From: Greg Kroah-Hartman Date: Tue, 10 Jan 2023 08:23:18 +0000 (+0100) Subject: 6.0-stable patches X-Git-Tag: v5.15.87~29 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a4be8724bc798523bdcc68ed28351ecb5ef89345;p=thirdparty%2Fkernel%2Fstable-queue.git 6.0-stable patches added patches: drm-amdkfd-fix-kernel-warning-during-topology-setup.patch drm-i915-gvt-fix-gvt-debugfs-destroy.patch drm-i915-gvt-fix-vgpu-debugfs-clean-in-remove.patch of-fdt-run-soc-memory-setup-when-early_init_dt_scan_memory-fails.patch riscv-kprobes-stricter-c.jr-c.jalr-decoding.patch riscv-uaccess-fix-type-of-0-variable-on-error-in-get_user.patch thermal-int340x-add-missing-attribute-for-data-rate-base.patch vhost_vdpa-fix-the-crash-in-unmap-a-large-memory.patch --- diff --git a/queue-6.0/drm-amdkfd-fix-kernel-warning-during-topology-setup.patch b/queue-6.0/drm-amdkfd-fix-kernel-warning-during-topology-setup.patch new file mode 100644 index 00000000000..f6ece32695c --- /dev/null +++ b/queue-6.0/drm-amdkfd-fix-kernel-warning-during-topology-setup.patch @@ -0,0 +1,72 @@ +From cf97eb7e47d4671084c7e114c5d88a3d0540ecbd Mon Sep 17 00:00:00 2001 +From: Mukul Joshi +Date: Tue, 20 Dec 2022 17:11:24 -0500 +Subject: drm/amdkfd: Fix kernel warning during topology setup + +From: Mukul Joshi + +commit cf97eb7e47d4671084c7e114c5d88a3d0540ecbd upstream. + +This patch fixes the following kernel warning seen during +driver load by correctly initializing the p2plink attr before +creating the sysfs file: + +[ +0.002865] ------------[ cut here ]------------ +[ +0.002327] kobject: '(null)' (0000000056260cfb): is not initialized, yet kobject_put() is being called. +[ +0.004780] WARNING: CPU: 32 PID: 1006 at lib/kobject.c:718 kobject_put+0xaa/0x1c0 +[ +0.001361] Call Trace: +[ +0.001234] +[ +0.001067] kfd_remove_sysfs_node_entry+0x24a/0x2d0 [amdgpu] +[ +0.003147] kfd_topology_update_sysfs+0x3d/0x750 [amdgpu] +[ +0.002890] kfd_topology_add_device+0xbd7/0xc70 [amdgpu] +[ +0.002844] ? lock_release+0x13c/0x2e0 +[ +0.001936] ? smu_cmn_send_smc_msg_with_param+0x1e8/0x2d0 [amdgpu] +[ +0.003313] ? amdgpu_dpm_get_mclk+0x54/0x60 [amdgpu] +[ +0.002703] kgd2kfd_device_init.cold+0x39f/0x4ed [amdgpu] +[ +0.002930] amdgpu_amdkfd_device_init+0x13d/0x1f0 [amdgpu] +[ +0.002944] amdgpu_device_init.cold+0x1464/0x17b4 [amdgpu] +[ +0.002970] ? pci_bus_read_config_word+0x43/0x80 +[ +0.002380] amdgpu_driver_load_kms+0x15/0x100 [amdgpu] +[ +0.002744] amdgpu_pci_probe+0x147/0x370 [amdgpu] +[ +0.002522] local_pci_probe+0x40/0x80 +[ +0.001896] work_for_cpu_fn+0x10/0x20 +[ +0.001892] process_one_work+0x26e/0x5a0 +[ +0.002029] worker_thread+0x1fd/0x3e0 +[ +0.001890] ? process_one_work+0x5a0/0x5a0 +[ +0.002115] kthread+0xea/0x110 +[ +0.001618] ? kthread_complete_and_exit+0x20/0x20 +[ +0.002422] ret_from_fork+0x1f/0x30 +[ +0.001808] +[ +0.001103] irq event stamp: 59837 +[ +0.001718] hardirqs last enabled at (59849): [] __up_console_sem+0x52/0x60 +[ +0.004414] hardirqs last disabled at (59860): [] __up_console_sem+0x37/0x60 +[ +0.004414] softirqs last enabled at (59654): [] irq_exit_rcu+0xd7/0x130 +[ +0.004205] softirqs last disabled at (59649): [] irq_exit_rcu+0xd7/0x130 +[ +0.004203] ---[ end trace 0000000000000000 ]--- + +Fixes: 0f28cca87e9a ("drm/amdkfd: Extend KFD device topology to surface peer-to-peer links") +Signed-off-by: Mukul Joshi +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c +index bceb1a5b2518..3fdaba56be6f 100644 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_topology.c ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_topology.c +@@ -801,7 +801,7 @@ static int kfd_build_sysfs_node_entry(struct kfd_topology_device *dev, + + p2plink->attr.name = "properties"; + p2plink->attr.mode = KFD_SYSFS_FILE_MODE; +- sysfs_attr_init(&iolink->attr); ++ sysfs_attr_init(&p2plink->attr); + ret = sysfs_create_file(p2plink->kobj, &p2plink->attr); + if (ret < 0) + return ret; +-- +2.39.0 + diff --git a/queue-6.0/drm-i915-gvt-fix-gvt-debugfs-destroy.patch b/queue-6.0/drm-i915-gvt-fix-gvt-debugfs-destroy.patch new file mode 100644 index 00000000000..acd54a04aae --- /dev/null +++ b/queue-6.0/drm-i915-gvt-fix-gvt-debugfs-destroy.patch @@ -0,0 +1,94 @@ +From c4b850d1f448a901fbf4f7f36dec38c84009b489 Mon Sep 17 00:00:00 2001 +From: Zhenyu Wang +Date: Mon, 19 Dec 2022 22:03:56 +0800 +Subject: drm/i915/gvt: fix gvt debugfs destroy + +From: Zhenyu Wang + +commit c4b850d1f448a901fbf4f7f36dec38c84009b489 upstream. + +When gvt debug fs is destroyed, need to have a sane check if drm +minor's debugfs root is still available or not, otherwise in case like +device remove through unbinding, drm minor's debugfs directory has +already been removed, then intel_gvt_debugfs_clean() would act upon +dangling pointer like below oops. + +i915 0000:00:02.0: Direct firmware load for i915/gvt/vid_0x8086_did_0x1926_rid_0x0a.golden_hw_state failed with error -2 +i915 0000:00:02.0: MDEV: Registered +Console: switching to colour dummy device 80x25 +i915 0000:00:02.0: MDEV: Unregistering +BUG: kernel NULL pointer dereference, address: 00000000000000a0 +PGD 0 P4D 0 +Oops: 0002 [#1] PREEMPT SMP PTI +CPU: 2 PID: 2486 Comm: gfx-unbind.sh Tainted: G I 6.1.0-rc8+ #15 +Hardware name: Dell Inc. XPS 13 9350/0JXC1H, BIOS 1.13.0 02/10/2020 +RIP: 0010:down_write+0x1f/0x90 +Code: 1d ff ff 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 53 48 89 fb e8 62 c0 ff ff bf 01 00 00 00 e8 28 5e 31 ff 31 c0 ba 01 00 00 00 48 0f b1 13 75 33 65 48 8b 04 25 c0 bd 01 00 48 89 43 08 bf 01 +RSP: 0018:ffff9eb3036ffcc8 EFLAGS: 00010246 +RAX: 0000000000000000 RBX: 00000000000000a0 RCX: ffffff8100000000 +RDX: 0000000000000001 RSI: 0000000000000064 RDI: ffffffffa48787a8 +RBP: ffff9eb3036ffd30 R08: ffffeb1fc45a0608 R09: ffffeb1fc45a05c0 +R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000 +R13: ffff91acc33fa328 R14: ffff91acc033f080 R15: ffff91acced533e0 +FS: 00007f6947bba740(0000) GS:ffff91ae36d00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00000000000000a0 CR3: 00000001133a2002 CR4: 00000000003706e0 +Call Trace: + + simple_recursive_removal+0x9f/0x2a0 + ? start_creating.part.0+0x120/0x120 + ? _raw_spin_lock+0x13/0x40 + debugfs_remove+0x40/0x60 + intel_gvt_debugfs_clean+0x15/0x30 [kvmgt] + intel_gvt_clean_device+0x49/0xe0 [kvmgt] + intel_gvt_driver_remove+0x2f/0xb0 + i915_driver_remove+0xa4/0xf0 + i915_pci_remove+0x1a/0x30 + pci_device_remove+0x33/0xa0 + device_release_driver_internal+0x1b2/0x230 + unbind_store+0xe0/0x110 + kernfs_fop_write_iter+0x11b/0x1f0 + vfs_write+0x203/0x3d0 + ksys_write+0x63/0xe0 + do_syscall_64+0x37/0x90 + entry_SYSCALL_64_after_hwframe+0x63/0xcd +RIP: 0033:0x7f6947cb5190 +Code: 40 00 48 8b 15 71 9c 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d 51 24 0e 00 00 74 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89 +RSP: 002b:00007ffcbac45a28 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 +RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007f6947cb5190 +RDX: 000000000000000d RSI: 0000555e35c866a0 RDI: 0000000000000001 +RBP: 0000555e35c866a0 R08: 0000000000000002 R09: 0000555e358cb97c +R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 +R13: 000000000000000d R14: 0000000000000000 R15: 0000555e358cb8e0 + +Modules linked in: kvmgt +CR2: 00000000000000a0 +---[ end trace 0000000000000000 ]--- + +Cc: Wang, Zhi +Cc: He, Yu +Cc: stable@vger.kernel.org +Reviewed-by: Zhi Wang +Fixes: bc7b0be316ae ("drm/i915/gvt: Add basic debugfs infrastructure") +Signed-off-by: Zhenyu Wang +Link: http://patchwork.freedesktop.org/patch/msgid/20221219140357.769557-1-zhenyuw@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/gvt/debugfs.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/i915/gvt/debugfs.c ++++ b/drivers/gpu/drm/i915/gvt/debugfs.c +@@ -199,6 +199,10 @@ void intel_gvt_debugfs_init(struct intel + */ + void intel_gvt_debugfs_clean(struct intel_gvt *gvt) + { +- debugfs_remove_recursive(gvt->debugfs_root); +- gvt->debugfs_root = NULL; ++ struct drm_minor *minor = gvt->gt->i915->drm.primary; ++ ++ if (minor->debugfs_root) { ++ debugfs_remove_recursive(gvt->debugfs_root); ++ gvt->debugfs_root = NULL; ++ } + } diff --git a/queue-6.0/drm-i915-gvt-fix-vgpu-debugfs-clean-in-remove.patch b/queue-6.0/drm-i915-gvt-fix-vgpu-debugfs-clean-in-remove.patch new file mode 100644 index 00000000000..ac1c3edef30 --- /dev/null +++ b/queue-6.0/drm-i915-gvt-fix-vgpu-debugfs-clean-in-remove.patch @@ -0,0 +1,122 @@ +From 704f3384f322b40ba24d958473edfb1c9750c8fd Mon Sep 17 00:00:00 2001 +From: Zhenyu Wang +Date: Mon, 19 Dec 2022 22:03:57 +0800 +Subject: drm/i915/gvt: fix vgpu debugfs clean in remove + +From: Zhenyu Wang + +commit 704f3384f322b40ba24d958473edfb1c9750c8fd upstream. + +Check carefully on root debugfs available when destroying vgpu, +e.g in remove case drm minor's debugfs root might already be destroyed, +which led to kernel oops like below. + +Console: switching to colour dummy device 80x25 +i915 0000:00:02.0: MDEV: Unregistering +intel_vgpu_mdev b1338b2d-a709-4c23-b766-cc436c36cdf0: Removing from iommu group 14 +BUG: kernel NULL pointer dereference, address: 0000000000000150 +PGD 0 P4D 0 +Oops: 0000 [#1] PREEMPT SMP +CPU: 3 PID: 1046 Comm: driverctl Not tainted 6.1.0-rc2+ #6 +Hardware name: HP HP ProDesk 600 G3 MT/829D, BIOS P02 Ver. 02.44 09/13/2022 +RIP: 0010:__lock_acquire+0x5e2/0x1f90 +Code: 87 ad 09 00 00 39 05 e1 1e cc 02 0f 82 f1 09 00 00 ba 01 00 00 00 48 83 c4 48 89 d0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 45 31 ff <48> 81 3f 60 9e c2 b6 45 0f 45 f8 83 fe 01 0f 87 55 fa ff ff 89 f0 +RSP: 0018:ffff9f770274f948 EFLAGS: 00010046 +RAX: 0000000000000003 RBX: 0000000000000000 RCX: 0000000000000000 +RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000150 +RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 +R10: ffff8895d1173300 R11: 0000000000000001 R12: 0000000000000000 +R13: 0000000000000150 R14: 0000000000000000 R15: 0000000000000000 +FS: 00007fc9b2ba0740(0000) GS:ffff889cdfcc0000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000150 CR3: 000000010fd93005 CR4: 00000000003706e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + + lock_acquire+0xbf/0x2b0 + ? simple_recursive_removal+0xa5/0x2b0 + ? lock_release+0x13d/0x2d0 + down_write+0x2a/0xd0 + ? simple_recursive_removal+0xa5/0x2b0 + simple_recursive_removal+0xa5/0x2b0 + ? start_creating.part.0+0x110/0x110 + ? _raw_spin_unlock+0x29/0x40 + debugfs_remove+0x40/0x60 + intel_gvt_debugfs_remove_vgpu+0x15/0x30 [kvmgt] + intel_gvt_destroy_vgpu+0x60/0x100 [kvmgt] + intel_vgpu_release_dev+0xe/0x20 [kvmgt] + device_release+0x30/0x80 + kobject_put+0x79/0x1b0 + device_release_driver_internal+0x1b8/0x230 + bus_remove_device+0xec/0x160 + device_del+0x189/0x400 + ? up_write+0x9c/0x1b0 + ? mdev_device_remove_common+0x60/0x60 [mdev] + mdev_device_remove_common+0x22/0x60 [mdev] + mdev_device_remove_cb+0x17/0x20 [mdev] + device_for_each_child+0x56/0x80 + mdev_unregister_parent+0x5a/0x81 [mdev] + intel_gvt_clean_device+0x2d/0xe0 [kvmgt] + intel_gvt_driver_remove+0x2e/0xb0 [i915] + i915_driver_remove+0xac/0x100 [i915] + i915_pci_remove+0x1a/0x30 [i915] + pci_device_remove+0x31/0xa0 + device_release_driver_internal+0x1b8/0x230 + unbind_store+0xd8/0x100 + kernfs_fop_write_iter+0x156/0x210 + vfs_write+0x236/0x4a0 + ksys_write+0x61/0xd0 + do_syscall_64+0x55/0x80 + ? find_held_lock+0x2b/0x80 + ? lock_release+0x13d/0x2d0 + ? up_read+0x17/0x20 + ? lock_is_held_type+0xe3/0x140 + ? asm_exc_page_fault+0x22/0x30 + ? lockdep_hardirqs_on+0x7d/0x100 + entry_SYSCALL_64_after_hwframe+0x46/0xb0 +RIP: 0033:0x7fc9b2c9e0c4 +Code: 15 71 7d 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 80 3d 3d 05 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 48 83 ec 28 48 89 54 24 18 48 +RSP: 002b:00007ffec29c81c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 +RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00007fc9b2c9e0c4 +RDX: 000000000000000d RSI: 0000559f8b5f48a0 RDI: 0000000000000001 +RBP: 0000559f8b5f48a0 R08: 0000559f8b5f3540 R09: 00007fc9b2d76d30 +R10: 0000000000000000 R11: 0000000000000202 R12: 000000000000000d +R13: 00007fc9b2d77780 R14: 000000000000000d R15: 00007fc9b2d72a00 + +Modules linked in: sunrpc intel_rapl_msr intel_rapl_common intel_pmc_core_pltdrv intel_pmc_core intel_tcc_cooling x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel ee1004 igbvf rapl vfat fat intel_cstate intel_uncore pktcdvd i2c_i801 pcspkr wmi_bmof i2c_smbus acpi_pad vfio_pci vfio_pci_core vfio_virqfd zram fuse dm_multipath kvmgt mdev vfio_iommu_type1 vfio kvm irqbypass i915 nvme e1000e igb nvme_core crct10dif_pclmul crc32_pclmul crc32c_intel polyval_clmulni polyval_generic serio_raw ghash_clmulni_intel sha512_ssse3 dca drm_buddy intel_gtt video wmi drm_display_helper ttm +CR2: 0000000000000150 +---[ end trace 0000000000000000 ]--- + +Cc: Wang Zhi +Cc: He Yu +Cc: Alex Williamson +Cc: stable@vger.kernel.org +Reviewed-by: Zhi Wang +Tested-by: Yu He +Fixes: bc7b0be316ae ("drm/i915/gvt: Add basic debugfs infrastructure") +Signed-off-by: Zhenyu Wang +Link: http://patchwork.freedesktop.org/patch/msgid/20221219140357.769557-2-zhenyuw@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/gvt/debugfs.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/i915/gvt/debugfs.c ++++ b/drivers/gpu/drm/i915/gvt/debugfs.c +@@ -175,8 +175,13 @@ void intel_gvt_debugfs_add_vgpu(struct i + */ + void intel_gvt_debugfs_remove_vgpu(struct intel_vgpu *vgpu) + { +- debugfs_remove_recursive(vgpu->debugfs); +- vgpu->debugfs = NULL; ++ struct intel_gvt *gvt = vgpu->gvt; ++ struct drm_minor *minor = gvt->gt->i915->drm.primary; ++ ++ if (minor->debugfs_root && gvt->debugfs_root) { ++ debugfs_remove_recursive(vgpu->debugfs); ++ vgpu->debugfs = NULL; ++ } + } + + /** diff --git a/queue-6.0/of-fdt-run-soc-memory-setup-when-early_init_dt_scan_memory-fails.patch b/queue-6.0/of-fdt-run-soc-memory-setup-when-early_init_dt_scan_memory-fails.patch new file mode 100644 index 00000000000..1e0151fb4c3 --- /dev/null +++ b/queue-6.0/of-fdt-run-soc-memory-setup-when-early_init_dt_scan_memory-fails.patch @@ -0,0 +1,76 @@ +From 2a12187d5853d9fd5102278cecef7dac7c8ce7ea Mon Sep 17 00:00:00 2001 +From: Andreas Rammhold +Date: Fri, 23 Dec 2022 12:27:47 +0100 +Subject: of/fdt: run soc memory setup when early_init_dt_scan_memory fails + +From: Andreas Rammhold + +commit 2a12187d5853d9fd5102278cecef7dac7c8ce7ea upstream. + +If memory has been found early_init_dt_scan_memory now returns 1. If +it hasn't found any memory it will return 0, allowing other memory +setup mechanisms to carry on. + +Previously early_init_dt_scan_memory always returned 0 without +distinguishing between any kind of memory setup being done or not. Any +code path after the early_init_dt_scan memory call in the ramips +plat_mem_setup code wouldn't be executed anymore. Making +early_init_dt_scan_memory the only way to initialize the memory. + +Some boards, including my mt7621 based Cudy X6 board, depend on memory +initialization being done via the soc_info.mem_detect function +pointer. Those wouldn't be able to obtain memory and panic the kernel +during early bootup with the message "early_init_dt_alloc_memory_arch: +Failed to allocate 12416 bytes align=0x40". + +Fixes: 1f012283e936 ("of/fdt: Rework early_init_dt_scan_memory() to call directly") +Cc: stable@vger.kernel.org +Signed-off-by: Andreas Rammhold +Link: https://lore.kernel.org/r/20221223112748.2935235-1-andreas@rammhold.de +Signed-off-by: Rob Herring +Signed-off-by: Greg Kroah-Hartman +--- + arch/mips/ralink/of.c | 2 +- + drivers/of/fdt.c | 6 ++++-- + 2 files changed, 5 insertions(+), 3 deletions(-) + +--- a/arch/mips/ralink/of.c ++++ b/arch/mips/ralink/of.c +@@ -64,7 +64,7 @@ void __init plat_mem_setup(void) + dtb = get_fdt(); + __dt_setup_arch(dtb); + +- if (!early_init_dt_scan_memory()) ++ if (early_init_dt_scan_memory()) + return; + + if (soc_info.mem_detect) +--- a/drivers/of/fdt.c ++++ b/drivers/of/fdt.c +@@ -1106,7 +1106,7 @@ u64 __init dt_mem_next_cell(int s, const + */ + int __init early_init_dt_scan_memory(void) + { +- int node; ++ int node, found_memory = 0; + const void *fdt = initial_boot_params; + + fdt_for_each_subnode(node, fdt, 0) { +@@ -1146,6 +1146,8 @@ int __init early_init_dt_scan_memory(voi + + early_init_dt_add_memory_arch(base, size); + ++ found_memory = 1; ++ + if (!hotpluggable) + continue; + +@@ -1154,7 +1156,7 @@ int __init early_init_dt_scan_memory(voi + base, base + size); + } + } +- return 0; ++ return found_memory; + } + + int __init early_init_dt_scan_chosen(char *cmdline) diff --git a/queue-6.0/riscv-kprobes-stricter-c.jr-c.jalr-decoding.patch b/queue-6.0/riscv-kprobes-stricter-c.jr-c.jalr-decoding.patch new file mode 100644 index 00000000000..e06af8f676a --- /dev/null +++ b/queue-6.0/riscv-kprobes-stricter-c.jr-c.jalr-decoding.patch @@ -0,0 +1,57 @@ +From b2d473a6019ef9a54b0156ecdb2e0398c9fa6a24 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= +Date: Mon, 2 Jan 2023 17:07:48 +0100 +Subject: riscv, kprobes: Stricter c.jr/c.jalr decoding +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Björn Töpel + +commit b2d473a6019ef9a54b0156ecdb2e0398c9fa6a24 upstream. + +In the compressed instruction extension, c.jr, c.jalr, c.mv, and c.add +is encoded the following way (each instruction is 16b): + +---+-+-----------+-----------+-- +100 0 rs1[4:0]!=0 00000 10 : c.jr +100 1 rs1[4:0]!=0 00000 10 : c.jalr +100 0 rd[4:0]!=0 rs2[4:0]!=0 10 : c.mv +100 1 rd[4:0]!=0 rs2[4:0]!=0 10 : c.add + +The following logic is used to decode c.jr and c.jalr: + + insn & 0xf007 == 0x8002 => instruction is an c.jr + insn & 0xf007 == 0x9002 => instruction is an c.jalr + +When 0xf007 is used to mask the instruction, c.mv can be incorrectly +decoded as c.jr, and c.add as c.jalr. + +Correct the decoding by changing the mask from 0xf007 to 0xf07f. + +Fixes: c22b0bcb1dd0 ("riscv: Add kprobes supported") +Signed-off-by: Björn Töpel +Reviewed-by: Conor Dooley +Reviewed-by: Guo Ren +Link: https://lore.kernel.org/r/20230102160748.1307289-1-bjorn@kernel.org +Cc: stable@vger.kernel.org +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/kernel/probes/simulate-insn.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/riscv/kernel/probes/simulate-insn.h ++++ b/arch/riscv/kernel/probes/simulate-insn.h +@@ -31,9 +31,9 @@ __RISCV_INSN_FUNCS(fence, 0x7f, 0x0f); + } while (0) + + __RISCV_INSN_FUNCS(c_j, 0xe003, 0xa001); +-__RISCV_INSN_FUNCS(c_jr, 0xf007, 0x8002); ++__RISCV_INSN_FUNCS(c_jr, 0xf07f, 0x8002); + __RISCV_INSN_FUNCS(c_jal, 0xe003, 0x2001); +-__RISCV_INSN_FUNCS(c_jalr, 0xf007, 0x9002); ++__RISCV_INSN_FUNCS(c_jalr, 0xf07f, 0x9002); + __RISCV_INSN_FUNCS(c_beqz, 0xe003, 0xc001); + __RISCV_INSN_FUNCS(c_bnez, 0xe003, 0xe001); + __RISCV_INSN_FUNCS(c_ebreak, 0xffff, 0x9002); diff --git a/queue-6.0/riscv-uaccess-fix-type-of-0-variable-on-error-in-get_user.patch b/queue-6.0/riscv-uaccess-fix-type-of-0-variable-on-error-in-get_user.patch new file mode 100644 index 00000000000..07f21af35fa --- /dev/null +++ b/queue-6.0/riscv-uaccess-fix-type-of-0-variable-on-error-in-get_user.patch @@ -0,0 +1,36 @@ +From b9b916aee6715cd7f3318af6dc360c4729417b94 Mon Sep 17 00:00:00 2001 +From: Ben Dooks +Date: Thu, 29 Dec 2022 17:05:45 +0000 +Subject: riscv: uaccess: fix type of 0 variable on error in get_user() + +From: Ben Dooks + +commit b9b916aee6715cd7f3318af6dc360c4729417b94 upstream. + +If the get_user(x, ptr) has x as a pointer, then the setting +of (x) = 0 is going to produce the following sparse warning, +so fix this by forcing the type of 'x' when access_ok() fails. + +fs/aio.c:2073:21: warning: Using plain integer as NULL pointer + +Signed-off-by: Ben Dooks +Reviewed-by: Palmer Dabbelt +Link: https://lore.kernel.org/r/20221229170545.718264-1-ben-linux@fluff.org +Cc: stable@vger.kernel.org +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/uaccess.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/riscv/include/asm/uaccess.h ++++ b/arch/riscv/include/asm/uaccess.h +@@ -165,7 +165,7 @@ do { \ + might_fault(); \ + access_ok(__p, sizeof(*__p)) ? \ + __get_user((x), __p) : \ +- ((x) = 0, -EFAULT); \ ++ ((x) = (__force __typeof__(x))0, -EFAULT); \ + }) + + #define __put_user_asm(insn, x, ptr, err) \ diff --git a/queue-6.0/series b/queue-6.0/series index 9bc061da0fb..081fb0f129e 100644 --- a/queue-6.0/series +++ b/queue-6.0/series @@ -130,3 +130,11 @@ net-dsa-tag_qca-fix-wrong-mgmt_data2-size.patch block-don-t-allow-splitting-of-a-req_nowait-bio.patch io_uring-io-wq-free-worker-if-task_work-creation-is-canceled.patch io_uring-fix-cq-waiting-timeout-handling.patch +vhost_vdpa-fix-the-crash-in-unmap-a-large-memory.patch +thermal-int340x-add-missing-attribute-for-data-rate-base.patch +riscv-uaccess-fix-type-of-0-variable-on-error-in-get_user.patch +riscv-kprobes-stricter-c.jr-c.jalr-decoding.patch +of-fdt-run-soc-memory-setup-when-early_init_dt_scan_memory-fails.patch +drm-amdkfd-fix-kernel-warning-during-topology-setup.patch +drm-i915-gvt-fix-gvt-debugfs-destroy.patch +drm-i915-gvt-fix-vgpu-debugfs-clean-in-remove.patch diff --git a/queue-6.0/thermal-int340x-add-missing-attribute-for-data-rate-base.patch b/queue-6.0/thermal-int340x-add-missing-attribute-for-data-rate-base.patch new file mode 100644 index 00000000000..d3f887d4e95 --- /dev/null +++ b/queue-6.0/thermal-int340x-add-missing-attribute-for-data-rate-base.patch @@ -0,0 +1,56 @@ +From b878d3ba9bb41cddb73ba4b56e5552f0a638daca Mon Sep 17 00:00:00 2001 +From: Srinivas Pandruvada +Date: Tue, 27 Dec 2022 16:10:05 -0800 +Subject: thermal: int340x: Add missing attribute for data rate base + +From: Srinivas Pandruvada + +commit b878d3ba9bb41cddb73ba4b56e5552f0a638daca upstream. + +Commit 473be51142ad ("thermal: int340x: processor_thermal: Add RFIM +driver")' added rfi_restriction_data_rate_base string, mmio details and +documentation, but missed adding attribute to sysfs. + +Add missing sysfs attribute. + +Fixes: 473be51142ad ("thermal: int340x: processor_thermal: Add RFIM driver") +Cc: 5.11+ # v5.11+ +Signed-off-by: Srinivas Pandruvada +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c ++++ b/drivers/thermal/intel/int340x_thermal/processor_thermal_rfim.c +@@ -172,6 +172,7 @@ static const struct attribute_group fivr + RFIM_SHOW(rfi_restriction_run_busy, 1) + RFIM_SHOW(rfi_restriction_err_code, 1) + RFIM_SHOW(rfi_restriction_data_rate, 1) ++RFIM_SHOW(rfi_restriction_data_rate_base, 1) + RFIM_SHOW(ddr_data_rate_point_0, 1) + RFIM_SHOW(ddr_data_rate_point_1, 1) + RFIM_SHOW(ddr_data_rate_point_2, 1) +@@ -181,11 +182,13 @@ RFIM_SHOW(rfi_disable, 1) + RFIM_STORE(rfi_restriction_run_busy, 1) + RFIM_STORE(rfi_restriction_err_code, 1) + RFIM_STORE(rfi_restriction_data_rate, 1) ++RFIM_STORE(rfi_restriction_data_rate_base, 1) + RFIM_STORE(rfi_disable, 1) + + static DEVICE_ATTR_RW(rfi_restriction_run_busy); + static DEVICE_ATTR_RW(rfi_restriction_err_code); + static DEVICE_ATTR_RW(rfi_restriction_data_rate); ++static DEVICE_ATTR_RW(rfi_restriction_data_rate_base); + static DEVICE_ATTR_RO(ddr_data_rate_point_0); + static DEVICE_ATTR_RO(ddr_data_rate_point_1); + static DEVICE_ATTR_RO(ddr_data_rate_point_2); +@@ -248,6 +251,7 @@ static struct attribute *dvfs_attrs[] = + &dev_attr_rfi_restriction_run_busy.attr, + &dev_attr_rfi_restriction_err_code.attr, + &dev_attr_rfi_restriction_data_rate.attr, ++ &dev_attr_rfi_restriction_data_rate_base.attr, + &dev_attr_ddr_data_rate_point_0.attr, + &dev_attr_ddr_data_rate_point_1.attr, + &dev_attr_ddr_data_rate_point_2.attr, diff --git a/queue-6.0/vhost_vdpa-fix-the-crash-in-unmap-a-large-memory.patch b/queue-6.0/vhost_vdpa-fix-the-crash-in-unmap-a-large-memory.patch new file mode 100644 index 00000000000..68425489237 --- /dev/null +++ b/queue-6.0/vhost_vdpa-fix-the-crash-in-unmap-a-large-memory.patch @@ -0,0 +1,178 @@ +From e794070af224ade46db368271896b2685ff4f96b Mon Sep 17 00:00:00 2001 +From: Cindy Lu +Date: Mon, 19 Dec 2022 15:33:31 +0800 +Subject: vhost_vdpa: fix the crash in unmap a large memory + +From: Cindy Lu + +commit e794070af224ade46db368271896b2685ff4f96b upstream. + +While testing in vIOMMU, sometimes Guest will unmap very large memory, +which will cause the crash. To fix this, add a new function +vhost_vdpa_general_unmap(). This function will only unmap the memory +that saved in iotlb. + +Call Trace: +[ 647.820144] ------------[ cut here ]------------ +[ 647.820848] kernel BUG at drivers/iommu/intel/iommu.c:1174! +[ 647.821486] invalid opcode: 0000 [#1] PREEMPT SMP PTI +[ 647.822082] CPU: 10 PID: 1181 Comm: qemu-system-x86 Not tainted 6.0.0-rc1home_lulu_2452_lulu7_vhost+ #62 +[ 647.823139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qem4 +[ 647.824365] RIP: 0010:domain_unmap+0x48/0x110 +[ 647.825424] Code: 48 89 fb 8d 4c f6 1e 39 c1 0f 4f c8 83 e9 0c 83 f9 3f 7f 18 48 89 e8 48 d3 e8 48 85 c0 75 59 +[ 647.828064] RSP: 0018:ffffae5340c0bbf0 EFLAGS: 00010202 +[ 647.828973] RAX: 0000000000000001 RBX: ffff921793d10540 RCX: 000000000000001b +[ 647.830083] RDX: 00000000080000ff RSI: 0000000000000001 RDI: ffff921793d10540 +[ 647.831214] RBP: 0000000007fc0100 R08: ffffae5340c0bcd0 R09: 0000000000000003 +[ 647.832388] R10: 0000007fc0100000 R11: 0000000000100000 R12: 00000000080000ff +[ 647.833668] R13: ffffae5340c0bcd0 R14: ffff921793d10590 R15: 0000008000100000 +[ 647.834782] FS: 00007f772ec90640(0000) GS:ffff921ce7a80000(0000) knlGS:0000000000000000 +[ 647.836004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 647.836990] CR2: 00007f02c27a3a20 CR3: 0000000101b0c006 CR4: 0000000000372ee0 +[ 647.838107] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 647.839283] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 647.840666] Call Trace: +[ 647.841437] +[ 647.842107] intel_iommu_unmap_pages+0x93/0x140 +[ 647.843112] __iommu_unmap+0x91/0x1b0 +[ 647.844003] iommu_unmap+0x6a/0x95 +[ 647.844885] vhost_vdpa_unmap+0x1de/0x1f0 [vhost_vdpa] +[ 647.845985] vhost_vdpa_process_iotlb_msg+0xf0/0x90b [vhost_vdpa] +[ 647.847235] ? _raw_spin_unlock+0x15/0x30 +[ 647.848181] ? _copy_from_iter+0x8c/0x580 +[ 647.849137] vhost_chr_write_iter+0xb3/0x430 [vhost] +[ 647.850126] vfs_write+0x1e4/0x3a0 +[ 647.850897] ksys_write+0x53/0xd0 +[ 647.851688] do_syscall_64+0x3a/0x90 +[ 647.852508] entry_SYSCALL_64_after_hwframe+0x63/0xcd +[ 647.853457] RIP: 0033:0x7f7734ef9f4f +[ 647.854408] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 76 f8 ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c8 +[ 647.857217] RSP: 002b:00007f772ec8f040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 +[ 647.858486] RAX: ffffffffffffffda RBX: 00000000fef00000 RCX: 00007f7734ef9f4f +[ 647.859713] RDX: 0000000000000048 RSI: 00007f772ec8f090 RDI: 0000000000000010 +[ 647.860942] RBP: 00007f772ec8f1a0 R08: 0000000000000000 R09: 0000000000000000 +[ 647.862206] R10: 0000000000000001 R11: 0000000000000293 R12: 0000000000000010 +[ 647.863446] R13: 0000000000000002 R14: 0000000000000000 R15: ffffffff01100000 +[ 647.864692] +[ 647.865458] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs v] +[ 647.874688] ---[ end trace 0000000000000000 ]--- + +Cc: stable@vger.kernel.org +Fixes: 4c8cf31885f6 ("vhost: introduce vDPA-based backend") +Signed-off-by: Cindy Lu +Message-Id: <20221219073331.556140-1-lulu@redhat.com> +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/vhost/vdpa.c | 46 ++++++++++++++++++++++++++-------------------- + 1 file changed, 26 insertions(+), 20 deletions(-) + +--- a/drivers/vhost/vdpa.c ++++ b/drivers/vhost/vdpa.c +@@ -66,8 +66,8 @@ static DEFINE_IDA(vhost_vdpa_ida); + static dev_t vhost_vdpa_major; + + static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v, +- struct vhost_iotlb *iotlb, +- u64 start, u64 last); ++ struct vhost_iotlb *iotlb, u64 start, ++ u64 last, u32 asid); + + static inline u32 iotlb_to_asid(struct vhost_iotlb *iotlb) + { +@@ -139,7 +139,7 @@ static int vhost_vdpa_remove_as(struct v + return -EINVAL; + + hlist_del(&as->hash_link); +- vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1); ++ vhost_vdpa_iotlb_unmap(v, &as->iotlb, 0ULL, 0ULL - 1, asid); + kfree(as); + + return 0; +@@ -687,10 +687,20 @@ static long vhost_vdpa_unlocked_ioctl(st + mutex_unlock(&d->mutex); + return r; + } ++static void vhost_vdpa_general_unmap(struct vhost_vdpa *v, ++ struct vhost_iotlb_map *map, u32 asid) ++{ ++ struct vdpa_device *vdpa = v->vdpa; ++ const struct vdpa_config_ops *ops = vdpa->config; ++ if (ops->dma_map) { ++ ops->dma_unmap(vdpa, asid, map->start, map->size); ++ } else if (ops->set_map == NULL) { ++ iommu_unmap(v->domain, map->start, map->size); ++ } ++} + +-static void vhost_vdpa_pa_unmap(struct vhost_vdpa *v, +- struct vhost_iotlb *iotlb, +- u64 start, u64 last) ++static void vhost_vdpa_pa_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb, ++ u64 start, u64 last, u32 asid) + { + struct vhost_dev *dev = &v->vdev; + struct vhost_iotlb_map *map; +@@ -707,13 +717,13 @@ static void vhost_vdpa_pa_unmap(struct v + unpin_user_page(page); + } + atomic64_sub(PFN_DOWN(map->size), &dev->mm->pinned_vm); ++ vhost_vdpa_general_unmap(v, map, asid); + vhost_iotlb_map_free(iotlb, map); + } + } + +-static void vhost_vdpa_va_unmap(struct vhost_vdpa *v, +- struct vhost_iotlb *iotlb, +- u64 start, u64 last) ++static void vhost_vdpa_va_unmap(struct vhost_vdpa *v, struct vhost_iotlb *iotlb, ++ u64 start, u64 last, u32 asid) + { + struct vhost_iotlb_map *map; + struct vdpa_map_file *map_file; +@@ -722,20 +732,21 @@ static void vhost_vdpa_va_unmap(struct v + map_file = (struct vdpa_map_file *)map->opaque; + fput(map_file->file); + kfree(map_file); ++ vhost_vdpa_general_unmap(v, map, asid); + vhost_iotlb_map_free(iotlb, map); + } + } + + static void vhost_vdpa_iotlb_unmap(struct vhost_vdpa *v, +- struct vhost_iotlb *iotlb, +- u64 start, u64 last) ++ struct vhost_iotlb *iotlb, u64 start, ++ u64 last, u32 asid) + { + struct vdpa_device *vdpa = v->vdpa; + + if (vdpa->use_va) +- return vhost_vdpa_va_unmap(v, iotlb, start, last); ++ return vhost_vdpa_va_unmap(v, iotlb, start, last, asid); + +- return vhost_vdpa_pa_unmap(v, iotlb, start, last); ++ return vhost_vdpa_pa_unmap(v, iotlb, start, last, asid); + } + + static int perm_to_iommu_flags(u32 perm) +@@ -802,17 +813,12 @@ static void vhost_vdpa_unmap(struct vhos + const struct vdpa_config_ops *ops = vdpa->config; + u32 asid = iotlb_to_asid(iotlb); + +- vhost_vdpa_iotlb_unmap(v, iotlb, iova, iova + size - 1); ++ vhost_vdpa_iotlb_unmap(v, iotlb, iova, iova + size - 1, asid); + +- if (ops->dma_map) { +- ops->dma_unmap(vdpa, asid, iova, size); +- } else if (ops->set_map) { ++ if (ops->set_map) { + if (!v->in_batch) + ops->set_map(vdpa, asid, iotlb); +- } else { +- iommu_unmap(v->domain, iova, size); + } +- + /* If we are in the middle of batch processing, delay the free + * of AS until BATCH_END. + */