From 0f839dcb3c038dfd5553dac6c2a55426e5e21fe7 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 18 Sep 2022 19:17:50 -0400 Subject: [PATCH] Fixes for 5.10 Signed-off-by: Sasha Levin --- ...ine-bestcomm-fix-system-boot-lockups.patch | 141 +++ ...eson-correct-osd1-global-alpha-value.patch | 40 + ...on-fix-osd1-rgb-to-ycbcr-coefficient.patch | 47 + ...-support-for-irq_type_level_low-flow.patch | 48 + ...v-context-tracking-exit-guest-contex.patch | 53 ++ ...ounting-should-defer-vtime-accountin.patch | 121 +++ ...x-allow-use-of-phys-on-cpu-and-dsa-p.patch | 121 +++ ...pen-by-filehandle-and-nfs-re-export-.patch | 69 ++ ...f-by-one-error-in-unflatten_dt_nodes.patch | 41 + ...nel-data-mapping-in-set_pte_at-when-.patch | 101 ++ ...isc-optimize-per-pagetable-spinlocks.patch | 879 ++++++++++++++++++ ...inctrl-sunxi-fix-name-for-a100-r_pio.patch | 38 + ...el-hid-add-quirk-to-support-surface-.patch | 44 + ...mobility-ignore-ibm-platform-facilit.patch | 181 ++++ ...mobility-refactor-node-lookup-during.patch | 154 +++ ...reporting-real-baudrate-value-in-c_o.patch | 84 ++ queue-5.10/series | 17 + ...-fix-new-urb-never-complete-if-ep-ca.patch | 102 ++ 18 files changed, 2281 insertions(+) create mode 100644 queue-5.10/dmaengine-bestcomm-fix-system-boot-lockups.patch create mode 100644 queue-5.10/drm-meson-correct-osd1-global-alpha-value.patch create mode 100644 queue-5.10/drm-meson-fix-osd1-rgb-to-ycbcr-coefficient.patch create mode 100644 queue-5.10/gpio-mpc8xxx-fix-support-for-irq_type_level_low-flow.patch create mode 100644 queue-5.10/kvm-ppc-book3s-hv-context-tracking-exit-guest-contex.patch create mode 100644 queue-5.10/kvm-ppc-tick-accounting-should-defer-vtime-accountin.patch create mode 100644 queue-5.10/net-dsa-mv88e6xxx-allow-use-of-phys-on-cpu-and-dsa-p.patch create mode 100644 queue-5.10/nfsv4-turn-off-open-by-filehandle-and-nfs-re-export-.patch create mode 100644 queue-5.10/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch create mode 100644 queue-5.10/parisc-flush-kernel-data-mapping-in-set_pte_at-when-.patch create mode 100644 queue-5.10/parisc-optimize-per-pagetable-spinlocks.patch create mode 100644 queue-5.10/pinctrl-sunxi-fix-name-for-a100-r_pio.patch create mode 100644 queue-5.10/platform-x86-intel-hid-add-quirk-to-support-surface-.patch create mode 100644 queue-5.10/powerpc-pseries-mobility-ignore-ibm-platform-facilit.patch create mode 100644 queue-5.10/powerpc-pseries-mobility-refactor-node-lookup-during.patch create mode 100644 queue-5.10/serial-8250-fix-reporting-real-baudrate-value-in-c_o.patch create mode 100644 queue-5.10/usb-cdns3-gadget-fix-new-urb-never-complete-if-ep-ca.patch diff --git a/queue-5.10/dmaengine-bestcomm-fix-system-boot-lockups.patch b/queue-5.10/dmaengine-bestcomm-fix-system-boot-lockups.patch new file mode 100644 index 00000000000..ce2209b1247 --- /dev/null +++ b/queue-5.10/dmaengine-bestcomm-fix-system-boot-lockups.patch @@ -0,0 +1,141 @@ +From 108396aae7bc469ce45822765530e8d88bde4193 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Oct 2021 11:40:12 +0200 +Subject: dmaengine: bestcomm: fix system boot lockups + +From: Anatolij Gustschin + +[ Upstream commit adec566b05288f2787a1f88dbaf77ed8b0c644fa ] + +memset() and memcpy() on an MMIO region like here results in a +lockup at startup on mpc5200 platform (since this first happens +during probing of the ATA and Ethernet drivers). Use memset_io() +and memcpy_toio() instead. + +Fixes: 2f9ea1bde0d1 ("bestcomm: core bestcomm support for Freescale MPC5200") +Cc: stable@vger.kernel.org # v5.14+ +Signed-off-by: Anatolij Gustschin +Link: https://lore.kernel.org/r/20211014094012.21286-1-agust@denx.de +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/bestcomm/ata.c | 2 +- + drivers/dma/bestcomm/bestcomm.c | 22 +++++++++++----------- + drivers/dma/bestcomm/fec.c | 4 ++-- + drivers/dma/bestcomm/gen_bd.c | 4 ++-- + 4 files changed, 16 insertions(+), 16 deletions(-) + +diff --git a/drivers/dma/bestcomm/ata.c b/drivers/dma/bestcomm/ata.c +index 2fd87f83cf90..e169f18da551 100644 +--- a/drivers/dma/bestcomm/ata.c ++++ b/drivers/dma/bestcomm/ata.c +@@ -133,7 +133,7 @@ void bcom_ata_reset_bd(struct bcom_task *tsk) + struct bcom_ata_var *var; + + /* Reset all BD */ +- memset(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); ++ memset_io(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); + + tsk->index = 0; + tsk->outdex = 0; +diff --git a/drivers/dma/bestcomm/bestcomm.c b/drivers/dma/bestcomm/bestcomm.c +index d91cbbe7a48f..8c42e5ca00a9 100644 +--- a/drivers/dma/bestcomm/bestcomm.c ++++ b/drivers/dma/bestcomm/bestcomm.c +@@ -95,7 +95,7 @@ bcom_task_alloc(int bd_count, int bd_size, int priv_size) + tsk->bd = bcom_sram_alloc(bd_count * bd_size, 4, &tsk->bd_pa); + if (!tsk->bd) + goto error; +- memset(tsk->bd, 0x00, bd_count * bd_size); ++ memset_io(tsk->bd, 0x00, bd_count * bd_size); + + tsk->num_bd = bd_count; + tsk->bd_size = bd_size; +@@ -186,16 +186,16 @@ bcom_load_image(int task, u32 *task_image) + inc = bcom_task_inc(task); + + /* Clear & copy */ +- memset(var, 0x00, BCOM_VAR_SIZE); +- memset(inc, 0x00, BCOM_INC_SIZE); ++ memset_io(var, 0x00, BCOM_VAR_SIZE); ++ memset_io(inc, 0x00, BCOM_INC_SIZE); + + desc_src = (u32 *)(hdr + 1); + var_src = desc_src + hdr->desc_size; + inc_src = var_src + hdr->var_size; + +- memcpy(desc, desc_src, hdr->desc_size * sizeof(u32)); +- memcpy(var + hdr->first_var, var_src, hdr->var_size * sizeof(u32)); +- memcpy(inc, inc_src, hdr->inc_size * sizeof(u32)); ++ memcpy_toio(desc, desc_src, hdr->desc_size * sizeof(u32)); ++ memcpy_toio(var + hdr->first_var, var_src, hdr->var_size * sizeof(u32)); ++ memcpy_toio(inc, inc_src, hdr->inc_size * sizeof(u32)); + + return 0; + } +@@ -302,13 +302,13 @@ static int bcom_engine_init(void) + return -ENOMEM; + } + +- memset(bcom_eng->tdt, 0x00, tdt_size); +- memset(bcom_eng->ctx, 0x00, ctx_size); +- memset(bcom_eng->var, 0x00, var_size); +- memset(bcom_eng->fdt, 0x00, fdt_size); ++ memset_io(bcom_eng->tdt, 0x00, tdt_size); ++ memset_io(bcom_eng->ctx, 0x00, ctx_size); ++ memset_io(bcom_eng->var, 0x00, var_size); ++ memset_io(bcom_eng->fdt, 0x00, fdt_size); + + /* Copy the FDT for the EU#3 */ +- memcpy(&bcom_eng->fdt[48], fdt_ops, sizeof(fdt_ops)); ++ memcpy_toio(&bcom_eng->fdt[48], fdt_ops, sizeof(fdt_ops)); + + /* Initialize Task base structure */ + for (task=0; taskindex = 0; + tsk->outdex = 0; + +- memset(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); ++ memset_io(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); + + /* Configure some stuff */ + bcom_set_task_pragma(tsk->tasknum, BCOM_FEC_RX_BD_PRAGMA); +@@ -241,7 +241,7 @@ bcom_fec_tx_reset(struct bcom_task *tsk) + tsk->index = 0; + tsk->outdex = 0; + +- memset(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); ++ memset_io(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); + + /* Configure some stuff */ + bcom_set_task_pragma(tsk->tasknum, BCOM_FEC_TX_BD_PRAGMA); +diff --git a/drivers/dma/bestcomm/gen_bd.c b/drivers/dma/bestcomm/gen_bd.c +index 906ddba6a6f5..8a24a5cbc263 100644 +--- a/drivers/dma/bestcomm/gen_bd.c ++++ b/drivers/dma/bestcomm/gen_bd.c +@@ -142,7 +142,7 @@ bcom_gen_bd_rx_reset(struct bcom_task *tsk) + tsk->index = 0; + tsk->outdex = 0; + +- memset(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); ++ memset_io(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); + + /* Configure some stuff */ + bcom_set_task_pragma(tsk->tasknum, BCOM_GEN_RX_BD_PRAGMA); +@@ -226,7 +226,7 @@ bcom_gen_bd_tx_reset(struct bcom_task *tsk) + tsk->index = 0; + tsk->outdex = 0; + +- memset(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); ++ memset_io(tsk->bd, 0x00, tsk->num_bd * tsk->bd_size); + + /* Configure some stuff */ + bcom_set_task_pragma(tsk->tasknum, BCOM_GEN_TX_BD_PRAGMA); +-- +2.35.1 + diff --git a/queue-5.10/drm-meson-correct-osd1-global-alpha-value.patch b/queue-5.10/drm-meson-correct-osd1-global-alpha-value.patch new file mode 100644 index 00000000000..1120fee13a0 --- /dev/null +++ b/queue-5.10/drm-meson-correct-osd1-global-alpha-value.patch @@ -0,0 +1,40 @@ +From aa434829b871f8aa9cfcb6d2e3946c1405934817 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Sep 2022 16:51:03 +0100 +Subject: drm/meson: Correct OSD1 global alpha value + +From: Stuart Menefy + +[ Upstream commit 6836829c8ea453c9e3e518e61539e35881c8ed5f ] + +VIU_OSD1_CTRL_STAT.GLOBAL_ALPHA is a 9 bit field, so the maximum +value is 0x100 not 0xff. + +This matches the vendor kernel. + +Signed-off-by: Stuart Menefy +Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller") +Reviewed-by: Neil Armstrong +Signed-off-by: Neil Armstrong +Link: https://patchwork.freedesktop.org/patch/msgid/20220908155103.686904-1-stuart.menefy@mathembedded.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/meson/meson_plane.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/meson/meson_plane.c b/drivers/gpu/drm/meson/meson_plane.c +index 35338ed18209..255c6b863f8d 100644 +--- a/drivers/gpu/drm/meson/meson_plane.c ++++ b/drivers/gpu/drm/meson/meson_plane.c +@@ -163,7 +163,7 @@ static void meson_plane_atomic_update(struct drm_plane *plane, + + /* Enable OSD and BLK0, set max global alpha */ + priv->viu.osd1_ctrl_stat = OSD_ENABLE | +- (0xFF << OSD_GLOBAL_ALPHA_SHIFT) | ++ (0x100 << OSD_GLOBAL_ALPHA_SHIFT) | + OSD_BLK0_ENABLE; + + priv->viu.osd1_ctrl_stat2 = readl(priv->io_base + +-- +2.35.1 + diff --git a/queue-5.10/drm-meson-fix-osd1-rgb-to-ycbcr-coefficient.patch b/queue-5.10/drm-meson-fix-osd1-rgb-to-ycbcr-coefficient.patch new file mode 100644 index 00000000000..7f6a8b47939 --- /dev/null +++ b/queue-5.10/drm-meson-fix-osd1-rgb-to-ycbcr-coefficient.patch @@ -0,0 +1,47 @@ +From 73aee469b94113de5cf3f177a69deb8e6f75c585 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Sep 2022 16:52:43 +0100 +Subject: drm/meson: Fix OSD1 RGB to YCbCr coefficient + +From: Stuart Menefy + +[ Upstream commit 6463d3930ba5b6addcfc8f80a4543976a2fc7656 ] + +VPP_WRAP_OSD1_MATRIX_COEF22.Coeff22 is documented as being bits 0-12, +not 16-28. + +Without this the output tends to have a pink hue, changing it results +in better color accuracy. + +The vendor kernel doesn't use this register. However the code which +sets VIU2_OSD1_MATRIX_COEF22 also uses bits 0-12. There is a slightly +different style of registers for configuring some of the other matrices, +which do use bits 16-28 for this coefficient, but those have names +ending in MATRIX_COEF22_30, and this is not one of those. + +Signed-off-by: Stuart Menefy +Fixes: 728883948b0d ("drm/meson: Add G12A Support for VIU setup") +Reviewed-by: Neil Armstrong +Signed-off-by: Neil Armstrong +Link: https://patchwork.freedesktop.org/patch/msgid/20220908155243.687143-1-stuart.menefy@mathembedded.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/meson/meson_viu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/meson/meson_viu.c b/drivers/gpu/drm/meson/meson_viu.c +index bb7e109534de..d4b907889a21 100644 +--- a/drivers/gpu/drm/meson/meson_viu.c ++++ b/drivers/gpu/drm/meson/meson_viu.c +@@ -94,7 +94,7 @@ static void meson_viu_set_g12a_osd1_matrix(struct meson_drm *priv, + priv->io_base + _REG(VPP_WRAP_OSD1_MATRIX_COEF11_12)); + writel(((m[9] & 0x1fff) << 16) | (m[10] & 0x1fff), + priv->io_base + _REG(VPP_WRAP_OSD1_MATRIX_COEF20_21)); +- writel((m[11] & 0x1fff) << 16, ++ writel((m[11] & 0x1fff), + priv->io_base + _REG(VPP_WRAP_OSD1_MATRIX_COEF22)); + + writel(((m[18] & 0xfff) << 16) | (m[19] & 0xfff), +-- +2.35.1 + diff --git a/queue-5.10/gpio-mpc8xxx-fix-support-for-irq_type_level_low-flow.patch b/queue-5.10/gpio-mpc8xxx-fix-support-for-irq_type_level_low-flow.patch new file mode 100644 index 00000000000..12c3f764faf --- /dev/null +++ b/queue-5.10/gpio-mpc8xxx-fix-support-for-irq_type_level_low-flow.patch @@ -0,0 +1,48 @@ +From 0fdc05b1ecd1616f8a1b4624be13d6c0aa955b2b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Sep 2022 12:54:31 +0200 +Subject: gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in + mpc85xx +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pali Rohár + +[ Upstream commit 279c12df8d2efb28def9d037f288cbfb97c30fe2 ] + +Commit e39d5ef67804 ("powerpc/5xxx: extend mpc8xxx_gpio driver to support +mpc512x gpios") implemented support for IRQ_TYPE_LEVEL_LOW flow type in +mpc512x via falling edge type. Do same for mpc85xx which support was added +in commit 345e5c8a1cc3 ("powerpc: Add interrupt support to mpc8xxx_gpio"). + +Fixes probing of lm90 hwmon driver on mpc85xx based board which use level +interrupt. Without it kernel prints error and refuse lm90 to work: + + [ 15.258370] genirq: Setting trigger mode 8 for irq 49 failed (mpc8xxx_irq_set_type+0x0/0xf8) + [ 15.267168] lm90 0-004c: cannot request IRQ 49 + [ 15.272708] lm90: probe of 0-004c failed with error -22 + +Fixes: 345e5c8a1cc3 ("powerpc: Add interrupt support to mpc8xxx_gpio") +Signed-off-by: Pali Rohár +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-mpc8xxx.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpio/gpio-mpc8xxx.c b/drivers/gpio/gpio-mpc8xxx.c +index d60d5520707d..60c2533a39a5 100644 +--- a/drivers/gpio/gpio-mpc8xxx.c ++++ b/drivers/gpio/gpio-mpc8xxx.c +@@ -169,6 +169,7 @@ static int mpc8xxx_irq_set_type(struct irq_data *d, unsigned int flow_type) + + switch (flow_type) { + case IRQ_TYPE_EDGE_FALLING: ++ case IRQ_TYPE_LEVEL_LOW: + raw_spin_lock_irqsave(&mpc8xxx_gc->lock, flags); + gc->write_reg(mpc8xxx_gc->regs + GPIO_ICR, + gc->read_reg(mpc8xxx_gc->regs + GPIO_ICR) +-- +2.35.1 + diff --git a/queue-5.10/kvm-ppc-book3s-hv-context-tracking-exit-guest-contex.patch b/queue-5.10/kvm-ppc-book3s-hv-context-tracking-exit-guest-contex.patch new file mode 100644 index 00000000000..8675065ea25 --- /dev/null +++ b/queue-5.10/kvm-ppc-book3s-hv-context-tracking-exit-guest-contex.patch @@ -0,0 +1,53 @@ +From 717449ad205e566989b15b9b57cff080442ab206 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 30 Jan 2021 23:08:12 +1000 +Subject: KVM: PPC: Book3S HV: Context tracking exit guest context before + enabling irqs + +From: Nicholas Piggin + +[ Upstream commit 112665286d08c87e66d699e7cba43c1497ad165f ] + +Interrupts that occur in kernel mode expect that context tracking +is set to kernel. Enabling local irqs before context tracking +switches from guest to host means interrupts can come in and trigger +warnings about wrong context, and possibly worse. + +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210130130852.2952424-3-npiggin@gmail.com +Stable-dep-of: 235cee162459 ("KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling") +Signed-off-by: Sasha Levin +--- + arch/powerpc/kvm/book3s_hv.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c +index 38b7a3491aac..d6c4e27f7ed9 100644 +--- a/arch/powerpc/kvm/book3s_hv.c ++++ b/arch/powerpc/kvm/book3s_hv.c +@@ -3399,8 +3399,9 @@ static noinline void kvmppc_run_core(struct kvmppc_vcore *vc) + + kvmppc_set_host_core(pcpu); + ++ guest_exit_irqoff(); ++ + local_irq_enable(); +- guest_exit(); + + /* Let secondaries go back to the offline loop */ + for (i = 0; i < controlled_threads; ++i) { +@@ -4235,8 +4236,9 @@ int kvmhv_run_single_vcpu(struct kvm_vcpu *vcpu, u64 time_limit, + + kvmppc_set_host_core(pcpu); + ++ guest_exit_irqoff(); ++ + local_irq_enable(); +- guest_exit(); + + cpumask_clear_cpu(pcpu, &kvm->arch.cpu_in_guest); + +-- +2.35.1 + diff --git a/queue-5.10/kvm-ppc-tick-accounting-should-defer-vtime-accountin.patch b/queue-5.10/kvm-ppc-tick-accounting-should-defer-vtime-accountin.patch new file mode 100644 index 00000000000..46d75c64e84 --- /dev/null +++ b/queue-5.10/kvm-ppc-tick-accounting-should-defer-vtime-accountin.patch @@ -0,0 +1,121 @@ +From 3aeed0c876227b61e7852f8a6345234a77261be9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Oct 2021 00:21:50 +1000 +Subject: KVM: PPC: Tick accounting should defer vtime accounting 'til after + IRQ handling + +From: Laurent Vivier + +[ Upstream commit 235cee162459d96153d63651ce7ff51752528c96 ] + +Commit 112665286d08 ("KVM: PPC: Book3S HV: Context tracking exit guest +context before enabling irqs") moved guest_exit() into the interrupt +protected area to avoid wrong context warning (or worse). The problem is +that tick-based time accounting has not yet been updated at this point +(because it depends on the timer interrupt firing), so the guest time +gets incorrectly accounted to system time. + +To fix the problem, follow the x86 fix in commit 160457140187 ("Defer +vtime accounting 'til after IRQ handling"), and allow host IRQs to run +before accounting the guest exit time. + +In the case vtime accounting is enabled, this is not required because TB +is used directly for accounting. + +Before this patch, with CONFIG_TICK_CPU_ACCOUNTING=y in the host and a +guest running a kernel compile, the 'guest' fields of /proc/stat are +stuck at zero. With the patch they can be observed increasing roughly as +expected. + +Fixes: e233d54d4d97 ("KVM: booke: use __kvm_guest_exit") +Fixes: 112665286d08 ("KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs") +Cc: stable@vger.kernel.org # 5.12+ +Signed-off-by: Laurent Vivier +[np: only required for tick accounting, add Book3E fix, tweak changelog] +Signed-off-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20211027142150.3711582-1-npiggin@gmail.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/kvm/book3s_hv.c | 30 ++++++++++++++++++++++++++++-- + arch/powerpc/kvm/booke.c | 16 +++++++++++++++- + 2 files changed, 43 insertions(+), 3 deletions(-) + +diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c +index d6c4e27f7ed9..1d2593238995 100644 +--- a/arch/powerpc/kvm/book3s_hv.c ++++ b/arch/powerpc/kvm/book3s_hv.c +@@ -3399,7 +3399,20 @@ static noinline void kvmppc_run_core(struct kvmppc_vcore *vc) + + kvmppc_set_host_core(pcpu); + +- guest_exit_irqoff(); ++ context_tracking_guest_exit(); ++ if (!vtime_accounting_enabled_this_cpu()) { ++ local_irq_enable(); ++ /* ++ * Service IRQs here before vtime_account_guest_exit() so any ++ * ticks that occurred while running the guest are accounted to ++ * the guest. If vtime accounting is enabled, accounting uses ++ * TB rather than ticks, so it can be done without enabling ++ * interrupts here, which has the problem that it accounts ++ * interrupt processing overhead to the host. ++ */ ++ local_irq_disable(); ++ } ++ vtime_account_guest_exit(); + + local_irq_enable(); + +@@ -4236,7 +4249,20 @@ int kvmhv_run_single_vcpu(struct kvm_vcpu *vcpu, u64 time_limit, + + kvmppc_set_host_core(pcpu); + +- guest_exit_irqoff(); ++ context_tracking_guest_exit(); ++ if (!vtime_accounting_enabled_this_cpu()) { ++ local_irq_enable(); ++ /* ++ * Service IRQs here before vtime_account_guest_exit() so any ++ * ticks that occurred while running the guest are accounted to ++ * the guest. If vtime accounting is enabled, accounting uses ++ * TB rather than ticks, so it can be done without enabling ++ * interrupts here, which has the problem that it accounts ++ * interrupt processing overhead to the host. ++ */ ++ local_irq_disable(); ++ } ++ vtime_account_guest_exit(); + + local_irq_enable(); + +diff --git a/arch/powerpc/kvm/booke.c b/arch/powerpc/kvm/booke.c +index b1abcb816439..75381beb7514 100644 +--- a/arch/powerpc/kvm/booke.c ++++ b/arch/powerpc/kvm/booke.c +@@ -1016,7 +1016,21 @@ int kvmppc_handle_exit(struct kvm_vcpu *vcpu, unsigned int exit_nr) + } + + trace_kvm_exit(exit_nr, vcpu); +- guest_exit_irqoff(); ++ ++ context_tracking_guest_exit(); ++ if (!vtime_accounting_enabled_this_cpu()) { ++ local_irq_enable(); ++ /* ++ * Service IRQs here before vtime_account_guest_exit() so any ++ * ticks that occurred while running the guest are accounted to ++ * the guest. If vtime accounting is enabled, accounting uses ++ * TB rather than ticks, so it can be done without enabling ++ * interrupts here, which has the problem that it accounts ++ * interrupt processing overhead to the host. ++ */ ++ local_irq_disable(); ++ } ++ vtime_account_guest_exit(); + + local_irq_enable(); + +-- +2.35.1 + diff --git a/queue-5.10/net-dsa-mv88e6xxx-allow-use-of-phys-on-cpu-and-dsa-p.patch b/queue-5.10/net-dsa-mv88e6xxx-allow-use-of-phys-on-cpu-and-dsa-p.patch new file mode 100644 index 00000000000..a9a8b3505a4 --- /dev/null +++ b/queue-5.10/net-dsa-mv88e6xxx-allow-use-of-phys-on-cpu-and-dsa-p.patch @@ -0,0 +1,121 @@ +From 42c2960e3eaf2110f494ac8f223c637af7b45cea Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Dec 2021 09:26:47 +0000 +Subject: net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports + +From: Russell King (Oracle) + +[ Upstream commit 04ec4e6250e5f58b525b08f3dca45c7d7427620e ] + +Martyn Welch reports that his CPU port is unable to link where it has +been necessary to use one of the switch ports with an internal PHY for +the CPU port. The reason behind this is the port control register is +left forcing the link down, preventing traffic flow. + +This occurs because during initialisation, phylink expects the link to +be down, and DSA forces the link down by synthesising a call to the +DSA drivers phylink_mac_link_down() method, but we don't touch the +forced-link state when we later reconfigure the port. + +Resolve this by also unforcing the link state when we are operating in +PHY mode and the PPU is set to poll the PHY to retrieve link status +information. + +Reported-by: Martyn Welch +Tested-by: Martyn Welch +Fixes: 3be98b2d5fbc ("net: dsa: Down cpu/dsa ports phylink will control") +Cc: # 5.7: 2b29cb9e3f7f: net: dsa: mv88e6xxx: fix "don't use PHY_DETECT on internal PHY's" +Signed-off-by: Russell King (Oracle) +Link: https://lore.kernel.org/r/E1mvFhP-00F8Zb-Ul@rmk-PC.armlinux.org.uk +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/dsa/mv88e6xxx/chip.c | 64 +++++++++++++++++--------------- + 1 file changed, 34 insertions(+), 30 deletions(-) + +diff --git a/drivers/net/dsa/mv88e6xxx/chip.c b/drivers/net/dsa/mv88e6xxx/chip.c +index 7b7a8a74405d..371b345635e6 100644 +--- a/drivers/net/dsa/mv88e6xxx/chip.c ++++ b/drivers/net/dsa/mv88e6xxx/chip.c +@@ -666,44 +666,48 @@ static void mv88e6xxx_mac_config(struct dsa_switch *ds, int port, + { + struct mv88e6xxx_chip *chip = ds->priv; + struct mv88e6xxx_port *p; +- int err; ++ int err = 0; + + p = &chip->ports[port]; + +- /* FIXME: is this the correct test? If we're in fixed mode on an +- * internal port, why should we process this any different from +- * PHY mode? On the other hand, the port may be automedia between +- * an internal PHY and the serdes... +- */ +- if ((mode == MLO_AN_PHY) && mv88e6xxx_phy_is_internal(ds, port)) +- return; +- + mv88e6xxx_reg_lock(chip); +- /* In inband mode, the link may come up at any time while the link +- * is not forced down. Force the link down while we reconfigure the +- * interface mode. +- */ +- if (mode == MLO_AN_INBAND && p->interface != state->interface && +- chip->info->ops->port_set_link) +- chip->info->ops->port_set_link(chip, port, LINK_FORCED_DOWN); +- +- err = mv88e6xxx_port_config_interface(chip, port, state->interface); +- if (err && err != -EOPNOTSUPP) +- goto err_unlock; + +- err = mv88e6xxx_serdes_pcs_config(chip, port, mode, state->interface, +- state->advertising); +- /* FIXME: we should restart negotiation if something changed - which +- * is something we get if we convert to using phylinks PCS operations. +- */ +- if (err > 0) +- err = 0; ++ if (mode != MLO_AN_PHY || !mv88e6xxx_phy_is_internal(ds, port)) { ++ /* In inband mode, the link may come up at any time while the ++ * link is not forced down. Force the link down while we ++ * reconfigure the interface mode. ++ */ ++ if (mode == MLO_AN_INBAND && ++ p->interface != state->interface && ++ chip->info->ops->port_set_link) ++ chip->info->ops->port_set_link(chip, port, ++ LINK_FORCED_DOWN); ++ ++ err = mv88e6xxx_port_config_interface(chip, port, ++ state->interface); ++ if (err && err != -EOPNOTSUPP) ++ goto err_unlock; ++ ++ err = mv88e6xxx_serdes_pcs_config(chip, port, mode, ++ state->interface, ++ state->advertising); ++ /* FIXME: we should restart negotiation if something changed - ++ * which is something we get if we convert to using phylinks ++ * PCS operations. ++ */ ++ if (err > 0) ++ err = 0; ++ } + + /* Undo the forced down state above after completing configuration +- * irrespective of its state on entry, which allows the link to come up. ++ * irrespective of its state on entry, which allows the link to come ++ * up in the in-band case where there is no separate SERDES. Also ++ * ensure that the link can come up if the PPU is in use and we are ++ * in PHY mode (we treat the PPU as an effective in-band mechanism.) + */ +- if (mode == MLO_AN_INBAND && p->interface != state->interface && +- chip->info->ops->port_set_link) ++ if (chip->info->ops->port_set_link && ++ ((mode == MLO_AN_INBAND && p->interface != state->interface) || ++ (mode == MLO_AN_PHY && mv88e6xxx_port_ppu_updates(chip, port)))) + chip->info->ops->port_set_link(chip, port, LINK_UNFORCED); + + p->interface = state->interface; +-- +2.35.1 + diff --git a/queue-5.10/nfsv4-turn-off-open-by-filehandle-and-nfs-re-export-.patch b/queue-5.10/nfsv4-turn-off-open-by-filehandle-and-nfs-re-export-.patch new file mode 100644 index 00000000000..4766fffcebc --- /dev/null +++ b/queue-5.10/nfsv4-turn-off-open-by-filehandle-and-nfs-re-export-.patch @@ -0,0 +1,69 @@ +From 40fa1927954434c7d8903e58d83c12a72b8ad5e9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Aug 2022 14:49:05 -0400 +Subject: NFSv4: Turn off open-by-filehandle and NFS re-export for NFSv4.0 + +From: Trond Myklebust + +[ Upstream commit 2a9d683b48c8a87e61a4215792d44c90bcbbb536 ] + +The NFSv4.0 protocol only supports open() by name. It cannot therefore +be used with open_by_handle() and friends, nor can it be re-exported by +knfsd. + +Reported-by: Chuck Lever III +Fixes: 20fa19027286 ("nfs: add export operations") +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + fs/nfs/super.c | 27 ++++++++++++++++++--------- + 1 file changed, 18 insertions(+), 9 deletions(-) + +diff --git a/fs/nfs/super.c b/fs/nfs/super.c +index 4034102010f0..b3fcc27b9564 100644 +--- a/fs/nfs/super.c ++++ b/fs/nfs/super.c +@@ -1029,22 +1029,31 @@ static void nfs_fill_super(struct super_block *sb, struct nfs_fs_context *ctx) + if (ctx && ctx->bsize) + sb->s_blocksize = nfs_block_size(ctx->bsize, &sb->s_blocksize_bits); + +- if (server->nfs_client->rpc_ops->version != 2) { +- /* The VFS shouldn't apply the umask to mode bits. We will do +- * so ourselves when necessary. ++ switch (server->nfs_client->rpc_ops->version) { ++ case 2: ++ sb->s_time_gran = 1000; ++ sb->s_time_min = 0; ++ sb->s_time_max = U32_MAX; ++ break; ++ case 3: ++ /* ++ * The VFS shouldn't apply the umask to mode bits. ++ * We will do so ourselves when necessary. + */ + sb->s_flags |= SB_POSIXACL; + sb->s_time_gran = 1; +- sb->s_export_op = &nfs_export_ops; +- } else +- sb->s_time_gran = 1000; +- +- if (server->nfs_client->rpc_ops->version != 4) { + sb->s_time_min = 0; + sb->s_time_max = U32_MAX; +- } else { ++ sb->s_export_op = &nfs_export_ops; ++ break; ++ case 4: ++ sb->s_flags |= SB_POSIXACL; ++ sb->s_time_gran = 1; + sb->s_time_min = S64_MIN; + sb->s_time_max = S64_MAX; ++ if (server->caps & NFS_CAP_ATOMIC_OPEN_V1) ++ sb->s_export_op = &nfs_export_ops; ++ break; + } + + sb->s_magic = NFS_SUPER_MAGIC; +-- +2.35.1 + diff --git a/queue-5.10/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch b/queue-5.10/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch new file mode 100644 index 00000000000..b1f7cf8fc65 --- /dev/null +++ b/queue-5.10/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch @@ -0,0 +1,41 @@ +From 45d68e39c82f54e70500f2cd3731525166f371d5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 13 Aug 2022 23:34:16 +0300 +Subject: of: fdt: fix off-by-one error in unflatten_dt_nodes() + +From: Sergey Shtylyov + +[ Upstream commit 2f945a792f67815abca26fa8a5e863ccf3fa1181 ] + +Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") +forgot to fix up the depth check in the loop body in unflatten_dt_nodes() +which makes it possible to overflow the nps[] buffer... + +Found by Linux Verification Center (linuxtesting.org) with the SVACE static +analysis tool. + +Fixes: 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") +Signed-off-by: Sergey Shtylyov +Signed-off-by: Rob Herring +Link: https://lore.kernel.org/r/7c354554-006f-6b31-c195-cdfe4caee392@omp.ru +Signed-off-by: Sasha Levin +--- + drivers/of/fdt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c +index 57ff31b6b1e4..5a1b8688b460 100644 +--- a/drivers/of/fdt.c ++++ b/drivers/of/fdt.c +@@ -315,7 +315,7 @@ static int unflatten_dt_nodes(const void *blob, + for (offset = 0; + offset >= 0 && depth >= initial_depth; + offset = fdt_next_node(blob, offset, &depth)) { +- if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH)) ++ if (WARN_ON_ONCE(depth >= FDT_MAX_DEPTH - 1)) + continue; + + if (!IS_ENABLED(CONFIG_OF_KOBJ) && +-- +2.35.1 + diff --git a/queue-5.10/parisc-flush-kernel-data-mapping-in-set_pte_at-when-.patch b/queue-5.10/parisc-flush-kernel-data-mapping-in-set_pte_at-when-.patch new file mode 100644 index 00000000000..5f8ae1190c3 --- /dev/null +++ b/queue-5.10/parisc-flush-kernel-data-mapping-in-set_pte_at-when-.patch @@ -0,0 +1,101 @@ +From 780ff6d9eb5b8c8a3cfe9f5bf7d9b789f3ad0418 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Nov 2021 16:48:16 -0500 +Subject: parisc: Flush kernel data mapping in set_pte_at() when installing pte + for user page + +From: John David Anglin + +[ Upstream commit 38860b2c8bb1b92f61396eb06a63adff916fc31d ] + +For years, there have been random segmentation faults in userspace on +SMP PA-RISC machines. It occurred to me that this might be a problem in +set_pte_at(). MIPS and some other architectures do cache flushes when +installing PTEs with the present bit set. + +Here I have adapted the code in update_mmu_cache() to flush the kernel +mapping when the kernel flush is deferred, or when the kernel mapping +may alias with the user mapping. This simplifies calls to +update_mmu_cache(). + +I also changed the barrier in set_pte() from a compiler barrier to a +full memory barrier. I know this change is not sufficient to fix the +problem. It might not be needed. + +I have had a few days of operation with 5.14.16 to 5.15.1 and haven't +seen any random segmentation faults on rp3440 or c8000 so far. + +Signed-off-by: John David Anglin +Signed-off-by: Helge Deller +Cc: stable@kernel.org # 5.12+ +Signed-off-by: Sasha Levin +--- + arch/parisc/include/asm/pgtable.h | 10 ++++++++-- + arch/parisc/kernel/cache.c | 4 ++-- + 2 files changed, 10 insertions(+), 4 deletions(-) + +diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h +index 39017210dbf0..8964798b8274 100644 +--- a/arch/parisc/include/asm/pgtable.h ++++ b/arch/parisc/include/asm/pgtable.h +@@ -76,6 +76,8 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr) + purge_tlb_end(flags); + } + ++extern void __update_cache(pte_t pte); ++ + /* Certain architectures need to do special things when PTEs + * within a page table are directly modified. Thus, the following + * hook is made available. +@@ -83,11 +85,14 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr) + #define set_pte(pteptr, pteval) \ + do { \ + *(pteptr) = (pteval); \ +- barrier(); \ ++ mb(); \ + } while(0) + + #define set_pte_at(mm, addr, pteptr, pteval) \ + do { \ ++ if (pte_present(pteval) && \ ++ pte_user(pteval)) \ ++ __update_cache(pteval); \ + *(pteptr) = (pteval); \ + purge_tlb_entries(mm, addr); \ + } while (0) +@@ -305,6 +310,7 @@ extern unsigned long *empty_zero_page; + + #define pte_none(x) (pte_val(x) == 0) + #define pte_present(x) (pte_val(x) & _PAGE_PRESENT) ++#define pte_user(x) (pte_val(x) & _PAGE_USER) + #define pte_clear(mm, addr, xp) set_pte_at(mm, addr, xp, __pte(0)) + + #define pmd_flag(x) (pmd_val(x) & PxD_FLAG_MASK) +@@ -412,7 +418,7 @@ extern void paging_init (void); + + #define PG_dcache_dirty PG_arch_1 + +-extern void update_mmu_cache(struct vm_area_struct *, unsigned long, pte_t *); ++#define update_mmu_cache(vms,addr,ptep) __update_cache(*ptep) + + /* Encode and de-code a swap entry */ + +diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c +index 86a1a63563fd..c81ab0cb8925 100644 +--- a/arch/parisc/kernel/cache.c ++++ b/arch/parisc/kernel/cache.c +@@ -83,9 +83,9 @@ EXPORT_SYMBOL(flush_cache_all_local); + #define pfn_va(pfn) __va(PFN_PHYS(pfn)) + + void +-update_mmu_cache(struct vm_area_struct *vma, unsigned long address, pte_t *ptep) ++__update_cache(pte_t pte) + { +- unsigned long pfn = pte_pfn(*ptep); ++ unsigned long pfn = pte_pfn(pte); + struct page *page; + + /* We don't have pte special. As a result, we can be called with +-- +2.35.1 + diff --git a/queue-5.10/parisc-optimize-per-pagetable-spinlocks.patch b/queue-5.10/parisc-optimize-per-pagetable-spinlocks.patch new file mode 100644 index 00000000000..325d0dbdbea --- /dev/null +++ b/queue-5.10/parisc-optimize-per-pagetable-spinlocks.patch @@ -0,0 +1,879 @@ +From a4ec4e671b257ad90c28079aae345298057a3687 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 12 Feb 2021 16:38:52 +0100 +Subject: parisc: Optimize per-pagetable spinlocks + +From: Helge Deller + +[ Upstream commit b7795074a04669d0a023babf786d29bf67c68783 ] + +On parisc a spinlock is stored in the next page behind the pgd which +protects against parallel accesses to the pgd. That's why one additional +page (PGD_ALLOC_ORDER) is allocated for the pgd. + +Matthew Wilcox suggested that we instead should use a pointer in the +struct page table for this spinlock and noted, that the comments for the +PGD_ORDER and PMD_ORDER defines were wrong. + +Both suggestions are addressed with this patch. Instead of having an own +spinlock to protect the pgd, we now switch to use the existing +page_table_lock. Additionally, beside loading the pgd into cr25 in +switch_mm_irqs_off(), the physical address of this lock is loaded into +cr28 (tr4), so that we can avoid implementing a complicated lookup in +assembly for this lock in the TLB fault handlers. + +The existing Hybrid L2/L3 page table scheme (where the pmd is adjacent +to the pgd) has been dropped with this patch. + +Remove the locking in set_pte() and the huge-page pte functions too. +They trigger a spinlock recursion on 32bit machines and seem unnecessary. + +Suggested-by: Matthew Wilcox +Fixes: b37d1c1898b2 ("parisc: Use per-pagetable spinlock") +Signed-off-by: John David Anglin +Signed-off-by: Helge Deller +Stable-dep-of: 38860b2c8bb1 ("parisc: Flush kernel data mapping in set_pte_at() when installing pte for user page") +Signed-off-by: Sasha Levin +--- + arch/parisc/Kconfig | 10 +++ + arch/parisc/include/asm/mmu_context.h | 7 ++ + arch/parisc/include/asm/page.h | 2 +- + arch/parisc/include/asm/pgalloc.h | 76 ++++------------- + arch/parisc/include/asm/pgtable.h | 89 ++++---------------- + arch/parisc/kernel/asm-offsets.c | 1 - + arch/parisc/kernel/entry.S | 116 +++++++++++--------------- + arch/parisc/mm/hugetlbpage.c | 13 --- + arch/parisc/mm/init.c | 10 +-- + 9 files changed, 110 insertions(+), 214 deletions(-) + +diff --git a/arch/parisc/Kconfig b/arch/parisc/Kconfig +index 2d89f79f460c..07a4d4badd69 100644 +--- a/arch/parisc/Kconfig ++++ b/arch/parisc/Kconfig +@@ -315,6 +315,16 @@ config IRQSTACKS + for handling hard and soft interrupts. This can help avoid + overflowing the process kernel stacks. + ++config TLB_PTLOCK ++ bool "Use page table locks in TLB fault handler" ++ depends on SMP ++ default n ++ help ++ Select this option to enable page table locking in the TLB ++ fault handler. This ensures that page table entries are ++ updated consistently on SMP machines at the expense of some ++ loss in performance. ++ + config HOTPLUG_CPU + bool + default y if SMP +diff --git a/arch/parisc/include/asm/mmu_context.h b/arch/parisc/include/asm/mmu_context.h +index cb5f2f730421..aba69ff79e8c 100644 +--- a/arch/parisc/include/asm/mmu_context.h ++++ b/arch/parisc/include/asm/mmu_context.h +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include + #include + + static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk) +@@ -52,6 +53,12 @@ static inline void switch_mm_irqs_off(struct mm_struct *prev, + struct mm_struct *next, struct task_struct *tsk) + { + if (prev != next) { ++#ifdef CONFIG_TLB_PTLOCK ++ /* put physical address of page_table_lock in cr28 (tr4) ++ for TLB faults */ ++ spinlock_t *pgd_lock = &next->page_table_lock; ++ mtctl(__pa(__ldcw_align(&pgd_lock->rlock.raw_lock)), 28); ++#endif + mtctl(__pa(next->pgd), 25); + load_context(next->context); + } +diff --git a/arch/parisc/include/asm/page.h b/arch/parisc/include/asm/page.h +index 8802ce651a3a..0561568f7b48 100644 +--- a/arch/parisc/include/asm/page.h ++++ b/arch/parisc/include/asm/page.h +@@ -112,7 +112,7 @@ extern int npmem_ranges; + #else + #define BITS_PER_PTE_ENTRY 2 + #define BITS_PER_PMD_ENTRY 2 +-#define BITS_PER_PGD_ENTRY BITS_PER_PMD_ENTRY ++#define BITS_PER_PGD_ENTRY 2 + #endif + #define PGD_ENTRY_SIZE (1UL << BITS_PER_PGD_ENTRY) + #define PMD_ENTRY_SIZE (1UL << BITS_PER_PMD_ENTRY) +diff --git a/arch/parisc/include/asm/pgalloc.h b/arch/parisc/include/asm/pgalloc.h +index a6482b2ce0ea..dda557085311 100644 +--- a/arch/parisc/include/asm/pgalloc.h ++++ b/arch/parisc/include/asm/pgalloc.h +@@ -15,47 +15,23 @@ + #define __HAVE_ARCH_PGD_FREE + #include + +-/* Allocate the top level pgd (page directory) +- * +- * Here (for 64 bit kernels) we implement a Hybrid L2/L3 scheme: we +- * allocate the first pmd adjacent to the pgd. This means that we can +- * subtract a constant offset to get to it. The pmd and pgd sizes are +- * arranged so that a single pmd covers 4GB (giving a full 64-bit +- * process access to 8TB) so our lookups are effectively L2 for the +- * first 4GB of the kernel (i.e. for all ILP32 processes and all the +- * kernel for machines with under 4GB of memory) */ ++/* Allocate the top level pgd (page directory) */ + static inline pgd_t *pgd_alloc(struct mm_struct *mm) + { +- pgd_t *pgd = (pgd_t *)__get_free_pages(GFP_KERNEL, +- PGD_ALLOC_ORDER); +- pgd_t *actual_pgd = pgd; ++ pgd_t *pgd; + +- if (likely(pgd != NULL)) { +- memset(pgd, 0, PAGE_SIZE<> PxD_VALUE_SHIFT))); +- /* The first pmd entry also is marked with PxD_FLAG_ATTACHED as +- * a signal that this pmd may not be freed */ +- set_pgd(pgd, __pgd(PxD_FLAG_ATTACHED)); +-#endif +- } +- spin_lock_init(pgd_spinlock(actual_pgd)); +- return actual_pgd; ++ pgd = (pgd_t *) __get_free_pages(GFP_KERNEL, PGD_ORDER); ++ if (unlikely(pgd == NULL)) ++ return NULL; ++ ++ memset(pgd, 0, PAGE_SIZE << PGD_ORDER); ++ ++ return pgd; + } + + static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) + { +-#if CONFIG_PGTABLE_LEVELS == 3 +- pgd -= PTRS_PER_PGD; +-#endif +- free_pages((unsigned long)pgd, PGD_ALLOC_ORDER); ++ free_pages((unsigned long)pgd, PGD_ORDER); + } + + #if CONFIG_PGTABLE_LEVELS == 3 +@@ -70,41 +46,25 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) + + static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address) + { +- return (pmd_t *)__get_free_pages(GFP_PGTABLE_KERNEL, PMD_ORDER); ++ pmd_t *pmd; ++ ++ pmd = (pmd_t *)__get_free_pages(GFP_PGTABLE_KERNEL, PMD_ORDER); ++ if (likely(pmd)) ++ memset ((void *)pmd, 0, PAGE_SIZE << PMD_ORDER); ++ return pmd; + } + + static inline void pmd_free(struct mm_struct *mm, pmd_t *pmd) + { +- if (pmd_flag(*pmd) & PxD_FLAG_ATTACHED) { +- /* +- * This is the permanent pmd attached to the pgd; +- * cannot free it. +- * Increment the counter to compensate for the decrement +- * done by generic mm code. +- */ +- mm_inc_nr_pmds(mm); +- return; +- } + free_pages((unsigned long)pmd, PMD_ORDER); + } +- + #endif + + static inline void + pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd, pte_t *pte) + { +-#if CONFIG_PGTABLE_LEVELS == 3 +- /* preserve the gateway marker if this is the beginning of +- * the permanent pmd */ +- if(pmd_flag(*pmd) & PxD_FLAG_ATTACHED) +- set_pmd(pmd, __pmd((PxD_FLAG_PRESENT | +- PxD_FLAG_VALID | +- PxD_FLAG_ATTACHED) +- + (__u32)(__pa((unsigned long)pte) >> PxD_VALUE_SHIFT))); +- else +-#endif +- set_pmd(pmd, __pmd((PxD_FLAG_PRESENT | PxD_FLAG_VALID) +- + (__u32)(__pa((unsigned long)pte) >> PxD_VALUE_SHIFT))); ++ set_pmd(pmd, __pmd((PxD_FLAG_PRESENT | PxD_FLAG_VALID) ++ + (__u32)(__pa((unsigned long)pte) >> PxD_VALUE_SHIFT))); + } + + #define pmd_populate(mm, pmd, pte_page) \ +diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h +index 75cf84070fc9..39017210dbf0 100644 +--- a/arch/parisc/include/asm/pgtable.h ++++ b/arch/parisc/include/asm/pgtable.h +@@ -23,8 +23,6 @@ + #include + #include + +-static inline spinlock_t *pgd_spinlock(pgd_t *); +- + /* + * kern_addr_valid(ADDR) tests if ADDR is pointing to valid kernel + * memory. For the return value to be meaningful, ADDR must be >= +@@ -42,12 +40,8 @@ static inline spinlock_t *pgd_spinlock(pgd_t *); + + /* This is for the serialization of PxTLB broadcasts. At least on the N class + * systems, only one PxTLB inter processor broadcast can be active at any one +- * time on the Merced bus. +- +- * PTE updates are protected by locks in the PMD. +- */ ++ * time on the Merced bus. */ + extern spinlock_t pa_tlb_flush_lock; +-extern spinlock_t pa_swapper_pg_lock; + #if defined(CONFIG_64BIT) && defined(CONFIG_SMP) + extern int pa_serialize_tlb_flushes; + #else +@@ -86,18 +80,16 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr) + * within a page table are directly modified. Thus, the following + * hook is made available. + */ +-#define set_pte(pteptr, pteval) \ +- do{ \ +- *(pteptr) = (pteval); \ +- } while(0) +- +-#define set_pte_at(mm, addr, ptep, pteval) \ +- do { \ +- unsigned long flags; \ +- spin_lock_irqsave(pgd_spinlock((mm)->pgd), flags);\ +- set_pte(ptep, pteval); \ +- purge_tlb_entries(mm, addr); \ +- spin_unlock_irqrestore(pgd_spinlock((mm)->pgd), flags);\ ++#define set_pte(pteptr, pteval) \ ++ do { \ ++ *(pteptr) = (pteval); \ ++ barrier(); \ ++ } while(0) ++ ++#define set_pte_at(mm, addr, pteptr, pteval) \ ++ do { \ ++ *(pteptr) = (pteval); \ ++ purge_tlb_entries(mm, addr); \ + } while (0) + + #endif /* !__ASSEMBLY__ */ +@@ -120,12 +112,10 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr) + #define KERNEL_INITIAL_SIZE (1 << KERNEL_INITIAL_ORDER) + + #if CONFIG_PGTABLE_LEVELS == 3 +-#define PGD_ORDER 1 /* Number of pages per pgd */ +-#define PMD_ORDER 1 /* Number of pages per pmd */ +-#define PGD_ALLOC_ORDER (2 + 1) /* first pgd contains pmd */ ++#define PMD_ORDER 1 ++#define PGD_ORDER 0 + #else +-#define PGD_ORDER 1 /* Number of pages per pgd */ +-#define PGD_ALLOC_ORDER (PGD_ORDER + 1) ++#define PGD_ORDER 1 + #endif + + /* Definitions for 3rd level (we use PLD here for Page Lower directory +@@ -240,11 +230,9 @@ static inline void purge_tlb_entries(struct mm_struct *mm, unsigned long addr) + * able to effectively address 40/42/44-bits of physical address space + * depending on 4k/16k/64k PAGE_SIZE */ + #define _PxD_PRESENT_BIT 31 +-#define _PxD_ATTACHED_BIT 30 +-#define _PxD_VALID_BIT 29 ++#define _PxD_VALID_BIT 30 + + #define PxD_FLAG_PRESENT (1 << xlate_pabit(_PxD_PRESENT_BIT)) +-#define PxD_FLAG_ATTACHED (1 << xlate_pabit(_PxD_ATTACHED_BIT)) + #define PxD_FLAG_VALID (1 << xlate_pabit(_PxD_VALID_BIT)) + #define PxD_FLAG_MASK (0xf) + #define PxD_FLAG_SHIFT (4) +@@ -326,23 +314,10 @@ extern unsigned long *empty_zero_page; + #define pgd_flag(x) (pgd_val(x) & PxD_FLAG_MASK) + #define pgd_address(x) ((unsigned long)(pgd_val(x) &~ PxD_FLAG_MASK) << PxD_VALUE_SHIFT) + +-#if CONFIG_PGTABLE_LEVELS == 3 +-/* The first entry of the permanent pmd is not there if it contains +- * the gateway marker */ +-#define pmd_none(x) (!pmd_val(x) || pmd_flag(x) == PxD_FLAG_ATTACHED) +-#else + #define pmd_none(x) (!pmd_val(x)) +-#endif + #define pmd_bad(x) (!(pmd_flag(x) & PxD_FLAG_VALID)) + #define pmd_present(x) (pmd_flag(x) & PxD_FLAG_PRESENT) + static inline void pmd_clear(pmd_t *pmd) { +-#if CONFIG_PGTABLE_LEVELS == 3 +- if (pmd_flag(*pmd) & PxD_FLAG_ATTACHED) +- /* This is the entry pointing to the permanent pmd +- * attached to the pgd; cannot clear it */ +- set_pmd(pmd, __pmd(PxD_FLAG_ATTACHED)); +- else +-#endif + set_pmd(pmd, __pmd(0)); + } + +@@ -358,12 +333,6 @@ static inline void pmd_clear(pmd_t *pmd) { + #define pud_bad(x) (!(pud_flag(x) & PxD_FLAG_VALID)) + #define pud_present(x) (pud_flag(x) & PxD_FLAG_PRESENT) + static inline void pud_clear(pud_t *pud) { +-#if CONFIG_PGTABLE_LEVELS == 3 +- if(pud_flag(*pud) & PxD_FLAG_ATTACHED) +- /* This is the permanent pmd attached to the pud; cannot +- * free it */ +- return; +-#endif + set_pud(pud, __pud(0)); + } + #endif +@@ -456,32 +425,18 @@ extern void update_mmu_cache(struct vm_area_struct *, unsigned long, pte_t *); + #define __pte_to_swp_entry(pte) ((swp_entry_t) { pte_val(pte) }) + #define __swp_entry_to_pte(x) ((pte_t) { (x).val }) + +- +-static inline spinlock_t *pgd_spinlock(pgd_t *pgd) +-{ +- if (unlikely(pgd == swapper_pg_dir)) +- return &pa_swapper_pg_lock; +- return (spinlock_t *)((char *)pgd + (PAGE_SIZE << (PGD_ALLOC_ORDER - 1))); +-} +- +- + static inline int ptep_test_and_clear_young(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) + { + pte_t pte; +- unsigned long flags; + + if (!pte_young(*ptep)) + return 0; + +- spin_lock_irqsave(pgd_spinlock(vma->vm_mm->pgd), flags); + pte = *ptep; + if (!pte_young(pte)) { +- spin_unlock_irqrestore(pgd_spinlock(vma->vm_mm->pgd), flags); + return 0; + } +- set_pte(ptep, pte_mkold(pte)); +- purge_tlb_entries(vma->vm_mm, addr); +- spin_unlock_irqrestore(pgd_spinlock(vma->vm_mm->pgd), flags); ++ set_pte_at(vma->vm_mm, addr, ptep, pte_mkold(pte)); + return 1; + } + +@@ -489,24 +444,16 @@ struct mm_struct; + static inline pte_t ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep) + { + pte_t old_pte; +- unsigned long flags; + +- spin_lock_irqsave(pgd_spinlock(mm->pgd), flags); + old_pte = *ptep; +- set_pte(ptep, __pte(0)); +- purge_tlb_entries(mm, addr); +- spin_unlock_irqrestore(pgd_spinlock(mm->pgd), flags); ++ set_pte_at(mm, addr, ptep, __pte(0)); + + return old_pte; + } + + static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) + { +- unsigned long flags; +- spin_lock_irqsave(pgd_spinlock(mm->pgd), flags); +- set_pte(ptep, pte_wrprotect(*ptep)); +- purge_tlb_entries(mm, addr); +- spin_unlock_irqrestore(pgd_spinlock(mm->pgd), flags); ++ set_pte_at(mm, addr, ptep, pte_wrprotect(*ptep)); + } + + #define pte_same(A,B) (pte_val(A) == pte_val(B)) +diff --git a/arch/parisc/kernel/asm-offsets.c b/arch/parisc/kernel/asm-offsets.c +index 305768a40773..cd2cc1b1648c 100644 +--- a/arch/parisc/kernel/asm-offsets.c ++++ b/arch/parisc/kernel/asm-offsets.c +@@ -268,7 +268,6 @@ int main(void) + DEFINE(ASM_BITS_PER_PGD, BITS_PER_PGD); + DEFINE(ASM_BITS_PER_PMD, BITS_PER_PMD); + DEFINE(ASM_BITS_PER_PTE, BITS_PER_PTE); +- DEFINE(ASM_PGD_PMD_OFFSET, -(PAGE_SIZE << PGD_ORDER)); + DEFINE(ASM_PMD_ENTRY, ((PAGE_OFFSET & PMD_MASK) >> PMD_SHIFT)); + DEFINE(ASM_PGD_ENTRY, PAGE_OFFSET >> PGDIR_SHIFT); + DEFINE(ASM_PGD_ENTRY_SIZE, PGD_ENTRY_SIZE); +diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S +index 3da39140babc..05bed27eef85 100644 +--- a/arch/parisc/kernel/entry.S ++++ b/arch/parisc/kernel/entry.S +@@ -35,10 +35,9 @@ + .level 2.0 + #endif + +- .import pa_tlb_lock,data +- .macro load_pa_tlb_lock reg +- mfctl %cr25,\reg +- addil L%(PAGE_SIZE << (PGD_ALLOC_ORDER - 1)),\reg ++ /* Get aligned page_table_lock address for this mm from cr28/tr4 */ ++ .macro get_ptl reg ++ mfctl %cr28,\reg + .endm + + /* space_to_prot macro creates a prot id from a space id */ +@@ -407,7 +406,9 @@ + # endif + #endif + dep %r0,31,PAGE_SHIFT,\pmd /* clear offset */ ++#if CONFIG_PGTABLE_LEVELS < 3 + copy %r0,\pte ++#endif + ldw,s \index(\pmd),\pmd + bb,>=,n \pmd,_PxD_PRESENT_BIT,\fault + dep %r0,31,PxD_FLAG_SHIFT,\pmd /* clear flags */ +@@ -417,38 +418,23 @@ + shladd \index,BITS_PER_PTE_ENTRY,\pmd,\pmd /* pmd is now pte */ + .endm + +- /* Look up PTE in a 3-Level scheme. +- * +- * Here we implement a Hybrid L2/L3 scheme: we allocate the +- * first pmd adjacent to the pgd. This means that we can +- * subtract a constant offset to get to it. The pmd and pgd +- * sizes are arranged so that a single pmd covers 4GB (giving +- * a full LP64 process access to 8TB) so our lookups are +- * effectively L2 for the first 4GB of the kernel (i.e. for +- * all ILP32 processes and all the kernel for machines with +- * under 4GB of memory) */ ++ /* Look up PTE in a 3-Level scheme. */ + .macro L3_ptep pgd,pte,index,va,fault +-#if CONFIG_PGTABLE_LEVELS == 3 /* we might have a 2-Level scheme, e.g. with 16kb page size */ ++#if CONFIG_PGTABLE_LEVELS == 3 ++ copy %r0,\pte + extrd,u \va,63-ASM_PGDIR_SHIFT,ASM_BITS_PER_PGD,\index +- extrd,u,*= \va,63-ASM_PGDIR_SHIFT,64-ASM_PGDIR_SHIFT,%r0 + ldw,s \index(\pgd),\pgd +- extrd,u,*= \va,63-ASM_PGDIR_SHIFT,64-ASM_PGDIR_SHIFT,%r0 + bb,>=,n \pgd,_PxD_PRESENT_BIT,\fault +- extrd,u,*= \va,63-ASM_PGDIR_SHIFT,64-ASM_PGDIR_SHIFT,%r0 +- shld \pgd,PxD_VALUE_SHIFT,\index +- extrd,u,*= \va,63-ASM_PGDIR_SHIFT,64-ASM_PGDIR_SHIFT,%r0 +- copy \index,\pgd +- extrd,u,*<> \va,63-ASM_PGDIR_SHIFT,64-ASM_PGDIR_SHIFT,%r0 +- ldo ASM_PGD_PMD_OFFSET(\pgd),\pgd ++ shld \pgd,PxD_VALUE_SHIFT,\pgd + #endif + L2_ptep \pgd,\pte,\index,\va,\fault + .endm + +- /* Acquire pa_tlb_lock lock and check page is present. */ +- .macro tlb_lock spc,ptp,pte,tmp,tmp1,fault +-#ifdef CONFIG_SMP ++ /* Acquire page_table_lock and check page is present. */ ++ .macro ptl_lock spc,ptp,pte,tmp,tmp1,fault ++#ifdef CONFIG_TLB_PTLOCK + 98: cmpib,COND(=),n 0,\spc,2f +- load_pa_tlb_lock \tmp ++ get_ptl \tmp + 1: LDCW 0(\tmp),\tmp1 + cmpib,COND(=) 0,\tmp1,1b + nop +@@ -463,26 +449,26 @@ + 3: + .endm + +- /* Release pa_tlb_lock lock without reloading lock address. ++ /* Release page_table_lock without reloading lock address. + Note that the values in the register spc are limited to + NR_SPACE_IDS (262144). Thus, the stw instruction always + stores a nonzero value even when register spc is 64 bits. + We use an ordered store to ensure all prior accesses are + performed prior to releasing the lock. */ +- .macro tlb_unlock0 spc,tmp +-#ifdef CONFIG_SMP ++ .macro ptl_unlock0 spc,tmp ++#ifdef CONFIG_TLB_PTLOCK + 98: or,COND(=) %r0,\spc,%r0 + stw,ma \spc,0(\tmp) + 99: ALTERNATIVE(98b, 99b, ALT_COND_NO_SMP, INSN_NOP) + #endif + .endm + +- /* Release pa_tlb_lock lock. */ +- .macro tlb_unlock1 spc,tmp +-#ifdef CONFIG_SMP +-98: load_pa_tlb_lock \tmp ++ /* Release page_table_lock. */ ++ .macro ptl_unlock1 spc,tmp ++#ifdef CONFIG_TLB_PTLOCK ++98: get_ptl \tmp ++ ptl_unlock0 \spc,\tmp + 99: ALTERNATIVE(98b, 99b, ALT_COND_NO_SMP, INSN_NOP) +- tlb_unlock0 \spc,\tmp + #endif + .endm + +@@ -1165,14 +1151,14 @@ dtlb_miss_20w: + + L3_ptep ptp,pte,t0,va,dtlb_check_alias_20w + +- tlb_lock spc,ptp,pte,t0,t1,dtlb_check_alias_20w ++ ptl_lock spc,ptp,pte,t0,t1,dtlb_check_alias_20w + update_accessed ptp,pte,t0,t1 + + make_insert_tlb spc,pte,prot,t1 + + idtlbt pte,prot + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1191,14 +1177,14 @@ nadtlb_miss_20w: + + L3_ptep ptp,pte,t0,va,nadtlb_check_alias_20w + +- tlb_lock spc,ptp,pte,t0,t1,nadtlb_check_alias_20w ++ ptl_lock spc,ptp,pte,t0,t1,nadtlb_check_alias_20w + update_accessed ptp,pte,t0,t1 + + make_insert_tlb spc,pte,prot,t1 + + idtlbt pte,prot + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1219,7 +1205,7 @@ dtlb_miss_11: + + L2_ptep ptp,pte,t0,va,dtlb_check_alias_11 + +- tlb_lock spc,ptp,pte,t0,t1,dtlb_check_alias_11 ++ ptl_lock spc,ptp,pte,t0,t1,dtlb_check_alias_11 + update_accessed ptp,pte,t0,t1 + + make_insert_tlb_11 spc,pte,prot +@@ -1232,7 +1218,7 @@ dtlb_miss_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1252,7 +1238,7 @@ nadtlb_miss_11: + + L2_ptep ptp,pte,t0,va,nadtlb_check_alias_11 + +- tlb_lock spc,ptp,pte,t0,t1,nadtlb_check_alias_11 ++ ptl_lock spc,ptp,pte,t0,t1,nadtlb_check_alias_11 + update_accessed ptp,pte,t0,t1 + + make_insert_tlb_11 spc,pte,prot +@@ -1265,7 +1251,7 @@ nadtlb_miss_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1285,7 +1271,7 @@ dtlb_miss_20: + + L2_ptep ptp,pte,t0,va,dtlb_check_alias_20 + +- tlb_lock spc,ptp,pte,t0,t1,dtlb_check_alias_20 ++ ptl_lock spc,ptp,pte,t0,t1,dtlb_check_alias_20 + update_accessed ptp,pte,t0,t1 + + make_insert_tlb spc,pte,prot,t1 +@@ -1294,7 +1280,7 @@ dtlb_miss_20: + + idtlbt pte,prot + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1313,7 +1299,7 @@ nadtlb_miss_20: + + L2_ptep ptp,pte,t0,va,nadtlb_check_alias_20 + +- tlb_lock spc,ptp,pte,t0,t1,nadtlb_check_alias_20 ++ ptl_lock spc,ptp,pte,t0,t1,nadtlb_check_alias_20 + update_accessed ptp,pte,t0,t1 + + make_insert_tlb spc,pte,prot,t1 +@@ -1322,7 +1308,7 @@ nadtlb_miss_20: + + idtlbt pte,prot + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1422,14 +1408,14 @@ itlb_miss_20w: + + L3_ptep ptp,pte,t0,va,itlb_fault + +- tlb_lock spc,ptp,pte,t0,t1,itlb_fault ++ ptl_lock spc,ptp,pte,t0,t1,itlb_fault + update_accessed ptp,pte,t0,t1 + + make_insert_tlb spc,pte,prot,t1 + + iitlbt pte,prot + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1446,14 +1432,14 @@ naitlb_miss_20w: + + L3_ptep ptp,pte,t0,va,naitlb_check_alias_20w + +- tlb_lock spc,ptp,pte,t0,t1,naitlb_check_alias_20w ++ ptl_lock spc,ptp,pte,t0,t1,naitlb_check_alias_20w + update_accessed ptp,pte,t0,t1 + + make_insert_tlb spc,pte,prot,t1 + + iitlbt pte,prot + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1474,7 +1460,7 @@ itlb_miss_11: + + L2_ptep ptp,pte,t0,va,itlb_fault + +- tlb_lock spc,ptp,pte,t0,t1,itlb_fault ++ ptl_lock spc,ptp,pte,t0,t1,itlb_fault + update_accessed ptp,pte,t0,t1 + + make_insert_tlb_11 spc,pte,prot +@@ -1487,7 +1473,7 @@ itlb_miss_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1498,7 +1484,7 @@ naitlb_miss_11: + + L2_ptep ptp,pte,t0,va,naitlb_check_alias_11 + +- tlb_lock spc,ptp,pte,t0,t1,naitlb_check_alias_11 ++ ptl_lock spc,ptp,pte,t0,t1,naitlb_check_alias_11 + update_accessed ptp,pte,t0,t1 + + make_insert_tlb_11 spc,pte,prot +@@ -1511,7 +1497,7 @@ naitlb_miss_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1532,7 +1518,7 @@ itlb_miss_20: + + L2_ptep ptp,pte,t0,va,itlb_fault + +- tlb_lock spc,ptp,pte,t0,t1,itlb_fault ++ ptl_lock spc,ptp,pte,t0,t1,itlb_fault + update_accessed ptp,pte,t0,t1 + + make_insert_tlb spc,pte,prot,t1 +@@ -1541,7 +1527,7 @@ itlb_miss_20: + + iitlbt pte,prot + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1552,7 +1538,7 @@ naitlb_miss_20: + + L2_ptep ptp,pte,t0,va,naitlb_check_alias_20 + +- tlb_lock spc,ptp,pte,t0,t1,naitlb_check_alias_20 ++ ptl_lock spc,ptp,pte,t0,t1,naitlb_check_alias_20 + update_accessed ptp,pte,t0,t1 + + make_insert_tlb spc,pte,prot,t1 +@@ -1561,7 +1547,7 @@ naitlb_miss_20: + + iitlbt pte,prot + +- tlb_unlock1 spc,t0 ++ ptl_unlock1 spc,t0 + rfir + nop + +@@ -1584,14 +1570,14 @@ dbit_trap_20w: + + L3_ptep ptp,pte,t0,va,dbit_fault + +- tlb_lock spc,ptp,pte,t0,t1,dbit_fault ++ ptl_lock spc,ptp,pte,t0,t1,dbit_fault + update_dirty ptp,pte,t1 + + make_insert_tlb spc,pte,prot,t1 + + idtlbt pte,prot + +- tlb_unlock0 spc,t0 ++ ptl_unlock0 spc,t0 + rfir + nop + #else +@@ -1604,7 +1590,7 @@ dbit_trap_11: + + L2_ptep ptp,pte,t0,va,dbit_fault + +- tlb_lock spc,ptp,pte,t0,t1,dbit_fault ++ ptl_lock spc,ptp,pte,t0,t1,dbit_fault + update_dirty ptp,pte,t1 + + make_insert_tlb_11 spc,pte,prot +@@ -1617,7 +1603,7 @@ dbit_trap_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- tlb_unlock0 spc,t0 ++ ptl_unlock0 spc,t0 + rfir + nop + +@@ -1628,7 +1614,7 @@ dbit_trap_20: + + L2_ptep ptp,pte,t0,va,dbit_fault + +- tlb_lock spc,ptp,pte,t0,t1,dbit_fault ++ ptl_lock spc,ptp,pte,t0,t1,dbit_fault + update_dirty ptp,pte,t1 + + make_insert_tlb spc,pte,prot,t1 +@@ -1637,7 +1623,7 @@ dbit_trap_20: + + idtlbt pte,prot + +- tlb_unlock0 spc,t0 ++ ptl_unlock0 spc,t0 + rfir + nop + #endif +diff --git a/arch/parisc/mm/hugetlbpage.c b/arch/parisc/mm/hugetlbpage.c +index d7ba014a7fbb..43652de5f139 100644 +--- a/arch/parisc/mm/hugetlbpage.c ++++ b/arch/parisc/mm/hugetlbpage.c +@@ -142,24 +142,17 @@ static void __set_huge_pte_at(struct mm_struct *mm, unsigned long addr, + void set_huge_pte_at(struct mm_struct *mm, unsigned long addr, + pte_t *ptep, pte_t entry) + { +- unsigned long flags; +- +- spin_lock_irqsave(pgd_spinlock((mm)->pgd), flags); + __set_huge_pte_at(mm, addr, ptep, entry); +- spin_unlock_irqrestore(pgd_spinlock((mm)->pgd), flags); + } + + + pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + pte_t *ptep) + { +- unsigned long flags; + pte_t entry; + +- spin_lock_irqsave(pgd_spinlock((mm)->pgd), flags); + entry = *ptep; + __set_huge_pte_at(mm, addr, ptep, __pte(0)); +- spin_unlock_irqrestore(pgd_spinlock((mm)->pgd), flags); + + return entry; + } +@@ -168,29 +161,23 @@ pte_t huge_ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, + void huge_ptep_set_wrprotect(struct mm_struct *mm, + unsigned long addr, pte_t *ptep) + { +- unsigned long flags; + pte_t old_pte; + +- spin_lock_irqsave(pgd_spinlock((mm)->pgd), flags); + old_pte = *ptep; + __set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte)); +- spin_unlock_irqrestore(pgd_spinlock((mm)->pgd), flags); + } + + int huge_ptep_set_access_flags(struct vm_area_struct *vma, + unsigned long addr, pte_t *ptep, + pte_t pte, int dirty) + { +- unsigned long flags; + int changed; + struct mm_struct *mm = vma->vm_mm; + +- spin_lock_irqsave(pgd_spinlock((mm)->pgd), flags); + changed = !pte_same(*ptep, pte); + if (changed) { + __set_huge_pte_at(mm, addr, ptep, pte); + } +- spin_unlock_irqrestore(pgd_spinlock((mm)->pgd), flags); + return changed; + } + +diff --git a/arch/parisc/mm/init.c b/arch/parisc/mm/init.c +index 319afa00cdf7..6a083fc87a03 100644 +--- a/arch/parisc/mm/init.c ++++ b/arch/parisc/mm/init.c +@@ -37,11 +37,6 @@ extern int data_start; + extern void parisc_kernel_start(void); /* Kernel entry point in head.S */ + + #if CONFIG_PGTABLE_LEVELS == 3 +-/* NOTE: This layout exactly conforms to the hybrid L2/L3 page table layout +- * with the first pmd adjacent to the pgd and below it. gcc doesn't actually +- * guarantee that global objects will be laid out in memory in the same order +- * as the order of declaration, so put these in different sections and use +- * the linker script to order them. */ + pmd_t pmd0[PTRS_PER_PMD] __section(".data..vm0.pmd") __attribute__ ((aligned(PAGE_SIZE))); + #endif + +@@ -558,6 +553,11 @@ void __init mem_init(void) + BUILD_BUG_ON(PGD_ENTRY_SIZE != sizeof(pgd_t)); + BUILD_BUG_ON(PAGE_SHIFT + BITS_PER_PTE + BITS_PER_PMD + BITS_PER_PGD + > BITS_PER_LONG); ++#if CONFIG_PGTABLE_LEVELS == 3 ++ BUILD_BUG_ON(PT_INITIAL > PTRS_PER_PMD); ++#else ++ BUILD_BUG_ON(PT_INITIAL > PTRS_PER_PGD); ++#endif + + high_memory = __va((max_pfn << PAGE_SHIFT)); + set_max_mapnr(max_low_pfn); +-- +2.35.1 + diff --git a/queue-5.10/pinctrl-sunxi-fix-name-for-a100-r_pio.patch b/queue-5.10/pinctrl-sunxi-fix-name-for-a100-r_pio.patch new file mode 100644 index 00000000000..0551bcfb4d5 --- /dev/null +++ b/queue-5.10/pinctrl-sunxi-fix-name-for-a100-r_pio.patch @@ -0,0 +1,38 @@ +From 18b586b48c6b0211df1aa40a275e9ba22eb30dbf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Aug 2022 10:45:41 +0800 +Subject: pinctrl: sunxi: Fix name for A100 R_PIO + +From: Michael Wu + +[ Upstream commit 76648c867c6c03b8a468d9c9222025873ecc613d ] + +The name of A100 R_PIO driver should be sun50i-a100-r-pinctrl, +not sun50iw10p1-r-pinctrl. + +Fixes: 473436e7647d6 ("pinctrl: sunxi: add support for the Allwinner A100 pin controller") +Signed-off-by: Michael Wu +Acked-by: Samuel Holland +Link: https://lore.kernel.org/r/20220819024541.74191-1-michael@allwinnertech.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/pinctrl/sunxi/pinctrl-sun50i-a100-r.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/pinctrl/sunxi/pinctrl-sun50i-a100-r.c b/drivers/pinctrl/sunxi/pinctrl-sun50i-a100-r.c +index 21054fcacd34..18088f6f44b2 100644 +--- a/drivers/pinctrl/sunxi/pinctrl-sun50i-a100-r.c ++++ b/drivers/pinctrl/sunxi/pinctrl-sun50i-a100-r.c +@@ -98,7 +98,7 @@ MODULE_DEVICE_TABLE(of, a100_r_pinctrl_match); + static struct platform_driver a100_r_pinctrl_driver = { + .probe = a100_r_pinctrl_probe, + .driver = { +- .name = "sun50iw10p1-r-pinctrl", ++ .name = "sun50i-a100-r-pinctrl", + .of_match_table = a100_r_pinctrl_match, + }, + }; +-- +2.35.1 + diff --git a/queue-5.10/platform-x86-intel-hid-add-quirk-to-support-surface-.patch b/queue-5.10/platform-x86-intel-hid-add-quirk-to-support-surface-.patch new file mode 100644 index 00000000000..4f9d135ae15 --- /dev/null +++ b/queue-5.10/platform-x86-intel-hid-add-quirk-to-support-surface-.patch @@ -0,0 +1,44 @@ +From c0869381df903bd8d36840766c8f4721f63a0e33 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Dec 2021 14:28:10 -0700 +Subject: platform/x86/intel: hid: add quirk to support Surface Go 3 + +From: Alex Hung + +[ Upstream commit 01e16cb67cce68afaeb9c7bed72299036dbb0bc1 ] + +Similar to other systems Surface Go 3 requires a DMI quirk to enable +5 button array for power and volume buttons. + +Buglink: https://github.com/linux-surface/linux-surface/issues/595 + +Cc: stable@vger.kernel.org +Signed-off-by: Alex Hung +Link: https://lore.kernel.org/r/20211203212810.2666508-1-alex.hung@canonical.com +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/intel-hid.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/platform/x86/intel-hid.c b/drivers/platform/x86/intel-hid.c +index 8a0cd5bf0065..cebddefba2f4 100644 +--- a/drivers/platform/x86/intel-hid.c ++++ b/drivers/platform/x86/intel-hid.c +@@ -93,6 +93,13 @@ static const struct dmi_system_id button_array_table[] = { + DMI_MATCH(DMI_PRODUCT_FAMILY, "ThinkPad X1 Tablet Gen 2"), + }, + }, ++ { ++ .ident = "Microsoft Surface Go 3", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Microsoft Corporation"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Surface Go 3"), ++ }, ++ }, + { } + }; + +-- +2.35.1 + diff --git a/queue-5.10/powerpc-pseries-mobility-ignore-ibm-platform-facilit.patch b/queue-5.10/powerpc-pseries-mobility-ignore-ibm-platform-facilit.patch new file mode 100644 index 00000000000..807e982efe7 --- /dev/null +++ b/queue-5.10/powerpc-pseries-mobility-ignore-ibm-platform-facilit.patch @@ -0,0 +1,181 @@ +From 22fcef10448ce0354437bde5b51f0da3ea7c0358 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Oct 2021 14:47:03 -0500 +Subject: powerpc/pseries/mobility: ignore ibm, platform-facilities updates +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nathan Lynch + +[ Upstream commit 319fa1a52e438a6e028329187783a25ad498c4e6 ] + +On VMs with NX encryption, compression, and/or RNG offload, these +capabilities are described by nodes in the ibm,platform-facilities device +tree hierarchy: + + $ tree -d /sys/firmware/devicetree/base/ibm,platform-facilities/ + /sys/firmware/devicetree/base/ibm,platform-facilities/ + ├── ibm,compression-v1 + ├── ibm,random-v1 + └── ibm,sym-encryption-v1 + + 3 directories + +The acceleration functions that these nodes describe are not disrupted by +live migration, not even temporarily. + +But the post-migration ibm,update-nodes sequence firmware always sends +"delete" messages for this hierarchy, followed by an "add" directive to +reconstruct it via ibm,configure-connector (log with debugging statements +enabled in mobility.c): + + mobility: removing node /ibm,platform-facilities/ibm,random-v1:4294967285 + mobility: removing node /ibm,platform-facilities/ibm,compression-v1:4294967284 + mobility: removing node /ibm,platform-facilities/ibm,sym-encryption-v1:4294967283 + mobility: removing node /ibm,platform-facilities:4294967286 + ... + mobility: added node /ibm,platform-facilities:4294967286 + +Note we receive a single "add" message for the entire hierarchy, and what +we receive from the ibm,configure-connector sequence is the top-level +platform-facilities node along with its three children. The debug message +simply reports the parent node and not the whole subtree. + +Also, significantly, the nodes added are almost completely equivalent to +the ones removed; even phandles are unchanged. ibm,shared-interrupt-pool in +the leaf nodes is the only property I've observed to differ, and Linux does +not use that. So in practice, the sum of update messages Linux receives for +this hierarchy is equivalent to minor property updates. + +We succeed in removing the original hierarchy from the device tree. But the +vio bus code is ignorant of this, and does not unbind or relinquish its +references. The leaf nodes, still reachable through sysfs, of course still +refer to the now-freed ibm,platform-facilities parent node, which makes +use-after-free possible: + + refcount_t: addition on 0; use-after-free. + WARNING: CPU: 3 PID: 1706 at lib/refcount.c:25 refcount_warn_saturate+0x164/0x1f0 + refcount_warn_saturate+0x160/0x1f0 (unreliable) + kobject_get+0xf0/0x100 + of_node_get+0x30/0x50 + of_get_parent+0x50/0xb0 + of_fwnode_get_parent+0x54/0x90 + fwnode_count_parents+0x50/0x150 + fwnode_full_name_string+0x30/0x110 + device_node_string+0x49c/0x790 + vsnprintf+0x1c0/0x4c0 + sprintf+0x44/0x60 + devspec_show+0x34/0x50 + dev_attr_show+0x40/0xa0 + sysfs_kf_seq_show+0xbc/0x200 + kernfs_seq_show+0x44/0x60 + seq_read_iter+0x2a4/0x740 + kernfs_fop_read_iter+0x254/0x2e0 + new_sync_read+0x120/0x190 + vfs_read+0x1d0/0x240 + +Moreover, the "new" replacement subtree is not correctly added to the +device tree, resulting in ibm,platform-facilities parent node without the +appropriate leaf nodes, and broken symlinks in the sysfs device hierarchy: + + $ tree -d /sys/firmware/devicetree/base/ibm,platform-facilities/ + /sys/firmware/devicetree/base/ibm,platform-facilities/ + + 0 directories + + $ cd /sys/devices/vio ; find . -xtype l -exec file {} + + ./ibm,sym-encryption-v1/of_node: broken symbolic link to + ../../../firmware/devicetree/base/ibm,platform-facilities/ibm,sym-encryption-v1 + ./ibm,random-v1/of_node: broken symbolic link to + ../../../firmware/devicetree/base/ibm,platform-facilities/ibm,random-v1 + ./ibm,compression-v1/of_node: broken symbolic link to + ../../../firmware/devicetree/base/ibm,platform-facilities/ibm,compression-v1 + +This is because add_dt_node() -> dlpar_attach_node() attaches only the +parent node returned from configure-connector, ignoring any children. This +should be corrected for the general case, but fixing that won't help with +the stale OF node references, which is the more urgent problem. + +One way to address that would be to make the drivers respond to node +removal notifications, so that node references can be dropped +appropriately. But this would likely force the drivers to disrupt active +clients for no useful purpose: equivalent nodes are immediately re-added. +And recall that the acceleration capabilities described by the nodes remain +available throughout the whole process. + +The solution I believe to be robust for this situation is to convert +remove+add of a node with an unchanged phandle to an update of the node's +properties in the Linux device tree structure. That would involve changing +and adding a fair amount of code, and may take several iterations to land. + +Until that can be realized we have a confirmed use-after-free and the +possibility of memory corruption. So add a limited workaround that +discriminates on the node type, ignoring adds and removes. This should be +amenable to backporting in the meantime. + +Fixes: 410bccf97881 ("powerpc/pseries: Partition migration in the kernel") +Cc: stable@vger.kernel.org +Signed-off-by: Nathan Lynch +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20211020194703.2613093-1-nathanl@linux.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/platforms/pseries/mobility.c | 34 +++++++++++++++++++++++ + 1 file changed, 34 insertions(+) + +diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c +index acf1664d1ad7..f386a7bc3811 100644 +--- a/arch/powerpc/platforms/pseries/mobility.c ++++ b/arch/powerpc/platforms/pseries/mobility.c +@@ -61,6 +61,27 @@ static int mobility_rtas_call(int token, char *buf, s32 scope) + + static int delete_dt_node(struct device_node *dn) + { ++ struct device_node *pdn; ++ bool is_platfac; ++ ++ pdn = of_get_parent(dn); ++ is_platfac = of_node_is_type(dn, "ibm,platform-facilities") || ++ of_node_is_type(pdn, "ibm,platform-facilities"); ++ of_node_put(pdn); ++ ++ /* ++ * The drivers that bind to nodes in the platform-facilities ++ * hierarchy don't support node removal, and the removal directive ++ * from firmware is always followed by an add of an equivalent ++ * node. The capability (e.g. RNG, encryption, compression) ++ * represented by the node is never interrupted by the migration. ++ * So ignore changes to this part of the tree. ++ */ ++ if (is_platfac) { ++ pr_notice("ignoring remove operation for %pOFfp\n", dn); ++ return 0; ++ } ++ + pr_debug("removing node %pOFfp\n", dn); + dlpar_detach_node(dn); + return 0; +@@ -219,6 +240,19 @@ static int add_dt_node(struct device_node *parent_dn, __be32 drc_index) + if (!dn) + return -ENOENT; + ++ /* ++ * Since delete_dt_node() ignores this node type, this is the ++ * necessary counterpart. We also know that a platform-facilities ++ * node returned from dlpar_configure_connector() has children ++ * attached, and dlpar_attach_node() only adds the parent, leaking ++ * the children. So ignore these on the add side for now. ++ */ ++ if (of_node_is_type(dn, "ibm,platform-facilities")) { ++ pr_notice("ignoring add operation for %pOF\n", dn); ++ dlpar_free_cc_nodes(dn); ++ return 0; ++ } ++ + rc = dlpar_attach_node(dn, parent_dn); + if (rc) + dlpar_free_cc_nodes(dn); +-- +2.35.1 + diff --git a/queue-5.10/powerpc-pseries-mobility-refactor-node-lookup-during.patch b/queue-5.10/powerpc-pseries-mobility-refactor-node-lookup-during.patch new file mode 100644 index 00000000000..57c01099047 --- /dev/null +++ b/queue-5.10/powerpc-pseries-mobility-refactor-node-lookup-during.patch @@ -0,0 +1,154 @@ +From ef6f77afc7f045ccc8f3d1ac9877987e2f894937 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Dec 2020 15:52:00 -0600 +Subject: powerpc/pseries/mobility: refactor node lookup during DT update + +From: Nathan Lynch + +[ Upstream commit 2efd7f6eb9b7107e469837d8452e750d7d080a5d ] + +In pseries_devicetree_update(), with each call to ibm,update-nodes the +partition firmware communicates the node to be deleted or updated by +placing its phandle in the work buffer. Each of delete_dt_node(), +update_dt_node(), and add_dt_node() have duplicate lookups using the +phandle value and corresponding refcount management. + +Move the lookup and of_node_put() into pseries_devicetree_update(), +and emit a warning on any failed lookups. + +Signed-off-by: Nathan Lynch +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20201207215200.1785968-29-nathanl@linux.ibm.com +Stable-dep-of: 319fa1a52e43 ("powerpc/pseries/mobility: ignore ibm, platform-facilities updates") +Signed-off-by: Sasha Levin +--- + arch/powerpc/platforms/pseries/mobility.c | 49 ++++++++--------------- + 1 file changed, 17 insertions(+), 32 deletions(-) + +diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c +index 2f73cb5bf12d..acf1664d1ad7 100644 +--- a/arch/powerpc/platforms/pseries/mobility.c ++++ b/arch/powerpc/platforms/pseries/mobility.c +@@ -59,18 +59,10 @@ static int mobility_rtas_call(int token, char *buf, s32 scope) + return rc; + } + +-static int delete_dt_node(__be32 phandle) ++static int delete_dt_node(struct device_node *dn) + { +- struct device_node *dn; +- +- dn = of_find_node_by_phandle(be32_to_cpu(phandle)); +- if (!dn) +- return -ENOENT; +- + pr_debug("removing node %pOFfp\n", dn); +- + dlpar_detach_node(dn); +- of_node_put(dn); + return 0; + } + +@@ -135,10 +127,9 @@ static int update_dt_property(struct device_node *dn, struct property **prop, + return 0; + } + +-static int update_dt_node(__be32 phandle, s32 scope) ++static int update_dt_node(struct device_node *dn, s32 scope) + { + struct update_props_workarea *upwa; +- struct device_node *dn; + struct property *prop = NULL; + int i, rc, rtas_rc; + char *prop_data; +@@ -155,14 +146,8 @@ static int update_dt_node(__be32 phandle, s32 scope) + if (!rtas_buf) + return -ENOMEM; + +- dn = of_find_node_by_phandle(be32_to_cpu(phandle)); +- if (!dn) { +- kfree(rtas_buf); +- return -ENOENT; +- } +- + upwa = (struct update_props_workarea *)&rtas_buf[0]; +- upwa->phandle = phandle; ++ upwa->phandle = cpu_to_be32(dn->phandle); + + do { + rtas_rc = mobility_rtas_call(update_properties_token, rtas_buf, +@@ -221,26 +206,18 @@ static int update_dt_node(__be32 phandle, s32 scope) + cond_resched(); + } while (rtas_rc == 1); + +- of_node_put(dn); + kfree(rtas_buf); + return 0; + } + +-static int add_dt_node(__be32 parent_phandle, __be32 drc_index) ++static int add_dt_node(struct device_node *parent_dn, __be32 drc_index) + { + struct device_node *dn; +- struct device_node *parent_dn; + int rc; + +- parent_dn = of_find_node_by_phandle(be32_to_cpu(parent_phandle)); +- if (!parent_dn) +- return -ENOENT; +- + dn = dlpar_configure_connector(drc_index, parent_dn); +- if (!dn) { +- of_node_put(parent_dn); ++ if (!dn) + return -ENOENT; +- } + + rc = dlpar_attach_node(dn, parent_dn); + if (rc) +@@ -248,7 +225,6 @@ static int add_dt_node(__be32 parent_phandle, __be32 drc_index) + + pr_debug("added node %pOFfp\n", dn); + +- of_node_put(parent_dn); + return rc; + } + +@@ -281,22 +257,31 @@ int pseries_devicetree_update(s32 scope) + data++; + + for (i = 0; i < node_count; i++) { ++ struct device_node *np; + __be32 phandle = *data++; + __be32 drc_index; + ++ np = of_find_node_by_phandle(be32_to_cpu(phandle)); ++ if (!np) { ++ pr_warn("Failed lookup: phandle 0x%x for action 0x%x\n", ++ be32_to_cpu(phandle), action); ++ continue; ++ } ++ + switch (action) { + case DELETE_DT_NODE: +- delete_dt_node(phandle); ++ delete_dt_node(np); + break; + case UPDATE_DT_NODE: +- update_dt_node(phandle, scope); ++ update_dt_node(np, scope); + break; + case ADD_DT_NODE: + drc_index = *data++; +- add_dt_node(phandle, drc_index); ++ add_dt_node(np, drc_index); + break; + } + ++ of_node_put(np); + cond_resched(); + } + } +-- +2.35.1 + diff --git a/queue-5.10/serial-8250-fix-reporting-real-baudrate-value-in-c_o.patch b/queue-5.10/serial-8250-fix-reporting-real-baudrate-value-in-c_o.patch new file mode 100644 index 00000000000..6d10ab849ed --- /dev/null +++ b/queue-5.10/serial-8250-fix-reporting-real-baudrate-value-in-c_o.patch @@ -0,0 +1,84 @@ +From b29f6305c471c758a77a72ee7bc03cdc0331e8db Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 27 Sep 2021 11:37:04 +0200 +Subject: serial: 8250: Fix reporting real baudrate value in c_ospeed field +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pali Rohár + +[ Upstream commit 32262e2e429cdb31f9e957e997d53458762931b7 ] + +In most cases it is not possible to set exact baudrate value to hardware. + +So fix reporting real baudrate value which was set to hardware via c_ospeed +termios field. It can be retrieved by ioctl(TCGETS2) from userspace. + +Real baudrate value is calculated from chosen hardware divisor and base +clock. It is implemented in a new function serial8250_compute_baud_rate() +which is inverse of serial8250_get_divisor() function. + +With this change is fixed also UART timeout value (it is updated via +uart_update_timeout() function), which is calculated from the now fixed +baudrate value too. + +Cc: stable@vger.kernel.org +Signed-off-by: Pali Rohár +Link: https://lore.kernel.org/r/20210927093704.19768-1-pali@kernel.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/8250/8250_port.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c +index 9d60418e4adb..eaf4eb33a78d 100644 +--- a/drivers/tty/serial/8250/8250_port.c ++++ b/drivers/tty/serial/8250/8250_port.c +@@ -2547,6 +2547,19 @@ static unsigned int serial8250_get_divisor(struct uart_port *port, + return serial8250_do_get_divisor(port, baud, frac); + } + ++static unsigned int serial8250_compute_baud_rate(struct uart_port *port, ++ unsigned int quot) ++{ ++ if ((port->flags & UPF_MAGIC_MULTIPLIER) && quot == 0x8001) ++ return port->uartclk / 4; ++ else if ((port->flags & UPF_MAGIC_MULTIPLIER) && quot == 0x8002) ++ return port->uartclk / 8; ++ else if (port->type == PORT_NPCM) ++ return DIV_ROUND_CLOSEST(port->uartclk - 2 * (quot + 2), 16 * (quot + 2)); ++ else ++ return DIV_ROUND_CLOSEST(port->uartclk, 16 * quot); ++} ++ + static unsigned char serial8250_compute_lcr(struct uart_8250_port *up, + tcflag_t c_cflag) + { +@@ -2688,11 +2701,14 @@ void serial8250_update_uartclk(struct uart_port *port, unsigned int uartclk) + + baud = serial8250_get_baud_rate(port, termios, NULL); + quot = serial8250_get_divisor(port, baud, &frac); ++ baud = serial8250_compute_baud_rate(port, quot); + + serial8250_rpm_get(up); + spin_lock_irqsave(&port->lock, flags); + + uart_update_timeout(port, termios->c_cflag, baud); ++ if (tty_termios_baud_rate(termios)) ++ tty_termios_encode_baud_rate(termios, baud, baud); + + serial8250_set_divisor(port, baud, quot, frac); + serial_port_out(port, UART_LCR, up->lcr); +@@ -2726,6 +2742,7 @@ serial8250_do_set_termios(struct uart_port *port, struct ktermios *termios, + + baud = serial8250_get_baud_rate(port, termios, old); + quot = serial8250_get_divisor(port, baud, &frac); ++ baud = serial8250_compute_baud_rate(port, quot); + + /* + * Ok, we're now changing the port state. Do it with +-- +2.35.1 + diff --git a/queue-5.10/series b/queue-5.10/series index 97e25eeae2b..e397505ae31 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -21,3 +21,20 @@ x86-ibt-ftrace-make-function-graph-play-nice.patch x86-ftrace-use-alternative-ret-encoding.patch soc-fsl-select-fsl_guts-driver-for-dpio.patch input-goodix-add-compatible-string-for-gt1158.patch +kvm-ppc-book3s-hv-context-tracking-exit-guest-contex.patch +kvm-ppc-tick-accounting-should-defer-vtime-accountin.patch +serial-8250-fix-reporting-real-baudrate-value-in-c_o.patch +parisc-optimize-per-pagetable-spinlocks.patch +parisc-flush-kernel-data-mapping-in-set_pte_at-when-.patch +dmaengine-bestcomm-fix-system-boot-lockups.patch +powerpc-pseries-mobility-refactor-node-lookup-during.patch +powerpc-pseries-mobility-ignore-ibm-platform-facilit.patch +usb-cdns3-gadget-fix-new-urb-never-complete-if-ep-ca.patch +platform-x86-intel-hid-add-quirk-to-support-surface-.patch +net-dsa-mv88e6xxx-allow-use-of-phys-on-cpu-and-dsa-p.patch +of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch +pinctrl-sunxi-fix-name-for-a100-r_pio.patch +nfsv4-turn-off-open-by-filehandle-and-nfs-re-export-.patch +gpio-mpc8xxx-fix-support-for-irq_type_level_low-flow.patch +drm-meson-correct-osd1-global-alpha-value.patch +drm-meson-fix-osd1-rgb-to-ycbcr-coefficient.patch diff --git a/queue-5.10/usb-cdns3-gadget-fix-new-urb-never-complete-if-ep-ca.patch b/queue-5.10/usb-cdns3-gadget-fix-new-urb-never-complete-if-ep-ca.patch new file mode 100644 index 00000000000..a60bc921bff --- /dev/null +++ b/queue-5.10/usb-cdns3-gadget-fix-new-urb-never-complete-if-ep-ca.patch @@ -0,0 +1,102 @@ +From f019ee5569364f80d877025dcc5223a7126ac720 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 30 Nov 2021 09:42:39 -0600 +Subject: usb: cdns3: gadget: fix new urb never complete if ep cancel previous + requests + +From: Frank Li + +[ Upstream commit 387c2b6ba197c6df28e75359f7d892f7c8dec204 ] + +This issue was found at android12 MTP. +1. MTP submit many out urb request. +2. Cancel left requests (>20) when enough data get from host +3. Send ACK by IN endpoint. +4. MTP submit new out urb request. +5. 4's urb never complete. + +TRACE LOG: + +MtpServer-2157 [000] d..3 1287.150391: cdns3_ep_dequeue: ep1out: req: 00000000299e6836, req buff 000000009df42287, length: 0/16384 zsi, status: -115, trb: [start:87, end:87: virt addr 0x80004000ffd50420], flags:1 SID: 0 +MtpServer-2157 [000] d..3 1287.150410: cdns3_gadget_giveback: ep1out: req: 00000000299e6836, req buff 000000009df42287, length: 0/16384 zsi, status: -104, trb: [start:87, end:87: virt addr 0x80004000ffd50420], flags:0 SID: 0 +MtpServer-2157 [000] d..3 1287.150433: cdns3_ep_dequeue: ep1out: req: 0000000080b7bde6, req buff 000000009ed5c556, length: 0/16384 zsi, status: -115, trb: [start:88, end:88: virt addr 0x80004000ffd5042c], flags:1 SID: 0 +MtpServer-2157 [000] d..3 1287.150446: cdns3_gadget_giveback: ep1out: req: 0000000080b7bde6, req buff 000000009ed5c556, length: 0/16384 zsi, status: -104, trb: [start:88, end:88: virt addr 0x80004000ffd5042c], flags:0 SID: 0 + .... +MtpServer-2157 [000] d..1 1293.630410: cdns3_alloc_request: ep1out: req: 00000000afbccb7d, req buff 0000000000000000, length: 0/0 zsi, status: 0, trb: [start:0, end:0: virt addr (null)], flags:0 SID: 0 +MtpServer-2157 [000] d..2 1293.630421: cdns3_ep_queue: ep1out: req: 00000000afbccb7d, req buff 00000000871caf90, length: 0/512 zsi, status: -115, trb: [start:0, end:0: virt addr (null)], flags:0 SID: 0 +MtpServer-2157 [000] d..2 1293.630445: cdns3_wa1: WA1: ep1out set guard +MtpServer-2157 [000] d..2 1293.630450: cdns3_wa1: WA1: ep1out restore cycle bit +MtpServer-2157 [000] d..2 1293.630453: cdns3_prepare_trb: ep1out: trb 000000007317b3ee, dma buf: 0xffd5bc00, size: 512, burst: 128 ctrl: 0x00000424 (C=0, T=0, ISP, IOC, Normal) SID:0 LAST_SID:0 +MtpServer-2157 [000] d..2 1293.630460: cdns3_doorbell_epx: ep1out, ep_trbaddr ffd50414 + .... +irq/241-5b13000-2154 [000] d..1 1293.680849: cdns3_epx_irq: IRQ for ep1out: 01000408 ISP , ep_traddr: ffd508ac ep_last_sid: 00000000 use_streams: 0 +irq/241-5b13000-2154 [000] d..1 1293.680858: cdns3_complete_trb: ep1out: trb 0000000021a11b54, dma buf: 0xffd50420, size: 16384, burst: 128 ctrl: 0x00001810 (C=0, T=0, CHAIN, LINK) SID:0 LAST_SID:0 +irq/241-5b13000-2154 [000] d..1 1293.680865: cdns3_request_handled: Req: 00000000afbccb7d not handled, DMA pos: 185, ep deq: 88, ep enq: 185, start trb: 184, end trb: 184 + +Actually DMA pos already bigger than previous submit request afbccb7d's TRB (184-184). The reason of (not handled) is that deq position is wrong. + +The TRB link is below when irq happen. + + DEQ LINK LINK LINK LINK LINK .... TRB(afbccb7d):START DMA(EP_TRADDR). + +Original code check LINK TRB, but DEQ just move one step. + + LINK DEQ LINK LINK LINK LINK .... TRB(afbccb7d):START DMA(EP_TRADDR). + +This patch skip all LINK TRB and sync DEQ to trb's start. + + LINK LINK LINK LINK LINK .... DEQ = TRB(afbccb7d):START DMA(EP_TRADDR). + +Acked-by: Peter Chen +Cc: stable +Signed-off-by: Frank Li +Signed-off-by: Jun Li +Link: https://lore.kernel.org/r/20211130154239.8029-1-Frank.Li@nxp.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/cdns3/gadget.c | 20 ++++---------------- + 1 file changed, 4 insertions(+), 16 deletions(-) + +diff --git a/drivers/usb/cdns3/gadget.c b/drivers/usb/cdns3/gadget.c +index a37ea946459c..c6fc14b169da 100644 +--- a/drivers/usb/cdns3/gadget.c ++++ b/drivers/usb/cdns3/gadget.c +@@ -352,19 +352,6 @@ static void cdns3_ep_inc_deq(struct cdns3_endpoint *priv_ep) + cdns3_ep_inc_trb(&priv_ep->dequeue, &priv_ep->ccs, priv_ep->num_trbs); + } + +-static void cdns3_move_deq_to_next_trb(struct cdns3_request *priv_req) +-{ +- struct cdns3_endpoint *priv_ep = priv_req->priv_ep; +- int current_trb = priv_req->start_trb; +- +- while (current_trb != priv_req->end_trb) { +- cdns3_ep_inc_deq(priv_ep); +- current_trb = priv_ep->dequeue; +- } +- +- cdns3_ep_inc_deq(priv_ep); +-} +- + /** + * cdns3_allow_enable_l1 - enable/disable permits to transition to L1. + * @priv_dev: Extended gadget object +@@ -1518,10 +1505,11 @@ static void cdns3_transfer_completed(struct cdns3_device *priv_dev, + + trb = priv_ep->trb_pool + priv_ep->dequeue; + +- /* Request was dequeued and TRB was changed to TRB_LINK. */ +- if (TRB_FIELD_TO_TYPE(le32_to_cpu(trb->control)) == TRB_LINK) { ++ /* The TRB was changed as link TRB, and the request was handled at ep_dequeue */ ++ while (TRB_FIELD_TO_TYPE(le32_to_cpu(trb->control)) == TRB_LINK) { + trace_cdns3_complete_trb(priv_ep, trb); +- cdns3_move_deq_to_next_trb(priv_req); ++ cdns3_ep_inc_deq(priv_ep); ++ trb = priv_ep->trb_pool + priv_ep->dequeue; + } + + if (!request->stream_id) { +-- +2.35.1 + -- 2.47.3