Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

+2 -2

arch/arm/boot/dts/da850-lcdk.dts

··· 293 293 label = "u-boot env"; 294 294 reg = <0 0x020000>; 295 295 }; 296 - partition@0x020000 { 296 + partition@20000 { 297 297 /* The LCDK defaults to booting from this partition */ 298 298 label = "u-boot"; 299 299 reg = <0x020000 0x080000>; 300 300 }; 301 - partition@0x0a0000 { 301 + partition@a0000 { 302 302 label = "free space"; 303 303 reg = <0x0a0000 0>; 304 304 };

+8 -2

arch/arm/boot/dts/kirkwood-openblocks_a7.dts

··· 53 53 }; 54 54 55 55 pinctrl: pin-controller@10000 { 56 - pinctrl-0 = <&pmx_dip_switches &pmx_gpio_header>; 56 + pinctrl-0 = <&pmx_dip_switches &pmx_gpio_header 57 + &pmx_gpio_header_gpo>; 57 58 pinctrl-names = "default"; 58 59 59 60 pmx_uart0: pmx-uart0 { ··· 86 85 * ground. 87 86 */ 88 87 pmx_gpio_header: pmx-gpio-header { 89 - marvell,pins = "mpp17", "mpp7", "mpp29", "mpp28", 88 + marvell,pins = "mpp17", "mpp29", "mpp28", 90 89 "mpp35", "mpp34", "mpp40"; 91 90 marvell,function = "gpio"; 91 + }; 92 + 93 + pmx_gpio_header_gpo: pxm-gpio-header-gpo { 94 + marvell,pins = "mpp7"; 95 + marvell,function = "gpo"; 92 96 }; 93 97 94 98 pmx_gpio_init: pmx-init {

+1 -1

arch/arm/boot/dts/sun4i-a10.dtsi

··· 1104 1104 1105 1105 be1_out_tcon0: endpoint@0 { 1106 1106 reg = <0>; 1107 - remote-endpoint = <&tcon1_in_be0>; 1107 + remote-endpoint = <&tcon0_in_be1>; 1108 1108 }; 1109 1109 1110 1110 be1_out_tcon1: endpoint@1 {

+1 -1

arch/arm/boot/dts/sun7i-a20.dtsi

··· 1354 1354 1355 1355 be1_out_tcon0: endpoint@0 { 1356 1356 reg = <0>; 1357 - remote-endpoint = <&tcon1_in_be0>; 1357 + remote-endpoint = <&tcon0_in_be1>; 1358 1358 }; 1359 1359 1360 1360 be1_out_tcon1: endpoint@1 {

+2

arch/arm/configs/sunxi_defconfig

··· 10 10 CONFIG_NR_CPUS=8 11 11 CONFIG_AEABI=y 12 12 CONFIG_HIGHMEM=y 13 + CONFIG_CMA=y 13 14 CONFIG_ARM_APPENDED_DTB=y 14 15 CONFIG_ARM_ATAG_DTB_COMPAT=y 15 16 CONFIG_CPU_FREQ=y ··· 34 33 # CONFIG_WIRELESS is not set 35 34 CONFIG_DEVTMPFS=y 36 35 CONFIG_DEVTMPFS_MOUNT=y 36 + CONFIG_DMA_CMA=y 37 37 CONFIG_BLK_DEV_SD=y 38 38 CONFIG_ATA=y 39 39 CONFIG_AHCI_SUNXI=y

+111 -114

arch/arm/net/bpf_jit_32.c

··· 27 27 28 28 int bpf_jit_enable __read_mostly; 29 29 30 + /* 31 + * eBPF prog stack layout: 32 + * 33 + * high 34 + * original ARM_SP => +-----+ 35 + * | | callee saved registers 36 + * +-----+ <= (BPF_FP + SCRATCH_SIZE) 37 + * | ... | eBPF JIT scratch space 38 + * eBPF fp register => +-----+ 39 + * (BPF_FP) | ... | eBPF prog stack 40 + * +-----+ 41 + * |RSVD | JIT scratchpad 42 + * current ARM_SP => +-----+ <= (BPF_FP - STACK_SIZE + SCRATCH_SIZE) 43 + * | | 44 + * | ... | Function call stack 45 + * | | 46 + * +-----+ 47 + * low 48 + * 49 + * The callee saved registers depends on whether frame pointers are enabled. 50 + * With frame pointers (to be compliant with the ABI): 51 + * 52 + * high 53 + * original ARM_SP => +------------------+ \ 54 + * | pc | | 55 + * current ARM_FP => +------------------+ } callee saved registers 56 + * |r4-r8,r10,fp,ip,lr| | 57 + * +------------------+ / 58 + * low 59 + * 60 + * Without frame pointers: 61 + * 62 + * high 63 + * original ARM_SP => +------------------+ 64 + * | r4-r8,r10,fp,lr | callee saved registers 65 + * current ARM_FP => +------------------+ 66 + * low 67 + * 68 + * When popping registers off the stack at the end of a BPF function, we 69 + * reference them via the current ARM_FP register. 70 + */ 71 + #define CALLEE_MASK (1 << ARM_R4 | 1 << ARM_R5 | 1 << ARM_R6 | \ 72 + 1 << ARM_R7 | 1 << ARM_R8 | 1 << ARM_R10 | \ 73 + 1 << ARM_FP) 74 + #define CALLEE_PUSH_MASK (CALLEE_MASK | 1 << ARM_LR) 75 + #define CALLEE_POP_MASK (CALLEE_MASK | 1 << ARM_PC) 76 + 30 77 #define STACK_OFFSET(k) (k) 31 78 #define TMP_REG_1 (MAX_BPF_JIT_REG + 0) /* TEMP Register 1 */ 32 79 #define TMP_REG_2 (MAX_BPF_JIT_REG + 1) /* TEMP Register 2 */ 33 80 #define TCALL_CNT (MAX_BPF_JIT_REG + 2) /* Tail Call Count */ 34 - 35 - /* Flags used for JIT optimization */ 36 - #define SEEN_CALL (1 << 0) 37 81 38 82 #define FLAG_IMM_OVERFLOW (1 << 0) 39 83 ··· 139 95 * idx : index of current last JITed instruction. 140 96 * prologue_bytes : bytes used in prologue. 141 97 * epilogue_offset : offset of epilogue starting. 142 - * seen : bit mask used for JIT optimization. 143 98 * offsets : array of eBPF instruction offsets in 144 99 * JITed code. 145 100 * target : final JITed code. ··· 153 110 unsigned int idx; 154 111 unsigned int prologue_bytes; 155 112 unsigned int epilogue_offset; 156 - u32 seen; 157 113 u32 flags; 158 114 u32 *offsets; 159 115 u32 *target; ··· 221 179 *ptr++ = __opcode_to_mem_arm(ARM_INST_UDF); 222 180 } 223 181 224 - /* Stack must be multiples of 16 Bytes */ 225 - #define STACK_ALIGN(sz) (((sz) + 3) & ~3) 182 + #if defined(CONFIG_AEABI) && (__LINUX_ARM_ARCH__ >= 5) 183 + /* EABI requires the stack to be aligned to 64-bit boundaries */ 184 + #define STACK_ALIGNMENT 8 185 + #else 186 + /* Stack must be aligned to 32-bit boundaries */ 187 + #define STACK_ALIGNMENT 4 188 + #endif 226 189 227 190 /* Stack space for BPF_REG_2, BPF_REG_3, BPF_REG_4, 228 191 * BPF_REG_5, BPF_REG_7, BPF_REG_8, BPF_REG_9, ··· 241 194 + SCRATCH_SIZE + \ 242 195 + 4 /* extra for skb_copy_bits buffer */) 243 196 244 - #define STACK_SIZE STACK_ALIGN(_STACK_SIZE) 197 + #define STACK_SIZE ALIGN(_STACK_SIZE, STACK_ALIGNMENT) 245 198 246 199 /* Get the offset of eBPF REGISTERs stored on scratch space. */ 247 200 #define STACK_VAR(off) (STACK_SIZE-off-4) ··· 332 285 emit_mov_i_no8m(rd, val, ctx); 333 286 } 334 287 335 - static inline void emit_blx_r(u8 tgt_reg, struct jit_ctx *ctx) 288 + static void emit_bx_r(u8 tgt_reg, struct jit_ctx *ctx) 336 289 { 337 - ctx->seen |= SEEN_CALL; 338 - #if __LINUX_ARM_ARCH__ < 5 339 - emit(ARM_MOV_R(ARM_LR, ARM_PC), ctx); 340 - 341 290 if (elf_hwcap & HWCAP_THUMB) 342 291 emit(ARM_BX(tgt_reg), ctx); 343 292 else 344 293 emit(ARM_MOV_R(ARM_PC, tgt_reg), ctx); 294 + } 295 + 296 + static inline void emit_blx_r(u8 tgt_reg, struct jit_ctx *ctx) 297 + { 298 + #if __LINUX_ARM_ARCH__ < 5 299 + emit(ARM_MOV_R(ARM_LR, ARM_PC), ctx); 300 + emit_bx_r(tgt_reg, ctx); 345 301 #else 346 302 emit(ARM_BLX_R(tgt_reg), ctx); 347 303 #endif ··· 404 354 } 405 355 406 356 /* Call appropriate function */ 407 - ctx->seen |= SEEN_CALL; 408 357 emit_mov_i(ARM_IP, op == BPF_DIV ? 409 358 (u32)jit_udiv32 : (u32)jit_mod32, ctx); 410 359 emit_blx_r(ARM_IP, ctx); ··· 669 620 /* Do LSH operation */ 670 621 emit(ARM_SUB_I(ARM_IP, rt, 32), ctx); 671 622 emit(ARM_RSB_I(tmp2[0], rt, 32), ctx); 672 - /* As we are using ARM_LR */ 673 - ctx->seen |= SEEN_CALL; 674 623 emit(ARM_MOV_SR(ARM_LR, rm, SRTYPE_ASL, rt), ctx); 675 624 emit(ARM_ORR_SR(ARM_LR, ARM_LR, rd, SRTYPE_ASL, ARM_IP), ctx); 676 625 emit(ARM_ORR_SR(ARM_IP, ARM_LR, rd, SRTYPE_LSR, tmp2[0]), ctx); ··· 703 656 /* Do the ARSH operation */ 704 657 emit(ARM_RSB_I(ARM_IP, rt, 32), ctx); 705 658 emit(ARM_SUBS_I(tmp2[0], rt, 32), ctx); 706 - /* As we are using ARM_LR */ 707 - ctx->seen |= SEEN_CALL; 708 659 emit(ARM_MOV_SR(ARM_LR, rd, SRTYPE_LSR, rt), ctx); 709 660 emit(ARM_ORR_SR(ARM_LR, ARM_LR, rm, SRTYPE_ASL, ARM_IP), ctx); 710 661 _emit(ARM_COND_MI, ARM_B(0), ctx); ··· 737 692 /* Do LSH operation */ 738 693 emit(ARM_RSB_I(ARM_IP, rt, 32), ctx); 739 694 emit(ARM_SUBS_I(tmp2[0], rt, 32), ctx); 740 - /* As we are using ARM_LR */ 741 - ctx->seen |= SEEN_CALL; 742 695 emit(ARM_MOV_SR(ARM_LR, rd, SRTYPE_LSR, rt), ctx); 743 696 emit(ARM_ORR_SR(ARM_LR, ARM_LR, rm, SRTYPE_ASL, ARM_IP), ctx); 744 697 emit(ARM_ORR_SR(ARM_LR, ARM_LR, rm, SRTYPE_LSR, tmp2[0]), ctx); ··· 871 828 /* Do Multiplication */ 872 829 emit(ARM_MUL(ARM_IP, rd, rn), ctx); 873 830 emit(ARM_MUL(ARM_LR, rm, rt), ctx); 874 - /* As we are using ARM_LR */ 875 - ctx->seen |= SEEN_CALL; 876 831 emit(ARM_ADD_R(ARM_LR, ARM_IP, ARM_LR), ctx); 877 832 878 833 emit(ARM_UMULL(ARM_IP, rm, rd, rt), ctx); ··· 913 872 } 914 873 915 874 /* dst = *(size*)(src + off) */ 916 - static inline void emit_ldx_r(const u8 dst, const u8 src, bool dstk, 917 - const s32 off, struct jit_ctx *ctx, const u8 sz){ 875 + static inline void emit_ldx_r(const u8 dst[], const u8 src, bool dstk, 876 + s32 off, struct jit_ctx *ctx, const u8 sz){ 918 877 const u8 *tmp = bpf2a32[TMP_REG_1]; 919 - u8 rd = dstk ? tmp[1] : dst; 878 + const u8 *rd = dstk ? tmp : dst; 920 879 u8 rm = src; 880 + s32 off_max; 921 881 922 - if (off) { 882 + if (sz == BPF_H) 883 + off_max = 0xff; 884 + else 885 + off_max = 0xfff; 886 + 887 + if (off < 0 || off > off_max) { 923 888 emit_a32_mov_i(tmp[0], off, false, ctx); 924 889 emit(ARM_ADD_R(tmp[0], tmp[0], src), ctx); 925 890 rm = tmp[0]; 891 + off = 0; 892 + } else if (rd[1] == rm) { 893 + emit(ARM_MOV_R(tmp[0], rm), ctx); 894 + rm = tmp[0]; 926 895 } 927 896 switch (sz) { 928 - case BPF_W: 929 - /* Load a Word */ 930 - emit(ARM_LDR_I(rd, rm, 0), ctx); 897 + case BPF_B: 898 + /* Load a Byte */ 899 + emit(ARM_LDRB_I(rd[1], rm, off), ctx); 900 + emit_a32_mov_i(dst[0], 0, dstk, ctx); 931 901 break; 932 902 case BPF_H: 933 903 /* Load a HalfWord */ 934 - emit(ARM_LDRH_I(rd, rm, 0), ctx); 904 + emit(ARM_LDRH_I(rd[1], rm, off), ctx); 905 + emit_a32_mov_i(dst[0], 0, dstk, ctx); 935 906 break; 936 - case BPF_B: 937 - /* Load a Byte */ 938 - emit(ARM_LDRB_I(rd, rm, 0), ctx); 907 + case BPF_W: 908 + /* Load a Word */ 909 + emit(ARM_LDR_I(rd[1], rm, off), ctx); 910 + emit_a32_mov_i(dst[0], 0, dstk, ctx); 911 + break; 912 + case BPF_DW: 913 + /* Load a Double Word */ 914 + emit(ARM_LDR_I(rd[1], rm, off), ctx); 915 + emit(ARM_LDR_I(rd[0], rm, off + 4), ctx); 939 916 break; 940 917 } 941 918 if (dstk) 942 - emit(ARM_STR_I(rd, ARM_SP, STACK_VAR(dst)), ctx); 919 + emit(ARM_STR_I(rd[1], ARM_SP, STACK_VAR(dst[1])), ctx); 920 + if (dstk && sz == BPF_DW) 921 + emit(ARM_STR_I(rd[0], ARM_SP, STACK_VAR(dst[0])), ctx); 943 922 } 944 923 945 924 /* Arithmatic Operation */ ··· 967 906 const u8 rn, struct jit_ctx *ctx, u8 op) { 968 907 switch (op) { 969 908 case BPF_JSET: 970 - ctx->seen |= SEEN_CALL; 971 909 emit(ARM_AND_R(ARM_IP, rt, rn), ctx); 972 910 emit(ARM_AND_R(ARM_LR, rd, rm), ctx); 973 911 emit(ARM_ORRS_R(ARM_IP, ARM_LR, ARM_IP), ctx); ··· 1005 945 const u8 *tcc = bpf2a32[TCALL_CNT]; 1006 946 const int idx0 = ctx->idx; 1007 947 #define cur_offset (ctx->idx - idx0) 1008 - #define jmp_offset (out_offset - (cur_offset)) 948 + #define jmp_offset (out_offset - (cur_offset) - 2) 1009 949 u32 off, lo, hi; 1010 950 1011 951 /* if (index >= array->map.max_entries) ··· 1016 956 emit_a32_mov_i(tmp[1], off, false, ctx); 1017 957 emit(ARM_LDR_I(tmp2[1], ARM_SP, STACK_VAR(r2[1])), ctx); 1018 958 emit(ARM_LDR_R(tmp[1], tmp2[1], tmp[1]), ctx); 1019 - /* index (64 bit) */ 959 + /* index is 32-bit for arrays */ 1020 960 emit(ARM_LDR_I(tmp2[1], ARM_SP, STACK_VAR(r3[1])), ctx); 1021 961 /* index >= array->map.max_entries */ 1022 962 emit(ARM_CMP_R(tmp2[1], tmp[1]), ctx); ··· 1057 997 emit_a32_mov_i(tmp2[1], off, false, ctx); 1058 998 emit(ARM_LDR_R(tmp[1], tmp[1], tmp2[1]), ctx); 1059 999 emit(ARM_ADD_I(tmp[1], tmp[1], ctx->prologue_bytes), ctx); 1060 - emit(ARM_BX(tmp[1]), ctx); 1000 + emit_bx_r(tmp[1], ctx); 1061 1001 1062 1002 /* out: */ 1063 1003 if (out_offset == -1) ··· 1130 1070 const u8 r2 = bpf2a32[BPF_REG_1][1]; 1131 1071 const u8 r3 = bpf2a32[BPF_REG_1][0]; 1132 1072 const u8 r4 = bpf2a32[BPF_REG_6][1]; 1133 - const u8 r5 = bpf2a32[BPF_REG_6][0]; 1134 - const u8 r6 = bpf2a32[TMP_REG_1][1]; 1135 - const u8 r7 = bpf2a32[TMP_REG_1][0]; 1136 - const u8 r8 = bpf2a32[TMP_REG_2][1]; 1137 - const u8 r10 = bpf2a32[TMP_REG_2][0]; 1138 1073 const u8 fplo = bpf2a32[BPF_REG_FP][1]; 1139 1074 const u8 fphi = bpf2a32[BPF_REG_FP][0]; 1140 - const u8 sp = ARM_SP; 1141 1075 const u8 *tcc = bpf2a32[TCALL_CNT]; 1142 1076 1143 - u16 reg_set = 0; 1144 - 1145 - /* 1146 - * eBPF prog stack layout 1147 - * 1148 - * high 1149 - * original ARM_SP => +-----+ eBPF prologue 1150 - * |FP/LR| 1151 - * current ARM_FP => +-----+ 1152 - * | ... | callee saved registers 1153 - * eBPF fp register => +-----+ <= (BPF_FP) 1154 - * | ... | eBPF JIT scratch space 1155 - * | | eBPF prog stack 1156 - * +-----+ 1157 - * |RSVD | JIT scratchpad 1158 - * current A64_SP => +-----+ <= (BPF_FP - STACK_SIZE) 1159 - * | | 1160 - * | ... | Function call stack 1161 - * | | 1162 - * +-----+ 1163 - * low 1164 - */ 1165 - 1166 1077 /* Save callee saved registers. */ 1167 - reg_set |= (1<<r4) | (1<<r5) | (1<<r6) | (1<<r7) | (1<<r8) | (1<<r10); 1168 1078 #ifdef CONFIG_FRAME_POINTER 1169 - reg_set |= (1<<ARM_FP) | (1<<ARM_IP) | (1<<ARM_LR) | (1<<ARM_PC); 1170 - emit(ARM_MOV_R(ARM_IP, sp), ctx); 1079 + u16 reg_set = CALLEE_PUSH_MASK | 1 << ARM_IP | 1 << ARM_PC; 1080 + emit(ARM_MOV_R(ARM_IP, ARM_SP), ctx); 1171 1081 emit(ARM_PUSH(reg_set), ctx); 1172 1082 emit(ARM_SUB_I(ARM_FP, ARM_IP, 4), ctx); 1173 1083 #else 1174 - /* Check if call instruction exists in BPF body */ 1175 - if (ctx->seen & SEEN_CALL) 1176 - reg_set |= (1<<ARM_LR); 1177 - emit(ARM_PUSH(reg_set), ctx); 1084 + emit(ARM_PUSH(CALLEE_PUSH_MASK), ctx); 1085 + emit(ARM_MOV_R(ARM_FP, ARM_SP), ctx); 1178 1086 #endif 1179 1087 /* Save frame pointer for later */ 1180 - emit(ARM_SUB_I(ARM_IP, sp, SCRATCH_SIZE), ctx); 1088 + emit(ARM_SUB_I(ARM_IP, ARM_SP, SCRATCH_SIZE), ctx); 1181 1089 1182 1090 ctx->stack_size = imm8m(STACK_SIZE); 1183 1091 ··· 1168 1140 /* end of prologue */ 1169 1141 } 1170 1142 1143 + /* restore callee saved registers. */ 1171 1144 static void build_epilogue(struct jit_ctx *ctx) 1172 1145 { 1173 - const u8 r4 = bpf2a32[BPF_REG_6][1]; 1174 - const u8 r5 = bpf2a32[BPF_REG_6][0]; 1175 - const u8 r6 = bpf2a32[TMP_REG_1][1]; 1176 - const u8 r7 = bpf2a32[TMP_REG_1][0]; 1177 - const u8 r8 = bpf2a32[TMP_REG_2][1]; 1178 - const u8 r10 = bpf2a32[TMP_REG_2][0]; 1179 - u16 reg_set = 0; 1180 - 1181 - /* unwind function call stack */ 1182 - emit(ARM_ADD_I(ARM_SP, ARM_SP, ctx->stack_size), ctx); 1183 - 1184 - /* restore callee saved registers. */ 1185 - reg_set |= (1<<r4) | (1<<r5) | (1<<r6) | (1<<r7) | (1<<r8) | (1<<r10); 1186 1146 #ifdef CONFIG_FRAME_POINTER 1187 - /* the first instruction of the prologue was: mov ip, sp */ 1188 - reg_set |= (1<<ARM_FP) | (1<<ARM_SP) | (1<<ARM_PC); 1147 + /* When using frame pointers, some additional registers need to 1148 + * be loaded. */ 1149 + u16 reg_set = CALLEE_POP_MASK | 1 << ARM_SP; 1150 + emit(ARM_SUB_I(ARM_SP, ARM_FP, hweight16(reg_set) * 4), ctx); 1189 1151 emit(ARM_LDM(ARM_SP, reg_set), ctx); 1190 1152 #else 1191 - if (ctx->seen & SEEN_CALL) 1192 - reg_set |= (1<<ARM_PC); 1193 1153 /* Restore callee saved registers. */ 1194 - emit(ARM_POP(reg_set), ctx); 1195 - /* Return back to the callee function */ 1196 - if (!(ctx->seen & SEEN_CALL)) 1197 - emit(ARM_BX(ARM_LR), ctx); 1154 + emit(ARM_MOV_R(ARM_SP, ARM_FP), ctx); 1155 + emit(ARM_POP(CALLEE_POP_MASK), ctx); 1198 1156 #endif 1199 1157 } 1200 1158 ··· 1408 1394 emit_rev32(rt, rt, ctx); 1409 1395 goto emit_bswap_uxt; 1410 1396 case 64: 1411 - /* Because of the usage of ARM_LR */ 1412 - ctx->seen |= SEEN_CALL; 1413 1397 emit_rev32(ARM_LR, rt, ctx); 1414 1398 emit_rev32(rt, rd, ctx); 1415 1399 emit(ARM_MOV_R(rd, ARM_LR), ctx); ··· 1460 1448 rn = sstk ? tmp2[1] : src_lo; 1461 1449 if (sstk) 1462 1450 emit(ARM_LDR_I(rn, ARM_SP, STACK_VAR(src_lo)), ctx); 1463 - switch (BPF_SIZE(code)) { 1464 - case BPF_W: 1465 - /* Load a Word */ 1466 - case BPF_H: 1467 - /* Load a Half-Word */ 1468 - case BPF_B: 1469 - /* Load a Byte */ 1470 - emit_ldx_r(dst_lo, rn, dstk, off, ctx, BPF_SIZE(code)); 1471 - emit_a32_mov_i(dst_hi, 0, dstk, ctx); 1472 - break; 1473 - case BPF_DW: 1474 - /* Load a double word */ 1475 - emit_ldx_r(dst_lo, rn, dstk, off, ctx, BPF_W); 1476 - emit_ldx_r(dst_hi, rn, dstk, off+4, ctx, BPF_W); 1477 - break; 1478 - } 1451 + emit_ldx_r(dst, rn, dstk, off, ctx, BPF_SIZE(code)); 1479 1452 break; 1480 1453 /* R0 = ntohx(*(size *)(((struct sk_buff *)R6)->data + imm)) */ 1481 1454 case BPF_LD | BPF_ABS | BPF_W:

+1

arch/arm64/boot/dts/altera/socfpga_stratix10.dtsi

··· 66 66 <&cpu1>, 67 67 <&cpu2>, 68 68 <&cpu3>; 69 + interrupt-parent = <&intc>; 69 70 }; 70 71 71 72 psci {

+8 -5

arch/arm64/boot/dts/marvell/armada-cp110-master.dtsi

··· 63 63 cpm_ethernet: ethernet@0 { 64 64 compatible = "marvell,armada-7k-pp22"; 65 65 reg = <0x0 0x100000>, <0x129000 0xb000>; 66 - clocks = <&cpm_clk 1 3>, <&cpm_clk 1 9>, <&cpm_clk 1 5>; 67 - clock-names = "pp_clk", "gop_clk", "mg_clk"; 66 + clocks = <&cpm_clk 1 3>, <&cpm_clk 1 9>, 67 + <&cpm_clk 1 5>, <&cpm_clk 1 18>; 68 + clock-names = "pp_clk", "gop_clk", 69 + "mg_clk","axi_clk"; 68 70 marvell,system-controller = <&cpm_syscon0>; 69 71 status = "disabled"; 70 72 dma-coherent; ··· 157 155 #size-cells = <0>; 158 156 compatible = "marvell,orion-mdio"; 159 157 reg = <0x12a200 0x10>; 160 - clocks = <&cpm_clk 1 9>, <&cpm_clk 1 5>; 158 + clocks = <&cpm_clk 1 9>, <&cpm_clk 1 5>, 159 + <&cpm_clk 1 6>, <&cpm_clk 1 18>; 161 160 status = "disabled"; 162 161 }; 163 162 ··· 341 338 compatible = "marvell,armada-cp110-sdhci"; 342 339 reg = <0x780000 0x300>; 343 340 interrupts = <ICU_GRP_NSR 27 IRQ_TYPE_LEVEL_HIGH>; 344 - clock-names = "core"; 345 - clocks = <&cpm_clk 1 4>; 341 + clock-names = "core","axi"; 342 + clocks = <&cpm_clk 1 4>, <&cpm_clk 1 18>; 346 343 dma-coherent; 347 344 status = "disabled"; 348 345 };

+6 -3

arch/arm64/boot/dts/marvell/armada-cp110-slave.dtsi

··· 63 63 cps_ethernet: ethernet@0 { 64 64 compatible = "marvell,armada-7k-pp22"; 65 65 reg = <0x0 0x100000>, <0x129000 0xb000>; 66 - clocks = <&cps_clk 1 3>, <&cps_clk 1 9>, <&cps_clk 1 5>; 67 - clock-names = "pp_clk", "gop_clk", "mg_clk"; 66 + clocks = <&cps_clk 1 3>, <&cps_clk 1 9>, 67 + <&cps_clk 1 5>, <&cps_clk 1 18>; 68 + clock-names = "pp_clk", "gop_clk", 69 + "mg_clk", "axi_clk"; 68 70 marvell,system-controller = <&cps_syscon0>; 69 71 status = "disabled"; 70 72 dma-coherent; ··· 157 155 #size-cells = <0>; 158 156 compatible = "marvell,orion-mdio"; 159 157 reg = <0x12a200 0x10>; 160 - clocks = <&cps_clk 1 9>, <&cps_clk 1 5>; 158 + clocks = <&cps_clk 1 9>, <&cps_clk 1 5>, 159 + <&cps_clk 1 6>, <&cps_clk 1 18>; 161 160 status = "disabled"; 162 161 }; 163 162

+11 -9

arch/arm64/net/bpf_jit_comp.c

··· 162 162 /* Stack must be multiples of 16B */ 163 163 #define STACK_ALIGN(sz) (((sz) + 15) & ~15) 164 164 165 - #define PROLOGUE_OFFSET 8 165 + /* Tail call offset to jump into */ 166 + #define PROLOGUE_OFFSET 7 166 167 167 168 static int build_prologue(struct jit_ctx *ctx) 168 169 { ··· 215 214 /* Initialize tail_call_cnt */ 216 215 emit(A64_MOVZ(1, tcc, 0, 0), ctx); 217 216 218 - /* 4 byte extra for skb_copy_bits buffer */ 219 - ctx->stack_size = prog->aux->stack_depth + 4; 220 - ctx->stack_size = STACK_ALIGN(ctx->stack_size); 221 - 222 - /* Set up function call stack */ 223 - emit(A64_SUB_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); 224 - 225 217 cur_offset = ctx->idx - idx0; 226 218 if (cur_offset != PROLOGUE_OFFSET) { 227 219 pr_err_once("PROLOGUE_OFFSET = %d, expected %d!\n", 228 220 cur_offset, PROLOGUE_OFFSET); 229 221 return -1; 230 222 } 223 + 224 + /* 4 byte extra for skb_copy_bits buffer */ 225 + ctx->stack_size = prog->aux->stack_depth + 4; 226 + ctx->stack_size = STACK_ALIGN(ctx->stack_size); 227 + 228 + /* Set up function call stack */ 229 + emit(A64_SUB_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); 231 230 return 0; 232 231 } 233 232 ··· 275 274 emit(A64_LDR64(prg, tmp, prg), ctx); 276 275 emit(A64_CBZ(1, prg, jmp_offset), ctx); 277 276 278 - /* goto *(prog->bpf_func + prologue_size); */ 277 + /* goto *(prog->bpf_func + prologue_offset); */ 279 278 off = offsetof(struct bpf_prog, bpf_func); 280 279 emit_a64_mov_i64(tmp, off, ctx); 281 280 emit(A64_LDR64(tmp, prg, tmp), ctx); 282 281 emit(A64_ADD_I(1, tmp, tmp, sizeof(u32) * PROLOGUE_OFFSET), ctx); 282 + emit(A64_ADD_I(1, A64_SP, A64_SP, ctx->stack_size), ctx); 283 283 emit(A64_BR(tmp), ctx); 284 284 285 285 /* out: */

+19 -18

arch/ia64/include/asm/atomic.h

··· 65 65 ATOMIC_OPS(add, +) 66 66 ATOMIC_OPS(sub, -) 67 67 68 - #define atomic_add_return(i,v) \ 68 + #ifdef __OPTIMIZE__ 69 + #define __ia64_atomic_const(i) __builtin_constant_p(i) ? \ 70 + ((i) == 1 || (i) == 4 || (i) == 8 || (i) == 16 || \ 71 + (i) == -1 || (i) == -4 || (i) == -8 || (i) == -16) : 0 72 + 73 + #define atomic_add_return(i, v) \ 69 74 ({ \ 70 - int __ia64_aar_i = (i); \ 71 - (__builtin_constant_p(i) \ 72 - && ( (__ia64_aar_i == 1) || (__ia64_aar_i == 4) \ 73 - || (__ia64_aar_i == 8) || (__ia64_aar_i == 16) \ 74 - || (__ia64_aar_i == -1) || (__ia64_aar_i == -4) \ 75 - || (__ia64_aar_i == -8) || (__ia64_aar_i == -16))) \ 76 - ? ia64_fetch_and_add(__ia64_aar_i, &(v)->counter) \ 77 - : ia64_atomic_add(__ia64_aar_i, v); \ 75 + int __i = (i); \ 76 + static const int __ia64_atomic_p = __ia64_atomic_const(i); \ 77 + __ia64_atomic_p ? ia64_fetch_and_add(__i, &(v)->counter) : \ 78 + ia64_atomic_add(__i, v); \ 78 79 }) 79 80 80 - #define atomic_sub_return(i,v) \ 81 + #define atomic_sub_return(i, v) \ 81 82 ({ \ 82 - int __ia64_asr_i = (i); \ 83 - (__builtin_constant_p(i) \ 84 - && ( (__ia64_asr_i == 1) || (__ia64_asr_i == 4) \ 85 - || (__ia64_asr_i == 8) || (__ia64_asr_i == 16) \ 86 - || (__ia64_asr_i == -1) || (__ia64_asr_i == -4) \ 87 - || (__ia64_asr_i == -8) || (__ia64_asr_i == -16))) \ 88 - ? ia64_fetch_and_add(-__ia64_asr_i, &(v)->counter) \ 89 - : ia64_atomic_sub(__ia64_asr_i, v); \ 83 + int __i = (i); \ 84 + static const int __ia64_atomic_p = __ia64_atomic_const(i); \ 85 + __ia64_atomic_p ? ia64_fetch_and_add(-__i, &(v)->counter) : \ 86 + ia64_atomic_sub(__i, v); \ 90 87 }) 88 + #else 89 + #define atomic_add_return(i, v) ia64_atomic_add(i, v) 90 + #define atomic_sub_return(i, v) ia64_atomic_sub(i, v) 91 + #endif 91 92 92 93 #define atomic_fetch_add(i,v) \ 93 94 ({ \

+1

arch/powerpc/Kconfig

··· 166 166 select GENERIC_CLOCKEVENTS_BROADCAST if SMP 167 167 select GENERIC_CMOS_UPDATE 168 168 select GENERIC_CPU_AUTOPROBE 169 + select GENERIC_CPU_VULNERABILITIES if PPC_BOOK3S_64 169 170 select GENERIC_IRQ_SHOW 170 171 select GENERIC_IRQ_SHOW_LEVEL 171 172 select GENERIC_SMP_IDLE_THREAD

+1

arch/powerpc/include/asm/hvcall.h

··· 353 353 #define PROC_TABLE_GTSE 0x01 354 354 355 355 #ifndef __ASSEMBLY__ 356 + #include <linux/types.h> 356 357 357 358 /** 358 359 * plpar_hcall_norets: - Make a pseries hypervisor call with no return arguments

-11

arch/powerpc/kernel/setup-common.c

··· 242 242 unsigned short maj; 243 243 unsigned short min; 244 244 245 - /* We only show online cpus: disable preempt (overzealous, I 246 - * knew) to prevent cpu going down. */ 247 - preempt_disable(); 248 - if (!cpu_online(cpu_id)) { 249 - preempt_enable(); 250 - return 0; 251 - } 252 - 253 245 #ifdef CONFIG_SMP 254 246 pvr = per_cpu(cpu_pvr, cpu_id); 255 247 #else ··· 350 358 #ifdef CONFIG_SMP 351 359 seq_printf(m, "\n"); 352 360 #endif 353 - 354 - preempt_enable(); 355 - 356 361 /* If this is the last cpu, print the summary */ 357 362 if (cpumask_next(cpu_id, cpu_online_mask) >= nr_cpu_ids) 358 363 show_cpuinfo_summary(m);

+38

arch/powerpc/kernel/setup_64.c

··· 38 38 #include <linux/memory.h> 39 39 #include <linux/nmi.h> 40 40 41 + #include <asm/debugfs.h> 41 42 #include <asm/io.h> 42 43 #include <asm/kdump.h> 43 44 #include <asm/prom.h> ··· 901 900 902 901 if (!no_rfi_flush) 903 902 rfi_flush_enable(enable); 903 + } 904 + 905 + #ifdef CONFIG_DEBUG_FS 906 + static int rfi_flush_set(void *data, u64 val) 907 + { 908 + if (val == 1) 909 + rfi_flush_enable(true); 910 + else if (val == 0) 911 + rfi_flush_enable(false); 912 + else 913 + return -EINVAL; 914 + 915 + return 0; 916 + } 917 + 918 + static int rfi_flush_get(void *data, u64 *val) 919 + { 920 + *val = rfi_flush ? 1 : 0; 921 + return 0; 922 + } 923 + 924 + DEFINE_SIMPLE_ATTRIBUTE(fops_rfi_flush, rfi_flush_get, rfi_flush_set, "%llu\n"); 925 + 926 + static __init int rfi_flush_debugfs_init(void) 927 + { 928 + debugfs_create_file("rfi_flush", 0600, powerpc_debugfs_root, NULL, &fops_rfi_flush); 929 + return 0; 930 + } 931 + device_initcall(rfi_flush_debugfs_init); 932 + #endif 933 + 934 + ssize_t cpu_show_meltdown(struct device *dev, struct device_attribute *attr, char *buf) 935 + { 936 + if (rfi_flush) 937 + return sprintf(buf, "Mitigation: RFI Flush\n"); 938 + 939 + return sprintf(buf, "Vulnerable\n"); 904 940 } 905 941 #endif /* CONFIG_PPC_BOOK3S_64 */

+15 -11

arch/powerpc/xmon/xmon.c

··· 2344 2344 DUMP(p, kernel_toc, "lx"); 2345 2345 DUMP(p, kernelbase, "lx"); 2346 2346 DUMP(p, kernel_msr, "lx"); 2347 - DUMP(p, emergency_sp, "p"); 2347 + DUMP(p, emergency_sp, "px"); 2348 2348 #ifdef CONFIG_PPC_BOOK3S_64 2349 - DUMP(p, nmi_emergency_sp, "p"); 2350 - DUMP(p, mc_emergency_sp, "p"); 2349 + DUMP(p, nmi_emergency_sp, "px"); 2350 + DUMP(p, mc_emergency_sp, "px"); 2351 2351 DUMP(p, in_nmi, "x"); 2352 2352 DUMP(p, in_mce, "x"); 2353 2353 DUMP(p, hmi_event_available, "x"); ··· 2375 2375 DUMP(p, slb_cache_ptr, "x"); 2376 2376 for (i = 0; i < SLB_CACHE_ENTRIES; i++) 2377 2377 printf(" slb_cache[%d]: = 0x%016lx\n", i, p->slb_cache[i]); 2378 + 2379 + DUMP(p, rfi_flush_fallback_area, "px"); 2380 + DUMP(p, l1d_flush_congruence, "llx"); 2381 + DUMP(p, l1d_flush_sets, "llx"); 2378 2382 #endif 2379 2383 DUMP(p, dscr_default, "llx"); 2380 2384 #ifdef CONFIG_PPC_BOOK3E 2381 - DUMP(p, pgd, "p"); 2382 - DUMP(p, kernel_pgd, "p"); 2383 - DUMP(p, tcd_ptr, "p"); 2384 - DUMP(p, mc_kstack, "p"); 2385 - DUMP(p, crit_kstack, "p"); 2386 - DUMP(p, dbg_kstack, "p"); 2385 + DUMP(p, pgd, "px"); 2386 + DUMP(p, kernel_pgd, "px"); 2387 + DUMP(p, tcd_ptr, "px"); 2388 + DUMP(p, mc_kstack, "px"); 2389 + DUMP(p, crit_kstack, "px"); 2390 + DUMP(p, dbg_kstack, "px"); 2387 2391 #endif 2388 - DUMP(p, __current, "p"); 2392 + DUMP(p, __current, "px"); 2389 2393 DUMP(p, kstack, "lx"); 2390 2394 printf(" kstack_base = 0x%016lx\n", p->kstack & ~(THREAD_SIZE - 1)); 2391 2395 DUMP(p, stab_rr, "lx"); ··· 2407 2403 #endif 2408 2404 2409 2405 #ifdef CONFIG_PPC_POWERNV 2410 - DUMP(p, core_idle_state_ptr, "p"); 2406 + DUMP(p, core_idle_state_ptr, "px"); 2411 2407 DUMP(p, thread_idle_state, "x"); 2412 2408 DUMP(p, thread_mask, "x"); 2413 2409 DUMP(p, subcore_sibling_mask, "x");

+11

arch/x86/entry/entry_32.S

··· 244 244 movl %ebx, PER_CPU_VAR(stack_canary)+stack_canary_offset 245 245 #endif 246 246 247 + #ifdef CONFIG_RETPOLINE 248 + /* 249 + * When switching from a shallower to a deeper call stack 250 + * the RSB may either underflow or use entries populated 251 + * with userspace addresses. On CPUs where those concerns 252 + * exist, overwrite the RSB with entries which capture 253 + * speculative execution to prevent attack. 254 + */ 255 + FILL_RETURN_BUFFER %ebx, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_CTXSW 256 + #endif 257 + 247 258 /* restore callee-saved registers */ 248 259 popl %esi 249 260 popl %edi

+11

arch/x86/entry/entry_64.S

··· 491 491 movq %rbx, PER_CPU_VAR(irq_stack_union)+stack_canary_offset 492 492 #endif 493 493 494 + #ifdef CONFIG_RETPOLINE 495 + /* 496 + * When switching from a shallower to a deeper call stack 497 + * the RSB may either underflow or use entries populated 498 + * with userspace addresses. On CPUs where those concerns 499 + * exist, overwrite the RSB with entries which capture 500 + * speculative execution to prevent attack. 501 + */ 502 + FILL_RETURN_BUFFER %r12, RSB_CLEAR_LOOPS, X86_FEATURE_RSB_CTXSW 503 + #endif 504 + 494 505 /* restore callee-saved registers */ 495 506 popq %r15 496 507 popq %r14

+2 -2

arch/x86/events/intel/rapl.c

··· 755 755 X86_RAPL_MODEL_MATCH(INTEL_FAM6_IVYBRIDGE_X, snbep_rapl_init), 756 756 757 757 X86_RAPL_MODEL_MATCH(INTEL_FAM6_HASWELL_CORE, hsw_rapl_init), 758 - X86_RAPL_MODEL_MATCH(INTEL_FAM6_HASWELL_X, hsw_rapl_init), 758 + X86_RAPL_MODEL_MATCH(INTEL_FAM6_HASWELL_X, hsx_rapl_init), 759 759 X86_RAPL_MODEL_MATCH(INTEL_FAM6_HASWELL_ULT, hsw_rapl_init), 760 760 X86_RAPL_MODEL_MATCH(INTEL_FAM6_HASWELL_GT3E, hsw_rapl_init), 761 761 762 762 X86_RAPL_MODEL_MATCH(INTEL_FAM6_BROADWELL_CORE, hsw_rapl_init), 763 763 X86_RAPL_MODEL_MATCH(INTEL_FAM6_BROADWELL_GT3E, hsw_rapl_init), 764 764 X86_RAPL_MODEL_MATCH(INTEL_FAM6_BROADWELL_X, hsx_rapl_init), 765 - X86_RAPL_MODEL_MATCH(INTEL_FAM6_BROADWELL_XEON_D, hsw_rapl_init), 765 + X86_RAPL_MODEL_MATCH(INTEL_FAM6_BROADWELL_XEON_D, hsx_rapl_init), 766 766 767 767 X86_RAPL_MODEL_MATCH(INTEL_FAM6_XEON_PHI_KNL, knl_rapl_init), 768 768 X86_RAPL_MODEL_MATCH(INTEL_FAM6_XEON_PHI_KNM, knl_rapl_init),

+1

arch/x86/include/asm/apic.h

··· 136 136 extern void disable_local_APIC(void); 137 137 extern void lapic_shutdown(void); 138 138 extern void sync_Arb_IDs(void); 139 + extern void init_bsp_APIC(void); 139 140 extern void apic_intr_mode_init(void); 140 141 extern void setup_local_APIC(void); 141 142 extern void init_apic_mappings(void);

+2 -1

arch/x86/include/asm/cpufeatures.h

··· 206 206 #define X86_FEATURE_RETPOLINE ( 7*32+12) /* Generic Retpoline mitigation for Spectre variant 2 */ 207 207 #define X86_FEATURE_RETPOLINE_AMD ( 7*32+13) /* AMD Retpoline mitigation for Spectre variant 2 */ 208 208 #define X86_FEATURE_INTEL_PPIN ( 7*32+14) /* Intel Processor Inventory Number */ 209 - #define X86_FEATURE_INTEL_PT ( 7*32+15) /* Intel Processor Trace */ 210 209 #define X86_FEATURE_AVX512_4VNNIW ( 7*32+16) /* AVX-512 Neural Network Instructions */ 211 210 #define X86_FEATURE_AVX512_4FMAPS ( 7*32+17) /* AVX-512 Multiply Accumulation Single precision */ 212 211 213 212 #define X86_FEATURE_MBA ( 7*32+18) /* Memory Bandwidth Allocation */ 213 + #define X86_FEATURE_RSB_CTXSW ( 7*32+19) /* Fill RSB on context switches */ 214 214 215 215 /* Virtualization flags: Linux defined, word 8 */ 216 216 #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ ··· 245 245 #define X86_FEATURE_AVX512IFMA ( 9*32+21) /* AVX-512 Integer Fused Multiply-Add instructions */ 246 246 #define X86_FEATURE_CLFLUSHOPT ( 9*32+23) /* CLFLUSHOPT instruction */ 247 247 #define X86_FEATURE_CLWB ( 9*32+24) /* CLWB instruction */ 248 + #define X86_FEATURE_INTEL_PT ( 9*32+25) /* Intel Processor Trace */ 248 249 #define X86_FEATURE_AVX512PF ( 9*32+26) /* AVX-512 Prefetch */ 249 250 #define X86_FEATURE_AVX512ER ( 9*32+27) /* AVX-512 Exponential and Reciprocal */ 250 251 #define X86_FEATURE_AVX512CD ( 9*32+28) /* AVX-512 Conflict Detection */

+2 -2

arch/x86/include/asm/mem_encrypt.h

··· 39 39 40 40 void __init sme_early_init(void); 41 41 42 - void __init sme_encrypt_kernel(void); 42 + void __init sme_encrypt_kernel(struct boot_params *bp); 43 43 void __init sme_enable(struct boot_params *bp); 44 44 45 45 int __init early_set_memory_decrypted(unsigned long vaddr, unsigned long size); ··· 67 67 68 68 static inline void __init sme_early_init(void) { } 69 69 70 - static inline void __init sme_encrypt_kernel(void) { } 70 + static inline void __init sme_encrypt_kernel(struct boot_params *bp) { } 71 71 static inline void __init sme_enable(struct boot_params *bp) { } 72 72 73 73 static inline bool sme_active(void) { return false; }

+5 -1

arch/x86/include/asm/nospec-branch.h

··· 11 11 * Fill the CPU return stack buffer. 12 12 * 13 13 * Each entry in the RSB, if used for a speculative 'ret', contains an 14 - * infinite 'pause; jmp' loop to capture speculative execution. 14 + * infinite 'pause; lfence; jmp' loop to capture speculative execution. 15 15 * 16 16 * This is required in various cases for retpoline and IBRS-based 17 17 * mitigations for the Spectre variant 2 vulnerability. Sometimes to ··· 38 38 call 772f; \ 39 39 773: /* speculation trap */ \ 40 40 pause; \ 41 + lfence; \ 41 42 jmp 773b; \ 42 43 772: \ 43 44 call 774f; \ 44 45 775: /* speculation trap */ \ 45 46 pause; \ 47 + lfence; \ 46 48 jmp 775b; \ 47 49 774: \ 48 50 dec reg; \ ··· 75 73 call .Ldo_rop_\@ 76 74 .Lspec_trap_\@: 77 75 pause 76 + lfence 78 77 jmp .Lspec_trap_\@ 79 78 .Ldo_rop_\@: 80 79 mov \reg, (%_ASM_SP) ··· 168 165 " .align 16\n" \ 169 166 "901: call 903f;\n" \ 170 167 "902: pause;\n" \ 168 + " lfence;\n" \ 171 169 " jmp 902b;\n" \ 172 170 " .align 16\n" \ 173 171 "903: addl $4, %%esp;\n" \

+49

arch/x86/kernel/apic/apic.c

··· 1286 1286 return APIC_SYMMETRIC_IO; 1287 1287 } 1288 1288 1289 + /* 1290 + * An initial setup of the virtual wire mode. 1291 + */ 1292 + void __init init_bsp_APIC(void) 1293 + { 1294 + unsigned int value; 1295 + 1296 + /* 1297 + * Don't do the setup now if we have a SMP BIOS as the 1298 + * through-I/O-APIC virtual wire mode might be active. 1299 + */ 1300 + if (smp_found_config || !boot_cpu_has(X86_FEATURE_APIC)) 1301 + return; 1302 + 1303 + /* 1304 + * Do not trust the local APIC being empty at bootup. 1305 + */ 1306 + clear_local_APIC(); 1307 + 1308 + /* 1309 + * Enable APIC. 1310 + */ 1311 + value = apic_read(APIC_SPIV); 1312 + value &= ~APIC_VECTOR_MASK; 1313 + value |= APIC_SPIV_APIC_ENABLED; 1314 + 1315 + #ifdef CONFIG_X86_32 1316 + /* This bit is reserved on P4/Xeon and should be cleared */ 1317 + if ((boot_cpu_data.x86_vendor == X86_VENDOR_INTEL) && 1318 + (boot_cpu_data.x86 == 15)) 1319 + value &= ~APIC_SPIV_FOCUS_DISABLED; 1320 + else 1321 + #endif 1322 + value |= APIC_SPIV_FOCUS_DISABLED; 1323 + value |= SPURIOUS_APIC_VECTOR; 1324 + apic_write(APIC_SPIV, value); 1325 + 1326 + /* 1327 + * Set up the virtual wire mode. 1328 + */ 1329 + apic_write(APIC_LVT0, APIC_DM_EXTINT); 1330 + value = APIC_DM_NMI; 1331 + if (!lapic_is_integrated()) /* 82489DX */ 1332 + value |= APIC_LVT_LEVEL_TRIGGER; 1333 + if (apic_extnmi == APIC_EXTNMI_NONE) 1334 + value |= APIC_LVT_MASKED; 1335 + apic_write(APIC_LVT1, value); 1336 + } 1337 + 1289 1338 /* Init the interrupt delivery mode for the BSP */ 1290 1339 void __init apic_intr_mode_init(void) 1291 1340 {

+5 -2

arch/x86/kernel/apic/vector.c

··· 542 542 543 543 err = assign_irq_vector_policy(irqd, info); 544 544 trace_vector_setup(virq + i, false, err); 545 - if (err) 545 + if (err) { 546 + irqd->chip_data = NULL; 547 + free_apic_chip_data(apicd); 546 548 goto error; 549 + } 547 550 } 548 551 549 552 return 0; 550 553 551 554 error: 552 - x86_vector_free_irqs(domain, virq, i + 1); 555 + x86_vector_free_irqs(domain, virq, i); 553 556 return err; 554 557 } 555 558

+36

arch/x86/kernel/cpu/bugs.c

··· 23 23 #include <asm/alternative.h> 24 24 #include <asm/pgtable.h> 25 25 #include <asm/set_memory.h> 26 + #include <asm/intel-family.h> 26 27 27 28 static void __init spectre_v2_select_mitigation(void); 28 29 ··· 156 155 return SPECTRE_V2_CMD_NONE; 157 156 } 158 157 158 + /* Check for Skylake-like CPUs (for RSB handling) */ 159 + static bool __init is_skylake_era(void) 160 + { 161 + if (boot_cpu_data.x86_vendor == X86_VENDOR_INTEL && 162 + boot_cpu_data.x86 == 6) { 163 + switch (boot_cpu_data.x86_model) { 164 + case INTEL_FAM6_SKYLAKE_MOBILE: 165 + case INTEL_FAM6_SKYLAKE_DESKTOP: 166 + case INTEL_FAM6_SKYLAKE_X: 167 + case INTEL_FAM6_KABYLAKE_MOBILE: 168 + case INTEL_FAM6_KABYLAKE_DESKTOP: 169 + return true; 170 + } 171 + } 172 + return false; 173 + } 174 + 159 175 static void __init spectre_v2_select_mitigation(void) 160 176 { 161 177 enum spectre_v2_mitigation_cmd cmd = spectre_v2_parse_cmdline(); ··· 231 213 232 214 spectre_v2_enabled = mode; 233 215 pr_info("%s\n", spectre_v2_strings[mode]); 216 + 217 + /* 218 + * If neither SMEP or KPTI are available, there is a risk of 219 + * hitting userspace addresses in the RSB after a context switch 220 + * from a shallow call stack to a deeper one. To prevent this fill 221 + * the entire RSB, even when using IBRS. 222 + * 223 + * Skylake era CPUs have a separate issue with *underflow* of the 224 + * RSB, when they will predict 'ret' targets from the generic BTB. 225 + * The proper mitigation for this is IBRS. If IBRS is not supported 226 + * or deactivated in favour of retpolines the RSB fill on context 227 + * switch is required. 228 + */ 229 + if ((!boot_cpu_has(X86_FEATURE_PTI) && 230 + !boot_cpu_has(X86_FEATURE_SMEP)) || is_skylake_era()) { 231 + setup_force_cpu_cap(X86_FEATURE_RSB_CTXSW); 232 + pr_info("Filling RSB on context switch\n"); 233 + } 234 234 } 235 235 236 236 #undef pr_fmt

+4 -4

arch/x86/kernel/cpu/intel_rdt.c

··· 525 525 */ 526 526 if (static_branch_unlikely(&rdt_mon_enable_key)) 527 527 rmdir_mondata_subdir_allrdtgrp(r, d->id); 528 - kfree(d->ctrl_val); 529 - kfree(d->rmid_busy_llc); 530 - kfree(d->mbm_total); 531 - kfree(d->mbm_local); 532 528 list_del(&d->list); 533 529 if (is_mbm_enabled()) 534 530 cancel_delayed_work(&d->mbm_over); ··· 541 545 cancel_delayed_work(&d->cqm_limbo); 542 546 } 543 547 548 + kfree(d->ctrl_val); 549 + kfree(d->rmid_busy_llc); 550 + kfree(d->mbm_total); 551 + kfree(d->mbm_local); 544 552 kfree(d); 545 553 return; 546 554 }

-1

arch/x86/kernel/cpu/scattered.c

··· 21 21 static const struct cpuid_bit cpuid_bits[] = { 22 22 { X86_FEATURE_APERFMPERF, CPUID_ECX, 0, 0x00000006, 0 }, 23 23 { X86_FEATURE_EPB, CPUID_ECX, 3, 0x00000006, 0 }, 24 - { X86_FEATURE_INTEL_PT, CPUID_EBX, 25, 0x00000007, 0 }, 25 24 { X86_FEATURE_AVX512_4VNNIW, CPUID_EDX, 2, 0x00000007, 0 }, 26 25 { X86_FEATURE_AVX512_4FMAPS, CPUID_EDX, 3, 0x00000007, 0 }, 27 26 { X86_FEATURE_CAT_L3, CPUID_EBX, 1, 0x00000010, 0 },

+2 -2

arch/x86/kernel/head64.c

··· 157 157 p = fixup_pointer(&phys_base, physaddr); 158 158 *p += load_delta - sme_get_me_mask(); 159 159 160 - /* Encrypt the kernel (if SME is active) */ 161 - sme_encrypt_kernel(); 160 + /* Encrypt the kernel and related (if SME is active) */ 161 + sme_encrypt_kernel(bp); 162 162 163 163 /* 164 164 * Return the SME encryption mask (if SME is active) to be used as a

+6 -6

arch/x86/kernel/idt.c

··· 56 56 * Early traps running on the DEFAULT_STACK because the other interrupt 57 57 * stacks work only after cpu_init(). 58 58 */ 59 - static const __initdata struct idt_data early_idts[] = { 59 + static const __initconst struct idt_data early_idts[] = { 60 60 INTG(X86_TRAP_DB, debug), 61 61 SYSG(X86_TRAP_BP, int3), 62 62 #ifdef CONFIG_X86_32 ··· 70 70 * the traps which use them are reinitialized with IST after cpu_init() has 71 71 * set up TSS. 72 72 */ 73 - static const __initdata struct idt_data def_idts[] = { 73 + static const __initconst struct idt_data def_idts[] = { 74 74 INTG(X86_TRAP_DE, divide_error), 75 75 INTG(X86_TRAP_NMI, nmi), 76 76 INTG(X86_TRAP_BR, bounds), ··· 108 108 /* 109 109 * The APIC and SMP idt entries 110 110 */ 111 - static const __initdata struct idt_data apic_idts[] = { 111 + static const __initconst struct idt_data apic_idts[] = { 112 112 #ifdef CONFIG_SMP 113 113 INTG(RESCHEDULE_VECTOR, reschedule_interrupt), 114 114 INTG(CALL_FUNCTION_VECTOR, call_function_interrupt), ··· 150 150 * Early traps running on the DEFAULT_STACK because the other interrupt 151 151 * stacks work only after cpu_init(). 152 152 */ 153 - static const __initdata struct idt_data early_pf_idts[] = { 153 + static const __initconst struct idt_data early_pf_idts[] = { 154 154 INTG(X86_TRAP_PF, page_fault), 155 155 }; 156 156 ··· 158 158 * Override for the debug_idt. Same as the default, but with interrupt 159 159 * stack set to DEFAULT_STACK (0). Required for NMI trap handling. 160 160 */ 161 - static const __initdata struct idt_data dbg_idts[] = { 161 + static const __initconst struct idt_data dbg_idts[] = { 162 162 INTG(X86_TRAP_DB, debug), 163 163 INTG(X86_TRAP_BP, int3), 164 164 }; ··· 180 180 * The exceptions which use Interrupt stacks. They are setup after 181 181 * cpu_init() when the TSS has been initialized. 182 182 */ 183 - static const __initdata struct idt_data ist_idts[] = { 183 + static const __initconst struct idt_data ist_idts[] = { 184 184 ISTG(X86_TRAP_DB, debug, DEBUG_STACK), 185 185 ISTG(X86_TRAP_NMI, nmi, NMI_STACK), 186 186 SISTG(X86_TRAP_BP, int3, DEBUG_STACK),

+3

arch/x86/kernel/irqinit.c

··· 61 61 struct irq_chip *chip = legacy_pic->chip; 62 62 int i; 63 63 64 + #if defined(CONFIG_X86_64) || defined(CONFIG_X86_LOCAL_APIC) 65 + init_bsp_APIC(); 66 + #endif 64 67 legacy_pic->init(0); 65 68 66 69 for (i = 0; i < nr_legacy_irqs(); i++)

-10

arch/x86/kernel/setup.c

··· 364 364 !ramdisk_image || !ramdisk_size) 365 365 return; /* No initrd provided by bootloader */ 366 366 367 - /* 368 - * If SME is active, this memory will be marked encrypted by the 369 - * kernel when it is accessed (including relocation). However, the 370 - * ramdisk image was loaded decrypted by the bootloader, so make 371 - * sure that it is encrypted before accessing it. For SEV the 372 - * ramdisk will already be encrypted, so only do this for SME. 373 - */ 374 - if (sme_active()) 375 - sme_early_encrypt(ramdisk_image, ramdisk_end - ramdisk_image); 376 - 377 367 initrd_start = 0; 378 368 379 369 mapped_size = memblock_mem_size(max_pfn_mapped);

+8 -1

arch/x86/kernel/tsc.c

··· 602 602 case INTEL_FAM6_KABYLAKE_DESKTOP: 603 603 crystal_khz = 24000; /* 24.0 MHz */ 604 604 break; 605 - case INTEL_FAM6_SKYLAKE_X: 606 605 case INTEL_FAM6_ATOM_DENVERTON: 607 606 crystal_khz = 25000; /* 25.0 MHz */ 608 607 break; ··· 611 612 } 612 613 } 613 614 615 + if (crystal_khz == 0) 616 + return 0; 614 617 /* 615 618 * TSC frequency determined by CPUID is a "hardware reported" 616 619 * frequency and is the most accurate one so far we have. This ··· 1315 1314 pr_info("Detected %lu.%03lu MHz processor\n", 1316 1315 (unsigned long)cpu_khz / 1000, 1317 1316 (unsigned long)cpu_khz % 1000); 1317 + 1318 + if (cpu_khz != tsc_khz) { 1319 + pr_info("Detected %lu.%03lu MHz TSC", 1320 + (unsigned long)tsc_khz / 1000, 1321 + (unsigned long)tsc_khz % 1000); 1322 + } 1318 1323 1319 1324 /* Sanitize TSC ADJUST before cyc2ns gets initialized */ 1320 1325 tsc_store_and_check_tsc_adjust(true);

+4 -3

arch/x86/mm/fault.c

··· 172 172 * 6. T1 : reaches here, sees vma_pkey(vma)=5, when we really 173 173 * faulted on a pte with its pkey=4. 174 174 */ 175 - static void fill_sig_info_pkey(int si_code, siginfo_t *info, u32 *pkey) 175 + static void fill_sig_info_pkey(int si_signo, int si_code, siginfo_t *info, 176 + u32 *pkey) 176 177 { 177 178 /* This is effectively an #ifdef */ 178 179 if (!boot_cpu_has(X86_FEATURE_OSPKE)) 179 180 return; 180 181 181 182 /* Fault not from Protection Keys: nothing to do */ 182 - if (si_code != SEGV_PKUERR) 183 + if ((si_code != SEGV_PKUERR) || (si_signo != SIGSEGV)) 183 184 return; 184 185 /* 185 186 * force_sig_info_fault() is called from a number of ··· 219 218 lsb = PAGE_SHIFT; 220 219 info.si_addr_lsb = lsb; 221 220 222 - fill_sig_info_pkey(si_code, &info, pkey); 221 + fill_sig_info_pkey(si_signo, si_code, &info, pkey); 223 222 224 223 force_sig_info(si_signo, &info, tsk); 225 224 }

+14 -10

arch/x86/mm/kasan_init_64.c

··· 21 21 22 22 static p4d_t tmp_p4d_table[PTRS_PER_P4D] __initdata __aligned(PAGE_SIZE); 23 23 24 - static __init void *early_alloc(size_t size, int nid) 24 + static __init void *early_alloc(size_t size, int nid, bool panic) 25 25 { 26 - return memblock_virt_alloc_try_nid_nopanic(size, size, 27 - __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); 26 + if (panic) 27 + return memblock_virt_alloc_try_nid(size, size, 28 + __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); 29 + else 30 + return memblock_virt_alloc_try_nid_nopanic(size, size, 31 + __pa(MAX_DMA_ADDRESS), BOOTMEM_ALLOC_ACCESSIBLE, nid); 28 32 } 29 33 30 34 static void __init kasan_populate_pmd(pmd_t *pmd, unsigned long addr, ··· 42 38 if (boot_cpu_has(X86_FEATURE_PSE) && 43 39 ((end - addr) == PMD_SIZE) && 44 40 IS_ALIGNED(addr, PMD_SIZE)) { 45 - p = early_alloc(PMD_SIZE, nid); 41 + p = early_alloc(PMD_SIZE, nid, false); 46 42 if (p && pmd_set_huge(pmd, __pa(p), PAGE_KERNEL)) 47 43 return; 48 44 else if (p) 49 45 memblock_free(__pa(p), PMD_SIZE); 50 46 } 51 47 52 - p = early_alloc(PAGE_SIZE, nid); 48 + p = early_alloc(PAGE_SIZE, nid, true); 53 49 pmd_populate_kernel(&init_mm, pmd, p); 54 50 } 55 51 ··· 61 57 if (!pte_none(*pte)) 62 58 continue; 63 59 64 - p = early_alloc(PAGE_SIZE, nid); 60 + p = early_alloc(PAGE_SIZE, nid, true); 65 61 entry = pfn_pte(PFN_DOWN(__pa(p)), PAGE_KERNEL); 66 62 set_pte_at(&init_mm, addr, pte, entry); 67 63 } while (pte++, addr += PAGE_SIZE, addr != end); ··· 79 75 if (boot_cpu_has(X86_FEATURE_GBPAGES) && 80 76 ((end - addr) == PUD_SIZE) && 81 77 IS_ALIGNED(addr, PUD_SIZE)) { 82 - p = early_alloc(PUD_SIZE, nid); 78 + p = early_alloc(PUD_SIZE, nid, false); 83 79 if (p && pud_set_huge(pud, __pa(p), PAGE_KERNEL)) 84 80 return; 85 81 else if (p) 86 82 memblock_free(__pa(p), PUD_SIZE); 87 83 } 88 84 89 - p = early_alloc(PAGE_SIZE, nid); 85 + p = early_alloc(PAGE_SIZE, nid, true); 90 86 pud_populate(&init_mm, pud, p); 91 87 } 92 88 ··· 105 101 unsigned long next; 106 102 107 103 if (p4d_none(*p4d)) { 108 - void *p = early_alloc(PAGE_SIZE, nid); 104 + void *p = early_alloc(PAGE_SIZE, nid, true); 109 105 110 106 p4d_populate(&init_mm, p4d, p); 111 107 } ··· 126 122 unsigned long next; 127 123 128 124 if (pgd_none(*pgd)) { 129 - p = early_alloc(PAGE_SIZE, nid); 125 + p = early_alloc(PAGE_SIZE, nid, true); 130 126 pgd_populate(&init_mm, pgd, p); 131 127 } 132 128

+261 -97

arch/x86/mm/mem_encrypt.c

··· 464 464 set_memory_decrypted((unsigned long)vaddr, size >> PAGE_SHIFT); 465 465 } 466 466 467 - static void __init sme_clear_pgd(pgd_t *pgd_base, unsigned long start, 468 - unsigned long end) 467 + struct sme_populate_pgd_data { 468 + void *pgtable_area; 469 + pgd_t *pgd; 470 + 471 + pmdval_t pmd_flags; 472 + pteval_t pte_flags; 473 + unsigned long paddr; 474 + 475 + unsigned long vaddr; 476 + unsigned long vaddr_end; 477 + }; 478 + 479 + static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd) 469 480 { 470 481 unsigned long pgd_start, pgd_end, pgd_size; 471 482 pgd_t *pgd_p; 472 483 473 - pgd_start = start & PGDIR_MASK; 474 - pgd_end = end & PGDIR_MASK; 484 + pgd_start = ppd->vaddr & PGDIR_MASK; 485 + pgd_end = ppd->vaddr_end & PGDIR_MASK; 475 486 476 - pgd_size = (((pgd_end - pgd_start) / PGDIR_SIZE) + 1); 477 - pgd_size *= sizeof(pgd_t); 487 + pgd_size = (((pgd_end - pgd_start) / PGDIR_SIZE) + 1) * sizeof(pgd_t); 478 488 479 - pgd_p = pgd_base + pgd_index(start); 489 + pgd_p = ppd->pgd + pgd_index(ppd->vaddr); 480 490 481 491 memset(pgd_p, 0, pgd_size); 482 492 } 483 493 484 - #define PGD_FLAGS _KERNPG_TABLE_NOENC 485 - #define P4D_FLAGS _KERNPG_TABLE_NOENC 486 - #define PUD_FLAGS _KERNPG_TABLE_NOENC 487 - #define PMD_FLAGS (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) 494 + #define PGD_FLAGS _KERNPG_TABLE_NOENC 495 + #define P4D_FLAGS _KERNPG_TABLE_NOENC 496 + #define PUD_FLAGS _KERNPG_TABLE_NOENC 497 + #define PMD_FLAGS _KERNPG_TABLE_NOENC 488 498 489 - static void __init *sme_populate_pgd(pgd_t *pgd_base, void *pgtable_area, 490 - unsigned long vaddr, pmdval_t pmd_val) 499 + #define PMD_FLAGS_LARGE (__PAGE_KERNEL_LARGE_EXEC & ~_PAGE_GLOBAL) 500 + 501 + #define PMD_FLAGS_DEC PMD_FLAGS_LARGE 502 + #define PMD_FLAGS_DEC_WP ((PMD_FLAGS_DEC & ~_PAGE_CACHE_MASK) | \ 503 + (_PAGE_PAT | _PAGE_PWT)) 504 + 505 + #define PMD_FLAGS_ENC (PMD_FLAGS_LARGE | _PAGE_ENC) 506 + 507 + #define PTE_FLAGS (__PAGE_KERNEL_EXEC & ~_PAGE_GLOBAL) 508 + 509 + #define PTE_FLAGS_DEC PTE_FLAGS 510 + #define PTE_FLAGS_DEC_WP ((PTE_FLAGS_DEC & ~_PAGE_CACHE_MASK) | \ 511 + (_PAGE_PAT | _PAGE_PWT)) 512 + 513 + #define PTE_FLAGS_ENC (PTE_FLAGS | _PAGE_ENC) 514 + 515 + static pmd_t __init *sme_prepare_pgd(struct sme_populate_pgd_data *ppd) 491 516 { 492 517 pgd_t *pgd_p; 493 518 p4d_t *p4d_p; 494 519 pud_t *pud_p; 495 520 pmd_t *pmd_p; 496 521 497 - pgd_p = pgd_base + pgd_index(vaddr); 522 + pgd_p = ppd->pgd + pgd_index(ppd->vaddr); 498 523 if (native_pgd_val(*pgd_p)) { 499 524 if (IS_ENABLED(CONFIG_X86_5LEVEL)) 500 525 p4d_p = (p4d_t *)(native_pgd_val(*pgd_p) & ~PTE_FLAGS_MASK); ··· 529 504 pgd_t pgd; 530 505 531 506 if (IS_ENABLED(CONFIG_X86_5LEVEL)) { 532 - p4d_p = pgtable_area; 507 + p4d_p = ppd->pgtable_area; 533 508 memset(p4d_p, 0, sizeof(*p4d_p) * PTRS_PER_P4D); 534 - pgtable_area += sizeof(*p4d_p) * PTRS_PER_P4D; 509 + ppd->pgtable_area += sizeof(*p4d_p) * PTRS_PER_P4D; 535 510 536 511 pgd = native_make_pgd((pgdval_t)p4d_p + PGD_FLAGS); 537 512 } else { 538 - pud_p = pgtable_area; 513 + pud_p = ppd->pgtable_area; 539 514 memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD); 540 - pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; 515 + ppd->pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; 541 516 542 517 pgd = native_make_pgd((pgdval_t)pud_p + PGD_FLAGS); 543 518 } ··· 545 520 } 546 521 547 522 if (IS_ENABLED(CONFIG_X86_5LEVEL)) { 548 - p4d_p += p4d_index(vaddr); 523 + p4d_p += p4d_index(ppd->vaddr); 549 524 if (native_p4d_val(*p4d_p)) { 550 525 pud_p = (pud_t *)(native_p4d_val(*p4d_p) & ~PTE_FLAGS_MASK); 551 526 } else { 552 527 p4d_t p4d; 553 528 554 - pud_p = pgtable_area; 529 + pud_p = ppd->pgtable_area; 555 530 memset(pud_p, 0, sizeof(*pud_p) * PTRS_PER_PUD); 556 - pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; 531 + ppd->pgtable_area += sizeof(*pud_p) * PTRS_PER_PUD; 557 532 558 533 p4d = native_make_p4d((pudval_t)pud_p + P4D_FLAGS); 559 534 native_set_p4d(p4d_p, p4d); 560 535 } 561 536 } 562 537 563 - pud_p += pud_index(vaddr); 538 + pud_p += pud_index(ppd->vaddr); 564 539 if (native_pud_val(*pud_p)) { 565 540 if (native_pud_val(*pud_p) & _PAGE_PSE) 566 - goto out; 541 + return NULL; 567 542 568 543 pmd_p = (pmd_t *)(native_pud_val(*pud_p) & ~PTE_FLAGS_MASK); 569 544 } else { 570 545 pud_t pud; 571 546 572 - pmd_p = pgtable_area; 547 + pmd_p = ppd->pgtable_area; 573 548 memset(pmd_p, 0, sizeof(*pmd_p) * PTRS_PER_PMD); 574 - pgtable_area += sizeof(*pmd_p) * PTRS_PER_PMD; 549 + ppd->pgtable_area += sizeof(*pmd_p) * PTRS_PER_PMD; 575 550 576 551 pud = native_make_pud((pmdval_t)pmd_p + PUD_FLAGS); 577 552 native_set_pud(pud_p, pud); 578 553 } 579 554 580 - pmd_p += pmd_index(vaddr); 581 - if (!native_pmd_val(*pmd_p) || !(native_pmd_val(*pmd_p) & _PAGE_PSE)) 582 - native_set_pmd(pmd_p, native_make_pmd(pmd_val)); 555 + return pmd_p; 556 + } 583 557 584 - out: 585 - return pgtable_area; 558 + static void __init sme_populate_pgd_large(struct sme_populate_pgd_data *ppd) 559 + { 560 + pmd_t *pmd_p; 561 + 562 + pmd_p = sme_prepare_pgd(ppd); 563 + if (!pmd_p) 564 + return; 565 + 566 + pmd_p += pmd_index(ppd->vaddr); 567 + if (!native_pmd_val(*pmd_p) || !(native_pmd_val(*pmd_p) & _PAGE_PSE)) 568 + native_set_pmd(pmd_p, native_make_pmd(ppd->paddr | ppd->pmd_flags)); 569 + } 570 + 571 + static void __init sme_populate_pgd(struct sme_populate_pgd_data *ppd) 572 + { 573 + pmd_t *pmd_p; 574 + pte_t *pte_p; 575 + 576 + pmd_p = sme_prepare_pgd(ppd); 577 + if (!pmd_p) 578 + return; 579 + 580 + pmd_p += pmd_index(ppd->vaddr); 581 + if (native_pmd_val(*pmd_p)) { 582 + if (native_pmd_val(*pmd_p) & _PAGE_PSE) 583 + return; 584 + 585 + pte_p = (pte_t *)(native_pmd_val(*pmd_p) & ~PTE_FLAGS_MASK); 586 + } else { 587 + pmd_t pmd; 588 + 589 + pte_p = ppd->pgtable_area; 590 + memset(pte_p, 0, sizeof(*pte_p) * PTRS_PER_PTE); 591 + ppd->pgtable_area += sizeof(*pte_p) * PTRS_PER_PTE; 592 + 593 + pmd = native_make_pmd((pteval_t)pte_p + PMD_FLAGS); 594 + native_set_pmd(pmd_p, pmd); 595 + } 596 + 597 + pte_p += pte_index(ppd->vaddr); 598 + if (!native_pte_val(*pte_p)) 599 + native_set_pte(pte_p, native_make_pte(ppd->paddr | ppd->pte_flags)); 600 + } 601 + 602 + static void __init __sme_map_range_pmd(struct sme_populate_pgd_data *ppd) 603 + { 604 + while (ppd->vaddr < ppd->vaddr_end) { 605 + sme_populate_pgd_large(ppd); 606 + 607 + ppd->vaddr += PMD_PAGE_SIZE; 608 + ppd->paddr += PMD_PAGE_SIZE; 609 + } 610 + } 611 + 612 + static void __init __sme_map_range_pte(struct sme_populate_pgd_data *ppd) 613 + { 614 + while (ppd->vaddr < ppd->vaddr_end) { 615 + sme_populate_pgd(ppd); 616 + 617 + ppd->vaddr += PAGE_SIZE; 618 + ppd->paddr += PAGE_SIZE; 619 + } 620 + } 621 + 622 + static void __init __sme_map_range(struct sme_populate_pgd_data *ppd, 623 + pmdval_t pmd_flags, pteval_t pte_flags) 624 + { 625 + unsigned long vaddr_end; 626 + 627 + ppd->pmd_flags = pmd_flags; 628 + ppd->pte_flags = pte_flags; 629 + 630 + /* Save original end value since we modify the struct value */ 631 + vaddr_end = ppd->vaddr_end; 632 + 633 + /* If start is not 2MB aligned, create PTE entries */ 634 + ppd->vaddr_end = ALIGN(ppd->vaddr, PMD_PAGE_SIZE); 635 + __sme_map_range_pte(ppd); 636 + 637 + /* Create PMD entries */ 638 + ppd->vaddr_end = vaddr_end & PMD_PAGE_MASK; 639 + __sme_map_range_pmd(ppd); 640 + 641 + /* If end is not 2MB aligned, create PTE entries */ 642 + ppd->vaddr_end = vaddr_end; 643 + __sme_map_range_pte(ppd); 644 + } 645 + 646 + static void __init sme_map_range_encrypted(struct sme_populate_pgd_data *ppd) 647 + { 648 + __sme_map_range(ppd, PMD_FLAGS_ENC, PTE_FLAGS_ENC); 649 + } 650 + 651 + static void __init sme_map_range_decrypted(struct sme_populate_pgd_data *ppd) 652 + { 653 + __sme_map_range(ppd, PMD_FLAGS_DEC, PTE_FLAGS_DEC); 654 + } 655 + 656 + static void __init sme_map_range_decrypted_wp(struct sme_populate_pgd_data *ppd) 657 + { 658 + __sme_map_range(ppd, PMD_FLAGS_DEC_WP, PTE_FLAGS_DEC_WP); 586 659 } 587 660 588 661 static unsigned long __init sme_pgtable_calc(unsigned long len) 589 662 { 590 - unsigned long p4d_size, pud_size, pmd_size; 663 + unsigned long p4d_size, pud_size, pmd_size, pte_size; 591 664 unsigned long total; 592 665 593 666 /* 594 667 * Perform a relatively simplistic calculation of the pagetable 595 - * entries that are needed. That mappings will be covered by 2MB 596 - * PMD entries so we can conservatively calculate the required 668 + * entries that are needed. Those mappings will be covered mostly 669 + * by 2MB PMD entries so we can conservatively calculate the required 597 670 * number of P4D, PUD and PMD structures needed to perform the 598 - * mappings. Incrementing the count for each covers the case where 599 - * the addresses cross entries. 671 + * mappings. For mappings that are not 2MB aligned, PTE mappings 672 + * would be needed for the start and end portion of the address range 673 + * that fall outside of the 2MB alignment. This results in, at most, 674 + * two extra pages to hold PTE entries for each range that is mapped. 675 + * Incrementing the count for each covers the case where the addresses 676 + * cross entries. 600 677 */ 601 678 if (IS_ENABLED(CONFIG_X86_5LEVEL)) { 602 679 p4d_size = (ALIGN(len, PGDIR_SIZE) / PGDIR_SIZE) + 1; ··· 712 585 } 713 586 pmd_size = (ALIGN(len, PUD_SIZE) / PUD_SIZE) + 1; 714 587 pmd_size *= sizeof(pmd_t) * PTRS_PER_PMD; 588 + pte_size = 2 * sizeof(pte_t) * PTRS_PER_PTE; 715 589 716 - total = p4d_size + pud_size + pmd_size; 590 + total = p4d_size + pud_size + pmd_size + pte_size; 717 591 718 592 /* 719 593 * Now calculate the added pagetable structures needed to populate ··· 738 610 return total; 739 611 } 740 612 741 - void __init sme_encrypt_kernel(void) 613 + void __init sme_encrypt_kernel(struct boot_params *bp) 742 614 { 743 615 unsigned long workarea_start, workarea_end, workarea_len; 744 616 unsigned long execute_start, execute_end, execute_len; 745 617 unsigned long kernel_start, kernel_end, kernel_len; 618 + unsigned long initrd_start, initrd_end, initrd_len; 619 + struct sme_populate_pgd_data ppd; 746 620 unsigned long pgtable_area_len; 747 - unsigned long paddr, pmd_flags; 748 621 unsigned long decrypted_base; 749 - void *pgtable_area; 750 - pgd_t *pgd; 751 622 752 623 if (!sme_active()) 753 624 return; 754 625 755 626 /* 756 - * Prepare for encrypting the kernel by building new pagetables with 757 - * the necessary attributes needed to encrypt the kernel in place. 627 + * Prepare for encrypting the kernel and initrd by building new 628 + * pagetables with the necessary attributes needed to encrypt the 629 + * kernel in place. 758 630 * 759 631 * One range of virtual addresses will map the memory occupied 760 - * by the kernel as encrypted. 632 + * by the kernel and initrd as encrypted. 761 633 * 762 634 * Another range of virtual addresses will map the memory occupied 763 - * by the kernel as decrypted and write-protected. 635 + * by the kernel and initrd as decrypted and write-protected. 764 636 * 765 637 * The use of write-protect attribute will prevent any of the 766 638 * memory from being cached. ··· 770 642 kernel_start = __pa_symbol(_text); 771 643 kernel_end = ALIGN(__pa_symbol(_end), PMD_PAGE_SIZE); 772 644 kernel_len = kernel_end - kernel_start; 645 + 646 + initrd_start = 0; 647 + initrd_end = 0; 648 + initrd_len = 0; 649 + #ifdef CONFIG_BLK_DEV_INITRD 650 + initrd_len = (unsigned long)bp->hdr.ramdisk_size | 651 + ((unsigned long)bp->ext_ramdisk_size << 32); 652 + if (initrd_len) { 653 + initrd_start = (unsigned long)bp->hdr.ramdisk_image | 654 + ((unsigned long)bp->ext_ramdisk_image << 32); 655 + initrd_end = PAGE_ALIGN(initrd_start + initrd_len); 656 + initrd_len = initrd_end - initrd_start; 657 + } 658 + #endif 773 659 774 660 /* Set the encryption workarea to be immediately after the kernel */ 775 661 workarea_start = kernel_end; ··· 807 665 */ 808 666 pgtable_area_len = sizeof(pgd_t) * PTRS_PER_PGD; 809 667 pgtable_area_len += sme_pgtable_calc(execute_end - kernel_start) * 2; 668 + if (initrd_len) 669 + pgtable_area_len += sme_pgtable_calc(initrd_len) * 2; 810 670 811 671 /* PUDs and PMDs needed in the current pagetables for the workarea */ 812 672 pgtable_area_len += sme_pgtable_calc(execute_len + pgtable_area_len); 813 673 814 674 /* 815 675 * The total workarea includes the executable encryption area and 816 - * the pagetable area. 676 + * the pagetable area. The start of the workarea is already 2MB 677 + * aligned, align the end of the workarea on a 2MB boundary so that 678 + * we don't try to create/allocate PTE entries from the workarea 679 + * before it is mapped. 817 680 */ 818 681 workarea_len = execute_len + pgtable_area_len; 819 - workarea_end = workarea_start + workarea_len; 682 + workarea_end = ALIGN(workarea_start + workarea_len, PMD_PAGE_SIZE); 820 683 821 684 /* 822 685 * Set the address to the start of where newly created pagetable ··· 830 683 * pagetables and when the new encrypted and decrypted kernel 831 684 * mappings are populated. 832 685 */ 833 - pgtable_area = (void *)execute_end; 686 + ppd.pgtable_area = (void *)execute_end; 834 687 835 688 /* 836 689 * Make sure the current pagetable structure has entries for 837 690 * addressing the workarea. 838 691 */ 839 - pgd = (pgd_t *)native_read_cr3_pa(); 840 - paddr = workarea_start; 841 - while (paddr < workarea_end) { 842 - pgtable_area = sme_populate_pgd(pgd, pgtable_area, 843 - paddr, 844 - paddr + PMD_FLAGS); 845 - 846 - paddr += PMD_PAGE_SIZE; 847 - } 692 + ppd.pgd = (pgd_t *)native_read_cr3_pa(); 693 + ppd.paddr = workarea_start; 694 + ppd.vaddr = workarea_start; 695 + ppd.vaddr_end = workarea_end; 696 + sme_map_range_decrypted(&ppd); 848 697 849 698 /* Flush the TLB - no globals so cr3 is enough */ 850 699 native_write_cr3(__native_read_cr3()); 851 700 852 701 /* 853 702 * A new pagetable structure is being built to allow for the kernel 854 - * to be encrypted. It starts with an empty PGD that will then be 855 - * populated with new PUDs and PMDs as the encrypted and decrypted 856 - * kernel mappings are created. 703 + * and initrd to be encrypted. It starts with an empty PGD that will 704 + * then be populated with new PUDs and PMDs as the encrypted and 705 + * decrypted kernel mappings are created. 857 706 */ 858 - pgd = pgtable_area; 859 - memset(pgd, 0, sizeof(*pgd) * PTRS_PER_PGD); 860 - pgtable_area += sizeof(*pgd) * PTRS_PER_PGD; 861 - 862 - /* Add encrypted kernel (identity) mappings */ 863 - pmd_flags = PMD_FLAGS | _PAGE_ENC; 864 - paddr = kernel_start; 865 - while (paddr < kernel_end) { 866 - pgtable_area = sme_populate_pgd(pgd, pgtable_area, 867 - paddr, 868 - paddr + pmd_flags); 869 - 870 - paddr += PMD_PAGE_SIZE; 871 - } 707 + ppd.pgd = ppd.pgtable_area; 708 + memset(ppd.pgd, 0, sizeof(pgd_t) * PTRS_PER_PGD); 709 + ppd.pgtable_area += sizeof(pgd_t) * PTRS_PER_PGD; 872 710 873 711 /* 874 712 * A different PGD index/entry must be used to get different ··· 862 730 * the base of the mapping. 863 731 */ 864 732 decrypted_base = (pgd_index(workarea_end) + 1) & (PTRS_PER_PGD - 1); 733 + if (initrd_len) { 734 + unsigned long check_base; 735 + 736 + check_base = (pgd_index(initrd_end) + 1) & (PTRS_PER_PGD - 1); 737 + decrypted_base = max(decrypted_base, check_base); 738 + } 865 739 decrypted_base <<= PGDIR_SHIFT; 866 740 867 - /* Add decrypted, write-protected kernel (non-identity) mappings */ 868 - pmd_flags = (PMD_FLAGS & ~_PAGE_CACHE_MASK) | (_PAGE_PAT | _PAGE_PWT); 869 - paddr = kernel_start; 870 - while (paddr < kernel_end) { 871 - pgtable_area = sme_populate_pgd(pgd, pgtable_area, 872 - paddr + decrypted_base, 873 - paddr + pmd_flags); 741 + /* Add encrypted kernel (identity) mappings */ 742 + ppd.paddr = kernel_start; 743 + ppd.vaddr = kernel_start; 744 + ppd.vaddr_end = kernel_end; 745 + sme_map_range_encrypted(&ppd); 874 746 875 - paddr += PMD_PAGE_SIZE; 747 + /* Add decrypted, write-protected kernel (non-identity) mappings */ 748 + ppd.paddr = kernel_start; 749 + ppd.vaddr = kernel_start + decrypted_base; 750 + ppd.vaddr_end = kernel_end + decrypted_base; 751 + sme_map_range_decrypted_wp(&ppd); 752 + 753 + if (initrd_len) { 754 + /* Add encrypted initrd (identity) mappings */ 755 + ppd.paddr = initrd_start; 756 + ppd.vaddr = initrd_start; 757 + ppd.vaddr_end = initrd_end; 758 + sme_map_range_encrypted(&ppd); 759 + /* 760 + * Add decrypted, write-protected initrd (non-identity) mappings 761 + */ 762 + ppd.paddr = initrd_start; 763 + ppd.vaddr = initrd_start + decrypted_base; 764 + ppd.vaddr_end = initrd_end + decrypted_base; 765 + sme_map_range_decrypted_wp(&ppd); 876 766 } 877 767 878 768 /* Add decrypted workarea mappings to both kernel mappings */ 879 - paddr = workarea_start; 880 - while (paddr < workarea_end) { 881 - pgtable_area = sme_populate_pgd(pgd, pgtable_area, 882 - paddr, 883 - paddr + PMD_FLAGS); 769 + ppd.paddr = workarea_start; 770 + ppd.vaddr = workarea_start; 771 + ppd.vaddr_end = workarea_end; 772 + sme_map_range_decrypted(&ppd); 884 773 885 - pgtable_area = sme_populate_pgd(pgd, pgtable_area, 886 - paddr + decrypted_base, 887 - paddr + PMD_FLAGS); 888 - 889 - paddr += PMD_PAGE_SIZE; 890 - } 774 + ppd.paddr = workarea_start; 775 + ppd.vaddr = workarea_start + decrypted_base; 776 + ppd.vaddr_end = workarea_end + decrypted_base; 777 + sme_map_range_decrypted(&ppd); 891 778 892 779 /* Perform the encryption */ 893 780 sme_encrypt_execute(kernel_start, kernel_start + decrypted_base, 894 - kernel_len, workarea_start, (unsigned long)pgd); 781 + kernel_len, workarea_start, (unsigned long)ppd.pgd); 782 + 783 + if (initrd_len) 784 + sme_encrypt_execute(initrd_start, initrd_start + decrypted_base, 785 + initrd_len, workarea_start, 786 + (unsigned long)ppd.pgd); 895 787 896 788 /* 897 789 * At this point we are running encrypted. Remove the mappings for 898 790 * the decrypted areas - all that is needed for this is to remove 899 791 * the PGD entry/entries. 900 792 */ 901 - sme_clear_pgd(pgd, kernel_start + decrypted_base, 902 - kernel_end + decrypted_base); 793 + ppd.vaddr = kernel_start + decrypted_base; 794 + ppd.vaddr_end = kernel_end + decrypted_base; 795 + sme_clear_pgd(&ppd); 903 796 904 - sme_clear_pgd(pgd, workarea_start + decrypted_base, 905 - workarea_end + decrypted_base); 797 + if (initrd_len) { 798 + ppd.vaddr = initrd_start + decrypted_base; 799 + ppd.vaddr_end = initrd_end + decrypted_base; 800 + sme_clear_pgd(&ppd); 801 + } 802 + 803 + ppd.vaddr = workarea_start + decrypted_base; 804 + ppd.vaddr_end = workarea_end + decrypted_base; 805 + sme_clear_pgd(&ppd); 906 806 907 807 /* Flush the TLB - no globals so cr3 is enough */ 908 808 native_write_cr3(__native_read_cr3());

+44 -36

arch/x86/mm/mem_encrypt_boot.S

··· 22 22 23 23 /* 24 24 * Entry parameters: 25 - * RDI - virtual address for the encrypted kernel mapping 26 - * RSI - virtual address for the decrypted kernel mapping 27 - * RDX - length of kernel 25 + * RDI - virtual address for the encrypted mapping 26 + * RSI - virtual address for the decrypted mapping 27 + * RDX - length to encrypt 28 28 * RCX - virtual address of the encryption workarea, including: 29 29 * - stack page (PAGE_SIZE) 30 30 * - encryption routine page (PAGE_SIZE) ··· 41 41 addq $PAGE_SIZE, %rax /* Workarea encryption routine */ 42 42 43 43 push %r12 44 - movq %rdi, %r10 /* Encrypted kernel */ 45 - movq %rsi, %r11 /* Decrypted kernel */ 46 - movq %rdx, %r12 /* Kernel length */ 44 + movq %rdi, %r10 /* Encrypted area */ 45 + movq %rsi, %r11 /* Decrypted area */ 46 + movq %rdx, %r12 /* Area length */ 47 47 48 48 /* Copy encryption routine into the workarea */ 49 49 movq %rax, %rdi /* Workarea encryption routine */ ··· 52 52 rep movsb 53 53 54 54 /* Setup registers for call */ 55 - movq %r10, %rdi /* Encrypted kernel */ 56 - movq %r11, %rsi /* Decrypted kernel */ 55 + movq %r10, %rdi /* Encrypted area */ 56 + movq %r11, %rsi /* Decrypted area */ 57 57 movq %r8, %rdx /* Pagetables used for encryption */ 58 - movq %r12, %rcx /* Kernel length */ 58 + movq %r12, %rcx /* Area length */ 59 59 movq %rax, %r8 /* Workarea encryption routine */ 60 60 addq $PAGE_SIZE, %r8 /* Workarea intermediate copy buffer */ 61 61 ··· 71 71 72 72 ENTRY(__enc_copy) 73 73 /* 74 - * Routine used to encrypt kernel. 74 + * Routine used to encrypt memory in place. 75 75 * This routine must be run outside of the kernel proper since 76 76 * the kernel will be encrypted during the process. So this 77 77 * routine is defined here and then copied to an area outside ··· 79 79 * during execution. 80 80 * 81 81 * On entry the registers must be: 82 - * RDI - virtual address for the encrypted kernel mapping 83 - * RSI - virtual address for the decrypted kernel mapping 82 + * RDI - virtual address for the encrypted mapping 83 + * RSI - virtual address for the decrypted mapping 84 84 * RDX - address of the pagetables to use for encryption 85 - * RCX - length of kernel 85 + * RCX - length of area 86 86 * R8 - intermediate copy buffer 87 87 * 88 88 * RAX - points to this routine 89 89 * 90 - * The kernel will be encrypted by copying from the non-encrypted 91 - * kernel space to an intermediate buffer and then copying from the 92 - * intermediate buffer back to the encrypted kernel space. The physical 93 - * addresses of the two kernel space mappings are the same which 94 - * results in the kernel being encrypted "in place". 90 + * The area will be encrypted by copying from the non-encrypted 91 + * memory space to an intermediate buffer and then copying from the 92 + * intermediate buffer back to the encrypted memory space. The physical 93 + * addresses of the two mappings are the same which results in the area 94 + * being encrypted "in place". 95 95 */ 96 96 /* Enable the new page tables */ 97 97 mov %rdx, %cr3 ··· 103 103 orq $X86_CR4_PGE, %rdx 104 104 mov %rdx, %cr4 105 105 106 + push %r15 107 + push %r12 108 + 109 + movq %rcx, %r9 /* Save area length */ 110 + movq %rdi, %r10 /* Save encrypted area address */ 111 + movq %rsi, %r11 /* Save decrypted area address */ 112 + 106 113 /* Set the PAT register PA5 entry to write-protect */ 107 - push %rcx 108 114 movl $MSR_IA32_CR_PAT, %ecx 109 115 rdmsr 110 - push %rdx /* Save original PAT value */ 116 + mov %rdx, %r15 /* Save original PAT value */ 111 117 andl $0xffff00ff, %edx /* Clear PA5 */ 112 118 orl $0x00000500, %edx /* Set PA5 to WP */ 113 119 wrmsr 114 - pop %rdx /* RDX contains original PAT value */ 115 - pop %rcx 116 - 117 - movq %rcx, %r9 /* Save kernel length */ 118 - movq %rdi, %r10 /* Save encrypted kernel address */ 119 - movq %rsi, %r11 /* Save decrypted kernel address */ 120 120 121 121 wbinvd /* Invalidate any cache entries */ 122 122 123 - /* Copy/encrypt 2MB at a time */ 123 + /* Copy/encrypt up to 2MB at a time */ 124 + movq $PMD_PAGE_SIZE, %r12 124 125 1: 125 - movq %r11, %rsi /* Source - decrypted kernel */ 126 + cmpq %r12, %r9 127 + jnb 2f 128 + movq %r9, %r12 129 + 130 + 2: 131 + movq %r11, %rsi /* Source - decrypted area */ 126 132 movq %r8, %rdi /* Dest - intermediate copy buffer */ 127 - movq $PMD_PAGE_SIZE, %rcx /* 2MB length */ 133 + movq %r12, %rcx 128 134 rep movsb 129 135 130 136 movq %r8, %rsi /* Source - intermediate copy buffer */ 131 - movq %r10, %rdi /* Dest - encrypted kernel */ 132 - movq $PMD_PAGE_SIZE, %rcx /* 2MB length */ 137 + movq %r10, %rdi /* Dest - encrypted area */ 138 + movq %r12, %rcx 133 139 rep movsb 134 140 135 - addq $PMD_PAGE_SIZE, %r11 136 - addq $PMD_PAGE_SIZE, %r10 137 - subq $PMD_PAGE_SIZE, %r9 /* Kernel length decrement */ 141 + addq %r12, %r11 142 + addq %r12, %r10 143 + subq %r12, %r9 /* Kernel length decrement */ 138 144 jnz 1b /* Kernel length not zero? */ 139 145 140 146 /* Restore PAT register */ 141 - push %rdx /* Save original PAT value */ 142 147 movl $MSR_IA32_CR_PAT, %ecx 143 148 rdmsr 144 - pop %rdx /* Restore original PAT value */ 149 + mov %r15, %rdx /* Restore original PAT value */ 145 150 wrmsr 151 + 152 + pop %r12 153 + pop %r15 146 154 147 155 ret 148 156 .L__enc_copy_end:

+1

drivers/ata/libata-core.c

··· 4449 4449 * https://bugzilla.kernel.org/show_bug.cgi?id=121671 4450 4450 */ 4451 4451 { "LITEON CX1-JB*-HP", NULL, ATA_HORKAGE_MAX_SEC_1024 }, 4452 + { "LITEON EP1-*", NULL, ATA_HORKAGE_MAX_SEC_1024 }, 4452 4453 4453 4454 /* Devices we expect to fail diagnostics */ 4454 4455

+1 -1

drivers/bcma/Kconfig

··· 55 55 56 56 config BCMA_DRIVER_PCI_HOSTMODE 57 57 bool "Driver for PCI core working in hostmode" 58 - depends on MIPS && BCMA_DRIVER_PCI 58 + depends on MIPS && BCMA_DRIVER_PCI && PCI_DRIVERS_LEGACY 59 59 help 60 60 PCI core hostmode operation (external PCI bus). 61 61

+16 -14

drivers/gpio/gpio-mmio.c

··· 152 152 { 153 153 unsigned long get_mask = 0; 154 154 unsigned long set_mask = 0; 155 - int bit = 0; 156 155 157 - while ((bit = find_next_bit(mask, gc->ngpio, bit)) != gc->ngpio) { 158 - if (gc->bgpio_dir & BIT(bit)) 159 - set_mask |= BIT(bit); 160 - else 161 - get_mask |= BIT(bit); 162 - } 156 + /* Make sure we first clear any bits that are zero when we read the register */ 157 + *bits &= ~*mask; 158 + 159 + /* Exploit the fact that we know which directions are set */ 160 + set_mask = *mask & gc->bgpio_dir; 161 + get_mask = *mask & ~gc->bgpio_dir; 163 162 164 163 if (set_mask) 165 164 *bits |= gc->read_reg(gc->reg_set) & set_mask; ··· 175 176 176 177 /* 177 178 * This only works if the bits in the GPIO register are in native endianness. 178 - * It is dirt simple and fast in this case. (Also the most common case.) 179 179 */ 180 180 static int bgpio_get_multiple(struct gpio_chip *gc, unsigned long *mask, 181 181 unsigned long *bits) 182 182 { 183 - 184 - *bits = gc->read_reg(gc->reg_dat) & *mask; 183 + /* Make sure we first clear any bits that are zero when we read the register */ 184 + *bits &= ~*mask; 185 + *bits |= gc->read_reg(gc->reg_dat) & *mask; 185 186 return 0; 186 187 } 187 188 ··· 195 196 unsigned long val; 196 197 int bit; 197 198 199 + /* Make sure we first clear any bits that are zero when we read the register */ 200 + *bits &= ~*mask; 201 + 198 202 /* Create a mirrored mask */ 199 - bit = 0; 200 - while ((bit = find_next_bit(mask, gc->ngpio, bit)) != gc->ngpio) 203 + bit = -1; 204 + while ((bit = find_next_bit(mask, gc->ngpio, bit + 1)) < gc->ngpio) 201 205 readmask |= bgpio_line2mask(gc, bit); 202 206 203 207 /* Read the register */ ··· 210 208 * Mirror the result into the "bits" result, this will give line 0 211 209 * in bit 0 ... line 31 in bit 31 for a 32bit register. 212 210 */ 213 - bit = 0; 214 - while ((bit = find_next_bit(&val, gc->ngpio, bit)) != gc->ngpio) 211 + bit = -1; 212 + while ((bit = find_next_bit(&val, gc->ngpio, bit + 1)) < gc->ngpio) 215 213 *bits |= bgpio_line2mask(gc, bit); 216 214 217 215 return 0;

+157 -146

drivers/gpu/drm/i915/intel_display.c

··· 1211 1211 pipe_name(pipe)); 1212 1212 } 1213 1213 1214 - static void assert_cursor(struct drm_i915_private *dev_priv, 1215 - enum pipe pipe, bool state) 1216 - { 1217 - bool cur_state; 1218 - 1219 - if (IS_I845G(dev_priv) || IS_I865G(dev_priv)) 1220 - cur_state = I915_READ(CURCNTR(PIPE_A)) & CURSOR_ENABLE; 1221 - else 1222 - cur_state = I915_READ(CURCNTR(pipe)) & CURSOR_MODE; 1223 - 1224 - I915_STATE_WARN(cur_state != state, 1225 - "cursor on pipe %c assertion failure (expected %s, current %s)\n", 1226 - pipe_name(pipe), onoff(state), onoff(cur_state)); 1227 - } 1228 - #define assert_cursor_enabled(d, p) assert_cursor(d, p, true) 1229 - #define assert_cursor_disabled(d, p) assert_cursor(d, p, false) 1230 - 1231 1214 void assert_pipe(struct drm_i915_private *dev_priv, 1232 1215 enum pipe pipe, bool state) 1233 1216 { ··· 1238 1255 pipe_name(pipe), onoff(state), onoff(cur_state)); 1239 1256 } 1240 1257 1241 - static void assert_plane(struct drm_i915_private *dev_priv, 1242 - enum plane plane, bool state) 1258 + static void assert_plane(struct intel_plane *plane, bool state) 1243 1259 { 1244 - u32 val; 1245 - bool cur_state; 1260 + bool cur_state = plane->get_hw_state(plane); 1246 1261 1247 - val = I915_READ(DSPCNTR(plane)); 1248 - cur_state = !!(val & DISPLAY_PLANE_ENABLE); 1249 1262 I915_STATE_WARN(cur_state != state, 1250 - "plane %c assertion failure (expected %s, current %s)\n", 1251 - plane_name(plane), onoff(state), onoff(cur_state)); 1263 + "%s assertion failure (expected %s, current %s)\n", 1264 + plane->base.name, onoff(state), onoff(cur_state)); 1252 1265 } 1253 1266 1254 - #define assert_plane_enabled(d, p) assert_plane(d, p, true) 1255 - #define assert_plane_disabled(d, p) assert_plane(d, p, false) 1267 + #define assert_plane_enabled(p) assert_plane(p, true) 1268 + #define assert_plane_disabled(p) assert_plane(p, false) 1256 1269 1257 - static void assert_planes_disabled(struct drm_i915_private *dev_priv, 1258 - enum pipe pipe) 1270 + static void assert_planes_disabled(struct intel_crtc *crtc) 1259 1271 { 1260 - int i; 1272 + struct drm_i915_private *dev_priv = to_i915(crtc->base.dev); 1273 + struct intel_plane *plane; 1261 1274 1262 - /* Primary planes are fixed to pipes on gen4+ */ 1263 - if (INTEL_GEN(dev_priv) >= 4) { 1264 - u32 val = I915_READ(DSPCNTR(pipe)); 1265 - I915_STATE_WARN(val & DISPLAY_PLANE_ENABLE, 1266 - "plane %c assertion failure, should be disabled but not\n", 1267 - plane_name(pipe)); 1268 - return; 1269 - } 1270 - 1271 - /* Need to check both planes against the pipe */ 1272 - for_each_pipe(dev_priv, i) { 1273 - u32 val = I915_READ(DSPCNTR(i)); 1274 - enum pipe cur_pipe = (val & DISPPLANE_SEL_PIPE_MASK) >> 1275 - DISPPLANE_SEL_PIPE_SHIFT; 1276 - I915_STATE_WARN((val & DISPLAY_PLANE_ENABLE) && pipe == cur_pipe, 1277 - "plane %c assertion failure, should be off on pipe %c but is still active\n", 1278 - plane_name(i), pipe_name(pipe)); 1279 - } 1280 - } 1281 - 1282 - static void assert_sprites_disabled(struct drm_i915_private *dev_priv, 1283 - enum pipe pipe) 1284 - { 1285 - int sprite; 1286 - 1287 - if (INTEL_GEN(dev_priv) >= 9) { 1288 - for_each_sprite(dev_priv, pipe, sprite) { 1289 - u32 val = I915_READ(PLANE_CTL(pipe, sprite)); 1290 - I915_STATE_WARN(val & PLANE_CTL_ENABLE, 1291 - "plane %d assertion failure, should be off on pipe %c but is still active\n", 1292 - sprite, pipe_name(pipe)); 1293 - } 1294 - } else if (IS_VALLEYVIEW(dev_priv) || IS_CHERRYVIEW(dev_priv)) { 1295 - for_each_sprite(dev_priv, pipe, sprite) { 1296 - u32 val = I915_READ(SPCNTR(pipe, PLANE_SPRITE0 + sprite)); 1297 - I915_STATE_WARN(val & SP_ENABLE, 1298 - "sprite %c assertion failure, should be off on pipe %c but is still active\n", 1299 - sprite_name(pipe, sprite), pipe_name(pipe)); 1300 - } 1301 - } else if (INTEL_GEN(dev_priv) >= 7) { 1302 - u32 val = I915_READ(SPRCTL(pipe)); 1303 - I915_STATE_WARN(val & SPRITE_ENABLE, 1304 - "sprite %c assertion failure, should be off on pipe %c but is still active\n", 1305 - plane_name(pipe), pipe_name(pipe)); 1306 - } else if (INTEL_GEN(dev_priv) >= 5 || IS_G4X(dev_priv)) { 1307 - u32 val = I915_READ(DVSCNTR(pipe)); 1308 - I915_STATE_WARN(val & DVS_ENABLE, 1309 - "sprite %c assertion failure, should be off on pipe %c but is still active\n", 1310 - plane_name(pipe), pipe_name(pipe)); 1311 - } 1275 + for_each_intel_plane_on_crtc(&dev_priv->drm, crtc, plane) 1276 + assert_plane_disabled(plane); 1312 1277 } 1313 1278 1314 1279 static void assert_vblank_disabled(struct drm_crtc *crtc) ··· 1849 1918 1850 1919 DRM_DEBUG_KMS("enabling pipe %c\n", pipe_name(pipe)); 1851 1920 1852 - assert_planes_disabled(dev_priv, pipe); 1853 - assert_cursor_disabled(dev_priv, pipe); 1854 - assert_sprites_disabled(dev_priv, pipe); 1921 + assert_planes_disabled(crtc); 1855 1922 1856 1923 /* 1857 1924 * A pipe without a PLL won't actually be able to drive bits from ··· 1918 1989 * Make sure planes won't keep trying to pump pixels to us, 1919 1990 * or we might hang the display. 1920 1991 */ 1921 - assert_planes_disabled(dev_priv, pipe); 1922 - assert_cursor_disabled(dev_priv, pipe); 1923 - assert_sprites_disabled(dev_priv, pipe); 1992 + assert_planes_disabled(crtc); 1924 1993 1925 1994 reg = PIPECONF(cpu_transcoder); 1926 1995 val = I915_READ(reg); ··· 2747 2820 crtc_state->active_planes); 2748 2821 } 2749 2822 2823 + static void intel_plane_disable_noatomic(struct intel_crtc *crtc, 2824 + struct intel_plane *plane) 2825 + { 2826 + struct intel_crtc_state *crtc_state = 2827 + to_intel_crtc_state(crtc->base.state); 2828 + struct intel_plane_state *plane_state = 2829 + to_intel_plane_state(plane->base.state); 2830 + 2831 + intel_set_plane_visible(crtc_state, plane_state, false); 2832 + 2833 + if (plane->id == PLANE_PRIMARY) 2834 + intel_pre_disable_primary_noatomic(&crtc->base); 2835 + 2836 + trace_intel_disable_plane(&plane->base, crtc); 2837 + plane->disable_plane(plane, crtc); 2838 + } 2839 + 2750 2840 static void 2751 2841 intel_find_initial_plane_obj(struct intel_crtc *intel_crtc, 2752 2842 struct intel_initial_plane_config *plane_config) ··· 2821 2877 * simplest solution is to just disable the primary plane now and 2822 2878 * pretend the BIOS never had it enabled. 2823 2879 */ 2824 - intel_set_plane_visible(to_intel_crtc_state(crtc_state), 2825 - to_intel_plane_state(plane_state), 2826 - false); 2827 - intel_pre_disable_primary_noatomic(&intel_crtc->base); 2828 - trace_intel_disable_plane(primary, intel_crtc); 2829 - intel_plane->disable_plane(intel_plane, intel_crtc); 2880 + intel_plane_disable_noatomic(intel_crtc, intel_plane); 2830 2881 2831 2882 return; 2832 2883 ··· 3322 3383 POSTING_READ_FW(DSPCNTR(plane)); 3323 3384 3324 3385 spin_unlock_irqrestore(&dev_priv->uncore.lock, irqflags); 3386 + } 3387 + 3388 + static bool i9xx_plane_get_hw_state(struct intel_plane *primary) 3389 + { 3390 + 3391 + struct drm_i915_private *dev_priv = to_i915(primary->base.dev); 3392 + enum intel_display_power_domain power_domain; 3393 + enum plane plane = primary->plane; 3394 + enum pipe pipe = primary->pipe; 3395 + bool ret; 3396 + 3397 + /* 3398 + * Not 100% correct for planes that can move between pipes, 3399 + * but that's only the case for gen2-4 which don't have any 3400 + * display power wells. 3401 + */ 3402 + power_domain = POWER_DOMAIN_PIPE(pipe); 3403 + if (!intel_display_power_get_if_enabled(dev_priv, power_domain)) 3404 + return false; 3405 + 3406 + ret = I915_READ(DSPCNTR(plane)) & DISPLAY_PLANE_ENABLE; 3407 + 3408 + intel_display_power_put(dev_priv, power_domain); 3409 + 3410 + return ret; 3325 3411 } 3326 3412 3327 3413 static u32 ··· 4830 4866 * a vblank wait. 4831 4867 */ 4832 4868 4833 - assert_plane_enabled(dev_priv, crtc->plane); 4869 + assert_plane_enabled(to_intel_plane(crtc->base.primary)); 4870 + 4834 4871 if (IS_BROADWELL(dev_priv)) { 4835 4872 mutex_lock(&dev_priv->pcu_lock); 4836 4873 WARN_ON(sandybridge_pcode_write(dev_priv, DISPLAY_IPS_CONTROL, ··· 4864 4899 if (!crtc->config->ips_enabled) 4865 4900 return; 4866 4901 4867 - assert_plane_enabled(dev_priv, crtc->plane); 4902 + assert_plane_enabled(to_intel_plane(crtc->base.primary)); 4903 + 4868 4904 if (IS_BROADWELL(dev_priv)) { 4869 4905 mutex_lock(&dev_priv->pcu_lock); 4870 4906 WARN_ON(sandybridge_pcode_write(dev_priv, DISPLAY_IPS_CONTROL, 0)); ··· 5865 5899 struct intel_crtc *intel_crtc = to_intel_crtc(crtc); 5866 5900 struct drm_i915_private *dev_priv = to_i915(crtc->dev); 5867 5901 enum intel_display_power_domain domain; 5902 + struct intel_plane *plane; 5868 5903 u64 domains; 5869 5904 struct drm_atomic_state *state; 5870 5905 struct intel_crtc_state *crtc_state; ··· 5874 5907 if (!intel_crtc->active) 5875 5908 return; 5876 5909 5877 - if (crtc->primary->state->visible) { 5878 - intel_pre_disable_primary_noatomic(crtc); 5910 + for_each_intel_plane_on_crtc(&dev_priv->drm, intel_crtc, plane) { 5911 + const struct intel_plane_state *plane_state = 5912 + to_intel_plane_state(plane->base.state); 5879 5913 5880 - intel_crtc_disable_planes(crtc, 1 << drm_plane_index(crtc->primary)); 5881 - crtc->primary->state->visible = false; 5914 + if (plane_state->base.visible) 5915 + intel_plane_disable_noatomic(intel_crtc, plane); 5882 5916 } 5883 5917 5884 5918 state = drm_atomic_state_alloc(crtc->dev); ··· 9445 9477 i845_update_cursor(plane, NULL, NULL); 9446 9478 } 9447 9479 9480 + static bool i845_cursor_get_hw_state(struct intel_plane *plane) 9481 + { 9482 + struct drm_i915_private *dev_priv = to_i915(plane->base.dev); 9483 + enum intel_display_power_domain power_domain; 9484 + bool ret; 9485 + 9486 + power_domain = POWER_DOMAIN_PIPE(PIPE_A); 9487 + if (!intel_display_power_get_if_enabled(dev_priv, power_domain)) 9488 + return false; 9489 + 9490 + ret = I915_READ(CURCNTR(PIPE_A)) & CURSOR_ENABLE; 9491 + 9492 + intel_display_power_put(dev_priv, power_domain); 9493 + 9494 + return ret; 9495 + } 9496 + 9448 9497 static u32 i9xx_cursor_ctl(const struct intel_crtc_state *crtc_state, 9449 9498 const struct intel_plane_state *plane_state) 9450 9499 { ··· 9655 9670 i9xx_update_cursor(plane, NULL, NULL); 9656 9671 } 9657 9672 9673 + static bool i9xx_cursor_get_hw_state(struct intel_plane *plane) 9674 + { 9675 + struct drm_i915_private *dev_priv = to_i915(plane->base.dev); 9676 + enum intel_display_power_domain power_domain; 9677 + enum pipe pipe = plane->pipe; 9678 + bool ret; 9679 + 9680 + /* 9681 + * Not 100% correct for planes that can move between pipes, 9682 + * but that's only the case for gen2-3 which don't have any 9683 + * display power wells. 9684 + */ 9685 + power_domain = POWER_DOMAIN_PIPE(pipe); 9686 + if (!intel_display_power_get_if_enabled(dev_priv, power_domain)) 9687 + return false; 9688 + 9689 + ret = I915_READ(CURCNTR(pipe)) & CURSOR_MODE; 9690 + 9691 + intel_display_power_put(dev_priv, power_domain); 9692 + 9693 + return ret; 9694 + } 9658 9695 9659 9696 /* VESA 640x480x72Hz mode to set on the pipe */ 9660 9697 static const struct drm_display_mode load_detect_mode = { ··· 13212 13205 13213 13206 primary->update_plane = skl_update_plane; 13214 13207 primary->disable_plane = skl_disable_plane; 13208 + primary->get_hw_state = skl_plane_get_hw_state; 13215 13209 } else if (INTEL_GEN(dev_priv) >= 9) { 13216 13210 intel_primary_formats = skl_primary_formats; 13217 13211 num_formats = ARRAY_SIZE(skl_primary_formats); ··· 13223 13215 13224 13216 primary->update_plane = skl_update_plane; 13225 13217 primary->disable_plane = skl_disable_plane; 13218 + primary->get_hw_state = skl_plane_get_hw_state; 13226 13219 } else if (INTEL_GEN(dev_priv) >= 4) { 13227 13220 intel_primary_formats = i965_primary_formats; 13228 13221 num_formats = ARRAY_SIZE(i965_primary_formats); ··· 13231 13222 13232 13223 primary->update_plane = i9xx_update_primary_plane; 13233 13224 primary->disable_plane = i9xx_disable_primary_plane; 13225 + primary->get_hw_state = i9xx_plane_get_hw_state; 13234 13226 } else { 13235 13227 intel_primary_formats = i8xx_primary_formats; 13236 13228 num_formats = ARRAY_SIZE(i8xx_primary_formats); ··· 13239 13229 13240 13230 primary->update_plane = i9xx_update_primary_plane; 13241 13231 primary->disable_plane = i9xx_disable_primary_plane; 13232 + primary->get_hw_state = i9xx_plane_get_hw_state; 13242 13233 } 13243 13234 13244 13235 if (INTEL_GEN(dev_priv) >= 9) ··· 13329 13318 if (IS_I845G(dev_priv) || IS_I865G(dev_priv)) { 13330 13319 cursor->update_plane = i845_update_cursor; 13331 13320 cursor->disable_plane = i845_disable_cursor; 13321 + cursor->get_hw_state = i845_cursor_get_hw_state; 13332 13322 cursor->check_plane = i845_check_cursor; 13333 13323 } else { 13334 13324 cursor->update_plane = i9xx_update_cursor; 13335 13325 cursor->disable_plane = i9xx_disable_cursor; 13326 + cursor->get_hw_state = i9xx_cursor_get_hw_state; 13336 13327 cursor->check_plane = i9xx_check_cursor; 13337 13328 } 13338 13329 ··· 14684 14671 DRM_DEBUG_KMS("disabling pipe %c due to force quirk\n", 14685 14672 pipe_name(pipe)); 14686 14673 14687 - assert_plane_disabled(dev_priv, PLANE_A); 14688 - assert_plane_disabled(dev_priv, PLANE_B); 14674 + WARN_ON(I915_READ(DSPCNTR(PLANE_A)) & DISPLAY_PLANE_ENABLE); 14675 + WARN_ON(I915_READ(DSPCNTR(PLANE_B)) & DISPLAY_PLANE_ENABLE); 14676 + WARN_ON(I915_READ(DSPCNTR(PLANE_C)) & DISPLAY_PLANE_ENABLE); 14677 + WARN_ON(I915_READ(CURCNTR(PIPE_A)) & CURSOR_MODE); 14678 + WARN_ON(I915_READ(CURCNTR(PIPE_B)) & CURSOR_MODE); 14689 14679 14690 14680 I915_WRITE(PIPECONF(pipe), 0); 14691 14681 POSTING_READ(PIPECONF(pipe)); ··· 14699 14683 POSTING_READ(DPLL(pipe)); 14700 14684 } 14701 14685 14702 - static bool 14703 - intel_check_plane_mapping(struct intel_crtc *crtc) 14686 + static bool intel_plane_mapping_ok(struct intel_crtc *crtc, 14687 + struct intel_plane *primary) 14704 14688 { 14705 14689 struct drm_i915_private *dev_priv = to_i915(crtc->base.dev); 14706 - u32 val; 14690 + enum plane plane = primary->plane; 14691 + u32 val = I915_READ(DSPCNTR(plane)); 14707 14692 14708 - if (INTEL_INFO(dev_priv)->num_pipes == 1) 14709 - return true; 14693 + return (val & DISPLAY_PLANE_ENABLE) == 0 || 14694 + (val & DISPPLANE_SEL_PIPE_MASK) == DISPPLANE_SEL_PIPE(crtc->pipe); 14695 + } 14710 14696 14711 - val = I915_READ(DSPCNTR(!crtc->plane)); 14697 + static void 14698 + intel_sanitize_plane_mapping(struct drm_i915_private *dev_priv) 14699 + { 14700 + struct intel_crtc *crtc; 14712 14701 14713 - if ((val & DISPLAY_PLANE_ENABLE) && 14714 - (!!(val & DISPPLANE_SEL_PIPE_MASK) == crtc->pipe)) 14715 - return false; 14702 + if (INTEL_GEN(dev_priv) >= 4) 14703 + return; 14716 14704 14717 - return true; 14705 + for_each_intel_crtc(&dev_priv->drm, crtc) { 14706 + struct intel_plane *plane = 14707 + to_intel_plane(crtc->base.primary); 14708 + 14709 + if (intel_plane_mapping_ok(crtc, plane)) 14710 + continue; 14711 + 14712 + DRM_DEBUG_KMS("%s attached to the wrong pipe, disabling plane\n", 14713 + plane->base.name); 14714 + intel_plane_disable_noatomic(crtc, plane); 14715 + } 14718 14716 } 14719 14717 14720 14718 static bool intel_crtc_has_encoders(struct intel_crtc *crtc) ··· 14784 14754 14785 14755 /* Disable everything but the primary plane */ 14786 14756 for_each_intel_plane_on_crtc(dev, crtc, plane) { 14787 - if (plane->base.type == DRM_PLANE_TYPE_PRIMARY) 14788 - continue; 14757 + const struct intel_plane_state *plane_state = 14758 + to_intel_plane_state(plane->base.state); 14789 14759 14790 - trace_intel_disable_plane(&plane->base, crtc); 14791 - plane->disable_plane(plane, crtc); 14760 + if (plane_state->base.visible && 14761 + plane->base.type != DRM_PLANE_TYPE_PRIMARY) 14762 + intel_plane_disable_noatomic(crtc, plane); 14792 14763 } 14793 - } 14794 - 14795 - /* We need to sanitize the plane -> pipe mapping first because this will 14796 - * disable the crtc (and hence change the state) if it is wrong. Note 14797 - * that gen4+ has a fixed plane -> pipe mapping. */ 14798 - if (INTEL_GEN(dev_priv) < 4 && !intel_check_plane_mapping(crtc)) { 14799 - bool plane; 14800 - 14801 - DRM_DEBUG_KMS("[CRTC:%d:%s] wrong plane connection detected!\n", 14802 - crtc->base.base.id, crtc->base.name); 14803 - 14804 - /* Pipe has the wrong plane attached and the plane is active. 14805 - * Temporarily change the plane mapping and disable everything 14806 - * ... */ 14807 - plane = crtc->plane; 14808 - crtc->base.primary->state->visible = true; 14809 - crtc->plane = !plane; 14810 - intel_crtc_disable_noatomic(&crtc->base, ctx); 14811 - crtc->plane = plane; 14812 14764 } 14813 14765 14814 14766 /* Adjust the state of the output pipe according to whether we ··· 14897 14885 intel_display_power_put(dev_priv, POWER_DOMAIN_VGA); 14898 14886 } 14899 14887 14900 - static bool primary_get_hw_state(struct intel_plane *plane) 14901 - { 14902 - struct drm_i915_private *dev_priv = to_i915(plane->base.dev); 14903 - 14904 - return I915_READ(DSPCNTR(plane->plane)) & DISPLAY_PLANE_ENABLE; 14905 - } 14906 - 14907 14888 /* FIXME read out full plane state for all planes */ 14908 14889 static void readout_plane_state(struct intel_crtc *crtc) 14909 14890 { 14910 - struct intel_plane *primary = to_intel_plane(crtc->base.primary); 14911 - bool visible; 14891 + struct drm_i915_private *dev_priv = to_i915(crtc->base.dev); 14892 + struct intel_crtc_state *crtc_state = 14893 + to_intel_crtc_state(crtc->base.state); 14894 + struct intel_plane *plane; 14912 14895 14913 - visible = crtc->active && primary_get_hw_state(primary); 14896 + for_each_intel_plane_on_crtc(&dev_priv->drm, crtc, plane) { 14897 + struct intel_plane_state *plane_state = 14898 + to_intel_plane_state(plane->base.state); 14899 + bool visible = plane->get_hw_state(plane); 14914 14900 14915 - intel_set_plane_visible(to_intel_crtc_state(crtc->base.state), 14916 - to_intel_plane_state(primary->base.state), 14917 - visible); 14901 + intel_set_plane_visible(crtc_state, plane_state, visible); 14902 + } 14918 14903 } 14919 14904 14920 14905 static void intel_modeset_readout_hw_state(struct drm_device *dev) ··· 15108 15099 15109 15100 /* HW state is read out, now we need to sanitize this mess. */ 15110 15101 get_encoder_power_domains(dev_priv); 15102 + 15103 + intel_sanitize_plane_mapping(dev_priv); 15111 15104 15112 15105 for_each_intel_encoder(dev, encoder) { 15113 15106 intel_sanitize_encoder(encoder);

+2

drivers/gpu/drm/i915/intel_drv.h

··· 862 862 const struct intel_plane_state *plane_state); 863 863 void (*disable_plane)(struct intel_plane *plane, 864 864 struct intel_crtc *crtc); 865 + bool (*get_hw_state)(struct intel_plane *plane); 865 866 int (*check_plane)(struct intel_plane *plane, 866 867 struct intel_crtc_state *crtc_state, 867 868 struct intel_plane_state *state); ··· 1925 1924 const struct intel_crtc_state *crtc_state, 1926 1925 const struct intel_plane_state *plane_state); 1927 1926 void skl_disable_plane(struct intel_plane *plane, struct intel_crtc *crtc); 1927 + bool skl_plane_get_hw_state(struct intel_plane *plane); 1928 1928 1929 1929 /* intel_tv.c */ 1930 1930 void intel_tv_init(struct drm_i915_private *dev_priv);

+83

drivers/gpu/drm/i915/intel_sprite.c

··· 329 329 spin_unlock_irqrestore(&dev_priv->uncore.lock, irqflags); 330 330 } 331 331 332 + bool 333 + skl_plane_get_hw_state(struct intel_plane *plane) 334 + { 335 + struct drm_i915_private *dev_priv = to_i915(plane->base.dev); 336 + enum intel_display_power_domain power_domain; 337 + enum plane_id plane_id = plane->id; 338 + enum pipe pipe = plane->pipe; 339 + bool ret; 340 + 341 + power_domain = POWER_DOMAIN_PIPE(pipe); 342 + if (!intel_display_power_get_if_enabled(dev_priv, power_domain)) 343 + return false; 344 + 345 + ret = I915_READ(PLANE_CTL(pipe, plane_id)) & PLANE_CTL_ENABLE; 346 + 347 + intel_display_power_put(dev_priv, power_domain); 348 + 349 + return ret; 350 + } 351 + 332 352 static void 333 353 chv_update_csc(struct intel_plane *plane, uint32_t format) 334 354 { ··· 526 506 spin_unlock_irqrestore(&dev_priv->uncore.lock, irqflags); 527 507 } 528 508 509 + static bool 510 + vlv_plane_get_hw_state(struct intel_plane *plane) 511 + { 512 + struct drm_i915_private *dev_priv = to_i915(plane->base.dev); 513 + enum intel_display_power_domain power_domain; 514 + enum plane_id plane_id = plane->id; 515 + enum pipe pipe = plane->pipe; 516 + bool ret; 517 + 518 + power_domain = POWER_DOMAIN_PIPE(pipe); 519 + if (!intel_display_power_get_if_enabled(dev_priv, power_domain)) 520 + return false; 521 + 522 + ret = I915_READ(SPCNTR(pipe, plane_id)) & SP_ENABLE; 523 + 524 + intel_display_power_put(dev_priv, power_domain); 525 + 526 + return ret; 527 + } 528 + 529 529 static u32 ivb_sprite_ctl(const struct intel_crtc_state *crtc_state, 530 530 const struct intel_plane_state *plane_state) 531 531 { ··· 686 646 spin_unlock_irqrestore(&dev_priv->uncore.lock, irqflags); 687 647 } 688 648 649 + static bool 650 + ivb_plane_get_hw_state(struct intel_plane *plane) 651 + { 652 + struct drm_i915_private *dev_priv = to_i915(plane->base.dev); 653 + enum intel_display_power_domain power_domain; 654 + enum pipe pipe = plane->pipe; 655 + bool ret; 656 + 657 + power_domain = POWER_DOMAIN_PIPE(pipe); 658 + if (!intel_display_power_get_if_enabled(dev_priv, power_domain)) 659 + return false; 660 + 661 + ret = I915_READ(SPRCTL(pipe)) & SPRITE_ENABLE; 662 + 663 + intel_display_power_put(dev_priv, power_domain); 664 + 665 + return ret; 666 + } 667 + 689 668 static u32 g4x_sprite_ctl(const struct intel_crtc_state *crtc_state, 690 669 const struct intel_plane_state *plane_state) 691 670 { ··· 834 775 POSTING_READ_FW(DVSSURF(pipe)); 835 776 836 777 spin_unlock_irqrestore(&dev_priv->uncore.lock, irqflags); 778 + } 779 + 780 + static bool 781 + g4x_plane_get_hw_state(struct intel_plane *plane) 782 + { 783 + struct drm_i915_private *dev_priv = to_i915(plane->base.dev); 784 + enum intel_display_power_domain power_domain; 785 + enum pipe pipe = plane->pipe; 786 + bool ret; 787 + 788 + power_domain = POWER_DOMAIN_PIPE(pipe); 789 + if (!intel_display_power_get_if_enabled(dev_priv, power_domain)) 790 + return false; 791 + 792 + ret = I915_READ(DVSCNTR(pipe)) & DVS_ENABLE; 793 + 794 + intel_display_power_put(dev_priv, power_domain); 795 + 796 + return ret; 837 797 } 838 798 839 799 static int ··· 1310 1232 1311 1233 intel_plane->update_plane = skl_update_plane; 1312 1234 intel_plane->disable_plane = skl_disable_plane; 1235 + intel_plane->get_hw_state = skl_plane_get_hw_state; 1313 1236 1314 1237 plane_formats = skl_plane_formats; 1315 1238 num_plane_formats = ARRAY_SIZE(skl_plane_formats); ··· 1321 1242 1322 1243 intel_plane->update_plane = skl_update_plane; 1323 1244 intel_plane->disable_plane = skl_disable_plane; 1245 + intel_plane->get_hw_state = skl_plane_get_hw_state; 1324 1246 1325 1247 plane_formats = skl_plane_formats; 1326 1248 num_plane_formats = ARRAY_SIZE(skl_plane_formats); ··· 1332 1252 1333 1253 intel_plane->update_plane = vlv_update_plane; 1334 1254 intel_plane->disable_plane = vlv_disable_plane; 1255 + intel_plane->get_hw_state = vlv_plane_get_hw_state; 1335 1256 1336 1257 plane_formats = vlv_plane_formats; 1337 1258 num_plane_formats = ARRAY_SIZE(vlv_plane_formats); ··· 1348 1267 1349 1268 intel_plane->update_plane = ivb_update_plane; 1350 1269 intel_plane->disable_plane = ivb_disable_plane; 1270 + intel_plane->get_hw_state = ivb_plane_get_hw_state; 1351 1271 1352 1272 plane_formats = snb_plane_formats; 1353 1273 num_plane_formats = ARRAY_SIZE(snb_plane_formats); ··· 1359 1277 1360 1278 intel_plane->update_plane = g4x_update_plane; 1361 1279 intel_plane->disable_plane = g4x_disable_plane; 1280 + intel_plane->get_hw_state = g4x_plane_get_hw_state; 1362 1281 1363 1282 modifiers = i9xx_plane_format_modifiers; 1364 1283 if (IS_GEN6(dev_priv)) {

+1

drivers/gpu/drm/nouveau/include/nvkm/subdev/mmu.h

··· 121 121 int nv44_mmu_new(struct nvkm_device *, int, struct nvkm_mmu **); 122 122 int nv50_mmu_new(struct nvkm_device *, int, struct nvkm_mmu **); 123 123 int g84_mmu_new(struct nvkm_device *, int, struct nvkm_mmu **); 124 + int mcp77_mmu_new(struct nvkm_device *, int, struct nvkm_mmu **); 124 125 int gf100_mmu_new(struct nvkm_device *, int, struct nvkm_mmu **); 125 126 int gk104_mmu_new(struct nvkm_device *, int, struct nvkm_mmu **); 126 127 int gk20a_mmu_new(struct nvkm_device *, int, struct nvkm_mmu **);

+3 -1

drivers/gpu/drm/nouveau/nouveau_bo.c

··· 1447 1447 args.nv50.ro = 0; 1448 1448 args.nv50.kind = mem->kind; 1449 1449 args.nv50.comp = mem->comp; 1450 + argc = sizeof(args.nv50); 1450 1451 break; 1451 1452 case NVIF_CLASS_MEM_GF100: 1452 1453 args.gf100.version = 0; 1453 1454 args.gf100.ro = 0; 1454 1455 args.gf100.kind = mem->kind; 1456 + argc = sizeof(args.gf100); 1455 1457 break; 1456 1458 default: 1457 1459 WARN_ON(1); ··· 1461 1459 } 1462 1460 1463 1461 ret = nvif_object_map_handle(&mem->mem.object, 1464 - &argc, argc, 1462 + &args, argc, 1465 1463 &handle, &length); 1466 1464 if (ret != 1) 1467 1465 return ret ? ret : -EINVAL;

+2 -2

drivers/gpu/drm/nouveau/nvkm/engine/device/base.c

··· 1251 1251 .i2c = g94_i2c_new, 1252 1252 .imem = nv50_instmem_new, 1253 1253 .mc = g98_mc_new, 1254 - .mmu = g84_mmu_new, 1254 + .mmu = mcp77_mmu_new, 1255 1255 .mxm = nv50_mxm_new, 1256 1256 .pci = g94_pci_new, 1257 1257 .therm = g84_therm_new, ··· 1283 1283 .i2c = g94_i2c_new, 1284 1284 .imem = nv50_instmem_new, 1285 1285 .mc = g98_mc_new, 1286 - .mmu = g84_mmu_new, 1286 + .mmu = mcp77_mmu_new, 1287 1287 .mxm = nv50_mxm_new, 1288 1288 .pci = g94_pci_new, 1289 1289 .therm = g84_therm_new,

+2 -1

drivers/gpu/drm/nouveau/nvkm/subdev/bar/base.c

··· 73 73 nvkm_bar_fini(struct nvkm_subdev *subdev, bool suspend) 74 74 { 75 75 struct nvkm_bar *bar = nvkm_bar(subdev); 76 - bar->func->bar1.fini(bar); 76 + if (bar->func->bar1.fini) 77 + bar->func->bar1.fini(bar); 77 78 return 0; 78 79 } 79 80

-1

drivers/gpu/drm/nouveau/nvkm/subdev/bar/gk20a.c

··· 26 26 .dtor = gf100_bar_dtor, 27 27 .oneinit = gf100_bar_oneinit, 28 28 .bar1.init = gf100_bar_bar1_init, 29 - .bar1.fini = gf100_bar_bar1_fini, 30 29 .bar1.wait = gf100_bar_bar1_wait, 31 30 .bar1.vmm = gf100_bar_bar1_vmm, 32 31 .flush = g84_bar_flush,

+2

drivers/gpu/drm/nouveau/nvkm/subdev/mmu/Kbuild

··· 4 4 nvkm-y += nvkm/subdev/mmu/nv44.o 5 5 nvkm-y += nvkm/subdev/mmu/nv50.o 6 6 nvkm-y += nvkm/subdev/mmu/g84.o 7 + nvkm-y += nvkm/subdev/mmu/mcp77.o 7 8 nvkm-y += nvkm/subdev/mmu/gf100.o 8 9 nvkm-y += nvkm/subdev/mmu/gk104.o 9 10 nvkm-y += nvkm/subdev/mmu/gk20a.o ··· 23 22 nvkm-y += nvkm/subdev/mmu/vmmnv41.o 24 23 nvkm-y += nvkm/subdev/mmu/vmmnv44.o 25 24 nvkm-y += nvkm/subdev/mmu/vmmnv50.o 25 + nvkm-y += nvkm/subdev/mmu/vmmmcp77.o 26 26 nvkm-y += nvkm/subdev/mmu/vmmgf100.o 27 27 nvkm-y += nvkm/subdev/mmu/vmmgk104.o 28 28 nvkm-y += nvkm/subdev/mmu/vmmgk20a.o

+41

drivers/gpu/drm/nouveau/nvkm/subdev/mmu/mcp77.c

··· 1 + /* 2 + * Copyright 2017 Red Hat Inc. 3 + * 4 + * Permission is hereby granted, free of charge, to any person obtaining a 5 + * copy of this software and associated documentation files (the "Software"), 6 + * to deal in the Software without restriction, including without limitation 7 + * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 + * and/or sell copies of the Software, and to permit persons to whom the 9 + * Software is furnished to do so, subject to the following conditions: 10 + * 11 + * The above copyright notice and this permission notice shall be included in 12 + * all copies or substantial portions of the Software. 13 + * 14 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 17 + * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR 18 + * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 19 + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 20 + * OTHER DEALINGS IN THE SOFTWARE. 21 + */ 22 + #include "mem.h" 23 + #include "vmm.h" 24 + 25 + #include <nvif/class.h> 26 + 27 + static const struct nvkm_mmu_func 28 + mcp77_mmu = { 29 + .dma_bits = 40, 30 + .mmu = {{ -1, -1, NVIF_CLASS_MMU_NV50}}, 31 + .mem = {{ -1, 0, NVIF_CLASS_MEM_NV50}, nv50_mem_new, nv50_mem_map }, 32 + .vmm = {{ -1, -1, NVIF_CLASS_VMM_NV50}, mcp77_vmm_new, false, 0x0200 }, 33 + .kind = nv50_mmu_kind, 34 + .kind_sys = true, 35 + }; 36 + 37 + int 38 + mcp77_mmu_new(struct nvkm_device *device, int index, struct nvkm_mmu **pmmu) 39 + { 40 + return nvkm_mmu_new_(&mcp77_mmu, device, index, pmmu); 41 + }

+10

drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmm.h

··· 95 95 const struct nvkm_vmm_desc_func *func; 96 96 }; 97 97 98 + extern const struct nvkm_vmm_desc nv50_vmm_desc_12[]; 99 + extern const struct nvkm_vmm_desc nv50_vmm_desc_16[]; 100 + 98 101 extern const struct nvkm_vmm_desc gk104_vmm_desc_16_12[]; 99 102 extern const struct nvkm_vmm_desc gk104_vmm_desc_16_16[]; 100 103 extern const struct nvkm_vmm_desc gk104_vmm_desc_17_12[]; ··· 172 169 const char *, struct nvkm_vmm **); 173 170 int nv04_vmm_valid(struct nvkm_vmm *, void *, u32, struct nvkm_vmm_map *); 174 171 172 + int nv50_vmm_join(struct nvkm_vmm *, struct nvkm_memory *); 173 + void nv50_vmm_part(struct nvkm_vmm *, struct nvkm_memory *); 174 + int nv50_vmm_valid(struct nvkm_vmm *, void *, u32, struct nvkm_vmm_map *); 175 + void nv50_vmm_flush(struct nvkm_vmm *, int); 176 + 175 177 int gf100_vmm_new_(const struct nvkm_vmm_func *, const struct nvkm_vmm_func *, 176 178 struct nvkm_mmu *, u64, u64, void *, u32, 177 179 struct lock_class_key *, const char *, struct nvkm_vmm **); ··· 208 200 struct lock_class_key *, const char *, struct nvkm_vmm **); 209 201 int nv50_vmm_new(struct nvkm_mmu *, u64, u64, void *, u32, 210 202 struct lock_class_key *, const char *, struct nvkm_vmm **); 203 + int mcp77_vmm_new(struct nvkm_mmu *, u64, u64, void *, u32, 204 + struct lock_class_key *, const char *, struct nvkm_vmm **); 211 205 int g84_vmm_new(struct nvkm_mmu *, u64, u64, void *, u32, 212 206 struct lock_class_key *, const char *, struct nvkm_vmm **); 213 207 int gf100_vmm_new(struct nvkm_mmu *, u64, u64, void *, u32,

+45

drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmmmcp77.c

··· 1 + /* 2 + * Copyright 2017 Red Hat Inc. 3 + * 4 + * Permission is hereby granted, free of charge, to any person obtaining a 5 + * copy of this software and associated documentation files (the "Software"), 6 + * to deal in the Software without restriction, including without limitation 7 + * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 + * and/or sell copies of the Software, and to permit persons to whom the 9 + * Software is furnished to do so, subject to the following conditions: 10 + * 11 + * The above copyright notice and this permission notice shall be included in 12 + * all copies or substantial portions of the Software. 13 + * 14 + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15 + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 17 + * THE COPYRIGHT HOLDER(S) OR AUTHOR(S) BE LIABLE FOR ANY CLAIM, DAMAGES OR 18 + * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 19 + * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 20 + * OTHER DEALINGS IN THE SOFTWARE. 21 + */ 22 + #include "vmm.h" 23 + 24 + static const struct nvkm_vmm_func 25 + mcp77_vmm = { 26 + .join = nv50_vmm_join, 27 + .part = nv50_vmm_part, 28 + .valid = nv50_vmm_valid, 29 + .flush = nv50_vmm_flush, 30 + .page_block = 1 << 29, 31 + .page = { 32 + { 16, &nv50_vmm_desc_16[0], NVKM_VMM_PAGE_xVxx }, 33 + { 12, &nv50_vmm_desc_12[0], NVKM_VMM_PAGE_xVHx }, 34 + {} 35 + } 36 + }; 37 + 38 + int 39 + mcp77_vmm_new(struct nvkm_mmu *mmu, u64 addr, u64 size, void *argv, u32 argc, 40 + struct lock_class_key *key, const char *name, 41 + struct nvkm_vmm **pvmm) 42 + { 43 + return nv04_vmm_new_(&mcp77_vmm, mmu, 0, addr, size, 44 + argv, argc, key, name, pvmm); 45 + }

+8 -8

drivers/gpu/drm/nouveau/nvkm/subdev/mmu/vmmnv50.c

··· 32 32 nv50_vmm_pgt_pte(struct nvkm_vmm *vmm, struct nvkm_mmu_pt *pt, 33 33 u32 ptei, u32 ptes, struct nvkm_vmm_map *map, u64 addr) 34 34 { 35 - u64 next = addr | map->type, data; 35 + u64 next = addr + map->type, data; 36 36 u32 pten; 37 37 int log2blk; 38 38 ··· 69 69 VMM_SPAM(vmm, "DMAA %08x %08x PTE(s)", ptei, ptes); 70 70 nvkm_kmap(pt->memory); 71 71 while (ptes--) { 72 - const u64 data = *map->dma++ | map->type; 72 + const u64 data = *map->dma++ + map->type; 73 73 VMM_WO064(pt, vmm, ptei++ * 8, data); 74 74 map->type += map->ctag; 75 75 } ··· 163 163 .pde = nv50_vmm_pgd_pde, 164 164 }; 165 165 166 - static const struct nvkm_vmm_desc 166 + const struct nvkm_vmm_desc 167 167 nv50_vmm_desc_12[] = { 168 168 { PGT, 17, 8, 0x1000, &nv50_vmm_pgt }, 169 169 { PGD, 11, 0, 0x0000, &nv50_vmm_pgd }, 170 170 {} 171 171 }; 172 172 173 - static const struct nvkm_vmm_desc 173 + const struct nvkm_vmm_desc 174 174 nv50_vmm_desc_16[] = { 175 175 { PGT, 13, 8, 0x1000, &nv50_vmm_pgt }, 176 176 { PGD, 11, 0, 0x0000, &nv50_vmm_pgd }, 177 177 {} 178 178 }; 179 179 180 - static void 180 + void 181 181 nv50_vmm_flush(struct nvkm_vmm *vmm, int level) 182 182 { 183 183 struct nvkm_subdev *subdev = &vmm->mmu->subdev; ··· 223 223 mutex_unlock(&subdev->mutex); 224 224 } 225 225 226 - static int 226 + int 227 227 nv50_vmm_valid(struct nvkm_vmm *vmm, void *argv, u32 argc, 228 228 struct nvkm_vmm_map *map) 229 229 { ··· 321 321 return 0; 322 322 } 323 323 324 - static void 324 + void 325 325 nv50_vmm_part(struct nvkm_vmm *vmm, struct nvkm_memory *inst) 326 326 { 327 327 struct nvkm_vmm_join *join; ··· 335 335 } 336 336 } 337 337 338 - static int 338 + int 339 339 nv50_vmm_join(struct nvkm_vmm *vmm, struct nvkm_memory *inst) 340 340 { 341 341 const u32 pd_offset = vmm->mmu->func->vmm.pd_offset;

+6 -3

drivers/gpu/drm/sun4i/sun4i_hdmi_tmds_clk.c

··· 102 102 goto out; 103 103 } 104 104 105 - if (abs(rate - rounded / i) < 106 - abs(rate - best_parent / best_div)) { 105 + if (!best_parent || 106 + abs(rate - rounded / i / j) < 107 + abs(rate - best_parent / best_half / 108 + best_div)) { 107 109 best_parent = rounded; 108 - best_div = i; 110 + best_half = i; 111 + best_div = j; 109 112 } 110 113 } 111 114 }

+1 -1

drivers/gpu/drm/vmwgfx/vmwgfx_kms.c

··· 1863 1863 */ 1864 1864 int vmw_enable_vblank(struct drm_device *dev, unsigned int pipe) 1865 1865 { 1866 - return -ENOSYS; 1866 + return -EINVAL; 1867 1867 } 1868 1868 1869 1869 /**

+2 -2

drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c

··· 266 266 .set_property = vmw_du_connector_set_property, 267 267 .destroy = vmw_ldu_connector_destroy, 268 268 .reset = vmw_du_connector_reset, 269 - .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state, 270 - .atomic_destroy_state = drm_atomic_helper_connector_destroy_state, 269 + .atomic_duplicate_state = vmw_du_connector_duplicate_state, 270 + .atomic_destroy_state = vmw_du_connector_destroy_state, 271 271 .atomic_set_property = vmw_du_connector_atomic_set_property, 272 272 .atomic_get_property = vmw_du_connector_atomic_get_property, 273 273 };

+2 -2

drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c

··· 420 420 .set_property = vmw_du_connector_set_property, 421 421 .destroy = vmw_sou_connector_destroy, 422 422 .reset = vmw_du_connector_reset, 423 - .atomic_duplicate_state = drm_atomic_helper_connector_duplicate_state, 424 - .atomic_destroy_state = drm_atomic_helper_connector_destroy_state, 423 + .atomic_duplicate_state = vmw_du_connector_duplicate_state, 424 + .atomic_destroy_state = vmw_du_connector_destroy_state, 425 425 .atomic_set_property = vmw_du_connector_atomic_set_property, 426 426 .atomic_get_property = vmw_du_connector_atomic_get_property, 427 427 };

+5 -1

drivers/i2c/i2c-core-base.c

··· 821 821 { 822 822 if (!client) 823 823 return; 824 - if (client->dev.of_node) 824 + 825 + if (client->dev.of_node) { 825 826 of_node_clear_flag(client->dev.of_node, OF_POPULATED); 827 + of_node_put(client->dev.of_node); 828 + } 829 + 826 830 if (ACPI_COMPANION(&client->dev)) 827 831 acpi_device_clear_enumerated(ACPI_COMPANION(&client->dev)); 828 832 device_unregister(&client->dev);

+7 -6

drivers/i2c/i2c-core-smbus.c

··· 397 397 the underlying bus driver */ 398 398 break; 399 399 case I2C_SMBUS_I2C_BLOCK_DATA: 400 + if (data->block[0] > I2C_SMBUS_BLOCK_MAX) { 401 + dev_err(&adapter->dev, "Invalid block %s size %d\n", 402 + read_write == I2C_SMBUS_READ ? "read" : "write", 403 + data->block[0]); 404 + return -EINVAL; 405 + } 406 + 400 407 if (read_write == I2C_SMBUS_READ) { 401 408 msg[1].len = data->block[0]; 402 409 } else { 403 410 msg[0].len = data->block[0] + 1; 404 - if (msg[0].len > I2C_SMBUS_BLOCK_MAX + 1) { 405 - dev_err(&adapter->dev, 406 - "Invalid block write size %d\n", 407 - data->block[0]); 408 - return -EINVAL; 409 - } 410 411 for (i = 1; i <= data->block[0]; i++) 411 412 msgbuf0[i] = data->block[i]; 412 413 }

+4 -2

drivers/input/misc/twl4030-vibra.c

··· 178 178 twl4030_vibra_suspend, twl4030_vibra_resume); 179 179 180 180 static bool twl4030_vibra_check_coexist(struct twl4030_vibra_data *pdata, 181 - struct device_node *node) 181 + struct device_node *parent) 182 182 { 183 + struct device_node *node; 184 + 183 185 if (pdata && pdata->coexist) 184 186 return true; 185 187 186 - node = of_find_node_by_name(node, "codec"); 188 + node = of_get_child_by_name(parent, "codec"); 187 189 if (node) { 188 190 of_node_put(node); 189 191 return true;

+1 -2

drivers/input/misc/twl6040-vibra.c

··· 248 248 int vddvibr_uV = 0; 249 249 int error; 250 250 251 - of_node_get(twl6040_core_dev->of_node); 252 - twl6040_core_node = of_find_node_by_name(twl6040_core_dev->of_node, 251 + twl6040_core_node = of_get_child_by_name(twl6040_core_dev->of_node, 253 252 "vibra"); 254 253 if (!twl6040_core_node) { 255 254 dev_err(&pdev->dev, "parent of node is missing?\n");

+13 -10

drivers/input/mouse/alps.c

··· 1250 1250 case SS4_PACKET_ID_MULTI: 1251 1251 if (priv->flags & ALPS_BUTTONPAD) { 1252 1252 if (IS_SS4PLUS_DEV(priv->dev_id)) { 1253 - f->mt[0].x = SS4_PLUS_BTL_MF_X_V2(p, 0); 1254 - f->mt[1].x = SS4_PLUS_BTL_MF_X_V2(p, 1); 1253 + f->mt[2].x = SS4_PLUS_BTL_MF_X_V2(p, 0); 1254 + f->mt[3].x = SS4_PLUS_BTL_MF_X_V2(p, 1); 1255 + no_data_x = SS4_PLUS_MFPACKET_NO_AX_BL; 1255 1256 } else { 1256 1257 f->mt[2].x = SS4_BTL_MF_X_V2(p, 0); 1257 1258 f->mt[3].x = SS4_BTL_MF_X_V2(p, 1); 1259 + no_data_x = SS4_MFPACKET_NO_AX_BL; 1258 1260 } 1261 + no_data_y = SS4_MFPACKET_NO_AY_BL; 1259 1262 1260 1263 f->mt[2].y = SS4_BTL_MF_Y_V2(p, 0); 1261 1264 f->mt[3].y = SS4_BTL_MF_Y_V2(p, 1); 1262 - no_data_x = SS4_MFPACKET_NO_AX_BL; 1263 - no_data_y = SS4_MFPACKET_NO_AY_BL; 1264 1265 } else { 1265 1266 if (IS_SS4PLUS_DEV(priv->dev_id)) { 1266 - f->mt[0].x = SS4_PLUS_STD_MF_X_V2(p, 0); 1267 - f->mt[1].x = SS4_PLUS_STD_MF_X_V2(p, 1); 1267 + f->mt[2].x = SS4_PLUS_STD_MF_X_V2(p, 0); 1268 + f->mt[3].x = SS4_PLUS_STD_MF_X_V2(p, 1); 1269 + no_data_x = SS4_PLUS_MFPACKET_NO_AX; 1268 1270 } else { 1269 - f->mt[0].x = SS4_STD_MF_X_V2(p, 0); 1270 - f->mt[1].x = SS4_STD_MF_X_V2(p, 1); 1271 + f->mt[2].x = SS4_STD_MF_X_V2(p, 0); 1272 + f->mt[3].x = SS4_STD_MF_X_V2(p, 1); 1273 + no_data_x = SS4_MFPACKET_NO_AX; 1271 1274 } 1275 + no_data_y = SS4_MFPACKET_NO_AY; 1276 + 1272 1277 f->mt[2].y = SS4_STD_MF_Y_V2(p, 0); 1273 1278 f->mt[3].y = SS4_STD_MF_Y_V2(p, 1); 1274 - no_data_x = SS4_MFPACKET_NO_AX; 1275 - no_data_y = SS4_MFPACKET_NO_AY; 1276 1279 } 1277 1280 1278 1281 f->first_mp = 0;

+6 -4

drivers/input/mouse/alps.h

··· 141 141 #define SS4_TS_Z_V2(_b) (s8)(_b[4] & 0x7F) 142 142 143 143 144 - #define SS4_MFPACKET_NO_AX 8160 /* X-Coordinate value */ 145 - #define SS4_MFPACKET_NO_AY 4080 /* Y-Coordinate value */ 146 - #define SS4_MFPACKET_NO_AX_BL 8176 /* Buttonless X-Coordinate value */ 147 - #define SS4_MFPACKET_NO_AY_BL 4088 /* Buttonless Y-Coordinate value */ 144 + #define SS4_MFPACKET_NO_AX 8160 /* X-Coordinate value */ 145 + #define SS4_MFPACKET_NO_AY 4080 /* Y-Coordinate value */ 146 + #define SS4_MFPACKET_NO_AX_BL 8176 /* Buttonless X-Coord value */ 147 + #define SS4_MFPACKET_NO_AY_BL 4088 /* Buttonless Y-Coord value */ 148 + #define SS4_PLUS_MFPACKET_NO_AX 4080 /* SS4 PLUS, X */ 149 + #define SS4_PLUS_MFPACKET_NO_AX_BL 4088 /* Buttonless SS4 PLUS, X */ 148 150 149 151 /* 150 152 * enum V7_PACKET_ID - defines the packet type for V7

+1

drivers/input/mouse/synaptics.c

··· 173 173 "LEN0046", /* X250 */ 174 174 "LEN004a", /* W541 */ 175 175 "LEN200f", /* T450s */ 176 + "LEN2018", /* T460p */ 176 177 NULL 177 178 }; 178 179

+3 -1

drivers/input/rmi4/rmi_driver.c

··· 230 230 rmi_dbg(RMI_DEBUG_CORE, &rmi_dev->dev, 231 231 "Failed to process interrupt request: %d\n", ret); 232 232 233 - if (count) 233 + if (count) { 234 234 kfree(attn_data.data); 235 + attn_data.data = NULL; 236 + } 235 237 236 238 if (!kfifo_is_empty(&drvdata->attn_fifo)) 237 239 return rmi_irq_fn(irq, dev_id);

+12 -4

drivers/input/touchscreen/88pm860x-ts.c

··· 126 126 int data, n, ret; 127 127 if (!np) 128 128 return -ENODEV; 129 - np = of_find_node_by_name(np, "touch"); 129 + np = of_get_child_by_name(np, "touch"); 130 130 if (!np) { 131 131 dev_err(&pdev->dev, "Can't find touch node\n"); 132 132 return -EINVAL; ··· 144 144 if (data) { 145 145 ret = pm860x_reg_write(i2c, PM8607_GPADC_MISC1, data); 146 146 if (ret < 0) 147 - return -EINVAL; 147 + goto err_put_node; 148 148 } 149 149 /* set tsi prebias time */ 150 150 if (!of_property_read_u32(np, "marvell,88pm860x-tsi-prebias", &data)) { 151 151 ret = pm860x_reg_write(i2c, PM8607_TSI_PREBIAS, data); 152 152 if (ret < 0) 153 - return -EINVAL; 153 + goto err_put_node; 154 154 } 155 155 /* set prebias & prechg time of pen detect */ 156 156 data = 0; ··· 161 161 if (data) { 162 162 ret = pm860x_reg_write(i2c, PM8607_PD_PREBIAS, data); 163 163 if (ret < 0) 164 - return -EINVAL; 164 + goto err_put_node; 165 165 } 166 166 of_property_read_u32(np, "marvell,88pm860x-resistor-X", res_x); 167 + 168 + of_node_put(np); 169 + 167 170 return 0; 171 + 172 + err_put_node: 173 + of_node_put(np); 174 + 175 + return -EINVAL; 168 176 } 169 177 #else 170 178 #define pm860x_touch_dt_init(x, y, z) (-1)

+4

drivers/input/touchscreen/of_touchscreen.c

··· 13 13 #include <linux/input.h> 14 14 #include <linux/input/mt.h> 15 15 #include <linux/input/touchscreen.h> 16 + #include <linux/module.h> 16 17 17 18 static bool touchscreen_get_prop_u32(struct device *dev, 18 19 const char *property, ··· 186 185 input_report_abs(input, multitouch ? ABS_MT_POSITION_Y : ABS_Y, y); 187 186 } 188 187 EXPORT_SYMBOL(touchscreen_report_pos); 188 + 189 + MODULE_LICENSE("GPL v2"); 190 + MODULE_DESCRIPTION("Device-tree helpers functions for touchscreen devices");

+14

drivers/mmc/host/sdhci-esdhc-imx.c

··· 687 687 return; 688 688 } 689 689 690 + /* For i.MX53 eSDHCv3, SYSCTL.SDCLKFS may not be set to 0. */ 691 + if (is_imx53_esdhc(imx_data)) { 692 + /* 693 + * According to the i.MX53 reference manual, if DLLCTRL[10] can 694 + * be set, then the controller is eSDHCv3, else it is eSDHCv2. 695 + */ 696 + val = readl(host->ioaddr + ESDHC_DLL_CTRL); 697 + writel(val | BIT(10), host->ioaddr + ESDHC_DLL_CTRL); 698 + temp = readl(host->ioaddr + ESDHC_DLL_CTRL); 699 + writel(val, host->ioaddr + ESDHC_DLL_CTRL); 700 + if (temp & BIT(10)) 701 + pre_div = 2; 702 + } 703 + 690 704 temp = sdhci_readl(host, ESDHC_SYSTEM_CONTROL); 691 705 temp &= ~(ESDHC_CLOCK_IPGEN | ESDHC_CLOCK_HCKEN | ESDHC_CLOCK_PEREN 692 706 | ESDHC_CLOCK_MASK);

+11 -10

drivers/net/can/usb/peak_usb/pcan_usb_fd.c

··· 184 184 void *cmd_head = pcan_usb_fd_cmd_buffer(dev); 185 185 int err = 0; 186 186 u8 *packet_ptr; 187 - int i, n = 1, packet_len; 187 + int packet_len; 188 188 ptrdiff_t cmd_len; 189 189 190 190 /* usb device unregistered? */ ··· 201 201 } 202 202 203 203 packet_ptr = cmd_head; 204 + packet_len = cmd_len; 204 205 205 206 /* firmware is not able to re-assemble 512 bytes buffer in full-speed */ 206 - if ((dev->udev->speed != USB_SPEED_HIGH) && 207 - (cmd_len > PCAN_UFD_LOSPD_PKT_SIZE)) { 208 - packet_len = PCAN_UFD_LOSPD_PKT_SIZE; 209 - n += cmd_len / packet_len; 210 - } else { 211 - packet_len = cmd_len; 212 - } 207 + if (unlikely(dev->udev->speed != USB_SPEED_HIGH)) 208 + packet_len = min(packet_len, PCAN_UFD_LOSPD_PKT_SIZE); 213 209 214 - for (i = 0; i < n; i++) { 210 + do { 215 211 err = usb_bulk_msg(dev->udev, 216 212 usb_sndbulkpipe(dev->udev, 217 213 PCAN_USBPRO_EP_CMDOUT), ··· 220 224 } 221 225 222 226 packet_ptr += packet_len; 223 - } 227 + cmd_len -= packet_len; 228 + 229 + if (cmd_len < PCAN_UFD_LOSPD_PKT_SIZE) 230 + packet_len = cmd_len; 231 + 232 + } while (packet_len > 0); 224 233 225 234 return err; 226 235 }

+13 -3

drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c

··· 613 613 return NETDEV_TX_OK; 614 614 } 615 615 616 - static void fs_timeout(struct net_device *dev) 616 + static void fs_timeout_work(struct work_struct *work) 617 617 { 618 - struct fs_enet_private *fep = netdev_priv(dev); 618 + struct fs_enet_private *fep = container_of(work, struct fs_enet_private, 619 + timeout_work); 620 + struct net_device *dev = fep->ndev; 619 621 unsigned long flags; 620 622 int wake = 0; 621 623 ··· 629 627 phy_stop(dev->phydev); 630 628 (*fep->ops->stop)(dev); 631 629 (*fep->ops->restart)(dev); 632 - phy_start(dev->phydev); 633 630 } 634 631 635 632 phy_start(dev->phydev); ··· 638 637 639 638 if (wake) 640 639 netif_wake_queue(dev); 640 + } 641 + 642 + static void fs_timeout(struct net_device *dev) 643 + { 644 + struct fs_enet_private *fep = netdev_priv(dev); 645 + 646 + schedule_work(&fep->timeout_work); 641 647 } 642 648 643 649 /*----------------------------------------------------------------------------- ··· 767 759 netif_stop_queue(dev); 768 760 netif_carrier_off(dev); 769 761 napi_disable(&fep->napi); 762 + cancel_work_sync(&fep->timeout_work); 770 763 phy_stop(dev->phydev); 771 764 772 765 spin_lock_irqsave(&fep->lock, flags); ··· 1028 1019 1029 1020 ndev->netdev_ops = &fs_enet_netdev_ops; 1030 1021 ndev->watchdog_timeo = 2 * HZ; 1022 + INIT_WORK(&fep->timeout_work, fs_timeout_work); 1031 1023 netif_napi_add(ndev, &fep->napi, fs_enet_napi, fpi->napi_weight); 1032 1024 1033 1025 ndev->ethtool_ops = &fs_ethtool_ops;

+1

drivers/net/ethernet/freescale/fs_enet/fs_enet.h

··· 125 125 spinlock_t lock; /* during all ops except TX pckt processing */ 126 126 spinlock_t tx_lock; /* during fs_start_xmit and fs_tx */ 127 127 struct fs_platform_info *fpi; 128 + struct work_struct timeout_work; 128 129 const struct fs_ops *ops; 129 130 int rx_ring, tx_ring; 130 131 dma_addr_t ring_mem_addr;

+15 -9

drivers/net/ethernet/ibm/ibmvnic.c

··· 1280 1280 unsigned char *dst; 1281 1281 u64 *handle_array; 1282 1282 int index = 0; 1283 + u8 proto = 0; 1283 1284 int ret = 0; 1284 1285 1285 1286 if (adapter->resetting) { ··· 1369 1368 } 1370 1369 1371 1370 if (skb->protocol == htons(ETH_P_IP)) { 1372 - if (ip_hdr(skb)->version == 4) 1373 - tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV4; 1374 - else if (ip_hdr(skb)->version == 6) 1375 - tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV6; 1376 - 1377 - if (ip_hdr(skb)->protocol == IPPROTO_TCP) 1378 - tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_TCP; 1379 - else if (ip_hdr(skb)->protocol != IPPROTO_TCP) 1380 - tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_UDP; 1371 + tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV4; 1372 + proto = ip_hdr(skb)->protocol; 1373 + } else if (skb->protocol == htons(ETH_P_IPV6)) { 1374 + tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_IPV6; 1375 + proto = ipv6_hdr(skb)->nexthdr; 1381 1376 } 1377 + 1378 + if (proto == IPPROTO_TCP) 1379 + tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_TCP; 1380 + else if (proto == IPPROTO_UDP) 1381 + tx_crq.v1.flags1 |= IBMVNIC_TX_PROT_UDP; 1382 1382 1383 1383 if (skb->ip_summed == CHECKSUM_PARTIAL) { 1384 1384 tx_crq.v1.flags1 |= IBMVNIC_TX_CHKSUM_OFFLOAD; ··· 3359 3357 return; 3360 3358 } 3361 3359 3360 + adapter->ip_offload_ctrl.len = 3361 + cpu_to_be32(sizeof(adapter->ip_offload_ctrl)); 3362 3362 adapter->ip_offload_ctrl.version = cpu_to_be32(INITIAL_VERSION_IOB); 3363 + adapter->ip_offload_ctrl.ipv4_chksum = buf->ipv4_chksum; 3364 + adapter->ip_offload_ctrl.ipv6_chksum = buf->ipv6_chksum; 3363 3365 adapter->ip_offload_ctrl.tcp_ipv4_chksum = buf->tcp_ipv4_chksum; 3364 3366 adapter->ip_offload_ctrl.udp_ipv4_chksum = buf->udp_ipv4_chksum; 3365 3367 adapter->ip_offload_ctrl.tcp_ipv6_chksum = buf->tcp_ipv6_chksum;

+2 -7

drivers/net/ethernet/intel/fm10k/fm10k_pci.c

··· 2463 2463 return err; 2464 2464 } 2465 2465 2466 - #ifdef CONFIG_PM 2467 2466 /** 2468 2467 * fm10k_resume - Generic PM resume hook 2469 2468 * @dev: generic device structure ··· 2471 2472 * suspend or hibernation. This function does not need to handle lower PCIe 2472 2473 * device state as the stack takes care of that for us. 2473 2474 **/ 2474 - static int fm10k_resume(struct device *dev) 2475 + static int __maybe_unused fm10k_resume(struct device *dev) 2475 2476 { 2476 2477 struct fm10k_intfc *interface = pci_get_drvdata(to_pci_dev(dev)); 2477 2478 struct net_device *netdev = interface->netdev; ··· 2498 2499 * system suspend or hibernation. This function does not need to handle lower 2499 2500 * PCIe device state as the stack takes care of that for us. 2500 2501 **/ 2501 - static int fm10k_suspend(struct device *dev) 2502 + static int __maybe_unused fm10k_suspend(struct device *dev) 2502 2503 { 2503 2504 struct fm10k_intfc *interface = pci_get_drvdata(to_pci_dev(dev)); 2504 2505 struct net_device *netdev = interface->netdev; ··· 2509 2510 2510 2511 return 0; 2511 2512 } 2512 - 2513 - #endif /* CONFIG_PM */ 2514 2513 2515 2514 /** 2516 2515 * fm10k_io_error_detected - called when PCI error is detected ··· 2640 2643 .id_table = fm10k_pci_tbl, 2641 2644 .probe = fm10k_probe, 2642 2645 .remove = fm10k_remove, 2643 - #ifdef CONFIG_PM 2644 2646 .driver = { 2645 2647 .pm = &fm10k_pm_ops, 2646 2648 }, 2647 - #endif /* CONFIG_PM */ 2648 2649 .sriov_configure = fm10k_iov_configure, 2649 2650 .err_handler = &fm10k_err_handler 2650 2651 };

+14 -6

drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c

··· 821 821 struct mlxsw_sp_lpm_tree *old_tree = fib->lpm_tree; 822 822 int err; 823 823 824 - err = mlxsw_sp_vr_lpm_tree_bind(mlxsw_sp, fib, new_tree->id); 825 - if (err) 826 - return err; 827 824 fib->lpm_tree = new_tree; 828 825 mlxsw_sp_lpm_tree_hold(new_tree); 826 + err = mlxsw_sp_vr_lpm_tree_bind(mlxsw_sp, fib, new_tree->id); 827 + if (err) 828 + goto err_tree_bind; 829 829 mlxsw_sp_lpm_tree_put(mlxsw_sp, old_tree); 830 830 return 0; 831 + 832 + err_tree_bind: 833 + mlxsw_sp_lpm_tree_put(mlxsw_sp, new_tree); 834 + fib->lpm_tree = old_tree; 835 + return err; 831 836 } 832 837 833 838 static int mlxsw_sp_vrs_lpm_tree_replace(struct mlxsw_sp *mlxsw_sp, ··· 873 868 return err; 874 869 875 870 no_replace: 876 - err = mlxsw_sp_vr_lpm_tree_bind(mlxsw_sp, fib, new_tree->id); 877 - if (err) 878 - return err; 879 871 fib->lpm_tree = new_tree; 880 872 mlxsw_sp_lpm_tree_hold(new_tree); 873 + err = mlxsw_sp_vr_lpm_tree_bind(mlxsw_sp, fib, new_tree->id); 874 + if (err) { 875 + mlxsw_sp_lpm_tree_put(mlxsw_sp, new_tree); 876 + fib->lpm_tree = NULL; 877 + return err; 878 + } 881 879 return 0; 882 880 } 883 881

+1 -1

drivers/net/ethernet/ti/netcp_core.c

··· 715 715 /* warning!!!! We are retrieving the virtual ptr in the sw_data 716 716 * field as a 32bit value. Will not work on 64bit machines 717 717 */ 718 - page = (struct page *)GET_SW_DATA0(desc); 718 + page = (struct page *)GET_SW_DATA0(ndesc); 719 719 720 720 if (likely(dma_buff && buf_len && page)) { 721 721 dma_unmap_page(netcp->dev, dma_buff, PAGE_SIZE,

+14 -4

drivers/net/tun.c

··· 679 679 skb_queue_purge(&tfile->sk.sk_error_queue); 680 680 } 681 681 682 + static void tun_cleanup_tx_ring(struct tun_file *tfile) 683 + { 684 + if (tfile->tx_ring.queue) { 685 + ptr_ring_cleanup(&tfile->tx_ring, tun_ptr_free); 686 + xdp_rxq_info_unreg(&tfile->xdp_rxq); 687 + memset(&tfile->tx_ring, 0, sizeof(tfile->tx_ring)); 688 + } 689 + } 690 + 682 691 static void __tun_detach(struct tun_file *tfile, bool clean) 683 692 { 684 693 struct tun_file *ntfile; ··· 734 725 tun->dev->reg_state == NETREG_REGISTERED) 735 726 unregister_netdevice(tun->dev); 736 727 } 737 - if (tun) { 738 - ptr_ring_cleanup(&tfile->tx_ring, tun_ptr_free); 739 - xdp_rxq_info_unreg(&tfile->xdp_rxq); 740 - } 728 + tun_cleanup_tx_ring(tfile); 741 729 sock_put(&tfile->sk); 742 730 } 743 731 } ··· 776 770 tun_queue_purge(tfile); 777 771 xdp_rxq_info_unreg(&tfile->xdp_rxq); 778 772 sock_put(&tfile->sk); 773 + tun_cleanup_tx_ring(tfile); 779 774 } 780 775 list_for_each_entry_safe(tfile, tmp, &tun->disabled, next) { 781 776 tun_enable_queue(tfile); 782 777 tun_queue_purge(tfile); 783 778 xdp_rxq_info_unreg(&tfile->xdp_rxq); 784 779 sock_put(&tfile->sk); 780 + tun_cleanup_tx_ring(tfile); 785 781 } 786 782 BUG_ON(tun->numdisabled != 0); 787 783 ··· 3152 3144 INIT_LIST_HEAD(&tfile->next); 3153 3145 3154 3146 sock_set_flag(&tfile->sk, SOCK_ZEROCOPY); 3147 + 3148 + memset(&tfile->tx_ring, 0, sizeof(tfile->tx_ring)); 3155 3149 3156 3150 return 0; 3157 3151 }

+13

drivers/net/usb/r8152.c

··· 606 606 PHY_RESET, 607 607 SCHEDULE_NAPI, 608 608 GREEN_ETHERNET, 609 + DELL_TB_RX_AGG_BUG, 609 610 }; 610 611 611 612 /* Define these values to match your device */ ··· 1799 1798 dev_kfree_skb_any(skb); 1800 1799 1801 1800 remain = agg_buf_sz - (int)(tx_agg_align(tx_data) - agg->head); 1801 + 1802 + if (test_bit(DELL_TB_RX_AGG_BUG, &tp->flags)) 1803 + break; 1802 1804 } 1803 1805 1804 1806 if (!skb_queue_empty(&skb_head)) { ··· 4137 4133 /* rx aggregation */ 4138 4134 ocp_data = ocp_read_word(tp, MCU_TYPE_USB, USB_USB_CTRL); 4139 4135 ocp_data &= ~(RX_AGG_DISABLE | RX_ZERO_EN); 4136 + if (test_bit(DELL_TB_RX_AGG_BUG, &tp->flags)) 4137 + ocp_data |= RX_AGG_DISABLE; 4138 + 4140 4139 ocp_write_word(tp, MCU_TYPE_USB, USB_USB_CTRL, ocp_data); 4141 4140 4142 4141 rtl_tally_reset(tp); ··· 5212 5205 if (tp->version == RTL_VER_01) { 5213 5206 netdev->features &= ~NETIF_F_RXCSUM; 5214 5207 netdev->hw_features &= ~NETIF_F_RXCSUM; 5208 + } 5209 + 5210 + if (le16_to_cpu(udev->descriptor.bcdDevice) == 0x3011 && 5211 + udev->serial && !strcmp(udev->serial, "000001000000")) { 5212 + dev_info(&udev->dev, "Dell TB16 Dock, disable RX aggregation"); 5213 + set_bit(DELL_TB_RX_AGG_BUG, &tp->flags); 5215 5214 } 5216 5215 5217 5216 netdev->ethtool_ops = &ops;

+3 -6

drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c

··· 182 182 183 183 err = request_firmware(&clm, clm_name, dev); 184 184 if (err) { 185 - if (err == -ENOENT) { 186 - brcmf_dbg(INFO, "continue with CLM data currently present in firmware\n"); 187 - return 0; 188 - } 189 - brcmf_err("request CLM blob file failed (%d)\n", err); 190 - return err; 185 + brcmf_info("no clm_blob available(err=%d), device may have limited channels available\n", 186 + err); 187 + return 0; 191 188 } 192 189 193 190 chunk_buf = kzalloc(sizeof(*chunk_buf) + MAX_CHUNK_LEN - 1, GFP_KERNEL);

+14 -14

drivers/nvme/host/pci.c

··· 451 451 static inline bool nvme_pci_use_sgls(struct nvme_dev *dev, struct request *req) 452 452 { 453 453 struct nvme_iod *iod = blk_mq_rq_to_pdu(req); 454 + int nseg = blk_rq_nr_phys_segments(req); 454 455 unsigned int avg_seg_size; 455 456 456 - avg_seg_size = DIV_ROUND_UP(blk_rq_payload_bytes(req), 457 - blk_rq_nr_phys_segments(req)); 457 + if (nseg == 0) 458 + return false; 459 + 460 + avg_seg_size = DIV_ROUND_UP(blk_rq_payload_bytes(req), nseg); 458 461 459 462 if (!(dev->ctrl.sgls & ((1 << 0) | (1 << 1)))) 460 463 return false; ··· 725 722 } 726 723 727 724 static blk_status_t nvme_pci_setup_sgls(struct nvme_dev *dev, 728 - struct request *req, struct nvme_rw_command *cmd) 725 + struct request *req, struct nvme_rw_command *cmd, int entries) 729 726 { 730 727 struct nvme_iod *iod = blk_mq_rq_to_pdu(req); 731 - int length = blk_rq_payload_bytes(req); 732 728 struct dma_pool *pool; 733 729 struct nvme_sgl_desc *sg_list; 734 730 struct scatterlist *sg = iod->sg; 735 - int entries = iod->nents, i = 0; 736 731 dma_addr_t sgl_dma; 732 + int i = 0; 737 733 738 734 /* setting the transfer type as SGL */ 739 735 cmd->flags = NVME_CMD_SGL_METABUF; 740 736 741 - if (length == sg_dma_len(sg)) { 737 + if (entries == 1) { 742 738 nvme_pci_sgl_set_data(&cmd->dptr.sgl, sg); 743 739 return BLK_STS_OK; 744 740 } ··· 777 775 } 778 776 779 777 nvme_pci_sgl_set_data(&sg_list[i++], sg); 780 - 781 - length -= sg_dma_len(sg); 782 778 sg = sg_next(sg); 783 - entries--; 784 - } while (length > 0); 779 + } while (--entries > 0); 785 780 786 - WARN_ON(entries > 0); 787 781 return BLK_STS_OK; 788 782 } 789 783 ··· 791 793 enum dma_data_direction dma_dir = rq_data_dir(req) ? 792 794 DMA_TO_DEVICE : DMA_FROM_DEVICE; 793 795 blk_status_t ret = BLK_STS_IOERR; 796 + int nr_mapped; 794 797 795 798 sg_init_table(iod->sg, blk_rq_nr_phys_segments(req)); 796 799 iod->nents = blk_rq_map_sg(q, req, iod->sg); ··· 799 800 goto out; 800 801 801 802 ret = BLK_STS_RESOURCE; 802 - if (!dma_map_sg_attrs(dev->dev, iod->sg, iod->nents, dma_dir, 803 - DMA_ATTR_NO_WARN)) 803 + nr_mapped = dma_map_sg_attrs(dev->dev, iod->sg, iod->nents, dma_dir, 804 + DMA_ATTR_NO_WARN); 805 + if (!nr_mapped) 804 806 goto out; 805 807 806 808 if (iod->use_sgl) 807 - ret = nvme_pci_setup_sgls(dev, req, &cmnd->rw); 809 + ret = nvme_pci_setup_sgls(dev, req, &cmnd->rw, nr_mapped); 808 810 else 809 811 ret = nvme_pci_setup_prps(dev, req, &cmnd->rw); 810 812

+4

drivers/phy/phy-core.c

··· 410 410 if (ret) 411 411 return ERR_PTR(-ENODEV); 412 412 413 + /* This phy type handled by the usb-phy subsystem for now */ 414 + if (of_device_is_compatible(args.np, "usb-nop-xceiv")) 415 + return ERR_PTR(-ENODEV); 416 + 413 417 mutex_lock(&phy_provider_mutex); 414 418 phy_provider = of_phy_provider_lookup(args.np); 415 419 if (IS_ERR(phy_provider) || !try_module_get(phy_provider->owner)) {

+1 -1

drivers/ssb/Kconfig

··· 31 31 32 32 config SSB_PCIHOST_POSSIBLE 33 33 bool 34 - depends on SSB && (PCI = y || PCI = SSB) 34 + depends on SSB && (PCI = y || PCI = SSB) && PCI_DRIVERS_LEGACY 35 35 default y 36 36 37 37 config SSB_PCIHOST

+5 -2

fs/proc/array.c

··· 430 430 * safe because the task has stopped executing permanently. 431 431 */ 432 432 if (permitted && (task->flags & PF_DUMPCORE)) { 433 - eip = KSTK_EIP(task); 434 - esp = KSTK_ESP(task); 433 + if (try_get_task_stack(task)) { 434 + eip = KSTK_EIP(task); 435 + esp = KSTK_ESP(task); 436 + put_task_stack(task); 437 + } 435 438 } 436 439 } 437 440

+1 -1

include/linux/compiler-gcc.h

··· 219 219 /* Mark a function definition as prohibited from being cloned. */ 220 220 #define __noclone __attribute__((__noclone__, __optimize__("no-tracer"))) 221 221 222 - #ifdef RANDSTRUCT_PLUGIN 222 + #if defined(RANDSTRUCT_PLUGIN) && !defined(__CHECKER__) 223 223 #define __randomize_layout __attribute__((randomize_layout)) 224 224 #define __no_randomize_layout __attribute__((no_randomize_layout)) 225 225 #endif

+4 -4

include/linux/delayacct.h

··· 71 71 extern void __delayacct_tsk_init(struct task_struct *); 72 72 extern void __delayacct_tsk_exit(struct task_struct *); 73 73 extern void __delayacct_blkio_start(void); 74 - extern void __delayacct_blkio_end(void); 74 + extern void __delayacct_blkio_end(struct task_struct *); 75 75 extern int __delayacct_add_tsk(struct taskstats *, struct task_struct *); 76 76 extern __u64 __delayacct_blkio_ticks(struct task_struct *); 77 77 extern void __delayacct_freepages_start(void); ··· 122 122 __delayacct_blkio_start(); 123 123 } 124 124 125 - static inline void delayacct_blkio_end(void) 125 + static inline void delayacct_blkio_end(struct task_struct *p) 126 126 { 127 127 if (current->delays) 128 - __delayacct_blkio_end(); 128 + __delayacct_blkio_end(p); 129 129 delayacct_clear_flag(DELAYACCT_PF_BLKIO); 130 130 } 131 131 ··· 169 169 {} 170 170 static inline void delayacct_blkio_start(void) 171 171 {} 172 - static inline void delayacct_blkio_end(void) 172 + static inline void delayacct_blkio_end(struct task_struct *p) 173 173 {} 174 174 static inline int delayacct_add_tsk(struct taskstats *d, 175 175 struct task_struct *tsk)

+7 -1

include/linux/vermagic.h

··· 31 31 #else 32 32 #define MODULE_RANDSTRUCT_PLUGIN 33 33 #endif 34 + #ifdef RETPOLINE 35 + #define MODULE_VERMAGIC_RETPOLINE "retpoline " 36 + #else 37 + #define MODULE_VERMAGIC_RETPOLINE "" 38 + #endif 34 39 35 40 #define VERMAGIC_STRING \ 36 41 UTS_RELEASE " " \ 37 42 MODULE_VERMAGIC_SMP MODULE_VERMAGIC_PREEMPT \ 38 43 MODULE_VERMAGIC_MODULE_UNLOAD MODULE_VERMAGIC_MODVERSIONS \ 39 44 MODULE_ARCH_VERMAGIC \ 40 - MODULE_RANDSTRUCT_PLUGIN 45 + MODULE_RANDSTRUCT_PLUGIN \ 46 + MODULE_VERMAGIC_RETPOLINE 41 47

+2 -2

kernel/bpf/core.c

··· 970 970 DST = tmp; 971 971 CONT; 972 972 ALU_MOD_X: 973 - if (unlikely(SRC == 0)) 973 + if (unlikely((u32)SRC == 0)) 974 974 return 0; 975 975 tmp = (u32) DST; 976 976 DST = do_div(tmp, (u32) SRC); ··· 989 989 DST = div64_u64(DST, SRC); 990 990 CONT; 991 991 ALU_DIV_X: 992 - if (unlikely(SRC == 0)) 992 + if (unlikely((u32)SRC == 0)) 993 993 return 0; 994 994 tmp = (u32) DST; 995 995 do_div(tmp, (u32) SRC);

+53 -11

kernel/bpf/verifier.c

··· 1349 1349 return __is_pointer_value(env->allow_ptr_leaks, cur_regs(env) + regno); 1350 1350 } 1351 1351 1352 + static bool is_ctx_reg(struct bpf_verifier_env *env, int regno) 1353 + { 1354 + const struct bpf_reg_state *reg = cur_regs(env) + regno; 1355 + 1356 + return reg->type == PTR_TO_CTX; 1357 + } 1358 + 1352 1359 static int check_pkt_ptr_alignment(struct bpf_verifier_env *env, 1353 1360 const struct bpf_reg_state *reg, 1354 1361 int off, int size, bool strict) ··· 1732 1725 1733 1726 if (is_pointer_value(env, insn->src_reg)) { 1734 1727 verbose(env, "R%d leaks addr into mem\n", insn->src_reg); 1728 + return -EACCES; 1729 + } 1730 + 1731 + if (is_ctx_reg(env, insn->dst_reg)) { 1732 + verbose(env, "BPF_XADD stores into R%d context is not allowed\n", 1733 + insn->dst_reg); 1735 1734 return -EACCES; 1736 1735 } 1737 1736 ··· 2491 2478 2492 2479 dst_reg = &regs[dst]; 2493 2480 2494 - if (WARN_ON_ONCE(known && (smin_val != smax_val))) { 2495 - print_verifier_state(env, state); 2496 - verbose(env, 2497 - "verifier internal error: known but bad sbounds\n"); 2498 - return -EINVAL; 2499 - } 2500 - if (WARN_ON_ONCE(known && (umin_val != umax_val))) { 2501 - print_verifier_state(env, state); 2502 - verbose(env, 2503 - "verifier internal error: known but bad ubounds\n"); 2504 - return -EINVAL; 2481 + if ((known && (smin_val != smax_val || umin_val != umax_val)) || 2482 + smin_val > smax_val || umin_val > umax_val) { 2483 + /* Taint dst register if offset had invalid bounds derived from 2484 + * e.g. dead branches. 2485 + */ 2486 + __mark_reg_unknown(dst_reg); 2487 + return 0; 2505 2488 } 2506 2489 2507 2490 if (BPF_CLASS(insn->code) != BPF_ALU64) { ··· 2688 2679 umax_val = src_reg.umax_value; 2689 2680 src_known = tnum_is_const(src_reg.var_off); 2690 2681 dst_known = tnum_is_const(dst_reg->var_off); 2682 + 2683 + if ((src_known && (smin_val != smax_val || umin_val != umax_val)) || 2684 + smin_val > smax_val || umin_val > umax_val) { 2685 + /* Taint dst register if offset had invalid bounds derived from 2686 + * e.g. dead branches. 2687 + */ 2688 + __mark_reg_unknown(dst_reg); 2689 + return 0; 2690 + } 2691 2691 2692 2692 if (!src_known && 2693 2693 opcode != BPF_ADD && opcode != BPF_SUB && opcode != BPF_AND) { ··· 4679 4661 if (err) 4680 4662 return err; 4681 4663 4664 + if (is_ctx_reg(env, insn->dst_reg)) { 4665 + verbose(env, "BPF_ST stores into R%d context is not allowed\n", 4666 + insn->dst_reg); 4667 + return -EACCES; 4668 + } 4669 + 4682 4670 /* check that memory (dst_reg + off) is writeable */ 4683 4671 err = check_mem_access(env, insn_idx, insn->dst_reg, insn->off, 4684 4672 BPF_SIZE(insn->code), BPF_WRITE, ··· 5354 5330 int i, cnt, delta = 0; 5355 5331 5356 5332 for (i = 0; i < insn_cnt; i++, insn++) { 5333 + if (insn->code == (BPF_ALU | BPF_MOD | BPF_X) || 5334 + insn->code == (BPF_ALU | BPF_DIV | BPF_X)) { 5335 + /* due to JIT bugs clear upper 32-bits of src register 5336 + * before div/mod operation 5337 + */ 5338 + insn_buf[0] = BPF_MOV32_REG(insn->src_reg, insn->src_reg); 5339 + insn_buf[1] = *insn; 5340 + cnt = 2; 5341 + new_prog = bpf_patch_insn_data(env, i + delta, insn_buf, cnt); 5342 + if (!new_prog) 5343 + return -ENOMEM; 5344 + 5345 + delta += cnt - 1; 5346 + env->prog = prog = new_prog; 5347 + insn = new_prog->insnsi + i + delta; 5348 + continue; 5349 + } 5350 + 5357 5351 if (insn->code != (BPF_JMP | BPF_CALL)) 5358 5352 continue; 5359 5353 if (insn->src_reg == BPF_PSEUDO_CALL)

+1

kernel/cgroup/cgroup.c

··· 4447 4447 }, 4448 4448 { 4449 4449 .name = "cgroup.threads", 4450 + .flags = CFTYPE_NS_DELEGATABLE, 4450 4451 .release = cgroup_procs_release, 4451 4452 .seq_start = cgroup_threads_start, 4452 4453 .seq_next = cgroup_procs_next,

+26 -16

kernel/delayacct.c

··· 51 51 * Finish delay accounting for a statistic using its timestamps (@start), 52 52 * accumalator (@total) and @count 53 53 */ 54 - static void delayacct_end(u64 *start, u64 *total, u32 *count) 54 + static void delayacct_end(spinlock_t *lock, u64 *start, u64 *total, u32 *count) 55 55 { 56 56 s64 ns = ktime_get_ns() - *start; 57 57 unsigned long flags; 58 58 59 59 if (ns > 0) { 60 - spin_lock_irqsave(&current->delays->lock, flags); 60 + spin_lock_irqsave(lock, flags); 61 61 *total += ns; 62 62 (*count)++; 63 - spin_unlock_irqrestore(&current->delays->lock, flags); 63 + spin_unlock_irqrestore(lock, flags); 64 64 } 65 65 } 66 66 ··· 69 69 current->delays->blkio_start = ktime_get_ns(); 70 70 } 71 71 72 - void __delayacct_blkio_end(void) 72 + /* 73 + * We cannot rely on the `current` macro, as we haven't yet switched back to 74 + * the process being woken. 75 + */ 76 + void __delayacct_blkio_end(struct task_struct *p) 73 77 { 74 - if (current->delays->flags & DELAYACCT_PF_SWAPIN) 75 - /* Swapin block I/O */ 76 - delayacct_end(&current->delays->blkio_start, 77 - &current->delays->swapin_delay, 78 - &current->delays->swapin_count); 79 - else /* Other block I/O */ 80 - delayacct_end(&current->delays->blkio_start, 81 - &current->delays->blkio_delay, 82 - &current->delays->blkio_count); 78 + struct task_delay_info *delays = p->delays; 79 + u64 *total; 80 + u32 *count; 81 + 82 + if (p->delays->flags & DELAYACCT_PF_SWAPIN) { 83 + total = &delays->swapin_delay; 84 + count = &delays->swapin_count; 85 + } else { 86 + total = &delays->blkio_delay; 87 + count = &delays->blkio_count; 88 + } 89 + 90 + delayacct_end(&delays->lock, &delays->blkio_start, total, count); 83 91 } 84 92 85 93 int __delayacct_add_tsk(struct taskstats *d, struct task_struct *tsk) ··· 161 153 162 154 void __delayacct_freepages_end(void) 163 155 { 164 - delayacct_end(&current->delays->freepages_start, 165 - &current->delays->freepages_delay, 166 - &current->delays->freepages_count); 156 + delayacct_end( 157 + &current->delays->lock, 158 + &current->delays->freepages_start, 159 + &current->delays->freepages_delay, 160 + &current->delays->freepages_count); 167 161 } 168 162

+70 -16

kernel/futex.c

··· 1878 1878 struct futex_q *this, *next; 1879 1879 DEFINE_WAKE_Q(wake_q); 1880 1880 1881 + if (nr_wake < 0 || nr_requeue < 0) 1882 + return -EINVAL; 1883 + 1881 1884 /* 1882 1885 * When PI not supported: return -ENOSYS if requeue_pi is true, 1883 1886 * consequently the compiler knows requeue_pi is always false past ··· 2297 2294 spin_unlock(q->lock_ptr); 2298 2295 } 2299 2296 2300 - /* 2301 - * Fixup the pi_state owner with the new owner. 2302 - * 2303 - * Must be called with hash bucket lock held and mm->sem held for non 2304 - * private futexes. 2305 - */ 2306 2297 static int fixup_pi_state_owner(u32 __user *uaddr, struct futex_q *q, 2307 - struct task_struct *newowner) 2298 + struct task_struct *argowner) 2308 2299 { 2309 - u32 newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; 2310 2300 struct futex_pi_state *pi_state = q->pi_state; 2311 2301 u32 uval, uninitialized_var(curval), newval; 2312 - struct task_struct *oldowner; 2302 + struct task_struct *oldowner, *newowner; 2303 + u32 newtid; 2313 2304 int ret; 2305 + 2306 + lockdep_assert_held(q->lock_ptr); 2314 2307 2315 2308 raw_spin_lock_irq(&pi_state->pi_mutex.wait_lock); 2316 2309 ··· 2316 2317 newtid |= FUTEX_OWNER_DIED; 2317 2318 2318 2319 /* 2319 - * We are here either because we stole the rtmutex from the 2320 - * previous highest priority waiter or we are the highest priority 2321 - * waiter but have failed to get the rtmutex the first time. 2320 + * We are here because either: 2322 2321 * 2323 - * We have to replace the newowner TID in the user space variable. 2322 + * - we stole the lock and pi_state->owner needs updating to reflect 2323 + * that (@argowner == current), 2324 + * 2325 + * or: 2326 + * 2327 + * - someone stole our lock and we need to fix things to point to the 2328 + * new owner (@argowner == NULL). 2329 + * 2330 + * Either way, we have to replace the TID in the user space variable. 2324 2331 * This must be atomic as we have to preserve the owner died bit here. 2325 2332 * 2326 2333 * Note: We write the user space value _before_ changing the pi_state ··· 2339 2334 * in the PID check in lookup_pi_state. 2340 2335 */ 2341 2336 retry: 2337 + if (!argowner) { 2338 + if (oldowner != current) { 2339 + /* 2340 + * We raced against a concurrent self; things are 2341 + * already fixed up. Nothing to do. 2342 + */ 2343 + ret = 0; 2344 + goto out_unlock; 2345 + } 2346 + 2347 + if (__rt_mutex_futex_trylock(&pi_state->pi_mutex)) { 2348 + /* We got the lock after all, nothing to fix. */ 2349 + ret = 0; 2350 + goto out_unlock; 2351 + } 2352 + 2353 + /* 2354 + * Since we just failed the trylock; there must be an owner. 2355 + */ 2356 + newowner = rt_mutex_owner(&pi_state->pi_mutex); 2357 + BUG_ON(!newowner); 2358 + } else { 2359 + WARN_ON_ONCE(argowner != current); 2360 + if (oldowner == current) { 2361 + /* 2362 + * We raced against a concurrent self; things are 2363 + * already fixed up. Nothing to do. 2364 + */ 2365 + ret = 0; 2366 + goto out_unlock; 2367 + } 2368 + newowner = argowner; 2369 + } 2370 + 2371 + newtid = task_pid_vnr(newowner) | FUTEX_WAITERS; 2372 + 2342 2373 if (get_futex_value_locked(&uval, uaddr)) 2343 2374 goto handle_fault; 2344 2375 ··· 2475 2434 * Got the lock. We might not be the anticipated owner if we 2476 2435 * did a lock-steal - fix up the PI-state in that case: 2477 2436 * 2478 - * We can safely read pi_state->owner without holding wait_lock 2479 - * because we now own the rt_mutex, only the owner will attempt 2480 - * to change it. 2437 + * Speculative pi_state->owner read (we don't hold wait_lock); 2438 + * since we own the lock pi_state->owner == current is the 2439 + * stable state, anything else needs more attention. 2481 2440 */ 2482 2441 if (q->pi_state->owner != current) 2483 2442 ret = fixup_pi_state_owner(uaddr, q, current); 2443 + goto out; 2444 + } 2445 + 2446 + /* 2447 + * If we didn't get the lock; check if anybody stole it from us. In 2448 + * that case, we need to fix up the uval to point to them instead of 2449 + * us, otherwise bad things happen. [10] 2450 + * 2451 + * Another speculative read; pi_state->owner == current is unstable 2452 + * but needs our attention. 2453 + */ 2454 + if (q->pi_state->owner == current) { 2455 + ret = fixup_pi_state_owner(uaddr, q, NULL); 2484 2456 goto out; 2485 2457 } 2486 2458

+19 -7

kernel/locking/rtmutex.c

··· 1290 1290 return ret; 1291 1291 } 1292 1292 1293 + static inline int __rt_mutex_slowtrylock(struct rt_mutex *lock) 1294 + { 1295 + int ret = try_to_take_rt_mutex(lock, current, NULL); 1296 + 1297 + /* 1298 + * try_to_take_rt_mutex() sets the lock waiters bit 1299 + * unconditionally. Clean this up. 1300 + */ 1301 + fixup_rt_mutex_waiters(lock); 1302 + 1303 + return ret; 1304 + } 1305 + 1293 1306 /* 1294 1307 * Slow path try-lock function: 1295 1308 */ ··· 1325 1312 */ 1326 1313 raw_spin_lock_irqsave(&lock->wait_lock, flags); 1327 1314 1328 - ret = try_to_take_rt_mutex(lock, current, NULL); 1329 - 1330 - /* 1331 - * try_to_take_rt_mutex() sets the lock waiters bit 1332 - * unconditionally. Clean this up. 1333 - */ 1334 - fixup_rt_mutex_waiters(lock); 1315 + ret = __rt_mutex_slowtrylock(lock); 1335 1316 1336 1317 raw_spin_unlock_irqrestore(&lock->wait_lock, flags); 1337 1318 ··· 1510 1503 int __sched rt_mutex_futex_trylock(struct rt_mutex *lock) 1511 1504 { 1512 1505 return rt_mutex_slowtrylock(lock); 1506 + } 1507 + 1508 + int __sched __rt_mutex_futex_trylock(struct rt_mutex *lock) 1509 + { 1510 + return __rt_mutex_slowtrylock(lock); 1513 1511 } 1514 1512 1515 1513 /**

+1

kernel/locking/rtmutex_common.h

··· 148 148 struct rt_mutex_waiter *waiter); 149 149 150 150 extern int rt_mutex_futex_trylock(struct rt_mutex *l); 151 + extern int __rt_mutex_futex_trylock(struct rt_mutex *l); 151 152 152 153 extern void rt_mutex_futex_unlock(struct rt_mutex *lock); 153 154 extern bool __rt_mutex_futex_unlock(struct rt_mutex *lock,

+3 -3

kernel/sched/core.c

··· 2056 2056 p->state = TASK_WAKING; 2057 2057 2058 2058 if (p->in_iowait) { 2059 - delayacct_blkio_end(); 2059 + delayacct_blkio_end(p); 2060 2060 atomic_dec(&task_rq(p)->nr_iowait); 2061 2061 } 2062 2062 ··· 2069 2069 #else /* CONFIG_SMP */ 2070 2070 2071 2071 if (p->in_iowait) { 2072 - delayacct_blkio_end(); 2072 + delayacct_blkio_end(p); 2073 2073 atomic_dec(&task_rq(p)->nr_iowait); 2074 2074 } 2075 2075 ··· 2122 2122 2123 2123 if (!task_on_rq_queued(p)) { 2124 2124 if (p->in_iowait) { 2125 - delayacct_blkio_end(); 2125 + delayacct_blkio_end(p); 2126 2126 atomic_dec(&rq->nr_iowait); 2127 2127 } 2128 2128 ttwu_activate(rq, p, ENQUEUE_WAKEUP | ENQUEUE_NOCLOCK);

+1 -1

kernel/time/timer.c

··· 1696 1696 hrtimer_run_queues(); 1697 1697 /* Raise the softirq only if required. */ 1698 1698 if (time_before(jiffies, base->clk)) { 1699 - if (!IS_ENABLED(CONFIG_NO_HZ_COMMON) || !base->nohz_active) 1699 + if (!IS_ENABLED(CONFIG_NO_HZ_COMMON)) 1700 1700 return; 1701 1701 /* CPU is awake, so check the deferrable base. */ 1702 1702 base++;

+1 -2

kernel/trace/ring_buffer.c

··· 2579 2579 bit = RB_CTX_NORMAL; 2580 2580 else 2581 2581 bit = pc & NMI_MASK ? RB_CTX_NMI : 2582 - pc & HARDIRQ_MASK ? RB_CTX_IRQ : 2583 - pc & SOFTIRQ_OFFSET ? 2 : RB_CTX_SOFTIRQ; 2582 + pc & HARDIRQ_MASK ? RB_CTX_IRQ : RB_CTX_SOFTIRQ; 2584 2583 2585 2584 if (unlikely(val & (1 << bit))) 2586 2585 return 1;

+15 -1

kernel/trace/trace_events.c

··· 2213 2213 { 2214 2214 struct trace_event_call *call, *p; 2215 2215 const char *last_system = NULL; 2216 + bool first = false; 2216 2217 int last_i; 2217 2218 int i; 2218 2219 ··· 2221 2220 list_for_each_entry_safe(call, p, &ftrace_events, list) { 2222 2221 /* events are usually grouped together with systems */ 2223 2222 if (!last_system || call->class->system != last_system) { 2223 + first = true; 2224 2224 last_i = 0; 2225 2225 last_system = call->class->system; 2226 2226 } 2227 2227 2228 + /* 2229 + * Since calls are grouped by systems, the likelyhood that the 2230 + * next call in the iteration belongs to the same system as the 2231 + * previous call is high. As an optimization, we skip seaching 2232 + * for a map[] that matches the call's system if the last call 2233 + * was from the same system. That's what last_i is for. If the 2234 + * call has the same system as the previous call, then last_i 2235 + * will be the index of the first map[] that has a matching 2236 + * system. 2237 + */ 2228 2238 for (i = last_i; i < len; i++) { 2229 2239 if (call->class->system == map[i]->system) { 2230 2240 /* Save the first system if need be */ 2231 - if (!last_i) 2241 + if (first) { 2232 2242 last_i = i; 2243 + first = false; 2244 + } 2233 2245 update_event_printk(call, map[i]); 2234 2246 } 2235 2247 }

+13

kernel/workqueue.c

··· 48 48 #include <linux/moduleparam.h> 49 49 #include <linux/uaccess.h> 50 50 #include <linux/sched/isolation.h> 51 + #include <linux/nmi.h> 51 52 52 53 #include "workqueue_internal.h" 53 54 ··· 4464 4463 if (pwq->nr_active || !list_empty(&pwq->delayed_works)) 4465 4464 show_pwq(pwq); 4466 4465 spin_unlock_irqrestore(&pwq->pool->lock, flags); 4466 + /* 4467 + * We could be printing a lot from atomic context, e.g. 4468 + * sysrq-t -> show_workqueue_state(). Avoid triggering 4469 + * hard lockup. 4470 + */ 4471 + touch_nmi_watchdog(); 4467 4472 } 4468 4473 } 4469 4474 ··· 4497 4490 pr_cont("\n"); 4498 4491 next_pool: 4499 4492 spin_unlock_irqrestore(&pool->lock, flags); 4493 + /* 4494 + * We could be printing a lot from atomic context, e.g. 4495 + * sysrq-t -> show_workqueue_state(). Avoid triggering 4496 + * hard lockup. 4497 + */ 4498 + touch_nmi_watchdog(); 4500 4499 } 4501 4500 4502 4501 rcu_read_unlock_sched();

+8 -2

mm/memory.c

··· 2857 2857 int ret = 0; 2858 2858 bool vma_readahead = swap_use_vma_readahead(); 2859 2859 2860 - if (vma_readahead) 2860 + if (vma_readahead) { 2861 2861 page = swap_readahead_detect(vmf, &swap_ra); 2862 + swapcache = page; 2863 + } 2864 + 2862 2865 if (!pte_unmap_same(vma->vm_mm, vmf->pmd, vmf->pte, vmf->orig_pte)) { 2863 2866 if (page) 2864 2867 put_page(page); ··· 2892 2889 2893 2890 2894 2891 delayacct_set_flag(DELAYACCT_PF_SWAPIN); 2895 - if (!page) 2892 + if (!page) { 2896 2893 page = lookup_swap_cache(entry, vma_readahead ? vma : NULL, 2897 2894 vmf->address); 2895 + swapcache = page; 2896 + } 2897 + 2898 2898 if (!page) { 2899 2899 struct swap_info_struct *si = swp_swap_info(entry); 2900 2900

-1

mm/page_owner.c

··· 616 616 { 617 617 pg_data_t *pgdat; 618 618 619 - drain_all_pages(NULL); 620 619 for_each_online_pgdat(pgdat) 621 620 init_zones_in_node(pgdat); 622 621 }

+14 -22

net/can/af_can.c

··· 721 721 { 722 722 struct canfd_frame *cfd = (struct canfd_frame *)skb->data; 723 723 724 - if (WARN_ONCE(dev->type != ARPHRD_CAN || 725 - skb->len != CAN_MTU || 726 - cfd->len > CAN_MAX_DLEN, 727 - "PF_CAN: dropped non conform CAN skbuf: " 728 - "dev type %d, len %d, datalen %d\n", 729 - dev->type, skb->len, cfd->len)) 730 - goto drop; 724 + if (unlikely(dev->type != ARPHRD_CAN || skb->len != CAN_MTU || 725 + cfd->len > CAN_MAX_DLEN)) { 726 + pr_warn_once("PF_CAN: dropped non conform CAN skbuf: dev type %d, len %d, datalen %d\n", 727 + dev->type, skb->len, cfd->len); 728 + kfree_skb(skb); 729 + return NET_RX_DROP; 730 + } 731 731 732 732 can_receive(skb, dev); 733 733 return NET_RX_SUCCESS; 734 - 735 - drop: 736 - kfree_skb(skb); 737 - return NET_RX_DROP; 738 734 } 739 735 740 736 static int canfd_rcv(struct sk_buff *skb, struct net_device *dev, ··· 738 742 { 739 743 struct canfd_frame *cfd = (struct canfd_frame *)skb->data; 740 744 741 - if (WARN_ONCE(dev->type != ARPHRD_CAN || 742 - skb->len != CANFD_MTU || 743 - cfd->len > CANFD_MAX_DLEN, 744 - "PF_CAN: dropped non conform CAN FD skbuf: " 745 - "dev type %d, len %d, datalen %d\n", 746 - dev->type, skb->len, cfd->len)) 747 - goto drop; 745 + if (unlikely(dev->type != ARPHRD_CAN || skb->len != CANFD_MTU || 746 + cfd->len > CANFD_MAX_DLEN)) { 747 + pr_warn_once("PF_CAN: dropped non conform CAN FD skbuf: dev type %d, len %d, datalen %d\n", 748 + dev->type, skb->len, cfd->len); 749 + kfree_skb(skb); 750 + return NET_RX_DROP; 751 + } 748 752 749 753 can_receive(skb, dev); 750 754 return NET_RX_SUCCESS; 751 - 752 - drop: 753 - kfree_skb(skb); 754 - return NET_RX_DROP; 755 755 } 756 756 757 757 /*

+4

net/core/filter.c

··· 458 458 convert_bpf_extensions(fp, &insn)) 459 459 break; 460 460 461 + if (fp->code == (BPF_ALU | BPF_DIV | BPF_X) || 462 + fp->code == (BPF_ALU | BPF_MOD | BPF_X)) 463 + *insn++ = BPF_MOV32_REG(BPF_REG_X, BPF_REG_X); 464 + 461 465 *insn = BPF_RAW_INSN(fp->code, BPF_REG_A, BPF_REG_X, 0, fp->k); 462 466 break; 463 467

+1 -2

net/core/flow_dissector.c

··· 1031 1031 out_good: 1032 1032 ret = true; 1033 1033 1034 - key_control->thoff = (u16)nhoff; 1035 1034 out: 1035 + key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen); 1036 1036 key_basic->n_proto = proto; 1037 1037 key_basic->ip_proto = ip_proto; 1038 1038 ··· 1040 1040 1041 1041 out_bad: 1042 1042 ret = false; 1043 - key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen); 1044 1043 goto out; 1045 1044 } 1046 1045 EXPORT_SYMBOL(__skb_flow_dissect);

+8 -2

net/ipv6/ip6_fib.c

··· 1223 1223 } 1224 1224 1225 1225 if (!rcu_access_pointer(fn->leaf)) { 1226 - atomic_inc(&rt->rt6i_ref); 1227 - rcu_assign_pointer(fn->leaf, rt); 1226 + if (fn->fn_flags & RTN_TL_ROOT) { 1227 + /* put back null_entry for root node */ 1228 + rcu_assign_pointer(fn->leaf, 1229 + info->nl_net->ipv6.ip6_null_entry); 1230 + } else { 1231 + atomic_inc(&rt->rt6i_ref); 1232 + rcu_assign_pointer(fn->leaf, rt); 1233 + } 1228 1234 } 1229 1235 fn = sn; 1230 1236 }

+7 -7

net/ipv6/ip6_gre.c

··· 352 352 353 353 nt->dev = dev; 354 354 nt->net = dev_net(dev); 355 - ip6gre_tnl_link_config(nt, 1); 356 355 357 356 if (register_netdevice(dev) < 0) 358 357 goto failed_free; 358 + 359 + ip6gre_tnl_link_config(nt, 1); 359 360 360 361 /* Can use a lockless transmit, unless we generate output sequences */ 361 362 if (!(nt->parms.o_flags & TUNNEL_SEQ)) ··· 1710 1709 1711 1710 static int ip6gre_tap_init(struct net_device *dev) 1712 1711 { 1713 - struct ip6_tnl *tunnel; 1714 1712 int ret; 1715 1713 1716 1714 ret = ip6gre_tunnel_init_common(dev); ··· 1717 1717 return ret; 1718 1718 1719 1719 dev->priv_flags |= IFF_LIVE_ADDR_CHANGE; 1720 - 1721 - tunnel = netdev_priv(dev); 1722 - 1723 - ip6gre_tnl_link_config(tunnel, 1); 1724 1720 1725 1721 return 0; 1726 1722 } ··· 1868 1872 1869 1873 nt->dev = dev; 1870 1874 nt->net = dev_net(dev); 1871 - ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]); 1872 1875 1873 1876 err = register_netdevice(dev); 1874 1877 if (err) 1875 1878 goto out; 1879 + 1880 + ip6gre_tnl_link_config(nt, !tb[IFLA_MTU]); 1881 + 1882 + if (tb[IFLA_MTU]) 1883 + ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU])); 1876 1884 1877 1885 dev_hold(dev); 1878 1886 ip6gre_tunnel_link(ign, nt);

+1 -1

net/netlink/af_netlink.c

··· 2424 2424 while (skb->len >= nlmsg_total_size(0)) { 2425 2425 int msglen; 2426 2426 2427 + memset(&extack, 0, sizeof(extack)); 2427 2428 nlh = nlmsg_hdr(skb); 2428 2429 err = 0; 2429 2430 ··· 2439 2438 if (nlh->nlmsg_type < NLMSG_MIN_TYPE) 2440 2439 goto ack; 2441 2440 2442 - memset(&extack, 0, sizeof(extack)); 2443 2441 err = cb(skb, nlh, &extack); 2444 2442 if (err == -EINTR) 2445 2443 goto skip;

+8 -1

net/sched/cls_bpf.c

··· 186 186 return 0; 187 187 } 188 188 189 + static u32 cls_bpf_flags(u32 flags) 190 + { 191 + return flags & CLS_BPF_SUPPORTED_GEN_FLAGS; 192 + } 193 + 189 194 static int cls_bpf_offload(struct tcf_proto *tp, struct cls_bpf_prog *prog, 190 195 struct cls_bpf_prog *oldprog) 191 196 { 192 - if (prog && oldprog && prog->gen_flags != oldprog->gen_flags) 197 + if (prog && oldprog && 198 + cls_bpf_flags(prog->gen_flags) != 199 + cls_bpf_flags(oldprog->gen_flags)) 193 200 return -EINVAL; 194 201 195 202 if (prog && tc_skip_hw(prog->gen_flags))

+14 -3

net/tls/tls_main.c

··· 367 367 368 368 crypto_info = &ctx->crypto_send; 369 369 /* Currently we don't support set crypto info more than one time */ 370 - if (TLS_CRYPTO_INFO_READY(crypto_info)) 370 + if (TLS_CRYPTO_INFO_READY(crypto_info)) { 371 + rc = -EBUSY; 371 372 goto out; 373 + } 372 374 373 375 rc = copy_from_user(crypto_info, optval, sizeof(*crypto_info)); 374 376 if (rc) { ··· 388 386 case TLS_CIPHER_AES_GCM_128: { 389 387 if (optlen != sizeof(struct tls12_crypto_info_aes_gcm_128)) { 390 388 rc = -EINVAL; 391 - goto out; 389 + goto err_crypto_info; 392 390 } 393 391 rc = copy_from_user(crypto_info + 1, optval + sizeof(*crypto_info), 394 392 optlen - sizeof(*crypto_info)); ··· 400 398 } 401 399 default: 402 400 rc = -EINVAL; 403 - goto out; 401 + goto err_crypto_info; 404 402 } 405 403 406 404 /* currently SW is default, we will have ethtool in future */ ··· 455 453 struct inet_connection_sock *icsk = inet_csk(sk); 456 454 struct tls_context *ctx; 457 455 int rc = 0; 456 + 457 + /* The TLS ulp is currently supported only for TCP sockets 458 + * in ESTABLISHED state. 459 + * Supporting sockets in LISTEN state will require us 460 + * to modify the accept implementation to clone rather then 461 + * share the ulp context. 462 + */ 463 + if (sk->sk_state != TCP_ESTABLISHED) 464 + return -ENOTSUPP; 458 465 459 466 /* allocate tls context */ 460 467 ctx = kzalloc(sizeof(*ctx), GFP_KERNEL);

+7 -5

net/tls/tls_sw.c

··· 681 681 } 682 682 default: 683 683 rc = -EINVAL; 684 - goto out; 684 + goto free_priv; 685 685 } 686 686 687 687 ctx->prepend_size = TLS_HEADER_SIZE + nonce_size; 688 688 ctx->tag_size = tag_size; 689 689 ctx->overhead_size = ctx->prepend_size + ctx->tag_size; 690 690 ctx->iv_size = iv_size; 691 - ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, 692 - GFP_KERNEL); 691 + ctx->iv = kmalloc(iv_size + TLS_CIPHER_AES_GCM_128_SALT_SIZE, GFP_KERNEL); 693 692 if (!ctx->iv) { 694 693 rc = -ENOMEM; 695 - goto out; 694 + goto free_priv; 696 695 } 697 696 memcpy(ctx->iv, gcm_128_info->salt, TLS_CIPHER_AES_GCM_128_SALT_SIZE); 698 697 memcpy(ctx->iv + TLS_CIPHER_AES_GCM_128_SALT_SIZE, iv, iv_size); ··· 739 740 740 741 rc = crypto_aead_setauthsize(sw_ctx->aead_send, ctx->tag_size); 741 742 if (!rc) 742 - goto out; 743 + return 0; 743 744 744 745 free_aead: 745 746 crypto_free_aead(sw_ctx->aead_send); ··· 750 751 free_iv: 751 752 kfree(ctx->iv); 752 753 ctx->iv = NULL; 754 + free_priv: 755 + kfree(ctx->priv_ctx); 756 + ctx->priv_ctx = NULL; 753 757 out: 754 758 return rc; 755 759 }

+1 -1

net/wireless/nl80211.c

··· 9835 9835 */ 9836 9836 if (!wdev->cqm_config->last_rssi_event_value && wdev->current_bss && 9837 9837 rdev->ops->get_station) { 9838 - struct station_info sinfo; 9838 + struct station_info sinfo = {}; 9839 9839 u8 *mac_addr; 9840 9840 9841 9841 mac_addr = wdev->current_bss->pub.bssid;

+1 -2

net/wireless/wext-compat.c

··· 1254 1254 { 1255 1255 struct wireless_dev *wdev = dev->ieee80211_ptr; 1256 1256 struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy); 1257 - /* we are under RTNL - globally locked - so can use a static struct */ 1258 - static struct station_info sinfo; 1257 + struct station_info sinfo = {}; 1259 1258 u8 addr[ETH_ALEN]; 1260 1259 int err; 1261 1260

+10 -4

scripts/Makefile.build

··· 265 265 objtool_args += $(call cc-ifversion, -lt, 0405, --no-unreachable) 266 266 endif 267 267 268 + ifdef CONFIG_MODVERSIONS 269 + objtool_o = $(@D)/.tmp_$(@F) 270 + else 271 + objtool_o = $(@) 272 + endif 273 + 268 274 # 'OBJECT_FILES_NON_STANDARD := y': skip objtool checking for a directory 269 275 # 'OBJECT_FILES_NON_STANDARD_foo.o := 'y': skip objtool checking for a file 270 276 # 'OBJECT_FILES_NON_STANDARD_foo.o := 'n': override directory skip for a file 271 277 cmd_objtool = $(if $(patsubst y%,, \ 272 278 $(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \ 273 - $(__objtool_obj) $(objtool_args) "$(@)";) 279 + $(__objtool_obj) $(objtool_args) "$(objtool_o)";) 274 280 objtool_obj = $(if $(patsubst y%,, \ 275 281 $(OBJECT_FILES_NON_STANDARD_$(basetarget).o)$(OBJECT_FILES_NON_STANDARD)n), \ 276 282 $(__objtool_obj)) ··· 292 286 define rule_cc_o_c 293 287 $(call echo-cmd,checksrc) $(cmd_checksrc) \ 294 288 $(call cmd_and_fixdep,cc_o_c) \ 295 - $(cmd_modversions_c) \ 296 289 $(cmd_checkdoc) \ 297 290 $(call echo-cmd,objtool) $(cmd_objtool) \ 291 + $(cmd_modversions_c) \ 298 292 $(call echo-cmd,record_mcount) $(cmd_record_mcount) 299 293 endef 300 294 301 295 define rule_as_o_S 302 296 $(call cmd_and_fixdep,as_o_S) \ 303 - $(cmd_modversions_S) \ 304 - $(call echo-cmd,objtool) $(cmd_objtool) 297 + $(call echo-cmd,objtool) $(cmd_objtool) \ 298 + $(cmd_modversions_S) 305 299 endef 306 300 307 301 # List module undefined symbols (or empty line if not enabled)

+8

scripts/decodecode

··· 59 59 ${CROSS_COMPILE}strip $1.o 60 60 fi 61 61 62 + if [ "$ARCH" = "arm64" ]; then 63 + if [ $width -eq 4 ]; then 64 + type=inst 65 + fi 66 + 67 + ${CROSS_COMPILE}strip $1.o 68 + fi 69 + 62 70 ${CROSS_COMPILE}objdump $OBJDUMPFLAGS -S $1.o | \ 63 71 grep -v "/tmp\|Disassembly\|\.text\|^$" > $1.dis 2>&1 64 72 }

+2

scripts/gdb/linux/tasks.py

··· 96 96 thread_info_addr = task.address + ia64_task_size 97 97 thread_info = thread_info_addr.cast(thread_info_ptr_type) 98 98 else: 99 + if task.type.fields()[0].type == thread_info_type.get_type(): 100 + return task['thread_info'] 99 101 thread_info = task['stack'].cast(thread_info_ptr_type) 100 102 return thread_info.dereference() 101 103

+3 -1

tools/objtool/elf.c

··· 26 26 #include <stdlib.h> 27 27 #include <string.h> 28 28 #include <unistd.h> 29 + #include <errno.h> 29 30 30 31 #include "elf.h" 31 32 #include "warn.h" ··· 359 358 360 359 elf->fd = open(name, flags); 361 360 if (elf->fd == -1) { 362 - perror("open"); 361 + fprintf(stderr, "objtool: Can't open '%s': %s\n", 362 + name, strerror(errno)); 363 363 goto err; 364 364 } 365 365

+149 -3

tools/testing/selftests/bpf/test_verifier.c

··· 2594 2594 .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2595 2595 }, 2596 2596 { 2597 + "context stores via ST", 2598 + .insns = { 2599 + BPF_MOV64_IMM(BPF_REG_0, 0), 2600 + BPF_ST_MEM(BPF_DW, BPF_REG_1, offsetof(struct __sk_buff, mark), 0), 2601 + BPF_EXIT_INSN(), 2602 + }, 2603 + .errstr = "BPF_ST stores into R1 context is not allowed", 2604 + .result = REJECT, 2605 + .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2606 + }, 2607 + { 2608 + "context stores via XADD", 2609 + .insns = { 2610 + BPF_MOV64_IMM(BPF_REG_0, 0), 2611 + BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_W, BPF_REG_1, 2612 + BPF_REG_0, offsetof(struct __sk_buff, mark), 0), 2613 + BPF_EXIT_INSN(), 2614 + }, 2615 + .errstr = "BPF_XADD stores into R1 context is not allowed", 2616 + .result = REJECT, 2617 + .prog_type = BPF_PROG_TYPE_SCHED_CLS, 2618 + }, 2619 + { 2597 2620 "direct packet access: test1", 2598 2621 .insns = { 2599 2622 BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, ··· 4336 4313 .fixup_map1 = { 2 }, 4337 4314 .errstr_unpriv = "R2 leaks addr into mem", 4338 4315 .result_unpriv = REJECT, 4339 - .result = ACCEPT, 4316 + .result = REJECT, 4317 + .errstr = "BPF_XADD stores into R1 context is not allowed", 4340 4318 }, 4341 4319 { 4342 4320 "leak pointer into ctx 2", ··· 4351 4327 }, 4352 4328 .errstr_unpriv = "R10 leaks addr into mem", 4353 4329 .result_unpriv = REJECT, 4354 - .result = ACCEPT, 4330 + .result = REJECT, 4331 + .errstr = "BPF_XADD stores into R1 context is not allowed", 4355 4332 }, 4356 4333 { 4357 4334 "leak pointer into ctx 3", ··· 6733 6708 BPF_JMP_IMM(BPF_JA, 0, 0, -7), 6734 6709 }, 6735 6710 .fixup_map1 = { 4 }, 6736 - .errstr = "unbounded min value", 6711 + .errstr = "R0 invalid mem access 'inv'", 6737 6712 .result = REJECT, 6738 6713 }, 6739 6714 { ··· 8633 8608 .result = REJECT, 8634 8609 .prog_type = BPF_PROG_TYPE_XDP, 8635 8610 .flags = F_NEEDS_EFFICIENT_UNALIGNED_ACCESS, 8611 + }, 8612 + { 8613 + "check deducing bounds from const, 1", 8614 + .insns = { 8615 + BPF_MOV64_IMM(BPF_REG_0, 1), 8616 + BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 0), 8617 + BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), 8618 + BPF_EXIT_INSN(), 8619 + }, 8620 + .result = REJECT, 8621 + .errstr = "R0 tried to subtract pointer from scalar", 8622 + }, 8623 + { 8624 + "check deducing bounds from const, 2", 8625 + .insns = { 8626 + BPF_MOV64_IMM(BPF_REG_0, 1), 8627 + BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 1, 1), 8628 + BPF_EXIT_INSN(), 8629 + BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 1, 1), 8630 + BPF_EXIT_INSN(), 8631 + BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), 8632 + BPF_EXIT_INSN(), 8633 + }, 8634 + .result = ACCEPT, 8635 + }, 8636 + { 8637 + "check deducing bounds from const, 3", 8638 + .insns = { 8639 + BPF_MOV64_IMM(BPF_REG_0, 0), 8640 + BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 0), 8641 + BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), 8642 + BPF_EXIT_INSN(), 8643 + }, 8644 + .result = REJECT, 8645 + .errstr = "R0 tried to subtract pointer from scalar", 8646 + }, 8647 + { 8648 + "check deducing bounds from const, 4", 8649 + .insns = { 8650 + BPF_MOV64_IMM(BPF_REG_0, 0), 8651 + BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 1), 8652 + BPF_EXIT_INSN(), 8653 + BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1), 8654 + BPF_EXIT_INSN(), 8655 + BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), 8656 + BPF_EXIT_INSN(), 8657 + }, 8658 + .result = ACCEPT, 8659 + }, 8660 + { 8661 + "check deducing bounds from const, 5", 8662 + .insns = { 8663 + BPF_MOV64_IMM(BPF_REG_0, 0), 8664 + BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1), 8665 + BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), 8666 + BPF_EXIT_INSN(), 8667 + }, 8668 + .result = REJECT, 8669 + .errstr = "R0 tried to subtract pointer from scalar", 8670 + }, 8671 + { 8672 + "check deducing bounds from const, 6", 8673 + .insns = { 8674 + BPF_MOV64_IMM(BPF_REG_0, 0), 8675 + BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1), 8676 + BPF_EXIT_INSN(), 8677 + BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), 8678 + BPF_EXIT_INSN(), 8679 + }, 8680 + .result = REJECT, 8681 + .errstr = "R0 tried to subtract pointer from scalar", 8682 + }, 8683 + { 8684 + "check deducing bounds from const, 7", 8685 + .insns = { 8686 + BPF_MOV64_IMM(BPF_REG_0, ~0), 8687 + BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 0), 8688 + BPF_ALU64_REG(BPF_SUB, BPF_REG_1, BPF_REG_0), 8689 + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 8690 + offsetof(struct __sk_buff, mark)), 8691 + BPF_EXIT_INSN(), 8692 + }, 8693 + .result = REJECT, 8694 + .errstr = "dereference of modified ctx ptr", 8695 + }, 8696 + { 8697 + "check deducing bounds from const, 8", 8698 + .insns = { 8699 + BPF_MOV64_IMM(BPF_REG_0, ~0), 8700 + BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 1), 8701 + BPF_ALU64_REG(BPF_ADD, BPF_REG_1, BPF_REG_0), 8702 + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 8703 + offsetof(struct __sk_buff, mark)), 8704 + BPF_EXIT_INSN(), 8705 + }, 8706 + .result = REJECT, 8707 + .errstr = "dereference of modified ctx ptr", 8708 + }, 8709 + { 8710 + "check deducing bounds from const, 9", 8711 + .insns = { 8712 + BPF_MOV64_IMM(BPF_REG_0, 0), 8713 + BPF_JMP_IMM(BPF_JSGE, BPF_REG_0, 0, 0), 8714 + BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), 8715 + BPF_EXIT_INSN(), 8716 + }, 8717 + .result = REJECT, 8718 + .errstr = "R0 tried to subtract pointer from scalar", 8719 + }, 8720 + { 8721 + "check deducing bounds from const, 10", 8722 + .insns = { 8723 + BPF_MOV64_IMM(BPF_REG_0, 0), 8724 + BPF_JMP_IMM(BPF_JSLE, BPF_REG_0, 0, 0), 8725 + /* Marks reg as unknown. */ 8726 + BPF_ALU64_IMM(BPF_NEG, BPF_REG_0, 0), 8727 + BPF_ALU64_REG(BPF_SUB, BPF_REG_0, BPF_REG_1), 8728 + BPF_EXIT_INSN(), 8729 + }, 8730 + .result = REJECT, 8731 + .errstr = "math between ctx pointer and register with unbounded min value is not allowed", 8636 8732 }, 8637 8733 { 8638 8734 "bpf_exit with invalid return code. test1",