From 518202b5fef41ac184b46bf01cc3d5edabcd5226 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 3 Dec 2022 12:01:51 +0100 Subject: [PATCH] 5.10-stable patches added patches: drm-amdgpu-temporarily-disable-broken-clang-builds-due-to-blown-stack-frame.patch error-injection-add-prompt-for-function-error-injection.patch mmc-core-fix-ambiguous-trim-and-discard-arg.patch mmc-mmc_test-fix-removal-of-debugfs-file.patch mmc-sdhci-esdhc-imx-correct-cqhci-exit-halt-state-check.patch mmc-sdhci-fix-voltage-switch-delay.patch mmc-sdhci-sprd-fix-no-reset-data-and-command-after-voltage-switch.patch net-stmmac-set-mac-s-flow-control-register-to-reflect-current-settings.patch nilfs2-fix-null-pointer-dereference-in-nilfs_palloc_commit_free_entry.patch pinctrl-intel-save-and-restore-pins-in-direct-irq-mode.patch riscv-vdso-fix-section-overlapping-under-some-conditions.patch tools-vm-slabinfo-gnuplot-use-grep-e-instead-of-egrep.patch x86-bugs-make-sure-msr_spec_ctrl-is-updated-properly-upon-resume-from-s3.patch --- ...lang-builds-due-to-blown-stack-frame.patch | 82 ++++++++ ...-prompt-for-function-error-injection.patch | 49 +++++ ...e-fix-ambiguous-trim-and-discard-arg.patch | 68 +++++++ ...mmc_test-fix-removal-of-debugfs-file.patch | 37 ++++ ...-correct-cqhci-exit-halt-state-check.patch | 38 ++++ .../mmc-sdhci-fix-voltage-switch-delay.patch | 180 ++++++++++++++++++ ...ata-and-command-after-voltage-switch.patch | 44 +++++ ...register-to-reflect-current-settings.patch | 57 ++++++ ...ce-in-nilfs_palloc_commit_free_entry.patch | 107 +++++++++++ ...-and-restore-pins-in-direct-irq-mode.patch | 85 +++++++++ ...on-overlapping-under-some-conditions.patch | 58 ++++++ queue-5.10/series | 13 ++ ...-gnuplot-use-grep-e-instead-of-egrep.patch | 57 ++++++ ...updated-properly-upon-resume-from-s3.patch | 140 ++++++++++++++ 14 files changed, 1015 insertions(+) create mode 100644 queue-5.10/drm-amdgpu-temporarily-disable-broken-clang-builds-due-to-blown-stack-frame.patch create mode 100644 queue-5.10/error-injection-add-prompt-for-function-error-injection.patch create mode 100644 queue-5.10/mmc-core-fix-ambiguous-trim-and-discard-arg.patch create mode 100644 queue-5.10/mmc-mmc_test-fix-removal-of-debugfs-file.patch create mode 100644 queue-5.10/mmc-sdhci-esdhc-imx-correct-cqhci-exit-halt-state-check.patch create mode 100644 queue-5.10/mmc-sdhci-fix-voltage-switch-delay.patch create mode 100644 queue-5.10/mmc-sdhci-sprd-fix-no-reset-data-and-command-after-voltage-switch.patch create mode 100644 queue-5.10/net-stmmac-set-mac-s-flow-control-register-to-reflect-current-settings.patch create mode 100644 queue-5.10/nilfs2-fix-null-pointer-dereference-in-nilfs_palloc_commit_free_entry.patch create mode 100644 queue-5.10/pinctrl-intel-save-and-restore-pins-in-direct-irq-mode.patch create mode 100644 queue-5.10/riscv-vdso-fix-section-overlapping-under-some-conditions.patch create mode 100644 queue-5.10/tools-vm-slabinfo-gnuplot-use-grep-e-instead-of-egrep.patch create mode 100644 queue-5.10/x86-bugs-make-sure-msr_spec_ctrl-is-updated-properly-upon-resume-from-s3.patch diff --git a/queue-5.10/drm-amdgpu-temporarily-disable-broken-clang-builds-due-to-blown-stack-frame.patch b/queue-5.10/drm-amdgpu-temporarily-disable-broken-clang-builds-due-to-blown-stack-frame.patch new file mode 100644 index 00000000000..7b4143bc5d3 --- /dev/null +++ b/queue-5.10/drm-amdgpu-temporarily-disable-broken-clang-builds-due-to-blown-stack-frame.patch @@ -0,0 +1,82 @@ +From 6f6cb1714365a07dbc66851879538df9f6969288 Mon Sep 17 00:00:00 2001 +From: Lee Jones +Date: Fri, 25 Nov 2022 12:07:49 +0000 +Subject: drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Lee Jones + +commit 6f6cb1714365a07dbc66851879538df9f6969288 upstream. + +Patch series "Fix a bunch of allmodconfig errors", v2. + +Since b339ec9c229aa ("kbuild: Only default to -Werror if COMPILE_TEST") +WERROR now defaults to COMPILE_TEST meaning that it's enabled for +allmodconfig builds. This leads to some interesting build failures when +using Clang, each resolved in this set. + +With this set applied, I am able to obtain a successful allmodconfig Arm +build. + + +This patch (of 2): + +calculate_bandwidth() is presently broken on all !(X86_64 || SPARC64 || +ARM64) architectures built with Clang (all released versions), whereby the +stack frame gets blown up to well over 5k. This would cause an immediate +kernel panic on most architectures. We'll revert this when the following +bug report has been resolved: +https://github.com/llvm/llvm-project/issues/41896. + +Link: https://lkml.kernel.org/r/20221125120750.3537134-1-lee@kernel.org +Link: https://lkml.kernel.org/r/20221125120750.3537134-2-lee@kernel.org +Signed-off-by: Lee Jones +Suggested-by: Arnd Bergmann +Acked-by: Arnd Bergmann +Cc: Alex Deucher +Cc: "Christian König" +Cc: Daniel Vetter +Cc: David Airlie +Cc: Harry Wentland +Cc: Lee Jones +Cc: Leo Li +Cc: Maarten Lankhorst +Cc: Maxime Ripard +Cc: Nathan Chancellor +Cc: Nick Desaulniers +Cc: "Pan, Xinhui" +Cc: Rodrigo Siqueira +Cc: Thomas Zimmermann +Cc: Tom Rix +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/display/Kconfig | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/gpu/drm/amd/display/Kconfig ++++ b/drivers/gpu/drm/amd/display/Kconfig +@@ -5,6 +5,7 @@ menu "Display Engine Configuration" + config DRM_AMD_DC + bool "AMD DC - Enable new display engine" + default y ++ depends on BROKEN || !CC_IS_CLANG || X86_64 || SPARC64 || ARM64 + select SND_HDA_COMPONENT if SND_HDA_CORE + select DRM_AMD_DC_DCN if (X86 || PPC64) && !(KCOV_INSTRUMENT_ALL && KCOV_ENABLE_COMPARISONS) + help +@@ -12,6 +13,12 @@ config DRM_AMD_DC + support for AMDGPU. This adds required support for Vega and + Raven ASICs. + ++ calculate_bandwidth() is presently broken on all !(X86_64 || SPARC64 || ARM64) ++ architectures built with Clang (all released versions), whereby the stack ++ frame gets blown up to well over 5k. This would cause an immediate kernel ++ panic on most architectures. We'll revert this when the following bug report ++ has been resolved: https://github.com/llvm/llvm-project/issues/41896. ++ + config DRM_AMD_DC_DCN + def_bool n + help diff --git a/queue-5.10/error-injection-add-prompt-for-function-error-injection.patch b/queue-5.10/error-injection-add-prompt-for-function-error-injection.patch new file mode 100644 index 00000000000..9217cdd1fca --- /dev/null +++ b/queue-5.10/error-injection-add-prompt-for-function-error-injection.patch @@ -0,0 +1,49 @@ +From a4412fdd49dc011bcc2c0d81ac4cab7457092650 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (Google)" +Date: Mon, 21 Nov 2022 10:44:03 -0500 +Subject: error-injection: Add prompt for function error injection + +From: Steven Rostedt (Google) + +commit a4412fdd49dc011bcc2c0d81ac4cab7457092650 upstream. + +The config to be able to inject error codes into any function annotated +with ALLOW_ERROR_INJECTION() is enabled when FUNCTION_ERROR_INJECTION is +enabled. But unfortunately, this is always enabled on x86 when KPROBES +is enabled, and there's no way to turn it off. + +As kprobes is useful for observability of the kernel, it is useful to +have it enabled in production environments. But error injection should +be avoided. Add a prompt to the config to allow it to be disabled even +when kprobes is enabled, and get rid of the "def_bool y". + +This is a kernel debug feature (it's in Kconfig.debug), and should have +never been something enabled by default. + +Cc: stable@vger.kernel.org +Fixes: 540adea3809f6 ("error-injection: Separate error-injection from kprobe") +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + lib/Kconfig.debug | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -1801,8 +1801,14 @@ config NETDEV_NOTIFIER_ERROR_INJECT + If unsure, say N. + + config FUNCTION_ERROR_INJECTION +- def_bool y ++ bool "Fault-injections of functions" + depends on HAVE_FUNCTION_ERROR_INJECTION && KPROBES ++ help ++ Add fault injections into various functions that are annotated with ++ ALLOW_ERROR_INJECTION() in the kernel. BPF may also modify the return ++ value of theses functions. This is useful to test error paths of code. ++ ++ If unsure, say N + + config FAULT_INJECTION + bool "Fault-injection framework" diff --git a/queue-5.10/mmc-core-fix-ambiguous-trim-and-discard-arg.patch b/queue-5.10/mmc-core-fix-ambiguous-trim-and-discard-arg.patch new file mode 100644 index 00000000000..01ea0d95da9 --- /dev/null +++ b/queue-5.10/mmc-core-fix-ambiguous-trim-and-discard-arg.patch @@ -0,0 +1,68 @@ +From 489d144563f23911262a652234b80c70c89c978b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christian=20L=C3=B6hle?= +Date: Thu, 17 Nov 2022 14:42:09 +0000 +Subject: mmc: core: Fix ambiguous TRIM and DISCARD arg + +From: Christian Löhle + +commit 489d144563f23911262a652234b80c70c89c978b upstream. + +Clean up the MMC_TRIM_ARGS define that became ambiguous with DISCARD +introduction. While at it, let's fix one usage where MMC_TRIM_ARGS falsely +included DISCARD too. + +Fixes: b3bf915308ca ("mmc: core: new discard feature support at eMMC v4.5") +Signed-off-by: Christian Loehle +Acked-by: Adrian Hunter +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/11376b5714964345908f3990f17e0701@hyperstone.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/core/core.c | 9 +++++++-- + include/linux/mmc/mmc.h | 2 +- + 2 files changed, 8 insertions(+), 3 deletions(-) + +--- a/drivers/mmc/core/core.c ++++ b/drivers/mmc/core/core.c +@@ -1539,6 +1539,11 @@ void mmc_init_erase(struct mmc_card *car + card->pref_erase = 0; + } + ++static bool is_trim_arg(unsigned int arg) ++{ ++ return (arg & MMC_TRIM_OR_DISCARD_ARGS) && arg != MMC_DISCARD_ARG; ++} ++ + static unsigned int mmc_mmc_erase_timeout(struct mmc_card *card, + unsigned int arg, unsigned int qty) + { +@@ -1837,7 +1842,7 @@ int mmc_erase(struct mmc_card *card, uns + !(card->ext_csd.sec_feature_support & EXT_CSD_SEC_ER_EN)) + return -EOPNOTSUPP; + +- if (mmc_card_mmc(card) && (arg & MMC_TRIM_ARGS) && ++ if (mmc_card_mmc(card) && is_trim_arg(arg) && + !(card->ext_csd.sec_feature_support & EXT_CSD_SEC_GB_CL_EN)) + return -EOPNOTSUPP; + +@@ -1867,7 +1872,7 @@ int mmc_erase(struct mmc_card *card, uns + * identified by the card->eg_boundary flag. + */ + rem = card->erase_size - (from % card->erase_size); +- if ((arg & MMC_TRIM_ARGS) && (card->eg_boundary) && (nr > rem)) { ++ if ((arg & MMC_TRIM_OR_DISCARD_ARGS) && card->eg_boundary && nr > rem) { + err = mmc_do_erase(card, from, from + rem - 1, arg); + from += rem; + if ((err) || (to <= from)) +--- a/include/linux/mmc/mmc.h ++++ b/include/linux/mmc/mmc.h +@@ -445,7 +445,7 @@ static inline bool mmc_ready_for_data(u3 + #define MMC_SECURE_TRIM1_ARG 0x80000001 + #define MMC_SECURE_TRIM2_ARG 0x80008000 + #define MMC_SECURE_ARGS 0x80000000 +-#define MMC_TRIM_ARGS 0x00008001 ++#define MMC_TRIM_OR_DISCARD_ARGS 0x00008003 + + #define mmc_driver_type_mask(n) (1 << (n)) + diff --git a/queue-5.10/mmc-mmc_test-fix-removal-of-debugfs-file.patch b/queue-5.10/mmc-mmc_test-fix-removal-of-debugfs-file.patch new file mode 100644 index 00000000000..d03a151ab63 --- /dev/null +++ b/queue-5.10/mmc-mmc_test-fix-removal-of-debugfs-file.patch @@ -0,0 +1,37 @@ +From f4307b4df1c28842bb1950ff0e1b97e17031b17f Mon Sep 17 00:00:00 2001 +From: Ye Bin +Date: Wed, 23 Nov 2022 17:55:06 +0800 +Subject: mmc: mmc_test: Fix removal of debugfs file + +From: Ye Bin + +commit f4307b4df1c28842bb1950ff0e1b97e17031b17f upstream. + +In __mmc_test_register_dbgfs_file(), we need to assign 'file', as it's +being used when removing the debugfs files when the mmc_test module is +removed. + +Fixes: a04c50aaa916 ("mmc: core: no need to check return value of debugfs_create functions") +Signed-off-by: Ye Bin +Acked-by: Adrian Hunter +Cc: stable@vger.kernel.org +[Ulf: Re-wrote the commit msg] +Link: https://lore.kernel.org/r/20221123095506.1965691-1-yebin@huaweicloud.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/core/mmc_test.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/mmc/core/mmc_test.c ++++ b/drivers/mmc/core/mmc_test.c +@@ -3195,7 +3195,8 @@ static int __mmc_test_register_dbgfs_fil + struct mmc_test_dbgfs_file *df; + + if (card->debugfs_root) +- debugfs_create_file(name, mode, card->debugfs_root, card, fops); ++ file = debugfs_create_file(name, mode, card->debugfs_root, ++ card, fops); + + df = kmalloc(sizeof(*df), GFP_KERNEL); + if (!df) { diff --git a/queue-5.10/mmc-sdhci-esdhc-imx-correct-cqhci-exit-halt-state-check.patch b/queue-5.10/mmc-sdhci-esdhc-imx-correct-cqhci-exit-halt-state-check.patch new file mode 100644 index 00000000000..aff92621c8e --- /dev/null +++ b/queue-5.10/mmc-sdhci-esdhc-imx-correct-cqhci-exit-halt-state-check.patch @@ -0,0 +1,38 @@ +From a3cab1d2132474969871b5d7f915c5c0167b48b0 Mon Sep 17 00:00:00 2001 +From: Sebastian Falbesoner +Date: Mon, 21 Nov 2022 11:57:21 +0100 +Subject: mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check + +From: Sebastian Falbesoner + +commit a3cab1d2132474969871b5d7f915c5c0167b48b0 upstream. + +With the current logic the "failed to exit halt state" error would be +shown even if any other bit than CQHCI_HALT was set in the CQHCI_CTL +register, since the right hand side is always true. Fix this by using +the correct operator (bit-wise instead of logical AND) to only check for +the halt bit flag, which was obviously intended here. + +Fixes: 85236d2be844 ("mmc: sdhci-esdhc-imx: clear the HALT bit when enable CQE") +Signed-off-by: Sebastian Falbesoner +Acked-by: Haibo Chen +Acked-by: Adrian Hunter +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20221121105721.1903878-1-sebastian.falbesoner@gmail.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci-esdhc-imx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mmc/host/sdhci-esdhc-imx.c ++++ b/drivers/mmc/host/sdhci-esdhc-imx.c +@@ -1449,7 +1449,7 @@ static void esdhc_cqe_enable(struct mmc_ + * system resume back. + */ + cqhci_writel(cq_host, 0, CQHCI_CTL); +- if (cqhci_readl(cq_host, CQHCI_CTL) && CQHCI_HALT) ++ if (cqhci_readl(cq_host, CQHCI_CTL) & CQHCI_HALT) + dev_err(mmc_dev(host->mmc), + "failed to exit halt state when enable CQE\n"); + diff --git a/queue-5.10/mmc-sdhci-fix-voltage-switch-delay.patch b/queue-5.10/mmc-sdhci-fix-voltage-switch-delay.patch new file mode 100644 index 00000000000..2524b04331d --- /dev/null +++ b/queue-5.10/mmc-sdhci-fix-voltage-switch-delay.patch @@ -0,0 +1,180 @@ +From c981cdfb9925f64a364f13c2b4f98f877308a408 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Mon, 28 Nov 2022 15:32:56 +0200 +Subject: mmc: sdhci: Fix voltage switch delay + +From: Adrian Hunter + +commit c981cdfb9925f64a364f13c2b4f98f877308a408 upstream. + +Commit 20b92a30b561 ("mmc: sdhci: update signal voltage switch code") +removed voltage switch delays from sdhci because mmc core had been +enhanced to support them. However that assumed that sdhci_set_ios() +did a single clock change, which it did not, and so the delays in mmc +core, which should have come after the first clock change, were not +effective. + +Fix by avoiding re-configuring UHS and preset settings when the clock +is turning on and the settings have not changed. That then also avoids +the associated clock changes, so that then sdhci_set_ios() does a single +clock change when voltage switching, and the mmc core delays become +effective. + +To do that has meant keeping track of driver strength (host->drv_type), +and cases of reinitialization (host->reinit_uhs). + +Note also, the 'turning_on_clk' restriction should not be necessary +but is done to minimize the impact of the change on stable kernels. + +Fixes: 20b92a30b561 ("mmc: sdhci: update signal voltage switch code") +Cc: stable@vger.kernel.org +Signed-off-by: Adrian Hunter +Link: https://lore.kernel.org/r/20221128133259.38305-2-adrian.hunter@intel.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci.c | 61 +++++++++++++++++++++++++++++++++++++++++------ + drivers/mmc/host/sdhci.h | 2 + + 2 files changed, 56 insertions(+), 7 deletions(-) + +--- a/drivers/mmc/host/sdhci.c ++++ b/drivers/mmc/host/sdhci.c +@@ -339,6 +339,7 @@ static void sdhci_init(struct sdhci_host + if (soft) { + /* force clock reconfiguration */ + host->clock = 0; ++ host->reinit_uhs = true; + mmc->ops->set_ios(mmc, &mmc->ios); + } + } +@@ -2258,11 +2259,46 @@ void sdhci_set_uhs_signaling(struct sdhc + } + EXPORT_SYMBOL_GPL(sdhci_set_uhs_signaling); + ++static bool sdhci_timing_has_preset(unsigned char timing) ++{ ++ switch (timing) { ++ case MMC_TIMING_UHS_SDR12: ++ case MMC_TIMING_UHS_SDR25: ++ case MMC_TIMING_UHS_SDR50: ++ case MMC_TIMING_UHS_SDR104: ++ case MMC_TIMING_UHS_DDR50: ++ case MMC_TIMING_MMC_DDR52: ++ return true; ++ }; ++ return false; ++} ++ ++static bool sdhci_preset_needed(struct sdhci_host *host, unsigned char timing) ++{ ++ return !(host->quirks2 & SDHCI_QUIRK2_PRESET_VALUE_BROKEN) && ++ sdhci_timing_has_preset(timing); ++} ++ ++static bool sdhci_presetable_values_change(struct sdhci_host *host, struct mmc_ios *ios) ++{ ++ /* ++ * Preset Values are: Driver Strength, Clock Generator and SDCLK/RCLK ++ * Frequency. Check if preset values need to be enabled, or the Driver ++ * Strength needs updating. Note, clock changes are handled separately. ++ */ ++ return !host->preset_enabled && ++ (sdhci_preset_needed(host, ios->timing) || host->drv_type != ios->drv_type); ++} ++ + void sdhci_set_ios(struct mmc_host *mmc, struct mmc_ios *ios) + { + struct sdhci_host *host = mmc_priv(mmc); ++ bool reinit_uhs = host->reinit_uhs; ++ bool turning_on_clk = false; + u8 ctrl; + ++ host->reinit_uhs = false; ++ + if (ios->power_mode == MMC_POWER_UNDEFINED) + return; + +@@ -2288,6 +2324,8 @@ void sdhci_set_ios(struct mmc_host *mmc, + sdhci_enable_preset_value(host, false); + + if (!ios->clock || ios->clock != host->clock) { ++ turning_on_clk = ios->clock && !host->clock; ++ + host->ops->set_clock(host, ios->clock); + host->clock = ios->clock; + +@@ -2314,6 +2352,17 @@ void sdhci_set_ios(struct mmc_host *mmc, + + host->ops->set_bus_width(host, ios->bus_width); + ++ /* ++ * Special case to avoid multiple clock changes during voltage ++ * switching. ++ */ ++ if (!reinit_uhs && ++ turning_on_clk && ++ host->timing == ios->timing && ++ host->version >= SDHCI_SPEC_300 && ++ !sdhci_presetable_values_change(host, ios)) ++ return; ++ + ctrl = sdhci_readb(host, SDHCI_HOST_CONTROL); + + if (!(host->quirks & SDHCI_QUIRK_NO_HISPD_BIT)) { +@@ -2357,6 +2406,7 @@ void sdhci_set_ios(struct mmc_host *mmc, + } + + sdhci_writew(host, ctrl_2, SDHCI_HOST_CONTROL2); ++ host->drv_type = ios->drv_type; + } else { + /* + * According to SDHC Spec v3.00, if the Preset Value +@@ -2384,19 +2434,14 @@ void sdhci_set_ios(struct mmc_host *mmc, + host->ops->set_uhs_signaling(host, ios->timing); + host->timing = ios->timing; + +- if (!(host->quirks2 & SDHCI_QUIRK2_PRESET_VALUE_BROKEN) && +- ((ios->timing == MMC_TIMING_UHS_SDR12) || +- (ios->timing == MMC_TIMING_UHS_SDR25) || +- (ios->timing == MMC_TIMING_UHS_SDR50) || +- (ios->timing == MMC_TIMING_UHS_SDR104) || +- (ios->timing == MMC_TIMING_UHS_DDR50) || +- (ios->timing == MMC_TIMING_MMC_DDR52))) { ++ if (sdhci_preset_needed(host, ios->timing)) { + u16 preset; + + sdhci_enable_preset_value(host, true); + preset = sdhci_get_preset_value(host); + ios->drv_type = FIELD_GET(SDHCI_PRESET_DRV_MASK, + preset); ++ host->drv_type = ios->drv_type; + } + + /* Re-enable SD Clock */ +@@ -3707,6 +3752,7 @@ int sdhci_resume_host(struct sdhci_host + sdhci_init(host, 0); + host->pwr = 0; + host->clock = 0; ++ host->reinit_uhs = true; + mmc->ops->set_ios(mmc, &mmc->ios); + } else { + sdhci_init(host, (host->mmc->pm_flags & MMC_PM_KEEP_POWER)); +@@ -3769,6 +3815,7 @@ int sdhci_runtime_resume_host(struct sdh + /* Force clock and power re-program */ + host->pwr = 0; + host->clock = 0; ++ host->reinit_uhs = true; + mmc->ops->start_signal_voltage_switch(mmc, &mmc->ios); + mmc->ops->set_ios(mmc, &mmc->ios); + +--- a/drivers/mmc/host/sdhci.h ++++ b/drivers/mmc/host/sdhci.h +@@ -520,6 +520,8 @@ struct sdhci_host { + + unsigned int clock; /* Current clock (MHz) */ + u8 pwr; /* Current voltage */ ++ u8 drv_type; /* Current UHS-I driver type */ ++ bool reinit_uhs; /* Force UHS-related re-initialization */ + + bool runtime_suspended; /* Host is runtime suspended */ + bool bus_on; /* Bus power prevents runtime suspend */ diff --git a/queue-5.10/mmc-sdhci-sprd-fix-no-reset-data-and-command-after-voltage-switch.patch b/queue-5.10/mmc-sdhci-sprd-fix-no-reset-data-and-command-after-voltage-switch.patch new file mode 100644 index 00000000000..a7f71f2bf3e --- /dev/null +++ b/queue-5.10/mmc-sdhci-sprd-fix-no-reset-data-and-command-after-voltage-switch.patch @@ -0,0 +1,44 @@ +From dd30dcfa7a74a06f8dcdab260d8d5adf32f17333 Mon Sep 17 00:00:00 2001 +From: Wenchao Chen +Date: Wed, 30 Nov 2022 20:13:28 +0800 +Subject: mmc: sdhci-sprd: Fix no reset data and command after voltage switch + +From: Wenchao Chen + +commit dd30dcfa7a74a06f8dcdab260d8d5adf32f17333 upstream. + +After switching the voltage, no reset data and command will cause +CMD2 timeout. + +Fixes: 29ca763fc26f ("mmc: sdhci-sprd: Add pin control support for voltage switch") +Signed-off-by: Wenchao Chen +Acked-by: Adrian Hunter +Reviewed-by: Baolin Wang +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20221130121328.25553-1-wenchao.chen@unisoc.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci-sprd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/mmc/host/sdhci-sprd.c ++++ b/drivers/mmc/host/sdhci-sprd.c +@@ -457,7 +457,7 @@ static int sdhci_sprd_voltage_switch(str + } + + if (IS_ERR(sprd_host->pinctrl)) +- return 0; ++ goto reset; + + switch (ios->signal_voltage) { + case MMC_SIGNAL_VOLTAGE_180: +@@ -485,6 +485,8 @@ static int sdhci_sprd_voltage_switch(str + + /* Wait for 300 ~ 500 us for pin state stable */ + usleep_range(300, 500); ++ ++reset: + sdhci_reset(host, SDHCI_RESET_CMD | SDHCI_RESET_DATA); + + return 0; diff --git a/queue-5.10/net-stmmac-set-mac-s-flow-control-register-to-reflect-current-settings.patch b/queue-5.10/net-stmmac-set-mac-s-flow-control-register-to-reflect-current-settings.patch new file mode 100644 index 00000000000..1f0b89544a9 --- /dev/null +++ b/queue-5.10/net-stmmac-set-mac-s-flow-control-register-to-reflect-current-settings.patch @@ -0,0 +1,57 @@ +From cc3d2b5fc0d6f8ad8a52da5ea679e5c2ec2adbd4 Mon Sep 17 00:00:00 2001 +From: "Goh, Wei Sheng" +Date: Wed, 23 Nov 2022 18:51:10 +0800 +Subject: net: stmmac: Set MAC's flow control register to reflect current settings + +From: Goh, Wei Sheng + +commit cc3d2b5fc0d6f8ad8a52da5ea679e5c2ec2adbd4 upstream. + +Currently, pause frame register GMAC_RX_FLOW_CTRL_RFE is not updated +correctly when 'ethtool -A autoneg off rx off tx off' command +is issued. This fix ensures the flow control change is reflected directly +in the GMAC_RX_FLOW_CTRL_RFE register. + +Fixes: 46f69ded988d ("net: stmmac: Use resolved link config in mac_link_up()") +Cc: # 5.10.x +Signed-off-by: Goh, Wei Sheng +Signed-off-by: Noor Azura Ahmad Tarmizi +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 ++ + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 12 ++++++++++-- + 2 files changed, 12 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c +@@ -720,6 +720,8 @@ static void dwmac4_flow_ctrl(struct mac_ + if (fc & FLOW_RX) { + pr_debug("\tReceive Flow-Control ON\n"); + flow |= GMAC_RX_FLOW_CTRL_RFE; ++ } else { ++ pr_debug("\tReceive Flow-Control OFF\n"); + } + writel(flow, ioaddr + GMAC_RX_FLOW_CTRL); + +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -1043,8 +1043,16 @@ static void stmmac_mac_link_up(struct ph + ctrl |= priv->hw->link.duplex; + + /* Flow Control operation */ +- if (tx_pause && rx_pause) +- stmmac_mac_flow_ctrl(priv, duplex); ++ if (rx_pause && tx_pause) ++ priv->flow_ctrl = FLOW_AUTO; ++ else if (rx_pause && !tx_pause) ++ priv->flow_ctrl = FLOW_RX; ++ else if (!rx_pause && tx_pause) ++ priv->flow_ctrl = FLOW_TX; ++ else ++ priv->flow_ctrl = FLOW_OFF; ++ ++ stmmac_mac_flow_ctrl(priv, duplex); + + writel(ctrl, priv->ioaddr + MAC_CTRL_REG); + diff --git a/queue-5.10/nilfs2-fix-null-pointer-dereference-in-nilfs_palloc_commit_free_entry.patch b/queue-5.10/nilfs2-fix-null-pointer-dereference-in-nilfs_palloc_commit_free_entry.patch new file mode 100644 index 00000000000..2c38b47d535 --- /dev/null +++ b/queue-5.10/nilfs2-fix-null-pointer-dereference-in-nilfs_palloc_commit_free_entry.patch @@ -0,0 +1,107 @@ +From f0a0ccda18d6fd826d7c7e7ad48a6ed61c20f8b4 Mon Sep 17 00:00:00 2001 +From: ZhangPeng +Date: Sat, 19 Nov 2022 21:05:42 +0900 +Subject: nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() + +From: ZhangPeng + +commit f0a0ccda18d6fd826d7c7e7ad48a6ed61c20f8b4 upstream. + +Syzbot reported a null-ptr-deref bug: + + NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP + frequency < 30 seconds + general protection fault, probably for non-canonical address + 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN + KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] + CPU: 1 PID: 3603 Comm: segctord Not tainted + 6.1.0-rc2-syzkaller-00105-gb229b6ca5abb #0 + Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google + 10/11/2022 + RIP: 0010:nilfs_palloc_commit_free_entry+0xe5/0x6b0 + fs/nilfs2/alloc.c:608 + Code: 00 00 00 00 fc ff df 80 3c 02 00 0f 85 cd 05 00 00 48 b8 00 00 00 + 00 00 fc ff df 4c 8b 73 08 49 8d 7e 10 48 89 fa 48 c1 ea 03 <80> 3c 02 + 00 0f 85 26 05 00 00 49 8b 46 10 be a6 00 00 00 48 c7 c7 + RSP: 0018:ffffc90003dff830 EFLAGS: 00010212 + RAX: dffffc0000000000 RBX: ffff88802594e218 RCX: 000000000000000d + RDX: 0000000000000002 RSI: 0000000000002000 RDI: 0000000000000010 + RBP: ffff888071880222 R08: 0000000000000005 R09: 000000000000003f + R10: 000000000000000d R11: 0000000000000000 R12: ffff888071880158 + R13: ffff88802594e220 R14: 0000000000000000 R15: 0000000000000004 + FS: 0000000000000000(0000) GS:ffff8880b9b00000(0000) + knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007fb1c08316a8 CR3: 0000000018560000 CR4: 0000000000350ee0 + Call Trace: + + nilfs_dat_commit_free fs/nilfs2/dat.c:114 [inline] + nilfs_dat_commit_end+0x464/0x5f0 fs/nilfs2/dat.c:193 + nilfs_dat_commit_update+0x26/0x40 fs/nilfs2/dat.c:236 + nilfs_btree_commit_update_v+0x87/0x4a0 fs/nilfs2/btree.c:1940 + nilfs_btree_commit_propagate_v fs/nilfs2/btree.c:2016 [inline] + nilfs_btree_propagate_v fs/nilfs2/btree.c:2046 [inline] + nilfs_btree_propagate+0xa00/0xd60 fs/nilfs2/btree.c:2088 + nilfs_bmap_propagate+0x73/0x170 fs/nilfs2/bmap.c:337 + nilfs_collect_file_data+0x45/0xd0 fs/nilfs2/segment.c:568 + nilfs_segctor_apply_buffers+0x14a/0x470 fs/nilfs2/segment.c:1018 + nilfs_segctor_scan_file+0x3f4/0x6f0 fs/nilfs2/segment.c:1067 + nilfs_segctor_collect_blocks fs/nilfs2/segment.c:1197 [inline] + nilfs_segctor_collect fs/nilfs2/segment.c:1503 [inline] + nilfs_segctor_do_construct+0x12fc/0x6af0 fs/nilfs2/segment.c:2045 + nilfs_segctor_construct+0x8e3/0xb30 fs/nilfs2/segment.c:2379 + nilfs_segctor_thread_construct fs/nilfs2/segment.c:2487 [inline] + nilfs_segctor_thread+0x3c3/0xf30 fs/nilfs2/segment.c:2570 + kthread+0x2e4/0x3a0 kernel/kthread.c:376 + ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:306 + + ... + +If DAT metadata file is corrupted on disk, there is a case where +req->pr_desc_bh is NULL and blocknr is 0 at nilfs_dat_commit_end() during +a b-tree operation that cascadingly updates ancestor nodes of the b-tree, +because nilfs_dat_commit_alloc() for a lower level block can initialize +the blocknr on the same DAT entry between nilfs_dat_prepare_end() and +nilfs_dat_commit_end(). + +If this happens, nilfs_dat_commit_end() calls nilfs_dat_commit_free() +without valid buffer heads in req->pr_desc_bh and req->pr_bitmap_bh, and +causes the NULL pointer dereference above in +nilfs_palloc_commit_free_entry() function, which leads to a crash. + +Fix this by adding a NULL check on req->pr_desc_bh and req->pr_bitmap_bh +before nilfs_palloc_commit_free_entry() in nilfs_dat_commit_free(). + +This also calls nilfs_error() in that case to notify that there is a fatal +flaw in the filesystem metadata and prevent further operations. + +Link: https://lkml.kernel.org/r/00000000000097c20205ebaea3d6@google.com +Link: https://lkml.kernel.org/r/20221114040441.1649940-1-zhangpeng362@huawei.com +Link: https://lkml.kernel.org/r/20221119120542.17204-1-konishi.ryusuke@gmail.com +Signed-off-by: ZhangPeng +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+ebe05ee8e98f755f61d0@syzkaller.appspotmail.com +Tested-by: Ryusuke Konishi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/dat.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/fs/nilfs2/dat.c ++++ b/fs/nilfs2/dat.c +@@ -111,6 +111,13 @@ static void nilfs_dat_commit_free(struct + kunmap_atomic(kaddr); + + nilfs_dat_commit_entry(dat, req); ++ ++ if (unlikely(req->pr_desc_bh == NULL || req->pr_bitmap_bh == NULL)) { ++ nilfs_error(dat->i_sb, ++ "state inconsistency probably due to duplicate use of vblocknr = %llu", ++ (unsigned long long)req->pr_entry_nr); ++ return; ++ } + nilfs_palloc_commit_free_entry(dat, req); + } + diff --git a/queue-5.10/pinctrl-intel-save-and-restore-pins-in-direct-irq-mode.patch b/queue-5.10/pinctrl-intel-save-and-restore-pins-in-direct-irq-mode.patch new file mode 100644 index 00000000000..f69c239fa56 --- /dev/null +++ b/queue-5.10/pinctrl-intel-save-and-restore-pins-in-direct-irq-mode.patch @@ -0,0 +1,85 @@ +From 6989ea4881c8944fbf04378418bb1af63d875ef8 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Fri, 25 Nov 2022 00:29:26 +0200 +Subject: pinctrl: intel: Save and restore pins in "direct IRQ" mode + +From: Andy Shevchenko + +commit 6989ea4881c8944fbf04378418bb1af63d875ef8 upstream. + +The firmware on some systems may configure GPIO pins to be +an interrupt source in so called "direct IRQ" mode. In such +cases the GPIO controller driver has no idea if those pins +are being used or not. At the same time, there is a known bug +in the firmwares that don't restore the pin settings correctly +after suspend, i.e. by an unknown reason the Rx value becomes +inverted. + +Hence, let's save and restore the pins that are configured +as GPIOs in the input mode with GPIROUTIOXAPIC bit set. + +Cc: stable@vger.kernel.org +Reported-and-tested-by: Dale Smith +Reported-and-tested-by: John Harris +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=214749 +Signed-off-by: Andy Shevchenko +Acked-by: Mika Westerberg +Link: https://lore.kernel.org/r/20221124222926.72326-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/intel/pinctrl-intel.c | 27 ++++++++++++++++++++++++++- + 1 file changed, 26 insertions(+), 1 deletion(-) + +--- a/drivers/pinctrl/intel/pinctrl-intel.c ++++ b/drivers/pinctrl/intel/pinctrl-intel.c +@@ -426,9 +426,14 @@ static void __intel_gpio_set_direction(v + writel(value, padcfg0); + } + ++static int __intel_gpio_get_gpio_mode(u32 value) ++{ ++ return (value & PADCFG0_PMODE_MASK) >> PADCFG0_PMODE_SHIFT; ++} ++ + static int intel_gpio_get_gpio_mode(void __iomem *padcfg0) + { +- return (readl(padcfg0) & PADCFG0_PMODE_MASK) >> PADCFG0_PMODE_SHIFT; ++ return __intel_gpio_get_gpio_mode(readl(padcfg0)); + } + + static void intel_gpio_set_gpio_mode(void __iomem *padcfg0) +@@ -1604,6 +1609,7 @@ EXPORT_SYMBOL_GPL(intel_pinctrl_get_soc_ + static bool intel_pinctrl_should_save(struct intel_pinctrl *pctrl, unsigned int pin) + { + const struct pin_desc *pd = pin_desc_get(pctrl->pctldev, pin); ++ u32 value; + + if (!pd || !intel_pad_usable(pctrl, pin)) + return false; +@@ -1618,6 +1624,25 @@ static bool intel_pinctrl_should_save(st + gpiochip_line_is_irq(&pctrl->chip, intel_pin_to_gpio(pctrl, pin))) + return true; + ++ /* ++ * The firmware on some systems may configure GPIO pins to be ++ * an interrupt source in so called "direct IRQ" mode. In such ++ * cases the GPIO controller driver has no idea if those pins ++ * are being used or not. At the same time, there is a known bug ++ * in the firmwares that don't restore the pin settings correctly ++ * after suspend, i.e. by an unknown reason the Rx value becomes ++ * inverted. ++ * ++ * Hence, let's save and restore the pins that are configured ++ * as GPIOs in the input mode with GPIROUTIOXAPIC bit set. ++ * ++ * See https://bugzilla.kernel.org/show_bug.cgi?id=214749. ++ */ ++ value = readl(intel_get_padcfg(pctrl, pin, PADCFG0)); ++ if ((value & PADCFG0_GPIROUTIOXAPIC) && (value & PADCFG0_GPIOTXDIS) && ++ (__intel_gpio_get_gpio_mode(value) == PADCFG0_PMODE_GPIO)) ++ return true; ++ + return false; + } + diff --git a/queue-5.10/riscv-vdso-fix-section-overlapping-under-some-conditions.patch b/queue-5.10/riscv-vdso-fix-section-overlapping-under-some-conditions.patch new file mode 100644 index 00000000000..823697d5b33 --- /dev/null +++ b/queue-5.10/riscv-vdso-fix-section-overlapping-under-some-conditions.patch @@ -0,0 +1,58 @@ +From 74f6bb55c834da6d4bac24f44868202743189b2b Mon Sep 17 00:00:00 2001 +From: Jisheng Zhang +Date: Thu, 3 Nov 2022 01:02:54 +0800 +Subject: riscv: vdso: fix section overlapping under some conditions + +From: Jisheng Zhang + +commit 74f6bb55c834da6d4bac24f44868202743189b2b upstream. + +lkp reported a build error, I tried the config and can reproduce +build error as below: + + VDSOLD arch/riscv/kernel/vdso/vdso.so.dbg +ld.lld: error: section .note file range overlaps with .text +>>> .note range is [0x7C8, 0x803] +>>> .text range is [0x800, 0x1993] + +ld.lld: error: section .text file range overlaps with .dynamic +>>> .text range is [0x800, 0x1993] +>>> .dynamic range is [0x808, 0x937] + +ld.lld: error: section .note virtual address range overlaps with .text +>>> .note range is [0x7C8, 0x803] +>>> .text range is [0x800, 0x1993] + +Fix it by setting DISABLE_BRANCH_PROFILING which will disable branch +tracing for vdso, thus avoid useless _ftrace_annotated_branch section +and _ftrace_branch section. Although we can also fix it by removing +the hardcoded .text begin address, but I think that's another story +and should be put into another patch. + +Link: https://lore.kernel.org/lkml/202210122123.Cc4FPShJ-lkp@intel.com/#r +Reported-by: kernel test robot +Signed-off-by: Jisheng Zhang +Link: https://lore.kernel.org/r/20221102170254.1925-1-jszhang@kernel.org +Fixes: ad5d1122b82f ("riscv: use vDSO common flow to reduce the latency of the time-related functions") +Cc: stable@vger.kernel.org +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/kernel/vdso/Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makefile +index db6548509bb3..06e6b27f3bcc 100644 +--- a/arch/riscv/kernel/vdso/Makefile ++++ b/arch/riscv/kernel/vdso/Makefile +@@ -17,6 +17,7 @@ vdso-syms += flush_icache + obj-vdso = $(patsubst %, %.o, $(vdso-syms)) note.o + + ccflags-y := -fno-stack-protector ++ccflags-y += -DDISABLE_BRANCH_PROFILING + + ifneq ($(c-gettimeofday-y),) + CFLAGS_vgettimeofday.o += -fPIC -include $(c-gettimeofday-y) +-- +2.38.1 + diff --git a/queue-5.10/series b/queue-5.10/series index 6aff6910b71..e977a9a9919 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -51,3 +51,16 @@ net-ethernet-renesas-ravb-fix-promiscuous-mode-after.patch hwmon-coretemp-check-for-null-before-removing-sysfs-.patch hwmon-coretemp-fix-pci-device-refcount-leak-in-nv1a_.patch net-mlx5-dr-fix-uninitialized-var-warning.patch +riscv-vdso-fix-section-overlapping-under-some-conditions.patch +error-injection-add-prompt-for-function-error-injection.patch +tools-vm-slabinfo-gnuplot-use-grep-e-instead-of-egrep.patch +nilfs2-fix-null-pointer-dereference-in-nilfs_palloc_commit_free_entry.patch +x86-bugs-make-sure-msr_spec_ctrl-is-updated-properly-upon-resume-from-s3.patch +pinctrl-intel-save-and-restore-pins-in-direct-irq-mode.patch +net-stmmac-set-mac-s-flow-control-register-to-reflect-current-settings.patch +mmc-mmc_test-fix-removal-of-debugfs-file.patch +mmc-core-fix-ambiguous-trim-and-discard-arg.patch +mmc-sdhci-esdhc-imx-correct-cqhci-exit-halt-state-check.patch +mmc-sdhci-sprd-fix-no-reset-data-and-command-after-voltage-switch.patch +mmc-sdhci-fix-voltage-switch-delay.patch +drm-amdgpu-temporarily-disable-broken-clang-builds-due-to-blown-stack-frame.patch diff --git a/queue-5.10/tools-vm-slabinfo-gnuplot-use-grep-e-instead-of-egrep.patch b/queue-5.10/tools-vm-slabinfo-gnuplot-use-grep-e-instead-of-egrep.patch new file mode 100644 index 00000000000..1022a54e45b --- /dev/null +++ b/queue-5.10/tools-vm-slabinfo-gnuplot-use-grep-e-instead-of-egrep.patch @@ -0,0 +1,57 @@ +From a435874bf626f55d7147026b059008c8de89fbb8 Mon Sep 17 00:00:00 2001 +From: Tiezhu Yang +Date: Sat, 19 Nov 2022 10:36:59 +0800 +Subject: tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep" + +From: Tiezhu Yang + +commit a435874bf626f55d7147026b059008c8de89fbb8 upstream. + +The latest version of grep claims the egrep is now obsolete so the build +now contains warnings that look like: + + egrep: warning: egrep is obsolescent; using grep -E + +fix this up by moving the related file to use "grep -E" instead. + + sed -i "s/egrep/grep -E/g" `grep egrep -rwl tools/vm` + +Here are the steps to install the latest grep: + + wget http://ftp.gnu.org/gnu/grep/grep-3.8.tar.gz + tar xf grep-3.8.tar.gz + cd grep-3.8 && ./configure && make + sudo make install + export PATH=/usr/local/bin:$PATH + +Link: https://lkml.kernel.org/r/1668825419-30584-1-git-send-email-yangtiezhu@loongson.cn +Signed-off-by: Tiezhu Yang +Reviewed-by: Sergey Senozhatsky +Cc: Vlastimil Babka +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + tools/vm/slabinfo-gnuplot.sh | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/tools/vm/slabinfo-gnuplot.sh ++++ b/tools/vm/slabinfo-gnuplot.sh +@@ -150,7 +150,7 @@ do_preprocess() + let lines=3 + out=`basename "$in"`"-slabs-by-loss" + `cat "$in" | grep -A "$lines" 'Slabs sorted by loss' |\ +- egrep -iv '\-\-|Name|Slabs'\ ++ grep -E -iv '\-\-|Name|Slabs'\ + | awk '{print $1" "$4+$2*$3" "$4}' > "$out"` + if [ $? -eq 0 ]; then + do_slabs_plotting "$out" +@@ -159,7 +159,7 @@ do_preprocess() + let lines=3 + out=`basename "$in"`"-slabs-by-size" + `cat "$in" | grep -A "$lines" 'Slabs sorted by size' |\ +- egrep -iv '\-\-|Name|Slabs'\ ++ grep -E -iv '\-\-|Name|Slabs'\ + | awk '{print $1" "$4" "$4-$2*$3}' > "$out"` + if [ $? -eq 0 ]; then + do_slabs_plotting "$out" diff --git a/queue-5.10/x86-bugs-make-sure-msr_spec_ctrl-is-updated-properly-upon-resume-from-s3.patch b/queue-5.10/x86-bugs-make-sure-msr_spec_ctrl-is-updated-properly-upon-resume-from-s3.patch new file mode 100644 index 00000000000..8ad087df569 --- /dev/null +++ b/queue-5.10/x86-bugs-make-sure-msr_spec_ctrl-is-updated-properly-upon-resume-from-s3.patch @@ -0,0 +1,140 @@ +From 66065157420c5b9b3f078f43d313c153e1ff7f83 Mon Sep 17 00:00:00 2001 +From: Pawan Gupta +Date: Wed, 30 Nov 2022 07:25:51 -0800 +Subject: x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 + +From: Pawan Gupta + +commit 66065157420c5b9b3f078f43d313c153e1ff7f83 upstream. + +The "force" argument to write_spec_ctrl_current() is currently ambiguous +as it does not guarantee the MSR write. This is due to the optimization +that writes to the MSR happen only when the new value differs from the +cached value. + +This is fine in most cases, but breaks for S3 resume when the cached MSR +value gets out of sync with the hardware MSR value due to S3 resetting +it. + +When x86_spec_ctrl_current is same as x86_spec_ctrl_base, the MSR write +is skipped. Which results in SPEC_CTRL mitigations not getting restored. + +Move the MSR write from write_spec_ctrl_current() to a new function that +unconditionally writes to the MSR. Update the callers accordingly and +rename functions. + + [ bp: Rework a bit. ] + +Fixes: caa0ff24d5d0 ("x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value") +Suggested-by: Borislav Petkov +Signed-off-by: Pawan Gupta +Signed-off-by: Borislav Petkov (AMD) +Reviewed-by: Thomas Gleixner +Cc: +Link: https://lore.kernel.org/r/806d39b0bfec2fe8f50dc5446dff20f5bb24a959.1669821572.git.pawan.kumar.gupta@linux.intel.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/nospec-branch.h | 2 +- + arch/x86/kernel/cpu/bugs.c | 21 ++++++++++++++------- + arch/x86/kernel/process.c | 2 +- + 3 files changed, 16 insertions(+), 9 deletions(-) + +--- a/arch/x86/include/asm/nospec-branch.h ++++ b/arch/x86/include/asm/nospec-branch.h +@@ -310,7 +310,7 @@ static inline void indirect_branch_predi + /* The Intel SPEC CTRL MSR base value cache */ + extern u64 x86_spec_ctrl_base; + DECLARE_PER_CPU(u64, x86_spec_ctrl_current); +-extern void write_spec_ctrl_current(u64 val, bool force); ++extern void update_spec_ctrl_cond(u64 val); + extern u64 spec_ctrl_current(void); + + /* +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -59,11 +59,18 @@ EXPORT_SYMBOL_GPL(x86_spec_ctrl_current) + + static DEFINE_MUTEX(spec_ctrl_mutex); + ++/* Update SPEC_CTRL MSR and its cached copy unconditionally */ ++static void update_spec_ctrl(u64 val) ++{ ++ this_cpu_write(x86_spec_ctrl_current, val); ++ wrmsrl(MSR_IA32_SPEC_CTRL, val); ++} ++ + /* + * Keep track of the SPEC_CTRL MSR value for the current task, which may differ + * from x86_spec_ctrl_base due to STIBP/SSB in __speculation_ctrl_update(). + */ +-void write_spec_ctrl_current(u64 val, bool force) ++void update_spec_ctrl_cond(u64 val) + { + if (this_cpu_read(x86_spec_ctrl_current) == val) + return; +@@ -74,7 +81,7 @@ void write_spec_ctrl_current(u64 val, bo + * When KERNEL_IBRS this MSR is written on return-to-user, unless + * forced the update can be delayed until that time. + */ +- if (force || !cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS)) ++ if (!cpu_feature_enabled(X86_FEATURE_KERNEL_IBRS)) + wrmsrl(MSR_IA32_SPEC_CTRL, val); + } + +@@ -1291,7 +1298,7 @@ static void __init spec_ctrl_disable_ker + + if (ia32_cap & ARCH_CAP_RRSBA) { + x86_spec_ctrl_base |= SPEC_CTRL_RRSBA_DIS_S; +- write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ update_spec_ctrl(x86_spec_ctrl_base); + } + } + +@@ -1413,7 +1420,7 @@ static void __init spectre_v2_select_mit + + if (spectre_v2_in_ibrs_mode(mode)) { + x86_spec_ctrl_base |= SPEC_CTRL_IBRS; +- write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ update_spec_ctrl(x86_spec_ctrl_base); + } + + switch (mode) { +@@ -1527,7 +1534,7 @@ static void __init spectre_v2_select_mit + static void update_stibp_msr(void * __unused) + { + u64 val = spec_ctrl_current() | (x86_spec_ctrl_base & SPEC_CTRL_STIBP); +- write_spec_ctrl_current(val, true); ++ update_spec_ctrl(val); + } + + /* Update x86_spec_ctrl_base in case SMT state changed. */ +@@ -1760,7 +1767,7 @@ static enum ssb_mitigation __init __ssb_ + x86_amd_ssb_disable(); + } else { + x86_spec_ctrl_base |= SPEC_CTRL_SSBD; +- write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ update_spec_ctrl(x86_spec_ctrl_base); + } + } + +@@ -1978,7 +1985,7 @@ int arch_prctl_spec_ctrl_get(struct task + void x86_spec_ctrl_setup_ap(void) + { + if (boot_cpu_has(X86_FEATURE_MSR_SPEC_CTRL)) +- write_spec_ctrl_current(x86_spec_ctrl_base, true); ++ update_spec_ctrl(x86_spec_ctrl_base); + + if (ssb_mode == SPEC_STORE_BYPASS_DISABLE) + x86_amd_ssb_disable(); +--- a/arch/x86/kernel/process.c ++++ b/arch/x86/kernel/process.c +@@ -556,7 +556,7 @@ static __always_inline void __speculatio + } + + if (updmsr) +- write_spec_ctrl_current(msr, false); ++ update_spec_ctrl_cond(msr); + } + + static unsigned long speculation_ctrl_update_tif(struct task_struct *tsk) -- 2.47.3