--- /dev/null
+From 7f700334be9aeb91d5d86ef9ad2d901b9b453e9b Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Mon, 29 Mar 2021 11:39:51 -0700
+Subject: ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 7f700334be9aeb91d5d86ef9ad2d901b9b453e9b upstream.
+
+After adopting CONFIG_PCPU_DEV_REFCNT=n option, syzbot was able to trigger
+a warning [1]
+
+Issue here is that:
+
+- all dev_put() should be paired with a corresponding dev_hold(),
+ and vice versa.
+
+- A driver doing a dev_put() in its ndo_uninit() MUST also
+ do a dev_hold() in its ndo_init(), only when ndo_init()
+ is returning 0.
+
+Otherwise, register_netdevice() would call ndo_uninit()
+in its error path and release a refcount too soon.
+
+ip6_gre for example (among others problematic drivers)
+has to use dev_hold() in ip6gre_tunnel_init_common()
+instead of from ip6gre_newlink_common(), covering
+both ip6gre_tunnel_init() and ip6gre_tap_init()/
+
+Note that ip6gre_tunnel_init_common() is not called from
+ip6erspan_tap_init() thus we also need to add a dev_hold() there,
+as ip6erspan_tunnel_uninit() does call dev_put()
+
+[1]
+refcount_t: decrement hit 0; leaking memory.
+WARNING: CPU: 0 PID: 8422 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
+Modules linked in:
+CPU: 1 PID: 8422 Comm: syz-executor854 Not tainted 5.12.0-rc4-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
+Code: 1d 6a 5a e8 09 31 ff 89 de e8 8d 1a ab fd 84 db 75 e0 e8 d4 13 ab fd 48 c7 c7 a0 e1 c1 89 c6 05 4a 5a e8 09 01 e8 2e 36 fb 04 <0f> 0b eb c4 e8 b8 13 ab fd 0f b6 1d 39 5a e8 09 31 ff 89 de e8 58
+RSP: 0018:ffffc900018befd0 EFLAGS: 00010282
+RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
+RDX: ffff88801ef19c40 RSI: ffffffff815c51f5 RDI: fffff52000317dec
+RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
+R10: ffffffff815bdf8e R11: 0000000000000000 R12: ffff888018cf4568
+R13: ffff888018cf4c00 R14: ffff8880228f2000 R15: ffffffff8d659b80
+FS: 00000000014eb300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 000055d7bf2b3138 CR3: 0000000014933000 CR4: 00000000001506f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ __refcount_dec include/linux/refcount.h:344 [inline]
+ refcount_dec include/linux/refcount.h:359 [inline]
+ dev_put include/linux/netdevice.h:4135 [inline]
+ ip6gre_tunnel_uninit+0x3d7/0x440 net/ipv6/ip6_gre.c:420
+ register_netdevice+0xadf/0x1500 net/core/dev.c:10308
+ ip6gre_newlink_common.constprop.0+0x158/0x410 net/ipv6/ip6_gre.c:1984
+ ip6gre_newlink+0x275/0x7a0 net/ipv6/ip6_gre.c:2017
+ __rtnl_newlink+0x1062/0x1710 net/core/rtnetlink.c:3443
+ rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3491
+ rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
+ netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
+ netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
+ netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
+ netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
+ sock_sendmsg_nosec net/socket.c:654 [inline]
+ sock_sendmsg+0xcf/0x120 net/socket.c:674
+ ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
+ ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
+ __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
+ do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
+
+Fixes: 919067cc845f ("net: add CONFIG_PCPU_DEV_REFCNT")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/ip6_gre.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/ipv6/ip6_gre.c
++++ b/net/ipv6/ip6_gre.c
+@@ -1483,6 +1483,7 @@ static int ip6gre_tunnel_init_common(str
+ }
+ ip6gre_tnl_init_features(dev);
+
++ dev_hold(dev);
+ return 0;
+
+ cleanup_dst_cache_init:
+@@ -1876,6 +1877,7 @@ static int ip6erspan_tap_init(struct net
+ dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
+ ip6erspan_tnl_link_config(tunnel, 1);
+
++ dev_hold(dev);
+ return 0;
+
+ cleanup_dst_cache_init:
+@@ -1975,8 +1977,6 @@ static int ip6gre_newlink_common(struct
+ if (tb[IFLA_MTU])
+ ip6_tnl_change_mtu(dev, nla_get_u32(tb[IFLA_MTU]));
+
+- dev_hold(dev);
+-
+ out:
+ return err;
+ }
--- /dev/null
+From 48bb5697269a7cbe5194dbb044dc38c517e34c58 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Mon, 29 Mar 2021 23:45:51 -0700
+Subject: ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 48bb5697269a7cbe5194dbb044dc38c517e34c58 upstream.
+
+Same reasons than for the previous commits :
+6289a98f0817 ("sit: proper dev_{hold|put} in ndo_[un]init methods")
+40cb881b5aaa ("ip6_vti: proper dev_{hold|put} in ndo_[un]init methods")
+7f700334be9a ("ip6_gre: proper dev_{hold|put} in ndo_[un]init methods")
+
+After adopting CONFIG_PCPU_DEV_REFCNT=n option, syzbot was able to trigger
+a warning [1]
+
+Issue here is that:
+
+- all dev_put() should be paired with a corresponding prior dev_hold().
+
+- A driver doing a dev_put() in its ndo_uninit() MUST also
+ do a dev_hold() in its ndo_init(), only when ndo_init()
+ is returning 0.
+
+Otherwise, register_netdevice() would call ndo_uninit()
+in its error path and release a refcount too soon.
+
+[1]
+WARNING: CPU: 1 PID: 21059 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
+Modules linked in:
+CPU: 1 PID: 21059 Comm: syz-executor.4 Not tainted 5.12.0-rc4-syzkaller #0
+Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
+RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31
+Code: 1d 6a 5a e8 09 31 ff 89 de e8 8d 1a ab fd 84 db 75 e0 e8 d4 13 ab fd 48 c7 c7 a0 e1 c1 89 c6 05 4a 5a e8 09 01 e8 2e 36 fb 04 <0f> 0b eb c4 e8 b8 13 ab fd 0f b6 1d 39 5a e8 09 31 ff 89 de e8 58
+RSP: 0018:ffffc900025aefe8 EFLAGS: 00010282
+RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
+RDX: 0000000000040000 RSI: ffffffff815c51f5 RDI: fffff520004b5def
+RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000
+R10: ffffffff815bdf8e R11: 0000000000000000 R12: ffff888023488568
+R13: ffff8880254e9000 R14: 00000000dfd82cfd R15: ffff88802ee2d7c0
+FS: 00007f13bc590700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
+CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+CR2: 00007f0943e74000 CR3: 0000000025273000 CR4: 00000000001506f0
+DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+Call Trace:
+ __refcount_dec include/linux/refcount.h:344 [inline]
+ refcount_dec include/linux/refcount.h:359 [inline]
+ dev_put include/linux/netdevice.h:4135 [inline]
+ ip6_tnl_dev_uninit+0x370/0x3d0 net/ipv6/ip6_tunnel.c:387
+ register_netdevice+0xadf/0x1500 net/core/dev.c:10308
+ ip6_tnl_create2+0x1b5/0x400 net/ipv6/ip6_tunnel.c:263
+ ip6_tnl_newlink+0x312/0x580 net/ipv6/ip6_tunnel.c:2052
+ __rtnl_newlink+0x1062/0x1710 net/core/rtnetlink.c:3443
+ rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3491
+ rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553
+ netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502
+ netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]
+ netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338
+ netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927
+ sock_sendmsg_nosec net/socket.c:654 [inline]
+ sock_sendmsg+0xcf/0x120 net/socket.c:674
+ ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350
+ ___sys_sendmsg+0xf3/0x170 net/socket.c:2404
+ __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433
+ do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
+ entry_SYSCALL_64_after_hwframe+0x44/0xae
+
+Fixes: 919067cc845f ("net: add CONFIG_PCPU_DEV_REFCNT")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/ip6_tunnel.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/ipv6/ip6_tunnel.c
++++ b/net/ipv6/ip6_tunnel.c
+@@ -267,7 +267,6 @@ static int ip6_tnl_create2(struct net_de
+
+ strcpy(t->parms.name, dev->name);
+
+- dev_hold(dev);
+ ip6_tnl_link(ip6n, t);
+ return 0;
+
+@@ -1861,6 +1860,7 @@ ip6_tnl_dev_init_gen(struct net_device *
+ dev->min_mtu = ETH_MIN_MTU;
+ dev->max_mtu = IP6_MAX_MTU - dev->hard_header_len;
+
++ dev_hold(dev);
+ return 0;
+
+ destroy_dst:
--- /dev/null
+From 0d7a7b2014b1a499a0fe24c9f3063d7856b5aaaf Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Wed, 31 Mar 2021 14:38:11 -0700
+Subject: ipv6: remove extra dev_hold() for fallback tunnels
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 0d7a7b2014b1a499a0fe24c9f3063d7856b5aaaf upstream.
+
+My previous commits added a dev_hold() in tunnels ndo_init(),
+but forgot to remove it from special functions setting up fallback tunnels.
+
+Fallback tunnels do call their respective ndo_init()
+
+This leads to various reports like :
+
+unregister_netdevice: waiting for ip6gre0 to become free. Usage count = 2
+
+Fixes: 48bb5697269a ("ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods")
+Fixes: 6289a98f0817 ("sit: proper dev_{hold|put} in ndo_[un]init methods")
+Fixes: 40cb881b5aaa ("ip6_vti: proper dev_{hold|put} in ndo_[un]init methods")
+Fixes: 7f700334be9a ("ip6_gre: proper dev_{hold|put} in ndo_[un]init methods")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/ip6_gre.c | 3 ---
+ net/ipv6/ip6_tunnel.c | 1 -
+ net/ipv6/ip6_vti.c | 1 -
+ net/ipv6/sit.c | 1 -
+ 4 files changed, 6 deletions(-)
+
+--- a/net/ipv6/ip6_gre.c
++++ b/net/ipv6/ip6_gre.c
+@@ -387,7 +387,6 @@ static struct ip6_tnl *ip6gre_tunnel_loc
+ if (!(nt->parms.o_flags & TUNNEL_SEQ))
+ dev->features |= NETIF_F_LLTX;
+
+- dev_hold(dev);
+ ip6gre_tunnel_link(ign, nt);
+ return nt;
+
+@@ -1526,8 +1525,6 @@ static void ip6gre_fb_tunnel_init(struct
+ strcpy(tunnel->parms.name, dev->name);
+
+ tunnel->hlen = sizeof(struct ipv6hdr) + 4;
+-
+- dev_hold(dev);
+ }
+
+ static struct inet6_protocol ip6gre_protocol __read_mostly = {
+--- a/net/ipv6/ip6_tunnel.c
++++ b/net/ipv6/ip6_tunnel.c
+@@ -1904,7 +1904,6 @@ static int __net_init ip6_fb_tnl_dev_ini
+ struct ip6_tnl_net *ip6n = net_generic(net, ip6_tnl_net_id);
+
+ t->parms.proto = IPPROTO_IPV6;
+- dev_hold(dev);
+
+ rcu_assign_pointer(ip6n->tnls_wc[0], t);
+ return 0;
+--- a/net/ipv6/ip6_vti.c
++++ b/net/ipv6/ip6_vti.c
+@@ -952,7 +952,6 @@ static int __net_init vti6_fb_tnl_dev_in
+ struct vti6_net *ip6n = net_generic(net, vti6_net_id);
+
+ t->parms.proto = IPPROTO_IPV6;
+- dev_hold(dev);
+
+ rcu_assign_pointer(ip6n->tnls_wc[0], t);
+ return 0;
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -1422,7 +1422,6 @@ static void __net_init ipip6_fb_tunnel_i
+ iph->ihl = 5;
+ iph->ttl = 64;
+
+- dev_hold(dev);
+ rcu_assign_pointer(sitn->tunnels_wc[0], tunnel);
+ }
+
--- /dev/null
+From 263d6287da1433aba11c5b4046388f2cdf49675c Mon Sep 17 00:00:00 2001
+From: Alexandru Elisei <alexandru.elisei@arm.com>
+Date: Wed, 7 Apr 2021 15:48:57 +0100
+Subject: KVM: arm64: Initialize VCPU mdcr_el2 before loading it
+
+From: Alexandru Elisei <alexandru.elisei@arm.com>
+
+commit 263d6287da1433aba11c5b4046388f2cdf49675c upstream.
+
+When a VCPU is created, the kvm_vcpu struct is initialized to zero in
+kvm_vm_ioctl_create_vcpu(). On VHE systems, the first time
+vcpu.arch.mdcr_el2 is loaded on hardware is in vcpu_load(), before it is
+set to a sensible value in kvm_arm_setup_debug() later in the run loop. The
+result is that KVM executes for a short time with MDCR_EL2 set to zero.
+
+This has several unintended consequences:
+
+* Setting MDCR_EL2.HPMN to 0 is constrained unpredictable according to ARM
+ DDI 0487G.a, page D13-3820. The behavior specified by the architecture
+ in this case is for the PE to behave as if MDCR_EL2.HPMN is set to a
+ value less than or equal to PMCR_EL0.N, which means that an unknown
+ number of counters are now disabled by MDCR_EL2.HPME, which is zero.
+
+* The host configuration for the other debug features controlled by
+ MDCR_EL2 is temporarily lost. This has been harmless so far, as Linux
+ doesn't use the other fields, but that might change in the future.
+
+Let's avoid both issues by initializing the VCPU's mdcr_el2 field in
+kvm_vcpu_vcpu_first_run_init(), thus making sure that the MDCR_EL2 register
+has a consistent value after each vcpu_load().
+
+Fixes: d5a21bcc2995 ("KVM: arm64: Move common VHE/non-VHE trap config in separate functions")
+Signed-off-by: Alexandru Elisei <alexandru.elisei@arm.com>
+Signed-off-by: Marc Zyngier <maz@kernel.org>
+Link: https://lore.kernel.org/r/20210407144857.199746-3-alexandru.elisei@arm.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm/include/asm/kvm_host.h | 1
+ arch/arm64/include/asm/kvm_host.h | 1
+ arch/arm64/kvm/debug.c | 88 +++++++++++++++++++++++++-------------
+ virt/kvm/arm/arm.c | 2
+ 4 files changed, 64 insertions(+), 28 deletions(-)
+
+--- a/arch/arm/include/asm/kvm_host.h
++++ b/arch/arm/include/asm/kvm_host.h
+@@ -335,6 +335,7 @@ static inline void kvm_arch_sched_in(str
+ static inline void kvm_arch_vcpu_block_finish(struct kvm_vcpu *vcpu) {}
+
+ static inline void kvm_arm_init_debug(void) {}
++static inline void kvm_arm_vcpu_init_debug(struct kvm_vcpu *vcpu) {}
+ static inline void kvm_arm_setup_debug(struct kvm_vcpu *vcpu) {}
+ static inline void kvm_arm_clear_debug(struct kvm_vcpu *vcpu) {}
+ static inline void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu) {}
+--- a/arch/arm64/include/asm/kvm_host.h
++++ b/arch/arm64/include/asm/kvm_host.h
+@@ -552,6 +552,7 @@ static inline void kvm_arch_sched_in(str
+ static inline void kvm_arch_vcpu_block_finish(struct kvm_vcpu *vcpu) {}
+
+ void kvm_arm_init_debug(void);
++void kvm_arm_vcpu_init_debug(struct kvm_vcpu *vcpu);
+ void kvm_arm_setup_debug(struct kvm_vcpu *vcpu);
+ void kvm_arm_clear_debug(struct kvm_vcpu *vcpu);
+ void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu);
+--- a/arch/arm64/kvm/debug.c
++++ b/arch/arm64/kvm/debug.c
+@@ -69,6 +69,64 @@ void kvm_arm_init_debug(void)
+ }
+
+ /**
++ * kvm_arm_setup_mdcr_el2 - configure vcpu mdcr_el2 value
++ *
++ * @vcpu: the vcpu pointer
++ *
++ * This ensures we will trap access to:
++ * - Performance monitors (MDCR_EL2_TPM/MDCR_EL2_TPMCR)
++ * - Debug ROM Address (MDCR_EL2_TDRA)
++ * - OS related registers (MDCR_EL2_TDOSA)
++ * - Statistical profiler (MDCR_EL2_TPMS/MDCR_EL2_E2PB)
++ * - Self-hosted Trace Filter controls (MDCR_EL2_TTRF)
++ */
++static void kvm_arm_setup_mdcr_el2(struct kvm_vcpu *vcpu)
++{
++ /*
++ * This also clears MDCR_EL2_E2PB_MASK to disable guest access
++ * to the profiling buffer.
++ */
++ vcpu->arch.mdcr_el2 = __this_cpu_read(mdcr_el2) & MDCR_EL2_HPMN_MASK;
++ vcpu->arch.mdcr_el2 |= (MDCR_EL2_TPM |
++ MDCR_EL2_TPMS |
++ MDCR_EL2_TTRF |
++ MDCR_EL2_TPMCR |
++ MDCR_EL2_TDRA |
++ MDCR_EL2_TDOSA);
++
++ /* Is the VM being debugged by userspace? */
++ if (vcpu->guest_debug)
++ /* Route all software debug exceptions to EL2 */
++ vcpu->arch.mdcr_el2 |= MDCR_EL2_TDE;
++
++ /*
++ * Trap debug register access when one of the following is true:
++ * - Userspace is using the hardware to debug the guest
++ * (KVM_GUESTDBG_USE_HW is set).
++ * - The guest is not using debug (KVM_ARM64_DEBUG_DIRTY is clear).
++ */
++ if ((vcpu->guest_debug & KVM_GUESTDBG_USE_HW) ||
++ !(vcpu->arch.flags & KVM_ARM64_DEBUG_DIRTY))
++ vcpu->arch.mdcr_el2 |= MDCR_EL2_TDA;
++
++ trace_kvm_arm_set_dreg32("MDCR_EL2", vcpu->arch.mdcr_el2);
++}
++
++/**
++ * kvm_arm_vcpu_init_debug - setup vcpu debug traps
++ *
++ * @vcpu: the vcpu pointer
++ *
++ * Set vcpu initial mdcr_el2 value.
++ */
++void kvm_arm_vcpu_init_debug(struct kvm_vcpu *vcpu)
++{
++ preempt_disable();
++ kvm_arm_setup_mdcr_el2(vcpu);
++ preempt_enable();
++}
++
++/**
+ * kvm_arm_reset_debug_ptr - reset the debug ptr to point to the vcpu state
+ */
+
+@@ -83,13 +141,7 @@ void kvm_arm_reset_debug_ptr(struct kvm_
+ * @vcpu: the vcpu pointer
+ *
+ * This is called before each entry into the hypervisor to setup any
+- * debug related registers. Currently this just ensures we will trap
+- * access to:
+- * - Performance monitors (MDCR_EL2_TPM/MDCR_EL2_TPMCR)
+- * - Debug ROM Address (MDCR_EL2_TDRA)
+- * - OS related registers (MDCR_EL2_TDOSA)
+- * - Statistical profiler (MDCR_EL2_TPMS/MDCR_EL2_E2PB)
+- * - Self-hosted Trace Filter controls (MDCR_EL2_TTRF)
++ * debug related registers.
+ *
+ * Additionally, KVM only traps guest accesses to the debug registers if
+ * the guest is not actively using them (see the KVM_ARM64_DEBUG_DIRTY
+@@ -101,28 +153,14 @@ void kvm_arm_reset_debug_ptr(struct kvm_
+
+ void kvm_arm_setup_debug(struct kvm_vcpu *vcpu)
+ {
+- bool trap_debug = !(vcpu->arch.flags & KVM_ARM64_DEBUG_DIRTY);
+ unsigned long mdscr, orig_mdcr_el2 = vcpu->arch.mdcr_el2;
+
+ trace_kvm_arm_setup_debug(vcpu, vcpu->guest_debug);
+
+- /*
+- * This also clears MDCR_EL2_E2PB_MASK to disable guest access
+- * to the profiling buffer.
+- */
+- vcpu->arch.mdcr_el2 = __this_cpu_read(mdcr_el2) & MDCR_EL2_HPMN_MASK;
+- vcpu->arch.mdcr_el2 |= (MDCR_EL2_TPM |
+- MDCR_EL2_TPMS |
+- MDCR_EL2_TTRF |
+- MDCR_EL2_TPMCR |
+- MDCR_EL2_TDRA |
+- MDCR_EL2_TDOSA);
++ kvm_arm_setup_mdcr_el2(vcpu);
+
+ /* Is Guest debugging in effect? */
+ if (vcpu->guest_debug) {
+- /* Route all software debug exceptions to EL2 */
+- vcpu->arch.mdcr_el2 |= MDCR_EL2_TDE;
+-
+ /* Save guest debug state */
+ save_guest_debug_regs(vcpu);
+
+@@ -176,7 +214,6 @@ void kvm_arm_setup_debug(struct kvm_vcpu
+
+ vcpu->arch.debug_ptr = &vcpu->arch.external_debug_state;
+ vcpu->arch.flags |= KVM_ARM64_DEBUG_DIRTY;
+- trap_debug = true;
+
+ trace_kvm_arm_set_regset("BKPTS", get_num_brps(),
+ &vcpu->arch.debug_ptr->dbg_bcr[0],
+@@ -191,10 +228,6 @@ void kvm_arm_setup_debug(struct kvm_vcpu
+ BUG_ON(!vcpu->guest_debug &&
+ vcpu->arch.debug_ptr != &vcpu->arch.vcpu_debug_state);
+
+- /* Trap debug register access */
+- if (trap_debug)
+- vcpu->arch.mdcr_el2 |= MDCR_EL2_TDA;
+-
+ /* If KDE or MDE are set, perform a full save/restore cycle. */
+ if (vcpu_read_sys_reg(vcpu, MDSCR_EL1) & (DBG_MDSCR_KDE | DBG_MDSCR_MDE))
+ vcpu->arch.flags |= KVM_ARM64_DEBUG_DIRTY;
+@@ -203,7 +236,6 @@ void kvm_arm_setup_debug(struct kvm_vcpu
+ if (has_vhe() && orig_mdcr_el2 != vcpu->arch.mdcr_el2)
+ write_sysreg(vcpu->arch.mdcr_el2, mdcr_el2);
+
+- trace_kvm_arm_set_dreg32("MDCR_EL2", vcpu->arch.mdcr_el2);
+ trace_kvm_arm_set_dreg32("MDSCR_EL1", vcpu_read_sys_reg(vcpu, MDSCR_EL1));
+ }
+
+--- a/virt/kvm/arm/arm.c
++++ b/virt/kvm/arm/arm.c
+@@ -579,6 +579,8 @@ static int kvm_vcpu_first_run_init(struc
+
+ vcpu->arch.has_run_once = true;
+
++ kvm_arm_vcpu_init_debug(vcpu);
++
+ if (likely(irqchip_in_kernel(kvm))) {
+ /*
+ * Map the VGIC hardware resources before running a vcpu the
--- /dev/null
+From 51839e29cb5954470ea4db7236ef8c3d77a6e0bb Mon Sep 17 00:00:00 2001
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Date: Wed, 9 Dec 2020 13:50:17 +0200
+Subject: scripts: switch explicitly to Python 3
+
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+
+commit 51839e29cb5954470ea4db7236ef8c3d77a6e0bb upstream.
+
+Some distributions are about to switch to Python 3 support only.
+This means that /usr/bin/python, which is Python 2, is not available
+anymore. Hence, switch scripts to use Python 3 explicitly.
+
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ scripts/bloat-o-meter | 2 +-
+ scripts/diffconfig | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/scripts/bloat-o-meter
++++ b/scripts/bloat-o-meter
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python3
+ #
+ # Copyright 2004 Matt Mackall <mpm@selenic.com>
+ #
+--- a/scripts/diffconfig
++++ b/scripts/diffconfig
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python3
+ # SPDX-License-Identifier: GPL-2.0
+ #
+ # diffconfig - a tool to compare .config files.
block-reexpand-iov_iter-after-read-write.patch
lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch
net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch
+ip6_gre-proper-dev_-hold-put-in-ndo_init-methods.patch
+sit-proper-dev_-hold-put-in-ndo_init-methods.patch
+ip6_tunnel-sit-proper-dev_-hold-put-in-ndo_init-methods.patch
+ipv6-remove-extra-dev_hold-for-fallback-tunnels.patch
+kvm-arm64-initialize-vcpu-mdcr_el2-before-loading-it.patch
+tweewide-fix-most-shebang-lines.patch
+scripts-switch-explicitly-to-python-3.patch
--- /dev/null
+From 6289a98f0817a4a457750d6345e754838eae9439 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Mon, 29 Mar 2021 12:25:22 -0700
+Subject: sit: proper dev_{hold|put} in ndo_[un]init methods
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 6289a98f0817a4a457750d6345e754838eae9439 upstream.
+
+After adopting CONFIG_PCPU_DEV_REFCNT=n option, syzbot was able to trigger
+a warning [1]
+
+Issue here is that:
+
+- all dev_put() should be paired with a corresponding prior dev_hold().
+
+- A driver doing a dev_put() in its ndo_uninit() MUST also
+ do a dev_hold() in its ndo_init(), only when ndo_init()
+ is returning 0.
+
+Otherwise, register_netdevice() would call ndo_uninit()
+in its error path and release a refcount too soon.
+
+Fixes: 919067cc845f ("net: add CONFIG_PCPU_DEV_REFCNT")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Reported-by: syzbot <syzkaller@googlegroups.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/sit.c | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+--- a/net/ipv6/sit.c
++++ b/net/ipv6/sit.c
+@@ -211,8 +211,6 @@ static int ipip6_tunnel_create(struct ne
+
+ ipip6_tunnel_clone_6rd(dev, sitn);
+
+- dev_hold(dev);
+-
+ ipip6_tunnel_link(sitn, t);
+ return 0;
+
+@@ -1408,7 +1406,7 @@ static int ipip6_tunnel_init(struct net_
+ dev->tstats = NULL;
+ return err;
+ }
+-
++ dev_hold(dev);
+ return 0;
+ }
+
--- /dev/null
+From c25ce589dca10d64dde139ae093abc258a32869c Mon Sep 17 00:00:00 2001
+From: Finn Behrens <me@kloenk.de>
+Date: Mon, 23 Nov 2020 15:15:33 +0100
+Subject: tweewide: Fix most Shebang lines
+
+From: Finn Behrens <me@kloenk.de>
+
+commit c25ce589dca10d64dde139ae093abc258a32869c upstream.
+
+Change every shebang which does not need an argument to use /usr/bin/env.
+This is needed as not every distro has everything under /usr/bin,
+sometimes not even bash.
+
+Signed-off-by: Finn Behrens <me@kloenk.de>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ Documentation/sphinx/parse-headers.pl | 2 +-
+ Documentation/target/tcm_mod_builder.py | 2 +-
+ Documentation/trace/postprocess/decode_msr.py | 2 +-
+ Documentation/trace/postprocess/trace-pagealloc-postprocess.pl | 2 +-
+ Documentation/trace/postprocess/trace-vmscan-postprocess.pl | 2 +-
+ arch/ia64/scripts/unwcheck.py | 2 +-
+ scripts/bloat-o-meter | 2 +-
+ scripts/config | 2 +-
+ scripts/diffconfig | 2 +-
+ scripts/get_abi.pl | 2 +-
+ scripts/show_delta | 2 +-
+ scripts/sphinx-pre-install | 2 +-
+ scripts/split-man.pl | 2 +-
+ scripts/tracing/draw_functrace.py | 2 +-
+ tools/perf/python/tracepoint.py | 2 +-
+ tools/perf/python/twatch.py | 2 +-
+ tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py | 2 +-
+ tools/testing/ktest/compare-ktest-sample.pl | 2 +-
+ tools/testing/selftests/bpf/test_offload.py | 2 +-
+ tools/testing/selftests/kselftest/prefix.pl | 2 +-
+ tools/testing/selftests/tc-testing/tdc_batch.py | 2 +-
+ tools/testing/selftests/tc-testing/tdc_multibatch.py | 2 +-
+ 22 files changed, 22 insertions(+), 22 deletions(-)
+
+--- a/Documentation/sphinx/parse-headers.pl
++++ b/Documentation/sphinx/parse-headers.pl
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl
++#!/usr/bin/env perl
+ use strict;
+ use Text::Tabs;
+ use Getopt::Long;
+--- a/Documentation/target/tcm_mod_builder.py
++++ b/Documentation/target/tcm_mod_builder.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python
+ # The TCM v4 multi-protocol fabric module generation script for drivers/target/$NEW_MOD
+ #
+ # Copyright (c) 2010 Rising Tide Systems
+--- a/Documentation/trace/postprocess/decode_msr.py
++++ b/Documentation/trace/postprocess/decode_msr.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python
+ # add symbolic names to read_msr / write_msr in trace
+ # decode_msr msr-index.h < trace
+ import sys
+--- a/Documentation/trace/postprocess/trace-pagealloc-postprocess.pl
++++ b/Documentation/trace/postprocess/trace-pagealloc-postprocess.pl
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl
++#!/usr/bin/env perl
+ # This is a POC (proof of concept or piece of crap, take your pick) for reading the
+ # text representation of trace output related to page allocation. It makes an attempt
+ # to extract some high-level information on what is going on. The accuracy of the parser
+--- a/Documentation/trace/postprocess/trace-vmscan-postprocess.pl
++++ b/Documentation/trace/postprocess/trace-vmscan-postprocess.pl
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl
++#!/usr/bin/env perl
+ # This is a POC for reading the text representation of trace output related to
+ # page reclaim. It makes an attempt to extract some high-level information on
+ # what is going on. The accuracy of the parser may vary
+--- a/arch/ia64/scripts/unwcheck.py
++++ b/arch/ia64/scripts/unwcheck.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python
+ # SPDX-License-Identifier: GPL-2.0
+ #
+ # Usage: unwcheck.py FILE
+--- a/scripts/bloat-o-meter
++++ b/scripts/bloat-o-meter
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python
+ #
+ # Copyright 2004 Matt Mackall <mpm@selenic.com>
+ #
+--- a/scripts/config
++++ b/scripts/config
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/usr/bin/env bash
+ # SPDX-License-Identifier: GPL-2.0
+ # Manipulate options in a .config file from the command line
+
+--- a/scripts/diffconfig
++++ b/scripts/diffconfig
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python
+ # SPDX-License-Identifier: GPL-2.0
+ #
+ # diffconfig - a tool to compare .config files.
+--- a/scripts/get_abi.pl
++++ b/scripts/get_abi.pl
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl
++#!/usr/bin/env perl
+ # SPDX-License-Identifier: GPL-2.0
+
+ use strict;
+--- a/scripts/show_delta
++++ b/scripts/show_delta
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python
+ # SPDX-License-Identifier: GPL-2.0-only
+ #
+ # show_deltas: Read list of printk messages instrumented with
+--- a/scripts/sphinx-pre-install
++++ b/scripts/sphinx-pre-install
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl
++#!/usr/bin/env perl
+ # SPDX-License-Identifier: GPL-2.0-or-later
+ use strict;
+
+--- a/scripts/split-man.pl
++++ b/scripts/split-man.pl
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl
++#!/usr/bin/env perl
+ # SPDX-License-Identifier: GPL-2.0
+ #
+ # Author: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
+--- a/scripts/tracing/draw_functrace.py
++++ b/scripts/tracing/draw_functrace.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python
+ # SPDX-License-Identifier: GPL-2.0-only
+
+ """
+--- a/tools/perf/python/tracepoint.py
++++ b/tools/perf/python/tracepoint.py
+@@ -1,4 +1,4 @@
+-#! /usr/bin/python
++#! /usr/bin/env python
+ # SPDX-License-Identifier: GPL-2.0
+ # -*- python -*-
+ # -*- coding: utf-8 -*-
+--- a/tools/perf/python/twatch.py
++++ b/tools/perf/python/twatch.py
+@@ -1,4 +1,4 @@
+-#! /usr/bin/python
++#! /usr/bin/env python
+ # SPDX-License-Identifier: GPL-2.0-only
+ # -*- python -*-
+ # -*- coding: utf-8 -*-
+--- a/tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py
++++ b/tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python
++#!/usr/bin/env python
+ # SPDX-License-Identifier: GPL-2.0-only
+ # -*- coding: utf-8 -*-
+ #
+--- a/tools/testing/ktest/compare-ktest-sample.pl
++++ b/tools/testing/ktest/compare-ktest-sample.pl
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl
++#!/usr/bin/env perl
+ # SPDX-License-Identifier: GPL-2.0
+
+ open (IN,"ktest.pl");
+--- a/tools/testing/selftests/bpf/test_offload.py
++++ b/tools/testing/selftests/bpf/test_offload.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
++#!/usr/bin/env python3
+
+ # Copyright (C) 2017 Netronome Systems, Inc.
+ # Copyright (c) 2019 Mellanox Technologies. All rights reserved
+--- a/tools/testing/selftests/kselftest/prefix.pl
++++ b/tools/testing/selftests/kselftest/prefix.pl
+@@ -1,4 +1,4 @@
+-#!/usr/bin/perl
++#!/usr/bin/env perl
+ # SPDX-License-Identifier: GPL-2.0
+ # Prefix all lines with "# ", unbuffered. Command being piped in may need
+ # to have unbuffering forced with "stdbuf -i0 -o0 -e0 $cmd".
+--- a/tools/testing/selftests/tc-testing/tdc_batch.py
++++ b/tools/testing/selftests/tc-testing/tdc_batch.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
++#!/usr/bin/env python3
+
+ """
+ tdc_batch.py - a script to generate TC batch file
+--- a/tools/testing/selftests/tc-testing/tdc_multibatch.py
++++ b/tools/testing/selftests/tc-testing/tdc_multibatch.py
+@@ -1,4 +1,4 @@
+-#!/usr/bin/python3
++#!/usr/bin/env python3
+ # SPDX-License-Identifier: GPL-2.0
+ """
+ tdc_multibatch.py - a thin wrapper over tdc_batch.py to generate multiple batch
projects / thirdparty / kernel / stable-queue.git / commitdiff
