Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net

+1 -1

.clippy.toml

··· 7 7 disallowed-macros = [ 8 8 # The `clippy::dbg_macro` lint only works with `std::dbg!`, thus we simulate 9 9 # it here, see: https://github.com/rust-lang/rust-clippy/issues/11303. 10 - { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool" }, 10 + { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool", allow-invalid = true }, 11 11 ]

+5

.mailmap

··· 102 102 Arnaud Patard <arnaud.patard@rtp-net.org> 103 103 Arnd Bergmann <arnd@arndb.de> 104 104 Arun Kumar Neelakantam <quic_aneela@quicinc.com> <aneela@codeaurora.org> 105 + Asahi Lina <lina+kernel@asahilina.net> <lina@asahilina.net> 105 106 Ashok Raj Nagarajan <quic_arnagara@quicinc.com> <arnagara@codeaurora.org> 106 107 Ashwin Chaugule <quic_ashwinc@quicinc.com> <ashwinc@codeaurora.org> 107 108 Asutosh Das <quic_asutoshd@quicinc.com> <asutoshd@codeaurora.org> ··· 448 447 Luca Weiss <luca@lucaweiss.eu> <luca@z3ntu.xyz> 449 448 Lukasz Luba <lukasz.luba@arm.com> <l.luba@partner.samsung.com> 450 449 Luo Jie <quic_luoj@quicinc.com> <luoj@codeaurora.org> 450 + Lance Yang <lance.yang@linux.dev> <ioworker0@gmail.com> 451 + Lance Yang <lance.yang@linux.dev> <mingzhe.yang@ly.com> 451 452 Maciej W. Rozycki <macro@mips.com> <macro@imgtec.com> 452 453 Maciej W. Rozycki <macro@orcam.me.uk> <macro@linux-mips.org> 453 454 Maharaja Kennadyrajan <quic_mkenna@quicinc.com> <mkenna@codeaurora.org> ··· 486 483 Matthieu Baerts <matttbe@kernel.org> <matthieu.baerts@tessares.net> 487 484 Matthieu CASTET <castet.matthieu@free.fr> 488 485 Matti Vaittinen <mazziesaccount@gmail.com> <matti.vaittinen@fi.rohmeurope.com> 486 + Mattijs Korpershoek <mkorpershoek@kernel.org> <mkorpershoek@baylibre.com> 489 487 Matt Ranostay <matt@ranostay.sg> <matt.ranostay@konsulko.com> 490 488 Matt Ranostay <matt@ranostay.sg> <matt@ranostay.consulting> 491 489 Matt Ranostay <matt@ranostay.sg> Matthew Ranostay <mranostay@embeddedalley.com> ··· 753 749 Tycho Andersen <tycho@tycho.pizza> <tycho@tycho.ws> 754 750 Tzung-Bi Shih <tzungbi@kernel.org> <tzungbi@google.com> 755 751 Uwe Kleine-König <ukleinek@informatik.uni-freiburg.de> 752 + Uwe Kleine-König <u.kleine-koenig@baylibre.com> <ukleinek@baylibre.com> 756 753 Uwe Kleine-König <u.kleine-koenig@pengutronix.de> 757 754 Uwe Kleine-König <ukleinek@strlen.de> 758 755 Uwe Kleine-König <ukl@pengutronix.de>

+1

Documentation/ABI/testing/sysfs-devices-system-cpu

··· 511 511 512 512 What: /sys/devices/system/cpu/vulnerabilities 513 513 /sys/devices/system/cpu/vulnerabilities/gather_data_sampling 514 + /sys/devices/system/cpu/vulnerabilities/indirect_target_selection 514 515 /sys/devices/system/cpu/vulnerabilities/itlb_multihit 515 516 /sys/devices/system/cpu/vulnerabilities/l1tf 516 517 /sys/devices/system/cpu/vulnerabilities/mds

+1

Documentation/admin-guide/hw-vuln/index.rst

··· 23 23 gather_data_sampling 24 24 reg-file-data-sampling 25 25 rsb 26 + indirect-target-selection

+168

Documentation/admin-guide/hw-vuln/indirect-target-selection.rst

··· 1 + .. SPDX-License-Identifier: GPL-2.0 2 + 3 + Indirect Target Selection (ITS) 4 + =============================== 5 + 6 + ITS is a vulnerability in some Intel CPUs that support Enhanced IBRS and were 7 + released before Alder Lake. ITS may allow an attacker to control the prediction 8 + of indirect branches and RETs located in the lower half of a cacheline. 9 + 10 + ITS is assigned CVE-2024-28956 with a CVSS score of 4.7 (Medium). 11 + 12 + Scope of Impact 13 + --------------- 14 + - **eIBRS Guest/Host Isolation**: Indirect branches in KVM/kernel may still be 15 + predicted with unintended target corresponding to a branch in the guest. 16 + 17 + - **Intra-Mode BTI**: In-kernel training such as through cBPF or other native 18 + gadgets. 19 + 20 + - **Indirect Branch Prediction Barrier (IBPB)**: After an IBPB, indirect 21 + branches may still be predicted with targets corresponding to direct branches 22 + executed prior to the IBPB. This is fixed by the IPU 2025.1 microcode, which 23 + should be available via distro updates. Alternatively microcode can be 24 + obtained from Intel's github repository [#f1]_. 25 + 26 + Affected CPUs 27 + ------------- 28 + Below is the list of ITS affected CPUs [#f2]_ [#f3]_: 29 + 30 + ======================== ============ ==================== =============== 31 + Common name Family_Model eIBRS Intra-mode BTI 32 + Guest/Host Isolation 33 + ======================== ============ ==================== =============== 34 + SKYLAKE_X (step >= 6) 06_55H Affected Affected 35 + ICELAKE_X 06_6AH Not affected Affected 36 + ICELAKE_D 06_6CH Not affected Affected 37 + ICELAKE_L 06_7EH Not affected Affected 38 + TIGERLAKE_L 06_8CH Not affected Affected 39 + TIGERLAKE 06_8DH Not affected Affected 40 + KABYLAKE_L (step >= 12) 06_8EH Affected Affected 41 + KABYLAKE (step >= 13) 06_9EH Affected Affected 42 + COMETLAKE 06_A5H Affected Affected 43 + COMETLAKE_L 06_A6H Affected Affected 44 + ROCKETLAKE 06_A7H Not affected Affected 45 + ======================== ============ ==================== =============== 46 + 47 + - All affected CPUs enumerate Enhanced IBRS feature. 48 + - IBPB isolation is affected on all ITS affected CPUs, and need a microcode 49 + update for mitigation. 50 + - None of the affected CPUs enumerate BHI_CTRL which was introduced in Golden 51 + Cove (Alder Lake and Sapphire Rapids). This can help guests to determine the 52 + host's affected status. 53 + - Intel Atom CPUs are not affected by ITS. 54 + 55 + Mitigation 56 + ---------- 57 + As only the indirect branches and RETs that have their last byte of instruction 58 + in the lower half of the cacheline are vulnerable to ITS, the basic idea behind 59 + the mitigation is to not allow indirect branches in the lower half. 60 + 61 + This is achieved by relying on existing retpoline support in the kernel, and in 62 + compilers. ITS-vulnerable retpoline sites are runtime patched to point to newly 63 + added ITS-safe thunks. These safe thunks consists of indirect branch in the 64 + second half of the cacheline. Not all retpoline sites are patched to thunks, if 65 + a retpoline site is evaluated to be ITS-safe, it is replaced with an inline 66 + indirect branch. 67 + 68 + Dynamic thunks 69 + ~~~~~~~~~~~~~~ 70 + From a dynamically allocated pool of safe-thunks, each vulnerable site is 71 + replaced with a new thunk, such that they get a unique address. This could 72 + improve the branch prediction accuracy. Also, it is a defense-in-depth measure 73 + against aliasing. 74 + 75 + Note, for simplicity, indirect branches in eBPF programs are always replaced 76 + with a jump to a static thunk in __x86_indirect_its_thunk_array. If required, 77 + in future this can be changed to use dynamic thunks. 78 + 79 + All vulnerable RETs are replaced with a static thunk, they do not use dynamic 80 + thunks. This is because RETs get their prediction from RSB mostly that does not 81 + depend on source address. RETs that underflow RSB may benefit from dynamic 82 + thunks. But, RETs significantly outnumber indirect branches, and any benefit 83 + from a unique source address could be outweighed by the increased icache 84 + footprint and iTLB pressure. 85 + 86 + Retpoline 87 + ~~~~~~~~~ 88 + Retpoline sequence also mitigates ITS-unsafe indirect branches. For this 89 + reason, when retpoline is enabled, ITS mitigation only relocates the RETs to 90 + safe thunks. Unless user requested the RSB-stuffing mitigation. 91 + 92 + RSB Stuffing 93 + ~~~~~~~~~~~~ 94 + RSB-stuffing via Call Depth Tracking is a mitigation for Retbleed RSB-underflow 95 + attacks. And it also mitigates RETs that are vulnerable to ITS. 96 + 97 + Mitigation in guests 98 + ^^^^^^^^^^^^^^^^^^^^ 99 + All guests deploy ITS mitigation by default, irrespective of eIBRS enumeration 100 + and Family/Model of the guest. This is because eIBRS feature could be hidden 101 + from a guest. One exception to this is when a guest enumerates BHI_DIS_S, which 102 + indicates that the guest is running on an unaffected host. 103 + 104 + To prevent guests from unnecessarily deploying the mitigation on unaffected 105 + platforms, Intel has defined ITS_NO bit(62) in MSR IA32_ARCH_CAPABILITIES. When 106 + a guest sees this bit set, it should not enumerate the ITS bug. Note, this bit 107 + is not set by any hardware, but is **intended for VMMs to synthesize** it for 108 + guests as per the host's affected status. 109 + 110 + Mitigation options 111 + ^^^^^^^^^^^^^^^^^^ 112 + The ITS mitigation can be controlled using the "indirect_target_selection" 113 + kernel parameter. The available options are: 114 + 115 + ======== =================================================================== 116 + on (default) Deploy the "Aligned branch/return thunks" mitigation. 117 + If spectre_v2 mitigation enables retpoline, aligned-thunks are only 118 + deployed for the affected RET instructions. Retpoline mitigates 119 + indirect branches. 120 + 121 + off Disable ITS mitigation. 122 + 123 + vmexit Equivalent to "=on" if the CPU is affected by guest/host isolation 124 + part of ITS. Otherwise, mitigation is not deployed. This option is 125 + useful when host userspace is not in the threat model, and only 126 + attacks from guest to host are considered. 127 + 128 + stuff Deploy RSB-fill mitigation when retpoline is also deployed. 129 + Otherwise, deploy the default mitigation. When retpoline mitigation 130 + is enabled, RSB-stuffing via Call-Depth-Tracking also mitigates 131 + ITS. 132 + 133 + force Force the ITS bug and deploy the default mitigation. 134 + ======== =================================================================== 135 + 136 + Sysfs reporting 137 + --------------- 138 + 139 + The sysfs file showing ITS mitigation status is: 140 + 141 + /sys/devices/system/cpu/vulnerabilities/indirect_target_selection 142 + 143 + Note, microcode mitigation status is not reported in this file. 144 + 145 + The possible values in this file are: 146 + 147 + .. list-table:: 148 + 149 + * - Not affected 150 + - The processor is not vulnerable. 151 + * - Vulnerable 152 + - System is vulnerable and no mitigation has been applied. 153 + * - Vulnerable, KVM: Not affected 154 + - System is vulnerable to intra-mode BTI, but not affected by eIBRS 155 + guest/host isolation. 156 + * - Mitigation: Aligned branch/return thunks 157 + - The mitigation is enabled, affected indirect branches and RETs are 158 + relocated to safe thunks. 159 + * - Mitigation: Retpolines, Stuffing RSB 160 + - The mitigation is enabled using retpoline and RSB stuffing. 161 + 162 + References 163 + ---------- 164 + .. [#f1] Microcode repository - https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files 165 + 166 + .. [#f2] Affected Processors list - https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html 167 + 168 + .. [#f3] Affected Processors list (machine readable) - https://github.com/intel/Intel-affected-processor-list

+18

Documentation/admin-guide/kernel-parameters.txt

··· 2202 2202 different crypto accelerators. This option can be used 2203 2203 to achieve best performance for particular HW. 2204 2204 2205 + indirect_target_selection= [X86,Intel] Mitigation control for Indirect 2206 + Target Selection(ITS) bug in Intel CPUs. Updated 2207 + microcode is also required for a fix in IBPB. 2208 + 2209 + on: Enable mitigation (default). 2210 + off: Disable mitigation. 2211 + force: Force the ITS bug and deploy default 2212 + mitigation. 2213 + vmexit: Only deploy mitigation if CPU is affected by 2214 + guest/host isolation part of ITS. 2215 + stuff: Deploy RSB-fill mitigation when retpoline is 2216 + also deployed. Otherwise, deploy the default 2217 + mitigation. 2218 + 2219 + For details see: 2220 + Documentation/admin-guide/hw-vuln/indirect-target-selection.rst 2221 + 2205 2222 init= [KNL] 2206 2223 Format: <full_path> 2207 2224 Run specified binary instead of /sbin/init as init ··· 3710 3693 expose users to several CPU vulnerabilities. 3711 3694 Equivalent to: if nokaslr then kpti=0 [ARM64] 3712 3695 gather_data_sampling=off [X86] 3696 + indirect_target_selection=off [X86] 3713 3697 kvm.nx_huge_pages=off [X86] 3714 3698 l1tf=off [X86] 3715 3699 mds=off [X86]

+1 -1

Documentation/devicetree/bindings/input/mediatek,mt6779-keypad.yaml

··· 7 7 title: Mediatek's Keypad Controller 8 8 9 9 maintainers: 10 - - Mattijs Korpershoek <mkorpershoek@baylibre.com> 10 + - Mattijs Korpershoek <mkorpershoek@kernel.org> 11 11 12 12 allOf: 13 13 - $ref: /schemas/input/matrix-keymap.yaml#

+17

Documentation/kbuild/reproducible-builds.rst

··· 46 46 `KBUILD_BUILD_USER and KBUILD_BUILD_HOST`_ variables. If you are 47 47 building from a git commit, you could use its committer address. 48 48 49 + Absolute filenames 50 + ------------------ 51 + 52 + When the kernel is built out-of-tree, debug information may include 53 + absolute filenames for the source files. This must be overridden by 54 + including the ``-fdebug-prefix-map`` option in the `KCFLAGS`_ variable. 55 + 56 + Depending on the compiler used, the ``__FILE__`` macro may also expand 57 + to an absolute filename in an out-of-tree build. Kbuild automatically 58 + uses the ``-fmacro-prefix-map`` option to prevent this, if it is 59 + supported. 60 + 61 + The Reproducible Builds web site has more information about these 62 + `prefix-map options`_. 63 + 49 64 Generated files in source packages 50 65 ---------------------------------- 51 66 ··· 131 116 132 117 .. _KBUILD_BUILD_TIMESTAMP: kbuild.html#kbuild-build-timestamp 133 118 .. _KBUILD_BUILD_USER and KBUILD_BUILD_HOST: kbuild.html#kbuild-build-user-kbuild-build-host 119 + .. _KCFLAGS: kbuild.html#kcflags 120 + .. _prefix-map options: https://reproducible-builds.org/docs/build-path/ 134 121 .. _Reproducible Builds project: https://reproducible-builds.org/ 135 122 .. _SOURCE_DATE_EPOCH: https://reproducible-builds.org/docs/source-date-epoch/

+6 -4

Documentation/netlink/specs/tc.yaml

··· 2017 2017 attributes: 2018 2018 - 2019 2019 name: act 2020 - type: nest 2020 + type: indexed-array 2021 + sub-type: nest 2021 2022 nested-attributes: tc-act-attrs 2022 2023 - 2023 2024 name: police ··· 2251 2250 attributes: 2252 2251 - 2253 2252 name: act 2254 - type: nest 2253 + type: indexed-array 2254 + sub-type: nest 2255 2255 nested-attributes: tc-act-attrs 2256 2256 - 2257 2257 name: police ··· 2747 2745 type: u16 2748 2746 byte-order: big-endian 2749 2747 - 2750 - name: key-l2-tpv3-sid 2748 + name: key-l2tpv3-sid 2751 2749 type: u32 2752 2750 byte-order: big-endian 2753 2751 - ··· 3506 3504 name: rate64 3507 3505 type: u64 3508 3506 - 3509 - name: prate4 3507 + name: prate64 3510 3508 type: u64 3511 3509 - 3512 3510 name: burst

+3 -5

Documentation/networking/timestamping.rst

··· 811 811 3.2.4 Other caveats for MAC drivers 812 812 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 813 813 814 - Stacked PHCs, especially DSA (but not only) - since that doesn't require any 815 - modification to MAC drivers, so it is more difficult to ensure correctness of 816 - all possible code paths - is that they uncover bugs which were impossible to 817 - trigger before the existence of stacked PTP clocks. One example has to do with 818 - this line of code, already presented earlier:: 814 + The use of stacked PHCs may uncover MAC driver bugs which were impossible to 815 + trigger without them. One example has to do with this line of code, already 816 + presented earlier:: 819 817 820 818 skb_shinfo(skb)->tx_flags |= SKBTX_IN_PROGRESS; 821 819

+63 -7

MAINTAINERS

··· 11229 11229 F: drivers/i2c/busses/i2c-cht-wc.c 11230 11230 11231 11231 I2C/SMBUS ISMT DRIVER 11232 - M: Seth Heasley <seth.heasley@intel.com> 11233 11232 M: Neil Horman <nhorman@tuxdriver.com> 11234 11233 L: linux-i2c@vger.kernel.org 11235 11234 F: Documentation/i2c/busses/i2c-ismt.rst ··· 15064 15065 F: drivers/media/platform/mediatek/jpeg/ 15065 15066 15066 15067 MEDIATEK KEYPAD DRIVER 15067 - M: Mattijs Korpershoek <mkorpershoek@baylibre.com> 15068 + M: Mattijs Korpershoek <mkorpershoek@kernel.org> 15068 15069 S: Supported 15069 15070 F: Documentation/devicetree/bindings/input/mediatek,mt6779-keypad.yaml 15070 15071 F: drivers/input/keyboard/mt6779-keypad.c ··· 15487 15488 F: include/linux/gfp.h 15488 15489 F: include/linux/gfp_types.h 15489 15490 F: include/linux/memfd.h 15490 - F: include/linux/memory.h 15491 15491 F: include/linux/memory_hotplug.h 15492 15492 F: include/linux/memory-tiers.h 15493 15493 F: include/linux/mempolicy.h 15494 15494 F: include/linux/mempool.h 15495 15495 F: include/linux/memremap.h 15496 - F: include/linux/mm.h 15497 - F: include/linux/mm_*.h 15498 15496 F: include/linux/mmzone.h 15499 15497 F: include/linux/mmu_notifier.h 15500 15498 F: include/linux/pagewalk.h 15501 - F: include/linux/rmap.h 15502 15499 F: include/trace/events/ksm.h 15503 15500 F: mm/ 15504 15501 F: tools/mm/ 15505 15502 F: tools/testing/selftests/mm/ 15506 15503 N: include/linux/page[-_]* 15504 + 15505 + MEMORY MANAGEMENT - CORE 15506 + M: Andrew Morton <akpm@linux-foundation.org> 15507 + M: David Hildenbrand <david@redhat.com> 15508 + R: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> 15509 + R: Liam R. Howlett <Liam.Howlett@oracle.com> 15510 + R: Vlastimil Babka <vbabka@suse.cz> 15511 + R: Mike Rapoport <rppt@kernel.org> 15512 + R: Suren Baghdasaryan <surenb@google.com> 15513 + R: Michal Hocko <mhocko@suse.com> 15514 + L: linux-mm@kvack.org 15515 + S: Maintained 15516 + W: http://www.linux-mm.org 15517 + T: git git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm 15518 + F: include/linux/memory.h 15519 + F: include/linux/mm.h 15520 + F: include/linux/mm_*.h 15521 + F: include/linux/mmdebug.h 15522 + F: include/linux/pagewalk.h 15523 + F: mm/Kconfig 15524 + F: mm/debug.c 15525 + F: mm/init-mm.c 15526 + F: mm/memory.c 15527 + F: mm/pagewalk.c 15528 + F: mm/util.c 15507 15529 15508 15530 MEMORY MANAGEMENT - EXECMEM 15509 15531 M: Andrew Morton <akpm@linux-foundation.org> ··· 15559 15539 F: include/linux/gfp.h 15560 15540 F: include/linux/compaction.h 15561 15541 15542 + MEMORY MANAGEMENT - RMAP (REVERSE MAPPING) 15543 + M: Andrew Morton <akpm@linux-foundation.org> 15544 + M: David Hildenbrand <david@redhat.com> 15545 + M: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> 15546 + R: Rik van Riel <riel@surriel.com> 15547 + R: Liam R. Howlett <Liam.Howlett@oracle.com> 15548 + R: Vlastimil Babka <vbabka@suse.cz> 15549 + R: Harry Yoo <harry.yoo@oracle.com> 15550 + L: linux-mm@kvack.org 15551 + S: Maintained 15552 + F: include/linux/rmap.h 15553 + F: mm/rmap.c 15554 + 15562 15555 MEMORY MANAGEMENT - SECRETMEM 15563 15556 M: Andrew Morton <akpm@linux-foundation.org> 15564 15557 M: Mike Rapoport <rppt@kernel.org> ··· 15579 15546 S: Maintained 15580 15547 F: include/linux/secretmem.h 15581 15548 F: mm/secretmem.c 15549 + 15550 + MEMORY MANAGEMENT - THP (TRANSPARENT HUGE PAGE) 15551 + M: Andrew Morton <akpm@linux-foundation.org> 15552 + M: David Hildenbrand <david@redhat.com> 15553 + R: Zi Yan <ziy@nvidia.com> 15554 + R: Baolin Wang <baolin.wang@linux.alibaba.com> 15555 + R: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> 15556 + R: Liam R. Howlett <Liam.Howlett@oracle.com> 15557 + R: Nico Pache <npache@redhat.com> 15558 + R: Ryan Roberts <ryan.roberts@arm.com> 15559 + R: Dev Jain <dev.jain@arm.com> 15560 + L: linux-mm@kvack.org 15561 + S: Maintained 15562 + W: http://www.linux-mm.org 15563 + T: git git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm 15564 + F: Documentation/admin-guide/mm/transhuge.rst 15565 + F: include/linux/huge_mm.h 15566 + F: include/linux/khugepaged.h 15567 + F: include/trace/events/huge_memory.h 15568 + F: mm/huge_memory.c 15569 + F: mm/khugepaged.c 15570 + F: tools/testing/selftests/mm/khugepaged.c 15571 + F: tools/testing/selftests/mm/split_huge_page_test.c 15572 + F: tools/testing/selftests/mm/transhuge-stress.c 15582 15573 15583 15574 MEMORY MANAGEMENT - USERFAULTFD 15584 15575 M: Andrew Morton <akpm@linux-foundation.org> ··· 22927 22870 22928 22871 SPEAR PLATFORM/CLOCK/PINCTRL SUPPORT 22929 22872 M: Viresh Kumar <vireshk@kernel.org> 22930 - M: Shiraz Hashim <shiraz.linux.kernel@gmail.com> 22931 22873 L: linux-arm-kernel@lists.infradead.org (moderated for non-subscribers) 22932 22874 L: soc@lists.linux.dev 22933 22875 S: Maintained

+2 -3

Makefile

··· 2 2 VERSION = 6 3 3 PATCHLEVEL = 15 4 4 SUBLEVEL = 0 5 - EXTRAVERSION = -rc5 5 + EXTRAVERSION = -rc6 6 6 NAME = Baby Opossum Posse 7 7 8 8 # *DOCUMENTATION* ··· 1068 1068 1069 1069 # change __FILE__ to the relative path to the source directory 1070 1070 ifdef building_out_of_srctree 1071 - KBUILD_CPPFLAGS += $(call cc-option,-ffile-prefix-map=$(srcroot)/=) 1072 - KBUILD_RUSTFLAGS += --remap-path-prefix=$(srcroot)/= 1071 + KBUILD_CPPFLAGS += $(call cc-option,-fmacro-prefix-map=$(srcroot)/=) 1073 1072 endif 1074 1073 1075 1074 # include additional Makefiles when needed

+3 -3

arch/arm/boot/dts/amlogic/meson8.dtsi

··· 451 451 pwm_ef: pwm@86c0 { 452 452 compatible = "amlogic,meson8-pwm-v2"; 453 453 clocks = <&xtal>, 454 - <>, /* unknown/untested, the datasheet calls it "Video PLL" */ 454 + <0>, /* unknown/untested, the datasheet calls it "Video PLL" */ 455 455 <&clkc CLKID_FCLK_DIV4>, 456 456 <&clkc CLKID_FCLK_DIV3>; 457 457 reg = <0x86c0 0x10>; ··· 705 705 &pwm_ab { 706 706 compatible = "amlogic,meson8-pwm-v2"; 707 707 clocks = <&xtal>, 708 - <>, /* unknown/untested, the datasheet calls it "Video PLL" */ 708 + <0>, /* unknown/untested, the datasheet calls it "Video PLL" */ 709 709 <&clkc CLKID_FCLK_DIV4>, 710 710 <&clkc CLKID_FCLK_DIV3>; 711 711 }; ··· 713 713 &pwm_cd { 714 714 compatible = "amlogic,meson8-pwm-v2"; 715 715 clocks = <&xtal>, 716 - <>, /* unknown/untested, the datasheet calls it "Video PLL" */ 716 + <0>, /* unknown/untested, the datasheet calls it "Video PLL" */ 717 717 <&clkc CLKID_FCLK_DIV4>, 718 718 <&clkc CLKID_FCLK_DIV3>; 719 719 };

+3 -3

arch/arm/boot/dts/amlogic/meson8b.dtsi

··· 406 406 compatible = "amlogic,meson8b-pwm-v2", "amlogic,meson8-pwm-v2"; 407 407 reg = <0x86c0 0x10>; 408 408 clocks = <&xtal>, 409 - <>, /* unknown/untested, the datasheet calls it "Video PLL" */ 409 + <0>, /* unknown/untested, the datasheet calls it "Video PLL" */ 410 410 <&clkc CLKID_FCLK_DIV4>, 411 411 <&clkc CLKID_FCLK_DIV3>; 412 412 #pwm-cells = <3>; ··· 680 680 &pwm_ab { 681 681 compatible = "amlogic,meson8b-pwm-v2", "amlogic,meson8-pwm-v2"; 682 682 clocks = <&xtal>, 683 - <>, /* unknown/untested, the datasheet calls it "Video PLL" */ 683 + <0>, /* unknown/untested, the datasheet calls it "Video PLL" */ 684 684 <&clkc CLKID_FCLK_DIV4>, 685 685 <&clkc CLKID_FCLK_DIV3>; 686 686 }; ··· 688 688 &pwm_cd { 689 689 compatible = "amlogic,meson8b-pwm-v2", "amlogic,meson8-pwm-v2"; 690 690 clocks = <&xtal>, 691 - <>, /* unknown/untested, the datasheet calls it "Video PLL" */ 691 + <0>, /* unknown/untested, the datasheet calls it "Video PLL" */ 692 692 <&clkc CLKID_FCLK_DIV4>, 693 693 <&clkc CLKID_FCLK_DIV3>; 694 694 };

+1 -1

arch/arm64/boot/dts/amazon/alpine-v2.dtsi

··· 151 151 al,msi-num-spis = <160>; 152 152 }; 153 153 154 - io-fabric@fc000000 { 154 + io-bus@fc000000 { 155 155 compatible = "simple-bus"; 156 156 #address-cells = <1>; 157 157 #size-cells = <1>;

+1 -1

arch/arm64/boot/dts/amazon/alpine-v3.dtsi

··· 361 361 interrupt-parent = <&gic>; 362 362 }; 363 363 364 - io-fabric@fc000000 { 364 + io-bus@fc000000 { 365 365 compatible = "simple-bus"; 366 366 #address-cells = <1>; 367 367 #size-cells = <1>;

+3 -3

arch/arm64/boot/dts/amlogic/meson-g12-common.dtsi

··· 2313 2313 "amlogic,meson8-pwm-v2"; 2314 2314 reg = <0x0 0x19000 0x0 0x20>; 2315 2315 clocks = <&xtal>, 2316 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 2316 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 2317 2317 <&clkc CLKID_FCLK_DIV4>, 2318 2318 <&clkc CLKID_FCLK_DIV3>; 2319 2319 #pwm-cells = <3>; ··· 2325 2325 "amlogic,meson8-pwm-v2"; 2326 2326 reg = <0x0 0x1a000 0x0 0x20>; 2327 2327 clocks = <&xtal>, 2328 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 2328 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 2329 2329 <&clkc CLKID_FCLK_DIV4>, 2330 2330 <&clkc CLKID_FCLK_DIV3>; 2331 2331 #pwm-cells = <3>; ··· 2337 2337 "amlogic,meson8-pwm-v2"; 2338 2338 reg = <0x0 0x1b000 0x0 0x20>; 2339 2339 clocks = <&xtal>, 2340 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 2340 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 2341 2341 <&clkc CLKID_FCLK_DIV4>, 2342 2342 <&clkc CLKID_FCLK_DIV3>; 2343 2343 #pwm-cells = <3>;

+4

arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi

··· 116 116 status = "okay"; 117 117 }; 118 118 119 + &clkc_audio { 120 + status = "okay"; 121 + }; 122 + 119 123 &frddr_a { 120 124 status = "okay"; 121 125 };

+3 -3

arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi

··· 741 741 742 742 &pwm_ab { 743 743 clocks = <&xtal>, 744 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 744 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 745 745 <&clkc CLKID_FCLK_DIV4>, 746 746 <&clkc CLKID_FCLK_DIV3>; 747 747 }; ··· 752 752 753 753 &pwm_cd { 754 754 clocks = <&xtal>, 755 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 755 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 756 756 <&clkc CLKID_FCLK_DIV4>, 757 757 <&clkc CLKID_FCLK_DIV3>; 758 758 }; 759 759 760 760 &pwm_ef { 761 761 clocks = <&xtal>, 762 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 762 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 763 763 <&clkc CLKID_FCLK_DIV4>, 764 764 <&clkc CLKID_FCLK_DIV3>; 765 765 };

+3 -3

arch/arm64/boot/dts/amlogic/meson-gxl.dtsi

··· 811 811 812 812 &pwm_ab { 813 813 clocks = <&xtal>, 814 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 814 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 815 815 <&clkc CLKID_FCLK_DIV4>, 816 816 <&clkc CLKID_FCLK_DIV3>; 817 817 }; ··· 822 822 823 823 &pwm_cd { 824 824 clocks = <&xtal>, 825 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 825 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 826 826 <&clkc CLKID_FCLK_DIV4>, 827 827 <&clkc CLKID_FCLK_DIV3>; 828 828 }; 829 829 830 830 &pwm_ef { 831 831 clocks = <&xtal>, 832 - <>, /* unknown/untested, the datasheet calls it "vid_pll" */ 832 + <0>, /* unknown/untested, the datasheet calls it "vid_pll" */ 833 833 <&clkc CLKID_FCLK_DIV4>, 834 834 <&clkc CLKID_FCLK_DIV3>; 835 835 };

+10

arch/arm64/boot/dts/apple/t8103-j293.dts

··· 77 77 }; 78 78 }; 79 79 80 + /* 81 + * The driver depends on boot loader initialized state which resets when this 82 + * power-domain is powered off. This happens on suspend or when the driver is 83 + * missing during boot. Mark the domain as always on until the driver can 84 + * handle this. 85 + */ 86 + &ps_dispdfr_be { 87 + apple,always-on; 88 + }; 89 + 80 90 &display_dfr { 81 91 status = "okay"; 82 92 };

+10

arch/arm64/boot/dts/apple/t8112-j493.dts

··· 40 40 }; 41 41 }; 42 42 43 + /* 44 + * The driver depends on boot loader initialized state which resets when this 45 + * power-domain is powered off. This happens on suspend or when the driver is 46 + * missing during boot. Mark the domain as always on until the driver can 47 + * handle this. 48 + */ 49 + &ps_dispdfr_be { 50 + apple,always-on; 51 + }; 52 + 43 53 &display_dfr { 44 54 status = "okay"; 45 55 };

+2

arch/arm64/boot/dts/freescale/imx8mp-nominal.dtsi

··· 88 88 <0>, <0>, <400000000>, 89 89 <1039500000>; 90 90 }; 91 + 92 + /delete-node/ &{noc_opp_table/opp-1000000000};

+11 -1

arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi

··· 35 35 <0x1 0x00000000 0 0xc0000000>; 36 36 }; 37 37 38 - 39 38 reg_usdhc2_vmmc: regulator-usdhc2-vmmc { 40 39 compatible = "regulator-fixed"; 41 40 regulator-name = "VSD_3V3"; ··· 44 45 enable-active-high; 45 46 startup-delay-us = <100>; 46 47 off-on-delay-us = <12000>; 48 + }; 49 + 50 + reg_usdhc2_vqmmc: regulator-usdhc2-vqmmc { 51 + compatible = "regulator-gpio"; 52 + regulator-name = "VSD_VSEL"; 53 + regulator-min-microvolt = <1800000>; 54 + regulator-max-microvolt = <3300000>; 55 + gpios = <&gpio2 12 GPIO_ACTIVE_HIGH>; 56 + states = <3300000 0x0 1800000 0x1>; 57 + vin-supply = <&ldo5>; 47 58 }; 48 59 }; 49 60 ··· 214 205 pinctrl-2 = <&pinctrl_usdhc2_200mhz>, <&pinctrl_usdhc2_gpio>; 215 206 cd-gpios = <&gpio1 14 GPIO_ACTIVE_LOW>; 216 207 vmmc-supply = <&reg_usdhc2_vmmc>; 208 + vqmmc-supply = <&reg_usdhc2_vqmmc>; 217 209 bus-width = <4>; 218 210 status = "okay"; 219 211 };

+6

arch/arm64/boot/dts/freescale/imx8mp.dtsi

··· 1645 1645 opp-hz = /bits/ 64 <200000000>; 1646 1646 }; 1647 1647 1648 + /* Nominal drive mode maximum */ 1649 + opp-800000000 { 1650 + opp-hz = /bits/ 64 <800000000>; 1651 + }; 1652 + 1653 + /* Overdrive mode maximum */ 1648 1654 opp-1000000000 { 1649 1655 opp-hz = /bits/ 64 <1000000000>; 1650 1656 };

+1 -2

arch/arm64/boot/dts/rockchip/px30-engicam-common.dtsi

··· 31 31 }; 32 32 33 33 vcc3v3_btreg: vcc3v3-btreg { 34 - compatible = "regulator-gpio"; 34 + compatible = "regulator-fixed"; 35 35 enable-active-high; 36 36 pinctrl-names = "default"; 37 37 pinctrl-0 = <&bt_enable_h>; ··· 39 39 regulator-min-microvolt = <3300000>; 40 40 regulator-max-microvolt = <3300000>; 41 41 regulator-always-on; 42 - states = <3300000 0x0>; 43 42 }; 44 43 45 44 vcc3v3_rf_aux_mod: regulator-vcc3v3-rf-aux-mod {

+1 -1

arch/arm64/boot/dts/rockchip/px30-engicam-ctouch2.dtsi

··· 26 26 }; 27 27 28 28 &vcc3v3_btreg { 29 - enable-gpios = <&gpio1 RK_PC3 GPIO_ACTIVE_HIGH>; 29 + gpios = <&gpio1 RK_PC3 GPIO_ACTIVE_HIGH>; 30 30 };

+1 -1

arch/arm64/boot/dts/rockchip/px30-engicam-px30-core-edimm2.2.dts

··· 39 39 }; 40 40 41 41 &vcc3v3_btreg { 42 - enable-gpios = <&gpio1 RK_PC2 GPIO_ACTIVE_HIGH>; 42 + gpios = <&gpio1 RK_PC2 GPIO_ACTIVE_HIGH>; 43 43 };

+1 -1

arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi

··· 43 43 sdio_pwrseq: sdio-pwrseq { 44 44 compatible = "mmc-pwrseq-simple"; 45 45 clocks = <&rk808 1>; 46 - clock-names = "lpo"; 46 + clock-names = "ext_clock"; 47 47 pinctrl-names = "default"; 48 48 pinctrl-0 = <&wifi_enable_h>; 49 49 reset-gpios = <&gpio0 RK_PB2 GPIO_ACTIVE_LOW>;

+1 -1

arch/arm64/boot/dts/rockchip/rk3566-bigtreetech-cb2.dtsi

··· 775 775 rockchip,default-sample-phase = <90>; 776 776 status = "okay"; 777 777 778 - sdio-wifi@1 { 778 + wifi@1 { 779 779 compatible = "brcm,bcm4329-fmac"; 780 780 reg = <1>; 781 781 interrupt-parent = <&gpio2>;

+2

arch/arm64/boot/dts/rockchip/rk3568-qnap-ts433.dts

··· 619 619 bus-width = <8>; 620 620 max-frequency = <200000000>; 621 621 non-removable; 622 + pinctrl-names = "default"; 623 + pinctrl-0 = <&emmc_bus8 &emmc_clk &emmc_cmd &emmc_datastrobe>; 622 624 status = "okay"; 623 625 }; 624 626

+1 -1

arch/arm64/boot/dts/rockchip/rk3576-armsom-sige5.dts

··· 610 610 reg = <0x51>; 611 611 clock-output-names = "hym8563"; 612 612 interrupt-parent = <&gpio0>; 613 - interrupts = <RK_PB0 IRQ_TYPE_LEVEL_LOW>; 613 + interrupts = <RK_PA0 IRQ_TYPE_LEVEL_LOW>; 614 614 pinctrl-names = "default"; 615 615 pinctrl-0 = <&hym8563_int>; 616 616 wakeup-source;

+4

arch/arm64/boot/dts/rockchip/rk3588-friendlyelec-cm3588.dtsi

··· 222 222 compatible = "realtek,rt5616"; 223 223 reg = <0x1b>; 224 224 #sound-dai-cells = <0>; 225 + assigned-clocks = <&cru I2S0_8CH_MCLKOUT>; 226 + assigned-clock-rates = <12288000>; 227 + clocks = <&cru I2S0_8CH_MCLKOUT>; 228 + clock-names = "mclk"; 225 229 }; 226 230 }; 227 231

+2

arch/arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi

··· 214 214 }; 215 215 216 216 &package_thermal { 217 + polling-delay = <1000>; 218 + 217 219 trips { 218 220 package_active1: trip-active1 { 219 221 temperature = <45000>;

+17 -36

arch/arm64/boot/dts/rockchip/rk3588j.dtsi

··· 11 11 compatible = "operating-points-v2"; 12 12 opp-shared; 13 13 14 - opp-1416000000 { 15 - opp-hz = /bits/ 64 <1416000000>; 14 + opp-1200000000 { 15 + opp-hz = /bits/ 64 <1200000000>; 16 16 opp-microvolt = <750000 750000 950000>; 17 17 clock-latency-ns = <40000>; 18 18 opp-suspend; 19 19 }; 20 - opp-1608000000 { 21 - opp-hz = /bits/ 64 <1608000000>; 22 - opp-microvolt = <887500 887500 950000>; 23 - clock-latency-ns = <40000>; 24 - }; 25 - opp-1704000000 { 26 - opp-hz = /bits/ 64 <1704000000>; 27 - opp-microvolt = <937500 937500 950000>; 20 + opp-1296000000 { 21 + opp-hz = /bits/ 64 <1296000000>; 22 + opp-microvolt = <775000 775000 950000>; 28 23 clock-latency-ns = <40000>; 29 24 }; 30 25 }; ··· 28 33 compatible = "operating-points-v2"; 29 34 opp-shared; 30 35 36 + opp-1200000000{ 37 + opp-hz = /bits/ 64 <1200000000>; 38 + opp-microvolt = <750000 750000 950000>; 39 + clock-latency-ns = <40000>; 40 + }; 31 41 opp-1416000000 { 32 42 opp-hz = /bits/ 64 <1416000000>; 33 - opp-microvolt = <750000 750000 950000>; 43 + opp-microvolt = <762500 762500 950000>; 34 44 clock-latency-ns = <40000>; 35 45 }; 36 46 opp-1608000000 { 37 47 opp-hz = /bits/ 64 <1608000000>; 38 48 opp-microvolt = <787500 787500 950000>; 39 - clock-latency-ns = <40000>; 40 - }; 41 - opp-1800000000 { 42 - opp-hz = /bits/ 64 <1800000000>; 43 - opp-microvolt = <875000 875000 950000>; 44 - clock-latency-ns = <40000>; 45 - }; 46 - opp-2016000000 { 47 - opp-hz = /bits/ 64 <2016000000>; 48 - opp-microvolt = <950000 950000 950000>; 49 49 clock-latency-ns = <40000>; 50 50 }; 51 51 }; ··· 49 59 compatible = "operating-points-v2"; 50 60 opp-shared; 51 61 62 + opp-1200000000{ 63 + opp-hz = /bits/ 64 <1200000000>; 64 + opp-microvolt = <750000 750000 950000>; 65 + clock-latency-ns = <40000>; 66 + }; 52 67 opp-1416000000 { 53 68 opp-hz = /bits/ 64 <1416000000>; 54 - opp-microvolt = <750000 750000 950000>; 69 + opp-microvolt = <762500 762500 950000>; 55 70 clock-latency-ns = <40000>; 56 71 }; 57 72 opp-1608000000 { 58 73 opp-hz = /bits/ 64 <1608000000>; 59 74 opp-microvolt = <787500 787500 950000>; 60 - clock-latency-ns = <40000>; 61 - }; 62 - opp-1800000000 { 63 - opp-hz = /bits/ 64 <1800000000>; 64 - opp-microvolt = <875000 875000 950000>; 65 - clock-latency-ns = <40000>; 66 - }; 67 - opp-2016000000 { 68 - opp-hz = /bits/ 64 <2016000000>; 69 - opp-microvolt = <950000 950000 950000>; 70 75 clock-latency-ns = <40000>; 71 76 }; 72 77 }; ··· 88 103 opp-700000000 { 89 104 opp-hz = /bits/ 64 <700000000>; 90 105 opp-microvolt = <750000 750000 850000>; 91 - }; 92 - opp-850000000 { 93 - opp-hz = /bits/ 64 <800000000>; 94 - opp-microvolt = <787500 787500 850000>; 95 106 }; 96 107 }; 97 108 };

+2

arch/arm64/include/asm/cputype.h

··· 81 81 #define ARM_CPU_PART_CORTEX_A78AE 0xD42 82 82 #define ARM_CPU_PART_CORTEX_X1 0xD44 83 83 #define ARM_CPU_PART_CORTEX_A510 0xD46 84 + #define ARM_CPU_PART_CORTEX_X1C 0xD4C 84 85 #define ARM_CPU_PART_CORTEX_A520 0xD80 85 86 #define ARM_CPU_PART_CORTEX_A710 0xD47 86 87 #define ARM_CPU_PART_CORTEX_A715 0xD4D ··· 169 168 #define MIDR_CORTEX_A78AE MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78AE) 170 169 #define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1) 171 170 #define MIDR_CORTEX_A510 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A510) 171 + #define MIDR_CORTEX_X1C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1C) 172 172 #define MIDR_CORTEX_A520 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A520) 173 173 #define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710) 174 174 #define MIDR_CORTEX_A715 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A715)

+1 -1

arch/arm64/include/asm/el2_setup.h

··· 52 52 mrs x0, id_aa64mmfr1_el1 53 53 ubfx x0, x0, #ID_AA64MMFR1_EL1_HCX_SHIFT, #4 54 54 cbz x0, .Lskip_hcrx_\@ 55 - mov_q x0, HCRX_HOST_FLAGS 55 + mov_q x0, (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En | HCRX_EL2_EnFPM) 56 56 57 57 /* Enable GCS if supported */ 58 58 mrs_s x1, SYS_ID_AA64PFR1_EL1

+1

arch/arm64/include/asm/insn.h

··· 706 706 } 707 707 #endif 708 708 u32 aarch64_insn_gen_dmb(enum aarch64_insn_mb_type type); 709 + u32 aarch64_insn_gen_dsb(enum aarch64_insn_mb_type type); 709 710 u32 aarch64_insn_gen_mrs(enum aarch64_insn_register result, 710 711 enum aarch64_insn_system_register sysreg); 711 712

+1 -2

arch/arm64/include/asm/kvm_arm.h

··· 100 100 HCR_FMO | HCR_IMO | HCR_PTW | HCR_TID3 | HCR_TID1) 101 101 #define HCR_HOST_NVHE_FLAGS (HCR_RW | HCR_API | HCR_APK | HCR_ATA) 102 102 #define HCR_HOST_NVHE_PROTECTED_FLAGS (HCR_HOST_NVHE_FLAGS | HCR_TSC) 103 - #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) 103 + #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H | HCR_AMO | HCR_IMO | HCR_FMO) 104 104 105 - #define HCRX_HOST_FLAGS (HCRX_EL2_MSCEn | HCRX_EL2_TCR2En | HCRX_EL2_EnFPM) 106 105 #define MPAMHCR_HOST_FLAGS 0 107 106 108 107 /* TCR_EL2 Registers bits */

+3

arch/arm64/include/asm/spectre.h

··· 97 97 98 98 enum mitigation_state arm64_get_spectre_bhb_state(void); 99 99 bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope); 100 + extern bool __nospectre_bhb; 101 + u8 get_spectre_bhb_loop_value(void); 102 + bool is_spectre_bhb_fw_mitigated(void); 100 103 void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused); 101 104 bool try_emulate_el1_ssbs(struct pt_regs *regs, u32 instr); 102 105

+13

arch/arm64/include/asm/vdso/gettimeofday.h

··· 99 99 return res; 100 100 } 101 101 102 + #if IS_ENABLED(CONFIG_CC_IS_GCC) && IS_ENABLED(CONFIG_PAGE_SIZE_64KB) 103 + static __always_inline const struct vdso_time_data *__arch_get_vdso_u_time_data(void) 104 + { 105 + const struct vdso_time_data *ret = &vdso_u_time_data; 106 + 107 + /* Work around invalid absolute relocations */ 108 + OPTIMIZER_HIDE_VAR(ret); 109 + 110 + return ret; 111 + } 112 + #define __arch_get_vdso_u_time_data __arch_get_vdso_u_time_data 113 + #endif /* IS_ENABLED(CONFIG_CC_IS_GCC) && IS_ENABLED(CONFIG_PAGE_SIZE_64KB) */ 114 + 102 115 #endif /* !__ASSEMBLY__ */ 103 116 104 117 #endif /* __ASM_VDSO_GETTIMEOFDAY_H */

+8 -1

arch/arm64/kernel/cpufeature.c

··· 114 114 115 115 DECLARE_BITMAP(boot_cpucaps, ARM64_NCAPS); 116 116 117 - bool arm64_use_ng_mappings = false; 117 + /* 118 + * arm64_use_ng_mappings must be placed in the .data section, otherwise it 119 + * ends up in the .bss section where it is initialized in early_map_kernel() 120 + * after the MMU (with the idmap) was enabled. create_init_idmap() - which 121 + * runs before early_map_kernel() and reads the variable via PTE_MAYBE_NG - 122 + * may end up generating an incorrect idmap page table attributes. 123 + */ 124 + bool arm64_use_ng_mappings __read_mostly = false; 118 125 EXPORT_SYMBOL(arm64_use_ng_mappings); 119 126 120 127 DEFINE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector) = vectors;

+12 -1

arch/arm64/kernel/proton-pack.c

··· 891 891 MIDR_ALL_VERSIONS(MIDR_CORTEX_A78AE), 892 892 MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C), 893 893 MIDR_ALL_VERSIONS(MIDR_CORTEX_X1), 894 + MIDR_ALL_VERSIONS(MIDR_CORTEX_X1C), 894 895 MIDR_ALL_VERSIONS(MIDR_CORTEX_A710), 895 896 MIDR_ALL_VERSIONS(MIDR_CORTEX_X2), 896 897 MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), ··· 1000 999 return true; 1001 1000 } 1002 1001 1002 + u8 get_spectre_bhb_loop_value(void) 1003 + { 1004 + return max_bhb_k; 1005 + } 1006 + 1003 1007 static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot) 1004 1008 { 1005 1009 const char *v = arm64_get_bp_hardening_vector(slot); ··· 1022 1016 isb(); 1023 1017 } 1024 1018 1025 - static bool __read_mostly __nospectre_bhb; 1019 + bool __read_mostly __nospectre_bhb; 1026 1020 static int __init parse_spectre_bhb_param(char *str) 1027 1021 { 1028 1022 __nospectre_bhb = true; ··· 1098 1092 } 1099 1093 1100 1094 update_mitigation_state(&spectre_bhb_state, state); 1095 + } 1096 + 1097 + bool is_spectre_bhb_fw_mitigated(void) 1098 + { 1099 + return test_bit(BHB_FW, &system_bhb_mitigations); 1101 1100 } 1102 1101 1103 1102 /* Patched to NOP when enabled */

+6 -7

arch/arm64/kvm/hyp/include/hyp/switch.h

··· 235 235 236 236 static inline void __activate_traps_common(struct kvm_vcpu *vcpu) 237 237 { 238 + struct kvm_cpu_context *hctxt = host_data_ptr(host_ctxt); 239 + 238 240 /* Trap on AArch32 cp15 c15 (impdef sysregs) accesses (EL1 or EL0) */ 239 241 write_sysreg(1 << 15, hstr_el2); 240 242 ··· 247 245 * EL1 instead of being trapped to EL2. 248 246 */ 249 247 if (system_supports_pmuv3()) { 250 - struct kvm_cpu_context *hctxt; 251 - 252 248 write_sysreg(0, pmselr_el0); 253 249 254 - hctxt = host_data_ptr(host_ctxt); 255 250 ctxt_sys_reg(hctxt, PMUSERENR_EL0) = read_sysreg(pmuserenr_el0); 256 251 write_sysreg(ARMV8_PMU_USERENR_MASK, pmuserenr_el0); 257 252 vcpu_set_flag(vcpu, PMUSERENR_ON_CPU); ··· 268 269 hcrx &= ~clr; 269 270 } 270 271 272 + ctxt_sys_reg(hctxt, HCRX_EL2) = read_sysreg_s(SYS_HCRX_EL2); 271 273 write_sysreg_s(hcrx, SYS_HCRX_EL2); 272 274 } 273 275 ··· 278 278 279 279 static inline void __deactivate_traps_common(struct kvm_vcpu *vcpu) 280 280 { 281 + struct kvm_cpu_context *hctxt = host_data_ptr(host_ctxt); 282 + 281 283 write_sysreg(*host_data_ptr(host_debug_state.mdcr_el2), mdcr_el2); 282 284 283 285 write_sysreg(0, hstr_el2); 284 286 if (system_supports_pmuv3()) { 285 - struct kvm_cpu_context *hctxt; 286 - 287 - hctxt = host_data_ptr(host_ctxt); 288 287 write_sysreg(ctxt_sys_reg(hctxt, PMUSERENR_EL0), pmuserenr_el0); 289 288 vcpu_clear_flag(vcpu, PMUSERENR_ON_CPU); 290 289 } 291 290 292 291 if (cpus_have_final_cap(ARM64_HAS_HCX)) 293 - write_sysreg_s(HCRX_HOST_FLAGS, SYS_HCRX_EL2); 292 + write_sysreg_s(ctxt_sys_reg(hctxt, HCRX_EL2), SYS_HCRX_EL2); 294 293 295 294 __deactivate_traps_hfgxtr(vcpu); 296 295 __deactivate_traps_mpam();

+1 -1

arch/arm64/kvm/hyp/nvhe/mem_protect.c

··· 503 503 { 504 504 int ret; 505 505 506 - if (!addr_is_memory(addr)) 506 + if (!range_is_memory(addr, addr + size)) 507 507 return -EPERM; 508 508 509 509 ret = host_stage2_try(kvm_pgtable_stage2_set_owner, &host_mmu.pgt,

+21 -15

arch/arm64/kvm/hyp/vgic-v3-sr.c

··· 429 429 /* 430 430 * To check whether we have a MMIO-based (GICv2 compatible) 431 431 * CPU interface, we need to disable the system register 432 - * view. To do that safely, we have to prevent any interrupt 433 - * from firing (which would be deadly). 432 + * view. 434 433 * 435 - * Note that this only makes sense on VHE, as interrupts are 436 - * already masked for nVHE as part of the exception entry to 437 - * EL2. 438 - */ 439 - if (has_vhe()) 440 - flags = local_daif_save(); 441 - 442 - /* 443 434 * Table 11-2 "Permitted ICC_SRE_ELx.SRE settings" indicates 444 435 * that to be able to set ICC_SRE_EL1.SRE to 0, all the 445 436 * interrupt overrides must be set. You've got to love this. 437 + * 438 + * As we always run VHE with HCR_xMO set, no extra xMO 439 + * manipulation is required in that case. 440 + * 441 + * To safely disable SRE, we have to prevent any interrupt 442 + * from firing (which would be deadly). This only makes sense 443 + * on VHE, as interrupts are already masked for nVHE as part 444 + * of the exception entry to EL2. 446 445 */ 447 - sysreg_clear_set(hcr_el2, 0, HCR_AMO | HCR_FMO | HCR_IMO); 448 - isb(); 446 + if (has_vhe()) { 447 + flags = local_daif_save(); 448 + } else { 449 + sysreg_clear_set(hcr_el2, 0, HCR_AMO | HCR_FMO | HCR_IMO); 450 + isb(); 451 + } 452 + 449 453 write_gicreg(0, ICC_SRE_EL1); 450 454 isb(); 451 455 ··· 457 453 458 454 write_gicreg(sre, ICC_SRE_EL1); 459 455 isb(); 460 - sysreg_clear_set(hcr_el2, HCR_AMO | HCR_FMO | HCR_IMO, 0); 461 - isb(); 462 456 463 - if (has_vhe()) 457 + if (has_vhe()) { 464 458 local_daif_restore(flags); 459 + } else { 460 + sysreg_clear_set(hcr_el2, HCR_AMO | HCR_FMO | HCR_IMO, 0); 461 + isb(); 462 + } 465 463 466 464 val = (val & ICC_SRE_EL1_SRE) ? 0 : (1ULL << 63); 467 465 val |= read_gicreg(ICH_VTR_EL2);

+8 -5

arch/arm64/kvm/mmu.c

··· 1501 1501 return -EFAULT; 1502 1502 } 1503 1503 1504 + if (!is_protected_kvm_enabled()) 1505 + memcache = &vcpu->arch.mmu_page_cache; 1506 + else 1507 + memcache = &vcpu->arch.pkvm_memcache; 1508 + 1504 1509 /* 1505 1510 * Permission faults just need to update the existing leaf entry, 1506 1511 * and so normally don't require allocations from the memcache. The ··· 1515 1510 if (!fault_is_perm || (logging_active && write_fault)) { 1516 1511 int min_pages = kvm_mmu_cache_min_pages(vcpu->arch.hw_mmu); 1517 1512 1518 - if (!is_protected_kvm_enabled()) { 1519 - memcache = &vcpu->arch.mmu_page_cache; 1513 + if (!is_protected_kvm_enabled()) 1520 1514 ret = kvm_mmu_topup_memory_cache(memcache, min_pages); 1521 - } else { 1522 - memcache = &vcpu->arch.pkvm_memcache; 1515 + else 1523 1516 ret = topup_hyp_memcache(memcache, min_pages); 1524 - } 1517 + 1525 1518 if (ret) 1526 1519 return ret; 1527 1520 }

+6

arch/arm64/kvm/sys_regs.c

··· 1945 1945 if ((hw_val & mpam_mask) == (user_val & mpam_mask)) 1946 1946 user_val &= ~ID_AA64PFR0_EL1_MPAM_MASK; 1947 1947 1948 + /* Fail the guest's request to disable the AA64 ISA at EL{0,1,2} */ 1949 + if (!FIELD_GET(ID_AA64PFR0_EL1_EL0, user_val) || 1950 + !FIELD_GET(ID_AA64PFR0_EL1_EL1, user_val) || 1951 + (vcpu_has_nv(vcpu) && !FIELD_GET(ID_AA64PFR0_EL1_EL2, user_val))) 1952 + return -EINVAL; 1953 + 1948 1954 return set_id_reg(vcpu, rd, user_val); 1949 1955 } 1950 1956

+45 -31

arch/arm64/lib/insn.c

··· 5 5 * 6 6 * Copyright (C) 2014-2016 Zi Shen Lim <zlim.lnx@gmail.com> 7 7 */ 8 + #include <linux/bitfield.h> 8 9 #include <linux/bitops.h> 9 10 #include <linux/bug.h> 10 11 #include <linux/printk.h> ··· 1501 1500 return aarch64_insn_encode_register(AARCH64_INSN_REGTYPE_RM, insn, Rm); 1502 1501 } 1503 1502 1503 + static u32 __get_barrier_crm_val(enum aarch64_insn_mb_type type) 1504 + { 1505 + switch (type) { 1506 + case AARCH64_INSN_MB_SY: 1507 + return 0xf; 1508 + case AARCH64_INSN_MB_ST: 1509 + return 0xe; 1510 + case AARCH64_INSN_MB_LD: 1511 + return 0xd; 1512 + case AARCH64_INSN_MB_ISH: 1513 + return 0xb; 1514 + case AARCH64_INSN_MB_ISHST: 1515 + return 0xa; 1516 + case AARCH64_INSN_MB_ISHLD: 1517 + return 0x9; 1518 + case AARCH64_INSN_MB_NSH: 1519 + return 0x7; 1520 + case AARCH64_INSN_MB_NSHST: 1521 + return 0x6; 1522 + case AARCH64_INSN_MB_NSHLD: 1523 + return 0x5; 1524 + default: 1525 + pr_err("%s: unknown barrier type %d\n", __func__, type); 1526 + return AARCH64_BREAK_FAULT; 1527 + } 1528 + } 1529 + 1504 1530 u32 aarch64_insn_gen_dmb(enum aarch64_insn_mb_type type) 1505 1531 { 1506 1532 u32 opt; 1507 1533 u32 insn; 1508 1534 1509 - switch (type) { 1510 - case AARCH64_INSN_MB_SY: 1511 - opt = 0xf; 1512 - break; 1513 - case AARCH64_INSN_MB_ST: 1514 - opt = 0xe; 1515 - break; 1516 - case AARCH64_INSN_MB_LD: 1517 - opt = 0xd; 1518 - break; 1519 - case AARCH64_INSN_MB_ISH: 1520 - opt = 0xb; 1521 - break; 1522 - case AARCH64_INSN_MB_ISHST: 1523 - opt = 0xa; 1524 - break; 1525 - case AARCH64_INSN_MB_ISHLD: 1526 - opt = 0x9; 1527 - break; 1528 - case AARCH64_INSN_MB_NSH: 1529 - opt = 0x7; 1530 - break; 1531 - case AARCH64_INSN_MB_NSHST: 1532 - opt = 0x6; 1533 - break; 1534 - case AARCH64_INSN_MB_NSHLD: 1535 - opt = 0x5; 1536 - break; 1537 - default: 1538 - pr_err("%s: unknown dmb type %d\n", __func__, type); 1535 + opt = __get_barrier_crm_val(type); 1536 + if (opt == AARCH64_BREAK_FAULT) 1539 1537 return AARCH64_BREAK_FAULT; 1540 - } 1541 1538 1542 1539 insn = aarch64_insn_get_dmb_value(); 1540 + insn &= ~GENMASK(11, 8); 1541 + insn |= (opt << 8); 1542 + 1543 + return insn; 1544 + } 1545 + 1546 + u32 aarch64_insn_gen_dsb(enum aarch64_insn_mb_type type) 1547 + { 1548 + u32 opt, insn; 1549 + 1550 + opt = __get_barrier_crm_val(type); 1551 + if (opt == AARCH64_BREAK_FAULT) 1552 + return AARCH64_BREAK_FAULT; 1553 + 1554 + insn = aarch64_insn_get_dsb_base_value(); 1543 1555 insn &= ~GENMASK(11, 8); 1544 1556 insn |= (opt << 8); 1545 1557

+53 -4

arch/arm64/net/bpf_jit_comp.c

··· 7 7 8 8 #define pr_fmt(fmt) "bpf_jit: " fmt 9 9 10 + #include <linux/arm-smccc.h> 10 11 #include <linux/bitfield.h> 11 12 #include <linux/bpf.h> 12 13 #include <linux/filter.h> ··· 18 17 #include <asm/asm-extable.h> 19 18 #include <asm/byteorder.h> 20 19 #include <asm/cacheflush.h> 20 + #include <asm/cpufeature.h> 21 21 #include <asm/debug-monitors.h> 22 22 #include <asm/insn.h> 23 23 #include <asm/text-patching.h> ··· 941 939 plt->target = (u64)&dummy_tramp; 942 940 } 943 941 944 - static void build_epilogue(struct jit_ctx *ctx) 942 + /* Clobbers BPF registers 1-4, aka x0-x3 */ 943 + static void __maybe_unused build_bhb_mitigation(struct jit_ctx *ctx) 944 + { 945 + const u8 r1 = bpf2a64[BPF_REG_1]; /* aka x0 */ 946 + u8 k = get_spectre_bhb_loop_value(); 947 + 948 + if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY) || 949 + cpu_mitigations_off() || __nospectre_bhb || 950 + arm64_get_spectre_v2_state() == SPECTRE_VULNERABLE) 951 + return; 952 + 953 + if (capable(CAP_SYS_ADMIN)) 954 + return; 955 + 956 + if (supports_clearbhb(SCOPE_SYSTEM)) { 957 + emit(aarch64_insn_gen_hint(AARCH64_INSN_HINT_CLEARBHB), ctx); 958 + return; 959 + } 960 + 961 + if (k) { 962 + emit_a64_mov_i64(r1, k, ctx); 963 + emit(A64_B(1), ctx); 964 + emit(A64_SUBS_I(true, r1, r1, 1), ctx); 965 + emit(A64_B_(A64_COND_NE, -2), ctx); 966 + emit(aarch64_insn_gen_dsb(AARCH64_INSN_MB_ISH), ctx); 967 + emit(aarch64_insn_get_isb_value(), ctx); 968 + } 969 + 970 + if (is_spectre_bhb_fw_mitigated()) { 971 + emit(A64_ORR_I(false, r1, AARCH64_INSN_REG_ZR, 972 + ARM_SMCCC_ARCH_WORKAROUND_3), ctx); 973 + switch (arm_smccc_1_1_get_conduit()) { 974 + case SMCCC_CONDUIT_HVC: 975 + emit(aarch64_insn_get_hvc_value(), ctx); 976 + break; 977 + case SMCCC_CONDUIT_SMC: 978 + emit(aarch64_insn_get_smc_value(), ctx); 979 + break; 980 + default: 981 + pr_err_once("Firmware mitigation enabled with unknown conduit\n"); 982 + } 983 + } 984 + } 985 + 986 + static void build_epilogue(struct jit_ctx *ctx, bool was_classic) 945 987 { 946 988 const u8 r0 = bpf2a64[BPF_REG_0]; 947 989 const u8 ptr = bpf2a64[TCCNT_PTR]; ··· 998 952 999 953 emit(A64_POP(A64_ZR, ptr, A64_SP), ctx); 1000 954 955 + if (was_classic) 956 + build_bhb_mitigation(ctx); 957 + 1001 958 /* Restore FP/LR registers */ 1002 959 emit(A64_POP(A64_FP, A64_LR, A64_SP), ctx); 1003 960 1004 - /* Set return value */ 961 + /* Move the return value from bpf:r0 (aka x7) to x0 */ 1005 962 emit(A64_MOV(1, A64_R(0), r0), ctx); 1006 963 1007 964 /* Authenticate lr */ ··· 1947 1898 } 1948 1899 1949 1900 ctx.epilogue_offset = ctx.idx; 1950 - build_epilogue(&ctx); 1901 + build_epilogue(&ctx, was_classic); 1951 1902 build_plt(&ctx); 1952 1903 1953 1904 extable_align = __alignof__(struct exception_table_entry); ··· 2010 1961 goto out_free_hdr; 2011 1962 } 2012 1963 2013 - build_epilogue(&ctx); 1964 + build_epilogue(&ctx, was_classic); 2014 1965 build_plt(&ctx); 2015 1966 2016 1967 /* Extra pass to validate JITed code. */

+2 -3

arch/mips/include/asm/idle.h

··· 6 6 #include <linux/linkage.h> 7 7 8 8 extern void (*cpu_wait)(void); 9 - extern void r4k_wait(void); 10 - extern asmlinkage void __r4k_wait(void); 9 + extern asmlinkage void r4k_wait(void); 11 10 extern void r4k_wait_irqoff(void); 12 11 13 - static inline int using_rollback_handler(void) 12 + static inline int using_skipover_handler(void) 14 13 { 15 14 return cpu_wait == r4k_wait; 16 15 }

+2 -1

arch/mips/include/asm/ptrace.h

··· 65 65 66 66 /* Query offset/name of register from its name/offset */ 67 67 extern int regs_query_register_offset(const char *name); 68 - #define MAX_REG_OFFSET (offsetof(struct pt_regs, __last)) 68 + #define MAX_REG_OFFSET \ 69 + (offsetof(struct pt_regs, __last) - sizeof(unsigned long)) 69 70 70 71 /** 71 72 * regs_get_register() - get register value from its offset

+41 -30

arch/mips/kernel/genex.S

··· 104 104 105 105 __FINIT 106 106 107 - .align 5 /* 32 byte rollback region */ 108 - LEAF(__r4k_wait) 109 - .set push 110 - .set noreorder 111 - /* start of rollback region */ 112 - LONG_L t0, TI_FLAGS($28) 113 - nop 114 - andi t0, _TIF_NEED_RESCHED 115 - bnez t0, 1f 116 - nop 117 - nop 118 - nop 119 - #ifdef CONFIG_CPU_MICROMIPS 120 - nop 121 - nop 122 - nop 123 - nop 124 - #endif 107 + .section .cpuidle.text,"ax" 108 + /* Align to 32 bytes for the maximum idle interrupt region size. */ 109 + .align 5 110 + LEAF(r4k_wait) 111 + /* Keep the ISA bit clear for calculations on local labels here. */ 112 + 0: .fill 0 113 + /* Start of idle interrupt region. */ 114 + local_irq_enable 115 + /* 116 + * If an interrupt lands here, before going idle on the next 117 + * instruction, we must *NOT* go idle since the interrupt could 118 + * have set TIF_NEED_RESCHED or caused a timer to need resched. 119 + * Fall through -- see skipover_handler below -- and have the 120 + * idle loop take care of things. 121 + */ 122 + 1: .fill 0 123 + /* The R2 EI/EHB sequence takes 8 bytes, otherwise pad up. */ 124 + .if 1b - 0b > 32 125 + .error "overlong idle interrupt region" 126 + .elseif 1b - 0b > 8 127 + .align 4 128 + .endif 129 + 2: .fill 0 130 + .equ r4k_wait_idle_size, 2b - 0b 131 + /* End of idle interrupt region; size has to be a power of 2. */ 125 132 .set MIPS_ISA_ARCH_LEVEL_RAW 133 + r4k_wait_insn: 126 134 wait 127 - /* end of rollback region (the region size must be power of two) */ 128 - 1: 135 + r4k_wait_exit: 136 + .set mips0 137 + local_irq_disable 129 138 jr ra 130 - nop 131 - .set pop 132 - END(__r4k_wait) 139 + END(r4k_wait) 140 + .previous 133 141 134 - .macro BUILD_ROLLBACK_PROLOGUE handler 135 - FEXPORT(rollback_\handler) 142 + .macro BUILD_SKIPOVER_PROLOGUE handler 143 + FEXPORT(skipover_\handler) 136 144 .set push 137 145 .set noat 138 146 MFC0 k0, CP0_EPC 139 - PTR_LA k1, __r4k_wait 140 - ori k0, 0x1f /* 32 byte rollback region */ 141 - xori k0, 0x1f 147 + /* Subtract/add 2 to let the ISA bit propagate through the mask. */ 148 + PTR_LA k1, r4k_wait_insn - 2 149 + ori k0, r4k_wait_idle_size - 2 150 + .set noreorder 142 151 bne k0, k1, \handler 152 + PTR_ADDIU k0, r4k_wait_exit - r4k_wait_insn + 2 153 + .set reorder 143 154 MTC0 k0, CP0_EPC 144 155 .set pop 145 156 .endm 146 157 147 158 .align 5 148 - BUILD_ROLLBACK_PROLOGUE handle_int 159 + BUILD_SKIPOVER_PROLOGUE handle_int 149 160 NESTED(handle_int, PT_SIZE, sp) 150 161 .cfi_signal_frame 151 162 #ifdef CONFIG_TRACE_IRQFLAGS ··· 276 265 * This prototype is copied to ebase + n*IntCtl.VS and patched 277 266 * to invoke the handler 278 267 */ 279 - BUILD_ROLLBACK_PROLOGUE except_vec_vi 268 + BUILD_SKIPOVER_PROLOGUE except_vec_vi 280 269 NESTED(except_vec_vi, 0, sp) 281 270 SAVE_SOME docfi=1 282 271 SAVE_AT docfi=1

-7

arch/mips/kernel/idle.c

··· 35 35 write_c0_conf(cfg | R30XX_CONF_HALT); 36 36 } 37 37 38 - void __cpuidle r4k_wait(void) 39 - { 40 - raw_local_irq_enable(); 41 - __r4k_wait(); 42 - raw_local_irq_disable(); 43 - } 44 - 45 38 /* 46 39 * This variant is preferable as it allows testing need_resched and going to 47 40 * sleep depending on the outcome atomically. Unfortunately the "It is

+4

arch/mips/kernel/smp-cps.c

··· 332 332 mips_cps_cluster_bootcfg = kcalloc(nclusters, 333 333 sizeof(*mips_cps_cluster_bootcfg), 334 334 GFP_KERNEL); 335 + if (!mips_cps_cluster_bootcfg) 336 + goto err_out; 335 337 336 338 if (nclusters > 1) 337 339 mips_cm_update_property(); ··· 350 348 mips_cps_cluster_bootcfg[cl].core_power = 351 349 kcalloc(BITS_TO_LONGS(ncores), sizeof(unsigned long), 352 350 GFP_KERNEL); 351 + if (!mips_cps_cluster_bootcfg[cl].core_power) 352 + goto err_out; 353 353 354 354 /* Allocate VPE boot configuration structs */ 355 355 for (c = 0; c < ncores; c++) {

+5 -5

arch/mips/kernel/traps.c

··· 77 77 #include "access-helper.h" 78 78 79 79 extern void check_wait(void); 80 - extern asmlinkage void rollback_handle_int(void); 80 + extern asmlinkage void skipover_handle_int(void); 81 81 extern asmlinkage void handle_int(void); 82 82 extern asmlinkage void handle_adel(void); 83 83 extern asmlinkage void handle_ades(void); ··· 2066 2066 { 2067 2067 extern const u8 except_vec_vi[]; 2068 2068 extern const u8 except_vec_vi_ori[], except_vec_vi_end[]; 2069 - extern const u8 rollback_except_vec_vi[]; 2069 + extern const u8 skipover_except_vec_vi[]; 2070 2070 unsigned long handler; 2071 2071 unsigned long old_handler = vi_handlers[n]; 2072 2072 int srssets = current_cpu_data.srsets; ··· 2095 2095 change_c0_srsmap(0xf << n*4, 0 << n*4); 2096 2096 } 2097 2097 2098 - vec_start = using_rollback_handler() ? rollback_except_vec_vi : 2098 + vec_start = using_skipover_handler() ? skipover_except_vec_vi : 2099 2099 except_vec_vi; 2100 2100 #if defined(CONFIG_CPU_MICROMIPS) || defined(CONFIG_CPU_BIG_ENDIAN) 2101 2101 ori_offset = except_vec_vi_ori - vec_start + 2; ··· 2426 2426 if (board_be_init) 2427 2427 board_be_init(); 2428 2428 2429 - set_except_vector(EXCCODE_INT, using_rollback_handler() ? 2430 - rollback_handle_int : handle_int); 2429 + set_except_vector(EXCCODE_INT, using_skipover_handler() ? 2430 + skipover_handle_int : handle_int); 2431 2431 set_except_vector(EXCCODE_MOD, handle_tlbm); 2432 2432 set_except_vector(EXCCODE_TLBL, handle_tlbl); 2433 2433 set_except_vector(EXCCODE_TLBS, handle_tlbs);

+1 -1

arch/riscv/boot/dts/sophgo/cv18xx.dtsi

··· 341 341 1024 1024 1024 1024>; 342 342 snps,priority = <0 1 2 3 4 5 6 7>; 343 343 snps,dma-masters = <2>; 344 - snps,data-width = <4>; 344 + snps,data-width = <2>; 345 345 status = "disabled"; 346 346 }; 347 347

+6

arch/riscv/kernel/process.c

··· 275 275 unsigned long pmm; 276 276 u8 pmlen; 277 277 278 + if (!riscv_has_extension_unlikely(RISCV_ISA_EXT_SUPM)) 279 + return -EINVAL; 280 + 278 281 if (is_compat_thread(ti)) 279 282 return -EINVAL; 280 283 ··· 332 329 { 333 330 struct thread_info *ti = task_thread_info(task); 334 331 long ret = 0; 332 + 333 + if (!riscv_has_extension_unlikely(RISCV_ISA_EXT_SUPM)) 334 + return -EINVAL; 335 335 336 336 if (is_compat_thread(ti)) 337 337 return -EINVAL;

+37 -27

arch/riscv/kernel/traps.c

··· 198 198 DO_ERROR_INFO(do_trap_load_fault, 199 199 SIGSEGV, SEGV_ACCERR, "load access fault"); 200 200 201 - asmlinkage __visible __trap_section void do_trap_load_misaligned(struct pt_regs *regs) 201 + enum misaligned_access_type { 202 + MISALIGNED_STORE, 203 + MISALIGNED_LOAD, 204 + }; 205 + static const struct { 206 + const char *type_str; 207 + int (*handler)(struct pt_regs *regs); 208 + } misaligned_handler[] = { 209 + [MISALIGNED_STORE] = { 210 + .type_str = "Oops - store (or AMO) address misaligned", 211 + .handler = handle_misaligned_store, 212 + }, 213 + [MISALIGNED_LOAD] = { 214 + .type_str = "Oops - load address misaligned", 215 + .handler = handle_misaligned_load, 216 + }, 217 + }; 218 + 219 + static void do_trap_misaligned(struct pt_regs *regs, enum misaligned_access_type type) 202 220 { 221 + irqentry_state_t state; 222 + 203 223 if (user_mode(regs)) { 204 224 irqentry_enter_from_user_mode(regs); 225 + local_irq_enable(); 226 + } else { 227 + state = irqentry_nmi_enter(regs); 228 + } 205 229 206 - if (handle_misaligned_load(regs)) 207 - do_trap_error(regs, SIGBUS, BUS_ADRALN, regs->epc, 208 - "Oops - load address misaligned"); 230 + if (misaligned_handler[type].handler(regs)) 231 + do_trap_error(regs, SIGBUS, BUS_ADRALN, regs->epc, 232 + misaligned_handler[type].type_str); 209 233 234 + if (user_mode(regs)) { 235 + local_irq_disable(); 210 236 irqentry_exit_to_user_mode(regs); 211 237 } else { 212 - irqentry_state_t state = irqentry_nmi_enter(regs); 213 - 214 - if (handle_misaligned_load(regs)) 215 - do_trap_error(regs, SIGBUS, BUS_ADRALN, regs->epc, 216 - "Oops - load address misaligned"); 217 - 218 238 irqentry_nmi_exit(regs, state); 219 239 } 240 + } 241 + 242 + asmlinkage __visible __trap_section void do_trap_load_misaligned(struct pt_regs *regs) 243 + { 244 + do_trap_misaligned(regs, MISALIGNED_LOAD); 220 245 } 221 246 222 247 asmlinkage __visible __trap_section void do_trap_store_misaligned(struct pt_regs *regs) 223 248 { 224 - if (user_mode(regs)) { 225 - irqentry_enter_from_user_mode(regs); 226 - 227 - if (handle_misaligned_store(regs)) 228 - do_trap_error(regs, SIGBUS, BUS_ADRALN, regs->epc, 229 - "Oops - store (or AMO) address misaligned"); 230 - 231 - irqentry_exit_to_user_mode(regs); 232 - } else { 233 - irqentry_state_t state = irqentry_nmi_enter(regs); 234 - 235 - if (handle_misaligned_store(regs)) 236 - do_trap_error(regs, SIGBUS, BUS_ADRALN, regs->epc, 237 - "Oops - store (or AMO) address misaligned"); 238 - 239 - irqentry_nmi_exit(regs, state); 240 - } 249 + do_trap_misaligned(regs, MISALIGNED_STORE); 241 250 } 251 + 242 252 DO_ERROR_INFO(do_trap_store_fault, 243 253 SIGSEGV, SEGV_ACCERR, "store (or AMO) access fault"); 244 254 DO_ERROR_INFO(do_trap_ecall_s,

+18 -1

arch/riscv/kernel/traps_misaligned.c

··· 88 88 #define INSN_MATCH_C_FSWSP 0xe002 89 89 #define INSN_MASK_C_FSWSP 0xe003 90 90 91 + #define INSN_MATCH_C_LHU 0x8400 92 + #define INSN_MASK_C_LHU 0xfc43 93 + #define INSN_MATCH_C_LH 0x8440 94 + #define INSN_MASK_C_LH 0xfc43 95 + #define INSN_MATCH_C_SH 0x8c00 96 + #define INSN_MASK_C_SH 0xfc43 97 + 91 98 #define INSN_LEN(insn) ((((insn) & 0x3) < 0x3) ? 2 : 4) 92 99 93 100 #if defined(CONFIG_64BIT) ··· 275 268 int __ret; \ 276 269 \ 277 270 if (user_mode(regs)) { \ 278 - __ret = __get_user(insn, (type __user *) insn_addr); \ 271 + __ret = get_user(insn, (type __user *) insn_addr); \ 279 272 } else { \ 280 273 insn = *(type *)insn_addr; \ 281 274 __ret = 0; \ ··· 438 431 fp = 1; 439 432 len = 4; 440 433 #endif 434 + } else if ((insn & INSN_MASK_C_LHU) == INSN_MATCH_C_LHU) { 435 + len = 2; 436 + insn = RVC_RS2S(insn) << SH_RD; 437 + } else if ((insn & INSN_MASK_C_LH) == INSN_MATCH_C_LH) { 438 + len = 2; 439 + shift = 8 * (sizeof(ulong) - len); 440 + insn = RVC_RS2S(insn) << SH_RD; 441 441 } else { 442 442 regs->epc = epc; 443 443 return -1; ··· 544 530 len = 4; 545 531 val.data_ulong = GET_F32_RS2C(insn, regs); 546 532 #endif 533 + } else if ((insn & INSN_MASK_C_SH) == INSN_MATCH_C_SH) { 534 + len = 2; 535 + val.data_ulong = GET_RS2S(insn, regs); 547 536 } else { 548 537 regs->epc = epc; 549 538 return -1;

+2

arch/riscv/kvm/vcpu.c

··· 77 77 memcpy(cntx, reset_cntx, sizeof(*cntx)); 78 78 spin_unlock(&vcpu->arch.reset_cntx_lock); 79 79 80 + memset(&vcpu->arch.smstateen_csr, 0, sizeof(vcpu->arch.smstateen_csr)); 81 + 80 82 kvm_riscv_vcpu_fp_reset(vcpu); 81 83 82 84 kvm_riscv_vcpu_vector_reset(vcpu);

+1

arch/um/Makefile

··· 154 154 archclean: 155 155 @find . $ -name '*.bb' -o -name '*.bbg' -o -name '*.da' \ 156 156 -o -name '*.gcov' $ -type f -print | xargs rm -f 157 + $(Q)$(MAKE) -f $(srctree)/Makefile ARCH=$(HEADER_ARCH) clean 157 158 158 159 export HEADER_ARCH SUBARCH USER_CFLAGS CFLAGS_NO_HARDENING DEV_NULL_PATH

+13

arch/x86/Kconfig

··· 2368 2368 config CFI_AUTO_DEFAULT 2369 2369 bool "Attempt to use FineIBT by default at boot time" 2370 2370 depends on FINEIBT 2371 + depends on !RUST || RUSTC_VERSION >= 108800 2371 2372 default y 2372 2373 help 2373 2374 Attempt to use FineIBT by default at boot time. If enabled, ··· 2710 2709 hardware security vulnerability and its exploitation takes advantage 2711 2710 of speculative execution in a similar way to the Meltdown and Spectre 2712 2711 security vulnerabilities. 2712 + 2713 + config MITIGATION_ITS 2714 + bool "Enable Indirect Target Selection mitigation" 2715 + depends on CPU_SUP_INTEL && X86_64 2716 + depends on MITIGATION_RETPOLINE && MITIGATION_RETHUNK 2717 + select EXECMEM 2718 + default y 2719 + help 2720 + Enable Indirect Target Selection (ITS) mitigation. ITS is a bug in 2721 + BPU on some Intel CPUs that may allow Spectre V2 style attacks. If 2722 + disabled, mitigation cannot be enabled via cmdline. 2723 + See <file:Documentation/admin-guide/hw-vuln/indirect-target-selection.rst> 2713 2724 2714 2725 endif 2715 2726

+17 -3

arch/x86/entry/entry_64.S

··· 1525 1525 * ORC to unwind properly. 1526 1526 * 1527 1527 * The alignment is for performance and not for safety, and may be safely 1528 - * refactored in the future if needed. 1528 + * refactored in the future if needed. The .skips are for safety, to ensure 1529 + * that all RETs are in the second half of a cacheline to mitigate Indirect 1530 + * Target Selection, rather than taking the slowpath via its_return_thunk. 1529 1531 */ 1530 1532 SYM_FUNC_START(clear_bhb_loop) 1531 1533 ANNOTATE_NOENDBR ··· 1538 1536 call 1f 1539 1537 jmp 5f 1540 1538 .align 64, 0xcc 1539 + /* 1540 + * Shift instructions so that the RET is in the upper half of the 1541 + * cacheline and don't take the slowpath to its_return_thunk. 1542 + */ 1543 + .skip 32 - (.Lret1 - 1f), 0xcc 1541 1544 ANNOTATE_INTRA_FUNCTION_CALL 1542 1545 1: call 2f 1543 - RET 1546 + .Lret1: RET 1544 1547 .align 64, 0xcc 1548 + /* 1549 + * As above shift instructions for RET at .Lret2 as well. 1550 + * 1551 + * This should be ideally be: .skip 32 - (.Lret2 - 2f), 0xcc 1552 + * but some Clang versions (e.g. 18) don't like this. 1553 + */ 1554 + .skip 32 - 18, 0xcc 1545 1555 2: movl $5, %eax 1546 1556 3: jmp 4f 1547 1557 nop ··· 1561 1547 jnz 3b 1562 1548 sub $1, %ecx 1563 1549 jnz 1b 1564 - RET 1550 + .Lret2: RET 1565 1551 5: lfence 1566 1552 pop %rbp 1567 1553 RET

+32

arch/x86/include/asm/alternative.h

··· 6 6 #include <linux/stringify.h> 7 7 #include <linux/objtool.h> 8 8 #include <asm/asm.h> 9 + #include <asm/bug.h> 9 10 10 11 #define ALT_FLAGS_SHIFT 16 11 12 ··· 122 121 void *func, void *ip) 123 122 { 124 123 return 0; 124 + } 125 + #endif 126 + 127 + #ifdef CONFIG_MITIGATION_ITS 128 + extern void its_init_mod(struct module *mod); 129 + extern void its_fini_mod(struct module *mod); 130 + extern void its_free_mod(struct module *mod); 131 + extern u8 *its_static_thunk(int reg); 132 + #else /* CONFIG_MITIGATION_ITS */ 133 + static inline void its_init_mod(struct module *mod) { } 134 + static inline void its_fini_mod(struct module *mod) { } 135 + static inline void its_free_mod(struct module *mod) { } 136 + static inline u8 *its_static_thunk(int reg) 137 + { 138 + WARN_ONCE(1, "ITS not compiled in"); 139 + 140 + return NULL; 141 + } 142 + #endif 143 + 144 + #if defined(CONFIG_MITIGATION_RETHUNK) && defined(CONFIG_OBJTOOL) 145 + extern bool cpu_wants_rethunk(void); 146 + extern bool cpu_wants_rethunk_at(void *addr); 147 + #else 148 + static __always_inline bool cpu_wants_rethunk(void) 149 + { 150 + return false; 151 + } 152 + static __always_inline bool cpu_wants_rethunk_at(void *addr) 153 + { 154 + return false; 125 155 } 126 156 #endif 127 157

+3

arch/x86/include/asm/cpufeatures.h

··· 481 481 #define X86_FEATURE_AMD_HETEROGENEOUS_CORES (21*32 + 6) /* Heterogeneous Core Topology */ 482 482 #define X86_FEATURE_AMD_WORKLOAD_CLASS (21*32 + 7) /* Workload Classification */ 483 483 #define X86_FEATURE_PREFER_YMM (21*32 + 8) /* Avoid ZMM registers due to downclocking */ 484 + #define X86_FEATURE_INDIRECT_THUNK_ITS (21*32 + 9) /* Use thunk for indirect branches in lower half of cacheline */ 484 485 485 486 /* 486 487 * BUG word(s) ··· 534 533 #define X86_BUG_BHI X86_BUG(1*32 + 3) /* "bhi" CPU is affected by Branch History Injection */ 535 534 #define X86_BUG_IBPB_NO_RET X86_BUG(1*32 + 4) /* "ibpb_no_ret" IBPB omits return target predictions */ 536 535 #define X86_BUG_SPECTRE_V2_USER X86_BUG(1*32 + 5) /* "spectre_v2_user" CPU is affected by Spectre variant 2 attack between user processes */ 536 + #define X86_BUG_ITS X86_BUG(1*32 + 6) /* "its" CPU is affected by Indirect Target Selection */ 537 + #define X86_BUG_ITS_NATIVE_ONLY X86_BUG(1*32 + 7) /* "its_native_only" CPU is affected by ITS, VMX is not affected */ 537 538 #endif /* _ASM_X86_CPUFEATURES_H */

+2

arch/x86/include/asm/microcode.h

··· 17 17 void load_ucode_bsp(void); 18 18 void load_ucode_ap(void); 19 19 void microcode_bsp_resume(void); 20 + bool __init microcode_loader_disabled(void); 20 21 #else 21 22 static inline void load_ucode_bsp(void) { } 22 23 static inline void load_ucode_ap(void) { } 23 24 static inline void microcode_bsp_resume(void) { } 25 + static inline bool __init microcode_loader_disabled(void) { return false; } 24 26 #endif 25 27 26 28 extern unsigned long initrd_start_early;

+8

arch/x86/include/asm/msr-index.h

··· 211 211 * VERW clears CPU Register 212 212 * File. 213 213 */ 214 + #define ARCH_CAP_ITS_NO BIT_ULL(62) /* 215 + * Not susceptible to 216 + * Indirect Target Selection. 217 + * This bit is not set by 218 + * HW, but is synthesized by 219 + * VMMs for guests to know 220 + * their affected status. 221 + */ 214 222 215 223 #define MSR_IA32_FLUSH_CMD 0x0000010b 216 224 #define L1D_FLUSH BIT(0) /*

+10

arch/x86/include/asm/nospec-branch.h

··· 336 336 337 337 #else /* __ASSEMBLER__ */ 338 338 339 + #define ITS_THUNK_SIZE 64 340 + 339 341 typedef u8 retpoline_thunk_t[RETPOLINE_THUNK_SIZE]; 342 + typedef u8 its_thunk_t[ITS_THUNK_SIZE]; 340 343 extern retpoline_thunk_t __x86_indirect_thunk_array[]; 341 344 extern retpoline_thunk_t __x86_indirect_call_thunk_array[]; 342 345 extern retpoline_thunk_t __x86_indirect_jump_thunk_array[]; 346 + extern its_thunk_t __x86_indirect_its_thunk_array[]; 343 347 344 348 #ifdef CONFIG_MITIGATION_RETHUNK 345 349 extern void __x86_return_thunk(void); ··· 365 361 #else 366 362 static inline void srso_return_thunk(void) {} 367 363 static inline void srso_alias_return_thunk(void) {} 364 + #endif 365 + 366 + #ifdef CONFIG_MITIGATION_ITS 367 + extern void its_return_thunk(void); 368 + #else 369 + static inline void its_return_thunk(void) {} 368 370 #endif 369 371 370 372 extern void retbleed_return_thunk(void);

+322 -20

arch/x86/kernel/alternative.c

··· 18 18 #include <linux/mmu_context.h> 19 19 #include <linux/bsearch.h> 20 20 #include <linux/sync_core.h> 21 + #include <linux/execmem.h> 21 22 #include <asm/text-patching.h> 22 23 #include <asm/alternative.h> 23 24 #include <asm/sections.h> ··· 32 31 #include <asm/paravirt.h> 33 32 #include <asm/asm-prototypes.h> 34 33 #include <asm/cfi.h> 34 + #include <asm/ibt.h> 35 + #include <asm/set_memory.h> 35 36 36 37 int __read_mostly alternatives_patched; 37 38 ··· 126 123 x86nops + 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + 10, 127 124 #endif 128 125 }; 126 + 127 + #ifdef CONFIG_FINEIBT 128 + static bool cfi_paranoid __ro_after_init; 129 + #endif 130 + 131 + #ifdef CONFIG_MITIGATION_ITS 132 + 133 + #ifdef CONFIG_MODULES 134 + static struct module *its_mod; 135 + #endif 136 + static void *its_page; 137 + static unsigned int its_offset; 138 + 139 + /* Initialize a thunk with the "jmp *reg; int3" instructions. */ 140 + static void *its_init_thunk(void *thunk, int reg) 141 + { 142 + u8 *bytes = thunk; 143 + int offset = 0; 144 + int i = 0; 145 + 146 + #ifdef CONFIG_FINEIBT 147 + if (cfi_paranoid) { 148 + /* 149 + * When ITS uses indirect branch thunk the fineibt_paranoid 150 + * caller sequence doesn't fit in the caller site. So put the 151 + * remaining part of the sequence (<ea> + JNE) into the ITS 152 + * thunk. 153 + */ 154 + bytes[i++] = 0xea; /* invalid instruction */ 155 + bytes[i++] = 0x75; /* JNE */ 156 + bytes[i++] = 0xfd; 157 + 158 + offset = 1; 159 + } 160 + #endif 161 + 162 + if (reg >= 8) { 163 + bytes[i++] = 0x41; /* REX.B prefix */ 164 + reg -= 8; 165 + } 166 + bytes[i++] = 0xff; 167 + bytes[i++] = 0xe0 + reg; /* jmp *reg */ 168 + bytes[i++] = 0xcc; 169 + 170 + return thunk + offset; 171 + } 172 + 173 + #ifdef CONFIG_MODULES 174 + void its_init_mod(struct module *mod) 175 + { 176 + if (!cpu_feature_enabled(X86_FEATURE_INDIRECT_THUNK_ITS)) 177 + return; 178 + 179 + mutex_lock(&text_mutex); 180 + its_mod = mod; 181 + its_page = NULL; 182 + } 183 + 184 + void its_fini_mod(struct module *mod) 185 + { 186 + if (!cpu_feature_enabled(X86_FEATURE_INDIRECT_THUNK_ITS)) 187 + return; 188 + 189 + WARN_ON_ONCE(its_mod != mod); 190 + 191 + its_mod = NULL; 192 + its_page = NULL; 193 + mutex_unlock(&text_mutex); 194 + 195 + for (int i = 0; i < mod->its_num_pages; i++) { 196 + void *page = mod->its_page_array[i]; 197 + execmem_restore_rox(page, PAGE_SIZE); 198 + } 199 + } 200 + 201 + void its_free_mod(struct module *mod) 202 + { 203 + if (!cpu_feature_enabled(X86_FEATURE_INDIRECT_THUNK_ITS)) 204 + return; 205 + 206 + for (int i = 0; i < mod->its_num_pages; i++) { 207 + void *page = mod->its_page_array[i]; 208 + execmem_free(page); 209 + } 210 + kfree(mod->its_page_array); 211 + } 212 + #endif /* CONFIG_MODULES */ 213 + 214 + static void *its_alloc(void) 215 + { 216 + void *page __free(execmem) = execmem_alloc(EXECMEM_MODULE_TEXT, PAGE_SIZE); 217 + 218 + if (!page) 219 + return NULL; 220 + 221 + #ifdef CONFIG_MODULES 222 + if (its_mod) { 223 + void *tmp = krealloc(its_mod->its_page_array, 224 + (its_mod->its_num_pages+1) * sizeof(void *), 225 + GFP_KERNEL); 226 + if (!tmp) 227 + return NULL; 228 + 229 + its_mod->its_page_array = tmp; 230 + its_mod->its_page_array[its_mod->its_num_pages++] = page; 231 + 232 + execmem_make_temp_rw(page, PAGE_SIZE); 233 + } 234 + #endif /* CONFIG_MODULES */ 235 + 236 + return no_free_ptr(page); 237 + } 238 + 239 + static void *its_allocate_thunk(int reg) 240 + { 241 + int size = 3 + (reg / 8); 242 + void *thunk; 243 + 244 + #ifdef CONFIG_FINEIBT 245 + /* 246 + * The ITS thunk contains an indirect jump and an int3 instruction so 247 + * its size is 3 or 4 bytes depending on the register used. If CFI 248 + * paranoid is used then 3 extra bytes are added in the ITS thunk to 249 + * complete the fineibt_paranoid caller sequence. 250 + */ 251 + if (cfi_paranoid) 252 + size += 3; 253 + #endif 254 + 255 + if (!its_page || (its_offset + size - 1) >= PAGE_SIZE) { 256 + its_page = its_alloc(); 257 + if (!its_page) { 258 + pr_err("ITS page allocation failed\n"); 259 + return NULL; 260 + } 261 + memset(its_page, INT3_INSN_OPCODE, PAGE_SIZE); 262 + its_offset = 32; 263 + } 264 + 265 + /* 266 + * If the indirect branch instruction will be in the lower half 267 + * of a cacheline, then update the offset to reach the upper half. 268 + */ 269 + if ((its_offset + size - 1) % 64 < 32) 270 + its_offset = ((its_offset - 1) | 0x3F) + 33; 271 + 272 + thunk = its_page + its_offset; 273 + its_offset += size; 274 + 275 + return its_init_thunk(thunk, reg); 276 + } 277 + 278 + u8 *its_static_thunk(int reg) 279 + { 280 + u8 *thunk = __x86_indirect_its_thunk_array[reg]; 281 + 282 + #ifdef CONFIG_FINEIBT 283 + /* Paranoid thunk starts 2 bytes before */ 284 + if (cfi_paranoid) 285 + return thunk - 2; 286 + #endif 287 + return thunk; 288 + } 289 + 290 + #endif 129 291 130 292 /* 131 293 * Nomenclature for variable names to simplify and clarify this code and ease ··· 749 581 return i; 750 582 } 751 583 752 - static int emit_call_track_retpoline(void *addr, struct insn *insn, int reg, u8 *bytes) 584 + static int __emit_trampoline(void *addr, struct insn *insn, u8 *bytes, 585 + void *call_dest, void *jmp_dest) 753 586 { 754 587 u8 op = insn->opcode.bytes[0]; 755 588 int i = 0; ··· 771 602 switch (op) { 772 603 case CALL_INSN_OPCODE: 773 604 __text_gen_insn(bytes+i, op, addr+i, 774 - __x86_indirect_call_thunk_array[reg], 605 + call_dest, 775 606 CALL_INSN_SIZE); 776 607 i += CALL_INSN_SIZE; 777 608 break; ··· 779 610 case JMP32_INSN_OPCODE: 780 611 clang_jcc: 781 612 __text_gen_insn(bytes+i, op, addr+i, 782 - __x86_indirect_jump_thunk_array[reg], 613 + jmp_dest, 783 614 JMP32_INSN_SIZE); 784 615 i += JMP32_INSN_SIZE; 785 616 break; ··· 793 624 794 625 return i; 795 626 } 627 + 628 + static int emit_call_track_retpoline(void *addr, struct insn *insn, int reg, u8 *bytes) 629 + { 630 + return __emit_trampoline(addr, insn, bytes, 631 + __x86_indirect_call_thunk_array[reg], 632 + __x86_indirect_jump_thunk_array[reg]); 633 + } 634 + 635 + #ifdef CONFIG_MITIGATION_ITS 636 + static int emit_its_trampoline(void *addr, struct insn *insn, int reg, u8 *bytes) 637 + { 638 + u8 *thunk = __x86_indirect_its_thunk_array[reg]; 639 + u8 *tmp = its_allocate_thunk(reg); 640 + 641 + if (tmp) 642 + thunk = tmp; 643 + 644 + return __emit_trampoline(addr, insn, bytes, thunk, thunk); 645 + } 646 + 647 + /* Check if an indirect branch is at ITS-unsafe address */ 648 + static bool cpu_wants_indirect_its_thunk_at(unsigned long addr, int reg) 649 + { 650 + if (!cpu_feature_enabled(X86_FEATURE_INDIRECT_THUNK_ITS)) 651 + return false; 652 + 653 + /* Indirect branch opcode is 2 or 3 bytes depending on reg */ 654 + addr += 1 + reg / 8; 655 + 656 + /* Lower-half of the cacheline? */ 657 + return !(addr & 0x20); 658 + } 659 + #else /* CONFIG_MITIGATION_ITS */ 660 + 661 + #ifdef CONFIG_FINEIBT 662 + static bool cpu_wants_indirect_its_thunk_at(unsigned long addr, int reg) 663 + { 664 + return false; 665 + } 666 + #endif 667 + 668 + #endif /* CONFIG_MITIGATION_ITS */ 796 669 797 670 /* 798 671 * Rewrite the compiler generated retpoline thunk calls. ··· 910 699 bytes[i++] = 0xe8; /* LFENCE */ 911 700 } 912 701 702 + #ifdef CONFIG_MITIGATION_ITS 703 + /* 704 + * Check if the address of last byte of emitted-indirect is in 705 + * lower-half of the cacheline. Such branches need ITS mitigation. 706 + */ 707 + if (cpu_wants_indirect_its_thunk_at((unsigned long)addr + i, reg)) 708 + return emit_its_trampoline(addr, insn, reg, bytes); 709 + #endif 710 + 913 711 ret = emit_indirect(op, reg, bytes + i); 914 712 if (ret < 0) 915 713 return ret; ··· 952 732 int len, ret; 953 733 u8 bytes[16]; 954 734 u8 op1, op2; 735 + u8 *dest; 955 736 956 737 ret = insn_decode_kernel(&insn, addr); 957 738 if (WARN_ON_ONCE(ret < 0)) ··· 969 748 970 749 case CALL_INSN_OPCODE: 971 750 case JMP32_INSN_OPCODE: 751 + /* Check for cfi_paranoid + ITS */ 752 + dest = addr + insn.length + insn.immediate.value; 753 + if (dest[-1] == 0xea && (dest[0] & 0xf0) == 0x70) { 754 + WARN_ON_ONCE(cfi_mode != CFI_FINEIBT); 755 + continue; 756 + } 972 757 break; 973 758 974 759 case 0x0f: /* escape */ ··· 1002 775 1003 776 #ifdef CONFIG_MITIGATION_RETHUNK 1004 777 778 + bool cpu_wants_rethunk(void) 779 + { 780 + return cpu_feature_enabled(X86_FEATURE_RETHUNK); 781 + } 782 + 783 + bool cpu_wants_rethunk_at(void *addr) 784 + { 785 + if (!cpu_feature_enabled(X86_FEATURE_RETHUNK)) 786 + return false; 787 + if (x86_return_thunk != its_return_thunk) 788 + return true; 789 + 790 + return !((unsigned long)addr & 0x20); 791 + } 792 + 1005 793 /* 1006 794 * Rewrite the compiler generated return thunk tail-calls. 1007 795 * ··· 1033 791 int i = 0; 1034 792 1035 793 /* Patch the custom return thunks... */ 1036 - if (cpu_feature_enabled(X86_FEATURE_RETHUNK)) { 794 + if (cpu_wants_rethunk_at(addr)) { 1037 795 i = JMP32_INSN_SIZE; 1038 796 __text_gen_insn(bytes, JMP32_INSN_OPCODE, addr, x86_return_thunk, i); 1039 797 } else { ··· 1050 808 { 1051 809 s32 *s; 1052 810 1053 - if (cpu_feature_enabled(X86_FEATURE_RETHUNK)) 811 + if (cpu_wants_rethunk()) 1054 812 static_call_force_reinit(); 1055 813 1056 814 for (s = start; s < end; s++) { ··· 1263 1021 1264 1022 static bool cfi_rand __ro_after_init = true; 1265 1023 static u32 cfi_seed __ro_after_init; 1266 - 1267 - static bool cfi_paranoid __ro_after_init = false; 1268 1024 1269 1025 /* 1270 1026 * Re-hash the CFI hash with a boot-time seed while making sure the result is ··· 1676 1436 return 0; 1677 1437 } 1678 1438 1439 + static int emit_paranoid_trampoline(void *addr, struct insn *insn, int reg, u8 *bytes) 1440 + { 1441 + u8 *thunk = (void *)__x86_indirect_its_thunk_array[reg] - 2; 1442 + 1443 + #ifdef CONFIG_MITIGATION_ITS 1444 + u8 *tmp = its_allocate_thunk(reg); 1445 + if (tmp) 1446 + thunk = tmp; 1447 + #endif 1448 + 1449 + return __emit_trampoline(addr, insn, bytes, thunk, thunk); 1450 + } 1451 + 1679 1452 static int cfi_rewrite_callers(s32 *start, s32 *end) 1680 1453 { 1681 1454 s32 *s; ··· 1730 1477 memcpy(bytes, fineibt_paranoid_start, fineibt_paranoid_size); 1731 1478 memcpy(bytes + fineibt_caller_hash, &hash, 4); 1732 1479 1733 - ret = emit_indirect(op, 11, bytes + fineibt_paranoid_ind); 1734 - if (WARN_ON_ONCE(ret != 3)) 1735 - continue; 1480 + if (cpu_wants_indirect_its_thunk_at((unsigned long)addr + fineibt_paranoid_ind, 11)) { 1481 + emit_paranoid_trampoline(addr + fineibt_caller_size, 1482 + &insn, 11, bytes + fineibt_caller_size); 1483 + } else { 1484 + ret = emit_indirect(op, 11, bytes + fineibt_paranoid_ind); 1485 + if (WARN_ON_ONCE(ret != 3)) 1486 + continue; 1487 + } 1736 1488 1737 1489 text_poke_early(addr, bytes, fineibt_paranoid_size); 1738 1490 } ··· 1964 1706 return false; 1965 1707 } 1966 1708 1709 + static bool is_paranoid_thunk(unsigned long addr) 1710 + { 1711 + u32 thunk; 1712 + 1713 + __get_kernel_nofault(&thunk, (u32 *)addr, u32, Efault); 1714 + return (thunk & 0x00FFFFFF) == 0xfd75ea; 1715 + 1716 + Efault: 1717 + return false; 1718 + } 1719 + 1967 1720 /* 1968 1721 * regs->ip points to a LOCK Jcc.d8 instruction from the fineibt_paranoid_start[] 1969 - * sequence. 1722 + * sequence, or to an invalid instruction (0xea) + Jcc.d8 for cfi_paranoid + ITS 1723 + * thunk. 1970 1724 */ 1971 1725 static bool decode_fineibt_paranoid(struct pt_regs *regs, unsigned long *target, u32 *type) 1972 1726 { 1973 1727 unsigned long addr = regs->ip - fineibt_paranoid_ud; 1974 - u32 hash; 1975 1728 1976 - if (!cfi_paranoid || !is_cfi_trap(addr + fineibt_caller_size - LEN_UD2)) 1729 + if (!cfi_paranoid) 1977 1730 return false; 1978 1731 1979 - __get_kernel_nofault(&hash, addr + fineibt_caller_hash, u32, Efault); 1980 - *target = regs->r11 + fineibt_preamble_size; 1981 - *type = regs->r10; 1732 + if (is_cfi_trap(addr + fineibt_caller_size - LEN_UD2)) { 1733 + *target = regs->r11 + fineibt_preamble_size; 1734 + *type = regs->r10; 1735 + 1736 + /* 1737 + * Since the trapping instruction is the exact, but LOCK prefixed, 1738 + * Jcc.d8 that got us here, the normal fixup will work. 1739 + */ 1740 + return true; 1741 + } 1982 1742 1983 1743 /* 1984 - * Since the trapping instruction is the exact, but LOCK prefixed, 1985 - * Jcc.d8 that got us here, the normal fixup will work. 1744 + * The cfi_paranoid + ITS thunk combination results in: 1745 + * 1746 + * 0: 41 ba 78 56 34 12 mov $0x12345678, %r10d 1747 + * 6: 45 3b 53 f7 cmp -0x9(%r11), %r10d 1748 + * a: 4d 8d 5b f0 lea -0x10(%r11), %r11 1749 + * e: 2e e8 XX XX XX XX cs call __x86_indirect_paranoid_thunk_r11 1750 + * 1751 + * Where the paranoid_thunk looks like: 1752 + * 1753 + * 1d: <ea> (bad) 1754 + * __x86_indirect_paranoid_thunk_r11: 1755 + * 1e: 75 fd jne 1d 1756 + * __x86_indirect_its_thunk_r11: 1757 + * 20: 41 ff eb jmp *%r11 1758 + * 23: cc int3 1759 + * 1986 1760 */ 1987 - return true; 1761 + if (is_paranoid_thunk(regs->ip)) { 1762 + *target = regs->r11 + fineibt_preamble_size; 1763 + *type = regs->r10; 1988 1764 1989 - Efault: 1765 + regs->ip = *target; 1766 + return true; 1767 + } 1768 + 1990 1769 return false; 1991 1770 } 1992 1771 ··· 2326 2031 2327 2032 void __init alternative_instructions(void) 2328 2033 { 2034 + u64 ibt; 2035 + 2329 2036 int3_selftest(); 2330 2037 2331 2038 /* ··· 2354 2057 */ 2355 2058 paravirt_set_cap(); 2356 2059 2060 + /* Keep CET-IBT disabled until caller/callee are patched */ 2061 + ibt = ibt_save(/*disable*/ true); 2062 + 2357 2063 __apply_fineibt(__retpoline_sites, __retpoline_sites_end, 2358 2064 __cfi_sites, __cfi_sites_end, true); 2359 2065 ··· 2379 2079 * Seal all functions that do not have their address taken. 2380 2080 */ 2381 2081 apply_seal_endbr(__ibt_endbr_seal, __ibt_endbr_seal_end); 2082 + 2083 + ibt_restore(ibt); 2382 2084 2383 2085 #ifdef CONFIG_SMP 2384 2086 /* Patch to UP if other cpus not imminent. */

+169 -7

arch/x86/kernel/cpu/bugs.c

··· 49 49 static void __init l1d_flush_select_mitigation(void); 50 50 static void __init srso_select_mitigation(void); 51 51 static void __init gds_select_mitigation(void); 52 + static void __init its_select_mitigation(void); 52 53 53 54 /* The base value of the SPEC_CTRL MSR without task-specific bits set */ 54 55 u64 x86_spec_ctrl_base; ··· 66 65 static DEFINE_MUTEX(spec_ctrl_mutex); 67 66 68 67 void (*x86_return_thunk)(void) __ro_after_init = __x86_return_thunk; 68 + 69 + static void __init set_return_thunk(void *thunk) 70 + { 71 + if (x86_return_thunk != __x86_return_thunk) 72 + pr_warn("x86/bugs: return thunk changed\n"); 73 + 74 + x86_return_thunk = thunk; 75 + } 69 76 70 77 /* Update SPEC_CTRL MSR and its cached copy unconditionally */ 71 78 static void update_spec_ctrl(u64 val) ··· 187 178 */ 188 179 srso_select_mitigation(); 189 180 gds_select_mitigation(); 181 + its_select_mitigation(); 190 182 } 191 183 192 184 /* ··· 1128 1118 setup_force_cpu_cap(X86_FEATURE_RETHUNK); 1129 1119 setup_force_cpu_cap(X86_FEATURE_UNRET); 1130 1120 1131 - x86_return_thunk = retbleed_return_thunk; 1121 + set_return_thunk(retbleed_return_thunk); 1132 1122 1133 1123 if (boot_cpu_data.x86_vendor != X86_VENDOR_AMD && 1134 1124 boot_cpu_data.x86_vendor != X86_VENDOR_HYGON) ··· 1163 1153 setup_force_cpu_cap(X86_FEATURE_RETHUNK); 1164 1154 setup_force_cpu_cap(X86_FEATURE_CALL_DEPTH); 1165 1155 1166 - x86_return_thunk = call_depth_return_thunk; 1156 + set_return_thunk(call_depth_return_thunk); 1167 1157 break; 1168 1158 1169 1159 default: ··· 1195 1185 } 1196 1186 1197 1187 pr_info("%s\n", retbleed_strings[retbleed_mitigation]); 1188 + } 1189 + 1190 + #undef pr_fmt 1191 + #define pr_fmt(fmt) "ITS: " fmt 1192 + 1193 + enum its_mitigation_cmd { 1194 + ITS_CMD_OFF, 1195 + ITS_CMD_ON, 1196 + ITS_CMD_VMEXIT, 1197 + ITS_CMD_RSB_STUFF, 1198 + }; 1199 + 1200 + enum its_mitigation { 1201 + ITS_MITIGATION_OFF, 1202 + ITS_MITIGATION_VMEXIT_ONLY, 1203 + ITS_MITIGATION_ALIGNED_THUNKS, 1204 + ITS_MITIGATION_RETPOLINE_STUFF, 1205 + }; 1206 + 1207 + static const char * const its_strings[] = { 1208 + [ITS_MITIGATION_OFF] = "Vulnerable", 1209 + [ITS_MITIGATION_VMEXIT_ONLY] = "Mitigation: Vulnerable, KVM: Not affected", 1210 + [ITS_MITIGATION_ALIGNED_THUNKS] = "Mitigation: Aligned branch/return thunks", 1211 + [ITS_MITIGATION_RETPOLINE_STUFF] = "Mitigation: Retpolines, Stuffing RSB", 1212 + }; 1213 + 1214 + static enum its_mitigation its_mitigation __ro_after_init = ITS_MITIGATION_ALIGNED_THUNKS; 1215 + 1216 + static enum its_mitigation_cmd its_cmd __ro_after_init = 1217 + IS_ENABLED(CONFIG_MITIGATION_ITS) ? ITS_CMD_ON : ITS_CMD_OFF; 1218 + 1219 + static int __init its_parse_cmdline(char *str) 1220 + { 1221 + if (!str) 1222 + return -EINVAL; 1223 + 1224 + if (!IS_ENABLED(CONFIG_MITIGATION_ITS)) { 1225 + pr_err("Mitigation disabled at compile time, ignoring option (%s)", str); 1226 + return 0; 1227 + } 1228 + 1229 + if (!strcmp(str, "off")) { 1230 + its_cmd = ITS_CMD_OFF; 1231 + } else if (!strcmp(str, "on")) { 1232 + its_cmd = ITS_CMD_ON; 1233 + } else if (!strcmp(str, "force")) { 1234 + its_cmd = ITS_CMD_ON; 1235 + setup_force_cpu_bug(X86_BUG_ITS); 1236 + } else if (!strcmp(str, "vmexit")) { 1237 + its_cmd = ITS_CMD_VMEXIT; 1238 + } else if (!strcmp(str, "stuff")) { 1239 + its_cmd = ITS_CMD_RSB_STUFF; 1240 + } else { 1241 + pr_err("Ignoring unknown indirect_target_selection option (%s).", str); 1242 + } 1243 + 1244 + return 0; 1245 + } 1246 + early_param("indirect_target_selection", its_parse_cmdline); 1247 + 1248 + static void __init its_select_mitigation(void) 1249 + { 1250 + enum its_mitigation_cmd cmd = its_cmd; 1251 + 1252 + if (!boot_cpu_has_bug(X86_BUG_ITS) || cpu_mitigations_off()) { 1253 + its_mitigation = ITS_MITIGATION_OFF; 1254 + return; 1255 + } 1256 + 1257 + /* Retpoline+CDT mitigates ITS, bail out */ 1258 + if (boot_cpu_has(X86_FEATURE_RETPOLINE) && 1259 + boot_cpu_has(X86_FEATURE_CALL_DEPTH)) { 1260 + its_mitigation = ITS_MITIGATION_RETPOLINE_STUFF; 1261 + goto out; 1262 + } 1263 + 1264 + /* Exit early to avoid irrelevant warnings */ 1265 + if (cmd == ITS_CMD_OFF) { 1266 + its_mitigation = ITS_MITIGATION_OFF; 1267 + goto out; 1268 + } 1269 + if (spectre_v2_enabled == SPECTRE_V2_NONE) { 1270 + pr_err("WARNING: Spectre-v2 mitigation is off, disabling ITS\n"); 1271 + its_mitigation = ITS_MITIGATION_OFF; 1272 + goto out; 1273 + } 1274 + if (!IS_ENABLED(CONFIG_MITIGATION_RETPOLINE) || 1275 + !IS_ENABLED(CONFIG_MITIGATION_RETHUNK)) { 1276 + pr_err("WARNING: ITS mitigation depends on retpoline and rethunk support\n"); 1277 + its_mitigation = ITS_MITIGATION_OFF; 1278 + goto out; 1279 + } 1280 + if (IS_ENABLED(CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B)) { 1281 + pr_err("WARNING: ITS mitigation is not compatible with CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B\n"); 1282 + its_mitigation = ITS_MITIGATION_OFF; 1283 + goto out; 1284 + } 1285 + if (boot_cpu_has(X86_FEATURE_RETPOLINE_LFENCE)) { 1286 + pr_err("WARNING: ITS mitigation is not compatible with lfence mitigation\n"); 1287 + its_mitigation = ITS_MITIGATION_OFF; 1288 + goto out; 1289 + } 1290 + 1291 + if (cmd == ITS_CMD_RSB_STUFF && 1292 + (!boot_cpu_has(X86_FEATURE_RETPOLINE) || !IS_ENABLED(CONFIG_MITIGATION_CALL_DEPTH_TRACKING))) { 1293 + pr_err("RSB stuff mitigation not supported, using default\n"); 1294 + cmd = ITS_CMD_ON; 1295 + } 1296 + 1297 + switch (cmd) { 1298 + case ITS_CMD_OFF: 1299 + its_mitigation = ITS_MITIGATION_OFF; 1300 + break; 1301 + case ITS_CMD_VMEXIT: 1302 + if (boot_cpu_has_bug(X86_BUG_ITS_NATIVE_ONLY)) { 1303 + its_mitigation = ITS_MITIGATION_VMEXIT_ONLY; 1304 + goto out; 1305 + } 1306 + fallthrough; 1307 + case ITS_CMD_ON: 1308 + its_mitigation = ITS_MITIGATION_ALIGNED_THUNKS; 1309 + if (!boot_cpu_has(X86_FEATURE_RETPOLINE)) 1310 + setup_force_cpu_cap(X86_FEATURE_INDIRECT_THUNK_ITS); 1311 + setup_force_cpu_cap(X86_FEATURE_RETHUNK); 1312 + set_return_thunk(its_return_thunk); 1313 + break; 1314 + case ITS_CMD_RSB_STUFF: 1315 + its_mitigation = ITS_MITIGATION_RETPOLINE_STUFF; 1316 + setup_force_cpu_cap(X86_FEATURE_RETHUNK); 1317 + setup_force_cpu_cap(X86_FEATURE_CALL_DEPTH); 1318 + set_return_thunk(call_depth_return_thunk); 1319 + if (retbleed_mitigation == RETBLEED_MITIGATION_NONE) { 1320 + retbleed_mitigation = RETBLEED_MITIGATION_STUFF; 1321 + pr_info("Retbleed mitigation updated to stuffing\n"); 1322 + } 1323 + break; 1324 + } 1325 + out: 1326 + pr_info("%s\n", its_strings[its_mitigation]); 1198 1327 } 1199 1328 1200 1329 #undef pr_fmt ··· 1846 1697 return; 1847 1698 } 1848 1699 1849 - /* Mitigate in hardware if supported */ 1850 - if (spec_ctrl_bhi_dis()) 1700 + if (!IS_ENABLED(CONFIG_X86_64)) 1851 1701 return; 1852 1702 1853 - if (!IS_ENABLED(CONFIG_X86_64)) 1703 + /* Mitigate in hardware if supported */ 1704 + if (spec_ctrl_bhi_dis()) 1854 1705 return; 1855 1706 1856 1707 if (bhi_mitigation == BHI_MITIGATION_VMEXIT_ONLY) { ··· 2756 2607 2757 2608 if (boot_cpu_data.x86 == 0x19) { 2758 2609 setup_force_cpu_cap(X86_FEATURE_SRSO_ALIAS); 2759 - x86_return_thunk = srso_alias_return_thunk; 2610 + set_return_thunk(srso_alias_return_thunk); 2760 2611 } else { 2761 2612 setup_force_cpu_cap(X86_FEATURE_SRSO); 2762 - x86_return_thunk = srso_return_thunk; 2613 + set_return_thunk(srso_return_thunk); 2763 2614 } 2764 2615 if (has_microcode) 2765 2616 srso_mitigation = SRSO_MITIGATION_SAFE_RET; ··· 2949 2800 return sysfs_emit(buf, "%s\n", rfds_strings[rfds_mitigation]); 2950 2801 } 2951 2802 2803 + static ssize_t its_show_state(char *buf) 2804 + { 2805 + return sysfs_emit(buf, "%s\n", its_strings[its_mitigation]); 2806 + } 2807 + 2952 2808 static char *stibp_state(void) 2953 2809 { 2954 2810 if (spectre_v2_in_eibrs_mode(spectre_v2_enabled) && ··· 3136 2982 case X86_BUG_RFDS: 3137 2983 return rfds_show_state(buf); 3138 2984 2985 + case X86_BUG_ITS: 2986 + return its_show_state(buf); 2987 + 3139 2988 default: 3140 2989 break; 3141 2990 } ··· 3217 3060 ssize_t cpu_show_reg_file_data_sampling(struct device *dev, struct device_attribute *attr, char *buf) 3218 3061 { 3219 3062 return cpu_show_common(dev, attr, buf, X86_BUG_RFDS); 3063 + } 3064 + 3065 + ssize_t cpu_show_indirect_target_selection(struct device *dev, struct device_attribute *attr, char *buf) 3066 + { 3067 + return cpu_show_common(dev, attr, buf, X86_BUG_ITS); 3220 3068 } 3221 3069 #endif 3222 3070

+57 -15

arch/x86/kernel/cpu/common.c

··· 1227 1227 #define GDS BIT(6) 1228 1228 /* CPU is affected by Register File Data Sampling */ 1229 1229 #define RFDS BIT(7) 1230 + /* CPU is affected by Indirect Target Selection */ 1231 + #define ITS BIT(8) 1232 + /* CPU is affected by Indirect Target Selection, but guest-host isolation is not affected */ 1233 + #define ITS_NATIVE_ONLY BIT(9) 1230 1234 1231 1235 static const struct x86_cpu_id cpu_vuln_blacklist[] __initconst = { 1232 1236 VULNBL_INTEL_STEPS(INTEL_IVYBRIDGE, X86_STEP_MAX, SRBDS), ··· 1242 1238 VULNBL_INTEL_STEPS(INTEL_BROADWELL_G, X86_STEP_MAX, SRBDS), 1243 1239 VULNBL_INTEL_STEPS(INTEL_BROADWELL_X, X86_STEP_MAX, MMIO), 1244 1240 VULNBL_INTEL_STEPS(INTEL_BROADWELL, X86_STEP_MAX, SRBDS), 1245 - VULNBL_INTEL_STEPS(INTEL_SKYLAKE_X, X86_STEP_MAX, MMIO | RETBLEED | GDS), 1241 + VULNBL_INTEL_STEPS(INTEL_SKYLAKE_X, 0x5, MMIO | RETBLEED | GDS), 1242 + VULNBL_INTEL_STEPS(INTEL_SKYLAKE_X, X86_STEP_MAX, MMIO | RETBLEED | GDS | ITS), 1246 1243 VULNBL_INTEL_STEPS(INTEL_SKYLAKE_L, X86_STEP_MAX, MMIO | RETBLEED | GDS | SRBDS), 1247 1244 VULNBL_INTEL_STEPS(INTEL_SKYLAKE, X86_STEP_MAX, MMIO | RETBLEED | GDS | SRBDS), 1248 - VULNBL_INTEL_STEPS(INTEL_KABYLAKE_L, X86_STEP_MAX, MMIO | RETBLEED | GDS | SRBDS), 1249 - VULNBL_INTEL_STEPS(INTEL_KABYLAKE, X86_STEP_MAX, MMIO | RETBLEED | GDS | SRBDS), 1245 + VULNBL_INTEL_STEPS(INTEL_KABYLAKE_L, 0xb, MMIO | RETBLEED | GDS | SRBDS), 1246 + VULNBL_INTEL_STEPS(INTEL_KABYLAKE_L, X86_STEP_MAX, MMIO | RETBLEED | GDS | SRBDS | ITS), 1247 + VULNBL_INTEL_STEPS(INTEL_KABYLAKE, 0xc, MMIO | RETBLEED | GDS | SRBDS), 1248 + VULNBL_INTEL_STEPS(INTEL_KABYLAKE, X86_STEP_MAX, MMIO | RETBLEED | GDS | SRBDS | ITS), 1250 1249 VULNBL_INTEL_STEPS(INTEL_CANNONLAKE_L, X86_STEP_MAX, RETBLEED), 1251 - VULNBL_INTEL_STEPS(INTEL_ICELAKE_L, X86_STEP_MAX, MMIO | MMIO_SBDS | RETBLEED | GDS), 1252 - VULNBL_INTEL_STEPS(INTEL_ICELAKE_D, X86_STEP_MAX, MMIO | GDS), 1253 - VULNBL_INTEL_STEPS(INTEL_ICELAKE_X, X86_STEP_MAX, MMIO | GDS), 1254 - VULNBL_INTEL_STEPS(INTEL_COMETLAKE, X86_STEP_MAX, MMIO | MMIO_SBDS | RETBLEED | GDS), 1255 - VULNBL_INTEL_STEPS(INTEL_COMETLAKE_L, 0x0, MMIO | RETBLEED), 1256 - VULNBL_INTEL_STEPS(INTEL_COMETLAKE_L, X86_STEP_MAX, MMIO | MMIO_SBDS | RETBLEED | GDS), 1257 - VULNBL_INTEL_STEPS(INTEL_TIGERLAKE_L, X86_STEP_MAX, GDS), 1258 - VULNBL_INTEL_STEPS(INTEL_TIGERLAKE, X86_STEP_MAX, GDS), 1250 + VULNBL_INTEL_STEPS(INTEL_ICELAKE_L, X86_STEP_MAX, MMIO | MMIO_SBDS | RETBLEED | GDS | ITS | ITS_NATIVE_ONLY), 1251 + VULNBL_INTEL_STEPS(INTEL_ICELAKE_D, X86_STEP_MAX, MMIO | GDS | ITS | ITS_NATIVE_ONLY), 1252 + VULNBL_INTEL_STEPS(INTEL_ICELAKE_X, X86_STEP_MAX, MMIO | GDS | ITS | ITS_NATIVE_ONLY), 1253 + VULNBL_INTEL_STEPS(INTEL_COMETLAKE, X86_STEP_MAX, MMIO | MMIO_SBDS | RETBLEED | GDS | ITS), 1254 + VULNBL_INTEL_STEPS(INTEL_COMETLAKE_L, 0x0, MMIO | RETBLEED | ITS), 1255 + VULNBL_INTEL_STEPS(INTEL_COMETLAKE_L, X86_STEP_MAX, MMIO | MMIO_SBDS | RETBLEED | GDS | ITS), 1256 + VULNBL_INTEL_STEPS(INTEL_TIGERLAKE_L, X86_STEP_MAX, GDS | ITS | ITS_NATIVE_ONLY), 1257 + VULNBL_INTEL_STEPS(INTEL_TIGERLAKE, X86_STEP_MAX, GDS | ITS | ITS_NATIVE_ONLY), 1259 1258 VULNBL_INTEL_STEPS(INTEL_LAKEFIELD, X86_STEP_MAX, MMIO | MMIO_SBDS | RETBLEED), 1260 - VULNBL_INTEL_STEPS(INTEL_ROCKETLAKE, X86_STEP_MAX, MMIO | RETBLEED | GDS), 1259 + VULNBL_INTEL_STEPS(INTEL_ROCKETLAKE, X86_STEP_MAX, MMIO | RETBLEED | GDS | ITS | ITS_NATIVE_ONLY), 1261 1260 VULNBL_INTEL_TYPE(INTEL_ALDERLAKE, ATOM, RFDS), 1262 1261 VULNBL_INTEL_STEPS(INTEL_ALDERLAKE_L, X86_STEP_MAX, RFDS), 1263 1262 VULNBL_INTEL_TYPE(INTEL_RAPTORLAKE, ATOM, RFDS), ··· 1323 1316 1324 1317 /* Only consult the blacklist when there is no enumeration: */ 1325 1318 return cpu_matches(cpu_vuln_blacklist, RFDS); 1319 + } 1320 + 1321 + static bool __init vulnerable_to_its(u64 x86_arch_cap_msr) 1322 + { 1323 + /* The "immunity" bit trumps everything else: */ 1324 + if (x86_arch_cap_msr & ARCH_CAP_ITS_NO) 1325 + return false; 1326 + if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) 1327 + return false; 1328 + 1329 + /* None of the affected CPUs have BHI_CTRL */ 1330 + if (boot_cpu_has(X86_FEATURE_BHI_CTRL)) 1331 + return false; 1332 + 1333 + /* 1334 + * If a VMM did not expose ITS_NO, assume that a guest could 1335 + * be running on a vulnerable hardware or may migrate to such 1336 + * hardware. 1337 + */ 1338 + if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) 1339 + return true; 1340 + 1341 + if (cpu_matches(cpu_vuln_blacklist, ITS)) 1342 + return true; 1343 + 1344 + return false; 1326 1345 } 1327 1346 1328 1347 static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) ··· 1472 1439 if (vulnerable_to_rfds(x86_arch_cap_msr)) 1473 1440 setup_force_cpu_bug(X86_BUG_RFDS); 1474 1441 1475 - /* When virtualized, eIBRS could be hidden, assume vulnerable */ 1476 - if (!(x86_arch_cap_msr & ARCH_CAP_BHI_NO) && 1477 - !cpu_matches(cpu_vuln_whitelist, NO_BHI) && 1442 + /* 1443 + * Intel parts with eIBRS are vulnerable to BHI attacks. Parts with 1444 + * BHI_NO still need to use the BHI mitigation to prevent Intra-mode 1445 + * attacks. When virtualized, eIBRS could be hidden, assume vulnerable. 1446 + */ 1447 + if (!cpu_matches(cpu_vuln_whitelist, NO_BHI) && 1478 1448 (boot_cpu_has(X86_FEATURE_IBRS_ENHANCED) || 1479 1449 boot_cpu_has(X86_FEATURE_HYPERVISOR))) 1480 1450 setup_force_cpu_bug(X86_BUG_BHI); 1481 1451 1482 1452 if (cpu_has(c, X86_FEATURE_AMD_IBPB) && !cpu_has(c, X86_FEATURE_AMD_IBPB_RET)) 1483 1453 setup_force_cpu_bug(X86_BUG_IBPB_NO_RET); 1454 + 1455 + if (vulnerable_to_its(x86_arch_cap_msr)) { 1456 + setup_force_cpu_bug(X86_BUG_ITS); 1457 + if (cpu_matches(cpu_vuln_blacklist, ITS_NATIVE_ONLY)) 1458 + setup_force_cpu_bug(X86_BUG_ITS_NATIVE_ONLY); 1459 + } 1484 1460 1485 1461 if (cpu_matches(cpu_vuln_whitelist, NO_MELTDOWN)) 1486 1462 return;

+4 -2

arch/x86/kernel/cpu/microcode/amd.c

··· 1098 1098 1099 1099 static int __init save_microcode_in_initrd(void) 1100 1100 { 1101 - unsigned int cpuid_1_eax = native_cpuid_eax(1); 1102 1101 struct cpuinfo_x86 *c = &boot_cpu_data; 1103 1102 struct cont_desc desc = { 0 }; 1103 + unsigned int cpuid_1_eax; 1104 1104 enum ucode_state ret; 1105 1105 struct cpio_data cp; 1106 1106 1107 - if (dis_ucode_ldr || c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) 1107 + if (microcode_loader_disabled() || c->x86_vendor != X86_VENDOR_AMD || c->x86 < 0x10) 1108 1108 return 0; 1109 + 1110 + cpuid_1_eax = native_cpuid_eax(1); 1109 1111 1110 1112 if (!find_blobs_in_containers(&cp)) 1111 1113 return -EINVAL;

+35 -25

arch/x86/kernel/cpu/microcode/core.c

··· 41 41 42 42 #include "internal.h" 43 43 44 - static struct microcode_ops *microcode_ops; 45 - bool dis_ucode_ldr = true; 44 + static struct microcode_ops *microcode_ops; 45 + static bool dis_ucode_ldr = false; 46 46 47 47 bool force_minrev = IS_ENABLED(CONFIG_MICROCODE_LATE_FORCE_MINREV); 48 48 module_param(force_minrev, bool, S_IRUSR | S_IWUSR); ··· 84 84 u32 lvl, dummy, i; 85 85 u32 *levels; 86 86 87 + if (x86_cpuid_vendor() != X86_VENDOR_AMD) 88 + return false; 89 + 87 90 native_rdmsr(MSR_AMD64_PATCH_LEVEL, lvl, dummy); 88 91 89 92 levels = final_levels; ··· 98 95 return false; 99 96 } 100 97 101 - static bool __init check_loader_disabled_bsp(void) 98 + bool __init microcode_loader_disabled(void) 102 99 { 103 - static const char *__dis_opt_str = "dis_ucode_ldr"; 104 - const char *cmdline = boot_command_line; 105 - const char *option = __dis_opt_str; 106 - 107 - /* 108 - * CPUID(1).ECX[31]: reserved for hypervisor use. This is still not 109 - * completely accurate as xen pv guests don't see that CPUID bit set but 110 - * that's good enough as they don't land on the BSP path anyway. 111 - */ 112 - if (native_cpuid_ecx(1) & BIT(31)) 100 + if (dis_ucode_ldr) 113 101 return true; 114 102 115 - if (x86_cpuid_vendor() == X86_VENDOR_AMD) { 116 - if (amd_check_current_patch_level()) 117 - return true; 118 - } 119 - 120 - if (cmdline_find_option_bool(cmdline, option) <= 0) 121 - dis_ucode_ldr = false; 103 + /* 104 + * Disable when: 105 + * 106 + * 1) The CPU does not support CPUID. 107 + * 108 + * 2) Bit 31 in CPUID[1]:ECX is clear 109 + * The bit is reserved for hypervisor use. This is still not 110 + * completely accurate as XEN PV guests don't see that CPUID bit 111 + * set, but that's good enough as they don't land on the BSP 112 + * path anyway. 113 + * 114 + * 3) Certain AMD patch levels are not allowed to be 115 + * overwritten. 116 + */ 117 + if (!have_cpuid_p() || 118 + native_cpuid_ecx(1) & BIT(31) || 119 + amd_check_current_patch_level()) 120 + dis_ucode_ldr = true; 122 121 123 122 return dis_ucode_ldr; 124 123 } ··· 130 125 unsigned int cpuid_1_eax; 131 126 bool intel = true; 132 127 133 - if (!have_cpuid_p()) 128 + if (cmdline_find_option_bool(boot_command_line, "dis_ucode_ldr") > 0) 129 + dis_ucode_ldr = true; 130 + 131 + if (microcode_loader_disabled()) 134 132 return; 135 133 136 134 cpuid_1_eax = native_cpuid_eax(1); ··· 154 146 return; 155 147 } 156 148 157 - if (check_loader_disabled_bsp()) 158 - return; 159 - 160 149 if (intel) 161 150 load_ucode_intel_bsp(&early_data); 162 151 else ··· 164 159 { 165 160 unsigned int cpuid_1_eax; 166 161 162 + /* 163 + * Can't use microcode_loader_disabled() here - .init section 164 + * hell. It doesn't have to either - the BSP variant must've 165 + * parsed cmdline already anyway. 166 + */ 167 167 if (dis_ucode_ldr) 168 168 return; 169 169 ··· 820 810 struct cpuinfo_x86 *c = &boot_cpu_data; 821 811 int error; 822 812 823 - if (dis_ucode_ldr) 813 + if (microcode_loader_disabled()) 824 814 return -EINVAL; 825 815 826 816 if (c->x86_vendor == X86_VENDOR_INTEL)

+1 -1

arch/x86/kernel/cpu/microcode/intel.c

··· 389 389 if (xchg(&ucode_patch_va, NULL) != UCODE_BSP_LOADED) 390 390 return 0; 391 391 392 - if (dis_ucode_ldr || boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) 392 + if (microcode_loader_disabled() || boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) 393 393 return 0; 394 394 395 395 uci.mc = get_microcode_blob(&uci, true);

-1

arch/x86/kernel/cpu/microcode/internal.h

··· 94 94 return x86_family(eax); 95 95 } 96 96 97 - extern bool dis_ucode_ldr; 98 97 extern bool force_minrev; 99 98 100 99 #ifdef CONFIG_CPU_SUP_AMD

+1 -1

arch/x86/kernel/ftrace.c

··· 354 354 goto fail; 355 355 356 356 ip = trampoline + size; 357 - if (cpu_feature_enabled(X86_FEATURE_RETHUNK)) 357 + if (cpu_wants_rethunk_at(ip)) 358 358 __text_gen_insn(ip, JMP32_INSN_OPCODE, ip, x86_return_thunk, JMP32_INSN_SIZE); 359 359 else 360 360 memcpy(ip, retq, sizeof(retq));

-4

arch/x86/kernel/head32.c

··· 145 145 *ptr = (unsigned long)ptep + PAGE_OFFSET; 146 146 147 147 #ifdef CONFIG_MICROCODE_INITRD32 148 - /* Running on a hypervisor? */ 149 - if (native_cpuid_ecx(1) & BIT(31)) 150 - return; 151 - 152 148 params = (struct boot_params *)__pa_nodebug(&boot_params); 153 149 if (!params->hdr.ramdisk_size || !params->hdr.ramdisk_image) 154 150 return;

+6

arch/x86/kernel/module.c

··· 266 266 ibt_endbr = s; 267 267 } 268 268 269 + its_init_mod(me); 270 + 269 271 if (retpolines || cfi) { 270 272 void *rseg = NULL, *cseg = NULL; 271 273 unsigned int rsize = 0, csize = 0; ··· 288 286 void *rseg = (void *)retpolines->sh_addr; 289 287 apply_retpolines(rseg, rseg + retpolines->sh_size); 290 288 } 289 + 290 + its_fini_mod(me); 291 + 291 292 if (returns) { 292 293 void *rseg = (void *)returns->sh_addr; 293 294 apply_returns(rseg, rseg + returns->sh_size); ··· 331 326 void module_arch_cleanup(struct module *mod) 332 327 { 333 328 alternatives_smp_module_del(mod); 329 + its_free_mod(mod); 334 330 }

+2 -2

arch/x86/kernel/static_call.c

··· 81 81 break; 82 82 83 83 case RET: 84 - if (cpu_feature_enabled(X86_FEATURE_RETHUNK)) 84 + if (cpu_wants_rethunk_at(insn)) 85 85 code = text_gen_insn(JMP32_INSN_OPCODE, insn, x86_return_thunk); 86 86 else 87 87 code = &retinsn; ··· 90 90 case JCC: 91 91 if (!func) { 92 92 func = __static_call_return; 93 - if (cpu_feature_enabled(X86_FEATURE_RETHUNK)) 93 + if (cpu_wants_rethunk()) 94 94 func = x86_return_thunk; 95 95 } 96 96

+19 -1

arch/x86/kernel/vmlinux.lds.S

··· 466 466 } 467 467 468 468 /* 469 - * The ASSERT() sink to . is intentional, for binutils 2.14 compatibility: 469 + * COMPILE_TEST kernels can be large - CONFIG_KASAN, for example, can cause 470 + * this. Let's assume that nobody will be running a COMPILE_TEST kernel and 471 + * let's assert that fuller build coverage is more valuable than being able to 472 + * run a COMPILE_TEST kernel. 473 + */ 474 + #ifndef CONFIG_COMPILE_TEST 475 + /* 476 + * The ASSERT() sync to . is intentional, for binutils 2.14 compatibility: 470 477 */ 471 478 . = ASSERT((_end - LOAD_OFFSET <= KERNEL_IMAGE_SIZE), 472 479 "kernel image bigger than KERNEL_IMAGE_SIZE"); 480 + #endif 473 481 474 482 /* needed for Clang - see arch/x86/entry/entry.S */ 475 483 PROVIDE(__ref_stack_chk_guard = __stack_chk_guard); ··· 503 495 . = ASSERT(((ABSOLUTE(srso_alias_untrain_ret) | srso_alias_safe_ret) - 504 496 (ABSOLUTE(srso_alias_untrain_ret) & srso_alias_safe_ret)) == ((1 << 2) | (1 << 8) | (1 << 14) | (1 << 20)), 505 497 "SRSO function pair won't alias"); 498 + #endif 499 + 500 + #if defined(CONFIG_MITIGATION_ITS) && !defined(CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B) 501 + . = ASSERT(__x86_indirect_its_thunk_rax & 0x20, "__x86_indirect_thunk_rax not in second half of cacheline"); 502 + . = ASSERT(((__x86_indirect_its_thunk_rcx - __x86_indirect_its_thunk_rax) % 64) == 0, "Indirect thunks are not cacheline apart"); 503 + . = ASSERT(__x86_indirect_its_thunk_array == __x86_indirect_its_thunk_rax, "Gap in ITS thunk array"); 504 + #endif 505 + 506 + #if defined(CONFIG_MITIGATION_ITS) && !defined(CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B) 507 + . = ASSERT(its_return_thunk & 0x20, "its_return_thunk not in second half of cacheline"); 506 508 #endif 507 509 508 510 #endif /* CONFIG_X86_64 */

+3

arch/x86/kvm/mmu.h

··· 104 104 105 105 static inline int kvm_mmu_reload(struct kvm_vcpu *vcpu) 106 106 { 107 + if (kvm_check_request(KVM_REQ_MMU_FREE_OBSOLETE_ROOTS, vcpu)) 108 + kvm_mmu_free_obsolete_roots(vcpu); 109 + 107 110 /* 108 111 * Checking root.hpa is sufficient even when KVM has mirror root. 109 112 * We can have either:

+64 -26

arch/x86/kvm/mmu/mmu.c

··· 5974 5974 __kvm_mmu_free_obsolete_roots(vcpu->kvm, &vcpu->arch.root_mmu); 5975 5975 __kvm_mmu_free_obsolete_roots(vcpu->kvm, &vcpu->arch.guest_mmu); 5976 5976 } 5977 + EXPORT_SYMBOL_GPL(kvm_mmu_free_obsolete_roots); 5977 5978 5978 5979 static u64 mmu_pte_write_fetch_gpte(struct kvm_vcpu *vcpu, gpa_t *gpa, 5979 5980 int *bytes) ··· 7670 7669 } 7671 7670 7672 7671 #ifdef CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES 7673 - bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, 7674 - struct kvm_gfn_range *range) 7675 - { 7676 - /* 7677 - * Zap SPTEs even if the slot can't be mapped PRIVATE. KVM x86 only 7678 - * supports KVM_MEMORY_ATTRIBUTE_PRIVATE, and so it *seems* like KVM 7679 - * can simply ignore such slots. But if userspace is making memory 7680 - * PRIVATE, then KVM must prevent the guest from accessing the memory 7681 - * as shared. And if userspace is making memory SHARED and this point 7682 - * is reached, then at least one page within the range was previously 7683 - * PRIVATE, i.e. the slot's possible hugepage ranges are changing. 7684 - * Zapping SPTEs in this case ensures KVM will reassess whether or not 7685 - * a hugepage can be used for affected ranges. 7686 - */ 7687 - if (WARN_ON_ONCE(!kvm_arch_has_private_mem(kvm))) 7688 - return false; 7689 - 7690 - /* Unmap the old attribute page. */ 7691 - if (range->arg.attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE) 7692 - range->attr_filter = KVM_FILTER_SHARED; 7693 - else 7694 - range->attr_filter = KVM_FILTER_PRIVATE; 7695 - 7696 - return kvm_unmap_gfn_range(kvm, range); 7697 - } 7698 - 7699 7672 static bool hugepage_test_mixed(struct kvm_memory_slot *slot, gfn_t gfn, 7700 7673 int level) 7701 7674 { ··· 7687 7712 { 7688 7713 lpage_info_slot(gfn, slot, level)->disallow_lpage |= KVM_LPAGE_MIXED_FLAG; 7689 7714 } 7715 + 7716 + bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, 7717 + struct kvm_gfn_range *range) 7718 + { 7719 + struct kvm_memory_slot *slot = range->slot; 7720 + int level; 7721 + 7722 + /* 7723 + * Zap SPTEs even if the slot can't be mapped PRIVATE. KVM x86 only 7724 + * supports KVM_MEMORY_ATTRIBUTE_PRIVATE, and so it *seems* like KVM 7725 + * can simply ignore such slots. But if userspace is making memory 7726 + * PRIVATE, then KVM must prevent the guest from accessing the memory 7727 + * as shared. And if userspace is making memory SHARED and this point 7728 + * is reached, then at least one page within the range was previously 7729 + * PRIVATE, i.e. the slot's possible hugepage ranges are changing. 7730 + * Zapping SPTEs in this case ensures KVM will reassess whether or not 7731 + * a hugepage can be used for affected ranges. 7732 + */ 7733 + if (WARN_ON_ONCE(!kvm_arch_has_private_mem(kvm))) 7734 + return false; 7735 + 7736 + if (WARN_ON_ONCE(range->end <= range->start)) 7737 + return false; 7738 + 7739 + /* 7740 + * If the head and tail pages of the range currently allow a hugepage, 7741 + * i.e. reside fully in the slot and don't have mixed attributes, then 7742 + * add each corresponding hugepage range to the ongoing invalidation, 7743 + * e.g. to prevent KVM from creating a hugepage in response to a fault 7744 + * for a gfn whose attributes aren't changing. Note, only the range 7745 + * of gfns whose attributes are being modified needs to be explicitly 7746 + * unmapped, as that will unmap any existing hugepages. 7747 + */ 7748 + for (level = PG_LEVEL_2M; level <= KVM_MAX_HUGEPAGE_LEVEL; level++) { 7749 + gfn_t start = gfn_round_for_level(range->start, level); 7750 + gfn_t end = gfn_round_for_level(range->end - 1, level); 7751 + gfn_t nr_pages = KVM_PAGES_PER_HPAGE(level); 7752 + 7753 + if ((start != range->start || start + nr_pages > range->end) && 7754 + start >= slot->base_gfn && 7755 + start + nr_pages <= slot->base_gfn + slot->npages && 7756 + !hugepage_test_mixed(slot, start, level)) 7757 + kvm_mmu_invalidate_range_add(kvm, start, start + nr_pages); 7758 + 7759 + if (end == start) 7760 + continue; 7761 + 7762 + if ((end + nr_pages) > range->end && 7763 + (end + nr_pages) <= (slot->base_gfn + slot->npages) && 7764 + !hugepage_test_mixed(slot, end, level)) 7765 + kvm_mmu_invalidate_range_add(kvm, end, end + nr_pages); 7766 + } 7767 + 7768 + /* Unmap the old attribute page. */ 7769 + if (range->arg.attributes & KVM_MEMORY_ATTRIBUTE_PRIVATE) 7770 + range->attr_filter = KVM_FILTER_SHARED; 7771 + else 7772 + range->attr_filter = KVM_FILTER_PRIVATE; 7773 + 7774 + return kvm_unmap_gfn_range(kvm, range); 7775 + } 7776 + 7777 + 7690 7778 7691 7779 static bool hugepage_has_attrs(struct kvm *kvm, struct kvm_memory_slot *slot, 7692 7780 gfn_t gfn, int level, unsigned long attrs)

+1

arch/x86/kvm/smm.c

··· 131 131 132 132 kvm_mmu_reset_context(vcpu); 133 133 } 134 + EXPORT_SYMBOL_GPL(kvm_smm_changed); 134 135 135 136 void process_smi(struct kvm_vcpu *vcpu) 136 137 {

+19 -13

arch/x86/kvm/svm/sev.c

··· 3173 3173 kvfree(svm->sev_es.ghcb_sa); 3174 3174 } 3175 3175 3176 + static u64 kvm_ghcb_get_sw_exit_code(struct vmcb_control_area *control) 3177 + { 3178 + return (((u64)control->exit_code_hi) << 32) | control->exit_code; 3179 + } 3180 + 3176 3181 static void dump_ghcb(struct vcpu_svm *svm) 3177 3182 { 3178 - struct ghcb *ghcb = svm->sev_es.ghcb; 3183 + struct vmcb_control_area *control = &svm->vmcb->control; 3179 3184 unsigned int nbits; 3180 3185 3181 3186 /* Re-use the dump_invalid_vmcb module parameter */ ··· 3189 3184 return; 3190 3185 } 3191 3186 3192 - nbits = sizeof(ghcb->save.valid_bitmap) * 8; 3187 + nbits = sizeof(svm->sev_es.valid_bitmap) * 8; 3193 3188 3194 - pr_err("GHCB (GPA=%016llx):\n", svm->vmcb->control.ghcb_gpa); 3189 + /* 3190 + * Print KVM's snapshot of the GHCB values that were (unsuccessfully) 3191 + * used to handle the exit. If the guest has since modified the GHCB 3192 + * itself, dumping the raw GHCB won't help debug why KVM was unable to 3193 + * handle the VMGEXIT that KVM observed. 3194 + */ 3195 + pr_err("GHCB (GPA=%016llx) snapshot:\n", svm->vmcb->control.ghcb_gpa); 3195 3196 pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_code", 3196 - ghcb->save.sw_exit_code, ghcb_sw_exit_code_is_valid(ghcb)); 3197 + kvm_ghcb_get_sw_exit_code(control), kvm_ghcb_sw_exit_code_is_valid(svm)); 3197 3198 pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_info_1", 3198 - ghcb->save.sw_exit_info_1, ghcb_sw_exit_info_1_is_valid(ghcb)); 3199 + control->exit_info_1, kvm_ghcb_sw_exit_info_1_is_valid(svm)); 3199 3200 pr_err("%-20s%016llx is_valid: %u\n", "sw_exit_info_2", 3200 - ghcb->save.sw_exit_info_2, ghcb_sw_exit_info_2_is_valid(ghcb)); 3201 + control->exit_info_2, kvm_ghcb_sw_exit_info_2_is_valid(svm)); 3201 3202 pr_err("%-20s%016llx is_valid: %u\n", "sw_scratch", 3202 - ghcb->save.sw_scratch, ghcb_sw_scratch_is_valid(ghcb)); 3203 - pr_err("%-20s%*pb\n", "valid_bitmap", nbits, ghcb->save.valid_bitmap); 3203 + svm->sev_es.sw_scratch, kvm_ghcb_sw_scratch_is_valid(svm)); 3204 + pr_err("%-20s%*pb\n", "valid_bitmap", nbits, svm->sev_es.valid_bitmap); 3204 3205 } 3205 3206 3206 3207 static void sev_es_sync_to_ghcb(struct vcpu_svm *svm) ··· 3275 3264 3276 3265 /* Clear the valid entries fields */ 3277 3266 memset(ghcb->save.valid_bitmap, 0, sizeof(ghcb->save.valid_bitmap)); 3278 - } 3279 - 3280 - static u64 kvm_ghcb_get_sw_exit_code(struct vmcb_control_area *control) 3281 - { 3282 - return (((u64)control->exit_code_hi) << 32) | control->exit_code; 3283 3267 } 3284 3268 3285 3269 static int sev_es_validate_vmgexit(struct vcpu_svm *svm)

+69 -6

arch/x86/kvm/svm/svm.c

··· 607 607 kvm_cpu_svm_disable(); 608 608 609 609 amd_pmu_disable_virt(); 610 - 611 - if (cpu_feature_enabled(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) 612 - msr_clear_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_BP_SPEC_REDUCE_BIT); 613 610 } 614 611 615 612 static int svm_enable_virtualization_cpu(void) ··· 683 686 684 687 rdmsr(MSR_TSC_AUX, sev_es_host_save_area(sd)->tsc_aux, msr_hi); 685 688 } 686 - 687 - if (cpu_feature_enabled(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) 688 - msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_BP_SPEC_REDUCE_BIT); 689 689 690 690 return 0; 691 691 } ··· 1512 1518 __free_pages(virt_to_page(svm->msrpm), get_order(MSRPM_SIZE)); 1513 1519 } 1514 1520 1521 + #ifdef CONFIG_CPU_MITIGATIONS 1522 + static DEFINE_SPINLOCK(srso_lock); 1523 + static atomic_t srso_nr_vms; 1524 + 1525 + static void svm_srso_clear_bp_spec_reduce(void *ign) 1526 + { 1527 + struct svm_cpu_data *sd = this_cpu_ptr(&svm_data); 1528 + 1529 + if (!sd->bp_spec_reduce_set) 1530 + return; 1531 + 1532 + msr_clear_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_BP_SPEC_REDUCE_BIT); 1533 + sd->bp_spec_reduce_set = false; 1534 + } 1535 + 1536 + static void svm_srso_vm_destroy(void) 1537 + { 1538 + if (!cpu_feature_enabled(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) 1539 + return; 1540 + 1541 + if (atomic_dec_return(&srso_nr_vms)) 1542 + return; 1543 + 1544 + guard(spinlock)(&srso_lock); 1545 + 1546 + /* 1547 + * Verify a new VM didn't come along, acquire the lock, and increment 1548 + * the count before this task acquired the lock. 1549 + */ 1550 + if (atomic_read(&srso_nr_vms)) 1551 + return; 1552 + 1553 + on_each_cpu(svm_srso_clear_bp_spec_reduce, NULL, 1); 1554 + } 1555 + 1556 + static void svm_srso_vm_init(void) 1557 + { 1558 + if (!cpu_feature_enabled(X86_FEATURE_SRSO_BP_SPEC_REDUCE)) 1559 + return; 1560 + 1561 + /* 1562 + * Acquire the lock on 0 => 1 transitions to ensure a potential 1 => 0 1563 + * transition, i.e. destroying the last VM, is fully complete, e.g. so 1564 + * that a delayed IPI doesn't clear BP_SPEC_REDUCE after a vCPU runs. 1565 + */ 1566 + if (atomic_inc_not_zero(&srso_nr_vms)) 1567 + return; 1568 + 1569 + guard(spinlock)(&srso_lock); 1570 + 1571 + atomic_inc(&srso_nr_vms); 1572 + } 1573 + #else 1574 + static void svm_srso_vm_init(void) { } 1575 + static void svm_srso_vm_destroy(void) { } 1576 + #endif 1577 + 1515 1578 static void svm_prepare_switch_to_guest(struct kvm_vcpu *vcpu) 1516 1579 { 1517 1580 struct vcpu_svm *svm = to_svm(vcpu); ··· 1601 1550 (!boot_cpu_has(X86_FEATURE_V_TSC_AUX) || !sev_es_guest(vcpu->kvm))) 1602 1551 kvm_set_user_return_msr(tsc_aux_uret_slot, svm->tsc_aux, -1ull); 1603 1552 1553 + if (cpu_feature_enabled(X86_FEATURE_SRSO_BP_SPEC_REDUCE) && 1554 + !sd->bp_spec_reduce_set) { 1555 + sd->bp_spec_reduce_set = true; 1556 + msr_set_bit(MSR_ZEN4_BP_CFG, MSR_ZEN4_BP_CFG_BP_SPEC_REDUCE_BIT); 1557 + } 1604 1558 svm->guest_state_loaded = true; 1605 1559 } 1606 1560 ··· 2287 2231 */ 2288 2232 if (!sev_es_guest(vcpu->kvm)) { 2289 2233 clear_page(svm->vmcb); 2234 + #ifdef CONFIG_KVM_SMM 2235 + if (is_smm(vcpu)) 2236 + kvm_smm_changed(vcpu, false); 2237 + #endif 2290 2238 kvm_vcpu_reset(vcpu, true); 2291 2239 } 2292 2240 ··· 5096 5036 { 5097 5037 avic_vm_destroy(kvm); 5098 5038 sev_vm_destroy(kvm); 5039 + 5040 + svm_srso_vm_destroy(); 5099 5041 } 5100 5042 5101 5043 static int svm_vm_init(struct kvm *kvm) ··· 5123 5061 return ret; 5124 5062 } 5125 5063 5064 + svm_srso_vm_init(); 5126 5065 return 0; 5127 5066 } 5128 5067

+2

arch/x86/kvm/svm/svm.h

··· 335 335 u32 next_asid; 336 336 u32 min_asid; 337 337 338 + bool bp_spec_reduce_set; 339 + 338 340 struct vmcb *save_area; 339 341 unsigned long save_area_pa; 340 342

+5 -3

arch/x86/kvm/x86.c

··· 1584 1584 ARCH_CAP_PSCHANGE_MC_NO | ARCH_CAP_TSX_CTRL_MSR | ARCH_CAP_TAA_NO | \ 1585 1585 ARCH_CAP_SBDR_SSDP_NO | ARCH_CAP_FBSDP_NO | ARCH_CAP_PSDP_NO | \ 1586 1586 ARCH_CAP_FB_CLEAR | ARCH_CAP_RRSBA | ARCH_CAP_PBRSB_NO | ARCH_CAP_GDS_NO | \ 1587 - ARCH_CAP_RFDS_NO | ARCH_CAP_RFDS_CLEAR | ARCH_CAP_BHI_NO) 1587 + ARCH_CAP_RFDS_NO | ARCH_CAP_RFDS_CLEAR | ARCH_CAP_BHI_NO | ARCH_CAP_ITS_NO) 1588 1588 1589 1589 static u64 kvm_get_arch_capabilities(void) 1590 1590 { ··· 1618 1618 data |= ARCH_CAP_MDS_NO; 1619 1619 if (!boot_cpu_has_bug(X86_BUG_RFDS)) 1620 1620 data |= ARCH_CAP_RFDS_NO; 1621 + if (!boot_cpu_has_bug(X86_BUG_ITS)) 1622 + data |= ARCH_CAP_ITS_NO; 1621 1623 1622 1624 if (!boot_cpu_has(X86_FEATURE_RTM)) { 1623 1625 /* ··· 4599 4597 return type < 32 && (kvm_caps.supported_vm_types & BIT(type)); 4600 4598 } 4601 4599 4602 - static inline u32 kvm_sync_valid_fields(struct kvm *kvm) 4600 + static inline u64 kvm_sync_valid_fields(struct kvm *kvm) 4603 4601 { 4604 4602 return kvm && kvm->arch.has_protected_state ? 0 : KVM_SYNC_X86_VALID_FIELDS; 4605 4603 } ··· 11495 11493 { 11496 11494 struct kvm_queued_exception *ex = &vcpu->arch.exception; 11497 11495 struct kvm_run *kvm_run = vcpu->run; 11498 - u32 sync_valid_fields; 11496 + u64 sync_valid_fields; 11499 11497 int r; 11500 11498 11501 11499 r = kvm_mmu_post_init_vm(vcpu->kvm);

+48

arch/x86/lib/retpoline.S

··· 367 367 368 368 #endif /* CONFIG_MITIGATION_CALL_DEPTH_TRACKING */ 369 369 370 + #ifdef CONFIG_MITIGATION_ITS 371 + 372 + .macro ITS_THUNK reg 373 + 374 + /* 375 + * If CFI paranoid is used then the ITS thunk starts with opcodes (0xea; jne 1b) 376 + * that complete the fineibt_paranoid caller sequence. 377 + */ 378 + 1: .byte 0xea 379 + SYM_INNER_LABEL(__x86_indirect_paranoid_thunk_\reg, SYM_L_GLOBAL) 380 + UNWIND_HINT_UNDEFINED 381 + ANNOTATE_NOENDBR 382 + jne 1b 383 + SYM_INNER_LABEL(__x86_indirect_its_thunk_\reg, SYM_L_GLOBAL) 384 + UNWIND_HINT_UNDEFINED 385 + ANNOTATE_NOENDBR 386 + ANNOTATE_RETPOLINE_SAFE 387 + jmp *%\reg 388 + int3 389 + .align 32, 0xcc /* fill to the end of the line */ 390 + .skip 32 - (__x86_indirect_its_thunk_\reg - 1b), 0xcc /* skip to the next upper half */ 391 + .endm 392 + 393 + /* ITS mitigation requires thunks be aligned to upper half of cacheline */ 394 + .align 64, 0xcc 395 + .skip 29, 0xcc 396 + 397 + #define GEN(reg) ITS_THUNK reg 398 + #include <asm/GEN-for-each-reg.h> 399 + #undef GEN 400 + 401 + .align 64, 0xcc 402 + SYM_FUNC_ALIAS(__x86_indirect_its_thunk_array, __x86_indirect_its_thunk_rax) 403 + SYM_CODE_END(__x86_indirect_its_thunk_array) 404 + 405 + .align 64, 0xcc 406 + .skip 32, 0xcc 407 + SYM_CODE_START(its_return_thunk) 408 + UNWIND_HINT_FUNC 409 + ANNOTATE_NOENDBR 410 + ANNOTATE_UNRET_SAFE 411 + ret 412 + int3 413 + SYM_CODE_END(its_return_thunk) 414 + EXPORT_SYMBOL(its_return_thunk) 415 + 416 + #endif /* CONFIG_MITIGATION_ITS */ 417 + 370 418 /* 371 419 * This function name is magical and is used by -mfunction-return=thunk-extern 372 420 * for the compiler to generate JMPs to it.

+3

arch/x86/mm/init_32.c

··· 30 30 #include <linux/initrd.h> 31 31 #include <linux/cpumask.h> 32 32 #include <linux/gfp.h> 33 + #include <linux/execmem.h> 33 34 34 35 #include <asm/asm.h> 35 36 #include <asm/bios_ebda.h> ··· 755 754 set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT); 756 755 pr_info("Write protecting kernel text and read-only data: %luk\n", 757 756 size >> 10); 757 + 758 + execmem_cache_make_ro(); 758 759 759 760 kernel_set_to_readonly = 1; 760 761

+3

arch/x86/mm/init_64.c

··· 34 34 #include <linux/gfp.h> 35 35 #include <linux/kcore.h> 36 36 #include <linux/bootmem_info.h> 37 + #include <linux/execmem.h> 37 38 38 39 #include <asm/processor.h> 39 40 #include <asm/bios_ebda.h> ··· 1391 1390 printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n", 1392 1391 (end - start) >> 10); 1393 1392 set_memory_ro(start, (end - start) >> PAGE_SHIFT); 1393 + 1394 + execmem_cache_make_ro(); 1394 1395 1395 1396 kernel_set_to_readonly = 1; 1396 1397

+19 -3

arch/x86/mm/tlb.c

··· 899 899 cond_mitigation(tsk); 900 900 901 901 /* 902 - * Let nmi_uaccess_okay() and finish_asid_transition() 903 - * know that CR3 is changing. 902 + * Indicate that CR3 is about to change. nmi_uaccess_okay() 903 + * and others are sensitive to the window where mm_cpumask(), 904 + * CR3 and cpu_tlbstate.loaded_mm are not all in sync. 904 905 */ 905 906 this_cpu_write(cpu_tlbstate.loaded_mm, LOADED_MM_SWITCHING); 906 907 barrier(); ··· 1205 1204 1206 1205 static bool should_flush_tlb(int cpu, void *data) 1207 1206 { 1207 + struct mm_struct *loaded_mm = per_cpu(cpu_tlbstate.loaded_mm, cpu); 1208 1208 struct flush_tlb_info *info = data; 1209 + 1210 + /* 1211 + * Order the 'loaded_mm' and 'is_lazy' against their 1212 + * write ordering in switch_mm_irqs_off(). Ensure 1213 + * 'is_lazy' is at least as new as 'loaded_mm'. 1214 + */ 1215 + smp_rmb(); 1209 1216 1210 1217 /* Lazy TLB will get flushed at the next context switch. */ 1211 1218 if (per_cpu(cpu_tlbstate_shared.is_lazy, cpu)) ··· 1223 1214 if (!info->mm) 1224 1215 return true; 1225 1216 1217 + /* 1218 + * While switching, the remote CPU could have state from 1219 + * either the prev or next mm. Assume the worst and flush. 1220 + */ 1221 + if (loaded_mm == LOADED_MM_SWITCHING) 1222 + return true; 1223 + 1226 1224 /* The target mm is loaded, and the CPU is not lazy. */ 1227 - if (per_cpu(cpu_tlbstate.loaded_mm, cpu) == info->mm) 1225 + if (loaded_mm == info->mm) 1228 1226 return true; 1229 1227 1230 1228 /* In cpumask, but not the loaded mm? Periodically remove by flushing. */

+56 -2

arch/x86/net/bpf_jit_comp.c

··· 41 41 #define EMIT2(b1, b2) EMIT((b1) + ((b2) << 8), 2) 42 42 #define EMIT3(b1, b2, b3) EMIT((b1) + ((b2) << 8) + ((b3) << 16), 3) 43 43 #define EMIT4(b1, b2, b3, b4) EMIT((b1) + ((b2) << 8) + ((b3) << 16) + ((b4) << 24), 4) 44 + #define EMIT5(b1, b2, b3, b4, b5) \ 45 + do { EMIT1(b1); EMIT4(b2, b3, b4, b5); } while (0) 44 46 45 47 #define EMIT1_off32(b1, off) \ 46 48 do { EMIT1(b1); EMIT(off, 4); } while (0) ··· 663 661 { 664 662 u8 *prog = *pprog; 665 663 666 - if (cpu_feature_enabled(X86_FEATURE_RETPOLINE_LFENCE)) { 664 + if (cpu_feature_enabled(X86_FEATURE_INDIRECT_THUNK_ITS)) { 665 + OPTIMIZER_HIDE_VAR(reg); 666 + emit_jump(&prog, its_static_thunk(reg), ip); 667 + } else if (cpu_feature_enabled(X86_FEATURE_RETPOLINE_LFENCE)) { 667 668 EMIT_LFENCE(); 668 669 EMIT2(0xFF, 0xE0 + reg); 669 670 } else if (cpu_feature_enabled(X86_FEATURE_RETPOLINE)) { ··· 688 683 { 689 684 u8 *prog = *pprog; 690 685 691 - if (cpu_feature_enabled(X86_FEATURE_RETHUNK)) { 686 + if (cpu_wants_rethunk()) { 692 687 emit_jump(&prog, x86_return_thunk, ip); 693 688 } else { 694 689 EMIT1(0xC3); /* ret */ ··· 1506 1501 /* Memory size/value to protect private stack overflow/underflow */ 1507 1502 #define PRIV_STACK_GUARD_SZ 8 1508 1503 #define PRIV_STACK_GUARD_VAL 0xEB9F12345678eb9fULL 1504 + 1505 + static int emit_spectre_bhb_barrier(u8 **pprog, u8 *ip, 1506 + struct bpf_prog *bpf_prog) 1507 + { 1508 + u8 *prog = *pprog; 1509 + u8 *func; 1510 + 1511 + if (cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_LOOP)) { 1512 + /* The clearing sequence clobbers eax and ecx. */ 1513 + EMIT1(0x50); /* push rax */ 1514 + EMIT1(0x51); /* push rcx */ 1515 + ip += 2; 1516 + 1517 + func = (u8 *)clear_bhb_loop; 1518 + ip += x86_call_depth_emit_accounting(&prog, func, ip); 1519 + 1520 + if (emit_call(&prog, func, ip)) 1521 + return -EINVAL; 1522 + EMIT1(0x59); /* pop rcx */ 1523 + EMIT1(0x58); /* pop rax */ 1524 + } 1525 + /* Insert IBHF instruction */ 1526 + if ((cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_LOOP) && 1527 + cpu_feature_enabled(X86_FEATURE_HYPERVISOR)) || 1528 + cpu_feature_enabled(X86_FEATURE_CLEAR_BHB_HW)) { 1529 + /* 1530 + * Add an Indirect Branch History Fence (IBHF). IBHF acts as a 1531 + * fence preventing branch history from before the fence from 1532 + * affecting indirect branches after the fence. This is 1533 + * specifically used in cBPF jitted code to prevent Intra-mode 1534 + * BHI attacks. The IBHF instruction is designed to be a NOP on 1535 + * hardware that doesn't need or support it. The REP and REX.W 1536 + * prefixes are required by the microcode, and they also ensure 1537 + * that the NOP is unlikely to be used in existing code. 1538 + * 1539 + * IBHF is not a valid instruction in 32-bit mode. 1540 + */ 1541 + EMIT5(0xF3, 0x48, 0x0F, 0x1E, 0xF8); /* ibhf */ 1542 + } 1543 + *pprog = prog; 1544 + return 0; 1545 + } 1509 1546 1510 1547 static int do_jit(struct bpf_prog *bpf_prog, int *addrs, u8 *image, u8 *rw_image, 1511 1548 int oldproglen, struct jit_context *ctx, bool jmp_padding) ··· 2591 2544 seen_exit = true; 2592 2545 /* Update cleanup_addr */ 2593 2546 ctx->cleanup_addr = proglen; 2547 + if (bpf_prog_was_classic(bpf_prog) && 2548 + !capable(CAP_SYS_ADMIN)) { 2549 + u8 *ip = image + addrs[i - 1]; 2550 + 2551 + if (emit_spectre_bhb_barrier(&prog, ip, bpf_prog)) 2552 + return -EINVAL; 2553 + } 2594 2554 if (bpf_prog->aux->exception_boundary) { 2595 2555 pop_callee_regs(&prog, all_callee_regs_used); 2596 2556 pop_r12(&prog);

+2 -1

block/blk.h

··· 480 480 * the original BIO sector so that blk_zone_write_plug_bio_endio() can 481 481 * lookup the zone write plug. 482 482 */ 483 - if (req_op(rq) == REQ_OP_ZONE_APPEND || bio_zone_write_plugging(bio)) 483 + if (req_op(rq) == REQ_OP_ZONE_APPEND || 484 + bio_flagged(bio, BIO_EMULATES_ZONE_APPEND)) 484 485 bio->bi_iter.bi_sector = rq->__sector; 485 486 } 486 487 void blk_zone_write_plug_bio_endio(struct bio *bio);

+1 -5

block/ioprio.c

··· 46 46 */ 47 47 if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_NICE)) 48 48 return -EPERM; 49 - fallthrough; 50 - /* rt has prio field too */ 51 - case IOPRIO_CLASS_BE: 52 - if (level >= IOPRIO_NR_LEVELS) 53 - return -EINVAL; 54 49 break; 50 + case IOPRIO_CLASS_BE: 55 51 case IOPRIO_CLASS_IDLE: 56 52 break; 57 53 case IOPRIO_CLASS_NONE:

+1 -1

drivers/accel/ivpu/ivpu_hw.c

··· 119 119 else 120 120 vdev->timeout.autosuspend = 100; 121 121 vdev->timeout.d0i3_entry_msg = 5; 122 - vdev->timeout.state_dump_msg = 10; 122 + vdev->timeout.state_dump_msg = 100; 123 123 } 124 124 } 125 125

+25 -10

drivers/accel/ivpu/ivpu_job.c

··· 681 681 err_erase_xa: 682 682 xa_erase(&vdev->submitted_jobs_xa, job->job_id); 683 683 err_unlock: 684 - mutex_unlock(&vdev->submitted_jobs_lock); 685 684 mutex_unlock(&file_priv->lock); 685 + mutex_unlock(&vdev->submitted_jobs_lock); 686 686 ivpu_rpm_put(vdev); 687 687 return ret; 688 688 } ··· 874 874 int ivpu_cmdq_create_ioctl(struct drm_device *dev, void *data, struct drm_file *file) 875 875 { 876 876 struct ivpu_file_priv *file_priv = file->driver_priv; 877 + struct ivpu_device *vdev = file_priv->vdev; 877 878 struct drm_ivpu_cmdq_create *args = data; 878 879 struct ivpu_cmdq *cmdq; 880 + int ret; 879 881 880 - if (!ivpu_is_capable(file_priv->vdev, DRM_IVPU_CAP_MANAGE_CMDQ)) 882 + if (!ivpu_is_capable(vdev, DRM_IVPU_CAP_MANAGE_CMDQ)) 881 883 return -ENODEV; 882 884 883 885 if (args->priority > DRM_IVPU_JOB_PRIORITY_REALTIME) 884 886 return -EINVAL; 887 + 888 + ret = ivpu_rpm_get(vdev); 889 + if (ret < 0) 890 + return ret; 885 891 886 892 mutex_lock(&file_priv->lock); 887 893 ··· 896 890 args->cmdq_id = cmdq->id; 897 891 898 892 mutex_unlock(&file_priv->lock); 893 + 894 + ivpu_rpm_put(vdev); 899 895 900 896 return cmdq ? 0 : -ENOMEM; 901 897 } ··· 908 900 struct ivpu_device *vdev = file_priv->vdev; 909 901 struct drm_ivpu_cmdq_destroy *args = data; 910 902 struct ivpu_cmdq *cmdq; 911 - u32 cmdq_id; 903 + u32 cmdq_id = 0; 912 904 int ret; 913 905 914 906 if (!ivpu_is_capable(vdev, DRM_IVPU_CAP_MANAGE_CMDQ)) 915 907 return -ENODEV; 908 + 909 + ret = ivpu_rpm_get(vdev); 910 + if (ret < 0) 911 + return ret; 916 912 917 913 mutex_lock(&file_priv->lock); 918 914 919 915 cmdq = xa_load(&file_priv->cmdq_xa, args->cmdq_id); 920 916 if (!cmdq || cmdq->is_legacy) { 921 917 ret = -ENOENT; 922 - goto err_unlock; 918 + } else { 919 + cmdq_id = cmdq->id; 920 + ivpu_cmdq_destroy(file_priv, cmdq); 921 + ret = 0; 923 922 } 924 923 925 - cmdq_id = cmdq->id; 926 - ivpu_cmdq_destroy(file_priv, cmdq); 927 924 mutex_unlock(&file_priv->lock); 928 - ivpu_cmdq_abort_all_jobs(vdev, file_priv->ctx.id, cmdq_id); 929 - return 0; 930 925 931 - err_unlock: 932 - mutex_unlock(&file_priv->lock); 926 + /* Abort any pending jobs only if cmdq was destroyed */ 927 + if (!ret) 928 + ivpu_cmdq_abort_all_jobs(vdev, file_priv->ctx.id, cmdq_id); 929 + 930 + ivpu_rpm_put(vdev); 931 + 933 932 return ret; 934 933 } 935 934

+3

drivers/base/cpu.c

··· 600 600 CPU_SHOW_VULN_FALLBACK(gds); 601 601 CPU_SHOW_VULN_FALLBACK(reg_file_data_sampling); 602 602 CPU_SHOW_VULN_FALLBACK(ghostwrite); 603 + CPU_SHOW_VULN_FALLBACK(indirect_target_selection); 603 604 604 605 static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); 605 606 static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); ··· 617 616 static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL); 618 617 static DEVICE_ATTR(reg_file_data_sampling, 0444, cpu_show_reg_file_data_sampling, NULL); 619 618 static DEVICE_ATTR(ghostwrite, 0444, cpu_show_ghostwrite, NULL); 619 + static DEVICE_ATTR(indirect_target_selection, 0444, cpu_show_indirect_target_selection, NULL); 620 620 621 621 static struct attribute *cpu_root_vulnerabilities_attrs[] = { 622 622 &dev_attr_meltdown.attr, ··· 635 633 &dev_attr_gather_data_sampling.attr, 636 634 &dev_attr_reg_file_data_sampling.attr, 637 635 &dev_attr_ghostwrite.attr, 636 + &dev_attr_indirect_target_selection.attr, 638 637 NULL 639 638 }; 640 639

+3 -3

drivers/base/platform.c

··· 1440 1440 1441 1441 static int platform_dma_configure(struct device *dev) 1442 1442 { 1443 - struct platform_driver *drv = to_platform_driver(dev->driver); 1443 + struct device_driver *drv = READ_ONCE(dev->driver); 1444 1444 struct fwnode_handle *fwnode = dev_fwnode(dev); 1445 1445 enum dev_dma_attr attr; 1446 1446 int ret = 0; ··· 1451 1451 attr = acpi_get_dma_attr(to_acpi_device_node(fwnode)); 1452 1452 ret = acpi_dma_configure(dev, attr); 1453 1453 } 1454 - /* @drv may not be valid when we're called from the IOMMU layer */ 1455 - if (ret || !dev->driver || drv->driver_managed_dma) 1454 + /* @dev->driver may not be valid when we're called from the IOMMU layer */ 1455 + if (ret || !drv || to_platform_driver(drv)->driver_managed_dma) 1456 1456 return ret; 1457 1457 1458 1458 ret = iommu_device_use_default_domain(dev);

+23

drivers/block/loop.c

··· 505 505 lo->lo_min_dio_size = loop_query_min_dio_size(lo); 506 506 } 507 507 508 + static int loop_check_backing_file(struct file *file) 509 + { 510 + if (!file->f_op->read_iter) 511 + return -EINVAL; 512 + 513 + if ((file->f_mode & FMODE_WRITE) && !file->f_op->write_iter) 514 + return -EINVAL; 515 + 516 + return 0; 517 + } 518 + 508 519 /* 509 520 * loop_change_fd switched the backing store of a loopback device to 510 521 * a new file. This is useful for operating system installers to free up ··· 536 525 537 526 if (!file) 538 527 return -EBADF; 528 + 529 + error = loop_check_backing_file(file); 530 + if (error) 531 + return error; 539 532 540 533 /* suppress uevents while reconfiguring the device */ 541 534 dev_set_uevent_suppress(disk_to_dev(lo->lo_disk), 1); ··· 978 963 979 964 if (!file) 980 965 return -EBADF; 966 + 967 + if ((mode & BLK_OPEN_WRITE) && !file->f_op->write_iter) 968 + return -EINVAL; 969 + 970 + error = loop_check_backing_file(file); 971 + if (error) 972 + return error; 973 + 981 974 is_loop = is_loop_device(file); 982 975 983 976 /* This is safe, since we have a reference from open(). */

+3 -3

drivers/char/tpm/tpm-buf.c

··· 201 201 */ 202 202 u8 tpm_buf_read_u8(struct tpm_buf *buf, off_t *offset) 203 203 { 204 - u8 value; 204 + u8 value = 0; 205 205 206 206 tpm_buf_read(buf, offset, sizeof(value), &value); 207 207 ··· 218 218 */ 219 219 u16 tpm_buf_read_u16(struct tpm_buf *buf, off_t *offset) 220 220 { 221 - u16 value; 221 + u16 value = 0; 222 222 223 223 tpm_buf_read(buf, offset, sizeof(value), &value); 224 224 ··· 235 235 */ 236 236 u32 tpm_buf_read_u32(struct tpm_buf *buf, off_t *offset) 237 237 { 238 - u32 value; 238 + u32 value = 0; 239 239 240 240 tpm_buf_read(buf, offset, sizeof(value), &value); 241 241

+6 -14

drivers/char/tpm/tpm2-sessions.c

··· 40 40 * 41 41 * These are the usage functions: 42 42 * 43 - * tpm2_start_auth_session() which allocates the opaque auth structure 44 - * and gets a session from the TPM. This must be called before 45 - * any of the following functions. The session is protected by a 46 - * session_key which is derived from a random salt value 47 - * encrypted to the NULL seed. 48 43 * tpm2_end_auth_session() kills the session and frees the resources. 49 44 * Under normal operation this function is done by 50 45 * tpm_buf_check_hmac_response(), so this is only to be used on ··· 958 963 } 959 964 960 965 /** 961 - * tpm2_start_auth_session() - create a HMAC authentication session with the TPM 962 - * @chip: the TPM chip structure to create the session with 966 + * tpm2_start_auth_session() - Create an a HMAC authentication session 967 + * @chip: A TPM chip 963 968 * 964 - * This function loads the NULL seed from its saved context and starts 965 - * an authentication session on the null seed, fills in the 966 - * @chip->auth structure to contain all the session details necessary 967 - * for performing the HMAC, encrypt and decrypt operations and 968 - * returns. The NULL seed is flushed before this function returns. 969 + * Loads the ephemeral key (null seed), and starts an HMAC authenticated 970 + * session. The null seed is flushed before the return. 969 971 * 970 - * Return: zero on success or actual error encountered. 972 + * Returns zero on success, or a POSIX error code. 971 973 */ 972 974 int tpm2_start_auth_session(struct tpm_chip *chip) 973 975 { ··· 1016 1024 /* hash algorithm for session */ 1017 1025 tpm_buf_append_u16(&buf, TPM_ALG_SHA256); 1018 1026 1019 - rc = tpm_transmit_cmd(chip, &buf, 0, "start auth session"); 1027 + rc = tpm_ret_to_err(tpm_transmit_cmd(chip, &buf, 0, "StartAuthSession")); 1020 1028 tpm2_flush_context(chip, null_key); 1021 1029 1022 1030 if (rc == TPM2_RC_SUCCESS)

+1 -1

drivers/char/tpm/tpm_tis_core.h

··· 54 54 enum tis_defaults { 55 55 TIS_MEM_LEN = 0x5000, 56 56 TIS_SHORT_TIMEOUT = 750, /* ms */ 57 - TIS_LONG_TIMEOUT = 2000, /* 2 sec */ 57 + TIS_LONG_TIMEOUT = 4000, /* 4 secs */ 58 58 TIS_TIMEOUT_MIN_ATML = 14700, /* usecs */ 59 59 TIS_TIMEOUT_MAX_ATML = 15000, /* usecs */ 60 60 };

+1 -3

drivers/clocksource/i8253.c

··· 103 103 #ifdef CONFIG_CLKEVT_I8253 104 104 void clockevent_i8253_disable(void) 105 105 { 106 - raw_spin_lock(&i8253_lock); 106 + guard(raw_spinlock_irqsave)(&i8253_lock); 107 107 108 108 /* 109 109 * Writing the MODE register should stop the counter, according to ··· 132 132 outb_p(0, PIT_CH0); 133 133 134 134 outb_p(0x30, PIT_MODE); 135 - 136 - raw_spin_unlock(&i8253_lock); 137 135 } 138 136 139 137 static int pit_shutdown(struct clock_event_device *evt)

-2

drivers/gpu/drm/amd/amdgpu/amdgpu.h

··· 1614 1614 #if defined(CONFIG_ACPI) && defined(CONFIG_SUSPEND) 1615 1615 bool amdgpu_acpi_is_s3_active(struct amdgpu_device *adev); 1616 1616 bool amdgpu_acpi_is_s0ix_active(struct amdgpu_device *adev); 1617 - void amdgpu_choose_low_power_state(struct amdgpu_device *adev); 1618 1617 #else 1619 1618 static inline bool amdgpu_acpi_is_s0ix_active(struct amdgpu_device *adev) { return false; } 1620 1619 static inline bool amdgpu_acpi_is_s3_active(struct amdgpu_device *adev) { return false; } 1621 - static inline void amdgpu_choose_low_power_state(struct amdgpu_device *adev) { } 1622 1620 #endif 1623 1621 1624 1622 void amdgpu_register_gpu_instance(struct amdgpu_device *adev);

-18

drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c

··· 1533 1533 #endif /* CONFIG_AMD_PMC */ 1534 1534 } 1535 1535 1536 - /** 1537 - * amdgpu_choose_low_power_state 1538 - * 1539 - * @adev: amdgpu_device_pointer 1540 - * 1541 - * Choose the target low power state for the GPU 1542 - */ 1543 - void amdgpu_choose_low_power_state(struct amdgpu_device *adev) 1544 - { 1545 - if (adev->in_runpm) 1546 - return; 1547 - 1548 - if (amdgpu_acpi_is_s0ix_active(adev)) 1549 - adev->in_s0ix = true; 1550 - else if (amdgpu_acpi_is_s3_active(adev)) 1551 - adev->in_s3 = true; 1552 - } 1553 - 1554 1536 #endif /* CONFIG_SUSPEND */

+7 -22

drivers/gpu/drm/amd/amdgpu/amdgpu_device.c

··· 4907 4907 * @data: data 4908 4908 * 4909 4909 * This function is called when the system is about to suspend or hibernate. 4910 - * It is used to evict resources from the device before the system goes to 4911 - * sleep while there is still access to swap. 4910 + * It is used to set the appropriate flags so that eviction can be optimized 4911 + * in the pm prepare callback. 4912 4912 */ 4913 4913 static int amdgpu_device_pm_notifier(struct notifier_block *nb, unsigned long mode, 4914 4914 void *data) 4915 4915 { 4916 4916 struct amdgpu_device *adev = container_of(nb, struct amdgpu_device, pm_nb); 4917 - int r; 4918 4917 4919 4918 switch (mode) { 4920 4919 case PM_HIBERNATION_PREPARE: 4921 4920 adev->in_s4 = true; 4922 - fallthrough; 4923 - case PM_SUSPEND_PREPARE: 4924 - r = amdgpu_device_evict_resources(adev); 4925 - /* 4926 - * This is considered non-fatal at this time because 4927 - * amdgpu_device_prepare() will also fatally evict resources. 4928 - * See https://gitlab.freedesktop.org/drm/amd/-/issues/3781 4929 - */ 4930 - if (r) 4931 - drm_warn(adev_to_drm(adev), "Failed to evict resources, freeze active processes if problems occur: %d\n", r); 4921 + break; 4922 + case PM_POST_HIBERNATION: 4923 + adev->in_s4 = false; 4932 4924 break; 4933 4925 } 4934 4926 ··· 4941 4949 struct amdgpu_device *adev = drm_to_adev(dev); 4942 4950 int i, r; 4943 4951 4944 - amdgpu_choose_low_power_state(adev); 4945 - 4946 4952 if (dev->switch_power_state == DRM_SWITCH_POWER_OFF) 4947 4953 return 0; 4948 4954 4949 4955 /* Evict the majority of BOs before starting suspend sequence */ 4950 4956 r = amdgpu_device_evict_resources(adev); 4951 4957 if (r) 4952 - goto unprepare; 4958 + return r; 4953 4959 4954 4960 flush_delayed_work(&adev->gfx.gfx_off_delay_work); 4955 4961 ··· 4958 4968 continue; 4959 4969 r = adev->ip_blocks[i].version->funcs->prepare_suspend(&adev->ip_blocks[i]); 4960 4970 if (r) 4961 - goto unprepare; 4971 + return r; 4962 4972 } 4963 4973 4964 4974 return 0; 4965 - 4966 - unprepare: 4967 - adev->in_s0ix = adev->in_s3 = adev->in_s4 = false; 4968 - 4969 - return r; 4970 4975 } 4971 4976 4972 4977 /**

+1 -9

drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c

··· 2615 2615 static int amdgpu_pmops_thaw(struct device *dev) 2616 2616 { 2617 2617 struct drm_device *drm_dev = dev_get_drvdata(dev); 2618 - struct amdgpu_device *adev = drm_to_adev(drm_dev); 2619 - int r; 2620 2618 2621 - r = amdgpu_device_resume(drm_dev, true); 2622 - adev->in_s4 = false; 2623 - 2624 - return r; 2619 + return amdgpu_device_resume(drm_dev, true); 2625 2620 } 2626 2621 2627 2622 static int amdgpu_pmops_poweroff(struct device *dev) ··· 2629 2634 static int amdgpu_pmops_restore(struct device *dev) 2630 2635 { 2631 2636 struct drm_device *drm_dev = dev_get_drvdata(dev); 2632 - struct amdgpu_device *adev = drm_to_adev(drm_dev); 2633 - 2634 - adev->in_s4 = false; 2635 2637 2636 2638 return amdgpu_device_resume(drm_dev, true); 2637 2639 }

-1

drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h

··· 66 66 #define VCN_ENC_CMD_REG_WAIT 0x0000000c 67 67 68 68 #define VCN_AON_SOC_ADDRESS_2_0 0x1f800 69 - #define VCN1_AON_SOC_ADDRESS_3_0 0x48000 70 69 #define VCN_VID_IP_ADDRESS_2_0 0x0 71 70 #define VCN_AON_IP_ADDRESS_2_0 0x30000 72 71

+6 -1

drivers/gpu/drm/amd/amdgpu/hdp_v4_0.c

··· 41 41 { 42 42 if (!ring || !ring->funcs->emit_wreg) { 43 43 WREG32((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 0); 44 - RREG32((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2); 44 + /* We just need to read back a register to post the write. 45 + * Reading back the remapped register causes problems on 46 + * some platforms so just read back the memory size register. 47 + */ 48 + if (adev->nbio.funcs->get_memsize) 49 + adev->nbio.funcs->get_memsize(adev); 45 50 } else { 46 51 amdgpu_ring_emit_wreg(ring, (adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 0); 47 52 }

+6 -1

drivers/gpu/drm/amd/amdgpu/hdp_v5_0.c

··· 32 32 { 33 33 if (!ring || !ring->funcs->emit_wreg) { 34 34 WREG32((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 0); 35 - RREG32((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2); 35 + /* We just need to read back a register to post the write. 36 + * Reading back the remapped register causes problems on 37 + * some platforms so just read back the memory size register. 38 + */ 39 + if (adev->nbio.funcs->get_memsize) 40 + adev->nbio.funcs->get_memsize(adev); 36 41 } else { 37 42 amdgpu_ring_emit_wreg(ring, (adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 0); 38 43 }

+11 -1

drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c

··· 33 33 if (!ring || !ring->funcs->emit_wreg) { 34 34 WREG32_NO_KIQ((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 35 35 0); 36 - RREG32_NO_KIQ((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2); 36 + if (amdgpu_sriov_vf(adev)) { 37 + /* this is fine because SR_IOV doesn't remap the register */ 38 + RREG32_NO_KIQ((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2); 39 + } else { 40 + /* We just need to read back a register to post the write. 41 + * Reading back the remapped register causes problems on 42 + * some platforms so just read back the memory size register. 43 + */ 44 + if (adev->nbio.funcs->get_memsize) 45 + adev->nbio.funcs->get_memsize(adev); 46 + } 37 47 } else { 38 48 amdgpu_ring_emit_wreg(ring, 39 49 (adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2,

+6 -1

drivers/gpu/drm/amd/amdgpu/hdp_v6_0.c

··· 35 35 { 36 36 if (!ring || !ring->funcs->emit_wreg) { 37 37 WREG32((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 0); 38 - RREG32((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2); 38 + /* We just need to read back a register to post the write. 39 + * Reading back the remapped register causes problems on 40 + * some platforms so just read back the memory size register. 41 + */ 42 + if (adev->nbio.funcs->get_memsize) 43 + adev->nbio.funcs->get_memsize(adev); 39 44 } else { 40 45 amdgpu_ring_emit_wreg(ring, (adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 0); 41 46 }

+6 -1

drivers/gpu/drm/amd/amdgpu/hdp_v7_0.c

··· 32 32 { 33 33 if (!ring || !ring->funcs->emit_wreg) { 34 34 WREG32((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 0); 35 - RREG32((adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2); 35 + /* We just need to read back a register to post the write. 36 + * Reading back the remapped register causes problems on 37 + * some platforms so just read back the memory size register. 38 + */ 39 + if (adev->nbio.funcs->get_memsize) 40 + adev->nbio.funcs->get_memsize(adev); 36 41 } else { 37 42 amdgpu_ring_emit_wreg(ring, (adev->rmmio_remap.reg_offset + KFD_MMIO_REMAP_HDP_MEM_FLUSH_CNTL) >> 2, 0); 38 43 }

+1

drivers/gpu/drm/amd/amdgpu/vcn_v2_0.c

··· 39 39 40 40 #define VCN_VID_SOC_ADDRESS_2_0 0x1fa00 41 41 #define VCN1_VID_SOC_ADDRESS_3_0 0x48200 42 + #define VCN1_AON_SOC_ADDRESS_3_0 0x48000 42 43 43 44 #define mmUVD_CONTEXT_ID_INTERNAL_OFFSET 0x1fd 44 45 #define mmUVD_GPCOM_VCPU_CMD_INTERNAL_OFFSET 0x503

+1

drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c

··· 39 39 40 40 #define VCN_VID_SOC_ADDRESS_2_0 0x1fa00 41 41 #define VCN1_VID_SOC_ADDRESS_3_0 0x48200 42 + #define VCN1_AON_SOC_ADDRESS_3_0 0x48000 42 43 43 44 #define mmUVD_CONTEXT_ID_INTERNAL_OFFSET 0x27 44 45 #define mmUVD_GPCOM_VCPU_CMD_INTERNAL_OFFSET 0x0f

+1

drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c

··· 40 40 41 41 #define VCN_VID_SOC_ADDRESS_2_0 0x1fa00 42 42 #define VCN1_VID_SOC_ADDRESS_3_0 0x48200 43 + #define VCN1_AON_SOC_ADDRESS_3_0 0x48000 43 44 44 45 #define mmUVD_CONTEXT_ID_INTERNAL_OFFSET 0x27 45 46 #define mmUVD_GPCOM_VCPU_CMD_INTERNAL_OFFSET 0x0f

+3 -1

drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c

··· 46 46 47 47 #define VCN_VID_SOC_ADDRESS_2_0 0x1fb00 48 48 #define VCN1_VID_SOC_ADDRESS_3_0 0x48300 49 + #define VCN1_AON_SOC_ADDRESS_3_0 0x48000 49 50 50 51 #define VCN_HARVEST_MMSCH 0 51 52 ··· 615 614 616 615 /* VCN global tiling registers */ 617 616 WREG32_SOC15_DPG_MODE(inst_idx, SOC15_DPG_MODE_OFFSET( 618 - VCN, 0, regUVD_GFX10_ADDR_CONFIG), adev->gfx.config.gb_addr_config, 0, indirect); 617 + VCN, inst_idx, regUVD_GFX10_ADDR_CONFIG), 618 + adev->gfx.config.gb_addr_config, 0, indirect); 619 619 } 620 620 621 621 /**

+1

drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c

··· 45 45 46 46 #define VCN_VID_SOC_ADDRESS_2_0 0x1fb00 47 47 #define VCN1_VID_SOC_ADDRESS_3_0 0x48300 48 + #define VCN1_AON_SOC_ADDRESS_3_0 0x48000 48 49 49 50 static const struct amdgpu_hwip_reg_entry vcn_reg_list_4_0_3[] = { 50 51 SOC15_REG_ENTRY_STR(VCN, 0, regUVD_POWER_STATUS),

+1

drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c

··· 46 46 47 47 #define VCN_VID_SOC_ADDRESS_2_0 0x1fb00 48 48 #define VCN1_VID_SOC_ADDRESS_3_0 (0x48300 + 0x38000) 49 + #define VCN1_AON_SOC_ADDRESS_3_0 (0x48000 + 0x38000) 49 50 50 51 #define VCN_HARVEST_MMSCH 0 51 52

+2 -1

drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c

··· 533 533 534 534 /* VCN global tiling registers */ 535 535 WREG32_SOC24_DPG_MODE(inst_idx, SOC24_DPG_MODE_OFFSET( 536 - VCN, 0, regUVD_GFX10_ADDR_CONFIG), adev->gfx.config.gb_addr_config, 0, indirect); 536 + VCN, inst_idx, regUVD_GFX10_ADDR_CONFIG), 537 + adev->gfx.config.gb_addr_config, 0, indirect); 537 538 538 539 return; 539 540 }

+17 -19

drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c

··· 673 673 spin_lock_irqsave(&adev_to_drm(adev)->event_lock, flags); 674 674 675 675 if (acrtc->dm_irq_params.stream && 676 - acrtc->dm_irq_params.vrr_params.supported && 677 - acrtc->dm_irq_params.freesync_config.state == 678 - VRR_STATE_ACTIVE_VARIABLE) { 676 + acrtc->dm_irq_params.vrr_params.supported) { 677 + bool replay_en = acrtc->dm_irq_params.stream->link->replay_settings.replay_feature_enabled; 678 + bool psr_en = acrtc->dm_irq_params.stream->link->psr_settings.psr_feature_enabled; 679 + bool fs_active_var_en = acrtc->dm_irq_params.freesync_config.state == VRR_STATE_ACTIVE_VARIABLE; 680 + 679 681 mod_freesync_handle_v_update(adev->dm.freesync_module, 680 682 acrtc->dm_irq_params.stream, 681 683 &acrtc->dm_irq_params.vrr_params); 682 684 683 - dc_stream_adjust_vmin_vmax(adev->dm.dc, acrtc->dm_irq_params.stream, 684 - &acrtc->dm_irq_params.vrr_params.adjust); 685 + /* update vmin_vmax only if freesync is enabled, or only if PSR and REPLAY are disabled */ 686 + if (fs_active_var_en || (!fs_active_var_en && !replay_en && !psr_en)) { 687 + dc_stream_adjust_vmin_vmax(adev->dm.dc, 688 + acrtc->dm_irq_params.stream, 689 + &acrtc->dm_irq_params.vrr_params.adjust); 690 + } 685 691 } 686 692 687 693 /* ··· 12749 12743 * Transient states before tunneling is enabled could 12750 12744 * lead to this error. We can ignore this for now. 12751 12745 */ 12752 - if (p_notify->result != AUX_RET_ERROR_PROTOCOL_ERROR) { 12746 + if (p_notify->result == AUX_RET_ERROR_PROTOCOL_ERROR) { 12753 12747 DRM_WARN("DPIA AUX failed on 0x%x(%d), error %d\n", 12754 12748 payload->address, payload->length, 12755 12749 p_notify->result); ··· 12758 12752 goto out; 12759 12753 } 12760 12754 12755 + payload->reply[0] = adev->dm.dmub_notify->aux_reply.command & 0xF; 12756 + if (adev->dm.dmub_notify->aux_reply.command & 0xF0) 12757 + /* The reply is stored in the top nibble of the command. */ 12758 + payload->reply[0] = (adev->dm.dmub_notify->aux_reply.command >> 4) & 0xF; 12761 12759 12762 - payload->reply[0] = adev->dm.dmub_notify->aux_reply.command; 12763 - if (!payload->write && p_notify->aux_reply.length && 12764 - (payload->reply[0] == AUX_TRANSACTION_REPLY_AUX_ACK)) { 12765 - 12766 - if (payload->length != p_notify->aux_reply.length) { 12767 - DRM_WARN("invalid read length %d from DPIA AUX 0x%x(%d)!\n", 12768 - p_notify->aux_reply.length, 12769 - payload->address, payload->length); 12770 - *operation_result = AUX_RET_ERROR_INVALID_REPLY; 12771 - goto out; 12772 - } 12773 - 12760 + if (!payload->write && p_notify->aux_reply.length) 12774 12761 memcpy(payload->data, p_notify->aux_reply.data, 12775 12762 p_notify->aux_reply.length); 12776 - } 12777 12763 12778 12764 /* success */ 12779 12765 ret = p_notify->aux_reply.length;

+24 -4

drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c

··· 51 51 52 52 #define PEAK_FACTOR_X1000 1006 53 53 54 + /* 55 + * This function handles both native AUX and I2C-Over-AUX transactions. 56 + */ 54 57 static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, 55 58 struct drm_dp_aux_msg *msg) 56 59 { ··· 90 87 if (adev->dm.aux_hpd_discon_quirk) { 91 88 if (msg->address == DP_SIDEBAND_MSG_DOWN_REQ_BASE && 92 89 operation_result == AUX_RET_ERROR_HPD_DISCON) { 93 - result = 0; 90 + result = msg->size; 94 91 operation_result = AUX_RET_SUCCESS; 95 92 } 96 93 } 97 94 98 - if (payload.write && result >= 0) 99 - result = msg->size; 95 + /* 96 + * result equals to 0 includes the cases of AUX_DEFER/I2C_DEFER 97 + */ 98 + if (payload.write && result >= 0) { 99 + if (result) { 100 + /*one byte indicating partially written bytes. Force 0 to retry*/ 101 + drm_info(adev_to_drm(adev), "amdgpu: AUX partially written\n"); 102 + result = 0; 103 + } else if (!payload.reply[0]) 104 + /*I2C_ACK|AUX_ACK*/ 105 + result = msg->size; 106 + } 100 107 101 - if (result < 0) 108 + if (result < 0) { 102 109 switch (operation_result) { 103 110 case AUX_RET_SUCCESS: 104 111 break; ··· 126 113 result = -ETIMEDOUT; 127 114 break; 128 115 } 116 + 117 + drm_info(adev_to_drm(adev), "amdgpu: DP AUX transfer fail:%d\n", operation_result); 118 + } 119 + 120 + if (payload.reply[0]) 121 + drm_info(adev_to_drm(adev), "amdgpu: AUX reply command not ACK: 0x%02x.", 122 + payload.reply[0]); 129 123 130 124 return result; 131 125 }

+4 -4

drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_wrapper.c

··· 234 234 if (!result) 235 235 return false; 236 236 237 + DC_FP_START(); 237 238 result = dml2_build_mode_programming(mode_programming); 239 + DC_FP_END(); 238 240 if (!result) 239 241 return false; 240 242 ··· 279 277 mode_support->dml2_instance = dml_init->dml2_instance; 280 278 dml21_map_dc_state_into_dml_display_cfg(in_dc, context, dml_ctx); 281 279 dml_ctx->v21.mode_programming.dml2_instance->scratch.build_mode_programming_locals.mode_programming_params.programming = dml_ctx->v21.mode_programming.programming; 280 + DC_FP_START(); 282 281 is_supported = dml2_check_mode_supported(mode_support); 282 + DC_FP_END(); 283 283 if (!is_supported) 284 284 return false; 285 285 ··· 292 288 { 293 289 bool out = false; 294 290 295 - DC_FP_START(); 296 - 297 291 /* Use dml_validate_only for fast_validate path */ 298 292 if (fast_validate) 299 293 out = dml21_check_mode_support(in_dc, context, dml_ctx); 300 294 else 301 295 out = dml21_mode_check_and_programming(in_dc, context, dml_ctx); 302 - 303 - DC_FP_END(); 304 296 305 297 return out; 306 298 }

+5 -9

drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c

··· 973 973 } 974 974 } 975 975 976 - static void get_scaler_data_for_plane(const struct dc_plane_state *in, struct dc_state *context, struct scaler_data *out) 976 + static struct scaler_data *get_scaler_data_for_plane( 977 + const struct dc_plane_state *in, 978 + struct dc_state *context) 977 979 { 978 980 int i; 979 981 struct pipe_ctx *temp_pipe = &context->res_ctx.temp_pipe; ··· 996 994 } 997 995 998 996 ASSERT(i < MAX_PIPES); 999 - memcpy(out, &temp_pipe->plane_res.scl_data, sizeof(*out)); 997 + return &temp_pipe->plane_res.scl_data; 1000 998 } 1001 999 1002 1000 static void populate_dummy_dml_plane_cfg(struct dml_plane_cfg_st *out, unsigned int location, ··· 1059 1057 const struct dc_plane_state *in, struct dc_state *context, 1060 1058 const struct soc_bounding_box_st *soc) 1061 1059 { 1062 - struct scaler_data *scaler_data = kzalloc(sizeof(*scaler_data), GFP_KERNEL); 1063 - if (!scaler_data) 1064 - return; 1065 - 1066 - get_scaler_data_for_plane(in, context, scaler_data); 1060 + struct scaler_data *scaler_data = get_scaler_data_for_plane(in, context); 1067 1061 1068 1062 out->CursorBPP[location] = dml_cur_32bit; 1069 1063 out->CursorWidth[location] = 256; ··· 1124 1126 out->DynamicMetadataTransmittedBytes[location] = 0; 1125 1127 1126 1128 out->NumberOfCursors[location] = 1; 1127 - 1128 - kfree(scaler_data); 1129 1129 } 1130 1130 1131 1131 static unsigned int map_stream_to_dml_display_cfg(const struct dml2_context *dml2,

-6

drivers/gpu/drm/amd/display/dc/resource/dcn32/dcn32_resource.c

··· 2114 2114 #define REG_STRUCT dccg_regs 2115 2115 dccg_regs_init(); 2116 2116 2117 - DC_FP_START(); 2118 - 2119 2117 ctx->dc_bios->regs = &bios_regs; 2120 2118 2121 2119 pool->base.res_cap = &res_cap_dcn32; ··· 2499 2501 if (ASICREV_IS_GC_11_0_3(dc->ctx->asic_id.hw_internal_rev) && (dc->config.sdpif_request_limit_words_per_umc == 0)) 2500 2502 dc->config.sdpif_request_limit_words_per_umc = 16; 2501 2503 2502 - DC_FP_END(); 2503 - 2504 2504 return true; 2505 2505 2506 2506 create_fail: 2507 - 2508 - DC_FP_END(); 2509 2507 2510 2508 dcn32_resource_destruct(pool); 2511 2509

+1 -1

drivers/gpu/drm/drm_drv.c

··· 549 549 if (drm_WARN_ONCE(dev, !recovery, "invalid recovery method %u\n", opt)) 550 550 break; 551 551 552 - len += scnprintf(event_string + len, sizeof(event_string), "%s,", recovery); 552 + len += scnprintf(event_string + len, sizeof(event_string) - len, "%s,", recovery); 553 553 } 554 554 555 555 if (recovery)

+1 -1

drivers/gpu/drm/i915/display/intel_dp_mst.c

··· 242 242 to_intel_connector(conn_state->connector); 243 243 const struct drm_display_mode *adjusted_mode = 244 244 &crtc_state->hw.adjusted_mode; 245 - bool is_mst = intel_dp->is_mst; 245 + bool is_mst = intel_crtc_has_type(crtc_state, INTEL_OUTPUT_DP_MST); 246 246 int bpp_x16, slots = -EINVAL; 247 247 int dsc_slice_count = 0; 248 248 int max_dpt_bpp_x16;

+11 -3

drivers/gpu/drm/i915/gt/intel_rps.c

··· 1001 1001 if (rps_uses_slpc(rps)) { 1002 1002 slpc = rps_to_slpc(rps); 1003 1003 1004 + /* Don't decrement num_waiters for req where increment was skipped */ 1005 + if (slpc->power_profile == SLPC_POWER_PROFILES_POWER_SAVING) 1006 + return; 1007 + 1004 1008 intel_guc_slpc_dec_waiters(slpc); 1005 1009 } else { 1006 1010 atomic_dec(&rps->num_waiters); ··· 1033 1029 if (slpc->power_profile == SLPC_POWER_PROFILES_POWER_SAVING) 1034 1030 return; 1035 1031 1036 - if (slpc->min_freq_softlimit >= slpc->boost_freq) 1037 - return; 1038 - 1039 1032 /* Return if old value is non zero */ 1040 1033 if (!atomic_fetch_inc(&slpc->num_waiters)) { 1034 + /* 1035 + * Skip queuing boost work if frequency is already boosted, 1036 + * but still increment num_waiters. 1037 + */ 1038 + if (slpc->min_freq_softlimit >= slpc->boost_freq) 1039 + return; 1040 + 1041 1041 GT_TRACE(rps_to_gt(rps), "boost fence:%llx:%llx\n", 1042 1042 rq->fence.context, rq->fence.seqno); 1043 1043 queue_work(rps_to_gt(rps)->i915->unordered_wq,

+13 -12

drivers/gpu/drm/panel/panel-simple.c

··· 1027 1027 }, 1028 1028 }; 1029 1029 1030 - static const struct drm_display_mode auo_g101evn010_mode = { 1031 - .clock = 68930, 1032 - .hdisplay = 1280, 1033 - .hsync_start = 1280 + 82, 1034 - .hsync_end = 1280 + 82 + 2, 1035 - .htotal = 1280 + 82 + 2 + 84, 1036 - .vdisplay = 800, 1037 - .vsync_start = 800 + 8, 1038 - .vsync_end = 800 + 8 + 2, 1039 - .vtotal = 800 + 8 + 2 + 6, 1030 + static const struct display_timing auo_g101evn010_timing = { 1031 + .pixelclock = { 64000000, 68930000, 85000000 }, 1032 + .hactive = { 1280, 1280, 1280 }, 1033 + .hfront_porch = { 8, 64, 256 }, 1034 + .hback_porch = { 8, 64, 256 }, 1035 + .hsync_len = { 40, 168, 767 }, 1036 + .vactive = { 800, 800, 800 }, 1037 + .vfront_porch = { 4, 8, 100 }, 1038 + .vback_porch = { 4, 8, 100 }, 1039 + .vsync_len = { 8, 16, 223 }, 1040 1040 }; 1041 1041 1042 1042 static const struct panel_desc auo_g101evn010 = { 1043 - .modes = &auo_g101evn010_mode, 1044 - .num_modes = 1, 1043 + .timings = &auo_g101evn010_timing, 1044 + .num_timings = 1, 1045 1045 .bpc = 6, 1046 1046 .size = { 1047 1047 .width = 216, 1048 1048 .height = 135, 1049 1049 }, 1050 1050 .bus_format = MEDIA_BUS_FMT_RGB666_1X7X3_SPWG, 1051 + .bus_flags = DRM_BUS_FLAG_DE_HIGH, 1051 1052 .connector_type = DRM_MODE_CONNECTOR_LVDS, 1052 1053 }; 1053 1054

+12 -32

drivers/gpu/drm/ttm/ttm_backup.c

··· 8 8 #include <linux/swap.h> 9 9 10 10 /* 11 - * Casting from randomized struct file * to struct ttm_backup * is fine since 12 - * struct ttm_backup is never defined nor dereferenced. 13 - */ 14 - static struct file *ttm_backup_to_file(struct ttm_backup *backup) 15 - { 16 - return (void *)backup; 17 - } 18 - 19 - static struct ttm_backup *ttm_file_to_backup(struct file *file) 20 - { 21 - return (void *)file; 22 - } 23 - 24 - /* 25 11 * Need to map shmem indices to handle since a handle value 26 12 * of 0 means error, following the swp_entry_t convention. 27 13 */ ··· 26 40 * @backup: The struct backup pointer used to obtain the handle 27 41 * @handle: The handle obtained from the @backup_page function. 28 42 */ 29 - void ttm_backup_drop(struct ttm_backup *backup, pgoff_t handle) 43 + void ttm_backup_drop(struct file *backup, pgoff_t handle) 30 44 { 31 45 loff_t start = ttm_backup_handle_to_shmem_idx(handle); 32 46 33 47 start <<= PAGE_SHIFT; 34 - shmem_truncate_range(file_inode(ttm_backup_to_file(backup)), start, 48 + shmem_truncate_range(file_inode(backup), start, 35 49 start + PAGE_SIZE - 1); 36 50 } 37 51 ··· 41 55 * @backup: The struct backup pointer used to back up the page. 42 56 * @dst: The struct page to copy into. 43 57 * @handle: The handle returned when the page was backed up. 44 - * @intr: Try to perform waits interruptable or at least killable. 58 + * @intr: Try to perform waits interruptible or at least killable. 45 59 * 46 60 * Return: 0 on success, Negative error code on failure, notably 47 61 * -EINTR if @intr was set to true and a signal is pending. 48 62 */ 49 - int ttm_backup_copy_page(struct ttm_backup *backup, struct page *dst, 63 + int ttm_backup_copy_page(struct file *backup, struct page *dst, 50 64 pgoff_t handle, bool intr) 51 65 { 52 - struct file *filp = ttm_backup_to_file(backup); 53 - struct address_space *mapping = filp->f_mapping; 66 + struct address_space *mapping = backup->f_mapping; 54 67 struct folio *from_folio; 55 68 pgoff_t idx = ttm_backup_handle_to_shmem_idx(handle); 56 69 ··· 91 106 * the folio size- and usage. 92 107 */ 93 108 s64 94 - ttm_backup_backup_page(struct ttm_backup *backup, struct page *page, 109 + ttm_backup_backup_page(struct file *backup, struct page *page, 95 110 bool writeback, pgoff_t idx, gfp_t page_gfp, 96 111 gfp_t alloc_gfp) 97 112 { 98 - struct file *filp = ttm_backup_to_file(backup); 99 - struct address_space *mapping = filp->f_mapping; 113 + struct address_space *mapping = backup->f_mapping; 100 114 unsigned long handle = 0; 101 115 struct folio *to_folio; 102 116 int ret; ··· 145 161 * 146 162 * After a call to this function, it's illegal to use the @backup pointer. 147 163 */ 148 - void ttm_backup_fini(struct ttm_backup *backup) 164 + void ttm_backup_fini(struct file *backup) 149 165 { 150 - fput(ttm_backup_to_file(backup)); 166 + fput(backup); 151 167 } 152 168 153 169 /** ··· 178 194 * 179 195 * Create a backup utilizing shmem objects. 180 196 * 181 - * Return: A pointer to a struct ttm_backup on success, 197 + * Return: A pointer to a struct file on success, 182 198 * an error pointer on error. 183 199 */ 184 - struct ttm_backup *ttm_backup_shmem_create(loff_t size) 200 + struct file *ttm_backup_shmem_create(loff_t size) 185 201 { 186 - struct file *filp; 187 - 188 - filp = shmem_file_setup("ttm shmem backup", size, 0); 189 - 190 - return ttm_file_to_backup(filp); 202 + return shmem_file_setup("ttm shmem backup", size, 0); 191 203 }

+3 -3

drivers/gpu/drm/ttm/ttm_pool.c

··· 506 506 * if successful, populate the page-table and dma-address arrays. 507 507 */ 508 508 static int ttm_pool_restore_commit(struct ttm_pool_tt_restore *restore, 509 - struct ttm_backup *backup, 509 + struct file *backup, 510 510 const struct ttm_operation_ctx *ctx, 511 511 struct ttm_pool_alloc_state *alloc) 512 512 ··· 655 655 pgoff_t start_page, pgoff_t end_page) 656 656 { 657 657 struct page **pages = &tt->pages[start_page]; 658 - struct ttm_backup *backup = tt->backup; 658 + struct file *backup = tt->backup; 659 659 pgoff_t i, nr; 660 660 661 661 for (i = start_page; i < end_page; i += nr, pages += nr) { ··· 963 963 long ttm_pool_backup(struct ttm_pool *pool, struct ttm_tt *tt, 964 964 const struct ttm_backup_flags *flags) 965 965 { 966 - struct ttm_backup *backup = tt->backup; 966 + struct file *backup = tt->backup; 967 967 struct page *page; 968 968 unsigned long handle; 969 969 gfp_t alloc_gfp;

+1 -1

drivers/gpu/drm/ttm/ttm_tt.c

··· 544 544 */ 545 545 int ttm_tt_setup_backup(struct ttm_tt *tt) 546 546 { 547 - struct ttm_backup *backup = 547 + struct file *backup = 548 548 ttm_backup_shmem_create(((loff_t)tt->num_pages) << PAGE_SHIFT); 549 549 550 550 if (WARN_ON_ONCE(!(tt->page_flags & TTM_TT_FLAG_EXTERNAL_MAPPABLE)))

+21 -7

drivers/gpu/drm/v3d/v3d_sched.c

··· 744 744 return DRM_GPU_SCHED_STAT_NOMINAL; 745 745 } 746 746 747 - /* If the current address or return address have changed, then the GPU 748 - * has probably made progress and we should delay the reset. This 749 - * could fail if the GPU got in an infinite loop in the CL, but that 750 - * is pretty unlikely outside of an i-g-t testcase. 751 - */ 747 + static void 748 + v3d_sched_skip_reset(struct drm_sched_job *sched_job) 749 + { 750 + struct drm_gpu_scheduler *sched = sched_job->sched; 751 + 752 + spin_lock(&sched->job_list_lock); 753 + list_add(&sched_job->list, &sched->pending_list); 754 + spin_unlock(&sched->job_list_lock); 755 + } 756 + 752 757 static enum drm_gpu_sched_stat 753 758 v3d_cl_job_timedout(struct drm_sched_job *sched_job, enum v3d_queue q, 754 759 u32 *timedout_ctca, u32 *timedout_ctra) ··· 763 758 u32 ctca = V3D_CORE_READ(0, V3D_CLE_CTNCA(q)); 764 759 u32 ctra = V3D_CORE_READ(0, V3D_CLE_CTNRA(q)); 765 760 761 + /* If the current address or return address have changed, then the GPU 762 + * has probably made progress and we should delay the reset. This 763 + * could fail if the GPU got in an infinite loop in the CL, but that 764 + * is pretty unlikely outside of an i-g-t testcase. 765 + */ 766 766 if (*timedout_ctca != ctca || *timedout_ctra != ctra) { 767 767 *timedout_ctca = ctca; 768 768 *timedout_ctra = ctra; 769 + 770 + v3d_sched_skip_reset(sched_job); 769 771 return DRM_GPU_SCHED_STAT_NOMINAL; 770 772 } 771 773 ··· 812 800 struct v3d_dev *v3d = job->base.v3d; 813 801 u32 batches = V3D_CORE_READ(0, V3D_CSD_CURRENT_CFG4(v3d->ver)); 814 802 815 - /* If we've made progress, skip reset and let the timer get 816 - * rearmed. 803 + /* If we've made progress, skip reset, add the job to the pending 804 + * list, and let the timer get rearmed. 817 805 */ 818 806 if (job->timedout_batches != batches) { 819 807 job->timedout_batches = batches; 808 + 809 + v3d_sched_skip_reset(sched_job); 820 810 return DRM_GPU_SCHED_STAT_NOMINAL; 821 811 } 822 812

+5 -2

drivers/gpu/drm/xe/tests/xe_mocs.c

··· 46 46 unsigned int fw_ref, i; 47 47 u32 reg_val; 48 48 49 - fw_ref = xe_force_wake_get(gt_to_fw(gt), XE_FW_GT); 50 - KUNIT_ASSERT_NE_MSG(test, fw_ref, 0, "Forcewake Failed.\n"); 49 + fw_ref = xe_force_wake_get(gt_to_fw(gt), XE_FORCEWAKE_ALL); 50 + if (!xe_force_wake_ref_has_domain(fw_ref, XE_FORCEWAKE_ALL)) { 51 + xe_force_wake_put(gt_to_fw(gt), fw_ref); 52 + KUNIT_ASSERT_TRUE_MSG(test, true, "Forcewake Failed.\n"); 53 + } 51 54 52 55 for (i = 0; i < info->num_mocs_regs; i++) { 53 56 if (!(i & 1)) {

+22

drivers/gpu/drm/xe/xe_gsc.c

··· 555 555 flush_work(&gsc->work); 556 556 } 557 557 558 + void xe_gsc_stop_prepare(struct xe_gsc *gsc) 559 + { 560 + struct xe_gt *gt = gsc_to_gt(gsc); 561 + int ret; 562 + 563 + if (!xe_uc_fw_is_loadable(&gsc->fw) || xe_uc_fw_is_in_error_state(&gsc->fw)) 564 + return; 565 + 566 + xe_force_wake_assert_held(gt_to_fw(gt), XE_FW_GSC); 567 + 568 + /* 569 + * If the GSC FW load or the proxy init are interrupted, the only way 570 + * to recover it is to do an FLR and reload the GSC from scratch. 571 + * Therefore, let's wait for the init to complete before stopping 572 + * operations. The proxy init is the last step, so we can just wait on 573 + * that 574 + */ 575 + ret = xe_gsc_wait_for_proxy_init_done(gsc); 576 + if (ret) 577 + xe_gt_err(gt, "failed to wait for GSC init completion before uc stop\n"); 578 + } 579 + 558 580 /* 559 581 * wa_14015076503: if the GSC FW is loaded, we need to alert it before doing a 560 582 * GSC engine reset by writing a notification bit in the GS1 register and then

+1

drivers/gpu/drm/xe/xe_gsc.h

··· 16 16 int xe_gsc_init(struct xe_gsc *gsc); 17 17 int xe_gsc_init_post_hwconfig(struct xe_gsc *gsc); 18 18 void xe_gsc_wait_for_worker_completion(struct xe_gsc *gsc); 19 + void xe_gsc_stop_prepare(struct xe_gsc *gsc); 19 20 void xe_gsc_load_start(struct xe_gsc *gsc); 20 21 void xe_gsc_hwe_irq_handler(struct xe_hw_engine *hwe, u16 intr_vec); 21 22

+11

drivers/gpu/drm/xe/xe_gsc_proxy.c

··· 71 71 HECI1_FWSTS1_PROXY_STATE_NORMAL; 72 72 } 73 73 74 + int xe_gsc_wait_for_proxy_init_done(struct xe_gsc *gsc) 75 + { 76 + struct xe_gt *gt = gsc_to_gt(gsc); 77 + 78 + /* Proxy init can take up to 500ms, so wait double that for safety */ 79 + return xe_mmio_wait32(&gt->mmio, HECI_FWSTS1(MTL_GSC_HECI1_BASE), 80 + HECI1_FWSTS1_CURRENT_STATE, 81 + HECI1_FWSTS1_PROXY_STATE_NORMAL, 82 + USEC_PER_SEC, NULL, false); 83 + } 84 + 74 85 static void __gsc_proxy_irq_rmw(struct xe_gsc *gsc, u32 clr, u32 set) 75 86 { 76 87 struct xe_gt *gt = gsc_to_gt(gsc);

+1

drivers/gpu/drm/xe/xe_gsc_proxy.h

··· 12 12 13 13 int xe_gsc_proxy_init(struct xe_gsc *gsc); 14 14 bool xe_gsc_proxy_init_done(struct xe_gsc *gsc); 15 + int xe_gsc_wait_for_proxy_init_done(struct xe_gsc *gsc); 15 16 int xe_gsc_proxy_start(struct xe_gsc *gsc); 16 17 17 18 int xe_gsc_proxy_request_handler(struct xe_gsc *gsc);

+1 -1

drivers/gpu/drm/xe/xe_gt.c

··· 857 857 858 858 fw_ref = xe_force_wake_get(gt_to_fw(gt), XE_FORCEWAKE_ALL); 859 859 860 - xe_uc_stop_prepare(&gt->uc); 860 + xe_uc_suspend_prepare(&gt->uc); 861 861 862 862 xe_force_wake_put(gt_to_fw(gt), fw_ref); 863 863 }

+5 -4

drivers/gpu/drm/xe/xe_gt_debugfs.c

··· 92 92 struct xe_hw_engine *hwe; 93 93 enum xe_hw_engine_id id; 94 94 unsigned int fw_ref; 95 + int ret = 0; 95 96 96 97 xe_pm_runtime_get(xe); 97 98 fw_ref = xe_force_wake_get(gt_to_fw(gt), XE_FORCEWAKE_ALL); 98 99 if (!xe_force_wake_ref_has_domain(fw_ref, XE_FORCEWAKE_ALL)) { 99 - xe_pm_runtime_put(xe); 100 - xe_force_wake_put(gt_to_fw(gt), fw_ref); 101 - return -ETIMEDOUT; 100 + ret = -ETIMEDOUT; 101 + goto fw_put; 102 102 } 103 103 104 104 for_each_hw_engine(hwe, gt, id) 105 105 xe_hw_engine_print(hwe, p); 106 106 107 + fw_put: 107 108 xe_force_wake_put(gt_to_fw(gt), fw_ref); 108 109 xe_pm_runtime_put(xe); 109 110 110 - return 0; 111 + return ret; 111 112 } 112 113 113 114 static int powergate_info(struct xe_gt *gt, struct drm_printer *p)

+9 -2

drivers/gpu/drm/xe/xe_gt_pagefault.c

··· 435 435 num_eus = bitmap_weight(gt->fuse_topo.eu_mask_per_dss, 436 436 XE_MAX_EU_FUSE_BITS) * num_dss; 437 437 438 - /* user can issue separate page faults per EU and per CS */ 438 + /* 439 + * user can issue separate page faults per EU and per CS 440 + * 441 + * XXX: Multiplier required as compute UMD are getting PF queue errors 442 + * without it. Follow on why this multiplier is required. 443 + */ 444 + #define PF_MULTIPLIER 8 439 445 pf_queue->num_dw = 440 - (num_eus + XE_NUM_HW_ENGINES) * PF_MSG_LEN_DW; 446 + (num_eus + XE_NUM_HW_ENGINES) * PF_MSG_LEN_DW * PF_MULTIPLIER; 447 + #undef PF_MULTIPLIER 441 448 442 449 pf_queue->gt = gt; 443 450 pf_queue->data = devm_kcalloc(xe->drm.dev, pf_queue->num_dw,

+12

drivers/gpu/drm/xe/xe_svm.c

··· 947 947 return 0; 948 948 } 949 949 #endif 950 + 951 + /** 952 + * xe_svm_flush() - SVM flush 953 + * @vm: The VM. 954 + * 955 + * Flush all SVM actions. 956 + */ 957 + void xe_svm_flush(struct xe_vm *vm) 958 + { 959 + if (xe_vm_in_fault_mode(vm)) 960 + flush_work(&vm->svm.garbage_collector.work); 961 + }

+8

drivers/gpu/drm/xe/xe_svm.h

··· 72 72 int xe_svm_bo_evict(struct xe_bo *bo); 73 73 74 74 void xe_svm_range_debug(struct xe_svm_range *range, const char *operation); 75 + 76 + void xe_svm_flush(struct xe_vm *vm); 77 + 75 78 #else 76 79 static inline bool xe_svm_range_pages_valid(struct xe_svm_range *range) 77 80 { ··· 127 124 void xe_svm_range_debug(struct xe_svm_range *range, const char *operation) 128 125 { 129 126 } 127 + 128 + static inline void xe_svm_flush(struct xe_vm *vm) 129 + { 130 + } 131 + 130 132 #endif 131 133 132 134 /**

+7 -1

drivers/gpu/drm/xe/xe_uc.c

··· 244 244 245 245 void xe_uc_stop_prepare(struct xe_uc *uc) 246 246 { 247 - xe_gsc_wait_for_worker_completion(&uc->gsc); 247 + xe_gsc_stop_prepare(&uc->gsc); 248 248 xe_guc_stop_prepare(&uc->guc); 249 249 } 250 250 ··· 276 276 ret = xe_uc_reset_prepare(uc); 277 277 if (ret) 278 278 goto again; 279 + } 280 + 281 + void xe_uc_suspend_prepare(struct xe_uc *uc) 282 + { 283 + xe_gsc_wait_for_worker_completion(&uc->gsc); 284 + xe_guc_stop_prepare(&uc->guc); 279 285 } 280 286 281 287 int xe_uc_suspend(struct xe_uc *uc)

+1

drivers/gpu/drm/xe/xe_uc.h

··· 18 18 void xe_uc_stop_prepare(struct xe_uc *uc); 19 19 void xe_uc_stop(struct xe_uc *uc); 20 20 int xe_uc_start(struct xe_uc *uc); 21 + void xe_uc_suspend_prepare(struct xe_uc *uc); 21 22 int xe_uc_suspend(struct xe_uc *uc); 22 23 int xe_uc_sanitize_reset(struct xe_uc *uc); 23 24 void xe_uc_declare_wedged(struct xe_uc *uc);

+1 -2

drivers/gpu/drm/xe/xe_vm.c

··· 3312 3312 } 3313 3313 3314 3314 /* Ensure all UNMAPs visible */ 3315 - if (xe_vm_in_fault_mode(vm)) 3316 - flush_work(&vm->svm.garbage_collector.work); 3315 + xe_svm_flush(vm); 3317 3316 3318 3317 err = down_write_killable(&vm->lock); 3319 3318 if (err)

+1 -1

drivers/gpu/nova-core/gpu.rs

··· 93 93 // For now, redirect to fmt::Debug for convenience. 94 94 impl fmt::Display for Chipset { 95 95 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { 96 - write!(f, "{:?}", self) 96 + write!(f, "{self:?}") 97 97 } 98 98 } 99 99

+3 -62

drivers/hv/channel.c

··· 1077 1077 EXPORT_SYMBOL(vmbus_sendpacket); 1078 1078 1079 1079 /* 1080 - * vmbus_sendpacket_pagebuffer - Send a range of single-page buffer 1081 - * packets using a GPADL Direct packet type. This interface allows you 1082 - * to control notifying the host. This will be useful for sending 1083 - * batched data. Also the sender can control the send flags 1084 - * explicitly. 1085 - */ 1086 - int vmbus_sendpacket_pagebuffer(struct vmbus_channel *channel, 1087 - struct hv_page_buffer pagebuffers[], 1088 - u32 pagecount, void *buffer, u32 bufferlen, 1089 - u64 requestid) 1090 - { 1091 - int i; 1092 - struct vmbus_channel_packet_page_buffer desc; 1093 - u32 descsize; 1094 - u32 packetlen; 1095 - u32 packetlen_aligned; 1096 - struct kvec bufferlist[3]; 1097 - u64 aligned_data = 0; 1098 - 1099 - if (pagecount > MAX_PAGE_BUFFER_COUNT) 1100 - return -EINVAL; 1101 - 1102 - /* 1103 - * Adjust the size down since vmbus_channel_packet_page_buffer is the 1104 - * largest size we support 1105 - */ 1106 - descsize = sizeof(struct vmbus_channel_packet_page_buffer) - 1107 - ((MAX_PAGE_BUFFER_COUNT - pagecount) * 1108 - sizeof(struct hv_page_buffer)); 1109 - packetlen = descsize + bufferlen; 1110 - packetlen_aligned = ALIGN(packetlen, sizeof(u64)); 1111 - 1112 - /* Setup the descriptor */ 1113 - desc.type = VM_PKT_DATA_USING_GPA_DIRECT; 1114 - desc.flags = VMBUS_DATA_PACKET_FLAG_COMPLETION_REQUESTED; 1115 - desc.dataoffset8 = descsize >> 3; /* in 8-bytes granularity */ 1116 - desc.length8 = (u16)(packetlen_aligned >> 3); 1117 - desc.transactionid = VMBUS_RQST_ERROR; /* will be updated in hv_ringbuffer_write() */ 1118 - desc.reserved = 0; 1119 - desc.rangecount = pagecount; 1120 - 1121 - for (i = 0; i < pagecount; i++) { 1122 - desc.range[i].len = pagebuffers[i].len; 1123 - desc.range[i].offset = pagebuffers[i].offset; 1124 - desc.range[i].pfn = pagebuffers[i].pfn; 1125 - } 1126 - 1127 - bufferlist[0].iov_base = &desc; 1128 - bufferlist[0].iov_len = descsize; 1129 - bufferlist[1].iov_base = buffer; 1130 - bufferlist[1].iov_len = bufferlen; 1131 - bufferlist[2].iov_base = &aligned_data; 1132 - bufferlist[2].iov_len = (packetlen_aligned - packetlen); 1133 - 1134 - return hv_ringbuffer_write(channel, bufferlist, 3, requestid, NULL); 1135 - } 1136 - EXPORT_SYMBOL_GPL(vmbus_sendpacket_pagebuffer); 1137 - 1138 - /* 1139 - * vmbus_sendpacket_multipagebuffer - Send a multi-page buffer packet 1080 + * vmbus_sendpacket_mpb_desc - Send one or more multi-page buffer packets 1140 1081 * using a GPADL Direct packet type. 1141 - * The buffer includes the vmbus descriptor. 1082 + * The desc argument must include space for the VMBus descriptor. The 1083 + * rangecount field must already be set. 1142 1084 */ 1143 1085 int vmbus_sendpacket_mpb_desc(struct vmbus_channel *channel, 1144 1086 struct vmbus_packet_mpb_array *desc, ··· 1102 1160 desc->length8 = (u16)(packetlen_aligned >> 3); 1103 1161 desc->transactionid = VMBUS_RQST_ERROR; /* will be updated in hv_ringbuffer_write() */ 1104 1162 desc->reserved = 0; 1105 - desc->rangecount = 1; 1106 1163 1107 1164 bufferlist[0].iov_base = desc; 1108 1165 bufferlist[0].iov_len = desc_size;

+6

drivers/hv/hyperv_vmbus.h

··· 477 477 478 478 #endif /* CONFIG_HYPERV_TESTING */ 479 479 480 + /* Create and remove sysfs entry for memory mapped ring buffers for a channel */ 481 + int hv_create_ring_sysfs(struct vmbus_channel *channel, 482 + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, 483 + struct vm_area_struct *vma)); 484 + int hv_remove_ring_sysfs(struct vmbus_channel *channel); 485 + 480 486 #endif /* _HYPERV_VMBUS_H */

+108 -1

drivers/hv/vmbus_drv.c

··· 1802 1802 } 1803 1803 static VMBUS_CHAN_ATTR_RO(subchannel_id); 1804 1804 1805 + static int hv_mmap_ring_buffer_wrapper(struct file *filp, struct kobject *kobj, 1806 + const struct bin_attribute *attr, 1807 + struct vm_area_struct *vma) 1808 + { 1809 + struct vmbus_channel *channel = container_of(kobj, struct vmbus_channel, kobj); 1810 + 1811 + /* 1812 + * hv_(create|remove)_ring_sysfs implementation ensures that mmap_ring_buffer 1813 + * is not NULL. 1814 + */ 1815 + return channel->mmap_ring_buffer(channel, vma); 1816 + } 1817 + 1818 + static struct bin_attribute chan_attr_ring_buffer = { 1819 + .attr = { 1820 + .name = "ring", 1821 + .mode = 0600, 1822 + }, 1823 + .mmap = hv_mmap_ring_buffer_wrapper, 1824 + }; 1805 1825 static struct attribute *vmbus_chan_attrs[] = { 1806 1826 &chan_attr_out_mask.attr, 1807 1827 &chan_attr_in_mask.attr, ··· 1838 1818 &chan_attr_out_full_total.attr, 1839 1819 &chan_attr_monitor_id.attr, 1840 1820 &chan_attr_subchannel_id.attr, 1821 + NULL 1822 + }; 1823 + 1824 + static struct bin_attribute *vmbus_chan_bin_attrs[] = { 1825 + &chan_attr_ring_buffer, 1841 1826 NULL 1842 1827 }; 1843 1828 ··· 1866 1841 return attr->mode; 1867 1842 } 1868 1843 1844 + static umode_t vmbus_chan_bin_attr_is_visible(struct kobject *kobj, 1845 + const struct bin_attribute *attr, int idx) 1846 + { 1847 + const struct vmbus_channel *channel = 1848 + container_of(kobj, struct vmbus_channel, kobj); 1849 + 1850 + /* Hide ring attribute if channel's ring_sysfs_visible is set to false */ 1851 + if (attr == &chan_attr_ring_buffer && !channel->ring_sysfs_visible) 1852 + return 0; 1853 + 1854 + return attr->attr.mode; 1855 + } 1856 + 1857 + static size_t vmbus_chan_bin_size(struct kobject *kobj, 1858 + const struct bin_attribute *bin_attr, int a) 1859 + { 1860 + const struct vmbus_channel *channel = 1861 + container_of(kobj, struct vmbus_channel, kobj); 1862 + 1863 + return channel->ringbuffer_pagecount << PAGE_SHIFT; 1864 + } 1865 + 1869 1866 static const struct attribute_group vmbus_chan_group = { 1870 1867 .attrs = vmbus_chan_attrs, 1871 - .is_visible = vmbus_chan_attr_is_visible 1868 + .bin_attrs = vmbus_chan_bin_attrs, 1869 + .is_visible = vmbus_chan_attr_is_visible, 1870 + .is_bin_visible = vmbus_chan_bin_attr_is_visible, 1871 + .bin_size = vmbus_chan_bin_size, 1872 1872 }; 1873 1873 1874 1874 static const struct kobj_type vmbus_chan_ktype = { 1875 1875 .sysfs_ops = &vmbus_chan_sysfs_ops, 1876 1876 .release = vmbus_chan_release, 1877 1877 }; 1878 + 1879 + /** 1880 + * hv_create_ring_sysfs() - create "ring" sysfs entry corresponding to ring buffers for a channel. 1881 + * @channel: Pointer to vmbus_channel structure 1882 + * @hv_mmap_ring_buffer: function pointer for initializing the function to be called on mmap of 1883 + * channel's "ring" sysfs node, which is for the ring buffer of that channel. 1884 + * Function pointer is of below type: 1885 + * int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, 1886 + * struct vm_area_struct *vma)) 1887 + * This has a pointer to the channel and a pointer to vm_area_struct, 1888 + * used for mmap, as arguments. 1889 + * 1890 + * Sysfs node for ring buffer of a channel is created along with other fields, however its 1891 + * visibility is disabled by default. Sysfs creation needs to be controlled when the use-case 1892 + * is running. 1893 + * For example, HV_NIC device is used either by uio_hv_generic or hv_netvsc at any given point of 1894 + * time, and "ring" sysfs is needed only when uio_hv_generic is bound to that device. To avoid 1895 + * exposing the ring buffer by default, this function is reponsible to enable visibility of 1896 + * ring for userspace to use. 1897 + * Note: Race conditions can happen with userspace and it is not encouraged to create new 1898 + * use-cases for this. This was added to maintain backward compatibility, while solving 1899 + * one of the race conditions in uio_hv_generic while creating sysfs. 1900 + * 1901 + * Returns 0 on success or error code on failure. 1902 + */ 1903 + int hv_create_ring_sysfs(struct vmbus_channel *channel, 1904 + int (*hv_mmap_ring_buffer)(struct vmbus_channel *channel, 1905 + struct vm_area_struct *vma)) 1906 + { 1907 + struct kobject *kobj = &channel->kobj; 1908 + 1909 + channel->mmap_ring_buffer = hv_mmap_ring_buffer; 1910 + channel->ring_sysfs_visible = true; 1911 + 1912 + return sysfs_update_group(kobj, &vmbus_chan_group); 1913 + } 1914 + EXPORT_SYMBOL_GPL(hv_create_ring_sysfs); 1915 + 1916 + /** 1917 + * hv_remove_ring_sysfs() - remove ring sysfs entry corresponding to ring buffers for a channel. 1918 + * @channel: Pointer to vmbus_channel structure 1919 + * 1920 + * Hide "ring" sysfs for a channel by changing its is_visible attribute and updating sysfs group. 1921 + * 1922 + * Returns 0 on success or error code on failure. 1923 + */ 1924 + int hv_remove_ring_sysfs(struct vmbus_channel *channel) 1925 + { 1926 + struct kobject *kobj = &channel->kobj; 1927 + int ret; 1928 + 1929 + channel->ring_sysfs_visible = false; 1930 + ret = sysfs_update_group(kobj, &vmbus_chan_group); 1931 + channel->mmap_ring_buffer = NULL; 1932 + return ret; 1933 + } 1934 + EXPORT_SYMBOL_GPL(hv_remove_ring_sysfs); 1878 1935 1879 1936 /* 1880 1937 * vmbus_add_channel_kobj - setup a sub-directory under device/channels

+1 -1

drivers/i2c/busses/i2c-omap.c

··· 1454 1454 (1000 * omap->speed / 8); 1455 1455 } 1456 1456 1457 - if (of_property_read_bool(node, "mux-states")) { 1457 + if (of_property_present(node, "mux-states")) { 1458 1458 struct mux_state *mux_state; 1459 1459 1460 1460 mux_state = devm_mux_state_get(&pdev->dev, NULL);

+2 -2

drivers/iio/accel/adis16201.c

··· 211 211 BIT(IIO_CHAN_INFO_CALIBBIAS), 0, 14), 212 212 ADIS_AUX_ADC_CHAN(ADIS16201_AUX_ADC_REG, ADIS16201_SCAN_AUX_ADC, 0, 12), 213 213 ADIS_INCLI_CHAN(X, ADIS16201_XINCL_OUT_REG, ADIS16201_SCAN_INCLI_X, 214 - BIT(IIO_CHAN_INFO_CALIBBIAS), 0, 14), 214 + BIT(IIO_CHAN_INFO_CALIBBIAS), 0, 12), 215 215 ADIS_INCLI_CHAN(Y, ADIS16201_YINCL_OUT_REG, ADIS16201_SCAN_INCLI_Y, 216 - BIT(IIO_CHAN_INFO_CALIBBIAS), 0, 14), 216 + BIT(IIO_CHAN_INFO_CALIBBIAS), 0, 12), 217 217 IIO_CHAN_SOFT_TIMESTAMP(7) 218 218 }; 219 219

+1 -1

drivers/iio/accel/adxl355_core.c

··· 231 231 u8 transf_buf[3]; 232 232 struct { 233 233 u8 buf[14]; 234 - s64 ts; 234 + aligned_s64 ts; 235 235 } buffer; 236 236 } __aligned(IIO_DMA_MINALIGN); 237 237 };

+3 -7

drivers/iio/accel/adxl367.c

··· 601 601 if (ret) 602 602 return ret; 603 603 604 + st->odr = odr; 605 + 604 606 /* Activity timers depend on ODR */ 605 607 ret = _adxl367_set_act_time_ms(st, st->act_time_ms); 606 608 if (ret) 607 609 return ret; 608 610 609 - ret = _adxl367_set_inact_time_ms(st, st->inact_time_ms); 610 - if (ret) 611 - return ret; 612 - 613 - st->odr = odr; 614 - 615 - return 0; 611 + return _adxl367_set_inact_time_ms(st, st->inact_time_ms); 616 612 } 617 613 618 614 static int adxl367_set_odr(struct iio_dev *indio_dev, enum adxl367_odr odr)

+5 -2

drivers/iio/accel/fxls8962af-core.c

··· 1226 1226 if (ret) 1227 1227 return ret; 1228 1228 1229 - if (device_property_read_bool(dev, "wakeup-source")) 1230 - device_init_wakeup(dev, true); 1229 + if (device_property_read_bool(dev, "wakeup-source")) { 1230 + ret = devm_device_init_wakeup(dev); 1231 + if (ret) 1232 + return dev_err_probe(dev, ret, "Failed to init wakeup\n"); 1233 + } 1231 1234 1232 1235 return devm_iio_device_register(dev, indio_dev); 1233 1236 }

+1 -1

drivers/iio/adc/ad7266.c

··· 45 45 */ 46 46 struct { 47 47 __be16 sample[2]; 48 - s64 timestamp; 48 + aligned_s64 timestamp; 49 49 } data __aligned(IIO_DMA_MINALIGN); 50 50 }; 51 51

+22 -10

drivers/iio/adc/ad7380.c

··· 1211 1211 struct ad7380_state *st = iio_priv(indio_dev); 1212 1212 int ret; 1213 1213 1214 + spi_offload_trigger_disable(st->offload, st->offload_trigger); 1215 + spi_unoptimize_message(&st->offload_msg); 1216 + 1214 1217 if (st->seq) { 1215 1218 ret = regmap_update_bits(st->regmap, 1216 1219 AD7380_REG_ADDR_CONFIG1, ··· 1224 1221 1225 1222 st->seq = false; 1226 1223 } 1227 - 1228 - spi_offload_trigger_disable(st->offload, st->offload_trigger); 1229 - 1230 - spi_unoptimize_message(&st->offload_msg); 1231 1224 1232 1225 return 0; 1233 1226 } ··· 1610 1611 return ret; 1611 1612 } 1612 1613 1613 - static int ad7380_get_alert_th(struct ad7380_state *st, 1614 + static int ad7380_get_alert_th(struct iio_dev *indio_dev, 1615 + const struct iio_chan_spec *chan, 1614 1616 enum iio_event_direction dir, 1615 1617 int *val) 1616 1618 { 1617 - int ret, tmp; 1619 + struct ad7380_state *st = iio_priv(indio_dev); 1620 + const struct iio_scan_type *scan_type; 1621 + int ret, tmp, shift; 1622 + 1623 + scan_type = iio_get_current_scan_type(indio_dev, chan); 1624 + if (IS_ERR(scan_type)) 1625 + return PTR_ERR(scan_type); 1626 + 1627 + /* 1628 + * The register value is 12-bits and is compared to the most significant 1629 + * bits of raw value, therefore a shift is required to convert this to 1630 + * the same scale as the raw value. 1631 + */ 1632 + shift = scan_type->realbits - 12; 1618 1633 1619 1634 switch (dir) { 1620 1635 case IIO_EV_DIR_RISING: ··· 1638 1625 if (ret) 1639 1626 return ret; 1640 1627 1641 - *val = FIELD_GET(AD7380_ALERT_HIGH_TH, tmp); 1628 + *val = FIELD_GET(AD7380_ALERT_HIGH_TH, tmp) << shift; 1642 1629 return IIO_VAL_INT; 1643 1630 case IIO_EV_DIR_FALLING: 1644 1631 ret = regmap_read(st->regmap, ··· 1647 1634 if (ret) 1648 1635 return ret; 1649 1636 1650 - *val = FIELD_GET(AD7380_ALERT_LOW_TH, tmp); 1637 + *val = FIELD_GET(AD7380_ALERT_LOW_TH, tmp) << shift; 1651 1638 return IIO_VAL_INT; 1652 1639 default: 1653 1640 return -EINVAL; ··· 1661 1648 enum iio_event_info info, 1662 1649 int *val, int *val2) 1663 1650 { 1664 - struct ad7380_state *st = iio_priv(indio_dev); 1665 1651 int ret; 1666 1652 1667 1653 switch (info) { ··· 1668 1656 if (!iio_device_claim_direct(indio_dev)) 1669 1657 return -EBUSY; 1670 1658 1671 - ret = ad7380_get_alert_th(st, dir, val); 1659 + ret = ad7380_get_alert_th(indio_dev, chan, dir, val); 1672 1660 1673 1661 iio_device_release_direct(indio_dev); 1674 1662 return ret;

+8 -3

drivers/iio/adc/ad7606.c

··· 1236 1236 st->write_scale = ad7616_write_scale_sw; 1237 1237 st->write_os = &ad7616_write_os_sw; 1238 1238 1239 - ret = st->bops->sw_mode_config(indio_dev); 1240 - if (ret) 1241 - return ret; 1239 + if (st->bops->sw_mode_config) { 1240 + ret = st->bops->sw_mode_config(indio_dev); 1241 + if (ret) 1242 + return ret; 1243 + } 1242 1244 1243 1245 /* Activate Burst mode and SEQEN MODE */ 1244 1246 return ad7606_write_mask(st, AD7616_CONFIGURATION_REGISTER, ··· 1269 1267 1270 1268 st->write_scale = ad7606_write_scale_sw; 1271 1269 st->write_os = &ad7606_write_os_sw; 1270 + 1271 + if (!st->bops->sw_mode_config) 1272 + return 0; 1272 1273 1273 1274 return st->bops->sw_mode_config(indio_dev); 1274 1275 }

+1 -1

drivers/iio/adc/ad7606_spi.c

··· 131 131 { 132 132 .tx_buf = &st->d16[0], 133 133 .len = 2, 134 - .cs_change = 0, 134 + .cs_change = 1, 135 135 }, { 136 136 .rx_buf = &st->d16[1], 137 137 .len = 2,

+1 -1

drivers/iio/adc/ad7768-1.c

··· 168 168 union { 169 169 struct { 170 170 __be32 chan; 171 - s64 timestamp; 171 + aligned_s64 timestamp; 172 172 } scan; 173 173 __be32 d32; 174 174 u8 d8[2];

+1 -1

drivers/iio/adc/dln2-adc.c

··· 466 466 struct iio_dev *indio_dev = pf->indio_dev; 467 467 struct { 468 468 __le16 values[DLN2_ADC_MAX_CHANNELS]; 469 - int64_t timestamp_space; 469 + aligned_s64 timestamp_space; 470 470 } data; 471 471 struct dln2_adc_get_all_vals dev_data; 472 472 struct dln2_adc *dln2 = iio_priv(indio_dev);

+3 -1

drivers/iio/adc/qcom-spmi-iadc.c

··· 543 543 else 544 544 return ret; 545 545 } else { 546 - device_init_wakeup(iadc->dev, 1); 546 + ret = devm_device_init_wakeup(iadc->dev); 547 + if (ret) 548 + return dev_err_probe(iadc->dev, ret, "Failed to init wakeup\n"); 547 549 } 548 550 549 551 ret = iadc_update_offset(iadc);

+8 -9

drivers/iio/adc/rockchip_saradc.c

··· 520 520 if (info->reset) 521 521 rockchip_saradc_reset_controller(info->reset); 522 522 523 - /* 524 - * Use a default value for the converter clock. 525 - * This may become user-configurable in the future. 526 - */ 527 - ret = clk_set_rate(info->clk, info->data->clk_rate); 528 - if (ret < 0) 529 - return dev_err_probe(&pdev->dev, ret, 530 - "failed to set adc clk rate\n"); 531 - 532 523 ret = regulator_enable(info->vref); 533 524 if (ret < 0) 534 525 return dev_err_probe(&pdev->dev, ret, ··· 546 555 if (IS_ERR(info->clk)) 547 556 return dev_err_probe(&pdev->dev, PTR_ERR(info->clk), 548 557 "failed to get adc clock\n"); 558 + /* 559 + * Use a default value for the converter clock. 560 + * This may become user-configurable in the future. 561 + */ 562 + ret = clk_set_rate(info->clk, info->data->clk_rate); 563 + if (ret < 0) 564 + return dev_err_probe(&pdev->dev, ret, 565 + "failed to set adc clk rate\n"); 549 566 550 567 platform_set_drvdata(pdev, indio_dev); 551 568

+3 -2

drivers/iio/chemical/pms7003.c

··· 5 5 * Copyright (c) Tomasz Duszynski <tduszyns@gmail.com> 6 6 */ 7 7 8 - #include <linux/unaligned.h> 9 8 #include <linux/completion.h> 10 9 #include <linux/device.h> 11 10 #include <linux/errno.h> ··· 18 19 #include <linux/module.h> 19 20 #include <linux/mutex.h> 20 21 #include <linux/serdev.h> 22 + #include <linux/types.h> 23 + #include <linux/unaligned.h> 21 24 22 25 #define PMS7003_DRIVER_NAME "pms7003" 23 26 ··· 77 76 /* Used to construct scan to push to the IIO buffer */ 78 77 struct { 79 78 u16 data[3]; /* PM1, PM2P5, PM10 */ 80 - s64 ts; 79 + aligned_s64 ts; 81 80 } scan; 82 81 }; 83 82

+1 -1

drivers/iio/chemical/sps30.c

··· 108 108 int ret; 109 109 struct { 110 110 s32 data[4]; /* PM1, PM2P5, PM4, PM10 */ 111 - s64 ts; 111 + aligned_s64 ts; 112 112 } scan; 113 113 114 114 mutex_lock(&state->lock);

+4

drivers/iio/common/hid-sensors/hid-sensor-attributes.c

··· 66 66 {HID_USAGE_SENSOR_HUMIDITY, 0, 1000, 0}, 67 67 {HID_USAGE_SENSOR_HINGE, 0, 0, 17453293}, 68 68 {HID_USAGE_SENSOR_HINGE, HID_USAGE_SENSOR_UNITS_DEGREES, 0, 17453293}, 69 + 70 + {HID_USAGE_SENSOR_HUMAN_PRESENCE, 0, 1, 0}, 71 + {HID_USAGE_SENSOR_HUMAN_PROXIMITY, 0, 1, 0}, 72 + {HID_USAGE_SENSOR_HUMAN_ATTENTION, 0, 1, 0}, 69 73 }; 70 74 71 75 static void simple_div(int dividend, int divisor, int *whole,

+1 -1

drivers/iio/imu/adis16550.c

··· 836 836 u16 dummy; 837 837 bool valid; 838 838 struct iio_poll_func *pf = p; 839 - __be32 data[ADIS16550_MAX_SCAN_DATA]; 839 + __be32 data[ADIS16550_MAX_SCAN_DATA] __aligned(8); 840 840 struct iio_dev *indio_dev = pf->indio_dev; 841 841 struct adis16550 *st = iio_priv(indio_dev); 842 842 struct adis *adis = iio_device_get_drvdata(indio_dev);

+2 -4

drivers/iio/imu/bmi270/bmi270_core.c

··· 918 918 FIELD_PREP(BMI270_ACC_CONF_ODR_MSK, 919 919 BMI270_ACC_CONF_ODR_100HZ) | 920 920 FIELD_PREP(BMI270_ACC_CONF_BWP_MSK, 921 - BMI270_ACC_CONF_BWP_NORMAL_MODE) | 922 - BMI270_PWR_CONF_ADV_PWR_SAVE_MSK); 921 + BMI270_ACC_CONF_BWP_NORMAL_MODE)); 923 922 if (ret) 924 923 return dev_err_probe(dev, ret, "Failed to configure accelerometer"); 925 924 ··· 926 927 FIELD_PREP(BMI270_GYR_CONF_ODR_MSK, 927 928 BMI270_GYR_CONF_ODR_200HZ) | 928 929 FIELD_PREP(BMI270_GYR_CONF_BWP_MSK, 929 - BMI270_GYR_CONF_BWP_NORMAL_MODE) | 930 - BMI270_PWR_CONF_ADV_PWR_SAVE_MSK); 930 + BMI270_GYR_CONF_BWP_NORMAL_MODE)); 931 931 if (ret) 932 932 return dev_err_probe(dev, ret, "Failed to configure gyroscope"); 933 933

+1 -1

drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c

··· 50 50 u16 fifo_count; 51 51 u32 fifo_period; 52 52 s64 timestamp; 53 - u8 data[INV_MPU6050_OUTPUT_DATA_SIZE]; 53 + u8 data[INV_MPU6050_OUTPUT_DATA_SIZE] __aligned(8); 54 54 size_t i, nb; 55 55 56 56 mutex_lock(&st->lock);

+6

drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c

··· 392 392 if (fifo_status & cpu_to_le16(ST_LSM6DSX_FIFO_EMPTY_MASK)) 393 393 return 0; 394 394 395 + if (!pattern_len) 396 + pattern_len = ST_LSM6DSX_SAMPLE_SIZE; 397 + 395 398 fifo_len = (le16_to_cpu(fifo_status) & fifo_diff_mask) * 396 399 ST_LSM6DSX_CHAN_SIZE; 397 400 fifo_len = (fifo_len / pattern_len) * pattern_len; ··· 625 622 ST_LSM6DSX_TAGGED_SAMPLE_SIZE; 626 623 if (!fifo_len) 627 624 return 0; 625 + 626 + if (!pattern_len) 627 + pattern_len = ST_LSM6DSX_TAGGED_SAMPLE_SIZE; 628 628 629 629 for (read_len = 0; read_len < fifo_len; read_len += pattern_len) { 630 630 err = st_lsm6dsx_read_block(hw,

+5 -2

drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_core.c

··· 2719 2719 } 2720 2720 2721 2721 if (device_property_read_bool(dev, "wakeup-source") || 2722 - (pdata && pdata->wakeup_source)) 2723 - device_init_wakeup(dev, true); 2722 + (pdata && pdata->wakeup_source)) { 2723 + err = devm_device_init_wakeup(dev); 2724 + if (err) 2725 + return dev_err_probe(dev, err, "Failed to init wakeup\n"); 2726 + } 2724 2727 2725 2728 return 0; 2726 2729 }

+14 -8

drivers/iio/light/hid-sensor-prox.c

··· 34 34 struct iio_chan_spec channels[MAX_CHANNELS]; 35 35 u32 channel2usage[MAX_CHANNELS]; 36 36 u32 human_presence[MAX_CHANNELS]; 37 - int scale_pre_decml; 38 - int scale_post_decml; 39 - int scale_precision; 37 + int scale_pre_decml[MAX_CHANNELS]; 38 + int scale_post_decml[MAX_CHANNELS]; 39 + int scale_precision[MAX_CHANNELS]; 40 40 unsigned long scan_mask[2]; /* One entry plus one terminator. */ 41 41 int num_channels; 42 42 }; ··· 116 116 ret_type = IIO_VAL_INT; 117 117 break; 118 118 case IIO_CHAN_INFO_SCALE: 119 - *val = prox_state->scale_pre_decml; 120 - *val2 = prox_state->scale_post_decml; 121 - ret_type = prox_state->scale_precision; 119 + if (chan->scan_index >= prox_state->num_channels) 120 + return -EINVAL; 121 + 122 + *val = prox_state->scale_pre_decml[chan->scan_index]; 123 + *val2 = prox_state->scale_post_decml[chan->scan_index]; 124 + ret_type = prox_state->scale_precision[chan->scan_index]; 122 125 break; 123 126 case IIO_CHAN_INFO_OFFSET: 124 - *val = hid_sensor_convert_exponent( 125 - prox_state->prox_attr[chan->scan_index].unit_expo); 127 + *val = 0; 126 128 ret_type = IIO_VAL_INT; 127 129 break; 128 130 case IIO_CHAN_INFO_SAMP_FREQ: ··· 251 249 st->prox_attr[index].size); 252 250 dev_dbg(&pdev->dev, "prox %x:%x\n", st->prox_attr[index].index, 253 251 st->prox_attr[index].report_id); 252 + st->scale_precision[index] = 253 + hid_sensor_format_scale(usage_id, &st->prox_attr[index], 254 + &st->scale_pre_decml[index], 255 + &st->scale_post_decml[index]); 254 256 index++; 255 257 } 256 258

+3 -2

drivers/iio/light/opt3001.c

··· 788 788 int ret; 789 789 bool wake_result_ready_queue = false; 790 790 enum iio_chan_type chan_type = opt->chip_info->chan_type; 791 + bool ok_to_ignore_lock = opt->ok_to_ignore_lock; 791 792 792 - if (!opt->ok_to_ignore_lock) 793 + if (!ok_to_ignore_lock) 793 794 mutex_lock(&opt->lock); 794 795 795 796 ret = i2c_smbus_read_word_swapped(opt->client, OPT3001_CONFIGURATION); ··· 827 826 } 828 827 829 828 out: 830 - if (!opt->ok_to_ignore_lock) 829 + if (!ok_to_ignore_lock) 831 830 mutex_unlock(&opt->lock); 832 831 833 832 if (wake_result_ready_queue)

+6 -11

drivers/iio/pressure/mprls0025pa.h

··· 34 34 struct mpr_data; 35 35 struct mpr_ops; 36 36 37 - /** 38 - * struct mpr_chan 39 - * @pres: pressure value 40 - * @ts: timestamp 41 - */ 42 - struct mpr_chan { 43 - s32 pres; 44 - s64 ts; 45 - }; 46 - 47 37 enum mpr_func_id { 48 38 MPR_FUNCTION_A, 49 39 MPR_FUNCTION_B, ··· 59 69 * reading in a loop until data is ready 60 70 * @completion: handshake from irq to read 61 71 * @chan: channel values for buffered mode 72 + * @chan.pres: pressure value 73 + * @chan.ts: timestamp 62 74 * @buffer: raw conversion data 63 75 */ 64 76 struct mpr_data { ··· 79 87 struct gpio_desc *gpiod_reset; 80 88 int irq; 81 89 struct completion completion; 82 - struct mpr_chan chan; 90 + struct { 91 + s32 pres; 92 + aligned_s64 ts; 93 + } chan; 83 94 u8 buffer[MPR_MEASUREMENT_RD_SIZE] __aligned(IIO_DMA_MINALIGN); 84 95 }; 85 96

+1 -1

drivers/iio/temperature/maxim_thermocouple.c

··· 121 121 struct maxim_thermocouple_data { 122 122 struct spi_device *spi; 123 123 const struct maxim_thermocouple_chip *chip; 124 + char tc_type; 124 125 125 126 u8 buffer[16] __aligned(IIO_DMA_MINALIGN); 126 - char tc_type; 127 127 }; 128 128 129 129 static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,

+1 -1

drivers/input/joystick/magellan.c

··· 48 48 49 49 static int magellan_crunch_nibbles(unsigned char *data, int count) 50 50 { 51 - static unsigned char nibbles[16] __nonstring = "0AB3D56GH9:K<MN?"; 51 + static const unsigned char nibbles[16] __nonstring = "0AB3D56GH9:K<MN?"; 52 52 53 53 do { 54 54 if (data[count] == nibbles[data[count] & 0xf])

+31 -18

drivers/input/joystick/xpad.c

··· 77 77 * xbox d-pads should map to buttons, as is required for DDR pads 78 78 * but we map them to axes when possible to simplify things 79 79 */ 80 - #define MAP_DPAD_TO_BUTTONS (1 << 0) 81 - #define MAP_TRIGGERS_TO_BUTTONS (1 << 1) 82 - #define MAP_STICKS_TO_NULL (1 << 2) 83 - #define MAP_SELECT_BUTTON (1 << 3) 84 - #define MAP_PADDLES (1 << 4) 85 - #define MAP_PROFILE_BUTTON (1 << 5) 80 + #define MAP_DPAD_TO_BUTTONS BIT(0) 81 + #define MAP_TRIGGERS_TO_BUTTONS BIT(1) 82 + #define MAP_STICKS_TO_NULL BIT(2) 83 + #define MAP_SHARE_BUTTON BIT(3) 84 + #define MAP_PADDLES BIT(4) 85 + #define MAP_PROFILE_BUTTON BIT(5) 86 + #define MAP_SHARE_OFFSET BIT(6) 86 87 87 88 #define DANCEPAD_MAP_CONFIG (MAP_DPAD_TO_BUTTONS | \ 88 89 MAP_TRIGGERS_TO_BUTTONS | MAP_STICKS_TO_NULL) ··· 136 135 { 0x03f0, 0x048D, "HyperX Clutch", 0, XTYPE_XBOX360 }, /* wireless */ 137 136 { 0x03f0, 0x0495, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE }, 138 137 { 0x03f0, 0x07A0, "HyperX Clutch Gladiate RGB", 0, XTYPE_XBOXONE }, 139 - { 0x03f0, 0x08B6, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE }, /* v2 */ 138 + { 0x03f0, 0x08B6, "HyperX Clutch Gladiate", MAP_SHARE_BUTTON, XTYPE_XBOXONE }, /* v2 */ 140 139 { 0x03f0, 0x09B4, "HyperX Clutch Tanto", 0, XTYPE_XBOXONE }, 141 140 { 0x044f, 0x0f00, "Thrustmaster Wheel", 0, XTYPE_XBOX }, 142 141 { 0x044f, 0x0f03, "Thrustmaster Wheel", 0, XTYPE_XBOX }, 143 142 { 0x044f, 0x0f07, "Thrustmaster, Inc. Controller", 0, XTYPE_XBOX }, 144 - { 0x044f, 0xd01e, "ThrustMaster, Inc. ESWAP X 2 ELDEN RING EDITION", 0, XTYPE_XBOXONE }, 145 143 { 0x044f, 0x0f10, "Thrustmaster Modena GT Wheel", 0, XTYPE_XBOX }, 146 144 { 0x044f, 0xb326, "Thrustmaster Gamepad GP XID", 0, XTYPE_XBOX360 }, 145 + { 0x044f, 0xd01e, "ThrustMaster, Inc. ESWAP X 2 ELDEN RING EDITION", 0, XTYPE_XBOXONE }, 147 146 { 0x045e, 0x0202, "Microsoft X-Box pad v1 (US)", 0, XTYPE_XBOX }, 148 147 { 0x045e, 0x0285, "Microsoft X-Box pad (Japan)", 0, XTYPE_XBOX }, 149 148 { 0x045e, 0x0287, "Microsoft Xbox Controller S", 0, XTYPE_XBOX }, ··· 160 159 { 0x045e, 0x0719, "Xbox 360 Wireless Receiver", MAP_DPAD_TO_BUTTONS, XTYPE_XBOX360W }, 161 160 { 0x045e, 0x0b00, "Microsoft X-Box One Elite 2 pad", MAP_PADDLES, XTYPE_XBOXONE }, 162 161 { 0x045e, 0x0b0a, "Microsoft X-Box Adaptive Controller", MAP_PROFILE_BUTTON, XTYPE_XBOXONE }, 163 - { 0x045e, 0x0b12, "Microsoft Xbox Series S|X Controller", MAP_SELECT_BUTTON, XTYPE_XBOXONE }, 162 + { 0x045e, 0x0b12, "Microsoft Xbox Series S|X Controller", MAP_SHARE_BUTTON | MAP_SHARE_OFFSET, XTYPE_XBOXONE }, 164 163 { 0x046d, 0xc21d, "Logitech Gamepad F310", 0, XTYPE_XBOX360 }, 165 164 { 0x046d, 0xc21e, "Logitech Gamepad F510", 0, XTYPE_XBOX360 }, 166 165 { 0x046d, 0xc21f, "Logitech Gamepad F710", 0, XTYPE_XBOX360 }, ··· 206 205 { 0x0738, 0x9871, "Mad Catz Portable Drum", 0, XTYPE_XBOX360 }, 207 206 { 0x0738, 0xb726, "Mad Catz Xbox controller - MW2", 0, XTYPE_XBOX360 }, 208 207 { 0x0738, 0xb738, "Mad Catz MVC2TE Stick 2", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, 209 - { 0x0738, 0xbeef, "Mad Catz JOYTECH NEO SE Advanced GamePad", XTYPE_XBOX360 }, 208 + { 0x0738, 0xbeef, "Mad Catz JOYTECH NEO SE Advanced GamePad", 0, XTYPE_XBOX360 }, 210 209 { 0x0738, 0xcb02, "Saitek Cyborg Rumble Pad - PC/Xbox 360", 0, XTYPE_XBOX360 }, 211 210 { 0x0738, 0xcb03, "Saitek P3200 Rumble Pad - PC/Xbox 360", 0, XTYPE_XBOX360 }, 212 211 { 0x0738, 0xcb29, "Saitek Aviator Stick AV8R02", 0, XTYPE_XBOX360 }, 213 212 { 0x0738, 0xf738, "Super SFIV FightStick TE S", 0, XTYPE_XBOX360 }, 214 213 { 0x07ff, 0xffff, "Mad Catz GamePad", 0, XTYPE_XBOX360 }, 215 - { 0x0b05, 0x1a38, "ASUS ROG RAIKIRI", 0, XTYPE_XBOXONE }, 214 + { 0x0b05, 0x1a38, "ASUS ROG RAIKIRI", MAP_SHARE_BUTTON, XTYPE_XBOXONE }, 216 215 { 0x0b05, 0x1abb, "ASUS ROG RAIKIRI PRO", 0, XTYPE_XBOXONE }, 217 216 { 0x0c12, 0x0005, "Intec wireless", 0, XTYPE_XBOX }, 218 217 { 0x0c12, 0x8801, "Nyko Xbox Controller", 0, XTYPE_XBOX }, ··· 241 240 { 0x0e6f, 0x0146, "Rock Candy Wired Controller for Xbox One", 0, XTYPE_XBOXONE }, 242 241 { 0x0e6f, 0x0147, "PDP Marvel Xbox One Controller", 0, XTYPE_XBOXONE }, 243 242 { 0x0e6f, 0x015c, "PDP Xbox One Arcade Stick", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOXONE }, 244 - { 0x0e6f, 0x015d, "PDP Mirror's Edge Official Wired Controller for Xbox One", XTYPE_XBOXONE }, 243 + { 0x0e6f, 0x015d, "PDP Mirror's Edge Official Wired Controller for Xbox One", 0, XTYPE_XBOXONE }, 245 244 { 0x0e6f, 0x0161, "PDP Xbox One Controller", 0, XTYPE_XBOXONE }, 246 245 { 0x0e6f, 0x0162, "PDP Xbox One Controller", 0, XTYPE_XBOXONE }, 247 246 { 0x0e6f, 0x0163, "PDP Xbox One Controller", 0, XTYPE_XBOXONE }, ··· 282 281 { 0x0f0d, 0x00dc, "HORIPAD FPS for Nintendo Switch", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, 283 282 { 0x0f0d, 0x0151, "Hori Racing Wheel Overdrive for Xbox Series X", 0, XTYPE_XBOXONE }, 284 283 { 0x0f0d, 0x0152, "Hori Racing Wheel Overdrive for Xbox Series X", 0, XTYPE_XBOXONE }, 284 + { 0x0f0d, 0x01b2, "HORI Taiko No Tatsujin Drum Controller", MAP_SHARE_BUTTON, XTYPE_XBOXONE }, 285 285 { 0x0f30, 0x010b, "Philips Recoil", 0, XTYPE_XBOX }, 286 286 { 0x0f30, 0x0202, "Joytech Advanced Controller", 0, XTYPE_XBOX }, 287 287 { 0x0f30, 0x8888, "BigBen XBMiniPad Controller", 0, XTYPE_XBOX }, ··· 355 353 { 0x20d6, 0x2001, "BDA Xbox Series X Wired Controller", 0, XTYPE_XBOXONE }, 356 354 { 0x20d6, 0x2009, "PowerA Enhanced Wired Controller for Xbox Series X|S", 0, XTYPE_XBOXONE }, 357 355 { 0x20d6, 0x281f, "PowerA Wired Controller For Xbox 360", 0, XTYPE_XBOX360 }, 356 + { 0x20d6, 0x400b, "PowerA FUSION Pro 4 Wired Controller", MAP_SHARE_BUTTON, XTYPE_XBOXONE }, 357 + { 0x20d6, 0x890b, "PowerA MOGA XP-Ultra Controller", MAP_SHARE_BUTTON, XTYPE_XBOXONE }, 358 358 { 0x2345, 0xe00b, "Machenike G5 Pro Controller", 0, XTYPE_XBOX360 }, 359 359 { 0x24c6, 0x5000, "Razer Atrox Arcade Stick", MAP_TRIGGERS_TO_BUTTONS, XTYPE_XBOX360 }, 360 360 { 0x24c6, 0x5300, "PowerA MINI PROEX Controller", 0, XTYPE_XBOX360 }, ··· 388 384 { 0x294b, 0x3404, "Snakebyte GAMEPAD RGB X", 0, XTYPE_XBOXONE }, 389 385 { 0x2993, 0x2001, "TECNO Pocket Go", 0, XTYPE_XBOX360 }, 390 386 { 0x2dc8, 0x2000, "8BitDo Pro 2 Wired Controller fox Xbox", 0, XTYPE_XBOXONE }, 387 + { 0x2dc8, 0x200f, "8BitDo Ultimate 3-mode Controller for Xbox", MAP_SHARE_BUTTON, XTYPE_XBOXONE }, 391 388 { 0x2dc8, 0x3106, "8BitDo Ultimate Wireless / Pro 2 Wired Controller", 0, XTYPE_XBOX360 }, 392 389 { 0x2dc8, 0x3109, "8BitDo Ultimate Wireless Bluetooth", 0, XTYPE_XBOX360 }, 393 390 { 0x2dc8, 0x310a, "8BitDo Ultimate 2C Wireless Controller", 0, XTYPE_XBOX360 }, 391 + { 0x2dc8, 0x310b, "8BitDo Ultimate 2 Wireless Controller", 0, XTYPE_XBOX360 }, 394 392 { 0x2dc8, 0x6001, "8BitDo SN30 Pro", 0, XTYPE_XBOX360 }, 393 + { 0x2e24, 0x0423, "Hyperkin DuchesS Xbox One pad", MAP_SHARE_BUTTON, XTYPE_XBOXONE }, 395 394 { 0x2e24, 0x0652, "Hyperkin Duke X-Box One pad", 0, XTYPE_XBOXONE }, 396 395 { 0x2e24, 0x1688, "Hyperkin X91 X-Box One pad", 0, XTYPE_XBOXONE }, 397 - { 0x2e95, 0x0504, "SCUF Gaming Controller", MAP_SELECT_BUTTON, XTYPE_XBOXONE }, 396 + { 0x2e95, 0x0504, "SCUF Gaming Controller", MAP_SHARE_BUTTON, XTYPE_XBOXONE }, 398 397 { 0x31e3, 0x1100, "Wooting One", 0, XTYPE_XBOX360 }, 399 398 { 0x31e3, 0x1200, "Wooting Two", 0, XTYPE_XBOX360 }, 400 399 { 0x31e3, 0x1210, "Wooting Lekker", 0, XTYPE_XBOX360 }, ··· 721 714 XBOXONE_INIT_PKT(0x045e, 0x0b00, xboxone_s_init), 722 715 XBOXONE_INIT_PKT(0x045e, 0x0b00, extra_input_packet_init), 723 716 XBOXONE_INIT_PKT(0x0e6f, 0x0000, xboxone_pdp_led_on), 717 + XBOXONE_INIT_PKT(0x0f0d, 0x01b2, xboxone_pdp_led_on), 724 718 XBOXONE_INIT_PKT(0x20d6, 0xa01a, xboxone_pdp_led_on), 725 719 XBOXONE_INIT_PKT(0x0e6f, 0x0000, xboxone_pdp_auth), 720 + XBOXONE_INIT_PKT(0x0f0d, 0x01b2, xboxone_pdp_auth), 726 721 XBOXONE_INIT_PKT(0x20d6, 0xa01a, xboxone_pdp_auth), 727 722 XBOXONE_INIT_PKT(0x24c6, 0x541a, xboxone_rumblebegin_init), 728 723 XBOXONE_INIT_PKT(0x24c6, 0x542a, xboxone_rumblebegin_init), ··· 1036 1027 * The report format was gleaned from 1037 1028 * https://github.com/kylelemons/xbox/blob/master/xbox.go 1038 1029 */ 1039 - static void xpadone_process_packet(struct usb_xpad *xpad, u16 cmd, unsigned char *data) 1030 + static void xpadone_process_packet(struct usb_xpad *xpad, u16 cmd, unsigned char *data, u32 len) 1040 1031 { 1041 1032 struct input_dev *dev = xpad->dev; 1042 1033 bool do_sync = false; ··· 1077 1068 /* menu/view buttons */ 1078 1069 input_report_key(dev, BTN_START, data[4] & BIT(2)); 1079 1070 input_report_key(dev, BTN_SELECT, data[4] & BIT(3)); 1080 - if (xpad->mapping & MAP_SELECT_BUTTON) 1081 - input_report_key(dev, KEY_RECORD, data[22] & BIT(0)); 1071 + if (xpad->mapping & MAP_SHARE_BUTTON) { 1072 + if (xpad->mapping & MAP_SHARE_OFFSET) 1073 + input_report_key(dev, KEY_RECORD, data[len - 26] & BIT(0)); 1074 + else 1075 + input_report_key(dev, KEY_RECORD, data[len - 18] & BIT(0)); 1076 + } 1082 1077 1083 1078 /* buttons A,B,X,Y */ 1084 1079 input_report_key(dev, BTN_A, data[4] & BIT(4)); ··· 1230 1217 xpad360w_process_packet(xpad, 0, xpad->idata); 1231 1218 break; 1232 1219 case XTYPE_XBOXONE: 1233 - xpadone_process_packet(xpad, 0, xpad->idata); 1220 + xpadone_process_packet(xpad, 0, xpad->idata, urb->actual_length); 1234 1221 break; 1235 1222 default: 1236 1223 xpad_process_packet(xpad, 0, xpad->idata); ··· 1957 1944 xpad->xtype == XTYPE_XBOXONE) { 1958 1945 for (i = 0; xpad360_btn[i] >= 0; i++) 1959 1946 input_set_capability(input_dev, EV_KEY, xpad360_btn[i]); 1960 - if (xpad->mapping & MAP_SELECT_BUTTON) 1947 + if (xpad->mapping & MAP_SHARE_BUTTON) 1961 1948 input_set_capability(input_dev, EV_KEY, KEY_RECORD); 1962 1949 } else { 1963 1950 for (i = 0; xpad_btn[i] >= 0; i++)

+2 -2

drivers/input/keyboard/mtk-pmic-keys.c

··· 147 147 u32 value, mask; 148 148 int error; 149 149 150 - kregs_home = keys->keys[MTK_PMIC_HOMEKEY_INDEX].regs; 151 - kregs_pwr = keys->keys[MTK_PMIC_PWRKEY_INDEX].regs; 150 + kregs_home = &regs->keys_regs[MTK_PMIC_HOMEKEY_INDEX]; 151 + kregs_pwr = &regs->keys_regs[MTK_PMIC_PWRKEY_INDEX]; 152 152 153 153 error = of_property_read_u32(keys->dev->of_node, "power-off-time-sec", 154 154 &long_press_debounce);

+1 -1

drivers/input/misc/hisi_powerkey.c

··· 30 30 { 31 31 struct input_dev *input = q; 32 32 33 - pm_wakeup_event(input->dev.parent, MAX_HELD_TIME); 33 + pm_wakeup_dev_event(input->dev.parent, MAX_HELD_TIME, true); 34 34 input_report_key(input, KEY_POWER, 1); 35 35 input_sync(input); 36 36

+16 -6

drivers/input/misc/sparcspkr.c

··· 74 74 return -1; 75 75 76 76 switch (code) { 77 - case SND_BELL: if (value) value = 1000; 78 - case SND_TONE: break; 79 - default: return -1; 77 + case SND_BELL: 78 + if (value) 79 + value = 1000; 80 + break; 81 + case SND_TONE: 82 + break; 83 + default: 84 + return -1; 80 85 } 81 86 82 87 if (value > 20 && value < 32767) ··· 114 109 return -1; 115 110 116 111 switch (code) { 117 - case SND_BELL: if (value) value = 1000; 118 - case SND_TONE: break; 119 - default: return -1; 112 + case SND_BELL: 113 + if (value) 114 + value = 1000; 115 + break; 116 + case SND_TONE: 117 + break; 118 + default: 119 + return -1; 120 120 } 121 121 122 122 if (value > 20 && value < 32767)

+5

drivers/input/mouse/synaptics.c

··· 164 164 #ifdef CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS 165 165 static const char * const smbus_pnp_ids[] = { 166 166 /* all of the topbuttonpad_pnp_ids are valid, we just add some extras */ 167 + "DLL060d", /* Dell Precision M3800 */ 167 168 "LEN0048", /* X1 Carbon 3 */ 168 169 "LEN0046", /* X250 */ 169 170 "LEN0049", /* Yoga 11e */ ··· 191 190 "LEN2054", /* E480 */ 192 191 "LEN2055", /* E580 */ 193 192 "LEN2068", /* T14 Gen 1 */ 193 + "SYN1221", /* TUXEDO InfinityBook Pro 14 v5 */ 194 + "SYN3003", /* HP EliteBook 850 G1 */ 194 195 "SYN3015", /* HP EliteBook 840 G2 */ 195 196 "SYN3052", /* HP EliteBook 840 G4 */ 196 197 "SYN3221", /* HP 15-ay000 */ 197 198 "SYN323d", /* HP Spectre X360 13-w013dx */ 198 199 "SYN3257", /* HP Envy 13-ad105ng */ 200 + "TOS01f6", /* Dynabook Portege X30L-G */ 201 + "TOS0213", /* Dynabook Portege X30-D */ 199 202 NULL 200 203 }; 201 204 #endif

+5 -2

drivers/input/touchscreen/cyttsp5.c

··· 580 580 int rc; 581 581 582 582 SET_CMD_REPORT_TYPE(cmd[0], 0); 583 - SET_CMD_REPORT_ID(cmd[0], HID_POWER_SLEEP); 583 + SET_CMD_REPORT_ID(cmd[0], state); 584 584 SET_CMD_OPCODE(cmd[1], HID_CMD_SET_POWER); 585 585 586 586 rc = cyttsp5_write(ts, HID_COMMAND_REG, cmd, sizeof(cmd)); ··· 870 870 ts->input->phys = ts->phys; 871 871 input_set_drvdata(ts->input, ts); 872 872 873 - /* Reset the gpio to be in a reset state */ 873 + /* Assert gpio to be in a reset state */ 874 874 ts->reset_gpio = devm_gpiod_get_optional(dev, "reset", GPIOD_OUT_HIGH); 875 875 if (IS_ERR(ts->reset_gpio)) { 876 876 error = PTR_ERR(ts->reset_gpio); 877 877 dev_err(dev, "Failed to request reset gpio, error %d\n", error); 878 878 return error; 879 879 } 880 + 881 + fsleep(10); /* Ensure long-enough reset pulse (minimum 10us). */ 882 + 880 883 gpiod_set_value_cansleep(ts->reset_gpio, 0); 881 884 882 885 /* Need a delay to have device up */

+1 -6

drivers/input/touchscreen/stmpe-ts.c

··· 366 366 }; 367 367 module_platform_driver(stmpe_ts_driver); 368 368 369 - static const struct of_device_id stmpe_ts_ids[] = { 370 - { .compatible = "st,stmpe-ts", }, 371 - { }, 372 - }; 373 - MODULE_DEVICE_TABLE(of, stmpe_ts_ids); 374 - 369 + MODULE_ALIAS("platform:stmpe-ts"); 375 370 MODULE_AUTHOR("Luotao Fu <l.fu@pengutronix.de>"); 376 371 MODULE_DESCRIPTION("STMPEXXX touchscreen driver"); 377 372 MODULE_LICENSE("GPL");

+33

drivers/net/dsa/b53/b53_common.c

··· 327 327 } 328 328 } 329 329 330 + static void b53_set_eap_mode(struct b53_device *dev, int port, int mode) 331 + { 332 + u64 eap_conf; 333 + 334 + if (is5325(dev) || is5365(dev) || dev->chip_id == BCM5389_DEVICE_ID) 335 + return; 336 + 337 + b53_read64(dev, B53_EAP_PAGE, B53_PORT_EAP_CONF(port), &eap_conf); 338 + 339 + if (is63xx(dev)) { 340 + eap_conf &= ~EAP_MODE_MASK_63XX; 341 + eap_conf |= (u64)mode << EAP_MODE_SHIFT_63XX; 342 + } else { 343 + eap_conf &= ~EAP_MODE_MASK; 344 + eap_conf |= (u64)mode << EAP_MODE_SHIFT; 345 + } 346 + 347 + b53_write64(dev, B53_EAP_PAGE, B53_PORT_EAP_CONF(port), eap_conf); 348 + } 349 + 330 350 static void b53_set_forwarding(struct b53_device *dev, int enable) 331 351 { 332 352 u8 mgmt; ··· 606 586 b53_port_set_ucast_flood(dev, port, true); 607 587 b53_port_set_mcast_flood(dev, port, true); 608 588 b53_port_set_learning(dev, port, false); 589 + 590 + /* Force all traffic to go to the CPU port to prevent the ASIC from 591 + * trying to forward to bridged ports on matching FDB entries, then 592 + * dropping frames because it isn't allowed to forward there. 593 + */ 594 + if (dsa_is_user_port(ds, port)) 595 + b53_set_eap_mode(dev, port, EAP_MODE_SIMPLIFIED); 609 596 610 597 return 0; 611 598 } ··· 2074 2047 pvlan |= BIT(i); 2075 2048 } 2076 2049 2050 + /* Disable redirection of unknown SA to the CPU port */ 2051 + b53_set_eap_mode(dev, port, EAP_MODE_BASIC); 2052 + 2077 2053 /* Configure the local port VLAN control membership to include 2078 2054 * remote ports and update the local port bitmask 2079 2055 */ ··· 2111 2081 if (port != i) 2112 2082 pvlan &= ~BIT(i); 2113 2083 } 2084 + 2085 + /* Enable redirection of unknown SA to the CPU port */ 2086 + b53_set_eap_mode(dev, port, EAP_MODE_SIMPLIFIED); 2114 2087 2115 2088 b53_write16(dev, B53_PVLAN_PAGE, B53_PVLAN_PORT_MASK(port), pvlan); 2116 2089 dev->ports[port].vlan_ctl_mask = pvlan;

+14

drivers/net/dsa/b53/b53_regs.h

··· 50 50 /* Jumbo Frame Registers */ 51 51 #define B53_JUMBO_PAGE 0x40 52 52 53 + /* EAP Registers */ 54 + #define B53_EAP_PAGE 0x42 55 + 53 56 /* EEE Control Registers Page */ 54 57 #define B53_EEE_PAGE 0x92 55 58 ··· 489 486 #define B53_JUMBO_MAX_SIZE_63XX 0x08 490 487 #define JMS_MIN_SIZE 1518 491 488 #define JMS_MAX_SIZE 9724 489 + 490 + /************************************************************************* 491 + * EAP Page Registers 492 + *************************************************************************/ 493 + #define B53_PORT_EAP_CONF(i) (0x20 + 8 * (i)) 494 + #define EAP_MODE_SHIFT 51 495 + #define EAP_MODE_SHIFT_63XX 50 496 + #define EAP_MODE_MASK (0x3ull << EAP_MODE_SHIFT) 497 + #define EAP_MODE_MASK_63XX (0x3ull << EAP_MODE_SHIFT_63XX) 498 + #define EAP_MODE_BASIC 0 499 + #define EAP_MODE_SIMPLIFIED 3 492 500 493 501 /************************************************************************* 494 502 * EEE Configuration Page Registers

+108 -29

drivers/net/dsa/microchip/ksz_common.c

··· 265 265 unsigned int mode, 266 266 phy_interface_t interface); 267 267 268 + /** 269 + * ksz_phylink_mac_disable_tx_lpi() - Callback to signal LPI support (Dummy) 270 + * @config: phylink config structure 271 + * 272 + * This function is a dummy handler. See ksz_phylink_mac_enable_tx_lpi() for 273 + * a detailed explanation of EEE/LPI handling in KSZ switches. 274 + */ 275 + static void ksz_phylink_mac_disable_tx_lpi(struct phylink_config *config) 276 + { 277 + } 278 + 279 + /** 280 + * ksz_phylink_mac_enable_tx_lpi() - Callback to signal LPI support (Dummy) 281 + * @config: phylink config structure 282 + * @timer: timer value before entering LPI (unused) 283 + * @tx_clock_stop: whether to stop the TX clock in LPI mode (unused) 284 + * 285 + * This function signals to phylink that the driver architecture supports 286 + * LPI management, enabling phylink to control EEE advertisement during 287 + * negotiation according to IEEE Std 802.3 (Clause 78). 288 + * 289 + * Hardware Management of EEE/LPI State: 290 + * For KSZ switch ports with integrated PHYs (e.g., KSZ9893R ports 1-2), 291 + * observation and testing suggest that the actual EEE / Low Power Idle (LPI) 292 + * state transitions are managed autonomously by the hardware based on 293 + * the auto-negotiation results. (Note: While the datasheet describes EEE 294 + * operation based on negotiation, it doesn't explicitly detail the internal 295 + * MAC/PHY interaction, so autonomous hardware management of the MAC state 296 + * for LPI is inferred from observed behavior). 297 + * This hardware control, consistent with the switch's ability to operate 298 + * autonomously via strapping, means MAC-level software intervention is not 299 + * required or exposed for managing the LPI state once EEE is negotiated. 300 + * (Ref: KSZ9893R Data Sheet DS00002420D, primarily Section 4.7.5 explaining 301 + * EEE, also Sections 4.1.7 on Auto-Negotiation and 3.2.1 on Configuration 302 + * Straps). 303 + * 304 + * Additionally, ports configured as MAC interfaces (e.g., KSZ9893R port 3) 305 + * lack documented MAC-level LPI control. 306 + * 307 + * Therefore, this callback performs no action and serves primarily to inform 308 + * phylink of LPI awareness and to document the inferred hardware behavior. 309 + * 310 + * Returns: 0 (Always success) 311 + */ 312 + static int ksz_phylink_mac_enable_tx_lpi(struct phylink_config *config, 313 + u32 timer, bool tx_clock_stop) 314 + { 315 + return 0; 316 + } 317 + 268 318 static const struct phylink_mac_ops ksz88x3_phylink_mac_ops = { 269 319 .mac_config = ksz88x3_phylink_mac_config, 270 320 .mac_link_down = ksz_phylink_mac_link_down, 271 321 .mac_link_up = ksz8_phylink_mac_link_up, 322 + .mac_disable_tx_lpi = ksz_phylink_mac_disable_tx_lpi, 323 + .mac_enable_tx_lpi = ksz_phylink_mac_enable_tx_lpi, 272 324 }; 273 325 274 326 static const struct phylink_mac_ops ksz8_phylink_mac_ops = { 275 327 .mac_config = ksz_phylink_mac_config, 276 328 .mac_link_down = ksz_phylink_mac_link_down, 277 329 .mac_link_up = ksz8_phylink_mac_link_up, 330 + .mac_disable_tx_lpi = ksz_phylink_mac_disable_tx_lpi, 331 + .mac_enable_tx_lpi = ksz_phylink_mac_enable_tx_lpi, 278 332 }; 279 333 280 334 static const struct ksz_dev_ops ksz88xx_dev_ops = { ··· 412 358 .mac_config = ksz_phylink_mac_config, 413 359 .mac_link_down = ksz_phylink_mac_link_down, 414 360 .mac_link_up = ksz9477_phylink_mac_link_up, 361 + .mac_disable_tx_lpi = ksz_phylink_mac_disable_tx_lpi, 362 + .mac_enable_tx_lpi = ksz_phylink_mac_enable_tx_lpi, 415 363 }; 416 364 417 365 static const struct ksz_dev_ops ksz9477_dev_ops = { ··· 457 401 .mac_config = ksz_phylink_mac_config, 458 402 .mac_link_down = ksz_phylink_mac_link_down, 459 403 .mac_link_up = ksz9477_phylink_mac_link_up, 404 + .mac_disable_tx_lpi = ksz_phylink_mac_disable_tx_lpi, 405 + .mac_enable_tx_lpi = ksz_phylink_mac_enable_tx_lpi, 460 406 }; 461 407 462 408 static const struct ksz_dev_ops lan937x_dev_ops = { ··· 2074 2016 2075 2017 if (dev->dev_ops->get_caps) 2076 2018 dev->dev_ops->get_caps(dev, port, config); 2019 + 2020 + if (ds->ops->support_eee && ds->ops->support_eee(ds, port)) { 2021 + memcpy(config->lpi_interfaces, config->supported_interfaces, 2022 + sizeof(config->lpi_interfaces)); 2023 + 2024 + config->lpi_capabilities = MAC_100FD; 2025 + if (dev->info->gbit_capable[port]) 2026 + config->lpi_capabilities |= MAC_1000FD; 2027 + 2028 + /* EEE is fully operational */ 2029 + config->eee_enabled_default = true; 2030 + } 2077 2031 } 2078 2032 2079 2033 void ksz_r_mib_stats64(struct ksz_device *dev, int port) ··· 3078 3008 if (!port) 3079 3009 return MICREL_KSZ8_P1_ERRATA; 3080 3010 break; 3081 - case KSZ8567_CHIP_ID: 3082 - /* KSZ8567R Errata DS80000752C Module 4 */ 3083 - case KSZ8765_CHIP_ID: 3084 - case KSZ8794_CHIP_ID: 3085 - case KSZ8795_CHIP_ID: 3086 - /* KSZ879x/KSZ877x/KSZ876x Errata DS80000687C Module 2 */ 3087 - case KSZ9477_CHIP_ID: 3088 - /* KSZ9477S Errata DS80000754A Module 4 */ 3089 - case KSZ9567_CHIP_ID: 3090 - /* KSZ9567S Errata DS80000756A Module 4 */ 3091 - case KSZ9896_CHIP_ID: 3092 - /* KSZ9896C Errata DS80000757A Module 3 */ 3093 - case KSZ9897_CHIP_ID: 3094 - case LAN9646_CHIP_ID: 3095 - /* KSZ9897R Errata DS80000758C Module 4 */ 3096 - /* Energy Efficient Ethernet (EEE) feature select must be manually disabled 3097 - * The EEE feature is enabled by default, but it is not fully 3098 - * operational. It must be manually disabled through register 3099 - * controls. If not disabled, the PHY ports can auto-negotiate 3100 - * to enable EEE, and this feature can cause link drops when 3101 - * linked to another device supporting EEE. 3102 - * 3103 - * The same item appears in the errata for all switches above. 3104 - */ 3105 - return MICREL_NO_EEE; 3106 3011 } 3107 3012 3108 3013 return 0; ··· 3511 3466 return -EOPNOTSUPP; 3512 3467 } 3513 3468 3469 + /** 3470 + * ksz_support_eee - Determine Energy Efficient Ethernet (EEE) support for a 3471 + * port 3472 + * @ds: Pointer to the DSA switch structure 3473 + * @port: Port number to check 3474 + * 3475 + * This function also documents devices where EEE was initially advertised but 3476 + * later withdrawn due to reliability issues, as described in official errata 3477 + * documents. These devices are explicitly listed to record known limitations, 3478 + * even if there is no technical necessity for runtime checks. 3479 + * 3480 + * Returns: true if the internal PHY on the given port supports fully 3481 + * operational EEE, false otherwise. 3482 + */ 3514 3483 static bool ksz_support_eee(struct dsa_switch *ds, int port) 3515 3484 { 3516 3485 struct ksz_device *dev = ds->priv; ··· 3534 3475 3535 3476 switch (dev->chip_id) { 3536 3477 case KSZ8563_CHIP_ID: 3537 - case KSZ8567_CHIP_ID: 3538 - case KSZ9477_CHIP_ID: 3539 3478 case KSZ9563_CHIP_ID: 3540 - case KSZ9567_CHIP_ID: 3541 3479 case KSZ9893_CHIP_ID: 3480 + return true; 3481 + case KSZ8567_CHIP_ID: 3482 + /* KSZ8567R Errata DS80000752C Module 4 */ 3483 + case KSZ8765_CHIP_ID: 3484 + case KSZ8794_CHIP_ID: 3485 + case KSZ8795_CHIP_ID: 3486 + /* KSZ879x/KSZ877x/KSZ876x Errata DS80000687C Module 2 */ 3487 + case KSZ9477_CHIP_ID: 3488 + /* KSZ9477S Errata DS80000754A Module 4 */ 3489 + case KSZ9567_CHIP_ID: 3490 + /* KSZ9567S Errata DS80000756A Module 4 */ 3542 3491 case KSZ9896_CHIP_ID: 3492 + /* KSZ9896C Errata DS80000757A Module 3 */ 3543 3493 case KSZ9897_CHIP_ID: 3544 3494 case LAN9646_CHIP_ID: 3545 - return true; 3495 + /* KSZ9897R Errata DS80000758C Module 4 */ 3496 + /* Energy Efficient Ethernet (EEE) feature select must be 3497 + * manually disabled 3498 + * The EEE feature is enabled by default, but it is not fully 3499 + * operational. It must be manually disabled through register 3500 + * controls. If not disabled, the PHY ports can auto-negotiate 3501 + * to enable EEE, and this feature can cause link drops when 3502 + * linked to another device supporting EEE. 3503 + * 3504 + * The same item appears in the errata for all switches above. 3505 + */ 3506 + break; 3546 3507 } 3547 3508 3548 3509 return false;

+1 -5

drivers/net/dsa/sja1105/sja1105_main.c

··· 2081 2081 switch (state) { 2082 2082 case BR_STATE_DISABLED: 2083 2083 case BR_STATE_BLOCKING: 2084 + case BR_STATE_LISTENING: 2084 2085 /* From UM10944 description of DRPDTAG (why put this there?): 2085 2086 * "Management traffic flows to the port regardless of the state 2086 2087 * of the INGRESS flag". So BPDUs are still be allowed to pass. 2087 2088 * At the moment no difference between DISABLED and BLOCKING. 2088 2089 */ 2089 2090 mac[port].ingress = false; 2090 - mac[port].egress = false; 2091 - mac[port].dyn_learn = false; 2092 - break; 2093 - case BR_STATE_LISTENING: 2094 - mac[port].ingress = true; 2095 2091 mac[port].egress = false; 2096 2092 mac[port].dyn_learn = false; 2097 2093 break;

+29 -7

drivers/net/ethernet/broadcom/bnxt/bnxt.c

··· 14055 14055 netdev_unlock(bp->dev); 14056 14056 } 14057 14057 14058 + /* Same as bnxt_lock_sp() with additional rtnl_lock */ 14059 + static void bnxt_rtnl_lock_sp(struct bnxt *bp) 14060 + { 14061 + clear_bit(BNXT_STATE_IN_SP_TASK, &bp->state); 14062 + rtnl_lock(); 14063 + netdev_lock(bp->dev); 14064 + } 14065 + 14066 + static void bnxt_rtnl_unlock_sp(struct bnxt *bp) 14067 + { 14068 + set_bit(BNXT_STATE_IN_SP_TASK, &bp->state); 14069 + netdev_unlock(bp->dev); 14070 + rtnl_unlock(); 14071 + } 14072 + 14058 14073 /* Only called from bnxt_sp_task() */ 14059 14074 static void bnxt_reset(struct bnxt *bp, bool silent) 14060 14075 { 14061 - bnxt_lock_sp(bp); 14076 + bnxt_rtnl_lock_sp(bp); 14062 14077 if (test_bit(BNXT_STATE_OPEN, &bp->state)) 14063 14078 bnxt_reset_task(bp, silent); 14064 - bnxt_unlock_sp(bp); 14079 + bnxt_rtnl_unlock_sp(bp); 14065 14080 } 14066 14081 14067 14082 /* Only called from bnxt_sp_task() */ ··· 14084 14069 { 14085 14070 int i; 14086 14071 14087 - bnxt_lock_sp(bp); 14072 + bnxt_rtnl_lock_sp(bp); 14088 14073 if (!test_bit(BNXT_STATE_OPEN, &bp->state)) { 14089 - bnxt_unlock_sp(bp); 14074 + bnxt_rtnl_unlock_sp(bp); 14090 14075 return; 14091 14076 } 14092 14077 /* Disable and flush TPA before resetting the RX ring */ ··· 14125 14110 } 14126 14111 if (bp->flags & BNXT_FLAG_TPA) 14127 14112 bnxt_set_tpa(bp, true); 14128 - bnxt_unlock_sp(bp); 14113 + bnxt_rtnl_unlock_sp(bp); 14129 14114 } 14130 14115 14131 14116 static void bnxt_fw_fatal_close(struct bnxt *bp) ··· 15017 15002 bp->fw_reset_state = BNXT_FW_RESET_STATE_OPENING; 15018 15003 fallthrough; 15019 15004 case BNXT_FW_RESET_STATE_OPENING: 15020 - while (!netdev_trylock(bp->dev)) { 15005 + while (!rtnl_trylock()) { 15021 15006 bnxt_queue_fw_reset_work(bp, HZ / 10); 15022 15007 return; 15023 15008 } 15009 + netdev_lock(bp->dev); 15024 15010 rc = bnxt_open(bp->dev); 15025 15011 if (rc) { 15026 15012 netdev_err(bp->dev, "bnxt_open() failed during FW reset\n"); 15027 15013 bnxt_fw_reset_abort(bp, rc); 15028 15014 netdev_unlock(bp->dev); 15015 + rtnl_unlock(); 15029 15016 goto ulp_start; 15030 15017 } 15031 15018 ··· 15047 15030 bnxt_dl_health_fw_status_update(bp, true); 15048 15031 } 15049 15032 netdev_unlock(bp->dev); 15033 + rtnl_unlock(); 15050 15034 bnxt_ulp_start(bp, 0); 15051 15035 bnxt_reenable_sriov(bp); 15052 15036 netdev_lock(bp->dev); ··· 15998 15980 rc); 15999 15981 napi_enable_locked(&bnapi->napi); 16000 15982 bnxt_db_nq_arm(bp, &cpr->cp_db, cpr->cp_raw_cons); 16001 - bnxt_reset_task(bp, true); 15983 + netif_close(dev); 16002 15984 return rc; 16003 15985 } 16004 15986 ··· 16814 16796 struct bnxt *bp = netdev_priv(dev); 16815 16797 int rc = 0; 16816 16798 16799 + rtnl_lock(); 16817 16800 netdev_lock(dev); 16818 16801 rc = pci_enable_device(bp->pdev); 16819 16802 if (rc) { ··· 16859 16840 16860 16841 resume_exit: 16861 16842 netdev_unlock(bp->dev); 16843 + rtnl_unlock(); 16862 16844 bnxt_ulp_start(bp, rc); 16863 16845 if (!rc) 16864 16846 bnxt_reenable_sriov(bp); ··· 17025 17005 int err; 17026 17006 17027 17007 netdev_info(bp->dev, "PCI Slot Resume\n"); 17008 + rtnl_lock(); 17028 17009 netdev_lock(netdev); 17029 17010 17030 17011 err = bnxt_hwrm_func_qcaps(bp); ··· 17043 17022 netif_device_attach(netdev); 17044 17023 17045 17024 netdev_unlock(netdev); 17025 + rtnl_unlock(); 17046 17026 bnxt_ulp_start(bp, err); 17047 17027 if (!err) 17048 17028 bnxt_reenable_sriov(bp);

+6 -13

drivers/net/ethernet/cadence/macb_main.c

··· 997 997 998 998 static int macb_halt_tx(struct macb *bp) 999 999 { 1000 - unsigned long halt_time, timeout; 1001 - u32 status; 1000 + u32 status; 1002 1001 1003 1002 macb_writel(bp, NCR, macb_readl(bp, NCR) | MACB_BIT(THALT)); 1004 1003 1005 - timeout = jiffies + usecs_to_jiffies(MACB_HALT_TIMEOUT); 1006 - do { 1007 - halt_time = jiffies; 1008 - status = macb_readl(bp, TSR); 1009 - if (!(status & MACB_BIT(TGO))) 1010 - return 0; 1011 - 1012 - udelay(250); 1013 - } while (time_before(halt_time, timeout)); 1014 - 1015 - return -ETIMEDOUT; 1004 + /* Poll TSR until TGO is cleared or timeout. */ 1005 + return read_poll_timeout_atomic(macb_readl, status, 1006 + !(status & MACB_BIT(TGO)), 1007 + 250, MACB_HALT_TIMEOUT, false, 1008 + bp, TSR); 1016 1009 } 1017 1010 1018 1011 static void macb_tx_unmap(struct macb *bp, struct macb_tx_skb *tx_skb, int budget)

+19 -11

drivers/net/ethernet/engleder/tsnep_main.c

··· 67 67 #define TSNEP_TX_TYPE_XDP_NDO_MAP_PAGE (TSNEP_TX_TYPE_XDP_NDO | TSNEP_TX_TYPE_MAP_PAGE) 68 68 #define TSNEP_TX_TYPE_XDP (TSNEP_TX_TYPE_XDP_TX | TSNEP_TX_TYPE_XDP_NDO) 69 69 #define TSNEP_TX_TYPE_XSK BIT(12) 70 + #define TSNEP_TX_TYPE_TSTAMP BIT(13) 71 + #define TSNEP_TX_TYPE_SKB_TSTAMP (TSNEP_TX_TYPE_SKB | TSNEP_TX_TYPE_TSTAMP) 70 72 71 73 #define TSNEP_XDP_TX BIT(0) 72 74 #define TSNEP_XDP_REDIRECT BIT(1) ··· 388 386 if (entry->skb) { 389 387 entry->properties = length & TSNEP_DESC_LENGTH_MASK; 390 388 entry->properties |= TSNEP_DESC_INTERRUPT_FLAG; 391 - if ((entry->type & TSNEP_TX_TYPE_SKB) && 392 - (skb_shinfo(entry->skb)->tx_flags & SKBTX_IN_PROGRESS)) 389 + if ((entry->type & TSNEP_TX_TYPE_SKB_TSTAMP) == TSNEP_TX_TYPE_SKB_TSTAMP) 393 390 entry->properties |= TSNEP_DESC_EXTENDED_WRITEBACK_FLAG; 394 391 395 392 /* toggle user flag to prevent false acknowledge ··· 480 479 return mapped; 481 480 } 482 481 483 - static int tsnep_tx_map(struct sk_buff *skb, struct tsnep_tx *tx, int count) 482 + static int tsnep_tx_map(struct sk_buff *skb, struct tsnep_tx *tx, int count, 483 + bool do_tstamp) 484 484 { 485 485 struct device *dmadev = tx->adapter->dmadev; 486 486 struct tsnep_tx_entry *entry; ··· 507 505 entry->type = TSNEP_TX_TYPE_SKB_INLINE; 508 506 mapped = 0; 509 507 } 508 + 509 + if (do_tstamp) 510 + entry->type |= TSNEP_TX_TYPE_TSTAMP; 510 511 } else { 511 512 skb_frag_t *frag = &skb_shinfo(skb)->frags[i - 1]; 512 513 ··· 563 558 static netdev_tx_t tsnep_xmit_frame_ring(struct sk_buff *skb, 564 559 struct tsnep_tx *tx) 565 560 { 566 - int count = 1; 567 561 struct tsnep_tx_entry *entry; 562 + bool do_tstamp = false; 563 + int count = 1; 568 564 int length; 569 - int i; 570 565 int retval; 566 + int i; 571 567 572 568 if (skb_shinfo(skb)->nr_frags > 0) 573 569 count += skb_shinfo(skb)->nr_frags; ··· 585 579 entry = &tx->entry[tx->write]; 586 580 entry->skb = skb; 587 581 588 - retval = tsnep_tx_map(skb, tx, count); 582 + if (unlikely(skb_shinfo(skb)->tx_flags & SKBTX_HW_TSTAMP) && 583 + tx->adapter->hwtstamp_config.tx_type == HWTSTAMP_TX_ON) { 584 + skb_shinfo(skb)->tx_flags |= SKBTX_IN_PROGRESS; 585 + do_tstamp = true; 586 + } 587 + 588 + retval = tsnep_tx_map(skb, tx, count, do_tstamp); 589 589 if (retval < 0) { 590 590 tsnep_tx_unmap(tx, tx->write, count); 591 591 dev_kfree_skb_any(entry->skb); ··· 602 590 return NETDEV_TX_OK; 603 591 } 604 592 length = retval; 605 - 606 - if (skb_shinfo(skb)->tx_flags & SKBTX_HW_TSTAMP) 607 - skb_shinfo(skb)->tx_flags |= SKBTX_IN_PROGRESS; 608 593 609 594 for (i = 0; i < count; i++) 610 595 tsnep_tx_activate(tx, (tx->write + i) & TSNEP_RING_MASK, length, ··· 853 844 854 845 length = tsnep_tx_unmap(tx, tx->read, count); 855 846 856 - if ((entry->type & TSNEP_TX_TYPE_SKB) && 857 - (skb_shinfo(entry->skb)->tx_flags & SKBTX_IN_PROGRESS) && 847 + if (((entry->type & TSNEP_TX_TYPE_SKB_TSTAMP) == TSNEP_TX_TYPE_SKB_TSTAMP) && 858 848 (__le32_to_cpu(entry->desc_wb->properties) & 859 849 TSNEP_DESC_EXTENDED_WRITEBACK_FLAG)) { 860 850 struct skb_shared_hwtstamps hwtstamps;

+5

drivers/net/ethernet/marvell/octeontx2/af/cgx.c

··· 717 717 718 718 if (!is_lmac_valid(cgx, lmac_id)) 719 719 return -ENODEV; 720 + 721 + /* pass lmac as 0 for CGX_CMR_RX_STAT9-12 */ 722 + if (idx >= CGX_RX_STAT_GLOBAL_INDEX) 723 + lmac_id = 0; 724 + 720 725 *rx_stat = cgx_read(cgx, lmac_id, CGXX_CMRX_RX_STAT0 + (idx * 8)); 721 726 return 0; 722 727 }

+2 -1

drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c

··· 531 531 if (sw_tx_sc->encrypt) 532 532 sectag_tci |= (MCS_TCI_E | MCS_TCI_C); 533 533 534 - policy = FIELD_PREP(MCS_TX_SECY_PLCY_MTU, secy->netdev->mtu); 534 + policy = FIELD_PREP(MCS_TX_SECY_PLCY_MTU, 535 + pfvf->netdev->mtu + OTX2_ETH_HLEN); 535 536 /* Write SecTag excluding AN bits(1..0) */ 536 537 policy |= FIELD_PREP(MCS_TX_SECY_PLCY_ST_TCI, sectag_tci >> 2); 537 538 policy |= FIELD_PREP(MCS_TX_SECY_PLCY_ST_OFFSET, tag_offset);

+1

drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.h

··· 356 356 struct list_head flow_list_tc; 357 357 u8 ucast_flt_cnt; 358 358 bool ntuple; 359 + u16 ntuple_cnt; 359 360 }; 360 361 361 362 struct dev_hw_ops {

+1

drivers/net/ethernet/marvell/octeontx2/nic/otx2_devlink.c

··· 41 41 if (!pfvf->flow_cfg) 42 42 return 0; 43 43 44 + pfvf->flow_cfg->ntuple_cnt = ctx->val.vu16; 44 45 otx2_alloc_mcam_entries(pfvf, ctx->val.vu16); 45 46 46 47 return 0;

+5 -5

drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c

··· 315 315 struct otx2_nic *pfvf = netdev_priv(netdev); 316 316 struct cgx_pause_frm_cfg *req, *rsp; 317 317 318 - if (is_otx2_lbkvf(pfvf->pdev)) 318 + if (is_otx2_lbkvf(pfvf->pdev) || is_otx2_sdp_rep(pfvf->pdev)) 319 319 return; 320 320 321 321 mutex_lock(&pfvf->mbox.lock); ··· 347 347 if (pause->autoneg) 348 348 return -EOPNOTSUPP; 349 349 350 - if (is_otx2_lbkvf(pfvf->pdev)) 350 + if (is_otx2_lbkvf(pfvf->pdev) || is_otx2_sdp_rep(pfvf->pdev)) 351 351 return -EOPNOTSUPP; 352 352 353 353 if (pause->rx_pause) ··· 941 941 { 942 942 struct otx2_nic *pfvf = netdev_priv(netdev); 943 943 944 - /* LBK link is internal and always UP */ 945 - if (is_otx2_lbkvf(pfvf->pdev)) 944 + /* LBK and SDP links are internal and always UP */ 945 + if (is_otx2_lbkvf(pfvf->pdev) || is_otx2_sdp_rep(pfvf->pdev)) 946 946 return 1; 947 947 return pfvf->linfo.link_up; 948 948 } ··· 1413 1413 { 1414 1414 struct otx2_nic *pfvf = netdev_priv(netdev); 1415 1415 1416 - if (is_otx2_lbkvf(pfvf->pdev)) { 1416 + if (is_otx2_lbkvf(pfvf->pdev) || is_otx2_sdp_rep(pfvf->pdev)) { 1417 1417 cmd->base.duplex = DUPLEX_FULL; 1418 1418 cmd->base.speed = SPEED_100000; 1419 1419 } else {

+2 -1

drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c

··· 247 247 mutex_unlock(&pfvf->mbox.lock); 248 248 249 249 /* Allocate entries for Ntuple filters */ 250 - count = otx2_alloc_mcam_entries(pfvf, OTX2_DEFAULT_FLOWCOUNT); 250 + count = otx2_alloc_mcam_entries(pfvf, flow_cfg->ntuple_cnt); 251 251 if (count <= 0) { 252 252 otx2_clear_ntuple_flow_info(pfvf, flow_cfg); 253 253 return 0; ··· 307 307 INIT_LIST_HEAD(&pf->flow_cfg->flow_list_tc); 308 308 309 309 pf->flow_cfg->ucast_flt_cnt = OTX2_DEFAULT_UNICAST_FLOWS; 310 + pf->flow_cfg->ntuple_cnt = OTX2_DEFAULT_FLOWCOUNT; 310 311 311 312 /* Allocate bare minimum number of MCAM entries needed for 312 313 * unicast and ntuple filters.

+1 -1

drivers/net/ethernet/mediatek/mtk_eth_soc.c

··· 4836 4836 } 4837 4837 4838 4838 if (mtk_is_netsys_v3_or_greater(mac->hw) && 4839 - MTK_HAS_CAPS(mac->hw->soc->caps, MTK_ESW_BIT) && 4839 + MTK_HAS_CAPS(mac->hw->soc->caps, MTK_ESW) && 4840 4840 id == MTK_GMAC1_ID) { 4841 4841 mac->phylink_config.mac_capabilities = MAC_ASYM_PAUSE | 4842 4842 MAC_SYM_PAUSE |

+4

drivers/net/ethernet/mellanox/mlx5/core/en_main.c

··· 4349 4349 if (netdev->features & NETIF_F_HW_VLAN_CTAG_FILTER) 4350 4350 netdev_warn(netdev, "Disabling HW_VLAN CTAG FILTERING, not supported in switchdev mode\n"); 4351 4351 4352 + features &= ~NETIF_F_HW_MACSEC; 4353 + if (netdev->features & NETIF_F_HW_MACSEC) 4354 + netdev_warn(netdev, "Disabling HW MACsec offload, not supported in switchdev mode\n"); 4355 + 4352 4356 return features; 4353 4357 } 4354 4358

+3

drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c

··· 3014 3014 .rif = rif, 3015 3015 }; 3016 3016 3017 + if (!mlxsw_sp_dev_lower_is_port(mlxsw_sp_rif_dev(rif))) 3018 + return 0; 3019 + 3017 3020 neigh_for_each(&arp_tbl, mlxsw_sp_neigh_rif_made_sync_each, &rms); 3018 3021 if (rms.err) 3019 3022 goto err_arp;

+1 -1

drivers/net/ethernet/qlogic/qede/qede_main.c

··· 203 203 }; 204 204 205 205 static struct qed_eth_cb_ops qede_ll_ops = { 206 - { 206 + .common = { 207 207 #ifdef CONFIG_RFS_ACCEL 208 208 .arfs_filter_op = qede_arfs_filter_op, 209 209 #endif

+5 -2

drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c

··· 1484 1484 } 1485 1485 1486 1486 cmd_op = (cmd.rsp.arg[0] & 0xff); 1487 - if (cmd.rsp.arg[0] >> 25 == 2) 1488 - return 2; 1487 + if (cmd.rsp.arg[0] >> 25 == 2) { 1488 + ret = 2; 1489 + goto out; 1490 + } 1491 + 1489 1492 if (cmd_op == QLCNIC_BC_CMD_CHANNEL_INIT) 1490 1493 set_bit(QLC_BC_VF_STATE, &vf->state); 1491 1494 else

+8 -2

drivers/net/ethernet/wangxun/libwx/wx_hw.c

··· 435 435 wr32m(wx, WX_SW2FW_MBOX_CMD, WX_SW2FW_MBOX_CMD_VLD, WX_SW2FW_MBOX_CMD_VLD); 436 436 437 437 /* polling reply from FW */ 438 - err = read_poll_timeout(wx_poll_fw_reply, reply, reply, 1000, 50000, 439 - true, wx, buffer, send_cmd); 438 + err = read_poll_timeout(wx_poll_fw_reply, reply, reply, 2000, 439 + timeout * 1000, true, wx, buffer, send_cmd); 440 440 if (err) { 441 441 wx_err(wx, "Polling from FW messages timeout, cmd: 0x%x, index: %d\n", 442 442 send_cmd, wx->swfw_index); 443 + goto rel_out; 444 + } 445 + 446 + if (hdr->cmd_or_resp.ret_status == 0x80) { 447 + wx_err(wx, "Unknown FW command: 0x%x\n", send_cmd); 448 + err = -EINVAL; 443 449 goto rel_out; 444 450 } 445 451

+7 -1

drivers/net/ethernet/wangxun/txgbe/txgbe_hw.c

··· 99 99 } 100 100 local_buffer = eeprom_ptrs; 101 101 102 - for (i = 0; i < TXGBE_EEPROM_LAST_WORD; i++) 102 + for (i = 0; i < TXGBE_EEPROM_LAST_WORD; i++) { 103 + if (wx->mac.type == wx_mac_aml) { 104 + if (i >= TXGBE_EEPROM_I2C_SRART_PTR && 105 + i < TXGBE_EEPROM_I2C_END_PTR) 106 + local_buffer[i] = 0xffff; 107 + } 103 108 if (i != wx->eeprom.sw_region_offset + TXGBE_EEPROM_CHECKSUM) 104 109 *checksum += local_buffer[i]; 110 + } 105 111 106 112 kvfree(eeprom_ptrs); 107 113

+2

drivers/net/ethernet/wangxun/txgbe/txgbe_type.h

··· 163 163 #define TXGBE_EEPROM_VERSION_L 0x1D 164 164 #define TXGBE_EEPROM_VERSION_H 0x1E 165 165 #define TXGBE_ISCSI_BOOT_CONFIG 0x07 166 + #define TXGBE_EEPROM_I2C_SRART_PTR 0x580 167 + #define TXGBE_EEPROM_I2C_END_PTR 0x800 166 168 167 169 #define TXGBE_MAX_MSIX_VECTORS 64 168 170 #define TXGBE_MAX_FDIR_INDICES 63

+12 -1

drivers/net/hyperv/hyperv_net.h

··· 158 158 u8 cp_partial; /* partial copy into send buffer */ 159 159 160 160 u8 rmsg_size; /* RNDIS header and PPI size */ 161 - u8 rmsg_pgcnt; /* page count of RNDIS header and PPI */ 162 161 u8 page_buf_cnt; 163 162 164 163 u16 q_idx; ··· 891 892 #define NETVSC_MIN_OUT_MSG_SIZE (sizeof(struct vmpacket_descriptor) + \ 892 893 sizeof(struct nvsp_message)) 893 894 #define NETVSC_MIN_IN_MSG_SIZE sizeof(struct vmpacket_descriptor) 895 + 896 + /* Maximum # of contiguous data ranges that can make up a trasmitted packet. 897 + * Typically it's the max SKB fragments plus 2 for the rndis packet and the 898 + * linear portion of the SKB. But if MAX_SKB_FRAGS is large, the value may 899 + * need to be limited to MAX_PAGE_BUFFER_COUNT, which is the max # of entries 900 + * in a GPA direct packet sent to netvsp over VMBus. 901 + */ 902 + #if MAX_SKB_FRAGS + 2 < MAX_PAGE_BUFFER_COUNT 903 + #define MAX_DATA_RANGES (MAX_SKB_FRAGS + 2) 904 + #else 905 + #define MAX_DATA_RANGES MAX_PAGE_BUFFER_COUNT 906 + #endif 894 907 895 908 /* Estimated requestor size: 896 909 * out_ring_size/min_out_msg_size + in_ring_size/min_in_msg_size

+48 -9

drivers/net/hyperv/netvsc.c

··· 953 953 + pend_size; 954 954 int i; 955 955 u32 padding = 0; 956 - u32 page_count = packet->cp_partial ? packet->rmsg_pgcnt : 957 - packet->page_buf_cnt; 956 + u32 page_count = packet->cp_partial ? 1 : packet->page_buf_cnt; 958 957 u32 remain; 959 958 960 959 /* Add padding */ ··· 1054 1055 return 0; 1055 1056 } 1056 1057 1058 + /* Build an "array" of mpb entries describing the data to be transferred 1059 + * over VMBus. After the desc header fields, each "array" entry is variable 1060 + * size, and each entry starts after the end of the previous entry. The 1061 + * "offset" and "len" fields for each entry imply the size of the entry. 1062 + * 1063 + * The pfns are in HV_HYP_PAGE_SIZE, because all communication with Hyper-V 1064 + * uses that granularity, even if the system page size of the guest is larger. 1065 + * Each entry in the input "pb" array must describe a contiguous range of 1066 + * guest physical memory so that the pfns are sequential if the range crosses 1067 + * a page boundary. The offset field must be < HV_HYP_PAGE_SIZE. 1068 + */ 1069 + static inline void netvsc_build_mpb_array(struct hv_page_buffer *pb, 1070 + u32 page_buffer_count, 1071 + struct vmbus_packet_mpb_array *desc, 1072 + u32 *desc_size) 1073 + { 1074 + struct hv_mpb_array *mpb_entry = &desc->range; 1075 + int i, j; 1076 + 1077 + for (i = 0; i < page_buffer_count; i++) { 1078 + u32 offset = pb[i].offset; 1079 + u32 len = pb[i].len; 1080 + 1081 + mpb_entry->offset = offset; 1082 + mpb_entry->len = len; 1083 + 1084 + for (j = 0; j < HVPFN_UP(offset + len); j++) 1085 + mpb_entry->pfn_array[j] = pb[i].pfn + j; 1086 + 1087 + mpb_entry = (struct hv_mpb_array *)&mpb_entry->pfn_array[j]; 1088 + } 1089 + 1090 + desc->rangecount = page_buffer_count; 1091 + *desc_size = (char *)mpb_entry - (char *)desc; 1092 + } 1093 + 1057 1094 static inline int netvsc_send_pkt( 1058 1095 struct hv_device *device, 1059 1096 struct hv_netvsc_packet *packet, ··· 1132 1097 1133 1098 packet->dma_range = NULL; 1134 1099 if (packet->page_buf_cnt) { 1100 + struct vmbus_channel_packet_page_buffer desc; 1101 + u32 desc_size; 1102 + 1135 1103 if (packet->cp_partial) 1136 - pb += packet->rmsg_pgcnt; 1104 + pb++; 1137 1105 1138 1106 ret = netvsc_dma_map(ndev_ctx->device_ctx, packet, pb); 1139 1107 if (ret) { ··· 1144 1106 goto exit; 1145 1107 } 1146 1108 1147 - ret = vmbus_sendpacket_pagebuffer(out_channel, 1148 - pb, packet->page_buf_cnt, 1149 - &nvmsg, sizeof(nvmsg), 1150 - req_id); 1151 - 1109 + netvsc_build_mpb_array(pb, packet->page_buf_cnt, 1110 + (struct vmbus_packet_mpb_array *)&desc, 1111 + &desc_size); 1112 + ret = vmbus_sendpacket_mpb_desc(out_channel, 1113 + (struct vmbus_packet_mpb_array *)&desc, 1114 + desc_size, &nvmsg, sizeof(nvmsg), req_id); 1152 1115 if (ret) 1153 1116 netvsc_dma_unmap(ndev_ctx->device_ctx, packet); 1154 1117 } else { ··· 1298 1259 packet->send_buf_index = section_index; 1299 1260 1300 1261 if (packet->cp_partial) { 1301 - packet->page_buf_cnt -= packet->rmsg_pgcnt; 1262 + packet->page_buf_cnt--; 1302 1263 packet->total_data_buflen = msd_len + packet->rmsg_size; 1303 1264 } else { 1304 1265 packet->page_buf_cnt = 0;

+14 -48

drivers/net/hyperv/netvsc_drv.c

··· 326 326 return txq; 327 327 } 328 328 329 - static u32 fill_pg_buf(unsigned long hvpfn, u32 offset, u32 len, 330 - struct hv_page_buffer *pb) 331 - { 332 - int j = 0; 333 - 334 - hvpfn += offset >> HV_HYP_PAGE_SHIFT; 335 - offset = offset & ~HV_HYP_PAGE_MASK; 336 - 337 - while (len > 0) { 338 - unsigned long bytes; 339 - 340 - bytes = HV_HYP_PAGE_SIZE - offset; 341 - if (bytes > len) 342 - bytes = len; 343 - pb[j].pfn = hvpfn; 344 - pb[j].offset = offset; 345 - pb[j].len = bytes; 346 - 347 - offset += bytes; 348 - len -= bytes; 349 - 350 - if (offset == HV_HYP_PAGE_SIZE && len) { 351 - hvpfn++; 352 - offset = 0; 353 - j++; 354 - } 355 - } 356 - 357 - return j + 1; 358 - } 359 - 360 329 static u32 init_page_array(void *hdr, u32 len, struct sk_buff *skb, 361 330 struct hv_netvsc_packet *packet, 362 331 struct hv_page_buffer *pb) 363 332 { 364 - u32 slots_used = 0; 365 - char *data = skb->data; 366 333 int frags = skb_shinfo(skb)->nr_frags; 367 334 int i; 368 335 ··· 338 371 * 2. skb linear data 339 372 * 3. skb fragment data 340 373 */ 341 - slots_used += fill_pg_buf(virt_to_hvpfn(hdr), 342 - offset_in_hvpage(hdr), 343 - len, 344 - &pb[slots_used]); 345 374 375 + pb[0].offset = offset_in_hvpage(hdr); 376 + pb[0].len = len; 377 + pb[0].pfn = virt_to_hvpfn(hdr); 346 378 packet->rmsg_size = len; 347 - packet->rmsg_pgcnt = slots_used; 348 379 349 - slots_used += fill_pg_buf(virt_to_hvpfn(data), 350 - offset_in_hvpage(data), 351 - skb_headlen(skb), 352 - &pb[slots_used]); 380 + pb[1].offset = offset_in_hvpage(skb->data); 381 + pb[1].len = skb_headlen(skb); 382 + pb[1].pfn = virt_to_hvpfn(skb->data); 353 383 354 384 for (i = 0; i < frags; i++) { 355 385 skb_frag_t *frag = skb_shinfo(skb)->frags + i; 386 + struct hv_page_buffer *cur_pb = &pb[i + 2]; 387 + u64 pfn = page_to_hvpfn(skb_frag_page(frag)); 388 + u32 offset = skb_frag_off(frag); 356 389 357 - slots_used += fill_pg_buf(page_to_hvpfn(skb_frag_page(frag)), 358 - skb_frag_off(frag), 359 - skb_frag_size(frag), 360 - &pb[slots_used]); 390 + cur_pb->offset = offset_in_hvpage(offset); 391 + cur_pb->len = skb_frag_size(frag); 392 + cur_pb->pfn = pfn + (offset >> HV_HYP_PAGE_SHIFT); 361 393 } 362 - return slots_used; 394 + return frags + 2; 363 395 } 364 396 365 397 static int count_skb_frag_slots(struct sk_buff *skb) ··· 449 483 struct net_device *vf_netdev; 450 484 u32 rndis_msg_size; 451 485 u32 hash; 452 - struct hv_page_buffer pb[MAX_PAGE_BUFFER_COUNT]; 486 + struct hv_page_buffer pb[MAX_DATA_RANGES]; 453 487 454 488 /* If VF is present and up then redirect packets to it. 455 489 * Skip the VF if it is marked down or has no carrier.

+5 -19

drivers/net/hyperv/rndis_filter.c

··· 225 225 struct rndis_request *req) 226 226 { 227 227 struct hv_netvsc_packet *packet; 228 - struct hv_page_buffer page_buf[2]; 229 - struct hv_page_buffer *pb = page_buf; 228 + struct hv_page_buffer pb; 230 229 int ret; 231 230 232 231 /* Setup the packet to send it */ ··· 234 235 packet->total_data_buflen = req->request_msg.msg_len; 235 236 packet->page_buf_cnt = 1; 236 237 237 - pb[0].pfn = virt_to_phys(&req->request_msg) >> 238 - HV_HYP_PAGE_SHIFT; 239 - pb[0].len = req->request_msg.msg_len; 240 - pb[0].offset = offset_in_hvpage(&req->request_msg); 241 - 242 - /* Add one page_buf when request_msg crossing page boundary */ 243 - if (pb[0].offset + pb[0].len > HV_HYP_PAGE_SIZE) { 244 - packet->page_buf_cnt++; 245 - pb[0].len = HV_HYP_PAGE_SIZE - 246 - pb[0].offset; 247 - pb[1].pfn = virt_to_phys((void *)&req->request_msg 248 - + pb[0].len) >> HV_HYP_PAGE_SHIFT; 249 - pb[1].offset = 0; 250 - pb[1].len = req->request_msg.msg_len - 251 - pb[0].len; 252 - } 238 + pb.pfn = virt_to_phys(&req->request_msg) >> HV_HYP_PAGE_SHIFT; 239 + pb.len = req->request_msg.msg_len; 240 + pb.offset = offset_in_hvpage(&req->request_msg); 253 241 254 242 trace_rndis_send(dev->ndev, 0, &req->request_msg); 255 243 256 244 rcu_read_lock_bh(); 257 - ret = netvsc_send(dev->ndev, packet, NULL, pb, NULL, false); 245 + ret = netvsc_send(dev->ndev, packet, NULL, &pb, NULL, false); 258 246 rcu_read_unlock_bh(); 259 247 260 248 return ret;

-7

drivers/net/phy/micrel.c

··· 2027 2027 return err; 2028 2028 } 2029 2029 2030 - /* According to KSZ9477 Errata DS80000754C (Module 4) all EEE modes 2031 - * in this switch shall be regarded as broken. 2032 - */ 2033 - if (phydev->dev_flags & MICREL_NO_EEE) 2034 - phy_disable_eee(phydev); 2035 - 2036 2030 return kszphy_config_init(phydev); 2037 2031 } 2038 2032 ··· 5692 5698 .handle_interrupt = kszphy_handle_interrupt, 5693 5699 .suspend = genphy_suspend, 5694 5700 .resume = ksz9477_resume, 5695 - .get_features = ksz9477_get_features, 5696 5701 } }; 5697 5702 5698 5703 module_phy_driver(ksphy_driver);

+1

drivers/net/wireless/mediatek/mt76/dma.c

··· 1011 1011 int i; 1012 1012 1013 1013 mt76_worker_disable(&dev->tx_worker); 1014 + napi_disable(&dev->tx_napi); 1014 1015 netif_napi_del(&dev->tx_napi); 1015 1016 1016 1017 for (i = 0; i < ARRAY_SIZE(dev->phys); i++) {

+2 -2

drivers/net/wireless/mediatek/mt76/mt7925/mcu.c

··· 1924 1924 mt7925_mcu_sta_mld_tlv(skb, info->vif, info->link_sta->sta); 1925 1925 mt7925_mcu_sta_eht_mld_tlv(skb, info->vif, info->link_sta->sta); 1926 1926 } 1927 - 1928 - mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta); 1929 1927 } 1930 1928 1931 1929 if (!info->enable) { 1932 1930 mt7925_mcu_sta_remove_tlv(skb); 1933 1931 mt76_connac_mcu_add_tlv(skb, STA_REC_MLD_OFF, 1934 1932 sizeof(struct tlv)); 1933 + } else { 1934 + mt7925_mcu_sta_hdr_trans_tlv(skb, info->vif, info->link_sta); 1935 1935 } 1936 1936 1937 1937 return mt76_mcu_skb_send_msg(dev, skb, info->cmd, true);

+2 -1

drivers/nvme/host/core.c

··· 4493 4493 msleep(100); 4494 4494 } 4495 4495 4496 - if (!nvme_change_ctrl_state(ctrl, NVME_CTRL_LIVE)) 4496 + if (!nvme_change_ctrl_state(ctrl, NVME_CTRL_CONNECTING) || 4497 + !nvme_change_ctrl_state(ctrl, NVME_CTRL_LIVE)) 4497 4498 return; 4498 4499 4499 4500 nvme_unquiesce_io_queues(ctrl);

+1 -2

drivers/platform/x86/amd/hsmp/acpi.c

··· 27 27 28 28 #include "hsmp.h" 29 29 30 - #define DRIVER_NAME "amd_hsmp" 30 + #define DRIVER_NAME "hsmp_acpi" 31 31 #define DRIVER_VERSION "2.3" 32 - #define ACPI_HSMP_DEVICE_HID "AMDI0097" 33 32 34 33 /* These are the strings specified in ACPI table */ 35 34 #define MSG_IDOFF_STR "MsgIdOffset"

+1

drivers/platform/x86/amd/hsmp/hsmp.h

··· 23 23 24 24 #define HSMP_CDEV_NAME "hsmp_cdev" 25 25 #define HSMP_DEVNODE_NAME "hsmp" 26 + #define ACPI_HSMP_DEVICE_HID "AMDI0097" 26 27 27 28 struct hsmp_mbaddr_info { 28 29 u32 base_addr;

+5 -1

drivers/platform/x86/amd/hsmp/plat.c

··· 11 11 12 12 #include <asm/amd_hsmp.h> 13 13 14 + #include <linux/acpi.h> 14 15 #include <linux/build_bug.h> 15 16 #include <linux/device.h> 16 17 #include <linux/module.h> ··· 267 266 } 268 267 case 0x1A: 269 268 switch (boot_cpu_data.x86_model) { 270 - case 0x00 ... 0x1F: 269 + case 0x00 ... 0x0F: 271 270 return true; 272 271 default: 273 272 return false; ··· 288 287 boot_cpu_data.x86, boot_cpu_data.x86_model); 289 288 return ret; 290 289 } 290 + 291 + if (acpi_dev_present(ACPI_HSMP_DEVICE_HID, NULL, -1)) 292 + return -ENODEV; 291 293 292 294 hsmp_pdev = get_hsmp_pdev(); 293 295 if (!hsmp_pdev)

+7

drivers/platform/x86/amd/pmc/pmc-quirks.c

··· 217 217 DMI_MATCH(DMI_BIOS_VERSION, "03.05"), 218 218 } 219 219 }, 220 + { 221 + .ident = "MECHREVO Wujie 14X (GX4HRXL)", 222 + .driver_data = &quirk_spurious_8042, 223 + .matches = { 224 + DMI_MATCH(DMI_BOARD_NAME, "WUJIE14-GX4HRXL"), 225 + } 226 + }, 220 227 {} 221 228 }; 222 229

+22 -1

drivers/platform/x86/amd/pmf/tee-if.c

··· 334 334 return 0; 335 335 } 336 336 337 + static inline bool amd_pmf_pb_valid(struct amd_pmf_dev *dev) 338 + { 339 + return memchr_inv(dev->policy_buf, 0xff, dev->policy_sz); 340 + } 341 + 337 342 #ifdef CONFIG_AMD_PMF_DEBUG 338 343 static void amd_pmf_hex_dump_pb(struct amd_pmf_dev *dev) 339 344 { ··· 366 361 dev->policy_buf = new_policy_buf; 367 362 dev->policy_sz = length; 368 363 364 + if (!amd_pmf_pb_valid(dev)) { 365 + ret = -EINVAL; 366 + goto cleanup; 367 + } 368 + 369 369 amd_pmf_hex_dump_pb(dev); 370 370 ret = amd_pmf_start_policy_engine(dev); 371 371 if (ret < 0) 372 - return ret; 372 + goto cleanup; 373 373 374 374 return length; 375 + 376 + cleanup: 377 + kfree(dev->policy_buf); 378 + dev->policy_buf = NULL; 379 + return ret; 375 380 } 376 381 377 382 static const struct file_operations pb_fops = { ··· 542 527 } 543 528 544 529 memcpy_fromio(dev->policy_buf, dev->policy_base, dev->policy_sz); 530 + 531 + if (!amd_pmf_pb_valid(dev)) { 532 + dev_info(dev->dev, "No Smart PC policy present\n"); 533 + ret = -EINVAL; 534 + goto err_free_policy; 535 + } 545 536 546 537 amd_pmf_hex_dump_pb(dev); 547 538

+2 -1

drivers/platform/x86/asus-wmi.c

··· 4779 4779 goto fail_leds; 4780 4780 4781 4781 asus_wmi_get_devstate(asus, ASUS_WMI_DEVID_WLAN, &result); 4782 - if (result & (ASUS_WMI_DSTS_PRESENCE_BIT | ASUS_WMI_DSTS_USER_BIT)) 4782 + if ((result & (ASUS_WMI_DSTS_PRESENCE_BIT | ASUS_WMI_DSTS_USER_BIT)) == 4783 + (ASUS_WMI_DSTS_PRESENCE_BIT | ASUS_WMI_DSTS_USER_BIT)) 4783 4784 asus->driver->wlan_ctrl_by_user = 1; 4784 4785 4785 4786 if (!(asus->driver->wlan_ctrl_by_user && ashs_present())) {

+2

drivers/platform/x86/thinkpad_acpi.c

··· 11478 11478 tp->vendor = PCI_VENDOR_ID_IBM; 11479 11479 else if (dmi_name_in_vendors("LENOVO")) 11480 11480 tp->vendor = PCI_VENDOR_ID_LENOVO; 11481 + else if (dmi_name_in_vendors("NEC")) 11482 + tp->vendor = PCI_VENDOR_ID_LENOVO; 11481 11483 else 11482 11484 return 0; 11483 11485

+1

drivers/scsi/storvsc_drv.c

··· 1819 1819 return SCSI_MLQUEUE_DEVICE_BUSY; 1820 1820 } 1821 1821 1822 + payload->rangecount = 1; 1822 1823 payload->range.len = length; 1823 1824 payload->range.offset = offset_in_hvpg; 1824 1825

+3 -11

drivers/staging/axis-fifo/axis-fifo.c

··· 393 393 394 394 bytes_available = ioread32(fifo->base_addr + XLLF_RLR_OFFSET); 395 395 if (!bytes_available) { 396 - dev_err(fifo->dt_device, "received a packet of length 0 - fifo core will be reset\n"); 397 - reset_ip_core(fifo); 396 + dev_err(fifo->dt_device, "received a packet of length 0\n"); 398 397 ret = -EIO; 399 398 goto end_unlock; 400 399 } 401 400 402 401 if (bytes_available > len) { 403 - dev_err(fifo->dt_device, "user read buffer too small (available bytes=%zu user buffer bytes=%zu) - fifo core will be reset\n", 402 + dev_err(fifo->dt_device, "user read buffer too small (available bytes=%zu user buffer bytes=%zu)\n", 404 403 bytes_available, len); 405 - reset_ip_core(fifo); 406 404 ret = -EINVAL; 407 405 goto end_unlock; 408 406 } ··· 409 411 /* this probably can't happen unless IP 410 412 * registers were previously mishandled 411 413 */ 412 - dev_err(fifo->dt_device, "received a packet that isn't word-aligned - fifo core will be reset\n"); 413 - reset_ip_core(fifo); 414 + dev_err(fifo->dt_device, "received a packet that isn't word-aligned\n"); 414 415 ret = -EIO; 415 416 goto end_unlock; 416 417 } ··· 430 433 431 434 if (copy_to_user(buf + copied * sizeof(u32), tmp_buf, 432 435 copy * sizeof(u32))) { 433 - reset_ip_core(fifo); 434 436 ret = -EFAULT; 435 437 goto end_unlock; 436 438 } ··· 538 542 539 543 if (copy_from_user(tmp_buf, buf + copied * sizeof(u32), 540 544 copy * sizeof(u32))) { 541 - reset_ip_core(fifo); 542 545 ret = -EFAULT; 543 546 goto end_unlock; 544 547 } ··· 769 774 ret = -EIO; 770 775 goto end; 771 776 } 772 - 773 - /* IP sets TDFV to fifo depth - 4 so we will do the same */ 774 - fifo->tx_fifo_depth -= 4; 775 777 776 778 ret = get_dts_property(fifo, "xlnx,use-rx-data", &fifo->has_rx_fifo); 777 779 if (ret) {

+1 -1

drivers/staging/iio/adc/ad7816.c

··· 136 136 struct iio_dev *indio_dev = dev_to_iio_dev(dev); 137 137 struct ad7816_chip_info *chip = iio_priv(indio_dev); 138 138 139 - if (strcmp(buf, "full")) { 139 + if (strcmp(buf, "full") == 0) { 140 140 gpiod_set_value(chip->rdwr_pin, 1); 141 141 chip->mode = AD7816_FULL; 142 142 } else {

+1

drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c

··· 1900 1900 __func__, ret); 1901 1901 goto free_dev; 1902 1902 } 1903 + dev->v4l2_dev.dev = &device->dev; 1903 1904 1904 1905 /* setup v4l controls */ 1905 1906 ret = bcm2835_mmal_init_controls(dev, &dev->ctrl_handler);

+17 -22

drivers/uio/uio_hv_generic.c

··· 131 131 vmbus_device_unregister(channel->device_obj); 132 132 } 133 133 134 - /* Sysfs API to allow mmap of the ring buffers 134 + /* Function used for mmap of ring buffer sysfs interface. 135 135 * The ring buffer is allocated as contiguous memory by vmbus_open 136 136 */ 137 - static int hv_uio_ring_mmap(struct file *filp, struct kobject *kobj, 138 - const struct bin_attribute *attr, 139 - struct vm_area_struct *vma) 137 + static int 138 + hv_uio_ring_mmap(struct vmbus_channel *channel, struct vm_area_struct *vma) 140 139 { 141 - struct vmbus_channel *channel 142 - = container_of(kobj, struct vmbus_channel, kobj); 143 140 void *ring_buffer = page_address(channel->ringbuffer_page); 144 141 145 142 if (channel->state != CHANNEL_OPENED_STATE) ··· 145 148 return vm_iomap_memory(vma, virt_to_phys(ring_buffer), 146 149 channel->ringbuffer_pagecount << PAGE_SHIFT); 147 150 } 148 - 149 - static const struct bin_attribute ring_buffer_bin_attr = { 150 - .attr = { 151 - .name = "ring", 152 - .mode = 0600, 153 - }, 154 - .size = 2 * SZ_2M, 155 - .mmap = hv_uio_ring_mmap, 156 - }; 157 151 158 152 /* Callback from VMBUS subsystem when new channel created. */ 159 153 static void ··· 166 178 /* Disable interrupts on sub channel */ 167 179 new_sc->inbound.ring_buffer->interrupt_mask = 1; 168 180 set_channel_read_mode(new_sc, HV_CALL_ISR); 169 - 170 - ret = sysfs_create_bin_file(&new_sc->kobj, &ring_buffer_bin_attr); 181 + ret = hv_create_ring_sysfs(new_sc, hv_uio_ring_mmap); 171 182 if (ret) { 172 183 dev_err(device, "sysfs create ring bin file failed; %d\n", ret); 173 184 vmbus_close(new_sc); ··· 337 350 goto fail_close; 338 351 } 339 352 340 - ret = sysfs_create_bin_file(&channel->kobj, &ring_buffer_bin_attr); 341 - if (ret) 342 - dev_notice(&dev->device, 343 - "sysfs create ring bin file failed; %d\n", ret); 353 + /* 354 + * This internally calls sysfs_update_group, which returns a non-zero value if it executes 355 + * before sysfs_create_group. This is expected as the 'ring' will be created later in 356 + * vmbus_device_register() -> vmbus_add_channel_kobj(). Thus, no need to check the return 357 + * value and print warning. 358 + * 359 + * Creating/exposing sysfs in driver probe is not encouraged as it can lead to race 360 + * conditions with userspace. For backward compatibility, "ring" sysfs could not be removed 361 + * or decoupled from uio_hv_generic probe. Userspace programs can make use of inotify 362 + * APIs to make sure that ring is created. 363 + */ 364 + hv_create_ring_sysfs(channel, hv_uio_ring_mmap); 344 365 345 366 hv_set_drvdata(dev, pdata); 346 367 ··· 370 375 if (!pdata) 371 376 return; 372 377 373 - sysfs_remove_bin_file(&dev->channel->kobj, &ring_buffer_bin_attr); 378 + hv_remove_ring_sysfs(dev->channel); 374 379 uio_unregister_device(&pdata->info); 375 380 hv_uio_cleanup(dev, pdata); 376 381

+31

drivers/usb/cdns3/cdnsp-gadget.c

··· 139 139 (portsc & PORT_CHANGE_BITS), port_regs); 140 140 } 141 141 142 + static void cdnsp_set_apb_timeout_value(struct cdnsp_device *pdev) 143 + { 144 + struct cdns *cdns = dev_get_drvdata(pdev->dev); 145 + __le32 __iomem *reg; 146 + void __iomem *base; 147 + u32 offset = 0; 148 + u32 val; 149 + 150 + if (!cdns->override_apb_timeout) 151 + return; 152 + 153 + base = &pdev->cap_regs->hc_capbase; 154 + offset = cdnsp_find_next_ext_cap(base, offset, D_XEC_PRE_REGS_CAP); 155 + reg = base + offset + REG_CHICKEN_BITS_3_OFFSET; 156 + 157 + val = le32_to_cpu(readl(reg)); 158 + val = CHICKEN_APB_TIMEOUT_SET(val, cdns->override_apb_timeout); 159 + writel(cpu_to_le32(val), reg); 160 + } 161 + 142 162 static void cdnsp_set_chicken_bits_2(struct cdnsp_device *pdev, u32 bit) 143 163 { 144 164 __le32 __iomem *reg; ··· 1793 1773 reg += cdnsp_find_next_ext_cap(reg, 0, RTL_REV_CAP); 1794 1774 pdev->rev_cap = reg; 1795 1775 1776 + pdev->rtl_revision = readl(&pdev->rev_cap->rtl_revision); 1777 + 1796 1778 dev_info(pdev->dev, "Rev: %08x/%08x, eps: %08x, buff: %08x/%08x\n", 1797 1779 readl(&pdev->rev_cap->ctrl_revision), 1798 1780 readl(&pdev->rev_cap->rtl_revision), ··· 1819 1797 pdev->hcc_params = readl(&pdev->cap_regs->hc_capbase); 1820 1798 pdev->hci_version = HC_VERSION(pdev->hcc_params); 1821 1799 pdev->hcc_params = readl(&pdev->cap_regs->hcc_params); 1800 + 1801 + /* 1802 + * Override the APB timeout value to give the controller more time for 1803 + * enabling UTMI clock and synchronizing APB and UTMI clock domains. 1804 + * This fix is platform specific and is required to fixes issue with 1805 + * reading incorrect value from PORTSC register after resuming 1806 + * from L1 state. 1807 + */ 1808 + cdnsp_set_apb_timeout_value(pdev); 1822 1809 1823 1810 cdnsp_get_rev_cap(pdev); 1824 1811

+6

drivers/usb/cdns3/cdnsp-gadget.h

··· 520 520 #define REG_CHICKEN_BITS_2_OFFSET 0x48 521 521 #define CHICKEN_XDMA_2_TP_CACHE_DIS BIT(28) 522 522 523 + #define REG_CHICKEN_BITS_3_OFFSET 0x4C 524 + #define CHICKEN_APB_TIMEOUT_SET(p, val) (((p) & ~GENMASK(21, 0)) | (val)) 525 + 523 526 /* XBUF Extended Capability ID. */ 524 527 #define XBUF_CAP_ID 0xCB 525 528 #define XBUF_RX_TAG_MASK_0_OFFSET 0x1C ··· 1360 1357 * @rev_cap: Controller Capabilities Registers. 1361 1358 * @hcs_params1: Cached register copies of read-only HCSPARAMS1 1362 1359 * @hcc_params: Cached register copies of read-only HCCPARAMS1 1360 + * @rtl_revision: Cached controller rtl revision. 1363 1361 * @setup: Temporary buffer for setup packet. 1364 1362 * @ep0_preq: Internal allocated request used during enumeration. 1365 1363 * @ep0_stage: ep0 stage during enumeration process. ··· 1415 1411 __u32 hcs_params1; 1416 1412 __u32 hcs_params3; 1417 1413 __u32 hcc_params; 1414 + #define RTL_REVISION_NEW_LPM 0x2700 1415 + __u32 rtl_revision; 1418 1416 /* Lock used in interrupt thread context. */ 1419 1417 spinlock_t lock; 1420 1418 struct usb_ctrlrequest setup;

+10 -2

drivers/usb/cdns3/cdnsp-pci.c

··· 28 28 #define PCI_DRIVER_NAME "cdns-pci-usbssp" 29 29 #define PLAT_DRIVER_NAME "cdns-usbssp" 30 30 31 + #define CHICKEN_APB_TIMEOUT_VALUE 0x1C20 32 + 31 33 static struct pci_dev *cdnsp_get_second_fun(struct pci_dev *pdev) 32 34 { 33 35 /* ··· 141 139 cdnsp->otg_irq = pdev->irq; 142 140 } 143 141 142 + /* 143 + * Cadence PCI based platform require some longer timeout for APB 144 + * to fixes domain clock synchronization issue after resuming 145 + * controller from L1 state. 146 + */ 147 + cdnsp->override_apb_timeout = CHICKEN_APB_TIMEOUT_VALUE; 148 + pci_set_drvdata(pdev, cdnsp); 149 + 144 150 if (pci_is_enabled(func)) { 145 151 cdnsp->dev = dev; 146 152 cdnsp->gadget_init = cdnsp_gadget_init; ··· 157 147 if (ret) 158 148 goto free_cdnsp; 159 149 } 160 - 161 - pci_set_drvdata(pdev, cdnsp); 162 150 163 151 device_wakeup_enable(&pdev->dev); 164 152 if (pci_dev_run_wake(pdev))

+2 -1

drivers/usb/cdns3/cdnsp-ring.c

··· 308 308 309 309 writel(db_value, reg_addr); 310 310 311 - cdnsp_force_l0_go(pdev); 311 + if (pdev->rtl_revision < RTL_REVISION_NEW_LPM) 312 + cdnsp_force_l0_go(pdev); 312 313 313 314 /* Doorbell was set. */ 314 315 return true;

+3

drivers/usb/cdns3/core.h

··· 79 79 * @pdata: platform data from glue layer 80 80 * @lock: spinlock structure 81 81 * @xhci_plat_data: xhci private data structure pointer 82 + * @override_apb_timeout: hold value of APB timeout. For value 0 the default 83 + * value in CHICKEN_BITS_3 will be preserved. 82 84 * @gadget_init: pointer to gadget initialization function 83 85 */ 84 86 struct cdns { ··· 119 117 struct cdns3_platform_data *pdata; 120 118 spinlock_t lock; 121 119 struct xhci_plat_priv *xhci_plat_data; 120 + u32 override_apb_timeout; 122 121 123 122 int (*gadget_init)(struct cdns *cdns); 124 123 };

+36 -23

drivers/usb/class/usbtmc.c

··· 482 482 u8 *buffer; 483 483 u8 tag; 484 484 int rv; 485 + long wait_rv; 485 486 486 487 dev_dbg(dev, "Enter ioctl_read_stb iin_ep_present: %d\n", 487 488 data->iin_ep_present); ··· 512 511 } 513 512 514 513 if (data->iin_ep_present) { 515 - rv = wait_event_interruptible_timeout( 514 + wait_rv = wait_event_interruptible_timeout( 516 515 data->waitq, 517 516 atomic_read(&data->iin_data_valid) != 0, 518 517 file_data->timeout); 519 - if (rv < 0) { 520 - dev_dbg(dev, "wait interrupted %d\n", rv); 518 + if (wait_rv < 0) { 519 + dev_dbg(dev, "wait interrupted %ld\n", wait_rv); 520 + rv = wait_rv; 521 521 goto exit; 522 522 } 523 523 524 - if (rv == 0) { 524 + if (wait_rv == 0) { 525 525 dev_dbg(dev, "wait timed out\n"); 526 526 rv = -ETIMEDOUT; 527 527 goto exit; ··· 540 538 } 541 539 542 540 dev_dbg(dev, "stb:0x%02x received %d\n", (unsigned int)*stb, rv); 541 + 542 + rv = 0; 543 543 544 544 exit: 545 545 /* bump interrupt bTag */ ··· 606 602 { 607 603 struct usbtmc_device_data *data = file_data->data; 608 604 struct device *dev = &data->intf->dev; 609 - int rv; 610 605 u32 timeout; 611 606 unsigned long expire; 607 + long wait_rv; 612 608 613 609 if (!data->iin_ep_present) { 614 610 dev_dbg(dev, "no interrupt endpoint present\n"); ··· 622 618 623 619 mutex_unlock(&data->io_mutex); 624 620 625 - rv = wait_event_interruptible_timeout( 626 - data->waitq, 627 - atomic_read(&file_data->srq_asserted) != 0 || 628 - atomic_read(&file_data->closing), 629 - expire); 621 + wait_rv = wait_event_interruptible_timeout( 622 + data->waitq, 623 + atomic_read(&file_data->srq_asserted) != 0 || 624 + atomic_read(&file_data->closing), 625 + expire); 630 626 631 627 mutex_lock(&data->io_mutex); 632 628 633 629 /* Note! disconnect or close could be called in the meantime */ 634 630 if (atomic_read(&file_data->closing) || data->zombie) 635 - rv = -ENODEV; 631 + return -ENODEV; 636 632 637 - if (rv < 0) { 638 - /* dev can be invalid now! */ 639 - pr_debug("%s - wait interrupted %d\n", __func__, rv); 640 - return rv; 633 + if (wait_rv < 0) { 634 + dev_dbg(dev, "%s - wait interrupted %ld\n", __func__, wait_rv); 635 + return wait_rv; 641 636 } 642 637 643 - if (rv == 0) { 638 + if (wait_rv == 0) { 644 639 dev_dbg(dev, "%s - wait timed out\n", __func__); 645 640 return -ETIMEDOUT; 646 641 } ··· 833 830 unsigned long expire; 834 831 int bufcount = 1; 835 832 int again = 0; 833 + long wait_rv; 836 834 837 835 /* mutex already locked */ 838 836 ··· 946 942 if (!(flags & USBTMC_FLAG_ASYNC)) { 947 943 dev_dbg(dev, "%s: before wait time %lu\n", 948 944 __func__, expire); 949 - retval = wait_event_interruptible_timeout( 945 + wait_rv = wait_event_interruptible_timeout( 950 946 file_data->wait_bulk_in, 951 947 usbtmc_do_transfer(file_data), 952 948 expire); 953 949 954 - dev_dbg(dev, "%s: wait returned %d\n", 955 - __func__, retval); 950 + dev_dbg(dev, "%s: wait returned %ld\n", 951 + __func__, wait_rv); 956 952 957 - if (retval <= 0) { 958 - if (retval == 0) 959 - retval = -ETIMEDOUT; 953 + if (wait_rv < 0) { 954 + retval = wait_rv; 960 955 goto error; 961 956 } 957 + 958 + if (wait_rv == 0) { 959 + retval = -ETIMEDOUT; 960 + goto error; 961 + } 962 + 962 963 } 963 964 964 965 urb = usb_get_from_anchor(&file_data->in_anchor); ··· 1389 1380 if (!buffer) 1390 1381 return -ENOMEM; 1391 1382 1392 - mutex_lock(&data->io_mutex); 1383 + retval = mutex_lock_interruptible(&data->io_mutex); 1384 + if (retval < 0) 1385 + goto exit_nolock; 1386 + 1393 1387 if (data->zombie) { 1394 1388 retval = -ENODEV; 1395 1389 goto exit; ··· 1515 1503 1516 1504 exit: 1517 1505 mutex_unlock(&data->io_mutex); 1506 + exit_nolock: 1518 1507 kfree(buffer); 1519 1508 return retval; 1520 1509 }

+4

drivers/usb/dwc3/core.h

··· 1164 1164 * @gsbuscfg0_reqinfo: store GSBUSCFG0.DATRDREQINFO, DESRDREQINFO, 1165 1165 * DATWRREQINFO, and DESWRREQINFO value passed from 1166 1166 * glue driver. 1167 + * @wakeup_pending_funcs: Indicates whether any interface has requested for 1168 + * function wakeup in bitmap format where bit position 1169 + * represents interface_id. 1167 1170 */ 1168 1171 struct dwc3 { 1169 1172 struct work_struct drd_work; ··· 1397 1394 int num_ep_resized; 1398 1395 struct dentry *debug_root; 1399 1396 u32 gsbuscfg0_reqinfo; 1397 + u32 wakeup_pending_funcs; 1400 1398 }; 1401 1399 1402 1400 #define INCRX_BURST_MODE 0

+23 -37

drivers/usb/dwc3/gadget.c

··· 276 276 return ret; 277 277 } 278 278 279 - static int __dwc3_gadget_wakeup(struct dwc3 *dwc, bool async); 280 - 281 279 /** 282 280 * dwc3_send_gadget_ep_cmd - issue an endpoint command 283 281 * @dep: the endpoint to which the command is going to be issued ··· 2357 2359 return __dwc3_gadget_get_frame(dwc); 2358 2360 } 2359 2361 2360 - static int __dwc3_gadget_wakeup(struct dwc3 *dwc, bool async) 2362 + static int __dwc3_gadget_wakeup(struct dwc3 *dwc) 2361 2363 { 2362 - int retries; 2363 - 2364 2364 int ret; 2365 2365 u32 reg; 2366 2366 ··· 2386 2390 return -EINVAL; 2387 2391 } 2388 2392 2389 - if (async) 2390 - dwc3_gadget_enable_linksts_evts(dwc, true); 2393 + dwc3_gadget_enable_linksts_evts(dwc, true); 2391 2394 2392 2395 ret = dwc3_gadget_set_link_state(dwc, DWC3_LINK_STATE_RECOV); 2393 2396 if (ret < 0) { ··· 2405 2410 2406 2411 /* 2407 2412 * Since link status change events are enabled we will receive 2408 - * an U0 event when wakeup is successful. So bail out. 2413 + * an U0 event when wakeup is successful. 2409 2414 */ 2410 - if (async) 2411 - return 0; 2412 - 2413 - /* poll until Link State changes to ON */ 2414 - retries = 20000; 2415 - 2416 - while (retries--) { 2417 - reg = dwc3_readl(dwc->regs, DWC3_DSTS); 2418 - 2419 - /* in HS, means ON */ 2420 - if (DWC3_DSTS_USBLNKST(reg) == DWC3_LINK_STATE_U0) 2421 - break; 2422 - } 2423 - 2424 - if (DWC3_DSTS_USBLNKST(reg) != DWC3_LINK_STATE_U0) { 2425 - dev_err(dwc->dev, "failed to send remote wakeup\n"); 2426 - return -EINVAL; 2427 - } 2428 - 2429 2415 return 0; 2430 2416 } 2431 2417 ··· 2427 2451 spin_unlock_irqrestore(&dwc->lock, flags); 2428 2452 return -EINVAL; 2429 2453 } 2430 - ret = __dwc3_gadget_wakeup(dwc, true); 2454 + ret = __dwc3_gadget_wakeup(dwc); 2431 2455 2432 2456 spin_unlock_irqrestore(&dwc->lock, flags); 2433 2457 ··· 2455 2479 */ 2456 2480 link_state = dwc3_gadget_get_link_state(dwc); 2457 2481 if (link_state == DWC3_LINK_STATE_U3) { 2458 - ret = __dwc3_gadget_wakeup(dwc, false); 2459 - if (ret) { 2460 - spin_unlock_irqrestore(&dwc->lock, flags); 2461 - return -EINVAL; 2462 - } 2463 - dwc3_resume_gadget(dwc); 2464 - dwc->suspended = false; 2465 - dwc->link_state = DWC3_LINK_STATE_U0; 2482 + dwc->wakeup_pending_funcs |= BIT(intf_id); 2483 + ret = __dwc3_gadget_wakeup(dwc); 2484 + spin_unlock_irqrestore(&dwc->lock, flags); 2485 + return ret; 2466 2486 } 2467 2487 2468 2488 ret = dwc3_send_gadget_generic_command(dwc, DWC3_DGCMD_DEV_NOTIFICATION, ··· 4325 4353 { 4326 4354 enum dwc3_link_state next = evtinfo & DWC3_LINK_STATE_MASK; 4327 4355 unsigned int pwropt; 4356 + int ret; 4357 + int intf_id; 4328 4358 4329 4359 /* 4330 4360 * WORKAROUND: DWC3 < 2.50a have an issue when configured without ··· 4402 4428 4403 4429 switch (next) { 4404 4430 case DWC3_LINK_STATE_U0: 4405 - if (dwc->gadget->wakeup_armed) { 4431 + if (dwc->gadget->wakeup_armed || dwc->wakeup_pending_funcs) { 4406 4432 dwc3_gadget_enable_linksts_evts(dwc, false); 4407 4433 dwc3_resume_gadget(dwc); 4408 4434 dwc->suspended = false; ··· 4425 4451 } 4426 4452 4427 4453 dwc->link_state = next; 4454 + 4455 + /* Proceed with func wakeup if any interfaces that has requested */ 4456 + while (dwc->wakeup_pending_funcs && (next == DWC3_LINK_STATE_U0)) { 4457 + intf_id = ffs(dwc->wakeup_pending_funcs) - 1; 4458 + ret = dwc3_send_gadget_generic_command(dwc, DWC3_DGCMD_DEV_NOTIFICATION, 4459 + DWC3_DGCMDPAR_DN_FUNC_WAKE | 4460 + DWC3_DGCMDPAR_INTF_SEL(intf_id)); 4461 + if (ret) 4462 + dev_err(dwc->dev, "Failed to send DN wake for intf %d\n", intf_id); 4463 + 4464 + dwc->wakeup_pending_funcs &= ~BIT(intf_id); 4465 + } 4428 4466 } 4429 4467 4430 4468 static void dwc3_gadget_suspend_interrupt(struct dwc3 *dwc,

+5 -7

drivers/usb/gadget/composite.c

··· 2011 2011 2012 2012 if (f->get_status) { 2013 2013 status = f->get_status(f); 2014 + 2014 2015 if (status < 0) 2015 2016 break; 2016 - } else { 2017 - /* Set D0 and D1 bits based on func wakeup capability */ 2018 - if (f->config->bmAttributes & USB_CONFIG_ATT_WAKEUP) { 2019 - status |= USB_INTRF_STAT_FUNC_RW_CAP; 2020 - if (f->func_wakeup_armed) 2021 - status |= USB_INTRF_STAT_FUNC_RW; 2022 - } 2017 + 2018 + /* if D5 is not set, then device is not wakeup capable */ 2019 + if (!(f->config->bmAttributes & USB_CONFIG_ATT_WAKEUP)) 2020 + status &= ~(USB_INTRF_STAT_FUNC_RW_CAP | USB_INTRF_STAT_FUNC_RW); 2023 2021 } 2024 2022 2025 2023 put_unaligned_le16(status & 0x0000ffff, req->buf);

+7

drivers/usb/gadget/function/f_ecm.c

··· 892 892 gether_resume(&ecm->port); 893 893 } 894 894 895 + static int ecm_get_status(struct usb_function *f) 896 + { 897 + return (f->func_wakeup_armed ? USB_INTRF_STAT_FUNC_RW : 0) | 898 + USB_INTRF_STAT_FUNC_RW_CAP; 899 + } 900 + 895 901 static void ecm_free(struct usb_function *f) 896 902 { 897 903 struct f_ecm *ecm; ··· 966 960 ecm->port.func.disable = ecm_disable; 967 961 ecm->port.func.free_func = ecm_free; 968 962 ecm->port.func.suspend = ecm_suspend; 963 + ecm->port.func.get_status = ecm_get_status; 969 964 ecm->port.func.resume = ecm_resume; 970 965 971 966 return &ecm->port.func;

+4

drivers/usb/gadget/udc/tegra-xudc.c

··· 1749 1749 val = xudc_readl(xudc, CTRL); 1750 1750 val &= ~CTRL_RUN; 1751 1751 xudc_writel(xudc, val, CTRL); 1752 + 1753 + val = xudc_readl(xudc, ST); 1754 + if (val & ST_RC) 1755 + xudc_writel(xudc, ST_RC, ST); 1752 1756 } 1753 1757 1754 1758 dev_info(xudc->dev, "ep %u disabled\n", ep->index);

+1 -1

drivers/usb/host/uhci-platform.c

··· 121 121 } 122 122 123 123 /* Get and enable clock if any specified */ 124 - uhci->clk = devm_clk_get(&pdev->dev, NULL); 124 + uhci->clk = devm_clk_get_optional(&pdev->dev, NULL); 125 125 if (IS_ERR(uhci->clk)) { 126 126 ret = PTR_ERR(uhci->clk); 127 127 goto err_rmr;

+16 -3

drivers/usb/host/xhci-dbgcap.c

··· 823 823 { 824 824 dma_addr_t deq; 825 825 union xhci_trb *evt; 826 + enum evtreturn ret = EVT_DONE; 826 827 u32 ctrl, portsc; 827 828 bool update_erdp = false; 828 829 ··· 910 909 break; 911 910 case TRB_TYPE(TRB_TRANSFER): 912 911 dbc_handle_xfer_event(dbc, evt); 912 + ret = EVT_XFER_DONE; 913 913 break; 914 914 default: 915 915 break; ··· 929 927 lo_hi_writeq(deq, &dbc->regs->erdp); 930 928 } 931 929 932 - return EVT_DONE; 930 + return ret; 933 931 } 934 932 935 933 static void xhci_dbc_handle_events(struct work_struct *work) ··· 938 936 struct xhci_dbc *dbc; 939 937 unsigned long flags; 940 938 unsigned int poll_interval; 939 + unsigned long busypoll_timelimit; 941 940 942 941 dbc = container_of(to_delayed_work(work), struct xhci_dbc, event_work); 943 942 poll_interval = dbc->poll_interval; ··· 957 954 dbc->driver->disconnect(dbc); 958 955 break; 959 956 case EVT_DONE: 960 - /* set fast poll rate if there are pending data transfers */ 957 + /* 958 + * Set fast poll rate if there are pending out transfers, or 959 + * a transfer was recently processed 960 + */ 961 + busypoll_timelimit = dbc->xfer_timestamp + 962 + msecs_to_jiffies(DBC_XFER_INACTIVITY_TIMEOUT); 963 + 961 964 if (!list_empty(&dbc->eps[BULK_OUT].list_pending) || 962 - !list_empty(&dbc->eps[BULK_IN].list_pending)) 965 + time_is_after_jiffies(busypoll_timelimit)) 963 966 poll_interval = 0; 967 + break; 968 + case EVT_XFER_DONE: 969 + dbc->xfer_timestamp = jiffies; 970 + poll_interval = 0; 964 971 break; 965 972 default: 966 973 dev_info(dbc->dev, "stop handling dbc events\n");

+3

drivers/usb/host/xhci-dbgcap.h

··· 96 96 #define DBC_WRITE_BUF_SIZE 8192 97 97 #define DBC_POLL_INTERVAL_DEFAULT 64 /* milliseconds */ 98 98 #define DBC_POLL_INTERVAL_MAX 5000 /* milliseconds */ 99 + #define DBC_XFER_INACTIVITY_TIMEOUT 10 /* milliseconds */ 99 100 /* 100 101 * Private structure for DbC hardware state: 101 102 */ ··· 143 142 enum dbc_state state; 144 143 struct delayed_work event_work; 145 144 unsigned int poll_interval; /* ms */ 145 + unsigned long xfer_timestamp; 146 146 unsigned resume_required:1; 147 147 struct dbc_ep eps[2]; 148 148 ··· 189 187 enum evtreturn { 190 188 EVT_ERR = -1, 191 189 EVT_DONE, 190 + EVT_XFER_DONE, 192 191 EVT_GSER, 193 192 EVT_DISC, 194 193 };

+9 -10

drivers/usb/host/xhci-ring.c

··· 699 699 int new_cycle; 700 700 dma_addr_t addr; 701 701 u64 hw_dequeue; 702 - bool cycle_found = false; 702 + bool hw_dequeue_found = false; 703 703 bool td_last_trb_found = false; 704 704 u32 trb_sct = 0; 705 705 int ret; ··· 715 715 hw_dequeue = xhci_get_hw_deq(xhci, dev, ep_index, stream_id); 716 716 new_seg = ep_ring->deq_seg; 717 717 new_deq = ep_ring->dequeue; 718 - new_cycle = hw_dequeue & 0x1; 718 + new_cycle = le32_to_cpu(td->end_trb->generic.field[3]) & TRB_CYCLE; 719 719 720 720 /* 721 - * We want to find the pointer, segment and cycle state of the new trb 722 - * (the one after current TD's end_trb). We know the cycle state at 723 - * hw_dequeue, so walk the ring until both hw_dequeue and end_trb are 724 - * found. 721 + * Walk the ring until both the next TRB and hw_dequeue are found (don't 722 + * move hw_dequeue back if it went forward due to a HW bug). Cycle state 723 + * is loaded from a known good TRB, track later toggles to maintain it. 725 724 */ 726 725 do { 727 - if (!cycle_found && xhci_trb_virt_to_dma(new_seg, new_deq) 726 + if (!hw_dequeue_found && xhci_trb_virt_to_dma(new_seg, new_deq) 728 727 == (dma_addr_t)(hw_dequeue & ~0xf)) { 729 - cycle_found = true; 728 + hw_dequeue_found = true; 730 729 if (td_last_trb_found) 731 730 break; 732 731 } 733 732 if (new_deq == td->end_trb) 734 733 td_last_trb_found = true; 735 734 736 - if (cycle_found && trb_is_link(new_deq) && 735 + if (td_last_trb_found && trb_is_link(new_deq) && 737 736 link_trb_toggles_cycle(new_deq)) 738 737 new_cycle ^= 0x1; 739 738 ··· 744 745 return -EINVAL; 745 746 } 746 747 747 - } while (!cycle_found || !td_last_trb_found); 748 + } while (!hw_dequeue_found || !td_last_trb_found); 748 749 749 750 /* Don't update the ring cycle state for the producer (us). */ 750 751 addr = xhci_trb_virt_to_dma(new_seg, new_deq);

+3

drivers/usb/host/xhci-tegra.c

··· 1364 1364 tegra->otg_usb3_port = tegra_xusb_padctl_get_usb3_companion(tegra->padctl, 1365 1365 tegra->otg_usb2_port); 1366 1366 1367 + pm_runtime_get_sync(tegra->dev); 1367 1368 if (tegra->host_mode) { 1368 1369 /* switch to host mode */ 1369 1370 if (tegra->otg_usb3_port >= 0) { ··· 1394 1393 } 1395 1394 1396 1395 tegra_xhci_set_port_power(tegra, true, true); 1396 + pm_runtime_mark_last_busy(tegra->dev); 1397 1397 1398 1398 } else { 1399 1399 if (tegra->otg_usb3_port >= 0) ··· 1402 1400 1403 1401 tegra_xhci_set_port_power(tegra, true, false); 1404 1402 } 1403 + pm_runtime_put_autosuspend(tegra->dev); 1405 1404 } 1406 1405 1407 1406 #if IS_ENABLED(CONFIG_PM) || IS_ENABLED(CONFIG_PM_SLEEP)

+8 -2

drivers/usb/misc/onboard_usb_dev.c

··· 569 569 } 570 570 571 571 static const struct usb_device_id onboard_dev_id_table[] = { 572 - { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6504) }, /* CYUSB33{0,1,2}x/CYUSB230x 3.0 HUB */ 573 - { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6506) }, /* CYUSB33{0,1,2}x/CYUSB230x 2.0 HUB */ 572 + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6500) }, /* CYUSB330x 3.0 HUB */ 573 + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6502) }, /* CYUSB330x 2.0 HUB */ 574 + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6503) }, /* CYUSB33{0,1}x 2.0 HUB, Vendor Mode */ 575 + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6504) }, /* CYUSB331x 3.0 HUB */ 576 + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6506) }, /* CYUSB331x 2.0 HUB */ 577 + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6507) }, /* CYUSB332x 2.0 HUB, Vendor Mode */ 578 + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6508) }, /* CYUSB332x 3.0 HUB */ 579 + { USB_DEVICE(VENDOR_ID_CYPRESS, 0x650a) }, /* CYUSB332x 2.0 HUB */ 574 580 { USB_DEVICE(VENDOR_ID_CYPRESS, 0x6570) }, /* CY7C6563x 2.0 HUB */ 575 581 { USB_DEVICE(VENDOR_ID_GENESYS, 0x0608) }, /* Genesys Logic GL850G USB 2.0 HUB */ 576 582 { USB_DEVICE(VENDOR_ID_GENESYS, 0x0610) }, /* Genesys Logic GL852G USB 2.0 HUB */

+1 -1

drivers/usb/typec/tcpm/tcpm.c

··· 5965 5965 case SNK_TRY_WAIT_DEBOUNCE: 5966 5966 if (!tcpm_port_is_sink(port)) { 5967 5967 port->max_wait = 0; 5968 - tcpm_set_state(port, SRC_TRYWAIT, 0); 5968 + tcpm_set_state(port, SRC_TRYWAIT, PD_T_PD_DEBOUNCE); 5969 5969 } 5970 5970 break; 5971 5971 case SRC_TRY_WAIT:

+13 -8

drivers/usb/typec/ucsi/displayport.c

··· 54 54 u8 cur = 0; 55 55 int ret; 56 56 57 - mutex_lock(&dp->con->lock); 57 + if (!ucsi_con_mutex_lock(dp->con)) 58 + return -ENOTCONN; 58 59 59 60 if (!dp->override && dp->initialized) { 60 61 const struct typec_altmode *p = typec_altmode_get_partner(alt); ··· 101 100 schedule_work(&dp->work); 102 101 ret = 0; 103 102 err_unlock: 104 - mutex_unlock(&dp->con->lock); 103 + ucsi_con_mutex_unlock(dp->con); 105 104 106 105 return ret; 107 106 } ··· 113 112 u64 command; 114 113 int ret = 0; 115 114 116 - mutex_lock(&dp->con->lock); 115 + if (!ucsi_con_mutex_lock(dp->con)) 116 + return -ENOTCONN; 117 117 118 118 if (!dp->override) { 119 119 const struct typec_altmode *p = typec_altmode_get_partner(alt); ··· 146 144 schedule_work(&dp->work); 147 145 148 146 out_unlock: 149 - mutex_unlock(&dp->con->lock); 147 + ucsi_con_mutex_unlock(dp->con); 150 148 151 149 return ret; 152 150 } ··· 204 202 int cmd = PD_VDO_CMD(header); 205 203 int svdm_version; 206 204 207 - mutex_lock(&dp->con->lock); 205 + if (!ucsi_con_mutex_lock(dp->con)) 206 + return -ENOTCONN; 208 207 209 208 if (!dp->override && dp->initialized) { 210 209 const struct typec_altmode *p = typec_altmode_get_partner(alt); 211 210 212 211 dev_warn(&p->dev, 213 212 "firmware doesn't support alternate mode overriding\n"); 214 - mutex_unlock(&dp->con->lock); 213 + ucsi_con_mutex_unlock(dp->con); 215 214 return -EOPNOTSUPP; 216 215 } 217 216 218 217 svdm_version = typec_altmode_get_svdm_version(alt); 219 218 if (svdm_version < 0) { 220 - mutex_unlock(&dp->con->lock); 219 + ucsi_con_mutex_unlock(dp->con); 221 220 return svdm_version; 222 221 } 223 222 ··· 262 259 break; 263 260 } 264 261 265 - mutex_unlock(&dp->con->lock); 262 + ucsi_con_mutex_unlock(dp->con); 266 263 267 264 return 0; 268 265 } ··· 298 295 dp = typec_altmode_get_drvdata(alt); 299 296 if (!dp) 300 297 return; 298 + 299 + cancel_work_sync(&dp->work); 301 300 302 301 dp->data.conf = 0; 303 302 dp->data.status = 0;

+34

drivers/usb/typec/ucsi/ucsi.c

··· 1923 1923 EXPORT_SYMBOL_GPL(ucsi_set_drvdata); 1924 1924 1925 1925 /** 1926 + * ucsi_con_mutex_lock - Acquire the connector mutex 1927 + * @con: The connector interface to lock 1928 + * 1929 + * Returns true on success, false if the connector is disconnected 1930 + */ 1931 + bool ucsi_con_mutex_lock(struct ucsi_connector *con) 1932 + { 1933 + bool mutex_locked = false; 1934 + bool connected = true; 1935 + 1936 + while (connected && !mutex_locked) { 1937 + mutex_locked = mutex_trylock(&con->lock) != 0; 1938 + connected = UCSI_CONSTAT(con, CONNECTED); 1939 + if (connected && !mutex_locked) 1940 + msleep(20); 1941 + } 1942 + 1943 + connected = connected && con->partner; 1944 + if (!connected && mutex_locked) 1945 + mutex_unlock(&con->lock); 1946 + 1947 + return connected; 1948 + } 1949 + 1950 + /** 1951 + * ucsi_con_mutex_unlock - Release the connector mutex 1952 + * @con: The connector interface to unlock 1953 + */ 1954 + void ucsi_con_mutex_unlock(struct ucsi_connector *con) 1955 + { 1956 + mutex_unlock(&con->lock); 1957 + } 1958 + 1959 + /** 1926 1960 * ucsi_create - Allocate UCSI instance 1927 1961 * @dev: Device interface to the PPM (Platform Policy Manager) 1928 1962 * @ops: I/O routines

+2

drivers/usb/typec/ucsi/ucsi.h

··· 94 94 void ucsi_unregister(struct ucsi *ucsi); 95 95 void *ucsi_get_drvdata(struct ucsi *ucsi); 96 96 void ucsi_set_drvdata(struct ucsi *ucsi, void *data); 97 + bool ucsi_con_mutex_lock(struct ucsi_connector *con); 98 + void ucsi_con_mutex_unlock(struct ucsi_connector *con); 97 99 98 100 void ucsi_connector_change(struct ucsi *ucsi, u8 num); 99 101

+6 -6

drivers/vfio/pci/vfio_pci_core.c

··· 1646 1646 { 1647 1647 struct vm_area_struct *vma = vmf->vma; 1648 1648 struct vfio_pci_core_device *vdev = vma->vm_private_data; 1649 - unsigned long pfn, pgoff = vmf->pgoff - vma->vm_pgoff; 1649 + unsigned long addr = vmf->address & ~((PAGE_SIZE << order) - 1); 1650 + unsigned long pgoff = (addr - vma->vm_start) >> PAGE_SHIFT; 1651 + unsigned long pfn = vma_to_pfn(vma) + pgoff; 1650 1652 vm_fault_t ret = VM_FAULT_SIGBUS; 1651 1653 1652 - pfn = vma_to_pfn(vma) + pgoff; 1653 - 1654 - if (order && (pfn & ((1 << order) - 1) || 1655 - vmf->address & ((PAGE_SIZE << order) - 1) || 1656 - vmf->address + (PAGE_SIZE << order) > vma->vm_end)) { 1654 + if (order && (addr < vma->vm_start || 1655 + addr + (PAGE_SIZE << order) > vma->vm_end || 1656 + pfn & ((1 << order) - 1))) { 1657 1657 ret = VM_FAULT_FALLBACK; 1658 1658 goto out; 1659 1659 }

+1

drivers/xen/swiotlb-xen.c

··· 217 217 * buffering it. 218 218 */ 219 219 if (dma_capable(dev, dev_addr, size, true) && 220 + !dma_kmalloc_needs_bounce(dev, size, dir) && 220 221 !range_straddles_page_boundary(phys, size) && 221 222 !xen_arch_need_swiotlb(dev, phys, dev_addr) && 222 223 !is_swiotlb_force_bounce(dev))

+2

drivers/xen/xenbus/xenbus.h

··· 77 77 struct xb_req_data { 78 78 struct list_head list; 79 79 wait_queue_head_t wq; 80 + struct kref kref; 80 81 struct xsd_sockmsg msg; 81 82 uint32_t caller_req_id; 82 83 enum xsd_sockmsg_type type; ··· 104 103 void xb_deinit_comms(void); 105 104 int xs_watch_msg(struct xs_watch_event *event); 106 105 void xs_request_exit(struct xb_req_data *req); 106 + void xs_free_req(struct kref *kref); 107 107 108 108 int xenbus_match(struct device *_dev, const struct device_driver *_drv); 109 109 int xenbus_dev_probe(struct device *_dev);

+4 -5

drivers/xen/xenbus/xenbus_comms.c

··· 309 309 virt_wmb(); 310 310 req->state = xb_req_state_got_reply; 311 311 req->cb(req); 312 - } else 313 - kfree(req); 312 + } 313 + kref_put(&req->kref, xs_free_req); 314 314 } 315 315 316 316 mutex_unlock(&xs_response_mutex); ··· 386 386 state.req->msg.type = XS_ERROR; 387 387 state.req->err = err; 388 388 list_del(&state.req->list); 389 - if (state.req->state == xb_req_state_aborted) 390 - kfree(state.req); 391 - else { 389 + if (state.req->state != xb_req_state_aborted) { 392 390 /* write err, then update state */ 393 391 virt_wmb(); 394 392 state.req->state = xb_req_state_got_reply; 395 393 wake_up(&state.req->wq); 396 394 } 395 + kref_put(&state.req->kref, xs_free_req); 397 396 398 397 mutex_unlock(&xb_write_mutex); 399 398

+1 -1

drivers/xen/xenbus/xenbus_dev_frontend.c

··· 406 406 mutex_unlock(&u->reply_mutex); 407 407 408 408 kfree(req->body); 409 - kfree(req); 409 + kref_put(&req->kref, xs_free_req); 410 410 411 411 kref_put(&u->kref, xenbus_file_free); 412 412

+8 -6

drivers/xen/xenbus/xenbus_probe.c

··· 966 966 if (xen_pv_domain()) 967 967 xen_store_domain_type = XS_PV; 968 968 if (xen_hvm_domain()) 969 + { 969 970 xen_store_domain_type = XS_HVM; 970 - if (xen_hvm_domain() && xen_initial_domain()) 971 - xen_store_domain_type = XS_LOCAL; 971 + err = hvm_get_parameter(HVM_PARAM_STORE_EVTCHN, &v); 972 + if (err) 973 + goto out_error; 974 + xen_store_evtchn = (int)v; 975 + if (!v && xen_initial_domain()) 976 + xen_store_domain_type = XS_LOCAL; 977 + } 972 978 if (xen_pv_domain() && !xen_start_info->store_evtchn) 973 979 xen_store_domain_type = XS_LOCAL; 974 980 if (xen_pv_domain() && xen_start_info->store_evtchn) ··· 993 987 xen_store_interface = gfn_to_virt(xen_store_gfn); 994 988 break; 995 989 case XS_HVM: 996 - err = hvm_get_parameter(HVM_PARAM_STORE_EVTCHN, &v); 997 - if (err) 998 - goto out_error; 999 - xen_store_evtchn = (int)v; 1000 990 err = hvm_get_parameter(HVM_PARAM_STORE_PFN, &v); 1001 991 if (err) 1002 992 goto out_error;

+16 -2

drivers/xen/xenbus/xenbus_xs.c

··· 112 112 wake_up_all(&xs_state_enter_wq); 113 113 } 114 114 115 + void xs_free_req(struct kref *kref) 116 + { 117 + struct xb_req_data *req = container_of(kref, struct xb_req_data, kref); 118 + kfree(req); 119 + } 120 + 115 121 static uint32_t xs_request_enter(struct xb_req_data *req) 116 122 { 117 123 uint32_t rq_id; ··· 243 237 req->caller_req_id = req->msg.req_id; 244 238 req->msg.req_id = xs_request_enter(req); 245 239 240 + /* 241 + * Take 2nd ref. One for this thread, and the second for the 242 + * xenbus_thread. 243 + */ 244 + kref_get(&req->kref); 245 + 246 246 mutex_lock(&xb_write_mutex); 247 247 list_add_tail(&req->list, &xb_write_list); 248 248 notify = list_is_singular(&xb_write_list); ··· 273 261 if (req->state == xb_req_state_queued || 274 262 req->state == xb_req_state_wait_reply) 275 263 req->state = xb_req_state_aborted; 276 - else 277 - kfree(req); 264 + 265 + kref_put(&req->kref, xs_free_req); 278 266 mutex_unlock(&xb_write_mutex); 279 267 280 268 return ret; ··· 303 291 req->cb = xenbus_dev_queue_reply; 304 292 req->par = par; 305 293 req->user_req = true; 294 + kref_init(&req->kref); 306 295 307 296 xs_send(req, msg); 308 297 ··· 332 319 req->num_vecs = num_vecs; 333 320 req->cb = xs_wake_up; 334 321 req->user_req = false; 322 + kref_init(&req->kref); 335 323 336 324 msg.req_id = 0; 337 325 msg.tx_id = t.id;

+21 -1

fs/bcachefs/alloc_foreground.c

··· 1422 1422 1423 1423 wp->sectors_free = UINT_MAX; 1424 1424 1425 - open_bucket_for_each(c, &wp->ptrs, ob, i) 1425 + open_bucket_for_each(c, &wp->ptrs, ob, i) { 1426 + /* 1427 + * Ensure proper write alignment - either due to misaligned 1428 + * bucket sizes (from buggy bcachefs-tools), or writes that mix 1429 + * logical/physical alignment: 1430 + */ 1431 + struct bch_dev *ca = ob_dev(c, ob); 1432 + u64 offset = bucket_to_sector(ca, ob->bucket) + 1433 + ca->mi.bucket_size - 1434 + ob->sectors_free; 1435 + unsigned align = round_up(offset, block_sectors(c)) - offset; 1436 + 1437 + ob->sectors_free = max_t(int, 0, ob->sectors_free - align); 1438 + 1426 1439 wp->sectors_free = min(wp->sectors_free, ob->sectors_free); 1440 + } 1427 1441 1428 1442 wp->sectors_free = rounddown(wp->sectors_free, block_sectors(c)); 1443 + 1444 + /* Did alignment use up space in an open_bucket? */ 1445 + if (unlikely(!wp->sectors_free)) { 1446 + bch2_alloc_sectors_done(c, wp); 1447 + goto retry; 1448 + } 1429 1449 1430 1450 BUG_ON(!wp->sectors_free || wp->sectors_free == UINT_MAX); 1431 1451

+8 -1

fs/bcachefs/btree_io.c

··· 41 41 42 42 clear_btree_node_write_in_flight_inner(b); 43 43 clear_btree_node_write_in_flight(b); 44 + smp_mb__after_atomic(); 44 45 wake_up_bit(&b->flags, BTREE_NODE_write_in_flight); 45 46 } 46 47 ··· 1401 1400 1402 1401 printbuf_exit(&buf); 1403 1402 clear_btree_node_read_in_flight(b); 1403 + smp_mb__after_atomic(); 1404 1404 wake_up_bit(&b->flags, BTREE_NODE_read_in_flight); 1405 1405 } 1406 1406 ··· 1597 1595 printbuf_exit(&buf); 1598 1596 1599 1597 clear_btree_node_read_in_flight(b); 1598 + smp_mb__after_atomic(); 1600 1599 wake_up_bit(&b->flags, BTREE_NODE_read_in_flight); 1601 1600 } 1602 1601 ··· 1724 1721 set_btree_node_read_error(b); 1725 1722 bch2_btree_lost_data(c, b->c.btree_id); 1726 1723 clear_btree_node_read_in_flight(b); 1724 + smp_mb__after_atomic(); 1727 1725 wake_up_bit(&b->flags, BTREE_NODE_read_in_flight); 1728 1726 printbuf_exit(&buf); 1729 1727 return; ··· 2065 2061 2066 2062 if (new & (1U << BTREE_NODE_write_in_flight)) 2067 2063 __bch2_btree_node_write(c, b, BTREE_WRITE_ALREADY_STARTED|type); 2068 - else 2064 + else { 2065 + smp_mb__after_atomic(); 2069 2066 wake_up_bit(&b->flags, BTREE_NODE_write_in_flight); 2067 + } 2070 2068 } 2071 2069 2072 2070 static void btree_node_write_done(struct bch_fs *c, struct btree *b, u64 start_time) ··· 2181 2175 } 2182 2176 2183 2177 clear_btree_node_write_in_flight_inner(b); 2178 + smp_mb__after_atomic(); 2184 2179 wake_up_bit(&b->flags, BTREE_NODE_write_in_flight_inner); 2185 2180 INIT_WORK(&wb->work, btree_node_write_work); 2186 2181 queue_work(c->btree_io_complete_wq, &wb->work);

+1

fs/bcachefs/buckets.h

··· 44 44 BUILD_BUG_ON(!((union ulong_byte_assert) { .ulong = 1UL << BUCKET_LOCK_BITNR }).byte); 45 45 46 46 clear_bit_unlock(BUCKET_LOCK_BITNR, (void *) &b->lock); 47 + smp_mb__after_atomic(); 47 48 wake_up_bit((void *) &b->lock, BUCKET_LOCK_BITNR); 48 49 } 49 50

+1

fs/bcachefs/ec.h

··· 160 160 BUILD_BUG_ON(!((union ulong_byte_assert) { .ulong = 1UL << BUCKET_LOCK_BITNR }).byte); 161 161 162 162 clear_bit_unlock(BUCKET_LOCK_BITNR, (void *) &s->lock); 163 + smp_mb__after_atomic(); 163 164 wake_up_bit((void *) &s->lock, BUCKET_LOCK_BITNR); 164 165 } 165 166

+1 -1

fs/bcachefs/errcode.h

··· 269 269 x(BCH_ERR_invalid_sb, invalid_sb_downgrade) \ 270 270 x(BCH_ERR_invalid, invalid_bkey) \ 271 271 x(BCH_ERR_operation_blocked, nocow_lock_blocked) \ 272 - x(EIO, journal_shutdown) \ 272 + x(EROFS, journal_shutdown) \ 273 273 x(EIO, journal_flush_err) \ 274 274 x(EIO, journal_write_err) \ 275 275 x(EIO, btree_node_read_err) \

+3 -2

fs/bcachefs/extents.c

··· 1056 1056 static bool want_cached_ptr(struct bch_fs *c, struct bch_io_opts *opts, 1057 1057 struct bch_extent_ptr *ptr) 1058 1058 { 1059 - if (!opts->promote_target || 1060 - !bch2_dev_in_target(c, ptr->dev, opts->promote_target)) 1059 + unsigned target = opts->promote_target ?: opts->foreground_target; 1060 + 1061 + if (target && !bch2_dev_in_target(c, ptr->dev, target)) 1061 1062 return false; 1062 1063 1063 1064 struct bch_dev *ca = bch2_dev_rcu_noerror(c, ptr->dev);

+3 -8

fs/bcachefs/fs.c

··· 2502 2502 2503 2503 bch2_opts_apply(&c->opts, opts); 2504 2504 2505 - /* 2506 - * need to initialise sb and set c->vfs_sb _before_ starting fs, 2507 - * for blk_holder_ops 2508 - */ 2505 + ret = bch2_fs_start(c); 2506 + if (ret) 2507 + goto err_stop_fs; 2509 2508 2510 2509 sb = sget(fc->fs_type, NULL, bch2_set_super, fc->sb_flags|SB_NOSEC, c); 2511 2510 ret = PTR_ERR_OR_ZERO(sb); ··· 2565 2566 #endif 2566 2567 2567 2568 sb->s_shrink->seeks = 0; 2568 - 2569 - ret = bch2_fs_start(c); 2570 - if (ret) 2571 - goto err_put_super; 2572 2569 2573 2570 #ifdef CONFIG_UNICODE 2574 2571 sb->s_encoding = c->cf_encoding;

+3 -1

fs/bcachefs/journal_io.c

··· 19 19 20 20 #include <linux/ioprio.h> 21 21 #include <linux/string_choices.h> 22 + #include <linux/sched/sysctl.h> 22 23 23 24 void bch2_journal_pos_from_member_info_set(struct bch_fs *c) 24 25 { ··· 1263 1262 degraded = true; 1264 1263 } 1265 1264 1266 - closure_sync(&jlist.cl); 1265 + while (closure_sync_timeout(&jlist.cl, sysctl_hung_task_timeout_secs * HZ / 2)) 1266 + ; 1267 1267 1268 1268 if (jlist.ret) 1269 1269 return jlist.ret;

+4 -3

fs/bcachefs/journal_reclaim.c

··· 266 266 267 267 static bool should_discard_bucket(struct journal *j, struct journal_device *ja) 268 268 { 269 - bool ret; 270 - 271 269 spin_lock(&j->lock); 272 - ret = ja->discard_idx != ja->dirty_idx_ondisk; 270 + unsigned min_free = max(4, ja->nr / 8); 271 + 272 + bool ret = bch2_journal_dev_buckets_available(j, ja, journal_space_discarded) < min_free && 273 + ja->discard_idx != ja->dirty_idx_ondisk; 273 274 spin_unlock(&j->lock); 274 275 275 276 return ret;

+2 -1

fs/bcachefs/move.c

··· 784 784 goto err; 785 785 786 786 ret = bch2_btree_write_buffer_tryflush(trans); 787 - bch_err_msg(c, ret, "flushing btree write buffer"); 787 + if (!bch2_err_matches(ret, EROFS)) 788 + bch_err_msg(c, ret, "flushing btree write buffer"); 788 789 if (ret) 789 790 goto err; 790 791

+5

fs/bcachefs/super.c

··· 377 377 bch_verbose(c, "marking filesystem clean"); 378 378 bch2_fs_mark_clean(c); 379 379 } else { 380 + /* Make sure error counts/counters are persisted */ 381 + mutex_lock(&c->sb_lock); 382 + bch2_write_super(c); 383 + mutex_unlock(&c->sb_lock); 384 + 380 385 bch_verbose(c, "done going read-only, filesystem not clean"); 381 386 } 382 387 }

+3 -1

fs/bcachefs/thread_with_file.c

··· 455 455 struct stdio_buf *buf = &stdio->output; 456 456 unsigned long flags; 457 457 ssize_t ret; 458 - 459 458 again: 459 + if (stdio->done) 460 + return -EPIPE; 461 + 460 462 spin_lock_irqsave(&buf->lock, flags); 461 463 ret = bch2_darray_vprintf(&buf->buf, GFP_NOWAIT, fmt, args); 462 464 spin_unlock_irqrestore(&buf->lock, flags);

+47 -24

fs/binfmt_elf.c

··· 830 830 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL; 831 831 struct elf_phdr *elf_property_phdata = NULL; 832 832 unsigned long elf_brk; 833 + bool brk_moved = false; 833 834 int retval, i; 834 835 unsigned long elf_entry; 835 836 unsigned long e_entry; ··· 1098 1097 /* Calculate any requested alignment. */ 1099 1098 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum); 1100 1099 1101 - /* 1102 - * There are effectively two types of ET_DYN 1103 - * binaries: programs (i.e. PIE: ET_DYN with PT_INTERP) 1104 - * and loaders (ET_DYN without PT_INTERP, since they 1105 - * _are_ the ELF interpreter). The loaders must 1106 - * be loaded away from programs since the program 1107 - * may otherwise collide with the loader (especially 1108 - * for ET_EXEC which does not have a randomized 1109 - * position). For example to handle invocations of 1100 + /** 1101 + * DOC: PIE handling 1102 + * 1103 + * There are effectively two types of ET_DYN ELF 1104 + * binaries: programs (i.e. PIE: ET_DYN with 1105 + * PT_INTERP) and loaders (i.e. static PIE: ET_DYN 1106 + * without PT_INTERP, usually the ELF interpreter 1107 + * itself). Loaders must be loaded away from programs 1108 + * since the program may otherwise collide with the 1109 + * loader (especially for ET_EXEC which does not have 1110 + * a randomized position). 1111 + * 1112 + * For example, to handle invocations of 1110 1113 * "./ld.so someprog" to test out a new version of 1111 1114 * the loader, the subsequent program that the 1112 1115 * loader loads must avoid the loader itself, so ··· 1123 1118 * ELF_ET_DYN_BASE and loaders are loaded into the 1124 1119 * independently randomized mmap region (0 load_bias 1125 1120 * without MAP_FIXED nor MAP_FIXED_NOREPLACE). 1121 + * 1122 + * See below for "brk" handling details, which is 1123 + * also affected by program vs loader and ASLR. 1126 1124 */ 1127 1125 if (interpreter) { 1128 1126 /* On ET_DYN with PT_INTERP, we do the ASLR. */ ··· 1242 1234 start_data += load_bias; 1243 1235 end_data += load_bias; 1244 1236 1245 - current->mm->start_brk = current->mm->brk = ELF_PAGEALIGN(elf_brk); 1246 - 1247 1237 if (interpreter) { 1248 1238 elf_entry = load_elf_interp(interp_elf_ex, 1249 1239 interpreter, ··· 1297 1291 mm->end_data = end_data; 1298 1292 mm->start_stack = bprm->p; 1299 1293 1300 - if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) { 1294 + /** 1295 + * DOC: "brk" handling 1296 + * 1297 + * For architectures with ELF randomization, when executing a 1298 + * loader directly (i.e. static PIE: ET_DYN without PT_INTERP), 1299 + * move the brk area out of the mmap region and into the unused 1300 + * ELF_ET_DYN_BASE region. Since "brk" grows up it may collide 1301 + * early with the stack growing down or other regions being put 1302 + * into the mmap region by the kernel (e.g. vdso). 1303 + * 1304 + * In the CONFIG_COMPAT_BRK case, though, everything is turned 1305 + * off because we're not allowed to move the brk at all. 1306 + */ 1307 + if (!IS_ENABLED(CONFIG_COMPAT_BRK) && 1308 + IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && 1309 + elf_ex->e_type == ET_DYN && !interpreter) { 1310 + elf_brk = ELF_ET_DYN_BASE; 1311 + /* This counts as moving the brk, so let brk(2) know. */ 1312 + brk_moved = true; 1313 + } 1314 + mm->start_brk = mm->brk = ELF_PAGEALIGN(elf_brk); 1315 + 1316 + if ((current->flags & PF_RANDOMIZE) && snapshot_randomize_va_space > 1) { 1301 1317 /* 1302 - * For architectures with ELF randomization, when executing 1303 - * a loader directly (i.e. no interpreter listed in ELF 1304 - * headers), move the brk area out of the mmap region 1305 - * (since it grows up, and may collide early with the stack 1306 - * growing down), and into the unused ELF_ET_DYN_BASE region. 1318 + * If we didn't move the brk to ELF_ET_DYN_BASE (above), 1319 + * leave a gap between .bss and brk. 1307 1320 */ 1308 - if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && 1309 - elf_ex->e_type == ET_DYN && !interpreter) { 1310 - mm->brk = mm->start_brk = ELF_ET_DYN_BASE; 1311 - } else { 1312 - /* Otherwise leave a gap between .bss and brk. */ 1321 + if (!brk_moved) 1313 1322 mm->brk = mm->start_brk = mm->brk + PAGE_SIZE; 1314 - } 1315 1323 1316 1324 mm->brk = mm->start_brk = arch_randomize_brk(mm); 1325 + brk_moved = true; 1326 + } 1327 + 1317 1328 #ifdef compat_brk_randomized 1329 + if (brk_moved) 1318 1330 current->brk_randomized = 1; 1319 1331 #endif 1320 - } 1321 1332 1322 1333 if (current->personality & MMAP_PAGE_ZERO) { 1323 1334 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,

+15 -2

fs/btrfs/discard.c

··· 94 94 struct btrfs_block_group *block_group) 95 95 { 96 96 lockdep_assert_held(&discard_ctl->lock); 97 - if (!btrfs_run_discard_work(discard_ctl)) 98 - return; 99 97 100 98 if (list_empty(&block_group->discard_list) || 101 99 block_group->discard_index == BTRFS_DISCARD_INDEX_UNUSED) { ··· 114 116 struct btrfs_block_group *block_group) 115 117 { 116 118 if (!btrfs_is_block_group_data_only(block_group)) 119 + return; 120 + 121 + if (!btrfs_run_discard_work(discard_ctl)) 117 122 return; 118 123 119 124 spin_lock(&discard_ctl->lock); ··· 245 244 block_group->used != 0) { 246 245 if (btrfs_is_block_group_data_only(block_group)) { 247 246 __add_to_discard_list(discard_ctl, block_group); 247 + /* 248 + * The block group must have been moved to other 249 + * discard list even if discard was disabled in 250 + * the meantime or a transaction abort happened, 251 + * otherwise we can end up in an infinite loop, 252 + * always jumping into the 'again' label and 253 + * keep getting this block group over and over 254 + * in case there are no other block groups in 255 + * the discard lists. 256 + */ 257 + ASSERT(block_group->discard_index != 258 + BTRFS_DISCARD_INDEX_UNUSED); 248 259 } else { 249 260 list_del_init(&block_group->discard_list); 250 261 btrfs_put_block_group(block_group);

+1

fs/btrfs/fs.h

··· 300 300 #define BTRFS_FEATURE_INCOMPAT_SAFE_CLEAR 0ULL 301 301 302 302 #define BTRFS_DEFAULT_COMMIT_INTERVAL (30) 303 + #define BTRFS_WARNING_COMMIT_INTERVAL (300) 303 304 #define BTRFS_DEFAULT_MAX_INLINE (2048) 304 305 305 306 struct btrfs_dev_replace {

+7

fs/btrfs/inode.c

··· 1109 1109 struct extent_state *cached = NULL; 1110 1110 struct extent_map *em; 1111 1111 int ret = 0; 1112 + bool free_pages = false; 1112 1113 u64 start = async_extent->start; 1113 1114 u64 end = async_extent->start + async_extent->ram_size - 1; 1114 1115 ··· 1130 1129 } 1131 1130 1132 1131 if (async_extent->compress_type == BTRFS_COMPRESS_NONE) { 1132 + ASSERT(!async_extent->folios); 1133 + ASSERT(async_extent->nr_folios == 0); 1133 1134 submit_uncompressed_range(inode, async_extent, locked_folio); 1135 + free_pages = true; 1134 1136 goto done; 1135 1137 } 1136 1138 ··· 1149 1145 * fall back to uncompressed. 1150 1146 */ 1151 1147 submit_uncompressed_range(inode, async_extent, locked_folio); 1148 + free_pages = true; 1152 1149 goto done; 1153 1150 } 1154 1151 ··· 1191 1186 done: 1192 1187 if (async_chunk->blkcg_css) 1193 1188 kthread_associate_blkcg(NULL); 1189 + if (free_pages) 1190 + free_async_extent_pages(async_extent); 1194 1191 kfree(async_extent); 1195 1192 return; 1196 1193

+4

fs/btrfs/super.c

··· 569 569 break; 570 570 case Opt_commit_interval: 571 571 ctx->commit_interval = result.uint_32; 572 + if (ctx->commit_interval > BTRFS_WARNING_COMMIT_INTERVAL) { 573 + btrfs_warn(NULL, "excessive commit interval %u, use with care", 574 + ctx->commit_interval); 575 + } 572 576 if (ctx->commit_interval == 0) 573 577 ctx->commit_interval = BTRFS_DEFAULT_COMMIT_INTERVAL; 574 578 break;

+1 -3

fs/buffer.c

··· 1220 1220 /* FIXME: do we need to set this in both places? */ 1221 1221 if (bh->b_folio && bh->b_folio->mapping) 1222 1222 mapping_set_error(bh->b_folio->mapping, -EIO); 1223 - if (bh->b_assoc_map) { 1223 + if (bh->b_assoc_map) 1224 1224 mapping_set_error(bh->b_assoc_map, -EIO); 1225 - errseq_set(&bh->b_assoc_map->host->i_sb->s_wb_err, -EIO); 1226 - } 1227 1225 } 1228 1226 EXPORT_SYMBOL(mark_buffer_write_io_error); 1229 1227

+4 -3

fs/eventpoll.c

··· 2111 2111 2112 2112 write_unlock_irq(&ep->lock); 2113 2113 2114 - if (!eavail && ep_schedule_timeout(to)) 2115 - timed_out = !schedule_hrtimeout_range(to, slack, 2116 - HRTIMER_MODE_ABS); 2114 + if (!eavail) 2115 + timed_out = !ep_schedule_timeout(to) || 2116 + !schedule_hrtimeout_range(to, slack, 2117 + HRTIMER_MODE_ABS); 2117 2118 __set_current_state(TASK_RUNNING); 2118 2119 2119 2120 /*

+7 -10

fs/namespace.c

··· 787 787 return 0; 788 788 mnt = real_mount(bastard); 789 789 mnt_add_count(mnt, 1); 790 - smp_mb(); // see mntput_no_expire() 790 + smp_mb(); // see mntput_no_expire() and do_umount() 791 791 if (likely(!read_seqretry(&mount_lock, seq))) 792 792 return 0; 793 - if (bastard->mnt_flags & MNT_SYNC_UMOUNT) { 794 - mnt_add_count(mnt, -1); 795 - return 1; 796 - } 797 793 lock_mount_hash(); 798 - if (unlikely(bastard->mnt_flags & MNT_DOOMED)) { 794 + if (unlikely(bastard->mnt_flags & (MNT_SYNC_UMOUNT | MNT_DOOMED))) { 799 795 mnt_add_count(mnt, -1); 800 796 unlock_mount_hash(); 801 797 return 1; ··· 2044 2048 umount_tree(mnt, UMOUNT_PROPAGATE); 2045 2049 retval = 0; 2046 2050 } else { 2051 + smp_mb(); // paired with __legitimize_mnt() 2047 2052 shrink_submounts(mnt); 2048 2053 retval = -EBUSY; 2049 2054 if (!propagate_mount_busy(mnt, 2)) { ··· 3557 3560 * @mnt_from itself. This defeats the whole purpose of mounting 3558 3561 * @mnt_from beneath @mnt_to. 3559 3562 */ 3560 - if (propagation_would_overmount(parent_mnt_to, mnt_from, mp)) 3563 + if (check_mnt(mnt_from) && 3564 + propagation_would_overmount(parent_mnt_to, mnt_from, mp)) 3561 3565 return -EINVAL; 3562 3566 3563 3567 return 0; ··· 3716 3718 if (err) 3717 3719 goto out; 3718 3720 3719 - if (is_anon_ns(ns)) 3720 - ns->mntns_flags &= ~MNTNS_PROPAGATING; 3721 - 3722 3721 /* if the mount is moved, it should no longer be expire 3723 3722 * automatically */ 3724 3723 list_del_init(&old->mnt_expire); 3725 3724 if (attached) 3726 3725 put_mountpoint(old_mp); 3727 3726 out: 3727 + if (is_anon_ns(ns)) 3728 + ns->mntns_flags &= ~MNTNS_PROPAGATING; 3728 3729 unlock_mount(mp); 3729 3730 if (!err) { 3730 3731 if (attached) {

-3

fs/nilfs2/the_nilfs.c

··· 705 705 int blocksize; 706 706 int err; 707 707 708 - down_write(&nilfs->ns_sem); 709 - 710 708 blocksize = sb_min_blocksize(sb, NILFS_MIN_BLOCK_SIZE); 711 709 if (!blocksize) { 712 710 nilfs_err(sb, "unable to set blocksize"); ··· 777 779 set_nilfs_init(nilfs); 778 780 err = 0; 779 781 out: 780 - up_write(&nilfs->ns_sem); 781 782 return err; 782 783 783 784 failed_sbh:

+1

fs/ocfs2/alloc.c

··· 6918 6918 if (IS_ERR(folios[numfolios])) { 6919 6919 ret = PTR_ERR(folios[numfolios]); 6920 6920 mlog_errno(ret); 6921 + folios[numfolios] = NULL; 6921 6922 goto out; 6922 6923 } 6923 6924

+58 -22

fs/ocfs2/journal.c

··· 174 174 struct ocfs2_recovery_map *rm; 175 175 176 176 mutex_init(&osb->recovery_lock); 177 - osb->disable_recovery = 0; 177 + osb->recovery_state = OCFS2_REC_ENABLED; 178 178 osb->recovery_thread_task = NULL; 179 179 init_waitqueue_head(&osb->recovery_event); 180 180 ··· 190 190 return 0; 191 191 } 192 192 193 - /* we can't grab the goofy sem lock from inside wait_event, so we use 194 - * memory barriers to make sure that we'll see the null task before 195 - * being woken up */ 196 193 static int ocfs2_recovery_thread_running(struct ocfs2_super *osb) 197 194 { 198 - mb(); 199 195 return osb->recovery_thread_task != NULL; 196 + } 197 + 198 + static void ocfs2_recovery_disable(struct ocfs2_super *osb, 199 + enum ocfs2_recovery_state state) 200 + { 201 + mutex_lock(&osb->recovery_lock); 202 + /* 203 + * If recovery thread is not running, we can directly transition to 204 + * final state. 205 + */ 206 + if (!ocfs2_recovery_thread_running(osb)) { 207 + osb->recovery_state = state + 1; 208 + goto out_lock; 209 + } 210 + osb->recovery_state = state; 211 + /* Wait for recovery thread to acknowledge state transition */ 212 + wait_event_cmd(osb->recovery_event, 213 + !ocfs2_recovery_thread_running(osb) || 214 + osb->recovery_state >= state + 1, 215 + mutex_unlock(&osb->recovery_lock), 216 + mutex_lock(&osb->recovery_lock)); 217 + out_lock: 218 + mutex_unlock(&osb->recovery_lock); 219 + 220 + /* 221 + * At this point we know that no more recovery work can be queued so 222 + * wait for any recovery completion work to complete. 223 + */ 224 + if (osb->ocfs2_wq) 225 + flush_workqueue(osb->ocfs2_wq); 226 + } 227 + 228 + void ocfs2_recovery_disable_quota(struct ocfs2_super *osb) 229 + { 230 + ocfs2_recovery_disable(osb, OCFS2_REC_QUOTA_WANT_DISABLE); 200 231 } 201 232 202 233 void ocfs2_recovery_exit(struct ocfs2_super *osb) ··· 236 205 237 206 /* disable any new recovery threads and wait for any currently 238 207 * running ones to exit. Do this before setting the vol_state. */ 239 - mutex_lock(&osb->recovery_lock); 240 - osb->disable_recovery = 1; 241 - mutex_unlock(&osb->recovery_lock); 242 - wait_event(osb->recovery_event, !ocfs2_recovery_thread_running(osb)); 243 - 244 - /* At this point, we know that no more recovery threads can be 245 - * launched, so wait for any recovery completion work to 246 - * complete. */ 247 - if (osb->ocfs2_wq) 248 - flush_workqueue(osb->ocfs2_wq); 208 + ocfs2_recovery_disable(osb, OCFS2_REC_WANT_DISABLE); 249 209 250 210 /* 251 211 * Now that recovery is shut down, and the osb is about to be ··· 1494 1472 } 1495 1473 } 1496 1474 restart: 1475 + if (quota_enabled) { 1476 + mutex_lock(&osb->recovery_lock); 1477 + /* Confirm that recovery thread will no longer recover quotas */ 1478 + if (osb->recovery_state == OCFS2_REC_QUOTA_WANT_DISABLE) { 1479 + osb->recovery_state = OCFS2_REC_QUOTA_DISABLED; 1480 + wake_up(&osb->recovery_event); 1481 + } 1482 + if (osb->recovery_state >= OCFS2_REC_QUOTA_DISABLED) 1483 + quota_enabled = 0; 1484 + mutex_unlock(&osb->recovery_lock); 1485 + } 1486 + 1497 1487 status = ocfs2_super_lock(osb, 1); 1498 1488 if (status < 0) { 1499 1489 mlog_errno(status); ··· 1603 1569 1604 1570 ocfs2_free_replay_slots(osb); 1605 1571 osb->recovery_thread_task = NULL; 1606 - mb(); /* sync with ocfs2_recovery_thread_running */ 1572 + if (osb->recovery_state == OCFS2_REC_WANT_DISABLE) 1573 + osb->recovery_state = OCFS2_REC_DISABLED; 1607 1574 wake_up(&osb->recovery_event); 1608 1575 1609 1576 mutex_unlock(&osb->recovery_lock); 1610 1577 1611 - if (quota_enabled) 1612 - kfree(rm_quota); 1578 + kfree(rm_quota); 1613 1579 1614 1580 return status; 1615 1581 } 1616 1582 1617 1583 void ocfs2_recovery_thread(struct ocfs2_super *osb, int node_num) 1618 1584 { 1585 + int was_set = -1; 1586 + 1619 1587 mutex_lock(&osb->recovery_lock); 1588 + if (osb->recovery_state < OCFS2_REC_WANT_DISABLE) 1589 + was_set = ocfs2_recovery_map_set(osb, node_num); 1620 1590 1621 1591 trace_ocfs2_recovery_thread(node_num, osb->node_num, 1622 - osb->disable_recovery, osb->recovery_thread_task, 1623 - osb->disable_recovery ? 1624 - -1 : ocfs2_recovery_map_set(osb, node_num)); 1592 + osb->recovery_state, osb->recovery_thread_task, was_set); 1625 1593 1626 - if (osb->disable_recovery) 1594 + if (osb->recovery_state >= OCFS2_REC_WANT_DISABLE) 1627 1595 goto out; 1628 1596 1629 1597 if (osb->recovery_thread_task)

+1

fs/ocfs2/journal.h

··· 148 148 149 149 int ocfs2_recovery_init(struct ocfs2_super *osb); 150 150 void ocfs2_recovery_exit(struct ocfs2_super *osb); 151 + void ocfs2_recovery_disable_quota(struct ocfs2_super *osb); 151 152 152 153 int ocfs2_compute_replay_slots(struct ocfs2_super *osb); 153 154 void ocfs2_free_replay_slots(struct ocfs2_super *osb);

+16 -1

fs/ocfs2/ocfs2.h

··· 308 308 void ocfs2_initialize_journal_triggers(struct super_block *sb, 309 309 struct ocfs2_triggers triggers[]); 310 310 311 + enum ocfs2_recovery_state { 312 + OCFS2_REC_ENABLED = 0, 313 + OCFS2_REC_QUOTA_WANT_DISABLE, 314 + /* 315 + * Must be OCFS2_REC_QUOTA_WANT_DISABLE + 1 for 316 + * ocfs2_recovery_disable_quota() to work. 317 + */ 318 + OCFS2_REC_QUOTA_DISABLED, 319 + OCFS2_REC_WANT_DISABLE, 320 + /* 321 + * Must be OCFS2_REC_WANT_DISABLE + 1 for ocfs2_recovery_exit() to work 322 + */ 323 + OCFS2_REC_DISABLED, 324 + }; 325 + 311 326 struct ocfs2_journal; 312 327 struct ocfs2_slot_info; 313 328 struct ocfs2_recovery_map; ··· 385 370 struct ocfs2_recovery_map *recovery_map; 386 371 struct ocfs2_replay_map *replay_map; 387 372 struct task_struct *recovery_thread_task; 388 - int disable_recovery; 373 + enum ocfs2_recovery_state recovery_state; 389 374 wait_queue_head_t checkpoint_event; 390 375 struct ocfs2_journal *journal; 391 376 unsigned long osb_commit_interval;

+2 -7

fs/ocfs2/quota_local.c

··· 453 453 454 454 /* Sync changes in local quota file into global quota file and 455 455 * reinitialize local quota file. 456 - * The function expects local quota file to be already locked and 457 - * s_umount locked in shared mode. */ 456 + * The function expects local quota file to be already locked. */ 458 457 static int ocfs2_recover_local_quota_file(struct inode *lqinode, 459 458 int type, 460 459 struct ocfs2_quota_recovery *rec) ··· 587 588 { 588 589 unsigned int ino[OCFS2_MAXQUOTAS] = { LOCAL_USER_QUOTA_SYSTEM_INODE, 589 590 LOCAL_GROUP_QUOTA_SYSTEM_INODE }; 590 - struct super_block *sb = osb->sb; 591 591 struct ocfs2_local_disk_dqinfo *ldinfo; 592 592 struct buffer_head *bh; 593 593 handle_t *handle; ··· 598 600 printk(KERN_NOTICE "ocfs2: Finishing quota recovery on device (%s) for " 599 601 "slot %u\n", osb->dev_str, slot_num); 600 602 601 - down_read(&sb->s_umount); 602 603 for (type = 0; type < OCFS2_MAXQUOTAS; type++) { 603 604 if (list_empty(&(rec->r_list[type]))) 604 605 continue; ··· 674 677 break; 675 678 } 676 679 out: 677 - up_read(&sb->s_umount); 678 680 kfree(rec); 679 681 return status; 680 682 } ··· 839 843 ocfs2_release_local_quota_bitmaps(&oinfo->dqi_chunk); 840 844 841 845 /* 842 - * s_umount held in exclusive mode protects us against racing with 843 - * recovery thread... 846 + * ocfs2_dismount_volume() has already aborted quota recovery... 844 847 */ 845 848 if (oinfo->dqi_rec) { 846 849 ocfs2_free_quota_recovery(oinfo->dqi_rec);

+32 -6

fs/ocfs2/suballoc.c

··· 698 698 699 699 bg_bh = ocfs2_block_group_alloc_contig(osb, handle, alloc_inode, 700 700 ac, cl); 701 - if (PTR_ERR(bg_bh) == -ENOSPC) 701 + if (PTR_ERR(bg_bh) == -ENOSPC) { 702 + ac->ac_which = OCFS2_AC_USE_MAIN_DISCONTIG; 702 703 bg_bh = ocfs2_block_group_alloc_discontig(handle, 703 704 alloc_inode, 704 705 ac, cl); 706 + } 705 707 if (IS_ERR(bg_bh)) { 706 708 status = PTR_ERR(bg_bh); 707 709 bg_bh = NULL; ··· 1796 1794 { 1797 1795 int status; 1798 1796 u16 chain; 1797 + u32 contig_bits; 1799 1798 u64 next_group; 1800 1799 struct inode *alloc_inode = ac->ac_inode; 1801 1800 struct buffer_head *group_bh = NULL; ··· 1822 1819 status = -ENOSPC; 1823 1820 /* for now, the chain search is a bit simplistic. We just use 1824 1821 * the 1st group with any empty bits. */ 1825 - while ((status = ac->ac_group_search(alloc_inode, group_bh, 1826 - bits_wanted, min_bits, 1827 - ac->ac_max_block, 1828 - res)) == -ENOSPC) { 1822 + while (1) { 1823 + if (ac->ac_which == OCFS2_AC_USE_MAIN_DISCONTIG) { 1824 + contig_bits = le16_to_cpu(bg->bg_contig_free_bits); 1825 + if (!contig_bits) 1826 + contig_bits = ocfs2_find_max_contig_free_bits(bg->bg_bitmap, 1827 + le16_to_cpu(bg->bg_bits), 0); 1828 + if (bits_wanted > contig_bits && contig_bits >= min_bits) 1829 + bits_wanted = contig_bits; 1830 + } 1831 + 1832 + status = ac->ac_group_search(alloc_inode, group_bh, 1833 + bits_wanted, min_bits, 1834 + ac->ac_max_block, res); 1835 + if (status != -ENOSPC) 1836 + break; 1829 1837 if (!bg->bg_next_group) 1830 1838 break; 1831 1839 ··· 1996 1982 victim = ocfs2_find_victim_chain(cl); 1997 1983 ac->ac_chain = victim; 1998 1984 1985 + search: 1999 1986 status = ocfs2_search_chain(ac, handle, bits_wanted, min_bits, 2000 1987 res, &bits_left); 2001 1988 if (!status) { ··· 2035 2020 mlog_errno(status); 2036 2021 goto bail; 2037 2022 } 2023 + } 2024 + 2025 + /* Chains can't supply the bits_wanted contiguous space. 2026 + * We should switch to using every single bit when allocating 2027 + * from the global bitmap. */ 2028 + if (i == le16_to_cpu(cl->cl_next_free_rec) && 2029 + status == -ENOSPC && ac->ac_which == OCFS2_AC_USE_MAIN) { 2030 + ac->ac_which = OCFS2_AC_USE_MAIN_DISCONTIG; 2031 + ac->ac_chain = victim; 2032 + goto search; 2038 2033 } 2039 2034 2040 2035 set_hint: ··· 2390 2365 BUG_ON(ac->ac_bits_given >= ac->ac_bits_wanted); 2391 2366 2392 2367 BUG_ON(ac->ac_which != OCFS2_AC_USE_LOCAL 2393 - && ac->ac_which != OCFS2_AC_USE_MAIN); 2368 + && ac->ac_which != OCFS2_AC_USE_MAIN 2369 + && ac->ac_which != OCFS2_AC_USE_MAIN_DISCONTIG); 2394 2370 2395 2371 if (ac->ac_which == OCFS2_AC_USE_LOCAL) { 2396 2372 WARN_ON(min_clusters > 1);

+1

fs/ocfs2/suballoc.h

··· 29 29 #define OCFS2_AC_USE_MAIN 2 30 30 #define OCFS2_AC_USE_INODE 3 31 31 #define OCFS2_AC_USE_META 4 32 + #define OCFS2_AC_USE_MAIN_DISCONTIG 5 32 33 u32 ac_which; 33 34 34 35 /* these are used by the chain search */

+3

fs/ocfs2/super.c

··· 1812 1812 /* Orphan scan should be stopped as early as possible */ 1813 1813 ocfs2_orphan_scan_stop(osb); 1814 1814 1815 + /* Stop quota recovery so that we can disable quotas */ 1816 + ocfs2_recovery_disable_quota(osb); 1817 + 1815 1818 ocfs2_disable_quotas(osb); 1816 1819 1817 1820 /* All dquots should be freed by now */

+9 -8

fs/pnode.c

··· 150 150 struct mount *origin) 151 151 { 152 152 /* are there any slaves of this mount? */ 153 - if (!IS_MNT_PROPAGATED(m) && !list_empty(&m->mnt_slave_list)) 153 + if (!IS_MNT_NEW(m) && !list_empty(&m->mnt_slave_list)) 154 154 return first_slave(m); 155 155 156 156 while (1) { ··· 174 174 * Advance m such that propagation_next will not return 175 175 * the slaves of m. 176 176 */ 177 - if (!IS_MNT_PROPAGATED(m) && !list_empty(&m->mnt_slave_list)) 177 + if (!IS_MNT_NEW(m) && !list_empty(&m->mnt_slave_list)) 178 178 m = last_slave(m); 179 179 180 180 return m; ··· 185 185 while (1) { 186 186 while (1) { 187 187 struct mount *next; 188 - if (!IS_MNT_PROPAGATED(m) && !list_empty(&m->mnt_slave_list)) 188 + if (!IS_MNT_NEW(m) && !list_empty(&m->mnt_slave_list)) 189 189 return first_slave(m); 190 190 next = next_peer(m); 191 191 if (m->mnt_group_id == origin->mnt_group_id) { ··· 226 226 struct mount *child; 227 227 int type; 228 228 /* skip ones added by this propagate_mnt() */ 229 - if (IS_MNT_PROPAGATED(m)) 229 + if (IS_MNT_NEW(m)) 230 230 return 0; 231 - /* skip if mountpoint isn't covered by it */ 231 + /* skip if mountpoint isn't visible in m */ 232 232 if (!is_subdir(dest_mp->m_dentry, m->mnt.mnt_root)) 233 233 return 0; 234 + /* skip if m is in the anon_ns we are emptying */ 235 + if (m->mnt_ns->mntns_flags & MNTNS_PROPAGATING) 236 + return 0; 237 + 234 238 if (peers(m, last_dest)) { 235 239 type = CL_MAKE_SHARED; 236 240 } else { ··· 382 378 const struct mountpoint *mp) 383 379 { 384 380 if (!IS_MNT_SHARED(from)) 385 - return false; 386 - 387 - if (IS_MNT_PROPAGATED(to)) 388 381 return false; 389 382 390 383 if (to->mnt.mnt_root != mp->m_dentry)

+1 -1

fs/pnode.h

··· 12 12 13 13 #define IS_MNT_SHARED(m) ((m)->mnt.mnt_flags & MNT_SHARED) 14 14 #define IS_MNT_SLAVE(m) ((m)->mnt_master) 15 - #define IS_MNT_PROPAGATED(m) (!(m)->mnt_ns || ((m)->mnt_ns->mntns_flags & MNTNS_PROPAGATING)) 15 + #define IS_MNT_NEW(m) (!(m)->mnt_ns) 16 16 #define CLEAR_MNT_SHARED(m) ((m)->mnt.mnt_flags &= ~MNT_SHARED) 17 17 #define IS_MNT_UNBINDABLE(m) ((m)->mnt.mnt_flags & MNT_UNBINDABLE) 18 18 #define IS_MNT_MARKED(m) ((m)->mnt.mnt_flags & MNT_MARKED)

+2 -8

fs/smb/client/cached_dir.c

··· 29 29 { 30 30 struct cached_fid *cfid; 31 31 32 - spin_lock(&cfids->cfid_list_lock); 33 32 list_for_each_entry(cfid, &cfids->entries, entry) { 34 33 if (!strcmp(cfid->path, path)) { 35 34 /* ··· 37 38 * being deleted due to a lease break. 38 39 */ 39 40 if (!cfid->time || !cfid->has_lease) { 40 - spin_unlock(&cfids->cfid_list_lock); 41 41 return NULL; 42 42 } 43 43 kref_get(&cfid->refcount); 44 - spin_unlock(&cfids->cfid_list_lock); 45 44 return cfid; 46 45 } 47 46 } 48 47 if (lookup_only) { 49 - spin_unlock(&cfids->cfid_list_lock); 50 48 return NULL; 51 49 } 52 50 if (cfids->num_entries >= max_cached_dirs) { 53 - spin_unlock(&cfids->cfid_list_lock); 54 51 return NULL; 55 52 } 56 53 cfid = init_cached_dir(path); 57 54 if (cfid == NULL) { 58 - spin_unlock(&cfids->cfid_list_lock); 59 55 return NULL; 60 56 } 61 57 cfid->cfids = cfids; ··· 68 74 */ 69 75 cfid->has_lease = true; 70 76 71 - spin_unlock(&cfids->cfid_list_lock); 72 77 return cfid; 73 78 } 74 79 ··· 180 187 if (!utf16_path) 181 188 return -ENOMEM; 182 189 190 + spin_lock(&cfids->cfid_list_lock); 183 191 cfid = find_or_create_cached_dir(cfids, path, lookup_only, tcon->max_cached_dirs); 184 192 if (cfid == NULL) { 193 + spin_unlock(&cfids->cfid_list_lock); 185 194 kfree(utf16_path); 186 195 return -ENOENT; 187 196 } ··· 192 197 * Otherwise, it is either a new entry or laundromat worker removed it 193 198 * from @cfids->entries. Caller will put last reference if the latter. 194 199 */ 195 - spin_lock(&cfids->cfid_list_lock); 196 200 if (cfid->has_lease && cfid->time) { 197 201 spin_unlock(&cfids->cfid_list_lock); 198 202 *ret_cfid = cfid;

+2

fs/smb/client/smb2inode.c

··· 666 666 /* smb2_parse_contexts() fills idata->fi.IndexNumber */ 667 667 rc = smb2_parse_contexts(server, &rsp_iov[0], &oparms->fid->epoch, 668 668 oparms->fid->lease_key, &oplock, &idata->fi, NULL); 669 + if (rc) 670 + cifs_dbg(VFS, "rc: %d parsing context of compound op\n", rc); 669 671 } 670 672 671 673 for (i = 0; i < num_cmds; i++) {

+1 -1

fs/udf/truncate.c

··· 115 115 } 116 116 /* This inode entry is in-memory only and thus we don't have to mark 117 117 * the inode dirty */ 118 - if (ret == 0) 118 + if (ret >= 0) 119 119 iinfo->i_lenExtents = inode->i_size; 120 120 brelse(epos.bh); 121 121 }

+22 -6

fs/userfaultfd.c

··· 1585 1585 user_uffdio_copy = (struct uffdio_copy __user *) arg; 1586 1586 1587 1587 ret = -EAGAIN; 1588 - if (atomic_read(&ctx->mmap_changing)) 1588 + if (unlikely(atomic_read(&ctx->mmap_changing))) { 1589 + if (unlikely(put_user(ret, &user_uffdio_copy->copy))) 1590 + return -EFAULT; 1589 1591 goto out; 1592 + } 1590 1593 1591 1594 ret = -EFAULT; 1592 1595 if (copy_from_user(&uffdio_copy, user_uffdio_copy, ··· 1644 1641 user_uffdio_zeropage = (struct uffdio_zeropage __user *) arg; 1645 1642 1646 1643 ret = -EAGAIN; 1647 - if (atomic_read(&ctx->mmap_changing)) 1644 + if (unlikely(atomic_read(&ctx->mmap_changing))) { 1645 + if (unlikely(put_user(ret, &user_uffdio_zeropage->zeropage))) 1646 + return -EFAULT; 1648 1647 goto out; 1648 + } 1649 1649 1650 1650 ret = -EFAULT; 1651 1651 if (copy_from_user(&uffdio_zeropage, user_uffdio_zeropage, ··· 1750 1744 user_uffdio_continue = (struct uffdio_continue __user *)arg; 1751 1745 1752 1746 ret = -EAGAIN; 1753 - if (atomic_read(&ctx->mmap_changing)) 1747 + if (unlikely(atomic_read(&ctx->mmap_changing))) { 1748 + if (unlikely(put_user(ret, &user_uffdio_continue->mapped))) 1749 + return -EFAULT; 1754 1750 goto out; 1751 + } 1755 1752 1756 1753 ret = -EFAULT; 1757 1754 if (copy_from_user(&uffdio_continue, user_uffdio_continue, ··· 1810 1801 user_uffdio_poison = (struct uffdio_poison __user *)arg; 1811 1802 1812 1803 ret = -EAGAIN; 1813 - if (atomic_read(&ctx->mmap_changing)) 1804 + if (unlikely(atomic_read(&ctx->mmap_changing))) { 1805 + if (unlikely(put_user(ret, &user_uffdio_poison->updated))) 1806 + return -EFAULT; 1814 1807 goto out; 1808 + } 1815 1809 1816 1810 ret = -EFAULT; 1817 1811 if (copy_from_user(&uffdio_poison, user_uffdio_poison, ··· 1882 1870 1883 1871 user_uffdio_move = (struct uffdio_move __user *) arg; 1884 1872 1885 - if (atomic_read(&ctx->mmap_changing)) 1886 - return -EAGAIN; 1873 + ret = -EAGAIN; 1874 + if (unlikely(atomic_read(&ctx->mmap_changing))) { 1875 + if (unlikely(put_user(ret, &user_uffdio_move->move))) 1876 + return -EFAULT; 1877 + goto out; 1878 + } 1887 1879 1888 1880 if (copy_from_user(&uffdio_move, user_uffdio_move, 1889 1881 /* don't copy "move" last field */

+24

fs/xattr.c

··· 1428 1428 return !strncmp(name, XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN); 1429 1429 } 1430 1430 1431 + static bool xattr_is_maclabel(const char *name) 1432 + { 1433 + const char *suffix = name + XATTR_SECURITY_PREFIX_LEN; 1434 + 1435 + return !strncmp(name, XATTR_SECURITY_PREFIX, 1436 + XATTR_SECURITY_PREFIX_LEN) && 1437 + security_ismaclabel(suffix); 1438 + } 1439 + 1431 1440 /** 1432 1441 * simple_xattr_list - list all xattr objects 1433 1442 * @inode: inode from which to get the xattrs ··· 1469 1460 if (err) 1470 1461 return err; 1471 1462 1463 + err = security_inode_listsecurity(inode, buffer, remaining_size); 1464 + if (err < 0) 1465 + return err; 1466 + 1467 + if (buffer) { 1468 + if (remaining_size < err) 1469 + return -ERANGE; 1470 + buffer += err; 1471 + } 1472 + remaining_size -= err; 1473 + 1472 1474 read_lock(&xattrs->lock); 1473 1475 for (rbp = rb_first(&xattrs->rb_root); rbp; rbp = rb_next(rbp)) { 1474 1476 xattr = rb_entry(rbp, struct simple_xattr, rb_node); 1475 1477 1476 1478 /* skip "trusted." attributes for unprivileged callers */ 1477 1479 if (!trusted && xattr_is_trusted(xattr->name)) 1480 + continue; 1481 + 1482 + /* skip MAC labels; these are provided by LSM above */ 1483 + if (xattr_is_maclabel(xattr->name)) 1478 1484 continue; 1479 1485 1480 1486 err = xattr_list_one(&buffer, &remaining_size, xattr->name);

+8 -10

include/drm/ttm/ttm_backup.h

··· 9 9 #include <linux/mm_types.h> 10 10 #include <linux/shmem_fs.h> 11 11 12 - struct ttm_backup; 13 - 14 12 /** 15 13 * ttm_backup_handle_to_page_ptr() - Convert handle to struct page pointer 16 14 * @handle: The handle to convert. 17 15 * 18 16 * Converts an opaque handle received from the 19 - * struct ttm_backoup_ops::backup_page() function to an (invalid) 17 + * ttm_backup_backup_page() function to an (invalid) 20 18 * struct page pointer suitable for a struct page array. 21 19 * 22 20 * Return: An (invalid) struct page pointer. ··· 43 45 * 44 46 * Return: The handle that was previously used in 45 47 * ttm_backup_handle_to_page_ptr() to obtain a struct page pointer, suitable 46 - * for use as argument in the struct ttm_backup_ops drop() or 47 - * copy_backed_up_page() functions. 48 + * for use as argument in the struct ttm_backup_drop() or 49 + * ttm_backup_copy_page() functions. 48 50 */ 49 51 static inline unsigned long 50 52 ttm_backup_page_ptr_to_handle(const struct page *page) ··· 53 55 return (unsigned long)page >> 1; 54 56 } 55 57 56 - void ttm_backup_drop(struct ttm_backup *backup, pgoff_t handle); 58 + void ttm_backup_drop(struct file *backup, pgoff_t handle); 57 59 58 - int ttm_backup_copy_page(struct ttm_backup *backup, struct page *dst, 60 + int ttm_backup_copy_page(struct file *backup, struct page *dst, 59 61 pgoff_t handle, bool intr); 60 62 61 63 s64 62 - ttm_backup_backup_page(struct ttm_backup *backup, struct page *page, 64 + ttm_backup_backup_page(struct file *backup, struct page *page, 63 65 bool writeback, pgoff_t idx, gfp_t page_gfp, 64 66 gfp_t alloc_gfp); 65 67 66 - void ttm_backup_fini(struct ttm_backup *backup); 68 + void ttm_backup_fini(struct file *backup); 67 69 68 70 u64 ttm_backup_bytes_avail(void); 69 71 70 - struct ttm_backup *ttm_backup_shmem_create(loff_t size); 72 + struct file *ttm_backup_shmem_create(loff_t size); 71 73 72 74 #endif

+1 -1

include/drm/ttm/ttm_tt.h

··· 118 118 * ttm_tt_create() callback is responsible for assigning 119 119 * this field. 120 120 */ 121 - struct ttm_backup *backup; 121 + struct file *backup; 122 122 /** 123 123 * @caching: The current caching state of the pages, see enum 124 124 * ttm_caching.

+2

include/linux/cpu.h

··· 78 78 extern ssize_t cpu_show_reg_file_data_sampling(struct device *dev, 79 79 struct device_attribute *attr, char *buf); 80 80 extern ssize_t cpu_show_ghostwrite(struct device *dev, struct device_attribute *attr, char *buf); 81 + extern ssize_t cpu_show_indirect_target_selection(struct device *dev, 82 + struct device_attribute *attr, char *buf); 81 83 82 84 extern __printf(4, 5) 83 85 struct device *cpu_device_create(struct device *parent, void *drvdata,

+10 -1

include/linux/execmem.h

··· 4 4 5 5 #include <linux/types.h> 6 6 #include <linux/moduleloader.h> 7 + #include <linux/cleanup.h> 7 8 8 9 #if (defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS)) && \ 9 10 !defined(CONFIG_KASAN_VMALLOC) ··· 54 53 EXECMEM_ROX_CACHE = (1 << 1), 55 54 }; 56 55 57 - #ifdef CONFIG_ARCH_HAS_EXECMEM_ROX 56 + #if defined(CONFIG_ARCH_HAS_EXECMEM_ROX) && defined(CONFIG_EXECMEM) 58 57 /** 59 58 * execmem_fill_trapping_insns - set memory to contain instructions that 60 59 * will trap ··· 94 93 * Return: 0 on success or negative error code on failure. 95 94 */ 96 95 int execmem_restore_rox(void *ptr, size_t size); 96 + 97 + /* 98 + * Called from mark_readonly(), where the system transitions to ROX. 99 + */ 100 + void execmem_cache_make_ro(void); 97 101 #else 98 102 static inline int execmem_make_temp_rw(void *ptr, size_t size) { return 0; } 99 103 static inline int execmem_restore_rox(void *ptr, size_t size) { return 0; } 104 + static inline void execmem_cache_make_ro(void) { } 100 105 #endif 101 106 102 107 /** ··· 176 169 * @ptr: pointer to the memory that should be freed 177 170 */ 178 171 void execmem_free(void *ptr); 172 + 173 + DEFINE_FREE(execmem, void *, if (_T) execmem_free(_T)); 179 174 180 175 #ifdef CONFIG_MMU 181 176 /**

+6 -7

include/linux/hyperv.h

··· 1002 1002 1003 1003 /* The max size of a packet on this channel */ 1004 1004 u32 max_pkt_size; 1005 + 1006 + /* function to mmap ring buffer memory to the channel's sysfs ring attribute */ 1007 + int (*mmap_ring_buffer)(struct vmbus_channel *channel, struct vm_area_struct *vma); 1008 + 1009 + /* boolean to control visibility of sysfs for ring buffer */ 1010 + bool ring_sysfs_visible; 1005 1011 }; 1006 1012 1007 1013 #define lock_requestor(channel, flags) \ ··· 1166 1160 u64 requestid, 1167 1161 enum vmbus_packet_type type, 1168 1162 u32 flags); 1169 - 1170 - extern int vmbus_sendpacket_pagebuffer(struct vmbus_channel *channel, 1171 - struct hv_page_buffer pagebuffers[], 1172 - u32 pagecount, 1173 - void *buffer, 1174 - u32 bufferlen, 1175 - u64 requestid); 1176 1163 1177 1164 extern int vmbus_sendpacket_mpb_desc(struct vmbus_channel *channel, 1178 1165 struct vmbus_packet_mpb_array *mpb,

-1

include/linux/micrel_phy.h

··· 44 44 #define MICREL_PHY_50MHZ_CLK BIT(0) 45 45 #define MICREL_PHY_FXEN BIT(1) 46 46 #define MICREL_KSZ8_P1_ERRATA BIT(2) 47 - #define MICREL_NO_EEE BIT(3) 48 47 49 48 #define MICREL_KSZ9021_EXTREG_CTRL 0xB 50 49 #define MICREL_KSZ9021_EXTREG_DATA_WRITE 0xC

+5

include/linux/module.h

··· 586 586 atomic_t refcnt; 587 587 #endif 588 588 589 + #ifdef CONFIG_MITIGATION_ITS 590 + int its_num_pages; 591 + void **its_page_array; 592 + #endif 593 + 589 594 #ifdef CONFIG_CONSTRUCTORS 590 595 /* Constructor functions. */ 591 596 ctor_fn_t *ctors;

+5 -3

include/linux/timekeeper_internal.h

··· 51 51 * @offs_real: Offset clock monotonic -> clock realtime 52 52 * @offs_boot: Offset clock monotonic -> clock boottime 53 53 * @offs_tai: Offset clock monotonic -> clock tai 54 - * @tai_offset: The current UTC to TAI offset in seconds 54 + * @coarse_nsec: The nanoseconds part for coarse time getters 55 55 * @tkr_raw: The readout base structure for CLOCK_MONOTONIC_RAW 56 56 * @raw_sec: CLOCK_MONOTONIC_RAW time in seconds 57 57 * @clock_was_set_seq: The sequence number of clock was set events ··· 76 76 * ntp shifted nano seconds. 77 77 * @ntp_err_mult: Multiplication factor for scaled math conversion 78 78 * @skip_second_overflow: Flag used to avoid updating NTP twice with same second 79 + * @tai_offset: The current UTC to TAI offset in seconds 79 80 * 80 81 * Note: For timespec(64) based interfaces wall_to_monotonic is what 81 82 * we need to add to xtime (or xtime corrected for sub jiffy times) ··· 101 100 * which results in the following cacheline layout: 102 101 * 103 102 * 0: seqcount, tkr_mono 104 - * 1: xtime_sec ... tai_offset 103 + * 1: xtime_sec ... coarse_nsec 105 104 * 2: tkr_raw, raw_sec 106 105 * 3,4: Internal variables 107 106 * ··· 122 121 ktime_t offs_real; 123 122 ktime_t offs_boot; 124 123 ktime_t offs_tai; 125 - s32 tai_offset; 124 + u32 coarse_nsec; 126 125 127 126 /* Cacheline 2: */ 128 127 struct tk_read_base tkr_raw; ··· 145 144 u32 ntp_error_shift; 146 145 u32 ntp_err_mult; 147 146 u32 skip_second_overflow; 147 + s32 tai_offset; 148 148 }; 149 149 150 150 #ifdef CONFIG_GENERIC_TIME_VSYSCALL

+20 -1

include/linux/tpm.h

··· 224 224 225 225 enum tpm2_timeouts { 226 226 TPM2_TIMEOUT_A = 750, 227 - TPM2_TIMEOUT_B = 2000, 227 + TPM2_TIMEOUT_B = 4000, 228 228 TPM2_TIMEOUT_C = 200, 229 229 TPM2_TIMEOUT_D = 30, 230 230 TPM2_DURATION_SHORT = 20, ··· 257 257 TPM2_RC_TESTING = 0x090A, /* RC_WARN */ 258 258 TPM2_RC_REFERENCE_H0 = 0x0910, 259 259 TPM2_RC_RETRY = 0x0922, 260 + TPM2_RC_SESSION_MEMORY = 0x0903, 260 261 }; 261 262 262 263 enum tpm2_command_codes { ··· 436 435 static inline u32 tpm2_rc_value(u32 rc) 437 436 { 438 437 return (rc & BIT(7)) ? rc & 0xbf : rc; 438 + } 439 + 440 + /* 441 + * Convert a return value from tpm_transmit_cmd() to POSIX error code. 442 + */ 443 + static inline ssize_t tpm_ret_to_err(ssize_t ret) 444 + { 445 + if (ret < 0) 446 + return ret; 447 + 448 + switch (tpm2_rc_value(ret)) { 449 + case TPM2_RC_SUCCESS: 450 + return 0; 451 + case TPM2_RC_SESSION_MEMORY: 452 + return -ENOMEM; 453 + default: 454 + return -EFAULT; 455 + } 439 456 } 440 457 441 458 #if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE)

+1

include/linux/vmalloc.h

··· 61 61 unsigned int nr_pages; 62 62 phys_addr_t phys_addr; 63 63 const void *caller; 64 + unsigned long requested_size; 64 65 }; 65 66 66 67 struct vmap_area {

+1

include/net/bluetooth/hci_core.h

··· 1798 1798 void hci_uuids_clear(struct hci_dev *hdev); 1799 1799 1800 1800 void hci_link_keys_clear(struct hci_dev *hdev); 1801 + u8 *hci_conn_key_enc_size(struct hci_conn *conn); 1801 1802 struct link_key *hci_find_link_key(struct hci_dev *hdev, bdaddr_t *bdaddr); 1802 1803 struct link_key *hci_add_link_key(struct hci_dev *hdev, struct hci_conn *conn, 1803 1804 bdaddr_t *bdaddr, u8 *val, u8 type,

+15

include/net/sch_generic.h

··· 1039 1039 return skb; 1040 1040 } 1041 1041 1042 + static inline struct sk_buff *qdisc_dequeue_internal(struct Qdisc *sch, bool direct) 1043 + { 1044 + struct sk_buff *skb; 1045 + 1046 + skb = __skb_dequeue(&sch->gso_skb); 1047 + if (skb) { 1048 + sch->q.qlen--; 1049 + return skb; 1050 + } 1051 + if (direct) 1052 + return __qdisc_dequeue_head(&sch->q); 1053 + else 1054 + return sch->dequeue(sch); 1055 + } 1056 + 1042 1057 static inline struct sk_buff *qdisc_dequeue_head(struct Qdisc *sch) 1043 1058 { 1044 1059 struct sk_buff *skb = __qdisc_dequeue_head(&sch->q);

+3 -5

init/Kconfig

··· 87 87 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(USERCFLAGS) $(USERLDFLAGS) $(m64-flag)) if 64BIT 88 88 default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(USERCFLAGS) $(USERLDFLAGS) $(m32-flag)) 89 89 90 - config CC_CAN_LINK_STATIC 91 - bool 92 - default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(USERCFLAGS) $(USERLDFLAGS) $(m64-flag) -static) if 64BIT 93 - default $(success,$(srctree)/scripts/cc-can-link.sh $(CC) $(CLANG_FLAGS) $(USERCFLAGS) $(USERLDFLAGS) $(m32-flag) -static) 94 - 95 90 # Fixed in GCC 14, 13.3, 12.4 and 11.5 96 91 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113921 97 92 config GCC_ASM_GOTO_OUTPUT_BROKEN ··· 134 139 135 140 config RUSTC_HAS_COERCE_POINTEE 136 141 def_bool RUSTC_VERSION >= 108400 142 + 143 + config RUSTC_HAS_UNNECESSARY_TRANSMUTES 144 + def_bool RUSTC_VERSION >= 108800 137 145 138 146 config PAHOLE_VERSION 139 147 int

+23 -35

io_uring/io_uring.c

··· 448 448 return req->link; 449 449 } 450 450 451 - static inline struct io_kiocb *io_prep_linked_timeout(struct io_kiocb *req) 452 - { 453 - if (likely(!(req->flags & REQ_F_ARM_LTIMEOUT))) 454 - return NULL; 455 - return __io_prep_linked_timeout(req); 456 - } 457 - 458 - static noinline void __io_arm_ltimeout(struct io_kiocb *req) 459 - { 460 - io_queue_linked_timeout(__io_prep_linked_timeout(req)); 461 - } 462 - 463 - static inline void io_arm_ltimeout(struct io_kiocb *req) 464 - { 465 - if (unlikely(req->flags & REQ_F_ARM_LTIMEOUT)) 466 - __io_arm_ltimeout(req); 467 - } 468 - 469 451 static void io_prep_async_work(struct io_kiocb *req) 470 452 { 471 453 const struct io_issue_def *def = &io_issue_defs[req->opcode]; ··· 500 518 501 519 static void io_queue_iowq(struct io_kiocb *req) 502 520 { 503 - struct io_kiocb *link = io_prep_linked_timeout(req); 504 521 struct io_uring_task *tctx = req->tctx; 505 522 506 523 BUG_ON(!tctx); ··· 524 543 525 544 trace_io_uring_queue_async_work(req, io_wq_is_hashed(&req->work)); 526 545 io_wq_enqueue(tctx->io_wq, &req->work); 527 - if (link) 528 - io_queue_linked_timeout(link); 529 546 } 530 547 531 548 static void io_req_queue_iowq_tw(struct io_kiocb *req, io_tw_token_t tw) ··· 847 868 { 848 869 struct io_ring_ctx *ctx = req->ctx; 849 870 bool posted; 871 + 872 + /* 873 + * If multishot has already posted deferred completions, ensure that 874 + * those are flushed first before posting this one. If not, CQEs 875 + * could get reordered. 876 + */ 877 + if (!wq_list_empty(&ctx->submit_state.compl_reqs)) 878 + __io_submit_flush_completions(ctx); 850 879 851 880 lockdep_assert(!io_wq_current_is_worker()); 852 881 lockdep_assert_held(&ctx->uring_lock); ··· 1711 1724 return !!req->file; 1712 1725 } 1713 1726 1727 + #define REQ_ISSUE_SLOW_FLAGS (REQ_F_CREDS | REQ_F_ARM_LTIMEOUT) 1728 + 1714 1729 static inline int __io_issue_sqe(struct io_kiocb *req, 1715 1730 unsigned int issue_flags, 1716 1731 const struct io_issue_def *def) 1717 1732 { 1718 1733 const struct cred *creds = NULL; 1734 + struct io_kiocb *link = NULL; 1719 1735 int ret; 1720 1736 1721 - if (unlikely((req->flags & REQ_F_CREDS) && req->creds != current_cred())) 1722 - creds = override_creds(req->creds); 1737 + if (unlikely(req->flags & REQ_ISSUE_SLOW_FLAGS)) { 1738 + if ((req->flags & REQ_F_CREDS) && req->creds != current_cred()) 1739 + creds = override_creds(req->creds); 1740 + if (req->flags & REQ_F_ARM_LTIMEOUT) 1741 + link = __io_prep_linked_timeout(req); 1742 + } 1723 1743 1724 1744 if (!def->audit_skip) 1725 1745 audit_uring_entry(req->opcode); ··· 1736 1742 if (!def->audit_skip) 1737 1743 audit_uring_exit(!ret, ret); 1738 1744 1739 - if (creds) 1740 - revert_creds(creds); 1745 + if (unlikely(creds || link)) { 1746 + if (creds) 1747 + revert_creds(creds); 1748 + if (link) 1749 + io_queue_linked_timeout(link); 1750 + } 1741 1751 1742 1752 return ret; 1743 1753 } ··· 1767 1769 1768 1770 if (ret == IOU_ISSUE_SKIP_COMPLETE) { 1769 1771 ret = 0; 1770 - io_arm_ltimeout(req); 1771 1772 1772 1773 /* If the op doesn't have a file, we're not polling for it */ 1773 1774 if ((req->ctx->flags & IORING_SETUP_IOPOLL) && def->iopoll_queue) ··· 1820 1823 __io_req_set_refcount(req, 2); 1821 1824 else 1822 1825 req_ref_get(req); 1823 - 1824 - io_arm_ltimeout(req); 1825 1826 1826 1827 /* either cancelled or io-wq is dying, so don't touch tctx->iowq */ 1827 1828 if (atomic_read(&work->flags) & IO_WQ_WORK_CANCEL) { ··· 1936 1941 static void io_queue_async(struct io_kiocb *req, int ret) 1937 1942 __must_hold(&req->ctx->uring_lock) 1938 1943 { 1939 - struct io_kiocb *linked_timeout; 1940 - 1941 1944 if (ret != -EAGAIN || (req->flags & REQ_F_NOWAIT)) { 1942 1945 io_req_defer_failed(req, ret); 1943 1946 return; 1944 1947 } 1945 - 1946 - linked_timeout = io_prep_linked_timeout(req); 1947 1948 1948 1949 switch (io_arm_poll_handler(req, 0)) { 1949 1950 case IO_APOLL_READY: ··· 1953 1962 case IO_APOLL_OK: 1954 1963 break; 1955 1964 } 1956 - 1957 - if (linked_timeout) 1958 - io_queue_linked_timeout(linked_timeout); 1959 1965 } 1960 1966 1961 1967 static inline void io_queue_sqe(struct io_kiocb *req)

+1 -1

io_uring/sqpoll.c

··· 20 20 #include "sqpoll.h" 21 21 22 22 #define IORING_SQPOLL_CAP_ENTRIES_VALUE 8 23 - #define IORING_TW_CAP_ENTRIES_VALUE 8 23 + #define IORING_TW_CAP_ENTRIES_VALUE 32 24 24 25 25 enum { 26 26 IO_SQ_THREAD_SHOULD_STOP = 0,

+4 -2

kernel/cgroup/cpuset.c

··· 1116 1116 1117 1117 if (top_cs) { 1118 1118 /* 1119 - * Percpu kthreads in top_cpuset are ignored 1119 + * PF_NO_SETAFFINITY tasks are ignored. 1120 + * All per cpu kthreads should have PF_NO_SETAFFINITY 1121 + * flag set, see kthread_set_per_cpu(). 1120 1122 */ 1121 - if (kthread_is_per_cpu(task)) 1123 + if (task->flags & PF_NO_SETAFFINITY) 1122 1124 continue; 1123 1125 cpumask_andnot(new_cpus, possible_mask, subpartitions_cpus); 1124 1126 } else {

+5

kernel/module/Kconfig

··· 192 192 depends on !DEBUG_INFO_REDUCED && !DEBUG_INFO_SPLIT 193 193 # Requires ELF object files. 194 194 depends on !LTO 195 + # To avoid conflicts with the discarded __gendwarfksyms_ptr symbols on 196 + # X86, requires pahole before commit 47dcb534e253 ("btf_encoder: Stop 197 + # indexing symbols for VARs") or after commit 9810758003ce ("btf_encoder: 198 + # Verify 0 address DWARF variables are in ELF section"). 199 + depends on !X86 || !DEBUG_INFO_BTF || PAHOLE_VERSION < 128 || PAHOLE_VERSION > 129 195 200 help 196 201 Calculate symbol versions from DWARF debugging information using 197 202 gendwarfksyms. Requires DEBUG_INFO to be enabled.

+3 -1

kernel/params.c

··· 943 943 static void module_kobj_release(struct kobject *kobj) 944 944 { 945 945 struct module_kobject *mk = to_module_kobject(kobj); 946 - complete(mk->kobj_completion); 946 + 947 + if (mk->kobj_completion) 948 + complete(mk->kobj_completion); 947 949 } 948 950 949 951 const struct kobj_type module_ktype = {

+123 -68

kernel/sched/ext.c

··· 1118 1118 current->scx.kf_mask &= ~mask; 1119 1119 } 1120 1120 1121 - #define SCX_CALL_OP(mask, op, args...) \ 1121 + /* 1122 + * Track the rq currently locked. 1123 + * 1124 + * This allows kfuncs to safely operate on rq from any scx ops callback, 1125 + * knowing which rq is already locked. 1126 + */ 1127 + static DEFINE_PER_CPU(struct rq *, locked_rq); 1128 + 1129 + static inline void update_locked_rq(struct rq *rq) 1130 + { 1131 + /* 1132 + * Check whether @rq is actually locked. This can help expose bugs 1133 + * or incorrect assumptions about the context in which a kfunc or 1134 + * callback is executed. 1135 + */ 1136 + if (rq) 1137 + lockdep_assert_rq_held(rq); 1138 + __this_cpu_write(locked_rq, rq); 1139 + } 1140 + 1141 + /* 1142 + * Return the rq currently locked from an scx callback, or NULL if no rq is 1143 + * locked. 1144 + */ 1145 + static inline struct rq *scx_locked_rq(void) 1146 + { 1147 + return __this_cpu_read(locked_rq); 1148 + } 1149 + 1150 + #define SCX_CALL_OP(mask, op, rq, args...) \ 1122 1151 do { \ 1152 + update_locked_rq(rq); \ 1123 1153 if (mask) { \ 1124 1154 scx_kf_allow(mask); \ 1125 1155 scx_ops.op(args); \ ··· 1157 1127 } else { \ 1158 1128 scx_ops.op(args); \ 1159 1129 } \ 1130 + update_locked_rq(NULL); \ 1160 1131 } while (0) 1161 1132 1162 - #define SCX_CALL_OP_RET(mask, op, args...) \ 1133 + #define SCX_CALL_OP_RET(mask, op, rq, args...) \ 1163 1134 ({ \ 1164 1135 __typeof__(scx_ops.op(args)) __ret; \ 1136 + \ 1137 + update_locked_rq(rq); \ 1165 1138 if (mask) { \ 1166 1139 scx_kf_allow(mask); \ 1167 1140 __ret = scx_ops.op(args); \ ··· 1172 1139 } else { \ 1173 1140 __ret = scx_ops.op(args); \ 1174 1141 } \ 1142 + update_locked_rq(NULL); \ 1175 1143 __ret; \ 1176 1144 }) 1177 1145 ··· 1187 1153 * scx_kf_allowed_on_arg_tasks() to test whether the invocation is allowed on 1188 1154 * the specific task. 1189 1155 */ 1190 - #define SCX_CALL_OP_TASK(mask, op, task, args...) \ 1156 + #define SCX_CALL_OP_TASK(mask, op, rq, task, args...) \ 1191 1157 do { \ 1192 1158 BUILD_BUG_ON((mask) & ~__SCX_KF_TERMINAL); \ 1193 1159 current->scx.kf_tasks[0] = task; \ 1194 - SCX_CALL_OP(mask, op, task, ##args); \ 1160 + SCX_CALL_OP(mask, op, rq, task, ##args); \ 1195 1161 current->scx.kf_tasks[0] = NULL; \ 1196 1162 } while (0) 1197 1163 1198 - #define SCX_CALL_OP_TASK_RET(mask, op, task, args...) \ 1164 + #define SCX_CALL_OP_TASK_RET(mask, op, rq, task, args...) \ 1199 1165 ({ \ 1200 1166 __typeof__(scx_ops.op(task, ##args)) __ret; \ 1201 1167 BUILD_BUG_ON((mask) & ~__SCX_KF_TERMINAL); \ 1202 1168 current->scx.kf_tasks[0] = task; \ 1203 - __ret = SCX_CALL_OP_RET(mask, op, task, ##args); \ 1169 + __ret = SCX_CALL_OP_RET(mask, op, rq, task, ##args); \ 1204 1170 current->scx.kf_tasks[0] = NULL; \ 1205 1171 __ret; \ 1206 1172 }) 1207 1173 1208 - #define SCX_CALL_OP_2TASKS_RET(mask, op, task0, task1, args...) \ 1174 + #define SCX_CALL_OP_2TASKS_RET(mask, op, rq, task0, task1, args...) \ 1209 1175 ({ \ 1210 1176 __typeof__(scx_ops.op(task0, task1, ##args)) __ret; \ 1211 1177 BUILD_BUG_ON((mask) & ~__SCX_KF_TERMINAL); \ 1212 1178 current->scx.kf_tasks[0] = task0; \ 1213 1179 current->scx.kf_tasks[1] = task1; \ 1214 - __ret = SCX_CALL_OP_RET(mask, op, task0, task1, ##args); \ 1180 + __ret = SCX_CALL_OP_RET(mask, op, rq, task0, task1, ##args); \ 1215 1181 current->scx.kf_tasks[0] = NULL; \ 1216 1182 current->scx.kf_tasks[1] = NULL; \ 1217 1183 __ret; \ ··· 2206 2172 WARN_ON_ONCE(*ddsp_taskp); 2207 2173 *ddsp_taskp = p; 2208 2174 2209 - SCX_CALL_OP_TASK(SCX_KF_ENQUEUE, enqueue, p, enq_flags); 2175 + SCX_CALL_OP_TASK(SCX_KF_ENQUEUE, enqueue, rq, p, enq_flags); 2210 2176 2211 2177 *ddsp_taskp = NULL; 2212 2178 if (p->scx.ddsp_dsq_id != SCX_DSQ_INVALID) ··· 2303 2269 add_nr_running(rq, 1); 2304 2270 2305 2271 if (SCX_HAS_OP(runnable) && !task_on_rq_migrating(p)) 2306 - SCX_CALL_OP_TASK(SCX_KF_REST, runnable, p, enq_flags); 2272 + SCX_CALL_OP_TASK(SCX_KF_REST, runnable, rq, p, enq_flags); 2307 2273 2308 2274 if (enq_flags & SCX_ENQ_WAKEUP) 2309 2275 touch_core_sched(rq, p); ··· 2317 2283 __scx_add_event(SCX_EV_SELECT_CPU_FALLBACK, 1); 2318 2284 } 2319 2285 2320 - static void ops_dequeue(struct task_struct *p, u64 deq_flags) 2286 + static void ops_dequeue(struct rq *rq, struct task_struct *p, u64 deq_flags) 2321 2287 { 2322 2288 unsigned long opss; 2323 2289 ··· 2338 2304 BUG(); 2339 2305 case SCX_OPSS_QUEUED: 2340 2306 if (SCX_HAS_OP(dequeue)) 2341 - SCX_CALL_OP_TASK(SCX_KF_REST, dequeue, p, deq_flags); 2307 + SCX_CALL_OP_TASK(SCX_KF_REST, dequeue, rq, p, deq_flags); 2342 2308 2343 2309 if (atomic_long_try_cmpxchg(&p->scx.ops_state, &opss, 2344 2310 SCX_OPSS_NONE)) ··· 2371 2337 return true; 2372 2338 } 2373 2339 2374 - ops_dequeue(p, deq_flags); 2340 + ops_dequeue(rq, p, deq_flags); 2375 2341 2376 2342 /* 2377 2343 * A currently running task which is going off @rq first gets dequeued ··· 2387 2353 */ 2388 2354 if (SCX_HAS_OP(stopping) && task_current(rq, p)) { 2389 2355 update_curr_scx(rq); 2390 - SCX_CALL_OP_TASK(SCX_KF_REST, stopping, p, false); 2356 + SCX_CALL_OP_TASK(SCX_KF_REST, stopping, rq, p, false); 2391 2357 } 2392 2358 2393 2359 if (SCX_HAS_OP(quiescent) && !task_on_rq_migrating(p)) 2394 - SCX_CALL_OP_TASK(SCX_KF_REST, quiescent, p, deq_flags); 2360 + SCX_CALL_OP_TASK(SCX_KF_REST, quiescent, rq, p, deq_flags); 2395 2361 2396 2362 if (deq_flags & SCX_DEQ_SLEEP) 2397 2363 p->scx.flags |= SCX_TASK_DEQD_FOR_SLEEP; ··· 2411 2377 struct task_struct *p = rq->curr; 2412 2378 2413 2379 if (SCX_HAS_OP(yield)) 2414 - SCX_CALL_OP_2TASKS_RET(SCX_KF_REST, yield, p, NULL); 2380 + SCX_CALL_OP_2TASKS_RET(SCX_KF_REST, yield, rq, p, NULL); 2415 2381 else 2416 2382 p->scx.slice = 0; 2417 2383 } ··· 2421 2387 struct task_struct *from = rq->curr; 2422 2388 2423 2389 if (SCX_HAS_OP(yield)) 2424 - return SCX_CALL_OP_2TASKS_RET(SCX_KF_REST, yield, from, to); 2390 + return SCX_CALL_OP_2TASKS_RET(SCX_KF_REST, yield, rq, from, to); 2425 2391 else 2426 2392 return false; 2427 2393 } ··· 2979 2945 * emitted in switch_class(). 2980 2946 */ 2981 2947 if (SCX_HAS_OP(cpu_acquire)) 2982 - SCX_CALL_OP(SCX_KF_REST, cpu_acquire, cpu_of(rq), NULL); 2948 + SCX_CALL_OP(SCX_KF_REST, cpu_acquire, rq, cpu_of(rq), NULL); 2983 2949 rq->scx.cpu_released = false; 2984 2950 } 2985 2951 ··· 3024 2990 do { 3025 2991 dspc->nr_tasks = 0; 3026 2992 3027 - SCX_CALL_OP(SCX_KF_DISPATCH, dispatch, cpu_of(rq), 2993 + SCX_CALL_OP(SCX_KF_DISPATCH, dispatch, rq, cpu_of(rq), 3028 2994 prev_on_scx ? prev : NULL); 3029 2995 3030 2996 flush_dispatch_buf(rq); ··· 3138 3104 * Core-sched might decide to execute @p before it is 3139 3105 * dispatched. Call ops_dequeue() to notify the BPF scheduler. 3140 3106 */ 3141 - ops_dequeue(p, SCX_DEQ_CORE_SCHED_EXEC); 3107 + ops_dequeue(rq, p, SCX_DEQ_CORE_SCHED_EXEC); 3142 3108 dispatch_dequeue(rq, p); 3143 3109 } 3144 3110 ··· 3146 3112 3147 3113 /* see dequeue_task_scx() on why we skip when !QUEUED */ 3148 3114 if (SCX_HAS_OP(running) && (p->scx.flags & SCX_TASK_QUEUED)) 3149 - SCX_CALL_OP_TASK(SCX_KF_REST, running, p); 3115 + SCX_CALL_OP_TASK(SCX_KF_REST, running, rq, p); 3150 3116 3151 3117 clr_task_runnable(p, true); 3152 3118 ··· 3227 3193 .task = next, 3228 3194 }; 3229 3195 3230 - SCX_CALL_OP(SCX_KF_CPU_RELEASE, 3231 - cpu_release, cpu_of(rq), &args); 3196 + SCX_CALL_OP(SCX_KF_CPU_RELEASE, cpu_release, rq, cpu_of(rq), &args); 3232 3197 } 3233 3198 rq->scx.cpu_released = true; 3234 3199 } ··· 3240 3207 3241 3208 /* see dequeue_task_scx() on why we skip when !QUEUED */ 3242 3209 if (SCX_HAS_OP(stopping) && (p->scx.flags & SCX_TASK_QUEUED)) 3243 - SCX_CALL_OP_TASK(SCX_KF_REST, stopping, p, true); 3210 + SCX_CALL_OP_TASK(SCX_KF_REST, stopping, rq, p, true); 3244 3211 3245 3212 if (p->scx.flags & SCX_TASK_QUEUED) { 3246 3213 set_task_runnable(rq, p); ··· 3381 3348 * verifier. 3382 3349 */ 3383 3350 if (SCX_HAS_OP(core_sched_before) && !scx_rq_bypassing(task_rq(a))) 3384 - return SCX_CALL_OP_2TASKS_RET(SCX_KF_REST, core_sched_before, 3351 + return SCX_CALL_OP_2TASKS_RET(SCX_KF_REST, core_sched_before, NULL, 3385 3352 (struct task_struct *)a, 3386 3353 (struct task_struct *)b); 3387 3354 else ··· 3418 3385 *ddsp_taskp = p; 3419 3386 3420 3387 cpu = SCX_CALL_OP_TASK_RET(SCX_KF_ENQUEUE | SCX_KF_SELECT_CPU, 3421 - select_cpu, p, prev_cpu, wake_flags); 3388 + select_cpu, NULL, p, prev_cpu, wake_flags); 3422 3389 p->scx.selected_cpu = cpu; 3423 3390 *ddsp_taskp = NULL; 3424 3391 if (ops_cpu_valid(cpu, "from ops.select_cpu()")) ··· 3463 3430 * designation pointless. Cast it away when calling the operation. 3464 3431 */ 3465 3432 if (SCX_HAS_OP(set_cpumask)) 3466 - SCX_CALL_OP_TASK(SCX_KF_REST, set_cpumask, p, 3467 - (struct cpumask *)p->cpus_ptr); 3433 + SCX_CALL_OP_TASK(SCX_KF_REST, set_cpumask, NULL, 3434 + p, (struct cpumask *)p->cpus_ptr); 3468 3435 } 3469 3436 3470 3437 static void handle_hotplug(struct rq *rq, bool online) ··· 3477 3444 scx_idle_update_selcpu_topology(&scx_ops); 3478 3445 3479 3446 if (online && SCX_HAS_OP(cpu_online)) 3480 - SCX_CALL_OP(SCX_KF_UNLOCKED, cpu_online, cpu); 3447 + SCX_CALL_OP(SCX_KF_UNLOCKED, cpu_online, NULL, cpu); 3481 3448 else if (!online && SCX_HAS_OP(cpu_offline)) 3482 - SCX_CALL_OP(SCX_KF_UNLOCKED, cpu_offline, cpu); 3449 + SCX_CALL_OP(SCX_KF_UNLOCKED, cpu_offline, NULL, cpu); 3483 3450 else 3484 3451 scx_ops_exit(SCX_ECODE_ACT_RESTART | SCX_ECODE_RSN_HOTPLUG, 3485 3452 "cpu %d going %s, exiting scheduler", cpu, ··· 3583 3550 curr->scx.slice = 0; 3584 3551 touch_core_sched(rq, curr); 3585 3552 } else if (SCX_HAS_OP(tick)) { 3586 - SCX_CALL_OP_TASK(SCX_KF_REST, tick, curr); 3553 + SCX_CALL_OP_TASK(SCX_KF_REST, tick, rq, curr); 3587 3554 } 3588 3555 3589 3556 if (!curr->scx.slice) ··· 3660 3627 .fork = fork, 3661 3628 }; 3662 3629 3663 - ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, init_task, p, &args); 3630 + ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, init_task, NULL, p, &args); 3664 3631 if (unlikely(ret)) { 3665 3632 ret = ops_sanitize_err("init_task", ret); 3666 3633 return ret; ··· 3701 3668 3702 3669 static void scx_ops_enable_task(struct task_struct *p) 3703 3670 { 3671 + struct rq *rq = task_rq(p); 3704 3672 u32 weight; 3705 3673 3706 - lockdep_assert_rq_held(task_rq(p)); 3674 + lockdep_assert_rq_held(rq); 3707 3675 3708 3676 /* 3709 3677 * Set the weight before calling ops.enable() so that the scheduler ··· 3718 3684 p->scx.weight = sched_weight_to_cgroup(weight); 3719 3685 3720 3686 if (SCX_HAS_OP(enable)) 3721 - SCX_CALL_OP_TASK(SCX_KF_REST, enable, p); 3687 + SCX_CALL_OP_TASK(SCX_KF_REST, enable, rq, p); 3722 3688 scx_set_task_state(p, SCX_TASK_ENABLED); 3723 3689 3724 3690 if (SCX_HAS_OP(set_weight)) 3725 - SCX_CALL_OP_TASK(SCX_KF_REST, set_weight, p, p->scx.weight); 3691 + SCX_CALL_OP_TASK(SCX_KF_REST, set_weight, rq, p, p->scx.weight); 3726 3692 } 3727 3693 3728 3694 static void scx_ops_disable_task(struct task_struct *p) 3729 3695 { 3730 - lockdep_assert_rq_held(task_rq(p)); 3696 + struct rq *rq = task_rq(p); 3697 + 3698 + lockdep_assert_rq_held(rq); 3731 3699 WARN_ON_ONCE(scx_get_task_state(p) != SCX_TASK_ENABLED); 3732 3700 3733 3701 if (SCX_HAS_OP(disable)) 3734 - SCX_CALL_OP_TASK(SCX_KF_REST, disable, p); 3702 + SCX_CALL_OP_TASK(SCX_KF_REST, disable, rq, p); 3735 3703 scx_set_task_state(p, SCX_TASK_READY); 3736 3704 } 3737 3705 ··· 3762 3726 } 3763 3727 3764 3728 if (SCX_HAS_OP(exit_task)) 3765 - SCX_CALL_OP_TASK(SCX_KF_REST, exit_task, p, &args); 3729 + SCX_CALL_OP_TASK(SCX_KF_REST, exit_task, task_rq(p), p, &args); 3766 3730 scx_set_task_state(p, SCX_TASK_NONE); 3767 3731 } 3768 3732 ··· 3871 3835 3872 3836 p->scx.weight = sched_weight_to_cgroup(scale_load_down(lw->weight)); 3873 3837 if (SCX_HAS_OP(set_weight)) 3874 - SCX_CALL_OP_TASK(SCX_KF_REST, set_weight, p, p->scx.weight); 3838 + SCX_CALL_OP_TASK(SCX_KF_REST, set_weight, rq, p, p->scx.weight); 3875 3839 } 3876 3840 3877 3841 static void prio_changed_scx(struct rq *rq, struct task_struct *p, int oldprio) ··· 3887 3851 * different scheduler class. Keep the BPF scheduler up-to-date. 3888 3852 */ 3889 3853 if (SCX_HAS_OP(set_cpumask)) 3890 - SCX_CALL_OP_TASK(SCX_KF_REST, set_cpumask, p, 3891 - (struct cpumask *)p->cpus_ptr); 3854 + SCX_CALL_OP_TASK(SCX_KF_REST, set_cpumask, rq, 3855 + p, (struct cpumask *)p->cpus_ptr); 3892 3856 } 3893 3857 3894 3858 static void switched_from_scx(struct rq *rq, struct task_struct *p) ··· 3949 3913 struct scx_cgroup_init_args args = 3950 3914 { .weight = tg->scx_weight }; 3951 3915 3952 - ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, cgroup_init, 3916 + ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, cgroup_init, NULL, 3953 3917 tg->css.cgroup, &args); 3954 3918 if (ret) 3955 3919 ret = ops_sanitize_err("cgroup_init", ret); ··· 3971 3935 percpu_down_read(&scx_cgroup_rwsem); 3972 3936 3973 3937 if (SCX_HAS_OP(cgroup_exit) && (tg->scx_flags & SCX_TG_INITED)) 3974 - SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_exit, tg->css.cgroup); 3938 + SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_exit, NULL, tg->css.cgroup); 3975 3939 tg->scx_flags &= ~(SCX_TG_ONLINE | SCX_TG_INITED); 3976 3940 3977 3941 percpu_up_read(&scx_cgroup_rwsem); ··· 4004 3968 continue; 4005 3969 4006 3970 if (SCX_HAS_OP(cgroup_prep_move)) { 4007 - ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, cgroup_prep_move, 3971 + ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, cgroup_prep_move, NULL, 4008 3972 p, from, css->cgroup); 4009 3973 if (ret) 4010 3974 goto err; ··· 4018 3982 err: 4019 3983 cgroup_taskset_for_each(p, css, tset) { 4020 3984 if (SCX_HAS_OP(cgroup_cancel_move) && p->scx.cgrp_moving_from) 4021 - SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_cancel_move, p, 4022 - p->scx.cgrp_moving_from, css->cgroup); 3985 + SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_cancel_move, NULL, 3986 + p, p->scx.cgrp_moving_from, css->cgroup); 4023 3987 p->scx.cgrp_moving_from = NULL; 4024 3988 } 4025 3989 ··· 4037 4001 * cgrp_moving_from set. 4038 4002 */ 4039 4003 if (SCX_HAS_OP(cgroup_move) && !WARN_ON_ONCE(!p->scx.cgrp_moving_from)) 4040 - SCX_CALL_OP_TASK(SCX_KF_UNLOCKED, cgroup_move, p, 4041 - p->scx.cgrp_moving_from, tg_cgrp(task_group(p))); 4004 + SCX_CALL_OP_TASK(SCX_KF_UNLOCKED, cgroup_move, NULL, 4005 + p, p->scx.cgrp_moving_from, tg_cgrp(task_group(p))); 4042 4006 p->scx.cgrp_moving_from = NULL; 4043 4007 } 4044 4008 ··· 4057 4021 4058 4022 cgroup_taskset_for_each(p, css, tset) { 4059 4023 if (SCX_HAS_OP(cgroup_cancel_move) && p->scx.cgrp_moving_from) 4060 - SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_cancel_move, p, 4061 - p->scx.cgrp_moving_from, css->cgroup); 4024 + SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_cancel_move, NULL, 4025 + p, p->scx.cgrp_moving_from, css->cgroup); 4062 4026 p->scx.cgrp_moving_from = NULL; 4063 4027 } 4064 4028 out_unlock: ··· 4071 4035 4072 4036 if (scx_cgroup_enabled && tg->scx_weight != weight) { 4073 4037 if (SCX_HAS_OP(cgroup_set_weight)) 4074 - SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_set_weight, 4038 + SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_set_weight, NULL, 4075 4039 tg_cgrp(tg), weight); 4076 4040 tg->scx_weight = weight; 4077 4041 } ··· 4260 4224 continue; 4261 4225 rcu_read_unlock(); 4262 4226 4263 - SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_exit, css->cgroup); 4227 + SCX_CALL_OP(SCX_KF_UNLOCKED, cgroup_exit, NULL, css->cgroup); 4264 4228 4265 4229 rcu_read_lock(); 4266 4230 css_put(css); ··· 4297 4261 continue; 4298 4262 rcu_read_unlock(); 4299 4263 4300 - ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, cgroup_init, 4264 + ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, cgroup_init, NULL, 4301 4265 css->cgroup, &args); 4302 4266 if (ret) { 4303 4267 css_put(css); ··· 4794 4758 } 4795 4759 4796 4760 if (scx_ops.exit) 4797 - SCX_CALL_OP(SCX_KF_UNLOCKED, exit, ei); 4761 + SCX_CALL_OP(SCX_KF_UNLOCKED, exit, NULL, ei); 4798 4762 4799 4763 cancel_delayed_work_sync(&scx_watchdog_work); 4800 4764 ··· 5001 4965 5002 4966 if (SCX_HAS_OP(dump_task)) { 5003 4967 ops_dump_init(s, " "); 5004 - SCX_CALL_OP(SCX_KF_REST, dump_task, dctx, p); 4968 + SCX_CALL_OP(SCX_KF_REST, dump_task, NULL, dctx, p); 5005 4969 ops_dump_exit(); 5006 4970 } 5007 4971 ··· 5048 5012 5049 5013 if (SCX_HAS_OP(dump)) { 5050 5014 ops_dump_init(&s, ""); 5051 - SCX_CALL_OP(SCX_KF_UNLOCKED, dump, &dctx); 5015 + SCX_CALL_OP(SCX_KF_UNLOCKED, dump, NULL, &dctx); 5052 5016 ops_dump_exit(); 5053 5017 } 5054 5018 ··· 5105 5069 used = seq_buf_used(&ns); 5106 5070 if (SCX_HAS_OP(dump_cpu)) { 5107 5071 ops_dump_init(&ns, " "); 5108 - SCX_CALL_OP(SCX_KF_REST, dump_cpu, &dctx, cpu, idle); 5072 + SCX_CALL_OP(SCX_KF_REST, dump_cpu, NULL, &dctx, cpu, idle); 5109 5073 ops_dump_exit(); 5110 5074 } 5111 5075 ··· 5364 5328 scx_idle_enable(ops); 5365 5329 5366 5330 if (scx_ops.init) { 5367 - ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, init); 5331 + ret = SCX_CALL_OP_RET(SCX_KF_UNLOCKED, init, NULL); 5368 5332 if (ret) { 5369 5333 ret = ops_sanitize_err("init", ret); 5370 5334 cpus_read_unlock(); ··· 6827 6791 BUILD_BUG_ON(__alignof__(struct bpf_iter_scx_dsq_kern) != 6828 6792 __alignof__(struct bpf_iter_scx_dsq)); 6829 6793 6794 + /* 6795 + * next() and destroy() will be called regardless of the return value. 6796 + * Always clear $kit->dsq. 6797 + */ 6798 + kit->dsq = NULL; 6799 + 6830 6800 if (flags & ~__SCX_DSQ_ITER_USER_FLAGS) 6831 6801 return -EINVAL; 6832 6802 ··· 7119 7077 } 7120 7078 7121 7079 if (ops_cpu_valid(cpu, NULL)) { 7122 - struct rq *rq = cpu_rq(cpu); 7080 + struct rq *rq = cpu_rq(cpu), *locked_rq = scx_locked_rq(); 7081 + struct rq_flags rf; 7082 + 7083 + /* 7084 + * When called with an rq lock held, restrict the operation 7085 + * to the corresponding CPU to prevent ABBA deadlocks. 7086 + */ 7087 + if (locked_rq && rq != locked_rq) { 7088 + scx_ops_error("Invalid target CPU %d", cpu); 7089 + return; 7090 + } 7091 + 7092 + /* 7093 + * If no rq lock is held, allow to operate on any CPU by 7094 + * acquiring the corresponding rq lock. 7095 + */ 7096 + if (!locked_rq) { 7097 + rq_lock_irqsave(rq, &rf); 7098 + update_rq_clock(rq); 7099 + } 7123 7100 7124 7101 rq->scx.cpuperf_target = perf; 7102 + cpufreq_update_util(rq, 0); 7125 7103 7126 - rcu_read_lock_sched_notrace(); 7127 - cpufreq_update_util(cpu_rq(cpu), 0); 7128 - rcu_read_unlock_sched_notrace(); 7104 + if (!locked_rq) 7105 + rq_unlock_irqrestore(rq, &rf); 7129 7106 } 7130 7107 } 7131 7108 ··· 7375 7314 BTF_ID_FLAGS(func, scx_bpf_get_possible_cpumask, KF_ACQUIRE) 7376 7315 BTF_ID_FLAGS(func, scx_bpf_get_online_cpumask, KF_ACQUIRE) 7377 7316 BTF_ID_FLAGS(func, scx_bpf_put_cpumask, KF_RELEASE) 7378 - BTF_ID_FLAGS(func, scx_bpf_get_idle_cpumask, KF_ACQUIRE) 7379 - BTF_ID_FLAGS(func, scx_bpf_get_idle_smtmask, KF_ACQUIRE) 7380 - BTF_ID_FLAGS(func, scx_bpf_put_idle_cpumask, KF_RELEASE) 7381 - BTF_ID_FLAGS(func, scx_bpf_test_and_clear_cpu_idle) 7382 - BTF_ID_FLAGS(func, scx_bpf_pick_idle_cpu, KF_RCU) 7383 - BTF_ID_FLAGS(func, scx_bpf_pick_any_cpu, KF_RCU) 7384 7317 BTF_ID_FLAGS(func, scx_bpf_task_running, KF_RCU) 7385 7318 BTF_ID_FLAGS(func, scx_bpf_task_cpu, KF_RCU) 7386 7319 BTF_ID_FLAGS(func, scx_bpf_cpu_rq)

+1 -1

kernel/sched/ext_idle.c

··· 674 674 * managed by put_prev_task_idle()/set_next_task_idle(). 675 675 */ 676 676 if (SCX_HAS_OP(update_idle) && do_notify && !scx_rq_bypassing(rq)) 677 - SCX_CALL_OP(SCX_KF_REST, update_idle, cpu_of(rq), idle); 677 + SCX_CALL_OP(SCX_KF_REST, update_idle, rq, cpu_of(rq), idle); 678 678 679 679 /* 680 680 * Update the idle masks:

+42 -8

kernel/time/timekeeping.c

··· 164 164 return ts; 165 165 } 166 166 167 + static inline struct timespec64 tk_xtime_coarse(const struct timekeeper *tk) 168 + { 169 + struct timespec64 ts; 170 + 171 + ts.tv_sec = tk->xtime_sec; 172 + ts.tv_nsec = tk->coarse_nsec; 173 + return ts; 174 + } 175 + 176 + /* 177 + * Update the nanoseconds part for the coarse time keepers. They can't rely 178 + * on xtime_nsec because xtime_nsec could be adjusted by a small negative 179 + * amount when the multiplication factor of the clock is adjusted, which 180 + * could cause the coarse clocks to go slightly backwards. See 181 + * timekeeping_apply_adjustment(). Thus we keep a separate copy for the coarse 182 + * clockids which only is updated when the clock has been set or we have 183 + * accumulated time. 184 + */ 185 + static inline void tk_update_coarse_nsecs(struct timekeeper *tk) 186 + { 187 + tk->coarse_nsec = tk->tkr_mono.xtime_nsec >> tk->tkr_mono.shift; 188 + } 189 + 167 190 static void tk_set_xtime(struct timekeeper *tk, const struct timespec64 *ts) 168 191 { 169 192 tk->xtime_sec = ts->tv_sec; 170 193 tk->tkr_mono.xtime_nsec = (u64)ts->tv_nsec << tk->tkr_mono.shift; 194 + tk_update_coarse_nsecs(tk); 171 195 } 172 196 173 197 static void tk_xtime_add(struct timekeeper *tk, const struct timespec64 *ts) ··· 199 175 tk->xtime_sec += ts->tv_sec; 200 176 tk->tkr_mono.xtime_nsec += (u64)ts->tv_nsec << tk->tkr_mono.shift; 201 177 tk_normalize_xtime(tk); 178 + tk_update_coarse_nsecs(tk); 202 179 } 203 180 204 181 static void tk_set_wall_to_mono(struct timekeeper *tk, struct timespec64 wtm) ··· 733 708 tk_normalize_xtime(tk); 734 709 delta -= incr; 735 710 } 711 + tk_update_coarse_nsecs(tk); 736 712 } 737 713 738 714 /** ··· 830 804 ktime_t ktime_get_coarse_with_offset(enum tk_offsets offs) 831 805 { 832 806 struct timekeeper *tk = &tk_core.timekeeper; 833 - unsigned int seq; 834 807 ktime_t base, *offset = offsets[offs]; 808 + unsigned int seq; 835 809 u64 nsecs; 836 810 837 811 WARN_ON(timekeeping_suspended); ··· 839 813 do { 840 814 seq = read_seqcount_begin(&tk_core.seq); 841 815 base = ktime_add(tk->tkr_mono.base, *offset); 842 - nsecs = tk->tkr_mono.xtime_nsec >> tk->tkr_mono.shift; 816 + nsecs = tk->coarse_nsec; 843 817 844 818 } while (read_seqcount_retry(&tk_core.seq, seq)); 845 819 ··· 2187 2161 struct timekeeper *real_tk = &tk_core.timekeeper; 2188 2162 unsigned int clock_set = 0; 2189 2163 int shift = 0, maxshift; 2190 - u64 offset; 2164 + u64 offset, orig_offset; 2191 2165 2192 2166 guard(raw_spinlock_irqsave)(&tk_core.lock); 2193 2167 ··· 2198 2172 offset = clocksource_delta(tk_clock_read(&tk->tkr_mono), 2199 2173 tk->tkr_mono.cycle_last, tk->tkr_mono.mask, 2200 2174 tk->tkr_mono.clock->max_raw_delta); 2201 - 2175 + orig_offset = offset; 2202 2176 /* Check if there's really nothing to do */ 2203 2177 if (offset < real_tk->cycle_interval && mode == TK_ADV_TICK) 2204 2178 return false; ··· 2230 2204 * xtime_nsec isn't larger than NSEC_PER_SEC 2231 2205 */ 2232 2206 clock_set |= accumulate_nsecs_to_secs(tk); 2207 + 2208 + /* 2209 + * To avoid inconsistencies caused adjtimex TK_ADV_FREQ calls 2210 + * making small negative adjustments to the base xtime_nsec 2211 + * value, only update the coarse clocks if we accumulated time 2212 + */ 2213 + if (orig_offset != offset) 2214 + tk_update_coarse_nsecs(tk); 2233 2215 2234 2216 timekeeping_update_from_shadow(&tk_core, clock_set); 2235 2217 ··· 2282 2248 do { 2283 2249 seq = read_seqcount_begin(&tk_core.seq); 2284 2250 2285 - *ts = tk_xtime(tk); 2251 + *ts = tk_xtime_coarse(tk); 2286 2252 } while (read_seqcount_retry(&tk_core.seq, seq)); 2287 2253 } 2288 2254 EXPORT_SYMBOL(ktime_get_coarse_real_ts64); ··· 2305 2271 2306 2272 do { 2307 2273 seq = read_seqcount_begin(&tk_core.seq); 2308 - *ts = tk_xtime(tk); 2274 + *ts = tk_xtime_coarse(tk); 2309 2275 offset = tk_core.timekeeper.offs_real; 2310 2276 } while (read_seqcount_retry(&tk_core.seq, seq)); 2311 2277 ··· 2384 2350 do { 2385 2351 seq = read_seqcount_begin(&tk_core.seq); 2386 2352 2387 - now = tk_xtime(tk); 2353 + now = tk_xtime_coarse(tk); 2388 2354 mono = tk->wall_to_monotonic; 2389 2355 } while (read_seqcount_retry(&tk_core.seq, seq)); 2390 2356 2391 2357 set_normalized_timespec64(ts, now.tv_sec + mono.tv_sec, 2392 - now.tv_nsec + mono.tv_nsec); 2358 + now.tv_nsec + mono.tv_nsec); 2393 2359 } 2394 2360 EXPORT_SYMBOL(ktime_get_coarse_ts64); 2395 2361

+2 -2

kernel/time/vsyscall.c

··· 98 98 /* CLOCK_REALTIME_COARSE */ 99 99 vdso_ts = &vc[CS_HRES_COARSE].basetime[CLOCK_REALTIME_COARSE]; 100 100 vdso_ts->sec = tk->xtime_sec; 101 - vdso_ts->nsec = tk->tkr_mono.xtime_nsec >> tk->tkr_mono.shift; 101 + vdso_ts->nsec = tk->coarse_nsec; 102 102 103 103 /* CLOCK_MONOTONIC_COARSE */ 104 104 vdso_ts = &vc[CS_HRES_COARSE].basetime[CLOCK_MONOTONIC_COARSE]; 105 105 vdso_ts->sec = tk->xtime_sec + tk->wall_to_monotonic.tv_sec; 106 - nsec = tk->tkr_mono.xtime_nsec >> tk->tkr_mono.shift; 106 + nsec = tk->coarse_nsec; 107 107 nsec = nsec + tk->wall_to_monotonic.tv_nsec; 108 108 vdso_ts->sec += __iter_div_u64_rem(nsec, NSEC_PER_SEC, &vdso_ts->nsec); 109 109

+2 -1

kernel/trace/fprobe.c

··· 454 454 struct fprobe_hlist_node *node; 455 455 int ret = 0; 456 456 457 - hlist_for_each_entry_rcu(node, head, hlist) { 457 + hlist_for_each_entry_rcu(node, head, hlist, 458 + lockdep_is_held(&fprobe_mutex)) { 458 459 if (!within_module(node->addr, mod)) 459 460 continue; 460 461 if (delete_fprobe_node(node))

+5 -3

kernel/trace/ring_buffer.c

··· 1887 1887 1888 1888 head_page = cpu_buffer->head_page; 1889 1889 1890 - /* If both the head and commit are on the reader_page then we are done. */ 1891 - if (head_page == cpu_buffer->reader_page && 1892 - head_page == cpu_buffer->commit_page) 1890 + /* If the commit_buffer is the reader page, update the commit page */ 1891 + if (meta->commit_buffer == (unsigned long)cpu_buffer->reader_page->page) { 1892 + cpu_buffer->commit_page = cpu_buffer->reader_page; 1893 + /* Nothing more to do, the only page is the reader page */ 1893 1894 goto done; 1895 + } 1894 1896 1895 1897 /* Iterate until finding the commit page */ 1896 1898 for (i = 0; i < meta->nr_subbufs + 1; i++, rb_inc_page(&head_page)) {

+15 -1

kernel/trace/trace_dynevent.c

··· 16 16 #include "trace_output.h" /* for trace_event_sem */ 17 17 #include "trace_dynevent.h" 18 18 19 - static DEFINE_MUTEX(dyn_event_ops_mutex); 19 + DEFINE_MUTEX(dyn_event_ops_mutex); 20 20 static LIST_HEAD(dyn_event_ops_list); 21 21 22 22 bool trace_event_dyn_try_get_ref(struct trace_event_call *dyn_call) ··· 113 113 } 114 114 tracing_reset_all_online_cpus(); 115 115 mutex_unlock(&event_mutex); 116 + return ret; 117 + } 118 + 119 + /* 120 + * Locked version of event creation. The event creation must be protected by 121 + * dyn_event_ops_mutex because of protecting trace_probe_log. 122 + */ 123 + int dyn_event_create(const char *raw_command, struct dyn_event_operations *type) 124 + { 125 + int ret; 126 + 127 + mutex_lock(&dyn_event_ops_mutex); 128 + ret = type->create(raw_command); 129 + mutex_unlock(&dyn_event_ops_mutex); 116 130 return ret; 117 131 } 118 132

+1

kernel/trace/trace_dynevent.h

··· 100 100 void dyn_event_seq_stop(struct seq_file *m, void *v); 101 101 int dyn_events_release_all(struct dyn_event_operations *type); 102 102 int dyn_event_release(const char *raw_command, struct dyn_event_operations *type); 103 + int dyn_event_create(const char *raw_command, struct dyn_event_operations *type); 103 104 104 105 /* 105 106 * for_each_dyn_event - iterate over the dyn_event list

+3

kernel/trace/trace_eprobe.c

··· 969 969 goto error; 970 970 } 971 971 } 972 + trace_probe_log_clear(); 972 973 return ret; 974 + 973 975 parse_error: 974 976 ret = -EINVAL; 975 977 error: 978 + trace_probe_log_clear(); 976 979 trace_event_probe_cleanup(ep); 977 980 return ret; 978 981 }

+1 -1

kernel/trace/trace_events_trigger.c

··· 1560 1560 struct trace_event_file *file = data->private_data; 1561 1561 1562 1562 if (file) 1563 - __trace_stack(file->tr, tracing_gen_ctx(), STACK_SKIP); 1563 + __trace_stack(file->tr, tracing_gen_ctx_dec(), STACK_SKIP); 1564 1564 else 1565 1565 trace_dump_stack(STACK_SKIP); 1566 1566 }

+1 -5

kernel/trace/trace_functions.c

··· 633 633 634 634 static __always_inline void trace_stack(struct trace_array *tr) 635 635 { 636 - unsigned int trace_ctx; 637 - 638 - trace_ctx = tracing_gen_ctx(); 639 - 640 - __trace_stack(tr, trace_ctx, FTRACE_STACK_SKIP); 636 + __trace_stack(tr, tracing_gen_ctx_dec(), FTRACE_STACK_SKIP); 641 637 } 642 638 643 639 static void

+1 -1

kernel/trace/trace_kprobe.c

··· 1089 1089 if (raw_command[0] == '-') 1090 1090 return dyn_event_release(raw_command, &trace_kprobe_ops); 1091 1091 1092 - ret = trace_kprobe_create(raw_command); 1092 + ret = dyn_event_create(raw_command, &trace_kprobe_ops); 1093 1093 return ret == -ECANCELED ? -EINVAL : ret; 1094 1094 } 1095 1095

+9

kernel/trace/trace_probe.c

··· 154 154 } 155 155 156 156 static struct trace_probe_log trace_probe_log; 157 + extern struct mutex dyn_event_ops_mutex; 157 158 158 159 void trace_probe_log_init(const char *subsystem, int argc, const char **argv) 159 160 { 161 + lockdep_assert_held(&dyn_event_ops_mutex); 162 + 160 163 trace_probe_log.subsystem = subsystem; 161 164 trace_probe_log.argc = argc; 162 165 trace_probe_log.argv = argv; ··· 168 165 169 166 void trace_probe_log_clear(void) 170 167 { 168 + lockdep_assert_held(&dyn_event_ops_mutex); 169 + 171 170 memset(&trace_probe_log, 0, sizeof(trace_probe_log)); 172 171 } 173 172 174 173 void trace_probe_log_set_index(int index) 175 174 { 175 + lockdep_assert_held(&dyn_event_ops_mutex); 176 + 176 177 trace_probe_log.index = index; 177 178 } 178 179 ··· 184 177 { 185 178 char *command, *p; 186 179 int i, len = 0, pos = 0; 180 + 181 + lockdep_assert_held(&dyn_event_ops_mutex); 187 182 188 183 if (!trace_probe_log.argv) 189 184 return;

+1 -1

kernel/trace/trace_uprobe.c

··· 741 741 if (raw_command[0] == '-') 742 742 return dyn_event_release(raw_command, &trace_uprobe_ops); 743 743 744 - ret = trace_uprobe_create(raw_command); 744 + ret = dyn_event_create(raw_command, &trace_uprobe_ops); 745 745 return ret == -ECANCELED ? -EINVAL : ret; 746 746 } 747 747

+37 -3

mm/execmem.c

··· 254 254 return ptr; 255 255 } 256 256 257 + static bool execmem_cache_rox = false; 258 + 259 + void execmem_cache_make_ro(void) 260 + { 261 + struct maple_tree *free_areas = &execmem_cache.free_areas; 262 + struct maple_tree *busy_areas = &execmem_cache.busy_areas; 263 + MA_STATE(mas_free, free_areas, 0, ULONG_MAX); 264 + MA_STATE(mas_busy, busy_areas, 0, ULONG_MAX); 265 + struct mutex *mutex = &execmem_cache.mutex; 266 + void *area; 267 + 268 + execmem_cache_rox = true; 269 + 270 + mutex_lock(mutex); 271 + 272 + mas_for_each(&mas_free, area, ULONG_MAX) { 273 + unsigned long pages = mas_range_len(&mas_free) >> PAGE_SHIFT; 274 + set_memory_ro(mas_free.index, pages); 275 + } 276 + 277 + mas_for_each(&mas_busy, area, ULONG_MAX) { 278 + unsigned long pages = mas_range_len(&mas_busy) >> PAGE_SHIFT; 279 + set_memory_ro(mas_busy.index, pages); 280 + } 281 + 282 + mutex_unlock(mutex); 283 + } 284 + 257 285 static int execmem_cache_populate(struct execmem_range *range, size_t size) 258 286 { 259 287 unsigned long vm_flags = VM_ALLOW_HUGE_VMAP; ··· 302 274 /* fill memory with instructions that will trap */ 303 275 execmem_fill_trapping_insns(p, alloc_size, /* writable = */ true); 304 276 305 - err = set_memory_rox((unsigned long)p, vm->nr_pages); 306 - if (err) 307 - goto err_free_mem; 277 + if (execmem_cache_rox) { 278 + err = set_memory_rox((unsigned long)p, vm->nr_pages); 279 + if (err) 280 + goto err_free_mem; 281 + } else { 282 + err = set_memory_x((unsigned long)p, vm->nr_pages); 283 + if (err) 284 + goto err_free_mem; 285 + } 308 286 309 287 err = execmem_cache_add(p, alloc_size); 310 288 if (err)

+8 -3

mm/huge_memory.c

··· 3075 3075 void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, 3076 3076 pmd_t *pmd, bool freeze, struct folio *folio) 3077 3077 { 3078 + bool pmd_migration = is_pmd_migration_entry(*pmd); 3079 + 3078 3080 VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); 3079 3081 VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); 3080 3082 VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); ··· 3087 3085 * require a folio to check the PMD against. Otherwise, there 3088 3086 * is a risk of replacing the wrong folio. 3089 3087 */ 3090 - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || 3091 - is_pmd_migration_entry(*pmd)) { 3092 - if (folio && folio != pmd_folio(*pmd)) 3088 + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { 3089 + /* 3090 + * Do not apply pmd_folio() to a migration entry; and folio lock 3091 + * guarantees that it must be of the wrong folio anyway. 3092 + */ 3093 + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) 3093 3094 return; 3094 3095 __split_huge_pmd_locked(vma, pmd, address, freeze); 3095 3096 }

+6

mm/hugetlb.c

··· 4034 4034 4035 4035 list_for_each_entry_safe(folio, next, src_list, lru) { 4036 4036 int i; 4037 + bool cma; 4037 4038 4038 4039 if (folio_test_hugetlb_vmemmap_optimized(folio)) 4039 4040 continue; 4041 + 4042 + cma = folio_test_hugetlb_cma(folio); 4040 4043 4041 4044 list_del(&folio->lru); 4042 4045 ··· 4056 4053 4057 4054 new_folio->mapping = NULL; 4058 4055 init_new_hugetlb_folio(dst, new_folio); 4056 + /* Copy the CMA flag so that it is freed correctly */ 4057 + if (cma) 4058 + folio_set_hugetlb_cma(new_folio); 4059 4059 list_add(&new_folio->lru, &dst_list); 4060 4060 } 4061 4061 }

+11 -16

mm/internal.h

··· 248 248 pte_t *start_ptep, pte_t pte, int max_nr, fpb_t flags, 249 249 bool *any_writable, bool *any_young, bool *any_dirty) 250 250 { 251 - unsigned long folio_end_pfn = folio_pfn(folio) + folio_nr_pages(folio); 252 - const pte_t *end_ptep = start_ptep + max_nr; 253 251 pte_t expected_pte, *ptep; 254 252 bool writable, young, dirty; 255 - int nr; 253 + int nr, cur_nr; 256 254 257 255 if (any_writable) 258 256 *any_writable = false; ··· 263 265 VM_WARN_ON_FOLIO(!folio_test_large(folio) || max_nr < 1, folio); 264 266 VM_WARN_ON_FOLIO(page_folio(pfn_to_page(pte_pfn(pte))) != folio, folio); 265 267 268 + /* Limit max_nr to the actual remaining PFNs in the folio we could batch. */ 269 + max_nr = min_t(unsigned long, max_nr, 270 + folio_pfn(folio) + folio_nr_pages(folio) - pte_pfn(pte)); 271 + 266 272 nr = pte_batch_hint(start_ptep, pte); 267 273 expected_pte = __pte_batch_clear_ignored(pte_advance_pfn(pte, nr), flags); 268 274 ptep = start_ptep + nr; 269 275 270 - while (ptep < end_ptep) { 276 + while (nr < max_nr) { 271 277 pte = ptep_get(ptep); 272 278 if (any_writable) 273 279 writable = !!pte_write(pte); ··· 284 282 if (!pte_same(pte, expected_pte)) 285 283 break; 286 284 287 - /* 288 - * Stop immediately once we reached the end of the folio. In 289 - * corner cases the next PFN might fall into a different 290 - * folio. 291 - */ 292 - if (pte_pfn(pte) >= folio_end_pfn) 293 - break; 294 - 295 285 if (any_writable) 296 286 *any_writable |= writable; 297 287 if (any_young) ··· 291 297 if (any_dirty) 292 298 *any_dirty |= dirty; 293 299 294 - nr = pte_batch_hint(ptep, pte); 295 - expected_pte = pte_advance_pfn(expected_pte, nr); 296 - ptep += nr; 300 + cur_nr = pte_batch_hint(ptep, pte); 301 + expected_pte = pte_advance_pfn(expected_pte, cur_nr); 302 + ptep += cur_nr; 303 + nr += cur_nr; 297 304 } 298 305 299 - return min(ptep - start_ptep, max_nr); 306 + return min(nr, max_nr); 300 307 } 301 308 302 309 /**

+8 -1

mm/memblock.c

··· 457 457 min(new_area_start, memblock.current_limit), 458 458 new_alloc_size, PAGE_SIZE); 459 459 460 - new_array = addr ? __va(addr) : NULL; 460 + if (addr) { 461 + /* The memory may not have been accepted, yet. */ 462 + accept_memory(addr, new_alloc_size); 463 + 464 + new_array = __va(addr); 465 + } else { 466 + new_array = NULL; 467 + } 461 468 } 462 469 if (!addr) { 463 470 pr_err("memblock: Failed to double %s array from %ld to %ld entries !\n",

+1 -1

mm/mm_init.c

··· 1786 1786 return IS_ENABLED(CONFIG_ARC) && !IS_ENABLED(CONFIG_ARC_HAS_PAE40); 1787 1787 } 1788 1788 1789 - static void set_high_memory(void) 1789 + static void __init set_high_memory(void) 1790 1790 { 1791 1791 phys_addr_t highmem = memblock_end_of_DRAM(); 1792 1792

+25 -7

mm/swapfile.c

··· 1272 1272 VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); 1273 1273 VM_BUG_ON_FOLIO(!folio_test_uptodate(folio), folio); 1274 1274 1275 - /* 1276 - * Should not even be attempting large allocations when huge 1277 - * page swap is disabled. Warn and fail the allocation. 1278 - */ 1279 - if (order && (!IS_ENABLED(CONFIG_THP_SWAP) || size > SWAPFILE_CLUSTER)) { 1280 - VM_WARN_ON_ONCE(1); 1281 - return -EINVAL; 1275 + if (order) { 1276 + /* 1277 + * Reject large allocation when THP_SWAP is disabled, 1278 + * the caller should split the folio and try again. 1279 + */ 1280 + if (!IS_ENABLED(CONFIG_THP_SWAP)) 1281 + return -EAGAIN; 1282 + 1283 + /* 1284 + * Allocation size should never exceed cluster size 1285 + * (HPAGE_PMD_SIZE). 1286 + */ 1287 + if (size > SWAPFILE_CLUSTER) { 1288 + VM_WARN_ON_ONCE(1); 1289 + return -EINVAL; 1290 + } 1282 1291 } 1283 1292 1284 1293 local_lock(&percpu_swap_cluster.lock); ··· 3328 3319 } 3329 3320 if (IS_SWAPFILE(inode)) { 3330 3321 error = -EBUSY; 3322 + goto bad_swap_unlock_inode; 3323 + } 3324 + 3325 + /* 3326 + * The swap subsystem needs a major overhaul to support this. 3327 + * It doesn't work yet so just disable it for now. 3328 + */ 3329 + if (mapping_min_folio_order(mapping) > 0) { 3330 + error = -EINVAL; 3331 3331 goto bad_swap_unlock_inode; 3332 3332 } 3333 3333

+24 -7

mm/vmalloc.c

··· 1940 1940 { 1941 1941 vm->flags = flags; 1942 1942 vm->addr = (void *)va->va_start; 1943 - vm->size = va_size(va); 1943 + vm->size = vm->requested_size = va_size(va); 1944 1944 vm->caller = caller; 1945 1945 va->vm = vm; 1946 1946 } ··· 3133 3133 3134 3134 area->flags = flags; 3135 3135 area->caller = caller; 3136 + area->requested_size = requested_size; 3136 3137 3137 3138 va = alloc_vmap_area(size, align, start, end, node, gfp_mask, 0, area); 3138 3139 if (IS_ERR(va)) { ··· 4064 4063 */ 4065 4064 void *vrealloc_noprof(const void *p, size_t size, gfp_t flags) 4066 4065 { 4066 + struct vm_struct *vm = NULL; 4067 + size_t alloced_size = 0; 4067 4068 size_t old_size = 0; 4068 4069 void *n; 4069 4070 ··· 4075 4072 } 4076 4073 4077 4074 if (p) { 4078 - struct vm_struct *vm; 4079 - 4080 4075 vm = find_vm_area(p); 4081 4076 if (unlikely(!vm)) { 4082 4077 WARN(1, "Trying to vrealloc() nonexistent vm area (%p)\n", p); 4083 4078 return NULL; 4084 4079 } 4085 4080 4086 - old_size = get_vm_area_size(vm); 4081 + alloced_size = get_vm_area_size(vm); 4082 + old_size = vm->requested_size; 4083 + if (WARN(alloced_size < old_size, 4084 + "vrealloc() has mismatched area vs requested sizes (%p)\n", p)) 4085 + return NULL; 4087 4086 } 4088 4087 4089 4088 /* ··· 4093 4088 * would be a good heuristic for when to shrink the vm_area? 4094 4089 */ 4095 4090 if (size <= old_size) { 4096 - /* Zero out spare memory. */ 4097 - if (want_init_on_alloc(flags)) 4091 + /* Zero out "freed" memory. */ 4092 + if (want_init_on_free()) 4098 4093 memset((void *)p + size, 0, old_size - size); 4094 + vm->requested_size = size; 4099 4095 kasan_poison_vmalloc(p + size, old_size - size); 4100 - kasan_unpoison_vmalloc(p, size, KASAN_VMALLOC_PROT_NORMAL); 4101 4096 return (void *)p; 4097 + } 4098 + 4099 + /* 4100 + * We already have the bytes available in the allocation; use them. 4101 + */ 4102 + if (size <= alloced_size) { 4103 + kasan_unpoison_vmalloc(p + old_size, size - old_size, 4104 + KASAN_VMALLOC_PROT_NORMAL); 4105 + /* Zero out "alloced" memory. */ 4106 + if (want_init_on_alloc(flags)) 4107 + memset((void *)p + old_size, 0, size - old_size); 4108 + vm->requested_size = size; 4102 4109 } 4103 4110 4104 4111 /* TODO: Grow the vm_area, i.e. allocate and map additional pages. */

+18 -13

net/batman-adv/hard-interface.c

··· 506 506 return false; 507 507 } 508 508 509 - static void batadv_check_known_mac_addr(const struct net_device *net_dev) 509 + static void batadv_check_known_mac_addr(const struct batadv_hard_iface *hard_iface) 510 510 { 511 - const struct batadv_hard_iface *hard_iface; 511 + const struct net_device *mesh_iface = hard_iface->mesh_iface; 512 + const struct batadv_hard_iface *tmp_hard_iface; 512 513 513 - rcu_read_lock(); 514 - list_for_each_entry_rcu(hard_iface, &batadv_hardif_list, list) { 515 - if (hard_iface->if_status != BATADV_IF_ACTIVE && 516 - hard_iface->if_status != BATADV_IF_TO_BE_ACTIVATED) 514 + if (!mesh_iface) 515 + return; 516 + 517 + list_for_each_entry(tmp_hard_iface, &batadv_hardif_list, list) { 518 + if (tmp_hard_iface == hard_iface) 517 519 continue; 518 520 519 - if (hard_iface->net_dev == net_dev) 521 + if (tmp_hard_iface->mesh_iface != mesh_iface) 520 522 continue; 521 523 522 - if (!batadv_compare_eth(hard_iface->net_dev->dev_addr, 523 - net_dev->dev_addr)) 524 + if (tmp_hard_iface->if_status == BATADV_IF_NOT_IN_USE) 525 + continue; 526 + 527 + if (!batadv_compare_eth(tmp_hard_iface->net_dev->dev_addr, 528 + hard_iface->net_dev->dev_addr)) 524 529 continue; 525 530 526 531 pr_warn("The newly added mac address (%pM) already exists on: %s\n", 527 - net_dev->dev_addr, hard_iface->net_dev->name); 532 + hard_iface->net_dev->dev_addr, tmp_hard_iface->net_dev->name); 528 533 pr_warn("It is strongly recommended to keep mac addresses unique to avoid problems!\n"); 529 534 } 530 - rcu_read_unlock(); 531 535 } 532 536 533 537 /** ··· 767 763 hard_iface->net_dev->name, hardif_mtu, 768 764 required_mtu); 769 765 766 + batadv_check_known_mac_addr(hard_iface); 767 + 770 768 if (batadv_hardif_is_iface_up(hard_iface)) 771 769 batadv_hardif_activate_interface(hard_iface); 772 770 else ··· 907 901 908 902 batadv_v_hardif_init(hard_iface); 909 903 910 - batadv_check_known_mac_addr(hard_iface->net_dev); 911 904 kref_get(&hard_iface->refcount); 912 905 list_add_tail_rcu(&hard_iface->list, &batadv_hardif_list); 913 906 batadv_hardif_generation++; ··· 993 988 if (hard_iface->if_status == BATADV_IF_NOT_IN_USE) 994 989 goto hardif_put; 995 990 996 - batadv_check_known_mac_addr(hard_iface->net_dev); 991 + batadv_check_known_mac_addr(hard_iface); 997 992 998 993 bat_priv = netdev_priv(hard_iface->mesh_iface); 999 994 bat_priv->algo_ops->iface.update_mac(hard_iface);

+24

net/bluetooth/hci_conn.c

··· 3023 3023 3024 3024 kfree_skb(skb); 3025 3025 } 3026 + 3027 + u8 *hci_conn_key_enc_size(struct hci_conn *conn) 3028 + { 3029 + if (conn->type == ACL_LINK) { 3030 + struct link_key *key; 3031 + 3032 + key = hci_find_link_key(conn->hdev, &conn->dst); 3033 + if (!key) 3034 + return NULL; 3035 + 3036 + return &key->pin_len; 3037 + } else if (conn->type == LE_LINK) { 3038 + struct smp_ltk *ltk; 3039 + 3040 + ltk = hci_find_ltk(conn->hdev, &conn->dst, conn->dst_type, 3041 + conn->role); 3042 + if (!ltk) 3043 + return NULL; 3044 + 3045 + return &ltk->enc_size; 3046 + } 3047 + 3048 + return NULL; 3049 + }

+42 -31

net/bluetooth/hci_event.c

··· 739 739 handle); 740 740 conn->enc_key_size = 0; 741 741 } else { 742 + u8 *key_enc_size = hci_conn_key_enc_size(conn); 743 + 742 744 conn->enc_key_size = rp->key_size; 743 745 status = 0; 744 746 745 - if (conn->enc_key_size < hdev->min_enc_key_size) { 747 + /* Attempt to check if the key size is too small or if it has 748 + * been downgraded from the last time it was stored as part of 749 + * the link_key. 750 + */ 751 + if (conn->enc_key_size < hdev->min_enc_key_size || 752 + (key_enc_size && conn->enc_key_size < *key_enc_size)) { 746 753 /* As slave role, the conn->state has been set to 747 754 * BT_CONNECTED and l2cap conn req might not be received 748 755 * yet, at this moment the l2cap layer almost does ··· 762 755 clear_bit(HCI_CONN_ENCRYPT, &conn->flags); 763 756 clear_bit(HCI_CONN_AES_CCM, &conn->flags); 764 757 } 758 + 759 + /* Update the key encryption size with the connection one */ 760 + if (key_enc_size && *key_enc_size != conn->enc_key_size) 761 + *key_enc_size = conn->enc_key_size; 765 762 } 766 763 767 764 hci_encrypt_cfm(conn, status); ··· 3076 3065 hci_dev_unlock(hdev); 3077 3066 } 3078 3067 3068 + static int hci_read_enc_key_size(struct hci_dev *hdev, struct hci_conn *conn) 3069 + { 3070 + struct hci_cp_read_enc_key_size cp; 3071 + u8 *key_enc_size = hci_conn_key_enc_size(conn); 3072 + 3073 + if (!read_key_size_capable(hdev)) { 3074 + conn->enc_key_size = HCI_LINK_KEY_SIZE; 3075 + return -EOPNOTSUPP; 3076 + } 3077 + 3078 + bt_dev_dbg(hdev, "hcon %p", conn); 3079 + 3080 + memset(&cp, 0, sizeof(cp)); 3081 + cp.handle = cpu_to_le16(conn->handle); 3082 + 3083 + /* If the key enc_size is already known, use it as conn->enc_key_size, 3084 + * otherwise use hdev->min_enc_key_size so the likes of 3085 + * l2cap_check_enc_key_size don't fail while waiting for 3086 + * HCI_OP_READ_ENC_KEY_SIZE response. 3087 + */ 3088 + if (key_enc_size && *key_enc_size) 3089 + conn->enc_key_size = *key_enc_size; 3090 + else 3091 + conn->enc_key_size = hdev->min_enc_key_size; 3092 + 3093 + return hci_send_cmd(hdev, HCI_OP_READ_ENC_KEY_SIZE, sizeof(cp), &cp); 3094 + } 3095 + 3079 3096 static void hci_conn_complete_evt(struct hci_dev *hdev, void *data, 3080 3097 struct sk_buff *skb) 3081 3098 { ··· 3196 3157 if (ev->encr_mode == 1 && !test_bit(HCI_CONN_ENCRYPT, &conn->flags) && 3197 3158 ev->link_type == ACL_LINK) { 3198 3159 struct link_key *key; 3199 - struct hci_cp_read_enc_key_size cp; 3200 3160 3201 3161 key = hci_find_link_key(hdev, &ev->bdaddr); 3202 3162 if (key) { 3203 3163 set_bit(HCI_CONN_ENCRYPT, &conn->flags); 3204 - 3205 - if (!read_key_size_capable(hdev)) { 3206 - conn->enc_key_size = HCI_LINK_KEY_SIZE; 3207 - } else { 3208 - cp.handle = cpu_to_le16(conn->handle); 3209 - if (hci_send_cmd(hdev, HCI_OP_READ_ENC_KEY_SIZE, 3210 - sizeof(cp), &cp)) { 3211 - bt_dev_err(hdev, "sending read key size failed"); 3212 - conn->enc_key_size = HCI_LINK_KEY_SIZE; 3213 - } 3214 - } 3215 - 3164 + hci_read_enc_key_size(hdev, conn); 3216 3165 hci_encrypt_cfm(conn, ev->status); 3217 3166 } 3218 3167 } ··· 3639 3612 3640 3613 /* Try reading the encryption key size for encrypted ACL links */ 3641 3614 if (!ev->status && ev->encrypt && conn->type == ACL_LINK) { 3642 - struct hci_cp_read_enc_key_size cp; 3643 - 3644 - /* Only send HCI_Read_Encryption_Key_Size if the 3645 - * controller really supports it. If it doesn't, assume 3646 - * the default size (16). 3647 - */ 3648 - if (!read_key_size_capable(hdev)) { 3649 - conn->enc_key_size = HCI_LINK_KEY_SIZE; 3615 + if (hci_read_enc_key_size(hdev, conn)) 3650 3616 goto notify; 3651 - } 3652 - 3653 - cp.handle = cpu_to_le16(conn->handle); 3654 - if (hci_send_cmd(hdev, HCI_OP_READ_ENC_KEY_SIZE, 3655 - sizeof(cp), &cp)) { 3656 - bt_dev_err(hdev, "sending read key size failed"); 3657 - conn->enc_key_size = HCI_LINK_KEY_SIZE; 3658 - goto notify; 3659 - } 3660 3617 3661 3618 goto unlock; 3662 3619 }

+6 -3

net/bluetooth/mgmt.c

··· 7506 7506 struct mgmt_cp_add_device *cp = cmd->param; 7507 7507 7508 7508 if (!err) { 7509 + struct hci_conn_params *params; 7510 + 7511 + params = hci_conn_params_lookup(hdev, &cp->addr.bdaddr, 7512 + le_addr_type(cp->addr.type)); 7513 + 7509 7514 device_added(cmd->sk, hdev, &cp->addr.bdaddr, cp->addr.type, 7510 7515 cp->action); 7511 7516 device_flags_changed(NULL, hdev, &cp->addr.bdaddr, 7512 7517 cp->addr.type, hdev->conn_flags, 7513 - PTR_UINT(cmd->user_data)); 7518 + params ? params->flags : 0); 7514 7519 } 7515 7520 7516 7521 mgmt_cmd_complete(cmd->sk, hdev->id, MGMT_OP_ADD_DEVICE, ··· 7617 7612 err = -ENOMEM; 7618 7613 goto unlock; 7619 7614 } 7620 - 7621 - cmd->user_data = UINT_PTR(current_flags); 7622 7615 7623 7616 err = hci_cmd_sync_queue(hdev, add_device_sync, cmd, 7624 7617 add_device_complete);

+2

net/core/dev.c

··· 10531 10531 if (!(features & feature) && (lower->features & feature)) { 10532 10532 netdev_dbg(upper, "Disabling feature %pNF on lower dev %s.\n", 10533 10533 &feature, lower->name); 10534 + netdev_lock_ops(lower); 10534 10535 lower->wanted_features &= ~feature; 10535 10536 __netdev_update_features(lower); 10536 10537 ··· 10540 10539 &feature, lower->name); 10541 10540 else 10542 10541 netdev_features_change(lower); 10542 + netdev_unlock_ops(lower); 10543 10543 } 10544 10544 } 10545 10545 }

+7

net/core/devmem.c

··· 204 204 205 205 refcount_set(&binding->ref, 1); 206 206 207 + mutex_init(&binding->lock); 208 + 207 209 binding->dmabuf = dmabuf; 208 210 209 211 binding->attachment = dma_buf_attach(binding->dmabuf, dev->dev.parent); ··· 472 470 xa_for_each(&binding->bound_rxqs, xa_idx, bound_rxq) { 473 471 if (bound_rxq == rxq) { 474 472 xa_erase(&binding->bound_rxqs, xa_idx); 473 + if (xa_empty(&binding->bound_rxqs)) { 474 + mutex_lock(&binding->lock); 475 + binding->dev = NULL; 476 + mutex_unlock(&binding->lock); 477 + } 475 478 break; 476 479 } 477 480 }

+2

net/core/devmem.h

··· 20 20 struct sg_table *sgt; 21 21 struct net_device *dev; 22 22 struct gen_pool *chunk_pool; 23 + /* Protect dev */ 24 + struct mutex lock; 23 25 24 26 /* The user holds a ref (via the netlink API) for as long as they want 25 27 * the binding to remain alive. Each page pool using this binding holds

+11

net/core/netdev-genl.c

··· 1056 1056 { 1057 1057 struct net_devmem_dmabuf_binding *binding; 1058 1058 struct net_devmem_dmabuf_binding *temp; 1059 + netdevice_tracker dev_tracker; 1059 1060 struct net_device *dev; 1060 1061 1061 1062 mutex_lock(&priv->lock); 1062 1063 list_for_each_entry_safe(binding, temp, &priv->bindings, list) { 1064 + mutex_lock(&binding->lock); 1063 1065 dev = binding->dev; 1066 + if (!dev) { 1067 + mutex_unlock(&binding->lock); 1068 + net_devmem_unbind_dmabuf(binding); 1069 + continue; 1070 + } 1071 + netdev_hold(dev, &dev_tracker, GFP_KERNEL); 1072 + mutex_unlock(&binding->lock); 1073 + 1064 1074 netdev_lock(dev); 1065 1075 net_devmem_unbind_dmabuf(binding); 1066 1076 netdev_unlock(dev); 1077 + netdev_put(dev, &dev_tracker); 1067 1078 } 1068 1079 mutex_unlock(&priv->lock); 1069 1080 }

+4 -2

net/mac80211/main.c

··· 1354 1354 hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_MONITOR); 1355 1355 1356 1356 1357 - local->int_scan_req = kzalloc(sizeof(*local->int_scan_req) + 1358 - sizeof(void *) * channels, GFP_KERNEL); 1357 + local->int_scan_req = kzalloc(struct_size(local->int_scan_req, 1358 + channels, channels), 1359 + GFP_KERNEL); 1359 1360 if (!local->int_scan_req) 1360 1361 return -ENOMEM; 1362 + local->int_scan_req->n_channels = channels; 1361 1363 1362 1364 eth_broadcast_addr(local->int_scan_req->bssid); 1363 1365

+11 -4

net/mctp/device.c

··· 117 117 struct net_device *dev; 118 118 struct ifaddrmsg *hdr; 119 119 struct mctp_dev *mdev; 120 - int ifindex, rc; 120 + int ifindex = 0, rc; 121 121 122 - hdr = nlmsg_data(cb->nlh); 123 - // filter by ifindex if requested 124 - ifindex = hdr->ifa_index; 122 + /* Filter by ifindex if a header is provided */ 123 + if (cb->nlh->nlmsg_len >= nlmsg_msg_size(sizeof(*hdr))) { 124 + hdr = nlmsg_data(cb->nlh); 125 + ifindex = hdr->ifa_index; 126 + } else { 127 + if (cb->strict_check) { 128 + NL_SET_ERR_MSG(cb->extack, "mctp: Invalid header for addr dump request"); 129 + return -EINVAL; 130 + } 131 + } 125 132 126 133 rcu_read_lock(); 127 134 for_each_netdev_dump(net, dev, mcb->ifindex) {

+3 -1

net/mctp/route.c

··· 313 313 314 314 key = flow->key; 315 315 316 - if (WARN_ON(key->dev && key->dev != dev)) 316 + if (key->dev) { 317 + WARN_ON(key->dev != dev); 317 318 return; 319 + } 318 320 319 321 mctp_dev_set_key(dev, key); 320 322 }

+1 -1

net/sched/sch_codel.c

··· 144 144 145 145 qlen = sch->q.qlen; 146 146 while (sch->q.qlen > sch->limit) { 147 - struct sk_buff *skb = __qdisc_dequeue_head(&sch->q); 147 + struct sk_buff *skb = qdisc_dequeue_internal(sch, true); 148 148 149 149 dropped += qdisc_pkt_len(skb); 150 150 qdisc_qstats_backlog_dec(sch, skb);

+1 -1

net/sched/sch_fq.c

··· 1136 1136 sch_tree_lock(sch); 1137 1137 } 1138 1138 while (sch->q.qlen > sch->limit) { 1139 - struct sk_buff *skb = fq_dequeue(sch); 1139 + struct sk_buff *skb = qdisc_dequeue_internal(sch, false); 1140 1140 1141 1141 if (!skb) 1142 1142 break;

+1 -1

net/sched/sch_fq_codel.c

··· 441 441 442 442 while (sch->q.qlen > sch->limit || 443 443 q->memory_usage > q->memory_limit) { 444 - struct sk_buff *skb = fq_codel_dequeue(sch); 444 + struct sk_buff *skb = qdisc_dequeue_internal(sch, false); 445 445 446 446 q->cstats.drop_len += qdisc_pkt_len(skb); 447 447 rtnl_kfree_skbs(skb, skb);

+1 -1

net/sched/sch_fq_pie.c

··· 366 366 367 367 /* Drop excess packets if new limit is lower */ 368 368 while (sch->q.qlen > sch->limit) { 369 - struct sk_buff *skb = fq_pie_qdisc_dequeue(sch); 369 + struct sk_buff *skb = qdisc_dequeue_internal(sch, false); 370 370 371 371 len_dropped += qdisc_pkt_len(skb); 372 372 num_dropped += 1;

+1 -1

net/sched/sch_hhf.c

··· 564 564 qlen = sch->q.qlen; 565 565 prev_backlog = sch->qstats.backlog; 566 566 while (sch->q.qlen > sch->limit) { 567 - struct sk_buff *skb = hhf_dequeue(sch); 567 + struct sk_buff *skb = qdisc_dequeue_internal(sch, false); 568 568 569 569 rtnl_kfree_skbs(skb, skb); 570 570 }

+1 -1

net/sched/sch_pie.c

··· 195 195 /* Drop excess packets if new limit is lower */ 196 196 qlen = sch->q.qlen; 197 197 while (sch->q.qlen > sch->limit) { 198 - struct sk_buff *skb = __qdisc_dequeue_head(&sch->q); 198 + struct sk_buff *skb = qdisc_dequeue_internal(sch, true); 199 199 200 200 dropped += qdisc_pkt_len(skb); 201 201 qdisc_qstats_backlog_dec(sch, skb);

+2 -1

net/tls/tls_strp.c

··· 396 396 return 0; 397 397 398 398 shinfo = skb_shinfo(strp->anchor); 399 - shinfo->frag_list = NULL; 400 399 401 400 /* If we don't know the length go max plus page for cipher overhead */ 402 401 need_spc = strp->stm.full_len ?: TLS_MAX_PAYLOAD_SIZE + PAGE_SIZE; ··· 410 411 skb_fill_page_desc(strp->anchor, shinfo->nr_frags++, 411 412 page, 0, 0); 412 413 } 414 + 415 + shinfo->frag_list = NULL; 413 416 414 417 strp->copy_mode = 1; 415 418 strp->stm.offset = 0;

+1

rust/bindings/lib.rs

··· 26 26 27 27 #[allow(dead_code)] 28 28 #[allow(clippy::undocumented_unsafe_blocks)] 29 + #[cfg_attr(CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES, allow(unnecessary_transmutes))] 29 30 mod bindings_raw { 30 31 // Manual definition for blocklisted types. 31 32 type __kernel_size_t = usize;

+3

rust/kernel/alloc/kvec.rs

··· 2 2 3 3 //! Implementation of [`Vec`]. 4 4 5 + // May not be needed in Rust 1.87.0 (pending beta backport). 6 + #![allow(clippy::ptr_eq)] 7 + 5 8 use super::{ 6 9 allocator::{KVmalloc, Kmalloc, Vmalloc}, 7 10 layout::ArrayLayout,

+3

rust/kernel/list.rs

··· 4 4 5 5 //! A linked list implementation. 6 6 7 + // May not be needed in Rust 1.87.0 (pending beta backport). 8 + #![allow(clippy::ptr_eq)] 9 + 7 10 use crate::sync::ArcBorrow; 8 11 use crate::types::Opaque; 9 12 use core::iter::{DoubleEndedIterator, FusedIterator};

+23 -23

rust/kernel/str.rs

··· 73 73 b'\r' => f.write_str("\\r")?, 74 74 // Printable characters. 75 75 0x20..=0x7e => f.write_char(b as char)?, 76 - _ => write!(f, "\\x{:02x}", b)?, 76 + _ => write!(f, "\\x{b:02x}")?, 77 77 } 78 78 } 79 79 Ok(()) ··· 109 109 b'\\' => f.write_str("\\\\")?, 110 110 // Printable characters. 111 111 0x20..=0x7e => f.write_char(b as char)?, 112 - _ => write!(f, "\\x{:02x}", b)?, 112 + _ => write!(f, "\\x{b:02x}")?, 113 113 } 114 114 } 115 115 f.write_char('"') ··· 447 447 // Printable character. 448 448 f.write_char(c as char)?; 449 449 } else { 450 - write!(f, "\\x{:02x}", c)?; 450 + write!(f, "\\x{c:02x}")?; 451 451 } 452 452 } 453 453 Ok(()) ··· 479 479 // Printable characters. 480 480 b'\"' => f.write_str("\\\"")?, 481 481 0x20..=0x7e => f.write_char(c as char)?, 482 - _ => write!(f, "\\x{:02x}", c)?, 482 + _ => write!(f, "\\x{c:02x}")?, 483 483 } 484 484 } 485 485 f.write_str("\"") ··· 641 641 #[test] 642 642 fn test_cstr_display() { 643 643 let hello_world = CStr::from_bytes_with_nul(b"hello, world!\0").unwrap(); 644 - assert_eq!(format!("{}", hello_world), "hello, world!"); 644 + assert_eq!(format!("{hello_world}"), "hello, world!"); 645 645 let non_printables = CStr::from_bytes_with_nul(b"\x01\x09\x0a\0").unwrap(); 646 - assert_eq!(format!("{}", non_printables), "\\x01\\x09\\x0a"); 646 + assert_eq!(format!("{non_printables}"), "\\x01\\x09\\x0a"); 647 647 let non_ascii = CStr::from_bytes_with_nul(b"d\xe9j\xe0 vu\0").unwrap(); 648 - assert_eq!(format!("{}", non_ascii), "d\\xe9j\\xe0 vu"); 648 + assert_eq!(format!("{non_ascii}"), "d\\xe9j\\xe0 vu"); 649 649 let good_bytes = CStr::from_bytes_with_nul(b"\xf0\x9f\xa6\x80\0").unwrap(); 650 - assert_eq!(format!("{}", good_bytes), "\\xf0\\x9f\\xa6\\x80"); 650 + assert_eq!(format!("{good_bytes}"), "\\xf0\\x9f\\xa6\\x80"); 651 651 } 652 652 653 653 #[test] ··· 658 658 bytes[i as usize] = i.wrapping_add(1); 659 659 } 660 660 let cstr = CStr::from_bytes_with_nul(&bytes).unwrap(); 661 - assert_eq!(format!("{}", cstr), ALL_ASCII_CHARS); 661 + assert_eq!(format!("{cstr}"), ALL_ASCII_CHARS); 662 662 } 663 663 664 664 #[test] 665 665 fn test_cstr_debug() { 666 666 let hello_world = CStr::from_bytes_with_nul(b"hello, world!\0").unwrap(); 667 - assert_eq!(format!("{:?}", hello_world), "\"hello, world!\""); 667 + assert_eq!(format!("{hello_world:?}"), "\"hello, world!\""); 668 668 let non_printables = CStr::from_bytes_with_nul(b"\x01\x09\x0a\0").unwrap(); 669 - assert_eq!(format!("{:?}", non_printables), "\"\\x01\\x09\\x0a\""); 669 + assert_eq!(format!("{non_printables:?}"), "\"\\x01\\x09\\x0a\""); 670 670 let non_ascii = CStr::from_bytes_with_nul(b"d\xe9j\xe0 vu\0").unwrap(); 671 - assert_eq!(format!("{:?}", non_ascii), "\"d\\xe9j\\xe0 vu\""); 671 + assert_eq!(format!("{non_ascii:?}"), "\"d\\xe9j\\xe0 vu\""); 672 672 let good_bytes = CStr::from_bytes_with_nul(b"\xf0\x9f\xa6\x80\0").unwrap(); 673 - assert_eq!(format!("{:?}", good_bytes), "\"\\xf0\\x9f\\xa6\\x80\""); 673 + assert_eq!(format!("{good_bytes:?}"), "\"\\xf0\\x9f\\xa6\\x80\""); 674 674 } 675 675 676 676 #[test] 677 677 fn test_bstr_display() { 678 678 let hello_world = BStr::from_bytes(b"hello, world!"); 679 - assert_eq!(format!("{}", hello_world), "hello, world!"); 679 + assert_eq!(format!("{hello_world}"), "hello, world!"); 680 680 let escapes = BStr::from_bytes(b"_\t_\n_\r_\\_\'_\"_"); 681 - assert_eq!(format!("{}", escapes), "_\\t_\\n_\\r_\\_'_\"_"); 681 + assert_eq!(format!("{escapes}"), "_\\t_\\n_\\r_\\_'_\"_"); 682 682 let others = BStr::from_bytes(b"\x01"); 683 - assert_eq!(format!("{}", others), "\\x01"); 683 + assert_eq!(format!("{others}"), "\\x01"); 684 684 let non_ascii = BStr::from_bytes(b"d\xe9j\xe0 vu"); 685 - assert_eq!(format!("{}", non_ascii), "d\\xe9j\\xe0 vu"); 685 + assert_eq!(format!("{non_ascii}"), "d\\xe9j\\xe0 vu"); 686 686 let good_bytes = BStr::from_bytes(b"\xf0\x9f\xa6\x80"); 687 - assert_eq!(format!("{}", good_bytes), "\\xf0\\x9f\\xa6\\x80"); 687 + assert_eq!(format!("{good_bytes}"), "\\xf0\\x9f\\xa6\\x80"); 688 688 } 689 689 690 690 #[test] 691 691 fn test_bstr_debug() { 692 692 let hello_world = BStr::from_bytes(b"hello, world!"); 693 - assert_eq!(format!("{:?}", hello_world), "\"hello, world!\""); 693 + assert_eq!(format!("{hello_world:?}"), "\"hello, world!\""); 694 694 let escapes = BStr::from_bytes(b"_\t_\n_\r_\\_\'_\"_"); 695 - assert_eq!(format!("{:?}", escapes), "\"_\\t_\\n_\\r_\\\\_'_\\\"_\""); 695 + assert_eq!(format!("{escapes:?}"), "\"_\\t_\\n_\\r_\\\\_'_\\\"_\""); 696 696 let others = BStr::from_bytes(b"\x01"); 697 - assert_eq!(format!("{:?}", others), "\"\\x01\""); 697 + assert_eq!(format!("{others:?}"), "\"\\x01\""); 698 698 let non_ascii = BStr::from_bytes(b"d\xe9j\xe0 vu"); 699 - assert_eq!(format!("{:?}", non_ascii), "\"d\\xe9j\\xe0 vu\""); 699 + assert_eq!(format!("{non_ascii:?}"), "\"d\\xe9j\\xe0 vu\""); 700 700 let good_bytes = BStr::from_bytes(b"\xf0\x9f\xa6\x80"); 701 - assert_eq!(format!("{:?}", good_bytes), "\"\\xf0\\x9f\\xa6\\x80\""); 701 + assert_eq!(format!("{good_bytes:?}"), "\"\\xf0\\x9f\\xa6\\x80\""); 702 702 } 703 703 } 704 704

+4 -9

rust/macros/kunit.rs

··· 15 15 } 16 16 17 17 if attr.len() > 255 { 18 - panic!( 19 - "The test suite name `{}` exceeds the maximum length of 255 bytes", 20 - attr 21 - ) 18 + panic!("The test suite name `{attr}` exceeds the maximum length of 255 bytes") 22 19 } 23 20 24 21 let mut tokens: Vec<_> = ts.into_iter().collect(); ··· 99 102 let mut kunit_macros = "".to_owned(); 100 103 let mut test_cases = "".to_owned(); 101 104 for test in &tests { 102 - let kunit_wrapper_fn_name = format!("kunit_rust_wrapper_{}", test); 105 + let kunit_wrapper_fn_name = format!("kunit_rust_wrapper_{test}"); 103 106 let kunit_wrapper = format!( 104 - "unsafe extern \"C\" fn {}(_test: *mut kernel::bindings::kunit) {{ {}(); }}", 105 - kunit_wrapper_fn_name, test 107 + "unsafe extern \"C\" fn {kunit_wrapper_fn_name}(_test: *mut kernel::bindings::kunit) {{ {test}(); }}" 106 108 ); 107 109 writeln!(kunit_macros, "{kunit_wrapper}").unwrap(); 108 110 writeln!( 109 111 test_cases, 110 - " kernel::kunit::kunit_case(kernel::c_str!(\"{}\"), {}),", 111 - test, kunit_wrapper_fn_name 112 + " kernel::kunit::kunit_case(kernel::c_str!(\"{test}\"), {kunit_wrapper_fn_name})," 112 113 ) 113 114 .unwrap(); 114 115 }

+5 -14

rust/macros/module.rs

··· 48 48 ) 49 49 } else { 50 50 // Loadable modules' modinfo strings go as-is. 51 - format!("{field}={content}\0", field = field, content = content) 51 + format!("{field}={content}\0") 52 52 }; 53 53 54 54 write!( ··· 126 126 }; 127 127 128 128 if seen_keys.contains(&key) { 129 - panic!( 130 - "Duplicated key \"{}\". Keys can only be specified once.", 131 - key 132 - ); 129 + panic!("Duplicated key \"{key}\". Keys can only be specified once."); 133 130 } 134 131 135 132 assert_eq!(expect_punct(it), ':'); ··· 140 143 "license" => info.license = expect_string_ascii(it), 141 144 "alias" => info.alias = Some(expect_string_array(it)), 142 145 "firmware" => info.firmware = Some(expect_string_array(it)), 143 - _ => panic!( 144 - "Unknown key \"{}\". Valid keys are: {:?}.", 145 - key, EXPECTED_KEYS 146 - ), 146 + _ => panic!("Unknown key \"{key}\". Valid keys are: {EXPECTED_KEYS:?}."), 147 147 } 148 148 149 149 assert_eq!(expect_punct(it), ','); ··· 152 158 153 159 for key in REQUIRED_KEYS { 154 160 if !seen_keys.iter().any(|e| e == key) { 155 - panic!("Missing required key \"{}\".", key); 161 + panic!("Missing required key \"{key}\"."); 156 162 } 157 163 } 158 164 ··· 164 170 } 165 171 166 172 if seen_keys != ordered_keys { 167 - panic!( 168 - "Keys are not ordered as expected. Order them like: {:?}.", 169 - ordered_keys 170 - ); 173 + panic!("Keys are not ordered as expected. Order them like: {ordered_keys:?}."); 171 174 } 172 175 173 176 info

+1 -1

rust/macros/paste.rs

··· 50 50 let tokens = group.stream().into_iter().collect::<Vec<TokenTree>>(); 51 51 segments.append(&mut concat_helper(tokens.as_slice())); 52 52 } 53 - token => panic!("unexpected token in paste segments: {:?}", token), 53 + token => panic!("unexpected token in paste segments: {token:?}"), 54 54 }; 55 55 } 56 56

+1 -2

rust/pin-init/internal/src/pinned_drop.rs

··· 28 28 // Found the end of the generics, this should be `PinnedDrop`. 29 29 assert!( 30 30 matches!(tt, TokenTree::Ident(i) if i.to_string() == "PinnedDrop"), 31 - "expected 'PinnedDrop', found: '{:?}'", 32 - tt 31 + "expected 'PinnedDrop', found: '{tt:?}'" 33 32 ); 34 33 pinned_drop_idx = Some(i); 35 34 break;

+1

rust/uapi/lib.rs

··· 24 24 unreachable_pub, 25 25 unsafe_op_in_unsafe_fn 26 26 )] 27 + #![cfg_attr(CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES, allow(unnecessary_transmutes))] 27 28 28 29 // Manual definition of blocklisted types. 29 30 type __kernel_size_t = usize;

+1 -1

samples/ftrace/sample-trace-array.c

··· 112 112 /* 113 113 * If context specific per-cpu buffers havent already been allocated. 114 114 */ 115 - trace_printk_init_buffers(); 115 + trace_array_init_printk(tr); 116 116 117 117 simple_tsk = kthread_run(simple_thread, NULL, "sample-instance"); 118 118 if (IS_ERR(simple_tsk)) {

+12

scripts/Makefile.extrawarn

··· 37 37 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111219 38 38 KBUILD_CFLAGS += $(call cc-disable-warning, format-overflow-non-kprintf) 39 39 KBUILD_CFLAGS += $(call cc-disable-warning, format-truncation-non-kprintf) 40 + 41 + # Clang may emit a warning when a const variable, such as the dummy variables 42 + # in typecheck(), or const member of an aggregate type are not initialized, 43 + # which can result in unexpected behavior. However, in many audited cases of 44 + # the "field" variant of the warning, this is intentional because the field is 45 + # never used within a particular call path, the field is within a union with 46 + # other non-const members, or the containing object is not const so the field 47 + # can be modified via memcpy() / memset(). While the variable warning also gets 48 + # disabled with this same switch, there should not be too much coverage lost 49 + # because -Wuninitialized will still flag when an uninitialized const variable 50 + # is used. 51 + KBUILD_CFLAGS += $(call cc-disable-warning, default-const-init-unsafe) 40 52 else 41 53 42 54 # gcc inanely warns about local variables called 'main'

+3 -3

scripts/Makefile.vmlinux

··· 13 13 vmlinux-final := vmlinux.unstripped 14 14 15 15 quiet_cmd_strip_relocs = RSTRIP $@ 16 - cmd_strip_relocs = $(OBJCOPY) --remove-section='.rel*' $< $@ 16 + cmd_strip_relocs = $(OBJCOPY) --remove-section='.rel*' --remove-section=!'.rel*.dyn' $< $@ 17 17 18 18 vmlinux: $(vmlinux-final) FORCE 19 19 $(call if_changed,strip_relocs) ··· 94 94 endif 95 95 96 96 ifdef CONFIG_BUILDTIME_TABLE_SORT 97 - vmlinux: scripts/sorttable 97 + $(vmlinux-final): scripts/sorttable 98 98 endif 99 99 100 - # module.builtin.ranges 100 + # modules.builtin.ranges 101 101 # --------------------------------------------------------------------------- 102 102 ifdef CONFIG_BUILTIN_MODULE_RANGES 103 103 __default: modules.builtin.ranges

+2 -2

scripts/Makefile.vmlinux_o

··· 73 73 74 74 targets += vmlinux.o 75 75 76 - # module.builtin.modinfo 76 + # modules.builtin.modinfo 77 77 # --------------------------------------------------------------------------- 78 78 79 79 OBJCOPYFLAGS_modules.builtin.modinfo := -j .modinfo -O binary ··· 82 82 modules.builtin.modinfo: vmlinux.o FORCE 83 83 $(call if_changed,objcopy) 84 84 85 - # module.builtin 85 + # modules.builtin 86 86 # --------------------------------------------------------------------------- 87 87 88 88 # The second line aids cases where multiple modules share the same object.

+1

scripts/package/kernel.spec

··· 16 16 Source2: diff.patch 17 17 Provides: kernel-%{KERNELRELEASE} 18 18 BuildRequires: bc binutils bison dwarves 19 + BuildRequires: (elfutils-devel or libdw-devel) 19 20 BuildRequires: (elfutils-libelf-devel or libelf-devel) flex 20 21 BuildRequires: gcc make openssl openssl-devel perl python3 rsync 21 22

+1 -1

scripts/package/mkdebian

··· 210 210 Build-Depends: debhelper-compat (= 12) 211 211 Build-Depends-Arch: bc, bison, flex, 212 212 gcc-${host_gnu} <!pkg.${sourcename}.nokernelheaders>, 213 - kmod, libelf-dev:native, 213 + kmod, libdw-dev:native, libelf-dev:native, 214 214 libssl-dev:native, libssl-dev <!pkg.${sourcename}.nokernelheaders>, 215 215 python3:native, rsync 216 216 Homepage: https://www.kernel.org/

+15 -7

tools/net/ynl/pyynl/ethtool.py

··· 338 338 print('Capabilities:') 339 339 [print(f'\t{v}') for v in bits_to_dict(tsinfo['timestamping'])] 340 340 341 - print(f'PTP Hardware Clock: {tsinfo["phc-index"]}') 341 + print(f'PTP Hardware Clock: {tsinfo.get("phc-index", "none")}') 342 342 343 - print('Hardware Transmit Timestamp Modes:') 344 - [print(f'\t{v}') for v in bits_to_dict(tsinfo['tx-types'])] 343 + if 'tx-types' in tsinfo: 344 + print('Hardware Transmit Timestamp Modes:') 345 + [print(f'\t{v}') for v in bits_to_dict(tsinfo['tx-types'])] 346 + else: 347 + print('Hardware Transmit Timestamp Modes: none') 345 348 346 - print('Hardware Receive Filter Modes:') 347 - [print(f'\t{v}') for v in bits_to_dict(tsinfo['rx-filters'])] 349 + if 'rx-filters' in tsinfo: 350 + print('Hardware Receive Filter Modes:') 351 + [print(f'\t{v}') for v in bits_to_dict(tsinfo['rx-filters'])] 352 + else: 353 + print('Hardware Receive Filter Modes: none') 348 354 349 - print('Statistics:') 350 - [print(f'\t{k}: {v}') for k, v in tsinfo['stats'].items()] 355 + if 'stats' in tsinfo and tsinfo['stats']: 356 + print('Statistics:') 357 + [print(f'\t{k}: {v}') for k, v in tsinfo['stats'].items()] 358 + 351 359 return 352 360 353 361 print(f'Settings for {args.device}:')

+3 -4

tools/net/ynl/pyynl/ynl_gen_c.py

··· 1274 1274 self.pure_nested_structs[nested].request = True 1275 1275 if attr in rs_members['reply']: 1276 1276 self.pure_nested_structs[nested].reply = True 1277 - 1278 - if spec.is_multi_val(): 1279 - child = self.pure_nested_structs.get(nested) 1280 - child.in_multi_val = True 1277 + if spec.is_multi_val(): 1278 + child = self.pure_nested_structs.get(nested) 1279 + child.in_multi_val = True 1281 1280 1282 1281 self._sort_pure_types() 1283 1282

+9

tools/objtool/arch/x86/decode.c

··· 189 189 op2 = ins.opcode.bytes[1]; 190 190 op3 = ins.opcode.bytes[2]; 191 191 192 + /* 193 + * XXX hack, decoder is buggered and thinks 0xea is 7 bytes long. 194 + */ 195 + if (op1 == 0xea) { 196 + insn->len = 1; 197 + insn->type = INSN_BUG; 198 + return 0; 199 + } 200 + 192 201 if (ins.rex_prefix.nbytes) { 193 202 rex = ins.rex_prefix.bytes[0]; 194 203 rex_w = X86_REX_W(rex) >> 3;

+1

tools/objtool/check.c

··· 227 227 str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || 228 228 str_ends_with(func->name, "_4core9panicking30panic_null_pointer_dereference") || 229 229 str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || 230 + str_ends_with(func->name, "_7___rustc17rust_begin_unwind") || 230 231 strstr(func->name, "_4core9panicking13assert_failed") || 231 232 strstr(func->name, "_4core9panicking11panic_const24panic_const_") || 232 233 (strstr(func->name, "_4core5slice5index24slice_") &&

+1

tools/testing/selftests/Makefile

··· 122 122 TARGETS += vDSO 123 123 TARGETS += mm 124 124 TARGETS += x86 125 + TARGETS += x86/bugs 125 126 TARGETS += zram 126 127 #Please keep the TARGETS list alphabetically sorted 127 128 # Run "make quicktest=1 run_tests" or

+22 -33

tools/testing/selftests/drivers/net/hw/ncdevmem.c

··· 507 507 return 0; 508 508 } 509 509 510 + static struct netdev_queue_id *create_queues(void) 511 + { 512 + struct netdev_queue_id *queues; 513 + size_t i = 0; 514 + 515 + queues = calloc(num_queues, sizeof(*queues)); 516 + for (i = 0; i < num_queues; i++) { 517 + queues[i]._present.type = 1; 518 + queues[i]._present.id = 1; 519 + queues[i].type = NETDEV_QUEUE_TYPE_RX; 520 + queues[i].id = start_queue + i; 521 + } 522 + 523 + return queues; 524 + } 525 + 510 526 static int do_server(struct memory_buffer *mem) 511 527 { 512 528 char ctrl_data[sizeof(int) * 20000]; ··· 540 524 char buffer[256]; 541 525 int socket_fd; 542 526 int client_fd; 543 - size_t i = 0; 544 527 int ret; 545 528 546 529 ret = parse_address(server_ip, atoi(port), &server_sin); ··· 562 547 563 548 sleep(1); 564 549 565 - queues = malloc(sizeof(*queues) * num_queues); 566 - 567 - for (i = 0; i < num_queues; i++) { 568 - queues[i]._present.type = 1; 569 - queues[i]._present.id = 1; 570 - queues[i].type = NETDEV_QUEUE_TYPE_RX; 571 - queues[i].id = start_queue + i; 572 - } 573 - 574 - if (bind_rx_queue(ifindex, mem->fd, queues, num_queues, &ys)) 550 + if (bind_rx_queue(ifindex, mem->fd, create_queues(), num_queues, &ys)) 575 551 error(1, 0, "Failed to bind\n"); 576 552 577 553 tmp_mem = malloc(mem->size); ··· 627 621 goto cleanup; 628 622 } 629 623 630 - i++; 631 624 for (cm = CMSG_FIRSTHDR(&msg); cm; cm = CMSG_NXTHDR(&msg, cm)) { 632 625 if (cm->cmsg_level != SOL_SOCKET || 633 626 (cm->cmsg_type != SCM_DEVMEM_DMABUF && ··· 711 706 712 707 void run_devmem_tests(void) 713 708 { 714 - struct netdev_queue_id *queues; 715 709 struct memory_buffer *mem; 716 710 struct ynl_sock *ys; 717 - size_t i = 0; 718 711 719 712 mem = provider->alloc(getpagesize() * NUM_PAGES); 720 713 ··· 720 717 if (configure_rss()) 721 718 error(1, 0, "rss error\n"); 722 719 723 - queues = calloc(num_queues, sizeof(*queues)); 724 - 725 720 if (configure_headersplit(1)) 726 721 error(1, 0, "Failed to configure header split\n"); 727 722 728 - if (!bind_rx_queue(ifindex, mem->fd, queues, num_queues, &ys)) 723 + if (!bind_rx_queue(ifindex, mem->fd, 724 + calloc(num_queues, sizeof(struct netdev_queue_id)), 725 + num_queues, &ys)) 729 726 error(1, 0, "Binding empty queues array should have failed\n"); 730 - 731 - for (i = 0; i < num_queues; i++) { 732 - queues[i]._present.type = 1; 733 - queues[i]._present.id = 1; 734 - queues[i].type = NETDEV_QUEUE_TYPE_RX; 735 - queues[i].id = start_queue + i; 736 - } 737 727 738 728 if (configure_headersplit(0)) 739 729 error(1, 0, "Failed to configure header split\n"); 740 730 741 - if (!bind_rx_queue(ifindex, mem->fd, queues, num_queues, &ys)) 731 + if (!bind_rx_queue(ifindex, mem->fd, create_queues(), num_queues, &ys)) 742 732 error(1, 0, "Configure dmabuf with header split off should have failed\n"); 743 733 744 734 if (configure_headersplit(1)) 745 735 error(1, 0, "Failed to configure header split\n"); 746 736 747 - for (i = 0; i < num_queues; i++) { 748 - queues[i]._present.type = 1; 749 - queues[i]._present.id = 1; 750 - queues[i].type = NETDEV_QUEUE_TYPE_RX; 751 - queues[i].id = start_queue + i; 752 - } 753 - 754 - if (bind_rx_queue(ifindex, mem->fd, queues, num_queues, &ys)) 737 + if (bind_rx_queue(ifindex, mem->fd, create_queues(), num_queues, &ys)) 755 738 error(1, 0, "Failed to bind\n"); 756 739 757 740 /* Deactivating a bound queue should not be legal */

+4 -4

tools/testing/selftests/kvm/arm64/set_id_regs.c

··· 129 129 REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, DIT, 0), 130 130 REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, SEL2, 0), 131 131 REG_FTR_BITS(FTR_EXACT, ID_AA64PFR0_EL1, GIC, 0), 132 - REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL3, 0), 133 - REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL2, 0), 134 - REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL1, 0), 135 - REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL0, 0), 132 + REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL3, 1), 133 + REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL2, 1), 134 + REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL1, 1), 135 + REG_FTR_BITS(FTR_LOWER_SAFE, ID_AA64PFR0_EL1, EL0, 1), 136 136 REG_FTR_END, 137 137 }; 138 138

+14 -5

tools/testing/selftests/mm/compaction_test.c

··· 90 90 int compaction_index = 0; 91 91 char nr_hugepages[20] = {0}; 92 92 char init_nr_hugepages[24] = {0}; 93 + char target_nr_hugepages[24] = {0}; 94 + int slen; 93 95 94 96 snprintf(init_nr_hugepages, sizeof(init_nr_hugepages), 95 97 "%lu", initial_nr_hugepages); ··· 108 106 goto out; 109 107 } 110 108 111 - /* Request a large number of huge pages. The Kernel will allocate 112 - as much as it can */ 113 - if (write(fd, "100000", (6*sizeof(char))) != (6*sizeof(char))) { 114 - ksft_print_msg("Failed to write 100000 to /proc/sys/vm/nr_hugepages: %s\n", 115 - strerror(errno)); 109 + /* 110 + * Request huge pages for about half of the free memory. The Kernel 111 + * will allocate as much as it can, and we expect it will get at least 1/3 112 + */ 113 + nr_hugepages_ul = mem_free / hugepage_size / 2; 114 + snprintf(target_nr_hugepages, sizeof(target_nr_hugepages), 115 + "%lu", nr_hugepages_ul); 116 + 117 + slen = strlen(target_nr_hugepages); 118 + if (write(fd, target_nr_hugepages, slen) != slen) { 119 + ksft_print_msg("Failed to write %lu to /proc/sys/vm/nr_hugepages: %s\n", 120 + nr_hugepages_ul, strerror(errno)); 116 121 goto close_fd; 117 122 } 118 123

+10 -6

tools/testing/selftests/mm/guard-regions.c

··· 271 271 self->page_size = (unsigned long)sysconf(_SC_PAGESIZE); 272 272 setup_sighandler(); 273 273 274 - if (variant->backing == ANON_BACKED) 274 + switch (variant->backing) { 275 + case ANON_BACKED: 275 276 return; 276 - 277 - self->fd = open_file( 278 - variant->backing == SHMEM_BACKED ? "/tmp/" : "", 279 - self->path); 277 + case LOCAL_FILE_BACKED: 278 + self->fd = open_file("", self->path); 279 + break; 280 + case SHMEM_BACKED: 281 + self->fd = memfd_create(self->path, 0); 282 + break; 283 + } 280 284 281 285 /* We truncate file to at least 100 pages, tests can modify as needed. */ 282 286 ASSERT_EQ(ftruncate(self->fd, 100 * self->page_size), 0); ··· 1700 1696 char *ptr; 1701 1697 int i; 1702 1698 1703 - if (variant->backing == ANON_BACKED) 1699 + if (variant->backing != LOCAL_FILE_BACKED) 1704 1700 SKIP(return, "Read-only test specific to file-backed"); 1705 1701 1706 1702 /* Map shared so we can populate with pattern, populate it, unmap. */

+13 -1

tools/testing/selftests/mm/pkey-powerpc.h

··· 3 3 #ifndef _PKEYS_POWERPC_H 4 4 #define _PKEYS_POWERPC_H 5 5 6 + #include <sys/stat.h> 7 + 6 8 #ifndef SYS_pkey_alloc 7 9 # define SYS_pkey_alloc 384 8 10 # define SYS_pkey_free 385 ··· 104 102 return; 105 103 } 106 104 105 + #define REPEAT_8(s) s s s s s s s s 106 + #define REPEAT_64(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) \ 107 + REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) REPEAT_8(s) 108 + #define REPEAT_512(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) \ 109 + REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) REPEAT_64(s) 110 + #define REPEAT_4096(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) \ 111 + REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) REPEAT_512(s) 112 + #define REPEAT_16384(s) REPEAT_4096(s) REPEAT_4096(s) \ 113 + REPEAT_4096(s) REPEAT_4096(s) 114 + 107 115 /* 4-byte instructions * 16384 = 64K page */ 108 - #define __page_o_noops() asm(".rept 16384 ; nop; .endr") 116 + #define __page_o_noops() asm(REPEAT_16384("nop\n")) 109 117 110 118 static inline void *malloc_pkey_with_mprotect_subpage(long size, int prot, u16 pkey) 111 119 {

+1

tools/testing/selftests/mm/pkey_util.c

··· 1 1 // SPDX-License-Identifier: GPL-2.0-only 2 + #define __SANE_USERSPACE_TYPES__ 2 3 #include <sys/syscall.h> 3 4 #include <unistd.h> 4 5

+24

tools/testing/selftests/tc-testing/tc-tests/qdiscs/codel.json

··· 189 189 "teardown": [ 190 190 "$TC qdisc del dev $DUMMY handle 1: root" 191 191 ] 192 + }, 193 + { 194 + "id": "deb1", 195 + "name": "CODEL test qdisc limit trimming", 196 + "category": ["qdisc", "codel"], 197 + "plugins": { 198 + "requires": ["nsPlugin", "scapyPlugin"] 199 + }, 200 + "setup": [ 201 + "$TC qdisc add dev $DEV1 handle 1: root codel limit 10" 202 + ], 203 + "scapy": [ 204 + { 205 + "iface": "$DEV0", 206 + "count": 10, 207 + "packet": "Ether(type=0x800)/IP(src='10.0.0.10',dst='10.0.0.20')/TCP(sport=5000,dport=10)" 208 + } 209 + ], 210 + "cmdUnderTest": "$TC qdisc change dev $DEV1 handle 1: root codel limit 1", 211 + "expExitCode": "0", 212 + "verifyCmd": "$TC qdisc show dev $DEV1", 213 + "matchPattern": "qdisc codel 1: root refcnt [0-9]+ limit 1p target 5ms interval 100ms", 214 + "matchCount": "1", 215 + "teardown": ["$TC qdisc del dev $DEV1 handle 1: root"] 192 216 } 193 217 ]

+22

tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq.json

··· 377 377 "teardown": [ 378 378 "$TC qdisc del dev $DUMMY handle 1: root" 379 379 ] 380 + }, 381 + { 382 + "id": "9479", 383 + "name": "FQ test qdisc limit trimming", 384 + "category": ["qdisc", "fq"], 385 + "plugins": {"requires": ["nsPlugin", "scapyPlugin"]}, 386 + "setup": [ 387 + "$TC qdisc add dev $DEV1 handle 1: root fq limit 10" 388 + ], 389 + "scapy": [ 390 + { 391 + "iface": "$DEV0", 392 + "count": 10, 393 + "packet": "Ether(type=0x800)/IP(src='10.0.0.10',dst='10.0.0.20')/TCP(sport=5000,dport=10)" 394 + } 395 + ], 396 + "cmdUnderTest": "$TC qdisc change dev $DEV1 handle 1: root fq limit 1", 397 + "expExitCode": "0", 398 + "verifyCmd": "$TC qdisc show dev $DEV1", 399 + "matchPattern": "qdisc fq 1: root refcnt [0-9]+ limit 1p", 400 + "matchCount": "1", 401 + "teardown": ["$TC qdisc del dev $DEV1 handle 1: root"] 380 402 } 381 403 ]

+22

tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq_codel.json

··· 294 294 "teardown": [ 295 295 "$TC qdisc del dev $DUMMY handle 1: root" 296 296 ] 297 + }, 298 + { 299 + "id": "0436", 300 + "name": "FQ_CODEL test qdisc limit trimming", 301 + "category": ["qdisc", "fq_codel"], 302 + "plugins": {"requires": ["nsPlugin", "scapyPlugin"]}, 303 + "setup": [ 304 + "$TC qdisc add dev $DEV1 handle 1: root fq_codel limit 10" 305 + ], 306 + "scapy": [ 307 + { 308 + "iface": "$DEV0", 309 + "count": 10, 310 + "packet": "Ether(type=0x800)/IP(src='10.0.0.10',dst='10.0.0.20')/TCP(sport=5000,dport=10)" 311 + } 312 + ], 313 + "cmdUnderTest": "$TC qdisc change dev $DEV1 handle 1: root fq_codel limit 1", 314 + "expExitCode": "0", 315 + "verifyCmd": "$TC qdisc show dev $DEV1", 316 + "matchPattern": "qdisc fq_codel 1: root refcnt [0-9]+ limit 1p flows 1024 quantum.*target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64", 317 + "matchCount": "1", 318 + "teardown": ["$TC qdisc del dev $DEV1 handle 1: root"] 297 319 } 298 320 ]

+22

tools/testing/selftests/tc-testing/tc-tests/qdiscs/fq_pie.json

··· 18 18 "matchCount": "1", 19 19 "teardown": [ 20 20 ] 21 + }, 22 + { 23 + "id": "83bf", 24 + "name": "FQ_PIE test qdisc limit trimming", 25 + "category": ["qdisc", "fq_pie"], 26 + "plugins": {"requires": ["nsPlugin", "scapyPlugin"]}, 27 + "setup": [ 28 + "$TC qdisc add dev $DEV1 handle 1: root fq_pie limit 10" 29 + ], 30 + "scapy": [ 31 + { 32 + "iface": "$DEV0", 33 + "count": 10, 34 + "packet": "Ether(type=0x800)/IP(src='10.0.0.10',dst='10.0.0.20')/TCP(sport=5000,dport=10)" 35 + } 36 + ], 37 + "cmdUnderTest": "$TC qdisc change dev $DEV1 handle 1: root fq_pie limit 1", 38 + "expExitCode": "0", 39 + "verifyCmd": "$TC qdisc show dev $DEV1", 40 + "matchPattern": "qdisc fq_pie 1: root refcnt [0-9]+ limit 1p", 41 + "matchCount": "1", 42 + "teardown": ["$TC qdisc del dev $DEV1 handle 1: root"] 21 43 } 22 44 ]

+22

tools/testing/selftests/tc-testing/tc-tests/qdiscs/hhf.json

··· 188 188 "teardown": [ 189 189 "$TC qdisc del dev $DUMMY handle 1: root" 190 190 ] 191 + }, 192 + { 193 + "id": "385f", 194 + "name": "HHF test qdisc limit trimming", 195 + "category": ["qdisc", "hhf"], 196 + "plugins": {"requires": ["nsPlugin", "scapyPlugin"]}, 197 + "setup": [ 198 + "$TC qdisc add dev $DEV1 handle 1: root hhf limit 10" 199 + ], 200 + "scapy": [ 201 + { 202 + "iface": "$DEV0", 203 + "count": 10, 204 + "packet": "Ether(type=0x800)/IP(src='10.0.0.10',dst='10.0.0.20')/TCP(sport=5000,dport=10)" 205 + } 206 + ], 207 + "cmdUnderTest": "$TC qdisc change dev $DEV1 handle 1: root hhf limit 1", 208 + "expExitCode": "0", 209 + "verifyCmd": "$TC qdisc show dev $DEV1", 210 + "matchPattern": "qdisc hhf 1: root refcnt [0-9]+ limit 1p.*hh_limit 2048 reset_timeout 40ms admit_bytes 128Kb evict_timeout 1s non_hh_weight 2", 211 + "matchCount": "1", 212 + "teardown": ["$TC qdisc del dev $DEV1 handle 1: root"] 191 213 } 192 214 ]

+24

tools/testing/selftests/tc-testing/tc-tests/qdiscs/pie.json

··· 1 + [ 2 + { 3 + "id": "6158", 4 + "name": "PIE test qdisc limit trimming", 5 + "category": ["qdisc", "pie"], 6 + "plugins": {"requires": ["nsPlugin", "scapyPlugin"]}, 7 + "setup": [ 8 + "$TC qdisc add dev $DEV1 handle 1: root pie limit 10" 9 + ], 10 + "scapy": [ 11 + { 12 + "iface": "$DEV0", 13 + "count": 10, 14 + "packet": "Ether(type=0x800)/IP(src='10.0.0.10',dst='10.0.0.20')/TCP(sport=5000,dport=10)" 15 + } 16 + ], 17 + "cmdUnderTest": "$TC qdisc change dev $DEV1 handle 1: root pie limit 1", 18 + "expExitCode": "0", 19 + "verifyCmd": "$TC qdisc show dev $DEV1", 20 + "matchPattern": "qdisc pie 1: root refcnt [0-9]+ limit 1p", 21 + "matchCount": "1", 22 + "teardown": ["$TC qdisc del dev $DEV1 handle 1: root"] 23 + } 24 + ]

+3

tools/testing/selftests/x86/bugs/Makefile

··· 1 + TEST_PROGS := its_sysfs.py its_permutations.py its_indirect_alignment.py its_ret_alignment.py 2 + TEST_FILES := common.py 3 + include ../../lib.mk

+164

tools/testing/selftests/x86/bugs/common.py

··· 1 + #!/usr/bin/env python3 2 + # SPDX-License-Identifier: GPL-2.0 3 + # 4 + # Copyright (c) 2025 Intel Corporation 5 + # 6 + # This contains kselftest framework adapted common functions for testing 7 + # mitigation for x86 bugs. 8 + 9 + import os, sys, re, shutil 10 + 11 + sys.path.insert(0, '../../kselftest') 12 + import ksft 13 + 14 + def read_file(path): 15 + if not os.path.exists(path): 16 + return None 17 + with open(path, 'r') as file: 18 + return file.read().strip() 19 + 20 + def cpuinfo_has(arg): 21 + cpuinfo = read_file('/proc/cpuinfo') 22 + if arg in cpuinfo: 23 + return True 24 + return False 25 + 26 + def cmdline_has(arg): 27 + cmdline = read_file('/proc/cmdline') 28 + if arg in cmdline: 29 + return True 30 + return False 31 + 32 + def cmdline_has_either(args): 33 + cmdline = read_file('/proc/cmdline') 34 + for arg in args: 35 + if arg in cmdline: 36 + return True 37 + return False 38 + 39 + def cmdline_has_none(args): 40 + return not cmdline_has_either(args) 41 + 42 + def cmdline_has_all(args): 43 + cmdline = read_file('/proc/cmdline') 44 + for arg in args: 45 + if arg not in cmdline: 46 + return False 47 + return True 48 + 49 + def get_sysfs(bug): 50 + return read_file("/sys/devices/system/cpu/vulnerabilities/" + bug) 51 + 52 + def sysfs_has(bug, mitigation): 53 + status = get_sysfs(bug) 54 + if mitigation in status: 55 + return True 56 + return False 57 + 58 + def sysfs_has_either(bugs, mitigations): 59 + for bug in bugs: 60 + for mitigation in mitigations: 61 + if sysfs_has(bug, mitigation): 62 + return True 63 + return False 64 + 65 + def sysfs_has_none(bugs, mitigations): 66 + return not sysfs_has_either(bugs, mitigations) 67 + 68 + def sysfs_has_all(bugs, mitigations): 69 + for bug in bugs: 70 + for mitigation in mitigations: 71 + if not sysfs_has(bug, mitigation): 72 + return False 73 + return True 74 + 75 + def bug_check_pass(bug, found): 76 + ksft.print_msg(f"\nFound: {found}") 77 + # ksft.print_msg(f"\ncmdline: {read_file('/proc/cmdline')}") 78 + ksft.test_result_pass(f'{bug}: {found}') 79 + 80 + def bug_check_fail(bug, found, expected): 81 + ksft.print_msg(f'\nFound:\t {found}') 82 + ksft.print_msg(f'Expected:\t {expected}') 83 + ksft.print_msg(f"\ncmdline: {read_file('/proc/cmdline')}") 84 + ksft.test_result_fail(f'{bug}: {found}') 85 + 86 + def bug_status_unknown(bug, found): 87 + ksft.print_msg(f'\nUnknown status: {found}') 88 + ksft.print_msg(f"\ncmdline: {read_file('/proc/cmdline')}") 89 + ksft.test_result_fail(f'{bug}: {found}') 90 + 91 + def basic_checks_sufficient(bug, mitigation): 92 + if not mitigation: 93 + bug_status_unknown(bug, "None") 94 + return True 95 + elif mitigation == "Not affected": 96 + ksft.test_result_pass(bug) 97 + return True 98 + elif mitigation == "Vulnerable": 99 + if cmdline_has_either([f'{bug}=off', 'mitigations=off']): 100 + bug_check_pass(bug, mitigation) 101 + return True 102 + return False 103 + 104 + def get_section_info(vmlinux, section_name): 105 + from elftools.elf.elffile import ELFFile 106 + with open(vmlinux, 'rb') as f: 107 + elffile = ELFFile(f) 108 + section = elffile.get_section_by_name(section_name) 109 + if section is None: 110 + ksft.print_msg("Available sections in vmlinux:") 111 + for sec in elffile.iter_sections(): 112 + ksft.print_msg(sec.name) 113 + raise ValueError(f"Section {section_name} not found in {vmlinux}") 114 + return section['sh_addr'], section['sh_offset'], section['sh_size'] 115 + 116 + def get_patch_sites(vmlinux, offset, size): 117 + import struct 118 + output = [] 119 + with open(vmlinux, 'rb') as f: 120 + f.seek(offset) 121 + i = 0 122 + while i < size: 123 + data = f.read(4) # s32 124 + if not data: 125 + break 126 + sym_offset = struct.unpack('<i', data)[0] + i 127 + i += 4 128 + output.append(sym_offset) 129 + return output 130 + 131 + def get_instruction_from_vmlinux(elffile, section, virtual_address, target_address): 132 + from capstone import Cs, CS_ARCH_X86, CS_MODE_64 133 + section_start = section['sh_addr'] 134 + section_end = section_start + section['sh_size'] 135 + 136 + if not (section_start <= target_address < section_end): 137 + return None 138 + 139 + offset = target_address - section_start 140 + code = section.data()[offset:offset + 16] 141 + 142 + cap = init_capstone() 143 + for instruction in cap.disasm(code, target_address): 144 + if instruction.address == target_address: 145 + return instruction 146 + return None 147 + 148 + def init_capstone(): 149 + from capstone import Cs, CS_ARCH_X86, CS_MODE_64, CS_OPT_SYNTAX_ATT 150 + cap = Cs(CS_ARCH_X86, CS_MODE_64) 151 + cap.syntax = CS_OPT_SYNTAX_ATT 152 + return cap 153 + 154 + def get_runtime_kernel(): 155 + import drgn 156 + return drgn.program_from_kernel() 157 + 158 + def check_dependencies_or_skip(modules, script_name="unknown test"): 159 + for mod in modules: 160 + try: 161 + __import__(mod) 162 + except ImportError: 163 + ksft.test_result_skip(f"Skipping {script_name}: missing module '{mod}'") 164 + ksft.finished()

+150

tools/testing/selftests/x86/bugs/its_indirect_alignment.py

··· 1 + #!/usr/bin/env python3 2 + # SPDX-License-Identifier: GPL-2.0 3 + # 4 + # Copyright (c) 2025 Intel Corporation 5 + # 6 + # Test for indirect target selection (ITS) mitigation. 7 + # 8 + # Test if indirect CALL/JMP are correctly patched by evaluating 9 + # the vmlinux .retpoline_sites in /proc/kcore. 10 + 11 + # Install dependencies 12 + # add-apt-repository ppa:michel-slm/kernel-utils 13 + # apt update 14 + # apt install -y python3-drgn python3-pyelftools python3-capstone 15 + # 16 + # Best to copy the vmlinux at a standard location: 17 + # mkdir -p /usr/lib/debug/lib/modules/$(uname -r) 18 + # cp $VMLINUX /usr/lib/debug/lib/modules/$(uname -r)/vmlinux 19 + # 20 + # Usage: ./its_indirect_alignment.py [vmlinux] 21 + 22 + import os, sys, argparse 23 + from pathlib import Path 24 + 25 + this_dir = os.path.dirname(os.path.realpath(__file__)) 26 + sys.path.insert(0, this_dir + '/../../kselftest') 27 + import ksft 28 + import common as c 29 + 30 + bug = "indirect_target_selection" 31 + 32 + mitigation = c.get_sysfs(bug) 33 + if not mitigation or "Aligned branch/return thunks" not in mitigation: 34 + ksft.test_result_skip("Skipping its_indirect_alignment.py: Aligned branch/return thunks not enabled") 35 + ksft.finished() 36 + 37 + if c.sysfs_has("spectre_v2", "Retpolines"): 38 + ksft.test_result_skip("Skipping its_indirect_alignment.py: Retpolines deployed") 39 + ksft.finished() 40 + 41 + c.check_dependencies_or_skip(['drgn', 'elftools', 'capstone'], script_name="its_indirect_alignment.py") 42 + 43 + from elftools.elf.elffile import ELFFile 44 + from drgn.helpers.common.memory import identify_address 45 + 46 + cap = c.init_capstone() 47 + 48 + if len(os.sys.argv) > 1: 49 + arg_vmlinux = os.sys.argv[1] 50 + if not os.path.exists(arg_vmlinux): 51 + ksft.test_result_fail(f"its_indirect_alignment.py: vmlinux not found at argument path: {arg_vmlinux}") 52 + ksft.exit_fail() 53 + os.makedirs(f"/usr/lib/debug/lib/modules/{os.uname().release}", exist_ok=True) 54 + os.system(f'cp {arg_vmlinux} /usr/lib/debug/lib/modules/$(uname -r)/vmlinux') 55 + 56 + vmlinux = f"/usr/lib/debug/lib/modules/{os.uname().release}/vmlinux" 57 + if not os.path.exists(vmlinux): 58 + ksft.test_result_fail(f"its_indirect_alignment.py: vmlinux not found at {vmlinux}") 59 + ksft.exit_fail() 60 + 61 + ksft.print_msg(f"Using vmlinux: {vmlinux}") 62 + 63 + retpolines_start_vmlinux, retpolines_sec_offset, size = c.get_section_info(vmlinux, '.retpoline_sites') 64 + ksft.print_msg(f"vmlinux: Section .retpoline_sites (0x{retpolines_start_vmlinux:x}) found at 0x{retpolines_sec_offset:x} with size 0x{size:x}") 65 + 66 + sites_offset = c.get_patch_sites(vmlinux, retpolines_sec_offset, size) 67 + total_retpoline_tests = len(sites_offset) 68 + ksft.print_msg(f"Found {total_retpoline_tests} retpoline sites") 69 + 70 + prog = c.get_runtime_kernel() 71 + retpolines_start_kcore = prog.symbol('__retpoline_sites').address 72 + ksft.print_msg(f'kcore: __retpoline_sites: 0x{retpolines_start_kcore:x}') 73 + 74 + x86_indirect_its_thunk_r15 = prog.symbol('__x86_indirect_its_thunk_r15').address 75 + ksft.print_msg(f'kcore: __x86_indirect_its_thunk_r15: 0x{x86_indirect_its_thunk_r15:x}') 76 + 77 + tests_passed = 0 78 + tests_failed = 0 79 + tests_unknown = 0 80 + 81 + with open(vmlinux, 'rb') as f: 82 + elffile = ELFFile(f) 83 + text_section = elffile.get_section_by_name('.text') 84 + 85 + for i in range(0, len(sites_offset)): 86 + site = retpolines_start_kcore + sites_offset[i] 87 + vmlinux_site = retpolines_start_vmlinux + sites_offset[i] 88 + passed = unknown = failed = False 89 + try: 90 + vmlinux_insn = c.get_instruction_from_vmlinux(elffile, text_section, text_section['sh_addr'], vmlinux_site) 91 + kcore_insn = list(cap.disasm(prog.read(site, 16), site))[0] 92 + operand = kcore_insn.op_str 93 + insn_end = site + kcore_insn.size - 1 # TODO handle Jcc.32 __x86_indirect_thunk_\reg 94 + safe_site = insn_end & 0x20 95 + site_status = "" if safe_site else "(unsafe)" 96 + 97 + ksft.print_msg(f"\nSite {i}: {identify_address(prog, site)} <0x{site:x}> {site_status}") 98 + ksft.print_msg(f"\tvmlinux: 0x{vmlinux_insn.address:x}:\t{vmlinux_insn.mnemonic}\t{vmlinux_insn.op_str}") 99 + ksft.print_msg(f"\tkcore: 0x{kcore_insn.address:x}:\t{kcore_insn.mnemonic}\t{kcore_insn.op_str}") 100 + 101 + if (site & 0x20) ^ (insn_end & 0x20): 102 + ksft.print_msg(f"\tSite at safe/unsafe boundary: {str(kcore_insn.bytes)} {kcore_insn.mnemonic} {operand}") 103 + if safe_site: 104 + tests_passed += 1 105 + passed = True 106 + ksft.print_msg(f"\tPASSED: At safe address") 107 + continue 108 + 109 + if operand.startswith('0xffffffff'): 110 + thunk = int(operand, 16) 111 + if thunk > x86_indirect_its_thunk_r15: 112 + insn_at_thunk = list(cap.disasm(prog.read(thunk, 16), thunk))[0] 113 + operand += ' -> ' + insn_at_thunk.mnemonic + ' ' + insn_at_thunk.op_str + ' <dynamic-thunk?>' 114 + if 'jmp' in insn_at_thunk.mnemonic and thunk & 0x20: 115 + ksft.print_msg(f"\tPASSED: Found {operand} at safe address") 116 + passed = True 117 + if not passed: 118 + if kcore_insn.operands[0].type == capstone.CS_OP_IMM: 119 + operand += ' <' + prog.symbol(int(operand, 16)) + '>' 120 + if '__x86_indirect_its_thunk_' in operand: 121 + ksft.print_msg(f"\tPASSED: Found {operand}") 122 + else: 123 + ksft.print_msg(f"\tPASSED: Found direct branch: {kcore_insn}, ITS thunk not required.") 124 + passed = True 125 + else: 126 + unknown = True 127 + if passed: 128 + tests_passed += 1 129 + elif unknown: 130 + ksft.print_msg(f"UNKNOWN: unexpected operand: {kcore_insn}") 131 + tests_unknown += 1 132 + else: 133 + ksft.print_msg(f'\t************* FAILED *************') 134 + ksft.print_msg(f"\tFound {kcore_insn.bytes} {kcore_insn.mnemonic} {operand}") 135 + ksft.print_msg(f'\t**********************************') 136 + tests_failed += 1 137 + except Exception as e: 138 + ksft.print_msg(f"UNKNOWN: An unexpected error occurred: {e}") 139 + tests_unknown += 1 140 + 141 + ksft.print_msg(f"\n\nSummary:") 142 + ksft.print_msg(f"PASS: \t{tests_passed} \t/ {total_retpoline_tests}") 143 + ksft.print_msg(f"FAIL: \t{tests_failed} \t/ {total_retpoline_tests}") 144 + ksft.print_msg(f"UNKNOWN: \t{tests_unknown} \t/ {total_retpoline_tests}") 145 + 146 + if tests_failed == 0: 147 + ksft.test_result_pass("All ITS return thunk sites passed") 148 + else: 149 + ksft.test_result_fail(f"{tests_failed} ITS return thunk sites failed") 150 + ksft.finished()

+109

tools/testing/selftests/x86/bugs/its_permutations.py

··· 1 + #!/usr/bin/env python3 2 + # SPDX-License-Identifier: GPL-2.0 3 + # 4 + # Copyright (c) 2025 Intel Corporation 5 + # 6 + # Test for indirect target selection (ITS) cmdline permutations with other bugs 7 + # like spectre_v2 and retbleed. 8 + 9 + import os, sys, subprocess, itertools, re, shutil 10 + 11 + test_dir = os.path.dirname(os.path.realpath(__file__)) 12 + sys.path.insert(0, test_dir + '/../../kselftest') 13 + import ksft 14 + import common as c 15 + 16 + bug = "indirect_target_selection" 17 + mitigation = c.get_sysfs(bug) 18 + 19 + if not mitigation or "Not affected" in mitigation: 20 + ksft.test_result_skip("Skipping its_permutations.py: not applicable") 21 + ksft.finished() 22 + 23 + if shutil.which('vng') is None: 24 + ksft.test_result_skip("Skipping its_permutations.py: virtme-ng ('vng') not found in PATH.") 25 + ksft.finished() 26 + 27 + TEST = f"{test_dir}/its_sysfs.py" 28 + default_kparam = ['clearcpuid=hypervisor', 'panic=5', 'panic_on_warn=1', 'oops=panic', 'nmi_watchdog=1', 'hung_task_panic=1'] 29 + 30 + DEBUG = " -v " 31 + 32 + # Install dependencies 33 + # https://github.com/arighi/virtme-ng 34 + # apt install virtme-ng 35 + BOOT_CMD = f"vng --run {test_dir}/../../../../../arch/x86/boot/bzImage " 36 + #BOOT_CMD += DEBUG 37 + 38 + bug = "indirect_target_selection" 39 + 40 + input_options = { 41 + 'indirect_target_selection' : ['off', 'on', 'stuff', 'vmexit'], 42 + 'retbleed' : ['off', 'stuff', 'auto'], 43 + 'spectre_v2' : ['off', 'on', 'eibrs', 'retpoline', 'ibrs', 'eibrs,retpoline'], 44 + } 45 + 46 + def pretty_print(output): 47 + OKBLUE = '\033[94m' 48 + OKGREEN = '\033[92m' 49 + WARNING = '\033[93m' 50 + FAIL = '\033[91m' 51 + ENDC = '\033[0m' 52 + BOLD = '\033[1m' 53 + 54 + # Define patterns and their corresponding colors 55 + patterns = { 56 + r"^ok \d+": OKGREEN, 57 + r"^not ok \d+": FAIL, 58 + r"^# Testing .*": OKBLUE, 59 + r"^# Found: .*": WARNING, 60 + r"^# Totals: .*": BOLD, 61 + r"pass:([1-9]\d*)": OKGREEN, 62 + r"fail:([1-9]\d*)": FAIL, 63 + r"skip:([1-9]\d*)": WARNING, 64 + } 65 + 66 + # Apply colors based on patterns 67 + for pattern, color in patterns.items(): 68 + output = re.sub(pattern, lambda match: f"{color}{match.group(0)}{ENDC}", output, flags=re.MULTILINE) 69 + 70 + print(output) 71 + 72 + combinations = list(itertools.product(*input_options.values())) 73 + ksft.print_header() 74 + ksft.set_plan(len(combinations)) 75 + 76 + logs = "" 77 + 78 + for combination in combinations: 79 + append = "" 80 + log = "" 81 + for p in default_kparam: 82 + append += f' --append={p}' 83 + command = BOOT_CMD + append 84 + test_params = "" 85 + for i, key in enumerate(input_options.keys()): 86 + param = f'{key}={combination[i]}' 87 + test_params += f' {param}' 88 + command += f" --append={param}" 89 + command += f" -- {TEST}" 90 + test_name = f"{bug} {test_params}" 91 + pretty_print(f'# Testing {test_name}') 92 + t = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) 93 + t.wait() 94 + output, _ = t.communicate() 95 + if t.returncode == 0: 96 + ksft.test_result_pass(test_name) 97 + else: 98 + ksft.test_result_fail(test_name) 99 + output = output.decode() 100 + log += f" {output}" 101 + pretty_print(log) 102 + logs += output + "\n" 103 + 104 + # Optionally use tappy to parse the output 105 + # apt install python3-tappy 106 + with open("logs.txt", "w") as f: 107 + f.write(logs) 108 + 109 + ksft.finished()

+139

tools/testing/selftests/x86/bugs/its_ret_alignment.py

··· 1 + #!/usr/bin/env python3 2 + # SPDX-License-Identifier: GPL-2.0 3 + # 4 + # Copyright (c) 2025 Intel Corporation 5 + # 6 + # Test for indirect target selection (ITS) mitigation. 7 + # 8 + # Tests if the RETs are correctly patched by evaluating the 9 + # vmlinux .return_sites in /proc/kcore. 10 + # 11 + # Install dependencies 12 + # add-apt-repository ppa:michel-slm/kernel-utils 13 + # apt update 14 + # apt install -y python3-drgn python3-pyelftools python3-capstone 15 + # 16 + # Run on target machine 17 + # mkdir -p /usr/lib/debug/lib/modules/$(uname -r) 18 + # cp $VMLINUX /usr/lib/debug/lib/modules/$(uname -r)/vmlinux 19 + # 20 + # Usage: ./its_ret_alignment.py 21 + 22 + import os, sys, argparse 23 + from pathlib import Path 24 + 25 + this_dir = os.path.dirname(os.path.realpath(__file__)) 26 + sys.path.insert(0, this_dir + '/../../kselftest') 27 + import ksft 28 + import common as c 29 + 30 + bug = "indirect_target_selection" 31 + mitigation = c.get_sysfs(bug) 32 + if not mitigation or "Aligned branch/return thunks" not in mitigation: 33 + ksft.test_result_skip("Skipping its_ret_alignment.py: Aligned branch/return thunks not enabled") 34 + ksft.finished() 35 + 36 + c.check_dependencies_or_skip(['drgn', 'elftools', 'capstone'], script_name="its_ret_alignment.py") 37 + 38 + from elftools.elf.elffile import ELFFile 39 + from drgn.helpers.common.memory import identify_address 40 + 41 + cap = c.init_capstone() 42 + 43 + if len(os.sys.argv) > 1: 44 + arg_vmlinux = os.sys.argv[1] 45 + if not os.path.exists(arg_vmlinux): 46 + ksft.test_result_fail(f"its_ret_alignment.py: vmlinux not found at user-supplied path: {arg_vmlinux}") 47 + ksft.exit_fail() 48 + os.makedirs(f"/usr/lib/debug/lib/modules/{os.uname().release}", exist_ok=True) 49 + os.system(f'cp {arg_vmlinux} /usr/lib/debug/lib/modules/$(uname -r)/vmlinux') 50 + 51 + vmlinux = f"/usr/lib/debug/lib/modules/{os.uname().release}/vmlinux" 52 + if not os.path.exists(vmlinux): 53 + ksft.test_result_fail(f"its_ret_alignment.py: vmlinux not found at {vmlinux}") 54 + ksft.exit_fail() 55 + 56 + ksft.print_msg(f"Using vmlinux: {vmlinux}") 57 + 58 + rethunks_start_vmlinux, rethunks_sec_offset, size = c.get_section_info(vmlinux, '.return_sites') 59 + ksft.print_msg(f"vmlinux: Section .return_sites (0x{rethunks_start_vmlinux:x}) found at 0x{rethunks_sec_offset:x} with size 0x{size:x}") 60 + 61 + sites_offset = c.get_patch_sites(vmlinux, rethunks_sec_offset, size) 62 + total_rethunk_tests = len(sites_offset) 63 + ksft.print_msg(f"Found {total_rethunk_tests} rethunk sites") 64 + 65 + prog = c.get_runtime_kernel() 66 + rethunks_start_kcore = prog.symbol('__return_sites').address 67 + ksft.print_msg(f'kcore: __rethunk_sites: 0x{rethunks_start_kcore:x}') 68 + 69 + its_return_thunk = prog.symbol('its_return_thunk').address 70 + ksft.print_msg(f'kcore: its_return_thunk: 0x{its_return_thunk:x}') 71 + 72 + tests_passed = 0 73 + tests_failed = 0 74 + tests_unknown = 0 75 + tests_skipped = 0 76 + 77 + with open(vmlinux, 'rb') as f: 78 + elffile = ELFFile(f) 79 + text_section = elffile.get_section_by_name('.text') 80 + 81 + for i in range(len(sites_offset)): 82 + site = rethunks_start_kcore + sites_offset[i] 83 + vmlinux_site = rethunks_start_vmlinux + sites_offset[i] 84 + try: 85 + passed = unknown = failed = skipped = False 86 + 87 + symbol = identify_address(prog, site) 88 + vmlinux_insn = c.get_instruction_from_vmlinux(elffile, text_section, text_section['sh_addr'], vmlinux_site) 89 + kcore_insn = list(cap.disasm(prog.read(site, 16), site))[0] 90 + 91 + insn_end = site + kcore_insn.size - 1 92 + 93 + safe_site = insn_end & 0x20 94 + site_status = "" if safe_site else "(unsafe)" 95 + 96 + ksft.print_msg(f"\nSite {i}: {symbol} <0x{site:x}> {site_status}") 97 + ksft.print_msg(f"\tvmlinux: 0x{vmlinux_insn.address:x}:\t{vmlinux_insn.mnemonic}\t{vmlinux_insn.op_str}") 98 + ksft.print_msg(f"\tkcore: 0x{kcore_insn.address:x}:\t{kcore_insn.mnemonic}\t{kcore_insn.op_str}") 99 + 100 + if safe_site: 101 + tests_passed += 1 102 + passed = True 103 + ksft.print_msg(f"\tPASSED: At safe address") 104 + continue 105 + 106 + if "jmp" in kcore_insn.mnemonic: 107 + passed = True 108 + elif "ret" not in kcore_insn.mnemonic: 109 + skipped = True 110 + 111 + if passed: 112 + ksft.print_msg(f"\tPASSED: Found {kcore_insn.mnemonic} {kcore_insn.op_str}") 113 + tests_passed += 1 114 + elif skipped: 115 + ksft.print_msg(f"\tSKIPPED: Found '{kcore_insn.mnemonic}'") 116 + tests_skipped += 1 117 + elif unknown: 118 + ksft.print_msg(f"UNKNOWN: An unknown instruction: {kcore_insn}") 119 + tests_unknown += 1 120 + else: 121 + ksft.print_msg(f'\t************* FAILED *************') 122 + ksft.print_msg(f"\tFound {kcore_insn.mnemonic} {kcore_insn.op_str}") 123 + ksft.print_msg(f'\t**********************************') 124 + tests_failed += 1 125 + except Exception as e: 126 + ksft.print_msg(f"UNKNOWN: An unexpected error occurred: {e}") 127 + tests_unknown += 1 128 + 129 + ksft.print_msg(f"\n\nSummary:") 130 + ksft.print_msg(f"PASSED: \t{tests_passed} \t/ {total_rethunk_tests}") 131 + ksft.print_msg(f"FAILED: \t{tests_failed} \t/ {total_rethunk_tests}") 132 + ksft.print_msg(f"SKIPPED: \t{tests_skipped} \t/ {total_rethunk_tests}") 133 + ksft.print_msg(f"UNKNOWN: \t{tests_unknown} \t/ {total_rethunk_tests}") 134 + 135 + if tests_failed == 0: 136 + ksft.test_result_pass("All ITS return thunk sites passed.") 137 + else: 138 + ksft.test_result_fail(f"{tests_failed} failed sites need ITS return thunks.") 139 + ksft.finished()

+65

tools/testing/selftests/x86/bugs/its_sysfs.py

··· 1 + #!/usr/bin/env python3 2 + # SPDX-License-Identifier: GPL-2.0 3 + # 4 + # Copyright (c) 2025 Intel Corporation 5 + # 6 + # Test for Indirect Target Selection(ITS) mitigation sysfs status. 7 + 8 + import sys, os, re 9 + this_dir = os.path.dirname(os.path.realpath(__file__)) 10 + sys.path.insert(0, this_dir + '/../../kselftest') 11 + import ksft 12 + 13 + from common import * 14 + 15 + bug = "indirect_target_selection" 16 + mitigation = get_sysfs(bug) 17 + 18 + ITS_MITIGATION_ALIGNED_THUNKS = "Mitigation: Aligned branch/return thunks" 19 + ITS_MITIGATION_RETPOLINE_STUFF = "Mitigation: Retpolines, Stuffing RSB" 20 + ITS_MITIGATION_VMEXIT_ONLY = "Mitigation: Vulnerable, KVM: Not affected" 21 + ITS_MITIGATION_VULNERABLE = "Vulnerable" 22 + 23 + def check_mitigation(): 24 + if mitigation == ITS_MITIGATION_ALIGNED_THUNKS: 25 + if cmdline_has(f'{bug}=stuff') and sysfs_has("spectre_v2", "Retpolines"): 26 + bug_check_fail(bug, ITS_MITIGATION_ALIGNED_THUNKS, ITS_MITIGATION_RETPOLINE_STUFF) 27 + return 28 + if cmdline_has(f'{bug}=vmexit') and cpuinfo_has('its_native_only'): 29 + bug_check_fail(bug, ITS_MITIGATION_ALIGNED_THUNKS, ITS_MITIGATION_VMEXIT_ONLY) 30 + return 31 + bug_check_pass(bug, ITS_MITIGATION_ALIGNED_THUNKS) 32 + return 33 + 34 + if mitigation == ITS_MITIGATION_RETPOLINE_STUFF: 35 + if cmdline_has(f'{bug}=stuff') and sysfs_has("spectre_v2", "Retpolines"): 36 + bug_check_pass(bug, ITS_MITIGATION_RETPOLINE_STUFF) 37 + return 38 + if sysfs_has('retbleed', 'Stuffing'): 39 + bug_check_pass(bug, ITS_MITIGATION_RETPOLINE_STUFF) 40 + return 41 + bug_check_fail(bug, ITS_MITIGATION_RETPOLINE_STUFF, ITS_MITIGATION_ALIGNED_THUNKS) 42 + 43 + if mitigation == ITS_MITIGATION_VMEXIT_ONLY: 44 + if cmdline_has(f'{bug}=vmexit') and cpuinfo_has('its_native_only'): 45 + bug_check_pass(bug, ITS_MITIGATION_VMEXIT_ONLY) 46 + return 47 + bug_check_fail(bug, ITS_MITIGATION_VMEXIT_ONLY, ITS_MITIGATION_ALIGNED_THUNKS) 48 + 49 + if mitigation == ITS_MITIGATION_VULNERABLE: 50 + if sysfs_has("spectre_v2", "Vulnerable"): 51 + bug_check_pass(bug, ITS_MITIGATION_VULNERABLE) 52 + else: 53 + bug_check_fail(bug, "Mitigation", ITS_MITIGATION_VULNERABLE) 54 + 55 + bug_status_unknown(bug, mitigation) 56 + return 57 + 58 + ksft.print_header() 59 + ksft.set_plan(1) 60 + ksft.print_msg(f'{bug}: {mitigation} ...') 61 + 62 + if not basic_checks_sufficient(bug, mitigation): 63 + check_mitigation() 64 + 65 + ksft.finished()

+16 -12

tools/testing/vsock/vsock_test.c

··· 1264 1264 send_buf(fd, buf, sizeof(buf), 0, sizeof(buf)); 1265 1265 control_expectln("RECEIVED"); 1266 1266 1267 - ret = ioctl(fd, SIOCOUTQ, &sock_bytes_unsent); 1268 - if (ret < 0) { 1269 - if (errno == EOPNOTSUPP) { 1270 - fprintf(stderr, "Test skipped, SIOCOUTQ not supported.\n"); 1271 - } else { 1267 + /* SIOCOUTQ isn't guaranteed to instantly track sent data. Even though 1268 + * the "RECEIVED" message means that the other side has received the 1269 + * data, there can be a delay in our kernel before updating the "unsent 1270 + * bytes" counter. Repeat SIOCOUTQ until it returns 0. 1271 + */ 1272 + timeout_begin(TIMEOUT); 1273 + do { 1274 + ret = ioctl(fd, SIOCOUTQ, &sock_bytes_unsent); 1275 + if (ret < 0) { 1276 + if (errno == EOPNOTSUPP) { 1277 + fprintf(stderr, "Test skipped, SIOCOUTQ not supported.\n"); 1278 + break; 1279 + } 1272 1280 perror("ioctl"); 1273 1281 exit(EXIT_FAILURE); 1274 1282 } 1275 - } else if (ret == 0 && sock_bytes_unsent != 0) { 1276 - fprintf(stderr, 1277 - "Unexpected 'SIOCOUTQ' value, expected 0, got %i\n", 1278 - sock_bytes_unsent); 1279 - exit(EXIT_FAILURE); 1280 - } 1281 - 1283 + timeout_check("SIOCOUTQ"); 1284 + } while (sock_bytes_unsent != 0); 1285 + timeout_end(); 1282 1286 close(fd); 1283 1287 } 1284 1288

+4

usr/include/Makefile

··· 59 59 no-header-test += linux/bpf_perf_event.h 60 60 endif 61 61 62 + ifeq ($(SRCARCH),openrisc) 63 + no-header-test += linux/bpf_perf_event.h 64 + endif 65 + 62 66 ifeq ($(SRCARCH),powerpc) 63 67 no-header-test += linux/bpf_perf_event.h 64 68 endif

Configure Feed

Configure Feed