From: Sasha Levin Date: Mon, 13 Jan 2025 14:02:59 +0000 (-0500) Subject: Fixes for 5.4 X-Git-Tag: v6.1.125~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b33f97bb5b926c7294bbeb5500bcb52b513d39b0;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/arm64-dts-rockchip-add-hevc-power-domain-clock-to-rk.patch b/queue-5.4/arm64-dts-rockchip-add-hevc-power-domain-clock-to-rk.patch new file mode 100644 index 00000000000..febecaf8f1f --- /dev/null +++ b/queue-5.4/arm64-dts-rockchip-add-hevc-power-domain-clock-to-rk.patch @@ -0,0 +1,76 @@ +From 82f700ddcffa528a0d64543a2c569a5fb28ee172 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 14 Dec 2024 22:43:39 +0000 +Subject: arm64: dts: rockchip: add hevc power domain clock to rk3328 + +From: Peter Geis + +[ Upstream commit 3699f2c43ea9984e00d70463f8c29baaf260ea97 ] + +There is a race condition at startup between disabling power domains not +used and disabling clocks not used on the rk3328. When the clocks are +disabled first, the hevc power domain fails to shut off leading to a +splat of failures. Add the hevc core clock to the rk3328 power domain +node to prevent this condition. + +rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 3-.... } +1087 jiffies s: 89 root: 0x8/. +rcu: blocking rcu_node structures (internal RCU debug): +Sending NMI from CPU 0 to CPUs 3: +NMI backtrace for cpu 3 +CPU: 3 UID: 0 PID: 86 Comm: kworker/3:3 Not tainted 6.12.0-rc5+ #53 +Hardware name: Firefly ROC-RK3328-CC (DT) +Workqueue: pm genpd_power_off_work_fn +pstate: 20400005 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) +pc : regmap_unlock_spinlock+0x18/0x30 +lr : regmap_read+0x60/0x88 +sp : ffff800081123c00 +x29: ffff800081123c00 x28: ffff2fa4c62cad80 x27: 0000000000000000 +x26: ffffd74e6e660eb8 x25: ffff2fa4c62cae00 x24: 0000000000000040 +x23: ffffd74e6d2f3ab8 x22: 0000000000000001 x21: ffff800081123c74 +x20: 0000000000000000 x19: ffff2fa4c0412000 x18: 0000000000000000 +x17: 77202c31203d2065 x16: 6c6469203a72656c x15: 6c6f72746e6f632d +x14: 7265776f703a6e6f x13: 2063766568206e69 x12: 616d6f64202c3431 +x11: 347830206f742030 x10: 3430303034783020 x9 : ffffd74e6c7369e0 +x8 : 3030316666206e69 x7 : 205d383738353733 x6 : 332e31202020205b +x5 : ffffd74e6c73fc88 x4 : ffffd74e6c73fcd4 x3 : ffffd74e6c740b40 +x2 : ffff800080015484 x1 : 0000000000000000 x0 : ffff2fa4c0412000 +Call trace: +regmap_unlock_spinlock+0x18/0x30 +rockchip_pmu_set_idle_request+0xac/0x2c0 +rockchip_pd_power+0x144/0x5f8 +rockchip_pd_power_off+0x1c/0x30 +_genpd_power_off+0x9c/0x180 +genpd_power_off.part.0.isra.0+0x130/0x2a8 +genpd_power_off_work_fn+0x6c/0x98 +process_one_work+0x170/0x3f0 +worker_thread+0x290/0x4a8 +kthread+0xec/0xf8 +ret_from_fork+0x10/0x20 +rockchip-pm-domain ff100000.syscon:power-controller: failed to get ack on domain 'hevc', val=0x88220 + +Fixes: 52e02d377a72 ("arm64: dts: rockchip: add core dtsi file for RK3328 SoCs") +Signed-off-by: Peter Geis +Reviewed-by: Dragan Simic +Link: https://lore.kernel.org/r/20241214224339.24674-1-pgwipeout@gmail.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3328.dtsi b/arch/arm64/boot/dts/rockchip/rk3328.dtsi +index d8af608752e3..f6f5a64fef09 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi +@@ -272,6 +272,7 @@ + + power-domain@RK3328_PD_HEVC { + reg = ; ++ clocks = <&cru SCLK_VENC_CORE>; + #power-domain-cells = <0>; + }; + power-domain@RK3328_PD_VIDEO { +-- +2.39.5 + diff --git a/queue-5.4/arm64-dts-rockchip-add-power-domain-cells-to-power-d.patch b/queue-5.4/arm64-dts-rockchip-add-power-domain-cells-to-power-d.patch new file mode 100644 index 00000000000..90213c8f1d5 --- /dev/null +++ b/queue-5.4/arm64-dts-rockchip-add-power-domain-cells-to-power-d.patch @@ -0,0 +1,254 @@ +From 939973801e5babb4076d5f35d4df40c972cd616b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 17 Apr 2021 13:29:45 +0200 +Subject: arm64: dts: rockchip: add #power-domain-cells to power domain nodes + +From: Johan Jonker + +[ Upstream commit 837188d49823230f47afdbbec7556740e89a8557 ] + +Add #power-domain-cells to power domain nodes, because they +are required by power-domain.yaml + +Signed-off-by: Johan Jonker +Link: https://lore.kernel.org/r/20210417112952.8516-9-jbx6244@gmail.com +Signed-off-by: Heiko Stuebner +Stable-dep-of: 3699f2c43ea9 ("arm64: dts: rockchip: add hevc power domain clock to rk3328") +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/rockchip/px30.dtsi | 8 ++++++++ + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 3 +++ + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 20 ++++++++++++++++++++ + 3 files changed, 31 insertions(+) + +diff --git a/arch/arm64/boot/dts/rockchip/px30.dtsi b/arch/arm64/boot/dts/rockchip/px30.dtsi +index f297601c9f71..652998c83640 100644 +--- a/arch/arm64/boot/dts/rockchip/px30.dtsi ++++ b/arch/arm64/boot/dts/rockchip/px30.dtsi +@@ -219,12 +219,14 @@ + <&cru HCLK_OTG>, + <&cru SCLK_OTG_ADP>; + pm_qos = <&qos_usb_host>, <&qos_usb_otg>; ++ #power-domain-cells = <0>; + }; + power-domain@PX30_PD_SDCARD { + reg = ; + clocks = <&cru HCLK_SDMMC>, + <&cru SCLK_SDMMC>; + pm_qos = <&qos_sdmmc>; ++ #power-domain-cells = <0>; + }; + power-domain@PX30_PD_GMAC { + reg = ; +@@ -233,6 +235,7 @@ + <&cru SCLK_MAC_REF>, + <&cru SCLK_GMAC_RX_TX>; + pm_qos = <&qos_gmac>; ++ #power-domain-cells = <0>; + }; + power-domain@PX30_PD_MMC_NAND { + reg = ; +@@ -246,6 +249,7 @@ + <&cru SCLK_SFC>; + pm_qos = <&qos_emmc>, <&qos_nand>, + <&qos_sdio>, <&qos_sfc>; ++ #power-domain-cells = <0>; + }; + power-domain@PX30_PD_VPU { + reg = ; +@@ -253,6 +257,7 @@ + <&cru HCLK_VPU>, + <&cru SCLK_CORE_VPU>; + pm_qos = <&qos_vpu>, <&qos_vpu_r128>; ++ #power-domain-cells = <0>; + }; + power-domain@PX30_PD_VO { + reg = ; +@@ -269,6 +274,7 @@ + <&cru SCLK_VOPB_PWM>; + pm_qos = <&qos_rga_rd>, <&qos_rga_wr>, + <&qos_vop_m0>, <&qos_vop_m1>; ++ #power-domain-cells = <0>; + }; + power-domain@PX30_PD_VI { + reg = ; +@@ -280,11 +286,13 @@ + pm_qos = <&qos_isp_128>, <&qos_isp_rd>, + <&qos_isp_wr>, <&qos_isp_m1>, + <&qos_vip>; ++ #power-domain-cells = <0>; + }; + power-domain@PX30_PD_GPU { + reg = ; + clocks = <&cru SCLK_GPU>; + pm_qos = <&qos_gpu>; ++ #power-domain-cells = <0>; + }; + }; + }; +diff --git a/arch/arm64/boot/dts/rockchip/rk3328.dtsi b/arch/arm64/boot/dts/rockchip/rk3328.dtsi +index 5bb84ec31c6f..d8af608752e3 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3328.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3328.dtsi +@@ -272,13 +272,16 @@ + + power-domain@RK3328_PD_HEVC { + reg = ; ++ #power-domain-cells = <0>; + }; + power-domain@RK3328_PD_VIDEO { + reg = ; ++ #power-domain-cells = <0>; + }; + power-domain@RK3328_PD_VPU { + reg = ; + clocks = <&cru ACLK_VPU>, <&cru HCLK_VPU>; ++ #power-domain-cells = <0>; + }; + }; + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +index 04ca346b2f28..e52c2dc1710a 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +@@ -1001,6 +1001,7 @@ + clocks = <&cru ACLK_IEP>, + <&cru HCLK_IEP>; + pm_qos = <&qos_iep>; ++ #power-domain-cells = <0>; + }; + pd_rga@RK3399_PD_RGA { + reg = ; +@@ -1008,12 +1009,14 @@ + <&cru HCLK_RGA>; + pm_qos = <&qos_rga_r>, + <&qos_rga_w>; ++ #power-domain-cells = <0>; + }; + pd_vcodec@RK3399_PD_VCODEC { + reg = ; + clocks = <&cru ACLK_VCODEC>, + <&cru HCLK_VCODEC>; + pm_qos = <&qos_video_m0>; ++ #power-domain-cells = <0>; + }; + pd_vdu@RK3399_PD_VDU { + reg = ; +@@ -1021,6 +1024,7 @@ + <&cru HCLK_VDU>; + pm_qos = <&qos_video_m1_r>, + <&qos_video_m1_w>; ++ #power-domain-cells = <0>; + }; + + /* These power domains are grouped by VD_GPU */ +@@ -1028,53 +1032,63 @@ + reg = ; + clocks = <&cru ACLK_GPU>; + pm_qos = <&qos_gpu>; ++ #power-domain-cells = <0>; + }; + + /* These power domains are grouped by VD_LOGIC */ + pd_edp@RK3399_PD_EDP { + reg = ; + clocks = <&cru PCLK_EDP_CTRL>; ++ #power-domain-cells = <0>; + }; + pd_emmc@RK3399_PD_EMMC { + reg = ; + clocks = <&cru ACLK_EMMC>; + pm_qos = <&qos_emmc>; ++ #power-domain-cells = <0>; + }; + pd_gmac@RK3399_PD_GMAC { + reg = ; + clocks = <&cru ACLK_GMAC>, + <&cru PCLK_GMAC>; + pm_qos = <&qos_gmac>; ++ #power-domain-cells = <0>; + }; + pd_sd@RK3399_PD_SD { + reg = ; + clocks = <&cru HCLK_SDMMC>, + <&cru SCLK_SDMMC>; + pm_qos = <&qos_sd>; ++ #power-domain-cells = <0>; + }; + pd_sdioaudio@RK3399_PD_SDIOAUDIO { + reg = ; + clocks = <&cru HCLK_SDIO>; + pm_qos = <&qos_sdioaudio>; ++ #power-domain-cells = <0>; + }; + pd_tcpc0@RK3399_PD_TCPD0 { + reg = ; + clocks = <&cru SCLK_UPHY0_TCPDCORE>, + <&cru SCLK_UPHY0_TCPDPHY_REF>; ++ #power-domain-cells = <0>; + }; + pd_tcpc1@RK3399_PD_TCPD1 { + reg = ; + clocks = <&cru SCLK_UPHY1_TCPDCORE>, + <&cru SCLK_UPHY1_TCPDPHY_REF>; ++ #power-domain-cells = <0>; + }; + pd_usb3@RK3399_PD_USB3 { + reg = ; + clocks = <&cru ACLK_USB3>; + pm_qos = <&qos_usb_otg0>, + <&qos_usb_otg1>; ++ #power-domain-cells = <0>; + }; + pd_vio@RK3399_PD_VIO { + reg = ; ++ #power-domain-cells = <1>; + #address-cells = <1>; + #size-cells = <0>; + +@@ -1084,6 +1098,7 @@ + <&cru HCLK_HDCP>, + <&cru PCLK_HDCP>; + pm_qos = <&qos_hdcp>; ++ #power-domain-cells = <0>; + }; + pd_isp0@RK3399_PD_ISP0 { + reg = ; +@@ -1091,6 +1106,7 @@ + <&cru HCLK_ISP0>; + pm_qos = <&qos_isp0_m0>, + <&qos_isp0_m1>; ++ #power-domain-cells = <0>; + }; + pd_isp1@RK3399_PD_ISP1 { + reg = ; +@@ -1098,9 +1114,11 @@ + <&cru HCLK_ISP1>; + pm_qos = <&qos_isp1_m0>, + <&qos_isp1_m1>; ++ #power-domain-cells = <0>; + }; + pd_vo@RK3399_PD_VO { + reg = ; ++ #power-domain-cells = <1>; + #address-cells = <1>; + #size-cells = <0>; + +@@ -1110,12 +1128,14 @@ + <&cru HCLK_VOP0>; + pm_qos = <&qos_vop_big_r>, + <&qos_vop_big_w>; ++ #power-domain-cells = <0>; + }; + pd_vopl@RK3399_PD_VOPL { + reg = ; + clocks = <&cru ACLK_VOP1>, + <&cru HCLK_VOP1>; + pm_qos = <&qos_vop_little>; ++ #power-domain-cells = <0>; + }; + }; + }; +-- +2.39.5 + diff --git a/queue-5.4/arm64-dts-rockchip-fix-defines-in-pd_vio-node-for-rk.patch b/queue-5.4/arm64-dts-rockchip-fix-defines-in-pd_vio-node-for-rk.patch new file mode 100644 index 00000000000..480bf593c4c --- /dev/null +++ b/queue-5.4/arm64-dts-rockchip-fix-defines-in-pd_vio-node-for-rk.patch @@ -0,0 +1,56 @@ +From 2206567d1784e6cf02db62c8a07215298215f39b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 28 Apr 2020 22:30:02 +0200 +Subject: arm64: dts: rockchip: fix defines in pd_vio node for rk3399 + +From: Johan Jonker + +[ Upstream commit 84836ded76ec9a6f25d1d0acebaad44977e0ec6f ] + +A test with the command below gives for example this error: + +arch/arm64/boot/dts/rockchip/rk3399-evb.dt.yaml: pd_vio@15: +'pd_tcpc0@RK3399_PD_TCPC0', 'pd_tcpc1@RK3399_PD_TCPC1' +do not match any of the regexes: +'.*-names$', '.*-supply$', '^#.*-cells$', +'^#[a-zA-Z0-9,+\\-._]{0,63}$', +'^[a-zA-Z][a-zA-Z0-9,+\\-._]{0,63}$', +'^[a-zA-Z][a-zA-Z0-9,+\\-._]{0,63}@[0-9a-fA-F]+(,[0-9a-fA-F]+)*$', +'^__.*__$', 'pinctrl-[0-9]+' + +Fix error by replacing the wrong defines by the ones +mentioned in 'rk3399-power.h'. + +make -k ARCH=arm64 dtbs_check + +Signed-off-by: Johan Jonker +Link: https://lore.kernel.org/r/20200428203003.3318-1-jbx6244@gmail.com +Signed-off-by: Heiko Stuebner +Stable-dep-of: 3699f2c43ea9 ("arm64: dts: rockchip: add hevc power domain clock to rk3328") +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +index e5a25bc7d799..dcd989563d27 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +@@ -1089,12 +1089,12 @@ + pm_qos = <&qos_isp1_m0>, + <&qos_isp1_m1>; + }; +- pd_tcpc0@RK3399_PD_TCPC0 { ++ pd_tcpc0@RK3399_PD_TCPD0 { + reg = ; + clocks = <&cru SCLK_UPHY0_TCPDCORE>, + <&cru SCLK_UPHY0_TCPDPHY_REF>; + }; +- pd_tcpc1@RK3399_PD_TCPC1 { ++ pd_tcpc1@RK3399_PD_TCPD1 { + reg = ; + clocks = <&cru SCLK_UPHY1_TCPDCORE>, + <&cru SCLK_UPHY1_TCPDPHY_REF>; +-- +2.39.5 + diff --git a/queue-5.4/arm64-dts-rockchip-fix-pd_tcpc0-and-pd_tcpc1-node-po.patch b/queue-5.4/arm64-dts-rockchip-fix-pd_tcpc0-and-pd_tcpc1-node-po.patch new file mode 100644 index 00000000000..d77333aba81 --- /dev/null +++ b/queue-5.4/arm64-dts-rockchip-fix-pd_tcpc0-and-pd_tcpc1-node-po.patch @@ -0,0 +1,66 @@ +From 07a1f8faae564f83303ca72f387dfc0d74f48bc7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 28 Apr 2020 22:30:03 +0200 +Subject: arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on + rk3399 + +From: Johan Jonker + +[ Upstream commit 2b99e6196663199409540fb95798dba464e34343 ] + +The pd_tcpc0 and pd_tcpc1 nodes are currently a sub node of pd_vio. +In the rk3399 TRM figure of the 'Power Domain Partition' and in the +table of 'Power Domain and Voltage Domain Summary' these power domains +are positioned directly under VD_LOGIC, so fix that in 'rk3399.dtsi'. + +Signed-off-by: Johan Jonker +Reviewed-by: Caesar Wang +Link: https://lore.kernel.org/r/20200428203003.3318-2-jbx6244@gmail.com +Signed-off-by: Heiko Stuebner +Stable-dep-of: 3699f2c43ea9 ("arm64: dts: rockchip: add hevc power domain clock to rk3328") +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399.dtsi b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +index dcd989563d27..04ca346b2f28 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +@@ -1057,6 +1057,16 @@ + clocks = <&cru HCLK_SDIO>; + pm_qos = <&qos_sdioaudio>; + }; ++ pd_tcpc0@RK3399_PD_TCPD0 { ++ reg = ; ++ clocks = <&cru SCLK_UPHY0_TCPDCORE>, ++ <&cru SCLK_UPHY0_TCPDPHY_REF>; ++ }; ++ pd_tcpc1@RK3399_PD_TCPD1 { ++ reg = ; ++ clocks = <&cru SCLK_UPHY1_TCPDCORE>, ++ <&cru SCLK_UPHY1_TCPDPHY_REF>; ++ }; + pd_usb3@RK3399_PD_USB3 { + reg = ; + clocks = <&cru ACLK_USB3>; +@@ -1089,16 +1099,6 @@ + pm_qos = <&qos_isp1_m0>, + <&qos_isp1_m1>; + }; +- pd_tcpc0@RK3399_PD_TCPD0 { +- reg = ; +- clocks = <&cru SCLK_UPHY0_TCPDCORE>, +- <&cru SCLK_UPHY0_TCPDPHY_REF>; +- }; +- pd_tcpc1@RK3399_PD_TCPD1 { +- reg = ; +- clocks = <&cru SCLK_UPHY1_TCPDCORE>, +- <&cru SCLK_UPHY1_TCPDPHY_REF>; +- }; + pd_vo@RK3399_PD_VO { + reg = ; + #address-cells = <1>; +-- +2.39.5 + diff --git a/queue-5.4/ocfs2-correct-return-value-of-ocfs2_local_free_info.patch b/queue-5.4/ocfs2-correct-return-value-of-ocfs2_local_free_info.patch new file mode 100644 index 00000000000..c4ecbdab4c6 --- /dev/null +++ b/queue-5.4/ocfs2-correct-return-value-of-ocfs2_local_free_info.patch @@ -0,0 +1,66 @@ +From cfdbdccb6dc657b283da2ca224d98fac3ac4c884 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 28 May 2023 21:20:32 +0800 +Subject: ocfs2: correct return value of ocfs2_local_free_info() + +From: Joseph Qi + +[ Upstream commit d32840ad4a111c6abd651fbf6b5996e6123913da ] + +Now in ocfs2_local_free_info(), it returns 0 even if it actually fails. +Though it doesn't cause any real problem since the only caller +dquot_disable() ignores the return value, we'd better return correct as it +is. + +Link: https://lkml.kernel.org/r/20230528132033.217664-1-joseph.qi@linux.alibaba.com +Signed-off-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Joseph Qi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Signed-off-by: Andrew Morton +Stable-dep-of: 5f3fd772d152 ("ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv") +Signed-off-by: Sasha Levin +--- + fs/ocfs2/quota_local.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c +index 7a1c8da9e44b..fbab536741e2 100644 +--- a/fs/ocfs2/quota_local.c ++++ b/fs/ocfs2/quota_local.c +@@ -815,7 +815,7 @@ static int ocfs2_local_free_info(struct super_block *sb, int type) + struct ocfs2_quota_chunk *chunk; + struct ocfs2_local_disk_chunk *dchunk; + int mark_clean = 1, len; +- int status; ++ int status = 0; + + iput(oinfo->dqi_gqinode); + ocfs2_simple_drop_lockres(OCFS2_SB(sb), &oinfo->dqi_gqlock); +@@ -857,17 +857,14 @@ static int ocfs2_local_free_info(struct super_block *sb, int type) + oinfo->dqi_libh, + olq_update_info, + info); +- if (status < 0) { ++ if (status < 0) + mlog_errno(status); +- goto out; +- } +- + out: + ocfs2_inode_unlock(sb_dqopt(sb)->files[type], 1); + brelse(oinfo->dqi_libh); + brelse(oinfo->dqi_lqi_bh); + kfree(oinfo); +- return 0; ++ return status; + } + + static void olq_set_dquot(struct buffer_head *bh, void *private) +-- +2.39.5 + diff --git a/queue-5.4/ocfs2-fix-slab-use-after-free-due-to-dangling-pointe.patch b/queue-5.4/ocfs2-fix-slab-use-after-free-due-to-dangling-pointe.patch new file mode 100644 index 00000000000..285827c2f5b --- /dev/null +++ b/queue-5.4/ocfs2-fix-slab-use-after-free-due-to-dangling-pointe.patch @@ -0,0 +1,73 @@ +From ba194680aca3b5dcd0d9c10f32224dd0b7ddc026 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 17 Dec 2024 21:39:25 -0500 +Subject: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv + +From: Dennis Lam + +[ Upstream commit 5f3fd772d152229d94602bca243fbb658068a597 ] + +When mounting ocfs2 and then remounting it as read-only, a +slab-use-after-free occurs after the user uses a syscall to +quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the +dangling pointer. + +During the remounting process, the pointer dqi_priv is freed but is never +set as null leaving it to be accessed. Additionally, the read-only option +for remounting sets the DQUOT_SUSPENDED flag instead of setting the +DQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the +next quota, the function ocfs2_get_next_id is called and only checks the +quota usage flags and not the quota suspended flags. + +To fix this, I set dqi_priv to null when it is freed after remounting with +read-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id. + +[akpm@linux-foundation.org: coding-style cleanups] +Link: https://lkml.kernel.org/r/20241218023924.22821-2-dennis.lamerice@gmail.com +Fixes: 8f9e8f5fcc05 ("ocfs2: Fix Q_GETNEXTQUOTA for filesystem without quotas") +Signed-off-by: Dennis Lam +Reported-by: syzbot+d173bf8a5a7faeede34c@syzkaller.appspotmail.com +Tested-by: syzbot+d173bf8a5a7faeede34c@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/all/6731d26f.050a0220.1fb99c.014b.GAE@google.com/T/ +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Jun Piao +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Sasha Levin +--- + fs/ocfs2/quota_global.c | 2 +- + fs/ocfs2/quota_local.c | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/ocfs2/quota_global.c b/fs/ocfs2/quota_global.c +index eda83487c9ec..1ce3780e8b49 100644 +--- a/fs/ocfs2/quota_global.c ++++ b/fs/ocfs2/quota_global.c +@@ -881,7 +881,7 @@ static int ocfs2_get_next_id(struct super_block *sb, struct kqid *qid) + int status = 0; + + trace_ocfs2_get_next_id(from_kqid(&init_user_ns, *qid), type); +- if (!sb_has_quota_loaded(sb, type)) { ++ if (!sb_has_quota_active(sb, type)) { + status = -ESRCH; + goto out; + } +diff --git a/fs/ocfs2/quota_local.c b/fs/ocfs2/quota_local.c +index fbab536741e2..77d5aa90338f 100644 +--- a/fs/ocfs2/quota_local.c ++++ b/fs/ocfs2/quota_local.c +@@ -864,6 +864,7 @@ static int ocfs2_local_free_info(struct super_block *sb, int type) + brelse(oinfo->dqi_libh); + brelse(oinfo->dqi_lqi_bh); + kfree(oinfo); ++ info->dqi_priv = NULL; + return status; + } + +-- +2.39.5 + diff --git a/queue-5.4/phy-core-fix-code-style-in-devm_of_phy_provider_unre.patch b/queue-5.4/phy-core-fix-code-style-in-devm_of_phy_provider_unre.patch new file mode 100644 index 00000000000..9a88b6804d6 --- /dev/null +++ b/queue-5.4/phy-core-fix-code-style-in-devm_of_phy_provider_unre.patch @@ -0,0 +1,41 @@ +From 6293542e4782bfeab6b432df827f84e3201e107e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Jun 2020 20:20:07 +0530 +Subject: phy: core: fix code style in devm_of_phy_provider_unregister + +From: Vinod Koul + +[ Upstream commit b555f35f2f87f8a99ba8e65d3f51ae4294748b58 ] + +Documentation/process/coding-style.rst says: +"functions: they have the opening brace at the beginning of the next +line" + +devm_of_phy_provider_unregister() function has opening brace at same +line, so fix it up. + +Link: https://lore.kernel.org/r/20200629145010.122675-1-vkoul@kernel.org +Signed-off-by: Vinod Koul +Stable-dep-of: c0b82ab95b4f ("phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider") +Signed-off-by: Sasha Levin +--- + drivers/phy/phy-core.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c +index c801fe727f09..ffe89ed15a36 100644 +--- a/drivers/phy/phy-core.c ++++ b/drivers/phy/phy-core.c +@@ -1094,7 +1094,8 @@ EXPORT_SYMBOL_GPL(of_phy_provider_unregister); + * of_phy_provider_unregister to unregister the phy provider. + */ + void devm_of_phy_provider_unregister(struct device *dev, +- struct phy_provider *phy_provider) { ++ struct phy_provider *phy_provider) ++{ + int r; + + r = devres_destroy(dev, devm_phy_provider_release, devm_phy_match, +-- +2.39.5 + diff --git a/queue-5.4/phy-core-fix-that-api-devm_of_phy_provider_unregiste.patch b/queue-5.4/phy-core-fix-that-api-devm_of_phy_provider_unregiste.patch new file mode 100644 index 00000000000..991aec1305a --- /dev/null +++ b/queue-5.4/phy-core-fix-that-api-devm_of_phy_provider_unregiste.patch @@ -0,0 +1,56 @@ +From ca2ec4f28bf913791b882e963f14a506c0ac0622 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 Dec 2024 20:36:42 +0800 +Subject: phy: core: Fix that API devm_of_phy_provider_unregister() fails to + unregister the phy provider + +From: Zijun Hu + +[ Upstream commit c0b82ab95b4f1fbc3e3aeab9d829d012669524b6 ] + +For devm_of_phy_provider_unregister(), its comment says it needs to invoke +of_phy_provider_unregister() to unregister the phy provider, but it will +not actually invoke the function since devres_destroy() does not call +devm_phy_provider_release(), and the missing of_phy_provider_unregister() +call will cause: + +- The phy provider fails to be unregistered. +- Leak both memory and the OF node refcount. + +Fortunately, the faulty API has not been used by current kernel tree. +Fix by using devres_release() instead of devres_destroy() within the API. + +Fixes: ff764963479a ("drivers: phy: add generic PHY framework") +Reviewed-by: Johan Hovold +Signed-off-by: Zijun Hu +Link: https://lore.kernel.org/stable/20241213-phy_core_fix-v6-2-40ae28f5015a%40quicinc.com +Link: https://lore.kernel.org/r/20241213-phy_core_fix-v6-2-40ae28f5015a@quicinc.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/phy/phy-core.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/phy/phy-core.c b/drivers/phy/phy-core.c +index ffe89ed15a36..c94a0d2c4516 100644 +--- a/drivers/phy/phy-core.c ++++ b/drivers/phy/phy-core.c +@@ -1094,12 +1094,12 @@ EXPORT_SYMBOL_GPL(of_phy_provider_unregister); + * of_phy_provider_unregister to unregister the phy provider. + */ + void devm_of_phy_provider_unregister(struct device *dev, +- struct phy_provider *phy_provider) ++ struct phy_provider *phy_provider) + { + int r; + +- r = devres_destroy(dev, devm_phy_provider_release, devm_phy_match, +- phy_provider); ++ r = devres_release(dev, devm_phy_provider_release, devm_phy_match, ++ phy_provider); + dev_WARN_ONCE(dev, r, "couldn't find PHY provider device resource\n"); + } + EXPORT_SYMBOL_GPL(devm_of_phy_provider_unregister); +-- +2.39.5 + diff --git a/queue-5.4/risc-v-avoid-dereferening-null-regs-in-die.patch b/queue-5.4/risc-v-avoid-dereferening-null-regs-in-die.patch new file mode 100644 index 00000000000..43218de775a --- /dev/null +++ b/queue-5.4/risc-v-avoid-dereferening-null-regs-in-die.patch @@ -0,0 +1,57 @@ +From eac738bfdeefbeef3dff1f5931a2340351292544 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Sep 2022 13:00:37 -0700 +Subject: RISC-V: Avoid dereferening NULL regs in die() + +From: Palmer Dabbelt + +[ Upstream commit f2913d006fcdb61719635e093d1b5dd0dafecac7 ] + +I don't think we can actually die() without a regs pointer, but the +compiler was warning about a NULL check after a dereference. It seems +prudent to just avoid the possibly-NULL dereference, given that when +die()ing the system is already toast so who knows how we got there. + +Reported-by: kernel test robot +Reported-by: Dan Carpenter +Reviewed-by: Conor Dooley +Link: https://lore.kernel.org/r/20220920200037.6727-1-palmer@rivosinc.com +Signed-off-by: Palmer Dabbelt +Stable-dep-of: 6a97f4118ac0 ("riscv: Fix sleeping in invalid context in die()") +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/traps.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index 184f7b82c5ae..533087439e80 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -29,6 +29,7 @@ void die(struct pt_regs *regs, const char *str) + { + static int die_counter; + int ret; ++ long cause; + + oops_enter(); + +@@ -38,11 +39,13 @@ void die(struct pt_regs *regs, const char *str) + + pr_emerg("%s [#%d]\n", str, ++die_counter); + print_modules(); +- show_regs(regs); ++ if (regs) ++ show_regs(regs); + +- ret = notify_die(DIE_OOPS, str, regs, 0, regs->cause, SIGSEGV); ++ cause = regs ? regs->cause : -1; ++ ret = notify_die(DIE_OOPS, str, regs, 0, cause, SIGSEGV); + +- if (regs && kexec_should_crash(current)) ++ if (kexec_should_crash(current)) + crash_kexec(regs); + + bust_spinlocks(0); +-- +2.39.5 + diff --git a/queue-5.4/riscv-abstract-out-csr-names-for-supervisor-vs-machi.patch b/queue-5.4/riscv-abstract-out-csr-names-for-supervisor-vs-machi.patch new file mode 100644 index 00000000000..9cb2b215177 --- /dev/null +++ b/queue-5.4/riscv-abstract-out-csr-names-for-supervisor-vs-machi.patch @@ -0,0 +1,1043 @@ +From 2366983a55278aafc0677126567c9dc5248f0d79 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 28 Oct 2019 13:10:32 +0100 +Subject: riscv: abstract out CSR names for supervisor vs machine mode + +From: Christoph Hellwig + +[ Upstream commit a4c3733d32a72f11dee86d0731d7565aa6ebe22d ] + +Many of the privileged CSRs exist in a supervisor and machine version +that are used very similarly. Provide versions of the CSR names and +fields that map to either the S-mode or M-mode variant depending on +a new CONFIG_RISCV_M_MODE kconfig symbol. + +Contains contributions from Damien Le Moal +and Paul Walmsley . + +Signed-off-by: Christoph Hellwig +Acked-by: Thomas Gleixner # for drivers/clocksource, drivers/irqchip +[paul.walmsley@sifive.com: updated to apply] +Signed-off-by: Paul Walmsley +Stable-dep-of: 6a97f4118ac0 ("riscv: Fix sleeping in invalid context in die()") +Signed-off-by: Sasha Levin +--- + arch/riscv/Kconfig | 4 ++ + arch/riscv/include/asm/csr.h | 72 +++++++++++++++++++++++++---- + arch/riscv/include/asm/irqflags.h | 12 ++--- + arch/riscv/include/asm/processor.h | 2 +- + arch/riscv/include/asm/ptrace.h | 16 +++---- + arch/riscv/include/asm/switch_to.h | 10 ++-- + arch/riscv/kernel/asm-offsets.c | 8 ++-- + arch/riscv/kernel/entry.S | 74 +++++++++++++++++------------- + arch/riscv/kernel/fpu.S | 8 ++-- + arch/riscv/kernel/head.S | 12 ++--- + arch/riscv/kernel/irq.c | 17 ++----- + arch/riscv/kernel/perf_callchain.c | 2 +- + arch/riscv/kernel/process.c | 17 +++---- + arch/riscv/kernel/signal.c | 21 ++++----- + arch/riscv/kernel/smp.c | 2 +- + arch/riscv/kernel/traps.c | 16 +++---- + arch/riscv/lib/uaccess.S | 12 ++--- + arch/riscv/mm/extable.c | 4 +- + arch/riscv/mm/fault.c | 6 +-- + drivers/clocksource/timer-riscv.c | 8 ++-- + drivers/irqchip/irq-sifive-plic.c | 11 +++-- + 21 files changed, 199 insertions(+), 135 deletions(-) + +diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig +index 42138882667d..e3dad60b8d47 100644 +--- a/arch/riscv/Kconfig ++++ b/arch/riscv/Kconfig +@@ -72,6 +72,10 @@ config ARCH_MMAP_RND_BITS_MAX + default 24 if 64BIT # SV39 based + default 17 + ++# set if we run in machine mode, cleared if we run in supervisor mode ++config RISCV_M_MODE ++ bool ++ + config MMU + def_bool y + +diff --git a/arch/riscv/include/asm/csr.h b/arch/riscv/include/asm/csr.h +index a18923fa23c8..0ab642811028 100644 +--- a/arch/riscv/include/asm/csr.h ++++ b/arch/riscv/include/asm/csr.h +@@ -11,8 +11,11 @@ + + /* Status register flags */ + #define SR_SIE _AC(0x00000002, UL) /* Supervisor Interrupt Enable */ ++#define SR_MIE _AC(0x00000008, UL) /* Machine Interrupt Enable */ + #define SR_SPIE _AC(0x00000020, UL) /* Previous Supervisor IE */ ++#define SR_MPIE _AC(0x00000080, UL) /* Previous Machine IE */ + #define SR_SPP _AC(0x00000100, UL) /* Previously Supervisor */ ++#define SR_MPP _AC(0x00001800, UL) /* Previously Machine */ + #define SR_SUM _AC(0x00040000, UL) /* Supervisor User Memory Access */ + + #define SR_FS _AC(0x00006000, UL) /* Floating-point Status */ +@@ -44,9 +47,10 @@ + #define SATP_MODE SATP_MODE_39 + #endif + +-/* SCAUSE */ +-#define SCAUSE_IRQ_FLAG (_AC(1, UL) << (__riscv_xlen - 1)) ++/* Exception cause high bit - is an interrupt if set */ ++#define CAUSE_IRQ_FLAG (_AC(1, UL) << (__riscv_xlen - 1)) + ++/* Interrupt causes (minus the high bit) */ + #define IRQ_U_SOFT 0 + #define IRQ_S_SOFT 1 + #define IRQ_M_SOFT 3 +@@ -57,6 +61,7 @@ + #define IRQ_S_EXT 9 + #define IRQ_M_EXT 11 + ++/* Exception causes */ + #define EXC_INST_MISALIGNED 0 + #define EXC_INST_ACCESS 1 + #define EXC_BREAKPOINT 3 +@@ -67,14 +72,14 @@ + #define EXC_LOAD_PAGE_FAULT 13 + #define EXC_STORE_PAGE_FAULT 15 + +-/* SIE (Interrupt Enable) and SIP (Interrupt Pending) flags */ +-#define SIE_SSIE (_AC(0x1, UL) << IRQ_S_SOFT) +-#define SIE_STIE (_AC(0x1, UL) << IRQ_S_TIMER) +-#define SIE_SEIE (_AC(0x1, UL) << IRQ_S_EXT) +- ++/* symbolic CSR names: */ + #define CSR_CYCLE 0xc00 + #define CSR_TIME 0xc01 + #define CSR_INSTRET 0xc02 ++#define CSR_CYCLEH 0xc80 ++#define CSR_TIMEH 0xc81 ++#define CSR_INSTRETH 0xc82 ++ + #define CSR_SSTATUS 0x100 + #define CSR_SIE 0x104 + #define CSR_STVEC 0x105 +@@ -85,9 +90,56 @@ + #define CSR_STVAL 0x143 + #define CSR_SIP 0x144 + #define CSR_SATP 0x180 +-#define CSR_CYCLEH 0xc80 +-#define CSR_TIMEH 0xc81 +-#define CSR_INSTRETH 0xc82 ++ ++#define CSR_MSTATUS 0x300 ++#define CSR_MIE 0x304 ++#define CSR_MTVEC 0x305 ++#define CSR_MSCRATCH 0x340 ++#define CSR_MEPC 0x341 ++#define CSR_MCAUSE 0x342 ++#define CSR_MTVAL 0x343 ++#define CSR_MIP 0x344 ++ ++#ifdef CONFIG_RISCV_M_MODE ++# define CSR_STATUS CSR_MSTATUS ++# define CSR_IE CSR_MIE ++# define CSR_TVEC CSR_MTVEC ++# define CSR_SCRATCH CSR_MSCRATCH ++# define CSR_EPC CSR_MEPC ++# define CSR_CAUSE CSR_MCAUSE ++# define CSR_TVAL CSR_MTVAL ++# define CSR_IP CSR_MIP ++ ++# define SR_IE SR_MIE ++# define SR_PIE SR_MPIE ++# define SR_PP SR_MPP ++ ++# define IRQ_SOFT IRQ_M_SOFT ++# define IRQ_TIMER IRQ_M_TIMER ++# define IRQ_EXT IRQ_M_EXT ++#else /* CONFIG_RISCV_M_MODE */ ++# define CSR_STATUS CSR_SSTATUS ++# define CSR_IE CSR_SIE ++# define CSR_TVEC CSR_STVEC ++# define CSR_SCRATCH CSR_SSCRATCH ++# define CSR_EPC CSR_SEPC ++# define CSR_CAUSE CSR_SCAUSE ++# define CSR_TVAL CSR_STVAL ++# define CSR_IP CSR_SIP ++ ++# define SR_IE SR_SIE ++# define SR_PIE SR_SPIE ++# define SR_PP SR_SPP ++ ++# define IRQ_SOFT IRQ_S_SOFT ++# define IRQ_TIMER IRQ_S_TIMER ++# define IRQ_EXT IRQ_S_EXT ++#endif /* CONFIG_RISCV_M_MODE */ ++ ++/* IE/IP (Supervisor/Machine Interrupt Enable/Pending) flags */ ++#define IE_SIE (_AC(0x1, UL) << IRQ_SOFT) ++#define IE_TIE (_AC(0x1, UL) << IRQ_TIMER) ++#define IE_EIE (_AC(0x1, UL) << IRQ_EXT) + + #ifndef __ASSEMBLY__ + +diff --git a/arch/riscv/include/asm/irqflags.h b/arch/riscv/include/asm/irqflags.h +index e70f647ce3b7..08d4d6a5b7e9 100644 +--- a/arch/riscv/include/asm/irqflags.h ++++ b/arch/riscv/include/asm/irqflags.h +@@ -13,31 +13,31 @@ + /* read interrupt enabled status */ + static inline unsigned long arch_local_save_flags(void) + { +- return csr_read(CSR_SSTATUS); ++ return csr_read(CSR_STATUS); + } + + /* unconditionally enable interrupts */ + static inline void arch_local_irq_enable(void) + { +- csr_set(CSR_SSTATUS, SR_SIE); ++ csr_set(CSR_STATUS, SR_IE); + } + + /* unconditionally disable interrupts */ + static inline void arch_local_irq_disable(void) + { +- csr_clear(CSR_SSTATUS, SR_SIE); ++ csr_clear(CSR_STATUS, SR_IE); + } + + /* get status and disable interrupts */ + static inline unsigned long arch_local_irq_save(void) + { +- return csr_read_clear(CSR_SSTATUS, SR_SIE); ++ return csr_read_clear(CSR_STATUS, SR_IE); + } + + /* test flags */ + static inline int arch_irqs_disabled_flags(unsigned long flags) + { +- return !(flags & SR_SIE); ++ return !(flags & SR_IE); + } + + /* test hardware interrupt enable bit */ +@@ -49,7 +49,7 @@ static inline int arch_irqs_disabled(void) + /* set interrupt enabled status */ + static inline void arch_local_irq_restore(unsigned long flags) + { +- csr_set(CSR_SSTATUS, flags & SR_SIE); ++ csr_set(CSR_STATUS, flags & SR_IE); + } + + #endif /* _ASM_RISCV_IRQFLAGS_H */ +diff --git a/arch/riscv/include/asm/processor.h b/arch/riscv/include/asm/processor.h +index 8c5b11a640dd..60fd02698b77 100644 +--- a/arch/riscv/include/asm/processor.h ++++ b/arch/riscv/include/asm/processor.h +@@ -44,7 +44,7 @@ struct thread_struct { + ((struct pt_regs *)(task_stack_page(tsk) + THREAD_SIZE \ + - ALIGN(sizeof(struct pt_regs), STACK_ALIGN))) + +-#define KSTK_EIP(tsk) (task_pt_regs(tsk)->sepc) ++#define KSTK_EIP(tsk) (task_pt_regs(tsk)->epc) + #define KSTK_ESP(tsk) (task_pt_regs(tsk)->sp) + + +diff --git a/arch/riscv/include/asm/ptrace.h b/arch/riscv/include/asm/ptrace.h +index d48d1e13973c..ee49f80c9533 100644 +--- a/arch/riscv/include/asm/ptrace.h ++++ b/arch/riscv/include/asm/ptrace.h +@@ -12,7 +12,7 @@ + #ifndef __ASSEMBLY__ + + struct pt_regs { +- unsigned long sepc; ++ unsigned long epc; + unsigned long ra; + unsigned long sp; + unsigned long gp; +@@ -44,10 +44,10 @@ struct pt_regs { + unsigned long t4; + unsigned long t5; + unsigned long t6; +- /* Supervisor CSRs */ +- unsigned long sstatus; +- unsigned long sbadaddr; +- unsigned long scause; ++ /* Supervisor/Machine CSRs */ ++ unsigned long status; ++ unsigned long badaddr; ++ unsigned long cause; + /* a0 value before the syscall */ + unsigned long orig_a0; + }; +@@ -58,18 +58,18 @@ struct pt_regs { + #define REG_FMT "%08lx" + #endif + +-#define user_mode(regs) (((regs)->sstatus & SR_SPP) == 0) ++#define user_mode(regs) (((regs)->status & SR_PP) == 0) + + + /* Helpers for working with the instruction pointer */ + static inline unsigned long instruction_pointer(struct pt_regs *regs) + { +- return regs->sepc; ++ return regs->epc; + } + static inline void instruction_pointer_set(struct pt_regs *regs, + unsigned long val) + { +- regs->sepc = val; ++ regs->epc = val; + } + + #define profile_pc(regs) instruction_pointer(regs) +diff --git a/arch/riscv/include/asm/switch_to.h b/arch/riscv/include/asm/switch_to.h +index ee4f0ac62c9d..407bcc96a710 100644 +--- a/arch/riscv/include/asm/switch_to.h ++++ b/arch/riscv/include/asm/switch_to.h +@@ -17,19 +17,19 @@ extern void __fstate_restore(struct task_struct *restore_from); + + static inline void __fstate_clean(struct pt_regs *regs) + { +- regs->sstatus = (regs->sstatus & ~SR_FS) | SR_FS_CLEAN; ++ regs->status = (regs->status & ~SR_FS) | SR_FS_CLEAN; + } + + static inline void fstate_off(struct task_struct *task, + struct pt_regs *regs) + { +- regs->sstatus = (regs->sstatus & ~SR_FS) | SR_FS_OFF; ++ regs->status = (regs->status & ~SR_FS) | SR_FS_OFF; + } + + static inline void fstate_save(struct task_struct *task, + struct pt_regs *regs) + { +- if ((regs->sstatus & SR_FS) == SR_FS_DIRTY) { ++ if ((regs->status & SR_FS) == SR_FS_DIRTY) { + __fstate_save(task); + __fstate_clean(regs); + } +@@ -38,7 +38,7 @@ static inline void fstate_save(struct task_struct *task, + static inline void fstate_restore(struct task_struct *task, + struct pt_regs *regs) + { +- if ((regs->sstatus & SR_FS) != SR_FS_OFF) { ++ if ((regs->status & SR_FS) != SR_FS_OFF) { + __fstate_restore(task); + __fstate_clean(regs); + } +@@ -50,7 +50,7 @@ static inline void __switch_to_aux(struct task_struct *prev, + struct pt_regs *regs; + + regs = task_pt_regs(prev); +- if (unlikely(regs->sstatus & SR_SD)) ++ if (unlikely(regs->status & SR_SD)) + fstate_save(prev, regs); + fstate_restore(next, task_pt_regs(next)); + } +diff --git a/arch/riscv/kernel/asm-offsets.c b/arch/riscv/kernel/asm-offsets.c +index 42c69d5554e4..8a2614053274 100644 +--- a/arch/riscv/kernel/asm-offsets.c ++++ b/arch/riscv/kernel/asm-offsets.c +@@ -69,7 +69,7 @@ void asm_offsets(void) + OFFSET(TASK_THREAD_FCSR, task_struct, thread.fstate.fcsr); + + DEFINE(PT_SIZE, sizeof(struct pt_regs)); +- OFFSET(PT_SEPC, pt_regs, sepc); ++ OFFSET(PT_EPC, pt_regs, epc); + OFFSET(PT_RA, pt_regs, ra); + OFFSET(PT_FP, pt_regs, s0); + OFFSET(PT_S0, pt_regs, s0); +@@ -103,9 +103,9 @@ void asm_offsets(void) + OFFSET(PT_T6, pt_regs, t6); + OFFSET(PT_GP, pt_regs, gp); + OFFSET(PT_ORIG_A0, pt_regs, orig_a0); +- OFFSET(PT_SSTATUS, pt_regs, sstatus); +- OFFSET(PT_SBADADDR, pt_regs, sbadaddr); +- OFFSET(PT_SCAUSE, pt_regs, scause); ++ OFFSET(PT_STATUS, pt_regs, status); ++ OFFSET(PT_BADADDR, pt_regs, badaddr); ++ OFFSET(PT_CAUSE, pt_regs, cause); + + /* + * THREAD_{F,X}* might be larger than a S-type offset can handle, but +diff --git a/arch/riscv/kernel/entry.S b/arch/riscv/kernel/entry.S +index 9c87ae77ad5d..57b27b8278b1 100644 +--- a/arch/riscv/kernel/entry.S ++++ b/arch/riscv/kernel/entry.S +@@ -26,14 +26,14 @@ + + /* + * If coming from userspace, preserve the user thread pointer and load +- * the kernel thread pointer. If we came from the kernel, sscratch +- * will contain 0, and we should continue on the current TP. ++ * the kernel thread pointer. If we came from the kernel, the scratch ++ * register will contain 0, and we should continue on the current TP. + */ +- csrrw tp, CSR_SSCRATCH, tp ++ csrrw tp, CSR_SCRATCH, tp + bnez tp, _save_context + + _restore_kernel_tpsp: +- csrr tp, CSR_SSCRATCH ++ csrr tp, CSR_SCRATCH + REG_S sp, TASK_TI_KERNEL_SP(tp) + _save_context: + REG_S sp, TASK_TI_USER_SP(tp) +@@ -79,16 +79,16 @@ _save_context: + li t0, SR_SUM | SR_FS + + REG_L s0, TASK_TI_USER_SP(tp) +- csrrc s1, CSR_SSTATUS, t0 +- csrr s2, CSR_SEPC +- csrr s3, CSR_STVAL +- csrr s4, CSR_SCAUSE +- csrr s5, CSR_SSCRATCH ++ csrrc s1, CSR_STATUS, t0 ++ csrr s2, CSR_EPC ++ csrr s3, CSR_TVAL ++ csrr s4, CSR_CAUSE ++ csrr s5, CSR_SCRATCH + REG_S s0, PT_SP(sp) +- REG_S s1, PT_SSTATUS(sp) +- REG_S s2, PT_SEPC(sp) +- REG_S s3, PT_SBADADDR(sp) +- REG_S s4, PT_SCAUSE(sp) ++ REG_S s1, PT_STATUS(sp) ++ REG_S s2, PT_EPC(sp) ++ REG_S s3, PT_BADADDR(sp) ++ REG_S s4, PT_CAUSE(sp) + REG_S s5, PT_TP(sp) + .endm + +@@ -97,7 +97,7 @@ _save_context: + * registers from the stack. + */ + .macro RESTORE_ALL +- REG_L a0, PT_SSTATUS(sp) ++ REG_L a0, PT_STATUS(sp) + /* + * The current load reservation is effectively part of the processor's + * state, in the sense that load reservations cannot be shared between +@@ -115,11 +115,11 @@ _save_context: + * completes, implementations are allowed to expand reservations to be + * arbitrarily large. + */ +- REG_L a2, PT_SEPC(sp) +- REG_SC x0, a2, PT_SEPC(sp) ++ REG_L a2, PT_EPC(sp) ++ REG_SC x0, a2, PT_EPC(sp) + +- csrw CSR_SSTATUS, a0 +- csrw CSR_SEPC, a2 ++ csrw CSR_STATUS, a0 ++ csrw CSR_EPC, a2 + + REG_L x1, PT_RA(sp) + REG_L x3, PT_GP(sp) +@@ -163,10 +163,10 @@ ENTRY(handle_exception) + SAVE_ALL + + /* +- * Set sscratch register to 0, so that if a recursive exception ++ * Set the scratch register to 0, so that if a recursive exception + * occurs, the exception vector knows it came from the kernel + */ +- csrw CSR_SSCRATCH, x0 ++ csrw CSR_SCRATCH, x0 + + /* Load the global pointer */ + .option push +@@ -185,11 +185,13 @@ ENTRY(handle_exception) + move a0, sp /* pt_regs */ + tail do_IRQ + 1: +- /* Exceptions run with interrupts enabled or disabled +- depending on the state of sstatus.SR_SPIE */ +- andi t0, s1, SR_SPIE ++ /* ++ * Exceptions run with interrupts enabled or disabled depending on the ++ * state of SR_PIE in m/sstatus. ++ */ ++ andi t0, s1, SR_PIE + beqz t0, 1f +- csrs CSR_SSTATUS, SR_SIE ++ csrs CSR_STATUS, SR_IE + + 1: + /* Handle syscalls */ +@@ -217,7 +219,7 @@ handle_syscall: + * scall instruction on sret + */ + addi s2, s2, 0x4 +- REG_S s2, PT_SEPC(sp) ++ REG_S s2, PT_EPC(sp) + /* Trace syscalls, but only if requested by the user. */ + REG_L t0, TASK_TI_FLAGS(tp) + andi t0, t0, _TIF_SYSCALL_WORK +@@ -244,9 +246,15 @@ ret_from_syscall: + bnez t0, handle_syscall_trace_exit + + ret_from_exception: +- REG_L s0, PT_SSTATUS(sp) +- csrc CSR_SSTATUS, SR_SIE ++ REG_L s0, PT_STATUS(sp) ++ csrc CSR_STATUS, SR_IE ++#ifdef CONFIG_RISCV_M_MODE ++ /* the MPP value is too large to be used as an immediate arg for addi */ ++ li t0, SR_MPP ++ and s0, s0, t0 ++#else + andi s0, s0, SR_SPP ++#endif + bnez s0, resume_kernel + + resume_userspace: +@@ -260,14 +268,18 @@ resume_userspace: + REG_S s0, TASK_TI_KERNEL_SP(tp) + + /* +- * Save TP into sscratch, so we can find the kernel data structures +- * again. ++ * Save TP into the scratch register , so we can find the kernel data ++ * structures again. + */ +- csrw CSR_SSCRATCH, tp ++ csrw CSR_SCRATCH, tp + + restore_all: + RESTORE_ALL ++#ifdef CONFIG_RISCV_M_MODE ++ mret ++#else + sret ++#endif + + #if IS_ENABLED(CONFIG_PREEMPT) + resume_kernel: +@@ -287,7 +299,7 @@ work_pending: + bnez s1, work_resched + work_notifysig: + /* Handle pending signals and notify-resume requests */ +- csrs CSR_SSTATUS, SR_SIE /* Enable interrupts for do_notify_resume() */ ++ csrs CSR_STATUS, SR_IE /* Enable interrupts for do_notify_resume() */ + move a0, sp /* pt_regs */ + move a1, s0 /* current_thread_info->flags */ + tail do_notify_resume +diff --git a/arch/riscv/kernel/fpu.S b/arch/riscv/kernel/fpu.S +index 631d31540660..dd2205473de7 100644 +--- a/arch/riscv/kernel/fpu.S ++++ b/arch/riscv/kernel/fpu.S +@@ -23,7 +23,7 @@ ENTRY(__fstate_save) + li a2, TASK_THREAD_F0 + add a0, a0, a2 + li t1, SR_FS +- csrs CSR_SSTATUS, t1 ++ csrs CSR_STATUS, t1 + frcsr t0 + fsd f0, TASK_THREAD_F0_F0(a0) + fsd f1, TASK_THREAD_F1_F0(a0) +@@ -58,7 +58,7 @@ ENTRY(__fstate_save) + fsd f30, TASK_THREAD_F30_F0(a0) + fsd f31, TASK_THREAD_F31_F0(a0) + sw t0, TASK_THREAD_FCSR_F0(a0) +- csrc CSR_SSTATUS, t1 ++ csrc CSR_STATUS, t1 + ret + ENDPROC(__fstate_save) + +@@ -67,7 +67,7 @@ ENTRY(__fstate_restore) + add a0, a0, a2 + li t1, SR_FS + lw t0, TASK_THREAD_FCSR_F0(a0) +- csrs CSR_SSTATUS, t1 ++ csrs CSR_STATUS, t1 + fld f0, TASK_THREAD_F0_F0(a0) + fld f1, TASK_THREAD_F1_F0(a0) + fld f2, TASK_THREAD_F2_F0(a0) +@@ -101,6 +101,6 @@ ENTRY(__fstate_restore) + fld f30, TASK_THREAD_F30_F0(a0) + fld f31, TASK_THREAD_F31_F0(a0) + fscsr t0 +- csrc CSR_SSTATUS, t1 ++ csrc CSR_STATUS, t1 + ret + ENDPROC(__fstate_restore) +diff --git a/arch/riscv/kernel/head.S b/arch/riscv/kernel/head.S +index 344793159b97..57817c198774 100644 +--- a/arch/riscv/kernel/head.S ++++ b/arch/riscv/kernel/head.S +@@ -52,8 +52,8 @@ ENTRY(_start) + .global _start_kernel + _start_kernel: + /* Mask all interrupts */ +- csrw CSR_SIE, zero +- csrw CSR_SIP, zero ++ csrw CSR_IE, zero ++ csrw CSR_IP, zero + + /* Load the global pointer */ + .option push +@@ -66,7 +66,7 @@ _start_kernel: + * floating point in kernel space + */ + li t0, SR_FS +- csrc CSR_SSTATUS, t0 ++ csrc CSR_STATUS, t0 + + #ifdef CONFIG_SMP + li t0, CONFIG_NR_CPUS +@@ -121,7 +121,7 @@ relocate: + /* Point stvec to virtual address of intruction after satp write */ + la a2, 1f + add a2, a2, a1 +- csrw CSR_STVEC, a2 ++ csrw CSR_TVEC, a2 + + /* Compute satp for kernel page tables, but don't load it yet */ + srl a2, a0, PAGE_SHIFT +@@ -143,7 +143,7 @@ relocate: + 1: + /* Set trap vector to spin forever to help debug */ + la a0, .Lsecondary_park +- csrw CSR_STVEC, a0 ++ csrw CSR_TVEC, a0 + + /* Reload the global pointer */ + .option push +@@ -166,7 +166,7 @@ relocate: + #ifdef CONFIG_SMP + /* Set trap vector to spin forever to help debug */ + la a3, .Lsecondary_park +- csrw CSR_STVEC, a3 ++ csrw CSR_TVEC, a3 + + slli a3, a0, LGREG + la a1, __cpu_up_stack_pointer +diff --git a/arch/riscv/kernel/irq.c b/arch/riscv/kernel/irq.c +index fffac6ddb0e0..3f07a91d5afb 100644 +--- a/arch/riscv/kernel/irq.c ++++ b/arch/riscv/kernel/irq.c +@@ -11,13 +11,6 @@ + #include + #include + +-/* +- * Possible interrupt causes: +- */ +-#define INTERRUPT_CAUSE_SOFTWARE IRQ_S_SOFT +-#define INTERRUPT_CAUSE_TIMER IRQ_S_TIMER +-#define INTERRUPT_CAUSE_EXTERNAL IRQ_S_EXT +- + int arch_show_interrupts(struct seq_file *p, int prec) + { + show_ipi_stats(p, prec); +@@ -29,12 +22,12 @@ asmlinkage __visible void __irq_entry do_IRQ(struct pt_regs *regs) + struct pt_regs *old_regs = set_irq_regs(regs); + + irq_enter(); +- switch (regs->scause & ~SCAUSE_IRQ_FLAG) { +- case INTERRUPT_CAUSE_TIMER: ++ switch (regs->cause & ~CAUSE_IRQ_FLAG) { ++ case IRQ_TIMER: + riscv_timer_interrupt(); + break; + #ifdef CONFIG_SMP +- case INTERRUPT_CAUSE_SOFTWARE: ++ case IRQ_SOFT: + /* + * We only use software interrupts to pass IPIs, so if a non-SMP + * system gets one, then we don't know what to do. +@@ -42,11 +35,11 @@ asmlinkage __visible void __irq_entry do_IRQ(struct pt_regs *regs) + riscv_software_interrupt(); + break; + #endif +- case INTERRUPT_CAUSE_EXTERNAL: ++ case IRQ_EXT: + handle_arch_irq(regs); + break; + default: +- pr_alert("unexpected interrupt cause 0x%lx", regs->scause); ++ pr_alert("unexpected interrupt cause 0x%lx", regs->cause); + BUG(); + } + irq_exit(); +diff --git a/arch/riscv/kernel/perf_callchain.c b/arch/riscv/kernel/perf_callchain.c +index 11541cbe26b3..ed7c8fdde62b 100644 +--- a/arch/riscv/kernel/perf_callchain.c ++++ b/arch/riscv/kernel/perf_callchain.c +@@ -68,7 +68,7 @@ void perf_callchain_user(struct perf_callchain_entry_ctx *entry, + return; + + fp = regs->s0; +- perf_callchain_store(entry, regs->sepc); ++ perf_callchain_store(entry, regs->epc); + + fp = user_backtrace(entry, fp, regs->ra); + while (fp && !(fp & 0x7) && entry->nr < entry->max_stack) +diff --git a/arch/riscv/kernel/process.c b/arch/riscv/kernel/process.c +index 9d4b4098874b..f17e7f4ad3e7 100644 +--- a/arch/riscv/kernel/process.c ++++ b/arch/riscv/kernel/process.c +@@ -35,8 +35,8 @@ void show_regs(struct pt_regs *regs) + { + show_regs_print_info(KERN_DEFAULT); + +- pr_cont("sepc: " REG_FMT " ra : " REG_FMT " sp : " REG_FMT "\n", +- regs->sepc, regs->ra, regs->sp); ++ pr_cont("epc: " REG_FMT " ra : " REG_FMT " sp : " REG_FMT "\n", ++ regs->epc, regs->ra, regs->sp); + pr_cont(" gp : " REG_FMT " tp : " REG_FMT " t0 : " REG_FMT "\n", + regs->gp, regs->tp, regs->t0); + pr_cont(" t1 : " REG_FMT " t2 : " REG_FMT " s0 : " REG_FMT "\n", +@@ -58,23 +58,23 @@ void show_regs(struct pt_regs *regs) + pr_cont(" t5 : " REG_FMT " t6 : " REG_FMT "\n", + regs->t5, regs->t6); + +- pr_cont("sstatus: " REG_FMT " sbadaddr: " REG_FMT " scause: " REG_FMT "\n", +- regs->sstatus, regs->sbadaddr, regs->scause); ++ pr_cont("status: " REG_FMT " badaddr: " REG_FMT " cause: " REG_FMT "\n", ++ regs->status, regs->badaddr, regs->cause); + } + + void start_thread(struct pt_regs *regs, unsigned long pc, + unsigned long sp) + { +- regs->sstatus = SR_SPIE; ++ regs->status = SR_PIE; + if (has_fpu) { +- regs->sstatus |= SR_FS_INITIAL; ++ regs->status |= SR_FS_INITIAL; + /* + * Restore the initial value to the FP register + * before starting the user program. + */ + fstate_restore(current, regs); + } +- regs->sepc = pc; ++ regs->epc = pc; + regs->sp = sp; + set_fs(USER_DS); + } +@@ -112,7 +112,8 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long usp, + const register unsigned long gp __asm__ ("gp"); + memset(childregs, 0, sizeof(struct pt_regs)); + childregs->gp = gp; +- childregs->sstatus = SR_SPP | SR_SPIE; /* Supervisor, irqs on */ ++ /* Supervisor/Machine, irqs on: */ ++ childregs->status = SR_PP | SR_PIE; + + p->thread.ra = (unsigned long)ret_from_kernel_thread; + p->thread.s[0] = usp; /* fn */ +diff --git a/arch/riscv/kernel/signal.c b/arch/riscv/kernel/signal.c +index d0f6f212f5df..b7f9a5565c4b 100644 +--- a/arch/riscv/kernel/signal.c ++++ b/arch/riscv/kernel/signal.c +@@ -124,7 +124,7 @@ SYSCALL_DEFINE0(rt_sigreturn) + pr_info_ratelimited( + "%s[%d]: bad frame in %s: frame=%p pc=%p sp=%p\n", + task->comm, task_pid_nr(task), __func__, +- frame, (void *)regs->sepc, (void *)regs->sp); ++ frame, (void *)regs->epc, (void *)regs->sp); + } + force_sig(SIGSEGV); + return 0; +@@ -199,7 +199,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set, + * We always pass siginfo and mcontext, regardless of SA_SIGINFO, + * since some things rely on this (e.g. glibc's debug/segfault.c). + */ +- regs->sepc = (unsigned long)ksig->ka.sa.sa_handler; ++ regs->epc = (unsigned long)ksig->ka.sa.sa_handler; + regs->sp = (unsigned long)frame; + regs->a0 = ksig->sig; /* a0: signal number */ + regs->a1 = (unsigned long)(&frame->info); /* a1: siginfo pointer */ +@@ -208,7 +208,7 @@ static int setup_rt_frame(struct ksignal *ksig, sigset_t *set, + #if DEBUG_SIG + pr_info("SIG deliver (%s:%d): sig=%d pc=%p ra=%p sp=%p\n", + current->comm, task_pid_nr(current), ksig->sig, +- (void *)regs->sepc, (void *)regs->ra, frame); ++ (void *)regs->epc, (void *)regs->ra, frame); + #endif + + return 0; +@@ -220,10 +220,9 @@ static void handle_signal(struct ksignal *ksig, struct pt_regs *regs) + int ret; + + /* Are we from a system call? */ +- if (regs->scause == EXC_SYSCALL) { ++ if (regs->cause == EXC_SYSCALL) { + /* Avoid additional syscall restarting via ret_from_exception */ +- regs->scause = -1UL; +- ++ regs->cause = -1UL; + /* If so, check system call restarting.. */ + switch (regs->a0) { + case -ERESTART_RESTARTBLOCK: +@@ -239,7 +238,7 @@ static void handle_signal(struct ksignal *ksig, struct pt_regs *regs) + /* fallthrough */ + case -ERESTARTNOINTR: + regs->a0 = regs->orig_a0; +- regs->sepc -= 0x4; ++ regs->epc -= 0x4; + break; + } + } +@@ -261,9 +260,9 @@ static void do_signal(struct pt_regs *regs) + } + + /* Did we come from a system call? */ +- if (regs->scause == EXC_SYSCALL) { ++ if (regs->cause == EXC_SYSCALL) { + /* Avoid additional syscall restarting via ret_from_exception */ +- regs->scause = -1UL; ++ regs->cause = -1UL; + + /* Restart the system call - no handlers present */ + switch (regs->a0) { +@@ -271,12 +270,12 @@ static void do_signal(struct pt_regs *regs) + case -ERESTARTSYS: + case -ERESTARTNOINTR: + regs->a0 = regs->orig_a0; +- regs->sepc -= 0x4; ++ regs->epc -= 0x4; + break; + case -ERESTART_RESTARTBLOCK: + regs->a0 = regs->orig_a0; + regs->a7 = __NR_restart_syscall; +- regs->sepc -= 0x4; ++ regs->epc -= 0x4; + break; + } + } +diff --git a/arch/riscv/kernel/smp.c b/arch/riscv/kernel/smp.c +index 098c04adbaaf..d724a7e6f4eb 100644 +--- a/arch/riscv/kernel/smp.c ++++ b/arch/riscv/kernel/smp.c +@@ -108,7 +108,7 @@ static void send_ipi_single(int cpu, enum ipi_message_type op) + + static inline void clear_ipi(void) + { +- csr_clear(CSR_SIP, SIE_SSIE); ++ csr_clear(CSR_IP, IE_SIE); + } + + void riscv_software_interrupt(void) +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index c28d4debf592..030094ac7190 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -42,7 +42,7 @@ void die(struct pt_regs *regs, const char *str) + print_modules(); + show_regs(regs); + +- ret = notify_die(DIE_OOPS, str, regs, 0, regs->scause, SIGSEGV); ++ ret = notify_die(DIE_OOPS, str, regs, 0, regs->cause, SIGSEGV); + + if (regs && kexec_should_crash(current)) + crash_kexec(regs); +@@ -90,7 +90,7 @@ static void do_trap_error(struct pt_regs *regs, int signo, int code, + #define DO_ERROR_INFO(name, signo, code, str) \ + asmlinkage __visible void name(struct pt_regs *regs) \ + { \ +- do_trap_error(regs, signo, code, regs->sepc, "Oops - " str); \ ++ do_trap_error(regs, signo, code, regs->epc, "Oops - " str); \ + } + + DO_ERROR_INFO(do_trap_unknown, +@@ -128,9 +128,9 @@ static inline unsigned long get_break_insn_length(unsigned long pc) + asmlinkage __visible void do_trap_break(struct pt_regs *regs) + { + if (user_mode(regs)) +- force_sig_fault(SIGTRAP, TRAP_BRKPT, (void __user *)regs->sepc); +- else if (report_bug(regs->sepc, regs) == BUG_TRAP_TYPE_WARN) +- regs->sepc += get_break_insn_length(regs->sepc); ++ force_sig_fault(SIGTRAP, TRAP_BRKPT, (void __user *)regs->epc); ++ else if (report_bug(regs->epc, regs) == BUG_TRAP_TYPE_WARN) ++ regs->epc += get_break_insn_length(regs->epc); + else + die(regs, "Kernel BUG"); + } +@@ -157,9 +157,9 @@ void __init trap_init(void) + * Set sup0 scratch register to 0, indicating to exception vector + * that we are presently executing in the kernel + */ +- csr_write(CSR_SSCRATCH, 0); ++ csr_write(CSR_SCRATCH, 0); + /* Set the exception vector address */ +- csr_write(CSR_STVEC, &handle_exception); ++ csr_write(CSR_TVEC, &handle_exception); + /* Enable all interrupts */ +- csr_write(CSR_SIE, -1); ++ csr_write(CSR_IE, -1); + } +diff --git a/arch/riscv/lib/uaccess.S b/arch/riscv/lib/uaccess.S +index ed2696c0143d..fecd65657a6f 100644 +--- a/arch/riscv/lib/uaccess.S ++++ b/arch/riscv/lib/uaccess.S +@@ -18,7 +18,7 @@ ENTRY(__asm_copy_from_user) + + /* Enable access to user memory */ + li t6, SR_SUM +- csrs CSR_SSTATUS, t6 ++ csrs CSR_STATUS, t6 + + add a3, a1, a2 + /* Use word-oriented copy only if low-order bits match */ +@@ -47,7 +47,7 @@ ENTRY(__asm_copy_from_user) + + 3: + /* Disable access to user memory */ +- csrc CSR_SSTATUS, t6 ++ csrc CSR_STATUS, t6 + li a0, 0 + ret + 4: /* Edge case: unalignment */ +@@ -72,7 +72,7 @@ ENTRY(__clear_user) + + /* Enable access to user memory */ + li t6, SR_SUM +- csrs CSR_SSTATUS, t6 ++ csrs CSR_STATUS, t6 + + add a3, a0, a1 + addi t0, a0, SZREG-1 +@@ -94,7 +94,7 @@ ENTRY(__clear_user) + + 3: + /* Disable access to user memory */ +- csrc CSR_SSTATUS, t6 ++ csrc CSR_STATUS, t6 + li a0, 0 + ret + 4: /* Edge case: unalignment */ +@@ -114,11 +114,11 @@ ENDPROC(__clear_user) + /* Fixup code for __copy_user(10) and __clear_user(11) */ + 10: + /* Disable access to user memory */ +- csrs CSR_SSTATUS, t6 ++ csrs CSR_STATUS, t6 + mv a0, a2 + ret + 11: +- csrs CSR_SSTATUS, t6 ++ csrs CSR_STATUS, t6 + mv a0, a1 + ret + .previous +diff --git a/arch/riscv/mm/extable.c b/arch/riscv/mm/extable.c +index 7aed9178d365..2fc729422151 100644 +--- a/arch/riscv/mm/extable.c ++++ b/arch/riscv/mm/extable.c +@@ -15,9 +15,9 @@ int fixup_exception(struct pt_regs *regs) + { + const struct exception_table_entry *fixup; + +- fixup = search_exception_tables(regs->sepc); ++ fixup = search_exception_tables(regs->epc); + if (fixup) { +- regs->sepc = fixup->fixup; ++ regs->epc = fixup->fixup; + return 1; + } + return 0; +diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c +index 1cfce62caa11..55ac8b7bb432 100644 +--- a/arch/riscv/mm/fault.c ++++ b/arch/riscv/mm/fault.c +@@ -34,8 +34,8 @@ asmlinkage void do_page_fault(struct pt_regs *regs) + int code = SEGV_MAPERR; + vm_fault_t fault; + +- cause = regs->scause; +- addr = regs->sbadaddr; ++ cause = regs->cause; ++ addr = regs->badaddr; + + tsk = current; + mm = tsk->mm; +@@ -53,7 +53,7 @@ asmlinkage void do_page_fault(struct pt_regs *regs) + goto vmalloc_fault; + + /* Enable interrupts if they were enabled in the parent context. */ +- if (likely(regs->sstatus & SR_SPIE)) ++ if (likely(regs->status & SR_PIE)) + local_irq_enable(); + + /* +diff --git a/drivers/clocksource/timer-riscv.c b/drivers/clocksource/timer-riscv.c +index 4b04ffbe5e7e..cd8395171849 100644 +--- a/drivers/clocksource/timer-riscv.c ++++ b/drivers/clocksource/timer-riscv.c +@@ -19,7 +19,7 @@ + static int riscv_clock_next_event(unsigned long delta, + struct clock_event_device *ce) + { +- csr_set(sie, SIE_STIE); ++ csr_set(CSR_IE, IE_TIE); + sbi_set_timer(get_cycles64() + delta); + return 0; + } +@@ -61,13 +61,13 @@ static int riscv_timer_starting_cpu(unsigned int cpu) + ce->cpumask = cpumask_of(cpu); + clockevents_config_and_register(ce, riscv_timebase, 100, 0x7fffffff); + +- csr_set(sie, SIE_STIE); ++ csr_set(CSR_IE, IE_TIE); + return 0; + } + + static int riscv_timer_dying_cpu(unsigned int cpu) + { +- csr_clear(sie, SIE_STIE); ++ csr_clear(CSR_IE, IE_TIE); + return 0; + } + +@@ -76,7 +76,7 @@ void riscv_timer_interrupt(void) + { + struct clock_event_device *evdev = this_cpu_ptr(&riscv_clock_event); + +- csr_clear(sie, SIE_STIE); ++ csr_clear(CSR_IE, IE_TIE); + evdev->event_handler(evdev); + } + +diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c +index 9dad45d928bf..2dca689a5cbc 100644 +--- a/drivers/irqchip/irq-sifive-plic.c ++++ b/drivers/irqchip/irq-sifive-plic.c +@@ -187,7 +187,7 @@ static void plic_handle_irq(struct pt_regs *regs) + + WARN_ON_ONCE(!handler->present); + +- csr_clear(sie, SIE_SEIE); ++ csr_clear(CSR_IE, IE_EIE); + while ((hwirq = readl(claim))) { + int irq = irq_find_mapping(plic_irqdomain, hwirq); + +@@ -197,7 +197,7 @@ static void plic_handle_irq(struct pt_regs *regs) + else + generic_handle_irq(irq); + } +- csr_set(sie, SIE_SEIE); ++ csr_set(CSR_IE, IE_EIE); + } + + /* +@@ -258,8 +258,11 @@ static int __init plic_init(struct device_node *node, + continue; + } + +- /* skip contexts other than supervisor external interrupt */ +- if (parent.args[0] != IRQ_S_EXT) ++ /* ++ * Skip contexts other than external interrupts for our ++ * privilege level. ++ */ ++ if (parent.args[0] != IRQ_EXT) + continue; + + hartid = plic_find_hart_id(parent.np); +-- +2.39.5 + diff --git a/queue-5.4/riscv-avoid-enabling-interrupts-in-die.patch b/queue-5.4/riscv-avoid-enabling-interrupts-in-die.patch new file mode 100644 index 00000000000..b05ff47582e --- /dev/null +++ b/queue-5.4/riscv-avoid-enabling-interrupts-in-die.patch @@ -0,0 +1,61 @@ +From 6b95ce051d8be5637ece3e3f58e8035c8b2309cf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Feb 2023 14:48:28 +0000 +Subject: riscv: Avoid enabling interrupts in die() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Mattias Nissler + +[ Upstream commit 130aee3fd9981297ff9354e5d5609cd59aafbbea ] + +While working on something else, I noticed that the kernel would start +accepting interrupts again after crashing in an interrupt handler. Since +the kernel is already in inconsistent state, enabling interrupts is +dangerous and opens up risk of kernel state deteriorating further. +Interrupts do get enabled via what looks like an unintended side effect of +spin_unlock_irq, so switch to the more cautious +spin_lock_irqsave/spin_unlock_irqrestore instead. + +Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") +Signed-off-by: Mattias Nissler +Reviewed-by: Björn Töpel +Link: https://lore.kernel.org/r/20230215144828.3370316-1-mnissler@rivosinc.com +Cc: stable@vger.kernel.org +Signed-off-by: Palmer Dabbelt +Stable-dep-of: 6a97f4118ac0 ("riscv: Fix sleeping in invalid context in die()") +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/traps.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index 533087439e80..d255d88cf522 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -30,10 +30,11 @@ void die(struct pt_regs *regs, const char *str) + static int die_counter; + int ret; + long cause; ++ unsigned long flags; + + oops_enter(); + +- spin_lock_irq(&die_lock); ++ spin_lock_irqsave(&die_lock, flags); + console_verbose(); + bust_spinlocks(1); + +@@ -50,7 +51,7 @@ void die(struct pt_regs *regs, const char *str) + + bust_spinlocks(0); + add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE); +- spin_unlock_irq(&die_lock); ++ spin_unlock_irqrestore(&die_lock, flags); + oops_exit(); + + if (in_interrupt()) +-- +2.39.5 + diff --git a/queue-5.4/riscv-fix-sleeping-in-invalid-context-in-die.patch b/queue-5.4/riscv-fix-sleeping-in-invalid-context-in-die.patch new file mode 100644 index 00000000000..3a88f97ad26 --- /dev/null +++ b/queue-5.4/riscv-fix-sleeping-in-invalid-context-in-die.patch @@ -0,0 +1,79 @@ +From 6d6dbc938ae4e9b400e9410b5cab83c3f488e03a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Nov 2024 10:13:33 +0100 +Subject: riscv: Fix sleeping in invalid context in die() + +From: Nam Cao + +[ Upstream commit 6a97f4118ac07cfdc316433f385dbdc12af5025e ] + +die() can be called in exception handler, and therefore cannot sleep. +However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. +That causes the following warning: + +BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 +in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex +preempt_count: 110001, expected: 0 +RCU nest depth: 0, expected: 0 +CPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234 +Hardware name: riscv-virtio,qemu (DT) +Call Trace: + dump_backtrace+0x1c/0x24 + show_stack+0x2c/0x38 + dump_stack_lvl+0x5a/0x72 + dump_stack+0x14/0x1c + __might_resched+0x130/0x13a + rt_spin_lock+0x2a/0x5c + die+0x24/0x112 + do_trap_insn_illegal+0xa0/0xea + _new_vmalloc_restore_context_a0+0xcc/0xd8 +Oops - illegal instruction [#1] + +Switch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT +enabled. + +Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") +Signed-off-by: Nam Cao +Cc: stable@vger.kernel.org +Reviewed-by: Sebastian Andrzej Siewior +Link: https://lore.kernel.org/r/20241118091333.1185288-1-namcao@linutronix.de +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/traps.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index d255d88cf522..fbc918f127dc 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -23,7 +23,7 @@ + + int show_unhandled_signals = 1; + +-static DEFINE_SPINLOCK(die_lock); ++static DEFINE_RAW_SPINLOCK(die_lock); + + void die(struct pt_regs *regs, const char *str) + { +@@ -34,7 +34,7 @@ void die(struct pt_regs *regs, const char *str) + + oops_enter(); + +- spin_lock_irqsave(&die_lock, flags); ++ raw_spin_lock_irqsave(&die_lock, flags); + console_verbose(); + bust_spinlocks(1); + +@@ -51,7 +51,7 @@ void die(struct pt_regs *regs, const char *str) + + bust_spinlocks(0); + add_taint(TAINT_DIE, LOCKDEP_NOW_UNRELIABLE); +- spin_unlock_irqrestore(&die_lock, flags); ++ raw_spin_unlock_irqrestore(&die_lock, flags); + oops_exit(); + + if (in_interrupt()) +-- +2.39.5 + diff --git a/queue-5.4/riscv-remove-unused-handle_exception-symbol.patch b/queue-5.4/riscv-remove-unused-handle_exception-symbol.patch new file mode 100644 index 00000000000..a26546d316d --- /dev/null +++ b/queue-5.4/riscv-remove-unused-handle_exception-symbol.patch @@ -0,0 +1,37 @@ +From 41b33c44b51d27f711d2e822d711de291c216c75 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 1 May 2021 20:53:58 +0200 +Subject: riscv: remove unused handle_exception symbol + +From: Rouven Czerwinski + +[ Upstream commit beaf5ae15a13d835a01e30c282c8325ce0f1eb7e ] + +Since commit 79b1feba5455 ("RISC-V: Setup exception vector early") +exception vectors are setup early and the handle_exception symbol from +the asm files is no longer referenced in traps.c. Remove it. + +Signed-off-by: Rouven Czerwinski +Signed-off-by: Palmer Dabbelt +Stable-dep-of: 6a97f4118ac0 ("riscv: Fix sleeping in invalid context in die()") +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/traps.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index 030094ac7190..184f7b82c5ae 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -23,8 +23,6 @@ + + int show_unhandled_signals = 1; + +-extern asmlinkage void handle_exception(void); +- + static DEFINE_SPINLOCK(die_lock); + + void die(struct pt_regs *regs, const char *str) +-- +2.39.5 + diff --git a/queue-5.4/sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch b/queue-5.4/sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch new file mode 100644 index 00000000000..a07f485e9e1 --- /dev/null +++ b/queue-5.4/sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch @@ -0,0 +1,63 @@ +From 7a929e12aec4702d898169e52d14b451ac432669 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 8 Jan 2025 16:34:33 +0100 +Subject: sctp: sysctl: rto_min/max: avoid using current->nsproxy + +From: Matthieu Baerts (NGI0) + +[ Upstream commit 9fc17b76fc70763780aa78b38fcf4742384044a5 ] + +As mentioned in a previous commit of this series, using the 'net' +structure via 'current' is not recommended for different reasons: + +- Inconsistency: getting info from the reader's/writer's netns vs only + from the opener's netns. + +- current->nsproxy can be NULL in some cases, resulting in an 'Oops' + (null-ptr-deref), e.g. when the current task is exiting, as spotted by + syzbot [1] using acct(2). + +The 'net' structure can be obtained from the table->data using +container_of(). + +Note that table->data could also be used directly, as this is the only +member needed from the 'net' structure, but that would increase the size +of this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used. + +Fixes: 4f3fdf3bc59c ("sctp: add check rto_min and rto_max in sysctl") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/67769ecb.050a0220.3a8527.003f.GAE@google.com [1] +Suggested-by: Al Viro +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://patch.msgid.link/20250108-net-sysctl-current-nsproxy-v1-5-5df34b2083e8@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/sctp/sysctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c +index 4513d8d45e55..7777c0096a38 100644 +--- a/net/sctp/sysctl.c ++++ b/net/sctp/sysctl.c +@@ -372,7 +372,7 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write, + void __user *buffer, size_t *lenp, + loff_t *ppos) + { +- struct net *net = current->nsproxy->net_ns; ++ struct net *net = container_of(ctl->data, struct net, sctp.rto_min); + unsigned int min = *(unsigned int *) ctl->extra1; + unsigned int max = *(unsigned int *) ctl->extra2; + struct ctl_table tbl; +@@ -401,7 +401,7 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, + void __user *buffer, size_t *lenp, + loff_t *ppos) + { +- struct net *net = current->nsproxy->net_ns; ++ struct net *net = container_of(ctl->data, struct net, sctp.rto_max); + unsigned int min = *(unsigned int *) ctl->extra1; + unsigned int max = *(unsigned int *) ctl->extra2; + struct ctl_table tbl; +-- +2.39.5 + diff --git a/queue-5.4/series b/queue-5.4/series index 7f04bb2b26b..c5d55d66318 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -35,3 +35,17 @@ iio-gyro-fxas21002c-fix-missing-data-update-in-trigger-handler.patch iio-adc-ti-ads124s08-use-gpiod_set_value_cansleep.patch iio-adc-at91-call-input_free_device-on-allocated-iio_dev.patch iio-inkern-call-iio_device_put-only-on-mapped-devices.patch +arm64-dts-rockchip-fix-defines-in-pd_vio-node-for-rk.patch +arm64-dts-rockchip-fix-pd_tcpc0-and-pd_tcpc1-node-po.patch +arm64-dts-rockchip-add-power-domain-cells-to-power-d.patch +arm64-dts-rockchip-add-hevc-power-domain-clock-to-rk.patch +phy-core-fix-code-style-in-devm_of_phy_provider_unre.patch +phy-core-fix-that-api-devm_of_phy_provider_unregiste.patch +ocfs2-correct-return-value-of-ocfs2_local_free_info.patch +ocfs2-fix-slab-use-after-free-due-to-dangling-pointe.patch +sctp-sysctl-rto_min-max-avoid-using-current-nsproxy.patch +riscv-abstract-out-csr-names-for-supervisor-vs-machi.patch +riscv-remove-unused-handle_exception-symbol.patch +risc-v-avoid-dereferening-null-regs-in-die.patch +riscv-avoid-enabling-interrupts-in-die.patch +riscv-fix-sleeping-in-invalid-context-in-die.patch