23 May, 2017
6 commits
-
To enable smp_processor_id() and might_sleep() debug checks earlier, it's
required to add system states between SYSTEM_BOOTING and SYSTEM_RUNNING.Adjust the system_state check in smp_generic_cpu_bootable() to handle the
extra states.Signed-off-by: Thomas Gleixner
Signed-off-by: Peter Zijlstra (Intel)
Acked-by: Michael Ellerman
Cc: Benjamin Herrenschmidt
Cc: Greg Kroah-Hartman
Cc: Linus Torvalds
Cc: Mark Rutland
Cc: Paul Mackerras
Cc: Peter Zijlstra
Cc: Steven Rostedt
Cc: linuxppc-dev@lists.ozlabs.org
Link: http://lkml.kernel.org/r/20170516184735.359536998@linutronix.de
Signed-off-by: Ingo Molnar -
To enable smp_processor_id() and might_sleep() debug checks earlier, it's
required to add system states between SYSTEM_BOOTING and SYSTEM_RUNNING.Adjust the system_state check in stop_this_cpu() to handle the extra states.
Signed-off-by: Thomas Gleixner
Signed-off-by: Peter Zijlstra (Intel)
Cc: Greg Kroah-Hartman
Cc: James Hogan
Cc: Linus Torvalds
Cc: Mark Rutland
Cc: Peter Zijlstra
Cc: Steven Rostedt
Link: http://lkml.kernel.org/r/20170516184735.283420315@linutronix.de
Signed-off-by: Ingo Molnar -
To enable smp_processor_id() and might_sleep() debug checks earlier, it's
required to add system states between SYSTEM_BOOTING and SYSTEM_RUNNING.Adjust the system_state check in announce_cpu() to handle the extra states.
Signed-off-by: Thomas Gleixner
Signed-off-by: Peter Zijlstra (Intel)
Reviewed-by: Steven Rostedt (VMware)
Cc: Greg Kroah-Hartman
Cc: Linus Torvalds
Cc: Mark Rutland
Cc: Peter Zijlstra
Link: http://lkml.kernel.org/r/20170516184735.191715856@linutronix.de
Signed-off-by: Ingo Molnar -
To enable smp_processor_id() and might_sleep() debug checks earlier, it's
required to add system states between SYSTEM_BOOTING and SYSTEM_RUNNING.Adjust the system_state check in smp_send_stop() to handle the extra states.
Tested-by: Mark Rutland
Signed-off-by: Thomas Gleixner
Signed-off-by: Peter Zijlstra (Intel)
Acked-by: Mark Rutland
Acked-by: Catalin Marinas
Cc: Greg Kroah-Hartman
Cc: Linus Torvalds
Cc: Peter Zijlstra
Cc: Steven Rostedt
Cc: Will Deacon
Link: http://lkml.kernel.org/r/20170516184735.112589728@linutronix.de
Signed-off-by: Ingo Molnar -
To enable smp_processor_id() and might_sleep() debug checks earlier, it's
required to add system states between SYSTEM_BOOTING and SYSTEM_RUNNING.Adjust the system_state check in ipi_cpu_stop() to handle the extra states.
Signed-off-by: Thomas Gleixner
Signed-off-by: Peter Zijlstra (Intel)
Cc: Greg Kroah-Hartman
Cc: Linus Torvalds
Cc: Mark Rutland
Cc: Peter Zijlstra
Cc: Russell King
Cc: Steven Rostedt
Cc: linux-arm-kernel@lists.infradead.org
Link: http://lkml.kernel.org/r/20170516184735.020718977@linutronix.de
Signed-off-by: Ingo Molnar -
Signed-off-by: Ingo Molnar
22 May, 2017
5 commits
-
The code to fetch a 64-bit value from user space was entirely buggered,
and has been since the code was merged in early 2016 in commit
b2f680380ddf ("x86/mm/32: Add support for 64-bit __get_user() on 32-bit
kernels").Happily the buggered routine is almost certainly entirely unused, since
the normal way to access user space memory is just with the non-inlined
"get_user()", and the inlined version didn't even historically exist.The normal "get_user()" case is handled by external hand-written asm in
arch/x86/lib/getuser.S that doesn't have either of these issues.There were two independent bugs in __get_user_asm_u64():
- it still did the STAC/CLAC user space access marking, even though
that is now done by the wrapper macros, see commit 11f1a4b9755f
("x86: reorganize SMAP handling in user space accesses").This didn't result in a semantic error, it just means that the
inlined optimized version was hugely less efficient than the
allegedly slower standard version, since the CLAC/STAC overhead is
quite high on modern Intel CPU's.- the double register %eax/%edx was marked as an output, but the %eax
part of it was touched early in the asm, and could thus clobber other
inputs to the asm that gcc didn't expect it to touch.In particular, that meant that the generated code could look like
this:mov (%eax),%eax
mov 0x4(%eax),%edxwhere the load of %edx obviously was _supposed_ to be from the 32-bit
word that followed the source of %eax, but because %eax was
overwritten by the first instruction, the source of %edx was
basically random garbage.The fixes are trivial: remove the extraneous STAC/CLAC entries, and mark
the 64-bit output as early-clobber to let gcc know that no inputs should
alias with the output register.Cc: Al Viro
Cc: Benjamin LaHaise
Cc: Ingo Molnar
Cc: stable@kernel.org # v4.8+
Signed-off-by: Linus Torvalds -
Al noticed that unsafe_put_user() had type problems, and fixed them in
commit a7cc722fff0b ("fix unsafe_put_user()"), which made me look more
at those functions.It turns out that unsafe_get_user() had a type issue too: it limited the
largest size of the type it could handle to "unsigned long". Which is
fine with the current users, but doesn't match our existing normal
get_user() semantics, which can also handle "u64" even when that does
not fit in a long.While at it, also clean up the type cast in unsafe_put_user(). We
actually want to just make it an assignment to the expected type of the
pointer, because we actually do want warnings from types that don't
convert silently. And it makes the code more readable by not having
that one very long and complex line.[ This patch might become stable material if we ever end up back-porting
any new users of the unsafe uaccess code, but as things stand now this
doesn't matter for any current existing uses. ]Cc: Al Viro
Signed-off-by: Linus Torvalds -
Pull misc uaccess fixes from Al Viro:
"Fix for unsafe_put_user() (no callers currently in mainline, but
anyone starting to use it will step into that) + alpha osf_wait4()
infoleak fix"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
osf_wait4(): fix infoleak
fix unsafe_put_user() -
failing sys_wait4() won't fill struct rusage...
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro -
__put_user_size() relies upon its first argument having the same type as what
the second one points to; the only other user makes sure of that and
unsafe_put_user() should do the same.Signed-off-by: Al Viro
20 May, 2017
10 commits
-
Pull KVM fixes from Radim Krčmář:
"ARM:
- a fix for a build failure introduced in -rc1 when tracepoints are
enabled on 32-bit ARM.- disable use of stack pointer protection in the hyp code which can
cause panics.- a handful of VGIC fixes.
- a fix to the init of the redistributors on GICv3 systems that
prevented boot with kvmtool on GICv3 systems introduced in -rc1.- a number of race conditions fixed in our MMU handling code.
- a fix for the guest being able to program the debug extensions for
the host on the 32-bit side.PPC:
- fixes for build failures with PR KVM configurations.- a fix for a host crash that can occur on POWER9 with radix guests.
x86:
- fixes for nested PML and nested EPT.- a fix for crashes caused by reserved bits in SSE MXCSR that could
have been set by userspace.- an optimization of halt polling that fixes high CPU overhead.
- fixes for four reports from Dan Carpenter's static checker.
- a protection around code that shouldn't have been preemptible.
- a fix for port IO emulation"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (27 commits)
KVM: x86: prevent uninitialized variable warning in check_svme()
KVM: x86/vPMU: fix undefined shift in intel_pmu_refresh()
KVM: x86: zero base3 of unusable segments
KVM: X86: Fix read out-of-bounds vulnerability in kvm pio emulation
KVM: x86: Fix potential preemption when get the current kvmclock timestamp
KVM: Silence underflow warning in avic_get_physical_id_entry()
KVM: arm/arm64: Hold slots_lock when unregistering kvm io bus devices
KVM: arm/arm64: Fix bug when registering redist iodevs
KVM: x86: lower default for halt_poll_ns
kvm: arm/arm64: Fix use after free of stage2 page table
kvm: arm/arm64: Force reading uncached stage2 PGD
KVM: nVMX: fix EPT permissions as reported in exit qualification
KVM: VMX: Don't enable EPT A/D feature if EPT feature is disabled
KVM: x86: Fix load damaged SSEx MXCSR register
kvm: nVMX: off by one in vmx_write_pml_buffer()
KVM: arm: rename pm_fake handler to trap_raz_wi
KVM: arm: plug potential guest hardware debug leakage
kvm: arm/arm64: Fix race in resetting stage2 PGD
KVM: arm/arm64: vgic-v3: Use PREbits to infer the number of ICH_APxRn_EL2 registers
KVM: arm/arm64: vgic-v3: Do not use Active+Pending state for a HW interrupt
... -
Pull xen fixes from Juergen Gross:
"Some fixes for the new Xen 9pfs frontend and some minor cleanups"* tag 'for-linus-4.12b-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen: make xen_flush_tlb_all() static
xen: cleanup pvh leftovers from pv-only sources
xen/9pfs: p9_trans_xen_init and p9_trans_xen_exit can be static
xen/9pfs: fix return value check in xen_9pfs_front_probe() -
Pull ARM SoC fixes from Olof Johansson:
"We had a small batch of fixes before -rc1, but here is a larger one.
It contains a backmerge of 4.12-rc1 since some of the downstream
branches we merge had that as base; at the same time we already had
merged contents before -rc1 and rebase wasn't the right solution.A mix of random smaller fixes and a few things worth pointing out:
- We've started telling people to avoid cross-tree shared branches if
all they're doing is picking up one or two DT-used constants from a
shared include file, and instead to use the numeric values on first
submission. Follow-up moving over to symbolic names are sent in
right after -rc1, i.e. here. It's only a few minor patches of this
type.- Linus Walleij and others are resurrecting the 'Gemini' platform,
and wanted a cut-down platform-specific defconfig for it. So I
picked that up for them.- Rob Herring ran 'savedefconfig' on arm64, it's a bit churny but it
helps people to prepare patches since it's a pain when defconfig
and current savedefconfig contents differs too much.- Devicetree additions for some pinctrl drivers for Armada that were
merged this window. I'd have preferred to see those earlier but
it's not a huge deail.The biggest change worth pointing out though since it's touching other
parts of the tree: We added prefixes to be used when cross-including
DT contents between arm64 and arm, allowing someone to #include
from arm64, and likewise. As part of that, we needed
arm/foo.dtsi to work on arm as well. The way I suggested this to Heiko
resulted in a recursive symlink.Instead, I've now moved it out of arch/*/boot/dts/include, into a
shared location under scripts/dtc. While I was at it, I consolidated
so all architectures now behave the same way in this manner.Rob Herring (DT maintainer) has acked it. I cc:d most other arch
maintainers but nobody seems to care much; it doesn't really affect
them since functionality is unchanged for them by default"* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (29 commits)
arm64: dts: rockchip: fix include reference
firmware: ti_sci: fix strncat length check
ARM: remove duplicate 'const' annotations'
arm64: defconfig: enable options needed for QCom DB410c board
arm64: defconfig: sync with savedefconfig
ARM: configs: add a gemini defconfig
devicetree: Move include prefixes from arch to separate directory
ARM: dts: dra7: Reduce cpu thermal shutdown temperature
memory: omap-gpmc: Fix debug output for access width
ARM: dts: LogicPD Torpedo: Fix camera pin mux
ARM: dts: omap4: enable CEC pin for Pandaboard A4 and ES
ARM: dts: gta04: fix polarity of clocks for mcbsp4
ARM: dts: dra7: Add power hold and power controller properties to palmas
soc: imx: add PM dependency for IMX7_PM_DOMAINS
ARM: dts: imx6sx-sdb: Remove OPP override
ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pin
soc: bcm: brcmstb: Correctly match 7435 SoC
tee: add ARM_SMCCC dependency
ARM: omap2+: make omap4_get_cpu1_ns_pa_addr declaration usable
ARM64: dts: mediatek: configure some fixed mmc parameters
... -
Pull arm64 fixes/cleanups from Catalin Marinas:
- Avoid taking a mutex in the secondary CPU bring-up path when
interrupts are disabled- Ignore perf exclude_hv when the kernel is running in Hyp mode
- Remove redundant instruction in cmpxchg
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64/cpufeature: don't use mutex in bringup path
arm64: perf: Ignore exclude_hv when kernel is running in HYP
arm64: Remove redundant mov from LL/SC cmpxchg -
Pull powerpc fixes from Michael Ellerman:
"The headliner is a fix for FP/VMX register corruption when using
transactional memory, and a new selftest to go with it.Then there's the virt_addr_valid() fix, currently HARDENDED_USERCOPY
is tripping on that causing some machines to crash.A few other fairly minor fixes for long tail things, and a couple of
fixes for code we just merged.Thanks to: Breno Leitao, Gautham Shenoy, Michael Neuling, Naveen Rao.
Nicholas Piggin, Paul Mackerras"* tag 'powerpc-4.12-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/mm: Fix virt_addr_valid() etc. on 64-bit hash
powerpc/mm: Fix crash in page table dump with huge pages
powerpc/kprobes: Fix handling of instruction emulation on probe re-entry
powerpc/powernv: Set NAPSTATELOST after recovering paca on P9 DD1
selftests/powerpc: Test TM and VMX register state
powerpc/tm: Fix FP and VMX register corruption
powerpc/modules: If mprofile-kernel is enabled add it to vermagic -
get_msr() of MSR_EFER is currently always going to succeed, but static
checker doesn't see that far.Don't complicate stuff and just use 0 for the fallback -- it means that
the feature is not present.Reported-by: Dan Carpenter
Reviewed-by: Paolo Bonzini
Reviewed-by: David Hildenbrand
Signed-off-by: Radim Krčmář -
Static analysis noticed that pmu->nr_arch_gp_counters can be 32
(INTEL_PMC_MAX_GENERIC) and therefore cannot be used to shift 'int'.I didn't add BUILD_BUG_ON for it as we have a better checker.
Reported-by: Dan Carpenter
Fixes: 25462f7f5295 ("KVM: x86/vPMU: Define kvm_pmu_ops to support vPMU function dispatch")
Reviewed-by: Paolo Bonzini
Reviewed-by: David Hildenbrand
Signed-off-by: Radim Krčmář -
Static checker noticed that base3 could be used uninitialized if the
segment was not present (useable). Random stack values probably would
not pass VMCS entry checks.Reported-by: Dan Carpenter
Fixes: 1aa366163b8b ("KVM: x86 emulator: consolidate segment accessors")
Reviewed-by: Paolo Bonzini
Reviewed-by: David Hildenbrand
Signed-off-by: Radim Krčmář -
Huawei folks reported a read out-of-bounds vulnerability in kvm pio emulation.
- "inb" instruction to access PIT Mod/Command register (ioport 0x43, write only,
a read should be ignored) in guest can get a random number.
- "rep insb" instruction to access PIT register port 0x43 can control memcpy()
in emulator_pio_in_emulated() to copy max 0x400 bytes but only read 1 bytes,
which will disclose the unimportant kernel memory in host but no crash.The similar test program below can reproduce the read out-of-bounds vulnerability:
void hexdump(void *mem, unsigned int len)
{
unsigned int i, j;for(i = 0; i < len + ((len % HEXDUMP_COLS) ? (HEXDUMP_COLS - len % HEXDUMP_COLS) : 0); i++)
{
/* print offset */
if(i % HEXDUMP_COLS == 0)
{
printf("0x%06x: ", i);
}/* print hex data */
if(i < len)
{
printf("%02x ", 0xFF & ((char*)mem)[i]);
}
else /* end of block, just aligning for ASCII dump */
{
printf(" ");
}/* print ASCII dump */
if(i % HEXDUMP_COLS == (HEXDUMP_COLS - 1))
{
for(j = i - (HEXDUMP_COLS - 1); j = len) /* end of block, not really printing */
{
putchar(' ');
}
else if(isprint(((char*)mem)[j])) /* printable char */
{
putchar(0xFF & ((char*)mem)[j]);
}
else /* other char */
{
putchar('.');
}
}
putchar('\n');
}
}
}int main(void)
{
int i;
if (iopl(3))
{
err(1, "set iopl unsuccessfully\n");
return -1;
}
static char buf[0x40];/* test ioport 0x40,0x41,0x42,0x43,0x44,0x45 */
memset(buf, 0xab, sizeof(buf));
asm volatile("push %rdi;");
asm volatile("mov %0, %%rdi;"::"q"(buf));asm volatile ("mov $0x40, %rdx;");
asm volatile ("in %dx,%al;");
asm volatile ("stosb;");asm volatile ("mov $0x41, %rdx;");
asm volatile ("in %dx,%al;");
asm volatile ("stosb;");asm volatile ("mov $0x42, %rdx;");
asm volatile ("in %dx,%al;");
asm volatile ("stosb;");asm volatile ("mov $0x43, %rdx;");
asm volatile ("in %dx,%al;");
asm volatile ("stosb;");asm volatile ("mov $0x44, %rdx;");
asm volatile ("in %dx,%al;");
asm volatile ("stosb;");asm volatile ("mov $0x45, %rdx;");
asm volatile ("in %dx,%al;");
asm volatile ("stosb;");asm volatile ("pop %rdi;");
hexdump(buf, 0x40);printf("\n");
/* ins port 0x40 */
memset(buf, 0xab, sizeof(buf));
asm volatile("push %rdi;");
asm volatile("mov %0, %%rdi;"::"q"(buf));asm volatile ("mov $0x20, %rcx;");
asm volatile ("mov $0x40, %rdx;");
asm volatile ("rep insb;");asm volatile ("pop %rdi;");
hexdump(buf, 0x40);printf("\n");
/* ins port 0x43 */
memset(buf, 0xab, sizeof(buf));
asm volatile("push %rdi;");
asm volatile("mov %0, %%rdi;"::"q"(buf));asm volatile ("mov $0x20, %rcx;");
asm volatile ("mov $0x43, %rdx;");
asm volatile ("rep insb;");asm volatile ("pop %rdi;");
hexdump(buf, 0x40);printf("\n");
return 0;
}The vcpu->arch.pio_data buffer is used by both in/out instrutions emulation
w/o clear after using which results in some random datas are left over in
the buffer. Guest reads port 0x43 will be ignored since it is write only,
however, the function kernel_pio() can't distigush this ignore from successfully
reads data from device's ioport. There is no new data fill the buffer from
port 0x43, however, emulator_pio_in_emulated() will copy the stale data in
the buffer to the guest unconditionally. This patch fixes it by clearing the
buffer before in instruction emulation to avoid to grant guest the stale data
in the buffer.In addition, string I/O is not supported for in kernel device. So there is no
iteration to read ioport %RCX times for string I/O. The function kernel_pio()
just reads one round, and then copy the io size * %RCX to the guest unconditionally,
actually it copies the one round ioport data w/ other random datas which are left
over in the vcpu->arch.pio_data buffer to the guest. This patch fixes it by
introducing the string I/O support for in kernel device in order to grant the right
ioport datas to the guest.Before the patch:
0x000000: fe 38 93 93 ff ff ab ab .8......
0x000008: ab ab ab ab ab ab ab ab ........
0x000010: ab ab ab ab ab ab ab ab ........
0x000018: ab ab ab ab ab ab ab ab ........
0x000020: ab ab ab ab ab ab ab ab ........
0x000028: ab ab ab ab ab ab ab ab ........
0x000030: ab ab ab ab ab ab ab ab ........
0x000038: ab ab ab ab ab ab ab ab ........0x000000: f6 00 00 00 00 00 00 00 ........
0x000008: 00 00 00 00 00 00 00 00 ........
0x000010: 00 00 00 00 4d 51 30 30 ....MQ00
0x000018: 30 30 20 33 20 20 20 20 00 3
0x000020: ab ab ab ab ab ab ab ab ........
0x000028: ab ab ab ab ab ab ab ab ........
0x000030: ab ab ab ab ab ab ab ab ........
0x000038: ab ab ab ab ab ab ab ab ........0x000000: f6 00 00 00 00 00 00 00 ........
0x000008: 00 00 00 00 00 00 00 00 ........
0x000010: 00 00 00 00 4d 51 30 30 ....MQ00
0x000018: 30 30 20 33 20 20 20 20 00 3
0x000020: ab ab ab ab ab ab ab ab ........
0x000028: ab ab ab ab ab ab ab ab ........
0x000030: ab ab ab ab ab ab ab ab ........
0x000038: ab ab ab ab ab ab ab ab ........After the patch:
0x000000: 1e 02 f8 00 ff ff ab ab ........
0x000008: ab ab ab ab ab ab ab ab ........
0x000010: ab ab ab ab ab ab ab ab ........
0x000018: ab ab ab ab ab ab ab ab ........
0x000020: ab ab ab ab ab ab ab ab ........
0x000028: ab ab ab ab ab ab ab ab ........
0x000030: ab ab ab ab ab ab ab ab ........
0x000038: ab ab ab ab ab ab ab ab ........0x000000: d2 e2 d2 df d2 db d2 d7 ........
0x000008: d2 d3 d2 cf d2 cb d2 c7 ........
0x000010: d2 c4 d2 c0 d2 bc d2 b8 ........
0x000018: d2 b4 d2 b0 d2 ac d2 a8 ........
0x000020: ab ab ab ab ab ab ab ab ........
0x000028: ab ab ab ab ab ab ab ab ........
0x000030: ab ab ab ab ab ab ab ab ........
0x000038: ab ab ab ab ab ab ab ab ........0x000000: 00 00 00 00 00 00 00 00 ........
0x000008: 00 00 00 00 00 00 00 00 ........
0x000010: 00 00 00 00 00 00 00 00 ........
0x000018: 00 00 00 00 00 00 00 00 ........
0x000020: ab ab ab ab ab ab ab ab ........
0x000028: ab ab ab ab ab ab ab ab ........
0x000030: ab ab ab ab ab ab ab ab ........
0x000038: ab ab ab ab ab ab ab ab ........Reported-by: Moguofang
Cc: Paolo Bonzini
Cc: Radim Krčmář
Cc: Moguofang
Signed-off-by: Wanpeng Li
Cc: stable@vger.kernel.org
Signed-off-by: Radim Krčmář -
BUG: using __this_cpu_read() in preemptible [00000000] code: qemu-system-x86/2809
caller is __this_cpu_preempt_check+0x13/0x20
CPU: 2 PID: 2809 Comm: qemu-system-x86 Not tainted 4.11.0+ #13
Call Trace:
dump_stack+0x99/0xce
check_preemption_disabled+0xf5/0x100
__this_cpu_preempt_check+0x13/0x20
get_kvmclock_ns+0x6f/0x110 [kvm]
get_time_ref_counter+0x5d/0x80 [kvm]
kvm_hv_process_stimers+0x2a1/0x8a0 [kvm]
? kvm_hv_process_stimers+0x2a1/0x8a0 [kvm]
? kvm_arch_vcpu_ioctl_run+0xac9/0x1ce0 [kvm]
kvm_arch_vcpu_ioctl_run+0x5bf/0x1ce0 [kvm]
kvm_vcpu_ioctl+0x384/0x7b0 [kvm]
? kvm_vcpu_ioctl+0x384/0x7b0 [kvm]
? __fget+0xf3/0x210
do_vfs_ioctl+0xa4/0x700
? __fget+0x114/0x210
SyS_ioctl+0x79/0x90
entry_SYSCALL_64_fastpath+0x23/0xc2
RIP: 0033:0x7f9d164ed357
? __this_cpu_preempt_check+0x13/0x20This can be reproduced by run kvm-unit-tests/hyperv_stimer.flat w/
CONFIG_PREEMPT and CONFIG_DEBUG_PREEMPT enabled.Safe access to per-CPU data requires a couple of constraints, though: the
thread working with the data cannot be preempted and it cannot be migrated
while it manipulates per-CPU variables. If the thread is preempted, the
thread that replaces it could try to work with the same variables; migration
to another CPU could also cause confusion. However there is no preemption
disable when reads host per-CPU tsc rate to calculate the current kvmclock
timestamp.This patch fixes it by utilizing get_cpu/put_cpu pair to guarantee both
__this_cpu_read() and rdtsc() are not preempted.Cc: Paolo Bonzini
Cc: Radim Krčmář
Signed-off-by: Wanpeng Li
Reviewed-by: Paolo Bonzini
Cc: stable@vger.kernel.org
Signed-off-by: Radim Krčmář
19 May, 2017
13 commits
-
The way we handle include paths for DT has changed a bit, which
broke a file that had an unconventional way to reference a common
header file:arch/arm64/boot/dts/rockchip/rk3399-gru-kevin.dts:47:10: fatal error: include/dt-bindings/input/linux-event-codes.h: No such file or directory
This removes the leading "include/" from the path name, which fixes it.
Fixes: d5d332d3f7e8 ("devicetree: Move include prefixes from arch to separate directory")
Signed-off-by: Arnd Bergmann -
gcc-7 warns about some declarations that are more 'const' than necessary:
arch/arm/mach-at91/pm.c:338:34: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier]
static const struct of_device_id const ramc_ids[] __initconst = {
arch/arm/mach-bcm/bcm_kona_smc.c:36:34: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier]
static const struct of_device_id const bcm_kona_smc_ids[] __initconst = {
arch/arm/mach-spear/time.c:207:34: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier]
static const struct of_device_id const timer_of_match[] __initconst = {
arch/arm/mach-omap2/prm_common.c:714:34: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier]
static const struct of_device_id const omap_prcm_dt_match_table[] __initconst = {
arch/arm/mach-omap2/vc.c:562:35: error: duplicate 'const' declaration specifier [-Werror=duplicate-decl-specifier]
static const struct i2c_init_data const omap4_i2c_timing_data[] __initconst = {The ones in arch/arm were apparently all introduced accidentally by one
commit that correctly marked a lot of variables as __initconst.Fixes: 19c233b79d1a ("ARM: appropriate __init annotation for const data")
Acked-by: Alexandre Belloni
Acked-by: Tony Lindgren
Acked-by: Nicolas Pitre
Acked-by: Florian Fainelli
Acked-by: Viresh Kumar
Acked-by: Krzysztof Hałasa
Signed-off-by: Arnd Bergmann -
…/kernel/git/tmlind/linux-omap into fixes
Fixes for omaps for v4.12-rc cycle most consisting of few minor dts fixes
for various devices. Also included is a memory controller (GPMC) debug output
fix as without that the shown bootloader configured GPMC bus width will
be wrong and won't work for kernel timings:- Add dra7 powerhold configuration to be able to shut down pmic correctly
- Fix polarity for gta04 mcbsp4 clocks for modem
- Fix Pandaboard CEC pin pull making it usable
- Fix LogicPD Torpedo camera pin mux
- Fix GPMC debug bus width
- Reduce cpu thermal shutdown temperature* tag 'omap-for-v4.12/fixes-v2-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: dts: dra7: Reduce cpu thermal shutdown temperature
memory: omap-gpmc: Fix debug output for access width
ARM: dts: LogicPD Torpedo: Fix camera pin mux
ARM: dts: omap4: enable CEC pin for Pandaboard A4 and ES
ARM: dts: gta04: fix polarity of clocks for mcbsp4
ARM: dts: dra7: Add power hold and power controller properties to palmasSigned-off-by: Olof Johansson <olof@lixom.net>
-
…nguo/linux into fixes
i.MX fixes for 4.12:
- A fix on GPCv2 power domain driver Kconfig which causes a build
failure when CONFIG_PM is not set.
- Pull down PMIC IRQ pin for imx53-qsrb board to prevent spurious
PMIC interrupts from happening.
- Remove board level OPP override for imx6sx-sdb to fix a boot crash
seen on Rev.C boards.* tag 'imx-fixes-4.12' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
soc: imx: add PM dependency for IMX7_PM_DOMAINS
ARM: dts: imx6sx-sdb: Remove OPP override
ARM: dts: imx53-qsrb: Pulldown PMIC IRQ pinSigned-off-by: Olof Johansson <olof@lixom.net>
-
Enable Qualcomm drivers needed to boot Dragonboard 410c with HDMI. This
enables support for clocks, regulators, and USB PHY.Cc: Bjorn Andersson
Cc: John Stultz
Signed-off-by: Rob Herring
[Olof: Turned off _RPM configs per follow-up email]
Signed-off-by: Olof Johansson -
Sync the defconfig with savedefconfig as config options change/move over
time.Generated with the following commands:
make defconfig
make savedefconfig
cp defconfig arch/arm64/configs/defconfigSigned-off-by: Rob Herring
Signed-off-by: Olof Johansson -
It makes sense to have a stripped-down defconfig for just Gemini, as
it is a pretty small platform used in NAS etc, and will use appended
device tree. It is also quick to compile and test. Hopefully this
defconfig can be a good base for distributions such as OpenWRT.I plan to add in the config options needed for the different
variants of Gemini as we go along.Cc: Janos Laube
Cc: Paulius Zaleckas
Cc: Hans Ulli Kroll
Cc: Florian Fainelli
Signed-off-by: Linus Walleij
Signed-off-by: Olof Johansson -
This pull request contains Broadcom ARM-based SoC Device Tree fixes for
4.12, please pull the following:- Baruch provides several fixes for the Raspberry Pi (BCM2835) Device
Tree source include file: uart0 pinctrl node names, pin number for
i2c0, uart0 rts/cts pins and invalid uart1 pin, missing numbers for
ethernet aliases* tag 'arm-soc/for-4.12/devicetree-fixes' of http://github.com/Broadcom/stblinux:
ARM: dts: bcm2835: add index to the ethernet alias
ARM: dts: bcm2835: fix uart0/uart1 pins
ARM: dts: bcm2835: fix i2c0 pins
ARM: dts: bcm2835: fix uart0 pinctrl node namesSigned-off-by: Olof Johansson
-
We use a directory under arch/$ARCH/boot/dts as an include path
that has links outside of the subtree to find dt-bindings from under
include/dt-bindings. That's been working well, but new DT architectures
haven't been adding them by default.Recently there's been a desire to share some of the DT material between
arm and arm64, which originally caused developers to create symlinks or
relative includes between the subtrees. This isn't ideal -- it breaks
if the DT files aren't stored in the exact same hierarchy as the kernel
tree, and generally it's just icky.As a somewhat cleaner solution we decided to add a $ARCH/ prefix link
once, and allow DTS files to reference dtsi (and dts) files in other
architectures that way.Original approach was to create these links under each architecture,
but it lead to the problem of recursive symlinks.As a remedy, move the include link directories out of the architecture
trees into a common location. At the same time, they can now share one
directory and one dt-bindings/ link as well.Fixes: 4027494ae6e3 ('ARM: dts: add arm/arm64 include symlinks')
Reported-by: Russell King
Reported-by: Omar Sandoval
Reviewed-by: Heiko Stuebner
Reviewed-by: Masahiro Yamada
Tested-by: Heiko Stuebner
Acked-by: Rob Herring
Cc: Heiko Stuebner
Cc: Mark Rutland
Cc: Russell King
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Mikael Starvik
Cc: Jesper Nilsson
Cc: James Hogan
Cc: Ralf Baechle
Cc: Benjamin Herrenschmidt
Cc: Paul Mackerras
Cc: Michael Ellerman
Cc: Frank Rowand
Cc: linux-arch
Signed-off-by: Olof Johansson -
We've received a few fixes branches with -rc1 as base, but our contents was
still at pre-rc1. Merge it in expliticly to make 'git merge --log' clear on
hat was actually merged.Signed-off-by: Olof Johansson
-
xen_flush_tlb_all() is used in arch/x86/xen/mmu.c only. Make it static.
Signed-off-by: Juergen Gross
Reviewed-by: Boris Ostrovsky
Signed-off-by: Juergen Gross -
There are some leftovers testing for pvh guest mode in pv-only source
files. Remove them.Signed-off-by: Juergen Gross
Reviewed-by: Boris Ostrovsky
Signed-off-by: Juergen Gross -
virt_addr_valid() is supposed to tell you if it's OK to call virt_to_page() on
an address. What this means in practice is that it should only return true for
addresses in the linear mapping which are backed by a valid PFN.We are failing to properly check that the address is in the linear mapping,
because virt_to_pfn() will return a valid looking PFN for more or less any
address. That bug is actually caused by __pa(), used in virt_to_pfn().eg: __pa(0xc000000000010000) = 0x10000 # Good
__pa(0xd000000000010000) = 0x10000 # Bad!
__pa(0x0000000000010000) = 0x10000 # Bad!This started happening after commit bdbc29c19b26 ("powerpc: Work around gcc
miscompilation of __pa() on 64-bit") (Aug 2013), where we changed the definition
of __pa() to work around a GCC bug. Prior to that we subtracted PAGE_OFFSET from
the value passed to __pa(), meaning __pa() of a 0xd or 0x0 address would give
you something bogus back.Until we can verify if that GCC bug is no longer an issue, or come up with
another solution, this commit does the minimal fix to make virt_addr_valid()
work, by explicitly checking that the address is in the linear mapping region.Fixes: bdbc29c19b26 ("powerpc: Work around gcc miscompilation of __pa() on 64-bit")
Signed-off-by: Michael Ellerman
Reviewed-by: Paul Mackerras
Reviewed-by: Balbir Singh
Tested-by: Breno Leitao
18 May, 2017
6 commits
-
Smatch complains that we check cap the upper bound of "index" but don't
check for negatives. It's a false positive because "index" is never
negative. But it's also simple enough to make it unsigned which makes
the code easier to audit.Signed-off-by: Dan Carpenter
Signed-off-by: Radim Krčmář -
KVM/ARM Fixes for v4.12-rc2.
Includes:
- A fix for a build failure introduced in -rc1 when tracepoints are
enabled on 32-bit ARM.
- Disabling use of stack pointer protection in the hyp code which can
cause panics.
- A handful of VGIC fixes.
- A fix to the init of the redistributors on GICv3 systems that
prevented boot with kvmtool on GICv3 systems introduced in -rc1.
- A number of race conditions fixed in our MMU handling code.
- A fix for the guest being able to program the debug extensions for
the host on the 32-bit side. -
The ftrace function_graph time measurements of a given function is not
accurate according to those recorded by ftrace using the function
filters. This change pulls the x86_64 fix from 'commit 722b3c746953
("ftrace/graph: Trace function entry before updating index")' into the
sparc specific prepare_ftrace_return which stops ftrace from
counting interrupted tasks in the time measurement.Example measurements for select_task_rq_fair running "hackbench 100
process 1000":| tracing/trace_stat/function0 | function_graph
Before patch | 2.802 us | 4.255 us
After patch | 2.749 us | 3.094 usSigned-off-by: Liam R. Howlett
Signed-off-by: David S. Miller -
Greetings,
GCC 7 introduced the -Wstringop-overflow flag to detect buffer overflows
in calls to string handling functions [1][2]. Due to the way
``empty_zero_page'' is declared in arch/sparc/include/setup.h, this
causes a warning to trigger at compile time in the function mem_init(),
which is subsequently converted to an error. The ensuing patch fixes
this issue and aligns the declaration of empty_zero_page to that of
other architectures. Thank you.Cheers,
Orlando.[1] https://gcc.gnu.org/ml/gcc-patches/2016-10/msg02308.html
[2] https://gcc.gnu.org/gcc-7/changes.htmlSigned-off-by: Orlando Arias
--------------------------------------------------------------------------------
Signed-off-by: David S. Miller -
An incorrect huge page alignment check caused
mmap failure for 64K pages when MAP_FIXED is used
with address not aligned to HPAGE_SIZE.Orabug: 25885991
Fixes: dcd1912d21a0 ("sparc64: Add 64K page size support")
Signed-off-by: Nitin Gupta
Signed-off-by: David S. Miller -
Currently, cpus_set_cap() calls static_branch_enable_cpuslocked(), which
must take the jump_label mutex.We call cpus_set_cap() in the secondary bringup path, from the idle
thread where interrupts are disabled. Taking a mutex in this path "is a
NONO" regardless of whether it's contended, and something we must avoid.
We didn't spot this until recently, as ___might_sleep() won't warn for
this case until all CPUs have been brought up.This patch avoids taking the mutex in the secondary bringup path. The
poking of static keys is deferred until enable_cpu_capabilities(), which
runs in a suitable context on the boot CPU. To account for the static
keys being set later, cpus_have_const_cap() is updated to use another
static key to check whether the const cap keys have been initialised,
falling back to the caps bitmap until this is the case.This means that users of cpus_have_const_cap() gain should only gain a
single additional NOP in the fast path once the const caps are
initialised, but should always see the current cap value.The hyp code should never dereference the caps array, since the caps are
initialized before we run the module initcall to initialise hyp. A check
is added to the hyp init code to document this requirement.This change will sidestep a number of issues when the upcoming hotplug
locking rework is merged.Signed-off-by: Mark Rutland
Reviewed-by: Marc Zyniger
Reviewed-by: Suzuki Poulose
Acked-by: Will Deacon
Cc: Christoffer Dall
Cc: Peter Zijlstra
Cc: Sebastian Sewior
Cc: Thomas Gleixner
Signed-off-by: Catalin Marinas
