Commit Graph

114114 Commits

Author SHA1 Message Date
Helge Deller
dcbf0d299c parisc: Drop unused MADV_xxxK_PAGES flags from asm/mman.h
Drop the MADV_xxK_PAGES flags, which were never used and were from a proposed
API which was never integrated into the generic Linux kernel code.

Cc: stable@vger.kernel.org
Signed-off-by: Helge Deller <deller@gmx.de>
2015-11-22 12:14:14 +01:00
Helge Deller
1e208ae732 parisc: Drop definition of start_thread_som for HP-UX SOM binaries
The definition of start_thread_som was planned to be used to execute
HP-UX SOM binaries. Since HP-UX compatibility was dropped with kernel 4.0
there is no need to carry it further.

Signed-off-by: Helge Deller <deller@gmx.de>
2015-11-20 10:19:19 +01:00
Helge Deller
2b3f344510 parisc: Fix wrong comment regarding first pmd entry flags
The first pmd entry is marked with PxD_FLAG_ATTACHED instead of
_PAGE_GATEWAY.

Signed-off-by: Helge Deller <deller@gmx.de>
2015-11-20 10:19:18 +01:00
Linus Torvalds
ca04d396a3 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
 "This set of updates contains:

   - Another bugfix for the pathologic vm86 machinery.  Clear
     thread.vm86 on fork to prevent corrupting the parent state.  This
     comes along with an update to the vm86 selftest case

   - Fix another corner case in the ioapic setup code which causes a
     boot crash on some oddball systems

   - Fix the fallout from the dma allocation consolidation work, which
     leads to a NULL pointer dereference when the allocation code is
     called with a NULL device"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/vm86: Set thread.vm86 to NULL on fork/clone
  selftests/x86: Add a fork() to entry_from_vm86 to catch fork bugs
  x86/ioapic: Prevent NULL pointer dereference in setup_ioapic_dest()
  x86/dma-mapping: Fix arch_dma_alloc_attrs() oops with NULL dev
2015-11-01 11:45:26 -08:00
Linus Torvalds
56ef9db246 ARM: SoC fixes for v4.3
This should be our final batch of fixes for 4.3:
 
 - A patch from Sudeep Holla that fixes annotation of wakeup sources properly,
   old unused format seems to have spread through copying.
 - Two patches from Tony for OMAP. One dealing with MUSB setup problems due to
   runtime PM being enabled too early on the parent device. The other fixes
   IRQ numbering for OMAP1.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWNGocAAoJEIwa5zzehBx32UIP/AiO+T1Sb7ZlF+SoQTpMloe1
 BCPtb/rHV4nBbgCTOw7ixauUAt50oI5d6d8+QimC9CgeXOch9QtdWhsp85dVfped
 hfQmlqGIfRi5ltETk7Wnem4JPiz6g9O8atZc8KaFUzhVMPBbtuxaWV9G6rfo11U2
 ps49n73D1CurAIlmGRl47+YpfZl6DvrqiY/YJShU7nEwixIGMYvObN4Wrp1Wlg2H
 1nZ/KPEuVDamS5hxGqqZL+P6I+ePnCN53QFcVfTPzAUu3brv5v/HXvHcE/AdaR5b
 wtrMGzZ3lfN7WChSS8mGgzUBMvMd+xnfF7Bb5B6zwcSGs+xU4Sey8A465m7OY30t
 qdIDbrNB1+1ez62i/yWuH/yAD4QJbQWY3sFIarCdWayqtbh2Yq3d6AoHFydEnTE/
 uHziKxFl3Zur21AcV89PQr3tPwf7Qu9CyN6DSdDgh2xyjPMSnZmDEjY4X2S9z4pu
 4N7JJUL0e4NFr57pk6nU9vkRcLuRXCQDnGqnsZCDxLxEOpsdthGxog/yaHJGeZU8
 2VmqVlwz4ST11X4wt/4XuC5HOWhBesx238UYFjQdPCcQg+YD78ANNHceFm7LUeV7
 ddtbwqjuU+MOGW8KjViPmDkimdaGPNm6eSJt+T4g0toHdWyo9ForQysFuXn2XQBX
 EVEDAgego+tNhaCCDW+p
 =jKgB
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "This should be our final batch of fixes for 4.3:

   - A patch from Sudeep Holla that fixes annotation of wakeup sources
     properly, old unused format seems to have spread through copying.

   - Two patches from Tony for OMAP.  One dealing with MUSB setup
     problems due to runtime PM being enabled too early on the parent
     device.  The other fixes IRQ numbering for OMAP1"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  usb: musb: omap2430: Fix regression caused by driver core change
  ARM: OMAP1: fix incorrect INT_DMA_LCD
  ARM: dts: fix gpio-keys wakeup-source property
2015-10-31 21:36:07 -07:00
Andy Lutomirski
2459ee8651 x86/vm86: Set thread.vm86 to NULL on fork/clone
thread.vm86 points to per-task information -- the pointer should not
be copied on clone.

Fixes: d4ce0f26c7 ("x86/vm86: Move fields from 'struct kernel_vm86_struct' to 'struct vm86'")
Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Stas Sergeev <stsp@list.ru>
Link: http://lkml.kernel.org/r/71c5d6985d70ec8197c8d72f003823c81b7dcf99.1446270067.git.luto@kernel.org
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2015-10-31 09:50:25 +01:00
Linus Torvalds
9b971e771e arm64 fixes for 4.3
- Fix corruption in SWP emulation when STXR fails due to contention
 - Fix MMU re-initialisation when resuming from a low-power state
 - Fix stack unwinding code to match what ftrace expects
 - Fix relocation code in the EFI stub when DRAM base is not 2MB aligned
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABCgAGBQJWMlK9AAoJELescNyEwWM0iIcH/AmtOcTR9EZjwxD6szeF1/qg
 JuJCW7D0q2TNEw4Ed8TW8W3mSFPBuDWWbypxwpcV7pQZjBKpbDBTd79sdwAbRViZ
 mYGgV3NKt6BuChjxxMxnwRXYdF1J38bpFFyXslPue8zmnTkZ5EQ7IR2hMksX2+er
 KoPY4Gu0nSTaLD55jFfbtA3pMgoT9gRi+UsMGBseb03TLwAxEmYrtzZNTTMrDqbC
 BomRDbE/duOxnhigAMeWb0T/oHY66pZoEjy9YxsSd9HyqZ+l7MbMUkBRkuXj3g5O
 9XLsbBWauKp3nGUgBaxu76JovJhbveWaSB4fBF6t5G2WoP47wFjfxhWxpDg6B3Y=
 =3Rb/
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "Apologies for this being so late, but we've uncovered a few nasty
  issues on arm64 which didn't settle down until yesterday and the fixes
  all look suitable for 4.3.  Of the four patches, three of them are
  Cc'd to stable, with the remaining patch fixing an issue that only
  took effect during the merge window.

  Summary:

   - Fix corruption in SWP emulation when STXR fails due to contention
   - Fix MMU re-initialisation when resuming from a low-power state
   - Fix stack unwinding code to match what ftrace expects
   - Fix relocation code in the EFI stub when DRAM base is not 2MB aligned"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64/efi: do not assume DRAM base is aligned to 2 MB
  Revert "ARM64: unwind: Fix PC calculation"
  arm64: kernel: fix tcr_el1.t0sz restore on systems with extended idmap
  arm64: compat: fix stxr failure case in SWP emulation
2015-10-30 16:57:55 -07:00
Linus Torvalds
7c0f488fbe Missed adding the kcmp() syscall a long time ago. Now it seems
that it is essential to build systemd.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWMUTSAAoJEKurIx+X31iBgd0QALJD5i2Kqn0UawF0oFLJ7VQx
 PFp4SFjhPB1Dsolxh4oR8gdMCHBWnxl3TcOeotAD/6OzkQX2FTaDYO3rV/blTsfy
 ZfAJOifio4mforhe5IbiHHUNNjqgOcm6/RLVxuJr8a62Y+M2GMDOQ/gSRhOmGCoe
 9Nvbn0FnZisETOvVaYv17AFjLrnuGq2cwozuLyVoIFqOMQV7M6gwK/KH4NDo97nl
 ytL8KihNLNrL7ErbUfU3RdmGmTYqlVUE1dk0iFHV/tmfSKpIakjPHP/AKmpEzgLb
 +niBzZszCYjvv1f63uHl+/tsq6v3Pv01EHmbrKrcGN2S5/mC2drrnq09Q59BEqoK
 AOiZrjYPBWuPIZQOlDbtF+g1xxQX28tGY3Lf1Z2QQnnNqXZqdzGTrzaOe7UHu1xC
 cCOyF2MxJrs8Dfbj/ZaciSNW52b7lNaNlj4cCMx3a7JY3C/pj3jYlYZ7qyuZ/rfE
 h/AtR9vNWR1vSeS9TBJkn2tu2Xo22ydH9pvMO2HX3s9zV6sMAEw2hhvrvWYoenyF
 +KkbfQy3P6FNpGNmVYSZogPkoC5oJaR1o+jWetDX291wH6E8bZOznzWvFt5e1WgH
 QhKnuTidYhOvjG0jeZLTmjoQDvZy/I+rIinmA83NLa66vWTY70LjXNYWWTF1V/mz
 3WjnDYq9TBiS259cfDdO
 =gyuX
 -----END PGP SIGNATURE-----

Merge tag 'please-pull-syscalls' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux

Pull ia64 kcmp syscall from Tony Luck:
 "Missed adding the kcmp() syscall a long time ago.  Now it seems that
  it is essential to build systemd"

* tag 'please-pull-syscalls' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  [IA64] Wire up kcmp syscall
2015-10-30 16:56:44 -07:00
Ard Biesheuvel
73effccb91 arm64/efi: do not assume DRAM base is aligned to 2 MB
The current arm64 Image relocation code in the UEFI stub assumes that
the dram_base argument it receives is always a multiple of 2 MB. In
reality, it is simply the lowest start address of all RAM entries in
the UEFI memory map, which means it could be any multiple of 4 KB.

Since the arm64 kernel Image needs to reside TEXT_OFFSET bytes beyond
a 2 MB aligned base, or it will fail to boot, make sure we round dram_base
to 2 MB before using it to calculate the relocation address.

Fixes: e38457c361 ("arm64: efi: prefer AllocatePages() over efi_low_alloc() for vmlinux")
Reported-by: Timur Tabi <timur@codeaurora.org>
Tested-by: Timur Tabi <timur@codeaurora.org>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2015-10-29 16:10:58 +00:00
Émeric MASCHINO
d305c47734 [IA64] Wire up kcmp syscall
systemd > 218 fails to compile on ia64 with:

     error: ‘__NR_kcmp’ undeclared [1].

I've been told that this is because the kcmp syscall hasn't been wired up
for the ia64 arch [2].

The proposed patch thus wire up the kcmp syscall for the ia64 arch.

[1] https://bugs.gentoo.org/show_bug.cgi?id=560492
[2] https://bugs.gentoo.org/show_bug.cgi?id=560492#c17

Signed-off-by: Émeric MASCHINO <emeric.maschino@gmail.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2015-10-28 14:22:59 -07:00
Will Deacon
9702970c7b Revert "ARM64: unwind: Fix PC calculation"
This reverts commit e306dfd06f.

With this patch applied, we were the only architecture making this sort
of adjustment to the PC calculation in the unwinder. This causes
problems for ftrace, where the PC values are matched against the
contents of the stack frames in the callchain and fail to match any
records after the address adjustment.

Whilst there has been some effort to change ftrace to workaround this,
those patches are not yet ready for mainline and, since we're the odd
architecture in this regard, let's just step in line with other
architectures (like arch/arm/) for now.

Cc: <stable@vger.kernel.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2015-10-28 17:07:07 +00:00
Lorenzo Pieralisi
e13d918a19 arm64: kernel: fix tcr_el1.t0sz restore on systems with extended idmap
Commit dd006da216 ("arm64: mm: increase VA range of identity map")
introduced a mechanism to extend the virtual memory map range
to support arm64 systems with system RAM located at very high offset,
where the identity mapping used to enable/disable the MMU requires
additional translation levels to map the physical memory at an equal
virtual offset.

The kernel detects at boot time the tcr_el1.t0sz value required by the
identity mapping and sets-up the tcr_el1.t0sz register field accordingly,
any time the identity map is required in the kernel (ie when enabling the
MMU).

After enabling the MMU, in the cold boot path the kernel resets the
tcr_el1.t0sz to its default value (ie the actual configuration value for
the system virtual address space) so that after enabling the MMU the
memory space translated by ttbr0_el1 is restored as expected.

Commit dd006da216 ("arm64: mm: increase VA range of identity map")
also added code to set-up the tcr_el1.t0sz value when the kernel resumes
from low-power states with the MMU off through cpu_resume() in order to
effectively use the identity mapping to enable the MMU but failed to add
the code required to restore the tcr_el1.t0sz to its default value, when
the core returns to the kernel with the MMU enabled, so that the kernel
might end up running with tcr_el1.t0sz value set-up for the identity
mapping which can be lower than the value required by the actual virtual
address space, resulting in an erroneous set-up.

This patchs adds code in the resume path that restores the tcr_el1.t0sz
default value upon core resume, mirroring this way the cold boot path
behaviour therefore fixing the issue.

Cc: <stable@vger.kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Fixes: dd006da216 ("arm64: mm: increase VA range of identity map")
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: James Morse <james.morse@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2015-10-28 17:07:07 +00:00
Will Deacon
589cb22bbe arm64: compat: fix stxr failure case in SWP emulation
If the STXR instruction fails in the SWP emulation code, we leave *data
overwritten with the loaded value, therefore corrupting the data written
by a subsequent, successful attempt.

This patch re-jigs the code so that we only write back to *data once we
know that the update has happened.

Cc: <stable@vger.kernel.org>
Fixes: bd35a4adc4 ("arm64: Port SWP/SWPB emulation support from arm")
Reported-by: Shengjiu Wang <shengjiu.wang@freescale.com>
Reported-by: Vladimir Murzin <vladimir.murzin@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2015-10-28 17:06:35 +00:00
Linus Torvalds
8a28d67457 powerpc fixes for 4.3 #5
- powerpc/dma: dma_set_coherent_mask() should not be GPL only from Ben
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWMFthAAoJEFHr6jzI4aWAZFkP/1Ci8cgh0GIfdN3wafi85pIe
 dhSBicWpHPpwnvcaD+ab/Q73/nfub6NKTpMasBankf53SYUWmPptwu+Gs0lv7GVv
 Q1AjOEP0vhcBVxhXNJpOWDGFyt5wez4BevqWpmPuz9MEy7PCpgevQJjPEsG8qnzh
 BfUvDkWAOjA6jX3mTyZQyefZECGPhDsM31eGYvkFQRB6Ui1KKbYbFMncjjTtBfjW
 fiUnKShJZIcVtpImGg6WQRKjRaT7uJzmFOLUclv/7dDoT8hLztiiLP44zX+kvJtF
 AyCBSQI/LOrQE826YpF93Vq6WZVvzNQZaPIHPC2pj1WIF6Q/gTTng5T16jODX+QI
 ldQ96sLr9WA49UaS6JakA7iv/OhRXUlRO6qyow8I+1XQdoY5yuVyXct9NpQ3A9J6
 lOw7d8o4RuMaGqMx5nUcyDrv/NICYuuyaikDe+8GY4Df6FG6Aepit1WO6BcDkrfC
 FrnQ+XROmvNoKbVRYYhJZRhEqz1PJJwOmCtNYNzjiJXfgKNknYPBfoBXqx8XeDxl
 VTyxer8V/wMP50X+SIg558YqNIXMj9ZA7fU5xnN4Y7MbHC5DEBnVX9nmc0J5PjTF
 t36S+cm1BeG44/LTSrH66DwsnWce0xo0doK7wBx+CKSGXVciu1VPn59upL1UtX5z
 WnyEnMm5NYc5aTGfZf+L
 =sFFh
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.3-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fix from Michael Ellerman:
 - powerpc/dma: dma_set_coherent_mask() should not be GPL only from Ben

* tag 'powerpc-4.3-6' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/dma: dma_set_coherent_mask() should not be GPL only
2015-10-28 18:59:53 +09:00
Benjamin Herrenschmidt
977bf062bb powerpc/dma: dma_set_coherent_mask() should not be GPL only
When turning this from inline to an exported function I was a bit
over-eager and made it GPL only. This prevents the use of pretty much
all non-GPL PCI driver which is a bit over the top. Let's bring it
back in line with other architecture.

Fixes: 817820b022 ("powerpc/iommu: Support "hybrid" iommu/direct DMA ops for coherent_mask < dma_mask")
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-10-28 14:20:50 +09:00
Linus Torvalds
23d88271b4 Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
 "Two fixes for ARM and one for clkdev:

   - Fix another build issue with vdsomunge on non-glibc systems
   - Fix a randconfig build error caused by an invalid configuration
   - Fix a clkdev problem causing the Nokia n700 to no longer boot"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  clkdev: fix clk_add_alias() with a NULL alias device name
  ARM: 8445/1: fix vdsomunge not to depend on glibc specific byteswap.h
  ARM: make RiscPC depend on MMU
2015-10-28 07:24:53 +09:00
Werner Pawlitschko
ababae4410 x86/ioapic: Prevent NULL pointer dereference in setup_ioapic_dest()
Commit 4857c91f0d changed the way how irq affinity is setup in
setup_ioapic_dest() from using the core helper function to
unconditionally calling the irq_set_affinity() callback of the
underlying irq chip.

That results in a NULL pointer dereference for the rare case where the
underlying irq chip is lapic_chip which has no irq_set_affinity()
callback. lapic_chip is occasionally used for the timer interrupt (irq
0).

The fix is simple: Check the availability of the callback instead of
calling it unconditionally.

Fixes: 4857c91f0d "x86/ioapic: Force affinity setting in setup_ioapic_dest()"
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
2015-10-27 09:18:34 +09:00
Ville Syrjälä
298a96c12b x86/dma-mapping: Fix arch_dma_alloc_attrs() oops with NULL dev
Commit 6894258eda broke drivers that pass NULL as the device pointer
to dma_alloc. The reason is that arch_dma_alloc_attrs() now calls
dma_alloc_coherent_gfp_flags() which in turn calls
dma_alloc_coherent_mask(), where the device pointer is dereferenced
unconditionally.

Fix things by moving the ISA DMA fallback device assignment before the
call to dma_alloc_coherent_gfp_flags().

Fixes: 6894258eda ("dma-mapping: consolidate dma_{alloc,free}_{attrs,coherent}")
Reported-and-tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Christoph Hellwig <hch@lst.de>
Link: http://lkml.kernel.org/r/1445807503-8920-1-git-send-email-ville.syrjala@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2015-10-26 14:59:36 +09:00
Linus Torvalds
0386729247 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Misc fixes: two KASAN fixes, two EFI boot fixes, two boot-delay
  optimization fixes, and a fix for a IRQ handling hang observed on
  virtual platforms"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/mm, kasan: Silence KASAN warnings in get_wchan()
  compiler, atomics, kasan: Provide READ_ONCE_NOCHECK()
  x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels
  x86/smpboot: Fix CPU #1 boot timeout
  x86/smpboot: Fix cpu_init_udelay=10000 corner case boot parameter misbehavior
  x86/ioapic: Disable interrupts when re-routing legacy IRQs
  x86/setup: Extend low identity map to cover whole kernel range
  x86/efi: Fix multiple GOP device support
2015-10-23 22:34:32 +09:00
Linus Torvalds
a2c01ed5d4 powerpc fixes for 4.3 #4
- Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8" from Paul
  - Handle irq_happened flag correctly in off-line loop from Paul
  - Validate rtas.entry before calling enter_rtas() from Vasant
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWKakXAAoJEFHr6jzI4aWAqwsP/22a8aq7SPuPaCK/c7u84aHg
 UkzYNdrC+osDvnrydqyJsmIojVLX+AsJ7TCbBZFaJ6oOuew9bVzmZ5mfNvOVn86H
 dCH2GMr4NbWbkO3SaFi6ZTUVGl7JyjEhf3uCtKGssa2+Do8FubK6Y88L1rhzFFdz
 l1Dx3Jp8CpGKcByQfwYyaNZhC/GEZ06pY36d362mLnyctxcQRYr5l+8boDH81nyE
 f89RE7baNPYOL0YOhZAh3ZilBrZ8DIAaesMXU8LUKFbLTBgWfVPkDy3l5a2m47oP
 V/Yi+oEQBkL/3Itth57iGWpl8vVkzF2MTu8Aep3BzHJXqXCliTzVVdXETW6NCdut
 Nss0xtnNdM18+0mhG3LzzdoZGi/Zb0SYz8j+nY5vE2nf7FDVFkAZzKHeW822zNaV
 A1PLJa+ei4jVhKtTp4wETjpUi+kw+ikM+rR1L1/+IKHbriLsRrj7Zw3xo6Em1KVq
 cI2g7DZLSzptIprxbEv9rNhb1VlBot4jc4mmGhmyMlwKDkpCxRkYVv+Ilfi6jCSc
 6llKTZfKqEV+0sXO6QISv8wfiye84jVTKOlkpQLvpugz9rBTpq8apmInVh4AHF2b
 wDRgs/iyOSZuz+UiPEHHXbW7ZfF2F7lqxxtQgJefiWLDsvBbsfnVTyDJsKibvWzb
 lxorlKx/tH/q4pNBjmoB
 =K7eA
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:

 - Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on
   POWER8" from Paul
 - Handle irq_happened flag correctly in off-line loop from Paul
 - Validate rtas.entry before calling enter_rtas() from Vasant

* tag 'powerpc-4.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/rtas: Validate rtas.entry before calling enter_rtas()
  powerpc/powernv: Handle irq_happened flag correctly in off-line loop
  powerpc: Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8"
2015-10-23 18:49:51 +09:00
Linus Torvalds
d0ddf980d6 ARM: SoC fixes for 4.3-rc
Most of the changes this time are for incorrect device nodes in various
 ways, on on imx, berlin, exynos, ux500, uniphier, omap and meson.
 
 Chen-Yu Tsai now co-maintains mach-sunxi (Allwinner).
 
 Other bug fixes include
  * a partial revert of a broken tegra gpio patch
  * irq affinity for arm ccn
  * suspend on one Armada 385 machine
  * enable ZONE_DMA to avoid an OMAP crash for over 2GB RAM
  * turning on a regulator on beagleboard-x15 for HDMI
  * making the omap gpmc debug code visible
  * setup of orion network switch
  * a rare build regression for pxa
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAVikCQmCrR//JCVInAQJFyw//e7DkURra1xRIHx2gh2oE3w13FSM492w9
 iCshJLDjRjRJ37S8m9ipjr7MCR6l4jzaB/TUJIjhS7eyRr9oIvuWRb5+sPMiUop6
 y5vd4vlmhcD2sE5vmG+GLlFLozPcMNSxsq95DjirxiCuCkbKzkeaHpTwjKf08DdI
 FFIYTsDhsKiVqh2L92y9y8ZqS6l76Z2llWt97FV8WG8/y3FX9T/kM5uC9TrS5tb8
 GggGk2Pm/LZas5CPH+yc9ihQ1lbdkCkPbZNwlYjutmm0axiIC1BojmYZSrsR6obd
 8Phwc7DkSbnPM8qAfvxmeyxvF2Th/ArNnVcrrEoavltGg6t3WPFgjiGXmXBU/IOw
 B+UwxzS1LmNdJMTOttVkr/XJR28mNqg9yMbwR5DKkzqbs2dxUVJbZV1DX9sbYPfx
 7JYdfkh/Tw2G+xeZEz157w16xPBxVK7toGIrVCPRpPXSANvF6P/QzPpJ09Wo4Fjp
 LVD2HTDmye2lNyLK5qq1Q1kIzueb7Jktf70XJZNk1p/8r9xUOhjaVHqAyfDtNZNe
 lLQtscQtx6BG2cv1bDaNaznFIzfJ9y1c+4odCILzi28V2Ji2qQ4SQ74jjVeAhsUc
 5Lm58P9a8YY++gmwwgh1a6l45zB/3d+/UTdD08F3lz6Jt0gKSZhSxni3QkvfAibd
 NB4FSTL0gLo=
 =3g0Z
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Arnd Bergmann:
 "Most of the changes this time are for incorrect device nodes in
  various ways, on on imx, berlin, exynos, ux500, uniphier, omap and
  meson.

  Chen-Yu Tsai now co-maintains mach-sunxi (Allwinner).

  Other bug fixes include
   - a partial revert of a broken tegra gpio patch
   - irq affinity for arm ccn
   - suspend on one Armada 385 machine
   - enable ZONE_DMA to avoid an OMAP crash for over 2GB RAM
   - turning on a regulator on beagleboard-x15 for HDMI
   - making the omap gpmc debug code visible
   - setup of orion network switch
   - a rare build regression for pxa"

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (22 commits)
  ARM: OMAP2+: Fix imprecise external abort caused by bogus SRAM init
  thermal: exynos: Fix register read in TMU
  ARM: OMAP2+: Fix oops with LPAE and more than 2GB of memory
  ARM: tegra: Comment out gpio-ranges properties
  ARM: dts: uniphier: fix IRQ number for devices on PH1-LD6b ref board
  drivers/perf: arm_pmu: avoid CPU device_node reference leak
  bus: arm-ccn: Fix irq affinity setting on CPU migration
  bus: arm-ccn: Handle correctly no-more-cpus case
  ARM: mvebu: correct a385-db-ap compatible string
  ARM: meson6: DTS: Fix wrong reg mapping and IRQ numbers
  MAINTAINERS: Update Allwinner entry and add new maintainer
  ARM: ux500: modify initial levelshifter status
  ARM: pxa: fix pxa3xx DFI lockup hack
  Documentation: ARM: List new omap MMC requirements
  memory: omap-gpmc: dump "before" state before first modification
  memory: omap-gpmc: Fix unselectable debug option for GPMC
  ARM: dts: am57xx-beagle-x15: set VDD_SD to always-on
  ARM: dts: Fix audio card detection on Peach boards
  ARM: EXYNOS: Fix double of_node_put() when parsing child power domains
  ARM: orion: Fix DSA platform device after mvmdio conversion
  ...
2015-10-23 18:38:00 +09:00
Linus Torvalds
2c44f4f035 Bug fixes for ARM, mostly 4.3 regressions related to virtual
interrupt controller changes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJWKRFfAAoJEL/70l94x66D/uYH/0nX/eOe6HNfL+vgbW4Eewdy
 NqRArxqYIzWnjtbkpima5xLGbTpF+2pEh3148kz5ho8ptSnE8QbwmZPo9mKYfMDP
 2zWu/x8kcVPs48teFooQjtVbLPHn8l95XxFiakyffa3GfarcsO1DCMdZgRwEm7Q1
 TvyqylHQU06sBHDq50/SzP65KfvxPhA49V65X3Uq95rAZ2oyJBksLKTTeoJVUFxf
 dl9S2yqpJ1zSYpoBGi35BsDIUAtxOnDX30fH5VyS9sDAUjFMaeA2n3FWU05sLkuQ
 DjO6ugqU9UVQLE5Ez71Ymk0UYxtxX6ft8i8+OfOWaxYS6PfQfXxXBrsxgFRY0kA=
 =cowb
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM bugfixes from Paolo Bonzini:
 "Bug fixes for ARM, mostly 4.3 regressions related to virtual interrupt
  controller changes"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  arm/arm64: KVM: Fix disabled distributor operation
  arm/arm64: KVM: Clear map->active on pend/active clear
  arm/arm64: KVM: Fix arch timer behavior for disabled interrupts
  KVM: arm: use GIC support unconditionally
  KVM: arm/arm64: Fix memory leak if timer initialization fails
  KVM: arm/arm64: Do not inject spurious interrupts
2015-10-23 18:32:29 +09:00
Sudeep Holla
4db7062c9a ARM: dts: fix gpio-keys wakeup-source property
The keyboard driver for GPIO buttons(gpio-keys) checks for one of the
two boolean properties to enable gpio buttons as wakeup source:
1. "wakeup-source" or
2. the legacy "gpio-key,wakeup"

However juno, ste-snowball and emev2-kzm9d dts file have a undetected
"wakeup" property to indictate the wakeup source.

This patch fixes it by making use of "wakeup-source" property.

Cc: Magnus Damm <magnus.damm@gmail.com>
Acked-by: Simon Horman <horms@verge.net.au>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2015-10-22 09:53:57 -07:00
Vasant Hegde
8832317f66 powerpc/rtas: Validate rtas.entry before calling enter_rtas()
Currently we do not validate rtas.entry before calling enter_rtas(). This
leads to a kernel oops when user space calls rtas system call on a powernv
platform (see below). This patch adds code to validate rtas.entry before
making enter_rtas() call.

  Oops: Exception in kernel mode, sig: 4 [#1]
  SMP NR_CPUS=1024 NUMA PowerNV
  task: c000000004294b80 ti: c0000007e1a78000 task.ti: c0000007e1a78000
  NIP: 0000000000000000 LR: 0000000000009c14 CTR: c000000000423140
  REGS: c0000007e1a7b920 TRAP: 0e40   Not tainted  (3.18.17-340.el7_1.pkvm3_1_0.2400.1.ppc64le)
  MSR: 1000000000081000 <HV,ME>  CR: 00000000  XER: 00000000
  CFAR: c000000000009c0c SOFTE: 0
  NIP [0000000000000000]           (null)
  LR [0000000000009c14] 0x9c14
  Call Trace:
  [c0000007e1a7bba0] [c00000000041a7f4] avc_has_perm_noaudit+0x54/0x110 (unreliable)
  [c0000007e1a7bd80] [c00000000002ddc0] ppc_rtas+0x150/0x2d0
  [c0000007e1a7be30] [c000000000009358] syscall_exit+0x0/0x98

Cc: stable@vger.kernel.org # v3.2+
Fixes: 55190f8878 ("powerpc: Add skeleton PowerNV platform")
Reported-by: NAGESWARA R. SASTRY <nasastry@in.ibm.com>
Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com>
[mpe: Reword change log, trim oops, and add stable + fixes]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-10-22 11:03:25 +11:00
Paolo Bonzini
ad355e383d A late round of KVM/ARM fixes for v4.3-rc7, fixing:
- A bug where level-triggered interrupts lowered from userspace
    are still routed to the guest
  - A memory leak an a failed initialization path
  - A build error under certain configurations
  - Several timer bugs introduced with moving the timer to the active
    state handling instead of the masking trick.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEbBAABAgAGBQJWJmf7AAoJEEtpOizt6ddy35UH+NCAt1AInvQajAB1rzXzFSYh
 v9PQ5zJ7ZlP8M3HFYjerSl0HrGbi2Cwij5KYE+UAQkXIzCTTdDeB9TUSI/GYQ82M
 axel8Ob3deELp03nS5I+gP1NGX3HPDz445grScg7yl1lMs3uDy4viDDM8Vm8+HUX
 zZWGpDRHNW3b0myS5NVJvOP7Sm5t7DqklsNScZ04Nut7V8gYEUqEu+ZNKerIZkKn
 LrJUVYqqZf33bf6pWle95QZuNQtg84kion3qwWaNl+/8jFkAA8CODyvzar9VMHpf
 xA0xUkK1ERZ+hw2n0/BIgCxI4lXvROAx0YpZKnSMgEU5E5p5gGZYqlHCw8r1Rw==
 =VQSu
 -----END PGP SIGNATURE-----

Merge tag 'kvm-arm-for-v4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master

A late round of KVM/ARM fixes for v4.3-rc7, fixing:
 - A bug where level-triggered interrupts lowered from userspace
   are still routed to the guest
 - A memory leak an a failed initialization path
 - A build error under certain configurations
 - Several timer bugs introduced with moving the timer to the active
   state handling instead of the masking trick.
2015-10-21 17:46:56 +02:00
Arnd Bergmann
55f4129757 mvebu fixes for 4.3 (part 2)
Fix wrong compatible for A385 DB AP preventing using suspend
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iEYEABECAAYFAlYhNEwACgkQCwYYjhRyO9XX9gCgnabcvdHrfFqAD3IFICLCgkOM
 U1AAnReiDUjcUhz6oTl6I2+e3PLHY7RO
 =BkFw
 -----END PGP SIGNATURE-----

Merge tag 'mvebu-fixes-4.3-2' of git://git.infradead.org/linux-mvebu into fixes

Merge "mvebu fixes for 4.3 (part 2)" from Gregory CLEMENT:

Fix wrong compatible for A385 DB AP preventing using suspend

* tag 'mvebu-fixes-4.3-2' of git://git.infradead.org/linux-mvebu:
  ARM: mvebu: correct a385-db-ap compatible string
2015-10-21 17:03:37 +02:00
Arnd Bergmann
0690f4f2ef Samsung 2nd fixes for v4.3
- fix SOC detection of exynos thermal on exynos5260
 - fix audio card detection on Peach boards
 - fix double of_node_put() when parsing child power domains
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJWIYd6AAoJEA0Cl+kVi2xqgzAQAIoCxYnhMr8I1kiJwFaZ3AKT
 r28RFw1rAhD+u344/5uuMwkJdl15+ubXf/g0uCLSmXwSKeQgJdXfidYEhTpd4OUw
 iVT+F+J8U7z3SaIymEdHp3ACUiU3eb1cW3AfrCU5FPwdVfnvyE7Fp7XPdE9w7GX4
 fMs+qi5BbJP02jO+rHAc2HHHdylSQu5JH0HPIOgBCQVVLQzhs79E5LcrvF0DXc2d
 WmZ+14S/Hc+/heiqc6wGQ75fDdPOGMj8ISo5sx+G0TyCz0r2FXR+yDRrXwCESTtn
 DD7CeQ8GdHT5fUiylU7y0+75h8/i3mNav9+fqF33BcpnGe8LAcB9Q/rDemw9irWp
 baGArheUjeWsql8qVbb7SeOZdzxAHT8QUs+AAxcrxBmv+4yWGhBdvVQfMKVhVcoP
 glnYpxRs1FsODVSfQ4Wp25U4PY49iOB+oND86HkmOZdQI5VrnzxPH1i5nKKRbXB7
 ZjidX3IVuiJtXFcB2ybd5VLzD7Xe6mJE0jYG264u0oXm5IFXXh+dHnDy2fqCJ9OY
 Y0HZX/EOwbDh93H/E3xqItPnWKFW5pp17wG1kIV7pm07d1TQPDjT0D8SLcF37+TW
 X622hnU5D16+qa8mNq+CyG0DZQUteNAi4yf9WiKIswbmW2n581dlmRJpVjlfY90z
 l8AwHcVTybMV1/v8fAmb
 =J4IA
 -----END PGP SIGNATURE-----

Merge tag 'samsung-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes

Merge "Samsung 2nd fixes for v4.3" from Kukjin Kim:

- fix SOC detection of exynos thermal on exynos5260
- fix audio card detection on Peach boards
- fix double of_node_put() when parsing child power domains

* tag 'samsung-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
  thermal: exynos: Fix register read in TMU
  ARM: dts: Fix audio card detection on Peach boards
  ARM: EXYNOS: Fix double of_node_put() when parsing child power domains
2015-10-21 17:02:13 +02:00
Arnd Bergmann
6701ef0318 Fixes for omaps for v4.3-rc cycle:
- Fix oops with LPAE and moew than 2GB of memory by enabling
   ZONE_DMA for LPAE. Probably no need for stable on this one as we
   only recently ran into this with the mainline kernel
 
 - Fix imprecise external abort caused by bogus SRAM init. This affects
   dm814x recently merged, so no need for stable on this one AFAIK
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWJnm9AAoJEBvUPslcq6VzJHMP/i8DVa6R3OwssmGS3Cp/XKPV
 m1GCXReauql0oUfFR0baiVnBKL6x8jEHW91iQeV3b3cUz+8l3jL7Q4yc+voPyjHz
 ud890cId4wP54PWtDo4lpzDKi3lQkGBI+zJVAyWLfNPt97xcTh1yXW2HdDQ2Hlf4
 nyksDKI1CE42h22l5odB9i0yf7Y/XXl8CYl0ZggHV1XReKSZGveTf8+Qcd1uME2s
 ovLoxEOHDsmxwERXxeSw7Vw4MwefCBdXhKZf1a6l++/pyD/HqWNpJqpS+VEX4yaw
 9ZGT5wmTZQXzzAx60bfO9kokFaKzKiae1UYZusR1aoEKKvFwh8+7ziTTv5q8Do+s
 PRaeczB0tJA9OniwZaZEHNyckMgLlReH3PH5mwYV9DNNnG4LWRDjsx8LWDZ7lcjL
 HxvDjbB6Ir51jGCxa4GVH0NZy0NZ+UHFTMv6bgiEc3uO4PMu35syDXfLws4VJWXZ
 jC4bR2ShUbrAaGQj8R4aYQFus2MzXu58eqwceDGqeuf9M+wn10IO0/OaAXg5oPhk
 TfqB/6+yC8GjyWyRaKV7PrgJKsqcm4S9P2WCuZL+lU5GgnfSrFTb1+OBQl4BQFXD
 89Mj/oYOoKQd3qQFmsk2ZKwRqT9kLixKvih0bvkos4saOJipW2aNpLBTwNpQEpRk
 N9J0CUyn/p1tQEBVCJj5
 =EP6s
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v4.3/fixes-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes

Merge "Fixes for omaps for v4.3-rc cycle" from Tony Lindgren:

- Fix oops with LPAE and moew than 2GB of memory by enabling
  ZONE_DMA for LPAE. Probably no need for stable on this one as we
  only recently ran into this with the mainline kernel

- Fix imprecise external abort caused by bogus SRAM init. This affects
  dm814x recently merged, so no need for stable on this one AFAIK

* tag 'omap-for-v4.3/fixes-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: OMAP2+: Fix imprecise external abort caused by bogus SRAM init
  ARM: OMAP2+: Fix oops with LPAE and more than 2GB of memory
2015-10-21 17:01:14 +02:00
Paul Mackerras
53c656c413 powerpc/powernv: Handle irq_happened flag correctly in off-line loop
This fixes a bug where it is possible for an off-line CPU to fail to go
into a low-power state (nap/sleep/winkle), and to become unresponsive to
requests from the KVM subsystem to wake up and run a VCPU. What can
happen is that a maskable interrupt of some kind (external, decrementer,
hypervisor doorbell, or HMI) after we have called local_irq_disable() at
the beginning of pnv_smp_cpu_kill_self() and before interrupts are
hard-disabled inside power7_nap/sleep/winkle(). In this situation, the
pending event is marked in the irq_happened flag in the PACA. This
pending event prevents power7_nap/sleep/winkle from going to the
requested low-power state; instead they return immediately. We don't
deal with any of these pending event flags in the off-line loop in
pnv_smp_cpu_kill_self() because power7_nap et al. return 0 in this case,
so we will have srr1 == 0, and none of the processing to clear
interrupts or doorbells will be done.

Usually, the most obvious symptom of this is that a KVM guest will fail
with a console message saying "KVM: couldn't grab cpu N".

This fixes the problem by making sure we handle the irq_happened flags
properly. First, we hard-disable before the off-line loop. Once we have
hard-disabled, the irq_happened flags can't change underneath us. We
unconditionally clear the DEC and HMI flags: there is no processing of
timer interrupts while off-line, and the necessary HMI processing is all
done in lower-level code. We leave the EE and DBELL flags alone for the
first iteration of the loop, so that we won't fail to respond to a
split-core request that came in just before hard-disabling. Within the
loop, we handle external interrupts if the EE bit is set in irq_happened
as well as if the low-power state was interrupted by an external
interrupt. (We don't need to do the msgclr for a pending doorbell in
irq_happened, because doorbells are edge-triggered and don't remain
pending in hardware.) Then we clear both the EE and DBELL flags, and
once clear, they cannot be set again (until this CPU comes online again,
that is).

This also fixes the debug check to not be done when we just ran a KVM
guest or when the sleep didn't happen because of a pending event in
irq_happened.

Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-10-21 20:52:49 +11:00
Paul Mackerras
23316316c1 powerpc: Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8"
This reverts commit 9678cdaae9 ("Use the POWER8 Micro Partition
Prefetch Engine in KVM HV on POWER8") because the original commit had
multiple, partly self-cancelling bugs, that could cause occasional
memory corruption.

In fact the logmpp instruction was incorrectly using register r0 as the
source of the buffer address and operation code, and depending on what
was in r0, it would either do nothing or corrupt the 64k page pointed to
by r0.

The logmpp instruction encoding and the operation code definitions could
be corrected, but then there is the problem that there is no clearly
defined way to know when the hardware has finished writing to the
buffer.

The original commit attempted to work around this by aborting the
write-out before starting the prefetch, but this is ineffective in the
case where the virtual core is now executing on a different physical
core from the one where the write-out was initiated.

These problems plus advice from the hardware designers not to use the
function (since the measured performance improvement from using the
feature was actually mostly negative), mean that reverting the code is
the best option.

Fixes: 9678cdaae9 ("Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8")
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2015-10-21 20:50:30 +11:00
Arnd Bergmann
4a5d69b739 KVM: arm: use GIC support unconditionally
The vgic code on ARM is built for all configurations that enable KVM,
but the parent_data field that it references is only present when
CONFIG_IRQ_DOMAIN_HIERARCHY is set:

virt/kvm/arm/vgic.c: In function 'kvm_vgic_map_phys_irq':
virt/kvm/arm/vgic.c:1781:13: error: 'struct irq_data' has no member named 'parent_data'

This flag is implied by the GIC driver, and indeed the VGIC code only
makes sense if a GIC is present. This changes the CONFIG_KVM symbol
to always select GIC, which avoids the issue.

Fixes: 662d971584 ("arm/arm64: KVM: Kill CONFIG_KVM_ARM_{VGIC,TIMER}")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
2015-10-20 18:04:49 +02:00
Pavel Fedin
399ea0f6bc KVM: arm/arm64: Fix memory leak if timer initialization fails
Jump to correct label and free kvm_host_cpu_state

Reviewed-by: Wei Huang <wei@redhat.com>
Signed-off-by: Pavel Fedin <p.fedin@samsung.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
2015-10-20 18:04:48 +02:00
Andrey Ryabinin
f7d27c35dd x86/mm, kasan: Silence KASAN warnings in get_wchan()
get_wchan() is racy by design, it may access volatile stack
of running task, thus it may access redzone in a stack frame
and cause KASAN to warn about this.

Use READ_ONCE_NOCHECK() to silence these warnings.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
Cc: kasan-dev <kasan-dev@googlegroups.com>
Link: http://lkml.kernel.org/r/1445243838-17763-3-git-send-email-aryabinin@virtuozzo.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-10-20 11:04:19 +02:00
Linus Torvalds
be0e1987bc Merge branch 'for-linus-4.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml
Pull UML fixes from Richard Weinberger:
 "This contains four overdue UML regression fixes"

* 'for-linus-4.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml:
  um: Fix kernel mode fault condition
  um: Fix waitpid() usage in helper code
  um: Do not rely on libc to provide modify_ldt()
  um: Fix out-of-tree build
2015-10-20 16:20:53 +09:00
Richard Weinberger
56b88a3bf9 um: Fix kernel mode fault condition
We have to exclude memory locations <= PAGE_SIZE from
the condition and let the kernel mode fault path catch it.
Otherwise a kernel NULL pointer exception will be reported
as a kernel user space access.

Fixes: d2313084e2 (um: Catch unprotected user memory access)
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-10-19 22:53:37 +02:00
Richard Weinberger
6b1873371c um: Fix waitpid() usage in helper code
If UML is executing a helper program it is using
waitpid() with the __WCLONE flag to wait for the program
as the helper is executed from a clone()'ed thread.
While using __WCLONE is perfectly fine for clone()'ed
childs it won't detect terminated childs if the helper
has issued an execve().

We have to use __WALL to wait for both clone()'ed and
regular childs to detect the termination before and
after an execve().

Reported-and-tested-by: Thomas Meyer <thomas@m3y3r.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-10-19 22:53:37 +02:00
Hans-Werner Hilse
37e81a016c um: Do not rely on libc to provide modify_ldt()
modify_ldt() was declared as an external symbol. Despite the man
page for this syscall telling that there is no wrapper in glibc,
since version 2.1 there actually is, so linking to the glibc
works.

Since modify_ldt() is not a POSIX interface, other libc
implementations do not always provide a wrapper function.
Even glibc headers do not provide a corresponding declaration.

So go the recommended way to call this using syscall().

Signed-off-by: Hans-Werner Hilse <hwhilse@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-10-19 22:53:37 +02:00
Richard Weinberger
0b5aedfe0e um: Fix out-of-tree build
Commit 30b11ee9a (um: Remove copy&paste code from init.h)
uncovered an issue wrt. out-of-tree builds.
For out-of-tree builds, we must not rely on relative paths.
Before 30b11ee9a it worked by chance as no host code included
generated header files.

Acked-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-10-19 22:53:36 +02:00
Linus Torvalds
1099f86044 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Account for extra headroom in ath9k driver, from Felix Fietkau.

 2) Fix OOPS in pppoe driver due to incorrect socket state transition,
    from Guillaume Nault.

 3) Kill memory leak in amd-xgbe debugfx, from Geliang Tang.

 4) Power management fixes for iwlwifi, from Johannes Berg.

 5) Fix races in reqsk_queue_unlink(), from Eric Dumazet.

 6) Fix dst_entry usage in ARP replies, from Jiri Benc.

 7) Cure OOPSes with SO_GET_FILTER, from Daniel Borkmann.

 8) Missing allocation failure check in amd-xgbe, from Tom Lendacky.

 9) Various resource allocation/freeing cures in DSA< from Neil
    Armstrong.

10) A series of bug fixes in the openvswitch conntrack support, from
    Joe Stringer.

11) Fix two cases (BPF and act_mirred) where we have to clean the sender
    cpu stored in the SKB before transmitting.  From WANG Cong and
    Alexei Starovoitov.

12) Disable VLAN filtering in promiscuous mode in mlx5 driver, from
    Achiad Shochat.

13) Older bnx2x chips cannot do 4-tuple UDP hashing, so prevent this
    configuration via ethtool.  From Yuval Mintz.

14) Don't call rt6_uncached_list_flush_dev() from rt6_ifdown() when
    'dev' is NULL, from Eric Biederman.

15) Prevent stalled link synchronization in tipc, from Jon Paul Maloy.

16) kcalloc() gstrings ethtool buffer before having driver fill it in,
    in order to prevent kernel memory leaking.  From Joe Perches.

17) Fix mixxing rt6_info initialization for blackhole routes, from
    Martin KaFai Lau.

18) Kill VLAN regression in via-rhine, from Andrej Ota.

19) Missing pfmemalloc check in sk_add_backlog(), from Eric Dumazet.

20) Fix spurious MSG_TRUNC signalling in netlink dumps, from Ronen Arad.

21) Scrube SKBs when pushing them between namespaces in openvswitch,
    from Joe Stringer.

22) bcmgenet enables link interrupts too early, fix from Florian
    Fainelli.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (92 commits)
  net: bcmgenet: Fix early link interrupt enabling
  tunnels: Don't require remote endpoint or ID during creation.
  openvswitch: Scrub skb between namespaces
  xen-netback: correctly check failed allocation
  net: asix: add support for the Billionton GUSB2AM-1G-B USB adapter
  netlink: Trim skb to alloc size to avoid MSG_TRUNC
  net: add pfmemalloc check in sk_add_backlog()
  via-rhine: fix VLAN receive handling regression.
  ipv6: Initialize rt6_info properly in ip6_blackhole_route()
  ipv6: Move common init code for rt6_info to a new function rt6_info_init()
  Bluetooth: Fix initializing conn_params in scan phase
  Bluetooth: Fix conn_params list update in hci_connect_le_scan_cleanup
  Bluetooth: Fix remove_device behavior for explicit connects
  Bluetooth: Fix LE reconnection logic
  Bluetooth: Fix reference counting for LE-scan based connections
  Bluetooth: Fix double scan updates
  mlxsw: core: Fix race condition in __mlxsw_emad_transmit
  tipc: move fragment importance field to new header position
  ethtool: Use kcalloc instead of kmalloc for ethtool_get_strings
  tipc: eliminate risk of stalled link synchronization
  ...
2015-10-19 09:55:40 -07:00
H. Nikolaus Schaller
8a603f91cc ARM: 8445/1: fix vdsomunge not to depend on glibc specific byteswap.h
If the host toolchain is not glibc based then the arm kernel build
fails with

  HOSTCC  arch/arm/vdso/vdsomunge
  arch/arm/vdso/vdsomunge.c:48:22: fatal error: byteswap.h: No such file or directory

Observed: with omap2plus_defconfig and compile on Mac OS X with arm ELF
cross-compiler.

Reason: byteswap.h is a glibc only header.

Solution: replace by private byte-swapping macros (taken from
arch/mips/boot/elf2ecoff.c and kindly improved by Russell King)

Tested to compile on Mac OS X 10.9.5 host.

Signed-off-by: H. Nikolaus Schaller <hns@goldelico.com>
Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2015-10-19 17:07:32 +01:00
Tony Lindgren
57df538085 ARM: OMAP2+: Fix imprecise external abort caused by bogus SRAM init
Some omaps are producing imprecise external aborts because we are
wrongly trying to init SRAM for device tree based booting. Only
omap3 is still using the legacy SRAM code, so we need to make it
omap3 specific. Otherwise we can get errors like this on at least
dm814x:

Unhandled fault: imprecise external abort (0xc06) at 0xc08b156c
...
(omap_rev) from [<c08b12e0>] (omap_sram_init+0xf8/0x3e0)
(omap_sram_init) from [<c08aca0c>] (omap_sdrc_init+0x10/0xb0)
(omap_sdrc_init) from [<c08b581c>] (pdata_quirks_init+0x18/0x44)
(pdata_quirks_init) from [<c08b5478>] (omap_generic_init+0x10/0x1c)
(omap_generic_init) from [<c08a57e0>] (customize_machine+0x1c/0x40)
(customize_machine) from [<c00098a4>] (do_one_initcall+0x80/0x1dc)
(do_one_initcall) from [<c08a2ec4>] (kernel_init_freeable+0x218/0x2e8)
(kernel_init_freeable) from [<c063a554>] (kernel_init+0x8/0xec)
(kernel_init) from [<c000f890>] (ret_from_fork+0x14/0x24)

Let's fix the issue by making sure omap_sdrc_init only gets called for
omap3. To do that, we need to have compatible "ti,omap3" in the dts
files. And let's also use "ti,omap3630" instead of "ti,omap36xx" like
we're supposed to.

Signed-off-by: Tony Lindgren <tony@atomide.com>
2015-10-19 08:55:46 -07:00
Andrey Ryabinin
a75ca545e8 x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels
Declaration of memcpy() is hidden under #ifndef CONFIG_KMEMCHECK.
In asm/efi.h under #ifdef CONFIG_KASAN we #undef memcpy(), due to
which the following happens:

  In file included from arch/x86/kernel/setup.c:96:0:
  ./arch/x86/include/asm/desc.h: In function ‘native_write_idt_entry’:
  ./arch/x86/include/asm/desc.h:122:2: error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration]   memcpy(&idt[entry], gate, sizeof(*gate));
    ^
    cc1: some warnings being treated as errors
    make[2]: *** [arch/x86/kernel/setup.o] Error 1

We will get rid of that #undef in asm/efi.h eventually.
But in the meanwhile move memcpy() declaration out of #ifdefs
to fix the build.

Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1444994933-28328-1-git-send-email-aryabinin@virtuozzo.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-10-19 10:07:23 +02:00
Len Brown
fcafddec4e x86/smpboot: Fix CPU #1 boot timeout
The following commit:

  a9bcaa02a5 ("x86/smpboot: Remove SIPI delays from cpu_up()")

Caused some Intel Core2 processors to time-out when bringing up CPU #1,
resulting in the missing of that CPU after bootup.

That patch reduced the SIPI delays from udelay() 300, 200 to udelay() 0,
0 on modern processors.

Several Intel(R) Core(TM)2 systems failed to bring up CPU #1 10/10 times
after that change.

Increasing either of the SIPI delays to udelay(1) results in
success. So here we increase both to udelay(10).  While this may
be 20x slower than the absolute minimum, it is still 20x to 30x
faster than the original code.

Tested-by: Donald Parsons <dparsons@brightdsl.net>
Tested-by: Shane <shrybman@teksavvy.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dparsons@brightdsl.net
Cc: shrybman@teksavvy.com
Link: http://lkml.kernel.org/r/6dd554ee8945984d85aafb2ad35793174d068af0.1444968087.git.len.brown@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-10-19 09:14:41 +02:00
Len Brown
f1ccd24931 x86/smpboot: Fix cpu_init_udelay=10000 corner case boot parameter misbehavior
For legacy machines cpu_init_udelay defaults to 10,000.
For modern machines it is set to 0.

The user should be able to set cpu_init_udelay to
any value on the cmdline, including 10,000.

Before this patch, that was seen as "unchanged from default"
and thus on a modern machine, the user request was ignored
and the delay was set to 0.

Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: dparsons@brightdsl.net
Cc: shrybman@teksavvy.com
Link: http://lkml.kernel.org/r/de363cdbbcfcca1d22569683f7eb9873e0177251.1444968087.git.len.brown@intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-10-19 09:14:41 +02:00
Tony Lindgren
6a3b764b8d ARM: OMAP2+: Fix oops with LPAE and more than 2GB of memory
On boards with more than 2GB of RAM booting goes wrong with things not
working and we're getting lots of l3 warnings:

WARNING: CPU: 0 PID: 1 at drivers/bus/omap_l3_noc.c:147
l3_interrupt_handler+0x260/0x384()
44000000.ocp:L3 Custom Error: MASTER MMC6 TARGET DMM1 (Idle):
Data Access in User mode during Functional access
...
[<c044e158>] (scsi_add_host_with_dma) from [<c04705c8>]
(ata_scsi_add_hosts+0x5c/0x18c)
[<c04705c8>] (ata_scsi_add_hosts) from [<c046b13c>]
(ata_host_register+0x150/0x2cc)
[<c046b13c>] (ata_host_register) from [<c046b38c>]
(ata_host_activate+0xd4/0x124)
[<c046b38c>] (ata_host_activate) from [<c047f42c>]
(ahci_host_activate+0x5c/0x194)
[<c047f42c>] (ahci_host_activate) from [<c0480854>]
(ahci_platform_init_host+0x1f0/0x3f0)
[<c0480854>] (ahci_platform_init_host) from [<c047c9dc>]
(ahci_probe+0x70/0x98)
[<c047c9dc>] (ahci_probe) from [<c04220cc>]
(platform_drv_probe+0x54/0xb4)

Let's fix the issue by enabling ZONE_DMA for LPAE. Note that we need to
limit dma_zone_size to 2GB as the rest of the RAM is beyond the 4GB limit.

Let's also fix things for dra7 as done in similar patches in the TI tree
by Lokesh Vutla <lokeshvutla@ti.com>.

Reviewed-by: Lokesh Vutla <lokeshvutla@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2015-10-16 12:16:21 -07:00
Linus Torvalds
ebb65c81e1 powerpc fixes for 4.3 #3
- Re-enable CONFIG_SCSI_DH in our defconfigs
  - Remove unused os_area_db_id_video_mode
  - cxl: fix leak of IRQ names in cxl_free_afu_irqs() from Andrew
  - cxl: fix leak of ctx->irq_bitmap when releasing context via kernel API from Andrew
  - cxl: fix leak of ctx->mapping when releasing kernel API contexts from Andrew
  - cxl: Workaround malformed pcie packets on some cards from Philippe
  - cxl: Fix number of allocated pages in SPA from Christophe Lombard
  - Fix checkstop in native_hpte_clear() with lockdep from Cyril
  - Panic on unhandled Machine Check on powernv from Daniel
  - selftests/powerpc: Fix build failure of load_unaligned_zeropad test
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWIM0xAAoJEFHr6jzI4aWAsCIP/04uAiPCqWOwHjr8/eAlNAmJ
 GaA6b91QUUpBlyXgzYZShS/FQEnyukbGTUzaS3KwijOdRJtCHxvl2eG7pOCws+GS
 2YeA9mBm7MgYT0BJ+KLGCgrF5C/sc+LN3udO9Kf1LimLpp+fIILHgEmhrfy00wUp
 f7tJ/Rvpt23PmcCDX0PhA7NuOrRu5hQOQ9rsqJfzc7XObZAG1AfISPgALgaeAINc
 XqQfWiNFLmDJyhV9K39rUXSTvHYl6pPnfDj4GelfjQD2l/csH0M4MeGW2tHNkgVy
 CakLWOP3zdZVTYTcB8wypnoZxATPhEsHehJmQ4fu3n0WR1vHfCqh4rFZuPaaX0NG
 P3In0eOV285RIpNLcwkchN+07Ops1Fvi5XonaQpgHCcI9c4H7IAGPbQau2DhR9sU
 DyZQ+/6wNzpXbM7llM3VyTA2zvvyiuEzuIZI78XWexO/Ny6TCItRtEqJEXMA+ChX
 lKbLluRnQcnn5sizK0yj4mtkffAbu7Za1KGl1nm1Q/5pBQWsC40wFcRLNNdzqVmH
 7tSp8cIEYunCYKy5bAheWJTzpUgGD55EEcUkQFHVm5LKBXyA73qJRSMuLZqtnB3z
 g6eTiEKhZvVFedNMDNFnNWrvOnd8JpyjGLRAbqgwMhN+lgVvmwwSSB6V2SefMnuL
 HCSGqR40vPA9bH0Cz/ND
 =3ze+
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 - Re-enable CONFIG_SCSI_DH in our defconfigs
 - Remove unused os_area_db_id_video_mode
 - cxl: fix leak of IRQ names in cxl_free_afu_irqs() from Andrew
 - cxl: fix leak of ctx->irq_bitmap when releasing context via kernel API from Andrew
 - cxl: fix leak of ctx->mapping when releasing kernel API contexts from Andrew
 - cxl: Workaround malformed pcie packets on some cards from Philippe
 - cxl: Fix number of allocated pages in SPA from Christophe Lombard
 - Fix checkstop in native_hpte_clear() with lockdep from Cyril
 - Panic on unhandled Machine Check on powernv from Daniel
 - selftests/powerpc: Fix build failure of load_unaligned_zeropad test

* tag 'powerpc-4.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  selftests/powerpc: Fix build failure of load_unaligned_zeropad test
  powerpc/powernv: Panic on unhandled Machine Check
  powerpc: Fix checkstop in native_hpte_clear() with lockdep
  cxl: Fix number of allocated pages in SPA
  cxl: Workaround malformed pcie packets on some cards
  cxl: fix leak of ctx->mapping when releasing kernel API contexts
  cxl: fix leak of ctx->irq_bitmap when releasing context via kernel API
  cxl: fix leak of IRQ names in cxl_free_afu_irqs()
  powerpc/ps3: Remove unused os_area_db_id_video_mode
  powerpc/configs: Re-enable CONFIG_SCSI_DH
2015-10-16 12:07:43 -07:00
Linus Torvalds
3d875182d7 Merge branch 'akpm' (patches from Andrew)
Merge misc fixes from Andrew Morton:
 "6 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  sh: add copy_user_page() alias for __copy_user()
  lib/Kconfig: ZLIB_DEFLATE must select BITREVERSE
  mm, dax: fix DAX deadlocks
  memcg: convert threshold to bytes
  builddeb: remove debian/files before build
  mm, fs: obey gfp_mapping for add_to_page_cache()
2015-10-16 11:42:37 -07:00
Ross Zwisler
934ed25ea5 sh: add copy_user_page() alias for __copy_user()
copy_user_page() is needed by DAX.  Without this we get a compile error
for DAX on SH:

  fs/dax.c:280:2: error: implicit declaration of function `copy_user_page' [-Werror=implicit-function-declaration]
    copy_user_page(vto, (void __force *)vfrom, vaddr, to);
      ^

This was done with a random config that happened to include DAX support.

This patch has only been compile tested.

Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Matthew Wilcox <willy@linux.intel.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-16 11:42:28 -07:00
Vitaly Kuznetsov
c0ff971ef9 x86/ioapic: Disable interrupts when re-routing legacy IRQs
A sporadic hang with consequent crash is observed when booting Hyper-V Gen1
guests:

 Call Trace:
  <IRQ>
  [<ffffffff810ab68d>] ? trace_hardirqs_off+0xd/0x10
  [<ffffffff8107b616>] queue_work_on+0x46/0x90
  [<ffffffff81365696>] ? add_interrupt_randomness+0x176/0x1d0
  ...
  <EOI>
  [<ffffffff81471ddb>] ? _raw_spin_unlock_irqrestore+0x3b/0x60
  [<ffffffff810c295e>] __irq_put_desc_unlock+0x1e/0x40
  [<ffffffff810c5c35>] irq_modify_status+0xb5/0xd0
  [<ffffffff8104adbb>] mp_register_handler+0x4b/0x70
  [<ffffffff8104c55a>] mp_irqdomain_alloc+0x1ea/0x2a0
  [<ffffffff810c7f10>] irq_domain_alloc_irqs_recursive+0x40/0xa0
  [<ffffffff810c860c>] __irq_domain_alloc_irqs+0x13c/0x2b0
  [<ffffffff8104b070>] alloc_isa_irq_from_domain.isra.1+0xc0/0xe0
  [<ffffffff8104bfa5>] mp_map_pin_to_irq+0x165/0x2d0
  [<ffffffff8104c157>] pin_2_irq+0x47/0x80
  [<ffffffff81744253>] setup_IO_APIC+0xfe/0x802
  ...
  [<ffffffff814631c0>] ? rest_init+0x140/0x140

The issue is easily reproducible with a simple instrumentation: if
mdelay(10) is put between mp_setup_entry() and mp_register_handler() calls
in mp_irqdomain_alloc() Hyper-V guest always fails to boot when re-routing
IRQ0. The issue seems to be caused by the fact that we don't disable
interrupts while doing IOPIC programming for legacy IRQs and IRQ0 actually
happens. 

Protect the setup sequence against concurrent interrupts.

[ tglx: Make the protection unconditional and not only for legacy
  	interrupts ]

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Link: http://lkml.kernel.org/r/1444930943-19336-1-git-send-email-vkuznets@redhat.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2015-10-16 16:31:24 +02:00
Paolo Bonzini
f5f3497cad x86/setup: Extend low identity map to cover whole kernel range
On 32-bit systems, the initial_page_table is reused by
efi_call_phys_prolog as an identity map to call
SetVirtualAddressMap.  efi_call_phys_prolog takes care of
converting the current CPU's GDT to a physical address too.

For PAE kernels the identity mapping is achieved by aliasing the
first PDPE for the kernel memory mapping into the first PDPE
of initial_page_table.  This makes the EFI stub's trick "just work".

However, for non-PAE kernels there is no guarantee that the identity
mapping in the initial_page_table extends as far as the GDT; in this
case, accesses to the GDT will cause a page fault (which quickly becomes
a triple fault).  Fix this by copying the kernel mappings from
swapper_pg_dir to initial_page_table twice, both at PAGE_OFFSET and at
identity mapping.

For some reason, this is only reproducible with QEMU's dynamic translation
mode, and not for example with KVM.  However, even under KVM one can clearly
see that the page table is bogus:

    $ qemu-system-i386 -pflash OVMF.fd -M q35 vmlinuz0 -s -S -daemonize
    $ gdb
    (gdb) target remote localhost:1234
    (gdb) hb *0x02858f6f
    Hardware assisted breakpoint 1 at 0x2858f6f
    (gdb) c
    Continuing.

    Breakpoint 1, 0x02858f6f in ?? ()
    (gdb) monitor info registers
    ...
    GDT=     0724e000 000000ff
    IDT=     fffbb000 000007ff
    CR0=0005003b CR2=ff896000 CR3=032b7000 CR4=00000690
    ...

The page directory is sane:

    (gdb) x/4wx 0x32b7000
    0x32b7000:	0x03398063	0x03399063	0x0339a063	0x0339b063
    (gdb) x/4wx 0x3398000
    0x3398000:	0x00000163	0x00001163	0x00002163	0x00003163
    (gdb) x/4wx 0x3399000
    0x3399000:	0x00400003	0x00401003	0x00402003	0x00403003

but our particular page directory entry is empty:

    (gdb) x/1wx 0x32b7000 + (0x724e000 >> 22) * 4
    0x32b7070:	0x00000000

[ It appears that you can skate past this issue if you don't receive
  any interrupts while the bogus GDT pointer is loaded, or if you avoid
  reloading the segment registers in general.

  Andy Lutomirski provides some additional insight:

   "AFAICT it's entirely permissible for the GDTR and/or LDT
    descriptor to point to unmapped memory.  Any attempt to use them
    (segment loads, interrupts, IRET, etc) will try to access that memory
    as if the access came from CPL 0 and, if the access fails, will
    generate a valid page fault with CR2 pointing into the GDT or
    LDT."

  Up until commit 23a0d4e8fa ("efi: Disable interrupts around EFI
  calls, not in the epilog/prolog calls") interrupts were disabled
  around the prolog and epilog calls, and the functional GDT was
  re-installed before interrupts were re-enabled.

  Which explains why no one has hit this issue until now. ]

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reported-by: Laszlo Ersek <lersek@redhat.com>
Cc: <stable@vger.kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
[ Updated changelog. ]
2015-10-16 10:52:29 +01:00