1. 24 Oct, 2023 18 commits
  2. 19 Oct, 2023 4 commits
  3. 18 Oct, 2023 7 commits
    • Thomas Gleixner's avatar
      x86/microcode/32: Move early loading after paging enable · 0b62f6cb
      Thomas Gleixner authored
      32-bit loads microcode before paging is enabled. The commit which
      introduced that has zero justification in the changelog. The cover
      letter has slightly more content, but it does not give any technical
      justification either:
      
        "The problem in current microcode loading method is that we load a
         microcode way, way too late; ideally we should load it before turning
         paging on.  This may only be practical on 32 bits since we can't get
         to 64-bit mode without paging on, but we should still do it as early
         as at all possible."
      
      Handwaving word salad with zero technical content.
      
      Someone claimed in an offlist conversation that this is required for
      curing the ATOM erratum AAE44/AAF40/AAG38/AAH41. That erratum requires
      an microcode update in order to make the usage of PSE safe. But during
      early boot, PSE is completely irrelevant and it is evaluated way later.
      
      Neither is it relevant for the AP on single core HT enabled CPUs as the
      microcode loading on the AP is not doing anything.
      
      On dual core CPUs there is a theoretical problem if a split of an
      executable large page between enabling paging including PSE and loading
      the microcode happens. But that's only theoretical, it's practically
      irrelevant because the affected dual core CPUs are 64bit enabled and
      therefore have paging and PSE enabled before loading the microcode on
      the second core. So why would it work on 64-bit but not on 32-bit?
      
      The erratum:
      
        "AAG38 Code Fetch May Occur to Incorrect Address After a Large Page is
         Split Into 4-Kbyte Pages
      
         Problem: If software clears the PS (page size) bit in a present PDE
         (page directory entry), that will cause linear addresses mapped through
         this PDE to use 4-KByte pages instead of using a large page after old
         TLB entries are invalidated. Due to this erratum, if a code fetch uses
         this PDE before the TLB entry for the large page is invalidated then it
         may fetch from a different physical address than specified by either the
         old large page translation or the new 4-KByte page translation. This
         erratum may also cause speculative code fetches from incorrect addresses."
      
      The practical relevance for this is exactly zero because there is no
      splitting of large text pages during early boot-time, i.e. between paging
      enable and microcode loading, and neither during CPU hotplug.
      
      IOW, this load microcode before paging enable is yet another voodoo
      programming solution in search of a problem. What's worse is that it causes
      at least two serious problems:
      
       1) When stackprotector is enabled, the microcode loader code has the
          stackprotector mechanics enabled. The read from the per CPU variable
          __stack_chk_guard is always accessing the virtual address either
          directly on UP or via %fs on SMP. In physical address mode this
          results in an access to memory above 3GB. So this works by chance as
          the hardware returns the same value when there is no RAM at this
          physical address. When there is RAM populated above 3G then the read
          is by chance the same as nothing changes that memory during the very
          early boot stage. That's not necessarily true during runtime CPU
          hotplug.
      
       2) When function tracing is enabled, the relevant microcode loader
          functions and the functions invoked from there will call into the
          tracing code and evaluate global and per CPU variables in physical
          address mode. What could potentially go wrong?
      
      Cure this and move the microcode loading after the early paging enable, use
      the new temporary initrd mapping and remove the gunk in the microcode
      loader which is required to handle physical address mode.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Link: https://lore.kernel.org/r/20231017211722.348298216@linutronix.de
      0b62f6cb
    • Thomas Gleixner's avatar
      x86/boot/32: Temporarily map initrd for microcode loading · 4c585af7
      Thomas Gleixner authored
      Early microcode loading on 32-bit runs in physical address mode because
      the initrd is not covered by the initial page tables. That results in
      a horrible mess all over the microcode loader code.
      
      Provide a temporary mapping for the initrd in the initial page tables by
      appending it to the actual initial mapping starting with a new PGD or
      PMD depending on the configured page table levels ([non-]PAE).
      
      The page table entries are located after _brk_end so they are not
      permanently using memory space. The mapping is invalidated right away in
      i386_start_kernel() after the early microcode loader has run.
      
      This prepares for removing the physical address mode oddities from all
      over the microcode loader code, which in turn allows further cleanups.
      
      Provide the map and unmap code and document the place where the
      microcode loader needs to be invoked with a comment.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Link: https://lore.kernel.org/r/20231017211722.292291436@linutronix.de
      4c585af7
    • Thomas Gleixner's avatar
      x86/microcode: Provide CONFIG_MICROCODE_INITRD32 · fdbd4381
      Thomas Gleixner authored
      Create an aggregate config switch which covers X86_32, MICROCODE and
      BLK_DEV_INITRD to avoid lengthy #ifdeffery in upcoming code.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Link: https://lore.kernel.org/r/20231017211722.236208250@linutronix.de
      fdbd4381
    • Thomas Gleixner's avatar
      x86/boot/32: Restructure mk_early_pgtbl_32() · 69ba866d
      Thomas Gleixner authored
      Prepare it for adding a temporary initrd mapping by splitting out the
      actual map loop.
      
      No functional change.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Link: https://lore.kernel.org/r/20231017211722.175910753@linutronix.de
      69ba866d
    • Thomas Gleixner's avatar
      x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() · a62f4ca1
      Thomas Gleixner authored
      Move the ifdeffery out of the function and use proper typedefs to make it
      work for both 2 and 3 level paging.
      
      No functional change.
      
        [ bp: Move mk_early_pgtbl_32() declaration into a header. ]
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Link: https://lore.kernel.org/r/20231017211722.111059491@linutronix.de
      a62f4ca1
    • Thomas Gleixner's avatar
      x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() · 1e2dd572
      Thomas Gleixner authored
      Use the existing macro instead of undefining and redefining __pa().
      
      No functional change.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Link: https://lore.kernel.org/r/20231017211722.051625827@linutronix.de
      1e2dd572
    • Thomas Gleixner's avatar
      x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() · 242db758
      Thomas Gleixner authored
      Stackprotector cannot work before paging is enabled. The read from the per
      CPU variable __stack_chk_guard is always accessing the virtual address
      either directly on UP or via FS on SMP. In physical address mode this
      results in an access to memory above 3GB.
      
      So this works by chance as the hardware returns the same value when there
      is no RAM at this physical address. When there is RAM populated above 3G
      then the read is by chance the same as nothing changes that memory during
      the very early boot stage.
      
      Stop relying on pure luck and disable the stack protector for the only C
      function which is called during early boot before paging is enabled.
      
      Remove function tracing from the whole source file as there is no way to
      trace this at all, but in case of CONFIG_DYNAMIC_FTRACE=n
      mk_early_pgtbl_32() would access global function tracer variables in
      physical address mode which again might work by chance.
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: default avatarBorislav Petkov (AMD) <bp@alien8.de>
      Link: https://lore.kernel.org/r/20231002115902.156063939@linutronix.de
      242db758
  4. 17 Oct, 2023 1 commit
  5. 15 Oct, 2023 10 commits
    • Linus Torvalds's avatar
      Linux 6.6-rc6 · 58720809
      Linus Torvalds authored
      58720809
    • Linus Torvalds's avatar
      Revert "x86/smp: Put CPUs into INIT on shutdown if possible" · fbe1bf1e
      Linus Torvalds authored
      This reverts commit 45e34c8a, and the
      two subsequent fixes to it:
      
        3f874c9b ("x86/smp: Don't send INIT to non-present and non-booted CPUs")
        b1472a60 ("x86/smp: Don't send INIT to boot CPU")
      
      because it seems to result in hung machines at shutdown.  Particularly
      some Dell machines, but Thomas says
      
       "The rest seems to be Lenovo and Sony with Alderlake/Raptorlake CPUs -
        at least that's what I could figure out from the various bug reports.
      
        I don't know which CPUs the DELL machines have, so I can't say it's a
        pattern.
      
        I agree with the revert for now"
      
      Ashok Raj chimes in:
      
       "There was a report (probably this same one), and it turns out it was a
        bug in the BIOS SMI handler.
      
        The client BIOS's were waiting for the lowest APICID to be the SMI
        rendevous master. If this is MeteorLake, the BSP wasn't the one with
        the lowest APIC and it triped here.
      
        The BIOS change is also being pushed to others for assimilation :)
      
        Server BIOS's had this correctly for a while now"
      
      and it does look likely to be some bad interaction between SMI and the
      non-BSP cores having put into INIT (and thus unresponsive until reset).
      
      Link: https://bbs.archlinux.org/viewtopic.php?pid=2124429
      Link: https://www.reddit.com/r/openSUSE/comments/16qq99b/tumbleweed_shutdown_did_not_finish_completely/
      Link: https://forum.artixlinux.org/index.php/topic,5997.0.html
      Link: https://bugzilla.redhat.com/show_bug.cgi?id=2241279Acked-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Ashok Raj <ashok.raj@intel.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fbe1bf1e
    • Xuan Zhuo's avatar
      virtio_net: fix the missing of the dma cpu sync · 5720c43d
      Xuan Zhuo authored
      Commit 295525e2 ("virtio_net: merge dma operations when filling
      mergeable buffers") unmaps the buffer with DMA_ATTR_SKIP_CPU_SYNC when
      the dma->ref is zero. We do that with DMA_ATTR_SKIP_CPU_SYNC, because we
      do not want to do the sync for the entire page_frag. But that misses the
      sync for the current area.
      
      This patch does cpu sync regardless of whether the ref is zero or not.
      
      Fixes: 295525e2 ("virtio_net: merge dma operations when filling mergeable buffers")
      Reported-by: default avatarMichael Roth <michael.roth@amd.com>
      Closes: http://lore.kernel.org/all/20230926130451.axgodaa6tvwqs3ut@amd.comSigned-off-by: default avatarXuan Zhuo <xuanzhuo@linux.alibaba.com>
      Acked-by: default avatarJason Wang <jasowang@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5720c43d
    • Linus Torvalds's avatar
      Merge tag 'usb-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 11d3f726
      Linus Torvalds authored
      Pull USB / Thunderbolt fixes from Greg KH:
       "Here are some USB and Thunderbolt driver fixes for 6.6-rc6 to resolve
        a number of small reported issues. Included in here are:
      
         - thunderbolt driver fixes
      
         - xhci driver fixes
      
         - cdns3 driver fixes
      
         - musb driver fixes
      
         - a number of typec driver fixes
      
         - a few other small driver fixes
      
        All of these have been in linux-next with no reported issues"
      
      * tag 'usb-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (22 commits)
        usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope
        usb: typec: ucsi: Fix missing link removal
        usb: typec: altmodes/displayport: Signal hpd low when exiting mode
        xhci: Preserve RsvdP bits in ERSTBA register correctly
        xhci: Clear EHB bit only at end of interrupt handler
        xhci: track port suspend state correctly in unsuccessful resume cases
        usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
        usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails
        usb: misc: onboard_hub: add support for Microchip USB2412 USB 2.0 hub
        usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
        usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled
        usb: dwc3: Soft reset phy on probe for host
        usb: hub: Guard against accesses to uninitialized BOS descriptors
        usb: typec: qcom: Update the logic of regulator enable and disable
        usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
        usb: musb: Get the musb_qh poniter after musb_giveback
        usb: musb: Modify the "HWVers" register address
        usb: cdnsp: Fixes issue with dequeuing not queued requests
        thunderbolt: Restart XDomain discovery handshake after failure
        thunderbolt: Correct TMU mode initialization from hardware
        ...
      11d3f726
    • Linus Torvalds's avatar
      Merge tag 'tty-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 41226a36
      Linus Torvalds authored
      Pull tty/serial driver fixes from Greg KH:
       "Here are some small tty/serial driver fixes for 6.6-rc6 that resolve
        some reported issues. Included in here are:
      
         - serial core pm runtime fix for issue reported by many
      
         - 8250_omap driver fix
      
         - rs485 spinlock fix for reported problem
      
         - ams-delta bugfix for previous tty api changes in -rc1 that missed
           this driver that never seems to get built in any test systems
      
        All of these have been in linux-next for over a week with no reported
        problems"
      
      * tag 'tty-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        ASoC: ti: ams-delta: Fix cx81801_receive() argument types
        serial: core: Fix checks for tx runtime PM state
        serial: 8250_omap: Fix errors with no_console_suspend
        serial: Reduce spinlocked portion of uart_rs485_config()
      41226a36
    • Linus Torvalds's avatar
      Merge tag 'char-misc-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc · a477e3a7
      Linus Torvalds authored
      Pull char/misc driver fixes from Greg KH:
       "Here is a small set of char/misc and other smaller driver subsystem
        fixes for 6.6-rc6. Included in here are:
      
         - lots of iio driver fixes
      
         - binder memory leak fix
      
         - mcb driver fixes
      
         - counter driver fixes
      
         - firmware loader documentation fix
      
         - documentation update for embargoed hardware issues
      
        All of these have been in linux-next for over a week with no reported
        issues"
      
      * tag 'char-misc-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (22 commits)
        iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
        dt-bindings: iio: adc: adi,ad7292: Fix additionalProperties on channel nodes
        iio: adc: ad7192: Correct reference voltage
        iio: light: vcnl4000: Don't power on/off chip in config
        iio: addac: Kconfig: update ad74413r selections
        iio: pressure: dps310: Adjust Timeout Settings
        iio: imu: bno055: Fix missing Kconfig dependencies
        iio: adc: imx8qxp: Fix address for command buffer registers
        iio: cros_ec: fix an use-after-free in cros_ec_sensors_push_data()
        iio: irsd200: fix -Warray-bounds bug in irsd200_trigger_handler
        dt-bindings: iio: rohm,bu27010: add missing vdd-supply to example
        binder: fix memory leaks of spam and pending work
        firmware_loader: Update contact emails for ABI docs
        Documentation: embargoed-hardware-issues.rst: Clarify prenotifaction
        mcb: remove is_added flag from mcb_device struct
        coresight: tmc-etr: Disable warnings for allocation failures
        coresight: Fix run time warnings while reusing ETR buffer
        iio: admv1013: add mixer_vgate corner cases
        iio: pressure: bmp280: Fix NULL pointer exception
        iio: dac: ad3552r: Correct device IDs
        ...
      a477e3a7
    • Linus Torvalds's avatar
      Merge tag 'ovl-fixes-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs · 19fd4a91
      Linus Torvalds authored
      Pull overlayfs fixes from Amir Goldstein:
      
       - Various fixes for regressions due to conversion to new mount
         api in v6.5
      
       - Disable a new mount option syntax (append lowerdir) that was
         added in v6.5 because we plan to add a different lowerdir
         append syntax in v6.7
      
      * tag 'ovl-fixes-6.6-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/overlayfs/vfs:
        ovl: temporarily disable appending lowedirs
        ovl: fix regression in showing lowerdir mount option
        ovl: fix regression in parsing of mount options with escaped comma
        fs: factor out vfs_parse_monolithic_sep() helper
      19fd4a91
    • Linus Torvalds's avatar
      Merge tag 'powerpc-6.6-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux · f8bf101b
      Linus Torvalds authored
      Pull powerpc fixes from Michael Ellerman:
      
       - Fix softlockup/crash when using hcall tracing
      
       - Fix pte_access_permitted() for PAGE_NONE on 8xx
      
       - Fix inverted pte_young() test in __ptep_test_and_clear_young()
         on 64-bit BookE
      
       - Fix unhandled math emulation exception on 85xx
      
       - Fix kernel crash on syscall return on 476
      
      Thanks to Athira Rajeev, Christophe Leroy, Eddie James, and Naveen N
      Rao.
      
      * tag 'powerpc-6.6-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
        powerpc/47x: Fix 47x syscall return crash
        powerpc/85xx: Fix math emulation exception
        powerpc/64e: Fix wrong test in __ptep_test_and_clear_young()
        powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE
        powerpc/pseries: Remove unused r0 in the hcall tracing code
        powerpc/pseries: Fix STK_PARAM access in the hcall tracing code
      f8bf101b
    • Linus Torvalds's avatar
      Merge tag 'smp-urgent-2023-10-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ddf20855
      Linus Torvalds authored
      Pull CPU hotplug fix from Ingo Molnar:
       "Fix a Longsoon build warning by harmonizing the
        arch_[un]register_cpu() prototypes between architectures"
      
      * tag 'smp-urgent-2023-10-15' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        cpu-hotplug: Provide prototypes for arch CPU registration
      ddf20855
    • Linus Torvalds's avatar
      Merge tag '6.6-rc5-ksmbd-server-fixes' of git://git.samba.org/ksmbd · 9a3dad63
      Linus Torvalds authored
      Pull smb server fixes from Steve French:
      
       - Fix for possible double free in RPC read
      
       - Add additional check to clarify smb2_open path and quiet Coverity
      
       - Fix incorrect error rsp in a compounding path
      
       - Fix to properly fail open of file with pending delete on close
      
      * tag '6.6-rc5-ksmbd-server-fixes' of git://git.samba.org/ksmbd:
        ksmbd: fix potential double free on smb2_read_pipe() error path
        ksmbd: fix Null pointer dereferences in ksmbd_update_fstate()
        ksmbd: fix wrong error response status by using set_smb2_rsp_status()
        ksmbd: not allow to open file if delelete on close bit is set
      9a3dad63