From 1da3eba17dd31e3fe20c101d5dcddbc7853e6161 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 16 Jun 2020 13:05:57 +0200 Subject: [PATCH] 5.7-stable patches added patches: cpufreq-fix-up-cpufreq_boost_set_sw.patch edac-skx-use-the-mcmtr-register-to-retrieve-close_pg-bank_xor_enable.patch kvm-arm64-make-vcpu_cp1x-work-on-big-endian-hosts.patch kvm-arm64-stop-writing-aarch32-s-csselr-into-actlr.patch kvm-mips-define-kvm_entryhi_asid-to-cpu_asid_mask-boot_cpu_data.patch kvm-mips-fix-vpn2_mask-definition-for-variable-cpu_vmbits.patch kvm-nsvm-fix-condition-for-filtering-async-pf.patch kvm-nsvm-leave-asid-aside-in-copy_vmcb_control_area.patch kvm-nvmx-consult-only-the-basic-exit-reason-when-routing-nested-exit.patch kvm-nvmx-skip-ibpb-when-switching-between-vmcs01-and-vmcs02.patch media-videobuf2-dma-contig-fix-bad-kfree-in-vb2_dma_contig_clear_max_seg_size.patch scsi-lpfc-fix-negation-of-else-clause-in-lpfc_prep_node_fc4type.patch scsi-megaraid_sas-replace-undefined-mfi_big_endian-macro-with-__big_endian_bitfield-macro.patch scsi-megaraid_sas-tm-command-refire-leads-to-controller-firmware-crash.patch selftests-ftrace-return-unsupported-if-no-error_log-file.patch video-fbdev-w100fb-fix-a-potential-double-free.patch video-vt8500lcdfb-fix-fallthrough-warning.patch --- .../cpufreq-fix-up-cpufreq_boost_set_sw.patch | 66 +++++++++ ...to-retrieve-close_pg-bank_xor_enable.patch | 125 ++++++++++++++++++ ...e-vcpu_cp1x-work-on-big-endian-hosts.patch | 45 +++++++ ...-writing-aarch32-s-csselr-into-actlr.patch | 65 +++++++++ ..._asid-to-cpu_asid_mask-boot_cpu_data.patch | 45 +++++++ ...k-definition-for-variable-cpu_vmbits.patch | 43 ++++++ ...fix-condition-for-filtering-async-pf.patch | 36 +++++ ...asid-aside-in-copy_vmcb_control_area.patch | 32 +++++ ...exit-reason-when-routing-nested-exit.patch | 51 +++++++ ...-switching-between-vmcs01-and-vmcs02.patch | 105 +++++++++++++++ ...in-vb2_dma_contig_clear_max_seg_size.patch | 89 +++++++++++++ ...lse-clause-in-lpfc_prep_node_fc4type.patch | 39 ++++++ ...cro-with-__big_endian_bitfield-macro.patch | 76 +++++++++++ ...e-leads-to-controller-firmware-crash.patch | 55 ++++++++ ...urn-unsupported-if-no-error_log-file.patch | 36 +++++ queue-5.7/series | 17 +++ ...v-w100fb-fix-a-potential-double-free.patch | 50 +++++++ ...-vt8500lcdfb-fix-fallthrough-warning.patch | 45 +++++++ 18 files changed, 1020 insertions(+) create mode 100644 queue-5.7/cpufreq-fix-up-cpufreq_boost_set_sw.patch create mode 100644 queue-5.7/edac-skx-use-the-mcmtr-register-to-retrieve-close_pg-bank_xor_enable.patch create mode 100644 queue-5.7/kvm-arm64-make-vcpu_cp1x-work-on-big-endian-hosts.patch create mode 100644 queue-5.7/kvm-arm64-stop-writing-aarch32-s-csselr-into-actlr.patch create mode 100644 queue-5.7/kvm-mips-define-kvm_entryhi_asid-to-cpu_asid_mask-boot_cpu_data.patch create mode 100644 queue-5.7/kvm-mips-fix-vpn2_mask-definition-for-variable-cpu_vmbits.patch create mode 100644 queue-5.7/kvm-nsvm-fix-condition-for-filtering-async-pf.patch create mode 100644 queue-5.7/kvm-nsvm-leave-asid-aside-in-copy_vmcb_control_area.patch create mode 100644 queue-5.7/kvm-nvmx-consult-only-the-basic-exit-reason-when-routing-nested-exit.patch create mode 100644 queue-5.7/kvm-nvmx-skip-ibpb-when-switching-between-vmcs01-and-vmcs02.patch create mode 100644 queue-5.7/media-videobuf2-dma-contig-fix-bad-kfree-in-vb2_dma_contig_clear_max_seg_size.patch create mode 100644 queue-5.7/scsi-lpfc-fix-negation-of-else-clause-in-lpfc_prep_node_fc4type.patch create mode 100644 queue-5.7/scsi-megaraid_sas-replace-undefined-mfi_big_endian-macro-with-__big_endian_bitfield-macro.patch create mode 100644 queue-5.7/scsi-megaraid_sas-tm-command-refire-leads-to-controller-firmware-crash.patch create mode 100644 queue-5.7/selftests-ftrace-return-unsupported-if-no-error_log-file.patch create mode 100644 queue-5.7/video-fbdev-w100fb-fix-a-potential-double-free.patch create mode 100644 queue-5.7/video-vt8500lcdfb-fix-fallthrough-warning.patch diff --git a/queue-5.7/cpufreq-fix-up-cpufreq_boost_set_sw.patch b/queue-5.7/cpufreq-fix-up-cpufreq_boost_set_sw.patch new file mode 100644 index 00000000000..6db8737f4c1 --- /dev/null +++ b/queue-5.7/cpufreq-fix-up-cpufreq_boost_set_sw.patch @@ -0,0 +1,66 @@ +From 552abb884e97d26589964e5a8c7e736f852f95f0 Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Mon, 18 May 2020 12:49:45 +0200 +Subject: cpufreq: Fix up cpufreq_boost_set_sw() + +From: Rafael J. Wysocki + +commit 552abb884e97d26589964e5a8c7e736f852f95f0 upstream. + +After commit 18c49926c4bf ("cpufreq: Add QoS requests for userspace +constraints") the return value of freq_qos_update_request(), that can +be 1, passed by cpufreq_boost_set_sw() to its caller sometimes +confuses the latter, which only expects to see 0 or negative error +codes, so notice that cpufreq_boost_set_sw() can return an error code +(which should not be -EINVAL for that matter) as soon as the first +policy without a frequency table is found (because either all policies +have a frequency table or none of them have it) and rework it to meet +its caller's expectations. + +Fixes: 18c49926c4bf ("cpufreq: Add QoS requests for userspace constraints") +Reported-by: Serge Semin +Reported-by: Xiongfeng Wang +Acked-by: Viresh Kumar +Cc: 5.3+ # 5.3+ +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/cpufreq/cpufreq.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -2535,26 +2535,27 @@ EXPORT_SYMBOL_GPL(cpufreq_update_limits) + static int cpufreq_boost_set_sw(int state) + { + struct cpufreq_policy *policy; +- int ret = -EINVAL; + + for_each_active_policy(policy) { ++ int ret; ++ + if (!policy->freq_table) +- continue; ++ return -ENXIO; + + ret = cpufreq_frequency_table_cpuinfo(policy, + policy->freq_table); + if (ret) { + pr_err("%s: Policy frequency update failed\n", + __func__); +- break; ++ return ret; + } + + ret = freq_qos_update_request(policy->max_freq_req, policy->max); + if (ret < 0) +- break; ++ return ret; + } + +- return ret; ++ return 0; + } + + int cpufreq_boost_trigger_state(int state) diff --git a/queue-5.7/edac-skx-use-the-mcmtr-register-to-retrieve-close_pg-bank_xor_enable.patch b/queue-5.7/edac-skx-use-the-mcmtr-register-to-retrieve-close_pg-bank_xor_enable.patch new file mode 100644 index 00000000000..c08b663ee89 --- /dev/null +++ b/queue-5.7/edac-skx-use-the-mcmtr-register-to-retrieve-close_pg-bank_xor_enable.patch @@ -0,0 +1,125 @@ +From 1032095053b34d474aa20f2625d97dd306e0991b Mon Sep 17 00:00:00 2001 +From: Qiuxu Zhuo +Date: Fri, 15 May 2020 20:34:06 +0800 +Subject: EDAC/skx: Use the mcmtr register to retrieve close_pg/bank_xor_enable + +From: Qiuxu Zhuo + +commit 1032095053b34d474aa20f2625d97dd306e0991b upstream. + +The skx_edac driver wrongly uses the mtr register to retrieve two fields +close_pg and bank_xor_enable. Fix it by using the correct mcmtr register +to get the two fields. + +Cc: +Signed-off-by: Qiuxu Zhuo +Reported-by: Matthew Riley +Acked-by: Aristeu Rozanski +Signed-off-by: Tony Luck +Link: https://lore.kernel.org/r/20200515210146.1337-1-tony.luck@intel.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/edac/i10nm_base.c | 2 +- + drivers/edac/skx_base.c | 20 ++++++++------------ + drivers/edac/skx_common.c | 6 +++--- + drivers/edac/skx_common.h | 2 +- + 4 files changed, 13 insertions(+), 17 deletions(-) + +--- a/drivers/edac/i10nm_base.c ++++ b/drivers/edac/i10nm_base.c +@@ -161,7 +161,7 @@ static int i10nm_get_dimm_config(struct + mtr, mcddrtcfg, imc->mc, i, j); + + if (IS_DIMM_PRESENT(mtr)) +- ndimms += skx_get_dimm_info(mtr, 0, dimm, ++ ndimms += skx_get_dimm_info(mtr, 0, 0, dimm, + imc, i, j); + else if (IS_NVDIMM_PRESENT(mcddrtcfg, j)) + ndimms += skx_get_nvdimm_info(dimm, imc, i, j, +--- a/drivers/edac/skx_base.c ++++ b/drivers/edac/skx_base.c +@@ -163,27 +163,23 @@ static const struct x86_cpu_id skx_cpuid + }; + MODULE_DEVICE_TABLE(x86cpu, skx_cpuids); + +-#define SKX_GET_MTMTR(dev, reg) \ +- pci_read_config_dword((dev), 0x87c, &(reg)) +- +-static bool skx_check_ecc(struct pci_dev *pdev) ++static bool skx_check_ecc(u32 mcmtr) + { +- u32 mtmtr; +- +- SKX_GET_MTMTR(pdev, mtmtr); +- +- return !!GET_BITFIELD(mtmtr, 2, 2); ++ return !!GET_BITFIELD(mcmtr, 2, 2); + } + + static int skx_get_dimm_config(struct mem_ctl_info *mci) + { + struct skx_pvt *pvt = mci->pvt_info; ++ u32 mtr, mcmtr, amap, mcddrtcfg; + struct skx_imc *imc = pvt->imc; +- u32 mtr, amap, mcddrtcfg; + struct dimm_info *dimm; + int i, j; + int ndimms; + ++ /* Only the mcmtr on the first channel is effective */ ++ pci_read_config_dword(imc->chan[0].cdev, 0x87c, &mcmtr); ++ + for (i = 0; i < SKX_NUM_CHANNELS; i++) { + ndimms = 0; + pci_read_config_dword(imc->chan[i].cdev, 0x8C, &amap); +@@ -193,14 +189,14 @@ static int skx_get_dimm_config(struct me + pci_read_config_dword(imc->chan[i].cdev, + 0x80 + 4 * j, &mtr); + if (IS_DIMM_PRESENT(mtr)) { +- ndimms += skx_get_dimm_info(mtr, amap, dimm, imc, i, j); ++ ndimms += skx_get_dimm_info(mtr, mcmtr, amap, dimm, imc, i, j); + } else if (IS_NVDIMM_PRESENT(mcddrtcfg, j)) { + ndimms += skx_get_nvdimm_info(dimm, imc, i, j, + EDAC_MOD_STR); + nvdimm_count++; + } + } +- if (ndimms && !skx_check_ecc(imc->chan[0].cdev)) { ++ if (ndimms && !skx_check_ecc(mcmtr)) { + skx_printk(KERN_ERR, "ECC is disabled on imc %d\n", imc->mc); + return -ENODEV; + } +--- a/drivers/edac/skx_common.c ++++ b/drivers/edac/skx_common.c +@@ -304,7 +304,7 @@ static int skx_get_dimm_attr(u32 reg, in + #define numrow(reg) skx_get_dimm_attr(reg, 2, 4, 12, 1, 6, "rows") + #define numcol(reg) skx_get_dimm_attr(reg, 0, 1, 10, 0, 2, "cols") + +-int skx_get_dimm_info(u32 mtr, u32 amap, struct dimm_info *dimm, ++int skx_get_dimm_info(u32 mtr, u32 mcmtr, u32 amap, struct dimm_info *dimm, + struct skx_imc *imc, int chan, int dimmno) + { + int banks = 16, ranks, rows, cols, npages; +@@ -324,8 +324,8 @@ int skx_get_dimm_info(u32 mtr, u32 amap, + imc->mc, chan, dimmno, size, npages, + banks, 1 << ranks, rows, cols); + +- imc->chan[chan].dimms[dimmno].close_pg = GET_BITFIELD(mtr, 0, 0); +- imc->chan[chan].dimms[dimmno].bank_xor_enable = GET_BITFIELD(mtr, 9, 9); ++ imc->chan[chan].dimms[dimmno].close_pg = GET_BITFIELD(mcmtr, 0, 0); ++ imc->chan[chan].dimms[dimmno].bank_xor_enable = GET_BITFIELD(mcmtr, 9, 9); + imc->chan[chan].dimms[dimmno].fine_grain_bank = GET_BITFIELD(amap, 0, 0); + imc->chan[chan].dimms[dimmno].rowbits = rows; + imc->chan[chan].dimms[dimmno].colbits = cols; +--- a/drivers/edac/skx_common.h ++++ b/drivers/edac/skx_common.h +@@ -128,7 +128,7 @@ int skx_get_all_bus_mappings(unsigned in + + int skx_get_hi_lo(unsigned int did, int off[], u64 *tolm, u64 *tohm); + +-int skx_get_dimm_info(u32 mtr, u32 amap, struct dimm_info *dimm, ++int skx_get_dimm_info(u32 mtr, u32 mcmtr, u32 amap, struct dimm_info *dimm, + struct skx_imc *imc, int chan, int dimmno); + + int skx_get_nvdimm_info(struct dimm_info *dimm, struct skx_imc *imc, diff --git a/queue-5.7/kvm-arm64-make-vcpu_cp1x-work-on-big-endian-hosts.patch b/queue-5.7/kvm-arm64-make-vcpu_cp1x-work-on-big-endian-hosts.patch new file mode 100644 index 00000000000..9948a339a3e --- /dev/null +++ b/queue-5.7/kvm-arm64-make-vcpu_cp1x-work-on-big-endian-hosts.patch @@ -0,0 +1,45 @@ +From 3204be4109ad681523e3461ce64454c79278450a Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Tue, 9 Jun 2020 08:40:35 +0100 +Subject: KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts + +From: Marc Zyngier + +commit 3204be4109ad681523e3461ce64454c79278450a upstream. + +AArch32 CP1x registers are overlayed on their AArch64 counterparts +in the vcpu struct. This leads to an interesting problem as they +are stored in their CPU-local format, and thus a CP1x register +doesn't "hit" the lower 32bit portion of the AArch64 register on +a BE host. + +To workaround this unfortunate situation, introduce a bias trick +in the vcpu_cp1x() accessors which picks the correct half of the +64bit register. + +Cc: stable@vger.kernel.org +Reported-by: James Morse +Tested-by: James Morse +Acked-by: James Morse +Signed-off-by: Marc Zyngier +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/kvm_host.h | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/arch/arm64/include/asm/kvm_host.h ++++ b/arch/arm64/include/asm/kvm_host.h +@@ -405,8 +405,10 @@ void vcpu_write_sys_reg(struct kvm_vcpu + * CP14 and CP15 live in the same array, as they are backed by the + * same system registers. + */ +-#define vcpu_cp14(v,r) ((v)->arch.ctxt.copro[(r)]) +-#define vcpu_cp15(v,r) ((v)->arch.ctxt.copro[(r)]) ++#define CPx_BIAS IS_ENABLED(CONFIG_CPU_BIG_ENDIAN) ++ ++#define vcpu_cp14(v,r) ((v)->arch.ctxt.copro[(r) ^ CPx_BIAS]) ++#define vcpu_cp15(v,r) ((v)->arch.ctxt.copro[(r) ^ CPx_BIAS]) + + struct kvm_vm_stat { + ulong remote_tlb_flush; diff --git a/queue-5.7/kvm-arm64-stop-writing-aarch32-s-csselr-into-actlr.patch b/queue-5.7/kvm-arm64-stop-writing-aarch32-s-csselr-into-actlr.patch new file mode 100644 index 00000000000..b9df26eaf9d --- /dev/null +++ b/queue-5.7/kvm-arm64-stop-writing-aarch32-s-csselr-into-actlr.patch @@ -0,0 +1,65 @@ +From 7c582bf4ed84f3eb58bdd1f63024a14c17551e7d Mon Sep 17 00:00:00 2001 +From: James Morse +Date: Fri, 29 May 2020 15:06:54 +0000 +Subject: KVM: arm64: Stop writing aarch32's CSSELR into ACTLR + +From: James Morse + +commit 7c582bf4ed84f3eb58bdd1f63024a14c17551e7d upstream. + +aarch32 has pairs of registers to access the high and low parts of 64bit +registers. KVM has a union of 64bit sys_regs[] and 32bit copro[]. The +32bit accessors read the high or low part of the 64bit sys_reg[] value +through the union. + +Both sys_reg_descs[] and cp15_regs[] list access_csselr() as the accessor +for CSSELR{,_EL1}. access_csselr() is only aware of the 64bit sys_regs[], +and expects r->reg to be 'CSSELR_EL1' in the enum, index 2 of the 64bit +array. + +cp15_regs[] uses the 32bit copro[] alias of sys_regs[]. Here CSSELR is +c0_CSSELR which is the same location in sys_reg[]. r->reg is 'c0_CSSELR', +index 4 in the 32bit array. + +access_csselr() uses the 32bit r->reg value to access the 64bit array, +so reads and write the wrong value. sys_regs[4], is ACTLR_EL1, which +is subsequently save/restored when we enter the guest. + +ACTLR_EL1 is supposed to be read-only for the guest. This register +only affects execution at EL1, and the host's value is restored before +we return to host EL1. + +Convert the 32bit register index back to the 64bit version. + +Suggested-by: Marc Zyngier +Signed-off-by: James Morse +Signed-off-by: Marc Zyngier +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200529150656.7339-2-james.morse@arm.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kvm/sys_regs.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kvm/sys_regs.c ++++ b/arch/arm64/kvm/sys_regs.c +@@ -1305,10 +1305,16 @@ static bool access_clidr(struct kvm_vcpu + static bool access_csselr(struct kvm_vcpu *vcpu, struct sys_reg_params *p, + const struct sys_reg_desc *r) + { ++ int reg = r->reg; ++ ++ /* See the 32bit mapping in kvm_host.h */ ++ if (p->is_aarch32) ++ reg = r->reg / 2; ++ + if (p->is_write) +- vcpu_write_sys_reg(vcpu, p->regval, r->reg); ++ vcpu_write_sys_reg(vcpu, p->regval, reg); + else +- p->regval = vcpu_read_sys_reg(vcpu, r->reg); ++ p->regval = vcpu_read_sys_reg(vcpu, reg); + return true; + } + diff --git a/queue-5.7/kvm-mips-define-kvm_entryhi_asid-to-cpu_asid_mask-boot_cpu_data.patch b/queue-5.7/kvm-mips-define-kvm_entryhi_asid-to-cpu_asid_mask-boot_cpu_data.patch new file mode 100644 index 00000000000..fb1b37a684d --- /dev/null +++ b/queue-5.7/kvm-mips-define-kvm_entryhi_asid-to-cpu_asid_mask-boot_cpu_data.patch @@ -0,0 +1,45 @@ +From fe2b73dba47fb6d6922df1ad44e83b1754d5ed4d Mon Sep 17 00:00:00 2001 +From: Xing Li +Date: Sat, 23 May 2020 15:56:28 +0800 +Subject: KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) + +From: Xing Li + +commit fe2b73dba47fb6d6922df1ad44e83b1754d5ed4d upstream. + +The code in decode_config4() of arch/mips/kernel/cpu-probe.c + + asid_mask = MIPS_ENTRYHI_ASID; + if (config4 & MIPS_CONF4_AE) + asid_mask |= MIPS_ENTRYHI_ASIDX; + set_cpu_asid_mask(c, asid_mask); + +set asid_mask to cpuinfo->asid_mask. + +So in order to support variable ASID_MASK, KVM_ENTRYHI_ASID should also +be changed to cpu_asid_mask(&boot_cpu_data). + +Cc: Stable #4.9+ +Reviewed-by: Aleksandar Markovic +Signed-off-by: Xing Li +[Huacai: Change current_cpu_data to boot_cpu_data for optimization] +Signed-off-by: Huacai Chen +Message-Id: <1590220602-3547-2-git-send-email-chenhc@lemote.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/kvm_host.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/include/asm/kvm_host.h ++++ b/arch/mips/include/asm/kvm_host.h +@@ -275,7 +275,7 @@ enum emulation_result { + #define MIPS3_PG_FRAME 0x3fffffc0 + + #define VPN2_MASK 0xffffe000 +-#define KVM_ENTRYHI_ASID MIPS_ENTRYHI_ASID ++#define KVM_ENTRYHI_ASID cpu_asid_mask(&boot_cpu_data) + #define TLB_IS_GLOBAL(x) ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G) + #define TLB_VPN2(x) ((x).tlb_hi & VPN2_MASK) + #define TLB_ASID(x) ((x).tlb_hi & KVM_ENTRYHI_ASID) diff --git a/queue-5.7/kvm-mips-fix-vpn2_mask-definition-for-variable-cpu_vmbits.patch b/queue-5.7/kvm-mips-fix-vpn2_mask-definition-for-variable-cpu_vmbits.patch new file mode 100644 index 00000000000..3293c2db15d --- /dev/null +++ b/queue-5.7/kvm-mips-fix-vpn2_mask-definition-for-variable-cpu_vmbits.patch @@ -0,0 +1,43 @@ +From 5816c76dea116a458f1932eefe064e35403248eb Mon Sep 17 00:00:00 2001 +From: Xing Li +Date: Sat, 23 May 2020 15:56:29 +0800 +Subject: KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits + +From: Xing Li + +commit 5816c76dea116a458f1932eefe064e35403248eb upstream. + +If a CPU support more than 32bit vmbits (which is true for 64bit CPUs), +VPN2_MASK set to fixed 0xffffe000 will lead to a wrong EntryHi in some +functions such as _kvm_mips_host_tlb_inv(). + +The cpu_vmbits definition of 32bit CPU in cpu-features.h is 31, so we +still use the old definition. + +Cc: Stable +Reviewed-by: Aleksandar Markovic +Signed-off-by: Xing Li +[Huacai: Improve commit messages] +Signed-off-by: Huacai Chen +Message-Id: <1590220602-3547-3-git-send-email-chenhc@lemote.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/include/asm/kvm_host.h | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/arch/mips/include/asm/kvm_host.h ++++ b/arch/mips/include/asm/kvm_host.h +@@ -274,7 +274,11 @@ enum emulation_result { + #define MIPS3_PG_SHIFT 6 + #define MIPS3_PG_FRAME 0x3fffffc0 + ++#if defined(CONFIG_64BIT) ++#define VPN2_MASK GENMASK(cpu_vmbits - 1, 13) ++#else + #define VPN2_MASK 0xffffe000 ++#endif + #define KVM_ENTRYHI_ASID cpu_asid_mask(&boot_cpu_data) + #define TLB_IS_GLOBAL(x) ((x).tlb_lo[0] & (x).tlb_lo[1] & ENTRYLO_G) + #define TLB_VPN2(x) ((x).tlb_hi & VPN2_MASK) diff --git a/queue-5.7/kvm-nsvm-fix-condition-for-filtering-async-pf.patch b/queue-5.7/kvm-nsvm-fix-condition-for-filtering-async-pf.patch new file mode 100644 index 00000000000..3df16cd7411 --- /dev/null +++ b/queue-5.7/kvm-nsvm-fix-condition-for-filtering-async-pf.patch @@ -0,0 +1,36 @@ +From a3535be731c2a343912578465021f50937f7b099 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Sat, 16 May 2020 09:19:06 -0400 +Subject: KVM: nSVM: fix condition for filtering async PF + +From: Paolo Bonzini + +commit a3535be731c2a343912578465021f50937f7b099 upstream. + +Async page faults have to be trapped in the host (L1 in this case), +since the APF reason was passed from L0 to L1 and stored in the L1 APF +data page. This was completely reversed: the page faults were passed +to the guest, a L2 hypervisor. + +Cc: stable@vger.kernel.org +Reviewed-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/svm/nested.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/kvm/svm/nested.c ++++ b/arch/x86/kvm/svm/nested.c +@@ -834,8 +834,8 @@ int nested_svm_exit_special(struct vcpu_ + return NESTED_EXIT_HOST; + break; + case SVM_EXIT_EXCP_BASE + PF_VECTOR: +- /* When we're shadowing, trap PFs, but not async PF */ +- if (!npt_enabled && svm->vcpu.arch.apf.host_apf_reason == 0) ++ /* Trap async PF even if not shadowing */ ++ if (!npt_enabled || svm->vcpu.arch.apf.host_apf_reason) + return NESTED_EXIT_HOST; + break; + default: diff --git a/queue-5.7/kvm-nsvm-leave-asid-aside-in-copy_vmcb_control_area.patch b/queue-5.7/kvm-nsvm-leave-asid-aside-in-copy_vmcb_control_area.patch new file mode 100644 index 00000000000..5fa9063d914 --- /dev/null +++ b/queue-5.7/kvm-nsvm-leave-asid-aside-in-copy_vmcb_control_area.patch @@ -0,0 +1,32 @@ +From 6c0238c4a62b3a0b1201aeb7e33a4636d552a436 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 20 May 2020 08:02:17 -0400 +Subject: KVM: nSVM: leave ASID aside in copy_vmcb_control_area + +From: Paolo Bonzini + +commit 6c0238c4a62b3a0b1201aeb7e33a4636d552a436 upstream. + +Restoring the ASID from the hsave area on VMEXIT is wrong, because its +value depends on the handling of TLB flushes. Just skipping the field in +copy_vmcb_control_area will do. + +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/svm/nested.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kvm/svm/nested.c ++++ b/arch/x86/kvm/svm/nested.c +@@ -150,7 +150,7 @@ static void copy_vmcb_control_area(struc + dst->iopm_base_pa = from->iopm_base_pa; + dst->msrpm_base_pa = from->msrpm_base_pa; + dst->tsc_offset = from->tsc_offset; +- dst->asid = from->asid; ++ /* asid not copied, it is handled manually for svm->vmcb. */ + dst->tlb_ctl = from->tlb_ctl; + dst->int_ctl = from->int_ctl; + dst->int_vector = from->int_vector; diff --git a/queue-5.7/kvm-nvmx-consult-only-the-basic-exit-reason-when-routing-nested-exit.patch b/queue-5.7/kvm-nvmx-consult-only-the-basic-exit-reason-when-routing-nested-exit.patch new file mode 100644 index 00000000000..0f732ee7758 --- /dev/null +++ b/queue-5.7/kvm-nvmx-consult-only-the-basic-exit-reason-when-routing-nested-exit.patch @@ -0,0 +1,51 @@ +From 2ebac8bb3c2d35f5135466490fc8eeaf3f3e2d37 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Thu, 27 Feb 2020 09:44:30 -0800 +Subject: KVM: nVMX: Consult only the "basic" exit reason when routing nested exit + +From: Sean Christopherson + +commit 2ebac8bb3c2d35f5135466490fc8eeaf3f3e2d37 upstream. + +Consult only the basic exit reason, i.e. bits 15:0 of vmcs.EXIT_REASON, +when determining whether a nested VM-Exit should be reflected into L1 or +handled by KVM in L0. + +For better or worse, the switch statement in nested_vmx_exit_reflected() +currently defaults to "true", i.e. reflects any nested VM-Exit without +dedicated logic. Because the case statements only contain the basic +exit reason, any VM-Exit with modifier bits set will be reflected to L1, +even if KVM intended to handle it in L0. + +Practically speaking, this only affects EXIT_REASON_MCE_DURING_VMENTRY, +i.e. a #MC that occurs on nested VM-Enter would be incorrectly routed to +L1, as "failed VM-Entry" is the only modifier that KVM can currently +encounter. The SMM modifiers will never be generated as KVM doesn't +support/employ a SMI Transfer Monitor. Ditto for "exit from enclave", +as KVM doesn't yet support virtualizing SGX, i.e. it's impossible to +enter an enclave in a KVM guest (L1 or L2). + +Fixes: 644d711aa0e1 ("KVM: nVMX: Deciding if L0 or L1 should handle an L2 exit") +Cc: Jim Mattson +Cc: Xiaoyao Li +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20200227174430.26371-1-sean.j.christopherson@intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx/nested.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -5577,7 +5577,7 @@ bool nested_vmx_exit_reflected(struct kv + vmcs_read32(VM_EXIT_INTR_ERROR_CODE), + KVM_ISA_VMX); + +- switch (exit_reason) { ++ switch ((u16)exit_reason) { + case EXIT_REASON_EXCEPTION_NMI: + if (is_nmi(intr_info)) + return false; diff --git a/queue-5.7/kvm-nvmx-skip-ibpb-when-switching-between-vmcs01-and-vmcs02.patch b/queue-5.7/kvm-nvmx-skip-ibpb-when-switching-between-vmcs01-and-vmcs02.patch new file mode 100644 index 00000000000..a687b77c20a --- /dev/null +++ b/queue-5.7/kvm-nvmx-skip-ibpb-when-switching-between-vmcs01-and-vmcs02.patch @@ -0,0 +1,105 @@ +From 5c911beff20aa8639e7a1f28988736c13e03ed54 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Fri, 1 May 2020 09:31:17 -0700 +Subject: KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 + +From: Sean Christopherson + +commit 5c911beff20aa8639e7a1f28988736c13e03ed54 upstream. + +Skip the Indirect Branch Prediction Barrier that is triggered on a VMCS +switch when running with spectre_v2_user=on/auto if the switch is +between two VMCSes in the same guest, i.e. between vmcs01 and vmcs02. +The IBPB is intended to prevent one guest from attacking another, which +is unnecessary in the nested case as it's the same guest from KVM's +perspective. + +This all but eliminates the overhead observed for nested VMX transitions +when running with CONFIG_RETPOLINE=y and spectre_v2_user=on/auto, which +can be significant, e.g. roughly 3x on current systems. + +Reported-by: Alexander Graf +Cc: KarimAllah Raslan +Cc: stable@vger.kernel.org +Fixes: 15d45071523d ("KVM/x86: Add IBPB support") +Signed-off-by: Sean Christopherson +Message-Id: <20200501163117.4655-1-sean.j.christopherson@intel.com> +[Invert direction of bool argument. - Paolo] +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx/nested.c | 2 +- + arch/x86/kvm/vmx/vmx.c | 18 ++++++++++++++---- + arch/x86/kvm/vmx/vmx.h | 3 ++- + 3 files changed, 17 insertions(+), 6 deletions(-) + +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -303,7 +303,7 @@ static void vmx_switch_vmcs(struct kvm_v + cpu = get_cpu(); + prev = vmx->loaded_vmcs; + vmx->loaded_vmcs = vmcs; +- vmx_vcpu_load_vmcs(vcpu, cpu); ++ vmx_vcpu_load_vmcs(vcpu, cpu, prev); + vmx_sync_vmcs_host_state(vmx, prev); + put_cpu(); + +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -1306,10 +1306,12 @@ after_clear_sn: + pi_set_on(pi_desc); + } + +-void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu) ++void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, ++ struct loaded_vmcs *buddy) + { + struct vcpu_vmx *vmx = to_vmx(vcpu); + bool already_loaded = vmx->loaded_vmcs->cpu == cpu; ++ struct vmcs *prev; + + if (!already_loaded) { + loaded_vmcs_clear(vmx->loaded_vmcs); +@@ -1328,10 +1330,18 @@ void vmx_vcpu_load_vmcs(struct kvm_vcpu + local_irq_enable(); + } + +- if (per_cpu(current_vmcs, cpu) != vmx->loaded_vmcs->vmcs) { ++ prev = per_cpu(current_vmcs, cpu); ++ if (prev != vmx->loaded_vmcs->vmcs) { + per_cpu(current_vmcs, cpu) = vmx->loaded_vmcs->vmcs; + vmcs_load(vmx->loaded_vmcs->vmcs); +- indirect_branch_prediction_barrier(); ++ ++ /* ++ * No indirect branch prediction barrier needed when switching ++ * the active VMCS within a guest, e.g. on nested VM-Enter. ++ * The L1 VMM can protect itself with retpolines, IBPB or IBRS. ++ */ ++ if (!buddy || WARN_ON_ONCE(buddy->vmcs != prev)) ++ indirect_branch_prediction_barrier(); + } + + if (!already_loaded) { +@@ -1368,7 +1378,7 @@ void vmx_vcpu_load(struct kvm_vcpu *vcpu + { + struct vcpu_vmx *vmx = to_vmx(vcpu); + +- vmx_vcpu_load_vmcs(vcpu, cpu); ++ vmx_vcpu_load_vmcs(vcpu, cpu, NULL); + + vmx_vcpu_pi_load(vcpu, cpu); + +--- a/arch/x86/kvm/vmx/vmx.h ++++ b/arch/x86/kvm/vmx/vmx.h +@@ -317,7 +317,8 @@ struct kvm_vmx { + }; + + bool nested_vmx_allowed(struct kvm_vcpu *vcpu); +-void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu); ++void vmx_vcpu_load_vmcs(struct kvm_vcpu *vcpu, int cpu, ++ struct loaded_vmcs *buddy); + void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu); + int allocate_vpid(void); + void free_vpid(int vpid); diff --git a/queue-5.7/media-videobuf2-dma-contig-fix-bad-kfree-in-vb2_dma_contig_clear_max_seg_size.patch b/queue-5.7/media-videobuf2-dma-contig-fix-bad-kfree-in-vb2_dma_contig_clear_max_seg_size.patch new file mode 100644 index 00000000000..30dcc919915 --- /dev/null +++ b/queue-5.7/media-videobuf2-dma-contig-fix-bad-kfree-in-vb2_dma_contig_clear_max_seg_size.patch @@ -0,0 +1,89 @@ +From 0d9668721311607353d4861e6c32afeb272813dc Mon Sep 17 00:00:00 2001 +From: Tomi Valkeinen +Date: Wed, 27 May 2020 10:23:34 +0200 +Subject: media: videobuf2-dma-contig: fix bad kfree in vb2_dma_contig_clear_max_seg_size + +From: Tomi Valkeinen + +commit 0d9668721311607353d4861e6c32afeb272813dc upstream. + +Commit 9495b7e92f716ab2bd6814fab5e97ab4a39adfdd ("driver core: platform: +Initialize dma_parms for platform devices") in v5.7-rc5 causes +vb2_dma_contig_clear_max_seg_size() to kfree memory that was not +allocated by vb2_dma_contig_set_max_seg_size(). + +The assumption in vb2_dma_contig_set_max_seg_size() seems to be that +dev->dma_parms is always NULL when the driver is probed, and the case +where dev->dma_parms has bee initialized by someone else than the driver +(by calling vb2_dma_contig_set_max_seg_size) will cause a failure. + +All the current users of these functions are platform devices, which now +always have dma_parms set by the driver core. To fix the issue for v5.7, +make vb2_dma_contig_set_max_seg_size() return an error if dma_parms is +NULL to be on the safe side, and remove the kfree code from +vb2_dma_contig_clear_max_seg_size(). + +For v5.8 we should remove the two functions and move the +dma_set_max_seg_size() calls into the drivers. + +Signed-off-by: Tomi Valkeinen +Fixes: 9495b7e92f71 ("driver core: platform: Initialize dma_parms for platform devices") +Cc: stable@vger.kernel.org +Acked-by: Marek Szyprowski +Reviewed-by: Ulf Hansson +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/common/videobuf2/videobuf2-dma-contig.c | 20 +----------------- + include/media/videobuf2-dma-contig.h | 2 - + 2 files changed, 3 insertions(+), 19 deletions(-) + +--- a/drivers/media/common/videobuf2/videobuf2-dma-contig.c ++++ b/drivers/media/common/videobuf2/videobuf2-dma-contig.c +@@ -726,9 +726,8 @@ EXPORT_SYMBOL_GPL(vb2_dma_contig_memops) + int vb2_dma_contig_set_max_seg_size(struct device *dev, unsigned int size) + { + if (!dev->dma_parms) { +- dev->dma_parms = kzalloc(sizeof(*dev->dma_parms), GFP_KERNEL); +- if (!dev->dma_parms) +- return -ENOMEM; ++ dev_err(dev, "Failed to set max_seg_size: dma_parms is NULL\n"); ++ return -ENODEV; + } + if (dma_get_max_seg_size(dev) < size) + return dma_set_max_seg_size(dev, size); +@@ -737,21 +736,6 @@ int vb2_dma_contig_set_max_seg_size(stru + } + EXPORT_SYMBOL_GPL(vb2_dma_contig_set_max_seg_size); + +-/* +- * vb2_dma_contig_clear_max_seg_size() - release resources for DMA parameters +- * @dev: device for configuring DMA parameters +- * +- * This function releases resources allocated to configure DMA parameters +- * (see vb2_dma_contig_set_max_seg_size() function). It should be called from +- * device drivers on driver remove. +- */ +-void vb2_dma_contig_clear_max_seg_size(struct device *dev) +-{ +- kfree(dev->dma_parms); +- dev->dma_parms = NULL; +-} +-EXPORT_SYMBOL_GPL(vb2_dma_contig_clear_max_seg_size); +- + MODULE_DESCRIPTION("DMA-contig memory handling routines for videobuf2"); + MODULE_AUTHOR("Pawel Osciak "); + MODULE_LICENSE("GPL"); +--- a/include/media/videobuf2-dma-contig.h ++++ b/include/media/videobuf2-dma-contig.h +@@ -25,7 +25,7 @@ vb2_dma_contig_plane_dma_addr(struct vb2 + } + + int vb2_dma_contig_set_max_seg_size(struct device *dev, unsigned int size); +-void vb2_dma_contig_clear_max_seg_size(struct device *dev); ++static inline void vb2_dma_contig_clear_max_seg_size(struct device *dev) { } + + extern const struct vb2_mem_ops vb2_dma_contig_memops; + diff --git a/queue-5.7/scsi-lpfc-fix-negation-of-else-clause-in-lpfc_prep_node_fc4type.patch b/queue-5.7/scsi-lpfc-fix-negation-of-else-clause-in-lpfc_prep_node_fc4type.patch new file mode 100644 index 00000000000..9d910a3f5c6 --- /dev/null +++ b/queue-5.7/scsi-lpfc-fix-negation-of-else-clause-in-lpfc_prep_node_fc4type.patch @@ -0,0 +1,39 @@ +From f809da6db68a8be49e317f0ccfbced1af9258839 Mon Sep 17 00:00:00 2001 +From: Dick Kennedy +Date: Fri, 1 May 2020 14:43:05 -0700 +Subject: scsi: lpfc: Fix negation of else clause in lpfc_prep_node_fc4type + +From: Dick Kennedy + +commit f809da6db68a8be49e317f0ccfbced1af9258839 upstream. + +Implementation of a previous patch added a condition to an if check that +always end up with the if test being true. Execution of the else clause was +inadvertently negated. The additional condition check was incorrect and +unnecessary after the other modifications had been done in that patch. + +Remove the check from the if series. + +Link: https://lore.kernel.org/r/20200501214310.91713-5-jsmart2021@gmail.com +Fixes: b95b21193c85 ("scsi: lpfc: Fix loss of remote port after devloss due to lack of RPIs") +Cc: # v5.4+ +Reviewed-by: Hannes Reinecke +Signed-off-by: Dick Kennedy +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/lpfc/lpfc_ct.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_ct.c ++++ b/drivers/scsi/lpfc/lpfc_ct.c +@@ -462,7 +462,6 @@ lpfc_prep_node_fc4type(struct lpfc_vport + struct lpfc_nodelist *ndlp; + + if ((vport->port_type != LPFC_NPIV_PORT) || +- (fc4_type == FC_TYPE_FCP) || + !(vport->ct_flags & FC_CT_RFF_ID) || !vport->cfg_restrict_login) { + + ndlp = lpfc_setup_disc_node(vport, Did); diff --git a/queue-5.7/scsi-megaraid_sas-replace-undefined-mfi_big_endian-macro-with-__big_endian_bitfield-macro.patch b/queue-5.7/scsi-megaraid_sas-replace-undefined-mfi_big_endian-macro-with-__big_endian_bitfield-macro.patch new file mode 100644 index 00000000000..8e280a0e198 --- /dev/null +++ b/queue-5.7/scsi-megaraid_sas-replace-undefined-mfi_big_endian-macro-with-__big_endian_bitfield-macro.patch @@ -0,0 +1,76 @@ +From b9d5e3e7f370a817c742fb089ac1a86dfe8947dc Mon Sep 17 00:00:00 2001 +From: Shivasharan S +Date: Fri, 8 May 2020 14:21:30 +0530 +Subject: scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro + +From: Shivasharan S + +commit b9d5e3e7f370a817c742fb089ac1a86dfe8947dc upstream. + +MFI_BIG_ENDIAN macro used in drivers structure bitfield to check the CPU +big endianness is undefined which would break the code on big endian +machine. __BIG_ENDIAN_BITFIELD kernel macro should be used in places of +MFI_BIG_ENDIAN macro. + +Link: https://lore.kernel.org/r/20200508085130.23339-1-chandrakanth.patil@broadcom.com +Fixes: a7faf81d7858 ("scsi: megaraid_sas: Set no_write_same only for Virtual Disk") +Cc: # v5.6+ +Signed-off-by: Shivasharan S +Signed-off-by: Chandrakanth Patil +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/megaraid/megaraid_sas.h | 4 ++-- + drivers/scsi/megaraid/megaraid_sas_fusion.h | 6 +++--- + 2 files changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/megaraid/megaraid_sas.h ++++ b/drivers/scsi/megaraid/megaraid_sas.h +@@ -511,7 +511,7 @@ union MR_PROGRESS { + */ + struct MR_PD_PROGRESS { + struct { +-#ifndef MFI_BIG_ENDIAN ++#ifndef __BIG_ENDIAN_BITFIELD + u32 rbld:1; + u32 patrol:1; + u32 clear:1; +@@ -537,7 +537,7 @@ struct MR_PD_PROGRESS { + }; + + struct { +-#ifndef MFI_BIG_ENDIAN ++#ifndef __BIG_ENDIAN_BITFIELD + u32 rbld:1; + u32 patrol:1; + u32 clear:1; +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.h ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.h +@@ -774,7 +774,7 @@ struct MR_SPAN_BLOCK_INFO { + struct MR_CPU_AFFINITY_MASK { + union { + struct { +-#ifndef MFI_BIG_ENDIAN ++#ifndef __BIG_ENDIAN_BITFIELD + u8 hw_path:1; + u8 cpu0:1; + u8 cpu1:1; +@@ -866,7 +866,7 @@ struct MR_LD_RAID { + __le16 seqNum; + + struct { +-#ifndef MFI_BIG_ENDIAN ++#ifndef __BIG_ENDIAN_BITFIELD + u32 ldSyncRequired:1; + u32 regTypeReqOnReadIsValid:1; + u32 isEPD:1; +@@ -889,7 +889,7 @@ struct { + /* 0x30 - 0x33, Logical block size for the LD */ + u32 logical_block_length; + struct { +-#ifndef MFI_BIG_ENDIAN ++#ifndef __BIG_ENDIAN_BITFIELD + /* 0x34, P_I_EXPONENT from READ CAPACITY 16 */ + u32 ld_pi_exp:4; + /* 0x34, LOGICAL BLOCKS PER PHYSICAL diff --git a/queue-5.7/scsi-megaraid_sas-tm-command-refire-leads-to-controller-firmware-crash.patch b/queue-5.7/scsi-megaraid_sas-tm-command-refire-leads-to-controller-firmware-crash.patch new file mode 100644 index 00000000000..0214a5f18bf --- /dev/null +++ b/queue-5.7/scsi-megaraid_sas-tm-command-refire-leads-to-controller-firmware-crash.patch @@ -0,0 +1,55 @@ +From 6fd8525a70221c26823b1c7e912fb21f218fb0c5 Mon Sep 17 00:00:00 2001 +From: Sumit Saxena +Date: Fri, 8 May 2020 14:22:42 +0530 +Subject: scsi: megaraid_sas: TM command refire leads to controller firmware crash + +From: Sumit Saxena + +commit 6fd8525a70221c26823b1c7e912fb21f218fb0c5 upstream. + +When TM command times out, driver invokes the controller reset. Post reset, +driver re-fires pended TM commands which leads to firmware crash. + +Post controller reset, return pended TM commands back to OS. + +Link: https://lore.kernel.org/r/20200508085242.23406-1-chandrakanth.patil@broadcom.com +Cc: stable@vger.kernel.org +Signed-off-by: Sumit Saxena +Signed-off-by: Chandrakanth Patil +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/megaraid/megaraid_sas_fusion.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c +@@ -4238,6 +4238,7 @@ void megasas_refire_mgmt_cmd(struct mega + struct fusion_context *fusion; + struct megasas_cmd *cmd_mfi; + union MEGASAS_REQUEST_DESCRIPTOR_UNION *req_desc; ++ struct MPI2_RAID_SCSI_IO_REQUEST *scsi_io_req; + u16 smid; + bool refire_cmd = 0; + u8 result; +@@ -4305,6 +4306,11 @@ void megasas_refire_mgmt_cmd(struct mega + result = COMPLETE_CMD; + } + ++ scsi_io_req = (struct MPI2_RAID_SCSI_IO_REQUEST *) ++ cmd_fusion->io_request; ++ if (scsi_io_req->Function == MPI2_FUNCTION_SCSI_TASK_MGMT) ++ result = RETURN_CMD; ++ + switch (result) { + case REFIRE_CMD: + megasas_fire_cmd_fusion(instance, req_desc); +@@ -4533,7 +4539,6 @@ megasas_issue_tm(struct megasas_instance + if (!timeleft) { + dev_err(&instance->pdev->dev, + "task mgmt type 0x%x timed out\n", type); +- cmd_mfi->flags |= DRV_DCMD_SKIP_REFIRE; + mutex_unlock(&instance->reset_mutex); + rc = megasas_reset_fusion(instance->host, MFI_IO_TIMEOUT_OCR); + mutex_lock(&instance->reset_mutex); diff --git a/queue-5.7/selftests-ftrace-return-unsupported-if-no-error_log-file.patch b/queue-5.7/selftests-ftrace-return-unsupported-if-no-error_log-file.patch new file mode 100644 index 00000000000..20050912350 --- /dev/null +++ b/queue-5.7/selftests-ftrace-return-unsupported-if-no-error_log-file.patch @@ -0,0 +1,36 @@ +From 619ee76f5c9f6a1d601d1a056a454d62bf676ae4 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Mon, 25 May 2020 19:20:57 +0900 +Subject: selftests/ftrace: Return unsupported if no error_log file + +From: Masami Hiramatsu + +commit 619ee76f5c9f6a1d601d1a056a454d62bf676ae4 upstream. + +Check whether error_log file exists in tracing/error_log testcase +and return UNSUPPORTED if no error_log file. + +This can happen if we run the ftracetest on the older stable +kernel. + +Fixes: 4eab1cc461a6 ("selftests/ftrace: Add tracing/error_log testcase") +Cc: stable@vger.kernel.org +Signed-off-by: Masami Hiramatsu +Signed-off-by: Shuah Khan +Signed-off-by: Greg Kroah-Hartman + +--- + tools/testing/selftests/ftrace/test.d/ftrace/tracing-error-log.tc | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/tools/testing/selftests/ftrace/test.d/ftrace/tracing-error-log.tc ++++ b/tools/testing/selftests/ftrace/test.d/ftrace/tracing-error-log.tc +@@ -14,6 +14,8 @@ if [ ! -f set_event ]; then + exit_unsupported + fi + ++[ -f error_log ] || exit_unsupported ++ + ftrace_errlog_check 'event filter parse error' '((sig >= 10 && sig < 15) || dsig ^== 17) && comm != bash' 'events/signal/signal_generate/filter' + + exit 0 diff --git a/queue-5.7/series b/queue-5.7/series index 441da5e38f7..5e803fec59f 100644 --- a/queue-5.7/series +++ b/queue-5.7/series @@ -119,3 +119,20 @@ exfat-fix-incorrect-update-of-stream-entry-in-__exfat_truncate.patch proc-use-new_inode-not-new_inode_pseudo.patch remoteproc-fall-back-to-using-parent-memory-pool-if-no-dedicated-available.patch remoteproc-fix-and-restore-the-parenting-hierarchy-for-vdev.patch +cpufreq-fix-up-cpufreq_boost_set_sw.patch +edac-skx-use-the-mcmtr-register-to-retrieve-close_pg-bank_xor_enable.patch +video-vt8500lcdfb-fix-fallthrough-warning.patch +video-fbdev-w100fb-fix-a-potential-double-free.patch +media-videobuf2-dma-contig-fix-bad-kfree-in-vb2_dma_contig_clear_max_seg_size.patch +kvm-nvmx-skip-ibpb-when-switching-between-vmcs01-and-vmcs02.patch +kvm-nsvm-fix-condition-for-filtering-async-pf.patch +kvm-nsvm-leave-asid-aside-in-copy_vmcb_control_area.patch +kvm-nvmx-consult-only-the-basic-exit-reason-when-routing-nested-exit.patch +kvm-mips-define-kvm_entryhi_asid-to-cpu_asid_mask-boot_cpu_data.patch +kvm-mips-fix-vpn2_mask-definition-for-variable-cpu_vmbits.patch +kvm-arm64-stop-writing-aarch32-s-csselr-into-actlr.patch +kvm-arm64-make-vcpu_cp1x-work-on-big-endian-hosts.patch +scsi-megaraid_sas-tm-command-refire-leads-to-controller-firmware-crash.patch +scsi-lpfc-fix-negation-of-else-clause-in-lpfc_prep_node_fc4type.patch +scsi-megaraid_sas-replace-undefined-mfi_big_endian-macro-with-__big_endian_bitfield-macro.patch +selftests-ftrace-return-unsupported-if-no-error_log-file.patch diff --git a/queue-5.7/video-fbdev-w100fb-fix-a-potential-double-free.patch b/queue-5.7/video-fbdev-w100fb-fix-a-potential-double-free.patch new file mode 100644 index 00000000000..87eb0deeed4 --- /dev/null +++ b/queue-5.7/video-fbdev-w100fb-fix-a-potential-double-free.patch @@ -0,0 +1,50 @@ +From 18722d48a6bb9c2e8d046214c0a5fd19d0a7c9f6 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Wed, 6 May 2020 20:19:02 +0200 +Subject: video: fbdev: w100fb: Fix a potential double free. + +From: Christophe JAILLET + +commit 18722d48a6bb9c2e8d046214c0a5fd19d0a7c9f6 upstream. + +Some memory is vmalloc'ed in the 'w100fb_save_vidmem' function and freed in +the 'w100fb_restore_vidmem' function. (these functions are called +respectively from the 'suspend' and the 'resume' functions) + +However, it is also freed in the 'remove' function. + +In order to avoid a potential double free, set the corresponding pointer +to NULL once freed in the 'w100fb_restore_vidmem' function. + +Fixes: aac51f09d96a ("[PATCH] w100fb: Rewrite for platform independence") +Cc: Richard Purdie +Cc: Antonino Daplas +Cc: Bartlomiej Zolnierkiewicz +Cc: # v2.6.14+ +Signed-off-by: Christophe JAILLET +Signed-off-by: Sam Ravnborg +Link: https://patchwork.freedesktop.org/patch/msgid/20200506181902.193290-1-christophe.jaillet@wanadoo.fr +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/video/fbdev/w100fb.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/video/fbdev/w100fb.c ++++ b/drivers/video/fbdev/w100fb.c +@@ -588,6 +588,7 @@ static void w100fb_restore_vidmem(struct + memsize=par->mach->mem->size; + memcpy_toio(remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE), par->saved_extmem, memsize); + vfree(par->saved_extmem); ++ par->saved_extmem = NULL; + } + if (par->saved_intmem) { + memsize=MEM_INT_SIZE; +@@ -596,6 +597,7 @@ static void w100fb_restore_vidmem(struct + else + memcpy_toio(remapped_fbuf + (W100_FB_BASE-MEM_WINDOW_BASE), par->saved_intmem, memsize); + vfree(par->saved_intmem); ++ par->saved_intmem = NULL; + } + } + diff --git a/queue-5.7/video-vt8500lcdfb-fix-fallthrough-warning.patch b/queue-5.7/video-vt8500lcdfb-fix-fallthrough-warning.patch new file mode 100644 index 00000000000..f686468384f --- /dev/null +++ b/queue-5.7/video-vt8500lcdfb-fix-fallthrough-warning.patch @@ -0,0 +1,45 @@ +From 1c49f35e9e9156273124a0cfd38b57f7a7d4828f Mon Sep 17 00:00:00 2001 +From: Sam Ravnborg +Date: Sun, 12 Apr 2020 22:21:43 +0200 +Subject: video: vt8500lcdfb: fix fallthrough warning + +From: Sam Ravnborg + +commit 1c49f35e9e9156273124a0cfd38b57f7a7d4828f upstream. + +Fix following warning: +vt8500lcdfb.c: In function 'vt8500lcd_blank': +vt8500lcdfb.c:229:6: warning: this statement may fall through [-Wimplicit-fallthrough=] + if (info->fix.visual == FB_VISUAL_PSEUDOCOLOR || + ^ +vt8500lcdfb.c:233:2: note: here + case FB_BLANK_UNBLANK: + ^~~~ + +Adding a simple "fallthrough;" fixed the warning. +The fix was build tested. + +Signed-off-by: Sam Ravnborg +Reported-by: kbuild test robot +Fixes: e41f1a989408 ("fbdev: Implement simple blanking in pseudocolor modes for vt8500lcdfb") +Cc: Alexey Charkov +Cc: Paul Mundt +Cc: # v2.6.38+ +Signed-off-by: Bartlomiej Zolnierkiewicz +Link: https://patchwork.freedesktop.org/patch/msgid/20200412202143.GA26948@ravnborg.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/video/fbdev/vt8500lcdfb.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/video/fbdev/vt8500lcdfb.c ++++ b/drivers/video/fbdev/vt8500lcdfb.c +@@ -230,6 +230,7 @@ static int vt8500lcd_blank(int blank, st + info->fix.visual == FB_VISUAL_STATIC_PSEUDOCOLOR) + for (i = 0; i < 256; i++) + vt8500lcd_setcolreg(i, 0, 0, 0, 0, info); ++ fallthrough; + case FB_BLANK_UNBLANK: + if (info->fix.visual == FB_VISUAL_PSEUDOCOLOR || + info->fix.visual == FB_VISUAL_STATIC_PSEUDOCOLOR) -- 2.47.3