Pull networking fixes from David Miller:
1) Fix up several Kconfig dependencies in netfilter, from Martin Willi
and Florian Westphal.
2) Memory leak in be2net driver, from Petr Oros.
3) Memory leak in E-Switch handling of mlx5 driver, from Raed Salem.
4) mlx5_attach_interface needs to check for errors, from Huy Nguyen.
5) tipc_release() needs to orphan the sock, from Cong Wang.
6) Need to program TxConfig register after TX/RX is enabled in r8169
driver, not beforehand, from Maciej S. Szmigiero.
7) Handle 64K PAGE_SIZE properly in ena driver, from Netanel Belgazal.
8) Fix crash regression in ip_do_fragment(), from Taehee Yoo.
9) syzbot can create conditions where kernel log is flooded with
synflood warnings due to creation of many listening sockets, fix
that. From Willem de Bruijn.
10) Fix RCU issues in rds socket layer, from Cong Wang.
11) Fix vlan matching in nfp driver, from Pieter Jansen van Vuuren.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (59 commits)
nfp: flower: reject tunnel encap with ipv6 outer headers for offloading
nfp: flower: fix vlan match by checking both vlan id and vlan pcp
tipc: check return value of __tipc_dump_start()
s390/qeth: don't dump past end of unknown HW header
s390/qeth: use vzalloc for QUERY OAT buffer
s390/qeth: switch on SG by default for IQD devices
s390/qeth: indicate error when netdev allocation fails
rds: fix two RCU related problems
r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
erspan: fix error handling for erspan tunnel
erspan: return PACKET_REJECT when the appropriate tunnel is not found
tcp: rate limit synflood warnings further
MIPS: lantiq: dma: add dev pointer
netfilter: xt_hashlimit: use s->file instead of s->private
netfilter: nfnetlink_queue: Solve the NFQUEUE/conntrack clash for NF_REPEAT
netfilter: cttimeout: ctnl_timeout_find_get() returns incorrect pointer to type
netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT
netfilter: conntrack: reset tcp maxwin on re-register
qmi_wwan: Support dynamic config on Quectel EP06
ethernet: renesas: convert to SPDX identifiers
...
This tag contains what I hope to be the last RISC-V patch for 4.19. It
fixes a bug in our initramfs support by removing some broken and
obselete code.
-----BEGIN PGP SIGNATURE-----
iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAluPHykTHHBhbG1lckBk
YWJiZWx0LmNvbQAKCRDvTKFQLMurQX7iD/41XF5oXHJeRUfhiHVa/kiqFaCw1aEx
YPp5escHEypGshWQJGd+ite5cEz0nrggsbmXJrQnfpU8fqgpkvguaIbOb9JAtOdj
Y5hjQ5QgiQcsUrLnhy7yK62fpC27WwWPGfT73cLRgir2oDEI3F7CkaA0uX3y2kLF
9TEN2v+DL+89Y/Rq9mzRwwPOryZRNXZkxI6tqTVa7wZZzi7fSUMCG2msjeZRszQe
0IPyBtVR7OECzEaRwSETgC05KTFxCQ2JHMjHz1TatjvJmGU3ToP0uRZ1oYXDXcR3
AM2QfjBQDmBOjRRKBbwaiUzfX209eGrn/JK3j6BZZredX9MCP+qduuQV+7GsvRT2
ryCoWN56AAIMZJvmp57lG9jfDptxnS6zZCqw+mufsD1s3c/78zUv7Q5PPUdcfzuP
qt7iVdUUP5QWDFgM0QumeZ9JuekoA0Kpsmg4Nq6M6YHimW63Y2+CJPqPfh1oY93t
UoabFgz7FZ0WLo1jHtGVteihq78SKxTe4WYEDzjH++qrVPuYnbNH3Hfqwynj6Wsy
fvNxmnjg1AVhD9MPSBJLDbQivxW4pEwuxV99MpwLhVdwGXDTAgt9t9mUP5xAaLna
60jszx1GM8HVMeQ0LNAGRWa8FH0bvn2kpLOBjvdMHl8Y/Oq/IuaINRJCKq59j/4X
Qx963ajYY5QUHg==
=XdJZ
-----END PGP SIGNATURE-----
Merge tag 'riscv-for-linus-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux
Pull RISC-V fix from Palmer Dabbelt:
"This contains what I hope to be the last RISC-V patch for 4.19.
It fixes a bug in our initramfs support by removing some broken and
obselete code"
* tag 'riscv-for-linus-4.19-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/palmer/riscv-linux:
riscv: Do not overwrite initrd_start and initrd_end
dma_zalloc_coherent() now crashes if no dev pointer is given.
Add a dev pointer to the ltq_dma_channel structure and fill it in the
driver using it.
This fixes a bug introduced in kernel 4.19.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull x86 fixes from Thomas Gleixner:
"A set of fixes for x86:
- Prevent multiplication result truncation on 32bit. Introduced with
the early timestamp reworrk.
- Ensure microcode revision storage to be consistent under all
circumstances
- Prevent write tearing of PTEs
- Prevent confusion of user and kernel reegisters when dumping fatal
signals verbosely
- Make an error return value in a failure path of the vector
allocation negative. Returning EINVAL might the caller assume
success and causes further wreckage.
- A trivial kernel doc warning fix"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/mm: Use WRITE_ONCE() when setting PTEs
x86/apic/vector: Make error return value negative
x86/process: Don't mix user/kernel regs in 64bit __show_regs()
x86/tsc: Prevent result truncation on 32bit
x86: Fix kernel-doc atomic.h warnings
x86/microcode: Update the new microcode revision unconditionally
x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
ARM:
- Fix a VFP corruption in 32-bit guest
- Add missing cache invalidation for CoW pages
- Two small cleanups
s390:
- Fallout from the hugetlbfs support: pfmf interpretion and locking
- VSIE: fix keywrapping for nested guests
PPC:
- Fix a bug where pages might not get marked dirty, causing
guest memory corruption on migration,
- Fix a bug causing reads from guest memory to use the wrong guest
real address for very large HPT guests (>256G of memory), leading to
failures in instruction emulation.
x86:
- Fix out of bound access from malicious pv ipi hypercalls (introduced
in rc1)
- Fix delivery of pending interrupts when entering a nested guest,
preventing arbitrarily late injection
- Sanitize kvm_stat output after destroying a guest
- Fix infinite loop when emulating a nested guest page fault
and improve the surrounding emulation code
- Two minor cleanups
-----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJbk5gAAAoJEED/6hsPKofoS0UH/1clCzg/8x3jhpDcKKp6tDm7
9XHOOQ6XmydT0HXYJNqZepGNqU99ip+2u4x8E9LCT5MTvTMZ1BcNM6PmenjJVULY
GMJtwZhjqoklrOcNkXGqIye4Ec+I0pBuMmt0AN0N85CcHO8VUBpMzsdxgJLuxcRm
UT6OZnCLyJsock6BqkZmqVsJj/gemFnI9MpudnrU8cCFk60roXmQWJ66fMIFfKjt
q0R61t8nmbapQKE8pjqBNgbCsuotVOtU1zgMkeM5LkaYEfc65ZPdgt3sdpyG8Guq
WA7Vt6HEvmNrcQxHFX5P0GxTVM9lOVCUx1bKXE4+57CMZOYl/8hDaTudlcacutg=
=FyuN
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Radim Krčmář:
"ARM:
- Fix a VFP corruption in 32-bit guest
- Add missing cache invalidation for CoW pages
- Two small cleanups
s390:
- Fallout from the hugetlbfs support: pfmf interpretion and locking
- VSIE: fix keywrapping for nested guests
PPC:
- Fix a bug where pages might not get marked dirty, causing guest
memory corruption on migration
- Fix a bug causing reads from guest memory to use the wrong guest
real address for very large HPT guests (>256G of memory), leading
to failures in instruction emulation.
x86:
- Fix out of bound access from malicious pv ipi hypercalls
(introduced in rc1)
- Fix delivery of pending interrupts when entering a nested guest,
preventing arbitrarily late injection
- Sanitize kvm_stat output after destroying a guest
- Fix infinite loop when emulating a nested guest page fault and
improve the surrounding emulation code
- Two minor cleanups"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (28 commits)
KVM: LAPIC: Fix pv ipis out-of-bounds access
KVM: nVMX: Fix loss of pending IRQ/NMI before entering L2
arm64: KVM: Remove pgd_lock
KVM: Remove obsolete kvm_unmap_hva notifier backend
arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD
KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW
KVM: s390: Properly lock mm context allow_gmap_hpage_1m setting
KVM: s390: vsie: copy wrapping keys to right place
KVM: s390: Fix pfmf and conditional skey emulation
tools/kvm_stat: re-animate display of dead guests
tools/kvm_stat: indicate dead guests as such
tools/kvm_stat: handle guest removals more gracefully
tools/kvm_stat: don't reset stats when setting PID filter for debugfs
tools/kvm_stat: fix updates for dead guests
tools/kvm_stat: fix handling of invalid paths in debugfs provider
tools/kvm_stat: fix python3 issues
KVM: x86: Unexport x86_emulate_instruction()
KVM: x86: Rename emulate_instruction() to kvm_emulate_instruction()
KVM: x86: Do not re-{try,execute} after failed emulation in L2
KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault
...
A few more fixes who have trickled in:
- MMC bus width fixup for some Allwinner platforms
- Fix for NULL deref in ti-aemif when no platform data is passed in
- Fix div by 0 in SCMI code
- Add a missing module alias in a new RPi driver
-----BEGIN PGP SIGNATURE-----
iQJDBAABCAAtFiEElf+HevZ4QCAJmMQ+jBrnPN6EHHcFAluUAp0PHG9sb2ZAbGl4
b20ubmV0AAoJEIwa5zzehBx3+6YP/2T9NuOUTjssbVBho92lF9dV58Y5xOgDv9wX
mFT7gePXovTPQrgrpDi4RWrv0wAkjMa3grJfL2RGZXSZtsgkyHstb3mXf1O6sbnF
Ry1yc4ByJ0+JKJRq2tBxhQmLpBVFNXiav4vhIdPNZRdtZid7WzZaqF0JrCj6iyNf
CDhiGFRAZC9NcaCdOvI0aHFVC47Cp/Uacbh3PzZmdRWJJ2rCGO9X4vwQoMai/1cq
vVuiOBOs2ArXQQvvDoVixb3sCcdblCsDoS57lArJ5jKrHFm8iu6Z2+6UGhi2QEhc
9PKp5tySctWVqitOn0Ueixq+nKCXF3/dVAqjMVViSfC7G0Pt2XIAeqZU+2Ou3Zkj
nFcHqTZAXfSs6I1hnXqJYQ9Me3JzwQ+pRFJY8/+tbq2eGv7eZzUuzUppr13eF62s
NeBzJiGiI7ab9sGJknhmoXVDyuB7ctuZXA8JgO/kZvL8dfuWcF3GNocs2p9916JD
uWGwnfXiTLMhbxKkYrjaOClaVyx2bf996M3Z4NqxBQ9XGNXyh+V/6bzUh9DGPSL0
+9W7YcRFT08v4I1Zh7/P5zXVAOyqj3awWeD6gpg7PAsmKPdN/f17EEqk6KH7rOVZ
Vvw3/w+Ef9u4onGpbpE/IyCco75vXrv1GtkHMX7VlMjLe0eAv5Cpw7UwLDO2tVnu
pEJFkk45
=oZbn
-----END PGP SIGNATURE-----
Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"A few more fixes who have trickled in:
- MMC bus width fixup for some Allwinner platforms
- Fix for NULL deref in ti-aemif when no platform data is passed in
- Fix div by 0 in SCMI code
- Add a missing module alias in a new RPi driver"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
memory: ti-aemif: fix a potential NULL-pointer dereference
firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero
hwmon: rpi: add module alias to raspberrypi-hwmon
arm64: allwinner: dts: h6: fix Pine H64 MMC bus width
Just one fix for H6 mmc on the Pine H64: the mmc bus width was missing
from the device tree. This was added in 4.19-rc1.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCgAsFiEE2nN1m/hhnkhOWjtHOJpUIZwPJDAFAluQmz0OHHdlbnNAY3Np
ZS5vcmcACgkQOJpUIZwPJDD01RAApxHO0v7/7y9w/8pGGpjpTYpliF9lndaQYD3o
+Xc/Y7bcy2+Iy4Lz0TbkOObjIVUoLsQcpGKvttHa/gIsjbgd9xBpxd5X2PVBRmWx
/ERA5HdMG4RvznLD3P7X0JOAL/3w1ad/4DarOHOibqYk3KqX+iG6kphIRx326INt
SSqPZNNub/LXmHSUnyprQ+ccfKs87uiy9dT1LrSTxXGjh9tdXXmkGmDCOSX+oCKm
EXeFIK1uTmyGyE8OXa2NbCktwNylw6c4XwcaWLIPQeJTEW6oVh95IkewBphi+nFw
rU82W2aqCGqP2EYHJwzD7zx53V7cGAJVkb/u3ENXSXgE/kyTdmoFukxWRb7upfEb
9bjgQUMQ+6RG1f5lDYIHSVNXdk81AshMc1Y7qKG5EoCfJUIcG0gyyQYpO+lKji7V
nvTeiA0882a/PMYYkGU7vWGD7oIuPHEWEmnSZDWUNsqcKXaX5b3km/BsoLfTii9a
45MDQ9Wo2B26PL6zflN78BrDfuX+UgmX1bbxY0b+rOal4CKuz+VqwEnQIumu1SYE
9GaMHFKGMh2JCQ/U8o4AGdomEUjX79dgZbwz7W4KBnaS7K4iKrQfxcKLFXcXLtI9
EaA4nNsHeIe6ByE5z4FNVUPHEcLkfqlpqdFBRdd/xt+MfDYQaorh73NQfGvN4s0x
3pGu1fI=
=WbHO
-----END PGP SIGNATURE-----
Merge tag 'sunxi-fixes-for-4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into fixes
Allwinner fixes for 4.19
Just one fix for H6 mmc on the Pine H64: the mmc bus width was missing
from the device tree. This was added in 4.19-rc1.
* tag 'sunxi-fixes-for-4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux:
arm64: allwinner: dts: h6: fix Pine H64 MMC bus width
Signed-off-by: Olof Johansson <olof@lixom.net>
When page-table entries are set, the compiler might optimize their
assignment by using multiple instructions to set the PTE. This might
turn into a security hazard if the user somehow manages to use the
interim PTE. L1TF does not make our lives easier, making even an interim
non-present PTE a security hazard.
Using WRITE_ONCE() to set PTEs and friends should prevent this potential
security hazard.
I skimmed the differences in the binary with and without this patch. The
differences are (obviously) greater when CONFIG_PARAVIRT=n as more
code optimizations are possible. For better and worse, the impact on the
binary with this patch is pretty small. Skimming the code did not cause
anything to jump out as a security hazard, but it seems that at least
move_soft_dirty_pte() caused set_pte_at() to use multiple writes.
Signed-off-by: Nadav Amit <namit@vmware.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180902181451.80520-1-namit@vmware.com
activate_managed() returns EINVAL instead of -EINVAL in case of
error. While this is unlikely to happen, the positive return value would
cause further malfunction at the call site.
Fixes: 2db1f959d9 ("x86/vector: Handle managed interrupts proper")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
- Remove accidental VM_WARN_ON
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABCgAGBQJbkorgAAoJELescNyEwWM0my8IAKsVsc5heKBeL/0Ep5gfXJLS
H3kjkToFKfOeVADLfZXfTkPzlx9f1NrEP4+b/hQYgqGqXQcvCIwEXzpTMFg4pT4/
ERhYtq9qYBNQmg4AZnTHl2cKSRFt+s7knTZMoTEwNk1NxdBQAtbIZa9HB9Ly2mSn
xK6UP7zsZvRcY02BlyDQ0A/QBjzQAi3I83FRLizxjPYaSUhF0QqhrzTr0ANoKEjv
DnX04nJEMYqLEjSKWTn3rzot2PgLVDcMEjXKwMB3XB6LML3KLRUsvnTpxED5c+dW
tv+wzKKdaFeHWmfFxUgYZXSd4igh0IKf3OZDohRKz+lNOhKrTYUE35dtFyyw04I=
=xYN8
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fix from Will Deacon:
"Just one small fix here, preventing a VM_WARN_ON when a !present
PMD/PUD is "freed" as part of a huge ioremap() operation.
The correct behaviour is to skip the free silently in this case, which
is a little weird (the function is a bit of a misnomer), but it
follows the x86 implementation"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: fix erroneous warnings in page freeing functions
Dan Carpenter reported that the untrusted data returns from kvm_register_read()
results in the following static checker warning:
arch/x86/kvm/lapic.c:576 kvm_pv_send_ipi()
error: buffer underflow 'map->phys_map' 's32min-s32max'
KVM guest can easily trigger this by executing the following assembly sequence
in Ring0:
mov $10, %rax
mov $0xFFFFFFFF, %rbx
mov $0xFFFFFFFF, %rdx
mov $0, %rsi
vmcall
As this will cause KVM to execute the following code-path:
vmx_handle_exit() -> handle_vmcall() -> kvm_emulate_hypercall() -> kvm_pv_send_ipi()
which will reach out-of-bounds access.
This patch fixes it by adding a check to kvm_pv_send_ipi() against map->max_apic_id,
ignoring destinations that are not present and delivering the rest. We also check
whether or not map->phys_map[min + i] is NULL since the max_apic_id is set to the
max apic id, some phys_map maybe NULL when apic id is sparse, especially kvm
unconditionally set max_apic_id to 255 to reserve enough space for any xAPIC ID.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Liran Alon <liran.alon@oracle.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Liran Alon <liran.alon@oracle.com>
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Wanpeng Li <wanpengli@tencent.com>
[Add second "if (min > map->max_apic_id)" to complete the fix. -Radim]
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Consider the case L1 had a IRQ/NMI event until it executed
VMLAUNCH/VMRESUME which wasn't delivered because it was disallowed
(e.g. interrupts disabled). When L1 executes VMLAUNCH/VMRESUME,
L0 needs to evaluate if this pending event should cause an exit from
L2 to L1 or delivered directly to L2 (e.g. In case L1 don't intercept
EXTERNAL_INTERRUPT).
Usually this would be handled by L0 requesting a IRQ/NMI window
by setting VMCS accordingly. However, this setting was done on
VMCS01 and now VMCS02 is active instead. Thus, when L1 executes
VMLAUNCH/VMRESUME we force L0 to perform pending event evaluation by
requesting a KVM_REQ_EVENT.
Note that above scenario exists when L1 KVM is about to enter L2 but
requests an "immediate-exit". As in this case, L1 will
disable-interrupts and then send a self-IPI before entering L2.
Reviewed-by: Nikita Leshchenko <nikita.leshchenko@oracle.com>
Co-developed-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
- Fix a VFP corruption in 32-bit guest
- Add missing cache invalidation for CoW pages
- Two small cleanups
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJbkngmAAoJEEtpOizt6ddyeaoH/15bbGHlwWf23tGjSoDzhyD4
zAXfy+SJdm4cR8K7jEkVrNffkEMAby7Zl28hTHKB9jsY1K8DD+EuCE3Nd4kkVAsc
iHJwV4aiHil/zC5SyE0MqMzELeS8UhsxESYebG6yNF0ElQDQ0SG+QAFr47/OBN9S
u4I7x0rhyJP6Kg8z9U4KtEX0hM6C7VVunGWu44/xZSAecTaMuJnItCIM4UMdEkSs
xpAoI59lwM6BWrXLvEunekAkxEXoR7AVpQER2PDINoLK2I0i0oavhPim9Xdt2ZXs
rqQqfmwmPOVvYbexDp97JtfWo3/psGLqvgoK1tq9bzF3u6Y3ylnUK5IspyVYwuQ=
=TK8A
-----END PGP SIGNATURE-----
Merge tag 'kvm-arm-fixes-for-v4.19-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm
Fixes for KVM/ARM for Linux v4.19 v2:
- Fix a VFP corruption in 32-bit guest
- Add missing cache invalidation for CoW pages
- Two small cleanups
The lock has never been used and the page tables are protected by
mmu_lock in struct kvm.
Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Steven Price <steven.price@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@arm.com>
kvm_unmap_hva is long gone, and we only have kvm_unmap_hva_range to
deal with. Drop the now obsolete code.
Fixes: fb1522e099 ("KVM: update to new mmu_notifier semantic v2")
Cc: James Hogan <jhogan@kernel.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@arm.com>
If trapping FPSIMD in the context of an AArch32 guest, it is critical
to set FPEXC32_EL2.EN to 1 so that the trapping is taken to EL2 and
not EL1.
Conversely, it is just as critical *not* to set FPEXC32_EL2.EN to 1
if we're not going to trap FPSIMD, as we then corrupt the existing
VFP state.
Moving the call to __activate_traps_fpsimd32 to the point where we
know for sure that we are going to trap ensures that we don't set that
bit spuriously.
Fixes: e6b673b741 ("KVM: arm64: Optimise FPSIMD handling to reduce guest/host thrashing")
Cc: stable@vger.kernel.org # v4.18
Cc: Dave Martin <dave.martin@arm.com>
Reported-by: Alexander Graf <agraf@suse.de>
Tested-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@arm.com>
Pull m68knommu fix from Greg Ungerer:
"A single change to fix booting on ColdFire platforms that have RAM
starting at a non-0 address"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k: fix early memory reservation for ColdFire MMU systems
for systems with dcache aliasing. Those systems could previously observe
stale data, causing clock_gettime() & gettimeofday() to return incorrect
values.
-----BEGIN PGP SIGNATURE-----
iIsEABYIADMWIQRgLjeFAZEXQzy86/s+p5+stXUA3QUCW5GjkhUccGF1bC5idXJ0
b25AbWlwcy5jb20ACgkQPqefrLV1AN3LmgEA3bCpFJNpj6Ep4ffwHx6bLOgHzr3T
1CPx6UWPktIBZIgBAMmOWzCC5U/fqp3974lwohEG0orAzOfpuLn6uX9X0m4O
=TEC0
-----END PGP SIGNATURE-----
Merge tag 'mips_fixes_4.19_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
Pull MIPS fix from Paul Burton:
"A single fix for v4.19-rc3, resolving a problem with our VDSO data
page for systems with dcache aliasing. Those systems could previously
observe stale data, causing clock_gettime() & gettimeofday() to return
incorrect values"
* tag 'mips_fixes_4.19_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
MIPS: VDSO: Match data page cache colouring when D$ aliases
In pmd_free_pte_page() and pud_free_pmd_page() we try to warn if they
hit a present non-table entry. In both cases we'll warn for non-present
entries, as the VM_WARN_ON() only checks the entry is not a table entry.
This has been observed to result in warnings when booting a v4.19-rc2
kernel under qemu.
Fix this by bailing out earlier for non-present entries.
Fixes: ec28bb9c9b ("arm64: Implement page table free interfaces")
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
When the kernel.print-fatal-signals sysctl has been enabled, a simple
userspace crash will cause the kernel to write a crash dump that contains,
among other things, the kernel gsbase into dmesg.
As suggested by Andy, limit output to pt_regs, FS_BASE and KERNEL_GS_BASE
in this case.
This also moves the bitness-specific logic from show_regs() into
process_{32,64}.c.
Fixes: 45807a1df9 ("vdso: print fatal signals")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bpetkov@suse.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20180831194151.123586-1-jannh@google.com
Loops per jiffy is calculated by multiplying tsc_khz with 1e3 and then
dividing it by HZ.
Both tsc_khz and the temporary variable holding the multiplication result
are of type unsigned long, so on 32bit the result is truncated to the lower
32bit.
Use u64 as type for the temporary variable and cast tsc_khz to it before
multiplying.
[ tglx: Massaged changelog and removed pointless braces ]
Fixes: cf7a63ef4e ("x86/tsc: Calibrate tsc only once")
Signed-off-by: Chuanhua Lei <chuanhua.lei@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: yixin.zhu@linux.intel.com
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Len Brown <len.brown@intel.com>
Cc: Pavel Tatashin <pasha.tatashin@microsoft.com>
Cc: Rajvi Jingar <rajvi.jingar@intel.com>
Cc: Dou Liyang <douly.fnst@cn.fujitsu.com>
Link: https://lkml.kernel.org/r/1536228203-18701-1-git-send-email-chuanhua.lei@linux.intel.com
Here is the nds32 patch set based on 4.19-rc2.
Contained in here are the bug fixes, building error fixes and ftrace support
for nds32.
These are the LTP20170427 testing results.
Total Tests: 1902
Total Skipped Tests: 592
Total Failures: 420
Kernel Version: 4.19.0-rc2-00018-g2c9d30cc16f0-dirty
Machine Architecture: nds32
Signed-off-by: Greentime Hu <greentime@andestech.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
iQIcBAABAgAGBQJbj0lJAAoJEHfB0l0b2JxElb4P/3YWwh0q3kqbUxMmfm0Dp2zv
SIFQwD2N1HGs0ZW4vB4hVEYhMz3qWJdkzRRzkdLxAdPVnJ0Prc6jBmQtwvBmYcWG
zWGcUkF1fGSQ+2XAqXZeqbUd4/GIApcdOVimquOZFgKnvprhymwqc2jlf3Zed42B
EM1sdxmP2ADsNQo+sz/BmhbLtBNzfFxwSo9KmstArVNNkkwOVTnzowzg6PxYSvMu
3cVFk4iYcoAVc8JEbUN/pObq9mdVs0xnDbilgWAdpFBcnk020V8GTB0PbY3PnD9G
PRfYV/4zwkVAviqkbBV8LXQD4joR9vSSjp+tk9sT4WUYXK4EjUyHvg0iWiV5pnAB
NsFzlH9WWQWnp3VSVBfP2mIE2j2A3iGzUZVfDQbI2lwNI4GI0AKUZtscpFDRz/Pw
J0s/FdXilKWDviefHcX+C31dkH0ZPCm4lymGWgv8le158Bo6BOTo6aRAsTnP33IN
VOdODET0zf14v+5FooL/5T75EiEoS1MtLC9cMA1U4XZ3p3GrEOiSuNIMetZQ+cHd
Z+FPflfAyDaSBFJzRyLohnOBOaWWDNe6CyGMzIKZ4qSRz0BltW12Ig6LfMUZXEMN
U0jmS4b8rWYHiOhSOCKsg95GBYGDUocJj1RRmoBLy0+Mq1yf+V/r/GnACouFOTEZ
VQgbEAzh2rcLJJi5GoFp
=DJCS
-----END PGP SIGNATURE-----
Merge tag 'nds32-for-linus-4.19-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux
Pull nds32 updates from Greentime Hu:
"Contained in here are the bug fixes, building error fixes and ftrace
support for nds32"
* tag 'nds32-for-linus-4.19-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/greentime/linux:
nds32: linker script: GCOV kernel may refers data in __exit
nds32: fix build error because of wrong semicolon
nds32: Fix a kernel panic issue because of wrong frame pointer access.
nds32: Only print one page of stack when die to prevent printing too much information.
nds32: Add macro definition for offset of lp register on stack
nds32: Remove the deprecated ABI implementation
nds32/stack: Get real return address by using ftrace_graph_ret_addr
nds32/ftrace: Support dynamic function graph tracer
nds32/ftrace: Support dynamic function tracer
nds32/ftrace: Add RECORD_MCOUNT support
nds32/ftrace: Support static function graph tracer
nds32/ftrace: Support static function tracer
nds32: Extract the checking and getting pointer to a macro
nds32: Clean up the coding style
nds32: Fix get_user/put_user macro expand pointer problem
nds32: Fix empty call trace
nds32: add NULL entry to the end of_device_id array
nds32: fix logic for module
This patch is used to fix nds32 allmodconfig/allyesconfig build error
because GCOV kernel embeds counters in the kernel for each line
and a part of that embed in __exit text. So we need to keep the
EXIT_TEXT and EXIT_DATA if CONFIG_GCOV_KERNEL=y.
Link: https://lkml.org/lkml/2018/9/1/125
Signed-off-by: Greentime Hu <greentime@andestech.com>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
setup_initrd() overwrites initrd_start and initrd_end if __initramfs_size
is larger than 0, which is always true even if there is no embedded
initramfs. This prevents booting qemu with "-initrd" parameter.
Overwriting initrd_start and initrd_end is not necessary since
__initramfs_start and __initramfs_size are used directly in
populate_rootfs() to load the built-in initramfs, so just drop
that code.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
__GFP_HIGHMEM flag is cleared by upper layer functions
(in include/linux/dma-mapping.h) so we'll never get a
__GFP_HIGHMEM flag in arch_dma_alloc gfp argument.
That's why alloc_pages will never return highmem page
here.
Get rid of highmem pages handling and cleanup arch_dma_alloc
and arch_dma_free functions.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
So far the IOC treatment was global on ARC, being turned on (or off)
for all devices in the system. With this patch, this can now be done
per device using the "dma-coherent" DT property; IOW with this patch
we can use both HW-coherent and regular DMA peripherals simultaneously.
The changes involved are too many so enlisting the summary below:
1. common code calls ARC arch_setup_dma_ops() per device.
2. For coherent dma (IOC) it plugs in generic @dma_direct_ops which
doesn't need any arch specific backend: No need for any explicit
cache flushes or MMU mappings to provide for uncached access
- dma_(map|sync)_single* return early as corresponding dma ops callbacks
are NULL in generic code.
So arch_sync_dma_*() -> dma_cache_*() need not handle the coherent
dma case, hence drop ARC __dma_cache_*_ioc() which were no-op anyways
3. For noncoherent dma (non IOC) generic @dma_noncoherent_ops is used
which in turns calls ARC specific routines
- arch_dma_alloc() no longer checks for @ioc_enable since this is
called only for !IOC case.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[vgupta: rewrote changelog]
Two small fixes for KVM on POWER machines; one fixes a bug where pages
might not get marked dirty, causing guest memory corruption on migration,
and the other fixes a bug causing reads from guest memory to use the
wrong guest real address for very large HPT guests (>256G of memory),
leading to failures in instruction emulation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABCAAGBQJbfVFcAAoJEJ2a6ncsY3GfwAcH/i4BDNm5bSXLbCZv1Zqc9iWM
ZqCNSlx9fuR5z+Bl3FWvm14CqfG7JFMd1pVXVD3AEGN6nv0mtLPotmoaw+BUWXIP
aD3BRIBSfOVHj90CiWJ1pqZGzE49vAKrjUGocuqHhBiqGjYmnnE7QKgD+lQ13SND
LWDV3XaQgoO9+NZdqtV6hsWMmKCmXWIHykkG9H+EVkD+341e2EBQf6r83qibAGz4
U5SHkr/3JqL8oC7RJixT8CS/dV5qCgmuL8Vs5NYDTUnc6DmKhdes2s7OiugK7nHg
twKe8K0aRVowmTA8yIwEN22OeH1FAUmYDClkgHozHFWyD2+u7O9kLrAYZxEN9Q4=
=61nR
-----END PGP SIGNATURE-----
Merge tag 'kvm-ppc-fixes-4.19-1' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
PPC KVM fixes for 4.19
Two small fixes for KVM on POWER machines; one fixes a bug where pages
might not get marked dirty, causing guest memory corruption on migration,
and the other fixes a bug causing reads from guest memory to use the
wrong guest real address for very large HPT guests (>256G of memory),
leading to failures in instruction emulation.
We have to do down_write on the mm semaphore to set a bitfield in the
mm context.
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Fixes: a4499382 ("KVM: s390: Add huge page enablement control")
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Copy the key mask to the right offset inside the shadow CRYCB
Fixes: bbeaa58b3 ("KVM: s390: vsie: support aes dea wrapping keys")
Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Cc: stable@vger.kernel.org # v4.8+
Message-Id: <1535019956-23539-2-git-send-email-pmorel@linux.ibm.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
We should not return with a lock.
We also have to increase the address when we do page clearing.
Fixes: bd096f6443 ("KVM: s390: Add skey emulation fault handling")
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Message-Id: <20180830081355.59234-1-frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
It shall be removed in the define usage. We shall not put a semicolon there.
/kisskb/src/arch/nds32/include/asm/elf.h:126:29: error: expected '}' before ';' token
#define ELF_DATA ELFDATA2LSB;
^
/kisskb/src/fs/proc/kcore.c:318:17: note: in expansion of macro 'ELF_DATA'
[EI_DATA] = ELF_DATA,
^~~~~~~~
/kisskb/src/fs/proc/kcore.c:312:15: note: to match this '{'
.e_ident = {
^
/kisskb/src/scripts/Makefile.build:307: recipe for target 'fs/proc/kcore.o' failed
Signed-off-by: Greentime Hu <greentime@andestech.com>
It may print too much information sometimes if the stack is wrong or
too big. This patch can limit the debug information in a page of stack.
Signed-off-by: Greentime Hu <greentime@andestech.com>
Use macro to replace the magic number.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
We are not using NDS32 ABI 2 for now, just remove the preprocessor
directives __NDS32_ABI_2.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
Function graph tracer has modified the return address to
'return_to_handler' on stack, and provide the 'ftrace_graph_ret_addr' to
get the real return address.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
This patch contains the implementation of dynamic function graph tracer.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
This patch contains the implementation of dynamic function tracer.
The mcount call is composed of three instructions, so there are three
nop for enough placeholder.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
Recognize NDS32 object files in recordmcount.pl.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
This patch contains implementation of static function graph tracer.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
This patch support the static function tracer. On nds32 ABI, we need to
always push return address to stack for __builtin_return_address can
work correctly, otherwise, it will get the wrong value of $lp at leaf
function.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
1. Adjust indentation.
2. Unify argument name of each macro.
3. Add space after comma in parameters list.
4. Add space after 'if' keyword.
5. Replace space by tab.
6. Change asm volatile to __asm__ __volatile__
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
The pointer argument of macro need to be taken out once first, and then
use the new pointer in the macro body.
In kernel/trace/trace.c, get_user(ch, ubuf++) causes the unexpected
increment after expand the macro.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
The compiler predefined macro 'NDS32_ABI_2' had been removed, it should
use the '__NDS32_ABI_2' here.
Signed-off-by: Zong Li <zong@andestech.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
Make sure of_device_id tables are NULL terminated.
Found by coccinelle spatch "misc/of_table.cocci"
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Acked-by: Greentime Hu <greentime@andestech.com>
Signed-off-by: Greentime Hu <greentime@andestech.com>
This bug is report by Dan Carpenter. We shall use ~loc_mask instead of
!loc_mask because we need to and(&) the bits of ~loc_mask.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: c9a4a8da6b ("nds32: Loadable modules")
Signed-off-by: Greentime Hu <greentime@andestech.com>
