Fixes for 5.4

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.4/arm64-dts-rockchip-add-hevc-power-domain-clock-to-rk.patch b/queue-5.4/arm64-dts-rockchip-add-hevc-power-domain-clock-to-rk.patch
new file mode 100644 (file)
index 0000000..febecaf
--- /dev/null
+++ b/queue-5.4/arm64-dts-rockchip-add-hevc-power-domain-clock-to-rk.patch
@@ -0,0 +1,76 @@
+From 82f700ddcffa528a0d64543a2c569a5fb28ee172 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 14 Dec 2024 22:43:39 +0000
+Subject: arm64: dts: rockchip: add hevc power domain clock to rk3328
+
+From: Peter Geis <pgwipeout@gmail.com>
+
+[ Upstream commit 3699f2c43ea9984e00d70463f8c29baaf260ea97 ]
+
+There is a race condition at startup between disabling power domains not
+used and disabling clocks not used on the rk3328. When the clocks are
+disabled first, the hevc power domain fails to shut off leading to a
+splat of failures. Add the hevc core clock to the rk3328 power domain
+node to prevent this condition.
+
+rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 3-.... }
+1087 jiffies s: 89 root: 0x8/.
+rcu: blocking rcu_node structures (internal RCU debug):
+Sending NMI from CPU 0 to CPUs 3:
+NMI backtrace for cpu 3
+CPU: 3 UID: 0 PID: 86 Comm: kworker/3:3 Not tainted 6.12.0-rc5+ #53
+Hardware name: Firefly ROC-RK3328-CC (DT)
+Workqueue: pm genpd_power_off_work_fn
+pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
+pc : regmap_unlock_spinlock+0x18/0x30
+lr : regmap_read+0x60/0x88
+sp : ffff800081123c00
+x29: ffff800081123c00 x28: ffff2fa4c62cad80 x27: 0000000000000000
+x26: ffffd74e6e660eb8 x25: ffff2fa4c62cae00 x24: 0000000000000040
+x23: ffffd74e6d2f3ab8 x22: 0000000000000001 x21: ffff800081123c74
+x20: 0000000000000000 x19: ffff2fa4c0412000 x18: 0000000000000000
+x17: 77202c31203d2065 x16: 6c6469203a72656c x15: 6c6f72746e6f632d
+x14: 7265776f703a6e6f x13: 2063766568206e69 x12: 616d6f64202c3431
+x11: 347830206f742030 x10: 3430303034783020 x9 : ffffd74e6c7369e0
+x8 : 3030316666206e69 x7 : 205d383738353733 x6 : 332e31202020205b
+x5 : ffffd74e6c73fc88 x4 : ffffd74e6c73fcd4 x3 : ffffd74e6c740b40
+x2 : ffff800080015484 x1 : 0000000000000000 x0 : ffff2fa4c0412000
+Call trace:
+regmap_unlock_spinlock+0x18/0x30
+rockchip_pmu_set_idle_request+0xac/0x2c0
+rockchip_pd_power+0x144/0x5f8
+rockchip_pd_power_off+0x1c/0x30
+_genpd_power_off+0x9c/0x180
+genpd_power_off.part.0.isra.0+0x130/0x2a8
+genpd_power_off_work_fn+0x6c/0x98
+process_one_work+0x170/0x3f0
+worker_thread+0x290/0x4a8
+kthread+0xec/0xf8
+ret_from_fork+0x10/0x20
+rockchip-pm-domain ff100000.syscon:power-controller: failed to get ack on domain 'hevc', val=0x88220
+
+Fixes: 52e02d377a72 ("arm64: dts: rockchip: add core dtsi file for RK3328 SoCs")
+Signed-off-by: Peter Geis <pgwipeout@gmail.com>
+Reviewed-by: Dragan Simic <dsimic@manjaro.org>
+Link: https://lore.kernel.org/r/20241214224339.24674-1-pgwipeout@gmail.com
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/boot/dts/rockchip/rk3328.dtsi | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/arm64/boot/dts/rockchip/rk3328.dtsi b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
+index d8af608752e3..f6f5a64fef09 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi
++++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
+@@ -272,6 +272,7 @@
+ 
+                       power-domain@RK3328_PD_HEVC {
+                               reg = <RK3328_PD_HEVC>;
++                              clocks = <&cru SCLK_VENC_CORE>;
+                               #power-domain-cells = <0>;
+                       };
+                       power-domain@RK3328_PD_VIDEO {
+-- 
+2.39.5
+

diff --git a/queue-5.4/arm64-dts-rockchip-add-power-domain-cells-to-power-d.patch b/queue-5.4/arm64-dts-rockchip-add-power-domain-cells-to-power-d.patch
new file mode 100644 (file)
index 0000000..90213c8
--- /dev/null
+++ b/queue-5.4/arm64-dts-rockchip-add-power-domain-cells-to-power-d.patch
@@ -0,0 +1,254 @@
+From 939973801e5babb4076d5f35d4df40c972cd616b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 17 Apr 2021 13:29:45 +0200
+Subject: arm64: dts: rockchip: add #power-domain-cells to power domain nodes
+
+From: Johan Jonker <jbx6244@gmail.com>
+
+[ Upstream commit 837188d49823230f47afdbbec7556740e89a8557 ]
+
+Add #power-domain-cells to power domain nodes, because they
+are required by power-domain.yaml
+
+Signed-off-by: Johan Jonker <jbx6244@gmail.com>
+Link: https://lore.kernel.org/r/20210417112952.8516-9-jbx6244@gmail.com
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Stable-dep-of: 3699f2c43ea9 ("arm64: dts: rockchip: add hevc power domain clock to rk3328")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/boot/dts/rockchip/px30.dtsi   |  8 ++++++++
+ arch/arm64/boot/dts/rockchip/rk3328.dtsi |  3 +++
+ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 20 ++++++++++++++++++++
+ 3 files changed, 31 insertions(+)
+
+diff --git a/arch/arm64/boot/dts/rockchip/px30.dtsi b/arch/arm64/boot/dts/rockchip/px30.dtsi
+index f297601c9f71..652998c83640 100644
+--- a/arch/arm64/boot/dts/rockchip/px30.dtsi
++++ b/arch/arm64/boot/dts/rockchip/px30.dtsi
+@@ -219,12 +219,14 @@
+                                        <&cru HCLK_OTG>,
+                                        <&cru SCLK_OTG_ADP>;
+                               pm_qos = <&qos_usb_host>, <&qos_usb_otg>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@PX30_PD_SDCARD {
+                               reg = <PX30_PD_SDCARD>;
+                               clocks = <&cru HCLK_SDMMC>,
+                                        <&cru SCLK_SDMMC>;
+                               pm_qos = <&qos_sdmmc>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@PX30_PD_GMAC {
+                               reg = <PX30_PD_GMAC>;
+@@ -233,6 +235,7 @@
+                                        <&cru SCLK_MAC_REF>,
+                                        <&cru SCLK_GMAC_RX_TX>;
+                               pm_qos = <&qos_gmac>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@PX30_PD_MMC_NAND {
+                               reg = <PX30_PD_MMC_NAND>;
+@@ -246,6 +249,7 @@
+                                         <&cru SCLK_SFC>;
+                               pm_qos = <&qos_emmc>, <&qos_nand>,
+                                        <&qos_sdio>, <&qos_sfc>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@PX30_PD_VPU {
+                               reg = <PX30_PD_VPU>;
+@@ -253,6 +257,7 @@
+                                        <&cru HCLK_VPU>,
+                                        <&cru SCLK_CORE_VPU>;
+                               pm_qos = <&qos_vpu>, <&qos_vpu_r128>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@PX30_PD_VO {
+                               reg = <PX30_PD_VO>;
+@@ -269,6 +274,7 @@
+                                        <&cru SCLK_VOPB_PWM>;
+                               pm_qos = <&qos_rga_rd>, <&qos_rga_wr>,
+                                        <&qos_vop_m0>, <&qos_vop_m1>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@PX30_PD_VI {
+                               reg = <PX30_PD_VI>;
+@@ -280,11 +286,13 @@
+                               pm_qos = <&qos_isp_128>, <&qos_isp_rd>,
+                                        <&qos_isp_wr>, <&qos_isp_m1>,
+                                        <&qos_vip>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@PX30_PD_GPU {
+                               reg = <PX30_PD_GPU>;
+                               clocks = <&cru SCLK_GPU>;
+                               pm_qos = <&qos_gpu>;
++                              #power-domain-cells = <0>;
+                       };
+               };
+       };
+diff --git a/arch/arm64/boot/dts/rockchip/rk3328.dtsi b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
+index 5bb84ec31c6f..d8af608752e3 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi
++++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi
+@@ -272,13 +272,16 @@
+ 
+                       power-domain@RK3328_PD_HEVC {
+                               reg = <RK3328_PD_HEVC>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@RK3328_PD_VIDEO {
+                               reg = <RK3328_PD_VIDEO>;
++                              #power-domain-cells = <0>;
+                       };
+                       power-domain@RK3328_PD_VPU {
+                               reg = <RK3328_PD_VPU>;
+                               clocks = <&cru ACLK_VPU>, <&cru HCLK_VPU>;
++                              #power-domain-cells = <0>;
+                       };
+               };
+ 
+diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+index 04ca346b2f28..e52c2dc1710a 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+@@ -1001,6 +1001,7 @@
+                               clocks = <&cru ACLK_IEP>,
+                                        <&cru HCLK_IEP>;
+                               pm_qos = <&qos_iep>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_rga@RK3399_PD_RGA {
+                               reg = <RK3399_PD_RGA>;
+@@ -1008,12 +1009,14 @@
+                                        <&cru HCLK_RGA>;
+                               pm_qos = <&qos_rga_r>,
+                                        <&qos_rga_w>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_vcodec@RK3399_PD_VCODEC {
+                               reg = <RK3399_PD_VCODEC>;
+                               clocks = <&cru ACLK_VCODEC>,
+                                        <&cru HCLK_VCODEC>;
+                               pm_qos = <&qos_video_m0>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_vdu@RK3399_PD_VDU {
+                               reg = <RK3399_PD_VDU>;
+@@ -1021,6 +1024,7 @@
+                                        <&cru HCLK_VDU>;
+                               pm_qos = <&qos_video_m1_r>,
+                                        <&qos_video_m1_w>;
++                              #power-domain-cells = <0>;
+                       };
+ 
+                       /* These power domains are grouped by VD_GPU */
+@@ -1028,53 +1032,63 @@
+                               reg = <RK3399_PD_GPU>;
+                               clocks = <&cru ACLK_GPU>;
+                               pm_qos = <&qos_gpu>;
++                              #power-domain-cells = <0>;
+                       };
+ 
+                       /* These power domains are grouped by VD_LOGIC */
+                       pd_edp@RK3399_PD_EDP {
+                               reg = <RK3399_PD_EDP>;
+                               clocks = <&cru PCLK_EDP_CTRL>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_emmc@RK3399_PD_EMMC {
+                               reg = <RK3399_PD_EMMC>;
+                               clocks = <&cru ACLK_EMMC>;
+                               pm_qos = <&qos_emmc>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_gmac@RK3399_PD_GMAC {
+                               reg = <RK3399_PD_GMAC>;
+                               clocks = <&cru ACLK_GMAC>,
+                                        <&cru PCLK_GMAC>;
+                               pm_qos = <&qos_gmac>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_sd@RK3399_PD_SD {
+                               reg = <RK3399_PD_SD>;
+                               clocks = <&cru HCLK_SDMMC>,
+                                        <&cru SCLK_SDMMC>;
+                               pm_qos = <&qos_sd>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_sdioaudio@RK3399_PD_SDIOAUDIO {
+                               reg = <RK3399_PD_SDIOAUDIO>;
+                               clocks = <&cru HCLK_SDIO>;
+                               pm_qos = <&qos_sdioaudio>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_tcpc0@RK3399_PD_TCPD0 {
+                               reg = <RK3399_PD_TCPD0>;
+                               clocks = <&cru SCLK_UPHY0_TCPDCORE>,
+                                        <&cru SCLK_UPHY0_TCPDPHY_REF>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_tcpc1@RK3399_PD_TCPD1 {
+                               reg = <RK3399_PD_TCPD1>;
+                               clocks = <&cru SCLK_UPHY1_TCPDCORE>,
+                                        <&cru SCLK_UPHY1_TCPDPHY_REF>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_usb3@RK3399_PD_USB3 {
+                               reg = <RK3399_PD_USB3>;
+                               clocks = <&cru ACLK_USB3>;
+                               pm_qos = <&qos_usb_otg0>,
+                                        <&qos_usb_otg1>;
++                              #power-domain-cells = <0>;
+                       };
+                       pd_vio@RK3399_PD_VIO {
+                               reg = <RK3399_PD_VIO>;
++                              #power-domain-cells = <1>;
+                               #address-cells = <1>;
+                               #size-cells = <0>;
+ 
+@@ -1084,6 +1098,7 @@
+                                                <&cru HCLK_HDCP>,
+                                                <&cru PCLK_HDCP>;
+                                       pm_qos = <&qos_hdcp>;
++                                      #power-domain-cells = <0>;
+                               };
+                               pd_isp0@RK3399_PD_ISP0 {
+                                       reg = <RK3399_PD_ISP0>;
+@@ -1091,6 +1106,7 @@
+                                                <&cru HCLK_ISP0>;
+                                       pm_qos = <&qos_isp0_m0>,
+                                                <&qos_isp0_m1>;
++                                      #power-domain-cells = <0>;
+                               };
+                               pd_isp1@RK3399_PD_ISP1 {
+                                       reg = <RK3399_PD_ISP1>;
+@@ -1098,9 +1114,11 @@
+                                                <&cru HCLK_ISP1>;
+                                       pm_qos = <&qos_isp1_m0>,
+                                                <&qos_isp1_m1>;
++                                      #power-domain-cells = <0>;
+                               };
+                               pd_vo@RK3399_PD_VO {
+                                       reg = <RK3399_PD_VO>;
++                                      #power-domain-cells = <1>;
+                                       #address-cells = <1>;
+                                       #size-cells = <0>;
+ 
+@@ -1110,12 +1128,14 @@
+                                                        <&cru HCLK_VOP0>;
+                                               pm_qos = <&qos_vop_big_r>,
+                                                        <&qos_vop_big_w>;
++                                              #power-domain-cells = <0>;
+                                       };
+                                       pd_vopl@RK3399_PD_VOPL {
+                                               reg = <RK3399_PD_VOPL>;
+                                               clocks = <&cru ACLK_VOP1>,
+                                                        <&cru HCLK_VOP1>;
+                                               pm_qos = <&qos_vop_little>;
++                                              #power-domain-cells = <0>;
+                                       };
+                               };
+                       };
+-- 
+2.39.5
+

diff --git a/queue-5.4/arm64-dts-rockchip-fix-defines-in-pd_vio-node-for-rk.patch b/queue-5.4/arm64-dts-rockchip-fix-defines-in-pd_vio-node-for-rk.patch
new file mode 100644 (file)
index 0000000..480bf59
--- /dev/null
+++ b/queue-5.4/arm64-dts-rockchip-fix-defines-in-pd_vio-node-for-rk.patch
@@ -0,0 +1,56 @@
+From 2206567d1784e6cf02db62c8a07215298215f39b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 28 Apr 2020 22:30:02 +0200
+Subject: arm64: dts: rockchip: fix defines in pd_vio node for rk3399
+
+From: Johan Jonker <jbx6244@gmail.com>
+
+[ Upstream commit 84836ded76ec9a6f25d1d0acebaad44977e0ec6f ]
+
+A test with the command below gives for example this error:
+
+arch/arm64/boot/dts/rockchip/rk3399-evb.dt.yaml: pd_vio@15:
+'pd_tcpc0@RK3399_PD_TCPC0', 'pd_tcpc1@RK3399_PD_TCPC1'
+do not match any of the regexes:
+'.*-names$', '.*-supply$', '^#.*-cells$',
+'^#[a-zA-Z0-9,+\\-._]{0,63}$',
+'^[a-zA-Z][a-zA-Z0-9,+\\-._]{0,63}$',
+'^[a-zA-Z][a-zA-Z0-9,+\\-._]{0,63}@[0-9a-fA-F]+(,[0-9a-fA-F]+)*$',
+'^__.*__$', 'pinctrl-[0-9]+'
+
+Fix error by replacing the wrong defines by the ones
+mentioned in 'rk3399-power.h'.
+
+make -k ARCH=arm64 dtbs_check
+
+Signed-off-by: Johan Jonker <jbx6244@gmail.com>
+Link: https://lore.kernel.org/r/20200428203003.3318-1-jbx6244@gmail.com
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Stable-dep-of: 3699f2c43ea9 ("arm64: dts: rockchip: add hevc power domain clock to rk3328")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+index e5a25bc7d799..dcd989563d27 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+@@ -1089,12 +1089,12 @@
+                                       pm_qos = <&qos_isp1_m0>,
+                                                <&qos_isp1_m1>;
+                               };
+-                              pd_tcpc0@RK3399_PD_TCPC0 {
++                              pd_tcpc0@RK3399_PD_TCPD0 {
+                                       reg = <RK3399_PD_TCPD0>;
+                                       clocks = <&cru SCLK_UPHY0_TCPDCORE>,
+                                                <&cru SCLK_UPHY0_TCPDPHY_REF>;
+                               };
+-                              pd_tcpc1@RK3399_PD_TCPC1 {
++                              pd_tcpc1@RK3399_PD_TCPD1 {
+                                       reg = <RK3399_PD_TCPD1>;
+                                       clocks = <&cru SCLK_UPHY1_TCPDCORE>,
+                                                <&cru SCLK_UPHY1_TCPDPHY_REF>;
+-- 
+2.39.5
+

diff --git a/queue-5.4/arm64-dts-rockchip-fix-pd_tcpc0-and-pd_tcpc1-node-po.patch b/queue-5.4/arm64-dts-rockchip-fix-pd_tcpc0-and-pd_tcpc1-node-po.patch
new file mode 100644 (file)
index 0000000..d77333a
--- /dev/null
+++ b/queue-5.4/arm64-dts-rockchip-fix-pd_tcpc0-and-pd_tcpc1-node-po.patch
@@ -0,0 +1,66 @@
+From 07a1f8faae564f83303ca72f387dfc0d74f48bc7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 28 Apr 2020 22:30:03 +0200
+Subject: arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on
+ rk3399
+
+From: Johan Jonker <jbx6244@gmail.com>
+
+[ Upstream commit 2b99e6196663199409540fb95798dba464e34343 ]
+
+The pd_tcpc0 and pd_tcpc1 nodes are currently a sub node of pd_vio.
+In the rk3399 TRM figure of the 'Power Domain Partition' and in the
+table of 'Power Domain and Voltage Domain Summary' these power domains
+are positioned directly under VD_LOGIC, so fix that in 'rk3399.dtsi'.
+
+Signed-off-by: Johan Jonker <jbx6244@gmail.com>
+Reviewed-by: Caesar Wang <wxt@rock-chips.com>
+Link: https://lore.kernel.org/r/20200428203003.3318-2-jbx6244@gmail.com
+Signed-off-by: Heiko Stuebner <heiko@sntech.de>
+Stable-dep-of: 3699f2c43ea9 ("arm64: dts: rockchip: add hevc power domain clock to rk3328")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/arm64/boot/dts/rockchip/rk3399.dtsi | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+index dcd989563d27..04ca346b2f28 100644
+--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi
++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi
+@@ -1057,6 +1057,16 @@
+                               clocks = <&cru HCLK_SDIO>;
+                               pm_qos = <&qos_sdioaudio>;
+                       };
++                      pd_tcpc0@RK3399_PD_TCPD0 {
++                              reg = <RK3399_PD_TCPD0>;
++                              clocks = <&cru SCLK_UPHY0_TCPDCORE>,
++                                       <&cru SCLK_UPHY0_TCPDPHY_REF>;
++                      };
++                      pd_tcpc1@RK3399_PD_TCPD1 {
++                              reg = <RK3399_PD_TCPD1>;
++                              clocks = <&cru SCLK_UPHY1_TCPDCORE>,
++                                       <&cru SCLK_UPHY1_TCPDPHY_REF>;
++                      };
+                       pd_usb3@RK3399_PD_USB3 {
+                               reg = <RK3399_PD_USB3>;
+                               clocks = <&cru ACLK_USB3>;
+@@ -1089,16 +1099,6 @@
+                                       pm_qos = <&qos_isp1_m0>,
+                                                <&qos_isp1_m1>;
+                               };
+-                              pd_tcpc0@RK3399_PD_TCPD0 {
+-                                      reg = <RK3399_PD_TCPD0>;
+-                                      clocks = <&cru SCLK_UPHY0_TCPDCORE>,
+-                                               <&cru SCLK_UPHY0_TCPDPHY_REF>;
+-                              };
+-                              pd_tcpc1@RK3399_PD_TCPD1 {
+-                                      reg = <RK3399_PD_TCPD1>;
+-                                      clocks = <&cru SCLK_UPHY1_TCPDCORE>,
+-                                               <&cru SCLK_UPHY1_TCPDPHY_REF>;
+-                              };
+                               pd_vo@RK3399_PD_VO {
+                                       reg = <RK3399_PD_VO>;
+                                       #address-cells = <1>;
+-- 
+2.39.5
+

diff --git a/queue-5.4/ocfs2-correct-return-value-of-ocfs2_local_free_info.patch b/queue-5.4/ocfs2-correct-return-value-of-ocfs2_local_free_info.patch
new file mode 100644 (file)
index 0000000..c4ecbda
--- /dev/null
+++ b/queue-5.4/ocfs2-correct-return-value-of-ocfs2_local_free_info.patch
@@ -0,0 +1,66 @@
+From cfdbdccb6dc657b283da2ca224d98fac3ac4c884 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 28 May 2023 21:20:32 +0800
+Subject: ocfs2: correct return value of ocfs2_local_free_info()
+
+From: Joseph Qi <joseph.qi@linux.alibaba.com>
+
+[ Upstream commit d32840ad4a111c6abd651fbf6b5996e6123913da ]
+
+Now in ocfs2_local_free_info(), it returns 0 even if it actually fails.
+Though it doesn't cause any real problem since the only caller
+dquot_disable() ignores the return value, we'd better return correct as it
+is.
+
+Link: https://lkml.kernel.org/r/20230528132033.217664-1-joseph.qi@linux.alibaba.com
+Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Joseph Qi <jiangqi903@gmail.com>
+Cc: Changwei Ge <gechangwei@live.cn>
+Cc: Gang He <ghe@suse.com>
+Cc: Jun Piao <piaojun@huawei.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Stable-dep-of: 5f3fd772d152 ("ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ocfs2/quota_local.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
+index 7a1c8da9e44b..fbab536741e2 100644
+--- a/fs/ocfs2/quota_local.c
++++ b/fs/ocfs2/quota_local.c
+@@ -815,7 +815,7 @@ static int ocfs2_local_free_info(struct super_block *sb, int type)
+       struct ocfs2_quota_chunk *chunk;
+       struct ocfs2_local_disk_chunk *dchunk;
+       int mark_clean = 1, len;
+-      int status;
++      int status = 0;
+ 
+       iput(oinfo->dqi_gqinode);
+       ocfs2_simple_drop_lockres(OCFS2_SB(sb), &oinfo->dqi_gqlock);
+@@ -857,17 +857,14 @@ static int ocfs2_local_free_info(struct super_block *sb, int type)
+                                oinfo->dqi_libh,
+                                olq_update_info,
+                                info);
+-      if (status < 0) {
++      if (status < 0)
+               mlog_errno(status);
+-              goto out;
+-      }
+-
+ out:
+       ocfs2_inode_unlock(sb_dqopt(sb)->files[type], 1);
+       brelse(oinfo->dqi_libh);
+       brelse(oinfo->dqi_lqi_bh);
+       kfree(oinfo);
+-      return 0;
++      return status;
+ }
+ 
+ static void olq_set_dquot(struct buffer_head *bh, void *private)
+-- 
+2.39.5
+

diff --git a/queue-5.4/ocfs2-fix-slab-use-after-free-due-to-dangling-pointe.patch b/queue-5.4/ocfs2-fix-slab-use-after-free-due-to-dangling-pointe.patch
new file mode 100644 (file)
index 0000000..285827c
--- /dev/null
+++ b/queue-5.4/ocfs2-fix-slab-use-after-free-due-to-dangling-pointe.patch
@@ -0,0 +1,73 @@
+From ba194680aca3b5dcd0d9c10f32224dd0b7ddc026 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 17 Dec 2024 21:39:25 -0500
+Subject: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
+
+From: Dennis Lam <dennis.lamerice@gmail.com>
+
+[ Upstream commit 5f3fd772d152229d94602bca243fbb658068a597 ]
+
+When mounting ocfs2 and then remounting it as read-only, a
+slab-use-after-free occurs after the user uses a syscall to
+quota_getnextquota.  Specifically, sb_dqinfo(sb, type)->dqi_priv is the
+dangling pointer.
+
+During the remounting process, the pointer dqi_priv is freed but is never
+set as null leaving it to be accessed.  Additionally, the read-only option
+for remounting sets the DQUOT_SUSPENDED flag instead of setting the
+DQUOT_USAGE_ENABLED flags.  Moreover, later in the process of getting the
+next quota, the function ocfs2_get_next_id is called and only checks the
+quota usage flags and not the quota suspended flags.
+
+To fix this, I set dqi_priv to null when it is freed after remounting with
+read-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id.
+
+[akpm@linux-foundation.org: coding-style cleanups]
+Link: https://lkml.kernel.org/r/20241218023924.22821-2-dennis.lamerice@gmail.com
+Fixes: 8f9e8f5fcc05 ("ocfs2: Fix Q_GETNEXTQUOTA for filesystem without quotas")
+Signed-off-by: Dennis Lam <dennis.lamerice@gmail.com>
+Reported-by: syzbot+d173bf8a5a7faeede34c@syzkaller.appspotmail.com
+Tested-by: syzbot+d173bf8a5a7faeede34c@syzkaller.appspotmail.com
+Closes: https://lore.kernel.org/all/6731d26f.050a0220.1fb99c.014b.GAE@google.com/T/
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Changwei Ge <gechangwei@live.cn>
+Cc: Jun Piao <piaojun@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ocfs2/quota_global.c | 2 +-
+ fs/ocfs2/quota_local.c  | 1 +
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/fs/ocfs2/quota_global.c b/fs/ocfs2/quota_global.c
+index eda83487c9ec..1ce3780e8b49 100644
+--- a/fs/ocfs2/quota_global.c
++++ b/fs/ocfs2/quota_global.c
+@@ -881,7 +881,7 @@ static int ocfs2_get_next_id(struct super_block *sb, struct kqid *qid)
+       int status = 0;
+ 
+       trace_ocfs2_get_next_id(from_kqid(&init_user_ns, *qid), type);
+-      if (!sb_has_quota_loaded(sb, type)) {
++      if (!sb_has_quota_active(sb, type)) {
+               status = -ESRCH;
+               goto out;
+       }
+diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c
+index fbab536741e2..77d5aa90338f 100644
+--- a/fs/ocfs2/quota_local.c
++++ b/fs/ocfs2/quota_local.c
+@@ -864,6 +864,7 @@ static int ocfs2_local_free_info(struct super_block *sb, int type)
+       brelse(oinfo->dqi_libh);
+       brelse(oinfo->dqi_lqi_bh);
+       kfree(oinfo);
++      info->dqi_priv = NULL;
+       return status;
+ }
+ 
+-- 
+2.39.5
+

diff --git a/queue-5.4/phy-core-fix-code-style-in-devm_of_phy_provider_unre.patch b/queue-5.4/phy-core-fix-code-style-in-devm_of_phy_provider_unre.patch
new file mode 100644 (file)
index 0000000..9a88b68
--- /dev/null
+++ b/queue-5.4/phy-core-fix-code-style-in-devm_of_phy_provider_unre.patch
@@ -0,0 +1,41 @@
+From 6293542e4782bfeab6b432df827f84e3201e107e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 29 Jun 2020 20:20:07 +0530
+Subject: phy: core: fix code style in devm_of_phy_provider_unregister
+
+From: Vinod Koul <vkoul@kernel.org>
+
+[ Upstream commit b555f35f2f87f8a99ba8e65d3f51ae4294748b58 ]
+
+Documentation/process/coding-style.rst says:
+"functions: they have the opening brace at the beginning of the next
+line"
+
+devm_of_phy_provider_unregister() function has opening brace at same
+line, so fix it up.
+
+Link: https://lore.kernel.org/r/20200629145010.122675-1-vkoul@kernel.org
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Stable-dep-of: c0b82ab95b4f ("phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/phy/phy-core.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c
+index c801fe727f09..ffe89ed15a36 100644
+--- a/drivers/phy/phy-core.c
++++ b/drivers/phy/phy-core.c
+@@ -1094,7 +1094,8 @@ EXPORT_SYMBOL_GPL(of_phy_provider_unregister);
+  * of_phy_provider_unregister to unregister the phy provider.
+  */
+ void devm_of_phy_provider_unregister(struct device *dev,
+-      struct phy_provider *phy_provider) {
++      struct phy_provider *phy_provider)
++{
+       int r;
+ 
+       r = devres_destroy(dev, devm_phy_provider_release, devm_phy_match,
+-- 
+2.39.5
+

diff --git a/queue-5.4/phy-core-fix-that-api-devm_of_phy_provider_unregiste.patch b/queue-5.4/phy-core-fix-that-api-devm_of_phy_provider_unregiste.patch
new file mode 100644 (file)
index 0000000..991aec1
--- /dev/null
+++ b/queue-5.4/phy-core-fix-that-api-devm_of_phy_provider_unregiste.patch
@@ -0,0 +1,56 @@
+From ca2ec4f28bf913791b882e963f14a506c0ac0622 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 13 Dec 2024 20:36:42 +0800
+Subject: phy: core: Fix that API devm_of_phy_provider_unregister() fails to
+ unregister the phy provider
+
+From: Zijun Hu <quic_zijuhu@quicinc.com>
+
+[ Upstream commit c0b82ab95b4f1fbc3e3aeab9d829d012669524b6 ]
+
+For devm_of_phy_provider_unregister(), its comment says it needs to invoke
+of_phy_provider_unregister() to unregister the phy provider, but it will
+not actually invoke the function since devres_destroy() does not call
+devm_phy_provider_release(), and the missing of_phy_provider_unregister()
+call will cause:
+
+- The phy provider fails to be unregistered.
+- Leak both memory and the OF node refcount.
+
+Fortunately, the faulty API has not been used by current kernel tree.
+Fix by using devres_release() instead of devres_destroy() within the API.
+
+Fixes: ff764963479a ("drivers: phy: add generic PHY framework")
+Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
+Signed-off-by: Zijun Hu <quic_zijuhu@quicinc.com>
+Link: https://lore.kernel.org/stable/20241213-phy_core_fix-v6-2-40ae28f5015a%40quicinc.com
+Link: https://lore.kernel.org/r/20241213-phy_core_fix-v6-2-40ae28f5015a@quicinc.com
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/phy/phy-core.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c
+index ffe89ed15a36..c94a0d2c4516 100644
+--- a/drivers/phy/phy-core.c
++++ b/drivers/phy/phy-core.c
+@@ -1094,12 +1094,12 @@ EXPORT_SYMBOL_GPL(of_phy_provider_unregister);
+  * of_phy_provider_unregister to unregister the phy provider.
+  */
+ void devm_of_phy_provider_unregister(struct device *dev,
+-      struct phy_provider *phy_provider)
++                                   struct phy_provider *phy_provider)
+ {
+       int r;
+ 
+-      r = devres_destroy(dev, devm_phy_provider_release, devm_phy_match,
+-              phy_provider);
++      r = devres_release(dev, devm_phy_provider_release, devm_phy_match,
++                         phy_provider);
+       dev_WARN_ONCE(dev, r, "couldn't find PHY provider device resource\n");
+ }
+ EXPORT_SYMBOL_GPL(devm_of_phy_provider_unregister);
+-- 
+2.39.5
+

diff --git a/queue-5.4/risc-v-avoid-dereferening-null-regs-in-die.patch b/queue-5.4/risc-v-avoid-dereferening-null-regs-in-die.patch
new file mode 100644 (file)
index 0000000..43218de
--- /dev/null
+++ b/queue-5.4/risc-v-avoid-dereferening-null-regs-in-die.patch
@@ -0,0 +1,57 @@
+From eac738bfdeefbeef3dff1f5931a2340351292544 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 20 Sep 2022 13:00:37 -0700
+Subject: RISC-V: Avoid dereferening NULL regs in die()
+
+From: Palmer Dabbelt <palmer@rivosinc.com>
+
+[ Upstream commit f2913d006fcdb61719635e093d1b5dd0dafecac7 ]
+
+I don't think we can actually die() without a regs pointer, but the
+compiler was warning about a NULL check after a dereference.  It seems
+prudent to just avoid the possibly-NULL dereference, given that when
+die()ing the system is already toast so who knows how we got there.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
+Reviewed-by: Conor Dooley <conor.dooley@microchip.com>
+Link: https://lore.kernel.org/r/20220920200037.6727-1-palmer@rivosinc.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Stable-dep-of: 6a97f4118ac0 ("riscv: Fix sleeping in invalid context in die()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/kernel/traps.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
+index 184f7b82c5ae..533087439e80 100644
+--- a/arch/riscv/kernel/traps.c
++++ b/arch/riscv/kernel/traps.c
+@@ -29,6 +29,7 @@ void die(struct pt_regs *regs, const char *str)
+ {
+       static int die_counter;
+       int ret;
++      long cause;
+ 
+       oops_enter();
+ 
+@@ -38,11 +39,13 @@ void die(struct pt_regs *regs, const char *str)
+ 
+       pr_emerg("%s [#%d]\n", str, ++die_counter);
+       print_modules();
+-      show_regs(regs);
++      if (regs)
++              show_regs(regs);
+ 
+-      ret = notify_die(DIE_OOPS, str, regs, 0, regs->cause, SIGSEGV);
++      cause = regs ? regs->cause : -1;
++      ret = notify_die(DIE_OOPS, str, regs, 0, cause, SIGSEGV);
+ 
+-      if (regs && kexec_should_crash(current))
++      if (kexec_should_crash(current))
+               crash_kexec(regs);
+ 
+       bust_spinlocks(0);
+-- 
+2.39.5
+

diff --git a/queue-5.4/riscv-abstract-out-csr-names-for-supervisor-vs-machi.patch b/queue-5.4/riscv-abstract-out-csr-names-for-supervisor-vs-machi.patch
new file mode 100644 (file)
index 0000000..9cb2b21
--- /dev/null
+++ b/queue-5.4/riscv-abstract-out-csr-names-for-supervisor-vs-machi.patch
@@ -0,0 +1,1043 @@
+From 2366983a55278aafc0677126567c9dc5248f0d79 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 28 Oct 2019 13:10:32 +0100
+Subject: riscv: abstract out CSR names for supervisor vs machine mode
+
+From: Christoph Hellwig <hch@lst.de>
+
+[ Upstream commit a4c3733d32a72f11dee86d0731d7565aa6ebe22d ]
+
+Many of the privileged CSRs exist in a supervisor and machine version
+that are used very similarly.  Provide versions of the CSR names and
+fields that map to either the S-mode or M-mode variant depending on
+a new CONFIG_RISCV_M_MODE kconfig symbol.
+
+Contains contributions from Damien Le Moal <Damien.LeMoal@wdc.com>
+and Paul Walmsley <paul.walmsley@sifive.com>.
+
+Signed-off-by: Christoph Hellwig <hch@lst.de>
+Acked-by: Thomas Gleixner <tglx@linutronix.de> # for drivers/clocksource, drivers/irqchip
+[paul.walmsley@sifive.com: updated to apply]
+Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
+Stable-dep-of: 6a97f4118ac0 ("riscv: Fix sleeping in invalid context in die()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/Kconfig                 |  4 ++
+ arch/riscv/include/asm/csr.h       | 72 +++++++++++++++++++++++++----
+ arch/riscv/include/asm/irqflags.h  | 12 ++---
+ arch/riscv/include/asm/processor.h |  2 +-
+ arch/riscv/include/asm/ptrace.h    | 16 +++----
+ arch/riscv/include/asm/switch_to.h | 10 ++--
+ arch/riscv/kernel/asm-offsets.c    |  8 ++--
+ arch/riscv/kernel/entry.S          | 74 +++++++++++++++++-------------
+ arch/riscv/kernel/fpu.S            |  8 ++--
+ arch/riscv/kernel/head.S           | 12 ++---
+ arch/riscv/kernel/irq.c            | 17 ++-----
+ arch/riscv/kernel/perf_callchain.c |  2 +-
+ arch/riscv/kernel/process.c        | 17 +++----
+ arch/riscv/kernel/signal.c         | 21 ++++-----
+ arch/riscv/kernel/smp.c            |  2 +-
+ arch/riscv/kernel/traps.c          | 16 +++----
+ arch/riscv/lib/uaccess.S           | 12 ++---
+ arch/riscv/mm/extable.c            |  4 +-
+ arch/riscv/mm/fault.c              |  6 +--
+ drivers/clocksource/timer-riscv.c  |  8 ++--
+ drivers/irqchip/irq-sifive-plic.c  | 11 +++--
+ 21 files changed, 199 insertions(+), 135 deletions(-)
+
+diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig
+index 42138882667d..e3dad60b8d47 100644
+--- a/arch/riscv/Kconfig
++++ b/arch/riscv/Kconfig
+@@ -72,6 +72,10 @@ config ARCH_MMAP_RND_BITS_MAX
+       default 24 if 64BIT # SV39 based
+       default 17
+ 
++# set if we run in machine mode, cleared if we run in supervisor mode
++config RISCV_M_MODE
++      bool
++
+ config MMU
+       def_bool y
+ 
+diff --git a/arch/riscv/include/asm/csr.h b/arch/riscv/include/asm/csr.h
+index a18923fa23c8..0ab642811028 100644
+--- a/arch/riscv/include/asm/csr.h
++++ b/arch/riscv/include/asm/csr.h
+@@ -11,8 +11,11 @@
+ 
+ /* Status register flags */
+ #define SR_SIE                _AC(0x00000002, UL) /* Supervisor Interrupt Enable */
++#define SR_MIE                _AC(0x00000008, UL) /* Machine Interrupt Enable */
+ #define SR_SPIE               _AC(0x00000020, UL) /* Previous Supervisor IE */
++#define SR_MPIE               _AC(0x00000080, UL) /* Previous Machine IE */
+ #define SR_SPP                _AC(0x00000100, UL) /* Previously Supervisor */
++#define SR_MPP                _AC(0x00001800, UL) /* Previously Machine */
+ #define SR_SUM                _AC(0x00040000, UL) /* Supervisor User Memory Access */
+ 
+ #define SR_FS         _AC(0x00006000, UL) /* Floating-point Status */
+@@ -44,9 +47,10 @@
+ #define SATP_MODE     SATP_MODE_39
+ #endif
+ 
+-/* SCAUSE */
+-#define SCAUSE_IRQ_FLAG               (_AC(1, UL) << (__riscv_xlen - 1))
++/* Exception cause high bit - is an interrupt if set */
++#define CAUSE_IRQ_FLAG                (_AC(1, UL) << (__riscv_xlen - 1))
+ 
++/* Interrupt causes (minus the high bit) */
+ #define IRQ_U_SOFT            0
+ #define IRQ_S_SOFT            1
+ #define IRQ_M_SOFT            3
+@@ -57,6 +61,7 @@
+ #define IRQ_S_EXT             9
+ #define IRQ_M_EXT             11
+ 
++/* Exception causes */
+ #define EXC_INST_MISALIGNED   0
+ #define EXC_INST_ACCESS               1
+ #define EXC_BREAKPOINT                3
+@@ -67,14 +72,14 @@
+ #define EXC_LOAD_PAGE_FAULT   13
+ #define EXC_STORE_PAGE_FAULT  15
+ 
+-/* SIE (Interrupt Enable) and SIP (Interrupt Pending) flags */
+-#define SIE_SSIE              (_AC(0x1, UL) << IRQ_S_SOFT)
+-#define SIE_STIE              (_AC(0x1, UL) << IRQ_S_TIMER)
+-#define SIE_SEIE              (_AC(0x1, UL) << IRQ_S_EXT)
+-
++/* symbolic CSR names: */
+ #define CSR_CYCLE             0xc00
+ #define CSR_TIME              0xc01
+ #define CSR_INSTRET           0xc02
++#define CSR_CYCLEH            0xc80
++#define CSR_TIMEH             0xc81
++#define CSR_INSTRETH          0xc82
++
+ #define CSR_SSTATUS           0x100
+ #define CSR_SIE                       0x104
+ #define CSR_STVEC             0x105
+@@ -85,9 +90,56 @@
+ #define CSR_STVAL             0x143
+ #define CSR_SIP                       0x144
+ #define CSR_SATP              0x180
+-#define CSR_CYCLEH            0xc80
+-#define CSR_TIMEH             0xc81
+-#define CSR_INSTRETH          0xc82
++
++#define CSR_MSTATUS           0x300
++#define CSR_MIE                       0x304
++#define CSR_MTVEC             0x305
++#define CSR_MSCRATCH          0x340
++#define CSR_MEPC              0x341
++#define CSR_MCAUSE            0x342
++#define CSR_MTVAL             0x343
++#define CSR_MIP                       0x344
++
++#ifdef CONFIG_RISCV_M_MODE
++# define CSR_STATUS   CSR_MSTATUS
++# define CSR_IE               CSR_MIE
++# define CSR_TVEC     CSR_MTVEC
++# define CSR_SCRATCH  CSR_MSCRATCH
++# define CSR_EPC      CSR_MEPC
++# define CSR_CAUSE    CSR_MCAUSE
++# define CSR_TVAL     CSR_MTVAL
++# define CSR_IP               CSR_MIP
++
++# define SR_IE                SR_MIE
++# define SR_PIE               SR_MPIE
++# define SR_PP                SR_MPP
++
++# define IRQ_SOFT     IRQ_M_SOFT
++# define IRQ_TIMER    IRQ_M_TIMER
++# define IRQ_EXT      IRQ_M_EXT
++#else /* CONFIG_RISCV_M_MODE */
++# define CSR_STATUS   CSR_SSTATUS
++# define CSR_IE               CSR_SIE
++# define CSR_TVEC     CSR_STVEC
++# define CSR_SCRATCH  CSR_SSCRATCH
++# define CSR_EPC      CSR_SEPC
++# define CSR_CAUSE    CSR_SCAUSE
++# define CSR_TVAL     CSR_STVAL
++# define CSR_IP               CSR_SIP
++
++# define SR_IE                SR_SIE
++# define SR_PIE               SR_SPIE
++# define SR_PP                SR_SPP
++
++# define IRQ_SOFT     IRQ_S_SOFT
++# define IRQ_TIMER    IRQ_S_TIMER
++# define IRQ_EXT      IRQ_S_EXT
++#endif /* CONFIG_RISCV_M_MODE */
++
++/* IE/IP (Supervisor/Machine Interrupt Enable/Pending) flags */
++#define IE_SIE                (_AC(0x1, UL) << IRQ_SOFT)
++#define IE_TIE                (_AC(0x1, UL) << IRQ_TIMER)
++#define IE_EIE                (_AC(0x1, UL) << IRQ_EXT)
+ 
+ #ifndef __ASSEMBLY__
+ 
+diff --git a/arch/riscv/include/asm/irqflags.h b/arch/riscv/include/asm/irqflags.h
+index e70f647ce3b7..08d4d6a5b7e9 100644
+--- a/arch/riscv/include/asm/irqflags.h
++++ b/arch/riscv/include/asm/irqflags.h
+@@ -13,31 +13,31 @@
+ /* read interrupt enabled status */
+ static inline unsigned long arch_local_save_flags(void)
+ {
+-      return csr_read(CSR_SSTATUS);
++      return csr_read(CSR_STATUS);
+ }
+ 
+ /* unconditionally enable interrupts */
+ static inline void arch_local_irq_enable(void)
+ {
+-      csr_set(CSR_SSTATUS, SR_SIE);
++      csr_set(CSR_STATUS, SR_IE);
+ }
+ 
+ /* unconditionally disable interrupts */
+ static inline void arch_local_irq_disable(void)
+ {
+-      csr_clear(CSR_SSTATUS, SR_SIE);
++      csr_clear(CSR_STATUS, SR_IE);
+ }
+ 
+ /* get status and disable interrupts */
+ static inline unsigned long arch_local_irq_save(void)
+ {
+-      return csr_read_clear(CSR_SSTATUS, SR_SIE);
++      return csr_read_clear(CSR_STATUS, SR_IE);
+ }
+ 
+ /* test flags */
+ static inline int arch_irqs_disabled_flags(unsigned long flags)
+ {
+-      return !(flags & SR_SIE);
++      return !(flags & SR_IE);
+ }
+ 
+ /* test hardware interrupt enable bit */
+@@ -49,7 +49,7 @@ static inline int arch_irqs_disabled(void)
+ /* set interrupt enabled status */
+ static inline void arch_local_irq_restore(unsigned long flags)
+ {
+-      csr_set(CSR_SSTATUS, flags & SR_SIE);
++      csr_set(CSR_STATUS, flags & SR_IE);
+ }
+ 
+ #endif /* _ASM_RISCV_IRQFLAGS_H */
+diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h
+index 8c5b11a640dd..60fd02698b77 100644
+--- a/arch/riscv/include/asm/processor.h
++++ b/arch/riscv/include/asm/processor.h
+@@ -44,7 +44,7 @@ struct thread_struct {
+       ((struct pt_regs *)(task_stack_page(tsk) + THREAD_SIZE          \
+                           - ALIGN(sizeof(struct pt_regs), STACK_ALIGN)))
+ 
+-#define KSTK_EIP(tsk)         (task_pt_regs(tsk)->sepc)
++#define KSTK_EIP(tsk)         (task_pt_regs(tsk)->epc)
+ #define KSTK_ESP(tsk)         (task_pt_regs(tsk)->sp)
+ 
+ 
+diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h
+index d48d1e13973c..ee49f80c9533 100644
+--- a/arch/riscv/include/asm/ptrace.h
++++ b/arch/riscv/include/asm/ptrace.h
+@@ -12,7 +12,7 @@
+ #ifndef __ASSEMBLY__
+ 
+ struct pt_regs {
+-      unsigned long sepc;
++      unsigned long epc;
+       unsigned long ra;
+       unsigned long sp;
+       unsigned long gp;
+@@ -44,10 +44,10 @@ struct pt_regs {
+       unsigned long t4;
+       unsigned long t5;
+       unsigned long t6;
+-      /* Supervisor CSRs */
+-      unsigned long sstatus;
+-      unsigned long sbadaddr;
+-      unsigned long scause;
++      /* Supervisor/Machine CSRs */
++      unsigned long status;
++      unsigned long badaddr;
++      unsigned long cause;
+       /* a0 value before the syscall */
+       unsigned long orig_a0;
+ };
+@@ -58,18 +58,18 @@ struct pt_regs {
+ #define REG_FMT "%08lx"
+ #endif
+ 
+-#define user_mode(regs) (((regs)->sstatus & SR_SPP) == 0)
++#define user_mode(regs) (((regs)->status & SR_PP) == 0)
+ 
+ 
+ /* Helpers for working with the instruction pointer */
+ static inline unsigned long instruction_pointer(struct pt_regs *regs)
+ {
+-      return regs->sepc;
++      return regs->epc;
+ }
+ static inline void instruction_pointer_set(struct pt_regs *regs,
+                                          unsigned long val)
+ {
+-      regs->sepc = val;
++      regs->epc = val;
+ }
+ 
+ #define profile_pc(regs) instruction_pointer(regs)
+diff --git a/arch/riscv/include/asm/switch_to.h b/arch/riscv/include/asm/switch_to.h
+index ee4f0ac62c9d..407bcc96a710 100644
+--- a/arch/riscv/include/asm/switch_to.h
++++ b/arch/riscv/include/asm/switch_to.h
+@@ -17,19 +17,19 @@ extern void __fstate_restore(struct task_struct *restore_from);
+ 
+ static inline void __fstate_clean(struct pt_regs *regs)
+ {
+-      regs->sstatus = (regs->sstatus & ~SR_FS) | SR_FS_CLEAN;
++      regs->status = (regs->status & ~SR_FS) | SR_FS_CLEAN;
+ }
+ 
+ static inline void fstate_off(struct task_struct *task,
+                             struct pt_regs *regs)
+ {
+-      regs->sstatus = (regs->sstatus & ~SR_FS) | SR_FS_OFF;
++      regs->status = (regs->status & ~SR_FS) | SR_FS_OFF;
+ }
+ 
+ static inline void fstate_save(struct task_struct *task,
+                              struct pt_regs *regs)
+ {
+-      if ((regs->sstatus & SR_FS) == SR_FS_DIRTY) {
++      if ((regs->status & SR_FS) == SR_FS_DIRTY) {
+               __fstate_save(task);
+               __fstate_clean(regs);
+       }
+@@ -38,7 +38,7 @@ static inline void fstate_save(struct task_struct *task,
+ static inline void fstate_restore(struct task_struct *task,
+                                 struct pt_regs *regs)
+ {
+-      if ((regs->sstatus & SR_FS) != SR_FS_OFF) {
++      if ((regs->status & SR_FS) != SR_FS_OFF) {
+               __fstate_restore(task);
+               __fstate_clean(regs);
+       }
+@@ -50,7 +50,7 @@ static inline void __switch_to_aux(struct task_struct *prev,
+       struct pt_regs *regs;
+ 
+       regs = task_pt_regs(prev);
+-      if (unlikely(regs->sstatus & SR_SD))
++      if (unlikely(regs->status & SR_SD))
+               fstate_save(prev, regs);
+       fstate_restore(next, task_pt_regs(next));
+ }
+diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c
+index 42c69d5554e4..8a2614053274 100644
+--- a/arch/riscv/kernel/asm-offsets.c
++++ b/arch/riscv/kernel/asm-offsets.c
+@@ -69,7 +69,7 @@ void asm_offsets(void)
+       OFFSET(TASK_THREAD_FCSR, task_struct, thread.fstate.fcsr);
+ 
+       DEFINE(PT_SIZE, sizeof(struct pt_regs));
+-      OFFSET(PT_SEPC, pt_regs, sepc);
++      OFFSET(PT_EPC, pt_regs, epc);
+       OFFSET(PT_RA, pt_regs, ra);
+       OFFSET(PT_FP, pt_regs, s0);
+       OFFSET(PT_S0, pt_regs, s0);
+@@ -103,9 +103,9 @@ void asm_offsets(void)
+       OFFSET(PT_T6, pt_regs, t6);
+       OFFSET(PT_GP, pt_regs, gp);
+       OFFSET(PT_ORIG_A0, pt_regs, orig_a0);
+-      OFFSET(PT_SSTATUS, pt_regs, sstatus);
+-      OFFSET(PT_SBADADDR, pt_regs, sbadaddr);
+-      OFFSET(PT_SCAUSE, pt_regs, scause);
++      OFFSET(PT_STATUS, pt_regs, status);
++      OFFSET(PT_BADADDR, pt_regs, badaddr);
++      OFFSET(PT_CAUSE, pt_regs, cause);
+ 
+       /*
+        * THREAD_{F,X}* might be larger than a S-type offset can handle, but
+diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S
+index 9c87ae77ad5d..57b27b8278b1 100644
+--- a/arch/riscv/kernel/entry.S
++++ b/arch/riscv/kernel/entry.S
+@@ -26,14 +26,14 @@
+ 
+       /*
+        * If coming from userspace, preserve the user thread pointer and load
+-       * the kernel thread pointer.  If we came from the kernel, sscratch
+-       * will contain 0, and we should continue on the current TP.
++       * the kernel thread pointer.  If we came from the kernel, the scratch
++       * register will contain 0, and we should continue on the current TP.
+        */
+-      csrrw tp, CSR_SSCRATCH, tp
++      csrrw tp, CSR_SCRATCH, tp
+       bnez tp, _save_context
+ 
+ _restore_kernel_tpsp:
+-      csrr tp, CSR_SSCRATCH
++      csrr tp, CSR_SCRATCH
+       REG_S sp, TASK_TI_KERNEL_SP(tp)
+ _save_context:
+       REG_S sp, TASK_TI_USER_SP(tp)
+@@ -79,16 +79,16 @@ _save_context:
+       li t0, SR_SUM | SR_FS
+ 
+       REG_L s0, TASK_TI_USER_SP(tp)
+-      csrrc s1, CSR_SSTATUS, t0
+-      csrr s2, CSR_SEPC
+-      csrr s3, CSR_STVAL
+-      csrr s4, CSR_SCAUSE
+-      csrr s5, CSR_SSCRATCH
++      csrrc s1, CSR_STATUS, t0
++      csrr s2, CSR_EPC
++      csrr s3, CSR_TVAL
++      csrr s4, CSR_CAUSE
++      csrr s5, CSR_SCRATCH
+       REG_S s0, PT_SP(sp)
+-      REG_S s1, PT_SSTATUS(sp)
+-      REG_S s2, PT_SEPC(sp)
+-      REG_S s3, PT_SBADADDR(sp)
+-      REG_S s4, PT_SCAUSE(sp)
++      REG_S s1, PT_STATUS(sp)
++      REG_S s2, PT_EPC(sp)
++      REG_S s3, PT_BADADDR(sp)
++      REG_S s4, PT_CAUSE(sp)
+       REG_S s5, PT_TP(sp)
+       .endm
+ 
+@@ -97,7 +97,7 @@ _save_context:
+  * registers from the stack.
+  */
+       .macro RESTORE_ALL
+-      REG_L a0, PT_SSTATUS(sp)
++      REG_L a0, PT_STATUS(sp)
+       /*
+        * The current load reservation is effectively part of the processor's
+        * state, in the sense that load reservations cannot be shared between
+@@ -115,11 +115,11 @@ _save_context:
+        * completes, implementations are allowed to expand reservations to be
+        * arbitrarily large.
+        */
+-      REG_L  a2, PT_SEPC(sp)
+-      REG_SC x0, a2, PT_SEPC(sp)
++      REG_L  a2, PT_EPC(sp)
++      REG_SC x0, a2, PT_EPC(sp)
+ 
+-      csrw CSR_SSTATUS, a0
+-      csrw CSR_SEPC, a2
++      csrw CSR_STATUS, a0
++      csrw CSR_EPC, a2
+ 
+       REG_L x1,  PT_RA(sp)
+       REG_L x3,  PT_GP(sp)
+@@ -163,10 +163,10 @@ ENTRY(handle_exception)
+       SAVE_ALL
+ 
+       /*
+-       * Set sscratch register to 0, so that if a recursive exception
++       * Set the scratch register to 0, so that if a recursive exception
+        * occurs, the exception vector knows it came from the kernel
+        */
+-      csrw CSR_SSCRATCH, x0
++      csrw CSR_SCRATCH, x0
+ 
+       /* Load the global pointer */
+ .option push
+@@ -185,11 +185,13 @@ ENTRY(handle_exception)
+       move a0, sp /* pt_regs */
+       tail do_IRQ
+ 1:
+-      /* Exceptions run with interrupts enabled or disabled
+-         depending on the state of sstatus.SR_SPIE */
+-      andi t0, s1, SR_SPIE
++      /*
++       * Exceptions run with interrupts enabled or disabled depending on the
++       * state of SR_PIE in m/sstatus.
++       */
++      andi t0, s1, SR_PIE
+       beqz t0, 1f
+-      csrs CSR_SSTATUS, SR_SIE
++      csrs CSR_STATUS, SR_IE
+ 
+ 1:
+       /* Handle syscalls */
+@@ -217,7 +219,7 @@ handle_syscall:
+        * scall instruction on sret
+        */
+       addi s2, s2, 0x4
+-      REG_S s2, PT_SEPC(sp)
++      REG_S s2, PT_EPC(sp)
+       /* Trace syscalls, but only if requested by the user. */
+       REG_L t0, TASK_TI_FLAGS(tp)
+       andi t0, t0, _TIF_SYSCALL_WORK
+@@ -244,9 +246,15 @@ ret_from_syscall:
+       bnez t0, handle_syscall_trace_exit
+ 
+ ret_from_exception:
+-      REG_L s0, PT_SSTATUS(sp)
+-      csrc CSR_SSTATUS, SR_SIE
++      REG_L s0, PT_STATUS(sp)
++      csrc CSR_STATUS, SR_IE
++#ifdef CONFIG_RISCV_M_MODE
++      /* the MPP value is too large to be used as an immediate arg for addi */
++      li t0, SR_MPP
++      and s0, s0, t0
++#else
+       andi s0, s0, SR_SPP
++#endif
+       bnez s0, resume_kernel
+ 
+ resume_userspace:
+@@ -260,14 +268,18 @@ resume_userspace:
+       REG_S s0, TASK_TI_KERNEL_SP(tp)
+ 
+       /*
+-       * Save TP into sscratch, so we can find the kernel data structures
+-       * again.
++       * Save TP into the scratch register , so we can find the kernel data
++       * structures again.
+        */
+-      csrw CSR_SSCRATCH, tp
++      csrw CSR_SCRATCH, tp
+ 
+ restore_all:
+       RESTORE_ALL
++#ifdef CONFIG_RISCV_M_MODE
++      mret
++#else
+       sret
++#endif
+ 
+ #if IS_ENABLED(CONFIG_PREEMPT)
+ resume_kernel:
+@@ -287,7 +299,7 @@ work_pending:
+       bnez s1, work_resched
+ work_notifysig:
+       /* Handle pending signals and notify-resume requests */
+-      csrs CSR_SSTATUS, SR_SIE /* Enable interrupts for do_notify_resume() */
++      csrs CSR_STATUS, SR_IE /* Enable interrupts for do_notify_resume() */
+       move a0, sp /* pt_regs */
+       move a1, s0 /* current_thread_info->flags */
+       tail do_notify_resume
+diff --git a/arch/riscv/kernel/fpu.S b/arch/riscv/kernel/fpu.S
+index 631d31540660..dd2205473de7 100644
+--- a/arch/riscv/kernel/fpu.S
++++ b/arch/riscv/kernel/fpu.S
+@@ -23,7 +23,7 @@ ENTRY(__fstate_save)
+       li  a2,  TASK_THREAD_F0
+       add a0, a0, a2
+       li t1, SR_FS
+-      csrs CSR_SSTATUS, t1
++      csrs CSR_STATUS, t1
+       frcsr t0
+       fsd f0,  TASK_THREAD_F0_F0(a0)
+       fsd f1,  TASK_THREAD_F1_F0(a0)
+@@ -58,7 +58,7 @@ ENTRY(__fstate_save)
+       fsd f30, TASK_THREAD_F30_F0(a0)
+       fsd f31, TASK_THREAD_F31_F0(a0)
+       sw t0, TASK_THREAD_FCSR_F0(a0)
+-      csrc CSR_SSTATUS, t1
++      csrc CSR_STATUS, t1
+       ret
+ ENDPROC(__fstate_save)
+ 
+@@ -67,7 +67,7 @@ ENTRY(__fstate_restore)
+       add a0, a0, a2
+       li t1, SR_FS
+       lw t0, TASK_THREAD_FCSR_F0(a0)
+-      csrs CSR_SSTATUS, t1
++      csrs CSR_STATUS, t1
+       fld f0,  TASK_THREAD_F0_F0(a0)
+       fld f1,  TASK_THREAD_F1_F0(a0)
+       fld f2,  TASK_THREAD_F2_F0(a0)
+@@ -101,6 +101,6 @@ ENTRY(__fstate_restore)
+       fld f30, TASK_THREAD_F30_F0(a0)
+       fld f31, TASK_THREAD_F31_F0(a0)
+       fscsr t0
+-      csrc CSR_SSTATUS, t1
++      csrc CSR_STATUS, t1
+       ret
+ ENDPROC(__fstate_restore)
+diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S
+index 344793159b97..57817c198774 100644
+--- a/arch/riscv/kernel/head.S
++++ b/arch/riscv/kernel/head.S
+@@ -52,8 +52,8 @@ ENTRY(_start)
+ .global _start_kernel
+ _start_kernel:
+       /* Mask all interrupts */
+-      csrw CSR_SIE, zero
+-      csrw CSR_SIP, zero
++      csrw CSR_IE, zero
++      csrw CSR_IP, zero
+ 
+       /* Load the global pointer */
+ .option push
+@@ -66,7 +66,7 @@ _start_kernel:
+        * floating point in kernel space
+        */
+       li t0, SR_FS
+-      csrc CSR_SSTATUS, t0
++      csrc CSR_STATUS, t0
+ 
+ #ifdef CONFIG_SMP
+       li t0, CONFIG_NR_CPUS
+@@ -121,7 +121,7 @@ relocate:
+       /* Point stvec to virtual address of intruction after satp write */
+       la a2, 1f
+       add a2, a2, a1
+-      csrw CSR_STVEC, a2
++      csrw CSR_TVEC, a2
+ 
+       /* Compute satp for kernel page tables, but don't load it yet */
+       srl a2, a0, PAGE_SHIFT
+@@ -143,7 +143,7 @@ relocate:
+ 1:
+       /* Set trap vector to spin forever to help debug */
+       la a0, .Lsecondary_park
+-      csrw CSR_STVEC, a0
++      csrw CSR_TVEC, a0
+ 
+       /* Reload the global pointer */
+ .option push
+@@ -166,7 +166,7 @@ relocate:
+ #ifdef CONFIG_SMP
+       /* Set trap vector to spin forever to help debug */
+       la a3, .Lsecondary_park
+-      csrw CSR_STVEC, a3
++      csrw CSR_TVEC, a3
+ 
+       slli a3, a0, LGREG
+       la a1, __cpu_up_stack_pointer
+diff --git a/arch/riscv/kernel/irq.c b/arch/riscv/kernel/irq.c
+index fffac6ddb0e0..3f07a91d5afb 100644
+--- a/arch/riscv/kernel/irq.c
++++ b/arch/riscv/kernel/irq.c
+@@ -11,13 +11,6 @@
+ #include <linux/seq_file.h>
+ #include <asm/smp.h>
+ 
+-/*
+- * Possible interrupt causes:
+- */
+-#define INTERRUPT_CAUSE_SOFTWARE      IRQ_S_SOFT
+-#define INTERRUPT_CAUSE_TIMER         IRQ_S_TIMER
+-#define INTERRUPT_CAUSE_EXTERNAL      IRQ_S_EXT
+-
+ int arch_show_interrupts(struct seq_file *p, int prec)
+ {
+       show_ipi_stats(p, prec);
+@@ -29,12 +22,12 @@ asmlinkage __visible void __irq_entry do_IRQ(struct pt_regs *regs)
+       struct pt_regs *old_regs = set_irq_regs(regs);
+ 
+       irq_enter();
+-      switch (regs->scause & ~SCAUSE_IRQ_FLAG) {
+-      case INTERRUPT_CAUSE_TIMER:
++      switch (regs->cause & ~CAUSE_IRQ_FLAG) {
++      case IRQ_TIMER:
+               riscv_timer_interrupt();
+               break;
+ #ifdef CONFIG_SMP
+-      case INTERRUPT_CAUSE_SOFTWARE:
++      case IRQ_SOFT:
+               /*
+                * We only use software interrupts to pass IPIs, so if a non-SMP
+                * system gets one, then we don't know what to do.
+@@ -42,11 +35,11 @@ asmlinkage __visible void __irq_entry do_IRQ(struct pt_regs *regs)
+               riscv_software_interrupt();
+               break;
+ #endif
+-      case INTERRUPT_CAUSE_EXTERNAL:
++      case IRQ_EXT:
+               handle_arch_irq(regs);
+               break;
+       default:
+-              pr_alert("unexpected interrupt cause 0x%lx", regs->scause);
++              pr_alert("unexpected interrupt cause 0x%lx", regs->cause);
+               BUG();
+       }
+       irq_exit();
+diff --git a/arch/riscv/kernel/perf_callchain.c b/arch/riscv/kernel/perf_callchain.c
+index 11541cbe26b3..ed7c8fdde62b 100644
+--- a/arch/riscv/kernel/perf_callchain.c
++++ b/arch/riscv/kernel/perf_callchain.c
+@@ -68,7 +68,7 @@ void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
+               return;
+ 
+       fp = regs->s0;
+-      perf_callchain_store(entry, regs->sepc);
++      perf_callchain_store(entry, regs->epc);
+ 
+       fp = user_backtrace(entry, fp, regs->ra);
+       while (fp && !(fp & 0x7) && entry->nr < entry->max_stack)
+diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c
+index 9d4b4098874b..f17e7f4ad3e7 100644
+--- a/arch/riscv/kernel/process.c
++++ b/arch/riscv/kernel/process.c
+@@ -35,8 +35,8 @@ void show_regs(struct pt_regs *regs)
+ {
+       show_regs_print_info(KERN_DEFAULT);
+ 
+-      pr_cont("sepc: " REG_FMT " ra : " REG_FMT " sp : " REG_FMT "\n",
+-              regs->sepc, regs->ra, regs->sp);
++      pr_cont("epc: " REG_FMT " ra : " REG_FMT " sp : " REG_FMT "\n",
++              regs->epc, regs->ra, regs->sp);
+       pr_cont(" gp : " REG_FMT " tp : " REG_FMT " t0 : " REG_FMT "\n",
+               regs->gp, regs->tp, regs->t0);
+       pr_cont(" t1 : " REG_FMT " t2 : " REG_FMT " s0 : " REG_FMT "\n",
+@@ -58,23 +58,23 @@ void show_regs(struct pt_regs *regs)
+       pr_cont(" t5 : " REG_FMT " t6 : " REG_FMT "\n",
+               regs->t5, regs->t6);
+ 
+-      pr_cont("sstatus: " REG_FMT " sbadaddr: " REG_FMT " scause: " REG_FMT "\n",
+-              regs->sstatus, regs->sbadaddr, regs->scause);
++      pr_cont("status: " REG_FMT " badaddr: " REG_FMT " cause: " REG_FMT "\n",
++              regs->status, regs->badaddr, regs->cause);
+ }
+ 
+ void start_thread(struct pt_regs *regs, unsigned long pc,
+       unsigned long sp)
+ {
+-      regs->sstatus = SR_SPIE;
++      regs->status = SR_PIE;
+       if (has_fpu) {
+-              regs->sstatus |= SR_FS_INITIAL;
++              regs->status |= SR_FS_INITIAL;
+               /*
+                * Restore the initial value to the FP register
+                * before starting the user program.
+                */
+               fstate_restore(current, regs);
+       }
+-      regs->sepc = pc;
++      regs->epc = pc;
+       regs->sp = sp;
+       set_fs(USER_DS);
+ }
+@@ -112,7 +112,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long usp,
+               const register unsigned long gp __asm__ ("gp");
+               memset(childregs, 0, sizeof(struct pt_regs));
+               childregs->gp = gp;
+-              childregs->sstatus = SR_SPP | SR_SPIE; /* Supervisor, irqs on */
++              /* Supervisor/Machine, irqs on: */
++              childregs->status = SR_PP | SR_PIE;
+ 
+               p->thread.ra = (unsigned long)ret_from_kernel_thread;
+               p->thread.s[0] = usp; /* fn */
+diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c
+index d0f6f212f5df..b7f9a5565c4b 100644
+--- a/arch/riscv/kernel/signal.c
++++ b/arch/riscv/kernel/signal.c
+@@ -124,7 +124,7 @@ SYSCALL_DEFINE0(rt_sigreturn)
+               pr_info_ratelimited(
+                       "%s[%d]: bad frame in %s: frame=%p pc=%p sp=%p\n",
+                       task->comm, task_pid_nr(task), __func__,
+-                      frame, (void *)regs->sepc, (void *)regs->sp);
++                      frame, (void *)regs->epc, (void *)regs->sp);
+       }
+       force_sig(SIGSEGV);
+       return 0;
+@@ -199,7 +199,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
+        * We always pass siginfo and mcontext, regardless of SA_SIGINFO,
+        * since some things rely on this (e.g. glibc's debug/segfault.c).
+        */
+-      regs->sepc = (unsigned long)ksig->ka.sa.sa_handler;
++      regs->epc = (unsigned long)ksig->ka.sa.sa_handler;
+       regs->sp = (unsigned long)frame;
+       regs->a0 = ksig->sig;                     /* a0: signal number */
+       regs->a1 = (unsigned long)(&frame->info); /* a1: siginfo pointer */
+@@ -208,7 +208,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set,
+ #if DEBUG_SIG
+       pr_info("SIG deliver (%s:%d): sig=%d pc=%p ra=%p sp=%p\n",
+               current->comm, task_pid_nr(current), ksig->sig,
+-              (void *)regs->sepc, (void *)regs->ra, frame);
++              (void *)regs->epc, (void *)regs->ra, frame);
+ #endif
+ 
+       return 0;
+@@ -220,10 +220,9 @@ static void handle_signal(struct ksignal *ksig, struct pt_regs *regs)
+       int ret;
+ 
+       /* Are we from a system call? */
+-      if (regs->scause == EXC_SYSCALL) {
++      if (regs->cause == EXC_SYSCALL) {
+               /* Avoid additional syscall restarting via ret_from_exception */
+-              regs->scause = -1UL;
+-
++              regs->cause = -1UL;
+               /* If so, check system call restarting.. */
+               switch (regs->a0) {
+               case -ERESTART_RESTARTBLOCK:
+@@ -239,7 +238,7 @@ static void handle_signal(struct ksignal *ksig, struct pt_regs *regs)
+                       /* fallthrough */
+               case -ERESTARTNOINTR:
+                         regs->a0 = regs->orig_a0;
+-                      regs->sepc -= 0x4;
++                      regs->epc -= 0x4;
+                       break;
+               }
+       }
+@@ -261,9 +260,9 @@ static void do_signal(struct pt_regs *regs)
+       }
+ 
+       /* Did we come from a system call? */
+-      if (regs->scause == EXC_SYSCALL) {
++      if (regs->cause == EXC_SYSCALL) {
+               /* Avoid additional syscall restarting via ret_from_exception */
+-              regs->scause = -1UL;
++              regs->cause = -1UL;
+ 
+               /* Restart the system call - no handlers present */
+               switch (regs->a0) {
+@@ -271,12 +270,12 @@ static void do_signal(struct pt_regs *regs)
+               case -ERESTARTSYS:
+               case -ERESTARTNOINTR:
+                         regs->a0 = regs->orig_a0;
+-                      regs->sepc -= 0x4;
++                      regs->epc -= 0x4;
+                       break;
+               case -ERESTART_RESTARTBLOCK:
+                         regs->a0 = regs->orig_a0;
+                       regs->a7 = __NR_restart_syscall;
+-                      regs->sepc -= 0x4;
++                      regs->epc -= 0x4;
+                       break;
+               }
+       }
+diff --git a/arch/riscv/kernel/smp.c b/arch/riscv/kernel/smp.c
+index 098c04adbaaf..d724a7e6f4eb 100644
+--- a/arch/riscv/kernel/smp.c
++++ b/arch/riscv/kernel/smp.c
+@@ -108,7 +108,7 @@ static void send_ipi_single(int cpu, enum ipi_message_type op)
+ 
+ static inline void clear_ipi(void)
+ {
+-      csr_clear(CSR_SIP, SIE_SSIE);
++      csr_clear(CSR_IP, IE_SIE);
+ }
+ 
+ void riscv_software_interrupt(void)
+diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
+index c28d4debf592..030094ac7190 100644
+--- a/arch/riscv/kernel/traps.c
++++ b/arch/riscv/kernel/traps.c
+@@ -42,7 +42,7 @@ void die(struct pt_regs *regs, const char *str)
+       print_modules();
+       show_regs(regs);
+ 
+-      ret = notify_die(DIE_OOPS, str, regs, 0, regs->scause, SIGSEGV);
++      ret = notify_die(DIE_OOPS, str, regs, 0, regs->cause, SIGSEGV);
+ 
+       if (regs && kexec_should_crash(current))
+               crash_kexec(regs);
+@@ -90,7 +90,7 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code,
+ #define DO_ERROR_INFO(name, signo, code, str)                         \
+ asmlinkage __visible void name(struct pt_regs *regs)                  \
+ {                                                                     \
+-      do_trap_error(regs, signo, code, regs->sepc, "Oops - " str);    \
++      do_trap_error(regs, signo, code, regs->epc, "Oops - " str);     \
+ }
+ 
+ DO_ERROR_INFO(do_trap_unknown,
+@@ -128,9 +128,9 @@ static inline unsigned long get_break_insn_length(unsigned long pc)
+ asmlinkage __visible void do_trap_break(struct pt_regs *regs)
+ {
+       if (user_mode(regs))
+-              force_sig_fault(SIGTRAP, TRAP_BRKPT, (void __user *)regs->sepc);
+-      else if (report_bug(regs->sepc, regs) == BUG_TRAP_TYPE_WARN)
+-              regs->sepc += get_break_insn_length(regs->sepc);
++              force_sig_fault(SIGTRAP, TRAP_BRKPT, (void __user *)regs->epc);
++      else if (report_bug(regs->epc, regs) == BUG_TRAP_TYPE_WARN)
++              regs->epc += get_break_insn_length(regs->epc);
+       else
+               die(regs, "Kernel BUG");
+ }
+@@ -157,9 +157,9 @@ void __init trap_init(void)
+        * Set sup0 scratch register to 0, indicating to exception vector
+        * that we are presently executing in the kernel
+        */
+-      csr_write(CSR_SSCRATCH, 0);
++      csr_write(CSR_SCRATCH, 0);
+       /* Set the exception vector address */
+-      csr_write(CSR_STVEC, &handle_exception);
++      csr_write(CSR_TVEC, &handle_exception);
+       /* Enable all interrupts */
+-      csr_write(CSR_SIE, -1);
++      csr_write(CSR_IE, -1);
+ }
+diff --git a/arch/riscv/lib/uaccess.S b/arch/riscv/lib/uaccess.S
+index ed2696c0143d..fecd65657a6f 100644
+--- a/arch/riscv/lib/uaccess.S
++++ b/arch/riscv/lib/uaccess.S
+@@ -18,7 +18,7 @@ ENTRY(__asm_copy_from_user)
+ 
+       /* Enable access to user memory */
+       li t6, SR_SUM
+-      csrs CSR_SSTATUS, t6
++      csrs CSR_STATUS, t6
+ 
+       add a3, a1, a2
+       /* Use word-oriented copy only if low-order bits match */
+@@ -47,7 +47,7 @@ ENTRY(__asm_copy_from_user)
+ 
+ 3:
+       /* Disable access to user memory */
+-      csrc CSR_SSTATUS, t6
++      csrc CSR_STATUS, t6
+       li a0, 0
+       ret
+ 4: /* Edge case: unalignment */
+@@ -72,7 +72,7 @@ ENTRY(__clear_user)
+ 
+       /* Enable access to user memory */
+       li t6, SR_SUM
+-      csrs CSR_SSTATUS, t6
++      csrs CSR_STATUS, t6
+ 
+       add a3, a0, a1
+       addi t0, a0, SZREG-1
+@@ -94,7 +94,7 @@ ENTRY(__clear_user)
+ 
+ 3:
+       /* Disable access to user memory */
+-      csrc CSR_SSTATUS, t6
++      csrc CSR_STATUS, t6
+       li a0, 0
+       ret
+ 4: /* Edge case: unalignment */
+@@ -114,11 +114,11 @@ ENDPROC(__clear_user)
+       /* Fixup code for __copy_user(10) and __clear_user(11) */
+ 10:
+       /* Disable access to user memory */
+-      csrs CSR_SSTATUS, t6
++      csrs CSR_STATUS, t6
+       mv a0, a2
+       ret
+ 11:
+-      csrs CSR_SSTATUS, t6
++      csrs CSR_STATUS, t6
+       mv a0, a1
+       ret
+       .previous
+diff --git a/arch/riscv/mm/extable.c b/arch/riscv/mm/extable.c
+index 7aed9178d365..2fc729422151 100644
+--- a/arch/riscv/mm/extable.c
++++ b/arch/riscv/mm/extable.c
+@@ -15,9 +15,9 @@ int fixup_exception(struct pt_regs *regs)
+ {
+       const struct exception_table_entry *fixup;
+ 
+-      fixup = search_exception_tables(regs->sepc);
++      fixup = search_exception_tables(regs->epc);
+       if (fixup) {
+-              regs->sepc = fixup->fixup;
++              regs->epc = fixup->fixup;
+               return 1;
+       }
+       return 0;
+diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
+index 1cfce62caa11..55ac8b7bb432 100644
+--- a/arch/riscv/mm/fault.c
++++ b/arch/riscv/mm/fault.c
+@@ -34,8 +34,8 @@ asmlinkage void do_page_fault(struct pt_regs *regs)
+       int code = SEGV_MAPERR;
+       vm_fault_t fault;
+ 
+-      cause = regs->scause;
+-      addr = regs->sbadaddr;
++      cause = regs->cause;
++      addr = regs->badaddr;
+ 
+       tsk = current;
+       mm = tsk->mm;
+@@ -53,7 +53,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs)
+               goto vmalloc_fault;
+ 
+       /* Enable interrupts if they were enabled in the parent context. */
+-      if (likely(regs->sstatus & SR_SPIE))
++      if (likely(regs->status & SR_PIE))
+               local_irq_enable();
+ 
+       /*
+diff --git a/drivers/clocksource/timer-riscv.c b/drivers/clocksource/timer-riscv.c
+index 4b04ffbe5e7e..cd8395171849 100644
+--- a/drivers/clocksource/timer-riscv.c
++++ b/drivers/clocksource/timer-riscv.c
+@@ -19,7 +19,7 @@
+ static int riscv_clock_next_event(unsigned long delta,
+               struct clock_event_device *ce)
+ {
+-      csr_set(sie, SIE_STIE);
++      csr_set(CSR_IE, IE_TIE);
+       sbi_set_timer(get_cycles64() + delta);
+       return 0;
+ }
+@@ -61,13 +61,13 @@ static int riscv_timer_starting_cpu(unsigned int cpu)
+       ce->cpumask = cpumask_of(cpu);
+       clockevents_config_and_register(ce, riscv_timebase, 100, 0x7fffffff);
+ 
+-      csr_set(sie, SIE_STIE);
++      csr_set(CSR_IE, IE_TIE);
+       return 0;
+ }
+ 
+ static int riscv_timer_dying_cpu(unsigned int cpu)
+ {
+-      csr_clear(sie, SIE_STIE);
++      csr_clear(CSR_IE, IE_TIE);
+       return 0;
+ }
+ 
+@@ -76,7 +76,7 @@ void riscv_timer_interrupt(void)
+ {
+       struct clock_event_device *evdev = this_cpu_ptr(&riscv_clock_event);
+ 
+-      csr_clear(sie, SIE_STIE);
++      csr_clear(CSR_IE, IE_TIE);
+       evdev->event_handler(evdev);
+ }
+ 
+diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c
+index 9dad45d928bf..2dca689a5cbc 100644
+--- a/drivers/irqchip/irq-sifive-plic.c
++++ b/drivers/irqchip/irq-sifive-plic.c
+@@ -187,7 +187,7 @@ static void plic_handle_irq(struct pt_regs *regs)
+ 
+       WARN_ON_ONCE(!handler->present);
+ 
+-      csr_clear(sie, SIE_SEIE);
++      csr_clear(CSR_IE, IE_EIE);
+       while ((hwirq = readl(claim))) {
+               int irq = irq_find_mapping(plic_irqdomain, hwirq);
+ 
+@@ -197,7 +197,7 @@ static void plic_handle_irq(struct pt_regs *regs)
+               else
+                       generic_handle_irq(irq);
+       }
+-      csr_set(sie, SIE_SEIE);
++      csr_set(CSR_IE, IE_EIE);
+ }
+ 
+ /*
+@@ -258,8 +258,11 @@ static int __init plic_init(struct device_node *node,
+                       continue;
+               }
+ 
+-              /* skip contexts other than supervisor external interrupt */
+-              if (parent.args[0] != IRQ_S_EXT)
++              /*
++               * Skip contexts other than external interrupts for our
++               * privilege level.
++               */
++              if (parent.args[0] != IRQ_EXT)
+                       continue;
+ 
+               hartid = plic_find_hart_id(parent.np);
+-- 
+2.39.5
+

diff --git a/queue-5.4/riscv-avoid-enabling-interrupts-in-die.patch b/queue-5.4/riscv-avoid-enabling-interrupts-in-die.patch
new file mode 100644 (file)
index 0000000..b05ff47
--- /dev/null
+++ b/queue-5.4/riscv-avoid-enabling-interrupts-in-die.patch
@@ -0,0 +1,61 @@
+From 6b95ce051d8be5637ece3e3f58e8035c8b2309cf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 15 Feb 2023 14:48:28 +0000
+Subject: riscv: Avoid enabling interrupts in die()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Mattias Nissler <mnissler@rivosinc.com>
+
+[ Upstream commit 130aee3fd9981297ff9354e5d5609cd59aafbbea ]
+
+While working on something else, I noticed that the kernel would start
+accepting interrupts again after crashing in an interrupt handler. Since
+the kernel is already in inconsistent state, enabling interrupts is
+dangerous and opens up risk of kernel state deteriorating further.
+Interrupts do get enabled via what looks like an unintended side effect of
+spin_unlock_irq, so switch to the more cautious
+spin_lock_irqsave/spin_unlock_irqrestore instead.
+
+Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code")
+Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
+Reviewed-by: Björn Töpel <bjorn@kernel.org>
+Link: https://lore.kernel.org/r/20230215144828.3370316-1-mnissler@rivosinc.com
+Cc: stable@vger.kernel.org
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Stable-dep-of: 6a97f4118ac0 ("riscv: Fix sleeping in invalid context in die()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/kernel/traps.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
+index 533087439e80..d255d88cf522 100644
+--- a/arch/riscv/kernel/traps.c
++++ b/arch/riscv/kernel/traps.c
+@@ -30,10 +30,11 @@ void die(struct pt_regs *regs, const char *str)
+       static int die_counter;
+       int ret;
+       long cause;
++      unsigned long flags;
+ 
+       oops_enter();
+ 
+-      spin_lock_irq(&die_lock);
++      spin_lock_irqsave(&die_lock, flags);
+       console_verbose();
+       bust_spinlocks(1);
+ 
+@@ -50,7 +51,7 @@ void die(struct pt_regs *regs, const char *str)
+ 
+       bust_spinlocks(0);
+       add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
+-      spin_unlock_irq(&die_lock);
++      spin_unlock_irqrestore(&die_lock, flags);
+       oops_exit();
+ 
+       if (in_interrupt())
+-- 
+2.39.5
+

diff --git a/queue-5.4/riscv-fix-sleeping-in-invalid-context-in-die.patch b/queue-5.4/riscv-fix-sleeping-in-invalid-context-in-die.patch
new file mode 100644 (file)
index 0000000..3a88f97
--- /dev/null
+++ b/queue-5.4/riscv-fix-sleeping-in-invalid-context-in-die.patch
@@ -0,0 +1,79 @@
+From 6d6dbc938ae4e9b400e9410b5cab83c3f488e03a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 18 Nov 2024 10:13:33 +0100
+Subject: riscv: Fix sleeping in invalid context in die()
+
+From: Nam Cao <namcao@linutronix.de>
+
+[ Upstream commit 6a97f4118ac07cfdc316433f385dbdc12af5025e ]
+
+die() can be called in exception handler, and therefore cannot sleep.
+However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled.
+That causes the following warning:
+
+BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
+in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex
+preempt_count: 110001, expected: 0
+RCU nest depth: 0, expected: 0
+CPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234
+Hardware name: riscv-virtio,qemu (DT)
+Call Trace:
+    dump_backtrace+0x1c/0x24
+    show_stack+0x2c/0x38
+    dump_stack_lvl+0x5a/0x72
+    dump_stack+0x14/0x1c
+    __might_resched+0x130/0x13a
+    rt_spin_lock+0x2a/0x5c
+    die+0x24/0x112
+    do_trap_insn_illegal+0xa0/0xea
+    _new_vmalloc_restore_context_a0+0xcc/0xd8
+Oops - illegal instruction [#1]
+
+Switch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT
+enabled.
+
+Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code")
+Signed-off-by: Nam Cao <namcao@linutronix.de>
+Cc: stable@vger.kernel.org
+Reviewed-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
+Link: https://lore.kernel.org/r/20241118091333.1185288-1-namcao@linutronix.de
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/kernel/traps.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
+index d255d88cf522..fbc918f127dc 100644
+--- a/arch/riscv/kernel/traps.c
++++ b/arch/riscv/kernel/traps.c
+@@ -23,7 +23,7 @@
+ 
+ int show_unhandled_signals = 1;
+ 
+-static DEFINE_SPINLOCK(die_lock);
++static DEFINE_RAW_SPINLOCK(die_lock);
+ 
+ void die(struct pt_regs *regs, const char *str)
+ {
+@@ -34,7 +34,7 @@ void die(struct pt_regs *regs, const char *str)
+ 
+       oops_enter();
+ 
+-      spin_lock_irqsave(&die_lock, flags);
++      raw_spin_lock_irqsave(&die_lock, flags);
+       console_verbose();
+       bust_spinlocks(1);
+ 
+@@ -51,7 +51,7 @@ void die(struct pt_regs *regs, const char *str)
+ 
+       bust_spinlocks(0);
+       add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE);
+-      spin_unlock_irqrestore(&die_lock, flags);
++      raw_spin_unlock_irqrestore(&die_lock, flags);
+       oops_exit();
+ 
+       if (in_interrupt())
+-- 
+2.39.5
+

diff --git a/queue-5.4/riscv-remove-unused-handle_exception-symbol.patch b/queue-5.4/riscv-remove-unused-handle_exception-symbol.patch
new file mode 100644 (file)
index 0000000..a26546d
--- /dev/null
+++ b/queue-5.4/riscv-remove-unused-handle_exception-symbol.patch
@@ -0,0 +1,37 @@
+From 41b33c44b51d27f711d2e822d711de291c216c75 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 1 May 2021 20:53:58 +0200
+Subject: riscv: remove unused handle_exception symbol
+
+From: Rouven Czerwinski <rouven@czerwinskis.de>
+
+[ Upstream commit beaf5ae15a13d835a01e30c282c8325ce0f1eb7e ]
+
+Since commit 79b1feba5455 ("RISC-V: Setup exception vector early")
+exception vectors are setup early and the handle_exception symbol from
+the asm files is no longer referenced in traps.c. Remove it.
+
+Signed-off-by: Rouven Czerwinski <rouven@czerwinskis.de>
+Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
+Stable-dep-of: 6a97f4118ac0 ("riscv: Fix sleeping in invalid context in die()")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/riscv/kernel/traps.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c
+index 030094ac7190..184f7b82c5ae 100644
+--- a/arch/riscv/kernel/traps.c
++++ b/arch/riscv/kernel/traps.c
+@@ -23,8 +23,6 @@
+ 
+ int show_unhandled_signals = 1;
+ 
+-extern asmlinkage void handle_exception(void);
+-
+ static DEFINE_SPINLOCK(die_lock);
+ 
+ void die(struct pt_regs *regs, const char *str)
+-- 
+2.39.5
+

diff --git a/queue-5.4/sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch b/queue-5.4/sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch
new file mode 100644 (file)
index 0000000..a07f485
--- /dev/null
+++ b/queue-5.4/sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch
@@ -0,0 +1,63 @@
+From 7a929e12aec4702d898169e52d14b451ac432669 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 8 Jan 2025 16:34:33 +0100
+Subject: sctp: sysctl: rto_min/max: avoid using current->nsproxy
+
+From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+
+[ Upstream commit 9fc17b76fc70763780aa78b38fcf4742384044a5 ]
+
+As mentioned in a previous commit of this series, using the 'net'
+structure via 'current' is not recommended for different reasons:
+
+- Inconsistency: getting info from the reader's/writer's netns vs only
+  from the opener's netns.
+
+- current->nsproxy can be NULL in some cases, resulting in an 'Oops'
+  (null-ptr-deref), e.g. when the current task is exiting, as spotted by
+  syzbot [1] using acct(2).
+
+The 'net' structure can be obtained from the table->data using
+container_of().
+
+Note that table->data could also be used directly, as this is the only
+member needed from the 'net' structure, but that would increase the size
+of this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used.
+
+Fixes: 4f3fdf3bc59c ("sctp: add check rto_min and rto_max in sysctl")
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1]
+Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
+Link: https://patch.msgid.link/20250108-net-sysctl-current-nsproxy-v1-5-5df34b2083e8@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/sctp/sysctl.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
+index 4513d8d45e55..7777c0096a38 100644
+--- a/net/sctp/sysctl.c
++++ b/net/sctp/sysctl.c
+@@ -372,7 +372,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
+                               void __user *buffer, size_t *lenp,
+                               loff_t *ppos)
+ {
+-      struct net *net = current->nsproxy->net_ns;
++      struct net *net = container_of(ctl->data, struct net, sctp.rto_min);
+       unsigned int min = *(unsigned int *) ctl->extra1;
+       unsigned int max = *(unsigned int *) ctl->extra2;
+       struct ctl_table tbl;
+@@ -401,7 +401,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
+                               void __user *buffer, size_t *lenp,
+                               loff_t *ppos)
+ {
+-      struct net *net = current->nsproxy->net_ns;
++      struct net *net = container_of(ctl->data, struct net, sctp.rto_max);
+       unsigned int min = *(unsigned int *) ctl->extra1;
+       unsigned int max = *(unsigned int *) ctl->extra2;
+       struct ctl_table tbl;
+-- 
+2.39.5
+

diff --git a/queue-5.4/series b/queue-5.4/series
index 7f04bb2b26b87ecdf59a62e70d478e37c1c9b88c..c5d55d66318827fac0fd663f532e41e230f39e36 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -35,3 +35,17 @@ iio-gyro-fxas21002c-fix-missing-data-update-in-trigger-handler.patch
 iio-adc-ti-ads124s08-use-gpiod_set_value_cansleep.patch
 iio-adc-at91-call-input_free_device-on-allocated-iio_dev.patch
 iio-inkern-call-iio_device_put-only-on-mapped-devices.patch
+arm64-dts-rockchip-fix-defines-in-pd_vio-node-for-rk.patch
+arm64-dts-rockchip-fix-pd_tcpc0-and-pd_tcpc1-node-po.patch
+arm64-dts-rockchip-add-power-domain-cells-to-power-d.patch
+arm64-dts-rockchip-add-hevc-power-domain-clock-to-rk.patch
+phy-core-fix-code-style-in-devm_of_phy_provider_unre.patch
+phy-core-fix-that-api-devm_of_phy_provider_unregiste.patch
+ocfs2-correct-return-value-of-ocfs2_local_free_info.patch
+ocfs2-fix-slab-use-after-free-due-to-dangling-pointe.patch
+sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch
+riscv-abstract-out-csr-names-for-supervisor-vs-machi.patch
+riscv-remove-unused-handle_exception-symbol.patch
+risc-v-avoid-dereferening-null-regs-in-die.patch
+riscv-avoid-enabling-interrupts-in-die.patch
+riscv-fix-sleeping-in-invalid-context-in-die.patch