30 Oct, 2016
5 commits
-
Pull ARM SoC fixes from Olof Johansson:
"We haven't seen a whole lot of fixes for the first two weeks since the
merge window, but here is the batch that we have at the moment.Nothing sticks out as particularly bad or scary, it's mostly a handful
of smaller fixes to several platforms. The Uniphier reset controller
changes could probably have been delayed to 4.10, but they're not
scary and just plumbing up driver changes that went in during the
merge window.We're also adding another maintainer to Marvell Berlin platforms, to
help out when Sebastian is too busy. Yay teamwork!"* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: imx: mach-imx6q: Fix the PHY ID mask for AR8031
ARM: dts: vf610: fix IRQ flag of global timer
ARM: imx: gpc: Fix the imx_gpc_genpd_init() error path
ARM: imx: gpc: Initialize all power domains
arm64: dts: Updated NAND DT properties for NS2 SVK
arm64: dts: uniphier: change MIO node to SD control node
ARM: dts: uniphier: change MIO node to SD control node
reset: uniphier: rename MIO reset to SD reset for Pro5, PXs2, LD20 SoCs
arm64: uniphier: select ARCH_HAS_RESET_CONTROLLER
ARM: uniphier: select ARCH_HAS_RESET_CONTROLLER
arm64: dts: Add timer erratum property for LS2080A and LS1043A
arm64: dts: rockchip: remove the abuse of keep-power-in-suspend
ARM: multi_v7_defconfig: Enable Intel e1000e driver
MAINTAINERS: add myself as Marvell berlin SoC maintainer
bus: qcom-ebi2: depend on ARCH_QCOM or COMPILE_TEST
ARM: dts: fix the SD card on the Snowball
arm64: dts: rockchip: remove always-on and boot-on from vcc_sd
arm64: dts: marvell: fix clocksource for CP110 master SPI0
ARM: mvebu: Select corediv clk for all mvebu v7 SoC -
…nel/git/mmind/linux-rockchip into fixes
Correct regulator handling on Rockchip arm64 boards to make
bind/unbind calls work correctly and remove a sdio-only
property from non-sdio mmc hosts, that accidentially was
added there.* tag 'v4.9-rockchip-dts64-fixes1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip:
arm64: dts: rockchip: remove the abuse of keep-power-in-suspend
arm64: dts: rockchip: remove always-on and boot-on from vcc_sdSigned-off-by: Olof Johansson <olof@lixom.net>
-
This pull request contains a single fix for Broadcom ARM64-based SoCs:
- Ray adds the required bus width and OOB sector size properties to the
Northstar 2 SVK reference board in order for the NAND controller to work
properly* tag 'arm-soc/for-4.9/devicetree-arm64-fixes' of http://github.com/Broadcom/stblinux:
arm64: dts: Updated NAND DT properties for NS2 SVKSigned-off-by: Olof Johansson
-
The i.MX fixes for 4.9:
- A couple of patches from Fabio to fix the GPC power domain regression
which is caused by PM Domain core change 0159ec670763dd
("PM / Domains: Verify the PM domain is present when adding a
provider"), and a related kernel crash seen with multi_v7_defconfig
build.
- Correct the PHY ID mask for AR8031 to match phy driver code.
- Apply new added timer erratum A008585 for LS1043A and LS2080A SoC.
- Correct vf610 global timer IRQ flag to avoid warning from gic driver
after commit 992345a58e0c ("irqchip/gic: WARN if setting the
interrupt type for a PPI fails").* tag 'imx-fixes-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
ARM: imx: mach-imx6q: Fix the PHY ID mask for AR8031
ARM: dts: vf610: fix IRQ flag of global timer
ARM: imx: gpc: Fix the imx_gpc_genpd_init() error path
ARM: imx: gpc: Initialize all power domains
arm64: dts: Add timer erratum property for LS2080A and LS1043ASigned-off-by: Olof Johansson
-
…/masahiroy/linux-uniphier into fixes
UniPhier ARM SoC fixes for v4.9
- Add "select ARCH_HAS_RESET_CONTROLLER" in Kconfig
- Rename wrongly-named mioctrl to sdctrl* tag 'uniphier-fixes-v4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-uniphier:
arm64: dts: uniphier: change MIO node to SD control node
ARM: dts: uniphier: change MIO node to SD control node
reset: uniphier: rename MIO reset to SD reset for Pro5, PXs2, LD20 SoCs
arm64: uniphier: select ARCH_HAS_RESET_CONTROLLER
ARM: uniphier: select ARCH_HAS_RESET_CONTROLLERSigned-off-by: Olof Johansson <olof@lixom.net>
27 Oct, 2016
3 commits
-
Fix parameter name for __page_to_voff, to match its definition.
At present, we don't see any issue, as page_to_virt's caller
declares 'page'.Fixes: 9f2875912dac ("arm64: mm: restrict virt_to_page() to the linear mapping")
Acked-by: Mark Rutland
Acked-by: Ard Biesheuvel
Signed-off-by: Neeraj Upadhyay
Signed-off-by: Will Deacon -
When booting on NUMA system with memory-less node (no
memory dimm on this memory controller), the print
for setup_node_data() is incorrect:NUMA: Initmem setup node 2 [mem 0x00000000-0xffffffffffffffff]
It can be fixed by printing [mem 0x00000000-0x00000000] when
end_pfn is 0, but print will be more useful.Fixes: 1a2db300348b ("arm64, numa: Add NUMA support for arm64 platforms.")
Signed-off-by: Hanjun Guo
Cc: Catalin Marinas
Cc: Ganapatrao Kulkarni
Cc: Lorenzo Pieralisi
Cc: Mark Rutland
Cc: Will Deacon
Cc: Yisheng Xie
Signed-off-by: Will Deacon -
The pcpu_build_alloc_info() function group CPUs according to their
proximity, by call callback function @cpu_distance_fn from different
ARCHs.For arm64 the callback of @cpu_distance_fn is
pcpu_cpu_distance(from, to)
-> node_distance(from, to)
The @from and @to for function node_distance() should be nid.However, pcpu_cpu_distance() in arch/arm64/mm/numa.c just past the
cpu id for @from and @to, and didn't convert to numa node id.For this incorrect cpu proximity get from ARCH, it may cause each CPU
in one group and make group_cnt out of bound:setup_per_cpu_areas()
pcpu_embed_first_chunk()
pcpu_build_alloc_info()
in pcpu_build_alloc_info, since cpu_distance_fn will return
REMOTE_DISTANCE if we pass cpu ids (0,1,2...), so
cpu_distance_fn(cpu, tcpu) > LOCAL_DISTANCE will wrongly be ture.This may results in triggering the BUG_ON(unit != nr_units) later:
[ 0.000000] kernel BUG at mm/percpu.c:1916!
[ 0.000000] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[ 0.000000] Modules linked in:
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.9.0-rc1-00003-g14155ca-dirty #26
[ 0.000000] Hardware name: Hisilicon Hi1616 Evaluation Board (DT)
[ 0.000000] task: ffff000008d6e900 task.stack: ffff000008d60000
[ 0.000000] PC is at pcpu_embed_first_chunk+0x420/0x704
[ 0.000000] LR is at pcpu_embed_first_chunk+0x3bc/0x704
[ 0.000000] pc : [] lr : [] pstate: 800000c5
[ 0.000000] sp : ffff000008d63eb0
[ 0.000000] x29: ffff000008d63eb0 [ 0.000000] x28: 0000000000000000
[ 0.000000] x27: 0000000000000040 [ 0.000000] x26: ffff8413fbfcef00
[ 0.000000] x25: 0000000000000042 [ 0.000000] x24: 0000000000000042
[ 0.000000] x23: 0000000000001000 [ 0.000000] x22: 0000000000000046
[ 0.000000] x21: 0000000000000001 [ 0.000000] x20: ffff000008cb3bc8
[ 0.000000] x19: ffff8413fbfcf570 [ 0.000000] x18: 0000000000000000
[ 0.000000] x17: ffff000008e49ae0 [ 0.000000] x16: 0000000000000003
[ 0.000000] x15: 000000000000001e [ 0.000000] x14: 0000000000000004
[ 0.000000] x13: 0000000000000000 [ 0.000000] x12: 000000000000006f
[ 0.000000] x11: 00000413fbffff00 [ 0.000000] x10: 0000000000000004
[ 0.000000] x9 : 0000000000000000 [ 0.000000] x8 : 0000000000000001
[ 0.000000] x7 : ffff8413fbfcf63c [ 0.000000] x6 : ffff000008d65d28
[ 0.000000] x5 : ffff000008d65e50 [ 0.000000] x4 : 0000000000000000
[ 0.000000] x3 : ffff000008cb3cc8 [ 0.000000] x2 : 0000000000000040
[ 0.000000] x1 : 0000000000000040 [ 0.000000] x0 : 0000000000000000
[...]
[ 0.000000] Call trace:
[ 0.000000] Exception stack(0xffff000008d63ce0 to 0xffff000008d63e10)
[ 0.000000] 3ce0: ffff8413fbfcf570 0001000000000000 ffff000008d63eb0 ffff000008c754f4
[ 0.000000] 3d00: ffff000008d63d50 ffff0000081af210 00000413fbfff010 0000000000001000
[ 0.000000] 3d20: ffff000008d63d50 ffff0000081af220 00000413fbfff010 0000000000001000
[ 0.000000] 3d40: 00000413fbfcef00 0000000000000004 ffff000008d63db0 ffff0000081af390
[ 0.000000] 3d60: 00000413fbfcef00 0000000000001000 0000000000000000 0000000000001000
[ 0.000000] 3d80: 0000000000000000 0000000000000040 0000000000000040 ffff000008cb3cc8
[ 0.000000] 3da0: 0000000000000000 ffff000008d65e50 ffff000008d65d28 ffff8413fbfcf63c
[ 0.000000] 3dc0: 0000000000000001 0000000000000000 0000000000000004 00000413fbffff00
[ 0.000000] 3de0: 000000000000006f 0000000000000000 0000000000000004 000000000000001e
[ 0.000000] 3e00: 0000000000000003 ffff000008e49ae0
[ 0.000000] [] pcpu_embed_first_chunk+0x420/0x704
[ 0.000000] [] setup_per_cpu_areas+0x38/0xc8
[ 0.000000] [] start_kernel+0x10c/0x390
[ 0.000000] [] __primary_switched+0x5c/0x64
[ 0.000000] Code: b8018660 17ffffd7 6b16037f 54000080 (d4210000)
[ 0.000000] ---[ end trace 0000000000000000 ]---
[ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!Fix by getting cpu's node id with early_cpu_to_node() then pass it
to node_distance() as the original intention.Fixes: 7af3a0a99252 ("arm64/numa: support HAVE_SETUP_PER_CPU_AREA")
Signed-off-by: Yisheng Xie
Signed-off-by: Hanjun Guo
Cc: Catalin Marinas
Cc: Lorenzo Pieralisi
Cc: Will Deacon
Cc: Zhen Lei
Signed-off-by: Will Deacon
24 Oct, 2016
1 commit
-
This patch adds NAND DT properties for NS2 SVK to configure the bus
width width and OOB sector sizeSigned-off-by: Prafulla Kota
Signed-off-by: Ray Jui
Signed-off-by: Florian Fainelli
22 Oct, 2016
4 commits
-
I made a mistake bacuse the Media I/O block is not implemented in
this SoC.Signed-off-by: Masahiro Yamada
-
The UniPhier reset driver (drivers/reset/reset-uniphier.c) has been
merged. Select ARCH_HAS_RESET_CONTROLLER from the SoC Kconfig.Signed-off-by: Masahiro Yamada
-
Pull KVM fixes from Radim Krčmář:
"ARM:
- avoid livelock when walking guest page tables
- fix HYP mode static keys without CC_HAVE_ASM_GOTOMIPS:
- fix a build error without TRACEPOINTS_ENABLEDs390:
- reject a malformed userspace configurationx86:
- suppress a warning without CONFIG_CPU_FREQ
- initialize whole irq_eoi array"* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
arm/arm64: KVM: Map the BSS at HYP
arm64: KVM: Take S1 walks into account when determining S2 write faults
KVM: s390: reject invalid modes for runtime instrumentation
kvm: x86: memset whole irq_eoi
kvm/x86: Fix unused variable warning in kvm_timer_init()
KVM: MIPS: Add missing uaccess.h include -
The WnR bit in the HSR/ESR_EL2 indicates whether a data abort was
generated by a read or a write instruction. For stage 2 data aborts
generated by a stage 1 translation table walk (i.e. the actual page
table access faults at EL2), the WnR bit therefore reports whether the
instruction generating the walk was a load or a store, *not* whether the
page table walker was reading or writing the entry.For page tables marked as read-only at stage 2 (e.g. due to KSM merging
them with the tables from another guest), this could result in livelock,
where a page table walk generated by a load instruction attempts to
set the access flag in the stage 1 descriptor, but fails to trigger
CoW in the host since only a read fault is reported.This patch modifies the arm64 kvm_vcpu_dabt_iswrite function to
take into account stage 2 faults in stage 1 walks. Since DBM cannot be
disabled at EL2 for CPUs that implement it, we assume that these faults
are always causes by writes, avoiding the livelock situation at the
expense of occasional, spurious CoWs.We could, in theory, do a bit better by checking the guest TCR
configuration and inspecting the page table to see why the PTE faulted.
However, I doubt this is measurable in practice, and the threat of
livelock is real.Cc:
Cc: Julien Grall
Reviewed-by: Marc Zyngier
Reviewed-by: Christoffer Dall
Signed-off-by: Will Deacon
21 Oct, 2016
2 commits
-
Both the LS1043A and LS2080A platforms are affected by the Freescale
A008585 erratum. Advertise it in their respective device trees.Signed-off-by: Scott Wood
Acked-by: Marc Zyngier
Signed-off-by: Shawn Guo -
Pull arm64 fixes from Will Deacon:
"Most of these are CC'd for stable, but there are a few fixing issues
introduced during the recent merge window too.There's also a fix for the xgene PMU driver, but it seemed daft to
send as a separate pull request, so I've included it here with the
rest of the fixes.- Fix ACPI boot due to recent broken NUMA changes
- Fix remote enabling of CPU features requiring PSTATE bit manipulation
- Add address range check when emulating user cache maintenance
- Fix LL/SC loops that allow compiler to introduce memory accesses
- Fix recently added write_sysreg_s macro
- Ensure MDCR_EL2 is initialised on qemu targets without a PMU
- Avoid kaslr breakage due to MODVERSIONs and DYNAMIC_FTRACE
- Correctly drive recent ld when building relocatable Image
- Remove junk IS_ERR check from xgene PMU driver added during merge window
- pr_cont fixes after core changes in the merge window"* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: remove pr_cont abuse from mem_init
arm64: fix show_regs fallout from KERN_CONT changes
arm64: kernel: force ET_DYN ELF type for CONFIG_RELOCATABLE=y
arm64: suspend: Reconfigure PSTATE after resume from idle
arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call
arm64: cpufeature: Schedule enable() calls instead of calling them via IPI
arm64: Cortex-A53 errata workaround: check for kernel addresses
arm64: percpu: rewrite ll/sc loops in assembly
arm64: swp emulation: bound LL/SC retries before rescheduling
arm64: sysreg: Fix use of XZR in write_sysreg_s
arm64: kaslr: keep modules close to the kernel when DYNAMIC_FTRACE=y
arm64: kernel: Init MDCR_EL2 even in the absence of a PMU
perf: xgene: Remove bogus IS_ERR() check
arm64: kernel: numa: fix ACPI boot cpu numa node mapping
arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y
20 Oct, 2016
7 commits
-
All the lines printed by mem_init are independent, with each ending with
a newline. While they logically form a large block, none are actually
continuations of previous lines.The kernel-side printk code and the userspace demsg tool differ in their
handling of KERN_CONT following a newline, and while this isn't always a
problem kernel-side, it does cause difficulty for userspace. Using
pr_cont causes the userspace tool to not print line prefix (e.g.
timestamps) even when following a newline, mis-aligning the output and
making it harder to read, e.g.[ 0.000000] Virtual kernel memory layout:
[ 0.000000] modules : 0xffff000000000000 - 0xffff000008000000 ( 128 MB)
vmalloc : 0xffff000008000000 - 0xffff7dffbfff0000 (129022 GB)
.text : 0xffff000008080000 - 0xffff0000088b0000 ( 8384 KB)
.rodata : 0xffff0000088b0000 - 0xffff000008c50000 ( 3712 KB)
.init : 0xffff000008c50000 - 0xffff000008d50000 ( 1024 KB)
.data : 0xffff000008d50000 - 0xffff000008e25200 ( 853 KB)
.bss : 0xffff000008e25200 - 0xffff000008e6bec0 ( 284 KB)
fixed : 0xffff7dfffe7fd000 - 0xffff7dfffec00000 ( 4108 KB)
PCI I/O : 0xffff7dfffee00000 - 0xffff7dffffe00000 ( 16 MB)
vmemmap : 0xffff7e0000000000 - 0xffff800000000000 ( 2048 GB maximum)
0xffff7e0000000000 - 0xffff7e0026000000 ( 608 MB actual)
memory : 0xffff800000000000 - 0xffff800980000000 ( 38912 MB)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=6, Nodes=1Fix this by using pr_notice consistently for all lines, which both the
kernel and userspace are happy with.Signed-off-by: Mark Rutland
Cc: Catalin Marinas
Cc: James Morse
Cc: Kefeng Wang
Cc: Will Deacon
Signed-off-by: Will Deacon -
Recently in commit 4bcc595ccd80decb ("printk: reinstate KERN_CONT for
printing continuation lines"), the behaviour of printk changed w.r.t.
KERN_CONT. Now, KERN_CONT is mandatory to continue existing lines.
Without this, prefixes are inserted, making output illegible, e.g.[ 1007.069010] pc : [] lr : [] pstate: 40000145
[ 1007.076329] sp : ffff000008d53ec0
[ 1007.079606] x29: ffff000008d53ec0 [ 1007.082797] x28: 0000000080c50018
[ 1007.086160]
[ 1007.087630] x27: ffff000008e0c7f8 [ 1007.090820] x26: ffff80097631ca00
[ 1007.094183]
[ 1007.095653] x25: 0000000000000001 [ 1007.098843] x24: 000000ea68b61cac
[ 1007.102206]... or when dumped with the userpace dmesg tool, which has slightly
different implicit newline behaviour. e.g.[ 1007.069010] pc : [] lr : [] pstate: 40000145
[ 1007.076329] sp : ffff000008d53ec0
[ 1007.079606] x29: ffff000008d53ec0
[ 1007.082797] x28: 0000000080c50018
[ 1007.086160]
[ 1007.087630] x27: ffff000008e0c7f8
[ 1007.090820] x26: ffff80097631ca00
[ 1007.094183]
[ 1007.095653] x25: 0000000000000001
[ 1007.098843] x24: 000000ea68b61cac
[ 1007.102206]We can't simply always use KERN_CONT for lines which may or may not be
continuations. That causes line prefixes (e.g. timestamps) to be
supressed, and the alignment of all but the first line will be broken.For even more fun, we can't simply insert some dummy empty-string printk
calls, as GCC warns for an empty printk string, and even if we pass
KERN_DEFAULT explcitly to silence the warning, the prefix gets swallowed
unless there is an additional part to the string.Instead, we must manually iterate over pairs of registers, which gives
us the legible output we want in either case, e.g.[ 169.771790] pc : [] lr : [] pstate: 40000145
[ 169.779109] sp : ffff000008d53ec0
[ 169.782386] x29: ffff000008d53ec0 x28: 0000000080c50018
[ 169.787650] x27: ffff000008e0c7f8 x26: ffff80097631de00
[ 169.792913] x25: 0000000000000001 x24: 00000027827b2cf4Signed-off-by: Mark Rutland
Cc: Catalin Marinas
Cc: Will Deacon
Signed-off-by: Will Deacon -
GNU ld used to set the ELF file type to ET_DYN for PIE executables, which
is the same file type used for shared libraries. However, this was changed
recently, and now PIE executables are emitted as ET_EXEC instead.The distinction is only relevant for ELF loaders, and so there is little
reason to care about the difference when building the kernel, which is
why the change has gone unnoticed until now.However, debuggers do use the ELF binary, and expect ET_EXEC type files
to appear in memory at the exact offset described in the ELF metadata.
This means source level debugging is no longer possible when KASLR is in
effect or when executing the stub.So add the -shared LD option when building with CONFIG_RELOCATABLE=y. This
forces the ELF file type to be set to ET_DYN (which is what you get when
building with binutils 2.24 and earlier anyway), and has no other ill
effects.Signed-off-by: Ard Biesheuvel
Signed-off-by: Will Deacon -
The suspend/resume path in kernel/sleep.S, as used by cpu-idle, does not
save/restore PSTATE. As a result of this cpufeatures that were detected
and have bits in PSTATE get lost when we resume from idle.UAO gets set appropriately on the next context switch. PAN will be
re-enabled next time we return from user-space, but on a preemptible
kernel we may run work accessing user space before this point.Add code to re-enable theses two features in __cpu_suspend_exit().
We re-use uao_thread_switch() passing current.Signed-off-by: James Morse
Cc: Lorenzo Pieralisi
Signed-off-by: Will Deacon -
Commit 338d4f49d6f7 ("arm64: kernel: Add support for Privileged Access
Never") enabled PAN by enabling the 'SPAN' feature-bit in SCTLR_EL1.
This means the PSTATE.PAN bit won't be set until the next return to the
kernel from userspace. On a preemptible kernel we may schedule work that
accesses userspace on a CPU before it has done this.Now that cpufeature enable() calls are scheduled via stop_machine(), we
can set PSTATE.PAN from the cpu_enable_pan() call.Add WARN_ON_ONCE(in_interrupt()) to check the PSTATE value we updated
is not immediately discarded.Reported-by: Tony Thompson
Reported-by: Vladimir Murzin
Signed-off-by: James Morse
[will: fixed typo in comment]
Signed-off-by: Will Deacon -
The enable() call for a cpufeature/errata is called using on_each_cpu().
This issues a cross-call IPI to get the work done. Implicitly, this
stashes the running PSTATE in SPSR when the CPU receives the IPI, and
restores it when we return. This means an enable() call can never modify
PSTATE.To allow PAN to do this, change the on_each_cpu() call to use
stop_machine(). This schedules the work on each CPU which allows
us to modify PSTATE.This involves changing the protype of all the enable() functions.
enable_cpu_capabilities() is called during boot and enables the feature
on all online CPUs. This path now uses stop_machine(). CPU features for
hotplug'd CPUs are enabled by verify_local_cpu_features() which only
acts on the local CPU, and can already modify the running PSTATE as it
is called from secondary_start_kernel().Reported-by: Tony Thompson
Reported-by: Vladimir Murzin
Signed-off-by: James Morse
Cc: Suzuki K Poulose
Signed-off-by: Will Deacon -
Commit 7dd01aef0557 ("arm64: trap userspace "dc cvau" cache operation on
errata-affected core") adds code to execute cache maintenance instructions
in the kernel on behalf of userland on CPUs with certain ARM CPU errata.
It turns out that the address hasn't been checked to be a valid user
space address, allowing userland to clean cache lines in kernel space.
Fix this by introducing an address check before executing the
instructions on behalf of userland.Since the address doesn't come via a syscall parameter, we can't just
reject tagged pointers and instead have to remove the tag when checking
against the user address limit.Cc:
Fixes: 7dd01aef0557 ("arm64: trap userspace "dc cvau" cache operation on errata-affected core")
Reported-by: Kristina Martsenko
Signed-off-by: Andre Przywara
[will: rework commit message + replace access_ok with max_user_addr()]
Signed-off-by: Will Deacon
19 Oct, 2016
3 commits
-
Writing the outer loop of an LL/SC sequence using do {...} while
constructs potentially allows the compiler to hoist memory accesses
between the STXR and the branch back to the LDXR. On CPUs that do not
guarantee forward progress of LL/SC loops when faced with memory
accesses to the same ERG (up to 2k) between the failed STXR and the
branch back, we may end up livelocking.This patch avoids this issue in our percpu atomics by rewriting the
outer loop as part of the LL/SC inline assembly block.Cc:
Fixes: f97fc810798c ("arm64: percpu: Implement this_cpu operations")
Reviewed-by: Mark Rutland
Tested-by: Mark Rutland
Signed-off-by: Will Deacon -
If a CPU does not implement a global monitor for certain memory types,
then userspace can attempt a kernel DoS by issuing SWP instructions
targetting the problematic memory (for example, a framebuffer mapped
with non-cacheable attributes).The SWP emulation code protects against these sorts of attacks by
checking for pending signals and potentially rescheduling when the STXR
instruction fails during the emulation. Whilst this is good for avoiding
livelock, it harms emulation of legitimate SWP instructions on CPUs
where forward progress is not guaranteed if there are memory accesses to
the same reservation granule (up to 2k) between the failing STXR and
the retry of the LDXR.This patch solves the problem by retrying the STXR a bounded number of
times (4) before breaking out of the LL/SC loop and looking for
something else to do.Cc:
Fixes: bd35a4adc413 ("arm64: Port SWP/SWPB emulation support from arm")
Reviewed-by: Mark Rutland
Signed-off-by: Will Deacon -
It was invented for sdio only, and should not be used for sdmmc
or emmc. Remove it.Signed-off-by: Shawn Lin
Signed-off-by: Heiko Stuebner
18 Oct, 2016
2 commits
-
mvebu fixes for 4.8 (part 3)
- Select corediv clk for all mvebu v7 SoC
- Fix clocksource for CP110 master SPI0 for Armada 7K/8K* tag 'mvebu-fixes-4.8-3' of git://git.infradead.org/linux-mvebu:
arm64: dts: marvell: fix clocksource for CP110 master SPI0
ARM: mvebu: Select corediv clk for all mvebu v7 SoCSigned-off-by: Olof Johansson
-
Commit 8a71f0c656e0 ("arm64: sysreg: replace open-coded mrs_s/msr_s with
{read,write}_sysreg_s") introduced a write_sysreg_s macro for writing
to system registers that are not supported by binutils.Unfortunately, this was implemented with the wrong template (%0 vs %x0),
so in the case that we are writing a constant 0, we will generate
invalid instruction syntax and bail with a cryptic assembler error:| Error: constant expression required
This patch fixes the template.
Acked-by: Mark Rutland
Signed-off-by: Will Deacon
17 Oct, 2016
4 commits
-
The RANDOMIZE_MODULE_REGION_FULL Kconfig option allows KASLR to be
configured in such a way that kernel modules and the core kernel are
allocated completely independently, which implies that modules are likely
to require branches via PLT entries to reach the core kernel. The dynamic
ftrace code does not expect that, and assumes that it can patch module
code to perform a relative branch to anywhere in the core kernel. This
may result in errors such asbranch_imm_common: offset out of range
------------[ cut here ]------------
WARNING: CPU: 3 PID: 196 at kernel/trace/ftrace.c:1995 ftrace_bug+0x220/0x2e8
Modules linked in:CPU: 3 PID: 196 Comm: systemd-udevd Not tainted 4.8.0-22-generic #24
Hardware name: AMD Seattle/Seattle, BIOS 10:34:40 Oct 6 2016
task: ffff8d1bef7dde80 task.stack: ffff8d1bef6b0000
PC is at ftrace_bug+0x220/0x2e8
LR is at ftrace_process_locs+0x330/0x430So make RANDOMIZE_MODULE_REGION_FULL mutually exclusive with DYNAMIC_FTRACE
at the Kconfig level.Signed-off-by: Ard Biesheuvel
Signed-off-by: Will Deacon -
Commit f436b2ac90a0 ("arm64: kernel: fix architected PMU registers
unconditional access") made sure we wouldn't access unimplemented
PMU registers, but also left MDCR_EL2 uninitialized in that case,
leading to trap bits being potentially left set.Make sure we always write something in that register.
Fixes: f436b2ac90a0 ("arm64: kernel: fix architected PMU registers unconditional access")
Cc: Lorenzo Pieralisi
Cc: Will Deacon
Cc:
Signed-off-by: Marc Zyngier
Signed-off-by: Will Deacon -
Commit 7ba5f605f3a0 ("arm64/numa: remove the limitation that cpu0 must
bind to node0") removed the numa cpunode mapping restriction whereby
logical cpu 0 always corresponds to numa node 0; removing the
restriction was correct, in that it does not really exist in practice
but the commit only updated the early mapping of logical cpu 0 to its
real numa node for the DT boot path, missing the ACPI one, leading to
boot failures on ACPI systems owing to missing nodecpu map for
logical cpu 0.Fix the issue by updating the ACPI boot path with code that carries out
the early cpunode mapping also for the boot cpu (ie cpu 0), mirroring
what is currently done in the DT boot path.Fixes: 7ba5f605f3a0 ("arm64/numa: remove the limitation that cpu0 must bind to node0")
Signed-off-by: Lorenzo Pieralisi
Tested-by: Laszlo Ersek
Reported-by: Laszlo Ersek
Cc: Will Deacon
Cc: Laszlo Ersek
Cc: Hanjun Guo
Cc: Andrew Jones
Cc: Zhen Lei
Cc: Catalin Marinas
Signed-off-by: Will Deacon -
As it turns out, the KASLR code breaks CONFIG_MODVERSIONS, since the
kcrctab has an absolute address field that is relocated at runtime
when the kernel offset is randomized.This has been fixed already for PowerPC in the past, so simply wire up
the existing code dealing with this issue.Cc:
Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
Tested-by: Timur Tabi
Signed-off-by: Ard Biesheuvel
Signed-off-by: Will Deacon
16 Oct, 2016
2 commits
-
I observed false KSAN positives in the sctp code, when
sctp uses jprobe_return() in jsctp_sf_eat_sack().The stray 0xf4 in shadow memory are stack redzones:
[ ] ==================================================================
[ ] BUG: KASAN: stack-out-of-bounds in memcmp+0xe9/0x150 at addr ffff88005e48f480
[ ] Read of size 1 by task syz-executor/18535
[ ] page:ffffea00017923c0 count:0 mapcount:0 mapping: (null) index:0x0
[ ] flags: 0x1fffc0000000000()
[ ] page dumped because: kasan: bad access detected
[ ] CPU: 1 PID: 18535 Comm: syz-executor Not tainted 4.8.0+ #28
[ ] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ ] ffff88005e48f2d0 ffffffff82d2b849 ffffffff0bc91e90 fffffbfff10971e8
[ ] ffffed000bc91e90 ffffed000bc91e90 0000000000000001 0000000000000000
[ ] ffff88005e48f480 ffff88005e48f350 ffffffff817d3169 ffff88005e48f370
[ ] Call Trace:
[ ] [] dump_stack+0x12e/0x185
[ ] [] kasan_report+0x489/0x4b0
[ ] [] __asan_report_load1_noabort+0x19/0x20
[ ] [] memcmp+0xe9/0x150
[ ] [] depot_save_stack+0x176/0x5c0
[ ] [] save_stack+0xb1/0xd0
[ ] [] kasan_slab_free+0x72/0xc0
[ ] [] kfree+0xc8/0x2a0
[ ] [] skb_free_head+0x79/0xb0
[ ] [] skb_release_data+0x37a/0x420
[ ] [] skb_release_all+0x4f/0x60
[ ] [] consume_skb+0x138/0x370
[ ] [] sctp_chunk_put+0xcb/0x180
[ ] [] sctp_chunk_free+0x58/0x70
[ ] [] sctp_inq_pop+0x68f/0xef0
[ ] [] sctp_assoc_bh_rcv+0xd6/0x4b0
[ ] [] sctp_inq_push+0x131/0x190
[ ] [] sctp_backlog_rcv+0xe9/0xa20
[ ... ]
[ ] Memory state around the buggy address:
[ ] ffff88005e48f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] ffff88005e48f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] >ffff88005e48f480: f4 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] ^
[ ] ffff88005e48f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] ffff88005e48f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] ==================================================================KASAN stack instrumentation poisons stack redzones on function entry
and unpoisons them on function exit. If a function exits abnormally
(e.g. with a longjmp like jprobe_return()), stack redzones are left
poisoned. Later this leads to random KASAN false reports.Unpoison stack redzones in the frames we are going to jump over
before doing actual longjmp in jprobe_return().Signed-off-by: Dmitry Vyukov
Acked-by: Masami Hiramatsu
Reviewed-by: Mark Rutland
Cc: Mark Rutland
Cc: Catalin Marinas
Cc: Andrey Ryabinin
Cc: Lorenzo Pieralisi
Cc: Alexander Potapenko
Cc: Will Deacon
Cc: Andrew Morton
Cc: Ananth N Mavinakayanahalli
Cc: Anil S Keshavamurthy
Cc: "David S. Miller"
Cc: Masami Hiramatsu
Cc: kasan-dev@googlegroups.com
Cc: surovegin@google.com
Cc: rostedt@goodmis.org
Link: http://lkml.kernel.org/r/1476454043-101898-1-git-send-email-dvyukov@google.com
Signed-off-by: Ingo Molnar -
Please don't add these for vcc_sd, and mmc-core/driver will control
it. Otherwise, it will waste energy even without sdmmc in slot.Moreover, it will causes a bug:
If we insert/remove sd card, we could see
[9.337271] mmc0: new ultra high speed SDR25 SDHC card at address 0007
[9.345144] mmcblk0: mmc0:0007 SD32G 29.3 GiBThis is okay for normal sd insert/remove test, but when I debug some
issues for sdmmc, I did unbind/bind test. And there is a interesting
phenomenon when we bind the driver again:
[58.314069] mmc0: new high speed SDHC card at address 0007
[58.320282] mmcblk0: mmc0:0007 SD32G 29.3 GiBSo the sd card could just support high speed without power cycle
since the vcc_sd is always on, which makes the sd card fail to
reinit its internal ocr mask.Signed-off-by: Shawn Lin
Signed-off-by: Heiko Stuebner
15 Oct, 2016
3 commits
-
Pull more misc uaccess and vfs updates from Al Viro:
"The rest of the stuff from -next (more uaccess work) + assorted fixes"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
score: traps: Add missing include file to fix build error
fs/super.c: don't fool lockdep in freeze_super() and thaw_super() paths
fs/super.c: fix race between freeze_super() and thaw_super()
overlayfs: Fix setting IOP_XATTR flag
iov_iter: kernel-doc import_iovec() and rw_copy_check_uvector()
blackfin: no access_ok() for __copy_{to,from}_user()
arm64: don't zero in __copy_from_user{,_inatomic}
arm: don't zero in __copy_from_user_inatomic()/__copy_from_user()
arc: don't leak bits of kernel stack into coredump
alpha: get rid of tail-zeroing in __copy_user() -
Pull libata updates from Tejun Heo:
- Write same support added
- Minor ahci MSIX irq handling updates
- Non-critical SCSI command translation fixes
- Controller specific changes* 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
ahci: qoriq: Revert "ahci: qoriq: Disable NCQ on ls2080a SoC"
libata: remove
libata: remove unused definitions from
pata_at91: Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR
ata: Replace BUG() with BUG_ON().
ata: sata_mv: Replacing dma_pool_alloc and memset with a single call dma_pool_zalloc.
libata: Some drives failing on SCT Write Same
ahci: use pci_alloc_irq_vectors
libata: SCT Write Same handle ATA_DFLAG_PIO
libata: SCT Write Same / DSM Trim
libata: Add support for SCT Write Same
libata: Safely overwrite attached page in WRITE SAME xlat
ahci: also use a per-port lock for the multi-MSIX case
ARM: dts: STiH407-family: Add ports-implemented property in sata nodes
ahci: st: Add ports-implemented property in support
ahci: qoriq: enable snoopable sata read and write
ahci: qoriq: adjust sata parameter
libata-scsi: fix MODE SELECT translation for Control mode page
libata-scsi: use u8 array to store mode page copy
13 Oct, 2016
1 commit
-
Pull thermal managament updates from Zhang Rui:
- Enhance thermal "userspace" governor to export the reason when a
thermal event is triggered and delivered to user space. From Srinivas
Pandruvada- Introduce a single TSENS thermal driver for the different versions of
the TSENS IP that exist, on different qcom msm/apq SoCs'. Support for
msm8916, msm8960, msm8974 and msm8996 families is also added. From
Rajendra Nayak- Introduce hardware-tracked trip points support to the device tree
thermal sensor framework. The framework supports an arbitrary number
of trip points. Whenever the current temperature is changed, the trip
points immediately below and above the current temperature are found,
driver callback is invoked to program the hardware to get notified
when either of the two trip points are triggered. Hardware-tracked
trip points support for rockchip thermal driver is also added at the
same time. From Sascha Hauer, Caesar Wang- Introduce a new thermal driver, which enables TMU (Thermal Monitor
Unit) on QorIQ platform. From Jia Hongtao- Introduce a new thermal driver for Maxim MAX77620. From Laxman
Dewangan- Introduce a new thermal driver for Intel platforms using WhiskeyCove
PMIC. From Bin Gao- Add mt2701 chip support to MTK thermal driver. From Dawei Chien
- Enhance Tegra thermal driver to enable soctherm node and set
"critical", "hot" trips, for Tegra124, Tegra132, Tegra210. From Wei
Ni- Add resume support for tango thermal driver. From Marc Gonzalez
- several small fixes and improvements for rockchip, qcom, imx, rcar,
mtk thermal drivers and thermal core code. From Caesar Wang, Keerthy,
Rocky Hao, Wei Yongjun, Peter Robinson, Bui Duc Phuc, Axel Lin, Hugh
Kang* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: (48 commits)
thermal: int3403: Process trip change notification
thermal: int340x: New Interface to read trip and notify
thermal: user_space gov: Add additional information in uevent
thermal: Enhance thermal_zone_device_update for events
arm64: tegra: set hot trips for Tegra210
arm64: tegra: set critical trips for Tegra210
arm64: tegra: add soctherm node for Tegra210
arm64: tegra: set hot trips for Tegra132
arm64: tegra: set critical trips for Tegra132
arm64: tegra: use tegra132-soctherm for Tegra132
arm: tegra: set hot trips for Tegra124
arm: tegra: set critical trips for Tegra124
thermal: tegra: add hw-throttle for Tegra132
thermal: tegra: add hw-throttle function
of: Add bindings of hw throttle for Tegra soctherm
thermal: mtk_thermal: Check return value of devm_thermal_zone_of_sensor_register
thermal: Add Mediatek thermal driver for mt2701.
dt-bindings: thermal: Add binding document for Mediatek thermal controller
thermal: max77620: Add thermal driver for reporting junction temp
thermal: max77620: Add DT binding doc for thermal driver
...
12 Oct, 2016
3 commits
-
Merge more updates from Andrew Morton:
- a few block updates that fell in my lap
- lib/ updates
- checkpatch
- autofs
- ipc
- a ton of misc other things
* emailed patches from Andrew Morton : (100 commits)
mm: split gfp_mask and mapping flags into separate fields
fs: use mapping_set_error instead of opencoded set_bit
treewide: remove redundant #include
hung_task: allow hung_task_panic when hung_task_warnings is 0
kthread: add kerneldoc for kthread_create()
kthread: better support freezable kthread workers
kthread: allow to modify delayed kthread work
kthread: allow to cancel kthread work
kthread: initial support for delayed kthread work
kthread: detect when a kthread work is used by more workers
kthread: add kthread_destroy_worker()
kthread: add kthread_create_worker*()
kthread: allow to call __kthread_create_on_node() with va_list args
kthread/smpboot: do not park in kthread_create_on_cpu()
kthread: kthread worker API cleanup
kthread: rename probe_kthread_data() to kthread_probe_data()
scripts/tags.sh: enable code completion in VIM
mm: kmemleak: avoid using __va() on addresses that don't have a lowmem mapping
kdump, vmcoreinfo: report memory sections virtual addresses
ipc/sem.c: add cond_resched in exit_sme
... -
Kernel source files need not include explicitly
because the top Makefile forces to include it with:-include $(srctree)/include/linux/kconfig.h
This commit removes explicit includes except the following:
* arch/s390/include/asm/facilities_src.h
* tools/testing/radix-tree/linux/kernel.hThese two are used for host programs.
Link: http://lkml.kernel.org/r/1473656164-11929-1-git-send-email-yamada.masahiro@socionext.com
Signed-off-by: Masahiro Yamada
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Currently, all callers to randomize_range() set the length to 0 and
calculate end by adding a constant to the start address. We can simplify
the API to remove a bunch of needless checks and variables.Use the new randomize_addr(start, range) call to set the requested
address.Link: http://lkml.kernel.org/r/20160803233913.32511-5-jason@lakedaemon.net
Signed-off-by: Jason Cooper
Acked-by: Will Deacon
Acked-by: Kees Cook
Cc: "Russell King - ARM Linux"
Cc: Catalin Marinas
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
