From 6a7a21d37d29b2f2fe7ccc5df3c2583485ee4b43 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 10 Oct 2021 21:12:27 -0400 Subject: [PATCH] Fixes for 5.10 Signed-off-by: Sasha Levin --- ...potential-memory-leak-about-jit_data.patch | 38 +++++ ...ource-leak-in-reconfiguration-device.patch | 40 +++++ ...tek-add-offset_ext_conf-setting-back.patch | 69 +++++++++ ...program-check-interrupt-emergency-st.patch | 144 ++++++++++++++++++ .../powerpc-bpf-fix-bpf_mod-when-imm-1.patch | 48 ++++++ ...-bpf-fix-bpf_sub-when-imm-0x80000000.patch | 66 ++++++++ ...port-the-correct-most-efficient-dma-.patch | 59 +++++++ ...the-kdump-kernel-crash-during-eeh_ps.patch | 78 ++++++++++ .../risc-v-include-clone3-on-rv32.patch | 42 +++++ ...arch_setup_additional_pages-wait-for.patch | 44 ++++++ queue-5.10/series | 10 ++ 11 files changed, 638 insertions(+) create mode 100644 queue-5.10/bpf-s390-fix-potential-memory-leak-about-jit_data.patch create mode 100644 queue-5.10/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch create mode 100644 queue-5.10/i2c-mediatek-add-offset_ext_conf-setting-back.patch create mode 100644 queue-5.10/powerpc-64s-fix-program-check-interrupt-emergency-st.patch create mode 100644 queue-5.10/powerpc-bpf-fix-bpf_mod-when-imm-1.patch create mode 100644 queue-5.10/powerpc-bpf-fix-bpf_sub-when-imm-0x80000000.patch create mode 100644 queue-5.10/powerpc-iommu-report-the-correct-most-efficient-dma-.patch create mode 100644 queue-5.10/pseries-eeh-fix-the-kdump-kernel-crash-during-eeh_ps.patch create mode 100644 queue-5.10/risc-v-include-clone3-on-rv32.patch create mode 100644 queue-5.10/riscv-vdso-make-arch_setup_additional_pages-wait-for.patch diff --git a/queue-5.10/bpf-s390-fix-potential-memory-leak-about-jit_data.patch b/queue-5.10/bpf-s390-fix-potential-memory-leak-about-jit_data.patch new file mode 100644 index 00000000000..ee4b9284de4 --- /dev/null +++ b/queue-5.10/bpf-s390-fix-potential-memory-leak-about-jit_data.patch @@ -0,0 +1,38 @@ +From 0abcff2b5275e6170c5400c74b58e1a094902934 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 27 Sep 2021 15:06:14 +0800 +Subject: bpf, s390: Fix potential memory leak about jit_data + +From: Tiezhu Yang + +[ Upstream commit 686cb8b9f6b46787f035afe8fbd132a74e6b1bdd ] + +Make sure to free jit_data through kfree() in the error path. + +Fixes: 1c8f9b91c456 ("bpf: s390: add JIT support for multi-function programs") +Signed-off-by: Tiezhu Yang +Acked-by: Ilya Leoshkevich +Reviewed-by: Christian Borntraeger +Signed-off-by: Christian Borntraeger +Signed-off-by: Vasily Gorbik +Signed-off-by: Sasha Levin +--- + arch/s390/net/bpf_jit_comp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c +index 8d9047d2d1e1..cd0cbdafedbd 100644 +--- a/arch/s390/net/bpf_jit_comp.c ++++ b/arch/s390/net/bpf_jit_comp.c +@@ -1775,7 +1775,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) + jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL); + if (jit.addrs == NULL) { + fp = orig_fp; +- goto out; ++ goto free_addrs; + } + /* + * Three initial passes: +-- +2.33.0 + diff --git a/queue-5.10/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch b/queue-5.10/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch new file mode 100644 index 00000000000..c686dc28076 --- /dev/null +++ b/queue-5.10/i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch @@ -0,0 +1,40 @@ +From 65b91e72cd03fc8ec5c536ab07d54d190c2e5ffc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 22 Sep 2021 17:57:18 +0100 +Subject: i2c: acpi: fix resource leak in reconfiguration device addition + +From: Jamie Iles + +[ Upstream commit 6558b646ce1c2a872fe1c2c7cb116f05a2c1950f ] + +acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a +reference on the adapter which is never released which will result in a +reference count leak and render the adapter unremovable. Make sure to +put the adapter after creating the client in the same manner that we do +for OF. + +Fixes: 525e6fabeae2 ("i2c / ACPI: add support for ACPI reconfigure notifications") +Signed-off-by: Jamie Iles +Acked-by: Mika Westerberg +[wsa: fixed title] +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/i2c-core-acpi.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c +index 37c510d9347a..4b136d871074 100644 +--- a/drivers/i2c/i2c-core-acpi.c ++++ b/drivers/i2c/i2c-core-acpi.c +@@ -426,6 +426,7 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, + break; + + i2c_acpi_register_device(adapter, adev, &info); ++ put_device(&adapter->dev); + break; + case ACPI_RECONFIG_DEVICE_REMOVE: + if (!acpi_device_enumerated(adev)) +-- +2.33.0 + diff --git a/queue-5.10/i2c-mediatek-add-offset_ext_conf-setting-back.patch b/queue-5.10/i2c-mediatek-add-offset_ext_conf-setting-back.patch new file mode 100644 index 00000000000..a247c3d1498 --- /dev/null +++ b/queue-5.10/i2c-mediatek-add-offset_ext_conf-setting-back.patch @@ -0,0 +1,69 @@ +From 866483e59ad88f1e0e54da0e299c11b1439753b3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 17 Sep 2021 18:14:14 +0800 +Subject: i2c: mediatek: Add OFFSET_EXT_CONF setting back + +From: Kewei Xu + +[ Upstream commit 3bce7703c7ba648bd9e174dc1413f422b7998833 ] + +In the commit be5ce0e97cc7 ("i2c: mediatek: Add i2c ac-timing adjust +support"), we miss setting OFFSET_EXT_CONF register if +i2c->dev_comp->timing_adjust is false, now add it back. + +Fixes: be5ce0e97cc7 ("i2c: mediatek: Add i2c ac-timing adjust support") +Signed-off-by: Kewei Xu +Reviewed-by: Qii Wang +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-mt65xx.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/i2c-mt65xx.c b/drivers/i2c/busses/i2c-mt65xx.c +index 1a5f1ccd1d2f..0af2784cbd0d 100644 +--- a/drivers/i2c/busses/i2c-mt65xx.c ++++ b/drivers/i2c/busses/i2c-mt65xx.c +@@ -41,6 +41,8 @@ + #define I2C_HANDSHAKE_RST 0x0020 + #define I2C_FIFO_ADDR_CLR 0x0001 + #define I2C_DELAY_LEN 0x0002 ++#define I2C_ST_START_CON 0x8001 ++#define I2C_FS_START_CON 0x1800 + #define I2C_TIME_CLR_VALUE 0x0000 + #define I2C_TIME_DEFAULT_VALUE 0x0003 + #define I2C_WRRD_TRANAC_VALUE 0x0002 +@@ -479,6 +481,7 @@ static void mtk_i2c_init_hw(struct mtk_i2c *i2c) + { + u16 control_reg; + u16 intr_stat_reg; ++ u16 ext_conf_val; + + mtk_i2c_writew(i2c, I2C_CHN_CLR_FLAG, OFFSET_START); + intr_stat_reg = mtk_i2c_readw(i2c, OFFSET_INTR_STAT); +@@ -517,8 +520,13 @@ static void mtk_i2c_init_hw(struct mtk_i2c *i2c) + if (i2c->dev_comp->ltiming_adjust) + mtk_i2c_writew(i2c, i2c->ltiming_reg, OFFSET_LTIMING); + ++ if (i2c->speed_hz <= I2C_MAX_STANDARD_MODE_FREQ) ++ ext_conf_val = I2C_ST_START_CON; ++ else ++ ext_conf_val = I2C_FS_START_CON; ++ + if (i2c->dev_comp->timing_adjust) { +- mtk_i2c_writew(i2c, i2c->ac_timing.ext, OFFSET_EXT_CONF); ++ ext_conf_val = i2c->ac_timing.ext; + mtk_i2c_writew(i2c, i2c->ac_timing.inter_clk_div, + OFFSET_CLOCK_DIV); + mtk_i2c_writew(i2c, I2C_SCL_MIS_COMP_VALUE, +@@ -543,6 +551,7 @@ static void mtk_i2c_init_hw(struct mtk_i2c *i2c) + OFFSET_HS_STA_STO_AC_TIMING); + } + } ++ mtk_i2c_writew(i2c, ext_conf_val, OFFSET_EXT_CONF); + + /* If use i2c pin from PMIC mt6397 side, need set PATH_DIR first */ + if (i2c->have_pmic) +-- +2.33.0 + diff --git a/queue-5.10/powerpc-64s-fix-program-check-interrupt-emergency-st.patch b/queue-5.10/powerpc-64s-fix-program-check-interrupt-emergency-st.patch new file mode 100644 index 00000000000..4aba46236b5 --- /dev/null +++ b/queue-5.10/powerpc-64s-fix-program-check-interrupt-emergency-st.patch @@ -0,0 +1,144 @@ +From 66092ded03a5b1feac9b9a1f0eb6ac48ed2c1555 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Oct 2021 00:56:38 +1000 +Subject: powerpc/64s: fix program check interrupt emergency stack path + +From: Nicholas Piggin + +[ Upstream commit 3e607dc4df180b72a38e75030cb0f94d12808712 ] + +Emergency stack path was jumping into a 3: label inside the +__GEN_COMMON_BODY macro for the normal path after it had finished, +rather than jumping over it. By a small miracle this is the correct +place to build up a new interrupt frame with the existing stack +pointer, so things basically worked okay with an added weird looking +700 trap frame on top (which had the wrong ->nip so it didn't decode +bug messages either). + +Fix this by avoiding using numeric labels when jumping over non-trivial +macros. + +Before: + + LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV + Modules linked in: + CPU: 0 PID: 88 Comm: sh Not tainted 5.15.0-rc2-00034-ge057cdade6e5 #2637 + NIP: 7265677368657265 LR: c00000000006c0c8 CTR: c0000000000097f0 + REGS: c0000000fffb3a50 TRAP: 0700 Not tainted + MSR: 9000000000021031 CR: 00000700 XER: 20040000 + CFAR: c0000000000098b0 IRQMASK: 0 + GPR00: c00000000006c964 c0000000fffb3cf0 c000000001513800 0000000000000000 + GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299 + GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8 + GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001 + GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8 + GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158 + GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300 + GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80 + NIP [7265677368657265] 0x7265677368657265 + LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10 + Call Trace: + [c0000000fffb3cf0] [c00000000000bdac] soft_nmi_common+0x13c/0x1d0 (unreliable) + --- interrupt: 700 at decrementer_common_virt+0xb8/0x230 + NIP: c0000000000098b8 LR: c00000000006c0c8 CTR: c0000000000097f0 + REGS: c0000000fffb3d60 TRAP: 0700 Not tainted + MSR: 9000000000021031 CR: 22424282 XER: 20040000 + CFAR: c0000000000098b0 IRQMASK: 0 + GPR00: c00000000006c964 0000000000002400 c000000001513800 0000000000000000 + GPR04: 0000000048ab0778 0000000042000000 0000000000000000 0000000000001299 + GPR08: 000001e447c718ec 0000000022424282 0000000000002710 c00000000006bee8 + GPR12: 9000000000009033 c0000000016b0000 00000000000000b0 0000000000000001 + GPR16: 0000000000000000 0000000000000002 0000000000000000 0000000000000ff8 + GPR20: 0000000000001fff 0000000000000007 0000000000000080 00007fff89d90158 + GPR24: 0000000002000000 0000000002000000 0000000000000255 0000000000000300 + GPR28: c000000001270000 0000000042000000 0000000048ab0778 c000000080647e80 + NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230 + LR [c00000000006c0c8] ___do_page_fault+0x3f8/0xb10 + --- interrupt: 700 + Instruction dump: + XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX + XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX + ---[ end trace 6d28218e0cc3c949 ]--- + +After: + + ------------[ cut here ]------------ + kernel BUG at arch/powerpc/kernel/exceptions-64s.S:491! + Oops: Exception in kernel mode, sig: 5 [#1] + LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV + Modules linked in: + CPU: 0 PID: 88 Comm: login Not tainted 5.15.0-rc2-00034-ge057cdade6e5-dirty #2638 + NIP: c0000000000098b8 LR: c00000000006bf04 CTR: c0000000000097f0 + REGS: c0000000fffb3d60 TRAP: 0700 Not tainted + MSR: 9000000000021031 CR: 24482227 XER: 00040000 + CFAR: c0000000000098b0 IRQMASK: 0 + GPR00: c00000000006bf04 0000000000002400 c000000001513800 c000000001271868 + GPR04: 00000000100f0d29 0000000042000000 0000000000000007 0000000000000009 + GPR08: 00000000100f0d29 0000000024482227 0000000000002710 c000000000181b3c + GPR12: 9000000000009033 c0000000016b0000 00000000100f0d29 c000000005b22f00 + GPR16: 00000000ffff0000 0000000000000001 0000000000000009 00000000100eed90 + GPR20: 00000000100eed90 0000000010000000 000000001000a49c 00000000100f1430 + GPR24: c000000001271868 0000000002000000 0000000000000215 0000000000000300 + GPR28: c000000001271800 0000000042000000 00000000100f0d29 c000000080647860 + NIP [c0000000000098b8] decrementer_common_virt+0xb8/0x230 + LR [c00000000006bf04] ___do_page_fault+0x234/0xb10 + Call Trace: + Instruction dump: + 4182000c 39400001 48000008 894d0932 714a0001 39400008 408225fc 718a4000 + 7c2a0b78 3821fcf0 41c20008 e82d0910 <0981fcf0> f92101a0 f9610170 f9810178 + ---[ end trace a5dbd1f5ea4ccc51 ]--- + +Fixes: 0a882e28468f4 ("powerpc/64s/exception: remove bad stack branch") +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20211004145642.1331214-2-npiggin@gmail.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/kernel/exceptions-64s.S | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S +index 9d3b468bd2d7..10df278dc3fb 100644 +--- a/arch/powerpc/kernel/exceptions-64s.S ++++ b/arch/powerpc/kernel/exceptions-64s.S +@@ -1715,27 +1715,30 @@ EXC_COMMON_BEGIN(program_check_common) + */ + + andi. r10,r12,MSR_PR +- bne 2f /* If userspace, go normal path */ ++ bne .Lnormal_stack /* If userspace, go normal path */ + + andis. r10,r12,(SRR1_PROGTM)@h +- bne 1f /* If TM, emergency */ ++ bne .Lemergency_stack /* If TM, emergency */ + + cmpdi r1,-INT_FRAME_SIZE /* check if r1 is in userspace */ +- blt 2f /* normal path if not */ ++ blt .Lnormal_stack /* normal path if not */ + + /* Use the emergency stack */ +-1: andi. r10,r12,MSR_PR /* Set CR0 correctly for label */ ++.Lemergency_stack: ++ andi. r10,r12,MSR_PR /* Set CR0 correctly for label */ + /* 3 in EXCEPTION_PROLOG_COMMON */ + mr r10,r1 /* Save r1 */ + ld r1,PACAEMERGSP(r13) /* Use emergency stack */ + subi r1,r1,INT_FRAME_SIZE /* alloc stack frame */ + __ISTACK(program_check)=0 + __GEN_COMMON_BODY program_check +- b 3f +-2: ++ b .Ldo_program_check ++ ++.Lnormal_stack: + __ISTACK(program_check)=1 + __GEN_COMMON_BODY program_check +-3: ++ ++.Ldo_program_check: + addi r3,r1,STACK_FRAME_OVERHEAD + bl program_check_exception + REST_NVGPRS(r1) /* instruction emulation may change GPRs */ +-- +2.33.0 + diff --git a/queue-5.10/powerpc-bpf-fix-bpf_mod-when-imm-1.patch b/queue-5.10/powerpc-bpf-fix-bpf_mod-when-imm-1.patch new file mode 100644 index 00000000000..cbf92d8969a --- /dev/null +++ b/queue-5.10/powerpc-bpf-fix-bpf_mod-when-imm-1.patch @@ -0,0 +1,48 @@ +From 0b095810df7e1e5fa574e416f56047112c5cd8e7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Oct 2021 01:55:22 +0530 +Subject: powerpc/bpf: Fix BPF_MOD when imm == 1 + +From: Naveen N. Rao + +[ Upstream commit 8bbc9d822421d9ac8ff9ed26a3713c9afc69d6c8 ] + +Only ignore the operation if dividing by 1. + +Fixes: 156d0e290e969c ("powerpc/ebpf/jit: Implement JIT compiler for extended BPF") +Signed-off-by: Naveen N. Rao +Tested-by: Johan Almbladh +Reviewed-by: Christophe Leroy +Acked-by: Song Liu +Acked-by: Johan Almbladh +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/c674ca18c3046885602caebb326213731c675d06.1633464148.git.naveen.n.rao@linux.vnet.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/net/bpf_jit_comp64.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c +index 658ca2bab13c..e79f9eae2bc0 100644 +--- a/arch/powerpc/net/bpf_jit_comp64.c ++++ b/arch/powerpc/net/bpf_jit_comp64.c +@@ -408,8 +408,14 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, + case BPF_ALU64 | BPF_DIV | BPF_K: /* dst /= imm */ + if (imm == 0) + return -EINVAL; +- else if (imm == 1) +- goto bpf_alu32_trunc; ++ if (imm == 1) { ++ if (BPF_OP(code) == BPF_DIV) { ++ goto bpf_alu32_trunc; ++ } else { ++ EMIT(PPC_RAW_LI(dst_reg, 0)); ++ break; ++ } ++ } + + PPC_LI32(b2p[TMP_REG_1], imm); + switch (BPF_CLASS(code)) { +-- +2.33.0 + diff --git a/queue-5.10/powerpc-bpf-fix-bpf_sub-when-imm-0x80000000.patch b/queue-5.10/powerpc-bpf-fix-bpf_sub-when-imm-0x80000000.patch new file mode 100644 index 00000000000..5d81d34ebb9 --- /dev/null +++ b/queue-5.10/powerpc-bpf-fix-bpf_sub-when-imm-0x80000000.patch @@ -0,0 +1,66 @@ +From 2ab892bd24a51611c0f5d9c994dcfe261f38377f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 6 Oct 2021 01:55:23 +0530 +Subject: powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 + +From: Naveen N. Rao + +[ Upstream commit 5855c4c1f415ca3ba1046e77c0b3d3dfc96c9025 ] + +We aren't handling subtraction involving an immediate value of +0x80000000 properly. Fix the same. + +Fixes: 156d0e290e969c ("powerpc/ebpf/jit: Implement JIT compiler for extended BPF") +Signed-off-by: Naveen N. Rao +Reviewed-by: Christophe Leroy +[mpe: Fold in fix from Naveen to use imm <= 32768] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/fc4b1276eb10761fd7ce0814c8dd089da2815251.1633464148.git.naveen.n.rao@linux.vnet.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/net/bpf_jit_comp64.c | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c +index e79f9eae2bc0..a2750d6ffd0f 100644 +--- a/arch/powerpc/net/bpf_jit_comp64.c ++++ b/arch/powerpc/net/bpf_jit_comp64.c +@@ -347,18 +347,25 @@ static int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, + EMIT(PPC_RAW_SUB(dst_reg, dst_reg, src_reg)); + goto bpf_alu32_trunc; + case BPF_ALU | BPF_ADD | BPF_K: /* (u32) dst += (u32) imm */ +- case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */ + case BPF_ALU64 | BPF_ADD | BPF_K: /* dst += imm */ ++ if (!imm) { ++ goto bpf_alu32_trunc; ++ } else if (imm >= -32768 && imm < 32768) { ++ EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm))); ++ } else { ++ PPC_LI32(b2p[TMP_REG_1], imm); ++ EMIT(PPC_RAW_ADD(dst_reg, dst_reg, b2p[TMP_REG_1])); ++ } ++ goto bpf_alu32_trunc; ++ case BPF_ALU | BPF_SUB | BPF_K: /* (u32) dst -= (u32) imm */ + case BPF_ALU64 | BPF_SUB | BPF_K: /* dst -= imm */ +- if (BPF_OP(code) == BPF_SUB) +- imm = -imm; +- if (imm) { +- if (imm >= -32768 && imm < 32768) +- EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(imm))); +- else { +- PPC_LI32(b2p[TMP_REG_1], imm); +- EMIT(PPC_RAW_ADD(dst_reg, dst_reg, b2p[TMP_REG_1])); +- } ++ if (!imm) { ++ goto bpf_alu32_trunc; ++ } else if (imm > -32768 && imm <= 32768) { ++ EMIT(PPC_RAW_ADDI(dst_reg, dst_reg, IMM_L(-imm))); ++ } else { ++ PPC_LI32(b2p[TMP_REG_1], imm); ++ EMIT(PPC_RAW_SUB(dst_reg, dst_reg, b2p[TMP_REG_1])); + } + goto bpf_alu32_trunc; + case BPF_ALU | BPF_MUL | BPF_X: /* (u32) dst *= (u32) src */ +-- +2.33.0 + diff --git a/queue-5.10/powerpc-iommu-report-the-correct-most-efficient-dma-.patch b/queue-5.10/powerpc-iommu-report-the-correct-most-efficient-dma-.patch new file mode 100644 index 00000000000..f72f1b29d25 --- /dev/null +++ b/queue-5.10/powerpc-iommu-report-the-correct-most-efficient-dma-.patch @@ -0,0 +1,59 @@ +From 2ac0a1f09246f3189ede508b550d5b494464a60c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 30 Sep 2021 13:44:54 +1000 +Subject: powerpc/iommu: Report the correct most efficient DMA mask for PCI + devices + +From: Alexey Kardashevskiy + +[ Upstream commit 23c216b335d1fbd716076e8263b54a714ea3cf0e ] + +According to dma-api.rst, the dma_get_required_mask() helper should return +"the mask that the platform requires to operate efficiently". Which in +the case of PPC64 means the bypass mask and not a mask from an IOMMU table +which is shorter and slower to use due to map/unmap operations (especially +expensive on "pseries"). + +However the existing implementation ignores the possibility of bypassing +and returns the IOMMU table mask on the pseries platform which makes some +drivers (mpt3sas is one example) choose 32bit DMA even though bypass is +supported. The powernv platform sort of handles it by having a bigger +default window with a mask >=40 but it only works as drivers choose +63/64bit if the required mask is >32 which is rather pointless. + +This reintroduces the bypass capability check to let drivers make +a better choice of the DMA mask. + +Fixes: f1565c24b596 ("powerpc: use the generic dma_ops_bypass mode") +Signed-off-by: Alexey Kardashevskiy +Reviewed-by: Christoph Hellwig +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210930034454.95794-1-aik@ozlabs.ru +Signed-off-by: Sasha Levin +--- + arch/powerpc/kernel/dma-iommu.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/powerpc/kernel/dma-iommu.c b/arch/powerpc/kernel/dma-iommu.c +index a1c744194018..9ac0651795cf 100644 +--- a/arch/powerpc/kernel/dma-iommu.c ++++ b/arch/powerpc/kernel/dma-iommu.c +@@ -117,6 +117,15 @@ u64 dma_iommu_get_required_mask(struct device *dev) + struct iommu_table *tbl = get_iommu_table_base(dev); + u64 mask; + ++ if (dev_is_pci(dev)) { ++ u64 bypass_mask = dma_direct_get_required_mask(dev); ++ ++ if (dma_iommu_dma_supported(dev, bypass_mask)) { ++ dev_info(dev, "%s: returning bypass mask 0x%llx\n", __func__, bypass_mask); ++ return bypass_mask; ++ } ++ } ++ + if (!tbl) + return 0; + +-- +2.33.0 + diff --git a/queue-5.10/pseries-eeh-fix-the-kdump-kernel-crash-during-eeh_ps.patch b/queue-5.10/pseries-eeh-fix-the-kdump-kernel-crash-during-eeh_ps.patch new file mode 100644 index 00000000000..44f758d9601 --- /dev/null +++ b/queue-5.10/pseries-eeh-fix-the-kdump-kernel-crash-during-eeh_ps.patch @@ -0,0 +1,78 @@ +From 6c561e0957a492169b4860e2ebbc6e6f6dcc0ba3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 20 Sep 2021 22:03:26 +0530 +Subject: pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init + +From: Mahesh Salgaonkar + +[ Upstream commit eb8257a12192f43ffd41bd90932c39dade958042 ] + +On pseries LPAR when an empty slot is assigned to partition OR in single +LPAR mode, kdump kernel crashes during issuing PHB reset. + +In the kdump scenario, we traverse all PHBs and issue reset using the +pe_config_addr of the first child device present under each PHB. However +the code assumes that none of the PHB slots can be empty and uses +list_first_entry() to get the first child device under the PHB. Since +list_first_entry() expects the list to be non-empty, it returns an +invalid pci_dn entry and ends up accessing NULL phb pointer under +pci_dn->phb causing kdump kernel crash. + +This patch fixes the below kdump kernel crash by skipping empty slots: + + audit: initializing netlink subsys (disabled) + thermal_sys: Registered thermal governor 'fair_share' + thermal_sys: Registered thermal governor 'step_wise' + cpuidle: using governor menu + pstore: Registered nvram as persistent store backend + Issue PHB reset ... + audit: type=2000 audit(1631267818.000:1): state=initialized audit_enabled=0 res=1 + BUG: Kernel NULL pointer dereference on read at 0x00000268 + Faulting instruction address: 0xc000000008101fb0 + Oops: Kernel access of bad area, sig: 7 [#1] + LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries + Modules linked in: + CPU: 7 PID: 1 Comm: swapper/7 Not tainted 5.14.0 #1 + NIP: c000000008101fb0 LR: c000000009284ccc CTR: c000000008029d70 + REGS: c00000001161b840 TRAP: 0300 Not tainted (5.14.0) + MSR: 8000000002009033 CR: 28000224 XER: 20040002 + CFAR: c000000008101f0c DAR: 0000000000000268 DSISR: 00080000 IRQMASK: 0 + ... + NIP pseries_eeh_get_pe_config_addr+0x100/0x1b0 + LR __machine_initcall_pseries_eeh_pseries_init+0x2cc/0x350 + Call Trace: + 0xc00000001161bb80 (unreliable) + __machine_initcall_pseries_eeh_pseries_init+0x2cc/0x350 + do_one_initcall+0x60/0x2d0 + kernel_init_freeable+0x350/0x3f8 + kernel_init+0x3c/0x17c + ret_from_kernel_thread+0x5c/0x64 + +Fixes: 5a090f7c363fd ("powerpc/pseries: PCIE PHB reset") +Signed-off-by: Mahesh Salgaonkar +[mpe: Tweak wording and trim oops] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/163215558252.413351.8600189949820258982.stgit@jupiter +Signed-off-by: Sasha Levin +--- + arch/powerpc/platforms/pseries/eeh_pseries.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/powerpc/platforms/pseries/eeh_pseries.c b/arch/powerpc/platforms/pseries/eeh_pseries.c +index cf024fa37bda..7ed38ebd0c7b 100644 +--- a/arch/powerpc/platforms/pseries/eeh_pseries.c ++++ b/arch/powerpc/platforms/pseries/eeh_pseries.c +@@ -868,6 +868,10 @@ static int __init eeh_pseries_init(void) + if (is_kdump_kernel() || reset_devices) { + pr_info("Issue PHB reset ...\n"); + list_for_each_entry(phb, &hose_list, list_node) { ++ // Skip if the slot is empty ++ if (list_empty(&PCI_DN(phb->dn)->child_list)) ++ continue; ++ + pdn = list_first_entry(&PCI_DN(phb->dn)->child_list, struct pci_dn, list); + config_addr = pseries_eeh_get_pe_config_addr(pdn); + +-- +2.33.0 + diff --git a/queue-5.10/risc-v-include-clone3-on-rv32.patch b/queue-5.10/risc-v-include-clone3-on-rv32.patch new file mode 100644 index 00000000000..898bc135419 --- /dev/null +++ b/queue-5.10/risc-v-include-clone3-on-rv32.patch @@ -0,0 +1,42 @@ +From fd5f84144c4f989160ed61593dfc43223c84625f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 2 Oct 2021 17:21:20 -0700 +Subject: RISC-V: Include clone3() on rv32 + +From: Palmer Dabbelt + +[ Upstream commit 59a4e0d5511ba61353ea9a4efdb1b86c23ecf134 ] + +As far as I can tell this should be enabled on rv32 as well, I'm not +sure why it's rv64-only. checksyscalls is complaining about our lack of +clone3() on rv32. + +Fixes: 56ac5e213933 ("riscv: enable sys_clone3 syscall for rv64") +Signed-off-by: Palmer Dabbelt +Reviewed-by: Arnd Bergmann +Acked-by: Christian Brauner +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + arch/riscv/include/uapi/asm/unistd.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/riscv/include/uapi/asm/unistd.h b/arch/riscv/include/uapi/asm/unistd.h +index 4b989ae15d59..8062996c2dfd 100644 +--- a/arch/riscv/include/uapi/asm/unistd.h ++++ b/arch/riscv/include/uapi/asm/unistd.h +@@ -18,9 +18,10 @@ + #ifdef __LP64__ + #define __ARCH_WANT_NEW_STAT + #define __ARCH_WANT_SET_GET_RLIMIT +-#define __ARCH_WANT_SYS_CLONE3 + #endif /* __LP64__ */ + ++#define __ARCH_WANT_SYS_CLONE3 ++ + #include + + /* +-- +2.33.0 + diff --git a/queue-5.10/riscv-vdso-make-arch_setup_additional_pages-wait-for.patch b/queue-5.10/riscv-vdso-make-arch_setup_additional_pages-wait-for.patch new file mode 100644 index 00000000000..776ba9cd566 --- /dev/null +++ b/queue-5.10/riscv-vdso-make-arch_setup_additional_pages-wait-for.patch @@ -0,0 +1,44 @@ +From 211887c97a451e6f931613cf67b6698d25c2f346 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Sep 2021 02:46:21 +0000 +Subject: riscv/vdso: make arch_setup_additional_pages wait for mmap_sem for + write killable + +From: Tong Tiangen + +[ Upstream commit 8bb0ab3ae7a4dbe6cf32deb830cf2bdbf5736867 ] + +riscv architectures relying on mmap_sem for write in their +arch_setup_additional_pages. If the waiting task gets killed by the oom +killer it would block oom_reaper from asynchronous address space reclaim +and reduce the chances of timely OOM resolving. Wait for the lock in +the killable mode and return with EINTR if the task got killed while +waiting. + +Signed-off-by: Tong Tiangen +Reviewed-by: Kefeng Wang +Fixes: 76d2a0493a17 ("RISC-V: Init and Halt Code") +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/vdso.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/arch/riscv/kernel/vdso.c b/arch/riscv/kernel/vdso.c +index 3f1d35e7c98a..73d45931a053 100644 +--- a/arch/riscv/kernel/vdso.c ++++ b/arch/riscv/kernel/vdso.c +@@ -65,7 +65,9 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, + + vdso_len = (vdso_pages + 1) << PAGE_SHIFT; + +- mmap_write_lock(mm); ++ if (mmap_write_lock_killable(mm)) ++ return -EINTR; ++ + vdso_base = get_unmapped_area(NULL, 0, vdso_len, 0, 0); + if (IS_ERR_VALUE(vdso_base)) { + ret = vdso_base; +-- +2.33.0 + diff --git a/queue-5.10/series b/queue-5.10/series index ab64eb81893..d6b6b5ee8b4 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -65,3 +65,13 @@ gve-report-64bit-tx_bytes-counter-from-gve_handle_re.patch i40e-fix-endless-loop-under-rtnl.patch i40e-fix-freeing-of-uninitialized-misc-irq-vector.patch net-prefer-socket-bound-to-interface-when-not-in-vrf.patch +powerpc-iommu-report-the-correct-most-efficient-dma-.patch +i2c-acpi-fix-resource-leak-in-reconfiguration-device.patch +i2c-mediatek-add-offset_ext_conf-setting-back.patch +riscv-vdso-make-arch_setup_additional_pages-wait-for.patch +bpf-s390-fix-potential-memory-leak-about-jit_data.patch +risc-v-include-clone3-on-rv32.patch +powerpc-bpf-fix-bpf_mod-when-imm-1.patch +powerpc-bpf-fix-bpf_sub-when-imm-0x80000000.patch +powerpc-64s-fix-program-check-interrupt-emergency-st.patch +pseries-eeh-fix-the-kdump-kernel-crash-during-eeh_ps.patch -- 2.47.3