--- /dev/null
+From d76779dd3681c01a4c6c3cae4d0627c9083e0ee6 Mon Sep 17 00:00:00 2001
+From: Quanquan Cao <caoqq@fujitsu.com>
+Date: Wed, 24 Jan 2024 17:15:26 +0800
+Subject: cxl/region:Fix overflow issue in alloc_hpa()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Quanquan Cao <caoqq@fujitsu.com>
+
+commit d76779dd3681c01a4c6c3cae4d0627c9083e0ee6 upstream.
+
+Creating a region with 16 memory devices caused a problem. The div_u64_rem
+function, used for dividing an unsigned 64-bit number by a 32-bit one,
+faced an issue when SZ_256M * p->interleave_ways. The result surpassed
+the maximum limit of the 32-bit divisor (4G), leading to an overflow
+and a remainder of 0.
+note: At this point, p->interleave_ways is 16, meaning 16 * 256M = 4G
+
+To fix this issue, I replaced the div_u64_rem function with div64_u64_rem
+and adjusted the type of the remainder.
+
+Signed-off-by: Quanquan Cao <caoqq@fujitsu.com>
+Reviewed-by: Dave Jiang <dave.jiang@intel.com>
+Fixes: 23a22cd1c98b ("cxl/region: Allocate HPA capacity to regions")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Dan Williams <dan.j.williams@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/cxl/core/region.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/cxl/core/region.c
++++ b/drivers/cxl/core/region.c
+@@ -450,7 +450,7 @@ static int alloc_hpa(struct cxl_region *
+ struct cxl_root_decoder *cxlrd = to_cxl_root_decoder(cxlr->dev.parent);
+ struct cxl_region_params *p = &cxlr->params;
+ struct resource *res;
+- u32 remainder = 0;
++ u64 remainder = 0;
+
+ lockdep_assert_held_write(&cxl_region_rwsem);
+
+@@ -470,7 +470,7 @@ static int alloc_hpa(struct cxl_region *
+ (cxlr->mode == CXL_DECODER_PMEM && uuid_is_null(&p->uuid)))
+ return -ENXIO;
+
+- div_u64_rem(size, SZ_256M * p->interleave_ways, &remainder);
++ div64_u64_rem(size, (u64)SZ_256M * p->interleave_ways, &remainder);
+ if (remainder)
+ return -EINVAL;
+
--- /dev/null
+From 59be5c35850171e307ca5d3d703ee9ff4096b948 Mon Sep 17 00:00:00 2001
+From: Xi Ruoyao <xry111@xry111.site>
+Date: Sat, 27 Jan 2024 05:05:57 +0800
+Subject: mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
+
+From: Xi Ruoyao <xry111@xry111.site>
+
+commit 59be5c35850171e307ca5d3d703ee9ff4096b948 upstream.
+
+If we still own the FPU after initializing fcr31, when we are preempted
+the dirty value in the FPU will be read out and stored into fcr31,
+clobbering our setting. This can cause an improper floating-point
+environment after execve(). For example:
+
+ zsh% cat measure.c
+ #include <fenv.h>
+ int main() { return fetestexcept(FE_INEXACT); }
+ zsh% cc measure.c -o measure -lm
+ zsh% echo $((1.0/3)) # raising FE_INEXACT
+ 0.33333333333333331
+ zsh% while ./measure; do ; done
+ (stopped in seconds)
+
+Call lose_fpu(0) before setting fcr31 to prevent this.
+
+Closes: https://lore.kernel.org/linux-mips/7a6aa1bbdbbe2e63ae96ff163fab0349f58f1b9e.camel@xry111.site/
+Fixes: 9b26616c8d9d ("MIPS: Respect the ISA level in FCSR handling")
+Cc: stable@vger.kernel.org
+Signed-off-by: Xi Ruoyao <xry111@xry111.site>
+Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/mips/kernel/elf.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/arch/mips/kernel/elf.c
++++ b/arch/mips/kernel/elf.c
+@@ -11,6 +11,7 @@
+
+ #include <asm/cpu-features.h>
+ #include <asm/cpu-info.h>
++#include <asm/fpu.h>
+
+ #ifdef CONFIG_MIPS_FP_SUPPORT
+
+@@ -309,6 +310,11 @@ void mips_set_personality_nan(struct arc
+ struct cpuinfo_mips *c = &boot_cpu_data;
+ struct task_struct *t = current;
+
++ /* Do this early so t->thread.fpu.fcr31 won't be clobbered in case
++ * we are preempted before the lose_fpu(0) in start_thread.
++ */
++ lose_fpu(0);
++
+ t->thread.fpu.fcr31 = c->fpu_csr31;
+ switch (state->nan_2008) {
+ case 0:
spi-bcm-qspi-fix-sfdp-bfpt-read-by-usig-mspi-read.patch
spi-fix-finalize-message-on-error-return.patch
mips-lantiq-register-smp_ops-on-non-smp-platforms.patch
+cxl-region-fix-overflow-issue-in-alloc_hpa.patch
+mips-call-lose_fpu-0-before-initializing-fcr31-in-mips_set_personality_nan.patch
+tick-sched-preserve-number-of-idle-sleeps-across-cpu-hotplug-events.patch
+x86-entry-ia32-ensure-s32-is-sign-extended-to-s64.patch
--- /dev/null
+From 9a574ea9069be30b835a3da772c039993c43369b Mon Sep 17 00:00:00 2001
+From: Tim Chen <tim.c.chen@linux.intel.com>
+Date: Mon, 22 Jan 2024 15:35:34 -0800
+Subject: tick/sched: Preserve number of idle sleeps across CPU hotplug events
+
+From: Tim Chen <tim.c.chen@linux.intel.com>
+
+commit 9a574ea9069be30b835a3da772c039993c43369b upstream.
+
+Commit 71fee48f ("tick-sched: Fix idle and iowait sleeptime accounting vs
+CPU hotplug") preserved total idle sleep time and iowait sleeptime across
+CPU hotplug events.
+
+Similar reasoning applies to the number of idle calls and idle sleeps to
+get the proper average of sleep time per idle invocation.
+
+Preserve those fields too.
+
+Fixes: 71fee48f ("tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug")
+Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20240122233534.3094238-1-tim.c.chen@linux.intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/time/tick-sched.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/kernel/time/tick-sched.c
++++ b/kernel/time/tick-sched.c
+@@ -1557,6 +1557,7 @@ void tick_cancel_sched_timer(int cpu)
+ {
+ struct tick_sched *ts = &per_cpu(tick_cpu_sched, cpu);
+ ktime_t idle_sleeptime, iowait_sleeptime;
++ unsigned long idle_calls, idle_sleeps;
+
+ # ifdef CONFIG_HIGH_RES_TIMERS
+ if (ts->sched_timer.base)
+@@ -1565,9 +1566,13 @@ void tick_cancel_sched_timer(int cpu)
+
+ idle_sleeptime = ts->idle_sleeptime;
+ iowait_sleeptime = ts->iowait_sleeptime;
++ idle_calls = ts->idle_calls;
++ idle_sleeps = ts->idle_sleeps;
+ memset(ts, 0, sizeof(*ts));
+ ts->idle_sleeptime = idle_sleeptime;
+ ts->iowait_sleeptime = iowait_sleeptime;
++ ts->idle_calls = idle_calls;
++ ts->idle_sleeps = idle_sleeps;
+ }
+ #endif
+
--- /dev/null
+From 56062d60f117dccfb5281869e0ab61e090baf864 Mon Sep 17 00:00:00 2001
+From: Richard Palethorpe <rpalethorpe@suse.com>
+Date: Wed, 10 Jan 2024 15:01:22 +0200
+Subject: x86/entry/ia32: Ensure s32 is sign extended to s64
+
+From: Richard Palethorpe <rpalethorpe@suse.com>
+
+commit 56062d60f117dccfb5281869e0ab61e090baf864 upstream.
+
+Presently ia32 registers stored in ptregs are unconditionally cast to
+unsigned int by the ia32 stub. They are then cast to long when passed to
+__se_sys*, but will not be sign extended.
+
+This takes the sign of the syscall argument into account in the ia32
+stub. It still casts to unsigned int to avoid implementation specific
+behavior. However then casts to int or unsigned int as necessary. So that
+the following cast to long sign extends the value.
+
+This fixes the io_pgetevents02 LTP test when compiled with -m32. Presently
+the systemcall io_pgetevents_time64() unexpectedly accepts -1 for the
+maximum number of events.
+
+It doesn't appear other systemcalls with signed arguments are effected
+because they all have compat variants defined and wired up.
+
+Fixes: ebeb8c82ffaf ("syscalls/x86: Use 'struct pt_regs' based syscall calling for IA32_EMULATION and x32")
+Suggested-by: Arnd Bergmann <arnd@arndb.de>
+Signed-off-by: Richard Palethorpe <rpalethorpe@suse.com>
+Signed-off-by: Nikolay Borisov <nik.borisov@suse.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Reviewed-by: Arnd Bergmann <arnd@arndb.de>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20240110130122.3836513-1-nik.borisov@suse.com
+Link: https://lore.kernel.org/ltp/20210921130127.24131-1-rpalethorpe@suse.com/
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/syscall_wrapper.h | 25 +++++++++++++++++++++----
+ include/linux/syscalls.h | 1 +
+ 2 files changed, 22 insertions(+), 4 deletions(-)
+
+--- a/arch/x86/include/asm/syscall_wrapper.h
++++ b/arch/x86/include/asm/syscall_wrapper.h
+@@ -58,12 +58,29 @@ extern long __ia32_sys_ni_syscall(const
+ ,,regs->di,,regs->si,,regs->dx \
+ ,,regs->r10,,regs->r8,,regs->r9) \
+
++
++/* SYSCALL_PT_ARGS is Adapted from s390x */
++#define SYSCALL_PT_ARG6(m, t1, t2, t3, t4, t5, t6) \
++ SYSCALL_PT_ARG5(m, t1, t2, t3, t4, t5), m(t6, (regs->bp))
++#define SYSCALL_PT_ARG5(m, t1, t2, t3, t4, t5) \
++ SYSCALL_PT_ARG4(m, t1, t2, t3, t4), m(t5, (regs->di))
++#define SYSCALL_PT_ARG4(m, t1, t2, t3, t4) \
++ SYSCALL_PT_ARG3(m, t1, t2, t3), m(t4, (regs->si))
++#define SYSCALL_PT_ARG3(m, t1, t2, t3) \
++ SYSCALL_PT_ARG2(m, t1, t2), m(t3, (regs->dx))
++#define SYSCALL_PT_ARG2(m, t1, t2) \
++ SYSCALL_PT_ARG1(m, t1), m(t2, (regs->cx))
++#define SYSCALL_PT_ARG1(m, t1) m(t1, (regs->bx))
++#define SYSCALL_PT_ARGS(x, ...) SYSCALL_PT_ARG##x(__VA_ARGS__)
++
++#define __SC_COMPAT_CAST(t, a) \
++ (__typeof(__builtin_choose_expr(__TYPE_IS_L(t), 0, 0U))) \
++ (unsigned int)a
++
+ /* Mapping of registers to parameters for syscalls on i386 */
+ #define SC_IA32_REGS_TO_ARGS(x, ...) \
+- __MAP(x,__SC_ARGS \
+- ,,(unsigned int)regs->bx,,(unsigned int)regs->cx \
+- ,,(unsigned int)regs->dx,,(unsigned int)regs->si \
+- ,,(unsigned int)regs->di,,(unsigned int)regs->bp)
++ SYSCALL_PT_ARGS(x, __SC_COMPAT_CAST, \
++ __MAP(x, __SC_TYPE, __VA_ARGS__)) \
+
+ #define __SYS_STUB0(abi, name) \
+ long __##abi##_##name(const struct pt_regs *regs); \
+--- a/include/linux/syscalls.h
++++ b/include/linux/syscalls.h
+@@ -123,6 +123,7 @@ enum landlock_rule_type;
+ #define __TYPE_IS_LL(t) (__TYPE_AS(t, 0LL) || __TYPE_AS(t, 0ULL))
+ #define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
+ #define __SC_CAST(t, a) (__force t) a
++#define __SC_TYPE(t, a) t
+ #define __SC_ARGS(t, a) a
+ #define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
