summaryrefslogtreecommitdiffstats
path: root/arch
AgeCommit message (Collapse)AuthorFilesLines
2014-11-23uprobes, x86: Fix _TIF_UPROBE vs _TIF_NOTIFY_RESUMEAndy Lutomirski1-1/+1
x86 call do_notify_resume on paranoid returns if TIF_UPROBE is set but not on non-paranoid returns. I suspect that this is a mistake and that the code only works because int3 is paranoid. Setting _TIF_NOTIFY_RESUME in the uprobe code was probably a workaround for the x86 bug. With that bug fixed, we can remove _TIF_NOTIFY_RESUME from the uprobes code. Reported-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com> Acked-by: Borislav Petkov <bp@suse.de> Signed-off-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-11-23Merge branch 'x86-traps' (trap handling from Andy Lutomirski)Linus Torvalds6-84/+82
Merge x86-64 iret fixes from Andy Lutomirski: "This addresses the following issues: - an unrecoverable double-fault triggerable with modify_ldt. - invalid stack usage in espfix64 failed IRET recovery from IST context. - invalid stack usage in non-espfix64 failed IRET recovery from IST context. It also makes a good but IMO scary change: non-espfix64 failed IRET will now report the correct error. Hopefully nothing depended on the old incorrect behavior, but maybe Wine will get confused in some obscure corner case" * emailed patches from Andy Lutomirski <luto@amacapital.net>: x86_64, traps: Rework bad_iret x86_64, traps: Stop using IST for #SS x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in C
2014-11-23x86_64, traps: Rework bad_iretAndy Lutomirski2-26/+48
It's possible for iretq to userspace to fail. This can happen because of a bad CS, SS, or RIP. Historically, we've handled it by fixing up an exception from iretq to land at bad_iret, which pretends that the failed iret frame was really the hardware part of #GP(0) from userspace. To make this work, there's an extra fixup to fudge the gs base into a usable state. This is suboptimal because it loses the original exception. It's also buggy because there's no guarantee that we were on the kernel stack to begin with. For example, if the failing iret happened on return from an NMI, then we'll end up executing general_protection on the NMI stack. This is bad for several reasons, the most immediate of which is that general_protection, as a non-paranoid idtentry, will try to deliver signals and/or schedule from the wrong stack. This patch throws out bad_iret entirely. As a replacement, it augments the existing swapgs fudge into a full-blown iret fixup, mostly written in C. It's should be clearer and more correct. Signed-off-by: Andy Lutomirski <luto@amacapital.net> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-11-23x86_64, traps: Stop using IST for #SSAndy Lutomirski6-26/+8
On a 32-bit kernel, this has no effect, since there are no IST stacks. On a 64-bit kernel, #SS can only happen in user code, on a failed iret to user space, a canonical violation on access via RSP or RBP, or a genuine stack segment violation in 32-bit kernel code. The first two cases don't need IST, and the latter two cases are unlikely fatal bugs, and promoting them to double faults would be fine. This fixes a bug in which the espfix64 code mishandles a stack segment violation. This saves 4k of memory per CPU and a tiny bit of code. Signed-off-by: Andy Lutomirski <luto@amacapital.net> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-11-23x86_64, traps: Fix the espfix64 #DF fixup and rewrite it in CAndy Lutomirski2-32/+26
There's nothing special enough about the espfix64 double fault fixup to justify writing it in assembly. Move it to C. This also fixes a bug: if the double fault came from an IST stack, the old asm code would return to a partially uninitialized stack frame. Fixes: 3891a04aafd668686239349ea58f3314ea2af86b Signed-off-by: Andy Lutomirski <luto@amacapital.net> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-11-23Merge tag 'armsoc-for-rc6' of ↵Linus Torvalds30-38/+80
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "A collection of fixes this week: - A set of clock fixes for shmobile platforms - A fix for tegra that moves serial port labels to be per board. We're choosing to merge this for 3.18 because the labels will start being parsed in 3.19, and without this change serial port numbers that used to be stable since the dawn of time will change numbers. - A few other DT tweaks for Tegra. - A fix for multi_v7_defconfig that makes it stop spewing cpufreq errors on Arndale (Exynos)" * tag 'armsoc-for-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: multi_v7_defconfig: fix failure setting CPU voltage by enabling dependent I2C controller ARM: tegra: roth: Fix SD card VDD_IO regulator ARM: tegra: Remove eMMC vmmc property for roth/tn7 ARM: dts: tegra: move serial aliases to per-board ARM: tegra: Add serial port labels to Tegra124 DT ARM: shmobile: kzm9g legacy: Set i2c clks_per_count to 2 ARM: shmobile: r8a7740 dtsi: Correct IIC0 parent clock ARM: shmobile: r8a7790: Fix SD3CKCR address to device tree ARM: shmobile: r8a7740 legacy: Correct IIC0 parent clock ARM: shmobile: r8a7740 legacy: Add missing INTCA clock for irqpin module ARM: shmobile: r8a7790: Fix SD3CKCR address ARM: dts: sun6i: Re-parent ahb1_mux to pll6 as required by dma controller
2014-11-21Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linusLinus Torvalds10-20/+60
Pull MIPS fixes from Ralf Baechle: "More 3.18 fixes for MIPS: - backtraces were not quite working on on 64-bit kernels - loongson needs a different cache coherency setting - Loongson 3 is a MIPS64 R2 version but due to erratum we treat is an older architecture revision. - fix build errors due to undefined references to __node_distances for certain configurations. - fix instruction decodig in the jump label code. - for certain configurations copy_{from,to}_user destroy the content of $3 so that register needs to be marked as clobbed by the calling code. - Hardware Table Walker fixes. - fill the delay slot of the last instruction of memcpy otherwise whatever ends up there randomly might have undesirable effects. - ensure get_user/__get_user always zero the variable to be read even in case of an error" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: jump_label.c: Handle the microMIPS J instruction encoding MIPS: jump_label.c: Correct the span of the J instruction MIPS: Zero variable read by get_user / __get_user in case of an error. MIPS: lib: memcpy: Restore NOP on delay slot before returning to caller MIPS: tlb-r4k: Add missing HTW stop/start sequences MIPS: asm: uaccess: Add v1 register to clobber list on EVA MIPS: oprofile: Fix backtrace on 64-bit kernel MIPS: Loongson: Set Loongson-3's ISA level to MIPS64R1 MIPS: Loongson: Fix the write-combine CCA value setting MIPS: IP27: Fix __node_distances undefined error MIPS: Loongson3: Fix __node_distances undefined error
2014-11-21Merge branch 'for-linus' of ↵Linus Torvalds1-1/+1
git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux Pull powerpc fix from Michael Ellerman: "One fix from Scott, he says: This patch fixes a crash (introduced in v3.18-rc1) in the FSL MSI driver when threaded IRQs are enabled" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux: powerpc/fsl_msi: mark the msi cascade handler IRQF_NO_THREAD
2014-11-21Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds5-3/+31
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Thomas Gleixner: "Misc fixes: - gold linker build fix - noxsave command line parsing fix - bugfix for NX setup - microcode resume path bug fix - _TIF_NOHZ versus TIF_NOHZ bugfix as discussed in the mysterious lockup thread" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86, syscall: Fix _TIF_NOHZ handling in syscall_trace_enter_phase1 x86, kaslr: Handle Gold linker for finding bss/brk x86, mm: Set NX across entire PMD at boot x86, microcode: Update BSPs microcode on resume x86: Require exact match for 'noxsave' command line option
2014-11-21Merge branch 'perf-urgent-for-linus' of ↵Linus Torvalds2-5/+46
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Misc fixes: two Intel uncore driver fixes, a CPU-hotplug fix and a build dependencies fix" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel/uncore: Fix boot crash on SBOX PMU on Haswell-EP perf/x86/intel/uncore: Fix IRP uncore register offsets on Haswell EP perf: Fix corruption of sibling list with hotplug perf/x86: Fix embarrasing typo
2014-11-20x86, syscall: Fix _TIF_NOHZ handling in syscall_trace_enter_phase1Andy Lutomirski1-1/+1
TIF_NOHZ is 19 (i.e. _TIF_SYSCALL_TRACE | _TIF_NOTIFY_RESUME | _TIF_SINGLESTEP), not (1<<19). This code is involved in Dave's trinity lockup, but I don't see why it would cause any of the problems he's seeing, except inadvertently by causing a different path through entry_64.S's syscall handling. Signed-off-by: Andy Lutomirski <luto@amacapital.net> Cc: Don Zickus <dzickus@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Dave Jones <davej@redhat.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Link: http://lkml.kernel.org/r/a6cd3b60a3f53afb6e1c8081b0ec30ff19003dd7.1416434075.git.luto@amacapital.net Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-19ARM: multi_v7_defconfig: fix failure setting CPU voltage by enabling ↵Tyler Baker1-0/+1
dependent I2C controller This patch fixes a long standing issue introduced during the 3.16 merge window. Shortly after the merge, exynos5250-based arndale boards began to produce the following errors: kern.err kernel: exynos-cpufreq exynos-cpufreq: failed to set cpu voltage kern.err kernel: cpufreq: __target_index: Failed to change cpu frequency: -22 Further analysis revealed that the S5M8767 voltage regulator used on the exynos5250-based arndale board utilizes the S3C2410 I2C controller. If the S3C2410 I2C controller driver is not enabled, the S5M8767 voltage regulator fails to probe. Therefore a dependency exists between these two drivers. In the exynos_defconfig both CONFIG_REGULATOR_S5M8767 and CONFIG_I2C_S3C2410 options are enabled, and no errors are produced. However, in the multi_v7_defconfig only the CONFIG_REGULATOR_S5M8767 option is enabled and the errors are present. So let's enable the CONFIG_I2C_S3C2410 option in the multi_v7_defconfig to allow the S5M8767 voltage regulator to probe. Signed-off-by: Tyler Baker <tyler.baker@linaro.org> Acked-by: Kukjin Kim <kgene.kim@samsung.com> Signed-off-by: Kevin Hilman <khilman@linaro.org>
2014-11-19MIPS: jump_label.c: Handle the microMIPS J instruction encodingMaciej W. Rozycki2-10/+38
Implement the microMIPS encoding of the J instruction for the purpose of the static keys feature, fixing a crash early on in bootstrap as the kernel is unhappy seeing the ISA bit set in jump table entries. Make sure the ISA bit correctly reflects the instruction encoding chosen for the kernel, 0 for the standard MIPS and 1 for the microMIPS encoding. Also make sure the instruction to patch is a 32-bit NOP in the microMIPS mode as by default the 16-bit short encoding is assumed Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8516/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: jump_label.c: Correct the span of the J instructionMaciej W. Rozycki1-2/+2
Correct the check for the span of the 256MB segment addressable by the J instruction according to this instruction's semantics. The calculation of the jump target is applied to the address of the delay-slot instruction that immediately follows. Adjust the check accordingly by adding 4 to `e->code' that holds the address of the J instruction itself. Signed-off-by: Maciej W. Rozycki <macro@codesourcery.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8515/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: Zero variable read by get_user / __get_user in case of an error.Ralf Baechle1-1/+4
This wasn't happening in all cases. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: lib: memcpy: Restore NOP on delay slot before returning to callerMarkos Chandras1-0/+1
Commit cf62a8b8134dd3 ("MIPS: lib: memcpy: Use macro to build the copy_user code") switched to a macro in order to build the memcpy symbols in preparation for the EVA support. However, this commit also removed the NOP instruction after the 'jr ra' when returning back to the caller. This had no visible side-effects since the next instruction was a load to the t0 register which was already in the clobbered list, but it may have undesired effects in the future if some other code is introduced in between the .Ldone and the .Ll_exc_copy labels. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Cc: <stable@vger.kernel.org> # v3.15+ Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8512/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: tlb-r4k: Add missing HTW stop/start sequencesMarkos Chandras1-0/+4
HTW needs to stop and start again whenever the EntryHI register changes otherwise an inflight HTW operation might use the new EntryHI register for updating an old entry and that could lead to crashes or even a machine check exception. We fix this by ensuring the HTW has stop whenever the EntryHI register is about to change Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Cc: <stable@vger.kernel.org> # v3.17+ Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8511/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: asm: uaccess: Add v1 register to clobber list on EVAMarkos Chandras1-3/+4
When EVA is turned on and prefetching is being used in memcpy.S, the v1 register is being used as a helper register to the PREFE instruction. However, v1 ($3) was not in the clobber list, which means that the compiler did not preserve it across function calls, and that could corrupt the value of the register leading to all sorts of userland crashes. We fix this problem by using the DADDI_SCRATCH macro to define the clobbered register when CONFIG_EVA && CONFIG_CPU_HAS_PREFETCH are enabled. Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> Cc: <stable@vger.kernel.org> # v3.15+ Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8510/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: oprofile: Fix backtrace on 64-bit kernelAaro Koskinen1-1/+1
Fix incorrect cast that always results in wrong address for the new frame on 64-bit kernels. Signed-off-by: Aaro Koskinen <aaro.koskinen@nsn.com> Cc: stable@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8110/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: Loongson: Set Loongson-3's ISA level to MIPS64R1Huacai Chen2-3/+4
In CPU manual Loongson-3 is MIPS64R2 compatible, but during tests we found that its EI/DI instructions have problems. So we just set the ISA level to MIPS64R1. Signed-off-by: Huacai Chen <chenhc@lemote.com> Cc: John Crispin <john@phrozen.org> Cc: Steven J. Hill <Steven.Hill@imgtec.com> Cc: linux-mips@linux-mips.org Cc: Fuxin Zhang <zhangfx@lemote.com> Cc: Zhangjin Wu <wuzhangjin@gmail.com> Patchwork: https://patchwork.linux-mips.org/patch/8320/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: Loongson: Fix the write-combine CCA value settingHuacai Chen1-1/+1
All Loongson-2/3 processors support _CACHE_UNCACHED_ACCELERATED, not only Loongson-3A. Signed-off-by: Huacai Chen <chenhc@lemote.com> Cc: John Crispin <john@phrozen.org> Cc: Steven J. Hill <Steven.Hill@imgtec.com> Cc: linux-mips@linux-mips.org Cc: Fuxin Zhang <zhangfx@lemote.com> Cc: Zhangjin Wu <wuzhangjin@gmail.com> Patchwork: https://patchwork.linux-mips.org/patch/8319/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: IP27: Fix __node_distances undefined errorJames Cowgill1-0/+1
export the __node_distances symbol in the ip27 memory code to fix the build error: Building modules, stage 2. MODPOST 311 modules ERROR: "__node_distances" [drivers/block/nvme.ko] undefined! scripts/Makefile.modpost:90: recipe for target '__modpost' failed when building the kernel with: CONFIG_SGI_IP27=y CONFIG_BLK_DEV_NVME=m Signed-off-by: James Cowgill <James.Cowgill@imgtec.com> Cc: <stable@vger.kernel.org> # v3.15+ Reviewed-by: James Hogan <james.hogan@imgtec.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19MIPS: Loongson3: Fix __node_distances undefined errorJames Cowgill1-0/+1
export the __node_distances symbol in the loongson3 numa code to fix the build error: Building modules, stage 2. MODPOST 221 modules ERROR: "__node_distances" [drivers/block/nvme.ko] undefined! scripts/Makefile.modpost:90: recipe for target '__modpost' failed when building the kernel with: CONFIG_CPU_LOONGSON3=y CONFIG_NUMA=y CONFIG_BLK_DEV_NVME=m Signed-off-by: James Cowgill <James.Cowgill@imgtec.com> Cc: <stable@vger.kernel.org> # v3.17+ Reviewed-by: James Hogan <james.hogan@imgtec.com> Reviewed-by: Huacai Chen <chenhc@lemote.com> Cc: linux-mips@linux-mips.org Cc: Wei Yongjun <yongjun_wei@trendmicro.com.cn> Patchwork: https://patchwork.linux-mips.org/patch/8444/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-19Merge tag 'tegra-for-3.18-fixes-for-rc5' of ↵Arnd Bergmann23-32/+44
git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux into fixes Pull "ARM: tegra: Device tree fixes for v3.18-rc5" from Thierry Reding: This contains the serial port numbering fixes that are required for the serial port numbering to stay the same with or without the serial core making use of the aliases defined in DT. eMMC is also fixed for TN7 and Roth boards which were using the wrong regulators. * tag 'tegra-for-3.18-fixes-for-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tegra/linux: ARM: tegra: roth: Fix SD card VDD_IO regulator ARM: tegra: Remove eMMC vmmc property for roth/tn7 ARM: dts: tegra: move serial aliases to per-board ARM: tegra: Add serial port labels to Tegra124 DT Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2014-11-19Merge tag 'renesas-clock-fixes-for-v3.18' of ↵Arnd Bergmann2-3/+8
git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes Pull "Renesas ARM Based SoC Clock Fixes for v3.18" from Simon Horman: * Correct IIC0 parent clock for r8a7740 * Add missing INTCA clock for irqpin module for r8a7740 * Correct SD3CKCR address on r8a7790 * tag 'renesas-clock-fixes-for-v3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: ARM: shmobile: r8a7740 legacy: Correct IIC0 parent clock ARM: shmobile: r8a7740 legacy: Add missing INTCA clock for irqpin module ARM: shmobile: r8a7790: Fix SD3CKCR address Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2014-11-19Merge tag 'renesas-dt-fixes-for-v3.18' of ↵Arnd Bergmann2-3/+3
git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes Pull "Renesas ARM Based SoC DT Fixes for v3.18" from Simon Horman: * Correct IIC0 parent clock on r8a7740 * Correct SD3CKCR address to device tree on r8a7790 * tag 'renesas-dt-fixes-for-v3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: ARM: shmobile: r8a7740 dtsi: Correct IIC0 parent clock ARM: shmobile: r8a7790: Fix SD3CKCR address to device tree Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2014-11-19Merge tag 'renesas-soc-fixes-for-v3.18' of ↵Arnd Bergmann1-0/+20
git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes Pull "Renesas ARM Based SoC Fixes for v3.18" from Simon Horman: * Set i2c clks_per_count to 2 on kzm9g * tag 'renesas-soc-fixes-for-v3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: ARM: shmobile: kzm9g legacy: Set i2c clks_per_count to 2 Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2014-11-19Merge tag 'sunxi-fixes-for-3.18' of ↵Arnd Bergmann1-0/+4
git://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into fixes Merge "Allwinner fixes for 3.18" from Maxime Ripard: A fix for the A31 dma controller that requires the AHB clock to be parented to PLL6 in order to operate. * tag 'sunxi-fixes-for-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: ARM: dts: sun6i: Re-parent ahb1_mux to pll6 as required by dma controller Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2014-11-18x86, kaslr: Handle Gold linker for finding bss/brkKees Cook1-1/+10
When building with the Gold linker, the .bss and .brk areas of vmlinux are shown as consecutive instead of having the same file offset. Allow for either state, as long as things add up correctly. Fixes: e6023367d779 ("x86, kaslr: Prevent .bss from overlaping initrd") Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de> Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Junjie Mao <eternal.n08@gmail.com> Link: http://lkml.kernel.org/r/20141118001604.GA25045@www.outflux.net Cc: stable@vger.kernel.org Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-18x86, mm: Set NX across entire PMD at bootKees Cook1-1/+10
When setting up permissions on kernel memory at boot, the end of the PMD that was split from bss remained executable. It should be NX like the rest. This performs a PMD alignment instead of a PAGE alignment to get the correct span of memory. Before: ---[ High Kernel Mapping ]--- ... 0xffffffff8202d000-0xffffffff82200000 1868K RW GLB NX pte 0xffffffff82200000-0xffffffff82c00000 10M RW PSE GLB NX pmd 0xffffffff82c00000-0xffffffff82df5000 2004K RW GLB NX pte 0xffffffff82df5000-0xffffffff82e00000 44K RW GLB x pte 0xffffffff82e00000-0xffffffffc0000000 978M pmd After: ---[ High Kernel Mapping ]--- ... 0xffffffff8202d000-0xffffffff82200000 1868K RW GLB NX pte 0xffffffff82200000-0xffffffff82e00000 12M RW PSE GLB NX pmd 0xffffffff82e00000-0xffffffffc0000000 978M pmd [ tglx: Changed it to roundup(_brk_end, PMD_SIZE) and added a comment. We really should unmap the reminder along with the holes caused by init,initdata etc. but thats a different issue ] Signed-off-by: Kees Cook <keescook@chromium.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Toshi Kani <toshi.kani@hp.com> Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> Cc: David Vrabel <david.vrabel@citrix.com> Cc: Wang Nan <wangnan0@huawei.com> Cc: Yinghai Lu <yinghai@kernel.org> Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20141114194737.GA3091@www.outflux.net Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-18x86, microcode: Update BSPs microcode on resumeBorislav Petkov1-0/+8
In the situation when we apply early microcode but do *not* apply late microcode, we fail to update the BSP's microcode on resume because we haven't initialized the uci->mc microcode pointer. So, in order to alleviate that, we go and dig out the stashed microcode patch during early boot. It is basically the same thing that is done on the APs early during boot so do that too here. Tested-by: alex.schnaidt@gmail.com Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=88001 Cc: Henrique de Moraes Holschuh <hmh@hmh.eng.br> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: <stable@vger.kernel.org> # v3.9 Signed-off-by: Borislav Petkov <bp@suse.de> Link: http://lkml.kernel.org/r/20141118094657.GA6635@pd.tnic Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-17powerpc/fsl_msi: mark the msi cascade handler IRQF_NO_THREADKevin Hao1-1/+1
The commit 543c043cbae7 ("powerpc/fsl_msi: change the irq handler from chained to normal") changes the msi cascade handler from chained to normal. Since cascade handler must run in hard interrupt context, this will cause kernel panic if we force threading of all the interrupt handler via kernel command parameter 'threadirqs'. So mark the irq handler IRQF_NO_THREAD explicitly. Signed-off-by: Kevin Hao <haokexin@gmail.com> Signed-off-by: Scott Wood <scottwood@freescale.com>
2014-11-16Merge tag 'armsoc-for-rc5' of ↵Linus Torvalds12-18/+46
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "Another small set of fixes: - some DT compatible typo fixes - irq setup fix dealing with irq storms on orion - i2c quirk generalization for mvebu - a handful of smaller fixes for OMAP - a couple of added file patterns for OMAP entries in MAINTAINERS" * tag 'armsoc-for-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: at91/dt: Fix sama5d3x typos pinctrl: dra: dt-bindings: Fix output pull up/down MAINTAINERS: Update entry for omap related .dts files to cover new SoCs MAINTAINERS: add more files under OMAP SUPPORT ARM: dts: AM437x-SK-EVM: Fix DCDC3 voltage ARM: dts: AM437x-GP-EVM: Fix DCDC3 voltage ARM: dts: AM43x-EPOS-EVM: Fix DCDC3 voltage ARM: dts: am335x-evm: Fix 5th NAND partition's name ARM: orion: Fix for certain sequence of request_irq can cause irq storm ARM: mvebu: armada xp: Generalize use of i2c quirk
2014-11-16Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparcLinus Torvalds6-20/+43
Pull sparc fixes from David Miller: 1) Fix NULL oops in Schizo PCI controller error handler. 2) Fix race between xchg and other operations on 32-bit sparc, from Andreas Larsson. 3) swab*() helpers need a dummy memory input operand to show data flow on 64-bit sparc. 4) Fix RCU warnings due to missing irq_{enter,exit}() around generic_smp_call_function*() calls. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Fix constraints on swab helpers. sparc32: Implement xchg and atomic_xchg using ATOMIC_HASH locks sparc64: Do irq_{enter,exit}() around generic_smp_call_function*(). sparc64: Fix crashes in schizo_pcierr_intr_other().
2014-11-16ARM: at91/dt: Fix sama5d3x typosPeter Rosin6-6/+6
Some DT files had a typo with a missing "5" in sama5d3x first compatible string. Signed-off-by: Peter Rosin <peda@axentia.se> [nicolas.ferre@atmel.com: modify commit log] Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: Olof Johansson <olof@lixom.net>
2014-11-16Merge tag 'omap-fixes-against-v3.18-rc4' of ↵Olof Johansson4-7/+7
git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Merge "omap fixes against v3.18-rc4" from Tony Lindgren: Few omap fixes for hangs and wrong pinctrl defines, and update MAINTAINERS file to avoid missing PMIC and SoC related patches: - Fix random hangs on am437x because of incorrect default value for the DDR regulator - Fix wrong partition name for NAND on am335x-evm - Fix wrong pinctrl defines for dra7xx - Update maintainers entries for PMICs and SoCs * tag 'omap-fixes-against-v3.18-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: pinctrl: dra: dt-bindings: Fix output pull up/down MAINTAINERS: Update entry for omap related .dts files to cover new SoCs MAINTAINERS: add more files under OMAP SUPPORT ARM: dts: AM437x-SK-EVM: Fix DCDC3 voltage ARM: dts: AM437x-GP-EVM: Fix DCDC3 voltage ARM: dts: AM43x-EPOS-EVM: Fix DCDC3 voltage ARM: dts: am335x-evm: Fix 5th NAND partition's name Signed-off-by: Olof Johansson <olof@lixom.net>
2014-11-16Merge tag 'mvebu-fixes-3.18' of git://git.infradead.org/linux-mvebu into fixesOlof Johansson2-5/+33
Merge "mvebu fixes for v3.18" from Jason Cooper: - Armada XP - Generalize i2c quirk - orion - Fix irq storm caused by specific sequence of request_irq * tag 'mvebu-fixes-3.18' of git://git.infradead.org/linux-mvebu: ARM: orion: Fix for certain sequence of request_irq can cause irq storm ARM: mvebu: armada xp: Generalize use of i2c quirk
2014-11-16sparc64: Fix constraints on swab helpers.David S. Miller1-6/+6
We are reading the memory location, so we have to have a memory constraint in there purely for the sake of showing the data flow to the compiler. Reported-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2014-11-16Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds11-26/+94
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Microcode fixes, a Xen fix and a KASLR boot loading fix with certain memory layouts" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86, microcode, AMD: Fix ucode patch stashing on 32-bit x86/core, x86/xen/smp: Use 'die_complete' completion when taking CPU down x86, microcode: Fix accessing dis_ucode_ldr on 32-bit x86, kaslr: Prevent .bss from overlaping initrd x86, microcode, AMD: Fix early ucode loading on 32-bit
2014-11-16x86-64: make csum_partial_copy_from_user() error handling consistentLinus Torvalds1-3/+2
Al Viro pointed out that the x86-64 csum_partial_copy_from_user() is somewhat confused about what it should do on errors, notably it mostly clears the uncopied end result buffer, but misses that for the initial alignment case. All users should check for errors, so it's dubious whether the clearing is even necessary, and Al also points out that we should probably clean up the calling conventions, but regardless of any future changes to this function, the fact that it is inconsistent is just annoying. So make the __get_user() failure path use the same error exit as all the other errors do. Reported-by: Al Viro <viro@zeniv.linux.org.uk> Cc: David Miller <davem@davemloft.net> Cc: Andi Kleen <andi@firstfloor.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-11-16x86: Require exact match for 'noxsave' command line optionDave Hansen1-0/+2
We have some very similarly named command-line options: arch/x86/kernel/cpu/common.c:__setup("noxsave", x86_xsave_setup); arch/x86/kernel/cpu/common.c:__setup("noxsaveopt", x86_xsaveopt_setup); arch/x86/kernel/cpu/common.c:__setup("noxsaves", x86_xsaves_setup); __setup() is designed to match options that take arguments, like "foo=bar" where you would have: __setup("foo", x86_foo_func...); The problem is that "noxsave" actually _matches_ "noxsaves" in the same way that "foo" matches "foo=bar". If you boot an old kernel that does not know about "noxsaves" with "noxsaves" on the command line, it will interpret the argument as "noxsave", which is not what you want at all. This makes the "noxsave" handler only return success when it finds an *exact* match. [ tglx: We really need to make __setup() more robust. ] Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Cc: Dave Hansen <dave@sr71.net> Cc: Fenghua Yu <fenghua.yu@intel.com> Cc: x86@kernel.org Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20141111220133.FE053984@viggo.jf.intel.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-16perf/x86/intel/uncore: Fix boot crash on SBOX PMU on Haswell-EPAndi Kleen1-3/+30
There were several reports that on some systems writing the SBOX0 PMU initialization MSR would #GP at boot. This did not happen on all systems -- my two test systems booted fine. Writing the three initialization bits bit-by-bit seems to avoid the problem. So add a special callback to do just that. This replaces an earlier patch that disabled the SBOX. Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com> Reported-and-Tested-by: Patrick Lu <patrick.lu@intel.com> Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Link: http://lkml.kernel.org/r/1415062828-19759-4-git-send-email-andi@firstfloor.org [ Fixed a whitespace error and added attribution tags that were left out inexplicably. ] Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-11-16perf/x86/intel/uncore: Fix IRP uncore register offsets on Haswell EPAndi Kleen1-1/+15
The counter register offsets for the IRP box PMU for Haswell-EP were incorrect. The offsets actually changed over IvyBridge EP. Fix them to the correct values. For this we need to fork the read function from the IVB and use an own counter array. Tested-by: patrick.lu@intel.com Signed-off-by: Andi Kleen <ak@linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Cc: Arnaldo Carvalho de Melo <acme@kernel.org> Link: http://lkml.kernel.org/r/1415062828-19759-3-git-send-email-andi@firstfloor.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-11-15Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-armLinus Torvalds2-4/+17
Pull ARM fixes from Russell King: "Two fixes this time, one to ensure that the kuser helper option depends on MMU as they aren't available for noMMU targets (and if the option is selected, we end up oopsing.) The second fix plugs a corner case with the decompressor, ensuring that the instruction stream can see the relocated code in every case on ARMv7 CPUs" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: 8198/1: make kuser helpers depend on MMU ARM: 8191/1: decompressor: ensure I-side picks up relocated code
2014-11-15Merge branch 'parisc-3.18-2' of ↵Linus Torvalds8-49/+41
git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: "Changes include: - wire up the bpf syscall - remove CONFIG_64BIT usage from some userspace-exported header files - use compat functions for msgctl, shmat, shmctl and semtimedop syscalls" * 'parisc-3.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Avoid using CONFIG_64BIT in userspace exported headers parisc: Use compat layer for msgctl, shmat, shmctl and semtimedop syscalls parisc: Use BUILD_BUG() instead of undefined functions parisc: Wire up bpf syscall
2014-11-14Merge tag 'arm64-fixes' of ↵Linus Torvalds5-11/+27
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - fix EFI stub cache maintenance causing aborts during boot on certain platforms - handle byte stores in __clear_user without panicking - fix race condition in aarch64_insn_patch_text_sync() (instruction patching) - Couple of type fixes * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: ARCH_PFN_OFFSET should be unsigned long Correct the race condition in aarch64_insn_patch_text_sync() arm64: __clear_user: handle exceptions on strb arm64: Fix data type for physical address arm64: efi: Fix stub cache maintenance
2014-11-13Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds1-5/+5
Pull networking fixes from David Miller: 1) sunhme driver lacks DMA mapping error checks, based upon a report by Meelis Roos. 2) Fix memory leak in mvpp2 driver, from Sudip Mukherjee. 3) DMA memory allocation sizes are wrong in systemport ethernet driver, fix from Florian Fainelli. 4) Fix use after free in mac80211 defragmentation code, from Johannes Berg. 5) Some networking uapi headers missing from Kbuild file, from Stephen Hemminger. 6) TUN driver gets csum_start offset wrong when VLAN accel is enabled, and macvtap has a similar bug, from Herbert Xu. 7) Adjust several tunneling drivers to set dev->iflink after registry, because registry sets that to -1 overwriting whatever we did. From Steffen Klassert. 8) Geneve forgets to set inner tunneling type, causing GSO segmentation to fail on some NICs. From Jesse Gross. 9) Fix several locking bugs in stmmac driver, from Fabrice Gasnier and Giuseppe CAVALLARO. 10) Fix spurious timeouts with NewReno on low traffic connections, from Marcelo Leitner. 11) Fix descriptor updates in enic driver, from Govindarajulu Varadarajan. 12) PPP calls bpf_prog_create() with locks held, which isn't kosher. Fix from Takashi Iwai. 13) Fix NULL deref in SCTP with malformed INIT packets, from Daniel Borkmann. 14) psock_fanout selftest accesses past the end of the mmap ring, fix from Shuah Khan. 15) Fix PTP timestamping for VLAN packets, from Richard Cochran. 16) netlink_unbind() calls in netlink pass wrong initial argument, from Hiroaki SHIMODA. 17) vxlan socket reuse accidently reuses a socket when the address family is different, so we have to explicitly check this, from Marcelo Lietner. 18) Fix missing include in nft_reject_bridge.c breaking the build on ppc and other architectures, from Guenter Roeck. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits) vxlan: Do not reuse sockets for a different address family smsc911x: power-up phydev before doing a software reset. lib: rhashtable - Remove weird non-ASCII characters from comments net/smsc911x: Fix delays in the PHY enable/disable routines net/smsc911x: Fix rare soft reset timeout issue due to PHY power-down mode netlink: Properly unbind in error conditions. net: ptp: fix time stamp matching logic for VLAN packets. cxgb4 : dcb open-lldp interop fixes selftests/net: psock_fanout seg faults in sock_fanout_read_ring() net: bcmgenet: apply MII configuration in bcmgenet_open() net: bcmgenet: connect and disconnect from the PHY state machine net: qualcomm: Fix dependency ixgbe: phy: fix uninitialized status in ixgbe_setup_phy_link_tnx net: phy: Correctly handle MII ioctl which changes autonegotiation. ipv6: fix IPV6_PKTINFO with v4 mapped net: sctp: fix memory leak in auth key management net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet net: ppp: Don't call bpf_prog_create() in ppp_lock net/mlx4_en: Advertize encapsulation offloads features only when VXLAN tunnel is set cxgb4 : Fix bug in DCB app deletion ...
2014-11-13ARM: 8198/1: make kuser helpers depend on MMUNathan Lynch1-0/+1
The kuser helpers page is not set up on non-MMU systems, so it does not make sense to allow CONFIG_KUSER_HELPERS to be enabled when CONFIG_MMU=n. Allowing it to be set on !MMU results in an oops in set_tls (used in execve and the arm_syscall trap handler): Unhandled exception: IPSR = 00000005 LR = fffffff1 CPU: 0 PID: 1 Comm: swapper Not tainted 3.18.0-rc1-00041-ga30465a #216 task: 8b838000 ti: 8b82a000 task.ti: 8b82a000 PC is at flush_thread+0x32/0x40 LR is at flush_thread+0x21/0x40 pc : [<8f00157a>] lr : [<8f001569>] psr: 4100000b sp : 8b82be20 ip : 00000000 fp : 8b83c000 r10: 00000001 r9 : 88018c84 r8 : 8bb85000 r7 : 8b838000 r6 : 00000000 r5 : 8bb77400 r4 : 8b82a000 r3 : ffff0ff0 r2 : 8b82a000 r1 : 00000000 r0 : 88020354 xPSR: 4100000b CPU: 0 PID: 1 Comm: swapper Not tainted 3.18.0-rc1-00041-ga30465a #216 [<8f002bc1>] (unwind_backtrace) from [<8f002033>] (show_stack+0xb/0xc) [<8f002033>] (show_stack) from [<8f00265b>] (__invalid_entry+0x4b/0x4c) As best I can tell this issue existed for the set_tls ARM syscall before commit fbfb872f5f41 "ARM: 8148/1: flush TLS and thumbee register state during exec" consolidated the TLS manipulation code into the set_tls helper function, but now that we're using it to flush register state during execve, !MMU users encounter the oops at the first exec. Prevent CONFIG_MMU=n configurations from enabling CONFIG_KUSER_HELPERS. Fixes: fbfb872f5f41 (ARM: 8148/1: flush TLS and thumbee register state during exec) Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com> Reported-by: Stefan Agner <stefan@agner.ch> Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Cc: stable@vger.kernel.org Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-11-13ARM: 8191/1: decompressor: ensure I-side picks up relocated codeWill Deacon1-4/+16
To speed up decompression, the decompressor sets up a flat, cacheable mapping of memory. However, when there is insufficient space to hold the page tables for this mapping, we don't bother to enable the caches and subsequently skip all the cache maintenance hooks. Skipping the cache maintenance before jumping to the relocated code allows the processor to predict the branch and populate the I-cache with stale data before the relocation loop has completed (since a bootloader may have SCTLR.I set, which permits normal, cacheable instruction fetches regardless of SCTLR.M). This patch moves the cache maintenance check into the maintenance routines themselves, allowing the v6/v7 versions to invalidate the I-cache regardless of the MMU state. Cc: <stable@vger.kernel.org> Reported-by: Marc Carino <marc.ceeeee@gmail.com> Tested-by: Julien Grall <julien.grall@linaro.org> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-11-13ARM: tegra: roth: Fix SD card VDD_IO regulatorAlexandre Courbot1-3/+1
vddio_sdmmc3 is a vdd_io, and thus should be under the vqmmc-supply property, not vmmc-supply. Signed-off-by: Alexandre Courbot <acourbot@nvidia.com> Signed-off-by: Thierry Reding <treding@nvidia.com>