--- /dev/null
+From d82b3266ef88dc10fe0e7031b2bd8ba7eedb7e59 Mon Sep 17 00:00:00 2001
+From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Date: Thu, 4 Nov 2021 16:52:06 -0400
+Subject: drm/amd/display: Don't lock connection_mutex for DMUB HPD
+
+From: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+
+commit d82b3266ef88dc10fe0e7031b2bd8ba7eedb7e59 upstream.
+
+[Why]
+Per DRM spec we only need to hold that lock when touching
+connector->state - which we do not do in that handler.
+
+Taking this locking introduces unnecessary dependencies with other
+threads which is bad for performance and opens up the potential for
+a deadlock since there are multiple locks being held at once.
+
+[How]
+Remove the connection_mutex lock/unlock routine and just iterate over
+the drm connectors normally. The iter helpers implicitly lock the
+connection list so this is safe to do.
+
+DC link access also does not need to be guarded since the link
+table is static at creation - we don't dynamically add or remove links,
+just streams.
+
+Fixes: e27c41d5b068 ("drm/amd/display: Support for DMUB HPD interrupt handling")
+
+Reviewed-by: Jude Shih <shenshih@amd.com>
+Acked-by: Anson Jacob <Anson.Jacob@amd.com>
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Signed-off-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+@@ -668,10 +668,7 @@ void dmub_hpd_callback(struct amdgpu_dev
+ return;
+ }
+
+- drm_modeset_lock(&dev->mode_config.connection_mutex, NULL);
+-
+ link_index = notify->link_index;
+-
+ link = adev->dm.dc->links[link_index];
+
+ drm_connector_list_iter_begin(dev, &iter);
+@@ -684,7 +681,6 @@ void dmub_hpd_callback(struct amdgpu_dev
+ }
+ }
+ drm_connector_list_iter_end(&iter);
+- drm_modeset_unlock(&dev->mode_config.connection_mutex);
+
+ }
+
--- /dev/null
+From 978ffac878fd64039f95798b15b430032d2d89d5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Exp=C3=B3sito?= <jose.exposito89@gmail.com>
+Date: Sun, 9 Jan 2022 19:42:45 +0100
+Subject: drm/amd/display: invalid parameter check in dmub_hpd_callback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: José Expósito <jose.exposito89@gmail.com>
+
+commit 978ffac878fd64039f95798b15b430032d2d89d5 upstream.
+
+The function performs a check on the "adev" input parameter, however, it
+is used before the check.
+
+Initialize the "dev" variable after the sanity check to avoid a possible
+NULL pointer dereference.
+
+Fixes: e27c41d5b0681 ("drm/amd/display: Support for DMUB HPD interrupt handling")
+Addresses-Coverity-ID: 1493909 ("Null pointer dereference")
+Reviewed-by: Harry Wentland <harry.wentland@amd.com>
+Signed-off-by: José Expósito <jose.exposito89@gmail.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+@@ -653,7 +653,7 @@ void dmub_hpd_callback(struct amdgpu_dev
+ struct drm_connector_list_iter iter;
+ struct dc_link *link;
+ uint8_t link_index = 0;
+- struct drm_device *dev = adev->dm.ddev;
++ struct drm_device *dev;
+
+ if (adev == NULL)
+ return;
+@@ -670,6 +670,7 @@ void dmub_hpd_callback(struct amdgpu_dev
+
+ link_index = notify->link_index;
+ link = adev->dm.dc->links[link_index];
++ dev = adev->dm.ddev;
+
+ drm_connector_list_iter_begin(dev, &iter);
+ drm_for_each_connector_iter(connector, &iter) {
--- /dev/null
+From a35faec3db0e13aac8ea720bc1a3503081dd5a3d Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 16 May 2022 10:05:48 +0300
+Subject: drm/amdgpu: Off by one in dm_dmub_outbox1_low_irq()
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit a35faec3db0e13aac8ea720bc1a3503081dd5a3d upstream.
+
+The > ARRAY_SIZE() should be >= ARRAY_SIZE() to prevent an out of bounds
+access.
+
+Fixes: e27c41d5b068 ("drm/amd/display: Support for DMUB HPD interrupt handling")
+Reviewed-by: Harry Wentland <harry.wentland@amd.com>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+@@ -757,7 +757,7 @@ static void dm_dmub_outbox1_low_irq(void
+ if (irq_params->irq_src == DC_IRQ_SOURCE_DMCUB_OUTBOX) {
+ do {
+ dc_stat_get_dmub_notification(adev->dm.dc, ¬ify);
+- if (notify.type > ARRAY_SIZE(dm->dmub_thread_offload)) {
++ if (notify.type >= ARRAY_SIZE(dm->dmub_thread_offload)) {
+ DRM_ERROR("DM: notify type %d larger than the array size %ld !", notify.type,
+ ARRAY_SIZE(dm->dmub_thread_offload));
+ continue;
--- /dev/null
+From 33fbe6befa622c082f7d417896832856814bdde0 Mon Sep 17 00:00:00 2001
+From: Maxim Levitsky <mlevitsk@redhat.com>
+Date: Thu, 12 May 2022 13:14:20 +0300
+Subject: KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
+
+From: Maxim Levitsky <mlevitsk@redhat.com>
+
+commit 33fbe6befa622c082f7d417896832856814bdde0 upstream.
+
+This shows up as a TDP MMU leak when running nested. Non-working cmpxchg on L0
+relies makes L1 install two different shadow pages under same spte, and one of
+them is leaked.
+
+Fixes: 1c2361f667f36 ("KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses")
+Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
+Message-Id: <20220512101420.306759-1-mlevitsk@redhat.com>
+Reviewed-by: Sean Christopherson <seanjc@google.com>
+Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/x86.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/kvm/x86.c
++++ b/arch/x86/kvm/x86.c
+@@ -6933,7 +6933,7 @@ static int emulator_cmpxchg_emulated(str
+ goto emul_write;
+
+ hva = kvm_vcpu_gfn_to_hva(vcpu, gpa_to_gfn(gpa));
+- if (kvm_is_error_hva(addr))
++ if (kvm_is_error_hva(hva))
+ goto emul_write;
+
+ hva += offset_in_page(gpa);
tty-use-new-tty_insert_flip_string_and_push_buffer-in-pty_write.patch
net-usb-ax88179_178a-needs-flag_send_zlp.patch
watch-queue-remove-spurious-double-semicolon.patch
+drm-amd-display-don-t-lock-connection_mutex-for-dmub-hpd.patch
+drm-amd-display-invalid-parameter-check-in-dmub_hpd_callback.patch
+x86-extable-prefer-local-labels-in-.set-directives.patch
+kvm-x86-fix-typo-in-__try_cmpxchg_user-causing-non-atomicness.patch
+x86-drop-bogus-cc-clobber-from-__try_cmpxchg_user_asm.patch
+drm-amdgpu-off-by-one-in-dm_dmub_outbox1_low_irq.patch
--- /dev/null
+From 1df931d95f4dc1c11db1123e85d4e08156e46ef9 Mon Sep 17 00:00:00 2001
+From: Jan Beulich <jbeulich@suse.com>
+Date: Tue, 7 Jun 2022 17:00:53 +0200
+Subject: x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm()
+
+From: Jan Beulich <jbeulich@suse.com>
+
+commit 1df931d95f4dc1c11db1123e85d4e08156e46ef9 upstream.
+
+As noted (and fixed) a couple of times in the past, "=@cc<cond>" outputs
+and clobbering of "cc" don't work well together. The compiler appears to
+mean to reject such, but doesn't - in its upstream form - quite manage
+to yet for "cc". Furthermore two similar macros don't clobber "cc", and
+clobbering "cc" is pointless in asm()-s for x86 anyway - the compiler
+always assumes status flags to be clobbered there.
+
+Fixes: 989b5db215a2 ("x86/uaccess: Implement macros for CMPXCHG on user addresses")
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Message-Id: <485c0c0b-a3a7-0b7c-5264-7d00c01de032@suse.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/uaccess.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/x86/include/asm/uaccess.h
++++ b/arch/x86/include/asm/uaccess.h
+@@ -471,7 +471,7 @@ do { \
+ [ptr] "+m" (*_ptr), \
+ [old] "+a" (__old) \
+ : [new] ltype (__new) \
+- : "memory", "cc"); \
++ : "memory"); \
+ if (unlikely(__err)) \
+ goto label; \
+ if (unlikely(!success)) \
--- /dev/null
+From 334865b2915c33080624e0d06f1c3e917036472c Mon Sep 17 00:00:00 2001
+From: Nick Desaulniers <ndesaulniers@google.com>
+Date: Tue, 29 Mar 2022 13:21:45 -0700
+Subject: x86/extable: Prefer local labels in .set directives
+
+From: Nick Desaulniers <ndesaulniers@google.com>
+
+commit 334865b2915c33080624e0d06f1c3e917036472c upstream.
+
+Bernardo reported an error that Nathan bisected down to
+(x86_64) defconfig+LTO_CLANG_FULL+X86_PMEM_LEGACY.
+
+ LTO vmlinux.o
+ ld.lld: error: <instantiation>:1:13: redefinition of 'found'
+ .set found, 0
+ ^
+
+ <inline asm>:29:1: while in macro instantiation
+ extable_type_reg reg=%eax, type=(17 | ((0) << 16))
+ ^
+
+This appears to be another LTO specific issue similar to what was folded
+into commit 4b5305decc84 ("x86/extable: Extend extable functionality"),
+where the `.set found, 0` in DEFINE_EXTABLE_TYPE_REG in
+arch/x86/include/asm/asm.h conflicts with the symbol for the static
+function `found` in arch/x86/kernel/pmem.c.
+
+Assembler .set directive declare symbols with global visibility, so the
+assembler may not rename such symbols in the event of a conflict. LTO
+could rename static functions if there was a conflict in C sources, but
+it cannot see into symbols defined in inline asm.
+
+The symbols are also retained in the symbol table, regardless of LTO.
+
+Give the symbols .L prefixes making them locally visible, so that they
+may be renamed for LTO to avoid conflicts, and to drop them from the
+symbol table regardless of LTO.
+
+Fixes: 4b5305decc84 ("x86/extable: Extend extable functionality")
+Reported-by: Bernardo Meurer Costa <beme@google.com>
+Debugged-by: Nathan Chancellor <nathan@kernel.org>
+Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Reviewed-by: Nathan Chancellor <nathan@kernel.org>
+Tested-by: Nathan Chancellor <nathan@kernel.org>
+Link: https://lore.kernel.org/r/20220329202148.2379697-1-ndesaulniers@google.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/asm.h | 20 ++++++++++----------
+ 1 file changed, 10 insertions(+), 10 deletions(-)
+
+--- a/arch/x86/include/asm/asm.h
++++ b/arch/x86/include/asm/asm.h
+@@ -149,24 +149,24 @@
+
+ # define DEFINE_EXTABLE_TYPE_REG \
+ ".macro extable_type_reg type:req reg:req\n" \
+- ".set found, 0\n" \
+- ".set regnr, 0\n" \
++ ".set .Lfound, 0\n" \
++ ".set .Lregnr, 0\n" \
+ ".irp rs,rax,rcx,rdx,rbx,rsp,rbp,rsi,rdi,r8,r9,r10,r11,r12,r13,r14,r15\n" \
+ ".ifc \\reg, %%\\rs\n" \
+- ".set found, found+1\n" \
+- ".long \\type + (regnr << 8)\n" \
++ ".set .Lfound, .Lfound+1\n" \
++ ".long \\type + (.Lregnr << 8)\n" \
+ ".endif\n" \
+- ".set regnr, regnr+1\n" \
++ ".set .Lregnr, .Lregnr+1\n" \
+ ".endr\n" \
+- ".set regnr, 0\n" \
++ ".set .Lregnr, 0\n" \
+ ".irp rs,eax,ecx,edx,ebx,esp,ebp,esi,edi,r8d,r9d,r10d,r11d,r12d,r13d,r14d,r15d\n" \
+ ".ifc \\reg, %%\\rs\n" \
+- ".set found, found+1\n" \
+- ".long \\type + (regnr << 8)\n" \
++ ".set .Lfound, .Lfound+1\n" \
++ ".long \\type + (.Lregnr << 8)\n" \
+ ".endif\n" \
+- ".set regnr, regnr+1\n" \
++ ".set .Lregnr, .Lregnr+1\n" \
+ ".endr\n" \
+- ".if (found != 1)\n" \
++ ".if (.Lfound != 1)\n" \
+ ".error \"extable_type_reg: bad register argument\"\n" \
+ ".endif\n" \
+ ".endm\n"
projects / thirdparty / kernel / stable-queue.git / commitdiff
