Merge android11-5.4.180+ (598165f) into msm-5.4
* refs/heads/tmp-598165f:
Revert "arm: extend pfn_valid to take into account freed memory map alignment"
UPSTREAM: usb: gadget: clear related members when goto fail
UPSTREAM: usb: gadget: don't release an existing dev->buf
UPSTREAM: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
UPSTREAM: usb: gadget: rndis: prevent integer overflow in rndis_set_response()
UPSTREAM: fixup for "arm64 entry: Add macro for reading symbol address from the trampoline"
UPSTREAM: arm64: Use the clearbhb instruction in mitigations
UPSTREAM: KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
UPSTREAM: arm64: Mitigate spectre style branch history side channels
UPSTREAM: KVM: arm64: Add templates for BHB mitigation sequences
UPSTREAM: arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2
UPSTREAM: arm64: Add percpu vectors for EL1
UPSTREAM: arm64: entry: Add macro for reading symbol addresses from the trampoline
UPSTREAM: arm64: entry: Add vectors that have the bhb mitigation sequences
UPSTREAM: arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
UPSTREAM: arm64: entry: Allow the trampoline text to occupy multiple pages
UPSTREAM: arm64: entry: Make the kpti trampoline's kpti sequence optional
UPSTREAM: arm64: entry: Move trampoline macros out of ifdef'd section
UPSTREAM: arm64: entry: Don't assume tramp_vectors is the start of the vectors
UPSTREAM: arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
UPSTREAM: arm64: entry: Move the trampoline data page before the text page
UPSTREAM: arm64: entry: Free up another register on kpti's tramp_exit path
UPSTREAM: arm64: entry: Make the trampoline cleanup optional
UPSTREAM: arm64: entry.S: Add ventry overflow sanity checks
UPSTREAM: arm64: Add Cortex-X2 CPU part definition
UPSTREAM: arm64: add ID_AA64ISAR2_EL1 sys register
UPSTREAM: arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
UPSTREAM: arm64: Add part number for Arm Cortex-A77
UPSTREAM: sctp: fix the processing for INIT chunk
ANDROID: dm-bow: Protect Ranges fetched and erased from the RB tree
UPSTREAM: ARM: fix Thumb2 regression with Spectre BHB
UPSTREAM: ARM: Spectre-BHB: provide empty stub for non-config
UPSTREAM: ARM: fix build warning in proc-v7-bugs.c
UPSTREAM: ARM: Do not use NOCROSSREFS directive with ld.lld
UPSTREAM: ARM: fix co-processor register typo
UPSTREAM: ARM: fix build error when BPF_SYSCALL is disabled
UPSTREAM: ARM: include unprivileged BPF status in Spectre V2 reporting
UPSTREAM: ARM: Spectre-BHB workaround
UPSTREAM: ARM: use LOADADDR() to get load address of sections
UPSTREAM: ARM: early traps initialisation
UPSTREAM: ARM: report Spectre v2 status through sysfs
UPSTREAM: arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
UPSTREAM: arm/arm64: Provide a wrapper for SMCCC 1.1 calls
UPSTREAM: x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
UPSTREAM: x86/speculation: Warn about Spectre v2 LFENCE mitigation
UPSTREAM: x86/speculation: Update link to AMD speculation whitepaper
UPSTREAM: x86/speculation: Use generic retpoline by default on AMD
UPSTREAM: x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
UPSTREAM: Documentation/hw-vuln: Update spectre doc
UPSTREAM: x86/speculation: Add eIBRS + Retpoline options
UPSTREAM: x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
UPSTREAM: x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
UPSTREAM: x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
UPSTREAM: bpf: Add kconfig knob for disabling unpriv bpf by default
UPSTREAM: mmc: block: fix read single on recovery logic
Linux 5.4.180
ACPI: PM: s2idle: Cancel wakeup before dispatching EC GPE
perf: Fix list corruption in perf_cgroup_switch()
scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
hwmon: (dell-smm) Speed up setting of fan speed
seccomp: Invalidate seccomp mode to catch death failures
USB: serial: cp210x: add CPI Bulk Coin Recycler id
USB: serial: cp210x: add NCR Retail IO box id
USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
USB: serial: option: add ZTE MF286D modem
USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
usb: gadget: f_uac2: Define specific wTerminalType
usb: gadget: rndis: check size of RNDIS_MSG_SET command
USB: gadget: validate interface OS descriptor requests
usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition
usb: dwc3: gadget: Prevent core from processing stale TRBs
usb: ulpi: Call of_node_put correctly
usb: ulpi: Move of_node_put to ulpi_dev_release
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
eeprom: ee1004: limit i2c reads to I2C_SMBUS_BLOCK_MAX
n_tty: wake up poll(POLLRDNORM) on receiving data
vt_ioctl: add array_index_nospec to VT_ACTIVATE
vt_ioctl: fix array_index_nospec in vt_setactivate
net: amd-xgbe: disable interrupts during pci removal
tipc: rate limit warning for received illegal binding update
net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
veth: fix races around rq->rx_notify_masked
net: fix a memleak when uncloning an skb dst and its metadata
net: do not keep the dst cache when uncloning an skb dst and its metadata
nfp: flower: fix ida_idx not being released
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
bonding: pair enable_port with slave_arr_updates
ixgbevf: Require large buffers for build_skb on 82599VF
misc: fastrpc: avoid double fput() on failed usercopy
usb: f_fs: Fix use-after-free for epfile
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
staging: fbtft: Fix error path in fbtft_driver_module_init()
ARM: dts: meson: Fix the UART compatible strings
perf probe: Fix ppc64 'perf probe add events failed' case
net: bridge: fix stale eth hdr pointer in br_dev_xmit
PM: s2idle: ACPI: Fix wakeup interrupts handling
ACPI/IORT: Check node revision for PMCG resources
nvme-tcp: fix bogus request completion when failing to send AER
ARM: socfpga: fix missing RESET_CONTROLLER
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
riscv: fix build with binutils 2.38
bpf: Add kconfig knob for disabling unpriv bpf by default
KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout()
usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
PM: hibernate: Remove register_nosave_region_late()
scsi: myrs: Fix crash in error case
scsi: qedf: Fix refcount issue when LOGO is received during TMF
scsi: target: iscsi: Make sure the np under each tpg is unique
net: sched: Clarify error message when qdisc kind is unknown
drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer
NFSv4 expose nfs_parse_server_name function
NFSv4 remove zero number of fs_locations entries error check
NFSv4.1: Fix uninitialised variable in devicenotify
nfs: nfs4clinet: check the return value of kstrdup()
NFSv4 only print the label when its queried
nvme: Fix parsing of ANA log page
NFSD: Fix offset type in I/O trace points
NFSD: Clamp WRITE offsets
NFS: Fix initialisation of nfs_client cl_flags field
net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs
net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs
mmc: sdhci-of-esdhc: Check for error num after setting mask
ima: Do not print policy rule with inactive LSM labels
ima: Allow template selection with ima_template[_fmt]= after ima_hash=
ima: Remove ima_policy file before directory
integrity: check the return value of audit_log_start()
Linux 5.4.179
tipc: improve size validations for received domain records
moxart: fix potential use-after-free on remove path
Linux 5.4.178
cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning
ext4: fix error handling in ext4_restore_inline_data()
EDAC/xgene: Fix deferred probing
EDAC/altera: Fix deferred probing
rtc: cmos: Evaluate century appropriate
selftests: futex: Use variable MAKE instead of make
nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
pinctrl: bcm2835: Fix a few error paths
ASoC: max9759: fix underflow in speaker_gain_control_put()
ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name
ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes
ASoC: fsl: Add missing error handling in pcm030_fabric_probe
drm/i915/overlay: Prevent divide by zero bugs in scaling
net: stmmac: ensure PTP time register reads are consistent
net: stmmac: dump gmac4 DMA registers correctly
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
net: ieee802154: Return meaningful error codes from the netlink helpers
net: ieee802154: ca8210: Stop leaking skb's
net: ieee802154: mcr20a: Fix lifs/sifs periods
net: ieee802154: hwsim: Ensure proper channel selection at probe time
spi: meson-spicc: add IRQ check in meson_spicc_probe
spi: mediatek: Avoid NULL pointer crash in interrupt
spi: bcm-qspi: check for valid cs before applying chip select
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping()
RDMA/mlx4: Don't continue event handler after memory allocation failure
RDMA/siw: Fix broken RDMA Read Fence/Resume logic.
IB/rdmavt: Validate remote_addr during loopback atomic tests
memcg: charge fs_context and legacy_fs_context
Revert "ASoC: mediatek: Check for error clk pointer"
block: bio-integrity: Advance seed correctly for larger interval sizes
mm/kmemleak: avoid scanning potential huge holes
drm/nouveau: fix off by one in BIOS boundary checking
btrfs: fix deadlock between quota disable and qgroup rescan worker
ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows
ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset)
ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks
ALSA: hda/realtek: Add quirk for ASUS GU603
ALSA: usb-audio: Simplify quirk entries with a macro
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
audit: improve audit queue handling when "audit=1" on cmdline
Revert "net: fix information leakage in /proc/net/ptype"
Linux 5.4.177
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask()
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
net: sched: fix use-after-free in tc_new_tfilter()
net: amd-xgbe: Fix skb data length underflow
net: amd-xgbe: ensure to reset the tx_timer_active flag
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
cgroup-v1: Require capabilities to set release_agent
psi: Fix uaf issue when psi trigger is destroyed while being polled
PCI: pciehp: Fix infinite loop in IRQ handler upon power fault
Linux 5.4.176
mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip()
block: Fix wrong offset in bio_truncate()
fsnotify: invalidate dcache before IN_DELETE event
dt-bindings: can: tcan4x5x: fix mram-cfg RX FIFO config
ipv4: remove sparse error in ip_neigh_gw4()
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: raw: lock the socket in raw_bind()
net: hns3: handle empty unknown interrupt for VF
yam: fix a memory leak in yam_siocdevprivate()
drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy
ibmvnic: don't spin in tasklet
ibmvnic: init ->running_cap_crqs early
hwmon: (lm90) Mark alert as broken for MAX6654
rxrpc: Adjust retransmission backoff
phylib: fix potential use-after-free
net: phy: broadcom: hook up soft_reset for BCM54616S
netfilter: conntrack: don't increment invalid counter on NF_REPEAT
NFS: Ensure the server has an up to date ctime before renaming
NFS: Ensure the server has an up to date ctime before hardlinking
ipv6: annotate accesses to fn->fn_sernum
drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
drm/msm/dsi: Fix missing put_device() call in dsi_get_phy
drm/msm: Fix wrong size calculation
net-procfs: show net devices bound packet types
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
NFSv4: Handle case where the lookup of a directory fails
hwmon: (lm90) Reduce maximum conversion rate for G781
ipv4: avoid using shared IP generator for connected sockets
ping: fix the sk_bound_dev_if match in ping_lookup
hwmon: (lm90) Mark alert as broken for MAX6680
hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649
net: fix information leakage in /proc/net/ptype
ipv6_tunnel: Rate limit warning messages
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
i40e: fix unsigned stat widths
i40e: Fix queues reservation for XDP
i40e: Fix issue when maximum queues is exceeded
i40e: Increase delay to 1 s after global EMP reset
powerpc/32: Fix boot failure with GCC latent entropy plugin
net: sfp: ignore disabled SFP node
ucsi_ccg: Check DEV_INT bit only when starting CCG4
usb: typec: tcpm: Do not disconnect while receiving VBUS off
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
usb: common: ulpi: Fix crash in ulpi_match()
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
tty: Add support for Brainboxes UC cards.
tty: n_gsm: fix SW flow control encoding/handling
serial: stm32: fix software flow control transfer
serial: 8250: of: Fix mapped region size when using reg-offset property
netfilter: nft_payload: do not update layer 4 checksum when mangling fragments
arm64: errata: Fix exec handling in erratum 1418040 workaround
drm/etnaviv: relax submit size limits
fsnotify: fix fsnotify hooks in pseudo filesystems
tracing: Don't inc err_log entry count if entry allocation fails
tracing/histogram: Fix a potential memory leak for kstrdup()
PM: wakeup: simplify the output logic of pm_show_wakelocks()
udf: Fix NULL ptr deref when converting from inline format
udf: Restore i_lenAlloc when inode expansion fails
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
s390/hypfs: include z/VM guests with access control group set
Bluetooth: refactor malicious adv data check
ANDROID: Fix CRC issue up with xfrm headers in 5.4.174
Linux 5.4.175
drm/vmwgfx: Fix stale file descriptors on failed usercopy
select: Fix indefinitely sleeping task in poll_schedule_timeout()
mmc: sdhci-esdhc-imx: disable CMDQ support
ARM: dts: gpio-ranges property is now required
pinctrl: bcm2835: Change init order for gpio hogs
pinctrl: bcm2835: Add support for wake-up interrupts
pinctrl: bcm2835: Match BCM7211 compatible string
pinctrl: bcm2835: Add support for all GPIOs on BCM2711
pinctrl: bcm2835: Refactor platform data
pinctrl: bcm2835: Drop unused define
rcu: Tighten rcu_advance_cbs_nowake() checks
drm/i915: Flush TLBs before releasing backing store
Linux 5.4.174
Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
mtd: nand: bbt: Fix corner case in bad block table handling
lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
lib82596: Fix IRQ check in sni_82596_probe
scripts/dtc: dtx_diff: remove broken example from help text
dt-bindings: display: meson-vpu: Add missing amlogic,canvas property
dt-bindings: display: meson-dw-hdmi: add missing sound-name-prefix property
net: ethernet: mtk_eth_soc: fix error checking in mtk_mac_config()
bcmgenet: add WOL IRQ check
net_sched: restore "mpu xxx" handling
arm64: dts: qcom: msm8996: drop not documented adreno properties
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Fix concurrency over xfers_list
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Don't start transactions at tx_submit level
perf script: Fix hex dump character output
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
netns: add schedule point in ops_exit_list()
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
rtc: pxa: fix null pointer dereference
net: axienet: increase default TX ring size to 128
net: axienet: fix number of TX ring slots for available check
net: axienet: limit minimum TX ring size
clk: si5341: Fix clock HW provider cleanup
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
f2fs: fix to reserve space for IO align feature
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
ipv4: avoid quadratic behavior in netns dismantle
bpftool: Remove inclusion of utilities.mak from Makefiles
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
powerpc/cell: Fix clang -Wimplicit-fallthrough warning
Revert "net/mlx5: Add retry mechanism to the command entry index allocation"
dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
RDMA/rxe: Fix a typo in opcode name
RDMA/hns: Modify the mapping attribute of doorbell to device
scsi: core: Show SCMD_LAST in text form
Documentation: fix firewire.rst ABI file path error
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
Documentation: ACPI: Fix data node reference documentation
Documentation: dmaengine: Correctly describe dmatest with channel unset
media: rcar-csi2: Optimize the selection PHTW register
firmware: Update Kconfig help text for Google firmware
of: base: Improve argument length mismatch error
drm/radeon: fix error handling in radeon_driver_open_kms
ext4: don't use the orphan list when migrating an inode
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: set csum seed in tmp inode while migrating to extents
ext4: make sure quota gets properly shutdown on error
ext4: make sure to reset inode lockdep class when quota enabling fails
btrfs: respect the max size in the header when activating swap file
btrfs: check the root node for uptodate before returning it
btrfs: fix deadlock between quota enable and other quota operations
xfrm: fix policy lookup for ipv6 gre packets
PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device
PCI: pci-bridge-emul: Correctly set PCIe capabilities
PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space
drm/bridge: analogix_dp: Make PSR-exit block less
drm/nouveau/kms/nv04: use vzalloc for nv04_display
drm/etnaviv: limit submit sizes
s390/mm: fix 2KB pgtable release race
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
tracing/kprobes: 'nmissed' not showed correctly for kretprobe
cputime, cpuacct: Include guest time in user time in cpuacct.stat
serial: Fix incorrect rs485 polarity on uart open
fuse: Pass correct lend value to filemap_write_and_wait_range()
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
crypto: caam - replace this_cpu_ptr with raw_cpu_ptr
crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
crypto: omap-aes - Fix broken pm_runtime_and_get() usage
rpmsg: core: Clean up resources on announce_create failure.
power: bq25890: Enable continuous conversion for ADC at charging
ASoC: mediatek: mt8173: fix device_node leak
scsi: sr: Don't use GFP_DMA
MIPS: Octeon: Fix build errors using clang
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
MIPS: OCTEON: add put_device() after of_find_device_by_node()
powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
ALSA: seq: Set upper limit of processed events
scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup
w1: Misuse of get_user()/put_user() reported by sparse
KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST
powerpc/powermac: Add missing lockdep_register_key()
clk: meson: gxbb: Fix the SDM_EN bit for MPLL0 on GXBB
i2c: mpc: Correct I2C reset procedure
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
i2c: i801: Don't silently correct invalid transfer size
powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
powerpc/btext: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/6xx: add missing of_node_put
parisc: Avoid calling faulthandler_disabled() twice
random: do not throw away excess input to crng_fast_load
serial: core: Keep mctrl register state and cached copy in sync
serial: pl010: Drop CR register reset on set_termios
regulator: qcom_smd: Align probe function with rpmh-regulator
net: gemini: allow any RGMII interface mode
net: phy: marvell: configure RGMII delays for 88E1118
dm space map common: add bounds check to sm_ll_lookup_bitmap()
dm btree: add a defensive bounds check to insert_at()
mac80211: allow non-standard VHT MCS-10/11
net: mdio: Demote probed message to debug print
btrfs: remove BUG_ON(!eie) in find_parent_nodes
btrfs: remove BUG_ON() in find_parent_nodes()
ACPI: battery: Add the ThinkPad "Not Charging" quirk
drm/amdgpu: fixup bad vram size on gmc v8
ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
ACPICA: Fix wrong interpretation of PCC address
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
ACPICA: Utilities: Avoid deleting the same object twice in a row
ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
um: registers: Rename function names to avoid conflicts and build problems
iwlwifi: mvm: Fix calculation of frame length
iwlwifi: remove module loading failure message
iwlwifi: fix leaks/bad data after failed firmware load
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
cpufreq: Fix initialization of min and max frequency QoS requests
arm64: tegra: Adjust length of CCPLEX cluster MMIO region
arm64: dts: ls1028a-qds: move rtc node to the correct i2c bus
audit: ensure userspace is penalized the same as the kernel when under pressure
mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
media: igorplugusb: receiver overflow should be reported
HID: quirks: Allow inverting the absolute X/Y values
bpf: Do not WARN in bpf_warn_invalid_xdp_action()
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
x86/mce: Mark mce_read_aux() noinstr
x86/mce: Mark mce_end() noinstr
x86/mce: Mark mce_panic() noinstr
gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock
net: phy: prefer 1000baseT over 1000baseKX
net-sysfs: update the queue counts in the unregistration path
ath10k: Fix tx hanging
iwlwifi: mvm: synchronize with FW after multicast commands
media: m920x: don't use stack on USB reads
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
x86/mm: Flush global TLB when switching to trampoline page-table
floppy: Add max size check for user space request
usb: uhci: add aspeed ast2600 uhci support
rsi: Fix out-of-bounds read in rsi_read_pkt()
rsi: Fix use-after-free in rsi_rx_done_handler()
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
HSI: core: Fix return freed object in hsi_new_client
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
drm/bridge: megachips: Ensure both bridges are probed before registration
mlxsw: pci: Add shutdown method in PCI driver
EDAC/synopsys: Use the quirk for version instead of ddr version
media: b2c2: Add missing check in flexcop_pci_isr:
HID: apple: Do not reset quirks when the Fn key is not found
drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
usb: gadget: f_fs: Use stream_open() for endpoint files
batman-adv: allow netlink usage in unprivileged containers
ARM: shmobile: rcar-gen2: Add missing of_node_put()
drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y
fs: dlm: filter user dlm messages for kernel locks
Bluetooth: Fix debugfs entry leak in hci_register_dev()
of: base: Fix phandle argument length mismatch error message
RDMA/cxgb4: Set queue pair state when being queried
mips: bcm63xx: add support for clk_set_parent()
mips: lantiq: add support for clk_set_parent()
misc: lattice-ecp3-config: Fix task hung when firmware load failed
ASoC: samsung: idma: Check of ioremap return value
ASoC: mediatek: Check for error clk pointer
phy: uniphier-usb3ss: fix unintended writing zeros to PHY register
iommu/iova: Fix race between FQ timeout and teardown
dmaengine: pxa/mmp: stop referencing config->slave_id
clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell
ASoC: rt5663: Handle device_property_read_u32_array error codes
RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry
RDMA/core: Let ib_find_gid() continue search even after empty entry
powerpc/powermac: Add additional missing lockdep_register_key()
PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity()
scsi: ufs: Fix race conditions related to driver data
iommu/io-pgtable-arm: Fix table descriptor paddr formatting
binder: fix handling of error during copy
char/mwave: Adjust io port register size
ALSA: oss: fix compile error when OSS_DEBUG is enabled
ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
powerpc/prom_init: Fix improper check of prom_getprop()
clk: imx8mn: Fix imx8mn_clko1_sels
RDMA/hns: Validate the pkey index
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ext4: avoid trim error on fs with small groups
net: mcs7830: handle usb read errors properly
pcmcia: fix setting of kthread task states
can: xilinx_can: xcan_probe(): check for error irq
can: softing: softing_startstop(): fix set but not used variable warning
tpm: add request_locality before write TPM_INT_ENABLE
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
net/mlx5: Set command entry semaphore up once got index free
Revert "net/mlx5e: Block offload of outer header csum for UDP tunnels"
net/mlx5e: Don't block routes with nexthop objects in SW
debugfs: lockdown: Allow reading debugfs files that are not world readable
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc
HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init
Bluetooth: hci_bcm: Check for error irq
fsl/fman: Check for null pointer after calling devm_ioremap
staging: greybus: audio: Check null pointer
rocker: fix a sleeping in atomic bug
ppp: ensure minimum packet size in ppp_write()
bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes
x86/mce/inject: Avoid out-of-bounds write when setting flags
bpftool: Enable line buffering for stdout
selinux: fix potential memleak in selinux_add_opt()
mmc: meson-mx-sdio: add IRQ check
ARM: dts: armada-38x: Add generic compatible to UART nodes
usb: ftdi-elan: fix memory leak on device disconnect
ARM: 9159/1: decompressor: Avoid UNPREDICTABLE NOP encoding
xfrm: state and policy should fail if XFRMA_IF_ID 0
xfrm: interface with if_id 0 should return error
media: hantro: Fix probe func error path
drm/bridge: ti-sn65dsi86: Set max register for regmap
drm/msm/dpu: fix safe status debugfs file
media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
media: msi001: fix possible null-ptr-deref in msi001_probe()
media: dw2102: Fix use after free
ARM: dts: gemini: NAS4220-B: fis-index-block with 128 KiB sectors
crypto: stm32/cryp - fix lrw chaining mode
crypto: stm32/cryp - fix double pm exit
crypto: stm32/cryp - fix xts and race condition in crypto_engine requests
xfrm: fix a small bug in xfrm_sa_len()
mwifiex: Fix possible ABBA deadlock
rcu/exp: Mark current CPU as exp-QS in IPI loop second pass
sched/rt: Try to restart rt period timer when rt runtime exceeded
media: si2157: Fix "warm" tuner state detection
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: dib8000: Fix a memleak in dib8000_init()
Bluetooth: btmtksdio: fix resume failure
staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib()
staging: rtl8192e: return error code from rtllib_softmac_init()
floppy: Fix hang in watchdog when disk is ejected
serial: amba-pl011: do not request memory region twice
tty: serial: uartlite: allow 64 bit address
arm64: dts: ti: k3-j721e: Fix the L2 cache sets
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
ACPI: EC: Rework flushing of EC work while suspended to idle
arm64: dts: qcom: msm8916: fix MMC controller aliases
netfilter: bridge: add support for pppoe filtering
media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()'
media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
media: imx-pxp: Initialize the spinlock prior to using it
media: rcar-csi2: Correct the selection of hsfreqrange
tty: serial: atmel: Call dma_async_issue_pending()
tty: serial: atmel: Check return code of dmaengine_submit()
arm64: dts: ti: k3-j721e: correct cache-sets info
crypto: qce - fix uaf on qce_ahash_register_one
media: dmxdev: fix UAF when dvb_register_device() fails
tee: fix put order in teedev_close_context()
Bluetooth: stop proccessing malicious adv data
arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
arm64: dts: meson-gxbb-wetek: fix HDMI in early boot
media: aspeed: Update signal status immediately to ensure sane hw state
media: em28xx: fix memory leak in em28xx_init_dev
media: aspeed: fix mode-detect always time out at 2nd run
media: videobuf2: Fix the size printk format
wcn36xx: Release DMA channel descriptor allocations
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
clk: bcm-2835: Remove rounding up the dividers
clk: bcm-2835: Pick the closest clock rate
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
drm/rockchip: dsi: Fix unbalanced clock on probe error
drm/panel: innolux-p079zca: Delete panel on attach() failure
drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure
drm/rockchip: dsi: Reconfigure hardware on resume()
drm/rockchip: dsi: Hold pm-runtime across bind/unbind
shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages
mm_zone: add function to check if managed dma zone exists
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled()
iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure
lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
can: softing_cs: softingcs_probe(): fix memleak on registration failure
media: stk1160: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: redrat3: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: s2255: fix control-message timeouts
media: cpia2: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: mceusb: fix control-message timeouts
media: flexcop-usb: fix control-message timeouts
media: v4l2-ioctl.c: readbuffers depends on V4L2_CAP_READWRITE
rtc: cmos: take rtc_lock while reading from CMOS
tools/nolibc: fix incorrect truncation of exit code
tools/nolibc: i386: fix initial stack alignment
tools/nolibc: x86-64: Fix startup code bug
x86/gpu: Reserve stolen memory for first integrated Intel GPU
mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
f2fs: fix to do sanity check in is_alive()
HID: wacom: Avoid using stale array indicies to read contact count
HID: wacom: Ignore the confidence flag when a touch is removed
HID: wacom: Reset expected and received contact counts at the same time
HID: uhid: Fix worker destroying device without any protection
Linux 5.4.173
ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN depends on !LD_IS_LLD
mtd: fixup CFI on ixp4xx
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows
KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all
firmware: qemu_fw_cfg: fix kobject leak in probe error path
firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
firmware: qemu_fw_cfg: fix sysfs information leak
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
media: uvcvideo: fix division by zero at stream start
KVM: s390: Clarify SIGP orders versus STOP/RESTART
perf: Protect perf_guest_cbs with RCU
vfs: fs_context: fix up param length parsing in legacy_parse_param
orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
devtmpfs regression fix: reconfigure on each mount
kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
Linux 5.4.172
staging: greybus: fix stack size warning with UBSAN
drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
media: Revert "media: uvcvideo: Set unique vdev name based in type"
random: fix crash on multiple early calls to add_bootloader_randomness()
random: fix data race on crng init time
random: fix data race on crng_node_pool
can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
veth: Do not record rx queue hint in veth_xmit
mmc: sdhci-pci: Add PCI ID for Intel ADL
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
USB: core: Fix bug in resuming hub's handling of wakeup requests
Bluetooth: bfusb: fix division by zero in send path
Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb()
workqueue: Fix unbind_workers() VS wq_worker_running() race
UPSTREAM: x86/pci: Fix the function type for check_reserved_t
Linux 5.4.171
mISDN: change function names to avoid conflicts
atlantic: Fix buff_ring OOB in aq_ring_rx_clean
net: udp: fix alignment problem in udp4_seq_show()
ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
usb: mtu3: fix interval value for intr and isoc
ipv6: Do cleanup if attribute validation fails in multipath route
ipv6: Continue processing multipath route even if gateway attribute is invalid
phonet: refcount leak in pep_sock_accep
rndis_host: support Hytera digital radios
power: reset: ltc2952: Fix use of floating point literals
power: supply: core: Break capacity loop
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
batman-adv: mcast: don't send link-local multicast to mcast routers
lwtunnel: Validate RTA_ENCAP_TYPE attribute length
ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route
ipv6: Check attribute length for RTA_GATEWAY in multipath route
ipv4: Check attribute length for RTA_FLOW in multipath route
ipv4: Check attribute length for RTA_GATEWAY in multipath route
i40e: Fix incorrect netdev's real number of RX/TX queues
i40e: Fix for displaying message regarding NVM version
i40e: fix use-after-free in i40e_sync_filters_subtask()
mac80211: initialize variable have_higher_than_11mbit
RDMA/uverbs: Check for null return of kmalloc_array
RDMA/core: Don't infoleak GRH fields
iavf: Fix limit of total number of queues to active queues of VF
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
tracing: Tag trace_percpu_buffer as a percpu pointer
tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv()
Input: touchscreen - Fix backport of a02dcde595f7cbd240ccd64de96034ad91cffc40
f2fs: quota: fix potential deadlock
Linux 5.4.170
perf script: Fix CPU filtering of a script's switch events
net: fix use-after-free in tw_timer_handler
Input: spaceball - fix parsing of movement data packets
Input: appletouch - initialize work before device registration
scsi: vmw_pvscsi: Set residual data length conditionally
binder: fix async_free_space accounting for empty parcels
usb: mtu3: set interval of FS intr and isoc endpoint
usb: mtu3: fix list_head check warning
usb: mtu3: add memory barrier before set GPD's HWO
usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
uapi: fix linux/nfc.h userspace compilation errors
nfc: uapi: use kernel size_t to fix user-space builds
i2c: validate user data in compat ioctl
fsl/fman: Fix missing put_device() call in fman_port_probe
net/ncsi: check for error return from call to nla_put_u32
selftests/net: udpgso_bench_tx: fix dst ip argument
net/mlx5e: Fix wrong features assignment in case of error
ionic: Initialize the 'lif->dbid_inuse' bitmap
NFC: st21nfca: Fix memory leak in device probe and remove
net: lantiq_xrx200: fix statistics of received bytes
net: usb: pegasus: Do not drop long Ethernet frames
sctp: use call_rcu to free endpoint
selftests: Calculate udpgso segment count without header adjustment
udp: using datalen to cap ipv6 udp max gso segments
net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources
scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
selinux: initialize proto variable in selinux_ip_postroute_compat()
recordmcount.pl: fix typo in s390 mcount regex
memblock: fix memblock_phys_alloc() section mismatch error
platform/x86: apple-gmux: use resource_size() with res
tomoyo: Check exceeded quota early in tomoyo_domain_quota_is_ok().
Input: i8042 - enable deferred probe quirk for ASUS UM325UA
Input: i8042 - add deferred probe support
tee: handle lookup of shm with reference count 0
HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
Linux 5.4.169
phonet/pep: refuse to enable an unbound pipe
hamradio: improve the incomplete fix to avoid NPD
hamradio: defer ax25 kfree after unregister_netdev
ax25: NPD bug when detaching AX25 device
hwmon: (lm90) Do not report 'busy' status bit as alarm
hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681
pinctrl: mediatek: fix global-out-of-bounds issue
mm: mempolicy: fix THP allocations escaping mempolicy restrictions
KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
usb: gadget: u_ether: fix race in setting MAC address in setup phase
f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
tee: optee: Fix incorrect page free bug
ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
mmc: core: Disable card detect during shutdown
mmc: sdhci-tegra: Fix switch to HS400ES mode
pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
parisc: Correct completer in lws start
ipmi: fix initialization when workqueue allocation fails
ipmi: ssif: initialize ssif_info->client early
ipmi: bail out if init_srcu_struct fails
Input: atmel_mxt_ts - fix double free in mxt_read_info_block
ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6
ALSA: drivers: opl3: Fix incorrect use of vp->state
ALSA: jack: Check the return value of kstrdup()
hwmon: (lm90) Drop critical attribute support for MAX6654
hwmon: (lm90) Introduce flag indicating extended temperature support
hwmon: (lm90) Add basic support for TI TMP461
hwmon: (lm90) Add max6654 support to lm90 driver
hwmon: (lm90) Fix usage of CONFIG2 register in detect function
Input: elantech - fix stack out of bound access in elantech_change_report_id()
sfc: falcon: Check null pointer of rx_queue->page_ring
drivers: net: smc911x: Check for error irq
fjes: Check for error irq
bonding: fix ad_actor_system option setting to default
ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
net: skip virtio_net_hdr_set_proto if protocol already set
net: accept UFOv6 packages in virtio_net_hdr_to_skb
qlcnic: potential dereference null pointer of rx_queue->page_ring
netfilter: fix regression in looped (broad|multi)cast's MAC handling
IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
spi: change clk_disable_unprepare to clk_unprepare
arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
HID: holtek: fix mouse probing
serial: 8250_fintek: Fix garbled text for console
net: usb: lan78xx: add Allied Telesis AT29M2-AF
Linux 5.4.168
xen/netback: don't queue unlimited number of packages
xen/netback: fix rx queue stall detection
xen/console: harden hvc_xen against event channel storms
xen/netfront: harden netfront against event channel storms
xen/blkfront: harden blkfront against event channel storms
Revert "xsk: Do not sleep in poll() when need_wakeup set"
net: sched: Fix suspicious RCU usage while accessing tcf_tunnel_info
mac80211: fix regression in SSN handling of addba tx
rcu: Mark accesses to rcu_state.n_force_qs
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
ovl: fix warning in ovl_create_real()
fuse: annotate lock in fuse_reverse_inval_entry()
media: mxl111sf: change mutex_init() location
xsk: Do not sleep in poll() when need_wakeup set
ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
Input: touchscreen - avoid bitwise vs logical OR warning
mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
mac80211: validate extended element ID is present
drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
libata: if T_LENGTH is zero, dma direction should be DMA_NONE
timekeeping: Really make sure wall_to_monotonic isn't positive
USB: serial: option: add Telit FN990 compositions
USB: serial: cp210x: fix CP2105 GPIO registration
usb: xhci: Extend support for runtime power management for AMD's Yellow carp.
PCI/MSI: Mask MSI-X vectors only on success
PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
USB: gadget: bRequestType is a bitfield, not a enum
sit: do not call ipip6_dev_free() from sit_init_net()
net: systemport: Add global locking for descriptor lifecycle
net/smc: Prevent smc_release() from long blocking
net: Fix double 0x prefix print in SKB dump
net/packet: rx_owner_map depends on pg_vec
netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
ixgbe: set X550 MDIO speed before talking to PHY
igbvf: fix double free in `igbvf_probe`
igb: Fix removal of unicast MAC filters of VFs
soc/tegra: fuse: Fix bitwise vs. logical OR warning
rds: memory leak in __rds_conn_create()
flow_offload: return EOPNOTSUPP for the unsupported mpls action type
net: sched: lock action when translating it to flow_action infra
mac80211: fix lookup when adding AddBA extension element
mac80211: accept aggregation sessions on 6 GHz
mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock
mac80211: agg-tx: refactor sending addba
selftest/net/forwarding: declare NETIFS p9 p10
dmaengine: st_fdma: fix MODULE_ALIAS
selftests: Fix IPv6 address bind tests
selftests: Fix raw socket bind tests with VRF
inet_diag: fix kernel-infoleak for UDP sockets
inet_diag: use jiffies_delta_to_msecs()
sch_cake: do not call cake_destroy() from cake_init()
s390/kexec_file: fix error handling when applying relocations
selftests: net: Correct ping6 expected rc from 2 to 1
clk: Don't parent clks until the parent is fully registered
ARM: socfpga: dts: fix qspi node compatible
mac80211: track only QoS data frames for admission control
arm64: dts: rockchip: fix audio-supply for Rock Pi 4
arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply
arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from rk3399-khadas-edge
nfsd: fix use-after-free due to delegation race
iio: adc: stm32: fix a current leak by resetting pcsel before disabling vdda
audit: improve robustness of the audit queue handling
dm btree remove: fix use after free in rebalance_children()
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
virtio_ring: Fix querying of maximum DMA mapping size for virtio device
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
mac80211: send ADDBA requests using the tid/queue of the aggregation session
mac80211: mark TX-during-stop for TX in in_reconfig
KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE
Linux 5.4.167
arm: ioremap: don't abuse pfn_valid() to check if pfn is in RAM
arm: extend pfn_valid to take into account freed memory map alignment
memblock: ensure there is no overflow in memblock_overlaps_region()
memblock: align freed memory map on pageblock boundaries with SPARSEMEM
memblock: free_unused_memmap: use pageblock units instead of MAX_ORDER
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
selinux: fix race condition when computing ocontext SIDs
KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req
tracing: Fix a kmemleak false positive in tracing_map
drm/amd/display: add connector type check for CRC source set
drm/amd/display: Fix for the no Audio bug with Tiled Displays
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
i2c: rk3x: Handle a spurious start completion interrupt flag
parisc/agp: Annotate parisc agp init functions with __init
net/mlx4_en: Update reported link modes for 1/10G
drm/msm/dsi: set default num_data_lanes
nfc: fix segfault in nfc_genl_dump_devices_done
Linux 5.4.166
netfilter: selftest: conntrack_vrf.sh: fix file permission
Linux 5.4.165
bpf: Add selftests to cover packet access corner cases
misc: fastrpc: fix improper packet size calculation
irqchip: nvic: Fix offset for Interrupt Priority Offsets
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
iio: ad7768-1: Call iio_trigger_notify_done() on error
iio: adc: axp20x_adc: fix charging current reporting on AXP22x
iio: at91-sama5d2: Fix incorrect sign extension
iio: dln2: Check return value of devm_iio_trigger_register()
iio: dln2-adc: Fix lockdep complaint
iio: itg3200: Call iio_trigger_notify_done() on error
iio: kxsd9: Don't return error code in trigger handler
iio: ltr501: Don't return error code in trigger handler
iio: mma8452: Fix trigger reference couting
iio: stk3310: Don't return error code in interrupt handler
iio: trigger: stm32-timer: fix MODULE_ALIAS
iio: trigger: Fix reference counting
xhci: avoid race between disable slot command and host runtime suspend
usb: core: config: using bit mask instead of individual bits
xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending
usb: core: config: fix validation of wMaxPacketValue entries
USB: gadget: zero allocate endpoint 0 buffers
USB: gadget: detect too-big endpoint 0 requests
selftests/fib_tests: Rework fib_rp_filter_test()
net/qla3xxx: fix an error code in ql_adapter_up()
net, neigh: clear whole pneigh_entry at alloc time
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net: altera: set a couple error code in probe()
net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
tools build: Remove needless libpython-version feature check that breaks test-all fast path
dt-bindings: net: Reintroduce PHY no lane swap binding
mtd: rawnand: fsmc: Fix timing computation
mtd: rawnand: fsmc: Take instruction delay into account
i40e: Fix pre-set max number of queues for VF
i40e: Fix failed opcode appearing if handling messages from VF
ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
qede: validate non LSO skb length
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
tracefs: Set all files to the same group ownership as the mount option
aio: fix use-after-free due to missing POLLFREE handling
aio: keep poll requests on waitqueue until completed
signalfd: use wake_up_pollfree()
binder: use wake_up_pollfree()
wait: add wake_up_pollfree()
libata: add horkage for ASMedia 1092
x86/sme: Explicitly map new EFI memmap table as encrypted
can: m_can: Disable and ignore ELO interrupt
can: pch_can: pch_can_rx_normal: fix use after free
drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence.
clk: qcom: regmap-mux: fix parent clock lookup
tracefs: Have new files inherit the ownership of their parent
nfsd: Fix nsfd startup race (again)
btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling
btrfs: clear extent buffer uptodate when we fail to write it
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Fix negative period/buffer sizes
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: ctl: Fix copy of updated id with element read/write
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
IB/hfi1: Correct guard on eager buffer deallocation
iavf: Fix reporting when setting descriptor count
iavf: restore MSI state on reset
udp: using datalen to cap max gso segments
seg6: fix the iif in the IPv6 socket control block
nfp: Fix memory leak in nfp_cpp_area_cache_add()
bonding: make tx_rebalance_counter an atomic
ice: ignore dropped packets during init
bpf: Fix the off-by-two error in range markings
vrf: don't run conntrack on vrf with !dflt qdisc
selftests: netfilter: add a vrf+conntrack testcase
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
can: sja1000: fix use after free in ems_pcmcia_add_card()
can: kvaser_pciefd: kvaser_pciefd_rx_error_frame(): increase correct stats->{rx,tx}_errors counter
can: kvaser_usb: get CAN clock frequency from device
HID: check for valid USB device for many HID drivers
HID: wacom: fix problems when device is not a valid USB device
HID: bigbenff: prevent null pointer dereference
HID: add USB_HID dependancy on some USB HID drivers
HID: add USB_HID dependancy to hid-chicony
HID: add USB_HID dependancy to hid-prodikeys
HID: add hid_is_usb() function to make it simpler for USB detection
HID: google: add eel USB id
HID: quirks: Add quirk for the Microsoft Surface 3 type-cover
ntfs: fix ntfs_test_inode and ntfs_init_locked_inode function type
serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
ANDROID: GKI: fix up abi breakage in fib_rules.h
Linux 5.4.164
ipmi: msghandler: Make symbol 'remove_work_wq' static
net/tls: Fix authentication failure in CCM mode
parisc: Mark cr16 CPU clocksource unstable on all SMP machines
iwlwifi: mvm: retry init flow if failed
serial: 8250_pci: rewrite pericom_do_set_divisor()
serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array
serial: core: fix transmit-buffer reset and memleak
serial: pl011: Add ACPI SBSA UART match id
tty: serial: msm_serial: Deactivate RX DMA for polling support
x86/64/mm: Map all kernel memory into trampoline_pgd
x86/tsc: Disable clocksource watchdog for TSC on qualified platorms
x86/tsc: Add a timer to make sure TSC_adjust is always checked
usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
xhci: Fix commad ring abort, write all 64 bits to CRCR register.
vgacon: Propagate console boot parameters before calling `vc_resize'
parisc: Fix "make install" on newer debian releases
parisc: Fix KBUILD_IMAGE for self-extracting kernel
sched/uclamp: Fix rq->uclamp_max not set on first enqueue
KVM: x86/pmu: Fix reserved bits for AMD PerfEvtSeln register
ipv6: fix memory leak in fib6_rule_suppress
drm/msm: Do hw_init() before capturing GPU state
net/smc: Keep smc_close_final rc during active close
net/rds: correct socket tunable error in rds_tcp_tune()
ipv4: convert fib_num_tclassid_users to atomic_t
net: annotate data-races on txq->xmit_lock_owner
net: marvell: mvpp2: Fix the computation of shared CPUs
net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available
rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
selftests: net: Correct case name
net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
siphash: use _unaligned version by default
net: mpls: Fix notifications when deleting a device
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
natsemi: xtensa: fix section mismatch warnings
i2c: cbus-gpio: set atomic transfer callback
i2c: stm32f7: stop dma transfer in case of NACK
i2c: stm32f7: recover the bus on access timeout
i2c: stm32f7: flush TX FIFO upon transfer errors
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
fget: check that the fd still exists after getting a ref to it
s390/pci: move pseudo-MMIO to prevent MIO overlap
cpufreq: Fix get_cpu_device() failure in add_cpu_dev_symlink()
ipmi: Move remove_work to dedicated workqueue
rt2x00: do not mark device gone on EPROTO errors during start
kprobes: Limit max data_size of the kretprobe instances
vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
net/smc: Avoid warning of possible recursive locking
perf report: Fix memory leaks around perf_tip()
perf hist: Fix memory leak of a perf_hpp_fmt
net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
scsi: iscsi: Unblock session then wake up error handler
thermal: core: Reset previous low and high trip during thermal zone init
btrfs: check-integrity: fix a warning on write caching disabled disk
s390/setup: avoid using memblock_enforce_memory_limit
platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
net: return correct error code
atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
net/smc: Transfer remaining wait queue entries during fallback
mac80211: do not access the IV when it was stripped
drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY
gfs2: Fix length of holes reported at end-of-file
can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM
arm64: dts: mcbin: support 2W SFP modules
of: clk: Make <linux/of_clk.h> self-contained
NFSv42: Fix pagecache invalidation after COPY/CLONE
Revert "net: ipv6: add fib6_nh_release_dsts stub"
Revert "net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group"
Revert "mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB"
Linux 5.4.163
tty: hvc: replace BUG_ON() with negative return value
xen/netfront: don't trust the backend response data blindly
xen/netfront: disentangle tx_skb_freelist
xen/netfront: don't read data from request on the ring page
xen/netfront: read response from backend only once
xen/blkfront: don't trust the backend response data blindly
xen/blkfront: don't take local copy of a request from the ring page
xen/blkfront: read response from backend only once
xen: sync include/xen/interface/io/ring.h with Xen's newest version
fuse: release pipe buf after last use
NFC: add NCI_UNREG flag to eliminate the race
shm: extend forced shm destroy to support objects from several IPC nses
s390/mm: validate VMA in PGSTE manipulation functions
tracing: Check pid filtering when creating events
vhost/vsock: fix incorrect used length reported to the guest
smb3: do not error on fsync when readonly
f2fs: set SBI_NEED_FSCK flag when inconsistent node block found
net: mscc: ocelot: correctly report the timestamping RX filters in ethtool
net: mscc: ocelot: don't downgrade timestamping RX filters in SIOCSHWTSTAMP
net: hns3: fix VF RSS failed problem after PF enable multi-TCs
net/smc: Don't call clcsock shutdown twice when smc shutdown
net: vlan: fix underflow for the real_dev refcnt
MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
igb: fix netpoll exit with traffic
nvmet: use IOCB_NOWAIT only if the filesystem supports it
tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
PM: hibernate: use correct mode for swsusp_close()
net/ncsi : Add payload to be 32-bit aligned to fix dropped packets
nvmet-tcp: fix incomplete data digest send
net/smc: Ensure the active closing peer first closes clcsock
scsi: core: sysfs: Fix setting device state to SDEV_RUNNING
net: nexthop: release IPv6 per-cpu dsts when replacing a nexthop group
net: ipv6: add fib6_nh_release_dsts stub
nfp: checking parameter process for rx-usecs/tx-usecs is invalid
ipv6: fix typos in __ip6_finish_output()
iavf: Prevent changing static ITR values if adaptive moderation is on
drm/vc4: fix error code in vc4_create_object()
scsi: mpt3sas: Fix kernel panic during drive powercycle test
ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
NFSv42: Don't fail clone() unless the OP_CLONE operation failed
firmware: arm_scmi: pm: Propagate return value to caller
net: ieee802154: handle iftypes as u32
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
ARM: dts: BCM5301X: Add interrupt properties to GPIO node
ARM: dts: BCM5301X: Fix I2C controller interrupt
netfilter: ipvs: Fix reuse connection if RS weight is 0
proc/vmcore: fix clearing user buffer by properly using clear_user()
arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
pinctrl: armada-37xx: Correct PWM pins definitions
PCI: aardvark: Fix support for PCI_BRIDGE_CTL_BUS_RESET on emulated bridge
PCI: aardvark: Set PCI Bridge Class Code to PCI Bridge
PCI: aardvark: Fix support for bus mastering and PCI_COMMAND on emulated bridge
PCI: aardvark: Fix link training
PCI: aardvark: Simplify initialization of rootcap on virtual bridge
PCI: aardvark: Implement re-issuing config requests on CRS response
PCI: aardvark: Fix PCIe Max Payload Size setting
PCI: aardvark: Configure PCIe resources from 'ranges' DT property
PCI: pci-bridge-emul: Fix array overruns, improve safety
PCI: aardvark: Update comment about disabling link training
PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
PCI: aardvark: Fix compilation on s390
PCI: aardvark: Don't touch PCIe registers if no card connected
PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
PCI: aardvark: Issue PERST via GPIO
PCI: aardvark: Improve link training
PCI: aardvark: Train link immediately after enabling training
PCI: aardvark: Fix big endian support
PCI: aardvark: Wait for endpoint to be ready before training link
PCI: aardvark: Deduplicate code in advk_pcie_rd_conf()
mdio: aspeed: Fix "Link is Down" issue
mmc: sdhci: Fix ADMA for PAGE_SIZE >= 64KiB
tracing: Fix pid filtering when triggers are attached
tracing/uprobe: Fix uprobe_perf_open probes iteration
KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
xen: detect uninitialized xenbus in xenbus_init
xen: don't continue xenstore initialization in case of errors
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
staging/fbtft: Fix backlight
HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
Revert "parisc: Fix backtrace to always include init funtion names"
media: cec: copy sequence field for the reply
ALSA: ctxfi: Fix out-of-range access
binder: fix test regression due to sender_euid change
usb: hub: Fix locking issues with address0_mutex
usb: hub: Fix usb enumeration issue due to address0 race
usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts
net: nexthop: fix null pointer dereference when IPv6 is not enabled
usb: dwc2: hcd_queue: Fix use of floating point literal
usb: dwc2: gadget: Fix ISOC flow for elapsed frames
USB: serial: option: add Fibocom FM101-GL variants
USB: serial: option: add Telit LE910S1 0x9200 composition
Linux 5.4.162
ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign()
ALSA: hda: hdac_ext_stream: fix potential locking issues
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
tlb: mmu_gather: add tlb_flush_*_range APIs
ice: Delete always true check of PF pointer
usb: max-3421: Use driver data instead of maintaining a list of bound devices
ASoC: DAPM: Cover regression by kctl change notification fix
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Reserve needed_*room for fragments
batman-adv: Consider fragmentation for needed_headroom
perf/core: Avoid put_page() when GUP fails
Revert "net: mvpp2: disable force link UP during port init procedure"
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/i915/dp: Ensure sink rate values are always valid
drm/nouveau: use drm_dev_unplug() during device removal
drm/udl: fix control-message timeout
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
parisc/sticon: fix reverse colors
btrfs: fix memory ordering between normal and ordered work functions
udf: Fix crash after seekdir
s390/kexec: fix memory leak of ipl report buffer
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
ipc: WARN if trying to remove ipc object which is absent
hexagon: export raw I/O routines for modules
tun: fix bonding active backup with arp monitoring
arm64: vdso32: suppress error message for 'make mrproper'
s390/kexec: fix return code handling
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
NFC: reorder the logic in nfc_{un,}register_device
drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
NFC: reorganize the functions in nci_request
i40e: Fix display error code in dmesg
i40e: Fix creation of first queue by omitting it if is not power of two
i40e: Fix ping is lost after configuring ADq on VF
i40e: Fix changing previously set num_queue_pairs for PFs
i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix correct max_pkt_size on VF RX queue
net: virtio_net_hdr_to_skb: count transport header in UFO
net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
net: sched: act_mirred: drop dst for the direction from egress to ingress
scsi: core: sysfs: Fix hang when device state is set via sysfs
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
mips: lantiq: add support for clk_get_parent()
mips: bcm63xx: add support for clk_get_parent()
MIPS: generic/yamon-dt: fix uninitialized variable error
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
iavf: validate pointers
iavf: prevent accidental free of filter structure
iavf: Fix failure to exit out from last all-multicast mode
iavf: free q_vectors before queues in iavf_disable_vf
iavf: check for null in iavf_fix_features
net: bnx2x: fix variable dereferenced before check
perf tests: Remove bash construct from record+zstd_comp_decomp.sh
perf bench futex: Fix memory leak of perf_cpu_map__new()
perf bpf: Avoid memory leak from perf_env__insert_btf()
RDMA/netlink: Add __maybe_unused to static inline in C file
tracing/histogram: Do not copy the fixed-size char array field over the field size
tracing: Save normal string variables
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk
clk/ast2600: Fix soc revision for AHB
clk: ingenic: Fix bugs with divided dividers
sh: define __BIG_ENDIAN for math-emu
sh: math-emu: drop unused functions
sh: fix kconfig unmet dependency warning for FRAME_POINTER
f2fs: fix up f2fs_lookup tracepoints
maple: fix wrong return value of maple_bus_init().
sh: check return code of request_irq
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
ALSA: gus: fix null pointer dereference on pointer block
powerpc/5200: dts: fix memory node unit name
iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr()
scsi: target: Fix alua_tg_pt_gps_count tracking
scsi: target: Fix ordered tag handling
MIPS: sni: Fix the build
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
ALSA: ISA: not for M68K
ARM: dts: ls1021a-tsn: use generic "jedec,spi-nor" compatible for flash
ARM: dts: ls1021a: move thermal-zones node out of soc/
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ARM: dts: omap: fix gpmc,mux-add-data type
firmware_loader: fix pre-allocated buf built-in firmware use
scsi: advansys: Fix kernel pointer leak
ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
clk: imx: imx6ul: Move csi_sel mux to correct base register
ASoC: SOF: Intel: hda-dai: fix potential locking issue
arm64: dts: freescale: fix arm,sp805 compatible string
arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency
usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
usb: musb: tusb6010: check return value after calling platform_get_resource()
RDMA/bnxt_re: Check if the vlan is valid before reporting
arm64: dts: hisilicon: fix arm,sp805 compatible string
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
ARM: dts: NSP: Fix mpcore, mmc node names
arm64: zynqmp: Fix serial compatible string
arm64: zynqmp: Do not duplicate flash partition label property
Conflicts:
Documentation/devicetree/bindings
Documentation/devicetree/bindings/display/amlogic,meson-dw-hdmi.yaml
Documentation/devicetree/bindings/display/amlogic,meson-vpu.yaml
Documentation/devicetree/bindings/net/can/tcan4x5x.txt
Documentation/devicetree/bindings/net/ethernet-phy.yaml
Documentation/devicetree/bindings/pinctrl/marvell,armada-37xx-pinctrl.txt
arch/arm64/include/asm/cputype.h
drivers/base/power/wakeup.c
drivers/clk/qcom/common.c
drivers/iommu/io-pgtable-arm.c
drivers/net/macsec.c
drivers/usb/dwc3/gadget.c
drivers/usb/gadget/function/f_fs.c
include/trace/events/f2fs.h
Change-Id: I06d6af403c13b93b319a8bc01db206c619ee96d3
Signed-off-by: Srinivasarao Pathipati <quic_spathi@quicinc.com>
This commit is contained in:
Srinivasarao Pathipati
commit
f01f08906a
@ -90,7 +90,8 @@ Triggers can be set on more than one psi metric and more than one trigger
|
||||
for the same psi metric can be specified. However for each trigger a separate
|
||||
file descriptor is required to be able to poll it separately from others,
|
||||
therefore for each trigger a separate open() syscall should be made even
|
||||
when opening the same psi interface file.
|
||||
when opening the same psi interface file. Write operations to a file descriptor
|
||||
with an already existing psi trigger will fail with EBUSY.
|
||||
|
||||
Monitors activate only when system enters stall state for the monitored
|
||||
psi metric and deactivates upon exit from the stall state. While system is
|
||||
|
||||
@ -60,8 +60,8 @@ privileged data touched during the speculative execution.
|
||||
Spectre variant 1 attacks take advantage of speculative execution of
|
||||
conditional branches, while Spectre variant 2 attacks use speculative
|
||||
execution of indirect branches to leak privileged memory.
|
||||
See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[7] <spec_ref7>`
|
||||
:ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.
|
||||
See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[6] <spec_ref6>`
|
||||
:ref:`[7] <spec_ref7>` :ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.
|
||||
|
||||
Spectre variant 1 (Bounds Check Bypass)
|
||||
---------------------------------------
|
||||
@ -131,6 +131,19 @@ steer its indirect branch speculations to gadget code, and measure the
|
||||
speculative execution's side effects left in level 1 cache to infer the
|
||||
victim's data.
|
||||
|
||||
Yet another variant 2 attack vector is for the attacker to poison the
|
||||
Branch History Buffer (BHB) to speculatively steer an indirect branch
|
||||
to a specific Branch Target Buffer (BTB) entry, even if the entry isn't
|
||||
associated with the source address of the indirect branch. Specifically,
|
||||
the BHB might be shared across privilege levels even in the presence of
|
||||
Enhanced IBRS.
|
||||
|
||||
Currently the only known real-world BHB attack vector is via
|
||||
unprivileged eBPF. Therefore, it's highly recommended to not enable
|
||||
unprivileged eBPF, especially when eIBRS is used (without retpolines).
|
||||
For a full mitigation against BHB attacks, it's recommended to use
|
||||
retpolines (or eIBRS combined with retpolines).
|
||||
|
||||
Attack scenarios
|
||||
----------------
|
||||
|
||||
@ -364,13 +377,15 @@ The possible values in this file are:
|
||||
|
||||
- Kernel status:
|
||||
|
||||
==================================== =================================
|
||||
======================================== =================================
|
||||
'Not affected' The processor is not vulnerable
|
||||
'Vulnerable' Vulnerable, no mitigation
|
||||
'Mitigation: Full generic retpoline' Software-focused mitigation
|
||||
'Mitigation: Full AMD retpoline' AMD-specific software mitigation
|
||||
'Mitigation: None' Vulnerable, no mitigation
|
||||
'Mitigation: Retpolines' Use Retpoline thunks
|
||||
'Mitigation: LFENCE' Use LFENCE instructions
|
||||
'Mitigation: Enhanced IBRS' Hardware-focused mitigation
|
||||
==================================== =================================
|
||||
'Mitigation: Enhanced IBRS + Retpolines' Hardware-focused + Retpolines
|
||||
'Mitigation: Enhanced IBRS + LFENCE' Hardware-focused + LFENCE
|
||||
======================================== =================================
|
||||
|
||||
- Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is
|
||||
used to protect against Spectre variant 2 attacks when calling firmware (x86 only).
|
||||
@ -468,7 +483,7 @@ Spectre variant 2
|
||||
before invoking any firmware code to prevent Spectre variant 2 exploits
|
||||
using the firmware.
|
||||
|
||||
Using kernel address space randomization (CONFIG_RANDOMIZE_SLAB=y
|
||||
Using kernel address space randomization (CONFIG_RANDOMIZE_BASE=y
|
||||
and CONFIG_SLAB_FREELIST_RANDOM=y in the kernel configuration) makes
|
||||
attacks on the kernel generally more difficult.
|
||||
|
||||
@ -584,12 +599,13 @@ kernel command line.
|
||||
|
||||
Specific mitigations can also be selected manually:
|
||||
|
||||
retpoline
|
||||
replace indirect branches
|
||||
retpoline,generic
|
||||
google's original retpoline
|
||||
retpoline,amd
|
||||
AMD-specific minimal thunk
|
||||
retpoline auto pick between generic,lfence
|
||||
retpoline,generic Retpolines
|
||||
retpoline,lfence LFENCE; indirect branch
|
||||
retpoline,amd alias for retpoline,lfence
|
||||
eibrs enhanced IBRS
|
||||
eibrs,retpoline enhanced IBRS + Retpolines
|
||||
eibrs,lfence enhanced IBRS + LFENCE
|
||||
|
||||
Not specifying this option is equivalent to
|
||||
spectre_v2=auto.
|
||||
@ -730,7 +746,7 @@ AMD white papers:
|
||||
|
||||
.. _spec_ref6:
|
||||
|
||||
[6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf>`_.
|
||||
[6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/Managing-Speculation-on-AMD-Processors.pdf>`_.
|
||||
|
||||
ARM white papers:
|
||||
|
||||
|
||||
@ -1496,6 +1496,8 @@
|
||||
architectures force reset to be always executed
|
||||
i8042.unlock [HW] Unlock (ignore) the keylock
|
||||
i8042.kbdreset [HW] Reset device connected to KBD port
|
||||
i8042.probe_defer
|
||||
[HW] Allow deferred probing upon i8042 probe errors
|
||||
|
||||
i810= [HW,DRM]
|
||||
|
||||
@ -2121,8 +2123,12 @@
|
||||
Default is 1 (enabled)
|
||||
|
||||
kvm-intel.emulate_invalid_guest_state=
|
||||
[KVM,Intel] Enable emulation of invalid guest states
|
||||
Default is 0 (disabled)
|
||||
[KVM,Intel] Disable emulation of invalid guest state.
|
||||
Ignored if kvm-intel.enable_unrestricted_guest=1, as
|
||||
guest state is never invalid for unrestricted guests.
|
||||
This param doesn't apply to nested guests (L2), as KVM
|
||||
never emulates invalid L2 guest state.
|
||||
Default is 1 (enabled)
|
||||
|
||||
kvm-intel.flexpriority=
|
||||
[KVM,Intel] Disable FlexPriority feature (TPR shadow).
|
||||
@ -4502,8 +4508,12 @@
|
||||
Specific mitigations can also be selected manually:
|
||||
|
||||
retpoline - replace indirect branches
|
||||
retpoline,generic - google's original retpoline
|
||||
retpoline,amd - AMD-specific minimal thunk
|
||||
retpoline,generic - Retpolines
|
||||
retpoline,lfence - LFENCE; indirect branch
|
||||
retpoline,amd - alias for retpoline,lfence
|
||||
eibrs - enhanced IBRS
|
||||
eibrs,retpoline - enhanced IBRS + Retpolines
|
||||
eibrs,lfence - enhanced IBRS + LFENCE
|
||||
|
||||
Not specifying this option is equivalent to
|
||||
spectre_v2=auto.
|
||||
|
||||
@ -1125,6 +1125,27 @@ NMI switch that most IA32 servers have fires unknown NMI up, for
|
||||
example. If a system hangs up, try pressing the NMI switch.
|
||||
|
||||
|
||||
unprivileged_bpf_disabled:
|
||||
==========================
|
||||
|
||||
Writing 1 to this entry will disable unprivileged calls to ``bpf()``;
|
||||
once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` will return
|
||||
``-EPERM``. Once set to 1, this can't be cleared from the running kernel
|
||||
anymore.
|
||||
|
||||
Writing 2 to this entry will also disable unprivileged calls to ``bpf()``,
|
||||
however, an admin can still change this setting later on, if needed, by
|
||||
writing 0 or 1 to this entry.
|
||||
|
||||
If ``BPF_UNPRIV_DEFAULT_OFF`` is enabled in the kernel config, then this
|
||||
entry will default to 2 instead of 0.
|
||||
|
||||
= =============================================================
|
||||
0 Unprivileged calls to ``bpf()`` are enabled
|
||||
1 Unprivileged calls to ``bpf()`` are disabled without recovery
|
||||
2 Unprivileged calls to ``bpf()`` are disabled
|
||||
= =============================================================
|
||||
|
||||
watchdog:
|
||||
=========
|
||||
|
||||
|
||||
@ -143,13 +143,14 @@ Part 5 - Handling channel allocation
|
||||
Allocating Channels
|
||||
-------------------
|
||||
|
||||
Channels are required to be configured prior to starting the test run.
|
||||
Attempting to run the test without configuring the channels will fail.
|
||||
Channels do not need to be configured prior to starting a test run. Attempting
|
||||
to run the test without configuring the channels will result in testing any
|
||||
channels that are available.
|
||||
|
||||
Example::
|
||||
|
||||
% echo 1 > /sys/module/dmatest/parameters/run
|
||||
dmatest: Could not start test, no channels configured
|
||||
dmatest: No channels configured, continue with any
|
||||
|
||||
Channels are registered using the "channel" parameter. Channels can be requested by their
|
||||
name, once requested, the channel is registered and a pending thread is added to the test list.
|
||||
|
||||
@ -19,7 +19,7 @@ of kernel interfaces is available via exported symbols in `firewire-core` module
|
||||
Firewire char device data structures
|
||||
====================================
|
||||
|
||||
.. include:: /ABI/stable/firewire-cdev
|
||||
.. include:: ../ABI/stable/firewire-cdev
|
||||
:literal:
|
||||
|
||||
.. kernel-doc:: include/uapi/linux/firewire-cdev.h
|
||||
@ -28,7 +28,7 @@ Firewire char device data structures
|
||||
Firewire device probing and sysfs interfaces
|
||||
============================================
|
||||
|
||||
.. include:: /ABI/stable/sysfs-bus-firewire
|
||||
.. include:: ../ABI/stable/sysfs-bus-firewire
|
||||
:literal:
|
||||
|
||||
.. kernel-doc:: drivers/firewire/core-device.c
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
Referencing hierarchical data nodes
|
||||
===================================
|
||||
|
||||
:Copyright: |copy| 2018 Intel Corporation
|
||||
:Copyright: |copy| 2018, 2021 Intel Corporation
|
||||
:Author: Sakari Ailus <sakari.ailus@linux.intel.com>
|
||||
|
||||
ACPI in general allows referring to device objects in the tree only.
|
||||
@ -52,12 +52,14 @@ the ANOD object which is also the final target node of the reference.
|
||||
Name (NOD0, Package() {
|
||||
ToUUID("daffd814-6eba-4d8c-8a91-bc9bbf4aa301"),
|
||||
Package () {
|
||||
Package () { "reg", 0 },
|
||||
Package () { "random-property", 3 },
|
||||
}
|
||||
})
|
||||
Name (NOD1, Package() {
|
||||
ToUUID("dbb8e3e6-5886-4ba6-8795-1319f52a966b"),
|
||||
Package () {
|
||||
Package () { "reg", 1 },
|
||||
Package () { "anothernode", "ANOD" },
|
||||
}
|
||||
})
|
||||
@ -74,7 +76,11 @@ the ANOD object which is also the final target node of the reference.
|
||||
Name (_DSD, Package () {
|
||||
ToUUID("daffd814-6eba-4d8c-8a91-bc9bbf4aa301"),
|
||||
Package () {
|
||||
Package () { "reference", ^DEV0, "node@1", "anothernode" },
|
||||
Package () {
|
||||
"reference", Package () {
|
||||
^DEV0, "node@1", "anothernode"
|
||||
}
|
||||
},
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
@ -123,6 +123,18 @@ Supported chips:
|
||||
|
||||
http://www.maxim-ic.com/quick_view2.cfm/qv_pk/3497
|
||||
|
||||
* Maxim MAX6654
|
||||
|
||||
Prefix: 'max6654'
|
||||
|
||||
Addresses scanned: I2C 0x18, 0x19, 0x1a, 0x29, 0x2a, 0x2b,
|
||||
|
||||
0x4c, 0x4d and 0x4e
|
||||
|
||||
Datasheet: Publicly available at the Maxim website
|
||||
|
||||
https://www.maximintegrated.com/en/products/sensors/MAX6654.html
|
||||
|
||||
* Maxim MAX6657
|
||||
|
||||
Prefix: 'max6657'
|
||||
@ -253,6 +265,16 @@ Supported chips:
|
||||
|
||||
http://www.ti.com/litv/pdf/sbos686
|
||||
|
||||
* Texas Instruments TMP461
|
||||
|
||||
Prefix: 'tmp461'
|
||||
|
||||
Addresses scanned: I2C 0x48 through 0x4F
|
||||
|
||||
Datasheet: Publicly available at TI website
|
||||
|
||||
https://www.ti.com/lit/gpn/tmp461
|
||||
|
||||
Author: Jean Delvare <jdelvare@suse.de>
|
||||
|
||||
|
||||
@ -301,6 +323,13 @@ ADT7461, ADT7461A, NCT1008:
|
||||
* Extended temperature range (breaks compatibility)
|
||||
* Lower resolution for remote temperature
|
||||
|
||||
MAX6654:
|
||||
* Better local resolution
|
||||
* Selectable address
|
||||
* Remote sensor type selection
|
||||
* Extended temperature range
|
||||
* Extended resolution only available when conversion rate <= 1 Hz
|
||||
|
||||
MAX6657 and MAX6658:
|
||||
* Better local resolution
|
||||
* Remote sensor type selection
|
||||
@ -336,8 +365,8 @@ SA56004X:
|
||||
|
||||
All temperature values are given in degrees Celsius. Resolution
|
||||
is 1.0 degree for the local temperature, 0.125 degree for the remote
|
||||
temperature, except for the MAX6657, MAX6658 and MAX6659 which have a
|
||||
resolution of 0.125 degree for both temperatures.
|
||||
temperature, except for the MAX6654, MAX6657, MAX6658 and MAX6659 which have
|
||||
a resolution of 0.125 degree for both temperatures.
|
||||
|
||||
Each sensor has its own high and low limits, plus a critical limit.
|
||||
Additionally, there is a relative hysteresis value common to both critical
|
||||
|
||||
@ -191,11 +191,12 @@ ad_actor_sys_prio
|
||||
ad_actor_system
|
||||
|
||||
In an AD system, this specifies the mac-address for the actor in
|
||||
protocol packet exchanges (LACPDUs). The value cannot be NULL or
|
||||
multicast. It is preferred to have the local-admin bit set for this
|
||||
mac but driver does not enforce it. If the value is not given then
|
||||
system defaults to using the masters' mac address as actors' system
|
||||
address.
|
||||
protocol packet exchanges (LACPDUs). The value cannot be a multicast
|
||||
address. If the all-zeroes MAC is specified, bonding will internally
|
||||
use the MAC of the bond itself. It is preferred to have the
|
||||
local-admin bit set for this mac but driver does not enforce it. If
|
||||
the value is not given then system defaults to using the masters'
|
||||
mac address as actors' system address.
|
||||
|
||||
This parameter has effect only in 802.3ad mode and is available through
|
||||
SysFs interface.
|
||||
|
||||
@ -30,8 +30,7 @@ conn_reuse_mode - INTEGER
|
||||
|
||||
0: disable any special handling on port reuse. The new
|
||||
connection will be delivered to the same real server that was
|
||||
servicing the previous connection. This will effectively
|
||||
disable expire_nodest_conn.
|
||||
servicing the previous connection.
|
||||
|
||||
bit 1: enable rescheduling of new connections when it is safe.
|
||||
That is, whenever expire_nodest_conn and for TCP sockets, when
|
||||
|
||||
4
Makefile
4
Makefile
@ -1,7 +1,7 @@
|
||||
# SPDX-License-Identifier: GPL-2.0
|
||||
VERSION = 5
|
||||
PATCHLEVEL = 4
|
||||
SUBLEVEL = 161
|
||||
SUBLEVEL = 180
|
||||
EXTRAVERSION =
|
||||
NAME = Kleptomaniac Octopus
|
||||
|
||||
@ -1111,7 +1111,7 @@ HOST_LIBELF_LIBS = $(shell pkg-config libelf --libs 2>/dev/null || echo -lelf)
|
||||
|
||||
ifdef CONFIG_STACK_VALIDATION
|
||||
has_libelf := $(call try-run,\
|
||||
echo "int main() {}" | $(HOSTCC) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0)
|
||||
echo "int main() {}" | $(HOSTCC) $(KBUILD_HOSTLDFLAGS) -xc -o /dev/null $(HOST_LIBELF_LIBS) -,1,0)
|
||||
ifeq ($(has_libelf),1)
|
||||
objtool_target := tools/objtool FORCE
|
||||
else
|
||||
|
||||
@ -1 +1 @@
|
||||
LTS_5.4.161_5d7a491ae4a7
|
||||
LTS_5.4.180_598165f1e48a
|
||||
|
||||
165238
android/abi_gki_aarch64.xml
165238
android/abi_gki_aarch64.xml
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -9,16 +9,22 @@
|
||||
#include <linux/sizes.h>
|
||||
|
||||
.macro __nop
|
||||
#ifdef CONFIG_EFI_STUB
|
||||
@ This is almost but not quite a NOP, since it does clobber the
|
||||
@ condition flags. But it is the best we can do for EFI, since
|
||||
@ PE/COFF expects the magic string "MZ" at offset 0, while the
|
||||
@ ARM/Linux boot protocol expects an executable instruction
|
||||
@ there.
|
||||
.inst MZ_MAGIC | (0x1310 << 16) @ tstne r0, #0x4d000
|
||||
#else
|
||||
AR_CLASS( mov r0, r0 )
|
||||
M_CLASS( nop.w )
|
||||
.endm
|
||||
|
||||
.macro __initial_nops
|
||||
#ifdef CONFIG_EFI_STUB
|
||||
@ This is a two-instruction NOP, which happens to bear the
|
||||
@ PE/COFF signature "MZ" in the first two bytes, so the kernel
|
||||
@ is accepted as an EFI binary. Booting via the UEFI stub
|
||||
@ will not execute those instructions, but the ARM/Linux
|
||||
@ boot protocol does, so we need some NOPs here.
|
||||
.inst MZ_MAGIC | (0xe225 << 16) @ eor r5, r5, 0x4d000
|
||||
eor r5, r5, 0x4d000 @ undo previous insn
|
||||
#else
|
||||
__nop
|
||||
__nop
|
||||
#endif
|
||||
.endm
|
||||
|
||||
|
||||
@ -165,7 +165,8 @@ start:
|
||||
* were patching the initial instructions of the kernel, i.e
|
||||
* had started to exploit this "patch area".
|
||||
*/
|
||||
.rept 7
|
||||
__initial_nops
|
||||
.rept 5
|
||||
__nop
|
||||
.endr
|
||||
#ifndef CONFIG_THUMB2_KERNEL
|
||||
|
||||
@ -165,7 +165,7 @@
|
||||
};
|
||||
|
||||
uart0: serial@12000 {
|
||||
compatible = "marvell,armada-38x-uart";
|
||||
compatible = "marvell,armada-38x-uart", "ns16550a";
|
||||
reg = <0x12000 0x100>;
|
||||
reg-shift = <2>;
|
||||
interrupts = <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>;
|
||||
@ -175,7 +175,7 @@
|
||||
};
|
||||
|
||||
uart1: serial@12100 {
|
||||
compatible = "marvell,armada-38x-uart";
|
||||
compatible = "marvell,armada-38x-uart", "ns16550a";
|
||||
reg = <0x12100 0x100>;
|
||||
reg-shift = <2>;
|
||||
interrupts = <GIC_SPI 13 IRQ_TYPE_LEVEL_HIGH>;
|
||||
|
||||
@ -77,7 +77,7 @@
|
||||
interrupt-affinity = <&cpu0>, <&cpu1>;
|
||||
};
|
||||
|
||||
mpcore@19000000 {
|
||||
mpcore-bus@19000000 {
|
||||
compatible = "simple-bus";
|
||||
ranges = <0x00000000 0x19000000 0x00023000>;
|
||||
#address-cells = <1>;
|
||||
@ -217,7 +217,7 @@
|
||||
#dma-cells = <1>;
|
||||
};
|
||||
|
||||
sdio: sdhci@21000 {
|
||||
sdio: mmc@21000 {
|
||||
compatible = "brcm,sdhci-iproc-cygnus";
|
||||
reg = <0x21000 0x100>;
|
||||
interrupts = <GIC_SPI 145 IRQ_TYPE_LEVEL_HIGH>;
|
||||
|
||||
@ -183,6 +183,7 @@
|
||||
|
||||
interrupt-controller;
|
||||
#interrupt-cells = <2>;
|
||||
gpio-ranges = <&gpio 0 0 54>;
|
||||
|
||||
/* Defines pin muxing groups according to
|
||||
* BCM2835-ARM-Peripherals.pdf page 102.
|
||||
|
||||
@ -242,6 +242,8 @@
|
||||
|
||||
gpio-controller;
|
||||
#gpio-cells = <2>;
|
||||
interrupt-controller;
|
||||
#interrupt-cells = <2>;
|
||||
};
|
||||
|
||||
pcie0: pcie@12000 {
|
||||
@ -387,7 +389,7 @@
|
||||
i2c0: i2c@18009000 {
|
||||
compatible = "brcm,iproc-i2c";
|
||||
reg = <0x18009000 0x50>;
|
||||
interrupts = <GIC_SPI 121 IRQ_TYPE_LEVEL_HIGH>;
|
||||
interrupts = <GIC_SPI 89 IRQ_TYPE_LEVEL_HIGH>;
|
||||
#address-cells = <1>;
|
||||
#size-cells = <0>;
|
||||
clock-frequency = <100000>;
|
||||
|
||||
@ -84,7 +84,7 @@
|
||||
partitions {
|
||||
compatible = "redboot-fis";
|
||||
/* Eraseblock at 0xfe0000 */
|
||||
fis-index-block = <0x1fc>;
|
||||
fis-index-block = <0x7f>;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@ -79,7 +79,6 @@
|
||||
MX23_PAD_LCD_RESET__GPIO_1_18
|
||||
MX23_PAD_PWM3__GPIO_1_29
|
||||
MX23_PAD_PWM4__GPIO_1_30
|
||||
MX23_PAD_SSP1_DETECT__SSP1_DETECT
|
||||
>;
|
||||
fsl,drive-strength = <MXS_DRIVE_4mA>;
|
||||
fsl,voltage = <MXS_VOLTAGE_HIGH>;
|
||||
|
||||
@ -5,6 +5,8 @@
|
||||
* Author: Fabio Estevam <fabio.estevam@freescale.com>
|
||||
*/
|
||||
|
||||
#include <dt-bindings/gpio/gpio.h>
|
||||
|
||||
/ {
|
||||
aliases {
|
||||
backlight = &backlight;
|
||||
@ -218,6 +220,7 @@
|
||||
MX6QDL_PAD_SD3_DAT1__SD3_DATA1 0x17059
|
||||
MX6QDL_PAD_SD3_DAT2__SD3_DATA2 0x17059
|
||||
MX6QDL_PAD_SD3_DAT3__SD3_DATA3 0x17059
|
||||
MX6QDL_PAD_SD3_DAT5__GPIO7_IO00 0x1b0b0
|
||||
>;
|
||||
};
|
||||
|
||||
@ -290,7 +293,7 @@
|
||||
&usdhc3 {
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&pinctrl_usdhc3>;
|
||||
non-removable;
|
||||
cd-gpios = <&gpio7 0 GPIO_ACTIVE_LOW>;
|
||||
status = "okay";
|
||||
};
|
||||
|
||||
|
||||
@ -82,6 +82,6 @@
|
||||
#define MX6ULL_PAD_CSI_DATA04__ESAI_TX_FS 0x01F4 0x0480 0x0000 0x9 0x0
|
||||
#define MX6ULL_PAD_CSI_DATA05__ESAI_TX_CLK 0x01F8 0x0484 0x0000 0x9 0x0
|
||||
#define MX6ULL_PAD_CSI_DATA06__ESAI_TX5_RX0 0x01FC 0x0488 0x0000 0x9 0x0
|
||||
#define MX6ULL_PAD_CSI_DATA07__ESAI_T0 0x0200 0x048C 0x0000 0x9 0x0
|
||||
#define MX6ULL_PAD_CSI_DATA07__ESAI_TX0 0x0200 0x048C 0x0000 0x9 0x0
|
||||
|
||||
#endif /* __DTS_IMX6ULL_PINFUNC_H */
|
||||
|
||||
@ -247,7 +247,7 @@
|
||||
|
||||
flash@0 {
|
||||
/* Rev. A uses 64MB flash, Rev. B & C use 32MB flash */
|
||||
compatible = "jedec,spi-nor", "s25fl256s1", "s25fl512s";
|
||||
compatible = "jedec,spi-nor";
|
||||
spi-max-frequency = <20000000>;
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
|
||||
@ -311,39 +311,6 @@
|
||||
#thermal-sensor-cells = <1>;
|
||||
};
|
||||
|
||||
thermal-zones {
|
||||
cpu_thermal: cpu-thermal {
|
||||
polling-delay-passive = <1000>;
|
||||
polling-delay = <5000>;
|
||||
|
||||
thermal-sensors = <&tmu 0>;
|
||||
|
||||
trips {
|
||||
cpu_alert: cpu-alert {
|
||||
temperature = <85000>;
|
||||
hysteresis = <2000>;
|
||||
type = "passive";
|
||||
};
|
||||
cpu_crit: cpu-crit {
|
||||
temperature = <95000>;
|
||||
hysteresis = <2000>;
|
||||
type = "critical";
|
||||
};
|
||||
};
|
||||
|
||||
cooling-maps {
|
||||
map0 {
|
||||
trip = <&cpu_alert>;
|
||||
cooling-device =
|
||||
<&cpu0 THERMAL_NO_LIMIT
|
||||
THERMAL_NO_LIMIT>,
|
||||
<&cpu1 THERMAL_NO_LIMIT
|
||||
THERMAL_NO_LIMIT>;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
dspi0: spi@2100000 {
|
||||
compatible = "fsl,ls1021a-v1.0-dspi";
|
||||
#address-cells = <1>;
|
||||
@ -984,4 +951,37 @@
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
thermal-zones {
|
||||
cpu_thermal: cpu-thermal {
|
||||
polling-delay-passive = <1000>;
|
||||
polling-delay = <5000>;
|
||||
|
||||
thermal-sensors = <&tmu 0>;
|
||||
|
||||
trips {
|
||||
cpu_alert: cpu-alert {
|
||||
temperature = <85000>;
|
||||
hysteresis = <2000>;
|
||||
type = "passive";
|
||||
};
|
||||
cpu_crit: cpu-crit {
|
||||
temperature = <95000>;
|
||||
hysteresis = <2000>;
|
||||
type = "critical";
|
||||
};
|
||||
};
|
||||
|
||||
cooling-maps {
|
||||
map0 {
|
||||
trip = <&cpu_alert>;
|
||||
cooling-device =
|
||||
<&cpu0 THERMAL_NO_LIMIT
|
||||
THERMAL_NO_LIMIT>,
|
||||
<&cpu1 THERMAL_NO_LIMIT
|
||||
THERMAL_NO_LIMIT>;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -49,14 +49,14 @@
|
||||
};
|
||||
|
||||
uart_A: serial@84c0 {
|
||||
compatible = "amlogic,meson6-uart", "amlogic,meson-uart";
|
||||
compatible = "amlogic,meson6-uart";
|
||||
reg = <0x84c0 0x18>;
|
||||
interrupts = <GIC_SPI 26 IRQ_TYPE_EDGE_RISING>;
|
||||
status = "disabled";
|
||||
};
|
||||
|
||||
uart_B: serial@84dc {
|
||||
compatible = "amlogic,meson6-uart", "amlogic,meson-uart";
|
||||
compatible = "amlogic,meson6-uart";
|
||||
reg = <0x84dc 0x18>;
|
||||
interrupts = <GIC_SPI 75 IRQ_TYPE_EDGE_RISING>;
|
||||
status = "disabled";
|
||||
@ -94,7 +94,7 @@
|
||||
};
|
||||
|
||||
uart_C: serial@8700 {
|
||||
compatible = "amlogic,meson6-uart", "amlogic,meson-uart";
|
||||
compatible = "amlogic,meson6-uart";
|
||||
reg = <0x8700 0x18>;
|
||||
interrupts = <GIC_SPI 93 IRQ_TYPE_EDGE_RISING>;
|
||||
status = "disabled";
|
||||
@ -196,7 +196,7 @@
|
||||
};
|
||||
|
||||
uart_AO: serial@4c0 {
|
||||
compatible = "amlogic,meson6-uart", "amlogic,meson-ao-uart", "amlogic,meson-uart";
|
||||
compatible = "amlogic,meson6-uart", "amlogic,meson-ao-uart";
|
||||
reg = <0x4c0 0x18>;
|
||||
interrupts = <GIC_SPI 90 IRQ_TYPE_EDGE_RISING>;
|
||||
status = "disabled";
|
||||
|
||||
@ -29,7 +29,7 @@
|
||||
compatible = "smsc,lan9221","smsc,lan9115";
|
||||
bank-width = <2>;
|
||||
|
||||
gpmc,mux-add-data;
|
||||
gpmc,mux-add-data = <0>;
|
||||
gpmc,cs-on-ns = <0>;
|
||||
gpmc,cs-rd-off-ns = <42>;
|
||||
gpmc,cs-wr-off-ns = <36>;
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
compatible = "smsc,lan9221","smsc,lan9115";
|
||||
bank-width = <2>;
|
||||
|
||||
gpmc,mux-add-data;
|
||||
gpmc,mux-add-data = <0>;
|
||||
gpmc,cs-on-ns = <0>;
|
||||
gpmc,cs-rd-off-ns = <42>;
|
||||
gpmc,cs-wr-off-ns = <36>;
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
flash0: n25q00@0 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "n25q00aa";
|
||||
compatible = "micron,mt25qu02g", "jedec,spi-nor";
|
||||
reg = <0>;
|
||||
spi-max-frequency = <100000000>;
|
||||
|
||||
|
||||
@ -119,7 +119,7 @@
|
||||
flash: flash@0 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "n25q256a";
|
||||
compatible = "micron,n25q256a", "jedec,spi-nor";
|
||||
reg = <0>;
|
||||
spi-max-frequency = <100000000>;
|
||||
|
||||
|
||||
@ -124,7 +124,7 @@
|
||||
flash0: n25q00@0 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "n25q00";
|
||||
compatible = "micron,mt25qu02g", "jedec,spi-nor";
|
||||
reg = <0>; /* chip select */
|
||||
spi-max-frequency = <100000000>;
|
||||
|
||||
|
||||
@ -169,7 +169,7 @@
|
||||
flash: flash@0 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "n25q00";
|
||||
compatible = "micron,mt25qu02g", "jedec,spi-nor";
|
||||
reg = <0>;
|
||||
spi-max-frequency = <100000000>;
|
||||
|
||||
|
||||
@ -80,7 +80,7 @@
|
||||
flash: flash@0 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "n25q256a";
|
||||
compatible = "micron,n25q256a", "jedec,spi-nor";
|
||||
reg = <0>;
|
||||
spi-max-frequency = <100000000>;
|
||||
m25p,fast-read;
|
||||
|
||||
@ -116,7 +116,7 @@
|
||||
flash0: n25q512a@0 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "n25q512a";
|
||||
compatible = "micron,n25q512a", "jedec,spi-nor";
|
||||
reg = <0>;
|
||||
spi-max-frequency = <100000000>;
|
||||
|
||||
|
||||
@ -224,7 +224,7 @@
|
||||
n25q128@0 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "n25q128";
|
||||
compatible = "micron,n25q128", "jedec,spi-nor";
|
||||
reg = <0>; /* chip select */
|
||||
spi-max-frequency = <100000000>;
|
||||
m25p,fast-read;
|
||||
@ -241,7 +241,7 @@
|
||||
n25q00@1 {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <1>;
|
||||
compatible = "n25q00";
|
||||
compatible = "micron,mt25qu02g", "jedec,spi-nor";
|
||||
reg = <1>; /* chip select */
|
||||
spi-max-frequency = <100000000>;
|
||||
m25p,fast-read;
|
||||
|
||||
@ -107,6 +107,16 @@
|
||||
.endm
|
||||
#endif
|
||||
|
||||
#if __LINUX_ARM_ARCH__ < 7
|
||||
.macro dsb, args
|
||||
mcr p15, 0, r0, c7, c10, 4
|
||||
.endm
|
||||
|
||||
.macro isb, args
|
||||
mcr p15, 0, r0, c7, c5, 4
|
||||
.endm
|
||||
#endif
|
||||
|
||||
.macro asm_trace_hardirqs_off, save=1
|
||||
#if defined(CONFIG_TRACE_IRQFLAGS)
|
||||
.if \save
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
#include <asm/kvm_asm.h>
|
||||
#include <asm/kvm_mmio.h>
|
||||
#include <asm/fpstate.h>
|
||||
#include <asm/spectre.h>
|
||||
#include <kvm/arm_arch_timer.h>
|
||||
|
||||
#define __KVM_HAVE_ARCH_INTC_INITIALIZED
|
||||
@ -424,4 +425,10 @@ static inline bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu)
|
||||
|
||||
#define kvm_arm_vcpu_loaded(vcpu) (false)
|
||||
|
||||
static inline int kvm_arm_get_spectre_bhb_state(void)
|
||||
{
|
||||
/* 32bit guests don't need firmware for this */
|
||||
return SPECTRE_VULNERABLE; /* aka SMCCC_RET_NOT_SUPPORTED */
|
||||
}
|
||||
|
||||
#endif /* __ARM_KVM_HOST_H__ */
|
||||
|
||||
38
arch/arm/include/asm/spectre.h
Normal file
38
arch/arm/include/asm/spectre.h
Normal file
@ -0,0 +1,38 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0-only */
|
||||
|
||||
#ifndef __ASM_SPECTRE_H
|
||||
#define __ASM_SPECTRE_H
|
||||
|
||||
enum {
|
||||
SPECTRE_UNAFFECTED,
|
||||
SPECTRE_MITIGATED,
|
||||
SPECTRE_VULNERABLE,
|
||||
};
|
||||
|
||||
enum {
|
||||
__SPECTRE_V2_METHOD_BPIALL,
|
||||
__SPECTRE_V2_METHOD_ICIALLU,
|
||||
__SPECTRE_V2_METHOD_SMC,
|
||||
__SPECTRE_V2_METHOD_HVC,
|
||||
__SPECTRE_V2_METHOD_LOOP8,
|
||||
};
|
||||
|
||||
enum {
|
||||
SPECTRE_V2_METHOD_BPIALL = BIT(__SPECTRE_V2_METHOD_BPIALL),
|
||||
SPECTRE_V2_METHOD_ICIALLU = BIT(__SPECTRE_V2_METHOD_ICIALLU),
|
||||
SPECTRE_V2_METHOD_SMC = BIT(__SPECTRE_V2_METHOD_SMC),
|
||||
SPECTRE_V2_METHOD_HVC = BIT(__SPECTRE_V2_METHOD_HVC),
|
||||
SPECTRE_V2_METHOD_LOOP8 = BIT(__SPECTRE_V2_METHOD_LOOP8),
|
||||
};
|
||||
|
||||
#ifdef CONFIG_GENERIC_CPU_VULNERABILITIES
|
||||
void spectre_v2_update_state(unsigned int state, unsigned int methods);
|
||||
#else
|
||||
static inline void spectre_v2_update_state(unsigned int state,
|
||||
unsigned int methods)
|
||||
{}
|
||||
#endif
|
||||
|
||||
int spectre_bhb_update_vectors(unsigned int method);
|
||||
|
||||
#endif
|
||||
@ -227,6 +227,12 @@ struct kvm_vcpu_events {
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED 3
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED (1U << 4)
|
||||
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3 KVM_REG_ARM_FW_REG(3)
|
||||
/* Higher values mean better protection. */
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_NOT_AVAIL 0
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_AVAIL 1
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_NOT_REQUIRED 2
|
||||
|
||||
/* Device Control API: ARM VGIC */
|
||||
#define KVM_DEV_ARM_VGIC_GRP_ADDR 0
|
||||
#define KVM_DEV_ARM_VGIC_GRP_DIST_REGS 1
|
||||
|
||||
@ -106,4 +106,6 @@ endif
|
||||
|
||||
obj-$(CONFIG_HAVE_ARM_SMCCC) += smccc-call.o
|
||||
|
||||
obj-$(CONFIG_GENERIC_CPU_VULNERABILITIES) += spectre.o
|
||||
|
||||
extra-y := $(head-y) vmlinux.lds
|
||||
|
||||
@ -596,11 +596,9 @@ call_fpe:
|
||||
tstne r0, #0x04000000 @ bit 26 set on both ARM and Thumb-2
|
||||
reteq lr
|
||||
and r8, r0, #0x00000f00 @ mask out CP number
|
||||
THUMB( lsr r8, r8, #8 )
|
||||
mov r7, #1
|
||||
add r6, r10, #TI_USED_CP
|
||||
ARM( strb r7, [r6, r8, lsr #8] ) @ set appropriate used_cp[]
|
||||
THUMB( strb r7, [r6, r8] ) @ set appropriate used_cp[]
|
||||
add r6, r10, r8, lsr #8 @ add used_cp[] array offset first
|
||||
strb r7, [r6, #TI_USED_CP] @ set appropriate used_cp[]
|
||||
#ifdef CONFIG_IWMMXT
|
||||
@ Test if we need to give access to iWMMXt coprocessors
|
||||
ldr r5, [r10, #TI_FLAGS]
|
||||
@ -609,7 +607,7 @@ call_fpe:
|
||||
bcs iwmmxt_task_enable
|
||||
#endif
|
||||
ARM( add pc, pc, r8, lsr #6 )
|
||||
THUMB( lsl r8, r8, #2 )
|
||||
THUMB( lsr r8, r8, #6 )
|
||||
THUMB( add pc, r8 )
|
||||
nop
|
||||
|
||||
@ -1007,12 +1005,11 @@ vector_\name:
|
||||
sub lr, lr, #\correction
|
||||
.endif
|
||||
|
||||
@
|
||||
@ Save r0, lr_<exception> (parent PC) and spsr_<exception>
|
||||
@ (parent CPSR)
|
||||
@
|
||||
@ Save r0, lr_<exception> (parent PC)
|
||||
stmia sp, {r0, lr} @ save r0, lr
|
||||
mrs lr, spsr
|
||||
|
||||
@ Save spsr_<exception> (parent CPSR)
|
||||
2: mrs lr, spsr
|
||||
str lr, [sp, #8] @ save spsr
|
||||
|
||||
@
|
||||
@ -1033,6 +1030,44 @@ vector_\name:
|
||||
movs pc, lr @ branch to handler in SVC mode
|
||||
ENDPROC(vector_\name)
|
||||
|
||||
#ifdef CONFIG_HARDEN_BRANCH_HISTORY
|
||||
.subsection 1
|
||||
.align 5
|
||||
vector_bhb_loop8_\name:
|
||||
.if \correction
|
||||
sub lr, lr, #\correction
|
||||
.endif
|
||||
|
||||
@ Save r0, lr_<exception> (parent PC)
|
||||
stmia sp, {r0, lr}
|
||||
|
||||
@ bhb workaround
|
||||
mov r0, #8
|
||||
3: b . + 4
|
||||
subs r0, r0, #1
|
||||
bne 3b
|
||||
dsb
|
||||
isb
|
||||
b 2b
|
||||
ENDPROC(vector_bhb_loop8_\name)
|
||||
|
||||
vector_bhb_bpiall_\name:
|
||||
.if \correction
|
||||
sub lr, lr, #\correction
|
||||
.endif
|
||||
|
||||
@ Save r0, lr_<exception> (parent PC)
|
||||
stmia sp, {r0, lr}
|
||||
|
||||
@ bhb workaround
|
||||
mcr p15, 0, r0, c7, c5, 6 @ BPIALL
|
||||
@ isb not needed due to "movs pc, lr" in the vector stub
|
||||
@ which gives a "context synchronisation".
|
||||
b 2b
|
||||
ENDPROC(vector_bhb_bpiall_\name)
|
||||
.previous
|
||||
#endif
|
||||
|
||||
.align 2
|
||||
@ handler addresses follow this label
|
||||
1:
|
||||
@ -1041,6 +1076,10 @@ ENDPROC(vector_\name)
|
||||
.section .stubs, "ax", %progbits
|
||||
@ This must be the first word
|
||||
.word vector_swi
|
||||
#ifdef CONFIG_HARDEN_BRANCH_HISTORY
|
||||
.word vector_bhb_loop8_swi
|
||||
.word vector_bhb_bpiall_swi
|
||||
#endif
|
||||
|
||||
vector_rst:
|
||||
ARM( swi SYS_ERROR0 )
|
||||
@ -1155,8 +1194,10 @@ vector_addrexcptn:
|
||||
* FIQ "NMI" handler
|
||||
*-----------------------------------------------------------------------------
|
||||
* Handle a FIQ using the SVC stack allowing FIQ act like NMI on x86
|
||||
* systems.
|
||||
* systems. This must be the last vector stub, so lets place it in its own
|
||||
* subsection.
|
||||
*/
|
||||
.subsection 2
|
||||
vector_stub fiq, FIQ_MODE, 4
|
||||
|
||||
.long __fiq_usr @ 0 (USR_26 / USR_32)
|
||||
@ -1189,6 +1230,30 @@ vector_addrexcptn:
|
||||
W(b) vector_irq
|
||||
W(b) vector_fiq
|
||||
|
||||
#ifdef CONFIG_HARDEN_BRANCH_HISTORY
|
||||
.section .vectors.bhb.loop8, "ax", %progbits
|
||||
.L__vectors_bhb_loop8_start:
|
||||
W(b) vector_rst
|
||||
W(b) vector_bhb_loop8_und
|
||||
W(ldr) pc, .L__vectors_bhb_loop8_start + 0x1004
|
||||
W(b) vector_bhb_loop8_pabt
|
||||
W(b) vector_bhb_loop8_dabt
|
||||
W(b) vector_addrexcptn
|
||||
W(b) vector_bhb_loop8_irq
|
||||
W(b) vector_bhb_loop8_fiq
|
||||
|
||||
.section .vectors.bhb.bpiall, "ax", %progbits
|
||||
.L__vectors_bhb_bpiall_start:
|
||||
W(b) vector_rst
|
||||
W(b) vector_bhb_bpiall_und
|
||||
W(ldr) pc, .L__vectors_bhb_bpiall_start + 0x1008
|
||||
W(b) vector_bhb_bpiall_pabt
|
||||
W(b) vector_bhb_bpiall_dabt
|
||||
W(b) vector_addrexcptn
|
||||
W(b) vector_bhb_bpiall_irq
|
||||
W(b) vector_bhb_bpiall_fiq
|
||||
#endif
|
||||
|
||||
.data
|
||||
.align 2
|
||||
|
||||
|
||||
@ -162,6 +162,29 @@ ENDPROC(ret_from_fork)
|
||||
*-----------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
.align 5
|
||||
#ifdef CONFIG_HARDEN_BRANCH_HISTORY
|
||||
ENTRY(vector_bhb_loop8_swi)
|
||||
sub sp, sp, #PT_REGS_SIZE
|
||||
stmia sp, {r0 - r12}
|
||||
mov r8, #8
|
||||
1: b 2f
|
||||
2: subs r8, r8, #1
|
||||
bne 1b
|
||||
dsb
|
||||
isb
|
||||
b 3f
|
||||
ENDPROC(vector_bhb_loop8_swi)
|
||||
|
||||
.align 5
|
||||
ENTRY(vector_bhb_bpiall_swi)
|
||||
sub sp, sp, #PT_REGS_SIZE
|
||||
stmia sp, {r0 - r12}
|
||||
mcr p15, 0, r8, c7, c5, 6 @ BPIALL
|
||||
isb
|
||||
b 3f
|
||||
ENDPROC(vector_bhb_bpiall_swi)
|
||||
#endif
|
||||
.align 5
|
||||
ENTRY(vector_swi)
|
||||
#ifdef CONFIG_CPU_V7M
|
||||
@ -169,6 +192,7 @@ ENTRY(vector_swi)
|
||||
#else
|
||||
sub sp, sp, #PT_REGS_SIZE
|
||||
stmia sp, {r0 - r12} @ Calling r0 - r12
|
||||
3:
|
||||
ARM( add r8, sp, #S_PC )
|
||||
ARM( stmdb r8, {sp, lr}^ ) @ Calling sp, lr
|
||||
THUMB( mov r8, sp )
|
||||
|
||||
@ -62,9 +62,10 @@ user_backtrace(struct frame_tail __user *tail,
|
||||
void
|
||||
perf_callchain_user(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
|
||||
{
|
||||
struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
|
||||
struct frame_tail __user *tail;
|
||||
|
||||
if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
|
||||
if (guest_cbs && guest_cbs->is_in_guest()) {
|
||||
/* We don't support guest os callchain now */
|
||||
return;
|
||||
}
|
||||
@ -98,9 +99,10 @@ callchain_trace(struct stackframe *fr,
|
||||
void
|
||||
perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *regs)
|
||||
{
|
||||
struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
|
||||
struct stackframe fr;
|
||||
|
||||
if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
|
||||
if (guest_cbs && guest_cbs->is_in_guest()) {
|
||||
/* We don't support guest os callchain now */
|
||||
return;
|
||||
}
|
||||
@ -111,18 +113,21 @@ perf_callchain_kernel(struct perf_callchain_entry_ctx *entry, struct pt_regs *re
|
||||
|
||||
unsigned long perf_instruction_pointer(struct pt_regs *regs)
|
||||
{
|
||||
if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
|
||||
return perf_guest_cbs->get_guest_ip();
|
||||
struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
|
||||
|
||||
if (guest_cbs && guest_cbs->is_in_guest())
|
||||
return guest_cbs->get_guest_ip();
|
||||
|
||||
return instruction_pointer(regs);
|
||||
}
|
||||
|
||||
unsigned long perf_misc_flags(struct pt_regs *regs)
|
||||
{
|
||||
struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
|
||||
int misc = 0;
|
||||
|
||||
if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
|
||||
if (perf_guest_cbs->is_user_mode())
|
||||
if (guest_cbs && guest_cbs->is_in_guest()) {
|
||||
if (guest_cbs->is_user_mode())
|
||||
misc |= PERF_RECORD_MISC_GUEST_USER;
|
||||
else
|
||||
misc |= PERF_RECORD_MISC_GUEST_KERNEL;
|
||||
|
||||
71
arch/arm/kernel/spectre.c
Normal file
71
arch/arm/kernel/spectre.c
Normal file
@ -0,0 +1,71 @@
|
||||
// SPDX-License-Identifier: GPL-2.0-only
|
||||
#include <linux/bpf.h>
|
||||
#include <linux/cpu.h>
|
||||
#include <linux/device.h>
|
||||
|
||||
#include <asm/spectre.h>
|
||||
|
||||
static bool _unprivileged_ebpf_enabled(void)
|
||||
{
|
||||
#ifdef CONFIG_BPF_SYSCALL
|
||||
return !sysctl_unprivileged_bpf_disabled;
|
||||
#else
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
|
||||
ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
|
||||
char *buf)
|
||||
{
|
||||
return sprintf(buf, "Mitigation: __user pointer sanitization\n");
|
||||
}
|
||||
|
||||
static unsigned int spectre_v2_state;
|
||||
static unsigned int spectre_v2_methods;
|
||||
|
||||
void spectre_v2_update_state(unsigned int state, unsigned int method)
|
||||
{
|
||||
if (state > spectre_v2_state)
|
||||
spectre_v2_state = state;
|
||||
spectre_v2_methods |= method;
|
||||
}
|
||||
|
||||
ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
|
||||
char *buf)
|
||||
{
|
||||
const char *method;
|
||||
|
||||
if (spectre_v2_state == SPECTRE_UNAFFECTED)
|
||||
return sprintf(buf, "%s\n", "Not affected");
|
||||
|
||||
if (spectre_v2_state != SPECTRE_MITIGATED)
|
||||
return sprintf(buf, "%s\n", "Vulnerable");
|
||||
|
||||
if (_unprivileged_ebpf_enabled())
|
||||
return sprintf(buf, "Vulnerable: Unprivileged eBPF enabled\n");
|
||||
|
||||
switch (spectre_v2_methods) {
|
||||
case SPECTRE_V2_METHOD_BPIALL:
|
||||
method = "Branch predictor hardening";
|
||||
break;
|
||||
|
||||
case SPECTRE_V2_METHOD_ICIALLU:
|
||||
method = "I-cache invalidation";
|
||||
break;
|
||||
|
||||
case SPECTRE_V2_METHOD_SMC:
|
||||
case SPECTRE_V2_METHOD_HVC:
|
||||
method = "Firmware call";
|
||||
break;
|
||||
|
||||
case SPECTRE_V2_METHOD_LOOP8:
|
||||
method = "History overwrite";
|
||||
break;
|
||||
|
||||
default:
|
||||
method = "Multiple mitigations";
|
||||
break;
|
||||
}
|
||||
|
||||
return sprintf(buf, "Mitigation: %s\n", method);
|
||||
}
|
||||
@ -31,6 +31,7 @@
|
||||
#include <asm/arch_timer.h>
|
||||
#include <asm/cacheflush.h>
|
||||
#include <asm/exception.h>
|
||||
#include <asm/spectre.h>
|
||||
#include <asm/unistd.h>
|
||||
#include <asm/traps.h>
|
||||
#include <asm/ptrace.h>
|
||||
@ -871,10 +872,59 @@ static inline void __init kuser_init(void *vectors)
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef CONFIG_CPU_V7M
|
||||
static void copy_from_lma(void *vma, void *lma_start, void *lma_end)
|
||||
{
|
||||
memcpy(vma, lma_start, lma_end - lma_start);
|
||||
}
|
||||
|
||||
static void flush_vectors(void *vma, size_t offset, size_t size)
|
||||
{
|
||||
unsigned long start = (unsigned long)vma + offset;
|
||||
unsigned long end = start + size;
|
||||
|
||||
flush_icache_range(start, end);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_HARDEN_BRANCH_HISTORY
|
||||
int spectre_bhb_update_vectors(unsigned int method)
|
||||
{
|
||||
extern char __vectors_bhb_bpiall_start[], __vectors_bhb_bpiall_end[];
|
||||
extern char __vectors_bhb_loop8_start[], __vectors_bhb_loop8_end[];
|
||||
void *vec_start, *vec_end;
|
||||
|
||||
if (system_state > SYSTEM_SCHEDULING) {
|
||||
pr_err("CPU%u: Spectre BHB workaround too late - system vulnerable\n",
|
||||
smp_processor_id());
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
|
||||
switch (method) {
|
||||
case SPECTRE_V2_METHOD_LOOP8:
|
||||
vec_start = __vectors_bhb_loop8_start;
|
||||
vec_end = __vectors_bhb_loop8_end;
|
||||
break;
|
||||
|
||||
case SPECTRE_V2_METHOD_BPIALL:
|
||||
vec_start = __vectors_bhb_bpiall_start;
|
||||
vec_end = __vectors_bhb_bpiall_end;
|
||||
break;
|
||||
|
||||
default:
|
||||
pr_err("CPU%u: unknown Spectre BHB state %d\n",
|
||||
smp_processor_id(), method);
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
|
||||
copy_from_lma(vectors_page, vec_start, vec_end);
|
||||
flush_vectors(vectors_page, 0, vec_end - vec_start);
|
||||
|
||||
return SPECTRE_MITIGATED;
|
||||
}
|
||||
#endif
|
||||
|
||||
void __init early_trap_init(void *vectors_base)
|
||||
{
|
||||
#ifndef CONFIG_CPU_V7M
|
||||
unsigned long vectors = (unsigned long)vectors_base;
|
||||
extern char __stubs_start[], __stubs_end[];
|
||||
extern char __vectors_start[], __vectors_end[];
|
||||
unsigned i;
|
||||
@ -895,17 +945,20 @@ void __init early_trap_init(void *vectors_base)
|
||||
* into the vector page, mapped at 0xffff0000, and ensure these
|
||||
* are visible to the instruction stream.
|
||||
*/
|
||||
memcpy((void *)vectors, __vectors_start, __vectors_end - __vectors_start);
|
||||
memcpy((void *)vectors + 0x1000, __stubs_start, __stubs_end - __stubs_start);
|
||||
copy_from_lma(vectors_base, __vectors_start, __vectors_end);
|
||||
copy_from_lma(vectors_base + 0x1000, __stubs_start, __stubs_end);
|
||||
|
||||
kuser_init(vectors_base);
|
||||
|
||||
flush_icache_range(vectors, vectors + PAGE_SIZE * 2);
|
||||
flush_vectors(vectors_base, 0, PAGE_SIZE * 2);
|
||||
}
|
||||
#else /* ifndef CONFIG_CPU_V7M */
|
||||
void __init early_trap_init(void *vectors_base)
|
||||
{
|
||||
/*
|
||||
* on V7-M there is no need to copy the vector table to a dedicated
|
||||
* memory area. The address is configurable and so a table in the kernel
|
||||
* image can be used.
|
||||
*/
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -25,6 +25,19 @@
|
||||
#define ARM_MMU_DISCARD(x) x
|
||||
#endif
|
||||
|
||||
/*
|
||||
* ld.lld does not support NOCROSSREFS:
|
||||
* https://github.com/ClangBuiltLinux/linux/issues/1609
|
||||
*/
|
||||
#ifdef CONFIG_LD_IS_LLD
|
||||
#define NOCROSSREFS
|
||||
#endif
|
||||
|
||||
/* Set start/end symbol names to the LMA for the section */
|
||||
#define ARM_LMA(sym, section) \
|
||||
sym##_start = LOADADDR(section); \
|
||||
sym##_end = LOADADDR(section) + SIZEOF(section)
|
||||
|
||||
#define PROC_INFO \
|
||||
. = ALIGN(4); \
|
||||
__proc_info_begin = .; \
|
||||
@ -100,19 +113,31 @@
|
||||
* only thing that matters is their relative offsets
|
||||
*/
|
||||
#define ARM_VECTORS \
|
||||
__vectors_start = .; \
|
||||
.vectors 0xffff0000 : AT(__vectors_start) { \
|
||||
__vectors_lma = .; \
|
||||
OVERLAY 0xffff0000 : NOCROSSREFS AT(__vectors_lma) { \
|
||||
.vectors { \
|
||||
*(.vectors) \
|
||||
} \
|
||||
. = __vectors_start + SIZEOF(.vectors); \
|
||||
__vectors_end = .; \
|
||||
.vectors.bhb.loop8 { \
|
||||
*(.vectors.bhb.loop8) \
|
||||
} \
|
||||
.vectors.bhb.bpiall { \
|
||||
*(.vectors.bhb.bpiall) \
|
||||
} \
|
||||
} \
|
||||
ARM_LMA(__vectors, .vectors); \
|
||||
ARM_LMA(__vectors_bhb_loop8, .vectors.bhb.loop8); \
|
||||
ARM_LMA(__vectors_bhb_bpiall, .vectors.bhb.bpiall); \
|
||||
. = __vectors_lma + SIZEOF(.vectors) + \
|
||||
SIZEOF(.vectors.bhb.loop8) + \
|
||||
SIZEOF(.vectors.bhb.bpiall); \
|
||||
\
|
||||
__stubs_start = .; \
|
||||
.stubs ADDR(.vectors) + 0x1000 : AT(__stubs_start) { \
|
||||
__stubs_lma = .; \
|
||||
.stubs ADDR(.vectors) + 0x1000 : AT(__stubs_lma) { \
|
||||
*(.stubs) \
|
||||
} \
|
||||
. = __stubs_start + SIZEOF(.stubs); \
|
||||
__stubs_end = .; \
|
||||
ARM_LMA(__stubs, .stubs); \
|
||||
. = __stubs_lma + SIZEOF(.stubs); \
|
||||
\
|
||||
PROVIDE(vector_fiq_offset = vector_fiq - ADDR(.vectors));
|
||||
|
||||
|
||||
@ -154,8 +154,10 @@ static int __init rcar_gen2_regulator_quirk(void)
|
||||
return -ENODEV;
|
||||
|
||||
for_each_matching_node_and_match(np, rcar_gen2_quirk_match, &id) {
|
||||
if (!of_device_is_available(np))
|
||||
if (!of_device_is_available(np)) {
|
||||
of_node_put(np);
|
||||
break;
|
||||
}
|
||||
|
||||
ret = of_property_read_u32(np, "reg", &addr);
|
||||
if (ret) /* Skip invalid entry and continue */
|
||||
@ -164,6 +166,7 @@ static int __init rcar_gen2_regulator_quirk(void)
|
||||
quirk = kzalloc(sizeof(*quirk), GFP_KERNEL);
|
||||
if (!quirk) {
|
||||
ret = -ENOMEM;
|
||||
of_node_put(np);
|
||||
goto err_mem;
|
||||
}
|
||||
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
menuconfig ARCH_SOCFPGA
|
||||
bool "Altera SOCFPGA family"
|
||||
depends on ARCH_MULTI_V7
|
||||
select ARCH_HAS_RESET_CONTROLLER
|
||||
select ARCH_SUPPORTS_BIG_ENDIAN
|
||||
select ARM_AMBA
|
||||
select ARM_GIC
|
||||
@ -19,6 +20,7 @@ menuconfig ARCH_SOCFPGA
|
||||
select PL310_ERRATA_727915
|
||||
select PL310_ERRATA_753970 if PL310
|
||||
select PL310_ERRATA_769419
|
||||
select RESET_CONTROLLER
|
||||
|
||||
if ARCH_SOCFPGA
|
||||
config SOCFPGA_SUSPEND
|
||||
|
||||
@ -33,7 +33,7 @@ extern void __iomem *sdr_ctl_base_addr;
|
||||
u32 socfpga_sdram_self_refresh(u32 sdr_base);
|
||||
extern unsigned int socfpga_sdram_self_refresh_sz;
|
||||
|
||||
extern char secondary_trampoline, secondary_trampoline_end;
|
||||
extern char secondary_trampoline[], secondary_trampoline_end[];
|
||||
|
||||
extern unsigned long socfpga_cpu1start_addr;
|
||||
|
||||
|
||||
@ -20,14 +20,14 @@
|
||||
|
||||
static int socfpga_boot_secondary(unsigned int cpu, struct task_struct *idle)
|
||||
{
|
||||
int trampoline_size = &secondary_trampoline_end - &secondary_trampoline;
|
||||
int trampoline_size = secondary_trampoline_end - secondary_trampoline;
|
||||
|
||||
if (socfpga_cpu1start_addr) {
|
||||
/* This will put CPU #1 into reset. */
|
||||
writel(RSTMGR_MPUMODRST_CPU1,
|
||||
rst_manager_base_addr + SOCFPGA_RSTMGR_MODMPURST);
|
||||
|
||||
memcpy(phys_to_virt(0), &secondary_trampoline, trampoline_size);
|
||||
memcpy(phys_to_virt(0), secondary_trampoline, trampoline_size);
|
||||
|
||||
writel(__pa_symbol(secondary_startup),
|
||||
sys_manager_base_addr + (socfpga_cpu1start_addr & 0x000000ff));
|
||||
@ -45,12 +45,12 @@ static int socfpga_boot_secondary(unsigned int cpu, struct task_struct *idle)
|
||||
|
||||
static int socfpga_a10_boot_secondary(unsigned int cpu, struct task_struct *idle)
|
||||
{
|
||||
int trampoline_size = &secondary_trampoline_end - &secondary_trampoline;
|
||||
int trampoline_size = secondary_trampoline_end - secondary_trampoline;
|
||||
|
||||
if (socfpga_cpu1start_addr) {
|
||||
writel(RSTMGR_MPUMODRST_CPU1, rst_manager_base_addr +
|
||||
SOCFPGA_A10_RSTMGR_MODMPURST);
|
||||
memcpy(phys_to_virt(0), &secondary_trampoline, trampoline_size);
|
||||
memcpy(phys_to_virt(0), secondary_trampoline, trampoline_size);
|
||||
|
||||
writel(__pa_symbol(secondary_startup),
|
||||
sys_manager_base_addr + (socfpga_cpu1start_addr & 0x00000fff));
|
||||
|
||||
@ -743,6 +743,7 @@ config SWP_EMULATE
|
||||
config CPU_BIG_ENDIAN
|
||||
bool "Build big-endian kernel"
|
||||
depends on ARCH_SUPPORTS_BIG_ENDIAN
|
||||
depends on !LD_IS_LLD
|
||||
help
|
||||
Say Y if you plan on running a kernel in big-endian mode.
|
||||
Note that your board must be properly built and your board
|
||||
@ -832,6 +833,7 @@ config CPU_BPREDICT_DISABLE
|
||||
|
||||
config CPU_SPECTRE
|
||||
bool
|
||||
select GENERIC_CPU_VULNERABILITIES
|
||||
|
||||
config HARDEN_BRANCH_PREDICTOR
|
||||
bool "Harden the branch predictor against aliasing attacks" if EXPERT
|
||||
@ -852,6 +854,16 @@ config HARDEN_BRANCH_PREDICTOR
|
||||
|
||||
If unsure, say Y.
|
||||
|
||||
config HARDEN_BRANCH_HISTORY
|
||||
bool "Harden Spectre style attacks against branch history" if EXPERT
|
||||
depends on CPU_SPECTRE
|
||||
default y
|
||||
help
|
||||
Speculation attacks against some high-performance processors can
|
||||
make use of branch history to influence future speculation. When
|
||||
taking an exception, a sequence of branches overwrites the branch
|
||||
history, or branch history is invalidated.
|
||||
|
||||
config TLS_REG_EMUL
|
||||
bool
|
||||
select NEED_KUSER_HELPERS
|
||||
|
||||
@ -371,14 +371,14 @@ static void __init free_unused_memmap(void)
|
||||
*/
|
||||
start = min(start,
|
||||
ALIGN(prev_end, PAGES_PER_SECTION));
|
||||
#else
|
||||
/*
|
||||
* Align down here since the VM subsystem insists that the
|
||||
* memmap entries are valid from the bank start aligned to
|
||||
* MAX_ORDER_NR_PAGES.
|
||||
*/
|
||||
start = round_down(start, MAX_ORDER_NR_PAGES);
|
||||
#endif
|
||||
/*
|
||||
* Align down here since many operations in VM subsystem
|
||||
* presume that there are no holes in the memory map inside
|
||||
* a pageblock
|
||||
*/
|
||||
start = round_down(start, pageblock_nr_pages);
|
||||
|
||||
/*
|
||||
* If we had a previous bank, and there is a space
|
||||
* between the current bank and the previous, free it.
|
||||
@ -387,18 +387,20 @@ static void __init free_unused_memmap(void)
|
||||
free_memmap(prev_end, start);
|
||||
|
||||
/*
|
||||
* Align up here since the VM subsystem insists that the
|
||||
* memmap entries are valid from the bank end aligned to
|
||||
* MAX_ORDER_NR_PAGES.
|
||||
* Align up here since many operations in VM subsystem
|
||||
* presume that there are no holes in the memory map inside
|
||||
* a pageblock
|
||||
*/
|
||||
prev_end = ALIGN(memblock_region_memory_end_pfn(reg),
|
||||
MAX_ORDER_NR_PAGES);
|
||||
pageblock_nr_pages);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SPARSEMEM
|
||||
if (!IS_ALIGNED(prev_end, PAGES_PER_SECTION))
|
||||
if (!IS_ALIGNED(prev_end, PAGES_PER_SECTION)) {
|
||||
prev_end = ALIGN(prev_end, pageblock_nr_pages);
|
||||
free_memmap(prev_end,
|
||||
ALIGN(prev_end, PAGES_PER_SECTION));
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
@ -27,6 +27,7 @@
|
||||
#include <linux/vmalloc.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/sizes.h>
|
||||
#include <linux/memblock.h>
|
||||
|
||||
#include <asm/cp15.h>
|
||||
#include <asm/cputype.h>
|
||||
@ -309,7 +310,8 @@ static void __iomem * __arm_ioremap_pfn_caller(unsigned long pfn,
|
||||
* Don't allow RAM to be mapped with mismatched attributes - this
|
||||
* causes problems with ARMv6+
|
||||
*/
|
||||
if (WARN_ON(pfn_valid(pfn) && mtype != MT_MEMORY_RW))
|
||||
if (WARN_ON(memblock_is_map_memory(PFN_PHYS(pfn)) &&
|
||||
mtype != MT_MEMORY_RW))
|
||||
return NULL;
|
||||
|
||||
area = get_vm_area_caller(size, VM_IOREMAP, caller);
|
||||
|
||||
@ -7,8 +7,35 @@
|
||||
#include <asm/cp15.h>
|
||||
#include <asm/cputype.h>
|
||||
#include <asm/proc-fns.h>
|
||||
#include <asm/spectre.h>
|
||||
#include <asm/system_misc.h>
|
||||
|
||||
#ifdef CONFIG_ARM_PSCI
|
||||
static int __maybe_unused spectre_v2_get_cpu_fw_mitigation_state(void)
|
||||
{
|
||||
struct arm_smccc_res res;
|
||||
|
||||
arm_smccc_1_1_invoke(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
|
||||
ARM_SMCCC_ARCH_WORKAROUND_1, &res);
|
||||
|
||||
switch ((int)res.a0) {
|
||||
case SMCCC_RET_SUCCESS:
|
||||
return SPECTRE_MITIGATED;
|
||||
|
||||
case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:
|
||||
return SPECTRE_UNAFFECTED;
|
||||
|
||||
default:
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
}
|
||||
#else
|
||||
static int __maybe_unused spectre_v2_get_cpu_fw_mitigation_state(void)
|
||||
{
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_HARDEN_BRANCH_PREDICTOR
|
||||
DEFINE_PER_CPU(harden_branch_predictor_fn_t, harden_branch_predictor_fn);
|
||||
|
||||
@ -37,13 +64,61 @@ static void __maybe_unused call_hvc_arch_workaround_1(void)
|
||||
arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_WORKAROUND_1, NULL);
|
||||
}
|
||||
|
||||
static void cpu_v7_spectre_init(void)
|
||||
static unsigned int spectre_v2_install_workaround(unsigned int method)
|
||||
{
|
||||
const char *spectre_v2_method = NULL;
|
||||
int cpu = smp_processor_id();
|
||||
|
||||
if (per_cpu(harden_branch_predictor_fn, cpu))
|
||||
return;
|
||||
return SPECTRE_MITIGATED;
|
||||
|
||||
switch (method) {
|
||||
case SPECTRE_V2_METHOD_BPIALL:
|
||||
per_cpu(harden_branch_predictor_fn, cpu) =
|
||||
harden_branch_predictor_bpiall;
|
||||
spectre_v2_method = "BPIALL";
|
||||
break;
|
||||
|
||||
case SPECTRE_V2_METHOD_ICIALLU:
|
||||
per_cpu(harden_branch_predictor_fn, cpu) =
|
||||
harden_branch_predictor_iciallu;
|
||||
spectre_v2_method = "ICIALLU";
|
||||
break;
|
||||
|
||||
case SPECTRE_V2_METHOD_HVC:
|
||||
per_cpu(harden_branch_predictor_fn, cpu) =
|
||||
call_hvc_arch_workaround_1;
|
||||
cpu_do_switch_mm = cpu_v7_hvc_switch_mm;
|
||||
spectre_v2_method = "hypervisor";
|
||||
break;
|
||||
|
||||
case SPECTRE_V2_METHOD_SMC:
|
||||
per_cpu(harden_branch_predictor_fn, cpu) =
|
||||
call_smc_arch_workaround_1;
|
||||
cpu_do_switch_mm = cpu_v7_smc_switch_mm;
|
||||
spectre_v2_method = "firmware";
|
||||
break;
|
||||
}
|
||||
|
||||
if (spectre_v2_method)
|
||||
pr_info("CPU%u: Spectre v2: using %s workaround\n",
|
||||
smp_processor_id(), spectre_v2_method);
|
||||
|
||||
return SPECTRE_MITIGATED;
|
||||
}
|
||||
#else
|
||||
static unsigned int spectre_v2_install_workaround(unsigned int method)
|
||||
{
|
||||
pr_info("CPU%u: Spectre V2: workarounds disabled by configuration\n",
|
||||
smp_processor_id());
|
||||
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
#endif
|
||||
|
||||
static void cpu_v7_spectre_v2_init(void)
|
||||
{
|
||||
unsigned int state, method = 0;
|
||||
|
||||
switch (read_cpuid_part()) {
|
||||
case ARM_CPU_PART_CORTEX_A8:
|
||||
@ -52,32 +127,37 @@ static void cpu_v7_spectre_init(void)
|
||||
case ARM_CPU_PART_CORTEX_A17:
|
||||
case ARM_CPU_PART_CORTEX_A73:
|
||||
case ARM_CPU_PART_CORTEX_A75:
|
||||
per_cpu(harden_branch_predictor_fn, cpu) =
|
||||
harden_branch_predictor_bpiall;
|
||||
spectre_v2_method = "BPIALL";
|
||||
state = SPECTRE_MITIGATED;
|
||||
method = SPECTRE_V2_METHOD_BPIALL;
|
||||
break;
|
||||
|
||||
case ARM_CPU_PART_CORTEX_A15:
|
||||
case ARM_CPU_PART_BRAHMA_B15:
|
||||
per_cpu(harden_branch_predictor_fn, cpu) =
|
||||
harden_branch_predictor_iciallu;
|
||||
spectre_v2_method = "ICIALLU";
|
||||
state = SPECTRE_MITIGATED;
|
||||
method = SPECTRE_V2_METHOD_ICIALLU;
|
||||
break;
|
||||
|
||||
#ifdef CONFIG_ARM_PSCI
|
||||
case ARM_CPU_PART_BRAHMA_B53:
|
||||
/* Requires no workaround */
|
||||
state = SPECTRE_UNAFFECTED;
|
||||
break;
|
||||
|
||||
default:
|
||||
/* Other ARM CPUs require no workaround */
|
||||
if (read_cpuid_implementor() == ARM_CPU_IMP_ARM)
|
||||
if (read_cpuid_implementor() == ARM_CPU_IMP_ARM) {
|
||||
state = SPECTRE_UNAFFECTED;
|
||||
break;
|
||||
}
|
||||
/* fallthrough */
|
||||
/* Cortex A57/A72 require firmware workaround */
|
||||
case ARM_CPU_PART_CORTEX_A57:
|
||||
case ARM_CPU_PART_CORTEX_A72: {
|
||||
struct arm_smccc_res res;
|
||||
|
||||
state = spectre_v2_get_cpu_fw_mitigation_state();
|
||||
if (state != SPECTRE_MITIGATED)
|
||||
break;
|
||||
|
||||
if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
|
||||
break;
|
||||
|
||||
@ -87,10 +167,7 @@ static void cpu_v7_spectre_init(void)
|
||||
ARM_SMCCC_ARCH_WORKAROUND_1, &res);
|
||||
if ((int)res.a0 != 0)
|
||||
break;
|
||||
per_cpu(harden_branch_predictor_fn, cpu) =
|
||||
call_hvc_arch_workaround_1;
|
||||
cpu_do_switch_mm = cpu_v7_hvc_switch_mm;
|
||||
spectre_v2_method = "hypervisor";
|
||||
method = SPECTRE_V2_METHOD_HVC;
|
||||
break;
|
||||
|
||||
case PSCI_CONDUIT_SMC:
|
||||
@ -98,29 +175,97 @@ static void cpu_v7_spectre_init(void)
|
||||
ARM_SMCCC_ARCH_WORKAROUND_1, &res);
|
||||
if ((int)res.a0 != 0)
|
||||
break;
|
||||
per_cpu(harden_branch_predictor_fn, cpu) =
|
||||
call_smc_arch_workaround_1;
|
||||
cpu_do_switch_mm = cpu_v7_smc_switch_mm;
|
||||
spectre_v2_method = "firmware";
|
||||
method = SPECTRE_V2_METHOD_SMC;
|
||||
break;
|
||||
|
||||
default:
|
||||
state = SPECTRE_VULNERABLE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (spectre_v2_method)
|
||||
pr_info("CPU%u: Spectre v2: using %s workaround\n",
|
||||
smp_processor_id(), spectre_v2_method);
|
||||
if (state == SPECTRE_MITIGATED)
|
||||
state = spectre_v2_install_workaround(method);
|
||||
|
||||
spectre_v2_update_state(state, method);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_HARDEN_BRANCH_HISTORY
|
||||
static int spectre_bhb_method;
|
||||
|
||||
static const char *spectre_bhb_method_name(int method)
|
||||
{
|
||||
switch (method) {
|
||||
case SPECTRE_V2_METHOD_LOOP8:
|
||||
return "loop";
|
||||
|
||||
case SPECTRE_V2_METHOD_BPIALL:
|
||||
return "BPIALL";
|
||||
|
||||
default:
|
||||
return "unknown";
|
||||
}
|
||||
}
|
||||
|
||||
static int spectre_bhb_install_workaround(int method)
|
||||
{
|
||||
if (spectre_bhb_method != method) {
|
||||
if (spectre_bhb_method) {
|
||||
pr_err("CPU%u: Spectre BHB: method disagreement, system vulnerable\n",
|
||||
smp_processor_id());
|
||||
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
|
||||
if (spectre_bhb_update_vectors(method) == SPECTRE_VULNERABLE)
|
||||
return SPECTRE_VULNERABLE;
|
||||
|
||||
spectre_bhb_method = method;
|
||||
}
|
||||
|
||||
pr_info("CPU%u: Spectre BHB: using %s workaround\n",
|
||||
smp_processor_id(), spectre_bhb_method_name(method));
|
||||
|
||||
return SPECTRE_MITIGATED;
|
||||
}
|
||||
#else
|
||||
static void cpu_v7_spectre_init(void)
|
||||
static int spectre_bhb_install_workaround(int method)
|
||||
{
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
#endif
|
||||
|
||||
static void cpu_v7_spectre_bhb_init(void)
|
||||
{
|
||||
unsigned int state, method = 0;
|
||||
|
||||
switch (read_cpuid_part()) {
|
||||
case ARM_CPU_PART_CORTEX_A15:
|
||||
case ARM_CPU_PART_BRAHMA_B15:
|
||||
case ARM_CPU_PART_CORTEX_A57:
|
||||
case ARM_CPU_PART_CORTEX_A72:
|
||||
state = SPECTRE_MITIGATED;
|
||||
method = SPECTRE_V2_METHOD_LOOP8;
|
||||
break;
|
||||
|
||||
case ARM_CPU_PART_CORTEX_A73:
|
||||
case ARM_CPU_PART_CORTEX_A75:
|
||||
state = SPECTRE_MITIGATED;
|
||||
method = SPECTRE_V2_METHOD_BPIALL;
|
||||
break;
|
||||
|
||||
default:
|
||||
state = SPECTRE_UNAFFECTED;
|
||||
break;
|
||||
}
|
||||
|
||||
if (state == SPECTRE_MITIGATED)
|
||||
state = spectre_bhb_install_workaround(method);
|
||||
|
||||
spectre_v2_update_state(state, method);
|
||||
}
|
||||
|
||||
static __maybe_unused bool cpu_v7_check_auxcr_set(bool *warned,
|
||||
u32 mask, const char *msg)
|
||||
{
|
||||
@ -149,16 +294,17 @@ static bool check_spectre_auxcr(bool *warned, u32 bit)
|
||||
void cpu_v7_ca8_ibe(void)
|
||||
{
|
||||
if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(6)))
|
||||
cpu_v7_spectre_init();
|
||||
cpu_v7_spectre_v2_init();
|
||||
}
|
||||
|
||||
void cpu_v7_ca15_ibe(void)
|
||||
{
|
||||
if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)))
|
||||
cpu_v7_spectre_init();
|
||||
cpu_v7_spectre_v2_init();
|
||||
}
|
||||
|
||||
void cpu_v7_bugs_init(void)
|
||||
{
|
||||
cpu_v7_spectre_init();
|
||||
cpu_v7_spectre_v2_init();
|
||||
cpu_v7_spectre_bhb_init();
|
||||
}
|
||||
|
||||
@ -1197,6 +1197,15 @@ config ARM64_SSBD
|
||||
|
||||
If unsure, say Y.
|
||||
|
||||
config MITIGATE_SPECTRE_BRANCH_HISTORY
|
||||
bool "Mitigate Spectre style attacks against branch history" if EXPERT
|
||||
default y
|
||||
help
|
||||
Speculation attacks against some high-performance processors can
|
||||
make use of branch history to influence future speculation.
|
||||
When taking an exception from user-space, a sequence of branches
|
||||
or a firmware call overwrites the branch history.
|
||||
|
||||
config RODATA_FULL_DEFAULT_ENABLED
|
||||
bool "Apply r/o permissions of VM areas also to their linear aliases"
|
||||
default y
|
||||
|
||||
@ -72,7 +72,7 @@
|
||||
pinctrl-0 = <&emac_rgmii_pins>;
|
||||
phy-supply = <®_gmac_3v3>;
|
||||
phy-handle = <&ext_rgmii_phy>;
|
||||
phy-mode = "rgmii";
|
||||
phy-mode = "rgmii-id";
|
||||
status = "okay";
|
||||
};
|
||||
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
*/
|
||||
|
||||
#include "meson-gxbb.dtsi"
|
||||
#include <dt-bindings/gpio/gpio.h>
|
||||
|
||||
/ {
|
||||
aliases {
|
||||
@ -64,6 +65,7 @@
|
||||
regulator-name = "VDDIO_AO18";
|
||||
regulator-min-microvolt = <1800000>;
|
||||
regulator-max-microvolt = <1800000>;
|
||||
regulator-always-on;
|
||||
};
|
||||
|
||||
vcc_3v3: regulator-vcc_3v3 {
|
||||
@ -157,6 +159,7 @@
|
||||
status = "okay";
|
||||
pinctrl-0 = <&hdmi_hpd_pins>, <&hdmi_i2c_pins>;
|
||||
pinctrl-names = "default";
|
||||
hdmi-supply = <&vddio_ao18>;
|
||||
};
|
||||
|
||||
&hdmi_tx_tmds_port {
|
||||
|
||||
@ -161,11 +161,6 @@
|
||||
vcc-supply = <&sb_3v3>;
|
||||
};
|
||||
|
||||
rtc@51 {
|
||||
compatible = "nxp,pcf2129";
|
||||
reg = <0x51>;
|
||||
};
|
||||
|
||||
eeprom@56 {
|
||||
compatible = "atmel,24c512";
|
||||
reg = <0x56>;
|
||||
@ -209,6 +204,15 @@
|
||||
|
||||
};
|
||||
|
||||
&i2c1 {
|
||||
status = "okay";
|
||||
|
||||
rtc@51 {
|
||||
compatible = "nxp,pcf2129";
|
||||
reg = <0x51>;
|
||||
};
|
||||
};
|
||||
|
||||
&enetc_port1 {
|
||||
phy-handle = <&qds_phy1>;
|
||||
phy-connection-type = "rgmii-id";
|
||||
|
||||
@ -637,56 +637,56 @@
|
||||
};
|
||||
|
||||
cluster1_core0_watchdog: wdt@c000000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc000000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster1_core1_watchdog: wdt@c010000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc010000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster1_core2_watchdog: wdt@c020000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc020000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster1_core3_watchdog: wdt@c030000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc030000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster2_core0_watchdog: wdt@c100000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc100000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster2_core1_watchdog: wdt@c110000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc110000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster2_core2_watchdog: wdt@c120000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc120000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster2_core3_watchdog: wdt@c130000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc130000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
|
||||
@ -227,56 +227,56 @@
|
||||
};
|
||||
|
||||
cluster1_core0_watchdog: wdt@c000000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc000000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster1_core1_watchdog: wdt@c010000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc010000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster2_core0_watchdog: wdt@c100000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc100000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster2_core1_watchdog: wdt@c110000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc110000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster3_core0_watchdog: wdt@c200000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc200000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster3_core1_watchdog: wdt@c210000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc210000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster4_core0_watchdog: wdt@c300000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc300000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
};
|
||||
|
||||
cluster4_core1_watchdog: wdt@c310000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xc310000 0x0 0x1000>;
|
||||
clocks = <&clockgen 4 3>, <&clockgen 4 3>;
|
||||
clock-names = "wdog_clk", "apb_pclk";
|
||||
|
||||
@ -1100,7 +1100,7 @@
|
||||
};
|
||||
|
||||
watchdog0: watchdog@e8a06000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xe8a06000 0x0 0x1000>;
|
||||
interrupts = <GIC_SPI 44 IRQ_TYPE_LEVEL_HIGH>;
|
||||
clocks = <&crg_ctrl HI3660_OSC32K>;
|
||||
@ -1108,7 +1108,7 @@
|
||||
};
|
||||
|
||||
watchdog1: watchdog@e8a07000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xe8a07000 0x0 0x1000>;
|
||||
interrupts = <GIC_SPI 45 IRQ_TYPE_LEVEL_HIGH>;
|
||||
clocks = <&crg_ctrl HI3660_OSC32K>;
|
||||
|
||||
@ -839,7 +839,7 @@
|
||||
};
|
||||
|
||||
watchdog0: watchdog@f8005000 {
|
||||
compatible = "arm,sp805-wdt", "arm,primecell";
|
||||
compatible = "arm,sp805", "arm,primecell";
|
||||
reg = <0x0 0xf8005000 0x0 0x1000>;
|
||||
interrupts = <GIC_SPI 13 IRQ_TYPE_LEVEL_HIGH>;
|
||||
clocks = <&ao_ctrl HI6220_WDT0_PCLK>;
|
||||
|
||||
@ -128,6 +128,9 @@
|
||||
|
||||
/* CON15(V2.0)/CON17(V1.4) : PCIe / CON15(V2.0)/CON12(V1.4) :mini-PCIe */
|
||||
&pcie0 {
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&pcie_reset_pins &pcie_clkreq_pins>;
|
||||
reset-gpios = <&gpiosb 3 GPIO_ACTIVE_LOW>;
|
||||
status = "okay";
|
||||
};
|
||||
|
||||
|
||||
@ -59,6 +59,7 @@
|
||||
phys = <&comphy1 0>;
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&pcie_reset_pins &pcie_clkreq_pins>;
|
||||
reset-gpios = <&gpiosb 3 GPIO_ACTIVE_LOW>;
|
||||
};
|
||||
|
||||
/* J6 */
|
||||
|
||||
@ -127,10 +127,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
&pcie_reset_pins {
|
||||
function = "gpio";
|
||||
};
|
||||
|
||||
&pcie0 {
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&pcie_reset_pins &pcie_clkreq_pins>;
|
||||
|
||||
@ -318,7 +318,7 @@
|
||||
|
||||
pcie_reset_pins: pcie-reset-pins {
|
||||
groups = "pcie1";
|
||||
function = "pcie";
|
||||
function = "gpio";
|
||||
};
|
||||
|
||||
pcie_clkreq_pins: pcie-clkreq-pins {
|
||||
|
||||
@ -71,6 +71,7 @@
|
||||
tx-fault-gpio = <&cp1_gpio1 26 GPIO_ACTIVE_HIGH>;
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&cp1_sfpp0_pins>;
|
||||
maximum-power-milliwatt = <2000>;
|
||||
};
|
||||
|
||||
sfp_eth1: sfp-eth1 {
|
||||
@ -83,6 +84,7 @@
|
||||
tx-fault-gpio = <&cp0_gpio2 30 GPIO_ACTIVE_HIGH>;
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&cp1_sfpp1_pins &cp0_sfpp1_pins>;
|
||||
maximum-power-milliwatt = <2000>;
|
||||
};
|
||||
|
||||
sfp_eth3: sfp-eth3 {
|
||||
@ -95,6 +97,7 @@
|
||||
tx-fault-gpio = <&cp0_gpio2 19 GPIO_ACTIVE_HIGH>;
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&cp0_sfp_1g_pins &cp1_sfp_1g_pins>;
|
||||
maximum-power-milliwatt = <2000>;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@ -709,7 +709,7 @@
|
||||
|
||||
ccplex@e000000 {
|
||||
compatible = "nvidia,tegra186-ccplex-cluster";
|
||||
reg = <0x0 0x0e000000 0x0 0x3fffff>;
|
||||
reg = <0x0 0x0e000000 0x0 0x400000>;
|
||||
|
||||
nvidia,bpmp = <&bpmp>;
|
||||
};
|
||||
|
||||
@ -16,8 +16,8 @@
|
||||
#size-cells = <2>;
|
||||
|
||||
aliases {
|
||||
sdhc1 = &sdhc_1; /* SDC1 eMMC slot */
|
||||
sdhc2 = &sdhc_2; /* SDC2 SD card slot */
|
||||
mmc0 = &sdhc_1; /* SDC1 eMMC slot */
|
||||
mmc1 = &sdhc_2; /* SDC2 SD card slot */
|
||||
};
|
||||
|
||||
chosen { };
|
||||
|
||||
@ -2098,9 +2098,6 @@
|
||||
nvmem-cells = <&gpu_speed_bin>;
|
||||
nvmem-cell-names = "speed_bin";
|
||||
|
||||
qcom,gpu-quirk-two-pass-use-wfi;
|
||||
qcom,gpu-quirk-fault-detect-mask;
|
||||
|
||||
operating-points-v2 = <&gpu_opp_table>;
|
||||
|
||||
gpu_opp_table: opp-table {
|
||||
|
||||
@ -246,38 +246,42 @@
|
||||
LITTLE_CPU_SLEEP_0: cpu-sleep-0-0 {
|
||||
compatible = "arm,idle-state";
|
||||
idle-state-name = "little-retention";
|
||||
/* CPU Retention (C2D), L2 Active */
|
||||
arm,psci-suspend-param = <0x00000002>;
|
||||
entry-latency-us = <81>;
|
||||
exit-latency-us = <86>;
|
||||
min-residency-us = <200>;
|
||||
min-residency-us = <504>;
|
||||
};
|
||||
|
||||
LITTLE_CPU_SLEEP_1: cpu-sleep-0-1 {
|
||||
compatible = "arm,idle-state";
|
||||
idle-state-name = "little-power-collapse";
|
||||
/* CPU + L2 Power Collapse (C3, D4) */
|
||||
arm,psci-suspend-param = <0x40000003>;
|
||||
entry-latency-us = <273>;
|
||||
exit-latency-us = <612>;
|
||||
min-residency-us = <1000>;
|
||||
entry-latency-us = <814>;
|
||||
exit-latency-us = <4562>;
|
||||
min-residency-us = <9183>;
|
||||
local-timer-stop;
|
||||
};
|
||||
|
||||
BIG_CPU_SLEEP_0: cpu-sleep-1-0 {
|
||||
compatible = "arm,idle-state";
|
||||
idle-state-name = "big-retention";
|
||||
/* CPU Retention (C2D), L2 Active */
|
||||
arm,psci-suspend-param = <0x00000002>;
|
||||
entry-latency-us = <79>;
|
||||
exit-latency-us = <82>;
|
||||
min-residency-us = <200>;
|
||||
min-residency-us = <1302>;
|
||||
};
|
||||
|
||||
BIG_CPU_SLEEP_1: cpu-sleep-1-1 {
|
||||
compatible = "arm,idle-state";
|
||||
idle-state-name = "big-power-collapse";
|
||||
/* CPU + L2 Power Collapse (C3, D4) */
|
||||
arm,psci-suspend-param = <0x40000003>;
|
||||
entry-latency-us = <336>;
|
||||
exit-latency-us = <525>;
|
||||
min-residency-us = <1000>;
|
||||
entry-latency-us = <724>;
|
||||
exit-latency-us = <2027>;
|
||||
min-residency-us = <9419>;
|
||||
local-timer-stop;
|
||||
};
|
||||
};
|
||||
|
||||
@ -685,7 +685,6 @@
|
||||
&sdhci {
|
||||
bus-width = <8>;
|
||||
mmc-hs400-1_8v;
|
||||
mmc-hs400-enhanced-strobe;
|
||||
non-removable;
|
||||
status = "okay";
|
||||
};
|
||||
|
||||
@ -49,7 +49,7 @@
|
||||
regulator-boot-on;
|
||||
regulator-min-microvolt = <3300000>;
|
||||
regulator-max-microvolt = <3300000>;
|
||||
vim-supply = <&vcc3v3_sys>;
|
||||
vin-supply = <&vcc3v3_sys>;
|
||||
};
|
||||
|
||||
vcc3v3_sys: vcc3v3-sys {
|
||||
|
||||
@ -452,7 +452,7 @@
|
||||
status = "okay";
|
||||
|
||||
bt656-supply = <&vcc_3v0>;
|
||||
audio-supply = <&vcc_3v0>;
|
||||
audio-supply = <&vcc1v8_codec>;
|
||||
sdmmc-supply = <&vcc_sdio>;
|
||||
gpio1830-supply = <&vcc_3v0>;
|
||||
};
|
||||
|
||||
@ -60,7 +60,7 @@
|
||||
i-cache-sets = <256>;
|
||||
d-cache-size = <0x8000>;
|
||||
d-cache-line-size = <64>;
|
||||
d-cache-sets = <128>;
|
||||
d-cache-sets = <256>;
|
||||
next-level-cache = <&L2_0>;
|
||||
};
|
||||
|
||||
@ -74,7 +74,7 @@
|
||||
i-cache-sets = <256>;
|
||||
d-cache-size = <0x8000>;
|
||||
d-cache-line-size = <64>;
|
||||
d-cache-sets = <128>;
|
||||
d-cache-sets = <256>;
|
||||
next-level-cache = <&L2_0>;
|
||||
};
|
||||
};
|
||||
@ -84,7 +84,7 @@
|
||||
cache-level = <2>;
|
||||
cache-size = <0x100000>;
|
||||
cache-line-size = <64>;
|
||||
cache-sets = <2048>;
|
||||
cache-sets = <1024>;
|
||||
next-level-cache = <&msmc_l3>;
|
||||
};
|
||||
|
||||
|
||||
@ -131,7 +131,7 @@
|
||||
reg = <0>;
|
||||
|
||||
partition@0 {
|
||||
label = "data";
|
||||
label = "spi0-data";
|
||||
reg = <0x0 0x100000>;
|
||||
};
|
||||
};
|
||||
@ -149,7 +149,7 @@
|
||||
reg = <0>;
|
||||
|
||||
partition@0 {
|
||||
label = "data";
|
||||
label = "spi1-data";
|
||||
reg = <0x0 0x84000>;
|
||||
};
|
||||
};
|
||||
|
||||
@ -582,7 +582,7 @@
|
||||
};
|
||||
|
||||
uart0: serial@ff000000 {
|
||||
compatible = "cdns,uart-r1p12", "xlnx,xuartps";
|
||||
compatible = "xlnx,zynqmp-uart", "cdns,uart-r1p12";
|
||||
status = "disabled";
|
||||
interrupt-parent = <&gic>;
|
||||
interrupts = <0 21 4>;
|
||||
@ -591,7 +591,7 @@
|
||||
};
|
||||
|
||||
uart1: serial@ff010000 {
|
||||
compatible = "cdns,uart-r1p12", "xlnx,xuartps";
|
||||
compatible = "xlnx,zynqmp-uart", "cdns,uart-r1p12";
|
||||
status = "disabled";
|
||||
interrupt-parent = <&gic>;
|
||||
interrupts = <0 22 4>;
|
||||
|
||||
@ -130,6 +130,13 @@
|
||||
hint #20
|
||||
.endm
|
||||
|
||||
/*
|
||||
* Clear Branch History instruction
|
||||
*/
|
||||
.macro clearbhb
|
||||
hint #22
|
||||
.endm
|
||||
|
||||
/*
|
||||
* Speculation barrier
|
||||
*/
|
||||
@ -787,4 +794,30 @@ USER(\label, ic ivau, \tmp2) // invalidate I line PoU
|
||||
.Lyield_out_\@ :
|
||||
.endm
|
||||
|
||||
.macro __mitigate_spectre_bhb_loop tmp
|
||||
#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
|
||||
alternative_cb spectre_bhb_patch_loop_iter
|
||||
mov \tmp, #32 // Patched to correct the immediate
|
||||
alternative_cb_end
|
||||
.Lspectre_bhb_loop\@:
|
||||
b . + 4
|
||||
subs \tmp, \tmp, #1
|
||||
b.ne .Lspectre_bhb_loop\@
|
||||
sb
|
||||
#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */
|
||||
.endm
|
||||
|
||||
/* Save/restores x0-x3 to the stack */
|
||||
.macro __mitigate_spectre_bhb_fw
|
||||
#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
|
||||
stp x0, x1, [sp, #-16]!
|
||||
stp x2, x3, [sp, #-16]!
|
||||
mov w0, #ARM_SMCCC_ARCH_WORKAROUND_3
|
||||
alternative_cb arm64_update_smccc_conduit
|
||||
nop // Patched to SMC/HVC #0
|
||||
alternative_cb_end
|
||||
ldp x2, x3, [sp], #16
|
||||
ldp x0, x1, [sp], #16
|
||||
#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */
|
||||
.endm
|
||||
#endif /* __ASM_ASSEMBLER_H */
|
||||
|
||||
@ -25,6 +25,7 @@ struct cpuinfo_arm64 {
|
||||
u64 reg_id_aa64dfr1;
|
||||
u64 reg_id_aa64isar0;
|
||||
u64 reg_id_aa64isar1;
|
||||
u64 reg_id_aa64isar2;
|
||||
u64 reg_id_aa64mmfr0;
|
||||
u64 reg_id_aa64mmfr1;
|
||||
u64 reg_id_aa64mmfr2;
|
||||
|
||||
@ -56,8 +56,9 @@
|
||||
#define ARM64_WORKAROUND_CAVIUM_TX2_219_PRFM 46
|
||||
#define ARM64_WORKAROUND_1542419 47
|
||||
#define ARM64_HAS_AMU_EXTN 48
|
||||
#define ARM64_SPECTRE_BHB 49
|
||||
|
||||
/* kabi: reserve 49 - 62 for future cpu capabilities */
|
||||
/* kabi: reserve 48 - 62 for future cpu capabilities */
|
||||
#define ARM64_NCAPS 62
|
||||
|
||||
#endif /* __ASM_CPUCAPS_H */
|
||||
|
||||
@ -508,6 +508,34 @@ static inline bool cpu_supports_mixed_endian_el0(void)
|
||||
return id_aa64mmfr0_mixed_endian_el0(read_cpuid(ID_AA64MMFR0_EL1));
|
||||
}
|
||||
|
||||
static inline bool supports_csv2p3(int scope)
|
||||
{
|
||||
u64 pfr0;
|
||||
u8 csv2_val;
|
||||
|
||||
if (scope == SCOPE_LOCAL_CPU)
|
||||
pfr0 = read_sysreg_s(SYS_ID_AA64PFR0_EL1);
|
||||
else
|
||||
pfr0 = read_sanitised_ftr_reg(SYS_ID_AA64PFR0_EL1);
|
||||
|
||||
csv2_val = cpuid_feature_extract_unsigned_field(pfr0,
|
||||
ID_AA64PFR0_CSV2_SHIFT);
|
||||
return csv2_val == 3;
|
||||
}
|
||||
|
||||
static inline bool supports_clearbhb(int scope)
|
||||
{
|
||||
u64 isar2;
|
||||
|
||||
if (scope == SCOPE_LOCAL_CPU)
|
||||
isar2 = read_sysreg_s(SYS_ID_AA64ISAR2_EL1);
|
||||
else
|
||||
isar2 = read_sanitised_ftr_reg(SYS_ID_AA64ISAR2_EL1);
|
||||
|
||||
return cpuid_feature_extract_unsigned_field(isar2,
|
||||
ID_AA64ISAR2_CLEARBHB_SHIFT);
|
||||
}
|
||||
|
||||
static inline bool system_supports_32bit_el0(void)
|
||||
{
|
||||
return cpus_have_const_cap(ARM64_HAS_32BIT_EL0);
|
||||
@ -639,6 +667,18 @@ static inline int arm64_get_ssbd_state(void)
|
||||
|
||||
void arm64_set_ssbd_mitigation(bool state);
|
||||
|
||||
/* Watch out, ordering is important here. */
|
||||
enum mitigation_state {
|
||||
SPECTRE_UNAFFECTED,
|
||||
SPECTRE_MITIGATED,
|
||||
SPECTRE_VULNERABLE,
|
||||
};
|
||||
|
||||
enum mitigation_state arm64_get_spectre_bhb_state(void);
|
||||
bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry, int scope);
|
||||
u8 spectre_bhb_loop_affected(int scope);
|
||||
void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *__unused);
|
||||
|
||||
extern int do_emulate_mrs(struct pt_regs *regs, u32 sys_reg, u32 rt);
|
||||
|
||||
static inline u32 id_aa64mmfr0_parange_to_phys_shift(int parange)
|
||||
|
||||
@ -72,8 +72,14 @@
|
||||
#define ARM_CPU_PART_CORTEX_A76 0xD0B
|
||||
#define ARM_CPU_PART_NEOVERSE_N1 0xD0C
|
||||
#define ARM_CPU_PART_CORTEX_A77 0xD0D
|
||||
#define ARM_CPU_PART_CORTEX_A78 0xD41
|
||||
#define ARM_CPU_PART_KRYO4G 0x804
|
||||
#define ARM_CPU_PART_NEOVERSE_V1 0xD40
|
||||
#define ARM_CPU_PART_CORTEX_A78 0xD41
|
||||
#define ARM_CPU_PART_CORTEX_X1 0xD44
|
||||
#define ARM_CPU_PART_CORTEX_A710 0xD47
|
||||
#define ARM_CPU_PART_CORTEX_X2 0xD48
|
||||
#define ARM_CPU_PART_NEOVERSE_N2 0xD49
|
||||
#define ARM_CPU_PART_CORTEX_A78C 0xD4B
|
||||
|
||||
#define APM_CPU_PART_POTENZA 0x000
|
||||
|
||||
@ -106,8 +112,14 @@
|
||||
#define MIDR_CORTEX_A76 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A76)
|
||||
#define MIDR_NEOVERSE_N1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N1)
|
||||
#define MIDR_CORTEX_A77 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A77)
|
||||
#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78)
|
||||
#define MIDR_KRYO4G MIDR_CPU_MODEL(ARM_CPU_IMP_QCOM, ARM_CPU_PART_KRYO4G)
|
||||
#define MIDR_NEOVERSE_V1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_V1)
|
||||
#define MIDR_CORTEX_A78 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78)
|
||||
#define MIDR_CORTEX_X1 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X1)
|
||||
#define MIDR_CORTEX_A710 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A710)
|
||||
#define MIDR_CORTEX_X2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_X2)
|
||||
#define MIDR_NEOVERSE_N2 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_NEOVERSE_N2)
|
||||
#define MIDR_CORTEX_A78C MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A78C)
|
||||
#define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
|
||||
#define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
|
||||
#define MIDR_THUNDERX_83XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_83XX)
|
||||
|
||||
@ -63,9 +63,11 @@ enum fixed_addresses {
|
||||
#endif /* CONFIG_ACPI_APEI_GHES */
|
||||
|
||||
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
||||
FIX_ENTRY_TRAMP_TEXT3,
|
||||
FIX_ENTRY_TRAMP_TEXT2,
|
||||
FIX_ENTRY_TRAMP_TEXT1,
|
||||
FIX_ENTRY_TRAMP_DATA,
|
||||
FIX_ENTRY_TRAMP_TEXT,
|
||||
#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))
|
||||
#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT1))
|
||||
#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
|
||||
__end_of_permanent_fixed_addresses,
|
||||
|
||||
|
||||
@ -684,4 +684,9 @@ bool kvm_arm_vcpu_is_finalized(struct kvm_vcpu *vcpu);
|
||||
|
||||
#define kvm_arm_vcpu_loaded(vcpu) ((vcpu)->arch.sysregs_loaded_on_cpu)
|
||||
|
||||
static inline enum mitigation_state kvm_arm_get_spectre_bhb_state(void)
|
||||
{
|
||||
return arm64_get_spectre_bhb_state();
|
||||
}
|
||||
|
||||
#endif /* __ARM64_KVM_HOST_H__ */
|
||||
|
||||
@ -478,7 +478,8 @@ static inline void *kvm_get_hyp_vector(void)
|
||||
void *vect = kern_hyp_va(kvm_ksym_ref(__kvm_hyp_vector));
|
||||
int slot = -1;
|
||||
|
||||
if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR) && data->fn) {
|
||||
if ((cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR) ||
|
||||
cpus_have_const_cap(ARM64_SPECTRE_BHB)) && data->template_start) {
|
||||
vect = kern_hyp_va(kvm_ksym_ref(__bp_harden_hyp_vecs_start));
|
||||
slot = data->hyp_vectors_slot;
|
||||
}
|
||||
@ -507,7 +508,8 @@ static inline int kvm_map_vectors(void)
|
||||
* !HBP + HEL2 -> allocate one vector slot and use exec mapping
|
||||
* HBP + HEL2 -> use hardened vertors and use exec mapping
|
||||
*/
|
||||
if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR)) {
|
||||
if (cpus_have_const_cap(ARM64_HARDEN_BRANCH_PREDICTOR) ||
|
||||
cpus_have_const_cap(ARM64_SPECTRE_BHB)) {
|
||||
__kvm_bp_vect_base = kvm_ksym_ref(__bp_harden_hyp_vecs_start);
|
||||
__kvm_bp_vect_base = kern_hyp_va(__kvm_bp_vect_base);
|
||||
}
|
||||
|
||||
@ -29,7 +29,7 @@ typedef struct {
|
||||
*/
|
||||
#define ASID(mm) ((mm)->context.id.counter & 0xffff)
|
||||
|
||||
static inline bool arm64_kernel_unmapped_at_el0(void)
|
||||
static __always_inline bool arm64_kernel_unmapped_at_el0(void)
|
||||
{
|
||||
return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) &&
|
||||
cpus_have_const_cap(ARM64_UNMAP_KERNEL_AT_EL0);
|
||||
@ -82,6 +82,12 @@ typedef void (*bp_hardening_cb_t)(void);
|
||||
struct bp_hardening_data {
|
||||
int hyp_vectors_slot;
|
||||
bp_hardening_cb_t fn;
|
||||
|
||||
/*
|
||||
* template_start is only used by the BHB mitigation to identify the
|
||||
* hyp_vectors_slot sequence.
|
||||
*/
|
||||
const char *template_start;
|
||||
};
|
||||
|
||||
#if (defined(CONFIG_HARDEN_BRANCH_PREDICTOR) || \
|
||||
|
||||
@ -20,4 +20,9 @@ extern char __irqentry_text_start[], __irqentry_text_end[];
|
||||
extern char __mmuoff_data_start[], __mmuoff_data_end[];
|
||||
extern char __entry_tramp_text_start[], __entry_tramp_text_end[];
|
||||
|
||||
static inline size_t entry_tramp_text_size(void)
|
||||
{
|
||||
return __entry_tramp_text_end - __entry_tramp_text_start;
|
||||
}
|
||||
|
||||
#endif /* __ASM_SECTIONS_H */
|
||||
|
||||
@ -165,6 +165,7 @@
|
||||
|
||||
#define SYS_ID_AA64ISAR0_EL1 sys_reg(3, 0, 0, 6, 0)
|
||||
#define SYS_ID_AA64ISAR1_EL1 sys_reg(3, 0, 0, 6, 1)
|
||||
#define SYS_ID_AA64ISAR2_EL1 sys_reg(3, 0, 0, 6, 2)
|
||||
|
||||
#define SYS_ID_AA64MMFR0_EL1 sys_reg(3, 0, 0, 7, 0)
|
||||
#define SYS_ID_AA64MMFR1_EL1 sys_reg(3, 0, 0, 7, 1)
|
||||
@ -611,6 +612,21 @@
|
||||
#define ID_AA64ISAR1_GPI_NI 0x0
|
||||
#define ID_AA64ISAR1_GPI_IMP_DEF 0x1
|
||||
|
||||
/* id_aa64isar2 */
|
||||
#define ID_AA64ISAR2_CLEARBHB_SHIFT 28
|
||||
#define ID_AA64ISAR2_RPRES_SHIFT 4
|
||||
#define ID_AA64ISAR2_WFXT_SHIFT 0
|
||||
|
||||
#define ID_AA64ISAR2_RPRES_8BIT 0x0
|
||||
#define ID_AA64ISAR2_RPRES_12BIT 0x1
|
||||
/*
|
||||
* Value 0x1 has been removed from the architecture, and is
|
||||
* reserved, but has not yet been removed from the ARM ARM
|
||||
* as of ARM DDI 0487G.b.
|
||||
*/
|
||||
#define ID_AA64ISAR2_WFXT_NI 0x0
|
||||
#define ID_AA64ISAR2_WFXT_SUPPORTED 0x2
|
||||
|
||||
/* id_aa64pfr0 */
|
||||
#define ID_AA64PFR0_CSV3_SHIFT 60
|
||||
#define ID_AA64PFR0_CSV2_SHIFT 56
|
||||
@ -684,6 +700,7 @@
|
||||
#endif
|
||||
|
||||
/* id_aa64mmfr1 */
|
||||
#define ID_AA64MMFR1_ECBHB_SHIFT 60
|
||||
#define ID_AA64MMFR1_PAN_SHIFT 20
|
||||
#define ID_AA64MMFR1_LOR_SHIFT 16
|
||||
#define ID_AA64MMFR1_HPD_SHIFT 12
|
||||
|
||||
73
arch/arm64/include/asm/vectors.h
Normal file
73
arch/arm64/include/asm/vectors.h
Normal file
@ -0,0 +1,73 @@
|
||||
/* SPDX-License-Identifier: GPL-2.0-only */
|
||||
/*
|
||||
* Copyright (C) 2022 ARM Ltd.
|
||||
*/
|
||||
#ifndef __ASM_VECTORS_H
|
||||
#define __ASM_VECTORS_H
|
||||
|
||||
#include <linux/bug.h>
|
||||
#include <linux/percpu.h>
|
||||
|
||||
#include <asm/fixmap.h>
|
||||
|
||||
extern char vectors[];
|
||||
extern char tramp_vectors[];
|
||||
extern char __bp_harden_el1_vectors[];
|
||||
|
||||
/*
|
||||
* Note: the order of this enum corresponds to two arrays in entry.S:
|
||||
* tramp_vecs and __bp_harden_el1_vectors. By default the canonical
|
||||
* 'full fat' vectors are used directly.
|
||||
*/
|
||||
enum arm64_bp_harden_el1_vectors {
|
||||
#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
|
||||
/*
|
||||
* Perform the BHB loop mitigation, before branching to the canonical
|
||||
* vectors.
|
||||
*/
|
||||
EL1_VECTOR_BHB_LOOP,
|
||||
|
||||
/*
|
||||
* Make the SMC call for firmware mitigation, before branching to the
|
||||
* canonical vectors.
|
||||
*/
|
||||
EL1_VECTOR_BHB_FW,
|
||||
|
||||
/*
|
||||
* Use the ClearBHB instruction, before branching to the canonical
|
||||
* vectors.
|
||||
*/
|
||||
EL1_VECTOR_BHB_CLEAR_INSN,
|
||||
#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */
|
||||
|
||||
/*
|
||||
* Remap the kernel before branching to the canonical vectors.
|
||||
*/
|
||||
EL1_VECTOR_KPTI,
|
||||
};
|
||||
|
||||
#ifndef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
|
||||
#define EL1_VECTOR_BHB_LOOP -1
|
||||
#define EL1_VECTOR_BHB_FW -1
|
||||
#define EL1_VECTOR_BHB_CLEAR_INSN -1
|
||||
#endif /* !CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */
|
||||
|
||||
/* The vectors to use on return from EL0. e.g. to remap the kernel */
|
||||
DECLARE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector);
|
||||
|
||||
#ifndef CONFIG_UNMAP_KERNEL_AT_EL0
|
||||
#define TRAMP_VALIAS 0
|
||||
#endif
|
||||
|
||||
static inline const char *
|
||||
arm64_get_bp_hardening_vector(enum arm64_bp_harden_el1_vectors slot)
|
||||
{
|
||||
if (arm64_kernel_unmapped_at_el0())
|
||||
return (char *)TRAMP_VALIAS + SZ_2K * slot;
|
||||
|
||||
WARN_ON_ONCE(slot == EL1_VECTOR_KPTI);
|
||||
|
||||
return __bp_harden_el1_vectors + SZ_2K * slot;
|
||||
}
|
||||
|
||||
#endif /* __ASM_VECTORS_H */
|
||||
@ -240,6 +240,11 @@ struct kvm_vcpu_events {
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_NOT_REQUIRED 3
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_2_ENABLED (1U << 4)
|
||||
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3 KVM_REG_ARM_FW_REG(3)
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_NOT_AVAIL 0
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_AVAIL 1
|
||||
#define KVM_REG_ARM_SMCCC_ARCH_WORKAROUND_3_NOT_REQUIRED 2
|
||||
|
||||
/* SVE registers */
|
||||
#define KVM_REG_ARM64_SVE (0x15 << KVM_REG_ARM_COPROC_SHIFT)
|
||||
|
||||
|
||||
@ -13,6 +13,7 @@
|
||||
#include <asm/cputype.h>
|
||||
#include <asm/cpufeature.h>
|
||||
#include <asm/smp_plat.h>
|
||||
#include <asm/vectors.h>
|
||||
|
||||
static bool __maybe_unused
|
||||
is_affected_midr_range(const struct arm64_cpu_capabilities *entry, int scope)
|
||||
@ -116,6 +117,16 @@ DEFINE_PER_CPU_READ_MOSTLY(struct bp_hardening_data, bp_hardening_data);
|
||||
#ifdef CONFIG_KVM_INDIRECT_VECTORS
|
||||
extern char __smccc_workaround_1_smc_start[];
|
||||
extern char __smccc_workaround_1_smc_end[];
|
||||
extern char __smccc_workaround_3_smc_start[];
|
||||
extern char __smccc_workaround_3_smc_end[];
|
||||
extern char __spectre_bhb_loop_k8_start[];
|
||||
extern char __spectre_bhb_loop_k8_end[];
|
||||
extern char __spectre_bhb_loop_k24_start[];
|
||||
extern char __spectre_bhb_loop_k24_end[];
|
||||
extern char __spectre_bhb_loop_k32_start[];
|
||||
extern char __spectre_bhb_loop_k32_end[];
|
||||
extern char __spectre_bhb_clearbhb_start[];
|
||||
extern char __spectre_bhb_clearbhb_end[];
|
||||
|
||||
static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start,
|
||||
const char *hyp_vecs_end)
|
||||
@ -129,11 +140,11 @@ static void __copy_hyp_vect_bpi(int slot, const char *hyp_vecs_start,
|
||||
__flush_icache_range((uintptr_t)dst, (uintptr_t)dst + SZ_2K);
|
||||
}
|
||||
|
||||
static DEFINE_RAW_SPINLOCK(bp_lock);
|
||||
static void install_bp_hardening_cb(bp_hardening_cb_t fn,
|
||||
const char *hyp_vecs_start,
|
||||
const char *hyp_vecs_end)
|
||||
{
|
||||
static DEFINE_RAW_SPINLOCK(bp_lock);
|
||||
int cpu, slot = -1;
|
||||
|
||||
/*
|
||||
@ -161,6 +172,7 @@ static void install_bp_hardening_cb(bp_hardening_cb_t fn,
|
||||
|
||||
__this_cpu_write(bp_hardening_data.hyp_vectors_slot, slot);
|
||||
__this_cpu_write(bp_hardening_data.fn, fn);
|
||||
__this_cpu_write(bp_hardening_data.template_start, hyp_vecs_start);
|
||||
raw_spin_unlock(&bp_lock);
|
||||
}
|
||||
#else
|
||||
@ -927,6 +939,13 @@ const struct arm64_cpu_capabilities arm64_errata[] = {
|
||||
.cpu_enable = cpu_enable_ssbd_mitigation,
|
||||
.midr_range_list = arm64_ssb_cpus,
|
||||
},
|
||||
{
|
||||
.desc = "Spectre-BHB",
|
||||
.capability = ARM64_SPECTRE_BHB,
|
||||
.type = ARM64_CPUCAP_LOCAL_CPU_ERRATUM,
|
||||
.matches = is_spectre_bhb_affected,
|
||||
.cpu_enable = spectre_bhb_enable_mitigation,
|
||||
},
|
||||
#ifdef CONFIG_ARM64_ERRATUM_1418040
|
||||
{
|
||||
.desc = "ARM erratum 1418040",
|
||||
@ -989,15 +1008,41 @@ ssize_t cpu_show_spectre_v1(struct device *dev, struct device_attribute *attr,
|
||||
return sprintf(buf, "Mitigation: __user pointer sanitization\n");
|
||||
}
|
||||
|
||||
static const char *get_bhb_affected_string(enum mitigation_state bhb_state)
|
||||
{
|
||||
switch (bhb_state) {
|
||||
case SPECTRE_UNAFFECTED:
|
||||
return "";
|
||||
default:
|
||||
case SPECTRE_VULNERABLE:
|
||||
return ", but not BHB";
|
||||
case SPECTRE_MITIGATED:
|
||||
return ", BHB";
|
||||
}
|
||||
}
|
||||
|
||||
ssize_t cpu_show_spectre_v2(struct device *dev, struct device_attribute *attr,
|
||||
char *buf)
|
||||
{
|
||||
enum mitigation_state bhb_state = arm64_get_spectre_bhb_state();
|
||||
const char *bhb_str = get_bhb_affected_string(bhb_state);
|
||||
const char *v2_str = "Branch predictor hardening";
|
||||
|
||||
switch (get_spectre_v2_workaround_state()) {
|
||||
case ARM64_BP_HARDEN_NOT_REQUIRED:
|
||||
if (bhb_state == SPECTRE_UNAFFECTED)
|
||||
return sprintf(buf, "Not affected\n");
|
||||
|
||||
/*
|
||||
* Platforms affected by Spectre-BHB can't report
|
||||
* "Not affected" for Spectre-v2.
|
||||
*/
|
||||
v2_str = "CSV2";
|
||||
fallthrough;
|
||||
case ARM64_BP_HARDEN_WA_NEEDED:
|
||||
return sprintf(buf, "Mitigation: Branch predictor hardening\n");
|
||||
return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str);
|
||||
case ARM64_BP_HARDEN_UNKNOWN:
|
||||
fallthrough;
|
||||
default:
|
||||
return sprintf(buf, "Vulnerable\n");
|
||||
}
|
||||
@ -1019,3 +1064,333 @@ ssize_t cpu_show_spec_store_bypass(struct device *dev,
|
||||
|
||||
return sprintf(buf, "Vulnerable\n");
|
||||
}
|
||||
|
||||
/*
|
||||
* We try to ensure that the mitigation state can never change as the result of
|
||||
* onlining a late CPU.
|
||||
*/
|
||||
static void update_mitigation_state(enum mitigation_state *oldp,
|
||||
enum mitigation_state new)
|
||||
{
|
||||
enum mitigation_state state;
|
||||
|
||||
do {
|
||||
state = READ_ONCE(*oldp);
|
||||
if (new <= state)
|
||||
break;
|
||||
} while (cmpxchg_relaxed(oldp, state, new) != state);
|
||||
}
|
||||
|
||||
/*
|
||||
* Spectre BHB.
|
||||
*
|
||||
* A CPU is either:
|
||||
* - Mitigated by a branchy loop a CPU specific number of times, and listed
|
||||
* in our "loop mitigated list".
|
||||
* - Mitigated in software by the firmware Spectre v2 call.
|
||||
* - Has the ClearBHB instruction to perform the mitigation.
|
||||
* - Has the 'Exception Clears Branch History Buffer' (ECBHB) feature, so no
|
||||
* software mitigation in the vectors is needed.
|
||||
* - Has CSV2.3, so is unaffected.
|
||||
*/
|
||||
static enum mitigation_state spectre_bhb_state;
|
||||
|
||||
enum mitigation_state arm64_get_spectre_bhb_state(void)
|
||||
{
|
||||
return spectre_bhb_state;
|
||||
}
|
||||
|
||||
/*
|
||||
* This must be called with SCOPE_LOCAL_CPU for each type of CPU, before any
|
||||
* SCOPE_SYSTEM call will give the right answer.
|
||||
*/
|
||||
u8 spectre_bhb_loop_affected(int scope)
|
||||
{
|
||||
u8 k = 0;
|
||||
static u8 max_bhb_k;
|
||||
|
||||
if (scope == SCOPE_LOCAL_CPU) {
|
||||
static const struct midr_range spectre_bhb_k32_list[] = {
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A78),
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A78C),
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_X1),
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A710),
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_X2),
|
||||
MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2),
|
||||
MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1),
|
||||
{},
|
||||
};
|
||||
static const struct midr_range spectre_bhb_k24_list[] = {
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A76),
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A77),
|
||||
MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1),
|
||||
{},
|
||||
};
|
||||
static const struct midr_range spectre_bhb_k8_list[] = {
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A72),
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A57),
|
||||
{},
|
||||
};
|
||||
|
||||
if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k32_list))
|
||||
k = 32;
|
||||
else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k24_list))
|
||||
k = 24;
|
||||
else if (is_midr_in_range_list(read_cpuid_id(), spectre_bhb_k8_list))
|
||||
k = 8;
|
||||
|
||||
max_bhb_k = max(max_bhb_k, k);
|
||||
} else {
|
||||
k = max_bhb_k;
|
||||
}
|
||||
|
||||
return k;
|
||||
}
|
||||
|
||||
static enum mitigation_state spectre_bhb_get_cpu_fw_mitigation_state(void)
|
||||
{
|
||||
int ret;
|
||||
struct arm_smccc_res res;
|
||||
|
||||
if (psci_ops.smccc_version == SMCCC_VERSION_1_0)
|
||||
return SPECTRE_VULNERABLE;
|
||||
|
||||
switch (psci_ops.conduit) {
|
||||
case PSCI_CONDUIT_HVC:
|
||||
arm_smccc_1_1_hvc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
|
||||
ARM_SMCCC_ARCH_WORKAROUND_3, &res);
|
||||
break;
|
||||
|
||||
case PSCI_CONDUIT_SMC:
|
||||
arm_smccc_1_1_smc(ARM_SMCCC_ARCH_FEATURES_FUNC_ID,
|
||||
ARM_SMCCC_ARCH_WORKAROUND_3, &res);
|
||||
break;
|
||||
|
||||
default:
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
|
||||
ret = res.a0;
|
||||
switch (ret) {
|
||||
case SMCCC_RET_SUCCESS:
|
||||
return SPECTRE_MITIGATED;
|
||||
case SMCCC_ARCH_WORKAROUND_RET_UNAFFECTED:
|
||||
return SPECTRE_UNAFFECTED;
|
||||
default:
|
||||
fallthrough;
|
||||
case SMCCC_RET_NOT_SUPPORTED:
|
||||
return SPECTRE_VULNERABLE;
|
||||
}
|
||||
}
|
||||
|
||||
static bool is_spectre_bhb_fw_affected(int scope)
|
||||
{
|
||||
static bool system_affected;
|
||||
enum mitigation_state fw_state;
|
||||
bool has_smccc = (psci_ops.smccc_version >= SMCCC_VERSION_1_1);
|
||||
static const struct midr_range spectre_bhb_firmware_mitigated_list[] = {
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A73),
|
||||
MIDR_ALL_VERSIONS(MIDR_CORTEX_A75),
|
||||
{},
|
||||
};
|
||||
bool cpu_in_list = is_midr_in_range_list(read_cpuid_id(),
|
||||
spectre_bhb_firmware_mitigated_list);
|
||||
|
||||
if (scope != SCOPE_LOCAL_CPU)
|
||||
return system_affected;
|
||||
|
||||
fw_state = spectre_bhb_get_cpu_fw_mitigation_state();
|
||||
if (cpu_in_list || (has_smccc && fw_state == SPECTRE_MITIGATED)) {
|
||||
system_affected = true;
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool supports_ecbhb(int scope)
|
||||
{
|
||||
u64 mmfr1;
|
||||
|
||||
if (scope == SCOPE_LOCAL_CPU)
|
||||
mmfr1 = read_sysreg_s(SYS_ID_AA64MMFR1_EL1);
|
||||
else
|
||||
mmfr1 = read_sanitised_ftr_reg(SYS_ID_AA64MMFR1_EL1);
|
||||
|
||||
return cpuid_feature_extract_unsigned_field(mmfr1,
|
||||
ID_AA64MMFR1_ECBHB_SHIFT);
|
||||
}
|
||||
|
||||
bool is_spectre_bhb_affected(const struct arm64_cpu_capabilities *entry,
|
||||
int scope)
|
||||
{
|
||||
WARN_ON(scope != SCOPE_LOCAL_CPU || preemptible());
|
||||
|
||||
if (supports_csv2p3(scope))
|
||||
return false;
|
||||
|
||||
if (supports_clearbhb(scope))
|
||||
return true;
|
||||
|
||||
if (spectre_bhb_loop_affected(scope))
|
||||
return true;
|
||||
|
||||
if (is_spectre_bhb_fw_affected(scope))
|
||||
return true;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static void this_cpu_set_vectors(enum arm64_bp_harden_el1_vectors slot)
|
||||
{
|
||||
const char *v = arm64_get_bp_hardening_vector(slot);
|
||||
|
||||
if (slot < 0)
|
||||
return;
|
||||
|
||||
__this_cpu_write(this_cpu_vector, v);
|
||||
|
||||
/*
|
||||
* When KPTI is in use, the vectors are switched when exiting to
|
||||
* user-space.
|
||||
*/
|
||||
if (arm64_kernel_unmapped_at_el0())
|
||||
return;
|
||||
|
||||
write_sysreg(v, vbar_el1);
|
||||
isb();
|
||||
}
|
||||
|
||||
#ifdef CONFIG_KVM_INDIRECT_VECTORS
|
||||
static const char *kvm_bhb_get_vecs_end(const char *start)
|
||||
{
|
||||
if (start == __smccc_workaround_3_smc_start)
|
||||
return __smccc_workaround_3_smc_end;
|
||||
else if (start == __spectre_bhb_loop_k8_start)
|
||||
return __spectre_bhb_loop_k8_end;
|
||||
else if (start == __spectre_bhb_loop_k24_start)
|
||||
return __spectre_bhb_loop_k24_end;
|
||||
else if (start == __spectre_bhb_loop_k32_start)
|
||||
return __spectre_bhb_loop_k32_end;
|
||||
else if (start == __spectre_bhb_clearbhb_start)
|
||||
return __spectre_bhb_clearbhb_end;
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static void kvm_setup_bhb_slot(const char *hyp_vecs_start)
|
||||
{
|
||||
int cpu, slot = -1;
|
||||
const char *hyp_vecs_end;
|
||||
|
||||
if (!IS_ENABLED(CONFIG_KVM) || !is_hyp_mode_available())
|
||||
return;
|
||||
|
||||
hyp_vecs_end = kvm_bhb_get_vecs_end(hyp_vecs_start);
|
||||
if (WARN_ON_ONCE(!hyp_vecs_start || !hyp_vecs_end))
|
||||
return;
|
||||
|
||||
raw_spin_lock(&bp_lock);
|
||||
for_each_possible_cpu(cpu) {
|
||||
if (per_cpu(bp_hardening_data.template_start, cpu) == hyp_vecs_start) {
|
||||
slot = per_cpu(bp_hardening_data.hyp_vectors_slot, cpu);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (slot == -1) {
|
||||
slot = atomic_inc_return(&arm64_el2_vector_last_slot);
|
||||
BUG_ON(slot >= BP_HARDEN_EL2_SLOTS);
|
||||
__copy_hyp_vect_bpi(slot, hyp_vecs_start, hyp_vecs_end);
|
||||
}
|
||||
|
||||
__this_cpu_write(bp_hardening_data.hyp_vectors_slot, slot);
|
||||
__this_cpu_write(bp_hardening_data.template_start, hyp_vecs_start);
|
||||
raw_spin_unlock(&bp_lock);
|
||||
}
|
||||
#else
|
||||
#define __smccc_workaround_3_smc_start NULL
|
||||
#define __spectre_bhb_loop_k8_start NULL
|
||||
#define __spectre_bhb_loop_k24_start NULL
|
||||
#define __spectre_bhb_loop_k32_start NULL
|
||||
#define __spectre_bhb_clearbhb_start NULL
|
||||
|
||||
static void kvm_setup_bhb_slot(const char *hyp_vecs_start) { }
|
||||
#endif
|
||||
|
||||
void spectre_bhb_enable_mitigation(const struct arm64_cpu_capabilities *entry)
|
||||
{
|
||||
enum mitigation_state fw_state, state = SPECTRE_VULNERABLE;
|
||||
|
||||
if (!is_spectre_bhb_affected(entry, SCOPE_LOCAL_CPU))
|
||||
return;
|
||||
|
||||
if (get_spectre_v2_workaround_state() == ARM64_BP_HARDEN_UNKNOWN) {
|
||||
/* No point mitigating Spectre-BHB alone. */
|
||||
} else if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY)) {
|
||||
pr_info_once("spectre-bhb mitigation disabled by compile time option\n");
|
||||
} else if (cpu_mitigations_off()) {
|
||||
pr_info_once("spectre-bhb mitigation disabled by command line option\n");
|
||||
} else if (supports_ecbhb(SCOPE_LOCAL_CPU)) {
|
||||
state = SPECTRE_MITIGATED;
|
||||
} else if (supports_clearbhb(SCOPE_LOCAL_CPU)) {
|
||||
kvm_setup_bhb_slot(__spectre_bhb_clearbhb_start);
|
||||
this_cpu_set_vectors(EL1_VECTOR_BHB_CLEAR_INSN);
|
||||
|
||||
state = SPECTRE_MITIGATED;
|
||||
} else if (spectre_bhb_loop_affected(SCOPE_LOCAL_CPU)) {
|
||||
switch (spectre_bhb_loop_affected(SCOPE_SYSTEM)) {
|
||||
case 8:
|
||||
kvm_setup_bhb_slot(__spectre_bhb_loop_k8_start);
|
||||
break;
|
||||
case 24:
|
||||
kvm_setup_bhb_slot(__spectre_bhb_loop_k24_start);
|
||||
break;
|
||||
case 32:
|
||||
kvm_setup_bhb_slot(__spectre_bhb_loop_k32_start);
|
||||
break;
|
||||
default:
|
||||
WARN_ON_ONCE(1);
|
||||
}
|
||||
this_cpu_set_vectors(EL1_VECTOR_BHB_LOOP);
|
||||
|
||||
state = SPECTRE_MITIGATED;
|
||||
} else if (is_spectre_bhb_fw_affected(SCOPE_LOCAL_CPU)) {
|
||||
fw_state = spectre_bhb_get_cpu_fw_mitigation_state();
|
||||
if (fw_state == SPECTRE_MITIGATED) {
|
||||
kvm_setup_bhb_slot(__smccc_workaround_3_smc_start);
|
||||
this_cpu_set_vectors(EL1_VECTOR_BHB_FW);
|
||||
|
||||
/*
|
||||
* With WA3 in the vectors, the WA1 calls can be
|
||||
* removed.
|
||||
*/
|
||||
__this_cpu_write(bp_hardening_data.fn, NULL);
|
||||
|
||||
state = SPECTRE_MITIGATED;
|
||||
}
|
||||
}
|
||||
|
||||
update_mitigation_state(&spectre_bhb_state, state);
|
||||
}
|
||||
|
||||
/* Patched to correct the immediate */
|
||||
void noinstr spectre_bhb_patch_loop_iter(struct alt_instr *alt,
|
||||
__le32 *origptr, __le32 *updptr, int nr_inst)
|
||||
{
|
||||
u8 rd;
|
||||
u32 insn;
|
||||
u16 loop_count = spectre_bhb_loop_affected(SCOPE_SYSTEM);
|
||||
|
||||
BUG_ON(nr_inst != 1); /* MOV -> MOV */
|
||||
|
||||
if (!IS_ENABLED(CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY))
|
||||
return;
|
||||
|
||||
insn = le32_to_cpu(*origptr);
|
||||
rd = aarch64_insn_decode_register(AARCH64_INSN_REGTYPE_RD, insn);
|
||||
insn = aarch64_insn_gen_movewide(rd, loop_count, 0,
|
||||
AARCH64_INSN_VARIANT_64BIT,
|
||||
AARCH64_INSN_MOVEWIDE_ZERO);
|
||||
*updptr++ = cpu_to_le32(insn);
|
||||
}
|
||||
|
||||
@ -10,11 +10,13 @@
|
||||
#include <linux/bsearch.h>
|
||||
#include <linux/cpumask.h>
|
||||
#include <linux/crash_dump.h>
|
||||
#include <linux/percpu.h>
|
||||
#include <linux/sort.h>
|
||||
#include <linux/stop_machine.h>
|
||||
#include <linux/types.h>
|
||||
#include <linux/mm.h>
|
||||
#include <linux/cpu.h>
|
||||
|
||||
#include <asm/cpu.h>
|
||||
#include <asm/cpufeature.h>
|
||||
#include <asm/cpu_ops.h>
|
||||
@ -23,6 +25,7 @@
|
||||
#include <asm/processor.h>
|
||||
#include <asm/sysreg.h>
|
||||
#include <asm/traps.h>
|
||||
#include <asm/vectors.h>
|
||||
#include <asm/virt.h>
|
||||
|
||||
/* Kernel representation of AT_HWCAP and AT_HWCAP2 */
|
||||
@ -45,6 +48,8 @@ static struct arm64_cpu_capabilities const __ro_after_init *cpu_hwcaps_ptrs[ARM6
|
||||
/* Need also bit for ARM64_CB_PATCH */
|
||||
DECLARE_BITMAP(boot_capabilities, ARM64_NPATCHABLE);
|
||||
|
||||
DEFINE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector) = vectors;
|
||||
|
||||
/*
|
||||
* Flag to indicate if we have computed the system wide
|
||||
* capabilities based on the boot time active CPUs. This
|
||||
@ -150,6 +155,11 @@ static const struct arm64_ftr_bits ftr_id_aa64isar1[] = {
|
||||
ARM64_FTR_END,
|
||||
};
|
||||
|
||||
static const struct arm64_ftr_bits ftr_id_aa64isar2[] = {
|
||||
ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_HIGHER_SAFE, ID_AA64ISAR2_CLEARBHB_SHIFT, 4, 0),
|
||||
ARM64_FTR_END,
|
||||
};
|
||||
|
||||
static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
|
||||
ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0),
|
||||
ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV2_SHIFT, 4, 0),
|
||||
@ -411,6 +421,7 @@ static const struct __ftr_reg_entry {
|
||||
/* Op1 = 0, CRn = 0, CRm = 6 */
|
||||
ARM64_FTR_REG(SYS_ID_AA64ISAR0_EL1, ftr_id_aa64isar0),
|
||||
ARM64_FTR_REG(SYS_ID_AA64ISAR1_EL1, ftr_id_aa64isar1),
|
||||
ARM64_FTR_REG(SYS_ID_AA64ISAR2_EL1, ftr_id_aa64isar2),
|
||||
|
||||
/* Op1 = 0, CRn = 0, CRm = 7 */
|
||||
ARM64_FTR_REG(SYS_ID_AA64MMFR0_EL1, ftr_id_aa64mmfr0),
|
||||
@ -582,6 +593,7 @@ void __init init_cpu_features(struct cpuinfo_arm64 *info)
|
||||
init_cpu_ftr_reg(SYS_ID_AA64DFR1_EL1, info->reg_id_aa64dfr1);
|
||||
init_cpu_ftr_reg(SYS_ID_AA64ISAR0_EL1, info->reg_id_aa64isar0);
|
||||
init_cpu_ftr_reg(SYS_ID_AA64ISAR1_EL1, info->reg_id_aa64isar1);
|
||||
init_cpu_ftr_reg(SYS_ID_AA64ISAR2_EL1, info->reg_id_aa64isar2);
|
||||
init_cpu_ftr_reg(SYS_ID_AA64MMFR0_EL1, info->reg_id_aa64mmfr0);
|
||||
init_cpu_ftr_reg(SYS_ID_AA64MMFR1_EL1, info->reg_id_aa64mmfr1);
|
||||
init_cpu_ftr_reg(SYS_ID_AA64MMFR2_EL1, info->reg_id_aa64mmfr2);
|
||||
@ -705,6 +717,8 @@ void update_cpu_features(int cpu,
|
||||
info->reg_id_aa64isar0, boot->reg_id_aa64isar0);
|
||||
taint |= check_update_ftr_reg(SYS_ID_AA64ISAR1_EL1, cpu,
|
||||
info->reg_id_aa64isar1, boot->reg_id_aa64isar1);
|
||||
taint |= check_update_ftr_reg(SYS_ID_AA64ISAR2_EL1, cpu,
|
||||
info->reg_id_aa64isar2, boot->reg_id_aa64isar2);
|
||||
|
||||
/*
|
||||
* Differing PARange support is fine as long as all peripherals and
|
||||
@ -839,6 +853,7 @@ static u64 __read_sysreg_by_encoding(u32 sys_id)
|
||||
read_sysreg_case(SYS_ID_AA64MMFR2_EL1);
|
||||
read_sysreg_case(SYS_ID_AA64ISAR0_EL1);
|
||||
read_sysreg_case(SYS_ID_AA64ISAR1_EL1);
|
||||
read_sysreg_case(SYS_ID_AA64ISAR2_EL1);
|
||||
|
||||
read_sysreg_case(SYS_CNTFRQ_EL0);
|
||||
read_sysreg_case(SYS_CTR_EL0);
|
||||
@ -1039,6 +1054,12 @@ kpti_install_ng_mappings(const struct arm64_cpu_capabilities *__unused)
|
||||
static bool kpti_applied = false;
|
||||
int cpu = smp_processor_id();
|
||||
|
||||
if (__this_cpu_read(this_cpu_vector) == vectors) {
|
||||
const char *v = arm64_get_bp_hardening_vector(EL1_VECTOR_KPTI);
|
||||
|
||||
__this_cpu_write(this_cpu_vector, v);
|
||||
}
|
||||
|
||||
/*
|
||||
* We don't need to rewrite the page-tables if either we've done
|
||||
* it already or we have KASLR enabled and therefore have not
|
||||
|
||||
@ -344,6 +344,7 @@ static void __cpuinfo_store_cpu(struct cpuinfo_arm64 *info)
|
||||
info->reg_id_aa64dfr1 = read_cpuid(ID_AA64DFR1_EL1);
|
||||
info->reg_id_aa64isar0 = read_cpuid(ID_AA64ISAR0_EL1);
|
||||
info->reg_id_aa64isar1 = read_cpuid(ID_AA64ISAR1_EL1);
|
||||
info->reg_id_aa64isar2 = read_cpuid(ID_AA64ISAR2_EL1);
|
||||
info->reg_id_aa64mmfr0 = read_cpuid(ID_AA64MMFR0_EL1);
|
||||
info->reg_id_aa64mmfr1 = read_cpuid(ID_AA64MMFR1_EL1);
|
||||
info->reg_id_aa64mmfr2 = read_cpuid(ID_AA64MMFR2_EL1);
|
||||
|
||||
@ -59,18 +59,21 @@
|
||||
|
||||
.macro kernel_ventry, el, label, regsize = 64
|
||||
.align 7
|
||||
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
||||
alternative_if ARM64_UNMAP_KERNEL_AT_EL0
|
||||
.Lventry_start\@:
|
||||
.if \el == 0
|
||||
/*
|
||||
* This must be the first instruction of the EL0 vector entries. It is
|
||||
* skipped by the trampoline vectors, to trigger the cleanup.
|
||||
*/
|
||||
b .Lskip_tramp_vectors_cleanup\@
|
||||
.if \regsize == 64
|
||||
mrs x30, tpidrro_el0
|
||||
msr tpidrro_el0, xzr
|
||||
.else
|
||||
mov x30, xzr
|
||||
.endif
|
||||
.Lskip_tramp_vectors_cleanup\@:
|
||||
.endif
|
||||
alternative_else_nop_endif
|
||||
#endif
|
||||
|
||||
sub sp, sp, #S_FRAME_SIZE
|
||||
#ifdef CONFIG_VMAP_STACK
|
||||
@ -116,11 +119,15 @@ alternative_else_nop_endif
|
||||
mrs x0, tpidrro_el0
|
||||
#endif
|
||||
b el\()\el\()_\label
|
||||
.org .Lventry_start\@ + 128 // Did we overflow the ventry slot?
|
||||
.endm
|
||||
|
||||
.macro tramp_alias, dst, sym
|
||||
.macro tramp_alias, dst, sym, tmp
|
||||
mov_q \dst, TRAMP_VALIAS
|
||||
add \dst, \dst, #(\sym - .entry.tramp.text)
|
||||
adr_l \tmp, \sym
|
||||
add \dst, \dst, \tmp
|
||||
adr_l \tmp, .entry.tramp.text
|
||||
sub \dst, \dst, \tmp
|
||||
.endm
|
||||
|
||||
// This macro corrupts x0-x3. It is the caller's duty
|
||||
@ -371,21 +378,25 @@ alternative_else_nop_endif
|
||||
ldp x24, x25, [sp, #16 * 12]
|
||||
ldp x26, x27, [sp, #16 * 13]
|
||||
ldp x28, x29, [sp, #16 * 14]
|
||||
ldr lr, [sp, #S_LR]
|
||||
add sp, sp, #S_FRAME_SIZE // restore sp
|
||||
|
||||
.if \el == 0
|
||||
alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0
|
||||
alternative_if_not ARM64_UNMAP_KERNEL_AT_EL0
|
||||
ldr lr, [sp, #S_LR]
|
||||
add sp, sp, #S_FRAME_SIZE // restore sp
|
||||
eret
|
||||
alternative_else_nop_endif
|
||||
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
||||
bne 5f
|
||||
msr far_el1, x30
|
||||
tramp_alias x30, tramp_exit_native
|
||||
msr far_el1, x29
|
||||
tramp_alias x30, tramp_exit_native, x29
|
||||
br x30
|
||||
5:
|
||||
tramp_alias x30, tramp_exit_compat
|
||||
tramp_alias x30, tramp_exit_compat, x29
|
||||
br x30
|
||||
#endif
|
||||
.else
|
||||
ldr lr, [sp, #S_LR]
|
||||
add sp, sp, #S_FRAME_SIZE // restore sp
|
||||
eret
|
||||
.endif
|
||||
sb
|
||||
@ -1034,12 +1045,6 @@ ENDPROC(el0_svc)
|
||||
|
||||
.popsection // .entry.text
|
||||
|
||||
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
||||
/*
|
||||
* Exception vectors trampoline.
|
||||
*/
|
||||
.pushsection ".entry.tramp.text", "ax"
|
||||
|
||||
// Move from tramp_pg_dir to swapper_pg_dir
|
||||
.macro tramp_map_kernel, tmp
|
||||
mrs \tmp, ttbr1_el1
|
||||
@ -1073,12 +1078,47 @@ alternative_else_nop_endif
|
||||
*/
|
||||
.endm
|
||||
|
||||
.macro tramp_ventry, regsize = 64
|
||||
.macro tramp_data_page dst
|
||||
adr_l \dst, .entry.tramp.text
|
||||
sub \dst, \dst, PAGE_SIZE
|
||||
.endm
|
||||
|
||||
.macro tramp_data_read_var dst, var
|
||||
#ifdef CONFIG_RANDOMIZE_BASE
|
||||
tramp_data_page \dst
|
||||
add \dst, \dst, #:lo12:__entry_tramp_data_\var
|
||||
ldr \dst, [\dst]
|
||||
#else
|
||||
ldr \dst, =\var
|
||||
#endif
|
||||
.endm
|
||||
|
||||
#define BHB_MITIGATION_NONE 0
|
||||
#define BHB_MITIGATION_LOOP 1
|
||||
#define BHB_MITIGATION_FW 2
|
||||
#define BHB_MITIGATION_INSN 3
|
||||
|
||||
.macro tramp_ventry, vector_start, regsize, kpti, bhb
|
||||
.align 7
|
||||
1:
|
||||
.if \regsize == 64
|
||||
msr tpidrro_el0, x30 // Restored in kernel_ventry
|
||||
.endif
|
||||
|
||||
.if \bhb == BHB_MITIGATION_LOOP
|
||||
/*
|
||||
* This sequence must appear before the first indirect branch. i.e. the
|
||||
* ret out of tramp_ventry. It appears here because x30 is free.
|
||||
*/
|
||||
__mitigate_spectre_bhb_loop x30
|
||||
.endif // \bhb == BHB_MITIGATION_LOOP
|
||||
|
||||
.if \bhb == BHB_MITIGATION_INSN
|
||||
clearbhb
|
||||
isb
|
||||
.endif // \bhb == BHB_MITIGATION_INSN
|
||||
|
||||
.if \kpti == 1
|
||||
/*
|
||||
* Defend against branch aliasing attacks by pushing a dummy
|
||||
* entry onto the return stack and using a RET instruction to
|
||||
@ -1088,46 +1128,79 @@ alternative_else_nop_endif
|
||||
b .
|
||||
2:
|
||||
tramp_map_kernel x30
|
||||
#ifdef CONFIG_RANDOMIZE_BASE
|
||||
adr x30, tramp_vectors + PAGE_SIZE
|
||||
alternative_insn isb, nop, ARM64_WORKAROUND_QCOM_FALKOR_E1003
|
||||
ldr x30, [x30]
|
||||
#else
|
||||
ldr x30, =vectors
|
||||
#endif
|
||||
tramp_data_read_var x30, vectors
|
||||
alternative_if_not ARM64_WORKAROUND_CAVIUM_TX2_219_PRFM
|
||||
prfm plil1strm, [x30, #(1b - tramp_vectors)]
|
||||
prfm plil1strm, [x30, #(1b - \vector_start)]
|
||||
alternative_else_nop_endif
|
||||
|
||||
msr vbar_el1, x30
|
||||
add x30, x30, #(1b - tramp_vectors)
|
||||
isb
|
||||
.else
|
||||
ldr x30, =vectors
|
||||
.endif // \kpti == 1
|
||||
|
||||
.if \bhb == BHB_MITIGATION_FW
|
||||
/*
|
||||
* The firmware sequence must appear before the first indirect branch.
|
||||
* i.e. the ret out of tramp_ventry. But it also needs the stack to be
|
||||
* mapped to save/restore the registers the SMC clobbers.
|
||||
*/
|
||||
__mitigate_spectre_bhb_fw
|
||||
.endif // \bhb == BHB_MITIGATION_FW
|
||||
|
||||
add x30, x30, #(1b - \vector_start + 4)
|
||||
ret
|
||||
.org 1b + 128 // Did we overflow the ventry slot?
|
||||
.endm
|
||||
|
||||
.macro tramp_exit, regsize = 64
|
||||
adr x30, tramp_vectors
|
||||
tramp_data_read_var x30, this_cpu_vector
|
||||
alternative_if_not ARM64_HAS_VIRT_HOST_EXTN
|
||||
mrs x29, tpidr_el1
|
||||
alternative_else
|
||||
mrs x29, tpidr_el2
|
||||
alternative_endif
|
||||
ldr x30, [x30, x29]
|
||||
|
||||
msr vbar_el1, x30
|
||||
tramp_unmap_kernel x30
|
||||
ldr lr, [sp, #S_LR]
|
||||
tramp_unmap_kernel x29
|
||||
.if \regsize == 64
|
||||
mrs x30, far_el1
|
||||
mrs x29, far_el1
|
||||
.endif
|
||||
add sp, sp, #S_FRAME_SIZE // restore sp
|
||||
eret
|
||||
sb
|
||||
.endm
|
||||
|
||||
.align 11
|
||||
ENTRY(tramp_vectors)
|
||||
.macro generate_tramp_vector, kpti, bhb
|
||||
.Lvector_start\@:
|
||||
.space 0x400
|
||||
|
||||
tramp_ventry
|
||||
tramp_ventry
|
||||
tramp_ventry
|
||||
tramp_ventry
|
||||
.rept 4
|
||||
tramp_ventry .Lvector_start\@, 64, \kpti, \bhb
|
||||
.endr
|
||||
.rept 4
|
||||
tramp_ventry .Lvector_start\@, 32, \kpti, \bhb
|
||||
.endr
|
||||
.endm
|
||||
|
||||
tramp_ventry 32
|
||||
tramp_ventry 32
|
||||
tramp_ventry 32
|
||||
tramp_ventry 32
|
||||
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
||||
/*
|
||||
* Exception vectors trampoline.
|
||||
* The order must match __bp_harden_el1_vectors and the
|
||||
* arm64_bp_harden_el1_vectors enum.
|
||||
*/
|
||||
.pushsection ".entry.tramp.text", "ax"
|
||||
.align 11
|
||||
ENTRY(tramp_vectors)
|
||||
#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
|
||||
generate_tramp_vector kpti=1, bhb=BHB_MITIGATION_LOOP
|
||||
generate_tramp_vector kpti=1, bhb=BHB_MITIGATION_FW
|
||||
generate_tramp_vector kpti=1, bhb=BHB_MITIGATION_INSN
|
||||
#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */
|
||||
generate_tramp_vector kpti=1, bhb=BHB_MITIGATION_NONE
|
||||
END(tramp_vectors)
|
||||
|
||||
ENTRY(tramp_exit_native)
|
||||
@ -1145,11 +1218,55 @@ END(tramp_exit_compat)
|
||||
.align PAGE_SHIFT
|
||||
.globl __entry_tramp_data_start
|
||||
__entry_tramp_data_start:
|
||||
__entry_tramp_data_vectors:
|
||||
.quad vectors
|
||||
#ifdef CONFIG_ARM_SDE_INTERFACE
|
||||
__entry_tramp_data___sdei_asm_handler:
|
||||
.quad __sdei_asm_handler
|
||||
#endif /* CONFIG_ARM_SDE_INTERFACE */
|
||||
__entry_tramp_data_this_cpu_vector:
|
||||
.quad this_cpu_vector
|
||||
.popsection // .rodata
|
||||
#endif /* CONFIG_RANDOMIZE_BASE */
|
||||
#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
|
||||
|
||||
/*
|
||||
* Exception vectors for spectre mitigations on entry from EL1 when
|
||||
* kpti is not in use.
|
||||
*/
|
||||
.macro generate_el1_vector, bhb
|
||||
.Lvector_start\@:
|
||||
kernel_ventry 1, sync_invalid // Synchronous EL1t
|
||||
kernel_ventry 1, irq_invalid // IRQ EL1t
|
||||
kernel_ventry 1, fiq_invalid // FIQ EL1t
|
||||
kernel_ventry 1, error_invalid // Error EL1t
|
||||
|
||||
kernel_ventry 1, sync // Synchronous EL1h
|
||||
kernel_ventry 1, irq // IRQ EL1h
|
||||
kernel_ventry 1, fiq_invalid // FIQ EL1h
|
||||
kernel_ventry 1, error // Error EL1h
|
||||
|
||||
.rept 4
|
||||
tramp_ventry .Lvector_start\@, 64, 0, \bhb
|
||||
.endr
|
||||
.rept 4
|
||||
tramp_ventry .Lvector_start\@, 32, 0, \bhb
|
||||
.endr
|
||||
.endm
|
||||
|
||||
/* The order must match tramp_vecs and the arm64_bp_harden_el1_vectors enum. */
|
||||
.pushsection ".entry.text", "ax"
|
||||
.align 11
|
||||
SYM_CODE_START(__bp_harden_el1_vectors)
|
||||
#ifdef CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY
|
||||
generate_el1_vector bhb=BHB_MITIGATION_LOOP
|
||||
generate_el1_vector bhb=BHB_MITIGATION_FW
|
||||
generate_el1_vector bhb=BHB_MITIGATION_INSN
|
||||
#endif /* CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY */
|
||||
SYM_CODE_END(__bp_harden_el1_vectors)
|
||||
.popsection
|
||||
|
||||
|
||||
/*
|
||||
* Register switch for AArch64. The callee-saved registers need to be saved
|
||||
* and restored. On entry:
|
||||
@ -1241,13 +1358,7 @@ ENTRY(__sdei_asm_entry_trampoline)
|
||||
*/
|
||||
1: str x4, [x1, #(SDEI_EVENT_INTREGS + S_ORIG_ADDR_LIMIT)]
|
||||
|
||||
#ifdef CONFIG_RANDOMIZE_BASE
|
||||
adr x4, tramp_vectors + PAGE_SIZE
|
||||
add x4, x4, #:lo12:__sdei_asm_trampoline_next_handler
|
||||
ldr x4, [x4]
|
||||
#else
|
||||
ldr x4, =__sdei_asm_handler
|
||||
#endif
|
||||
tramp_data_read_var x4, __sdei_asm_handler
|
||||
br x4
|
||||
ENDPROC(__sdei_asm_entry_trampoline)
|
||||
NOKPROBE(__sdei_asm_entry_trampoline)
|
||||
@ -1270,12 +1381,6 @@ ENDPROC(__sdei_asm_exit_trampoline)
|
||||
NOKPROBE(__sdei_asm_exit_trampoline)
|
||||
.ltorg
|
||||
.popsection // .entry.tramp.text
|
||||
#ifdef CONFIG_RANDOMIZE_BASE
|
||||
.pushsection ".rodata", "a"
|
||||
__sdei_asm_trampoline_next_handler:
|
||||
.quad __sdei_asm_handler
|
||||
.popsection // .rodata
|
||||
#endif /* CONFIG_RANDOMIZE_BASE */
|
||||
#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
|
||||
|
||||
/*
|
||||
@ -1371,7 +1476,7 @@ alternative_if_not ARM64_UNMAP_KERNEL_AT_EL0
|
||||
alternative_else_nop_endif
|
||||
|
||||
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
||||
tramp_alias dst=x5, sym=__sdei_asm_exit_trampoline
|
||||
tramp_alias dst=x5, sym=__sdei_asm_exit_trampoline, tmp=x3
|
||||
br x5
|
||||
#endif
|
||||
ENDPROC(__sdei_asm_handler)
|
||||
|
||||
@ -102,7 +102,9 @@ compat_user_backtrace(struct compat_frame_tail __user *tail,
|
||||
void perf_callchain_user(struct perf_callchain_entry_ctx *entry,
|
||||
struct pt_regs *regs)
|
||||
{
|
||||
if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
|
||||
struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
|
||||
|
||||
if (guest_cbs && guest_cbs->is_in_guest()) {
|
||||
/* We don't support guest os callchain now */
|
||||
return;
|
||||
}
|
||||
@ -147,9 +149,10 @@ static int callchain_trace(struct stackframe *frame, void *data)
|
||||
void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
|
||||
struct pt_regs *regs)
|
||||
{
|
||||
struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
|
||||
struct stackframe frame;
|
||||
|
||||
if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
|
||||
if (guest_cbs && guest_cbs->is_in_guest()) {
|
||||
/* We don't support guest os callchain now */
|
||||
return;
|
||||
}
|
||||
@ -160,18 +163,21 @@ void perf_callchain_kernel(struct perf_callchain_entry_ctx *entry,
|
||||
|
||||
unsigned long perf_instruction_pointer(struct pt_regs *regs)
|
||||
{
|
||||
if (perf_guest_cbs && perf_guest_cbs->is_in_guest())
|
||||
return perf_guest_cbs->get_guest_ip();
|
||||
struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
|
||||
|
||||
if (guest_cbs && guest_cbs->is_in_guest())
|
||||
return guest_cbs->get_guest_ip();
|
||||
|
||||
return instruction_pointer(regs);
|
||||
}
|
||||
|
||||
unsigned long perf_misc_flags(struct pt_regs *regs)
|
||||
{
|
||||
struct perf_guest_info_callbacks *guest_cbs = perf_get_guest_cbs();
|
||||
int misc = 0;
|
||||
|
||||
if (perf_guest_cbs && perf_guest_cbs->is_in_guest()) {
|
||||
if (perf_guest_cbs->is_user_mode())
|
||||
if (guest_cbs && guest_cbs->is_in_guest()) {
|
||||
if (guest_cbs->is_user_mode())
|
||||
misc |= PERF_RECORD_MISC_GUEST_USER;
|
||||
else
|
||||
misc |= PERF_RECORD_MISC_GUEST_KERNEL;
|
||||
|
||||
@ -509,34 +509,26 @@ static void entry_task_switch(struct task_struct *next)
|
||||
|
||||
/*
|
||||
* ARM erratum 1418040 handling, affecting the 32bit view of CNTVCT.
|
||||
* Assuming the virtual counter is enabled at the beginning of times:
|
||||
*
|
||||
* - disable access when switching from a 64bit task to a 32bit task
|
||||
* - enable access when switching from a 32bit task to a 64bit task
|
||||
* Ensure access is disabled when switching to a 32bit task, ensure
|
||||
* access is enabled when switching to a 64bit task.
|
||||
*/
|
||||
static void erratum_1418040_thread_switch(struct task_struct *prev,
|
||||
struct task_struct *next)
|
||||
static void erratum_1418040_thread_switch(struct task_struct *next)
|
||||
{
|
||||
bool prev32, next32;
|
||||
u64 val;
|
||||
|
||||
if (!IS_ENABLED(CONFIG_ARM64_ERRATUM_1418040))
|
||||
if (!IS_ENABLED(CONFIG_ARM64_ERRATUM_1418040) ||
|
||||
!this_cpu_has_cap(ARM64_WORKAROUND_1418040))
|
||||
return;
|
||||
|
||||
prev32 = is_compat_thread(task_thread_info(prev));
|
||||
next32 = is_compat_thread(task_thread_info(next));
|
||||
|
||||
if (prev32 == next32 || !this_cpu_has_cap(ARM64_WORKAROUND_1418040))
|
||||
return;
|
||||
|
||||
val = read_sysreg(cntkctl_el1);
|
||||
|
||||
if (!next32)
|
||||
val |= ARCH_TIMER_USR_VCT_ACCESS_EN;
|
||||
if (is_compat_thread(task_thread_info(next)))
|
||||
sysreg_clear_set(cntkctl_el1, ARCH_TIMER_USR_VCT_ACCESS_EN, 0);
|
||||
else
|
||||
val &= ~ARCH_TIMER_USR_VCT_ACCESS_EN;
|
||||
sysreg_clear_set(cntkctl_el1, 0, ARCH_TIMER_USR_VCT_ACCESS_EN);
|
||||
}
|
||||
|
||||
write_sysreg(val, cntkctl_el1);
|
||||
static void erratum_1418040_new_exec(void)
|
||||
{
|
||||
preempt_disable();
|
||||
erratum_1418040_thread_switch(current);
|
||||
preempt_enable();
|
||||
}
|
||||
|
||||
/*
|
||||
@ -555,7 +547,7 @@ __notrace_funcgraph struct task_struct *__switch_to(struct task_struct *prev,
|
||||
uao_thread_switch(next);
|
||||
ptrauth_thread_switch(next);
|
||||
ssbs_thread_switch(next);
|
||||
erratum_1418040_thread_switch(prev, next);
|
||||
erratum_1418040_thread_switch(next);
|
||||
scs_overflow_check(next);
|
||||
|
||||
/*
|
||||
@ -617,6 +609,7 @@ void arch_setup_new_exec(void)
|
||||
current->mm->context.flags = is_compat_task() ? MMCF_AARCH32 : 0;
|
||||
|
||||
ptrauth_thread_init_user(current);
|
||||
erratum_1418040_new_exec();
|
||||
}
|
||||
|
||||
#ifdef CONFIG_ARM64_TAGGED_ADDR_ABI
|
||||
|
||||
@ -43,7 +43,8 @@ cc32-as-instr = $(call try-run,\
|
||||
# As a result we set our own flags here.
|
||||
|
||||
# KBUILD_CPPFLAGS and NOSTDINC_FLAGS from top-level Makefile
|
||||
VDSO_CPPFLAGS := -D__KERNEL__ -nostdinc -isystem $(shell $(CC_COMPAT) -print-file-name=include)
|
||||
VDSO_CPPFLAGS := -D__KERNEL__ -nostdinc
|
||||
VDSO_CPPFLAGS += -isystem $(shell $(CC_COMPAT) -print-file-name=include 2>/dev/null)
|
||||
VDSO_CPPFLAGS += $(LINUXINCLUDE)
|
||||
|
||||
# Common C and assembly flags
|
||||
|
||||
@ -288,7 +288,7 @@ ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1))
|
||||
<= SZ_4K, "Hibernate exit text too big or misaligned")
|
||||
#endif
|
||||
#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
|
||||
ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE,
|
||||
ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) <= 3*PAGE_SIZE,
|
||||
"Entry trampoline text too big")
|
||||
#endif
|
||||
/*
|
||||
|
||||
@ -113,6 +113,10 @@ el1_hvc_guest:
|
||||
/* ARM_SMCCC_ARCH_WORKAROUND_2 handling */
|
||||
eor w1, w1, #(ARM_SMCCC_ARCH_WORKAROUND_1 ^ \
|
||||
ARM_SMCCC_ARCH_WORKAROUND_2)
|
||||
cbz w1, wa_epilogue
|
||||
|
||||
eor w1, w1, #(ARM_SMCCC_ARCH_WORKAROUND_2 ^ \
|
||||
ARM_SMCCC_ARCH_WORKAROUND_3)
|
||||
cbnz w1, el1_trap
|
||||
|
||||
#ifdef CONFIG_ARM64_SSBD
|
||||
@ -347,4 +351,64 @@ ENTRY(__smccc_workaround_1_smc_start)
|
||||
ldp x0, x1, [sp, #(8 * 2)]
|
||||
add sp, sp, #(8 * 4)
|
||||
ENTRY(__smccc_workaround_1_smc_end)
|
||||
|
||||
ENTRY(__smccc_workaround_3_smc_start)
|
||||
esb
|
||||
sub sp, sp, #(8 * 4)
|
||||
stp x2, x3, [sp, #(8 * 0)]
|
||||
stp x0, x1, [sp, #(8 * 2)]
|
||||
mov w0, #ARM_SMCCC_ARCH_WORKAROUND_3
|
||||
smc #0
|
||||
ldp x2, x3, [sp, #(8 * 0)]
|
||||
ldp x0, x1, [sp, #(8 * 2)]
|
||||
add sp, sp, #(8 * 4)
|
||||
ENTRY(__smccc_workaround_3_smc_end)
|
||||
|
||||
ENTRY(__spectre_bhb_loop_k8_start)
|
||||
esb
|
||||
sub sp, sp, #(8 * 2)
|
||||
stp x0, x1, [sp, #(8 * 0)]
|
||||
mov x0, #8
|
||||
2: b . + 4
|
||||
subs x0, x0, #1
|
||||
b.ne 2b
|
||||
dsb nsh
|
||||
isb
|
||||
ldp x0, x1, [sp, #(8 * 0)]
|
||||
add sp, sp, #(8 * 2)
|
||||
ENTRY(__spectre_bhb_loop_k8_end)
|
||||
|
||||
ENTRY(__spectre_bhb_loop_k24_start)
|
||||
esb
|
||||
sub sp, sp, #(8 * 2)
|
||||
stp x0, x1, [sp, #(8 * 0)]
|
||||
mov x0, #24
|
||||
2: b . + 4
|
||||
subs x0, x0, #1
|
||||
b.ne 2b
|
||||
dsb nsh
|
||||
isb
|
||||
ldp x0, x1, [sp, #(8 * 0)]
|
||||
add sp, sp, #(8 * 2)
|
||||
ENTRY(__spectre_bhb_loop_k24_end)
|
||||
|
||||
ENTRY(__spectre_bhb_loop_k32_start)
|
||||
esb
|
||||
sub sp, sp, #(8 * 2)
|
||||
stp x0, x1, [sp, #(8 * 0)]
|
||||
mov x0, #32
|
||||
2: b . + 4
|
||||
subs x0, x0, #1
|
||||
b.ne 2b
|
||||
dsb nsh
|
||||
isb
|
||||
ldp x0, x1, [sp, #(8 * 0)]
|
||||
add sp, sp, #(8 * 2)
|
||||
ENTRY(__spectre_bhb_loop_k32_end)
|
||||
|
||||
ENTRY(__spectre_bhb_clearbhb_start)
|
||||
esb
|
||||
clearbhb
|
||||
isb
|
||||
ENTRY(__spectre_bhb_clearbhb_end)
|
||||
#endif
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user