From 192b7a66a1f0a6c4fce51825a660f92b6b0bb161 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 1 Mar 2021 12:52:03 +0100 Subject: [PATCH] 5.11-stable patches added patches: entry-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch entry-kvm-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch floppy-reintroduce-o_ndelay-fix.patch kprobes-fix-to-delay-the-kprobes-jump-optimization.patch media-i2c-max9286-fix-access-to-unallocated-memory.patch media-ipu3-cio2-fix-mbus_code-processing-in-cio2_subdev_set_fmt.patch media-ir_toy-add-another-ir-droid-device.patch media-marvell-ccic-power-up-the-device-on-mclk-enable.patch media-smipcie-fix-interrupt-handling-and-ir-timeout.patch media-v4l-ioctl-fix-memory-leak-in-video_usercopy.patch powerpc-prom-fix-ibm-arch-vec-5-platform-support-scan.patch rcu-nocb-perform-deferred-wake-up-before-last-idle-s-need_resched-check.patch rcu-nocb-trigger-self-ipi-on-late-deferred-wake-up-before-user-resume.patch rcu-pull-deferred-rcuog-wake-up-to-rcu_eqs_enter-callers.patch x86-entry-fix-instrumentation-annotation.patch x86-fault-fix-amd-erratum-91-errata-fixup-for-user-code.patch x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch x86-virt-eat-faults-on-vmxoff-in-reboot-flows.patch --- ...akeup-before-last-rescheduling-point.patch | 71 +++++++ ...akeup-before-last-rescheduling-point.patch | 147 +++++++++++++++ .../floppy-reintroduce-o_ndelay-fix.patch | 83 +++++++++ ...-delay-the-kprobes-jump-optimization.patch | 115 ++++++++++++ ...286-fix-access-to-unallocated-memory.patch | 37 ++++ ...de-processing-in-cio2_subdev_set_fmt.patch | 35 ++++ ...a-ir_toy-add-another-ir-droid-device.patch | 32 ++++ ...c-power-up-the-device-on-mclk-enable.patch | 39 ++++ ...ix-interrupt-handling-and-ir-timeout.patch | 109 +++++++++++ ...tl-fix-memory-leak-in-video_usercopy.patch | 103 +++++++++++ ...ibm-arch-vec-5-platform-support-scan.patch | 59 ++++++ ...efore-last-idle-s-need_resched-check.patch | 90 +++++++++ ...-deferred-wake-up-before-user-resume.patch | 174 ++++++++++++++++++ ...uog-wake-up-to-rcu_eqs_enter-callers.patch | 59 ++++++ queue-5.11/series | 18 ++ ...entry-fix-instrumentation-annotation.patch | 33 ++++ ...rratum-91-errata-fixup-for-user-code.patch | 95 ++++++++++ ...to-exit-vmx-root-if-vmx-is-supported.patch | 72 ++++++++ ...eat-faults-on-vmxoff-in-reboot-flows.patch | 64 +++++++ 19 files changed, 1435 insertions(+) create mode 100644 queue-5.11/entry-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch create mode 100644 queue-5.11/entry-kvm-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch create mode 100644 queue-5.11/floppy-reintroduce-o_ndelay-fix.patch create mode 100644 queue-5.11/kprobes-fix-to-delay-the-kprobes-jump-optimization.patch create mode 100644 queue-5.11/media-i2c-max9286-fix-access-to-unallocated-memory.patch create mode 100644 queue-5.11/media-ipu3-cio2-fix-mbus_code-processing-in-cio2_subdev_set_fmt.patch create mode 100644 queue-5.11/media-ir_toy-add-another-ir-droid-device.patch create mode 100644 queue-5.11/media-marvell-ccic-power-up-the-device-on-mclk-enable.patch create mode 100644 queue-5.11/media-smipcie-fix-interrupt-handling-and-ir-timeout.patch create mode 100644 queue-5.11/media-v4l-ioctl-fix-memory-leak-in-video_usercopy.patch create mode 100644 queue-5.11/powerpc-prom-fix-ibm-arch-vec-5-platform-support-scan.patch create mode 100644 queue-5.11/rcu-nocb-perform-deferred-wake-up-before-last-idle-s-need_resched-check.patch create mode 100644 queue-5.11/rcu-nocb-trigger-self-ipi-on-late-deferred-wake-up-before-user-resume.patch create mode 100644 queue-5.11/rcu-pull-deferred-rcuog-wake-up-to-rcu_eqs_enter-callers.patch create mode 100644 queue-5.11/x86-entry-fix-instrumentation-annotation.patch create mode 100644 queue-5.11/x86-fault-fix-amd-erratum-91-errata-fixup-for-user-code.patch create mode 100644 queue-5.11/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch create mode 100644 queue-5.11/x86-virt-eat-faults-on-vmxoff-in-reboot-flows.patch diff --git a/queue-5.11/entry-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch b/queue-5.11/entry-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch new file mode 100644 index 00000000000..574222dd08b --- /dev/null +++ b/queue-5.11/entry-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch @@ -0,0 +1,71 @@ +From 47b8ff194c1fd73d58dc339b597d466fe48c8958 Mon Sep 17 00:00:00 2001 +From: Frederic Weisbecker +Date: Mon, 1 Feb 2021 00:05:47 +0100 +Subject: entry: Explicitly flush pending rcuog wakeup before last rescheduling point + +From: Frederic Weisbecker + +commit 47b8ff194c1fd73d58dc339b597d466fe48c8958 upstream. + +Following the idle loop model, cleanly check for pending rcuog wakeup +before the last rescheduling point on resuming to user mode. This +way we can avoid to do it from rcu_user_enter() with the last resort +self-IPI hack that enforces rescheduling. + +Signed-off-by: Frederic Weisbecker +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Ingo Molnar +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20210131230548.32970-5-frederic@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/entry/common.c | 7 +++++++ + kernel/rcu/tree.c | 12 +++++++----- + 2 files changed, 14 insertions(+), 5 deletions(-) + +--- a/kernel/entry/common.c ++++ b/kernel/entry/common.c +@@ -184,6 +184,10 @@ static unsigned long exit_to_user_mode_l + * enabled above. + */ + local_irq_disable_exit_to_user(); ++ ++ /* Check if any of the above work has queued a deferred wakeup */ ++ rcu_nocb_flush_deferred_wakeup(); ++ + ti_work = READ_ONCE(current_thread_info()->flags); + } + +@@ -197,6 +201,9 @@ static void exit_to_user_mode_prepare(st + + lockdep_assert_irqs_disabled(); + ++ /* Flush pending rcuog wakeup before the last need_resched() check */ ++ rcu_nocb_flush_deferred_wakeup(); ++ + if (unlikely(ti_work & EXIT_TO_USER_MODE_WORK)) + ti_work = exit_to_user_mode_loop(regs, ti_work); + +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -707,13 +707,15 @@ noinstr void rcu_user_enter(void) + lockdep_assert_irqs_disabled(); + + /* +- * We may be past the last rescheduling opportunity in the entry code. +- * Trigger a self IPI that will fire and reschedule once we resume to +- * user/guest mode. ++ * Other than generic entry implementation, we may be past the last ++ * rescheduling opportunity in the entry code. Trigger a self IPI ++ * that will fire and reschedule once we resume in user/guest mode. + */ + instrumentation_begin(); +- if (do_nocb_deferred_wakeup(rdp) && need_resched()) +- irq_work_queue(this_cpu_ptr(&late_wakeup_work)); ++ if (!IS_ENABLED(CONFIG_GENERIC_ENTRY) || (current->flags & PF_VCPU)) { ++ if (do_nocb_deferred_wakeup(rdp) && need_resched()) ++ irq_work_queue(this_cpu_ptr(&late_wakeup_work)); ++ } + instrumentation_end(); + + rcu_eqs_enter(true); diff --git a/queue-5.11/entry-kvm-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch b/queue-5.11/entry-kvm-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch new file mode 100644 index 00000000000..ea77f9918ac --- /dev/null +++ b/queue-5.11/entry-kvm-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch @@ -0,0 +1,147 @@ +From 4ae7dc97f726ea95c58ac58af71cc034ad22d7de Mon Sep 17 00:00:00 2001 +From: Frederic Weisbecker +Date: Mon, 1 Feb 2021 00:05:48 +0100 +Subject: entry/kvm: Explicitly flush pending rcuog wakeup before last rescheduling point + +From: Frederic Weisbecker + +commit 4ae7dc97f726ea95c58ac58af71cc034ad22d7de upstream. + +Following the idle loop model, cleanly check for pending rcuog wakeup +before the last rescheduling point upon resuming to guest mode. This +way we can avoid to do it from rcu_user_enter() with the last resort +self-IPI hack that enforces rescheduling. + +Suggested-by: Peter Zijlstra +Signed-off-by: Frederic Weisbecker +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Ingo Molnar +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20210131230548.32970-6-frederic@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/x86.c | 1 + + include/linux/entry-kvm.h | 14 ++++++++++++++ + kernel/rcu/tree.c | 44 ++++++++++++++++++++++++++++++++++---------- + kernel/rcu/tree_plugin.h | 1 + + 4 files changed, 50 insertions(+), 10 deletions(-) + +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -1782,6 +1782,7 @@ EXPORT_SYMBOL_GPL(kvm_emulate_wrmsr); + + bool kvm_vcpu_exit_request(struct kvm_vcpu *vcpu) + { ++ xfer_to_guest_mode_prepare(); + return vcpu->mode == EXITING_GUEST_MODE || kvm_request_pending(vcpu) || + xfer_to_guest_mode_work_pending(); + } +--- a/include/linux/entry-kvm.h ++++ b/include/linux/entry-kvm.h +@@ -47,6 +47,20 @@ static inline int arch_xfer_to_guest_mod + int xfer_to_guest_mode_handle_work(struct kvm_vcpu *vcpu); + + /** ++ * xfer_to_guest_mode_prepare - Perform last minute preparation work that ++ * need to be handled while IRQs are disabled ++ * upon entering to guest. ++ * ++ * Has to be invoked with interrupts disabled before the last call ++ * to xfer_to_guest_mode_work_pending(). ++ */ ++static inline void xfer_to_guest_mode_prepare(void) ++{ ++ lockdep_assert_irqs_disabled(); ++ rcu_nocb_flush_deferred_wakeup(); ++} ++ ++/** + * __xfer_to_guest_mode_work_pending - Check if work is pending + * + * Returns: True if work pending, False otherwise. +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -678,9 +678,10 @@ EXPORT_SYMBOL_GPL(rcu_idle_enter); + + #ifdef CONFIG_NO_HZ_FULL + ++#if !defined(CONFIG_GENERIC_ENTRY) || !defined(CONFIG_KVM_XFER_TO_GUEST_WORK) + /* + * An empty function that will trigger a reschedule on +- * IRQ tail once IRQs get re-enabled on userspace resume. ++ * IRQ tail once IRQs get re-enabled on userspace/guest resume. + */ + static void late_wakeup_func(struct irq_work *work) + { +@@ -689,6 +690,37 @@ static void late_wakeup_func(struct irq_ + static DEFINE_PER_CPU(struct irq_work, late_wakeup_work) = + IRQ_WORK_INIT(late_wakeup_func); + ++/* ++ * If either: ++ * ++ * 1) the task is about to enter in guest mode and $ARCH doesn't support KVM generic work ++ * 2) the task is about to enter in user mode and $ARCH doesn't support generic entry. ++ * ++ * In these cases the late RCU wake ups aren't supported in the resched loops and our ++ * last resort is to fire a local irq_work that will trigger a reschedule once IRQs ++ * get re-enabled again. ++ */ ++noinstr static void rcu_irq_work_resched(void) ++{ ++ struct rcu_data *rdp = this_cpu_ptr(&rcu_data); ++ ++ if (IS_ENABLED(CONFIG_GENERIC_ENTRY) && !(current->flags & PF_VCPU)) ++ return; ++ ++ if (IS_ENABLED(CONFIG_KVM_XFER_TO_GUEST_WORK) && (current->flags & PF_VCPU)) ++ return; ++ ++ instrumentation_begin(); ++ if (do_nocb_deferred_wakeup(rdp) && need_resched()) { ++ irq_work_queue(this_cpu_ptr(&late_wakeup_work)); ++ } ++ instrumentation_end(); ++} ++ ++#else ++static inline void rcu_irq_work_resched(void) { } ++#endif ++ + /** + * rcu_user_enter - inform RCU that we are resuming userspace. + * +@@ -702,8 +734,6 @@ static DEFINE_PER_CPU(struct irq_work, l + */ + noinstr void rcu_user_enter(void) + { +- struct rcu_data *rdp = this_cpu_ptr(&rcu_data); +- + lockdep_assert_irqs_disabled(); + + /* +@@ -711,13 +741,7 @@ noinstr void rcu_user_enter(void) + * rescheduling opportunity in the entry code. Trigger a self IPI + * that will fire and reschedule once we resume in user/guest mode. + */ +- instrumentation_begin(); +- if (!IS_ENABLED(CONFIG_GENERIC_ENTRY) || (current->flags & PF_VCPU)) { +- if (do_nocb_deferred_wakeup(rdp) && need_resched()) +- irq_work_queue(this_cpu_ptr(&late_wakeup_work)); +- } +- instrumentation_end(); +- ++ rcu_irq_work_resched(); + rcu_eqs_enter(true); + } + +--- a/kernel/rcu/tree_plugin.h ++++ b/kernel/rcu/tree_plugin.h +@@ -2197,6 +2197,7 @@ void rcu_nocb_flush_deferred_wakeup(void + { + do_nocb_deferred_wakeup(this_cpu_ptr(&rcu_data)); + } ++EXPORT_SYMBOL_GPL(rcu_nocb_flush_deferred_wakeup); + + void __init rcu_init_nohz(void) + { diff --git a/queue-5.11/floppy-reintroduce-o_ndelay-fix.patch b/queue-5.11/floppy-reintroduce-o_ndelay-fix.patch new file mode 100644 index 00000000000..6d8c6b25ab2 --- /dev/null +++ b/queue-5.11/floppy-reintroduce-o_ndelay-fix.patch @@ -0,0 +1,83 @@ +From 8a0c014cd20516ade9654fc13b51345ec58e7be8 Mon Sep 17 00:00:00 2001 +From: Jiri Kosina +Date: Fri, 22 Jan 2021 12:13:20 +0100 +Subject: floppy: reintroduce O_NDELAY fix + +From: Jiri Kosina + +commit 8a0c014cd20516ade9654fc13b51345ec58e7be8 upstream. + +This issue was originally fixed in 09954bad4 ("floppy: refactor open() +flags handling"). + +The fix as a side-effect, however, introduce issue for open(O_ACCMODE) +that is being used for ioctl-only open. I wrote a fix for that, but +instead of it being merged, full revert of 09954bad4 was performed, +re-introducing the O_NDELAY / O_NONBLOCK issue, and it strikes again. + +This is a forward-port of the original fix to current codebase; the +original submission had the changelog below: + +==== +Commit 09954bad4 ("floppy: refactor open() flags handling"), as a +side-effect, causes open(/dev/fdX, O_ACCMODE) to fail. It turns out that +this is being used setfdprm userspace for ioctl-only open(). + +Reintroduce back the original behavior wrt !(FMODE_READ|FMODE_WRITE) +modes, while still keeping the original O_NDELAY bug fixed. + +Link: https://lore.kernel.org/r/nycvar.YFH.7.76.2101221209060.5622@cbobk.fhfr.pm +Cc: stable@vger.kernel.org +Reported-by: Wim Osterholt +Tested-by: Wim Osterholt +Reported-and-tested-by: Kurt Garloff +Fixes: 09954bad4 ("floppy: refactor open() flags handling") +Fixes: f2791e7ead ("Revert "floppy: refactor open() flags handling"") +Signed-off-by: Jiri Kosina +Signed-off-by: Denis Efremov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/floppy.c | 30 +++++++++++++++--------------- + 1 file changed, 15 insertions(+), 15 deletions(-) + +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -4121,23 +4121,23 @@ static int floppy_open(struct block_devi + if (fdc_state[FDC(drive)].rawcmd == 1) + fdc_state[FDC(drive)].rawcmd = 2; + +- if (!(mode & FMODE_NDELAY)) { +- if (mode & (FMODE_READ|FMODE_WRITE)) { +- drive_state[drive].last_checked = 0; +- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, +- &drive_state[drive].flags); +- if (bdev_check_media_change(bdev)) +- floppy_revalidate(bdev->bd_disk); +- if (test_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags)) +- goto out; +- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &drive_state[drive].flags)) +- goto out; +- } +- res = -EROFS; +- if ((mode & FMODE_WRITE) && +- !test_bit(FD_DISK_WRITABLE_BIT, &drive_state[drive].flags)) ++ if (mode & (FMODE_READ|FMODE_WRITE)) { ++ drive_state[drive].last_checked = 0; ++ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &drive_state[drive].flags); ++ if (bdev_check_media_change(bdev)) ++ floppy_revalidate(bdev->bd_disk); ++ if (test_bit(FD_DISK_CHANGED_BIT, &drive_state[drive].flags)) ++ goto out; ++ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &drive_state[drive].flags)) + goto out; + } ++ ++ res = -EROFS; ++ ++ if ((mode & FMODE_WRITE) && ++ !test_bit(FD_DISK_WRITABLE_BIT, &drive_state[drive].flags)) ++ goto out; ++ + mutex_unlock(&open_lock); + mutex_unlock(&floppy_mutex); + return 0; diff --git a/queue-5.11/kprobes-fix-to-delay-the-kprobes-jump-optimization.patch b/queue-5.11/kprobes-fix-to-delay-the-kprobes-jump-optimization.patch new file mode 100644 index 00000000000..55f973ea676 --- /dev/null +++ b/queue-5.11/kprobes-fix-to-delay-the-kprobes-jump-optimization.patch @@ -0,0 +1,115 @@ +From c85c9a2c6e368dc94907e63babb18a9788e5c9b6 Mon Sep 17 00:00:00 2001 +From: Masami Hiramatsu +Date: Thu, 18 Feb 2021 23:29:23 +0900 +Subject: kprobes: Fix to delay the kprobes jump optimization + +From: Masami Hiramatsu + +commit c85c9a2c6e368dc94907e63babb18a9788e5c9b6 upstream. + +Commit 36dadef23fcc ("kprobes: Init kprobes in early_initcall") +moved the kprobe setup in early_initcall(), which includes kprobe +jump optimization. +The kprobes jump optimizer involves synchronize_rcu_tasks() which +depends on the ksoftirqd and rcu_spawn_tasks_*(). However, since +those are setup in core_initcall(), kprobes jump optimizer can not +run at the early_initcall(). + +To avoid this issue, make the kprobe optimization disabled in the +early_initcall() and enables it in subsys_initcall(). + +Note that non-optimized kprobes is still available after +early_initcall(). Only jump optimization is delayed. + +Link: https://lkml.kernel.org/r/161365856280.719838.12423085451287256713.stgit@devnote2 + +Fixes: 36dadef23fcc ("kprobes: Init kprobes in early_initcall") +Cc: Ingo Molnar +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: RCU +Cc: Michael Ellerman +Cc: Andrew Morton +Cc: Daniel Axtens +Cc: Frederic Weisbecker +Cc: Neeraj Upadhyay +Cc: Joel Fernandes +Cc: Michal Hocko +Cc: "Theodore Y . Ts'o" +Cc: Oleksiy Avramchenko +Cc: stable@vger.kernel.org +Reported-by: Paul E. McKenney +Reported-by: Sebastian Andrzej Siewior +Reported-by: Uladzislau Rezki +Acked-by: Paul E. McKenney +Signed-off-by: Masami Hiramatsu +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/kprobes.c | 31 +++++++++++++++++++++---------- + 1 file changed, 21 insertions(+), 10 deletions(-) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -861,7 +861,6 @@ out: + cpus_read_unlock(); + } + +-#ifdef CONFIG_SYSCTL + static void optimize_all_kprobes(void) + { + struct hlist_head *head; +@@ -887,6 +886,7 @@ out: + mutex_unlock(&kprobe_mutex); + } + ++#ifdef CONFIG_SYSCTL + static void unoptimize_all_kprobes(void) + { + struct hlist_head *head; +@@ -2497,18 +2497,14 @@ static int __init init_kprobes(void) + } + } + +-#if defined(CONFIG_OPTPROBES) +-#if defined(__ARCH_WANT_KPROBES_INSN_SLOT) +- /* Init kprobe_optinsn_slots */ +- kprobe_optinsn_slots.insn_size = MAX_OPTINSN_SIZE; +-#endif +- /* By default, kprobes can be optimized */ +- kprobes_allow_optimization = true; +-#endif +- + /* By default, kprobes are armed */ + kprobes_all_disarmed = false; + ++#if defined(CONFIG_OPTPROBES) && defined(__ARCH_WANT_KPROBES_INSN_SLOT) ++ /* Init kprobe_optinsn_slots for allocation */ ++ kprobe_optinsn_slots.insn_size = MAX_OPTINSN_SIZE; ++#endif ++ + err = arch_init_kprobes(); + if (!err) + err = register_die_notifier(&kprobe_exceptions_nb); +@@ -2523,6 +2519,21 @@ static int __init init_kprobes(void) + } + early_initcall(init_kprobes); + ++#if defined(CONFIG_OPTPROBES) ++static int __init init_optprobes(void) ++{ ++ /* ++ * Enable kprobe optimization - this kicks the optimizer which ++ * depends on synchronize_rcu_tasks() and ksoftirqd, that is ++ * not spawned in early initcall. So delay the optimization. ++ */ ++ optimize_all_kprobes(); ++ ++ return 0; ++} ++subsys_initcall(init_optprobes); ++#endif ++ + #ifdef CONFIG_DEBUG_FS + static void report_probe(struct seq_file *pi, struct kprobe *p, + const char *sym, int offset, char *modname, struct kprobe *pp) diff --git a/queue-5.11/media-i2c-max9286-fix-access-to-unallocated-memory.patch b/queue-5.11/media-i2c-max9286-fix-access-to-unallocated-memory.patch new file mode 100644 index 00000000000..9b8d2085966 --- /dev/null +++ b/queue-5.11/media-i2c-max9286-fix-access-to-unallocated-memory.patch @@ -0,0 +1,37 @@ +From e88ccf09e79cf33cac40316ba69c820d9eebc82b Mon Sep 17 00:00:00 2001 +From: Tomi Valkeinen +Date: Mon, 18 Jan 2021 09:14:46 +0100 +Subject: media: i2c: max9286: fix access to unallocated memory + +From: Tomi Valkeinen + +commit e88ccf09e79cf33cac40316ba69c820d9eebc82b upstream. + +The asd allocated with v4l2_async_notifier_add_fwnode_subdev() must be +of size max9286_asd, otherwise access to max9286_asd->source will go to +unallocated memory. + +Fixes: 86d37bf31af6 ("media: i2c: max9286: Allocate v4l2_async_subdev dynamically") +Signed-off-by: Tomi Valkeinen +Cc: stable@vger.kernel.org # v5.10+ +Reviewed-by: Laurent Pinchart +Reviewed-by: Kieran Bingham +Tested-by: Kieran Bingham +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/i2c/max9286.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/media/i2c/max9286.c ++++ b/drivers/media/i2c/max9286.c +@@ -580,7 +580,7 @@ static int max9286_v4l2_notifier_registe + + asd = v4l2_async_notifier_add_fwnode_subdev(&priv->notifier, + source->fwnode, +- sizeof(*asd)); ++ sizeof(struct max9286_asd)); + if (IS_ERR(asd)) { + dev_err(dev, "Failed to add subdev for source %u: %ld", + i, PTR_ERR(asd)); diff --git a/queue-5.11/media-ipu3-cio2-fix-mbus_code-processing-in-cio2_subdev_set_fmt.patch b/queue-5.11/media-ipu3-cio2-fix-mbus_code-processing-in-cio2_subdev_set_fmt.patch new file mode 100644 index 00000000000..a6dd312b9df --- /dev/null +++ b/queue-5.11/media-ipu3-cio2-fix-mbus_code-processing-in-cio2_subdev_set_fmt.patch @@ -0,0 +1,35 @@ +From 334de4b45892f7e67074e1b1b2ac36fd3e091118 Mon Sep 17 00:00:00 2001 +From: Pavel Machek +Date: Wed, 30 Dec 2020 13:55:50 +0100 +Subject: media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() + +From: Pavel Machek + +commit 334de4b45892f7e67074e1b1b2ac36fd3e091118 upstream. + +Loop was useless as it would always exit on the first iteration. Fix +it with right condition. + +Signed-off-by: Pavel Machek (CIP) +Fixes: a86cf9b29e8b ("media: ipu3-cio2: Validate mbus format in setting subdev format") +Tested-by: Laurent Pinchart +Reviewed-by: Laurent Pinchart +Cc: stable@vger.kernel.org # v4.16 and up +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/pci/intel/ipu3/ipu3-cio2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/media/pci/intel/ipu3/ipu3-cio2.c ++++ b/drivers/media/pci/intel/ipu3/ipu3-cio2.c +@@ -1269,7 +1269,7 @@ static int cio2_subdev_set_fmt(struct v4 + fmt->format.code = formats[0].mbus_code; + + for (i = 0; i < ARRAY_SIZE(formats); i++) { +- if (formats[i].mbus_code == fmt->format.code) { ++ if (formats[i].mbus_code == mbus_code) { + fmt->format.code = mbus_code; + break; + } diff --git a/queue-5.11/media-ir_toy-add-another-ir-droid-device.patch b/queue-5.11/media-ir_toy-add-another-ir-droid-device.patch new file mode 100644 index 00000000000..93931acbfc7 --- /dev/null +++ b/queue-5.11/media-ir_toy-add-another-ir-droid-device.patch @@ -0,0 +1,32 @@ +From 4487e0215560392bd11c9de08d60824d72c89cd9 Mon Sep 17 00:00:00 2001 +From: Sean Young +Date: Sun, 27 Dec 2020 14:45:01 +0100 +Subject: media: ir_toy: add another IR Droid device + +From: Sean Young + +commit 4487e0215560392bd11c9de08d60824d72c89cd9 upstream. + +This device is also supported. + +Cc: stable@vger.kernel.org +Tested-by: Georgi Bakalski +Reported-by: Georgi Bakalski +Signed-off-by: Sean Young +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/rc/ir_toy.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/media/rc/ir_toy.c ++++ b/drivers/media/rc/ir_toy.c +@@ -491,6 +491,7 @@ static void irtoy_disconnect(struct usb_ + + static const struct usb_device_id irtoy_table[] = { + { USB_DEVICE_INTERFACE_CLASS(0x04d8, 0xfd08, USB_CLASS_CDC_DATA) }, ++ { USB_DEVICE_INTERFACE_CLASS(0x04d8, 0xf58b, USB_CLASS_CDC_DATA) }, + { } + }; + diff --git a/queue-5.11/media-marvell-ccic-power-up-the-device-on-mclk-enable.patch b/queue-5.11/media-marvell-ccic-power-up-the-device-on-mclk-enable.patch new file mode 100644 index 00000000000..33d3a61e105 --- /dev/null +++ b/queue-5.11/media-marvell-ccic-power-up-the-device-on-mclk-enable.patch @@ -0,0 +1,39 @@ +From 655ae29da72a693cf294bba3c3322e662ff75bd3 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Wed, 27 Jan 2021 19:01:43 +0100 +Subject: media: marvell-ccic: power up the device on mclk enable + +From: Lubomir Rintel + +commit 655ae29da72a693cf294bba3c3322e662ff75bd3 upstream. + +Writing to REG_CLKCTRL with the power off causes a hang. Enable the +device first. + +Cc: stable@vger.kernel.org # 5.10+ +Signed-off-by: Lubomir Rintel +Signed-off-by: Sakari Ailus +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/platform/marvell-ccic/mcam-core.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/media/platform/marvell-ccic/mcam-core.c ++++ b/drivers/media/platform/marvell-ccic/mcam-core.c +@@ -931,6 +931,7 @@ static int mclk_enable(struct clk_hw *hw + mclk_div = 2; + } + ++ pm_runtime_get_sync(cam->dev); + clk_enable(cam->clk[0]); + mcam_reg_write(cam, REG_CLKCTRL, (mclk_src << 29) | mclk_div); + mcam_ctlr_power_up(cam); +@@ -944,6 +945,7 @@ static void mclk_disable(struct clk_hw * + + mcam_ctlr_power_down(cam); + clk_disable(cam->clk[0]); ++ pm_runtime_put(cam->dev); + } + + static unsigned long mclk_recalc_rate(struct clk_hw *hw, diff --git a/queue-5.11/media-smipcie-fix-interrupt-handling-and-ir-timeout.patch b/queue-5.11/media-smipcie-fix-interrupt-handling-and-ir-timeout.patch new file mode 100644 index 00000000000..30af581921b --- /dev/null +++ b/queue-5.11/media-smipcie-fix-interrupt-handling-and-ir-timeout.patch @@ -0,0 +1,109 @@ +From 6532923237b427ed30cc7b4486f6f1ccdee3c647 Mon Sep 17 00:00:00 2001 +From: Sean Young +Date: Fri, 29 Jan 2021 11:54:53 +0100 +Subject: media: smipcie: fix interrupt handling and IR timeout + +From: Sean Young + +commit 6532923237b427ed30cc7b4486f6f1ccdee3c647 upstream. + +After the first IR message, interrupts are no longer received. In addition, +the code generates a timeout IR message of 10ms but sets the timeout value +to 100ms, so no timeout was ever generated. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=204317 + +Fixes: a49a7a4635de ("media: smipcie: add universal ir capability") +Tested-by: Laz Lev +Cc: stable@vger.kernel.org # v5.1+ +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/pci/smipcie/smipcie-ir.c | 48 ++++++++++++++++++--------------- + 1 file changed, 27 insertions(+), 21 deletions(-) + +--- a/drivers/media/pci/smipcie/smipcie-ir.c ++++ b/drivers/media/pci/smipcie/smipcie-ir.c +@@ -60,38 +60,44 @@ static void smi_ir_decode(struct smi_rc + { + struct smi_dev *dev = ir->dev; + struct rc_dev *rc_dev = ir->rc_dev; +- u32 dwIRControl, dwIRData; +- u8 index, ucIRCount, readLoop; ++ u32 control, data; ++ u8 index, ir_count, read_loop; + +- dwIRControl = smi_read(IR_Init_Reg); ++ control = smi_read(IR_Init_Reg); + +- if (dwIRControl & rbIRVld) { +- ucIRCount = (u8) smi_read(IR_Data_Cnt); ++ dev_dbg(&rc_dev->dev, "ircontrol: 0x%08x\n", control); + +- readLoop = ucIRCount/4; +- if (ucIRCount % 4) +- readLoop += 1; +- for (index = 0; index < readLoop; index++) { +- dwIRData = smi_read(IR_DATA_BUFFER_BASE + (index * 4)); +- +- ir->irData[index*4 + 0] = (u8)(dwIRData); +- ir->irData[index*4 + 1] = (u8)(dwIRData >> 8); +- ir->irData[index*4 + 2] = (u8)(dwIRData >> 16); +- ir->irData[index*4 + 3] = (u8)(dwIRData >> 24); ++ if (control & rbIRVld) { ++ ir_count = (u8)smi_read(IR_Data_Cnt); ++ ++ dev_dbg(&rc_dev->dev, "ircount %d\n", ir_count); ++ ++ read_loop = ir_count / 4; ++ if (ir_count % 4) ++ read_loop += 1; ++ for (index = 0; index < read_loop; index++) { ++ data = smi_read(IR_DATA_BUFFER_BASE + (index * 4)); ++ dev_dbg(&rc_dev->dev, "IRData 0x%08x\n", data); ++ ++ ir->irData[index * 4 + 0] = (u8)(data); ++ ir->irData[index * 4 + 1] = (u8)(data >> 8); ++ ir->irData[index * 4 + 2] = (u8)(data >> 16); ++ ir->irData[index * 4 + 3] = (u8)(data >> 24); + } +- smi_raw_process(rc_dev, ir->irData, ucIRCount); +- smi_set(IR_Init_Reg, rbIRVld); ++ smi_raw_process(rc_dev, ir->irData, ir_count); + } + +- if (dwIRControl & rbIRhighidle) { ++ if (control & rbIRhighidle) { + struct ir_raw_event rawir = {}; + ++ dev_dbg(&rc_dev->dev, "high idle\n"); ++ + rawir.pulse = 0; + rawir.duration = SMI_SAMPLE_PERIOD * SMI_SAMPLE_IDLEMIN; + ir_raw_event_store_with_filter(rc_dev, &rawir); +- smi_set(IR_Init_Reg, rbIRhighidle); + } + ++ smi_set(IR_Init_Reg, rbIRVld); + ir_raw_event_handle(rc_dev); + } + +@@ -150,7 +156,7 @@ int smi_ir_init(struct smi_dev *dev) + rc_dev->dev.parent = &dev->pci_dev->dev; + + rc_dev->map_name = dev->info->rc_map; +- rc_dev->timeout = MS_TO_US(100); ++ rc_dev->timeout = SMI_SAMPLE_PERIOD * SMI_SAMPLE_IDLEMIN; + rc_dev->rx_resolution = SMI_SAMPLE_PERIOD; + + ir->rc_dev = rc_dev; +@@ -173,7 +179,7 @@ void smi_ir_exit(struct smi_dev *dev) + struct smi_rc *ir = &dev->ir; + struct rc_dev *rc_dev = ir->rc_dev; + +- smi_ir_stop(ir); + rc_unregister_device(rc_dev); ++ smi_ir_stop(ir); + ir->rc_dev = NULL; + } diff --git a/queue-5.11/media-v4l-ioctl-fix-memory-leak-in-video_usercopy.patch b/queue-5.11/media-v4l-ioctl-fix-memory-leak-in-video_usercopy.patch new file mode 100644 index 00000000000..c835d92f256 --- /dev/null +++ b/queue-5.11/media-v4l-ioctl-fix-memory-leak-in-video_usercopy.patch @@ -0,0 +1,103 @@ +From fb18802a338b36f675a388fc03d2aa504a0d0899 Mon Sep 17 00:00:00 2001 +From: Sakari Ailus +Date: Sat, 19 Dec 2020 23:29:58 +0100 +Subject: media: v4l: ioctl: Fix memory leak in video_usercopy + +From: Sakari Ailus + +commit fb18802a338b36f675a388fc03d2aa504a0d0899 upstream. + +When an IOCTL with argument size larger than 128 that also used array +arguments were handled, two memory allocations were made but alas, only +the latter one of them was released. This happened because there was only +a single local variable to hold such a temporary allocation. + +Fix this by adding separate variables to hold the pointers to the +temporary allocations. + +Reported-by: Arnd Bergmann +Reported-by: syzbot+1115e79c8df6472c612b@syzkaller.appspotmail.com +Fixes: d14e6d76ebf7 ("[media] v4l: Add multi-planar ioctl handling code") +Cc: stable@vger.kernel.org +Signed-off-by: Sakari Ailus +Acked-by: Arnd Bergmann +Acked-by: Hans Verkuil +Reviewed-by: Laurent Pinchart +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/v4l2-core/v4l2-ioctl.c | 32 ++++++++++++++------------------ + 1 file changed, 14 insertions(+), 18 deletions(-) + +--- a/drivers/media/v4l2-core/v4l2-ioctl.c ++++ b/drivers/media/v4l2-core/v4l2-ioctl.c +@@ -3283,7 +3283,7 @@ video_usercopy(struct file *file, unsign + v4l2_kioctl func) + { + char sbuf[128]; +- void *mbuf = NULL; ++ void *mbuf = NULL, *array_buf = NULL; + void *parg = (void *)arg; + long err = -EINVAL; + bool has_array_args; +@@ -3318,27 +3318,21 @@ video_usercopy(struct file *file, unsign + has_array_args = err; + + if (has_array_args) { +- /* +- * When adding new types of array args, make sure that the +- * parent argument to ioctl (which contains the pointer to the +- * array) fits into sbuf (so that mbuf will still remain +- * unused up to here). +- */ +- mbuf = kvmalloc(array_size, GFP_KERNEL); ++ array_buf = kvmalloc(array_size, GFP_KERNEL); + err = -ENOMEM; +- if (NULL == mbuf) ++ if (array_buf == NULL) + goto out_array_args; + err = -EFAULT; + if (in_compat_syscall()) +- err = v4l2_compat_get_array_args(file, mbuf, user_ptr, +- array_size, orig_cmd, +- parg); ++ err = v4l2_compat_get_array_args(file, array_buf, ++ user_ptr, array_size, ++ orig_cmd, parg); + else +- err = copy_from_user(mbuf, user_ptr, array_size) ? ++ err = copy_from_user(array_buf, user_ptr, array_size) ? + -EFAULT : 0; + if (err) + goto out_array_args; +- *kernel_ptr = mbuf; ++ *kernel_ptr = array_buf; + } + + /* Handles IOCTL */ +@@ -3360,12 +3354,13 @@ video_usercopy(struct file *file, unsign + if (in_compat_syscall()) { + int put_err; + +- put_err = v4l2_compat_put_array_args(file, user_ptr, mbuf, +- array_size, orig_cmd, +- parg); ++ put_err = v4l2_compat_put_array_args(file, user_ptr, ++ array_buf, ++ array_size, ++ orig_cmd, parg); + if (put_err) + err = put_err; +- } else if (copy_to_user(user_ptr, mbuf, array_size)) { ++ } else if (copy_to_user(user_ptr, array_buf, array_size)) { + err = -EFAULT; + } + goto out_array_args; +@@ -3381,6 +3376,7 @@ out_array_args: + if (video_put_user((void __user *)arg, parg, cmd, orig_cmd)) + err = -EFAULT; + out: ++ kvfree(array_buf); + kvfree(mbuf); + return err; + } diff --git a/queue-5.11/powerpc-prom-fix-ibm-arch-vec-5-platform-support-scan.patch b/queue-5.11/powerpc-prom-fix-ibm-arch-vec-5-platform-support-scan.patch new file mode 100644 index 00000000000..c6af2e8f74a --- /dev/null +++ b/queue-5.11/powerpc-prom-fix-ibm-arch-vec-5-platform-support-scan.patch @@ -0,0 +1,59 @@ +From ed5b00a05c2ae95b59adc3442f45944ec632e794 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= +Date: Fri, 22 Jan 2021 08:50:29 +0100 +Subject: powerpc/prom: Fix "ibm,arch-vec-5-platform-support" scan +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Cédric Le Goater + +commit ed5b00a05c2ae95b59adc3442f45944ec632e794 upstream. + +The "ibm,arch-vec-5-platform-support" property is a list of pairs of +bytes representing the options and values supported by the platform +firmware. At boot time, Linux scans this list and activates the +available features it recognizes : Radix and XIVE. + +A recent change modified the number of entries to loop on and 8 bytes, +4 pairs of { options, values } entries are always scanned. This is +fine on KVM but not on PowerVM which can advertises less. As a +consequence on this platform, Linux reads extra entries pointing to +random data, interprets these as available features and tries to +activate them, leading to a firmware crash in +ibm,client-architecture-support. + +Fix that by using the property length of "ibm,arch-vec-5-platform-support". + +Fixes: ab91239942a9 ("powerpc/prom: Remove VLA in prom_check_platform_support()") +Cc: stable@vger.kernel.org # v4.20+ +Signed-off-by: Cédric Le Goater +Reviewed-by: Fabiano Rosas +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20210122075029.797013-1-clg@kaod.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/prom_init.c | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +--- a/arch/powerpc/kernel/prom_init.c ++++ b/arch/powerpc/kernel/prom_init.c +@@ -1331,14 +1331,10 @@ static void __init prom_check_platform_s + if (prop_len > sizeof(vec)) + prom_printf("WARNING: ibm,arch-vec-5-platform-support longer than expected (len: %d)\n", + prop_len); +- prom_getprop(prom.chosen, "ibm,arch-vec-5-platform-support", +- &vec, sizeof(vec)); +- for (i = 0; i < sizeof(vec); i += 2) { +- prom_debug("%d: index = 0x%x val = 0x%x\n", i / 2 +- , vec[i] +- , vec[i + 1]); +- prom_parse_platform_support(vec[i], vec[i + 1], +- &supported); ++ prom_getprop(prom.chosen, "ibm,arch-vec-5-platform-support", &vec, sizeof(vec)); ++ for (i = 0; i < prop_len; i += 2) { ++ prom_debug("%d: index = 0x%x val = 0x%x\n", i / 2, vec[i], vec[i + 1]); ++ prom_parse_platform_support(vec[i], vec[i + 1], &supported); + } + } + diff --git a/queue-5.11/rcu-nocb-perform-deferred-wake-up-before-last-idle-s-need_resched-check.patch b/queue-5.11/rcu-nocb-perform-deferred-wake-up-before-last-idle-s-need_resched-check.patch new file mode 100644 index 00000000000..f95f781cb42 --- /dev/null +++ b/queue-5.11/rcu-nocb-perform-deferred-wake-up-before-last-idle-s-need_resched-check.patch @@ -0,0 +1,90 @@ +From 43789ef3f7d61aa7bed0cb2764e588fc990c30ef Mon Sep 17 00:00:00 2001 +From: Frederic Weisbecker +Date: Mon, 1 Feb 2021 00:05:45 +0100 +Subject: rcu/nocb: Perform deferred wake up before last idle's need_resched() check + +From: Frederic Weisbecker + +commit 43789ef3f7d61aa7bed0cb2764e588fc990c30ef upstream. + +Entering RCU idle mode may cause a deferred wake up of an RCU NOCB_GP +kthread (rcuog) to be serviced. + +Usually a local wake up happening while running the idle task is handled +in one of the need_resched() checks carefully placed within the idle +loop that can break to the scheduler. + +Unfortunately the call to rcu_idle_enter() is already beyond the last +generic need_resched() check and we may halt the CPU with a resched +request unhandled, leaving the task hanging. + +Fix this with splitting the rcuog wakeup handling from rcu_idle_enter() +and place it before the last generic need_resched() check in the idle +loop. It is then assumed that no call to call_rcu() will be performed +after that in the idle loop until the CPU is put in low power mode. + +Fixes: 96d3fd0d315a (rcu: Break call_rcu() deadlock involving scheduler and perf) +Reported-by: Paul E. McKenney +Signed-off-by: Frederic Weisbecker +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Ingo Molnar +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20210131230548.32970-3-frederic@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/rcupdate.h | 2 ++ + kernel/rcu/tree.c | 3 --- + kernel/rcu/tree_plugin.h | 5 +++++ + kernel/sched/idle.c | 1 + + 4 files changed, 8 insertions(+), 3 deletions(-) + +--- a/include/linux/rcupdate.h ++++ b/include/linux/rcupdate.h +@@ -110,8 +110,10 @@ static inline void rcu_user_exit(void) { + + #ifdef CONFIG_RCU_NOCB_CPU + void rcu_init_nohz(void); ++void rcu_nocb_flush_deferred_wakeup(void); + #else /* #ifdef CONFIG_RCU_NOCB_CPU */ + static inline void rcu_init_nohz(void) { } ++static inline void rcu_nocb_flush_deferred_wakeup(void) { } + #endif /* #else #ifdef CONFIG_RCU_NOCB_CPU */ + + /** +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -671,10 +671,7 @@ static noinstr void rcu_eqs_enter(bool u + */ + void rcu_idle_enter(void) + { +- struct rcu_data *rdp = this_cpu_ptr(&rcu_data); +- + lockdep_assert_irqs_disabled(); +- do_nocb_deferred_wakeup(rdp); + rcu_eqs_enter(false); + } + EXPORT_SYMBOL_GPL(rcu_idle_enter); +--- a/kernel/rcu/tree_plugin.h ++++ b/kernel/rcu/tree_plugin.h +@@ -2187,6 +2187,11 @@ static void do_nocb_deferred_wakeup(stru + do_nocb_deferred_wakeup_common(rdp); + } + ++void rcu_nocb_flush_deferred_wakeup(void) ++{ ++ do_nocb_deferred_wakeup(this_cpu_ptr(&rcu_data)); ++} ++ + void __init rcu_init_nohz(void) + { + int cpu; +--- a/kernel/sched/idle.c ++++ b/kernel/sched/idle.c +@@ -285,6 +285,7 @@ static void do_idle(void) + } + + arch_cpu_idle_enter(); ++ rcu_nocb_flush_deferred_wakeup(); + + /* + * In poll mode we reenable interrupts and spin. Also if we diff --git a/queue-5.11/rcu-nocb-trigger-self-ipi-on-late-deferred-wake-up-before-user-resume.patch b/queue-5.11/rcu-nocb-trigger-self-ipi-on-late-deferred-wake-up-before-user-resume.patch new file mode 100644 index 00000000000..7acbaa4434c --- /dev/null +++ b/queue-5.11/rcu-nocb-trigger-self-ipi-on-late-deferred-wake-up-before-user-resume.patch @@ -0,0 +1,174 @@ +From f8bb5cae9616224a39cbb399de382d36ac41df10 Mon Sep 17 00:00:00 2001 +From: Frederic Weisbecker +Date: Mon, 1 Feb 2021 00:05:46 +0100 +Subject: rcu/nocb: Trigger self-IPI on late deferred wake up before user resume + +From: Frederic Weisbecker + +commit f8bb5cae9616224a39cbb399de382d36ac41df10 upstream. + +Entering RCU idle mode may cause a deferred wake up of an RCU NOCB_GP +kthread (rcuog) to be serviced. + +Unfortunately the call to rcu_user_enter() is already past the last +rescheduling opportunity before we resume to userspace or to guest mode. +We may escape there with the woken task ignored. + +The ultimate resort to fix every callsites is to trigger a self-IPI +(nohz_full depends on arch to implement arch_irq_work_raise()) that will +trigger a reschedule on IRQ tail or guest exit. + +Eventually every site that want a saner treatment will need to carefully +place a call to rcu_nocb_flush_deferred_wakeup() before the last explicit +need_resched() check upon resume. + +Fixes: 96d3fd0d315a (rcu: Break call_rcu() deadlock involving scheduler and perf) +Reported-by: Paul E. McKenney +Signed-off-by: Frederic Weisbecker +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Ingo Molnar +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20210131230548.32970-4-frederic@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/rcu/tree.c | 21 ++++++++++++++++++++- + kernel/rcu/tree.h | 2 +- + kernel/rcu/tree_plugin.h | 25 ++++++++++++++++--------- + 3 files changed, 37 insertions(+), 11 deletions(-) + +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -677,6 +677,18 @@ void rcu_idle_enter(void) + EXPORT_SYMBOL_GPL(rcu_idle_enter); + + #ifdef CONFIG_NO_HZ_FULL ++ ++/* ++ * An empty function that will trigger a reschedule on ++ * IRQ tail once IRQs get re-enabled on userspace resume. ++ */ ++static void late_wakeup_func(struct irq_work *work) ++{ ++} ++ ++static DEFINE_PER_CPU(struct irq_work, late_wakeup_work) = ++ IRQ_WORK_INIT(late_wakeup_func); ++ + /** + * rcu_user_enter - inform RCU that we are resuming userspace. + * +@@ -694,12 +706,19 @@ noinstr void rcu_user_enter(void) + + lockdep_assert_irqs_disabled(); + ++ /* ++ * We may be past the last rescheduling opportunity in the entry code. ++ * Trigger a self IPI that will fire and reschedule once we resume to ++ * user/guest mode. ++ */ + instrumentation_begin(); +- do_nocb_deferred_wakeup(rdp); ++ if (do_nocb_deferred_wakeup(rdp) && need_resched()) ++ irq_work_queue(this_cpu_ptr(&late_wakeup_work)); + instrumentation_end(); + + rcu_eqs_enter(true); + } ++ + #endif /* CONFIG_NO_HZ_FULL */ + + /** +--- a/kernel/rcu/tree.h ++++ b/kernel/rcu/tree.h +@@ -433,7 +433,7 @@ static bool rcu_nocb_try_bypass(struct r + static void __call_rcu_nocb_wake(struct rcu_data *rdp, bool was_empty, + unsigned long flags); + static int rcu_nocb_need_deferred_wakeup(struct rcu_data *rdp); +-static void do_nocb_deferred_wakeup(struct rcu_data *rdp); ++static bool do_nocb_deferred_wakeup(struct rcu_data *rdp); + static void rcu_boot_init_nocb_percpu_data(struct rcu_data *rdp); + static void rcu_spawn_cpu_nocb_kthread(int cpu); + static void __init rcu_spawn_nocb_kthreads(void); +--- a/kernel/rcu/tree_plugin.h ++++ b/kernel/rcu/tree_plugin.h +@@ -1631,8 +1631,8 @@ bool rcu_is_nocb_cpu(int cpu) + * Kick the GP kthread for this NOCB group. Caller holds ->nocb_lock + * and this function releases it. + */ +-static void wake_nocb_gp(struct rcu_data *rdp, bool force, +- unsigned long flags) ++static bool wake_nocb_gp(struct rcu_data *rdp, bool force, ++ unsigned long flags) + __releases(rdp->nocb_lock) + { + bool needwake = false; +@@ -1643,7 +1643,7 @@ static void wake_nocb_gp(struct rcu_data + trace_rcu_nocb_wake(rcu_state.name, rdp->cpu, + TPS("AlreadyAwake")); + rcu_nocb_unlock_irqrestore(rdp, flags); +- return; ++ return false; + } + del_timer(&rdp->nocb_timer); + rcu_nocb_unlock_irqrestore(rdp, flags); +@@ -1656,6 +1656,8 @@ static void wake_nocb_gp(struct rcu_data + raw_spin_unlock_irqrestore(&rdp_gp->nocb_gp_lock, flags); + if (needwake) + wake_up_process(rdp_gp->nocb_gp_kthread); ++ ++ return needwake; + } + + /* +@@ -2152,20 +2154,23 @@ static int rcu_nocb_need_deferred_wakeup + } + + /* Do a deferred wakeup of rcu_nocb_kthread(). */ +-static void do_nocb_deferred_wakeup_common(struct rcu_data *rdp) ++static bool do_nocb_deferred_wakeup_common(struct rcu_data *rdp) + { + unsigned long flags; + int ndw; ++ int ret; + + rcu_nocb_lock_irqsave(rdp, flags); + if (!rcu_nocb_need_deferred_wakeup(rdp)) { + rcu_nocb_unlock_irqrestore(rdp, flags); +- return; ++ return false; + } + ndw = READ_ONCE(rdp->nocb_defer_wakeup); + WRITE_ONCE(rdp->nocb_defer_wakeup, RCU_NOCB_WAKE_NOT); +- wake_nocb_gp(rdp, ndw == RCU_NOCB_WAKE_FORCE, flags); ++ ret = wake_nocb_gp(rdp, ndw == RCU_NOCB_WAKE_FORCE, flags); + trace_rcu_nocb_wake(rcu_state.name, rdp->cpu, TPS("DeferredWake")); ++ ++ return ret; + } + + /* Do a deferred wakeup of rcu_nocb_kthread() from a timer handler. */ +@@ -2181,10 +2186,11 @@ static void do_nocb_deferred_wakeup_time + * This means we do an inexact common-case check. Note that if + * we miss, ->nocb_timer will eventually clean things up. + */ +-static void do_nocb_deferred_wakeup(struct rcu_data *rdp) ++static bool do_nocb_deferred_wakeup(struct rcu_data *rdp) + { + if (rcu_nocb_need_deferred_wakeup(rdp)) +- do_nocb_deferred_wakeup_common(rdp); ++ return do_nocb_deferred_wakeup_common(rdp); ++ return false; + } + + void rcu_nocb_flush_deferred_wakeup(void) +@@ -2523,8 +2529,9 @@ static int rcu_nocb_need_deferred_wakeup + return false; + } + +-static void do_nocb_deferred_wakeup(struct rcu_data *rdp) ++static bool do_nocb_deferred_wakeup(struct rcu_data *rdp) + { ++ return false; + } + + static void rcu_spawn_cpu_nocb_kthread(int cpu) diff --git a/queue-5.11/rcu-pull-deferred-rcuog-wake-up-to-rcu_eqs_enter-callers.patch b/queue-5.11/rcu-pull-deferred-rcuog-wake-up-to-rcu_eqs_enter-callers.patch new file mode 100644 index 00000000000..b4a84eed5d5 --- /dev/null +++ b/queue-5.11/rcu-pull-deferred-rcuog-wake-up-to-rcu_eqs_enter-callers.patch @@ -0,0 +1,59 @@ +From 54b7429efffc99e845ba9381bee3244f012a06c2 Mon Sep 17 00:00:00 2001 +From: Frederic Weisbecker +Date: Mon, 1 Feb 2021 00:05:44 +0100 +Subject: rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers + +From: Frederic Weisbecker + +commit 54b7429efffc99e845ba9381bee3244f012a06c2 upstream. + +Deferred wakeup of rcuog kthreads upon RCU idle mode entry is going to +be handled differently whether initiated by idle, user or guest. Prepare +with pulling that control up to rcu_eqs_enter() callers. + +Signed-off-by: Frederic Weisbecker +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Ingo Molnar +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20210131230548.32970-2-frederic@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + kernel/rcu/tree.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -644,7 +644,6 @@ static noinstr void rcu_eqs_enter(bool u + trace_rcu_dyntick(TPS("Start"), rdp->dynticks_nesting, 0, atomic_read(&rdp->dynticks)); + WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) && !user && !is_idle_task(current)); + rdp = this_cpu_ptr(&rcu_data); +- do_nocb_deferred_wakeup(rdp); + rcu_prepare_for_idle(); + rcu_preempt_deferred_qs(current); + +@@ -672,7 +671,10 @@ static noinstr void rcu_eqs_enter(bool u + */ + void rcu_idle_enter(void) + { ++ struct rcu_data *rdp = this_cpu_ptr(&rcu_data); ++ + lockdep_assert_irqs_disabled(); ++ do_nocb_deferred_wakeup(rdp); + rcu_eqs_enter(false); + } + EXPORT_SYMBOL_GPL(rcu_idle_enter); +@@ -691,7 +693,14 @@ EXPORT_SYMBOL_GPL(rcu_idle_enter); + */ + noinstr void rcu_user_enter(void) + { ++ struct rcu_data *rdp = this_cpu_ptr(&rcu_data); ++ + lockdep_assert_irqs_disabled(); ++ ++ instrumentation_begin(); ++ do_nocb_deferred_wakeup(rdp); ++ instrumentation_end(); ++ + rcu_eqs_enter(true); + } + #endif /* CONFIG_NO_HZ_FULL */ diff --git a/queue-5.11/series b/queue-5.11/series index a00154e591b..2a592d53c9b 100644 --- a/queue-5.11/series +++ b/queue-5.11/series @@ -661,3 +661,21 @@ arm64-dts-agilex-fix-phy-interface-bit-shift-for-gmac1-and-gmac2.patch staging-mt7621-dma-mtk-hsdma.c-hsdma-mt7621.c.patch staging-gdm724x-fix-dma-from-stack.patch staging-rtl8188eu-add-edimax-ew-7811un-v2-to-device-table.patch +floppy-reintroduce-o_ndelay-fix.patch +media-i2c-max9286-fix-access-to-unallocated-memory.patch +media-v4l-ioctl-fix-memory-leak-in-video_usercopy.patch +media-ir_toy-add-another-ir-droid-device.patch +media-ipu3-cio2-fix-mbus_code-processing-in-cio2_subdev_set_fmt.patch +media-marvell-ccic-power-up-the-device-on-mclk-enable.patch +media-smipcie-fix-interrupt-handling-and-ir-timeout.patch +x86-virt-eat-faults-on-vmxoff-in-reboot-flows.patch +x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch +x86-fault-fix-amd-erratum-91-errata-fixup-for-user-code.patch +x86-entry-fix-instrumentation-annotation.patch +powerpc-prom-fix-ibm-arch-vec-5-platform-support-scan.patch +rcu-pull-deferred-rcuog-wake-up-to-rcu_eqs_enter-callers.patch +rcu-nocb-perform-deferred-wake-up-before-last-idle-s-need_resched-check.patch +rcu-nocb-trigger-self-ipi-on-late-deferred-wake-up-before-user-resume.patch +entry-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch +entry-kvm-explicitly-flush-pending-rcuog-wakeup-before-last-rescheduling-point.patch +kprobes-fix-to-delay-the-kprobes-jump-optimization.patch diff --git a/queue-5.11/x86-entry-fix-instrumentation-annotation.patch b/queue-5.11/x86-entry-fix-instrumentation-annotation.patch new file mode 100644 index 00000000000..d53449d3dcd --- /dev/null +++ b/queue-5.11/x86-entry-fix-instrumentation-annotation.patch @@ -0,0 +1,33 @@ +From 15f720aabe71a5662c4198b22532d95bbeec80ef Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Wed, 10 Feb 2021 00:40:42 +0100 +Subject: x86/entry: Fix instrumentation annotation + +From: Thomas Gleixner + +commit 15f720aabe71a5662c4198b22532d95bbeec80ef upstream. + +Embracing a callout into instrumentation_begin() / instrumentation_begin() +does not really make sense. Make the latter instrumentation_end(). + +Fixes: 2f6474e4636b ("x86/entry: Switch XEN/PV hypercall entry to IDTENTRY") +Signed-off-by: Thomas Gleixner +Reviewed-by: Kees Cook +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210210002512.106502464@linutronix.de +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/entry/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/entry/common.c ++++ b/arch/x86/entry/common.c +@@ -270,7 +270,7 @@ __visible noinstr void xen_pv_evtchn_do_ + + instrumentation_begin(); + run_on_irqstack_cond(__xen_pv_evtchn_do_upcall, regs); +- instrumentation_begin(); ++ instrumentation_end(); + + set_irq_regs(old_regs); + diff --git a/queue-5.11/x86-fault-fix-amd-erratum-91-errata-fixup-for-user-code.patch b/queue-5.11/x86-fault-fix-amd-erratum-91-errata-fixup-for-user-code.patch new file mode 100644 index 00000000000..a9fdf499f67 --- /dev/null +++ b/queue-5.11/x86-fault-fix-amd-erratum-91-errata-fixup-for-user-code.patch @@ -0,0 +1,95 @@ +From 35f1c89b0cce247bf0213df243ed902989b1dcda Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Tue, 9 Feb 2021 18:33:33 -0800 +Subject: x86/fault: Fix AMD erratum #91 errata fixup for user code + +From: Andy Lutomirski + +commit 35f1c89b0cce247bf0213df243ed902989b1dcda upstream. + +The recent rework of probe_kernel_address() and its conversion to +get_kernel_nofault() inadvertently broke is_prefetch(). Before this +change, probe_kernel_address() was used as a sloppy "read user or +kernel memory" helper, but it doesn't do that any more. The new +get_kernel_nofault() reads *kernel* memory only, which completely broke +is_prefetch() for user access. + +Adjust the code to the correct accessor based on access mode. The +manual address bounds check is no longer necessary, since the accessor +helpers (get_user() / get_kernel_nofault()) do the right thing all by +themselves. As a bonus, by using the correct accessor, the open-coded +address bounds check is not needed anymore. + + [ bp: Massage commit message. ] + +Fixes: eab0c6089b68 ("maccess: unify the probe kernel arch hooks") +Signed-off-by: Andy Lutomirski +Signed-off-by: Borislav Petkov +Reviewed-by: Christoph Hellwig +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/b91f7f92f3367d2d3a88eec3b09c6aab1b2dc8ef.1612924255.git.luto@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/mm/fault.c | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +--- a/arch/x86/mm/fault.c ++++ b/arch/x86/mm/fault.c +@@ -54,7 +54,7 @@ kmmio_fault(struct pt_regs *regs, unsign + * 32-bit mode: + * + * Sometimes AMD Athlon/Opteron CPUs report invalid exceptions on prefetch. +- * Check that here and ignore it. ++ * Check that here and ignore it. This is AMD erratum #91. + * + * 64-bit mode: + * +@@ -83,11 +83,7 @@ check_prefetch_opcode(struct pt_regs *re + #ifdef CONFIG_X86_64 + case 0x40: + /* +- * In AMD64 long mode 0x40..0x4F are valid REX prefixes +- * Need to figure out under what instruction mode the +- * instruction was issued. Could check the LDT for lm, +- * but for now it's good enough to assume that long +- * mode only uses well known segments or kernel. ++ * In 64-bit mode 0x40..0x4F are valid REX prefixes + */ + return (!user_mode(regs) || user_64bit_mode(regs)); + #endif +@@ -127,20 +123,31 @@ is_prefetch(struct pt_regs *regs, unsign + instr = (void *)convert_ip_to_linear(current, regs); + max_instr = instr + 15; + +- if (user_mode(regs) && instr >= (unsigned char *)TASK_SIZE_MAX) +- return 0; ++ /* ++ * This code has historically always bailed out if IP points to a ++ * not-present page (e.g. due to a race). No one has ever ++ * complained about this. ++ */ ++ pagefault_disable(); + + while (instr < max_instr) { + unsigned char opcode; + +- if (get_kernel_nofault(opcode, instr)) +- break; ++ if (user_mode(regs)) { ++ if (get_user(opcode, instr)) ++ break; ++ } else { ++ if (get_kernel_nofault(opcode, instr)) ++ break; ++ } + + instr++; + + if (!check_prefetch_opcode(regs, instr, opcode, &prefetch)) + break; + } ++ ++ pagefault_enable(); + return prefetch; + } + diff --git a/queue-5.11/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch b/queue-5.11/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch new file mode 100644 index 00000000000..66ca47910b9 --- /dev/null +++ b/queue-5.11/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch @@ -0,0 +1,72 @@ +From ed72736183c45a413a8d6974dd04be90f514cb6b Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 30 Dec 2020 16:26:55 -0800 +Subject: x86/reboot: Force all cpus to exit VMX root if VMX is supported + +From: Sean Christopherson + +commit ed72736183c45a413a8d6974dd04be90f514cb6b upstream. + +Force all CPUs to do VMXOFF (via NMI shootdown) during an emergency +reboot if VMX is _supported_, as VMX being off on the current CPU does +not prevent other CPUs from being in VMX root (post-VMXON). This fixes +a bug where a crash/panic reboot could leave other CPUs in VMX root and +prevent them from being woken via INIT-SIPI-SIPI in the new kernel. + +Fixes: d176720d34c7 ("x86: disable VMX on all CPUs on reboot") +Cc: stable@vger.kernel.org +Suggested-by: Sean Christopherson +Signed-off-by: David P. Reed +[sean: reworked changelog and further tweaked comment] +Signed-off-by: Sean Christopherson +Message-Id: <20201231002702.2223707-3-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/reboot.c | 30 ++++++++++-------------------- + 1 file changed, 10 insertions(+), 20 deletions(-) + +--- a/arch/x86/kernel/reboot.c ++++ b/arch/x86/kernel/reboot.c +@@ -538,31 +538,21 @@ static void emergency_vmx_disable_all(vo + local_irq_disable(); + + /* +- * We need to disable VMX on all CPUs before rebooting, otherwise +- * we risk hanging up the machine, because the CPU ignores INIT +- * signals when VMX is enabled. ++ * Disable VMX on all CPUs before rebooting, otherwise we risk hanging ++ * the machine, because the CPU blocks INIT when it's in VMX root. + * +- * We can't take any locks and we may be on an inconsistent +- * state, so we use NMIs as IPIs to tell the other CPUs to disable +- * VMX and halt. ++ * We can't take any locks and we may be on an inconsistent state, so ++ * use NMIs as IPIs to tell the other CPUs to exit VMX root and halt. + * +- * For safety, we will avoid running the nmi_shootdown_cpus() +- * stuff unnecessarily, but we don't have a way to check +- * if other CPUs have VMX enabled. So we will call it only if the +- * CPU we are running on has VMX enabled. +- * +- * We will miss cases where VMX is not enabled on all CPUs. This +- * shouldn't do much harm because KVM always enable VMX on all +- * CPUs anyway. But we can miss it on the small window where KVM +- * is still enabling VMX. ++ * Do the NMI shootdown even if VMX if off on _this_ CPU, as that ++ * doesn't prevent a different CPU from being in VMX root operation. + */ +- if (cpu_has_vmx() && cpu_vmx_enabled()) { +- /* Disable VMX on this CPU. */ +- cpu_vmxoff(); ++ if (cpu_has_vmx()) { ++ /* Safely force _this_ CPU out of VMX root operation. */ ++ __cpu_emergency_vmxoff(); + +- /* Halt and disable VMX on the other CPUs */ ++ /* Halt and exit VMX root operation on the other CPUs. */ + nmi_shootdown_cpus(vmxoff_nmi); +- + } + } + diff --git a/queue-5.11/x86-virt-eat-faults-on-vmxoff-in-reboot-flows.patch b/queue-5.11/x86-virt-eat-faults-on-vmxoff-in-reboot-flows.patch new file mode 100644 index 00000000000..3a02046b94f --- /dev/null +++ b/queue-5.11/x86-virt-eat-faults-on-vmxoff-in-reboot-flows.patch @@ -0,0 +1,64 @@ +From aec511ad153556640fb1de38bfe00c69464f997f Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Wed, 30 Dec 2020 16:26:54 -0800 +Subject: x86/virt: Eat faults on VMXOFF in reboot flows + +From: Sean Christopherson + +commit aec511ad153556640fb1de38bfe00c69464f997f upstream. + +Silently ignore all faults on VMXOFF in the reboot flows as such faults +are all but guaranteed to be due to the CPU not being in VMX root. +Because (a) VMXOFF may be executed in NMI context, e.g. after VMXOFF but +before CR4.VMXE is cleared, (b) there's no way to query the CPU's VMX +state without faulting, and (c) the whole point is to get out of VMX +root, eating faults is the simplest way to achieve the desired behaior. + +Technically, VMXOFF can fault (or fail) for other reasons, but all other +fault and failure scenarios are mode related, i.e. the kernel would have +to magically end up in RM, V86, compat mode, at CPL>0, or running with +the SMI Transfer Monitor active. The kernel is beyond hosed if any of +those scenarios are encountered; trying to do something fancy in the +error path to handle them cleanly is pointless. + +Fixes: 1e9931146c74 ("x86: asm/virtext.h: add cpu_vmxoff() inline function") +Reported-by: David P. Reed +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20201231002702.2223707-2-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/virtext.h | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/arch/x86/include/asm/virtext.h ++++ b/arch/x86/include/asm/virtext.h +@@ -30,15 +30,22 @@ static inline int cpu_has_vmx(void) + } + + +-/** Disable VMX on the current CPU ++/** ++ * cpu_vmxoff() - Disable VMX on the current CPU + * +- * vmxoff causes a undefined-opcode exception if vmxon was not run +- * on the CPU previously. Only call this function if you know VMX +- * is enabled. ++ * Disable VMX and clear CR4.VMXE (even if VMXOFF faults) ++ * ++ * Note, VMXOFF causes a #UD if the CPU is !post-VMXON, but it's impossible to ++ * atomically track post-VMXON state, e.g. this may be called in NMI context. ++ * Eat all faults as all other faults on VMXOFF faults are mode related, i.e. ++ * faults are guaranteed to be due to the !post-VMXON check unless the CPU is ++ * magically in RM, VM86, compat mode, or at CPL>0. + */ + static inline void cpu_vmxoff(void) + { +- asm volatile ("vmxoff"); ++ asm_volatile_goto("1: vmxoff\n\t" ++ _ASM_EXTABLE(1b, %l[fault]) :::: fault); ++fault: + cr4_clear_bits(X86_CR4_VMXE); + } + -- 2.47.3