From e499ef016d77a04ff8dc7eb607aba4fa2f9e9915 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 29 Jan 2024 08:17:03 -0800 Subject: [PATCH] 6.1-stable patches added patches: cxl-region-fix-overflow-issue-in-alloc_hpa.patch mips-call-lose_fpu-0-before-initializing-fcr31-in-mips_set_personality_nan.patch tick-sched-preserve-number-of-idle-sleeps-across-cpu-hotplug-events.patch x86-entry-ia32-ensure-s32-is-sign-extended-to-s64.patch --- ...gion-fix-overflow-issue-in-alloc_hpa.patch | 52 +++++++++++ ...ng-fcr31-in-mips_set_personality_nan.patch | 57 ++++++++++++ queue-6.1/series | 4 + ...dle-sleeps-across-cpu-hotplug-events.patch | 52 +++++++++++ ...2-ensure-s32-is-sign-extended-to-s64.patch | 86 +++++++++++++++++++ 5 files changed, 251 insertions(+) create mode 100644 queue-6.1/cxl-region-fix-overflow-issue-in-alloc_hpa.patch create mode 100644 queue-6.1/mips-call-lose_fpu-0-before-initializing-fcr31-in-mips_set_personality_nan.patch create mode 100644 queue-6.1/tick-sched-preserve-number-of-idle-sleeps-across-cpu-hotplug-events.patch create mode 100644 queue-6.1/x86-entry-ia32-ensure-s32-is-sign-extended-to-s64.patch diff --git a/queue-6.1/cxl-region-fix-overflow-issue-in-alloc_hpa.patch b/queue-6.1/cxl-region-fix-overflow-issue-in-alloc_hpa.patch new file mode 100644 index 00000000000..ceda6e35d4e --- /dev/null +++ b/queue-6.1/cxl-region-fix-overflow-issue-in-alloc_hpa.patch @@ -0,0 +1,52 @@ +From d76779dd3681c01a4c6c3cae4d0627c9083e0ee6 Mon Sep 17 00:00:00 2001 +From: Quanquan Cao +Date: Wed, 24 Jan 2024 17:15:26 +0800 +Subject: cxl/region:Fix overflow issue in alloc_hpa() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Quanquan Cao + +commit d76779dd3681c01a4c6c3cae4d0627c9083e0ee6 upstream. + +Creating a region with 16 memory devices caused a problem. The div_u64_rem +function, used for dividing an unsigned 64-bit number by a 32-bit one, +faced an issue when SZ_256M * p->interleave_ways. The result surpassed +the maximum limit of the 32-bit divisor (4G), leading to an overflow +and a remainder of 0. +note: At this point, p->interleave_ways is 16, meaning 16 * 256M = 4G + +To fix this issue, I replaced the div_u64_rem function with div64_u64_rem +and adjusted the type of the remainder. + +Signed-off-by: Quanquan Cao +Reviewed-by: Dave Jiang +Fixes: 23a22cd1c98b ("cxl/region: Allocate HPA capacity to regions") +Cc: +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman +--- + drivers/cxl/core/region.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/cxl/core/region.c ++++ b/drivers/cxl/core/region.c +@@ -450,7 +450,7 @@ static int alloc_hpa(struct cxl_region * + struct cxl_root_decoder *cxlrd = to_cxl_root_decoder(cxlr->dev.parent); + struct cxl_region_params *p = &cxlr->params; + struct resource *res; +- u32 remainder = 0; ++ u64 remainder = 0; + + lockdep_assert_held_write(&cxl_region_rwsem); + +@@ -470,7 +470,7 @@ static int alloc_hpa(struct cxl_region * + (cxlr->mode == CXL_DECODER_PMEM && uuid_is_null(&p->uuid))) + return -ENXIO; + +- div_u64_rem(size, SZ_256M * p->interleave_ways, &remainder); ++ div64_u64_rem(size, (u64)SZ_256M * p->interleave_ways, &remainder); + if (remainder) + return -EINVAL; + diff --git a/queue-6.1/mips-call-lose_fpu-0-before-initializing-fcr31-in-mips_set_personality_nan.patch b/queue-6.1/mips-call-lose_fpu-0-before-initializing-fcr31-in-mips_set_personality_nan.patch new file mode 100644 index 00000000000..9d6945466f6 --- /dev/null +++ b/queue-6.1/mips-call-lose_fpu-0-before-initializing-fcr31-in-mips_set_personality_nan.patch @@ -0,0 +1,57 @@ +From 59be5c35850171e307ca5d3d703ee9ff4096b948 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Sat, 27 Jan 2024 05:05:57 +0800 +Subject: mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan + +From: Xi Ruoyao + +commit 59be5c35850171e307ca5d3d703ee9ff4096b948 upstream. + +If we still own the FPU after initializing fcr31, when we are preempted +the dirty value in the FPU will be read out and stored into fcr31, +clobbering our setting. This can cause an improper floating-point +environment after execve(). For example: + + zsh% cat measure.c + #include + int main() { return fetestexcept(FE_INEXACT); } + zsh% cc measure.c -o measure -lm + zsh% echo $((1.0/3)) # raising FE_INEXACT + 0.33333333333333331 + zsh% while ./measure; do ; done + (stopped in seconds) + +Call lose_fpu(0) before setting fcr31 to prevent this. + +Closes: https://lore.kernel.org/linux-mips/7a6aa1bbdbbe2e63ae96ff163fab0349f58f1b9e.camel@xry111.site/ +Fixes: 9b26616c8d9d ("MIPS: Respect the ISA level in FCSR handling") +Cc: stable@vger.kernel.org +Signed-off-by: Xi Ruoyao +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/kernel/elf.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/arch/mips/kernel/elf.c ++++ b/arch/mips/kernel/elf.c +@@ -11,6 +11,7 @@ + + #include + #include ++#include + + #ifdef CONFIG_MIPS_FP_SUPPORT + +@@ -309,6 +310,11 @@ void mips_set_personality_nan(struct arc + struct cpuinfo_mips *c = &boot_cpu_data; + struct task_struct *t = current; + ++ /* Do this early so t->thread.fpu.fcr31 won't be clobbered in case ++ * we are preempted before the lose_fpu(0) in start_thread. ++ */ ++ lose_fpu(0); ++ + t->thread.fpu.fcr31 = c->fpu_csr31; + switch (state->nan_2008) { + case 0: diff --git a/queue-6.1/series b/queue-6.1/series index fd33014ddc8..39c30a6f784 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -178,3 +178,7 @@ drm-bridge-anx7625-ensure-bridge-is-suspended-in-dis.patch spi-bcm-qspi-fix-sfdp-bfpt-read-by-usig-mspi-read.patch spi-fix-finalize-message-on-error-return.patch mips-lantiq-register-smp_ops-on-non-smp-platforms.patch +cxl-region-fix-overflow-issue-in-alloc_hpa.patch +mips-call-lose_fpu-0-before-initializing-fcr31-in-mips_set_personality_nan.patch +tick-sched-preserve-number-of-idle-sleeps-across-cpu-hotplug-events.patch +x86-entry-ia32-ensure-s32-is-sign-extended-to-s64.patch diff --git a/queue-6.1/tick-sched-preserve-number-of-idle-sleeps-across-cpu-hotplug-events.patch b/queue-6.1/tick-sched-preserve-number-of-idle-sleeps-across-cpu-hotplug-events.patch new file mode 100644 index 00000000000..17cdddb4f91 --- /dev/null +++ b/queue-6.1/tick-sched-preserve-number-of-idle-sleeps-across-cpu-hotplug-events.patch @@ -0,0 +1,52 @@ +From 9a574ea9069be30b835a3da772c039993c43369b Mon Sep 17 00:00:00 2001 +From: Tim Chen +Date: Mon, 22 Jan 2024 15:35:34 -0800 +Subject: tick/sched: Preserve number of idle sleeps across CPU hotplug events + +From: Tim Chen + +commit 9a574ea9069be30b835a3da772c039993c43369b upstream. + +Commit 71fee48f ("tick-sched: Fix idle and iowait sleeptime accounting vs +CPU hotplug") preserved total idle sleep time and iowait sleeptime across +CPU hotplug events. + +Similar reasoning applies to the number of idle calls and idle sleeps to +get the proper average of sleep time per idle invocation. + +Preserve those fields too. + +Fixes: 71fee48f ("tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug") +Signed-off-by: Tim Chen +Signed-off-by: Thomas Gleixner +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20240122233534.3094238-1-tim.c.chen@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + kernel/time/tick-sched.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/kernel/time/tick-sched.c ++++ b/kernel/time/tick-sched.c +@@ -1557,6 +1557,7 @@ void tick_cancel_sched_timer(int cpu) + { + struct tick_sched *ts = &per_cpu(tick_cpu_sched, cpu); + ktime_t idle_sleeptime, iowait_sleeptime; ++ unsigned long idle_calls, idle_sleeps; + + # ifdef CONFIG_HIGH_RES_TIMERS + if (ts->sched_timer.base) +@@ -1565,9 +1566,13 @@ void tick_cancel_sched_timer(int cpu) + + idle_sleeptime = ts->idle_sleeptime; + iowait_sleeptime = ts->iowait_sleeptime; ++ idle_calls = ts->idle_calls; ++ idle_sleeps = ts->idle_sleeps; + memset(ts, 0, sizeof(*ts)); + ts->idle_sleeptime = idle_sleeptime; + ts->iowait_sleeptime = iowait_sleeptime; ++ ts->idle_calls = idle_calls; ++ ts->idle_sleeps = idle_sleeps; + } + #endif + diff --git a/queue-6.1/x86-entry-ia32-ensure-s32-is-sign-extended-to-s64.patch b/queue-6.1/x86-entry-ia32-ensure-s32-is-sign-extended-to-s64.patch new file mode 100644 index 00000000000..0792b97be7a --- /dev/null +++ b/queue-6.1/x86-entry-ia32-ensure-s32-is-sign-extended-to-s64.patch @@ -0,0 +1,86 @@ +From 56062d60f117dccfb5281869e0ab61e090baf864 Mon Sep 17 00:00:00 2001 +From: Richard Palethorpe +Date: Wed, 10 Jan 2024 15:01:22 +0200 +Subject: x86/entry/ia32: Ensure s32 is sign extended to s64 + +From: Richard Palethorpe + +commit 56062d60f117dccfb5281869e0ab61e090baf864 upstream. + +Presently ia32 registers stored in ptregs are unconditionally cast to +unsigned int by the ia32 stub. They are then cast to long when passed to +__se_sys*, but will not be sign extended. + +This takes the sign of the syscall argument into account in the ia32 +stub. It still casts to unsigned int to avoid implementation specific +behavior. However then casts to int or unsigned int as necessary. So that +the following cast to long sign extends the value. + +This fixes the io_pgetevents02 LTP test when compiled with -m32. Presently +the systemcall io_pgetevents_time64() unexpectedly accepts -1 for the +maximum number of events. + +It doesn't appear other systemcalls with signed arguments are effected +because they all have compat variants defined and wired up. + +Fixes: ebeb8c82ffaf ("syscalls/x86: Use 'struct pt_regs' based syscall calling for IA32_EMULATION and x32") +Suggested-by: Arnd Bergmann +Signed-off-by: Richard Palethorpe +Signed-off-by: Nikolay Borisov +Signed-off-by: Thomas Gleixner +Reviewed-by: Arnd Bergmann +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20240110130122.3836513-1-nik.borisov@suse.com +Link: https://lore.kernel.org/ltp/20210921130127.24131-1-rpalethorpe@suse.com/ +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/syscall_wrapper.h | 25 +++++++++++++++++++++---- + include/linux/syscalls.h | 1 + + 2 files changed, 22 insertions(+), 4 deletions(-) + +--- a/arch/x86/include/asm/syscall_wrapper.h ++++ b/arch/x86/include/asm/syscall_wrapper.h +@@ -58,12 +58,29 @@ extern long __ia32_sys_ni_syscall(const + ,,regs->di,,regs->si,,regs->dx \ + ,,regs->r10,,regs->r8,,regs->r9) \ + ++ ++/* SYSCALL_PT_ARGS is Adapted from s390x */ ++#define SYSCALL_PT_ARG6(m, t1, t2, t3, t4, t5, t6) \ ++ SYSCALL_PT_ARG5(m, t1, t2, t3, t4, t5), m(t6, (regs->bp)) ++#define SYSCALL_PT_ARG5(m, t1, t2, t3, t4, t5) \ ++ SYSCALL_PT_ARG4(m, t1, t2, t3, t4), m(t5, (regs->di)) ++#define SYSCALL_PT_ARG4(m, t1, t2, t3, t4) \ ++ SYSCALL_PT_ARG3(m, t1, t2, t3), m(t4, (regs->si)) ++#define SYSCALL_PT_ARG3(m, t1, t2, t3) \ ++ SYSCALL_PT_ARG2(m, t1, t2), m(t3, (regs->dx)) ++#define SYSCALL_PT_ARG2(m, t1, t2) \ ++ SYSCALL_PT_ARG1(m, t1), m(t2, (regs->cx)) ++#define SYSCALL_PT_ARG1(m, t1) m(t1, (regs->bx)) ++#define SYSCALL_PT_ARGS(x, ...) SYSCALL_PT_ARG##x(__VA_ARGS__) ++ ++#define __SC_COMPAT_CAST(t, a) \ ++ (__typeof(__builtin_choose_expr(__TYPE_IS_L(t), 0, 0U))) \ ++ (unsigned int)a ++ + /* Mapping of registers to parameters for syscalls on i386 */ + #define SC_IA32_REGS_TO_ARGS(x, ...) \ +- __MAP(x,__SC_ARGS \ +- ,,(unsigned int)regs->bx,,(unsigned int)regs->cx \ +- ,,(unsigned int)regs->dx,,(unsigned int)regs->si \ +- ,,(unsigned int)regs->di,,(unsigned int)regs->bp) ++ SYSCALL_PT_ARGS(x, __SC_COMPAT_CAST, \ ++ __MAP(x, __SC_TYPE, __VA_ARGS__)) \ + + #define __SYS_STUB0(abi, name) \ + long __##abi##_##name(const struct pt_regs *regs); \ +--- a/include/linux/syscalls.h ++++ b/include/linux/syscalls.h +@@ -123,6 +123,7 @@ enum landlock_rule_type; + #define __TYPE_IS_LL(t) (__TYPE_AS(t, 0LL) || __TYPE_AS(t, 0ULL)) + #define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a + #define __SC_CAST(t, a) (__force t) a ++#define __SC_TYPE(t, a) t + #define __SC_ARGS(t, a) a + #define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long)) + -- 2.47.3