From: Greg Kroah-Hartman Date: Sun, 3 Dec 2023 13:49:20 +0000 (+0100) Subject: 6.1-stable patches X-Git-Tag: v4.14.332~34 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd1a4ee37544ae38fdc8c12eda3aca23daf694b3;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: bcache-revert-replacing-is_err_or_null-with-is_err.patch btrfs-add-dmesg-output-for-first-mount-and-last-unmount-of-a-filesystem.patch btrfs-fix-64bit-compat-send-ioctl-arguments-not-initializing-version-member.patch btrfs-fix-off-by-one-when-checking-chunk-map-includes-logical-address.patch btrfs-make-error-messages-more-clear-when-getting-a-chunk-map.patch btrfs-ref-verify-fix-memory-leaks-in-btrfs_ref_tree_mod.patch btrfs-send-ensure-send_fd-is-writable.patch cpufreq-amd-pstate-fix-the-return-value-of-amd_pstate_fast_switch.patch dma-buf-fix-check-in-dma_resv_add_fence.patch iommu-vt-d-add-mtl-to-quirk-list-to-skip-te-disabling.patch kvm-ppc-book3s-hv-fix-kvm_run-clobbering-fp-vec-user-registers.patch parisc-drop-the-hp-ux-enosym-and-eremoterelease-error-codes.patch parisc-ensure-32-bit-alignment-on-parisc-unwind-section.patch parisc-mark-altinstructions-read-only-and-32-bit-aligned.patch parisc-mark-ex_table-entries-32-bit-aligned-in-assembly.h.patch parisc-mark-ex_table-entries-32-bit-aligned-in-uaccess.h.patch parisc-mark-jump_table-naturally-aligned.patch parisc-mark-lock_aligned-variables-16-byte-aligned-on-smp.patch parisc-use-natural-cpu-alignment-for-bug_table.patch powercap-dtpm-fix-unneeded-conversions-to-micro-watts.patch powerpc-don-t-clobber-f0-vs0-during-fp-altivec-register-save.patch --- diff --git a/queue-6.1/bcache-revert-replacing-is_err_or_null-with-is_err.patch b/queue-6.1/bcache-revert-replacing-is_err_or_null-with-is_err.patch new file mode 100644 index 00000000000..ac6eb7ee753 --- /dev/null +++ b/queue-6.1/bcache-revert-replacing-is_err_or_null-with-is_err.patch @@ -0,0 +1,72 @@ +From bb6cc253861bd5a7cf8439e2118659696df9619f Mon Sep 17 00:00:00 2001 +From: Markus Weippert +Date: Fri, 24 Nov 2023 16:14:37 +0100 +Subject: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR + +From: Markus Weippert + +commit bb6cc253861bd5a7cf8439e2118659696df9619f upstream. + +Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in +node allocations") replaced IS_ERR_OR_NULL by IS_ERR. This leads to a +NULL pointer dereference. + +BUG: kernel NULL pointer dereference, address: 0000000000000080 +Call Trace: + ? __die_body.cold+0x1a/0x1f + ? page_fault_oops+0xd2/0x2b0 + ? exc_page_fault+0x70/0x170 + ? asm_exc_page_fault+0x22/0x30 + ? btree_node_free+0xf/0x160 [bcache] + ? up_write+0x32/0x60 + btree_gc_coalesce+0x2aa/0x890 [bcache] + ? bch_extent_bad+0x70/0x170 [bcache] + btree_gc_recurse+0x130/0x390 [bcache] + ? btree_gc_mark_node+0x72/0x230 [bcache] + bch_btree_gc+0x5da/0x600 [bcache] + ? cpuusage_read+0x10/0x10 + ? bch_btree_gc+0x600/0x600 [bcache] + bch_gc_thread+0x135/0x180 [bcache] + +The relevant code starts with: + + new_nodes[0] = NULL; + + for (i = 0; i < nodes; i++) { + if (__bch_keylist_realloc(&keylist, bkey_u64s(&r[i].b->key))) + goto out_nocoalesce; + // ... +out_nocoalesce: + // ... + for (i = 0; i < nodes; i++) + if (!IS_ERR(new_nodes[i])) { // IS_ERR_OR_NULL before +028ddcac477b + btree_node_free(new_nodes[i]); // new_nodes[0] is NULL + rw_unlock(true, new_nodes[i]); + } + +This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this. + +Fixes: 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") +Link: https://lore.kernel.org/all/3DF4A87A-2AC1-4893-AE5F-E921478419A9@suse.de/ +Cc: stable@vger.kernel.org +Cc: Zheng Wang +Cc: Coly Li +Signed-off-by: Markus Weippert +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/bcache/btree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1489,7 +1489,7 @@ out_nocoalesce: + bch_keylist_free(&keylist); + + for (i = 0; i < nodes; i++) +- if (!IS_ERR(new_nodes[i])) { ++ if (!IS_ERR_OR_NULL(new_nodes[i])) { + btree_node_free(new_nodes[i]); + rw_unlock(true, new_nodes[i]); + } diff --git a/queue-6.1/btrfs-add-dmesg-output-for-first-mount-and-last-unmount-of-a-filesystem.patch b/queue-6.1/btrfs-add-dmesg-output-for-first-mount-and-last-unmount-of-a-filesystem.patch new file mode 100644 index 00000000000..7a296b070ec --- /dev/null +++ b/queue-6.1/btrfs-add-dmesg-output-for-first-mount-and-last-unmount-of-a-filesystem.patch @@ -0,0 +1,74 @@ +From 2db313205f8b96eea467691917138d646bb50aef Mon Sep 17 00:00:00 2001 +From: Qu Wenruo +Date: Thu, 2 Nov 2023 07:54:50 +1030 +Subject: btrfs: add dmesg output for first mount and last unmount of a filesystem + +From: Qu Wenruo + +commit 2db313205f8b96eea467691917138d646bb50aef upstream. + +There is a feature request to add dmesg output when unmounting a btrfs. +There are several alternative methods to do the same thing, but with +their own problems: + +- Use eBPF to watch btrfs_put_super()/open_ctree() + Not end user friendly, they have to dip their head into the source + code. + +- Watch for directory /sys/fs// + This is way more simple, but still requires some simple device -> uuid + lookups. And a script needs to use inotify to watch /sys/fs/. + +Compared to all these, directly outputting the information into dmesg +would be the most simple one, with both device and UUID included. + +And since we're here, also add the output when mounting a filesystem for +the first time for parity. A more fine grained monitoring of subvolume +mounts should be done by another layer, like audit. + +Now mounting a btrfs with all default mkfs options would look like this: + + [81.906566] BTRFS info (device dm-8): first mount of filesystem 633b5c16-afe3-4b79-b195-138fe145e4f2 + [81.907494] BTRFS info (device dm-8): using crc32c (crc32c-intel) checksum algorithm + [81.908258] BTRFS info (device dm-8): using free space tree + [81.912644] BTRFS info (device dm-8): auto enabling async discard + [81.913277] BTRFS info (device dm-8): checking UUID tree + [91.668256] BTRFS info (device dm-8): last unmount of filesystem 633b5c16-afe3-4b79-b195-138fe145e4f2 + +CC: stable@vger.kernel.org # 5.4+ +Link: https://github.com/kdave/btrfs-progs/issues/689 +Reviewed-by: Anand Jain +Signed-off-by: Qu Wenruo +Reviewed-by: David Sterba +[ update changelog ] +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/disk-io.c | 1 + + fs/btrfs/super.c | 5 ++++- + 2 files changed, 5 insertions(+), 1 deletion(-) + +--- a/fs/btrfs/disk-io.c ++++ b/fs/btrfs/disk-io.c +@@ -3493,6 +3493,7 @@ int __cold open_ctree(struct super_block + goto fail_alloc; + } + ++ btrfs_info(fs_info, "first mount of filesystem %pU", disk_super->fsid); + /* + * Verify the type first, if that or the checksum value are + * corrupted, we'll find out +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -391,7 +391,10 @@ void __btrfs_panic(struct btrfs_fs_info + + static void btrfs_put_super(struct super_block *sb) + { +- close_ctree(btrfs_sb(sb)); ++ struct btrfs_fs_info *fs_info = btrfs_sb(sb); ++ ++ btrfs_info(fs_info, "last unmount of filesystem %pU", fs_info->fs_devices->fsid); ++ close_ctree(fs_info); + } + + enum { diff --git a/queue-6.1/btrfs-fix-64bit-compat-send-ioctl-arguments-not-initializing-version-member.patch b/queue-6.1/btrfs-fix-64bit-compat-send-ioctl-arguments-not-initializing-version-member.patch new file mode 100644 index 00000000000..d195b839a80 --- /dev/null +++ b/queue-6.1/btrfs-fix-64bit-compat-send-ioctl-arguments-not-initializing-version-member.patch @@ -0,0 +1,36 @@ +From 5de0434bc064606d6b7467ec3e5ad22963a18c04 Mon Sep 17 00:00:00 2001 +From: David Sterba +Date: Tue, 14 Nov 2023 17:44:11 +0100 +Subject: btrfs: fix 64bit compat send ioctl arguments not initializing version member + +From: David Sterba + +commit 5de0434bc064606d6b7467ec3e5ad22963a18c04 upstream. + +When the send protocol versioning was added in 5.16 e77fbf990316 +("btrfs: send: prepare for v2 protocol"), the 32/64bit compat code was +not updated (added by 2351f431f727 ("btrfs: fix send ioctl on 32bit with +64bit kernel")), missing the version struct member. The compat code is +probably rarely used, nobody reported any bugs. + +Found by tool https://github.com/jirislaby/clang-struct . + +Fixes: e77fbf990316 ("btrfs: send: prepare for v2 protocol") +CC: stable@vger.kernel.org # 6.1+ +Reviewed-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/ioctl.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -5236,6 +5236,7 @@ static int _btrfs_ioctl_send(struct inod + arg->clone_sources = compat_ptr(args32.clone_sources); + arg->parent_root = args32.parent_root; + arg->flags = args32.flags; ++ arg->version = args32.version; + memcpy(arg->reserved, args32.reserved, + sizeof(args32.reserved)); + #else diff --git a/queue-6.1/btrfs-fix-off-by-one-when-checking-chunk-map-includes-logical-address.patch b/queue-6.1/btrfs-fix-off-by-one-when-checking-chunk-map-includes-logical-address.patch new file mode 100644 index 00000000000..e4a2e319296 --- /dev/null +++ b/queue-6.1/btrfs-fix-off-by-one-when-checking-chunk-map-includes-logical-address.patch @@ -0,0 +1,43 @@ +From 5fba5a571858ce2d787fdaf55814e42725bfa895 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Tue, 21 Nov 2023 13:38:32 +0000 +Subject: btrfs: fix off-by-one when checking chunk map includes logical address + +From: Filipe Manana + +commit 5fba5a571858ce2d787fdaf55814e42725bfa895 upstream. + +At btrfs_get_chunk_map() we get the extent map for the chunk that contains +the given logical address stored in the 'logical' argument. Then we do +sanity checks to verify the extent map contains the logical address. One +of these checks verifies if the extent map covers a range with an end +offset behind the target logical address - however this check has an +off-by-one error since it will consider an extent map whose start offset +plus its length matches the target logical address as inclusive, while +the fact is that the last byte it covers is behind the target logical +address (by 1). + +So fix this condition by using '<=' rather than '<' when comparing the +extent map's "start + length" against the target logical address. + +CC: stable@vger.kernel.org # 4.14+ +Reviewed-by: Josef Bacik +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/volumes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/volumes.c ++++ b/fs/btrfs/volumes.c +@@ -3079,7 +3079,7 @@ struct extent_map *btrfs_get_chunk_map(s + return ERR_PTR(-EINVAL); + } + +- if (em->start > logical || em->start + em->len < logical) { ++ if (em->start > logical || em->start + em->len <= logical) { + btrfs_crit(fs_info, + "found a bad mapping, wanted %llu-%llu, found %llu-%llu", + logical, length, em->start, em->start + em->len); diff --git a/queue-6.1/btrfs-make-error-messages-more-clear-when-getting-a-chunk-map.patch b/queue-6.1/btrfs-make-error-messages-more-clear-when-getting-a-chunk-map.patch new file mode 100644 index 00000000000..62e79568f57 --- /dev/null +++ b/queue-6.1/btrfs-make-error-messages-more-clear-when-getting-a-chunk-map.patch @@ -0,0 +1,50 @@ +From 7d410d5efe04e42a6cd959bfe6d59d559fdf8b25 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Tue, 21 Nov 2023 13:38:33 +0000 +Subject: btrfs: make error messages more clear when getting a chunk map + +From: Filipe Manana + +commit 7d410d5efe04e42a6cd959bfe6d59d559fdf8b25 upstream. + +When getting a chunk map, at btrfs_get_chunk_map(), we do some sanity +checks to verify we found a chunk map and that map found covers the +logical address the caller passed in. However the messages aren't very +clear in the sense that don't mention the issue is with a chunk map and +one of them prints the 'length' argument as if it were the end offset of +the requested range (while the in the string format we use %llu-%llu +which suggests a range, and the second %llu-%llu is actually a range for +the chunk map). So improve these two details in the error messages. + +CC: stable@vger.kernel.org # 5.4+ +Reviewed-by: Josef Bacik +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/volumes.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/fs/btrfs/volumes.c ++++ b/fs/btrfs/volumes.c +@@ -3074,15 +3074,16 @@ struct extent_map *btrfs_get_chunk_map(s + read_unlock(&em_tree->lock); + + if (!em) { +- btrfs_crit(fs_info, "unable to find logical %llu length %llu", ++ btrfs_crit(fs_info, ++ "unable to find chunk map for logical %llu length %llu", + logical, length); + return ERR_PTR(-EINVAL); + } + + if (em->start > logical || em->start + em->len <= logical) { + btrfs_crit(fs_info, +- "found a bad mapping, wanted %llu-%llu, found %llu-%llu", +- logical, length, em->start, em->start + em->len); ++ "found a bad chunk map, wanted %llu-%llu, found %llu-%llu", ++ logical, logical + length, em->start, em->start + em->len); + free_extent_map(em); + return ERR_PTR(-EINVAL); + } diff --git a/queue-6.1/btrfs-ref-verify-fix-memory-leaks-in-btrfs_ref_tree_mod.patch b/queue-6.1/btrfs-ref-verify-fix-memory-leaks-in-btrfs_ref_tree_mod.patch new file mode 100644 index 00000000000..195f59465ac --- /dev/null +++ b/queue-6.1/btrfs-ref-verify-fix-memory-leaks-in-btrfs_ref_tree_mod.patch @@ -0,0 +1,48 @@ +From f91192cd68591c6b037da345bc9fcd5e50540358 Mon Sep 17 00:00:00 2001 +From: Bragatheswaran Manickavel +Date: Sat, 18 Nov 2023 14:40:12 +0530 +Subject: btrfs: ref-verify: fix memory leaks in btrfs_ref_tree_mod() + +From: Bragatheswaran Manickavel + +commit f91192cd68591c6b037da345bc9fcd5e50540358 upstream. + +In btrfs_ref_tree_mod(), when !parent 're' was allocated through +kmalloc(). In the following code, if an error occurs, the execution will +be redirected to 'out' or 'out_unlock' and the function will be exited. +However, on some of the paths, 're' are not deallocated and may lead to +memory leaks. + +For example: lookup_block_entry() for 'be' returns NULL, the out label +will be invoked. During that flow ref and 'ra' are freed but not 're', +which can potentially lead to a memory leak. + +CC: stable@vger.kernel.org # 5.10+ +Reported-and-tested-by: syzbot+d66de4cbf532749df35f@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=d66de4cbf532749df35f +Signed-off-by: Bragatheswaran Manickavel +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/ref-verify.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/btrfs/ref-verify.c ++++ b/fs/btrfs/ref-verify.c +@@ -788,6 +788,7 @@ int btrfs_ref_tree_mod(struct btrfs_fs_i + dump_ref_action(fs_info, ra); + kfree(ref); + kfree(ra); ++ kfree(re); + goto out_unlock; + } else if (be->num_refs == 0) { + btrfs_err(fs_info, +@@ -797,6 +798,7 @@ int btrfs_ref_tree_mod(struct btrfs_fs_i + dump_ref_action(fs_info, ra); + kfree(ref); + kfree(ra); ++ kfree(re); + goto out_unlock; + } + diff --git a/queue-6.1/btrfs-send-ensure-send_fd-is-writable.patch b/queue-6.1/btrfs-send-ensure-send_fd-is-writable.patch new file mode 100644 index 00000000000..fa94832a906 --- /dev/null +++ b/queue-6.1/btrfs-send-ensure-send_fd-is-writable.patch @@ -0,0 +1,44 @@ +From 0ac1d13a55eb37d398b63e6ff6db4a09a2c9128c Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Fri, 24 Nov 2023 17:48:31 +0100 +Subject: btrfs: send: ensure send_fd is writable + +From: Jann Horn + +commit 0ac1d13a55eb37d398b63e6ff6db4a09a2c9128c upstream. + +kernel_write() requires the caller to ensure that the file is writable. +Let's do that directly after looking up the ->send_fd. + +We don't need a separate bailout path because the "out" path already +does fput() if ->send_filp is non-NULL. + +This has no security impact for two reasons: + + - the ioctl requires CAP_SYS_ADMIN + - __kernel_write() bails out on read-only files - but only since 5.8, + see commit a01ac27be472 ("fs: check FMODE_WRITE in __kernel_write") + +Reported-and-tested-by: syzbot+12e098239d20385264d3@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=12e098239d20385264d3 +Fixes: 31db9f7c23fb ("Btrfs: introduce BTRFS_IOC_SEND for btrfs send/receive") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Jann Horn +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/send.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/send.c ++++ b/fs/btrfs/send.c +@@ -7885,7 +7885,7 @@ long btrfs_ioctl_send(struct inode *inod + } + + sctx->send_filp = fget(arg->send_fd); +- if (!sctx->send_filp) { ++ if (!sctx->send_filp || !(sctx->send_filp->f_mode & FMODE_WRITE)) { + ret = -EBADF; + goto out; + } diff --git a/queue-6.1/cpufreq-amd-pstate-fix-the-return-value-of-amd_pstate_fast_switch.patch b/queue-6.1/cpufreq-amd-pstate-fix-the-return-value-of-amd_pstate_fast_switch.patch new file mode 100644 index 00000000000..d9da53eadf7 --- /dev/null +++ b/queue-6.1/cpufreq-amd-pstate-fix-the-return-value-of-amd_pstate_fast_switch.patch @@ -0,0 +1,43 @@ +From bb87be267b8ee9b40917fb5bf51be5ddb33c37c2 Mon Sep 17 00:00:00 2001 +From: "Gautham R. Shenoy" +Date: Mon, 27 Nov 2023 16:41:21 +0530 +Subject: cpufreq/amd-pstate: Fix the return value of amd_pstate_fast_switch() + +From: Gautham R. Shenoy + +commit bb87be267b8ee9b40917fb5bf51be5ddb33c37c2 upstream. + +cpufreq_driver->fast_switch() callback expects a frequency as a return +value. amd_pstate_fast_switch() was returning the return value of +amd_pstate_update_freq(), which only indicates a success or failure. + +Fix this by making amd_pstate_fast_switch() return the target_freq +when the call to amd_pstate_update_freq() is successful, and return +the current frequency from policy->cur when the call to +amd_pstate_update_freq() is unsuccessful. + +Fixes: 4badf2eb1e98 ("cpufreq: amd-pstate: Add ->fast_switch() callback") +Acked-by: Huang Rui +Reviewed-by: Wyes Karny +Reviewed-by: Perry Yuan +Cc: 6.4+ # v6.4+ +Signed-off-by: Gautham R. Shenoy +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/cpufreq/amd-pstate.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/cpufreq/amd-pstate.c ++++ b/drivers/cpufreq/amd-pstate.c +@@ -296,7 +296,9 @@ static int amd_pstate_target(struct cpuf + static unsigned int amd_pstate_fast_switch(struct cpufreq_policy *policy, + unsigned int target_freq) + { +- return amd_pstate_update_freq(policy, target_freq, true); ++ if (!amd_pstate_update_freq(policy, target_freq, true)) ++ return target_freq; ++ return policy->cur; + } + + static void amd_pstate_adjust_perf(unsigned int cpu, diff --git a/queue-6.1/dma-buf-fix-check-in-dma_resv_add_fence.patch b/queue-6.1/dma-buf-fix-check-in-dma_resv_add_fence.patch new file mode 100644 index 00000000000..049cd6a677c --- /dev/null +++ b/queue-6.1/dma-buf-fix-check-in-dma_resv_add_fence.patch @@ -0,0 +1,61 @@ +From 95ba893c9f4feb836ddce627efd0bb6af6667031 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20K=C3=B6nig?= +Date: Tue, 14 Nov 2023 13:37:09 +0100 +Subject: dma-buf: fix check in dma_resv_add_fence +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian König + +commit 95ba893c9f4feb836ddce627efd0bb6af6667031 upstream. + +It's valid to add the same fence multiple times to a dma-resv object and +we shouldn't need one extra slot for each. + +Signed-off-by: Christian König +Reviewed-by: Thomas Hellström +Fixes: a3f7c10a269d5 ("dma-buf/dma-resv: check if the new fence is really later") +Cc: stable@vger.kernel.org # v5.19+ +Link: https://patchwork.freedesktop.org/patch/msgid/20231115093035.1889-1-christian.koenig@amd.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma-buf/dma-resv.c | 2 +- + include/linux/dma-fence.h | 15 +++++++++++++++ + 2 files changed, 16 insertions(+), 1 deletion(-) + +--- a/drivers/dma-buf/dma-resv.c ++++ b/drivers/dma-buf/dma-resv.c +@@ -296,7 +296,7 @@ void dma_resv_add_fence(struct dma_resv + + dma_resv_list_entry(fobj, i, obj, &old, &old_usage); + if ((old->context == fence->context && old_usage >= usage && +- dma_fence_is_later(fence, old)) || ++ dma_fence_is_later_or_same(fence, old)) || + dma_fence_is_signaled(old)) { + dma_resv_list_set(fobj, i, fence, usage); + dma_fence_put(old); +--- a/include/linux/dma-fence.h ++++ b/include/linux/dma-fence.h +@@ -479,6 +479,21 @@ static inline bool dma_fence_is_later(st + } + + /** ++ * dma_fence_is_later_or_same - return true if f1 is later or same as f2 ++ * @f1: the first fence from the same context ++ * @f2: the second fence from the same context ++ * ++ * Returns true if f1 is chronologically later than f2 or the same fence. Both ++ * fences must be from the same context, since a seqno is not re-used across ++ * contexts. ++ */ ++static inline bool dma_fence_is_later_or_same(struct dma_fence *f1, ++ struct dma_fence *f2) ++{ ++ return f1 == f2 || dma_fence_is_later(f1, f2); ++} ++ ++/** + * dma_fence_later - return the chronologically later fence + * @f1: the first fence from the same context + * @f2: the second fence from the same context diff --git a/queue-6.1/iommu-vt-d-add-mtl-to-quirk-list-to-skip-te-disabling.patch b/queue-6.1/iommu-vt-d-add-mtl-to-quirk-list-to-skip-te-disabling.patch new file mode 100644 index 00000000000..a1a2c77da8a --- /dev/null +++ b/queue-6.1/iommu-vt-d-add-mtl-to-quirk-list-to-skip-te-disabling.patch @@ -0,0 +1,45 @@ +From 85b80fdffa867d75dfb9084a839e7949e29064e8 Mon Sep 17 00:00:00 2001 +From: "Abdul Halim, Mohd Syazwan" +Date: Wed, 22 Nov 2023 11:26:06 +0800 +Subject: iommu/vt-d: Add MTL to quirk list to skip TE disabling + +From: Abdul Halim, Mohd Syazwan + +commit 85b80fdffa867d75dfb9084a839e7949e29064e8 upstream. + +The VT-d spec requires (10.4.4 Global Command Register, TE field) that: + +Hardware implementations supporting DMA draining must drain any in-flight +DMA read/write requests queued within the Root-Complex before switching +address translation on or off and reflecting the status of the command +through the TES field in the Global Status register. + +Unfortunately, some integrated graphic devices fail to do so after some +kind of power state transition. As the result, the system might stuck in +iommu_disable_translation(), waiting for the completion of TE transition. + +Add MTL to the quirk list for those devices and skips TE disabling if the +qurik hits. + +Fixes: b1012ca8dc4f ("iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu") +Cc: stable@vger.kernel.org +Signed-off-by: Abdul Halim, Mohd Syazwan +Signed-off-by: Lu Baolu +Link: https://lore.kernel.org/r/20231116022324.30120-1-baolu.lu@linux.intel.com +Signed-off-by: Joerg Roedel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iommu/intel/iommu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iommu/intel/iommu.c ++++ b/drivers/iommu/intel/iommu.c +@@ -4872,7 +4872,7 @@ static void quirk_igfx_skip_te_disable(s + ver = (dev->device >> 8) & 0xff; + if (ver != 0x45 && ver != 0x46 && ver != 0x4c && + ver != 0x4e && ver != 0x8a && ver != 0x98 && +- ver != 0x9a && ver != 0xa7) ++ ver != 0x9a && ver != 0xa7 && ver != 0x7d) + return; + + if (risky_device(dev)) diff --git a/queue-6.1/kvm-ppc-book3s-hv-fix-kvm_run-clobbering-fp-vec-user-registers.patch b/queue-6.1/kvm-ppc-book3s-hv-fix-kvm_run-clobbering-fp-vec-user-registers.patch new file mode 100644 index 00000000000..a5f99a5b8da --- /dev/null +++ b/queue-6.1/kvm-ppc-book3s-hv-fix-kvm_run-clobbering-fp-vec-user-registers.patch @@ -0,0 +1,47 @@ +From dc158d23b33df9033bcc8e7117e8591dd2f9d125 Mon Sep 17 00:00:00 2001 +From: Nicholas Piggin +Date: Wed, 22 Nov 2023 12:58:11 +1000 +Subject: KVM: PPC: Book3S HV: Fix KVM_RUN clobbering FP/VEC user registers + +From: Nicholas Piggin + +commit dc158d23b33df9033bcc8e7117e8591dd2f9d125 upstream. + +Before running a guest, the host process (e.g., QEMU) FP/VEC registers +are saved if they were being used, similarly to when the kernel uses FP +registers. The guest values are then loaded into regs, and the host +process registers will be restored lazily when it uses FP/VEC. + +KVM HV has a bug here: the host process registers do get saved, but the +user MSR bits remain enabled, which indicates the registers are valid +for the process. After they are clobbered by running the guest, this +valid indication causes the host process to take on the FP/VEC register +values of the guest. + +Fixes: 34e119c96b2b ("KVM: PPC: Book3S HV P9: Reduce mtmsrd instructions required to save host SPRs") +Cc: stable@vger.kernel.org # v5.17+ +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://msgid.link/20231122025811.2973-1-npiggin@gmail.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/process.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/powerpc/kernel/process.c ++++ b/arch/powerpc/kernel/process.c +@@ -1163,11 +1163,11 @@ void kvmppc_save_user_regs(void) + + usermsr = current->thread.regs->msr; + ++ /* Caller has enabled FP/VEC/VSX/TM in MSR */ + if (usermsr & MSR_FP) +- save_fpu(current); +- ++ __giveup_fpu(current); + if (usermsr & MSR_VEC) +- save_altivec(current); ++ __giveup_altivec(current); + + #ifdef CONFIG_PPC_TRANSACTIONAL_MEM + if (usermsr & MSR_TM) { diff --git a/queue-6.1/parisc-drop-the-hp-ux-enosym-and-eremoterelease-error-codes.patch b/queue-6.1/parisc-drop-the-hp-ux-enosym-and-eremoterelease-error-codes.patch new file mode 100644 index 00000000000..f20743ecf44 --- /dev/null +++ b/queue-6.1/parisc-drop-the-hp-ux-enosym-and-eremoterelease-error-codes.patch @@ -0,0 +1,87 @@ +From e5f3e299a2b1e9c3ece24a38adfc089aef307e8a Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Thu, 23 Nov 2023 20:28:27 +0100 +Subject: parisc: Drop the HP-UX ENOSYM and EREMOTERELEASE error codes + +From: Helge Deller + +commit e5f3e299a2b1e9c3ece24a38adfc089aef307e8a upstream. + +Those return codes are only defined for the parisc architecture and +are leftovers from when we wanted to be HP-UX compatible. + +They are not returned by any Linux kernel syscall but do trigger +problems with the glibc strerrorname_np() and strerror() functions as +reported in glibc issue #31080. + +There is no need to keep them, so simply remove them. + +Signed-off-by: Helge Deller +Reported-by: Bruno Haible +Closes: https://sourceware.org/bugzilla/show_bug.cgi?id=31080 +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/uapi/asm/errno.h | 2 -- + lib/errname.c | 6 ------ + tools/arch/parisc/include/uapi/asm/errno.h | 2 -- + 3 files changed, 10 deletions(-) + +--- a/arch/parisc/include/uapi/asm/errno.h ++++ b/arch/parisc/include/uapi/asm/errno.h +@@ -75,7 +75,6 @@ + + /* We now return you to your regularly scheduled HPUX. */ + +-#define ENOSYM 215 /* symbol does not exist in executable */ + #define ENOTSOCK 216 /* Socket operation on non-socket */ + #define EDESTADDRREQ 217 /* Destination address required */ + #define EMSGSIZE 218 /* Message too long */ +@@ -101,7 +100,6 @@ + #define ETIMEDOUT 238 /* Connection timed out */ + #define ECONNREFUSED 239 /* Connection refused */ + #define EREFUSED ECONNREFUSED /* for HP's NFS apparently */ +-#define EREMOTERELEASE 240 /* Remote peer released connection */ + #define EHOSTDOWN 241 /* Host is down */ + #define EHOSTUNREACH 242 /* No route to host */ + +--- a/lib/errname.c ++++ b/lib/errname.c +@@ -111,9 +111,6 @@ static const char *names_0[] = { + E(ENOSPC), + E(ENOSR), + E(ENOSTR), +-#ifdef ENOSYM +- E(ENOSYM), +-#endif + E(ENOSYS), + E(ENOTBLK), + E(ENOTCONN), +@@ -144,9 +141,6 @@ static const char *names_0[] = { + #endif + E(EREMOTE), + E(EREMOTEIO), +-#ifdef EREMOTERELEASE +- E(EREMOTERELEASE), +-#endif + E(ERESTART), + E(ERFKILL), + E(EROFS), +--- a/tools/arch/parisc/include/uapi/asm/errno.h ++++ b/tools/arch/parisc/include/uapi/asm/errno.h +@@ -75,7 +75,6 @@ + + /* We now return you to your regularly scheduled HPUX. */ + +-#define ENOSYM 215 /* symbol does not exist in executable */ + #define ENOTSOCK 216 /* Socket operation on non-socket */ + #define EDESTADDRREQ 217 /* Destination address required */ + #define EMSGSIZE 218 /* Message too long */ +@@ -101,7 +100,6 @@ + #define ETIMEDOUT 238 /* Connection timed out */ + #define ECONNREFUSED 239 /* Connection refused */ + #define EREFUSED ECONNREFUSED /* for HP's NFS apparently */ +-#define EREMOTERELEASE 240 /* Remote peer released connection */ + #define EHOSTDOWN 241 /* Host is down */ + #define EHOSTUNREACH 242 /* No route to host */ + diff --git a/queue-6.1/parisc-ensure-32-bit-alignment-on-parisc-unwind-section.patch b/queue-6.1/parisc-ensure-32-bit-alignment-on-parisc-unwind-section.patch new file mode 100644 index 00000000000..35f6eae6715 --- /dev/null +++ b/queue-6.1/parisc-ensure-32-bit-alignment-on-parisc-unwind-section.patch @@ -0,0 +1,28 @@ +From c9fcb2b65c2849e8ff3be23fd8828312fb68dc19 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 25 Nov 2023 09:16:02 +0100 +Subject: parisc: Ensure 32-bit alignment on parisc unwind section + +From: Helge Deller + +commit c9fcb2b65c2849e8ff3be23fd8828312fb68dc19 upstream. + +Make sure the .PARISC.unwind section will be 32-bit aligned. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org # v6.0+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/kernel/vmlinux.lds.S | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/parisc/kernel/vmlinux.lds.S ++++ b/arch/parisc/kernel/vmlinux.lds.S +@@ -131,6 +131,7 @@ SECTIONS + RO_DATA(8) + + /* unwind info */ ++ . = ALIGN(4); + .PARISC.unwind : { + __start___unwind = .; + *(.PARISC.unwind) diff --git a/queue-6.1/parisc-mark-altinstructions-read-only-and-32-bit-aligned.patch b/queue-6.1/parisc-mark-altinstructions-read-only-and-32-bit-aligned.patch new file mode 100644 index 00000000000..1621d27cac0 --- /dev/null +++ b/queue-6.1/parisc-mark-altinstructions-read-only-and-32-bit-aligned.patch @@ -0,0 +1,53 @@ +From 33f806da2df68606f77d7b892cd1298ba3d463e8 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Mon, 20 Nov 2023 23:10:20 +0100 +Subject: parisc: Mark altinstructions read-only and 32-bit aligned + +From: Helge Deller + +commit 33f806da2df68606f77d7b892cd1298ba3d463e8 upstream. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org # v6.0+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/alternative.h | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/arch/parisc/include/asm/alternative.h b/arch/parisc/include/asm/alternative.h +index 1ed45fd085d3..1eb488f25b83 100644 +--- a/arch/parisc/include/asm/alternative.h ++++ b/arch/parisc/include/asm/alternative.h +@@ -34,7 +34,8 @@ void apply_alternatives(struct alt_instr *start, struct alt_instr *end, + + /* Alternative SMP implementation. */ + #define ALTERNATIVE(cond, replacement) "!0:" \ +- ".section .altinstructions, \"aw\" !" \ ++ ".section .altinstructions, \"a\" !" \ ++ ".align 4 !" \ + ".word (0b-4-.) !" \ + ".hword 1, " __stringify(cond) " !" \ + ".word " __stringify(replacement) " !" \ +@@ -44,7 +45,8 @@ void apply_alternatives(struct alt_instr *start, struct alt_instr *end, + + /* to replace one single instructions by a new instruction */ + #define ALTERNATIVE(from, to, cond, replacement)\ +- .section .altinstructions, "aw" ! \ ++ .section .altinstructions, "a" ! \ ++ .align 4 ! \ + .word (from - .) ! \ + .hword (to - from)/4, cond ! \ + .word replacement ! \ +@@ -52,7 +54,8 @@ void apply_alternatives(struct alt_instr *start, struct alt_instr *end, + + /* to replace multiple instructions by new code */ + #define ALTERNATIVE_CODE(from, num_instructions, cond, new_instr_ptr)\ +- .section .altinstructions, "aw" ! \ ++ .section .altinstructions, "a" ! \ ++ .align 4 ! \ + .word (from - .) ! \ + .hword -num_instructions, cond ! \ + .word (new_instr_ptr - .) ! \ +-- +2.43.0 + diff --git a/queue-6.1/parisc-mark-ex_table-entries-32-bit-aligned-in-assembly.h.patch b/queue-6.1/parisc-mark-ex_table-entries-32-bit-aligned-in-assembly.h.patch new file mode 100644 index 00000000000..52c5bc9fe80 --- /dev/null +++ b/queue-6.1/parisc-mark-ex_table-entries-32-bit-aligned-in-assembly.h.patch @@ -0,0 +1,34 @@ +From e11d4cccd094a7cd4696c8c42e672c76c092dad5 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Mon, 20 Nov 2023 15:37:50 +0100 +Subject: parisc: Mark ex_table entries 32-bit aligned in assembly.h + +From: Helge Deller + +commit e11d4cccd094a7cd4696c8c42e672c76c092dad5 upstream. + +Add an align statement to tell the linker that all ex_table entries and as +such the whole ex_table section should be 32-bit aligned in vmlinux and modules. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org # v6.0+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/assembly.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/parisc/include/asm/assembly.h b/arch/parisc/include/asm/assembly.h +index 75677b526b2b..74d17d7e759d 100644 +--- a/arch/parisc/include/asm/assembly.h ++++ b/arch/parisc/include/asm/assembly.h +@@ -574,6 +574,7 @@ + */ + #define ASM_EXCEPTIONTABLE_ENTRY(fault_addr, except_addr) \ + .section __ex_table,"aw" ! \ ++ .align 4 ! \ + .word (fault_addr - .), (except_addr - .) ! \ + .previous + +-- +2.43.0 + diff --git a/queue-6.1/parisc-mark-ex_table-entries-32-bit-aligned-in-uaccess.h.patch b/queue-6.1/parisc-mark-ex_table-entries-32-bit-aligned-in-uaccess.h.patch new file mode 100644 index 00000000000..a2d171e53f9 --- /dev/null +++ b/queue-6.1/parisc-mark-ex_table-entries-32-bit-aligned-in-uaccess.h.patch @@ -0,0 +1,34 @@ +From a80aeb86542a50aa8521729ea4cc731ee7174f03 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Mon, 20 Nov 2023 15:39:03 +0100 +Subject: parisc: Mark ex_table entries 32-bit aligned in uaccess.h + +From: Helge Deller + +commit a80aeb86542a50aa8521729ea4cc731ee7174f03 upstream. + +Add an align statement to tell the linker that all ex_table entries and as +such the whole ex_table section should be 32-bit aligned in vmlinux and modules. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org # v6.0+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/uaccess.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h +index 2bf660eabe42..4165079898d9 100644 +--- a/arch/parisc/include/asm/uaccess.h ++++ b/arch/parisc/include/asm/uaccess.h +@@ -41,6 +41,7 @@ struct exception_table_entry { + + #define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr )\ + ".section __ex_table,\"aw\"\n" \ ++ ".align 4\n" \ + ".word (" #fault_addr " - .), (" #except_addr " - .)\n\t" \ + ".previous\n" + +-- +2.43.0 + diff --git a/queue-6.1/parisc-mark-jump_table-naturally-aligned.patch b/queue-6.1/parisc-mark-jump_table-naturally-aligned.patch new file mode 100644 index 00000000000..c42d7938424 --- /dev/null +++ b/queue-6.1/parisc-mark-jump_table-naturally-aligned.patch @@ -0,0 +1,56 @@ +From 07eecff8ae78df7f28800484d31337e1f9bfca3a Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Mon, 20 Nov 2023 23:14:39 +0100 +Subject: parisc: Mark jump_table naturally aligned + +From: Helge Deller + +commit 07eecff8ae78df7f28800484d31337e1f9bfca3a upstream. + +The jump_table stores two 32-bit words and one 32- (on 32-bit kernel) +or one 64-bit word (on 64-bit kernel). +Ensure that the last word is always 64-bit aligned on a 64-bit kernel +by aligning the whole structure on sizeof(long). + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org # v6.0+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/jump_label.h | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/arch/parisc/include/asm/jump_label.h b/arch/parisc/include/asm/jump_label.h +index af2a598bc0f8..94428798b6aa 100644 +--- a/arch/parisc/include/asm/jump_label.h ++++ b/arch/parisc/include/asm/jump_label.h +@@ -15,10 +15,12 @@ static __always_inline bool arch_static_branch(struct static_key *key, bool bran + asm_volatile_goto("1:\n\t" + "nop\n\t" + ".pushsection __jump_table, \"aw\"\n\t" ++ ".align %1\n\t" + ".word 1b - ., %l[l_yes] - .\n\t" + __stringify(ASM_ULONG_INSN) " %c0 - .\n\t" + ".popsection\n\t" +- : : "i" (&((char *)key)[branch]) : : l_yes); ++ : : "i" (&((char *)key)[branch]), "i" (sizeof(long)) ++ : : l_yes); + + return false; + l_yes: +@@ -30,10 +32,12 @@ static __always_inline bool arch_static_branch_jump(struct static_key *key, bool + asm_volatile_goto("1:\n\t" + "b,n %l[l_yes]\n\t" + ".pushsection __jump_table, \"aw\"\n\t" ++ ".align %1\n\t" + ".word 1b - ., %l[l_yes] - .\n\t" + __stringify(ASM_ULONG_INSN) " %c0 - .\n\t" + ".popsection\n\t" +- : : "i" (&((char *)key)[branch]) : : l_yes); ++ : : "i" (&((char *)key)[branch]), "i" (sizeof(long)) ++ : : l_yes); + + return false; + l_yes: +-- +2.43.0 + diff --git a/queue-6.1/parisc-mark-lock_aligned-variables-16-byte-aligned-on-smp.patch b/queue-6.1/parisc-mark-lock_aligned-variables-16-byte-aligned-on-smp.patch new file mode 100644 index 00000000000..e1ace2892f0 --- /dev/null +++ b/queue-6.1/parisc-mark-lock_aligned-variables-16-byte-aligned-on-smp.patch @@ -0,0 +1,32 @@ +From b28fc0d8739c03e7b6c44914a9d00d4c6dddc0ea Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 25 Nov 2023 09:11:56 +0100 +Subject: parisc: Mark lock_aligned variables 16-byte aligned on SMP + +From: Helge Deller + +commit b28fc0d8739c03e7b6c44914a9d00d4c6dddc0ea upstream. + +On parisc we need 16-byte alignment for variables which are used for +locking. Mark the __lock_aligned attribute acordingly so that the +.data..lock_aligned section will get that alignment in the generated +object files. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org # v6.0+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/ldcw.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/parisc/include/asm/ldcw.h ++++ b/arch/parisc/include/asm/ldcw.h +@@ -56,7 +56,7 @@ + }) + + #ifdef CONFIG_SMP +-# define __lock_aligned __section(".data..lock_aligned") ++# define __lock_aligned __section(".data..lock_aligned") __aligned(16) + #endif + + #endif /* __PARISC_LDCW_H */ diff --git a/queue-6.1/parisc-use-natural-cpu-alignment-for-bug_table.patch b/queue-6.1/parisc-use-natural-cpu-alignment-for-bug_table.patch new file mode 100644 index 00000000000..1924f176eb0 --- /dev/null +++ b/queue-6.1/parisc-use-natural-cpu-alignment-for-bug_table.patch @@ -0,0 +1,88 @@ +From fe76a1349f235969381832c83d703bc911021eb6 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Mon, 20 Nov 2023 23:30:49 +0100 +Subject: parisc: Use natural CPU alignment for bug_table + +From: Helge Deller + +commit fe76a1349f235969381832c83d703bc911021eb6 upstream. + +Make sure that the __bug_table section gets 32- or 64-bit aligned, +depending if a 32- or 64-bit kernel is being built. +Mark it non-writeable and use .blockz instead of the .org assembler +directive to pad the struct. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org # v6.0+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/bug.h | 30 ++++++++++++++++++------------ + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/arch/parisc/include/asm/bug.h b/arch/parisc/include/asm/bug.h +index 4b6d60b94124..b9cad0bb4461 100644 +--- a/arch/parisc/include/asm/bug.h ++++ b/arch/parisc/include/asm/bug.h +@@ -28,13 +28,15 @@ + do { \ + asm volatile("\n" \ + "1:\t" PARISC_BUG_BREAK_ASM "\n" \ +- "\t.pushsection __bug_table,\"aw\"\n" \ ++ "\t.pushsection __bug_table,\"a\"\n" \ ++ "\t.align %4\n" \ + "2:\t" ASM_WORD_INSN "1b, %c0\n" \ +- "\t.short %c1, %c2\n" \ +- "\t.org 2b+%c3\n" \ ++ "\t.short %1, %2\n" \ ++ "\t.blockz %3-2*%4-2*2\n" \ + "\t.popsection" \ + : : "i" (__FILE__), "i" (__LINE__), \ +- "i" (0), "i" (sizeof(struct bug_entry)) ); \ ++ "i" (0), "i" (sizeof(struct bug_entry)), \ ++ "i" (sizeof(long)) ); \ + unreachable(); \ + } while(0) + +@@ -51,27 +53,31 @@ + do { \ + asm volatile("\n" \ + "1:\t" PARISC_BUG_BREAK_ASM "\n" \ +- "\t.pushsection __bug_table,\"aw\"\n" \ ++ "\t.pushsection __bug_table,\"a\"\n" \ ++ "\t.align %4\n" \ + "2:\t" ASM_WORD_INSN "1b, %c0\n" \ +- "\t.short %c1, %c2\n" \ +- "\t.org 2b+%c3\n" \ ++ "\t.short %1, %2\n" \ ++ "\t.blockz %3-2*%4-2*2\n" \ + "\t.popsection" \ + : : "i" (__FILE__), "i" (__LINE__), \ + "i" (BUGFLAG_WARNING|(flags)), \ +- "i" (sizeof(struct bug_entry)) ); \ ++ "i" (sizeof(struct bug_entry)), \ ++ "i" (sizeof(long)) ); \ + } while(0) + #else + #define __WARN_FLAGS(flags) \ + do { \ + asm volatile("\n" \ + "1:\t" PARISC_BUG_BREAK_ASM "\n" \ +- "\t.pushsection __bug_table,\"aw\"\n" \ ++ "\t.pushsection __bug_table,\"a\"\n" \ ++ "\t.align %2\n" \ + "2:\t" ASM_WORD_INSN "1b\n" \ +- "\t.short %c0\n" \ +- "\t.org 2b+%c1\n" \ ++ "\t.short %0\n" \ ++ "\t.blockz %1-%2-2\n" \ + "\t.popsection" \ + : : "i" (BUGFLAG_WARNING|(flags)), \ +- "i" (sizeof(struct bug_entry)) ); \ ++ "i" (sizeof(struct bug_entry)), \ ++ "i" (sizeof(long)) ); \ + } while(0) + #endif + +-- +2.43.0 + diff --git a/queue-6.1/powercap-dtpm-fix-unneeded-conversions-to-micro-watts.patch b/queue-6.1/powercap-dtpm-fix-unneeded-conversions-to-micro-watts.patch new file mode 100644 index 00000000000..0c33f179270 --- /dev/null +++ b/queue-6.1/powercap-dtpm-fix-unneeded-conversions-to-micro-watts.patch @@ -0,0 +1,112 @@ +From b817f1488fca548fe50e2654d84a1956a16a1a8a Mon Sep 17 00:00:00 2001 +From: Lukasz Luba +Date: Mon, 27 Nov 2023 09:28:19 +0000 +Subject: powercap: DTPM: Fix unneeded conversions to micro-Watts + +From: Lukasz Luba + +commit b817f1488fca548fe50e2654d84a1956a16a1a8a upstream. + +The power values coming from the Energy Model are already in uW. + +The PowerCap and DTPM frameworks operate on uW, so all places should +just use the values from the EM. + +Fix the code by removing all of the conversion to uW still present in it. + +Fixes: ae6ccaa65038 (PM: EM: convert power field to micro-Watts precision and align drivers) +Cc: 5.19+ # v5.19+ +Signed-off-by: Lukasz Luba +[ rjw: Changelog edits ] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/powercap/dtpm_cpu.c | 6 +----- + drivers/powercap/dtpm_devfreq.c | 11 +++-------- + 2 files changed, 4 insertions(+), 13 deletions(-) + +diff --git a/drivers/powercap/dtpm_cpu.c b/drivers/powercap/dtpm_cpu.c +index 2ff7717530bf..8a2f18fa3faf 100644 +--- a/drivers/powercap/dtpm_cpu.c ++++ b/drivers/powercap/dtpm_cpu.c +@@ -24,7 +24,6 @@ + #include + #include + #include +-#include + + struct dtpm_cpu { + struct dtpm dtpm; +@@ -104,8 +103,7 @@ static u64 get_pd_power_uw(struct dtpm *dtpm) + if (pd->table[i].frequency < freq) + continue; + +- return scale_pd_power_uw(pd_mask, pd->table[i].power * +- MICROWATT_PER_MILLIWATT); ++ return scale_pd_power_uw(pd_mask, pd->table[i].power); + } + + return 0; +@@ -122,11 +120,9 @@ static int update_pd_power_uw(struct dtpm *dtpm) + nr_cpus = cpumask_weight(&cpus); + + dtpm->power_min = em->table[0].power; +- dtpm->power_min *= MICROWATT_PER_MILLIWATT; + dtpm->power_min *= nr_cpus; + + dtpm->power_max = em->table[em->nr_perf_states - 1].power; +- dtpm->power_max *= MICROWATT_PER_MILLIWATT; + dtpm->power_max *= nr_cpus; + + return 0; +diff --git a/drivers/powercap/dtpm_devfreq.c b/drivers/powercap/dtpm_devfreq.c +index 91276761a31d..612c3b59dd5b 100644 +--- a/drivers/powercap/dtpm_devfreq.c ++++ b/drivers/powercap/dtpm_devfreq.c +@@ -39,10 +39,8 @@ static int update_pd_power_uw(struct dtpm *dtpm) + struct em_perf_domain *pd = em_pd_get(dev); + + dtpm->power_min = pd->table[0].power; +- dtpm->power_min *= MICROWATT_PER_MILLIWATT; + + dtpm->power_max = pd->table[pd->nr_perf_states - 1].power; +- dtpm->power_max *= MICROWATT_PER_MILLIWATT; + + return 0; + } +@@ -54,13 +52,10 @@ static u64 set_pd_power_limit(struct dtpm *dtpm, u64 power_limit) + struct device *dev = devfreq->dev.parent; + struct em_perf_domain *pd = em_pd_get(dev); + unsigned long freq; +- u64 power; + int i; + + for (i = 0; i < pd->nr_perf_states; i++) { +- +- power = pd->table[i].power * MICROWATT_PER_MILLIWATT; +- if (power > power_limit) ++ if (pd->table[i].power > power_limit) + break; + } + +@@ -68,7 +63,7 @@ static u64 set_pd_power_limit(struct dtpm *dtpm, u64 power_limit) + + dev_pm_qos_update_request(&dtpm_devfreq->qos_req, freq); + +- power_limit = pd->table[i - 1].power * MICROWATT_PER_MILLIWATT; ++ power_limit = pd->table[i - 1].power; + + return power_limit; + } +@@ -110,7 +105,7 @@ static u64 get_pd_power_uw(struct dtpm *dtpm) + if (pd->table[i].frequency < freq) + continue; + +- power = pd->table[i].power * MICROWATT_PER_MILLIWATT; ++ power = pd->table[i].power; + power *= status.busy_time; + power >>= 10; + +-- +2.43.0 + diff --git a/queue-6.1/powerpc-don-t-clobber-f0-vs0-during-fp-altivec-register-save.patch b/queue-6.1/powerpc-don-t-clobber-f0-vs0-during-fp-altivec-register-save.patch new file mode 100644 index 00000000000..407bac56f58 --- /dev/null +++ b/queue-6.1/powerpc-don-t-clobber-f0-vs0-during-fp-altivec-register-save.patch @@ -0,0 +1,153 @@ +From 5e1d824f9a283cbf90f25241b66d1f69adb3835b Mon Sep 17 00:00:00 2001 +From: Timothy Pearson +Date: Sun, 19 Nov 2023 09:18:02 -0600 +Subject: powerpc: Don't clobber f0/vs0 during fp|altivec register save + +From: Timothy Pearson + +commit 5e1d824f9a283cbf90f25241b66d1f69adb3835b upstream. + +During floating point and vector save to thread data f0/vs0 are +clobbered by the FPSCR/VSCR store routine. This has been obvserved to +lead to userspace register corruption and application data corruption +with io-uring. + +Fix it by restoring f0/vs0 after FPSCR/VSCR store has completed for +all the FP, altivec, VMX register save paths. + +Tested under QEMU in kvm mode, running on a Talos II workstation with +dual POWER9 DD2.2 CPUs. + +Additional detail (mpe): + +Typically save_fpu() is called from __giveup_fpu() which saves the FP +regs and also *turns off FP* in the tasks MSR, meaning the kernel will +reload the FP regs from the thread struct before letting the task use FP +again. So in that case save_fpu() is free to clobber f0 because the FP +regs no longer hold live values for the task. + +There is another case though, which is the path via: + sys_clone() + ... + copy_process() + dup_task_struct() + arch_dup_task_struct() + flush_all_to_thread() + save_all() + +That path saves the FP regs but leaves them live. That's meant as an +optimisation for a process that's using FP/VSX and then calls fork(), +leaving the regs live means the parent process doesn't have to take a +fault after the fork to get its FP regs back. The optimisation was added +in commit 8792468da5e1 ("powerpc: Add the ability to save FPU without +giving it up"). + +That path does clobber f0, but f0 is volatile across function calls, +and typically programs reach copy_process() from userspace via a syscall +wrapper function. So in normal usage f0 being clobbered across a +syscall doesn't cause visible data corruption. + +But there is now a new path, because io-uring can call copy_process() +via create_io_thread() from the signal handling path. That's OK if the +signal is handled as part of syscall return, but it's not OK if the +signal is handled due to some other interrupt. + +That path is: + +interrupt_return_srr_user() + interrupt_exit_user_prepare() + interrupt_exit_user_prepare_main() + do_notify_resume() + get_signal() + task_work_run() + create_worker_cb() + create_io_worker() + copy_process() + dup_task_struct() + arch_dup_task_struct() + flush_all_to_thread() + save_all() + if (tsk->thread.regs->msr & MSR_FP) + save_fpu() + # f0 is clobbered and potentially live in userspace + +Note the above discussion applies equally to save_altivec(). + +Fixes: 8792468da5e1 ("powerpc: Add the ability to save FPU without giving it up") +Cc: stable@vger.kernel.org # v4.6+ +Closes: https://lore.kernel.org/all/480932026.45576726.1699374859845.JavaMail.zimbra@raptorengineeringinc.com/ +Closes: https://lore.kernel.org/linuxppc-dev/480221078.47953493.1700206777956.JavaMail.zimbra@raptorengineeringinc.com/ +Tested-by: Timothy Pearson +Tested-by: Jens Axboe +Signed-off-by: Timothy Pearson +[mpe: Reword change log to describe exact path of corruption & other minor tweaks] +Signed-off-by: Michael Ellerman +Link: https://msgid.link/1921539696.48534988.1700407082933.JavaMail.zimbra@raptorengineeringinc.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/fpu.S | 13 +++++++++++++ + arch/powerpc/kernel/vector.S | 2 ++ + 2 files changed, 15 insertions(+) + +--- a/arch/powerpc/kernel/fpu.S ++++ b/arch/powerpc/kernel/fpu.S +@@ -23,6 +23,15 @@ + #include + + #ifdef CONFIG_VSX ++#define __REST_1FPVSR(n,c,base) \ ++BEGIN_FTR_SECTION \ ++ b 2f; \ ++END_FTR_SECTION_IFSET(CPU_FTR_VSX); \ ++ REST_FPR(n,base); \ ++ b 3f; \ ++2: REST_VSR(n,c,base); \ ++3: ++ + #define __REST_32FPVSRS(n,c,base) \ + BEGIN_FTR_SECTION \ + b 2f; \ +@@ -41,9 +50,11 @@ END_FTR_SECTION_IFSET(CPU_FTR_VSX); + 2: SAVE_32VSRS(n,c,base); \ + 3: + #else ++#define __REST_1FPVSR(n,b,base) REST_FPR(n, base) + #define __REST_32FPVSRS(n,b,base) REST_32FPRS(n, base) + #define __SAVE_32FPVSRS(n,b,base) SAVE_32FPRS(n, base) + #endif ++#define REST_1FPVSR(n,c,base) __REST_1FPVSR(n,__REG_##c,__REG_##base) + #define REST_32FPVSRS(n,c,base) __REST_32FPVSRS(n,__REG_##c,__REG_##base) + #define SAVE_32FPVSRS(n,c,base) __SAVE_32FPVSRS(n,__REG_##c,__REG_##base) + +@@ -67,6 +78,7 @@ _GLOBAL(store_fp_state) + SAVE_32FPVSRS(0, R4, R3) + mffs fr0 + stfd fr0,FPSTATE_FPSCR(r3) ++ REST_1FPVSR(0, R4, R3) + blr + EXPORT_SYMBOL(store_fp_state) + +@@ -138,4 +150,5 @@ _GLOBAL(save_fpu) + 2: SAVE_32FPVSRS(0, R4, R6) + mffs fr0 + stfd fr0,FPSTATE_FPSCR(r6) ++ REST_1FPVSR(0, R4, R6) + blr +--- a/arch/powerpc/kernel/vector.S ++++ b/arch/powerpc/kernel/vector.S +@@ -32,6 +32,7 @@ _GLOBAL(store_vr_state) + mfvscr v0 + li r4, VRSTATE_VSCR + stvx v0, r4, r3 ++ lvx v0, 0, r3 + blr + EXPORT_SYMBOL(store_vr_state) + +@@ -108,6 +109,7 @@ _GLOBAL(save_altivec) + mfvscr v0 + li r4,VRSTATE_VSCR + stvx v0,r4,r7 ++ lvx v0,0,r7 + blr + + #ifdef CONFIG_VSX diff --git a/queue-6.1/series b/queue-6.1/series index a69166351ba..70e087eb343 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -26,3 +26,24 @@ drm-amd-display-fix-abm-disablement.patch dm-verity-initialize-fec-io-before-freeing-it.patch dm-verity-don-t-perform-fec-for-failed-readahead-io.patch nvme-check-for-valid-nvme_identify_ns-before-using-it.patch +powercap-dtpm-fix-unneeded-conversions-to-micro-watts.patch +cpufreq-amd-pstate-fix-the-return-value-of-amd_pstate_fast_switch.patch +dma-buf-fix-check-in-dma_resv_add_fence.patch +bcache-revert-replacing-is_err_or_null-with-is_err.patch +iommu-vt-d-add-mtl-to-quirk-list-to-skip-te-disabling.patch +kvm-ppc-book3s-hv-fix-kvm_run-clobbering-fp-vec-user-registers.patch +powerpc-don-t-clobber-f0-vs0-during-fp-altivec-register-save.patch +parisc-mark-ex_table-entries-32-bit-aligned-in-assembly.h.patch +parisc-mark-ex_table-entries-32-bit-aligned-in-uaccess.h.patch +parisc-use-natural-cpu-alignment-for-bug_table.patch +parisc-mark-lock_aligned-variables-16-byte-aligned-on-smp.patch +parisc-drop-the-hp-ux-enosym-and-eremoterelease-error-codes.patch +parisc-mark-jump_table-naturally-aligned.patch +parisc-ensure-32-bit-alignment-on-parisc-unwind-section.patch +parisc-mark-altinstructions-read-only-and-32-bit-aligned.patch +btrfs-add-dmesg-output-for-first-mount-and-last-unmount-of-a-filesystem.patch +btrfs-ref-verify-fix-memory-leaks-in-btrfs_ref_tree_mod.patch +btrfs-fix-off-by-one-when-checking-chunk-map-includes-logical-address.patch +btrfs-send-ensure-send_fd-is-writable.patch +btrfs-make-error-messages-more-clear-when-getting-a-chunk-map.patch +btrfs-fix-64bit-compat-send-ioctl-arguments-not-initializing-version-member.patch