From: Greg Kroah-Hartman Date: Tue, 3 Nov 2020 11:16:17 +0000 (+0100) Subject: 5.9-stable patches X-Git-Tag: v4.14.204~41 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bf7419b19dccb31d708101e88ffc1d965cf1f6c9;p=thirdparty%2Fkernel%2Fstable-queue.git 5.9-stable patches added patches: irqchip-loongson-htvec-fix-initial-interrupt-clearing.patch md-fix-the-checking-of-wrong-work-queue.patch md-raid5-fix-oops-during-stripe-resizing.patch mm-memcg-slab-uncharge-during-kmem_cache_free_bulk.patch mmc-sdhci-acpi-amdi0040-set-sdhci_quirk2_preset_value_broken.patch mmc-sdhci-add-ltr-support-for-some-intel-byt-based-controllers.patch perf-amd-uncore-set-all-slices-and-threads-to-restore-perf-stat-a-behaviour.patch perf-x86-amd-fix-sampling-large-increment-per-cycle-events.patch perf-x86-amd-ibs-don-t-include-randomized-bits-in-get_ibs_op_count.patch perf-x86-amd-ibs-fix-raw-sample-data-accumulation.patch perf-x86-intel-fix-ice-lake-event-constraint-table.patch seccomp-make-duplicate-listener-detection-non-racy.patch selftests-x86-fsgsbase-test-ptrace_peekuser-for-gsbase-with-invalid-ldt-gs.patch spi-spi-mtk-nor-fix-timeout-calculation-overflow.patch spi-sprd-release-dma-channel-also-on-probe-deferral.patch vmlinux.lds.h-add-pgo-and-autofdo-input-sections.patch --- diff --git a/queue-5.9/irqchip-loongson-htvec-fix-initial-interrupt-clearing.patch b/queue-5.9/irqchip-loongson-htvec-fix-initial-interrupt-clearing.patch new file mode 100644 index 00000000000..81d235eaae9 --- /dev/null +++ b/queue-5.9/irqchip-loongson-htvec-fix-initial-interrupt-clearing.patch @@ -0,0 +1,46 @@ +From 1d1e5630de78f7253ac24b92cee6427c3ff04d56 Mon Sep 17 00:00:00 2001 +From: Huacai Chen +Date: Fri, 11 Sep 2020 18:26:18 +0800 +Subject: irqchip/loongson-htvec: Fix initial interrupt clearing + +From: Huacai Chen + +commit 1d1e5630de78f7253ac24b92cee6427c3ff04d56 upstream. + +In htvec_reset() only the first group of initial interrupts is cleared. +This sometimes causes spurious interrupts, so let's clear all groups. + +While at it, fix the nearby comment that to match the reality of what +the driver does. + +Fixes: 818e915fbac518e8c78e1877 ("irqchip: Add Loongson HyperTransport Vector support") +Signed-off-by: Huacai Chen +Signed-off-by: Marc Zyngier +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/1599819978-13999-2-git-send-email-chenhc@lemote.com +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/irqchip/irq-loongson-htvec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/irqchip/irq-loongson-htvec.c ++++ b/drivers/irqchip/irq-loongson-htvec.c +@@ -151,7 +151,7 @@ static void htvec_reset(struct htvec *pr + /* Clear IRQ cause registers, mask all interrupts */ + for (idx = 0; idx < priv->num_parents; idx++) { + writel_relaxed(0x0, priv->base + HTVEC_EN_OFF + 4 * idx); +- writel_relaxed(0xFFFFFFFF, priv->base); ++ writel_relaxed(0xFFFFFFFF, priv->base + 4 * idx); + } + } + +@@ -172,7 +172,7 @@ static int htvec_of_init(struct device_n + goto free_priv; + } + +- /* Interrupt may come from any of the 4 interrupt line */ ++ /* Interrupt may come from any of the 8 interrupt lines */ + for (i = 0; i < HTVEC_MAX_PARENT_IRQ; i++) { + parent_irq[i] = irq_of_parse_and_map(node, i); + if (parent_irq[i] <= 0) diff --git a/queue-5.9/md-fix-the-checking-of-wrong-work-queue.patch b/queue-5.9/md-fix-the-checking-of-wrong-work-queue.patch new file mode 100644 index 00000000000..c235552777d --- /dev/null +++ b/queue-5.9/md-fix-the-checking-of-wrong-work-queue.patch @@ -0,0 +1,32 @@ +From cf0b9b4821a2955f8a23813ef8f422208ced9bd7 Mon Sep 17 00:00:00 2001 +From: Guoqing Jiang +Date: Thu, 8 Oct 2020 05:19:09 +0200 +Subject: md: fix the checking of wrong work queue + +From: Guoqing Jiang + +commit cf0b9b4821a2955f8a23813ef8f422208ced9bd7 upstream. + +It should check md_rdev_misc_wq instead of md_misc_wq. + +Fixes: cc1ffe61c026 ("md: add new workqueue for delete rdev") +Cc: # v5.8+ +Signed-off-by: Guoqing Jiang +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/md.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -9545,7 +9545,7 @@ static int __init md_init(void) + goto err_misc_wq; + + md_rdev_misc_wq = alloc_workqueue("md_rdev_misc", 0, 0); +- if (!md_misc_wq) ++ if (!md_rdev_misc_wq) + goto err_rdev_misc_wq; + + if ((ret = register_blkdev(MD_MAJOR, "md")) < 0) diff --git a/queue-5.9/md-raid5-fix-oops-during-stripe-resizing.patch b/queue-5.9/md-raid5-fix-oops-during-stripe-resizing.patch new file mode 100644 index 00000000000..83220210996 --- /dev/null +++ b/queue-5.9/md-raid5-fix-oops-during-stripe-resizing.patch @@ -0,0 +1,75 @@ +From b44c018cdf748b96b676ba09fdbc5b34fc443ada Mon Sep 17 00:00:00 2001 +From: Song Liu +Date: Mon, 5 Oct 2020 09:35:21 -0700 +Subject: md/raid5: fix oops during stripe resizing + +From: Song Liu + +commit b44c018cdf748b96b676ba09fdbc5b34fc443ada upstream. + +KoWei reported crash during raid5 reshape: + +[ 1032.252932] Oops: 0002 [#1] SMP PTI +[...] +[ 1032.252943] RIP: 0010:memcpy_erms+0x6/0x10 +[...] +[ 1032.252947] RSP: 0018:ffffba1ac0c03b78 EFLAGS: 00010286 +[ 1032.252949] RAX: 0000784ac0000000 RBX: ffff91bec3d09740 RCX: 0000000000001000 +[ 1032.252951] RDX: 0000000000001000 RSI: ffff91be6781c000 RDI: 0000784ac0000000 +[ 1032.252953] RBP: ffffba1ac0c03bd8 R08: 0000000000001000 R09: ffffba1ac0c03bf8 +[ 1032.252954] R10: 0000000000000000 R11: 0000000000000000 R12: ffffba1ac0c03bf8 +[ 1032.252955] R13: 0000000000001000 R14: 0000000000000000 R15: 0000000000000000 +[ 1032.252958] FS: 0000000000000000(0000) GS:ffff91becf500000(0000) knlGS:0000000000000000 +[ 1032.252959] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1032.252961] CR2: 0000784ac0000000 CR3: 000000031780a002 CR4: 00000000001606e0 +[ 1032.252962] Call Trace: +[ 1032.252969] ? async_memcpy+0x179/0x1000 [async_memcpy] +[ 1032.252977] ? raid5_release_stripe+0x8e/0x110 [raid456] +[ 1032.252982] handle_stripe_expansion+0x15a/0x1f0 [raid456] +[ 1032.252988] handle_stripe+0x592/0x1270 [raid456] +[ 1032.252993] handle_active_stripes.isra.0+0x3cb/0x5a0 [raid456] +[ 1032.252999] raid5d+0x35c/0x550 [raid456] +[ 1032.253002] ? schedule+0x42/0xb0 +[ 1032.253006] ? schedule_timeout+0x10e/0x160 +[ 1032.253011] md_thread+0x97/0x160 +[ 1032.253015] ? wait_woken+0x80/0x80 +[ 1032.253019] kthread+0x104/0x140 +[ 1032.253022] ? md_start_sync+0x60/0x60 +[ 1032.253024] ? kthread_park+0x90/0x90 +[ 1032.253027] ret_from_fork+0x35/0x40 + +This is because cache_size_mutex was unlocked too early in resize_stripes, +which races with grow_one_stripe() that grow_one_stripe() allocates a +stripe with wrong pool_size. + +Fix this issue by unlocking cache_size_mutex after updating pool_size. + +Cc: # v4.4+ +Reported-by: KoWei Sung +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/raid5.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -2429,8 +2429,6 @@ static int resize_stripes(struct r5conf + } else + err = -ENOMEM; + +- mutex_unlock(&conf->cache_size_mutex); +- + conf->slab_cache = sc; + conf->active_name = 1-conf->active_name; + +@@ -2453,6 +2451,8 @@ static int resize_stripes(struct r5conf + + if (!err) + conf->pool_size = newsize; ++ mutex_unlock(&conf->cache_size_mutex); ++ + return err; + } + diff --git a/queue-5.9/mm-memcg-slab-uncharge-during-kmem_cache_free_bulk.patch b/queue-5.9/mm-memcg-slab-uncharge-during-kmem_cache_free_bulk.patch new file mode 100644 index 00000000000..373c7261ff2 --- /dev/null +++ b/queue-5.9/mm-memcg-slab-uncharge-during-kmem_cache_free_bulk.patch @@ -0,0 +1,143 @@ +From d1b2cf6cb84a9bd0de6f151512648dd1af82f80f Mon Sep 17 00:00:00 2001 +From: Bharata B Rao +Date: Tue, 13 Oct 2020 16:53:09 -0700 +Subject: mm: memcg/slab: uncharge during kmem_cache_free_bulk() + +From: Bharata B Rao + +commit d1b2cf6cb84a9bd0de6f151512648dd1af82f80f upstream. + +Object cgroup charging is done for all the objects during allocation, but +during freeing, uncharging ends up happening for only one object in the +case of bulk allocation/freeing. + +Fix this by having a separate call to uncharge all the objects from +kmem_cache_free_bulk() and by modifying memcg_slab_free_hook() to take +care of bulk uncharging. + +Fixes: 964d4bd370d5 ("mm: memcg/slab: save obj_cgroup for non-root slab objects" +Signed-off-by: Bharata B Rao +Signed-off-by: Andrew Morton +Acked-by: Roman Gushchin +Cc: Christoph Lameter +Cc: David Rientjes +Cc: Joonsoo Kim +Cc: Vlastimil Babka +Cc: Shakeel Butt +Cc: Johannes Weiner +Cc: Michal Hocko +Cc: Tejun Heo +Cc: +Link: https://lkml.kernel.org/r/20201009060423.390479-1-bharata@linux.ibm.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/slab.c | 2 +- + mm/slab.h | 50 +++++++++++++++++++++++++++++++------------------- + mm/slub.c | 3 ++- + 3 files changed, 34 insertions(+), 21 deletions(-) + +--- a/mm/slab.c ++++ b/mm/slab.c +@@ -3440,7 +3440,7 @@ void ___cache_free(struct kmem_cache *ca + memset(objp, 0, cachep->object_size); + kmemleak_free_recursive(objp, cachep->flags); + objp = cache_free_debugcheck(cachep, objp, caller); +- memcg_slab_free_hook(cachep, virt_to_head_page(objp), objp); ++ memcg_slab_free_hook(cachep, &objp, 1); + + /* + * Skip calling cache_free_alien() when the platform is not numa. +--- a/mm/slab.h ++++ b/mm/slab.h +@@ -345,30 +345,42 @@ static inline void memcg_slab_post_alloc + obj_cgroup_put(objcg); + } + +-static inline void memcg_slab_free_hook(struct kmem_cache *s, struct page *page, +- void *p) ++static inline void memcg_slab_free_hook(struct kmem_cache *s_orig, ++ void **p, int objects) + { ++ struct kmem_cache *s; + struct obj_cgroup *objcg; ++ struct page *page; + unsigned int off; ++ int i; + + if (!memcg_kmem_enabled()) + return; + +- if (!page_has_obj_cgroups(page)) +- return; +- +- off = obj_to_index(s, page, p); +- objcg = page_obj_cgroups(page)[off]; +- page_obj_cgroups(page)[off] = NULL; +- +- if (!objcg) +- return; +- +- obj_cgroup_uncharge(objcg, obj_full_size(s)); +- mod_objcg_state(objcg, page_pgdat(page), cache_vmstat_idx(s), +- -obj_full_size(s)); +- +- obj_cgroup_put(objcg); ++ for (i = 0; i < objects; i++) { ++ if (unlikely(!p[i])) ++ continue; ++ ++ page = virt_to_head_page(p[i]); ++ if (!page_has_obj_cgroups(page)) ++ continue; ++ ++ if (!s_orig) ++ s = page->slab_cache; ++ else ++ s = s_orig; ++ ++ off = obj_to_index(s, page, p[i]); ++ objcg = page_obj_cgroups(page)[off]; ++ if (!objcg) ++ continue; ++ ++ page_obj_cgroups(page)[off] = NULL; ++ obj_cgroup_uncharge(objcg, obj_full_size(s)); ++ mod_objcg_state(objcg, page_pgdat(page), cache_vmstat_idx(s), ++ -obj_full_size(s)); ++ obj_cgroup_put(objcg); ++ } + } + + #else /* CONFIG_MEMCG_KMEM */ +@@ -406,8 +418,8 @@ static inline void memcg_slab_post_alloc + { + } + +-static inline void memcg_slab_free_hook(struct kmem_cache *s, struct page *page, +- void *p) ++static inline void memcg_slab_free_hook(struct kmem_cache *s, ++ void **p, int objects) + { + } + #endif /* CONFIG_MEMCG_KMEM */ +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -3091,7 +3091,7 @@ static __always_inline void do_slab_free + struct kmem_cache_cpu *c; + unsigned long tid; + +- memcg_slab_free_hook(s, page, head); ++ memcg_slab_free_hook(s, &head, 1); + redo: + /* + * Determine the currently cpus per cpu slab. +@@ -3253,6 +3253,7 @@ void kmem_cache_free_bulk(struct kmem_ca + if (WARN_ON(!size)) + return; + ++ memcg_slab_free_hook(s, p, size); + do { + struct detached_freelist df; + diff --git a/queue-5.9/mmc-sdhci-acpi-amdi0040-set-sdhci_quirk2_preset_value_broken.patch b/queue-5.9/mmc-sdhci-acpi-amdi0040-set-sdhci_quirk2_preset_value_broken.patch new file mode 100644 index 00000000000..f4d5b06a2e1 --- /dev/null +++ b/queue-5.9/mmc-sdhci-acpi-amdi0040-set-sdhci_quirk2_preset_value_broken.patch @@ -0,0 +1,80 @@ +From f23cc3ba491af77395cea3f9d51204398729f26b Mon Sep 17 00:00:00 2001 +From: Raul E Rangel +Date: Mon, 28 Sep 2020 15:59:20 -0600 +Subject: mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN + +From: Raul E Rangel + +commit f23cc3ba491af77395cea3f9d51204398729f26b upstream. + +This change fixes HS400 tuning for devices with invalid presets. + +SDHCI presets are not currently used for eMMC HS/HS200/HS400, but are +used for DDR52. The HS400 retuning sequence is: + + HS400->DDR52->HS->HS200->Perform Tuning->HS->HS400 + +This means that when HS400 tuning happens, we transition through DDR52 +for a very brief period. This causes presets to be enabled +unintentionally and stay enabled when transitioning back to HS200 or +HS400. Some firmware has invalid presets, so we end up with driver +strengths that can cause I/O problems. + +Fixes: 34597a3f60b1 ("mmc: sdhci-acpi: Add support for ACPI HID of AMD Controller with HS400") +Signed-off-by: Raul E Rangel +Acked-by: Adrian Hunter +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200928154718.1.Icc21d4b2f354e83e26e57e270dc952f5fe0b0a40@changeid +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci-acpi.c | 37 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 37 insertions(+) + +--- a/drivers/mmc/host/sdhci-acpi.c ++++ b/drivers/mmc/host/sdhci-acpi.c +@@ -662,6 +662,43 @@ static int sdhci_acpi_emmc_amd_probe_slo + (host->mmc->caps & MMC_CAP_1_8V_DDR)) + host->mmc->caps2 = MMC_CAP2_HS400_1_8V; + ++ /* ++ * There are two types of presets out in the wild: ++ * 1) Default/broken presets. ++ * These presets have two sets of problems: ++ * a) The clock divisor for SDR12, SDR25, and SDR50 is too small. ++ * This results in clock frequencies that are 2x higher than ++ * acceptable. i.e., SDR12 = 25 MHz, SDR25 = 50 MHz, SDR50 = ++ * 100 MHz.x ++ * b) The HS200 and HS400 driver strengths don't match. ++ * By default, the SDR104 preset register has a driver strength of ++ * A, but the (internal) HS400 preset register has a driver ++ * strength of B. As part of initializing HS400, HS200 tuning ++ * needs to be performed. Having different driver strengths ++ * between tuning and operation is wrong. It results in different ++ * rise/fall times that lead to incorrect sampling. ++ * 2) Firmware with properly initialized presets. ++ * These presets have proper clock divisors. i.e., SDR12 => 12MHz, ++ * SDR25 => 25 MHz, SDR50 => 50 MHz. Additionally the HS200 and ++ * HS400 preset driver strengths match. ++ * ++ * Enabling presets for HS400 doesn't work for the following reasons: ++ * 1) sdhci_set_ios has a hard coded list of timings that are used ++ * to determine if presets should be enabled. ++ * 2) sdhci_get_preset_value is using a non-standard register to ++ * read out HS400 presets. The AMD controller doesn't support this ++ * non-standard register. In fact, it doesn't expose the HS400 ++ * preset register anywhere in the SDHCI memory map. This results ++ * in reading a garbage value and using the wrong presets. ++ * ++ * Since HS400 and HS200 presets must be identical, we could ++ * instead use the the SDR104 preset register. ++ * ++ * If the above issues are resolved we could remove this quirk for ++ * firmware that that has valid presets (i.e., SDR12 <= 12 MHz). ++ */ ++ host->quirks2 |= SDHCI_QUIRK2_PRESET_VALUE_BROKEN; ++ + host->mmc_host_ops.select_drive_strength = amd_select_drive_strength; + host->mmc_host_ops.set_ios = amd_set_ios; + host->mmc_host_ops.execute_tuning = amd_sdhci_execute_tuning; diff --git a/queue-5.9/mmc-sdhci-add-ltr-support-for-some-intel-byt-based-controllers.patch b/queue-5.9/mmc-sdhci-add-ltr-support-for-some-intel-byt-based-controllers.patch new file mode 100644 index 00000000000..1da9b7c3d85 --- /dev/null +++ b/queue-5.9/mmc-sdhci-add-ltr-support-for-some-intel-byt-based-controllers.patch @@ -0,0 +1,252 @@ +From 46f4a69ec8ed6ab9f6a6172afe50df792c8bc1b6 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Tue, 18 Aug 2020 13:45:08 +0300 +Subject: mmc: sdhci: Add LTR support for some Intel BYT based controllers + +From: Adrian Hunter + +commit 46f4a69ec8ed6ab9f6a6172afe50df792c8bc1b6 upstream. + +Some Intel BYT based host controllers support the setting of latency +tolerance. Accordingly, implement the PM QoS ->set_latency_tolerance() +callback. The raw register values are also exposed via debugfs. + +Intel EHL controllers require this support. + +Signed-off-by: Adrian Hunter +Fixes: cb3a7d4a0aec4e ("mmc: sdhci-pci: Add support for Intel EHL") +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200818104508.7149-1-adrian.hunter@intel.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci-pci-core.c | 154 ++++++++++++++++++++++++++++++++++++++ + 1 file changed, 154 insertions(+) + +--- a/drivers/mmc/host/sdhci-pci-core.c ++++ b/drivers/mmc/host/sdhci-pci-core.c +@@ -24,6 +24,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -516,6 +518,8 @@ struct intel_host { + bool rpm_retune_ok; + u32 glk_rx_ctrl1; + u32 glk_tun_val; ++ u32 active_ltr; ++ u32 idle_ltr; + }; + + static const guid_t intel_dsm_guid = +@@ -760,6 +764,108 @@ static int intel_execute_tuning(struct m + return 0; + } + ++#define INTEL_ACTIVELTR 0x804 ++#define INTEL_IDLELTR 0x808 ++ ++#define INTEL_LTR_REQ BIT(15) ++#define INTEL_LTR_SCALE_MASK GENMASK(11, 10) ++#define INTEL_LTR_SCALE_1US (2 << 10) ++#define INTEL_LTR_SCALE_32US (3 << 10) ++#define INTEL_LTR_VALUE_MASK GENMASK(9, 0) ++ ++static void intel_cache_ltr(struct sdhci_pci_slot *slot) ++{ ++ struct intel_host *intel_host = sdhci_pci_priv(slot); ++ struct sdhci_host *host = slot->host; ++ ++ intel_host->active_ltr = readl(host->ioaddr + INTEL_ACTIVELTR); ++ intel_host->idle_ltr = readl(host->ioaddr + INTEL_IDLELTR); ++} ++ ++static void intel_ltr_set(struct device *dev, s32 val) ++{ ++ struct sdhci_pci_chip *chip = dev_get_drvdata(dev); ++ struct sdhci_pci_slot *slot = chip->slots[0]; ++ struct intel_host *intel_host = sdhci_pci_priv(slot); ++ struct sdhci_host *host = slot->host; ++ u32 ltr; ++ ++ pm_runtime_get_sync(dev); ++ ++ /* ++ * Program latency tolerance (LTR) accordingly what has been asked ++ * by the PM QoS layer or disable it in case we were passed ++ * negative value or PM_QOS_LATENCY_ANY. ++ */ ++ ltr = readl(host->ioaddr + INTEL_ACTIVELTR); ++ ++ if (val == PM_QOS_LATENCY_ANY || val < 0) { ++ ltr &= ~INTEL_LTR_REQ; ++ } else { ++ ltr |= INTEL_LTR_REQ; ++ ltr &= ~INTEL_LTR_SCALE_MASK; ++ ltr &= ~INTEL_LTR_VALUE_MASK; ++ ++ if (val > INTEL_LTR_VALUE_MASK) { ++ val >>= 5; ++ if (val > INTEL_LTR_VALUE_MASK) ++ val = INTEL_LTR_VALUE_MASK; ++ ltr |= INTEL_LTR_SCALE_32US | val; ++ } else { ++ ltr |= INTEL_LTR_SCALE_1US | val; ++ } ++ } ++ ++ if (ltr == intel_host->active_ltr) ++ goto out; ++ ++ writel(ltr, host->ioaddr + INTEL_ACTIVELTR); ++ writel(ltr, host->ioaddr + INTEL_IDLELTR); ++ ++ /* Cache the values into lpss structure */ ++ intel_cache_ltr(slot); ++out: ++ pm_runtime_put_autosuspend(dev); ++} ++ ++static bool intel_use_ltr(struct sdhci_pci_chip *chip) ++{ ++ switch (chip->pdev->device) { ++ case PCI_DEVICE_ID_INTEL_BYT_EMMC: ++ case PCI_DEVICE_ID_INTEL_BYT_EMMC2: ++ case PCI_DEVICE_ID_INTEL_BYT_SDIO: ++ case PCI_DEVICE_ID_INTEL_BYT_SD: ++ case PCI_DEVICE_ID_INTEL_BSW_EMMC: ++ case PCI_DEVICE_ID_INTEL_BSW_SDIO: ++ case PCI_DEVICE_ID_INTEL_BSW_SD: ++ return false; ++ default: ++ return true; ++ } ++} ++ ++static void intel_ltr_expose(struct sdhci_pci_chip *chip) ++{ ++ struct device *dev = &chip->pdev->dev; ++ ++ if (!intel_use_ltr(chip)) ++ return; ++ ++ dev->power.set_latency_tolerance = intel_ltr_set; ++ dev_pm_qos_expose_latency_tolerance(dev); ++} ++ ++static void intel_ltr_hide(struct sdhci_pci_chip *chip) ++{ ++ struct device *dev = &chip->pdev->dev; ++ ++ if (!intel_use_ltr(chip)) ++ return; ++ ++ dev_pm_qos_hide_latency_tolerance(dev); ++ dev->power.set_latency_tolerance = NULL; ++} ++ + static void byt_probe_slot(struct sdhci_pci_slot *slot) + { + struct mmc_host_ops *ops = &slot->host->mmc_host_ops; +@@ -774,6 +880,43 @@ static void byt_probe_slot(struct sdhci_ + ops->start_signal_voltage_switch = intel_start_signal_voltage_switch; + + device_property_read_u32(dev, "max-frequency", &mmc->f_max); ++ ++ if (!mmc->slotno) { ++ slot->chip->slots[mmc->slotno] = slot; ++ intel_ltr_expose(slot->chip); ++ } ++} ++ ++static void byt_add_debugfs(struct sdhci_pci_slot *slot) ++{ ++ struct intel_host *intel_host = sdhci_pci_priv(slot); ++ struct mmc_host *mmc = slot->host->mmc; ++ struct dentry *dir = mmc->debugfs_root; ++ ++ if (!intel_use_ltr(slot->chip)) ++ return; ++ ++ debugfs_create_x32("active_ltr", 0444, dir, &intel_host->active_ltr); ++ debugfs_create_x32("idle_ltr", 0444, dir, &intel_host->idle_ltr); ++ ++ intel_cache_ltr(slot); ++} ++ ++static int byt_add_host(struct sdhci_pci_slot *slot) ++{ ++ int ret = sdhci_add_host(slot->host); ++ ++ if (!ret) ++ byt_add_debugfs(slot); ++ return ret; ++} ++ ++static void byt_remove_slot(struct sdhci_pci_slot *slot, int dead) ++{ ++ struct mmc_host *mmc = slot->host->mmc; ++ ++ if (!mmc->slotno) ++ intel_ltr_hide(slot->chip); + } + + static int byt_emmc_probe_slot(struct sdhci_pci_slot *slot) +@@ -855,6 +998,8 @@ static int glk_emmc_add_host(struct sdhc + if (ret) + goto cleanup; + ++ byt_add_debugfs(slot); ++ + return 0; + + cleanup: +@@ -1032,6 +1177,8 @@ static const struct sdhci_pci_fixes sdhc + #endif + .allow_runtime_pm = true, + .probe_slot = byt_emmc_probe_slot, ++ .add_host = byt_add_host, ++ .remove_slot = byt_remove_slot, + .quirks = SDHCI_QUIRK_NO_ENDATTR_IN_NOPDESC | + SDHCI_QUIRK_NO_LED, + .quirks2 = SDHCI_QUIRK2_PRESET_VALUE_BROKEN | +@@ -1045,6 +1192,7 @@ static const struct sdhci_pci_fixes sdhc + .allow_runtime_pm = true, + .probe_slot = glk_emmc_probe_slot, + .add_host = glk_emmc_add_host, ++ .remove_slot = byt_remove_slot, + #ifdef CONFIG_PM_SLEEP + .suspend = sdhci_cqhci_suspend, + .resume = sdhci_cqhci_resume, +@@ -1075,6 +1223,8 @@ static const struct sdhci_pci_fixes sdhc + SDHCI_QUIRK2_PRESET_VALUE_BROKEN, + .allow_runtime_pm = true, + .probe_slot = ni_byt_sdio_probe_slot, ++ .add_host = byt_add_host, ++ .remove_slot = byt_remove_slot, + .ops = &sdhci_intel_byt_ops, + .priv_size = sizeof(struct intel_host), + }; +@@ -1092,6 +1242,8 @@ static const struct sdhci_pci_fixes sdhc + SDHCI_QUIRK2_PRESET_VALUE_BROKEN, + .allow_runtime_pm = true, + .probe_slot = byt_sdio_probe_slot, ++ .add_host = byt_add_host, ++ .remove_slot = byt_remove_slot, + .ops = &sdhci_intel_byt_ops, + .priv_size = sizeof(struct intel_host), + }; +@@ -1111,6 +1263,8 @@ static const struct sdhci_pci_fixes sdhc + .allow_runtime_pm = true, + .own_cd_for_runtime_pm = true, + .probe_slot = byt_sd_probe_slot, ++ .add_host = byt_add_host, ++ .remove_slot = byt_remove_slot, + .ops = &sdhci_intel_byt_ops, + .priv_size = sizeof(struct intel_host), + }; diff --git a/queue-5.9/perf-amd-uncore-set-all-slices-and-threads-to-restore-perf-stat-a-behaviour.patch b/queue-5.9/perf-amd-uncore-set-all-slices-and-threads-to-restore-perf-stat-a-behaviour.patch new file mode 100644 index 00000000000..d79f0da913a --- /dev/null +++ b/queue-5.9/perf-amd-uncore-set-all-slices-and-threads-to-restore-perf-stat-a-behaviour.patch @@ -0,0 +1,101 @@ +From c8fe99d0701fec9fb849ec880a86bc5592530496 Mon Sep 17 00:00:00 2001 +From: Kim Phillips +Date: Tue, 8 Sep 2020 16:47:34 -0500 +Subject: perf/amd/uncore: Set all slices and threads to restore perf stat -a behaviour + +From: Kim Phillips + +commit c8fe99d0701fec9fb849ec880a86bc5592530496 upstream. + +Commit 2f217d58a8a0 ("perf/x86/amd/uncore: Set the thread mask for +F17h L3 PMCs") inadvertently changed the uncore driver's behaviour +wrt perf tool invocations with or without a CPU list, specified with +-C / --cpu=. + +Change the behaviour of the driver to assume the former all-cpu (-a) +case, which is the more commonly desired default. This fixes +'-a -A' invocations without explicit cpu lists (-C) to not count +L3 events only on behalf of the first thread of the first core +in the L3 domain. + +BEFORE: + +Activity performed by the first thread of the last core (CPU#43) in +CPU#40's L3 domain is not reported by CPU#40: + +sudo perf stat -a -A -e l3_request_g1.caching_l3_cache_accesses taskset -c 43 perf bench mem memcpy -s 32mb -l 100 -f default +... +CPU36 21,835 l3_request_g1.caching_l3_cache_accesses +CPU40 87,066 l3_request_g1.caching_l3_cache_accesses +CPU44 17,360 l3_request_g1.caching_l3_cache_accesses +... + +AFTER: + +The L3 domain activity is now reported by CPU#40: + +sudo perf stat -a -A -e l3_request_g1.caching_l3_cache_accesses taskset -c 43 perf bench mem memcpy -s 32mb -l 100 -f default +... +CPU36 354,891 l3_request_g1.caching_l3_cache_accesses +CPU40 1,780,870 l3_request_g1.caching_l3_cache_accesses +CPU44 315,062 l3_request_g1.caching_l3_cache_accesses +... + +Fixes: 2f217d58a8a0 ("perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs") +Signed-off-by: Kim Phillips +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20200908214740.18097-2-kim.phillips@amd.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/events/amd/uncore.c | 28 ++++++++-------------------- + 1 file changed, 8 insertions(+), 20 deletions(-) + +--- a/arch/x86/events/amd/uncore.c ++++ b/arch/x86/events/amd/uncore.c +@@ -181,28 +181,16 @@ static void amd_uncore_del(struct perf_e + } + + /* +- * Convert logical CPU number to L3 PMC Config ThreadMask format ++ * Return a full thread and slice mask until per-CPU is ++ * properly supported. + */ +-static u64 l3_thread_slice_mask(int cpu) ++static u64 l3_thread_slice_mask(void) + { +- u64 thread_mask, core = topology_core_id(cpu); +- unsigned int shift, thread = 0; ++ if (boot_cpu_data.x86 <= 0x18) ++ return AMD64_L3_SLICE_MASK | AMD64_L3_THREAD_MASK; + +- if (topology_smt_supported() && !topology_is_primary_thread(cpu)) +- thread = 1; +- +- if (boot_cpu_data.x86 <= 0x18) { +- shift = AMD64_L3_THREAD_SHIFT + 2 * (core % 4) + thread; +- thread_mask = BIT_ULL(shift); +- +- return AMD64_L3_SLICE_MASK | thread_mask; +- } +- +- core = (core << AMD64_L3_COREID_SHIFT) & AMD64_L3_COREID_MASK; +- shift = AMD64_L3_THREAD_SHIFT + thread; +- thread_mask = BIT_ULL(shift); +- +- return AMD64_L3_EN_ALL_SLICES | core | thread_mask; ++ return AMD64_L3_EN_ALL_SLICES | AMD64_L3_EN_ALL_CORES | ++ AMD64_L3_F19H_THREAD_MASK; + } + + static int amd_uncore_event_init(struct perf_event *event) +@@ -232,7 +220,7 @@ static int amd_uncore_event_init(struct + * For other events, the two fields do not affect the count. + */ + if (l3_mask && is_llc_event(event)) +- hwc->config |= l3_thread_slice_mask(event->cpu); ++ hwc->config |= l3_thread_slice_mask(); + + uncore = event_to_amd_uncore(event); + if (!uncore) diff --git a/queue-5.9/perf-x86-amd-fix-sampling-large-increment-per-cycle-events.patch b/queue-5.9/perf-x86-amd-fix-sampling-large-increment-per-cycle-events.patch new file mode 100644 index 00000000000..e329f8e06cb --- /dev/null +++ b/queue-5.9/perf-x86-amd-fix-sampling-large-increment-per-cycle-events.patch @@ -0,0 +1,48 @@ +From 26e52558ead4b39c0e0fe7bf08f82f5a9777a412 Mon Sep 17 00:00:00 2001 +From: Kim Phillips +Date: Tue, 8 Sep 2020 16:47:35 -0500 +Subject: perf/x86/amd: Fix sampling Large Increment per Cycle events + +From: Kim Phillips + +commit 26e52558ead4b39c0e0fe7bf08f82f5a9777a412 upstream. + +Commit 5738891229a2 ("perf/x86/amd: Add support for Large Increment +per Cycle Events") mistakenly zeroes the upper 16 bits of the count +in set_period(). That's fine for counting with perf stat, but not +sampling with perf record when only Large Increment events are being +sampled. To enable sampling, we sign extend the upper 16 bits of the +merged counter pair as described in the Family 17h PPRs: + +"Software wanting to preload a value to a merged counter pair writes the +high-order 16-bit value to the low-order 16 bits of the odd counter and +then writes the low-order 48-bit value to the even counter. Reading the +even counter of the merged counter pair returns the full 64-bit value." + +Fixes: 5738891229a2 ("perf/x86/amd: Add support for Large Increment per Cycle Events") +Signed-off-by: Kim Phillips +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/events/core.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/events/core.c ++++ b/arch/x86/events/core.c +@@ -1286,11 +1286,11 @@ int x86_perf_event_set_period(struct per + wrmsrl(hwc->event_base, (u64)(-left) & x86_pmu.cntval_mask); + + /* +- * Clear the Merge event counter's upper 16 bits since ++ * Sign extend the Merge event counter's upper 16 bits since + * we currently declare a 48-bit counter width + */ + if (is_counter_pair(hwc)) +- wrmsrl(x86_pmu_event_addr(idx + 1), 0); ++ wrmsrl(x86_pmu_event_addr(idx + 1), 0xffff); + + /* + * Due to erratum on certan cpu we need diff --git a/queue-5.9/perf-x86-amd-ibs-don-t-include-randomized-bits-in-get_ibs_op_count.patch b/queue-5.9/perf-x86-amd-ibs-don-t-include-randomized-bits-in-get_ibs_op_count.patch new file mode 100644 index 00000000000..6b1ad3207cb --- /dev/null +++ b/queue-5.9/perf-x86-amd-ibs-don-t-include-randomized-bits-in-get_ibs_op_count.patch @@ -0,0 +1,51 @@ +From 680d69635005ba0e58fe3f4c52fc162b8fc743b0 Mon Sep 17 00:00:00 2001 +From: Kim Phillips +Date: Tue, 8 Sep 2020 16:47:37 -0500 +Subject: perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count() + +From: Kim Phillips + +commit 680d69635005ba0e58fe3f4c52fc162b8fc743b0 upstream. + +get_ibs_op_count() adds hardware's current count (IbsOpCurCnt) bits +to its count regardless of hardware's valid status. + +According to the PPR for AMD Family 17h Model 31h B0 55803 Rev 0.54, +if the counter rolls over, valid status is set, and the lower 7 bits +of IbsOpCurCnt are randomized by hardware. + +Don't include those bits in the driver's event count. + +Fixes: 8b1e13638d46 ("perf/x86-ibs: Fix usage of IBS op current count") +Signed-off-by: Kim Phillips +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/events/amd/ibs.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/arch/x86/events/amd/ibs.c ++++ b/arch/x86/events/amd/ibs.c +@@ -335,11 +335,15 @@ static u64 get_ibs_op_count(u64 config) + { + u64 count = 0; + ++ /* ++ * If the internal 27-bit counter rolled over, the count is MaxCnt ++ * and the lower 7 bits of CurCnt are randomized. ++ * Otherwise CurCnt has the full 27-bit current counter value. ++ */ + if (config & IBS_OP_VAL) +- count += (config & IBS_OP_MAX_CNT) << 4; /* cnt rolled over */ +- +- if (ibs_caps & IBS_CAPS_RDWROPCNT) +- count += (config & IBS_OP_CUR_CNT) >> 32; ++ count = (config & IBS_OP_MAX_CNT) << 4; ++ else if (ibs_caps & IBS_CAPS_RDWROPCNT) ++ count = (config & IBS_OP_CUR_CNT) >> 32; + + return count; + } diff --git a/queue-5.9/perf-x86-amd-ibs-fix-raw-sample-data-accumulation.patch b/queue-5.9/perf-x86-amd-ibs-fix-raw-sample-data-accumulation.patch new file mode 100644 index 00000000000..4fadffb88e7 --- /dev/null +++ b/queue-5.9/perf-x86-amd-ibs-fix-raw-sample-data-accumulation.patch @@ -0,0 +1,80 @@ +From 36e1be8ada994d509538b3b1d0af8b63c351e729 Mon Sep 17 00:00:00 2001 +From: Kim Phillips +Date: Tue, 8 Sep 2020 16:47:38 -0500 +Subject: perf/x86/amd/ibs: Fix raw sample data accumulation + +From: Kim Phillips + +commit 36e1be8ada994d509538b3b1d0af8b63c351e729 upstream. + +Neither IbsBrTarget nor OPDATA4 are populated in IBS Fetch mode. +Don't accumulate them into raw sample user data in that case. + +Also, in Fetch mode, add saving the IBS Fetch Control Extended MSR. + +Technically, there is an ABI change here with respect to the IBS raw +sample data format, but I don't see any perf driver version information +being included in perf.data file headers, but, existing users can detect +whether the size of the sample record has reduced by 8 bytes to +determine whether the IBS driver has this fix. + +Fixes: 904cb3677f3a ("perf/x86/amd/ibs: Update IBS MSRs and feature definitions") +Reported-by: Stephane Eranian +Signed-off-by: Kim Phillips +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20200908214740.18097-6-kim.phillips@amd.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/events/amd/ibs.c | 26 ++++++++++++++++---------- + arch/x86/include/asm/msr-index.h | 1 + + 2 files changed, 17 insertions(+), 10 deletions(-) + +--- a/arch/x86/events/amd/ibs.c ++++ b/arch/x86/events/amd/ibs.c +@@ -636,18 +636,24 @@ fail: + perf_ibs->offset_max, + offset + 1); + } while (offset < offset_max); ++ /* ++ * Read IbsBrTarget, IbsOpData4, and IbsExtdCtl separately ++ * depending on their availability. ++ * Can't add to offset_max as they are staggered ++ */ + if (event->attr.sample_type & PERF_SAMPLE_RAW) { +- /* +- * Read IbsBrTarget and IbsOpData4 separately +- * depending on their availability. +- * Can't add to offset_max as they are staggered +- */ +- if (ibs_caps & IBS_CAPS_BRNTRGT) { +- rdmsrl(MSR_AMD64_IBSBRTARGET, *buf++); +- size++; ++ if (perf_ibs == &perf_ibs_op) { ++ if (ibs_caps & IBS_CAPS_BRNTRGT) { ++ rdmsrl(MSR_AMD64_IBSBRTARGET, *buf++); ++ size++; ++ } ++ if (ibs_caps & IBS_CAPS_OPDATA4) { ++ rdmsrl(MSR_AMD64_IBSOPDATA4, *buf++); ++ size++; ++ } + } +- if (ibs_caps & IBS_CAPS_OPDATA4) { +- rdmsrl(MSR_AMD64_IBSOPDATA4, *buf++); ++ if (perf_ibs == &perf_ibs_fetch && (ibs_caps & IBS_CAPS_FETCHCTLEXTD)) { ++ rdmsrl(MSR_AMD64_ICIBSEXTDCTL, *buf++); + size++; + } + } +--- a/arch/x86/include/asm/msr-index.h ++++ b/arch/x86/include/asm/msr-index.h +@@ -464,6 +464,7 @@ + #define MSR_AMD64_IBSOP_REG_MASK ((1UL< +Date: Mon, 28 Sep 2020 06:47:26 -0700 +Subject: perf/x86/intel: Fix Ice Lake event constraint table + +From: Kan Liang + +commit 010cb00265f150bf82b23c02ad1fb87ce5c781e1 upstream. + +An error occues when sampling non-PEBS INST_RETIRED.PREC_DIST(0x01c0) +event. + + perf record -e cpu/event=0xc0,umask=0x01/ -- sleep 1 + Error: + The sys_perf_event_open() syscall returned with 22 (Invalid argument) + for event (cpu/event=0xc0,umask=0x01/). + /bin/dmesg | grep -i perf may provide additional information. + +The idxmsk64 of the event is set to 0. The event never be successfully +scheduled. + +The event should be limit to the fixed counter 0. + +Fixes: 6017608936c1 ("perf/x86/intel: Add Icelake support") +Reported-by: Yi, Ammy +Signed-off-by: Kan Liang +Signed-off-by: Peter Zijlstra (Intel) +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20200928134726.13090-1-kan.liang@linux.intel.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/events/intel/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/events/intel/core.c ++++ b/arch/x86/events/intel/core.c +@@ -243,7 +243,7 @@ static struct extra_reg intel_skl_extra_ + + static struct event_constraint intel_icl_event_constraints[] = { + FIXED_EVENT_CONSTRAINT(0x00c0, 0), /* INST_RETIRED.ANY */ +- INTEL_UEVENT_CONSTRAINT(0x1c0, 0), /* INST_RETIRED.PREC_DIST */ ++ FIXED_EVENT_CONSTRAINT(0x01c0, 0), /* INST_RETIRED.PREC_DIST */ + FIXED_EVENT_CONSTRAINT(0x003c, 1), /* CPU_CLK_UNHALTED.CORE */ + FIXED_EVENT_CONSTRAINT(0x0300, 2), /* CPU_CLK_UNHALTED.REF */ + FIXED_EVENT_CONSTRAINT(0x0400, 3), /* SLOTS */ diff --git a/queue-5.9/seccomp-make-duplicate-listener-detection-non-racy.patch b/queue-5.9/seccomp-make-duplicate-listener-detection-non-racy.patch new file mode 100644 index 00000000000..846f33bf8be --- /dev/null +++ b/queue-5.9/seccomp-make-duplicate-listener-detection-non-racy.patch @@ -0,0 +1,100 @@ +From dfe719fef03d752f1682fa8aeddf30ba501c8555 Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Mon, 5 Oct 2020 03:44:01 +0200 +Subject: seccomp: Make duplicate listener detection non-racy + +From: Jann Horn + +commit dfe719fef03d752f1682fa8aeddf30ba501c8555 upstream. + +Currently, init_listener() tries to prevent adding a filter with +SECCOMP_FILTER_FLAG_NEW_LISTENER if one of the existing filters already +has a listener. However, this check happens without holding any lock that +would prevent another thread from concurrently installing a new filter +(potentially with a listener) on top of the ones we already have. + +Theoretically, this is also a data race: The plain load from +current->seccomp.filter can race with concurrent writes to the same +location. + +Fix it by moving the check into the region that holds the siglock to guard +against concurrent TSYNC. + +(The "Fixes" tag points to the commit that introduced the theoretical +data race; concurrent installation of another filter with TSYNC only +became possible later, in commit 51891498f2da ("seccomp: allow TSYNC and +USER_NOTIF together").) + +Fixes: 6a21cc50f0c7 ("seccomp: add a return code to trap to userspace") +Reviewed-by: Tycho Andersen +Signed-off-by: Jann Horn +Signed-off-by: Kees Cook +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20201005014401.490175-1-jannh@google.com +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/seccomp.c | 38 +++++++++++++++++++++++++++++++------- + 1 file changed, 31 insertions(+), 7 deletions(-) + +--- a/kernel/seccomp.c ++++ b/kernel/seccomp.c +@@ -1472,13 +1472,7 @@ static const struct file_operations secc + + static struct file *init_listener(struct seccomp_filter *filter) + { +- struct file *ret = ERR_PTR(-EBUSY); +- struct seccomp_filter *cur; +- +- for (cur = current->seccomp.filter; cur; cur = cur->prev) { +- if (cur->notif) +- goto out; +- } ++ struct file *ret; + + ret = ERR_PTR(-ENOMEM); + filter->notif = kzalloc(sizeof(*(filter->notif)), GFP_KERNEL); +@@ -1504,6 +1498,31 @@ out: + return ret; + } + ++/* ++ * Does @new_child have a listener while an ancestor also has a listener? ++ * If so, we'll want to reject this filter. ++ * This only has to be tested for the current process, even in the TSYNC case, ++ * because TSYNC installs @child with the same parent on all threads. ++ * Note that @new_child is not hooked up to its parent at this point yet, so ++ * we use current->seccomp.filter. ++ */ ++static bool has_duplicate_listener(struct seccomp_filter *new_child) ++{ ++ struct seccomp_filter *cur; ++ ++ /* must be protected against concurrent TSYNC */ ++ lockdep_assert_held(¤t->sighand->siglock); ++ ++ if (!new_child->notif) ++ return false; ++ for (cur = current->seccomp.filter; cur; cur = cur->prev) { ++ if (cur->notif) ++ return true; ++ } ++ ++ return false; ++} ++ + /** + * seccomp_set_mode_filter: internal function for setting seccomp filter + * @flags: flags to change filter behavior +@@ -1575,6 +1594,11 @@ static long seccomp_set_mode_filter(unsi + if (!seccomp_may_assign_mode(seccomp_mode)) + goto out; + ++ if (has_duplicate_listener(prepared)) { ++ ret = -EBUSY; ++ goto out; ++ } ++ + ret = seccomp_attach_filter(flags, prepared); + if (ret) + goto out; diff --git a/queue-5.9/selftests-x86-fsgsbase-test-ptrace_peekuser-for-gsbase-with-invalid-ldt-gs.patch b/queue-5.9/selftests-x86-fsgsbase-test-ptrace_peekuser-for-gsbase-with-invalid-ldt-gs.patch new file mode 100644 index 00000000000..80f00a92f70 --- /dev/null +++ b/queue-5.9/selftests-x86-fsgsbase-test-ptrace_peekuser-for-gsbase-with-invalid-ldt-gs.patch @@ -0,0 +1,106 @@ +From 1b9abd1755ad947d7c9913e92e7837b533124c90 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Wed, 26 Aug 2020 10:00:46 -0700 +Subject: selftests/x86/fsgsbase: Test PTRACE_PEEKUSER for GSBASE with invalid LDT GS + +From: Andy Lutomirski + +commit 1b9abd1755ad947d7c9913e92e7837b533124c90 upstream. + +This tests commit: + + 8ab49526b53d ("x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task") + +Unpatched kernels will OOPS. + +Signed-off-by: Andy Lutomirski +Signed-off-by: Ingo Molnar +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/c618ae86d1f757e01b1a8e79869f553cb88acf9a.1598461151.git.luto@kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + tools/testing/selftests/x86/fsgsbase.c | 65 +++++++++++++++++++++++++++++++++ + 1 file changed, 65 insertions(+) + +--- a/tools/testing/selftests/x86/fsgsbase.c ++++ b/tools/testing/selftests/x86/fsgsbase.c +@@ -443,6 +443,68 @@ static void test_unexpected_base(void) + + #define USER_REGS_OFFSET(r) offsetof(struct user_regs_struct, r) + ++static void test_ptrace_write_gs_read_base(void) ++{ ++ int status; ++ pid_t child = fork(); ++ ++ if (child < 0) ++ err(1, "fork"); ++ ++ if (child == 0) { ++ printf("[RUN]\tPTRACE_POKE GS, read GSBASE back\n"); ++ ++ printf("[RUN]\tARCH_SET_GS to 1\n"); ++ if (syscall(SYS_arch_prctl, ARCH_SET_GS, 1) != 0) ++ err(1, "ARCH_SET_GS"); ++ ++ if (ptrace(PTRACE_TRACEME, 0, NULL, NULL) != 0) ++ err(1, "PTRACE_TRACEME"); ++ ++ raise(SIGTRAP); ++ _exit(0); ++ } ++ ++ wait(&status); ++ ++ if (WSTOPSIG(status) == SIGTRAP) { ++ unsigned long base; ++ unsigned long gs_offset = USER_REGS_OFFSET(gs); ++ unsigned long base_offset = USER_REGS_OFFSET(gs_base); ++ ++ /* Read the initial base. It should be 1. */ ++ base = ptrace(PTRACE_PEEKUSER, child, base_offset, NULL); ++ if (base == 1) { ++ printf("[OK]\tGSBASE started at 1\n"); ++ } else { ++ nerrs++; ++ printf("[FAIL]\tGSBASE started at 0x%lx\n", base); ++ } ++ ++ printf("[RUN]\tSet GS = 0x7, read GSBASE\n"); ++ ++ /* Poke an LDT selector into GS. */ ++ if (ptrace(PTRACE_POKEUSER, child, gs_offset, 0x7) != 0) ++ err(1, "PTRACE_POKEUSER"); ++ ++ /* And read the base. */ ++ base = ptrace(PTRACE_PEEKUSER, child, base_offset, NULL); ++ ++ if (base == 0 || base == 1) { ++ printf("[OK]\tGSBASE reads as 0x%lx with invalid GS\n", base); ++ } else { ++ nerrs++; ++ printf("[FAIL]\tGSBASE=0x%lx (should be 0 or 1)\n", base); ++ } ++ } ++ ++ ptrace(PTRACE_CONT, child, NULL, NULL); ++ ++ wait(&status); ++ if (!WIFEXITED(status)) ++ printf("[WARN]\tChild didn't exit cleanly.\n"); ++} ++ + static void test_ptrace_write_gsbase(void) + { + int status; +@@ -529,6 +591,9 @@ int main() + shared_scratch = mmap(NULL, 4096, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_SHARED, -1, 0); + ++ /* Do these tests before we have an LDT. */ ++ test_ptrace_write_gs_read_base(); ++ + /* Probe FSGSBASE */ + sethandler(SIGILL, sigill, 0); + if (sigsetjmp(jmpbuf, 1) == 0) { diff --git a/queue-5.9/series b/queue-5.9/series index 3bea1d57e73..aa766cbc78c 100644 --- a/queue-5.9/series +++ b/queue-5.9/series @@ -179,3 +179,19 @@ arm64-dts-qcom-kitakami-temporarily-disable-sdhci1.patch nbd-make-the-config-put-is-called-before-the-notifyi.patch sgl_alloc_order-fix-memory-leak.patch nvme-rdma-fix-crash-when-connect-rejected.patch +vmlinux.lds.h-add-pgo-and-autofdo-input-sections.patch +irqchip-loongson-htvec-fix-initial-interrupt-clearing.patch +md-fix-the-checking-of-wrong-work-queue.patch +md-raid5-fix-oops-during-stripe-resizing.patch +mmc-sdhci-add-ltr-support-for-some-intel-byt-based-controllers.patch +mmc-sdhci-acpi-amdi0040-set-sdhci_quirk2_preset_value_broken.patch +mm-memcg-slab-uncharge-during-kmem_cache_free_bulk.patch +seccomp-make-duplicate-listener-detection-non-racy.patch +selftests-x86-fsgsbase-test-ptrace_peekuser-for-gsbase-with-invalid-ldt-gs.patch +perf-x86-intel-fix-ice-lake-event-constraint-table.patch +perf-x86-amd-fix-sampling-large-increment-per-cycle-events.patch +perf-amd-uncore-set-all-slices-and-threads-to-restore-perf-stat-a-behaviour.patch +perf-x86-amd-ibs-don-t-include-randomized-bits-in-get_ibs_op_count.patch +perf-x86-amd-ibs-fix-raw-sample-data-accumulation.patch +spi-spi-mtk-nor-fix-timeout-calculation-overflow.patch +spi-sprd-release-dma-channel-also-on-probe-deferral.patch diff --git a/queue-5.9/spi-spi-mtk-nor-fix-timeout-calculation-overflow.patch b/queue-5.9/spi-spi-mtk-nor-fix-timeout-calculation-overflow.patch new file mode 100644 index 00000000000..f0c9d6799ce --- /dev/null +++ b/queue-5.9/spi-spi-mtk-nor-fix-timeout-calculation-overflow.patch @@ -0,0 +1,50 @@ +From 4cafaddedb5fbef9531202ee547784409fd0de33 Mon Sep 17 00:00:00 2001 +From: Chuanhong Guo +Date: Tue, 22 Sep 2020 19:49:02 +0800 +Subject: spi: spi-mtk-nor: fix timeout calculation overflow + +From: Chuanhong Guo + +commit 4cafaddedb5fbef9531202ee547784409fd0de33 upstream. + +CLK_TO_US macro is used to calculate potential transfer time for various +timeout handling. However it overflows on transfer bigger than 512 bytes +because it first did (len * 8 * 1000000). +This controller typically operates at 45MHz. This patch did 2 things: +1. calculate clock / 1000000 first +2. add a 4M transfer size cap so that the final timeout in DMA reading + doesn't overflow + +Fixes: 881d1ee9fe81f ("spi: add support for mediatek spi-nor controller") +Cc: +Signed-off-by: Chuanhong Guo +Link: https://lore.kernel.org/r/20200922114905.2942859-1-gch981213@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/spi/spi-mtk-nor.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/spi/spi-mtk-nor.c ++++ b/drivers/spi/spi-mtk-nor.c +@@ -89,7 +89,7 @@ + // Buffered page program can do one 128-byte transfer + #define MTK_NOR_PP_SIZE 128 + +-#define CLK_TO_US(sp, clkcnt) ((clkcnt) * 1000000 / sp->spi_freq) ++#define CLK_TO_US(sp, clkcnt) DIV_ROUND_UP(clkcnt, sp->spi_freq / 1000000) + + struct mtk_nor { + struct spi_controller *ctlr; +@@ -177,6 +177,10 @@ static int mtk_nor_adjust_op_size(struct + if ((op->addr.nbytes == 3) || (op->addr.nbytes == 4)) { + if ((op->data.dir == SPI_MEM_DATA_IN) && + mtk_nor_match_read(op)) { ++ // limit size to prevent timeout calculation overflow ++ if (op->data.nbytes > 0x400000) ++ op->data.nbytes = 0x400000; ++ + if ((op->addr.val & MTK_NOR_DMA_ALIGN_MASK) || + (op->data.nbytes < MTK_NOR_DMA_ALIGN)) + op->data.nbytes = 1; diff --git a/queue-5.9/spi-sprd-release-dma-channel-also-on-probe-deferral.patch b/queue-5.9/spi-sprd-release-dma-channel-also-on-probe-deferral.patch new file mode 100644 index 00000000000..2257b89eb9c --- /dev/null +++ b/queue-5.9/spi-sprd-release-dma-channel-also-on-probe-deferral.patch @@ -0,0 +1,40 @@ +From 687a2e76186dcfa42f22c14b655c3fb159839e79 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Tue, 1 Sep 2020 17:27:03 +0200 +Subject: spi: sprd: Release DMA channel also on probe deferral + +From: Krzysztof Kozlowski + +commit 687a2e76186dcfa42f22c14b655c3fb159839e79 upstream. + +If dma_request_chan() for TX channel fails with EPROBE_DEFER, the RX +channel would not be released and on next re-probe it would be requested +second time. + +Fixes: 386119bc7be9 ("spi: sprd: spi: sprd: Add DMA mode support") +Cc: +Signed-off-by: Krzysztof Kozlowski +Acked-by: Chunyan Zhang +Link: https://lore.kernel.org/r/20200901152713.18629-1-krzk@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/spi/spi-sprd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/spi/spi-sprd.c ++++ b/drivers/spi/spi-sprd.c +@@ -563,11 +563,11 @@ static int sprd_spi_dma_request(struct s + + ss->dma.dma_chan[SPRD_SPI_TX] = dma_request_chan(ss->dev, "tx_chn"); + if (IS_ERR_OR_NULL(ss->dma.dma_chan[SPRD_SPI_TX])) { ++ dma_release_channel(ss->dma.dma_chan[SPRD_SPI_RX]); + if (PTR_ERR(ss->dma.dma_chan[SPRD_SPI_TX]) == -EPROBE_DEFER) + return PTR_ERR(ss->dma.dma_chan[SPRD_SPI_TX]); + + dev_err(ss->dev, "request TX DMA channel failed!\n"); +- dma_release_channel(ss->dma.dma_chan[SPRD_SPI_RX]); + return PTR_ERR(ss->dma.dma_chan[SPRD_SPI_TX]); + } + diff --git a/queue-5.9/vmlinux.lds.h-add-pgo-and-autofdo-input-sections.patch b/queue-5.9/vmlinux.lds.h-add-pgo-and-autofdo-input-sections.patch new file mode 100644 index 00000000000..b73814682be --- /dev/null +++ b/queue-5.9/vmlinux.lds.h-add-pgo-and-autofdo-input-sections.patch @@ -0,0 +1,88 @@ +From eff8728fe69880d3f7983bec3fb6cea4c306261f Mon Sep 17 00:00:00 2001 +From: Nick Desaulniers +Date: Fri, 21 Aug 2020 12:42:47 -0700 +Subject: vmlinux.lds.h: Add PGO and AutoFDO input sections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nick Desaulniers + +commit eff8728fe69880d3f7983bec3fb6cea4c306261f upstream. + +Basically, consider .text.{hot|unlikely|unknown}.* part of .text, too. + +When compiling with profiling information (collected via PGO +instrumentations or AutoFDO sampling), Clang will separate code into +.text.hot, .text.unlikely, or .text.unknown sections based on profiling +information. After D79600 (clang-11), these sections will have a +trailing `.` suffix, ie. .text.hot., .text.unlikely., .text.unknown.. + +When using -ffunction-sections together with profiling infomation, +either explicitly (FGKASLR) or implicitly (LTO), code may be placed in +sections following the convention: +.text.hot., .text.unlikely., .text.unknown. +where , , and are functions. (This produces one section +per function; we generally try to merge these all back via linker script +so that we don't have 50k sections). + +For the above cases, we need to teach our linker scripts that such +sections might exist and that we'd explicitly like them grouped +together, otherwise we can wind up with code outside of the +_stext/_etext boundaries that might not be mapped properly for some +architectures, resulting in boot failures. + +If the linker script is not told about possible input sections, then +where the section is placed as output is a heuristic-laiden mess that's +non-portable between linkers (ie. BFD and LLD), and has resulted in many +hard to debug bugs. Kees Cook is working on cleaning this up by adding +--orphan-handling=warn linker flag used in ARCH=powerpc to additional +architectures. In the case of linker scripts, borrowing from the Zen of +Python: explicit is better than implicit. + +Also, ld.bfd's internal linker script considers .text.hot AND +.text.hot.* to be part of .text, as well as .text.unlikely and +.text.unlikely.*. I didn't see support for .text.unknown.*, and didn't +see Clang producing such code in our kernel builds, but I see code in +LLVM that can produce such section names if profiling information is +missing. That may point to a larger issue with generating or collecting +profiles, but I would much rather be safe and explicit than have to +debug yet another issue related to orphan section placement. + +Reported-by: Jian Cai +Suggested-by: Fāng-ruì Sòng +Signed-off-by: Nick Desaulniers +Signed-off-by: Kees Cook +Signed-off-by: Ingo Molnar +Tested-by: Luis Lozano +Tested-by: Manoj Gupta +Acked-by: Kees Cook +Cc: linux-arch@vger.kernel.org +Cc: stable@vger.kernel.org +Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=add44f8d5c5c05e08b11e033127a744d61c26aee +Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=1de778ed23ce7492c523d5850c6c6dbb34152655 +Link: https://reviews.llvm.org/D79600 +Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1084760 +Link: https://lore.kernel.org/r/20200821194310.3089815-7-keescook@chromium.org +Signed-off-by: Greg Kroah-Hartman + +Debugged-by: Luis Lozano + +--- + include/asm-generic/vmlinux.lds.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/include/asm-generic/vmlinux.lds.h ++++ b/include/asm-generic/vmlinux.lds.h +@@ -581,7 +581,10 @@ + */ + #define TEXT_TEXT \ + ALIGN_FUNCTION(); \ +- *(.text.hot TEXT_MAIN .text.fixup .text.unlikely) \ ++ *(.text.hot .text.hot.*) \ ++ *(TEXT_MAIN .text.fixup) \ ++ *(.text.unlikely .text.unlikely.*) \ ++ *(.text.unknown .text.unknown.*) \ + NOINSTR_TEXT \ + *(.text..refcount) \ + *(.ref.text) \