/sound/core/seq/seq_clientmgr.c | ||
4148 | index d10c780dfd54..ac30fc1ab98b 100644 | ||
4149 | --- a/sound/core/seq/seq_clientmgr.c | ||
4150 | +++ b/sound/core/seq/seq_clientmgr.c | ||
4151 | @@ -221,6 +221,7 @@ static struct snd_seq_client *seq_create_client1(int client_index, int poolsize) | ||
4152 | rwlock_init(&client->ports_lock); | ||
4153 | mutex_init(&client->ports_mutex); | ||
4154 | INIT_LIST_HEAD(&client->ports_list_head); | ||
4155 | + mutex_init(&client->ioctl_mutex); | ||
4156 | |||
4157 | /* find free slot in the client table */ | ||
4158 | spin_lock_irqsave(&clients_lock, flags); | ||
4159 | @@ -2126,7 +2127,9 @@ static long snd_seq_ioctl(struct file *file, unsigned int cmd, | ||
4160 | return -EFAULT; | ||
4161 | } | ||
4162 | |||
4163 | + mutex_lock(&client->ioctl_mutex); | ||
4164 | err = handler->func(client, &buf); | ||
4165 | + mutex_unlock(&client->ioctl_mutex); | ||
4166 | if (err >= 0) { | ||
4167 | /* Some commands includes a bug in 'dir' field. */ | ||
4168 | if (handler->cmd == SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT || | ||
4169 | diff --git a/sound/core/seq/seq_clientmgr.h b/sound/core/seq/seq_clientmgr.h | ||
4170 | index c6614254ef8a..0611e1e0ed5b 100644 | ||
4171 | --- a/sound/core/seq/seq_clientmgr.h | ||
4172 | +++ b/sound/core/seq/seq_clientmgr.h | ||
4173 | @@ -61,6 +61,7 @@ struct snd_seq_client { | ||
4174 | struct list_head ports_list_head; | ||
4175 | rwlock_t ports_lock; | ||
4176 | struct mutex ports_mutex; | ||
4177 | + struct mutex ioctl_mutex; | ||
4178 | int convert32; /* convert 32->64bit */ | ||
4179 | |||
4180 | /* output pool */ | ||
4181 | diff --git a/sound/pci/hda/patch_cirrus.c b/sound/pci/hda/patch_cirrus.c | ||
4182 | index 80bbadc83721..d6e079f4ec09 100644 | ||
4183 | --- a/sound/pci/hda/patch_cirrus.c | ||
4184 | +++ b/sound/pci/hda/patch_cirrus.c | ||
4185 | @@ -408,6 +408,7 @@ static const struct snd_pci_quirk cs420x_fixup_tbl[] = { | ||
4186 | /*SND_PCI_QUIRK(0x8086, 0x7270, "IMac 27 Inch", CS420X_IMAC27),*/ | ||
4187 | |||
4188 | /* codec SSID */ | ||
4189 | + SND_PCI_QUIRK(0x106b, 0x0600, "iMac 14,1", CS420X_IMAC27_122), | ||
4190 | SND_PCI_QUIRK(0x106b, 0x1c00, "MacBookPro 8,1", CS420X_MBP81), | ||
4191 | SND_PCI_QUIRK(0x106b, 0x2000, "iMac 12,2", CS420X_IMAC27_122), | ||
4192 | SND_PCI_QUIRK(0x106b, 0x2800, "MacBookPro 10,1", CS420X_MBP101), | ||
4193 | diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c | ||
4194 | index acdb196ddb44..145e92d6ca94 100644 | ||
4195 | --- a/sound/pci/hda/patch_realtek.c | ||
4196 | +++ b/sound/pci/hda/patch_realtek.c | ||
4197 | @@ -6173,6 +6173,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { | ||
4198 | SND_PCI_QUIRK(0x1028, 0x075b, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE), | ||
4199 | SND_PCI_QUIRK(0x1028, 0x075d, "Dell AIO", ALC298_FIXUP_SPK_VOLUME), | ||
4200 | SND_PCI_QUIRK(0x1028, 0x0798, "Dell Inspiron 17 7000 Gaming", ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER), | ||
4201 | + SND_PCI_QUIRK(0x1028, 0x082a, "Dell XPS 13 9360", ALC256_FIXUP_DELL_XPS_13_HEADPHONE_NOISE), | ||
4202 | SND_PCI_QUIRK(0x1028, 0x164a, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), | ||
4203 | SND_PCI_QUIRK(0x1028, 0x164b, "Dell", ALC293_FIXUP_DELL1_MIC_NO_PRESENCE), | ||
4204 | SND_PCI_QUIRK(0x103c, 0x1586, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC2), | ||
4205 | diff --git a/tools/objtool/Makefile b/tools/objtool/Makefile | ||
4206 | index ae0272f9a091..e6acc281dd37 100644 | ||
4207 | --- a/tools/objtool/Makefile | ||
4208 | +++ b/tools/objtool/Makefile | ||
4209 | @@ -46,7 +46,7 @@ $(OBJTOOL_IN): fixdep FORCE | ||
4210 | @$(MAKE) $(build)=objtool | ||
4211 | |||
4212 | $(OBJTOOL): $(LIBSUBCMD) $(OBJTOOL_IN) | ||
4213 | - @./sync-check.sh | ||
4214 | + @$(CONFIG_SHELL) ./sync-check.sh | ||
4215 | $(QUIET_LINK)$(CC) $(OBJTOOL_IN) $(LDFLAGS) -o $@ | ||
4216 | |||
4217 | |||
4218 | diff --git a/tools/objtool/arch/x86/decode.c b/tools/objtool/arch/x86/decode.c | ||
4219 | index 8acfc47af70e..540a209b78ab 100644 | ||
4220 | --- a/tools/objtool/arch/x86/decode.c | ||
4221 | +++ b/tools/objtool/arch/x86/decode.c | ||
4222 | @@ -138,7 +138,7 @@ int arch_decode_instruction(struct elf *elf, struct section *sec, | ||
4223 | *type = INSN_STACK; | ||
4224 | op->src.type = OP_SRC_ADD; | ||
4225 | op->src.reg = op_to_cfi_reg[modrm_reg][rex_r]; | ||
4226 | - op->dest.type = OP_SRC_REG; | ||
4227 | + op->dest.type = OP_DEST_REG; | ||
4228 | op->dest.reg = CFI_SP; | ||
4229 | } | ||
4230 | break; | ||
4231 | diff --git a/tools/objtool/builtin-orc.c b/tools/objtool/builtin-orc.c | ||
4232 | index 4c6b5c9ef073..91e8e19ff5e0 100644 | ||
4233 | --- a/tools/objtool/builtin-orc.c | ||
4234 | +++ b/tools/objtool/builtin-orc.c | ||
4235 | @@ -44,6 +44,9 @@ int cmd_orc(int argc, const char **argv) | ||
4236 | const char *objname; | ||
4237 | |||
4238 | argc--; argv++; | ||
4239 | + if (argc <= 0) | ||
4240 | + usage_with_options(orc_usage, check_options); | ||
4241 | + | ||
4242 | if (!strncmp(argv[0], "gen", 3)) { | ||
4243 | argc = parse_options(argc, argv, check_options, orc_usage, 0); | ||
4244 | if (argc != 1) | ||
4245 | @@ -52,7 +55,6 @@ int cmd_orc(int argc, const char **argv) | ||
4246 | objname = argv[0]; | ||
4247 | |||
4248 | return check(objname, no_fp, no_unreachable, true); | ||
4249 | - | ||
4250 | } | ||
4251 | |||
4252 | if (!strcmp(argv[0], "dump")) { | ||
4253 | diff --git a/tools/objtool/elf.c b/tools/objtool/elf.c | ||
4254 | index 24460155c82c..c1c338661699 100644 | ||
4255 | --- a/tools/objtool/elf.c | ||
4256 | +++ b/tools/objtool/elf.c | ||
4257 | @@ -26,6 +26,7 @@ | ||
4258 | #include <stdlib.h> | ||
4259 | #include <string.h> | ||
4260 | #include <unistd.h> | ||
4261 | +#include <errno.h> | ||
4262 | |||
4263 | #include "elf.h" | ||
4264 | #include "warn.h" | ||
4265 | @@ -358,7 +359,8 @@ struct elf *elf_open(const char *name, int flags) | ||
4266 | |||
4267 | elf->fd = open(name, flags); | ||
4268 | if (elf->fd == -1) { | ||
4269 | - perror("open"); | ||
4270 | + fprintf(stderr, "objtool: Can't open '%s': %s\n", | ||
4271 | + name, strerror(errno)); | ||
4272 | goto err; | ||
4273 | } | ||
4274 | |||
4275 | diff --git a/tools/objtool/orc_gen.c b/tools/objtool/orc_gen.c | ||
4276 | index e5ca31429c9b..e61fe703197b 100644 | ||
4277 | --- a/tools/objtool/orc_gen.c | ||
4278 | +++ b/tools/objtool/orc_gen.c | ||
4279 | @@ -165,6 +165,8 @@ int create_orc_sections(struct objtool_file *file) | ||
4280 | |||
4281 | /* create .orc_unwind_ip and .rela.orc_unwind_ip sections */ | ||
4282 | sec = elf_create_section(file->elf, ".orc_unwind_ip", sizeof(int), idx); | ||
4283 | + if (!sec) | ||
4284 | + return -1; | ||
4285 | |||
4286 | ip_relasec = elf_create_rela_section(file->elf, sec); | ||
4287 | if (!ip_relasec) | ||
4288 | diff --git a/virt/kvm/arm/mmu.c b/virt/kvm/arm/mmu.c | ||
4289 | index b4b69c2d1012..9dea96380339 100644 | ||
4290 | --- a/virt/kvm/arm/mmu.c | ||
4291 | +++ b/virt/kvm/arm/mmu.c | ||
4292 | @@ -1310,7 +1310,7 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, | ||
4293 | return -EFAULT; | ||
4294 | } | ||
4295 | |||
4296 | - if (is_vm_hugetlb_page(vma) && !logging_active) { | ||
4297 | + if (vma_kernel_pagesize(vma) == PMD_SIZE && !logging_active) { | ||
4298 | hugetlb = true; | ||
4299 | gfn = (fault_ipa & PMD_MASK) >> PAGE_SHIFT; | ||
4300 | } else { |