From: Greg Kroah-Hartman Date: Sun, 9 Feb 2020 13:09:20 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v4.19.103~55 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fa57086dd671d964e1ab548ce5029916a9977ce6;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: arm64-dts-qcom-qcs404-evb-set-vdd_apc-regulator-in-high-power-mode.patch broken-ping-to-ipv6-linklocal-addresses-on-debian-buster.patch clk-tegra-mark-fuse-clock-as-critical.patch drm-amd-dm-mst-ignore-payload-update-failures.patch fix-up-iter-on-short-count-in-fuse_direct_io.patch mm-mmu_gather-invalidate-tlb-correctly-on-batch-allocation-failure-and-flush.patch percpu-separate-decrypted-varaibles-anytime-encryption-can-be-enabled.patch virtio-balloon-initialize-all-vq-callbacks.patch virtio-pci-check-name-when-counting-msi-x-vectors.patch --- diff --git a/queue-5.4/arm64-dts-qcom-qcs404-evb-set-vdd_apc-regulator-in-high-power-mode.patch b/queue-5.4/arm64-dts-qcom-qcs404-evb-set-vdd_apc-regulator-in-high-power-mode.patch new file mode 100644 index 00000000000..e56b1f8c753 --- /dev/null +++ b/queue-5.4/arm64-dts-qcom-qcs404-evb-set-vdd_apc-regulator-in-high-power-mode.patch @@ -0,0 +1,42 @@ +From eac8ce86cb90ba96cb4bcbf2549d7a8b6938aa30 Mon Sep 17 00:00:00 2001 +From: Niklas Cassel +Date: Mon, 14 Oct 2019 14:09:20 +0200 +Subject: arm64: dts: qcom: qcs404-evb: Set vdd_apc regulator in high power mode + +From: Niklas Cassel + +commit eac8ce86cb90ba96cb4bcbf2549d7a8b6938aa30 upstream. + +vdd_apc is the regulator that supplies the main CPU cluster. + +At sudden CPU load changes, we have noticed invalid page faults on +addresses with all bits shifted, as well as on addresses with individual +bits flipped. + +By putting the vdd_apc regulator in high power mode, the voltage drops +during sudden load changes will be less severe, and we have not been able +to reproduce the invalid page faults with the regulator in this mode. + +Fixes: 8faea8edbb35 ("arm64: dts: qcom: qcs404-evb: add spmi regulators") +Cc: stable@vger.kernel.org +Suggested-by: Bjorn Andersson +Signed-off-by: Niklas Cassel +Reviewed-by: Vinod Koul +Link: https://lore.kernel.org/r/20191014120920.12691-1-niklas.cassel@linaro.org +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/boot/dts/qcom/qcs404-evb.dtsi | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi ++++ b/arch/arm64/boot/dts/qcom/qcs404-evb.dtsi +@@ -73,6 +73,7 @@ + regulator-always-on; + regulator-boot-on; + regulator-name = "vdd_apc"; ++ regulator-initial-mode = <1>; + regulator-min-microvolt = <1048000>; + regulator-max-microvolt = <1384000>; + }; diff --git a/queue-5.4/broken-ping-to-ipv6-linklocal-addresses-on-debian-buster.patch b/queue-5.4/broken-ping-to-ipv6-linklocal-addresses-on-debian-buster.patch new file mode 100644 index 00000000000..c8f2bea3462 --- /dev/null +++ b/queue-5.4/broken-ping-to-ipv6-linklocal-addresses-on-debian-buster.patch @@ -0,0 +1,110 @@ +From 87fbfffcc89b92a4281b0aa53bd06af714087889 Mon Sep 17 00:00:00 2001 +From: Casey Schaufler +Date: Mon, 3 Feb 2020 09:15:00 -0800 +Subject: broken ping to ipv6 linklocal addresses on debian buster +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Casey Schaufler + +commit 87fbfffcc89b92a4281b0aa53bd06af714087889 upstream. + +I am seeing ping failures to IPv6 linklocal addresses with Debian +buster. Easiest example to reproduce is: + +$ ping -c1 -w1 ff02::1%eth1 +connect: Invalid argument + +$ ping -c1 -w1 ff02::1%eth1 +PING ff02::01%eth1(ff02::1%eth1) 56 data bytes +64 bytes from fe80::e0:f9ff:fe0c:37%eth1: icmp_seq=1 ttl=64 time=0.059 ms + +git bisect traced the failure to +commit b9ef5513c99b ("smack: Check address length before reading address family") + +Arguably ping is being stupid since the buster version is not setting +the address family properly (ping on stretch for example does): + +$ strace -e connect ping6 -c1 -w1 ff02::1%eth1 +connect(5, {sa_family=AF_UNSPEC, +sa_data="\4\1\0\0\0\0\377\2\0\0\0\0\0\0\0\0\0\0\0\0\0\1\3\0\0\0"}, 28) += -1 EINVAL (Invalid argument) + +but the command works fine on kernels prior to this commit, so this is +breakage which goes against the Linux paradigm of "don't break userspace" + +Cc: stable@vger.kernel.org +Reported-by: David Ahern +Suggested-by: Tetsuo Handa +Signed-off-by: Casey Schaufler +Signed-off-by: Greg Kroah-Hartman + + security/smack/smack_lsm.c | 41 +++++++++++++++++++---------------------- + security/smack/smack_lsm.c | 41 +++++++++++++++++++---------------------- + 1 file changed, 19 insertions(+), 22 deletions(-) + +--- a/security/smack/smack_lsm.c ++++ b/security/smack/smack_lsm.c +@@ -2832,42 +2832,39 @@ static int smack_socket_connect(struct s + int addrlen) + { + int rc = 0; +-#if IS_ENABLED(CONFIG_IPV6) +- struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; +-#endif +-#ifdef SMACK_IPV6_SECMARK_LABELING +- struct smack_known *rsp; +- struct socket_smack *ssp; +-#endif + + if (sock->sk == NULL) + return 0; +- ++ if (sock->sk->sk_family != PF_INET && ++ (!IS_ENABLED(CONFIG_IPV6) || sock->sk->sk_family != PF_INET6)) ++ return 0; ++ if (addrlen < offsetofend(struct sockaddr, sa_family)) ++ return 0; ++ if (IS_ENABLED(CONFIG_IPV6) && sap->sa_family == AF_INET6) { ++ struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap; + #ifdef SMACK_IPV6_SECMARK_LABELING +- ssp = sock->sk->sk_security; ++ struct smack_known *rsp; + #endif + +- switch (sock->sk->sk_family) { +- case PF_INET: +- if (addrlen < sizeof(struct sockaddr_in) || +- sap->sa_family != AF_INET) +- return -EINVAL; +- rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); +- break; +- case PF_INET6: +- if (addrlen < SIN6_LEN_RFC2133 || sap->sa_family != AF_INET6) +- return -EINVAL; ++ if (addrlen < SIN6_LEN_RFC2133) ++ return 0; + #ifdef SMACK_IPV6_SECMARK_LABELING + rsp = smack_ipv6host_label(sip); +- if (rsp != NULL) ++ if (rsp != NULL) { ++ struct socket_smack *ssp = sock->sk->sk_security; ++ + rc = smk_ipv6_check(ssp->smk_out, rsp, sip, +- SMK_CONNECTING); ++ SMK_CONNECTING); ++ } + #endif + #ifdef SMACK_IPV6_PORT_LABELING + rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING); + #endif +- break; ++ return rc; + } ++ if (sap->sa_family != AF_INET || addrlen < sizeof(struct sockaddr_in)) ++ return 0; ++ rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap); + return rc; + } + diff --git a/queue-5.4/clk-tegra-mark-fuse-clock-as-critical.patch b/queue-5.4/clk-tegra-mark-fuse-clock-as-critical.patch new file mode 100644 index 00000000000..bebc91805f9 --- /dev/null +++ b/queue-5.4/clk-tegra-mark-fuse-clock-as-critical.patch @@ -0,0 +1,44 @@ +From bf83b96f87ae2abb1e535306ea53608e8de5dfbb Mon Sep 17 00:00:00 2001 +From: Stephen Warren +Date: Thu, 3 Oct 2019 14:50:30 -0600 +Subject: clk: tegra: Mark fuse clock as critical + +From: Stephen Warren + +commit bf83b96f87ae2abb1e535306ea53608e8de5dfbb upstream. + +For a little over a year, U-Boot on Tegra124 has configured the flow +controller to perform automatic RAM re-repair on off->on power +transitions of the CPU rail[1]. This is mandatory for correct operation +of Tegra124. However, RAM re-repair relies on certain clocks, which the +kernel must enable and leave running. The fuse clock is one of those +clocks. Mark this clock as critical so that LP1 power mode (system +suspend) operates correctly. + +[1] 3cc7942a4ae5 ARM: tegra: implement RAM repair + +Reported-by: Jonathan Hunter +Cc: stable@vger.kernel.org +Signed-off-by: Stephen Warren +Signed-off-by: Thierry Reding +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/clk/tegra/clk-tegra-periph.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/clk/tegra/clk-tegra-periph.c ++++ b/drivers/clk/tegra/clk-tegra-periph.c +@@ -785,7 +785,11 @@ static struct tegra_periph_init_data gat + GATE("ahbdma", "hclk", 33, 0, tegra_clk_ahbdma, 0), + GATE("apbdma", "pclk", 34, 0, tegra_clk_apbdma, 0), + GATE("kbc", "clk_32k", 36, TEGRA_PERIPH_ON_APB | TEGRA_PERIPH_NO_RESET, tegra_clk_kbc, 0), +- GATE("fuse", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse, 0), ++ /* ++ * Critical for RAM re-repair operation, which must occur on resume ++ * from LP1 system suspend and as part of CCPLEX cluster switching. ++ */ ++ GATE("fuse", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse, CLK_IS_CRITICAL), + GATE("fuse_burn", "clk_m", 39, TEGRA_PERIPH_ON_APB, tegra_clk_fuse_burn, 0), + GATE("kfuse", "clk_m", 40, TEGRA_PERIPH_ON_APB, tegra_clk_kfuse, 0), + GATE("apbif", "clk_m", 107, TEGRA_PERIPH_ON_APB, tegra_clk_apbif, 0), diff --git a/queue-5.4/drm-amd-dm-mst-ignore-payload-update-failures.patch b/queue-5.4/drm-amd-dm-mst-ignore-payload-update-failures.patch new file mode 100644 index 00000000000..497323b3cb0 --- /dev/null +++ b/queue-5.4/drm-amd-dm-mst-ignore-payload-update-failures.patch @@ -0,0 +1,167 @@ +From 58fe03d6dec908a1bec07eea7e94907af5c07eec Mon Sep 17 00:00:00 2001 +From: Lyude Paul +Date: Fri, 24 Jan 2020 14:10:46 -0500 +Subject: drm/amd/dm/mst: Ignore payload update failures + +From: Lyude Paul + +commit 58fe03d6dec908a1bec07eea7e94907af5c07eec upstream. + +Disabling a display on MST can potentially happen after the entire MST +topology has been removed, which means that we can't communicate with +the topology at all in this scenario. Likewise, this also means that we +can't properly update payloads on the topology and as such, it's a good +idea to ignore payload update failures when disabling displays. +Currently, amdgpu makes the mistake of halting the payload update +process when any payload update failures occur, resulting in leaving +DC's local copies of the payload tables out of date. + +This ends up causing problems with hotplugging MST topologies, and +causes modesets on the second hotplug to fail like so: + +[drm] Failed to updateMST allocation table forpipe idx:1 +------------[ cut here ]------------ +WARNING: CPU: 5 PID: 1511 at +drivers/gpu/drm/amd/amdgpu/../display/dc/core/dc_link.c:2677 +update_mst_stream_alloc_table+0x11e/0x130 [amdgpu] +Modules linked in: cdc_ether usbnet fuse xt_conntrack nf_conntrack +nf_defrag_ipv6 libcrc32c nf_defrag_ipv4 ipt_REJECT nf_reject_ipv4 +nft_counter nft_compat nf_tables nfnetlink tun bridge stp llc sunrpc +vfat fat wmi_bmof uvcvideo snd_hda_codec_realtek snd_hda_codec_generic +snd_hda_codec_hdmi videobuf2_vmalloc snd_hda_intel videobuf2_memops +videobuf2_v4l2 snd_intel_dspcfg videobuf2_common crct10dif_pclmul +snd_hda_codec videodev crc32_pclmul snd_hwdep snd_hda_core +ghash_clmulni_intel snd_seq mc joydev pcspkr snd_seq_device snd_pcm +sp5100_tco k10temp i2c_piix4 snd_timer thinkpad_acpi ledtrig_audio snd +wmi soundcore video i2c_scmi acpi_cpufreq ip_tables amdgpu(O) +rtsx_pci_sdmmc amd_iommu_v2 gpu_sched mmc_core i2c_algo_bit ttm +drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops cec drm +crc32c_intel serio_raw hid_multitouch r8152 mii nvme r8169 nvme_core +rtsx_pci pinctrl_amd +CPU: 5 PID: 1511 Comm: gnome-shell Tainted: G O 5.5.0-rc7Lyude-Test+ #4 +Hardware name: LENOVO FA495SIT26/FA495SIT26, BIOS R12ET22W(0.22 ) 01/31/2019 +RIP: 0010:update_mst_stream_alloc_table+0x11e/0x130 [amdgpu] +Code: 28 00 00 00 75 2b 48 8d 65 e0 5b 41 5c 41 5d 41 5e 5d c3 0f b6 06 +49 89 1c 24 41 88 44 24 08 0f b6 46 01 41 88 44 24 09 eb 93 <0f> 0b e9 +2f ff ff ff e8 a6 82 a3 c2 66 0f 1f 44 00 00 0f 1f 44 00 +RSP: 0018:ffffac428127f5b0 EFLAGS: 00010202 +RAX: 0000000000000002 RBX: ffff8d1e166eee80 RCX: 0000000000000000 +RDX: ffffac428127f668 RSI: ffff8d1e166eee80 RDI: ffffac428127f610 +RBP: ffffac428127f640 R08: ffffffffc03d94a8 R09: 0000000000000000 +R10: ffff8d1e24b02000 R11: ffffac428127f5b0 R12: ffff8d1e1b83d000 +R13: ffff8d1e1bea0b08 R14: 0000000000000002 R15: 0000000000000002 +FS: 00007fab23ffcd80(0000) GS:ffff8d1e28b40000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007f151f1711e8 CR3: 00000005997c0000 CR4: 00000000003406e0 +Call Trace: + ? mutex_lock+0xe/0x30 + dc_link_allocate_mst_payload+0x9a/0x210 [amdgpu] + ? dm_read_reg_func+0x39/0xb0 [amdgpu] + ? core_link_enable_stream+0x656/0x730 [amdgpu] + core_link_enable_stream+0x656/0x730 [amdgpu] + dce110_apply_ctx_to_hw+0x58e/0x5d0 [amdgpu] + ? dcn10_verify_allow_pstate_change_high+0x1d/0x280 [amdgpu] + ? dcn10_wait_for_mpcc_disconnect+0x3c/0x130 [amdgpu] + dc_commit_state+0x292/0x770 [amdgpu] + ? add_timer+0x101/0x1f0 + ? ttm_bo_put+0x1a1/0x2f0 [ttm] + amdgpu_dm_atomic_commit_tail+0xb59/0x1ff0 [amdgpu] + ? amdgpu_move_blit.constprop.0+0xb8/0x1f0 [amdgpu] + ? amdgpu_bo_move+0x16d/0x2b0 [amdgpu] + ? ttm_bo_handle_move_mem+0x118/0x570 [ttm] + ? ttm_bo_validate+0x134/0x150 [ttm] + ? dm_plane_helper_prepare_fb+0x1b9/0x2a0 [amdgpu] + ? _cond_resched+0x15/0x30 + ? wait_for_completion_timeout+0x38/0x160 + ? _cond_resched+0x15/0x30 + ? wait_for_completion_interruptible+0x33/0x190 + commit_tail+0x94/0x130 [drm_kms_helper] + drm_atomic_helper_commit+0x113/0x140 [drm_kms_helper] + drm_atomic_helper_set_config+0x70/0xb0 [drm_kms_helper] + drm_mode_setcrtc+0x194/0x6a0 [drm] + ? _cond_resched+0x15/0x30 + ? mutex_lock+0xe/0x30 + ? drm_mode_getcrtc+0x180/0x180 [drm] + drm_ioctl_kernel+0xaa/0xf0 [drm] + drm_ioctl+0x208/0x390 [drm] + ? drm_mode_getcrtc+0x180/0x180 [drm] + amdgpu_drm_ioctl+0x49/0x80 [amdgpu] + do_vfs_ioctl+0x458/0x6d0 + ksys_ioctl+0x5e/0x90 + __x64_sys_ioctl+0x16/0x20 + do_syscall_64+0x55/0x1b0 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 +RIP: 0033:0x7fab2121f87b +Code: 0f 1e fa 48 8b 05 0d 96 2c 00 64 c7 00 26 00 00 00 48 c7 c0 ff ff +ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 +f0 ff ff 73 01 c3 48 8b 0d dd 95 2c 00 f7 d8 64 89 01 48 +RSP: 002b:00007ffd045f9068 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 +RAX: ffffffffffffffda RBX: 00007ffd045f90a0 RCX: 00007fab2121f87b +RDX: 00007ffd045f90a0 RSI: 00000000c06864a2 RDI: 000000000000000b +RBP: 00007ffd045f90a0 R08: 0000000000000000 R09: 000055dbd2985d10 +R10: 000055dbd2196280 R11: 0000000000000246 R12: 00000000c06864a2 +R13: 000000000000000b R14: 0000000000000000 R15: 000055dbd2196280 +---[ end trace 6ea888c24d2059cd ]--- + +Note as well, I have only been able to reproduce this on setups with 2 +MST displays. + +Changes since v1: +* Don't return false when part 1 or part 2 of updating the payloads + fails, we don't want to abort at any step of the process even if + things fail + +Reviewed-by: Mikita Lipski +Signed-off-by: Lyude Paul +Acked-by: Harry Wentland +Cc: stable@vger.kernel.org +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 13 ++++--------- + 1 file changed, 4 insertions(+), 9 deletions(-) + +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c +@@ -247,7 +247,8 @@ bool dm_helpers_dp_mst_write_payload_all + drm_dp_mst_reset_vcpi_slots(mst_mgr, mst_port); + } + +- ret = drm_dp_update_payload_part1(mst_mgr); ++ /* It's OK for this to fail */ ++ drm_dp_update_payload_part1(mst_mgr); + + /* mst_mgr->->payloads are VC payload notify MST branch using DPCD or + * AUX message. The sequence is slot 1-63 allocated sequence for each +@@ -256,9 +257,6 @@ bool dm_helpers_dp_mst_write_payload_all + + get_payload_table(aconnector, proposed_table); + +- if (ret) +- return false; +- + return true; + } + +@@ -316,7 +314,6 @@ bool dm_helpers_dp_mst_send_payload_allo + struct amdgpu_dm_connector *aconnector; + struct drm_dp_mst_topology_mgr *mst_mgr; + struct drm_dp_mst_port *mst_port; +- int ret; + + aconnector = (struct amdgpu_dm_connector *)stream->dm_stream_context; + +@@ -330,10 +327,8 @@ bool dm_helpers_dp_mst_send_payload_allo + if (!mst_mgr->mst_state) + return false; + +- ret = drm_dp_update_payload_part2(mst_mgr); +- +- if (ret) +- return false; ++ /* It's OK for this to fail */ ++ drm_dp_update_payload_part2(mst_mgr); + + if (!enable) + drm_dp_mst_deallocate_vcpi(mst_mgr, mst_port); diff --git a/queue-5.4/fix-up-iter-on-short-count-in-fuse_direct_io.patch b/queue-5.4/fix-up-iter-on-short-count-in-fuse_direct_io.patch new file mode 100644 index 00000000000..62a48c3e8b7 --- /dev/null +++ b/queue-5.4/fix-up-iter-on-short-count-in-fuse_direct_io.patch @@ -0,0 +1,55 @@ +From f658adeea45e430a24c7a157c3d5448925ac2038 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Thu, 6 Feb 2020 16:39:28 +0100 +Subject: fix up iter on short count in fuse_direct_io() + +From: Miklos Szeredi + +commit f658adeea45e430a24c7a157c3d5448925ac2038 upstream. + +fuse_direct_io() can end up advancing the iterator by more than the amount +of data read or written. This case is handled by the generic code if going +through ->direct_IO(), but not in the FOPEN_DIRECT_IO case. + +Fix by reverting the extra bytes from the iterator in case of error or a +short count. + +To test: install lxcfs, then the following testcase + int fd = open("/var/lib/lxcfs/proc/uptime", O_RDONLY); + sendfile(1, fd, NULL, 16777216); + sendfile(1, fd, NULL, 16777216); +will spew WARN_ON() in iov_iter_pipe(). + +Reported-by: Peter Geis +Reported-by: Al Viro +Fixes: 3c3db095b68c ("fuse: use iov_iter based generic splice helpers") +Cc: # v5.1 +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fuse/file.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -1465,6 +1465,7 @@ ssize_t fuse_direct_io(struct fuse_io_pr + } + ia = NULL; + if (nres < 0) { ++ iov_iter_revert(iter, nbytes); + err = nres; + break; + } +@@ -1473,8 +1474,10 @@ ssize_t fuse_direct_io(struct fuse_io_pr + count -= nres; + res += nres; + pos += nres; +- if (nres != nbytes) ++ if (nres != nbytes) { ++ iov_iter_revert(iter, nbytes - nres); + break; ++ } + if (count) { + max_pages = iov_iter_npages(iter, fc->max_pages); + ia = fuse_io_alloc(io, max_pages); diff --git a/queue-5.4/mm-mmu_gather-invalidate-tlb-correctly-on-batch-allocation-failure-and-flush.patch b/queue-5.4/mm-mmu_gather-invalidate-tlb-correctly-on-batch-allocation-failure-and-flush.patch new file mode 100644 index 00000000000..797d88ae68e --- /dev/null +++ b/queue-5.4/mm-mmu_gather-invalidate-tlb-correctly-on-batch-allocation-failure-and-flush.patch @@ -0,0 +1,183 @@ +From 0ed1325967ab5f7a4549a2641c6ebe115f76e228 Mon Sep 17 00:00:00 2001 +From: Peter Zijlstra +Date: Mon, 3 Feb 2020 17:36:49 -0800 +Subject: mm/mmu_gather: invalidate TLB correctly on batch allocation failure and flush + +From: Peter Zijlstra + +commit 0ed1325967ab5f7a4549a2641c6ebe115f76e228 upstream. + +Architectures for which we have hardware walkers of Linux page table +should flush TLB on mmu gather batch allocation failures and batch flush. +Some architectures like POWER supports multiple translation modes (hash +and radix) and in the case of POWER only radix translation mode needs the +above TLBI. This is because for hash translation mode kernel wants to +avoid this extra flush since there are no hardware walkers of linux page +table. With radix translation, the hardware also walks linux page table +and with that, kernel needs to make sure to TLB invalidate page walk cache +before page table pages are freed. + +More details in commit d86564a2f085 ("mm/tlb, x86/mm: Support invalidating +TLB caches for RCU_TABLE_FREE") + +The changes to sparc are to make sure we keep the old behavior since we +are now removing HAVE_RCU_TABLE_NO_INVALIDATE. The default value for +tlb_needs_table_invalidate is to always force an invalidate and sparc can +avoid the table invalidate. Hence we define tlb_needs_table_invalidate to +false for sparc architecture. + +Link: http://lkml.kernel.org/r/20200116064531.483522-3-aneesh.kumar@linux.ibm.com +Fixes: a46cc7a90fd8 ("powerpc/mm/radix: Improve TLB/PWC flushes") +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Michael Ellerman [powerpc] +Cc: [4.14+] +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + arch/Kconfig | 3 --- + arch/powerpc/Kconfig | 1 - + arch/powerpc/include/asm/tlb.h | 11 +++++++++++ + arch/sparc/Kconfig | 1 - + arch/sparc/include/asm/tlb_64.h | 9 +++++++++ + include/asm-generic/tlb.h | 22 +++++++++++++++------- + mm/mmu_gather.c | 16 ++++++++-------- + 7 files changed, 43 insertions(+), 20 deletions(-) + +--- a/arch/Kconfig ++++ b/arch/Kconfig +@@ -396,9 +396,6 @@ config HAVE_ARCH_JUMP_LABEL_RELATIVE + config HAVE_RCU_TABLE_FREE + bool + +-config HAVE_RCU_TABLE_NO_INVALIDATE +- bool +- + config HAVE_MMU_GATHER_PAGE_SIZE + bool + +--- a/arch/powerpc/Kconfig ++++ b/arch/powerpc/Kconfig +@@ -222,7 +222,6 @@ config PPC + select HAVE_PERF_REGS + select HAVE_PERF_USER_STACK_DUMP + select HAVE_RCU_TABLE_FREE +- select HAVE_RCU_TABLE_NO_INVALIDATE if HAVE_RCU_TABLE_FREE + select HAVE_MMU_GATHER_PAGE_SIZE + select HAVE_REGS_AND_STACK_ACCESS_API + select HAVE_RELIABLE_STACKTRACE if PPC_BOOK3S_64 && CPU_LITTLE_ENDIAN +--- a/arch/powerpc/include/asm/tlb.h ++++ b/arch/powerpc/include/asm/tlb.h +@@ -26,6 +26,17 @@ + + #define tlb_flush tlb_flush + extern void tlb_flush(struct mmu_gather *tlb); ++/* ++ * book3s: ++ * Hash does not use the linux page-tables, so we can avoid ++ * the TLB invalidate for page-table freeing, Radix otoh does use the ++ * page-tables and needs the TLBI. ++ * ++ * nohash: ++ * We still do TLB invalidate in the __pte_free_tlb routine before we ++ * add the page table pages to mmu gather table batch. ++ */ ++#define tlb_needs_table_invalidate() radix_enabled() + + /* Get the generic bits... */ + #include +--- a/arch/sparc/Kconfig ++++ b/arch/sparc/Kconfig +@@ -65,7 +65,6 @@ config SPARC64 + select HAVE_KRETPROBES + select HAVE_KPROBES + select HAVE_RCU_TABLE_FREE if SMP +- select HAVE_RCU_TABLE_NO_INVALIDATE if HAVE_RCU_TABLE_FREE + select HAVE_MEMBLOCK_NODE_MAP + select HAVE_ARCH_TRANSPARENT_HUGEPAGE + select HAVE_DYNAMIC_FTRACE +--- a/arch/sparc/include/asm/tlb_64.h ++++ b/arch/sparc/include/asm/tlb_64.h +@@ -28,6 +28,15 @@ void flush_tlb_pending(void); + #define __tlb_remove_tlb_entry(tlb, ptep, address) do { } while (0) + #define tlb_flush(tlb) flush_tlb_pending() + ++/* ++ * SPARC64's hardware TLB fill does not use the Linux page-tables ++ * and therefore we don't need a TLBI when freeing page-table pages. ++ */ ++ ++#ifdef CONFIG_HAVE_RCU_TABLE_FREE ++#define tlb_needs_table_invalidate() (false) ++#endif ++ + #include + + #endif /* _SPARC64_TLB_H */ +--- a/include/asm-generic/tlb.h ++++ b/include/asm-generic/tlb.h +@@ -137,13 +137,6 @@ + * When used, an architecture is expected to provide __tlb_remove_table() + * which does the actual freeing of these pages. + * +- * HAVE_RCU_TABLE_NO_INVALIDATE +- * +- * This makes HAVE_RCU_TABLE_FREE avoid calling tlb_flush_mmu_tlbonly() before +- * freeing the page-table pages. This can be avoided if you use +- * HAVE_RCU_TABLE_FREE and your architecture does _NOT_ use the Linux +- * page-tables natively. +- * + * MMU_GATHER_NO_RANGE + * + * Use this if your architecture lacks an efficient flush_tlb_range(). +@@ -189,8 +182,23 @@ struct mmu_table_batch { + + extern void tlb_remove_table(struct mmu_gather *tlb, void *table); + ++/* ++ * This allows an architecture that does not use the linux page-tables for ++ * hardware to skip the TLBI when freeing page tables. ++ */ ++#ifndef tlb_needs_table_invalidate ++#define tlb_needs_table_invalidate() (true) + #endif + ++#else ++ ++#ifdef tlb_needs_table_invalidate ++#error tlb_needs_table_invalidate() requires HAVE_RCU_TABLE_FREE ++#endif ++ ++#endif /* CONFIG_HAVE_RCU_TABLE_FREE */ ++ ++ + #ifndef CONFIG_HAVE_MMU_GATHER_NO_GATHER + /* + * If we can't allocate a page to make a big batch of page pointers +--- a/mm/mmu_gather.c ++++ b/mm/mmu_gather.c +@@ -102,14 +102,14 @@ bool __tlb_remove_page_size(struct mmu_g + */ + static inline void tlb_table_invalidate(struct mmu_gather *tlb) + { +-#ifndef CONFIG_HAVE_RCU_TABLE_NO_INVALIDATE +- /* +- * Invalidate page-table caches used by hardware walkers. Then we still +- * need to RCU-sched wait while freeing the pages because software +- * walkers can still be in-flight. +- */ +- tlb_flush_mmu_tlbonly(tlb); +-#endif ++ if (tlb_needs_table_invalidate()) { ++ /* ++ * Invalidate page-table caches used by hardware walkers. Then ++ * we still need to RCU-sched wait while freeing the pages ++ * because software walkers can still be in-flight. ++ */ ++ tlb_flush_mmu_tlbonly(tlb); ++ } + } + + static void tlb_remove_table_smp_sync(void *arg) diff --git a/queue-5.4/percpu-separate-decrypted-varaibles-anytime-encryption-can-be-enabled.patch b/queue-5.4/percpu-separate-decrypted-varaibles-anytime-encryption-can-be-enabled.patch new file mode 100644 index 00000000000..66384593aeb --- /dev/null +++ b/queue-5.4/percpu-separate-decrypted-varaibles-anytime-encryption-can-be-enabled.patch @@ -0,0 +1,40 @@ +From 264b0d2bee148073c117e7bbbde5be7125a53be1 Mon Sep 17 00:00:00 2001 +From: Erdem Aktas +Date: Fri, 13 Dec 2019 13:31:46 -0800 +Subject: percpu: Separate decrypted varaibles anytime encryption can be enabled + +From: Erdem Aktas + +commit 264b0d2bee148073c117e7bbbde5be7125a53be1 upstream. + +CONFIG_VIRTUALIZATION may not be enabled for memory encrypted guests. If +disabled, decrypted per-CPU variables may end up sharing the same page +with variables that should be left encrypted. + +Always separate per-CPU variables that should be decrypted into their own +page anytime memory encryption can be enabled in the guest rather than +rely on any other config option that may not be enabled. + +Fixes: ac26963a1175 ("percpu: Introduce DEFINE_PER_CPU_DECRYPTED") +Cc: stable@vger.kernel.org # 4.15+ +Signed-off-by: Erdem Aktas +Signed-off-by: David Rientjes +Signed-off-by: Dennis Zhou +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/percpu-defs.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/include/linux/percpu-defs.h ++++ b/include/linux/percpu-defs.h +@@ -175,8 +175,7 @@ + * Declaration/definition used for per-CPU variables that should be accessed + * as decrypted when memory encryption is enabled in the guest. + */ +-#if defined(CONFIG_VIRTUALIZATION) && defined(CONFIG_AMD_MEM_ENCRYPT) +- ++#ifdef CONFIG_AMD_MEM_ENCRYPT + #define DECLARE_PER_CPU_DECRYPTED(type, name) \ + DECLARE_PER_CPU_SECTION(type, name, "..decrypted") + diff --git a/queue-5.4/series b/queue-5.4/series index 3c9d61eb82d..b8a7efb5106 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -225,3 +225,12 @@ kvm-x86-revert-kvm-x86-fix-fpu-state-crash-in-kvm-guest.patch kvm-s390-do-not-clobber-registers-during-guest-reset-store-status.patch ocfs2-fix-oops-when-writing-cloned-file.patch mm-page_alloc.c-fix-uninitialized-memmaps-on-a-partially-populated-last-section.patch +arm64-dts-qcom-qcs404-evb-set-vdd_apc-regulator-in-high-power-mode.patch +mm-mmu_gather-invalidate-tlb-correctly-on-batch-allocation-failure-and-flush.patch +clk-tegra-mark-fuse-clock-as-critical.patch +drm-amd-dm-mst-ignore-payload-update-failures.patch +virtio-balloon-initialize-all-vq-callbacks.patch +virtio-pci-check-name-when-counting-msi-x-vectors.patch +fix-up-iter-on-short-count-in-fuse_direct_io.patch +broken-ping-to-ipv6-linklocal-addresses-on-debian-buster.patch +percpu-separate-decrypted-varaibles-anytime-encryption-can-be-enabled.patch diff --git a/queue-5.4/virtio-balloon-initialize-all-vq-callbacks.patch b/queue-5.4/virtio-balloon-initialize-all-vq-callbacks.patch new file mode 100644 index 00000000000..a599352260f --- /dev/null +++ b/queue-5.4/virtio-balloon-initialize-all-vq-callbacks.patch @@ -0,0 +1,42 @@ +From 5790b53390e18fdd21e70776e46d058c05eda2f2 Mon Sep 17 00:00:00 2001 +From: Daniel Verkamp +Date: Fri, 3 Jan 2020 10:40:43 -0800 +Subject: virtio-balloon: initialize all vq callbacks + +From: Daniel Verkamp + +commit 5790b53390e18fdd21e70776e46d058c05eda2f2 upstream. + +Ensure that elements of the callbacks array that correspond to +unavailable features are set to NULL; previously, they would be left +uninitialized. + +Since the corresponding names array elements were explicitly set to +NULL, the uninitialized callback pointers would not actually be +dereferenced; however, the uninitialized callbacks elements would still +be read in vp_find_vqs_msix() and used to calculate the number of MSI-X +vectors required. + +Cc: stable@vger.kernel.org +Fixes: 86a559787e6f ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT") +Reviewed-by: Cornelia Huck +Signed-off-by: Daniel Verkamp +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/virtio/virtio_balloon.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/virtio/virtio_balloon.c ++++ b/drivers/virtio/virtio_balloon.c +@@ -474,7 +474,9 @@ static int init_vqs(struct virtio_balloo + names[VIRTIO_BALLOON_VQ_INFLATE] = "inflate"; + callbacks[VIRTIO_BALLOON_VQ_DEFLATE] = balloon_ack; + names[VIRTIO_BALLOON_VQ_DEFLATE] = "deflate"; ++ callbacks[VIRTIO_BALLOON_VQ_STATS] = NULL; + names[VIRTIO_BALLOON_VQ_STATS] = NULL; ++ callbacks[VIRTIO_BALLOON_VQ_FREE_PAGE] = NULL; + names[VIRTIO_BALLOON_VQ_FREE_PAGE] = NULL; + + if (virtio_has_feature(vb->vdev, VIRTIO_BALLOON_F_STATS_VQ)) { diff --git a/queue-5.4/virtio-pci-check-name-when-counting-msi-x-vectors.patch b/queue-5.4/virtio-pci-check-name-when-counting-msi-x-vectors.patch new file mode 100644 index 00000000000..a572d680b12 --- /dev/null +++ b/queue-5.4/virtio-pci-check-name-when-counting-msi-x-vectors.patch @@ -0,0 +1,42 @@ +From 303090b513fd1ee45aa1536b71a3838dc054bc05 Mon Sep 17 00:00:00 2001 +From: Daniel Verkamp +Date: Fri, 3 Jan 2020 10:40:45 -0800 +Subject: virtio-pci: check name when counting MSI-X vectors + +From: Daniel Verkamp + +commit 303090b513fd1ee45aa1536b71a3838dc054bc05 upstream. + +VQs without a name specified are not valid; they are skipped in the +later loop that assigns MSI-X vectors to queues, but the per_vq_vectors +loop above that counts the required number of vectors previously still +counted any queue with a non-NULL callback as needing a vector. + +Add a check to the per_vq_vectors loop so that vectors with no name are +not counted to make the two loops consistent. This prevents +over-counting unnecessary vectors (e.g. for features which were not +negotiated with the device). + +Cc: stable@vger.kernel.org +Fixes: 86a559787e6f ("virtio-balloon: VIRTIO_BALLOON_F_FREE_PAGE_HINT") +Reviewed-by: Cornelia Huck +Signed-off-by: Daniel Verkamp +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Wang, Wei W +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/virtio/virtio_pci_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/virtio/virtio_pci_common.c ++++ b/drivers/virtio/virtio_pci_common.c +@@ -294,7 +294,7 @@ static int vp_find_vqs_msix(struct virti + /* Best option: one for change interrupt, one per vq. */ + nvectors = 1; + for (i = 0; i < nvqs; ++i) +- if (callbacks[i]) ++ if (names[i] && callbacks[i]) + ++nvectors; + } else { + /* Second best: one for change, shared for all vqs. */