From a2dd77c954150ef46426d983039cea996ea28a76 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 15 Apr 2020 15:21:24 +0200 Subject: [PATCH] 4.19-stable patches added patches: powerpc-64-tm-don-t-let-userspace-set-regs-trap-via-sigreturn.patch powerpc-hash64-devmap-use-h_page_thp_huge-when-setting-up-huge-devmap-pte-entries.patch powerpc-kprobes-ignore-traps-that-happened-in-real-mode.patch powerpc-powernv-idle-restore-amr-uamor-amor-after-idle.patch powerpc-xive-use-xive_bad_irq-instead-of-zero-to-catch-non-configured-ipis.patch --- ...serspace-set-regs-trap-via-sigreturn.patch | 64 +++++++++ ...n-setting-up-huge-devmap-pte-entries.patch | 136 ++++++++++++++++++ ...ore-traps-that-happened-in-real-mode.patch | 74 ++++++++++ ...le-restore-amr-uamor-amor-after-idle.patch | 79 ++++++++++ ...of-zero-to-catch-non-configured-ipis.patch | 136 ++++++++++++++++++ queue-4.19/series | 5 + 6 files changed, 494 insertions(+) create mode 100644 queue-4.19/powerpc-64-tm-don-t-let-userspace-set-regs-trap-via-sigreturn.patch create mode 100644 queue-4.19/powerpc-hash64-devmap-use-h_page_thp_huge-when-setting-up-huge-devmap-pte-entries.patch create mode 100644 queue-4.19/powerpc-kprobes-ignore-traps-that-happened-in-real-mode.patch create mode 100644 queue-4.19/powerpc-powernv-idle-restore-amr-uamor-amor-after-idle.patch create mode 100644 queue-4.19/powerpc-xive-use-xive_bad_irq-instead-of-zero-to-catch-non-configured-ipis.patch diff --git a/queue-4.19/powerpc-64-tm-don-t-let-userspace-set-regs-trap-via-sigreturn.patch b/queue-4.19/powerpc-64-tm-don-t-let-userspace-set-regs-trap-via-sigreturn.patch new file mode 100644 index 00000000000..ed0f5d67978 --- /dev/null +++ b/queue-4.19/powerpc-64-tm-don-t-let-userspace-set-regs-trap-via-sigreturn.patch @@ -0,0 +1,64 @@ +From c7def7fbdeaa25feaa19caf4a27c5d10bd8789e4 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Tue, 31 Mar 2020 22:47:19 +1100 +Subject: powerpc/64/tm: Don't let userspace set regs->trap via sigreturn + +From: Michael Ellerman + +commit c7def7fbdeaa25feaa19caf4a27c5d10bd8789e4 upstream. + +In restore_tm_sigcontexts() we take the trap value directly from the +user sigcontext with no checking: + + err |= __get_user(regs->trap, &sc->gp_regs[PT_TRAP]); + +This means we can be in the kernel with an arbitrary regs->trap value. + +Although that's not immediately problematic, there is a risk we could +trigger one of the uses of CHECK_FULL_REGS(): + + #define CHECK_FULL_REGS(regs) BUG_ON(regs->trap & 1) + +It can also cause us to unnecessarily save non-volatile GPRs again in +save_nvgprs(), which shouldn't be problematic but is still wrong. + +It's also possible it could trick the syscall restart machinery, which +relies on regs->trap not being == 0xc00 (see 9a81c16b5275 ("powerpc: +fix double syscall restarts")), though I haven't been able to make +that happen. + +Finally it doesn't match the behaviour of the non-TM case, in +restore_sigcontext() which zeroes regs->trap. + +So change restore_tm_sigcontexts() to zero regs->trap. + +This was discovered while testing Nick's upcoming rewrite of the +syscall entry path. In that series the call to save_nvgprs() prior to +signal handling (do_notify_resume()) is removed, which leaves the +low-bit of regs->trap uncleared which can then trigger the FULL_REGS() +WARNs in setup_tm_sigcontexts(). + +Fixes: 2b0a576d15e0 ("powerpc: Add new transactional memory state to the signal context") +Cc: stable@vger.kernel.org # v3.9+ +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200401023836.3286664-1-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/signal_64.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/kernel/signal_64.c ++++ b/arch/powerpc/kernel/signal_64.c +@@ -477,8 +477,10 @@ static long restore_tm_sigcontexts(struc + err |= __get_user(tsk->thread.ckpt_regs.ccr, + &sc->gp_regs[PT_CCR]); + ++ /* Don't allow userspace to set the trap value */ ++ regs->trap = 0; ++ + /* These regs are not checkpointed; they can go in 'regs'. */ +- err |= __get_user(regs->trap, &sc->gp_regs[PT_TRAP]); + err |= __get_user(regs->dar, &sc->gp_regs[PT_DAR]); + err |= __get_user(regs->dsisr, &sc->gp_regs[PT_DSISR]); + err |= __get_user(regs->result, &sc->gp_regs[PT_RESULT]); diff --git a/queue-4.19/powerpc-hash64-devmap-use-h_page_thp_huge-when-setting-up-huge-devmap-pte-entries.patch b/queue-4.19/powerpc-hash64-devmap-use-h_page_thp_huge-when-setting-up-huge-devmap-pte-entries.patch new file mode 100644 index 00000000000..df5dba5b3c4 --- /dev/null +++ b/queue-4.19/powerpc-hash64-devmap-use-h_page_thp_huge-when-setting-up-huge-devmap-pte-entries.patch @@ -0,0 +1,136 @@ +From 36b78402d97a3b9aeab136feb9b00d8647ec2c20 Mon Sep 17 00:00:00 2001 +From: "Aneesh Kumar K.V" +Date: Fri, 13 Mar 2020 15:18:42 +0530 +Subject: powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries + +From: Aneesh Kumar K.V + +commit 36b78402d97a3b9aeab136feb9b00d8647ec2c20 upstream. + +H_PAGE_THP_HUGE is used to differentiate between a THP hugepage and +hugetlb hugepage entries. The difference is WRT how we handle hash +fault on these address. THP address enables MPSS in segments. We want +to manage devmap hugepage entries similar to THP pt entries. Hence use +H_PAGE_THP_HUGE for devmap huge PTE entries. + +With current code while handling hash PTE fault, we do set is_thp = +true when finding devmap PTE huge PTE entries. + +Current code also does the below sequence we setting up huge devmap +entries. + + entry = pmd_mkhuge(pfn_t_pmd(pfn, prot)); + if (pfn_t_devmap(pfn)) + entry = pmd_mkdevmap(entry); + +In that case we would find both H_PAGE_THP_HUGE and PAGE_DEVMAP set +for huge devmap PTE entries. This results in false positive error like +below. + + kernel BUG at /home/kvaneesh/src/linux/mm/memory.c:4321! + Oops: Exception in kernel mode, sig: 5 [#1] + LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries + Modules linked in: + CPU: 56 PID: 67996 Comm: t_mmap_dio Not tainted 5.6.0-rc4-59640-g371c804dedbc #128 + .... + NIP [c00000000044c9e4] __follow_pte_pmd+0x264/0x900 + LR [c0000000005d45f8] dax_writeback_one+0x1a8/0x740 + Call Trace: + str_spec.74809+0x22ffb4/0x2d116c (unreliable) + dax_writeback_one+0x1a8/0x740 + dax_writeback_mapping_range+0x26c/0x700 + ext4_dax_writepages+0x150/0x5a0 + do_writepages+0x68/0x180 + __filemap_fdatawrite_range+0x138/0x180 + file_write_and_wait_range+0xa4/0x110 + ext4_sync_file+0x370/0x6e0 + vfs_fsync_range+0x70/0xf0 + sys_msync+0x220/0x2e0 + system_call+0x5c/0x68 + +This is because our pmd_trans_huge check doesn't exclude _PAGE_DEVMAP. + +To make this all consistent, update pmd_mkdevmap to set +H_PAGE_THP_HUGE and pmd_trans_huge check now excludes _PAGE_DEVMAP +correctly. + +Fixes: ebd31197931d ("powerpc/mm: Add devmap support for ppc64") +Cc: stable@vger.kernel.org # v4.13+ +Signed-off-by: Aneesh Kumar K.V +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200313094842.351830-1-aneesh.kumar@linux.ibm.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/include/asm/book3s/64/hash-4k.h | 6 ++++++ + arch/powerpc/include/asm/book3s/64/hash-64k.h | 8 +++++++- + arch/powerpc/include/asm/book3s/64/pgtable.h | 4 +++- + arch/powerpc/include/asm/book3s/64/radix.h | 5 +++++ + 4 files changed, 21 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/include/asm/book3s/64/hash-4k.h ++++ b/arch/powerpc/include/asm/book3s/64/hash-4k.h +@@ -145,6 +145,12 @@ extern pmd_t hash__pmdp_huge_get_and_cle + extern int hash__has_transparent_hugepage(void); + #endif + ++static inline pmd_t hash__pmd_mkdevmap(pmd_t pmd) ++{ ++ BUG(); ++ return pmd; ++} ++ + #endif /* !__ASSEMBLY__ */ + + #endif /* _ASM_POWERPC_BOOK3S_64_HASH_4K_H */ +--- a/arch/powerpc/include/asm/book3s/64/hash-64k.h ++++ b/arch/powerpc/include/asm/book3s/64/hash-64k.h +@@ -233,7 +233,7 @@ static inline void mark_hpte_slot_valid( + */ + static inline int hash__pmd_trans_huge(pmd_t pmd) + { +- return !!((pmd_val(pmd) & (_PAGE_PTE | H_PAGE_THP_HUGE)) == ++ return !!((pmd_val(pmd) & (_PAGE_PTE | H_PAGE_THP_HUGE | _PAGE_DEVMAP)) == + (_PAGE_PTE | H_PAGE_THP_HUGE)); + } + +@@ -259,6 +259,12 @@ extern pmd_t hash__pmdp_huge_get_and_cle + unsigned long addr, pmd_t *pmdp); + extern int hash__has_transparent_hugepage(void); + #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ ++ ++static inline pmd_t hash__pmd_mkdevmap(pmd_t pmd) ++{ ++ return __pmd(pmd_val(pmd) | (_PAGE_PTE | H_PAGE_THP_HUGE | _PAGE_DEVMAP)); ++} ++ + #endif /* __ASSEMBLY__ */ + + #endif /* _ASM_POWERPC_BOOK3S_64_HASH_64K_H */ +--- a/arch/powerpc/include/asm/book3s/64/pgtable.h ++++ b/arch/powerpc/include/asm/book3s/64/pgtable.h +@@ -1253,7 +1253,9 @@ extern void serialize_against_pte_lookup + + static inline pmd_t pmd_mkdevmap(pmd_t pmd) + { +- return __pmd(pmd_val(pmd) | (_PAGE_PTE | _PAGE_DEVMAP)); ++ if (radix_enabled()) ++ return radix__pmd_mkdevmap(pmd); ++ return hash__pmd_mkdevmap(pmd); + } + + static inline int pmd_devmap(pmd_t pmd) +--- a/arch/powerpc/include/asm/book3s/64/radix.h ++++ b/arch/powerpc/include/asm/book3s/64/radix.h +@@ -255,6 +255,11 @@ extern pmd_t radix__pmdp_huge_get_and_cl + extern int radix__has_transparent_hugepage(void); + #endif + ++static inline pmd_t radix__pmd_mkdevmap(pmd_t pmd) ++{ ++ return __pmd(pmd_val(pmd) | (_PAGE_PTE | _PAGE_DEVMAP)); ++} ++ + extern int __meminit radix__vmemmap_create_mapping(unsigned long start, + unsigned long page_size, + unsigned long phys); diff --git a/queue-4.19/powerpc-kprobes-ignore-traps-that-happened-in-real-mode.patch b/queue-4.19/powerpc-kprobes-ignore-traps-that-happened-in-real-mode.patch new file mode 100644 index 00000000000..a0648593a9e --- /dev/null +++ b/queue-4.19/powerpc-kprobes-ignore-traps-that-happened-in-real-mode.patch @@ -0,0 +1,74 @@ +From 21f8b2fa3ca5b01f7a2b51b89ce97a3705a15aa0 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Tue, 18 Feb 2020 19:38:27 +0000 +Subject: powerpc/kprobes: Ignore traps that happened in real mode + +From: Christophe Leroy + +commit 21f8b2fa3ca5b01f7a2b51b89ce97a3705a15aa0 upstream. + +When a program check exception happens while MMU translation is +disabled, following Oops happens in kprobe_handler() in the following +code: + + } else if (*addr != BREAKPOINT_INSTRUCTION) { + + BUG: Unable to handle kernel data access on read at 0x0000e268 + Faulting instruction address: 0xc000ec34 + Oops: Kernel access of bad area, sig: 11 [#1] + BE PAGE_SIZE=16K PREEMPT CMPC885 + Modules linked in: + CPU: 0 PID: 429 Comm: cat Not tainted 5.6.0-rc1-s3k-dev-00824-g84195dc6c58a #3267 + NIP: c000ec34 LR: c000ecd8 CTR: c019cab8 + REGS: ca4d3b58 TRAP: 0300 Not tainted (5.6.0-rc1-s3k-dev-00824-g84195dc6c58a) + MSR: 00001032 CR: 2a4d3c52 XER: 00000000 + DAR: 0000e268 DSISR: c0000000 + GPR00: c000b09c ca4d3c10 c66d0620 00000000 ca4d3c60 00000000 00009032 00000000 + GPR08: 00020000 00000000 c087de44 c000afe0 c66d0ad0 100d3dd6 fffffff3 00000000 + GPR16: 00000000 00000041 00000000 ca4d3d70 00000000 00000000 0000416d 00000000 + GPR24: 00000004 c53b6128 00000000 0000e268 00000000 c07c0000 c07bb6fc ca4d3c60 + NIP [c000ec34] kprobe_handler+0x128/0x290 + LR [c000ecd8] kprobe_handler+0x1cc/0x290 + Call Trace: + [ca4d3c30] [c000b09c] program_check_exception+0xbc/0x6fc + [ca4d3c50] [c000e43c] ret_from_except_full+0x0/0x4 + --- interrupt: 700 at 0xe268 + Instruction dump: + 913e0008 81220000 38600001 3929ffff 91220000 80010024 bb410008 7c0803a6 + 38210020 4e800020 38600000 4e800020 <813b0000> 6d2a7fe0 2f8a0008 419e0154 + ---[ end trace 5b9152d4cdadd06d ]--- + +kprobe is not prepared to handle events in real mode and functions +running in real mode should have been blacklisted, so kprobe_handler() +can safely bail out telling 'this trap is not mine' for any trap that +happened while in real-mode. + +If the trap happened with MSR_IR or MSR_DR cleared, return 0 +immediately. + +Reported-by: Larry Finger +Fixes: 6cc89bad60a6 ("powerpc/kprobes: Invoke handlers directly") +Cc: stable@vger.kernel.org # v4.10+ +Signed-off-by: Christophe Leroy +Reviewed-by: Masami Hiramatsu +Reviewed-by: Naveen N. Rao +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/424331e2006e7291a1bfe40e7f3fa58825f565e1.1582054578.git.christophe.leroy@c-s.fr +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/kprobes.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/powerpc/kernel/kprobes.c ++++ b/arch/powerpc/kernel/kprobes.c +@@ -277,6 +277,9 @@ int kprobe_handler(struct pt_regs *regs) + if (user_mode(regs)) + return 0; + ++ if (!(regs->msr & MSR_IR) || !(regs->msr & MSR_DR)) ++ return 0; ++ + /* + * We don't want to be preempted for the entire + * duration of kprobe processing diff --git a/queue-4.19/powerpc-powernv-idle-restore-amr-uamor-amor-after-idle.patch b/queue-4.19/powerpc-powernv-idle-restore-amr-uamor-amor-after-idle.patch new file mode 100644 index 00000000000..3fd09e8159d --- /dev/null +++ b/queue-4.19/powerpc-powernv-idle-restore-amr-uamor-amor-after-idle.patch @@ -0,0 +1,79 @@ +From 53a712bae5dd919521a58d7bad773b949358add0 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Thu, 18 Apr 2019 16:51:17 +1000 +Subject: powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle + +From: Michael Ellerman + +commit 53a712bae5dd919521a58d7bad773b949358add0 upstream. + +In order to implement KUAP (Kernel Userspace Access Protection) on +Power9 we will be using the AMR, and therefore indirectly the +UAMOR/AMOR. + +So save/restore these regs in the idle code. + +Signed-off-by: Michael Ellerman +[ajd: Backport to 4.19 tree, CVE-2020-11669] +Signed-off-by: Andrew Donnellan +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/idle_book3s.S | 27 +++++++++++++++++++++++---- + 1 file changed, 23 insertions(+), 4 deletions(-) + +--- a/arch/powerpc/kernel/idle_book3s.S ++++ b/arch/powerpc/kernel/idle_book3s.S +@@ -170,8 +170,11 @@ core_idle_lock_held: + bne- core_idle_lock_held + blr + +-/* Reuse an unused pt_regs slot for IAMR */ ++/* Reuse some unused pt_regs slots for AMR/IAMR/UAMOR/UAMOR */ ++#define PNV_POWERSAVE_AMR _TRAP + #define PNV_POWERSAVE_IAMR _DAR ++#define PNV_POWERSAVE_UAMOR _DSISR ++#define PNV_POWERSAVE_AMOR RESULT + + /* + * Pass requested state in r3: +@@ -205,8 +208,16 @@ pnv_powersave_common: + SAVE_NVGPRS(r1) + + BEGIN_FTR_SECTION ++ mfspr r4, SPRN_AMR + mfspr r5, SPRN_IAMR ++ mfspr r6, SPRN_UAMOR ++ std r4, PNV_POWERSAVE_AMR(r1) + std r5, PNV_POWERSAVE_IAMR(r1) ++ std r6, PNV_POWERSAVE_UAMOR(r1) ++BEGIN_FTR_SECTION_NESTED(42) ++ mfspr r7, SPRN_AMOR ++ std r7, PNV_POWERSAVE_AMOR(r1) ++END_FTR_SECTION_NESTED_IFSET(CPU_FTR_HVMODE, 42) + END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) + + mfcr r5 +@@ -935,12 +946,20 @@ END_FTR_SECTION_IFSET(CPU_FTR_HVMODE) + REST_GPR(2, r1) + + BEGIN_FTR_SECTION +- /* IAMR was saved in pnv_powersave_common() */ ++ /* These regs were saved in pnv_powersave_common() */ ++ ld r4, PNV_POWERSAVE_AMR(r1) + ld r5, PNV_POWERSAVE_IAMR(r1) ++ ld r6, PNV_POWERSAVE_UAMOR(r1) ++ mtspr SPRN_AMR, r4 + mtspr SPRN_IAMR, r5 ++ mtspr SPRN_UAMOR, r6 ++BEGIN_FTR_SECTION_NESTED(42) ++ ld r7, PNV_POWERSAVE_AMOR(r1) ++ mtspr SPRN_AMOR, r7 ++END_FTR_SECTION_NESTED_IFSET(CPU_FTR_HVMODE, 42) + /* +- * We don't need an isync here because the upcoming mtmsrd is +- * execution synchronizing. ++ * We don't need an isync here after restoring IAMR because the upcoming ++ * mtmsrd is execution synchronizing. + */ + END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S) + diff --git a/queue-4.19/powerpc-xive-use-xive_bad_irq-instead-of-zero-to-catch-non-configured-ipis.patch b/queue-4.19/powerpc-xive-use-xive_bad_irq-instead-of-zero-to-catch-non-configured-ipis.patch new file mode 100644 index 00000000000..55f8865596c --- /dev/null +++ b/queue-4.19/powerpc-xive-use-xive_bad_irq-instead-of-zero-to-catch-non-configured-ipis.patch @@ -0,0 +1,136 @@ +From b1a504a6500df50e83b701b7946b34fce27ad8a3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= +Date: Fri, 6 Mar 2020 16:01:40 +0100 +Subject: powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Cédric Le Goater + +commit b1a504a6500df50e83b701b7946b34fce27ad8a3 upstream. + +When a CPU is brought up, an IPI number is allocated and recorded +under the XIVE CPU structure. Invalid IPI numbers are tracked with +interrupt number 0x0. + +On the PowerNV platform, the interrupt number space starts at 0x10 and +this works fine. However, on the sPAPR platform, it is possible to +allocate the interrupt number 0x0 and this raises an issue when CPU 0 +is unplugged. The XIVE spapr driver tracks allocated interrupt numbers +in a bitmask and it is not correctly updated when interrupt number 0x0 +is freed. It stays allocated and it is then impossible to reallocate. + +Fix by using the XIVE_BAD_IRQ value instead of zero on both platforms. + +Reported-by: David Gibson +Fixes: eac1e731b59e ("powerpc/xive: guest exploitation of the XIVE interrupt controller") +Cc: stable@vger.kernel.org # v4.14+ +Signed-off-by: Cédric Le Goater +Reviewed-by: David Gibson +Tested-by: David Gibson +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200306150143.5551-2-clg@kaod.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/sysdev/xive/common.c | 12 +++--------- + arch/powerpc/sysdev/xive/native.c | 4 ++-- + arch/powerpc/sysdev/xive/spapr.c | 4 ++-- + arch/powerpc/sysdev/xive/xive-internal.h | 7 +++++++ + 4 files changed, 14 insertions(+), 13 deletions(-) + +--- a/arch/powerpc/sysdev/xive/common.c ++++ b/arch/powerpc/sysdev/xive/common.c +@@ -72,13 +72,6 @@ static u32 xive_ipi_irq; + /* Xive state for each CPU */ + static DEFINE_PER_CPU(struct xive_cpu *, xive_cpu); + +-/* +- * A "disabled" interrupt should never fire, to catch problems +- * we set its logical number to this +- */ +-#define XIVE_BAD_IRQ 0x7fffffff +-#define XIVE_MAX_IRQ (XIVE_BAD_IRQ - 1) +- + /* An invalid CPU target */ + #define XIVE_INVALID_TARGET (-1) + +@@ -1074,7 +1067,7 @@ static int xive_setup_cpu_ipi(unsigned i + xc = per_cpu(xive_cpu, cpu); + + /* Check if we are already setup */ +- if (xc->hw_ipi != 0) ++ if (xc->hw_ipi != XIVE_BAD_IRQ) + return 0; + + /* Grab an IPI from the backend, this will populate xc->hw_ipi */ +@@ -1111,7 +1104,7 @@ static void xive_cleanup_cpu_ipi(unsigne + /* Disable the IPI and free the IRQ data */ + + /* Already cleaned up ? */ +- if (xc->hw_ipi == 0) ++ if (xc->hw_ipi == XIVE_BAD_IRQ) + return; + + /* Mask the IPI */ +@@ -1267,6 +1260,7 @@ static int xive_prepare_cpu(unsigned int + if (np) + xc->chip_id = of_get_ibm_chip_id(np); + of_node_put(np); ++ xc->hw_ipi = XIVE_BAD_IRQ; + + per_cpu(xive_cpu, cpu) = xc; + } +--- a/arch/powerpc/sysdev/xive/native.c ++++ b/arch/powerpc/sysdev/xive/native.c +@@ -311,7 +311,7 @@ static void xive_native_put_ipi(unsigned + s64 rc; + + /* Free the IPI */ +- if (!xc->hw_ipi) ++ if (xc->hw_ipi == XIVE_BAD_IRQ) + return; + for (;;) { + rc = opal_xive_free_irq(xc->hw_ipi); +@@ -319,7 +319,7 @@ static void xive_native_put_ipi(unsigned + msleep(OPAL_BUSY_DELAY_MS); + continue; + } +- xc->hw_ipi = 0; ++ xc->hw_ipi = XIVE_BAD_IRQ; + break; + } + } +--- a/arch/powerpc/sysdev/xive/spapr.c ++++ b/arch/powerpc/sysdev/xive/spapr.c +@@ -509,11 +509,11 @@ static int xive_spapr_get_ipi(unsigned i + + static void xive_spapr_put_ipi(unsigned int cpu, struct xive_cpu *xc) + { +- if (!xc->hw_ipi) ++ if (xc->hw_ipi == XIVE_BAD_IRQ) + return; + + xive_irq_bitmap_free(xc->hw_ipi); +- xc->hw_ipi = 0; ++ xc->hw_ipi = XIVE_BAD_IRQ; + } + #endif /* CONFIG_SMP */ + +--- a/arch/powerpc/sysdev/xive/xive-internal.h ++++ b/arch/powerpc/sysdev/xive/xive-internal.h +@@ -9,6 +9,13 @@ + #ifndef __XIVE_INTERNAL_H + #define __XIVE_INTERNAL_H + ++/* ++ * A "disabled" interrupt should never fire, to catch problems ++ * we set its logical number to this ++ */ ++#define XIVE_BAD_IRQ 0x7fffffff ++#define XIVE_MAX_IRQ (XIVE_BAD_IRQ - 1) ++ + /* Each CPU carry one of these with various per-CPU state */ + struct xive_cpu { + #ifdef CONFIG_SMP diff --git a/queue-4.19/series b/queue-4.19/series index a75c9fea92f..32f2251eb39 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -121,3 +121,8 @@ hfsplus-fix-crash-and-filesystem-corruption-when-deleting-files.patch libata-return-correct-status-in-sata_pmp_eh_recover_pm-when-ata_dflag_detach-is-set.patch ipmi-fix-hung-processes-in-__get_guid.patch xen-blkfront-fix-memory-allocation-flags-in-blkfront_setup_indirect.patch +powerpc-powernv-idle-restore-amr-uamor-amor-after-idle.patch +powerpc-64-tm-don-t-let-userspace-set-regs-trap-via-sigreturn.patch +powerpc-hash64-devmap-use-h_page_thp_huge-when-setting-up-huge-devmap-pte-entries.patch +powerpc-xive-use-xive_bad_irq-instead-of-zero-to-catch-non-configured-ipis.patch +powerpc-kprobes-ignore-traps-that-happened-in-real-mode.patch -- 2.47.3