From: Greg Kroah-Hartman Date: Mon, 30 Dec 2024 08:36:10 +0000 (+0100) Subject: 6.12-stable patches X-Git-Tag: v6.1.123~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9a07d5fab42ac69ef46b3dcdfe5bb3f62b798624;p=thirdparty%2Fkernel%2Fstable-queue.git 6.12-stable patches added patches: btrfs-fix-race-with-memory-mapped-writes-when-activating-swap-file.patch i2c-imx-add-imx7d-compatible-string-for-applying-erratum-err007805.patch i2c-microchip-core-actually-use-repeated-sends.patch i2c-microchip-core-fix-ghost-detections.patch io_uring-sqpoll-fix-sqpoll-error-handling-races.patch pci-msi-handle-lack-of-irqdomain-gracefully.patch perf-x86-intel-ds-add-pebs-format-6.patch perf-x86-intel-fix-bitmask-of-ocr-and-frontend-events-for-lnc.patch perf-x86-intel-uncore-add-clearwater-forest-support.patch power-supply-cros_charge-control-add-mutex-for-driver-data.patch power-supply-cros_charge-control-allow-start_threshold-end_threshold.patch power-supply-cros_charge-control-hide-start-threshold-on-v2-cmd.patch power-supply-gpio-charger-fix-set-charge-current-limits.patch rtla-timerlat-fix-histogram-all-for-zero-samples.patch tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch tracing-prevent-bad-count-for-tracing_cpumask_write.patch virt-tdx-guest-just-leak-decrypted-memory-on-unrecoverable-errors.patch x86-fred-clear-wfe-in-missing-endbranch-cps.patch --- diff --git a/queue-6.12/btrfs-fix-race-with-memory-mapped-writes-when-activating-swap-file.patch b/queue-6.12/btrfs-fix-race-with-memory-mapped-writes-when-activating-swap-file.patch new file mode 100644 index 00000000000..1cb4812d5c7 --- /dev/null +++ b/queue-6.12/btrfs-fix-race-with-memory-mapped-writes-when-activating-swap-file.patch @@ -0,0 +1,116 @@ +From 0525064bb82e50d59543b62b9d41a606198a4a44 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Fri, 29 Nov 2024 12:25:30 +0000 +Subject: btrfs: fix race with memory mapped writes when activating swap file + +From: Filipe Manana + +commit 0525064bb82e50d59543b62b9d41a606198a4a44 upstream. + +When activating the swap file we flush all delalloc and wait for ordered +extent completion, so that we don't miss any delalloc and extents before +we check that the file's extent layout is usable for a swap file and +activate the swap file. We are called with the inode's VFS lock acquired, +so we won't race with buffered and direct IO writes, however we can still +race with memory mapped writes since they don't acquire the inode's VFS +lock. The race window is between flushing all delalloc and locking the +whole file's extent range, since memory mapped writes lock an extent range +with the length of a page. + +Fix this by acquiring the inode's mmap lock before we flush delalloc. + +CC: stable@vger.kernel.org # 5.4+ +Reviewed-by: Qu Wenruo +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/inode.c | 31 ++++++++++++++++++++++++------- + 1 file changed, 24 insertions(+), 7 deletions(-) + +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -9791,28 +9791,40 @@ static int btrfs_swap_activate(struct sw + u64 start; + + /* ++ * Acquire the inode's mmap lock to prevent races with memory mapped ++ * writes, as they could happen after we flush delalloc below and before ++ * we lock the extent range further below. The inode was already locked ++ * up in the call chain. ++ */ ++ btrfs_assert_inode_locked(BTRFS_I(inode)); ++ down_write(&BTRFS_I(inode)->i_mmap_lock); ++ ++ /* + * If the swap file was just created, make sure delalloc is done. If the + * file changes again after this, the user is doing something stupid and + * we don't really care. + */ + ret = btrfs_wait_ordered_range(BTRFS_I(inode), 0, (u64)-1); + if (ret) +- return ret; ++ goto out_unlock_mmap; + + /* + * The inode is locked, so these flags won't change after we check them. + */ + if (BTRFS_I(inode)->flags & BTRFS_INODE_COMPRESS) { + btrfs_warn(fs_info, "swapfile must not be compressed"); +- return -EINVAL; ++ ret = -EINVAL; ++ goto out_unlock_mmap; + } + if (!(BTRFS_I(inode)->flags & BTRFS_INODE_NODATACOW)) { + btrfs_warn(fs_info, "swapfile must not be copy-on-write"); +- return -EINVAL; ++ ret = -EINVAL; ++ goto out_unlock_mmap; + } + if (!(BTRFS_I(inode)->flags & BTRFS_INODE_NODATASUM)) { + btrfs_warn(fs_info, "swapfile must not be checksummed"); +- return -EINVAL; ++ ret = -EINVAL; ++ goto out_unlock_mmap; + } + + /* +@@ -9827,7 +9839,8 @@ static int btrfs_swap_activate(struct sw + if (!btrfs_exclop_start(fs_info, BTRFS_EXCLOP_SWAP_ACTIVATE)) { + btrfs_warn(fs_info, + "cannot activate swapfile while exclusive operation is running"); +- return -EBUSY; ++ ret = -EBUSY; ++ goto out_unlock_mmap; + } + + /* +@@ -9841,7 +9854,8 @@ static int btrfs_swap_activate(struct sw + btrfs_exclop_finish(fs_info); + btrfs_warn(fs_info, + "cannot activate swapfile because snapshot creation is in progress"); +- return -EINVAL; ++ ret = -EINVAL; ++ goto out_unlock_mmap; + } + /* + * Snapshots can create extents which require COW even if NODATACOW is +@@ -9862,7 +9876,8 @@ static int btrfs_swap_activate(struct sw + btrfs_warn(fs_info, + "cannot activate swapfile because subvolume %llu is being deleted", + btrfs_root_id(root)); +- return -EPERM; ++ ret = -EPERM; ++ goto out_unlock_mmap; + } + atomic_inc(&root->nr_swapfiles); + spin_unlock(&root->root_item_lock); +@@ -10017,6 +10032,8 @@ out: + + btrfs_exclop_finish(fs_info); + ++out_unlock_mmap: ++ up_write(&BTRFS_I(inode)->i_mmap_lock); + if (ret) + return ret; + diff --git a/queue-6.12/i2c-imx-add-imx7d-compatible-string-for-applying-erratum-err007805.patch b/queue-6.12/i2c-imx-add-imx7d-compatible-string-for-applying-erratum-err007805.patch new file mode 100644 index 00000000000..c0bceb3a575 --- /dev/null +++ b/queue-6.12/i2c-imx-add-imx7d-compatible-string-for-applying-erratum-err007805.patch @@ -0,0 +1,59 @@ +From e0cec363197e41af870613e8e17b30bf0e3d41b5 Mon Sep 17 00:00:00 2001 +From: Carlos Song +Date: Wed, 18 Dec 2024 12:42:38 +0800 +Subject: i2c: imx: add imx7d compatible string for applying erratum ERR007805 + +From: Carlos Song + +commit e0cec363197e41af870613e8e17b30bf0e3d41b5 upstream. + +Compatible string "fsl,imx7d-i2c" is not exited at i2c-imx driver +compatible string table, at the result, "fsl,imx21-i2c" will be +matched, but it will cause erratum ERR007805 not be applied in fact. + +So Add "fsl,imx7d-i2c" compatible string in i2c-imx driver to apply +the erratum ERR007805(https://www.nxp.com/docs/en/errata/IMX7DS_3N09P.pdf). + +" +ERR007805 I2C: When the I2C clock speed is configured for 400 kHz, +the SCL low period violates the I2C spec of 1.3 uS min + +Description: When the I2C module is programmed to operate at the +maximum clock speed of 400 kHz (as defined by the I2C spec), the SCL +clock low period violates the I2C spec of 1.3 uS min. The user must +reduce the clock speed to obtain the SCL low time to meet the 1.3us +I2C minimum required. This behavior means the SoC is not compliant +to the I2C spec at 400kHz. + +Workaround: To meet the clock low period requirement in fast speed +mode, SCL must be configured to 384KHz or less. +" + +"fsl,imx7d-i2c" already is documented in binding doc. This erratum +fix has been included in imx6_i2c_hwdata and it is the same in all +I.MX6/7/8, so just reuse it. + +Fixes: 39c025721d70 ("i2c: imx: Implement errata ERR007805 or e7805 bus frequency limit") +Cc: stable@vger.kernel.org # v5.18+ +Signed-off-by: Carlos Song +Signed-off-by: Haibo Chen +Reviewed-by: Frank Li +Fixes: 39c025721d70 ("i2c: imx: Implement errata ERR007805 or e7805 bus frequency limit") +Acked-by: Oleksij Rempel +Link: https://lore.kernel.org/r/20241218044238.143414-1-carlos.song@nxp.com +Signed-off-by: Andi Shyti +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-imx.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/i2c/busses/i2c-imx.c ++++ b/drivers/i2c/busses/i2c-imx.c +@@ -282,6 +282,7 @@ static const struct of_device_id i2c_imx + { .compatible = "fsl,imx6sll-i2c", .data = &imx6_i2c_hwdata, }, + { .compatible = "fsl,imx6sx-i2c", .data = &imx6_i2c_hwdata, }, + { .compatible = "fsl,imx6ul-i2c", .data = &imx6_i2c_hwdata, }, ++ { .compatible = "fsl,imx7d-i2c", .data = &imx6_i2c_hwdata, }, + { .compatible = "fsl,imx7s-i2c", .data = &imx6_i2c_hwdata, }, + { .compatible = "fsl,imx8mm-i2c", .data = &imx6_i2c_hwdata, }, + { .compatible = "fsl,imx8mn-i2c", .data = &imx6_i2c_hwdata, }, diff --git a/queue-6.12/i2c-microchip-core-actually-use-repeated-sends.patch b/queue-6.12/i2c-microchip-core-actually-use-repeated-sends.patch new file mode 100644 index 00000000000..d866fe82da7 --- /dev/null +++ b/queue-6.12/i2c-microchip-core-actually-use-repeated-sends.patch @@ -0,0 +1,220 @@ +From 9a8f9320d67b27ddd7f1ee88d91820197a0e908f Mon Sep 17 00:00:00 2001 +From: Conor Dooley +Date: Wed, 18 Dec 2024 12:07:40 +0000 +Subject: i2c: microchip-core: actually use repeated sends + +From: Conor Dooley + +commit 9a8f9320d67b27ddd7f1ee88d91820197a0e908f upstream. + +At present, where repeated sends are intended to be used, the +i2c-microchip-core driver sends a stop followed by a start. Lots of i2c +devices must not malfunction in the face of this behaviour, because the +driver has operated like this for years! Try to keep track of whether or +not a repeated send is required, and suppress sending a stop in these +cases. + +CC: stable@vger.kernel.org +Fixes: 64a6f1c4987e ("i2c: add support for microchip fpga i2c controllers") +Signed-off-by: Conor Dooley +Reviewed-by: Andi Shyti +Link: https://lore.kernel.org/r/20241218-football-composure-e56df2461461@spud +Signed-off-by: Andi Shyti +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-microchip-corei2c.c | 120 ++++++++++++++++++++++------- + 1 file changed, 94 insertions(+), 26 deletions(-) + +--- a/drivers/i2c/busses/i2c-microchip-corei2c.c ++++ b/drivers/i2c/busses/i2c-microchip-corei2c.c +@@ -93,27 +93,35 @@ + * @base: pointer to register struct + * @dev: device reference + * @i2c_clk: clock reference for i2c input clock ++ * @msg_queue: pointer to the messages requiring sending + * @buf: pointer to msg buffer for easier use + * @msg_complete: xfer completion object + * @adapter: core i2c abstraction + * @msg_err: error code for completed message + * @bus_clk_rate: current i2c bus clock rate + * @isr_status: cached copy of local ISR status ++ * @total_num: total number of messages to be sent/received ++ * @current_num: index of the current message being sent/received + * @msg_len: number of bytes transferred in msg + * @addr: address of the current slave ++ * @restart_needed: whether or not a repeated start is required after current message + */ + struct mchp_corei2c_dev { + void __iomem *base; + struct device *dev; + struct clk *i2c_clk; ++ struct i2c_msg *msg_queue; + u8 *buf; + struct completion msg_complete; + struct i2c_adapter adapter; + int msg_err; ++ int total_num; ++ int current_num; + u32 bus_clk_rate; + u32 isr_status; + u16 msg_len; + u8 addr; ++ bool restart_needed; + }; + + static void mchp_corei2c_core_disable(struct mchp_corei2c_dev *idev) +@@ -222,6 +230,47 @@ static int mchp_corei2c_fill_tx(struct m + return 0; + } + ++static void mchp_corei2c_next_msg(struct mchp_corei2c_dev *idev) ++{ ++ struct i2c_msg *this_msg; ++ u8 ctrl; ++ ++ if (idev->current_num >= idev->total_num) { ++ complete(&idev->msg_complete); ++ return; ++ } ++ ++ /* ++ * If there's been an error, the isr needs to return control ++ * to the "main" part of the driver, so as not to keep sending ++ * messages once it completes and clears the SI bit. ++ */ ++ if (idev->msg_err) { ++ complete(&idev->msg_complete); ++ return; ++ } ++ ++ this_msg = idev->msg_queue++; ++ ++ if (idev->current_num < (idev->total_num - 1)) { ++ struct i2c_msg *next_msg = idev->msg_queue; ++ ++ idev->restart_needed = next_msg->flags & I2C_M_RD; ++ } else { ++ idev->restart_needed = false; ++ } ++ ++ idev->addr = i2c_8bit_addr_from_msg(this_msg); ++ idev->msg_len = this_msg->len; ++ idev->buf = this_msg->buf; ++ ++ ctrl = readb(idev->base + CORE_I2C_CTRL); ++ ctrl |= CTRL_STA; ++ writeb(ctrl, idev->base + CORE_I2C_CTRL); ++ ++ idev->current_num++; ++} ++ + static irqreturn_t mchp_corei2c_handle_isr(struct mchp_corei2c_dev *idev) + { + u32 status = idev->isr_status; +@@ -247,10 +296,14 @@ static irqreturn_t mchp_corei2c_handle_i + break; + case STATUS_M_SLAW_ACK: + case STATUS_M_TX_DATA_ACK: +- if (idev->msg_len > 0) ++ if (idev->msg_len > 0) { + mchp_corei2c_fill_tx(idev); +- else +- last_byte = true; ++ } else { ++ if (idev->restart_needed) ++ finished = true; ++ else ++ last_byte = true; ++ } + break; + case STATUS_M_TX_DATA_NACK: + case STATUS_M_SLAR_NACK: +@@ -287,7 +340,7 @@ static irqreturn_t mchp_corei2c_handle_i + mchp_corei2c_stop(idev); + + if (last_byte || finished) +- complete(&idev->msg_complete); ++ mchp_corei2c_next_msg(idev); + + return IRQ_HANDLED; + } +@@ -311,21 +364,48 @@ static irqreturn_t mchp_corei2c_isr(int + return ret; + } + +-static int mchp_corei2c_xfer_msg(struct mchp_corei2c_dev *idev, +- struct i2c_msg *msg) ++static int mchp_corei2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, ++ int num) + { +- u8 ctrl; ++ struct mchp_corei2c_dev *idev = i2c_get_adapdata(adap); ++ struct i2c_msg *this_msg = msgs; + unsigned long time_left; ++ u8 ctrl; + +- idev->addr = i2c_8bit_addr_from_msg(msg); +- idev->msg_len = msg->len; +- idev->buf = msg->buf; ++ mchp_corei2c_core_enable(idev); ++ ++ /* ++ * The isr controls the flow of a transfer, this info needs to be saved ++ * to a location that it can access the queue information from. ++ */ ++ idev->restart_needed = false; ++ idev->msg_queue = msgs; ++ idev->total_num = num; ++ idev->current_num = 0; ++ ++ /* ++ * But the first entry to the isr is triggered by the start in this ++ * function, so the first message needs to be "dequeued". ++ */ ++ idev->addr = i2c_8bit_addr_from_msg(this_msg); ++ idev->msg_len = this_msg->len; ++ idev->buf = this_msg->buf; + idev->msg_err = 0; + +- reinit_completion(&idev->msg_complete); ++ if (idev->total_num > 1) { ++ struct i2c_msg *next_msg = msgs + 1; + +- mchp_corei2c_core_enable(idev); ++ idev->restart_needed = next_msg->flags & I2C_M_RD; ++ } + ++ idev->current_num++; ++ idev->msg_queue++; ++ ++ reinit_completion(&idev->msg_complete); ++ ++ /* ++ * Send the first start to pass control to the isr ++ */ + ctrl = readb(idev->base + CORE_I2C_CTRL); + ctrl |= CTRL_STA; + writeb(ctrl, idev->base + CORE_I2C_CTRL); +@@ -335,20 +415,8 @@ static int mchp_corei2c_xfer_msg(struct + if (!time_left) + return -ETIMEDOUT; + +- return idev->msg_err; +-} +- +-static int mchp_corei2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msgs, +- int num) +-{ +- struct mchp_corei2c_dev *idev = i2c_get_adapdata(adap); +- int i, ret; +- +- for (i = 0; i < num; i++) { +- ret = mchp_corei2c_xfer_msg(idev, msgs++); +- if (ret) +- return ret; +- } ++ if (idev->msg_err) ++ return idev->msg_err; + + return num; + } diff --git a/queue-6.12/i2c-microchip-core-fix-ghost-detections.patch b/queue-6.12/i2c-microchip-core-fix-ghost-detections.patch new file mode 100644 index 00000000000..fb8d1bcf870 --- /dev/null +++ b/queue-6.12/i2c-microchip-core-fix-ghost-detections.patch @@ -0,0 +1,51 @@ +From 49e1f0fd0d4cb03a16b8526c4e683e1958f71490 Mon Sep 17 00:00:00 2001 +From: Conor Dooley +Date: Wed, 18 Dec 2024 12:07:42 +0000 +Subject: i2c: microchip-core: fix "ghost" detections + +From: Conor Dooley + +commit 49e1f0fd0d4cb03a16b8526c4e683e1958f71490 upstream. + +Running i2c-detect currently produces an output akin to: + 0 1 2 3 4 5 6 7 8 9 a b c d e f +00: 08 -- 0a -- 0c -- 0e -- +10: 10 -- 12 -- 14 -- 16 -- UU 19 -- 1b -- 1d -- 1f +20: -- 21 -- 23 -- 25 -- 27 -- 29 -- 2b -- 2d -- 2f +30: -- -- -- -- -- -- -- -- 38 -- 3a -- 3c -- 3e -- +40: 40 -- 42 -- 44 -- 46 -- 48 -- 4a -- 4c -- 4e -- +50: -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- +60: 60 -- 62 -- 64 -- 66 -- 68 -- 6a -- 6c -- 6e -- +70: 70 -- 72 -- 74 -- 76 -- + +This happens because for an i2c_msg with a len of 0 the driver will +mark the transmission of the message as a success once the START has +been sent, without waiting for the devices on the bus to respond with an +ACK/NAK. Since i2cdetect seems to run in a tight loop over all addresses +the NAK is treated as part of the next test for the next address. + +Delete the fast path that marks a message as complete when idev->msg_len +is zero after sending a START/RESTART since this isn't a valid scenario. + +CC: stable@vger.kernel.org +Fixes: 64a6f1c4987e ("i2c: add support for microchip fpga i2c controllers") +Signed-off-by: Conor Dooley +Reviewed-by: Andi Shyti +Link: https://lore.kernel.org/r/20241218-outbid-encounter-b2e78b1cc707@spud +Signed-off-by: Andi Shyti +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-microchip-corei2c.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/i2c/busses/i2c-microchip-corei2c.c ++++ b/drivers/i2c/busses/i2c-microchip-corei2c.c +@@ -287,8 +287,6 @@ static irqreturn_t mchp_corei2c_handle_i + ctrl &= ~CTRL_STA; + writeb(idev->addr, idev->base + CORE_I2C_DATA); + writeb(ctrl, idev->base + CORE_I2C_CTRL); +- if (idev->msg_len == 0) +- finished = true; + break; + case STATUS_M_ARB_LOST: + idev->msg_err = -EAGAIN; diff --git a/queue-6.12/io_uring-sqpoll-fix-sqpoll-error-handling-races.patch b/queue-6.12/io_uring-sqpoll-fix-sqpoll-error-handling-races.patch new file mode 100644 index 00000000000..622e377d8be --- /dev/null +++ b/queue-6.12/io_uring-sqpoll-fix-sqpoll-error-handling-races.patch @@ -0,0 +1,75 @@ +From e33ac68e5e21ec1292490dfe061e75c0dbdd3bd4 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Thu, 26 Dec 2024 16:49:23 +0000 +Subject: io_uring/sqpoll: fix sqpoll error handling races + +From: Pavel Begunkov + +commit e33ac68e5e21ec1292490dfe061e75c0dbdd3bd4 upstream. + +BUG: KASAN: slab-use-after-free in __lock_acquire+0x370b/0x4a10 kernel/locking/lockdep.c:5089 +Call Trace: + +... +_raw_spin_lock_irqsave+0x3d/0x60 kernel/locking/spinlock.c:162 +class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] +try_to_wake_up+0xb5/0x23c0 kernel/sched/core.c:4205 +io_sq_thread_park+0xac/0xe0 io_uring/sqpoll.c:55 +io_sq_thread_finish+0x6b/0x310 io_uring/sqpoll.c:96 +io_sq_offload_create+0x162/0x11d0 io_uring/sqpoll.c:497 +io_uring_create io_uring/io_uring.c:3724 [inline] +io_uring_setup+0x1728/0x3230 io_uring/io_uring.c:3806 +... + +Kun Hu reports that the SQPOLL creating error path has UAF, which +happens if io_uring_alloc_task_context() fails and then io_sq_thread() +manages to run and complete before the rest of error handling code, +which means io_sq_thread_finish() is looking at already killed task. + +Note that this is mostly theoretical, requiring fault injection on +the allocation side to trigger in practice. + +Cc: stable@vger.kernel.org +Reported-by: Kun Hu +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/0f2f1aa5729332612bd01fe0f2f385fd1f06ce7c.1735231717.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/sqpoll.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/io_uring/sqpoll.c ++++ b/io_uring/sqpoll.c +@@ -412,6 +412,7 @@ void io_sqpoll_wait_sq(struct io_ring_ct + __cold int io_sq_offload_create(struct io_ring_ctx *ctx, + struct io_uring_params *p) + { ++ struct task_struct *task_to_put = NULL; + int ret; + + /* Retain compatibility with failing for an invalid attach attempt */ +@@ -492,6 +493,7 @@ __cold int io_sq_offload_create(struct i + } + + sqd->thread = tsk; ++ task_to_put = get_task_struct(tsk); + ret = io_uring_alloc_task_context(tsk, ctx); + wake_up_new_task(tsk); + if (ret) +@@ -502,11 +504,15 @@ __cold int io_sq_offload_create(struct i + goto err; + } + ++ if (task_to_put) ++ put_task_struct(task_to_put); + return 0; + err_sqpoll: + complete(&ctx->sq_data->exited); + err: + io_sq_thread_finish(ctx); ++ if (task_to_put) ++ put_task_struct(task_to_put); + return ret; + } + diff --git a/queue-6.12/pci-msi-handle-lack-of-irqdomain-gracefully.patch b/queue-6.12/pci-msi-handle-lack-of-irqdomain-gracefully.patch new file mode 100644 index 00000000000..9250bf7d09c --- /dev/null +++ b/queue-6.12/pci-msi-handle-lack-of-irqdomain-gracefully.patch @@ -0,0 +1,74 @@ +From a60b990798eb17433d0283788280422b1bd94b18 Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Sat, 14 Dec 2024 12:50:18 +0100 +Subject: PCI/MSI: Handle lack of irqdomain gracefully + +From: Thomas Gleixner + +commit a60b990798eb17433d0283788280422b1bd94b18 upstream. + +Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a +RISCV platform which does not provide PCI/MSI support: + + WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 + __pci_enable_msix_range+0x30c/0x596 + pci_msi_setup_msi_irqs+0x2c/0x32 + pci_alloc_irq_vectors_affinity+0xb8/0xe2 + +RISCV uses hierarchical interrupt domains and correctly does not implement +the legacy fallback. The warning triggers from the legacy fallback stub. + +That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent +domain is associated with the device or not. There is a check for MSI-X, +which has a legacy assumption. But that legacy fallback assumption is only +valid when legacy support is enabled, but otherwise the check should simply +return -ENOTSUPP. + +Loongarch tripped over the same problem and blindly enabled legacy support +without implementing the legacy fallbacks. There are weak implementations +which return an error, so the problem was papered over. + +Correct pci_msi_domain_supports() to evaluate the legacy mode and add +the missing supported check into the MSI enable path to complete it. + +Fixes: d2a463b29741 ("PCI/MSI: Reject multi-MSI early") +Reported-by: Alexandre Ghiti +Signed-off-by: Thomas Gleixner +Tested-by: Alexandre Ghiti +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/all/87ed2a8ow5.ffs@tglx +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/msi/irqdomain.c | 7 +++++-- + drivers/pci/msi/msi.c | 4 ++++ + 2 files changed, 9 insertions(+), 2 deletions(-) + +--- a/drivers/pci/msi/irqdomain.c ++++ b/drivers/pci/msi/irqdomain.c +@@ -350,8 +350,11 @@ bool pci_msi_domain_supports(struct pci_ + + domain = dev_get_msi_domain(&pdev->dev); + +- if (!domain || !irq_domain_is_hierarchy(domain)) +- return mode == ALLOW_LEGACY; ++ if (!domain || !irq_domain_is_hierarchy(domain)) { ++ if (IS_ENABLED(CONFIG_PCI_MSI_ARCH_FALLBACKS)) ++ return mode == ALLOW_LEGACY; ++ return false; ++ } + + if (!irq_domain_is_msi_parent(domain)) { + /* +--- a/drivers/pci/msi/msi.c ++++ b/drivers/pci/msi/msi.c +@@ -433,6 +433,10 @@ int __pci_enable_msi_range(struct pci_de + if (WARN_ON_ONCE(dev->msi_enabled)) + return -EINVAL; + ++ /* Test for the availability of MSI support */ ++ if (!pci_msi_domain_supports(dev, 0, ALLOW_LEGACY)) ++ return -ENOTSUPP; ++ + nvec = pci_msi_vec_count(dev); + if (nvec < 0) + return nvec; diff --git a/queue-6.12/perf-x86-intel-ds-add-pebs-format-6.patch b/queue-6.12/perf-x86-intel-ds-add-pebs-format-6.patch new file mode 100644 index 00000000000..a6d1f586522 --- /dev/null +++ b/queue-6.12/perf-x86-intel-ds-add-pebs-format-6.patch @@ -0,0 +1,37 @@ +From b8c3a2502a205321fe66c356f4b70cabd8e1a5fc Mon Sep 17 00:00:00 2001 +From: Kan Liang +Date: Mon, 16 Dec 2024 12:45:02 -0800 +Subject: perf/x86/intel/ds: Add PEBS format 6 + +From: Kan Liang + +commit b8c3a2502a205321fe66c356f4b70cabd8e1a5fc upstream. + +The only difference between 5 and 6 is the new counters snapshotting +group, without the following counters snapshotting enabling patches, +it's impossible to utilize the feature in a PEBS record. It's safe to +share the same code path with format 5. + +Add format 6, so the end user can at least utilize the legacy PEBS +features. + +Fixes: a932aa0e868f ("perf/x86: Add Lunar Lake and Arrow Lake support") +Signed-off-by: Kan Liang +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20241216204505.748363-1-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/events/intel/ds.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/events/intel/ds.c ++++ b/arch/x86/events/intel/ds.c +@@ -2496,6 +2496,7 @@ void __init intel_ds_init(void) + x86_pmu.large_pebs_flags |= PERF_SAMPLE_TIME; + break; + ++ case 6: + case 5: + x86_pmu.pebs_ept = 1; + fallthrough; diff --git a/queue-6.12/perf-x86-intel-fix-bitmask-of-ocr-and-frontend-events-for-lnc.patch b/queue-6.12/perf-x86-intel-fix-bitmask-of-ocr-and-frontend-events-for-lnc.patch new file mode 100644 index 00000000000..125d0924bd4 --- /dev/null +++ b/queue-6.12/perf-x86-intel-fix-bitmask-of-ocr-and-frontend-events-for-lnc.patch @@ -0,0 +1,54 @@ +From aa5d2ca7c179c40669edb5e96d931bf9828dea3d Mon Sep 17 00:00:00 2001 +From: Kan Liang +Date: Mon, 16 Dec 2024 08:02:52 -0800 +Subject: perf/x86/intel: Fix bitmask of OCR and FRONTEND events for LNC + +From: Kan Liang + +commit aa5d2ca7c179c40669edb5e96d931bf9828dea3d upstream. + +The released OCR and FRONTEND events utilized more bits on Lunar Lake +p-core. The corresponding mask in the extra_regs has to be extended to +unblock the extra bits. + +Add a dedicated intel_lnc_extra_regs. + +Fixes: a932aa0e868f ("perf/x86: Add Lunar Lake and Arrow Lake support") +Reported-by: Andi Kleen +Signed-off-by: Kan Liang +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20241216160252.430858-1-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/events/intel/core.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +--- a/arch/x86/events/intel/core.c ++++ b/arch/x86/events/intel/core.c +@@ -429,6 +429,16 @@ static struct event_constraint intel_lnc + EVENT_CONSTRAINT_END + }; + ++static struct extra_reg intel_lnc_extra_regs[] __read_mostly = { ++ INTEL_UEVENT_EXTRA_REG(0x012a, MSR_OFFCORE_RSP_0, 0xfffffffffffull, RSP_0), ++ INTEL_UEVENT_EXTRA_REG(0x012b, MSR_OFFCORE_RSP_1, 0xfffffffffffull, RSP_1), ++ INTEL_UEVENT_PEBS_LDLAT_EXTRA_REG(0x01cd), ++ INTEL_UEVENT_EXTRA_REG(0x02c6, MSR_PEBS_FRONTEND, 0x9, FE), ++ INTEL_UEVENT_EXTRA_REG(0x03c6, MSR_PEBS_FRONTEND, 0x7fff1f, FE), ++ INTEL_UEVENT_EXTRA_REG(0x40ad, MSR_PEBS_FRONTEND, 0xf, FE), ++ INTEL_UEVENT_EXTRA_REG(0x04c2, MSR_PEBS_FRONTEND, 0x8, FE), ++ EVENT_EXTRA_END ++}; + + EVENT_ATTR_STR(mem-loads, mem_ld_nhm, "event=0x0b,umask=0x10,ldlat=3"); + EVENT_ATTR_STR(mem-loads, mem_ld_snb, "event=0xcd,umask=0x1,ldlat=3"); +@@ -6344,7 +6354,7 @@ static __always_inline void intel_pmu_in + intel_pmu_init_glc(pmu); + hybrid(pmu, event_constraints) = intel_lnc_event_constraints; + hybrid(pmu, pebs_constraints) = intel_lnc_pebs_event_constraints; +- hybrid(pmu, extra_regs) = intel_rwc_extra_regs; ++ hybrid(pmu, extra_regs) = intel_lnc_extra_regs; + } + + static __always_inline void intel_pmu_init_skt(struct pmu *pmu) diff --git a/queue-6.12/perf-x86-intel-uncore-add-clearwater-forest-support.patch b/queue-6.12/perf-x86-intel-uncore-add-clearwater-forest-support.patch new file mode 100644 index 00000000000..3a7079642d8 --- /dev/null +++ b/queue-6.12/perf-x86-intel-uncore-add-clearwater-forest-support.patch @@ -0,0 +1,31 @@ +From b6ccddd6fe1fd49c7a82b6fbed01cccad21a29c7 Mon Sep 17 00:00:00 2001 +From: Kan Liang +Date: Wed, 11 Dec 2024 08:11:46 -0800 +Subject: perf/x86/intel/uncore: Add Clearwater Forest support + +From: Kan Liang + +commit b6ccddd6fe1fd49c7a82b6fbed01cccad21a29c7 upstream. + +From the perspective of the uncore PMU, the Clearwater Forest is the +same as the previous Sierra Forest. The only difference is the event +list, which will be supported in the perf tool later. + +Signed-off-by: Kan Liang +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/20241211161146.235253-1-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/events/intel/uncore.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/x86/events/intel/uncore.c ++++ b/arch/x86/events/intel/uncore.c +@@ -1910,6 +1910,7 @@ static const struct x86_cpu_id intel_unc + X86_MATCH_VFM(INTEL_ATOM_GRACEMONT, &adl_uncore_init), + X86_MATCH_VFM(INTEL_ATOM_CRESTMONT_X, &gnr_uncore_init), + X86_MATCH_VFM(INTEL_ATOM_CRESTMONT, &gnr_uncore_init), ++ X86_MATCH_VFM(INTEL_ATOM_DARKMONT_X, &gnr_uncore_init), + {}, + }; + MODULE_DEVICE_TABLE(x86cpu, intel_uncore_match); diff --git a/queue-6.12/power-supply-cros_charge-control-add-mutex-for-driver-data.patch b/queue-6.12/power-supply-cros_charge-control-add-mutex-for-driver-data.patch new file mode 100644 index 00000000000..c2db2c691f0 --- /dev/null +++ b/queue-6.12/power-supply-cros_charge-control-add-mutex-for-driver-data.patch @@ -0,0 +1,129 @@ +From e5f84d1cf562f7b45e28d6e5f6490626f870f81c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sun, 8 Dec 2024 15:59:26 +0100 +Subject: power: supply: cros_charge-control: add mutex for driver data +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Thomas Weißschuh + +commit e5f84d1cf562f7b45e28d6e5f6490626f870f81c upstream. + +Concurrent accesses through sysfs may lead to inconsistent state in the +priv data. Introduce a mutex to avoid this. + +Fixes: c6ed48ef5259 ("power: supply: add ChromeOS EC based charge control driver") +Cc: stable@vger.kernel.org +Signed-off-by: Thomas Weißschuh +Link: https://lore.kernel.org/r/20241208-cros_charge-control-v2-v1-1-8d168d0f08a3@weissschuh.net +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/power/supply/cros_charge-control.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/drivers/power/supply/cros_charge-control.c b/drivers/power/supply/cros_charge-control.c +index 17c53591ce19..58ca6d9ed613 100644 +--- a/drivers/power/supply/cros_charge-control.c ++++ b/drivers/power/supply/cros_charge-control.c +@@ -7,8 +7,10 @@ + #include + #include + #include ++#include + #include + #include ++#include + #include + #include + #include +@@ -49,6 +51,7 @@ struct cros_chctl_priv { + struct attribute *attributes[_CROS_CHCTL_ATTR_COUNT]; + struct attribute_group group; + ++ struct mutex lock; /* protects fields below and cros_ec */ + enum power_supply_charge_behaviour current_behaviour; + u8 current_start_threshold, current_end_threshold; + }; +@@ -85,6 +88,8 @@ static int cros_chctl_configure_ec(struct cros_chctl_priv *priv) + { + struct ec_params_charge_control req = {}; + ++ lockdep_assert_held(&priv->lock); ++ + req.cmd = EC_CHARGE_CONTROL_CMD_SET; + + switch (priv->current_behaviour) { +@@ -159,6 +164,7 @@ static ssize_t charge_control_start_threshold_show(struct device *dev, + struct cros_chctl_priv *priv = cros_chctl_attr_to_priv(&attr->attr, + CROS_CHCTL_ATTR_START_THRESHOLD); + ++ guard(mutex)(&priv->lock); + return sysfs_emit(buf, "%u\n", (unsigned int)priv->current_start_threshold); + } + +@@ -169,6 +175,7 @@ static ssize_t charge_control_start_threshold_store(struct device *dev, + struct cros_chctl_priv *priv = cros_chctl_attr_to_priv(&attr->attr, + CROS_CHCTL_ATTR_START_THRESHOLD); + ++ guard(mutex)(&priv->lock); + return cros_chctl_store_threshold(dev, priv, 0, buf, count); + } + +@@ -178,6 +185,7 @@ static ssize_t charge_control_end_threshold_show(struct device *dev, struct devi + struct cros_chctl_priv *priv = cros_chctl_attr_to_priv(&attr->attr, + CROS_CHCTL_ATTR_END_THRESHOLD); + ++ guard(mutex)(&priv->lock); + return sysfs_emit(buf, "%u\n", (unsigned int)priv->current_end_threshold); + } + +@@ -187,6 +195,7 @@ static ssize_t charge_control_end_threshold_store(struct device *dev, struct dev + struct cros_chctl_priv *priv = cros_chctl_attr_to_priv(&attr->attr, + CROS_CHCTL_ATTR_END_THRESHOLD); + ++ guard(mutex)(&priv->lock); + return cros_chctl_store_threshold(dev, priv, 1, buf, count); + } + +@@ -195,6 +204,7 @@ static ssize_t charge_behaviour_show(struct device *dev, struct device_attribute + struct cros_chctl_priv *priv = cros_chctl_attr_to_priv(&attr->attr, + CROS_CHCTL_ATTR_CHARGE_BEHAVIOUR); + ++ guard(mutex)(&priv->lock); + return power_supply_charge_behaviour_show(dev, EC_CHARGE_CONTROL_BEHAVIOURS, + priv->current_behaviour, buf); + } +@@ -210,6 +220,7 @@ static ssize_t charge_behaviour_store(struct device *dev, struct device_attribut + if (ret < 0) + return ret; + ++ guard(mutex)(&priv->lock); + priv->current_behaviour = ret; + + ret = cros_chctl_configure_ec(priv); +@@ -290,6 +301,10 @@ static int cros_chctl_probe(struct platform_device *pdev) + if (!priv) + return -ENOMEM; + ++ ret = devm_mutex_init(dev, &priv->lock); ++ if (ret) ++ return ret; ++ + ret = cros_ec_get_cmd_versions(cros_ec, EC_CMD_CHARGE_CONTROL); + if (ret < 0) + return ret; +@@ -327,7 +342,8 @@ static int cros_chctl_probe(struct platform_device *pdev) + priv->current_end_threshold = 100; + + /* Bring EC into well-known state */ +- ret = cros_chctl_configure_ec(priv); ++ scoped_guard(mutex, &priv->lock) ++ ret = cros_chctl_configure_ec(priv); + if (ret < 0) + return ret; + +-- +2.47.1 + diff --git a/queue-6.12/power-supply-cros_charge-control-allow-start_threshold-end_threshold.patch b/queue-6.12/power-supply-cros_charge-control-allow-start_threshold-end_threshold.patch new file mode 100644 index 00000000000..902abe49ed5 --- /dev/null +++ b/queue-6.12/power-supply-cros_charge-control-allow-start_threshold-end_threshold.patch @@ -0,0 +1,47 @@ +From e65a1b7fad0e112573eea7d64d4ab4fc513b8695 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sun, 8 Dec 2024 15:59:27 +0100 +Subject: power: supply: cros_charge-control: allow start_threshold == end_threshold +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Thomas Weißschuh + +commit e65a1b7fad0e112573eea7d64d4ab4fc513b8695 upstream. + +Allow setting the start and stop thresholds to the same value. +There is no reason to disallow it. + +Suggested-by: Thomas Koch +Fixes: c6ed48ef5259 ("power: supply: add ChromeOS EC based charge control driver") +Cc: stable@vger.kernel.org +Signed-off-by: Thomas Weißschuh +Link: https://lore.kernel.org/r/20241208-cros_charge-control-v2-v1-2-8d168d0f08a3@weissschuh.net +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/power/supply/cros_charge-control.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/power/supply/cros_charge-control.c b/drivers/power/supply/cros_charge-control.c +index 58ca6d9ed613..108b121db442 100644 +--- a/drivers/power/supply/cros_charge-control.c ++++ b/drivers/power/supply/cros_charge-control.c +@@ -139,11 +139,11 @@ static ssize_t cros_chctl_store_threshold(struct device *dev, struct cros_chctl_ + return -EINVAL; + + if (is_end_threshold) { +- if (val <= priv->current_start_threshold) ++ if (val < priv->current_start_threshold) + return -EINVAL; + priv->current_end_threshold = val; + } else { +- if (val >= priv->current_end_threshold) ++ if (val > priv->current_end_threshold) + return -EINVAL; + priv->current_start_threshold = val; + } +-- +2.47.1 + diff --git a/queue-6.12/power-supply-cros_charge-control-hide-start-threshold-on-v2-cmd.patch b/queue-6.12/power-supply-cros_charge-control-hide-start-threshold-on-v2-cmd.patch new file mode 100644 index 00000000000..b8a95901baa --- /dev/null +++ b/queue-6.12/power-supply-cros_charge-control-hide-start-threshold-on-v2-cmd.patch @@ -0,0 +1,70 @@ +From c28dc9fc24f5fa802d44ef7620a511035bdd803e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= +Date: Sun, 8 Dec 2024 15:59:28 +0100 +Subject: power: supply: cros_charge-control: hide start threshold on v2 cmd +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Thomas Weißschuh + +commit c28dc9fc24f5fa802d44ef7620a511035bdd803e upstream. + +ECs implementing the v2 command will not stop charging when the end +threshold is reached. Instead they will begin discharging until the +start threshold is reached, leading to permanent charge and discharge +cycles. This defeats the point of the charge control mechanism. + +Avoid the issue by hiding the start threshold on v2 systems. +Instead on those systems program the EC with start == end which forces +the EC to reach and stay at that level. + +v1 does not support thresholds and v3 works correctly, +at least judging from the code. + +Reported-by: Thomas Koch +Fixes: c6ed48ef5259 ("power: supply: add ChromeOS EC based charge control driver") +Cc: stable@vger.kernel.org +Signed-off-by: Thomas Weißschuh +Link: https://lore.kernel.org/r/20241208-cros_charge-control-v2-v1-3-8d168d0f08a3@weissschuh.net +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/power/supply/cros_charge-control.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/drivers/power/supply/cros_charge-control.c b/drivers/power/supply/cros_charge-control.c +index 108b121db442..9b0a7500296b 100644 +--- a/drivers/power/supply/cros_charge-control.c ++++ b/drivers/power/supply/cros_charge-control.c +@@ -139,6 +139,10 @@ static ssize_t cros_chctl_store_threshold(struct device *dev, struct cros_chctl_ + return -EINVAL; + + if (is_end_threshold) { ++ /* Start threshold is not exposed, use fixed value */ ++ if (priv->cmd_version == 2) ++ priv->current_start_threshold = val == 100 ? 0 : val; ++ + if (val < priv->current_start_threshold) + return -EINVAL; + priv->current_end_threshold = val; +@@ -234,12 +238,10 @@ static umode_t cros_chtl_attr_is_visible(struct kobject *kobj, struct attribute + { + struct cros_chctl_priv *priv = cros_chctl_attr_to_priv(attr, n); + +- if (priv->cmd_version < 2) { +- if (n == CROS_CHCTL_ATTR_START_THRESHOLD) +- return 0; +- if (n == CROS_CHCTL_ATTR_END_THRESHOLD) +- return 0; +- } ++ if (n == CROS_CHCTL_ATTR_START_THRESHOLD && priv->cmd_version < 3) ++ return 0; ++ else if (n == CROS_CHCTL_ATTR_END_THRESHOLD && priv->cmd_version < 2) ++ return 0; + + return attr->mode; + } +-- +2.47.1 + diff --git a/queue-6.12/power-supply-gpio-charger-fix-set-charge-current-limits.patch b/queue-6.12/power-supply-gpio-charger-fix-set-charge-current-limits.patch new file mode 100644 index 00000000000..ccfe0b8c56f --- /dev/null +++ b/queue-6.12/power-supply-gpio-charger-fix-set-charge-current-limits.patch @@ -0,0 +1,41 @@ +From afc6e39e824ad0e44b2af50a97885caec8d213d1 Mon Sep 17 00:00:00 2001 +From: Dimitri Fedrau +Date: Mon, 9 Dec 2024 11:46:15 +0100 +Subject: power: supply: gpio-charger: Fix set charge current limits + +From: Dimitri Fedrau + +commit afc6e39e824ad0e44b2af50a97885caec8d213d1 upstream. + +Fix set charge current limits for devices which allow to set the lowest +charge current limit to be greater zero. If requested charge current limit +is below lowest limit, the index equals current_limit_map_size which leads +to accessing memory beyond allocated memory. + +Fixes: be2919d8355e ("power: supply: gpio-charger: add charge-current-limit feature") +Cc: stable@vger.kernel.org +Signed-off-by: Dimitri Fedrau +Link: https://lore.kernel.org/r/20241209-fix-charge-current-limit-v1-1-760d9b8f2af3@liebherr.com +Signed-off-by: Sebastian Reichel +Signed-off-by: Greg Kroah-Hartman +--- + drivers/power/supply/gpio-charger.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/power/supply/gpio-charger.c ++++ b/drivers/power/supply/gpio-charger.c +@@ -67,6 +67,14 @@ static int set_charge_current_limit(stru + if (gpio_charger->current_limit_map[i].limit_ua <= val) + break; + } ++ ++ /* ++ * If a valid charge current limit isn't found, default to smallest ++ * current limitation for safety reasons. ++ */ ++ if (i >= gpio_charger->current_limit_map_size) ++ i = gpio_charger->current_limit_map_size - 1; ++ + mapping = gpio_charger->current_limit_map[i]; + + for (i = 0; i < ndescs; i++) { diff --git a/queue-6.12/rtla-timerlat-fix-histogram-all-for-zero-samples.patch b/queue-6.12/rtla-timerlat-fix-histogram-all-for-zero-samples.patch new file mode 100644 index 00000000000..6cac50c9d70 --- /dev/null +++ b/queue-6.12/rtla-timerlat-fix-histogram-all-for-zero-samples.patch @@ -0,0 +1,300 @@ +From 6cc45f8c1f898570916044f606be9890d295e129 Mon Sep 17 00:00:00 2001 +From: Tomas Glozar +Date: Wed, 27 Nov 2024 14:41:30 +0100 +Subject: rtla/timerlat: Fix histogram ALL for zero samples + +From: Tomas Glozar + +commit 6cc45f8c1f898570916044f606be9890d295e129 upstream. + +rtla timerlat hist currently computers the minimum, maximum and average +latency even in cases when there are zero samples. This leads to +nonsensical values being calculated for maximum and minimum, and to +divide by zero for average. + +A similar bug is fixed by 01b05fc0e5f3 ("rtla/timerlat: Fix histogram +report when a cpu count is 0") but the bug still remains for printing +the sum over all CPUs in timerlat_print_stats_all. + +The issue can be reproduced with this command: + +$ rtla timerlat hist -U -d 1s +Index +over: +count: +min: +avg: +max: +Floating point exception (core dumped) + +(There are always no samples with -U unless the user workload is +created.) + +Fix the bug by omitting max/min/avg when sample count is zero, +displaying a dash instead, just like we already do for the individual +CPUs. The logic is moved into a new function called +format_summary_value, which is used for both the individual CPUs +and for the overall summary. + +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/20241127134130.51171-1-tglozar@redhat.com +Fixes: 1462501c7a8 ("rtla/timerlat: Add a summary for hist mode") +Signed-off-by: Tomas Glozar +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + tools/tracing/rtla/src/timerlat_hist.c | 189 +++++++++++++++++---------------- + 1 file changed, 102 insertions(+), 87 deletions(-) + +--- a/tools/tracing/rtla/src/timerlat_hist.c ++++ b/tools/tracing/rtla/src/timerlat_hist.c +@@ -281,6 +281,21 @@ static void timerlat_hist_header(struct + } + + /* ++ * format_summary_value - format a line of summary value (min, max or avg) ++ * of hist data ++ */ ++static void format_summary_value(struct trace_seq *seq, ++ int count, ++ unsigned long long val, ++ bool avg) ++{ ++ if (count) ++ trace_seq_printf(seq, "%9llu ", avg ? val / count : val); ++ else ++ trace_seq_printf(seq, "%9c ", '-'); ++} ++ ++/* + * timerlat_print_summary - print the summary of the hist data to the output + */ + static void +@@ -327,29 +342,23 @@ timerlat_print_summary(struct timerlat_h + if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) + continue; + +- if (!params->no_irq) { +- if (data->hist[cpu].irq_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].min_irq); +- else +- trace_seq_printf(trace->seq, " - "); +- } +- +- if (!params->no_thread) { +- if (data->hist[cpu].thread_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].min_thread); +- else +- trace_seq_printf(trace->seq, " - "); +- } +- +- if (params->user_hist) { +- if (data->hist[cpu].user_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].min_user); +- else +- trace_seq_printf(trace->seq, " - "); +- } ++ if (!params->no_irq) ++ format_summary_value(trace->seq, ++ data->hist[cpu].irq_count, ++ data->hist[cpu].min_irq, ++ false); ++ ++ if (!params->no_thread) ++ format_summary_value(trace->seq, ++ data->hist[cpu].thread_count, ++ data->hist[cpu].min_thread, ++ false); ++ ++ if (params->user_hist) ++ format_summary_value(trace->seq, ++ data->hist[cpu].user_count, ++ data->hist[cpu].min_user, ++ false); + } + trace_seq_printf(trace->seq, "\n"); + +@@ -363,29 +372,23 @@ timerlat_print_summary(struct timerlat_h + if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) + continue; + +- if (!params->no_irq) { +- if (data->hist[cpu].irq_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].sum_irq / data->hist[cpu].irq_count); +- else +- trace_seq_printf(trace->seq, " - "); +- } +- +- if (!params->no_thread) { +- if (data->hist[cpu].thread_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].sum_thread / data->hist[cpu].thread_count); +- else +- trace_seq_printf(trace->seq, " - "); +- } +- +- if (params->user_hist) { +- if (data->hist[cpu].user_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].sum_user / data->hist[cpu].user_count); +- else +- trace_seq_printf(trace->seq, " - "); +- } ++ if (!params->no_irq) ++ format_summary_value(trace->seq, ++ data->hist[cpu].irq_count, ++ data->hist[cpu].sum_irq, ++ true); ++ ++ if (!params->no_thread) ++ format_summary_value(trace->seq, ++ data->hist[cpu].thread_count, ++ data->hist[cpu].sum_thread, ++ true); ++ ++ if (params->user_hist) ++ format_summary_value(trace->seq, ++ data->hist[cpu].user_count, ++ data->hist[cpu].sum_user, ++ true); + } + trace_seq_printf(trace->seq, "\n"); + +@@ -399,29 +402,23 @@ timerlat_print_summary(struct timerlat_h + if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) + continue; + +- if (!params->no_irq) { +- if (data->hist[cpu].irq_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].max_irq); +- else +- trace_seq_printf(trace->seq, " - "); +- } +- +- if (!params->no_thread) { +- if (data->hist[cpu].thread_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].max_thread); +- else +- trace_seq_printf(trace->seq, " - "); +- } +- +- if (params->user_hist) { +- if (data->hist[cpu].user_count) +- trace_seq_printf(trace->seq, "%9llu ", +- data->hist[cpu].max_user); +- else +- trace_seq_printf(trace->seq, " - "); +- } ++ if (!params->no_irq) ++ format_summary_value(trace->seq, ++ data->hist[cpu].irq_count, ++ data->hist[cpu].max_irq, ++ false); ++ ++ if (!params->no_thread) ++ format_summary_value(trace->seq, ++ data->hist[cpu].thread_count, ++ data->hist[cpu].max_thread, ++ false); ++ ++ if (params->user_hist) ++ format_summary_value(trace->seq, ++ data->hist[cpu].user_count, ++ data->hist[cpu].max_user, ++ false); + } + trace_seq_printf(trace->seq, "\n"); + trace_seq_do_printf(trace->seq); +@@ -505,16 +502,22 @@ timerlat_print_stats_all(struct timerlat + trace_seq_printf(trace->seq, "min: "); + + if (!params->no_irq) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.min_irq); ++ format_summary_value(trace->seq, ++ sum.irq_count, ++ sum.min_irq, ++ false); + + if (!params->no_thread) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.min_thread); ++ format_summary_value(trace->seq, ++ sum.thread_count, ++ sum.min_thread, ++ false); + + if (params->user_hist) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.min_user); ++ format_summary_value(trace->seq, ++ sum.user_count, ++ sum.min_user, ++ false); + + trace_seq_printf(trace->seq, "\n"); + +@@ -522,16 +525,22 @@ timerlat_print_stats_all(struct timerlat + trace_seq_printf(trace->seq, "avg: "); + + if (!params->no_irq) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.sum_irq / sum.irq_count); ++ format_summary_value(trace->seq, ++ sum.irq_count, ++ sum.sum_irq, ++ true); + + if (!params->no_thread) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.sum_thread / sum.thread_count); ++ format_summary_value(trace->seq, ++ sum.thread_count, ++ sum.sum_thread, ++ true); + + if (params->user_hist) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.sum_user / sum.user_count); ++ format_summary_value(trace->seq, ++ sum.user_count, ++ sum.sum_user, ++ true); + + trace_seq_printf(trace->seq, "\n"); + +@@ -539,16 +548,22 @@ timerlat_print_stats_all(struct timerlat + trace_seq_printf(trace->seq, "max: "); + + if (!params->no_irq) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.max_irq); ++ format_summary_value(trace->seq, ++ sum.irq_count, ++ sum.max_irq, ++ false); + + if (!params->no_thread) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.max_thread); ++ format_summary_value(trace->seq, ++ sum.thread_count, ++ sum.max_thread, ++ false); + + if (params->user_hist) +- trace_seq_printf(trace->seq, "%9llu ", +- sum.max_user); ++ format_summary_value(trace->seq, ++ sum.user_count, ++ sum.max_user, ++ false); + + trace_seq_printf(trace->seq, "\n"); + trace_seq_do_printf(trace->seq); diff --git a/queue-6.12/series b/queue-6.12/series index 18fddd4b74c..31ab97e1fb3 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -82,3 +82,21 @@ drm-xe-move-the-coredump-registration-to-the-worker-.patch objtool-add-bch2_trans_unlocked_error-to-bcachefs-no.patch freezer-sched-report-frozen-tasks-as-d-instead-of-r.patch dmaengine-loongson2-apb-change-genmask-to-genmask_ul.patch +perf-x86-intel-uncore-add-clearwater-forest-support.patch +tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch +tracing-prevent-bad-count-for-tracing_cpumask_write.patch +rtla-timerlat-fix-histogram-all-for-zero-samples.patch +io_uring-sqpoll-fix-sqpoll-error-handling-races.patch +i2c-microchip-core-actually-use-repeated-sends.patch +x86-fred-clear-wfe-in-missing-endbranch-cps.patch +virt-tdx-guest-just-leak-decrypted-memory-on-unrecoverable-errors.patch +pci-msi-handle-lack-of-irqdomain-gracefully.patch +perf-x86-intel-fix-bitmask-of-ocr-and-frontend-events-for-lnc.patch +i2c-imx-add-imx7d-compatible-string-for-applying-erratum-err007805.patch +i2c-microchip-core-fix-ghost-detections.patch +perf-x86-intel-ds-add-pebs-format-6.patch +power-supply-cros_charge-control-add-mutex-for-driver-data.patch +power-supply-cros_charge-control-allow-start_threshold-end_threshold.patch +power-supply-cros_charge-control-hide-start-threshold-on-v2-cmd.patch +power-supply-gpio-charger-fix-set-charge-current-limits.patch +btrfs-fix-race-with-memory-mapped-writes-when-activating-swap-file.patch diff --git a/queue-6.12/tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch b/queue-6.12/tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch new file mode 100644 index 00000000000..e0f7f9c9387 --- /dev/null +++ b/queue-6.12/tracing-constify-string-literal-data-member-in-struct-trace_event_call.patch @@ -0,0 +1,66 @@ +From 452f4b31e3f70a52b97890888eeb9eaa9a87139a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= +Date: Mon, 25 Nov 2024 11:50:25 +0100 +Subject: tracing: Constify string literal data member in struct trace_event_call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian Göttsche + +commit 452f4b31e3f70a52b97890888eeb9eaa9a87139a upstream. + +The name member of the struct trace_event_call is assigned with +generated string literals; declare them pointer to read-only. + +Reported by clang: + + security/landlock/syscalls.c:179:1: warning: initializing 'char *' with an expression of type 'const char[34]' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers] + 179 | SYSCALL_DEFINE3(landlock_create_ruleset, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + 180 | const struct landlock_ruleset_attr __user *const, attr, + | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + 181 | const size_t, size, const __u32, flags) + | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ./include/linux/syscalls.h:226:36: note: expanded from macro 'SYSCALL_DEFINE3' + 226 | #define SYSCALL_DEFINE3(name, ...) SYSCALL_DEFINEx(3, _##name, __VA_ARGS__) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ./include/linux/syscalls.h:234:2: note: expanded from macro 'SYSCALL_DEFINEx' + 234 | SYSCALL_METADATA(sname, x, __VA_ARGS__) \ + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ./include/linux/syscalls.h:184:2: note: expanded from macro 'SYSCALL_METADATA' + 184 | SYSCALL_TRACE_ENTER_EVENT(sname); \ + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + ./include/linux/syscalls.h:151:30: note: expanded from macro 'SYSCALL_TRACE_ENTER_EVENT' + 151 | .name = "sys_enter"#sname, \ + | ^~~~~~~~~~~~~~~~~ + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Mathieu Desnoyers +Cc: Mickaël Salaün +Cc: Günther Noack +Cc: Nathan Chancellor +Cc: Nick Desaulniers +Cc: Bill Wendling +Cc: Justin Stitt +Link: https://lore.kernel.org/20241125105028.42807-1-cgoettsche@seltendoof.de +Fixes: b77e38aa240c3 ("tracing: add event trace infrastructure") +Signed-off-by: Christian Göttsche +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/trace_events.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/trace_events.h ++++ b/include/linux/trace_events.h +@@ -379,7 +379,7 @@ struct trace_event_call { + struct list_head list; + struct trace_event_class *class; + union { +- char *name; ++ const char *name; + /* Set TRACE_EVENT_FL_TRACEPOINT flag when using "tp" */ + struct tracepoint *tp; + }; diff --git a/queue-6.12/tracing-prevent-bad-count-for-tracing_cpumask_write.patch b/queue-6.12/tracing-prevent-bad-count-for-tracing_cpumask_write.patch new file mode 100644 index 00000000000..bea2bc0f40e --- /dev/null +++ b/queue-6.12/tracing-prevent-bad-count-for-tracing_cpumask_write.patch @@ -0,0 +1,37 @@ +From 98feccbf32cfdde8c722bc4587aaa60ee5ac33f0 Mon Sep 17 00:00:00 2001 +From: Lizhi Xu +Date: Mon, 16 Dec 2024 15:32:38 +0800 +Subject: tracing: Prevent bad count for tracing_cpumask_write + +From: Lizhi Xu + +commit 98feccbf32cfdde8c722bc4587aaa60ee5ac33f0 upstream. + +If a large count is provided, it will trigger a warning in bitmap_parse_user. +Also check zero for it. + +Cc: stable@vger.kernel.org +Fixes: 9e01c1b74c953 ("cpumask: convert kernel trace functions") +Link: https://lore.kernel.org/20241216073238.2573704-1-lizhi.xu@windriver.com +Reported-by: syzbot+0aecfd34fb878546f3fd@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=0aecfd34fb878546f3fd +Tested-by: syzbot+0aecfd34fb878546f3fd@syzkaller.appspotmail.com +Signed-off-by: Lizhi Xu +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -5111,6 +5111,9 @@ tracing_cpumask_write(struct file *filp, + cpumask_var_t tracing_cpumask_new; + int err; + ++ if (count == 0 || count > KMALLOC_MAX_SIZE) ++ return -EINVAL; ++ + if (!zalloc_cpumask_var(&tracing_cpumask_new, GFP_KERNEL)) + return -ENOMEM; + diff --git a/queue-6.12/virt-tdx-guest-just-leak-decrypted-memory-on-unrecoverable-errors.patch b/queue-6.12/virt-tdx-guest-just-leak-decrypted-memory-on-unrecoverable-errors.patch new file mode 100644 index 00000000000..ed2c84727cd --- /dev/null +++ b/queue-6.12/virt-tdx-guest-just-leak-decrypted-memory-on-unrecoverable-errors.patch @@ -0,0 +1,47 @@ +From 27834971f616c5e154423c578fa95e0444444ce1 Mon Sep 17 00:00:00 2001 +From: Li RongQing +Date: Wed, 19 Jun 2024 19:18:01 +0800 +Subject: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors + +From: Li RongQing + +commit 27834971f616c5e154423c578fa95e0444444ce1 upstream. + +In CoCo VMs it is possible for the untrusted host to cause +set_memory_decrypted() to fail such that an error is returned +and the resulting memory is shared. Callers need to take care +to handle these errors to avoid returning decrypted (shared) +memory to the page allocator, which could lead to functional +or security issues. + +Leak the decrypted memory when set_memory_decrypted() fails, +and don't need to print an error since set_memory_decrypted() +will call WARN_ONCE(). + +Fixes: f4738f56d1dc ("virt: tdx-guest: Add Quote generation support using TSM_REPORTS") +Signed-off-by: Li RongQing +Signed-off-by: Dave Hansen +Signed-off-by: Ingo Molnar +Reviewed-by: Rick Edgecombe +Reviewed-by: Kirill A. Shutemov +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/all/20240619111801.25630-1-lirongqing%40baidu.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/virt/coco/tdx-guest/tdx-guest.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/drivers/virt/coco/tdx-guest/tdx-guest.c ++++ b/drivers/virt/coco/tdx-guest/tdx-guest.c +@@ -124,10 +124,8 @@ static void *alloc_quote_buf(void) + if (!addr) + return NULL; + +- if (set_memory_decrypted((unsigned long)addr, count)) { +- free_pages_exact(addr, len); ++ if (set_memory_decrypted((unsigned long)addr, count)) + return NULL; +- } + + return addr; + } diff --git a/queue-6.12/x86-fred-clear-wfe-in-missing-endbranch-cps.patch b/queue-6.12/x86-fred-clear-wfe-in-missing-endbranch-cps.patch new file mode 100644 index 00000000000..4e03f65d819 --- /dev/null +++ b/queue-6.12/x86-fred-clear-wfe-in-missing-endbranch-cps.patch @@ -0,0 +1,98 @@ +From dc81e556f2a017d681251ace21bf06c126d5a192 Mon Sep 17 00:00:00 2001 +From: "Xin Li (Intel)" +Date: Wed, 13 Nov 2024 09:59:34 -0800 +Subject: x86/fred: Clear WFE in missing-ENDBRANCH #CPs + +From: Xin Li (Intel) + +commit dc81e556f2a017d681251ace21bf06c126d5a192 upstream. + +An indirect branch instruction sets the CPU indirect branch tracker +(IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted +across the instruction boundary. When the decoder finds an +inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP +fault. + +For the "kernel IBT no ENDBR" selftest where #CPs are deliberately +triggered, the WFE state of the interrupted context needs to be +cleared to let execution continue. Otherwise when the CPU resumes +from the instruction that just caused the previous #CP, another +missing-ENDBRANCH #CP is raised and the CPU enters a dead loop. + +This is not a problem with IDT because it doesn't preserve WFE and +IRET doesn't set WFE. But FRED provides space on the entry stack +(in an expanded CS area) to save and restore the WFE state, thus the +WFE state is no longer clobbered, so software must clear it. + +Clear WFE to avoid dead looping in ibt_clear_fred_wfe() and the +!ibt_fatal code path when execution is allowed to continue. + +Clobbering WFE in any other circumstance is a security-relevant bug. + +[ dhansen: changelog rewording ] + +Fixes: a5f6c2ace997 ("x86/shstk: Add user control-protection fault handler") +Signed-off-by: Xin Li (Intel) +Signed-off-by: Dave Hansen +Signed-off-by: Ingo Molnar +Acked-by: Dave Hansen +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/all/20241113175934.3897541-1-xin%40zytor.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cet.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +--- a/arch/x86/kernel/cet.c ++++ b/arch/x86/kernel/cet.c +@@ -81,6 +81,34 @@ static void do_user_cp_fault(struct pt_r + + static __ro_after_init bool ibt_fatal = true; + ++/* ++ * By definition, all missing-ENDBRANCH #CPs are a result of WFE && !ENDBR. ++ * ++ * For the kernel IBT no ENDBR selftest where #CPs are deliberately triggered, ++ * the WFE state of the interrupted context needs to be cleared to let execution ++ * continue. Otherwise when the CPU resumes from the instruction that just ++ * caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU ++ * enters a dead loop. ++ * ++ * This is not a problem with IDT because it doesn't preserve WFE and IRET doesn't ++ * set WFE. But FRED provides space on the entry stack (in an expanded CS area) ++ * to save and restore the WFE state, thus the WFE state is no longer clobbered, ++ * so software must clear it. ++ */ ++static void ibt_clear_fred_wfe(struct pt_regs *regs) ++{ ++ /* ++ * No need to do any FRED checks. ++ * ++ * For IDT event delivery, the high-order 48 bits of CS are pushed ++ * as 0s into the stack, and later IRET ignores these bits. ++ * ++ * For FRED, a test to check if fred_cs.wfe is set would be dropped ++ * by compilers. ++ */ ++ regs->fred_cs.wfe = 0; ++} ++ + static void do_kernel_cp_fault(struct pt_regs *regs, unsigned long error_code) + { + if ((error_code & CP_EC) != CP_ENDBR) { +@@ -90,6 +118,7 @@ static void do_kernel_cp_fault(struct pt + + if (unlikely(regs->ip == (unsigned long)&ibt_selftest_noendbr)) { + regs->ax = 0; ++ ibt_clear_fred_wfe(regs); + return; + } + +@@ -97,6 +126,7 @@ static void do_kernel_cp_fault(struct pt + if (!ibt_fatal) { + printk(KERN_DEFAULT CUT_HERE); + __warn(__FILE__, __LINE__, (void *)regs->ip, TAINT_WARN, regs, NULL); ++ ibt_clear_fred_wfe(regs); + return; + } + BUG();