Commit Graph

155570 Commits

Author SHA1 Message Date
Linus Torvalds
736706bee3 get rid of legacy 'get_ds()' function
Every in-kernel use of this function defined it to KERNEL_DS (either as
an actual define, or as an inline function).  It's an entirely
historical artifact, and long long long ago used to actually read the
segment selector valueof '%ds' on x86.

Which in the kernel is always KERNEL_DS.

Inspired by a patch from Jann Horn that just did this for a very small
subset of users (the ones in fs/), along with Al who suggested a script.
I then just took it to the logical extreme and removed all the remaining
gunk.

Roughly scripted with

   git grep -l '(get_ds())' -- :^tools/ | xargs sed -i 's/(get_ds())/(KERNEL_DS)/'
   git grep -lw 'get_ds' -- :^tools/ | xargs sed -i '/^#define get_ds()/d'

plus manual fixups to remove a few unusual usage patterns, the couple of
inline function cases and to fix up a comment that had become stale.

The 'get_ds()' function remains in an x86 kvm selftest, since in user
space it actually does something relevant.

Inspired-by: Jann Horn <jannh@google.com>
Inspired-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-03-04 10:50:14 -08:00
Linus Torvalds
00c42373d3 x86-64: add warning for non-canonical user access address dereferences
This adds a warning (once) for any kernel dereference that has a user
exception handler, but accesses a non-canonical address.  It basically
is a simpler - and more limited - version of commit 9da3f2b740
("x86/fault: BUG() when uaccess helpers fault on kernel addresses") that
got reverted.

Note that unlike that original commit, this only causes a warning,
because there are real situations where we currently can do this
(notably speculative argument fetching for uprobes etc).  Also, unlike
that original commit, this _only_ triggers for #GP accesses, so the
cases of valid kernel pointers that cross into a non-mapped page aren't
affected.

The intent of this is two-fold:

 - the uprobe/tracing accesses really do need to be more careful. In
   particular, from a portability standpoint it's just wrong to think
   that "a pointer is a pointer", and use the same logic for any random
   pointer value you find on the stack. It may _work_ on x86-64, but it
   doesn't necessarily work on other architectures (where the same
   pointer value can be either a kernel pointer _or_ a user pointer, and
   you really need to be much more careful in how you try to access it)

   The warning can hopefully end up being a reminder that just any
   random pointer access won't do.

 - Kees in particular wanted a way to actually report invalid uses of
   wild pointers to user space accessors, instead of just silently
   failing them. Automated fuzzers want a way to get reports if the
   kernel ever uses invalid values that the fuzzer fed it.

   The non-canonical address range is a fair chunk of the address space,
   and with this you can teach syzkaller to feed in invalid pointer
   values and find cases where we do not properly validate user
   addresses (possibly due to bad uses of "set_fs()").

Acked-by: Kees Cook <keescook@chromium.org>
Cc: Jann Horn <jannh@google.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-03-04 10:08:28 -08:00
Linus Torvalds
c027c7cf15 ARM: SoC fixes for v5.0
One more set of simple ARM platform fixes:
 
  - A boot regression on qualcomm msm8998
  - Gemini display controllers got turned off by accident
  - incorrect reference counting in optee
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJcewMjAAoJEGCrR//JCVInKmUP/0Cf2M4eekFEoEMSkCOlZlvP
 aDiFaejGOfGXVMkBX6f5dwc4hEzGTPMBEIcsMDOa6LDFo6wd1JW+XIFYOcyT8oVr
 ELTOQeLj0Ru+c4d4r2PrNLG4jpacoWfGgDXih8QNfKn7MbcHGyu8XN/UQZGx/Vw5
 Lebrc7yrMgHpYrP2Pwj/q+6PY+DhuQbV3YEtpN8YVKFHWkqBF+81ghTpaaoOi1Uu
 +cS6lmh3bVzsyX0SO1TXWqYXd9UWWhgnkdvIHbB7XRKHW6amzSwKBvc95TE42Ycu
 8nQOc+33ZDUki0bQB75gjVU8HY2L0nNEk9Atw8o+Y4ZCCpDYpcryYwoKrNdX2GMB
 H+55ENU9zn9V/H8xOZ84+Vmu3uIQIk0gymSAyMCkNLjw/D84oxDSVMRJLeWuILlF
 LcI7+1hcT0vcwpIIQqQbocK1D0XvkNSkNhukl5eM/JhMQVLOblDW8FSK88RIkPKp
 t0yE44DJbsaz2L8ab7S/84aHP5pxybrazNXrl2N3F8Xaj+DQZ1Bk8Q3cwVH4G6Km
 DdKAEsDpbe8f1bzfmIgM/tfpPKus3ETC39wJm4bK3Yt5znllUOCOOalitUtQZVj2
 AjI8MxbM/9ePr2ymMmiQVNap2lXfaGcvNNlX/JNnJv7KiaN7mZGxQ1Vrw6EHbMbm
 fuLi8Z/mtTaucWc67GM+
 =doMO
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull ARM SoC fixes from Arnd Bergmann:
 "One more set of simple ARM platform fixes:

   - A boot regression on qualcomm msm8998

   - Gemini display controllers got turned off by accident

   - incorrect reference counting in optee"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  tee: optee: add missing of_node_put after of_device_is_available
  arm64: dts: qcom: msm8998: Extend TZ reserved memory area
  ARM: dts: gemini: Re-enable display controller
2019-03-02 16:43:15 -08:00
Linus Torvalds
e7c42a89e9 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
 "Two last minute fixes:

   - Prevent value evaluation via functions happening in the user access
     enabled region of __put_user() (put another way: make sure to
     evaluate the value to be stored in user space _before_ enabling
     user space accesses)

   - Correct the definition of a Hyper-V hypercall constant"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/hyper-v: Fix definition of HV_MAX_FLUSH_REP_COUNT
  x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
2019-03-02 11:47:29 -08:00
Linus Torvalds
c93d9218ea Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix refcount leak in act_ipt during replace, from Davide Caratti.

 2) Set task state properly in tun during blocking reads, from Timur
    Celik.

 3) Leaked reference in DSA, from Wen Yang.

 4) NULL deref in act_tunnel_key, from Vlad Buslov.

 5) cipso_v4_erro can reference the skb IPCB in inappropriate contexts
    thus referencing garbage, from Nazarov Sergey.

 6) Don't accept RTA_VIA and RTA_GATEWAY in contexts where those
    attributes make no sense.

 7) Fix hung sendto in tipc, from Tung Nguyen.

 8) Out-of-bounds access in netlabel, from Paul Moore.

 9) Grant reference leak in xen-netback, from Igor Druzhinin.

10) Fix tx stalls with lan743x, from Bryan Whitehead.

11) Fix interrupt storm with mv88e6xxx, from Hein Kallweit.

12) Memory leak in sit on device registry failure, from Mao Wenan.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
  net: sit: fix memory leak in sit_init_net()
  net: dsa: mv88e6xxx: Fix statistics on mv88e6161
  geneve: correctly handle ipv6.disable module parameter
  net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode
  bpf: fix sanitation rewrite in case of non-pointers
  ipv4: Add ICMPv6 support when parse route ipproto
  MIPS: eBPF: Fix icache flush end address
  lan743x: Fix TX Stall Issue
  net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
  net: aquantia: regression on cpus with high cores: set mode with 8 queues
  selftests: fixes for UDP GRO
  bpf: drop refcount if bpf_map_new_fd() fails in map_create()
  net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces on 6390X
  net: dsa: mv88e6xxx: Fix u64 statistics
  xen-netback: don't populate the hash cache on XenBus disconnect
  xen-netback: fix occasional leak of grant ref mappings under memory pressure
  sctp: chunk.c: correct format string for size_t in printk
  net: netem: fix skb length BUG_ON in __skb_to_sgvec
  netlabel: fix out-of-bounds memory accesses
  ipv4: Pass original device to ip_rcv_finish_core
  ...
2019-03-02 08:46:34 -08:00
Linus Torvalds
fa3294c58c Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull more crypto fixes from Herbert Xu:
 "This fixes a couple of issues in arm64/chacha that was introduced in
  5.0"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: arm64/chacha - fix hchacha_block_neon() for big endian
  crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
2019-03-02 08:32:02 -08:00
Paul Burton
d1a2930d8a MIPS: eBPF: Fix icache flush end address
The MIPS eBPF JIT calls flush_icache_range() in order to ensure the
icache observes the code that we just wrote. Unfortunately it gets the
end address calculation wrong due to some bad pointer arithmetic.

The struct jit_ctx target field is of type pointer to u32, and as such
adding one to it will increment the address being pointed to by 4 bytes.
Therefore in order to find the address of the end of the code we simply
need to add the number of 4 byte instructions emitted, but we mistakenly
add the number of instructions multiplied by 4. This results in the call
to flush_icache_range() operating on a memory region 4x larger than
intended, which is always wasteful and can cause crashes if we overrun
into an unmapped page.

Fix this by correcting the pointer arithmetic to remove the bogus
multiplication, and use braces to remove the need for a set of brackets
whilst also making it obvious that the target field is a pointer.

Signed-off-by: Paul Burton <paul.burton@mips.com>
Fixes: b6bd53f9c4 ("MIPS: Add missing file for eBPF JIT.")
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Martin KaFai Lau <kafai@fb.com>
Cc: Song Liu <songliubraving@fb.com>
Cc: Yonghong Song <yhs@fb.com>
Cc: netdev@vger.kernel.org
Cc: bpf@vger.kernel.org
Cc: linux-mips@vger.kernel.org
Cc: stable@vger.kernel.org # v4.13+
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
2019-03-02 00:04:15 +01:00
Arnd Bergmann
6089e65618 Qualcomm ARM64 Fixes for 5.0-rc8
* Fix TZ memory area size to avoid crashes during boot
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJcdiEpAAoJEFKiBbHx2RXVQLAP/i9ZU6p6TD8KVYVnxbec5pIz
 bB6/gNo0VfM4/4CZmznJ0FQcGbxGekaMSCtNJDlgfzIM/VC2nXdlPzZi/Lo8tubX
 NgP4KYVccqnyA7Ppb/7lMaITsclljofdSaGVX4Vj4o60DzrEkA8reauJ4a+X8GDF
 d0kh006/Q0aRD9rrIV9ZaRWE8mzThbuCwMDZt6iV5kUDGKK1qleJV7wkBlSYKMTg
 rB+9ObD02kZxw7FWNcf0LH/4Ans9coPkM6I0CE4MCH5ozEDg+AN7RRXTkeniXYdi
 kljx2BilgN0SyV9zuGLwYW/FRXcMOV1Rmmdw2CUU84wNnnTkcLG0O43fqR8S8nBb
 cF0Wd9zPHlXWhIKa5twgFubvluZjsaFOciThixtAELwU4wrxq9h5NUxW3XnYQVUO
 riEIPUIBl8e3wY2SHk0HUBvHUcXr8m033V0oKN5tIO69OuWRROMBCNp0Su6JraSs
 7hC2wWvo+wtqQIC3JHszSRyfA1ceF7ldYit5dRLJPycMk49fgzXF+Coel7W0ifV5
 PV62/1SQXkajeRywdamFCT6ccdRQcqVzKSUrQdD0U0+Z5hC4BjgK9TOMHSak6YEY
 iKt4PwpdE6zdenybmflUw7wcmdt2plrYHGJYLelFE3TKZMhV1x33LtNeb2FPXSZo
 u/RxwNuDNdyw9kGUk1+u
 =iA1y
 -----END PGP SIGNATURE-----

Merge tag 'qcom-fixes-for-5.0-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux into arm/fixes

Qualcomm ARM64 Fixes for 5.0-rc8

* Fix TZ memory area size to avoid crashes during boot

* tag 'qcom-fixes-for-5.0-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux:
  arm64: dts: qcom: msm8998: Extend TZ reserved memory area
2019-03-01 15:08:16 +01:00
Linus Torvalds
bf23aba194 A few more MIPS fixes:
- Fix 16b cmpxchg() operations which could erroneously fail if bits 15:8
   of the old value are non-zero. In practice I'm not aware of any actual
   users of 16b cmpxchg() on MIPS, but this fixes the support for it was
   was introduced in v4.13.
 
 - Provide a struct device to dma_alloc_coherent for Lantiq XWAY systems
   with a "Voice MIPS Macro Core" (VMMC) device.
 
 - Provide DMA masks for BCM63xx ethernet devices, fixing a regression
   introduced in v4.19.
 
 - Fix memblock reservation for the kernel when the system has a non-zero
   PHYS_OFFSET, correcting the memblock conversion performed in v4.20.
 -----BEGIN PGP SIGNATURE-----
 
 iIsEABYIADMWIQRgLjeFAZEXQzy86/s+p5+stXUA3QUCXHhqjBUccGF1bC5idXJ0
 b25AbWlwcy5jb20ACgkQPqefrLV1AN3ZaAD/SFgi3dS9bSWhDhiy83llLaWiCGPb
 i09uzo3rpWoKSwQBAIwLEfmaHz/sYdliKRlE13uaxYWzwaN+VHXIPjlzbYMB
 =cDlO
 -----END PGP SIGNATURE-----

Merge tag 'mips_fixes_5.0_4' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux

Pull MIPS fixes from Paul Burton:
 "A few more MIPS fixes:

   - Fix 16b cmpxchg() operations which could erroneously fail if bits
     15:8 of the old value are non-zero. In practice I'm not aware of
     any actual users of 16b cmpxchg() on MIPS, but this fixes the
     support for it was was introduced in v4.13.

   - Provide a struct device to dma_alloc_coherent for Lantiq XWAY
     systems with a "Voice MIPS Macro Core" (VMMC) device.

   - Provide DMA masks for BCM63xx ethernet devices, fixing a regression
     introduced in v4.19.

   - Fix memblock reservation for the kernel when the system has a
     non-zero PHYS_OFFSET, correcting the memblock conversion performed
     in v4.20"

* tag 'mips_fixes_5.0_4' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
  MIPS: fix memory setup for platforms with PHYS_OFFSET != 0
  MIPS: BCM63XX: provide DMA masks for ethernet devices
  MIPS: lantiq: pass struct device to DMA API functions
  MIPS: fix truncation in __cmpxchg_small for short values
2019-02-28 15:33:10 -08:00
Linus Torvalds
3f25a5990d Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
 "This fixes a compiler warning introduced by a previous fix, as well as
  two crash bugs on ARM"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: sha512/arm - fix crash bug in Thumb2 build
  crypto: sha256/arm - fix crash bug in Thumb2 build
  crypto: ccree - add missing inline qualifier
2019-02-28 09:05:18 -08:00
Lan Tianyu
9cd05ad291 x86/hyper-v: Fix definition of HV_MAX_FLUSH_REP_COUNT
The max flush rep count of HvFlushGuestPhysicalAddressList hypercall is
equal with how many entries of union hv_gpa_page_range can be populated
into the input parameter page.

The code lacks parenthesis around PAGE_SIZE - 2 * sizeof(u64) which results
in bogus computations. Add them.

Fixes: cc4edae4b9 ("x86/hyper-v: Add HvFlushGuestAddressList hypercall support")
Signed-off-by: Lan Tianyu <Tianyu.Lan@microsoft.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: kys@microsoft.com
Cc: haiyangz@microsoft.com
Cc: sthemmin@microsoft.com
Cc: sashal@kernel.org
Cc: bp@alien8.de
Cc: hpa@zytor.com
Cc: gregkh@linuxfoundation.org
Cc: devel@linuxdriverproject.org
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20190225143114.5149-1-Tianyu.Lan@microsoft.com
2019-02-28 11:58:29 +01:00
Eric Biggers
f86d17e9ef crypto: arm64/chacha - fix hchacha_block_neon() for big endian
On big endian arm64 kernels, the xchacha20-neon and xchacha12-neon
self-tests fail because hchacha_block_neon() outputs little endian words
but the C code expects native endianness.  Fix it to output the words in
native endianness (which also makes it match the arm32 version).

Fixes: cc7cf991e9 ("crypto: arm64/chacha20 - add XChaCha20 support")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-02-28 14:37:48 +08:00
Eric Biggers
4b6d196c9c crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
The change to encrypt a fifth ChaCha block using scalar instructions
caused the chacha20-neon, xchacha20-neon, and xchacha12-neon self-tests
to start failing on big endian arm64 kernels.  The bug is that the
keystream block produced in 32-bit scalar registers is directly XOR'd
with the data words, which are loaded and stored in native endianness.
Thus in big endian mode the data bytes end up XOR'd with the wrong
bytes.  Fix it by byte-swapping the keystream words in big endian mode.

Fixes: 2fe55987b2 ("crypto: arm64/chacha - use combined SIMD/ALU routine for more speed")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-02-28 14:37:48 +08:00
Thomas Bogendoerfer
e0bf304e4a
MIPS: fix memory setup for platforms with PHYS_OFFSET != 0
For platforms, which use a PHYS_OFFSET != 0, symbol _end also
contains that offset. So when calling memblock_reserve() for
reserving kernel the size argument needs to be adjusted.

Fixes: bcec54bf31 ("mips: switch to NO_BOOTMEM")
Acked-by: Mike Rapoport <rppt@linux.ibm.com>
Signed-off-by: Thomas Bogendoerfer <tbogendoerfer@suse.de>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: linux-mips@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: stable@vger.kernel.org # v4.20+
2019-02-27 18:49:29 -08:00
Marc Gonzalez
6e53330909 arm64: dts: qcom: msm8998: Extend TZ reserved memory area
My console locks up as soon as Linux writes to [88800000,88f00000[
AFAIU, that memory area is reserved for trustzone.

Extend TZ reserved memory range, to prevent Linux from stepping on
trustzone's toes.

Cc: stable@vger.kernel.org # 4.20+
Reviewed-by: Sibi Sankar <sibis@codeaurora.org>
Fixes: c783394956 ("arm64: dts: qcom: msm8998: Add smem related nodes")
Signed-off-by: Marc Gonzalez <marc.w.gonzalez@free.fr>
Signed-off-by: Andy Gross <andy.gross@linaro.org>
2019-02-26 23:32:11 -06:00
Jonas Gorski
18836b48eb
MIPS: BCM63XX: provide DMA masks for ethernet devices
The switch to the generic dma ops made dma masks mandatory, breaking
devices having them not set. In case of bcm63xx, it broke ethernet with
the following warning when trying to up the device:

[    2.633123] ------------[ cut here ]------------
[    2.637949] WARNING: CPU: 0 PID: 325 at ./include/linux/dma-mapping.h:516 bcm_enetsw_open+0x160/0xbbc
[    2.647423] Modules linked in: gpio_button_hotplug
[    2.652361] CPU: 0 PID: 325 Comm: ip Not tainted 4.19.16 #0
[    2.658080] Stack : 80520000 804cd3ec 00000000 00000000 804ccc00 87085bdc 87d3f9d4 804f9a17
[    2.666707]         8049cf18 00000145 80a942a0 00000204 80ac0000 10008400 87085b90 eb3d5ab7
[    2.675325]         00000000 00000000 80ac0000 000022b0 00000000 00000000 00000007 00000000
[    2.683954]         0000007a 80500000 0013b381 00000000 80000000 00000000 804a1664 80289878
[    2.692572]         00000009 00000204 80ac0000 00000200 00000002 00000000 00000000 80a90000
[    2.701191]         ...
[    2.703701] Call Trace:
[    2.706244] [<8001f3c8>] show_stack+0x58/0x100
[    2.710840] [<800336e4>] __warn+0xe4/0x118
[    2.715049] [<800337d4>] warn_slowpath_null+0x48/0x64
[    2.720237] [<80289878>] bcm_enetsw_open+0x160/0xbbc
[    2.725347] [<802d1d4c>] __dev_open+0xf8/0x16c
[    2.729913] [<802d20cc>] __dev_change_flags+0x100/0x1c4
[    2.735290] [<802d21b8>] dev_change_flags+0x28/0x70
[    2.740326] [<803539e0>] devinet_ioctl+0x310/0x7b0
[    2.745250] [<80355fd8>] inet_ioctl+0x1f8/0x224
[    2.749939] [<802af290>] sock_ioctl+0x30c/0x488
[    2.754632] [<80112b34>] do_vfs_ioctl+0x740/0x7dc
[    2.759459] [<80112c20>] ksys_ioctl+0x50/0x94
[    2.763955] [<800240b8>] syscall_common+0x34/0x58
[    2.768782] ---[ end trace fb1a6b14d74e28b6 ]---
[    2.773544] bcm63xx_enetsw bcm63xx_enetsw.0: cannot allocate rx ring 512

Fix this by adding appropriate DMA masks for the platform devices.

Fixes: f8c55dc6e8 ("MIPS: use generic dma noncoherent ops for simple noncoherent platforms")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Paul Burton <paul.burton@mips.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: James Hogan <jhogan@kernel.org>
Cc: stable@vger.kernel.org # v4.19+
2019-02-25 12:56:39 -08:00
Andy Lutomirski
2a418cf3f5 x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
When calling __put_user(foo(), ptr), the __put_user() macro would call
foo() in between __uaccess_begin() and __uaccess_end().  If that code
were buggy, then those bugs would be run without SMAP protection.

Fortunately, there seem to be few instances of the problem in the
kernel. Nevertheless, __put_user() should be fixed to avoid doing this.
Therefore, evaluate __put_user()'s argument before setting AC.

This issue was noticed when an objtool hack by Peter Zijlstra complained
about genregs_get() and I compared the assembly output to the C source.

 [ bp: Massage commit message and fixed up whitespace. ]

Fixes: 11f1a4b975 ("x86: reorganize SMAP handling in user space accesses")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Borislav Petkov <bp@suse.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20190225125231.845656645@infradead.org
2019-02-25 20:17:05 +01:00
Linus Torvalds
53a41cb7ed Revert "x86/fault: BUG() when uaccess helpers fault on kernel addresses"
This reverts commit 9da3f2b740.

It was well-intentioned, but wrong.  Overriding the exception tables for
instructions for random reasons is just wrong, and that is what the new
code did.

It caused problems for tracing, and it caused problems for strncpy_from_user(),
because the new checks made perfectly valid use cases break, rather than
catch things that did bad things.

Unchecked user space accesses are a problem, but that's not a reason to
add invalid checks that then people have to work around with silly flags
(in this case, that 'kernel_uaccess_faults_ok' flag, which is just an
odd way to say "this commit was wrong" and was sprinked into random
places to hide the wrongness).

The real fix to unchecked user space accesses is to get rid of the
special "let's not check __get_user() and __put_user() at all" logic.
Make __{get|put}_user() be just aliases to the regular {get|put}_user()
functions, and make it impossible to access user space without having
the proper checks in places.

The raison d'être of the special double-underscore versions used to be
that the range check was expensive, and if you did multiple user
accesses, you'd do the range check up front (like the signal frame
handling code, for example).  But SMAP (on x86) and PAN (on ARM) have
made that optimization pointless, because the _real_ expense is the "set
CPU flag to allow user space access".

Do let's not break the valid cases to catch invalid cases that shouldn't
even exist.

Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: Tobin C. Harding <tobin@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Jann Horn <jannh@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-25 09:10:51 -08:00
Linus Walleij
014e90ca44 ARM: dts: gemini: Re-enable display controller
commit 137cd7100e
"ARM: dts: Enable Gemini flash access" contained a bug
by disabling the display controller, while the whole
idea with the patch was to enable flash access AND
the display controller, simultaneously. Fix it up.

Fixes: 137cd7100e ("ARM: dts: Enable Gemini flash access")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-02-25 11:16:30 +01:00
Linus Torvalds
c3619a482e Bug fixes.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJcclOnAAoJEL/70l94x66DAjIH/28XLAkaAtJIsm4nTy3sb6nC
 UC7suhEEst4zyRCzUlMdeaMkuWJitx5Bun0x9k5uYvMXqmndXcGq3wLmrRhOY2u2
 iN1myLESOn0+lubVcK/+ht2rat2AO9XqpOKPojBRs/c6MW1UAIJIPKly/ls1++Ee
 TmdIKrgqGgE5Ywx4ObvXBDOeWSKUwxqqNi7FUkWpACJckvmQoKJX0Hre5ICW6lom
 +yUBC1rR9apMLTe2QIW2kBZ9JTKCX0aErdmnLXlyZbFOOk0udzNaDy+kXSs7w9Bk
 tu8biO7xBNJrcR5e+fEipVFIdN9au0aM5pJWq9s4yeqSnDKB1FRekoJj5yvTqus=
 =1GQR
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "Bug fixes"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: MMU: record maximum physical address width in kvm_mmu_extended_role
  kvm: x86: Return LA57 feature based on hardware capability
  x86/kvm/mmu: fix switch between root and guest MMUs
  s390: vsie: Use effective CRYCBD.31 to check CRYCBD validity
2019-02-24 09:47:07 -08:00
Linus Torvalds
e60b5f79bd powerpc fixes for 5.0 #6
One fix for an oops when using SRIOV, introduced by the recent changes to
 support compound IOMMU groups.
 
 Thanks to:
   Alexey Kardashevskiy.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJccT61AAoJEFHr6jzI4aWAAOkQAIVB3i5EDXhiIVUam/YsqlUk
 glEh6a3zmgt8p+zBXlpGW5UULuHC0sx7T1LDGMye+AZ9sXpkK2DzwkwJdNjBMQ8v
 xhH4e4znAhncgRZO92JkrG9Ag4VQuQVLMelhuUcLxF5ybH1+C3ZxSHrMPI7kdiG4
 8un4Og26ixDPcgylLg6tbCeeCr/IjoqZBhyKvwEUjQIY2jM/J/E7zzBEfSRtPlGW
 5jLgfJykEDp9Ta+E4+6+/UtuvbKUOX+xG3j7v7/RBMP0hu7L/naYT3nhoy25Hili
 BXfsNJrLTiQXOCfJZExvqq494Vb4dMwlF4J+45gsBBFUplmZ70g9kSmUKhLtKAtr
 /bfXRKYK9rRigyLHgTRmTbvbX4CkY6C6IgKJem68tWop6QRMazbc8Ea25eqjMESc
 neP7kpZABXJzwLDxP9TS2LjXEcVneR7eIhj7WDY3rrDL/+6YGhVfFKAE+P/Z0THO
 ahPO+EAKQirX127TJZXiL8nkJkU+R4/oKjkF6AsLi2xsLb83cEodABLUpH2xqJCn
 f8JA2gsIjZq3FE+foNpH4i+HVwV3PFFDhNBauZFXtj9hVHt4cuTk1SaIvQohfDCj
 RChHh90MT+u+q1cffeLX/WbjjuJbcxHqF1K1O4SZNN8IfIBVaAXXerbba1KOoIWB
 CG6BfAYQiJ6CBu8QhKYo
 =NBtz
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-5.0-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fix from Michael Ellerman:
 "One fix for an oops when using SRIOV, introduced by the recent changes
  to support compound IOMMU groups.

  Thanks to Alexey Kardashevskiy"

* tag 'powerpc-5.0-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/powernv/sriov: Register IOMMU groups for VFs
2019-02-23 11:13:50 -08:00
Linus Torvalds
9053d2db8b ARM: SoC fixes for 5.0
Only a handful of device tree fixes, all simple enough:
 
 NVIDIA Tegra:
  - Fix a regression for booting on chromebooks
 
 TI OMAP:
  - Two fixes PHY mode on am335x reference boards
 
 Marvell mvebu:
  - A regression fix for Armada XP NAND flash controllers
  - An incorrect reset signal on the clearfog board
 
 Signed-off-by: Arnd Bergmann <arnd@arndb.de>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJccHWeAAoJEGCrR//JCVInLQAQAIKQEEQXxPn1fnXH5oH7n/Yn
 aALv0zoRKx5ybgQvp15hkdD/H7AUt01ADopCvgOxh0EkheIOEZdtb/FCaRPzaYhC
 TrrZhqI6+w0rcMwUzpaDU+90/rxkh6oeIs95lfTkHaZV0ZdbWqwwvX/JuQcPJOh2
 tQXwfNMv4WZetvAFrJHr9L+7/CebgQaOe/Me78wq/bjKEROShaF6j6lQMTeZwX6C
 Jp75cI5gCktqg4ZDQ2NEE8O9Tng4uzIpoVlCptFc38XGKnRZMexZZlZWpMwTeQg1
 QmNmyTal6gbY5tDs3AGg3diSPFQ1nwUiMk2pWvGkkRo5hkNP80lNCouu8F99r/Ub
 QoPRcKzGyBwLj0MwpHBoO5gI1X4mgfZDpL71SdS81p8q3rpnt/W2HU+CTAgnEpAi
 aILCMmRzes3jpNHREUQc5X3dTwfHW8MBW/Bia6XnidqmUw5GoRq+98rCOKFpg2HQ
 m68yDZlOq2odATmaa4xASVfTwccm8jIyQwZVWFPLyekZ9kzMcdYmAI7lGGofJAbg
 SkRXDHsAQ21pDoUZY3C0lE49kPKoTNrt4bsihG0I3hM09moF6ryqmymgAy82mzsD
 e/ZVG2w1E0CS4vKjKq7BEof3PZ6wSdfaYOFzS7v9bXAeBSdRVE/qjzi/aBgAKD8J
 KpDRnh2huOMvPTO5bDKC
 =nXrB
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc

Pull ARM SoC fixes from Arnd Bergmann:
 "Only a handful of device tree fixes, all simple enough:

  NVIDIA Tegra:
   - Fix a regression for booting on chromebooks

  TI OMAP:
   - Two fixes PHY mode on am335x reference boards

  Marvell mvebu:
   - A regression fix for Armada XP NAND flash controllers
   - An incorrect reset signal on the clearfog board"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc:
  ARM: tegra: Restore DT ABI on Tegra124 Chromebooks
  ARM: dts: am335x-evm: Fix PHY mode for ethernet
  ARM: dts: am335x-evmsk: Fix PHY mode for ethernet
  arm64: dts: clearfog-gt-8k: fix SGMII PHY reset signal
  ARM: dts: armada-xp: fix Armada XP boards NAND description
2019-02-22 16:48:37 -08:00
Linus Torvalds
2cc63b3900 ARC fixes for 5.0 final
- Fix memcpy to prevent prefetchw beyond end of buffer [Eugeniy]
 
  - Enable unaligned access early to prevent exceptions given newer gcc
    code gen [Eugeniy]
 
  - Tighten up uboot arg checking to prevent false negatives and also
    allow both jtag and bootloading to coexist w/o config option as
    needed by kernelCi folks [Eugeniy]
 
  - Set slab alignment to 8 for ARC to avoid the atomic64_t unalign [Alexey]
 
  - Disable regfile auto save on interrupts on HSDK platform due to a
    silicon issue  [Vineet]
 
  - Avoid HS38x boot printing crash by not reading HS48x only reg [Vineet]
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJccDKEAAoJEGnX8d3iisJeqAoQAIM753GmJMXJeeaDm8wxUkvF
 1NThcBekh2IrEEesCD8HBaCuegTXGJ8eNCkGBtgxUBisQvixRDCge1r18SXdVWRR
 lz3+VoRbiqe4vNZfXJJZQj09/gOIjL7sZQX7NIAk/YDJ4mdhID0yEULE0cKxPkp3
 w3AsCi6x7Umt9nbH06mPV8b71mT77MaNGpTYmx7cvc8FX/rXfh7C7QUgBDeU2201
 3F3tHiJqR+gBu/kwEVTOuG+wJ3sUy8Yi/Qungv6Lkk3rm4bcimBqB8MaJAqB8fPV
 H3rGTgz9eH6p7SERqdSPvO92x5vw/eh9reg0/K3gmHOI0i3gaiUNhxcZwhu2rqZC
 45JkfrRPbLj11uaUTB07BqYck/5SaHugyu6tCtA+khkCigND8RWwJRBAc25VCsJ1
 9ywIc/6eGbfSyOT1Elit6tf1/SpKap63VoXtNmfdEWvCoW4tAVvR6uhi8DcnSlJJ
 5vqYRZUom5IQ7YrAaXQ7VqAq61H7ZA6XSklQs+0w2pqL0YND9W1ryETIw3lraOCh
 3O2V7nETXjTvnEkxovbQ5C2GwIvURN4RtckdgiXCS3MG3OsGMEWDZFdr0kGffZAO
 SAXn8poO522cglIR8o4GwyE1EATQbQ3zuavDq5zuB//VNHdcgODN18zkqel2A5Wr
 AY85YAxbPx05PMRnAwRx
 =cNCN
 -----END PGP SIGNATURE-----

Merge tag 'arc-5.0-final' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc

Pull ARC fixes from Vineet Gupta:
 "Fixes for ARC for 5.0, bunch of those are stable fodder anyways so
  sooner the better.

   - Fix memcpy to prevent prefetchw beyond end of buffer [Eugeniy]

   - Enable unaligned access early to prevent exceptions given newer gcc
     code gen [Eugeniy]

   - Tighten up uboot arg checking to prevent false negatives and also
     allow both jtag and bootloading to coexist w/o config option as
     needed by kernelCi folks [Eugeniy]

   - Set slab alignment to 8 for ARC to avoid the atomic64_t unalign
     [Alexey]

   - Disable regfile auto save on interrupts on HSDK platform due to a
     silicon issue [Vineet]

   - Avoid HS38x boot printing crash by not reading HS48x only reg
     [Vineet]"

* tag 'arc-5.0-final' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
  ARCv2: don't assume core 0x54 has dual issue
  ARC: define ARCH_SLAB_MINALIGN = 8
  ARC: enable uboot support unconditionally
  ARC: U-boot: check arguments paranoidly
  ARCv2: support manual regfile save on interrupts
  ARC: uacces: remove lp_start, lp_end from clobber list
  ARC: fix actionpoints configuration detection
  ARCv2: lib: memcpy: fix doing prefetchw outside of buffer
  ARCv2: Enable unaligned access in early ASM code
2019-02-22 16:31:26 -08:00
Linus Torvalds
8456e98e18 Merge branch 'parisc-5.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:
 "Fix ptrace syscall number modification which has been broken since
  kernel v4.5 and provide alternative email addresses for the remaining
  users of the retired parisc-linux.org email domain"

* 'parisc-5.0-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  CREDITS/MAINTAINERS: Retire parisc-linux.org email domain
  parisc: Fix ptrace syscall number modification
2019-02-22 16:12:01 -08:00
Linus Torvalds
77dc1181d8 Kbuild fixes for v5.0 (2nd)
- fix scripts/kallsyms.c to correctly check too long symbol names
 
  - fix sh build error for the combination of CONFIG_OF_EARLY_FLATTREE=y
    and CONFIG_USE_BUILTIN_DTB=n
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJcb0FKAAoJED2LAQed4NsGuwcP/2GhoN/whRUpC2LkrsAbkPuy
 Ad/ySgwRROUHeLuSQqxFqOIvnkWYwsCRrA/jNzXalapB66iYVAKWupVniuFkv8Lj
 TIqXOu3qJfpg63l77GgO87L/ZVxiyWxEH3XEvxFlARQCZEk9nwiTkXD8bVt37xwP
 P46RVUQyvS8diUKjS6EO3I74cmBXDDigSzzzJTL6F8GgaGEv8mSMv6pU86CxLSpx
 +X8U/1HR3hHsxOH5oYlFY6RVv/f071YtOVdqgTU5OMWQ7R8iaGOy0eJBaDsl4HGx
 oNYQhvLs7TN4BT6ubVcNliSqp0SwccSGA0nQkSVS78YvYVF9mIDsmH673kfN5pFT
 TYR+LSW8AnWvpQJ7PyJtyKSCD9MEMsi4viAnW/2f1VxCGRV84+A3DotIKekJLa1A
 8uuYbOBqKi5LCBY1Vo8LOlG+epw21AsCqHrot73J4u8nkiK3YZdq4zkV4pnb1B49
 NLXs1pJIG4Tzu06EOK1iOO5Y76fSCV6/5FfqFwP87hyfTtQU1FG1bsivuXccu/hV
 yrUaHdpDRltechPLhN4js8I5zhZTZVZsthn6lITBPcEOmeCbNgIShIdjFIgnqyTr
 OQNznQPNt8iOzsC1aaZ0hOpCcE8Hk1RmObEF+xA5i8k5oinAxPX6loTeW7sIY5OP
 0Pt9FJQ87Q62+jpX0/jp
 =m7U7
 -----END PGP SIGNATURE-----

Merge tag 'kbuild-fixes-v5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull more Kbuild fixes from Masahiro Yamada:

 - fix scripts/kallsyms.c to correctly check too long symbol names

 - fix sh build error for the combination of CONFIG_OF_EARLY_FLATTREE=y
   and CONFIG_USE_BUILTIN_DTB=n

* tag 'kbuild-fixes-v5.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  sh: fix build error for invisible CONFIG_BUILTIN_DTB_SOURCE
  kallsyms: Handle too long symbols in kallsyms.c
2019-02-22 16:09:55 -08:00
Yu Zhang
de3ccd26fa KVM: MMU: record maximum physical address width in kvm_mmu_extended_role
Previously, commit 7dcd575520 ("x86/kvm/mmu: check if tdp/shadow
MMU reconfiguration is needed") offered some optimization to avoid
the unnecessary reconfiguration. Yet one scenario is broken - when
cpuid changes VM's maximum physical address width, reconfiguration
is needed to reset the reserved bits.  Also, the TDP may need to
reset its shadow_root_level when this value is changed.

To fix this, a new field, maxphyaddr, is introduced in the extended
role structure to keep track of the configured guest physical address
width.

Signed-off-by: Yu Zhang <yu.c.zhang@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-22 19:25:10 +01:00
Yu Zhang
511da98d20 kvm: x86: Return LA57 feature based on hardware capability
Previously, 'commit 372fddf709 ("x86/mm: Introduce the 'no5lvl' kernel
parameter")' cleared X86_FEATURE_LA57 in boot_cpu_data, if Linux chooses
to not run in 5-level paging mode. Yet boot_cpu_data is queried by
do_cpuid_ent() as the host capability later when creating vcpus, and Qemu
will not be able to detect this feature and create VMs with LA57 feature.

As discussed earlier, VMs can still benefit from extended linear address
width, e.g. to enhance features like ASLR. So we would like to fix this,
by return the true hardware capability when Qemu queries.

Signed-off-by: Yu Zhang <yu.c.zhang@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-22 19:25:05 +01:00
Vitaly Kuznetsov
ad7dc69aeb x86/kvm/mmu: fix switch between root and guest MMUs
Commit 14c07ad89f ("x86/kvm/mmu: introduce guest_mmu") brought one subtle
change: previously, when switching back from L2 to L1, we were resetting
MMU hooks (like mmu->get_cr3()) in kvm_init_mmu() called from
nested_vmx_load_cr3() and now we do that in nested_ept_uninit_mmu_context()
when we re-target vcpu->arch.mmu pointer.
The change itself looks logical: if nested_ept_init_mmu_context() changes
something than nested_ept_uninit_mmu_context() restores it back. There is,
however, one thing: the following call chain:

 nested_vmx_load_cr3()
  kvm_mmu_new_cr3()
    __kvm_mmu_new_cr3()
      fast_cr3_switch()
        cached_root_available()

now happens with MMU hooks pointing to the new MMU (root MMU in our case)
while previously it was happening with the old one. cached_root_available()
tries to stash current root but it is incorrect to read current CR3 with
mmu->get_cr3(), we need to use old_mmu->get_cr3() which in case we're
switching from L2 to L1 is guest_mmu. (BTW, in shadow page tables case this
is a non-issue because we don't switch MMU).

While we could've tried to guess that we're switching between MMUs and call
the right ->get_cr3() from cached_root_available() this seems to be overly
complicated. Instead, just stash the corresponding CR3 when setting
root_hpa and make cached_root_available() use the stashed value.

Fixes: 14c07ad89f ("x86/kvm/mmu: introduce guest_mmu")
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-02-22 19:24:48 +01:00
Arnd Bergmann
2f8b1ce19e mvebu fixes for 5.0 (part 2)
Fix PHY reset signal on clearfog gt 8K (Armada 8040 based)
 Fix NAND description on Armada XP boards which was broken since a few
 release
 -----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQQYqXDMF3cvSLY+g9cLBhiOFHI71QUCXG/EtQAKCRALBhiOFHI7
 1VPDAJ9DSFQaCmlSRwC/jO1HvchB+y9sxACcDQioH28bCYQt3SYp7K87D1ow8wE=
 =b5Ed
 -----END PGP SIGNATURE-----

Merge tag 'mvebu-fixes-5.0-2' of git://git.infradead.org/linux-mvebu into arm/fixes

mvebu fixes for 5.0 (part 2)

Fix PHY reset signal on clearfog gt 8K (Armada 8040 based)
Fix NAND description on Armada XP boards which was broken since a few
release

* tag 'mvebu-fixes-5.0-2' of git://git.infradead.org/linux-mvebu:
  arm64: dts: clearfog-gt-8k: fix SGMII PHY reset signal
  ARM: dts: armada-xp: fix Armada XP boards NAND description

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-02-22 14:58:41 +01:00
Arnd Bergmann
3858bfca2b Two am335x ethernet phy mode fixes for v5.0-rc cycle
Recent changes with commit cd28d1d6e5: ("net: phy: at803x: Disable phy
 delay for RGMII mode") broke Ethernet on am335x-evmsk, and turns out some
 device driver fixes are needed.
 
 Even without the driver fixes, am335x needs to run in rgmii-id mode instead
 rgmii-txid mode. Things have been working based on luck as the broken driver
 has been configuring rgmii-id mode. Let's fix that as that way things work
 as they're supposed to work from hardware wiring point of view.
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEkgNvrZJU/QSQYIcQG9Q+yVyrpXMFAlxtiWwRHHRvbnlAYXRv
 bWlkZS5jb20ACgkQG9Q+yVyrpXMczhAArsN8/tziFRZcwD8rFIURAXU5SIsbkUhM
 7cFvrJqtpfr0ae3G9fdEc/mox0lu3fnyMoGI5+FvKpFJvrW3zvXWYKVs+LJJyZNS
 OAE42kYb5yVeUwnFxX8NPSL2v7xMxj576gnyMtgv1L3u1UPEwkjytNuo4z4u08lK
 wlBDu/puH0U9hDef5fXPtmpSRPWhfw/4Bm2hj39KulqUPQ6pUnWgHyBg4mqmWYUa
 9PS9nZXUAi0iXhCfh2lhAnSw2brYpW5Z76CI2FRcVHOhJ0aQG2+2ojkYVi7IZz6p
 egwfOrPj8Xt98EnGBMe3LKmq5m2WVZNAG/G/tzpZGcZRrdWYHpTn5Ua2vPTMzo1R
 1N+T8dM0ykkDZ3mKaAI7ixc/sQDXWGQWshzFkik3nKL6EdXpjtaI9yAtfShGiGKE
 0g8JByLQ33QwY5yKh+bRbyPt8BO0pJ9cECapBc/UkdmTZ8LrN4co43wFP37aZRv8
 fmPJcqlfRni1YMjY9LgFL23mZHgFYdUv4UUqpfczGs9d6RLZM5WodxFod8BGjS2W
 kL0ZmTJOecO4mvpUlUYxnSQBhG4FuW3OA266KClSc9rM5PTZzP54BQhyqpzjc/HL
 oWNxTpMwAUx7aXUO1TmWinahpZwNt2Ts/PY/8LqHr/6+Q3db39tV17xsGTp7lFjm
 W0H8S4UkUQw=
 =6JkK
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v5.0/fixes-rc7-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into arm/fixes

Two am335x ethernet phy mode fixes for v5.0-rc cycle

Recent changes with commit cd28d1d6e5: ("net: phy: at803x: Disable phy
delay for RGMII mode") broke Ethernet on am335x-evmsk, and turns out some
device driver fixes are needed.

Even without the driver fixes, am335x needs to run in rgmii-id mode instead
rgmii-txid mode. Things have been working based on luck as the broken driver
has been configuring rgmii-id mode. Let's fix that as that way things work
as they're supposed to work from hardware wiring point of view.

* tag 'omap-for-v5.0/fixes-rc7-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: dts: am335x-evm: Fix PHY mode for ethernet
  ARM: dts: am335x-evmsk: Fix PHY mode for ethernet

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-02-22 14:54:02 +01:00
Ard Biesheuvel
c643165020 crypto: sha512/arm - fix crash bug in Thumb2 build
The SHA512 code we adopted from the OpenSSL project uses a rather
peculiar way to take the address of the round constant table: it
takes the address of the sha256_block_data_order() routine, and
substracts a constant known quantity to arrive at the base of the
table, which is emitted by the same assembler code right before
the routine's entry point.

However, recent versions of binutils have helpfully changed the
behavior of references emitted via an ADR instruction when running
in Thumb2 mode: it now takes the Thumb execution mode bit into
account, which is bit 0 af the address. This means the produced
table address also has bit 0 set, and so we end up with an address
value pointing 1 byte past the start of the table, which results
in crashes such as

  Unable to handle kernel paging request at virtual address bf825000
  pgd = 42f44b11
  [bf825000] *pgd=80000040206003, *pmd=5f1bd003, *pte=00000000
  Internal error: Oops: 207 [#1] PREEMPT SMP THUMB2
  Modules linked in: sha256_arm(+) sha1_arm_ce sha1_arm ...
  CPU: 7 PID: 396 Comm: cryptomgr_test Not tainted 5.0.0-rc6+ #144
  Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
  PC is at sha256_block_data_order+0xaaa/0xb30 [sha256_arm]
  LR is at __this_module+0x17fd/0xffffe800 [sha256_arm]
  pc : [<bf820bca>]    lr : [<bf824ffd>]    psr: 800b0033
  sp : ebc8bbe8  ip : faaabe1c  fp : 2fdd3433
  r10: 4c5f1692  r9 : e43037df  r8 : b04b0a5a
  r7 : c369d722  r6 : 39c3693e  r5 : 7a013189  r4 : 1580d26b
  r3 : 8762a9b0  r2 : eea9c2cd  r1 : 3e9ab536  r0 : 1dea4ae7
  Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment user
  Control: 70c5383d  Table: 6b8467c0  DAC: dbadc0de
  Process cryptomgr_test (pid: 396, stack limit = 0x69e1fe23)
  Stack: (0xebc8bbe8 to 0xebc8c000)
  ...
  unwind: Unknown symbol address bf820bca
  unwind: Index not found bf820bca
  Code: 441a ea80 40f9 440a (f85e) 3b04
  ---[ end trace e560cce92700ef8a ]---

Given that this affects older kernels as well, in case they are built
with a recent toolchain, apply a minimal backportable fix, which is
to emit another non-code label at the start of the routine, and
reference that instead. (This is similar to the current upstream state
of this file in OpenSSL)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-02-22 12:40:56 +08:00
Ard Biesheuvel
69216a545c crypto: sha256/arm - fix crash bug in Thumb2 build
The SHA256 code we adopted from the OpenSSL project uses a rather
peculiar way to take the address of the round constant table: it
takes the address of the sha256_block_data_order() routine, and
substracts a constant known quantity to arrive at the base of the
table, which is emitted by the same assembler code right before
the routine's entry point.

However, recent versions of binutils have helpfully changed the
behavior of references emitted via an ADR instruction when running
in Thumb2 mode: it now takes the Thumb execution mode bit into
account, which is bit 0 af the address. This means the produced
table address also has bit 0 set, and so we end up with an address
value pointing 1 byte past the start of the table, which results
in crashes such as

  Unable to handle kernel paging request at virtual address bf825000
  pgd = 42f44b11
  [bf825000] *pgd=80000040206003, *pmd=5f1bd003, *pte=00000000
  Internal error: Oops: 207 [#1] PREEMPT SMP THUMB2
  Modules linked in: sha256_arm(+) sha1_arm_ce sha1_arm ...
  CPU: 7 PID: 396 Comm: cryptomgr_test Not tainted 5.0.0-rc6+ #144
  Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015
  PC is at sha256_block_data_order+0xaaa/0xb30 [sha256_arm]
  LR is at __this_module+0x17fd/0xffffe800 [sha256_arm]
  pc : [<bf820bca>]    lr : [<bf824ffd>]    psr: 800b0033
  sp : ebc8bbe8  ip : faaabe1c  fp : 2fdd3433
  r10: 4c5f1692  r9 : e43037df  r8 : b04b0a5a
  r7 : c369d722  r6 : 39c3693e  r5 : 7a013189  r4 : 1580d26b
  r3 : 8762a9b0  r2 : eea9c2cd  r1 : 3e9ab536  r0 : 1dea4ae7
  Flags: Nzcv  IRQs on  FIQs on  Mode SVC_32  ISA Thumb  Segment user
  Control: 70c5383d  Table: 6b8467c0  DAC: dbadc0de
  Process cryptomgr_test (pid: 396, stack limit = 0x69e1fe23)
  Stack: (0xebc8bbe8 to 0xebc8c000)
  ...
  unwind: Unknown symbol address bf820bca
  unwind: Index not found bf820bca
  Code: 441a ea80 40f9 440a (f85e) 3b04
  ---[ end trace e560cce92700ef8a ]---

Given that this affects older kernels as well, in case they are built
with a recent toolchain, apply a minimal backportable fix, which is
to emit another non-code label at the start of the routine, and
reference that instead. (This is similar to the current upstream state
of this file in OpenSSL)

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2019-02-22 12:40:56 +08:00
Vineet Gupta
7b2e932f63 ARCv2: don't assume core 0x54 has dual issue
The first release of core4 (0x54) was dual issue only (HS4x).
Newer releases allow hardware to be configured as single issue (HS3x)
or dual issue.

Prevent accessing a HS4x only aux register in HS3x, which otherwise
leads to illegal instruction exceptions

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2019-02-21 14:53:36 -08:00
Dmitry V. Levin
b7dc5a071d parisc: Fix ptrace syscall number modification
Commit 910cd32e55 ("parisc: Fix and enable seccomp filter support")
introduced a regression in ptrace-based syscall tampering: when tracer
changes syscall number to -1, the kernel fails to initialize %r28 with
-ENOSYS and subsequently fails to return the error code of the failed
syscall to userspace.

This erroneous behaviour could be observed with a simple strace syscall
fault injection command which is expected to print something like this:

$ strace -a0 -ewrite -einject=write:error=enospc echo hello
write(1, "hello\n", 6) = -1 ENOSPC (No space left on device) (INJECTED)
write(2, "echo: ", 6) = -1 ENOSPC (No space left on device) (INJECTED)
write(2, "write error", 11) = -1 ENOSPC (No space left on device) (INJECTED)
write(2, "\n", 1) = -1 ENOSPC (No space left on device) (INJECTED)
+++ exited with 1 +++

After commit 910cd32e55 it loops printing
something like this instead:

write(1, "hello\n", 6../strace: Failed to tamper with process 12345: unexpectedly got no error (return value 0, error 0)
) = 0 (INJECTED)

This bug was found by strace test suite.

Fixes: 910cd32e55 ("parisc: Fix and enable seccomp filter support")
Cc: stable@vger.kernel.org # v4.5+
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
2019-02-21 20:10:46 +01:00
Alexey Brodkin
b6835ea777 ARC: define ARCH_SLAB_MINALIGN = 8
The default value of ARCH_SLAB_MINALIGN in "include/linux/slab.h" is
"__alignof__(unsigned long long)" which for ARC unexpectedly turns out
to be 4. This is not a compiler bug, but as defined by ARC ABI [1]

Thus slab allocator would allocate a struct which is 32-bit aligned,
which is generally OK even if struct has long long members.
There was however potetial problem when it had any atomic64_t which
use LLOCKD/SCONDD instructions which are required by ISA to take
64-bit addresses. This is the problem we ran into

[    4.015732] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null)
[    4.167881] Misaligned Access
[    4.172356] Path: /bin/busybox.nosuid
[    4.176004] CPU: 2 PID: 171 Comm: rm Not tainted 4.19.14-yocto-standard #1
[    4.182851]
[    4.182851] [ECR   ]: 0x000d0000 => Check Programmer's Manual
[    4.190061] [EFA   ]: 0xbeaec3fc
[    4.190061] [BLINK ]: ext4_delete_entry+0x210/0x234
[    4.190061] [ERET  ]: ext4_delete_entry+0x13e/0x234
[    4.202985] [STAT32]: 0x80080002 : IE K
[    4.207236] BTA: 0x9009329c   SP: 0xbe5b1ec4  FP: 0x00000000
[    4.212790] LPS: 0x9074b118  LPE: 0x9074b120 LPC: 0x00000000
[    4.218348] r00: 0x00000040  r01: 0x00000021 r02: 0x00000001
...
...
[    4.270510] Stack Trace:
[    4.274510]   ext4_delete_entry+0x13e/0x234
[    4.278695]   ext4_rmdir+0xe0/0x238
[    4.282187]   vfs_rmdir+0x50/0xf0
[    4.285492]   do_rmdir+0x9e/0x154
[    4.288802]   EV_Trap+0x110/0x114

The fix is to make sure slab allocations are 64-bit aligned.

Do note that atomic64_t is __attribute__((aligned(8)) which means gcc
does generate 64-bit aligned references, relative to beginning of
container struct. However the issue is if the container itself is not
64-bit aligned, atomic64_t ends up unaligned which is what this patch
ensures.

[1] https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/wiki/files/ARCv2_ABI.pdf

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: <stable@vger.kernel.org> # 4.8+
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[vgupta: reworked changelog, added dependency on LL64+LLSC]
2019-02-21 11:03:20 -08:00
Eugeniy Paltsev
493a2f8124 ARC: enable uboot support unconditionally
After reworking U-boot args handling code and adding paranoid
arguments check we can eliminate CONFIG_ARC_UBOOT_SUPPORT and
enable uboot support unconditionally.

For JTAG case we can assume that core registers will come up
reset value of 0 or in worst case we rely on user passing
'-on=clear_regs' to Metaware debugger.

Cc: stable@vger.kernel.org
Tested-by: Corentin LABBE <clabbe@baylibre.com>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2019-02-21 11:03:19 -08:00
Eugeniy Paltsev
a66f2e57bd ARC: U-boot: check arguments paranoidly
Handle U-boot arguments paranoidly:
 * don't allow to pass unknown tag.
 * try to use external device tree blob only if corresponding tag
   (TAG_DTB) is set.
 * don't check uboot_tag if kernel build with no ARC_UBOOT_SUPPORT.

NOTE:
If U-boot args are invalid we skip them and try to use embedded device
tree blob. We can't panic on invalid U-boot args as we really pass
invalid args due to bug in U-boot code.
This happens if we don't provide external DTB to U-boot and
don't set 'bootargs' U-boot environment variable (which is default
case at least for HSDK board) In that case we will pass
{r0 = 1 (bootargs in r2); r1 = 0; r2 = 0;} to linux which is invalid.

While I'm at it refactor U-boot arguments handling code.

Cc: stable@vger.kernel.org
Tested-by: Corentin LABBE <clabbe@baylibre.com>
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2019-02-21 11:03:18 -08:00
Vineet Gupta
e494239a00 ARCv2: support manual regfile save on interrupts
There's a hardware bug which affects the HSDK platform, triggered by
micro-ops for auto-saving regfile on taken interrupt. The workaround is
to inhibit autosave.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2019-02-21 11:03:18 -08:00
Vineet Gupta
d5e3c55e01 ARC: uacces: remove lp_start, lp_end from clobber list
Newer ARC gcc handles lp_start, lp_end in a different way and doesn't
like them in the clobber list.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2019-02-21 11:03:17 -08:00
Eugeniy Paltsev
cdf92962ad ARC: fix actionpoints configuration detection
Fix reversed logic while actionpoints configuration (full/min)
detection.

Fixies: 7dd380c338 ("ARC: boot log: print Action point details")
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2019-02-21 11:03:16 -08:00
Eugeniy Paltsev
f8a15f9766 ARCv2: lib: memcpy: fix doing prefetchw outside of buffer
ARCv2 optimized memcpy uses PREFETCHW instruction for prefetching the
next cache line but doesn't ensure that the line is not past the end of
the buffer. PRETECHW changes the line ownership and marks it dirty,
which can cause data corruption if this area is used for DMA IO.

Fix the issue by avoiding the PREFETCHW. This leads to performance
degradation but it is OK as we'll introduce new memcpy implementation
optimized for unaligned memory access using.

We also cut off all PREFETCH instructions at they are quite useless
here:
 * we call PREFETCH right before LOAD instruction call.
 * we copy 16 or 32 bytes of data (depending on CONFIG_ARC_HAS_LL64)
   in a main logical loop. so we call PREFETCH 4 times (or 2 times)
   for each L1 cache line (in case of 64B L1 cache Line which is
   default case). Obviously this is not optimal.

Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2019-02-21 11:03:16 -08:00
Eugeniy Paltsev
252f6e8eae ARCv2: Enable unaligned access in early ASM code
It is currently done in arc_init_IRQ() which might be too late
considering gcc 7.3.1 onwards (GNU 2018.03) generates unaligned
memory accesses by default

Cc: stable@vger.kernel.org #4.4+
Signed-off-by: Eugeniy Paltsev <Eugeniy.Paltsev@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
[vgupta: rewrote changelog]
2019-02-21 11:03:15 -08:00
Linus Torvalds
d6622d913a arm64 fixes for 5.0
- Fix handling of PSTATE.SSBS bit in sigreturn()
 
 - Fix version checking of the GIC during early boot
 
 - Fix clang builds failing due to use of NEON in the crypto code
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEPxTL6PPUbjXGY88ct6xw3ITBYzQFAlxtk30ACgkQt6xw3ITB
 YzSGygf/U9P//TbPwGP2ZrCLHelJ8okYMZgJB3R/MLpGrV/MPWbN39JNMydXUPNT
 Kn21TzQeYnGp4blIC5S8RQMJnrqbR03L4ch6DVrFWGJZVkfI3WFefASHUe+Hg/WB
 d8GCkiqIMO+qX9+o6e+kPts3bgGsGvYEQF0vvdX6DbNXVkqusJ6TSIEAgEYUQH97
 NzIqEfu6xYgmjultmMemfstaWaHI5Mfwx0fSdFhVfCDYKfoAj3U7LDRT9NFEAkTc
 cxxZ3Z/BnJYPOhoqboIceZz499g++1SnISTEIIrGHKa51tK/Nuunaarsr1ZbB4gz
 BLQhrJxbxxtbdkfDGA7u2mSQupCRbA==
 =ujCB
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull late arm64 fixes from Will Deacon:
 "Three small arm64 fixes for 5.0.

  They fix a build breakage with clang introduced in 4.20, an oversight
  in our sigframe restoration relating to the SSBS bit and a boot fix
  for systems with newer revisions of our interrupt controller.

  Summary:

   - Fix handling of PSTATE.SSBS bit in sigreturn()

   - Fix version checking of the GIC during early boot

   - Fix clang builds failing due to use of NEON in the crypto code"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: Relax GIC version check during early boot
  arm64/neon: Disable -Wincompatible-pointer-types when building with Clang
  arm64: fix SSBS sanitization
2019-02-21 09:11:36 -08:00
Andrey Konovalov
3f41b60938 kasan: fix random seed generation for tag-based mode
There are two issues with assigning random percpu seeds right now:

1. We use for_each_possible_cpu() to iterate over cpus, but cpumask is
   not set up yet at the moment of kasan_init(), and thus we only set
   the seed for cpu #0.

2. A call to get_random_u32() always returns the same number and produces
   a message in dmesg, since the random subsystem is not yet initialized.

Fix 1 by calling kasan_init_tags() after cpumask is set up.

Fix 2 by using get_cycles() instead of get_random_u32(). This gives us
lower quality random numbers, but it's good enough, as KASAN is meant to
be used as a debugging tool and not a mitigation.

Link: http://lkml.kernel.org/r/1f815cc914b61f3516ed4cc9bfd9eeca9bd5d9de.1550677973.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-02-21 09:01:00 -08:00
Paolo Bonzini
73de65f5b9 KVM: s390: Fix crypto handling for nested KVM
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABAgAGBQJcam53AAoJEBF7vIC1phx8UrQP/R+7FMgCzL/vafjX1wjgRVP4
 iXUeGri/Y4UnZiiZxHBgUZAjRI+HbZjNddaEVnRpAj1wGfyS94uqSQjJ8an/SSi0
 CRAfNWxzD5sHpqfrTO/QT/AVwiQjb+1xf9ysTrmjG80O5VEa5SPBs+Fl2nOSnFlj
 cf58ao7clvhXymiLObRyocX/knV9fp8SCSlWjrmgSJRY0wtv+QmzneQCeTdShmHA
 Ke46AJ6+k6W3mIub6hPX9gaqhmVlopOiTx4yRBv88cHHhY29FxTFpdpuhZFtbPWi
 dBwpwz5yz6YIF70/VqHBnrF4+ptfvWNzzl8cezaVW4QYMAVSudHxQmikiZu6Ajcm
 PA0D6KY+TNQyHH8Uj7r+GzfPptnzhn3d9Gc4w1UfCwnAIMo51X7yeKOeobEwEOS7
 kuXii1GcbDeJvEI5mBn5hYCaOLPLNJ7xmnPwwYfi4bUlOuSjZ4EJJRfhElxiK5kQ
 adksPMip1UsWbQzeHkp5TtPyBpFr+xM/lvECuZgC49ZtAFPAmX44/BHEbbLJLqHI
 ucPRZwWcZyzJuNOBgLmghBJ62G9weBLAQ4spzHL/o2/xXXDd3oFx3ELmKgUQgmOL
 di4DVcbTsBDOcCWb+hfs0zS/EhDSpUWpOaQJxQGq+jFByC8DgmXJeVYDgT3H/DsB
 wTys07zIkmDNkpXPaPvK
 =pirn
 -----END PGP SIGNATURE-----

Merge tag 'kvm-s390-master-5.0' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master

KVM: s390: Fix crypto handling for nested KVM
2019-02-20 23:48:55 +01:00
Thierry Reding
94d9b9337d ARM: tegra: Restore DT ABI on Tegra124 Chromebooks
Commit 482997699e ("ARM: tegra: Fix unit_address_vs_reg DTC warnings
for /memory") inadventently broke device tree ABI by adding a unit-
address to the "/memory" node because the device tree compiler flagged
the missing unit-address as a warning.

Tegra124 Chromebooks (a.k.a. Nyan) use a bootloader that relies on the
full name of the memory node in device tree being exactly "/memory". It
can be argued whether this was a good decision or not, and some other
bootloaders (such as U-Boot) do accept a unit-address in the name of the
node, but the device tree is an ABI and we can't break existing setups
just because the device tree compiler considers it bad practice to omit
the unit-address nowadays.

This partially reverts the offending commit and restores device tree ABI
compatibility.

Fixes: 482997699e ("ARM: tegra: Fix unit_address_vs_reg DTC warnings for /memory")
Reported-by: Tristan Bastian <tristan-c.bastian@gmx.de>
Signed-off-by: Thierry Reding <treding@nvidia.com>
Tested-by: Tristan Bastian <tristan-c.bastian@gmx.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-02-20 16:08:49 +01:00
Vladimir Murzin
74698f6971 arm64: Relax GIC version check during early boot
Updates to the GIC architecture allow ID_AA64PFR0_EL1.GIC to have
values other than 0 or 1. At the moment, Linux is quite strict in the
way it handles this field at early boot stage (cpufeature is fine) and
will refuse to use the system register CPU interface if it doesn't
find the value 1.

Fixes: 021f653791 ("irqchip: gic-v3: Initial support for GICv3")
Reported-by: Chase Conklin <Chase.Conklin@arm.com>
Reviewed-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2019-02-20 14:05:37 +00:00
Linus Torvalds
40e196a906 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix suspend and resume in mt76x0u USB driver, from Stanislaw
    Gruszka.

 2) Missing memory barriers in xsk, from Magnus Karlsson.

 3) rhashtable fixes in mac80211 from Herbert Xu.

 4) 32-bit MIPS eBPF JIT fixes from Paul Burton.

 5) Fix for_each_netdev_feature() on big endian, from Hauke Mehrtens.

 6) GSO validation fixes from Willem de Bruijn.

 7) Endianness fix for dwmac4 timestamp handling, from Alexandre Torgue.

 8) More strict checks in tcp_v4_err(), from Eric Dumazet.

 9) af_alg_release should NULL out the sk after the sock_put(), from Mao
    Wenan.

10) Missing unlock in mac80211 mesh error path, from Wei Yongjun.

11) Missing device put in hns driver, from Salil Mehta.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
  sky2: Increase D3 delay again
  vhost: correctly check the return value of translate_desc() in log_used()
  net: netcp: Fix ethss driver probe issue
  net: hns: Fixes the missing put_device in positive leg for roce reset
  net: stmmac: Fix a race in EEE enable callback
  qed: Fix iWARP syn packet mac address validation.
  qed: Fix iWARP buffer size provided for syn packet processing.
  r8152: Add support for MAC address pass through on RTL8153-BD
  mac80211: mesh: fix missing unlock on error in table_path_del()
  net/mlx4_en: fix spelling mistake: "quiting" -> "quitting"
  net: crypto set sk to NULL when af_alg_release.
  net: Do not allocate page fragments that are not skb aligned
  mm: Use fixed constant in page_frag_alloc instead of size + 1
  tcp: tcp_v4_err() should be more careful
  tcp: clear icsk_backoff in tcp_write_queue_purge()
  net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
  qmi_wwan: apply SET_DTR quirk to Sierra WP7607
  net: stmmac: handle endianness in dwmac4_get_timestamp
  doc: Mention MSG_ZEROCOPY implementation for UDP
  mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable
  ...
2019-02-19 16:13:19 -08:00
Tony Lindgren
0661465ec8 Merge branch 'am335x-phy-fixes' into omap-for-v5.0/fixes-v2 2019-02-19 08:47:17 -08:00
Peter Ujfalusi
37685f6a63 ARM: dts: am335x-evm: Fix PHY mode for ethernet
The PHY must add both tx and rx delay and not only on the tx clock.
The board uses AR8031_AL1A PHY where the rx delay is enabled by default,
the tx dealy is disabled.

The reason why rgmii-txid worked because the rx delay was not disabled by
the driver so essentially we ended up with rgmii-id PHY mode.

Signed-off-by: Peter Ujfalusi <peter.ujfalusi@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2019-02-19 08:46:33 -08:00