--- /dev/null
+From cf61b5097ae6176834ef5936a221a812d1c5f6de Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 10 Jul 2024 10:55:07 +0200
+Subject: i2c: mark HostNotify target address as used
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+[ Upstream commit bd9f5348089b65612e5ca976e2ae22f005340331 ]
+
+I2C core handles the local target for receiving HostNotify alerts. There
+is no separate driver bound to that address. That means userspace can
+access it if desired, leading to further complications if controllers
+are not capable of reading their own local target. Bind the local target
+to the dummy driver so it will be marked as "handled by the kernel" if
+the HostNotify feature is used. That protects aginst userspace access
+and prevents other drivers binding to it.
+
+Fixes: 2a71593da34d ("i2c: smbus: add core function handling SMBus host-notify")
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/i2c-core-base.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/i2c/i2c-core-base.c b/drivers/i2c/i2c-core-base.c
+index db0d1ac82910e..7e7b15440832b 100644
+--- a/drivers/i2c/i2c-core-base.c
++++ b/drivers/i2c/i2c-core-base.c
+@@ -1067,6 +1067,7 @@ EXPORT_SYMBOL(i2c_find_device_by_fwnode);
+
+ static const struct i2c_device_id dummy_id[] = {
+ { "dummy", 0 },
++ { "smbus_host_notify", 0 },
+ { },
+ };
+
+--
+2.43.0
+
--- /dev/null
+From a86d50f061ff40c902a50ab8a38421827910acf7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 7 Jul 2024 10:28:46 +0200
+Subject: i2c: rcar: bring hardware to known state when probing
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+[ Upstream commit 4e36c0f20cb1c74c7bd7ea31ba432c1c4a989031 ]
+
+When probing, the hardware is not brought into a known state. This may
+be a problem when a hypervisor restarts Linux without resetting the
+hardware, leaving an old state running. Make sure the hardware gets
+initialized, especially interrupts should be cleared and disabled.
+
+Reported-by: Dirk Behme <dirk.behme@de.bosch.com>
+Reported-by: Geert Uytterhoeven <geert+renesas@glider.be>
+Closes: https://lore.kernel.org/r/20240702045535.2000393-1-dirk.behme@de.bosch.com
+Fixes: 6ccbe607132b ("i2c: add Renesas R-Car I2C driver")
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-rcar.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
+index 828aa2ea0fe4c..ec73463ea9b5e 100644
+--- a/drivers/i2c/busses/i2c-rcar.c
++++ b/drivers/i2c/busses/i2c-rcar.c
+@@ -257,6 +257,14 @@ static void rcar_i2c_init(struct rcar_i2c_priv *priv)
+ }
+ }
+
++static void rcar_i2c_reset_slave(struct rcar_i2c_priv *priv)
++{
++ rcar_i2c_write(priv, ICSIER, 0);
++ rcar_i2c_write(priv, ICSSR, 0);
++ rcar_i2c_write(priv, ICSCR, SDBS);
++ rcar_i2c_write(priv, ICSAR, 0); /* Gen2: must be 0 if not using slave */
++}
++
+ static int rcar_i2c_bus_barrier(struct rcar_i2c_priv *priv)
+ {
+ int ret;
+@@ -1033,11 +1041,8 @@ static int rcar_unreg_slave(struct i2c_client *slave)
+
+ /* ensure no irq is running before clearing ptr */
+ disable_irq(priv->irq);
+- rcar_i2c_write(priv, ICSIER, 0);
+- rcar_i2c_write(priv, ICSSR, 0);
++ rcar_i2c_reset_slave(priv);
+ enable_irq(priv->irq);
+- rcar_i2c_write(priv, ICSCR, SDBS);
+- rcar_i2c_write(priv, ICSAR, 0); /* Gen2: must be 0 if not using slave */
+
+ priv->slave = NULL;
+
+@@ -1152,7 +1157,9 @@ static int rcar_i2c_probe(struct platform_device *pdev)
+ goto out_pm_disable;
+ }
+
+- rcar_i2c_write(priv, ICSAR, 0); /* Gen2: must be 0 if not using slave */
++ /* Bring hardware to known state */
++ rcar_i2c_init(priv);
++ rcar_i2c_reset_slave(priv);
+
+ if (priv->devtype < I2C_RCAR_GEN3) {
+ irqflags |= IRQF_NO_THREAD;
+--
+2.43.0
+
--- /dev/null
+From 8af92cccee6b8d3ff209eb5831f8d13aa9a0b002 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 10 Jul 2024 13:03:00 +0200
+Subject: i2c: rcar: clear NO_RXDMA flag after resetting
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+[ Upstream commit fea6b5ebb71a2830b042e42de7ae255017ac3ce8 ]
+
+We should allow RXDMA only if the reset was really successful, so clear
+the flag after the reset call.
+
+Fixes: 0e864b552b23 ("i2c: rcar: reset controller is mandatory for Gen3+")
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-rcar.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
+index ec73463ea9b5e..f0724c8e4b219 100644
+--- a/drivers/i2c/busses/i2c-rcar.c
++++ b/drivers/i2c/busses/i2c-rcar.c
+@@ -911,10 +911,10 @@ static int rcar_i2c_master_xfer(struct i2c_adapter *adap,
+
+ /* Gen3+ needs a reset. That also allows RXDMA once */
+ if (priv->devtype >= I2C_RCAR_GEN3) {
+- priv->flags &= ~ID_P_NO_RXDMA;
+ ret = rcar_i2c_do_reset(priv);
+ if (ret)
+ goto out;
++ priv->flags &= ~ID_P_NO_RXDMA;
+ }
+
+ rcar_i2c_init(priv);
+--
+2.43.0
+
--- /dev/null
+From 7e879baa47a01f26512fcbc62c71a402a501b2be Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 11 Jul 2024 10:30:44 +0200
+Subject: i2c: rcar: ensure Gen3+ reset does not disturb local targets
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+[ Upstream commit ea5ea84c9d3570dc06e8fc5ee2273eaa584aa3ac ]
+
+R-Car Gen3+ needs a reset before every controller transfer. That erases
+configuration of a potentially in parallel running local target
+instance. To avoid this disruption, avoid controller transfers if a
+local target is running. Also, disable SMBusHostNotify because it
+requires being a controller and local target at the same time.
+
+Fixes: 3b770017b03a ("i2c: rcar: handle RXDMA HW behaviour on Gen3")
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-rcar.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/drivers/i2c/busses/i2c-rcar.c b/drivers/i2c/busses/i2c-rcar.c
+index f0724c8e4b219..185a5d60f1019 100644
+--- a/drivers/i2c/busses/i2c-rcar.c
++++ b/drivers/i2c/busses/i2c-rcar.c
+@@ -883,6 +883,10 @@ static int rcar_i2c_do_reset(struct rcar_i2c_priv *priv)
+ {
+ int ret;
+
++ /* Don't reset if a slave instance is currently running */
++ if (priv->slave)
++ return -EISCONN;
++
+ ret = reset_control_reset(priv->rstc);
+ if (ret)
+ return ret;
+@@ -1175,6 +1179,7 @@ static int rcar_i2c_probe(struct platform_device *pdev)
+ if (of_property_read_bool(dev->of_node, "smbus"))
+ priv->flags |= ID_P_HOST_NOTIFY;
+
++ /* R-Car Gen3+ needs a reset before every transfer */
+ if (priv->devtype >= I2C_RCAR_GEN3) {
+ priv->rstc = devm_reset_control_get_exclusive(&pdev->dev, NULL);
+ if (IS_ERR(priv->rstc)) {
+@@ -1185,6 +1190,9 @@ static int rcar_i2c_probe(struct platform_device *pdev)
+ ret = reset_control_status(priv->rstc);
+ if (ret < 0)
+ goto out_pm_put;
++
++ /* hard reset disturbs HostNotify local target, so disable it */
++ priv->flags &= ~ID_P_HOST_NOTIFY;
+ }
+
+ ret = platform_get_irq(pdev, 0);
+--
+2.43.0
+
--- /dev/null
+From c74288dee7b854e988be1b35788eb281578df78c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 11 Jul 2024 14:08:19 +0200
+Subject: i2c: testunit: avoid re-issued work after read message
+
+From: Wolfram Sang <wsa+renesas@sang-engineering.com>
+
+[ Upstream commit 119736c7af442ab398dbb806865988c98ef60d46 ]
+
+The to-be-fixed commit rightfully prevented that the registers will be
+cleared. However, the index must be cleared. Otherwise a read message
+will re-issue the last work. Fix it and add a comment describing the
+situation.
+
+Fixes: c422b6a63024 ("i2c: testunit: don't erase registers after STOP")
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
+Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/i2c-slave-testunit.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/drivers/i2c/i2c-slave-testunit.c b/drivers/i2c/i2c-slave-testunit.c
+index ca43e98cae1b2..23a11e4e92567 100644
+--- a/drivers/i2c/i2c-slave-testunit.c
++++ b/drivers/i2c/i2c-slave-testunit.c
+@@ -118,6 +118,13 @@ static int i2c_slave_testunit_slave_cb(struct i2c_client *client,
+ queue_delayed_work(system_long_wq, &tu->worker,
+ msecs_to_jiffies(10 * tu->regs[TU_REG_DELAY]));
+ }
++
++ /*
++ * Reset reg_idx to avoid that work gets queued again in case of
++ * STOP after a following read message. But do not clear TU regs
++ * here because we still need them in the workqueue!
++ */
++ tu->reg_idx = 0;
+ break;
+
+ case I2C_SLAVE_WRITE_REQUESTED:
+--
+2.43.0
+
--- /dev/null
+From 2e49cb49246c9f00b686ba587f02d507ebe58e7b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 7 Jul 2024 22:06:47 -0700
+Subject: kbuild: Make ld-version.sh more robust against version string changes
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+[ Upstream commit 9852f47ac7c993990317570ff125e30ad901e213 ]
+
+After [1] in upstream LLVM, ld.lld's version output became slightly
+different when the cmake configuration option LLVM_APPEND_VC_REV is
+disabled.
+
+Before:
+
+ Debian LLD 19.0.0 (compatible with GNU linkers)
+
+After:
+
+ Debian LLD 19.0.0, compatible with GNU linkers
+
+This results in ld-version.sh failing with
+
+ scripts/ld-version.sh: 18: arithmetic expression: expecting EOF: "10000 * 19 + 100 * 0 + 0,"
+
+because the trailing comma is included in the patch level part of the
+expression. While [1] has been partially reverted in [2] to avoid this
+breakage (as it impacts the configuration stage and it is present in all
+LTS branches), it would be good to make ld-version.sh more robust
+against such miniscule changes like this one.
+
+Use POSIX shell parameter expansion [3] to remove the largest suffix
+after just numbers and periods, replacing of the current removal of
+everything after a hyphen. ld-version.sh continues to work for a number
+of distributions (Arch Linux, Debian, and Fedora) and the kernel.org
+toolchains and no longer errors on a version of ld.lld with [1].
+
+Fixes: 02aff8592204 ("kbuild: check the minimum linker version in Kconfig")
+Link: https://github.com/llvm/llvm-project/commit/0f9fbbb63cfcd2069441aa2ebef622c9716f8dbb [1]
+Link: https://github.com/llvm/llvm-project/commit/649cdfc4b6781a350dfc87d9b2a4b5a4c3395909 [2]
+Link: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html [3]
+Suggested-by: Fangrui Song <maskray@google.com>
+Reviewed-by: Fangrui Song <maskray@google.com>
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Reviewed-by: Nicolas Schier <nicolas@fjasle.eu>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ scripts/ld-version.sh | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/scripts/ld-version.sh b/scripts/ld-version.sh
+index a78b804b680cf..b9513d224476f 100755
+--- a/scripts/ld-version.sh
++++ b/scripts/ld-version.sh
+@@ -57,9 +57,11 @@ else
+ fi
+ fi
+
+-# Some distributions append a package release number, as in 2.34-4.fc32
+-# Trim the hyphen and any characters that follow.
+-version=${version%-*}
++# There may be something after the version, such as a distribution's package
++# release number (like Fedora's "2.34-4.fc32") or punctuation (like LLD briefly
++# added before the "compatible with GNU linkers" string), so remove everything
++# after just numbers and periods.
++version=${version%%[!0-9.]*}
+
+ cversion=$(get_canonical_version $version)
+ min_cversion=$(get_canonical_version $min_version)
+--
+2.43.0
+
--- /dev/null
+From 01df6d7dda7a7e918c71beae664b2a453f492827 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 11 Jul 2024 18:49:19 +0200
+Subject: kbuild: rpm-pkg: avoid the warnings with dtb's listed twice
+
+From: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
+
+[ Upstream commit e3286434d220efb9a8b78f7241a5667974d2ec80 ]
+
+After 8d1001f7bdd0 (kbuild: rpm-pkg: fix build error with CONFIG_MODULES=n),
+the following warning "warning: File listed twice: *.dtb" is appearing for
+every dtb file that is included.
+The reason is that the commented commit already adds the folder
+/lib/modules/%{KERNELRELEASE} in kernel.list file so the folder
+/lib/modules/%{KERNELRELEASE}/dtb is no longer necessary, just remove it.
+
+Fixes: 8d1001f7bdd0 ("kbuild: rpm-pkg: fix build error with CONFIG_MODULES=n")
+Signed-off-by: Jose Ignacio Tornos Martinez <jtornosm@redhat.com>
+Reviewed-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ scripts/package/kernel.spec | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/scripts/package/kernel.spec b/scripts/package/kernel.spec
+index fffc8af8deb17..c52d517b93647 100644
+--- a/scripts/package/kernel.spec
++++ b/scripts/package/kernel.spec
+@@ -83,7 +83,6 @@ ln -fns /usr/src/kernels/%{KERNELRELEASE} %{buildroot}/lib/modules/%{KERNELRELEA
+ done
+
+ if [ -d "%{buildroot}/lib/modules/%{KERNELRELEASE}/dtb" ];then
+- echo "/lib/modules/%{KERNELRELEASE}/dtb"
+ find "%{buildroot}/lib/modules/%{KERNELRELEASE}/dtb" -printf "%%%ghost /boot/dtb-%{KERNELRELEASE}/%%P\n"
+ fi
+
+--
+2.43.0
+
--- /dev/null
+From 9b637a8fa893a2b891c492dee16e577fc166ad1a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 20 Jun 2024 09:56:17 -0300
+Subject: sched/deadline: Fix task_struct reference leak
+
+From: Wander Lairson Costa <wander@redhat.com>
+
+[ Upstream commit b58652db66c910c2245f5bee7deca41c12d707b9 ]
+
+During the execution of the following stress test with linux-rt:
+
+stress-ng --cyclic 30 --timeout 30 --minimize --quiet
+
+kmemleak frequently reported a memory leak concerning the task_struct:
+
+unreferenced object 0xffff8881305b8000 (size 16136):
+ comm "stress-ng", pid 614, jiffies 4294883961 (age 286.412s)
+ object hex dump (first 32 bytes):
+ 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@..............
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ debug hex dump (first 16 bytes):
+ 53 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 S...............
+ backtrace:
+ [<00000000046b6790>] dup_task_struct+0x30/0x540
+ [<00000000c5ca0f0b>] copy_process+0x3d9/0x50e0
+ [<00000000ced59777>] kernel_clone+0xb0/0x770
+ [<00000000a50befdc>] __do_sys_clone+0xb6/0xf0
+ [<000000001dbf2008>] do_syscall_64+0x5d/0xf0
+ [<00000000552900ff>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
+
+The issue occurs in start_dl_timer(), which increments the task_struct
+reference count and sets a timer. The timer callback, dl_task_timer,
+is supposed to decrement the reference count upon expiration. However,
+if enqueue_task_dl() is called before the timer expires and cancels it,
+the reference count is not decremented, leading to the leak.
+
+This patch fixes the reference leak by ensuring the task_struct
+reference count is properly decremented when the timer is canceled.
+
+Fixes: feff2e65efd8 ("sched/deadline: Unthrottle PI boosted threads while enqueuing")
+Signed-off-by: Wander Lairson Costa <wander@redhat.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Acked-by: Juri Lelli <juri.lelli@redhat.com>
+Link: https://lore.kernel.org/r/20240620125618.11419-1-wander@redhat.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/sched/deadline.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c
+index a04a436af8cc4..dce51bf2d3229 100644
+--- a/kernel/sched/deadline.c
++++ b/kernel/sched/deadline.c
+@@ -1805,8 +1805,13 @@ static void enqueue_task_dl(struct rq *rq, struct task_struct *p, int flags)
+ * The replenish timer needs to be canceled. No
+ * problem if it fires concurrently: boosted threads
+ * are ignored in dl_task_timer().
++ *
++ * If the timer callback was running (hrtimer_try_to_cancel == -1),
++ * it will eventually call put_task_struct().
+ */
+- hrtimer_try_to_cancel(&p->dl.dl_timer);
++ if (hrtimer_try_to_cancel(&p->dl.dl_timer) == 1 &&
++ !dl_server(&p->dl))
++ put_task_struct(p);
+ p->dl.dl_throttled = 0;
+ }
+ } else if (!dl_prio(p->normal_prio)) {
+--
+2.43.0
+
mm-damon-core-merge-regions-aggressively-when-max_nr_regions-is-unmet.patch
revert-dt-bindings-cache-qcom-llcc-correct-qdu1000-reg-entries.patch
ext4-avoid-ptr-null-pointer-dereference.patch
+i2c-rcar-bring-hardware-to-known-state-when-probing.patch
+i2c-rcar-clear-no_rxdma-flag-after-resetting.patch
+i2c-mark-hostnotify-target-address-as-used.patch
+i2c-rcar-ensure-gen3-reset-does-not-disturb-local-ta.patch
+i2c-testunit-avoid-re-issued-work-after-read-message.patch
+sched-deadline-fix-task_struct-reference-leak.patch
+x86-bhi-avoid-warning-in-db-handler-due-to-bhi-mitig.patch
+kbuild-make-ld-version.sh-more-robust-against-versio.patch
+kbuild-rpm-pkg-avoid-the-warnings-with-dtb-s-listed-.patch
--- /dev/null
+From 02c77183ae5488c703d134bd93961863f13e3470 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 24 May 2024 09:04:59 +0200
+Subject: x86/bhi: Avoid warning in #DB handler due to BHI mitigation
+
+From: Alexandre Chartre <alexandre.chartre@oracle.com>
+
+[ Upstream commit ac8b270b61d48fcc61f052097777e3b5e11591e0 ]
+
+When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set
+then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the
+clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler
+(exc_debug_kernel()) to issue a warning because single-step is used outside the
+entry_SYSENTER_compat() function.
+
+To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY
+after making sure the TF flag is cleared.
+
+The problem can be reproduced with the following sequence:
+
+ $ cat sysenter_step.c
+ int main()
+ { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); }
+
+ $ gcc -o sysenter_step sysenter_step.c
+
+ $ ./sysenter_step
+ Segmentation fault (core dumped)
+
+The program is expected to crash, and the #DB handler will issue a warning.
+
+Kernel log:
+
+ WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160
+ ...
+ RIP: 0010:exc_debug_kernel+0xd2/0x160
+ ...
+ Call Trace:
+ <#DB>
+ ? show_regs+0x68/0x80
+ ? __warn+0x8c/0x140
+ ? exc_debug_kernel+0xd2/0x160
+ ? report_bug+0x175/0x1a0
+ ? handle_bug+0x44/0x90
+ ? exc_invalid_op+0x1c/0x70
+ ? asm_exc_invalid_op+0x1f/0x30
+ ? exc_debug_kernel+0xd2/0x160
+ exc_debug+0x43/0x50
+ asm_exc_debug+0x1e/0x40
+ RIP: 0010:clear_bhb_loop+0x0/0xb0
+ ...
+ </#DB>
+ <TASK>
+ ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d
+ </TASK>
+
+ [ bp: Massage commit message. ]
+
+Fixes: 7390db8aea0d ("x86/bhi: Add support for clearing branch history at syscall entry")
+Reported-by: Suman Maity <suman.m.maity@oracle.com>
+Signed-off-by: Alexandre Chartre <alexandre.chartre@oracle.com>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
+Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org>
+Link: https://lore.kernel.org/r/20240524070459.3674025-1-alexandre.chartre@oracle.com
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/entry/entry_64_compat.S | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/arch/x86/entry/entry_64_compat.S b/arch/x86/entry/entry_64_compat.S
+index c779046cc3fe7..2e8ead6090393 100644
+--- a/arch/x86/entry/entry_64_compat.S
++++ b/arch/x86/entry/entry_64_compat.S
+@@ -90,10 +90,6 @@ SYM_INNER_LABEL(entry_SYSENTER_compat_after_hwframe, SYM_L_GLOBAL)
+
+ cld
+
+- IBRS_ENTER
+- UNTRAIN_RET
+- CLEAR_BRANCH_HISTORY
+-
+ /*
+ * SYSENTER doesn't filter flags, so we need to clear NT and AC
+ * ourselves. To save a few cycles, we can check whether
+@@ -117,6 +113,16 @@ SYM_INNER_LABEL(entry_SYSENTER_compat_after_hwframe, SYM_L_GLOBAL)
+ jnz .Lsysenter_fix_flags
+ .Lsysenter_flags_fixed:
+
++ /*
++ * CPU bugs mitigations mechanisms can call other functions. They
++ * should be invoked after making sure TF is cleared because
++ * single-step is ignored only for instructions inside the
++ * entry_SYSENTER_compat function.
++ */
++ IBRS_ENTER
++ UNTRAIN_RET
++ CLEAR_BRANCH_HISTORY
++
+ movq %rsp, %rdi
+ call do_SYSENTER_32
+ jmp sysret32_from_system_call
+--
+2.43.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
