From: Greg Kroah-Hartman Date: Mon, 16 Apr 2018 10:29:48 +0000 (+0200) Subject: 4.16-stable patches X-Git-Tag: v4.16.3~32 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0d62af3ff60d84c2a55baca73e99ea2a23c6fffe;p=thirdparty%2Fkernel%2Fstable-queue.git 4.16-stable patches added patches: drivers-hv-vmbus-do-not-mark-hv_pcie-as-perf_device.patch ipmi-fix-some-error-cleanup-issues.patch iwlwifi-add-a-bunch-of-new-9000-pci-ids.patch kvm-ppc-book3s-hv-trace_tlbie-must-not-be-called-in-realmode.patch parisc-fix-hpmc-handler-by-increasing-size-to-multiple-of-16-bytes.patch parisc-fix-out-of-array-access-in-match_pci_device.patch pci-hv-fix-2-hang-issues-in-hv_compose_msi_msg.patch pci-hv-serialize-the-present-and-eject-work-items.patch perf-core-fix-use-after-free-in-uprobe_perf_close.patch perf-intel-pt-fix-error-recovery-from-missing-tip-packet.patch perf-intel-pt-fix-overlap-detection-to-identify-consecutive-buffers-correctly.patch perf-intel-pt-fix-sync_switch.patch perf-intel-pt-fix-timestamp-following-overflow.patch radeon-hide-pointless-warning-when-compile-testing.patch x86-apic-fix-restoring-boot-irq-mode-in-reboot-and-kexec-kdump.patch x86-mce-amd-edac-mce_amd-enumerate-reserved-smca-bank-type.patch x86-mce-amd-get-address-from-already-initialized-block.patch x86-mce-amd-pass-the-bank-number-to-smca_get_bank_type.patch --- diff --git a/queue-4.16/drivers-hv-vmbus-do-not-mark-hv_pcie-as-perf_device.patch b/queue-4.16/drivers-hv-vmbus-do-not-mark-hv_pcie-as-perf_device.patch new file mode 100644 index 00000000000..16aef98df4f --- /dev/null +++ b/queue-4.16/drivers-hv-vmbus-do-not-mark-hv_pcie-as-perf_device.patch @@ -0,0 +1,35 @@ +From 238064f13d057390a8c5e1a6a80f4f0a0ec46499 Mon Sep 17 00:00:00 2001 +From: Dexuan Cui +Date: Tue, 27 Mar 2018 15:01:02 -0700 +Subject: Drivers: hv: vmbus: do not mark HV_PCIE as perf_device + +From: Dexuan Cui + +commit 238064f13d057390a8c5e1a6a80f4f0a0ec46499 upstream. + +The pci-hyperv driver's channel callback hv_pci_onchannelcallback() is not +really a hot path, so we don't need to mark it as a perf_device, meaning +with this patch all HV_PCIE channels' target_cpu will be CPU0. + +Signed-off-by: Dexuan Cui +Cc: stable@vger.kernel.org +Cc: Stephen Hemminger +Signed-off-by: K. Y. Srinivasan +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/hv/channel_mgmt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/hv/channel_mgmt.c ++++ b/drivers/hv/channel_mgmt.c +@@ -71,7 +71,7 @@ static const struct vmbus_device vmbus_d + /* PCIE */ + { .dev_type = HV_PCIE, + HV_PCIE_GUID, +- .perf_device = true, ++ .perf_device = false, + }, + + /* Synthetic Frame Buffer */ diff --git a/queue-4.16/ipmi-fix-some-error-cleanup-issues.patch b/queue-4.16/ipmi-fix-some-error-cleanup-issues.patch new file mode 100644 index 00000000000..9b34facc6ce --- /dev/null +++ b/queue-4.16/ipmi-fix-some-error-cleanup-issues.patch @@ -0,0 +1,88 @@ +From cc095f0ac1f7c200e51a5c2a78a43c9f42049dbb Mon Sep 17 00:00:00 2001 +From: Corey Minyard +Date: Wed, 28 Feb 2018 08:09:49 -0600 +Subject: ipmi: Fix some error cleanup issues + +From: Corey Minyard + +commit cc095f0ac1f7c200e51a5c2a78a43c9f42049dbb upstream. + +device_remove_group() was called on any cleanup, even if the +device attrs had not been added yet. That can occur in certain +error scenarios, so add a flag to know if it has been added. + +Also make sure we remove the dev if we added it ourselves. + +Signed-off-by: Corey Minyard +Cc: stable@vger.kernel.org # 4.15 +Cc: Laura Abbott +Tested-by: Bill Perkins +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/ipmi/ipmi_si_intf.c | 18 ++++++++++++++---- + 1 file changed, 14 insertions(+), 4 deletions(-) + +--- a/drivers/char/ipmi/ipmi_si_intf.c ++++ b/drivers/char/ipmi/ipmi_si_intf.c +@@ -252,6 +252,9 @@ struct smi_info { + /* Default driver model device. */ + struct platform_device *pdev; + ++ /* Have we added the device group to the device? */ ++ bool dev_group_added; ++ + /* Counters and things for the proc filesystem. */ + atomic_t stats[SI_NUM_STATS]; + +@@ -2027,8 +2030,8 @@ int ipmi_si_add_smi(struct si_sm_io *io) + if (initialized) { + rv = try_smi_init(new_smi); + if (rv) { +- mutex_unlock(&smi_infos_lock); + cleanup_one_si(new_smi); ++ mutex_unlock(&smi_infos_lock); + return rv; + } + } +@@ -2187,6 +2190,7 @@ static int try_smi_init(struct smi_info + rv); + goto out_err_stop_timer; + } ++ new_smi->dev_group_added = true; + + rv = ipmi_register_smi(&handlers, + new_smi, +@@ -2240,7 +2244,10 @@ static int try_smi_init(struct smi_info + return 0; + + out_err_remove_attrs: +- device_remove_group(new_smi->io.dev, &ipmi_si_dev_attr_group); ++ if (new_smi->dev_group_added) { ++ device_remove_group(new_smi->io.dev, &ipmi_si_dev_attr_group); ++ new_smi->dev_group_added = false; ++ } + dev_set_drvdata(new_smi->io.dev, NULL); + + out_err_stop_timer: +@@ -2288,6 +2295,7 @@ out_err: + else + platform_device_put(new_smi->pdev); + new_smi->pdev = NULL; ++ new_smi->io.dev = NULL; + } + + kfree(init_name); +@@ -2384,8 +2392,10 @@ static void cleanup_one_si(struct smi_in + } + } + +- device_remove_group(to_clean->io.dev, &ipmi_si_dev_attr_group); +- dev_set_drvdata(to_clean->io.dev, NULL); ++ if (to_clean->dev_group_added) ++ device_remove_group(to_clean->io.dev, &ipmi_si_dev_attr_group); ++ if (to_clean->io.dev) ++ dev_set_drvdata(to_clean->io.dev, NULL); + + list_del(&to_clean->link); + diff --git a/queue-4.16/iwlwifi-add-a-bunch-of-new-9000-pci-ids.patch b/queue-4.16/iwlwifi-add-a-bunch-of-new-9000-pci-ids.patch new file mode 100644 index 00000000000..7a752d973c6 --- /dev/null +++ b/queue-4.16/iwlwifi-add-a-bunch-of-new-9000-pci-ids.patch @@ -0,0 +1,266 @@ +From 9e5053ad9d590e095829a8bb07adbbdbd893f0f9 Mon Sep 17 00:00:00 2001 +From: Luca Coelho +Date: Wed, 28 Mar 2018 11:15:09 +0300 +Subject: iwlwifi: add a bunch of new 9000 PCI IDs + +From: Luca Coelho + +commit 9e5053ad9d590e095829a8bb07adbbdbd893f0f9 upstream. + +A lot of new PCI IDs were added for the 9000 series. Add them to the +list of supported PCI IDs. + +Cc: stable@vger.kernel.org # 4.13+ +Signed-off-by: Luca Coelho +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 157 +++++++++++++++++++++++++- + 1 file changed, 155 insertions(+), 2 deletions(-) + +--- a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c ++++ b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c +@@ -8,6 +8,7 @@ + * Copyright(c) 2007 - 2014 Intel Corporation. All rights reserved. + * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH + * Copyright(c) 2016-2017 Intel Deutschland GmbH ++ * Copyright(c) 2018 Intel Corporation + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as +@@ -36,6 +37,7 @@ + * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH + * All rights reserved. + * Copyright(c) 2017 Intel Deutschland GmbH ++ * Copyright(c) 2018 Intel Corporation + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -517,9 +519,9 @@ static const struct pci_device_id iwl_hw + {IWL_PCI_DEVICE(0x24FD, 0x9074, iwl8265_2ac_cfg)}, + + /* 9000 Series */ +- {IWL_PCI_DEVICE(0x2526, 0x0000, iwl9260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x2526, 0x0010, iwl9260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x2526, 0x0014, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x2526, 0x0018, iwl9260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x2526, 0x0030, iwl9560_2ac_cfg)}, + {IWL_PCI_DEVICE(0x2526, 0x0034, iwl9560_2ac_cfg)}, + {IWL_PCI_DEVICE(0x2526, 0x0038, iwl9560_2ac_cfg)}, +@@ -544,11 +546,15 @@ static const struct pci_device_id iwl_hw + {IWL_PCI_DEVICE(0x2526, 0x1410, iwl9270_2ac_cfg)}, + {IWL_PCI_DEVICE(0x2526, 0x1420, iwl9460_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x2526, 0x1610, iwl9270_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x2526, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x2526, 0x2034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x2526, 0x4010, iwl9260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x2526, 0x4030, iwl9560_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x2526, 0x4034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x2526, 0x40A4, iwl9460_2ac_cfg)}, +- {IWL_PCI_DEVICE(0x2526, 0xA014, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x2526, 0x4234, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x2526, 0x42A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x2526, 0xA014, iwl9260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x271B, 0x0010, iwl9160_2ac_cfg)}, + {IWL_PCI_DEVICE(0x271B, 0x0014, iwl9160_2ac_cfg)}, + {IWL_PCI_DEVICE(0x271B, 0x0210, iwl9160_2ac_cfg)}, +@@ -569,16 +575,42 @@ static const struct pci_device_id iwl_hw + {IWL_PCI_DEVICE(0x2720, 0x0264, iwl9461_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x2720, 0x02A0, iwl9462_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x2720, 0x02A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x2720, 0x1010, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x2720, 0x1030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x2720, 0x1210, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x2720, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x2720, 0x2034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x2720, 0x4030, iwl9560_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x2720, 0x4034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x2720, 0x40A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x2720, 0x4234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x2720, 0x42A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x0030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x0034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x0038, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x003C, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x30DC, 0x0060, iwl9460_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x30DC, 0x0064, iwl9461_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x30DC, 0x00A0, iwl9462_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x30DC, 0x00A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x0230, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x0234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x0238, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x023C, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x30DC, 0x0260, iwl9461_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x30DC, 0x0264, iwl9461_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x30DC, 0x02A0, iwl9462_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x30DC, 0x02A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x1010, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x1030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x1210, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x2034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x4030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x4034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x40A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x4234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x30DC, 0x42A4, iwl9462_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x31DC, 0x0030, iwl9560_2ac_cfg_shared_clk)}, + {IWL_PCI_DEVICE(0x31DC, 0x0034, iwl9560_2ac_cfg_shared_clk)}, + {IWL_PCI_DEVICE(0x31DC, 0x0038, iwl9560_2ac_cfg_shared_clk)}, +@@ -595,12 +627,94 @@ static const struct pci_device_id iwl_hw + {IWL_PCI_DEVICE(0x31DC, 0x0264, iwl9461_2ac_cfg_shared_clk)}, + {IWL_PCI_DEVICE(0x31DC, 0x02A0, iwl9462_2ac_cfg_shared_clk)}, + {IWL_PCI_DEVICE(0x31DC, 0x02A4, iwl9462_2ac_cfg_shared_clk)}, ++ {IWL_PCI_DEVICE(0x31DC, 0x1010, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x31DC, 0x1030, iwl9560_2ac_cfg_shared_clk)}, ++ {IWL_PCI_DEVICE(0x31DC, 0x1210, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x31DC, 0x2030, iwl9560_2ac_cfg_shared_clk)}, ++ {IWL_PCI_DEVICE(0x31DC, 0x2034, iwl9560_2ac_cfg_shared_clk)}, + {IWL_PCI_DEVICE(0x31DC, 0x4030, iwl9560_2ac_cfg_shared_clk)}, + {IWL_PCI_DEVICE(0x31DC, 0x4034, iwl9560_2ac_cfg_shared_clk)}, + {IWL_PCI_DEVICE(0x31DC, 0x40A4, iwl9462_2ac_cfg_shared_clk)}, ++ {IWL_PCI_DEVICE(0x31DC, 0x4234, iwl9560_2ac_cfg_shared_clk)}, ++ {IWL_PCI_DEVICE(0x31DC, 0x42A4, iwl9462_2ac_cfg_shared_clk)}, + {IWL_PCI_DEVICE(0x34F0, 0x0030, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x34F0, 0x0034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x0038, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x003C, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x0060, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x0064, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x00A0, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x00A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x0230, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x0234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x0238, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x023C, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x0260, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x0264, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x02A0, iwl9462_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x34F0, 0x02A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x1010, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x1030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x1210, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x2034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x4030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x4034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x40A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x4234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x34F0, 0x42A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0038, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x003C, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0060, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0064, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x00A0, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x00A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0230, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0238, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x023C, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0260, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x0264, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x02A0, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x02A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x1010, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x1030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x1210, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x2034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x4030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x4034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x40A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x4234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x3DF0, 0x42A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0038, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x003C, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0060, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0064, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x00A0, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x00A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0230, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0238, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x023C, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0260, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x0264, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x02A0, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x02A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x1010, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x1030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x1210, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x2034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x4030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x4034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x40A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x4234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x43F0, 0x42A4, iwl9462_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x0000, iwl9460_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x0010, iwl9460_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x0030, iwl9560_2ac_cfg_soc)}, +@@ -626,11 +740,44 @@ static const struct pci_device_id iwl_hw + {IWL_PCI_DEVICE(0x9DF0, 0x0610, iwl9460_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x0710, iwl9460_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x0A10, iwl9460_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x9DF0, 0x1010, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0x9DF0, 0x1030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x9DF0, 0x1210, iwl9260_2ac_cfg)}, + {IWL_PCI_DEVICE(0x9DF0, 0x2010, iwl9460_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x9DF0, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x9DF0, 0x2034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x2A10, iwl9460_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x4030, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x4034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0x9DF0, 0x40A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x9DF0, 0x4234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0x9DF0, 0x42A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0038, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x003C, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0060, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0064, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x00A0, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x00A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0230, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0238, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x023C, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0260, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x0264, iwl9461_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x02A0, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x02A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x1010, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x1030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x1210, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x2034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x4030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x4034, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x40A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x4234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA0F0, 0x42A4, iwl9462_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0xA370, 0x0030, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0xA370, 0x0034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0xA370, 0x0038, iwl9560_2ac_cfg_soc)}, +@@ -647,10 +794,16 @@ static const struct pci_device_id iwl_hw + {IWL_PCI_DEVICE(0xA370, 0x0264, iwl9461_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0xA370, 0x02A0, iwl9462_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0xA370, 0x02A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA370, 0x1010, iwl9260_2ac_cfg)}, + {IWL_PCI_DEVICE(0xA370, 0x1030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA370, 0x1210, iwl9260_2ac_cfg)}, ++ {IWL_PCI_DEVICE(0xA370, 0x2030, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA370, 0x2034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0xA370, 0x4030, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0xA370, 0x4034, iwl9560_2ac_cfg_soc)}, + {IWL_PCI_DEVICE(0xA370, 0x40A4, iwl9462_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA370, 0x4234, iwl9560_2ac_cfg_soc)}, ++ {IWL_PCI_DEVICE(0xA370, 0x42A4, iwl9462_2ac_cfg_soc)}, + + /* 22000 Series */ + {IWL_PCI_DEVICE(0x2720, 0x0A10, iwl22000_2ac_cfg_hr_cdb)}, diff --git a/queue-4.16/kvm-ppc-book3s-hv-trace_tlbie-must-not-be-called-in-realmode.patch b/queue-4.16/kvm-ppc-book3s-hv-trace_tlbie-must-not-be-called-in-realmode.patch new file mode 100644 index 00000000000..a9bbda85d7b --- /dev/null +++ b/queue-4.16/kvm-ppc-book3s-hv-trace_tlbie-must-not-be-called-in-realmode.patch @@ -0,0 +1,56 @@ +From 19ce7909ed11c49f7eddf59e7f49cd3062bf83d5 Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Fri, 6 Apr 2018 03:56:30 +1000 +Subject: KVM: PPC: Book3S HV: trace_tlbie must not be called in realmode + +From: Nicholas Piggin + +commit 19ce7909ed11c49f7eddf59e7f49cd3062bf83d5 upstream. + +This crashes with a "Bad real address for load" attempting to load +from the vmalloc region in realmode (faulting address is in DAR). + + Oops: Bad interrupt in KVM entry/exit code, sig: 6 [#1] + LE SMP NR_CPUS=2048 NUMA PowerNV + CPU: 53 PID: 6582 Comm: qemu-system-ppc Not tainted 4.16.0-01530-g43d1859f0994 + NIP: c0000000000155ac LR: c0000000000c2430 CTR: c000000000015580 + REGS: c000000fff76dd80 TRAP: 0200 Not tainted (4.16.0-01530-g43d1859f0994) + MSR: 9000000000201003 CR: 48082222 XER: 00000000 + CFAR: 0000000102900ef0 DAR: d00017fffd941a28 DSISR: 00000040 SOFTE: 3 + NIP [c0000000000155ac] perf_trace_tlbie+0x2c/0x1a0 + LR [c0000000000c2430] do_tlbies+0x230/0x2f0 + +I suspect the reason is the per-cpu data is not in the linear chunk. +This could be restored if that was able to be fixed, but for now, +just remove the tracepoints. + +Fixes: 0428491cba92 ("powerpc/mm: Trace tlbie(l) instructions") +Cc: stable@vger.kernel.org # v4.13+ +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kvm/book3s_hv_rm_mmu.c | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/arch/powerpc/kvm/book3s_hv_rm_mmu.c ++++ b/arch/powerpc/kvm/book3s_hv_rm_mmu.c +@@ -470,8 +470,6 @@ static void do_tlbies(struct kvm *kvm, u + for (i = 0; i < npages; ++i) { + asm volatile(PPC_TLBIE_5(%0,%1,0,0,0) : : + "r" (rbvalues[i]), "r" (kvm->arch.lpid)); +- trace_tlbie(kvm->arch.lpid, 0, rbvalues[i], +- kvm->arch.lpid, 0, 0, 0); + } + + if (cpu_has_feature(CPU_FTR_P9_TLBIE_BUG)) { +@@ -492,8 +490,6 @@ static void do_tlbies(struct kvm *kvm, u + for (i = 0; i < npages; ++i) { + asm volatile(PPC_TLBIEL(%0,%1,0,0,0) : : + "r" (rbvalues[i]), "r" (0)); +- trace_tlbie(kvm->arch.lpid, 1, rbvalues[i], +- 0, 0, 0, 0); + } + asm volatile("ptesync" : : : "memory"); + } diff --git a/queue-4.16/parisc-fix-hpmc-handler-by-increasing-size-to-multiple-of-16-bytes.patch b/queue-4.16/parisc-fix-hpmc-handler-by-increasing-size-to-multiple-of-16-bytes.patch new file mode 100644 index 00000000000..fbaceee9778 --- /dev/null +++ b/queue-4.16/parisc-fix-hpmc-handler-by-increasing-size-to-multiple-of-16-bytes.patch @@ -0,0 +1,48 @@ +From d5654e156bc4d68a87bbaa6d7e020baceddf6e68 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 24 Mar 2018 21:18:25 +0100 +Subject: parisc: Fix HPMC handler by increasing size to multiple of 16 bytes + +From: Helge Deller + +commit d5654e156bc4d68a87bbaa6d7e020baceddf6e68 upstream. + +Make sure that the HPMC (High Priority Machine Check) handler is 16-byte +aligned and that it's length in the IVT is a multiple of 16 bytes. +Otherwise PDC may decide not to call the HPMC crash handler. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/parisc/kernel/hpmc.S | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/arch/parisc/kernel/hpmc.S ++++ b/arch/parisc/kernel/hpmc.S +@@ -84,6 +84,7 @@ END(hpmc_pim_data) + .text + + .import intr_save, code ++ .align 16 + ENTRY_CFI(os_hpmc) + .os_hpmc: + +@@ -300,12 +301,15 @@ os_hpmc_6: + + b . + nop ++ .align 16 /* make function length multiple of 16 bytes */ + ENDPROC_CFI(os_hpmc) + .os_hpmc_end: + + + __INITRODATA ++.globl os_hpmc_size + .align 4 +- .export os_hpmc_size ++ .type os_hpmc_size, @object ++ .size os_hpmc_size, 4 + os_hpmc_size: + .word .os_hpmc_end-.os_hpmc diff --git a/queue-4.16/parisc-fix-out-of-array-access-in-match_pci_device.patch b/queue-4.16/parisc-fix-out-of-array-access-in-match_pci_device.patch new file mode 100644 index 00000000000..abc80bfe6d9 --- /dev/null +++ b/queue-4.16/parisc-fix-out-of-array-access-in-match_pci_device.patch @@ -0,0 +1,49 @@ +From 615b2665fd20c327b631ff1e79426775de748094 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sun, 25 Mar 2018 23:53:22 +0200 +Subject: parisc: Fix out of array access in match_pci_device() + +From: Helge Deller + +commit 615b2665fd20c327b631ff1e79426775de748094 upstream. + +As found by the ubsan checker, the value of the 'index' variable can be +out of range for the bc[] array: + +UBSAN: Undefined behaviour in arch/parisc/kernel/drivers.c:655:21 +index 6 is out of range for type 'char [6]' +Backtrace: + [<104fa850>] __ubsan_handle_out_of_bounds+0x68/0x80 + [<1019d83c>] check_parent+0xc0/0x170 + [<1019d91c>] descend_children+0x30/0x6c + [<1059e164>] device_for_each_child+0x60/0x98 + [<1019cd54>] parse_tree_node+0x40/0x54 + [<1019d86c>] check_parent+0xf0/0x170 + [<1019d91c>] descend_children+0x30/0x6c + [<1059e164>] device_for_each_child+0x60/0x98 + [<1019d938>] descend_children+0x4c/0x6c + [<1059e164>] device_for_each_child+0x60/0x98 + [<1019cd54>] parse_tree_node+0x40/0x54 + [<1019cffc>] hwpath_to_device+0xa4/0xc4 + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/parisc/kernel/drivers.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/parisc/kernel/drivers.c ++++ b/arch/parisc/kernel/drivers.c +@@ -651,6 +651,10 @@ static int match_pci_device(struct devic + (modpath->mod == PCI_FUNC(devfn))); + } + ++ /* index might be out of bounds for bc[] */ ++ if (index >= 6) ++ return 0; ++ + id = PCI_SLOT(pdev->devfn) | (PCI_FUNC(pdev->devfn) << 5); + return (modpath->bc[index] == id); + } diff --git a/queue-4.16/pci-hv-fix-2-hang-issues-in-hv_compose_msi_msg.patch b/queue-4.16/pci-hv-fix-2-hang-issues-in-hv_compose_msi_msg.patch new file mode 100644 index 00000000000..e21e4ce409b --- /dev/null +++ b/queue-4.16/pci-hv-fix-2-hang-issues-in-hv_compose_msi_msg.patch @@ -0,0 +1,142 @@ +From de0aa7b2f97d348ba7d1e17a00744c989baa0cb6 Mon Sep 17 00:00:00 2001 +From: Dexuan Cui +Date: Thu, 15 Mar 2018 14:21:08 +0000 +Subject: PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() + +From: Dexuan Cui + +commit de0aa7b2f97d348ba7d1e17a00744c989baa0cb6 upstream. + +1. With the patch "x86/vector/msi: Switch to global reservation mode", +the recent v4.15 and newer kernels always hang for 1-vCPU Hyper-V VM +with SR-IOV. This is because when we reach hv_compose_msi_msg() by +request_irq() -> request_threaded_irq() ->__setup_irq()->irq_startup() +-> __irq_startup() -> irq_domain_activate_irq() -> ... -> +msi_domain_activate() -> ... -> hv_compose_msi_msg(), local irq is +disabled in __setup_irq(). + +Note: when we reach hv_compose_msi_msg() by another code path: +pci_enable_msix_range() -> ... -> irq_domain_activate_irq() -> ... -> +hv_compose_msi_msg(), local irq is not disabled. + +hv_compose_msi_msg() depends on an interrupt from the host. +With interrupts disabled, a UP VM always hangs in the busy loop in +the function, because the interrupt callback hv_pci_onchannelcallback() +can not be called. + +We can do nothing but work it around by polling the channel. This +is ugly, but we don't have any other choice. + +2. If the host is ejecting the VF device before we reach +hv_compose_msi_msg(), in a UP VM, we can hang in hv_compose_msi_msg() +forever, because at this time the host doesn't respond to the +CREATE_INTERRUPT request. This issue exists the first day the +pci-hyperv driver appears in the kernel. + +Luckily, this can also by worked around by polling the channel +for the PCI_EJECT message and hpdev->state, and by checking the +PCI vendor ID. + +Note: actually the above 2 issues also happen to a SMP VM, if +"hbus->hdev->channel->target_cpu == smp_processor_id()" is true. + +Fixes: 4900be83602b ("x86/vector/msi: Switch to global reservation mode") +Tested-by: Adrian Suhov +Tested-by: Chris Valean +Signed-off-by: Dexuan Cui +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Michael Kelley +Acked-by: Haiyang Zhang +Cc: +Cc: Stephen Hemminger +Cc: K. Y. Srinivasan +Cc: Vitaly Kuznetsov +Cc: Jack Morgenstein +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/host/pci-hyperv.c | 58 +++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 57 insertions(+), 1 deletion(-) + +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -521,6 +521,8 @@ struct hv_pci_compl { + s32 completion_status; + }; + ++static void hv_pci_onchannelcallback(void *context); ++ + /** + * hv_pci_generic_compl() - Invoked for a completion packet + * @context: Set up by the sender of the packet. +@@ -665,6 +667,31 @@ static void _hv_pcifront_read_config(str + } + } + ++static u16 hv_pcifront_get_vendor_id(struct hv_pci_dev *hpdev) ++{ ++ u16 ret; ++ unsigned long flags; ++ void __iomem *addr = hpdev->hbus->cfg_addr + CFG_PAGE_OFFSET + ++ PCI_VENDOR_ID; ++ ++ spin_lock_irqsave(&hpdev->hbus->config_lock, flags); ++ ++ /* Choose the function to be read. (See comment above) */ ++ writel(hpdev->desc.win_slot.slot, hpdev->hbus->cfg_addr); ++ /* Make sure the function was chosen before we start reading. */ ++ mb(); ++ /* Read from that function's config space. */ ++ ret = readw(addr); ++ /* ++ * mb() is not required here, because the spin_unlock_irqrestore() ++ * is a barrier. ++ */ ++ ++ spin_unlock_irqrestore(&hpdev->hbus->config_lock, flags); ++ ++ return ret; ++} ++ + /** + * _hv_pcifront_write_config() - Internal PCI config write + * @hpdev: The PCI driver's representation of the device +@@ -1107,8 +1134,37 @@ static void hv_compose_msi_msg(struct ir + * Since this function is called with IRQ locks held, can't + * do normal wait for completion; instead poll. + */ +- while (!try_wait_for_completion(&comp.comp_pkt.host_event)) ++ while (!try_wait_for_completion(&comp.comp_pkt.host_event)) { ++ /* 0xFFFF means an invalid PCI VENDOR ID. */ ++ if (hv_pcifront_get_vendor_id(hpdev) == 0xFFFF) { ++ dev_err_once(&hbus->hdev->device, ++ "the device has gone\n"); ++ goto free_int_desc; ++ } ++ ++ /* ++ * When the higher level interrupt code calls us with ++ * interrupt disabled, we must poll the channel by calling ++ * the channel callback directly when channel->target_cpu is ++ * the current CPU. When the higher level interrupt code ++ * calls us with interrupt enabled, let's add the ++ * local_bh_disable()/enable() to avoid race. ++ */ ++ local_bh_disable(); ++ ++ if (hbus->hdev->channel->target_cpu == smp_processor_id()) ++ hv_pci_onchannelcallback(hbus); ++ ++ local_bh_enable(); ++ ++ if (hpdev->state == hv_pcichild_ejecting) { ++ dev_err_once(&hbus->hdev->device, ++ "the device is being ejected\n"); ++ goto free_int_desc; ++ } ++ + udelay(100); ++ } + + if (comp.comp_pkt.completion_status < 0) { + dev_err(&hbus->hdev->device, diff --git a/queue-4.16/pci-hv-serialize-the-present-and-eject-work-items.patch b/queue-4.16/pci-hv-serialize-the-present-and-eject-work-items.patch new file mode 100644 index 00000000000..6b94b6e61c9 --- /dev/null +++ b/queue-4.16/pci-hv-serialize-the-present-and-eject-work-items.patch @@ -0,0 +1,160 @@ +From 021ad274d7dc31611d4f47f7dd4ac7a224526f30 Mon Sep 17 00:00:00 2001 +From: Dexuan Cui +Date: Thu, 15 Mar 2018 14:20:53 +0000 +Subject: PCI: hv: Serialize the present and eject work items + +From: Dexuan Cui + +commit 021ad274d7dc31611d4f47f7dd4ac7a224526f30 upstream. + +When we hot-remove the device, we first receive a PCI_EJECT message and +then receive a PCI_BUS_RELATIONS message with bus_rel->device_count == 0. + +The first message is offloaded to hv_eject_device_work(), and the second +is offloaded to pci_devices_present_work(). Both the paths can be running +list_del(&hpdev->list_entry), causing general protection fault, because +system_wq can run them concurrently. + +The patch eliminates the race condition. + +Since access to present/eject work items is serialized, we do not need the +hbus->enum_sem anymore, so remove it. + +Fixes: 4daace0d8ce8 ("PCI: hv: Add paravirtual PCI front-end for Microsoft Hyper-V VMs") +Link: https://lkml.kernel.org/r/KL1P15301MB00064DA6B4D221123B5241CFBFD70@KL1P15301MB0006.APCP153.PROD.OUTLOOK.COM +Tested-by: Adrian Suhov +Tested-by: Chris Valean +Signed-off-by: Dexuan Cui +[lorenzo.pieralisi@arm.com: squashed semaphore removal patch] +Signed-off-by: Lorenzo Pieralisi +Reviewed-by: Michael Kelley +Acked-by: Haiyang Zhang +Cc: # v4.6+ +Cc: Vitaly Kuznetsov +Cc: Jack Morgenstein +Cc: Stephen Hemminger +Cc: K. Y. Srinivasan +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pci/host/pci-hyperv.c | 34 ++++++++++++++++------------------ + 1 file changed, 16 insertions(+), 18 deletions(-) + +--- a/drivers/pci/host/pci-hyperv.c ++++ b/drivers/pci/host/pci-hyperv.c +@@ -447,7 +447,6 @@ struct hv_pcibus_device { + spinlock_t device_list_lock; /* Protect lists below */ + void __iomem *cfg_addr; + +- struct semaphore enum_sem; + struct list_head resources_for_children; + + struct list_head children; +@@ -461,6 +460,8 @@ struct hv_pcibus_device { + struct retarget_msi_interrupt retarget_msi_interrupt_params; + + spinlock_t retarget_msi_interrupt_lock; ++ ++ struct workqueue_struct *wq; + }; + + /* +@@ -1590,12 +1591,8 @@ static struct hv_pci_dev *get_pcichild_w + * It must also treat the omission of a previously observed device as + * notification that the device no longer exists. + * +- * Note that this function is a work item, and it may not be +- * invoked in the order that it was queued. Back to back +- * updates of the list of present devices may involve queuing +- * multiple work items, and this one may run before ones that +- * were sent later. As such, this function only does something +- * if is the last one in the queue. ++ * Note that this function is serialized with hv_eject_device_work(), ++ * because both are pushed to the ordered workqueue hbus->wq. + */ + static void pci_devices_present_work(struct work_struct *work) + { +@@ -1616,11 +1613,6 @@ static void pci_devices_present_work(str + + INIT_LIST_HEAD(&removed); + +- if (down_interruptible(&hbus->enum_sem)) { +- put_hvpcibus(hbus); +- return; +- } +- + /* Pull this off the queue and process it if it was the last one. */ + spin_lock_irqsave(&hbus->device_list_lock, flags); + while (!list_empty(&hbus->dr_list)) { +@@ -1637,7 +1629,6 @@ static void pci_devices_present_work(str + spin_unlock_irqrestore(&hbus->device_list_lock, flags); + + if (!dr) { +- up(&hbus->enum_sem); + put_hvpcibus(hbus); + return; + } +@@ -1724,7 +1715,6 @@ static void pci_devices_present_work(str + break; + } + +- up(&hbus->enum_sem); + put_hvpcibus(hbus); + kfree(dr); + } +@@ -1770,7 +1760,7 @@ static void hv_pci_devices_present(struc + spin_unlock_irqrestore(&hbus->device_list_lock, flags); + + get_hvpcibus(hbus); +- schedule_work(&dr_wrk->wrk); ++ queue_work(hbus->wq, &dr_wrk->wrk); + } + + /** +@@ -1848,7 +1838,7 @@ static void hv_pci_eject_device(struct h + get_pcichild(hpdev, hv_pcidev_ref_pnp); + INIT_WORK(&hpdev->wrk, hv_eject_device_work); + get_hvpcibus(hpdev->hbus); +- schedule_work(&hpdev->wrk); ++ queue_work(hpdev->hbus->wq, &hpdev->wrk); + } + + /** +@@ -2461,13 +2451,18 @@ static int hv_pci_probe(struct hv_device + spin_lock_init(&hbus->config_lock); + spin_lock_init(&hbus->device_list_lock); + spin_lock_init(&hbus->retarget_msi_interrupt_lock); +- sema_init(&hbus->enum_sem, 1); + init_completion(&hbus->remove_event); ++ hbus->wq = alloc_ordered_workqueue("hv_pci_%x", 0, ++ hbus->sysdata.domain); ++ if (!hbus->wq) { ++ ret = -ENOMEM; ++ goto free_bus; ++ } + + ret = vmbus_open(hdev->channel, pci_ring_size, pci_ring_size, NULL, 0, + hv_pci_onchannelcallback, hbus); + if (ret) +- goto free_bus; ++ goto destroy_wq; + + hv_set_drvdata(hdev, hbus); + +@@ -2536,6 +2531,8 @@ free_config: + hv_free_config_window(hbus); + close: + vmbus_close(hdev->channel); ++destroy_wq: ++ destroy_workqueue(hbus->wq); + free_bus: + free_page((unsigned long)hbus); + return ret; +@@ -2615,6 +2612,7 @@ static int hv_pci_remove(struct hv_devic + irq_domain_free_fwnode(hbus->sysdata.fwnode); + put_hvpcibus(hbus); + wait_for_completion(&hbus->remove_event); ++ destroy_workqueue(hbus->wq); + free_page((unsigned long)hbus); + return 0; + } diff --git a/queue-4.16/perf-core-fix-use-after-free-in-uprobe_perf_close.patch b/queue-4.16/perf-core-fix-use-after-free-in-uprobe_perf_close.patch new file mode 100644 index 00000000000..b92352b422c --- /dev/null +++ b/queue-4.16/perf-core-fix-use-after-free-in-uprobe_perf_close.patch @@ -0,0 +1,174 @@ +From 621b6d2ea297d0fb6030452c5bcd221f12165fcf Mon Sep 17 00:00:00 2001 +From: Prashant Bhole +Date: Mon, 9 Apr 2018 19:03:46 +0900 +Subject: perf/core: Fix use-after-free in uprobe_perf_close() + +From: Prashant Bhole + +commit 621b6d2ea297d0fb6030452c5bcd221f12165fcf upstream. + +A use-after-free bug was caught by KASAN while running usdt related +code (BCC project. bcc/tests/python/test_usdt2.py): + + ================================================================== + BUG: KASAN: use-after-free in uprobe_perf_close+0x222/0x3b0 + Read of size 4 at addr ffff880384f9b4a4 by task test_usdt2.py/870 + + CPU: 4 PID: 870 Comm: test_usdt2.py Tainted: G W 4.16.0-next-20180409 #215 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 + Call Trace: + dump_stack+0xc7/0x15b + ? show_regs_print_info+0x5/0x5 + ? printk+0x9c/0xc3 + ? kmsg_dump_rewind_nolock+0x6e/0x6e + ? uprobe_perf_close+0x222/0x3b0 + print_address_description+0x83/0x3a0 + ? uprobe_perf_close+0x222/0x3b0 + kasan_report+0x1dd/0x460 + ? uprobe_perf_close+0x222/0x3b0 + uprobe_perf_close+0x222/0x3b0 + ? probes_open+0x180/0x180 + ? free_filters_list+0x290/0x290 + trace_uprobe_register+0x1bb/0x500 + ? perf_event_attach_bpf_prog+0x310/0x310 + ? probe_event_disable+0x4e0/0x4e0 + perf_uprobe_destroy+0x63/0xd0 + _free_event+0x2bc/0xbd0 + ? lockdep_rcu_suspicious+0x100/0x100 + ? ring_buffer_attach+0x550/0x550 + ? kvm_sched_clock_read+0x1a/0x30 + ? perf_event_release_kernel+0x3e4/0xc00 + ? __mutex_unlock_slowpath+0x12e/0x540 + ? wait_for_completion+0x430/0x430 + ? lock_downgrade+0x3c0/0x3c0 + ? lock_release+0x980/0x980 + ? do_raw_spin_trylock+0x118/0x150 + ? do_raw_spin_unlock+0x121/0x210 + ? do_raw_spin_trylock+0x150/0x150 + perf_event_release_kernel+0x5d4/0xc00 + ? put_event+0x30/0x30 + ? fsnotify+0xd2d/0xea0 + ? sched_clock_cpu+0x18/0x1a0 + ? __fsnotify_update_child_dentry_flags.part.0+0x1b0/0x1b0 + ? pvclock_clocksource_read+0x152/0x2b0 + ? pvclock_read_flags+0x80/0x80 + ? kvm_sched_clock_read+0x1a/0x30 + ? sched_clock_cpu+0x18/0x1a0 + ? pvclock_clocksource_read+0x152/0x2b0 + ? locks_remove_file+0xec/0x470 + ? pvclock_read_flags+0x80/0x80 + ? fcntl_setlk+0x880/0x880 + ? ima_file_free+0x8d/0x390 + ? lockdep_rcu_suspicious+0x100/0x100 + ? ima_file_check+0x110/0x110 + ? fsnotify+0xea0/0xea0 + ? kvm_sched_clock_read+0x1a/0x30 + ? rcu_note_context_switch+0x600/0x600 + perf_release+0x21/0x40 + __fput+0x264/0x620 + ? fput+0xf0/0xf0 + ? do_raw_spin_unlock+0x121/0x210 + ? do_raw_spin_trylock+0x150/0x150 + ? SyS_fchdir+0x100/0x100 + ? fsnotify+0xea0/0xea0 + task_work_run+0x14b/0x1e0 + ? task_work_cancel+0x1c0/0x1c0 + ? copy_fd_bitmaps+0x150/0x150 + ? vfs_read+0xe5/0x260 + exit_to_usermode_loop+0x17b/0x1b0 + ? trace_event_raw_event_sys_exit+0x1a0/0x1a0 + do_syscall_64+0x3f6/0x490 + ? syscall_return_slowpath+0x2c0/0x2c0 + ? lockdep_sys_exit+0x1f/0xaa + ? syscall_return_slowpath+0x1a3/0x2c0 + ? lockdep_sys_exit+0x1f/0xaa + ? prepare_exit_to_usermode+0x11c/0x1e0 + ? enter_from_user_mode+0x30/0x30 + random: crng init done + ? __put_user_4+0x1c/0x30 + entry_SYSCALL_64_after_hwframe+0x3d/0xa2 + RIP: 0033:0x7f41d95f9340 + RSP: 002b:00007fffe71e4268 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 + RAX: 0000000000000000 RBX: 000000000000000d RCX: 00007f41d95f9340 + RDX: 0000000000000000 RSI: 0000000000002401 RDI: 000000000000000d + RBP: 0000000000000000 R08: 00007f41ca8ff700 R09: 00007f41d996dd1f + R10: 00007fffe71e41e0 R11: 0000000000000246 R12: 00007fffe71e4330 + R13: 0000000000000000 R14: fffffffffffffffc R15: 00007fffe71e4290 + + Allocated by task 870: + kasan_kmalloc+0xa0/0xd0 + kmem_cache_alloc_node+0x11a/0x430 + copy_process.part.19+0x11a0/0x41c0 + _do_fork+0x1be/0xa20 + do_syscall_64+0x198/0x490 + entry_SYSCALL_64_after_hwframe+0x3d/0xa2 + + Freed by task 0: + __kasan_slab_free+0x12e/0x180 + kmem_cache_free+0x102/0x4d0 + free_task+0xfe/0x160 + __put_task_struct+0x189/0x290 + delayed_put_task_struct+0x119/0x250 + rcu_process_callbacks+0xa6c/0x1b60 + __do_softirq+0x238/0x7ae + + The buggy address belongs to the object at ffff880384f9b480 + which belongs to the cache task_struct of size 12928 + +It occurs because task_struct is freed before perf_event which refers +to the task and task flags are checked while teardown of the event. +perf_event_alloc() assigns task_struct to hw.target of perf_event, +but there is no reference counting for it. + +As a fix we get_task_struct() in perf_event_alloc() at above mentioned +assignment and put_task_struct() in _free_event(). + +Signed-off-by: Prashant Bhole +Reviewed-by: Oleg Nesterov +Acked-by: Peter Zijlstra (Intel) +Cc: +Cc: Alexander Shishkin +Cc: Arnaldo Carvalho de Melo +Cc: Jiri Olsa +Cc: Linus Torvalds +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: 63b6da39bb38e8f1a1ef3180d32a39d6 ("perf: Fix perf_event_exit_task() race") +Link: http://lkml.kernel.org/r/20180409100346.6416-1-bhole_prashant_q7@lab.ntt.co.jp +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/events/core.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -4123,6 +4123,9 @@ static void _free_event(struct perf_even + if (event->ctx) + put_ctx(event->ctx); + ++ if (event->hw.target) ++ put_task_struct(event->hw.target); ++ + exclusive_event_destroy(event); + module_put(event->pmu->module); + +@@ -9488,6 +9491,7 @@ perf_event_alloc(struct perf_event_attr + * and we cannot use the ctx information because we need the + * pmu before we get a ctx. + */ ++ get_task_struct(task); + event->hw.target = task; + } + +@@ -9603,6 +9607,8 @@ err_ns: + perf_detach_cgroup(event); + if (event->ns) + put_pid_ns(event->ns); ++ if (event->hw.target) ++ put_task_struct(event->hw.target); + kfree(event); + + return ERR_PTR(err); diff --git a/queue-4.16/perf-intel-pt-fix-error-recovery-from-missing-tip-packet.patch b/queue-4.16/perf-intel-pt-fix-error-recovery-from-missing-tip-packet.patch new file mode 100644 index 00000000000..70d644510a9 --- /dev/null +++ b/queue-4.16/perf-intel-pt-fix-error-recovery-from-missing-tip-packet.patch @@ -0,0 +1,36 @@ +From 1c196a6c771c47a2faa63d38d913e03284f73a16 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 7 Mar 2018 16:02:23 +0200 +Subject: perf intel-pt: Fix error recovery from missing TIP packet + +From: Adrian Hunter + +commit 1c196a6c771c47a2faa63d38d913e03284f73a16 upstream. + +When a TIP packet is expected but there is a different packet, it is an +error. However the unexpected packet might be something important like a +TSC packet, so after the error, it is necessary to continue from there, +rather than the next packet. That is achieved by setting pkt_step to +zero. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/1520431349-30689-4-git-send-email-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -1616,6 +1616,7 @@ static int intel_pt_walk_fup_tip(struct + case INTEL_PT_PWRX: + intel_pt_log("ERROR: Missing TIP after FUP\n"); + decoder->pkt_state = INTEL_PT_STATE_ERR3; ++ decoder->pkt_step = 0; + return -ENOENT; + + case INTEL_PT_OVF: diff --git a/queue-4.16/perf-intel-pt-fix-overlap-detection-to-identify-consecutive-buffers-correctly.patch b/queue-4.16/perf-intel-pt-fix-overlap-detection-to-identify-consecutive-buffers-correctly.patch new file mode 100644 index 00000000000..2f360907d13 --- /dev/null +++ b/queue-4.16/perf-intel-pt-fix-overlap-detection-to-identify-consecutive-buffers-correctly.patch @@ -0,0 +1,220 @@ +From 117db4b27bf08dba412faf3924ba55fe970c57b8 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 7 Mar 2018 16:02:21 +0200 +Subject: perf intel-pt: Fix overlap detection to identify consecutive buffers correctly + +From: Adrian Hunter + +commit 117db4b27bf08dba412faf3924ba55fe970c57b8 upstream. + +Overlap detection was not not updating the buffer's 'consecutive' flag. +Marking buffers consecutive has the advantage that decoding begins from +the start of the buffer instead of the first PSB. Fix overlap detection +to identify consecutive buffers correctly. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/1520431349-30689-2-git-send-email-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 62 +++++++++----------- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.h | 2 + tools/perf/util/intel-pt.c | 5 + + 3 files changed, 34 insertions(+), 35 deletions(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -2390,14 +2390,6 @@ const struct intel_pt_state *intel_pt_de + return &decoder->state; + } + +-static bool intel_pt_at_psb(unsigned char *buf, size_t len) +-{ +- if (len < INTEL_PT_PSB_LEN) +- return false; +- return memmem(buf, INTEL_PT_PSB_LEN, INTEL_PT_PSB_STR, +- INTEL_PT_PSB_LEN); +-} +- + /** + * intel_pt_next_psb - move buffer pointer to the start of the next PSB packet. + * @buf: pointer to buffer pointer +@@ -2486,6 +2478,7 @@ static unsigned char *intel_pt_last_psb( + * @buf: buffer + * @len: size of buffer + * @tsc: TSC value returned ++ * @rem: returns remaining size when TSC is found + * + * Find a TSC packet in @buf and return the TSC value. This function assumes + * that @buf starts at a PSB and that PSB+ will contain TSC and so stops if a +@@ -2493,7 +2486,8 @@ static unsigned char *intel_pt_last_psb( + * + * Return: %true if TSC is found, false otherwise. + */ +-static bool intel_pt_next_tsc(unsigned char *buf, size_t len, uint64_t *tsc) ++static bool intel_pt_next_tsc(unsigned char *buf, size_t len, uint64_t *tsc, ++ size_t *rem) + { + struct intel_pt_pkt packet; + int ret; +@@ -2504,6 +2498,7 @@ static bool intel_pt_next_tsc(unsigned c + return false; + if (packet.type == INTEL_PT_TSC) { + *tsc = packet.payload; ++ *rem = len; + return true; + } + if (packet.type == INTEL_PT_PSBEND) +@@ -2554,6 +2549,8 @@ static int intel_pt_tsc_cmp(uint64_t tsc + * @len_a: size of first buffer + * @buf_b: second buffer + * @len_b: size of second buffer ++ * @consecutive: returns true if there is data in buf_b that is consecutive ++ * to buf_a + * + * If the trace contains TSC we can look at the last TSC of @buf_a and the + * first TSC of @buf_b in order to determine if the buffers overlap, and then +@@ -2566,33 +2563,41 @@ static int intel_pt_tsc_cmp(uint64_t tsc + static unsigned char *intel_pt_find_overlap_tsc(unsigned char *buf_a, + size_t len_a, + unsigned char *buf_b, +- size_t len_b) ++ size_t len_b, bool *consecutive) + { + uint64_t tsc_a, tsc_b; + unsigned char *p; +- size_t len; ++ size_t len, rem_a, rem_b; + + p = intel_pt_last_psb(buf_a, len_a); + if (!p) + return buf_b; /* No PSB in buf_a => no overlap */ + + len = len_a - (p - buf_a); +- if (!intel_pt_next_tsc(p, len, &tsc_a)) { ++ if (!intel_pt_next_tsc(p, len, &tsc_a, &rem_a)) { + /* The last PSB+ in buf_a is incomplete, so go back one more */ + len_a -= len; + p = intel_pt_last_psb(buf_a, len_a); + if (!p) + return buf_b; /* No full PSB+ => assume no overlap */ + len = len_a - (p - buf_a); +- if (!intel_pt_next_tsc(p, len, &tsc_a)) ++ if (!intel_pt_next_tsc(p, len, &tsc_a, &rem_a)) + return buf_b; /* No TSC in buf_a => assume no overlap */ + } + + while (1) { + /* Ignore PSB+ with no TSC */ +- if (intel_pt_next_tsc(buf_b, len_b, &tsc_b) && +- intel_pt_tsc_cmp(tsc_a, tsc_b) < 0) +- return buf_b; /* tsc_a < tsc_b => no overlap */ ++ if (intel_pt_next_tsc(buf_b, len_b, &tsc_b, &rem_b)) { ++ int cmp = intel_pt_tsc_cmp(tsc_a, tsc_b); ++ ++ /* Same TSC, so buffers are consecutive */ ++ if (!cmp && rem_b >= rem_a) { ++ *consecutive = true; ++ return buf_b + len_b - (rem_b - rem_a); ++ } ++ if (cmp < 0) ++ return buf_b; /* tsc_a < tsc_b => no overlap */ ++ } + + if (!intel_pt_step_psb(&buf_b, &len_b)) + return buf_b + len_b; /* No PSB in buf_b => no data */ +@@ -2606,6 +2611,8 @@ static unsigned char *intel_pt_find_over + * @buf_b: second buffer + * @len_b: size of second buffer + * @have_tsc: can use TSC packets to detect overlap ++ * @consecutive: returns true if there is data in buf_b that is consecutive ++ * to buf_a + * + * When trace samples or snapshots are recorded there is the possibility that + * the data overlaps. Note that, for the purposes of decoding, data is only +@@ -2616,7 +2623,7 @@ static unsigned char *intel_pt_find_over + */ + unsigned char *intel_pt_find_overlap(unsigned char *buf_a, size_t len_a, + unsigned char *buf_b, size_t len_b, +- bool have_tsc) ++ bool have_tsc, bool *consecutive) + { + unsigned char *found; + +@@ -2628,7 +2635,8 @@ unsigned char *intel_pt_find_overlap(uns + return buf_b; /* No overlap */ + + if (have_tsc) { +- found = intel_pt_find_overlap_tsc(buf_a, len_a, buf_b, len_b); ++ found = intel_pt_find_overlap_tsc(buf_a, len_a, buf_b, len_b, ++ consecutive); + if (found) + return found; + } +@@ -2643,28 +2651,16 @@ unsigned char *intel_pt_find_overlap(uns + } + + /* Now len_b >= len_a */ +- if (len_b > len_a) { +- /* The leftover buffer 'b' must start at a PSB */ +- while (!intel_pt_at_psb(buf_b + len_a, len_b - len_a)) { +- if (!intel_pt_step_psb(&buf_a, &len_a)) +- return buf_b; /* No overlap */ +- } +- } +- + while (1) { + /* Potential overlap so check the bytes */ + found = memmem(buf_a, len_a, buf_b, len_a); +- if (found) ++ if (found) { ++ *consecutive = true; + return buf_b + len_a; ++ } + + /* Try again at next PSB in buffer 'a' */ + if (!intel_pt_step_psb(&buf_a, &len_a)) + return buf_b; /* No overlap */ +- +- /* The leftover buffer 'b' must start at a PSB */ +- while (!intel_pt_at_psb(buf_b + len_a, len_b - len_a)) { +- if (!intel_pt_step_psb(&buf_a, &len_a)) +- return buf_b; /* No overlap */ +- } + } + } +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.h +@@ -117,7 +117,7 @@ const struct intel_pt_state *intel_pt_de + + unsigned char *intel_pt_find_overlap(unsigned char *buf_a, size_t len_a, + unsigned char *buf_b, size_t len_b, +- bool have_tsc); ++ bool have_tsc, bool *consecutive); + + int intel_pt__strerror(int code, char *buf, size_t buflen); + +--- a/tools/perf/util/intel-pt.c ++++ b/tools/perf/util/intel-pt.c +@@ -207,14 +207,17 @@ static void intel_pt_dump_event(struct i + static int intel_pt_do_fix_overlap(struct intel_pt *pt, struct auxtrace_buffer *a, + struct auxtrace_buffer *b) + { ++ bool consecutive = false; + void *start; + + start = intel_pt_find_overlap(a->data, a->size, b->data, b->size, +- pt->have_tsc); ++ pt->have_tsc, &consecutive); + if (!start) + return -EINVAL; + b->use_size = b->data + b->size - start; + b->use_data = start; ++ if (b->use_size && consecutive) ++ b->consecutive = true; + return 0; + } + diff --git a/queue-4.16/perf-intel-pt-fix-sync_switch.patch b/queue-4.16/perf-intel-pt-fix-sync_switch.patch new file mode 100644 index 00000000000..f34a4bfe3e0 --- /dev/null +++ b/queue-4.16/perf-intel-pt-fix-sync_switch.patch @@ -0,0 +1,127 @@ +From 63d8e38f6ae6c36dd5b5ba0e8c112e8861532ea2 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 7 Mar 2018 16:02:22 +0200 +Subject: perf intel-pt: Fix sync_switch + +From: Adrian Hunter + +commit 63d8e38f6ae6c36dd5b5ba0e8c112e8861532ea2 upstream. + +sync_switch is a facility to synchronize decoding more closely with the +point in the kernel when the context actually switched. + +The flag when sync_switch is enabled was global to the decoding, whereas +it is really specific to the CPU. + +The trace data for different CPUs is put on different queues, so add +sync_switch to the intel_pt_queue structure and use that in preference +to the global setting in the intel_pt structure. + +That fixes problems decoding one CPU's trace because sync_switch was +disabled on a different CPU's queue. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/1520431349-30689-3-git-send-email-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/intel-pt.c | 32 +++++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) + +--- a/tools/perf/util/intel-pt.c ++++ b/tools/perf/util/intel-pt.c +@@ -143,6 +143,7 @@ struct intel_pt_queue { + bool stop; + bool step_through_buffers; + bool use_buffer_pid_tid; ++ bool sync_switch; + pid_t pid, tid; + int cpu; + int switch_state; +@@ -963,10 +964,12 @@ static int intel_pt_setup_queue(struct i + if (pt->timeless_decoding || !pt->have_sched_switch) + ptq->use_buffer_pid_tid = true; + } ++ ++ ptq->sync_switch = pt->sync_switch; + } + + if (!ptq->on_heap && +- (!pt->sync_switch || ++ (!ptq->sync_switch || + ptq->switch_state != INTEL_PT_SS_EXPECTING_SWITCH_EVENT)) { + const struct intel_pt_state *state; + int ret; +@@ -1549,7 +1552,7 @@ static int intel_pt_sample(struct intel_ + if (pt->synth_opts.last_branch) + intel_pt_update_last_branch_rb(ptq); + +- if (!pt->sync_switch) ++ if (!ptq->sync_switch) + return 0; + + if (intel_pt_is_switch_ip(ptq, state->to_ip)) { +@@ -1630,6 +1633,21 @@ static u64 intel_pt_switch_ip(struct int + return switch_ip; + } + ++static void intel_pt_enable_sync_switch(struct intel_pt *pt) ++{ ++ unsigned int i; ++ ++ pt->sync_switch = true; ++ ++ for (i = 0; i < pt->queues.nr_queues; i++) { ++ struct auxtrace_queue *queue = &pt->queues.queue_array[i]; ++ struct intel_pt_queue *ptq = queue->priv; ++ ++ if (ptq) ++ ptq->sync_switch = true; ++ } ++} ++ + static int intel_pt_run_decoder(struct intel_pt_queue *ptq, u64 *timestamp) + { + const struct intel_pt_state *state = ptq->state; +@@ -1646,7 +1664,7 @@ static int intel_pt_run_decoder(struct i + if (pt->switch_ip) { + intel_pt_log("switch_ip: %"PRIx64" ptss_ip: %"PRIx64"\n", + pt->switch_ip, pt->ptss_ip); +- pt->sync_switch = true; ++ intel_pt_enable_sync_switch(pt); + } + } + } +@@ -1662,9 +1680,9 @@ static int intel_pt_run_decoder(struct i + if (state->err) { + if (state->err == INTEL_PT_ERR_NODATA) + return 1; +- if (pt->sync_switch && ++ if (ptq->sync_switch && + state->from_ip >= pt->kernel_start) { +- pt->sync_switch = false; ++ ptq->sync_switch = false; + intel_pt_next_tid(pt, ptq); + } + if (pt->synth_opts.errors) { +@@ -1690,7 +1708,7 @@ static int intel_pt_run_decoder(struct i + state->timestamp, state->est_timestamp); + ptq->timestamp = state->est_timestamp; + /* Use estimated TSC in unknown switch state */ +- } else if (pt->sync_switch && ++ } else if (ptq->sync_switch && + ptq->switch_state == INTEL_PT_SS_UNKNOWN && + intel_pt_is_switch_ip(ptq, state->to_ip) && + ptq->next_tid == -1) { +@@ -1837,7 +1855,7 @@ static int intel_pt_sync_switch(struct i + return 1; + + ptq = intel_pt_cpu_to_ptq(pt, cpu); +- if (!ptq) ++ if (!ptq || !ptq->sync_switch) + return 1; + + switch (ptq->switch_state) { diff --git a/queue-4.16/perf-intel-pt-fix-timestamp-following-overflow.patch b/queue-4.16/perf-intel-pt-fix-timestamp-following-overflow.patch new file mode 100644 index 00000000000..bf6315ea16e --- /dev/null +++ b/queue-4.16/perf-intel-pt-fix-timestamp-following-overflow.patch @@ -0,0 +1,41 @@ +From 91d29b288aed3406caf7c454bf2b898c96cfd177 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Wed, 7 Mar 2018 16:02:24 +0200 +Subject: perf intel-pt: Fix timestamp following overflow + +From: Adrian Hunter + +commit 91d29b288aed3406caf7c454bf2b898c96cfd177 upstream. + +timestamp_insn_cnt is used to estimate the timestamp based on the number of +instructions since the last known timestamp. + +If the estimate is not accurate enough decoding might not be correctly +synchronized with side-band events causing more trace errors. + +However there are always timestamps following an overflow, so the +estimate is not needed and can indeed result in more errors. + +Suppress the estimate by setting timestamp_insn_cnt to zero. + +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lkml.kernel.org/r/1520431349-30689-5-git-send-email-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -1378,6 +1378,7 @@ static int intel_pt_overflow(struct inte + intel_pt_clear_tx_flags(decoder); + decoder->have_tma = false; + decoder->cbr = 0; ++ decoder->timestamp_insn_cnt = 0; + decoder->pkt_state = INTEL_PT_STATE_ERR_RESYNC; + decoder->overflow = true; + return -EOVERFLOW; diff --git a/queue-4.16/radeon-hide-pointless-warning-when-compile-testing.patch b/queue-4.16/radeon-hide-pointless-warning-when-compile-testing.patch new file mode 100644 index 00000000000..535fe4520ee --- /dev/null +++ b/queue-4.16/radeon-hide-pointless-warning-when-compile-testing.patch @@ -0,0 +1,53 @@ +From c02216acf4177c4411d33735c81cad687790fa59 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Fri, 16 Feb 2018 16:26:57 +0100 +Subject: radeon: hide pointless #warning when compile testing +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Arnd Bergmann + +commit c02216acf4177c4411d33735c81cad687790fa59 upstream. + +In randconfig testing, we sometimes get this warning: + +drivers/gpu/drm/radeon/radeon_object.c: In function 'radeon_bo_create': +drivers/gpu/drm/radeon/radeon_object.c:242:2: error: #warning Please enable CONFIG_MTRR and CONFIG_X86_PAT for better performance thanks to write-combining [-Werror=cpp] + #warning Please enable CONFIG_MTRR and CONFIG_X86_PAT for better performance \ + +This is rather annoying since almost all other code produces no build-time +output unless we have found a real bug. We already fixed this in the +amdgpu driver in commit 31bb90f1cd08 ("drm/amdgpu: shut up #warning for +compile testing") by adding a CONFIG_COMPILE_TEST check last year and +agreed to do the same here, but both Michel and I then forgot about it +until I came across the issue again now. + +For stable kernels, as this is one of very few remaining randconfig +warnings in 4.14. + +Cc: stable@vger.kernel.org +Link: https://patchwork.kernel.org/patch/9550009/ +Signed-off-by: Arnd Bergmann +Signed-off-by: Michel Dänzer +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/radeon/radeon_object.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/radeon/radeon_object.c ++++ b/drivers/gpu/drm/radeon/radeon_object.c +@@ -240,9 +240,10 @@ int radeon_bo_create(struct radeon_devic + * may be slow + * See https://bugs.freedesktop.org/show_bug.cgi?id=88758 + */ +- ++#ifndef CONFIG_COMPILE_TEST + #warning Please enable CONFIG_MTRR and CONFIG_X86_PAT for better performance \ + thanks to write-combining ++#endif + + if (bo->flags & RADEON_GEM_GTT_WC) + DRM_INFO_ONCE("Please enable CONFIG_MTRR and CONFIG_X86_PAT for " diff --git a/queue-4.16/series b/queue-4.16/series index a1c20b2ce76..f58802b4b9c 100644 --- a/queue-4.16/series +++ b/queue-4.16/series @@ -11,3 +11,21 @@ sparc64-properly-range-check-dax-completion-index.patch media-v4l2-core-fix-size-of-devnode_nums-bitarray.patch media-v4l2-compat-ioctl32-don-t-oops-on-overlay.patch media-v4l-vsp1-fix-header-display-list-status-check-in-continuous-mode.patch +ipmi-fix-some-error-cleanup-issues.patch +parisc-fix-out-of-array-access-in-match_pci_device.patch +parisc-fix-hpmc-handler-by-increasing-size-to-multiple-of-16-bytes.patch +iwlwifi-add-a-bunch-of-new-9000-pci-ids.patch +drivers-hv-vmbus-do-not-mark-hv_pcie-as-perf_device.patch +pci-hv-serialize-the-present-and-eject-work-items.patch +pci-hv-fix-2-hang-issues-in-hv_compose_msi_msg.patch +kvm-ppc-book3s-hv-trace_tlbie-must-not-be-called-in-realmode.patch +perf-intel-pt-fix-overlap-detection-to-identify-consecutive-buffers-correctly.patch +perf-intel-pt-fix-sync_switch.patch +perf-intel-pt-fix-error-recovery-from-missing-tip-packet.patch +perf-intel-pt-fix-timestamp-following-overflow.patch +perf-core-fix-use-after-free-in-uprobe_perf_close.patch +radeon-hide-pointless-warning-when-compile-testing.patch +x86-apic-fix-restoring-boot-irq-mode-in-reboot-and-kexec-kdump.patch +x86-mce-amd-pass-the-bank-number-to-smca_get_bank_type.patch +x86-mce-amd-edac-mce_amd-enumerate-reserved-smca-bank-type.patch +x86-mce-amd-get-address-from-already-initialized-block.patch diff --git a/queue-4.16/x86-apic-fix-restoring-boot-irq-mode-in-reboot-and-kexec-kdump.patch b/queue-4.16/x86-apic-fix-restoring-boot-irq-mode-in-reboot-and-kexec-kdump.patch new file mode 100644 index 00000000000..3cc16450f71 --- /dev/null +++ b/queue-4.16/x86-apic-fix-restoring-boot-irq-mode-in-reboot-and-kexec-kdump.patch @@ -0,0 +1,95 @@ +From 339b2ae0cd5d4a58f9efe06e4ee36adbeca59228 Mon Sep 17 00:00:00 2001 +From: Baoquan He +Date: Wed, 14 Feb 2018 13:46:53 +0800 +Subject: x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump + +From: Baoquan He + +commit 339b2ae0cd5d4a58f9efe06e4ee36adbeca59228 upstream. + +This is a regression fix. + +Before, to fix erratum AVR31, the following commit: + + 522e66464467 ("x86/apic: Disable I/O APIC before shutdown of the local APIC") + +... moved the lapic_shutdown() call to after disable_IO_APIC() in the reboot +and kexec/kdump code paths. + +This introduced the following regression: disable_IO_APIC() not only clears +the IO-APIC, but it also restores boot IRQ mode by setting the +LAPIC/APIC/IMCR, calling lapic_shutdown() after disable_IO_APIC() will +disable LAPIC and ruin the possible virtual wire mode setting which +the code has been trying to do all along. + +The consequence is that a KVM guest kernel always prints the warning below +during kexec/kdump as the kernel boots up: + + [ 0.001000] WARNING: CPU: 0 PID: 0 at arch/x86/kernel/apic/apic.c:1467 setup_local_APIC+0x228/0x330 + [ ........] + [ 0.001000] Call Trace: + [ 0.001000] apic_bsp_setup+0x56/0x74 + [ 0.001000] x86_late_time_init+0x11/0x16 + [ 0.001000] start_kernel+0x3c9/0x486 + [ 0.001000] secondary_startup_64+0xa5/0xb0 + [ ........] + [ 0.001000] masked ExtINT on CPU#0 + +To fix this, just call clear_IO_APIC() to stop the IO-APIC where +disable_IO_APIC() was called, and call restore_boot_irq_mode() to +restore boot IRQ mode before a reboot or a kexec/kdump jump. + +Signed-off-by: Baoquan He +Reviewed-by: Eric W. Biederman +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: douly.fnst@cn.fujitsu.com +Cc: joro@8bytes.org +Cc: prarit@redhat.com +Cc: stable@vger.kernel.org +Cc: uobergfe@redhat.com +Fixes: commit 522e66464467 ("x86/apic: Disable I/O APIC before shutdown of the local APIC") +Link: http://lkml.kernel.org/r/20180214054656.3780-4-bhe@redhat.com +[ Rewrote the changelog. ] +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/crash.c | 3 ++- + arch/x86/kernel/reboot.c | 3 ++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/x86/kernel/crash.c ++++ b/arch/x86/kernel/crash.c +@@ -199,9 +199,10 @@ void native_machine_crash_shutdown(struc + #ifdef CONFIG_X86_IO_APIC + /* Prevent crash_kexec() from deadlocking on ioapic_lock. */ + ioapic_zap_locks(); +- disable_IO_APIC(); ++ clear_IO_APIC(); + #endif + lapic_shutdown(); ++ restore_boot_irq_mode(); + #ifdef CONFIG_HPET_TIMER + hpet_disable(); + #endif +--- a/arch/x86/kernel/reboot.c ++++ b/arch/x86/kernel/reboot.c +@@ -666,7 +666,7 @@ void native_machine_shutdown(void) + * Even without the erratum, it still makes sense to quiet IO APIC + * before disabling Local APIC. + */ +- disable_IO_APIC(); ++ clear_IO_APIC(); + #endif + + #ifdef CONFIG_SMP +@@ -680,6 +680,7 @@ void native_machine_shutdown(void) + #endif + + lapic_shutdown(); ++ restore_boot_irq_mode(); + + #ifdef CONFIG_HPET_TIMER + hpet_disable(); diff --git a/queue-4.16/x86-mce-amd-edac-mce_amd-enumerate-reserved-smca-bank-type.patch b/queue-4.16/x86-mce-amd-edac-mce_amd-enumerate-reserved-smca-bank-type.patch new file mode 100644 index 00000000000..038ec19d5d3 --- /dev/null +++ b/queue-4.16/x86-mce-amd-edac-mce_amd-enumerate-reserved-smca-bank-type.patch @@ -0,0 +1,123 @@ +From 68627a697c195937672ce07683094c72b1174786 Mon Sep 17 00:00:00 2001 +From: Yazen Ghannam +Date: Wed, 21 Feb 2018 11:18:58 +0100 +Subject: x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type + +From: Yazen Ghannam + +commit 68627a697c195937672ce07683094c72b1174786 upstream. + +Currently, bank 4 is reserved on Fam17h, so we chose not to initialize +bank 4 in the smca_banks array. This means that when we check if a bank +is initialized, like during boot or resume, we will see that bank 4 is +not initialized and try to initialize it. + +This will cause a call trace, when resuming from suspend, due to +rdmsr_*on_cpu() calls in the init path. The rdmsr_*on_cpu() calls issue +an IPI but we're running with interrupts disabled. This triggers: + + WARNING: CPU: 0 PID: 11523 at kernel/smp.c:291 smp_call_function_single+0xdc/0xe0 + ... + +Reserved banks will be read-as-zero, so their MCA_IPID register will be +zero. So, like the smca_banks array, the threshold_banks array will not +have an entry for a reserved bank since all its MCA_MISC* registers will +be zero. + +Enumerate a "Reserved" bank type that matches on a HWID_MCATYPE of 0,0. + +Use the "Reserved" type when checking if a bank is reserved. It's +possible that other bank numbers may be reserved on future systems. + +Don't try to find the block address on reserved banks. + +Signed-off-by: Yazen Ghannam +Signed-off-by: Borislav Petkov +Cc: # 4.14.x +Cc: Borislav Petkov +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Tony Luck +Cc: linux-edac +Link: http://lkml.kernel.org/r/20180221101900.10326-7-bp@alien8.de +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/include/asm/mce.h | 1 + + arch/x86/kernel/cpu/mcheck/mce_amd.c | 7 +++++++ + drivers/edac/mce_amd.c | 11 +++++++---- + 3 files changed, 15 insertions(+), 4 deletions(-) + +--- a/arch/x86/include/asm/mce.h ++++ b/arch/x86/include/asm/mce.h +@@ -346,6 +346,7 @@ enum smca_bank_types { + SMCA_IF, /* Instruction Fetch */ + SMCA_L2_CACHE, /* L2 Cache */ + SMCA_DE, /* Decoder Unit */ ++ SMCA_RESERVED, /* Reserved */ + SMCA_EX, /* Execution Unit */ + SMCA_FP, /* Floating Point */ + SMCA_L3_CACHE, /* L3 Cache */ +--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c ++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c +@@ -82,6 +82,7 @@ static struct smca_bank_name smca_names[ + [SMCA_IF] = { "insn_fetch", "Instruction Fetch Unit" }, + [SMCA_L2_CACHE] = { "l2_cache", "L2 Cache" }, + [SMCA_DE] = { "decode_unit", "Decode Unit" }, ++ [SMCA_RESERVED] = { "reserved", "Reserved" }, + [SMCA_EX] = { "execution_unit", "Execution Unit" }, + [SMCA_FP] = { "floating_point", "Floating Point Unit" }, + [SMCA_L3_CACHE] = { "l3_cache", "L3 Cache" }, +@@ -127,6 +128,9 @@ static enum smca_bank_types smca_get_ban + static struct smca_hwid smca_hwid_mcatypes[] = { + /* { bank_type, hwid_mcatype, xec_bitmap } */ + ++ /* Reserved type */ ++ { SMCA_RESERVED, HWID_MCATYPE(0x00, 0x0), 0x0 }, ++ + /* ZN Core (HWID=0xB0) MCA types */ + { SMCA_LS, HWID_MCATYPE(0xB0, 0x0), 0x1FFFEF }, + { SMCA_IF, HWID_MCATYPE(0xB0, 0x1), 0x3FFF }, +@@ -433,6 +437,9 @@ static u32 get_block_address(unsigned in + u32 addr = 0, offset = 0; + + if (mce_flags.smca) { ++ if (smca_get_bank_type(bank) == SMCA_RESERVED) ++ return addr; ++ + if (!block) { + addr = MSR_AMD64_SMCA_MCx_MISC(bank); + } else { +--- a/drivers/edac/mce_amd.c ++++ b/drivers/edac/mce_amd.c +@@ -854,21 +854,24 @@ static void decode_mc6_mce(struct mce *m + static void decode_smca_error(struct mce *m) + { + struct smca_hwid *hwid; +- unsigned int bank_type; ++ enum smca_bank_types bank_type; + const char *ip_name; + u8 xec = XEC(m->status, xec_mask); + + if (m->bank >= ARRAY_SIZE(smca_banks)) + return; + +- if (x86_family(m->cpuid) >= 0x17 && m->bank == 4) +- pr_emerg(HW_ERR "Bank 4 is reserved on Fam17h.\n"); +- + hwid = smca_banks[m->bank].hwid; + if (!hwid) + return; + + bank_type = hwid->bank_type; ++ ++ if (bank_type == SMCA_RESERVED) { ++ pr_emerg(HW_ERR "Bank %d is reserved.\n", m->bank); ++ return; ++ } ++ + ip_name = smca_get_long_name(bank_type); + + pr_emerg(HW_ERR "%s Extended Error Code: %d\n", ip_name, xec); diff --git a/queue-4.16/x86-mce-amd-get-address-from-already-initialized-block.patch b/queue-4.16/x86-mce-amd-get-address-from-already-initialized-block.patch new file mode 100644 index 00000000000..a537346a8f7 --- /dev/null +++ b/queue-4.16/x86-mce-amd-get-address-from-already-initialized-block.patch @@ -0,0 +1,63 @@ +From 27bd59502702fe51d9eb00450a75b727ec6bfcb4 Mon Sep 17 00:00:00 2001 +From: Yazen Ghannam +Date: Wed, 21 Feb 2018 11:18:59 +0100 +Subject: x86/mce/AMD: Get address from already initialized block + +From: Yazen Ghannam + +commit 27bd59502702fe51d9eb00450a75b727ec6bfcb4 upstream. + +The block address is saved after the block is initialized when +threshold_init_device() is called. + +Use the saved block address, if available, rather than trying to +rediscover it. + +This will avoid a call trace, when resuming from suspend, due to the +rdmsr_safe_on_cpu() call in get_block_address(). The rdmsr_safe_on_cpu() +call issues an IPI but we're running with interrupts disabled. This +triggers: + + WARNING: CPU: 0 PID: 11523 at kernel/smp.c:291 smp_call_function_single+0xdc/0xe0 + +Signed-off-by: Yazen Ghannam +Signed-off-by: Borislav Petkov +Cc: # 4.14.x +Cc: Borislav Petkov +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Tony Luck +Cc: linux-edac +Link: http://lkml.kernel.org/r/20180221101900.10326-8-bp@alien8.de +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/mcheck/mce_amd.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c ++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c +@@ -436,6 +436,21 @@ static u32 get_block_address(unsigned in + { + u32 addr = 0, offset = 0; + ++ if ((bank >= mca_cfg.banks) || (block >= NR_BLOCKS)) ++ return addr; ++ ++ /* Get address from already initialized block. */ ++ if (per_cpu(threshold_banks, cpu)) { ++ struct threshold_bank *bankp = per_cpu(threshold_banks, cpu)[bank]; ++ ++ if (bankp && bankp->blocks) { ++ struct threshold_block *blockp = &bankp->blocks[block]; ++ ++ if (blockp) ++ return blockp->address; ++ } ++ } ++ + if (mce_flags.smca) { + if (smca_get_bank_type(bank) == SMCA_RESERVED) + return addr; diff --git a/queue-4.16/x86-mce-amd-pass-the-bank-number-to-smca_get_bank_type.patch b/queue-4.16/x86-mce-amd-pass-the-bank-number-to-smca_get_bank_type.patch new file mode 100644 index 00000000000..3f8c20c518b --- /dev/null +++ b/queue-4.16/x86-mce-amd-pass-the-bank-number-to-smca_get_bank_type.patch @@ -0,0 +1,88 @@ +From e5d6a126d4c473499f354254a15ca0c2d8c84ca3 Mon Sep 17 00:00:00 2001 +From: Yazen Ghannam +Date: Wed, 21 Feb 2018 11:18:57 +0100 +Subject: x86/mce/AMD: Pass the bank number to smca_get_bank_type() + +From: Yazen Ghannam + +commit e5d6a126d4c473499f354254a15ca0c2d8c84ca3 upstream. + +Pass the bank number to smca_get_bank_type() since that's all we need. + +Also, we should compare the bank number to MAX_NR_BANKS (size of the +smca_banks array) not the number of bank types. Bank types are reused +for multiple banks, so the number of types can be different from the +number of banks in a system and thus we could return an invalid bank +type. + +Signed-off-by: Yazen Ghannam +Signed-off-by: Borislav Petkov +Cc: # 4.14.x +Cc: # 4.14.x: 11cf887728a3 x86/MCE/AMD: Define a function to get SMCA bank type +Cc: # 4.14.x: c6708d50f166 x86/MCE: Report only DRAM ECC as memory errors on AMD systems +Cc: Borislav Petkov +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Tony Luck +Cc: linux-edac +Link: http://lkml.kernel.org/r/20180221101900.10326-6-bp@alien8.de +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/mcheck/mce_amd.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c ++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c +@@ -110,14 +110,14 @@ const char *smca_get_long_name(enum smca + } + EXPORT_SYMBOL_GPL(smca_get_long_name); + +-static enum smca_bank_types smca_get_bank_type(struct mce *m) ++static enum smca_bank_types smca_get_bank_type(unsigned int bank) + { + struct smca_bank *b; + +- if (m->bank >= N_SMCA_BANK_TYPES) ++ if (bank >= MAX_NR_BANKS) + return N_SMCA_BANK_TYPES; + +- b = &smca_banks[m->bank]; ++ b = &smca_banks[bank]; + if (!b->hwid) + return N_SMCA_BANK_TYPES; + +@@ -760,7 +760,7 @@ bool amd_mce_is_memory_error(struct mce + u8 xec = (m->status >> 16) & 0x1f; + + if (mce_flags.smca) +- return smca_get_bank_type(m) == SMCA_UMC && xec == 0x0; ++ return smca_get_bank_type(m->bank) == SMCA_UMC && xec == 0x0; + + return m->bank == 4 && xec == 0x8; + } +@@ -1063,7 +1063,7 @@ static struct kobj_type threshold_ktype + + static const char *get_name(unsigned int bank, struct threshold_block *b) + { +- unsigned int bank_type; ++ enum smca_bank_types bank_type; + + if (!mce_flags.smca) { + if (b && bank == 4) +@@ -1072,11 +1072,10 @@ static const char *get_name(unsigned int + return th_names[bank]; + } + +- if (!smca_banks[bank].hwid) ++ bank_type = smca_get_bank_type(bank); ++ if (bank_type >= N_SMCA_BANK_TYPES) + return NULL; + +- bank_type = smca_banks[bank].hwid->bank_type; +- + if (b && bank_type == SMCA_UMC) { + if (b->block < ARRAY_SIZE(smca_umc_block_names)) + return smca_umc_block_names[b->block];