commit: 8b1ac29d7233eb7a112be5e16bb86afd32113118 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Sun Nov 22 19:31:14 2020 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Sun Nov 22 19:31:14 2020 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=8b1ac29d
Linux patch 5.4.79 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 + 1078_linux-5.4.79.patch | 1813 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 1817 insertions(+) diff --git a/0000_README b/0000_README index ad10e86..a622905 100644 --- a/0000_README +++ b/0000_README @@ -355,6 +355,10 @@ Patch: 1077_linux-5.4.78.patch From: http://www.kernel.org Desc: Linux 5.4.78 +Patch: 1078_linux-5.4.79.patch +From: http://www.kernel.org +Desc: Linux 5.4.79 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1078_linux-5.4.79.patch b/1078_linux-5.4.79.patch new file mode 100644 index 0000000..5cfed60 --- /dev/null +++ b/1078_linux-5.4.79.patch @@ -0,0 +1,1813 @@ +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 5b4753e602def..fea15cd49fbc7 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -2667,6 +2667,8 @@ + mds=off [X86] + tsx_async_abort=off [X86] + kvm.nx_huge_pages=off [X86] ++ no_entry_flush [PPC] ++ no_uaccess_flush [PPC] + + Exceptions: + This does not have any effect on +@@ -2989,6 +2991,8 @@ + + noefi Disable EFI runtime services support. + ++ no_entry_flush [PPC] Don't flush the L1-D cache when entering the kernel. ++ + noexec [IA-64] + + noexec [X86] +@@ -3038,6 +3042,9 @@ + nospec_store_bypass_disable + [HW] Disable all mitigations for the Speculative Store Bypass vulnerability + ++ no_uaccess_flush ++ [PPC] Don't flush the L1-D cache after accessing user data. ++ + noxsave [BUGS=X86] Disables x86 extended register state save + and restore using xsave. The kernel will fallback to + enabling legacy floating-point and sse state. +diff --git a/Makefile b/Makefile +index 5725b07aaddf0..f02539be5e073 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 5 + PATCHLEVEL = 4 +-SUBLEVEL = 78 ++SUBLEVEL = 79 + EXTRAVERSION = + NAME = Kleptomaniac Octopus + +diff --git a/arch/mips/pci/pci-xtalk-bridge.c b/arch/mips/pci/pci-xtalk-bridge.c +index c4b1c6cf26606..adc9f83b2c448 100644 +--- a/arch/mips/pci/pci-xtalk-bridge.c ++++ b/arch/mips/pci/pci-xtalk-bridge.c +@@ -284,7 +284,7 @@ static int bridge_set_affinity(struct irq_data *d, const struct cpumask *mask, + ret = irq_chip_set_affinity_parent(d, mask, force); + if (ret >= 0) { + cpu = cpumask_first_and(mask, cpu_online_mask); +- data->nnasid = COMPACT_TO_NASID_NODEID(cpu_to_node(cpu)); ++ data->nasid = COMPACT_TO_NASID_NODEID(cpu_to_node(cpu)); + bridge_write(data->bc, b_int_addr[pin].addr, + (((data->bc->intr_addr >> 30) & 0x30000) | + bit | (data->nasid << 8))); +diff --git a/arch/powerpc/include/asm/book3s/64/kup-radix.h b/arch/powerpc/include/asm/book3s/64/kup-radix.h +index c8d1076e0ebbf..c1e45f510591e 100644 +--- a/arch/powerpc/include/asm/book3s/64/kup-radix.h ++++ b/arch/powerpc/include/asm/book3s/64/kup-radix.h +@@ -11,13 +11,12 @@ + + #ifdef __ASSEMBLY__ + +-.macro kuap_restore_amr gpr + #ifdef CONFIG_PPC_KUAP ++.macro kuap_restore_amr gpr + BEGIN_MMU_FTR_SECTION_NESTED(67) + ld \gpr, STACK_REGS_KUAP(r1) + mtspr SPRN_AMR, \gpr + END_MMU_FTR_SECTION_NESTED_IFSET(MMU_FTR_RADIX_KUAP, 67) +-#endif + .endm + + .macro kuap_check_amr gpr1, gpr2 +@@ -31,6 +30,7 @@ + END_MMU_FTR_SECTION_NESTED_IFSET(MMU_FTR_RADIX_KUAP, 67) + #endif + .endm ++#endif + + .macro kuap_save_amr_and_lock gpr1, gpr2, use_cr, msr_pr_cr + #ifdef CONFIG_PPC_KUAP +@@ -54,6 +54,8 @@ + + #else /* !__ASSEMBLY__ */ + ++DECLARE_STATIC_KEY_FALSE(uaccess_flush_key); ++ + #ifdef CONFIG_PPC_KUAP + + #include <asm/reg.h> +@@ -77,6 +79,18 @@ static inline void set_kuap(unsigned long value) + isync(); + } + ++static inline bool ++bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write) ++{ ++ return WARN(mmu_has_feature(MMU_FTR_RADIX_KUAP) && ++ (regs->kuap & (is_write ? AMR_KUAP_BLOCK_WRITE : AMR_KUAP_BLOCK_READ)), ++ "Bug: %s fault blocked by AMR!", is_write ? "Write" : "Read"); ++} ++#else /* CONFIG_PPC_KUAP */ ++static inline void kuap_restore_amr(struct pt_regs *regs, unsigned long amr) { } ++static inline void set_kuap(unsigned long value) { } ++#endif /* !CONFIG_PPC_KUAP */ ++ + static __always_inline void allow_user_access(void __user *to, const void __user *from, + unsigned long size, unsigned long dir) + { +@@ -94,17 +108,10 @@ static inline void prevent_user_access(void __user *to, const void __user *from, + unsigned long size, unsigned long dir) + { + set_kuap(AMR_KUAP_BLOCKED); ++ if (static_branch_unlikely(&uaccess_flush_key)) ++ do_uaccess_flush(); + } + +-static inline bool +-bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write) +-{ +- return WARN(mmu_has_feature(MMU_FTR_RADIX_KUAP) && +- (regs->kuap & (is_write ? AMR_KUAP_BLOCK_WRITE : AMR_KUAP_BLOCK_READ)), +- "Bug: %s fault blocked by AMR!", is_write ? "Write" : "Read"); +-} +-#endif /* CONFIG_PPC_KUAP */ +- + #endif /* __ASSEMBLY__ */ + + #endif /* _ASM_POWERPC_BOOK3S_64_KUP_RADIX_H */ +diff --git a/arch/powerpc/include/asm/exception-64s.h b/arch/powerpc/include/asm/exception-64s.h +index 33f4f72eb035b..6d0795d7b89c1 100644 +--- a/arch/powerpc/include/asm/exception-64s.h ++++ b/arch/powerpc/include/asm/exception-64s.h +@@ -61,11 +61,18 @@ + nop; \ + nop + ++#define ENTRY_FLUSH_SLOT \ ++ ENTRY_FLUSH_FIXUP_SECTION; \ ++ nop; \ ++ nop; \ ++ nop; ++ + /* + * r10 must be free to use, r13 must be paca + */ + #define INTERRUPT_TO_KERNEL \ +- STF_ENTRY_BARRIER_SLOT ++ STF_ENTRY_BARRIER_SLOT; \ ++ ENTRY_FLUSH_SLOT + + /* + * Macros for annotating the expected destination of (h)rfid +@@ -127,6 +134,9 @@ + hrfid; \ + b hrfi_flush_fallback + ++#else /* __ASSEMBLY__ */ ++/* Prototype for function defined in exceptions-64s.S */ ++void do_uaccess_flush(void); + #endif /* __ASSEMBLY__ */ + + #endif /* _ASM_POWERPC_EXCEPTION_H */ +diff --git a/arch/powerpc/include/asm/feature-fixups.h b/arch/powerpc/include/asm/feature-fixups.h +index b0af97add7517..fbd406cd6916c 100644 +--- a/arch/powerpc/include/asm/feature-fixups.h ++++ b/arch/powerpc/include/asm/feature-fixups.h +@@ -205,6 +205,22 @@ label##3: \ + FTR_ENTRY_OFFSET 955b-956b; \ + .popsection; + ++#define UACCESS_FLUSH_FIXUP_SECTION \ ++959: \ ++ .pushsection __uaccess_flush_fixup,"a"; \ ++ .align 2; \ ++960: \ ++ FTR_ENTRY_OFFSET 959b-960b; \ ++ .popsection; ++ ++#define ENTRY_FLUSH_FIXUP_SECTION \ ++957: \ ++ .pushsection __entry_flush_fixup,"a"; \ ++ .align 2; \ ++958: \ ++ FTR_ENTRY_OFFSET 957b-958b; \ ++ .popsection; ++ + #define RFI_FLUSH_FIXUP_SECTION \ + 951: \ + .pushsection __rfi_flush_fixup,"a"; \ +@@ -237,8 +253,11 @@ label##3: \ + #include <linux/types.h> + + extern long stf_barrier_fallback; ++extern long entry_flush_fallback; + extern long __start___stf_entry_barrier_fixup, __stop___stf_entry_barrier_fixup; + extern long __start___stf_exit_barrier_fixup, __stop___stf_exit_barrier_fixup; ++extern long __start___uaccess_flush_fixup, __stop___uaccess_flush_fixup; ++extern long __start___entry_flush_fixup, __stop___entry_flush_fixup; + extern long __start___rfi_flush_fixup, __stop___rfi_flush_fixup; + extern long __start___barrier_nospec_fixup, __stop___barrier_nospec_fixup; + extern long __start__btb_flush_fixup, __stop__btb_flush_fixup; +diff --git a/arch/powerpc/include/asm/kup.h b/arch/powerpc/include/asm/kup.h +index 94f24928916a8..ed4f5f536fc1d 100644 +--- a/arch/powerpc/include/asm/kup.h ++++ b/arch/powerpc/include/asm/kup.h +@@ -6,7 +6,7 @@ + #define KUAP_WRITE 2 + #define KUAP_READ_WRITE (KUAP_READ | KUAP_WRITE) + +-#ifdef CONFIG_PPC64 ++#ifdef CONFIG_PPC_BOOK3S_64 + #include <asm/book3s/64/kup-radix.h> + #endif + #ifdef CONFIG_PPC_8xx +@@ -24,9 +24,15 @@ + .macro kuap_restore sp, current, gpr1, gpr2, gpr3 + .endm + ++.macro kuap_restore_amr gpr ++.endm ++ + .macro kuap_check current, gpr + .endm + ++.macro kuap_check_amr gpr1, gpr2 ++.endm ++ + #endif + + #else /* !__ASSEMBLY__ */ +@@ -45,15 +51,26 @@ static inline void setup_kuep(bool disabled) { } + void setup_kuap(bool disabled); + #else + static inline void setup_kuap(bool disabled) { } +-static inline void allow_user_access(void __user *to, const void __user *from, +- unsigned long size, unsigned long dir) { } +-static inline void prevent_user_access(void __user *to, const void __user *from, +- unsigned long size, unsigned long dir) { } ++ + static inline bool + bad_kuap_fault(struct pt_regs *regs, unsigned long address, bool is_write) + { + return false; + } ++ ++static inline void kuap_check_amr(void) { } ++ ++/* ++ * book3s/64/kup-radix.h defines these functions for the !KUAP case to flush ++ * the L1D cache after user accesses. Only include the empty stubs for other ++ * platforms. ++ */ ++#ifndef CONFIG_PPC_BOOK3S_64 ++static inline void allow_user_access(void __user *to, const void __user *from, ++ unsigned long size, unsigned long dir) { } ++static inline void prevent_user_access(void __user *to, const void __user *from, ++ unsigned long size, unsigned long dir) { } ++#endif /* CONFIG_PPC_BOOK3S_64 */ + #endif /* CONFIG_PPC_KUAP */ + + static inline void allow_read_from_user(const void __user *from, unsigned long size) +diff --git a/arch/powerpc/include/asm/security_features.h b/arch/powerpc/include/asm/security_features.h +index 7c05e95a5c444..e9e3f85134e54 100644 +--- a/arch/powerpc/include/asm/security_features.h ++++ b/arch/powerpc/include/asm/security_features.h +@@ -84,12 +84,19 @@ static inline bool security_ftr_enabled(u64 feature) + // Software required to flush link stack on context switch + #define SEC_FTR_FLUSH_LINK_STACK 0x0000000000001000ull + ++// The L1-D cache should be flushed when entering the kernel ++#define SEC_FTR_L1D_FLUSH_ENTRY 0x0000000000004000ull ++ ++// The L1-D cache should be flushed after user accesses from the kernel ++#define SEC_FTR_L1D_FLUSH_UACCESS 0x0000000000008000ull + + // Features enabled by default + #define SEC_FTR_DEFAULT \ + (SEC_FTR_L1D_FLUSH_HV | \ + SEC_FTR_L1D_FLUSH_PR | \ + SEC_FTR_BNDS_CHK_SPEC_BAR | \ ++ SEC_FTR_L1D_FLUSH_ENTRY | \ ++ SEC_FTR_L1D_FLUSH_UACCESS | \ + SEC_FTR_FAVOUR_SECURITY) + + #endif /* _ASM_POWERPC_SECURITY_FEATURES_H */ +diff --git a/arch/powerpc/include/asm/setup.h b/arch/powerpc/include/asm/setup.h +index 65676e2325b85..6f2f4497e13b3 100644 +--- a/arch/powerpc/include/asm/setup.h ++++ b/arch/powerpc/include/asm/setup.h +@@ -52,12 +52,16 @@ enum l1d_flush_type { + }; + + void setup_rfi_flush(enum l1d_flush_type, bool enable); ++void setup_entry_flush(bool enable); ++void setup_uaccess_flush(bool enable); + void do_rfi_flush_fixups(enum l1d_flush_type types); + #ifdef CONFIG_PPC_BARRIER_NOSPEC + void setup_barrier_nospec(void); + #else + static inline void setup_barrier_nospec(void) { }; + #endif ++void do_uaccess_flush_fixups(enum l1d_flush_type types); ++void do_entry_flush_fixups(enum l1d_flush_type types); + void do_barrier_nospec_fixups(bool enable); + extern bool barrier_nospec_enabled; + +diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S +index 70ac8a6ba0c18..88bba0a931d65 100644 +--- a/arch/powerpc/kernel/exceptions-64s.S ++++ b/arch/powerpc/kernel/exceptions-64s.S +@@ -1150,7 +1150,7 @@ EXC_REAL_BEGIN(data_access, 0x300, 0x80) + INT_HANDLER data_access, 0x300, ool=1, dar=1, dsisr=1, kvm=1 + EXC_REAL_END(data_access, 0x300, 0x80) + EXC_VIRT_BEGIN(data_access, 0x4300, 0x80) +- INT_HANDLER data_access, 0x300, virt=1, dar=1, dsisr=1 ++ INT_HANDLER data_access, 0x300, ool=1, virt=1, dar=1, dsisr=1 + EXC_VIRT_END(data_access, 0x4300, 0x80) + INT_KVM_HANDLER data_access, 0x300, EXC_STD, PACA_EXGEN, 1 + EXC_COMMON_BEGIN(data_access_common) +@@ -1205,7 +1205,7 @@ ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_TYPE_RADIX) + + + EXC_REAL_BEGIN(instruction_access, 0x400, 0x80) +- INT_HANDLER instruction_access, 0x400, kvm=1 ++ INT_HANDLER instruction_access, 0x400, ool=1, kvm=1 + EXC_REAL_END(instruction_access, 0x400, 0x80) + EXC_VIRT_BEGIN(instruction_access, 0x4400, 0x80) + INT_HANDLER instruction_access, 0x400, virt=1 +@@ -1225,7 +1225,7 @@ ALT_MMU_FTR_SECTION_END_IFCLR(MMU_FTR_TYPE_RADIX) + + + EXC_REAL_BEGIN(instruction_access_slb, 0x480, 0x80) +- INT_HANDLER instruction_access_slb, 0x480, area=PACA_EXSLB, kvm=1 ++ INT_HANDLER instruction_access_slb, 0x480, ool=1, area=PACA_EXSLB, kvm=1 + EXC_REAL_END(instruction_access_slb, 0x480, 0x80) + EXC_VIRT_BEGIN(instruction_access_slb, 0x4480, 0x80) + INT_HANDLER instruction_access_slb, 0x480, virt=1, area=PACA_EXSLB +@@ -1365,17 +1365,17 @@ EXC_REAL_BEGIN(decrementer, 0x900, 0x80) + INT_HANDLER decrementer, 0x900, ool=1, bitmask=IRQS_DISABLED, kvm=1 + EXC_REAL_END(decrementer, 0x900, 0x80) + EXC_VIRT_BEGIN(decrementer, 0x4900, 0x80) +- INT_HANDLER decrementer, 0x900, virt=1, bitmask=IRQS_DISABLED ++ INT_HANDLER decrementer, 0x900, ool=1, virt=1, bitmask=IRQS_DISABLED + EXC_VIRT_END(decrementer, 0x4900, 0x80) + INT_KVM_HANDLER decrementer, 0x900, EXC_STD, PACA_EXGEN, 0 + EXC_COMMON_ASYNC(decrementer_common, 0x900, timer_interrupt) + + + EXC_REAL_BEGIN(hdecrementer, 0x980, 0x80) +- INT_HANDLER hdecrementer, 0x980, hsrr=EXC_HV, kvm=1 ++ INT_HANDLER hdecrementer, 0x980, ool=1, hsrr=EXC_HV, kvm=1 + EXC_REAL_END(hdecrementer, 0x980, 0x80) + EXC_VIRT_BEGIN(hdecrementer, 0x4980, 0x80) +- INT_HANDLER hdecrementer, 0x980, virt=1, hsrr=EXC_HV, kvm=1 ++ INT_HANDLER hdecrementer, 0x980, ool=1, virt=1, hsrr=EXC_HV, kvm=1 + EXC_VIRT_END(hdecrementer, 0x4980, 0x80) + INT_KVM_HANDLER hdecrementer, 0x980, EXC_HV, PACA_EXGEN, 0 + EXC_COMMON(hdecrementer_common, 0x980, hdec_interrupt) +@@ -2046,15 +2046,8 @@ TRAMP_REAL_BEGIN(stf_barrier_fallback) + .endr + blr + +-TRAMP_REAL_BEGIN(rfi_flush_fallback) +- SET_SCRATCH0(r13); +- GET_PACA(r13); +- std r1,PACA_EXRFI+EX_R12(r13) +- ld r1,PACAKSAVE(r13) +- std r9,PACA_EXRFI+EX_R9(r13) +- std r10,PACA_EXRFI+EX_R10(r13) +- std r11,PACA_EXRFI+EX_R11(r13) +- mfctr r9 ++/* Clobbers r10, r11, ctr */ ++.macro L1D_DISPLACEMENT_FLUSH + ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13) + ld r11,PACA_L1D_FLUSH_SIZE(r13) + srdi r11,r11,(7 + 3) /* 128 byte lines, unrolled 8x */ +@@ -2065,7 +2058,7 @@ TRAMP_REAL_BEGIN(rfi_flush_fallback) + sync + + /* +- * The load adresses are at staggered offsets within cachelines, ++ * The load addresses are at staggered offsets within cachelines, + * which suits some pipelines better (on others it should not + * hurt). + */ +@@ -2080,7 +2073,30 @@ TRAMP_REAL_BEGIN(rfi_flush_fallback) + ld r11,(0x80 + 8)*7(r10) + addi r10,r10,0x80*8 + bdnz 1b ++.endm ++ ++TRAMP_REAL_BEGIN(entry_flush_fallback) ++ std r9,PACA_EXRFI+EX_R9(r13) ++ std r10,PACA_EXRFI+EX_R10(r13) ++ std r11,PACA_EXRFI+EX_R11(r13) ++ mfctr r9 ++ L1D_DISPLACEMENT_FLUSH ++ mtctr r9 ++ ld r9,PACA_EXRFI+EX_R9(r13) ++ ld r10,PACA_EXRFI+EX_R10(r13) ++ ld r11,PACA_EXRFI+EX_R11(r13) ++ blr + ++TRAMP_REAL_BEGIN(rfi_flush_fallback) ++ SET_SCRATCH0(r13); ++ GET_PACA(r13); ++ std r1,PACA_EXRFI+EX_R12(r13) ++ ld r1,PACAKSAVE(r13) ++ std r9,PACA_EXRFI+EX_R9(r13) ++ std r10,PACA_EXRFI+EX_R10(r13) ++ std r11,PACA_EXRFI+EX_R11(r13) ++ mfctr r9 ++ L1D_DISPLACEMENT_FLUSH + mtctr r9 + ld r9,PACA_EXRFI+EX_R9(r13) + ld r10,PACA_EXRFI+EX_R10(r13) +@@ -2098,32 +2114,7 @@ TRAMP_REAL_BEGIN(hrfi_flush_fallback) + std r10,PACA_EXRFI+EX_R10(r13) + std r11,PACA_EXRFI+EX_R11(r13) + mfctr r9 +- ld r10,PACA_RFI_FLUSH_FALLBACK_AREA(r13) +- ld r11,PACA_L1D_FLUSH_SIZE(r13) +- srdi r11,r11,(7 + 3) /* 128 byte lines, unrolled 8x */ +- mtctr r11 +- DCBT_BOOK3S_STOP_ALL_STREAM_IDS(r11) /* Stop prefetch streams */ +- +- /* order ld/st prior to dcbt stop all streams with flushing */ +- sync +- +- /* +- * The load adresses are at staggered offsets within cachelines, +- * which suits some pipelines better (on others it should not +- * hurt). +- */ +-1: +- ld r11,(0x80 + 8)*0(r10) +- ld r11,(0x80 + 8)*1(r10) +- ld r11,(0x80 + 8)*2(r10) +- ld r11,(0x80 + 8)*3(r10) +- ld r11,(0x80 + 8)*4(r10) +- ld r11,(0x80 + 8)*5(r10) +- ld r11,(0x80 + 8)*6(r10) +- ld r11,(0x80 + 8)*7(r10) +- addi r10,r10,0x80*8 +- bdnz 1b +- ++ L1D_DISPLACEMENT_FLUSH + mtctr r9 + ld r9,PACA_EXRFI+EX_R9(r13) + ld r10,PACA_EXRFI+EX_R10(r13) +@@ -2132,6 +2123,19 @@ TRAMP_REAL_BEGIN(hrfi_flush_fallback) + GET_SCRATCH0(r13); + hrfid + ++USE_TEXT_SECTION() ++ ++_GLOBAL(do_uaccess_flush) ++ UACCESS_FLUSH_FIXUP_SECTION ++ nop ++ nop ++ nop ++ blr ++ L1D_DISPLACEMENT_FLUSH ++ blr ++_ASM_NOKPROBE_SYMBOL(do_uaccess_flush) ++EXPORT_SYMBOL(do_uaccess_flush) ++ + /* + * Real mode exceptions actually use this too, but alternate + * instruction code patches (which end up in the common .text area) +diff --git a/arch/powerpc/kernel/head_8xx.S b/arch/powerpc/kernel/head_8xx.S +index 98d8b6832fcb5..f6428b90a6c77 100644 +--- a/arch/powerpc/kernel/head_8xx.S ++++ b/arch/powerpc/kernel/head_8xx.S +@@ -229,9 +229,7 @@ SystemCall: + + InstructionTLBMiss: + mtspr SPRN_SPRG_SCRATCH0, r10 +-#if defined(ITLB_MISS_KERNEL) || defined(CONFIG_SWAP) + mtspr SPRN_SPRG_SCRATCH1, r11 +-#endif + + /* If we are faulting a kernel address, we have to use the + * kernel page tables. +@@ -278,11 +276,9 @@ InstructionTLBMiss: + #ifdef ITLB_MISS_KERNEL + mtcr r11 + #endif +-#ifdef CONFIG_SWAP +- rlwinm r11, r10, 32-5, _PAGE_PRESENT ++ rlwinm r11, r10, 32-7, _PAGE_PRESENT + and r11, r11, r10 + rlwimi r10, r11, 0, _PAGE_PRESENT +-#endif + /* The Linux PTE won't go exactly into the MMU TLB. + * Software indicator bits 20 and 23 must be clear. + * Software indicator bits 22, 24, 25, 26, and 27 must be +@@ -296,9 +292,7 @@ InstructionTLBMiss: + + /* Restore registers */ + 0: mfspr r10, SPRN_SPRG_SCRATCH0 +-#if defined(ITLB_MISS_KERNEL) || defined(CONFIG_SWAP) + mfspr r11, SPRN_SPRG_SCRATCH1 +-#endif + rfi + patch_site 0b, patch__itlbmiss_exit_1 + +@@ -308,9 +302,7 @@ InstructionTLBMiss: + addi r10, r10, 1 + stw r10, (itlb_miss_counter - PAGE_OFFSET)@l(0) + mfspr r10, SPRN_SPRG_SCRATCH0 +-#if defined(ITLB_MISS_KERNEL) || defined(CONFIG_SWAP) + mfspr r11, SPRN_SPRG_SCRATCH1 +-#endif + rfi + #endif + +@@ -394,11 +386,9 @@ DataStoreTLBMiss: + * r11 = ((r10 & PRESENT) & ((r10 & ACCESSED) >> 5)); + * r10 = (r10 & ~PRESENT) | r11; + */ +-#ifdef CONFIG_SWAP +- rlwinm r11, r10, 32-5, _PAGE_PRESENT ++ rlwinm r11, r10, 32-7, _PAGE_PRESENT + and r11, r11, r10 + rlwimi r10, r11, 0, _PAGE_PRESENT +-#endif + /* The Linux PTE won't go exactly into the MMU TLB. + * Software indicator bits 24, 25, 26, and 27 must be + * set. All other Linux PTE bits control the behavior +diff --git a/arch/powerpc/kernel/setup_64.c b/arch/powerpc/kernel/setup_64.c +index e50fbed366516..480c236724da2 100644 +--- a/arch/powerpc/kernel/setup_64.c ++++ b/arch/powerpc/kernel/setup_64.c +@@ -859,7 +859,13 @@ early_initcall(disable_hardlockup_detector); + static enum l1d_flush_type enabled_flush_types; + static void *l1d_flush_fallback_area; + static bool no_rfi_flush; ++static bool no_entry_flush; ++static bool no_uaccess_flush; + bool rfi_flush; ++bool entry_flush; ++bool uaccess_flush; ++DEFINE_STATIC_KEY_FALSE(uaccess_flush_key); ++EXPORT_SYMBOL(uaccess_flush_key); + + static int __init handle_no_rfi_flush(char *p) + { +@@ -869,6 +875,22 @@ static int __init handle_no_rfi_flush(char *p) + } + early_param("no_rfi_flush", handle_no_rfi_flush); + ++static int __init handle_no_entry_flush(char *p) ++{ ++ pr_info("entry-flush: disabled on command line."); ++ no_entry_flush = true; ++ return 0; ++} ++early_param("no_entry_flush", handle_no_entry_flush); ++ ++static int __init handle_no_uaccess_flush(char *p) ++{ ++ pr_info("uaccess-flush: disabled on command line."); ++ no_uaccess_flush = true; ++ return 0; ++} ++early_param("no_uaccess_flush", handle_no_uaccess_flush); ++ + /* + * The RFI flush is not KPTI, but because users will see doco that says to use + * nopti we hijack that option here to also disable the RFI flush. +@@ -900,6 +922,32 @@ void rfi_flush_enable(bool enable) + rfi_flush = enable; + } + ++void entry_flush_enable(bool enable) ++{ ++ if (enable) { ++ do_entry_flush_fixups(enabled_flush_types); ++ on_each_cpu(do_nothing, NULL, 1); ++ } else { ++ do_entry_flush_fixups(L1D_FLUSH_NONE); ++ } ++ ++ entry_flush = enable; ++} ++ ++void uaccess_flush_enable(bool enable) ++{ ++ if (enable) { ++ do_uaccess_flush_fixups(enabled_flush_types); ++ static_branch_enable(&uaccess_flush_key); ++ on_each_cpu(do_nothing, NULL, 1); ++ } else { ++ static_branch_disable(&uaccess_flush_key); ++ do_uaccess_flush_fixups(L1D_FLUSH_NONE); ++ } ++ ++ uaccess_flush = enable; ++} ++ + static void __ref init_fallback_flush(void) + { + u64 l1d_size, limit; +@@ -958,10 +1006,28 @@ void setup_rfi_flush(enum l1d_flush_type types, bool enable) + + enabled_flush_types = types; + +- if (!no_rfi_flush && !cpu_mitigations_off()) ++ if (!cpu_mitigations_off() && !no_rfi_flush) + rfi_flush_enable(enable); + } + ++void setup_entry_flush(bool enable) ++{ ++ if (cpu_mitigations_off()) ++ return; ++ ++ if (!no_entry_flush) ++ entry_flush_enable(enable); ++} ++ ++void setup_uaccess_flush(bool enable) ++{ ++ if (cpu_mitigations_off()) ++ return; ++ ++ if (!no_uaccess_flush) ++ uaccess_flush_enable(enable); ++} ++ + #ifdef CONFIG_DEBUG_FS + static int rfi_flush_set(void *data, u64 val) + { +@@ -989,9 +1055,63 @@ static int rfi_flush_get(void *data, u64 *val) + + DEFINE_SIMPLE_ATTRIBUTE(fops_rfi_flush, rfi_flush_get, rfi_flush_set, "%llu\n"); + ++static int entry_flush_set(void *data, u64 val) ++{ ++ bool enable; ++ ++ if (val == 1) ++ enable = true; ++ else if (val == 0) ++ enable = false; ++ else ++ return -EINVAL; ++ ++ /* Only do anything if we're changing state */ ++ if (enable != entry_flush) ++ entry_flush_enable(enable); ++ ++ return 0; ++} ++ ++static int entry_flush_get(void *data, u64 *val) ++{ ++ *val = entry_flush ? 1 : 0; ++ return 0; ++} ++ ++DEFINE_SIMPLE_ATTRIBUTE(fops_entry_flush, entry_flush_get, entry_flush_set, "%llu\n"); ++ ++static int uaccess_flush_set(void *data, u64 val) ++{ ++ bool enable; ++ ++ if (val == 1) ++ enable = true; ++ else if (val == 0) ++ enable = false; ++ else ++ return -EINVAL; ++ ++ /* Only do anything if we're changing state */ ++ if (enable != uaccess_flush) ++ uaccess_flush_enable(enable); ++ ++ return 0; ++} ++ ++static int uaccess_flush_get(void *data, u64 *val) ++{ ++ *val = uaccess_flush ? 1 : 0; ++ return 0; ++} ++ ++DEFINE_SIMPLE_ATTRIBUTE(fops_uaccess_flush, uaccess_flush_get, uaccess_flush_set, "%llu\n"); ++ + static __init int rfi_flush_debugfs_init(void) + { + debugfs_create_file("rfi_flush", 0600, powerpc_debugfs_root, NULL, &fops_rfi_flush); ++ debugfs_create_file("entry_flush", 0600, powerpc_debugfs_root, NULL, &fops_entry_flush); ++ debugfs_create_file("uaccess_flush", 0600, powerpc_debugfs_root, NULL, &fops_uaccess_flush); + return 0; + } + device_initcall(rfi_flush_debugfs_init); +diff --git a/arch/powerpc/kernel/vmlinux.lds.S b/arch/powerpc/kernel/vmlinux.lds.S +index 060a1acd7c6d7..5229eeac8946d 100644 +--- a/arch/powerpc/kernel/vmlinux.lds.S ++++ b/arch/powerpc/kernel/vmlinux.lds.S +@@ -143,6 +143,20 @@ SECTIONS + __stop___stf_entry_barrier_fixup = .; + } + ++ . = ALIGN(8); ++ __uaccess_flush_fixup : AT(ADDR(__uaccess_flush_fixup) - LOAD_OFFSET) { ++ __start___uaccess_flush_fixup = .; ++ *(__uaccess_flush_fixup) ++ __stop___uaccess_flush_fixup = .; ++ } ++ ++ . = ALIGN(8); ++ __entry_flush_fixup : AT(ADDR(__entry_flush_fixup) - LOAD_OFFSET) { ++ __start___entry_flush_fixup = .; ++ *(__entry_flush_fixup) ++ __stop___entry_flush_fixup = .; ++ } ++ + . = ALIGN(8); + __stf_exit_barrier_fixup : AT(ADDR(__stf_exit_barrier_fixup) - LOAD_OFFSET) { + __start___stf_exit_barrier_fixup = .; +diff --git a/arch/powerpc/lib/feature-fixups.c b/arch/powerpc/lib/feature-fixups.c +index 4ba634b89ce53..e8b25f74454d6 100644 +--- a/arch/powerpc/lib/feature-fixups.c ++++ b/arch/powerpc/lib/feature-fixups.c +@@ -228,6 +228,110 @@ void do_stf_barrier_fixups(enum stf_barrier_type types) + do_stf_exit_barrier_fixups(types); + } + ++void do_uaccess_flush_fixups(enum l1d_flush_type types) ++{ ++ unsigned int instrs[4], *dest; ++ long *start, *end; ++ int i; ++ ++ start = PTRRELOC(&__start___uaccess_flush_fixup); ++ end = PTRRELOC(&__stop___uaccess_flush_fixup); ++ ++ instrs[0] = 0x60000000; /* nop */ ++ instrs[1] = 0x60000000; /* nop */ ++ instrs[2] = 0x60000000; /* nop */ ++ instrs[3] = 0x4e800020; /* blr */ ++ ++ i = 0; ++ if (types == L1D_FLUSH_FALLBACK) { ++ instrs[3] = 0x60000000; /* nop */ ++ /* fallthrough to fallback flush */ ++ } ++ ++ if (types & L1D_FLUSH_ORI) { ++ instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */ ++ instrs[i++] = 0x63de0000; /* ori 30,30,0 L1d flush*/ ++ } ++ ++ if (types & L1D_FLUSH_MTTRIG) ++ instrs[i++] = 0x7c12dba6; /* mtspr TRIG2,r0 (SPR #882) */ ++ ++ for (i = 0; start < end; start++, i++) { ++ dest = (void *)start + *start; ++ ++ pr_devel("patching dest %lx\n", (unsigned long)dest); ++ ++ patch_instruction(dest, instrs[0]); ++ ++ patch_instruction((dest + 1), instrs[1]); ++ patch_instruction((dest + 2), instrs[2]); ++ patch_instruction((dest + 3), instrs[3]); ++ } ++ ++ printk(KERN_DEBUG "uaccess-flush: patched %d locations (%s flush)\n", i, ++ (types == L1D_FLUSH_NONE) ? "no" : ++ (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" : ++ (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG) ++ ? "ori+mttrig type" ++ : "ori type" : ++ (types & L1D_FLUSH_MTTRIG) ? "mttrig type" ++ : "unknown"); ++} ++ ++void do_entry_flush_fixups(enum l1d_flush_type types) ++{ ++ unsigned int instrs[3], *dest; ++ long *start, *end; ++ int i; ++ ++ start = PTRRELOC(&__start___entry_flush_fixup); ++ end = PTRRELOC(&__stop___entry_flush_fixup); ++ ++ instrs[0] = 0x60000000; /* nop */ ++ instrs[1] = 0x60000000; /* nop */ ++ instrs[2] = 0x60000000; /* nop */ ++ ++ i = 0; ++ if (types == L1D_FLUSH_FALLBACK) { ++ instrs[i++] = 0x7d4802a6; /* mflr r10 */ ++ instrs[i++] = 0x60000000; /* branch patched below */ ++ instrs[i++] = 0x7d4803a6; /* mtlr r10 */ ++ } ++ ++ if (types & L1D_FLUSH_ORI) { ++ instrs[i++] = 0x63ff0000; /* ori 31,31,0 speculation barrier */ ++ instrs[i++] = 0x63de0000; /* ori 30,30,0 L1d flush*/ ++ } ++ ++ if (types & L1D_FLUSH_MTTRIG) ++ instrs[i++] = 0x7c12dba6; /* mtspr TRIG2,r0 (SPR #882) */ ++ ++ for (i = 0; start < end; start++, i++) { ++ dest = (void *)start + *start; ++ ++ pr_devel("patching dest %lx\n", (unsigned long)dest); ++ ++ patch_instruction(dest, instrs[0]); ++ ++ if (types == L1D_FLUSH_FALLBACK) ++ patch_branch((dest + 1), (unsigned long)&entry_flush_fallback, ++ BRANCH_SET_LINK); ++ else ++ patch_instruction((dest + 1), instrs[1]); ++ ++ patch_instruction((dest + 2), instrs[2]); ++ } ++ ++ printk(KERN_DEBUG "entry-flush: patched %d locations (%s flush)\n", i, ++ (types == L1D_FLUSH_NONE) ? "no" : ++ (types == L1D_FLUSH_FALLBACK) ? "fallback displacement" : ++ (types & L1D_FLUSH_ORI) ? (types & L1D_FLUSH_MTTRIG) ++ ? "ori+mttrig type" ++ : "ori type" : ++ (types & L1D_FLUSH_MTTRIG) ? "mttrig type" ++ : "unknown"); ++} ++ + void do_rfi_flush_fixups(enum l1d_flush_type types) + { + unsigned int instrs[3], *dest; +diff --git a/arch/powerpc/platforms/powernv/setup.c b/arch/powerpc/platforms/powernv/setup.c +index 83498604d322b..3a9f79d18f6b0 100644 +--- a/arch/powerpc/platforms/powernv/setup.c ++++ b/arch/powerpc/platforms/powernv/setup.c +@@ -122,12 +122,29 @@ static void pnv_setup_rfi_flush(void) + type = L1D_FLUSH_ORI; + } + ++ /* ++ * If we are non-Power9 bare metal, we don't need to flush on kernel ++ * entry or after user access: they fix a P9 specific vulnerability. ++ */ ++ if (!pvr_version_is(PVR_POWER9)) { ++ security_ftr_clear(SEC_FTR_L1D_FLUSH_ENTRY); ++ security_ftr_clear(SEC_FTR_L1D_FLUSH_UACCESS); ++ } ++ + enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && \ + (security_ftr_enabled(SEC_FTR_L1D_FLUSH_PR) || \ + security_ftr_enabled(SEC_FTR_L1D_FLUSH_HV)); + + setup_rfi_flush(type, enable); + setup_count_cache_flush(); ++ ++ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && ++ security_ftr_enabled(SEC_FTR_L1D_FLUSH_ENTRY); ++ setup_entry_flush(enable); ++ ++ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && ++ security_ftr_enabled(SEC_FTR_L1D_FLUSH_UACCESS); ++ setup_uaccess_flush(enable); + } + + static void __init pnv_setup_arch(void) +diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c +index 0c8421dd01ab5..ce71235c8b81f 100644 +--- a/arch/powerpc/platforms/pseries/setup.c ++++ b/arch/powerpc/platforms/pseries/setup.c +@@ -561,6 +561,14 @@ void pseries_setup_rfi_flush(void) + + setup_rfi_flush(types, enable); + setup_count_cache_flush(); ++ ++ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && ++ security_ftr_enabled(SEC_FTR_L1D_FLUSH_ENTRY); ++ setup_entry_flush(enable); ++ ++ enable = security_ftr_enabled(SEC_FTR_FAVOUR_SECURITY) && ++ security_ftr_enabled(SEC_FTR_L1D_FLUSH_UACCESS); ++ setup_uaccess_flush(enable); + } + + #ifdef CONFIG_PCI_IOV +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c +index 484c32b7f79ff..39265b55929d2 100644 +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -4050,6 +4050,12 @@ static int em_clflush(struct x86_emulate_ctxt *ctxt) + return X86EMUL_CONTINUE; + } + ++static int em_clflushopt(struct x86_emulate_ctxt *ctxt) ++{ ++ /* emulating clflushopt regardless of cpuid */ ++ return X86EMUL_CONTINUE; ++} ++ + static int em_movsxd(struct x86_emulate_ctxt *ctxt) + { + ctxt->dst.val = (s32) ctxt->src.val; +@@ -4592,7 +4598,7 @@ static const struct opcode group11[] = { + }; + + static const struct gprefix pfx_0f_ae_7 = { +- I(SrcMem | ByteOp, em_clflush), N, N, N, ++ I(SrcMem | ByteOp, em_clflush), I(SrcMem | ByteOp, em_clflushopt), N, N, + }; + + static const struct group_dual group15 = { { +diff --git a/drivers/acpi/evged.c b/drivers/acpi/evged.c +index ccd900690b6f5..9df6991635c22 100644 +--- a/drivers/acpi/evged.c ++++ b/drivers/acpi/evged.c +@@ -101,7 +101,7 @@ static acpi_status acpi_ged_request_interrupt(struct acpi_resource *ares, + + switch (gsi) { + case 0 ... 255: +- sprintf(ev_name, "_%c%02hhX", ++ sprintf(ev_name, "_%c%02X", + trigger == ACPI_EDGE_SENSITIVE ? 'E' : 'L', gsi); + + if (ACPI_SUCCESS(acpi_get_handle(handle, ev_name, &evt_handle))) +diff --git a/drivers/input/keyboard/sunkbd.c b/drivers/input/keyboard/sunkbd.c +index 27126e621eb60..d450f11b98a70 100644 +--- a/drivers/input/keyboard/sunkbd.c ++++ b/drivers/input/keyboard/sunkbd.c +@@ -99,7 +99,8 @@ static irqreturn_t sunkbd_interrupt(struct serio *serio, + switch (data) { + + case SUNKBD_RET_RESET: +- schedule_work(&sunkbd->tq); ++ if (sunkbd->enabled) ++ schedule_work(&sunkbd->tq); + sunkbd->reset = -1; + break; + +@@ -200,16 +201,12 @@ static int sunkbd_initialize(struct sunkbd *sunkbd) + } + + /* +- * sunkbd_reinit() sets leds and beeps to a state the computer remembers they +- * were in. ++ * sunkbd_set_leds_beeps() sets leds and beeps to a state the computer remembers ++ * they were in. + */ + +-static void sunkbd_reinit(struct work_struct *work) ++static void sunkbd_set_leds_beeps(struct sunkbd *sunkbd) + { +- struct sunkbd *sunkbd = container_of(work, struct sunkbd, tq); +- +- wait_event_interruptible_timeout(sunkbd->wait, sunkbd->reset >= 0, HZ); +- + serio_write(sunkbd->serio, SUNKBD_CMD_SETLED); + serio_write(sunkbd->serio, + (!!test_bit(LED_CAPSL, sunkbd->dev->led) << 3) | +@@ -222,11 +219,39 @@ static void sunkbd_reinit(struct work_struct *work) + SUNKBD_CMD_BELLOFF - !!test_bit(SND_BELL, sunkbd->dev->snd)); + } + ++ ++/* ++ * sunkbd_reinit() wait for the keyboard reset to complete and restores state ++ * of leds and beeps. ++ */ ++ ++static void sunkbd_reinit(struct work_struct *work) ++{ ++ struct sunkbd *sunkbd = container_of(work, struct sunkbd, tq); ++ ++ /* ++ * It is OK that we check sunkbd->enabled without pausing serio, ++ * as we only want to catch true->false transition that will ++ * happen once and we will be woken up for it. ++ */ ++ wait_event_interruptible_timeout(sunkbd->wait, ++ sunkbd->reset >= 0 || !sunkbd->enabled, ++ HZ); ++ ++ if (sunkbd->reset >= 0 && sunkbd->enabled) ++ sunkbd_set_leds_beeps(sunkbd); ++} ++ + static void sunkbd_enable(struct sunkbd *sunkbd, bool enable) + { + serio_pause_rx(sunkbd->serio); + sunkbd->enabled = enable; + serio_continue_rx(sunkbd->serio); ++ ++ if (!enable) { ++ wake_up_interruptible(&sunkbd->wait); ++ cancel_work_sync(&sunkbd->tq); ++ } + } + + /* +diff --git a/drivers/net/ethernet/lantiq_xrx200.c b/drivers/net/ethernet/lantiq_xrx200.c +index 96948276b2bc3..4e44a39267eb3 100644 +--- a/drivers/net/ethernet/lantiq_xrx200.c ++++ b/drivers/net/ethernet/lantiq_xrx200.c +@@ -245,6 +245,7 @@ static int xrx200_tx_housekeeping(struct napi_struct *napi, int budget) + int pkts = 0; + int bytes = 0; + ++ netif_tx_lock(net_dev); + while (pkts < budget) { + struct ltq_dma_desc *desc = &ch->dma.desc_base[ch->tx_free]; + +@@ -268,6 +269,7 @@ static int xrx200_tx_housekeeping(struct napi_struct *napi, int budget) + net_dev->stats.tx_bytes += bytes; + netdev_completed_queue(ch->priv->net_dev, pkts, bytes); + ++ netif_tx_unlock(net_dev); + if (netif_queue_stopped(net_dev)) + netif_wake_queue(net_dev); + +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +index 7089ffcc4e512..76547d35cd0e1 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +@@ -853,11 +853,21 @@ static void cb_timeout_handler(struct work_struct *work) + struct mlx5_core_dev *dev = container_of(ent->cmd, struct mlx5_core_dev, + cmd); + ++ mlx5_cmd_eq_recover(dev); ++ ++ /* Maybe got handled by eq recover ? */ ++ if (!test_bit(MLX5_CMD_ENT_STATE_PENDING_COMP, &ent->state)) { ++ mlx5_core_warn(dev, "cmd[%d]: %s(0x%x) Async, recovered after timeout\n", ent->idx, ++ mlx5_command_str(msg_to_opcode(ent->in)), msg_to_opcode(ent->in)); ++ goto out; /* phew, already handled */ ++ } ++ + ent->ret = -ETIMEDOUT; +- mlx5_core_warn(dev, "%s(0x%x) timeout. Will cause a leak of a command resource\n", +- mlx5_command_str(msg_to_opcode(ent->in)), +- msg_to_opcode(ent->in)); ++ mlx5_core_warn(dev, "cmd[%d]: %s(0x%x) Async, timeout. Will cause a leak of a command resource\n", ++ ent->idx, mlx5_command_str(msg_to_opcode(ent->in)), msg_to_opcode(ent->in)); + mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true); ++ ++out: + cmd_ent_put(ent); /* for the cmd_ent_get() took on schedule delayed work */ + } + +@@ -865,6 +875,33 @@ static void free_msg(struct mlx5_core_dev *dev, struct mlx5_cmd_msg *msg); + static void mlx5_free_cmd_msg(struct mlx5_core_dev *dev, + struct mlx5_cmd_msg *msg); + ++static bool opcode_allowed(struct mlx5_cmd *cmd, u16 opcode) ++{ ++ if (cmd->allowed_opcode == CMD_ALLOWED_OPCODE_ALL) ++ return true; ++ ++ return cmd->allowed_opcode == opcode; ++} ++ ++static int cmd_alloc_index_retry(struct mlx5_cmd *cmd) ++{ ++ unsigned long alloc_end = jiffies + msecs_to_jiffies(1000); ++ int idx; ++ ++retry: ++ idx = cmd_alloc_index(cmd); ++ if (idx < 0 && time_before(jiffies, alloc_end)) { ++ /* Index allocation can fail on heavy load of commands. This is a temporary ++ * situation as the current command already holds the semaphore, meaning that ++ * another command completion is being handled and it is expected to release ++ * the entry index soon. ++ */ ++ cpu_relax(); ++ goto retry; ++ } ++ return idx; ++} ++ + static void cmd_work_handler(struct work_struct *work) + { + struct mlx5_cmd_work_ent *ent = container_of(work, struct mlx5_cmd_work_ent, work); +@@ -882,7 +919,7 @@ static void cmd_work_handler(struct work_struct *work) + sem = ent->page_queue ? &cmd->pages_sem : &cmd->sem; + down(sem); + if (!ent->page_queue) { +- alloc_ret = cmd_alloc_index(cmd); ++ alloc_ret = cmd_alloc_index_retry(cmd); + if (alloc_ret < 0) { + mlx5_core_err(dev, "failed to allocate command entry\n"); + if (ent->callback) { +@@ -931,7 +968,8 @@ static void cmd_work_handler(struct work_struct *work) + + /* Skip sending command to fw if internal error */ + if (pci_channel_offline(dev->pdev) || +- dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR) { ++ dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR || ++ !opcode_allowed(&dev->cmd, ent->op)) { + u8 status = 0; + u32 drv_synd; + +@@ -987,6 +1025,35 @@ static const char *deliv_status_to_str(u8 status) + } + } + ++enum { ++ MLX5_CMD_TIMEOUT_RECOVER_MSEC = 5 * 1000, ++}; ++ ++static void wait_func_handle_exec_timeout(struct mlx5_core_dev *dev, ++ struct mlx5_cmd_work_ent *ent) ++{ ++ unsigned long timeout = msecs_to_jiffies(MLX5_CMD_TIMEOUT_RECOVER_MSEC); ++ ++ mlx5_cmd_eq_recover(dev); ++ ++ /* Re-wait on the ent->done after executing the recovery flow. If the ++ * recovery flow (or any other recovery flow running simultaneously) ++ * has recovered an EQE, it should cause the entry to be completed by ++ * the command interface. ++ */ ++ if (wait_for_completion_timeout(&ent->done, timeout)) { ++ mlx5_core_warn(dev, "cmd[%d]: %s(0x%x) recovered after timeout\n", ent->idx, ++ mlx5_command_str(msg_to_opcode(ent->in)), msg_to_opcode(ent->in)); ++ return; ++ } ++ ++ mlx5_core_warn(dev, "cmd[%d]: %s(0x%x) No done completion\n", ent->idx, ++ mlx5_command_str(msg_to_opcode(ent->in)), msg_to_opcode(ent->in)); ++ ++ ent->ret = -ETIMEDOUT; ++ mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true); ++} ++ + static int wait_func(struct mlx5_core_dev *dev, struct mlx5_cmd_work_ent *ent) + { + unsigned long timeout = msecs_to_jiffies(MLX5_CMD_TIMEOUT_MSEC); +@@ -998,12 +1065,10 @@ static int wait_func(struct mlx5_core_dev *dev, struct mlx5_cmd_work_ent *ent) + ent->ret = -ECANCELED; + goto out_err; + } +- if (cmd->mode == CMD_MODE_POLLING || ent->polling) { ++ if (cmd->mode == CMD_MODE_POLLING || ent->polling) + wait_for_completion(&ent->done); +- } else if (!wait_for_completion_timeout(&ent->done, timeout)) { +- ent->ret = -ETIMEDOUT; +- mlx5_cmd_comp_handler(dev, 1UL << ent->idx, true); +- } ++ else if (!wait_for_completion_timeout(&ent->done, timeout)) ++ wait_func_handle_exec_timeout(dev, ent); + + out_err: + err = ent->ret; +@@ -1422,6 +1487,22 @@ static void create_debugfs_files(struct mlx5_core_dev *dev) + mlx5_cmdif_debugfs_init(dev); + } + ++void mlx5_cmd_allowed_opcode(struct mlx5_core_dev *dev, u16 opcode) ++{ ++ struct mlx5_cmd *cmd = &dev->cmd; ++ int i; ++ ++ for (i = 0; i < cmd->max_reg_cmds; i++) ++ down(&cmd->sem); ++ down(&cmd->pages_sem); ++ ++ cmd->allowed_opcode = opcode; ++ ++ up(&cmd->pages_sem); ++ for (i = 0; i < cmd->max_reg_cmds; i++) ++ up(&cmd->sem); ++} ++ + static void mlx5_cmd_change_mod(struct mlx5_core_dev *dev, int mode) + { + struct mlx5_cmd *cmd = &dev->cmd; +@@ -1714,12 +1795,13 @@ static int cmd_exec(struct mlx5_core_dev *dev, void *in, int in_size, void *out, + int err; + u8 status = 0; + u32 drv_synd; ++ u16 opcode; + u8 token; + ++ opcode = MLX5_GET(mbox_in, in, opcode); + if (pci_channel_offline(dev->pdev) || +- dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR) { +- u16 opcode = MLX5_GET(mbox_in, in, opcode); +- ++ dev->state == MLX5_DEVICE_STATE_INTERNAL_ERROR || ++ !opcode_allowed(&dev->cmd, opcode)) { + err = mlx5_internal_err_ret_value(dev, opcode, &drv_synd, &status); + MLX5_SET(mbox_out, out, status, status); + MLX5_SET(mbox_out, out, syndrome, drv_synd); +@@ -2021,6 +2103,7 @@ int mlx5_cmd_init(struct mlx5_core_dev *dev) + mlx5_core_dbg(dev, "descriptor at dma 0x%llx\n", (unsigned long long)(cmd->dma)); + + cmd->mode = CMD_MODE_POLLING; ++ cmd->allowed_opcode = CMD_ALLOWED_OPCODE_ALL; + + create_msg_cache(dev); + +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eq.c b/drivers/net/ethernet/mellanox/mlx5/core/eq.c +index 580c71cb9dfaa..0a20938b4aadb 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/eq.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/eq.c +@@ -190,6 +190,29 @@ u32 mlx5_eq_poll_irq_disabled(struct mlx5_eq_comp *eq) + return count_eqe; + } + ++static void mlx5_eq_async_int_lock(struct mlx5_eq_async *eq, unsigned long *flags) ++ __acquires(&eq->lock) ++{ ++ if (in_irq()) ++ spin_lock(&eq->lock); ++ else ++ spin_lock_irqsave(&eq->lock, *flags); ++} ++ ++static void mlx5_eq_async_int_unlock(struct mlx5_eq_async *eq, unsigned long *flags) ++ __releases(&eq->lock) ++{ ++ if (in_irq()) ++ spin_unlock(&eq->lock); ++ else ++ spin_unlock_irqrestore(&eq->lock, *flags); ++} ++ ++enum async_eq_nb_action { ++ ASYNC_EQ_IRQ_HANDLER = 0, ++ ASYNC_EQ_RECOVER = 1, ++}; ++ + static int mlx5_eq_async_int(struct notifier_block *nb, + unsigned long action, void *data) + { +@@ -199,11 +222,14 @@ static int mlx5_eq_async_int(struct notifier_block *nb, + struct mlx5_eq_table *eqt; + struct mlx5_core_dev *dev; + struct mlx5_eqe *eqe; ++ unsigned long flags; + int num_eqes = 0; + + dev = eq->dev; + eqt = dev->priv.eq_table; + ++ mlx5_eq_async_int_lock(eq_async, &flags); ++ + eqe = next_eqe_sw(eq); + if (!eqe) + goto out; +@@ -224,8 +250,19 @@ static int mlx5_eq_async_int(struct notifier_block *nb, + + out: + eq_update_ci(eq, 1); ++ mlx5_eq_async_int_unlock(eq_async, &flags); + +- return 0; ++ return unlikely(action == ASYNC_EQ_RECOVER) ? num_eqes : 0; ++} ++ ++void mlx5_cmd_eq_recover(struct mlx5_core_dev *dev) ++{ ++ struct mlx5_eq_async *eq = &dev->priv.eq_table->cmd_eq; ++ int eqes; ++ ++ eqes = mlx5_eq_async_int(&eq->irq_nb, ASYNC_EQ_RECOVER, NULL); ++ if (eqes) ++ mlx5_core_warn(dev, "Recovered %d EQEs on cmd_eq\n", eqes); + } + + static void init_eq_buf(struct mlx5_eq *eq) +@@ -563,6 +600,40 @@ static void gather_async_events_mask(struct mlx5_core_dev *dev, u64 mask[4]) + gather_user_async_events(dev, mask); + } + ++static int ++setup_async_eq(struct mlx5_core_dev *dev, struct mlx5_eq_async *eq, ++ struct mlx5_eq_param *param, const char *name) ++{ ++ int err; ++ ++ eq->irq_nb.notifier_call = mlx5_eq_async_int; ++ spin_lock_init(&eq->lock); ++ ++ err = create_async_eq(dev, &eq->core, param); ++ if (err) { ++ mlx5_core_warn(dev, "failed to create %s EQ %d\n", name, err); ++ return err; ++ } ++ err = mlx5_eq_enable(dev, &eq->core, &eq->irq_nb); ++ if (err) { ++ mlx5_core_warn(dev, "failed to enable %s EQ %d\n", name, err); ++ destroy_async_eq(dev, &eq->core); ++ } ++ return err; ++} ++ ++static void cleanup_async_eq(struct mlx5_core_dev *dev, ++ struct mlx5_eq_async *eq, const char *name) ++{ ++ int err; ++ ++ mlx5_eq_disable(dev, &eq->core, &eq->irq_nb); ++ err = destroy_async_eq(dev, &eq->core); ++ if (err) ++ mlx5_core_err(dev, "failed to destroy %s eq, err(%d)\n", ++ name, err); ++} ++ + static int create_async_eqs(struct mlx5_core_dev *dev) + { + struct mlx5_eq_table *table = dev->priv.eq_table; +@@ -572,77 +643,48 @@ static int create_async_eqs(struct mlx5_core_dev *dev) + MLX5_NB_INIT(&table->cq_err_nb, cq_err_event_notifier, CQ_ERROR); + mlx5_eq_notifier_register(dev, &table->cq_err_nb); + +- table->cmd_eq.irq_nb.notifier_call = mlx5_eq_async_int; + param = (struct mlx5_eq_param) { + .irq_index = 0, + .nent = MLX5_NUM_CMD_EQE, ++ .mask[0] = 1ull << MLX5_EVENT_TYPE_CMD, + }; +- +- param.mask[0] = 1ull << MLX5_EVENT_TYPE_CMD; +- err = create_async_eq(dev, &table->cmd_eq.core, ¶m); +- if (err) { +- mlx5_core_warn(dev, "failed to create cmd EQ %d\n", err); +- goto err0; +- } +- err = mlx5_eq_enable(dev, &table->cmd_eq.core, &table->cmd_eq.irq_nb); +- if (err) { +- mlx5_core_warn(dev, "failed to enable cmd EQ %d\n", err); ++ mlx5_cmd_allowed_opcode(dev, MLX5_CMD_OP_CREATE_EQ); ++ err = setup_async_eq(dev, &table->cmd_eq, ¶m, "cmd"); ++ if (err) + goto err1; +- } ++ + mlx5_cmd_use_events(dev); ++ mlx5_cmd_allowed_opcode(dev, CMD_ALLOWED_OPCODE_ALL); + +- table->async_eq.irq_nb.notifier_call = mlx5_eq_async_int; + param = (struct mlx5_eq_param) { + .irq_index = 0, + .nent = MLX5_NUM_ASYNC_EQE, + }; + + gather_async_events_mask(dev, param.mask); +- err = create_async_eq(dev, &table->async_eq.core, ¶m); +- if (err) { +- mlx5_core_warn(dev, "failed to create async EQ %d\n", err); ++ err = setup_async_eq(dev, &table->async_eq, ¶m, "async"); ++ if (err) + goto err2; +- } +- err = mlx5_eq_enable(dev, &table->async_eq.core, +- &table->async_eq.irq_nb); +- if (err) { +- mlx5_core_warn(dev, "failed to enable async EQ %d\n", err); +- goto err3; +- } + +- table->pages_eq.irq_nb.notifier_call = mlx5_eq_async_int; + param = (struct mlx5_eq_param) { + .irq_index = 0, + .nent = /* TODO: sriov max_vf + */ 1, ++ .mask[0] = 1ull << MLX5_EVENT_TYPE_PAGE_REQUEST, + }; + +- param.mask[0] = 1ull << MLX5_EVENT_TYPE_PAGE_REQUEST; +- err = create_async_eq(dev, &table->pages_eq.core, ¶m); +- if (err) { +- mlx5_core_warn(dev, "failed to create pages EQ %d\n", err); +- goto err4; +- } +- err = mlx5_eq_enable(dev, &table->pages_eq.core, +- &table->pages_eq.irq_nb); +- if (err) { +- mlx5_core_warn(dev, "failed to enable pages EQ %d\n", err); +- goto err5; +- } ++ err = setup_async_eq(dev, &table->pages_eq, ¶m, "pages"); ++ if (err) ++ goto err3; + +- return err; ++ return 0; + +-err5: +- destroy_async_eq(dev, &table->pages_eq.core); +-err4: +- mlx5_eq_disable(dev, &table->async_eq.core, &table->async_eq.irq_nb); + err3: +- destroy_async_eq(dev, &table->async_eq.core); ++ cleanup_async_eq(dev, &table->async_eq, "async"); + err2: + mlx5_cmd_use_polling(dev); +- mlx5_eq_disable(dev, &table->cmd_eq.core, &table->cmd_eq.irq_nb); ++ cleanup_async_eq(dev, &table->cmd_eq, "cmd"); + err1: +- destroy_async_eq(dev, &table->cmd_eq.core); +-err0: ++ mlx5_cmd_allowed_opcode(dev, CMD_ALLOWED_OPCODE_ALL); + mlx5_eq_notifier_unregister(dev, &table->cq_err_nb); + return err; + } +@@ -650,28 +692,11 @@ err0: + static void destroy_async_eqs(struct mlx5_core_dev *dev) + { + struct mlx5_eq_table *table = dev->priv.eq_table; +- int err; +- +- mlx5_eq_disable(dev, &table->pages_eq.core, &table->pages_eq.irq_nb); +- err = destroy_async_eq(dev, &table->pages_eq.core); +- if (err) +- mlx5_core_err(dev, "failed to destroy pages eq, err(%d)\n", +- err); +- +- mlx5_eq_disable(dev, &table->async_eq.core, &table->async_eq.irq_nb); +- err = destroy_async_eq(dev, &table->async_eq.core); +- if (err) +- mlx5_core_err(dev, "failed to destroy async eq, err(%d)\n", +- err); + ++ cleanup_async_eq(dev, &table->pages_eq, "pages"); ++ cleanup_async_eq(dev, &table->async_eq, "async"); + mlx5_cmd_use_polling(dev); +- +- mlx5_eq_disable(dev, &table->cmd_eq.core, &table->cmd_eq.irq_nb); +- err = destroy_async_eq(dev, &table->cmd_eq.core); +- if (err) +- mlx5_core_err(dev, "failed to destroy command eq, err(%d)\n", +- err); +- ++ cleanup_async_eq(dev, &table->cmd_eq, "cmd"); + mlx5_eq_notifier_unregister(dev, &table->cq_err_nb); + } + +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h b/drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h +index 4be4d2d362189..9aaf0eab7c2e1 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h ++++ b/drivers/net/ethernet/mellanox/mlx5/core/lib/eq.h +@@ -38,6 +38,7 @@ struct mlx5_eq { + struct mlx5_eq_async { + struct mlx5_eq core; + struct notifier_block irq_nb; ++ spinlock_t lock; /* To avoid irq EQ handle races with resiliency flows */ + }; + + struct mlx5_eq_comp { +@@ -82,6 +83,7 @@ void mlx5_cq_tasklet_cb(unsigned long data); + struct cpumask *mlx5_eq_comp_cpumask(struct mlx5_core_dev *dev, int ix); + + u32 mlx5_eq_poll_irq_disabled(struct mlx5_eq_comp *eq); ++void mlx5_cmd_eq_recover(struct mlx5_core_dev *dev); + void mlx5_eq_synchronize_async_irq(struct mlx5_core_dev *dev); + void mlx5_eq_synchronize_cmd_irq(struct mlx5_core_dev *dev); + +diff --git a/include/linux/mlx5/driver.h b/include/linux/mlx5/driver.h +index 6b4f86dfca382..2b65ffb3bd76e 100644 +--- a/include/linux/mlx5/driver.h ++++ b/include/linux/mlx5/driver.h +@@ -299,6 +299,7 @@ struct mlx5_cmd { + struct semaphore sem; + struct semaphore pages_sem; + int mode; ++ u16 allowed_opcode; + struct mlx5_cmd_work_ent *ent_arr[MLX5_MAX_COMMANDS]; + struct dma_pool *pool; + struct mlx5_cmd_debug dbg; +@@ -890,10 +891,15 @@ mlx5_frag_buf_get_idx_last_contig_stride(struct mlx5_frag_buf_ctrl *fbc, u32 ix) + return min_t(u32, last_frag_stride_idx - fbc->strides_offset, fbc->sz_m1); + } + ++enum { ++ CMD_ALLOWED_OPCODE_ALL, ++}; ++ + int mlx5_cmd_init(struct mlx5_core_dev *dev); + void mlx5_cmd_cleanup(struct mlx5_core_dev *dev); + void mlx5_cmd_use_events(struct mlx5_core_dev *dev); + void mlx5_cmd_use_polling(struct mlx5_core_dev *dev); ++void mlx5_cmd_allowed_opcode(struct mlx5_core_dev *dev, u16 opcode); + + struct mlx5_async_ctx { + struct mlx5_core_dev *dev; +diff --git a/net/can/proc.c b/net/can/proc.c +index e6881bfc3ed11..077af42c26ba5 100644 +--- a/net/can/proc.c ++++ b/net/can/proc.c +@@ -471,6 +471,9 @@ void can_init_proc(struct net *net) + */ + void can_remove_proc(struct net *net) + { ++ if (!net->can.proc_dir) ++ return; ++ + if (net->can.pde_version) + remove_proc_entry(CAN_PROC_VERSION, net->can.proc_dir); + +@@ -498,6 +501,5 @@ void can_remove_proc(struct net *net) + if (net->can.pde_rcvlist_sff) + remove_proc_entry(CAN_PROC_RCVLIST_SFF, net->can.proc_dir); + +- if (net->can.proc_dir) +- remove_proc_entry("can", net->proc_net); ++ remove_proc_entry("can", net->proc_net); + } +diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c +index 4f14d8a06915a..38bb6d512b36d 100644 +--- a/net/mac80211/sta_info.c ++++ b/net/mac80211/sta_info.c +@@ -244,6 +244,24 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata, + */ + void sta_info_free(struct ieee80211_local *local, struct sta_info *sta) + { ++ /* ++ * If we had used sta_info_pre_move_state() then we might not ++ * have gone through the state transitions down again, so do ++ * it here now (and warn if it's inserted). ++ * ++ * This will clear state such as fast TX/RX that may have been ++ * allocated during state transitions. ++ */ ++ while (sta->sta_state > IEEE80211_STA_NONE) { ++ int ret; ++ ++ WARN_ON_ONCE(test_sta_flag(sta, WLAN_STA_INSERTED)); ++ ++ ret = sta_info_move_state(sta, sta->sta_state - 1); ++ if (WARN_ONCE(ret, "sta_info_move_state() returned %d\n", ret)) ++ break; ++ } ++ + if (sta->rate_ctrl) + rate_control_free_sta(sta); + +diff --git a/tools/testing/selftests/powerpc/security/.gitignore b/tools/testing/selftests/powerpc/security/.gitignore +index 0b969fba3beb2..b8afb4f2481e4 100644 +--- a/tools/testing/selftests/powerpc/security/.gitignore ++++ b/tools/testing/selftests/powerpc/security/.gitignore +@@ -1 +1,2 @@ + rfi_flush ++entry_flush +diff --git a/tools/testing/selftests/powerpc/security/Makefile b/tools/testing/selftests/powerpc/security/Makefile +index 85861c46b4457..e550a287768fc 100644 +--- a/tools/testing/selftests/powerpc/security/Makefile ++++ b/tools/testing/selftests/powerpc/security/Makefile +@@ -1,6 +1,6 @@ + # SPDX-License-Identifier: GPL-2.0+ + +-TEST_GEN_PROGS := rfi_flush ++TEST_GEN_PROGS := rfi_flush entry_flush + top_srcdir = ../../../../.. + + CFLAGS += -I../../../../../usr/include +diff --git a/tools/testing/selftests/powerpc/security/entry_flush.c b/tools/testing/selftests/powerpc/security/entry_flush.c +new file mode 100644 +index 0000000000000..e8d24f9a5d3e5 +--- /dev/null ++++ b/tools/testing/selftests/powerpc/security/entry_flush.c +@@ -0,0 +1,163 @@ ++// SPDX-License-Identifier: GPL-2.0+ ++ ++/* ++ * Copyright 2018 IBM Corporation. ++ */ ++ ++#define __SANE_USERSPACE_TYPES__ ++ ++#include <sys/types.h> ++#include <stdint.h> ++#include <malloc.h> ++#include <unistd.h> ++#include <signal.h> ++#include <stdlib.h> ++#include <string.h> ++#include <stdio.h> ++#include "utils.h" ++ ++#define CACHELINE_SIZE 128 ++ ++struct perf_event_read { ++ __u64 nr; ++ __u64 l1d_misses; ++}; ++ ++static inline __u64 load(void *addr) ++{ ++ __u64 tmp; ++ ++ asm volatile("ld %0,0(%1)" : "=r"(tmp) : "b"(addr)); ++ ++ return tmp; ++} ++ ++static void syscall_loop(char *p, unsigned long iterations, ++ unsigned long zero_size) ++{ ++ for (unsigned long i = 0; i < iterations; i++) { ++ for (unsigned long j = 0; j < zero_size; j += CACHELINE_SIZE) ++ load(p + j); ++ getppid(); ++ } ++} ++ ++int entry_flush_test(void) ++{ ++ char *p; ++ int repetitions = 10; ++ int fd, passes = 0, iter, rc = 0; ++ struct perf_event_read v; ++ __u64 l1d_misses_total = 0; ++ unsigned long iterations = 100000, zero_size = 24 * 1024; ++ unsigned long l1d_misses_expected; ++ int rfi_flush_orig; ++ int entry_flush, entry_flush_orig; ++ ++ SKIP_IF(geteuid() != 0); ++ ++ // The PMU event we use only works on Power7 or later ++ SKIP_IF(!have_hwcap(PPC_FEATURE_ARCH_2_06)); ++ ++ if (read_debugfs_file("powerpc/rfi_flush", &rfi_flush_orig) < 0) { ++ perror("Unable to read powerpc/rfi_flush debugfs file"); ++ SKIP_IF(1); ++ } ++ ++ if (read_debugfs_file("powerpc/entry_flush", &entry_flush_orig) < 0) { ++ perror("Unable to read powerpc/entry_flush debugfs file"); ++ SKIP_IF(1); ++ } ++ ++ if (rfi_flush_orig != 0) { ++ if (write_debugfs_file("powerpc/rfi_flush", 0) < 0) { ++ perror("error writing to powerpc/rfi_flush debugfs file"); ++ FAIL_IF(1); ++ } ++ } ++ ++ entry_flush = entry_flush_orig; ++ ++ fd = perf_event_open_counter(PERF_TYPE_RAW, /* L1d miss */ 0x400f0, -1); ++ FAIL_IF(fd < 0); ++ ++ p = (char *)memalign(zero_size, CACHELINE_SIZE); ++ ++ FAIL_IF(perf_event_enable(fd)); ++ ++ // disable L1 prefetching ++ set_dscr(1); ++ ++ iter = repetitions; ++ ++ /* ++ * We expect to see l1d miss for each cacheline access when entry_flush ++ * is set. Allow a small variation on this. ++ */ ++ l1d_misses_expected = iterations * (zero_size / CACHELINE_SIZE - 2); ++ ++again: ++ FAIL_IF(perf_event_reset(fd)); ++ ++ syscall_loop(p, iterations, zero_size); ++ ++ FAIL_IF(read(fd, &v, sizeof(v)) != sizeof(v)); ++ ++ if (entry_flush && v.l1d_misses >= l1d_misses_expected) ++ passes++; ++ else if (!entry_flush && v.l1d_misses < (l1d_misses_expected / 2)) ++ passes++; ++ ++ l1d_misses_total += v.l1d_misses; ++ ++ while (--iter) ++ goto again; ++ ++ if (passes < repetitions) { ++ printf("FAIL (L1D misses with entry_flush=%d: %llu %c %lu) [%d/%d failures]\n", ++ entry_flush, l1d_misses_total, entry_flush ? '<' : '>', ++ entry_flush ? repetitions * l1d_misses_expected : ++ repetitions * l1d_misses_expected / 2, ++ repetitions - passes, repetitions); ++ rc = 1; ++ } else ++ printf("PASS (L1D misses with entry_flush=%d: %llu %c %lu) [%d/%d pass]\n", ++ entry_flush, l1d_misses_total, entry_flush ? '>' : '<', ++ entry_flush ? repetitions * l1d_misses_expected : ++ repetitions * l1d_misses_expected / 2, ++ passes, repetitions); ++ ++ if (entry_flush == entry_flush_orig) { ++ entry_flush = !entry_flush_orig; ++ if (write_debugfs_file("powerpc/entry_flush", entry_flush) < 0) { ++ perror("error writing to powerpc/entry_flush debugfs file"); ++ return 1; ++ } ++ iter = repetitions; ++ l1d_misses_total = 0; ++ passes = 0; ++ goto again; ++ } ++ ++ perf_event_disable(fd); ++ close(fd); ++ ++ set_dscr(0); ++ ++ if (write_debugfs_file("powerpc/rfi_flush", rfi_flush_orig) < 0) { ++ perror("unable to restore original value of powerpc/rfi_flush debugfs file"); ++ return 1; ++ } ++ ++ if (write_debugfs_file("powerpc/entry_flush", entry_flush_orig) < 0) { ++ perror("unable to restore original value of powerpc/entry_flush debugfs file"); ++ return 1; ++ } ++ ++ return rc; ++} ++ ++int main(int argc, char *argv[]) ++{ ++ return test_harness(entry_flush_test, "entry_flush_test"); ++} +diff --git a/tools/testing/selftests/powerpc/security/rfi_flush.c b/tools/testing/selftests/powerpc/security/rfi_flush.c +index 0a7d0afb26b88..533315e68133d 100644 +--- a/tools/testing/selftests/powerpc/security/rfi_flush.c ++++ b/tools/testing/selftests/powerpc/security/rfi_flush.c +@@ -50,16 +50,30 @@ int rfi_flush_test(void) + __u64 l1d_misses_total = 0; + unsigned long iterations = 100000, zero_size = 24 * 1024; + unsigned long l1d_misses_expected; +- int rfi_flush_org, rfi_flush; ++ int rfi_flush_orig, rfi_flush; ++ int have_entry_flush, entry_flush_orig; + + SKIP_IF(geteuid() != 0); + +- if (read_debugfs_file("powerpc/rfi_flush", &rfi_flush_org)) { ++ if (read_debugfs_file("powerpc/rfi_flush", &rfi_flush_orig) < 0) { + perror("Unable to read powerpc/rfi_flush debugfs file"); + SKIP_IF(1); + } + +- rfi_flush = rfi_flush_org; ++ if (read_debugfs_file("powerpc/entry_flush", &entry_flush_orig) < 0) { ++ have_entry_flush = 0; ++ } else { ++ have_entry_flush = 1; ++ ++ if (entry_flush_orig != 0) { ++ if (write_debugfs_file("powerpc/entry_flush", 0) < 0) { ++ perror("error writing to powerpc/entry_flush debugfs file"); ++ return 1; ++ } ++ } ++ } ++ ++ rfi_flush = rfi_flush_orig; + + fd = perf_event_open_counter(PERF_TYPE_RAW, /* L1d miss */ 0x400f0, -1); + FAIL_IF(fd < 0); +@@ -68,6 +82,7 @@ int rfi_flush_test(void) + + FAIL_IF(perf_event_enable(fd)); + ++ // disable L1 prefetching + set_dscr(1); + + iter = repetitions; +@@ -109,8 +124,8 @@ again: + repetitions * l1d_misses_expected / 2, + passes, repetitions); + +- if (rfi_flush == rfi_flush_org) { +- rfi_flush = !rfi_flush_org; ++ if (rfi_flush == rfi_flush_orig) { ++ rfi_flush = !rfi_flush_orig; + if (write_debugfs_file("powerpc/rfi_flush", rfi_flush) < 0) { + perror("error writing to powerpc/rfi_flush debugfs file"); + return 1; +@@ -126,11 +141,19 @@ again: + + set_dscr(0); + +- if (write_debugfs_file("powerpc/rfi_flush", rfi_flush_org) < 0) { ++ if (write_debugfs_file("powerpc/rfi_flush", rfi_flush_orig) < 0) { + perror("unable to restore original value of powerpc/rfi_flush debugfs file"); + return 1; + } + ++ if (have_entry_flush) { ++ if (write_debugfs_file("powerpc/entry_flush", entry_flush_orig) < 0) { ++ perror("unable to restore original value of powerpc/entry_flush " ++ "debugfs file"); ++ return 1; ++ } ++ } ++ + return rc; + } +
