tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'ib/4.17-xen-kbdfront-runtime-config' into next
Bring in xen-kbdfront changes.
+5129
-2063
+1
Documentation/ABI/testing/sysfs-devices-system-cpu
+1
Documentation/ABI/testing/sysfs-devices-system-cpu
···
478
478
/sys/devices/system/cpu/vulnerabilities/meltdown
479
479
/sys/devices/system/cpu/vulnerabilities/spectre_v1
480
480
/sys/devices/system/cpu/vulnerabilities/spectre_v2
481
+
/sys/devices/system/cpu/vulnerabilities/spec_store_bypass
481
482
Date: January 2018
482
483
Contact: Linux kernel mailing list <linux-kernel@vger.kernel.org>
483
484
Description: Information about CPU vulnerabilities
+45
Documentation/admin-guide/kernel-parameters.txt
+45
Documentation/admin-guide/kernel-parameters.txt
···
2680
2680
allow data leaks with this option, which is equivalent
2681
2681
to spectre_v2=off.
2682
2682
2683
+
nospec_store_bypass_disable
2684
+
[HW] Disable all mitigations for the Speculative Store Bypass vulnerability
2685
+
2683
2686
noxsave [BUGS=X86] Disables x86 extended register state save
2684
2687
and restore using xsave. The kernel will fallback to
2685
2688
enabling legacy floating-point and sse state.
···
4027
4024
4028
4025
Not specifying this option is equivalent to
4029
4026
spectre_v2=auto.
4027
+
4028
+
spec_store_bypass_disable=
4029
+
[HW] Control Speculative Store Bypass (SSB) Disable mitigation
4030
+
(Speculative Store Bypass vulnerability)
4031
+
4032
+
Certain CPUs are vulnerable to an exploit against a
4033
+
a common industry wide performance optimization known
4034
+
as "Speculative Store Bypass" in which recent stores
4035
+
to the same memory location may not be observed by
4036
+
later loads during speculative execution. The idea
4037
+
is that such stores are unlikely and that they can
4038
+
be detected prior to instruction retirement at the
4039
+
end of a particular speculation execution window.
4040
+
4041
+
In vulnerable processors, the speculatively forwarded
4042
+
store can be used in a cache side channel attack, for
4043
+
example to read memory to which the attacker does not
4044
+
directly have access (e.g. inside sandboxed code).
4045
+
4046
+
This parameter controls whether the Speculative Store
4047
+
Bypass optimization is used.
4048
+
4049
+
on - Unconditionally disable Speculative Store Bypass
4050
+
off - Unconditionally enable Speculative Store Bypass
4051
+
auto - Kernel detects whether the CPU model contains an
4052
+
implementation of Speculative Store Bypass and
4053
+
picks the most appropriate mitigation. If the
4054
+
CPU is not vulnerable, "off" is selected. If the
4055
+
CPU is vulnerable the default mitigation is
4056
+
architecture and Kconfig dependent. See below.
4057
+
prctl - Control Speculative Store Bypass per thread
4058
+
via prctl. Speculative Store Bypass is enabled
4059
+
for a process by default. The state of the control
4060
+
is inherited on fork.
4061
+
seccomp - Same as "prctl" above, but all seccomp threads
4062
+
will disable SSB unless they explicitly opt out.
4063
+
4064
+
Not specifying this option is equivalent to
4065
+
spec_store_bypass_disable=auto.
4066
+
4067
+
Default mitigations:
4068
+
X86: If CONFIG_SECCOMP=y "seccomp", otherwise "prctl"
4030
4069
4031
4070
spia_io_base= [HW,MTD]
4032
4071
spia_fio_base=
+1
Documentation/devicetree/bindings/net/dsa/b53.txt
+1
Documentation/devicetree/bindings/net/dsa/b53.txt
+7
Documentation/devicetree/bindings/net/micrel-ksz90x1.txt
+7
Documentation/devicetree/bindings/net/micrel-ksz90x1.txt
···
57
57
- txd2-skew-ps : Skew control of TX data 2 pad
58
58
- txd3-skew-ps : Skew control of TX data 3 pad
59
59
60
+
- micrel,force-master:
61
+
Boolean, force phy to master mode. Only set this option if the phy
62
+
reference clock provided at CLK125_NDO pin is used as MAC reference
63
+
clock because the clock jitter in slave mode is to high (errata#2).
64
+
Attention: The link partner must be configurable as slave otherwise
65
+
no link will be established.
66
+
60
67
Examples:
61
68
62
69
mdio {
+1
-1
Documentation/i2c/busses/i2c-ocores
+1
-1
Documentation/i2c/busses/i2c-ocores
-6
Documentation/networking/ppp_generic.txt
-6
Documentation/networking/ppp_generic.txt
···
300
300
The ioctl calls available on an instance of /dev/ppp attached to a
301
301
channel are:
302
302
303
-
* PPPIOCDETACH detaches the instance from the channel. This ioctl is
304
-
deprecated since the same effect can be achieved by closing the
305
-
instance. In order to prevent possible races this ioctl will fail
306
-
with an EINVAL error if more than one file descriptor refers to this
307
-
instance (i.e. as a result of dup(), dup2() or fork()).
308
-
309
303
* PPPIOCCONNECT connects this channel to a PPP interface. The
310
304
argument should point to an int containing the interface unit
311
305
number. It will return an EINVAL error if the channel is already
+1
Documentation/userspace-api/index.rst
+1
Documentation/userspace-api/index.rst
+94
Documentation/userspace-api/spec_ctrl.rst
+94
Documentation/userspace-api/spec_ctrl.rst
···
1
+
===================
2
+
Speculation Control
3
+
===================
4
+
5
+
Quite some CPUs have speculation-related misfeatures which are in
6
+
fact vulnerabilities causing data leaks in various forms even across
7
+
privilege domains.
8
+
9
+
The kernel provides mitigation for such vulnerabilities in various
10
+
forms. Some of these mitigations are compile-time configurable and some
11
+
can be supplied on the kernel command line.
12
+
13
+
There is also a class of mitigations which are very expensive, but they can
14
+
be restricted to a certain set of processes or tasks in controlled
15
+
environments. The mechanism to control these mitigations is via
16
+
:manpage:`prctl(2)`.
17
+
18
+
There are two prctl options which are related to this:
19
+
20
+
* PR_GET_SPECULATION_CTRL
21
+
22
+
* PR_SET_SPECULATION_CTRL
23
+
24
+
PR_GET_SPECULATION_CTRL
25
+
-----------------------
26
+
27
+
PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
28
+
which is selected with arg2 of prctl(2). The return value uses bits 0-3 with
29
+
the following meaning:
30
+
31
+
==== ===================== ===================================================
32
+
Bit Define Description
33
+
==== ===================== ===================================================
34
+
0 PR_SPEC_PRCTL Mitigation can be controlled per task by
35
+
PR_SET_SPECULATION_CTRL.
36
+
1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
37
+
disabled.
38
+
2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
39
+
enabled.
40
+
3 PR_SPEC_FORCE_DISABLE Same as PR_SPEC_DISABLE, but cannot be undone. A
41
+
subsequent prctl(..., PR_SPEC_ENABLE) will fail.
42
+
==== ===================== ===================================================
43
+
44
+
If all bits are 0 the CPU is not affected by the speculation misfeature.
45
+
46
+
If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
47
+
available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
48
+
misfeature will fail.
49
+
50
+
PR_SET_SPECULATION_CTRL
51
+
-----------------------
52
+
53
+
PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
54
+
is selected by arg2 of :manpage:`prctl(2)` per task. arg3 is used to hand
55
+
in the control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE or
56
+
PR_SPEC_FORCE_DISABLE.
57
+
58
+
Common error codes
59
+
------------------
60
+
======= =================================================================
61
+
Value Meaning
62
+
======= =================================================================
63
+
EINVAL The prctl is not implemented by the architecture or unused
64
+
prctl(2) arguments are not 0.
65
+
66
+
ENODEV arg2 is selecting a not supported speculation misfeature.
67
+
======= =================================================================
68
+
69
+
PR_SET_SPECULATION_CTRL error codes
70
+
-----------------------------------
71
+
======= =================================================================
72
+
Value Meaning
73
+
======= =================================================================
74
+
0 Success
75
+
76
+
ERANGE arg3 is incorrect, i.e. it's neither PR_SPEC_ENABLE nor
77
+
PR_SPEC_DISABLE nor PR_SPEC_FORCE_DISABLE.
78
+
79
+
ENXIO Control of the selected speculation misfeature is not possible.
80
+
See PR_GET_SPECULATION_CTRL.
81
+
82
+
EPERM Speculation was disabled with PR_SPEC_FORCE_DISABLE and caller
83
+
tried to enable it again.
84
+
======= =================================================================
85
+
86
+
Speculation misfeature controls
87
+
-------------------------------
88
+
- PR_SPEC_STORE_BYPASS: Speculative Store Bypass
89
+
90
+
Invocations:
91
+
* prctl(PR_GET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, 0, 0, 0);
92
+
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_ENABLE, 0, 0);
93
+
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
94
+
* prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_FORCE_DISABLE, 0, 0);
+19
-11
MAINTAINERS
+19
-11
MAINTAINERS
···
2332
2332
F: Documentation/devicetree/bindings/gpio/gpio-ath79.txt
2333
2333
2334
2334
ATHEROS ATH GENERIC UTILITIES
2335
-
M: "Luis R. Rodriguez" <mcgrof@do-not-panic.com>
2335
+
M: Kalle Valo <kvalo@codeaurora.org>
2336
2336
L: linux-wireless@vger.kernel.org
2337
2337
S: Supported
2338
2338
F: drivers/net/wireless/ath/*
···
2347
2347
F: drivers/net/wireless/ath/ath5k/
2348
2348
2349
2349
ATHEROS ATH6KL WIRELESS DRIVER
2350
-
M: Kalle Valo <kvalo@qca.qualcomm.com>
2350
+
M: Kalle Valo <kvalo@codeaurora.org>
2351
2351
L: linux-wireless@vger.kernel.org
2352
2352
W: http://wireless.kernel.org/en/users/Drivers/ath6kl
2353
2353
T: git git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
···
5394
5394
F: drivers/iommu/exynos-iommu.c
5395
5395
5396
5396
EZchip NPS platform support
5397
-
M: Elad Kanfi <eladkan@mellanox.com>
5398
5397
M: Vineet Gupta <vgupta@synopsys.com>
5399
5398
S: Supported
5400
5399
F: arch/arc/plat-eznps
···
6509
6510
F: drivers/net/ethernet/huawei/hinic/
6510
6511
6511
6512
HUGETLB FILESYSTEM
6512
-
M: Nadia Yvette Chambers <nyc@holomorphy.com>
6513
+
M: Mike Kravetz <mike.kravetz@oracle.com>
6514
+
L: linux-mm@kvack.org
6513
6515
S: Maintained
6514
6516
F: fs/hugetlbfs/
6517
+
F: mm/hugetlb.c
6518
+
F: include/linux/hugetlb.h
6519
+
F: Documentation/admin-guide/mm/hugetlbpage.rst
6520
+
F: Documentation/vm/hugetlbfs_reserv.rst
6521
+
F: Documentation/ABI/testing/sysfs-kernel-mm-hugepages
6515
6522
6516
6523
HVA ST MEDIA DRIVER
6517
6524
M: Jean-Christophe Trotin <jean-christophe.trotin@st.com>
···
9032
9027
F: drivers/net/ethernet/mellanox/mlx5/core/en_*
9033
9028
9034
9029
MELLANOX ETHERNET INNOVA DRIVER
9035
-
M: Ilan Tayari <ilant@mellanox.com>
9036
9030
R: Boris Pismenny <borisp@mellanox.com>
9037
9031
L: netdev@vger.kernel.org
9038
9032
S: Supported
···
9041
9037
F: include/linux/mlx5/mlx5_ifc_fpga.h
9042
9038
9043
9039
MELLANOX ETHERNET INNOVA IPSEC DRIVER
9044
-
M: Ilan Tayari <ilant@mellanox.com>
9045
9040
R: Boris Pismenny <borisp@mellanox.com>
9046
9041
L: netdev@vger.kernel.org
9047
9042
S: Supported
···
9096
9093
9097
9094
MELLANOX MLX5 core VPI driver
9098
9095
M: Saeed Mahameed <saeedm@mellanox.com>
9099
-
M: Matan Barak <matanb@mellanox.com>
9100
9096
M: Leon Romanovsky <leonro@mellanox.com>
9101
9097
L: netdev@vger.kernel.org
9102
9098
L: linux-rdma@vger.kernel.org
···
9106
9104
F: include/linux/mlx5/
9107
9105
9108
9106
MELLANOX MLX5 IB driver
9109
-
M: Matan Barak <matanb@mellanox.com>
9110
9107
M: Leon Romanovsky <leonro@mellanox.com>
9111
9108
L: linux-rdma@vger.kernel.org
9112
9109
W: http://www.mellanox.com
···
9839
9838
F: net/netfilter/xt_SECMARK.c
9840
9839
9841
9840
NETWORKING [TLS]
9842
-
M: Ilya Lesokhin <ilyal@mellanox.com>
9843
9841
M: Aviad Yehezkel <aviadye@mellanox.com>
9844
9842
M: Dave Watson <davejwatson@fb.com>
9845
9843
L: netdev@vger.kernel.org
···
11638
11638
F: drivers/media/tuners/qt1010*
11639
11639
11640
11640
QUALCOMM ATHEROS ATH10K WIRELESS DRIVER
11641
-
M: Kalle Valo <kvalo@qca.qualcomm.com>
11641
+
M: Kalle Valo <kvalo@codeaurora.org>
11642
11642
L: ath10k@lists.infradead.org
11643
11643
W: http://wireless.kernel.org/en/users/Drivers/ath10k
11644
11644
T: git git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
···
11689
11689
F: drivers/media/platform/qcom/venus/
11690
11690
11691
11691
QUALCOMM WCN36XX WIRELESS DRIVER
11692
-
M: Eugene Krasnikov <k.eugene.e@gmail.com>
11692
+
M: Kalle Valo <kvalo@codeaurora.org>
11693
11693
L: wcn36xx@lists.infradead.org
11694
11694
W: http://wireless.kernel.org/en/users/Drivers/wcn36xx
11695
11695
T: git git://github.com/KrasnikovEugene/wcn36xx.git
···
15518
15518
L: linux-kernel@vger.kernel.org
15519
15519
S: Supported
15520
15520
F: drivers/char/xillybus/
15521
+
15522
+
XLP9XX I2C DRIVER
15523
+
M: George Cherian <george.cherian@cavium.com>
15524
+
M: Jan Glauber <jglauber@cavium.com>
15525
+
L: linux-i2c@vger.kernel.org
15526
+
W: http://www.cavium.com
15527
+
S: Supported
15528
+
F: drivers/i2c/busses/i2c-xlp9xx.c
15521
15529
15522
15530
XRA1403 GPIO EXPANDER
15523
15531
M: Nandor Han <nandor.han@ge.com>
+7
-4
Makefile
+7
-4
Makefile
···
2
2
VERSION = 4
3
3
PATCHLEVEL = 17
4
4
SUBLEVEL = 0
5
-
EXTRAVERSION = -rc6
5
+
EXTRAVERSION =
6
6
NAME = Merciless Moray
7
7
8
8
# *DOCUMENTATION*
···
500
500
RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
501
501
export RETPOLINE_CFLAGS
502
502
503
+
KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
504
+
KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
505
+
503
506
# check for 'asm goto'
504
507
ifeq ($(call shell-cached,$(CONFIG_SHELL) $(srctree)/scripts/gcc-goto.sh $(CC) $(KBUILD_CFLAGS)), y)
505
508
CC_HAVE_ASM_GOTO := 1
···
624
621
# Defaults to vmlinux, but the arch makefile usually adds further targets
625
622
all: vmlinux
626
623
627
-
KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
628
-
KBUILD_AFLAGS += $(call cc-option,-fno-PIE)
629
-
CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,)
624
+
CFLAGS_GCOV := -fprofile-arcs -ftest-coverage \
625
+
$(call cc-option,-fno-tree-loop-im) \
626
+
$(call cc-disable-warning,maybe-uninitialized,)
630
627
export CFLAGS_GCOV CFLAGS_KCOV
631
628
632
629
# The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default
+1
arch/alpha/Kconfig
+1
arch/alpha/Kconfig
+6
-2
arch/alpha/include/asm/dma-mapping.h
+6
-2
arch/alpha/include/asm/dma-mapping.h
···
2
2
#ifndef _ALPHA_DMA_MAPPING_H
3
3
#define _ALPHA_DMA_MAPPING_H
4
4
5
-
extern const struct dma_map_ops *dma_ops;
5
+
extern const struct dma_map_ops alpha_pci_ops;
6
6
7
7
static inline const struct dma_map_ops *get_arch_dma_ops(struct bus_type *bus)
8
8
{
9
-
return dma_ops;
9
+
#ifdef CONFIG_ALPHA_JENSEN
10
+
return &dma_direct_ops;
11
+
#else
12
+
return &alpha_pci_ops;
13
+
#endif
10
14
}
11
15
12
16
#endif /* _ALPHA_DMA_MAPPING_H */
+7
-7
arch/alpha/kernel/io.c
+7
-7
arch/alpha/kernel/io.c
···
37
37
38
38
void iowrite8(u8 b, void __iomem *addr)
39
39
{
40
-
IO_CONCAT(__IO_PREFIX,iowrite8)(b, addr);
41
40
mb();
41
+
IO_CONCAT(__IO_PREFIX,iowrite8)(b, addr);
42
42
}
43
43
44
44
void iowrite16(u16 b, void __iomem *addr)
45
45
{
46
-
IO_CONCAT(__IO_PREFIX,iowrite16)(b, addr);
47
46
mb();
47
+
IO_CONCAT(__IO_PREFIX,iowrite16)(b, addr);
48
48
}
49
49
50
50
void iowrite32(u32 b, void __iomem *addr)
51
51
{
52
-
IO_CONCAT(__IO_PREFIX,iowrite32)(b, addr);
53
52
mb();
53
+
IO_CONCAT(__IO_PREFIX,iowrite32)(b, addr);
54
54
}
55
55
56
56
EXPORT_SYMBOL(ioread8);
···
176
176
177
177
void writeb(u8 b, volatile void __iomem *addr)
178
178
{
179
-
__raw_writeb(b, addr);
180
179
mb();
180
+
__raw_writeb(b, addr);
181
181
}
182
182
183
183
void writew(u16 b, volatile void __iomem *addr)
184
184
{
185
-
__raw_writew(b, addr);
186
185
mb();
186
+
__raw_writew(b, addr);
187
187
}
188
188
189
189
void writel(u32 b, volatile void __iomem *addr)
190
190
{
191
-
__raw_writel(b, addr);
192
191
mb();
192
+
__raw_writel(b, addr);
193
193
}
194
194
195
195
void writeq(u64 b, volatile void __iomem *addr)
196
196
{
197
-
__raw_writeq(b, addr);
198
197
mb();
198
+
__raw_writeq(b, addr);
199
199
}
200
200
201
201
EXPORT_SYMBOL(readb);
-33
arch/alpha/kernel/pci-noop.c
-33
arch/alpha/kernel/pci-noop.c
···
102
102
else
103
103
return -ENODEV;
104
104
}
105
-
106
-
static void *alpha_noop_alloc_coherent(struct device *dev, size_t size,
107
-
dma_addr_t *dma_handle, gfp_t gfp,
108
-
unsigned long attrs)
109
-
{
110
-
void *ret;
111
-
112
-
if (!dev || *dev->dma_mask >= 0xffffffffUL)
113
-
gfp &= ~GFP_DMA;
114
-
ret = (void *)__get_free_pages(gfp, get_order(size));
115
-
if (ret) {
116
-
memset(ret, 0, size);
117
-
*dma_handle = virt_to_phys(ret);
118
-
}
119
-
return ret;
120
-
}
121
-
122
-
static int alpha_noop_supported(struct device *dev, u64 mask)
123
-
{
124
-
return mask < 0x00ffffffUL ? 0 : 1;
125
-
}
126
-
127
-
const struct dma_map_ops alpha_noop_ops = {
128
-
.alloc = alpha_noop_alloc_coherent,
129
-
.free = dma_noop_free_coherent,
130
-
.map_page = dma_noop_map_page,
131
-
.map_sg = dma_noop_map_sg,
132
-
.mapping_error = dma_noop_mapping_error,
133
-
.dma_supported = alpha_noop_supported,
134
-
};
135
-
136
-
const struct dma_map_ops *dma_ops = &alpha_noop_ops;
137
-
EXPORT_SYMBOL(dma_ops);
+1
-3
arch/alpha/kernel/pci_iommu.c
+1
-3
arch/alpha/kernel/pci_iommu.c
+3
-3
arch/arm/boot/dts/sun4i-a10.dtsi
+3
-3
arch/arm/boot/dts/sun4i-a10.dtsi
···
76
76
allwinner,pipeline = "de_fe0-de_be0-lcd0-hdmi";
77
77
clocks = <&ccu CLK_AHB_LCD0>, <&ccu CLK_AHB_HDMI0>,
78
78
<&ccu CLK_AHB_DE_BE0>, <&ccu CLK_AHB_DE_FE0>,
79
-
<&ccu CLK_DE_BE0>, <&ccu CLK_AHB_DE_FE0>,
79
+
<&ccu CLK_DE_BE0>, <&ccu CLK_DE_FE0>,
80
80
<&ccu CLK_TCON0_CH1>, <&ccu CLK_HDMI>,
81
81
<&ccu CLK_DRAM_DE_FE0>, <&ccu CLK_DRAM_DE_BE0>;
82
82
status = "disabled";
···
88
88
allwinner,pipeline = "de_fe0-de_be0-lcd0";
89
89
clocks = <&ccu CLK_AHB_LCD0>, <&ccu CLK_AHB_DE_BE0>,
90
90
<&ccu CLK_AHB_DE_FE0>, <&ccu CLK_DE_BE0>,
91
-
<&ccu CLK_AHB_DE_FE0>, <&ccu CLK_TCON0_CH0>,
91
+
<&ccu CLK_DE_FE0>, <&ccu CLK_TCON0_CH0>,
92
92
<&ccu CLK_DRAM_DE_FE0>, <&ccu CLK_DRAM_DE_BE0>;
93
93
status = "disabled";
94
94
};
···
99
99
allwinner,pipeline = "de_fe0-de_be0-lcd0-tve0";
100
100
clocks = <&ccu CLK_AHB_TVE0>, <&ccu CLK_AHB_LCD0>,
101
101
<&ccu CLK_AHB_DE_BE0>, <&ccu CLK_AHB_DE_FE0>,
102
-
<&ccu CLK_DE_BE0>, <&ccu CLK_AHB_DE_FE0>,
102
+
<&ccu CLK_DE_BE0>, <&ccu CLK_DE_FE0>,
103
103
<&ccu CLK_TCON0_CH1>, <&ccu CLK_DRAM_TVE0>,
104
104
<&ccu CLK_DRAM_DE_FE0>, <&ccu CLK_DRAM_DE_BE0>;
105
105
status = "disabled";
+1
arch/arm/boot/dts/sun8i-h3-orangepi-one.dts
+1
arch/arm/boot/dts/sun8i-h3-orangepi-one.dts
+1
-1
arch/arm/boot/dts/sun8i-v3s-licheepi-zero-dock.dts
+1
-1
arch/arm/boot/dts/sun8i-v3s-licheepi-zero-dock.dts
+1
-1
arch/arm/mach-ep93xx/core.c
+1
-1
arch/arm/mach-ep93xx/core.c
···
323
323
324
324
/* All EP93xx devices use the same two GPIO pins for I2C bit-banging */
325
325
static struct gpiod_lookup_table ep93xx_i2c_gpiod_table = {
326
-
.dev_id = "i2c-gpio",
326
+
.dev_id = "i2c-gpio.0",
327
327
.table = {
328
328
/* Use local offsets on gpiochip/port "G" */
329
329
GPIO_LOOKUP_IDX("G", 1, NULL, 0,
+1
-1
arch/arm/mach-ixp4xx/avila-setup.c
+1
-1
arch/arm/mach-ixp4xx/avila-setup.c
+1
-1
arch/arm/mach-ixp4xx/dsmg600-setup.c
+1
-1
arch/arm/mach-ixp4xx/dsmg600-setup.c
+1
-1
arch/arm/mach-ixp4xx/fsg-setup.c
+1
-1
arch/arm/mach-ixp4xx/fsg-setup.c
+1
-1
arch/arm/mach-ixp4xx/ixdp425-setup.c
+1
-1
arch/arm/mach-ixp4xx/ixdp425-setup.c
···
124
124
#endif /* CONFIG_MTD_NAND_PLATFORM */
125
125
126
126
static struct gpiod_lookup_table ixdp425_i2c_gpiod_table = {
127
-
.dev_id = "i2c-gpio",
127
+
.dev_id = "i2c-gpio.0",
128
128
.table = {
129
129
GPIO_LOOKUP_IDX("IXP4XX_GPIO_CHIP", IXDP425_SDA_PIN,
130
130
NULL, 0, GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN),
+1
-1
arch/arm/mach-ixp4xx/nas100d-setup.c
+1
-1
arch/arm/mach-ixp4xx/nas100d-setup.c
+1
-1
arch/arm/mach-ixp4xx/nslu2-setup.c
+1
-1
arch/arm/mach-ixp4xx/nslu2-setup.c
+1
-1
arch/arm/mach-pxa/palmz72.c
+1
-1
arch/arm/mach-pxa/palmz72.c
+2
-2
arch/arm/mach-pxa/viper.c
+2
-2
arch/arm/mach-pxa/viper.c
···
460
460
461
461
/* i2c */
462
462
static struct gpiod_lookup_table viper_i2c_gpiod_table = {
463
-
.dev_id = "i2c-gpio",
463
+
.dev_id = "i2c-gpio.1",
464
464
.table = {
465
465
GPIO_LOOKUP_IDX("gpio-pxa", VIPER_RTC_I2C_SDA_GPIO,
466
466
NULL, 0, GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN),
···
789
789
__setup("tpm=", viper_tpm_setup);
790
790
791
791
struct gpiod_lookup_table viper_tpm_i2c_gpiod_table = {
792
-
.dev_id = "i2c-gpio",
792
+
.dev_id = "i2c-gpio.2",
793
793
.table = {
794
794
GPIO_LOOKUP_IDX("gpio-pxa", VIPER_TPM_I2C_SDA_GPIO,
795
795
NULL, 0, GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN),
+1
-1
arch/arm/mach-sa1100/simpad.c
+1
-1
arch/arm/mach-sa1100/simpad.c
+1
-15
arch/arm/mm/dma-mapping.c
+1
-15
arch/arm/mm/dma-mapping.c
···
466
466
void __init dma_contiguous_remap(void)
467
467
{
468
468
int i;
469
-
470
-
if (!dma_mmu_remap_num)
471
-
return;
472
-
473
-
/* call flush_cache_all() since CMA area would be large enough */
474
-
flush_cache_all();
475
469
for (i = 0; i < dma_mmu_remap_num; i++) {
476
470
phys_addr_t start = dma_mmu_remap[i].base;
477
471
phys_addr_t end = start + dma_mmu_remap[i].size;
···
498
504
flush_tlb_kernel_range(__phys_to_virt(start),
499
505
__phys_to_virt(end));
500
506
501
-
/*
502
-
* All the memory in CMA region will be on ZONE_MOVABLE.
503
-
* If that zone is considered as highmem, the memory in CMA
504
-
* region is also considered as highmem even if it's
505
-
* physical address belong to lowmem. In this case,
506
-
* re-mapping isn't required.
507
-
*/
508
-
if (!is_highmem_idx(ZONE_MOVABLE))
509
-
iotable_init(&map, 1);
507
+
iotable_init(&map, 1);
510
508
}
511
509
}
512
510
-1
arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts
-1
arch/arm64/boot/dts/hisilicon/hi6220-hikey.dts
+12
-12
arch/arm64/include/asm/atomic_lse.h
+12
-12
arch/arm64/include/asm/atomic_lse.h
···
117
117
/* LSE atomics */
118
118
" mvn %w[i], %w[i]\n"
119
119
" stclr %w[i], %[v]")
120
-
: [i] "+r" (w0), [v] "+Q" (v->counter)
120
+
: [i] "+&r" (w0), [v] "+Q" (v->counter)
121
121
: "r" (x1)
122
122
: __LL_SC_CLOBBERS);
123
123
}
···
135
135
/* LSE atomics */ \
136
136
" mvn %w[i], %w[i]\n" \
137
137
" ldclr" #mb " %w[i], %w[i], %[v]") \
138
-
: [i] "+r" (w0), [v] "+Q" (v->counter) \
138
+
: [i] "+&r" (w0), [v] "+Q" (v->counter) \
139
139
: "r" (x1) \
140
140
: __LL_SC_CLOBBERS, ##cl); \
141
141
\
···
161
161
/* LSE atomics */
162
162
" neg %w[i], %w[i]\n"
163
163
" stadd %w[i], %[v]")
164
-
: [i] "+r" (w0), [v] "+Q" (v->counter)
164
+
: [i] "+&r" (w0), [v] "+Q" (v->counter)
165
165
: "r" (x1)
166
166
: __LL_SC_CLOBBERS);
167
167
}
···
180
180
" neg %w[i], %w[i]\n" \
181
181
" ldadd" #mb " %w[i], w30, %[v]\n" \
182
182
" add %w[i], %w[i], w30") \
183
-
: [i] "+r" (w0), [v] "+Q" (v->counter) \
183
+
: [i] "+&r" (w0), [v] "+Q" (v->counter) \
184
184
: "r" (x1) \
185
185
: __LL_SC_CLOBBERS , ##cl); \
186
186
\
···
207
207
/* LSE atomics */ \
208
208
" neg %w[i], %w[i]\n" \
209
209
" ldadd" #mb " %w[i], %w[i], %[v]") \
210
-
: [i] "+r" (w0), [v] "+Q" (v->counter) \
210
+
: [i] "+&r" (w0), [v] "+Q" (v->counter) \
211
211
: "r" (x1) \
212
212
: __LL_SC_CLOBBERS, ##cl); \
213
213
\
···
314
314
/* LSE atomics */
315
315
" mvn %[i], %[i]\n"
316
316
" stclr %[i], %[v]")
317
-
: [i] "+r" (x0), [v] "+Q" (v->counter)
317
+
: [i] "+&r" (x0), [v] "+Q" (v->counter)
318
318
: "r" (x1)
319
319
: __LL_SC_CLOBBERS);
320
320
}
···
332
332
/* LSE atomics */ \
333
333
" mvn %[i], %[i]\n" \
334
334
" ldclr" #mb " %[i], %[i], %[v]") \
335
-
: [i] "+r" (x0), [v] "+Q" (v->counter) \
335
+
: [i] "+&r" (x0), [v] "+Q" (v->counter) \
336
336
: "r" (x1) \
337
337
: __LL_SC_CLOBBERS, ##cl); \
338
338
\
···
358
358
/* LSE atomics */
359
359
" neg %[i], %[i]\n"
360
360
" stadd %[i], %[v]")
361
-
: [i] "+r" (x0), [v] "+Q" (v->counter)
361
+
: [i] "+&r" (x0), [v] "+Q" (v->counter)
362
362
: "r" (x1)
363
363
: __LL_SC_CLOBBERS);
364
364
}
···
377
377
" neg %[i], %[i]\n" \
378
378
" ldadd" #mb " %[i], x30, %[v]\n" \
379
379
" add %[i], %[i], x30") \
380
-
: [i] "+r" (x0), [v] "+Q" (v->counter) \
380
+
: [i] "+&r" (x0), [v] "+Q" (v->counter) \
381
381
: "r" (x1) \
382
382
: __LL_SC_CLOBBERS, ##cl); \
383
383
\
···
404
404
/* LSE atomics */ \
405
405
" neg %[i], %[i]\n" \
406
406
" ldadd" #mb " %[i], %[i], %[v]") \
407
-
: [i] "+r" (x0), [v] "+Q" (v->counter) \
407
+
: [i] "+&r" (x0), [v] "+Q" (v->counter) \
408
408
: "r" (x1) \
409
409
: __LL_SC_CLOBBERS, ##cl); \
410
410
\
···
435
435
" sub x30, x30, %[ret]\n"
436
436
" cbnz x30, 1b\n"
437
437
"2:")
438
-
: [ret] "+r" (x0), [v] "+Q" (v->counter)
438
+
: [ret] "+&r" (x0), [v] "+Q" (v->counter)
439
439
:
440
440
: __LL_SC_CLOBBERS, "cc", "memory");
441
441
···
516
516
" eor %[old1], %[old1], %[oldval1]\n" \
517
517
" eor %[old2], %[old2], %[oldval2]\n" \
518
518
" orr %[old1], %[old1], %[old2]") \
519
-
: [old1] "+r" (x0), [old2] "+r" (x1), \
519
+
: [old1] "+&r" (x0), [old2] "+&r" (x1), \
520
520
[v] "+Q" (*(unsigned long *)ptr) \
521
521
: [new1] "r" (x2), [new2] "r" (x3), [ptr] "r" (x4), \
522
522
[oldval1] "r" (oldval1), [oldval2] "r" (oldval2) \
+8
arch/arm64/kernel/arm64ksyms.c
+8
arch/arm64/kernel/arm64ksyms.c
···
75
75
/* arm-smccc */
76
76
EXPORT_SYMBOL(__arm_smccc_smc);
77
77
EXPORT_SYMBOL(__arm_smccc_hvc);
78
+
79
+
/* tishift.S */
80
+
extern long long __ashlti3(long long a, int b);
81
+
EXPORT_SYMBOL(__ashlti3);
82
+
extern long long __ashrti3(long long a, int b);
83
+
EXPORT_SYMBOL(__ashrti3);
84
+
extern long long __lshrti3(long long a, int b);
85
+
EXPORT_SYMBOL(__lshrti3);
+2
-13
arch/arm64/lib/tishift.S
+2
-13
arch/arm64/lib/tishift.S
···
1
-
/*
2
-
* Copyright (C) 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
1
+
/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause)
3
2
*
4
-
* This program is free software; you can redistribute it and/or modify
5
-
* it under the terms of the GNU General Public License version 2 as
6
-
* published by the Free Software Foundation.
7
-
*
8
-
* This program is distributed in the hope that it will be useful,
9
-
* but WITHOUT ANY WARRANTY; without even the implied warranty of
10
-
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11
-
* GNU General Public License for more details.
12
-
*
13
-
* You should have received a copy of the GNU General Public License
14
-
* along with this program. If not, see <http://www.gnu.org/licenses/>.
3
+
* Copyright (C) 2017-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
15
4
*/
16
5
17
6
#include <linux/linkage.h>
+51
arch/arm64/mm/fault.c
+51
arch/arm64/mm/fault.c
···
293
293
static void __do_user_fault(struct siginfo *info, unsigned int esr)
294
294
{
295
295
current->thread.fault_address = (unsigned long)info->si_addr;
296
+
297
+
/*
298
+
* If the faulting address is in the kernel, we must sanitize the ESR.
299
+
* From userspace's point of view, kernel-only mappings don't exist
300
+
* at all, so we report them as level 0 translation faults.
301
+
* (This is not quite the way that "no mapping there at all" behaves:
302
+
* an alignment fault not caused by the memory type would take
303
+
* precedence over translation fault for a real access to empty
304
+
* space. Unfortunately we can't easily distinguish "alignment fault
305
+
* not caused by memory type" from "alignment fault caused by memory
306
+
* type", so we ignore this wrinkle and just return the translation
307
+
* fault.)
308
+
*/
309
+
if (current->thread.fault_address >= TASK_SIZE) {
310
+
switch (ESR_ELx_EC(esr)) {
311
+
case ESR_ELx_EC_DABT_LOW:
312
+
/*
313
+
* These bits provide only information about the
314
+
* faulting instruction, which userspace knows already.
315
+
* We explicitly clear bits which are architecturally
316
+
* RES0 in case they are given meanings in future.
317
+
* We always report the ESR as if the fault was taken
318
+
* to EL1 and so ISV and the bits in ISS[23:14] are
319
+
* clear. (In fact it always will be a fault to EL1.)
320
+
*/
321
+
esr &= ESR_ELx_EC_MASK | ESR_ELx_IL |
322
+
ESR_ELx_CM | ESR_ELx_WNR;
323
+
esr |= ESR_ELx_FSC_FAULT;
324
+
break;
325
+
case ESR_ELx_EC_IABT_LOW:
326
+
/*
327
+
* Claim a level 0 translation fault.
328
+
* All other bits are architecturally RES0 for faults
329
+
* reported with that DFSC value, so we clear them.
330
+
*/
331
+
esr &= ESR_ELx_EC_MASK | ESR_ELx_IL;
332
+
esr |= ESR_ELx_FSC_FAULT;
333
+
break;
334
+
default:
335
+
/*
336
+
* This should never happen (entry.S only brings us
337
+
* into this code for insn and data aborts from a lower
338
+
* exception level). Fail safe by not providing an ESR
339
+
* context record at all.
340
+
*/
341
+
WARN(1, "ESR 0x%x is not DABT or IABT from EL0\n", esr);
342
+
esr = 0;
343
+
break;
344
+
}
345
+
}
346
+
296
347
current->thread.fault_code = esr;
297
348
arm64_force_sig_info(info, esr_to_fault_info(esr)->name, current);
298
349
}
+10
-6
arch/arm64/mm/mmu.c
+10
-6
arch/arm64/mm/mmu.c
···
933
933
{
934
934
pgprot_t sect_prot = __pgprot(PUD_TYPE_SECT |
935
935
pgprot_val(mk_sect_prot(prot)));
936
+
pud_t new_pud = pfn_pud(__phys_to_pfn(phys), sect_prot);
936
937
937
-
/* ioremap_page_range doesn't honour BBM */
938
-
if (pud_present(READ_ONCE(*pudp)))
938
+
/* Only allow permission changes for now */
939
+
if (!pgattr_change_is_safe(READ_ONCE(pud_val(*pudp)),
940
+
pud_val(new_pud)))
939
941
return 0;
940
942
941
943
BUG_ON(phys & ~PUD_MASK);
942
-
set_pud(pudp, pfn_pud(__phys_to_pfn(phys), sect_prot));
944
+
set_pud(pudp, new_pud);
943
945
return 1;
944
946
}
945
947
···
949
947
{
950
948
pgprot_t sect_prot = __pgprot(PMD_TYPE_SECT |
951
949
pgprot_val(mk_sect_prot(prot)));
950
+
pmd_t new_pmd = pfn_pmd(__phys_to_pfn(phys), sect_prot);
952
951
953
-
/* ioremap_page_range doesn't honour BBM */
954
-
if (pmd_present(READ_ONCE(*pmdp)))
952
+
/* Only allow permission changes for now */
953
+
if (!pgattr_change_is_safe(READ_ONCE(pmd_val(*pmdp)),
954
+
pmd_val(new_pmd)))
955
955
return 0;
956
956
957
957
BUG_ON(phys & ~PMD_MASK);
958
-
set_pmd(pmdp, pfn_pmd(__phys_to_pfn(phys), sect_prot));
958
+
set_pmd(pmdp, new_pmd);
959
959
return 1;
960
960
}
961
961
+3
-3
arch/mips/boot/compressed/uart-16550.c
+3
-3
arch/mips/boot/compressed/uart-16550.c
···
18
18
#define PORT(offset) (CKSEG1ADDR(AR7_REGS_UART0) + (4 * offset))
19
19
#endif
20
20
21
-
#if defined(CONFIG_MACH_JZ4740) || defined(CONFIG_MACH_JZ4780)
22
-
#include <asm/mach-jz4740/base.h>
23
-
#define PORT(offset) (CKSEG1ADDR(JZ4740_UART0_BASE_ADDR) + (4 * offset))
21
+
#ifdef CONFIG_MACH_INGENIC
22
+
#define INGENIC_UART0_BASE_ADDR 0x10030000
23
+
#define PORT(offset) (CKSEG1ADDR(INGENIC_UART0_BASE_ADDR) + (4 * offset))
24
24
#endif
25
25
26
26
#ifdef CONFIG_CPU_XLR
-2
arch/mips/boot/dts/xilfpga/Makefile
-2
arch/mips/boot/dts/xilfpga/Makefile
+1
arch/mips/generic/Platform
+1
arch/mips/generic/Platform
+4
arch/mips/kernel/process.c
+4
arch/mips/kernel/process.c
···
721
721
if (value & ~known_bits)
722
722
return -EOPNOTSUPP;
723
723
724
+
/* Setting FRE without FR is not supported. */
725
+
if ((value & (PR_FP_MODE_FR | PR_FP_MODE_FRE)) == PR_FP_MODE_FRE)
726
+
return -EOPNOTSUPP;
727
+
724
728
/* Avoid inadvertently triggering emulation */
725
729
if ((value & PR_FP_MODE_FR) && raw_cpu_has_fpu &&
726
730
!(raw_current_cpu_data.fpu_id & MIPS_FPIR_F64))
+19
-5
arch/mips/kernel/ptrace.c
+19
-5
arch/mips/kernel/ptrace.c
···
463
463
/*
464
464
* Copy the floating-point context to the supplied NT_PRFPREG buffer.
465
465
* Choose the appropriate helper for general registers, and then copy
466
-
* the FCSR register separately.
466
+
* the FCSR and FIR registers separately.
467
467
*/
468
468
static int fpr_get(struct task_struct *target,
469
469
const struct user_regset *regset,
···
471
471
void *kbuf, void __user *ubuf)
472
472
{
473
473
const int fcr31_pos = NUM_FPU_REGS * sizeof(elf_fpreg_t);
474
+
const int fir_pos = fcr31_pos + sizeof(u32);
474
475
int err;
475
476
476
477
if (sizeof(target->thread.fpu.fpr[0]) == sizeof(elf_fpreg_t))
···
484
483
err = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
485
484
&target->thread.fpu.fcr31,
486
485
fcr31_pos, fcr31_pos + sizeof(u32));
486
+
if (err)
487
+
return err;
488
+
489
+
err = user_regset_copyout(&pos, &count, &kbuf, &ubuf,
490
+
&boot_cpu_data.fpu_id,
491
+
fir_pos, fir_pos + sizeof(u32));
487
492
488
493
return err;
489
494
}
···
538
531
/*
539
532
* Copy the supplied NT_PRFPREG buffer to the floating-point context.
540
533
* Choose the appropriate helper for general registers, and then copy
541
-
* the FCSR register separately.
534
+
* the FCSR register separately. Ignore the incoming FIR register
535
+
* contents though, as the register is read-only.
542
536
*
543
537
* We optimize for the case where `count % sizeof(elf_fpreg_t) == 0',
544
538
* which is supposed to have been guaranteed by the kernel before
···
553
545
const void *kbuf, const void __user *ubuf)
554
546
{
555
547
const int fcr31_pos = NUM_FPU_REGS * sizeof(elf_fpreg_t);
548
+
const int fir_pos = fcr31_pos + sizeof(u32);
556
549
u32 fcr31;
557
550
int err;
558
551
···
580
571
581
572
ptrace_setfcr31(target, fcr31);
582
573
}
574
+
575
+
if (count > 0)
576
+
err = user_regset_copyin_ignore(&pos, &count, &kbuf, &ubuf,
577
+
fir_pos,
578
+
fir_pos + sizeof(u32));
583
579
584
580
return err;
585
581
}
···
807
793
fregs = get_fpu_regs(child);
808
794
809
795
#ifdef CONFIG_32BIT
810
-
if (test_thread_flag(TIF_32BIT_FPREGS)) {
796
+
if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
811
797
/*
812
798
* The odd registers are actually the high
813
799
* order bits of the values stored in the even
···
818
804
break;
819
805
}
820
806
#endif
821
-
tmp = get_fpr32(&fregs[addr - FPR_BASE], 0);
807
+
tmp = get_fpr64(&fregs[addr - FPR_BASE], 0);
822
808
break;
823
809
case PC:
824
810
tmp = regs->cp0_epc;
···
902
888
903
889
init_fp_ctx(child);
904
890
#ifdef CONFIG_32BIT
905
-
if (test_thread_flag(TIF_32BIT_FPREGS)) {
891
+
if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
906
892
/*
907
893
* The odd registers are actually the high
908
894
* order bits of the values stored in the even
+3
-3
arch/mips/kernel/ptrace32.c
+3
-3
arch/mips/kernel/ptrace32.c
···
99
99
break;
100
100
}
101
101
fregs = get_fpu_regs(child);
102
-
if (test_thread_flag(TIF_32BIT_FPREGS)) {
102
+
if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
103
103
/*
104
104
* The odd registers are actually the high
105
105
* order bits of the values stored in the even
···
109
109
addr & 1);
110
110
break;
111
111
}
112
-
tmp = get_fpr32(&fregs[addr - FPR_BASE], 0);
112
+
tmp = get_fpr64(&fregs[addr - FPR_BASE], 0);
113
113
break;
114
114
case PC:
115
115
tmp = regs->cp0_epc;
···
212
212
sizeof(child->thread.fpu));
213
213
child->thread.fpu.fcr31 = 0;
214
214
}
215
-
if (test_thread_flag(TIF_32BIT_FPREGS)) {
215
+
if (test_tsk_thread_flag(child, TIF_32BIT_FPREGS)) {
216
216
/*
217
217
* The odd registers are actually the high
218
218
* order bits of the values stored in the even
+1
-1
arch/mips/kvm/mips.c
+1
-1
arch/mips/kvm/mips.c
···
45
45
{ "cache", VCPU_STAT(cache_exits), KVM_STAT_VCPU },
46
46
{ "signal", VCPU_STAT(signal_exits), KVM_STAT_VCPU },
47
47
{ "interrupt", VCPU_STAT(int_exits), KVM_STAT_VCPU },
48
-
{ "cop_unsuable", VCPU_STAT(cop_unusable_exits), KVM_STAT_VCPU },
48
+
{ "cop_unusable", VCPU_STAT(cop_unusable_exits), KVM_STAT_VCPU },
49
49
{ "tlbmod", VCPU_STAT(tlbmod_exits), KVM_STAT_VCPU },
50
50
{ "tlbmiss_ld", VCPU_STAT(tlbmiss_ld_exits), KVM_STAT_VCPU },
51
51
{ "tlbmiss_st", VCPU_STAT(tlbmiss_st_exits), KVM_STAT_VCPU },
+6
-3
arch/mips/mm/c-r4k.c
+6
-3
arch/mips/mm/c-r4k.c
···
851
851
/*
852
852
* Either no secondary cache or the available caches don't have the
853
853
* subset property so we have to flush the primary caches
854
-
* explicitly
854
+
* explicitly.
855
+
* If we would need IPI to perform an INDEX-type operation, then
856
+
* we have to use the HIT-type alternative as IPI cannot be used
857
+
* here due to interrupts possibly being disabled.
855
858
*/
856
-
if (size >= dcache_size) {
859
+
if (!r4k_op_needs_ipi(R4K_INDEX) && size >= dcache_size) {
857
860
r4k_blast_dcache();
858
861
} else {
859
862
R4600_HIT_CACHEOP_WAR_IMPL;
···
893
890
return;
894
891
}
895
892
896
-
if (size >= dcache_size) {
893
+
if (!r4k_op_needs_ipi(R4K_INDEX) && size >= dcache_size) {
897
894
r4k_blast_dcache();
898
895
} else {
899
896
R4600_HIT_CACHEOP_WAR_IMPL;
+7
arch/nds32/Kconfig
+7
arch/nds32/Kconfig
···
9
9
select CLKSRC_MMIO
10
10
select CLONE_BACKWARDS
11
11
select COMMON_CLK
12
+
select GENERIC_ASHLDI3
13
+
select GENERIC_ASHRDI3
14
+
select GENERIC_LSHRDI3
15
+
select GENERIC_CMPDI2
16
+
select GENERIC_MULDI3
17
+
select GENERIC_UCMPDI2
12
18
select GENERIC_ATOMIC64
13
19
select GENERIC_CPU_DEVICES
14
20
select GENERIC_CLOCKEVENTS
···
88
82
89
83
menu "Kernel Features"
90
84
source "kernel/Kconfig.preempt"
85
+
source "kernel/Kconfig.freezer"
91
86
source "mm/Kconfig"
92
87
source "kernel/Kconfig.hz"
93
88
endmenu
+3
-2
arch/nds32/Kconfig.cpu
+3
-2
arch/nds32/Kconfig.cpu
+4
-3
arch/nds32/Makefile
+4
-3
arch/nds32/Makefile
···
23
23
# If we have a machine-specific directory, then include it in the build.
24
24
core-y += arch/nds32/kernel/ arch/nds32/mm/
25
25
libs-y += arch/nds32/lib/
26
-
LIBGCC_PATH := \
27
-
$(shell $(CC) $(KBUILD_CFLAGS) $(KCFLAGS) -print-libgcc-file-name)
28
-
libs-y += $(LIBGCC_PATH)
29
26
30
27
ifneq '$(CONFIG_NDS32_BUILTIN_DTB)' '""'
31
28
BUILTIN_DTB := y
···
32
35
33
36
ifdef CONFIG_CPU_LITTLE_ENDIAN
34
37
KBUILD_CFLAGS += $(call cc-option, -EL)
38
+
KBUILD_AFLAGS += $(call cc-option, -EL)
39
+
LDFLAGS += $(call cc-option, -EL)
35
40
else
36
41
KBUILD_CFLAGS += $(call cc-option, -EB)
42
+
KBUILD_AFLAGS += $(call cc-option, -EB)
43
+
LDFLAGS += $(call cc-option, -EB)
37
44
endif
38
45
39
46
boot := arch/nds32/boot
+2
arch/nds32/include/asm/Kbuild
+2
arch/nds32/include/asm/Kbuild
···
16
16
generic-y += emergency-restart.h
17
17
generic-y += errno.h
18
18
generic-y += exec.h
19
+
generic-y += export.h
19
20
generic-y += fb.h
20
21
generic-y += fcntl.h
21
22
generic-y += ftrace.h
···
50
49
generic-y += timex.h
51
50
generic-y += topology.h
52
51
generic-y += trace_clock.h
52
+
generic-y += xor.h
53
53
generic-y += unaligned.h
54
54
generic-y += user.h
55
55
generic-y += vga.h
+2
-1
arch/nds32/include/asm/bitfield.h
+2
-1
arch/nds32/include/asm/bitfield.h
···
336
336
#define INT_MASK_mskIDIVZE ( 0x1 << INT_MASK_offIDIVZE )
337
337
#define INT_MASK_mskDSSIM ( 0x1 << INT_MASK_offDSSIM )
338
338
339
-
#define INT_MASK_INITAIAL_VAL 0x10003
339
+
#define INT_MASK_INITAIAL_VAL (INT_MASK_mskDSSIM|INT_MASK_mskIDIVZE)
340
340
341
341
/******************************************************************************
342
342
* ir15: INT_PEND (Interrupt Pending Register)
···
396
396
#define MMU_CTL_D8KB 1
397
397
#define MMU_CTL_UNA ( 0x1 << MMU_CTL_offUNA )
398
398
399
+
#define MMU_CTL_CACHEABLE_NON 0
399
400
#define MMU_CTL_CACHEABLE_WB 2
400
401
#define MMU_CTL_CACHEABLE_WT 3
401
402
+2
arch/nds32/include/asm/cacheflush.h
+2
arch/nds32/include/asm/cacheflush.h
···
32
32
33
33
#define ARCH_HAS_FLUSH_KERNEL_DCACHE_PAGE
34
34
void flush_kernel_dcache_page(struct page *page);
35
+
void flush_kernel_vmap_range(void *addr, int size);
36
+
void invalidate_kernel_vmap_range(void *addr, int size);
35
37
void flush_icache_range(unsigned long start, unsigned long end);
36
38
void flush_icache_page(struct vm_area_struct *vma, struct page *page);
37
39
#define flush_dcache_mmap_lock(mapping) xa_lock_irq(&(mapping)->i_pages)
+2
arch/nds32/include/asm/io.h
+2
arch/nds32/include/asm/io.h
+3
arch/nds32/include/asm/page.h
+3
arch/nds32/include/asm/page.h
···
27
27
unsigned long vaddr, struct vm_area_struct *vma);
28
28
extern void clear_user_highpage(struct page *page, unsigned long vaddr);
29
29
30
+
void copy_user_page(void *vto, void *vfrom, unsigned long vaddr,
31
+
struct page *to);
32
+
void clear_user_page(void *addr, unsigned long vaddr, struct page *page);
30
33
#define __HAVE_ARCH_COPY_USER_HIGHPAGE
31
34
#define clear_user_highpage clear_user_highpage
32
35
#else
+1
arch/nds32/include/asm/pgtable.h
+1
arch/nds32/include/asm/pgtable.h
···
152
152
#define PAGE_CACHE_L1 __pgprot(_HAVE_PAGE_L | _PAGE_V | _PAGE_M_KRW | _PAGE_D | _PAGE_E | _PAGE_G | _PAGE_CACHE)
153
153
#define PAGE_MEMORY __pgprot(_HAVE_PAGE_L | _PAGE_V | _PAGE_M_KRW | _PAGE_D | _PAGE_E | _PAGE_G | _PAGE_CACHE_SHRD)
154
154
#define PAGE_KERNEL __pgprot(_PAGE_V | _PAGE_M_KRW | _PAGE_D | _PAGE_E | _PAGE_G | _PAGE_CACHE_SHRD)
155
+
#define PAGE_SHARED __pgprot(_PAGE_V | _PAGE_M_URW_KRW | _PAGE_D | _PAGE_CACHE_SHRD)
155
156
#define PAGE_DEVICE __pgprot(_PAGE_V | _PAGE_M_KRW | _PAGE_D | _PAGE_G | _PAGE_C_DEV)
156
157
#endif /* __ASSEMBLY__ */
157
158
+1
-1
arch/nds32/kernel/ex-entry.S
+1
-1
arch/nds32/kernel/ex-entry.S
+25
-7
arch/nds32/kernel/head.S
+25
-7
arch/nds32/kernel/head.S
···
57
57
isb
58
58
mtsr $r4, $L1_PPTB ! load page table pointer\n"
59
59
60
-
/* set NTC0 cacheable/writeback, mutliple page size in use */
61
-
mfsr $r3, $MMU_CTL
62
-
li $r0, #~MMU_CTL_mskNTC0
63
-
and $r3, $r3, $r0
64
-
#ifdef CONFIG_ANDES_PAGE_SIZE_4KB
65
-
ori $r3, $r3, #(MMU_CTL_mskMPZIU|(MMU_CTL_CACHEABLE_WB << MMU_CTL_offNTC0))
60
+
#ifdef CONFIG_CPU_DCACHE_DISABLE
61
+
#define MMU_CTL_NTCC MMU_CTL_CACHEABLE_NON
66
62
#else
67
-
ori $r3, $r3, #(MMU_CTL_mskMPZIU|(MMU_CTL_CACHEABLE_WB << MMU_CTL_offNTC0)|MMU_CTL_D8KB)
63
+
#ifdef CONFIG_CPU_DCACHE_WRITETHROUGH
64
+
#define MMU_CTL_NTCC MMU_CTL_CACHEABLE_WT
65
+
#else
66
+
#define MMU_CTL_NTCC MMU_CTL_CACHEABLE_WB
67
+
#endif
68
+
#endif
69
+
70
+
/* set NTC cacheability, mutliple page size in use */
71
+
mfsr $r3, $MMU_CTL
72
+
#if CONFIG_MEMORY_START >= 0xc0000000
73
+
ori $r3, $r3, (MMU_CTL_NTCC << MMU_CTL_offNTC3)
74
+
#elif CONFIG_MEMORY_START >= 0x80000000
75
+
ori $r3, $r3, (MMU_CTL_NTCC << MMU_CTL_offNTC2)
76
+
#elif CONFIG_MEMORY_START >= 0x40000000
77
+
ori $r3, $r3, (MMU_CTL_NTCC << MMU_CTL_offNTC1)
78
+
#else
79
+
ori $r3, $r3, (MMU_CTL_NTCC << MMU_CTL_offNTC0)
80
+
#endif
81
+
82
+
#ifdef CONFIG_ANDES_PAGE_SIZE_4KB
83
+
ori $r3, $r3, #(MMU_CTL_mskMPZIU)
84
+
#else
85
+
ori $r3, $r3, #(MMU_CTL_mskMPZIU|MMU_CTL_D8KB)
68
86
#endif
69
87
#ifdef CONFIG_HW_SUPPORT_UNALIGNMENT_ACCESS
70
88
li $r0, #MMU_CTL_UNA
+3
arch/nds32/kernel/setup.c
+3
arch/nds32/kernel/setup.c
+2
arch/nds32/kernel/stacktrace.c
+2
arch/nds32/kernel/stacktrace.c
···
9
9
{
10
10
save_stack_trace_tsk(current, trace);
11
11
}
12
+
EXPORT_SYMBOL_GPL(save_stack_trace);
12
13
13
14
void save_stack_trace_tsk(struct task_struct *tsk, struct stack_trace *trace)
14
15
{
···
46
45
fpn = (unsigned long *)fpp;
47
46
}
48
47
}
48
+
EXPORT_SYMBOL_GPL(save_stack_trace_tsk);
+5
-5
arch/nds32/kernel/vdso.c
+5
-5
arch/nds32/kernel/vdso.c
···
23
23
#include <asm/vdso_timer_info.h>
24
24
#include <asm/cache_info.h>
25
25
extern struct cache_info L1_cache_info[2];
26
-
extern char vdso_start, vdso_end;
26
+
extern char vdso_start[], vdso_end[];
27
27
static unsigned long vdso_pages __ro_after_init;
28
28
static unsigned long timer_mapping_base;
29
29
···
66
66
int i;
67
67
struct page **vdso_pagelist;
68
68
69
-
if (memcmp(&vdso_start, "\177ELF", 4)) {
69
+
if (memcmp(vdso_start, "\177ELF", 4)) {
70
70
pr_err("vDSO is not a valid ELF object!\n");
71
71
return -EINVAL;
72
72
}
73
73
/* Creat a timer io mapping to get clock cycles counter */
74
74
get_timer_node_info();
75
75
76
-
vdso_pages = (&vdso_end - &vdso_start) >> PAGE_SHIFT;
76
+
vdso_pages = (vdso_end - vdso_start) >> PAGE_SHIFT;
77
77
pr_info("vdso: %ld pages (%ld code @ %p, %ld data @ %p)\n",
78
-
vdso_pages + 1, vdso_pages, &vdso_start, 1L, vdso_data);
78
+
vdso_pages + 1, vdso_pages, vdso_start, 1L, vdso_data);
79
79
80
80
/* Allocate the vDSO pagelist */
81
81
vdso_pagelist = kcalloc(vdso_pages, sizeof(struct page *), GFP_KERNEL);
···
83
83
return -ENOMEM;
84
84
85
85
for (i = 0; i < vdso_pages; i++)
86
-
vdso_pagelist[i] = virt_to_page(&vdso_start + i * PAGE_SIZE);
86
+
vdso_pagelist[i] = virt_to_page(vdso_start + i * PAGE_SIZE);
87
87
vdso_spec[1].pages = &vdso_pagelist[0];
88
88
89
89
return 0;
+3
arch/nds32/lib/copy_page.S
+3
arch/nds32/lib/copy_page.S
···
2
2
// Copyright (C) 2005-2017 Andes Technology Corporation
3
3
4
4
#include <linux/linkage.h>
5
+
#include <asm/export.h>
5
6
#include <asm/page.h>
6
7
7
8
.text
···
17
16
popm $r2, $r10
18
17
ret
19
18
ENDPROC(copy_page)
19
+
EXPORT_SYMBOL(copy_page)
20
20
21
21
ENTRY(clear_page)
22
22
pushm $r1, $r9
···
37
35
popm $r1, $r9
38
36
ret
39
37
ENDPROC(clear_page)
38
+
EXPORT_SYMBOL(clear_page)
+6
-3
arch/nds32/mm/alignment.c
+6
-3
arch/nds32/mm/alignment.c
···
19
19
#define RA(inst) (((inst) >> 15) & 0x1FUL)
20
20
#define RB(inst) (((inst) >> 10) & 0x1FUL)
21
21
#define SV(inst) (((inst) >> 8) & 0x3UL)
22
-
#define IMM(inst) (((inst) >> 0) & 0x3FFFUL)
22
+
#define IMM(inst) (((inst) >> 0) & 0x7FFFUL)
23
23
24
24
#define RA3(inst) (((inst) >> 3) & 0x7UL)
25
25
#define RT3(inst) (((inst) >> 6) & 0x7UL)
···
27
27
28
28
#define RA5(inst) (((inst) >> 0) & 0x1FUL)
29
29
#define RT4(inst) (((inst) >> 5) & 0xFUL)
30
+
31
+
#define GET_IMMSVAL(imm_value) \
32
+
(((imm_value >> 14) & 0x1) ? (imm_value - 0x8000) : imm_value)
30
33
31
34
#define __get8_data(val,addr,err) \
32
35
__asm__( \
···
470
467
}
471
468
472
469
if (imm)
473
-
shift = IMM(inst) * len;
470
+
shift = GET_IMMSVAL(IMM(inst)) * len;
474
471
else
475
472
shift = *idx_to_addr(regs, RB(inst)) << SV(inst);
476
473
···
555
552
556
553
static struct ctl_table nds32_sysctl_table[2] = {
557
554
{
558
-
.procname = "unaligned_acess",
555
+
.procname = "unaligned_access",
559
556
.mode = 0555,
560
557
.child = alignment_tbl},
561
558
{}
+60
-14
arch/nds32/mm/cacheflush.c
+60
-14
arch/nds32/mm/cacheflush.c
···
147
147
cpu_icache_inval_all();
148
148
}
149
149
150
+
void copy_user_page(void *vto, void *vfrom, unsigned long vaddr,
151
+
struct page *to)
152
+
{
153
+
cpu_dcache_wbinval_page((unsigned long)vaddr);
154
+
cpu_icache_inval_page((unsigned long)vaddr);
155
+
copy_page(vto, vfrom);
156
+
cpu_dcache_wbinval_page((unsigned long)vto);
157
+
cpu_icache_inval_page((unsigned long)vto);
158
+
}
159
+
160
+
void clear_user_page(void *addr, unsigned long vaddr, struct page *page)
161
+
{
162
+
cpu_dcache_wbinval_page((unsigned long)vaddr);
163
+
cpu_icache_inval_page((unsigned long)vaddr);
164
+
clear_page(addr);
165
+
cpu_dcache_wbinval_page((unsigned long)addr);
166
+
cpu_icache_inval_page((unsigned long)addr);
167
+
}
168
+
150
169
void copy_user_highpage(struct page *to, struct page *from,
151
170
unsigned long vaddr, struct vm_area_struct *vma)
152
171
{
···
175
156
pto = page_to_phys(to);
176
157
pfrom = page_to_phys(from);
177
158
159
+
local_irq_save(flags);
178
160
if (aliasing(vaddr, (unsigned long)kfrom))
179
161
cpu_dcache_wb_page((unsigned long)kfrom);
180
-
if (aliasing(vaddr, (unsigned long)kto))
181
-
cpu_dcache_inval_page((unsigned long)kto);
182
-
local_irq_save(flags);
183
162
vto = kremap0(vaddr, pto);
184
163
vfrom = kremap1(vaddr, pfrom);
185
164
copy_page((void *)vto, (void *)vfrom);
···
215
198
if (mapping && !mapping_mapped(mapping))
216
199
set_bit(PG_dcache_dirty, &page->flags);
217
200
else {
218
-
int i, pc;
219
-
unsigned long vto, kaddr, flags;
201
+
unsigned long kaddr, flags;
202
+
220
203
kaddr = (unsigned long)page_address(page);
221
-
cpu_dcache_wbinval_page(kaddr);
222
-
pc = CACHE_SET(DCACHE) * CACHE_LINE_SIZE(DCACHE) / PAGE_SIZE;
223
204
local_irq_save(flags);
224
-
for (i = 0; i < pc; i++) {
225
-
vto =
226
-
kremap0(kaddr + i * PAGE_SIZE, page_to_phys(page));
227
-
cpu_dcache_wbinval_page(vto);
228
-
kunmap01(vto);
205
+
cpu_dcache_wbinval_page(kaddr);
206
+
if (mapping) {
207
+
unsigned long vaddr, kto;
208
+
209
+
vaddr = page->index << PAGE_SHIFT;
210
+
if (aliasing(vaddr, kaddr)) {
211
+
kto = kremap0(vaddr, page_to_phys(page));
212
+
cpu_dcache_wbinval_page(kto);
213
+
kunmap01(kto);
214
+
}
229
215
}
230
216
local_irq_restore(flags);
231
217
}
232
218
}
219
+
EXPORT_SYMBOL(flush_dcache_page);
233
220
234
221
void copy_to_user_page(struct vm_area_struct *vma, struct page *page,
235
222
unsigned long vaddr, void *dst, void *src, int len)
···
272
251
void flush_anon_page(struct vm_area_struct *vma,
273
252
struct page *page, unsigned long vaddr)
274
253
{
275
-
unsigned long flags;
254
+
unsigned long kaddr, flags, ktmp;
276
255
if (!PageAnon(page))
277
256
return;
278
257
···
282
261
local_irq_save(flags);
283
262
if (vma->vm_flags & VM_EXEC)
284
263
cpu_icache_inval_page(vaddr & PAGE_MASK);
285
-
cpu_dcache_wbinval_page((unsigned long)page_address(page));
264
+
kaddr = (unsigned long)page_address(page);
265
+
if (aliasing(vaddr, kaddr)) {
266
+
ktmp = kremap0(vaddr, page_to_phys(page));
267
+
cpu_dcache_wbinval_page(ktmp);
268
+
kunmap01(ktmp);
269
+
}
286
270
local_irq_restore(flags);
287
271
}
288
272
···
298
272
cpu_dcache_wbinval_page((unsigned long)page_address(page));
299
273
local_irq_restore(flags);
300
274
}
275
+
EXPORT_SYMBOL(flush_kernel_dcache_page);
276
+
277
+
void flush_kernel_vmap_range(void *addr, int size)
278
+
{
279
+
unsigned long flags;
280
+
local_irq_save(flags);
281
+
cpu_dcache_wb_range((unsigned long)addr, (unsigned long)addr + size);
282
+
local_irq_restore(flags);
283
+
}
284
+
EXPORT_SYMBOL(flush_kernel_vmap_range);
285
+
286
+
void invalidate_kernel_vmap_range(void *addr, int size)
287
+
{
288
+
unsigned long flags;
289
+
local_irq_save(flags);
290
+
cpu_dcache_inval_range((unsigned long)addr, (unsigned long)addr + size);
291
+
local_irq_restore(flags);
292
+
}
293
+
EXPORT_SYMBOL(invalidate_kernel_vmap_range);
301
294
302
295
void flush_icache_range(unsigned long start, unsigned long end)
303
296
{
···
328
283
cpu_cache_wbinval_range(start, end, 1);
329
284
local_irq_restore(flags);
330
285
}
286
+
EXPORT_SYMBOL(flush_icache_range);
331
287
332
288
void flush_icache_page(struct vm_area_struct *vma, struct page *page)
333
289
{
+1
arch/nds32/mm/init.c
+1
arch/nds32/mm/init.c
+29
arch/powerpc/include/asm/exception-64s.h
+29
arch/powerpc/include/asm/exception-64s.h
···
74
74
*/
75
75
#define EX_R3 EX_DAR
76
76
77
+
#define STF_ENTRY_BARRIER_SLOT \
78
+
STF_ENTRY_BARRIER_FIXUP_SECTION; \
79
+
nop; \
80
+
nop; \
81
+
nop
82
+
83
+
#define STF_EXIT_BARRIER_SLOT \
84
+
STF_EXIT_BARRIER_FIXUP_SECTION; \
85
+
nop; \
86
+
nop; \
87
+
nop; \
88
+
nop; \
89
+
nop; \
90
+
nop
91
+
92
+
/*
93
+
* r10 must be free to use, r13 must be paca
94
+
*/
95
+
#define INTERRUPT_TO_KERNEL \
96
+
STF_ENTRY_BARRIER_SLOT
97
+
77
98
/*
78
99
* Macros for annotating the expected destination of (h)rfid
79
100
*
···
111
90
rfid
112
91
113
92
#define RFI_TO_USER \
93
+
STF_EXIT_BARRIER_SLOT; \
114
94
RFI_FLUSH_SLOT; \
115
95
rfid; \
116
96
b rfi_flush_fallback
117
97
118
98
#define RFI_TO_USER_OR_KERNEL \
99
+
STF_EXIT_BARRIER_SLOT; \
119
100
RFI_FLUSH_SLOT; \
120
101
rfid; \
121
102
b rfi_flush_fallback
122
103
123
104
#define RFI_TO_GUEST \
105
+
STF_EXIT_BARRIER_SLOT; \
124
106
RFI_FLUSH_SLOT; \
125
107
rfid; \
126
108
b rfi_flush_fallback
···
132
108
hrfid
133
109
134
110
#define HRFI_TO_USER \
111
+
STF_EXIT_BARRIER_SLOT; \
135
112
RFI_FLUSH_SLOT; \
136
113
hrfid; \
137
114
b hrfi_flush_fallback
138
115
139
116
#define HRFI_TO_USER_OR_KERNEL \
117
+
STF_EXIT_BARRIER_SLOT; \
140
118
RFI_FLUSH_SLOT; \
141
119
hrfid; \
142
120
b hrfi_flush_fallback
143
121
144
122
#define HRFI_TO_GUEST \
123
+
STF_EXIT_BARRIER_SLOT; \
145
124
RFI_FLUSH_SLOT; \
146
125
hrfid; \
147
126
b hrfi_flush_fallback
148
127
149
128
#define HRFI_TO_UNKNOWN \
129
+
STF_EXIT_BARRIER_SLOT; \
150
130
RFI_FLUSH_SLOT; \
151
131
hrfid; \
152
132
b hrfi_flush_fallback
···
282
254
#define __EXCEPTION_PROLOG_1_PRE(area) \
283
255
OPT_SAVE_REG_TO_PACA(area+EX_PPR, r9, CPU_FTR_HAS_PPR); \
284
256
OPT_SAVE_REG_TO_PACA(area+EX_CFAR, r10, CPU_FTR_CFAR); \
257
+
INTERRUPT_TO_KERNEL; \
285
258
SAVE_CTR(r10, area); \
286
259
mfcr r9;
287
260
+19
arch/powerpc/include/asm/feature-fixups.h
+19
arch/powerpc/include/asm/feature-fixups.h
···
187
187
FTR_ENTRY_OFFSET label##1b-label##3b; \
188
188
.popsection;
189
189
190
+
#define STF_ENTRY_BARRIER_FIXUP_SECTION \
191
+
953: \
192
+
.pushsection __stf_entry_barrier_fixup,"a"; \
193
+
.align 2; \
194
+
954: \
195
+
FTR_ENTRY_OFFSET 953b-954b; \
196
+
.popsection;
197
+
198
+
#define STF_EXIT_BARRIER_FIXUP_SECTION \
199
+
955: \
200
+
.pushsection __stf_exit_barrier_fixup,"a"; \
201
+
.align 2; \
202
+
956: \
203
+
FTR_ENTRY_OFFSET 955b-956b; \
204
+
.popsection;
205
+
190
206
#define RFI_FLUSH_FIXUP_SECTION \
191
207
951: \
192
208
.pushsection __rfi_flush_fixup,"a"; \
···
215
199
#ifndef __ASSEMBLY__
216
200
#include <linux/types.h>
217
201
202
+
extern long stf_barrier_fallback;
203
+
extern long __start___stf_entry_barrier_fixup, __stop___stf_entry_barrier_fixup;
204
+
extern long __start___stf_exit_barrier_fixup, __stop___stf_exit_barrier_fixup;
218
205
extern long __start___rfi_flush_fixup, __stop___rfi_flush_fixup;
219
206
220
207
void apply_feature_fixups(void);
+1
arch/powerpc/include/asm/kvm_book3s.h
+1
arch/powerpc/include/asm/kvm_book3s.h
+11
arch/powerpc/include/asm/security_features.h
+11
arch/powerpc/include/asm/security_features.h
···
12
12
extern unsigned long powerpc_security_features;
13
13
extern bool rfi_flush;
14
14
15
+
/* These are bit flags */
16
+
enum stf_barrier_type {
17
+
STF_BARRIER_NONE = 0x1,
18
+
STF_BARRIER_FALLBACK = 0x2,
19
+
STF_BARRIER_EIEIO = 0x4,
20
+
STF_BARRIER_SYNC_ORI = 0x8,
21
+
};
22
+
23
+
void setup_stf_barrier(void);
24
+
void do_stf_barrier_fixups(enum stf_barrier_type types);
25
+
15
26
static inline void security_ftr_set(unsigned long feature)
16
27
{
17
28
powerpc_security_features |= feature;
+1
arch/powerpc/kernel/asm-offsets.c
+1
arch/powerpc/kernel/asm-offsets.c
···
562
562
OFFSET(VCORE_NAPPING_THREADS, kvmppc_vcore, napping_threads);
563
563
OFFSET(VCORE_KVM, kvmppc_vcore, kvm);
564
564
OFFSET(VCORE_TB_OFFSET, kvmppc_vcore, tb_offset);
565
+
OFFSET(VCORE_TB_OFFSET_APPL, kvmppc_vcore, tb_offset_applied);
565
566
OFFSET(VCORE_LPCR, kvmppc_vcore, lpcr);
566
567
OFFSET(VCORE_PCR, kvmppc_vcore, pcr);
567
568
OFFSET(VCORE_DPDES, kvmppc_vcore, dpdes);
+6
arch/powerpc/kernel/cpu_setup_power.S
+6
arch/powerpc/kernel/cpu_setup_power.S
···
28
28
beqlr
29
29
li r0,0
30
30
mtspr SPRN_LPID,r0
31
+
mtspr SPRN_PCR,r0
31
32
mfspr r3,SPRN_LPCR
32
33
li r4,(LPCR_LPES1 >> LPCR_LPES_SH)
33
34
bl __init_LPCR_ISA206
···
42
41
beqlr
43
42
li r0,0
44
43
mtspr SPRN_LPID,r0
44
+
mtspr SPRN_PCR,r0
45
45
mfspr r3,SPRN_LPCR
46
46
li r4,(LPCR_LPES1 >> LPCR_LPES_SH)
47
47
bl __init_LPCR_ISA206
···
59
57
beqlr
60
58
li r0,0
61
59
mtspr SPRN_LPID,r0
60
+
mtspr SPRN_PCR,r0
62
61
mfspr r3,SPRN_LPCR
63
62
ori r3, r3, LPCR_PECEDH
64
63
li r4,0 /* LPES = 0 */
···
81
78
beqlr
82
79
li r0,0
83
80
mtspr SPRN_LPID,r0
81
+
mtspr SPRN_PCR,r0
84
82
mfspr r3,SPRN_LPCR
85
83
ori r3, r3, LPCR_PECEDH
86
84
li r4,0 /* LPES = 0 */
···
103
99
mtspr SPRN_PSSCR,r0
104
100
mtspr SPRN_LPID,r0
105
101
mtspr SPRN_PID,r0
102
+
mtspr SPRN_PCR,r0
106
103
mfspr r3,SPRN_LPCR
107
104
LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | LPCR_HEIC)
108
105
or r3, r3, r4
···
128
123
mtspr SPRN_PSSCR,r0
129
124
mtspr SPRN_LPID,r0
130
125
mtspr SPRN_PID,r0
126
+
mtspr SPRN_PCR,r0
131
127
mfspr r3,SPRN_LPCR
132
128
LOAD_REG_IMMEDIATE(r4, LPCR_PECEDH | LPCR_PECE_HVEE | LPCR_HVICE | LPCR_HEIC)
133
129
or r3, r3, r4
+1
arch/powerpc/kernel/dt_cpu_ftrs.c
+1
arch/powerpc/kernel/dt_cpu_ftrs.c
+17
-2
arch/powerpc/kernel/exceptions-64s.S
+17
-2
arch/powerpc/kernel/exceptions-64s.S
···
885
885
#endif
886
886
887
887
888
-
EXC_REAL_MASKABLE(decrementer, 0x900, 0x80, IRQS_DISABLED)
888
+
EXC_REAL_OOL_MASKABLE(decrementer, 0x900, 0x80, IRQS_DISABLED)
889
889
EXC_VIRT_MASKABLE(decrementer, 0x4900, 0x80, 0x900, IRQS_DISABLED)
890
890
TRAMP_KVM(PACA_EXGEN, 0x900)
891
891
EXC_COMMON_ASYNC(decrementer_common, 0x900, timer_interrupt)
···
961
961
mtctr r13; \
962
962
GET_PACA(r13); \
963
963
std r10,PACA_EXGEN+EX_R10(r13); \
964
+
INTERRUPT_TO_KERNEL; \
964
965
KVMTEST_PR(0xc00); /* uses r10, branch to do_kvm_0xc00_system_call */ \
965
966
HMT_MEDIUM; \
966
967
mfctr r9;
···
970
969
#define SYSCALL_KVMTEST \
971
970
HMT_MEDIUM; \
972
971
mr r9,r13; \
973
-
GET_PACA(r13);
972
+
GET_PACA(r13); \
973
+
INTERRUPT_TO_KERNEL;
974
974
#endif
975
975
976
976
#define LOAD_SYSCALL_HANDLER(reg) \
···
1508
1506
##_H##RFI_TO_KERNEL; \
1509
1507
b .; \
1510
1508
MASKED_DEC_HANDLER(_H)
1509
+
1510
+
TRAMP_REAL_BEGIN(stf_barrier_fallback)
1511
+
std r9,PACA_EXRFI+EX_R9(r13)
1512
+
std r10,PACA_EXRFI+EX_R10(r13)
1513
+
sync
1514
+
ld r9,PACA_EXRFI+EX_R9(r13)
1515
+
ld r10,PACA_EXRFI+EX_R10(r13)
1516
+
ori 31,31,0
1517
+
.rept 14
1518
+
b 1f
1519
+
1:
1520
+
.endr
1521
+
blr
1511
1522
1512
1523
TRAMP_REAL_BEGIN(rfi_flush_fallback)
1513
1524
SET_SCRATCH0(r13);
+149
arch/powerpc/kernel/security.c
+149
arch/powerpc/kernel/security.c
···
8
8
#include <linux/device.h>
9
9
#include <linux/seq_buf.h>
10
10
11
+
#include <asm/debugfs.h>
11
12
#include <asm/security_features.h>
12
13
13
14
···
87
86
88
87
return s.len;
89
88
}
89
+
90
+
/*
91
+
* Store-forwarding barrier support.
92
+
*/
93
+
94
+
static enum stf_barrier_type stf_enabled_flush_types;
95
+
static bool no_stf_barrier;
96
+
bool stf_barrier;
97
+
98
+
static int __init handle_no_stf_barrier(char *p)
99
+
{
100
+
pr_info("stf-barrier: disabled on command line.");
101
+
no_stf_barrier = true;
102
+
return 0;
103
+
}
104
+
105
+
early_param("no_stf_barrier", handle_no_stf_barrier);
106
+
107
+
/* This is the generic flag used by other architectures */
108
+
static int __init handle_ssbd(char *p)
109
+
{
110
+
if (!p || strncmp(p, "auto", 5) == 0 || strncmp(p, "on", 2) == 0 ) {
111
+
/* Until firmware tells us, we have the barrier with auto */
112
+
return 0;
113
+
} else if (strncmp(p, "off", 3) == 0) {
114
+
handle_no_stf_barrier(NULL);
115
+
return 0;
116
+
} else
117
+
return 1;
118
+
119
+
return 0;
120
+
}
121
+
early_param("spec_store_bypass_disable", handle_ssbd);
122
+
123
+
/* This is the generic flag used by other architectures */
124
+
static int __init handle_no_ssbd(char *p)
125
+
{
126
+
handle_no_stf_barrier(NULL);
127
+
return 0;
128
+
}
129
+
early_param("nospec_store_bypass_disable", handle_no_ssbd);
130
+
131
+
static void stf_barrier_enable(bool enable)
132
+
{
133
+
if (enable)
134
+
do_stf_barrier_fixups(stf_enabled_flush_types);
135
+
else
136
+
do_stf_barrier_fixups(STF_BARRIER_NONE);
137
+
138
+
stf_barrier = enable;
139
+
}
140
+
141
+
void setup_stf_barrier(void)
142
+
{
143
+
enum stf_barrier_type type;
144
+
bool enable, hv;
145
+
146
+
hv = cpu_has_feature(CPU_FTR_HVMODE);
147
+
148
+
/* Default to fallback in case fw-features are not available */
149
+
if (cpu_has_feature(CPU_FTR_ARCH_300))
150
+
type = STF_BARRIER_EIEIO;
151
+
else if (cpu_has_feature(CPU_FTR_ARCH_207S))
152
+
type = STF_BARRIER_SYNC_ORI;
153
+
else if (cpu_has_feature(CPU_FTR_ARCH_206))
154
+
type = STF_BARRIER_FALLBACK;
155
+
else
156
+
type = STF_BARRIER_NONE;
157
+
158
+
enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) &&
159
+
(security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) ||
160
+
(security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) && hv));
161
+
162
+
if (type == STF_BARRIER_FALLBACK) {
163
+
pr_info("stf-barrier: fallback barrier available\n");
164
+
} else if (type == STF_BARRIER_SYNC_ORI) {
165
+
pr_info("stf-barrier: hwsync barrier available\n");
166
+
} else if (type == STF_BARRIER_EIEIO) {
167
+
pr_info("stf-barrier: eieio barrier available\n");
168
+
}
169
+
170
+
stf_enabled_flush_types = type;
171
+
172
+
if (!no_stf_barrier)
173
+
stf_barrier_enable(enable);
174
+
}
175
+
176
+
ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf)
177
+
{
178
+
if (stf_barrier && stf_enabled_flush_types != STF_BARRIER_NONE) {
179
+
const char *type;
180
+
switch (stf_enabled_flush_types) {
181
+
case STF_BARRIER_EIEIO:
182
+
type = "eieio";
183
+
break;
184
+
case STF_BARRIER_SYNC_ORI:
185
+
type = "hwsync";
186
+
break;
187
+
case STF_BARRIER_FALLBACK:
188
+
type = "fallback";
189
+
break;
190
+
default:
191
+
type = "unknown";
192
+
}
193
+
return sprintf(buf, "Mitigation: Kernel entry/exit barrier (%s)\n", type);
194
+
}
195
+
196
+
if (!security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV) &&
197
+
!security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR))
198
+
return sprintf(buf, "Not affected\n");
199
+
200
+
return sprintf(buf, "Vulnerable\n");
201
+
}
202
+
203
+
#ifdef CONFIG_DEBUG_FS
204
+
static int stf_barrier_set(void *data, u64 val)
205
+
{
206
+
bool enable;
207
+
208
+
if (val == 1)
209
+
enable = true;
210
+
else if (val == 0)
211
+
enable = false;
212
+
else
213
+
return -EINVAL;
214
+
215
+
/* Only do anything if we're changing state */
216
+
if (enable != stf_barrier)
217
+
stf_barrier_enable(enable);
218
+
219
+
return 0;
220
+
}
221
+
222
+
static int stf_barrier_get(void *data, u64 *val)
223
+
{
224
+
*val = stf_barrier ? 1 : 0;
225
+
return 0;
226
+
}
227
+
228
+
DEFINE_SIMPLE_ATTRIBUTE(fops_stf_barrier, stf_barrier_get, stf_barrier_set, "%llu\n");
229
+
230
+
static __init int stf_barrier_debugfs_init(void)
231
+
{
232
+
debugfs_create_file("stf_barrier", 0600, powerpc_debugfs_root, NULL, &fops_stf_barrier);
233
+
return 0;
234
+
}
235
+
device_initcall(stf_barrier_debugfs_init);
236
+
#endif /* CONFIG_DEBUG_FS */
+14
arch/powerpc/kernel/vmlinux.lds.S
+14
arch/powerpc/kernel/vmlinux.lds.S
···
134
134
135
135
#ifdef CONFIG_PPC64
136
136
. = ALIGN(8);
137
+
__stf_entry_barrier_fixup : AT(ADDR(__stf_entry_barrier_fixup) - LOAD_OFFSET) {
138
+
__start___stf_entry_barrier_fixup = .;
139
+
*(__stf_entry_barrier_fixup)
140
+
__stop___stf_entry_barrier_fixup = .;
141
+
}
142
+
143
+
. = ALIGN(8);
144
+
__stf_exit_barrier_fixup : AT(ADDR(__stf_exit_barrier_fixup) - LOAD_OFFSET) {
145
+
__start___stf_exit_barrier_fixup = .;
146
+
*(__stf_exit_barrier_fixup)
147
+
__stop___stf_exit_barrier_fixup = .;
148
+
}
149
+
150
+
. = ALIGN(8);
137
151
__rfi_flush_fixup : AT(ADDR(__rfi_flush_fixup) - LOAD_OFFSET) {
138
152
__start___rfi_flush_fixup = .;
139
153
*(__rfi_flush_fixup)
+3
-3
arch/powerpc/kvm/book3s_64_mmu_radix.c
+3
-3
arch/powerpc/kvm/book3s_64_mmu_radix.c
···
162
162
if (cpu_has_feature(CPU_FTR_P9_TLBIE_BUG))
163
163
asm volatile(PPC_TLBIE_5(%0, %1, 0, 0, 1)
164
164
: : "r" (addr), "r" (kvm->arch.lpid) : "memory");
165
-
asm volatile("ptesync": : :"memory");
165
+
asm volatile("eieio ; tlbsync ; ptesync": : :"memory");
166
166
}
167
167
168
168
static void kvmppc_radix_flush_pwc(struct kvm *kvm, unsigned long addr)
···
173
173
/* RIC=1 PRS=0 R=1 IS=2 */
174
174
asm volatile(PPC_TLBIE_5(%0, %1, 1, 0, 1)
175
175
: : "r" (rb), "r" (kvm->arch.lpid) : "memory");
176
-
asm volatile("ptesync": : :"memory");
176
+
asm volatile("eieio ; tlbsync ; ptesync": : :"memory");
177
177
}
178
178
179
179
unsigned long kvmppc_radix_update_pte(struct kvm *kvm, pte_t *ptep,
···
584
584
585
585
ptep = __find_linux_pte(kvm->arch.pgtable, gpa, NULL, &shift);
586
586
if (ptep && pte_present(*ptep)) {
587
-
old = kvmppc_radix_update_pte(kvm, ptep, _PAGE_PRESENT, 0,
587
+
old = kvmppc_radix_update_pte(kvm, ptep, ~0UL, 0,
588
588
gpa, shift);
589
589
kvmppc_radix_tlbie_page(kvm, gpa, shift);
590
590
if ((old & _PAGE_DIRTY) && memslot->dirty_bitmap) {
+1
arch/powerpc/kvm/book3s_hv.c
+1
arch/powerpc/kvm/book3s_hv.c
+52
-45
arch/powerpc/kvm/book3s_hv_rmhandlers.S
+52
-45
arch/powerpc/kvm/book3s_hv_rmhandlers.S
···
692
692
22: ld r8,VCORE_TB_OFFSET(r5)
693
693
cmpdi r8,0
694
694
beq 37f
695
+
std r8, VCORE_TB_OFFSET_APPL(r5)
695
696
mftb r6 /* current host timebase */
696
697
add r8,r8,r6
697
698
mtspr SPRN_TBU40,r8 /* update upper 40 bits */
···
941
940
ALT_FTR_SECTION_END_IFCLR(CPU_FTR_ARCH_300)
942
941
8:
943
942
944
-
/*
945
-
* Set the decrementer to the guest decrementer.
946
-
*/
947
-
ld r8,VCPU_DEC_EXPIRES(r4)
948
-
/* r8 is a host timebase value here, convert to guest TB */
949
-
ld r5,HSTATE_KVM_VCORE(r13)
950
-
ld r6,VCORE_TB_OFFSET(r5)
951
-
add r8,r8,r6
952
-
mftb r7
953
-
subf r3,r7,r8
954
-
mtspr SPRN_DEC,r3
955
-
956
943
ld r5, VCPU_SPRG0(r4)
957
944
ld r6, VCPU_SPRG1(r4)
958
945
ld r7, VCPU_SPRG2(r4)
···
993
1004
ld r8,VCORE_LPCR(r5)
994
1005
mtspr SPRN_LPCR,r8
995
1006
isync
1007
+
1008
+
/*
1009
+
* Set the decrementer to the guest decrementer.
1010
+
*/
1011
+
ld r8,VCPU_DEC_EXPIRES(r4)
1012
+
/* r8 is a host timebase value here, convert to guest TB */
1013
+
ld r5,HSTATE_KVM_VCORE(r13)
1014
+
ld r6,VCORE_TB_OFFSET_APPL(r5)
1015
+
add r8,r8,r6
1016
+
mftb r7
1017
+
subf r3,r7,r8
1018
+
mtspr SPRN_DEC,r3
996
1019
997
1020
/* Check if HDEC expires soon */
998
1021
mfspr r3, SPRN_HDEC
···
1598
1597
1599
1598
guest_bypass:
1600
1599
stw r12, STACK_SLOT_TRAP(r1)
1601
-
mr r3, r12
1600
+
1601
+
/* Save DEC */
1602
+
/* Do this before kvmhv_commence_exit so we know TB is guest TB */
1603
+
ld r3, HSTATE_KVM_VCORE(r13)
1604
+
mfspr r5,SPRN_DEC
1605
+
mftb r6
1606
+
/* On P9, if the guest has large decr enabled, don't sign extend */
1607
+
BEGIN_FTR_SECTION
1608
+
ld r4, VCORE_LPCR(r3)
1609
+
andis. r4, r4, LPCR_LD@h
1610
+
bne 16f
1611
+
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1612
+
extsw r5,r5
1613
+
16: add r5,r5,r6
1614
+
/* r5 is a guest timebase value here, convert to host TB */
1615
+
ld r4,VCORE_TB_OFFSET_APPL(r3)
1616
+
subf r5,r4,r5
1617
+
std r5,VCPU_DEC_EXPIRES(r9)
1618
+
1602
1619
/* Increment exit count, poke other threads to exit */
1620
+
mr r3, r12
1603
1621
bl kvmhv_commence_exit
1604
1622
nop
1605
1623
ld r9, HSTATE_KVM_VCPU(r13)
···
1658
1638
add r4,r4,r6
1659
1639
mtspr SPRN_PURR,r3
1660
1640
mtspr SPRN_SPURR,r4
1661
-
1662
-
/* Save DEC */
1663
-
ld r3, HSTATE_KVM_VCORE(r13)
1664
-
mfspr r5,SPRN_DEC
1665
-
mftb r6
1666
-
/* On P9, if the guest has large decr enabled, don't sign extend */
1667
-
BEGIN_FTR_SECTION
1668
-
ld r4, VCORE_LPCR(r3)
1669
-
andis. r4, r4, LPCR_LD@h
1670
-
bne 16f
1671
-
END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
1672
-
extsw r5,r5
1673
-
16: add r5,r5,r6
1674
-
/* r5 is a guest timebase value here, convert to host TB */
1675
-
ld r4,VCORE_TB_OFFSET(r3)
1676
-
subf r5,r4,r5
1677
-
std r5,VCPU_DEC_EXPIRES(r9)
1678
1641
1679
1642
BEGIN_FTR_SECTION
1680
1643
b 8f
···
1908
1905
cmpwi cr2, r0, 0
1909
1906
beq cr2, 4f
1910
1907
1908
+
/*
1909
+
* Radix: do eieio; tlbsync; ptesync sequence in case we
1910
+
* interrupted the guest between a tlbie and a ptesync.
1911
+
*/
1912
+
eieio
1913
+
tlbsync
1914
+
ptesync
1915
+
1911
1916
/* Radix: Handle the case where the guest used an illegal PID */
1912
1917
LOAD_REG_ADDR(r4, mmu_base_pid)
1913
1918
lwz r3, VCPU_GUEST_PID(r9)
···
2028
2017
2029
2018
27:
2030
2019
/* Subtract timebase offset from timebase */
2031
-
ld r8,VCORE_TB_OFFSET(r5)
2020
+
ld r8, VCORE_TB_OFFSET_APPL(r5)
2032
2021
cmpdi r8,0
2033
2022
beq 17f
2023
+
li r0, 0
2024
+
std r0, VCORE_TB_OFFSET_APPL(r5)
2034
2025
mftb r6 /* current guest timebase */
2035
2026
subf r8,r8,r6
2036
2027
mtspr SPRN_TBU40,r8 /* update upper 40 bits */
···
2713
2700
add r3, r3, r5
2714
2701
ld r4, HSTATE_KVM_VCPU(r13)
2715
2702
ld r5, HSTATE_KVM_VCORE(r13)
2716
-
ld r6, VCORE_TB_OFFSET(r5)
2703
+
ld r6, VCORE_TB_OFFSET_APPL(r5)
2717
2704
subf r3, r6, r3 /* convert to host TB value */
2718
2705
std r3, VCPU_DEC_EXPIRES(r4)
2719
2706
···
2812
2799
/* Restore guest decrementer */
2813
2800
ld r3, VCPU_DEC_EXPIRES(r4)
2814
2801
ld r5, HSTATE_KVM_VCORE(r13)
2815
-
ld r6, VCORE_TB_OFFSET(r5)
2802
+
ld r6, VCORE_TB_OFFSET_APPL(r5)
2816
2803
add r3, r3, r6 /* convert host TB to guest TB value */
2817
2804
mftb r7
2818
2805
subf r3, r7, r3
···
3619
3606
*/
3620
3607
kvmhv_start_timing:
3621
3608
ld r5, HSTATE_KVM_VCORE(r13)
3622
-
lbz r6, VCORE_IN_GUEST(r5)
3623
-
cmpwi r6, 0
3624
-
beq 5f /* if in guest, need to */
3625
-
ld r6, VCORE_TB_OFFSET(r5) /* subtract timebase offset */
3626
-
5: mftb r5
3627
-
subf r5, r6, r5
3609
+
ld r6, VCORE_TB_OFFSET_APPL(r5)
3610
+
mftb r5
3611
+
subf r5, r6, r5 /* subtract current timebase offset */
3628
3612
std r3, VCPU_CUR_ACTIVITY(r4)
3629
3613
std r5, VCPU_ACTIVITY_START(r4)
3630
3614
blr
···
3632
3622
*/
3633
3623
kvmhv_accumulate_time:
3634
3624
ld r5, HSTATE_KVM_VCORE(r13)
3635
-
lbz r8, VCORE_IN_GUEST(r5)
3636
-
cmpwi r8, 0
3637
-
beq 4f /* if in guest, need to */
3638
-
ld r8, VCORE_TB_OFFSET(r5) /* subtract timebase offset */
3639
-
4: ld r5, VCPU_CUR_ACTIVITY(r4)
3625
+
ld r8, VCORE_TB_OFFSET_APPL(r5)
3626
+
ld r5, VCPU_CUR_ACTIVITY(r4)
3640
3627
ld r6, VCPU_ACTIVITY_START(r4)
3641
3628
std r3, VCPU_CUR_ACTIVITY(r4)
3642
3629
mftb r7
3643
-
subf r7, r8, r7
3630
+
subf r7, r8, r7 /* subtract current timebase offset */
3644
3631
std r7, VCPU_ACTIVITY_START(r4)
3645
3632
cmpdi r5, 0
3646
3633
beqlr
+101
-7
arch/powerpc/kvm/book3s_xive_template.c
+101
-7
arch/powerpc/kvm/book3s_xive_template.c
···
11
11
#define XGLUE(a,b) a##b
12
12
#define GLUE(a,b) XGLUE(a,b)
13
13
14
+
/* Dummy interrupt used when taking interrupts out of a queue in H_CPPR */
15
+
#define XICS_DUMMY 1
16
+
14
17
static void GLUE(X_PFX,ack_pending)(struct kvmppc_xive_vcpu *xc)
15
18
{
16
19
u8 cppr;
···
208
205
goto skip_ipi;
209
206
}
210
207
208
+
/* If it's the dummy interrupt, continue searching */
209
+
if (hirq == XICS_DUMMY)
210
+
goto skip_ipi;
211
+
211
212
/* If fetching, update queue pointers */
212
213
if (scan_type == scan_fetch) {
213
214
q->idx = idx;
···
392
385
__x_writeb(prio, __x_tima + TM_SPC_SET_OS_PENDING);
393
386
}
394
387
388
+
static void GLUE(X_PFX,scan_for_rerouted_irqs)(struct kvmppc_xive *xive,
389
+
struct kvmppc_xive_vcpu *xc)
390
+
{
391
+
unsigned int prio;
392
+
393
+
/* For each priority that is now masked */
394
+
for (prio = xc->cppr; prio < KVMPPC_XIVE_Q_COUNT; prio++) {
395
+
struct xive_q *q = &xc->queues[prio];
396
+
struct kvmppc_xive_irq_state *state;
397
+
struct kvmppc_xive_src_block *sb;
398
+
u32 idx, toggle, entry, irq, hw_num;
399
+
struct xive_irq_data *xd;
400
+
__be32 *qpage;
401
+
u16 src;
402
+
403
+
idx = q->idx;
404
+
toggle = q->toggle;
405
+
qpage = READ_ONCE(q->qpage);
406
+
if (!qpage)
407
+
continue;
408
+
409
+
/* For each interrupt in the queue */
410
+
for (;;) {
411
+
entry = be32_to_cpup(qpage + idx);
412
+
413
+
/* No more ? */
414
+
if ((entry >> 31) == toggle)
415
+
break;
416
+
irq = entry & 0x7fffffff;
417
+
418
+
/* Skip dummies and IPIs */
419
+
if (irq == XICS_DUMMY || irq == XICS_IPI)
420
+
goto next;
421
+
sb = kvmppc_xive_find_source(xive, irq, &src);
422
+
if (!sb)
423
+
goto next;
424
+
state = &sb->irq_state[src];
425
+
426
+
/* Has it been rerouted ? */
427
+
if (xc->server_num == state->act_server)
428
+
goto next;
429
+
430
+
/*
431
+
* Allright, it *has* been re-routed, kill it from
432
+
* the queue.
433
+
*/
434
+
qpage[idx] = cpu_to_be32((entry & 0x80000000) | XICS_DUMMY);
435
+
436
+
/* Find the HW interrupt */
437
+
kvmppc_xive_select_irq(state, &hw_num, &xd);
438
+
439
+
/* If it's not an LSI, set PQ to 11 the EOI will force a resend */
440
+
if (!(xd->flags & XIVE_IRQ_FLAG_LSI))
441
+
GLUE(X_PFX,esb_load)(xd, XIVE_ESB_SET_PQ_11);
442
+
443
+
/* EOI the source */
444
+
GLUE(X_PFX,source_eoi)(hw_num, xd);
445
+
446
+
next:
447
+
idx = (idx + 1) & q->msk;
448
+
if (idx == 0)
449
+
toggle ^= 1;
450
+
}
451
+
}
452
+
}
453
+
395
454
X_STATIC int GLUE(X_PFX,h_cppr)(struct kvm_vcpu *vcpu, unsigned long cppr)
396
455
{
397
456
struct kvmppc_xive_vcpu *xc = vcpu->arch.xive_vcpu;
457
+
struct kvmppc_xive *xive = vcpu->kvm->arch.xive;
398
458
u8 old_cppr;
399
459
400
460
pr_devel("H_CPPR(cppr=%ld)\n", cppr);
···
481
407
*/
482
408
smp_mb();
483
409
484
-
/*
485
-
* We are masking less, we need to look for pending things
486
-
* to deliver and set VP pending bits accordingly to trigger
487
-
* a new interrupt otherwise we might miss MFRR changes for
488
-
* which we have optimized out sending an IPI signal.
489
-
*/
490
-
if (cppr > old_cppr)
410
+
if (cppr > old_cppr) {
411
+
/*
412
+
* We are masking less, we need to look for pending things
413
+
* to deliver and set VP pending bits accordingly to trigger
414
+
* a new interrupt otherwise we might miss MFRR changes for
415
+
* which we have optimized out sending an IPI signal.
416
+
*/
491
417
GLUE(X_PFX,push_pending_to_hw)(xc);
418
+
} else {
419
+
/*
420
+
* We are masking more, we need to check the queue for any
421
+
* interrupt that has been routed to another CPU, take
422
+
* it out (replace it with the dummy) and retrigger it.
423
+
*
424
+
* This is necessary since those interrupts may otherwise
425
+
* never be processed, at least not until this CPU restores
426
+
* its CPPR.
427
+
*
428
+
* This is in theory racy vs. HW adding new interrupts to
429
+
* the queue. In practice this works because the interesting
430
+
* cases are when the guest has done a set_xive() to move the
431
+
* interrupt away, which flushes the xive, followed by the
432
+
* target CPU doing a H_CPPR. So any new interrupt coming into
433
+
* the queue must still be routed to us and isn't a source
434
+
* of concern.
435
+
*/
436
+
GLUE(X_PFX,scan_for_rerouted_irqs)(xive, xc);
437
+
}
492
438
493
439
/* Apply new CPPR */
494
440
xc->hw_cppr = cppr;
+115
arch/powerpc/lib/feature-fixups.c
+115
arch/powerpc/lib/feature-fixups.c
···
23
23
#include <asm/page.h>
24
24
#include <asm/sections.h>
25
25
#include <asm/setup.h>
26
+
#include <asm/security_features.h>
26
27
#include <asm/firmware.h>
27
28
28
29
struct fixup_entry {
···
118
117
}
119
118
120
119
#ifdef CONFIG_PPC_BOOK3S_64
120
+
void do_stf_entry_barrier_fixups(enum stf_barrier_type types)
121
+
{
122
+
unsigned int instrs[3], *dest;
123
+
long *start, *end;
124
+
int i;
125
+
126
+
start = PTRRELOC(&__start___stf_entry_barrier_fixup),
127
+
end = PTRRELOC(&__stop___stf_entry_barrier_fixup);
128
+
129
+
instrs[0] = 0x60000000; /* nop */
130
+
instrs[1] = 0x60000000; /* nop */
131
+
instrs[2] = 0x60000000; /* nop */
132
+
133
+
i = 0;
134
+
if (types & STF_BARRIER_FALLBACK) {
135
+
instrs[i++] = 0x7d4802a6; /* mflr r10 */
136
+
instrs[i++] = 0x60000000; /* branch patched below */
137
+
instrs[i++] = 0x7d4803a6; /* mtlr r10 */
138
+
} else if (types & STF_BARRIER_EIEIO) {
139
+
instrs[i++] = 0x7e0006ac; /* eieio + bit 6 hint */
140
+
} else if (types & STF_BARRIER_SYNC_ORI) {
141
+
instrs[i++] = 0x7c0004ac; /* hwsync */
142
+
instrs[i++] = 0xe94d0000; /* ld r10,0(r13) */
143
+
instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */
144
+
}
145
+
146
+
for (i = 0; start < end; start++, i++) {
147
+
dest = (void *)start + *start;
148
+
149
+
pr_devel("patching dest %lx\n", (unsigned long)dest);
150
+
151
+
patch_instruction(dest, instrs[0]);
152
+
153
+
if (types & STF_BARRIER_FALLBACK)
154
+
patch_branch(dest + 1, (unsigned long)&stf_barrier_fallback,
155
+
BRANCH_SET_LINK);
156
+
else
157
+
patch_instruction(dest + 1, instrs[1]);
158
+
159
+
patch_instruction(dest + 2, instrs[2]);
160
+
}
161
+
162
+
printk(KERN_DEBUG "stf-barrier: patched %d entry locations (%s barrier)\n", i,
163
+
(types == STF_BARRIER_NONE) ? "no" :
164
+
(types == STF_BARRIER_FALLBACK) ? "fallback" :
165
+
(types == STF_BARRIER_EIEIO) ? "eieio" :
166
+
(types == (STF_BARRIER_SYNC_ORI)) ? "hwsync"
167
+
: "unknown");
168
+
}
169
+
170
+
void do_stf_exit_barrier_fixups(enum stf_barrier_type types)
171
+
{
172
+
unsigned int instrs[6], *dest;
173
+
long *start, *end;
174
+
int i;
175
+
176
+
start = PTRRELOC(&__start___stf_exit_barrier_fixup),
177
+
end = PTRRELOC(&__stop___stf_exit_barrier_fixup);
178
+
179
+
instrs[0] = 0x60000000; /* nop */
180
+
instrs[1] = 0x60000000; /* nop */
181
+
instrs[2] = 0x60000000; /* nop */
182
+
instrs[3] = 0x60000000; /* nop */
183
+
instrs[4] = 0x60000000; /* nop */
184
+
instrs[5] = 0x60000000; /* nop */
185
+
186
+
i = 0;
187
+
if (types & STF_BARRIER_FALLBACK || types & STF_BARRIER_SYNC_ORI) {
188
+
if (cpu_has_feature(CPU_FTR_HVMODE)) {
189
+
instrs[i++] = 0x7db14ba6; /* mtspr 0x131, r13 (HSPRG1) */
190
+
instrs[i++] = 0x7db04aa6; /* mfspr r13, 0x130 (HSPRG0) */
191
+
} else {
192
+
instrs[i++] = 0x7db243a6; /* mtsprg 2,r13 */
193
+
instrs[i++] = 0x7db142a6; /* mfsprg r13,1 */
194
+
}
195
+
instrs[i++] = 0x7c0004ac; /* hwsync */
196
+
instrs[i++] = 0xe9ad0000; /* ld r13,0(r13) */
197
+
instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */
198
+
if (cpu_has_feature(CPU_FTR_HVMODE)) {
199
+
instrs[i++] = 0x7db14aa6; /* mfspr r13, 0x131 (HSPRG1) */
200
+
} else {
201
+
instrs[i++] = 0x7db242a6; /* mfsprg r13,2 */
202
+
}
203
+
} else if (types & STF_BARRIER_EIEIO) {
204
+
instrs[i++] = 0x7e0006ac; /* eieio + bit 6 hint */
205
+
}
206
+
207
+
for (i = 0; start < end; start++, i++) {
208
+
dest = (void *)start + *start;
209
+
210
+
pr_devel("patching dest %lx\n", (unsigned long)dest);
211
+
212
+
patch_instruction(dest, instrs[0]);
213
+
patch_instruction(dest + 1, instrs[1]);
214
+
patch_instruction(dest + 2, instrs[2]);
215
+
patch_instruction(dest + 3, instrs[3]);
216
+
patch_instruction(dest + 4, instrs[4]);
217
+
patch_instruction(dest + 5, instrs[5]);
218
+
}
219
+
printk(KERN_DEBUG "stf-barrier: patched %d exit locations (%s barrier)\n", i,
220
+
(types == STF_BARRIER_NONE) ? "no" :
221
+
(types == STF_BARRIER_FALLBACK) ? "fallback" :
222
+
(types == STF_BARRIER_EIEIO) ? "eieio" :
223
+
(types == (STF_BARRIER_SYNC_ORI)) ? "hwsync"
224
+
: "unknown");
225
+
}
226
+
227
+
228
+
void do_stf_barrier_fixups(enum stf_barrier_type types)
229
+
{
230
+
do_stf_entry_barrier_fixups(types);
231
+
do_stf_exit_barrier_fixups(types);
232
+
}
233
+
121
234
void do_rfi_flush_fixups(enum l1d_flush_type types)
122
235
{
123
236
unsigned int instrs[3], *dest;
+1
arch/powerpc/platforms/powernv/setup.c
+1
arch/powerpc/platforms/powernv/setup.c
+1
arch/powerpc/platforms/pseries/setup.c
+1
arch/powerpc/platforms/pseries/setup.c
+1
-1
arch/s390/kvm/vsie.c
+1
-1
arch/s390/kvm/vsie.c
+1
-1
arch/s390/purgatory/Makefile
+1
-1
arch/s390/purgatory/Makefile
···
21
21
KBUILD_CFLAGS := -fno-strict-aliasing -Wall -Wstrict-prototypes
22
22
KBUILD_CFLAGS += -Wno-pointer-sign -Wno-sign-compare
23
23
KBUILD_CFLAGS += -fno-zero-initialized-in-bss -fno-builtin -ffreestanding
24
-
KBUILD_CFLAGS += -c -MD -Os -m64
24
+
KBUILD_CFLAGS += -c -MD -Os -m64 -msoft-float
25
25
KBUILD_CFLAGS += $(call cc-option,-fno-PIE)
26
26
27
27
$(obj)/purgatory.ro: $(PURGATORY_OBJS) FORCE
+14
-6
arch/x86/include/asm/cpufeatures.h
+14
-6
arch/x86/include/asm/cpufeatures.h
···
198
198
#define X86_FEATURE_CAT_L2 ( 7*32+ 5) /* Cache Allocation Technology L2 */
199
199
#define X86_FEATURE_CDP_L3 ( 7*32+ 6) /* Code and Data Prioritization L3 */
200
200
#define X86_FEATURE_INVPCID_SINGLE ( 7*32+ 7) /* Effectively INVPCID && CR4.PCIDE=1 */
201
-
202
201
#define X86_FEATURE_HW_PSTATE ( 7*32+ 8) /* AMD HW-PState */
203
202
#define X86_FEATURE_PROC_FEEDBACK ( 7*32+ 9) /* AMD ProcFeedbackInterface */
204
203
#define X86_FEATURE_SME ( 7*32+10) /* AMD Secure Memory Encryption */
···
206
207
#define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* "" AMD Retpoline mitigation for Spectre variant 2 */
207
208
#define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */
208
209
#define X86_FEATURE_CDP_L2 ( 7*32+15) /* Code and Data Prioritization L2 */
209
-
210
+
#define X86_FEATURE_MSR_SPEC_CTRL ( 7*32+16) /* "" MSR SPEC_CTRL is implemented */
211
+
#define X86_FEATURE_SSBD ( 7*32+17) /* Speculative Store Bypass Disable */
210
212
#define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */
211
213
#define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* "" Fill RSB on context switches */
212
214
#define X86_FEATURE_SEV ( 7*32+20) /* AMD Secure Encrypted Virtualization */
213
-
214
215
#define X86_FEATURE_USE_IBPB ( 7*32+21) /* "" Indirect Branch Prediction Barrier enabled */
215
216
#define X86_FEATURE_USE_IBRS_FW ( 7*32+22) /* "" Use IBRS during runtime firmware calls */
217
+
#define X86_FEATURE_SPEC_STORE_BYPASS_DISABLE ( 7*32+23) /* "" Disable Speculative Store Bypass. */
218
+
#define X86_FEATURE_LS_CFG_SSBD ( 7*32+24) /* "" AMD SSBD implementation via LS_CFG MSR */
219
+
#define X86_FEATURE_IBRS ( 7*32+25) /* Indirect Branch Restricted Speculation */
220
+
#define X86_FEATURE_IBPB ( 7*32+26) /* Indirect Branch Prediction Barrier */
221
+
#define X86_FEATURE_STIBP ( 7*32+27) /* Single Thread Indirect Branch Predictors */
222
+
#define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */
216
223
217
224
/* Virtualization flags: Linux defined, word 8 */
218
225
#define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */
···
279
274
#define X86_FEATURE_CLZERO (13*32+ 0) /* CLZERO instruction */
280
275
#define X86_FEATURE_IRPERF (13*32+ 1) /* Instructions Retired Count */
281
276
#define X86_FEATURE_XSAVEERPTR (13*32+ 2) /* Always save/restore FP error pointers */
282
-
#define X86_FEATURE_IBPB (13*32+12) /* Indirect Branch Prediction Barrier */
283
-
#define X86_FEATURE_IBRS (13*32+14) /* Indirect Branch Restricted Speculation */
284
-
#define X86_FEATURE_STIBP (13*32+15) /* Single Thread Indirect Branch Predictors */
277
+
#define X86_FEATURE_AMD_IBPB (13*32+12) /* "" Indirect Branch Prediction Barrier */
278
+
#define X86_FEATURE_AMD_IBRS (13*32+14) /* "" Indirect Branch Restricted Speculation */
279
+
#define X86_FEATURE_AMD_STIBP (13*32+15) /* "" Single Thread Indirect Branch Predictors */
280
+
#define X86_FEATURE_VIRT_SSBD (13*32+25) /* Virtualized Speculative Store Bypass Disable */
285
281
286
282
/* Thermal and Power Management Leaf, CPUID level 0x00000006 (EAX), word 14 */
287
283
#define X86_FEATURE_DTHERM (14*32+ 0) /* Digital Thermal Sensor */
···
340
334
#define X86_FEATURE_SPEC_CTRL (18*32+26) /* "" Speculation Control (IBRS + IBPB) */
341
335
#define X86_FEATURE_INTEL_STIBP (18*32+27) /* "" Single Thread Indirect Branch Predictors */
342
336
#define X86_FEATURE_ARCH_CAPABILITIES (18*32+29) /* IA32_ARCH_CAPABILITIES MSR (Intel) */
337
+
#define X86_FEATURE_SPEC_CTRL_SSBD (18*32+31) /* "" Speculative Store Bypass Disable */
343
338
344
339
/*
345
340
* BUG word(s)
···
370
363
#define X86_BUG_CPU_MELTDOWN X86_BUG(14) /* CPU is affected by meltdown attack and needs kernel page table isolation */
371
364
#define X86_BUG_SPECTRE_V1 X86_BUG(15) /* CPU is affected by Spectre variant 1 attack with conditional branches */
372
365
#define X86_BUG_SPECTRE_V2 X86_BUG(16) /* CPU is affected by Spectre variant 2 attack with indirect branches */
366
+
#define X86_BUG_SPEC_STORE_BYPASS X86_BUG(17) /* CPU is affected by speculative store bypass attack */
373
367
374
368
#endif /* _ASM_X86_CPUFEATURES_H */
+1
-1
arch/x86/include/asm/kvm_host.h
+1
-1
arch/x86/include/asm/kvm_host.h
···
924
924
int (*hardware_setup)(void); /* __init */
925
925
void (*hardware_unsetup)(void); /* __exit */
926
926
bool (*cpu_has_accelerated_tpr)(void);
927
-
bool (*cpu_has_high_real_mode_segbase)(void);
927
+
bool (*has_emulated_msr)(int index);
928
928
void (*cpuid_update)(struct kvm_vcpu *vcpu);
929
929
930
930
struct kvm *(*vm_alloc)(void);
+9
arch/x86/include/asm/msr-index.h
+9
arch/x86/include/asm/msr-index.h
···
42
42
#define MSR_IA32_SPEC_CTRL 0x00000048 /* Speculation Control */
43
43
#define SPEC_CTRL_IBRS (1 << 0) /* Indirect Branch Restricted Speculation */
44
44
#define SPEC_CTRL_STIBP (1 << 1) /* Single Thread Indirect Branch Predictors */
45
+
#define SPEC_CTRL_SSBD_SHIFT 2 /* Speculative Store Bypass Disable bit */
46
+
#define SPEC_CTRL_SSBD (1 << SPEC_CTRL_SSBD_SHIFT) /* Speculative Store Bypass Disable */
45
47
46
48
#define MSR_IA32_PRED_CMD 0x00000049 /* Prediction Command */
47
49
#define PRED_CMD_IBPB (1 << 0) /* Indirect Branch Prediction Barrier */
···
70
68
#define MSR_IA32_ARCH_CAPABILITIES 0x0000010a
71
69
#define ARCH_CAP_RDCL_NO (1 << 0) /* Not susceptible to Meltdown */
72
70
#define ARCH_CAP_IBRS_ALL (1 << 1) /* Enhanced IBRS support */
71
+
#define ARCH_CAP_SSB_NO (1 << 4) /*
72
+
* Not susceptible to Speculative Store Bypass
73
+
* attack, so no Speculative Store Bypass
74
+
* control required.
75
+
*/
73
76
74
77
#define MSR_IA32_BBL_CR_CTL 0x00000119
75
78
#define MSR_IA32_BBL_CR_CTL3 0x0000011e
···
346
339
#define MSR_AMD64_SEV 0xc0010131
347
340
#define MSR_AMD64_SEV_ENABLED_BIT 0
348
341
#define MSR_AMD64_SEV_ENABLED BIT_ULL(MSR_AMD64_SEV_ENABLED_BIT)
342
+
343
+
#define MSR_AMD64_VIRT_SPEC_CTRL 0xc001011f
349
344
350
345
/* Fam 17h MSRs */
351
346
#define MSR_F17H_IRPERF 0xc00000e9
+30
-13
arch/x86/include/asm/nospec-branch.h
+30
-13
arch/x86/include/asm/nospec-branch.h
···
217
217
SPECTRE_V2_IBRS,
218
218
};
219
219
220
+
/* The Speculative Store Bypass disable variants */
221
+
enum ssb_mitigation {
222
+
SPEC_STORE_BYPASS_NONE,
223
+
SPEC_STORE_BYPASS_DISABLE,
224
+
SPEC_STORE_BYPASS_PRCTL,
225
+
SPEC_STORE_BYPASS_SECCOMP,
226
+
};
227
+
220
228
extern char __indirect_thunk_start[];
221
229
extern char __indirect_thunk_end[];
222
230
···
249
241
#endif
250
242
}
251
243
252
-
#define alternative_msr_write(_msr, _val, _feature) \
253
-
asm volatile(ALTERNATIVE("", \
254
-
"movl %[msr], %%ecx\n\t" \
255
-
"movl %[val], %%eax\n\t" \
256
-
"movl $0, %%edx\n\t" \
257
-
"wrmsr", \
258
-
_feature) \
259
-
: : [msr] "i" (_msr), [val] "i" (_val) \
260
-
: "eax", "ecx", "edx", "memory")
244
+
static __always_inline
245
+
void alternative_msr_write(unsigned int msr, u64 val, unsigned int feature)
246
+
{
247
+
asm volatile(ALTERNATIVE("", "wrmsr", %c[feature])
248
+
: : "c" (msr),
249
+
"a" ((u32)val),
250
+
"d" ((u32)(val >> 32)),
251
+
[feature] "i" (feature)
252
+
: "memory");
253
+
}
261
254
262
255
static inline void indirect_branch_prediction_barrier(void)
263
256
{
264
-
alternative_msr_write(MSR_IA32_PRED_CMD, PRED_CMD_IBPB,
265
-
X86_FEATURE_USE_IBPB);
257
+
u64 val = PRED_CMD_IBPB;
258
+
259
+
alternative_msr_write(MSR_IA32_PRED_CMD, val, X86_FEATURE_USE_IBPB);
266
260
}
261
+
262
+
/* The Intel SPEC CTRL MSR base value cache */
263
+
extern u64 x86_spec_ctrl_base;
267
264
268
265
/*
269
266
* With retpoline, we must use IBRS to restrict branch prediction
···
278
265
*/
279
266
#define firmware_restrict_branch_speculation_start() \
280
267
do { \
268
+
u64 val = x86_spec_ctrl_base | SPEC_CTRL_IBRS; \
269
+
\
281
270
preempt_disable(); \
282
-
alternative_msr_write(MSR_IA32_SPEC_CTRL, SPEC_CTRL_IBRS, \
271
+
alternative_msr_write(MSR_IA32_SPEC_CTRL, val, \
283
272
X86_FEATURE_USE_IBRS_FW); \
284
273
} while (0)
285
274
286
275
#define firmware_restrict_branch_speculation_end() \
287
276
do { \
288
-
alternative_msr_write(MSR_IA32_SPEC_CTRL, 0, \
277
+
u64 val = x86_spec_ctrl_base; \
278
+
\
279
+
alternative_msr_write(MSR_IA32_SPEC_CTRL, val, \
289
280
X86_FEATURE_USE_IBRS_FW); \
290
281
preempt_enable(); \
291
282
} while (0)
+80
arch/x86/include/asm/spec-ctrl.h
+80
arch/x86/include/asm/spec-ctrl.h
···
1
+
/* SPDX-License-Identifier: GPL-2.0 */
2
+
#ifndef _ASM_X86_SPECCTRL_H_
3
+
#define _ASM_X86_SPECCTRL_H_
4
+
5
+
#include <linux/thread_info.h>
6
+
#include <asm/nospec-branch.h>
7
+
8
+
/*
9
+
* On VMENTER we must preserve whatever view of the SPEC_CTRL MSR
10
+
* the guest has, while on VMEXIT we restore the host view. This
11
+
* would be easier if SPEC_CTRL were architecturally maskable or
12
+
* shadowable for guests but this is not (currently) the case.
13
+
* Takes the guest view of SPEC_CTRL MSR as a parameter and also
14
+
* the guest's version of VIRT_SPEC_CTRL, if emulated.
15
+
*/
16
+
extern void x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool guest);
17
+
18
+
/**
19
+
* x86_spec_ctrl_set_guest - Set speculation control registers for the guest
20
+
* @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL
21
+
* @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL
22
+
* (may get translated to MSR_AMD64_LS_CFG bits)
23
+
*
24
+
* Avoids writing to the MSR if the content/bits are the same
25
+
*/
26
+
static inline
27
+
void x86_spec_ctrl_set_guest(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
28
+
{
29
+
x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, true);
30
+
}
31
+
32
+
/**
33
+
* x86_spec_ctrl_restore_host - Restore host speculation control registers
34
+
* @guest_spec_ctrl: The guest content of MSR_SPEC_CTRL
35
+
* @guest_virt_spec_ctrl: The guest controlled bits of MSR_VIRT_SPEC_CTRL
36
+
* (may get translated to MSR_AMD64_LS_CFG bits)
37
+
*
38
+
* Avoids writing to the MSR if the content/bits are the same
39
+
*/
40
+
static inline
41
+
void x86_spec_ctrl_restore_host(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl)
42
+
{
43
+
x86_virt_spec_ctrl(guest_spec_ctrl, guest_virt_spec_ctrl, false);
44
+
}
45
+
46
+
/* AMD specific Speculative Store Bypass MSR data */
47
+
extern u64 x86_amd_ls_cfg_base;
48
+
extern u64 x86_amd_ls_cfg_ssbd_mask;
49
+
50
+
static inline u64 ssbd_tif_to_spec_ctrl(u64 tifn)
51
+
{
52
+
BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT);
53
+
return (tifn & _TIF_SSBD) >> (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
54
+
}
55
+
56
+
static inline unsigned long ssbd_spec_ctrl_to_tif(u64 spec_ctrl)
57
+
{
58
+
BUILD_BUG_ON(TIF_SSBD < SPEC_CTRL_SSBD_SHIFT);
59
+
return (spec_ctrl & SPEC_CTRL_SSBD) << (TIF_SSBD - SPEC_CTRL_SSBD_SHIFT);
60
+
}
61
+
62
+
static inline u64 ssbd_tif_to_amd_ls_cfg(u64 tifn)
63
+
{
64
+
return (tifn & _TIF_SSBD) ? x86_amd_ls_cfg_ssbd_mask : 0ULL;
65
+
}
66
+
67
+
#ifdef CONFIG_SMP
68
+
extern void speculative_store_bypass_ht_init(void);
69
+
#else
70
+
static inline void speculative_store_bypass_ht_init(void) { }
71
+
#endif
72
+
73
+
extern void speculative_store_bypass_update(unsigned long tif);
74
+
75
+
static inline void speculative_store_bypass_update_current(void)
76
+
{
77
+
speculative_store_bypass_update(current_thread_info()->flags);
78
+
}
79
+
80
+
#endif
+3
-1
arch/x86/include/asm/thread_info.h
+3
-1
arch/x86/include/asm/thread_info.h
···
79
79
#define TIF_SIGPENDING 2 /* signal pending */
80
80
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
81
81
#define TIF_SINGLESTEP 4 /* reenable singlestep on user return*/
82
+
#define TIF_SSBD 5 /* Reduced data speculation */
82
83
#define TIF_SYSCALL_EMU 6 /* syscall emulation active */
83
84
#define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */
84
85
#define TIF_SECCOMP 8 /* secure computing */
···
106
105
#define _TIF_SIGPENDING (1 << TIF_SIGPENDING)
107
106
#define _TIF_NEED_RESCHED (1 << TIF_NEED_RESCHED)
108
107
#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP)
108
+
#define _TIF_SSBD (1 << TIF_SSBD)
109
109
#define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU)
110
110
#define _TIF_SYSCALL_AUDIT (1 << TIF_SYSCALL_AUDIT)
111
111
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
···
146
144
147
145
/* flags to check in __switch_to() */
148
146
#define _TIF_WORK_CTXSW \
149
-
(_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP)
147
+
(_TIF_IO_BITMAP|_TIF_NOCPUID|_TIF_NOTSC|_TIF_BLOCKSTEP|_TIF_SSBD)
150
148
151
149
#define _TIF_WORK_CTXSW_PREV (_TIF_WORK_CTXSW|_TIF_USER_RETURN_NOTIFY)
152
150
#define _TIF_WORK_CTXSW_NEXT (_TIF_WORK_CTXSW)
+22
arch/x86/kernel/cpu/amd.c
+22
arch/x86/kernel/cpu/amd.c
···
10
10
#include <asm/processor.h>
11
11
#include <asm/apic.h>
12
12
#include <asm/cpu.h>
13
+
#include <asm/spec-ctrl.h>
13
14
#include <asm/smp.h>
14
15
#include <asm/pci-direct.h>
15
16
#include <asm/delay.h>
···
555
554
rdmsrl(MSR_FAM10H_NODE_ID, value);
556
555
nodes_per_socket = ((value >> 3) & 7) + 1;
557
556
}
557
+
558
+
if (c->x86 >= 0x15 && c->x86 <= 0x17) {
559
+
unsigned int bit;
560
+
561
+
switch (c->x86) {
562
+
case 0x15: bit = 54; break;
563
+
case 0x16: bit = 33; break;
564
+
case 0x17: bit = 10; break;
565
+
default: return;
566
+
}
567
+
/*
568
+
* Try to cache the base value so further operations can
569
+
* avoid RMW. If that faults, do not enable SSBD.
570
+
*/
571
+
if (!rdmsrl_safe(MSR_AMD64_LS_CFG, &x86_amd_ls_cfg_base)) {
572
+
setup_force_cpu_cap(X86_FEATURE_LS_CFG_SSBD);
573
+
setup_force_cpu_cap(X86_FEATURE_SSBD);
574
+
x86_amd_ls_cfg_ssbd_mask = 1ULL << bit;
575
+
}
576
+
}
558
577
}
559
578
560
579
static void early_detect_mem_encrypt(struct cpuinfo_x86 *c)
···
812
791
813
792
static void init_amd_zn(struct cpuinfo_x86 *c)
814
793
{
794
+
set_cpu_cap(c, X86_FEATURE_ZEN);
815
795
/*
816
796
* Fix erratum 1076: CPB feature bit not being set in CPUID. It affects
817
797
* all up to and including B1.
+383
-16
arch/x86/kernel/cpu/bugs.c
+383
-16
arch/x86/kernel/cpu/bugs.c
···
12
12
#include <linux/utsname.h>
13
13
#include <linux/cpu.h>
14
14
#include <linux/module.h>
15
+
#include <linux/nospec.h>
16
+
#include <linux/prctl.h>
15
17
16
-
#include <asm/nospec-branch.h>
18
+
#include <asm/spec-ctrl.h>
17
19
#include <asm/cmdline.h>
18
20
#include <asm/bugs.h>
19
21
#include <asm/processor.h>
···
29
27
#include <asm/intel-family.h>
30
28
31
29
static void __init spectre_v2_select_mitigation(void);
30
+
static void __init ssb_select_mitigation(void);
31
+
32
+
/*
33
+
* Our boot-time value of the SPEC_CTRL MSR. We read it once so that any
34
+
* writes to SPEC_CTRL contain whatever reserved bits have been set.
35
+
*/
36
+
u64 __ro_after_init x86_spec_ctrl_base;
37
+
EXPORT_SYMBOL_GPL(x86_spec_ctrl_base);
38
+
39
+
/*
40
+
* The vendor and possibly platform specific bits which can be modified in
41
+
* x86_spec_ctrl_base.
42
+
*/
43
+
static u64 __ro_after_init x86_spec_ctrl_mask = SPEC_CTRL_IBRS;
44
+
45
+
/*
46
+
* AMD specific MSR info for Speculative Store Bypass control.
47
+
* x86_amd_ls_cfg_ssbd_mask is initialized in identify_boot_cpu().
48
+
*/
49
+
u64 __ro_after_init x86_amd_ls_cfg_base;
50
+
u64 __ro_after_init x86_amd_ls_cfg_ssbd_mask;
32
51
33
52
void __init check_bugs(void)
34
53
{
···
60
37
print_cpu_info(&boot_cpu_data);
61
38
}
62
39
40
+
/*
41
+
* Read the SPEC_CTRL MSR to account for reserved bits which may
42
+
* have unknown values. AMD64_LS_CFG MSR is cached in the early AMD
43
+
* init code as it is not enumerated and depends on the family.
44
+
*/
45
+
if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
46
+
rdmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
47
+
48
+
/* Allow STIBP in MSR_SPEC_CTRL if supported */
49
+
if (boot_cpu_has(X86_FEATURE_STIBP))
50
+
x86_spec_ctrl_mask |= SPEC_CTRL_STIBP;
51
+
63
52
/* Select the proper spectre mitigation before patching alternatives */
64
53
spectre_v2_select_mitigation();
54
+
55
+
/*
56
+
* Select proper mitigation for any exposure to the Speculative Store
57
+
* Bypass vulnerability.
58
+
*/
59
+
ssb_select_mitigation();
65
60
66
61
#ifdef CONFIG_X86_32
67
62
/*
···
134
93
#undef pr_fmt
135
94
#define pr_fmt(fmt) "Spectre V2 : " fmt
136
95
137
-
static enum spectre_v2_mitigation spectre_v2_enabled = SPECTRE_V2_NONE;
96
+
static enum spectre_v2_mitigation spectre_v2_enabled __ro_after_init =
97
+
SPECTRE_V2_NONE;
98
+
99
+
void
100
+
x86_virt_spec_ctrl(u64 guest_spec_ctrl, u64 guest_virt_spec_ctrl, bool setguest)
101
+
{
102
+
u64 msrval, guestval, hostval = x86_spec_ctrl_base;
103
+
struct thread_info *ti = current_thread_info();
104
+
105
+
/* Is MSR_SPEC_CTRL implemented ? */
106
+
if (static_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) {
107
+
/*
108
+
* Restrict guest_spec_ctrl to supported values. Clear the
109
+
* modifiable bits in the host base value and or the
110
+
* modifiable bits from the guest value.
111
+
*/
112
+
guestval = hostval & ~x86_spec_ctrl_mask;
113
+
guestval |= guest_spec_ctrl & x86_spec_ctrl_mask;
114
+
115
+
/* SSBD controlled in MSR_SPEC_CTRL */
116
+
if (static_cpu_has(X86_FEATURE_SPEC_CTRL_SSBD))
117
+
hostval |= ssbd_tif_to_spec_ctrl(ti->flags);
118
+
119
+
if (hostval != guestval) {
120
+
msrval = setguest ? guestval : hostval;
121
+
wrmsrl(MSR_IA32_SPEC_CTRL, msrval);
122
+
}
123
+
}
124
+
125
+
/*
126
+
* If SSBD is not handled in MSR_SPEC_CTRL on AMD, update
127
+
* MSR_AMD64_L2_CFG or MSR_VIRT_SPEC_CTRL if supported.
128
+
*/
129
+
if (!static_cpu_has(X86_FEATURE_LS_CFG_SSBD) &&
130
+
!static_cpu_has(X86_FEATURE_VIRT_SSBD))
131
+
return;
132
+
133
+
/*
134
+
* If the host has SSBD mitigation enabled, force it in the host's
135
+
* virtual MSR value. If its not permanently enabled, evaluate
136
+
* current's TIF_SSBD thread flag.
137
+
*/
138
+
if (static_cpu_has(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE))
139
+
hostval = SPEC_CTRL_SSBD;
140
+
else
141
+
hostval = ssbd_tif_to_spec_ctrl(ti->flags);
142
+
143
+
/* Sanitize the guest value */
144
+
guestval = guest_virt_spec_ctrl & SPEC_CTRL_SSBD;
145
+
146
+
if (hostval != guestval) {
147
+
unsigned long tif;
148
+
149
+
tif = setguest ? ssbd_spec_ctrl_to_tif(guestval) :
150
+
ssbd_spec_ctrl_to_tif(hostval);
151
+
152
+
speculative_store_bypass_update(tif);
153
+
}
154
+
}
155
+
EXPORT_SYMBOL_GPL(x86_virt_spec_ctrl);
156
+
157
+
static void x86_amd_ssb_disable(void)
158
+
{
159
+
u64 msrval = x86_amd_ls_cfg_base | x86_amd_ls_cfg_ssbd_mask;
160
+
161
+
if (boot_cpu_has(X86_FEATURE_VIRT_SSBD))
162
+
wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, SPEC_CTRL_SSBD);
163
+
else if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
164
+
wrmsrl(MSR_AMD64_LS_CFG, msrval);
165
+
}
138
166
139
167
#ifdef RETPOLINE
140
168
static bool spectre_v2_bad_module;
···
422
312
}
423
313
424
314
#undef pr_fmt
315
+
#define pr_fmt(fmt) "Speculative Store Bypass: " fmt
316
+
317
+
static enum ssb_mitigation ssb_mode __ro_after_init = SPEC_STORE_BYPASS_NONE;
318
+
319
+
/* The kernel command line selection */
320
+
enum ssb_mitigation_cmd {
321
+
SPEC_STORE_BYPASS_CMD_NONE,
322
+
SPEC_STORE_BYPASS_CMD_AUTO,
323
+
SPEC_STORE_BYPASS_CMD_ON,
324
+
SPEC_STORE_BYPASS_CMD_PRCTL,
325
+
SPEC_STORE_BYPASS_CMD_SECCOMP,
326
+
};
327
+
328
+
static const char *ssb_strings[] = {
329
+
[SPEC_STORE_BYPASS_NONE] = "Vulnerable",
330
+
[SPEC_STORE_BYPASS_DISABLE] = "Mitigation: Speculative Store Bypass disabled",
331
+
[SPEC_STORE_BYPASS_PRCTL] = "Mitigation: Speculative Store Bypass disabled via prctl",
332
+
[SPEC_STORE_BYPASS_SECCOMP] = "Mitigation: Speculative Store Bypass disabled via prctl and seccomp",
333
+
};
334
+
335
+
static const struct {
336
+
const char *option;
337
+
enum ssb_mitigation_cmd cmd;
338
+
} ssb_mitigation_options[] = {
339
+
{ "auto", SPEC_STORE_BYPASS_CMD_AUTO }, /* Platform decides */
340
+
{ "on", SPEC_STORE_BYPASS_CMD_ON }, /* Disable Speculative Store Bypass */
341
+
{ "off", SPEC_STORE_BYPASS_CMD_NONE }, /* Don't touch Speculative Store Bypass */
342
+
{ "prctl", SPEC_STORE_BYPASS_CMD_PRCTL }, /* Disable Speculative Store Bypass via prctl */
343
+
{ "seccomp", SPEC_STORE_BYPASS_CMD_SECCOMP }, /* Disable Speculative Store Bypass via prctl and seccomp */
344
+
};
345
+
346
+
static enum ssb_mitigation_cmd __init ssb_parse_cmdline(void)
347
+
{
348
+
enum ssb_mitigation_cmd cmd = SPEC_STORE_BYPASS_CMD_AUTO;
349
+
char arg[20];
350
+
int ret, i;
351
+
352
+
if (cmdline_find_option_bool(boot_command_line, "nospec_store_bypass_disable")) {
353
+
return SPEC_STORE_BYPASS_CMD_NONE;
354
+
} else {
355
+
ret = cmdline_find_option(boot_command_line, "spec_store_bypass_disable",
356
+
arg, sizeof(arg));
357
+
if (ret < 0)
358
+
return SPEC_STORE_BYPASS_CMD_AUTO;
359
+
360
+
for (i = 0; i < ARRAY_SIZE(ssb_mitigation_options); i++) {
361
+
if (!match_option(arg, ret, ssb_mitigation_options[i].option))
362
+
continue;
363
+
364
+
cmd = ssb_mitigation_options[i].cmd;
365
+
break;
366
+
}
367
+
368
+
if (i >= ARRAY_SIZE(ssb_mitigation_options)) {
369
+
pr_err("unknown option (%s). Switching to AUTO select\n", arg);
370
+
return SPEC_STORE_BYPASS_CMD_AUTO;
371
+
}
372
+
}
373
+
374
+
return cmd;
375
+
}
376
+
377
+
static enum ssb_mitigation __init __ssb_select_mitigation(void)
378
+
{
379
+
enum ssb_mitigation mode = SPEC_STORE_BYPASS_NONE;
380
+
enum ssb_mitigation_cmd cmd;
381
+
382
+
if (!boot_cpu_has(X86_FEATURE_SSBD))
383
+
return mode;
384
+
385
+
cmd = ssb_parse_cmdline();
386
+
if (!boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS) &&
387
+
(cmd == SPEC_STORE_BYPASS_CMD_NONE ||
388
+
cmd == SPEC_STORE_BYPASS_CMD_AUTO))
389
+
return mode;
390
+
391
+
switch (cmd) {
392
+
case SPEC_STORE_BYPASS_CMD_AUTO:
393
+
case SPEC_STORE_BYPASS_CMD_SECCOMP:
394
+
/*
395
+
* Choose prctl+seccomp as the default mode if seccomp is
396
+
* enabled.
397
+
*/
398
+
if (IS_ENABLED(CONFIG_SECCOMP))
399
+
mode = SPEC_STORE_BYPASS_SECCOMP;
400
+
else
401
+
mode = SPEC_STORE_BYPASS_PRCTL;
402
+
break;
403
+
case SPEC_STORE_BYPASS_CMD_ON:
404
+
mode = SPEC_STORE_BYPASS_DISABLE;
405
+
break;
406
+
case SPEC_STORE_BYPASS_CMD_PRCTL:
407
+
mode = SPEC_STORE_BYPASS_PRCTL;
408
+
break;
409
+
case SPEC_STORE_BYPASS_CMD_NONE:
410
+
break;
411
+
}
412
+
413
+
/*
414
+
* We have three CPU feature flags that are in play here:
415
+
* - X86_BUG_SPEC_STORE_BYPASS - CPU is susceptible.
416
+
* - X86_FEATURE_SSBD - CPU is able to turn off speculative store bypass
417
+
* - X86_FEATURE_SPEC_STORE_BYPASS_DISABLE - engage the mitigation
418
+
*/
419
+
if (mode == SPEC_STORE_BYPASS_DISABLE) {
420
+
setup_force_cpu_cap(X86_FEATURE_SPEC_STORE_BYPASS_DISABLE);
421
+
/*
422
+
* Intel uses the SPEC CTRL MSR Bit(2) for this, while AMD uses
423
+
* a completely different MSR and bit dependent on family.
424
+
*/
425
+
switch (boot_cpu_data.x86_vendor) {
426
+
case X86_VENDOR_INTEL:
427
+
x86_spec_ctrl_base |= SPEC_CTRL_SSBD;
428
+
x86_spec_ctrl_mask |= SPEC_CTRL_SSBD;
429
+
wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
430
+
break;
431
+
case X86_VENDOR_AMD:
432
+
x86_amd_ssb_disable();
433
+
break;
434
+
}
435
+
}
436
+
437
+
return mode;
438
+
}
439
+
440
+
static void ssb_select_mitigation(void)
441
+
{
442
+
ssb_mode = __ssb_select_mitigation();
443
+
444
+
if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
445
+
pr_info("%s\n", ssb_strings[ssb_mode]);
446
+
}
447
+
448
+
#undef pr_fmt
449
+
#define pr_fmt(fmt) "Speculation prctl: " fmt
450
+
451
+
static int ssb_prctl_set(struct task_struct *task, unsigned long ctrl)
452
+
{
453
+
bool update;
454
+
455
+
if (ssb_mode != SPEC_STORE_BYPASS_PRCTL &&
456
+
ssb_mode != SPEC_STORE_BYPASS_SECCOMP)
457
+
return -ENXIO;
458
+
459
+
switch (ctrl) {
460
+
case PR_SPEC_ENABLE:
461
+
/* If speculation is force disabled, enable is not allowed */
462
+
if (task_spec_ssb_force_disable(task))
463
+
return -EPERM;
464
+
task_clear_spec_ssb_disable(task);
465
+
update = test_and_clear_tsk_thread_flag(task, TIF_SSBD);
466
+
break;
467
+
case PR_SPEC_DISABLE:
468
+
task_set_spec_ssb_disable(task);
469
+
update = !test_and_set_tsk_thread_flag(task, TIF_SSBD);
470
+
break;
471
+
case PR_SPEC_FORCE_DISABLE:
472
+
task_set_spec_ssb_disable(task);
473
+
task_set_spec_ssb_force_disable(task);
474
+
update = !test_and_set_tsk_thread_flag(task, TIF_SSBD);
475
+
break;
476
+
default:
477
+
return -ERANGE;
478
+
}
479
+
480
+
/*
481
+
* If being set on non-current task, delay setting the CPU
482
+
* mitigation until it is next scheduled.
483
+
*/
484
+
if (task == current && update)
485
+
speculative_store_bypass_update_current();
486
+
487
+
return 0;
488
+
}
489
+
490
+
int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
491
+
unsigned long ctrl)
492
+
{
493
+
switch (which) {
494
+
case PR_SPEC_STORE_BYPASS:
495
+
return ssb_prctl_set(task, ctrl);
496
+
default:
497
+
return -ENODEV;
498
+
}
499
+
}
500
+
501
+
#ifdef CONFIG_SECCOMP
502
+
void arch_seccomp_spec_mitigate(struct task_struct *task)
503
+
{
504
+
if (ssb_mode == SPEC_STORE_BYPASS_SECCOMP)
505
+
ssb_prctl_set(task, PR_SPEC_FORCE_DISABLE);
506
+
}
507
+
#endif
508
+
509
+
static int ssb_prctl_get(struct task_struct *task)
510
+
{
511
+
switch (ssb_mode) {
512
+
case SPEC_STORE_BYPASS_DISABLE:
513
+
return PR_SPEC_DISABLE;
514
+
case SPEC_STORE_BYPASS_SECCOMP:
515
+
case SPEC_STORE_BYPASS_PRCTL:
516
+
if (task_spec_ssb_force_disable(task))
517
+
return PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE;
518
+
if (task_spec_ssb_disable(task))
519
+
return PR_SPEC_PRCTL | PR_SPEC_DISABLE;
520
+
return PR_SPEC_PRCTL | PR_SPEC_ENABLE;
521
+
default:
522
+
if (boot_cpu_has_bug(X86_BUG_SPEC_STORE_BYPASS))
523
+
return PR_SPEC_ENABLE;
524
+
return PR_SPEC_NOT_AFFECTED;
525
+
}
526
+
}
527
+
528
+
int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which)
529
+
{
530
+
switch (which) {
531
+
case PR_SPEC_STORE_BYPASS:
532
+
return ssb_prctl_get(task);
533
+
default:
534
+
return -ENODEV;
535
+
}
536
+
}
537
+
538
+
void x86_spec_ctrl_setup_ap(void)
539
+
{
540
+
if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL))
541
+
wrmsrl(MSR_IA32_SPEC_CTRL, x86_spec_ctrl_base);
542
+
543
+
if (ssb_mode == SPEC_STORE_BYPASS_DISABLE)
544
+
x86_amd_ssb_disable();
545
+
}
425
546
426
547
#ifdef CONFIG_SYSFS
548
+
549
+
static ssize_t cpu_show_common(struct device *dev, struct device_attribute *attr,
550
+
char *buf, unsigned int bug)
551
+
{
552
+
if (!boot_cpu_has_bug(bug))
553
+
return sprintf(buf, "Not affected\n");
554
+
555
+
switch (bug) {
556
+
case X86_BUG_CPU_MELTDOWN:
557
+
if (boot_cpu_has(X86_FEATURE_PTI))
558
+
return sprintf(buf, "Mitigation: PTI\n");
559
+
560
+
break;
561
+
562
+
case X86_BUG_SPECTRE_V1:
563
+
return sprintf(buf, "Mitigation: __user pointer sanitization\n");
564
+
565
+
case X86_BUG_SPECTRE_V2:
566
+
return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
567
+
boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
568
+
boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
569
+
spectre_v2_module_string());
570
+
571
+
case X86_BUG_SPEC_STORE_BYPASS:
572
+
return sprintf(buf, "%s\n", ssb_strings[ssb_mode]);
573
+
574
+
default:
575
+
break;
576
+
}
577
+
578
+
return sprintf(buf, "Vulnerable\n");
579
+
}
580
+
427
581
ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf)
428
582
{
429
-
if (!boot_cpu_has_bug(X86_BUG_CPU_MELTDOWN))
430
-
return sprintf(buf, "Not affected\n");
431
-
if (boot_cpu_has(X86_FEATURE_PTI))
432
-
return sprintf(buf, "Mitigation: PTI\n");
433
-
return sprintf(buf, "Vulnerable\n");
583
+
return cpu_show_common(dev, attr, buf, X86_BUG_CPU_MELTDOWN);
434
584
}
435
585
436
586
ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr, char *buf)
437
587
{
438
-
if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V1))
439
-
return sprintf(buf, "Not affected\n");
440
-
return sprintf(buf, "Mitigation: __user pointer sanitization\n");
588
+
return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V1);
441
589
}
442
590
443
591
ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr, char *buf)
444
592
{
445
-
if (!boot_cpu_has_bug(X86_BUG_SPECTRE_V2))
446
-
return sprintf(buf, "Not affected\n");
593
+
return cpu_show_common(dev, attr, buf, X86_BUG_SPECTRE_V2);
594
+
}
447
595
448
-
return sprintf(buf, "%s%s%s%s\n", spectre_v2_strings[spectre_v2_enabled],
449
-
boot_cpu_has(X86_FEATURE_USE_IBPB) ? ", IBPB" : "",
450
-
boot_cpu_has(X86_FEATURE_USE_IBRS_FW) ? ", IBRS_FW" : "",
451
-
spectre_v2_module_string());
596
+
ssize_t cpu_show_spec_store_bypass(struct device *dev, struct device_attribute *attr, char *buf)
597
+
{
598
+
return cpu_show_common(dev, attr, buf, X86_BUG_SPEC_STORE_BYPASS);
452
599
}
453
600
#endif
+52
-15
arch/x86/kernel/cpu/common.c
+52
-15
arch/x86/kernel/cpu/common.c
···
757
757
* and they also have a different bit for STIBP support. Also,
758
758
* a hypervisor might have set the individual AMD bits even on
759
759
* Intel CPUs, for finer-grained selection of what's available.
760
-
*
761
-
* We use the AMD bits in 0x8000_0008 EBX as the generic hardware
762
-
* features, which are visible in /proc/cpuinfo and used by the
763
-
* kernel. So set those accordingly from the Intel bits.
764
760
*/
765
761
if (cpu_has(c, X86_FEATURE_SPEC_CTRL)) {
766
762
set_cpu_cap(c, X86_FEATURE_IBRS);
767
763
set_cpu_cap(c, X86_FEATURE_IBPB);
764
+
set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
768
765
}
766
+
769
767
if (cpu_has(c, X86_FEATURE_INTEL_STIBP))
770
768
set_cpu_cap(c, X86_FEATURE_STIBP);
769
+
770
+
if (cpu_has(c, X86_FEATURE_SPEC_CTRL_SSBD) ||
771
+
cpu_has(c, X86_FEATURE_VIRT_SSBD))
772
+
set_cpu_cap(c, X86_FEATURE_SSBD);
773
+
774
+
if (cpu_has(c, X86_FEATURE_AMD_IBRS)) {
775
+
set_cpu_cap(c, X86_FEATURE_IBRS);
776
+
set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
777
+
}
778
+
779
+
if (cpu_has(c, X86_FEATURE_AMD_IBPB))
780
+
set_cpu_cap(c, X86_FEATURE_IBPB);
781
+
782
+
if (cpu_has(c, X86_FEATURE_AMD_STIBP)) {
783
+
set_cpu_cap(c, X86_FEATURE_STIBP);
784
+
set_cpu_cap(c, X86_FEATURE_MSR_SPEC_CTRL);
785
+
}
771
786
}
772
787
773
788
void get_cpu_cap(struct cpuinfo_x86 *c)
···
942
927
{}
943
928
};
944
929
945
-
static bool __init cpu_vulnerable_to_meltdown(struct cpuinfo_x86 *c)
930
+
/* Only list CPUs which speculate but are non susceptible to SSB */
931
+
static const __initconst struct x86_cpu_id cpu_no_spec_store_bypass[] = {
932
+
{ X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT1 },
933
+
{ X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_AIRMONT },
934
+
{ X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_SILVERMONT2 },
935
+
{ X86_VENDOR_INTEL, 6, INTEL_FAM6_ATOM_MERRIFIELD },
936
+
{ X86_VENDOR_INTEL, 6, INTEL_FAM6_CORE_YONAH },
937
+
{ X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNL },
938
+
{ X86_VENDOR_INTEL, 6, INTEL_FAM6_XEON_PHI_KNM },
939
+
{ X86_VENDOR_AMD, 0x12, },
940
+
{ X86_VENDOR_AMD, 0x11, },
941
+
{ X86_VENDOR_AMD, 0x10, },
942
+
{ X86_VENDOR_AMD, 0xf, },
943
+
{}
944
+
};
945
+
946
+
static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
946
947
{
947
948
u64 ia32_cap = 0;
948
949
949
-
if (x86_match_cpu(cpu_no_meltdown))
950
-
return false;
950
+
if (x86_match_cpu(cpu_no_speculation))
951
+
return;
952
+
953
+
setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
954
+
setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
951
955
952
956
if (cpu_has(c, X86_FEATURE_ARCH_CAPABILITIES))
953
957
rdmsrl(MSR_IA32_ARCH_CAPABILITIES, ia32_cap);
954
958
959
+
if (!x86_match_cpu(cpu_no_spec_store_bypass) &&
960
+
!(ia32_cap & ARCH_CAP_SSB_NO))
961
+
setup_force_cpu_bug(X86_BUG_SPEC_STORE_BYPASS);
962
+
963
+
if (x86_match_cpu(cpu_no_meltdown))
964
+
return;
965
+
955
966
/* Rogue Data Cache Load? No! */
956
967
if (ia32_cap & ARCH_CAP_RDCL_NO)
957
-
return false;
968
+
return;
958
969
959
-
return true;
970
+
setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
960
971
}
961
972
962
973
/*
···
1033
992
1034
993
setup_force_cpu_cap(X86_FEATURE_ALWAYS);
1035
994
1036
-
if (!x86_match_cpu(cpu_no_speculation)) {
1037
-
if (cpu_vulnerable_to_meltdown(c))
1038
-
setup_force_cpu_bug(X86_BUG_CPU_MELTDOWN);
1039
-
setup_force_cpu_bug(X86_BUG_SPECTRE_V1);
1040
-
setup_force_cpu_bug(X86_BUG_SPECTRE_V2);
1041
-
}
995
+
cpu_set_bug_bits(c);
1042
996
1043
997
fpu__init_system(c);
1044
998
···
1395
1359
#endif
1396
1360
mtrr_ap_init();
1397
1361
validate_apic_and_package_id(c);
1362
+
x86_spec_ctrl_setup_ap();
1398
1363
}
1399
1364
1400
1365
static __init int setup_noclflush(char *arg)
+2
arch/x86/kernel/cpu/cpu.h
+2
arch/x86/kernel/cpu/cpu.h
+3
arch/x86/kernel/cpu/intel.c
+3
arch/x86/kernel/cpu/intel.c
···
188
188
setup_clear_cpu_cap(X86_FEATURE_IBPB);
189
189
setup_clear_cpu_cap(X86_FEATURE_STIBP);
190
190
setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL);
191
+
setup_clear_cpu_cap(X86_FEATURE_MSR_SPEC_CTRL);
191
192
setup_clear_cpu_cap(X86_FEATURE_INTEL_STIBP);
193
+
setup_clear_cpu_cap(X86_FEATURE_SSBD);
194
+
setup_clear_cpu_cap(X86_FEATURE_SPEC_CTRL_SSBD);
192
195
}
193
196
194
197
/*
+146
arch/x86/kernel/process.c
+146
arch/x86/kernel/process.c
···
38
38
#include <asm/switch_to.h>
39
39
#include <asm/desc.h>
40
40
#include <asm/prctl.h>
41
+
#include <asm/spec-ctrl.h>
41
42
42
43
/*
43
44
* per-CPU TSS segments. Threads are completely 'soft' on Linux,
···
279
278
}
280
279
}
281
280
281
+
#ifdef CONFIG_SMP
282
+
283
+
struct ssb_state {
284
+
struct ssb_state *shared_state;
285
+
raw_spinlock_t lock;
286
+
unsigned int disable_state;
287
+
unsigned long local_state;
288
+
};
289
+
290
+
#define LSTATE_SSB 0
291
+
292
+
static DEFINE_PER_CPU(struct ssb_state, ssb_state);
293
+
294
+
void speculative_store_bypass_ht_init(void)
295
+
{
296
+
struct ssb_state *st = this_cpu_ptr(&ssb_state);
297
+
unsigned int this_cpu = smp_processor_id();
298
+
unsigned int cpu;
299
+
300
+
st->local_state = 0;
301
+
302
+
/*
303
+
* Shared state setup happens once on the first bringup
304
+
* of the CPU. It's not destroyed on CPU hotunplug.
305
+
*/
306
+
if (st->shared_state)
307
+
return;
308
+
309
+
raw_spin_lock_init(&st->lock);
310
+
311
+
/*
312
+
* Go over HT siblings and check whether one of them has set up the
313
+
* shared state pointer already.
314
+
*/
315
+
for_each_cpu(cpu, topology_sibling_cpumask(this_cpu)) {
316
+
if (cpu == this_cpu)
317
+
continue;
318
+
319
+
if (!per_cpu(ssb_state, cpu).shared_state)
320
+
continue;
321
+
322
+
/* Link it to the state of the sibling: */
323
+
st->shared_state = per_cpu(ssb_state, cpu).shared_state;
324
+
return;
325
+
}
326
+
327
+
/*
328
+
* First HT sibling to come up on the core. Link shared state of
329
+
* the first HT sibling to itself. The siblings on the same core
330
+
* which come up later will see the shared state pointer and link
331
+
* themself to the state of this CPU.
332
+
*/
333
+
st->shared_state = st;
334
+
}
335
+
336
+
/*
337
+
* Logic is: First HT sibling enables SSBD for both siblings in the core
338
+
* and last sibling to disable it, disables it for the whole core. This how
339
+
* MSR_SPEC_CTRL works in "hardware":
340
+
*
341
+
* CORE_SPEC_CTRL = THREAD0_SPEC_CTRL | THREAD1_SPEC_CTRL
342
+
*/
343
+
static __always_inline void amd_set_core_ssb_state(unsigned long tifn)
344
+
{
345
+
struct ssb_state *st = this_cpu_ptr(&ssb_state);
346
+
u64 msr = x86_amd_ls_cfg_base;
347
+
348
+
if (!static_cpu_has(X86_FEATURE_ZEN)) {
349
+
msr |= ssbd_tif_to_amd_ls_cfg(tifn);
350
+
wrmsrl(MSR_AMD64_LS_CFG, msr);
351
+
return;
352
+
}
353
+
354
+
if (tifn & _TIF_SSBD) {
355
+
/*
356
+
* Since this can race with prctl(), block reentry on the
357
+
* same CPU.
358
+
*/
359
+
if (__test_and_set_bit(LSTATE_SSB, &st->local_state))
360
+
return;
361
+
362
+
msr |= x86_amd_ls_cfg_ssbd_mask;
363
+
364
+
raw_spin_lock(&st->shared_state->lock);
365
+
/* First sibling enables SSBD: */
366
+
if (!st->shared_state->disable_state)
367
+
wrmsrl(MSR_AMD64_LS_CFG, msr);
368
+
st->shared_state->disable_state++;
369
+
raw_spin_unlock(&st->shared_state->lock);
370
+
} else {
371
+
if (!__test_and_clear_bit(LSTATE_SSB, &st->local_state))
372
+
return;
373
+
374
+
raw_spin_lock(&st->shared_state->lock);
375
+
st->shared_state->disable_state--;
376
+
if (!st->shared_state->disable_state)
377
+
wrmsrl(MSR_AMD64_LS_CFG, msr);
378
+
raw_spin_unlock(&st->shared_state->lock);
379
+
}
380
+
}
381
+
#else
382
+
static __always_inline void amd_set_core_ssb_state(unsigned long tifn)
383
+
{
384
+
u64 msr = x86_amd_ls_cfg_base | ssbd_tif_to_amd_ls_cfg(tifn);
385
+
386
+
wrmsrl(MSR_AMD64_LS_CFG, msr);
387
+
}
388
+
#endif
389
+
390
+
static __always_inline void amd_set_ssb_virt_state(unsigned long tifn)
391
+
{
392
+
/*
393
+
* SSBD has the same definition in SPEC_CTRL and VIRT_SPEC_CTRL,
394
+
* so ssbd_tif_to_spec_ctrl() just works.
395
+
*/
396
+
wrmsrl(MSR_AMD64_VIRT_SPEC_CTRL, ssbd_tif_to_spec_ctrl(tifn));
397
+
}
398
+
399
+
static __always_inline void intel_set_ssb_state(unsigned long tifn)
400
+
{
401
+
u64 msr = x86_spec_ctrl_base | ssbd_tif_to_spec_ctrl(tifn);
402
+
403
+
wrmsrl(MSR_IA32_SPEC_CTRL, msr);
404
+
}
405
+
406
+
static __always_inline void __speculative_store_bypass_update(unsigned long tifn)
407
+
{
408
+
if (static_cpu_has(X86_FEATURE_VIRT_SSBD))
409
+
amd_set_ssb_virt_state(tifn);
410
+
else if (static_cpu_has(X86_FEATURE_LS_CFG_SSBD))
411
+
amd_set_core_ssb_state(tifn);
412
+
else
413
+
intel_set_ssb_state(tifn);
414
+
}
415
+
416
+
void speculative_store_bypass_update(unsigned long tif)
417
+
{
418
+
preempt_disable();
419
+
__speculative_store_bypass_update(tif);
420
+
preempt_enable();
421
+
}
422
+
282
423
void __switch_to_xtra(struct task_struct *prev_p, struct task_struct *next_p,
283
424
struct tss_struct *tss)
284
425
{
···
452
309
453
310
if ((tifp ^ tifn) & _TIF_NOCPUID)
454
311
set_cpuid_faulting(!!(tifn & _TIF_NOCPUID));
312
+
313
+
if ((tifp ^ tifn) & _TIF_SSBD)
314
+
__speculative_store_bypass_update(tifn);
455
315
}
456
316
457
317
/*
+5
arch/x86/kernel/smpboot.c
+5
arch/x86/kernel/smpboot.c
···
79
79
#include <asm/qspinlock.h>
80
80
#include <asm/intel-family.h>
81
81
#include <asm/cpu_device_id.h>
82
+
#include <asm/spec-ctrl.h>
82
83
83
84
/* Number of siblings per CPU package */
84
85
int smp_num_siblings = 1;
···
244
243
* Check TSC synchronization with the boot CPU:
245
244
*/
246
245
check_tsc_sync_target();
246
+
247
+
speculative_store_bypass_ht_init();
247
248
248
249
/*
249
250
* Lock vector_lock, set CPU online and bring the vector
···
1295
1292
set_mtrr_aps_delayed_init();
1296
1293
1297
1294
smp_quirk_init_udelay();
1295
+
1296
+
speculative_store_bypass_ht_init();
1298
1297
}
1299
1298
1300
1299
void arch_enable_nonboot_cpus_begin(void)
+19
-7
arch/x86/kvm/cpuid.c
+19
-7
arch/x86/kvm/cpuid.c
···
379
379
380
380
/* cpuid 0x80000008.ebx */
381
381
const u32 kvm_cpuid_8000_0008_ebx_x86_features =
382
-
F(IBPB) | F(IBRS);
382
+
F(AMD_IBPB) | F(AMD_IBRS) | F(VIRT_SSBD);
383
383
384
384
/* cpuid 0xC0000001.edx */
385
385
const u32 kvm_cpuid_C000_0001_edx_x86_features =
···
408
408
/* cpuid 7.0.edx*/
409
409
const u32 kvm_cpuid_7_0_edx_x86_features =
410
410
F(AVX512_4VNNIW) | F(AVX512_4FMAPS) | F(SPEC_CTRL) |
411
-
F(ARCH_CAPABILITIES);
411
+
F(SPEC_CTRL_SSBD) | F(ARCH_CAPABILITIES);
412
412
413
413
/* all calls to cpuid_count() should be made on the same cpu */
414
414
get_cpu();
···
495
495
entry->ecx &= ~F(PKU);
496
496
entry->edx &= kvm_cpuid_7_0_edx_x86_features;
497
497
cpuid_mask(&entry->edx, CPUID_7_EDX);
498
+
/*
499
+
* We emulate ARCH_CAPABILITIES in software even
500
+
* if the host doesn't support it.
501
+
*/
502
+
entry->edx |= F(ARCH_CAPABILITIES);
498
503
} else {
499
504
entry->ebx = 0;
500
505
entry->ecx = 0;
···
652
647
g_phys_as = phys_as;
653
648
entry->eax = g_phys_as | (virt_as << 8);
654
649
entry->edx = 0;
655
-
/* IBRS and IBPB aren't necessarily present in hardware cpuid */
656
-
if (boot_cpu_has(X86_FEATURE_IBPB))
657
-
entry->ebx |= F(IBPB);
658
-
if (boot_cpu_has(X86_FEATURE_IBRS))
659
-
entry->ebx |= F(IBRS);
650
+
/*
651
+
* IBRS, IBPB and VIRT_SSBD aren't necessarily present in
652
+
* hardware cpuid
653
+
*/
654
+
if (boot_cpu_has(X86_FEATURE_AMD_IBPB))
655
+
entry->ebx |= F(AMD_IBPB);
656
+
if (boot_cpu_has(X86_FEATURE_AMD_IBRS))
657
+
entry->ebx |= F(AMD_IBRS);
658
+
if (boot_cpu_has(X86_FEATURE_VIRT_SSBD))
659
+
entry->ebx |= F(VIRT_SSBD);
660
660
entry->ebx &= kvm_cpuid_8000_0008_ebx_x86_features;
661
661
cpuid_mask(&entry->ebx, CPUID_8000_0008_EBX);
662
+
if (boot_cpu_has(X86_FEATURE_LS_CFG_SSBD))
663
+
entry->ebx |= F(VIRT_SSBD);
662
664
break;
663
665
}
664
666
case 0x80000019:
+11
-8
arch/x86/kvm/hyperv.c
+11
-8
arch/x86/kvm/hyperv.c
···
1260
1260
}
1261
1261
}
1262
1262
1263
+
static int kvm_hv_hypercall_complete(struct kvm_vcpu *vcpu, u64 result)
1264
+
{
1265
+
kvm_hv_hypercall_set_result(vcpu, result);
1266
+
++vcpu->stat.hypercalls;
1267
+
return kvm_skip_emulated_instruction(vcpu);
1268
+
}
1269
+
1263
1270
static int kvm_hv_hypercall_complete_userspace(struct kvm_vcpu *vcpu)
1264
1271
{
1265
-
struct kvm_run *run = vcpu->run;
1266
-
1267
-
kvm_hv_hypercall_set_result(vcpu, run->hyperv.u.hcall.result);
1268
-
return kvm_skip_emulated_instruction(vcpu);
1272
+
return kvm_hv_hypercall_complete(vcpu, vcpu->run->hyperv.u.hcall.result);
1269
1273
}
1270
1274
1271
1275
static u16 kvm_hvcall_signal_event(struct kvm_vcpu *vcpu, bool fast, u64 param)
···
1354
1350
/* Hypercall continuation is not supported yet */
1355
1351
if (rep_cnt || rep_idx) {
1356
1352
ret = HV_STATUS_INVALID_HYPERCALL_CODE;
1357
-
goto set_result;
1353
+
goto out;
1358
1354
}
1359
1355
1360
1356
switch (code) {
···
1385
1381
break;
1386
1382
}
1387
1383
1388
-
set_result:
1389
-
kvm_hv_hypercall_set_result(vcpu, ret);
1390
-
return 1;
1384
+
out:
1385
+
return kvm_hv_hypercall_complete(vcpu, ret);
1391
1386
}
1392
1387
1393
1388
void kvm_hv_init_vm(struct kvm *kvm)
+14
-2
arch/x86/kvm/lapic.c
+14
-2
arch/x86/kvm/lapic.c
···
1522
1522
1523
1523
static void advance_periodic_target_expiration(struct kvm_lapic *apic)
1524
1524
{
1525
-
apic->lapic_timer.tscdeadline +=
1526
-
nsec_to_cycles(apic->vcpu, apic->lapic_timer.period);
1525
+
ktime_t now = ktime_get();
1526
+
u64 tscl = rdtsc();
1527
+
ktime_t delta;
1528
+
1529
+
/*
1530
+
* Synchronize both deadlines to the same time source or
1531
+
* differences in the periods (caused by differences in the
1532
+
* underlying clocks or numerical approximation errors) will
1533
+
* cause the two to drift apart over time as the errors
1534
+
* accumulate.
1535
+
*/
1527
1536
apic->lapic_timer.target_expiration =
1528
1537
ktime_add_ns(apic->lapic_timer.target_expiration,
1529
1538
apic->lapic_timer.period);
1539
+
delta = ktime_sub(apic->lapic_timer.target_expiration, now);
1540
+
apic->lapic_timer.tscdeadline = kvm_read_l1_tsc(apic->vcpu, tscl) +
1541
+
nsec_to_cycles(apic->vcpu, delta);
1530
1542
}
1531
1543
1532
1544
static void start_sw_period(struct kvm_lapic *apic)
+44
-22
arch/x86/kvm/svm.c
+44
-22
arch/x86/kvm/svm.c
···
49
49
#include <asm/debugreg.h>
50
50
#include <asm/kvm_para.h>
51
51
#include <asm/irq_remapping.h>
52
-
#include <asm/nospec-branch.h>
52
+
#include <asm/spec-ctrl.h>
53
53
54
54
#include <asm/virtext.h>
55
55
#include "trace.h"
···
213
213
} host;
214
214
215
215
u64 spec_ctrl;
216
+
/*
217
+
* Contains guest-controlled bits of VIRT_SPEC_CTRL, which will be
218
+
* translated into the appropriate L2_CFG bits on the host to
219
+
* perform speculative control.
220
+
*/
221
+
u64 virt_spec_ctrl;
216
222
217
223
u32 *msrpm;
218
224
···
2066
2060
2067
2061
vcpu->arch.microcode_version = 0x01000065;
2068
2062
svm->spec_ctrl = 0;
2063
+
svm->virt_spec_ctrl = 0;
2069
2064
2070
2065
if (!init_event) {
2071
2066
svm->vcpu.arch.apic_base = APIC_DEFAULT_PHYS_BASE |
···
4115
4108
break;
4116
4109
case MSR_IA32_SPEC_CTRL:
4117
4110
if (!msr_info->host_initiated &&
4118
-
!guest_cpuid_has(vcpu, X86_FEATURE_IBRS))
4111
+
!guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS))
4119
4112
return 1;
4120
4113
4121
4114
msr_info->data = svm->spec_ctrl;
4115
+
break;
4116
+
case MSR_AMD64_VIRT_SPEC_CTRL:
4117
+
if (!msr_info->host_initiated &&
4118
+
!guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
4119
+
return 1;
4120
+
4121
+
msr_info->data = svm->virt_spec_ctrl;
4122
4122
break;
4123
4123
case MSR_F15H_IC_CFG: {
4124
4124
···
4217
4203
break;
4218
4204
case MSR_IA32_SPEC_CTRL:
4219
4205
if (!msr->host_initiated &&
4220
-
!guest_cpuid_has(vcpu, X86_FEATURE_IBRS))
4206
+
!guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBRS))
4221
4207
return 1;
4222
4208
4223
4209
/* The STIBP bit doesn't fault even if it's not advertised */
···
4244
4230
break;
4245
4231
case MSR_IA32_PRED_CMD:
4246
4232
if (!msr->host_initiated &&
4247
-
!guest_cpuid_has(vcpu, X86_FEATURE_IBPB))
4233
+
!guest_cpuid_has(vcpu, X86_FEATURE_AMD_IBPB))
4248
4234
return 1;
4249
4235
4250
4236
if (data & ~PRED_CMD_IBPB)
···
4257
4243
if (is_guest_mode(vcpu))
4258
4244
break;
4259
4245
set_msr_interception(svm->msrpm, MSR_IA32_PRED_CMD, 0, 1);
4246
+
break;
4247
+
case MSR_AMD64_VIRT_SPEC_CTRL:
4248
+
if (!msr->host_initiated &&
4249
+
!guest_cpuid_has(vcpu, X86_FEATURE_VIRT_SSBD))
4250
+
return 1;
4251
+
4252
+
if (data & ~SPEC_CTRL_SSBD)
4253
+
return 1;
4254
+
4255
+
svm->virt_spec_ctrl = data;
4260
4256
break;
4261
4257
case MSR_STAR:
4262
4258
svm->vmcb->save.star = data;
···
5581
5557
* is no need to worry about the conditional branch over the wrmsr
5582
5558
* being speculatively taken.
5583
5559
*/
5584
-
if (svm->spec_ctrl)
5585
-
native_wrmsrl(MSR_IA32_SPEC_CTRL, svm->spec_ctrl);
5560
+
x86_spec_ctrl_set_guest(svm->spec_ctrl, svm->virt_spec_ctrl);
5586
5561
5587
5562
asm volatile (
5588
5563
"push %%" _ASM_BP "; \n\t"
···
5675
5652
#endif
5676
5653
);
5677
5654
5655
+
/* Eliminate branch target predictions from guest mode */
5656
+
vmexit_fill_RSB();
5657
+
5658
+
#ifdef CONFIG_X86_64
5659
+
wrmsrl(MSR_GS_BASE, svm->host.gs_base);
5660
+
#else
5661
+
loadsegment(fs, svm->host.fs);
5662
+
#ifndef CONFIG_X86_32_LAZY_GS
5663
+
loadsegment(gs, svm->host.gs);
5664
+
#endif
5665
+
#endif
5666
+
5678
5667
/*
5679
5668
* We do not use IBRS in the kernel. If this vCPU has used the
5680
5669
* SPEC_CTRL MSR it may have left it on; save the value and
···
5705
5670
if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
5706
5671
svm->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
5707
5672
5708
-
if (svm->spec_ctrl)
5709
-
native_wrmsrl(MSR_IA32_SPEC_CTRL, 0);
5710
-
5711
-
/* Eliminate branch target predictions from guest mode */
5712
-
vmexit_fill_RSB();
5713
-
5714
-
#ifdef CONFIG_X86_64
5715
-
wrmsrl(MSR_GS_BASE, svm->host.gs_base);
5716
-
#else
5717
-
loadsegment(fs, svm->host.fs);
5718
-
#ifndef CONFIG_X86_32_LAZY_GS
5719
-
loadsegment(gs, svm->host.gs);
5720
-
#endif
5721
-
#endif
5673
+
x86_spec_ctrl_restore_host(svm->spec_ctrl, svm->virt_spec_ctrl);
5722
5674
5723
5675
reload_tss(vcpu);
5724
5676
···
5808
5786
return false;
5809
5787
}
5810
5788
5811
-
static bool svm_has_high_real_mode_segbase(void)
5789
+
static bool svm_has_emulated_msr(int index)
5812
5790
{
5813
5791
return true;
5814
5792
}
···
7034
7012
.hardware_enable = svm_hardware_enable,
7035
7013
.hardware_disable = svm_hardware_disable,
7036
7014
.cpu_has_accelerated_tpr = svm_cpu_has_accelerated_tpr,
7037
-
.cpu_has_high_real_mode_segbase = svm_has_high_real_mode_segbase,
7015
+
.has_emulated_msr = svm_has_emulated_msr,
7038
7016
7039
7017
.vcpu_create = svm_create_vcpu,
7040
7018
.vcpu_free = svm_free_vcpu,
+19
-12
arch/x86/kvm/vmx.c
+19
-12
arch/x86/kvm/vmx.c
···
51
51
#include <asm/apic.h>
52
52
#include <asm/irq_remapping.h>
53
53
#include <asm/mmu_context.h>
54
-
#include <asm/nospec-branch.h>
54
+
#include <asm/spec-ctrl.h>
55
55
#include <asm/mshyperv.h>
56
56
57
57
#include "trace.h"
···
3529
3529
return kvm_get_msr_common(vcpu, msr_info);
3530
3530
case MSR_IA32_SPEC_CTRL:
3531
3531
if (!msr_info->host_initiated &&
3532
-
!guest_cpuid_has(vcpu, X86_FEATURE_IBRS) &&
3533
3532
!guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))
3534
3533
return 1;
3535
3534
···
3647
3648
break;
3648
3649
case MSR_IA32_SPEC_CTRL:
3649
3650
if (!msr_info->host_initiated &&
3650
-
!guest_cpuid_has(vcpu, X86_FEATURE_IBRS) &&
3651
3651
!guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))
3652
3652
return 1;
3653
3653
3654
3654
/* The STIBP bit doesn't fault even if it's not advertised */
3655
-
if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP))
3655
+
if (data & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP | SPEC_CTRL_SSBD))
3656
3656
return 1;
3657
3657
3658
3658
vmx->spec_ctrl = data;
···
3677
3679
break;
3678
3680
case MSR_IA32_PRED_CMD:
3679
3681
if (!msr_info->host_initiated &&
3680
-
!guest_cpuid_has(vcpu, X86_FEATURE_IBPB) &&
3681
3682
!guest_cpuid_has(vcpu, X86_FEATURE_SPEC_CTRL))
3682
3683
return 1;
3683
3684
···
9485
9488
}
9486
9489
STACK_FRAME_NON_STANDARD(vmx_handle_external_intr);
9487
9490
9488
-
static bool vmx_has_high_real_mode_segbase(void)
9491
+
static bool vmx_has_emulated_msr(int index)
9489
9492
{
9490
-
return enable_unrestricted_guest || emulate_invalid_guest_state;
9493
+
switch (index) {
9494
+
case MSR_IA32_SMBASE:
9495
+
/*
9496
+
* We cannot do SMM unless we can run the guest in big
9497
+
* real mode.
9498
+
*/
9499
+
return enable_unrestricted_guest || emulate_invalid_guest_state;
9500
+
case MSR_AMD64_VIRT_SPEC_CTRL:
9501
+
/* This is AMD only. */
9502
+
return false;
9503
+
default:
9504
+
return true;
9505
+
}
9491
9506
}
9492
9507
9493
9508
static bool vmx_mpx_supported(void)
···
9731
9722
* is no need to worry about the conditional branch over the wrmsr
9732
9723
* being speculatively taken.
9733
9724
*/
9734
-
if (vmx->spec_ctrl)
9735
-
native_wrmsrl(MSR_IA32_SPEC_CTRL, vmx->spec_ctrl);
9725
+
x86_spec_ctrl_set_guest(vmx->spec_ctrl, 0);
9736
9726
9737
9727
vmx->__launched = vmx->loaded_vmcs->launched;
9738
9728
···
9879
9871
if (unlikely(!msr_write_intercepted(vcpu, MSR_IA32_SPEC_CTRL)))
9880
9872
vmx->spec_ctrl = native_read_msr(MSR_IA32_SPEC_CTRL);
9881
9873
9882
-
if (vmx->spec_ctrl)
9883
-
native_wrmsrl(MSR_IA32_SPEC_CTRL, 0);
9874
+
x86_spec_ctrl_restore_host(vmx->spec_ctrl, 0);
9884
9875
9885
9876
/* Eliminate branch target predictions from guest mode */
9886
9877
vmexit_fill_RSB();
···
12639
12632
.hardware_enable = hardware_enable,
12640
12633
.hardware_disable = hardware_disable,
12641
12634
.cpu_has_accelerated_tpr = report_flexpriority,
12642
-
.cpu_has_high_real_mode_segbase = vmx_has_high_real_mode_segbase,
12635
+
.has_emulated_msr = vmx_has_emulated_msr,
12643
12636
12644
12637
.vm_init = vmx_vm_init,
12645
12638
.vm_alloc = vmx_vm_alloc,
+12
-18
arch/x86/kvm/x86.c
+12
-18
arch/x86/kvm/x86.c
···
1061
1061
MSR_SMI_COUNT,
1062
1062
MSR_PLATFORM_INFO,
1063
1063
MSR_MISC_FEATURES_ENABLES,
1064
+
MSR_AMD64_VIRT_SPEC_CTRL,
1064
1065
};
1065
1066
1066
1067
static unsigned num_emulated_msrs;
···
2907
2906
* fringe case that is not enabled except via specific settings
2908
2907
* of the module parameters.
2909
2908
*/
2910
-
r = kvm_x86_ops->cpu_has_high_real_mode_segbase();
2909
+
r = kvm_x86_ops->has_emulated_msr(MSR_IA32_SMBASE);
2911
2910
break;
2912
2911
case KVM_CAP_VAPIC:
2913
2912
r = !kvm_x86_ops->cpu_has_accelerated_tpr();
···
4607
4606
num_msrs_to_save = j;
4608
4607
4609
4608
for (i = j = 0; i < ARRAY_SIZE(emulated_msrs); i++) {
4610
-
switch (emulated_msrs[i]) {
4611
-
case MSR_IA32_SMBASE:
4612
-
if (!kvm_x86_ops->cpu_has_high_real_mode_segbase())
4613
-
continue;
4614
-
break;
4615
-
default:
4616
-
break;
4617
-
}
4609
+
if (!kvm_x86_ops->has_emulated_msr(emulated_msrs[i]))
4610
+
continue;
4618
4611
4619
4612
if (j < i)
4620
4613
emulated_msrs[j] = emulated_msrs[i];
···
6671
6676
unsigned long nr, a0, a1, a2, a3, ret;
6672
6677
int op_64_bit;
6673
6678
6674
-
if (kvm_hv_hypercall_enabled(vcpu->kvm)) {
6675
-
if (!kvm_hv_hypercall(vcpu))
6676
-
return 0;
6677
-
goto out;
6678
-
}
6679
+
if (kvm_hv_hypercall_enabled(vcpu->kvm))
6680
+
return kvm_hv_hypercall(vcpu);
6679
6681
6680
6682
nr = kvm_register_read(vcpu, VCPU_REGS_RAX);
6681
6683
a0 = kvm_register_read(vcpu, VCPU_REGS_RBX);
···
6693
6701
6694
6702
if (kvm_x86_ops->get_cpl(vcpu) != 0) {
6695
6703
ret = -KVM_EPERM;
6696
-
goto out_error;
6704
+
goto out;
6697
6705
}
6698
6706
6699
6707
switch (nr) {
···
6713
6721
ret = -KVM_ENOSYS;
6714
6722
break;
6715
6723
}
6716
-
out_error:
6724
+
out:
6717
6725
if (!op_64_bit)
6718
6726
ret = (u32)ret;
6719
6727
kvm_register_write(vcpu, VCPU_REGS_RAX, ret);
6720
6728
6721
-
out:
6722
6729
++vcpu->stat.hypercalls;
6723
6730
return kvm_skip_emulated_instruction(vcpu);
6724
6731
}
···
7976
7985
{
7977
7986
struct msr_data apic_base_msr;
7978
7987
int mmu_reset_needed = 0;
7988
+
int cpuid_update_needed = 0;
7979
7989
int pending_vec, max_bits, idx;
7980
7990
struct desc_ptr dt;
7981
7991
int ret = -EINVAL;
···
8015
8023
vcpu->arch.cr0 = sregs->cr0;
8016
8024
8017
8025
mmu_reset_needed |= kvm_read_cr4(vcpu) != sregs->cr4;
8026
+
cpuid_update_needed |= ((kvm_read_cr4(vcpu) ^ sregs->cr4) &
8027
+
(X86_CR4_OSXSAVE | X86_CR4_PKE));
8018
8028
kvm_x86_ops->set_cr4(vcpu, sregs->cr4);
8019
-
if (sregs->cr4 & (X86_CR4_OSXSAVE | X86_CR4_PKE))
8029
+
if (cpuid_update_needed)
8020
8030
kvm_update_cpuid(vcpu);
8021
8031
8022
8032
idx = srcu_read_lock(&vcpu->kvm->srcu);
+1
drivers/ata/ahci.c
+1
drivers/ata/ahci.c
···
334
334
{ PCI_VDEVICE(INTEL, 0x9c07), board_ahci_mobile }, /* Lynx LP RAID */
335
335
{ PCI_VDEVICE(INTEL, 0x9c0e), board_ahci_mobile }, /* Lynx LP RAID */
336
336
{ PCI_VDEVICE(INTEL, 0x9c0f), board_ahci_mobile }, /* Lynx LP RAID */
337
+
{ PCI_VDEVICE(INTEL, 0x9dd3), board_ahci_mobile }, /* Cannon Lake PCH-LP AHCI */
337
338
{ PCI_VDEVICE(INTEL, 0x1f22), board_ahci }, /* Avoton AHCI */
338
339
{ PCI_VDEVICE(INTEL, 0x1f23), board_ahci }, /* Avoton AHCI */
339
340
{ PCI_VDEVICE(INTEL, 0x1f24), board_ahci }, /* Avoton RAID */
+8
-1
drivers/ata/libata-core.c
+8
-1
drivers/ata/libata-core.c
···
4493
4493
/* https://bugzilla.kernel.org/show_bug.cgi?id=15573 */
4494
4494
{ "C300-CTFDDAC128MAG", "0001", ATA_HORKAGE_NONCQ, },
4495
4495
4496
+
/* Some Sandisk SSDs lock up hard with NCQ enabled. Reported on
4497
+
SD7SN6S256G and SD8SN8U256G */
4498
+
{ "SanDisk SD[78]SN*G", NULL, ATA_HORKAGE_NONCQ, },
4499
+
4496
4500
/* devices which puke on READ_NATIVE_MAX */
4497
4501
{ "HDS724040KLSA80", "KFAOA20N", ATA_HORKAGE_BROKEN_HPA, },
4498
4502
{ "WDC WD3200JD-00KLB0", "WD-WCAMR1130137", ATA_HORKAGE_BROKEN_HPA },
···
4553
4549
ATA_HORKAGE_ZERO_AFTER_TRIM |
4554
4550
ATA_HORKAGE_NOLPM, },
4555
4551
4556
-
/* This specific Samsung model/firmware-rev does not handle LPM well */
4552
+
/* These specific Samsung models/firmware-revs do not handle LPM well */
4557
4553
{ "SAMSUNG MZMPC128HBFU-000MV", "CXM14M1Q", ATA_HORKAGE_NOLPM, },
4554
+
{ "SAMSUNG SSD PM830 mSATA *", "CXM13D1Q", ATA_HORKAGE_NOLPM, },
4558
4555
4559
4556
/* Sandisk devices which are known to not handle LPM well */
4560
4557
{ "SanDisk SD7UB3Q*G1001", NULL, ATA_HORKAGE_NOLPM, },
4561
4558
4562
4559
/* devices that don't properly handle queued TRIM commands */
4560
+
{ "Micron_M500IT_*", "MU01", ATA_HORKAGE_NO_NCQ_TRIM |
4561
+
ATA_HORKAGE_ZERO_AFTER_TRIM, },
4563
4562
{ "Micron_M500_*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
4564
4563
ATA_HORKAGE_ZERO_AFTER_TRIM, },
4565
4564
{ "Crucial_CT*M500*", NULL, ATA_HORKAGE_NO_NCQ_TRIM |
+2
-2
drivers/atm/zatm.c
+2
-2
drivers/atm/zatm.c
···
1151
1151
}
1152
1152
1153
1153
1154
-
static unsigned char eprom_try_esi(struct atm_dev *dev, unsigned short cmd,
1155
-
int offset, int swap)
1154
+
static int eprom_try_esi(struct atm_dev *dev, unsigned short cmd, int offset,
1155
+
int swap)
1156
1156
{
1157
1157
unsigned char buf[ZEPROM_SIZE];
1158
1158
struct zatm_dev *zatm_dev;
+8
drivers/base/cpu.c
+8
drivers/base/cpu.c
···
534
534
return sprintf(buf, "Not affected\n");
535
535
}
536
536
537
+
ssize_t __weak cpu_show_spec_store_bypass(struct device *dev,
538
+
struct device_attribute *attr, char *buf)
539
+
{
540
+
return sprintf(buf, "Not affected\n");
541
+
}
542
+
537
543
static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL);
538
544
static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL);
539
545
static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL);
546
+
static DEVICE_ATTR(spec_store_bypass, 0444, cpu_show_spec_store_bypass, NULL);
540
547
541
548
static struct attribute *cpu_root_vulnerabilities_attrs[] = {
542
549
&dev_attr_meltdown.attr,
543
550
&dev_attr_spectre_v1.attr,
544
551
&dev_attr_spectre_v2.attr,
552
+
&dev_attr_spec_store_bypass.attr,
545
553
NULL
546
554
};
547
555
+3
-2
drivers/base/node.c
+3
-2
drivers/base/node.c
···
490
490
return 0;
491
491
}
492
492
493
-
int link_mem_sections(int nid, unsigned long start_pfn, unsigned long nr_pages)
493
+
int link_mem_sections(int nid, unsigned long start_pfn, unsigned long nr_pages,
494
+
bool check_nid)
494
495
{
495
496
unsigned long end_pfn = start_pfn + nr_pages;
496
497
unsigned long pfn;
···
515
514
516
515
mem_blk = find_memory_block_hinted(mem_sect, mem_blk);
517
516
518
-
ret = register_mem_sect_under_node(mem_blk, nid, true);
517
+
ret = register_mem_sect_under_node(mem_blk, nid, check_nid);
519
518
if (!err)
520
519
err = ret;
521
520
+3
-4
drivers/base/power/main.c
+3
-4
drivers/base/power/main.c
···
1923
1923
1924
1924
dev->power.wakeup_path = false;
1925
1925
1926
-
if (dev->power.no_pm_callbacks) {
1927
-
ret = 1; /* Let device go direct_complete */
1926
+
if (dev->power.no_pm_callbacks)
1928
1927
goto unlock;
1929
-
}
1930
1928
1931
1929
if (dev->pm_domain)
1932
1930
callback = dev->pm_domain->ops.prepare;
···
1958
1960
*/
1959
1961
spin_lock_irq(&dev->power.lock);
1960
1962
dev->power.direct_complete = state.event == PM_EVENT_SUSPEND &&
1961
-
pm_runtime_suspended(dev) && ret > 0 &&
1963
+
((pm_runtime_suspended(dev) && ret > 0) ||
1964
+
dev->power.no_pm_callbacks) &&
1962
1965
!dev_pm_test_driver_flags(dev, DPM_FLAG_NEVER_SKIP);
1963
1966
spin_unlock_irq(&dev->power.lock);
1964
1967
return 0;
+1
-1
drivers/bcma/driver_mips.c
+1
-1
drivers/bcma/driver_mips.c
+1
drivers/block/loop.c
+1
drivers/block/loop.c
+2
-2
drivers/crypto/inside-secure/safexcel.c
+2
-2
drivers/crypto/inside-secure/safexcel.c
···
152
152
EIP197_PE_ICE_SCRATCH_CTRL_CHANGE_ACCESS;
153
153
writel(val, EIP197_PE(priv) + EIP197_PE_ICE_SCRATCH_CTRL);
154
154
155
-
memset(EIP197_PE(priv) + EIP197_PE_ICE_SCRATCH_RAM, 0,
156
-
EIP197_NUM_OF_SCRATCH_BLOCKS * sizeof(u32));
155
+
memset_io(EIP197_PE(priv) + EIP197_PE_ICE_SCRATCH_RAM, 0,
156
+
EIP197_NUM_OF_SCRATCH_BLOCKS * sizeof(u32));
157
157
158
158
eip197_write_firmware(priv, fw[FW_IFPP], EIP197_PE_ICE_FPP_CTRL,
159
159
EIP197_PE_ICE_RAM_CTRL_FPP_PROG_EN);
+4
-4
drivers/firmware/qcom_scm-32.c
+4
-4
drivers/firmware/qcom_scm-32.c
···
147
147
"smc #0 @ switch to secure world\n"
148
148
: "=r" (r0)
149
149
: "r" (r0), "r" (r1), "r" (r2)
150
-
: "r3");
150
+
: "r3", "r12");
151
151
} while (r0 == QCOM_SCM_INTERRUPTED);
152
152
153
153
return r0;
···
263
263
"smc #0 @ switch to secure world\n"
264
264
: "=r" (r0)
265
265
: "r" (r0), "r" (r1), "r" (r2)
266
-
: "r3");
266
+
: "r3", "r12");
267
267
return r0;
268
268
}
269
269
···
298
298
"smc #0 @ switch to secure world\n"
299
299
: "=r" (r0)
300
300
: "r" (r0), "r" (r1), "r" (r2), "r" (r3)
301
-
);
301
+
: "r12");
302
302
return r0;
303
303
}
304
304
···
328
328
"smc #0 @ switch to secure world\n"
329
329
: "=r" (r0), "=r" (r1)
330
330
: "r" (r0), "r" (r1)
331
-
: "r2", "r3");
331
+
: "r2", "r3", "r12");
332
332
} while (r0 == QCOM_SCM_INTERRUPTED);
333
333
334
334
version = r1;
+29
-15
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+29
-15
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
···
4555
4555
for_each_oldnew_crtc_in_state(state, crtc, old_crtc_state, new_crtc_state, i) {
4556
4556
struct amdgpu_crtc *acrtc = NULL;
4557
4557
struct amdgpu_dm_connector *aconnector = NULL;
4558
-
struct drm_connector_state *new_con_state = NULL;
4559
-
struct dm_connector_state *dm_conn_state = NULL;
4558
+
struct drm_connector_state *drm_new_conn_state = NULL, *drm_old_conn_state = NULL;
4559
+
struct dm_connector_state *dm_new_conn_state = NULL, *dm_old_conn_state = NULL;
4560
4560
struct drm_plane_state *new_plane_state = NULL;
4561
4561
4562
4562
new_stream = NULL;
···
4577
4577
/* TODO This hack should go away */
4578
4578
if (aconnector && enable) {
4579
4579
// Make sure fake sink is created in plug-in scenario
4580
-
new_con_state = drm_atomic_get_connector_state(state,
4580
+
drm_new_conn_state = drm_atomic_get_new_connector_state(state,
4581
4581
&aconnector->base);
4582
+
drm_old_conn_state = drm_atomic_get_old_connector_state(state,
4583
+
&aconnector->base);
4582
4584
4583
-
if (IS_ERR(new_con_state)) {
4584
-
ret = PTR_ERR_OR_ZERO(new_con_state);
4585
+
4586
+
if (IS_ERR(drm_new_conn_state)) {
4587
+
ret = PTR_ERR_OR_ZERO(drm_new_conn_state);
4585
4588
break;
4586
4589
}
4587
4590
4588
-
dm_conn_state = to_dm_connector_state(new_con_state);
4591
+
dm_new_conn_state = to_dm_connector_state(drm_new_conn_state);
4592
+
dm_old_conn_state = to_dm_connector_state(drm_old_conn_state);
4589
4593
4590
4594
new_stream = create_stream_for_sink(aconnector,
4591
4595
&new_crtc_state->mode,
4592
-
dm_conn_state);
4596
+
dm_new_conn_state);
4593
4597
4594
4598
/*
4595
4599
* we can have no stream on ACTION_SET if a display
···
4699
4695
* We want to do dc stream updates that do not require a
4700
4696
* full modeset below.
4701
4697
*/
4702
-
if (!enable || !aconnector || modereset_required(new_crtc_state))
4698
+
if (!(enable && aconnector && new_crtc_state->enable &&
4699
+
new_crtc_state->active))
4703
4700
continue;
4704
4701
/*
4705
4702
* Given above conditions, the dc state cannot be NULL because:
4706
-
* 1. We're attempting to enable a CRTC. Which has a...
4707
-
* 2. Valid connector attached, and
4708
-
* 3. User does not want to reset it (disable or mark inactive,
4709
-
* which can happen on a CRTC that's already disabled).
4710
-
* => It currently exists.
4703
+
* 1. We're in the process of enabling CRTCs (just been added
4704
+
* to the dc context, or already is on the context)
4705
+
* 2. Has a valid connector attached, and
4706
+
* 3. Is currently active and enabled.
4707
+
* => The dc stream state currently exists.
4711
4708
*/
4712
4709
BUG_ON(dm_new_crtc_state->stream == NULL);
4713
4710
4714
-
/* Color managment settings */
4715
-
if (dm_new_crtc_state->base.color_mgmt_changed) {
4711
+
/* Scaling or underscan settings */
4712
+
if (is_scaling_state_different(dm_old_conn_state, dm_new_conn_state))
4713
+
update_stream_scaling_settings(
4714
+
&new_crtc_state->mode, dm_new_conn_state, dm_new_crtc_state->stream);
4715
+
4716
+
/*
4717
+
* Color management settings. We also update color properties
4718
+
* when a modeset is needed, to ensure it gets reprogrammed.
4719
+
*/
4720
+
if (dm_new_crtc_state->base.color_mgmt_changed ||
4721
+
drm_atomic_crtc_needs_modeset(new_crtc_state)) {
4716
4722
ret = amdgpu_dm_set_regamma_lut(dm_new_crtc_state);
4717
4723
if (ret)
4718
4724
goto fail;
+4
-11
drivers/gpu/drm/bridge/synopsys/dw-hdmi.c
+4
-11
drivers/gpu/drm/bridge/synopsys/dw-hdmi.c
···
2077
2077
return ret;
2078
2078
}
2079
2079
2080
-
void __dw_hdmi_setup_rx_sense(struct dw_hdmi *hdmi, bool hpd, bool rx_sense)
2080
+
void dw_hdmi_setup_rx_sense(struct dw_hdmi *hdmi, bool hpd, bool rx_sense)
2081
2081
{
2082
2082
mutex_lock(&hdmi->mutex);
2083
2083
···
2102
2102
dw_hdmi_update_phy_mask(hdmi);
2103
2103
}
2104
2104
mutex_unlock(&hdmi->mutex);
2105
-
}
2106
-
2107
-
void dw_hdmi_setup_rx_sense(struct device *dev, bool hpd, bool rx_sense)
2108
-
{
2109
-
struct dw_hdmi *hdmi = dev_get_drvdata(dev);
2110
-
2111
-
__dw_hdmi_setup_rx_sense(hdmi, hpd, rx_sense);
2112
2105
}
2113
2106
EXPORT_SYMBOL_GPL(dw_hdmi_setup_rx_sense);
2114
2107
···
2138
2145
*/
2139
2146
if (intr_stat &
2140
2147
(HDMI_IH_PHY_STAT0_RX_SENSE | HDMI_IH_PHY_STAT0_HPD)) {
2141
-
__dw_hdmi_setup_rx_sense(hdmi,
2142
-
phy_stat & HDMI_PHY_HPD,
2143
-
phy_stat & HDMI_PHY_RX_SENSE);
2148
+
dw_hdmi_setup_rx_sense(hdmi,
2149
+
phy_stat & HDMI_PHY_HPD,
2150
+
phy_stat & HDMI_PHY_RX_SENSE);
2144
2151
2145
2152
if ((phy_stat & (HDMI_PHY_RX_SENSE | HDMI_PHY_HPD)) == 0)
2146
2153
cec_notifier_set_phys_addr(hdmi->cec_notifier,
+1
drivers/gpu/drm/drm_dp_helper.c
+1
drivers/gpu/drm/drm_dp_helper.c
+11
-4
drivers/gpu/drm/i915/i915_query.c
+11
-4
drivers/gpu/drm/i915/i915_query.c
···
4
4
* Copyright © 2018 Intel Corporation
5
5
*/
6
6
7
+
#include <linux/nospec.h>
8
+
7
9
#include "i915_drv.h"
8
10
#include "i915_query.h"
9
11
#include <uapi/drm/i915_drm.h>
···
102
100
103
101
for (i = 0; i < args->num_items; i++, user_item_ptr++) {
104
102
struct drm_i915_query_item item;
105
-
u64 func_idx;
103
+
unsigned long func_idx;
106
104
int ret;
107
105
108
106
if (copy_from_user(&item, user_item_ptr, sizeof(item)))
···
111
109
if (item.query_id == 0)
112
110
return -EINVAL;
113
111
112
+
if (overflows_type(item.query_id - 1, unsigned long))
113
+
return -EINVAL;
114
+
114
115
func_idx = item.query_id - 1;
115
116
116
-
if (func_idx < ARRAY_SIZE(i915_query_funcs))
117
+
ret = -EINVAL;
118
+
if (func_idx < ARRAY_SIZE(i915_query_funcs)) {
119
+
func_idx = array_index_nospec(func_idx,
120
+
ARRAY_SIZE(i915_query_funcs));
117
121
ret = i915_query_funcs[func_idx](dev_priv, &item);
118
-
else
119
-
ret = -EINVAL;
122
+
}
120
123
121
124
/* Only write the length back to userspace if they differ. */
122
125
if (ret != item.length && put_user(ret, &user_item_ptr->length))
+40
-11
drivers/gpu/drm/i915/intel_lvds.c
+40
-11
drivers/gpu/drm/i915/intel_lvds.c
···
574
574
return NOTIFY_OK;
575
575
}
576
576
577
+
static int
578
+
intel_lvds_connector_register(struct drm_connector *connector)
579
+
{
580
+
struct intel_lvds_connector *lvds = to_lvds_connector(connector);
581
+
int ret;
582
+
583
+
ret = intel_connector_register(connector);
584
+
if (ret)
585
+
return ret;
586
+
587
+
lvds->lid_notifier.notifier_call = intel_lid_notify;
588
+
if (acpi_lid_notifier_register(&lvds->lid_notifier)) {
589
+
DRM_DEBUG_KMS("lid notifier registration failed\n");
590
+
lvds->lid_notifier.notifier_call = NULL;
591
+
}
592
+
593
+
return 0;
594
+
}
595
+
596
+
static void
597
+
intel_lvds_connector_unregister(struct drm_connector *connector)
598
+
{
599
+
struct intel_lvds_connector *lvds = to_lvds_connector(connector);
600
+
601
+
if (lvds->lid_notifier.notifier_call)
602
+
acpi_lid_notifier_unregister(&lvds->lid_notifier);
603
+
604
+
intel_connector_unregister(connector);
605
+
}
606
+
577
607
/**
578
608
* intel_lvds_destroy - unregister and free LVDS structures
579
609
* @connector: connector to free
···
615
585
{
616
586
struct intel_lvds_connector *lvds_connector =
617
587
to_lvds_connector(connector);
618
-
619
-
if (lvds_connector->lid_notifier.notifier_call)
620
-
acpi_lid_notifier_unregister(&lvds_connector->lid_notifier);
621
588
622
589
if (!IS_ERR_OR_NULL(lvds_connector->base.edid))
623
590
kfree(lvds_connector->base.edid);
···
636
609
.fill_modes = drm_helper_probe_single_connector_modes,
637
610
.atomic_get_property = intel_digital_connector_atomic_get_property,
638
611
.atomic_set_property = intel_digital_connector_atomic_set_property,
639
-
.late_register = intel_connector_register,
640
-
.early_unregister = intel_connector_unregister,
612
+
.late_register = intel_lvds_connector_register,
613
+
.early_unregister = intel_lvds_connector_unregister,
641
614
.destroy = intel_lvds_destroy,
642
615
.atomic_destroy_state = drm_atomic_helper_connector_destroy_state,
643
616
.atomic_duplicate_state = intel_digital_connector_duplicate_state,
···
852
825
.matches = {
853
826
DMI_MATCH(DMI_BOARD_VENDOR, "Intel"),
854
827
DMI_EXACT_MATCH(DMI_BOARD_NAME, "D525MW"),
828
+
},
829
+
},
830
+
{
831
+
.callback = intel_no_lvds_dmi_callback,
832
+
.ident = "Radiant P845",
833
+
.matches = {
834
+
DMI_MATCH(DMI_SYS_VENDOR, "Radiant Systems Inc"),
835
+
DMI_MATCH(DMI_PRODUCT_NAME, "P845"),
855
836
},
856
837
},
857
838
···
1184
1149
lvds_encoder->is_dual_link ? "dual" : "single");
1185
1150
1186
1151
lvds_encoder->a3_power = lvds & LVDS_A3_POWER_MASK;
1187
-
1188
-
lvds_connector->lid_notifier.notifier_call = intel_lid_notify;
1189
-
if (acpi_lid_notifier_register(&lvds_connector->lid_notifier)) {
1190
-
DRM_DEBUG_KMS("lid notifier registration failed\n");
1191
-
lvds_connector->lid_notifier.notifier_call = NULL;
1192
-
}
1193
1152
1194
1153
return;
1195
1154
+1
-1
drivers/gpu/drm/meson/meson_dw_hdmi.c
+1
-1
drivers/gpu/drm/meson/meson_dw_hdmi.c
+4
-1
drivers/gpu/drm/omapdrm/dss/sdi.c
+4
-1
drivers/gpu/drm/omapdrm/dss/sdi.c
···
82
82
struct dispc_clock_info *dispc_cinfo)
83
83
{
84
84
int i;
85
-
struct sdi_clk_calc_ctx ctx = { .sdi = sdi };
85
+
struct sdi_clk_calc_ctx ctx;
86
86
87
87
/*
88
88
* DSS fclk gives us very few possibilities, so finding a good pixel
···
95
95
bool ok;
96
96
97
97
memset(&ctx, 0, sizeof(ctx));
98
+
99
+
ctx.sdi = sdi;
100
+
98
101
if (pclk > 1000 * i * i * i)
99
102
ctx.pck_min = max(pclk - 1000 * i * i * i, 0lu);
100
103
else
+3
drivers/gpu/drm/rcar-du/rcar_lvds.c
+3
drivers/gpu/drm/rcar-du/rcar_lvds.c
-5
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
-5
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
···
1278
1278
dev_priv->active_master = &dev_priv->fbdev_master;
1279
1279
ttm_lock_set_kill(&dev_priv->fbdev_master.lock, false, SIGTERM);
1280
1280
ttm_vt_unlock(&dev_priv->fbdev_master.lock);
1281
-
1282
-
vmw_fb_refresh(dev_priv);
1283
1281
}
1284
1282
1285
1283
/**
···
1481
1483
vmw_kms_resume(dev);
1482
1484
if (dev_priv->enable_fb)
1483
1485
vmw_fb_on(dev_priv);
1484
-
vmw_fb_refresh(dev_priv);
1485
1486
return -EBUSY;
1486
1487
}
1487
1488
···
1519
1522
1520
1523
if (dev_priv->enable_fb)
1521
1524
vmw_fb_on(dev_priv);
1522
-
1523
-
vmw_fb_refresh(dev_priv);
1524
1525
1525
1526
return 0;
1526
1527
}
-1
drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
-1
drivers/gpu/drm/vmwgfx/vmwgfx_drv.h
+8
-16
drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
+8
-16
drivers/gpu/drm/vmwgfx/vmwgfx_fb.c
···
866
866
spin_lock_irqsave(&par->dirty.lock, flags);
867
867
par->dirty.active = true;
868
868
spin_unlock_irqrestore(&par->dirty.lock, flags);
869
-
869
+
870
+
/*
871
+
* Need to reschedule a dirty update, because otherwise that's
872
+
* only done in dirty_mark() if the previous coalesced
873
+
* dirty region was empty.
874
+
*/
875
+
schedule_delayed_work(&par->local_work, 0);
876
+
870
877
return 0;
871
-
}
872
-
873
-
/**
874
-
* vmw_fb_refresh - Refresh fb display
875
-
*
876
-
* @vmw_priv: Pointer to device private
877
-
*
878
-
* Call into kms to show the fbdev display(s).
879
-
*/
880
-
void vmw_fb_refresh(struct vmw_private *vmw_priv)
881
-
{
882
-
if (!vmw_priv->fb_info)
883
-
return;
884
-
885
-
vmw_fb_set_par(vmw_priv->fb_info);
886
878
}
+31
-17
drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
+31
-17
drivers/gpu/drm/vmwgfx/vmwgfx_msg.c
···
329
329
struct rpc_channel channel;
330
330
char *msg, *reply = NULL;
331
331
size_t reply_len = 0;
332
-
int ret = 0;
333
-
334
332
335
333
if (!vmw_msg_enabled)
336
334
return -ENODEV;
···
342
344
return -ENOMEM;
343
345
}
344
346
345
-
if (vmw_open_channel(&channel, RPCI_PROTOCOL_NUM) ||
346
-
vmw_send_msg(&channel, msg) ||
347
-
vmw_recv_msg(&channel, (void *) &reply, &reply_len) ||
348
-
vmw_close_channel(&channel)) {
349
-
DRM_ERROR("Failed to get %s", guest_info_param);
347
+
if (vmw_open_channel(&channel, RPCI_PROTOCOL_NUM))
348
+
goto out_open;
350
349
351
-
ret = -EINVAL;
352
-
}
350
+
if (vmw_send_msg(&channel, msg) ||
351
+
vmw_recv_msg(&channel, (void *) &reply, &reply_len))
352
+
goto out_msg;
353
353
354
+
vmw_close_channel(&channel);
354
355
if (buffer && reply && reply_len > 0) {
355
356
/* Remove reply code, which are the first 2 characters of
356
357
* the reply
···
366
369
kfree(reply);
367
370
kfree(msg);
368
371
369
-
return ret;
372
+
return 0;
373
+
374
+
out_msg:
375
+
vmw_close_channel(&channel);
376
+
kfree(reply);
377
+
out_open:
378
+
*length = 0;
379
+
kfree(msg);
380
+
DRM_ERROR("Failed to get %s", guest_info_param);
381
+
382
+
return -EINVAL;
370
383
}
371
384
372
385
···
407
400
return -ENOMEM;
408
401
}
409
402
410
-
if (vmw_open_channel(&channel, RPCI_PROTOCOL_NUM) ||
411
-
vmw_send_msg(&channel, msg) ||
412
-
vmw_close_channel(&channel)) {
413
-
DRM_ERROR("Failed to send log\n");
403
+
if (vmw_open_channel(&channel, RPCI_PROTOCOL_NUM))
404
+
goto out_open;
414
405
415
-
ret = -EINVAL;
416
-
}
406
+
if (vmw_send_msg(&channel, msg))
407
+
goto out_msg;
417
408
409
+
vmw_close_channel(&channel);
418
410
kfree(msg);
419
411
420
-
return ret;
412
+
return 0;
413
+
414
+
out_msg:
415
+
vmw_close_channel(&channel);
416
+
out_open:
417
+
kfree(msg);
418
+
DRM_ERROR("Failed to send log\n");
419
+
420
+
return -EINVAL;
421
421
}
+17
-8
drivers/gpu/drm/vmwgfx/vmwgfx_msg.h
+17
-8
drivers/gpu/drm/vmwgfx/vmwgfx_msg.h
···
135
135
136
136
#else
137
137
138
-
/* In the 32-bit version of this macro, we use "m" because there is no
139
-
* more register left for bp
138
+
/*
139
+
* In the 32-bit version of this macro, we store bp in a memory location
140
+
* because we've ran out of registers.
141
+
* Now we can't reference that memory location while we've modified
142
+
* %esp or %ebp, so we first push it on the stack, just before we push
143
+
* %ebp, and then when we need it we read it from the stack where we
144
+
* just pushed it.
140
145
*/
141
146
#define VMW_PORT_HB_OUT(cmd, in_ecx, in_si, in_di, \
142
147
port_num, magic, bp, \
143
148
eax, ebx, ecx, edx, si, di) \
144
149
({ \
145
-
asm volatile ("push %%ebp;" \
146
-
"mov %12, %%ebp;" \
150
+
asm volatile ("push %12;" \
151
+
"push %%ebp;" \
152
+
"mov 0x04(%%esp), %%ebp;" \
147
153
"rep outsb;" \
148
-
"pop %%ebp;" : \
154
+
"pop %%ebp;" \
155
+
"add $0x04, %%esp;" : \
149
156
"=a"(eax), \
150
157
"=b"(ebx), \
151
158
"=c"(ecx), \
···
174
167
port_num, magic, bp, \
175
168
eax, ebx, ecx, edx, si, di) \
176
169
({ \
177
-
asm volatile ("push %%ebp;" \
178
-
"mov %12, %%ebp;" \
170
+
asm volatile ("push %12;" \
171
+
"push %%ebp;" \
172
+
"mov 0x04(%%esp), %%ebp;" \
179
173
"rep insb;" \
180
-
"pop %%ebp" : \
174
+
"pop %%ebp;" \
175
+
"add $0x04, %%esp;" : \
181
176
"=a"(eax), \
182
177
"=b"(ebx), \
183
178
"=c"(ecx), \
+3
-3
drivers/hwtracing/intel_th/msu.c
+3
-3
drivers/hwtracing/intel_th/msu.c
···
733
733
/* Reset the page to write-back before releasing */
734
734
set_memory_wb((unsigned long)win->block[i].bdesc, 1);
735
735
#endif
736
-
dma_free_coherent(msc_dev(msc), size, win->block[i].bdesc,
737
-
win->block[i].addr);
736
+
dma_free_coherent(msc_dev(msc)->parent->parent, size,
737
+
win->block[i].bdesc, win->block[i].addr);
738
738
}
739
739
kfree(win);
740
740
···
769
769
/* Reset the page to write-back before releasing */
770
770
set_memory_wb((unsigned long)win->block[i].bdesc, 1);
771
771
#endif
772
-
dma_free_coherent(msc_dev(win->msc), PAGE_SIZE,
772
+
dma_free_coherent(msc_dev(win->msc)->parent->parent, PAGE_SIZE,
773
773
win->block[i].bdesc, win->block[i].addr);
774
774
}
775
775
+4
-3
drivers/hwtracing/stm/core.c
+4
-3
drivers/hwtracing/stm/core.c
···
19
19
#include <linux/stm.h>
20
20
#include <linux/fs.h>
21
21
#include <linux/mm.h>
22
+
#include <linux/vmalloc.h>
22
23
#include "stm.h"
23
24
24
25
#include <uapi/linux/stm.h>
···
675
674
{
676
675
struct stm_device *stm = to_stm_device(dev);
677
676
678
-
kfree(stm);
677
+
vfree(stm);
679
678
}
680
679
681
680
int stm_register_device(struct device *parent, struct stm_data *stm_data,
···
692
691
return -EINVAL;
693
692
694
693
nmasters = stm_data->sw_end - stm_data->sw_start + 1;
695
-
stm = kzalloc(sizeof(*stm) + nmasters * sizeof(void *), GFP_KERNEL);
694
+
stm = vzalloc(sizeof(*stm) + nmasters * sizeof(void *));
696
695
if (!stm)
697
696
return -ENOMEM;
698
697
···
745
744
/* matches device_initialize() above */
746
745
put_device(&stm->dev);
747
746
err_free:
748
-
kfree(stm);
747
+
vfree(stm);
749
748
750
749
return err;
751
750
}
+1
-1
drivers/i2c/busses/i2c-ocores.c
+1
-1
drivers/i2c/busses/i2c-ocores.c
+1
drivers/iio/adc/Kconfig
+1
drivers/iio/adc/Kconfig
+24
-51
drivers/iio/adc/ad7793.c
+24
-51
drivers/iio/adc/ad7793.c
···
348
348
static const u16 ad7797_sample_freq_avail[16] = {0, 0, 0, 123, 62, 50, 0,
349
349
33, 0, 17, 16, 12, 10, 8, 6, 4};
350
350
351
-
static ssize_t ad7793_read_frequency(struct device *dev,
352
-
struct device_attribute *attr,
353
-
char *buf)
354
-
{
355
-
struct iio_dev *indio_dev = dev_to_iio_dev(dev);
356
-
struct ad7793_state *st = iio_priv(indio_dev);
357
-
358
-
return sprintf(buf, "%d\n",
359
-
st->chip_info->sample_freq_avail[AD7793_MODE_RATE(st->mode)]);
360
-
}
361
-
362
-
static ssize_t ad7793_write_frequency(struct device *dev,
363
-
struct device_attribute *attr,
364
-
const char *buf,
365
-
size_t len)
366
-
{
367
-
struct iio_dev *indio_dev = dev_to_iio_dev(dev);
368
-
struct ad7793_state *st = iio_priv(indio_dev);
369
-
long lval;
370
-
int i, ret;
371
-
372
-
ret = kstrtol(buf, 10, &lval);
373
-
if (ret)
374
-
return ret;
375
-
376
-
if (lval == 0)
377
-
return -EINVAL;
378
-
379
-
for (i = 0; i < 16; i++)
380
-
if (lval == st->chip_info->sample_freq_avail[i])
381
-
break;
382
-
if (i == 16)
383
-
return -EINVAL;
384
-
385
-
ret = iio_device_claim_direct_mode(indio_dev);
386
-
if (ret)
387
-
return ret;
388
-
st->mode &= ~AD7793_MODE_RATE(-1);
389
-
st->mode |= AD7793_MODE_RATE(i);
390
-
ad_sd_write_reg(&st->sd, AD7793_REG_MODE, sizeof(st->mode), st->mode);
391
-
iio_device_release_direct_mode(indio_dev);
392
-
393
-
return len;
394
-
}
395
-
396
-
static IIO_DEV_ATTR_SAMP_FREQ(S_IWUSR | S_IRUGO,
397
-
ad7793_read_frequency,
398
-
ad7793_write_frequency);
399
-
400
351
static IIO_CONST_ATTR_SAMP_FREQ_AVAIL(
401
352
"470 242 123 62 50 39 33 19 17 16 12 10 8 6 4");
402
353
···
375
424
ad7793_show_scale_available, NULL, 0);
376
425
377
426
static struct attribute *ad7793_attributes[] = {
378
-
&iio_dev_attr_sampling_frequency.dev_attr.attr,
379
427
&iio_const_attr_sampling_frequency_available.dev_attr.attr,
380
428
&iio_dev_attr_in_m_in_scale_available.dev_attr.attr,
381
429
NULL
···
385
435
};
386
436
387
437
static struct attribute *ad7797_attributes[] = {
388
-
&iio_dev_attr_sampling_frequency.dev_attr.attr,
389
438
&iio_const_attr_sampling_frequency_available_ad7797.dev_attr.attr,
390
439
NULL
391
440
};
···
454
505
*val -= offset;
455
506
}
456
507
return IIO_VAL_INT;
508
+
case IIO_CHAN_INFO_SAMP_FREQ:
509
+
*val = st->chip_info
510
+
->sample_freq_avail[AD7793_MODE_RATE(st->mode)];
511
+
return IIO_VAL_INT;
457
512
}
458
513
return -EINVAL;
459
514
}
···
494
541
ad7793_calibrate_all(st);
495
542
break;
496
543
}
544
+
break;
545
+
case IIO_CHAN_INFO_SAMP_FREQ:
546
+
if (!val) {
547
+
ret = -EINVAL;
548
+
break;
549
+
}
550
+
551
+
for (i = 0; i < 16; i++)
552
+
if (val == st->chip_info->sample_freq_avail[i])
553
+
break;
554
+
555
+
if (i == 16) {
556
+
ret = -EINVAL;
557
+
break;
558
+
}
559
+
560
+
st->mode &= ~AD7793_MODE_RATE(-1);
561
+
st->mode |= AD7793_MODE_RATE(i);
562
+
ad_sd_write_reg(&st->sd, AD7793_REG_MODE, sizeof(st->mode),
563
+
st->mode);
497
564
break;
498
565
default:
499
566
ret = -EINVAL;
+37
-4
drivers/iio/adc/at91-sama5d2_adc.c
+37
-4
drivers/iio/adc/at91-sama5d2_adc.c
···
333
333
+ AT91_SAMA5D2_DIFF_CHAN_CNT + 1),
334
334
};
335
335
336
+
static int at91_adc_chan_xlate(struct iio_dev *indio_dev, int chan)
337
+
{
338
+
int i;
339
+
340
+
for (i = 0; i < indio_dev->num_channels; i++) {
341
+
if (indio_dev->channels[i].scan_index == chan)
342
+
return i;
343
+
}
344
+
return -EINVAL;
345
+
}
346
+
347
+
static inline struct iio_chan_spec const *
348
+
at91_adc_chan_get(struct iio_dev *indio_dev, int chan)
349
+
{
350
+
int index = at91_adc_chan_xlate(indio_dev, chan);
351
+
352
+
if (index < 0)
353
+
return NULL;
354
+
return indio_dev->channels + index;
355
+
}
356
+
336
357
static int at91_adc_configure_trigger(struct iio_trigger *trig, bool state)
337
358
{
338
359
struct iio_dev *indio = iio_trigger_get_drvdata(trig);
···
371
350
at91_adc_writel(st, AT91_SAMA5D2_TRGR, status);
372
351
373
352
for_each_set_bit(bit, indio->active_scan_mask, indio->num_channels) {
374
-
struct iio_chan_spec const *chan = indio->channels + bit;
353
+
struct iio_chan_spec const *chan = at91_adc_chan_get(indio, bit);
375
354
355
+
if (!chan)
356
+
continue;
376
357
if (state) {
377
358
at91_adc_writel(st, AT91_SAMA5D2_CHER,
378
359
BIT(chan->channel));
···
471
448
472
449
for_each_set_bit(bit, indio_dev->active_scan_mask,
473
450
indio_dev->num_channels) {
474
-
struct iio_chan_spec const *chan = indio_dev->channels + bit;
451
+
struct iio_chan_spec const *chan =
452
+
at91_adc_chan_get(indio_dev, bit);
453
+
454
+
if (!chan)
455
+
continue;
475
456
476
457
st->dma_st.rx_buf_sz += chan->scan_type.storagebits / 8;
477
458
}
···
553
526
*/
554
527
for_each_set_bit(bit, indio_dev->active_scan_mask,
555
528
indio_dev->num_channels) {
556
-
struct iio_chan_spec const *chan = indio_dev->channels + bit;
529
+
struct iio_chan_spec const *chan =
530
+
at91_adc_chan_get(indio_dev, bit);
557
531
532
+
if (!chan)
533
+
continue;
558
534
if (st->dma_st.dma_chan)
559
535
at91_adc_readl(st, chan->address);
560
536
}
···
617
587
618
588
for_each_set_bit(bit, indio_dev->active_scan_mask,
619
589
indio_dev->num_channels) {
620
-
struct iio_chan_spec const *chan = indio_dev->channels + bit;
590
+
struct iio_chan_spec const *chan =
591
+
at91_adc_chan_get(indio_dev, bit);
621
592
593
+
if (!chan)
594
+
continue;
622
595
st->buffer[i] = at91_adc_readl(st, chan->address);
623
596
i++;
624
597
}
+14
-3
drivers/iio/adc/stm32-dfsdm-adc.c
+14
-3
drivers/iio/adc/stm32-dfsdm-adc.c
···
144
144
* Leave as soon as if exact resolution if reached.
145
145
* Otherwise the higher resolution below 32 bits is kept.
146
146
*/
147
+
fl->res = 0;
147
148
for (fosr = 1; fosr <= DFSDM_MAX_FL_OVERSAMPLING; fosr++) {
148
149
for (iosr = 1; iosr <= DFSDM_MAX_INT_OVERSAMPLING; iosr++) {
149
150
if (fast)
···
194
193
}
195
194
}
196
195
197
-
if (!fl->fosr)
196
+
if (!fl->res)
198
197
return -EINVAL;
199
198
200
199
return 0;
···
771
770
struct stm32_dfsdm_adc *adc = iio_priv(indio_dev);
772
771
struct stm32_dfsdm_filter *fl = &adc->dfsdm->fl_list[adc->fl_id];
773
772
struct stm32_dfsdm_channel *ch = &adc->dfsdm->ch_list[chan->channel];
774
-
unsigned int spi_freq = adc->spi_freq;
773
+
unsigned int spi_freq;
775
774
int ret = -EINVAL;
776
775
777
776
switch (mask) {
···
785
784
case IIO_CHAN_INFO_SAMP_FREQ:
786
785
if (!val)
787
786
return -EINVAL;
788
-
if (ch->src != DFSDM_CHANNEL_SPI_CLOCK_EXTERNAL)
787
+
788
+
switch (ch->src) {
789
+
case DFSDM_CHANNEL_SPI_CLOCK_INTERNAL:
789
790
spi_freq = adc->dfsdm->spi_master_freq;
791
+
break;
792
+
case DFSDM_CHANNEL_SPI_CLOCK_INTERNAL_DIV2_FALLING:
793
+
case DFSDM_CHANNEL_SPI_CLOCK_INTERNAL_DIV2_RISING:
794
+
spi_freq = adc->dfsdm->spi_master_freq / 2;
795
+
break;
796
+
default:
797
+
spi_freq = adc->spi_freq;
798
+
}
790
799
791
800
if (spi_freq % val)
792
801
dev_warn(&indio_dev->dev,
+1
-1
drivers/iio/buffer/industrialio-buffer-dma.c
+1
-1
drivers/iio/buffer/industrialio-buffer-dma.c
···
587
587
* Should be used as the set_length callback for iio_buffer_access_ops
588
588
* struct for DMA buffers.
589
589
*/
590
-
int iio_dma_buffer_set_length(struct iio_buffer *buffer, int length)
590
+
int iio_dma_buffer_set_length(struct iio_buffer *buffer, unsigned int length)
591
591
{
592
592
/* Avoid an invalid state */
593
593
if (length < 2)
+9
-2
drivers/iio/buffer/kfifo_buf.c
+9
-2
drivers/iio/buffer/kfifo_buf.c
···
22
22
#define iio_to_kfifo(r) container_of(r, struct iio_kfifo, buffer)
23
23
24
24
static inline int __iio_allocate_kfifo(struct iio_kfifo *buf,
25
-
int bytes_per_datum, int length)
25
+
size_t bytes_per_datum, unsigned int length)
26
26
{
27
27
if ((length == 0) || (bytes_per_datum == 0))
28
+
return -EINVAL;
29
+
30
+
/*
31
+
* Make sure we don't overflow an unsigned int after kfifo rounds up to
32
+
* the next power of 2.
33
+
*/
34
+
if (roundup_pow_of_two(length) > UINT_MAX / bytes_per_datum)
28
35
return -EINVAL;
29
36
30
37
return __kfifo_alloc((struct __kfifo *)&buf->kf, length,
···
74
67
return 0;
75
68
}
76
69
77
-
static int iio_set_length_kfifo(struct iio_buffer *r, int length)
70
+
static int iio_set_length_kfifo(struct iio_buffer *r, unsigned int length)
78
71
{
79
72
/* Avoid an invalid state */
80
73
if (length < 2)
+4
-4
drivers/iio/common/hid-sensors/hid-sensor-trigger.c
+4
-4
drivers/iio/common/hid-sensors/hid-sensor-trigger.c
···
178
178
#ifdef CONFIG_PM
179
179
int ret;
180
180
181
-
atomic_set(&st->user_requested_state, state);
182
-
183
181
if (atomic_add_unless(&st->runtime_pm_enable, 1, 1))
184
182
pm_runtime_enable(&st->pdev->dev);
185
183
186
-
if (state)
184
+
if (state) {
185
+
atomic_inc(&st->user_requested_state);
187
186
ret = pm_runtime_get_sync(&st->pdev->dev);
188
-
else {
187
+
} else {
188
+
atomic_dec(&st->user_requested_state);
189
189
pm_runtime_mark_last_busy(&st->pdev->dev);
190
190
pm_runtime_use_autosuspend(&st->pdev->dev);
191
191
ret = pm_runtime_put_autosuspend(&st->pdev->dev);
+1
-1
drivers/infiniband/core/cache.c
+1
-1
drivers/infiniband/core/cache.c
+1
-6
drivers/infiniband/core/umem.c
+1
-6
drivers/infiniband/core/umem.c
···
119
119
umem->length = size;
120
120
umem->address = addr;
121
121
umem->page_shift = PAGE_SHIFT;
122
-
umem->pid = get_task_pid(current, PIDTYPE_PID);
123
122
/*
124
123
* We ask for writable memory if any of the following
125
124
* access flags are set. "Local write" and "remote write"
···
131
132
IB_ACCESS_REMOTE_ATOMIC | IB_ACCESS_MW_BIND));
132
133
133
134
if (access & IB_ACCESS_ON_DEMAND) {
134
-
put_pid(umem->pid);
135
135
ret = ib_umem_odp_get(context, umem, access);
136
136
if (ret) {
137
137
kfree(umem);
···
146
148
147
149
page_list = (struct page **) __get_free_page(GFP_KERNEL);
148
150
if (!page_list) {
149
-
put_pid(umem->pid);
150
151
kfree(umem);
151
152
return ERR_PTR(-ENOMEM);
152
153
}
···
228
231
if (ret < 0) {
229
232
if (need_release)
230
233
__ib_umem_release(context->device, umem, 0);
231
-
put_pid(umem->pid);
232
234
kfree(umem);
233
235
} else
234
236
current->mm->pinned_vm = locked;
···
270
274
271
275
__ib_umem_release(umem->context->device, umem, 1);
272
276
273
-
task = get_pid_task(umem->pid, PIDTYPE_PID);
274
-
put_pid(umem->pid);
277
+
task = get_pid_task(umem->context->tgid, PIDTYPE_PID);
275
278
if (!task)
276
279
goto out;
277
280
mm = get_task_mm(task);
+54
-1
drivers/infiniband/hw/bnxt_re/main.c
+54
-1
drivers/infiniband/hw/bnxt_re/main.c
···
185
185
bnxt_re_ib_unreg(rdev, false);
186
186
}
187
187
188
+
static void bnxt_re_stop_irq(void *handle)
189
+
{
190
+
struct bnxt_re_dev *rdev = (struct bnxt_re_dev *)handle;
191
+
struct bnxt_qplib_rcfw *rcfw = &rdev->rcfw;
192
+
struct bnxt_qplib_nq *nq;
193
+
int indx;
194
+
195
+
for (indx = BNXT_RE_NQ_IDX; indx < rdev->num_msix; indx++) {
196
+
nq = &rdev->nq[indx - 1];
197
+
bnxt_qplib_nq_stop_irq(nq, false);
198
+
}
199
+
200
+
bnxt_qplib_rcfw_stop_irq(rcfw, false);
201
+
}
202
+
203
+
static void bnxt_re_start_irq(void *handle, struct bnxt_msix_entry *ent)
204
+
{
205
+
struct bnxt_re_dev *rdev = (struct bnxt_re_dev *)handle;
206
+
struct bnxt_msix_entry *msix_ent = rdev->msix_entries;
207
+
struct bnxt_qplib_rcfw *rcfw = &rdev->rcfw;
208
+
struct bnxt_qplib_nq *nq;
209
+
int indx, rc;
210
+
211
+
if (!ent) {
212
+
/* Not setting the f/w timeout bit in rcfw.
213
+
* During the driver unload the first command
214
+
* to f/w will timeout and that will set the
215
+
* timeout bit.
216
+
*/
217
+
dev_err(rdev_to_dev(rdev), "Failed to re-start IRQs\n");
218
+
return;
219
+
}
220
+
221
+
/* Vectors may change after restart, so update with new vectors
222
+
* in device sctructure.
223
+
*/
224
+
for (indx = 0; indx < rdev->num_msix; indx++)
225
+
rdev->msix_entries[indx].vector = ent[indx].vector;
226
+
227
+
bnxt_qplib_rcfw_start_irq(rcfw, msix_ent[BNXT_RE_AEQ_IDX].vector,
228
+
false);
229
+
for (indx = BNXT_RE_NQ_IDX ; indx < rdev->num_msix; indx++) {
230
+
nq = &rdev->nq[indx - 1];
231
+
rc = bnxt_qplib_nq_start_irq(nq, indx - 1,
232
+
msix_ent[indx].vector, false);
233
+
if (rc)
234
+
dev_warn(rdev_to_dev(rdev),
235
+
"Failed to reinit NQ index %d\n", indx - 1);
236
+
}
237
+
}
238
+
188
239
static struct bnxt_ulp_ops bnxt_re_ulp_ops = {
189
240
.ulp_async_notifier = NULL,
190
241
.ulp_stop = bnxt_re_stop,
191
242
.ulp_start = bnxt_re_start,
192
243
.ulp_sriov_config = bnxt_re_sriov_config,
193
-
.ulp_shutdown = bnxt_re_shutdown
244
+
.ulp_shutdown = bnxt_re_shutdown,
245
+
.ulp_irq_stop = bnxt_re_stop_irq,
246
+
.ulp_irq_restart = bnxt_re_start_irq
194
247
};
195
248
196
249
/* RoCE -> Net driver */
+61
-35
drivers/infiniband/hw/bnxt_re/qplib_fp.c
+61
-35
drivers/infiniband/hw/bnxt_re/qplib_fp.c
···
336
336
return IRQ_HANDLED;
337
337
}
338
338
339
+
void bnxt_qplib_nq_stop_irq(struct bnxt_qplib_nq *nq, bool kill)
340
+
{
341
+
tasklet_disable(&nq->worker);
342
+
/* Mask h/w interrupt */
343
+
NQ_DB(nq->bar_reg_iomem, nq->hwq.cons, nq->hwq.max_elements);
344
+
/* Sync with last running IRQ handler */
345
+
synchronize_irq(nq->vector);
346
+
if (kill)
347
+
tasklet_kill(&nq->worker);
348
+
if (nq->requested) {
349
+
irq_set_affinity_hint(nq->vector, NULL);
350
+
free_irq(nq->vector, nq);
351
+
nq->requested = false;
352
+
}
353
+
}
354
+
339
355
void bnxt_qplib_disable_nq(struct bnxt_qplib_nq *nq)
340
356
{
341
357
if (nq->cqn_wq) {
342
358
destroy_workqueue(nq->cqn_wq);
343
359
nq->cqn_wq = NULL;
344
360
}
345
-
/* Make sure the HW is stopped! */
346
-
synchronize_irq(nq->vector);
347
-
tasklet_disable(&nq->worker);
348
-
tasklet_kill(&nq->worker);
349
361
350
-
if (nq->requested) {
351
-
irq_set_affinity_hint(nq->vector, NULL);
352
-
free_irq(nq->vector, nq);
353
-
nq->requested = false;
354
-
}
362
+
/* Make sure the HW is stopped! */
363
+
bnxt_qplib_nq_stop_irq(nq, true);
364
+
355
365
if (nq->bar_reg_iomem)
356
366
iounmap(nq->bar_reg_iomem);
357
367
nq->bar_reg_iomem = NULL;
···
369
359
nq->cqn_handler = NULL;
370
360
nq->srqn_handler = NULL;
371
361
nq->vector = 0;
362
+
}
363
+
364
+
int bnxt_qplib_nq_start_irq(struct bnxt_qplib_nq *nq, int nq_indx,
365
+
int msix_vector, bool need_init)
366
+
{
367
+
int rc;
368
+
369
+
if (nq->requested)
370
+
return -EFAULT;
371
+
372
+
nq->vector = msix_vector;
373
+
if (need_init)
374
+
tasklet_init(&nq->worker, bnxt_qplib_service_nq,
375
+
(unsigned long)nq);
376
+
else
377
+
tasklet_enable(&nq->worker);
378
+
379
+
snprintf(nq->name, sizeof(nq->name), "bnxt_qplib_nq-%d", nq_indx);
380
+
rc = request_irq(nq->vector, bnxt_qplib_nq_irq, 0, nq->name, nq);
381
+
if (rc)
382
+
return rc;
383
+
384
+
cpumask_clear(&nq->mask);
385
+
cpumask_set_cpu(nq_indx, &nq->mask);
386
+
rc = irq_set_affinity_hint(nq->vector, &nq->mask);
387
+
if (rc) {
388
+
dev_warn(&nq->pdev->dev,
389
+
"QPLIB: set affinity failed; vector: %d nq_idx: %d\n",
390
+
nq->vector, nq_indx);
391
+
}
392
+
nq->requested = true;
393
+
NQ_DB_REARM(nq->bar_reg_iomem, nq->hwq.cons, nq->hwq.max_elements);
394
+
395
+
return rc;
372
396
}
373
397
374
398
int bnxt_qplib_enable_nq(struct pci_dev *pdev, struct bnxt_qplib_nq *nq,
···
416
372
resource_size_t nq_base;
417
373
int rc = -1;
418
374
419
-
nq->pdev = pdev;
420
-
nq->vector = msix_vector;
421
375
if (cqn_handler)
422
376
nq->cqn_handler = cqn_handler;
423
377
424
378
if (srqn_handler)
425
379
nq->srqn_handler = srqn_handler;
426
380
427
-
tasklet_init(&nq->worker, bnxt_qplib_service_nq, (unsigned long)nq);
428
-
429
381
/* Have a task to schedule CQ notifiers in post send case */
430
382
nq->cqn_wq = create_singlethread_workqueue("bnxt_qplib_nq");
431
383
if (!nq->cqn_wq)
432
-
goto fail;
384
+
return -ENOMEM;
433
385
434
-
nq->requested = false;
435
-
memset(nq->name, 0, 32);
436
-
sprintf(nq->name, "bnxt_qplib_nq-%d", nq_idx);
437
-
rc = request_irq(nq->vector, bnxt_qplib_nq_irq, 0, nq->name, nq);
438
-
if (rc) {
439
-
dev_err(&nq->pdev->dev,
440
-
"Failed to request IRQ for NQ: %#x", rc);
441
-
goto fail;
442
-
}
443
-
444
-
cpumask_clear(&nq->mask);
445
-
cpumask_set_cpu(nq_idx, &nq->mask);
446
-
rc = irq_set_affinity_hint(nq->vector, &nq->mask);
447
-
if (rc) {
448
-
dev_warn(&nq->pdev->dev,
449
-
"QPLIB: set affinity failed; vector: %d nq_idx: %d\n",
450
-
nq->vector, nq_idx);
451
-
}
452
-
453
-
nq->requested = true;
454
386
nq->bar_reg = NQ_CONS_PCI_BAR_REGION;
455
387
nq->bar_reg_off = bar_reg_offset;
456
388
nq_base = pci_resource_start(pdev, nq->bar_reg);
···
439
419
rc = -ENOMEM;
440
420
goto fail;
441
421
}
442
-
NQ_DB_REARM(nq->bar_reg_iomem, nq->hwq.cons, nq->hwq.max_elements);
422
+
423
+
rc = bnxt_qplib_nq_start_irq(nq, nq_idx, msix_vector, true);
424
+
if (rc) {
425
+
dev_err(&nq->pdev->dev,
426
+
"QPLIB: Failed to request irq for nq-idx %d", nq_idx);
427
+
goto fail;
428
+
}
443
429
444
430
return 0;
445
431
fail:
+3
drivers/infiniband/hw/bnxt_re/qplib_fp.h
+3
drivers/infiniband/hw/bnxt_re/qplib_fp.h
···
467
467
struct bnxt_qplib_cq *cq;
468
468
};
469
469
470
+
void bnxt_qplib_nq_stop_irq(struct bnxt_qplib_nq *nq, bool kill);
470
471
void bnxt_qplib_disable_nq(struct bnxt_qplib_nq *nq);
472
+
int bnxt_qplib_nq_start_irq(struct bnxt_qplib_nq *nq, int nq_indx,
473
+
int msix_vector, bool need_init);
471
474
int bnxt_qplib_enable_nq(struct pci_dev *pdev, struct bnxt_qplib_nq *nq,
472
475
int nq_idx, int msix_vector, int bar_reg_offset,
473
476
int (*cqn_handler)(struct bnxt_qplib_nq *nq,
+43
-18
drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
+43
-18
drivers/infiniband/hw/bnxt_re/qplib_rcfw.c
···
582
582
return -ENOMEM;
583
583
}
584
584
585
-
void bnxt_qplib_disable_rcfw_channel(struct bnxt_qplib_rcfw *rcfw)
585
+
void bnxt_qplib_rcfw_stop_irq(struct bnxt_qplib_rcfw *rcfw, bool kill)
586
586
{
587
-
unsigned long indx;
588
-
589
-
/* Make sure the HW channel is stopped! */
590
-
synchronize_irq(rcfw->vector);
591
587
tasklet_disable(&rcfw->worker);
592
-
tasklet_kill(&rcfw->worker);
588
+
/* Mask h/w interrupts */
589
+
CREQ_DB(rcfw->creq_bar_reg_iomem, rcfw->creq.cons,
590
+
rcfw->creq.max_elements);
591
+
/* Sync with last running IRQ-handler */
592
+
synchronize_irq(rcfw->vector);
593
+
if (kill)
594
+
tasklet_kill(&rcfw->worker);
593
595
594
596
if (rcfw->requested) {
595
597
free_irq(rcfw->vector, rcfw);
596
598
rcfw->requested = false;
597
599
}
600
+
}
601
+
602
+
void bnxt_qplib_disable_rcfw_channel(struct bnxt_qplib_rcfw *rcfw)
603
+
{
604
+
unsigned long indx;
605
+
606
+
bnxt_qplib_rcfw_stop_irq(rcfw, true);
607
+
598
608
if (rcfw->cmdq_bar_reg_iomem)
599
609
iounmap(rcfw->cmdq_bar_reg_iomem);
600
610
rcfw->cmdq_bar_reg_iomem = NULL;
···
622
612
623
613
rcfw->aeq_handler = NULL;
624
614
rcfw->vector = 0;
615
+
}
616
+
617
+
int bnxt_qplib_rcfw_start_irq(struct bnxt_qplib_rcfw *rcfw, int msix_vector,
618
+
bool need_init)
619
+
{
620
+
int rc;
621
+
622
+
if (rcfw->requested)
623
+
return -EFAULT;
624
+
625
+
rcfw->vector = msix_vector;
626
+
if (need_init)
627
+
tasklet_init(&rcfw->worker,
628
+
bnxt_qplib_service_creq, (unsigned long)rcfw);
629
+
else
630
+
tasklet_enable(&rcfw->worker);
631
+
rc = request_irq(rcfw->vector, bnxt_qplib_creq_irq, 0,
632
+
"bnxt_qplib_creq", rcfw);
633
+
if (rc)
634
+
return rc;
635
+
rcfw->requested = true;
636
+
CREQ_DB_REARM(rcfw->creq_bar_reg_iomem, rcfw->creq.cons,
637
+
rcfw->creq.max_elements);
638
+
639
+
return 0;
625
640
}
626
641
627
642
int bnxt_qplib_enable_rcfw_channel(struct pci_dev *pdev,
···
710
675
rcfw->creq_qp_event_processed = 0;
711
676
rcfw->creq_func_event_processed = 0;
712
677
713
-
rcfw->vector = msix_vector;
714
678
if (aeq_handler)
715
679
rcfw->aeq_handler = aeq_handler;
680
+
init_waitqueue_head(&rcfw->waitq);
716
681
717
-
tasklet_init(&rcfw->worker, bnxt_qplib_service_creq,
718
-
(unsigned long)rcfw);
719
-
720
-
rcfw->requested = false;
721
-
rc = request_irq(rcfw->vector, bnxt_qplib_creq_irq, 0,
722
-
"bnxt_qplib_creq", rcfw);
682
+
rc = bnxt_qplib_rcfw_start_irq(rcfw, msix_vector, true);
723
683
if (rc) {
724
684
dev_err(&rcfw->pdev->dev,
725
685
"QPLIB: Failed to request IRQ for CREQ rc = 0x%x", rc);
726
686
bnxt_qplib_disable_rcfw_channel(rcfw);
727
687
return rc;
728
688
}
729
-
rcfw->requested = true;
730
-
731
-
init_waitqueue_head(&rcfw->waitq);
732
-
733
-
CREQ_DB_REARM(rcfw->creq_bar_reg_iomem, 0, rcfw->creq.max_elements);
734
689
735
690
init.cmdq_pbl = cpu_to_le64(rcfw->cmdq.pbl[PBL_LVL_0].pg_map_arr[0]);
736
691
init.cmdq_size_cmdq_lvl = cpu_to_le16(
+3
drivers/infiniband/hw/bnxt_re/qplib_rcfw.h
+3
drivers/infiniband/hw/bnxt_re/qplib_rcfw.h
···
195
195
void bnxt_qplib_free_rcfw_channel(struct bnxt_qplib_rcfw *rcfw);
196
196
int bnxt_qplib_alloc_rcfw_channel(struct pci_dev *pdev,
197
197
struct bnxt_qplib_rcfw *rcfw, int qp_tbl_sz);
198
+
void bnxt_qplib_rcfw_stop_irq(struct bnxt_qplib_rcfw *rcfw, bool kill);
198
199
void bnxt_qplib_disable_rcfw_channel(struct bnxt_qplib_rcfw *rcfw);
200
+
int bnxt_qplib_rcfw_start_irq(struct bnxt_qplib_rcfw *rcfw, int msix_vector,
201
+
bool need_init);
199
202
int bnxt_qplib_enable_rcfw_channel(struct pci_dev *pdev,
200
203
struct bnxt_qplib_rcfw *rcfw,
201
204
int msix_vector,
+2
-2
drivers/infiniband/hw/cxgb4/mem.c
+2
-2
drivers/infiniband/hw/cxgb4/mem.c
···
489
489
err_dereg_mem:
490
490
dereg_mem(&rhp->rdev, mhp->attr.stag, mhp->attr.pbl_size,
491
491
mhp->attr.pbl_addr, mhp->dereg_skb, mhp->wr_waitp);
492
-
err_free_wr_wait:
493
-
c4iw_put_wr_wait(mhp->wr_waitp);
494
492
err_free_skb:
495
493
kfree_skb(mhp->dereg_skb);
494
+
err_free_wr_wait:
495
+
c4iw_put_wr_wait(mhp->wr_waitp);
496
496
err_free_mhp:
497
497
kfree(mhp);
498
498
return ERR_PTR(ret);
+4
drivers/infiniband/hw/hfi1/chip.c
+4
drivers/infiniband/hw/hfi1/chip.c
···
5944
5944
u64 status;
5945
5945
u32 sw_index;
5946
5946
int i = 0;
5947
+
unsigned long irq_flags;
5947
5948
5948
5949
sw_index = dd->hw_to_sw[hw_context];
5949
5950
if (sw_index >= dd->num_send_contexts) {
···
5954
5953
return;
5955
5954
}
5956
5955
sci = &dd->send_contexts[sw_index];
5956
+
spin_lock_irqsave(&dd->sc_lock, irq_flags);
5957
5957
sc = sci->sc;
5958
5958
if (!sc) {
5959
5959
dd_dev_err(dd, "%s: context %u(%u): no sc?\n", __func__,
5960
5960
sw_index, hw_context);
5961
+
spin_unlock_irqrestore(&dd->sc_lock, irq_flags);
5961
5962
return;
5962
5963
}
5963
5964
···
5981
5978
*/
5982
5979
if (sc->type != SC_USER)
5983
5980
queue_work(dd->pport->hfi1_wq, &sc->halt_work);
5981
+
spin_unlock_irqrestore(&dd->sc_lock, irq_flags);
5984
5982
5985
5983
/*
5986
5984
* Update the counters for the corresponding status bits.
+1
drivers/infiniband/hw/hns/hns_roce_cq.c
+1
drivers/infiniband/hw/hns/hns_roce_cq.c
+2
-1
drivers/infiniband/hw/hns/hns_roce_hw_v1.c
+2
-1
drivers/infiniband/hw/hns/hns_roce_hw_v1.c
···
722
722
free_mr->mr_free_pd = to_hr_pd(pd);
723
723
free_mr->mr_free_pd->ibpd.device = &hr_dev->ib_dev;
724
724
free_mr->mr_free_pd->ibpd.uobject = NULL;
725
+
free_mr->mr_free_pd->ibpd.__internal_mr = NULL;
725
726
atomic_set(&free_mr->mr_free_pd->ibpd.usecnt, 0);
726
727
727
728
attr.qp_access_flags = IB_ACCESS_REMOTE_WRITE;
···
1037
1036
1038
1037
do {
1039
1038
ret = hns_roce_v1_poll_cq(&mr_free_cq->ib_cq, ne, wc);
1040
-
if (ret < 0) {
1039
+
if (ret < 0 && hr_qp) {
1041
1040
dev_err(dev,
1042
1041
"(qp:0x%lx) starts, Poll cqe failed(%d) for mr 0x%x free! Remain %d cqe\n",
1043
1042
hr_qp->qpn, ret, hr_mr->key, ne);
+23
-9
drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+23
-9
drivers/infiniband/hw/hns/hns_roce_hw_v2.c
···
142
142
unsigned long flags;
143
143
unsigned int ind;
144
144
void *wqe = NULL;
145
-
u32 tmp_len = 0;
146
145
bool loopback;
146
+
u32 tmp_len;
147
147
int ret = 0;
148
148
u8 *smac;
149
149
int nreq;
···
189
189
190
190
owner_bit =
191
191
~(((qp->sq.head + nreq) >> ilog2(qp->sq.wqe_cnt)) & 0x1);
192
+
tmp_len = 0;
192
193
193
194
/* Corresponding to the QP type, wqe process separately */
194
195
if (ibqp->qp_type == IB_QPT_GSI) {
···
548
547
}
549
548
550
549
if (i < hr_qp->rq.max_gs) {
551
-
dseg[i].lkey = cpu_to_le32(HNS_ROCE_INVALID_LKEY);
552
-
dseg[i].addr = 0;
550
+
dseg->lkey = cpu_to_le32(HNS_ROCE_INVALID_LKEY);
551
+
dseg->addr = 0;
553
552
}
554
553
555
554
/* rq support inline data */
556
-
sge_list = hr_qp->rq_inl_buf.wqe_list[ind].sg_list;
557
-
hr_qp->rq_inl_buf.wqe_list[ind].sge_cnt = (u32)wr->num_sge;
558
-
for (i = 0; i < wr->num_sge; i++) {
559
-
sge_list[i].addr = (void *)(u64)wr->sg_list[i].addr;
560
-
sge_list[i].len = wr->sg_list[i].length;
555
+
if (hr_dev->caps.flags & HNS_ROCE_CAP_FLAG_RQ_INLINE) {
556
+
sge_list = hr_qp->rq_inl_buf.wqe_list[ind].sg_list;
557
+
hr_qp->rq_inl_buf.wqe_list[ind].sge_cnt =
558
+
(u32)wr->num_sge;
559
+
for (i = 0; i < wr->num_sge; i++) {
560
+
sge_list[i].addr =
561
+
(void *)(u64)wr->sg_list[i].addr;
562
+
sge_list[i].len = wr->sg_list[i].length;
563
+
}
561
564
}
562
565
563
566
hr_qp->rq.wrid[ind] = wr->wr_id;
···
618
613
dma_unmap_single(hr_dev->dev, ring->desc_dma_addr,
619
614
ring->desc_num * sizeof(struct hns_roce_cmq_desc),
620
615
DMA_BIDIRECTIONAL);
616
+
617
+
ring->desc_dma_addr = 0;
621
618
kfree(ring->desc);
622
619
}
623
620
···
1088
1081
if (ret) {
1089
1082
dev_err(hr_dev->dev, "Configure global param fail, ret = %d.\n",
1090
1083
ret);
1084
+
return ret;
1091
1085
}
1092
1086
1093
1087
/* Get pf resource owned by every pf */
···
1380
1372
1381
1373
roce_set_bit(mpt_entry->byte_12_mw_pa, V2_MPT_BYTE_12_PA_S,
1382
1374
mr->type == MR_TYPE_MR ? 0 : 1);
1375
+
roce_set_bit(mpt_entry->byte_12_mw_pa, V2_MPT_BYTE_12_INNER_PA_VLD_S,
1376
+
1);
1383
1377
mpt_entry->byte_12_mw_pa = cpu_to_le32(mpt_entry->byte_12_mw_pa);
1384
1378
1385
1379
mpt_entry->len_l = cpu_to_le32(lower_32_bits(mr->size));
···
2179
2169
struct hns_roce_v2_qp_context *context,
2180
2170
struct hns_roce_v2_qp_context *qpc_mask)
2181
2171
{
2172
+
struct hns_roce_dev *hr_dev = to_hr_dev(ibqp->device);
2182
2173
struct hns_roce_qp *hr_qp = to_hr_qp(ibqp);
2183
2174
2184
2175
/*
···
2292
2281
context->rq_db_record_addr = hr_qp->rdb.dma >> 32;
2293
2282
qpc_mask->rq_db_record_addr = 0;
2294
2283
2295
-
roce_set_bit(context->byte_76_srqn_op_en, V2_QPC_BYTE_76_RQIE_S, 1);
2284
+
roce_set_bit(context->byte_76_srqn_op_en, V2_QPC_BYTE_76_RQIE_S,
2285
+
(hr_dev->caps.flags & HNS_ROCE_CAP_FLAG_RQ_INLINE) ? 1 : 0);
2296
2286
roce_set_bit(qpc_mask->byte_76_srqn_op_en, V2_QPC_BYTE_76_RQIE_S, 0);
2297
2287
2298
2288
roce_set_field(context->byte_80_rnr_rx_cqn, V2_QPC_BYTE_80_RX_CQN_M,
···
4714
4702
/* required last entry */
4715
4703
{0, }
4716
4704
};
4705
+
4706
+
MODULE_DEVICE_TABLE(pci, hns_roce_hw_v2_pci_tbl);
4717
4707
4718
4708
static int hns_roce_hw_v2_get_cfg(struct hns_roce_dev *hr_dev,
4719
4709
struct hnae3_handle *handle)
+1
-1
drivers/infiniband/hw/hns/hns_roce_main.c
+1
-1
drivers/infiniband/hw/hns/hns_roce_main.c
···
199
199
200
200
memset(props, 0, sizeof(*props));
201
201
202
-
props->sys_image_guid = cpu_to_be32(hr_dev->sys_image_guid);
202
+
props->sys_image_guid = cpu_to_be64(hr_dev->sys_image_guid);
203
203
props->max_mr_size = (u64)(~(0ULL));
204
204
props->page_size_cap = hr_dev->caps.page_size_cap;
205
205
props->vendor_id = hr_dev->vendor_id;
+9
-1
drivers/infiniband/hw/hns/hns_roce_qp.c
+9
-1
drivers/infiniband/hw/hns/hns_roce_qp.c
···
660
660
goto err_rq_sge_list;
661
661
}
662
662
*hr_qp->rdb.db_record = 0;
663
+
hr_qp->rdb_en = 1;
663
664
}
664
665
665
666
/* Allocate QP buf */
···
956
955
}
957
956
958
957
if (cur_state == new_state && cur_state == IB_QPS_RESET) {
959
-
ret = 0;
958
+
if (hr_dev->caps.min_wqes) {
959
+
ret = -EPERM;
960
+
dev_err(dev, "cur_state=%d new_state=%d\n", cur_state,
961
+
new_state);
962
+
} else {
963
+
ret = 0;
964
+
}
965
+
960
966
goto out;
961
967
}
962
968
+1
drivers/infiniband/hw/i40iw/i40iw.h
+1
drivers/infiniband/hw/i40iw/i40iw.h
+1
-1
drivers/infiniband/hw/i40iw/i40iw_cm.c
+1
-1
drivers/infiniband/hw/i40iw/i40iw_cm.c
+2
-2
drivers/infiniband/hw/i40iw/i40iw_hw.c
+2
-2
drivers/infiniband/hw/i40iw/i40iw_hw.c
···
331
331
switch (info->ae_id) {
332
332
case I40IW_AE_LLP_FIN_RECEIVED:
333
333
if (qp->term_flags)
334
-
continue;
334
+
break;
335
335
if (atomic_inc_return(&iwqp->close_timer_started) == 1) {
336
336
iwqp->hw_tcp_state = I40IW_TCP_STATE_CLOSE_WAIT;
337
337
if ((iwqp->hw_tcp_state == I40IW_TCP_STATE_CLOSE_WAIT) &&
···
360
360
break;
361
361
case I40IW_AE_LLP_CONNECTION_RESET:
362
362
if (atomic_read(&iwqp->close_timer_started))
363
-
continue;
363
+
break;
364
364
i40iw_cm_disconn(iwqp);
365
365
break;
366
366
case I40IW_AE_QP_SUSPEND_COMPLETE:
+3
-4
drivers/infiniband/hw/i40iw/i40iw_main.c
+3
-4
drivers/infiniband/hw/i40iw/i40iw_main.c
···
687
687
struct i40iw_msix_vector *msix_vec)
688
688
{
689
689
enum i40iw_status_code status;
690
-
cpumask_t mask;
691
690
692
691
if (iwdev->msix_shared && !ceq_id) {
693
692
tasklet_init(&iwdev->dpc_tasklet, i40iw_dpc, (unsigned long)iwdev);
···
696
697
status = request_irq(msix_vec->irq, i40iw_ceq_handler, 0, "CEQ", iwceq);
697
698
}
698
699
699
-
cpumask_clear(&mask);
700
-
cpumask_set_cpu(msix_vec->cpu_affinity, &mask);
701
-
irq_set_affinity_hint(msix_vec->irq, &mask);
700
+
cpumask_clear(&msix_vec->mask);
701
+
cpumask_set_cpu(msix_vec->cpu_affinity, &msix_vec->mask);
702
+
irq_set_affinity_hint(msix_vec->irq, &msix_vec->mask);
702
703
703
704
if (status) {
704
705
i40iw_pr_err("ceq irq config fail\n");
+10
-3
drivers/infiniband/hw/i40iw/i40iw_verbs.c
+10
-3
drivers/infiniband/hw/i40iw/i40iw_verbs.c
···
394
394
395
395
list_for_each_entry(iwpbl, pbl_list, list) {
396
396
if (iwpbl->user_base == va) {
397
+
iwpbl->on_list = false;
397
398
list_del(&iwpbl->list);
398
399
return iwpbl;
399
400
}
···
615
614
return ERR_PTR(-ENOMEM);
616
615
617
616
iwqp = (struct i40iw_qp *)mem;
617
+
iwqp->allocated_buffer = mem;
618
618
qp = &iwqp->sc_qp;
619
619
qp->back_qp = (void *)iwqp;
620
620
qp->push_idx = I40IW_INVALID_PUSH_PAGE_INDEX;
···
644
642
goto error;
645
643
}
646
644
647
-
iwqp->allocated_buffer = mem;
648
645
iwqp->iwdev = iwdev;
649
646
iwqp->iwpd = iwpd;
650
647
iwqp->ibqp.qp_num = qp_num;
···
1899
1898
goto error;
1900
1899
spin_lock_irqsave(&ucontext->qp_reg_mem_list_lock, flags);
1901
1900
list_add_tail(&iwpbl->list, &ucontext->qp_reg_mem_list);
1901
+
iwpbl->on_list = true;
1902
1902
spin_unlock_irqrestore(&ucontext->qp_reg_mem_list_lock, flags);
1903
1903
break;
1904
1904
case IW_MEMREG_TYPE_CQ:
···
1910
1908
1911
1909
spin_lock_irqsave(&ucontext->cq_reg_mem_list_lock, flags);
1912
1910
list_add_tail(&iwpbl->list, &ucontext->cq_reg_mem_list);
1911
+
iwpbl->on_list = true;
1913
1912
spin_unlock_irqrestore(&ucontext->cq_reg_mem_list_lock, flags);
1914
1913
break;
1915
1914
case IW_MEMREG_TYPE_MEM:
···
2048
2045
switch (iwmr->type) {
2049
2046
case IW_MEMREG_TYPE_CQ:
2050
2047
spin_lock_irqsave(&ucontext->cq_reg_mem_list_lock, flags);
2051
-
if (!list_empty(&ucontext->cq_reg_mem_list))
2048
+
if (iwpbl->on_list) {
2049
+
iwpbl->on_list = false;
2052
2050
list_del(&iwpbl->list);
2051
+
}
2053
2052
spin_unlock_irqrestore(&ucontext->cq_reg_mem_list_lock, flags);
2054
2053
break;
2055
2054
case IW_MEMREG_TYPE_QP:
2056
2055
spin_lock_irqsave(&ucontext->qp_reg_mem_list_lock, flags);
2057
-
if (!list_empty(&ucontext->qp_reg_mem_list))
2056
+
if (iwpbl->on_list) {
2057
+
iwpbl->on_list = false;
2058
2058
list_del(&iwpbl->list);
2059
+
}
2059
2060
spin_unlock_irqrestore(&ucontext->qp_reg_mem_list_lock, flags);
2060
2061
break;
2061
2062
default:
+1
drivers/infiniband/hw/i40iw/i40iw_verbs.h
+1
drivers/infiniband/hw/i40iw/i40iw_verbs.h
+1
-1
drivers/infiniband/hw/mlx5/main.c
+1
-1
drivers/infiniband/hw/mlx5/main.c
···
2416
2416
MLX5_SET(fte_match_set_lyr_2_4, outer_v, ip_protocol, val);
2417
2417
}
2418
2418
2419
-
static void set_flow_label(void *misc_c, void *misc_v, u8 mask, u8 val,
2419
+
static void set_flow_label(void *misc_c, void *misc_v, u32 mask, u32 val,
2420
2420
bool inner)
2421
2421
{
2422
2422
if (inner) {
+11
-7
drivers/infiniband/hw/mlx5/qp.c
+11
-7
drivers/infiniband/hw/mlx5/qp.c
···
484
484
return 1;
485
485
}
486
486
487
-
static int first_med_bfreg(void)
488
-
{
489
-
return 1;
490
-
}
491
-
492
487
enum {
493
488
/* this is the first blue flame register in the array of bfregs assigned
494
489
* to a processes. Since we do not use it for blue flame but rather
···
507
512
NUM_NON_BLUE_FLAME_BFREGS;
508
513
509
514
return n >= 0 ? n : 0;
515
+
}
516
+
517
+
static int first_med_bfreg(struct mlx5_ib_dev *dev,
518
+
struct mlx5_bfreg_info *bfregi)
519
+
{
520
+
return num_med_bfreg(dev, bfregi) ? 1 : -ENOMEM;
510
521
}
511
522
512
523
static int first_hi_bfreg(struct mlx5_ib_dev *dev,
···
542
541
static int alloc_med_class_bfreg(struct mlx5_ib_dev *dev,
543
542
struct mlx5_bfreg_info *bfregi)
544
543
{
545
-
int minidx = first_med_bfreg();
544
+
int minidx = first_med_bfreg(dev, bfregi);
546
545
int i;
547
546
548
-
for (i = first_med_bfreg(); i < first_hi_bfreg(dev, bfregi); i++) {
547
+
if (minidx < 0)
548
+
return minidx;
549
+
550
+
for (i = minidx; i < first_hi_bfreg(dev, bfregi); i++) {
549
551
if (bfregi->count[i] < bfregi->count[minidx])
550
552
minidx = i;
551
553
if (!bfregi->count[minidx])
+30
-32
drivers/infiniband/hw/qedr/verbs.c
+30
-32
drivers/infiniband/hw/qedr/verbs.c
···
401
401
{
402
402
struct qedr_ucontext *ucontext = get_qedr_ucontext(context);
403
403
struct qedr_dev *dev = get_qedr_dev(context->device);
404
-
unsigned long vm_page = vma->vm_pgoff << PAGE_SHIFT;
405
-
u64 unmapped_db = dev->db_phys_addr;
404
+
unsigned long phys_addr = vma->vm_pgoff << PAGE_SHIFT;
406
405
unsigned long len = (vma->vm_end - vma->vm_start);
407
-
int rc = 0;
408
-
bool found;
406
+
unsigned long dpi_start;
407
+
408
+
dpi_start = dev->db_phys_addr + (ucontext->dpi * ucontext->dpi_size);
409
409
410
410
DP_DEBUG(dev, QEDR_MSG_INIT,
411
-
"qedr_mmap called vm_page=0x%lx vm_pgoff=0x%lx unmapped_db=0x%llx db_size=%x, len=%lx\n",
412
-
vm_page, vma->vm_pgoff, unmapped_db, dev->db_size, len);
413
-
if (vma->vm_start & (PAGE_SIZE - 1)) {
414
-
DP_ERR(dev, "Vma_start not page aligned = %ld\n",
415
-
vma->vm_start);
411
+
"mmap invoked with vm_start=0x%pK, vm_end=0x%pK,vm_pgoff=0x%pK; dpi_start=0x%pK dpi_size=0x%x\n",
412
+
(void *)vma->vm_start, (void *)vma->vm_end,
413
+
(void *)vma->vm_pgoff, (void *)dpi_start, ucontext->dpi_size);
414
+
415
+
if ((vma->vm_start & (PAGE_SIZE - 1)) || (len & (PAGE_SIZE - 1))) {
416
+
DP_ERR(dev,
417
+
"failed mmap, adrresses must be page aligned: start=0x%pK, end=0x%pK\n",
418
+
(void *)vma->vm_start, (void *)vma->vm_end);
416
419
return -EINVAL;
417
420
}
418
421
419
-
found = qedr_search_mmap(ucontext, vm_page, len);
420
-
if (!found) {
421
-
DP_ERR(dev, "Vma_pgoff not found in mapped array = %ld\n",
422
+
if (!qedr_search_mmap(ucontext, phys_addr, len)) {
423
+
DP_ERR(dev, "failed mmap, vm_pgoff=0x%lx is not authorized\n",
422
424
vma->vm_pgoff);
423
425
return -EINVAL;
424
426
}
425
427
426
-
DP_DEBUG(dev, QEDR_MSG_INIT, "Mapping doorbell bar\n");
427
-
428
-
if ((vm_page >= unmapped_db) && (vm_page <= (unmapped_db +
429
-
dev->db_size))) {
430
-
DP_DEBUG(dev, QEDR_MSG_INIT, "Mapping doorbell bar\n");
431
-
if (vma->vm_flags & VM_READ) {
432
-
DP_ERR(dev, "Trying to map doorbell bar for read\n");
433
-
return -EPERM;
434
-
}
435
-
436
-
vma->vm_page_prot = pgprot_writecombine(vma->vm_page_prot);
437
-
438
-
rc = io_remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff,
439
-
PAGE_SIZE, vma->vm_page_prot);
440
-
} else {
441
-
DP_DEBUG(dev, QEDR_MSG_INIT, "Mapping chains\n");
442
-
rc = remap_pfn_range(vma, vma->vm_start,
443
-
vma->vm_pgoff, len, vma->vm_page_prot);
428
+
if (phys_addr < dpi_start ||
429
+
((phys_addr + len) > (dpi_start + ucontext->dpi_size))) {
430
+
DP_ERR(dev,
431
+
"failed mmap, pages are outside of dpi; page address=0x%pK, dpi_start=0x%pK, dpi_size=0x%x\n",
432
+
(void *)phys_addr, (void *)dpi_start,
433
+
ucontext->dpi_size);
434
+
return -EINVAL;
444
435
}
445
-
DP_DEBUG(dev, QEDR_MSG_INIT, "qedr_mmap return code: %d\n", rc);
446
-
return rc;
436
+
437
+
if (vma->vm_flags & VM_READ) {
438
+
DP_ERR(dev, "failed mmap, cannot map doorbell bar for read\n");
439
+
return -EINVAL;
440
+
}
441
+
442
+
vma->vm_page_prot = pgprot_writecombine(vma->vm_page_prot);
443
+
return io_remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff, len,
444
+
vma->vm_page_prot);
447
445
}
448
446
449
447
struct ib_pd *qedr_alloc_pd(struct ib_device *ibdev,
+1
-9
drivers/infiniband/sw/rxe/rxe_verbs.c
+1
-9
drivers/infiniband/sw/rxe/rxe_verbs.c
···
761
761
unsigned int mask;
762
762
unsigned int length = 0;
763
763
int i;
764
-
int must_sched;
765
764
766
765
while (wr) {
767
766
mask = wr_opcode_mask(wr->opcode, qp);
···
790
791
wr = wr->next;
791
792
}
792
793
793
-
/*
794
-
* Must sched in case of GSI QP because ib_send_mad() hold irq lock,
795
-
* and the requester call ip_local_out_sk() that takes spin_lock_bh.
796
-
*/
797
-
must_sched = (qp_type(qp) == IB_QPT_GSI) ||
798
-
(queue_count(qp->sq.queue) > 1);
799
-
800
-
rxe_run_task(&qp->req.task, must_sched);
794
+
rxe_run_task(&qp->req.task, 1);
801
795
if (unlikely(qp->req.state == QP_STATE_ERROR))
802
796
rxe_run_task(&qp->comp.task, 1);
803
797
+108
-73
drivers/input/misc/xen-kbdfront.c
+108
-73
drivers/input/misc/xen-kbdfront.c
···
63
63
static void xenkbd_handle_motion_event(struct xenkbd_info *info,
64
64
struct xenkbd_motion *motion)
65
65
{
66
+
if (unlikely(!info->ptr))
67
+
return;
68
+
66
69
input_report_rel(info->ptr, REL_X, motion->rel_x);
67
70
input_report_rel(info->ptr, REL_Y, motion->rel_y);
68
71
if (motion->rel_z)
···
76
73
static void xenkbd_handle_position_event(struct xenkbd_info *info,
77
74
struct xenkbd_position *pos)
78
75
{
76
+
if (unlikely(!info->ptr))
77
+
return;
78
+
79
79
input_report_abs(info->ptr, ABS_X, pos->abs_x);
80
80
input_report_abs(info->ptr, ABS_Y, pos->abs_y);
81
81
if (pos->rel_z)
···
102
96
pr_warn("unhandled keycode 0x%x\n", key->keycode);
103
97
return;
104
98
}
99
+
100
+
if (unlikely(!dev))
101
+
return;
105
102
106
103
input_event(dev, EV_KEY, key->keycode, value);
107
104
input_sync(dev);
···
201
192
const struct xenbus_device_id *id)
202
193
{
203
194
int ret, i;
204
-
unsigned int abs, touch;
195
+
bool with_mtouch, with_kbd, with_ptr;
205
196
struct xenkbd_info *info;
206
197
struct input_dev *kbd, *ptr, *mtouch;
207
198
···
220
211
if (!info->page)
221
212
goto error_nomem;
222
213
223
-
/* Set input abs params to match backend screen res */
224
-
abs = xenbus_read_unsigned(dev->otherend,
225
-
XENKBD_FIELD_FEAT_ABS_POINTER, 0);
226
-
ptr_size[KPARAM_X] = xenbus_read_unsigned(dev->otherend,
227
-
XENKBD_FIELD_WIDTH,
228
-
ptr_size[KPARAM_X]);
229
-
ptr_size[KPARAM_Y] = xenbus_read_unsigned(dev->otherend,
230
-
XENKBD_FIELD_HEIGHT,
231
-
ptr_size[KPARAM_Y]);
232
-
if (abs) {
233
-
ret = xenbus_write(XBT_NIL, dev->nodename,
234
-
XENKBD_FIELD_REQ_ABS_POINTER, "1");
235
-
if (ret) {
236
-
pr_warn("xenkbd: can't request abs-pointer\n");
237
-
abs = 0;
238
-
}
239
-
}
214
+
/*
215
+
* The below are reverse logic, e.g. if the feature is set, then
216
+
* do not expose the corresponding virtual device.
217
+
*/
218
+
with_kbd = !xenbus_read_unsigned(dev->otherend,
219
+
XENKBD_FIELD_FEAT_DSBL_KEYBRD, 0);
240
220
241
-
touch = xenbus_read_unsigned(dev->nodename,
242
-
XENKBD_FIELD_FEAT_MTOUCH, 0);
243
-
if (touch) {
221
+
with_ptr = !xenbus_read_unsigned(dev->otherend,
222
+
XENKBD_FIELD_FEAT_DSBL_POINTER, 0);
223
+
224
+
/* Direct logic: if set, then create multi-touch device. */
225
+
with_mtouch = xenbus_read_unsigned(dev->otherend,
226
+
XENKBD_FIELD_FEAT_MTOUCH, 0);
227
+
if (with_mtouch) {
244
228
ret = xenbus_write(XBT_NIL, dev->nodename,
245
229
XENKBD_FIELD_REQ_MTOUCH, "1");
246
230
if (ret) {
247
231
pr_warn("xenkbd: can't request multi-touch");
248
-
touch = 0;
232
+
with_mtouch = 0;
249
233
}
250
234
}
251
235
252
236
/* keyboard */
253
-
kbd = input_allocate_device();
254
-
if (!kbd)
255
-
goto error_nomem;
256
-
kbd->name = "Xen Virtual Keyboard";
257
-
kbd->phys = info->phys;
258
-
kbd->id.bustype = BUS_PCI;
259
-
kbd->id.vendor = 0x5853;
260
-
kbd->id.product = 0xffff;
237
+
if (with_kbd) {
238
+
kbd = input_allocate_device();
239
+
if (!kbd)
240
+
goto error_nomem;
241
+
kbd->name = "Xen Virtual Keyboard";
242
+
kbd->phys = info->phys;
243
+
kbd->id.bustype = BUS_PCI;
244
+
kbd->id.vendor = 0x5853;
245
+
kbd->id.product = 0xffff;
261
246
262
-
__set_bit(EV_KEY, kbd->evbit);
263
-
for (i = KEY_ESC; i < KEY_UNKNOWN; i++)
264
-
__set_bit(i, kbd->keybit);
265
-
for (i = KEY_OK; i < KEY_MAX; i++)
266
-
__set_bit(i, kbd->keybit);
247
+
__set_bit(EV_KEY, kbd->evbit);
248
+
for (i = KEY_ESC; i < KEY_UNKNOWN; i++)
249
+
__set_bit(i, kbd->keybit);
250
+
for (i = KEY_OK; i < KEY_MAX; i++)
251
+
__set_bit(i, kbd->keybit);
267
252
268
-
ret = input_register_device(kbd);
269
-
if (ret) {
270
-
input_free_device(kbd);
271
-
xenbus_dev_fatal(dev, ret, "input_register_device(kbd)");
272
-
goto error;
253
+
ret = input_register_device(kbd);
254
+
if (ret) {
255
+
input_free_device(kbd);
256
+
xenbus_dev_fatal(dev, ret,
257
+
"input_register_device(kbd)");
258
+
goto error;
259
+
}
260
+
info->kbd = kbd;
273
261
}
274
-
info->kbd = kbd;
275
262
276
263
/* pointing device */
277
-
ptr = input_allocate_device();
278
-
if (!ptr)
279
-
goto error_nomem;
280
-
ptr->name = "Xen Virtual Pointer";
281
-
ptr->phys = info->phys;
282
-
ptr->id.bustype = BUS_PCI;
283
-
ptr->id.vendor = 0x5853;
284
-
ptr->id.product = 0xfffe;
264
+
if (with_ptr) {
265
+
unsigned int abs;
285
266
286
-
if (abs) {
287
-
__set_bit(EV_ABS, ptr->evbit);
288
-
input_set_abs_params(ptr, ABS_X, 0, ptr_size[KPARAM_X], 0, 0);
289
-
input_set_abs_params(ptr, ABS_Y, 0, ptr_size[KPARAM_Y], 0, 0);
290
-
} else {
291
-
input_set_capability(ptr, EV_REL, REL_X);
292
-
input_set_capability(ptr, EV_REL, REL_Y);
267
+
/* Set input abs params to match backend screen res */
268
+
abs = xenbus_read_unsigned(dev->otherend,
269
+
XENKBD_FIELD_FEAT_ABS_POINTER, 0);
270
+
ptr_size[KPARAM_X] = xenbus_read_unsigned(dev->otherend,
271
+
XENKBD_FIELD_WIDTH,
272
+
ptr_size[KPARAM_X]);
273
+
ptr_size[KPARAM_Y] = xenbus_read_unsigned(dev->otherend,
274
+
XENKBD_FIELD_HEIGHT,
275
+
ptr_size[KPARAM_Y]);
276
+
if (abs) {
277
+
ret = xenbus_write(XBT_NIL, dev->nodename,
278
+
XENKBD_FIELD_REQ_ABS_POINTER, "1");
279
+
if (ret) {
280
+
pr_warn("xenkbd: can't request abs-pointer\n");
281
+
abs = 0;
282
+
}
283
+
}
284
+
285
+
ptr = input_allocate_device();
286
+
if (!ptr)
287
+
goto error_nomem;
288
+
ptr->name = "Xen Virtual Pointer";
289
+
ptr->phys = info->phys;
290
+
ptr->id.bustype = BUS_PCI;
291
+
ptr->id.vendor = 0x5853;
292
+
ptr->id.product = 0xfffe;
293
+
294
+
if (abs) {
295
+
__set_bit(EV_ABS, ptr->evbit);
296
+
input_set_abs_params(ptr, ABS_X, 0,
297
+
ptr_size[KPARAM_X], 0, 0);
298
+
input_set_abs_params(ptr, ABS_Y, 0,
299
+
ptr_size[KPARAM_Y], 0, 0);
300
+
} else {
301
+
input_set_capability(ptr, EV_REL, REL_X);
302
+
input_set_capability(ptr, EV_REL, REL_Y);
303
+
}
304
+
input_set_capability(ptr, EV_REL, REL_WHEEL);
305
+
306
+
__set_bit(EV_KEY, ptr->evbit);
307
+
for (i = BTN_LEFT; i <= BTN_TASK; i++)
308
+
__set_bit(i, ptr->keybit);
309
+
310
+
ret = input_register_device(ptr);
311
+
if (ret) {
312
+
input_free_device(ptr);
313
+
xenbus_dev_fatal(dev, ret,
314
+
"input_register_device(ptr)");
315
+
goto error;
316
+
}
317
+
info->ptr = ptr;
293
318
}
294
-
input_set_capability(ptr, EV_REL, REL_WHEEL);
295
-
296
-
__set_bit(EV_KEY, ptr->evbit);
297
-
for (i = BTN_LEFT; i <= BTN_TASK; i++)
298
-
__set_bit(i, ptr->keybit);
299
-
300
-
ret = input_register_device(ptr);
301
-
if (ret) {
302
-
input_free_device(ptr);
303
-
xenbus_dev_fatal(dev, ret, "input_register_device(ptr)");
304
-
goto error;
305
-
}
306
-
info->ptr = ptr;
307
319
308
320
/* multi-touch device */
309
-
if (touch) {
321
+
if (with_mtouch) {
310
322
int num_cont, width, height;
311
323
312
324
mtouch = input_allocate_device();
313
325
if (!mtouch)
314
326
goto error_nomem;
315
327
316
-
num_cont = xenbus_read_unsigned(info->xbdev->nodename,
328
+
num_cont = xenbus_read_unsigned(info->xbdev->otherend,
317
329
XENKBD_FIELD_MT_NUM_CONTACTS,
318
330
1);
319
-
width = xenbus_read_unsigned(info->xbdev->nodename,
331
+
width = xenbus_read_unsigned(info->xbdev->otherend,
320
332
XENKBD_FIELD_MT_WIDTH,
321
333
XENFB_WIDTH);
322
-
height = xenbus_read_unsigned(info->xbdev->nodename,
334
+
height = xenbus_read_unsigned(info->xbdev->otherend,
323
335
XENKBD_FIELD_MT_HEIGHT,
324
336
XENFB_HEIGHT);
325
337
···
374
344
}
375
345
info->mtouch_cur_contact_id = -1;
376
346
info->mtouch = mtouch;
347
+
}
348
+
349
+
if (!(with_kbd || with_ptr || with_mtouch)) {
350
+
ret = -ENXIO;
351
+
goto error;
377
352
}
378
353
379
354
ret = xenkbd_connect_backend(dev, info);
+11
-11
drivers/input/mouse/elan_i2c_smbus.c
+11
-11
drivers/input/mouse/elan_i2c_smbus.c
···
130
130
bool max_baseline, u8 *value)
131
131
{
132
132
int error;
133
-
u8 val[3];
133
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
134
134
135
135
error = i2c_smbus_read_block_data(client,
136
136
max_baseline ?
···
149
149
bool iap, u8 *version)
150
150
{
151
151
int error;
152
-
u8 val[3];
152
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
153
153
154
154
error = i2c_smbus_read_block_data(client,
155
155
iap ? ETP_SMBUS_IAP_VERSION_CMD :
···
170
170
u8 *clickpad)
171
171
{
172
172
int error;
173
-
u8 val[3];
173
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
174
174
175
175
error = i2c_smbus_read_block_data(client,
176
176
ETP_SMBUS_SM_VERSION_CMD, val);
···
188
188
static int elan_smbus_get_product_id(struct i2c_client *client, u16 *id)
189
189
{
190
190
int error;
191
-
u8 val[3];
191
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
192
192
193
193
error = i2c_smbus_read_block_data(client,
194
194
ETP_SMBUS_UNIQUEID_CMD, val);
···
205
205
bool iap, u16 *csum)
206
206
{
207
207
int error;
208
-
u8 val[3];
208
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
209
209
210
210
error = i2c_smbus_read_block_data(client,
211
211
iap ? ETP_SMBUS_FW_CHECKSUM_CMD :
···
226
226
{
227
227
int ret;
228
228
int error;
229
-
u8 val[3];
229
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
230
230
231
231
ret = i2c_smbus_read_block_data(client, ETP_SMBUS_RANGE_CMD, val);
232
232
if (ret != 3) {
···
246
246
{
247
247
int ret;
248
248
int error;
249
-
u8 val[3];
249
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
250
250
251
251
ret = i2c_smbus_read_block_data(client, ETP_SMBUS_RESOLUTION_CMD, val);
252
252
if (ret != 3) {
···
267
267
{
268
268
int ret;
269
269
int error;
270
-
u8 val[3];
270
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
271
271
272
272
ret = i2c_smbus_read_block_data(client, ETP_SMBUS_XY_TRACENUM_CMD, val);
273
273
if (ret != 3) {
···
294
294
{
295
295
int error;
296
296
u16 constant;
297
-
u8 val[3];
297
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
298
298
299
299
error = i2c_smbus_read_block_data(client, ETP_SMBUS_IAP_CTRL_CMD, val);
300
300
if (error < 0) {
···
345
345
int len;
346
346
int error;
347
347
enum tp_mode mode;
348
-
u8 val[3];
348
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
349
349
u8 cmd[4] = {0x0F, 0x78, 0x00, 0x06};
350
350
u16 password;
351
351
···
419
419
struct device *dev = &client->dev;
420
420
int error;
421
421
u16 result;
422
-
u8 val[3];
422
+
u8 val[I2C_SMBUS_BLOCK_MAX] = {0};
423
423
424
424
/*
425
425
* Due to the limitation of smbus protocol limiting
+6
drivers/input/mouse/synaptics.c
+6
drivers/input/mouse/synaptics.c
···
172
172
"LEN0048", /* X1 Carbon 3 */
173
173
"LEN0046", /* X250 */
174
174
"LEN004a", /* W541 */
175
+
"LEN0071", /* T480 */
176
+
"LEN0072", /* X1 Carbon Gen 5 (2017) - Elan/ALPS trackpoint */
177
+
"LEN0073", /* X1 Carbon G5 (Elantech) */
178
+
"LEN0092", /* X1 Carbon 6 */
179
+
"LEN0096", /* X280 */
180
+
"LEN0097", /* X280 -> ALPS trackpoint */
175
181
"LEN200f", /* T450s */
176
182
NULL
177
183
};
+15
-7
drivers/isdn/hardware/eicon/diva.c
+15
-7
drivers/isdn/hardware/eicon/diva.c
···
388
388
** Receive and process command from user mode utility
389
389
*/
390
390
void *diva_xdi_open_adapter(void *os_handle, const void __user *src,
391
-
int length,
391
+
int length, void *mptr,
392
392
divas_xdi_copy_from_user_fn_t cp_fn)
393
393
{
394
-
diva_xdi_um_cfg_cmd_t msg;
394
+
diva_xdi_um_cfg_cmd_t *msg = (diva_xdi_um_cfg_cmd_t *)mptr;
395
395
diva_os_xdi_adapter_t *a = NULL;
396
396
diva_os_spin_lock_magic_t old_irql;
397
397
struct list_head *tmp;
···
401
401
length, sizeof(diva_xdi_um_cfg_cmd_t)))
402
402
return NULL;
403
403
}
404
-
if ((*cp_fn) (os_handle, &msg, src, sizeof(msg)) <= 0) {
404
+
if ((*cp_fn) (os_handle, msg, src, sizeof(*msg)) <= 0) {
405
405
DBG_ERR(("A: A(?) open, write error"))
406
406
return NULL;
407
407
}
408
408
diva_os_enter_spin_lock(&adapter_lock, &old_irql, "open_adapter");
409
409
list_for_each(tmp, &adapter_queue) {
410
410
a = list_entry(tmp, diva_os_xdi_adapter_t, link);
411
-
if (a->controller == (int)msg.adapter)
411
+
if (a->controller == (int)msg->adapter)
412
412
break;
413
413
a = NULL;
414
414
}
415
415
diva_os_leave_spin_lock(&adapter_lock, &old_irql, "open_adapter");
416
416
417
417
if (!a) {
418
-
DBG_ERR(("A: A(%d) open, adapter not found", msg.adapter))
418
+
DBG_ERR(("A: A(%d) open, adapter not found", msg->adapter))
419
419
}
420
420
421
421
return (a);
···
437
437
438
438
int
439
439
diva_xdi_write(void *adapter, void *os_handle, const void __user *src,
440
-
int length, divas_xdi_copy_from_user_fn_t cp_fn)
440
+
int length, void *mptr,
441
+
divas_xdi_copy_from_user_fn_t cp_fn)
441
442
{
443
+
diva_xdi_um_cfg_cmd_t *msg = (diva_xdi_um_cfg_cmd_t *)mptr;
442
444
diva_os_xdi_adapter_t *a = (diva_os_xdi_adapter_t *) adapter;
443
445
void *data;
444
446
···
461
459
return (-2);
462
460
}
463
461
464
-
length = (*cp_fn) (os_handle, data, src, length);
462
+
if (msg) {
463
+
*(diva_xdi_um_cfg_cmd_t *)data = *msg;
464
+
length = (*cp_fn) (os_handle, (char *)data + sizeof(*msg),
465
+
src + sizeof(*msg), length - sizeof(*msg));
466
+
} else {
467
+
length = (*cp_fn) (os_handle, data, src, length);
468
+
}
465
469
if (length > 0) {
466
470
if ((*(a->interface.cmd_proc))
467
471
(a, (diva_xdi_um_cfg_cmd_t *) data, length)) {
+3
-2
drivers/isdn/hardware/eicon/diva.h
+3
-2
drivers/isdn/hardware/eicon/diva.h
···
20
20
int max_length, divas_xdi_copy_to_user_fn_t cp_fn);
21
21
22
22
int diva_xdi_write(void *adapter, void *os_handle, const void __user *src,
23
-
int length, divas_xdi_copy_from_user_fn_t cp_fn);
23
+
int length, void *msg,
24
+
divas_xdi_copy_from_user_fn_t cp_fn);
24
25
25
26
void *diva_xdi_open_adapter(void *os_handle, const void __user *src,
26
-
int length,
27
+
int length, void *msg,
27
28
divas_xdi_copy_from_user_fn_t cp_fn);
28
29
29
30
void diva_xdi_close_adapter(void *adapter, void *os_handle);
+11
-7
drivers/isdn/hardware/eicon/divasmain.c
+11
-7
drivers/isdn/hardware/eicon/divasmain.c
···
591
591
static ssize_t divas_write(struct file *file, const char __user *buf,
592
592
size_t count, loff_t *ppos)
593
593
{
594
+
diva_xdi_um_cfg_cmd_t msg;
594
595
int ret = -EINVAL;
595
596
596
597
if (!file->private_data) {
597
598
file->private_data = diva_xdi_open_adapter(file, buf,
598
-
count,
599
+
count, &msg,
599
600
xdi_copy_from_user);
600
-
}
601
-
if (!file->private_data) {
602
-
return (-ENODEV);
601
+
if (!file->private_data)
602
+
return (-ENODEV);
603
+
ret = diva_xdi_write(file->private_data, file,
604
+
buf, count, &msg, xdi_copy_from_user);
605
+
} else {
606
+
ret = diva_xdi_write(file->private_data, file,
607
+
buf, count, NULL, xdi_copy_from_user);
603
608
}
604
609
605
-
ret = diva_xdi_write(file->private_data, file,
606
-
buf, count, xdi_copy_from_user);
607
610
switch (ret) {
608
611
case -1: /* Message should be removed from rx mailbox first */
609
612
ret = -EBUSY;
···
625
622
static ssize_t divas_read(struct file *file, char __user *buf,
626
623
size_t count, loff_t *ppos)
627
624
{
625
+
diva_xdi_um_cfg_cmd_t msg;
628
626
int ret = -EINVAL;
629
627
630
628
if (!file->private_data) {
631
629
file->private_data = diva_xdi_open_adapter(file, buf,
632
-
count,
630
+
count, &msg,
633
631
xdi_copy_from_user);
634
632
}
635
633
if (!file->private_data) {
+20
-4
drivers/mfd/cros_ec_spi.c
+20
-4
drivers/mfd/cros_ec_spi.c
···
419
419
/* Verify that EC can process command */
420
420
for (i = 0; i < len; i++) {
421
421
rx_byte = rx_buf[i];
422
+
/*
423
+
* Seeing the PAST_END, RX_BAD_DATA, or NOT_READY
424
+
* markers are all signs that the EC didn't fully
425
+
* receive our command. e.g., if the EC is flashing
426
+
* itself, it can't respond to any commands and instead
427
+
* clocks out EC_SPI_PAST_END from its SPI hardware
428
+
* buffer. Similar occurrences can happen if the AP is
429
+
* too slow to clock out data after asserting CS -- the
430
+
* EC will abort and fill its buffer with
431
+
* EC_SPI_RX_BAD_DATA.
432
+
*
433
+
* In all cases, these errors should be safe to retry.
434
+
* Report -EAGAIN and let the caller decide what to do
435
+
* about that.
436
+
*/
422
437
if (rx_byte == EC_SPI_PAST_END ||
423
438
rx_byte == EC_SPI_RX_BAD_DATA ||
424
439
rx_byte == EC_SPI_NOT_READY) {
425
-
ret = -EREMOTEIO;
440
+
ret = -EAGAIN;
426
441
break;
427
442
}
428
443
}
···
446
431
if (!ret)
447
432
ret = cros_ec_spi_receive_packet(ec_dev,
448
433
ec_msg->insize + sizeof(*response));
449
-
else
434
+
else if (ret != -EAGAIN)
450
435
dev_err(ec_dev->dev, "spi transfer failed: %d\n", ret);
451
436
452
437
final_ret = terminate_request(ec_dev);
···
552
537
/* Verify that EC can process command */
553
538
for (i = 0; i < len; i++) {
554
539
rx_byte = rx_buf[i];
540
+
/* See comments in cros_ec_pkt_xfer_spi() */
555
541
if (rx_byte == EC_SPI_PAST_END ||
556
542
rx_byte == EC_SPI_RX_BAD_DATA ||
557
543
rx_byte == EC_SPI_NOT_READY) {
558
-
ret = -EREMOTEIO;
544
+
ret = -EAGAIN;
559
545
break;
560
546
}
561
547
}
···
565
549
if (!ret)
566
550
ret = cros_ec_spi_receive_response(ec_dev,
567
551
ec_msg->insize + EC_MSG_TX_PROTO_BYTES);
568
-
else
552
+
else if (ret != -EAGAIN)
569
553
dev_err(ec_dev->dev, "spi transfer failed: %d\n", ret);
570
554
571
555
final_ret = terminate_request(ec_dev);
+1
-1
drivers/mmc/core/block.c
+1
-1
drivers/mmc/core/block.c
+26
-7
drivers/mmc/host/sdhci-iproc.c
+26
-7
drivers/mmc/host/sdhci-iproc.c
···
33
33
const struct sdhci_iproc_data *data;
34
34
u32 shadow_cmd;
35
35
u32 shadow_blk;
36
+
bool is_cmd_shadowed;
37
+
bool is_blk_shadowed;
36
38
};
37
39
38
40
#define REG_OFFSET_IN_BITS(reg) ((reg) << 3 & 0x18)
···
50
48
51
49
static u16 sdhci_iproc_readw(struct sdhci_host *host, int reg)
52
50
{
53
-
u32 val = sdhci_iproc_readl(host, (reg & ~3));
54
-
u16 word = val >> REG_OFFSET_IN_BITS(reg) & 0xffff;
51
+
struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
52
+
struct sdhci_iproc_host *iproc_host = sdhci_pltfm_priv(pltfm_host);
53
+
u32 val;
54
+
u16 word;
55
+
56
+
if ((reg == SDHCI_TRANSFER_MODE) && iproc_host->is_cmd_shadowed) {
57
+
/* Get the saved transfer mode */
58
+
val = iproc_host->shadow_cmd;
59
+
} else if ((reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) &&
60
+
iproc_host->is_blk_shadowed) {
61
+
/* Get the saved block info */
62
+
val = iproc_host->shadow_blk;
63
+
} else {
64
+
val = sdhci_iproc_readl(host, (reg & ~3));
65
+
}
66
+
word = val >> REG_OFFSET_IN_BITS(reg) & 0xffff;
55
67
return word;
56
68
}
57
69
···
121
105
122
106
if (reg == SDHCI_COMMAND) {
123
107
/* Write the block now as we are issuing a command */
124
-
if (iproc_host->shadow_blk != 0) {
108
+
if (iproc_host->is_blk_shadowed) {
125
109
sdhci_iproc_writel(host, iproc_host->shadow_blk,
126
110
SDHCI_BLOCK_SIZE);
127
-
iproc_host->shadow_blk = 0;
111
+
iproc_host->is_blk_shadowed = false;
128
112
}
129
113
oldval = iproc_host->shadow_cmd;
130
-
} else if (reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) {
114
+
iproc_host->is_cmd_shadowed = false;
115
+
} else if ((reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) &&
116
+
iproc_host->is_blk_shadowed) {
131
117
/* Block size and count are stored in shadow reg */
132
118
oldval = iproc_host->shadow_blk;
133
119
} else {
···
141
123
if (reg == SDHCI_TRANSFER_MODE) {
142
124
/* Save the transfer mode until the command is issued */
143
125
iproc_host->shadow_cmd = newval;
126
+
iproc_host->is_cmd_shadowed = true;
144
127
} else if (reg == SDHCI_BLOCK_SIZE || reg == SDHCI_BLOCK_COUNT) {
145
128
/* Save the block info until the command is issued */
146
129
iproc_host->shadow_blk = newval;
130
+
iproc_host->is_blk_shadowed = true;
147
131
} else {
148
132
/* Command or other regular 32-bit write */
149
133
sdhci_iproc_writel(host, newval, reg & ~3);
···
186
166
187
167
static const struct sdhci_pltfm_data sdhci_iproc_cygnus_pltfm_data = {
188
168
.quirks = SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK,
189
-
.quirks2 = SDHCI_QUIRK2_ACMD23_BROKEN,
169
+
.quirks2 = SDHCI_QUIRK2_ACMD23_BROKEN | SDHCI_QUIRK2_HOST_OFF_CARD_ON,
190
170
.ops = &sdhci_iproc_32only_ops,
191
171
};
192
172
···
226
206
.caps1 = SDHCI_DRIVER_TYPE_C |
227
207
SDHCI_DRIVER_TYPE_D |
228
208
SDHCI_SUPPORT_DDR50,
229
-
.mmc_caps = MMC_CAP_1_8V_DDR,
230
209
};
231
210
232
211
static const struct sdhci_pltfm_data sdhci_bcm2835_pltfm_data = {
+13
drivers/net/dsa/b53/b53_common.c
+13
drivers/net/dsa/b53/b53_common.c
···
1712
1712
.duplex_reg = B53_DUPLEX_STAT_FE,
1713
1713
},
1714
1714
{
1715
+
.chip_id = BCM5389_DEVICE_ID,
1716
+
.dev_name = "BCM5389",
1717
+
.vlans = 4096,
1718
+
.enabled_ports = 0x1f,
1719
+
.arl_entries = 4,
1720
+
.cpu_port = B53_CPU_PORT,
1721
+
.vta_regs = B53_VTA_REGS,
1722
+
.duplex_reg = B53_DUPLEX_STAT_GE,
1723
+
.jumbo_pm_reg = B53_JUMBO_PORT_MASK,
1724
+
.jumbo_size_reg = B53_JUMBO_MAX_SIZE,
1725
+
},
1726
+
{
1715
1727
.chip_id = BCM5395_DEVICE_ID,
1716
1728
.dev_name = "BCM5395",
1717
1729
.vlans = 4096,
···
2046
2034
else
2047
2035
dev->chip_id = BCM5365_DEVICE_ID;
2048
2036
break;
2037
+
case BCM5389_DEVICE_ID:
2049
2038
case BCM5395_DEVICE_ID:
2050
2039
case BCM5397_DEVICE_ID:
2051
2040
case BCM5398_DEVICE_ID:
+4
-1
drivers/net/dsa/b53/b53_mdio.c
+4
-1
drivers/net/dsa/b53/b53_mdio.c
···
285
285
#define B53_BRCM_OUI_1 0x0143bc00
286
286
#define B53_BRCM_OUI_2 0x03625c00
287
287
#define B53_BRCM_OUI_3 0x00406000
288
+
#define B53_BRCM_OUI_4 0x01410c00
288
289
289
290
static int b53_mdio_probe(struct mdio_device *mdiodev)
290
291
{
···
312
311
*/
313
312
if ((phy_id & 0xfffffc00) != B53_BRCM_OUI_1 &&
314
313
(phy_id & 0xfffffc00) != B53_BRCM_OUI_2 &&
315
-
(phy_id & 0xfffffc00) != B53_BRCM_OUI_3) {
314
+
(phy_id & 0xfffffc00) != B53_BRCM_OUI_3 &&
315
+
(phy_id & 0xfffffc00) != B53_BRCM_OUI_4) {
316
316
dev_err(&mdiodev->dev, "Unsupported device: 0x%08x\n", phy_id);
317
317
return -ENODEV;
318
318
}
···
362
360
{ .compatible = "brcm,bcm53125" },
363
361
{ .compatible = "brcm,bcm53128" },
364
362
{ .compatible = "brcm,bcm5365" },
363
+
{ .compatible = "brcm,bcm5389" },
365
364
{ .compatible = "brcm,bcm5395" },
366
365
{ .compatible = "brcm,bcm5397" },
367
366
{ .compatible = "brcm,bcm5398" },
+1
drivers/net/dsa/b53/b53_priv.h
+1
drivers/net/dsa/b53/b53_priv.h
+22
-14
drivers/net/dsa/bcm_sf2_cfp.c
+22
-14
drivers/net/dsa/bcm_sf2_cfp.c
···
354
354
/* Locate the first rule available */
355
355
if (fs->location == RX_CLS_LOC_ANY)
356
356
rule_index = find_first_zero_bit(priv->cfp.used,
357
-
bcm_sf2_cfp_rule_size(priv));
357
+
priv->num_cfp_rules);
358
358
else
359
359
rule_index = fs->location;
360
+
361
+
if (rule_index > bcm_sf2_cfp_rule_size(priv))
362
+
return -ENOSPC;
360
363
361
364
layout = &udf_tcpip4_layout;
362
365
/* We only use one UDF slice for now */
···
565
562
* first half because the HW search is by incrementing addresses.
566
563
*/
567
564
if (fs->location == RX_CLS_LOC_ANY)
568
-
rule_index[0] = find_first_zero_bit(priv->cfp.used,
569
-
bcm_sf2_cfp_rule_size(priv));
565
+
rule_index[1] = find_first_zero_bit(priv->cfp.used,
566
+
priv->num_cfp_rules);
570
567
else
571
-
rule_index[0] = fs->location;
568
+
rule_index[1] = fs->location;
569
+
if (rule_index[1] > bcm_sf2_cfp_rule_size(priv))
570
+
return -ENOSPC;
572
571
573
572
/* Flag it as used (cleared on error path) such that we can immediately
574
573
* obtain a second one to chain from.
575
574
*/
576
-
set_bit(rule_index[0], priv->cfp.used);
575
+
set_bit(rule_index[1], priv->cfp.used);
577
576
578
-
rule_index[1] = find_first_zero_bit(priv->cfp.used,
579
-
bcm_sf2_cfp_rule_size(priv));
580
-
if (rule_index[1] > bcm_sf2_cfp_rule_size(priv)) {
577
+
rule_index[0] = find_first_zero_bit(priv->cfp.used,
578
+
priv->num_cfp_rules);
579
+
if (rule_index[0] > bcm_sf2_cfp_rule_size(priv)) {
581
580
ret = -ENOSPC;
582
581
goto out_err;
583
582
}
···
717
712
/* Flag the second half rule as being used now, return it as the
718
713
* location, and flag it as unique while dumping rules
719
714
*/
720
-
set_bit(rule_index[1], priv->cfp.used);
715
+
set_bit(rule_index[0], priv->cfp.used);
721
716
set_bit(rule_index[1], priv->cfp.unique);
722
717
fs->location = rule_index[1];
723
718
724
719
return ret;
725
720
726
721
out_err:
727
-
clear_bit(rule_index[0], priv->cfp.used);
722
+
clear_bit(rule_index[1], priv->cfp.used);
728
723
return ret;
729
724
}
730
725
···
790
785
int ret;
791
786
u32 reg;
792
787
793
-
/* Refuse deletion of unused rules, and the default reserved rule */
794
-
if (!test_bit(loc, priv->cfp.used) || loc == 0)
795
-
return -EINVAL;
796
-
797
788
/* Indicate which rule we want to read */
798
789
bcm_sf2_cfp_rule_addr_set(priv, loc);
799
790
···
826
825
{
827
826
u32 next_loc = 0;
828
827
int ret;
828
+
829
+
/* Refuse deleting unused rules, and those that are not unique since
830
+
* that could leave IPv6 rules with one of the chained rule in the
831
+
* table.
832
+
*/
833
+
if (!test_bit(loc, priv->cfp.unique) || loc == 0)
834
+
return -EINVAL;
829
835
830
836
ret = bcm_sf2_cfp_rule_del_one(priv, port, loc, &next_loc);
831
837
if (ret)
+51
-53
drivers/net/ethernet/3com/3c59x.c
+51
-53
drivers/net/ethernet/3com/3c59x.c
···
1212
1212
vp->mii.reg_num_mask = 0x1f;
1213
1213
1214
1214
/* Makes sure rings are at least 16 byte aligned. */
1215
-
vp->rx_ring = pci_alloc_consistent(pdev, sizeof(struct boom_rx_desc) * RX_RING_SIZE
1215
+
vp->rx_ring = dma_alloc_coherent(gendev, sizeof(struct boom_rx_desc) * RX_RING_SIZE
1216
1216
+ sizeof(struct boom_tx_desc) * TX_RING_SIZE,
1217
-
&vp->rx_ring_dma);
1217
+
&vp->rx_ring_dma, GFP_KERNEL);
1218
1218
retval = -ENOMEM;
1219
1219
if (!vp->rx_ring)
1220
1220
goto free_device;
···
1476
1476
return 0;
1477
1477
1478
1478
free_ring:
1479
-
pci_free_consistent(pdev,
1480
-
sizeof(struct boom_rx_desc) * RX_RING_SIZE
1481
-
+ sizeof(struct boom_tx_desc) * TX_RING_SIZE,
1482
-
vp->rx_ring,
1483
-
vp->rx_ring_dma);
1479
+
dma_free_coherent(&pdev->dev,
1480
+
sizeof(struct boom_rx_desc) * RX_RING_SIZE +
1481
+
sizeof(struct boom_tx_desc) * TX_RING_SIZE,
1482
+
vp->rx_ring, vp->rx_ring_dma);
1484
1483
free_device:
1485
1484
free_netdev(dev);
1486
1485
pr_err(PFX "vortex_probe1 fails. Returns %d\n", retval);
···
1750
1751
break; /* Bad news! */
1751
1752
1752
1753
skb_reserve(skb, NET_IP_ALIGN); /* Align IP on 16 byte boundaries */
1753
-
dma = pci_map_single(VORTEX_PCI(vp), skb->data,
1754
-
PKT_BUF_SZ, PCI_DMA_FROMDEVICE);
1755
-
if (dma_mapping_error(&VORTEX_PCI(vp)->dev, dma))
1754
+
dma = dma_map_single(vp->gendev, skb->data,
1755
+
PKT_BUF_SZ, DMA_FROM_DEVICE);
1756
+
if (dma_mapping_error(vp->gendev, dma))
1756
1757
break;
1757
1758
vp->rx_ring[i].addr = cpu_to_le32(dma);
1758
1759
}
···
2066
2067
if (vp->bus_master) {
2067
2068
/* Set the bus-master controller to transfer the packet. */
2068
2069
int len = (skb->len + 3) & ~3;
2069
-
vp->tx_skb_dma = pci_map_single(VORTEX_PCI(vp), skb->data, len,
2070
-
PCI_DMA_TODEVICE);
2071
-
if (dma_mapping_error(&VORTEX_PCI(vp)->dev, vp->tx_skb_dma)) {
2070
+
vp->tx_skb_dma = dma_map_single(vp->gendev, skb->data, len,
2071
+
DMA_TO_DEVICE);
2072
+
if (dma_mapping_error(vp->gendev, vp->tx_skb_dma)) {
2072
2073
dev_kfree_skb_any(skb);
2073
2074
dev->stats.tx_dropped++;
2074
2075
return NETDEV_TX_OK;
···
2167
2168
vp->tx_ring[entry].status = cpu_to_le32(skb->len | TxIntrUploaded | AddTCPChksum | AddUDPChksum);
2168
2169
2169
2170
if (!skb_shinfo(skb)->nr_frags) {
2170
-
dma_addr = pci_map_single(VORTEX_PCI(vp), skb->data, skb->len,
2171
-
PCI_DMA_TODEVICE);
2172
-
if (dma_mapping_error(&VORTEX_PCI(vp)->dev, dma_addr))
2171
+
dma_addr = dma_map_single(vp->gendev, skb->data, skb->len,
2172
+
DMA_TO_DEVICE);
2173
+
if (dma_mapping_error(vp->gendev, dma_addr))
2173
2174
goto out_dma_err;
2174
2175
2175
2176
vp->tx_ring[entry].frag[0].addr = cpu_to_le32(dma_addr);
···
2177
2178
} else {
2178
2179
int i;
2179
2180
2180
-
dma_addr = pci_map_single(VORTEX_PCI(vp), skb->data,
2181
-
skb_headlen(skb), PCI_DMA_TODEVICE);
2182
-
if (dma_mapping_error(&VORTEX_PCI(vp)->dev, dma_addr))
2181
+
dma_addr = dma_map_single(vp->gendev, skb->data,
2182
+
skb_headlen(skb), DMA_TO_DEVICE);
2183
+
if (dma_mapping_error(vp->gendev, dma_addr))
2183
2184
goto out_dma_err;
2184
2185
2185
2186
vp->tx_ring[entry].frag[0].addr = cpu_to_le32(dma_addr);
···
2188
2189
for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
2189
2190
skb_frag_t *frag = &skb_shinfo(skb)->frags[i];
2190
2191
2191
-
dma_addr = skb_frag_dma_map(&VORTEX_PCI(vp)->dev, frag,
2192
+
dma_addr = skb_frag_dma_map(vp->gendev, frag,
2192
2193
0,
2193
2194
frag->size,
2194
2195
DMA_TO_DEVICE);
2195
-
if (dma_mapping_error(&VORTEX_PCI(vp)->dev, dma_addr)) {
2196
+
if (dma_mapping_error(vp->gendev, dma_addr)) {
2196
2197
for(i = i-1; i >= 0; i--)
2197
-
dma_unmap_page(&VORTEX_PCI(vp)->dev,
2198
+
dma_unmap_page(vp->gendev,
2198
2199
le32_to_cpu(vp->tx_ring[entry].frag[i+1].addr),
2199
2200
le32_to_cpu(vp->tx_ring[entry].frag[i+1].length),
2200
2201
DMA_TO_DEVICE);
2201
2202
2202
-
pci_unmap_single(VORTEX_PCI(vp),
2203
+
dma_unmap_single(vp->gendev,
2203
2204
le32_to_cpu(vp->tx_ring[entry].frag[0].addr),
2204
2205
le32_to_cpu(vp->tx_ring[entry].frag[0].length),
2205
-
PCI_DMA_TODEVICE);
2206
+
DMA_TO_DEVICE);
2206
2207
2207
2208
goto out_dma_err;
2208
2209
}
···
2217
2218
}
2218
2219
}
2219
2220
#else
2220
-
dma_addr = pci_map_single(VORTEX_PCI(vp), skb->data, skb->len, PCI_DMA_TODEVICE);
2221
-
if (dma_mapping_error(&VORTEX_PCI(vp)->dev, dma_addr))
2221
+
dma_addr = dma_map_single(vp->gendev, skb->data, skb->len, DMA_TO_DEVICE);
2222
+
if (dma_mapping_error(vp->gendev, dma_addr))
2222
2223
goto out_dma_err;
2223
2224
vp->tx_ring[entry].addr = cpu_to_le32(dma_addr);
2224
2225
vp->tx_ring[entry].length = cpu_to_le32(skb->len | LAST_FRAG);
···
2253
2254
out:
2254
2255
return NETDEV_TX_OK;
2255
2256
out_dma_err:
2256
-
dev_err(&VORTEX_PCI(vp)->dev, "Error mapping dma buffer\n");
2257
+
dev_err(vp->gendev, "Error mapping dma buffer\n");
2257
2258
goto out;
2258
2259
}
2259
2260
···
2321
2322
if (status & DMADone) {
2322
2323
if (ioread16(ioaddr + Wn7_MasterStatus) & 0x1000) {
2323
2324
iowrite16(0x1000, ioaddr + Wn7_MasterStatus); /* Ack the event. */
2324
-
pci_unmap_single(VORTEX_PCI(vp), vp->tx_skb_dma, (vp->tx_skb->len + 3) & ~3, PCI_DMA_TODEVICE);
2325
+
dma_unmap_single(vp->gendev, vp->tx_skb_dma, (vp->tx_skb->len + 3) & ~3, DMA_TO_DEVICE);
2325
2326
pkts_compl++;
2326
2327
bytes_compl += vp->tx_skb->len;
2327
2328
dev_kfree_skb_irq(vp->tx_skb); /* Release the transferred buffer */
···
2458
2459
struct sk_buff *skb = vp->tx_skbuff[entry];
2459
2460
#if DO_ZEROCOPY
2460
2461
int i;
2461
-
pci_unmap_single(VORTEX_PCI(vp),
2462
+
dma_unmap_single(vp->gendev,
2462
2463
le32_to_cpu(vp->tx_ring[entry].frag[0].addr),
2463
2464
le32_to_cpu(vp->tx_ring[entry].frag[0].length)&0xFFF,
2464
-
PCI_DMA_TODEVICE);
2465
+
DMA_TO_DEVICE);
2465
2466
2466
2467
for (i=1; i<=skb_shinfo(skb)->nr_frags; i++)
2467
-
pci_unmap_page(VORTEX_PCI(vp),
2468
+
dma_unmap_page(vp->gendev,
2468
2469
le32_to_cpu(vp->tx_ring[entry].frag[i].addr),
2469
2470
le32_to_cpu(vp->tx_ring[entry].frag[i].length)&0xFFF,
2470
-
PCI_DMA_TODEVICE);
2471
+
DMA_TO_DEVICE);
2471
2472
#else
2472
-
pci_unmap_single(VORTEX_PCI(vp),
2473
-
le32_to_cpu(vp->tx_ring[entry].addr), skb->len, PCI_DMA_TODEVICE);
2473
+
dma_unmap_single(vp->gendev,
2474
+
le32_to_cpu(vp->tx_ring[entry].addr), skb->len, DMA_TO_DEVICE);
2474
2475
#endif
2475
2476
pkts_compl++;
2476
2477
bytes_compl += skb->len;
···
2560
2561
/* 'skb_put()' points to the start of sk_buff data area. */
2561
2562
if (vp->bus_master &&
2562
2563
! (ioread16(ioaddr + Wn7_MasterStatus) & 0x8000)) {
2563
-
dma_addr_t dma = pci_map_single(VORTEX_PCI(vp), skb_put(skb, pkt_len),
2564
-
pkt_len, PCI_DMA_FROMDEVICE);
2564
+
dma_addr_t dma = dma_map_single(vp->gendev, skb_put(skb, pkt_len),
2565
+
pkt_len, DMA_FROM_DEVICE);
2565
2566
iowrite32(dma, ioaddr + Wn7_MasterAddr);
2566
2567
iowrite16((skb->len + 3) & ~3, ioaddr + Wn7_MasterLen);
2567
2568
iowrite16(StartDMAUp, ioaddr + EL3_CMD);
2568
2569
while (ioread16(ioaddr + Wn7_MasterStatus) & 0x8000)
2569
2570
;
2570
-
pci_unmap_single(VORTEX_PCI(vp), dma, pkt_len, PCI_DMA_FROMDEVICE);
2571
+
dma_unmap_single(vp->gendev, dma, pkt_len, DMA_FROM_DEVICE);
2571
2572
} else {
2572
2573
ioread32_rep(ioaddr + RX_FIFO,
2573
2574
skb_put(skb, pkt_len),
···
2634
2635
if (pkt_len < rx_copybreak &&
2635
2636
(skb = netdev_alloc_skb(dev, pkt_len + 2)) != NULL) {
2636
2637
skb_reserve(skb, 2); /* Align IP on 16 byte boundaries */
2637
-
pci_dma_sync_single_for_cpu(VORTEX_PCI(vp), dma, PKT_BUF_SZ, PCI_DMA_FROMDEVICE);
2638
+
dma_sync_single_for_cpu(vp->gendev, dma, PKT_BUF_SZ, DMA_FROM_DEVICE);
2638
2639
/* 'skb_put()' points to the start of sk_buff data area. */
2639
2640
skb_put_data(skb, vp->rx_skbuff[entry]->data,
2640
2641
pkt_len);
2641
-
pci_dma_sync_single_for_device(VORTEX_PCI(vp), dma, PKT_BUF_SZ, PCI_DMA_FROMDEVICE);
2642
+
dma_sync_single_for_device(vp->gendev, dma, PKT_BUF_SZ, DMA_FROM_DEVICE);
2642
2643
vp->rx_copy++;
2643
2644
} else {
2644
2645
/* Pre-allocate the replacement skb. If it or its
···
2650
2651
dev->stats.rx_dropped++;
2651
2652
goto clear_complete;
2652
2653
}
2653
-
newdma = pci_map_single(VORTEX_PCI(vp), newskb->data,
2654
-
PKT_BUF_SZ, PCI_DMA_FROMDEVICE);
2655
-
if (dma_mapping_error(&VORTEX_PCI(vp)->dev, newdma)) {
2654
+
newdma = dma_map_single(vp->gendev, newskb->data,
2655
+
PKT_BUF_SZ, DMA_FROM_DEVICE);
2656
+
if (dma_mapping_error(vp->gendev, newdma)) {
2656
2657
dev->stats.rx_dropped++;
2657
2658
consume_skb(newskb);
2658
2659
goto clear_complete;
···
2663
2664
vp->rx_skbuff[entry] = newskb;
2664
2665
vp->rx_ring[entry].addr = cpu_to_le32(newdma);
2665
2666
skb_put(skb, pkt_len);
2666
-
pci_unmap_single(VORTEX_PCI(vp), dma, PKT_BUF_SZ, PCI_DMA_FROMDEVICE);
2667
+
dma_unmap_single(vp->gendev, dma, PKT_BUF_SZ, DMA_FROM_DEVICE);
2667
2668
vp->rx_nocopy++;
2668
2669
}
2669
2670
skb->protocol = eth_type_trans(skb, dev);
···
2760
2761
if (vp->full_bus_master_rx) { /* Free Boomerang bus master Rx buffers. */
2761
2762
for (i = 0; i < RX_RING_SIZE; i++)
2762
2763
if (vp->rx_skbuff[i]) {
2763
-
pci_unmap_single( VORTEX_PCI(vp), le32_to_cpu(vp->rx_ring[i].addr),
2764
-
PKT_BUF_SZ, PCI_DMA_FROMDEVICE);
2764
+
dma_unmap_single(vp->gendev, le32_to_cpu(vp->rx_ring[i].addr),
2765
+
PKT_BUF_SZ, DMA_FROM_DEVICE);
2765
2766
dev_kfree_skb(vp->rx_skbuff[i]);
2766
2767
vp->rx_skbuff[i] = NULL;
2767
2768
}
···
2774
2775
int k;
2775
2776
2776
2777
for (k=0; k<=skb_shinfo(skb)->nr_frags; k++)
2777
-
pci_unmap_single(VORTEX_PCI(vp),
2778
+
dma_unmap_single(vp->gendev,
2778
2779
le32_to_cpu(vp->tx_ring[i].frag[k].addr),
2779
2780
le32_to_cpu(vp->tx_ring[i].frag[k].length)&0xFFF,
2780
-
PCI_DMA_TODEVICE);
2781
+
DMA_TO_DEVICE);
2781
2782
#else
2782
-
pci_unmap_single(VORTEX_PCI(vp), le32_to_cpu(vp->tx_ring[i].addr), skb->len, PCI_DMA_TODEVICE);
2783
+
dma_unmap_single(vp->gendev, le32_to_cpu(vp->tx_ring[i].addr), skb->len, DMA_TO_DEVICE);
2783
2784
#endif
2784
2785
dev_kfree_skb(skb);
2785
2786
vp->tx_skbuff[i] = NULL;
···
3287
3288
3288
3289
pci_iounmap(pdev, vp->ioaddr);
3289
3290
3290
-
pci_free_consistent(pdev,
3291
-
sizeof(struct boom_rx_desc) * RX_RING_SIZE
3292
-
+ sizeof(struct boom_tx_desc) * TX_RING_SIZE,
3293
-
vp->rx_ring,
3294
-
vp->rx_ring_dma);
3291
+
dma_free_coherent(&pdev->dev,
3292
+
sizeof(struct boom_rx_desc) * RX_RING_SIZE +
3293
+
sizeof(struct boom_tx_desc) * TX_RING_SIZE,
3294
+
vp->rx_ring, vp->rx_ring_dma);
3295
3295
3296
3296
pci_release_regions(pdev);
3297
3297
+3
-1
drivers/net/ethernet/8390/ne.c
+3
-1
drivers/net/ethernet/8390/ne.c
···
164
164
#define NESM_START_PG 0x40 /* First page of TX buffer */
165
165
#define NESM_STOP_PG 0x80 /* Last page +1 of RX ring */
166
166
167
-
#if defined(CONFIG_ATARI) /* 8-bit mode on Atari, normal on Q40 */
167
+
#if defined(CONFIG_MACH_TX49XX)
168
+
# define DCR_VAL 0x48 /* 8-bit mode */
169
+
#elif defined(CONFIG_ATARI) /* 8-bit mode on Atari, normal on Q40 */
168
170
# define DCR_VAL (MACH_IS_ATARI ? 0x48 : 0x49)
169
171
#else
170
172
# define DCR_VAL 0x49
+7
-3
drivers/net/ethernet/amd/pcnet32.c
+7
-3
drivers/net/ethernet/amd/pcnet32.c
···
1552
1552
if (!ioaddr) {
1553
1553
if (pcnet32_debug & NETIF_MSG_PROBE)
1554
1554
pr_err("card has no PCI IO resources, aborting\n");
1555
-
return -ENODEV;
1555
+
err = -ENODEV;
1556
+
goto err_disable_dev;
1556
1557
}
1557
1558
1558
1559
err = pci_set_dma_mask(pdev, PCNET32_DMA_MASK);
1559
1560
if (err) {
1560
1561
if (pcnet32_debug & NETIF_MSG_PROBE)
1561
1562
pr_err("architecture does not support 32bit PCI busmaster DMA\n");
1562
-
return err;
1563
+
goto err_disable_dev;
1563
1564
}
1564
1565
if (!request_region(ioaddr, PCNET32_TOTAL_SIZE, "pcnet32_probe_pci")) {
1565
1566
if (pcnet32_debug & NETIF_MSG_PROBE)
1566
1567
pr_err("io address range already allocated\n");
1567
-
return -EBUSY;
1568
+
err = -EBUSY;
1569
+
goto err_disable_dev;
1568
1570
}
1569
1571
1570
1572
err = pcnet32_probe1(ioaddr, 1, pdev);
1573
+
1574
+
err_disable_dev:
1571
1575
if (err < 0)
1572
1576
pci_disable_device(pdev);
1573
1577
+9
-19
drivers/net/ethernet/chelsio/cxgb4/cudbg_entity.h
+9
-19
drivers/net/ethernet/chelsio/cxgb4/cudbg_entity.h
···
419
419
{0x7b50, 0x7b54, 0x280, 0x20, 0}, /* up_cim_280_to_2fc */
420
420
{0x7b50, 0x7b54, 0x300, 0x20, 0}, /* up_cim_300_to_37c */
421
421
{0x7b50, 0x7b54, 0x380, 0x14, 0}, /* up_cim_380_to_3cc */
422
-
{0x7b50, 0x7b54, 0x2900, 0x4, 0x4}, /* up_cim_2900_to_3d40 */
423
-
{0x7b50, 0x7b54, 0x2904, 0x4, 0x4}, /* up_cim_2904_to_3d44 */
424
-
{0x7b50, 0x7b54, 0x2908, 0x4, 0x4}, /* up_cim_2908_to_3d48 */
425
-
{0x7b50, 0x7b54, 0x2910, 0x4, 0x4}, /* up_cim_2910_to_3d4c */
426
-
{0x7b50, 0x7b54, 0x2914, 0x4, 0x4}, /* up_cim_2914_to_3d50 */
427
-
{0x7b50, 0x7b54, 0x2920, 0x10, 0x10}, /* up_cim_2920_to_2a10 */
428
-
{0x7b50, 0x7b54, 0x2924, 0x10, 0x10}, /* up_cim_2924_to_2a14 */
429
-
{0x7b50, 0x7b54, 0x2928, 0x10, 0x10}, /* up_cim_2928_to_2a18 */
430
-
{0x7b50, 0x7b54, 0x292c, 0x10, 0x10}, /* up_cim_292c_to_2a1c */
422
+
{0x7b50, 0x7b54, 0x4900, 0x4, 0x4}, /* up_cim_4900_to_4c60 */
423
+
{0x7b50, 0x7b54, 0x4904, 0x4, 0x4}, /* up_cim_4904_to_4c64 */
424
+
{0x7b50, 0x7b54, 0x4908, 0x4, 0x4}, /* up_cim_4908_to_4c68 */
425
+
{0x7b50, 0x7b54, 0x4910, 0x4, 0x4}, /* up_cim_4910_to_4c70 */
426
+
{0x7b50, 0x7b54, 0x4914, 0x4, 0x4}, /* up_cim_4914_to_4c74 */
427
+
{0x7b50, 0x7b54, 0x4920, 0x10, 0x10}, /* up_cim_4920_to_4a10 */
428
+
{0x7b50, 0x7b54, 0x4924, 0x10, 0x10}, /* up_cim_4924_to_4a14 */
429
+
{0x7b50, 0x7b54, 0x4928, 0x10, 0x10}, /* up_cim_4928_to_4a18 */
430
+
{0x7b50, 0x7b54, 0x492c, 0x10, 0x10}, /* up_cim_492c_to_4a1c */
431
431
};
432
432
433
433
static const u32 t5_up_cim_reg_array[][IREG_NUM_ELEM + 1] = {
···
444
444
{0x7b50, 0x7b54, 0x280, 0x20, 0}, /* up_cim_280_to_2fc */
445
445
{0x7b50, 0x7b54, 0x300, 0x20, 0}, /* up_cim_300_to_37c */
446
446
{0x7b50, 0x7b54, 0x380, 0x14, 0}, /* up_cim_380_to_3cc */
447
-
{0x7b50, 0x7b54, 0x2900, 0x4, 0x4}, /* up_cim_2900_to_3d40 */
448
-
{0x7b50, 0x7b54, 0x2904, 0x4, 0x4}, /* up_cim_2904_to_3d44 */
449
-
{0x7b50, 0x7b54, 0x2908, 0x4, 0x4}, /* up_cim_2908_to_3d48 */
450
-
{0x7b50, 0x7b54, 0x2910, 0x4, 0x4}, /* up_cim_2910_to_3d4c */
451
-
{0x7b50, 0x7b54, 0x2914, 0x4, 0x4}, /* up_cim_2914_to_3d50 */
452
-
{0x7b50, 0x7b54, 0x2918, 0x4, 0x4}, /* up_cim_2918_to_3d54 */
453
-
{0x7b50, 0x7b54, 0x291c, 0x4, 0x4}, /* up_cim_291c_to_3d58 */
454
-
{0x7b50, 0x7b54, 0x2924, 0x10, 0x10}, /* up_cim_2924_to_2914 */
455
-
{0x7b50, 0x7b54, 0x2928, 0x10, 0x10}, /* up_cim_2928_to_2a18 */
456
-
{0x7b50, 0x7b54, 0x292c, 0x10, 0x10}, /* up_cim_292c_to_2a1c */
457
447
};
458
448
459
449
static const u32 t6_hma_ireg_array[][IREG_NUM_ELEM] = {
+30
-58
drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c
+30
-58
drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c
···
836
836
{
837
837
struct tp_params *tp = &adap->params.tp;
838
838
u64 hash_filter_mask = tp->hash_filter_mask;
839
-
u32 mask;
839
+
u64 ntuple_mask = 0;
840
840
841
841
if (!is_hashfilter(adap))
842
842
return false;
···
865
865
if (!fs->val.fport || fs->mask.fport != 0xffff)
866
866
return false;
867
867
868
-
if (tp->fcoe_shift >= 0) {
869
-
mask = (hash_filter_mask >> tp->fcoe_shift) & FT_FCOE_W;
870
-
if (mask && !fs->mask.fcoe)
871
-
return false;
872
-
}
868
+
/* calculate tuple mask and compare with mask configured in hw */
869
+
if (tp->fcoe_shift >= 0)
870
+
ntuple_mask |= (u64)fs->mask.fcoe << tp->fcoe_shift;
873
871
874
-
if (tp->port_shift >= 0) {
875
-
mask = (hash_filter_mask >> tp->port_shift) & FT_PORT_W;
876
-
if (mask && !fs->mask.iport)
877
-
return false;
878
-
}
872
+
if (tp->port_shift >= 0)
873
+
ntuple_mask |= (u64)fs->mask.iport << tp->port_shift;
879
874
880
875
if (tp->vnic_shift >= 0) {
881
-
mask = (hash_filter_mask >> tp->vnic_shift) & FT_VNIC_ID_W;
882
-
883
-
if ((adap->params.tp.ingress_config & VNIC_F)) {
884
-
if (mask && !fs->mask.pfvf_vld)
885
-
return false;
886
-
} else {
887
-
if (mask && !fs->mask.ovlan_vld)
888
-
return false;
889
-
}
876
+
if ((adap->params.tp.ingress_config & VNIC_F))
877
+
ntuple_mask |= (u64)fs->mask.pfvf_vld << tp->vnic_shift;
878
+
else
879
+
ntuple_mask |= (u64)fs->mask.ovlan_vld <<
880
+
tp->vnic_shift;
890
881
}
891
882
892
-
if (tp->vlan_shift >= 0) {
893
-
mask = (hash_filter_mask >> tp->vlan_shift) & FT_VLAN_W;
894
-
if (mask && !fs->mask.ivlan)
895
-
return false;
896
-
}
883
+
if (tp->vlan_shift >= 0)
884
+
ntuple_mask |= (u64)fs->mask.ivlan << tp->vlan_shift;
897
885
898
-
if (tp->tos_shift >= 0) {
899
-
mask = (hash_filter_mask >> tp->tos_shift) & FT_TOS_W;
900
-
if (mask && !fs->mask.tos)
901
-
return false;
902
-
}
886
+
if (tp->tos_shift >= 0)
887
+
ntuple_mask |= (u64)fs->mask.tos << tp->tos_shift;
903
888
904
-
if (tp->protocol_shift >= 0) {
905
-
mask = (hash_filter_mask >> tp->protocol_shift) & FT_PROTOCOL_W;
906
-
if (mask && !fs->mask.proto)
907
-
return false;
908
-
}
889
+
if (tp->protocol_shift >= 0)
890
+
ntuple_mask |= (u64)fs->mask.proto << tp->protocol_shift;
909
891
910
-
if (tp->ethertype_shift >= 0) {
911
-
mask = (hash_filter_mask >> tp->ethertype_shift) &
912
-
FT_ETHERTYPE_W;
913
-
if (mask && !fs->mask.ethtype)
914
-
return false;
915
-
}
892
+
if (tp->ethertype_shift >= 0)
893
+
ntuple_mask |= (u64)fs->mask.ethtype << tp->ethertype_shift;
916
894
917
-
if (tp->macmatch_shift >= 0) {
918
-
mask = (hash_filter_mask >> tp->macmatch_shift) & FT_MACMATCH_W;
919
-
if (mask && !fs->mask.macidx)
920
-
return false;
921
-
}
895
+
if (tp->macmatch_shift >= 0)
896
+
ntuple_mask |= (u64)fs->mask.macidx << tp->macmatch_shift;
922
897
923
-
if (tp->matchtype_shift >= 0) {
924
-
mask = (hash_filter_mask >> tp->matchtype_shift) &
925
-
FT_MPSHITTYPE_W;
926
-
if (mask && !fs->mask.matchtype)
927
-
return false;
928
-
}
929
-
if (tp->frag_shift >= 0) {
930
-
mask = (hash_filter_mask >> tp->frag_shift) &
931
-
FT_FRAGMENTATION_W;
932
-
if (mask && !fs->mask.frag)
933
-
return false;
934
-
}
898
+
if (tp->matchtype_shift >= 0)
899
+
ntuple_mask |= (u64)fs->mask.matchtype << tp->matchtype_shift;
900
+
901
+
if (tp->frag_shift >= 0)
902
+
ntuple_mask |= (u64)fs->mask.frag << tp->frag_shift;
903
+
904
+
if (ntuple_mask != hash_filter_mask)
905
+
return false;
906
+
935
907
return true;
936
908
}
937
909
+4
-4
drivers/net/ethernet/cisco/enic/enic_main.c
+4
-4
drivers/net/ethernet/cisco/enic/enic_main.c
···
2747
2747
pci_set_master(pdev);
2748
2748
2749
2749
/* Query PCI controller on system for DMA addressing
2750
-
* limitation for the device. Try 64-bit first, and
2750
+
* limitation for the device. Try 47-bit first, and
2751
2751
* fail to 32-bit.
2752
2752
*/
2753
2753
2754
-
err = pci_set_dma_mask(pdev, DMA_BIT_MASK(64));
2754
+
err = pci_set_dma_mask(pdev, DMA_BIT_MASK(47));
2755
2755
if (err) {
2756
2756
err = pci_set_dma_mask(pdev, DMA_BIT_MASK(32));
2757
2757
if (err) {
···
2765
2765
goto err_out_release_regions;
2766
2766
}
2767
2767
} else {
2768
-
err = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(64));
2768
+
err = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(47));
2769
2769
if (err) {
2770
2770
dev_err(dev, "Unable to obtain %u-bit DMA "
2771
-
"for consistent allocations, aborting\n", 64);
2771
+
"for consistent allocations, aborting\n", 47);
2772
2772
goto err_out_release_regions;
2773
2773
}
2774
2774
using_dac = 1;
+3
-1
drivers/net/ethernet/emulex/benet/be_main.c
+3
-1
drivers/net/ethernet/emulex/benet/be_main.c
···
3309
3309
if ((val & POST_STAGE_FAT_LOG_START)
3310
3310
!= POST_STAGE_FAT_LOG_START &&
3311
3311
(val & POST_STAGE_ARMFW_UE)
3312
-
!= POST_STAGE_ARMFW_UE)
3312
+
!= POST_STAGE_ARMFW_UE &&
3313
+
(val & POST_STAGE_RECOVERABLE_ERR)
3314
+
!= POST_STAGE_RECOVERABLE_ERR)
3313
3315
return;
3314
3316
}
3315
3317
+1
drivers/net/ethernet/freescale/fec_main.c
+1
drivers/net/ethernet/freescale/fec_main.c
+1
-13
drivers/net/ethernet/freescale/fec_ptp.c
+1
-13
drivers/net/ethernet/freescale/fec_ptp.c
···
1
+
// SPDX-License-Identifier: GPL-2.0
1
2
/*
2
3
* Fast Ethernet Controller (ENET) PTP driver for MX6x.
3
4
*
4
5
* Copyright (C) 2012 Freescale Semiconductor, Inc.
5
-
*
6
-
* This program is free software; you can redistribute it and/or modify it
7
-
* under the terms and conditions of the GNU General Public License,
8
-
* version 2, as published by the Free Software Foundation.
9
-
*
10
-
* This program is distributed in the hope it will be useful, but WITHOUT
11
-
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12
-
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
13
-
* more details.
14
-
*
15
-
* You should have received a copy of the GNU General Public License along with
16
-
* this program; if not, write to the Free Software Foundation, Inc.,
17
-
* 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
18
6
*/
19
7
20
8
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+32
-18
drivers/net/ethernet/ibm/ibmvnic.c
+32
-18
drivers/net/ethernet/ibm/ibmvnic.c
···
192
192
if (adapter->fw_done_rc) {
193
193
dev_err(dev, "Couldn't map long term buffer,rc = %d\n",
194
194
adapter->fw_done_rc);
195
+
dma_free_coherent(dev, ltb->size, ltb->buff, ltb->addr);
195
196
return -1;
196
197
}
197
198
return 0;
···
796
795
struct ibmvnic_adapter *adapter = netdev_priv(netdev);
797
796
unsigned long timeout = msecs_to_jiffies(30000);
798
797
int retry_count = 0;
798
+
bool retry;
799
799
int rc;
800
800
801
801
do {
802
+
retry = false;
802
803
if (retry_count > IBMVNIC_MAX_QUEUES) {
803
804
netdev_warn(netdev, "Login attempts exceeded\n");
804
805
return -1;
···
824
821
retry_count++;
825
822
release_sub_crqs(adapter, 1);
826
823
824
+
retry = true;
825
+
netdev_dbg(netdev,
826
+
"Received partial success, retrying...\n");
827
827
adapter->init_done_rc = 0;
828
828
reinit_completion(&adapter->init_done);
829
829
send_cap_queries(adapter);
···
854
848
netdev_warn(netdev, "Adapter login failed\n");
855
849
return -1;
856
850
}
857
-
} while (adapter->init_done_rc == PARTIALSUCCESS);
851
+
} while (retry);
858
852
859
853
/* handle pending MAC address changes after successful login */
860
854
if (adapter->mac_change_pending) {
···
1827
1821
if (rc)
1828
1822
return rc;
1829
1823
}
1824
+
ibmvnic_disable_irqs(adapter);
1830
1825
}
1831
-
1832
-
ibmvnic_disable_irqs(adapter);
1833
1826
adapter->state = VNIC_CLOSED;
1834
1827
1835
1828
if (reset_state == VNIC_CLOSED)
···
2622
2617
{
2623
2618
struct device *dev = &adapter->vdev->dev;
2624
2619
unsigned long rc;
2625
-
u64 val;
2626
2620
2627
2621
if (scrq->hw_irq > 0x100000000ULL) {
2628
2622
dev_err(dev, "bad hw_irq = %lx\n", scrq->hw_irq);
2629
2623
return 1;
2630
2624
}
2631
2625
2632
-
val = (0xff000000) | scrq->hw_irq;
2633
-
rc = plpar_hcall_norets(H_EOI, val);
2634
-
if (rc)
2635
-
dev_err(dev, "H_EOI FAILED irq 0x%llx. rc=%ld\n",
2636
-
val, rc);
2626
+
if (adapter->resetting &&
2627
+
adapter->reset_reason == VNIC_RESET_MOBILITY) {
2628
+
u64 val = (0xff000000) | scrq->hw_irq;
2629
+
2630
+
rc = plpar_hcall_norets(H_EOI, val);
2631
+
if (rc)
2632
+
dev_err(dev, "H_EOI FAILED irq 0x%llx. rc=%ld\n",
2633
+
val, rc);
2634
+
}
2637
2635
2638
2636
rc = plpar_hcall_norets(H_VIOCTL, adapter->vdev->unit_address,
2639
2637
H_ENABLE_VIO_INTERRUPT, scrq->hw_irq, 0, 0);
···
4594
4586
release_crq_queue(adapter);
4595
4587
}
4596
4588
4597
-
rc = init_stats_buffers(adapter);
4598
-
if (rc)
4599
-
return rc;
4600
-
4601
-
rc = init_stats_token(adapter);
4602
-
if (rc)
4603
-
return rc;
4604
-
4605
4589
return rc;
4606
4590
}
4607
4591
···
4662
4662
goto ibmvnic_init_fail;
4663
4663
} while (rc == EAGAIN);
4664
4664
4665
+
rc = init_stats_buffers(adapter);
4666
+
if (rc)
4667
+
goto ibmvnic_init_fail;
4668
+
4669
+
rc = init_stats_token(adapter);
4670
+
if (rc)
4671
+
goto ibmvnic_stats_fail;
4672
+
4665
4673
netdev->mtu = adapter->req_mtu - ETH_HLEN;
4666
4674
netdev->min_mtu = adapter->min_mtu - ETH_HLEN;
4667
4675
netdev->max_mtu = adapter->max_mtu - ETH_HLEN;
4668
4676
4669
4677
rc = device_create_file(&dev->dev, &dev_attr_failover);
4670
4678
if (rc)
4671
-
goto ibmvnic_init_fail;
4679
+
goto ibmvnic_dev_file_err;
4672
4680
4673
4681
netif_carrier_off(netdev);
4674
4682
rc = register_netdev(netdev);
···
4694
4686
4695
4687
ibmvnic_register_fail:
4696
4688
device_remove_file(&dev->dev, &dev_attr_failover);
4689
+
4690
+
ibmvnic_dev_file_err:
4691
+
release_stats_token(adapter);
4692
+
4693
+
ibmvnic_stats_fail:
4694
+
release_stats_buffers(adapter);
4697
4695
4698
4696
ibmvnic_init_fail:
4699
4697
release_sub_crqs(adapter, 1);
+4
-5
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
+4
-5
drivers/net/ethernet/intel/ixgbe/ixgbe_main.c
···
9054
9054
{
9055
9055
const struct tc_action *a;
9056
9056
LIST_HEAD(actions);
9057
-
int err;
9058
9057
9059
9058
if (!tcf_exts_has_actions(exts))
9060
9059
return -EINVAL;
···
9074
9075
9075
9076
if (!dev)
9076
9077
return -EINVAL;
9077
-
err = handle_redirect_action(adapter, dev->ifindex, queue,
9078
-
action);
9079
-
if (err == 0)
9080
-
return err;
9078
+
return handle_redirect_action(adapter, dev->ifindex,
9079
+
queue, action);
9081
9080
}
9081
+
9082
+
return -EINVAL;
9082
9083
}
9083
9084
9084
9085
return -EINVAL;
+9
-7
drivers/net/ethernet/mellanox/mlx4/icm.c
+9
-7
drivers/net/ethernet/mellanox/mlx4/icm.c
···
43
43
#include "fw.h"
44
44
45
45
/*
46
-
* We allocate in as big chunks as we can, up to a maximum of 256 KB
47
-
* per chunk.
46
+
* We allocate in page size (default 4KB on many archs) chunks to avoid high
47
+
* order memory allocations in fragmented/high usage memory situation.
48
48
*/
49
49
enum {
50
-
MLX4_ICM_ALLOC_SIZE = 1 << 18,
51
-
MLX4_TABLE_CHUNK_SIZE = 1 << 18
50
+
MLX4_ICM_ALLOC_SIZE = PAGE_SIZE,
51
+
MLX4_TABLE_CHUNK_SIZE = PAGE_SIZE,
52
52
};
53
53
54
54
static void mlx4_free_icm_pages(struct mlx4_dev *dev, struct mlx4_icm_chunk *chunk)
···
398
398
u64 size;
399
399
400
400
obj_per_chunk = MLX4_TABLE_CHUNK_SIZE / obj_size;
401
+
if (WARN_ON(!obj_per_chunk))
402
+
return -EINVAL;
401
403
num_icm = (nobj + obj_per_chunk - 1) / obj_per_chunk;
402
404
403
-
table->icm = kcalloc(num_icm, sizeof(*table->icm), GFP_KERNEL);
405
+
table->icm = kvzalloc(num_icm * sizeof(*table->icm), GFP_KERNEL);
404
406
if (!table->icm)
405
407
return -ENOMEM;
406
408
table->virt = virt;
···
448
446
mlx4_free_icm(dev, table->icm[i], use_coherent);
449
447
}
450
448
451
-
kfree(table->icm);
449
+
kvfree(table->icm);
452
450
453
451
return -ENOMEM;
454
452
}
···
464
462
mlx4_free_icm(dev, table->icm[i], table->coherent);
465
463
}
466
464
467
-
kfree(table->icm);
465
+
kvfree(table->icm);
468
466
}
+1
-1
drivers/net/ethernet/mellanox/mlx4/intf.c
+1
-1
drivers/net/ethernet/mellanox/mlx4/intf.c
···
172
172
list_add_tail(&dev_ctx->list, &priv->ctx_list);
173
173
spin_unlock_irqrestore(&priv->ctx_lock, flags);
174
174
175
-
mlx4_dbg(dev, "Inrerface for protocol %d restarted with when bonded mode is %s\n",
175
+
mlx4_dbg(dev, "Interface for protocol %d restarted with bonded mode %s\n",
176
176
dev_ctx->intf->protocol, enable ?
177
177
"enabled" : "disabled");
178
178
}
+3
-1
drivers/net/ethernet/mellanox/mlx4/main.c
+3
-1
drivers/net/ethernet/mellanox/mlx4/main.c
···
2929
2929
mlx4_err(dev, "Failed to create file for port %d\n", port);
2930
2930
devlink_port_unregister(&info->devlink_port);
2931
2931
info->port = -1;
2932
+
return err;
2932
2933
}
2933
2934
2934
2935
sprintf(info->dev_mtu_name, "mlx4_port%d_mtu", port);
···
2951
2950
&info->port_attr);
2952
2951
devlink_port_unregister(&info->devlink_port);
2953
2952
info->port = -1;
2953
+
return err;
2954
2954
}
2955
2955
2956
-
return err;
2956
+
return 0;
2957
2957
}
2958
2958
2959
2959
static void mlx4_cleanup_port_info(struct mlx4_port_info *info)
+2
-2
drivers/net/ethernet/mellanox/mlx4/qp.c
+2
-2
drivers/net/ethernet/mellanox/mlx4/qp.c
···
393
393
struct mlx4_qp_table *qp_table = &mlx4_priv(dev)->qp_table;
394
394
struct mlx4_qp *qp;
395
395
396
-
spin_lock(&qp_table->lock);
396
+
spin_lock_irq(&qp_table->lock);
397
397
398
398
qp = __mlx4_qp_lookup(dev, qpn);
399
399
400
-
spin_unlock(&qp_table->lock);
400
+
spin_unlock_irq(&qp_table->lock);
401
401
return qp;
402
402
}
403
403
+42
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
+42
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c
···
615
615
return (ethertype == htons(ETH_P_IP) || ethertype == htons(ETH_P_IPV6));
616
616
}
617
617
618
+
static __be32 mlx5e_get_fcs(struct sk_buff *skb)
619
+
{
620
+
int last_frag_sz, bytes_in_prev, nr_frags;
621
+
u8 *fcs_p1, *fcs_p2;
622
+
skb_frag_t *last_frag;
623
+
__be32 fcs_bytes;
624
+
625
+
if (!skb_is_nonlinear(skb))
626
+
return *(__be32 *)(skb->data + skb->len - ETH_FCS_LEN);
627
+
628
+
nr_frags = skb_shinfo(skb)->nr_frags;
629
+
last_frag = &skb_shinfo(skb)->frags[nr_frags - 1];
630
+
last_frag_sz = skb_frag_size(last_frag);
631
+
632
+
/* If all FCS data is in last frag */
633
+
if (last_frag_sz >= ETH_FCS_LEN)
634
+
return *(__be32 *)(skb_frag_address(last_frag) +
635
+
last_frag_sz - ETH_FCS_LEN);
636
+
637
+
fcs_p2 = (u8 *)skb_frag_address(last_frag);
638
+
bytes_in_prev = ETH_FCS_LEN - last_frag_sz;
639
+
640
+
/* Find where the other part of the FCS is - Linear or another frag */
641
+
if (nr_frags == 1) {
642
+
fcs_p1 = skb_tail_pointer(skb);
643
+
} else {
644
+
skb_frag_t *prev_frag = &skb_shinfo(skb)->frags[nr_frags - 2];
645
+
646
+
fcs_p1 = skb_frag_address(prev_frag) +
647
+
skb_frag_size(prev_frag);
648
+
}
649
+
fcs_p1 -= bytes_in_prev;
650
+
651
+
memcpy(&fcs_bytes, fcs_p1, bytes_in_prev);
652
+
memcpy(((u8 *)&fcs_bytes) + bytes_in_prev, fcs_p2, last_frag_sz);
653
+
654
+
return fcs_bytes;
655
+
}
656
+
618
657
static inline void mlx5e_handle_csum(struct net_device *netdev,
619
658
struct mlx5_cqe64 *cqe,
620
659
struct mlx5e_rq *rq,
···
682
643
skb->csum = csum_partial(skb->data + ETH_HLEN,
683
644
network_depth - ETH_HLEN,
684
645
skb->csum);
646
+
if (unlikely(netdev->features & NETIF_F_RXFCS))
647
+
skb->csum = csum_add(skb->csum,
648
+
(__force __wsum)mlx5e_get_fcs(skb));
685
649
rq->stats.csum_complete++;
686
650
return;
687
651
}
+5
-7
drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
+5
-7
drivers/net/ethernet/mellanox/mlx5/core/fpga/ipsec.c
···
237
237
context->buf.sg[0].data = &context->command;
238
238
239
239
spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
240
-
list_add_tail(&context->list, &fdev->ipsec->pending_cmds);
240
+
res = mlx5_fpga_sbu_conn_sendmsg(fdev->ipsec->conn, &context->buf);
241
+
if (!res)
242
+
list_add_tail(&context->list, &fdev->ipsec->pending_cmds);
241
243
spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
242
244
243
-
res = mlx5_fpga_sbu_conn_sendmsg(fdev->ipsec->conn, &context->buf);
244
245
if (res) {
245
-
mlx5_fpga_warn(fdev, "Failure sending IPSec command: %d\n",
246
-
res);
247
-
spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags);
248
-
list_del(&context->list);
249
-
spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags);
246
+
mlx5_fpga_warn(fdev, "Failed to send IPSec command: %d\n", res);
250
247
kfree(context);
251
248
return ERR_PTR(res);
252
249
}
250
+
253
251
/* Context will be freed by wait func after completion */
254
252
return context;
255
253
}
+5
drivers/net/ethernet/mellanox/mlxsw/spectrum.c
+5
drivers/net/ethernet/mellanox/mlxsw/spectrum.c
···
4433
4433
NL_SET_ERR_MSG_MOD(extack, "Can not put a VLAN on an OVS port");
4434
4434
return -EINVAL;
4435
4435
}
4436
+
if (is_vlan_dev(upper_dev) &&
4437
+
vlan_dev_vlan_id(upper_dev) == 1) {
4438
+
NL_SET_ERR_MSG_MOD(extack, "Creating a VLAN device with VID 1 is unsupported: VLAN 1 carries untagged traffic");
4439
+
return -EINVAL;
4440
+
}
4436
4441
break;
4437
4442
case NETDEV_CHANGEUPPER:
4438
4443
upper_dev = info->upper_dev;
+1
-1
drivers/net/ethernet/natsemi/sonic.c
+1
-1
drivers/net/ethernet/natsemi/sonic.c
···
84
84
for (i = 0; i < SONIC_NUM_RRS; i++) {
85
85
dma_addr_t laddr = dma_map_single(lp->device, skb_put(lp->rx_skb[i], SONIC_RBSIZE),
86
86
SONIC_RBSIZE, DMA_FROM_DEVICE);
87
-
if (!laddr) {
87
+
if (dma_mapping_error(lp->device, laddr)) {
88
88
while(i > 0) { /* free any that were mapped successfully */
89
89
i--;
90
90
dma_unmap_single(lp->device, lp->rx_laddr[i], SONIC_RBSIZE, DMA_FROM_DEVICE);
+1
-1
drivers/net/ethernet/netronome/nfp/bpf/main.c
+1
-1
drivers/net/ethernet/netronome/nfp/bpf/main.c
+1
-1
drivers/net/ethernet/qlogic/qed/qed_cxt.c
+1
-1
drivers/net/ethernet/qlogic/qed/qed_cxt.c
···
77
77
#define ILT_CFG_REG(cli, reg) PSWRQ2_REG_ ## cli ## _ ## reg ## _RT_OFFSET
78
78
79
79
/* ILT entry structure */
80
-
#define ILT_ENTRY_PHY_ADDR_MASK 0x000FFFFFFFFFFFULL
80
+
#define ILT_ENTRY_PHY_ADDR_MASK (~0ULL >> 12)
81
81
#define ILT_ENTRY_PHY_ADDR_SHIFT 0
82
82
#define ILT_ENTRY_VALID_MASK 0x1ULL
83
83
#define ILT_ENTRY_VALID_SHIFT 52
+50
-11
drivers/net/ethernet/qlogic/qed/qed_ll2.c
+50
-11
drivers/net/ethernet/qlogic/qed/qed_ll2.c
···
292
292
struct qed_ll2_tx_packet *p_pkt = NULL;
293
293
struct qed_ll2_info *p_ll2_conn;
294
294
struct qed_ll2_tx_queue *p_tx;
295
+
unsigned long flags = 0;
295
296
dma_addr_t tx_frag;
296
297
297
298
p_ll2_conn = qed_ll2_handle_sanity_inactive(p_hwfn, connection_handle);
···
301
300
302
301
p_tx = &p_ll2_conn->tx_queue;
303
302
303
+
spin_lock_irqsave(&p_tx->lock, flags);
304
304
while (!list_empty(&p_tx->active_descq)) {
305
305
p_pkt = list_first_entry(&p_tx->active_descq,
306
306
struct qed_ll2_tx_packet, list_entry);
···
311
309
list_del(&p_pkt->list_entry);
312
310
b_last_packet = list_empty(&p_tx->active_descq);
313
311
list_add_tail(&p_pkt->list_entry, &p_tx->free_descq);
312
+
spin_unlock_irqrestore(&p_tx->lock, flags);
314
313
if (p_ll2_conn->input.conn_type == QED_LL2_TYPE_OOO) {
315
314
struct qed_ooo_buffer *p_buffer;
316
315
···
331
328
b_last_frag,
332
329
b_last_packet);
333
330
}
331
+
spin_lock_irqsave(&p_tx->lock, flags);
334
332
}
333
+
spin_unlock_irqrestore(&p_tx->lock, flags);
335
334
}
336
335
337
336
static int qed_ll2_txq_completion(struct qed_hwfn *p_hwfn, void *p_cookie)
···
561
556
struct qed_ll2_info *p_ll2_conn = NULL;
562
557
struct qed_ll2_rx_packet *p_pkt = NULL;
563
558
struct qed_ll2_rx_queue *p_rx;
559
+
unsigned long flags = 0;
564
560
565
561
p_ll2_conn = qed_ll2_handle_sanity_inactive(p_hwfn, connection_handle);
566
562
if (!p_ll2_conn)
···
569
563
570
564
p_rx = &p_ll2_conn->rx_queue;
571
565
566
+
spin_lock_irqsave(&p_rx->lock, flags);
572
567
while (!list_empty(&p_rx->active_descq)) {
573
568
p_pkt = list_first_entry(&p_rx->active_descq,
574
569
struct qed_ll2_rx_packet, list_entry);
575
570
if (!p_pkt)
576
571
break;
577
-
578
572
list_move_tail(&p_pkt->list_entry, &p_rx->free_descq);
573
+
spin_unlock_irqrestore(&p_rx->lock, flags);
579
574
580
575
if (p_ll2_conn->input.conn_type == QED_LL2_TYPE_OOO) {
581
576
struct qed_ooo_buffer *p_buffer;
···
595
588
cookie,
596
589
rx_buf_addr, b_last);
597
590
}
591
+
spin_lock_irqsave(&p_rx->lock, flags);
598
592
}
593
+
spin_unlock_irqrestore(&p_rx->lock, flags);
594
+
}
595
+
596
+
static bool
597
+
qed_ll2_lb_rxq_handler_slowpath(struct qed_hwfn *p_hwfn,
598
+
struct core_rx_slow_path_cqe *p_cqe)
599
+
{
600
+
struct ooo_opaque *iscsi_ooo;
601
+
u32 cid;
602
+
603
+
if (p_cqe->ramrod_cmd_id != CORE_RAMROD_RX_QUEUE_FLUSH)
604
+
return false;
605
+
606
+
iscsi_ooo = (struct ooo_opaque *)&p_cqe->opaque_data;
607
+
if (iscsi_ooo->ooo_opcode != TCP_EVENT_DELETE_ISLES)
608
+
return false;
609
+
610
+
/* Need to make a flush */
611
+
cid = le32_to_cpu(iscsi_ooo->cid);
612
+
qed_ooo_release_connection_isles(p_hwfn, p_hwfn->p_ooo_info, cid);
613
+
614
+
return true;
599
615
}
600
616
601
617
static int qed_ll2_lb_rxq_handler(struct qed_hwfn *p_hwfn,
···
646
616
cqe = qed_chain_consume(&p_rx->rcq_chain);
647
617
cq_old_idx = qed_chain_get_cons_idx(&p_rx->rcq_chain);
648
618
cqe_type = cqe->rx_cqe_sp.type;
619
+
620
+
if (cqe_type == CORE_RX_CQE_TYPE_SLOW_PATH)
621
+
if (qed_ll2_lb_rxq_handler_slowpath(p_hwfn,
622
+
&cqe->rx_cqe_sp))
623
+
continue;
649
624
650
625
if (cqe_type != CORE_RX_CQE_TYPE_REGULAR) {
651
626
DP_NOTICE(p_hwfn,
···
829
794
struct qed_ll2_info *p_ll2_conn = (struct qed_ll2_info *)p_cookie;
830
795
int rc;
831
796
797
+
if (!QED_LL2_RX_REGISTERED(p_ll2_conn))
798
+
return 0;
799
+
832
800
rc = qed_ll2_lb_rxq_handler(p_hwfn, p_ll2_conn);
833
801
if (rc)
834
802
return rc;
···
851
813
bool b_dont_submit_rx = false;
852
814
u16 new_idx = 0, num_bds = 0;
853
815
int rc;
816
+
817
+
if (!QED_LL2_TX_REGISTERED(p_ll2_conn))
818
+
return 0;
854
819
855
820
new_idx = le16_to_cpu(*p_tx->p_fw_cons);
856
821
num_bds = ((s16)new_idx - (s16)p_tx->bds_idx);
···
1908
1867
1909
1868
/* Stop Tx & Rx of connection, if needed */
1910
1869
if (QED_LL2_TX_REGISTERED(p_ll2_conn)) {
1870
+
p_ll2_conn->tx_queue.b_cb_registred = false;
1871
+
smp_wmb(); /* Make sure this is seen by ll2_lb_rxq_completion */
1911
1872
rc = qed_sp_ll2_tx_queue_stop(p_hwfn, p_ll2_conn);
1912
1873
if (rc)
1913
1874
goto out;
1875
+
1914
1876
qed_ll2_txq_flush(p_hwfn, connection_handle);
1877
+
qed_int_unregister_cb(p_hwfn, p_ll2_conn->tx_queue.tx_sb_index);
1915
1878
}
1916
1879
1917
1880
if (QED_LL2_RX_REGISTERED(p_ll2_conn)) {
1881
+
p_ll2_conn->rx_queue.b_cb_registred = false;
1882
+
smp_wmb(); /* Make sure this is seen by ll2_lb_rxq_completion */
1918
1883
rc = qed_sp_ll2_rx_queue_stop(p_hwfn, p_ll2_conn);
1919
1884
if (rc)
1920
1885
goto out;
1886
+
1921
1887
qed_ll2_rxq_flush(p_hwfn, connection_handle);
1888
+
qed_int_unregister_cb(p_hwfn, p_ll2_conn->rx_queue.rx_sb_index);
1922
1889
}
1923
1890
1924
1891
if (p_ll2_conn->input.conn_type == QED_LL2_TYPE_OOO)
···
1973
1924
p_ll2_conn = qed_ll2_handle_sanity(p_hwfn, connection_handle);
1974
1925
if (!p_ll2_conn)
1975
1926
return;
1976
-
1977
-
if (QED_LL2_RX_REGISTERED(p_ll2_conn)) {
1978
-
p_ll2_conn->rx_queue.b_cb_registred = false;
1979
-
qed_int_unregister_cb(p_hwfn, p_ll2_conn->rx_queue.rx_sb_index);
1980
-
}
1981
-
1982
-
if (QED_LL2_TX_REGISTERED(p_ll2_conn)) {
1983
-
p_ll2_conn->tx_queue.b_cb_registred = false;
1984
-
qed_int_unregister_cb(p_hwfn, p_ll2_conn->tx_queue.tx_sb_index);
1985
-
}
1986
1927
1987
1928
kfree(p_ll2_conn->tx_queue.descq_mem);
1988
1929
qed_chain_free(p_hwfn->cdev, &p_ll2_conn->tx_queue.txq_chain);
+1
-2
drivers/net/ethernet/qlogic/qede/qede_main.c
+1
-2
drivers/net/ethernet/qlogic/qede/qede_main.c
···
1066
1066
1067
1067
DP_INFO(edev, "Starting qede_remove\n");
1068
1068
1069
+
qede_rdma_dev_remove(edev);
1069
1070
unregister_netdev(ndev);
1070
1071
cancel_delayed_work_sync(&edev->sp_task);
1071
1072
1072
1073
qede_ptp_disable(edev);
1073
-
1074
-
qede_rdma_dev_remove(edev);
1075
1074
1076
1075
edev->ops->common->set_power_state(cdev, PCI_D0);
1077
1076
+1
-1
drivers/net/ethernet/renesas/sh_eth.h
+1
-1
drivers/net/ethernet/renesas/sh_eth.h
+2
-2
drivers/net/ethernet/socionext/netsec.c
+2
-2
drivers/net/ethernet/socionext/netsec.c
···
1674
1674
if (ret)
1675
1675
goto unreg_napi;
1676
1676
1677
-
if (dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(64)))
1678
-
dev_warn(&pdev->dev, "Failed to enable 64-bit DMA\n");
1677
+
if (dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(40)))
1678
+
dev_warn(&pdev->dev, "Failed to set DMA mask\n");
1679
1679
1680
1680
ret = register_netdev(ndev);
1681
1681
if (ret) {
+12
-10
drivers/net/ethernet/ti/davinci_emac.c
+12
-10
drivers/net/ethernet/ti/davinci_emac.c
···
1873
1873
if (IS_ERR(priv->txchan)) {
1874
1874
dev_err(&pdev->dev, "error initializing tx dma channel\n");
1875
1875
rc = PTR_ERR(priv->txchan);
1876
-
goto no_cpdma_chan;
1876
+
goto err_free_dma;
1877
1877
}
1878
1878
1879
1879
priv->rxchan = cpdma_chan_create(priv->dma, EMAC_DEF_RX_CH,
···
1881
1881
if (IS_ERR(priv->rxchan)) {
1882
1882
dev_err(&pdev->dev, "error initializing rx dma channel\n");
1883
1883
rc = PTR_ERR(priv->rxchan);
1884
-
goto no_cpdma_chan;
1884
+
goto err_free_txchan;
1885
1885
}
1886
1886
1887
1887
res = platform_get_resource(pdev, IORESOURCE_IRQ, 0);
1888
1888
if (!res) {
1889
1889
dev_err(&pdev->dev, "error getting irq res\n");
1890
1890
rc = -ENOENT;
1891
-
goto no_cpdma_chan;
1891
+
goto err_free_rxchan;
1892
1892
}
1893
1893
ndev->irq = res->start;
1894
1894
···
1914
1914
pm_runtime_put_noidle(&pdev->dev);
1915
1915
dev_err(&pdev->dev, "%s: failed to get_sync(%d)\n",
1916
1916
__func__, rc);
1917
-
goto no_cpdma_chan;
1917
+
goto err_napi_del;
1918
1918
}
1919
1919
1920
1920
/* register the network device */
···
1924
1924
dev_err(&pdev->dev, "error in register_netdev\n");
1925
1925
rc = -ENODEV;
1926
1926
pm_runtime_put(&pdev->dev);
1927
-
goto no_cpdma_chan;
1927
+
goto err_napi_del;
1928
1928
}
1929
1929
1930
1930
···
1937
1937
1938
1938
return 0;
1939
1939
1940
-
no_cpdma_chan:
1941
-
if (priv->txchan)
1942
-
cpdma_chan_destroy(priv->txchan);
1943
-
if (priv->rxchan)
1944
-
cpdma_chan_destroy(priv->rxchan);
1940
+
err_napi_del:
1941
+
netif_napi_del(&priv->napi);
1942
+
err_free_rxchan:
1943
+
cpdma_chan_destroy(priv->rxchan);
1944
+
err_free_txchan:
1945
+
cpdma_chan_destroy(priv->txchan);
1946
+
err_free_dma:
1945
1947
cpdma_ctlr_destroy(priv->dma);
1946
1948
no_pdata:
1947
1949
if (of_phy_is_fixed_link(np))
+3
-1
drivers/net/ipvlan/ipvlan_main.c
+3
-1
drivers/net/ipvlan/ipvlan_main.c
···
792
792
break;
793
793
794
794
case NETDEV_CHANGEADDR:
795
-
list_for_each_entry(ipvlan, &port->ipvlans, pnode)
795
+
list_for_each_entry(ipvlan, &port->ipvlans, pnode) {
796
796
ether_addr_copy(ipvlan->dev->dev_addr, dev->dev_addr);
797
+
call_netdevice_notifiers(NETDEV_CHANGEADDR, ipvlan->dev);
798
+
}
797
799
break;
798
800
799
801
case NETDEV_PRE_TYPE_CHANGE:
+3
-3
drivers/net/phy/bcm-cygnus.c
+3
-3
drivers/net/phy/bcm-cygnus.c
···
61
61
return rc;
62
62
63
63
/* make rcal=100, since rdb default is 000 */
64
-
rc = bcm_phy_write_exp(phydev, MII_BRCM_CORE_EXPB1, 0x10);
64
+
rc = bcm_phy_write_exp_sel(phydev, MII_BRCM_CORE_EXPB1, 0x10);
65
65
if (rc < 0)
66
66
return rc;
67
67
68
68
/* CORE_EXPB0, Reset R_CAL/RC_CAL Engine */
69
-
rc = bcm_phy_write_exp(phydev, MII_BRCM_CORE_EXPB0, 0x10);
69
+
rc = bcm_phy_write_exp_sel(phydev, MII_BRCM_CORE_EXPB0, 0x10);
70
70
if (rc < 0)
71
71
return rc;
72
72
73
73
/* CORE_EXPB0, Disable Reset R_CAL/RC_CAL Engine */
74
-
rc = bcm_phy_write_exp(phydev, MII_BRCM_CORE_EXPB0, 0x00);
74
+
rc = bcm_phy_write_exp_sel(phydev, MII_BRCM_CORE_EXPB0, 0x00);
75
75
76
76
return 0;
77
77
}
+1
-1
drivers/net/phy/bcm-phy-lib.c
+1
-1
drivers/net/phy/bcm-phy-lib.c
···
56
56
/* The register must be written to both the Shadow Register Select and
57
57
* the Shadow Read Register Selector
58
58
*/
59
-
phy_write(phydev, MII_BCM54XX_AUX_CTL, regnum |
59
+
phy_write(phydev, MII_BCM54XX_AUX_CTL, MII_BCM54XX_AUXCTL_SHDWSEL_MASK |
60
60
regnum << MII_BCM54XX_AUXCTL_SHDWSEL_READ_SHIFT);
61
61
return phy_read(phydev, MII_BCM54XX_AUX_CTL);
62
62
}
+7
drivers/net/phy/bcm-phy-lib.h
+7
drivers/net/phy/bcm-phy-lib.h
···
14
14
#ifndef _LINUX_BCM_PHY_LIB_H
15
15
#define _LINUX_BCM_PHY_LIB_H
16
16
17
+
#include <linux/brcmphy.h>
17
18
#include <linux/phy.h>
18
19
19
20
int bcm_phy_write_exp(struct phy_device *phydev, u16 reg, u16 val);
20
21
int bcm_phy_read_exp(struct phy_device *phydev, u16 reg);
22
+
23
+
static inline int bcm_phy_write_exp_sel(struct phy_device *phydev,
24
+
u16 reg, u16 val)
25
+
{
26
+
return bcm_phy_write_exp(phydev, reg | MII_BCM54XX_EXP_SEL_ER, val);
27
+
}
21
28
22
29
int bcm54xx_auxctl_write(struct phy_device *phydev, u16 regnum, u16 val);
23
30
int bcm54xx_auxctl_read(struct phy_device *phydev, u16 regnum);
+2
-2
drivers/net/phy/bcm7xxx.c
+2
-2
drivers/net/phy/bcm7xxx.c
···
65
65
static void r_rc_cal_reset(struct phy_device *phydev)
66
66
{
67
67
/* Reset R_CAL/RC_CAL Engine */
68
-
bcm_phy_write_exp(phydev, 0x00b0, 0x0010);
68
+
bcm_phy_write_exp_sel(phydev, 0x00b0, 0x0010);
69
69
70
70
/* Disable Reset R_AL/RC_CAL Engine */
71
-
bcm_phy_write_exp(phydev, 0x00b0, 0x0000);
71
+
bcm_phy_write_exp_sel(phydev, 0x00b0, 0x0000);
72
72
}
73
73
74
74
static int bcm7xxx_28nm_b0_afe_config_init(struct phy_device *phydev)
+31
drivers/net/phy/micrel.c
+31
drivers/net/phy/micrel.c
···
573
573
ksz9031_of_load_skew_values(phydev, of_node,
574
574
MII_KSZ9031RN_TX_DATA_PAD_SKEW, 4,
575
575
tx_data_skews, 4);
576
+
577
+
/* Silicon Errata Sheet (DS80000691D or DS80000692D):
578
+
* When the device links in the 1000BASE-T slave mode only,
579
+
* the optional 125MHz reference output clock (CLK125_NDO)
580
+
* has wide duty cycle variation.
581
+
*
582
+
* The optional CLK125_NDO clock does not meet the RGMII
583
+
* 45/55 percent (min/max) duty cycle requirement and therefore
584
+
* cannot be used directly by the MAC side for clocking
585
+
* applications that have setup/hold time requirements on
586
+
* rising and falling clock edges.
587
+
*
588
+
* Workaround:
589
+
* Force the phy to be the master to receive a stable clock
590
+
* which meets the duty cycle requirement.
591
+
*/
592
+
if (of_property_read_bool(of_node, "micrel,force-master")) {
593
+
result = phy_read(phydev, MII_CTRL1000);
594
+
if (result < 0)
595
+
goto err_force_master;
596
+
597
+
/* enable master mode, config & prefer master */
598
+
result |= CTL1000_ENABLE_MASTER | CTL1000_AS_MASTER;
599
+
result = phy_write(phydev, MII_CTRL1000, result);
600
+
if (result < 0)
601
+
goto err_force_master;
602
+
}
576
603
}
577
604
578
605
return ksz9031_center_flp_timing(phydev);
606
+
607
+
err_force_master:
608
+
phydev_err(phydev, "failed to force the phy to master mode\n");
609
+
return result;
579
610
}
580
611
581
612
#define KSZ8873MLL_GLOBAL_CONTROL_4 0x06
+5
-22
drivers/net/ppp/ppp_generic.c
+5
-22
drivers/net/ppp/ppp_generic.c
···
605
605
606
606
if (cmd == PPPIOCDETACH) {
607
607
/*
608
-
* We have to be careful here... if the file descriptor
609
-
* has been dup'd, we could have another process in the
610
-
* middle of a poll using the same file *, so we had
611
-
* better not free the interface data structures -
612
-
* instead we fail the ioctl. Even in this case, we
613
-
* shut down the interface if we are the owner of it.
614
-
* Actually, we should get rid of PPPIOCDETACH, userland
615
-
* (i.e. pppd) could achieve the same effect by closing
616
-
* this fd and reopening /dev/ppp.
608
+
* PPPIOCDETACH is no longer supported as it was heavily broken,
609
+
* and is only known to have been used by pppd older than
610
+
* ppp-2.4.2 (released November 2003).
617
611
*/
612
+
pr_warn_once("%s (%d) used obsolete PPPIOCDETACH ioctl\n",
613
+
current->comm, current->pid);
618
614
err = -EINVAL;
619
-
if (pf->kind == INTERFACE) {
620
-
ppp = PF_TO_PPP(pf);
621
-
rtnl_lock();
622
-
if (file == ppp->owner)
623
-
unregister_netdevice(ppp->dev);
624
-
rtnl_unlock();
625
-
}
626
-
if (atomic_long_read(&file->f_count) < 2) {
627
-
ppp_release(NULL, file);
628
-
err = 0;
629
-
} else
630
-
pr_warn("PPPIOCDETACH file->f_count=%ld\n",
631
-
atomic_long_read(&file->f_count));
632
615
goto out;
633
616
}
634
617
+36
-25
drivers/net/tun.c
+36
-25
drivers/net/tun.c
···
681
681
skb_queue_purge(&tfile->sk.sk_error_queue);
682
682
}
683
683
684
-
static void tun_cleanup_tx_ring(struct tun_file *tfile)
685
-
{
686
-
if (tfile->tx_ring.queue) {
687
-
ptr_ring_cleanup(&tfile->tx_ring, tun_ptr_free);
688
-
xdp_rxq_info_unreg(&tfile->xdp_rxq);
689
-
memset(&tfile->tx_ring, 0, sizeof(tfile->tx_ring));
690
-
}
691
-
}
692
-
693
684
static void __tun_detach(struct tun_file *tfile, bool clean)
694
685
{
695
686
struct tun_file *ntfile;
···
727
736
tun->dev->reg_state == NETREG_REGISTERED)
728
737
unregister_netdevice(tun->dev);
729
738
}
730
-
tun_cleanup_tx_ring(tfile);
739
+
if (tun)
740
+
xdp_rxq_info_unreg(&tfile->xdp_rxq);
741
+
ptr_ring_cleanup(&tfile->tx_ring, tun_ptr_free);
731
742
sock_put(&tfile->sk);
732
743
}
733
744
}
···
776
783
tun_napi_del(tun, tfile);
777
784
/* Drop read queue */
778
785
tun_queue_purge(tfile);
786
+
xdp_rxq_info_unreg(&tfile->xdp_rxq);
779
787
sock_put(&tfile->sk);
780
-
tun_cleanup_tx_ring(tfile);
781
788
}
782
789
list_for_each_entry_safe(tfile, tmp, &tun->disabled, next) {
783
790
tun_enable_queue(tfile);
784
791
tun_queue_purge(tfile);
792
+
xdp_rxq_info_unreg(&tfile->xdp_rxq);
785
793
sock_put(&tfile->sk);
786
-
tun_cleanup_tx_ring(tfile);
787
794
}
788
795
BUG_ON(tun->numdisabled != 0);
789
796
···
827
834
}
828
835
829
836
if (!tfile->detached &&
830
-
ptr_ring_init(&tfile->tx_ring, dev->tx_queue_len, GFP_KERNEL)) {
837
+
ptr_ring_resize(&tfile->tx_ring, dev->tx_queue_len,
838
+
GFP_KERNEL, tun_ptr_free)) {
831
839
err = -ENOMEM;
832
840
goto out;
833
841
}
···
1423
1429
dev->max_mtu = MAX_MTU - dev->hard_header_len;
1424
1430
}
1425
1431
1432
+
static bool tun_sock_writeable(struct tun_struct *tun, struct tun_file *tfile)
1433
+
{
1434
+
struct sock *sk = tfile->socket.sk;
1435
+
1436
+
return (tun->dev->flags & IFF_UP) && sock_writeable(sk);
1437
+
}
1438
+
1426
1439
/* Character device part */
1427
1440
1428
1441
/* Poll */
···
1452
1451
if (!ptr_ring_empty(&tfile->tx_ring))
1453
1452
mask |= EPOLLIN | EPOLLRDNORM;
1454
1453
1455
-
if (tun->dev->flags & IFF_UP &&
1456
-
(sock_writeable(sk) ||
1457
-
(!test_and_set_bit(SOCKWQ_ASYNC_NOSPACE, &sk->sk_socket->flags) &&
1458
-
sock_writeable(sk))))
1454
+
/* Make sure SOCKWQ_ASYNC_NOSPACE is set if not writable to
1455
+
* guarantee EPOLLOUT to be raised by either here or
1456
+
* tun_sock_write_space(). Then process could get notification
1457
+
* after it writes to a down device and meets -EIO.
1458
+
*/
1459
+
if (tun_sock_writeable(tun, tfile) ||
1460
+
(!test_and_set_bit(SOCKWQ_ASYNC_NOSPACE, &sk->sk_socket->flags) &&
1461
+
tun_sock_writeable(tun, tfile)))
1459
1462
mask |= EPOLLOUT | EPOLLWRNORM;
1460
1463
1461
1464
if (tun->dev->reg_state != NETREG_REGISTERED)
···
1650
1645
else
1651
1646
*skb_xdp = 0;
1652
1647
1653
-
preempt_disable();
1648
+
local_bh_disable();
1654
1649
rcu_read_lock();
1655
1650
xdp_prog = rcu_dereference(tun->xdp_prog);
1656
1651
if (xdp_prog && !*skb_xdp) {
···
1675
1670
if (err)
1676
1671
goto err_redirect;
1677
1672
rcu_read_unlock();
1678
-
preempt_enable();
1673
+
local_bh_enable();
1679
1674
return NULL;
1680
1675
case XDP_TX:
1681
1676
get_page(alloc_frag->page);
···
1684
1679
goto err_redirect;
1685
1680
tun_xdp_flush(tun->dev);
1686
1681
rcu_read_unlock();
1687
-
preempt_enable();
1682
+
local_bh_enable();
1688
1683
return NULL;
1689
1684
case XDP_PASS:
1690
1685
delta = orig_data - xdp.data;
···
1703
1698
skb = build_skb(buf, buflen);
1704
1699
if (!skb) {
1705
1700
rcu_read_unlock();
1706
-
preempt_enable();
1701
+
local_bh_enable();
1707
1702
return ERR_PTR(-ENOMEM);
1708
1703
}
1709
1704
···
1713
1708
alloc_frag->offset += buflen;
1714
1709
1715
1710
rcu_read_unlock();
1716
-
preempt_enable();
1711
+
local_bh_enable();
1717
1712
1718
1713
return skb;
1719
1714
···
1721
1716
put_page(alloc_frag->page);
1722
1717
err_xdp:
1723
1718
rcu_read_unlock();
1724
-
preempt_enable();
1719
+
local_bh_enable();
1725
1720
this_cpu_inc(tun->pcpu_stats->rx_dropped);
1726
1721
return NULL;
1727
1722
}
···
1917
1912
struct bpf_prog *xdp_prog;
1918
1913
int ret;
1919
1914
1915
+
local_bh_disable();
1920
1916
rcu_read_lock();
1921
1917
xdp_prog = rcu_dereference(tun->xdp_prog);
1922
1918
if (xdp_prog) {
1923
1919
ret = do_xdp_generic(xdp_prog, skb);
1924
1920
if (ret != XDP_PASS) {
1925
1921
rcu_read_unlock();
1922
+
local_bh_enable();
1926
1923
return total_len;
1927
1924
}
1928
1925
}
1929
1926
rcu_read_unlock();
1927
+
local_bh_enable();
1930
1928
}
1931
1929
1932
1930
rcu_read_lock();
···
3227
3219
&tun_proto, 0);
3228
3220
if (!tfile)
3229
3221
return -ENOMEM;
3222
+
if (ptr_ring_init(&tfile->tx_ring, 0, GFP_KERNEL)) {
3223
+
sk_free(&tfile->sk);
3224
+
return -ENOMEM;
3225
+
}
3226
+
3230
3227
RCU_INIT_POINTER(tfile->tun, NULL);
3231
3228
tfile->flags = 0;
3232
3229
tfile->ifindex = 0;
···
3251
3238
INIT_LIST_HEAD(&tfile->next);
3252
3239
3253
3240
sock_set_flag(&tfile->sk, SOCK_ZEROCOPY);
3254
-
3255
-
memset(&tfile->tx_ring, 0, sizeof(tfile->tx_ring));
3256
3241
3257
3242
return 0;
3258
3243
}
+1
-1
drivers/net/usb/cdc_mbim.c
+1
-1
drivers/net/usb/cdc_mbim.c
···
609
609
*/
610
610
static const struct driver_info cdc_mbim_info_avoid_altsetting_toggle = {
611
611
.description = "CDC MBIM",
612
-
.flags = FLAG_NO_SETINT | FLAG_MULTI_PACKET | FLAG_WWAN,
612
+
.flags = FLAG_NO_SETINT | FLAG_MULTI_PACKET | FLAG_WWAN | FLAG_SEND_ZLP,
613
613
.bind = cdc_mbim_bind,
614
614
.unbind = cdc_mbim_unbind,
615
615
.manage_power = cdc_mbim_manage_power,
+1
drivers/net/usb/qmi_wwan.c
+1
drivers/net/usb/qmi_wwan.c
···
1103
1103
{QMI_FIXED_INTF(0x05c6, 0x920d, 5)},
1104
1104
{QMI_QUIRK_SET_DTR(0x05c6, 0x9625, 4)}, /* YUGA CLM920-NC5 */
1105
1105
{QMI_FIXED_INTF(0x0846, 0x68a2, 8)},
1106
+
{QMI_FIXED_INTF(0x0846, 0x68d3, 8)}, /* Netgear Aircard 779S */
1106
1107
{QMI_FIXED_INTF(0x12d1, 0x140c, 1)}, /* Huawei E173 */
1107
1108
{QMI_FIXED_INTF(0x12d1, 0x14ac, 1)}, /* Huawei E1820 */
1108
1109
{QMI_FIXED_INTF(0x1435, 0xd181, 3)}, /* Wistron NeWeb D18Q1 */
+10
-11
drivers/net/virtio_net.c
+10
-11
drivers/net/virtio_net.c
···
707
707
void *data;
708
708
u32 act;
709
709
710
+
/* Transient failure which in theory could occur if
711
+
* in-flight packets from before XDP was enabled reach
712
+
* the receive path after XDP is loaded.
713
+
*/
714
+
if (unlikely(hdr->hdr.gso_type))
715
+
goto err_xdp;
716
+
710
717
/* This happens when rx buffer size is underestimated
711
718
* or headroom is not enough because of the buffer
712
719
* was refilled before XDP is set. This should only
···
733
726
} else {
734
727
xdp_page = page;
735
728
}
736
-
737
-
/* Transient failure which in theory could occur if
738
-
* in-flight packets from before XDP was enabled reach
739
-
* the receive path after XDP is loaded. In practice I
740
-
* was not able to create this condition.
741
-
*/
742
-
if (unlikely(hdr->hdr.gso_type))
743
-
goto err_xdp;
744
729
745
730
/* Allow consuming headroom but reserve enough space to push
746
731
* the descriptor on if we get an XDP_TX return code.
···
774
775
}
775
776
*xdp_xmit = true;
776
777
if (unlikely(xdp_page != page))
777
-
goto err_xdp;
778
+
put_page(page);
778
779
rcu_read_unlock();
779
780
goto xdp_xmit;
780
781
case XDP_REDIRECT:
···
786
787
}
787
788
*xdp_xmit = true;
788
789
if (unlikely(xdp_page != page))
789
-
goto err_xdp;
790
+
put_page(page);
790
791
rcu_read_unlock();
791
792
goto xdp_xmit;
792
793
default:
···
874
875
rcu_read_unlock();
875
876
err_skb:
876
877
put_page(page);
877
-
while (--num_buf) {
878
+
while (num_buf-- > 1) {
878
879
buf = virtqueue_get_buf(rq->vq, &len);
879
880
if (unlikely(!buf)) {
880
881
pr_debug("%s: rx error: %d buffers missing\n",
+47
-25
drivers/net/vmxnet3/vmxnet3_drv.c
+47
-25
drivers/net/vmxnet3/vmxnet3_drv.c
···
369
369
370
370
gdesc = tq->comp_ring.base + tq->comp_ring.next2proc;
371
371
while (VMXNET3_TCD_GET_GEN(&gdesc->tcd) == tq->comp_ring.gen) {
372
+
/* Prevent any &gdesc->tcd field from being (speculatively)
373
+
* read before (&gdesc->tcd)->gen is read.
374
+
*/
375
+
dma_rmb();
376
+
372
377
completed += vmxnet3_unmap_pkt(VMXNET3_TCD_GET_TXIDX(
373
378
&gdesc->tcd), tq, adapter->pdev,
374
379
adapter);
···
1108
1103
gdesc->txd.tci = skb_vlan_tag_get(skb);
1109
1104
}
1110
1105
1106
+
/* Ensure that the write to (&gdesc->txd)->gen will be observed after
1107
+
* all other writes to &gdesc->txd.
1108
+
*/
1109
+
dma_wmb();
1110
+
1111
1111
/* finally flips the GEN bit of the SOP desc. */
1112
1112
gdesc->dword[2] = cpu_to_le32(le32_to_cpu(gdesc->dword[2]) ^
1113
1113
VMXNET3_TXD_GEN);
···
1308
1298
*/
1309
1299
break;
1310
1300
}
1301
+
1302
+
/* Prevent any rcd field from being (speculatively) read before
1303
+
* rcd->gen is read.
1304
+
*/
1305
+
dma_rmb();
1306
+
1311
1307
BUG_ON(rcd->rqID != rq->qid && rcd->rqID != rq->qid2 &&
1312
1308
rcd->rqID != rq->dataRingQid);
1313
1309
idx = rcd->rxdIdx;
···
1544
1528
ring->next2comp = idx;
1545
1529
num_to_alloc = vmxnet3_cmd_ring_desc_avail(ring);
1546
1530
ring = rq->rx_ring + ring_idx;
1531
+
1532
+
/* Ensure that the writes to rxd->gen bits will be observed
1533
+
* after all other writes to rxd objects.
1534
+
*/
1535
+
dma_wmb();
1536
+
1547
1537
while (num_to_alloc) {
1548
1538
vmxnet3_getRxDesc(rxd, &ring->base[ring->next2fill].rxd,
1549
1539
&rxCmdDesc);
···
2710
2688
/* ==================== initialization and cleanup routines ============ */
2711
2689
2712
2690
static int
2713
-
vmxnet3_alloc_pci_resources(struct vmxnet3_adapter *adapter, bool *dma64)
2691
+
vmxnet3_alloc_pci_resources(struct vmxnet3_adapter *adapter)
2714
2692
{
2715
2693
int err;
2716
2694
unsigned long mmio_start, mmio_len;
···
2722
2700
return err;
2723
2701
}
2724
2702
2725
-
if (pci_set_dma_mask(pdev, DMA_BIT_MASK(64)) == 0) {
2726
-
if (pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(64)) != 0) {
2727
-
dev_err(&pdev->dev,
2728
-
"pci_set_consistent_dma_mask failed\n");
2729
-
err = -EIO;
2730
-
goto err_set_mask;
2731
-
}
2732
-
*dma64 = true;
2733
-
} else {
2734
-
if (pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) != 0) {
2735
-
dev_err(&pdev->dev,
2736
-
"pci_set_dma_mask failed\n");
2737
-
err = -EIO;
2738
-
goto err_set_mask;
2739
-
}
2740
-
*dma64 = false;
2741
-
}
2742
-
2743
2703
err = pci_request_selected_regions(pdev, (1 << 2) - 1,
2744
2704
vmxnet3_driver_name);
2745
2705
if (err) {
2746
2706
dev_err(&pdev->dev,
2747
2707
"Failed to request region for adapter: error %d\n", err);
2748
-
goto err_set_mask;
2708
+
goto err_enable_device;
2749
2709
}
2750
2710
2751
2711
pci_set_master(pdev);
···
2755
2751
iounmap(adapter->hw_addr0);
2756
2752
err_ioremap:
2757
2753
pci_release_selected_regions(pdev, (1 << 2) - 1);
2758
-
err_set_mask:
2754
+
err_enable_device:
2759
2755
pci_disable_device(pdev);
2760
2756
return err;
2761
2757
}
···
3258
3254
#endif
3259
3255
};
3260
3256
int err;
3261
-
bool dma64 = false; /* stupid gcc */
3257
+
bool dma64;
3262
3258
u32 ver;
3263
3259
struct net_device *netdev;
3264
3260
struct vmxnet3_adapter *adapter;
···
3304
3300
adapter->rx_ring_size = VMXNET3_DEF_RX_RING_SIZE;
3305
3301
adapter->rx_ring2_size = VMXNET3_DEF_RX_RING2_SIZE;
3306
3302
3303
+
if (pci_set_dma_mask(pdev, DMA_BIT_MASK(64)) == 0) {
3304
+
if (pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(64)) != 0) {
3305
+
dev_err(&pdev->dev,
3306
+
"pci_set_consistent_dma_mask failed\n");
3307
+
err = -EIO;
3308
+
goto err_set_mask;
3309
+
}
3310
+
dma64 = true;
3311
+
} else {
3312
+
if (pci_set_dma_mask(pdev, DMA_BIT_MASK(32)) != 0) {
3313
+
dev_err(&pdev->dev,
3314
+
"pci_set_dma_mask failed\n");
3315
+
err = -EIO;
3316
+
goto err_set_mask;
3317
+
}
3318
+
dma64 = false;
3319
+
}
3320
+
3307
3321
spin_lock_init(&adapter->cmd_lock);
3308
3322
adapter->adapter_pa = dma_map_single(&adapter->pdev->dev, adapter,
3309
3323
sizeof(struct vmxnet3_adapter),
···
3329
3307
if (dma_mapping_error(&adapter->pdev->dev, adapter->adapter_pa)) {
3330
3308
dev_err(&pdev->dev, "Failed to map dma\n");
3331
3309
err = -EFAULT;
3332
-
goto err_dma_map;
3310
+
goto err_set_mask;
3333
3311
}
3334
3312
adapter->shared = dma_alloc_coherent(
3335
3313
&adapter->pdev->dev,
···
3380
3358
}
3381
3359
#endif /* VMXNET3_RSS */
3382
3360
3383
-
err = vmxnet3_alloc_pci_resources(adapter, &dma64);
3361
+
err = vmxnet3_alloc_pci_resources(adapter);
3384
3362
if (err < 0)
3385
3363
goto err_alloc_pci;
3386
3364
···
3526
3504
err_alloc_shared:
3527
3505
dma_unmap_single(&adapter->pdev->dev, adapter->adapter_pa,
3528
3506
sizeof(struct vmxnet3_adapter), PCI_DMA_TODEVICE);
3529
-
err_dma_map:
3507
+
err_set_mask:
3530
3508
free_netdev(netdev);
3531
3509
return err;
3532
3510
}
+5
-3
drivers/net/vmxnet3/vmxnet3_int.h
+5
-3
drivers/net/vmxnet3/vmxnet3_int.h
···
69
69
/*
70
70
* Version numbers
71
71
*/
72
-
#define VMXNET3_DRIVER_VERSION_STRING "1.4.14.0-k"
72
+
#define VMXNET3_DRIVER_VERSION_STRING "1.4.16.0-k"
73
73
74
-
/* a 32-bit int, each byte encode a verion number in VMXNET3_DRIVER_VERSION */
75
-
#define VMXNET3_DRIVER_VERSION_NUM 0x01040e00
74
+
/* Each byte of this 32-bit integer encodes a version number in
75
+
* VMXNET3_DRIVER_VERSION_STRING.
76
+
*/
77
+
#define VMXNET3_DRIVER_VERSION_NUM 0x01041000
76
78
77
79
#if defined(CONFIG_PCI_MSI)
78
80
/* RSS only makes sense if MSI-X is supported. */
+5
-5
drivers/net/wireless/intel/iwlwifi/pcie/trans.c
+5
-5
drivers/net/wireless/intel/iwlwifi/pcie/trans.c
···
1590
1590
struct iwl_trans *trans)
1591
1591
{
1592
1592
struct iwl_trans_pcie *trans_pcie = IWL_TRANS_GET_PCIE_TRANS(trans);
1593
-
int max_irqs, num_irqs, i, ret, nr_online_cpus;
1593
+
int max_irqs, num_irqs, i, ret;
1594
1594
u16 pci_cmd;
1595
1595
1596
1596
if (!trans->cfg->mq_rx_supported)
1597
1597
goto enable_msi;
1598
1598
1599
-
nr_online_cpus = num_online_cpus();
1600
-
max_irqs = min_t(u32, nr_online_cpus + 2, IWL_MAX_RX_HW_QUEUES);
1599
+
max_irqs = min_t(u32, num_online_cpus() + 2, IWL_MAX_RX_HW_QUEUES);
1601
1600
for (i = 0; i < max_irqs; i++)
1602
1601
trans_pcie->msix_entries[i].entry = i;
1603
1602
···
1622
1623
* Two interrupts less: non rx causes shared with FBQ and RSS.
1623
1624
* More than two interrupts: we will use fewer RSS queues.
1624
1625
*/
1625
-
if (num_irqs <= nr_online_cpus) {
1626
+
if (num_irqs <= max_irqs - 2) {
1626
1627
trans_pcie->trans->num_rx_queues = num_irqs + 1;
1627
1628
trans_pcie->shared_vec_mask = IWL_SHARED_IRQ_NON_RX |
1628
1629
IWL_SHARED_IRQ_FIRST_RSS;
1629
-
} else if (num_irqs == nr_online_cpus + 1) {
1630
+
} else if (num_irqs == max_irqs - 1) {
1630
1631
trans_pcie->trans->num_rx_queues = num_irqs;
1631
1632
trans_pcie->shared_vec_mask = IWL_SHARED_IRQ_NON_RX;
1632
1633
} else {
1633
1634
trans_pcie->trans->num_rx_queues = num_irqs - 1;
1634
1635
}
1636
+
WARN_ON(trans_pcie->trans->num_rx_queues > IWL_MAX_RX_HW_QUEUES);
1635
1637
1636
1638
trans_pcie->alloc_vecs = num_irqs;
1637
1639
trans_pcie->msix_enabled = true;
+2
-2
drivers/net/wireless/mac80211_hwsim.c
+2
-2
drivers/net/wireless/mac80211_hwsim.c
···
3340
3340
static int hwsim_dump_radio_nl(struct sk_buff *skb,
3341
3341
struct netlink_callback *cb)
3342
3342
{
3343
-
int last_idx = cb->args[0];
3343
+
int last_idx = cb->args[0] - 1;
3344
3344
struct mac80211_hwsim_data *data = NULL;
3345
3345
int res = 0;
3346
3346
void *hdr;
···
3368
3368
last_idx = data->idx;
3369
3369
}
3370
3370
3371
-
cb->args[0] = last_idx;
3371
+
cb->args[0] = last_idx + 1;
3372
3372
3373
3373
/* list changed, but no new element sent, set interrupted flag */
3374
3374
if (skb->len == 0 && cb->prev_seq && cb->seq != cb->prev_seq) {
+3
-4
drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
+3
-4
drivers/net/wireless/ralink/rt2x00/rt2x00queue.c
···
372
372
373
373
/*
374
374
* Determine IFS values
375
-
* - Use TXOP_BACKOFF for probe and management frames except beacons
375
+
* - Use TXOP_BACKOFF for management frames except beacons
376
376
* - Use TXOP_SIFS for fragment bursts
377
377
* - Use TXOP_HTTXOP for everything else
378
378
*
379
379
* Note: rt2800 devices won't use CTS protection (if used)
380
380
* for frames not transmitted with TXOP_HTTXOP
381
381
*/
382
-
if ((ieee80211_is_mgmt(hdr->frame_control) &&
383
-
!ieee80211_is_beacon(hdr->frame_control)) ||
384
-
(tx_info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE))
382
+
if (ieee80211_is_mgmt(hdr->frame_control) &&
383
+
!ieee80211_is_beacon(hdr->frame_control))
385
384
txdesc->u.ht.txop = TXOP_BACKOFF;
386
385
else if (!(tx_info->flags & IEEE80211_TX_CTL_FIRST_FRAGMENT))
387
386
txdesc->u.ht.txop = TXOP_SIFS;
+1
-1
drivers/nvme/host/core.c
+1
-1
drivers/nvme/host/core.c
···
1447
1447
if (ns->lba_shift == 0)
1448
1448
ns->lba_shift = 9;
1449
1449
ns->noiob = le16_to_cpu(id->noiob);
1450
-
ns->ext = ns->ms && (id->flbas & NVME_NS_FLBAS_META_EXT);
1451
1450
ns->ms = le16_to_cpu(id->lbaf[id->flbas & NVME_NS_FLBAS_LBA_MASK].ms);
1451
+
ns->ext = ns->ms && (id->flbas & NVME_NS_FLBAS_META_EXT);
1452
1452
/* the PI implementation requires metadata equal t10 pi tuple size */
1453
1453
if (ns->ms == sizeof(struct t10_pi_tuple))
1454
1454
ns->pi_type = id->dps & NVME_NS_DPS_PI_MASK;
+2
drivers/platform/chrome/cros_ec_proto.c
+2
drivers/platform/chrome/cros_ec_proto.c
+13
-10
drivers/platform/x86/asus-wmi.c
+13
-10
drivers/platform/x86/asus-wmi.c
···
163
163
164
164
static const char * const ashs_ids[] = { "ATK4001", "ATK4002", NULL };
165
165
166
+
static bool ashs_present(void)
167
+
{
168
+
int i = 0;
169
+
while (ashs_ids[i]) {
170
+
if (acpi_dev_found(ashs_ids[i++]))
171
+
return true;
172
+
}
173
+
return false;
174
+
}
175
+
166
176
struct bios_args {
167
177
u32 arg0;
168
178
u32 arg1;
···
1035
1025
1036
1026
static void asus_wmi_rfkill_exit(struct asus_wmi *asus)
1037
1027
{
1028
+
if (asus->driver->wlan_ctrl_by_user && ashs_present())
1029
+
return;
1030
+
1038
1031
asus_unregister_rfkill_notifier(asus, "\\_SB.PCI0.P0P5");
1039
1032
asus_unregister_rfkill_notifier(asus, "\\_SB.PCI0.P0P6");
1040
1033
asus_unregister_rfkill_notifier(asus, "\\_SB.PCI0.P0P7");
···
2132
2119
2133
2120
pr_info("Number of fans: %d\n", asus->asus_hwmon_num_fans);
2134
2121
return 0;
2135
-
}
2136
-
2137
-
static bool ashs_present(void)
2138
-
{
2139
-
int i = 0;
2140
-
while (ashs_ids[i]) {
2141
-
if (acpi_dev_found(ashs_ids[i++]))
2142
-
return true;
2143
-
}
2144
-
return false;
2145
2122
}
2146
2123
2147
2124
/*
+5
-2
drivers/s390/block/dasd.c
+5
-2
drivers/s390/block/dasd.c
···
3034
3034
cqr->callback_data = req;
3035
3035
cqr->status = DASD_CQR_FILLED;
3036
3036
cqr->dq = dq;
3037
-
req->completion_data = cqr;
3037
+
*((struct dasd_ccw_req **) blk_mq_rq_to_pdu(req)) = cqr;
3038
+
3038
3039
blk_mq_start_request(req);
3039
3040
spin_lock(&block->queue_lock);
3040
3041
list_add_tail(&cqr->blocklist, &block->ccw_queue);
···
3059
3058
*/
3060
3059
enum blk_eh_timer_return dasd_times_out(struct request *req, bool reserved)
3061
3060
{
3062
-
struct dasd_ccw_req *cqr = req->completion_data;
3063
3061
struct dasd_block *block = req->q->queuedata;
3064
3062
struct dasd_device *device;
3063
+
struct dasd_ccw_req *cqr;
3065
3064
unsigned long flags;
3066
3065
int rc = 0;
3067
3066
3067
+
cqr = *((struct dasd_ccw_req **) blk_mq_rq_to_pdu(req));
3068
3068
if (!cqr)
3069
3069
return BLK_EH_NOT_HANDLED;
3070
3070
···
3171
3169
int rc;
3172
3170
3173
3171
block->tag_set.ops = &dasd_mq_ops;
3172
+
block->tag_set.cmd_size = sizeof(struct dasd_ccw_req *);
3174
3173
block->tag_set.nr_hw_queues = DASD_NR_HW_QUEUES;
3175
3174
block->tag_set.queue_depth = DASD_MAX_LCU_DEV * DASD_REQ_PER_DEV;
3176
3175
block->tag_set.flags = BLK_MQ_F_SHOULD_MERGE;
+22
-1
drivers/s390/scsi/zfcp_dbf.c
+22
-1
drivers/s390/scsi/zfcp_dbf.c
···
4
4
*
5
5
* Debug traces for zfcp.
6
6
*
7
-
* Copyright IBM Corp. 2002, 2017
7
+
* Copyright IBM Corp. 2002, 2018
8
8
*/
9
9
10
10
#define KMSG_COMPONENT "zfcp"
···
308
308
spin_unlock_irqrestore(&dbf->rec_lock, flags);
309
309
}
310
310
311
+
/**
312
+
* zfcp_dbf_rec_trig_lock - trace event related to triggered recovery with lock
313
+
* @tag: identifier for event
314
+
* @adapter: adapter on which the erp_action should run
315
+
* @port: remote port involved in the erp_action
316
+
* @sdev: scsi device involved in the erp_action
317
+
* @want: wanted erp_action
318
+
* @need: required erp_action
319
+
*
320
+
* The adapter->erp_lock must not be held.
321
+
*/
322
+
void zfcp_dbf_rec_trig_lock(char *tag, struct zfcp_adapter *adapter,
323
+
struct zfcp_port *port, struct scsi_device *sdev,
324
+
u8 want, u8 need)
325
+
{
326
+
unsigned long flags;
327
+
328
+
read_lock_irqsave(&adapter->erp_lock, flags);
329
+
zfcp_dbf_rec_trig(tag, adapter, port, sdev, want, need);
330
+
read_unlock_irqrestore(&adapter->erp_lock, flags);
331
+
}
311
332
312
333
/**
313
334
* zfcp_dbf_rec_run_lvl - trace event related to running recovery
+4
-1
drivers/s390/scsi/zfcp_ext.h
+4
-1
drivers/s390/scsi/zfcp_ext.h
···
4
4
*
5
5
* External function declarations.
6
6
*
7
-
* Copyright IBM Corp. 2002, 2016
7
+
* Copyright IBM Corp. 2002, 2018
8
8
*/
9
9
10
10
#ifndef ZFCP_EXT_H
···
35
35
extern void zfcp_dbf_adapter_unregister(struct zfcp_adapter *);
36
36
extern void zfcp_dbf_rec_trig(char *, struct zfcp_adapter *,
37
37
struct zfcp_port *, struct scsi_device *, u8, u8);
38
+
extern void zfcp_dbf_rec_trig_lock(char *tag, struct zfcp_adapter *adapter,
39
+
struct zfcp_port *port,
40
+
struct scsi_device *sdev, u8 want, u8 need);
38
41
extern void zfcp_dbf_rec_run(char *, struct zfcp_erp_action *);
39
42
extern void zfcp_dbf_rec_run_lvl(int level, char *tag,
40
43
struct zfcp_erp_action *erp);
+7
-7
drivers/s390/scsi/zfcp_scsi.c
+7
-7
drivers/s390/scsi/zfcp_scsi.c
···
4
4
*
5
5
* Interface to Linux SCSI midlayer.
6
6
*
7
-
* Copyright IBM Corp. 2002, 2017
7
+
* Copyright IBM Corp. 2002, 2018
8
8
*/
9
9
10
10
#define KMSG_COMPONENT "zfcp"
···
618
618
ids.port_id = port->d_id;
619
619
ids.roles = FC_RPORT_ROLE_FCP_TARGET;
620
620
621
-
zfcp_dbf_rec_trig("scpaddy", port->adapter, port, NULL,
622
-
ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD,
623
-
ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD);
621
+
zfcp_dbf_rec_trig_lock("scpaddy", port->adapter, port, NULL,
622
+
ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD,
623
+
ZFCP_PSEUDO_ERP_ACTION_RPORT_ADD);
624
624
rport = fc_remote_port_add(port->adapter->scsi_host, 0, &ids);
625
625
if (!rport) {
626
626
dev_err(&port->adapter->ccw_device->dev,
···
642
642
struct fc_rport *rport = port->rport;
643
643
644
644
if (rport) {
645
-
zfcp_dbf_rec_trig("scpdely", port->adapter, port, NULL,
646
-
ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL,
647
-
ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL);
645
+
zfcp_dbf_rec_trig_lock("scpdely", port->adapter, port, NULL,
646
+
ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL,
647
+
ZFCP_PSEUDO_ERP_ACTION_RPORT_DEL);
648
648
fc_remote_port_delete(rport);
649
649
port->rport = NULL;
650
650
}
+1
-1
drivers/scsi/Makefile
+1
-1
drivers/scsi/Makefile
···
182
182
NCR_Q720_mod-objs := NCR_Q720.o ncr53c8xx.o
183
183
184
184
# Files generated that shall be removed upon make clean
185
-
clean-files := 53c700_d.h 53c700_u.h
185
+
clean-files := 53c700_d.h 53c700_u.h scsi_devinfo_tbl.c
186
186
187
187
$(obj)/53c700.o $(MODVERDIR)/$(obj)/53c700.ver: $(obj)/53c700_d.h
188
188
+20
-2
drivers/scsi/scsi_transport_srp.c
+20
-2
drivers/scsi/scsi_transport_srp.c
···
51
51
struct transport_container rport_attr_cont;
52
52
};
53
53
54
+
static int scsi_is_srp_rport(const struct device *dev);
55
+
54
56
#define to_srp_internal(tmpl) container_of(tmpl, struct srp_internal, t)
55
57
56
58
#define dev_to_rport(d) container_of(d, struct srp_rport, dev)
···
62
60
return dev_to_shost(r->dev.parent);
63
61
}
64
62
63
+
static int find_child_rport(struct device *dev, void *data)
64
+
{
65
+
struct device **child = data;
66
+
67
+
if (scsi_is_srp_rport(dev)) {
68
+
WARN_ON_ONCE(*child);
69
+
*child = dev;
70
+
}
71
+
return 0;
72
+
}
73
+
65
74
static inline struct srp_rport *shost_to_rport(struct Scsi_Host *shost)
66
75
{
67
-
return transport_class_to_srp_rport(&shost->shost_gendev);
76
+
struct device *child = NULL;
77
+
78
+
WARN_ON_ONCE(device_for_each_child(&shost->shost_gendev, &child,
79
+
find_child_rport) < 0);
80
+
return child ? dev_to_rport(child) : NULL;
68
81
}
69
82
70
83
/**
···
617
600
struct srp_rport *rport = shost_to_rport(shost);
618
601
619
602
pr_debug("timeout for sdev %s\n", dev_name(&sdev->sdev_gendev));
620
-
return rport->fast_io_fail_tmo < 0 && rport->dev_loss_tmo < 0 &&
603
+
return rport && rport->fast_io_fail_tmo < 0 &&
604
+
rport->dev_loss_tmo < 0 &&
621
605
i->f->reset_timer_if_blocked && scsi_device_blocked(sdev) ?
622
606
BLK_EH_RESET_TIMER : BLK_EH_NOT_HANDLED;
623
607
}
+1
-1
drivers/scsi/sg.c
+1
-1
drivers/scsi/sg.c
+8
-2
drivers/scsi/sr_ioctl.c
+8
-2
drivers/scsi/sr_ioctl.c
···
188
188
struct scsi_device *SDev;
189
189
struct scsi_sense_hdr sshdr;
190
190
int result, err = 0, retries = 0;
191
+
unsigned char sense_buffer[SCSI_SENSE_BUFFERSIZE], *senseptr = NULL;
191
192
192
193
SDev = cd->device;
194
+
195
+
if (cgc->sense)
196
+
senseptr = sense_buffer;
193
197
194
198
retry:
195
199
if (!scsi_block_when_processing_errors(SDev)) {
···
202
198
}
203
199
204
200
result = scsi_execute(SDev, cgc->cmd, cgc->data_direction,
205
-
cgc->buffer, cgc->buflen,
206
-
(unsigned char *)cgc->sense, &sshdr,
201
+
cgc->buffer, cgc->buflen, senseptr, &sshdr,
207
202
cgc->timeout, IOCTL_RETRIES, 0, 0, NULL);
203
+
204
+
if (cgc->sense)
205
+
memcpy(cgc->sense, sense_buffer, sizeof(*cgc->sense));
208
206
209
207
/* Minimal error checking. Ignore cases we know about, and report the rest. */
210
208
if (driver_byte(result) != 0) {
-36
drivers/soc/lantiq/gphy.c
-36
drivers/soc/lantiq/gphy.c
···
30
30
struct clk *gphy_clk_gate;
31
31
struct reset_control *gphy_reset;
32
32
struct reset_control *gphy_reset2;
33
-
struct notifier_block gphy_reboot_nb;
34
33
void __iomem *membase;
35
34
char *fw_name;
36
35
};
···
62
63
{},
63
64
};
64
65
MODULE_DEVICE_TABLE(of, xway_gphy_match);
65
-
66
-
static struct xway_gphy_priv *to_xway_gphy_priv(struct notifier_block *nb)
67
-
{
68
-
return container_of(nb, struct xway_gphy_priv, gphy_reboot_nb);
69
-
}
70
-
71
-
static int xway_gphy_reboot_notify(struct notifier_block *reboot_nb,
72
-
unsigned long code, void *unused)
73
-
{
74
-
struct xway_gphy_priv *priv = to_xway_gphy_priv(reboot_nb);
75
-
76
-
if (priv) {
77
-
reset_control_assert(priv->gphy_reset);
78
-
reset_control_assert(priv->gphy_reset2);
79
-
}
80
-
81
-
return NOTIFY_DONE;
82
-
}
83
66
84
67
static int xway_gphy_load(struct device *dev, struct xway_gphy_priv *priv,
85
68
dma_addr_t *dev_addr)
···
186
205
reset_control_deassert(priv->gphy_reset);
187
206
reset_control_deassert(priv->gphy_reset2);
188
207
189
-
/* assert the gphy reset because it can hang after a reboot: */
190
-
priv->gphy_reboot_nb.notifier_call = xway_gphy_reboot_notify;
191
-
priv->gphy_reboot_nb.priority = -1;
192
-
193
-
ret = register_reboot_notifier(&priv->gphy_reboot_nb);
194
-
if (ret)
195
-
dev_warn(dev, "Failed to register reboot notifier\n");
196
-
197
208
platform_set_drvdata(pdev, priv);
198
209
199
210
return ret;
···
193
220
194
221
static int xway_gphy_remove(struct platform_device *pdev)
195
222
{
196
-
struct device *dev = &pdev->dev;
197
223
struct xway_gphy_priv *priv = platform_get_drvdata(pdev);
198
-
int ret;
199
-
200
-
reset_control_assert(priv->gphy_reset);
201
-
reset_control_assert(priv->gphy_reset2);
202
224
203
225
iowrite32be(0, priv->membase);
204
226
205
227
clk_disable_unprepare(priv->gphy_clk_gate);
206
-
207
-
ret = unregister_reboot_notifier(&priv->gphy_reboot_nb);
208
-
if (ret)
209
-
dev_warn(dev, "Failed to unregister reboot notifier\n");
210
228
211
229
return 0;
212
230
}
+2
-2
drivers/ssb/Kconfig
+2
-2
drivers/ssb/Kconfig
···
117
117
118
118
config SSB_DRIVER_PCICORE_POSSIBLE
119
119
bool
120
-
depends on SSB_PCIHOST && SSB = y
120
+
depends on SSB_PCIHOST
121
121
default y
122
122
123
123
config SSB_DRIVER_PCICORE
···
131
131
132
132
config SSB_PCICORE_HOSTMODE
133
133
bool "Hostmode support for SSB PCI core"
134
-
depends on SSB_DRIVER_PCICORE && SSB_DRIVER_MIPS
134
+
depends on SSB_DRIVER_PCICORE && SSB_DRIVER_MIPS && SSB = y
135
135
help
136
136
PCIcore hostmode operation (external PCI bus).
137
137
+2
drivers/target/target_core_user.c
+2
drivers/target/target_core_user.c
+1
-1
drivers/thunderbolt/icm.c
+1
-1
drivers/thunderbolt/icm.c
+10
-15
drivers/vfio/vfio_iommu_type1.c
+10
-15
drivers/vfio/vfio_iommu_type1.c
···
404
404
{
405
405
unsigned long pfn = 0;
406
406
long ret, pinned = 0, lock_acct = 0;
407
+
bool rsvd;
407
408
dma_addr_t iova = vaddr - dma->vaddr + dma->iova;
408
409
409
410
/* This code path is only user initiated */
···
415
414
if (ret)
416
415
return ret;
417
416
418
-
if (is_invalid_reserved_pfn(*pfn_base)) {
419
-
struct vm_area_struct *vma;
420
-
421
-
down_read(¤t->mm->mmap_sem);
422
-
vma = find_vma_intersection(current->mm, vaddr, vaddr + 1);
423
-
pinned = min_t(long, npage, vma_pages(vma));
424
-
up_read(¤t->mm->mmap_sem);
425
-
return pinned;
426
-
}
427
-
428
417
pinned++;
418
+
rsvd = is_invalid_reserved_pfn(*pfn_base);
429
419
430
420
/*
431
421
* Reserved pages aren't counted against the user, externally pinned
432
422
* pages are already counted against the user.
433
423
*/
434
-
if (!vfio_find_vpfn(dma, iova)) {
424
+
if (!rsvd && !vfio_find_vpfn(dma, iova)) {
435
425
if (!lock_cap && current->mm->locked_vm + 1 > limit) {
436
426
put_pfn(*pfn_base, dma->prot);
437
427
pr_warn("%s: RLIMIT_MEMLOCK (%ld) exceeded\n", __func__,
···
442
450
if (ret)
443
451
break;
444
452
445
-
if (pfn != *pfn_base + pinned) {
453
+
if (pfn != *pfn_base + pinned ||
454
+
rsvd != is_invalid_reserved_pfn(pfn)) {
446
455
put_pfn(pfn, dma->prot);
447
456
break;
448
457
}
449
458
450
-
if (!vfio_find_vpfn(dma, iova)) {
459
+
if (!rsvd && !vfio_find_vpfn(dma, iova)) {
451
460
if (!lock_cap &&
452
461
current->mm->locked_vm + lock_acct + 1 > limit) {
453
462
put_pfn(pfn, dma->prot);
···
466
473
467
474
unpin_out:
468
475
if (ret) {
469
-
for (pfn = *pfn_base ; pinned ; pfn++, pinned--)
470
-
put_pfn(pfn, dma->prot);
476
+
if (!rsvd) {
477
+
for (pfn = *pfn_base ; pinned ; pfn++, pinned--)
478
+
put_pfn(pfn, dma->prot);
479
+
}
471
480
472
481
return ret;
473
482
}
+24
-13
drivers/vhost/net.c
+24
-13
drivers/vhost/net.c
···
105
105
/* vhost zerocopy support fields below: */
106
106
/* last used idx for outstanding DMA zerocopy buffers */
107
107
int upend_idx;
108
-
/* first used idx for DMA done zerocopy buffers */
108
+
/* For TX, first used idx for DMA done zerocopy buffers
109
+
* For RX, number of batched heads
110
+
*/
109
111
int done_idx;
110
112
/* an array of userspace buffers info */
111
113
struct ubuf_info *ubuf_info;
···
628
626
return skb_queue_empty(&sk->sk_receive_queue);
629
627
}
630
628
629
+
static void vhost_rx_signal_used(struct vhost_net_virtqueue *nvq)
630
+
{
631
+
struct vhost_virtqueue *vq = &nvq->vq;
632
+
struct vhost_dev *dev = vq->dev;
633
+
634
+
if (!nvq->done_idx)
635
+
return;
636
+
637
+
vhost_add_used_and_signal_n(dev, vq, vq->heads, nvq->done_idx);
638
+
nvq->done_idx = 0;
639
+
}
640
+
631
641
static int vhost_net_rx_peek_head_len(struct vhost_net *net, struct sock *sk)
632
642
{
633
643
struct vhost_net_virtqueue *rvq = &net->vqs[VHOST_NET_VQ_RX];
···
649
635
int len = peek_head_len(rvq, sk);
650
636
651
637
if (!len && vq->busyloop_timeout) {
638
+
/* Flush batched heads first */
639
+
vhost_rx_signal_used(rvq);
652
640
/* Both tx vq and rx socket were polled here */
653
641
mutex_lock_nested(&vq->mutex, 1);
654
642
vhost_disable_notify(&net->dev, vq);
···
778
762
};
779
763
size_t total_len = 0;
780
764
int err, mergeable;
781
-
s16 headcount, nheads = 0;
765
+
s16 headcount;
782
766
size_t vhost_hlen, sock_hlen;
783
767
size_t vhost_len, sock_len;
784
768
struct socket *sock;
···
806
790
while ((sock_len = vhost_net_rx_peek_head_len(net, sock->sk))) {
807
791
sock_len += sock_hlen;
808
792
vhost_len = sock_len + vhost_hlen;
809
-
headcount = get_rx_bufs(vq, vq->heads + nheads, vhost_len,
810
-
&in, vq_log, &log,
793
+
headcount = get_rx_bufs(vq, vq->heads + nvq->done_idx,
794
+
vhost_len, &in, vq_log, &log,
811
795
likely(mergeable) ? UIO_MAXIOV : 1);
812
796
/* On error, stop handling until the next kick. */
813
797
if (unlikely(headcount < 0))
···
878
862
vhost_discard_vq_desc(vq, headcount);
879
863
goto out;
880
864
}
881
-
nheads += headcount;
882
-
if (nheads > VHOST_RX_BATCH) {
883
-
vhost_add_used_and_signal_n(&net->dev, vq, vq->heads,
884
-
nheads);
885
-
nheads = 0;
886
-
}
865
+
nvq->done_idx += headcount;
866
+
if (nvq->done_idx > VHOST_RX_BATCH)
867
+
vhost_rx_signal_used(nvq);
887
868
if (unlikely(vq_log))
888
869
vhost_log_write(vq, vq_log, log, vhost_len);
889
870
total_len += vhost_len;
···
891
878
}
892
879
vhost_net_enable_vq(net, vq);
893
880
out:
894
-
if (nheads)
895
-
vhost_add_used_and_signal_n(&net->dev, vq, vq->heads,
896
-
nheads);
881
+
vhost_rx_signal_used(nvq);
897
882
mutex_unlock(&vq->mutex);
898
883
}
899
884
+3
drivers/vhost/vhost.c
+3
drivers/vhost/vhost.c
···
981
981
{
982
982
int ret = 0;
983
983
984
+
mutex_lock(&dev->mutex);
984
985
vhost_dev_lock_vqs(dev);
985
986
switch (msg->type) {
986
987
case VHOST_IOTLB_UPDATE:
···
1017
1016
}
1018
1017
1019
1018
vhost_dev_unlock_vqs(dev);
1019
+
mutex_unlock(&dev->mutex);
1020
+
1020
1021
return ret;
1021
1022
}
1022
1023
ssize_t vhost_chr_write_iter(struct vhost_dev *dev,
+1
-1
drivers/xen/swiotlb-xen.c
+1
-1
drivers/xen/swiotlb-xen.c
+9
-6
fs/affs/namei.c
+9
-6
fs/affs/namei.c
···
201
201
struct super_block *sb = dir->i_sb;
202
202
struct buffer_head *bh;
203
203
struct inode *inode = NULL;
204
+
struct dentry *res;
204
205
205
206
pr_debug("%s(\"%pd\")\n", __func__, dentry);
206
207
207
208
affs_lock_dir(dir);
208
209
bh = affs_find_entry(dir, dentry);
209
-
affs_unlock_dir(dir);
210
-
if (IS_ERR(bh))
210
+
if (IS_ERR(bh)) {
211
+
affs_unlock_dir(dir);
211
212
return ERR_CAST(bh);
213
+
}
212
214
if (bh) {
213
215
u32 ino = bh->b_blocknr;
214
216
···
224
222
}
225
223
affs_brelse(bh);
226
224
inode = affs_iget(sb, ino);
227
-
if (IS_ERR(inode))
228
-
return ERR_CAST(inode);
229
225
}
230
-
d_add(dentry, inode);
231
-
return NULL;
226
+
res = d_splice_alias(inode, dentry);
227
+
if (!IS_ERR_OR_NULL(res))
228
+
res->d_fsdata = dentry->d_fsdata;
229
+
affs_unlock_dir(dir);
230
+
return res;
232
231
}
233
232
234
233
int
+3
-7
fs/afs/security.c
+3
-7
fs/afs/security.c
···
372
372
mask, access, S_ISDIR(inode->i_mode) ? "dir" : "file");
373
373
374
374
if (S_ISDIR(inode->i_mode)) {
375
-
if (mask & MAY_EXEC) {
375
+
if (mask & (MAY_EXEC | MAY_READ | MAY_CHDIR)) {
376
376
if (!(access & AFS_ACE_LOOKUP))
377
377
goto permission_denied;
378
-
} else if (mask & MAY_READ) {
379
-
if (!(access & AFS_ACE_LOOKUP))
380
-
goto permission_denied;
381
-
} else if (mask & MAY_WRITE) {
378
+
}
379
+
if (mask & MAY_WRITE) {
382
380
if (!(access & (AFS_ACE_DELETE | /* rmdir, unlink, rename from */
383
381
AFS_ACE_INSERT))) /* create, mkdir, symlink, rename to */
384
382
goto permission_denied;
385
-
} else {
386
-
BUG();
387
383
}
388
384
} else {
389
385
if (!(access & AFS_ACE_LOOKUP))
+10
-9
fs/afs/vlclient.c
+10
-9
fs/afs/vlclient.c
···
23
23
struct afs_uvldbentry__xdr *uvldb;
24
24
struct afs_vldb_entry *entry;
25
25
bool new_only = false;
26
-
u32 tmp, nr_servers;
26
+
u32 tmp, nr_servers, vlflags;
27
27
int i, ret;
28
28
29
29
_enter("");
···
55
55
new_only = true;
56
56
}
57
57
58
+
vlflags = ntohl(uvldb->flags);
58
59
for (i = 0; i < nr_servers; i++) {
59
60
struct afs_uuid__xdr *xdr;
60
61
struct afs_uuid *uuid;
···
65
64
if (tmp & AFS_VLSF_DONTUSE ||
66
65
(new_only && !(tmp & AFS_VLSF_NEWREPSITE)))
67
66
continue;
68
-
if (tmp & AFS_VLSF_RWVOL)
67
+
if (tmp & AFS_VLSF_RWVOL) {
69
68
entry->fs_mask[i] |= AFS_VOL_VTM_RW;
69
+
if (vlflags & AFS_VLF_BACKEXISTS)
70
+
entry->fs_mask[i] |= AFS_VOL_VTM_BAK;
71
+
}
70
72
if (tmp & AFS_VLSF_ROVOL)
71
73
entry->fs_mask[i] |= AFS_VOL_VTM_RO;
72
-
if (tmp & AFS_VLSF_BACKVOL)
73
-
entry->fs_mask[i] |= AFS_VOL_VTM_BAK;
74
74
if (!entry->fs_mask[i])
75
75
continue;
76
76
···
91
89
for (i = 0; i < AFS_MAXTYPES; i++)
92
90
entry->vid[i] = ntohl(uvldb->volumeId[i]);
93
91
94
-
tmp = ntohl(uvldb->flags);
95
-
if (tmp & AFS_VLF_RWEXISTS)
92
+
if (vlflags & AFS_VLF_RWEXISTS)
96
93
__set_bit(AFS_VLDB_HAS_RW, &entry->flags);
97
-
if (tmp & AFS_VLF_ROEXISTS)
94
+
if (vlflags & AFS_VLF_ROEXISTS)
98
95
__set_bit(AFS_VLDB_HAS_RO, &entry->flags);
99
-
if (tmp & AFS_VLF_BACKEXISTS)
96
+
if (vlflags & AFS_VLF_BACKEXISTS)
100
97
__set_bit(AFS_VLDB_HAS_BAK, &entry->flags);
101
98
102
-
if (!(tmp & (AFS_VLF_RWEXISTS | AFS_VLF_ROEXISTS | AFS_VLF_BACKEXISTS))) {
99
+
if (!(vlflags & (AFS_VLF_RWEXISTS | AFS_VLF_ROEXISTS | AFS_VLF_BACKEXISTS))) {
103
100
entry->error = -ENOMEDIUM;
104
101
__set_bit(AFS_VLDB_QUERY_ERROR, &entry->flags);
105
102
}
+3
-4
fs/aio.c
+3
-4
fs/aio.c
···
634
634
while (!list_empty(&ctx->active_reqs)) {
635
635
req = list_first_entry(&ctx->active_reqs,
636
636
struct aio_kiocb, ki_list);
637
-
638
-
list_del_init(&req->ki_list);
639
637
kiocb_cancel(req);
638
+
list_del_init(&req->ki_list);
640
639
}
641
640
642
641
spin_unlock_irq(&ctx->ctx_lock);
···
1077
1078
1078
1079
ctx = rcu_dereference(table->table[id]);
1079
1080
if (ctx && ctx->user_id == ctx_id) {
1080
-
percpu_ref_get(&ctx->users);
1081
-
ret = ctx;
1081
+
if (percpu_ref_tryget_live(&ctx->users))
1082
+
ret = ctx;
1082
1083
}
1083
1084
out:
1084
1085
rcu_read_unlock();
+5
-12
fs/befs/linuxvfs.c
+5
-12
fs/befs/linuxvfs.c
···
198
198
199
199
if (ret == BEFS_BT_NOT_FOUND) {
200
200
befs_debug(sb, "<--- %s %pd not found", __func__, dentry);
201
-
d_add(dentry, NULL);
202
-
return ERR_PTR(-ENOENT);
203
-
201
+
inode = NULL;
204
202
} else if (ret != BEFS_OK || offset == 0) {
205
203
befs_error(sb, "<--- %s Error", __func__);
206
-
return ERR_PTR(-ENODATA);
204
+
inode = ERR_PTR(-ENODATA);
205
+
} else {
206
+
inode = befs_iget(dir->i_sb, (ino_t) offset);
207
207
}
208
-
209
-
inode = befs_iget(dir->i_sb, (ino_t) offset);
210
-
if (IS_ERR(inode))
211
-
return ERR_CAST(inode);
212
-
213
-
d_add(dentry, inode);
214
-
215
208
befs_debug(sb, "<--- %s", __func__);
216
209
217
-
return NULL;
210
+
return d_splice_alias(inode, dentry);
218
211
}
219
212
220
213
static int
+6
-13
fs/btrfs/inode.c
+6
-13
fs/btrfs/inode.c
···
6586
6586
goto out_unlock_inode;
6587
6587
} else {
6588
6588
btrfs_update_inode(trans, root, inode);
6589
-
unlock_new_inode(inode);
6590
-
d_instantiate(dentry, inode);
6589
+
d_instantiate_new(dentry, inode);
6591
6590
}
6592
6591
6593
6592
out_unlock:
···
6662
6663
goto out_unlock_inode;
6663
6664
6664
6665
BTRFS_I(inode)->io_tree.ops = &btrfs_extent_io_ops;
6665
-
unlock_new_inode(inode);
6666
-
d_instantiate(dentry, inode);
6666
+
d_instantiate_new(dentry, inode);
6667
6667
6668
6668
out_unlock:
6669
6669
btrfs_end_transaction(trans);
···
6807
6809
if (err)
6808
6810
goto out_fail_inode;
6809
6811
6810
-
d_instantiate(dentry, inode);
6811
-
/*
6812
-
* mkdir is special. We're unlocking after we call d_instantiate
6813
-
* to avoid a race with nfsd calling d_instantiate.
6814
-
*/
6815
-
unlock_new_inode(inode);
6812
+
d_instantiate_new(dentry, inode);
6816
6813
drop_on_err = 0;
6817
6814
6818
6815
out_fail:
···
9117
9124
BTRFS_EXTENT_DATA_KEY);
9118
9125
trans->block_rsv = &fs_info->trans_block_rsv;
9119
9126
if (ret != -ENOSPC && ret != -EAGAIN) {
9120
-
err = ret;
9127
+
if (ret < 0)
9128
+
err = ret;
9121
9129
break;
9122
9130
}
9123
9131
···
10251
10257
goto out_unlock_inode;
10252
10258
}
10253
10259
10254
-
unlock_new_inode(inode);
10255
-
d_instantiate(dentry, inode);
10260
+
d_instantiate_new(dentry, inode);
10256
10261
10257
10262
out_unlock:
10258
10263
btrfs_end_transaction(trans);
+10
fs/cachefiles/namei.c
+10
fs/cachefiles/namei.c
···
572
572
if (ret < 0)
573
573
goto create_error;
574
574
575
+
if (unlikely(d_unhashed(next))) {
576
+
dput(next);
577
+
inode_unlock(d_inode(dir));
578
+
goto lookup_again;
579
+
}
575
580
ASSERT(d_backing_inode(next));
576
581
577
582
_debug("mkdir -> %p{%p{ino=%lu}}",
···
769
764
/* search the current directory for the element name */
770
765
inode_lock(d_inode(dir));
771
766
767
+
retry:
772
768
start = jiffies;
773
769
subdir = lookup_one_len(dirname, dir, strlen(dirname));
774
770
cachefiles_hist(cachefiles_lookup_histogram, start);
···
799
793
if (ret < 0)
800
794
goto mkdir_error;
801
795
796
+
if (unlikely(d_unhashed(subdir))) {
797
+
dput(subdir);
798
+
goto retry;
799
+
}
802
800
ASSERT(d_backing_inode(subdir));
803
801
804
802
_debug("mkdir -> %p{%p{ino=%lu}}",
+1
-1
fs/cramfs/inode.c
+1
-1
fs/cramfs/inode.c
···
492
492
{
493
493
struct cramfs_sb_info *sbi = CRAMFS_SB(sb);
494
494
495
-
if (IS_ENABLED(CCONFIG_CRAMFS_MTD) && sb->s_mtd) {
495
+
if (IS_ENABLED(CONFIG_CRAMFS_MTD) && sb->s_mtd) {
496
496
if (sbi && sbi->mtd_point_size)
497
497
mtd_unpoint(sb->s_mtd, 0, sbi->mtd_point_size);
498
498
kill_mtd_super(sb);
+22
fs/dcache.c
+22
fs/dcache.c
···
1899
1899
}
1900
1900
EXPORT_SYMBOL(d_instantiate);
1901
1901
1902
+
/*
1903
+
* This should be equivalent to d_instantiate() + unlock_new_inode(),
1904
+
* with lockdep-related part of unlock_new_inode() done before
1905
+
* anything else. Use that instead of open-coding d_instantiate()/
1906
+
* unlock_new_inode() combinations.
1907
+
*/
1908
+
void d_instantiate_new(struct dentry *entry, struct inode *inode)
1909
+
{
1910
+
BUG_ON(!hlist_unhashed(&entry->d_u.d_alias));
1911
+
BUG_ON(!inode);
1912
+
lockdep_annotate_inode_mutex_key(inode);
1913
+
security_d_instantiate(entry, inode);
1914
+
spin_lock(&inode->i_lock);
1915
+
__d_instantiate(entry, inode);
1916
+
WARN_ON(!(inode->i_state & I_NEW));
1917
+
inode->i_state &= ~I_NEW;
1918
+
smp_mb();
1919
+
wake_up_bit(&inode->i_state, __I_NEW);
1920
+
spin_unlock(&inode->i_lock);
1921
+
}
1922
+
EXPORT_SYMBOL(d_instantiate_new);
1923
+
1902
1924
/**
1903
1925
* d_instantiate_no_diralias - instantiate a non-aliased dentry
1904
1926
* @entry: dentry to complete
+1
-2
fs/ecryptfs/inode.c
+1
-2
fs/ecryptfs/inode.c
-10
fs/ext2/inode.c
-10
fs/ext2/inode.c
···
1264
1264
1265
1265
static void ext2_truncate_blocks(struct inode *inode, loff_t offset)
1266
1266
{
1267
-
/*
1268
-
* XXX: it seems like a bug here that we don't allow
1269
-
* IS_APPEND inode to have blocks-past-i_size trimmed off.
1270
-
* review and fix this.
1271
-
*
1272
-
* Also would be nice to be able to handle IO errors and such,
1273
-
* but that's probably too much to ask.
1274
-
*/
1275
1267
if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode) ||
1276
1268
S_ISLNK(inode->i_mode)))
1277
1269
return;
1278
1270
if (ext2_inode_is_fast_symlink(inode))
1279
-
return;
1280
-
if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
1281
1271
return;
1282
1272
1283
1273
dax_sem_down_write(EXT2_I(inode));
+2
-4
fs/ext2/namei.c
+2
-4
fs/ext2/namei.c
···
41
41
{
42
42
int err = ext2_add_link(dentry, inode);
43
43
if (!err) {
44
-
unlock_new_inode(inode);
45
-
d_instantiate(dentry, inode);
44
+
d_instantiate_new(dentry, inode);
46
45
return 0;
47
46
}
48
47
inode_dec_link_count(inode);
···
254
255
if (err)
255
256
goto out_fail;
256
257
257
-
unlock_new_inode(inode);
258
-
d_instantiate(dentry, inode);
258
+
d_instantiate_new(dentry, inode);
259
259
out:
260
260
return err;
261
261
+2
-4
fs/ext4/namei.c
+2
-4
fs/ext4/namei.c
···
2411
2411
int err = ext4_add_entry(handle, dentry, inode);
2412
2412
if (!err) {
2413
2413
ext4_mark_inode_dirty(handle, inode);
2414
-
unlock_new_inode(inode);
2415
-
d_instantiate(dentry, inode);
2414
+
d_instantiate_new(dentry, inode);
2416
2415
return 0;
2417
2416
}
2418
2417
drop_nlink(inode);
···
2650
2651
err = ext4_mark_inode_dirty(handle, dir);
2651
2652
if (err)
2652
2653
goto out_clear_inode;
2653
-
unlock_new_inode(inode);
2654
-
d_instantiate(dentry, inode);
2654
+
d_instantiate_new(dentry, inode);
2655
2655
if (IS_DIRSYNC(dir))
2656
2656
ext4_handle_sync(handle);
2657
2657
+4
-8
fs/f2fs/namei.c
+4
-8
fs/f2fs/namei.c
···
294
294
295
295
alloc_nid_done(sbi, ino);
296
296
297
-
d_instantiate(dentry, inode);
298
-
unlock_new_inode(inode);
297
+
d_instantiate_new(dentry, inode);
299
298
300
299
if (IS_DIRSYNC(dir))
301
300
f2fs_sync_fs(sbi->sb, 1);
···
596
597
err = page_symlink(inode, disk_link.name, disk_link.len);
597
598
598
599
err_out:
599
-
d_instantiate(dentry, inode);
600
-
unlock_new_inode(inode);
600
+
d_instantiate_new(dentry, inode);
601
601
602
602
/*
603
603
* Let's flush symlink data in order to avoid broken symlink as much as
···
659
661
660
662
alloc_nid_done(sbi, inode->i_ino);
661
663
662
-
d_instantiate(dentry, inode);
663
-
unlock_new_inode(inode);
664
+
d_instantiate_new(dentry, inode);
664
665
665
666
if (IS_DIRSYNC(dir))
666
667
f2fs_sync_fs(sbi->sb, 1);
···
710
713
711
714
alloc_nid_done(sbi, inode->i_ino);
712
715
713
-
d_instantiate(dentry, inode);
714
-
unlock_new_inode(inode);
716
+
d_instantiate_new(dentry, inode);
715
717
716
718
if (IS_DIRSYNC(dir))
717
719
f2fs_sync_fs(sbi->sb, 1);
+1
fs/inode.c
+1
fs/inode.c
+1
fs/internal.h
+1
fs/internal.h
···
125
125
int do_fchownat(int dfd, const char __user *filename, uid_t user, gid_t group,
126
126
int flag);
127
127
128
+
extern int open_check_o_direct(struct file *f);
128
129
extern int vfs_open(const struct path *, struct file *, const struct cred *);
129
130
extern struct file *filp_clone_open(struct file *);
130
131
+4
-8
fs/jffs2/dir.c
+4
-8
fs/jffs2/dir.c
···
209
209
__func__, inode->i_ino, inode->i_mode, inode->i_nlink,
210
210
f->inocache->pino_nlink, inode->i_mapping->nrpages);
211
211
212
-
unlock_new_inode(inode);
213
-
d_instantiate(dentry, inode);
212
+
d_instantiate_new(dentry, inode);
214
213
return 0;
215
214
216
215
fail:
···
429
430
mutex_unlock(&dir_f->sem);
430
431
jffs2_complete_reservation(c);
431
432
432
-
unlock_new_inode(inode);
433
-
d_instantiate(dentry, inode);
433
+
d_instantiate_new(dentry, inode);
434
434
return 0;
435
435
436
436
fail:
···
573
575
mutex_unlock(&dir_f->sem);
574
576
jffs2_complete_reservation(c);
575
577
576
-
unlock_new_inode(inode);
577
-
d_instantiate(dentry, inode);
578
+
d_instantiate_new(dentry, inode);
578
579
return 0;
579
580
580
581
fail:
···
744
747
mutex_unlock(&dir_f->sem);
745
748
jffs2_complete_reservation(c);
746
749
747
-
unlock_new_inode(inode);
748
-
d_instantiate(dentry, inode);
750
+
d_instantiate_new(dentry, inode);
749
751
return 0;
750
752
751
753
fail:
+4
-8
fs/jfs/namei.c
+4
-8
fs/jfs/namei.c
···
178
178
unlock_new_inode(ip);
179
179
iput(ip);
180
180
} else {
181
-
unlock_new_inode(ip);
182
-
d_instantiate(dentry, ip);
181
+
d_instantiate_new(dentry, ip);
183
182
}
184
183
185
184
out2:
···
312
313
unlock_new_inode(ip);
313
314
iput(ip);
314
315
} else {
315
-
unlock_new_inode(ip);
316
-
d_instantiate(dentry, ip);
316
+
d_instantiate_new(dentry, ip);
317
317
}
318
318
319
319
out2:
···
1057
1059
unlock_new_inode(ip);
1058
1060
iput(ip);
1059
1061
} else {
1060
-
unlock_new_inode(ip);
1061
-
d_instantiate(dentry, ip);
1062
+
d_instantiate_new(dentry, ip);
1062
1063
}
1063
1064
1064
1065
out2:
···
1444
1447
unlock_new_inode(ip);
1445
1448
iput(ip);
1446
1449
} else {
1447
-
unlock_new_inode(ip);
1448
-
d_instantiate(dentry, ip);
1450
+
d_instantiate_new(dentry, ip);
1449
1451
}
1450
1452
1451
1453
out1:
+1
fs/kernfs/mount.c
+1
fs/kernfs/mount.c
+6
-1
fs/namei.c
+6
-1
fs/namei.c
···
3367
3367
goto out;
3368
3368
*opened |= FILE_OPENED;
3369
3369
opened:
3370
-
error = ima_file_check(file, op->acc_mode, *opened);
3370
+
error = open_check_o_direct(file);
3371
+
if (!error)
3372
+
error = ima_file_check(file, op->acc_mode, *opened);
3371
3373
if (!error && will_truncate)
3372
3374
error = handle_truncate(file);
3373
3375
out:
···
3449
3447
error = finish_open(file, child, NULL, opened);
3450
3448
if (error)
3451
3449
goto out2;
3450
+
error = open_check_o_direct(file);
3451
+
if (error)
3452
+
fput(file);
3452
3453
out2:
3453
3454
mnt_drop_write(path.mnt);
3454
3455
out:
+22
fs/nfsd/vfs.c
+22
fs/nfsd/vfs.c
···
1201
1201
break;
1202
1202
case S_IFDIR:
1203
1203
host_err = vfs_mkdir(dirp, dchild, iap->ia_mode);
1204
+
if (!host_err && unlikely(d_unhashed(dchild))) {
1205
+
struct dentry *d;
1206
+
d = lookup_one_len(dchild->d_name.name,
1207
+
dchild->d_parent,
1208
+
dchild->d_name.len);
1209
+
if (IS_ERR(d)) {
1210
+
host_err = PTR_ERR(d);
1211
+
break;
1212
+
}
1213
+
if (unlikely(d_is_negative(d))) {
1214
+
dput(d);
1215
+
err = nfserr_serverfault;
1216
+
goto out;
1217
+
}
1218
+
dput(resfhp->fh_dentry);
1219
+
resfhp->fh_dentry = dget(d);
1220
+
err = fh_update(resfhp);
1221
+
dput(dchild);
1222
+
dchild = d;
1223
+
if (err)
1224
+
goto out;
1225
+
}
1204
1226
break;
1205
1227
case S_IFCHR:
1206
1228
case S_IFBLK:
+2
-4
fs/nilfs2/namei.c
+2
-4
fs/nilfs2/namei.c
···
46
46
int err = nilfs_add_link(dentry, inode);
47
47
48
48
if (!err) {
49
-
d_instantiate(dentry, inode);
50
-
unlock_new_inode(inode);
49
+
d_instantiate_new(dentry, inode);
51
50
return 0;
52
51
}
53
52
inode_dec_link_count(inode);
···
242
243
goto out_fail;
243
244
244
245
nilfs_mark_inode_dirty(inode);
245
-
d_instantiate(dentry, inode);
246
-
unlock_new_inode(inode);
246
+
d_instantiate_new(dentry, inode);
247
247
out:
248
248
if (!err)
249
249
err = nilfs_transaction_commit(dir->i_sb);
+1
-10
fs/ocfs2/cluster/heartbeat.c
+1
-10
fs/ocfs2/cluster/heartbeat.c
···
570
570
current_page, vec_len, vec_start);
571
571
572
572
len = bio_add_page(bio, page, vec_len, vec_start);
573
-
if (len != vec_len) {
574
-
mlog(ML_ERROR, "Adding page[%d] to bio failed, "
575
-
"page %p, len %d, vec_len %u, vec_start %u, "
576
-
"bi_sector %llu\n", current_page, page, len,
577
-
vec_len, vec_start,
578
-
(unsigned long long)bio->bi_iter.bi_sector);
579
-
bio_put(bio);
580
-
bio = ERR_PTR(-EIO);
581
-
return bio;
582
-
}
573
+
if (len != vec_len) break;
583
574
584
575
cs += vec_len / (PAGE_SIZE/spp);
585
576
vec_start = 0;
+26
-18
fs/open.c
+26
-18
fs/open.c
···
724
724
return ksys_fchown(fd, user, group);
725
725
}
726
726
727
+
int open_check_o_direct(struct file *f)
728
+
{
729
+
/* NB: we're sure to have correct a_ops only after f_op->open */
730
+
if (f->f_flags & O_DIRECT) {
731
+
if (!f->f_mapping->a_ops || !f->f_mapping->a_ops->direct_IO)
732
+
return -EINVAL;
733
+
}
734
+
return 0;
735
+
}
736
+
727
737
static int do_dentry_open(struct file *f,
728
738
struct inode *inode,
729
739
int (*open)(struct inode *, struct file *),
···
755
745
if (unlikely(f->f_flags & O_PATH)) {
756
746
f->f_mode = FMODE_PATH;
757
747
f->f_op = &empty_fops;
758
-
goto done;
748
+
return 0;
759
749
}
760
750
761
751
if (f->f_mode & FMODE_WRITE && !special_file(inode->i_mode)) {
···
808
798
f->f_flags &= ~(O_CREAT | O_EXCL | O_NOCTTY | O_TRUNC);
809
799
810
800
file_ra_state_init(&f->f_ra, f->f_mapping->host->i_mapping);
811
-
done:
812
-
/* NB: we're sure to have correct a_ops only after f_op->open */
813
-
error = -EINVAL;
814
-
if ((f->f_flags & O_DIRECT) &&
815
-
(!f->f_mapping->a_ops || !f->f_mapping->a_ops->direct_IO))
816
-
goto out_fput;
801
+
817
802
return 0;
818
803
819
804
cleanup_all:
···
822
817
f->f_path.mnt = NULL;
823
818
f->f_path.dentry = NULL;
824
819
f->f_inode = NULL;
825
-
return error;
826
-
out_fput:
827
-
fput(f);
828
820
return error;
829
821
}
830
822
···
920
918
BUG_ON(!path->mnt);
921
919
922
920
f = get_empty_filp();
923
-
if (IS_ERR(f))
924
-
return f;
925
-
926
-
f->f_flags = flags;
927
-
error = vfs_open(path, f, cred);
928
-
if (error) {
929
-
put_filp(f);
930
-
return ERR_PTR(error);
921
+
if (!IS_ERR(f)) {
922
+
f->f_flags = flags;
923
+
error = vfs_open(path, f, cred);
924
+
if (!error) {
925
+
/* from now on we need fput() to dispose of f */
926
+
error = open_check_o_direct(f);
927
+
if (error) {
928
+
fput(f);
929
+
f = ERR_PTR(error);
930
+
}
931
+
} else {
932
+
put_filp(f);
933
+
f = ERR_PTR(error);
934
+
}
931
935
}
932
936
return f;
933
937
}
+3
-6
fs/orangefs/namei.c
+3
-6
fs/orangefs/namei.c
···
75
75
get_khandle_from_ino(inode),
76
76
dentry);
77
77
78
-
d_instantiate(dentry, inode);
79
-
unlock_new_inode(inode);
78
+
d_instantiate_new(dentry, inode);
80
79
orangefs_set_timeout(dentry);
81
80
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
82
81
ORANGEFS_I(inode)->getattr_mask = STATX_BASIC_STATS;
···
331
332
"Assigned symlink inode new number of %pU\n",
332
333
get_khandle_from_ino(inode));
333
334
334
-
d_instantiate(dentry, inode);
335
-
unlock_new_inode(inode);
335
+
d_instantiate_new(dentry, inode);
336
336
orangefs_set_timeout(dentry);
337
337
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
338
338
ORANGEFS_I(inode)->getattr_mask = STATX_BASIC_STATS;
···
400
402
"Assigned dir inode new number of %pU\n",
401
403
get_khandle_from_ino(inode));
402
404
403
-
d_instantiate(dentry, inode);
404
-
unlock_new_inode(inode);
405
+
d_instantiate_new(dentry, inode);
405
406
orangefs_set_timeout(dentry);
406
407
ORANGEFS_I(inode)->getattr_time = jiffies - 1;
407
408
ORANGEFS_I(inode)->getattr_mask = STATX_BASIC_STATS;
+25
fs/proc/array.c
+25
fs/proc/array.c
···
85
85
#include <linux/delayacct.h>
86
86
#include <linux/seq_file.h>
87
87
#include <linux/pid_namespace.h>
88
+
#include <linux/prctl.h>
88
89
#include <linux/ptrace.h>
89
90
#include <linux/tracehook.h>
90
91
#include <linux/string_helpers.h>
···
336
335
#ifdef CONFIG_SECCOMP
337
336
seq_put_decimal_ull(m, "\nSeccomp:\t", p->seccomp.mode);
338
337
#endif
338
+
seq_printf(m, "\nSpeculation_Store_Bypass:\t");
339
+
switch (arch_prctl_spec_ctrl_get(p, PR_SPEC_STORE_BYPASS)) {
340
+
case -EINVAL:
341
+
seq_printf(m, "unknown");
342
+
break;
343
+
case PR_SPEC_NOT_AFFECTED:
344
+
seq_printf(m, "not vulnerable");
345
+
break;
346
+
case PR_SPEC_PRCTL | PR_SPEC_FORCE_DISABLE:
347
+
seq_printf(m, "thread force mitigated");
348
+
break;
349
+
case PR_SPEC_PRCTL | PR_SPEC_DISABLE:
350
+
seq_printf(m, "thread mitigated");
351
+
break;
352
+
case PR_SPEC_PRCTL | PR_SPEC_ENABLE:
353
+
seq_printf(m, "thread vulnerable");
354
+
break;
355
+
case PR_SPEC_DISABLE:
356
+
seq_printf(m, "globally mitigated");
357
+
break;
358
+
default:
359
+
seq_printf(m, "vulnerable");
360
+
break;
361
+
}
339
362
seq_putc(m, '\n');
340
363
}
341
364
+4
-8
fs/reiserfs/namei.c
+4
-8
fs/reiserfs/namei.c
···
687
687
reiserfs_update_inode_transaction(inode);
688
688
reiserfs_update_inode_transaction(dir);
689
689
690
-
unlock_new_inode(inode);
691
-
d_instantiate(dentry, inode);
690
+
d_instantiate_new(dentry, inode);
692
691
retval = journal_end(&th);
693
692
694
693
out_failed:
···
770
771
goto out_failed;
771
772
}
772
773
773
-
unlock_new_inode(inode);
774
-
d_instantiate(dentry, inode);
774
+
d_instantiate_new(dentry, inode);
775
775
retval = journal_end(&th);
776
776
777
777
out_failed:
···
869
871
/* the above add_entry did not update dir's stat data */
870
872
reiserfs_update_sd(&th, dir);
871
873
872
-
unlock_new_inode(inode);
873
-
d_instantiate(dentry, inode);
874
+
d_instantiate_new(dentry, inode);
874
875
retval = journal_end(&th);
875
876
out_failed:
876
877
reiserfs_write_unlock(dir->i_sb);
···
1184
1187
goto out_failed;
1185
1188
}
1186
1189
1187
-
unlock_new_inode(inode);
1188
-
d_instantiate(dentry, inode);
1190
+
d_instantiate_new(dentry, inode);
1189
1191
retval = journal_end(&th);
1190
1192
out_failed:
1191
1193
reiserfs_write_unlock(parent_dir->i_sb);
-5
fs/seq_file.c
-5
fs/seq_file.c
+24
-6
fs/super.c
+24
-6
fs/super.c
···
121
121
sb = container_of(shrink, struct super_block, s_shrink);
122
122
123
123
/*
124
-
* Don't call trylock_super as it is a potential
125
-
* scalability bottleneck. The counts could get updated
126
-
* between super_cache_count and super_cache_scan anyway.
127
-
* Call to super_cache_count with shrinker_rwsem held
128
-
* ensures the safety of call to list_lru_shrink_count() and
129
-
* s_op->nr_cached_objects().
124
+
* We don't call trylock_super() here as it is a scalability bottleneck,
125
+
* so we're exposed to partial setup state. The shrinker rwsem does not
126
+
* protect filesystem operations backing list_lru_shrink_count() or
127
+
* s_op->nr_cached_objects(). Counts can change between
128
+
* super_cache_count and super_cache_scan, so we really don't need locks
129
+
* here.
130
+
*
131
+
* However, if we are currently mounting the superblock, the underlying
132
+
* filesystem might be in a state of partial construction and hence it
133
+
* is dangerous to access it. trylock_super() uses a SB_BORN check to
134
+
* avoid this situation, so do the same here. The memory barrier is
135
+
* matched with the one in mount_fs() as we don't hold locks here.
130
136
*/
137
+
if (!(sb->s_flags & SB_BORN))
138
+
return 0;
139
+
smp_rmb();
140
+
131
141
if (sb->s_op && sb->s_op->nr_cached_objects)
132
142
total_objects = sb->s_op->nr_cached_objects(sb, sc);
133
143
···
1282
1272
sb = root->d_sb;
1283
1273
BUG_ON(!sb);
1284
1274
WARN_ON(!sb->s_bdi);
1275
+
1276
+
/*
1277
+
* Write barrier is for super_cache_count(). We place it before setting
1278
+
* SB_BORN as the data dependency between the two functions is the
1279
+
* superblock structure contents that we just set up, not the SB_BORN
1280
+
* flag.
1281
+
*/
1282
+
smp_wmb();
1285
1283
sb->s_flags |= SB_BORN;
1286
1284
1287
1285
error = security_sb_kern_mount(sb, flags, secdata);
+3
-3
fs/sysfs/mount.c
+3
-3
fs/sysfs/mount.c
···
25
25
{
26
26
struct dentry *root;
27
27
void *ns;
28
-
bool new_sb;
28
+
bool new_sb = false;
29
29
30
30
if (!(flags & SB_KERNMOUNT)) {
31
31
if (!kobj_ns_current_may_mount(KOBJ_NS_TYPE_NET))
···
35
35
ns = kobj_ns_grab_current(KOBJ_NS_TYPE_NET);
36
36
root = kernfs_mount_ns(fs_type, flags, sysfs_root,
37
37
SYSFS_MAGIC, &new_sb, ns);
38
-
if (IS_ERR(root) || !new_sb)
38
+
if (!new_sb)
39
39
kobj_ns_drop(KOBJ_NS_TYPE_NET, ns);
40
-
else if (new_sb)
40
+
else if (!IS_ERR(root))
41
41
root->d_sb->s_iflags |= SB_I_USERNS_VISIBLE;
42
42
43
43
return root;
+2
-4
fs/udf/namei.c
+2
-4
fs/udf/namei.c
···
622
622
if (fibh.sbh != fibh.ebh)
623
623
brelse(fibh.ebh);
624
624
brelse(fibh.sbh);
625
-
unlock_new_inode(inode);
626
-
d_instantiate(dentry, inode);
625
+
d_instantiate_new(dentry, inode);
627
626
628
627
return 0;
629
628
}
···
732
733
inc_nlink(dir);
733
734
dir->i_ctime = dir->i_mtime = current_time(dir);
734
735
mark_inode_dirty(dir);
735
-
unlock_new_inode(inode);
736
-
d_instantiate(dentry, inode);
736
+
d_instantiate_new(dentry, inode);
737
737
if (fibh.sbh != fibh.ebh)
738
738
brelse(fibh.ebh);
739
739
brelse(fibh.sbh);
+2
-4
fs/ufs/namei.c
+2
-4
fs/ufs/namei.c
···
39
39
{
40
40
int err = ufs_add_link(dentry, inode);
41
41
if (!err) {
42
-
unlock_new_inode(inode);
43
-
d_instantiate(dentry, inode);
42
+
d_instantiate_new(dentry, inode);
44
43
return 0;
45
44
}
46
45
inode_dec_link_count(inode);
···
192
193
if (err)
193
194
goto out_fail;
194
195
195
-
unlock_new_inode(inode);
196
-
d_instantiate(dentry, inode);
196
+
d_instantiate_new(dentry, inode);
197
197
return 0;
198
198
199
199
out_fail:
+1
-1
include/drm/bridge/dw_hdmi.h
+1
-1
include/drm/bridge/dw_hdmi.h
···
151
151
struct drm_encoder *encoder,
152
152
const struct dw_hdmi_plat_data *plat_data);
153
153
154
-
void dw_hdmi_setup_rx_sense(struct device *dev, bool hpd, bool rx_sense);
154
+
void dw_hdmi_setup_rx_sense(struct dw_hdmi *hdmi, bool hpd, bool rx_sense);
155
155
156
156
void dw_hdmi_set_sample_rate(struct dw_hdmi *hdmi, unsigned int rate);
157
157
void dw_hdmi_audio_enable(struct dw_hdmi *hdmi);
+2
-1
include/linux/bpf_verifier.h
+2
-1
include/linux/bpf_verifier.h
···
142
142
struct bpf_insn_aux_data {
143
143
union {
144
144
enum bpf_reg_type ptr_type; /* pointer type for load/store insns */
145
-
struct bpf_map *map_ptr; /* pointer for call insn into lookup_elem */
145
+
unsigned long map_state; /* pointer/poison value for maps */
146
146
s32 call_imm; /* saved imm field of call insn */
147
147
};
148
148
int ctx_field_size; /* the ctx field size for load insn, maybe 0 */
149
+
int sanitize_stack_off; /* stack slot to be cleared */
149
150
bool seen; /* this insn was processed by the verifier */
150
151
};
151
152
+2
include/linux/cpu.h
+2
include/linux/cpu.h
···
53
53
struct device_attribute *attr, char *buf);
54
54
extern ssize_t cpu_show_spectre_v2(struct device *dev,
55
55
struct device_attribute *attr, char *buf);
56
+
extern ssize_t cpu_show_spec_store_bypass(struct device *dev,
57
+
struct device_attribute *attr, char *buf);
56
58
57
59
extern __printf(4, 5)
58
60
struct device *cpu_device_create(struct device *parent, void *drvdata,
+1
include/linux/dcache.h
+1
include/linux/dcache.h
···
224
224
* These are the low-level FS interfaces to the dcache..
225
225
*/
226
226
extern void d_instantiate(struct dentry *, struct inode *);
227
+
extern void d_instantiate_new(struct dentry *, struct inode *);
227
228
extern struct dentry * d_instantiate_unique(struct dentry *, struct inode *);
228
229
extern struct dentry * d_instantiate_anon(struct dentry *, struct inode *);
229
230
extern int d_instantiate_no_diralias(struct dentry *, struct inode *);
+1
-1
include/linux/gfp.h
+1
-1
include/linux/gfp.h
···
464
464
__alloc_pages_node(int nid, gfp_t gfp_mask, unsigned int order)
465
465
{
466
466
VM_BUG_ON(nid < 0 || nid >= MAX_NUMNODES);
467
-
VM_WARN_ON(!node_online(nid));
467
+
VM_WARN_ON((gfp_mask & __GFP_THISNODE) && !node_online(nid));
468
468
469
469
return __alloc_pages(gfp_mask, order, nid);
470
470
}
+3
-3
include/linux/iio/buffer_impl.h
+3
-3
include/linux/iio/buffer_impl.h
···
53
53
int (*request_update)(struct iio_buffer *buffer);
54
54
55
55
int (*set_bytes_per_datum)(struct iio_buffer *buffer, size_t bpd);
56
-
int (*set_length)(struct iio_buffer *buffer, int length);
56
+
int (*set_length)(struct iio_buffer *buffer, unsigned int length);
57
57
58
58
int (*enable)(struct iio_buffer *buffer, struct iio_dev *indio_dev);
59
59
int (*disable)(struct iio_buffer *buffer, struct iio_dev *indio_dev);
···
72
72
*/
73
73
struct iio_buffer {
74
74
/** @length: Number of datums in buffer. */
75
-
int length;
75
+
unsigned int length;
76
76
77
77
/** @bytes_per_datum: Size of individual datum including timestamp. */
78
-
int bytes_per_datum;
78
+
size_t bytes_per_datum;
79
79
80
80
/**
81
81
* @access: Buffer access functions associated with the
+3
include/linux/memory_hotplug.h
+3
include/linux/memory_hotplug.h
···
216
216
void mem_hotplug_begin(void);
217
217
void mem_hotplug_done(void);
218
218
219
+
extern void set_zone_contiguous(struct zone *zone);
220
+
extern void clear_zone_contiguous(struct zone *zone);
221
+
219
222
#else /* ! CONFIG_MEMORY_HOTPLUG */
220
223
#define pfn_to_online_page(pfn) \
221
224
({ \
+1
-11
include/linux/mlx5/driver.h
+1
-11
include/linux/mlx5/driver.h
···
1286
1286
static inline const struct cpumask *
1287
1287
mlx5_get_vector_affinity_hint(struct mlx5_core_dev *dev, int vector)
1288
1288
{
1289
-
struct irq_desc *desc;
1290
-
unsigned int irq;
1291
-
int eqn;
1292
-
int err;
1293
-
1294
-
err = mlx5_vector2eqn(dev, vector, &eqn, &irq);
1295
-
if (err)
1296
-
return NULL;
1297
-
1298
-
desc = irq_to_desc(irq);
1299
-
return desc->affinity_hint;
1289
+
return dev->priv.irq_info[vector].mask;
1300
1290
}
1301
1291
1302
1292
#endif /* MLX5_DRIVER_H */
-1
include/linux/mm.h
-1
include/linux/mm.h
+5
-3
include/linux/node.h
+5
-3
include/linux/node.h
···
32
32
typedef void (*node_registration_func_t)(struct node *);
33
33
34
34
#if defined(CONFIG_MEMORY_HOTPLUG_SPARSE) && defined(CONFIG_NUMA)
35
-
extern int link_mem_sections(int nid, unsigned long start_pfn, unsigned long nr_pages);
35
+
extern int link_mem_sections(int nid, unsigned long start_pfn,
36
+
unsigned long nr_pages, bool check_nid);
36
37
#else
37
-
static inline int link_mem_sections(int nid, unsigned long start_pfn, unsigned long nr_pages)
38
+
static inline int link_mem_sections(int nid, unsigned long start_pfn,
39
+
unsigned long nr_pages, bool check_nid)
38
40
{
39
41
return 0;
40
42
}
···
59
57
if (error)
60
58
return error;
61
59
/* link memory sections under this node */
62
-
error = link_mem_sections(nid, pgdat->node_start_pfn, pgdat->node_spanned_pages);
60
+
error = link_mem_sections(nid, pgdat->node_start_pfn, pgdat->node_spanned_pages, true);
63
61
}
64
62
65
63
return error;
+10
include/linux/nospec.h
+10
include/linux/nospec.h
···
7
7
#define _LINUX_NOSPEC_H
8
8
#include <asm/barrier.h>
9
9
10
+
struct task_struct;
11
+
10
12
/**
11
13
* array_index_mask_nospec() - generate a ~0 mask when index < size, 0 otherwise
12
14
* @index: array element index
···
57
55
\
58
56
(typeof(_i)) (_i & _mask); \
59
57
})
58
+
59
+
/* Speculation control prctl */
60
+
int arch_prctl_spec_ctrl_get(struct task_struct *task, unsigned long which);
61
+
int arch_prctl_spec_ctrl_set(struct task_struct *task, unsigned long which,
62
+
unsigned long ctrl);
63
+
/* Speculation control for seccomp enforced mitigation */
64
+
void arch_seccomp_spec_mitigate(struct task_struct *task);
65
+
60
66
#endif /* _LINUX_NOSPEC_H */
+9
-1
include/linux/sched.h
+9
-1
include/linux/sched.h
···
1433
1433
#define PFA_NO_NEW_PRIVS 0 /* May not gain new privileges. */
1434
1434
#define PFA_SPREAD_PAGE 1 /* Spread page cache over cpuset */
1435
1435
#define PFA_SPREAD_SLAB 2 /* Spread some slab caches over cpuset */
1436
-
1436
+
#define PFA_SPEC_SSB_DISABLE 3 /* Speculative Store Bypass disabled */
1437
+
#define PFA_SPEC_SSB_FORCE_DISABLE 4 /* Speculative Store Bypass force disabled*/
1437
1438
1438
1439
#define TASK_PFA_TEST(name, func) \
1439
1440
static inline bool task_##func(struct task_struct *p) \
···
1458
1457
TASK_PFA_TEST(SPREAD_SLAB, spread_slab)
1459
1458
TASK_PFA_SET(SPREAD_SLAB, spread_slab)
1460
1459
TASK_PFA_CLEAR(SPREAD_SLAB, spread_slab)
1460
+
1461
+
TASK_PFA_TEST(SPEC_SSB_DISABLE, spec_ssb_disable)
1462
+
TASK_PFA_SET(SPEC_SSB_DISABLE, spec_ssb_disable)
1463
+
TASK_PFA_CLEAR(SPEC_SSB_DISABLE, spec_ssb_disable)
1464
+
1465
+
TASK_PFA_TEST(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
1466
+
TASK_PFA_SET(SPEC_SSB_FORCE_DISABLE, spec_ssb_force_disable)
1461
1467
1462
1468
static inline void
1463
1469
current_restore_flags(unsigned long orig_flags, unsigned long flags)
+3
-2
include/linux/seccomp.h
+3
-2
include/linux/seccomp.h
···
4
4
5
5
#include <uapi/linux/seccomp.h>
6
6
7
-
#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC | \
8
-
SECCOMP_FILTER_FLAG_LOG)
7
+
#define SECCOMP_FILTER_FLAG_MASK (SECCOMP_FILTER_FLAG_TSYNC | \
8
+
SECCOMP_FILTER_FLAG_LOG | \
9
+
SECCOMP_FILTER_FLAG_SPEC_ALLOW)
9
10
10
11
#ifdef CONFIG_SECCOMP
11
12
+5
include/net/netfilter/nf_tables.h
+5
include/net/netfilter/nf_tables.h
···
170
170
int nft_data_init(const struct nft_ctx *ctx,
171
171
struct nft_data *data, unsigned int size,
172
172
struct nft_data_desc *desc, const struct nlattr *nla);
173
+
void nft_data_hold(const struct nft_data *data, enum nft_data_types type);
173
174
void nft_data_release(const struct nft_data *data, enum nft_data_types type);
174
175
int nft_data_dump(struct sk_buff *skb, int attr, const struct nft_data *data,
175
176
enum nft_data_types type, unsigned int len);
···
737
736
int (*init)(const struct nft_ctx *ctx,
738
737
const struct nft_expr *expr,
739
738
const struct nlattr * const tb[]);
739
+
void (*activate)(const struct nft_ctx *ctx,
740
+
const struct nft_expr *expr);
741
+
void (*deactivate)(const struct nft_ctx *ctx,
742
+
const struct nft_expr *expr);
740
743
void (*destroy)(const struct nft_ctx *ctx,
741
744
const struct nft_expr *expr);
742
745
int (*dump)(struct sk_buff *skb,
+2
include/net/sctp/sctp.h
+2
include/net/sctp/sctp.h
···
103
103
/*
104
104
* sctp/socket.c
105
105
*/
106
+
int sctp_inet_connect(struct socket *sock, struct sockaddr *uaddr,
107
+
int addr_len, int flags);
106
108
int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb);
107
109
int sctp_inet_listen(struct socket *sock, int backlog);
108
110
void sctp_write_space(struct sock *sk);
+3
include/net/tls.h
+3
include/net/tls.h
-1
include/rdma/ib_umem.h
-1
include/rdma/ib_umem.h
+5
-5
include/rdma/uverbs_ioctl.h
+5
-5
include/rdma/uverbs_ioctl.h
···
411
411
static inline void *uverbs_attr_get_obj(const struct uverbs_attr_bundle *attrs_bundle,
412
412
u16 idx)
413
413
{
414
-
struct ib_uobject *uobj =
415
-
uverbs_attr_get(attrs_bundle, idx)->obj_attr.uobject;
414
+
const struct uverbs_attr *attr;
416
415
417
-
if (IS_ERR(uobj))
418
-
return uobj;
416
+
attr = uverbs_attr_get(attrs_bundle, idx);
417
+
if (IS_ERR(attr))
418
+
return ERR_CAST(attr);
419
419
420
-
return uobj->object;
420
+
return attr->obj_attr.uobject->object;
421
421
}
422
422
423
423
static inline int uverbs_copy_to(const struct uverbs_attr_bundle *attrs_bundle,
+3
-1
include/trace/events/sched.h
+3
-1
include/trace/events/sched.h
···
435
435
memcpy(__entry->comm, tsk->comm, TASK_COMM_LEN);
436
436
__entry->pid = tsk->pid;
437
437
__entry->oldprio = tsk->prio;
438
-
__entry->newprio = pi_task ? pi_task->prio : tsk->prio;
438
+
__entry->newprio = pi_task ?
439
+
min(tsk->normal_prio, pi_task->prio) :
440
+
tsk->normal_prio;
439
441
/* XXX SCHED_DEADLINE bits missing */
440
442
),
441
443
+2
include/uapi/linux/bpf.h
+2
include/uapi/linux/bpf.h
···
1017
1017
__aligned_u64 map_ids;
1018
1018
char name[BPF_OBJ_NAME_LEN];
1019
1019
__u32 ifindex;
1020
+
__u32 :32;
1020
1021
__u64 netns_dev;
1021
1022
__u64 netns_ino;
1022
1023
} __attribute__((aligned(8)));
···
1031
1030
__u32 map_flags;
1032
1031
char name[BPF_OBJ_NAME_LEN];
1033
1032
__u32 ifindex;
1033
+
__u32 :32;
1034
1034
__u64 netns_dev;
1035
1035
__u64 netns_ino;
1036
1036
} __attribute__((aligned(8)));
+3
include/uapi/linux/netfilter/nf_conntrack_tcp.h
+3
include/uapi/linux/netfilter/nf_conntrack_tcp.h
+1
-1
include/uapi/linux/nl80211.h
+1
-1
include/uapi/linux/nl80211.h
···
2698
2698
#define NL80211_ATTR_KEYS NL80211_ATTR_KEYS
2699
2699
#define NL80211_ATTR_FEATURE_FLAGS NL80211_ATTR_FEATURE_FLAGS
2700
2700
2701
-
#define NL80211_WIPHY_NAME_MAXLEN 128
2701
+
#define NL80211_WIPHY_NAME_MAXLEN 64
2702
2702
2703
2703
#define NL80211_MAX_SUPP_RATES 32
2704
2704
#define NL80211_MAX_SUPP_HT_RATES 77
+1
-1
include/uapi/linux/ppp-ioctl.h
+1
-1
include/uapi/linux/ppp-ioctl.h
···
106
106
#define PPPIOCGIDLE _IOR('t', 63, struct ppp_idle) /* get idle time */
107
107
#define PPPIOCNEWUNIT _IOWR('t', 62, int) /* create new ppp unit */
108
108
#define PPPIOCATTACH _IOW('t', 61, int) /* attach to ppp unit */
109
-
#define PPPIOCDETACH _IOW('t', 60, int) /* detach from ppp unit/chan */
109
+
#define PPPIOCDETACH _IOW('t', 60, int) /* obsolete, do not use */
110
110
#define PPPIOCSMRRU _IOW('t', 59, int) /* set multilink MRU */
111
111
#define PPPIOCCONNECT _IOW('t', 58, int) /* connect channel to unit */
112
112
#define PPPIOCDISCONN _IO('t', 57) /* disconnect channel */
+12
include/uapi/linux/prctl.h
+12
include/uapi/linux/prctl.h
···
207
207
# define PR_SVE_VL_LEN_MASK 0xffff
208
208
# define PR_SVE_VL_INHERIT (1 << 17) /* inherit across exec */
209
209
210
+
/* Per task speculation control */
211
+
#define PR_GET_SPECULATION_CTRL 52
212
+
#define PR_SET_SPECULATION_CTRL 53
213
+
/* Speculation control variants */
214
+
# define PR_SPEC_STORE_BYPASS 0
215
+
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
216
+
# define PR_SPEC_NOT_AFFECTED 0
217
+
# define PR_SPEC_PRCTL (1UL << 0)
218
+
# define PR_SPEC_ENABLE (1UL << 1)
219
+
# define PR_SPEC_DISABLE (1UL << 2)
220
+
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
221
+
210
222
#endif /* _LINUX_PRCTL_H */
+3
-2
include/uapi/linux/seccomp.h
+3
-2
include/uapi/linux/seccomp.h
···
17
17
#define SECCOMP_GET_ACTION_AVAIL 2
18
18
19
19
/* Valid flags for SECCOMP_SET_MODE_FILTER */
20
-
#define SECCOMP_FILTER_FLAG_TSYNC 1
21
-
#define SECCOMP_FILTER_FLAG_LOG 2
20
+
#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
21
+
#define SECCOMP_FILTER_FLAG_LOG (1UL << 1)
22
+
#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
22
23
23
24
/*
24
25
* All BPF programs must return a 32-bit value.
+8
include/xen/interface/io/displif.h
+8
include/xen/interface/io/displif.h
···
189
189
*
190
190
*----------------------------- Connector settings ----------------------------
191
191
*
192
+
* unique-id
193
+
* Values: <string>
194
+
*
195
+
* After device instance initialization each connector is assigned a
196
+
* unique ID, so it can be identified by the backend by this ID.
197
+
* This can be UUID or such.
198
+
*
192
199
* resolution
193
200
* Values: <width, uint32_t>x<height, uint32_t>
194
201
*
···
375
368
#define XENDISPL_FIELD_EVT_CHANNEL "evt-event-channel"
376
369
#define XENDISPL_FIELD_RESOLUTION "resolution"
377
370
#define XENDISPL_FIELD_BE_ALLOC "be-alloc"
371
+
#define XENDISPL_FIELD_UNIQUE_ID "unique-id"
378
372
379
373
/*
380
374
******************************************************************************
+59
-19
include/xen/interface/io/kbdif.h
+59
-19
include/xen/interface/io/kbdif.h
···
51
51
* corresponding entries in XenStore and puts 1 as the value of the entry.
52
52
* If a feature is not supported then 0 must be set or feature entry omitted.
53
53
*
54
+
* feature-disable-keyboard
55
+
* Values: <uint>
56
+
*
57
+
* If there is no need to expose a virtual keyboard device by the
58
+
* frontend then this must be set to 1.
59
+
*
60
+
* feature-disable-pointer
61
+
* Values: <uint>
62
+
*
63
+
* If there is no need to expose a virtual pointer device by the
64
+
* frontend then this must be set to 1.
65
+
*
54
66
* feature-abs-pointer
55
67
* Values: <uint>
56
68
*
···
74
62
*
75
63
* Backends, which support reporting of multi-touch events
76
64
* should set this to 1.
65
+
*
66
+
* feature-raw-pointer
67
+
* Values: <uint>
68
+
*
69
+
* Backends, which support reporting raw (unscaled) absolute coordinates
70
+
* for pointer devices should set this to 1. Raw (unscaled) values have
71
+
* a range of [0, 0x7fff].
72
+
*
73
+
*----------------------- Device Instance Parameters ------------------------
74
+
*
75
+
* unique-id
76
+
* Values: <string>
77
+
*
78
+
* After device instance initialization it is assigned a unique ID,
79
+
* so every instance of the frontend can be identified by the backend
80
+
* by this ID. This can be UUID or such.
77
81
*
78
82
*------------------------- Pointer Device Parameters ------------------------
79
83
*
···
103
75
* Values: <uint>
104
76
*
105
77
* Maximum Y coordinate (height) to be used by the frontend
78
+
* while reporting input events, pixels, [0; UINT32_MAX].
79
+
*
80
+
*----------------------- Multi-touch Device Parameters ----------------------
81
+
*
82
+
* multi-touch-num-contacts
83
+
* Values: <uint>
84
+
*
85
+
* Number of simultaneous touches reported.
86
+
*
87
+
* multi-touch-width
88
+
* Values: <uint>
89
+
*
90
+
* Width of the touch area to be used by the frontend
91
+
* while reporting input events, pixels, [0; UINT32_MAX].
92
+
*
93
+
* multi-touch-height
94
+
* Values: <uint>
95
+
*
96
+
* Height of the touch area to be used by the frontend
106
97
* while reporting input events, pixels, [0; UINT32_MAX].
107
98
*
108
99
*****************************************************************************
···
145
98
*
146
99
* Request backend to report multi-touch events.
147
100
*
101
+
* request-raw-pointer
102
+
* Values: <uint>
103
+
*
104
+
* Request backend to report raw unscaled absolute pointer coordinates.
105
+
* This option is only valid if request-abs-pointer is also set.
106
+
* Raw unscaled coordinates have the range [0, 0x7fff]
107
+
*
148
108
*----------------------- Request Transport Parameters -----------------------
149
109
*
150
110
* event-channel
···
171
117
*
172
118
* OBSOLETE, not recommended for use.
173
119
* PFN of the shared page.
174
-
*
175
-
*----------------------- Multi-touch Device Parameters -----------------------
176
-
*
177
-
* multi-touch-num-contacts
178
-
* Values: <uint>
179
-
*
180
-
* Number of simultaneous touches reported.
181
-
*
182
-
* multi-touch-width
183
-
* Values: <uint>
184
-
*
185
-
* Width of the touch area to be used by the frontend
186
-
* while reporting input events, pixels, [0; UINT32_MAX].
187
-
*
188
-
* multi-touch-height
189
-
* Values: <uint>
190
-
*
191
-
* Height of the touch area to be used by the frontend
192
-
* while reporting input events, pixels, [0; UINT32_MAX].
193
120
*/
194
121
195
122
/*
···
198
163
199
164
#define XENKBD_DRIVER_NAME "vkbd"
200
165
166
+
#define XENKBD_FIELD_FEAT_DSBL_KEYBRD "feature-disable-keyboard"
167
+
#define XENKBD_FIELD_FEAT_DSBL_POINTER "feature-disable-pointer"
201
168
#define XENKBD_FIELD_FEAT_ABS_POINTER "feature-abs-pointer"
169
+
#define XENKBD_FIELD_FEAT_RAW_POINTER "feature-raw-pointer"
202
170
#define XENKBD_FIELD_FEAT_MTOUCH "feature-multi-touch"
203
171
#define XENKBD_FIELD_REQ_ABS_POINTER "request-abs-pointer"
172
+
#define XENKBD_FIELD_REQ_RAW_POINTER "request-raw-pointer"
204
173
#define XENKBD_FIELD_REQ_MTOUCH "request-multi-touch"
205
174
#define XENKBD_FIELD_RING_GREF "page-gref"
206
175
#define XENKBD_FIELD_EVT_CHANNEL "event-channel"
···
213
174
#define XENKBD_FIELD_MT_WIDTH "multi-touch-width"
214
175
#define XENKBD_FIELD_MT_HEIGHT "multi-touch-height"
215
176
#define XENKBD_FIELD_MT_NUM_CONTACTS "multi-touch-num-contacts"
177
+
#define XENKBD_FIELD_UNIQUE_ID "unique-id"
216
178
217
179
/* OBSOLETE, not recommended for use */
218
180
#define XENKBD_FIELD_RING_REF "page-ref"
+4
-6
include/xen/interface/io/sndif.h
+4
-6
include/xen/interface/io/sndif.h
···
278
278
* defined under the same device.
279
279
*
280
280
* unique-id
281
-
* Values: <uint32_t>
281
+
* Values: <string>
282
282
*
283
-
* After stream initialization it is assigned a unique ID (within the front
284
-
* driver), so every stream of the frontend can be identified by the
285
-
* backend by this ID. This is not equal to stream-idx as the later is
286
-
* zero based within the device, but this index is contigous within the
287
-
* driver.
283
+
* After stream initialization it is assigned a unique ID, so every
284
+
* stream of the frontend can be identified by the backend by this ID.
285
+
* This can be UUID or such.
288
286
*
289
287
*-------------------- Stream Request Transport Parameters --------------------
290
288
*
+1
init/main.c
+1
init/main.c
+11
-8
ipc/shm.c
+11
-8
ipc/shm.c
···
1363
1363
1364
1364
if (addr) {
1365
1365
if (addr & (shmlba - 1)) {
1366
-
/*
1367
-
* Round down to the nearest multiple of shmlba.
1368
-
* For sane do_mmap_pgoff() parameters, avoid
1369
-
* round downs that trigger nil-page and MAP_FIXED.
1370
-
*/
1371
-
if ((shmflg & SHM_RND) && addr >= shmlba)
1372
-
addr &= ~(shmlba - 1);
1373
-
else
1366
+
if (shmflg & SHM_RND) {
1367
+
addr &= ~(shmlba - 1); /* round down */
1368
+
1369
+
/*
1370
+
* Ensure that the round-down is non-nil
1371
+
* when remapping. This can happen for
1372
+
* cases when addr < shmlba.
1373
+
*/
1374
+
if (!addr && (shmflg & SHM_REMAP))
1375
+
goto out;
1376
+
} else
1374
1377
#ifndef __ARCH_FORCE_SHMLBA
1375
1378
if (addr & ~PAGE_MASK)
1376
1379
#endif
+80
-30
kernel/bpf/core.c
+80
-30
kernel/bpf/core.c
···
218
218
return 0;
219
219
}
220
220
221
-
static void bpf_adj_branches(struct bpf_prog *prog, u32 pos, u32 delta)
221
+
static int bpf_adj_delta_to_imm(struct bpf_insn *insn, u32 pos, u32 delta,
222
+
u32 curr, const bool probe_pass)
222
223
{
224
+
const s64 imm_min = S32_MIN, imm_max = S32_MAX;
225
+
s64 imm = insn->imm;
226
+
227
+
if (curr < pos && curr + imm + 1 > pos)
228
+
imm += delta;
229
+
else if (curr > pos + delta && curr + imm + 1 <= pos + delta)
230
+
imm -= delta;
231
+
if (imm < imm_min || imm > imm_max)
232
+
return -ERANGE;
233
+
if (!probe_pass)
234
+
insn->imm = imm;
235
+
return 0;
236
+
}
237
+
238
+
static int bpf_adj_delta_to_off(struct bpf_insn *insn, u32 pos, u32 delta,
239
+
u32 curr, const bool probe_pass)
240
+
{
241
+
const s32 off_min = S16_MIN, off_max = S16_MAX;
242
+
s32 off = insn->off;
243
+
244
+
if (curr < pos && curr + off + 1 > pos)
245
+
off += delta;
246
+
else if (curr > pos + delta && curr + off + 1 <= pos + delta)
247
+
off -= delta;
248
+
if (off < off_min || off > off_max)
249
+
return -ERANGE;
250
+
if (!probe_pass)
251
+
insn->off = off;
252
+
return 0;
253
+
}
254
+
255
+
static int bpf_adj_branches(struct bpf_prog *prog, u32 pos, u32 delta,
256
+
const bool probe_pass)
257
+
{
258
+
u32 i, insn_cnt = prog->len + (probe_pass ? delta : 0);
223
259
struct bpf_insn *insn = prog->insnsi;
224
-
u32 i, insn_cnt = prog->len;
225
-
bool pseudo_call;
226
-
u8 code;
227
-
int off;
260
+
int ret = 0;
228
261
229
262
for (i = 0; i < insn_cnt; i++, insn++) {
230
-
code = insn->code;
231
-
if (BPF_CLASS(code) != BPF_JMP)
232
-
continue;
233
-
if (BPF_OP(code) == BPF_EXIT)
234
-
continue;
235
-
if (BPF_OP(code) == BPF_CALL) {
236
-
if (insn->src_reg == BPF_PSEUDO_CALL)
237
-
pseudo_call = true;
238
-
else
239
-
continue;
240
-
} else {
241
-
pseudo_call = false;
263
+
u8 code;
264
+
265
+
/* In the probing pass we still operate on the original,
266
+
* unpatched image in order to check overflows before we
267
+
* do any other adjustments. Therefore skip the patchlet.
268
+
*/
269
+
if (probe_pass && i == pos) {
270
+
i += delta + 1;
271
+
insn++;
242
272
}
243
-
off = pseudo_call ? insn->imm : insn->off;
244
-
245
-
/* Adjust offset of jmps if we cross boundaries. */
246
-
if (i < pos && i + off + 1 > pos)
247
-
off += delta;
248
-
else if (i > pos + delta && i + off + 1 <= pos + delta)
249
-
off -= delta;
250
-
251
-
if (pseudo_call)
252
-
insn->imm = off;
253
-
else
254
-
insn->off = off;
273
+
code = insn->code;
274
+
if (BPF_CLASS(code) != BPF_JMP ||
275
+
BPF_OP(code) == BPF_EXIT)
276
+
continue;
277
+
/* Adjust offset of jmps if we cross patch boundaries. */
278
+
if (BPF_OP(code) == BPF_CALL) {
279
+
if (insn->src_reg != BPF_PSEUDO_CALL)
280
+
continue;
281
+
ret = bpf_adj_delta_to_imm(insn, pos, delta, i,
282
+
probe_pass);
283
+
} else {
284
+
ret = bpf_adj_delta_to_off(insn, pos, delta, i,
285
+
probe_pass);
286
+
}
287
+
if (ret)
288
+
break;
255
289
}
290
+
291
+
return ret;
256
292
}
257
293
258
294
struct bpf_prog *bpf_patch_insn_single(struct bpf_prog *prog, u32 off,
259
295
const struct bpf_insn *patch, u32 len)
260
296
{
261
297
u32 insn_adj_cnt, insn_rest, insn_delta = len - 1;
298
+
const u32 cnt_max = S16_MAX;
262
299
struct bpf_prog *prog_adj;
263
300
264
301
/* Since our patchlet doesn't expand the image, we're done. */
···
305
268
}
306
269
307
270
insn_adj_cnt = prog->len + insn_delta;
271
+
272
+
/* Reject anything that would potentially let the insn->off
273
+
* target overflow when we have excessive program expansions.
274
+
* We need to probe here before we do any reallocation where
275
+
* we afterwards may not fail anymore.
276
+
*/
277
+
if (insn_adj_cnt > cnt_max &&
278
+
bpf_adj_branches(prog, off, insn_delta, true))
279
+
return NULL;
308
280
309
281
/* Several new instructions need to be inserted. Make room
310
282
* for them. Likely, there's no need for a new allocation as
···
340
294
sizeof(*patch) * insn_rest);
341
295
memcpy(prog_adj->insnsi + off, patch, sizeof(*patch) * len);
342
296
343
-
bpf_adj_branches(prog_adj, off, insn_delta);
297
+
/* We are guaranteed to not fail at this point, otherwise
298
+
* the ship has sailed to reverse to the original state. An
299
+
* overflow cannot happen at this point.
300
+
*/
301
+
BUG_ON(bpf_adj_branches(prog_adj, off, insn_delta, false));
344
302
345
303
return prog_adj;
346
304
}
+9
-9
kernel/bpf/sockmap.c
+9
-9
kernel/bpf/sockmap.c
···
1703
1703
* we increment the refcnt. If this is the case abort with an
1704
1704
* error.
1705
1705
*/
1706
-
verdict = bpf_prog_inc_not_zero(stab->bpf_verdict);
1706
+
verdict = bpf_prog_inc_not_zero(verdict);
1707
1707
if (IS_ERR(verdict))
1708
1708
return PTR_ERR(verdict);
1709
1709
1710
-
parse = bpf_prog_inc_not_zero(stab->bpf_parse);
1710
+
parse = bpf_prog_inc_not_zero(parse);
1711
1711
if (IS_ERR(parse)) {
1712
1712
bpf_prog_put(verdict);
1713
1713
return PTR_ERR(parse);
···
1715
1715
}
1716
1716
1717
1717
if (tx_msg) {
1718
-
tx_msg = bpf_prog_inc_not_zero(stab->bpf_tx_msg);
1718
+
tx_msg = bpf_prog_inc_not_zero(tx_msg);
1719
1719
if (IS_ERR(tx_msg)) {
1720
-
if (verdict)
1721
-
bpf_prog_put(verdict);
1722
-
if (parse)
1720
+
if (parse && verdict) {
1723
1721
bpf_prog_put(parse);
1722
+
bpf_prog_put(verdict);
1723
+
}
1724
1724
return PTR_ERR(tx_msg);
1725
1725
}
1726
1726
}
···
1805
1805
out_free:
1806
1806
smap_release_sock(psock, sock);
1807
1807
out_progs:
1808
-
if (verdict)
1809
-
bpf_prog_put(verdict);
1810
-
if (parse)
1808
+
if (parse && verdict) {
1811
1809
bpf_prog_put(parse);
1810
+
bpf_prog_put(verdict);
1811
+
}
1812
1812
if (tx_msg)
1813
1813
bpf_prog_put(tx_msg);
1814
1814
write_unlock_bh(&sock->sk_callback_lock);
+120
-25
kernel/bpf/verifier.c
+120
-25
kernel/bpf/verifier.c
···
156
156
#define BPF_COMPLEXITY_LIMIT_INSNS 131072
157
157
#define BPF_COMPLEXITY_LIMIT_STACK 1024
158
158
159
-
#define BPF_MAP_PTR_POISON ((void *)0xeB9F + POISON_POINTER_DELTA)
159
+
#define BPF_MAP_PTR_UNPRIV 1UL
160
+
#define BPF_MAP_PTR_POISON ((void *)((0xeB9FUL << 1) + \
161
+
POISON_POINTER_DELTA))
162
+
#define BPF_MAP_PTR(X) ((struct bpf_map *)((X) & ~BPF_MAP_PTR_UNPRIV))
163
+
164
+
static bool bpf_map_ptr_poisoned(const struct bpf_insn_aux_data *aux)
165
+
{
166
+
return BPF_MAP_PTR(aux->map_state) == BPF_MAP_PTR_POISON;
167
+
}
168
+
169
+
static bool bpf_map_ptr_unpriv(const struct bpf_insn_aux_data *aux)
170
+
{
171
+
return aux->map_state & BPF_MAP_PTR_UNPRIV;
172
+
}
173
+
174
+
static void bpf_map_ptr_store(struct bpf_insn_aux_data *aux,
175
+
const struct bpf_map *map, bool unpriv)
176
+
{
177
+
BUILD_BUG_ON((unsigned long)BPF_MAP_PTR_POISON & BPF_MAP_PTR_UNPRIV);
178
+
unpriv |= bpf_map_ptr_unpriv(aux);
179
+
aux->map_state = (unsigned long)map |
180
+
(unpriv ? BPF_MAP_PTR_UNPRIV : 0UL);
181
+
}
160
182
161
183
struct bpf_call_arg_meta {
162
184
struct bpf_map *map_ptr;
···
1000
978
*/
1001
979
static int check_stack_write(struct bpf_verifier_env *env,
1002
980
struct bpf_func_state *state, /* func where register points to */
1003
-
int off, int size, int value_regno)
981
+
int off, int size, int value_regno, int insn_idx)
1004
982
{
1005
983
struct bpf_func_state *cur; /* state of the current function */
1006
984
int i, slot = -off - 1, spi = slot / BPF_REG_SIZE, err;
···
1039
1017
state->stack[spi].spilled_ptr = cur->regs[value_regno];
1040
1018
state->stack[spi].spilled_ptr.live |= REG_LIVE_WRITTEN;
1041
1019
1042
-
for (i = 0; i < BPF_REG_SIZE; i++)
1020
+
for (i = 0; i < BPF_REG_SIZE; i++) {
1021
+
if (state->stack[spi].slot_type[i] == STACK_MISC &&
1022
+
!env->allow_ptr_leaks) {
1023
+
int *poff = &env->insn_aux_data[insn_idx].sanitize_stack_off;
1024
+
int soff = (-spi - 1) * BPF_REG_SIZE;
1025
+
1026
+
/* detected reuse of integer stack slot with a pointer
1027
+
* which means either llvm is reusing stack slot or
1028
+
* an attacker is trying to exploit CVE-2018-3639
1029
+
* (speculative store bypass)
1030
+
* Have to sanitize that slot with preemptive
1031
+
* store of zero.
1032
+
*/
1033
+
if (*poff && *poff != soff) {
1034
+
/* disallow programs where single insn stores
1035
+
* into two different stack slots, since verifier
1036
+
* cannot sanitize them
1037
+
*/
1038
+
verbose(env,
1039
+
"insn %d cannot access two stack slots fp%d and fp%d",
1040
+
insn_idx, *poff, soff);
1041
+
return -EINVAL;
1042
+
}
1043
+
*poff = soff;
1044
+
}
1043
1045
state->stack[spi].slot_type[i] = STACK_SPILL;
1046
+
}
1044
1047
} else {
1045
1048
u8 type = STACK_MISC;
1046
1049
···
1741
1694
1742
1695
if (t == BPF_WRITE)
1743
1696
err = check_stack_write(env, state, off, size,
1744
-
value_regno);
1697
+
value_regno, insn_idx);
1745
1698
else
1746
1699
err = check_stack_read(env, state, off, size,
1747
1700
value_regno);
···
2380
2333
return 0;
2381
2334
}
2382
2335
2336
+
static int
2337
+
record_func_map(struct bpf_verifier_env *env, struct bpf_call_arg_meta *meta,
2338
+
int func_id, int insn_idx)
2339
+
{
2340
+
struct bpf_insn_aux_data *aux = &env->insn_aux_data[insn_idx];
2341
+
2342
+
if (func_id != BPF_FUNC_tail_call &&
2343
+
func_id != BPF_FUNC_map_lookup_elem)
2344
+
return 0;
2345
+
if (meta->map_ptr == NULL) {
2346
+
verbose(env, "kernel subsystem misconfigured verifier\n");
2347
+
return -EINVAL;
2348
+
}
2349
+
2350
+
if (!BPF_MAP_PTR(aux->map_state))
2351
+
bpf_map_ptr_store(aux, meta->map_ptr,
2352
+
meta->map_ptr->unpriv_array);
2353
+
else if (BPF_MAP_PTR(aux->map_state) != meta->map_ptr)
2354
+
bpf_map_ptr_store(aux, BPF_MAP_PTR_POISON,
2355
+
meta->map_ptr->unpriv_array);
2356
+
return 0;
2357
+
}
2358
+
2383
2359
static int check_helper_call(struct bpf_verifier_env *env, int func_id, int insn_idx)
2384
2360
{
2385
2361
const struct bpf_func_proto *fn = NULL;
···
2457
2387
err = check_func_arg(env, BPF_REG_2, fn->arg2_type, &meta);
2458
2388
if (err)
2459
2389
return err;
2460
-
if (func_id == BPF_FUNC_tail_call) {
2461
-
if (meta.map_ptr == NULL) {
2462
-
verbose(env, "verifier bug\n");
2463
-
return -EINVAL;
2464
-
}
2465
-
env->insn_aux_data[insn_idx].map_ptr = meta.map_ptr;
2466
-
}
2467
2390
err = check_func_arg(env, BPF_REG_3, fn->arg3_type, &meta);
2468
2391
if (err)
2469
2392
return err;
···
2464
2401
if (err)
2465
2402
return err;
2466
2403
err = check_func_arg(env, BPF_REG_5, fn->arg5_type, &meta);
2404
+
if (err)
2405
+
return err;
2406
+
2407
+
err = record_func_map(env, &meta, func_id, insn_idx);
2467
2408
if (err)
2468
2409
return err;
2469
2410
···
2495
2428
} else if (fn->ret_type == RET_VOID) {
2496
2429
regs[BPF_REG_0].type = NOT_INIT;
2497
2430
} else if (fn->ret_type == RET_PTR_TO_MAP_VALUE_OR_NULL) {
2498
-
struct bpf_insn_aux_data *insn_aux;
2499
-
2500
2431
regs[BPF_REG_0].type = PTR_TO_MAP_VALUE_OR_NULL;
2501
2432
/* There is no offset yet applied, variable or fixed */
2502
2433
mark_reg_known_zero(env, regs, BPF_REG_0);
···
2510
2445
}
2511
2446
regs[BPF_REG_0].map_ptr = meta.map_ptr;
2512
2447
regs[BPF_REG_0].id = ++env->id_gen;
2513
-
insn_aux = &env->insn_aux_data[insn_idx];
2514
-
if (!insn_aux->map_ptr)
2515
-
insn_aux->map_ptr = meta.map_ptr;
2516
-
else if (insn_aux->map_ptr != meta.map_ptr)
2517
-
insn_aux->map_ptr = BPF_MAP_PTR_POISON;
2518
2448
} else {
2519
2449
verbose(env, "unknown return type %d of func %s#%d\n",
2520
2450
fn->ret_type, func_id_name(func_id), func_id);
···
5229
5169
else
5230
5170
continue;
5231
5171
5172
+
if (type == BPF_WRITE &&
5173
+
env->insn_aux_data[i + delta].sanitize_stack_off) {
5174
+
struct bpf_insn patch[] = {
5175
+
/* Sanitize suspicious stack slot with zero.
5176
+
* There are no memory dependencies for this store,
5177
+
* since it's only using frame pointer and immediate
5178
+
* constant of zero
5179
+
*/
5180
+
BPF_ST_MEM(BPF_DW, BPF_REG_FP,
5181
+
env->insn_aux_data[i + delta].sanitize_stack_off,
5182
+
0),
5183
+
/* the original STX instruction will immediately
5184
+
* overwrite the same stack slot with appropriate value
5185
+
*/
5186
+
*insn,
5187
+
};
5188
+
5189
+
cnt = ARRAY_SIZE(patch);
5190
+
new_prog = bpf_patch_insn_data(env, i + delta, patch, cnt);
5191
+
if (!new_prog)
5192
+
return -ENOMEM;
5193
+
5194
+
delta += cnt - 1;
5195
+
env->prog = new_prog;
5196
+
insn = new_prog->insnsi + i + delta;
5197
+
continue;
5198
+
}
5199
+
5232
5200
if (env->insn_aux_data[i + delta].ptr_type != PTR_TO_CTX)
5233
5201
continue;
5234
5202
···
5505
5417
struct bpf_insn *insn = prog->insnsi;
5506
5418
const struct bpf_func_proto *fn;
5507
5419
const int insn_cnt = prog->len;
5420
+
struct bpf_insn_aux_data *aux;
5508
5421
struct bpf_insn insn_buf[16];
5509
5422
struct bpf_prog *new_prog;
5510
5423
struct bpf_map *map_ptr;
···
5580
5491
insn->imm = 0;
5581
5492
insn->code = BPF_JMP | BPF_TAIL_CALL;
5582
5493
5494
+
aux = &env->insn_aux_data[i + delta];
5495
+
if (!bpf_map_ptr_unpriv(aux))
5496
+
continue;
5497
+
5583
5498
/* instead of changing every JIT dealing with tail_call
5584
5499
* emit two extra insns:
5585
5500
* if (index >= max_entries) goto out;
5586
5501
* index &= array->index_mask;
5587
5502
* to avoid out-of-bounds cpu speculation
5588
5503
*/
5589
-
map_ptr = env->insn_aux_data[i + delta].map_ptr;
5590
-
if (map_ptr == BPF_MAP_PTR_POISON) {
5504
+
if (bpf_map_ptr_poisoned(aux)) {
5591
5505
verbose(env, "tail_call abusing map_ptr\n");
5592
5506
return -EINVAL;
5593
5507
}
5594
-
if (!map_ptr->unpriv_array)
5595
-
continue;
5508
+
5509
+
map_ptr = BPF_MAP_PTR(aux->map_state);
5596
5510
insn_buf[0] = BPF_JMP_IMM(BPF_JGE, BPF_REG_3,
5597
5511
map_ptr->max_entries, 2);
5598
5512
insn_buf[1] = BPF_ALU32_IMM(BPF_AND, BPF_REG_3,
···
5619
5527
*/
5620
5528
if (prog->jit_requested && BITS_PER_LONG == 64 &&
5621
5529
insn->imm == BPF_FUNC_map_lookup_elem) {
5622
-
map_ptr = env->insn_aux_data[i + delta].map_ptr;
5623
-
if (map_ptr == BPF_MAP_PTR_POISON ||
5624
-
!map_ptr->ops->map_gen_lookup)
5530
+
aux = &env->insn_aux_data[i + delta];
5531
+
if (bpf_map_ptr_poisoned(aux))
5532
+
goto patch_call_imm;
5533
+
5534
+
map_ptr = BPF_MAP_PTR(aux->map_state);
5535
+
if (!map_ptr->ops->map_gen_lookup)
5625
5536
goto patch_call_imm;
5626
5537
5627
5538
cnt = map_ptr->ops->map_gen_lookup(map_ptr, insn_buf);
+2
-4
kernel/kthread.c
+2
-4
kernel/kthread.c
···
193
193
194
194
void kthread_park_complete(struct task_struct *k)
195
195
{
196
-
complete(&to_kthread(k)->parked);
196
+
complete_all(&to_kthread(k)->parked);
197
197
}
198
198
199
199
static int kthread(void *_create)
···
459
459
if (test_bit(KTHREAD_IS_PER_CPU, &kthread->flags))
460
460
__kthread_bind(k, kthread->cpu, TASK_PARKED);
461
461
462
+
reinit_completion(&kthread->parked);
462
463
clear_bit(KTHREAD_SHOULD_PARK, &kthread->flags);
463
464
wake_up_state(k, TASK_PARKED);
464
465
}
···
483
482
484
483
if (WARN_ON(k->flags & PF_EXITING))
485
484
return -ENOSYS;
486
-
487
-
if (WARN_ON_ONCE(test_bit(KTHREAD_SHOULD_PARK, &kthread->flags)))
488
-
return -EBUSY;
489
485
490
486
set_bit(KTHREAD_SHOULD_PARK, &kthread->flags);
491
487
if (k != current) {
+31
-14
kernel/sched/core.c
+31
-14
kernel/sched/core.c
···
881
881
}
882
882
883
883
#ifdef CONFIG_SMP
884
+
885
+
static inline bool is_per_cpu_kthread(struct task_struct *p)
886
+
{
887
+
if (!(p->flags & PF_KTHREAD))
888
+
return false;
889
+
890
+
if (p->nr_cpus_allowed != 1)
891
+
return false;
892
+
893
+
return true;
894
+
}
895
+
896
+
/*
897
+
* Per-CPU kthreads are allowed to run on !actie && online CPUs, see
898
+
* __set_cpus_allowed_ptr() and select_fallback_rq().
899
+
*/
900
+
static inline bool is_cpu_allowed(struct task_struct *p, int cpu)
901
+
{
902
+
if (!cpumask_test_cpu(cpu, &p->cpus_allowed))
903
+
return false;
904
+
905
+
if (is_per_cpu_kthread(p))
906
+
return cpu_online(cpu);
907
+
908
+
return cpu_active(cpu);
909
+
}
910
+
884
911
/*
885
912
* This is how migration works:
886
913
*
···
965
938
static struct rq *__migrate_task(struct rq *rq, struct rq_flags *rf,
966
939
struct task_struct *p, int dest_cpu)
967
940
{
968
-
if (p->flags & PF_KTHREAD) {
969
-
if (unlikely(!cpu_online(dest_cpu)))
970
-
return rq;
971
-
} else {
972
-
if (unlikely(!cpu_active(dest_cpu)))
973
-
return rq;
974
-
}
975
-
976
941
/* Affinity changed (again). */
977
-
if (!cpumask_test_cpu(dest_cpu, &p->cpus_allowed))
942
+
if (!is_cpu_allowed(p, dest_cpu))
978
943
return rq;
979
944
980
945
update_rq_clock(rq);
···
1495
1476
for (;;) {
1496
1477
/* Any allowed, online CPU? */
1497
1478
for_each_cpu(dest_cpu, &p->cpus_allowed) {
1498
-
if (!(p->flags & PF_KTHREAD) && !cpu_active(dest_cpu))
1479
+
if (!is_cpu_allowed(p, dest_cpu))
1499
1480
continue;
1500
-
if (!cpu_online(dest_cpu))
1501
-
continue;
1481
+
1502
1482
goto out;
1503
1483
}
1504
1484
···
1560
1542
* [ this allows ->select_task() to simply return task_cpu(p) and
1561
1543
* not worry about this generic constraint ]
1562
1544
*/
1563
-
if (unlikely(!cpumask_test_cpu(cpu, &p->cpus_allowed) ||
1564
-
!cpu_online(cpu)))
1545
+
if (unlikely(!is_cpu_allowed(p, cpu)))
1565
1546
cpu = select_fallback_rq(task_cpu(p), p);
1566
1547
1567
1548
return cpu;
+3
-3
kernel/sched/deadline.c
+3
-3
kernel/sched/deadline.c
···
1259
1259
1260
1260
rq = task_rq_lock(p, &rf);
1261
1261
1262
+
sched_clock_tick();
1263
+
update_rq_clock(rq);
1264
+
1262
1265
if (!dl_task(p) || p->state == TASK_DEAD) {
1263
1266
struct dl_bw *dl_b = dl_bw_of(task_cpu(p));
1264
1267
···
1280
1277
}
1281
1278
if (dl_se->dl_non_contending == 0)
1282
1279
goto unlock;
1283
-
1284
-
sched_clock_tick();
1285
-
update_rq_clock(rq);
1286
1280
1287
1281
sub_running_bw(dl_se, &rq->dl);
1288
1282
dl_se->dl_non_contending = 0;
+1
-1
kernel/sched/sched.h
+1
-1
kernel/sched/sched.h
+1
-1
kernel/sched/topology.c
+1
-1
kernel/sched/topology.c
+15
-6
kernel/seccomp.c
+15
-6
kernel/seccomp.c
···
19
19
#include <linux/compat.h>
20
20
#include <linux/coredump.h>
21
21
#include <linux/kmemleak.h>
22
+
#include <linux/nospec.h>
23
+
#include <linux/prctl.h>
22
24
#include <linux/sched.h>
23
25
#include <linux/sched/task_stack.h>
24
26
#include <linux/seccomp.h>
···
229
227
return true;
230
228
}
231
229
230
+
void __weak arch_seccomp_spec_mitigate(struct task_struct *task) { }
231
+
232
232
static inline void seccomp_assign_mode(struct task_struct *task,
233
-
unsigned long seccomp_mode)
233
+
unsigned long seccomp_mode,
234
+
unsigned long flags)
234
235
{
235
236
assert_spin_locked(&task->sighand->siglock);
236
237
···
243
238
* filter) is set.
244
239
*/
245
240
smp_mb__before_atomic();
241
+
/* Assume default seccomp processes want spec flaw mitigation. */
242
+
if ((flags & SECCOMP_FILTER_FLAG_SPEC_ALLOW) == 0)
243
+
arch_seccomp_spec_mitigate(task);
246
244
set_tsk_thread_flag(task, TIF_SECCOMP);
247
245
}
248
246
···
313
305
* without dropping the locks.
314
306
*
315
307
*/
316
-
static inline void seccomp_sync_threads(void)
308
+
static inline void seccomp_sync_threads(unsigned long flags)
317
309
{
318
310
struct task_struct *thread, *caller;
319
311
···
354
346
* allow one thread to transition the other.
355
347
*/
356
348
if (thread->seccomp.mode == SECCOMP_MODE_DISABLED)
357
-
seccomp_assign_mode(thread, SECCOMP_MODE_FILTER);
349
+
seccomp_assign_mode(thread, SECCOMP_MODE_FILTER,
350
+
flags);
358
351
}
359
352
}
360
353
···
478
469
479
470
/* Now that the new filter is in place, synchronize to all threads. */
480
471
if (flags & SECCOMP_FILTER_FLAG_TSYNC)
481
-
seccomp_sync_threads();
472
+
seccomp_sync_threads(flags);
482
473
483
474
return 0;
484
475
}
···
827
818
#ifdef TIF_NOTSC
828
819
disable_TSC();
829
820
#endif
830
-
seccomp_assign_mode(current, seccomp_mode);
821
+
seccomp_assign_mode(current, seccomp_mode, 0);
831
822
ret = 0;
832
823
833
824
out:
···
885
876
/* Do not free the successfully attached filter. */
886
877
prepared = NULL;
887
878
888
-
seccomp_assign_mode(current, seccomp_mode);
879
+
seccomp_assign_mode(current, seccomp_mode, flags);
889
880
out:
890
881
spin_unlock_irq(¤t->sighand->siglock);
891
882
if (flags & SECCOMP_FILTER_FLAG_TSYNC)
+28
kernel/sys.c
+28
kernel/sys.c
···
61
61
#include <linux/uidgid.h>
62
62
#include <linux/cred.h>
63
63
64
+
#include <linux/nospec.h>
65
+
64
66
#include <linux/kmsg_dump.h>
65
67
/* Move somewhere else to avoid recompiling? */
66
68
#include <generated/utsrelease.h>
···
70
68
#include <linux/uaccess.h>
71
69
#include <asm/io.h>
72
70
#include <asm/unistd.h>
71
+
72
+
/* Hardening for Spectre-v1 */
73
+
#include <linux/nospec.h>
73
74
74
75
#include "uid16.h"
75
76
···
1456
1451
if (resource >= RLIM_NLIMITS)
1457
1452
return -EINVAL;
1458
1453
1454
+
resource = array_index_nospec(resource, RLIM_NLIMITS);
1459
1455
task_lock(current->group_leader);
1460
1456
x = current->signal->rlim[resource];
1461
1457
task_unlock(current->group_leader);
···
1476
1470
if (resource >= RLIM_NLIMITS)
1477
1471
return -EINVAL;
1478
1472
1473
+
resource = array_index_nospec(resource, RLIM_NLIMITS);
1479
1474
task_lock(current->group_leader);
1480
1475
r = current->signal->rlim[resource];
1481
1476
task_unlock(current->group_leader);
···
2249
2242
return 1;
2250
2243
}
2251
2244
2245
+
int __weak arch_prctl_spec_ctrl_get(struct task_struct *t, unsigned long which)
2246
+
{
2247
+
return -EINVAL;
2248
+
}
2249
+
2250
+
int __weak arch_prctl_spec_ctrl_set(struct task_struct *t, unsigned long which,
2251
+
unsigned long ctrl)
2252
+
{
2253
+
return -EINVAL;
2254
+
}
2255
+
2252
2256
SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
2253
2257
unsigned long, arg4, unsigned long, arg5)
2254
2258
{
···
2467
2449
break;
2468
2450
case PR_SVE_GET_VL:
2469
2451
error = SVE_GET_VL();
2452
+
break;
2453
+
case PR_GET_SPECULATION_CTRL:
2454
+
if (arg3 || arg4 || arg5)
2455
+
return -EINVAL;
2456
+
error = arch_prctl_spec_ctrl_get(me, arg2);
2457
+
break;
2458
+
case PR_SET_SPECULATION_CTRL:
2459
+
if (arg4 || arg5)
2460
+
return -EINVAL;
2461
+
error = arch_prctl_spec_ctrl_set(me, arg2, arg3);
2470
2462
break;
2471
2463
default:
2472
2464
error = -EINVAL;
+6
-6
kernel/trace/trace.c
+6
-6
kernel/trace/trace.c
···
893
893
EXPORT_SYMBOL_GPL(__trace_bputs);
894
894
895
895
#ifdef CONFIG_TRACER_SNAPSHOT
896
-
static void tracing_snapshot_instance(struct trace_array *tr)
896
+
void tracing_snapshot_instance(struct trace_array *tr)
897
897
{
898
898
struct tracer *tracer = tr->current_trace;
899
899
unsigned long flags;
···
949
949
struct trace_buffer *size_buf, int cpu_id);
950
950
static void set_buffer_entries(struct trace_buffer *buf, unsigned long val);
951
951
952
-
static int alloc_snapshot(struct trace_array *tr)
952
+
int tracing_alloc_snapshot_instance(struct trace_array *tr)
953
953
{
954
954
int ret;
955
955
···
995
995
struct trace_array *tr = &global_trace;
996
996
int ret;
997
997
998
-
ret = alloc_snapshot(tr);
998
+
ret = tracing_alloc_snapshot_instance(tr);
999
999
WARN_ON(ret < 0);
1000
1000
1001
1001
return ret;
···
5408
5408
5409
5409
#ifdef CONFIG_TRACER_MAX_TRACE
5410
5410
if (t->use_max_tr && !had_max_tr) {
5411
-
ret = alloc_snapshot(tr);
5411
+
ret = tracing_alloc_snapshot_instance(tr);
5412
5412
if (ret < 0)
5413
5413
goto out;
5414
5414
}
···
6451
6451
}
6452
6452
#endif
6453
6453
if (!tr->allocated_snapshot) {
6454
-
ret = alloc_snapshot(tr);
6454
+
ret = tracing_alloc_snapshot_instance(tr);
6455
6455
if (ret < 0)
6456
6456
break;
6457
6457
}
···
7179
7179
return ret;
7180
7180
7181
7181
out_reg:
7182
-
ret = alloc_snapshot(tr);
7182
+
ret = tracing_alloc_snapshot_instance(tr);
7183
7183
if (ret < 0)
7184
7184
goto out;
7185
7185
+11
kernel/trace/trace.h
+11
kernel/trace/trace.h
···
1817
1817
static inline void trace_event_eval_update(struct trace_eval_map **map, int len) { }
1818
1818
#endif
1819
1819
1820
+
#ifdef CONFIG_TRACER_SNAPSHOT
1821
+
void tracing_snapshot_instance(struct trace_array *tr);
1822
+
int tracing_alloc_snapshot_instance(struct trace_array *tr);
1823
+
#else
1824
+
static inline void tracing_snapshot_instance(struct trace_array *tr) { }
1825
+
static inline int tracing_alloc_snapshot_instance(struct trace_array *tr)
1826
+
{
1827
+
return 0;
1828
+
}
1829
+
#endif
1830
+
1820
1831
extern struct trace_iterator *tracepoint_print_iter;
1821
1832
1822
1833
#endif /* _LINUX_KERNEL_TRACE_H */
+11
-4
kernel/trace/trace_events_trigger.c
+11
-4
kernel/trace/trace_events_trigger.c
···
483
483
struct trace_event_file *file;
484
484
485
485
list_for_each_entry(file, &tr->events, list) {
486
-
struct event_trigger_data *data;
487
-
list_for_each_entry_rcu(data, &file->triggers, list) {
486
+
struct event_trigger_data *data, *n;
487
+
list_for_each_entry_safe(data, n, &file->triggers, list) {
488
488
trace_event_trigger_enable_disable(file, 0);
489
+
list_del_rcu(&data->list);
489
490
if (data->ops->free)
490
491
data->ops->free(data->ops, data);
491
492
}
···
643
642
trigger_data->count = -1;
644
643
trigger_data->ops = trigger_ops;
645
644
trigger_data->cmd_ops = cmd_ops;
645
+
trigger_data->private_data = file;
646
646
INIT_LIST_HEAD(&trigger_data->list);
647
647
INIT_LIST_HEAD(&trigger_data->named_list);
648
648
···
1055
1053
snapshot_trigger(struct event_trigger_data *data, void *rec,
1056
1054
struct ring_buffer_event *event)
1057
1055
{
1058
-
tracing_snapshot();
1056
+
struct trace_event_file *file = data->private_data;
1057
+
1058
+
if (file)
1059
+
tracing_snapshot_instance(file->tr);
1060
+
else
1061
+
tracing_snapshot();
1059
1062
}
1060
1063
1061
1064
static void
···
1083
1076
{
1084
1077
int ret = register_trigger(glob, ops, data, file);
1085
1078
1086
-
if (ret > 0 && tracing_alloc_snapshot() != 0) {
1079
+
if (ret > 0 && tracing_alloc_snapshot_instance(file->tr) != 0) {
1087
1080
unregister_trigger(glob, ops, data, file);
1088
1081
ret = 0;
1089
1082
}
+2
-2
lib/iov_iter.c
+2
-2
lib/iov_iter.c
···
1012
1012
}
1013
1013
EXPORT_SYMBOL(iov_iter_gap_alignment);
1014
1014
1015
-
static inline size_t __pipe_get_pages(struct iov_iter *i,
1015
+
static inline ssize_t __pipe_get_pages(struct iov_iter *i,
1016
1016
size_t maxsize,
1017
1017
struct page **pages,
1018
1018
int idx,
···
1102
1102
size_t *start)
1103
1103
{
1104
1104
struct page **p;
1105
-
size_t n;
1105
+
ssize_t n;
1106
1106
int idx;
1107
1107
int npages;
1108
1108
+3
-1
lib/radix-tree.c
+3
-1
lib/radix-tree.c
···
2034
2034
unsigned long index, void *item)
2035
2035
{
2036
2036
struct radix_tree_node *node = NULL;
2037
-
void __rcu **slot;
2037
+
void __rcu **slot = NULL;
2038
2038
void *entry;
2039
2039
2040
2040
entry = __radix_tree_lookup(root, index, &node, &slot);
2041
+
if (!slot)
2042
+
return NULL;
2041
2043
if (!entry && (!is_idr(root) || node_tag_get(root, node, IDR_FREE,
2042
2044
get_slot_offset(node, slot))))
2043
2045
return NULL;
+11
-72
mm/cma.c
+11
-72
mm/cma.c
···
39
39
#include <trace/events/cma.h>
40
40
41
41
#include "cma.h"
42
-
#include "internal.h"
43
42
44
43
struct cma cma_areas[MAX_CMA_AREAS];
45
44
unsigned cma_area_count;
···
109
110
if (!cma->bitmap)
110
111
return -ENOMEM;
111
112
113
+
WARN_ON_ONCE(!pfn_valid(pfn));
114
+
zone = page_zone(pfn_to_page(pfn));
115
+
112
116
do {
113
117
unsigned j;
114
118
115
119
base_pfn = pfn;
116
-
if (!pfn_valid(base_pfn))
117
-
goto err;
118
-
119
-
zone = page_zone(pfn_to_page(base_pfn));
120
120
for (j = pageblock_nr_pages; j; --j, pfn++) {
121
-
if (!pfn_valid(pfn))
122
-
goto err;
123
-
121
+
WARN_ON_ONCE(!pfn_valid(pfn));
124
122
/*
125
-
* In init_cma_reserved_pageblock(), present_pages
126
-
* is adjusted with assumption that all pages in
127
-
* the pageblock come from a single zone.
123
+
* alloc_contig_range requires the pfn range
124
+
* specified to be in the same zone. Make this
125
+
* simple by forcing the entire CMA resv range
126
+
* to be in the same zone.
128
127
*/
129
128
if (page_zone(pfn_to_page(pfn)) != zone)
130
-
goto err;
129
+
goto not_in_zone;
131
130
}
132
131
init_cma_reserved_pageblock(pfn_to_page(base_pfn));
133
132
} while (--i);
···
139
142
140
143
return 0;
141
144
142
-
err:
145
+
not_in_zone:
143
146
pr_err("CMA area %s could not be activated\n", cma->name);
144
147
kfree(cma->bitmap);
145
148
cma->count = 0;
···
149
152
static int __init cma_init_reserved_areas(void)
150
153
{
151
154
int i;
152
-
struct zone *zone;
153
-
pg_data_t *pgdat;
154
-
155
-
if (!cma_area_count)
156
-
return 0;
157
-
158
-
for_each_online_pgdat(pgdat) {
159
-
unsigned long start_pfn = UINT_MAX, end_pfn = 0;
160
-
161
-
zone = &pgdat->node_zones[ZONE_MOVABLE];
162
-
163
-
/*
164
-
* In this case, we cannot adjust the zone range
165
-
* since it is now maximum node span and we don't
166
-
* know original zone range.
167
-
*/
168
-
if (populated_zone(zone))
169
-
continue;
170
-
171
-
for (i = 0; i < cma_area_count; i++) {
172
-
if (pfn_to_nid(cma_areas[i].base_pfn) !=
173
-
pgdat->node_id)
174
-
continue;
175
-
176
-
start_pfn = min(start_pfn, cma_areas[i].base_pfn);
177
-
end_pfn = max(end_pfn, cma_areas[i].base_pfn +
178
-
cma_areas[i].count);
179
-
}
180
-
181
-
if (!end_pfn)
182
-
continue;
183
-
184
-
zone->zone_start_pfn = start_pfn;
185
-
zone->spanned_pages = end_pfn - start_pfn;
186
-
}
187
155
188
156
for (i = 0; i < cma_area_count; i++) {
189
157
int ret = cma_activate_area(&cma_areas[i]);
···
157
195
return ret;
158
196
}
159
197
160
-
/*
161
-
* Reserved pages for ZONE_MOVABLE are now activated and
162
-
* this would change ZONE_MOVABLE's managed page counter and
163
-
* the other zones' present counter. We need to re-calculate
164
-
* various zone information that depends on this initialization.
165
-
*/
166
-
build_all_zonelists(NULL);
167
-
for_each_populated_zone(zone) {
168
-
if (zone_idx(zone) == ZONE_MOVABLE) {
169
-
zone_pcp_reset(zone);
170
-
setup_zone_pageset(zone);
171
-
} else
172
-
zone_pcp_update(zone);
173
-
174
-
set_zone_contiguous(zone);
175
-
}
176
-
177
-
/*
178
-
* We need to re-init per zone wmark by calling
179
-
* init_per_zone_wmark_min() but doesn't call here because it is
180
-
* registered on core_initcall and it will be called later than us.
181
-
*/
182
-
183
198
return 0;
184
199
}
185
-
pure_initcall(cma_init_reserved_areas);
200
+
core_initcall(cma_init_reserved_areas);
186
201
187
202
/**
188
203
* cma_init_reserved_mem() - create custom contiguous area from reserved memory
+3
-1
mm/compaction.c
+3
-1
mm/compaction.c
···
1450
1450
* if compaction succeeds.
1451
1451
* For costly orders, we require low watermark instead of min for
1452
1452
* compaction to proceed to increase its chances.
1453
+
* ALLOC_CMA is used, as pages in CMA pageblocks are considered
1454
+
* suitable migration targets
1453
1455
*/
1454
1456
watermark = (order > PAGE_ALLOC_COSTLY_ORDER) ?
1455
1457
low_wmark_pages(zone) : min_wmark_pages(zone);
1456
1458
watermark += compact_gap(order);
1457
1459
if (!__zone_watermark_ok(zone, 0, watermark, classzone_idx,
1458
-
0, wmark_target))
1460
+
ALLOC_CMA, wmark_target))
1459
1461
return COMPACT_SKIPPED;
1460
1462
1461
1463
return COMPACT_CONTINUE;
+1
-1
mm/huge_memory.c
+1
-1
mm/huge_memory.c
···
2431
2431
__split_huge_page_tail(head, i, lruvec, list);
2432
2432
/* Some pages can be beyond i_size: drop them from page cache */
2433
2433
if (head[i].index >= end) {
2434
-
__ClearPageDirty(head + i);
2434
+
ClearPageDirty(head + i);
2435
2435
__delete_from_page_cache(head + i, NULL);
2436
2436
if (IS_ENABLED(CONFIG_SHMEM) && PageSwapBacked(head))
2437
2437
shmem_uncharge(head->mapping->host, 1);
+1
-3
mm/internal.h
+1
-3
mm/internal.h
···
168
168
gfp_t gfp_flags);
169
169
extern int user_min_free_kbytes;
170
170
171
-
extern void set_zone_contiguous(struct zone *zone);
172
-
extern void clear_zone_contiguous(struct zone *zone);
173
-
174
171
#if defined CONFIG_COMPACTION || defined CONFIG_CMA
175
172
176
173
/*
···
495
498
#define ALLOC_HARDER 0x10 /* try to alloc harder */
496
499
#define ALLOC_HIGH 0x20 /* __GFP_HIGH set */
497
500
#define ALLOC_CPUSET 0x40 /* check for correct cpuset */
501
+
#define ALLOC_CMA 0x80 /* allow allocations from CMA areas */
498
502
499
503
enum ttu_flags;
500
504
struct tlbflush_unmap_batch;
+63
-3
mm/kasan/kasan.c
+63
-3
mm/kasan/kasan.c
···
792
792
DEFINE_ASAN_SET_SHADOW(f8);
793
793
794
794
#ifdef CONFIG_MEMORY_HOTPLUG
795
+
static bool shadow_mapped(unsigned long addr)
796
+
{
797
+
pgd_t *pgd = pgd_offset_k(addr);
798
+
p4d_t *p4d;
799
+
pud_t *pud;
800
+
pmd_t *pmd;
801
+
pte_t *pte;
802
+
803
+
if (pgd_none(*pgd))
804
+
return false;
805
+
p4d = p4d_offset(pgd, addr);
806
+
if (p4d_none(*p4d))
807
+
return false;
808
+
pud = pud_offset(p4d, addr);
809
+
if (pud_none(*pud))
810
+
return false;
811
+
812
+
/*
813
+
* We can't use pud_large() or pud_huge(), the first one is
814
+
* arch-specific, the last one depends on HUGETLB_PAGE. So let's abuse
815
+
* pud_bad(), if pud is bad then it's bad because it's huge.
816
+
*/
817
+
if (pud_bad(*pud))
818
+
return true;
819
+
pmd = pmd_offset(pud, addr);
820
+
if (pmd_none(*pmd))
821
+
return false;
822
+
823
+
if (pmd_bad(*pmd))
824
+
return true;
825
+
pte = pte_offset_kernel(pmd, addr);
826
+
return !pte_none(*pte);
827
+
}
828
+
795
829
static int __meminit kasan_mem_notifier(struct notifier_block *nb,
796
830
unsigned long action, void *data)
797
831
{
···
847
813
case MEM_GOING_ONLINE: {
848
814
void *ret;
849
815
816
+
/*
817
+
* If shadow is mapped already than it must have been mapped
818
+
* during the boot. This could happen if we onlining previously
819
+
* offlined memory.
820
+
*/
821
+
if (shadow_mapped(shadow_start))
822
+
return NOTIFY_OK;
823
+
850
824
ret = __vmalloc_node_range(shadow_size, PAGE_SIZE, shadow_start,
851
825
shadow_end, GFP_KERNEL,
852
826
PAGE_KERNEL, VM_NO_GUARD,
···
866
824
kmemleak_ignore(ret);
867
825
return NOTIFY_OK;
868
826
}
869
-
case MEM_OFFLINE:
870
-
vfree((void *)shadow_start);
827
+
case MEM_CANCEL_ONLINE:
828
+
case MEM_OFFLINE: {
829
+
struct vm_struct *vm;
830
+
831
+
/*
832
+
* shadow_start was either mapped during boot by kasan_init()
833
+
* or during memory online by __vmalloc_node_range().
834
+
* In the latter case we can use vfree() to free shadow.
835
+
* Non-NULL result of the find_vm_area() will tell us if
836
+
* that was the second case.
837
+
*
838
+
* Currently it's not possible to free shadow mapped
839
+
* during boot by kasan_init(). It's because the code
840
+
* to do that hasn't been written yet. So we'll just
841
+
* leak the memory.
842
+
*/
843
+
vm = find_vm_area((void *)shadow_start);
844
+
if (vm)
845
+
vfree((void *)shadow_start);
846
+
}
871
847
}
872
848
873
849
return NOTIFY_OK;
···
898
838
return 0;
899
839
}
900
840
901
-
module_init(kasan_memhotplug_init);
841
+
core_initcall(kasan_memhotplug_init);
902
842
#endif
+1
-1
mm/memory_hotplug.c
+1
-1
mm/memory_hotplug.c
···
1158
1158
* nodes have to go through register_node.
1159
1159
* TODO clean up this mess.
1160
1160
*/
1161
-
ret = link_mem_sections(nid, start_pfn, nr_pages);
1161
+
ret = link_mem_sections(nid, start_pfn, nr_pages, false);
1162
1162
register_fail:
1163
1163
/*
1164
1164
* If sysfs file of new node can't create, cpu on the node
+40
-59
mm/page_alloc.c
+40
-59
mm/page_alloc.c
···
1743
1743
}
1744
1744
1745
1745
#ifdef CONFIG_CMA
1746
-
static void __init adjust_present_page_count(struct page *page, long count)
1747
-
{
1748
-
struct zone *zone = page_zone(page);
1749
-
1750
-
/* We don't need to hold a lock since it is boot-up process */
1751
-
zone->present_pages += count;
1752
-
}
1753
-
1754
1746
/* Free whole pageblock and set its migration type to MIGRATE_CMA. */
1755
1747
void __init init_cma_reserved_pageblock(struct page *page)
1756
1748
{
1757
1749
unsigned i = pageblock_nr_pages;
1758
-
unsigned long pfn = page_to_pfn(page);
1759
1750
struct page *p = page;
1760
-
int nid = page_to_nid(page);
1761
-
1762
-
/*
1763
-
* ZONE_MOVABLE will steal present pages from other zones by
1764
-
* changing page links so page_zone() is changed. Before that,
1765
-
* we need to adjust previous zone's page count first.
1766
-
*/
1767
-
adjust_present_page_count(page, -pageblock_nr_pages);
1768
1751
1769
1752
do {
1770
1753
__ClearPageReserved(p);
1771
1754
set_page_count(p, 0);
1772
-
1773
-
/* Steal pages from other zones */
1774
-
set_page_links(p, ZONE_MOVABLE, nid, pfn);
1775
-
} while (++p, ++pfn, --i);
1776
-
1777
-
adjust_present_page_count(page, pageblock_nr_pages);
1755
+
} while (++p, --i);
1778
1756
1779
1757
set_pageblock_migratetype(page, MIGRATE_CMA);
1780
1758
···
2867
2889
* exists.
2868
2890
*/
2869
2891
watermark = min_wmark_pages(zone) + (1UL << order);
2870
-
if (!zone_watermark_ok(zone, 0, watermark, 0, 0))
2892
+
if (!zone_watermark_ok(zone, 0, watermark, 0, ALLOC_CMA))
2871
2893
return 0;
2872
2894
2873
2895
__mod_zone_freepage_state(zone, -(1UL << order), mt);
···
3143
3165
}
3144
3166
3145
3167
3168
+
#ifdef CONFIG_CMA
3169
+
/* If allocation can't use CMA areas don't use free CMA pages */
3170
+
if (!(alloc_flags & ALLOC_CMA))
3171
+
free_pages -= zone_page_state(z, NR_FREE_CMA_PAGES);
3172
+
#endif
3173
+
3146
3174
/*
3147
3175
* Check watermarks for an order-0 allocation request. If these
3148
3176
* are not met, then a high-order request also cannot go ahead
···
3175
3191
}
3176
3192
3177
3193
#ifdef CONFIG_CMA
3178
-
if (!list_empty(&area->free_list[MIGRATE_CMA]))
3194
+
if ((alloc_flags & ALLOC_CMA) &&
3195
+
!list_empty(&area->free_list[MIGRATE_CMA])) {
3179
3196
return true;
3197
+
}
3180
3198
#endif
3181
3199
if (alloc_harder &&
3182
3200
!list_empty(&area->free_list[MIGRATE_HIGHATOMIC]))
···
3198
3212
unsigned long mark, int classzone_idx, unsigned int alloc_flags)
3199
3213
{
3200
3214
long free_pages = zone_page_state(z, NR_FREE_PAGES);
3215
+
long cma_pages = 0;
3216
+
3217
+
#ifdef CONFIG_CMA
3218
+
/* If allocation can't use CMA areas don't use free CMA pages */
3219
+
if (!(alloc_flags & ALLOC_CMA))
3220
+
cma_pages = zone_page_state(z, NR_FREE_CMA_PAGES);
3221
+
#endif
3201
3222
3202
3223
/*
3203
3224
* Fast check for order-0 only. If this fails then the reserves
···
3213
3220
* the caller is !atomic then it'll uselessly search the free
3214
3221
* list. That corner case is then slower but it is harmless.
3215
3222
*/
3216
-
if (!order && free_pages > mark + z->lowmem_reserve[classzone_idx])
3223
+
if (!order && (free_pages - cma_pages) > mark + z->lowmem_reserve[classzone_idx])
3217
3224
return true;
3218
3225
3219
3226
return __zone_watermark_ok(z, order, mark, classzone_idx, alloc_flags,
···
3849
3856
} else if (unlikely(rt_task(current)) && !in_interrupt())
3850
3857
alloc_flags |= ALLOC_HARDER;
3851
3858
3859
+
#ifdef CONFIG_CMA
3860
+
if (gfpflags_to_migratetype(gfp_mask) == MIGRATE_MOVABLE)
3861
+
alloc_flags |= ALLOC_CMA;
3862
+
#endif
3852
3863
return alloc_flags;
3853
3864
}
3854
3865
···
4318
4321
4319
4322
if (should_fail_alloc_page(gfp_mask, order))
4320
4323
return false;
4324
+
4325
+
if (IS_ENABLED(CONFIG_CMA) && ac->migratetype == MIGRATE_MOVABLE)
4326
+
*alloc_flags |= ALLOC_CMA;
4321
4327
4322
4328
return true;
4323
4329
}
···
6204
6204
{
6205
6205
enum zone_type j;
6206
6206
int nid = pgdat->node_id;
6207
-
unsigned long node_end_pfn = 0;
6208
6207
6209
6208
pgdat_resize_init(pgdat);
6210
6209
#ifdef CONFIG_NUMA_BALANCING
···
6231
6232
struct zone *zone = pgdat->node_zones + j;
6232
6233
unsigned long size, realsize, freesize, memmap_pages;
6233
6234
unsigned long zone_start_pfn = zone->zone_start_pfn;
6234
-
unsigned long movable_size = 0;
6235
6235
6236
6236
size = zone->spanned_pages;
6237
6237
realsize = freesize = zone->present_pages;
6238
-
if (zone_end_pfn(zone) > node_end_pfn)
6239
-
node_end_pfn = zone_end_pfn(zone);
6240
-
6241
6238
6242
6239
/*
6243
6240
* Adjust freesize so that it accounts for how much memory
···
6282
6287
zone_seqlock_init(zone);
6283
6288
zone_pcp_init(zone);
6284
6289
6285
-
/*
6286
-
* The size of the CMA area is unknown now so we need to
6287
-
* prepare the memory for the usemap at maximum.
6288
-
*/
6289
-
if (IS_ENABLED(CONFIG_CMA) && j == ZONE_MOVABLE &&
6290
-
pgdat->node_spanned_pages) {
6291
-
movable_size = node_end_pfn - pgdat->node_start_pfn;
6292
-
}
6293
-
6294
-
if (!size && !movable_size)
6290
+
if (!size)
6295
6291
continue;
6296
6292
6297
6293
set_pageblock_order();
6298
-
if (movable_size) {
6299
-
zone->zone_start_pfn = pgdat->node_start_pfn;
6300
-
zone->spanned_pages = movable_size;
6301
-
setup_usemap(pgdat, zone,
6302
-
pgdat->node_start_pfn, movable_size);
6303
-
init_currently_empty_zone(zone,
6304
-
pgdat->node_start_pfn, movable_size);
6305
-
} else {
6306
-
setup_usemap(pgdat, zone, zone_start_pfn, size);
6307
-
init_currently_empty_zone(zone, zone_start_pfn, size);
6308
-
}
6294
+
setup_usemap(pgdat, zone, zone_start_pfn, size);
6295
+
init_currently_empty_zone(zone, zone_start_pfn, size);
6309
6296
memmap_init(size, nid, j, zone_start_pfn);
6310
6297
}
6311
6298
}
···
7598
7621
unsigned long pfn, iter, found;
7599
7622
7600
7623
/*
7601
-
* For avoiding noise data, lru_add_drain_all() should be called
7602
-
* If ZONE_MOVABLE, the zone never contains unmovable pages
7624
+
* TODO we could make this much more efficient by not checking every
7625
+
* page in the range if we know all of them are in MOVABLE_ZONE and
7626
+
* that the movable zone guarantees that pages are migratable but
7627
+
* the later is not the case right now unfortunatelly. E.g. movablecore
7628
+
* can still lead to having bootmem allocations in zone_movable.
7603
7629
*/
7604
-
if (zone_idx(zone) == ZONE_MOVABLE)
7605
-
return false;
7606
7630
7607
7631
/*
7608
7632
* CMA allocations (alloc_contig_range) really need to mark isolate
···
7624
7646
page = pfn_to_page(check);
7625
7647
7626
7648
if (PageReserved(page))
7627
-
return true;
7649
+
goto unmovable;
7628
7650
7629
7651
/*
7630
7652
* Hugepages are not in LRU lists, but they're movable.
···
7674
7696
* page at boot.
7675
7697
*/
7676
7698
if (found > count)
7677
-
return true;
7699
+
goto unmovable;
7678
7700
}
7679
7701
return false;
7702
+
unmovable:
7703
+
WARN_ON_ONCE(zone_idx(zone) == ZONE_MOVABLE);
7704
+
return true;
7680
7705
}
7681
7706
7682
7707
bool is_pageblock_removable_nolock(struct page *page)
···
7932
7951
}
7933
7952
#endif
7934
7953
7935
-
#if defined CONFIG_MEMORY_HOTPLUG || defined CONFIG_CMA
7954
+
#ifdef CONFIG_MEMORY_HOTPLUG
7936
7955
/*
7937
7956
* The zone indicated has a new number of managed_pages; batch sizes and percpu
7938
7957
* page high values need to be recalulated.
+6
-1
mm/swapfile.c
+6
-1
mm/swapfile.c
···
3112
3112
unsigned long *frontswap_map = NULL;
3113
3113
struct page *page = NULL;
3114
3114
struct inode *inode = NULL;
3115
+
bool inced_nr_rotate_swap = false;
3115
3116
3116
3117
if (swap_flags & ~SWAP_FLAGS_VALID)
3117
3118
return -EINVAL;
···
3216
3215
cluster = per_cpu_ptr(p->percpu_cluster, cpu);
3217
3216
cluster_set_null(&cluster->index);
3218
3217
}
3219
-
} else
3218
+
} else {
3220
3219
atomic_inc(&nr_rotate_swap);
3220
+
inced_nr_rotate_swap = true;
3221
+
}
3221
3222
3222
3223
error = swap_cgroup_swapon(p->type, maxpages);
3223
3224
if (error)
···
3310
3307
vfree(swap_map);
3311
3308
kvfree(cluster_info);
3312
3309
kvfree(frontswap_map);
3310
+
if (inced_nr_rotate_swap)
3311
+
atomic_dec(&nr_rotate_swap);
3313
3312
if (swap_file) {
3314
3313
if (inode && S_ISREG(inode->i_mode)) {
3315
3314
inode_unlock(inode);
+1
-1
mm/vmscan.c
+1
-1
mm/vmscan.c
+1
-1
net/batman-adv/multicast.c
+1
-1
net/batman-adv/multicast.c
+67
-17
net/batman-adv/translation-table.c
+67
-17
net/batman-adv/translation-table.c
···
862
862
struct batadv_orig_node_vlan *vlan;
863
863
u8 *tt_change_ptr;
864
864
865
-
rcu_read_lock();
865
+
spin_lock_bh(&orig_node->vlan_list_lock);
866
866
hlist_for_each_entry_rcu(vlan, &orig_node->vlan_list, list) {
867
867
num_vlan++;
868
868
num_entries += atomic_read(&vlan->tt.num_entries);
···
900
900
*tt_change = (struct batadv_tvlv_tt_change *)tt_change_ptr;
901
901
902
902
out:
903
-
rcu_read_unlock();
903
+
spin_unlock_bh(&orig_node->vlan_list_lock);
904
904
return tvlv_len;
905
905
}
906
906
···
931
931
struct batadv_tvlv_tt_vlan_data *tt_vlan;
932
932
struct batadv_softif_vlan *vlan;
933
933
u16 num_vlan = 0;
934
-
u16 num_entries = 0;
934
+
u16 vlan_entries = 0;
935
+
u16 total_entries = 0;
935
936
u16 tvlv_len;
936
937
u8 *tt_change_ptr;
937
938
int change_offset;
938
939
939
-
rcu_read_lock();
940
+
spin_lock_bh(&bat_priv->softif_vlan_list_lock);
940
941
hlist_for_each_entry_rcu(vlan, &bat_priv->softif_vlan_list, list) {
942
+
vlan_entries = atomic_read(&vlan->tt.num_entries);
943
+
if (vlan_entries < 1)
944
+
continue;
945
+
941
946
num_vlan++;
942
-
num_entries += atomic_read(&vlan->tt.num_entries);
947
+
total_entries += vlan_entries;
943
948
}
944
949
945
950
change_offset = sizeof(**tt_data);
···
952
947
953
948
/* if tt_len is negative, allocate the space needed by the full table */
954
949
if (*tt_len < 0)
955
-
*tt_len = batadv_tt_len(num_entries);
950
+
*tt_len = batadv_tt_len(total_entries);
956
951
957
952
tvlv_len = *tt_len;
958
953
tvlv_len += change_offset;
···
969
964
970
965
tt_vlan = (struct batadv_tvlv_tt_vlan_data *)(*tt_data + 1);
971
966
hlist_for_each_entry_rcu(vlan, &bat_priv->softif_vlan_list, list) {
967
+
vlan_entries = atomic_read(&vlan->tt.num_entries);
968
+
if (vlan_entries < 1)
969
+
continue;
970
+
972
971
tt_vlan->vid = htons(vlan->vid);
973
972
tt_vlan->crc = htonl(vlan->tt.crc);
974
973
···
983
974
*tt_change = (struct batadv_tvlv_tt_change *)tt_change_ptr;
984
975
985
976
out:
986
-
rcu_read_unlock();
977
+
spin_unlock_bh(&bat_priv->softif_vlan_list_lock);
987
978
return tvlv_len;
988
979
}
989
980
···
1547
1538
* handled by a given originator
1548
1539
* @entry: the TT global entry to check
1549
1540
* @orig_node: the originator to search in the list
1541
+
* @flags: a pointer to store TT flags for the given @entry received
1542
+
* from @orig_node
1550
1543
*
1551
1544
* find out if an orig_node is already in the list of a tt_global_entry.
1552
1545
*
···
1556
1545
*/
1557
1546
static bool
1558
1547
batadv_tt_global_entry_has_orig(const struct batadv_tt_global_entry *entry,
1559
-
const struct batadv_orig_node *orig_node)
1548
+
const struct batadv_orig_node *orig_node,
1549
+
u8 *flags)
1560
1550
{
1561
1551
struct batadv_tt_orig_list_entry *orig_entry;
1562
1552
bool found = false;
···
1565
1553
orig_entry = batadv_tt_global_orig_entry_find(entry, orig_node);
1566
1554
if (orig_entry) {
1567
1555
found = true;
1556
+
1557
+
if (flags)
1558
+
*flags = orig_entry->flags;
1559
+
1568
1560
batadv_tt_orig_list_entry_put(orig_entry);
1569
1561
}
1570
1562
···
1747
1731
if (!(common->flags & BATADV_TT_CLIENT_TEMP))
1748
1732
goto out;
1749
1733
if (batadv_tt_global_entry_has_orig(tt_global_entry,
1750
-
orig_node))
1734
+
orig_node, NULL))
1751
1735
goto out_remove;
1752
1736
batadv_tt_global_del_orig_list(tt_global_entry);
1753
1737
goto add_orig_entry;
···
2896
2880
}
2897
2881
2898
2882
/**
2899
-
* batadv_tt_local_valid() - verify that given tt entry is a valid one
2883
+
* batadv_tt_local_valid() - verify local tt entry and get flags
2900
2884
* @entry_ptr: to be checked local tt entry
2901
2885
* @data_ptr: not used but definition required to satisfy the callback prototype
2886
+
* @flags: a pointer to store TT flags for this client to
2887
+
*
2888
+
* Checks the validity of the given local TT entry. If it is, then the provided
2889
+
* flags pointer is updated.
2902
2890
*
2903
2891
* Return: true if the entry is a valid, false otherwise.
2904
2892
*/
2905
-
static bool batadv_tt_local_valid(const void *entry_ptr, const void *data_ptr)
2893
+
static bool batadv_tt_local_valid(const void *entry_ptr,
2894
+
const void *data_ptr,
2895
+
u8 *flags)
2906
2896
{
2907
2897
const struct batadv_tt_common_entry *tt_common_entry = entry_ptr;
2908
2898
2909
2899
if (tt_common_entry->flags & BATADV_TT_CLIENT_NEW)
2910
2900
return false;
2901
+
2902
+
if (flags)
2903
+
*flags = tt_common_entry->flags;
2904
+
2911
2905
return true;
2912
2906
}
2913
2907
2908
+
/**
2909
+
* batadv_tt_global_valid() - verify global tt entry and get flags
2910
+
* @entry_ptr: to be checked global tt entry
2911
+
* @data_ptr: an orig_node object (may be NULL)
2912
+
* @flags: a pointer to store TT flags for this client to
2913
+
*
2914
+
* Checks the validity of the given global TT entry. If it is, then the provided
2915
+
* flags pointer is updated either with the common (summed) TT flags if data_ptr
2916
+
* is NULL or the specific, per originator TT flags otherwise.
2917
+
*
2918
+
* Return: true if the entry is a valid, false otherwise.
2919
+
*/
2914
2920
static bool batadv_tt_global_valid(const void *entry_ptr,
2915
-
const void *data_ptr)
2921
+
const void *data_ptr,
2922
+
u8 *flags)
2916
2923
{
2917
2924
const struct batadv_tt_common_entry *tt_common_entry = entry_ptr;
2918
2925
const struct batadv_tt_global_entry *tt_global_entry;
···
2949
2910
struct batadv_tt_global_entry,
2950
2911
common);
2951
2912
2952
-
return batadv_tt_global_entry_has_orig(tt_global_entry, orig_node);
2913
+
return batadv_tt_global_entry_has_orig(tt_global_entry, orig_node,
2914
+
flags);
2953
2915
}
2954
2916
2955
2917
/**
···
2960
2920
* @hash: hash table containing the tt entries
2961
2921
* @tt_len: expected tvlv tt data buffer length in number of bytes
2962
2922
* @tvlv_buff: pointer to the buffer to fill with the TT data
2963
-
* @valid_cb: function to filter tt change entries
2923
+
* @valid_cb: function to filter tt change entries and to return TT flags
2964
2924
* @cb_data: data passed to the filter function as argument
2925
+
*
2926
+
* Fills the tvlv buff with the tt entries from the specified hash. If valid_cb
2927
+
* is not provided then this becomes a no-op.
2965
2928
*/
2966
2929
static void batadv_tt_tvlv_generate(struct batadv_priv *bat_priv,
2967
2930
struct batadv_hashtable *hash,
2968
2931
void *tvlv_buff, u16 tt_len,
2969
2932
bool (*valid_cb)(const void *,
2970
-
const void *),
2933
+
const void *,
2934
+
u8 *flags),
2971
2935
void *cb_data)
2972
2936
{
2973
2937
struct batadv_tt_common_entry *tt_common_entry;
2974
2938
struct batadv_tvlv_tt_change *tt_change;
2975
2939
struct hlist_head *head;
2976
2940
u16 tt_tot, tt_num_entries = 0;
2941
+
u8 flags;
2942
+
bool ret;
2977
2943
u32 i;
2978
2944
2979
2945
tt_tot = batadv_tt_entries(tt_len);
2980
2946
tt_change = (struct batadv_tvlv_tt_change *)tvlv_buff;
2947
+
2948
+
if (!valid_cb)
2949
+
return;
2981
2950
2982
2951
rcu_read_lock();
2983
2952
for (i = 0; i < hash->size; i++) {
···
2997
2948
if (tt_tot == tt_num_entries)
2998
2949
break;
2999
2950
3000
-
if ((valid_cb) && (!valid_cb(tt_common_entry, cb_data)))
2951
+
ret = valid_cb(tt_common_entry, cb_data, &flags);
2952
+
if (!ret)
3001
2953
continue;
3002
2954
3003
2955
ether_addr_copy(tt_change->addr, tt_common_entry->addr);
3004
-
tt_change->flags = tt_common_entry->flags;
2956
+
tt_change->flags = flags;
3005
2957
tt_change->vid = htons(tt_common_entry->vid);
3006
2958
memset(tt_change->reserved, 0,
3007
2959
sizeof(tt_change->reserved));
+2
-2
net/bridge/netfilter/ebt_stp.c
+2
-2
net/bridge/netfilter/ebt_stp.c
···
161
161
/* Make sure the match only receives stp frames */
162
162
if (!par->nft_compat &&
163
163
(!ether_addr_equal(e->destmac, eth_stp_addr) ||
164
-
!is_broadcast_ether_addr(e->destmsk) ||
165
-
!(e->bitmask & EBT_DESTMAC)))
164
+
!(e->bitmask & EBT_DESTMAC) ||
165
+
!is_broadcast_ether_addr(e->destmsk)))
166
166
return -EINVAL;
167
167
168
168
return 0;
+2
-1
net/bridge/netfilter/ebtables.c
+2
-1
net/bridge/netfilter/ebtables.c
···
1954
1954
int off, pad = 0;
1955
1955
unsigned int size_kern, match_size = mwt->match_size;
1956
1956
1957
-
strlcpy(name, mwt->u.name, sizeof(name));
1957
+
if (strscpy(name, mwt->u.name, sizeof(name)) < 0)
1958
+
return -EINVAL;
1958
1959
1959
1960
if (state->buf_kern_start)
1960
1961
dst = state->buf_kern_start + state->buf_kern_offset;
+1
-1
net/core/dev.c
+1
-1
net/core/dev.c
+9
-2
net/core/filter.c
+9
-2
net/core/filter.c
···
481
481
482
482
#define BPF_EMIT_JMP \
483
483
do { \
484
+
const s32 off_min = S16_MIN, off_max = S16_MAX; \
485
+
s32 off; \
486
+
\
484
487
if (target >= len || target < 0) \
485
488
goto err; \
486
-
insn->off = addrs ? addrs[target] - addrs[i] - 1 : 0; \
489
+
off = addrs ? addrs[target] - addrs[i] - 1 : 0; \
487
490
/* Adjust pc relative offset for 2nd or 3rd insn. */ \
488
-
insn->off -= insn - tmp_insns; \
491
+
off -= insn - tmp_insns; \
492
+
/* Reject anything not fitting into insn->off. */ \
493
+
if (off < off_min || off > off_max) \
494
+
goto err; \
495
+
insn->off = off; \
489
496
} while (0)
490
497
491
498
case BPF_JMP | BPF_JA:
+3
-3
net/core/net-sysfs.c
+3
-3
net/core/net-sysfs.c
···
1214
1214
cpumask_var_t mask;
1215
1215
unsigned long index;
1216
1216
1217
-
if (!zalloc_cpumask_var(&mask, GFP_KERNEL))
1218
-
return -ENOMEM;
1219
-
1220
1217
index = get_netdev_queue_index(queue);
1221
1218
1222
1219
if (dev->num_tc) {
···
1222
1225
if (tc < 0)
1223
1226
return -EINVAL;
1224
1227
}
1228
+
1229
+
if (!zalloc_cpumask_var(&mask, GFP_KERNEL))
1230
+
return -ENOMEM;
1225
1231
1226
1232
rcu_read_lock();
1227
1233
dev_maps = rcu_dereference(dev->xps_maps);
+1
-1
net/core/sock.c
+1
-1
net/core/sock.c
···
1606
1606
if (likely(sk->sk_net_refcnt))
1607
1607
sock_inuse_add(sock_net(sk), -1);
1608
1608
1609
-
if (unlikely(sock_diag_has_destroy_listeners(sk) && sk->sk_net_refcnt))
1609
+
if (unlikely(sk->sk_net_refcnt && sock_diag_has_destroy_listeners(sk)))
1610
1610
sock_diag_broadcast_destroy(sk);
1611
1611
else
1612
1612
sk_destruct(sk);
-2
net/dccp/proto.c
-2
net/dccp/proto.c
···
283
283
284
284
dccp_clear_xmit_timers(sk);
285
285
ccid_hc_rx_delete(dp->dccps_hc_rx_ccid, sk);
286
-
ccid_hc_tx_delete(dp->dccps_hc_tx_ccid, sk);
287
286
dp->dccps_hc_rx_ccid = NULL;
288
-
dp->dccps_hc_tx_ccid = NULL;
289
287
290
288
__skb_queue_purge(&sk->sk_receive_queue);
291
289
__skb_queue_purge(&sk->sk_write_queue);
+6
-3
net/dsa/dsa2.c
+6
-3
net/dsa/dsa2.c
···
258
258
static int dsa_port_setup(struct dsa_port *dp)
259
259
{
260
260
struct dsa_switch *ds = dp->ds;
261
-
int err;
261
+
int err = 0;
262
262
263
263
memset(&dp->devlink_port, 0, sizeof(dp->devlink_port));
264
264
265
-
err = devlink_port_register(ds->devlink, &dp->devlink_port, dp->index);
265
+
if (dp->type != DSA_PORT_TYPE_UNUSED)
266
+
err = devlink_port_register(ds->devlink, &dp->devlink_port,
267
+
dp->index);
266
268
if (err)
267
269
return err;
268
270
···
295
293
296
294
static void dsa_port_teardown(struct dsa_port *dp)
297
295
{
298
-
devlink_port_unregister(&dp->devlink_port);
296
+
if (dp->type != DSA_PORT_TYPE_UNUSED)
297
+
devlink_port_unregister(&dp->devlink_port);
299
298
300
299
switch (dp->type) {
301
300
case DSA_PORT_TYPE_UNUSED:
+8
-1
net/ipv4/fib_frontend.c
+8
-1
net/ipv4/fib_frontend.c
···
326
326
u8 tos, int oif, struct net_device *dev,
327
327
int rpf, struct in_device *idev, u32 *itag)
328
328
{
329
+
struct net *net = dev_net(dev);
330
+
struct flow_keys flkeys;
329
331
int ret, no_addr;
330
332
struct fib_result res;
331
333
struct flowi4 fl4;
332
-
struct net *net = dev_net(dev);
333
334
bool dev_match;
334
335
335
336
fl4.flowi4_oif = 0;
···
348
347
no_addr = idev->ifa_list == NULL;
349
348
350
349
fl4.flowi4_mark = IN_DEV_SRC_VMARK(idev) ? skb->mark : 0;
350
+
if (!fib4_rules_early_flow_dissect(net, skb, &fl4, &flkeys)) {
351
+
fl4.flowi4_proto = 0;
352
+
fl4.fl4_sport = 0;
353
+
fl4.fl4_dport = 0;
354
+
}
351
355
352
356
trace_fib_validate_source(dev, &fl4);
353
357
···
649
643
[RTA_ENCAP] = { .type = NLA_NESTED },
650
644
[RTA_UID] = { .type = NLA_U32 },
651
645
[RTA_MARK] = { .type = NLA_U32 },
646
+
[RTA_TABLE] = { .type = NLA_U32 },
652
647
};
653
648
654
649
static int rtm_to_fib_config(struct net *net, struct sk_buff *skb,
+3
-1
net/ipv4/ip_gre.c
+3
-1
net/ipv4/ip_gre.c
···
722
722
erspan_build_header(skb, ntohl(tunnel->parms.o_key),
723
723
tunnel->index,
724
724
truncate, true);
725
-
else
725
+
else if (tunnel->erspan_ver == 2)
726
726
erspan_build_header_v2(skb, ntohl(tunnel->parms.o_key),
727
727
tunnel->dir, tunnel->hwid,
728
728
truncate, true);
729
+
else
730
+
goto free_skb;
729
731
730
732
tunnel->parms.o_flags &= ~TUNNEL_KEY;
731
733
__gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_ERSPAN));
+2
-1
net/ipv4/ip_output.c
+2
-1
net/ipv4/ip_output.c
-2
net/ipv4/ip_sockglue.c
-2
net/ipv4/ip_sockglue.c
+4
-4
net/ipv4/ip_tunnel.c
+4
-4
net/ipv4/ip_tunnel.c
···
328
328
329
329
if (tdev) {
330
330
hlen = tdev->hard_header_len + tdev->needed_headroom;
331
-
mtu = tdev->mtu;
331
+
mtu = min(tdev->mtu, IP_MAX_MTU);
332
332
}
333
333
334
334
dev->needed_headroom = t_hlen + hlen;
···
362
362
nt = netdev_priv(dev);
363
363
t_hlen = nt->hlen + sizeof(struct iphdr);
364
364
dev->min_mtu = ETH_MIN_MTU;
365
-
dev->max_mtu = 0xFFF8 - dev->hard_header_len - t_hlen;
365
+
dev->max_mtu = IP_MAX_MTU - dev->hard_header_len - t_hlen;
366
366
ip_tunnel_add(itn, nt);
367
367
return nt;
368
368
···
930
930
{
931
931
struct ip_tunnel *tunnel = netdev_priv(dev);
932
932
int t_hlen = tunnel->hlen + sizeof(struct iphdr);
933
-
int max_mtu = 0xFFF8 - dev->hard_header_len - t_hlen;
933
+
int max_mtu = IP_MAX_MTU - dev->hard_header_len - t_hlen;
934
934
935
935
if (new_mtu < ETH_MIN_MTU)
936
936
return -EINVAL;
···
1107
1107
1108
1108
mtu = ip_tunnel_bind_dev(dev);
1109
1109
if (tb[IFLA_MTU]) {
1110
-
unsigned int max = 0xfff8 - dev->hard_header_len - nt->hlen;
1110
+
unsigned int max = IP_MAX_MTU - dev->hard_header_len - nt->hlen;
1111
1111
1112
1112
mtu = clamp(dev->mtu, (unsigned int)ETH_MIN_MTU,
1113
1113
(unsigned int)(max - sizeof(struct iphdr)));
+4
-1
net/ipv4/ipmr_base.c
+4
-1
net/ipv4/ipmr_base.c
···
43
43
write_pnet(&mrt->net, net);
44
44
45
45
mrt->ops = *ops;
46
-
rhltable_init(&mrt->mfc_hash, mrt->ops.rht_params);
46
+
if (rhltable_init(&mrt->mfc_hash, mrt->ops.rht_params)) {
47
+
kfree(mrt);
48
+
return NULL;
49
+
}
47
50
INIT_LIST_HEAD(&mrt->mfc_cache_list);
48
51
INIT_LIST_HEAD(&mrt->mfc_unres_queue);
49
52
+1
net/ipv4/netfilter/ip_tables.c
+1
net/ipv4/netfilter/ip_tables.c
+1
-1
net/ipv4/netfilter/ipt_rpfilter.c
+1
-1
net/ipv4/netfilter/ipt_rpfilter.c
···
89
89
return true ^ invert;
90
90
}
91
91
92
+
memset(&flow, 0, sizeof(flow));
92
93
flow.flowi4_iif = LOOPBACK_IFINDEX;
93
94
flow.daddr = iph->saddr;
94
95
flow.saddr = rpfilter_get_saddr(iph->daddr);
95
-
flow.flowi4_oif = 0;
96
96
flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
97
97
flow.flowi4_tos = RT_TOS(iph->tos);
98
98
flow.flowi4_scope = RT_SCOPE_UNIVERSE;
+6
-1
net/ipv4/route.c
+6
-1
net/ipv4/route.c
···
1961
1961
fl4.saddr = saddr;
1962
1962
fl4.flowi4_uid = sock_net_uid(net, NULL);
1963
1963
1964
-
if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys))
1964
+
if (fib4_rules_early_flow_dissect(net, skb, &fl4, &_flkeys)) {
1965
1965
flkeys = &_flkeys;
1966
+
} else {
1967
+
fl4.flowi4_proto = 0;
1968
+
fl4.fl4_sport = 0;
1969
+
fl4.fl4_dport = 0;
1970
+
}
1966
1971
1967
1972
err = fib_lookup(net, &fl4, res, 0);
1968
1973
if (err != 0) {
+5
-2
net/ipv4/tcp_output.c
+5
-2
net/ipv4/tcp_output.c
···
2833
2833
return -EBUSY;
2834
2834
2835
2835
if (before(TCP_SKB_CB(skb)->seq, tp->snd_una)) {
2836
-
if (before(TCP_SKB_CB(skb)->end_seq, tp->snd_una))
2837
-
BUG();
2836
+
if (unlikely(before(TCP_SKB_CB(skb)->end_seq, tp->snd_una))) {
2837
+
WARN_ON_ONCE(1);
2838
+
return -EINVAL;
2839
+
}
2838
2840
if (tcp_trim_head(sk, skb, tp->snd_una - TCP_SKB_CB(skb)->seq))
2839
2841
return -ENOMEM;
2840
2842
}
···
3344
3342
sock_reset_flag(sk, SOCK_DONE);
3345
3343
tp->snd_wnd = 0;
3346
3344
tcp_init_wl(tp, 0);
3345
+
tcp_write_queue_purge(sk);
3347
3346
tp->snd_una = tp->write_seq;
3348
3347
tp->snd_sml = tp->write_seq;
3349
3348
tp->snd_up = tp->write_seq;
+241
-75
net/ipv6/ip6_gre.c
+241
-75
net/ipv6/ip6_gre.c
···
71
71
struct ip6_tnl __rcu *tunnels[4][IP6_GRE_HASH_SIZE];
72
72
73
73
struct ip6_tnl __rcu *collect_md_tun;
74
+
struct ip6_tnl __rcu *collect_md_tun_erspan;
74
75
struct net_device *fb_tunnel_dev;
75
76
};
76
77
···
82
81
static void ip6gre_tunnel_setup(struct net_device *dev);
83
82
static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
84
83
static void ip6gre_tnl_link_config(struct ip6_tnl *t, int set_mtu);
84
+
static void ip6erspan_tnl_link_config(struct ip6_tnl *t, int set_mtu);
85
85
86
86
/* Tunnel hash table */
87
87
···
234
232
if (cand)
235
233
return cand;
236
234
237
-
t = rcu_dereference(ign->collect_md_tun);
235
+
if (gre_proto == htons(ETH_P_ERSPAN) ||
236
+
gre_proto == htons(ETH_P_ERSPAN2))
237
+
t = rcu_dereference(ign->collect_md_tun_erspan);
238
+
else
239
+
t = rcu_dereference(ign->collect_md_tun);
240
+
238
241
if (t && t->dev->flags & IFF_UP)
239
242
return t;
240
243
···
268
261
return &ign->tunnels[prio][h];
269
262
}
270
263
264
+
static void ip6gre_tunnel_link_md(struct ip6gre_net *ign, struct ip6_tnl *t)
265
+
{
266
+
if (t->parms.collect_md)
267
+
rcu_assign_pointer(ign->collect_md_tun, t);
268
+
}
269
+
270
+
static void ip6erspan_tunnel_link_md(struct ip6gre_net *ign, struct ip6_tnl *t)
271
+
{
272
+
if (t->parms.collect_md)
273
+
rcu_assign_pointer(ign->collect_md_tun_erspan, t);
274
+
}
275
+
276
+
static void ip6gre_tunnel_unlink_md(struct ip6gre_net *ign, struct ip6_tnl *t)
277
+
{
278
+
if (t->parms.collect_md)
279
+
rcu_assign_pointer(ign->collect_md_tun, NULL);
280
+
}
281
+
282
+
static void ip6erspan_tunnel_unlink_md(struct ip6gre_net *ign,
283
+
struct ip6_tnl *t)
284
+
{
285
+
if (t->parms.collect_md)
286
+
rcu_assign_pointer(ign->collect_md_tun_erspan, NULL);
287
+
}
288
+
271
289
static inline struct ip6_tnl __rcu **ip6gre_bucket(struct ip6gre_net *ign,
272
290
const struct ip6_tnl *t)
273
291
{
···
303
271
{
304
272
struct ip6_tnl __rcu **tp = ip6gre_bucket(ign, t);
305
273
306
-
if (t->parms.collect_md)
307
-
rcu_assign_pointer(ign->collect_md_tun, t);
308
-
309
274
rcu_assign_pointer(t->next, rtnl_dereference(*tp));
310
275
rcu_assign_pointer(*tp, t);
311
276
}
···
311
282
{
312
283
struct ip6_tnl __rcu **tp;
313
284
struct ip6_tnl *iter;
314
-
315
-
if (t->parms.collect_md)
316
-
rcu_assign_pointer(ign->collect_md_tun, NULL);
317
285
318
286
for (tp = ip6gre_bucket(ign, t);
319
287
(iter = rtnl_dereference(*tp)) != NULL;
···
400
374
return NULL;
401
375
}
402
376
377
+
static void ip6erspan_tunnel_uninit(struct net_device *dev)
378
+
{
379
+
struct ip6_tnl *t = netdev_priv(dev);
380
+
struct ip6gre_net *ign = net_generic(t->net, ip6gre_net_id);
381
+
382
+
ip6erspan_tunnel_unlink_md(ign, t);
383
+
ip6gre_tunnel_unlink(ign, t);
384
+
dst_cache_reset(&t->dst_cache);
385
+
dev_put(dev);
386
+
}
387
+
403
388
static void ip6gre_tunnel_uninit(struct net_device *dev)
404
389
{
405
390
struct ip6_tnl *t = netdev_priv(dev);
406
391
struct ip6gre_net *ign = net_generic(t->net, ip6gre_net_id);
407
392
393
+
ip6gre_tunnel_unlink_md(ign, t);
408
394
ip6gre_tunnel_unlink(ign, t);
409
395
dst_cache_reset(&t->dst_cache);
410
396
dev_put(dev);
···
736
698
else
737
699
fl6->daddr = tunnel->parms.raddr;
738
700
701
+
if (skb_cow_head(skb, dev->needed_headroom ?: tunnel->hlen))
702
+
return -ENOMEM;
703
+
739
704
/* Push GRE header. */
740
705
protocol = (dev->type == ARPHRD_ETHER) ? htons(ETH_P_TEB) : proto;
741
706
···
949
908
truncate = true;
950
909
}
951
910
952
-
if (skb_cow_head(skb, dev->needed_headroom))
911
+
if (skb_cow_head(skb, dev->needed_headroom ?: t->hlen))
953
912
goto tx_err;
954
913
955
914
t->parms.o_flags &= ~TUNNEL_KEY;
···
1020
979
erspan_build_header(skb, ntohl(t->parms.o_key),
1021
980
t->parms.index,
1022
981
truncate, false);
1023
-
else
982
+
else if (t->parms.erspan_ver == 2)
1024
983
erspan_build_header_v2(skb, ntohl(t->parms.o_key),
1025
984
t->parms.dir,
1026
985
t->parms.hwid,
1027
986
truncate, false);
987
+
else
988
+
goto tx_err;
989
+
1028
990
fl6.daddr = t->parms.raddr;
1029
991
}
1030
992
···
1063
1019
return NETDEV_TX_OK;
1064
1020
}
1065
1021
1066
-
static void ip6gre_tnl_link_config(struct ip6_tnl *t, int set_mtu)
1022
+
static void ip6gre_tnl_link_config_common(struct ip6_tnl *t)
1067
1023
{
1068
1024
struct net_device *dev = t->dev;
1069
1025
struct __ip6_tnl_parm *p = &t->parms;
1070
1026
struct flowi6 *fl6 = &t->fl.u.ip6;
1071
-
int t_hlen;
1072
1027
1073
1028
if (dev->type != ARPHRD_ETHER) {
1074
1029
memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
···
1094
1051
dev->flags |= IFF_POINTOPOINT;
1095
1052
else
1096
1053
dev->flags &= ~IFF_POINTOPOINT;
1054
+
}
1097
1055
1098
-
t->tun_hlen = gre_calc_hlen(t->parms.o_flags);
1099
-
1100
-
t->hlen = t->encap_hlen + t->tun_hlen;
1101
-
1102
-
t_hlen = t->hlen + sizeof(struct ipv6hdr);
1056
+
static void ip6gre_tnl_link_config_route(struct ip6_tnl *t, int set_mtu,
1057
+
int t_hlen)
1058
+
{
1059
+
const struct __ip6_tnl_parm *p = &t->parms;
1060
+
struct net_device *dev = t->dev;
1103
1061
1104
1062
if (p->flags & IP6_TNL_F_CAP_XMIT) {
1105
1063
int strict = (ipv6_addr_type(&p->raddr) &
···
1132
1088
}
1133
1089
}
1134
1090
1135
-
static int ip6gre_tnl_change(struct ip6_tnl *t,
1136
-
const struct __ip6_tnl_parm *p, int set_mtu)
1091
+
static int ip6gre_calc_hlen(struct ip6_tnl *tunnel)
1092
+
{
1093
+
int t_hlen;
1094
+
1095
+
tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
1096
+
tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
1097
+
1098
+
t_hlen = tunnel->hlen + sizeof(struct ipv6hdr);
1099
+
tunnel->dev->hard_header_len = LL_MAX_HEADER + t_hlen;
1100
+
return t_hlen;
1101
+
}
1102
+
1103
+
static void ip6gre_tnl_link_config(struct ip6_tnl *t, int set_mtu)
1104
+
{
1105
+
ip6gre_tnl_link_config_common(t);
1106
+
ip6gre_tnl_link_config_route(t, set_mtu, ip6gre_calc_hlen(t));
1107
+
}
1108
+
1109
+
static void ip6gre_tnl_copy_tnl_parm(struct ip6_tnl *t,
1110
+
const struct __ip6_tnl_parm *p)
1137
1111
{
1138
1112
t->parms.laddr = p->laddr;
1139
1113
t->parms.raddr = p->raddr;
···
1167
1105
t->parms.o_flags = p->o_flags;
1168
1106
t->parms.fwmark = p->fwmark;
1169
1107
dst_cache_reset(&t->dst_cache);
1108
+
}
1109
+
1110
+
static int ip6gre_tnl_change(struct ip6_tnl *t, const struct __ip6_tnl_parm *p,
1111
+
int set_mtu)
1112
+
{
1113
+
ip6gre_tnl_copy_tnl_parm(t, p);
1170
1114
ip6gre_tnl_link_config(t, set_mtu);
1171
1115
return 0;
1172
1116
}
···
1449
1381
return ret;
1450
1382
}
1451
1383
1452
-
tunnel->tun_hlen = gre_calc_hlen(tunnel->parms.o_flags);
1453
-
tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen;
1454
-
t_hlen = tunnel->hlen + sizeof(struct ipv6hdr);
1455
-
1456
-
dev->hard_header_len = LL_MAX_HEADER + t_hlen;
1384
+
t_hlen = ip6gre_calc_hlen(tunnel);
1457
1385
dev->mtu = ETH_DATA_LEN - t_hlen;
1458
1386
if (dev->type == ARPHRD_ETHER)
1459
1387
dev->mtu -= ETH_HLEN;
···
1792
1728
.ndo_get_iflink = ip6_tnl_get_iflink,
1793
1729
};
1794
1730
1731
+
static int ip6erspan_calc_hlen(struct ip6_tnl *tunnel)
1732
+
{
1733
+
int t_hlen;
1734
+
1735
+
tunnel->tun_hlen = 8;
1736
+
tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen +
1737
+
erspan_hdr_len(tunnel->parms.erspan_ver);
1738
+
1739
+
t_hlen = tunnel->hlen + sizeof(struct ipv6hdr);
1740
+
tunnel->dev->hard_header_len = LL_MAX_HEADER + t_hlen;
1741
+
return t_hlen;
1742
+
}
1743
+
1795
1744
static int ip6erspan_tap_init(struct net_device *dev)
1796
1745
{
1797
1746
struct ip6_tnl *tunnel;
···
1828
1751
return ret;
1829
1752
}
1830
1753
1831
-
tunnel->tun_hlen = 8;
1832
-
tunnel->hlen = tunnel->tun_hlen + tunnel->encap_hlen +
1833
-
erspan_hdr_len(tunnel->parms.erspan_ver);
1834
-
t_hlen = tunnel->hlen + sizeof(struct ipv6hdr);
1835
-
1836
-
dev->hard_header_len = LL_MAX_HEADER + t_hlen;
1754
+
t_hlen = ip6erspan_calc_hlen(tunnel);
1837
1755
dev->mtu = ETH_DATA_LEN - t_hlen;
1838
1756
if (dev->type == ARPHRD_ETHER)
1839
1757
dev->mtu -= ETH_HLEN;
···
1836
1764
dev->mtu -= 8;
1837
1765
1838
1766
dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
1839
-
ip6gre_tnl_link_config(tunnel, 1);
1767
+
ip6erspan_tnl_link_config(tunnel, 1);
1840
1768
1841
1769
return 0;
1842
1770
}
1843
1771
1844
1772
static const struct net_device_ops ip6erspan_netdev_ops = {
1845
1773
.ndo_init = ip6erspan_tap_init,
1846
-
.ndo_uninit = ip6gre_tunnel_uninit,
1774
+
.ndo_uninit = ip6erspan_tunnel_uninit,
1847
1775
.ndo_start_xmit = ip6erspan_tunnel_xmit,
1848
1776
.ndo_set_mac_address = eth_mac_addr,
1849
1777
.ndo_validate_addr = eth_validate_addr,
···
1907
1835
return ret;
1908
1836
}
1909
1837
1910
-
static int ip6gre_newlink(struct net *src_net, struct net_device *dev,
1911
-
struct nlattr *tb[], struct nlattr *data[],
1912
-
struct netlink_ext_ack *extack)
1838
+
static int ip6gre_newlink_common(struct net *src_net, struct net_device *dev,
1839
+
struct nlattr *tb[], struct nlattr *data[],
1840
+
struct netlink_ext_ack *extack)
1913
1841
{
1914
1842
struct ip6_tnl *nt;
1915
-
struct net *net = dev_net(dev);
1916
-
struct ip6gre_net *ign = net_generic(net, ip6gre_net_id);
1917
1843
struct ip_tunnel_encap ipencap;
1918
1844
int err;
1919
1845
···
1924
1854
return err;
1925
1855
}
1926
1856
1927
-
ip6gre_netlink_parms(data, &nt->parms);
1928
-
1929
-
if (nt->parms.collect_md) {
1930
-
if (rtnl_dereference(ign->collect_md_tun))
1931
-
return -EEXIST;
1932
-
} else {
1933
-
if (ip6gre_tunnel_find(net, &nt->parms, dev->type))
1934
-
return -EEXIST;
1935
-
}
1936
-
1937
1857
if (dev->type == ARPHRD_ETHER && !tb[IFLA_ADDRESS])
1938
1858
eth_hw_addr_random(dev);
1939
1859
···
1934
1874
if (err)
1935
1875
goto out;
1936
1876
1937
-
ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]);
1938
-
1939
1877
if (tb[IFLA_MTU])
1940
1878
ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU]));
1941
1879
1942
1880
dev_hold(dev);
1943
-
ip6gre_tunnel_link(ign, nt);
1944
1881
1945
1882
out:
1946
1883
return err;
1884
+
}
1885
+
1886
+
static int ip6gre_newlink(struct net *src_net, struct net_device *dev,
1887
+
struct nlattr *tb[], struct nlattr *data[],
1888
+
struct netlink_ext_ack *extack)
1889
+
{
1890
+
struct ip6_tnl *nt = netdev_priv(dev);
1891
+
struct net *net = dev_net(dev);
1892
+
struct ip6gre_net *ign;
1893
+
int err;
1894
+
1895
+
ip6gre_netlink_parms(data, &nt->parms);
1896
+
ign = net_generic(net, ip6gre_net_id);
1897
+
1898
+
if (nt->parms.collect_md) {
1899
+
if (rtnl_dereference(ign->collect_md_tun))
1900
+
return -EEXIST;
1901
+
} else {
1902
+
if (ip6gre_tunnel_find(net, &nt->parms, dev->type))
1903
+
return -EEXIST;
1904
+
}
1905
+
1906
+
err = ip6gre_newlink_common(src_net, dev, tb, data, extack);
1907
+
if (!err) {
1908
+
ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]);
1909
+
ip6gre_tunnel_link_md(ign, nt);
1910
+
ip6gre_tunnel_link(net_generic(net, ip6gre_net_id), nt);
1911
+
}
1912
+
return err;
1913
+
}
1914
+
1915
+
static struct ip6_tnl *
1916
+
ip6gre_changelink_common(struct net_device *dev, struct nlattr *tb[],
1917
+
struct nlattr *data[], struct __ip6_tnl_parm *p_p,
1918
+
struct netlink_ext_ack *extack)
1919
+
{
1920
+
struct ip6_tnl *t, *nt = netdev_priv(dev);
1921
+
struct net *net = nt->net;
1922
+
struct ip6gre_net *ign = net_generic(net, ip6gre_net_id);
1923
+
struct ip_tunnel_encap ipencap;
1924
+
1925
+
if (dev == ign->fb_tunnel_dev)
1926
+
return ERR_PTR(-EINVAL);
1927
+
1928
+
if (ip6gre_netlink_encap_parms(data, &ipencap)) {
1929
+
int err = ip6_tnl_encap_setup(nt, &ipencap);
1930
+
1931
+
if (err < 0)
1932
+
return ERR_PTR(err);
1933
+
}
1934
+
1935
+
ip6gre_netlink_parms(data, p_p);
1936
+
1937
+
t = ip6gre_tunnel_locate(net, p_p, 0);
1938
+
1939
+
if (t) {
1940
+
if (t->dev != dev)
1941
+
return ERR_PTR(-EEXIST);
1942
+
} else {
1943
+
t = nt;
1944
+
}
1945
+
1946
+
return t;
1947
1947
}
1948
1948
1949
1949
static int ip6gre_changelink(struct net_device *dev, struct nlattr *tb[],
1950
1950
struct nlattr *data[],
1951
1951
struct netlink_ext_ack *extack)
1952
1952
{
1953
-
struct ip6_tnl *t, *nt = netdev_priv(dev);
1954
-
struct net *net = nt->net;
1955
-
struct ip6gre_net *ign = net_generic(net, ip6gre_net_id);
1953
+
struct ip6gre_net *ign = net_generic(dev_net(dev), ip6gre_net_id);
1956
1954
struct __ip6_tnl_parm p;
1957
-
struct ip_tunnel_encap ipencap;
1955
+
struct ip6_tnl *t;
1958
1956
1959
-
if (dev == ign->fb_tunnel_dev)
1960
-
return -EINVAL;
1957
+
t = ip6gre_changelink_common(dev, tb, data, &p, extack);
1958
+
if (IS_ERR(t))
1959
+
return PTR_ERR(t);
1961
1960
1962
-
if (ip6gre_netlink_encap_parms(data, &ipencap)) {
1963
-
int err = ip6_tnl_encap_setup(nt, &ipencap);
1964
-
1965
-
if (err < 0)
1966
-
return err;
1967
-
}
1968
-
1969
-
ip6gre_netlink_parms(data, &p);
1970
-
1971
-
t = ip6gre_tunnel_locate(net, &p, 0);
1972
-
1973
-
if (t) {
1974
-
if (t->dev != dev)
1975
-
return -EEXIST;
1976
-
} else {
1977
-
t = nt;
1978
-
}
1979
-
1961
+
ip6gre_tunnel_unlink_md(ign, t);
1980
1962
ip6gre_tunnel_unlink(ign, t);
1981
1963
ip6gre_tnl_change(t, &p, !tb[IFLA_MTU]);
1964
+
ip6gre_tunnel_link_md(ign, t);
1982
1965
ip6gre_tunnel_link(ign, t);
1983
1966
return 0;
1984
1967
}
···
2171
2068
netif_keep_dst(dev);
2172
2069
}
2173
2070
2071
+
static int ip6erspan_newlink(struct net *src_net, struct net_device *dev,
2072
+
struct nlattr *tb[], struct nlattr *data[],
2073
+
struct netlink_ext_ack *extack)
2074
+
{
2075
+
struct ip6_tnl *nt = netdev_priv(dev);
2076
+
struct net *net = dev_net(dev);
2077
+
struct ip6gre_net *ign;
2078
+
int err;
2079
+
2080
+
ip6gre_netlink_parms(data, &nt->parms);
2081
+
ign = net_generic(net, ip6gre_net_id);
2082
+
2083
+
if (nt->parms.collect_md) {
2084
+
if (rtnl_dereference(ign->collect_md_tun_erspan))
2085
+
return -EEXIST;
2086
+
} else {
2087
+
if (ip6gre_tunnel_find(net, &nt->parms, dev->type))
2088
+
return -EEXIST;
2089
+
}
2090
+
2091
+
err = ip6gre_newlink_common(src_net, dev, tb, data, extack);
2092
+
if (!err) {
2093
+
ip6erspan_tnl_link_config(nt, !tb[IFLA_MTU]);
2094
+
ip6erspan_tunnel_link_md(ign, nt);
2095
+
ip6gre_tunnel_link(net_generic(net, ip6gre_net_id), nt);
2096
+
}
2097
+
return err;
2098
+
}
2099
+
2100
+
static void ip6erspan_tnl_link_config(struct ip6_tnl *t, int set_mtu)
2101
+
{
2102
+
ip6gre_tnl_link_config_common(t);
2103
+
ip6gre_tnl_link_config_route(t, set_mtu, ip6erspan_calc_hlen(t));
2104
+
}
2105
+
2106
+
static int ip6erspan_tnl_change(struct ip6_tnl *t,
2107
+
const struct __ip6_tnl_parm *p, int set_mtu)
2108
+
{
2109
+
ip6gre_tnl_copy_tnl_parm(t, p);
2110
+
ip6erspan_tnl_link_config(t, set_mtu);
2111
+
return 0;
2112
+
}
2113
+
2114
+
static int ip6erspan_changelink(struct net_device *dev, struct nlattr *tb[],
2115
+
struct nlattr *data[],
2116
+
struct netlink_ext_ack *extack)
2117
+
{
2118
+
struct ip6gre_net *ign = net_generic(dev_net(dev), ip6gre_net_id);
2119
+
struct __ip6_tnl_parm p;
2120
+
struct ip6_tnl *t;
2121
+
2122
+
t = ip6gre_changelink_common(dev, tb, data, &p, extack);
2123
+
if (IS_ERR(t))
2124
+
return PTR_ERR(t);
2125
+
2126
+
ip6gre_tunnel_unlink_md(ign, t);
2127
+
ip6gre_tunnel_unlink(ign, t);
2128
+
ip6erspan_tnl_change(t, &p, !tb[IFLA_MTU]);
2129
+
ip6erspan_tunnel_link_md(ign, t);
2130
+
ip6gre_tunnel_link(ign, t);
2131
+
return 0;
2132
+
}
2133
+
2174
2134
static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
2175
2135
.kind = "ip6gre",
2176
2136
.maxtype = IFLA_GRE_MAX,
···
2270
2104
.priv_size = sizeof(struct ip6_tnl),
2271
2105
.setup = ip6erspan_tap_setup,
2272
2106
.validate = ip6erspan_tap_validate,
2273
-
.newlink = ip6gre_newlink,
2274
-
.changelink = ip6gre_changelink,
2107
+
.newlink = ip6erspan_newlink,
2108
+
.changelink = ip6erspan_changelink,
2275
2109
.get_size = ip6gre_get_size,
2276
2110
.fill_info = ip6gre_fill_info,
2277
2111
.get_link_net = ip6_tnl_get_link_net,
+2
-1
net/ipv6/ip6_output.c
+2
-1
net/ipv6/ip6_output.c
+8
-3
net/ipv6/ip6_tunnel.c
+8
-3
net/ipv6/ip6_tunnel.c
···
1692
1692
if (new_mtu < ETH_MIN_MTU)
1693
1693
return -EINVAL;
1694
1694
}
1695
-
if (new_mtu > 0xFFF8 - dev->hard_header_len)
1696
-
return -EINVAL;
1695
+
if (tnl->parms.proto == IPPROTO_IPV6 || tnl->parms.proto == 0) {
1696
+
if (new_mtu > IP6_MAX_MTU - dev->hard_header_len)
1697
+
return -EINVAL;
1698
+
} else {
1699
+
if (new_mtu > IP_MAX_MTU - dev->hard_header_len)
1700
+
return -EINVAL;
1701
+
}
1697
1702
dev->mtu = new_mtu;
1698
1703
return 0;
1699
1704
}
···
1846
1841
if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT))
1847
1842
dev->mtu -= 8;
1848
1843
dev->min_mtu = ETH_MIN_MTU;
1849
-
dev->max_mtu = 0xFFF8 - dev->hard_header_len;
1844
+
dev->max_mtu = IP6_MAX_MTU - dev->hard_header_len;
1850
1845
1851
1846
return 0;
1852
1847
+1
net/ipv6/netfilter/ip6_tables.c
+1
net/ipv6/netfilter/ip6_tables.c
+2
-2
net/ipv6/seg6_iptunnel.c
+2
-2
net/ipv6/seg6_iptunnel.c
···
103
103
hdrlen = (osrh->hdrlen + 1) << 3;
104
104
tot_len = hdrlen + sizeof(*hdr);
105
105
106
-
err = skb_cow_head(skb, tot_len);
106
+
err = skb_cow_head(skb, tot_len + skb->mac_len);
107
107
if (unlikely(err))
108
108
return err;
109
109
···
161
161
162
162
hdrlen = (osrh->hdrlen + 1) << 3;
163
163
164
-
err = skb_cow_head(skb, hdrlen);
164
+
err = skb_cow_head(skb, hdrlen + skb->mac_len);
165
165
if (unlikely(err))
166
166
return err;
167
167
+3
-2
net/ipv6/sit.c
+3
-2
net/ipv6/sit.c
···
1371
1371
dev->hard_header_len = LL_MAX_HEADER + t_hlen;
1372
1372
dev->mtu = ETH_DATA_LEN - t_hlen;
1373
1373
dev->min_mtu = IPV6_MIN_MTU;
1374
-
dev->max_mtu = 0xFFF8 - t_hlen;
1374
+
dev->max_mtu = IP6_MAX_MTU - t_hlen;
1375
1375
dev->flags = IFF_NOARP;
1376
1376
netif_keep_dst(dev);
1377
1377
dev->addr_len = 4;
···
1583
1583
if (tb[IFLA_MTU]) {
1584
1584
u32 mtu = nla_get_u32(tb[IFLA_MTU]);
1585
1585
1586
-
if (mtu >= IPV6_MIN_MTU && mtu <= 0xFFF8 - dev->hard_header_len)
1586
+
if (mtu >= IPV6_MIN_MTU &&
1587
+
mtu <= IP6_MAX_MTU - dev->hard_header_len)
1587
1588
dev->mtu = mtu;
1588
1589
}
1589
1590
+1
-1
net/ipv6/xfrm6_policy.c
+1
-1
net/ipv6/xfrm6_policy.c
···
126
126
struct flowi6 *fl6 = &fl->u.ip6;
127
127
int onlyproto = 0;
128
128
const struct ipv6hdr *hdr = ipv6_hdr(skb);
129
-
u16 offset = sizeof(*hdr);
129
+
u32 offset = sizeof(*hdr);
130
130
struct ipv6_opt_hdr *exthdr;
131
131
const unsigned char *nh = skb_network_header(skb);
132
132
u16 nhoff = IP6CB(skb)->nhoff;
+1
-1
net/kcm/kcmsock.c
+1
-1
net/kcm/kcmsock.c
+4
-4
net/mac80211/mesh_plink.c
+4
-4
net/mac80211/mesh_plink.c
···
401
401
402
402
static void mesh_sta_info_init(struct ieee80211_sub_if_data *sdata,
403
403
struct sta_info *sta,
404
-
struct ieee802_11_elems *elems, bool insert)
404
+
struct ieee802_11_elems *elems)
405
405
{
406
406
struct ieee80211_local *local = sdata->local;
407
407
struct ieee80211_supported_band *sband;
···
447
447
sta->sta.bandwidth = IEEE80211_STA_RX_BW_20;
448
448
}
449
449
450
-
if (insert)
450
+
if (!test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
451
451
rate_control_rate_init(sta);
452
452
else
453
453
rate_control_rate_update(local, sband, sta, changed);
···
551
551
rcu_read_lock();
552
552
sta = sta_info_get(sdata, addr);
553
553
if (sta) {
554
-
mesh_sta_info_init(sdata, sta, elems, false);
554
+
mesh_sta_info_init(sdata, sta, elems);
555
555
} else {
556
556
rcu_read_unlock();
557
557
/* can't run atomic */
···
561
561
return NULL;
562
562
}
563
563
564
-
mesh_sta_info_init(sdata, sta, elems, true);
564
+
mesh_sta_info_init(sdata, sta, elems);
565
565
566
566
if (sta_info_insert_rcu(sta))
567
567
return NULL;
+1
-1
net/ncsi/ncsi-netlink.c
+1
-1
net/ncsi/ncsi-netlink.c
···
215
215
static int ncsi_pkg_info_all_nl(struct sk_buff *skb,
216
216
struct netlink_callback *cb)
217
217
{
218
-
struct nlattr *attrs[NCSI_ATTR_MAX];
218
+
struct nlattr *attrs[NCSI_ATTR_MAX + 1];
219
219
struct ncsi_package *np, *package;
220
220
struct ncsi_dev_priv *ndp;
221
221
unsigned int package_id;
+2
-1
net/netfilter/core.c
+2
-1
net/netfilter/core.c
+6
-11
net/netfilter/ipvs/ip_vs_conn.c
+6
-11
net/netfilter/ipvs/ip_vs_conn.c
···
232
232
static inline bool ip_vs_conn_unlink(struct ip_vs_conn *cp)
233
233
{
234
234
unsigned int hash;
235
-
bool ret;
235
+
bool ret = false;
236
+
237
+
if (cp->flags & IP_VS_CONN_F_ONE_PACKET)
238
+
return refcount_dec_if_one(&cp->refcnt);
236
239
237
240
hash = ip_vs_conn_hashkey_conn(cp);
238
241
···
243
240
spin_lock(&cp->lock);
244
241
245
242
if (cp->flags & IP_VS_CONN_F_HASHED) {
246
-
ret = false;
247
243
/* Decrease refcnt and unlink conn only if we are last user */
248
244
if (refcount_dec_if_one(&cp->refcnt)) {
249
245
hlist_del_rcu(&cp->c_list);
250
246
cp->flags &= ~IP_VS_CONN_F_HASHED;
251
247
ret = true;
252
248
}
253
-
} else
254
-
ret = refcount_read(&cp->refcnt) ? false : true;
249
+
}
255
250
256
251
spin_unlock(&cp->lock);
257
252
ct_write_unlock_bh(hash);
···
455
454
}
456
455
EXPORT_SYMBOL_GPL(ip_vs_conn_out_get_proto);
457
456
458
-
static void __ip_vs_conn_put_notimer(struct ip_vs_conn *cp)
459
-
{
460
-
__ip_vs_conn_put(cp);
461
-
ip_vs_conn_expire(&cp->timer);
462
-
}
463
-
464
457
/*
465
458
* Put back the conn and restart its timer with its timeout
466
459
*/
···
473
478
(refcount_read(&cp->refcnt) == 1) &&
474
479
!timer_pending(&cp->timer))
475
480
/* expire connection immediately */
476
-
__ip_vs_conn_put_notimer(cp);
481
+
ip_vs_conn_expire(&cp->timer);
477
482
else
478
483
__ip_vs_conn_put_timer(cp);
479
484
}
+12
net/netfilter/ipvs/ip_vs_core.c
+12
net/netfilter/ipvs/ip_vs_core.c
···
119
119
struct ip_vs_cpu_stats *s;
120
120
struct ip_vs_service *svc;
121
121
122
+
local_bh_disable();
123
+
122
124
s = this_cpu_ptr(dest->stats.cpustats);
123
125
u64_stats_update_begin(&s->syncp);
124
126
s->cnt.inpkts++;
···
139
137
s->cnt.inpkts++;
140
138
s->cnt.inbytes += skb->len;
141
139
u64_stats_update_end(&s->syncp);
140
+
141
+
local_bh_enable();
142
142
}
143
143
}
144
144
···
155
151
struct ip_vs_cpu_stats *s;
156
152
struct ip_vs_service *svc;
157
153
154
+
local_bh_disable();
155
+
158
156
s = this_cpu_ptr(dest->stats.cpustats);
159
157
u64_stats_update_begin(&s->syncp);
160
158
s->cnt.outpkts++;
···
175
169
s->cnt.outpkts++;
176
170
s->cnt.outbytes += skb->len;
177
171
u64_stats_update_end(&s->syncp);
172
+
173
+
local_bh_enable();
178
174
}
179
175
}
180
176
···
186
178
{
187
179
struct netns_ipvs *ipvs = svc->ipvs;
188
180
struct ip_vs_cpu_stats *s;
181
+
182
+
local_bh_disable();
189
183
190
184
s = this_cpu_ptr(cp->dest->stats.cpustats);
191
185
u64_stats_update_begin(&s->syncp);
···
203
193
u64_stats_update_begin(&s->syncp);
204
194
s->cnt.conns++;
205
195
u64_stats_update_end(&s->syncp);
196
+
197
+
local_bh_enable();
206
198
}
207
199
208
200
+15
-6
net/netfilter/ipvs/ip_vs_ctl.c
+15
-6
net/netfilter/ipvs/ip_vs_ctl.c
···
2381
2381
struct ipvs_sync_daemon_cfg cfg;
2382
2382
2383
2383
memset(&cfg, 0, sizeof(cfg));
2384
-
strlcpy(cfg.mcast_ifn, dm->mcast_ifn,
2385
-
sizeof(cfg.mcast_ifn));
2384
+
ret = -EINVAL;
2385
+
if (strscpy(cfg.mcast_ifn, dm->mcast_ifn,
2386
+
sizeof(cfg.mcast_ifn)) <= 0)
2387
+
goto out_dec;
2386
2388
cfg.syncid = dm->syncid;
2387
2389
ret = start_sync_thread(ipvs, &cfg, dm->state);
2388
2390
} else {
···
2422
2420
}
2423
2421
}
2424
2422
2423
+
if ((cmd == IP_VS_SO_SET_ADD || cmd == IP_VS_SO_SET_EDIT) &&
2424
+
strnlen(usvc.sched_name, IP_VS_SCHEDNAME_MAXLEN) ==
2425
+
IP_VS_SCHEDNAME_MAXLEN) {
2426
+
ret = -EINVAL;
2427
+
goto out_unlock;
2428
+
}
2429
+
2425
2430
/* Check for valid protocol: TCP or UDP or SCTP, even for fwmark!=0 */
2426
2431
if (usvc.protocol != IPPROTO_TCP && usvc.protocol != IPPROTO_UDP &&
2427
2432
usvc.protocol != IPPROTO_SCTP) {
2428
-
pr_err("set_ctl: invalid protocol: %d %pI4:%d %s\n",
2433
+
pr_err("set_ctl: invalid protocol: %d %pI4:%d\n",
2429
2434
usvc.protocol, &usvc.addr.ip,
2430
-
ntohs(usvc.port), usvc.sched_name);
2435
+
ntohs(usvc.port));
2431
2436
ret = -EFAULT;
2432
2437
goto out_unlock;
2433
2438
}
···
2856
2847
static const struct nla_policy ip_vs_daemon_policy[IPVS_DAEMON_ATTR_MAX + 1] = {
2857
2848
[IPVS_DAEMON_ATTR_STATE] = { .type = NLA_U32 },
2858
2849
[IPVS_DAEMON_ATTR_MCAST_IFN] = { .type = NLA_NUL_STRING,
2859
-
.len = IP_VS_IFNAME_MAXLEN },
2850
+
.len = IP_VS_IFNAME_MAXLEN - 1 },
2860
2851
[IPVS_DAEMON_ATTR_SYNC_ID] = { .type = NLA_U32 },
2861
2852
[IPVS_DAEMON_ATTR_SYNC_MAXLEN] = { .type = NLA_U16 },
2862
2853
[IPVS_DAEMON_ATTR_MCAST_GROUP] = { .type = NLA_U32 },
···
2874
2865
[IPVS_SVC_ATTR_PORT] = { .type = NLA_U16 },
2875
2866
[IPVS_SVC_ATTR_FWMARK] = { .type = NLA_U32 },
2876
2867
[IPVS_SVC_ATTR_SCHED_NAME] = { .type = NLA_NUL_STRING,
2877
-
.len = IP_VS_SCHEDNAME_MAXLEN },
2868
+
.len = IP_VS_SCHEDNAME_MAXLEN - 1 },
2878
2869
[IPVS_SVC_ATTR_PE_NAME] = { .type = NLA_NUL_STRING,
2879
2870
.len = IP_VS_PENAME_MAXLEN },
2880
2871
[IPVS_SVC_ATTR_FLAGS] = { .type = NLA_BINARY,
+11
net/netfilter/nf_conntrack_proto_tcp.c
+11
net/netfilter/nf_conntrack_proto_tcp.c
···
981
981
return NF_ACCEPT; /* Don't change state */
982
982
}
983
983
break;
984
+
case TCP_CONNTRACK_SYN_SENT2:
985
+
/* tcp_conntracks table is not smart enough to handle
986
+
* simultaneous open.
987
+
*/
988
+
ct->proto.tcp.last_flags |= IP_CT_TCP_SIMULTANEOUS_OPEN;
989
+
break;
990
+
case TCP_CONNTRACK_SYN_RECV:
991
+
if (dir == IP_CT_DIR_REPLY && index == TCP_ACK_SET &&
992
+
ct->proto.tcp.last_flags & IP_CT_TCP_SIMULTANEOUS_OPEN)
993
+
new_state = TCP_CONNTRACK_ESTABLISHED;
994
+
break;
984
995
case TCP_CONNTRACK_CLOSE:
985
996
if (index == TCP_RST_SET
986
997
&& (ct->proto.tcp.seen[!dir].flags & IP_CT_TCP_FLAG_MAXACK_SET)
+68
-17
net/netfilter/nf_tables_api.c
+68
-17
net/netfilter/nf_tables_api.c
···
214
214
return err;
215
215
}
216
216
217
+
static void nft_rule_expr_activate(const struct nft_ctx *ctx,
218
+
struct nft_rule *rule)
219
+
{
220
+
struct nft_expr *expr;
221
+
222
+
expr = nft_expr_first(rule);
223
+
while (expr != nft_expr_last(rule) && expr->ops) {
224
+
if (expr->ops->activate)
225
+
expr->ops->activate(ctx, expr);
226
+
227
+
expr = nft_expr_next(expr);
228
+
}
229
+
}
230
+
231
+
static void nft_rule_expr_deactivate(const struct nft_ctx *ctx,
232
+
struct nft_rule *rule)
233
+
{
234
+
struct nft_expr *expr;
235
+
236
+
expr = nft_expr_first(rule);
237
+
while (expr != nft_expr_last(rule) && expr->ops) {
238
+
if (expr->ops->deactivate)
239
+
expr->ops->deactivate(ctx, expr);
240
+
241
+
expr = nft_expr_next(expr);
242
+
}
243
+
}
244
+
217
245
static int
218
246
nf_tables_delrule_deactivate(struct nft_ctx *ctx, struct nft_rule *rule)
219
247
{
···
287
259
nft_trans_destroy(trans);
288
260
return err;
289
261
}
262
+
nft_rule_expr_deactivate(ctx, rule);
290
263
291
264
return 0;
292
265
}
···
1298
1269
rcu_assign_pointer(chain->stats, newstats);
1299
1270
synchronize_rcu();
1300
1271
free_percpu(oldstats);
1301
-
} else
1272
+
} else {
1302
1273
rcu_assign_pointer(chain->stats, newstats);
1274
+
static_branch_inc(&nft_counters_enabled);
1275
+
}
1303
1276
}
1304
1277
1305
1278
static void nf_tables_chain_destroy(struct nft_ctx *ctx)
···
2269
2238
kfree(rule);
2270
2239
}
2271
2240
2241
+
static void nf_tables_rule_release(const struct nft_ctx *ctx,
2242
+
struct nft_rule *rule)
2243
+
{
2244
+
nft_rule_expr_deactivate(ctx, rule);
2245
+
nf_tables_rule_destroy(ctx, rule);
2246
+
}
2247
+
2272
2248
#define NFT_RULE_MAXEXPRS 128
2273
2249
2274
2250
static struct nft_expr_info *info;
···
2440
2402
return 0;
2441
2403
2442
2404
err2:
2443
-
nf_tables_rule_destroy(&ctx, rule);
2405
+
nf_tables_rule_release(&ctx, rule);
2444
2406
err1:
2445
2407
for (i = 0; i < n; i++) {
2446
2408
if (info[i].ops != NULL)
···
4082
4044
if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA) ^
4083
4045
nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) ||
4084
4046
nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF) ^
4085
-
nft_set_ext_exists(ext2, NFT_SET_EXT_OBJREF))
4086
-
return -EBUSY;
4047
+
nft_set_ext_exists(ext2, NFT_SET_EXT_OBJREF)) {
4048
+
err = -EBUSY;
4049
+
goto err5;
4050
+
}
4087
4051
if ((nft_set_ext_exists(ext, NFT_SET_EXT_DATA) &&
4088
4052
nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) &&
4089
4053
memcmp(nft_set_ext_data(ext),
···
4170
4130
* NFT_GOTO verdicts. This function must be called on active data objects
4171
4131
* from the second phase of the commit protocol.
4172
4132
*/
4173
-
static void nft_data_hold(const struct nft_data *data, enum nft_data_types type)
4133
+
void nft_data_hold(const struct nft_data *data, enum nft_data_types type)
4174
4134
{
4175
4135
if (type == NFT_DATA_VERDICT) {
4176
4136
switch (data->verdict.code) {
···
4708
4668
if (idx > s_idx)
4709
4669
memset(&cb->args[1], 0,
4710
4670
sizeof(cb->args) - sizeof(cb->args[0]));
4711
-
if (filter && filter->table[0] &&
4671
+
if (filter && filter->table &&
4712
4672
strcmp(filter->table, table->name))
4713
4673
goto cont;
4714
4674
if (filter &&
···
5382
5342
if (idx > s_idx)
5383
5343
memset(&cb->args[1], 0,
5384
5344
sizeof(cb->args) - sizeof(cb->args[0]));
5385
-
if (filter && filter->table[0] &&
5345
+
if (filter && filter->table &&
5386
5346
strcmp(filter->table, table->name))
5387
5347
goto cont;
5388
5348
···
5801
5761
}
5802
5762
}
5803
5763
5804
-
static void nf_tables_commit_release(struct nft_trans *trans)
5764
+
static void nft_commit_release(struct nft_trans *trans)
5805
5765
{
5806
5766
switch (trans->msg_type) {
5807
5767
case NFT_MSG_DELTABLE:
···
5828
5788
break;
5829
5789
}
5830
5790
kfree(trans);
5791
+
}
5792
+
5793
+
static void nf_tables_commit_release(struct net *net)
5794
+
{
5795
+
struct nft_trans *trans, *next;
5796
+
5797
+
if (list_empty(&net->nft.commit_list))
5798
+
return;
5799
+
5800
+
synchronize_rcu();
5801
+
5802
+
list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
5803
+
list_del(&trans->list);
5804
+
nft_commit_release(trans);
5805
+
}
5831
5806
}
5832
5807
5833
5808
static int nf_tables_commit(struct net *net, struct sk_buff *skb)
···
5975
5920
}
5976
5921
}
5977
5922
5978
-
synchronize_rcu();
5979
-
5980
-
list_for_each_entry_safe(trans, next, &net->nft.commit_list, list) {
5981
-
list_del(&trans->list);
5982
-
nf_tables_commit_release(trans);
5983
-
}
5984
-
5923
+
nf_tables_commit_release(net);
5985
5924
nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN);
5986
5925
5987
5926
return 0;
···
6055
6006
case NFT_MSG_NEWRULE:
6056
6007
trans->ctx.chain->use--;
6057
6008
list_del_rcu(&nft_trans_rule(trans)->list);
6009
+
nft_rule_expr_deactivate(&trans->ctx, nft_trans_rule(trans));
6058
6010
break;
6059
6011
case NFT_MSG_DELRULE:
6060
6012
trans->ctx.chain->use++;
6061
6013
nft_clear(trans->ctx.net, nft_trans_rule(trans));
6014
+
nft_rule_expr_activate(&trans->ctx, nft_trans_rule(trans));
6062
6015
nft_trans_destroy(trans);
6063
6016
break;
6064
6017
case NFT_MSG_NEWSET:
···
6636
6585
list_for_each_entry_safe(rule, nr, &ctx->chain->rules, list) {
6637
6586
list_del(&rule->list);
6638
6587
ctx->chain->use--;
6639
-
nf_tables_rule_destroy(ctx, rule);
6588
+
nf_tables_rule_release(ctx, rule);
6640
6589
}
6641
6590
list_del(&ctx->chain->list);
6642
6591
ctx->table->use--;
···
6674
6623
list_for_each_entry_safe(rule, nr, &chain->rules, list) {
6675
6624
list_del(&rule->list);
6676
6625
chain->use--;
6677
-
nf_tables_rule_destroy(&ctx, rule);
6626
+
nf_tables_rule_release(&ctx, rule);
6678
6627
}
6679
6628
}
6680
6629
list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
+12
-5
net/netfilter/nf_tables_core.c
+12
-5
net/netfilter/nf_tables_core.c
···
119
119
static noinline void nft_update_chain_stats(const struct nft_chain *chain,
120
120
const struct nft_pktinfo *pkt)
121
121
{
122
+
struct nft_base_chain *base_chain;
122
123
struct nft_stats *stats;
123
124
125
+
base_chain = nft_base_chain(chain);
126
+
if (!base_chain->stats)
127
+
return;
128
+
124
129
local_bh_disable();
125
-
stats = this_cpu_ptr(rcu_dereference(nft_base_chain(chain)->stats));
126
-
u64_stats_update_begin(&stats->syncp);
127
-
stats->pkts++;
128
-
stats->bytes += pkt->skb->len;
129
-
u64_stats_update_end(&stats->syncp);
130
+
stats = this_cpu_ptr(rcu_dereference(base_chain->stats));
131
+
if (stats) {
132
+
u64_stats_update_begin(&stats->syncp);
133
+
stats->pkts++;
134
+
stats->bytes += pkt->skb->len;
135
+
u64_stats_update_end(&stats->syncp);
136
+
}
130
137
local_bh_enable();
131
138
}
132
139
+1
-1
net/netfilter/nfnetlink_acct.c
+1
-1
net/netfilter/nfnetlink_acct.c
+4
-3
net/netfilter/nfnetlink_cthelper.c
+4
-3
net/netfilter/nfnetlink_cthelper.c
···
149
149
!tb[NFCTH_POLICY_EXPECT_TIMEOUT])
150
150
return -EINVAL;
151
151
152
-
strncpy(expect_policy->name,
153
-
nla_data(tb[NFCTH_POLICY_NAME]), NF_CT_HELPER_NAME_LEN);
152
+
nla_strlcpy(expect_policy->name,
153
+
tb[NFCTH_POLICY_NAME], NF_CT_HELPER_NAME_LEN);
154
154
expect_policy->max_expected =
155
155
ntohl(nla_get_be32(tb[NFCTH_POLICY_EXPECT_MAX]));
156
156
if (expect_policy->max_expected > NF_CT_EXPECT_MAX_CNT)
···
234
234
if (ret < 0)
235
235
goto err1;
236
236
237
-
strncpy(helper->name, nla_data(tb[NFCTH_NAME]), NF_CT_HELPER_NAME_LEN);
237
+
nla_strlcpy(helper->name,
238
+
tb[NFCTH_NAME], NF_CT_HELPER_NAME_LEN);
238
239
size = ntohl(nla_get_be32(tb[NFCTH_PRIV_DATA_LEN]));
239
240
if (size > FIELD_SIZEOF(struct nf_conn_help, data)) {
240
241
ret = -ENOMEM;
+156
-45
net/netfilter/nft_compat.c
+156
-45
net/netfilter/nft_compat.c
···
27
27
struct list_head head;
28
28
struct nft_expr_ops ops;
29
29
unsigned int refcnt;
30
+
31
+
/* Unlike other expressions, ops doesn't have static storage duration.
32
+
* nft core assumes they do. We use kfree_rcu so that nft core can
33
+
* can check expr->ops->size even after nft_compat->destroy() frees
34
+
* the nft_xt struct that holds the ops structure.
35
+
*/
36
+
struct rcu_head rcu_head;
30
37
};
31
38
32
-
static void nft_xt_put(struct nft_xt *xt)
39
+
/* Used for matches where *info is larger than X byte */
40
+
#define NFT_MATCH_LARGE_THRESH 192
41
+
42
+
struct nft_xt_match_priv {
43
+
void *info;
44
+
};
45
+
46
+
static bool nft_xt_put(struct nft_xt *xt)
33
47
{
34
48
if (--xt->refcnt == 0) {
35
49
list_del(&xt->head);
36
-
kfree(xt);
50
+
kfree_rcu(xt, rcu_head);
51
+
return true;
37
52
}
53
+
54
+
return false;
38
55
}
39
56
40
57
static int nft_compat_chain_validate_dependency(const char *tablename,
···
243
226
struct xt_target *target = expr->ops->data;
244
227
struct xt_tgchk_param par;
245
228
size_t size = XT_ALIGN(nla_len(tb[NFTA_TARGET_INFO]));
229
+
struct nft_xt *nft_xt;
246
230
u16 proto = 0;
247
231
bool inv = false;
248
232
union nft_entry e = {};
···
254
236
if (ctx->nla[NFTA_RULE_COMPAT]) {
255
237
ret = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &proto, &inv);
256
238
if (ret < 0)
257
-
goto err;
239
+
return ret;
258
240
}
259
241
260
242
nft_target_set_tgchk_param(&par, ctx, target, info, &e, proto, inv);
261
243
262
244
ret = xt_check_target(&par, size, proto, inv);
263
245
if (ret < 0)
264
-
goto err;
246
+
return ret;
265
247
266
248
/* The standard target cannot be used */
267
-
if (target->target == NULL) {
268
-
ret = -EINVAL;
269
-
goto err;
270
-
}
249
+
if (!target->target)
250
+
return -EINVAL;
271
251
252
+
nft_xt = container_of(expr->ops, struct nft_xt, ops);
253
+
nft_xt->refcnt++;
272
254
return 0;
273
-
err:
274
-
module_put(target->me);
275
-
return ret;
276
255
}
277
256
278
257
static void
···
286
271
if (par.target->destroy != NULL)
287
272
par.target->destroy(&par);
288
273
289
-
nft_xt_put(container_of(expr->ops, struct nft_xt, ops));
290
-
module_put(target->me);
274
+
if (nft_xt_put(container_of(expr->ops, struct nft_xt, ops)))
275
+
module_put(target->me);
291
276
}
292
277
293
278
static int nft_target_dump(struct sk_buff *skb, const struct nft_expr *expr)
···
331
316
return 0;
332
317
}
333
318
334
-
static void nft_match_eval(const struct nft_expr *expr,
335
-
struct nft_regs *regs,
336
-
const struct nft_pktinfo *pkt)
319
+
static void __nft_match_eval(const struct nft_expr *expr,
320
+
struct nft_regs *regs,
321
+
const struct nft_pktinfo *pkt,
322
+
void *info)
337
323
{
338
-
void *info = nft_expr_priv(expr);
339
324
struct xt_match *match = expr->ops->data;
340
325
struct sk_buff *skb = pkt->skb;
341
326
bool ret;
···
357
342
regs->verdict.code = NFT_BREAK;
358
343
break;
359
344
}
345
+
}
346
+
347
+
static void nft_match_large_eval(const struct nft_expr *expr,
348
+
struct nft_regs *regs,
349
+
const struct nft_pktinfo *pkt)
350
+
{
351
+
struct nft_xt_match_priv *priv = nft_expr_priv(expr);
352
+
353
+
__nft_match_eval(expr, regs, pkt, priv->info);
354
+
}
355
+
356
+
static void nft_match_eval(const struct nft_expr *expr,
357
+
struct nft_regs *regs,
358
+
const struct nft_pktinfo *pkt)
359
+
{
360
+
__nft_match_eval(expr, regs, pkt, nft_expr_priv(expr));
360
361
}
361
362
362
363
static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = {
···
435
404
}
436
405
437
406
static int
438
-
nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
439
-
const struct nlattr * const tb[])
407
+
__nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
408
+
const struct nlattr * const tb[],
409
+
void *info)
440
410
{
441
-
void *info = nft_expr_priv(expr);
442
411
struct xt_match *match = expr->ops->data;
443
412
struct xt_mtchk_param par;
444
413
size_t size = XT_ALIGN(nla_len(tb[NFTA_MATCH_INFO]));
414
+
struct nft_xt *nft_xt;
445
415
u16 proto = 0;
446
416
bool inv = false;
447
417
union nft_entry e = {};
···
453
421
if (ctx->nla[NFTA_RULE_COMPAT]) {
454
422
ret = nft_parse_compat(ctx->nla[NFTA_RULE_COMPAT], &proto, &inv);
455
423
if (ret < 0)
456
-
goto err;
424
+
return ret;
457
425
}
458
426
459
427
nft_match_set_mtchk_param(&par, ctx, match, info, &e, proto, inv);
460
428
461
429
ret = xt_check_match(&par, size, proto, inv);
462
430
if (ret < 0)
463
-
goto err;
431
+
return ret;
464
432
433
+
nft_xt = container_of(expr->ops, struct nft_xt, ops);
434
+
nft_xt->refcnt++;
465
435
return 0;
466
-
err:
467
-
module_put(match->me);
436
+
}
437
+
438
+
static int
439
+
nft_match_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
440
+
const struct nlattr * const tb[])
441
+
{
442
+
return __nft_match_init(ctx, expr, tb, nft_expr_priv(expr));
443
+
}
444
+
445
+
static int
446
+
nft_match_large_init(const struct nft_ctx *ctx, const struct nft_expr *expr,
447
+
const struct nlattr * const tb[])
448
+
{
449
+
struct nft_xt_match_priv *priv = nft_expr_priv(expr);
450
+
struct xt_match *m = expr->ops->data;
451
+
int ret;
452
+
453
+
priv->info = kmalloc(XT_ALIGN(m->matchsize), GFP_KERNEL);
454
+
if (!priv->info)
455
+
return -ENOMEM;
456
+
457
+
ret = __nft_match_init(ctx, expr, tb, priv->info);
458
+
if (ret)
459
+
kfree(priv->info);
468
460
return ret;
469
461
}
470
462
471
463
static void
472
-
nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
464
+
__nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr,
465
+
void *info)
473
466
{
474
467
struct xt_match *match = expr->ops->data;
475
-
void *info = nft_expr_priv(expr);
476
468
struct xt_mtdtor_param par;
477
469
478
470
par.net = ctx->net;
···
506
450
if (par.match->destroy != NULL)
507
451
par.match->destroy(&par);
508
452
509
-
nft_xt_put(container_of(expr->ops, struct nft_xt, ops));
510
-
module_put(match->me);
453
+
if (nft_xt_put(container_of(expr->ops, struct nft_xt, ops)))
454
+
module_put(match->me);
511
455
}
512
456
513
-
static int nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr)
457
+
static void
458
+
nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
514
459
{
515
-
void *info = nft_expr_priv(expr);
460
+
__nft_match_destroy(ctx, expr, nft_expr_priv(expr));
461
+
}
462
+
463
+
static void
464
+
nft_match_large_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
465
+
{
466
+
struct nft_xt_match_priv *priv = nft_expr_priv(expr);
467
+
468
+
__nft_match_destroy(ctx, expr, priv->info);
469
+
kfree(priv->info);
470
+
}
471
+
472
+
static int __nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr,
473
+
void *info)
474
+
{
516
475
struct xt_match *match = expr->ops->data;
517
476
518
477
if (nla_put_string(skb, NFTA_MATCH_NAME, match->name) ||
···
539
468
540
469
nla_put_failure:
541
470
return -1;
471
+
}
472
+
473
+
static int nft_match_dump(struct sk_buff *skb, const struct nft_expr *expr)
474
+
{
475
+
return __nft_match_dump(skb, expr, nft_expr_priv(expr));
476
+
}
477
+
478
+
static int nft_match_large_dump(struct sk_buff *skb, const struct nft_expr *e)
479
+
{
480
+
struct nft_xt_match_priv *priv = nft_expr_priv(e);
481
+
482
+
return __nft_match_dump(skb, e, priv->info);
542
483
}
543
484
544
485
static int nft_match_validate(const struct nft_ctx *ctx,
···
720
637
{
721
638
struct nft_xt *nft_match;
722
639
struct xt_match *match;
640
+
unsigned int matchsize;
723
641
char *mt_name;
724
642
u32 rev, family;
725
643
int err;
···
738
654
list_for_each_entry(nft_match, &nft_match_list, head) {
739
655
struct xt_match *match = nft_match->ops.data;
740
656
741
-
if (nft_match_cmp(match, mt_name, rev, family)) {
742
-
if (!try_module_get(match->me))
743
-
return ERR_PTR(-ENOENT);
744
-
745
-
nft_match->refcnt++;
657
+
if (nft_match_cmp(match, mt_name, rev, family))
746
658
return &nft_match->ops;
747
-
}
748
659
}
749
660
750
661
match = xt_request_find_match(family, mt_name, rev);
···
758
679
goto err;
759
680
}
760
681
761
-
nft_match->refcnt = 1;
682
+
nft_match->refcnt = 0;
762
683
nft_match->ops.type = &nft_match_type;
763
-
nft_match->ops.size = NFT_EXPR_SIZE(XT_ALIGN(match->matchsize));
764
684
nft_match->ops.eval = nft_match_eval;
765
685
nft_match->ops.init = nft_match_init;
766
686
nft_match->ops.destroy = nft_match_destroy;
767
687
nft_match->ops.dump = nft_match_dump;
768
688
nft_match->ops.validate = nft_match_validate;
769
689
nft_match->ops.data = match;
690
+
691
+
matchsize = NFT_EXPR_SIZE(XT_ALIGN(match->matchsize));
692
+
if (matchsize > NFT_MATCH_LARGE_THRESH) {
693
+
matchsize = NFT_EXPR_SIZE(sizeof(struct nft_xt_match_priv));
694
+
695
+
nft_match->ops.eval = nft_match_large_eval;
696
+
nft_match->ops.init = nft_match_large_init;
697
+
nft_match->ops.destroy = nft_match_large_destroy;
698
+
nft_match->ops.dump = nft_match_large_dump;
699
+
}
700
+
701
+
nft_match->ops.size = matchsize;
770
702
771
703
list_add(&nft_match->head, &nft_match_list);
772
704
···
829
739
list_for_each_entry(nft_target, &nft_target_list, head) {
830
740
struct xt_target *target = nft_target->ops.data;
831
741
832
-
if (nft_target_cmp(target, tg_name, rev, family)) {
833
-
if (!try_module_get(target->me))
834
-
return ERR_PTR(-ENOENT);
835
-
836
-
nft_target->refcnt++;
742
+
if (nft_target_cmp(target, tg_name, rev, family))
837
743
return &nft_target->ops;
838
-
}
839
744
}
840
745
841
746
target = xt_request_find_target(family, tg_name, rev);
···
849
764
goto err;
850
765
}
851
766
852
-
nft_target->refcnt = 1;
767
+
nft_target->refcnt = 0;
853
768
nft_target->ops.type = &nft_target_type;
854
769
nft_target->ops.size = NFT_EXPR_SIZE(XT_ALIGN(target->targetsize));
855
770
nft_target->ops.init = nft_target_init;
···
908
823
909
824
static void __exit nft_compat_module_exit(void)
910
825
{
826
+
struct nft_xt *xt, *next;
827
+
828
+
/* list should be empty here, it can be non-empty only in case there
829
+
* was an error that caused nft_xt expr to not be initialized fully
830
+
* and noone else requested the same expression later.
831
+
*
832
+
* In this case, the lists contain 0-refcount entries that still
833
+
* hold module reference.
834
+
*/
835
+
list_for_each_entry_safe(xt, next, &nft_target_list, head) {
836
+
struct xt_target *target = xt->ops.data;
837
+
838
+
if (WARN_ON_ONCE(xt->refcnt))
839
+
continue;
840
+
module_put(target->me);
841
+
kfree(xt);
842
+
}
843
+
844
+
list_for_each_entry_safe(xt, next, &nft_match_list, head) {
845
+
struct xt_match *match = xt->ops.data;
846
+
847
+
if (WARN_ON_ONCE(xt->refcnt))
848
+
continue;
849
+
module_put(match->me);
850
+
kfree(xt);
851
+
}
911
852
nfnetlink_subsys_unregister(&nfnl_compat_subsys);
912
853
nft_unregister_expr(&nft_target_type);
913
854
nft_unregister_expr(&nft_match_type);
+12
-8
net/netfilter/nft_ct.c
+12
-8
net/netfilter/nft_ct.c
···
880
880
struct nft_object *obj, bool reset)
881
881
{
882
882
const struct nft_ct_helper_obj *priv = nft_obj_data(obj);
883
-
const struct nf_conntrack_helper *helper = priv->helper4;
883
+
const struct nf_conntrack_helper *helper;
884
884
u16 family;
885
+
886
+
if (priv->helper4 && priv->helper6) {
887
+
family = NFPROTO_INET;
888
+
helper = priv->helper4;
889
+
} else if (priv->helper6) {
890
+
family = NFPROTO_IPV6;
891
+
helper = priv->helper6;
892
+
} else {
893
+
family = NFPROTO_IPV4;
894
+
helper = priv->helper4;
895
+
}
885
896
886
897
if (nla_put_string(skb, NFTA_CT_HELPER_NAME, helper->name))
887
898
return -1;
888
899
889
900
if (nla_put_u8(skb, NFTA_CT_HELPER_L4PROTO, priv->l4proto))
890
901
return -1;
891
-
892
-
if (priv->helper4 && priv->helper6)
893
-
family = NFPROTO_INET;
894
-
else if (priv->helper6)
895
-
family = NFPROTO_IPV6;
896
-
else
897
-
family = NFPROTO_IPV4;
898
902
899
903
if (nla_put_be16(skb, NFTA_CT_HELPER_L3PROTO, htons(family)))
900
904
return -1;
+12
-3
net/netfilter/nft_immediate.c
+12
-3
net/netfilter/nft_immediate.c
···
69
69
return err;
70
70
}
71
71
72
-
static void nft_immediate_destroy(const struct nft_ctx *ctx,
73
-
const struct nft_expr *expr)
72
+
static void nft_immediate_activate(const struct nft_ctx *ctx,
73
+
const struct nft_expr *expr)
74
+
{
75
+
const struct nft_immediate_expr *priv = nft_expr_priv(expr);
76
+
77
+
return nft_data_hold(&priv->data, nft_dreg_to_type(priv->dreg));
78
+
}
79
+
80
+
static void nft_immediate_deactivate(const struct nft_ctx *ctx,
81
+
const struct nft_expr *expr)
74
82
{
75
83
const struct nft_immediate_expr *priv = nft_expr_priv(expr);
76
84
···
116
108
.size = NFT_EXPR_SIZE(sizeof(struct nft_immediate_expr)),
117
109
.eval = nft_immediate_eval,
118
110
.init = nft_immediate_init,
119
-
.destroy = nft_immediate_destroy,
111
+
.activate = nft_immediate_activate,
112
+
.deactivate = nft_immediate_deactivate,
120
113
.dump = nft_immediate_dump,
121
114
.validate = nft_immediate_validate,
122
115
};
+24
-14
net/netfilter/nft_limit.c
+24
-14
net/netfilter/nft_limit.c
···
51
51
return !limit->invert;
52
52
}
53
53
54
+
/* Use same default as in iptables. */
55
+
#define NFT_LIMIT_PKT_BURST_DEFAULT 5
56
+
54
57
static int nft_limit_init(struct nft_limit *limit,
55
-
const struct nlattr * const tb[])
58
+
const struct nlattr * const tb[], bool pkts)
56
59
{
57
-
u64 unit;
60
+
u64 unit, tokens;
58
61
59
62
if (tb[NFTA_LIMIT_RATE] == NULL ||
60
63
tb[NFTA_LIMIT_UNIT] == NULL)
···
71
68
72
69
if (tb[NFTA_LIMIT_BURST])
73
70
limit->burst = ntohl(nla_get_be32(tb[NFTA_LIMIT_BURST]));
74
-
else
75
-
limit->burst = 0;
71
+
72
+
if (pkts && limit->burst == 0)
73
+
limit->burst = NFT_LIMIT_PKT_BURST_DEFAULT;
76
74
77
75
if (limit->rate + limit->burst < limit->rate)
78
76
return -EOVERFLOW;
79
77
80
-
/* The token bucket size limits the number of tokens can be
81
-
* accumulated. tokens_max specifies the bucket size.
82
-
* tokens_max = unit * (rate + burst) / rate.
83
-
*/
84
-
limit->tokens = div_u64(limit->nsecs * (limit->rate + limit->burst),
85
-
limit->rate);
78
+
if (pkts) {
79
+
tokens = div_u64(limit->nsecs, limit->rate) * limit->burst;
80
+
} else {
81
+
/* The token bucket size limits the number of tokens can be
82
+
* accumulated. tokens_max specifies the bucket size.
83
+
* tokens_max = unit * (rate + burst) / rate.
84
+
*/
85
+
tokens = div_u64(limit->nsecs * (limit->rate + limit->burst),
86
+
limit->rate);
87
+
}
88
+
89
+
limit->tokens = tokens;
86
90
limit->tokens_max = limit->tokens;
87
91
88
92
if (tb[NFTA_LIMIT_FLAGS]) {
···
154
144
struct nft_limit_pkts *priv = nft_expr_priv(expr);
155
145
int err;
156
146
157
-
err = nft_limit_init(&priv->limit, tb);
147
+
err = nft_limit_init(&priv->limit, tb, true);
158
148
if (err < 0)
159
149
return err;
160
150
···
195
185
{
196
186
struct nft_limit *priv = nft_expr_priv(expr);
197
187
198
-
return nft_limit_init(priv, tb);
188
+
return nft_limit_init(priv, tb, false);
199
189
}
200
190
201
191
static int nft_limit_bytes_dump(struct sk_buff *skb,
···
256
246
struct nft_limit_pkts *priv = nft_obj_data(obj);
257
247
int err;
258
248
259
-
err = nft_limit_init(&priv->limit, tb);
249
+
err = nft_limit_init(&priv->limit, tb, true);
260
250
if (err < 0)
261
251
return err;
262
252
···
299
289
{
300
290
struct nft_limit *priv = nft_obj_data(obj);
301
291
302
-
return nft_limit_init(priv, tb);
292
+
return nft_limit_init(priv, tb, false);
303
293
}
304
294
305
295
static int nft_limit_obj_bytes_dump(struct sk_buff *skb,
+8
-6
net/netfilter/nft_meta.c
+8
-6
net/netfilter/nft_meta.c
···
234
234
struct sk_buff *skb = pkt->skb;
235
235
u32 *sreg = ®s->data[meta->sreg];
236
236
u32 value = *sreg;
237
-
u8 pkt_type;
237
+
u8 value8;
238
238
239
239
switch (meta->key) {
240
240
case NFT_META_MARK:
···
244
244
skb->priority = value;
245
245
break;
246
246
case NFT_META_PKTTYPE:
247
-
pkt_type = nft_reg_load8(sreg);
247
+
value8 = nft_reg_load8(sreg);
248
248
249
-
if (skb->pkt_type != pkt_type &&
250
-
skb_pkt_type_ok(pkt_type) &&
249
+
if (skb->pkt_type != value8 &&
250
+
skb_pkt_type_ok(value8) &&
251
251
skb_pkt_type_ok(skb->pkt_type))
252
-
skb->pkt_type = pkt_type;
252
+
skb->pkt_type = value8;
253
253
break;
254
254
case NFT_META_NFTRACE:
255
-
skb->nf_trace = !!value;
255
+
value8 = nft_reg_load8(sreg);
256
+
257
+
skb->nf_trace = !!value8;
256
258
break;
257
259
default:
258
260
WARN_ON(1);
+6
net/netfilter/x_tables.c
+6
net/netfilter/x_tables.c
···
183
183
struct xt_match *m;
184
184
int err = -ENOENT;
185
185
186
+
if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
187
+
return ERR_PTR(-EINVAL);
188
+
186
189
mutex_lock(&xt[af].mutex);
187
190
list_for_each_entry(m, &xt[af].match, list) {
188
191
if (strcmp(m->name, name) == 0) {
···
231
228
{
232
229
struct xt_target *t;
233
230
int err = -ENOENT;
231
+
232
+
if (strnlen(name, XT_EXTENSION_MAXNAMELEN) == XT_EXTENSION_MAXNAMELEN)
233
+
return ERR_PTR(-EINVAL);
234
234
235
235
mutex_lock(&xt[af].mutex);
236
236
list_for_each_entry(t, &xt[af].target, list) {
+3
-1
net/packet/af_packet.c
+3
-1
net/packet/af_packet.c
···
2903
2903
if (skb == NULL)
2904
2904
goto out_unlock;
2905
2905
2906
-
skb_set_network_header(skb, reserve);
2906
+
skb_reset_network_header(skb);
2907
2907
2908
2908
err = -EINVAL;
2909
2909
if (sock->type == SOCK_DGRAM) {
2910
2910
offset = dev_hard_header(skb, dev, ntohs(proto), addr, NULL, len);
2911
2911
if (unlikely(offset < 0))
2912
2912
goto out_free;
2913
+
} else if (reserve) {
2914
+
skb_reserve(skb, -reserve);
2913
2915
}
2914
2916
2915
2917
/* Returns -EFAULT on error */
+2
net/sched/act_vlan.c
+2
net/sched/act_vlan.c
+1
-1
net/sched/cls_api.c
+1
-1
net/sched/cls_api.c
+1
-1
net/sched/cls_flower.c
+1
-1
net/sched/cls_flower.c
+3
-2
net/sched/sch_red.c
+3
-2
net/sched/sch_red.c
···
222
222
extack);
223
223
if (IS_ERR(child))
224
224
return PTR_ERR(child);
225
+
226
+
/* child is fifo, no need to check for noop_qdisc */
227
+
qdisc_hash_add(child, true);
225
228
}
226
229
227
-
if (child != &noop_qdisc)
228
-
qdisc_hash_add(child, true);
229
230
sch_tree_lock(sch);
230
231
q->flags = ctl->flags;
231
232
q->limit = ctl->limit;
+3
-2
net/sched/sch_tbf.c
+3
-2
net/sched/sch_tbf.c
···
383
383
err = PTR_ERR(child);
384
384
goto done;
385
385
}
386
+
387
+
/* child is fifo, no need to check for noop_qdisc */
388
+
qdisc_hash_add(child, true);
386
389
}
387
390
388
391
sch_tree_lock(sch);
···
394
391
q->qdisc->qstats.backlog);
395
392
qdisc_destroy(q->qdisc);
396
393
q->qdisc = child;
397
-
if (child != &noop_qdisc)
398
-
qdisc_hash_add(child, true);
399
394
}
400
395
q->limit = qopt->limit;
401
396
if (tb[TCA_TBF_PBURST])
+1
-1
net/sctp/ipv6.c
+1
-1
net/sctp/ipv6.c
+1
-1
net/sctp/protocol.c
+1
-1
net/sctp/protocol.c
···
1012
1012
.owner = THIS_MODULE,
1013
1013
.release = inet_release, /* Needs to be wrapped... */
1014
1014
.bind = inet_bind,
1015
-
.connect = inet_dgram_connect,
1015
+
.connect = sctp_inet_connect,
1016
1016
.socketpair = sock_no_socketpair,
1017
1017
.accept = inet_accept,
1018
1018
.getname = inet_getname, /* Semantics are different. */
+35
-16
net/sctp/socket.c
+35
-16
net/sctp/socket.c
···
1086
1086
*/
1087
1087
static int __sctp_connect(struct sock *sk,
1088
1088
struct sockaddr *kaddrs,
1089
-
int addrs_size,
1089
+
int addrs_size, int flags,
1090
1090
sctp_assoc_t *assoc_id)
1091
1091
{
1092
1092
struct net *net = sock_net(sk);
···
1104
1104
union sctp_addr *sa_addr = NULL;
1105
1105
void *addr_buf;
1106
1106
unsigned short port;
1107
-
unsigned int f_flags = 0;
1108
1107
1109
1108
sp = sctp_sk(sk);
1110
1109
ep = sp->ep;
···
1253
1254
sp->pf->to_sk_daddr(sa_addr, sk);
1254
1255
sk->sk_err = 0;
1255
1256
1256
-
/* in-kernel sockets don't generally have a file allocated to them
1257
-
* if all they do is call sock_create_kern().
1258
-
*/
1259
-
if (sk->sk_socket->file)
1260
-
f_flags = sk->sk_socket->file->f_flags;
1261
-
1262
-
timeo = sock_sndtimeo(sk, f_flags & O_NONBLOCK);
1257
+
timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
1263
1258
1264
1259
if (assoc_id)
1265
1260
*assoc_id = asoc->assoc_id;
···
1341
1348
sctp_assoc_t *assoc_id)
1342
1349
{
1343
1350
struct sockaddr *kaddrs;
1344
-
int err = 0;
1351
+
int err = 0, flags = 0;
1345
1352
1346
1353
pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n",
1347
1354
__func__, sk, addrs, addrs_size);
···
1360
1367
if (err)
1361
1368
goto out_free;
1362
1369
1363
-
err = __sctp_connect(sk, kaddrs, addrs_size, assoc_id);
1370
+
/* in-kernel sockets don't generally have a file allocated to them
1371
+
* if all they do is call sock_create_kern().
1372
+
*/
1373
+
if (sk->sk_socket->file)
1374
+
flags = sk->sk_socket->file->f_flags;
1375
+
1376
+
err = __sctp_connect(sk, kaddrs, addrs_size, flags, assoc_id);
1364
1377
1365
1378
out_free:
1366
1379
kvfree(kaddrs);
···
4396
4397
* len: the size of the address.
4397
4398
*/
4398
4399
static int sctp_connect(struct sock *sk, struct sockaddr *addr,
4399
-
int addr_len)
4400
+
int addr_len, int flags)
4400
4401
{
4401
-
int err = 0;
4402
+
struct inet_sock *inet = inet_sk(sk);
4402
4403
struct sctp_af *af;
4404
+
int err = 0;
4403
4405
4404
4406
lock_sock(sk);
4405
4407
4406
4408
pr_debug("%s: sk:%p, sockaddr:%p, addr_len:%d\n", __func__, sk,
4407
4409
addr, addr_len);
4410
+
4411
+
/* We may need to bind the socket. */
4412
+
if (!inet->inet_num) {
4413
+
if (sk->sk_prot->get_port(sk, 0)) {
4414
+
release_sock(sk);
4415
+
return -EAGAIN;
4416
+
}
4417
+
inet->inet_sport = htons(inet->inet_num);
4418
+
}
4408
4419
4409
4420
/* Validate addr_len before calling common connect/connectx routine. */
4410
4421
af = sctp_get_af_specific(addr->sa_family);
···
4424
4415
/* Pass correct addr len to common routine (so it knows there
4425
4416
* is only one address being passed.
4426
4417
*/
4427
-
err = __sctp_connect(sk, addr, af->sockaddr_len, NULL);
4418
+
err = __sctp_connect(sk, addr, af->sockaddr_len, flags, NULL);
4428
4419
}
4429
4420
4430
4421
release_sock(sk);
4431
4422
return err;
4423
+
}
4424
+
4425
+
int sctp_inet_connect(struct socket *sock, struct sockaddr *uaddr,
4426
+
int addr_len, int flags)
4427
+
{
4428
+
if (addr_len < sizeof(uaddr->sa_family))
4429
+
return -EINVAL;
4430
+
4431
+
if (uaddr->sa_family == AF_UNSPEC)
4432
+
return -EOPNOTSUPP;
4433
+
4434
+
return sctp_connect(sock->sk, uaddr, addr_len, flags);
4432
4435
}
4433
4436
4434
4437
/* FIXME: Write comments. */
···
8745
8724
.name = "SCTP",
8746
8725
.owner = THIS_MODULE,
8747
8726
.close = sctp_close,
8748
-
.connect = sctp_connect,
8749
8727
.disconnect = sctp_disconnect,
8750
8728
.accept = sctp_accept,
8751
8729
.ioctl = sctp_ioctl,
···
8787
8767
.name = "SCTPv6",
8788
8768
.owner = THIS_MODULE,
8789
8769
.close = sctp_close,
8790
-
.connect = sctp_connect,
8791
8770
.disconnect = sctp_disconnect,
8792
8771
.accept = sctp_accept,
8793
8772
.ioctl = sctp_ioctl,
+40
-31
net/smc/smc_pnet.c
+40
-31
net/smc/smc_pnet.c
···
245
245
static int smc_pnet_fill_entry(struct net *net, struct smc_pnetentry *pnetelem,
246
246
struct nlattr *tb[])
247
247
{
248
-
char *string, *ibname = NULL;
249
-
int rc = 0;
248
+
char *string, *ibname;
249
+
int rc;
250
250
251
251
memset(pnetelem, 0, sizeof(*pnetelem));
252
252
INIT_LIST_HEAD(&pnetelem->list);
253
-
if (tb[SMC_PNETID_NAME]) {
254
-
string = (char *)nla_data(tb[SMC_PNETID_NAME]);
255
-
if (!smc_pnetid_valid(string, pnetelem->pnet_name)) {
256
-
rc = -EINVAL;
257
-
goto error;
258
-
}
259
-
}
260
-
if (tb[SMC_PNETID_ETHNAME]) {
261
-
string = (char *)nla_data(tb[SMC_PNETID_ETHNAME]);
262
-
pnetelem->ndev = dev_get_by_name(net, string);
263
-
if (!pnetelem->ndev)
264
-
return -ENOENT;
265
-
}
266
-
if (tb[SMC_PNETID_IBNAME]) {
267
-
ibname = (char *)nla_data(tb[SMC_PNETID_IBNAME]);
268
-
ibname = strim(ibname);
269
-
pnetelem->smcibdev = smc_pnet_find_ib(ibname);
270
-
if (!pnetelem->smcibdev) {
271
-
rc = -ENOENT;
272
-
goto error;
273
-
}
274
-
}
275
-
if (tb[SMC_PNETID_IBPORT]) {
276
-
pnetelem->ib_port = nla_get_u8(tb[SMC_PNETID_IBPORT]);
277
-
if (pnetelem->ib_port > SMC_MAX_PORTS) {
278
-
rc = -EINVAL;
279
-
goto error;
280
-
}
281
-
}
253
+
254
+
rc = -EINVAL;
255
+
if (!tb[SMC_PNETID_NAME])
256
+
goto error;
257
+
string = (char *)nla_data(tb[SMC_PNETID_NAME]);
258
+
if (!smc_pnetid_valid(string, pnetelem->pnet_name))
259
+
goto error;
260
+
261
+
rc = -EINVAL;
262
+
if (!tb[SMC_PNETID_ETHNAME])
263
+
goto error;
264
+
rc = -ENOENT;
265
+
string = (char *)nla_data(tb[SMC_PNETID_ETHNAME]);
266
+
pnetelem->ndev = dev_get_by_name(net, string);
267
+
if (!pnetelem->ndev)
268
+
goto error;
269
+
270
+
rc = -EINVAL;
271
+
if (!tb[SMC_PNETID_IBNAME])
272
+
goto error;
273
+
rc = -ENOENT;
274
+
ibname = (char *)nla_data(tb[SMC_PNETID_IBNAME]);
275
+
ibname = strim(ibname);
276
+
pnetelem->smcibdev = smc_pnet_find_ib(ibname);
277
+
if (!pnetelem->smcibdev)
278
+
goto error;
279
+
280
+
rc = -EINVAL;
281
+
if (!tb[SMC_PNETID_IBPORT])
282
+
goto error;
283
+
pnetelem->ib_port = nla_get_u8(tb[SMC_PNETID_IBPORT]);
284
+
if (pnetelem->ib_port < 1 || pnetelem->ib_port > SMC_MAX_PORTS)
285
+
goto error;
286
+
282
287
return 0;
283
288
284
289
error:
···
312
307
void *hdr;
313
308
int rc;
314
309
310
+
if (!info->attrs[SMC_PNETID_NAME])
311
+
return -EINVAL;
315
312
pnetelem = smc_pnet_find_pnetid(
316
313
(char *)nla_data(info->attrs[SMC_PNETID_NAME]));
317
314
if (!pnetelem)
···
366
359
367
360
static int smc_pnet_del(struct sk_buff *skb, struct genl_info *info)
368
361
{
362
+
if (!info->attrs[SMC_PNETID_NAME])
363
+
return -EINVAL;
369
364
return smc_pnet_remove_by_pnetid(
370
365
(char *)nla_data(info->attrs[SMC_PNETID_NAME]));
371
366
}
+4
-5
net/tls/tls_sw.c
+4
-5
net/tls/tls_sw.c
···
680
680
struct scatterlist *sgin = &sgin_arr[0];
681
681
struct strp_msg *rxm = strp_msg(skb);
682
682
int ret, nsg = ARRAY_SIZE(sgin_arr);
683
-
char aad_recv[TLS_AAD_SPACE_SIZE];
684
683
struct sk_buff *unused;
685
684
686
685
ret = skb_copy_bits(skb, rxm->offset + TLS_HEADER_SIZE,
···
697
698
}
698
699
699
700
sg_init_table(sgin, nsg);
700
-
sg_set_buf(&sgin[0], aad_recv, sizeof(aad_recv));
701
+
sg_set_buf(&sgin[0], ctx->rx_aad_ciphertext, TLS_AAD_SPACE_SIZE);
701
702
702
703
nsg = skb_to_sgvec(skb, &sgin[1],
703
704
rxm->offset + tls_ctx->rx.prepend_size,
704
705
rxm->full_len - tls_ctx->rx.prepend_size);
705
706
706
-
tls_make_aad(aad_recv,
707
+
tls_make_aad(ctx->rx_aad_ciphertext,
707
708
rxm->full_len - tls_ctx->rx.overhead_size,
708
709
tls_ctx->rx.rec_seq,
709
710
tls_ctx->rx.rec_seq_size,
···
802
803
if (to_copy <= len && page_count < MAX_SKB_FRAGS &&
803
804
likely(!(flags & MSG_PEEK))) {
804
805
struct scatterlist sgin[MAX_SKB_FRAGS + 1];
805
-
char unused[21];
806
806
int pages = 0;
807
807
808
808
zc = true;
809
809
sg_init_table(sgin, MAX_SKB_FRAGS + 1);
810
-
sg_set_buf(&sgin[0], unused, 13);
810
+
sg_set_buf(&sgin[0], ctx->rx_aad_plaintext,
811
+
TLS_AAD_SPACE_SIZE);
811
812
812
813
err = zerocopy_from_iter(sk, &msg->msg_iter,
813
814
to_copy, &pages,
+2
-1
net/wireless/nl80211.c
+2
-1
net/wireless/nl80211.c
+3
net/wireless/reg.c
+3
net/wireless/reg.c
+2
-3
net/xfrm/xfrm_policy.c
+2
-3
net/xfrm/xfrm_policy.c
···
1658
1658
trailer_len -= xdst_prev->u.dst.xfrm->props.trailer_len;
1659
1659
}
1660
1660
1661
-
out:
1662
1661
return &xdst0->u.dst;
1663
1662
1664
1663
put_states:
···
1666
1667
free_dst:
1667
1668
if (xdst0)
1668
1669
dst_release_immediate(&xdst0->u.dst);
1669
-
xdst0 = ERR_PTR(err);
1670
-
goto out;
1670
+
1671
+
return ERR_PTR(err);
1671
1672
}
1672
1673
1673
1674
static int xfrm_expand_policies(const struct flowi *fl, u16 family,
+1
-1
scripts/checkpatch.pl
+1
-1
scripts/checkpatch.pl
···
5041
5041
$tmp_stmt =~ s/\b(typeof|__typeof__|__builtin\w+|typecheck\s*\(\s*$Type\s*,|\#+)\s*\(*\s*$arg\s*\)*\b//g;
5042
5042
$tmp_stmt =~ s/\#+\s*$arg\b//g;
5043
5043
$tmp_stmt =~ s/\b$arg\s*\#\#//g;
5044
-
my $use_cnt = $tmp_stmt =~ s/\b$arg\b//g;
5044
+
my $use_cnt = () = $tmp_stmt =~ /\b$arg\b/g;
5045
5045
if ($use_cnt > 1) {
5046
5046
CHK("MACRO_ARG_REUSE",
5047
5047
"Macro argument reuse '$arg' - possible side-effects?\n" . "$herectx");
+16
-4
security/selinux/hooks.c
+16
-4
security/selinux/hooks.c
···
1568
1568
/* Called from d_instantiate or d_splice_alias. */
1569
1569
dentry = dget(opt_dentry);
1570
1570
} else {
1571
-
/* Called from selinux_complete_init, try to find a dentry. */
1571
+
/*
1572
+
* Called from selinux_complete_init, try to find a dentry.
1573
+
* Some filesystems really want a connected one, so try
1574
+
* that first. We could split SECURITY_FS_USE_XATTR in
1575
+
* two, depending upon that...
1576
+
*/
1572
1577
dentry = d_find_alias(inode);
1578
+
if (!dentry)
1579
+
dentry = d_find_any_alias(inode);
1573
1580
}
1574
1581
if (!dentry) {
1575
1582
/*
···
1681
1674
if ((sbsec->flags & SE_SBGENFS) && !S_ISLNK(inode->i_mode)) {
1682
1675
/* We must have a dentry to determine the label on
1683
1676
* procfs inodes */
1684
-
if (opt_dentry)
1677
+
if (opt_dentry) {
1685
1678
/* Called from d_instantiate or
1686
1679
* d_splice_alias. */
1687
1680
dentry = dget(opt_dentry);
1688
-
else
1681
+
} else {
1689
1682
/* Called from selinux_complete_init, try to
1690
-
* find a dentry. */
1683
+
* find a dentry. Some filesystems really want
1684
+
* a connected one, so try that first.
1685
+
*/
1691
1686
dentry = d_find_alias(inode);
1687
+
if (!dentry)
1688
+
dentry = d_find_any_alias(inode);
1689
+
}
1692
1690
/*
1693
1691
* This can be hit on boot when a file is accessed
1694
1692
* before the policy is loaded. When we load policy we
+1
-1
security/selinux/ss/services.c
+1
-1
security/selinux/ss/services.c
+2
-2
sound/core/timer.c
+2
-2
sound/core/timer.c
···
592
592
else
593
593
timeri->flags |= SNDRV_TIMER_IFLG_PAUSED;
594
594
snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP :
595
-
SNDRV_TIMER_EVENT_CONTINUE);
595
+
SNDRV_TIMER_EVENT_PAUSE);
596
596
unlock:
597
597
spin_unlock_irqrestore(&timer->lock, flags);
598
598
return result;
···
614
614
list_del_init(&timeri->ack_list);
615
615
list_del_init(&timeri->active_list);
616
616
snd_timer_notify1(timeri, stop ? SNDRV_TIMER_EVENT_STOP :
617
-
SNDRV_TIMER_EVENT_CONTINUE);
617
+
SNDRV_TIMER_EVENT_PAUSE);
618
618
spin_unlock(&timeri->timer->lock);
619
619
}
620
620
spin_unlock_irqrestore(&slave_active_lock, flags);
+4
-2
sound/pci/hda/hda_local.h
+4
-2
sound/pci/hda/hda_local.h
···
622
622
{
623
623
return snd_hdac_check_power_state(&codec->core, nid, target_state);
624
624
}
625
-
static inline bool snd_hda_sync_power_state(struct hda_codec *codec,
626
-
hda_nid_t nid, unsigned int target_state)
625
+
626
+
static inline unsigned int snd_hda_sync_power_state(struct hda_codec *codec,
627
+
hda_nid_t nid,
628
+
unsigned int target_state)
627
629
{
628
630
return snd_hdac_sync_power_state(&codec->core, nid, target_state);
629
631
}
+2
tools/include/uapi/linux/bpf.h
+2
tools/include/uapi/linux/bpf.h
···
1017
1017
__aligned_u64 map_ids;
1018
1018
char name[BPF_OBJ_NAME_LEN];
1019
1019
__u32 ifindex;
1020
+
__u32 :32;
1020
1021
__u64 netns_dev;
1021
1022
__u64 netns_ino;
1022
1023
} __attribute__((aligned(8)));
···
1031
1030
__u32 map_flags;
1032
1031
char name[BPF_OBJ_NAME_LEN];
1033
1032
__u32 ifindex;
1033
+
__u32 :32;
1034
1034
__u64 netns_dev;
1035
1035
__u64 netns_ino;
1036
1036
} __attribute__((aligned(8)));
+1
-1
tools/lib/bpf/libbpf.c
+1
-1
tools/lib/bpf/libbpf.c
+9
-1
tools/perf/Documentation/perf.data-file-format.txt
+9
-1
tools/perf/Documentation/perf.data-file-format.txt
···
111
111
A structure defining the number of CPUs.
112
112
113
113
struct nr_cpus {
114
-
uint32_t nr_cpus_online;
115
114
uint32_t nr_cpus_available; /* CPUs not yet onlined */
115
+
uint32_t nr_cpus_online;
116
116
};
117
117
118
118
HEADER_CPUDESC = 8,
···
153
153
HEADER_CPU_TOPOLOGY = 13,
154
154
155
155
String lists defining the core and CPU threads topology.
156
+
The string lists are followed by a variable length array
157
+
which contains core_id and socket_id of each cpu.
158
+
The number of entries can be determined by the size of the
159
+
section minus the sizes of both string lists.
156
160
157
161
struct {
158
162
struct perf_header_string_list cores; /* Variable length */
159
163
struct perf_header_string_list threads; /* Variable length */
164
+
struct {
165
+
uint32_t core_id;
166
+
uint32_t socket_id;
167
+
} cpus[nr]; /* Variable length records */
160
168
};
161
169
162
170
Example:
+24
-6
tools/perf/tests/topology.c
+24
-6
tools/perf/tests/topology.c
···
70
70
session = perf_session__new(&data, false, NULL);
71
71
TEST_ASSERT_VAL("can't get session", session);
72
72
73
+
/* On platforms with large numbers of CPUs process_cpu_topology()
74
+
* might issue an error while reading the perf.data file section
75
+
* HEADER_CPU_TOPOLOGY and the cpu_topology_map pointed to by member
76
+
* cpu is a NULL pointer.
77
+
* Example: On s390
78
+
* CPU 0 is on core_id 0 and physical_package_id 6
79
+
* CPU 1 is on core_id 1 and physical_package_id 3
80
+
*
81
+
* Core_id and physical_package_id are platform and architecture
82
+
* dependend and might have higher numbers than the CPU id.
83
+
* This actually depends on the configuration.
84
+
*
85
+
* In this case process_cpu_topology() prints error message:
86
+
* "socket_id number is too big. You may need to upgrade the
87
+
* perf tool."
88
+
*
89
+
* This is the reason why this test might be skipped.
90
+
*/
91
+
if (!session->header.env.cpu)
92
+
return TEST_SKIP;
93
+
73
94
for (i = 0; i < session->header.env.nr_cpus_avail; i++) {
74
95
if (!cpu_map__has(map, i))
75
96
continue;
···
116
95
{
117
96
char path[PATH_MAX];
118
97
struct cpu_map *map;
119
-
int ret = -1;
98
+
int ret = TEST_FAIL;
120
99
121
100
TEST_ASSERT_VAL("can't get templ file", !get_temp(path));
122
101
···
131
110
goto free_path;
132
111
}
133
112
134
-
if (check_cpu_topology(path, map))
135
-
goto free_map;
136
-
ret = 0;
137
-
138
-
free_map:
113
+
ret = check_cpu_topology(path, map);
139
114
cpu_map__put(map);
115
+
140
116
free_path:
141
117
unlink(path);
142
118
return ret;
+3
-3
tools/perf/util/bpf-loader.c
+3
-3
tools/perf/util/bpf-loader.c
···
66
66
}
67
67
68
68
obj = bpf_object__open_buffer(obj_buf, obj_buf_sz, name);
69
-
if (IS_ERR(obj)) {
69
+
if (IS_ERR_OR_NULL(obj)) {
70
70
pr_debug("bpf: failed to load buffer\n");
71
71
return ERR_PTR(-EINVAL);
72
72
}
···
102
102
pr_debug("bpf: successfull builtin compilation\n");
103
103
obj = bpf_object__open_buffer(obj_buf, obj_buf_sz, filename);
104
104
105
-
if (!IS_ERR(obj) && llvm_param.dump_obj)
105
+
if (!IS_ERR_OR_NULL(obj) && llvm_param.dump_obj)
106
106
llvm__dump_obj(filename, obj_buf, obj_buf_sz);
107
107
108
108
free(obj_buf);
109
109
} else
110
110
obj = bpf_object__open(filename);
111
111
112
-
if (IS_ERR(obj)) {
112
+
if (IS_ERR_OR_NULL(obj)) {
113
113
pr_debug("bpf: failed to load %s\n", filename);
114
114
return obj;
115
115
}
+10
-2
tools/perf/util/cs-etm-decoder/cs-etm-decoder.c
+10
-2
tools/perf/util/cs-etm-decoder/cs-etm-decoder.c
···
96
96
/* Nothing to do, might as well just return */
97
97
if (decoder->packet_count == 0)
98
98
return 0;
99
+
/*
100
+
* The queueing process in function cs_etm_decoder__buffer_packet()
101
+
* increments the tail *before* using it. This is somewhat counter
102
+
* intuitive but it has the advantage of centralizing tail management
103
+
* at a single location. Because of that we need to follow the same
104
+
* heuristic with the head, i.e we increment it before using its
105
+
* value. Otherwise the first element of the packet queue is not
106
+
* used.
107
+
*/
108
+
decoder->head = (decoder->head + 1) & (MAX_BUFFER - 1);
99
109
100
110
*packet = decoder->packet_buffer[decoder->head];
101
-
102
-
decoder->head = (decoder->head + 1) & (MAX_BUFFER - 1);
103
111
104
112
decoder->packet_count--;
105
113
+1
tools/perf/util/evsel.h
+1
tools/perf/util/evsel.h
+127
-3
tools/perf/util/parse-events.c
+127
-3
tools/perf/util/parse-events.c
···
1219
1219
1220
1220
int parse_events_add_pmu(struct parse_events_state *parse_state,
1221
1221
struct list_head *list, char *name,
1222
-
struct list_head *head_config, bool auto_merge_stats)
1222
+
struct list_head *head_config,
1223
+
bool auto_merge_stats,
1224
+
bool use_alias)
1223
1225
{
1224
1226
struct perf_event_attr attr;
1225
1227
struct perf_pmu_info info;
1226
1228
struct perf_pmu *pmu;
1227
1229
struct perf_evsel *evsel;
1228
1230
struct parse_events_error *err = parse_state->error;
1231
+
bool use_uncore_alias;
1229
1232
LIST_HEAD(config_terms);
1230
1233
1231
1234
pmu = perf_pmu__find(name);
···
1247
1244
memset(&attr, 0, sizeof(attr));
1248
1245
}
1249
1246
1247
+
use_uncore_alias = (pmu->is_uncore && use_alias);
1248
+
1250
1249
if (!head_config) {
1251
1250
attr.type = pmu->type;
1252
1251
evsel = __add_event(list, &parse_state->idx, &attr, NULL, pmu, NULL, auto_merge_stats);
1253
1252
if (evsel) {
1254
1253
evsel->pmu_name = name;
1254
+
evsel->use_uncore_alias = use_uncore_alias;
1255
1255
return 0;
1256
1256
} else {
1257
1257
return -ENOMEM;
···
1288
1282
evsel->metric_expr = info.metric_expr;
1289
1283
evsel->metric_name = info.metric_name;
1290
1284
evsel->pmu_name = name;
1285
+
evsel->use_uncore_alias = use_uncore_alias;
1291
1286
}
1292
1287
1293
1288
return evsel ? 0 : -ENOMEM;
···
1324
1317
list_add_tail(&term->list, head);
1325
1318
1326
1319
if (!parse_events_add_pmu(parse_state, list,
1327
-
pmu->name, head, true)) {
1320
+
pmu->name, head,
1321
+
true, true)) {
1328
1322
pr_debug("%s -> %s/%s/\n", str,
1329
1323
pmu->name, alias->str);
1330
1324
ok++;
···
1347
1339
return parse_events__modifier_event(list, event_mod, true);
1348
1340
}
1349
1341
1350
-
void parse_events__set_leader(char *name, struct list_head *list)
1342
+
/*
1343
+
* Check if the two uncore PMUs are from the same uncore block
1344
+
* The format of the uncore PMU name is uncore_#blockname_#pmuidx
1345
+
*/
1346
+
static bool is_same_uncore_block(const char *pmu_name_a, const char *pmu_name_b)
1347
+
{
1348
+
char *end_a, *end_b;
1349
+
1350
+
end_a = strrchr(pmu_name_a, '_');
1351
+
end_b = strrchr(pmu_name_b, '_');
1352
+
1353
+
if (!end_a || !end_b)
1354
+
return false;
1355
+
1356
+
if ((end_a - pmu_name_a) != (end_b - pmu_name_b))
1357
+
return false;
1358
+
1359
+
return (strncmp(pmu_name_a, pmu_name_b, end_a - pmu_name_a) == 0);
1360
+
}
1361
+
1362
+
static int
1363
+
parse_events__set_leader_for_uncore_aliase(char *name, struct list_head *list,
1364
+
struct parse_events_state *parse_state)
1365
+
{
1366
+
struct perf_evsel *evsel, *leader;
1367
+
uintptr_t *leaders;
1368
+
bool is_leader = true;
1369
+
int i, nr_pmu = 0, total_members, ret = 0;
1370
+
1371
+
leader = list_first_entry(list, struct perf_evsel, node);
1372
+
evsel = list_last_entry(list, struct perf_evsel, node);
1373
+
total_members = evsel->idx - leader->idx + 1;
1374
+
1375
+
leaders = calloc(total_members, sizeof(uintptr_t));
1376
+
if (WARN_ON(!leaders))
1377
+
return 0;
1378
+
1379
+
/*
1380
+
* Going through the whole group and doing sanity check.
1381
+
* All members must use alias, and be from the same uncore block.
1382
+
* Also, storing the leader events in an array.
1383
+
*/
1384
+
__evlist__for_each_entry(list, evsel) {
1385
+
1386
+
/* Only split the uncore group which members use alias */
1387
+
if (!evsel->use_uncore_alias)
1388
+
goto out;
1389
+
1390
+
/* The events must be from the same uncore block */
1391
+
if (!is_same_uncore_block(leader->pmu_name, evsel->pmu_name))
1392
+
goto out;
1393
+
1394
+
if (!is_leader)
1395
+
continue;
1396
+
/*
1397
+
* If the event's PMU name starts to repeat, it must be a new
1398
+
* event. That can be used to distinguish the leader from
1399
+
* other members, even they have the same event name.
1400
+
*/
1401
+
if ((leader != evsel) && (leader->pmu_name == evsel->pmu_name)) {
1402
+
is_leader = false;
1403
+
continue;
1404
+
}
1405
+
/* The name is always alias name */
1406
+
WARN_ON(strcmp(leader->name, evsel->name));
1407
+
1408
+
/* Store the leader event for each PMU */
1409
+
leaders[nr_pmu++] = (uintptr_t) evsel;
1410
+
}
1411
+
1412
+
/* only one event alias */
1413
+
if (nr_pmu == total_members) {
1414
+
parse_state->nr_groups--;
1415
+
goto handled;
1416
+
}
1417
+
1418
+
/*
1419
+
* An uncore event alias is a joint name which means the same event
1420
+
* runs on all PMUs of a block.
1421
+
* Perf doesn't support mixed events from different PMUs in the same
1422
+
* group. The big group has to be split into multiple small groups
1423
+
* which only include the events from the same PMU.
1424
+
*
1425
+
* Here the uncore event aliases must be from the same uncore block.
1426
+
* The number of PMUs must be same for each alias. The number of new
1427
+
* small groups equals to the number of PMUs.
1428
+
* Setting the leader event for corresponding members in each group.
1429
+
*/
1430
+
i = 0;
1431
+
__evlist__for_each_entry(list, evsel) {
1432
+
if (i >= nr_pmu)
1433
+
i = 0;
1434
+
evsel->leader = (struct perf_evsel *) leaders[i++];
1435
+
}
1436
+
1437
+
/* The number of members and group name are same for each group */
1438
+
for (i = 0; i < nr_pmu; i++) {
1439
+
evsel = (struct perf_evsel *) leaders[i];
1440
+
evsel->nr_members = total_members / nr_pmu;
1441
+
evsel->group_name = name ? strdup(name) : NULL;
1442
+
}
1443
+
1444
+
/* Take the new small groups into account */
1445
+
parse_state->nr_groups += nr_pmu - 1;
1446
+
1447
+
handled:
1448
+
ret = 1;
1449
+
out:
1450
+
free(leaders);
1451
+
return ret;
1452
+
}
1453
+
1454
+
void parse_events__set_leader(char *name, struct list_head *list,
1455
+
struct parse_events_state *parse_state)
1351
1456
{
1352
1457
struct perf_evsel *leader;
1353
1458
···
1468
1347
WARN_ONCE(true, "WARNING: failed to set leader: empty list");
1469
1348
return;
1470
1349
}
1350
+
1351
+
if (parse_events__set_leader_for_uncore_aliase(name, list, parse_state))
1352
+
return;
1471
1353
1472
1354
__perf_evlist__set_leader(list);
1473
1355
leader = list_entry(list->next, struct perf_evsel, node);
+5
-2
tools/perf/util/parse-events.h
+5
-2
tools/perf/util/parse-events.h
···
167
167
void *ptr, char *type, u64 len);
168
168
int parse_events_add_pmu(struct parse_events_state *parse_state,
169
169
struct list_head *list, char *name,
170
-
struct list_head *head_config, bool auto_merge_stats);
170
+
struct list_head *head_config,
171
+
bool auto_merge_stats,
172
+
bool use_alias);
171
173
172
174
int parse_events_multi_pmu_add(struct parse_events_state *parse_state,
173
175
char *str,
···
180
178
181
179
enum perf_pmu_event_symbol_type
182
180
perf_pmu__parse_check(const char *name);
183
-
void parse_events__set_leader(char *name, struct list_head *list);
181
+
void parse_events__set_leader(char *name, struct list_head *list,
182
+
struct parse_events_state *parse_state);
184
183
void parse_events_update_lists(struct list_head *list_event,
185
184
struct list_head *list_all);
186
185
void parse_events_evlist_error(struct parse_events_state *parse_state,
+4
-4
tools/perf/util/parse-events.y
+4
-4
tools/perf/util/parse-events.y
···
161
161
struct list_head *list = $3;
162
162
163
163
inc_group_count(list, _parse_state);
164
-
parse_events__set_leader($1, list);
164
+
parse_events__set_leader($1, list, _parse_state);
165
165
$$ = list;
166
166
}
167
167
|
···
170
170
struct list_head *list = $2;
171
171
172
172
inc_group_count(list, _parse_state);
173
-
parse_events__set_leader(NULL, list);
173
+
parse_events__set_leader(NULL, list, _parse_state);
174
174
$$ = list;
175
175
}
176
176
···
232
232
YYABORT;
233
233
234
234
ALLOC_LIST(list);
235
-
if (parse_events_add_pmu(_parse_state, list, $1, $2, false)) {
235
+
if (parse_events_add_pmu(_parse_state, list, $1, $2, false, false)) {
236
236
struct perf_pmu *pmu = NULL;
237
237
int ok = 0;
238
238
char *pattern;
···
251
251
free(pattern);
252
252
YYABORT;
253
253
}
254
-
if (!parse_events_add_pmu(_parse_state, list, pmu->name, terms, true))
254
+
if (!parse_events_add_pmu(_parse_state, list, pmu->name, terms, true, false))
255
255
ok++;
256
256
parse_events_terms__delete(terms);
257
257
}
+2
tools/perf/util/scripting-engines/trace-event-python.c
+2
tools/perf/util/scripting-engines/trace-event-python.c
···
531
531
PyLong_FromUnsignedLongLong(sample->period));
532
532
pydict_set_item_string_decref(dict_sample, "phys_addr",
533
533
PyLong_FromUnsignedLongLong(sample->phys_addr));
534
+
pydict_set_item_string_decref(dict_sample, "addr",
535
+
PyLong_FromUnsignedLongLong(sample->addr));
534
536
set_sample_read_in_dict(dict_sample, sample, evsel);
535
537
pydict_set_item_string_decref(dict, "sample", dict_sample);
536
538
+7
tools/testing/radix-tree/idr-test.c
+7
tools/testing/radix-tree/idr-test.c
···
252
252
idr_remove(&idr, 3);
253
253
idr_remove(&idr, 0);
254
254
255
+
assert(idr_alloc(&idr, DUMMY_PTR, 0, 0, GFP_KERNEL) == 0);
256
+
idr_remove(&idr, 1);
257
+
for (i = 1; i < RADIX_TREE_MAP_SIZE; i++)
258
+
assert(idr_alloc(&idr, DUMMY_PTR, 0, 0, GFP_KERNEL) == i);
259
+
idr_remove(&idr, 1 << 30);
260
+
idr_destroy(&idr);
261
+
255
262
for (i = INT_MAX - 3UL; i < INT_MAX + 1UL; i++) {
256
263
struct item *item = item_create(i, 0);
257
264
assert(idr_alloc(&idr, item, i, i + 10, GFP_KERNEL) == i);
+2
tools/testing/selftests/bpf/config
+2
tools/testing/selftests/bpf/config
+5
tools/testing/selftests/bpf/test_verifier.c
+5
tools/testing/selftests/bpf/test_verifier.c
···
11713
11713
FILE *fd;
11714
11714
11715
11715
fd = fopen("/proc/sys/"UNPRIV_SYSCTL, "r");
11716
+
if (!fd) {
11717
+
perror("fopen /proc/sys/"UNPRIV_SYSCTL);
11718
+
unpriv_disabled = true;
11719
+
return;
11720
+
}
11716
11721
if (fgets(buf, 2, fd) == buf && atoi(buf))
11717
11722
unpriv_disabled = true;
11718
11723
fclose(fd);
+5
tools/testing/selftests/net/config
+5
tools/testing/selftests/net/config
+3
-1
tools/testing/selftests/net/reuseport_bpf_numa.c
+3
-1
tools/testing/selftests/net/reuseport_bpf_numa.c
···
23
23
#include <unistd.h>
24
24
#include <numa.h>
25
25
26
+
#include "../kselftest.h"
27
+
26
28
static const int PORT = 8888;
27
29
28
30
static void build_rcv_group(int *rcv_fd, size_t len, int family, int proto)
···
231
229
int *rcv_fd, nodes;
232
230
233
231
if (numa_available() < 0)
234
-
error(1, errno, "no numa api support");
232
+
ksft_exit_skip("no numa api support\n");
235
233
236
234
nodes = numa_max_node() + 1;
237
235
+19
-3
tools/testing/selftests/seccomp/seccomp_bpf.c
+19
-3
tools/testing/selftests/seccomp/seccomp_bpf.c
···
134
134
#endif
135
135
136
136
#ifndef SECCOMP_FILTER_FLAG_TSYNC
137
-
#define SECCOMP_FILTER_FLAG_TSYNC 1
137
+
#define SECCOMP_FILTER_FLAG_TSYNC (1UL << 0)
138
138
#endif
139
139
140
140
#ifndef SECCOMP_FILTER_FLAG_LOG
141
-
#define SECCOMP_FILTER_FLAG_LOG 2
141
+
#define SECCOMP_FILTER_FLAG_LOG (1UL << 1)
142
+
#endif
143
+
144
+
#ifndef SECCOMP_FILTER_FLAG_SPEC_ALLOW
145
+
#define SECCOMP_FILTER_FLAG_SPEC_ALLOW (1UL << 2)
142
146
#endif
143
147
144
148
#ifndef PTRACE_SECCOMP_GET_METADATA
···
2076
2072
TEST(detect_seccomp_filter_flags)
2077
2073
{
2078
2074
unsigned int flags[] = { SECCOMP_FILTER_FLAG_TSYNC,
2079
-
SECCOMP_FILTER_FLAG_LOG };
2075
+
SECCOMP_FILTER_FLAG_LOG,
2076
+
SECCOMP_FILTER_FLAG_SPEC_ALLOW };
2080
2077
unsigned int flag, all_flags;
2081
2078
int i;
2082
2079
long ret;
2083
2080
2084
2081
/* Test detection of known-good filter flags */
2085
2082
for (i = 0, all_flags = 0; i < ARRAY_SIZE(flags); i++) {
2083
+
int bits = 0;
2084
+
2086
2085
flag = flags[i];
2086
+
/* Make sure the flag is a single bit! */
2087
+
while (flag) {
2088
+
if (flag & 0x1)
2089
+
bits ++;
2090
+
flag >>= 1;
2091
+
}
2092
+
ASSERT_EQ(1, bits);
2093
+
flag = flags[i];
2094
+
2087
2095
ret = seccomp(SECCOMP_SET_MODE_FILTER, flag, NULL);
2088
2096
ASSERT_NE(ENOSYS, errno) {
2089
2097
TH_LOG("Kernel does not support seccomp syscall!");