From: Greg Kroah-Hartman Date: Sun, 12 Dec 2021 13:26:53 +0000 (+0100) Subject: 5.15-stable patches X-Git-Tag: v4.4.295~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5dcf89994ec14837e55baa9be97cdd52981d4608;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: clk-qcom-regmap-mux-fix-parent-clock-lookup.patch drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch hwmon-pwm-fan-ensure-the-fan-going-on-in-.probe.patch io_uring-ensure-task_work-gets-run-as-part-of-cancelations.patch libata-add-horkage-for-asmedia-1092.patch md-fix-update-super-1.0-on-rdev-size-change.patch mmc-renesas_sdhi-initialize-variable-properly-when-tuning.patch nfsd-fix-nsfd-startup-race-again.patch nfsd-fix-use-after-free-due-to-delegation-race.patch perf-intel-pt-fix-error-timestamp-setting-on-the-decoder-error-path.patch perf-intel-pt-fix-intel_pt_fup_event-assumptions-about-setting-state-type.patch perf-intel-pt-fix-missing-instruction-events-with-q-option.patch perf-intel-pt-fix-next-err-value-walking-trace.patch perf-intel-pt-fix-some-pge-packet-generation-enable-control-flow-packets-usage.patch perf-intel-pt-fix-state-setting-when-receiving-overflow-ovf-packet.patch perf-intel-pt-fix-sync-state-when-a-psb-synchronization-packet-is-found.patch selftests-kvm-avoid-failures-due-to-reserved-hypertransport-region.patch thermal-int340x-fix-vcoreflow-mmio-bit-offset-for-tgl.patch tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch --- diff --git a/queue-5.15/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch b/queue-5.15/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch new file mode 100644 index 00000000000..78c05dbb5e2 --- /dev/null +++ b/queue-5.15/clk-qcom-regmap-mux-fix-parent-clock-lookup.patch @@ -0,0 +1,70 @@ +From 9a61f813fcc8d56d85fcf9ca6119cf2b5ac91dd5 Mon Sep 17 00:00:00 2001 +From: Dmitry Baryshkov +Date: Tue, 16 Nov 2021 02:34:07 +0300 +Subject: clk: qcom: regmap-mux: fix parent clock lookup + +From: Dmitry Baryshkov + +commit 9a61f813fcc8d56d85fcf9ca6119cf2b5ac91dd5 upstream. + +The function mux_get_parent() uses qcom_find_src_index() to find the +parent clock index, which is incorrect: qcom_find_src_index() uses src +enum for the lookup, while mux_get_parent() should use cfg field (which +corresponds to the register value). Add qcom_find_cfg_index() function +doing this kind of lookup and use it for mux parent lookup. + +Fixes: df964016490b ("clk: qcom: add parent map for regmap mux") +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20211115233407.1046179-1-dmitry.baryshkov@linaro.org +Signed-off-by: Stephen Boyd +Signed-off-by: Greg Kroah-Hartman +--- + drivers/clk/qcom/clk-regmap-mux.c | 2 +- + drivers/clk/qcom/common.c | 12 ++++++++++++ + drivers/clk/qcom/common.h | 2 ++ + 3 files changed, 15 insertions(+), 1 deletion(-) + +--- a/drivers/clk/qcom/clk-regmap-mux.c ++++ b/drivers/clk/qcom/clk-regmap-mux.c +@@ -28,7 +28,7 @@ static u8 mux_get_parent(struct clk_hw * + val &= mask; + + if (mux->parent_map) +- return qcom_find_src_index(hw, mux->parent_map, val); ++ return qcom_find_cfg_index(hw, mux->parent_map, val); + + return val; + } +--- a/drivers/clk/qcom/common.c ++++ b/drivers/clk/qcom/common.c +@@ -69,6 +69,18 @@ int qcom_find_src_index(struct clk_hw *h + } + EXPORT_SYMBOL_GPL(qcom_find_src_index); + ++int qcom_find_cfg_index(struct clk_hw *hw, const struct parent_map *map, u8 cfg) ++{ ++ int i, num_parents = clk_hw_get_num_parents(hw); ++ ++ for (i = 0; i < num_parents; i++) ++ if (cfg == map[i].cfg) ++ return i; ++ ++ return -ENOENT; ++} ++EXPORT_SYMBOL_GPL(qcom_find_cfg_index); ++ + struct regmap * + qcom_cc_map(struct platform_device *pdev, const struct qcom_cc_desc *desc) + { +--- a/drivers/clk/qcom/common.h ++++ b/drivers/clk/qcom/common.h +@@ -49,6 +49,8 @@ extern void + qcom_pll_set_fsm_mode(struct regmap *m, u32 reg, u8 bias_count, u8 lock_count); + extern int qcom_find_src_index(struct clk_hw *hw, const struct parent_map *map, + u8 src); ++extern int qcom_find_cfg_index(struct clk_hw *hw, const struct parent_map *map, ++ u8 cfg); + + extern int qcom_cc_register_board_clk(struct device *dev, const char *path, + const char *name, unsigned long rate); diff --git a/queue-5.15/drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch b/queue-5.15/drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch new file mode 100644 index 00000000000..7b0bcfa7608 --- /dev/null +++ b/queue-5.15/drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch @@ -0,0 +1,59 @@ +From b19926d4f3a660a8b76e5d989ffd1168e619a5c4 Mon Sep 17 00:00:00 2001 +From: Bas Nieuwenhuizen +Date: Wed, 8 Dec 2021 03:39:35 +0100 +Subject: drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Bas Nieuwenhuizen + +commit b19926d4f3a660a8b76e5d989ffd1168e619a5c4 upstream. + +dma_fence_chain_find_seqno only ever returns the top fence in the +chain or an unsignalled fence. Hence if we request a seqno that +is already signalled it returns a NULL fence. Some callers are +not prepared to handle this, like the syncobj transfer functions +for example. + +This behavior is "new" with timeline syncobj and it looks like +not all callers were updated. To fix this behavior make sure +that a successful drm_sync_find_fence always returns a non-NULL +fence. + +v2: Move the fix to drm_syncobj_find_fence from the transfer + functions. + +Fixes: ea569910cbab ("drm/syncobj: add transition iotcls between binary and timeline v2") +Cc: stable@vger.kernel.org +Signed-off-by: Bas Nieuwenhuizen +Reviewed-by: Christian König +Acked-by: Lionel Landwerlin +Signed-off-by: Christian König +Link: https://patchwork.freedesktop.org/patch/msgid/20211208023935.17018-1-bas@basnieuwenhuizen.nl +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/drm_syncobj.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/drm_syncobj.c ++++ b/drivers/gpu/drm/drm_syncobj.c +@@ -404,8 +404,17 @@ int drm_syncobj_find_fence(struct drm_fi + + if (*fence) { + ret = dma_fence_chain_find_seqno(fence, point); +- if (!ret) ++ if (!ret) { ++ /* If the requested seqno is already signaled ++ * drm_syncobj_find_fence may return a NULL ++ * fence. To make sure the recipient gets ++ * signalled, use a new fence instead. ++ */ ++ if (!*fence) ++ *fence = dma_fence_get_stub(); ++ + goto out; ++ } + dma_fence_put(*fence); + } else { + ret = -EINVAL; diff --git a/queue-5.15/hwmon-pwm-fan-ensure-the-fan-going-on-in-.probe.patch b/queue-5.15/hwmon-pwm-fan-ensure-the-fan-going-on-in-.probe.patch new file mode 100644 index 00000000000..8815b686c98 --- /dev/null +++ b/queue-5.15/hwmon-pwm-fan-ensure-the-fan-going-on-in-.probe.patch @@ -0,0 +1,48 @@ +From a2ca752055edd39be38b887e264d3de7ca2bc1bb Mon Sep 17 00:00:00 2001 +From: Billy Tsai +Date: Tue, 30 Nov 2021 17:22:12 +0800 +Subject: hwmon: (pwm-fan) Ensure the fan going on in .probe() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Billy Tsai + +commit a2ca752055edd39be38b887e264d3de7ca2bc1bb upstream. + +Before commit 86585c61972f ("hwmon: (pwm-fan) stop using legacy +PWM functions and some cleanups") pwm_apply_state() was called +unconditionally in pwm_fan_probe(). In this commit this direct +call was replaced by a call to __set_pwm(ct, MAX_PWM) which +however is a noop if ctx->pwm_value already matches the value to +set. +After probe the fan is supposed to run at full speed, and the +internal driver state suggests it does, but this isn't asserted +and depending on bootloader and pwm low-level driver, the fan +might just be off. +So drop setting pwm_value to MAX_PWM to ensure the check in +__set_pwm doesn't make it exit early and the fan goes on as +intended. + +Cc: stable@vger.kernel.org +Fixes: 86585c61972f ("hwmon: (pwm-fan) stop using legacy PWM functions and some cleanups") +Signed-off-by: Billy Tsai +Reviewed-by: Uwe Kleine-König +Link: https://lore.kernel.org/r/20211130092212.17783-1-billy_tsai@aspeedtech.com +Signed-off-by: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hwmon/pwm-fan.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/hwmon/pwm-fan.c ++++ b/drivers/hwmon/pwm-fan.c +@@ -336,8 +336,6 @@ static int pwm_fan_probe(struct platform + return ret; + } + +- ctx->pwm_value = MAX_PWM; +- + pwm_init_state(ctx->pwm, &ctx->pwm_state); + + /* diff --git a/queue-5.15/io_uring-ensure-task_work-gets-run-as-part-of-cancelations.patch b/queue-5.15/io_uring-ensure-task_work-gets-run-as-part-of-cancelations.patch new file mode 100644 index 00000000000..b9579f0732b --- /dev/null +++ b/queue-5.15/io_uring-ensure-task_work-gets-run-as-part-of-cancelations.patch @@ -0,0 +1,48 @@ +From 78a780602075d8b00c98070fa26e389b3b3efa72 Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Thu, 9 Dec 2021 08:54:29 -0700 +Subject: io_uring: ensure task_work gets run as part of cancelations + +From: Jens Axboe + +commit 78a780602075d8b00c98070fa26e389b3b3efa72 upstream. + +If we successfully cancel a work item but that work item needs to be +processed through task_work, then we can be sleeping uninterruptibly +in io_uring_cancel_generic() and never process it. Hence we don't +make forward progress and we end up with an uninterruptible sleep +warning. + +While in there, correct a comment that should be IFF, not IIF. + +Reported-and-tested-by: syzbot+21e6887c0be14181206d@syzkaller.appspotmail.com +Cc: stable@vger.kernel.org +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + fs/io_uring.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -9775,7 +9775,7 @@ static void io_uring_drop_tctx_refs(stru + + /* + * Find any io_uring ctx that this task has registered or done IO on, and cancel +- * requests. @sqd should be not-null IIF it's an SQPOLL thread cancellation. ++ * requests. @sqd should be not-null IFF it's an SQPOLL thread cancellation. + */ + static void io_uring_cancel_generic(bool cancel_all, struct io_sq_data *sqd) + { +@@ -9816,8 +9816,10 @@ static void io_uring_cancel_generic(bool + cancel_all); + } + +- prepare_to_wait(&tctx->wait, &wait, TASK_UNINTERRUPTIBLE); ++ prepare_to_wait(&tctx->wait, &wait, TASK_INTERRUPTIBLE); ++ io_run_task_work(); + io_uring_drop_tctx_refs(current); ++ + /* + * If we've seen completions, retry without waiting. This + * avoids a race where a completion comes in before we did diff --git a/queue-5.15/libata-add-horkage-for-asmedia-1092.patch b/queue-5.15/libata-add-horkage-for-asmedia-1092.patch new file mode 100644 index 00000000000..95dd833b704 --- /dev/null +++ b/queue-5.15/libata-add-horkage-for-asmedia-1092.patch @@ -0,0 +1,33 @@ +From a66307d473077b7aeba74e9b09c841ab3d399c2d Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Wed, 8 Dec 2021 07:58:53 +0100 +Subject: libata: add horkage for ASMedia 1092 + +From: Hannes Reinecke + +commit a66307d473077b7aeba74e9b09c841ab3d399c2d upstream. + +The ASMedia 1092 has a configuration mode which will present a +dummy device; sadly the implementation falsely claims to provide +a device with 100M which doesn't actually exist. +So disable this device to avoid errors during boot. + +Cc: stable@vger.kernel.org +Signed-off-by: Hannes Reinecke +Signed-off-by: Damien Le Moal +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ata/libata-core.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -3856,6 +3856,8 @@ static const struct ata_blacklist_entry + { "VRFDFC22048UCHC-TE*", NULL, ATA_HORKAGE_NODMA }, + /* Odd clown on sil3726/4726 PMPs */ + { "Config Disk", NULL, ATA_HORKAGE_DISABLE }, ++ /* Similar story with ASMedia 1092 */ ++ { "ASMT109x- Config", NULL, ATA_HORKAGE_DISABLE }, + + /* Weird ATAPI devices */ + { "TORiSAN DVD-ROM DRD-N216", NULL, ATA_HORKAGE_MAX_SEC_128 }, diff --git a/queue-5.15/md-fix-update-super-1.0-on-rdev-size-change.patch b/queue-5.15/md-fix-update-super-1.0-on-rdev-size-change.patch new file mode 100644 index 00000000000..ff66c2b05af --- /dev/null +++ b/queue-5.15/md-fix-update-super-1.0-on-rdev-size-change.patch @@ -0,0 +1,35 @@ +From 55df1ce0d4e086e05a8ab20619c73c729350f965 Mon Sep 17 00:00:00 2001 +From: Markus Hochholdinger +Date: Tue, 16 Nov 2021 10:21:35 +0000 +Subject: md: fix update super 1.0 on rdev size change + +From: Markus Hochholdinger + +commit 55df1ce0d4e086e05a8ab20619c73c729350f965 upstream. + +The superblock of version 1.0 doesn't get moved to the new position on a +device size change. This leads to a rdev without a superblock on a known +position, the raid can't be re-assembled. + +The line was removed by mistake and is re-added by this patch. + +Fixes: d9c0fa509eaf ("md: fix max sectors calculation for super 1.0") +Cc: stable@vger.kernel.org +Signed-off-by: Markus Hochholdinger +Reviewed-by: Xiao Ni +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/md.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -2193,6 +2193,7 @@ super_1_rdev_size_change(struct md_rdev + + if (!num_sectors || num_sectors > max_sectors) + num_sectors = max_sectors; ++ rdev->sb_start = sb_start; + } + sb = page_address(rdev->sb_page); + sb->data_size = cpu_to_le64(num_sectors); diff --git a/queue-5.15/mmc-renesas_sdhi-initialize-variable-properly-when-tuning.patch b/queue-5.15/mmc-renesas_sdhi-initialize-variable-properly-when-tuning.patch new file mode 100644 index 00000000000..b30fc6d870a --- /dev/null +++ b/queue-5.15/mmc-renesas_sdhi-initialize-variable-properly-when-tuning.patch @@ -0,0 +1,34 @@ +From 7dba402807a85fa3723f4a27504813caf81cc9d7 Mon Sep 17 00:00:00 2001 +From: Wolfram Sang +Date: Tue, 30 Nov 2021 14:23:09 +0100 +Subject: mmc: renesas_sdhi: initialize variable properly when tuning + +From: Wolfram Sang + +commit 7dba402807a85fa3723f4a27504813caf81cc9d7 upstream. + +'cmd_error' is not necessarily initialized on some error paths in +mmc_send_tuning(). Initialize it. + +Fixes: 2c9017d0b5d3 ("mmc: renesas_sdhi: abort tuning when timeout detected") +Reported-by: Dan Carpenter +Signed-off-by: Wolfram Sang +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20211130132309.18246-1-wsa+renesas@sang-engineering.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/renesas_sdhi_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mmc/host/renesas_sdhi_core.c ++++ b/drivers/mmc/host/renesas_sdhi_core.c +@@ -673,7 +673,7 @@ static int renesas_sdhi_execute_tuning(s + + /* Issue CMD19 twice for each tap */ + for (i = 0; i < 2 * priv->tap_num; i++) { +- int cmd_error; ++ int cmd_error = 0; + + /* Set sampling clock position */ + sd_scc_write32(host, priv, SH_MOBILE_SDHI_SCC_TAPSET, i % priv->tap_num); diff --git a/queue-5.15/nfsd-fix-nsfd-startup-race-again.patch b/queue-5.15/nfsd-fix-nsfd-startup-race-again.patch new file mode 100644 index 00000000000..06cf24bf688 --- /dev/null +++ b/queue-5.15/nfsd-fix-nsfd-startup-race-again.patch @@ -0,0 +1,109 @@ +From b10252c7ae9c9d7c90552f88b544a44ee773af64 Mon Sep 17 00:00:00 2001 +From: Alexander Sverdlin +Date: Tue, 7 Dec 2021 15:00:39 +0100 +Subject: nfsd: Fix nsfd startup race (again) + +From: Alexander Sverdlin + +commit b10252c7ae9c9d7c90552f88b544a44ee773af64 upstream. + +Commit bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") +has re-opened rpc_pipefs_event() race against nfsd_net_id registration +(register_pernet_subsys()) which has been fixed by commit bb7ffbf29e76 +("nfsd: fix nsfd startup race triggering BUG_ON"). + +Restore the order of register_pernet_subsys() vs register_cld_notifier(). +Add WARN_ON() to prevent a future regression. + +Crash info: +Unable to handle kernel NULL pointer dereference at virtual address 0000000000000012 +CPU: 8 PID: 345 Comm: mount Not tainted 5.4.144-... #1 +pc : rpc_pipefs_event+0x54/0x120 [nfsd] +lr : rpc_pipefs_event+0x48/0x120 [nfsd] +Call trace: + rpc_pipefs_event+0x54/0x120 [nfsd] + blocking_notifier_call_chain + rpc_fill_super + get_tree_keyed + rpc_fs_get_tree + vfs_get_tree + do_mount + ksys_mount + __arm64_sys_mount + el0_svc_handler + el0_svc + +Fixes: bd5ae9288d64 ("nfsd: register pernet ops last, unregister first") +Cc: stable@vger.kernel.org +Signed-off-by: Alexander Sverdlin +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4recover.c | 1 + + fs/nfsd/nfsctl.c | 14 +++++++------- + 2 files changed, 8 insertions(+), 7 deletions(-) + +--- a/fs/nfsd/nfs4recover.c ++++ b/fs/nfsd/nfs4recover.c +@@ -2156,6 +2156,7 @@ static struct notifier_block nfsd4_cld_b + int + register_cld_notifier(void) + { ++ WARN_ON(!nfsd_net_id); + return rpc_pipefs_notifier_register(&nfsd4_cld_block); + } + +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1521,12 +1521,9 @@ static int __init init_nfsd(void) + int retval; + printk(KERN_INFO "Installing knfsd (copyright (C) 1996 okir@monad.swb.de).\n"); + +- retval = register_cld_notifier(); +- if (retval) +- return retval; + retval = nfsd4_init_slabs(); + if (retval) +- goto out_unregister_notifier; ++ return retval; + retval = nfsd4_init_pnfs(); + if (retval) + goto out_free_slabs; +@@ -1545,9 +1542,14 @@ static int __init init_nfsd(void) + goto out_free_exports; + retval = register_pernet_subsys(&nfsd_net_ops); + if (retval < 0) ++ goto out_free_filesystem; ++ retval = register_cld_notifier(); ++ if (retval) + goto out_free_all; + return 0; + out_free_all: ++ unregister_pernet_subsys(&nfsd_net_ops); ++out_free_filesystem: + unregister_filesystem(&nfsd_fs_type); + out_free_exports: + remove_proc_entry("fs/nfs/exports", NULL); +@@ -1561,13 +1563,12 @@ out_free_pnfs: + nfsd4_exit_pnfs(); + out_free_slabs: + nfsd4_free_slabs(); +-out_unregister_notifier: +- unregister_cld_notifier(); + return retval; + } + + static void __exit exit_nfsd(void) + { ++ unregister_cld_notifier(); + unregister_pernet_subsys(&nfsd_net_ops); + nfsd_drc_slab_free(); + remove_proc_entry("fs/nfs/exports", NULL); +@@ -1577,7 +1578,6 @@ static void __exit exit_nfsd(void) + nfsd4_free_slabs(); + nfsd4_exit_pnfs(); + unregister_filesystem(&nfsd_fs_type); +- unregister_cld_notifier(); + } + + MODULE_AUTHOR("Olaf Kirch "); diff --git a/queue-5.15/nfsd-fix-use-after-free-due-to-delegation-race.patch b/queue-5.15/nfsd-fix-use-after-free-due-to-delegation-race.patch new file mode 100644 index 00000000000..40b6b5ee40e --- /dev/null +++ b/queue-5.15/nfsd-fix-use-after-free-due-to-delegation-race.patch @@ -0,0 +1,63 @@ +From 548ec0805c399c65ed66c6641be467f717833ab5 Mon Sep 17 00:00:00 2001 +From: "J. Bruce Fields" +Date: Mon, 29 Nov 2021 15:08:00 -0500 +Subject: nfsd: fix use-after-free due to delegation race + +From: J. Bruce Fields + +commit 548ec0805c399c65ed66c6641be467f717833ab5 upstream. + +A delegation break could arrive as soon as we've called vfs_setlease. A +delegation break runs a callback which immediately (in +nfsd4_cb_recall_prepare) adds the delegation to del_recall_lru. If we +then exit nfs4_set_delegation without hashing the delegation, it will be +freed as soon as the callback is done with it, without ever being +removed from del_recall_lru. + +Symptoms show up later as use-after-free or list corruption warnings, +usually in the laundromat thread. + +I suspect aba2072f4523 "nfsd: grant read delegations to clients holding +writes" made this bug easier to hit, but I looked as far back as v3.0 +and it looks to me it already had the same problem. So I'm not sure +where the bug was introduced; it may have been there from the beginning. + +Cc: stable@vger.kernel.org +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4state.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -1207,6 +1207,11 @@ hash_delegation_locked(struct nfs4_deleg + return 0; + } + ++static bool delegation_hashed(struct nfs4_delegation *dp) ++{ ++ return !(list_empty(&dp->dl_perfile)); ++} ++ + static bool + unhash_delegation_locked(struct nfs4_delegation *dp) + { +@@ -1214,7 +1219,7 @@ unhash_delegation_locked(struct nfs4_del + + lockdep_assert_held(&state_lock); + +- if (list_empty(&dp->dl_perfile)) ++ if (!delegation_hashed(dp)) + return false; + + dp->dl_stid.sc_type = NFS4_CLOSED_DELEG_STID; +@@ -4598,7 +4603,7 @@ static void nfsd4_cb_recall_prepare(stru + * queued for a lease break. Don't queue it again. + */ + spin_lock(&state_lock); +- if (dp->dl_time == 0) { ++ if (delegation_hashed(dp) && dp->dl_time == 0) { + dp->dl_time = ktime_get_boottime_seconds(); + list_add_tail(&dp->dl_recall_lru, &nn->del_recall_lru); + } diff --git a/queue-5.15/perf-intel-pt-fix-error-timestamp-setting-on-the-decoder-error-path.patch b/queue-5.15/perf-intel-pt-fix-error-timestamp-setting-on-the-decoder-error-path.patch new file mode 100644 index 00000000000..60c38ef2412 --- /dev/null +++ b/queue-5.15/perf-intel-pt-fix-error-timestamp-setting-on-the-decoder-error-path.patch @@ -0,0 +1,33 @@ +From 6665b8e4836caa8023cbc7e53733acd234969c8c Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 10 Dec 2021 18:23:03 +0200 +Subject: perf intel-pt: Fix error timestamp setting on the decoder error path + +From: Adrian Hunter + +commit 6665b8e4836caa8023cbc7e53733acd234969c8c upstream. + +An error timestamp shows the last known timestamp for the queue, but this +is not updated on the error path. Fix by setting it. + +Fixes: f4aa081949e7b6 ("perf tools: Add Intel PT decoder") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org # v5.15+ +Link: https://lore.kernel.org/r/20211210162303.2288710-8-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/perf/util/intel-pt.c ++++ b/tools/perf/util/intel-pt.c +@@ -2510,6 +2510,7 @@ static int intel_pt_run_decoder(struct i + ptq->sync_switch = false; + intel_pt_next_tid(pt, ptq); + } ++ ptq->timestamp = state->est_timestamp; + if (pt->synth_opts.errors) { + err = intel_ptq_synth_error(ptq, state); + if (err) diff --git a/queue-5.15/perf-intel-pt-fix-intel_pt_fup_event-assumptions-about-setting-state-type.patch b/queue-5.15/perf-intel-pt-fix-intel_pt_fup_event-assumptions-about-setting-state-type.patch new file mode 100644 index 00000000000..ea6a5ac8ee6 --- /dev/null +++ b/queue-5.15/perf-intel-pt-fix-intel_pt_fup_event-assumptions-about-setting-state-type.patch @@ -0,0 +1,104 @@ +From 4c761d805bb2d2ead1b9baaba75496152b394c80 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 10 Dec 2021 18:22:59 +0200 +Subject: perf intel-pt: Fix intel_pt_fup_event() assumptions about setting state type + +From: Adrian Hunter + +commit 4c761d805bb2d2ead1b9baaba75496152b394c80 upstream. + +intel_pt_fup_event() assumes it can overwrite the state type if there has +been an FUP event, but this is an unnecessary and unexpected constraint on +callers. + +Fix by touching only the state type flags that are affected by an FUP +event. + +Fixes: a472e65fc490a ("perf intel-pt: Add decoder support for ptwrite and power event packets") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org # v5.15+ +Link: https://lore.kernel.org/r/20211210162303.2288710-4-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 32 ++++++++------------ + 1 file changed, 13 insertions(+), 19 deletions(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -1204,61 +1204,55 @@ out_no_progress: + + static bool intel_pt_fup_event(struct intel_pt_decoder *decoder) + { ++ enum intel_pt_sample_type type = decoder->state.type; + bool ret = false; + ++ decoder->state.type &= ~INTEL_PT_BRANCH; ++ + if (decoder->set_fup_tx_flags) { + decoder->set_fup_tx_flags = false; + decoder->tx_flags = decoder->fup_tx_flags; +- decoder->state.type = INTEL_PT_TRANSACTION; ++ decoder->state.type |= INTEL_PT_TRANSACTION; + if (decoder->fup_tx_flags & INTEL_PT_ABORT_TX) + decoder->state.type |= INTEL_PT_BRANCH; +- decoder->state.from_ip = decoder->ip; +- decoder->state.to_ip = 0; + decoder->state.flags = decoder->fup_tx_flags; +- return true; ++ ret = true; + } + if (decoder->set_fup_ptw) { + decoder->set_fup_ptw = false; +- decoder->state.type = INTEL_PT_PTW; ++ decoder->state.type |= INTEL_PT_PTW; + decoder->state.flags |= INTEL_PT_FUP_IP; +- decoder->state.from_ip = decoder->ip; +- decoder->state.to_ip = 0; + decoder->state.ptw_payload = decoder->fup_ptw_payload; +- return true; ++ ret = true; + } + if (decoder->set_fup_mwait) { + decoder->set_fup_mwait = false; +- decoder->state.type = INTEL_PT_MWAIT_OP; +- decoder->state.from_ip = decoder->ip; +- decoder->state.to_ip = 0; ++ decoder->state.type |= INTEL_PT_MWAIT_OP; + decoder->state.mwait_payload = decoder->fup_mwait_payload; + ret = true; + } + if (decoder->set_fup_pwre) { + decoder->set_fup_pwre = false; + decoder->state.type |= INTEL_PT_PWR_ENTRY; +- decoder->state.type &= ~INTEL_PT_BRANCH; +- decoder->state.from_ip = decoder->ip; +- decoder->state.to_ip = 0; + decoder->state.pwre_payload = decoder->fup_pwre_payload; + ret = true; + } + if (decoder->set_fup_exstop) { + decoder->set_fup_exstop = false; + decoder->state.type |= INTEL_PT_EX_STOP; +- decoder->state.type &= ~INTEL_PT_BRANCH; + decoder->state.flags |= INTEL_PT_FUP_IP; +- decoder->state.from_ip = decoder->ip; +- decoder->state.to_ip = 0; + ret = true; + } + if (decoder->set_fup_bep) { + decoder->set_fup_bep = false; + decoder->state.type |= INTEL_PT_BLK_ITEMS; +- decoder->state.type &= ~INTEL_PT_BRANCH; ++ ret = true; ++ } ++ if (ret) { + decoder->state.from_ip = decoder->ip; + decoder->state.to_ip = 0; +- ret = true; ++ } else { ++ decoder->state.type = type; + } + return ret; + } diff --git a/queue-5.15/perf-intel-pt-fix-missing-instruction-events-with-q-option.patch b/queue-5.15/perf-intel-pt-fix-missing-instruction-events-with-q-option.patch new file mode 100644 index 00000000000..c795becfdc0 --- /dev/null +++ b/queue-5.15/perf-intel-pt-fix-missing-instruction-events-with-q-option.patch @@ -0,0 +1,61 @@ +From a882cc94971093e146ffa1163b140ad956236754 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 10 Dec 2021 18:23:02 +0200 +Subject: perf intel-pt: Fix missing 'instruction' events with 'q' option + +From: Adrian Hunter + +commit a882cc94971093e146ffa1163b140ad956236754 upstream. + +FUP packets contain IP information, which makes them also an 'instruction' +event in 'hop' mode i.e. the itrace 'q' option. That wasn't happening, so +restructure the logic so that FUP events are added along with appropriate +'instruction' and 'branch' events. + +Fixes: 7c1b16ba0e26e6 ("perf intel-pt: Add support for decoding FUP/TIP only") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org # v5.15+ +Link: https://lore.kernel.org/r/20211210162303.2288710-7-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -2682,6 +2682,8 @@ static int intel_pt_scan_for_psb(struct + /* Hop mode: Ignore TNT, do not walk code, but get ip from FUPs and TIPs */ + static int intel_pt_hop_trace(struct intel_pt_decoder *decoder, bool *no_tip, int *err) + { ++ *err = 0; ++ + /* Leap from PSB to PSB, getting ip from FUP within PSB+ */ + if (decoder->leap && !decoder->in_psb && decoder->packet.type != INTEL_PT_PSB) { + *err = intel_pt_scan_for_psb(decoder); +@@ -2722,18 +2724,21 @@ static int intel_pt_hop_trace(struct int + if (!decoder->packet.count) + return HOP_IGNORE; + intel_pt_set_ip(decoder); +- if (intel_pt_fup_event(decoder)) +- return HOP_RETURN; ++ if (decoder->set_fup_mwait || decoder->set_fup_pwre) ++ *no_tip = true; + if (!decoder->branch_enable || !decoder->pge) + *no_tip = true; + if (*no_tip) { + decoder->state.type = INTEL_PT_INSTRUCTION; + decoder->state.from_ip = decoder->ip; + decoder->state.to_ip = 0; ++ intel_pt_fup_event(decoder); + return HOP_RETURN; + } ++ intel_pt_fup_event(decoder); ++ decoder->state.type |= INTEL_PT_INSTRUCTION | INTEL_PT_BRANCH; + *err = intel_pt_walk_fup_tip(decoder); +- if (!*err) ++ if (!*err && decoder->state.to_ip) + decoder->pkt_state = INTEL_PT_STATE_RESAMPLE; + return HOP_RETURN; + diff --git a/queue-5.15/perf-intel-pt-fix-next-err-value-walking-trace.patch b/queue-5.15/perf-intel-pt-fix-next-err-value-walking-trace.patch new file mode 100644 index 00000000000..206664cb53c --- /dev/null +++ b/queue-5.15/perf-intel-pt-fix-next-err-value-walking-trace.patch @@ -0,0 +1,33 @@ +From a32e6c5da599dbf49e60622a4dfb5b9b40ece029 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 10 Dec 2021 18:23:01 +0200 +Subject: perf intel-pt: Fix next 'err' value, walking trace + +From: Adrian Hunter + +commit a32e6c5da599dbf49e60622a4dfb5b9b40ece029 upstream. + +Code after label 'next:' in intel_pt_walk_trace() assumes 'err' is zero, +but it may not be, if arrived at via a 'goto'. Ensure it is zero. + +Fixes: 7c1b16ba0e26e6 ("perf intel-pt: Add support for decoding FUP/TIP only") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org # v5.15+ +Link: https://lore.kernel.org/r/20211210162303.2288710-6-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -2941,6 +2941,7 @@ static int intel_pt_walk_trace(struct in + if (err) + return err; + next: ++ err = 0; + if (decoder->cyc_threshold) { + if (decoder->sample_cyc && last_packet_type != INTEL_PT_CYC) + decoder->sample_cyc = false; diff --git a/queue-5.15/perf-intel-pt-fix-some-pge-packet-generation-enable-control-flow-packets-usage.patch b/queue-5.15/perf-intel-pt-fix-some-pge-packet-generation-enable-control-flow-packets-usage.patch new file mode 100644 index 00000000000..8ec061237d9 --- /dev/null +++ b/queue-5.15/perf-intel-pt-fix-some-pge-packet-generation-enable-control-flow-packets-usage.patch @@ -0,0 +1,65 @@ +From 057ae59f5a1d924511beb1b09f395bdb316cfd03 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 10 Dec 2021 18:22:57 +0200 +Subject: perf intel-pt: Fix some PGE (packet generation enable/control flow packets) usage + +From: Adrian Hunter + +commit 057ae59f5a1d924511beb1b09f395bdb316cfd03 upstream. + +Packet generation enable (PGE) refers to whether control flow (COFI) +packets are being produced. + +PGE may be false even when branch-tracing is enabled, due to being +out-of-context, or outside a filter address range. Fix some missing PGE +usage. + +Fixes: 7c1b16ba0e26e6 ("perf intel-pt: Add support for decoding FUP/TIP only") +Fixes: 839598176b0554 ("perf intel-pt: Allow decoding with branch tracing disabled") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org # v5.15+ +Link: https://lore.kernel.org/r/20211210162303.2288710-2-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -2677,6 +2677,7 @@ static int intel_pt_hop_trace(struct int + return HOP_IGNORE; + + case INTEL_PT_TIP_PGD: ++ decoder->pge = false; + if (!decoder->packet.count) { + intel_pt_set_nr(decoder); + return HOP_IGNORE; +@@ -2706,7 +2707,7 @@ static int intel_pt_hop_trace(struct int + intel_pt_set_ip(decoder); + if (intel_pt_fup_event(decoder)) + return HOP_RETURN; +- if (!decoder->branch_enable) ++ if (!decoder->branch_enable || !decoder->pge) + *no_tip = true; + if (*no_tip) { + decoder->state.type = INTEL_PT_INSTRUCTION; +@@ -2896,7 +2897,7 @@ static bool intel_pt_psb_with_fup(struct + { + struct intel_pt_psb_info data = { .fup = false }; + +- if (!decoder->branch_enable || !decoder->pge) ++ if (!decoder->branch_enable) + return false; + + intel_pt_pkt_lookahead(decoder, intel_pt_psb_lookahead_cb, &data); +@@ -2998,7 +2999,7 @@ next: + break; + } + intel_pt_set_last_ip(decoder); +- if (!decoder->branch_enable) { ++ if (!decoder->branch_enable || !decoder->pge) { + decoder->ip = decoder->last_ip; + if (intel_pt_fup_event(decoder)) + return 0; diff --git a/queue-5.15/perf-intel-pt-fix-state-setting-when-receiving-overflow-ovf-packet.patch b/queue-5.15/perf-intel-pt-fix-state-setting-when-receiving-overflow-ovf-packet.patch new file mode 100644 index 00000000000..324acc02ff0 --- /dev/null +++ b/queue-5.15/perf-intel-pt-fix-state-setting-when-receiving-overflow-ovf-packet.patch @@ -0,0 +1,106 @@ +From c79ee2b2160909889df67c8801352d3e69d43a1a Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 10 Dec 2021 18:23:00 +0200 +Subject: perf intel-pt: Fix state setting when receiving overflow (OVF) packet + +From: Adrian Hunter + +commit c79ee2b2160909889df67c8801352d3e69d43a1a upstream. + +An overflow (OVF packet) is treated as an error because it represents a +loss of trace data, but there is no loss of synchronization, so the packet +state should be INTEL_PT_STATE_IN_SYNC not INTEL_PT_STATE_ERR_RESYNC. + +To support that, some additional variables must be reset, and the FUP +packet that may follow OVF is treated as an FUP event. + +Fixes: f4aa081949e7b6 ("perf tools: Add Intel PT decoder") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org # v5.15+ +Link: https://lore.kernel.org/r/20211210162303.2288710-5-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 32 +++++++++++++++++--- + 1 file changed, 28 insertions(+), 4 deletions(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -1248,6 +1248,20 @@ static bool intel_pt_fup_event(struct in + decoder->state.type |= INTEL_PT_BLK_ITEMS; + ret = true; + } ++ if (decoder->overflow) { ++ decoder->overflow = false; ++ if (!ret && !decoder->pge) { ++ if (decoder->hop) { ++ decoder->state.type = 0; ++ decoder->pkt_state = INTEL_PT_STATE_RESAMPLE; ++ } ++ decoder->pge = true; ++ decoder->state.type |= INTEL_PT_BRANCH | INTEL_PT_TRACE_BEGIN; ++ decoder->state.from_ip = 0; ++ decoder->state.to_ip = decoder->ip; ++ return true; ++ } ++ } + if (ret) { + decoder->state.from_ip = decoder->ip; + decoder->state.to_ip = 0; +@@ -1601,7 +1615,16 @@ static int intel_pt_overflow(struct inte + intel_pt_clear_tx_flags(decoder); + intel_pt_set_nr(decoder); + decoder->timestamp_insn_cnt = 0; +- decoder->pkt_state = INTEL_PT_STATE_ERR_RESYNC; ++ decoder->pkt_state = INTEL_PT_STATE_IN_SYNC; ++ decoder->state.from_ip = decoder->ip; ++ decoder->ip = 0; ++ decoder->pge = false; ++ decoder->set_fup_tx_flags = false; ++ decoder->set_fup_ptw = false; ++ decoder->set_fup_mwait = false; ++ decoder->set_fup_pwre = false; ++ decoder->set_fup_exstop = false; ++ decoder->set_fup_bep = false; + decoder->overflow = true; + return -EOVERFLOW; + } +@@ -2956,6 +2979,7 @@ next: + + case INTEL_PT_TIP_PGE: { + decoder->pge = true; ++ decoder->overflow = false; + intel_pt_mtc_cyc_cnt_pge(decoder); + intel_pt_set_nr(decoder); + if (decoder->packet.count == 0) { +@@ -3461,10 +3485,10 @@ static int intel_pt_sync_ip(struct intel + decoder->set_fup_pwre = false; + decoder->set_fup_exstop = false; + decoder->set_fup_bep = false; ++ decoder->overflow = false; + + if (!decoder->branch_enable) { + decoder->pkt_state = INTEL_PT_STATE_IN_SYNC; +- decoder->overflow = false; + decoder->state.type = 0; /* Do not have a sample */ + return 0; + } +@@ -3479,7 +3503,6 @@ static int intel_pt_sync_ip(struct intel + decoder->pkt_state = INTEL_PT_STATE_RESAMPLE; + else + decoder->pkt_state = INTEL_PT_STATE_IN_SYNC; +- decoder->overflow = false; + + decoder->state.from_ip = 0; + decoder->state.to_ip = decoder->ip; +@@ -3698,7 +3721,8 @@ const struct intel_pt_state *intel_pt_de + + if (err) { + decoder->state.err = intel_pt_ext_err(err); +- decoder->state.from_ip = decoder->ip; ++ if (err != -EOVERFLOW) ++ decoder->state.from_ip = decoder->ip; + intel_pt_update_sample_time(decoder); + decoder->sample_tot_cyc_cnt = decoder->tot_cyc_cnt; + intel_pt_set_nr(decoder); diff --git a/queue-5.15/perf-intel-pt-fix-sync-state-when-a-psb-synchronization-packet-is-found.patch b/queue-5.15/perf-intel-pt-fix-sync-state-when-a-psb-synchronization-packet-is-found.patch new file mode 100644 index 00000000000..13b781f41bf --- /dev/null +++ b/queue-5.15/perf-intel-pt-fix-sync-state-when-a-psb-synchronization-packet-is-found.patch @@ -0,0 +1,37 @@ +From ad106a26aef3a95ac7ca88d033b431661ba346ce Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Fri, 10 Dec 2021 18:22:58 +0200 +Subject: perf intel-pt: Fix sync state when a PSB (synchronization) packet is found + +From: Adrian Hunter + +commit ad106a26aef3a95ac7ca88d033b431661ba346ce upstream. + +When syncing, it may be that branch packet generation is not enabled at +that point, in which case there will not immediately be a control-flow +packet, so some packets before a control flow packet turns up, get +ignored. However, the decoder is in sync as soon as a PSB is found, so +the state should be set accordingly. + +Fixes: f4aa081949e7b6 ("perf tools: Add Intel PT decoder") +Signed-off-by: Adrian Hunter +Cc: Jiri Olsa +Cc: stable@vger.kernel.org # v5.15+ +Link: https://lore.kernel.org/r/20211210162303.2288710-3-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/util/intel-pt-decoder/intel-pt-decoder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c ++++ b/tools/perf/util/intel-pt-decoder/intel-pt-decoder.c +@@ -3607,7 +3607,7 @@ static int intel_pt_sync(struct intel_pt + } + + decoder->have_last_ip = true; +- decoder->pkt_state = INTEL_PT_STATE_NO_IP; ++ decoder->pkt_state = INTEL_PT_STATE_IN_SYNC; + + err = intel_pt_walk_psb(decoder); + if (err) diff --git a/queue-5.15/selftests-kvm-avoid-failures-due-to-reserved-hypertransport-region.patch b/queue-5.15/selftests-kvm-avoid-failures-due-to-reserved-hypertransport-region.patch new file mode 100644 index 00000000000..af2350ce210 --- /dev/null +++ b/queue-5.15/selftests-kvm-avoid-failures-due-to-reserved-hypertransport-region.patch @@ -0,0 +1,141 @@ +From c8cc43c1eae2910ac96daa4216e0fb3391ad0504 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 5 Aug 2021 06:54:23 -0400 +Subject: selftests: KVM: avoid failures due to reserved HyperTransport region + +From: Paolo Bonzini + +commit c8cc43c1eae2910ac96daa4216e0fb3391ad0504 upstream. + +AMD proceessors define an address range that is reserved by HyperTransport +and causes a failure if used for guest physical addresses. Avoid +selftests failures by reserving those guest physical addresses; the +rules are: + +- On parts with <40 bits, its fully hidden from software. + +- Before Fam17h, it was always 12G just below 1T, even if there was more +RAM above this location. In this case we just not use any RAM above 1T. + +- On Fam17h and later, it is variable based on SME, and is either just +below 2^48 (no encryption) or 2^43 (encryption). + +Fixes: ef4c9f4f6546 ("KVM: selftests: Fix 32-bit truncation of vm_get_max_gfn()") +Cc: stable@vger.kernel.org +Cc: David Matlack +Reported-by: Maxim Levitsky +Signed-off-by: Paolo Bonzini +Message-Id: <20210805105423.412878-1-pbonzini@redhat.com> +Reviewed-by: Sean Christopherson +Tested-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/kvm/include/kvm_util.h | 9 ++ + tools/testing/selftests/kvm/lib/kvm_util.c | 2 + tools/testing/selftests/kvm/lib/x86_64/processor.c | 68 +++++++++++++++++++++ + 3 files changed, 78 insertions(+), 1 deletion(-) + +--- a/tools/testing/selftests/kvm/include/kvm_util.h ++++ b/tools/testing/selftests/kvm/include/kvm_util.h +@@ -69,6 +69,15 @@ enum vm_guest_mode { + + #endif + ++#if defined(__x86_64__) ++unsigned long vm_compute_max_gfn(struct kvm_vm *vm); ++#else ++static inline unsigned long vm_compute_max_gfn(struct kvm_vm *vm) ++{ ++ return ((1ULL << vm->pa_bits) >> vm->page_shift) - 1; ++} ++#endif ++ + #define MIN_PAGE_SIZE (1U << MIN_PAGE_SHIFT) + #define PTES_PER_MIN_PAGE ptes_per_page(MIN_PAGE_SIZE) + +--- a/tools/testing/selftests/kvm/lib/kvm_util.c ++++ b/tools/testing/selftests/kvm/lib/kvm_util.c +@@ -307,7 +307,7 @@ struct kvm_vm *vm_create(enum vm_guest_m + (1ULL << (vm->va_bits - 1)) >> vm->page_shift); + + /* Limit physical addresses to PA-bits. */ +- vm->max_gfn = ((1ULL << vm->pa_bits) >> vm->page_shift) - 1; ++ vm->max_gfn = vm_compute_max_gfn(vm); + + /* Allocate and setup memory for guest. */ + vm->vpages_mapped = sparsebit_alloc(); +--- a/tools/testing/selftests/kvm/lib/x86_64/processor.c ++++ b/tools/testing/selftests/kvm/lib/x86_64/processor.c +@@ -1433,3 +1433,71 @@ struct kvm_cpuid2 *vcpu_get_supported_hv + + return cpuid; + } ++ ++#define X86EMUL_CPUID_VENDOR_AuthenticAMD_ebx 0x68747541 ++#define X86EMUL_CPUID_VENDOR_AuthenticAMD_ecx 0x444d4163 ++#define X86EMUL_CPUID_VENDOR_AuthenticAMD_edx 0x69746e65 ++ ++static inline unsigned x86_family(unsigned int eax) ++{ ++ unsigned int x86; ++ ++ x86 = (eax >> 8) & 0xf; ++ ++ if (x86 == 0xf) ++ x86 += (eax >> 20) & 0xff; ++ ++ return x86; ++} ++ ++unsigned long vm_compute_max_gfn(struct kvm_vm *vm) ++{ ++ const unsigned long num_ht_pages = 12 << (30 - vm->page_shift); /* 12 GiB */ ++ unsigned long ht_gfn, max_gfn, max_pfn; ++ uint32_t eax, ebx, ecx, edx, max_ext_leaf; ++ ++ max_gfn = (1ULL << (vm->pa_bits - vm->page_shift)) - 1; ++ ++ /* Avoid reserved HyperTransport region on AMD processors. */ ++ eax = ecx = 0; ++ cpuid(&eax, &ebx, &ecx, &edx); ++ if (ebx != X86EMUL_CPUID_VENDOR_AuthenticAMD_ebx || ++ ecx != X86EMUL_CPUID_VENDOR_AuthenticAMD_ecx || ++ edx != X86EMUL_CPUID_VENDOR_AuthenticAMD_edx) ++ return max_gfn; ++ ++ /* On parts with <40 physical address bits, the area is fully hidden */ ++ if (vm->pa_bits < 40) ++ return max_gfn; ++ ++ /* Before family 17h, the HyperTransport area is just below 1T. */ ++ ht_gfn = (1 << 28) - num_ht_pages; ++ eax = 1; ++ cpuid(&eax, &ebx, &ecx, &edx); ++ if (x86_family(eax) < 0x17) ++ goto done; ++ ++ /* ++ * Otherwise it's at the top of the physical address space, possibly ++ * reduced due to SME by bits 11:6 of CPUID[0x8000001f].EBX. Use ++ * the old conservative value if MAXPHYADDR is not enumerated. ++ */ ++ eax = 0x80000000; ++ cpuid(&eax, &ebx, &ecx, &edx); ++ max_ext_leaf = eax; ++ if (max_ext_leaf < 0x80000008) ++ goto done; ++ ++ eax = 0x80000008; ++ cpuid(&eax, &ebx, &ecx, &edx); ++ max_pfn = (1ULL << ((eax & 0xff) - vm->page_shift)) - 1; ++ if (max_ext_leaf >= 0x8000001f) { ++ eax = 0x8000001f; ++ cpuid(&eax, &ebx, &ecx, &edx); ++ max_pfn >>= (ebx >> 6) & 0x3f; ++ } ++ ++ ht_gfn = max_pfn - num_ht_pages; ++done: ++ return min(max_gfn, ht_gfn - 1); ++} diff --git a/queue-5.15/series b/queue-5.15/series index 3c6b7b543ea..2de3ebd1f24 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -73,3 +73,22 @@ btrfs-clear-extent-buffer-uptodate-when-we-fail-to-write-it.patch btrfs-fix-re-dirty-process-of-tree-log-nodes.patch btrfs-replace-the-bug_on-in-btrfs_del_root_ref-with-proper-error-handling.patch btrfs-free-exchange-changeset-on-failures.patch +perf-intel-pt-fix-some-pge-packet-generation-enable-control-flow-packets-usage.patch +perf-intel-pt-fix-sync-state-when-a-psb-synchronization-packet-is-found.patch +perf-intel-pt-fix-intel_pt_fup_event-assumptions-about-setting-state-type.patch +perf-intel-pt-fix-state-setting-when-receiving-overflow-ovf-packet.patch +perf-intel-pt-fix-next-err-value-walking-trace.patch +perf-intel-pt-fix-missing-instruction-events-with-q-option.patch +perf-intel-pt-fix-error-timestamp-setting-on-the-decoder-error-path.patch +md-fix-update-super-1.0-on-rdev-size-change.patch +nfsd-fix-use-after-free-due-to-delegation-race.patch +nfsd-fix-nsfd-startup-race-again.patch +tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch +selftests-kvm-avoid-failures-due-to-reserved-hypertransport-region.patch +hwmon-pwm-fan-ensure-the-fan-going-on-in-.probe.patch +mmc-renesas_sdhi-initialize-variable-properly-when-tuning.patch +clk-qcom-regmap-mux-fix-parent-clock-lookup.patch +thermal-int340x-fix-vcoreflow-mmio-bit-offset-for-tgl.patch +drm-syncobj-deal-with-signalled-fences-in-drm_syncobj_find_fence.patch +libata-add-horkage-for-asmedia-1092.patch +io_uring-ensure-task_work-gets-run-as-part-of-cancelations.patch diff --git a/queue-5.15/thermal-int340x-fix-vcoreflow-mmio-bit-offset-for-tgl.patch b/queue-5.15/thermal-int340x-fix-vcoreflow-mmio-bit-offset-for-tgl.patch new file mode 100644 index 00000000000..67b2aa66b42 --- /dev/null +++ b/queue-5.15/thermal-int340x-fix-vcoreflow-mmio-bit-offset-for-tgl.patch @@ -0,0 +1,38 @@ +From f872f73601b92c86f3da8bdf3e19abd0f1780eb9 Mon Sep 17 00:00:00 2001 +From: Sumeet Pawnikar +Date: Tue, 7 Dec 2021 18:05:39 +0530 +Subject: thermal: int340x: Fix VCoRefLow MMIO bit offset for TGL + +From: Sumeet Pawnikar + +commit f872f73601b92c86f3da8bdf3e19abd0f1780eb9 upstream. + +The VCoRefLow CPU FIVR register definition for Tiger Lake is incorrect. + +Current implementation reads it from MMIO offset 0x5A18 and bit +offset [12:14], but the actual correct register definition is from +bit offset [11:13]. + +Update to fix the bit offset. + +Fixes: 473be51142ad ("thermal: int340x: processor_thermal: Add RFIM driver") +Signed-off-by: Sumeet Pawnikar +Cc: 5.14+ # 5.14+ +[ rjw: New subject, changelog edits ] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c ++++ b/drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c +@@ -29,7 +29,7 @@ static const char * const fivr_strings[] + }; + + static const struct mmio_reg tgl_fivr_mmio_regs[] = { +- { 0, 0x5A18, 3, 0x7, 12}, /* vco_ref_code_lo */ ++ { 0, 0x5A18, 3, 0x7, 11}, /* vco_ref_code_lo */ + { 0, 0x5A18, 8, 0xFF, 16}, /* vco_ref_code_hi */ + { 0, 0x5A08, 8, 0xFF, 0}, /* spread_spectrum_pct */ + { 0, 0x5A08, 1, 0x1, 8}, /* spread_spectrum_clk_enable */ diff --git a/queue-5.15/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch b/queue-5.15/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch new file mode 100644 index 00000000000..5a3eccc24c3 --- /dev/null +++ b/queue-5.15/tracefs-have-new-files-inherit-the-ownership-of-their-parent.patch @@ -0,0 +1,53 @@ +From ee7f3666995d8537dec17b1d35425f28877671a9 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Wed, 8 Dec 2021 07:57:20 -0500 +Subject: tracefs: Have new files inherit the ownership of their parent + +From: Steven Rostedt (VMware) + +commit ee7f3666995d8537dec17b1d35425f28877671a9 upstream. + +If directories in tracefs have their ownership changed, then any new files +and directories that are created under those directories should inherit +the ownership of the director they are created in. + +Link: https://lkml.kernel.org/r/20211208075720.4855d180@gandalf.local.home + +Cc: Kees Cook +Cc: Ingo Molnar +Cc: Andrew Morton +Cc: Linus Torvalds +Cc: Al Viro +Cc: Greg Kroah-Hartman +Cc: Yabin Cui +Cc: Christian Brauner +Cc: stable@vger.kernel.org +Fixes: 4282d60689d4f ("tracefs: Add new tracefs file system") +Reported-by: Kalesh Singh +Reported: https://lore.kernel.org/all/CAC_TJve8MMAv+H_NdLSJXZUSoxOEq2zB_pVaJ9p=7H6Bu3X76g@mail.gmail.com/ +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman +--- + fs/tracefs/inode.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/tracefs/inode.c ++++ b/fs/tracefs/inode.c +@@ -414,6 +414,8 @@ struct dentry *tracefs_create_file(const + inode->i_mode = mode; + inode->i_fop = fops ? fops : &tracefs_file_operations; + inode->i_private = data; ++ inode->i_uid = d_inode(dentry->d_parent)->i_uid; ++ inode->i_gid = d_inode(dentry->d_parent)->i_gid; + d_instantiate(dentry, inode); + fsnotify_create(dentry->d_parent->d_inode, dentry); + return end_creating(dentry); +@@ -436,6 +438,8 @@ static struct dentry *__create_dir(const + inode->i_mode = S_IFDIR | S_IRWXU | S_IRUSR| S_IRGRP | S_IXUSR | S_IXGRP; + inode->i_op = ops; + inode->i_fop = &simple_dir_operations; ++ inode->i_uid = d_inode(dentry->d_parent)->i_uid; ++ inode->i_gid = d_inode(dentry->d_parent)->i_gid; + + /* directory inodes start off with i_nlink == 2 (for "." entry) */ + inc_nlink(inode);