From: Sasha Levin Date: Mon, 25 Apr 2022 08:25:52 +0000 (-0400) Subject: Fixes for 5.17 X-Git-Tag: v4.9.312~46^2~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0b06414664b48db2e229b5d8c561463a2e79146c;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.17 Signed-off-by: Sasha Levin --- diff --git a/queue-5.17/arm-xen-fix-some-refcount-leaks.patch b/queue-5.17/arm-xen-fix-some-refcount-leaks.patch new file mode 100644 index 00000000000..e5a4a8977e5 --- /dev/null +++ b/queue-5.17/arm-xen-fix-some-refcount-leaks.patch @@ -0,0 +1,68 @@ +From b6266c8dd2e6cd9e4b49b52568409dc0a43cf0ba Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Apr 2022 01:49:13 +0000 +Subject: arm/xen: Fix some refcount leaks + +From: Miaoqian Lin + +[ Upstream commit 533bec143a4c32f7b2014a159d0f5376226e5b4d ] + +The of_find_compatible_node() function returns a node pointer with +refcount incremented, We should use of_node_put() on it when done +Add the missing of_node_put() to release the refcount. + +Fixes: 9b08aaa3199a ("ARM: XEN: Move xen_early_init() before efi_init()") +Fixes: b2371587fe0c ("arm/xen: Read extended regions from DT and init Xen resource") +Signed-off-by: Miaoqian Lin +Reviewed-by: Stefano Stabellini +Signed-off-by: Stefano Stabellini +Signed-off-by: Sasha Levin +--- + arch/arm/xen/enlighten.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/xen/enlighten.c b/arch/arm/xen/enlighten.c +index ec5b082f3de6..07eb69f9e7df 100644 +--- a/arch/arm/xen/enlighten.c ++++ b/arch/arm/xen/enlighten.c +@@ -337,12 +337,15 @@ int __init arch_xen_unpopulated_init(struct resource **res) + + if (!nr_reg) { + pr_err("No extended regions are found\n"); ++ of_node_put(np); + return -EINVAL; + } + + regs = kcalloc(nr_reg, sizeof(*regs), GFP_KERNEL); +- if (!regs) ++ if (!regs) { ++ of_node_put(np); + return -ENOMEM; ++ } + + /* + * Create resource from extended regions provided by the hypervisor to be +@@ -403,8 +406,8 @@ int __init arch_xen_unpopulated_init(struct resource **res) + *res = &xen_resource; + + err: ++ of_node_put(np); + kfree(regs); +- + return rc; + } + #endif +@@ -424,8 +427,10 @@ static void __init xen_dt_guest_init(void) + + if (of_address_to_resource(xen_node, GRANT_TABLE_INDEX, &res)) { + pr_err("Xen grant table region is not found\n"); ++ of_node_put(xen_node); + return; + } ++ of_node_put(xen_node); + xen_grant_frames = res.start; + } + +-- +2.35.1 + diff --git a/queue-5.17/drm-panel-raspberrypi-touchscreen-avoid-null-deref-i.patch b/queue-5.17/drm-panel-raspberrypi-touchscreen-avoid-null-deref-i.patch new file mode 100644 index 00000000000..58e8c279744 --- /dev/null +++ b/queue-5.17/drm-panel-raspberrypi-touchscreen-avoid-null-deref-i.patch @@ -0,0 +1,43 @@ +From b99ea615af70f64bd30ec6104bd759bcf23ec12b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Apr 2022 18:25:12 +0200 +Subject: drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not + initialised + +From: Dave Stevenson + +[ Upstream commit f92055ae0acb035891e988ce345d6b81a0316423 ] + +If a call to rpi_touchscreen_i2c_write from rpi_touchscreen_probe +fails before mipi_dsi_device_register_full is called, then +in trying to log the error message if uses ts->dsi->dev when +it is still NULL. + +Use ts->i2c->dev instead, which is initialised earlier in probe. + +Fixes: 2f733d6194bd ("drm/panel: Add support for the Raspberry Pi 7" Touchscreen.") +Signed-off-by: Dave Stevenson +Signed-off-by: Stefan Wahren +Signed-off-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20220415162513.42190-2-stefan.wahren@i2se.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c +index 46029c5610c8..1f805eb8fdb5 100644 +--- a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c ++++ b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c +@@ -229,7 +229,7 @@ static void rpi_touchscreen_i2c_write(struct rpi_touchscreen *ts, + + ret = i2c_smbus_write_byte_data(ts->i2c, reg, val); + if (ret) +- dev_err(&ts->dsi->dev, "I2C write failed: %d\n", ret); ++ dev_err(&ts->i2c->dev, "I2C write failed: %d\n", ret); + } + + static int rpi_touchscreen_write(struct rpi_touchscreen *ts, u16 reg, u32 val) +-- +2.35.1 + diff --git a/queue-5.17/drm-panel-raspberrypi-touchscreen-initialise-the-bri.patch b/queue-5.17/drm-panel-raspberrypi-touchscreen-initialise-the-bri.patch new file mode 100644 index 00000000000..8ea58fecf2e --- /dev/null +++ b/queue-5.17/drm-panel-raspberrypi-touchscreen-initialise-the-bri.patch @@ -0,0 +1,63 @@ +From 658b23d3296288fa8e159a083e879deb8a5ddc12 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Apr 2022 18:25:13 +0200 +Subject: drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare + +From: Dave Stevenson + +[ Upstream commit 5f18c0782b99e26121efa93d20b76c19e17aa1dd ] + +The panel has a prepare call which is before video starts, and an +enable call which is after. +The Toshiba bridge should be configured before video, so move +the relevant power and initialisation calls to prepare. + +Fixes: 2f733d6194bd ("drm/panel: Add support for the Raspberry Pi 7" Touchscreen.") +Signed-off-by: Dave Stevenson +Signed-off-by: Stefan Wahren +Signed-off-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20220415162513.42190-3-stefan.wahren@i2se.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c +index 1f805eb8fdb5..145047e19394 100644 +--- a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c ++++ b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c +@@ -265,7 +265,7 @@ static int rpi_touchscreen_noop(struct drm_panel *panel) + return 0; + } + +-static int rpi_touchscreen_enable(struct drm_panel *panel) ++static int rpi_touchscreen_prepare(struct drm_panel *panel) + { + struct rpi_touchscreen *ts = panel_to_ts(panel); + int i; +@@ -295,6 +295,13 @@ static int rpi_touchscreen_enable(struct drm_panel *panel) + rpi_touchscreen_write(ts, DSI_STARTDSI, 0x01); + msleep(100); + ++ return 0; ++} ++ ++static int rpi_touchscreen_enable(struct drm_panel *panel) ++{ ++ struct rpi_touchscreen *ts = panel_to_ts(panel); ++ + /* Turn on the backlight. */ + rpi_touchscreen_i2c_write(ts, REG_PWM, 255); + +@@ -349,7 +356,7 @@ static int rpi_touchscreen_get_modes(struct drm_panel *panel, + static const struct drm_panel_funcs rpi_touchscreen_funcs = { + .disable = rpi_touchscreen_disable, + .unprepare = rpi_touchscreen_noop, +- .prepare = rpi_touchscreen_noop, ++ .prepare = rpi_touchscreen_prepare, + .enable = rpi_touchscreen_enable, + .get_modes = rpi_touchscreen_get_modes, + }; +-- +2.35.1 + diff --git a/queue-5.17/drm-radeon-fix-logic-inversion-in-radeon_sync_resv.patch b/queue-5.17/drm-radeon-fix-logic-inversion-in-radeon_sync_resv.patch new file mode 100644 index 00000000000..6de169f2f97 --- /dev/null +++ b/queue-5.17/drm-radeon-fix-logic-inversion-in-radeon_sync_resv.patch @@ -0,0 +1,40 @@ +From 7b5da286d843b868516cd1bb25202df5831115ef Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Apr 2022 15:49:09 +0200 +Subject: drm/radeon: fix logic inversion in radeon_sync_resv +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian König + +[ Upstream commit 022074918042465668db9b0f768e2260b1e39c59 ] + +Shared is the opposite of write/exclusive. + +Signed-off-by: Christian König +Fixes: 0597ca7b43e4 ("drm/radeon: use new iterator in radeon_sync_resv") +Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1970 +Reviewed-by: Alex Deucher +Link: https://patchwork.freedesktop.org/patch/msgid/20220412093626.608767-1-christian.koenig@amd.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/radeon/radeon_sync.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/radeon/radeon_sync.c b/drivers/gpu/drm/radeon/radeon_sync.c +index b991ba1bcd51..f63efd8d5e52 100644 +--- a/drivers/gpu/drm/radeon/radeon_sync.c ++++ b/drivers/gpu/drm/radeon/radeon_sync.c +@@ -96,7 +96,7 @@ int radeon_sync_resv(struct radeon_device *rdev, + struct dma_fence *f; + int r = 0; + +- dma_resv_for_each_fence(&cursor, resv, shared, f) { ++ dma_resv_for_each_fence(&cursor, resv, !shared, f) { + fence = to_radeon_fence(f); + if (fence && fence->rdev == rdev) + radeon_sync_fence(sync, fence); +-- +2.35.1 + diff --git a/queue-5.17/drm-vc4-use-pm_runtime_resume_and_get-to-fix-pm_runt.patch b/queue-5.17/drm-vc4-use-pm_runtime_resume_and_get-to-fix-pm_runt.patch new file mode 100644 index 00000000000..35f94f261a5 --- /dev/null +++ b/queue-5.17/drm-vc4-use-pm_runtime_resume_and_get-to-fix-pm_runt.patch @@ -0,0 +1,42 @@ +From b065de2b85257308656dcf2d8bee0fbe646190b0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Apr 2022 21:50:07 +0800 +Subject: drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() + usage + +From: Miaoqian Lin + +[ Upstream commit 3d0b93d92a2790337aa9d18cb332d02356a24126 ] + +If the device is already in a runtime PM enabled state +pm_runtime_get_sync() will return 1. + +Also, we need to call pm_runtime_put_noidle() when pm_runtime_get_sync() +fails, so use pm_runtime_resume_and_get() instead. this function +will handle this. + +Fixes: 4078f5757144 ("drm/vc4: Add DSI driver") +Signed-off-by: Miaoqian Lin +Signed-off-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20220420135008.2757-1-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/vc4/vc4_dsi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/vc4/vc4_dsi.c b/drivers/gpu/drm/vc4/vc4_dsi.c +index 9300d3354c51..64dfefeb03f5 100644 +--- a/drivers/gpu/drm/vc4/vc4_dsi.c ++++ b/drivers/gpu/drm/vc4/vc4_dsi.c +@@ -846,7 +846,7 @@ static void vc4_dsi_encoder_enable(struct drm_encoder *encoder) + unsigned long phy_clock; + int ret; + +- ret = pm_runtime_get_sync(dev); ++ ret = pm_runtime_resume_and_get(dev); + if (ret) { + DRM_ERROR("Failed to runtime PM enable on DSI%d\n", dsi->variant->port); + return; +-- +2.35.1 + diff --git a/queue-5.17/input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch b/queue-5.17/input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch new file mode 100644 index 00000000000..5fd9b833e42 --- /dev/null +++ b/queue-5.17/input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch @@ -0,0 +1,38 @@ +From 6e96c2d2c23c13cf421dae944a29eea0acef20d1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 17 Apr 2022 13:03:31 -0700 +Subject: Input: omap4-keypad - fix pm_runtime_get_sync() error checking + +From: Miaoqian Lin + +[ Upstream commit 81022a170462d38ea10612cb67e8e2c529d58abe ] + +If the device is already in a runtime PM enabled state +pm_runtime_get_sync() will return 1, so a test for negative +value should be used to check for errors. + +Fixes: f77621cc640a ("Input: omap-keypad - dynamically handle register offsets") +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220412070131.19848-1-linmq006@gmail.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/keyboard/omap4-keypad.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/input/keyboard/omap4-keypad.c b/drivers/input/keyboard/omap4-keypad.c +index 43375b38ee59..8a7ce41b8c56 100644 +--- a/drivers/input/keyboard/omap4-keypad.c ++++ b/drivers/input/keyboard/omap4-keypad.c +@@ -393,7 +393,7 @@ static int omap4_keypad_probe(struct platform_device *pdev) + * revision register. + */ + error = pm_runtime_get_sync(dev); +- if (error) { ++ if (error < 0) { + dev_err(dev, "pm_runtime_get_sync() failed\n"); + pm_runtime_put_noidle(dev); + return error; +-- +2.35.1 + diff --git a/queue-5.17/io_uring-free-iovec-if-file-assignment-fails.patch b/queue-5.17/io_uring-free-iovec-if-file-assignment-fails.patch new file mode 100644 index 00000000000..c9bb7b0b04e --- /dev/null +++ b/queue-5.17/io_uring-free-iovec-if-file-assignment-fails.patch @@ -0,0 +1,52 @@ +From cdf55fdc51a4784e6647035ca1978d769e9d9517 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 16 Apr 2022 21:14:00 -0600 +Subject: io_uring: free iovec if file assignment fails + +From: Jens Axboe + +[ Upstream commit 323b190ba2debbcc03c01d2edaf1ec6b43e6ae43 ] + +We just return failure in this case, but we need to release the iovec +first. If we're doing IO with more than FAST_IOV segments, then the +iovec is allocated and must be freed. + +Reported-by: syzbot+96b43810dfe9c3bb95ed@syzkaller.appspotmail.com +Fixes: 584b0180f0f4 ("io_uring: move read/write file prep state into actual opcode handler") +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/io_uring.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/fs/io_uring.c b/fs/io_uring.c +index 619c67fd456d..9349d7e0754f 100644 +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -3622,8 +3622,10 @@ static int io_read(struct io_kiocb *req, unsigned int issue_flags) + iovec = NULL; + } + ret = io_rw_init_file(req, FMODE_READ); +- if (unlikely(ret)) ++ if (unlikely(ret)) { ++ kfree(iovec); + return ret; ++ } + req->result = iov_iter_count(&s->iter); + + if (force_nonblock) { +@@ -3742,8 +3744,10 @@ static int io_write(struct io_kiocb *req, unsigned int issue_flags) + iovec = NULL; + } + ret = io_rw_init_file(req, FMODE_WRITE); +- if (unlikely(ret)) ++ if (unlikely(ret)) { ++ kfree(iovec); + return ret; ++ } + req->result = iov_iter_count(&s->iter); + + if (force_nonblock) { +-- +2.35.1 + diff --git a/queue-5.17/kvm-ppc-fix-tce-handling-for-vfio.patch b/queue-5.17/kvm-ppc-fix-tce-handling-for-vfio.patch new file mode 100644 index 00000000000..85b6d5cfcd4 --- /dev/null +++ b/queue-5.17/kvm-ppc-fix-tce-handling-for-vfio.patch @@ -0,0 +1,294 @@ +From 5928047b752c832eae8fded792eb5da4c4942759 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Apr 2022 15:08:40 +1000 +Subject: KVM: PPC: Fix TCE handling for VFIO + +From: Alexey Kardashevskiy + +[ Upstream commit 26a62b750a4e6364b0393562f66759b1494c3a01 ] + +The LoPAPR spec defines a guest visible IOMMU with a variable page size. +Currently QEMU advertises 4K, 64K, 2M, 16MB pages, a Linux VM picks +the biggest (16MB). In the case of a passed though PCI device, there is +a hardware IOMMU which does not support all pages sizes from the above - +P8 cannot do 2MB and P9 cannot do 16MB. So for each emulated +16M IOMMU page we may create several smaller mappings ("TCEs") in +the hardware IOMMU. + +The code wrongly uses the emulated TCE index instead of hardware TCE +index in error handling. The problem is easier to see on POWER8 with +multi-level TCE tables (when only the first level is preallocated) +as hash mode uses real mode TCE hypercalls handlers. +The kernel starts using indirect tables when VMs get bigger than 128GB +(depends on the max page order). +The very first real mode hcall is going to fail with H_TOO_HARD as +in the real mode we cannot allocate memory for TCEs (we can in the virtual +mode) but on the way out the code attempts to clear hardware TCEs using +emulated TCE indexes which corrupts random kernel memory because +it_offset==1<<59 is subtracted from those indexes and the resulting index +is out of the TCE table bounds. + +This fixes kvmppc_clear_tce() to use the correct TCE indexes. + +While at it, this fixes TCE cache invalidation which uses emulated TCE +indexes instead of the hardware ones. This went unnoticed as 64bit DMA +is used these days and VMs map all RAM in one go and only then do DMA +and this is when the TCE cache gets populated. + +Potentially this could slow down mapping, however normally 16MB +emulated pages are backed by 64K hardware pages so it is one write to +the "TCE Kill" per 256 updates which is not that bad considering the size +of the cache (1024 TCEs or so). + +Fixes: ca1fc489cfa0 ("KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages") + +Signed-off-by: Alexey Kardashevskiy +Tested-by: David Gibson +Reviewed-by: Frederic Barrat +Reviewed-by: David Gibson +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220420050840.328223-1-aik@ozlabs.ru +Signed-off-by: Sasha Levin +--- + arch/powerpc/kvm/book3s_64_vio.c | 45 +++++++++++++++-------------- + arch/powerpc/kvm/book3s_64_vio_hv.c | 44 ++++++++++++++-------------- + 2 files changed, 45 insertions(+), 44 deletions(-) + +diff --git a/arch/powerpc/kvm/book3s_64_vio.c b/arch/powerpc/kvm/book3s_64_vio.c +index d42b4b6d4a79..85cfa6328222 100644 +--- a/arch/powerpc/kvm/book3s_64_vio.c ++++ b/arch/powerpc/kvm/book3s_64_vio.c +@@ -420,13 +420,19 @@ static void kvmppc_tce_put(struct kvmppc_spapr_tce_table *stt, + tbl[idx % TCES_PER_PAGE] = tce; + } + +-static void kvmppc_clear_tce(struct mm_struct *mm, struct iommu_table *tbl, +- unsigned long entry) ++static void kvmppc_clear_tce(struct mm_struct *mm, struct kvmppc_spapr_tce_table *stt, ++ struct iommu_table *tbl, unsigned long entry) + { +- unsigned long hpa = 0; +- enum dma_data_direction dir = DMA_NONE; ++ unsigned long i; ++ unsigned long subpages = 1ULL << (stt->page_shift - tbl->it_page_shift); ++ unsigned long io_entry = entry << (stt->page_shift - tbl->it_page_shift); ++ ++ for (i = 0; i < subpages; ++i) { ++ unsigned long hpa = 0; ++ enum dma_data_direction dir = DMA_NONE; + +- iommu_tce_xchg_no_kill(mm, tbl, entry, &hpa, &dir); ++ iommu_tce_xchg_no_kill(mm, tbl, io_entry + i, &hpa, &dir); ++ } + } + + static long kvmppc_tce_iommu_mapped_dec(struct kvm *kvm, +@@ -485,6 +491,8 @@ static long kvmppc_tce_iommu_unmap(struct kvm *kvm, + break; + } + ++ iommu_tce_kill(tbl, io_entry, subpages); ++ + return ret; + } + +@@ -544,6 +552,8 @@ static long kvmppc_tce_iommu_map(struct kvm *kvm, + break; + } + ++ iommu_tce_kill(tbl, io_entry, subpages); ++ + return ret; + } + +@@ -590,10 +600,9 @@ long kvmppc_h_put_tce(struct kvm_vcpu *vcpu, unsigned long liobn, + ret = kvmppc_tce_iommu_map(vcpu->kvm, stt, stit->tbl, + entry, ua, dir); + +- iommu_tce_kill(stit->tbl, entry, 1); + + if (ret != H_SUCCESS) { +- kvmppc_clear_tce(vcpu->kvm->mm, stit->tbl, entry); ++ kvmppc_clear_tce(vcpu->kvm->mm, stt, stit->tbl, entry); + goto unlock_exit; + } + } +@@ -669,13 +678,13 @@ long kvmppc_h_put_tce_indirect(struct kvm_vcpu *vcpu, + */ + if (get_user(tce, tces + i)) { + ret = H_TOO_HARD; +- goto invalidate_exit; ++ goto unlock_exit; + } + tce = be64_to_cpu(tce); + + if (kvmppc_tce_to_ua(vcpu->kvm, tce, &ua)) { + ret = H_PARAMETER; +- goto invalidate_exit; ++ goto unlock_exit; + } + + list_for_each_entry_lockless(stit, &stt->iommu_tables, next) { +@@ -684,19 +693,15 @@ long kvmppc_h_put_tce_indirect(struct kvm_vcpu *vcpu, + iommu_tce_direction(tce)); + + if (ret != H_SUCCESS) { +- kvmppc_clear_tce(vcpu->kvm->mm, stit->tbl, +- entry); +- goto invalidate_exit; ++ kvmppc_clear_tce(vcpu->kvm->mm, stt, stit->tbl, ++ entry + i); ++ goto unlock_exit; + } + } + + kvmppc_tce_put(stt, entry + i, tce); + } + +-invalidate_exit: +- list_for_each_entry_lockless(stit, &stt->iommu_tables, next) +- iommu_tce_kill(stit->tbl, entry, npages); +- + unlock_exit: + srcu_read_unlock(&vcpu->kvm->srcu, idx); + +@@ -735,20 +740,16 @@ long kvmppc_h_stuff_tce(struct kvm_vcpu *vcpu, + continue; + + if (ret == H_TOO_HARD) +- goto invalidate_exit; ++ return ret; + + WARN_ON_ONCE(1); +- kvmppc_clear_tce(vcpu->kvm->mm, stit->tbl, entry); ++ kvmppc_clear_tce(vcpu->kvm->mm, stt, stit->tbl, entry + i); + } + } + + for (i = 0; i < npages; ++i, ioba += (1ULL << stt->page_shift)) + kvmppc_tce_put(stt, ioba >> stt->page_shift, tce_value); + +-invalidate_exit: +- list_for_each_entry_lockless(stit, &stt->iommu_tables, next) +- iommu_tce_kill(stit->tbl, ioba >> stt->page_shift, npages); +- + return ret; + } + EXPORT_SYMBOL_GPL(kvmppc_h_stuff_tce); +diff --git a/arch/powerpc/kvm/book3s_64_vio_hv.c b/arch/powerpc/kvm/book3s_64_vio_hv.c +index 870b7f0c7ea5..fdeda6a9cff4 100644 +--- a/arch/powerpc/kvm/book3s_64_vio_hv.c ++++ b/arch/powerpc/kvm/book3s_64_vio_hv.c +@@ -247,13 +247,19 @@ static void iommu_tce_kill_rm(struct iommu_table *tbl, + tbl->it_ops->tce_kill(tbl, entry, pages, true); + } + +-static void kvmppc_rm_clear_tce(struct kvm *kvm, struct iommu_table *tbl, +- unsigned long entry) ++static void kvmppc_rm_clear_tce(struct kvm *kvm, struct kvmppc_spapr_tce_table *stt, ++ struct iommu_table *tbl, unsigned long entry) + { +- unsigned long hpa = 0; +- enum dma_data_direction dir = DMA_NONE; ++ unsigned long i; ++ unsigned long subpages = 1ULL << (stt->page_shift - tbl->it_page_shift); ++ unsigned long io_entry = entry << (stt->page_shift - tbl->it_page_shift); ++ ++ for (i = 0; i < subpages; ++i) { ++ unsigned long hpa = 0; ++ enum dma_data_direction dir = DMA_NONE; + +- iommu_tce_xchg_no_kill_rm(kvm->mm, tbl, entry, &hpa, &dir); ++ iommu_tce_xchg_no_kill_rm(kvm->mm, tbl, io_entry + i, &hpa, &dir); ++ } + } + + static long kvmppc_rm_tce_iommu_mapped_dec(struct kvm *kvm, +@@ -316,6 +322,8 @@ static long kvmppc_rm_tce_iommu_unmap(struct kvm *kvm, + break; + } + ++ iommu_tce_kill_rm(tbl, io_entry, subpages); ++ + return ret; + } + +@@ -379,6 +387,8 @@ static long kvmppc_rm_tce_iommu_map(struct kvm *kvm, + break; + } + ++ iommu_tce_kill_rm(tbl, io_entry, subpages); ++ + return ret; + } + +@@ -420,10 +430,8 @@ long kvmppc_rm_h_put_tce(struct kvm_vcpu *vcpu, unsigned long liobn, + ret = kvmppc_rm_tce_iommu_map(vcpu->kvm, stt, + stit->tbl, entry, ua, dir); + +- iommu_tce_kill_rm(stit->tbl, entry, 1); +- + if (ret != H_SUCCESS) { +- kvmppc_rm_clear_tce(vcpu->kvm, stit->tbl, entry); ++ kvmppc_rm_clear_tce(vcpu->kvm, stt, stit->tbl, entry); + return ret; + } + } +@@ -561,7 +569,7 @@ long kvmppc_rm_h_put_tce_indirect(struct kvm_vcpu *vcpu, + ua = 0; + if (kvmppc_rm_tce_to_ua(vcpu->kvm, tce, &ua)) { + ret = H_PARAMETER; +- goto invalidate_exit; ++ goto unlock_exit; + } + + list_for_each_entry_lockless(stit, &stt->iommu_tables, next) { +@@ -570,19 +578,15 @@ long kvmppc_rm_h_put_tce_indirect(struct kvm_vcpu *vcpu, + iommu_tce_direction(tce)); + + if (ret != H_SUCCESS) { +- kvmppc_rm_clear_tce(vcpu->kvm, stit->tbl, +- entry); +- goto invalidate_exit; ++ kvmppc_rm_clear_tce(vcpu->kvm, stt, stit->tbl, ++ entry + i); ++ goto unlock_exit; + } + } + + kvmppc_rm_tce_put(stt, entry + i, tce); + } + +-invalidate_exit: +- list_for_each_entry_lockless(stit, &stt->iommu_tables, next) +- iommu_tce_kill_rm(stit->tbl, entry, npages); +- + unlock_exit: + if (!prereg) + arch_spin_unlock(&kvm->mmu_lock.rlock.raw_lock); +@@ -620,20 +624,16 @@ long kvmppc_rm_h_stuff_tce(struct kvm_vcpu *vcpu, + continue; + + if (ret == H_TOO_HARD) +- goto invalidate_exit; ++ return ret; + + WARN_ON_ONCE_RM(1); +- kvmppc_rm_clear_tce(vcpu->kvm, stit->tbl, entry); ++ kvmppc_rm_clear_tce(vcpu->kvm, stt, stit->tbl, entry + i); + } + } + + for (i = 0; i < npages; ++i, ioba += (1ULL << stt->page_shift)) + kvmppc_rm_tce_put(stt, ioba >> stt->page_shift, tce_value); + +-invalidate_exit: +- list_for_each_entry_lockless(stit, &stt->iommu_tables, next) +- iommu_tce_kill_rm(stit->tbl, ioba >> stt->page_shift, npages); +- + return ret; + } + +-- +2.35.1 + diff --git a/queue-5.17/perf-core-fix-perf_mmap-fail-when-config_perf_use_vm.patch b/queue-5.17/perf-core-fix-perf_mmap-fail-when-config_perf_use_vm.patch new file mode 100644 index 00000000000..5728cfbbf2e --- /dev/null +++ b/queue-5.17/perf-core-fix-perf_mmap-fail-when-config_perf_use_vm.patch @@ -0,0 +1,89 @@ +From 791b307a4f293eef03609b5d0075ab459110d8cd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Feb 2022 09:54:17 -0500 +Subject: perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled + +From: Zhipeng Xie + +[ Upstream commit 60490e7966659b26d74bf1fa4aa8693d9a94ca88 ] + +This problem can be reproduced with CONFIG_PERF_USE_VMALLOC enabled on +both x86_64 and aarch64 arch when using sysdig -B(using ebpf)[1]. +sysdig -B works fine after rebuilding the kernel with +CONFIG_PERF_USE_VMALLOC disabled. + +I tracked it down to the if condition event->rb->nr_pages != nr_pages +in perf_mmap is true when CONFIG_PERF_USE_VMALLOC is enabled where +event->rb->nr_pages = 1 and nr_pages = 2048 resulting perf_mmap to +return -EINVAL. This is because when CONFIG_PERF_USE_VMALLOC is +enabled, rb->nr_pages is always equal to 1. + +Arch with CONFIG_PERF_USE_VMALLOC enabled by default: + arc/arm/csky/mips/sh/sparc/xtensa + +Arch with CONFIG_PERF_USE_VMALLOC disabled by default: + x86_64/aarch64/... + +Fix this problem by using data_page_nr() + +[1] https://github.com/draios/sysdig + +Fixes: 906010b2134e ("perf_event: Provide vmalloc() based mmap() backing") +Signed-off-by: Zhipeng Xie +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/20220209145417.6495-1-xiezhipeng1@huawei.com +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 2 +- + kernel/events/internal.h | 5 +++++ + kernel/events/ring_buffer.c | 5 ----- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 0ee9ffceb976..baa0fe350246 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -6352,7 +6352,7 @@ static int perf_mmap(struct file *file, struct vm_area_struct *vma) + again: + mutex_lock(&event->mmap_mutex); + if (event->rb) { +- if (event->rb->nr_pages != nr_pages) { ++ if (data_page_nr(event->rb) != nr_pages) { + ret = -EINVAL; + goto unlock; + } +diff --git a/kernel/events/internal.h b/kernel/events/internal.h +index 082832738c8f..5150d5f84c03 100644 +--- a/kernel/events/internal.h ++++ b/kernel/events/internal.h +@@ -116,6 +116,11 @@ static inline int page_order(struct perf_buffer *rb) + } + #endif + ++static inline int data_page_nr(struct perf_buffer *rb) ++{ ++ return rb->nr_pages << page_order(rb); ++} ++ + static inline unsigned long perf_data_size(struct perf_buffer *rb) + { + return rb->nr_pages << (PAGE_SHIFT + page_order(rb)); +diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c +index 52868716ec35..fb35b926024c 100644 +--- a/kernel/events/ring_buffer.c ++++ b/kernel/events/ring_buffer.c +@@ -859,11 +859,6 @@ void rb_free(struct perf_buffer *rb) + } + + #else +-static int data_page_nr(struct perf_buffer *rb) +-{ +- return rb->nr_pages << page_order(rb); +-} +- + static struct page * + __perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff) + { +-- +2.35.1 + diff --git a/queue-5.17/perf-report-set-perf_sample_data_src-bit-for-arm-spe.patch b/queue-5.17/perf-report-set-perf_sample_data_src-bit-for-arm-spe.patch new file mode 100644 index 00000000000..3a647939243 --- /dev/null +++ b/queue-5.17/perf-report-set-perf_sample_data_src-bit-for-arm-spe.patch @@ -0,0 +1,78 @@ +From 57b3871a2978285a5bdff5653144162b53502b01 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Apr 2022 20:32:01 +0800 +Subject: perf report: Set PERF_SAMPLE_DATA_SRC bit for Arm SPE event + +From: Leo Yan + +[ Upstream commit ccb17caecfbd542f49a2a79ae088136ba8bfb794 ] + +Since commit bb30acae4c4dacfa ("perf report: Bail out --mem-mode if mem +info is not available") "perf mem report" and "perf report --mem-mode" +don't report result if the PERF_SAMPLE_DATA_SRC bit is missed in sample +type. + +The commit ffab487052054162 ("perf: arm-spe: Fix perf report +--mem-mode") partially fixes the issue. It adds PERF_SAMPLE_DATA_SRC +bit for Arm SPE event, this allows the perf data file generated by +kernel v5.18-rc1 or later version can be reported properly. + +On the other hand, perf tool still fails to be backward compatibility +for a data file recorded by an older version's perf which contains Arm +SPE trace data. This patch is a workaround in reporting phase, when +detects ARM SPE PMU event and without PERF_SAMPLE_DATA_SRC bit, it will +force to set the bit in the sample type and give a warning info. + +Fixes: bb30acae4c4dacfa ("perf report: Bail out --mem-mode if mem info is not available") +Reviewed-by: James Clark +Signed-off-by: Leo Yan +Tested-by: German Gomez +Cc: Alexander Shishkin +Cc: Ingo Molnar +Cc: Jiri Olsa +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Ravi Bangoria +Link: https://lore.kernel.org/r/20220414123201.842754-1-leo.yan@linaro.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/builtin-report.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c +index 1dd92d8c9279..a6bb35b0af9f 100644 +--- a/tools/perf/builtin-report.c ++++ b/tools/perf/builtin-report.c +@@ -349,6 +349,7 @@ static int report__setup_sample_type(struct report *rep) + struct perf_session *session = rep->session; + u64 sample_type = evlist__combined_sample_type(session->evlist); + bool is_pipe = perf_data__is_pipe(session->data); ++ struct evsel *evsel; + + if (session->itrace_synth_opts->callchain || + session->itrace_synth_opts->add_callchain || +@@ -403,6 +404,19 @@ static int report__setup_sample_type(struct report *rep) + } + + if (sort__mode == SORT_MODE__MEMORY) { ++ /* ++ * FIXUP: prior to kernel 5.18, Arm SPE missed to set ++ * PERF_SAMPLE_DATA_SRC bit in sample type. For backward ++ * compatibility, set the bit if it's an old perf data file. ++ */ ++ evlist__for_each_entry(session->evlist, evsel) { ++ if (strstr(evsel->name, "arm_spe") && ++ !(sample_type & PERF_SAMPLE_DATA_SRC)) { ++ evsel->core.attr.sample_type |= PERF_SAMPLE_DATA_SRC; ++ sample_type |= PERF_SAMPLE_DATA_SRC; ++ } ++ } ++ + if (!is_pipe && !(sample_type & PERF_SAMPLE_DATA_SRC)) { + ui__error("Selected --mem-mode but no mem data. " + "Did you call perf record without -d?\n"); +-- +2.35.1 + diff --git a/queue-5.17/perf-script-always-allow-field-data_src-for-auxtrace.patch b/queue-5.17/perf-script-always-allow-field-data_src-for-auxtrace.patch new file mode 100644 index 00000000000..fbc040b0733 --- /dev/null +++ b/queue-5.17/perf-script-always-allow-field-data_src-for-auxtrace.patch @@ -0,0 +1,54 @@ +From 91274903ccaf7318c19baedaf1d97ad014fa600f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 17 Apr 2022 19:48:37 +0800 +Subject: perf script: Always allow field 'data_src' for auxtrace + +From: Leo Yan + +[ Upstream commit c6d8df01064333dcf140eda996abdb60a60e24b3 ] + +If use command 'perf script -F,+data_src' to dump memory samples with +Arm SPE trace data, it reports error: + + # perf script -F,+data_src + Samples for 'dummy:u' event do not have DATA_SRC attribute set. Cannot print 'data_src' field. + +This is because the 'dummy:u' event is absent DATA_SRC bit in its sample +type, so if a file contains AUX area tracing data then always allow +field 'data_src' to be selected as an option for perf script. + +Fixes: e55ed3423c1bb29f ("perf arm-spe: Synthesize memory event") +Signed-off-by: Leo Yan +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: German Gomez +Cc: Ingo Molnar +Cc: James Clark +Cc: Jiri Olsa +Cc: Leo Yan +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Link: https://lore.kernel.org/r/20220417114837.839896-1-leo.yan@linaro.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/builtin-script.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/builtin-script.c b/tools/perf/builtin-script.c +index fa478ddcd18a..537a552fe6b3 100644 +--- a/tools/perf/builtin-script.c ++++ b/tools/perf/builtin-script.c +@@ -459,7 +459,7 @@ static int evsel__check_attr(struct evsel *evsel, struct perf_session *session) + return -EINVAL; + + if (PRINT_FIELD(DATA_SRC) && +- evsel__check_stype(evsel, PERF_SAMPLE_DATA_SRC, "DATA_SRC", PERF_OUTPUT_DATA_SRC)) ++ evsel__do_check_stype(evsel, PERF_SAMPLE_DATA_SRC, "DATA_SRC", PERF_OUTPUT_DATA_SRC, allow_user_set)) + return -EINVAL; + + if (PRINT_FIELD(WEIGHT) && +-- +2.35.1 + diff --git a/queue-5.17/powerpc-perf-fix-power10-event-alternatives.patch b/queue-5.17/powerpc-perf-fix-power10-event-alternatives.patch new file mode 100644 index 00000000000..db0f5c6a531 --- /dev/null +++ b/queue-5.17/powerpc-perf-fix-power10-event-alternatives.patch @@ -0,0 +1,98 @@ +From 38b9faebffa886079c4f2a624dc47e8a58d54d94 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Apr 2022 17:18:28 +0530 +Subject: powerpc/perf: Fix power10 event alternatives + +From: Athira Rajeev + +[ Upstream commit c6cc9a852f123301d5271f1484df8e961b2b64f1 ] + +When scheduling a group of events, there are constraint checks done to +make sure all events can go in a group. Example, one of the criteria is +that events in a group cannot use the same PMC. But platform specific +PMU supports alternative event for some of the event codes. During +perf_event_open(), if any event group doesn't match constraint check +criteria, further lookup is done to find alternative event. + +By current design, the array of alternatives events in PMU code is +expected to be sorted by column 0. This is because in +find_alternative() the return criteria is based on event code +comparison. ie. "event < ev_alt[i][0])". This optimisation is there +since find_alternative() can be called multiple times. In power10 PMU +code, the alternative event array is not sorted properly and hence there +is breakage in finding alternative event. + +To work with existing logic, fix the alternative event array to be +sorted by column 0 for power10-pmu.c + +Results: + +In case where an alternative event is not chosen when we could, events +will be multiplexed. ie, time sliced where it could actually run +concurrently. + +Example, in power10 PM_INST_CMPL_ALT(0x00002) has alternative event, +PM_INST_CMPL(0x500fa). Without the fix, if a group of events with PMC1 +to PMC4 is used along with PM_INST_CMPL_ALT, it will be time sliced +since all programmable PMC's are consumed already. But with the fix, +when it picks alternative event on PMC5, all events will run +concurrently. + +Before: + + # perf stat -e r00002,r100fc,r200fa,r300fc,r400fc + + Performance counter stats for 'system wide': + + 328668935 r00002 (79.94%) + 56501024 r100fc (79.95%) + 49564238 r200fa (79.95%) + 376 r300fc (80.19%) + 660 r400fc (79.97%) + + 4.039150522 seconds time elapsed + +With the fix, since alternative event is chosen to run on PMC6, events +will be run concurrently. + +After: + + # perf stat -e r00002,r100fc,r200fa,r300fc,r400fc + + Performance counter stats for 'system wide': + + 23596607 r00002 + 4907738 r100fc + 2283608 r200fa + 135 r300fc + 248 r400fc + + 1.664671390 seconds time elapsed + +Fixes: a64e697cef23 ("powerpc/perf: power10 Performance Monitoring support") +Signed-off-by: Athira Rajeev +Reviewed-by: Madhavan Srinivasan +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220419114828.89843-2-atrajeev@linux.vnet.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/perf/power10-pmu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/perf/power10-pmu.c b/arch/powerpc/perf/power10-pmu.c +index 0975ad0b42c4..69b4565d1a8f 100644 +--- a/arch/powerpc/perf/power10-pmu.c ++++ b/arch/powerpc/perf/power10-pmu.c +@@ -91,8 +91,8 @@ extern u64 PERF_REG_EXTENDED_MASK; + + /* Table of alternatives, sorted by column 0 */ + static const unsigned int power10_event_alternatives[][MAX_ALT] = { +- { PM_CYC_ALT, PM_CYC }, + { PM_INST_CMPL_ALT, PM_INST_CMPL }, ++ { PM_CYC_ALT, PM_CYC }, + }; + + static int power10_get_alternatives(u64 event, unsigned int flags, u64 alt[]) +-- +2.35.1 + diff --git a/queue-5.17/powerpc-perf-fix-power9-event-alternatives.patch b/queue-5.17/powerpc-perf-fix-power9-event-alternatives.patch new file mode 100644 index 00000000000..77cdb5e8a75 --- /dev/null +++ b/queue-5.17/powerpc-perf-fix-power9-event-alternatives.patch @@ -0,0 +1,90 @@ +From f7acef6d56e3703523e2def5d8e5c39d80b8b2c2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Apr 2022 17:18:27 +0530 +Subject: powerpc/perf: Fix power9 event alternatives + +From: Athira Rajeev + +[ Upstream commit 0dcad700bb2776e3886fe0a645a4bf13b1e747cd ] + +When scheduling a group of events, there are constraint checks done to +make sure all events can go in a group. Example, one of the criteria is +that events in a group cannot use the same PMC. But platform specific +PMU supports alternative event for some of the event codes. During +perf_event_open(), if any event group doesn't match constraint check +criteria, further lookup is done to find alternative event. + +By current design, the array of alternatives events in PMU code is +expected to be sorted by column 0. This is because in +find_alternative() the return criteria is based on event code +comparison. ie. "event < ev_alt[i][0])". This optimisation is there +since find_alternative() can be called multiple times. In power9 PMU +code, the alternative event array is not sorted properly and hence there +is breakage in finding alternative events. + +To work with existing logic, fix the alternative event array to be +sorted by column 0 for power9-pmu.c + +Results: + +With alternative events, multiplexing can be avoided. That is, for +example, in power9 PM_LD_MISS_L1 (0x3e054) has alternative event, +PM_LD_MISS_L1_ALT (0x400f0). This is an identical event which can be +programmed in a different PMC. + +Before: + + # perf stat -e r3e054,r300fc + + Performance counter stats for 'system wide': + + 1057860 r3e054 (50.21%) + 379 r300fc (49.79%) + + 0.944329741 seconds time elapsed + +Since both the events are using PMC3 in this case, they are +multiplexed here. + +After: + + # perf stat -e r3e054,r300fc + + Performance counter stats for 'system wide': + + 1006948 r3e054 + 182 r300fc + +Fixes: 91e0bd1e6251 ("powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list") +Signed-off-by: Athira Rajeev +Reviewed-by: Madhavan Srinivasan +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220419114828.89843-1-atrajeev@linux.vnet.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/perf/power9-pmu.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/powerpc/perf/power9-pmu.c b/arch/powerpc/perf/power9-pmu.c +index 4b7c17e36100..37b2860db483 100644 +--- a/arch/powerpc/perf/power9-pmu.c ++++ b/arch/powerpc/perf/power9-pmu.c +@@ -133,11 +133,11 @@ int p9_dd22_bl_ev[] = { + + /* Table of alternatives, sorted by column 0 */ + static const unsigned int power9_event_alternatives[][MAX_ALT] = { +- { PM_INST_DISP, PM_INST_DISP_ALT }, +- { PM_RUN_CYC_ALT, PM_RUN_CYC }, +- { PM_RUN_INST_CMPL_ALT, PM_RUN_INST_CMPL }, +- { PM_LD_MISS_L1, PM_LD_MISS_L1_ALT }, + { PM_BR_2PATH, PM_BR_2PATH_ALT }, ++ { PM_INST_DISP, PM_INST_DISP_ALT }, ++ { PM_RUN_CYC_ALT, PM_RUN_CYC }, ++ { PM_LD_MISS_L1, PM_LD_MISS_L1_ALT }, ++ { PM_RUN_INST_CMPL_ALT, PM_RUN_INST_CMPL }, + }; + + static int power9_get_alternatives(u64 event, unsigned int flags, u64 alt[]) +-- +2.35.1 + diff --git a/queue-5.17/powerpc-time-always-set-decrementer-in-timer_interru.patch b/queue-5.17/powerpc-time-always-set-decrementer-in-timer_interru.patch new file mode 100644 index 00000000000..29bb4761ff5 --- /dev/null +++ b/queue-5.17/powerpc-time-always-set-decrementer-in-timer_interru.patch @@ -0,0 +1,107 @@ +From 01f5a2039b69b0973971df61cde76d46c313ec02 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 21 Apr 2022 00:16:57 +1000 +Subject: powerpc/time: Always set decrementer in timer_interrupt() + +From: Michael Ellerman + +[ Upstream commit d2b9be1f4af5cabed1ee5bb341f887f64b1c1669 ] + +This is a partial revert of commit 0faf20a1ad16 ("powerpc/64s/interrupt: +Don't enable MSR[EE] in irq handlers unless perf is in use"). + +Prior to that commit, we always set the decrementer in +timer_interrupt(), to clear the timer interrupt. Otherwise we could end +up continuously taking timer interrupts. + +When high res timers are enabled there is no problem seen with leaving +the decrementer untouched in timer_interrupt(), because it will be +programmed via hrtimer_interrupt() -> tick_program_event() -> +clockevents_program_event() -> decrementer_set_next_event(). + +However with CONFIG_HIGH_RES_TIMERS=n or booting with highres=off, we +see a stall/lockup, because tick_nohz_handler() does not cause a +reprogram of the decrementer, leading to endless timer interrupts. +Example trace: + + [ 1.898617][ T7] Freeing initrd memory: 2624K^M + [ 22.680919][ C1] rcu: INFO: rcu_sched detected stalls on CPUs/tasks:^M + [ 22.682281][ C1] rcu: 0-....: (25 ticks this GP) idle=073/0/0x1 softirq=10/16 fqs=1050 ^M + [ 22.682851][ C1] (detected by 1, t=2102 jiffies, g=-1179, q=476)^M + [ 22.683649][ C1] Sending NMI from CPU 1 to CPUs 0:^M + [ 22.685252][ C0] NMI backtrace for cpu 0^M + [ 22.685649][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc2-00185-g0faf20a1ad16 #145^M + [ 22.686393][ C0] NIP: c000000000016d64 LR: c000000000f6cca4 CTR: c00000000019c6e0^M + [ 22.686774][ C0] REGS: c000000002833590 TRAP: 0500 Not tainted (5.16.0-rc2-00185-g0faf20a1ad16)^M + [ 22.687222][ C0] MSR: 8000000000009033 CR: 24000222 XER: 00000000^M + [ 22.688297][ C0] CFAR: c00000000000c854 IRQMASK: 0 ^M + ... + [ 22.692637][ C0] NIP [c000000000016d64] arch_local_irq_restore+0x174/0x250^M + [ 22.694443][ C0] LR [c000000000f6cca4] __do_softirq+0xe4/0x3dc^M + [ 22.695762][ C0] Call Trace:^M + [ 22.696050][ C0] [c000000002833830] [c000000000f6cc80] __do_softirq+0xc0/0x3dc (unreliable)^M + [ 22.697377][ C0] [c000000002833920] [c000000000151508] __irq_exit_rcu+0xd8/0x130^M + [ 22.698739][ C0] [c000000002833950] [c000000000151730] irq_exit+0x20/0x40^M + [ 22.699938][ C0] [c000000002833970] [c000000000027f40] timer_interrupt+0x270/0x460^M + [ 22.701119][ C0] [c0000000028339d0] [c0000000000099a8] decrementer_common_virt+0x208/0x210^M + +Possibly this should be fixed in the lowres timing code, but that would +be a generic change and could take some time and may not backport +easily, so for now make the programming of the decrementer unconditional +again in timer_interrupt() to avoid the stall/lockup. + +Fixes: 0faf20a1ad16 ("powerpc/64s/interrupt: Don't enable MSR[EE] in irq handlers unless perf is in use") +Reported-by: Miguel Ojeda +Signed-off-by: Michael Ellerman +Reviewed-by: Nicholas Piggin +Link: https://lore.kernel.org/r/20220420141657.771442-1-mpe@ellerman.id.au +Signed-off-by: Sasha Levin +--- + arch/powerpc/kernel/time.c | 29 ++++++++++++++--------------- + 1 file changed, 14 insertions(+), 15 deletions(-) + +diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c +index 384f58a3f373..5f8933aec75c 100644 +--- a/arch/powerpc/kernel/time.c ++++ b/arch/powerpc/kernel/time.c +@@ -610,23 +610,22 @@ DEFINE_INTERRUPT_HANDLER_ASYNC(timer_interrupt) + return; + } + +- /* Conditionally hard-enable interrupts. */ +- if (should_hard_irq_enable()) { +- /* +- * Ensure a positive value is written to the decrementer, or +- * else some CPUs will continue to take decrementer exceptions. +- * When the PPC_WATCHDOG (decrementer based) is configured, +- * keep this at most 31 bits, which is about 4 seconds on most +- * systems, which gives the watchdog a chance of catching timer +- * interrupt hard lockups. +- */ +- if (IS_ENABLED(CONFIG_PPC_WATCHDOG)) +- set_dec(0x7fffffff); +- else +- set_dec(decrementer_max); ++ /* ++ * Ensure a positive value is written to the decrementer, or ++ * else some CPUs will continue to take decrementer exceptions. ++ * When the PPC_WATCHDOG (decrementer based) is configured, ++ * keep this at most 31 bits, which is about 4 seconds on most ++ * systems, which gives the watchdog a chance of catching timer ++ * interrupt hard lockups. ++ */ ++ if (IS_ENABLED(CONFIG_PPC_WATCHDOG)) ++ set_dec(0x7fffffff); ++ else ++ set_dec(decrementer_max); + ++ /* Conditionally hard-enable interrupts. */ ++ if (should_hard_irq_enable()) + do_hard_irq_enable(); +- } + + #if defined(CONFIG_PPC32) && defined(CONFIG_PPC_PMAC) + if (atomic_read(&ppc_n_lost_interrupts) != 0) +-- +2.35.1 + diff --git a/queue-5.17/sched-pelt-fix-attach_entity_load_avg-corner-case.patch b/queue-5.17/sched-pelt-fix-attach_entity_load_avg-corner-case.patch new file mode 100644 index 00000000000..75cd871cc2f --- /dev/null +++ b/queue-5.17/sched-pelt-fix-attach_entity_load_avg-corner-case.patch @@ -0,0 +1,71 @@ +From b5042dbb2910ff057014a1953ebb6608df292453 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Apr 2022 17:02:20 +0800 +Subject: sched/pelt: Fix attach_entity_load_avg() corner case + +From: kuyo chang + +[ Upstream commit 40f5aa4c5eaebfeaca4566217cb9c468e28ed682 ] + +The warning in cfs_rq_is_decayed() triggered: + + SCHED_WARN_ON(cfs_rq->avg.load_avg || + cfs_rq->avg.util_avg || + cfs_rq->avg.runnable_avg) + +There exists a corner case in attach_entity_load_avg() which will +cause load_sum to be zero while load_avg will not be. + +Consider se_weight is 88761 as per the sched_prio_to_weight[] table. +Further assume the get_pelt_divider() is 47742, this gives: +se->avg.load_avg is 1. + +However, calculating load_sum: + + se->avg.load_sum = div_u64(se->avg.load_avg * se->avg.load_sum, se_weight(se)); + se->avg.load_sum = 1*47742/88761 = 0. + +Then enqueue_load_avg() adds this to the cfs_rq totals: + + cfs_rq->avg.load_avg += se->avg.load_avg; + cfs_rq->avg.load_sum += se_weight(se) * se->avg.load_sum; + +Resulting in load_avg being 1 with load_sum is 0, which will trigger +the WARN. + +Fixes: f207934fb79d ("sched/fair: Align PELT windows between cfs_rq and its se") +Signed-off-by: kuyo chang +[peterz: massage changelog] +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Vincent Guittot +Tested-by: Dietmar Eggemann +Link: https://lkml.kernel.org/r/20220414090229.342-1-kuyo.chang@mediatek.com +Signed-off-by: Sasha Levin +--- + kernel/sched/fair.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index cddcf2f4f525..2f461f059278 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -3776,11 +3776,11 @@ static void attach_entity_load_avg(struct cfs_rq *cfs_rq, struct sched_entity *s + + se->avg.runnable_sum = se->avg.runnable_avg * divider; + +- se->avg.load_sum = divider; +- if (se_weight(se)) { +- se->avg.load_sum = +- div_u64(se->avg.load_avg * se->avg.load_sum, se_weight(se)); +- } ++ se->avg.load_sum = se->avg.load_avg * divider; ++ if (se_weight(se) < se->avg.load_sum) ++ se->avg.load_sum = div_u64(se->avg.load_sum, se_weight(se)); ++ else ++ se->avg.load_sum = 1; + + enqueue_load_avg(cfs_rq, se); + cfs_rq->avg.util_avg += se->avg.util_avg; +-- +2.35.1 + diff --git a/queue-5.17/scsi-sr-do-not-leak-information-in-ioctl.patch b/queue-5.17/scsi-sr-do-not-leak-information-in-ioctl.patch new file mode 100644 index 00000000000..bf35944186e --- /dev/null +++ b/queue-5.17/scsi-sr-do-not-leak-information-in-ioctl.patch @@ -0,0 +1,120 @@ +From 31fb43134a12e83bbe2d00944d436e6db5bc7ac5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Apr 2022 13:47:56 -0400 +Subject: scsi: sr: Do not leak information in ioctl + +From: Tom Rix + +[ Upstream commit faad6cebded8e0fd902b672f220449b93db479eb ] + +sr_ioctl.c uses this pattern: + + result = sr_do_ioctl(cd, &cgc); + to-user = buffer[]; + kfree(buffer); + return result; + +Use of a buffer without checking leaks information. Check result and jump +over the use of buffer if there is an error. + + result = sr_do_ioctl(cd, &cgc); + if (result) + goto err; + to-user = buffer[]; +err: + kfree(buffer); + return result; + +Additionally, initialize the buffer to zero. + +This problem can be seen in the 2.4.0 kernel. + +Link: https://lore.kernel.org/r/20220411174756.2418435-1-trix@redhat.com +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reviewed-by: Christoph Hellwig +Signed-off-by: Tom Rix +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/sr_ioctl.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/drivers/scsi/sr_ioctl.c b/drivers/scsi/sr_ioctl.c +index ddd00efc4882..fbdb5124d7f7 100644 +--- a/drivers/scsi/sr_ioctl.c ++++ b/drivers/scsi/sr_ioctl.c +@@ -41,7 +41,7 @@ static int sr_read_tochdr(struct cdrom_device_info *cdi, + int result; + unsigned char *buffer; + +- buffer = kmalloc(32, GFP_KERNEL); ++ buffer = kzalloc(32, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + +@@ -55,10 +55,13 @@ static int sr_read_tochdr(struct cdrom_device_info *cdi, + cgc.data_direction = DMA_FROM_DEVICE; + + result = sr_do_ioctl(cd, &cgc); ++ if (result) ++ goto err; + + tochdr->cdth_trk0 = buffer[2]; + tochdr->cdth_trk1 = buffer[3]; + ++err: + kfree(buffer); + return result; + } +@@ -71,7 +74,7 @@ static int sr_read_tocentry(struct cdrom_device_info *cdi, + int result; + unsigned char *buffer; + +- buffer = kmalloc(32, GFP_KERNEL); ++ buffer = kzalloc(32, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + +@@ -86,6 +89,8 @@ static int sr_read_tocentry(struct cdrom_device_info *cdi, + cgc.data_direction = DMA_FROM_DEVICE; + + result = sr_do_ioctl(cd, &cgc); ++ if (result) ++ goto err; + + tocentry->cdte_ctrl = buffer[5] & 0xf; + tocentry->cdte_adr = buffer[5] >> 4; +@@ -98,6 +103,7 @@ static int sr_read_tocentry(struct cdrom_device_info *cdi, + tocentry->cdte_addr.lba = (((((buffer[8] << 8) + buffer[9]) << 8) + + buffer[10]) << 8) + buffer[11]; + ++err: + kfree(buffer); + return result; + } +@@ -384,7 +390,7 @@ int sr_get_mcn(struct cdrom_device_info *cdi, struct cdrom_mcn *mcn) + { + Scsi_CD *cd = cdi->handle; + struct packet_command cgc; +- char *buffer = kmalloc(32, GFP_KERNEL); ++ char *buffer = kzalloc(32, GFP_KERNEL); + int result; + + if (!buffer) +@@ -400,10 +406,13 @@ int sr_get_mcn(struct cdrom_device_info *cdi, struct cdrom_mcn *mcn) + cgc.data_direction = DMA_FROM_DEVICE; + cgc.timeout = IOCTL_TIMEOUT; + result = sr_do_ioctl(cd, &cgc); ++ if (result) ++ goto err; + + memcpy(mcn->medium_catalog_number, buffer + 9, 13); + mcn->medium_catalog_number[13] = 0; + ++err: + kfree(buffer); + return result; + } +-- +2.35.1 + diff --git a/queue-5.17/series b/queue-5.17/series index d4795211245..67338fc55cb 100644 --- a/queue-5.17/series +++ b/queue-5.17/series @@ -85,3 +85,19 @@ nvme-add-a-quirk-to-disable-namespace-identifiers.patch nvme-pci-disable-namespace-identifiers-for-the-maxio.patch nvme-pci-disable-namespace-identifiers-for-qemu-cont.patch irq_work-use-kasan_record_aux_stack_noalloc-record-c.patch +drm-radeon-fix-logic-inversion-in-radeon_sync_resv.patch +io_uring-free-iovec-if-file-assignment-fails.patch +input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch +scsi-sr-do-not-leak-information-in-ioctl.patch +sched-pelt-fix-attach_entity_load_avg-corner-case.patch +perf-core-fix-perf_mmap-fail-when-config_perf_use_vm.patch +drm-panel-raspberrypi-touchscreen-avoid-null-deref-i.patch +drm-panel-raspberrypi-touchscreen-initialise-the-bri.patch +powerpc-time-always-set-decrementer-in-timer_interru.patch +kvm-ppc-fix-tce-handling-for-vfio.patch +drm-vc4-use-pm_runtime_resume_and_get-to-fix-pm_runt.patch +powerpc-perf-fix-power9-event-alternatives.patch +powerpc-perf-fix-power10-event-alternatives.patch +arm-xen-fix-some-refcount-leaks.patch +perf-script-always-allow-field-data_src-for-auxtrace.patch +perf-report-set-perf_sample_data_src-bit-for-arm-spe.patch