09 Jan, 2015
20 commits
-
commit 7ff4d90b4c24a03666f296c3d4878cd39001e81e upstream.
Today there are 3 instances of setgroups and due to an oversight their
permission checking has diverged. Add a common function so that
they may all share the same permission checking code.This corrects the current oversight in the current permission checks
and adds a helper to avoid this in the future.A user namespace security fix will update this new helper, shortly.
Signed-off-by: "Eric W. Biederman"
Signed-off-by: Greg Kroah-Hartman -
commit 25cdb9c86826f8d035d8aaa07fc36832e76bd8a0 upstream.
I'm such a moron! The simple solution of saving the BSP patch
for use on resume was too simple (and wrong!), hint:
sizeof(struct microcode_intel).What needs to be done instead is to fish out the microcode patch
we have stashed previously and apply that on the BSP in case the
late loader hasn't been utilized.So do that instead.
Signed-off-by: Borislav Petkov
Cc: Linus Torvalds
Link: http://lkml.kernel.org/r/20141208110820.GB20057@pd.tnic
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit fbae4ba8c4a387e306adc9c710e5c225cece7678 upstream.
Normally, we do reapply microcode on resume. However, in the cases where
that microcode comes from the early loader and the late loader hasn't
been utilized yet, there's no easy way for us to go and apply the patch
applied during boot by the early loader.Thus, reuse the patch stashed by the early loader for the BSP.
Signed-off-by: Borislav Petkov
Signed-off-by: Greg Kroah-Hartman -
commit a18a0f6850d4b286a5ebf02cd5b22fe496b86349 upstream.
Paravirtual guests are not expected to load microcode into processors
and therefore it is not necessary to initialize microcode loading
logic.In fact, under certain circumstances initializing this logic may cause
the guest to crash. Specifically, 32-bit kernels use __pa_nodebug()
macro which does not work in Xen (the code path that leads to this macro
happens during resume when we call mc_bp_resume()->load_ucode_ap()
->check_loader_disabled_ap())Signed-off-by: Boris Ostrovsky
Link: http://lkml.kernel.org/r/1417469264-31470-1-git-send-email-boris.ostrovsky@oracle.com
Signed-off-by: Borislav Petkov
Signed-off-by: Greg Kroah-Hartman -
commit 47768626c6db42cd06ff077ba12dd2cb10ab818b upstream.
apply_microcode_early() doesn't use mc_saved_data, kill it.
Signed-off-by: Borislav Petkov
Signed-off-by: Greg Kroah-Hartman -
commit 2ef84b3bb97f03332f0c1edb4466b1750dcf97b5 upstream.
Hand down the cpu number instead, otherwise lockdep screams when doing
echo 1 > /sys/devices/system/cpu/microcode/reload.
BUG: using smp_processor_id() in preemptible [00000000] code: amd64-microcode/2470
caller is debug_smp_processor_id+0x12/0x20
CPU: 1 PID: 2470 Comm: amd64-microcode Not tainted 3.18.0-rc6+ #26
...Signed-off-by: Borislav Petkov
Link: http://lkml.kernel.org/r/1417428741-4501-1-git-send-email-bp@alien8.de
Signed-off-by: Thomas Gleixner
Signed-off-by: Greg Kroah-Hartman -
commit 3fb2f4237bb452eb4e98f6a5dbd5a445b4fed9d0 upstream.
It turns out that there's a lurking ABI issue. GCC, when
compiling this in a 32-bit program:struct user_desc desc = {
.entry_number = idx,
.base_addr = base,
.limit = 0xfffff,
.seg_32bit = 1,
.contents = 0, /* Data, grow-up */
.read_exec_only = 0,
.limit_in_pages = 1,
.seg_not_present = 0,
.useable = 0,
};will leave .lm uninitialized. This means that anything in the
kernel that reads user_desc.lm for 32-bit tasks is unreliable.Revert the .lm check in set_thread_area(). The value never did
anything in the first place.Fixes: 0e58af4e1d21 ("x86/tls: Disallow unusual TLS segments")
Signed-off-by: Andy Lutomirski
Acked-by: Thomas Gleixner
Cc: Linus Torvalds
Link: http://lkml.kernel.org/r/d7875b60e28c512f6a6fc0baf5714d58e7eaadbb.1418856405.git.luto@amacapital.net
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit 7ddc6a2199f1da405a2fb68c40db8899b1a8cd87 upstream.
These functions can be executed on the int3 stack, so kprobes
are dangerous. Tracing is probably a bad idea, too.Fixes: b645af2d5905 ("x86_64, traps: Rework bad_iret")
Signed-off-by: Andy Lutomirski
Cc: Linus Torvalds
Cc: Steven Rostedt
Link: http://lkml.kernel.org/r/50e33d26adca60816f3ba968875801652507d0c4.1416870125.git.luto@amacapital.net
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit ab1e85372168892387dd1ac171158fc8c3119be4 upstream.
Commit a095b1c78a35 ("ARM: mvebu: sort DT nodes by address")
missed placing the system-controller in the correct order.Fixes: a095b1c78a35 ("ARM: mvebu: sort DT nodes by address")
Signed-off-by: Uwe Kleine-König
Acked-by: Andrew Lunn
Link: https://lkml.kernel.org/r/20141114204333.GS27002@pengutronix.de
Signed-off-by: Jason Cooper
Signed-off-by: Greg Kroah-Hartman -
commit b4607572ef86b288a856b9df410ea593c5371dec upstream.
Back when audio was enabled, the muxing of some MPP pins was causing
problems. However, since commit fea038ed55ae ("ARM: mvebu: Add proper
pin muxing on the Armada 370 DB board"), those problematic MPP pins
have been assigned a proper muxing for the Ethernet interfaces. This
proper muxing is now conflicting with the hog pins muxing that had
been added as part of 249f3822509b ("ARM: mvebu: add audio support to
Armada 370 DB").Therefore, this commit simply removes the hog pins muxing, which
solves a warning a boot time due to the conflicting muxing
requirements.Fixes: fea038ed55ae ("ARM: mvebu: Add proper pin muxing on the Armada 370 DB board")
Cc: Ezequiel Garcia
Signed-off-by: Thomas Petazzoni
Acked-by: Andrew Lunn
Link: https://lkml.kernel.org/r/1414512524-24466-5-git-send-email-thomas.petazzoni@free-electrons.com
Signed-off-by: Jason Cooper
Signed-off-by: Greg Kroah-Hartman -
commit e55355453600a33bb5ca4f71f2d7214875f3b061 upstream.
Enabling the hardware I/O coherency on Armada 370, Armada 375, Armada
38x and Armada XP requires a certain number of conditions:- On Armada 370, the cache policy must be set to write-allocate.
- On Armada 375, 38x and XP, the cache policy must be set to
write-allocate, the pages must be mapped with the shareable
attribute, and the SMP bit must be setCurrently, on Armada XP, when CONFIG_SMP is enabled, those conditions
are met. However, when Armada XP is used in a !CONFIG_SMP kernel, none
of these conditions are met. With Armada 370, the situation is worse:
since the processor is single core, regardless of whether CONFIG_SMP
or !CONFIG_SMP is used, the cache policy will be set to write-back by
the kernel and not write-allocate.Since solving this problem turns out to be quite complicated, and we
don't want to let users with a mainline kernel known to have
infrequent but existing data corruptions, this commit proposes to
simply disable hardware I/O coherency in situations where it is known
not to work.And basically, the is_smp() function of the kernel tells us whether it
is OK to enable hardware I/O coherency or not, so this commit slightly
refactors the coherency_type() function to return
COHERENCY_FABRIC_TYPE_NONE when is_smp() is false, or the appropriate
type of the coherency fabric in the other case.Thanks to this, the I/O coherency fabric will no longer be used at all
in !CONFIG_SMP configurations. It will continue to be used in
CONFIG_SMP configurations on Armada XP, Armada 375 and Armada 38x
(which are multiple cores processors), but will no longer be used on
Armada 370 (which is a single core processor).In the process, it simplifies the implementation of the
coherency_type() function, and adds a missing call to of_node_put().Signed-off-by: Thomas Petazzoni
Fixes: e60304f8cb7bb545e79fe62d9b9762460c254ec2 ("arm: mvebu: Add hardware I/O Coherency support")
Acked-by: Gregory CLEMENT
Link: https://lkml.kernel.org/r/1415871540-20302-3-git-send-email-thomas.petazzoni@free-electrons.com
Signed-off-by: Jason Cooper
Signed-off-by: Greg Kroah-Hartman -
commit 30cdef97107370a7f63ab5d80fd2de30540750c8 upstream.
The ll_add_cpu_to_smp_group(), ll_enable_coherency() and
ll_disable_coherency() are used on Armada XP to control the coherency
fabric. However, they make the assumption that the coherency fabric is
always available, which is currently a correct assumption but will no
longer be true with a followup commit that disables the usage of the
coherency fabric when the conditions are not met to use it.Therefore, this commit modifies those functions so that they check the
return value of ll_get_coherency_base(), and if the return value is 0,
they simply return without configuring anything in the coherency
fabric.The ll_get_coherency_base() function is also modified to properly
return 0 when the function is called with the MMU disabled. In this
case, it normally returns the physical address of the coherency
fabric, but we now check if the virtual address is 0, and if that's
case, return a physical address of 0 to indicate that the coherency
fabric is not enabled.Signed-off-by: Thomas Petazzoni
Acked-by: Gregory CLEMENT
Link: https://lkml.kernel.org/r/1415871540-20302-2-git-send-email-thomas.petazzoni@free-electrons.com
Signed-off-by: Jason Cooper
Signed-off-by: Greg Kroah-Hartman -
commit e4a680099a6e97ecdbb81081cff9e4a489a4dc44 upstream.
Commit d127e9c ("ARM: tegra: make tegra_resume can work with current and later
chips") removed tegra_get_soc_id macro leaving used cpu register corrupted after
branching to v7_invalidate_l1() and as result causing execution of unintended
code on tegra20. Possibly it was expected that r6 would be SoC id func argument
since common cpu reset handler is setting r6 before branching to tegra_resume(),
but neither tegra20_lp1_reset() nor tegra30_lp1_reset() aren't setting r6
register before jumping to resume function. Fix it by re-adding macro.Fixes: d127e9c (ARM: tegra: make tegra_resume can work with current and later chips)
Reviewed-by: Felipe Balbi
Signed-off-by: Dmitry Osipenko
Signed-off-by: Thierry Reding
Signed-off-by: Greg Kroah-Hartman -
commit 51c9fbb1b146f3336a93d398c439b6fbfe5ab489 upstream.
Earlier implementation assumed last instruction is BPF_EXIT.
Since this is no longer a restriction in eBPF, we remove this
limitation.Per Alexei Starovoitov [1]:
> classic BPF has a restriction that last insn is always BPF_RET.
> eBPF doesn't have BPF_RET instruction and this restriction.
> It has BPF_EXIT insn which can appear anywhere in the program
> one or more times and it doesn't have to be last insn.[1] https://lkml.org/lkml/2014/11/27/2
Fixes: e54bcde3d69d ("arm64: eBPF JIT compiler")
Acked-by: Alexei Starovoitov
Signed-off-by: Zi Shen Lim
Signed-off-by: Will Deacon
Signed-off-by: Greg Kroah-Hartman -
commit 7d57511d2dba03a8046c8b428dd9192a4bfc1e73 upstream.
Commit a469abd0f868 (ARM: elf: add new hwcap for identifying atomic
ldrd/strd instructions) introduces HWCAP_ELF for 32-bit ARM
applications. As LPAE is always present on arm64, report the
corresponding compat HWCAP to user space.Signed-off-by: Catalin Marinas
Signed-off-by: Will Deacon
Signed-off-by: Greg Kroah-Hartman -
commit 0b46b8a718c6e90910a1b1b0fe797be3c167e186 upstream.
This is a bug fix for using physical arch timers when
the arch_timer_use_virtual boolean is false. It restores the
arch_counter_get_cntpct() function after removal in0d651e4e "clocksource: arch_timer: use virtual counters"
We need this on certain ARMv7 systems which are architected like this:
* The firmware doesn't know and doesn't care about hypervisor mode and
we don't want to add the complexity of hypervisor there.* The firmware isn't involved in SMP bringup or resume.
* The ARCH timer come up with an uninitialized offset between the
virtual and physical counters. Each core gets a different random
offset.* The device boots in "Secure SVC" mode.
* Nothing has touched the reset value of CNTHCTL.PL1PCEN or
CNTHCTL.PL1PCTEN (both default to 1 at reset)One example of such as system is RK3288 where it is much simpler to
use the physical counter since there's nobody managing the offset and
each time a core goes down and comes back up it will get reinitialized
to some other random value.Fixes: 0d651e4e65e9 ("clocksource: arch_timer: use virtual counters")
Signed-off-by: Sonny Rao
Acked-by: Catalin Marinas
Acked-by: Daniel Lezcano
Signed-off-by: Olof Johansson
Signed-off-by: Greg Kroah-Hartman -
commit 29fa6825463c97e5157284db80107d1bfac5d77b upstream.
paravirt_enabled has the following effects:
- Disables the F00F bug workaround warning. There is no F00F bug
workaround any more because Linux's standard IDT handling already
works around the F00F bug, but the warning still exists. This
is only cosmetic, and, in any event, there is no such thing as
KVM on a CPU with the F00F bug.- Disables 32-bit APM BIOS detection. On a KVM paravirt system,
there should be no APM BIOS anyway.- Disables tboot. I think that the tboot code should check the
CPUID hypervisor bit directly if it matters.- paravirt_enabled disables espfix32. espfix32 should *not* be
disabled under KVM paravirt.The last point is the purpose of this patch. It fixes a leak of the
high 16 bits of the kernel stack address on 32-bit KVM paravirt
guests. Fixes CVE-2014-8134.Suggested-by: Konrad Rzeszutek Wilk
Signed-off-by: Andy Lutomirski
Signed-off-by: Paolo Bonzini
Signed-off-by: Greg Kroah-Hartman -
commit f647d7c155f069c1a068030255c300663516420e upstream.
Otherwise, if buggy user code points DS or ES into the TLS
array, they would be corrupted after a context switch.This also significantly improves the comments and documents some
gotchas in the code.Before this patch, the both tests below failed. With this
patch, the es test passes, although the gsbase test still fails.----- begin es test -----
/*
* Copyright (c) 2014 Andy Lutomirski
* GPL v2
*/static unsigned short GDT3(int idx)
{
return (idx << 3) | 3;
}static int create_tls(int idx, unsigned int base)
{
struct user_desc desc = {
.entry_number = idx,
.base_addr = base,
.limit = 0xfffff,
.seg_32bit = 1,
.contents = 0, /* Data, grow-up */
.read_exec_only = 0,
.limit_in_pages = 1,
.seg_not_present = 0,
.useable = 0,
};if (syscall(SYS_set_thread_area, &desc) != 0)
err(1, "set_thread_area");return desc.entry_number;
}int main()
{
int idx = create_tls(-1, 0);
printf("Allocated GDT index %d\n", idx);unsigned short orig_es;
asm volatile ("mov %%es,%0" : "=rm" (orig_es));int errors = 0;
int total = 1000;
for (int i = 0; i < total; i++) {
asm volatile ("mov %0,%%es" : : "rm" (GDT3(idx)));
usleep(100);unsigned short es;
asm volatile ("mov %%es,%0" : "=rm" (es));
asm volatile ("mov %0,%%es" : : "rm" (orig_es));
if (es != GDT3(idx)) {
if (errors == 0)
printf("[FAIL]\tES changed from 0x%hx to 0x%hx\n",
GDT3(idx), es);
errors++;
}
}if (errors) {
printf("[FAIL]\tES was corrupted %d/%d times\n", errors, total);
return 1;
} else {
printf("[OK]\tES was preserved\n");
return 0;
}
}----- end es test -----
----- begin gsbase test -----
/*
* gsbase.c, a gsbase test
* Copyright (c) 2014 Andy Lutomirski
* GPL v2
*/static unsigned char *testptr, *testptr2;
static unsigned char read_gs_testvals(void)
{
unsigned char ret;
asm volatile ("movb %%gs:%1, %0" : "=r" (ret) : "m" (*testptr));
return ret;
}int main()
{
int errors = 0;testptr = mmap((void *)0x200000000UL, 1, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, -1, 0);
if (testptr == MAP_FAILED)
err(1, "mmap");testptr2 = mmap((void *)0x300000000UL, 1, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, -1, 0);
if (testptr2 == MAP_FAILED)
err(1, "mmap");*testptr = 0;
*testptr2 = 1;if (syscall(SYS_arch_prctl, ARCH_SET_GS,
(unsigned long)testptr2 - (unsigned long)testptr) != 0)
err(1, "ARCH_SET_GS");usleep(100);
if (read_gs_testvals() == 1) {
printf("[OK]\tARCH_SET_GS worked\n");
} else {
printf("[FAIL]\tARCH_SET_GS failed\n");
errors++;
}asm volatile ("mov %0,%%gs" : : "r" (0));
if (read_gs_testvals() == 0) {
printf("[OK]\tWriting 0 to gs worked\n");
} else {
printf("[FAIL]\tWriting 0 to gs failed\n");
errors++;
}usleep(100);
if (read_gs_testvals() == 0) {
printf("[OK]\tgsbase is still zero\n");
} else {
printf("[FAIL]\tgsbase was corrupted\n");
errors++;
}return errors == 0 ? 0 : 1;
}----- end gsbase test -----
Signed-off-by: Andy Lutomirski
Cc: Andi Kleen
Cc: Linus Torvalds
Link: http://lkml.kernel.org/r/509d27c9fec78217691c3dad91cec87e1006b34a.1418075657.git.luto@amacapital.net
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit 0e58af4e1d2166e9e33375a0f121e4867010d4f8 upstream.
Users have no business installing custom code segments into the
GDT, and segments that are not present but are otherwise valid
are a historical source of interesting attacks.For completeness, block attempts to set the L bit. (Prior to
this patch, the L bit would have been silently dropped.)This is an ABI break. I've checked glibc, musl, and Wine, and
none of them look like they'll have any trouble.Note to stable maintainers: this is a hardening patch that fixes
no known bugs. Given the possibility of ABI issues, this
probably shouldn't be backported quickly.Signed-off-by: Andy Lutomirski
Acked-by: H. Peter Anvin
Cc: Konrad Rzeszutek Wilk
Cc: Linus Torvalds
Cc: Willy Tarreau
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman -
commit 41bdc78544b8a93a9c6814b8bbbfef966272abbe upstream.
Installing a 16-bit RW data segment into the GDT defeats espfix.
AFAICT this will not affect glibc, Wine, or dosemu at all.Signed-off-by: Andy Lutomirski
Acked-by: H. Peter Anvin
Cc: Konrad Rzeszutek Wilk
Cc: Linus Torvalds
Cc: Willy Tarreau
Signed-off-by: Ingo Molnar
Signed-off-by: Greg Kroah-Hartman
17 Dec, 2014
2 commits
-
commit 946e51f2bf37f1656916eb75bd0742ba33983c28 upstream.
Signed-off-by: Al Viro
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 2e46477a12f6fd273e31a220b155d66e8352198c ]
Remove optimize_div() from BPF_MOD | BPF_K case
since we don't know the dividend and fix the
emit_mod() by reading the mod operation result from HI registerSigned-off-by: Denis Kirjanov
Reviewed-by: Markos Chandras
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
06 Dec, 2014
1 commit
-
Pull x86 fixes from Thomas Gleixner:
"Two final fixlets for 3.18:
- Prevent microcode reload wreckage on 32bit
- Unbreak cross compilation"* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, microcode: Limit the microcode reloading to 64-bit for now
x86: Use $(OBJDUMP) instead of plain objdump
01 Dec, 2014
2 commits
-
Commit eb7e7d76 "s390: Replace __get_cpu_var uses" broke machine check
handling.We copy machine check information from per-cpu to a stack variable for
local processing. Next we should zap the per-cpu variable, not the
stack variable.Signed-off-by: Sebastian Ott
Reviewed-by: Heiko Carstens
Acked-by: Christoph Lameter
Signed-off-by: Martin Schwidefsky -
First, there was this: https://bugzilla.kernel.org/show_bug.cgi?id=88001
The problem there was that microcode patches are not being reapplied
after suspend-to-ram. It was important to reapply them, though, because
of for example Haswell's TSX erratum which disabled TSX instructions
with a microcode patch.A simple fix was fb86b97300d9 ("x86, microcode: Update BSPs microcode
on resume") but, as it is often the case, simple fixes are too
simple. This one causes 32-bit resume to fail:https://bugzilla.kernel.org/show_bug.cgi?id=88391
Properly fixing this would require more involved changes for which it
is too late now, right before the merge window. Thus, limit this to
64-bit only temporarily.Signed-off-by: Borislav Petkov
Link: http://lkml.kernel.org/r/1417353999-32236-1-git-send-email-bp@alien8.de
Signed-off-by: Thomas Gleixner
29 Nov, 2014
2 commits
-
Pull ARM SoC fixes from Arnd Bergmann:
"Not much interesting going on fixes-wise for us this week, as it
should be for an -rc7. I'm not expecting Olof to work much over
Thanksgiving weekend, so I decided to take over again and push these
out to you.Just four simple fixes this week:
- one missing of_node_put() on armv7 based mvebu
- forcing the USB host into the right mode on Chromebook
(exynos5-snow)
- enabling two important drivers for exynos_defconfig
- fixing a noncritical bug for tegra that would cause a regression
with common code patches queued for 3.19"* tag 'armsoc-for-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: tegra: irq: fix buggy usage of irq_data irq field
ARM: exynos_defconfig: Enable max77802 rtc and clock drivers
ARM: dts: Explicitly set dr_mode on exynos5250-snow
ARM: mvebu: add missing of_node_put() call in coherency.c -
Pull ARM fixes from Russell King:
"Another round of relatively small ARM fixes.Thomas spotted that the strex backoff delay bit was a disable bit, so
it needed to be clear for this to work. Vladimir spotted that using a
restart block for the cache flush operation would return -EINTR, which
userspace was not expecting. Dmitry spotted that the auxiliary
control register accesses for Xscale were not correct"* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: 8226/1: cacheflush: get rid of restarting block
ARM: 8222/1: mvebu: enable strex backoff delay
ARM: 8216/1: xscale: correct auxiliary register in suspend/resume
28 Nov, 2014
4 commits
-
Pull mips fixes from Ralf Baechle:
"The hopefully final round of fixes for 3.18:- Fix a number of build errors affecting particular configurations.
- Handle EVA correctly when flushing a signal trampoline and dcache
lines.
- Fix printks printing jibberish.
- Handle 64 bit memory addresses correctly when adding memory chunk
on 32 bit kernels.
- Fix a race condition in the hardware tablewalker code"* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: tlbex: Fix potential HTW race on TLBL/M/S handlers
MIPS: Fix address type used for early memory detection.
MIPS: Kconfig: Don't allow both microMIPS and SmartMIPS to be selected.
MIPS: kernel: cps-vec: Set ISA level to mips32r2 for the MIPS MT ASE
MIPS: Netlogic: handle modular AHCI builds
MIPS: Netlogic: handle modular USB case
MIPS: Loongson: Make platform serial setup always built-in.
MIPS: fix EVA & non-SMP non-FPU FP context signal handling
MIPS: cpu-probe: Set the FTLB probability bit on supported cores
MIPS: BMIPS: Fix ".previous without corresponding .section" warnings
MIPS: uaccess.h: Fix strnlen_user comment.
MIPS: r4kcache: Add EVA case for protected_writeback_dcache_line
MIPS: Fix info about plat_setup in arch_mem_init comment
MIPS: rtlx: Remove KERN_DEBUG from pr_debug() arguments in rtlx.c
MIPS: SEAD3: Fix LED device registration.
MIPS: Fix a copy & paste error in unistd.h -
Pull powerpc fixes from Michael Ellerman:
"Here are five fixes for you to pull please.They're all CC'ed to stable except the "Fix PE state format" one which
went in this release"* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux:
powerpc: 32 bit getcpu VDSO function uses 64 bit instructions
powerpc/powernv: Replace OPAL_DEASSERT_RESET with EEH_RESET_DEACTIVATE
powerpc/eeh: Fix PE state format
powerpc/pseries: Fix endiannes issue in RTAS call from xmon
powerpc/powernv: Fix the hmi event version check. -
Pull sparc fixlet from David Miller:
"Aparc fix to add dma_cache_sync(), even if a nop it should be provided
if dma_{alloc,free}_noncoherent() is provided too"* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc: Add NOP dma_cache_sync() implementation. -
There is a potential race when probing the TLB in TLBL/M/S exception
handlers for a matching entry. Between the time we hit a TLBL/S/M
exception and the time we get to execute the TLBP instruction, the
HTW may have replaced the TLB entry we are interested in hence the TLB
probe may fail. However, in the existing handlers, we never checked the
status of the TLBP (ie check the result in the C0/Index register). We
fix this by adding such a check when the core implements the HTW. If
we couldn't find a matching entry, we return back and try again.Signed-off-by: Leonid Yegoshin
Signed-off-by: Markos Chandras
Reviewed-by: James Hogan
Cc: # v3.17+
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8599/
Signed-off-by: Ralf Baechle
27 Nov, 2014
9 commits
-
We cannot restart cacheflush safely if a process provides user-defined
signal handler and signal is pending. In this case -EINTR is returned
and it is expected that process re-invokes syscall. However, there are
a few problems with that:
* looks like nobody bothers checking return value from cacheflush
* but if it did, we don't provide the restart address for that, so the
process has to use the same range again
* ...and again, what might lead to looping foreverSo, remove cacheflush restarting code and terminate cache flushing
as early as fatal signal is pending.Cc: stable@vger.kernel.org # 3.12+
Reported-by: Chanho Min
Signed-off-by: Vladimir Murzin
Acked-by: Will Deacon
Signed-off-by: Russell King -
Under extremely rare conditions, in an MPCore node consisting of at
least 3 CPUs, two CPUs trying to perform a STREX to data on the same
shared cache line can enter a livelock situation.This patch enables the HW mechanism that overcomes the bug. This fixes
the incorrect setup of the STREX backoff delay bit due to a wrong
description in the specification.Note that enabling the STREX backoff delay mechanism is done by
leaving the bit *cleared*, while the bit was currently being set by
the proc-v7.S code.[Thomas: adapt to latest mainline, slightly reword the commit log, add
stable markers.]Fixes: de4901933f6d ("arm: mm: Add support for PJ4B cpu and init routines")
Cc: # v3.8+
Signed-off-by: Nadav Haklai
Signed-off-by: Thomas Petazzoni
Acked-by: Gregory CLEMENT
Acked-by: Jason Cooper
Signed-off-by: Russell King -
Pull "mvebu fixes for v3.18 (round 2)" frm Jason Cooper:
- mvebu
- coherency.c needed an of_node_put()* tag 'mvebu-fixes-3.18-2' of git://git.infradead.org/linux-mvebu:
ARM: mvebu: add missing of_node_put() call in coherency.cSigned-off-by: Arnd Bergmann
-
…/git/kgene/linux-samsung into fixes
Pull "Samsung defconfig update for v3.18" from Kukjin Kim:
- enable max77802 rtc and clock drivers for exynos_defconfig
: enable the kernel config options to have the drivers for
max77802 including rtc and 2-ch 32kHz clock outputs* tag 'samsung-defconfig-v3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: exynos_defconfig: Enable max77802 rtc and clock driversSigned-off-by: Arnd Bergmann <arnd@arndb.de>
-
…/kgene/linux-samsung into fixes
Pull "Samsung fixes for v3.18" from Kukjin Kim:
- explicitly set dr_mode on exynos5250-snow
this is required when kernel is built with USB gadget support.* tag 'samsung-fixes-v3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: dts: Explicitly set dr_mode on exynos5250-snowSigned-off-by: Arnd Bergmann <arnd@arndb.de>
-
The crazy gic_arch_extn thing that Tegra uses contains multiple
references to the irq field in struct irq_data, and uses this
to directly poke hardware register.But irq is the *virtual* irq number, something that has nothing
to do with the actual HW irq (stored in the hwirq field). And once
we put the stacked domain code in action, the whole thing explodes,
as these two values are *very* different:root@bacon-fat:~# cat /proc/interrupts
CPU0 CPU1
16: 25801 2075 GIC 29 twd
17: 0 0 GIC 73 timer0
112: 0 0 GPIO 58 c8000600.sdhci cd
123: 0 0 GPIO 69 c8000200.sdhci cd
279: 1126 0 GIC 122 serial
281: 0 0 GIC 70 7000c000.i2c
282: 0 0 GIC 116 7000c400.i2c
283: 0 0 GIC 124 7000c500.i2c
284: 300 0 GIC 85 7000d000.i2c
[...]Just replacing all instances of irq with hwirq fixes the issue.
Signed-off-by: Marc Zyngier
Acked-by: Thierry Reding
Signed-off-by: Arnd Bergmann -
I used some 64 bit instructions when adding the 32 bit getcpu VDSO
function. Fix it.Fixes: 18ad51dd342a ("powerpc: Add VDSO version of getcpu")
Cc: stable@vger.kernel.org
Signed-off-by: Anton Blanchard
Signed-off-by: Michael Ellerman -
The flag passed to ioda_eeh_phb_reset() should be EEH_RESET_DEACTIVATE,
which is translated to OPAL_DEASSERT_RESET or something else by the
EEH backend accordingly.The patch replaces OPAL_DEASSERT_RESET with EEH_RESET_DEACTIVATE for
ioda_eeh_phb_reset().Cc: stable@vger.kernel.org
Signed-off-by: Gavin Shan
Signed-off-by: Michael Ellerman -
Obviously I had wrong format given to the PE state output from
/sys/bus/pci/devices/xxxx/eeh_pe_state with some typoes, which
was introduced by commit 2013add4ce73. The patch fixes it up.Fixes: 2013add4ce73 ("powerpc/eeh: Show hex prefix for PE state sysfs")
Signed-off-by: Gavin Shan
Signed-off-by: Michael Ellerman
