commit: 81a34615b341a71c5e2b00d1a595366dbfeb102a Author: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> AuthorDate: Wed Oct 13 14:54:56 2021 +0000 Commit: Alice Ferrazzi <alicef <AT> gentoo <DOT> org> CommitDate: Wed Oct 13 14:55:11 2021 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=81a34615
Linux patch 5.4.153 Signed-off-by: Alice Ferrazzi <alicef <AT> gentoo.org> 0000_README | 4 + 1152_linux-5.4.153.patch | 3064 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 3068 insertions(+) diff --git a/0000_README b/0000_README index d41d541..01db703 100644 --- a/0000_README +++ b/0000_README @@ -651,6 +651,10 @@ Patch: 1151_linux-5.4.152.patch From: http://www.kernel.org Desc: Linux 5.4.152 +Patch: 1152_linux-5.4.153.patch +From: http://www.kernel.org +Desc: Linux 5.4.153 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1152_linux-5.4.153.patch b/1152_linux-5.4.153.patch new file mode 100644 index 0000000..bd62172 --- /dev/null +++ b/1152_linux-5.4.153.patch @@ -0,0 +1,3064 @@ +diff --git a/Makefile b/Makefile +index ffcdc36c56f54..df9b1d07ca097 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 5 + PATCHLEVEL = 4 +-SUBLEVEL = 152 ++SUBLEVEL = 153 + EXTRAVERSION = + NAME = Kleptomaniac Octopus + +diff --git a/arch/arm/boot/dts/imx53-m53menlo.dts b/arch/arm/boot/dts/imx53-m53menlo.dts +index 64faf5b46d92f..03c43c1912a7e 100644 +--- a/arch/arm/boot/dts/imx53-m53menlo.dts ++++ b/arch/arm/boot/dts/imx53-m53menlo.dts +@@ -56,6 +56,7 @@ + panel { + compatible = "edt,etm0700g0dh6"; + pinctrl-0 = <&pinctrl_display_gpio>; ++ pinctrl-names = "default"; + enable-gpios = <&gpio6 0 GPIO_ACTIVE_HIGH>; + + port { +@@ -76,8 +77,7 @@ + regulator-name = "vbus"; + regulator-min-microvolt = <5000000>; + regulator-max-microvolt = <5000000>; +- gpio = <&gpio1 2 GPIO_ACTIVE_HIGH>; +- enable-active-high; ++ gpio = <&gpio1 2 0>; + }; + }; + +diff --git a/arch/arm/boot/dts/omap3430-sdp.dts b/arch/arm/boot/dts/omap3430-sdp.dts +index 0abd61108a539..ec16979825378 100644 +--- a/arch/arm/boot/dts/omap3430-sdp.dts ++++ b/arch/arm/boot/dts/omap3430-sdp.dts +@@ -101,7 +101,7 @@ + + nand@1,0 { + compatible = "ti,omap2-nand"; +- reg = <0 0 4>; /* CS0, offset 0, IO size 4 */ ++ reg = <1 0 4>; /* CS1, offset 0, IO size 4 */ + interrupt-parent = <&gpmc>; + interrupts = <0 IRQ_TYPE_NONE>, /* fifoevent */ + <1 IRQ_TYPE_NONE>; /* termcount */ +diff --git a/arch/arm/boot/dts/qcom-apq8064.dtsi b/arch/arm/boot/dts/qcom-apq8064.dtsi +index 2b075e287610f..764984c95c686 100644 +--- a/arch/arm/boot/dts/qcom-apq8064.dtsi ++++ b/arch/arm/boot/dts/qcom-apq8064.dtsi +@@ -198,7 +198,7 @@ + clock-frequency = <19200000>; + }; + +- pxo_board { ++ pxo_board: pxo_board { + compatible = "fixed-clock"; + #clock-cells = <0>; + clock-frequency = <27000000>; +@@ -1147,7 +1147,7 @@ + }; + + gpu: adreno-3xx@4300000 { +- compatible = "qcom,adreno-3xx"; ++ compatible = "qcom,adreno-320.2", "qcom,adreno"; + reg = <0x04300000 0x20000>; + reg-names = "kgsl_3d0_reg_memory"; + interrupts = <GIC_SPI 80 IRQ_TYPE_LEVEL_HIGH>; +@@ -1162,7 +1162,6 @@ + <&mmcc GFX3D_AHB_CLK>, + <&mmcc GFX3D_AXI_CLK>, + <&mmcc MMSS_IMEM_AHB_CLK>; +- qcom,chipid = <0x03020002>; + + iommus = <&gfx3d 0 + &gfx3d 1 +@@ -1305,7 +1304,7 @@ + reg-names = "dsi_pll", "dsi_phy", "dsi_phy_regulator"; + clock-names = "iface_clk", "ref"; + clocks = <&mmcc DSI_M_AHB_CLK>, +- <&cxo_board>; ++ <&pxo_board>; + }; + + +diff --git a/arch/arm/mach-imx/pm-imx6.c b/arch/arm/mach-imx/pm-imx6.c +index baf3b47601af0..1b73e4e76310c 100644 +--- a/arch/arm/mach-imx/pm-imx6.c ++++ b/arch/arm/mach-imx/pm-imx6.c +@@ -9,6 +9,7 @@ + #include <linux/io.h> + #include <linux/irq.h> + #include <linux/genalloc.h> ++#include <linux/irqchip/arm-gic.h> + #include <linux/mfd/syscon.h> + #include <linux/mfd/syscon/imx6q-iomuxc-gpr.h> + #include <linux/of.h> +@@ -618,6 +619,7 @@ static void __init imx6_pm_common_init(const struct imx6_pm_socdata + + static void imx6_pm_stby_poweroff(void) + { ++ gic_cpu_if_down(0); + imx6_set_lpm(STOP_POWER_OFF); + imx6q_suspend_finish(0); + +diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c +index eb74aa1826614..6289b288d60a6 100644 +--- a/arch/arm/mach-omap2/omap_hwmod.c ++++ b/arch/arm/mach-omap2/omap_hwmod.c +@@ -3656,6 +3656,8 @@ int omap_hwmod_init_module(struct device *dev, + oh->flags |= HWMOD_SWSUP_SIDLE_ACT; + if (data->cfg->quirks & SYSC_QUIRK_SWSUP_MSTANDBY) + oh->flags |= HWMOD_SWSUP_MSTANDBY; ++ if (data->cfg->quirks & SYSC_QUIRK_CLKDM_NOAUTO) ++ oh->flags |= HWMOD_CLKDM_NOAUTO; + + error = omap_hwmod_check_module(dev, oh, data, sysc_fields, + rev_offs, sysc_offs, syss_offs, +diff --git a/arch/arm/net/bpf_jit_32.c b/arch/arm/net/bpf_jit_32.c +index b51a8c7b01114..1c6e57f1dbc48 100644 +--- a/arch/arm/net/bpf_jit_32.c ++++ b/arch/arm/net/bpf_jit_32.c +@@ -36,6 +36,10 @@ + * +-----+ + * |RSVD | JIT scratchpad + * current ARM_SP => +-----+ <= (BPF_FP - STACK_SIZE + SCRATCH_SIZE) ++ * | ... | caller-saved registers ++ * +-----+ ++ * | ... | arguments passed on stack ++ * ARM_SP during call => +-----| + * | | + * | ... | Function call stack + * | | +@@ -63,6 +67,12 @@ + * + * When popping registers off the stack at the end of a BPF function, we + * reference them via the current ARM_FP register. ++ * ++ * Some eBPF operations are implemented via a call to a helper function. ++ * Such calls are "invisible" in the eBPF code, so it is up to the calling ++ * program to preserve any caller-saved ARM registers during the call. The ++ * JIT emits code to push and pop those registers onto the stack, immediately ++ * above the callee stack frame. + */ + #define CALLEE_MASK (1 << ARM_R4 | 1 << ARM_R5 | 1 << ARM_R6 | \ + 1 << ARM_R7 | 1 << ARM_R8 | 1 << ARM_R9 | \ +@@ -70,6 +80,8 @@ + #define CALLEE_PUSH_MASK (CALLEE_MASK | 1 << ARM_LR) + #define CALLEE_POP_MASK (CALLEE_MASK | 1 << ARM_PC) + ++#define CALLER_MASK (1 << ARM_R0 | 1 << ARM_R1 | 1 << ARM_R2 | 1 << ARM_R3) ++ + enum { + /* Stack layout - these are offsets from (top of stack - 4) */ + BPF_R2_HI, +@@ -464,6 +476,7 @@ static inline int epilogue_offset(const struct jit_ctx *ctx) + + static inline void emit_udivmod(u8 rd, u8 rm, u8 rn, struct jit_ctx *ctx, u8 op) + { ++ const int exclude_mask = BIT(ARM_R0) | BIT(ARM_R1); + const s8 *tmp = bpf2a32[TMP_REG_1]; + + #if __LINUX_ARM_ARCH__ == 7 +@@ -495,11 +508,17 @@ static inline void emit_udivmod(u8 rd, u8 rm, u8 rn, struct jit_ctx *ctx, u8 op) + emit(ARM_MOV_R(ARM_R0, rm), ctx); + } + ++ /* Push caller-saved registers on stack */ ++ emit(ARM_PUSH(CALLER_MASK & ~exclude_mask), ctx); ++ + /* Call appropriate function */ + emit_mov_i(ARM_IP, op == BPF_DIV ? + (u32)jit_udiv32 : (u32)jit_mod32, ctx); + emit_blx_r(ARM_IP, ctx); + ++ /* Restore caller-saved registers from stack */ ++ emit(ARM_POP(CALLER_MASK & ~exclude_mask), ctx); ++ + /* Save return value */ + if (rd != ARM_R0) + emit(ARM_MOV_R(rd, ARM_R0), ctx); +diff --git a/arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi b/arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi +index 5716ac20bddd1..02ae6bfff5658 100644 +--- a/arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi ++++ b/arch/arm64/boot/dts/freescale/fsl-ls1028a.dtsi +@@ -287,6 +287,24 @@ + status = "disabled"; + }; + ++ can0: can@2180000 { ++ compatible = "fsl,ls1028ar1-flexcan", "fsl,lx2160ar1-flexcan"; ++ reg = <0x0 0x2180000 0x0 0x10000>; ++ interrupts = <GIC_SPI 21 IRQ_TYPE_LEVEL_HIGH>; ++ clocks = <&sysclk>, <&clockgen 4 1>; ++ clock-names = "ipg", "per"; ++ status = "disabled"; ++ }; ++ ++ can1: can@2190000 { ++ compatible = "fsl,ls1028ar1-flexcan", "fsl,lx2160ar1-flexcan"; ++ reg = <0x0 0x2190000 0x0 0x10000>; ++ interrupts = <GIC_SPI 22 IRQ_TYPE_LEVEL_HIGH>; ++ clocks = <&sysclk>, <&clockgen 4 1>; ++ clock-names = "ipg", "per"; ++ status = "disabled"; ++ }; ++ + duart0: serial@21c0500 { + compatible = "fsl,ns16550", "ns16550a"; + reg = <0x00 0x21c0500 0x0 0x100>; +@@ -496,14 +514,14 @@ + compatible = "arm,sp805", "arm,primecell"; + reg = <0x0 0xc000000 0x0 0x1000>; + clocks = <&clockgen 4 15>, <&clockgen 4 15>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster1_core1_watchdog: watchdog@c010000 { + compatible = "arm,sp805", "arm,primecell"; + reg = <0x0 0xc010000 0x0 0x1000>; + clocks = <&clockgen 4 15>, <&clockgen 4 15>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + sai1: audio-controller@f100000 { +diff --git a/arch/arm64/boot/dts/freescale/fsl-ls1088a.dtsi b/arch/arm64/boot/dts/freescale/fsl-ls1088a.dtsi +index c676d0771762f..407ebdb35cd2e 100644 +--- a/arch/arm64/boot/dts/freescale/fsl-ls1088a.dtsi ++++ b/arch/arm64/boot/dts/freescale/fsl-ls1088a.dtsi +@@ -640,56 +640,56 @@ + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc000000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster1_core1_watchdog: wdt@c010000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc010000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster1_core2_watchdog: wdt@c020000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc020000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster1_core3_watchdog: wdt@c030000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc030000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster2_core0_watchdog: wdt@c100000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc100000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster2_core1_watchdog: wdt@c110000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc110000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster2_core2_watchdog: wdt@c120000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc120000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster2_core3_watchdog: wdt@c130000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc130000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + fsl_mc: fsl-mc@80c000000 { +diff --git a/arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi b/arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi +index cdb2fa47637da..82f0fe6acbfb7 100644 +--- a/arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi ++++ b/arch/arm64/boot/dts/freescale/fsl-ls208xa.dtsi +@@ -230,56 +230,56 @@ + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc000000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster1_core1_watchdog: wdt@c010000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc010000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster2_core0_watchdog: wdt@c100000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc100000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster2_core1_watchdog: wdt@c110000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc110000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster3_core0_watchdog: wdt@c200000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc200000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster3_core1_watchdog: wdt@c210000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc210000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster4_core0_watchdog: wdt@c300000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc300000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + cluster4_core1_watchdog: wdt@c310000 { + compatible = "arm,sp805-wdt", "arm,primecell"; + reg = <0x0 0xc310000 0x0 0x1000>; + clocks = <&clockgen 4 3>, <&clockgen 4 3>; +- clock-names = "apb_pclk", "wdog_clk"; ++ clock-names = "wdog_clk", "apb_pclk"; + }; + + crypto: crypto@8000000 { +diff --git a/arch/arm64/boot/dts/qcom/pm8150.dtsi b/arch/arm64/boot/dts/qcom/pm8150.dtsi +index c0b197458665d..6f7dfcb8c0421 100644 +--- a/arch/arm64/boot/dts/qcom/pm8150.dtsi ++++ b/arch/arm64/boot/dts/qcom/pm8150.dtsi +@@ -17,7 +17,7 @@ + #size-cells = <0>; + + pon: power-on@800 { +- compatible = "qcom,pm8916-pon"; ++ compatible = "qcom,pm8998-pon"; + reg = <0x0800>; + pwrkey { + compatible = "qcom,pm8941-pwrkey"; +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig +index 6ecdc690f7336..2bfef67d52c63 100644 +--- a/arch/mips/Kconfig ++++ b/arch/mips/Kconfig +@@ -46,6 +46,7 @@ config MIPS + select HAVE_ARCH_TRACEHOOK + select HAVE_ARCH_TRANSPARENT_HUGEPAGE if CPU_SUPPORTS_HUGEPAGES + select HAVE_ASM_MODVERSIONS ++ select HAVE_CBPF_JIT if !64BIT && !CPU_MICROMIPS + select HAVE_EBPF_JIT if 64BIT && !CPU_MICROMIPS && TARGET_ISA_REV >= 2 + select HAVE_CONTEXT_TRACKING + select HAVE_COPY_THREAD_TLS +diff --git a/arch/mips/net/Makefile b/arch/mips/net/Makefile +index 2d03af7d6b19d..d55912349039c 100644 +--- a/arch/mips/net/Makefile ++++ b/arch/mips/net/Makefile +@@ -1,4 +1,5 @@ + # SPDX-License-Identifier: GPL-2.0-only + # MIPS networking code + ++obj-$(CONFIG_MIPS_CBPF_JIT) += bpf_jit.o bpf_jit_asm.o + obj-$(CONFIG_MIPS_EBPF_JIT) += ebpf_jit.o +diff --git a/arch/mips/net/bpf_jit.c b/arch/mips/net/bpf_jit.c +new file mode 100644 +index 0000000000000..29a288ff4f183 +--- /dev/null ++++ b/arch/mips/net/bpf_jit.c +@@ -0,0 +1,1299 @@ ++/* ++ * Just-In-Time compiler for BPF filters on MIPS ++ * ++ * Copyright (c) 2014 Imagination Technologies Ltd. ++ * Author: Markos Chandras <[email protected]> ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the ++ * Free Software Foundation; version 2 of the License. ++ */ ++ ++#include <linux/bitops.h> ++#include <linux/compiler.h> ++#include <linux/errno.h> ++#include <linux/filter.h> ++#include <linux/if_vlan.h> ++#include <linux/moduleloader.h> ++#include <linux/netdevice.h> ++#include <linux/string.h> ++#include <linux/slab.h> ++#include <linux/types.h> ++#include <asm/asm.h> ++#include <asm/bitops.h> ++#include <asm/cacheflush.h> ++#include <asm/cpu-features.h> ++#include <asm/uasm.h> ++ ++#include "bpf_jit.h" ++ ++/* ABI ++ * r_skb_hl SKB header length ++ * r_data SKB data pointer ++ * r_off Offset ++ * r_A BPF register A ++ * r_X BPF register X ++ * r_skb *skb ++ * r_M *scratch memory ++ * r_skb_len SKB length ++ * ++ * On entry (*bpf_func)(*skb, *filter) ++ * a0 = MIPS_R_A0 = skb; ++ * a1 = MIPS_R_A1 = filter; ++ * ++ * Stack ++ * ... ++ * M[15] ++ * M[14] ++ * M[13] ++ * ... ++ * M[0] <-- r_M ++ * saved reg k-1 ++ * saved reg k-2 ++ * ... ++ * saved reg 0 <-- r_sp ++ * <no argument area> ++ * ++ * Packet layout ++ * ++ * <--------------------- len ------------------------> ++ * <--skb-len(r_skb_hl)-->< ----- skb->data_len ------> ++ * ---------------------------------------------------- ++ * | skb->data | ++ * ---------------------------------------------------- ++ */ ++ ++#define ptr typeof(unsigned long) ++ ++#define SCRATCH_OFF(k) (4 * (k)) ++ ++/* JIT flags */ ++#define SEEN_CALL (1 << BPF_MEMWORDS) ++#define SEEN_SREG_SFT (BPF_MEMWORDS + 1) ++#define SEEN_SREG_BASE (1 << SEEN_SREG_SFT) ++#define SEEN_SREG(x) (SEEN_SREG_BASE << (x)) ++#define SEEN_OFF SEEN_SREG(2) ++#define SEEN_A SEEN_SREG(3) ++#define SEEN_X SEEN_SREG(4) ++#define SEEN_SKB SEEN_SREG(5) ++#define SEEN_MEM SEEN_SREG(6) ++/* SEEN_SK_DATA also implies skb_hl an skb_len */ ++#define SEEN_SKB_DATA (SEEN_SREG(7) | SEEN_SREG(1) | SEEN_SREG(0)) ++ ++/* Arguments used by JIT */ ++#define ARGS_USED_BY_JIT 2 /* only applicable to 64-bit */ ++ ++#define SBIT(x) (1 << (x)) /* Signed version of BIT() */ ++ ++/** ++ * struct jit_ctx - JIT context ++ * @skf: The sk_filter ++ * @prologue_bytes: Number of bytes for prologue ++ * @idx: Instruction index ++ * @flags: JIT flags ++ * @offsets: Instruction offsets ++ * @target: Memory location for the compiled filter ++ */ ++struct jit_ctx { ++ const struct bpf_prog *skf; ++ unsigned int prologue_bytes; ++ u32 idx; ++ u32 flags; ++ u32 *offsets; ++ u32 *target; ++}; ++ ++ ++static inline int optimize_div(u32 *k) ++{ ++ /* power of 2 divides can be implemented with right shift */ ++ if (!(*k & (*k-1))) { ++ *k = ilog2(*k); ++ return 1; ++ } ++ ++ return 0; ++} ++ ++static inline void emit_jit_reg_move(ptr dst, ptr src, struct jit_ctx *ctx); ++ ++/* Simply emit the instruction if the JIT memory space has been allocated */ ++#define emit_instr(ctx, func, ...) \ ++do { \ ++ if ((ctx)->target != NULL) { \ ++ u32 *p = &(ctx)->target[ctx->idx]; \ ++ uasm_i_##func(&p, ##__VA_ARGS__); \ ++ } \ ++ (ctx)->idx++; \ ++} while (0) ++ ++/* ++ * Similar to emit_instr but it must be used when we need to emit ++ * 32-bit or 64-bit instructions ++ */ ++#define emit_long_instr(ctx, func, ...) \ ++do { \ ++ if ((ctx)->target != NULL) { \ ++ u32 *p = &(ctx)->target[ctx->idx]; \ ++ UASM_i_##func(&p, ##__VA_ARGS__); \ ++ } \ ++ (ctx)->idx++; \ ++} while (0) ++ ++/* Determine if immediate is within the 16-bit signed range */ ++static inline bool is_range16(s32 imm) ++{ ++ return !(imm >= SBIT(15) || imm < -SBIT(15)); ++} ++ ++static inline void emit_addu(unsigned int dst, unsigned int src1, ++ unsigned int src2, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, addu, dst, src1, src2); ++} ++ ++static inline void emit_nop(struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, nop); ++} ++ ++/* Load a u32 immediate to a register */ ++static inline void emit_load_imm(unsigned int dst, u32 imm, struct jit_ctx *ctx) ++{ ++ if (ctx->target != NULL) { ++ /* addiu can only handle s16 */ ++ if (!is_range16(imm)) { ++ u32 *p = &ctx->target[ctx->idx]; ++ uasm_i_lui(&p, r_tmp_imm, (s32)imm >> 16); ++ p = &ctx->target[ctx->idx + 1]; ++ uasm_i_ori(&p, dst, r_tmp_imm, imm & 0xffff); ++ } else { ++ u32 *p = &ctx->target[ctx->idx]; ++ uasm_i_addiu(&p, dst, r_zero, imm); ++ } ++ } ++ ctx->idx++; ++ ++ if (!is_range16(imm)) ++ ctx->idx++; ++} ++ ++static inline void emit_or(unsigned int dst, unsigned int src1, ++ unsigned int src2, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, or, dst, src1, src2); ++} ++ ++static inline void emit_ori(unsigned int dst, unsigned src, u32 imm, ++ struct jit_ctx *ctx) ++{ ++ if (imm >= BIT(16)) { ++ emit_load_imm(r_tmp, imm, ctx); ++ emit_or(dst, src, r_tmp, ctx); ++ } else { ++ emit_instr(ctx, ori, dst, src, imm); ++ } ++} ++ ++static inline void emit_daddiu(unsigned int dst, unsigned int src, ++ int imm, struct jit_ctx *ctx) ++{ ++ /* ++ * Only used for stack, so the imm is relatively small ++ * and it fits in 15-bits ++ */ ++ emit_instr(ctx, daddiu, dst, src, imm); ++} ++ ++static inline void emit_addiu(unsigned int dst, unsigned int src, ++ u32 imm, struct jit_ctx *ctx) ++{ ++ if (!is_range16(imm)) { ++ emit_load_imm(r_tmp, imm, ctx); ++ emit_addu(dst, r_tmp, src, ctx); ++ } else { ++ emit_instr(ctx, addiu, dst, src, imm); ++ } ++} ++ ++static inline void emit_and(unsigned int dst, unsigned int src1, ++ unsigned int src2, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, and, dst, src1, src2); ++} ++ ++static inline void emit_andi(unsigned int dst, unsigned int src, ++ u32 imm, struct jit_ctx *ctx) ++{ ++ /* If imm does not fit in u16 then load it to register */ ++ if (imm >= BIT(16)) { ++ emit_load_imm(r_tmp, imm, ctx); ++ emit_and(dst, src, r_tmp, ctx); ++ } else { ++ emit_instr(ctx, andi, dst, src, imm); ++ } ++} ++ ++static inline void emit_xor(unsigned int dst, unsigned int src1, ++ unsigned int src2, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, xor, dst, src1, src2); ++} ++ ++static inline void emit_xori(ptr dst, ptr src, u32 imm, struct jit_ctx *ctx) ++{ ++ /* If imm does not fit in u16 then load it to register */ ++ if (imm >= BIT(16)) { ++ emit_load_imm(r_tmp, imm, ctx); ++ emit_xor(dst, src, r_tmp, ctx); ++ } else { ++ emit_instr(ctx, xori, dst, src, imm); ++ } ++} ++ ++static inline void emit_stack_offset(int offset, struct jit_ctx *ctx) ++{ ++ emit_long_instr(ctx, ADDIU, r_sp, r_sp, offset); ++} ++ ++static inline void emit_subu(unsigned int dst, unsigned int src1, ++ unsigned int src2, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, subu, dst, src1, src2); ++} ++ ++static inline void emit_neg(unsigned int reg, struct jit_ctx *ctx) ++{ ++ emit_subu(reg, r_zero, reg, ctx); ++} ++ ++static inline void emit_sllv(unsigned int dst, unsigned int src, ++ unsigned int sa, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, sllv, dst, src, sa); ++} ++ ++static inline void emit_sll(unsigned int dst, unsigned int src, ++ unsigned int sa, struct jit_ctx *ctx) ++{ ++ /* sa is 5-bits long */ ++ if (sa >= BIT(5)) ++ /* Shifting >= 32 results in zero */ ++ emit_jit_reg_move(dst, r_zero, ctx); ++ else ++ emit_instr(ctx, sll, dst, src, sa); ++} ++ ++static inline void emit_srlv(unsigned int dst, unsigned int src, ++ unsigned int sa, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, srlv, dst, src, sa); ++} ++ ++static inline void emit_srl(unsigned int dst, unsigned int src, ++ unsigned int sa, struct jit_ctx *ctx) ++{ ++ /* sa is 5-bits long */ ++ if (sa >= BIT(5)) ++ /* Shifting >= 32 results in zero */ ++ emit_jit_reg_move(dst, r_zero, ctx); ++ else ++ emit_instr(ctx, srl, dst, src, sa); ++} ++ ++static inline void emit_slt(unsigned int dst, unsigned int src1, ++ unsigned int src2, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, slt, dst, src1, src2); ++} ++ ++static inline void emit_sltu(unsigned int dst, unsigned int src1, ++ unsigned int src2, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, sltu, dst, src1, src2); ++} ++ ++static inline void emit_sltiu(unsigned dst, unsigned int src, ++ unsigned int imm, struct jit_ctx *ctx) ++{ ++ /* 16 bit immediate */ ++ if (!is_range16((s32)imm)) { ++ emit_load_imm(r_tmp, imm, ctx); ++ emit_sltu(dst, src, r_tmp, ctx); ++ } else { ++ emit_instr(ctx, sltiu, dst, src, imm); ++ } ++ ++} ++ ++/* Store register on the stack */ ++static inline void emit_store_stack_reg(ptr reg, ptr base, ++ unsigned int offset, ++ struct jit_ctx *ctx) ++{ ++ emit_long_instr(ctx, SW, reg, offset, base); ++} ++ ++static inline void emit_store(ptr reg, ptr base, unsigned int offset, ++ struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, sw, reg, offset, base); ++} ++ ++static inline void emit_load_stack_reg(ptr reg, ptr base, ++ unsigned int offset, ++ struct jit_ctx *ctx) ++{ ++ emit_long_instr(ctx, LW, reg, offset, base); ++} ++ ++static inline void emit_load(unsigned int reg, unsigned int base, ++ unsigned int offset, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, lw, reg, offset, base); ++} ++ ++static inline void emit_load_byte(unsigned int reg, unsigned int base, ++ unsigned int offset, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, lb, reg, offset, base); ++} ++ ++static inline void emit_half_load(unsigned int reg, unsigned int base, ++ unsigned int offset, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, lh, reg, offset, base); ++} ++ ++static inline void emit_half_load_unsigned(unsigned int reg, unsigned int base, ++ unsigned int offset, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, lhu, reg, offset, base); ++} ++ ++static inline void emit_mul(unsigned int dst, unsigned int src1, ++ unsigned int src2, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, mul, dst, src1, src2); ++} ++ ++static inline void emit_div(unsigned int dst, unsigned int src, ++ struct jit_ctx *ctx) ++{ ++ if (ctx->target != NULL) { ++ u32 *p = &ctx->target[ctx->idx]; ++ uasm_i_divu(&p, dst, src); ++ p = &ctx->target[ctx->idx + 1]; ++ uasm_i_mflo(&p, dst); ++ } ++ ctx->idx += 2; /* 2 insts */ ++} ++ ++static inline void emit_mod(unsigned int dst, unsigned int src, ++ struct jit_ctx *ctx) ++{ ++ if (ctx->target != NULL) { ++ u32 *p = &ctx->target[ctx->idx]; ++ uasm_i_divu(&p, dst, src); ++ p = &ctx->target[ctx->idx + 1]; ++ uasm_i_mfhi(&p, dst); ++ } ++ ctx->idx += 2; /* 2 insts */ ++} ++ ++static inline void emit_dsll(unsigned int dst, unsigned int src, ++ unsigned int sa, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, dsll, dst, src, sa); ++} ++ ++static inline void emit_dsrl32(unsigned int dst, unsigned int src, ++ unsigned int sa, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, dsrl32, dst, src, sa); ++} ++ ++static inline void emit_wsbh(unsigned int dst, unsigned int src, ++ struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, wsbh, dst, src); ++} ++ ++/* load pointer to register */ ++static inline void emit_load_ptr(unsigned int dst, unsigned int src, ++ int imm, struct jit_ctx *ctx) ++{ ++ /* src contains the base addr of the 32/64-pointer */ ++ emit_long_instr(ctx, LW, dst, imm, src); ++} ++ ++/* load a function pointer to register */ ++static inline void emit_load_func(unsigned int reg, ptr imm, ++ struct jit_ctx *ctx) ++{ ++ if (IS_ENABLED(CONFIG_64BIT)) { ++ /* At this point imm is always 64-bit */ ++ emit_load_imm(r_tmp, (u64)imm >> 32, ctx); ++ emit_dsll(r_tmp_imm, r_tmp, 16, ctx); /* left shift by 16 */ ++ emit_ori(r_tmp, r_tmp_imm, (imm >> 16) & 0xffff, ctx); ++ emit_dsll(r_tmp_imm, r_tmp, 16, ctx); /* left shift by 16 */ ++ emit_ori(reg, r_tmp_imm, imm & 0xffff, ctx); ++ } else { ++ emit_load_imm(reg, imm, ctx); ++ } ++} ++ ++/* Move to real MIPS register */ ++static inline void emit_reg_move(ptr dst, ptr src, struct jit_ctx *ctx) ++{ ++ emit_long_instr(ctx, ADDU, dst, src, r_zero); ++} ++ ++/* Move to JIT (32-bit) register */ ++static inline void emit_jit_reg_move(ptr dst, ptr src, struct jit_ctx *ctx) ++{ ++ emit_addu(dst, src, r_zero, ctx); ++} ++ ++/* Compute the immediate value for PC-relative branches. */ ++static inline u32 b_imm(unsigned int tgt, struct jit_ctx *ctx) ++{ ++ if (ctx->target == NULL) ++ return 0; ++ ++ /* ++ * We want a pc-relative branch. We only do forward branches ++ * so tgt is always after pc. tgt is the instruction offset ++ * we want to jump to. ++ ++ * Branch on MIPS: ++ * I: target_offset <- sign_extend(offset) ++ * I+1: PC += target_offset (delay slot) ++ * ++ * ctx->idx currently points to the branch instruction ++ * but the offset is added to the delay slot so we need ++ * to subtract 4. ++ */ ++ return ctx->offsets[tgt] - ++ (ctx->idx * 4 - ctx->prologue_bytes) - 4; ++} ++ ++static inline void emit_bcond(int cond, unsigned int reg1, unsigned int reg2, ++ unsigned int imm, struct jit_ctx *ctx) ++{ ++ if (ctx->target != NULL) { ++ u32 *p = &ctx->target[ctx->idx]; ++ ++ switch (cond) { ++ case MIPS_COND_EQ: ++ uasm_i_beq(&p, reg1, reg2, imm); ++ break; ++ case MIPS_COND_NE: ++ uasm_i_bne(&p, reg1, reg2, imm); ++ break; ++ case MIPS_COND_ALL: ++ uasm_i_b(&p, imm); ++ break; ++ default: ++ pr_warn("%s: Unhandled branch conditional: %d\n", ++ __func__, cond); ++ } ++ } ++ ctx->idx++; ++} ++ ++static inline void emit_b(unsigned int imm, struct jit_ctx *ctx) ++{ ++ emit_bcond(MIPS_COND_ALL, r_zero, r_zero, imm, ctx); ++} ++ ++static inline void emit_jalr(unsigned int link, unsigned int reg, ++ struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, jalr, link, reg); ++} ++ ++static inline void emit_jr(unsigned int reg, struct jit_ctx *ctx) ++{ ++ emit_instr(ctx, jr, reg); ++} ++ ++static inline u16 align_sp(unsigned int num) ++{ ++ /* Double word alignment for 32-bit, quadword for 64-bit */ ++ unsigned int align = IS_ENABLED(CONFIG_64BIT) ? 16 : 8; ++ num = (num + (align - 1)) & -align; ++ return num; ++} ++ ++static void save_bpf_jit_regs(struct jit_ctx *ctx, unsigned offset) ++{ ++ int i = 0, real_off = 0; ++ u32 sflags, tmp_flags; ++ ++ /* Adjust the stack pointer */ ++ if (offset) ++ emit_stack_offset(-align_sp(offset), ctx); ++ ++ tmp_flags = sflags = ctx->flags >> SEEN_SREG_SFT; ++ /* sflags is essentially a bitmap */ ++ while (tmp_flags) { ++ if ((sflags >> i) & 0x1) { ++ emit_store_stack_reg(MIPS_R_S0 + i, r_sp, real_off, ++ ctx); ++ real_off += SZREG; ++ } ++ i++; ++ tmp_flags >>= 1; ++ } ++ ++ /* save return address */ ++ if (ctx->flags & SEEN_CALL) { ++ emit_store_stack_reg(r_ra, r_sp, real_off, ctx); ++ real_off += SZREG; ++ } ++ ++ /* Setup r_M leaving the alignment gap if necessary */ ++ if (ctx->flags & SEEN_MEM) { ++ if (real_off % (SZREG * 2)) ++ real_off += SZREG; ++ emit_long_instr(ctx, ADDIU, r_M, r_sp, real_off); ++ } ++} ++ ++static void restore_bpf_jit_regs(struct jit_ctx *ctx, ++ unsigned int offset) ++{ ++ int i, real_off = 0; ++ u32 sflags, tmp_flags; ++ ++ tmp_flags = sflags = ctx->flags >> SEEN_SREG_SFT; ++ /* sflags is a bitmap */ ++ i = 0; ++ while (tmp_flags) { ++ if ((sflags >> i) & 0x1) { ++ emit_load_stack_reg(MIPS_R_S0 + i, r_sp, real_off, ++ ctx); ++ real_off += SZREG; ++ } ++ i++; ++ tmp_flags >>= 1; ++ } ++ ++ /* restore return address */ ++ if (ctx->flags & SEEN_CALL) ++ emit_load_stack_reg(r_ra, r_sp, real_off, ctx); ++ ++ /* Restore the sp and discard the scrach memory */ ++ if (offset) ++ emit_stack_offset(align_sp(offset), ctx); ++} ++ ++static unsigned int get_stack_depth(struct jit_ctx *ctx) ++{ ++ int sp_off = 0; ++ ++ ++ /* How may s* regs do we need to preserved? */ ++ sp_off += hweight32(ctx->flags >> SEEN_SREG_SFT) * SZREG; ++ ++ if (ctx->flags & SEEN_MEM) ++ sp_off += 4 * BPF_MEMWORDS; /* BPF_MEMWORDS are 32-bit */ ++ ++ if (ctx->flags & SEEN_CALL) ++ sp_off += SZREG; /* Space for our ra register */ ++ ++ return sp_off; ++} ++ ++static void build_prologue(struct jit_ctx *ctx) ++{ ++ int sp_off; ++ ++ /* Calculate the total offset for the stack pointer */ ++ sp_off = get_stack_depth(ctx); ++ save_bpf_jit_regs(ctx, sp_off); ++ ++ if (ctx->flags & SEEN_SKB) ++ emit_reg_move(r_skb, MIPS_R_A0, ctx); ++ ++ if (ctx->flags & SEEN_SKB_DATA) { ++ /* Load packet length */ ++ emit_load(r_skb_len, r_skb, offsetof(struct sk_buff, len), ++ ctx); ++ emit_load(r_tmp, r_skb, offsetof(struct sk_buff, data_len), ++ ctx); ++ /* Load the data pointer */ ++ emit_load_ptr(r_skb_data, r_skb, ++ offsetof(struct sk_buff, data), ctx); ++ /* Load the header length */ ++ emit_subu(r_skb_hl, r_skb_len, r_tmp, ctx); ++ } ++ ++ if (ctx->flags & SEEN_X) ++ emit_jit_reg_move(r_X, r_zero, ctx); ++ ++ /* ++ * Do not leak kernel data to userspace, we only need to clear ++ * r_A if it is ever used. In fact if it is never used, we ++ * will not save/restore it, so clearing it in this case would ++ * corrupt the state of the caller. ++ */ ++ if (bpf_needs_clear_a(&ctx->skf->insns[0]) && ++ (ctx->flags & SEEN_A)) ++ emit_jit_reg_move(r_A, r_zero, ctx); ++} ++ ++static void build_epilogue(struct jit_ctx *ctx) ++{ ++ unsigned int sp_off; ++ ++ /* Calculate the total offset for the stack pointer */ ++ ++ sp_off = get_stack_depth(ctx); ++ restore_bpf_jit_regs(ctx, sp_off); ++ ++ /* Return */ ++ emit_jr(r_ra, ctx); ++ emit_nop(ctx); ++} ++ ++#define CHOOSE_LOAD_FUNC(K, func) \ ++ ((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative : func) : \ ++ func##_positive) ++ ++static bool is_bad_offset(int b_off) ++{ ++ return b_off > 0x1ffff || b_off < -0x20000; ++} ++ ++static int build_body(struct jit_ctx *ctx) ++{ ++ const struct bpf_prog *prog = ctx->skf; ++ const struct sock_filter *inst; ++ unsigned int i, off, condt; ++ u32 k, b_off __maybe_unused; ++ u8 (*sk_load_func)(unsigned long *skb, int offset); ++ ++ for (i = 0; i < prog->len; i++) { ++ u16 code; ++ ++ inst = &(prog->insns[i]); ++ pr_debug("%s: code->0x%02x, jt->0x%x, jf->0x%x, k->0x%x\n", ++ __func__, inst->code, inst->jt, inst->jf, inst->k); ++ k = inst->k; ++ code = bpf_anc_helper(inst); ++ ++ if (ctx->target == NULL) ++ ctx->offsets[i] = ctx->idx * 4; ++ ++ switch (code) { ++ case BPF_LD | BPF_IMM: ++ /* A <- k ==> li r_A, k */ ++ ctx->flags |= SEEN_A; ++ emit_load_imm(r_A, k, ctx); ++ break; ++ case BPF_LD | BPF_W | BPF_LEN: ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, len) != 4); ++ /* A <- len ==> lw r_A, offset(skb) */ ++ ctx->flags |= SEEN_SKB | SEEN_A; ++ off = offsetof(struct sk_buff, len); ++ emit_load(r_A, r_skb, off, ctx); ++ break; ++ case BPF_LD | BPF_MEM: ++ /* A <- M[k] ==> lw r_A, offset(M) */ ++ ctx->flags |= SEEN_MEM | SEEN_A; ++ emit_load(r_A, r_M, SCRATCH_OFF(k), ctx); ++ break; ++ case BPF_LD | BPF_W | BPF_ABS: ++ /* A <- P[k:4] */ ++ sk_load_func = CHOOSE_LOAD_FUNC(k, sk_load_word); ++ goto load; ++ case BPF_LD | BPF_H | BPF_ABS: ++ /* A <- P[k:2] */ ++ sk_load_func = CHOOSE_LOAD_FUNC(k, sk_load_half); ++ goto load; ++ case BPF_LD | BPF_B | BPF_ABS: ++ /* A <- P[k:1] */ ++ sk_load_func = CHOOSE_LOAD_FUNC(k, sk_load_byte); ++load: ++ emit_load_imm(r_off, k, ctx); ++load_common: ++ ctx->flags |= SEEN_CALL | SEEN_OFF | ++ SEEN_SKB | SEEN_A | SEEN_SKB_DATA; ++ ++ emit_load_func(r_s0, (ptr)sk_load_func, ctx); ++ emit_reg_move(MIPS_R_A0, r_skb, ctx); ++ emit_jalr(MIPS_R_RA, r_s0, ctx); ++ /* Load second argument to delay slot */ ++ emit_reg_move(MIPS_R_A1, r_off, ctx); ++ /* Check the error value */ ++ emit_bcond(MIPS_COND_EQ, r_ret, 0, b_imm(i + 1, ctx), ++ ctx); ++ /* Load return register on DS for failures */ ++ emit_reg_move(r_ret, r_zero, ctx); ++ /* Return with error */ ++ b_off = b_imm(prog->len, ctx); ++ if (is_bad_offset(b_off)) ++ return -E2BIG; ++ emit_b(b_off, ctx); ++ emit_nop(ctx); ++ break; ++ case BPF_LD | BPF_W | BPF_IND: ++ /* A <- P[X + k:4] */ ++ sk_load_func = sk_load_word; ++ goto load_ind; ++ case BPF_LD | BPF_H | BPF_IND: ++ /* A <- P[X + k:2] */ ++ sk_load_func = sk_load_half; ++ goto load_ind; ++ case BPF_LD | BPF_B | BPF_IND: ++ /* A <- P[X + k:1] */ ++ sk_load_func = sk_load_byte; ++load_ind: ++ ctx->flags |= SEEN_OFF | SEEN_X; ++ emit_addiu(r_off, r_X, k, ctx); ++ goto load_common; ++ case BPF_LDX | BPF_IMM: ++ /* X <- k */ ++ ctx->flags |= SEEN_X; ++ emit_load_imm(r_X, k, ctx); ++ break; ++ case BPF_LDX | BPF_MEM: ++ /* X <- M[k] */ ++ ctx->flags |= SEEN_X | SEEN_MEM; ++ emit_load(r_X, r_M, SCRATCH_OFF(k), ctx); ++ break; ++ case BPF_LDX | BPF_W | BPF_LEN: ++ /* X <- len */ ++ ctx->flags |= SEEN_X | SEEN_SKB; ++ off = offsetof(struct sk_buff, len); ++ emit_load(r_X, r_skb, off, ctx); ++ break; ++ case BPF_LDX | BPF_B | BPF_MSH: ++ /* X <- 4 * (P[k:1] & 0xf) */ ++ ctx->flags |= SEEN_X | SEEN_CALL | SEEN_SKB; ++ /* Load offset to a1 */ ++ emit_load_func(r_s0, (ptr)sk_load_byte, ctx); ++ /* ++ * This may emit two instructions so it may not fit ++ * in the delay slot. So use a0 in the delay slot. ++ */ ++ emit_load_imm(MIPS_R_A1, k, ctx); ++ emit_jalr(MIPS_R_RA, r_s0, ctx); ++ emit_reg_move(MIPS_R_A0, r_skb, ctx); /* delay slot */ ++ /* Check the error value */ ++ b_off = b_imm(prog->len, ctx); ++ if (is_bad_offset(b_off)) ++ return -E2BIG; ++ emit_bcond(MIPS_COND_NE, r_ret, 0, b_off, ctx); ++ emit_reg_move(r_ret, r_zero, ctx); ++ /* We are good */ ++ /* X <- P[1:K] & 0xf */ ++ emit_andi(r_X, r_A, 0xf, ctx); ++ /* X << 2 */ ++ emit_b(b_imm(i + 1, ctx), ctx); ++ emit_sll(r_X, r_X, 2, ctx); /* delay slot */ ++ break; ++ case BPF_ST: ++ /* M[k] <- A */ ++ ctx->flags |= SEEN_MEM | SEEN_A; ++ emit_store(r_A, r_M, SCRATCH_OFF(k), ctx); ++ break; ++ case BPF_STX: ++ /* M[k] <- X */ ++ ctx->flags |= SEEN_MEM | SEEN_X; ++ emit_store(r_X, r_M, SCRATCH_OFF(k), ctx); ++ break; ++ case BPF_ALU | BPF_ADD | BPF_K: ++ /* A += K */ ++ ctx->flags |= SEEN_A; ++ emit_addiu(r_A, r_A, k, ctx); ++ break; ++ case BPF_ALU | BPF_ADD | BPF_X: ++ /* A += X */ ++ ctx->flags |= SEEN_A | SEEN_X; ++ emit_addu(r_A, r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_SUB | BPF_K: ++ /* A -= K */ ++ ctx->flags |= SEEN_A; ++ emit_addiu(r_A, r_A, -k, ctx); ++ break; ++ case BPF_ALU | BPF_SUB | BPF_X: ++ /* A -= X */ ++ ctx->flags |= SEEN_A | SEEN_X; ++ emit_subu(r_A, r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_MUL | BPF_K: ++ /* A *= K */ ++ /* Load K to scratch register before MUL */ ++ ctx->flags |= SEEN_A; ++ emit_load_imm(r_s0, k, ctx); ++ emit_mul(r_A, r_A, r_s0, ctx); ++ break; ++ case BPF_ALU | BPF_MUL | BPF_X: ++ /* A *= X */ ++ ctx->flags |= SEEN_A | SEEN_X; ++ emit_mul(r_A, r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_DIV | BPF_K: ++ /* A /= k */ ++ if (k == 1) ++ break; ++ if (optimize_div(&k)) { ++ ctx->flags |= SEEN_A; ++ emit_srl(r_A, r_A, k, ctx); ++ break; ++ } ++ ctx->flags |= SEEN_A; ++ emit_load_imm(r_s0, k, ctx); ++ emit_div(r_A, r_s0, ctx); ++ break; ++ case BPF_ALU | BPF_MOD | BPF_K: ++ /* A %= k */ ++ if (k == 1) { ++ ctx->flags |= SEEN_A; ++ emit_jit_reg_move(r_A, r_zero, ctx); ++ } else { ++ ctx->flags |= SEEN_A; ++ emit_load_imm(r_s0, k, ctx); ++ emit_mod(r_A, r_s0, ctx); ++ } ++ break; ++ case BPF_ALU | BPF_DIV | BPF_X: ++ /* A /= X */ ++ ctx->flags |= SEEN_X | SEEN_A; ++ /* Check if r_X is zero */ ++ b_off = b_imm(prog->len, ctx); ++ if (is_bad_offset(b_off)) ++ return -E2BIG; ++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx); ++ emit_load_imm(r_ret, 0, ctx); /* delay slot */ ++ emit_div(r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_MOD | BPF_X: ++ /* A %= X */ ++ ctx->flags |= SEEN_X | SEEN_A; ++ /* Check if r_X is zero */ ++ b_off = b_imm(prog->len, ctx); ++ if (is_bad_offset(b_off)) ++ return -E2BIG; ++ emit_bcond(MIPS_COND_EQ, r_X, r_zero, b_off, ctx); ++ emit_load_imm(r_ret, 0, ctx); /* delay slot */ ++ emit_mod(r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_OR | BPF_K: ++ /* A |= K */ ++ ctx->flags |= SEEN_A; ++ emit_ori(r_A, r_A, k, ctx); ++ break; ++ case BPF_ALU | BPF_OR | BPF_X: ++ /* A |= X */ ++ ctx->flags |= SEEN_A; ++ emit_ori(r_A, r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_XOR | BPF_K: ++ /* A ^= k */ ++ ctx->flags |= SEEN_A; ++ emit_xori(r_A, r_A, k, ctx); ++ break; ++ case BPF_ANC | SKF_AD_ALU_XOR_X: ++ case BPF_ALU | BPF_XOR | BPF_X: ++ /* A ^= X */ ++ ctx->flags |= SEEN_A; ++ emit_xor(r_A, r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_AND | BPF_K: ++ /* A &= K */ ++ ctx->flags |= SEEN_A; ++ emit_andi(r_A, r_A, k, ctx); ++ break; ++ case BPF_ALU | BPF_AND | BPF_X: ++ /* A &= X */ ++ ctx->flags |= SEEN_A | SEEN_X; ++ emit_and(r_A, r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_LSH | BPF_K: ++ /* A <<= K */ ++ ctx->flags |= SEEN_A; ++ emit_sll(r_A, r_A, k, ctx); ++ break; ++ case BPF_ALU | BPF_LSH | BPF_X: ++ /* A <<= X */ ++ ctx->flags |= SEEN_A | SEEN_X; ++ emit_sllv(r_A, r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_RSH | BPF_K: ++ /* A >>= K */ ++ ctx->flags |= SEEN_A; ++ emit_srl(r_A, r_A, k, ctx); ++ break; ++ case BPF_ALU | BPF_RSH | BPF_X: ++ ctx->flags |= SEEN_A | SEEN_X; ++ emit_srlv(r_A, r_A, r_X, ctx); ++ break; ++ case BPF_ALU | BPF_NEG: ++ /* A = -A */ ++ ctx->flags |= SEEN_A; ++ emit_neg(r_A, ctx); ++ break; ++ case BPF_JMP | BPF_JA: ++ /* pc += K */ ++ b_off = b_imm(i + k + 1, ctx); ++ if (is_bad_offset(b_off)) ++ return -E2BIG; ++ emit_b(b_off, ctx); ++ emit_nop(ctx); ++ break; ++ case BPF_JMP | BPF_JEQ | BPF_K: ++ /* pc += ( A == K ) ? pc->jt : pc->jf */ ++ condt = MIPS_COND_EQ | MIPS_COND_K; ++ goto jmp_cmp; ++ case BPF_JMP | BPF_JEQ | BPF_X: ++ ctx->flags |= SEEN_X; ++ /* pc += ( A == X ) ? pc->jt : pc->jf */ ++ condt = MIPS_COND_EQ | MIPS_COND_X; ++ goto jmp_cmp; ++ case BPF_JMP | BPF_JGE | BPF_K: ++ /* pc += ( A >= K ) ? pc->jt : pc->jf */ ++ condt = MIPS_COND_GE | MIPS_COND_K; ++ goto jmp_cmp; ++ case BPF_JMP | BPF_JGE | BPF_X: ++ ctx->flags |= SEEN_X; ++ /* pc += ( A >= X ) ? pc->jt : pc->jf */ ++ condt = MIPS_COND_GE | MIPS_COND_X; ++ goto jmp_cmp; ++ case BPF_JMP | BPF_JGT | BPF_K: ++ /* pc += ( A > K ) ? pc->jt : pc->jf */ ++ condt = MIPS_COND_GT | MIPS_COND_K; ++ goto jmp_cmp; ++ case BPF_JMP | BPF_JGT | BPF_X: ++ ctx->flags |= SEEN_X; ++ /* pc += ( A > X ) ? pc->jt : pc->jf */ ++ condt = MIPS_COND_GT | MIPS_COND_X; ++jmp_cmp: ++ /* Greater or Equal */ ++ if ((condt & MIPS_COND_GE) || ++ (condt & MIPS_COND_GT)) { ++ if (condt & MIPS_COND_K) { /* K */ ++ ctx->flags |= SEEN_A; ++ emit_sltiu(r_s0, r_A, k, ctx); ++ } else { /* X */ ++ ctx->flags |= SEEN_A | ++ SEEN_X; ++ emit_sltu(r_s0, r_A, r_X, ctx); ++ } ++ /* A < (K|X) ? r_scrach = 1 */ ++ b_off = b_imm(i + inst->jf + 1, ctx); ++ emit_bcond(MIPS_COND_NE, r_s0, r_zero, b_off, ++ ctx); ++ emit_nop(ctx); ++ /* A > (K|X) ? scratch = 0 */ ++ if (condt & MIPS_COND_GT) { ++ /* Checking for equality */ ++ ctx->flags |= SEEN_A | SEEN_X; ++ if (condt & MIPS_COND_K) ++ emit_load_imm(r_s0, k, ctx); ++ else ++ emit_jit_reg_move(r_s0, r_X, ++ ctx); ++ b_off = b_imm(i + inst->jf + 1, ctx); ++ emit_bcond(MIPS_COND_EQ, r_A, r_s0, ++ b_off, ctx); ++ emit_nop(ctx); ++ /* Finally, A > K|X */ ++ b_off = b_imm(i + inst->jt + 1, ctx); ++ emit_b(b_off, ctx); ++ emit_nop(ctx); ++ } else { ++ /* A >= (K|X) so jump */ ++ b_off = b_imm(i + inst->jt + 1, ctx); ++ emit_b(b_off, ctx); ++ emit_nop(ctx); ++ } ++ } else { ++ /* A == K|X */ ++ if (condt & MIPS_COND_K) { /* K */ ++ ctx->flags |= SEEN_A; ++ emit_load_imm(r_s0, k, ctx); ++ /* jump true */ ++ b_off = b_imm(i + inst->jt + 1, ctx); ++ emit_bcond(MIPS_COND_EQ, r_A, r_s0, ++ b_off, ctx); ++ emit_nop(ctx); ++ /* jump false */ ++ b_off = b_imm(i + inst->jf + 1, ++ ctx); ++ emit_bcond(MIPS_COND_NE, r_A, r_s0, ++ b_off, ctx); ++ emit_nop(ctx); ++ } else { /* X */ ++ /* jump true */ ++ ctx->flags |= SEEN_A | SEEN_X; ++ b_off = b_imm(i + inst->jt + 1, ++ ctx); ++ emit_bcond(MIPS_COND_EQ, r_A, r_X, ++ b_off, ctx); ++ emit_nop(ctx); ++ /* jump false */ ++ b_off = b_imm(i + inst->jf + 1, ctx); ++ emit_bcond(MIPS_COND_NE, r_A, r_X, ++ b_off, ctx); ++ emit_nop(ctx); ++ } ++ } ++ break; ++ case BPF_JMP | BPF_JSET | BPF_K: ++ ctx->flags |= SEEN_A; ++ /* pc += (A & K) ? pc -> jt : pc -> jf */ ++ emit_load_imm(r_s1, k, ctx); ++ emit_and(r_s0, r_A, r_s1, ctx); ++ /* jump true */ ++ b_off = b_imm(i + inst->jt + 1, ctx); ++ emit_bcond(MIPS_COND_NE, r_s0, r_zero, b_off, ctx); ++ emit_nop(ctx); ++ /* jump false */ ++ b_off = b_imm(i + inst->jf + 1, ctx); ++ emit_b(b_off, ctx); ++ emit_nop(ctx); ++ break; ++ case BPF_JMP | BPF_JSET | BPF_X: ++ ctx->flags |= SEEN_X | SEEN_A; ++ /* pc += (A & X) ? pc -> jt : pc -> jf */ ++ emit_and(r_s0, r_A, r_X, ctx); ++ /* jump true */ ++ b_off = b_imm(i + inst->jt + 1, ctx); ++ emit_bcond(MIPS_COND_NE, r_s0, r_zero, b_off, ctx); ++ emit_nop(ctx); ++ /* jump false */ ++ b_off = b_imm(i + inst->jf + 1, ctx); ++ emit_b(b_off, ctx); ++ emit_nop(ctx); ++ break; ++ case BPF_RET | BPF_A: ++ ctx->flags |= SEEN_A; ++ if (i != prog->len - 1) { ++ /* ++ * If this is not the last instruction ++ * then jump to the epilogue ++ */ ++ b_off = b_imm(prog->len, ctx); ++ if (is_bad_offset(b_off)) ++ return -E2BIG; ++ emit_b(b_off, ctx); ++ } ++ emit_reg_move(r_ret, r_A, ctx); /* delay slot */ ++ break; ++ case BPF_RET | BPF_K: ++ /* ++ * It can emit two instructions so it does not fit on ++ * the delay slot. ++ */ ++ emit_load_imm(r_ret, k, ctx); ++ if (i != prog->len - 1) { ++ /* ++ * If this is not the last instruction ++ * then jump to the epilogue ++ */ ++ b_off = b_imm(prog->len, ctx); ++ if (is_bad_offset(b_off)) ++ return -E2BIG; ++ emit_b(b_off, ctx); ++ emit_nop(ctx); ++ } ++ break; ++ case BPF_MISC | BPF_TAX: ++ /* X = A */ ++ ctx->flags |= SEEN_X | SEEN_A; ++ emit_jit_reg_move(r_X, r_A, ctx); ++ break; ++ case BPF_MISC | BPF_TXA: ++ /* A = X */ ++ ctx->flags |= SEEN_A | SEEN_X; ++ emit_jit_reg_move(r_A, r_X, ctx); ++ break; ++ /* AUX */ ++ case BPF_ANC | SKF_AD_PROTOCOL: ++ /* A = ntohs(skb->protocol */ ++ ctx->flags |= SEEN_SKB | SEEN_OFF | SEEN_A; ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, ++ protocol) != 2); ++ off = offsetof(struct sk_buff, protocol); ++ emit_half_load(r_A, r_skb, off, ctx); ++#ifdef CONFIG_CPU_LITTLE_ENDIAN ++ /* This needs little endian fixup */ ++ if (cpu_has_wsbh) { ++ /* R2 and later have the wsbh instruction */ ++ emit_wsbh(r_A, r_A, ctx); ++ } else { ++ /* Get first byte */ ++ emit_andi(r_tmp_imm, r_A, 0xff, ctx); ++ /* Shift it */ ++ emit_sll(r_tmp, r_tmp_imm, 8, ctx); ++ /* Get second byte */ ++ emit_srl(r_tmp_imm, r_A, 8, ctx); ++ emit_andi(r_tmp_imm, r_tmp_imm, 0xff, ctx); ++ /* Put everyting together in r_A */ ++ emit_or(r_A, r_tmp, r_tmp_imm, ctx); ++ } ++#endif ++ break; ++ case BPF_ANC | SKF_AD_CPU: ++ ctx->flags |= SEEN_A | SEEN_OFF; ++ /* A = current_thread_info()->cpu */ ++ BUILD_BUG_ON(FIELD_SIZEOF(struct thread_info, ++ cpu) != 4); ++ off = offsetof(struct thread_info, cpu); ++ /* $28/gp points to the thread_info struct */ ++ emit_load(r_A, 28, off, ctx); ++ break; ++ case BPF_ANC | SKF_AD_IFINDEX: ++ /* A = skb->dev->ifindex */ ++ case BPF_ANC | SKF_AD_HATYPE: ++ /* A = skb->dev->type */ ++ ctx->flags |= SEEN_SKB | SEEN_A; ++ off = offsetof(struct sk_buff, dev); ++ /* Load *dev pointer */ ++ emit_load_ptr(r_s0, r_skb, off, ctx); ++ /* error (0) in the delay slot */ ++ b_off = b_imm(prog->len, ctx); ++ if (is_bad_offset(b_off)) ++ return -E2BIG; ++ emit_bcond(MIPS_COND_EQ, r_s0, r_zero, b_off, ctx); ++ emit_reg_move(r_ret, r_zero, ctx); ++ if (code == (BPF_ANC | SKF_AD_IFINDEX)) { ++ BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, ifindex) != 4); ++ off = offsetof(struct net_device, ifindex); ++ emit_load(r_A, r_s0, off, ctx); ++ } else { /* (code == (BPF_ANC | SKF_AD_HATYPE) */ ++ BUILD_BUG_ON(FIELD_SIZEOF(struct net_device, type) != 2); ++ off = offsetof(struct net_device, type); ++ emit_half_load_unsigned(r_A, r_s0, off, ctx); ++ } ++ break; ++ case BPF_ANC | SKF_AD_MARK: ++ ctx->flags |= SEEN_SKB | SEEN_A; ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, mark) != 4); ++ off = offsetof(struct sk_buff, mark); ++ emit_load(r_A, r_skb, off, ctx); ++ break; ++ case BPF_ANC | SKF_AD_RXHASH: ++ ctx->flags |= SEEN_SKB | SEEN_A; ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, hash) != 4); ++ off = offsetof(struct sk_buff, hash); ++ emit_load(r_A, r_skb, off, ctx); ++ break; ++ case BPF_ANC | SKF_AD_VLAN_TAG: ++ ctx->flags |= SEEN_SKB | SEEN_A; ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, ++ vlan_tci) != 2); ++ off = offsetof(struct sk_buff, vlan_tci); ++ emit_half_load_unsigned(r_A, r_skb, off, ctx); ++ break; ++ case BPF_ANC | SKF_AD_VLAN_TAG_PRESENT: ++ ctx->flags |= SEEN_SKB | SEEN_A; ++ emit_load_byte(r_A, r_skb, PKT_VLAN_PRESENT_OFFSET(), ctx); ++ if (PKT_VLAN_PRESENT_BIT) ++ emit_srl(r_A, r_A, PKT_VLAN_PRESENT_BIT, ctx); ++ if (PKT_VLAN_PRESENT_BIT < 7) ++ emit_andi(r_A, r_A, 1, ctx); ++ break; ++ case BPF_ANC | SKF_AD_PKTTYPE: ++ ctx->flags |= SEEN_SKB; ++ ++ emit_load_byte(r_tmp, r_skb, PKT_TYPE_OFFSET(), ctx); ++ /* Keep only the last 3 bits */ ++ emit_andi(r_A, r_tmp, PKT_TYPE_MAX, ctx); ++#ifdef __BIG_ENDIAN_BITFIELD ++ /* Get the actual packet type to the lower 3 bits */ ++ emit_srl(r_A, r_A, 5, ctx); ++#endif ++ break; ++ case BPF_ANC | SKF_AD_QUEUE: ++ ctx->flags |= SEEN_SKB | SEEN_A; ++ BUILD_BUG_ON(FIELD_SIZEOF(struct sk_buff, ++ queue_mapping) != 2); ++ BUILD_BUG_ON(offsetof(struct sk_buff, ++ queue_mapping) > 0xff); ++ off = offsetof(struct sk_buff, queue_mapping); ++ emit_half_load_unsigned(r_A, r_skb, off, ctx); ++ break; ++ default: ++ pr_debug("%s: Unhandled opcode: 0x%02x\n", __FILE__, ++ inst->code); ++ return -1; ++ } ++ } ++ ++ /* compute offsets only during the first pass */ ++ if (ctx->target == NULL) ++ ctx->offsets[i] = ctx->idx * 4; ++ ++ return 0; ++} ++ ++void bpf_jit_compile(struct bpf_prog *fp) ++{ ++ struct jit_ctx ctx; ++ unsigned int alloc_size, tmp_idx; ++ ++ if (!bpf_jit_enable) ++ return; ++ ++ memset(&ctx, 0, sizeof(ctx)); ++ ++ ctx.offsets = kcalloc(fp->len + 1, sizeof(*ctx.offsets), GFP_KERNEL); ++ if (ctx.offsets == NULL) ++ return; ++ ++ ctx.skf = fp; ++ ++ if (build_body(&ctx)) ++ goto out; ++ ++ tmp_idx = ctx.idx; ++ build_prologue(&ctx); ++ ctx.prologue_bytes = (ctx.idx - tmp_idx) * 4; ++ /* just to complete the ctx.idx count */ ++ build_epilogue(&ctx); ++ ++ alloc_size = 4 * ctx.idx; ++ ctx.target = module_alloc(alloc_size); ++ if (ctx.target == NULL) ++ goto out; ++ ++ /* Clean it */ ++ memset(ctx.target, 0, alloc_size); ++ ++ ctx.idx = 0; ++ ++ /* Generate the actual JIT code */ ++ build_prologue(&ctx); ++ if (build_body(&ctx)) { ++ module_memfree(ctx.target); ++ goto out; ++ } ++ build_epilogue(&ctx); ++ ++ /* Update the icache */ ++ flush_icache_range((ptr)ctx.target, (ptr)(ctx.target + ctx.idx)); ++ ++ if (bpf_jit_enable > 1) ++ /* Dump JIT code */ ++ bpf_jit_dump(fp->len, alloc_size, 2, ctx.target); ++ ++ fp->bpf_func = (void *)ctx.target; ++ fp->jited = 1; ++ ++out: ++ kfree(ctx.offsets); ++} ++ ++void bpf_jit_free(struct bpf_prog *fp) ++{ ++ if (fp->jited) ++ module_memfree(fp->bpf_func); ++ ++ bpf_prog_unlock_free(fp); ++} +diff --git a/arch/mips/net/bpf_jit_asm.S b/arch/mips/net/bpf_jit_asm.S +new file mode 100644 +index 0000000000000..57154c5883b6f +--- /dev/null ++++ b/arch/mips/net/bpf_jit_asm.S +@@ -0,0 +1,285 @@ ++/* ++ * bpf_jib_asm.S: Packet/header access helper functions for MIPS/MIPS64 BPF ++ * compiler. ++ * ++ * Copyright (C) 2015 Imagination Technologies Ltd. ++ * Author: Markos Chandras <[email protected]> ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the ++ * Free Software Foundation; version 2 of the License. ++ */ ++ ++#include <asm/asm.h> ++#include <asm/isa-rev.h> ++#include <asm/regdef.h> ++#include "bpf_jit.h" ++ ++/* ABI ++ * ++ * r_skb_hl skb header length ++ * r_skb_data skb data ++ * r_off(a1) offset register ++ * r_A BPF register A ++ * r_X PF register X ++ * r_skb(a0) *skb ++ * r_M *scratch memory ++ * r_skb_le skb length ++ * r_s0 Scratch register 0 ++ * r_s1 Scratch register 1 ++ * ++ * On entry: ++ * a0: *skb ++ * a1: offset (imm or imm + X) ++ * ++ * All non-BPF-ABI registers are free for use. On return, we only ++ * care about r_ret. The BPF-ABI registers are assumed to remain ++ * unmodified during the entire filter operation. ++ */ ++ ++#define skb a0 ++#define offset a1 ++#define SKF_LL_OFF (-0x200000) /* Can't include linux/filter.h in assembly */ ++ ++ /* We know better :) so prevent assembler reordering etc */ ++ .set noreorder ++ ++#define is_offset_negative(TYPE) \ ++ /* If offset is negative we have more work to do */ \ ++ slti t0, offset, 0; \ ++ bgtz t0, bpf_slow_path_##TYPE##_neg; \ ++ /* Be careful what follows in DS. */ ++ ++#define is_offset_in_header(SIZE, TYPE) \ ++ /* Reading from header? */ \ ++ addiu $r_s0, $r_skb_hl, -SIZE; \ ++ slt t0, $r_s0, offset; \ ++ bgtz t0, bpf_slow_path_##TYPE; \ ++ ++LEAF(sk_load_word) ++ is_offset_negative(word) ++FEXPORT(sk_load_word_positive) ++ is_offset_in_header(4, word) ++ /* Offset within header boundaries */ ++ PTR_ADDU t1, $r_skb_data, offset ++ .set reorder ++ lw $r_A, 0(t1) ++ .set noreorder ++#ifdef CONFIG_CPU_LITTLE_ENDIAN ++# if MIPS_ISA_REV >= 2 ++ wsbh t0, $r_A ++ rotr $r_A, t0, 16 ++# else ++ sll t0, $r_A, 24 ++ srl t1, $r_A, 24 ++ srl t2, $r_A, 8 ++ or t0, t0, t1 ++ andi t2, t2, 0xff00 ++ andi t1, $r_A, 0xff00 ++ or t0, t0, t2 ++ sll t1, t1, 8 ++ or $r_A, t0, t1 ++# endif ++#endif ++ jr $r_ra ++ move $r_ret, zero ++ END(sk_load_word) ++ ++LEAF(sk_load_half) ++ is_offset_negative(half) ++FEXPORT(sk_load_half_positive) ++ is_offset_in_header(2, half) ++ /* Offset within header boundaries */ ++ PTR_ADDU t1, $r_skb_data, offset ++ lhu $r_A, 0(t1) ++#ifdef CONFIG_CPU_LITTLE_ENDIAN ++# if MIPS_ISA_REV >= 2 ++ wsbh $r_A, $r_A ++# else ++ sll t0, $r_A, 8 ++ srl t1, $r_A, 8 ++ andi t0, t0, 0xff00 ++ or $r_A, t0, t1 ++# endif ++#endif ++ jr $r_ra ++ move $r_ret, zero ++ END(sk_load_half) ++ ++LEAF(sk_load_byte) ++ is_offset_negative(byte) ++FEXPORT(sk_load_byte_positive) ++ is_offset_in_header(1, byte) ++ /* Offset within header boundaries */ ++ PTR_ADDU t1, $r_skb_data, offset ++ lbu $r_A, 0(t1) ++ jr $r_ra ++ move $r_ret, zero ++ END(sk_load_byte) ++ ++/* ++ * call skb_copy_bits: ++ * (prototype in linux/skbuff.h) ++ * ++ * int skb_copy_bits(sk_buff *skb, int offset, void *to, int len) ++ * ++ * o32 mandates we leave 4 spaces for argument registers in case ++ * the callee needs to use them. Even though we don't care about ++ * the argument registers ourselves, we need to allocate that space ++ * to remain ABI compliant since the callee may want to use that space. ++ * We also allocate 2 more spaces for $r_ra and our return register (*to). ++ * ++ * n64 is a bit different. The *caller* will allocate the space to preserve ++ * the arguments. So in 64-bit kernels, we allocate the 4-arg space for no ++ * good reason but it does not matter that much really. ++ * ++ * (void *to) is returned in r_s0 ++ * ++ */ ++#ifdef CONFIG_CPU_LITTLE_ENDIAN ++#define DS_OFFSET(SIZE) (4 * SZREG) ++#else ++#define DS_OFFSET(SIZE) ((4 * SZREG) + (4 - SIZE)) ++#endif ++#define bpf_slow_path_common(SIZE) \ ++ /* Quick check. Are we within reasonable boundaries? */ \ ++ LONG_ADDIU $r_s1, $r_skb_len, -SIZE; \ ++ sltu $r_s0, offset, $r_s1; \ ++ beqz $r_s0, fault; \ ++ /* Load 4th argument in DS */ \ ++ LONG_ADDIU a3, zero, SIZE; \ ++ PTR_ADDIU $r_sp, $r_sp, -(6 * SZREG); \ ++ PTR_LA t0, skb_copy_bits; \ ++ PTR_S $r_ra, (5 * SZREG)($r_sp); \ ++ /* Assign low slot to a2 */ \ ++ PTR_ADDIU a2, $r_sp, DS_OFFSET(SIZE); \ ++ jalr t0; \ ++ /* Reset our destination slot (DS but it's ok) */ \ ++ INT_S zero, (4 * SZREG)($r_sp); \ ++ /* \ ++ * skb_copy_bits returns 0 on success and -EFAULT \ ++ * on error. Our data live in a2. Do not bother with \ ++ * our data if an error has been returned. \ ++ */ \ ++ /* Restore our frame */ \ ++ PTR_L $r_ra, (5 * SZREG)($r_sp); \ ++ INT_L $r_s0, (4 * SZREG)($r_sp); \ ++ bltz v0, fault; \ ++ PTR_ADDIU $r_sp, $r_sp, 6 * SZREG; \ ++ move $r_ret, zero; \ ++ ++NESTED(bpf_slow_path_word, (6 * SZREG), $r_sp) ++ bpf_slow_path_common(4) ++#ifdef CONFIG_CPU_LITTLE_ENDIAN ++# if MIPS_ISA_REV >= 2 ++ wsbh t0, $r_s0 ++ jr $r_ra ++ rotr $r_A, t0, 16 ++# else ++ sll t0, $r_s0, 24 ++ srl t1, $r_s0, 24 ++ srl t2, $r_s0, 8 ++ or t0, t0, t1 ++ andi t2, t2, 0xff00 ++ andi t1, $r_s0, 0xff00 ++ or t0, t0, t2 ++ sll t1, t1, 8 ++ jr $r_ra ++ or $r_A, t0, t1 ++# endif ++#else ++ jr $r_ra ++ move $r_A, $r_s0 ++#endif ++ ++ END(bpf_slow_path_word) ++ ++NESTED(bpf_slow_path_half, (6 * SZREG), $r_sp) ++ bpf_slow_path_common(2) ++#ifdef CONFIG_CPU_LITTLE_ENDIAN ++# if MIPS_ISA_REV >= 2 ++ jr $r_ra ++ wsbh $r_A, $r_s0 ++# else ++ sll t0, $r_s0, 8 ++ andi t1, $r_s0, 0xff00 ++ andi t0, t0, 0xff00 ++ srl t1, t1, 8 ++ jr $r_ra ++ or $r_A, t0, t1 ++# endif ++#else ++ jr $r_ra ++ move $r_A, $r_s0 ++#endif ++ ++ END(bpf_slow_path_half) ++ ++NESTED(bpf_slow_path_byte, (6 * SZREG), $r_sp) ++ bpf_slow_path_common(1) ++ jr $r_ra ++ move $r_A, $r_s0 ++ ++ END(bpf_slow_path_byte) ++ ++/* ++ * Negative entry points ++ */ ++ .macro bpf_is_end_of_data ++ li t0, SKF_LL_OFF ++ /* Reading link layer data? */ ++ slt t1, offset, t0 ++ bgtz t1, fault ++ /* Be careful what follows in DS. */ ++ .endm ++/* ++ * call skb_copy_bits: ++ * (prototype in linux/filter.h) ++ * ++ * void *bpf_internal_load_pointer_neg_helper(const struct sk_buff *skb, ++ * int k, unsigned int size) ++ * ++ * see above (bpf_slow_path_common) for ABI restrictions ++ */ ++#define bpf_negative_common(SIZE) \ ++ PTR_ADDIU $r_sp, $r_sp, -(6 * SZREG); \ ++ PTR_LA t0, bpf_internal_load_pointer_neg_helper; \ ++ PTR_S $r_ra, (5 * SZREG)($r_sp); \ ++ jalr t0; \ ++ li a2, SIZE; \ ++ PTR_L $r_ra, (5 * SZREG)($r_sp); \ ++ /* Check return pointer */ \ ++ beqz v0, fault; \ ++ PTR_ADDIU $r_sp, $r_sp, 6 * SZREG; \ ++ /* Preserve our pointer */ \ ++ move $r_s0, v0; \ ++ /* Set return value */ \ ++ move $r_ret, zero; \ ++ ++bpf_slow_path_word_neg: ++ bpf_is_end_of_data ++NESTED(sk_load_word_negative, (6 * SZREG), $r_sp) ++ bpf_negative_common(4) ++ jr $r_ra ++ lw $r_A, 0($r_s0) ++ END(sk_load_word_negative) ++ ++bpf_slow_path_half_neg: ++ bpf_is_end_of_data ++NESTED(sk_load_half_negative, (6 * SZREG), $r_sp) ++ bpf_negative_common(2) ++ jr $r_ra ++ lhu $r_A, 0($r_s0) ++ END(sk_load_half_negative) ++ ++bpf_slow_path_byte_neg: ++ bpf_is_end_of_data ++NESTED(sk_load_byte_negative, (6 * SZREG), $r_sp) ++ bpf_negative_common(1) ++ jr $r_ra ++ lbu $r_A, 0($r_s0) ++ END(sk_load_byte_negative) ++ ++fault: ++ jr $r_ra ++ addiu $r_ret, zero, 1 +diff --git a/arch/powerpc/boot/dts/fsl/t1023rdb.dts b/arch/powerpc/boot/dts/fsl/t1023rdb.dts +index 5ba6fbfca2742..f82f85c65964c 100644 +--- a/arch/powerpc/boot/dts/fsl/t1023rdb.dts ++++ b/arch/powerpc/boot/dts/fsl/t1023rdb.dts +@@ -154,7 +154,7 @@ + + fm1mac3: ethernet@e4000 { + phy-handle = <&sgmii_aqr_phy3>; +- phy-connection-type = "sgmii-2500"; ++ phy-connection-type = "2500base-x"; + sleep = <&rcpm 0x20000000>; + }; + +diff --git a/arch/riscv/include/uapi/asm/unistd.h b/arch/riscv/include/uapi/asm/unistd.h +index 13ce76cc5affe..80dff2c2bf677 100644 +--- a/arch/riscv/include/uapi/asm/unistd.h ++++ b/arch/riscv/include/uapi/asm/unistd.h +@@ -18,9 +18,10 @@ + #ifdef __LP64__ + #define __ARCH_WANT_NEW_STAT + #define __ARCH_WANT_SET_GET_RLIMIT +-#define __ARCH_WANT_SYS_CLONE3 + #endif /* __LP64__ */ + ++#define __ARCH_WANT_SYS_CLONE3 ++ + #include <asm-generic/unistd.h> + + /* +diff --git a/arch/s390/net/bpf_jit_comp.c b/arch/s390/net/bpf_jit_comp.c +index 2d29966276296..f63e4cb6c9b31 100644 +--- a/arch/s390/net/bpf_jit_comp.c ++++ b/arch/s390/net/bpf_jit_comp.c +@@ -1385,7 +1385,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *fp) + jit.addrs = kvcalloc(fp->len + 1, sizeof(*jit.addrs), GFP_KERNEL); + if (jit.addrs == NULL) { + fp = orig_fp; +- goto out; ++ goto free_addrs; + } + /* + * Three initial passes: +diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig +index 36a28b9e46cbd..8c1590432e866 100644 +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1425,7 +1425,7 @@ config HIGHMEM4G + + config HIGHMEM64G + bool "64GB" +- depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !WINCHIP3D && !MK6 ++ depends on !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6 + select X86_PAE + ---help--- + Select this if you have a 32-bit processor and more than 4 +diff --git a/arch/x86/kernel/early-quirks.c b/arch/x86/kernel/early-quirks.c +index 2f9ec14be3b11..6f6b1d04dadf9 100644 +--- a/arch/x86/kernel/early-quirks.c ++++ b/arch/x86/kernel/early-quirks.c +@@ -710,12 +710,6 @@ static struct chipset early_qrk[] __initdata = { + */ + { PCI_VENDOR_ID_INTEL, 0x0f00, + PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet}, +- { PCI_VENDOR_ID_INTEL, 0x3e20, +- PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet}, +- { PCI_VENDOR_ID_INTEL, 0x3ec4, +- PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet}, +- { PCI_VENDOR_ID_INTEL, 0x8a12, +- PCI_CLASS_BRIDGE_HOST, PCI_ANY_ID, 0, force_disable_hpet}, + { PCI_VENDOR_ID_BROADCOM, 0x4331, + PCI_CLASS_NETWORK_OTHER, PCI_ANY_ID, 0, apple_airport_reset}, + {} +diff --git a/arch/x86/kernel/hpet.c b/arch/x86/kernel/hpet.c +index c6f791bc481eb..9834d221e390f 100644 +--- a/arch/x86/kernel/hpet.c ++++ b/arch/x86/kernel/hpet.c +@@ -9,6 +9,7 @@ + + #include <asm/hpet.h> + #include <asm/time.h> ++#include <asm/mwait.h> + + #undef pr_fmt + #define pr_fmt(fmt) "hpet: " fmt +@@ -806,6 +807,83 @@ static bool __init hpet_counting(void) + return false; + } + ++static bool __init mwait_pc10_supported(void) ++{ ++ unsigned int eax, ebx, ecx, mwait_substates; ++ ++ if (boot_cpu_data.x86_vendor != X86_VENDOR_INTEL) ++ return false; ++ ++ if (!cpu_feature_enabled(X86_FEATURE_MWAIT)) ++ return false; ++ ++ if (boot_cpu_data.cpuid_level < CPUID_MWAIT_LEAF) ++ return false; ++ ++ cpuid(CPUID_MWAIT_LEAF, &eax, &ebx, &ecx, &mwait_substates); ++ ++ return (ecx & CPUID5_ECX_EXTENSIONS_SUPPORTED) && ++ (ecx & CPUID5_ECX_INTERRUPT_BREAK) && ++ (mwait_substates & (0xF << 28)); ++} ++ ++/* ++ * Check whether the system supports PC10. If so force disable HPET as that ++ * stops counting in PC10. This check is overbroad as it does not take any ++ * of the following into account: ++ * ++ * - ACPI tables ++ * - Enablement of intel_idle ++ * - Command line arguments which limit intel_idle C-state support ++ * ++ * That's perfectly fine. HPET is a piece of hardware designed by committee ++ * and the only reasons why it is still in use on modern systems is the ++ * fact that it is impossible to reliably query TSC and CPU frequency via ++ * CPUID or firmware. ++ * ++ * If HPET is functional it is useful for calibrating TSC, but this can be ++ * done via PMTIMER as well which seems to be the last remaining timer on ++ * X86/INTEL platforms that has not been completely wreckaged by feature ++ * creep. ++ * ++ * In theory HPET support should be removed altogether, but there are older ++ * systems out there which depend on it because TSC and APIC timer are ++ * dysfunctional in deeper C-states. ++ * ++ * It's only 20 years now that hardware people have been asked to provide ++ * reliable and discoverable facilities which can be used for timekeeping ++ * and per CPU timer interrupts. ++ * ++ * The probability that this problem is going to be solved in the ++ * forseeable future is close to zero, so the kernel has to be cluttered ++ * with heuristics to keep up with the ever growing amount of hardware and ++ * firmware trainwrecks. Hopefully some day hardware people will understand ++ * that the approach of "This can be fixed in software" is not sustainable. ++ * Hope dies last... ++ */ ++static bool __init hpet_is_pc10_damaged(void) ++{ ++ unsigned long long pcfg; ++ ++ /* Check whether PC10 substates are supported */ ++ if (!mwait_pc10_supported()) ++ return false; ++ ++ /* Check whether PC10 is enabled in PKG C-state limit */ ++ rdmsrl(MSR_PKG_CST_CONFIG_CONTROL, pcfg); ++ if ((pcfg & 0xF) < 8) ++ return false; ++ ++ if (hpet_force_user) { ++ pr_warn("HPET force enabled via command line, but dysfunctional in PC10.\n"); ++ return false; ++ } ++ ++ pr_info("HPET dysfunctional in PC10. Force disabled.\n"); ++ boot_hpet_disable = true; ++ return true; ++} ++ + /** + * hpet_enable - Try to setup the HPET timer. Returns 1 on success. + */ +@@ -819,6 +897,9 @@ int __init hpet_enable(void) + if (!is_hpet_capable()) + return 0; + ++ if (hpet_is_pc10_damaged()) ++ return 0; ++ + hpet_set_mapping(); + if (!hpet_virt_address) + return 0; +diff --git a/arch/x86/platform/olpc/olpc.c b/arch/x86/platform/olpc/olpc.c +index ee2beda590d0d..1d4a00e767ece 100644 +--- a/arch/x86/platform/olpc/olpc.c ++++ b/arch/x86/platform/olpc/olpc.c +@@ -274,7 +274,7 @@ static struct olpc_ec_driver ec_xo1_driver = { + + static struct olpc_ec_driver ec_xo1_5_driver = { + .ec_cmd = olpc_xo1_ec_cmd, +-#ifdef CONFIG_OLPC_XO1_5_SCI ++#ifdef CONFIG_OLPC_XO15_SCI + /* + * XO-1.5 EC wakeups are available when olpc-xo15-sci driver is + * compiled in +diff --git a/arch/xtensa/include/asm/kmem_layout.h b/arch/xtensa/include/asm/kmem_layout.h +index 9c12babc016cd..6fc05cba61a27 100644 +--- a/arch/xtensa/include/asm/kmem_layout.h ++++ b/arch/xtensa/include/asm/kmem_layout.h +@@ -11,6 +11,7 @@ + #ifndef _XTENSA_KMEM_LAYOUT_H + #define _XTENSA_KMEM_LAYOUT_H + ++#include <asm/core.h> + #include <asm/types.h> + + #ifdef CONFIG_MMU +@@ -65,6 +66,34 @@ + + #endif + ++/* KIO definition */ ++ ++#if XCHAL_HAVE_PTP_MMU ++#define XCHAL_KIO_CACHED_VADDR 0xe0000000 ++#define XCHAL_KIO_BYPASS_VADDR 0xf0000000 ++#define XCHAL_KIO_DEFAULT_PADDR 0xf0000000 ++#else ++#define XCHAL_KIO_BYPASS_VADDR XCHAL_KIO_PADDR ++#define XCHAL_KIO_DEFAULT_PADDR 0x90000000 ++#endif ++#define XCHAL_KIO_SIZE 0x10000000 ++ ++#if (!XCHAL_HAVE_PTP_MMU || XCHAL_HAVE_SPANNING_WAY) && defined(CONFIG_USE_OF) ++#define XCHAL_KIO_PADDR xtensa_get_kio_paddr() ++#ifndef __ASSEMBLY__ ++extern unsigned long xtensa_kio_paddr; ++ ++static inline unsigned long xtensa_get_kio_paddr(void) ++{ ++ return xtensa_kio_paddr; ++} ++#endif ++#else ++#define XCHAL_KIO_PADDR XCHAL_KIO_DEFAULT_PADDR ++#endif ++ ++/* KERNEL_STACK definition */ ++ + #ifndef CONFIG_KASAN + #define KERNEL_STACK_SHIFT 13 + #else +diff --git a/arch/xtensa/include/asm/vectors.h b/arch/xtensa/include/asm/vectors.h +index 79fe3007919eb..4220c6dac44f4 100644 +--- a/arch/xtensa/include/asm/vectors.h ++++ b/arch/xtensa/include/asm/vectors.h +@@ -21,50 +21,14 @@ + #include <asm/core.h> + #include <asm/kmem_layout.h> + +-#if XCHAL_HAVE_PTP_MMU +-#define XCHAL_KIO_CACHED_VADDR 0xe0000000 +-#define XCHAL_KIO_BYPASS_VADDR 0xf0000000 +-#define XCHAL_KIO_DEFAULT_PADDR 0xf0000000 +-#else +-#define XCHAL_KIO_BYPASS_VADDR XCHAL_KIO_PADDR +-#define XCHAL_KIO_DEFAULT_PADDR 0x90000000 +-#endif +-#define XCHAL_KIO_SIZE 0x10000000 +- +-#if (!XCHAL_HAVE_PTP_MMU || XCHAL_HAVE_SPANNING_WAY) && defined(CONFIG_OF) +-#define XCHAL_KIO_PADDR xtensa_get_kio_paddr() +-#ifndef __ASSEMBLY__ +-extern unsigned long xtensa_kio_paddr; +- +-static inline unsigned long xtensa_get_kio_paddr(void) +-{ +- return xtensa_kio_paddr; +-} +-#endif +-#else +-#define XCHAL_KIO_PADDR XCHAL_KIO_DEFAULT_PADDR +-#endif +- +-#if defined(CONFIG_MMU) +- +-#if XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY +-/* Image Virtual Start Address */ +-#define KERNELOFFSET (XCHAL_KSEG_CACHED_VADDR + \ +- CONFIG_KERNEL_LOAD_ADDRESS - \ ++#if defined(CONFIG_MMU) && XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY ++#define KERNELOFFSET (CONFIG_KERNEL_LOAD_ADDRESS + \ ++ XCHAL_KSEG_CACHED_VADDR - \ + XCHAL_KSEG_PADDR) + #else + #define KERNELOFFSET CONFIG_KERNEL_LOAD_ADDRESS + #endif + +-#else /* !defined(CONFIG_MMU) */ +- /* MMU Not being used - Virtual == Physical */ +- +-/* Location of the start of the kernel text, _start */ +-#define KERNELOFFSET CONFIG_KERNEL_LOAD_ADDRESS +- +- +-#endif /* CONFIG_MMU */ +- + #define RESET_VECTOR1_VADDR (XCHAL_RESET_VECTOR1_VADDR) + #ifdef CONFIG_VECTORS_OFFSET + #define VECBASE_VADDR (KERNELOFFSET - CONFIG_VECTORS_OFFSET) +diff --git a/arch/xtensa/kernel/irq.c b/arch/xtensa/kernel/irq.c +index a48bf2d10ac2d..80cc9770a8d2d 100644 +--- a/arch/xtensa/kernel/irq.c ++++ b/arch/xtensa/kernel/irq.c +@@ -145,7 +145,7 @@ unsigned xtensa_get_ext_irq_no(unsigned irq) + + void __init init_IRQ(void) + { +-#ifdef CONFIG_OF ++#ifdef CONFIG_USE_OF + irqchip_init(); + #else + #ifdef CONFIG_HAVE_SMP +diff --git a/arch/xtensa/kernel/setup.c b/arch/xtensa/kernel/setup.c +index d08172138369b..5a25bc2b80521 100644 +--- a/arch/xtensa/kernel/setup.c ++++ b/arch/xtensa/kernel/setup.c +@@ -64,7 +64,7 @@ extern unsigned long initrd_end; + extern int initrd_below_start_ok; + #endif + +-#ifdef CONFIG_OF ++#ifdef CONFIG_USE_OF + void *dtb_start = __dtb_start; + #endif + +@@ -126,7 +126,7 @@ __tagtable(BP_TAG_INITRD, parse_tag_initrd); + + #endif /* CONFIG_BLK_DEV_INITRD */ + +-#ifdef CONFIG_OF ++#ifdef CONFIG_USE_OF + + static int __init parse_tag_fdt(const bp_tag_t *tag) + { +@@ -136,7 +136,7 @@ static int __init parse_tag_fdt(const bp_tag_t *tag) + + __tagtable(BP_TAG_FDT, parse_tag_fdt); + +-#endif /* CONFIG_OF */ ++#endif /* CONFIG_USE_OF */ + + static int __init parse_tag_cmdline(const bp_tag_t* tag) + { +@@ -184,7 +184,7 @@ static int __init parse_bootparam(const bp_tag_t *tag) + } + #endif + +-#ifdef CONFIG_OF ++#ifdef CONFIG_USE_OF + + #if !XCHAL_HAVE_PTP_MMU || XCHAL_HAVE_SPANNING_WAY + unsigned long xtensa_kio_paddr = XCHAL_KIO_DEFAULT_PADDR; +@@ -233,7 +233,7 @@ void __init early_init_devtree(void *params) + strlcpy(command_line, boot_command_line, COMMAND_LINE_SIZE); + } + +-#endif /* CONFIG_OF */ ++#endif /* CONFIG_USE_OF */ + + /* + * Initialize architecture. (Early stage) +@@ -254,7 +254,7 @@ void __init init_arch(bp_tag_t *bp_start) + if (bp_start) + parse_bootparam(bp_start); + +-#ifdef CONFIG_OF ++#ifdef CONFIG_USE_OF + early_init_devtree(dtb_start); + #endif + +diff --git a/arch/xtensa/mm/mmu.c b/arch/xtensa/mm/mmu.c +index 03678c4afc39b..bc858a7f98ba4 100644 +--- a/arch/xtensa/mm/mmu.c ++++ b/arch/xtensa/mm/mmu.c +@@ -101,7 +101,7 @@ void init_mmu(void) + + void init_kio(void) + { +-#if XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY && defined(CONFIG_OF) ++#if XCHAL_HAVE_PTP_MMU && XCHAL_HAVE_SPANNING_WAY && defined(CONFIG_USE_OF) + /* + * Update the IO area mapping in case xtensa_kio_paddr has changed + */ +diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c +index 90053c4a8290d..469ca73de4ce7 100644 +--- a/drivers/bus/ti-sysc.c ++++ b/drivers/bus/ti-sysc.c +@@ -1388,6 +1388,9 @@ static const struct sysc_revision_quirk sysc_revision_quirks[] = { + /* Quirks that need to be set based on detected module */ + SYSC_QUIRK("aess", 0, 0, 0x10, -ENODEV, 0x40000000, 0xffffffff, + SYSC_MODULE_QUIRK_AESS), ++ /* Errata i893 handling for dra7 dcan1 and 2 */ ++ SYSC_QUIRK("dcan", 0x4ae3c000, 0x20, -ENODEV, -ENODEV, 0xa3170504, 0xffffffff, ++ SYSC_QUIRK_CLKDM_NOAUTO), + SYSC_QUIRK("dcan", 0x48480000, 0x20, -ENODEV, -ENODEV, 0xa3170504, 0xffffffff, + SYSC_QUIRK_CLKDM_NOAUTO), + SYSC_QUIRK("dss", 0x4832a000, 0, 0x10, 0x14, 0x00000020, 0xffffffff, +diff --git a/drivers/gpu/drm/nouveau/nouveau_debugfs.c b/drivers/gpu/drm/nouveau/nouveau_debugfs.c +index 3b13feca970f7..3c54d61e4fa94 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_debugfs.c ++++ b/drivers/gpu/drm/nouveau/nouveau_debugfs.c +@@ -207,6 +207,7 @@ static const struct file_operations nouveau_pstate_fops = { + .open = nouveau_debugfs_pstate_open, + .read = seq_read, + .write = nouveau_debugfs_pstate_set, ++ .release = single_release, + }; + + static struct drm_info_list nouveau_debugfs_list[] = { +diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c +index c70983780ae79..fe466ee4c49bf 100644 +--- a/drivers/i2c/i2c-core-acpi.c ++++ b/drivers/i2c/i2c-core-acpi.c +@@ -436,6 +436,7 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, + break; + + i2c_acpi_register_device(adapter, adev, &info); ++ put_device(&adapter->dev); + break; + case ACPI_RECONFIG_DEVICE_REMOVE: + if (!acpi_device_enumerated(adev)) +diff --git a/drivers/mmc/host/meson-gx-mmc.c b/drivers/mmc/host/meson-gx-mmc.c +index a3e3b274f0ea3..cdd57ce55b2fa 100644 +--- a/drivers/mmc/host/meson-gx-mmc.c ++++ b/drivers/mmc/host/meson-gx-mmc.c +@@ -738,7 +738,7 @@ static void meson_mmc_desc_chain_transfer(struct mmc_host *mmc, u32 cmd_cfg) + writel(start, host->regs + SD_EMMC_START); + } + +-/* local sg copy to buffer version with _to/fromio usage for dram_access_quirk */ ++/* local sg copy for dram_access_quirk */ + static void meson_mmc_copy_buffer(struct meson_host *host, struct mmc_data *data, + size_t buflen, bool to_buffer) + { +@@ -756,21 +756,27 @@ static void meson_mmc_copy_buffer(struct meson_host *host, struct mmc_data *data + sg_miter_start(&miter, sgl, nents, sg_flags); + + while ((offset < buflen) && sg_miter_next(&miter)) { +- unsigned int len; ++ unsigned int buf_offset = 0; ++ unsigned int len, left; ++ u32 *buf = miter.addr; + + len = min(miter.length, buflen - offset); ++ left = len; + +- /* When dram_access_quirk, the bounce buffer is a iomem mapping */ +- if (host->dram_access_quirk) { +- if (to_buffer) +- memcpy_toio(host->bounce_iomem_buf + offset, miter.addr, len); +- else +- memcpy_fromio(miter.addr, host->bounce_iomem_buf + offset, len); ++ if (to_buffer) { ++ do { ++ writel(*buf++, host->bounce_iomem_buf + offset + buf_offset); ++ ++ buf_offset += 4; ++ left -= 4; ++ } while (left); + } else { +- if (to_buffer) +- memcpy(host->bounce_buf + offset, miter.addr, len); +- else +- memcpy(miter.addr, host->bounce_buf + offset, len); ++ do { ++ *buf++ = readl(host->bounce_iomem_buf + offset + buf_offset); ++ ++ buf_offset += 4; ++ left -= 4; ++ } while (left); + } + + offset += len; +@@ -822,7 +828,11 @@ static void meson_mmc_start_cmd(struct mmc_host *mmc, struct mmc_command *cmd) + if (data->flags & MMC_DATA_WRITE) { + cmd_cfg |= CMD_CFG_DATA_WR; + WARN_ON(xfer_bytes > host->bounce_buf_size); +- meson_mmc_copy_buffer(host, data, xfer_bytes, true); ++ if (host->dram_access_quirk) ++ meson_mmc_copy_buffer(host, data, xfer_bytes, true); ++ else ++ sg_copy_to_buffer(data->sg, data->sg_len, ++ host->bounce_buf, xfer_bytes); + dma_wmb(); + } + +@@ -841,12 +851,43 @@ static void meson_mmc_start_cmd(struct mmc_host *mmc, struct mmc_command *cmd) + writel(cmd->arg, host->regs + SD_EMMC_CMD_ARG); + } + ++static int meson_mmc_validate_dram_access(struct mmc_host *mmc, struct mmc_data *data) ++{ ++ struct scatterlist *sg; ++ int i; ++ ++ /* Reject request if any element offset or size is not 32bit aligned */ ++ for_each_sg(data->sg, sg, data->sg_len, i) { ++ if (!IS_ALIGNED(sg->offset, sizeof(u32)) || ++ !IS_ALIGNED(sg->length, sizeof(u32))) { ++ dev_err(mmc_dev(mmc), "unaligned sg offset %u len %u\n", ++ data->sg->offset, data->sg->length); ++ return -EINVAL; ++ } ++ } ++ ++ return 0; ++} ++ + static void meson_mmc_request(struct mmc_host *mmc, struct mmc_request *mrq) + { + struct meson_host *host = mmc_priv(mmc); + bool needs_pre_post_req = mrq->data && + !(mrq->data->host_cookie & SD_EMMC_PRE_REQ_DONE); + ++ /* ++ * The memory at the end of the controller used as bounce buffer for ++ * the dram_access_quirk only accepts 32bit read/write access, ++ * check the aligment and length of the data before starting the request. ++ */ ++ if (host->dram_access_quirk && mrq->data) { ++ mrq->cmd->error = meson_mmc_validate_dram_access(mmc, mrq->data); ++ if (mrq->cmd->error) { ++ mmc_request_done(mmc, mrq); ++ return; ++ } ++ } ++ + if (needs_pre_post_req) { + meson_mmc_get_transfer_mode(mmc, mrq); + if (!meson_mmc_desc_chain_mode(mrq->data)) +@@ -991,7 +1032,11 @@ static irqreturn_t meson_mmc_irq_thread(int irq, void *dev_id) + if (meson_mmc_bounce_buf_read(data)) { + xfer_bytes = data->blksz * data->blocks; + WARN_ON(xfer_bytes > host->bounce_buf_size); +- meson_mmc_copy_buffer(host, data, xfer_bytes, false); ++ if (host->dram_access_quirk) ++ meson_mmc_copy_buffer(host, data, xfer_bytes, false); ++ else ++ sg_copy_from_buffer(data->sg, data->sg_len, ++ host->bounce_buf, xfer_bytes); + } + + next_cmd = meson_mmc_get_next_command(cmd); +diff --git a/drivers/net/ethernet/google/gve/gve.h b/drivers/net/ethernet/google/gve/gve.h +index ebc37e2569221..f19edd4c6c5bb 100644 +--- a/drivers/net/ethernet/google/gve/gve.h ++++ b/drivers/net/ethernet/google/gve/gve.h +@@ -391,7 +391,7 @@ struct gve_queue_page_list *gve_assign_rx_qpl(struct gve_priv *priv) + gve_num_tx_qpls(priv)); + + /* we are out of rx qpls */ +- if (id == priv->qpl_cfg.qpl_map_size) ++ if (id == gve_num_tx_qpls(priv) + gve_num_rx_qpls(priv)) + return NULL; + + set_bit(id, priv->qpl_cfg.qpl_id_map); +diff --git a/drivers/net/ethernet/google/gve/gve_main.c b/drivers/net/ethernet/google/gve/gve_main.c +index f8dfa7501f65a..5b450c6100add 100644 +--- a/drivers/net/ethernet/google/gve/gve_main.c ++++ b/drivers/net/ethernet/google/gve/gve_main.c +@@ -30,6 +30,7 @@ static void gve_get_stats(struct net_device *dev, struct rtnl_link_stats64 *s) + { + struct gve_priv *priv = netdev_priv(dev); + unsigned int start; ++ u64 packets, bytes; + int ring; + + if (priv->rx) { +@@ -37,10 +38,12 @@ static void gve_get_stats(struct net_device *dev, struct rtnl_link_stats64 *s) + do { + start = + u64_stats_fetch_begin(&priv->rx[ring].statss); +- s->rx_packets += priv->rx[ring].rpackets; +- s->rx_bytes += priv->rx[ring].rbytes; ++ packets = priv->rx[ring].rpackets; ++ bytes = priv->rx[ring].rbytes; + } while (u64_stats_fetch_retry(&priv->rx[ring].statss, + start)); ++ s->rx_packets += packets; ++ s->rx_bytes += bytes; + } + } + if (priv->tx) { +@@ -48,10 +51,12 @@ static void gve_get_stats(struct net_device *dev, struct rtnl_link_stats64 *s) + do { + start = + u64_stats_fetch_begin(&priv->tx[ring].statss); +- s->tx_packets += priv->tx[ring].pkt_done; +- s->tx_bytes += priv->tx[ring].bytes_done; ++ packets = priv->tx[ring].pkt_done; ++ bytes = priv->tx[ring].bytes_done; + } while (u64_stats_fetch_retry(&priv->tx[ring].statss, + start)); ++ s->tx_packets += packets; ++ s->tx_bytes += bytes; + } + } + } +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c +index 21ab7d2caddf5..917be10a5cf5c 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -4817,7 +4817,8 @@ static void i40e_clear_interrupt_scheme(struct i40e_pf *pf) + { + int i; + +- i40e_free_misc_vector(pf); ++ if (test_bit(__I40E_MISC_IRQ_REQUESTED, pf->state)) ++ i40e_free_misc_vector(pf); + + i40e_put_lump(pf->irq_pile, pf->iwarp_base_vector, + I40E_IWARP_IRQ_PILE_ID); +@@ -9616,7 +9617,7 @@ static int i40e_get_capabilities(struct i40e_pf *pf, + if (pf->hw.aq.asq_last_status == I40E_AQ_RC_ENOMEM) { + /* retry with a larger buffer */ + buf_len = data_size; +- } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK) { ++ } else if (pf->hw.aq.asq_last_status != I40E_AQ_RC_OK || err) { + dev_info(&pf->pdev->dev, + "capability discovery failed, err %s aq_err %s\n", + i40e_stat_str(&pf->hw, err), +diff --git a/drivers/net/phy/mdio_bus.c b/drivers/net/phy/mdio_bus.c +index 5bf06eac04ba3..bec73f0640d03 100644 +--- a/drivers/net/phy/mdio_bus.c ++++ b/drivers/net/phy/mdio_bus.c +@@ -385,6 +385,13 @@ int __mdiobus_register(struct mii_bus *bus, struct module *owner) + bus->dev.groups = NULL; + dev_set_name(&bus->dev, "%s", bus->id); + ++ /* We need to set state to MDIOBUS_UNREGISTERED to correctly release ++ * the device in mdiobus_free() ++ * ++ * State will be updated later in this function in case of success ++ */ ++ bus->state = MDIOBUS_UNREGISTERED; ++ + err = device_register(&bus->dev); + if (err) { + pr_err("mii_bus %s failed to register\n", bus->id); +diff --git a/drivers/net/phy/sfp.c b/drivers/net/phy/sfp.c +index 27b67f12ec455..5657c604602e8 100644 +--- a/drivers/net/phy/sfp.c ++++ b/drivers/net/phy/sfp.c +@@ -115,7 +115,7 @@ static const char * const sm_state_strings[] = { + [SFP_S_LINK_UP] = "link_up", + [SFP_S_TX_FAULT] = "tx_fault", + [SFP_S_REINIT] = "reinit", +- [SFP_S_TX_DISABLE] = "rx_disable", ++ [SFP_S_TX_DISABLE] = "tx_disable", + }; + + static const char *sm_state_to_str(unsigned short sm_state) +diff --git a/drivers/ptp/ptp_pch.c b/drivers/ptp/ptp_pch.c +index dcd6e00c80467..a50656632df93 100644 +--- a/drivers/ptp/ptp_pch.c ++++ b/drivers/ptp/ptp_pch.c +@@ -683,6 +683,7 @@ static const struct pci_device_id pch_ieee1588_pcidev_id[] = { + }, + {0} + }; ++MODULE_DEVICE_TABLE(pci, pch_ieee1588_pcidev_id); + + static struct pci_driver pch_driver = { + .name = KBUILD_MODNAME, +diff --git a/drivers/soc/qcom/mdt_loader.c b/drivers/soc/qcom/mdt_loader.c +index eba7f76f9d61a..6034cd8992b0e 100644 +--- a/drivers/soc/qcom/mdt_loader.c ++++ b/drivers/soc/qcom/mdt_loader.c +@@ -98,7 +98,7 @@ void *qcom_mdt_read_metadata(const struct firmware *fw, size_t *data_len) + if (ehdr->e_phnum < 2) + return ERR_PTR(-EINVAL); + +- if (phdrs[0].p_type == PT_LOAD || phdrs[1].p_type == PT_LOAD) ++ if (phdrs[0].p_type == PT_LOAD) + return ERR_PTR(-EINVAL); + + if ((phdrs[1].p_flags & QCOM_MDT_TYPE_MASK) != QCOM_MDT_TYPE_HASH) +diff --git a/drivers/soc/qcom/socinfo.c b/drivers/soc/qcom/socinfo.c +index 176696f8f38d1..3303bcaf67154 100644 +--- a/drivers/soc/qcom/socinfo.c ++++ b/drivers/soc/qcom/socinfo.c +@@ -447,7 +447,7 @@ static int qcom_socinfo_probe(struct platform_device *pdev) + /* Feed the soc specific unique data into entropy pool */ + add_device_randomness(info, item_size); + +- platform_set_drvdata(pdev, qs->soc_dev); ++ platform_set_drvdata(pdev, qs); + + return 0; + } +diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c +index e139cda35f639..5dc8827ede7e8 100644 +--- a/drivers/usb/class/cdc-acm.c ++++ b/drivers/usb/class/cdc-acm.c +@@ -339,6 +339,9 @@ static void acm_process_notification(struct acm *acm, unsigned char *buf) + acm->iocount.overrun++; + spin_unlock_irqrestore(&acm->read_lock, flags); + ++ if (newctrl & ACM_CTRL_BRK) ++ tty_flip_buffer_push(&acm->port); ++ + if (difference) + wake_up_all(&acm->wioctl); + +@@ -474,11 +477,16 @@ static int acm_submit_read_urbs(struct acm *acm, gfp_t mem_flags) + + static void acm_process_read_urb(struct acm *acm, struct urb *urb) + { ++ unsigned long flags; ++ + if (!urb->actual_length) + return; + ++ spin_lock_irqsave(&acm->read_lock, flags); + tty_insert_flip_string(&acm->port, urb->transfer_buffer, + urb->actual_length); ++ spin_unlock_irqrestore(&acm->read_lock, flags); ++ + tty_flip_buffer_push(&acm->port); + } + +diff --git a/drivers/usb/common/Kconfig b/drivers/usb/common/Kconfig +index d611477aae414..196f4a3975871 100644 +--- a/drivers/usb/common/Kconfig ++++ b/drivers/usb/common/Kconfig +@@ -6,8 +6,7 @@ config USB_COMMON + + config USB_LED_TRIG + bool "USB LED Triggers" +- depends on LEDS_CLASS && LEDS_TRIGGERS +- select USB_COMMON ++ depends on LEDS_CLASS && USB_COMMON && LEDS_TRIGGERS + help + This option adds LED triggers for USB host and/or gadget activity. + +diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c +index b40db48f8874d..89391939630bd 100644 +--- a/drivers/usb/typec/tcpm/tcpm.c ++++ b/drivers/usb/typec/tcpm/tcpm.c +@@ -3679,6 +3679,7 @@ static void _tcpm_cc_change(struct tcpm_port *port, enum typec_cc_status cc1, + tcpm_set_state(port, SRC_ATTACH_WAIT, 0); + break; + case SRC_ATTACHED: ++ case SRC_STARTUP: + case SRC_SEND_CAPABILITIES: + case SRC_READY: + if (tcpm_port_is_disconnected(port) || +diff --git a/drivers/video/fbdev/gbefb.c b/drivers/video/fbdev/gbefb.c +index b9f6a82a04953..6fdc6ab3ceb87 100644 +--- a/drivers/video/fbdev/gbefb.c ++++ b/drivers/video/fbdev/gbefb.c +@@ -1269,7 +1269,7 @@ static struct platform_device *gbefb_device; + static int __init gbefb_init(void) + { + int ret = platform_driver_register(&gbefb_driver); +- if (!ret) { ++ if (IS_ENABLED(CONFIG_SGI_IP32) && !ret) { + gbefb_device = platform_device_alloc("gbefb", 0); + if (gbefb_device) { + ret = platform_device_add(gbefb_device); +diff --git a/drivers/xen/balloon.c b/drivers/xen/balloon.c +index be31c296eed4c..07f362c63ae90 100644 +--- a/drivers/xen/balloon.c ++++ b/drivers/xen/balloon.c +@@ -508,12 +508,12 @@ static enum bp_state decrease_reservation(unsigned long nr_pages, gfp_t gfp) + } + + /* +- * Stop waiting if either state is not BP_EAGAIN and ballooning action is +- * needed, or if the credit has changed while state is BP_EAGAIN. ++ * Stop waiting if either state is BP_DONE and ballooning action is ++ * needed, or if the credit has changed while state is not BP_DONE. + */ + static bool balloon_thread_cond(enum bp_state state, long credit) + { +- if (state != BP_EAGAIN) ++ if (state == BP_DONE) + credit = 0; + + return current_credit() != credit || kthread_should_stop(); +@@ -533,10 +533,19 @@ static int balloon_thread(void *unused) + + set_freezable(); + for (;;) { +- if (state == BP_EAGAIN) +- timeout = balloon_stats.schedule_delay * HZ; +- else ++ switch (state) { ++ case BP_DONE: ++ case BP_ECANCELED: + timeout = 3600 * HZ; ++ break; ++ case BP_EAGAIN: ++ timeout = balloon_stats.schedule_delay * HZ; ++ break; ++ case BP_WAIT: ++ timeout = HZ; ++ break; ++ } ++ + credit = current_credit(); + + wait_event_freezable_timeout(balloon_thread_wq, +diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c +index 9c9422e9fac4d..d4ff944cd16e1 100644 +--- a/drivers/xen/privcmd.c ++++ b/drivers/xen/privcmd.c +@@ -810,11 +810,12 @@ static long privcmd_ioctl_mmap_resource(struct file *file, + unsigned int domid = + (xdata.flags & XENMEM_rsrc_acq_caller_owned) ? + DOMID_SELF : kdata.dom; +- int num; ++ int num, *errs = (int *)pfns; + ++ BUILD_BUG_ON(sizeof(*errs) > sizeof(*pfns)); + num = xen_remap_domain_mfn_array(vma, + kdata.addr & PAGE_MASK, +- pfns, kdata.num, (int *)pfns, ++ pfns, kdata.num, errs, + vma->vm_page_prot, + domid, + vma->vm_private_data); +@@ -824,7 +825,7 @@ static long privcmd_ioctl_mmap_resource(struct file *file, + unsigned int i; + + for (i = 0; i < num; i++) { +- rc = pfns[i]; ++ rc = errs[i]; + if (rc < 0) + break; + } +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c +index d6f244559e759..e61d9c4359573 100644 +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -3131,15 +3131,18 @@ nfsd4_encode_dirent(void *ccdv, const char *name, int namlen, + goto fail; + cd->rd_maxcount -= entry_bytes; + /* +- * RFC 3530 14.2.24 describes rd_dircount as only a "hint", so +- * let's always let through the first entry, at least: ++ * RFC 3530 14.2.24 describes rd_dircount as only a "hint", and ++ * notes that it could be zero. If it is zero, then the server ++ * should enforce only the rd_maxcount value. + */ +- if (!cd->rd_dircount) +- goto fail; +- name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; +- if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) +- goto fail; +- cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); ++ if (cd->rd_dircount) { ++ name_and_cookie = 4 + 4 * XDR_QUADLEN(namlen) + 8; ++ if (name_and_cookie > cd->rd_dircount && cd->cookie_offset) ++ goto fail; ++ cd->rd_dircount -= min(cd->rd_dircount, name_and_cookie); ++ if (!cd->rd_dircount) ++ cd->rd_maxcount = 0; ++ } + + cd->cookie_offset = cookie_offset; + skip_entry: +diff --git a/fs/nfsd/nfsctl.c b/fs/nfsd/nfsctl.c +index 7f39d6091dfa0..8e03d6c25097a 100644 +--- a/fs/nfsd/nfsctl.c ++++ b/fs/nfsd/nfsctl.c +@@ -1549,7 +1549,7 @@ static int __init init_nfsd(void) + goto out_free_all; + return 0; + out_free_all: +- unregister_pernet_subsys(&nfsd_net_ops); ++ unregister_filesystem(&nfsd_fs_type); + out_free_exports: + remove_proc_entry("fs/nfs/exports", NULL); + remove_proc_entry("fs/nfs", NULL); +diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c +index 073be36b0686c..876de87f604cd 100644 +--- a/fs/overlayfs/dir.c ++++ b/fs/overlayfs/dir.c +@@ -1162,9 +1162,13 @@ static int ovl_rename(struct inode *olddir, struct dentry *old, + goto out_dput; + } + } else { +- if (!d_is_negative(newdentry) && +- (!new_opaque || !ovl_is_whiteout(newdentry))) +- goto out_dput; ++ if (!d_is_negative(newdentry)) { ++ if (!new_opaque || !ovl_is_whiteout(newdentry)) ++ goto out_dput; ++ } else { ++ if (flags & RENAME_EXCHANGE) ++ goto out_dput; ++ } + } + + if (olddentry == trap) +diff --git a/kernel/bpf/stackmap.c b/kernel/bpf/stackmap.c +index fba2ade28fb3a..49c7a09d688d7 100644 +--- a/kernel/bpf/stackmap.c ++++ b/kernel/bpf/stackmap.c +@@ -60,7 +60,8 @@ static inline int stack_map_data_size(struct bpf_map *map) + + static int prealloc_elems_and_freelist(struct bpf_stack_map *smap) + { +- u32 elem_size = sizeof(struct stack_map_bucket) + smap->map.value_size; ++ u64 elem_size = sizeof(struct stack_map_bucket) + ++ (u64)smap->map.value_size; + int err; + + smap->elems = bpf_map_area_alloc(elem_size * smap->map.max_entries, +diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c +index 8a664148f57aa..cbcbc19efcb34 100644 +--- a/net/bridge/br_netlink.c ++++ b/net/bridge/br_netlink.c +@@ -1536,7 +1536,7 @@ static size_t br_get_linkxstats_size(const struct net_device *dev, int attr) + } + + return numvls * nla_total_size(sizeof(struct bridge_vlan_xstats)) + +- nla_total_size(sizeof(struct br_mcast_stats)) + ++ nla_total_size_64bit(sizeof(struct br_mcast_stats)) + + nla_total_size(0); + } + +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c +index 6fbc9cb09dc0e..a53b101ce41ae 100644 +--- a/net/core/rtnetlink.c ++++ b/net/core/rtnetlink.c +@@ -4950,7 +4950,7 @@ nla_put_failure: + static size_t if_nlmsg_stats_size(const struct net_device *dev, + u32 filter_mask) + { +- size_t size = 0; ++ size_t size = NLMSG_ALIGN(sizeof(struct if_stats_msg)); + + if (stats_attr_valid(filter_mask, IFLA_STATS_LINK_64, 0)) + size += nla_total_size_64bit(sizeof(struct rtnl_link_stats64)); +diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c +index 006a34b185378..72fdf1fcbcaa9 100644 +--- a/net/ipv4/inet_hashtables.c ++++ b/net/ipv4/inet_hashtables.c +@@ -239,8 +239,10 @@ static inline int compute_score(struct sock *sk, struct net *net, + + if (!inet_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif)) + return -1; ++ score = sk->sk_bound_dev_if ? 2 : 1; + +- score = sk->sk_family == PF_INET ? 2 : 1; ++ if (sk->sk_family == PF_INET) ++ score++; + if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id()) + score++; + } +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c +index de04d99418850..fdbd56ee1300c 100644 +--- a/net/ipv4/udp.c ++++ b/net/ipv4/udp.c +@@ -386,7 +386,8 @@ static int compute_score(struct sock *sk, struct net *net, + dif, sdif); + if (!dev_match) + return -1; +- score += 4; ++ if (sk->sk_bound_dev_if) ++ score += 4; + + if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id()) + score++; +diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c +index fbe9d4295eac3..ab12e00f6bfff 100644 +--- a/net/ipv6/inet6_hashtables.c ++++ b/net/ipv6/inet6_hashtables.c +@@ -104,7 +104,7 @@ static inline int compute_score(struct sock *sk, struct net *net, + if (!inet_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif)) + return -1; + +- score = 1; ++ score = sk->sk_bound_dev_if ? 2 : 1; + if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id()) + score++; + } +diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c +index 5b8266f3e47f0..0f57c682afdd8 100644 +--- a/net/ipv6/udp.c ++++ b/net/ipv6/udp.c +@@ -133,7 +133,8 @@ static int compute_score(struct sock *sk, struct net *net, + dev_match = udp_sk_bound_dev_eq(net, sk->sk_bound_dev_if, dif, sdif); + if (!dev_match) + return -1; +- score++; ++ if (sk->sk_bound_dev_if) ++ score++; + + if (READ_ONCE(sk->sk_incoming_cpu) == raw_smp_processor_id()) + score++; +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c +index acc76a738cfd8..cb35680db9b29 100644 +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -585,7 +585,10 @@ static int netlink_insert(struct sock *sk, u32 portid) + + /* We need to ensure that the socket is hashed and visible. */ + smp_wmb(); +- nlk_sk(sk)->bound = portid; ++ /* Paired with lockless reads from netlink_bind(), ++ * netlink_connect() and netlink_sendmsg(). ++ */ ++ WRITE_ONCE(nlk_sk(sk)->bound, portid); + + err: + release_sock(sk); +@@ -1003,7 +1006,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, + if (nlk->ngroups < BITS_PER_LONG) + groups &= (1UL << nlk->ngroups) - 1; + +- bound = nlk->bound; ++ /* Paired with WRITE_ONCE() in netlink_insert() */ ++ bound = READ_ONCE(nlk->bound); + if (bound) { + /* Ensure nlk->portid is up-to-date. */ + smp_rmb(); +@@ -1089,8 +1093,9 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, + + /* No need for barriers here as we return to user-space without + * using any of the bound attributes. ++ * Paired with WRITE_ONCE() in netlink_insert(). + */ +- if (!nlk->bound) ++ if (!READ_ONCE(nlk->bound)) + err = netlink_autobind(sock); + + if (err == 0) { +@@ -1879,7 +1884,8 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) + dst_group = nlk->dst_group; + } + +- if (!nlk->bound) { ++ /* Paired with WRITE_ONCE() in netlink_insert() */ ++ if (!READ_ONCE(nlk->bound)) { + err = netlink_autobind(sock); + if (err) + goto out; +diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c +index 37c8aa75d70c5..56f4c1621e444 100644 +--- a/net/sched/sch_fifo.c ++++ b/net/sched/sch_fifo.c +@@ -148,6 +148,9 @@ int fifo_set_limit(struct Qdisc *q, unsigned int limit) + if (strncmp(q->ops->id + 1, "fifo", 4) != 0) + return 0; + ++ if (!q->ops->change) ++ return 0; ++ + nla = kmalloc(nla_attr_size(sizeof(struct tc_fifo_qopt)), GFP_KERNEL); + if (nla) { + nla->nla_type = RTM_NEWQDISC; +diff --git a/net/sched/sch_taprio.c b/net/sched/sch_taprio.c +index da9ed0613eb7b..e14a66ce4884d 100644 +--- a/net/sched/sch_taprio.c ++++ b/net/sched/sch_taprio.c +@@ -1630,6 +1630,10 @@ static void taprio_destroy(struct Qdisc *sch) + list_del(&q->taprio_list); + spin_unlock(&taprio_list_lock); + ++ /* Note that taprio_reset() might not be called if an error ++ * happens in qdisc_create(), after taprio_init() has been called. ++ */ ++ hrtimer_cancel(&q->advance_timer); + + taprio_disable_offload(dev, q, NULL); +
