Commit Graph

102366 Commits

Author SHA1 Message Date
Min-Hua Chen 287e8c6a41 arm64: Fix data type for physical address
Use phys_addr_t for physical address in alloc_init_pud. Although
phys_addr_t and unsigned long are 64 bit in arm64, it is better
to use phys_addr_t to describe physical addresses.

Signed-off-by: Min-Hua Chen <orca.chen@gmail.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-11-13 14:58:45 +00:00
Mark Rutland 9b0b26580a arm64: efi: Fix stub cache maintenance
While efi-entry.S mentions that efi_entry() will have relocated the
kernel image, it actually means that efi_entry will have placed a copy
of the kernel in the appropriate location, and until this is branched to
at the end of efi_entry.S, all instructions are executed from the
original image.

Thus while the flush in efi_entry.S does ensure that the copy is visible
to noncacheable accesses, it does not guarantee that this is true for
the image instructions are being executed from. This could have
disasterous effects when the MMU and caches are disabled if the image
has not been naturally evicted to the PoC.

Additionally, due to a missing dsb following the ic ialluis, the new
kernel image is not necessarily clean in the I-cache when it is branched
to, with similar potentially disasterous effects.

This patch adds additional flushing to ensure that the currently
executing stub text is flushed to the PoC and is thus visible to
noncacheable accesses. As it is placed after the instructions cache
maintenance for the new image and __flush_dcache_area already contains a
dsb, we do not need to add a separate barrier to ensure completion of
the icache maintenance.

Comments are updated to clarify the situation with regard to the two
images and the maintenance required for both.

Fixes: 3c7f255039
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Joel Schopp <joel.schopp@amd.com>
Reviewed-by: Roy Franz <roy.franz@linaro.org>
Tested-by: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Ian Campbell <ijc@hellion.org.uk>
Cc: Leif Lindholm <leif.lindholm@linaro.org>
Cc: Mark Salter <msalter@redhat.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-11-13 14:47:59 +00:00
Linus Torvalds 04689e749b Two fixes---one of them not exactly a one liner, but things are
calming down on the KVM front at last.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJUYhy6AAoJEL/70l94x66DZqoIAIw85ikZG9ZewjwbttRhQf/l
 8a3iAzY3fChNDvJInVWpmpuZV3gkPcf0ISKvh5bh7VvirdxtpgaR+fTUeK7YxuNP
 z8H6StnSM6rtmwsq5vwWWX6lCFOEEnkKJQidi51/o7G7O4EvxFwclTp3WKAeuPTs
 7WmAnofDVUkfXK96DeoOKiWP7jkN97Q2lLcSaogP/jiKSKjMT95ZTA+E0fZNhE18
 8pMZhrI7xrgEc0LQiEki8M9hNT+EBsZfhFjdLuuPP7KbfkZtTxPqdfS0VltAx95x
 5xcr3fTANCqmmW8S2lV0Jbi35Na0roG1wbNhky39Iqe5i7xJ98zSwzW86dCbCI8=
 =ITDE
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "Two fixes --- one of them not exactly a one liner, but things are
  calming down on the KVM front at last"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: x86: Fix uninitialized op->type for some immediate values
  KVM: s390: virtio_ccw: remove unused variable
2014-11-12 15:29:28 -08:00
Geert Uytterhoeven b207422bb9 ARM: shmobile: kzm9g legacy: Set i2c clks_per_count to 2
On sh73a0/kzm9g-legacy, probing of the i2c masters fails with:

    i2c-sh_mobile i2c-sh_mobile.0: timing values out of range: L/H=0x208/0x1bf
    sh_mobile: probe of i2c-sh_mobile.0 failed with error -22

According to the datasheet, the transfer rate is derived from the HP
clock (which runs at 104 MHz) divided by two. Hence
i2c_sh_mobile_platform_data.clks_per_count should be set to two.

Now probing succeeds, and i2c works:

    i2c-sh_mobile i2c-sh_mobile.0: I2C adapter 0 with bus speed 100000 Hz (L/H=0x104/0xe0)

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Reviewed-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2014-11-12 10:38:30 +09:00
Helge Deller d8f5457ab9 parisc: Avoid using CONFIG_64BIT in userspace exported headers
The gcc compiler provide the predefined __LP64__ macro. Use that
instead.

Signed-off-by: Helge Deller <deller@gmx.de>
2014-11-10 22:25:29 +01:00
Helge Deller 2fe749f50b parisc: Use compat layer for msgctl, shmat, shmctl and semtimedop syscalls
Switch over the msgctl, shmat, shmctl and semtimedop syscalls to use the compat
layer. The problem was found with the debian procenv package, which called
	shmctl(0, SHM_INFO, &info);
in which the shmctl syscall then overwrote parts of the surrounding areas on
the stack on which the info variable was stored and thus lead to a segfault
later on.

Additionally fix the definition of struct shminfo64 to use unsigned longs like
the other architectures. This has no impact on userspace since we only have a
32bit userspace up to now.

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: John David Anglin <dave.anglin@bell.net>
Cc: <stable@vger.kernel.org> # v3.10+
2014-11-10 22:23:47 +01:00
Helge Deller 8dd95c68f3 parisc: Use BUILD_BUG() instead of undefined functions
Signed-off-by: Helge Deller <deller@gmx.de>
2014-11-10 22:22:42 +01:00
Helge Deller e6be7bb8a3 parisc: Wire up bpf syscall
Signed-off-by: Helge Deller <deller@gmx.de>
2014-11-10 22:20:40 +01:00
Keerthy 5cd98a7a28 ARM: dts: AM437x-SK-EVM: Fix DCDC3 voltage
DCDC3 supplies voltage to DDR. Fix DCDC3 volatge to 1.5V which is the reset
value. Programming to a non-reset value while executing from DDR will result
in random hangs.

Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2014-11-10 12:28:54 -08:00
Keerthy 3015ddbd8b ARM: dts: AM437x-GP-EVM: Fix DCDC3 voltage
DCDC3 supplies voltage to DDR. Fix DCDC3 volatge to 1.5V which is the reset
value. Programming to a non-reset value while executing from DDR will result
in random hangs.

Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2014-11-10 12:28:54 -08:00
Keerthy fc2a602f38 ARM: dts: AM43x-EPOS-EVM: Fix DCDC3 voltage
DCDC3 supplies voltage to DDR. Fix DCDC3 volatge to 1.5V which is the reset
value. Programming to a non-reset value while executing from DDR will result
in random hangs.

Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2014-11-10 12:28:53 -08:00
Ingo Molnar 0cafa3e714 Two fixes for early microcode loader on 32-bit:
* access the dis_ucode_ldr chicken bit properly
 * fix patch stashing on AMD on 32-bit
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUYNWUAAoJEBLB8Bhh3lVKU1sQAKIj1LVBtNAeaMaC9O8AUkUN
 SWfskslf0uU2OS4RvV0QjDbr/chivIKMs7rbeMb521lHqWULRV/ZSR0kReB1JL45
 yF7Dnz/YZX4VXx7O1lUSBhczN+Xp2jlPGuaeV1Q7iE0S1Focwxe8B24n6ye3dyto
 o3dOH9tSna1U5KZqzHSaXWI4LJg3VrVNmf70IbYQFYyINHEtxI3oEtRWUlfFBA6C
 +RbA3cUksBhYkNLfpkoA9o9ODbdSh5oSNkKFV8R26GCYw+pBQp27FhSECaEDEYIe
 sdMTLgQd3ZWo5zh2zm3U12j8hf0hsfz4TjpDuozXmBlHRJSi/cLbFyEUOAbaCHpQ
 Coaxgs8iiGcFVcZnMGmis9WGM41Q4O3UyxYVVpVEyMYLcrOxysKB0j1L2ycMGHV1
 YHVL6Ex2MYxxqbK6NoC2ZK0OWWm1KNl4O2NAYsT4ICBxsDyxc9JzA6vidKM7VBU6
 VYtOo21fYYbDgxogF6N/C95PA6nRxCm5coJ6X2QENg9DWSQHWkQ/q4Jp3yTrW4Dn
 h/vY+Y5FkmVGoPBITg6BjtG9Sl3wrsqpIz2umWEeRmNCbcQm+KNQWSctvzzmOWDW
 yYHyPQUgwxVX5qK5VVrTEvtDBn7E0gLEnwJLy4AdwkHf7YESxwbnYv+xXkiAubLH
 dDlDNEEv1Fi3wzwc4/6g
 =BamU
 -----END PGP SIGNATURE-----

Merge tag 'microcode_fixes_for_3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp into x86/urgent

Pull two fixes for early microcode loader on 32-bit from Borislav Petkov:

 - access the dis_ucode_ldr chicken bit properly
 - fix patch stashing on AMD on 32-bit

Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-11-10 17:08:01 +01:00
Borislav Petkov c0a717f23d x86, microcode, AMD: Fix ucode patch stashing on 32-bit
Save the patch while we're running on the BSP instead of later, before
the initrd has been jettisoned. More importantly, on 32-bit we need to
access the physical address instead of the virtual.

This way we actually do find it on the APs instead of having to go
through the initrd each time.

Tested-by: Richard Hendershot <rshendershot@mchsi.com>
Fixes: 5335ba5cf4 ("x86, microcode, AMD: Fix early ucode loading")
Cc: <stable@vger.kernel.org> # v3.13+
Signed-off-by: Borislav Petkov <bp@suse.de>
2014-11-10 13:50:55 +01:00
Boris Ostrovsky 54279552bd x86/core, x86/xen/smp: Use 'die_complete' completion when taking CPU down
Commit 2ed53c0d6c ("x86/smpboot: Speed up suspend/resume by
avoiding 100ms sleep for CPU offline during S3") introduced
completions to CPU offlining process. These completions are not
initialized on Xen kernels causing a panic in
play_dead_common().

Move handling of die_complete into common routines to make them
available to Xen guests.

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Cc: tianyu.lan@intel.com
Cc: konrad.wilk@oracle.com
Cc: xen-devel@lists.xenproject.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/1414770572-7950-1-git-send-email-boris.ostrovsky@oracle.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-11-10 11:16:40 +01:00
Chris Zankel aeb5897342 Linux 3.18-rc4
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJUX/DqAAoJEHm+PkMAQRiGLtQH/iAt3fRHlYDXjaJian/KG1Cb
 wVP0I+HWZmvVmmd0PzyaxCZLgRNwdmmYHEH4QLy2JwZ3jZfFHlxhy+hDWCgz+67t
 bIzkLs0Pf1T4kJ2+r8qW2kBEz9PWJHGTQw7NTqZ++Ts3rPptBA6Fg4mEJ6fQigXy
 qRIY68DpipUkXV9BWBWijnTmrvP5tt7JtPzBr4DC8frMjvWct8+XwYhc2k2tEv2j
 LwLYb1OW6PUpPv2BQBfWjqqH77vYNQVhJwuwGcDe2YZdI0UFkDheL24+RbbPcZ4f
 OnrLjJSSgzv6lBWkAaXZK7/WJ/JZbXxEqHzWZQ3xXoQov97bm7lEYJqqi5gDasQ=
 =6Qpa
 -----END PGP SIGNATURE-----

Merge tag 'v3.18-rc4' into for_next

Linux 3.18-rc4
2014-11-10 00:05:43 -08:00
Geert Uytterhoeven b89ff7c3c2 ARM: shmobile: r8a7740 dtsi: Correct IIC0 parent clock
According to the datasheet, the operating clock for IIC0 is the HPP
(RT Peri) clock, not the SUB (Peri) clock. Both clocks run at the same
speed (50 Mhz).

This is consistent with IIC0 being located in the A4R PM domain, and
IIC1 in the A3SP PM domain.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2014-11-10 09:56:01 +09:00
Shinobu Uehara edd7b93863 ARM: shmobile: r8a7790: Fix SD3CKCR address to device tree
Signed-off-by: Shinobu Uehara <shinobu.uehara.xc@renesas.com>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2014-11-10 09:55:51 +09:00
Geert Uytterhoeven 4f37828d4d ARM: shmobile: r8a7740 legacy: Correct IIC0 parent clock
According to the datasheet, the operating clock for IIC0 is the HPP
(RT Peri) clock, not the SUB (Peri) clock. Both clocks run at the same
speed (50 Mhz).

This is consistent with IIC0 being located in the A4R PM domain, and
IIC1 in the A3SP PM domain.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2014-11-10 09:54:12 +09:00
Geert Uytterhoeven 85eb968e84 ARM: shmobile: r8a7740 legacy: Add missing INTCA clock for irqpin module
This clock drives the irqpin controller modules.
Before, it was assumed enabled by the bootloader or reset state.
By making it available to the driver, we make sure it gets enabled when
needed, and allow it to be managed by system or runtime PM.

Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2014-11-10 09:47:44 +09:00
Shinobu Uehara a926a12b5f ARM: shmobile: r8a7790: Fix SD3CKCR address
Signed-off-by: Shinobu Uehara <shinobu.uehara.xc@renesas.com>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
2014-11-10 09:47:42 +09:00
Linus Torvalds ee867cf97a arm64 fixes:
- enable bpf syscall for compat
 - cpu_suspend fix when checking the idle state type
 - defconfig update
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUXzboAAoJEGvWsS0AyF7xSP8P/1IGrDeWgT5+J9edv1B4QYm1
 hw+X+T6Wywl4yPpkh7vljL64ajDa0wPFKu3t83xLpuFE2TEKT+EdABB9TJHAb8RN
 hebRGYQXMCfDowTXS2QGK058rtHFVsdH3j8NWoUNwIBVW6Wq2Jcaw87V3E+K3TLL
 FlYnxKen40N/IUJRe+M5nn7VUo7lXPbIiVGHb3gfPBq4yeLccIsVYWYNIYUEDMTQ
 /BJTmbY9Hte0uZK5+q4cXqmNKiDgODskIFIOQUowJoKPR0cuhBraC61GIMSSbqRA
 sbOs8yjadRcHsyjnFL3dlrhbRKzV9Vy4EDJ7l15m9j67MSs2UHiZ65AKHHyUbS1C
 vIYMNc2gcTQH3kUyoWs+Dc5lrBhQ/T3rBz9bPnRu9SXmr0RjwnFkKcgOsm19B6cv
 hqYuj8Pbjg5+Qoq0gRznQRzM3S3RN2WhzXSHt/gmHIKfcd8mtpHQDNRKayqlIWBS
 paiCKkl7fn8uuZVuuzn4gSK50k3kvpJV6YddiTfLa7bYslIEpQyIAJXHurCY+y96
 tTVIyO2vh1RzJ0b1HT2hHeDSDHmAXuHMQoc3Q4TNkHap+TTcI70+/TTCw23qswV9
 dMuz7iN0/U96O2EiQlmWFpGhC1VZnjbzdIalnnEnfEfMTFA2vJqZr5eyzID4TfR0
 b3PkGNf1/qgPiibwbJ3G
 =CBMO
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:
 - enable bpf syscall for compat
 - cpu_suspend fix when checking the idle state type
 - defconfig update

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: defconfig: update defconfig for 3.18
  arm64: compat: Enable bpf syscall
  arm64: psci: fix cpu_suspend to check idle state type for index
2014-11-09 14:49:56 -08:00
Linus Torvalds b1f368b58b ARM: SoC fixes for 3.18-rc4
Another quiet week:
 
 - A fix to silence edma probe error on non-supported platforms from Arnd
 - A fix to enable the PL clock for Parallella, to make mainline usable with
   the SDK.
 - A somewhat verbose fix for the PLL clock tree on VF610
 - Enabling of SD/MMC on one of the VF610-based boards (for testing)
 - A fix for i.MX where CONFIG_SPI used to be implicitly enabled and now needs
   to be added to the defconfig instead
 - Another maintainer added for bcm2835: Lee Jones
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUXxH5AAoJEIwa5zzehBx3B5UP/RQ7+DFsFHGTA0Da3R2bgJwq
 aJOhyJPx1k5jycjIEubxQo4N2Fq77Izw0evR9q98KeeXogJm2HVd050XRPfBzsIq
 FTY3jABpn2NPawKMBML9H4C84IOoqCvvZZeKxNCA2Py+5PY9s/XM1g0GBxvLlDYV
 xLjmkU//2iE5pZVu0CoSXh3gtTTED3i6YKYyZcuo1fyE1IMCwTOB6B8ozc6fQGRt
 NPNjMTx6SdqzAuEWnZv9cXlquAWK2e8Syf9aDq9fJzmd6e+KEP+/5meC+oNsB4p+
 BLHeejYDGBQWLRovX7YmWwdeIk1cXLT+eeZOEvBz0lQOo6j2ok6lVR/jrirE6WqI
 EqyGFCaq/8G5AcdHQH3cWfVfRzIbJIhI5DuC6Wg9O3kj2PKWwz/O0tUD21w/x0jM
 cpdFCojaXSlttbtF3t9YaISKaSfu4lJjFt9AYC0VBwynYtUplH8uUhyy8vGxildS
 kpjmamc88G3rV8SQQrDd1PYXAuaj2ZwMVYH0e/erWAnFvV/Mn4e+JVgROjjHUY0f
 akdfvM03QYfzVcK5RVfk3Kv5FOb1NkKoedd5By4zbagxbsUfERzrb+x0By2AU7m/
 xFTXyjJ00M1SWoVso+GiWeVmGKsxi0LEAGkW0nEp8ilr6zScDODwkwSMJyB1u2ym
 BtsUlDEwR4gJg6Pd24Qi
 =bOlr
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-for-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "Another quiet week:

   - a fix to silence edma probe error on non-supported platforms from
     Arnd
   - a fix to enable the PL clock for Parallella, to make mainline
     usable with the SDK.
   - a somewhat verbose fix for the PLL clock tree on VF610
   - enabling of SD/MMC on one of the VF610-based boards (for testing)
   - a fix for i.MX where CONFIG_SPI used to be implicitly enabled and
     now needs to be added to the defconfig instead
   - another maintainer added for bcm2835: Lee Jones"

* tag 'armsoc-for-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: dts: zynq: Enable PL clocks for Parallella
  dma: edma: move device registration to platform code
  ARM: dts: vf610: add SD node to cosmic dts
  MAINTAINERS: update bcm2835 entry
  ARM: imx: Fix the removal of CONFIG_SPI option
  ARM: imx: clk-vf610: define PLL's clock tree
2014-11-09 14:46:36 -08:00
Andreas Färber 92c9e0c780 ARM: dts: zynq: Enable PL clocks for Parallella
The Parallella board comes with a U-Boot bootloader that loads one of
two predefined FPGA bitstreams before booting the kernel. Both define an
AXI interface to the on-board Epiphany processor.

Enable clocks FCLK0..FCLK3 for the Programmable Logic by default.

Otherwise accessing, e.g., the ESYSRESET register freezes the board,
as seen with the Epiphany SDK tools e-reset and e-hw-rev, using /dev/mem.

Cc: <stable@vger.kernel.org> # 3.17.x
Signed-off-by: Andreas Färber <afaerber@suse.de>
Acked-by: Michal Simek <michal.simek@xilinx.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2014-11-08 16:57:44 -08:00
Chen-Yu Tsai 532425a7a7 ARM: dts: sun6i: Re-parent ahb1_mux to pll6 as required by dma controller
The dma controller requires that the ahb1 bus clock be driven by pll6
for peripheral access to work. Previously this was done in the dma
controller driver, but was since removed as part of a series to unify
the ahb1_mux and ahb1 clock drivers, in

    14e0e28 dmaengine: sun6i: Remove obsolete clk muxing code

Unfortunately the rest of that series did not make it, leaving us with
broken dma on sun6i.

This patch reparents ahb1_mux to pll6 using the DT assigned-clocks
properties in the dma controller node.

Signed-off-by: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
2014-11-08 15:56:36 +01:00
Linus Torvalds 6ac94d3abc Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Pull MIPS updates from Ralf Baechle:
 "This weeks' round of MIPS bug fixes for 3.18:

   - wire up the bpf syscall
   - fix TLB dump output for R3000 class TLBs
   - fix strnlen_user return value if no NUL character was found.
   - fix build with binutils 2.24.51+.  While there is no binutils 2.25
     release yet, toolchains derived from binutils 2.24.51+ are already
     in common use.
   - the Octeon GPIO code forgot to offline GPIO IRQs.
   - fix build error for XLP.
   - fix possible BUG assertion with EVA for CMA"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
  MIPS: Fix build with binutils 2.24.51+
  MIPS: R3000: Fix debug output for Virtual page number
  MIPS: Fix strnlen_user() return value in case of overlong strings.
  MIPS: CMA: Do not reserve memory if not required
  MIPS: Wire up bpf syscall.
  MIPS/Xlp: Remove the dead function destroy_irq() to fix build error
  MIPS: Octeon: Make Octeon GPIO IRQ chip CPU hotplug-aware
2014-11-07 18:08:02 -08:00
Andreas Larsson 1a17fdc4f4 sparc32: Implement xchg and atomic_xchg using ATOMIC_HASH locks
Atomicity between xchg and cmpxchg cannot be guaranteed when xchg is
implemented with a swap and cmpxchg is implemented with locks.
Without this, e.g. mcs_spin_lock and mcs_spin_unlock are broken.

Signed-off-by: Andreas Larsson <andreas@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-11-07 12:51:44 -08:00
David S. Miller ab5c780913 sparc64: Do irq_{enter,exit}() around generic_smp_call_function*().
Otherwise rcu_irq_{enter,exit}() do not happen and we get dumps like:

====================
[  188.275021] ===============================
[  188.309351] [ INFO: suspicious RCU usage. ]
[  188.343737] 3.18.0-rc3-00068-g20f3963-dirty #54 Not tainted
[  188.394786] -------------------------------
[  188.429170] include/linux/rcupdate.h:883 rcu_read_lock() used
illegally while idle!
[  188.505235]
other info that might help us debug this:

[  188.554230]
RCU used illegally from idle CPU!
rcu_scheduler_active = 1, debug_locks = 0
[  188.637587] RCU used illegally from extended quiescent state!
[  188.690684] 3 locks held by swapper/7/0:
[  188.721932]  #0:  (&x->wait#11){......}, at: [<0000000000495de8>] complete+0x8/0x60
[  188.797994]  #1:  (&p->pi_lock){-.-.-.}, at: [<000000000048510c>] try_to_wake_up+0xc/0x400
[  188.881343]  #2:  (rcu_read_lock){......}, at: [<000000000048a910>] select_task_rq_fair+0x90/0xb40
[  188.973043]stack backtrace:
[  188.993879] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 3.18.0-rc3-00068-g20f3963-dirty #54
[  189.076187] Call Trace:
[  189.089719]  [0000000000499360] lockdep_rcu_suspicious+0xe0/0x100
[  189.147035]  [000000000048a99c] select_task_rq_fair+0x11c/0xb40
[  189.202253]  [00000000004852d8] try_to_wake_up+0x1d8/0x400
[  189.252258]  [000000000048554c] default_wake_function+0xc/0x20
[  189.306435]  [0000000000495554] __wake_up_common+0x34/0x80
[  189.356448]  [00000000004955b4] __wake_up_locked+0x14/0x40
[  189.406456]  [0000000000495e08] complete+0x28/0x60
[  189.448142]  [0000000000636e28] blk_end_sync_rq+0x8/0x20
[  189.496057]  [0000000000639898] __blk_mq_end_request+0x18/0x60
[  189.550249]  [00000000006ee014] scsi_end_request+0x94/0x180
[  189.601286]  [00000000006ee334] scsi_io_completion+0x1d4/0x600
[  189.655463]  [00000000006e51c4] scsi_finish_command+0xc4/0xe0
[  189.708598]  [00000000006ed958] scsi_softirq_done+0x118/0x140
[  189.761735]  [00000000006398ec] __blk_mq_complete_request_remote+0xc/0x20
[  189.827383]  [00000000004c75d0] generic_smp_call_function_single_interrupt+0x150/0x1c0
[  189.906581]  [000000000043e514] smp_call_function_single_client+0x14/0x40
====================

Based almost entirely upon a patch by Paul E. McKenney.

Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-11-07 09:50:48 -08:00
Manuel Lauss 842dfc11ea MIPS: Fix build with binutils 2.24.51+
Starting with version 2.24.51.20140728 MIPS binutils complain loudly
about mixing soft-float and hard-float object files, leading to this
build failure since GCC is invoked with "-msoft-float" on MIPS:

{standard input}: Warning: .gnu_attribute 4,3 requires `softfloat'
  LD      arch/mips/alchemy/common/built-in.o
mipsel-softfloat-linux-gnu-ld: Warning: arch/mips/alchemy/common/built-in.o
 uses -msoft-float (set by arch/mips/alchemy/common/prom.o),
 arch/mips/alchemy/common/sleeper.o uses -mhard-float

To fix this, we detect if GAS is new enough to support "-msoft-float" command
option, and if it does, we can let GCC pass it to GAS;  but then we also need
to sprinkle the files which make use of floating point registers with the
necessary ".set hardfloat" directives.

Signed-off-by: Manuel Lauss <manuel.lauss@gmail.com>
Cc: Linux-MIPS <linux-mips@linux-mips.org>
Cc: Matthew Fortune <Matthew.Fortune@imgtec.com>
Cc: Markos Chandras <Markos.Chandras@imgtec.com>
Cc: Maciej W. Rozycki <macro@linux-mips.org>
Patchwork: https://patchwork.linux-mips.org/patch/8355/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-07 15:07:36 +01:00
Thomas Petazzoni 2eb04ae010 ARM: mvebu: add missing of_node_put() call in coherency.c
There is a missing of_node_put() to decrement the device_node
reference counter after a of_find_matching_node() in coherency_init().

Fixes: 501f928e00 ("ARM: mvebu: add a coherency_available() call")
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Link: https://lkml.kernel.org/r/1414423955-5933-4-git-send-email-thomas.petazzoni@free-electrons.com
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2014-11-07 02:56:36 +00:00
Roger Quadros a8ead0ecb9 ARM: dts: am335x-evm: Fix 5th NAND partition's name
The 5th NAND partition should be named "NAND.u-boot-spl-os"
instead of "NAND.u-boot-spl". This is to be consistent with other
TI boards as well as u-boot.

Fixes: 91994facdd ("ARM: dts: am335x-evm: NAND: update MTD partition table")

Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2014-11-06 10:21:13 -08:00
Isamu Mogi 491a48aa52 MIPS: R3000: Fix debug output for Virtual page number
Virtual page number of R3000 in entryhi is 20 bit from MSB. But in
dump_tlb(), the bit mask to read it from entryhi is 19 bit (0xffffe000).
The patch fixes that to 0xfffff000.

Signed-off-by: Isamu Mogi <isamu@leafytree.jp>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/8290/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-06 15:49:36 +01:00
Arnd Bergmann 5305e4d674 dma: edma: move device registration to platform code
The horrible split between the low-level part of the edma support
and the dmaengine front-end driver causes problems on multiplatform
kernels. This is an attempt to improve the situation slightly
by only registering the dmaengine devices that are actually
present.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
[olof: add missing include of linux/dma-mapping.h]
Signed-off-by: Olof Johansson <olof@lixom.net>

Signed-off-by: Olof Johansson <olof@lixom.net>
2014-11-05 18:26:10 -08:00
Linus Torvalds 90f9576844 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 update from Martin Schwidefsky:
 "One small improvement for the cputime accounting, two bug fixes and an
  update for the default configuration files"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/ftrace: add ftrace_graph_is_dead() check
  s390: update default configuration
  s390/vdso: fix stack corruption
  s390/time: use stck clock fast for do_account_vtime
2014-11-05 12:13:52 -08:00
Olof Johansson ab699bc792 ARM: dts: vf610: add SD node to cosmic dts
Driver has been there since a while back, but the dts never seems to
have been updated with the node (nor pinctrl). Do so now.

Cc: Matt Porter <mporter@linaro.org>
Acked-by: Shawn Guo <shawn.guo@linaro.org>
Acked-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Olof Johansson <olof@lixom.net>
2014-11-05 10:58:47 -08:00
Will Deacon 2d39ad649e arm64: defconfig: update defconfig for 3.18
This patch enables a few things missing from our defconfig:

  - PCI and MSI, including support for the x-gene host controller
  - BPF JIT
  - SPI, GPIO and MMC for Seattle
  - GPIO for x-gene
  - USB for Juno
  - RTC

It also removes HMC_DRV, which was being built as a module for some
reason.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-11-05 17:07:58 +00:00
Borislav Petkov 85be07c324 x86, microcode: Fix accessing dis_ucode_ldr on 32-bit
We should be accessing it through a pointer, like on the BSP.

Tested-by: Richard Hendershot <rshendershot@mchsi.com>
Fixes: 65cef1311d ("x86, microcode: Add a disable chicken bit")
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Borislav Petkov <bp@suse.de>
2014-11-05 17:28:06 +01:00
Catalin Marinas 97b56be103 arm64: compat: Enable bpf syscall
Following the arm32 commit 2d605a3029 (ARM: enable bpf syscall), wire
this syscall for arm64 compat as well.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-11-05 16:26:35 +00:00
Nadav Amit d29b9d7ed7 KVM: x86: Fix uninitialized op->type for some immediate values
The emulator could reuse an op->type from a previous instruction for some
immediate values.  If it mistakenly considers the operands as memory
operands, it will performs a memory read and overwrite op->val.

Consider for instance the ROR instruction - src2 (the number of times)
would be read from memory instead of being used as immediate.

Mark every immediate operand as such to avoid this problem.

Cc: stable@vger.kernel.org
Fixes: c44b4c6ab8
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-05 12:36:58 +01:00
Olof Johansson 83b3d538db The i.MX fixes for 3.18, 2nd round:
- Fix a regression on Vybrid platform which is caused by commit
    dc4805c2e7 (ARM: imx: remove ENABLE and BYPASS bits from clk-pllv3
    driver), and results in a missing configuration on PLL clocks.
  - Fix a regression with i.MX defconfig files where CONFIG_SPI option
    gets lost accidentally.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJUWLLbAAoJEFBXWFqHsHzOCJcH/Rm1q8mIjhHN7Q9k0cYeKuM2
 r59Cyl1nJt+nG6qgPK+hPOl3Lw8z9c7zLJ/TG6wsNrAOaFNfNGs3npytL2S6iyDM
 KX7IulltuA5Sl5JBXXyMYzn+nm5jBnFrnX/6IUQFI7OB0WVGWOzfyKeqEMzPnG5x
 CApc8YHNKe0HBvDyYHkRlNrwwJjVCB2V6H86Km4QsRkTvSkiYa+Fuf1o9M9gpBg9
 4wWq9WekFizb0uVTk9tBMcoX82Y/GD6/52MDW2ISGhAVWavxJ2O+UhrdSSmrPqC2
 7LY0C6t1YAFZKLn0yn9sAyubG5P/MZF8UAs+7go2s1vtCbG3RvoxPz6RxkEyrmY=
 =KnLU
 -----END PGP SIGNATURE-----

Merge tag 'imx-fixes-3.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes

Merge "ARM: imx: fixes for 3.18, 2nd round" from Shawn Guo:

"This is the second round of i.MX fixes for 3.18.  The clk-vf610 fix is
relatively big, because it needs some adaption to the change made by
offending commit dc4805c2e7 (ARM: imx: remove ENABLE and BYPASS bits
from clk-pllv3 driver).  And it should have been sent to you for earlier
-rc inclusion, but unfortunately it got delayed for some time because
Stefan wasn't aware of my email address change."

The i.MX fixes for 3.18, 2nd round:
 - Fix a regression on Vybrid platform which is caused by commit
   dc4805c2e7 (ARM: imx: remove ENABLE and BYPASS bits from clk-pllv3
   driver), and results in a missing configuration on PLL clocks.
 - Fix a regression with i.MX defconfig files where CONFIG_SPI option
   gets lost accidentally.

* tag 'imx-fixes-3.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: (460 commits)
  ARM: imx: Fix the removal of CONFIG_SPI option
  ARM: imx: clk-vf610: define PLL's clock tree
  + Linux 3.18-rc3

Signed-off-by: Olof Johansson <olof@lixom.net>
2014-11-04 20:37:25 -08:00
Iyappan Subramanian 09c9e0593d dtb: xgene: fix: Backward compatibility with older firmware
The following kernel crash was reported when using older firmware (<= 1.13.28).

[    0.980000] libphy: APM X-Gene MDIO bus: probed
[    1.130000] Unhandled fault: synchronous external abort (0x96000010) at 0xffffff800009a17c
[    1.140000] Internal error: : 96000010 [#1] SMP
[    1.140000] Modules linked in:
[    1.140000] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.17.0+ #21
[    1.140000] task: ffffffc3f0110000 ti: ffffffc3f0064000 task.ti: ffffffc3f0064000
[    1.140000] PC is at ioread32+0x58/0x68
[    1.140000] LR is at xgene_enet_setup_ring+0x18c/0x1cc
[    1.140000] pc : [<ffffffc0003cec68>] lr : [<ffffffc00053dad8>] pstate: a0000045
[    1.140000] sp : ffffffc3f0067b20
[    1.140000] x29: ffffffc3f0067b20 x28: ffffffc000aa8ea0
[    1.140000] x27: ffffffc000bb2000 x26: ffffffc000a64270
[    1.140000] x25: ffffffc000b05ad8 x24: ffffffc0ff99ba58
[    1.140000] x23: 0000000000004000 x22: 0000000000004000
[    1.140000] x21: 0000000000000200 x20: 0000000000200000
[    1.140000] x19: ffffffc0ff99ba18 x18: ffffffc0007a6000
[    1.140000] x17: 0000000000000007 x16: 000000000000000e
[    1.140000] x15: 0000000000000001 x14: 0000000000000000
[    1.140000] x13: ffffffbeedb71320 x12: 00000000ffffff80
[    1.140000] x11: 0000000000000002 x10: 0000000000000000
[    1.140000] x9 : 0000000000000000 x8 : ffffffc3eb2a4000
[    1.140000] x7 : 0000000000000000 x6 : 0000000000000000
[    1.140000] x5 : 0000000001080000 x4 : 000000007d654010
[    1.140000] x3 : ffffffffffffffff x2 : 000000000003ffff
[    1.140000] x1 : ffffff800009a17c x0 : ffffff800009a17c

The issue was that the older firmware does not support 10GbE and
SGMII based 1GBE interfaces.

This patch changes the address length of the reg property of sgmii0 and xgmii
nodes and serves as preparatory patch for the fix.

Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>
Signed-off-by: Keyur Chudgar <kchudgar@apm.com>
Reported-by: Dann Frazier <dann.frazier@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-11-04 17:08:42 -05:00
Linus Torvalds 8a97577a59 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux
Pull powerpc fixes from Michael Ellerman:
 "Some more powerpc fixes if you please"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux:
  powerpc: use device_online/offline() instead of cpu_up/down()
  powerpc/powernv: Properly fix LPC debugfs endianness
  powerpc: do_notify_resume can be called with bad thread_info flags argument
  powerpc/fadump: Fix endianess issues in firmware assisted dump handling
  powerpc: Fix section mismatch warning
2014-11-04 11:18:29 -08:00
Ralf Baechle 0097761013 MIPS: Fix strnlen_user() return value in case of overlong strings.
We were returning maxlen like the userland strnlen if no '\0' character
was encountered while the kernel version is expected to return a value
larger than maxlen.  Fixed to return maxlen + 1.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-11-04 12:46:33 +01:00
Fabio Estevam 89fbec5b97 ARM: imx: Fix the removal of CONFIG_SPI option
Since 64546e9fe3 ("ARM: imx_v6_v7_defconfig updates") and commit
0650f855d2 ("ARM: imx_v4_v5_defconfig: Select CONFIG_IMX_WEIM") CONFIG_SPI
selection was dropped by savedefconfig for imx_v4_v5_defconfig and
imx_v6_v7_defconfig.

In order to keep the same behaviour as previous kernel versions and avoid
regressions, let's add CONFIG_SPI option back.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
2014-11-04 19:00:01 +08:00
Peter Zijlstra (Intel) ce5686d4ed perf/x86: Fix embarrasing typo
Because we're all human and typing sucks..

Fixes: 7fb0f1de49 ("perf/x86: Fix compile warnings for intel_uncore")
Reported-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: x86@kernel.org
Link: http://lkml.kernel.org/n/tip-be0bftjh8yfm4uvmvtf3yi87@git.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-11-04 07:06:58 +01:00
Stefan Agner c72c553249 ARM: imx: clk-vf610: define PLL's clock tree
So far, the required PLL's (PLL1/PLL2/PLL5) have been initialized
by boot loader and the kernel code defined fixed rates according
to those default configurations. Beginning with the USB PLL7 the
code started to initialize the PLL's itself (using imx_clk_pllv3).

However, since commit dc4805c2e7
(ARM: imx: remove ENABLE and BYPASS bits from clk-pllv3 driver)
imx_clk_pllv3 no longer takes care of the ENABLE and BYPASS bits,
hence the USB PLL were not configured correctly anymore.

This patch not only fixes those USB PLL's, but also makes use of
the imx_clk_pllv3 for all PLL's and alignes the code with the PLL
support of the i.MX6 series.

Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
2014-11-04 13:40:14 +08:00
Linus Torvalds f4ca536f71 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k
Pull m68k update from Geert Uytterhoeven.

Just wiring up the bpf system call.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
  m68k: Wire up bpf
2014-11-03 14:09:33 -08:00
Linus Torvalds 2084becbe1 ARM: SoC fixes for 3.8-rc3
A surprisingly small batch of fixes for -rc3. Suspiciously small, I'd say.
 
 Anyway, most of this are a few defconfig updates. Some for omap to deal
 with kernel binary size (moving ipv6 to module, etc). A larger one for
 socfpga that refreshes with some churn, but also turns on a few options
 that makes the newly-added board in my bootfarm usable for testing.
 
 OMAP3 will also now warn when booted with legacy (non-DT) boot protocols,
 hopefully encouraging those who still care about some of those platforms
 to submit DT support and report bugs where needed. Nothing stops working
 though, this is just to warn for future deprecation.
 
 Beyond this, very few actual bugfixes. A PXA fix for DEBUG_LL boot hangs,
 a missing terminting entry in a dt_match array on RealView a MTD fix on
 OMAP with NAND.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQIcBAABAgAGBQJUVqZOAAoJEIwa5zzehBx322EP/3qID6KdT6d5AF2ywaHpKse/
 LSV3sQbwViGJfKo0jurcfpYUbIaT1QYXMsbjUy9ZFPa7zujgKBx6ugmoLiPKSanP
 wQODZXCvUXOXBspq17U6+kA5pKvethG9zdfFhsStLgIpw44YhWqFhGr2oK9az/pd
 ZOiI5n/96n35WIETNQdp/P/JHZziatELNUseXd7xsp6vzfaIo3CudYRj0fqX8YCy
 l+iFKUJY9gD9zdMNAzoCcXnFmol00UhDDqWrkE+5QKS+T7GVEgtIzaYmYjACyzKA
 YsTohQQPXrtdKHsnNko/7PPAUhd1xLV2gqD3Subi8m65QdDZw62xbGdVWgfD3Pa+
 TjBeIqunPBQ9rambWzpV/uWUjmgu9e7eX18MjDxChUOiBZuKtYeW1kfwS0mfybXw
 TKxJCd9HYBY94bj8sJMLGs8DlDViVjiVeuv9pBf/MzqYS+CGXFeB/yadyrsLHEjG
 bawKUIL3/bfkPbvxNlMs1tmRlVpMmBu1AVU3SwCtoDZpf/OcnRizFM4yzI9bUMkd
 0FDFYZCUvvMNeTraiptHRE3cG7io9gPX4ocIf/9LaT1jdxMedlU3O0j18HY7ZO33
 Fzr4Mr9OmEpUT1UTjTiwzE1uDTlfbawAROb8DCuzTfcW2KiIKR1ZAX4RsdE+YSvZ
 D+f0FzqEOZ07gkb08lUW
 =JasG
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-for-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "A surprisingly small batch of fixes for -rc3.  Suspiciously small, I'd
  say.

  Anyway, most of this are a few defconfig updates.  Some for omap to
  deal with kernel binary size (moving ipv6 to module, etc).  A larger
  one for socfpga that refreshes with some churn, but also turns on a
  few options that makes the newly-added board in my bootfarm usable for
  testing.

  OMAP3 will also now warn when booted with legacy (non-DT) boot
  protocols, hopefully encouraging those who still care about some of
  those platforms to submit DT support and report bugs where needed.
  Nothing stops working though, this is just to warn for future
  deprecation.

  Beyond this, very few actual bugfixes.  A PXA fix for DEBUG_LL boot
  hangs, a missing terminting entry in a dt_match array on RealView a
  MTD fix on OMAP with NAND"

[ Obviously missed rc3, will make rc4 instead ;) ]

* tag 'armsoc-for-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  MAINTAINERS: drop list entry for davinci
  ARM: OMAP2+: Warn about deprecated legacy booting mode
  ARM: omap2plus_defconfig: Fix errors with NAND BCH
  ARM: multi_v7_defconfig: fix support for APQ8084
  soc: versatile: Add terminating entry for realview_soc_of_match
  ARM: ixp4xx: remove compilation warnings in io.h
  MAINTAINERS: Add Soren as reviewer for Zynq
  ARM: omap2plus_defconfig: Fix bloat caused by having ipv6 built-in
  ARM: socfpga_defconfig: Update defconfig for SoCFPGA
  ARM: pxa: fix hang on startup with DEBUG_LL
2014-11-03 14:07:05 -08:00
Olof Johansson 4257412db5 Few fixes for omaps to enable NAND BCH so devices won't
produce errors when booted with omap2plus_defconfig, and
 reduce bloat by making IPV6 a loadable module.
 
 Also let's add a warning about legacy boot being deprecated
 for omap3.
 
 We now have things working with device tree, and only omap3 is
 still booting in legacy mode. So hopefully this warning will
 help move the remaining legacy mode users to boot with device
 tree.
 
 As the total reduction of code and static data is somewhere
 around 20000 lines of code once we remove omap3 legacy mode
 booting, we really do want to make omap3 to boot also in
 device tree mode only over the next few merge cycles.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUUmuGAAoJEBvUPslcq6VzcvkQAJkQhYXffP+lN8XHvZKNSnXb
 aue3W1PBI9zPwnMfySryo/262od/cz1ucgLwNn7SHFs2EhfEYNKSjgF++q+ave8q
 frqwbEE0Pe5dGlV9tmA6SdffsiW2hLPuI1XF9a1XBW2qD5LHBidJLconUILnQsH2
 E7ddhf2K/yAizF3BRhOeX7YVzOG5hxodBuhPz1fqLllfTA3EBXgB33wffHSOGVls
 r1fgpaUFzaBoJ5ZZyqNx7chGBRrOxAOviz/zvp8ljFkCelENkBa8IkuSiNRbiWlk
 el4wo3HfCRypqKBpXlDkD6Gfkugvc54xmkXXod/qgNnFchaIR0LENuzNonHZlC2S
 cIVGuqIhRaIHkLMtJKATH13WmA7MqYg3Vcjqm5VnVpaqM6Q4390Ug000UpLj7FEB
 6FXnN3tQJLBgmvc5SDhohXNzWZSjXGTUBo92fS9zc4BzN9CUrLsEfKZtIcHA7HSZ
 rseGiLx0dyrYPdwsyEfp1row/ZWw9fGbtWCumN1LXlnQH/IXwGGf+irOeKbMmU2V
 nRZxpQIQtEfpJTJf0lKMZV7JUm93MXOvkcMPaPq9PtEn0plC7YIohPrO/yEPdl9K
 EIuehWwRbbjWoxtznTLlm9FOwNBg/PtChq6XP+M+wHzeDfiumA3jwPQEtmUkhha3
 wy42f5Bi3MhtIzZ51oDm
 =WvgB
 -----END PGP SIGNATURE-----

Merge tag 'fixes-against-v3.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes

Merge "omap fixes against v3.18-rc2" from Tony Lindgren:

Few fixes for omaps to enable NAND BCH so devices won't
produce errors when booted with omap2plus_defconfig, and
reduce bloat by making IPV6 a loadable module.

Also let's add a warning about legacy boot being deprecated
for omap3.

We now have things working with device tree, and only omap3 is
still booting in legacy mode. So hopefully this warning will
help move the remaining legacy mode users to boot with device
tree.

As the total reduction of code and static data is somewhere
around 20000 lines of code once we remove omap3 legacy mode
booting, we really do want to make omap3 to boot also in
device tree mode only over the next few merge cycles.

* tag 'fixes-against-v3.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: (407 commits)
  ARM: OMAP2+: Warn about deprecated legacy booting mode
  ARM: omap2plus_defconfig: Fix errors with NAND BCH
  ARM: omap2plus_defconfig: Fix bloat caused by having ipv6 built-in
  + Linux 3.18-rc2

Signed-off-by: Olof Johansson <olof@lixom.net>
2014-11-02 13:37:07 -08:00
Linus Torvalds 3c43de0ffd Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
 - add the new bpf syscall to ARM.
 - drop a redundant return statement in __iommu_alloc_remap()
 - fix a performance issue noticed by Thomas Petazzoni with
   kmap_atomic().
 - fix an issue with the L2 cache OF parsing code which caused it to
   incorrectly print warnings on each boot, and make the warning text
   more consistent with the rest of the code

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: 8180/1: mm: implement no-highmem fast path in kmap_atomic_pfn()
  ARM: 8183/1: l2c: Improve l2c310_of_parse() error message
  ARM: 8181/1: Drop extra return statement
  ARM: 8182/1: l2c: Make l2x0_cache_size_of_parse() return 'int'
  ARM: enable bpf syscall
2014-11-02 12:56:20 -08:00
Linus Torvalds 7501a53329 A small set of x86 fixes. The most serious is an SRCU lockdep fix.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJUVd9KAAoJEL/70l94x66Dc1AH/0jdb8DsewyAuJzLKaJ/qJwK
 9JMqglpDQ+Sm0f2puPyJkR8NQd2AMPK7J5aJjWAl/XxJjsDcn+TQur20okzUDXLJ
 21sIbqo92hCgpSNs+RHLHlj7/iMQVYnMFh7bp6JcvzmhpN8F/D793BT+oOxdjMRg
 PLCQ794ugGhFboesDkV822VWgtQ26yG2aQDWbYgL9r5xPp5OpbzSiq85KopSEfS0
 K+PPntI8yNI+EvOC9ta0FfEOMMfQoLDds+V0FXiEIRx43MV8bwAXpWzsB8ibd1F6
 eY+cVvSPzWgDSCVLn3gfYkrRl3sWGdvyfxTe/cz507ZfXcuT2uHJhtbpH2KCGto=
 =FJ6/
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "A small set of x86 fixes.  The most serious is an SRCU lockdep fix.

  A bit late - needed some time to test the SRCU fix, which only came in
  on Friday"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: vmx: defer load of APIC access page address during reset
  KVM: nVMX: Disable preemption while reading from shadow VMCS
  KVM: x86: Fix far-jump to non-canonical check
  KVM: emulator: fix execution close to the segment limit
  KVM: emulator: fix error code for __linearize
2014-11-02 12:31:02 -08:00
Paolo Bonzini a73896cb5b KVM: vmx: defer load of APIC access page address during reset
Most call paths to vmx_vcpu_reset do not hold the SRCU lock.  Defer loading
the APIC access page to the next vmentry.

This avoids the following lockdep splat:

[ INFO: suspicious RCU usage. ]
3.18.0-rc2-test2+ #70 Not tainted
-------------------------------
include/linux/kvm_host.h:474 suspicious rcu_dereference_check() usage!

other info that might help us debug this:

rcu_scheduler_active = 1, debug_locks = 0
1 lock held by qemu-system-x86/2371:
 #0:  (&vcpu->mutex){+.+...}, at: [<ffffffffa037d800>] vcpu_load+0x20/0xd0 [kvm]

stack backtrace:
CPU: 4 PID: 2371 Comm: qemu-system-x86 Not tainted 3.18.0-rc2-test2+ #70
Hardware name: Dell Inc. OptiPlex 9010/0M9KCM, BIOS A12 01/10/2013
 0000000000000001 ffff880209983ca8 ffffffff816f514f 0000000000000000
 ffff8802099b8990 ffff880209983cd8 ffffffff810bd687 00000000000fee00
 ffff880208a2c000 ffff880208a10000 ffff88020ef50040 ffff880209983d08
Call Trace:
 [<ffffffff816f514f>] dump_stack+0x4e/0x71
 [<ffffffff810bd687>] lockdep_rcu_suspicious+0xe7/0x120
 [<ffffffffa037d055>] gfn_to_memslot+0xd5/0xe0 [kvm]
 [<ffffffffa03807d3>] __gfn_to_pfn+0x33/0x60 [kvm]
 [<ffffffffa0380885>] gfn_to_page+0x25/0x90 [kvm]
 [<ffffffffa038aeec>] kvm_vcpu_reload_apic_access_page+0x3c/0x80 [kvm]
 [<ffffffffa08f0a9c>] vmx_vcpu_reset+0x20c/0x460 [kvm_intel]
 [<ffffffffa039ab8e>] kvm_vcpu_reset+0x15e/0x1b0 [kvm]
 [<ffffffffa039ac0c>] kvm_arch_vcpu_setup+0x2c/0x50 [kvm]
 [<ffffffffa037f7e0>] kvm_vm_ioctl+0x1d0/0x780 [kvm]
 [<ffffffff810bc664>] ? __lock_is_held+0x54/0x80
 [<ffffffff812231f0>] do_vfs_ioctl+0x300/0x520
 [<ffffffff8122ee45>] ? __fget+0x5/0x250
 [<ffffffff8122f0fa>] ? __fget_light+0x2a/0xe0
 [<ffffffff81223491>] SyS_ioctl+0x81/0xa0
 [<ffffffff816fed6d>] system_call_fastpath+0x16/0x1b

Reported-by: Takashi Iwai <tiwai@suse.de>
Reported-by: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Reviewed-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Tested-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Fixes: 38b9917350
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-02 08:37:18 +01:00
Jan Kiszka 282da870f4 KVM: nVMX: Disable preemption while reading from shadow VMCS
In order to access the shadow VMCS, we need to load it. At this point,
vmx->loaded_vmcs->vmcs and the actually loaded one start to differ. If
we now get preempted by Linux, vmx_vcpu_put and, on return, the
vmx_vcpu_load will work against the wrong vmcs. That can cause
copy_shadow_to_vmcs12 to corrupt the vmcs12 state.

Fix the issue by disabling preemption during the copy operation.
copy_vmcs12_to_shadow is safe from this issue as it is executed by
vmx_vcpu_run when preemption is already disabled before vmentry.

This bug is exposed by running Jailhouse within KVM on CPUs with
shadow VMCS support.  Jailhouse never expects an interrupt pending
vmexit, but the bug can cause it if, after copy_shadow_to_vmcs12
is preempted, the active VMCS happens to have the virtual interrupt
pending flag set in the CPU-based execution controls.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-02 07:55:46 +01:00
Nadav Amit 7e46dddd6f KVM: x86: Fix far-jump to non-canonical check
Commit d1442d85cc ("KVM: x86: Handle errors when RIP is set during far
jumps") introduced a bug that caused the fix to be incomplete.  Due to
incorrect evaluation, far jump to segment with L bit cleared (i.e., 32-bit
segment) and RIP with any of the high bits set (i.e, RIP[63:32] != 0) set may
not trigger #GP.  As we know, this imposes a security problem.

In addition, the condition for two warnings was incorrect.

Fixes: d1442d85cc
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
[Add #ifdef CONFIG_X86_64 to avoid complaints of undefined behavior. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-11-02 07:54:55 +01:00
Dan Streetman 10ccaf178b powerpc: use device_online/offline() instead of cpu_up/down()
In powerpc pseries platform dlpar operations, use device_online() and
device_offline() instead of cpu_up() and cpu_down().

Calling cpu_up/down() directly does not update the cpu device offline
field, which is used to online/offline a cpu from sysfs. Calling
device_online/offline() instead keeps the sysfs cpu online value
correct. The hotplug lock, which is required to be held when calling
device_online/offline(), is already held when dlpar_online/offline_cpu()
are called, since they are called only from cpu_probe|release_store().

This patch fixes errors on phyp (PowerVM) systems that have cpu(s)
added/removed using dlpar operations; without this patch, the
/sys/devices/system/cpu/cpuN/online nodes do not correctly show the
online state of added/removed cpus.

Signed-off-by: Dan Streetman <ddstreet@ieee.org>
Cc: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Fixes: 0902a9044f ("Driver core: Use generic offline/online for CPU offline/online")
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-11-02 10:55:56 +11:00
Evgeniy Dushistov 9ece8839b1 ARM: orion: Fix for certain sequence of request_irq can cause irq storm
The problem is that hardware handled by arm/plat-orion/gpio.c,
require ack for edge irq, and no ack for level irq.

The code handle this issue, by two "struct irq_chip_type" per
one "struct irq_chip_generic". For one "struct irq_chip_generic"
irq_ack pointer is setted, for another it is NULL.

But we have only one mask_cache per two "struct irq_chip_type".
So if we
1)unmask interrupt A for "edge type" trigger,
2)unmask interrupt B for "level type" trigger,
3)unmask interrupt C for "edge type",

we, because of usage of generic irq_gc_mask_clr_bit/irq_gc_mask_set_bit,
have hardware configured to trigger interrupt B on "edge type",
because of shared mask_cache. But kernel think that B is "level type",
so when interrupt B occur via "edge" reason, we don't ack it,
and B triggered again and again.

Signed-off-by: Evgeniy A. Dushistov <dushistov@mail.ru>
Link: https://lkml.kernel.org/r/20140726155659.GA22977@fifteen
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2014-11-01 22:07:45 +00:00
Andrew Lunn 5129ee22ce ARM: mvebu: armada xp: Generalize use of i2c quirk
A second product has come to light which makes use of the A0 stepping
of the Armada XP SoC. A0 stepping has a hardware bug in the i2c core
meaning that hardware offload does not work, resulting in the kernel
failing to boot. The quirk detects that the kernel is running on an A0
stepping SoC and disables the use of hardware offload.

Currently the quirk is only enabled for PlatHome Openblocks AX3. The
AX3 has been produced with both A0 and B0 stepping SoCs. The second
product is the Lenovo Iomega IX4-300d. It seems likely that this
device will also swap from A0 to B0 SoC sometime during its life.

If there are two products using A0, it seems likely there are more
products with A0. Also, since the number of A0 SoCs is limited, these
products are also likely to transition to B0. Hence detecting at run
time is the safest option. So enable the quirk for all Armada XP
boards.

Tested on an AX3 with A0 stepping.

Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Acked-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Acked-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: stable@vger.kernel.org # v3.12+
Fixes: 930ab3d403ae: ("i2c: mv64xxx: Add I2C Transaction Generator support")
Link: https://lkml.kernel.org/r/1406395238-29758-2-git-send-email-andrew@lunn.ch
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
2014-11-01 22:07:44 +00:00
Junjie Mao e6023367d7 x86, kaslr: Prevent .bss from overlaping initrd
When choosing a random address, the current implementation does not take into
account the reversed space for .bss and .brk sections. Thus the relocated kernel
may overlap other components in memory. Here is an example of the overlap from a
x86_64 kernel in qemu (the ranges of physical addresses are presented):

 Physical Address

    0x0fe00000                  --+--------------------+  <-- randomized base
                               /  |  relocated kernel  |
                   vmlinux.bin    | (from vmlinux.bin) |
    0x1336d000    (an ELF file)   +--------------------+--
                               \  |                    |  \
    0x1376d870                  --+--------------------+   |
                                  |    relocs table    |   |
    0x13c1c2a8                    +--------------------+   .bss and .brk
                                  |                    |   |
    0x13ce6000                    +--------------------+   |
                                  |                    |  /
    0x13f77000                    |       initrd       |--
                                  |                    |
    0x13fef374                    +--------------------+

The initrd image will then be overwritten by the memset during early
initialization:

[    1.655204] Unpacking initramfs...
[    1.662831] Initramfs unpacking failed: junk in compressed archive

This patch prevents the above situation by requiring a larger space when looking
for a random kernel base, so that existing logic can effectively avoids the
overlap.

[kees: switched to perl to avoid hex translation pain in mawk vs gawk]
[kees: calculated overlap without relocs table]

Fixes: 82fa9637a2 ("x86, kaslr: Select random position from e820 maps")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Junjie Mao <eternal.n08@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Matt Fleming <matt.fleming@intel.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1414762838-13067-1-git-send-email-eternal.n08@gmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-01 22:20:50 +01:00
Borislav Petkov 4750a0d112 x86, microcode, AMD: Fix early ucode loading on 32-bit
Konrad triggered the following splat below in a 32-bit guest on an AMD
box. As it turns out, in save_microcode_in_initrd_amd() we're using the
*physical* address of the container *after* we have enabled paging and
thus we #PF in load_microcode_amd() when trying to access the microcode
container in the ramdisk range.

Because the ramdisk is exactly there:

[    0.000000] RAMDISK: [mem 0x35e04000-0x36ef9fff]

and we fault at 0x35e04304.

And since this guest doesn't relocate the ramdisk, we don't do the
computation which will give us the correct virtual address and we end up
with the PA.

So, we should actually be using virtual addresses on 32-bit too by the
time we're freeing the initrd. Do that then!

Unpacking initramfs...
BUG: unable to handle kernel paging request at 35d4e304
IP: [<c042e905>] load_microcode_amd+0x25/0x4a0
*pde = 00000000
Oops: 0000 [#1] SMP
Modules linked in:
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.17.1-302.fc21.i686 #1
Hardware name: Xen HVM domU, BIOS 4.4.1 10/01/2014
task: f5098000 ti: f50d0000 task.ti: f50d0000
EIP: 0060:[<c042e905>] EFLAGS: 00010246 CPU: 0
EIP is at load_microcode_amd+0x25/0x4a0
EAX: 00000000 EBX: f6e9ec4c ECX: 00001ec4 EDX: 00000000
ESI: f5d4e000 EDI: 35d4e2fc EBP: f50d1ed0 ESP: f50d1e94
 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: 35d4e304 CR3: 00e33000 CR4: 000406d0
Stack:
 00000000 00000000 f50d1ebc f50d1ec4 f5d4e000 c0d7735a f50d1ed0 15a3d17f
 f50d1ec4 00600f20 00001ec4 bfb83203 f6e9ec4c f5d4e000 c0d7735a f50d1ed8
 c0d80861 f50d1ee0 c0d80429 f50d1ef0 c0d889a9 f5d4e000 c0000000 f50d1f04
Call Trace:
? unpack_to_rootfs
? unpack_to_rootfs
save_microcode_in_initrd_amd
save_microcode_in_initrd
free_initrd_mem
populate_rootfs
? unpack_to_rootfs
do_one_initcall
? unpack_to_rootfs
? repair_env_string
? proc_mkdir
kernel_init_freeable
kernel_init
ret_from_kernel_thread
? rest_init

Reported-and-tested-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
References: https://bugzilla.redhat.com/show_bug.cgi?id=1158204
Fixes: 75a1ba5b2c ("x86, microcode, AMD: Unify valid container checks")
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org> # v3.14+
Link: http://lkml.kernel.org/r/20141101100100.GA4462@pd.tnic
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-11-01 20:24:21 +01:00
David S. Miller 7da89a2a37 sparc64: Fix crashes in schizo_pcierr_intr_other().
Meelis Roos reports crashes during bootup on a V480 that look like
this:

====================
[   61.300577] PCI: Scanning PBM /pci@9,600000
[   61.304867] schizo f009b070: PCI host bridge to bus 0003:00
[   61.310385] pci_bus 0003:00: root bus resource [io  0x7ffe9000000-0x7ffe9ffffff] (bus address [0x0000-0xffffff])
[   61.320515] pci_bus 0003:00: root bus resource [mem 0x7fb00000000-0x7fbffffffff] (bus address [0x00000000-0xffffffff])
[   61.331173] pci_bus 0003:00: root bus resource [bus 00]
[   61.385344] Unable to handle kernel NULL pointer dereference
[   61.390970] tsk->{mm,active_mm}->context = 0000000000000000
[   61.396515] tsk->{mm,active_mm}->pgd = fff000b000002000
[   61.401716]               \|/ ____ \|/
[   61.401716]               "@'/ .. \`@"
[   61.401716]               /_| \__/ |_\
[   61.401716]                  \__U_/
[   61.416362] swapper/0(0): Oops [#1]
[   61.419837] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 3.18.0-rc1-00422-g2cc9188-dirty #24
[   61.427975] task: fff000b0fd8e9c40 ti: fff000b0fd928000 task.ti: fff000b0fd928000
[   61.435426] TSTATE: 0000004480e01602 TPC: 00000000004455e4 TNPC: 00000000004455e8 Y: 00000000    Not tainted
[   61.445230] TPC: <schizo_pcierr_intr+0x104/0x560>
[   61.449897] g0: 0000000000000000 g1: 0000000000000000 g2: 0000000000a10f78 g3: 000000000000000a
[   61.458563] g4: fff000b0fd8e9c40 g5: fff000b0fdd82000 g6: fff000b0fd928000 g7: 000000000000000a
[   61.467229] o0: 000000000000003d o1: 0000000000000000 o2: 0000000000000006 o3: fff000b0ffa5fc7e
[   61.475894] o4: 0000000000060000 o5: c000000000000000 sp: fff000b0ffa5f3c1 ret_pc: 00000000004455cc
[   61.484909] RPC: <schizo_pcierr_intr+0xec/0x560>
[   61.489500] l0: fff000b0fd8e9c40 l1: 0000000000a20800 l2: 0000000000000000 l3: 000000000119a430
[   61.498164] l4: 0000000001742400 l5: 00000000011cfbe0 l6: 00000000011319c0 l7: fff000b0fd8ea348
[   61.506830] i0: 0000000000000000 i1: fff000b0fdb34000 i2: 0000000320000000 i3: 0000000000000000
[   61.515497] i4: 00060002010b003f i5: 0000040004e02000 i6: fff000b0ffa5f481 i7: 00000000004a9920
[   61.524175] I7: <handle_irq_event_percpu+0x40/0x140>
[   61.529099] Call Trace:
[   61.531531]  [00000000004a9920] handle_irq_event_percpu+0x40/0x140
[   61.537681]  [00000000004a9a58] handle_irq_event+0x38/0x80
[   61.543145]  [00000000004ac77c] handle_fasteoi_irq+0xbc/0x200
[   61.548860]  [00000000004a9084] generic_handle_irq+0x24/0x40
[   61.554500]  [000000000042be0c] handler_irq+0xac/0x100
====================

The problem is that pbm->pci_bus->self is NULL.

This code is trying to go through the standard PCI config space
interfaces to read the PCI controller's PCI_STATUS register.

This doesn't work, because we more often than not do not enumerate
the PCI controller as a bonafide PCI device during the OF device
node scan.  Therefore bus->self remains NULL.

Existing common code for PSYCHO and PSYCHO-like PCI controllers
handles this properly, by doing the config space access directly.

Do the same here, pbm->pci_ops->{read,write}().

Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-11-01 00:33:58 -04:00
Andy Lutomirski 653bc77af6 x86_64, entry: Fix out of bounds read on sysenter
Rusty noticed a Really Bad Bug (tm) in my NT fix.  The entry code
reads out of bounds, causing the NT fix to be unreliable.  But, and
this is much, much worse, if your stack is somehow just below the
top of the direct map (or a hole), you read out of bounds and crash.

Excerpt from the crash:

[    1.129513] RSP: 0018:ffff88001da4bf88  EFLAGS: 00010296

  2b:*    f7 84 24 90 00 00 00     testl  $0x4000,0x90(%rsp)

That read is deterministically above the top of the stack.  I
thought I even single-stepped through this code when I wrote it to
check the offset, but I clearly screwed it up.

Fixes: 8c7aa698ba ("x86_64, entry: Filter RFLAGS.NT on entry from userspace")
Reported-by: Rusty Russell <rusty@ozlabs.org>
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-10-31 18:47:09 -07:00
Linus Torvalds 89453379aa Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:
 "A bit has accumulated, but it's been a week or so since my last batch
  of post-merge-window fixes, so...

   1) Missing module license in netfilter reject module, from Pablo.
      Lots of people ran into this.

   2) Off by one in mac80211 baserate calculation, from Karl Beldan.

   3) Fix incorrect return value from ax88179_178a driver's set_mac_addr
      op, which broke use of it with bonding.  From Ian Morgan.

   4) Checking of skb_gso_segment()'s return value was not all
      encompassing, it can return an SKB pointer, a pointer error, or
      NULL.  Fix from Florian Westphal.

      This is crummy, and longer term will be fixed to just return error
      pointers or a real SKB.

   6) Encapsulation offloads not being handled by
      skb_gso_transport_seglen().  From Florian Westphal.

   7) Fix deadlock in TIPC stack, from Ying Xue.

   8) Fix performance regression from using rhashtable for netlink
      sockets.  The problem was the synchronize_net() invoked for every
      socket destroy.  From Thomas Graf.

   9) Fix bug in eBPF verifier, and remove the strong dependency of BPF
      on NET.  From Alexei Starovoitov.

  10) In qdisc_create(), use the correct interface to allocate
      ->cpu_bstats, otherwise the u64_stats_sync member isn't
      initialized properly.  From Sabrina Dubroca.

  11) Off by one in ip_set_nfnl_get_byindex(), from Dan Carpenter.

  12) nf_tables_newchain() was erroneously expecting error pointers from
      netdev_alloc_pcpu_stats().  It only returna a valid pointer or
      NULL.  From Sabrina Dubroca.

  13) Fix use-after-free in _decode_session6(), from Li RongQing.

  14) When we set the TX flow hash on a socket, we mistakenly do so
      before we've nailed down the final source port.  Move the setting
      deeper to fix this.  From Sathya Perla.

  15) NAPI budget accounting in amd-xgbe driver was counting descriptors
      instead of full packets, fix from Thomas Lendacky.

  16) Fix total_data_buflen calculation in hyperv driver, from Haiyang
      Zhang.

  17) Fix bcma driver build with OF_ADDRESS disabled, from Hauke
      Mehrtens.

  18) Fix mis-use of per-cpu memory in TCP md5 code.  The problem is
      that something that ends up being vmalloc memory can't be passed
      to the crypto hash routines via scatter-gather lists.  From Eric
      Dumazet.

  19) Fix regression in promiscuous mode enabling in cdc-ether, from
      Olivier Blin.

  20) Bucket eviction and frag entry killing can race with eachother,
      causing an unlink of the object from the wrong list.  Fix from
      Nikolay Aleksandrov.

  21) Missing initialization of spinlock in cxgb4 driver, from Anish
      Bhatt.

  22) Do not cache ipv4 routing failures, otherwise if the sysctl for
      forwarding is subsequently enabled this won't be seen.  From
      Nicolas Cavallari"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (131 commits)
  drivers: net: cpsw: Support ALLMULTI and fix IFF_PROMISC in switch mode
  drivers: net: cpsw: Fix broken loop condition in switch mode
  net: ethtool: Return -EOPNOTSUPP if user space tries to read EEPROM with lengh 0
  stmmac: pci: set default of the filter bins
  net: smc91x: Fix gpios for device tree based booting
  mpls: Allow mpls_gso to be built as module
  mpls: Fix mpls_gso handler.
  r8152: stop submitting intr for -EPROTO
  netfilter: nft_reject_bridge: restrict reject to prerouting and input
  netfilter: nft_reject_bridge: don't use IP stack to reject traffic
  netfilter: nf_reject_ipv6: split nf_send_reset6() in smaller functions
  netfilter: nf_reject_ipv4: split nf_send_reset() in smaller functions
  netfilter: nf_tables_bridge: update hook_mask to allow {pre,post}routing
  drivers/net: macvtap and tun depend on INET
  drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets
  drivers/net: Disable UFO through virtio
  net: skb_fclone_busy() needs to detect orphaned skb
  gre: Use inner mac length when computing tunnel length
  mlx4: Avoid leaking steering rules on flow creation error flow
  net/mlx4_en: Don't attempt to TX offload the outer UDP checksum for VXLAN
  ...
2014-10-31 15:04:58 -07:00
Linus Torvalds 53429290a0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Pull sparc update from David Miller:
 "Two changes:

  1) It makes no sense to execute a VTOC partition table request in the
     Sun virtual block device driver and fail to load if it doesn't
     succeed because a) we don't use the result at all and b) it won't
     succeed if there is an EFI partition on the disk, for example.

     We read the partition table via the normal means in the block layer
     anyways, so this is really completely useless, so just remove it.

     From Dwight Engen.

  2) Hook up new bpf system call"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sunvdc: don't call VD_OP_GET_VTOC
  sparc: Hook up bpf system call.
2014-10-31 15:00:48 -07:00
Linus Torvalds 9f58c62fcc Microblaze patches for 3.18-rc3
- Wire-up new syscall
 - Fix PCI bug
 - Fix Kconfig warning
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.10 (GNU/Linux)
 
 iEYEABECAAYFAlRTi7YACgkQykllyylKDCGGIACgkMfyXR9QE6SDC09L7k2NoPTw
 qxMAn1/mKUPWGSCIK6NklOXgAEiILscA
 =Gtqs
 -----END PGP SIGNATURE-----

Merge tag 'microblaze-3.18-rc3' of git://git.monstr.eu/linux-2.6-microblaze

Pull Microblaze updates from Michal Simek:
 - wire-up new bpf syscall
 - fix PCI bug
 - fix Kconfig warning

* tag 'microblaze-3.18-rc3' of git://git.monstr.eu/linux-2.6-microblaze:
  microblaze: Wire up bpf syscall
  microblaze: Fix IO space breakage after of_pci_range_to_resource() change
  microblaze: Fix missing NR_CPUS in menuconfig
2014-10-31 14:43:42 -07:00
Linus Torvalds 19e0d5f16a Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Fixes from all around the place:

   - hyper-V 32-bit PAE guest kernel fix
   - two IRQ allocation fixes on certain x86 boards
   - intel-mid boot crash fix
   - intel-quark quirk
   - /proc/interrupts duplicate irq chip name fix
   - cma boot crash fix
   - syscall audit fix
   - boot crash fix with certain TSC configurations (seen on Qemu)
   - smpboot.c build warning fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
  ACPI, irq, x86: Return IRQ instead of GSI in mp_register_gsi()
  x86, intel-mid: Create IRQs for APB timers and RTC timers
  x86: Don't enable F00F workaround on Intel Quark processors
  x86/irq: Fix XT-PIC-XT-PIC in /proc/interrupts
  x86, cma: Reserve DMA contiguous area after initmem_init()
  i386/audit: stop scribbling on the stack frame
  x86, apic: Handle a bad TSC more gracefully
  x86: ACPI: Do not translate GSI number if IOAPIC is disabled
  x86/smpboot: Move data structure to its primary usage scope
2014-10-31 14:30:16 -07:00
Linus Torvalds f5fa363026 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
 "Various scheduler fixes all over the place: three SCHED_DL fixes,
  three sched/numa fixes, two generic race fixes and a comment fix"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/dl: Fix preemption checks
  sched: Update comments for CLONE_NEWNS
  sched: stop the unbound recursion in preempt_schedule_context()
  sched/fair: Fix division by zero sysctl_numa_balancing_scan_size
  sched/fair: Care divide error in update_task_scan_period()
  sched/numa: Fix unsafe get_task_struct() in task_numa_assign()
  sched/deadline: Fix races between rt_mutex_setprio() and dl_task_timer()
  sched/deadline: Don't replenish from a !SCHED_DEADLINE entity
  sched: Fix race between task_group and sched_task_group
2014-10-31 14:05:35 -07:00
Linus Torvalds 5656b408ff Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "Mostly tooling fixes, plus on the kernel side:

   - a revert for a newly introduced PMU driver which isn't complete yet
     and where we ran out of time with fixes (to be tried again in
     v3.19) - this makes up for a large chunk of the diffstat.

   - compilation warning fixes

   - a printk message fix

   - event_idx usage fixes/cleanups"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf probe: Trivial typo fix for --demangle
  perf tools: Fix report -F dso_from for data without branch info
  perf tools: Fix report -F dso_to for data without branch info
  perf tools: Fix report -F symbol_from for data without branch info
  perf tools: Fix report -F symbol_to for data without branch info
  perf tools: Fix report -F mispredict for data without branch info
  perf tools: Fix report -F in_tx for data without branch info
  perf tools: Fix report -F abort for data without branch info
  perf tools: Make CPUINFO_PROC an array to support different kernel versions
  perf callchain: Use global caching provided by libunwind
  perf/x86/intel: Revert incomplete and undocumented Broadwell client support
  perf/x86: Fix compile warnings for intel_uncore
  perf: Fix typos in sample code in the perf_event.h header
  perf: Fix and clean up initialization of pmu::event_idx
  perf: Fix bogus kernel printk
  perf diff: Add missing hists__init() call at tool start
2014-10-31 14:01:47 -07:00
Tony Lindgren 7d2911c438 net: smc91x: Fix gpios for device tree based booting
With legacy booting, the platform init code was taking care of
the configuring of GPIOs. With device tree based booting, things
may or may not work depending what bootloader has configured or
if the legacy platform code gets called.

Let's add support for the pwrdn and reset GPIOs to the smc91x
driver to fix the issues of smc91x not working properly when
booted in device tree mode.

And let's change n900 to use these settings as some versions
of the bootloader do not configure things properly causing
errors.

Reported-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-31 15:54:18 -04:00
Benjamin Herrenschmidt 325e411404 powerpc/powernv: Properly fix LPC debugfs endianness
Endian is hard, especially when I designed a stupid FW interface, and
I should know better... oh well, this is attempt #2 at fixing this
properly. This time it seems to work with all access sizes and I
can run my flashing tool (which exercises all sort of access sizes
and types to access the SPI controller in the BMC) just fine.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
CC: stable@vger.kernel.org
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-10-31 17:09:04 +11:00
Anton Blanchard 808be31426 powerpc: do_notify_resume can be called with bad thread_info flags argument
Back in 7230c56441 ("powerpc: Rework lazy-interrupt handling") we
added a call out to restore_interrupts() (written in c) before calling
do_notify_resume:

        bl      restore_interrupts
        addi    r3,r1,STACK_FRAME_OVERHEAD
        bl      do_notify_resume

Unfortunately do_notify_resume takes two arguments, the second one
being the thread_info flags:

void do_notify_resume(struct pt_regs *regs, unsigned long thread_info_flags)

We do populate r4 (the second argument) earlier, but
restore_interrupts() is free to muck it up all it wants. My guess is
the gcc compiler gods shone down on us and its register allocator
never used r4. Sometimes, rarely, luck is on our side.

LLVM on the other hand did trample r4.

Signed-off-by: Anton Blanchard <anton@samba.org>
Cc: stable@vger.kernel.org
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-10-31 16:52:46 +11:00
Amit Daniel Kachhap f4fd36b880 arm64: psci: fix cpu_suspend to check idle state type for index
This fix rectifies the psci cpu_suspend implementation to check the
PSCI power state parameter type field associated with the requested idle
state index.

Acked-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Amit Daniel Kachhap <amit.daniel@samsung.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2014-10-30 16:29:07 +00:00
Hari Bathini 408cddd96e powerpc/fadump: Fix endianess issues in firmware assisted dump handling
Firmware-assisted dump (fadump) kernel code is not endian safe. The
below patch fixes this issue. Tested this patch with upstream kernel.
Below output shows crash tool successfully opening LE fadump vmcore.

    # crash vmlinux vmcore
    GNU gdb (GDB) 7.6
    This GDB was configured as "powerpc64le-unknown-linux-gnu"...

          KERNEL: vmlinux
        DUMPFILE: vmcore
    	CPUS: 16
    	DATE: Wed Dec 31 19:00:00 1969
          UPTIME: 00:03:28
    LOAD AVERAGE: 0.46, 0.86, 0.41
           TASKS: 268
        NODENAME: linux-dhr2
         RELEASE: 3.17.0-rc5-7-default
         VERSION: #6 SMP Tue Sep 30 01:06:34 EDT 2014
         MACHINE: ppc64le  (4116 Mhz)
          MEMORY: 40 GB
           PANIC: "Oops: Kernel access of bad area, sig: 11 [#1]" (check log for details)
    	 PID: 6223
         COMMAND: "bash"
    	TASK: c0000009661b2500  [THREAD_INFO: c000000967ac0000]
    	 CPU: 2
           STATE: TASK_RUNNING (PANIC)

Signed-off-by: Hari Bathini <hbathini@linux.vnet.ibm.com>
[mpe: Make the comment in pSeries_lpar_hptab_clear() clearer]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-10-30 16:52:46 +11:00
Fabian Frederick 94966b712c powerpc: Fix section mismatch warning
Add __init to MMU_setup() which uses __initdata boot_command_line.
Also MMU_setup() is only called from MMU_init(), which is also __init.

Warning appeared since commit 3e47d1474c.

Fixes: 3e47d1474c ("powerpc: Remove powerpc specific cmd_line")
Signed-off-by: Fabian Frederick <fabf@skynet.be>
[mpe: Update changelog]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-10-30 11:22:33 +11:00
Linus Torvalds a7ca10f263 Merge branch 'akpm' (incoming from Andrew Morton)
Merge misc fixes from Andrew Morton:
 "21 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (21 commits)
  mm/balloon_compaction: fix deflation when compaction is disabled
  sh: fix sh770x SCIF memory regions
  zram: avoid NULL pointer access in concurrent situation
  mm/slab_common: don't check for duplicate cache names
  ocfs2: fix d_splice_alias() return code checking
  mm: rmap: split out page_remove_file_rmap()
  mm: memcontrol: fix missed end-writeback page accounting
  mm: page-writeback: inline account_page_dirtied() into single caller
  lib/bitmap.c: fix undefined shift in __bitmap_shift_{left|right}()
  drivers/rtc/rtc-bq32k.c: fix register value
  memory-hotplug: clear pgdat which is allocated by bootmem in try_offline_node()
  drivers/rtc/rtc-s3c.c: fix initialization failure without rtc source clock
  kernel/kmod: fix use-after-free of the sub_info structure
  drivers/rtc/rtc-pm8xxx.c: rework to support pm8941 rtc
  mm, thp: fix collapsing of hugepages on madvise
  drivers: of: add return value to of_reserved_mem_device_init()
  mm: free compound page with correct order
  gcov: add ARM64 to GCOV_PROFILE_ALL
  fsnotify: next_i is freed during fsnotify_unmount_inodes.
  mm/compaction.c: avoid premature range skip in isolate_migratepages_range
  ...
2014-10-29 16:38:48 -07:00
Andriy Skulysh 5417421b27 sh: fix sh770x SCIF memory regions
Resources scif1_resources & scif2_resources overlap.  Actual SCIF region
size is 0x10.

This is regression from commit d850acf975 ("sh: Declare SCIF register
base and IRQ as resources")

Signed-off-by: Andriy Skulysh <askulysh@gmail.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-10-29 16:33:15 -07:00
Tony Lindgren 4b91f7f3c8 ARM: OMAP2+: Warn about deprecated legacy booting mode
We're moving omaps to use device tree based booting and already have
omap2, omap4, omap5, am335x and am437x booting in device tree only
mode.

Only omap3 still has legacy booting still around and we really want
to make that device tree only. So let's add a warning about deprecated
legacy booting so we get people to upgrade their boards to use device
tree based booting and find out about any remaining issues.

Note that for most boards we already have the .dts file and those can
be booted with without changing the bootloader using the appended
DTB mode.

Acked-By: Sebastian Reichel <sre@kernel.org>
Reviewed-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Reviewed-by: Javier Martinez Canillas <javier@dowhile0.org>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2014-10-29 12:19:20 -07:00
Tony Lindgren 739fd50784 ARM: omap2plus_defconfig: Fix errors with NAND BCH
Looks like we need to have BCH enabled to get NAND
working and to avoid getting:

nand: error: CONFIG_MTD_NAND_ECC_BCH not enabled

Signed-off-by: Tony Lindgren <tony@atomide.com>
2014-10-29 12:19:20 -07:00
Linus Torvalds 19be9e8aa7 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux
Pull powerpc updates from Michael Ellerman:
 "There's some bug fixes or cleanups to facilitate fixes, a MAINTAINERS
  update, and a new syscall (bpf)"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux:
  powerpc/numa: ensure per-cpu NUMA mappings are correct on topology update
  powerpc/numa: use cached value of update->cpu in update_cpu_topology
  cxl: Fix PSL error due to duplicate segment table entries
  powerpc/mm: Use appropriate ESID mask in copro_calculate_slb()
  cxl: Refactor cxl_load_segment() and find_free_sste()
  cxl: Disable secondary hash in segment table
  Revert "powerpc/powernv: Fix endian bug in LPC bus debugfs accessors"
  powernv: Use _GLOBAL_TOC for opal wrappers
  powerpc: Wire up sys_bpf() syscall
  MAINTAINERS: nx-842 driver maintainer change
  powerpc/mm: Remove redundant #if case
  powerpc/mm: Fix build error with hugetlfs disabled
2014-10-29 11:11:44 -07:00
Thomas Petazzoni 9ff0bb5ba6 ARM: 8180/1: mm: implement no-highmem fast path in kmap_atomic_pfn()
Since CONFIG_HIGHMEM got enabled on ARMv5 Kirkwood, we have noticed a
very significant drop in networking performance. The test were
conducted on an OpenBlocks A7 board. Without this patch, the outgoing
performance measured with iperf are:

 - highmem OFF, TSO OFF   544 Mbit/s
 - highmem OFF, TSO ON	  942 Mbit/s
 - highmem ON,  TSO OFF   306 Mbit/s
 - highmem ON,  TSO ON    246 Mbit/s

On this Kirkwood platform, the L2 cache is a Feroceon cache, and with
this cache, all the range operations have to be done on virtual
addresses and not physical addresses. Therefore, whenever
CONFIG_HIGHMEM is enabled, the cache maintenance operations call
kmap_atomic_pfn() and kunmap_atomic().

However, kmap_atomic_pfn() does not implement the same fast path for
non-highmem pages as the one implemented in kmap_atomic(), and this is
one of the reason for the performance drop. While this patch does not
fully restore the performances, it clearly improves them a lot:

      	      	        without patch  with patch

 - highmem ON, TSO OFF   306 Mbit/s     387 Mbit/s
 - highmem ON, TSO ON    246 Mbit/s     434 Mbit/s

We're still far from the !CONFIG_HIGHMEM performances, but it does
improve a bit the situation.

Thanks a lot to Ezequiel Garcia and Gregory Clement for all the
testing work around this topic.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-10-29 17:22:07 +00:00
Fabio Estevam 6d0ec1dd90 ARM: 8183/1: l2c: Improve l2c310_of_parse() error message
Russell King suggested [1]:

"I'd ask for one change.  Please make all these messages start with
"L2C-310 OF" not "PL310 OF:".  The device is described in ARM
documentation as a L2C-310 not PL310.  (Also note the : is dropped
too - most of the other messages don't have the : either.)

The:

"PL310 OF: cache setting yield illegal associativity
PL310 OF: -1073346556 calculated, only 8 and 16 legal"

message could also be changed to something like:

"L2C-310 OF cache associativity %d invalid, only 8 or 16 permittedn"

[1] http://www.spinics.net/lists/arm-kernel/msg372776.html

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-10-29 17:20:55 +00:00
Laura Abbott 005757298f ARM: 8181/1: Drop extra return statement
Commit 513510ddba
(common: dma-mapping: introduce common remapping functions)
managed to end up with an extra return statement from the
original patch. Drop it.

Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-10-29 17:20:51 +00:00
Paolo Bonzini fd56e1546a KVM: emulator: fix execution close to the segment limit
Emulation of code that is 14 bytes to the segment limit or closer
(e.g. RIP = 0xFFFFFFF2 after reset) is broken because we try to read as
many as 15 bytes from the beginning of the instruction, and __linearize
fails when the passed (address, size) pair reaches out of the segment.

To fix this, let __linearize return the maximum accessible size (clamped
to 2^32-1) for usage in __do_insn_fetch_bytes, and avoid the limit check
by passing zero for the desired size.

For expand-down segments, __linearize is performing a redundant check.
(u32)(addr.ea + size - 1) <= lim can only happen if addr.ea is close
to 4GB; in this case, addr.ea + size - 1 will also fail the check against
the upper bound of the segment (which is provided by the D/B bit).
After eliminating the redundant check, it is simple to compute
the *max_size for expand-down segments too.

Now that the limit check is done in __do_insn_fetch_bytes, we want
to inject a general protection fault there if size < op_size (like
__linearize would have done), instead of just aborting.

This fixes booting Tiano Core from emulated flash with EPT disabled.

Cc: stable@vger.kernel.org
Fixes: 719d5a9b24
Reported-by: Borislav Petkov <bp@suse.de>
Tested-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-29 13:13:48 +01:00
Paolo Bonzini 3606189fa3 KVM: emulator: fix error code for __linearize
The error code for #GP and #SS is zero when the segment is used to
access an operand or an instruction.  It is only non-zero when
a segment register is being loaded; for limit checks this means
cases such as:

* for #GP, when RIP is beyond the limit on a far call (before the first
instruction is executed).  We do not implement this check, but it
would be in em_jmp_far/em_call_far.

* for #SS, if the new stack overflows during an inter-privilege-level
call to a non-conforming code segment.  We do not implement stack
switching at all.

So use an error code of zero.

Reviewed-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-29 12:40:28 +01:00
Fabio Estevam d0b92845e5 ARM: 8182/1: l2c: Make l2x0_cache_size_of_parse() return 'int'
Since commit f3354ab674 ("ARM: 8169/1: l2c: parse cache properties from
ePAPR definitions") the following error is seen on imx6q:

[    0.000000] PL310 OF: cache setting yield illegal associativity
[    0.000000] PL310 OF: -2147097556 calculated, only 8 and 16 legal

As imx6q does not pass the "cache-size" and "cache-sets" properties in DT, the function l2x0_cache_size_of_parse() returns early and keep the 'associativity' pointer uninitialized.

To fix this problem, return error codes inside l2x0_cache_size_of_parse() and only use the 'associativity' pointer result if l2x0_cache_size_of_parse() succeeds.

Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-10-29 11:13:02 +00:00
Ingo Molnar 1776b10627 perf/x86/intel: Revert incomplete and undocumented Broadwell client support
These patches:

  86a349a28b ("perf/x86/intel: Add Broadwell core support")
  c46e665f03 ("perf/x86: Add INST_RETIRED.ALL workarounds")
  fdda3c4aac ("perf/x86/intel: Use Broadwell cache event list for Haswell")

introduced magic constants and unexplained changes:

  https://lkml.org/lkml/2014/10/28/1128
  https://lkml.org/lkml/2014/10/27/325
  https://lkml.org/lkml/2014/8/27/546
  https://lkml.org/lkml/2014/10/28/546

Peter Zijlstra has attempted to help out, to clean up the mess:

  https://lkml.org/lkml/2014/10/28/543

But has not received helpful and constructive replies which makes
me doubt wether it can all be finished in time until v3.18 is
released.

Despite various review feedback the author (Andi Kleen) has answered
only few of the review questions and has generally been uncooperative,
only giving replies when prompted repeatedly, and only giving minimal
answers instead of constructively explaining and helping along the effort.

That kind of behavior is not acceptable.

There's also a boot crash on Intel E5-1630 v3 CPUs reported for another
commit from Andi Kleen:

  e735b9db12 ("perf/x86/intel/uncore: Add Haswell-EP uncore support")

  https://lkml.org/lkml/2014/10/22/730

Which is not yet resolved. The uncore driver is independent in theory,
but the crash makes me worry about how well all these patches were
tested and makes me uneasy about the level of interminging that the
Broadwell and Haswell code has received by the commits above.

As a first step to resolve the mess revert the Broadwell client commits
back to the v3.17 version, before we run out of time and problematic
code hits a stable upstream kernel.

( If the Haswell-EP crash is not resolved via a simple fix then we'll have
  to revert the Haswell-EP uncore driver as well. )

The Broadwell client series has to be submitted in a clean fashion, with
single, well documented changes per patch. If they are submitted in time
and are accepted during review then they can possibly go into v3.19 but
will need additional scrutiny due to the rocky history of this patch set.

Cc: Andi Kleen <ak@linux.intel.com>
Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: eranian@google.com
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/1409683455-29168-3-git-send-email-andi@firstfloor.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-29 11:07:58 +01:00
Dexuan Cui d1cd121083 x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE
pte_pfn() returns a PFN of long (32 bits in 32-PAE), so "long <<
PAGE_SHIFT" will overflow for PFNs above 4GB.

Due to this issue, some Linux 32-PAE distros, running as guests on Hyper-V,
with 5GB memory assigned, can't load the netvsc driver successfully and
hence the synthetic network device can't work (we can use the kernel parameter
mem=3000M to work around the issue).

Cast pte_pfn() to phys_addr_t before shifting.

Fixes: "commit d76565344512: x86, mm: Create slow_virt_to_phys()"
Signed-off-by: Dexuan Cui <decui@microsoft.com>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: gregkh@linuxfoundation.org
Cc: linux-mm@kvack.org
Cc: olaf@aepfle.de
Cc: apw@canonical.com
Cc: jasowang@redhat.com
Cc: dave.hansen@intel.com
Cc: riel@redhat.com
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/1414580017-27444-1-git-send-email-decui@microsoft.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2014-10-29 10:57:21 +01:00
Jiang Liu b77e8f4353 ACPI, irq, x86: Return IRQ instead of GSI in mp_register_gsi()
Function mp_register_gsi() returns blindly the GSI number for the ACPI
SCI interrupt. That causes a regression when the GSI for ACPI SCI is
shared with other devices.

The regression was caused by commit 84245af729 "x86, irq, ACPI:
Change __acpi_register_gsi to return IRQ number instead of GSI" and
exposed on a SuperMicro system, which shares one GSI between ACPI SCI
and PCI device, with following failure:

http://sourceforge.net/p/linux1394/mailman/linux1394-user/?viewmonth=201410
[    0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 20 low
level)
[    2.699224] firewire_ohci 0000:06:00.0: failed to allocate interrupt
20

Return mp_map_gsi_to_irq(gsi, 0) instead of the GSI number.

Reported-and-Tested-by: Daniel Robbins <drobbins@funtoo.org>
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Len Brown <len.brown@intel.com>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: <stable@vger.kernel.org> # 3.17
Link: http://lkml.kernel.org/r/1414387308-27148-4-git-send-email-jiang.liu@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-29 08:52:30 +01:00
Jiang Liu f18298595a x86, intel-mid: Create IRQs for APB timers and RTC timers
Intel MID platforms has no legacy interrupts, so no IRQ descriptors
preallocated. We need to call mp_map_gsi_to_irq() to create IRQ
descriptors for APB timers and RTC timers, otherwise it may cause
invalid memory access as:
[    0.116839] BUG: unable to handle kernel NULL pointer dereference at
0000003a
[    0.123803] IP: [<c1071c0e>] setup_irq+0xf/0x4d

Tested-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Jiang Liu <jiang.liu@linux.intel.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: Joerg Roedel <joro@8bytes.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: H. Peter Anvin <hpa@linux.intel.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Rafael J. Wysocki <rjw@rjwysocki.net>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: David Cohen <david.a.cohen@linux.intel.com>
Cc: <stable@vger.kernel.org> # 3.17
Link: http://lkml.kernel.org/r/1414387308-27148-3-git-send-email-jiang.liu@linux.intel.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-29 08:52:23 +01:00
Dave Jones d4e1a0af1d x86: Don't enable F00F workaround on Intel Quark processors
The Intel Quark processor is a part of family 5, but does not have the
F00F bug present in Pentiums of the same family.

Pentiums were models 0 through 8, Quark is model 9.

Signed-off-by: Dave Jones <davej@redhat.com>
Cc: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Link: http://lkml.kernel.org/r/20141028175753.GA12743@redhat.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-29 08:52:09 +01:00
Zubair Lutfullah Kakakhel 30fa0530ff MIPS: CMA: Do not reserve memory if not required
Even if CMA is disabled, the for_each_memblock macro expands
to run reserve_bootmem once. Hence, reserve_bootmem attempts to
reserve location 0 of size 0.

Add a check to avoid that.

Issue was highlighted during testing with EVA enabled.
resrve_bootmem used to exit gracefully when passed arguments to
reserve 0 size location at 0 without EVA.

But with EVA enabled, macros would point to different addresses
and the code would trigger a BUG.

Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Tested-by: Markos Chandras <markos.chandras@imgtec.com>
Tested-by: Huacai Chen <chenhc@lemote.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/8231/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-10-29 02:59:25 +01:00
Russell King 2d605a3029 ARM: enable bpf syscall
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2014-10-29 00:18:20 +00:00
Nishanth Aravamudan 2c0a33f986 powerpc/numa: ensure per-cpu NUMA mappings are correct on topology update
We received a report of warning in kernel/sched/core.c where the sched
group was NULL on an LPAR after a topology update. This seems to occur
because after the topology update has moved the CPUs, cpu_to_node is
returning the old value still, which ends up breaking the consistency of
the NUMA topology in the per-cpu maps. Ensure that we update the per-cpu
fields when we re-map CPUs.

Signed-off-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-10-29 09:41:22 +11:00
Nishanth Aravamudan 49f8d8c043 powerpc/numa: use cached value of update->cpu in update_cpu_topology
There isn't any need to keep referring to update->cpu, as we've already
checked cpu == update->cpu at this point.

Signed-off-by: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-10-29 09:41:22 +11:00
Srinivas Kandagatla d609309969 ARM: multi_v7_defconfig: fix support for APQ8084
This patch enables configs required to boot IFC6540 board with atleast a
serial console.

Without this patch there is no serial console.

Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2014-10-28 22:10:58 +01:00
Stefan Hengelein f267ea0fe0 ARM: ixp4xx: remove compilation warnings in io.h
When arch/arm/mach-ixp4xx/common-pci.c is compiled, two warnings
occur:

arch/arm/mach-ixp4xx/include/mach/io.h:144: warning: passing argument 1 of '__raw_readb' makes pointer from integer without a cast
arch/arm/mach-ixp4xx/include/mach/io.h:79: warning: passing argument 2 of '__raw_writeb' makes pointer from integer without a cast

Both functions expect an 'volatile void __iomem *' but get an u32.
The 'u32 addr' variable is initialized with the address of an
'volatile void __iomem *' pointer. Passing the pointer
directly, avoids the warning and semantics are preserved.

This warning was found with vampyr.

Signed-off-by: Stefan Hengelein <stefan.hengelein@fau.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2014-10-28 22:04:01 +01:00
Linus Torvalds 6e2028aaa1 Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
 "A couple of ARM fixes.

  We fix some printk formats for ptrdiff_t quantities which cause GCC
  4.9 to complain, and we also blacklist known buggy GCC 4.8.x compilers
  as their miscompilation is serious enough to cause filesystem
  corruption, even through many distros have fixed their versions"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: fix some printk formats
  ARM: Blacklist GCC 4.8.0 to GCC 4.8.2 - PR58854
2014-10-28 13:17:11 -07:00
David S. Miller c20ce79303 sparc: Hook up bpf system call.
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-28 11:30:43 -07:00
Maciej W. Rozycki 60e684f0d6 x86/irq: Fix XT-PIC-XT-PIC in /proc/interrupts
Fix duplicate XT-PIC seen in /proc/interrupts on x86 systems
that make  use of 8259A Programmable Interrupt Controllers.
Specifically convert  output like this:

           CPU0
  0:      76573    XT-PIC-XT-PIC    timer
  1:         11    XT-PIC-XT-PIC    i8042
  2:          0    XT-PIC-XT-PIC    cascade
  4:          8    XT-PIC-XT-PIC    serial
  6:          3    XT-PIC-XT-PIC    floppy
  7:          0    XT-PIC-XT-PIC    parport0
  8:          1    XT-PIC-XT-PIC    rtc0
 10:        448    XT-PIC-XT-PIC    fddi0
 12:         23    XT-PIC-XT-PIC    eth0
 14:       2464    XT-PIC-XT-PIC    ide0
NMI:          0   Non-maskable interrupts
ERR:          0

to one like this:

           CPU0
  0:     122033    XT-PIC  timer
  1:         11    XT-PIC  i8042
  2:          0    XT-PIC  cascade
  4:          8    XT-PIC  serial
  6:          3    XT-PIC  floppy
  7:          0    XT-PIC  parport0
  8:          1    XT-PIC  rtc0
 10:        145    XT-PIC  fddi0
 12:         31    XT-PIC  eth0
 14:       2245    XT-PIC  ide0
NMI:          0   Non-maskable interrupts
ERR:          0

that is one like we used to have from ~2.2 till it was changed
sometime.

The rationale is there is no value in this duplicate
information, it  merely clutters output and looks ugly.  We only
have one handler for  8259A interrupts so there is no need to
give it a name separate from the  name already given to
irq_chip.

We could define meaningful names for handlers based on bits in
the ELCR  register on systems that have it or the value of the
LTIM bit we use in  ICW1 otherwise (hardcoded to 0 though with
MCA support gone), to tell  edge-triggered and level-triggered
inputs apart.  While that information  does not affect 8259A
interrupt handlers it could help people determine  which lines
are shareable and which are not.  That is material for a
separate change though.

Any tools that parse /proc/interrupts are supposed not to be
affected  since it was many years we used the format this change
converts back to.

Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/alpine.LFD.2.11.1410260147190.21390@eddie.linux-mips.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-28 12:01:08 +01:00
Peter Zijlstra 7fb0f1de49 perf/x86: Fix compile warnings for intel_uncore
The uncore drivers require PCI and generate compile time warnings when
!CONFIG_PCI.

Reported-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Yan, Zheng <zheng.z.yan@intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-28 10:51:03 +01:00
Peter Zijlstra c719f56092 perf: Fix and clean up initialization of pmu::event_idx
Andy reported that the current state of event_idx is rather confused.
So remove all but the x86_pmu implementation and change the default to
return 0 (the safe option).

Reported-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Cody P Schafer <cody@linux.vnet.ibm.com>
Cc: Cody P Schafer <dev@codyps.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Cc: Himangi Saraogi <himangi774@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
Cc: Paul Mackerras <paulus@samba.org>
Cc: sukadev@linux.vnet.ibm.com <sukadev@linux.vnet.ibm.com>
Cc: Thomas Huth <thuth@linux.vnet.ibm.com>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: linux390@de.ibm.com
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-s390@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-28 10:51:01 +01:00
Peter Zijlstra (Intel) 65d71fe137 perf: Fix bogus kernel printk
Andy spotted the fail in what was intended as a conditional printk level.

Reported-by: Andy Lutomirski <luto@amacapital.net>
Fixes: cc6cd47e73 ("perf/x86: Tone down kernel messages when the PMU check fails in a virtual environment")
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/20141007124757.GH19379@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-28 10:51:01 +01:00
Oleg Nesterov 009f60e276 sched: stop the unbound recursion in preempt_schedule_context()
preempt_schedule_context() does preempt_enable_notrace() at the end
and this can call the same function again; exception_exit() is heavy
and it is quite possible that need-resched is true again.

1. Change this code to dec preempt_count() and check need_resched()
   by hand.

2. As Linus suggested, we can use the PREEMPT_ACTIVE bit and avoid
   the enable/disable dance around __schedule(). But in this case
   we need to move into sched/core.c.

3. Cosmetic, but x86 forgets to declare this function. This doesn't
   really matter because it is only called by asm helpers, still it
   make sense to add the declaration into asm/preempt.h to match
   preempt_schedule().

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Alexander Graf <agraf@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Peter Anvin <hpa@zytor.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Chuck Ebbert <cebbert.lkml@gmail.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Link: http://lkml.kernel.org/r/20141005202322.GB27962@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-28 10:46:05 +01:00
Ian Munsie 03f5439797 powerpc/mm: Use appropriate ESID mask in copro_calculate_slb()
This patch makes copro_calculate_slb() mask the ESID by the correct mask
for 1T vs 256M segments.

This has no effect by itself as the extra bits were ignored, but it
makes debugging the segment table entries easier and means that we can
directly compare the ESID values for duplicates without needing to worry
about masking in the comparison.

This will be used to simplify a comparison in the following patch.

Signed-off-by: Ian Munsie <imunsie@au1.ibm.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-10-28 19:52:45 +11:00
Heiko Carstens 6ed15ea67b s390/ftrace: add ftrace_graph_is_dead() check
Add an ftrace_graph_is_dead() check to prepare_ftrace_return() in order to
detect an internal ftrace graph error. This allows to prevent further ftrace
graph handling and hopefully keeps the kernel alive.

This patch is the same like for all other architectures.
For unkown reasons s390 was left out.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-10-28 09:24:12 +01:00
Weijie Yang 3c325f8233 x86, cma: Reserve DMA contiguous area after initmem_init()
Fengguang Wu reported a boot crash on the x86 platform
via the 0-day Linux Kernel Performance Test:

  cma: dma_contiguous_reserve: reserving 31 MiB for global area
  BUG: Int 6: CR2   (null)
  [<41850786>] dump_stack+0x16/0x18
  [<41d2b1db>] early_idt_handler+0x6b/0x6b
  [<41072227>] ? __phys_addr+0x2e/0xca
  [<41d4ee4d>] cma_declare_contiguous+0x3c/0x2d7
  [<41d6d359>] dma_contiguous_reserve_area+0x27/0x47
  [<41d6d4d1>] dma_contiguous_reserve+0x158/0x163
  [<41d33e0f>] setup_arch+0x79b/0xc68
  [<41d2b7cf>] start_kernel+0x9c/0x456
  [<41d2b2ca>] i386_start_kernel+0x79/0x7d

(See details at: https://lkml.org/lkml/2014/10/8/708)

It is because dma_contiguous_reserve() is called before
initmem_init() in x86, the variable high_memory is not
initialized but accessed by __pa(high_memory) in
dma_contiguous_reserve().

This patch moves dma_contiguous_reserve() after initmem_init()
so that high_memory is initialized before accessed.

Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Weijie Yang <weijie.yang@samsung.com>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Acked-by: Michal Nazarewicz <mina86@mina86.com>
Cc: iamjoonsoo.kim@lge.com
Cc: 'Linux-MM' <linux-mm@kvack.org>
Cc: 'Weijie Yang' <weijie.yang.kh@gmail.com>
Link: http://lkml.kernel.org/r/000101cfef69%2431e528a0%2495af79e0%24%25yang@samsung.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2014-10-28 07:36:50 +01:00
Michael Ellerman bf19edd290 Revert "powerpc/powernv: Fix endian bug in LPC bus debugfs accessors"
This reverts commit bf7588a085.

Ben says although the code is not correct "[this] fix was completely
wrong and does more damages than it fixes things."

Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2014-10-28 15:17:48 +11:00
Tony Lindgren 49dc71268b ARM: omap2plus_defconfig: Fix bloat caused by having ipv6 built-in
Commit  673ce00c5d (ARM: omap2plus_defconfig: Add support for
distros with systemd) caused considerable bloat as noted by
Paul Walmsley <paul@pwsan.com>.

Let's fix this issue by making what we can into loadable modules
for the systemd options. That's only IPV6 and AUTOFS4_FS it
seems, and IPv6 defaults to a loadable module.

Reported-by: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
2014-10-27 13:05:50 -07:00
Olof Johansson 436d2bcb32 SOCFPGA defconfig update
Remove extra un-used options in the socfpga_defconfig by doing
 "make savedefconfig". Along with this commit, add the configs to enable
 support for most filesystems, add regulator and SRAM support, and time
 stamps on printk().
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJUTmShAAoJEBmUBAuBoyj0+qMP/j7TzpOV+co65W0f2kQp/TFh
 6MTvw809awKuQUuBrVD/1PB7UgasC0qtHCSLyKKVMO7hbnCW2naSRMd2cGc0jB7O
 l56jGffFC/j6vHfmxRc3ZmDv3U9hDtJqHnwJ5YEqcTXldi72902Jkmh4hoGQvEkY
 bhM5tSQGtRZmZdoSkHqPwS0wrI2mYBPUWyKIt5MiATN02xOYl11am9limMYJD9x3
 18rH95TvVWvHxMeM/16M7aM6d9hxfm8t4CO1BIKlLgDNZQsBX+6m/kgMZgFCZWXB
 AYNHbwN3vM6onoMMZXAoy8taU9bvOyubo7g/fdw87APhxZ/d+Nb6tpkACv+qeamQ
 fYfCeaoz4HIww/8/QqjkFiUYZJbT0Db7YDo4srQsXPflfF6OBlrXtkxKZSvwtyLB
 eI9Ygm8h8+QUujeBfPih9PsTYuq32eTYn5uQKqGUoID+1uv/W9sEfsguKLb5LzVu
 VmZ0AJtb5HKWDbbgf7SJVwg5DNVqeB4ORj5Ae6249QeroxolMVCfuH8X7P/7Qrls
 73Xy5JRmX+ijmxpf/ElQeNbmSXKTixVzjNNs2Dz6pJOdkiRELbwUH9F9pmF0K4GA
 G4TXCwGo57oOc/hfiFrpte2ss9Jqv9uDJpD5vgurMgVO7G4blcwYtJr8RLqWXmfy
 0HRZuJHxNixy1qoi7a/A
 =/h74
 -----END PGP SIGNATURE-----

Merge tag 'socfpga_defconfig_for_v3.19' of git://git.rocketboards.org/linux-socfpga-next into fixes

Merge "SOCFPGA defconfig update" from Dinh Nguyen:

Remove extra un-used options in the socfpga_defconfig by doing
"make savedefconfig". Along with this commit, add the configs to enable
support for most filesystems, add regulator and SRAM support, and time
stamps on printk().

* tag 'socfpga_defconfig_for_v3.19' of git://git.rocketboards.org/linux-socfpga-next:
  ARM: socfpga_defconfig: Update defconfig for SoCFPGA

Signed-off-by: Olof Johansson <olof@lixom.net>
2014-10-27 12:31:06 -07:00
Olof Johansson 1f6fc15a13 arm: pxa: fixes for v3.18-rc2
Hello Arnd, Kevin, Olof,
 
 One small fix for a bug triggered by the activation of low level debug
 code in all pxa variants in v3.17. The fix is a trivial Kconfig value
 fix for an addressing conflict.
 
 Thanks.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJURWlNAAoJEAP2et0duMsSCpYQAI48ZTWmytMcmPnxTE/PuJXe
 WrlULgwaj1+3vlQ/28OmfbHF+pVByOSyTjDw/KwFw+kFZ1G2BXsBk3R1/dLeizaB
 5W9ev4crFwMQzPFn88FGLjfjoOG4ODBlMEqbJjOECn0X1rtCMaDG0JuKXsY2uJK4
 N8ZantwBufs0a4bNGR0yb7aWyPMfGP8D5Ss9UjdjdKNoRF8hiiMtYTW/uxRmpkJc
 bDkz0KO3nu+ZKL5oHs/MA+2NUyCje73pyKaTc4ZQNRFgx90PA3KqFIjZj6NOM/S7
 o1Xg5LYrMB5u0jHRBOaLjQyYLEJaZuxtVw6YzaNb0m+qY3zjNGgElxeQDaAyCPMl
 EXMzNl6luqScAzYh6KwcGnXbpW4JCftfOdm12QOhPxZmIHSpGdYHAWHSKOHqgzPN
 xNkNrD0zd7/Fj7aUS7d3LEwg4el+KpWZpWxnSAtKQoUpID4aQlX9+eFl/Ad1TlvP
 dzvvweTg2EAoGmA8HdkhW+JFk9+D5BImsZJAwPBTjrItF2nc0UEqNzyinQvyqba8
 2qBlKUUIx+aVE1n7JmSTWY0TNgvyjvgkvzJtxfY4o+iNfRzoXWBZHE2AHlcU5d+t
 wHe/WbbKcIPG3M2OAKEue2ziHfhJS+rr4CzrxMbbq38mg3K68m5KlsK9QVl4+sZT
 9hgrD+rdcd5T7/w3Bgwz
 =nAkx
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-v3.18-rc2' of https://github.com/rjarzmik/linux into fixes

Merge "arm: pxa: fixes for v3.18-rc2" from Robert Jarzmik:

One small fix for a bug triggered by the activation of low level debug
code in all pxa variants in v3.17. The fix is a trivial Kconfig value
fix for an addressing conflict.
2014-10-27 12:29:06 -07:00
Martin Schwidefsky e43b49a0cb s390: update default configuration
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-10-27 13:27:03 +01:00
Heiko Carstens 9b2efe035e s390/vdso: fix stack corruption
The kernel provided vdso functions do not get a stack frame from the
calling function and therefore may not change the stack contents, unless
they allocate space on their own.

This problem was exposed with 070b7be633 "s390/vdso: replace stck with
stcke" which writes 16 bytes instead of 8 bytes into the stack frame. These
additional 8 bytes however were indeed used by the caller (glibc) to save
data and therefore this data was corrupted by the vdso code.

Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-10-27 13:27:02 +01:00
Martin Schwidefsky 1f759bb3a2 s390/time: use stck clock fast for do_account_vtime
The last high frequency call site of the STCK instruction is
do_account_vtime. Replace it with the faster STCKF instruction.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2014-10-27 13:27:01 +01:00
Geert Uytterhoeven f7bbd12a4b m68k: Wire up bpf
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
2014-10-27 11:02:19 +01:00
Michal Simek a4f174dee4 microblaze: Wire up bpf syscall
Add new bpf syscall.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-10-27 09:25:34 +01:00
Michal Simek 70dcd942dc microblaze: Fix IO space breakage after of_pci_range_to_resource() change
Commit 0b0b0893d4 "of/pci: Fix the conversion of IO ranges into IO
resources" changed the behaviour of of_pci_range_to_resource().

The issue is described here:
"powerpc/pci: Fix IO space breakage after of_pci_range_to_resource()
change"
(sha1: aeba3731b1)

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-10-27 08:29:54 +01:00
Michal Simek 4cbbbb43d6 microblaze: Fix missing NR_CPUS in menuconfig
The time Kconfig expects that NR_CPUS is defined.

This patch remove this config warning:
"kernel/time/Kconfig:163:warning: range is invalid"

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
2014-10-27 08:29:54 +01:00
Ralf Baechle 5df4c8dbbc MIPS: Wire up bpf syscall.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-10-27 03:37:42 +01:00
Yijing Wang d5a238df0a MIPS/Xlp: Remove the dead function destroy_irq() to fix build error
Commit 465665f78a ("mips: Kill pointless destroy_irq()") removed
the destroy_irq(). So remove the leftover one in xlp_setup_msix()
to fix build error.

arch/mips/pci/msi-xlp.c: In function 'xlp_setup_msix':
arch/mips/pci/msi-xlp.c:447:3: error: implicit declaration of function 'destroy_irq'..
cc1: some warnings being treated as errors
make[1]: *** [arch/mips/pci/msi-xlp.o] Error 1
make: *** [arch/mips/pci/] Error 2

Signed-off-by: Yijing Wang <wangyijing@huawei.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: linux-pci@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Cc: Xinwei Hu <huxinwei@huawei.com>
Cc: Wuyun <wuyun.wu@huawei.com>
Cc: linux-arm-kernel@lists.infradead.org
Cc: Russell King <linux@arm.linux.org.uk>
Cc: linux-arch@vger.kernel.org
Cc: arnab.basu@freescale.com
Cc: Bharat.Bhushan@freescale.com
Cc: x86@kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: xen-devel@lists.xenproject.org
Cc: Joerg Roedel <joro@8bytes.org>
Cc: iommu@lists.linux-foundation.org
Cc: linux-mips@linux-mips.org
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-s390@vger.kernel.org
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Cc: Tony Luck <tony.luck@intel.com>
Cc: linux-ia64@vger.kernel.org
Cc: David S. Miller <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org
Cc: Chris Metcalf <cmetcalf@tilera.com>
Cc: Lucas Stach <l.stach@pengutronix.de>
Cc: David Vrabel <david.vrabel@citrix.com>
Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Liviu Dudau <liviu@dudau.co.uk>
Patchwork: https://patchwork.linux-mips.org/patch/8087/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-10-27 01:43:57 +01:00
Alexander Sverdlin cf355704d6 MIPS: Octeon: Make Octeon GPIO IRQ chip CPU hotplug-aware
Make Octeon GPIO IRQ chip CPU hotplug-aware

Seems that irq_cpu_offline callbacks were forgotten in v1 and v2 CIU
GPIO chips. There is such a callback for octeon_irq_chip_ciu2_gpio,
covering CIU2 chips. Without this callback GPIO IRQs are not being migrated
during core offlining. Patch is tested on Octeon II.

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nsn.com>
Cc: David Daney <ddaney.cavm@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8201/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-10-27 01:43:57 +01:00
Linus Torvalds 88e237610b ARM: SoC fixes for -rc2
Another week, another small batch of fixes.
 
 Most of these make zynq, socfpga and sunxi platforms work a bit
 better:
 
 * Due to new requirements for regulators, DWMMC on socfpga broke past 3.17.
 * SMP spinup fix for socfpga
 * A few DT fixes for zynq
 * Another option (FIXED_REGULATOR) for sunxi is needed that used to be selected
   by other options but no longer is.
 * A couple of small DT fixes for at91
 * ...and a couple for i.MX.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTSwQAAoJEIwa5zzehBx3D0AP/3ktsJ9ORSSDDEbpGWUPndQN
 bLGOT4DGfWWn/BOlMYN9kM2k7Gr6ttxFzqepKoeb0Dl5myUeqC4C42t8FqrI78TB
 wf8e9f2lXI+j3wve55FarTDk9JSh6PbQdavgnNCzVLJQddA//JKz9vZhL4jVYC/s
 kh8VeoLOYKeE/sdcYeBF36zNAkmy0CfaGjC01SZEcd7BjVv8qq0TvkXXSP1bjsry
 ztH+DN8OJ3gg7IKB8IntfzaxSnDQl+zxlVeOsPaU1Lvahs6wSFgRqA849Nc6KXdl
 rpAuaTH6Pa5RNEd1zqhE2+o4xZymk/BM+JU77pizq4dP0o3JnDy5tzzMMd24FuMG
 sD+JZrSCP9o58L1y9W1jhVgoxmpnRGZNO1n8FhABcnSTL50W3iAzIvlpxnOIu0/z
 SzNMdItA3dtCn/Aec7wL7eGLUlyI73khMIt4heQ0jPY+IncGJ0yvdFe2m8SZKmS2
 mDeQaChml8rjXvIdjiWIlDTagBpTkR1R1JX6aJh0lgZIF1K9qf1ZfzJ5dbLAXtZe
 xjGeoOe8hXRxR0spc1rRAJlPGJh/Fqkm0UeFLDwP0DOJISTcgz4daT/Y7zdDGRJ6
 n+1kjrmwv/M481wNifFt33sdZEB1EcUO/uNAYfUV0Wlpv5ye7x2aLsfbsnMEh+qd
 H0a6R6NZu7473ewhWxRu
 =MTvh
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-for-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "Another week, another small batch of fixes.

  Most of these make zynq, socfpga and sunxi platforms work a bit
  better:

   - due to new requirements for regulators, DWMMC on socfpga broke past
     v3.17
   - SMP spinup fix for socfpga
   - a few DT fixes for zynq
   - another option (FIXED_REGULATOR) for sunxi is needed that used to
     be selected by other options but no longer is.
   - a couple of small DT fixes for at91
   - ...and a couple for i.MX"

* tag 'armsoc-for-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: dts: imx28-evk: Let i2c0 run at 100kHz
  ARM: i.MX6: Fix "emi" clock name typo
  ARM: multi_v7_defconfig: enable CONFIG_MMC_DW_ROCKCHIP
  ARM: sunxi_defconfig: enable CONFIG_REGULATOR_FIXED_VOLTAGE
  ARM: dts: socfpga: Add a 3.3V fixed regulator node
  ARM: dts: socfpga: Fix SD card detect
  ARM: dts: socfpga: rename gpio nodes
  ARM: at91/dt: sam9263: fix PLLB frequencies
  power: reset: at91-reset: fix power down register
  MAINTAINERS: add atmel ssc driver maintainer entry
  arm: socfpga: fix fetching cpu1start_addr for SMP
  ARM: zynq: DT: trivial: Fix mc node
  ARM: zynq: DT: Add cadence watchdog node
  ARM: zynq: DT: Add missing reference for memory-controller
  ARM: zynq: DT: Add missing reference for ADC
  ARM: zynq: DT: Add missing address for L2 pl310
  ARM: zynq: DT: Remove 222 MHz OPP
  ARM: zynq: DT: Fix GEM register area size
2014-10-26 11:35:51 -07:00
Olof Johansson efc176a8ee The i.MX fixes for 3.18:
- Revert one patch which increases I2C bus frequency on imx28-evk
  - Fix a typo on imx6q EIM clock name
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJUTE8JAAoJEFBXWFqHsHzOGawH/0KGNaHbI3rj+Hx1HHtN056y
 3rgHSsLZSLQB89+bMd8aEVPJ2z0RKYXfyI1IvkcgEZxsqmHwRY8Fwlof4D38/bfP
 tRHnyzT2E+znnyhvUZlH9yd9foTd3VkXbxFxbEssRHl2W2OxA0+3MbskknERPZqs
 qr22DcMLKyrTbUH39iiEjS43qcJhuf/6vZmoVGCGdZonZwkH8WccIQ+kKneOn8/Z
 11U4ioB4pirqvhM1niYQ95RLG0TveBN6op3c1HWkhqY4EKOlraZHQb4EOoslSO/X
 vWoJqgB9DLH3eV+WTFI0FjGDK/6CFhgAth8q0FKVlHA3FFHr+fXdxv/+NLtagzQ=
 =elO/
 -----END PGP SIGNATURE-----

Merge tag 'imx-fixes-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes

Merge "ARM: imx: fixes for 3.18" from Shawn Guo:

The i.MX fixes for 3.18:
 - Revert one patch which increases I2C bus frequency on imx28-evk
 - Fix a typo on imx6q EIM clock name

* tag 'imx-fixes-3.18' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
  ARM: dts: imx28-evk: Let i2c0 run at 100kHz
  ARM: i.MX6: Fix "emi" clock name typo

Signed-off-by: Olof Johansson <olof@lixom.net>
2014-10-25 20:44:05 -07:00
Fabio Estevam d1e61eb443 ARM: dts: imx28-evk: Let i2c0 run at 100kHz
Commit 78b81f4666 ("ARM: dts: imx28-evk: Run I2C0 at 400kHz") caused issues
when doing the following sequence in loop:

- Boot the kernel
- Perform audio playback
- Reboot the system via 'reboot' command

In many times the audio card cannot be probed, which causes playback to fail.

After restoring to the original i2c0 frequency of 100kHz there is no such
problem anymore.

This reverts commit 78b81f4666.

Cc: <stable@vger.kernel.org> # 3.16+
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
2014-10-25 20:17:36 +08:00
Steve Longerbeam a1fc198046 ARM: i.MX6: Fix "emi" clock name typo
Fix a typo error, the "emi" names refer to the eim clocks.

The change fixes typo in EIM and EIM_SLOW pre-output dividers and
selectors clock names. Notably EIM_SLOW clock itself is named correctly.

Signed-off-by: Steve Longerbeam <steve_longerbeam@mentor.com>
[vladimir_zapolskiy@mentor.com: ported to v3.17]
Signed-off-by: Vladimir Zapolskiy <vladimir_zapolskiy@mentor.com>
Cc: Sascha Hauer <kernel@pengutronix.de>
Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
2014-10-25 20:01:09 +08:00
Dinh Nguyen 2ca6121c67 ARM: socfpga_defconfig: Update defconfig for SoCFPGA
Clean up the socfpga_defconfig file by doing:
	make socfpga_defconfig
	make
	make savedefconfig

Then add the following to socfpga_defconfig:

CONFIG_SIGNALFD=y
CONFIG_REGULATOR=y
CONFIG_REGULATOR_FIXED_VOLTAGE=y
CONFIG_SRAM=y
CONFIG_DEVTMPFS_MOUNT=y
CONFIG_CONFIGFS_FS=y
CONFIG_PMBUS=y
CONFIG_SENSORS_PMBUS=y
CONFIG_SENSORS_LTC2978=y
CONFIG_SENSORS_LTC2978_REGULATOR=y
CONFIG_PRINTK_TIME=y
CONFIG_EXT4_FS=y

Signed-off-by: Thor Thayer <tthayer@opensource.altera.com>
Signed-off-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Signed-off-by: Alan Tull <atull@opensource.altera.com>
Signed-off-by: Dinh Nguyen <dinguyen@opensource.altera.com>
2014-10-24 16:51:13 -05:00
Eric Paris 26c2d2b391 i386/audit: stop scribbling on the stack frame
git commit b4f0d3755c was very very dumb.
It was writing over %esp/pt_regs semi-randomly on i686  with the expected
"system can't boot" results.  As noted in:

https://bugs.freedesktop.org/show_bug.cgi?id=85277

This patch stops fscking with pt_regs.  Instead it sets up the registers
for the call to __audit_syscall_entry in the most obvious conceivable
way.  It then does just a tiny tiny touch of magic.  We need to get what
started in PT_EDX into 0(%esp) and PT_ESI into 4(%esp).  This is as easy
as a pair of pushes.

After the call to __audit_syscall_entry all we need to do is get that
now useless junk off the stack (pair of pops) and reload %eax with the
original syscall so other stuff can keep going about it's business.

Reported-by: Paulo Zanoni <przanoni@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Link: http://lkml.kernel.org/r/1414037043-30647-1-git-send-email-eparis@redhat.com
Cc: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2014-10-24 13:27:56 -07:00
H. Peter Anvin db65bcfd95 Linux 3.18-rc1
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJURGCfAAoJEHm+PkMAQRiG6toH/RUazjqZxqMvLlm1y+O6+7s9
 OpFdcDl4ZQtrvymBRYipu46pbDUoAAsVbxQJllaLNtHE0UrvaQE76WihBQYM8qW/
 WoESLsZRbNQqQYQixf55pOozX7uIuG+9LKHagC8JNfD1Bw/nQ+RleSXqFsBCdpMW
 i7SzcZBu2Iv+LnVmjvoGMOQa+loKzO6Pj1MpoHxxJQmeypH3dZR7mLVeBJNZQtLE
 BGY47gYraVzb9EjKnSbjrIKjpM9o0MIihoanrrjnq0JMrfm4pi6W5GgaGDUiaBVH
 w7Vmr5S2pjzrS41gKSVK9/XO1CrDG8tsp3QwA2+iIbjdR3wBDynyeG3UfnLABec=
 =hwbG
 -----END PGP SIGNATURE-----

Merge tag 'v3.18-rc1' into x86/urgent

Reason:
Need to apply audit patch on top of v3.18-rc1.

Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2014-10-24 13:26:37 -07:00
Linus Torvalds 2cc91884b6 Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Pull MIPS fixes from Ralf Baechle:
 "This is the first round of fixes and tying up loose ends for MIPS.

   - plenty of fixes for build errors in specific obscure configurations
   - remove redundant code on the Lantiq platform
   - removal of a useless SEAD I2C driver that was causing a build issue
   - fix an earlier TLB exeption handler fix to also work on Octeon.
   - fix ISA level dependencies in FPU emulator's instruction decoding.
   - don't hardcode kernel command line in Octeon software emulator.
   - fix an earlier fix for the Loondson 2 clock setting"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
  MIPS: SEAD3: Fix I2C device registration.
  MIPS: SEAD3: Nuke PIC32 I2C driver.
  MIPS: ftrace: Fix a microMIPS build problem
  MIPS: MSP71xx: Fix build error
  MIPS: Malta: Do not build the malta-amon.c file if CMP is not enabled
  MIPS: Prevent compiler warning from cop2_{save,restore}
  MIPS: Kconfig: Add missing MIPS_CPS dependencies to PM and cpuidle
  MIPS: idle: Remove leftover __pastwait symbol and its references
  MIPS: Sibyte: Include the swarm subdir to the sb1250 LittleSur builds
  MIPS: ptrace.h: Add a missing include
  MIPS: ath79: Fix compilation error when CONFIG_PCI is disabled
  MIPS: MSP71xx: Remove compilation error when CONFIG_MIPS_MT is present
  MIPS: Octeon: Remove special case for simulator command line.
  MIPS: tlbex: Properly fix HUGE TLB Refill exception handler
  MIPS: loongson2_cpufreq: Fix CPU clock rate setting mismerge
  pci: pci-lantiq: remove duplicate check on resource
  MIPS: Lasat: Add missing CONFIG_PROC_FS dependency to PICVUE_PROC
  MIPS: cp1emu: Fix ISA restrictions for cop1x_op instructions
2014-10-24 12:48:47 -07:00
Linus Torvalds cdc63a0595 arm64 fixes:
- Enable 48-bit VA space now that KVM has been fixed, together with
   a couple of fixes for pgd allocation alignment and initial memblock
   current_limit. There is still a dependency on !ARM_SMMU which needs to
   be updated as it uses the page table manipulation macros of the host
   kernel
 - eBPF fixes following changes/conflicts during the merging window
 - Compat types affecting compat_elf_prpsinfo
 - Compilation error on UP builds
 - ASLR fix when /proc/sys/kernel/randomize_va_space == 0
 - DT definitions for CLCD support on ARMv8 model platform
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUSowhAAoJEGvWsS0AyF7x4A8QAK/KJj3aEhRoJCFKtkrKcQer
 WydkHEVpJtk8Y+o9zIBU/J9HXDDakQlIZi3bNcWA+TQda1yr7zqEgVRZwhfaQMIu
 oXLzSLnZtiqe2HU7TaccJfFG293K+gysjTPRPixdAwWO/9hvoPOqJHnBRWKTDNzh
 8D04PTM9dcpKXvVjPcRHIxbk2oH04a/tjOBeTpi5uWaUdZLWjHt2dTjWwP/q0af4
 XsDrF5pYQaYEzCI9MczSbcQLwFPkxhS36JH+V+OhmVoCFv0PT7mm5o29DiU1N/Rt
 UsAwtBQ4oQV8seZMQaT5sVDNBqqqyfrYDAACdY0ewIr81PF7z8tdm5+G1P4JfQ0t
 iVguz3s1rJ6V0yXy0t18XHgpPFLLqpoEDEO6obYXYrhe2nTquQulgJoLaIu2qXmO
 jlL8R1rHWKRAQ7xIyLATjhUmW5dc2aK6xO+/3Xuz1+JOunNeOZW67xexpPzRU4Vh
 sw9S8sKwJmL5wH+ojqxsbg73WvTUs5dd4WoK7Tci8FZ0qfG14pyaX4s9iRhUZArQ
 4vx8lfF7FQma8nZ0ytXSY/666dAedL/bXZrmPhjVl/XYoEA4IFaW7uDIIqGbUMWr
 oNOe4QahxZu5jHI8CYncXHw51RXst+03oE5Uon30x7F3ZD71perLZe2dMTTaezKv
 2MX9/BULRrjpgkA4gW5L
 =QssH
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:

 - enable 48-bit VA space now that KVM has been fixed, together with a
   couple of fixes for pgd allocation alignment and initial memblock
   current_limit.  There is still a dependency on !ARM_SMMU which needs
   to be updated as it uses the page table manipulation macros of the
   host kernel
 - eBPF fixes following changes/conflicts during the merging window
 - Compat types affecting compat_elf_prpsinfo
 - Compilation error on UP builds
 - ASLR fix when /proc/sys/kernel/randomize_va_space == 0
 - DT definitions for CLCD support on ARMv8 model platform

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: Fix memblock current_limit with 64K pages and 48-bit VA
  arm64: ASLR: Don't randomise text when randomise_va_space == 0
  arm64: vexpress: Add CLCD support to the ARMv8 model platform
  arm64: Fix compilation error on UP builds
  Documentation/arm64/memory.txt: fix typo
  net: bpf: arm64: minor fix of type in jited
  arm64: bpf: add 'load 64-bit immediate' instruction
  arm64: bpf: add 'shift by register' instructions
  net: bpf: arm64: address randomize and write protect JIT code
  arm64: mm: Correct fixmap pagetable types
  arm64: compat: fix compat types affecting struct compat_elf_prpsinfo
  arm64: Align less than PAGE_SIZE pgds naturally
  arm64: Allow 48-bits VA space without ARM_SMMU
2014-10-24 12:48:04 -07:00
Linus Torvalds 83da00fbc0 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Pull two sparc fixes from David Miller:

 1) Fix boots with gcc-4.9 compiled sparc64 kernels.

 2) Add missing __get_user_pages_fast() on sparc64 to fix hangs on
    futexes used in transparent hugepage areas.

    It's really idiotic to have a weak symbolled fallback that just
    returns zero, and causes this kind of bug.  There should be no
    backup implementation and the link should fail if the architecture
    fails to provide __get_user_pages_fast() and supports transparent
    hugepages.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  sparc64: Implement __get_user_pages_fast().
  sparc64: Fix register corruption in top-most kernel stack frame during boot.
2014-10-24 12:45:47 -07:00
Linus Torvalds 96971e9aa9 This is a pretty large update. I think it is roughly as big
as what I usually had for the _whole_ rc period.
 
 There are a few bad bugs where the guest can OOPS or crash the host.  We
 have also started looking at attack models for nested virtualization;
 bugs that usually result in the guest ring 0 crashing itself become
 more worrisome if you have nested virtualization, because the nested
 guest might bring down the non-nested guest as well.  For current
 uses of nested virtualization these do not really have a security
 impact, but you never know and bugs are bugs nevertheless.
 
 A lot of these bugs are in 3.17 too, resulting in a large number of
 stable@ Ccs.  I checked that all the patches apply there with no
 conflicts.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJUSjmSAAoJEL/70l94x66D2cYH/3JKWsTzhXjHGxZcXQQ85CwR
 49hp/crCLWJ2YRKzyAOkvwPI0/SgYKM5wJ8kgtKlpLxrPZKYwhGd1S9tKf6EdAib
 5gc/SDDAgHmkqL3IrXmkyKzUVeUWvgD/IFi1Sqalko1blpRlaN/JyJV0mjjGCbA+
 yH3Qi5tD0X00u00ycuZCB6mrFH0PH87BmKFiz6bSSJ43tsgD9AVD64BZid6c6hwm
 iaIfNcIuShavlv1TKG80cSez2qtNXjRLeTN8A10gVZo3hof/wP8aRm+LxF/1JEZX
 OsoNCjOhhL29qafcZOg3j/atbiAzWtSGV3vjU+iWh5mnN5oFZHcPgIGucQsuFec=
 =9oQY
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "This is a pretty large update.  I think it is roughly as big as what I
  usually had for the _whole_ rc period.

  There are a few bad bugs where the guest can OOPS or crash the host.
  We have also started looking at attack models for nested
  virtualization; bugs that usually result in the guest ring 0 crashing
  itself become more worrisome if you have nested virtualization,
  because the nested guest might bring down the non-nested guest as
  well.  For current uses of nested virtualization these do not really
  have a security impact, but you never know and bugs are bugs
  nevertheless.

  A lot of these bugs are in 3.17 too, resulting in a large number of
  stable@ Ccs.  I checked that all the patches apply there with no
  conflicts"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  kvm: vfio: fix unregister kvm_device_ops of vfio
  KVM: x86: Wrong assertion on paging_tmpl.h
  kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
  KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag
  KVM: x86: Emulator does not decode clflush well
  KVM: emulate: avoid accessing NULL ctxt->memopp
  KVM: x86: Decoding guest instructions which cross page boundary may fail
  kvm: x86: don't kill guest on unknown exit reason
  kvm: vmx: handle invvpid vm exit gracefully
  KVM: x86: Handle errors when RIP is set during far jumps
  KVM: x86: Emulator fixes for eip canonical checks on near branches
  KVM: x86: Fix wrong masking on relative jump/call
  KVM: x86: Improve thread safety in pit
  KVM: x86: Prevent host from panicking on shared MSR writes.
  KVM: x86: Check non-canonical addresses upon WRMSR
2014-10-24 12:42:55 -07:00
Linus Torvalds 20ca57cde5 xen: bug fixes for 3.18-rc1
- Fix regression in xen_clocksource_read() which caused all Xen guests
   to crash early in boot.
 - Several fixes for super rare race conditions in the p2m.
 - Assorted other minor fixes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iQEcBAABAgAGBQJUSh3nAAoJEFxbo/MsZsTRw6IH/imL2J++b8cafVvHjmVRt1T/
 P7KuFYPh/Tym+LISDBfk7MeOXZWsffvUDP653cGQiIMgmumEgVrU1+vR2Z0qRiRe
 95ZDIuQBmyGNBG9MiB0+zB7+STsvLECkPVWYDJCNbGVgrlHL6UHne06edrSpfr30
 13PyZeJAojezrt2hzLO43V7bu9acRmLo6WNdh6N2stfJv8QSQYSQO87baRdRB+rO
 I1r2jP7TJp9ZRtzSTsYLfpyhCGLcvXY58bci+Tz9x6xWMJ/HH5HvfJjxO17HzbdD
 2se6MKFVbOXT7DQK+BvQBDIO52t731DWZs4t7SJg24kDoINL7XiC/qSHC0vHJJM=
 =Cs0b
 -----END PGP SIGNATURE-----

Merge tag 'stable/for-linus-3.18-b-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen bug fixes from David Vrabel:

 - Fix regression in xen_clocksource_read() which caused all Xen guests
   to crash early in boot.
 - Several fixes for super rare race conditions in the p2m.
 - Assorted other minor fixes.

* tag 'stable/for-linus-3.18-b-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen/pci: Allocate memory for physdev_pci_device_add's optarr
  x86/xen: panic on bad Xen-provided memory map
  x86/xen: Fix incorrect per_cpu accessor in xen_clocksource_read()
  x86/xen: avoid race in p2m handling
  x86/xen: delay construction of mfn_list_list
  x86/xen: avoid writing to freed memory after race in p2m handling
  xen/balloon: Don't continue ballooning when BP_ECANCELED is encountered
2014-10-24 12:41:50 -07:00
Catalin Marinas 3dec0fe48a arm64: Fix memblock current_limit with 64K pages and 48-bit VA
With 48-bit VA space, the 64K page configuration uses 3 levels instead
of 2 and PUD_SIZE != PMD_SIZE. Since with 64K pages we only cover
PMD_SIZE with the initial swapper_pg_dir populated in head.S, the
memblock current_limit needs to be set accordingly in map_mem() to avoid
allocating unmapped memory. The memblock current_limit is progressively
increased as more blocks are mapped.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-10-24 18:16:47 +01:00
David S. Miller 06090e8ed8 sparc64: Implement __get_user_pages_fast().
It is not sufficient to only implement get_user_pages_fast(), you
must also implement the atomic version __get_user_pages_fast()
otherwise you end up using the weak symbol fallback implementation
which simply returns zero.

This is dangerous, because it causes the futex code to loop forever
if transparent hugepages are supported (see get_futex_key()).

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-24 09:59:02 -07:00
David S. Miller ef3e035c3a sparc64: Fix register corruption in top-most kernel stack frame during boot.
Meelis Roos reported that kernels built with gcc-4.9 do not boot, we
eventually narrowed this down to only impacting machines using
UltraSPARC-III and derivitive cpus.

The crash happens right when the first user process is spawned:

[   54.451346] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
[   54.451346]
[   54.571516] CPU: 1 PID: 1 Comm: init Not tainted 3.16.0-rc2-00211-gd7933ab #96
[   54.666431] Call Trace:
[   54.698453]  [0000000000762f8c] panic+0xb0/0x224
[   54.759071]  [000000000045cf68] do_exit+0x948/0x960
[   54.823123]  [000000000042cbc0] fault_in_user_windows+0xe0/0x100
[   54.902036]  [0000000000404ad0] __handle_user_windows+0x0/0x10
[   54.978662] Press Stop-A (L1-A) to return to the boot prom
[   55.050713] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004

Further investigation showed that compiling only per_cpu_patch() with
an older compiler fixes the boot.

Detailed analysis showed that the function is not being miscompiled by
gcc-4.9, but it is using a different register allocation ordering.

With the gcc-4.9 compiled function, something during the code patching
causes some of the %i* input registers to get corrupted.  Perhaps
we have a TLB miss path into the firmware that is deep enough to
cause a register window spill and subsequent restore when we get
back from the TLB miss trap.

Let's plug this up by doing two things:

1) Stop using the firmware stack for client interface calls into
   the firmware.  Just use the kernel's stack.

2) As soon as we can, call into a new function "start_early_boot()"
   to put a one-register-window buffer between the firmware's
   deepest stack frame and the top-most initial kernel one.

Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-10-24 09:52:49 -07:00
Arun Chandran 92980405f3 arm64: ASLR: Don't randomise text when randomise_va_space == 0
When user asks to turn off ASLR by writing "0" to
/proc/sys/kernel/randomize_va_space there should not be
any randomization to mmap base, stack, VDSO, libs, text and heap

Currently arm64 violates this behavior by randomising text.
Fix this by defining a constant ELF_ET_DYN_BASE. The randomisation of
mm->mmap_base is done by setup_new_exec -> arch_pick_mmap_layout ->
mmap_base -> mmap_rnd.

Signed-off-by: Arun Chandran <achandran@mvista.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2014-10-24 15:47:49 +01:00
Ralf Baechle 4846f11816 MIPS: SEAD3: Fix I2C device registration.
This isn't a module and shouldn't be one.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-10-24 13:34:42 +02:00
Nadav Amit 1715d0dcb0 KVM: x86: Wrong assertion on paging_tmpl.h
Even after the recent fix, the assertion on paging_tmpl.h is triggered.
Apparently, the assertion wants to check that the PAE is always set on
long-mode, but does it in incorrect way.  Note that the assertion is not
enabled unless the code is debugged by defining MMU_DEBUG.

Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:30:37 +02:00
Nadav Amit 3f6f1480d8 KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag
The decode phase of the x86 emulator assumes that every instruction with the
ModRM flag, and which can be used with RIP-relative addressing, has either
SrcMem or DstMem.  This is not the case for several instructions - prefetch,
hint-nop and clflush.

Adding SrcMem|NoAccess for prefetch and hint-nop and SrcMem for clflush.

This fixes CVE-2014-8480.

Fixes: 41061cdb98
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:30:36 +02:00
Nadav Amit 13e457e0ee KVM: x86: Emulator does not decode clflush well
Currently, all group15 instructions are decoded as clflush (e.g., mfence,
xsave).  In addition, the clflush instruction requires no prefix (66/f2/f3)
would exist. If prefix exists it may encode a different instruction (e.g.,
clflushopt).

Creating a group for clflush, and different group for each prefix.

This has been the case forever, but the next patch needs the cflush group
in order to fix a bug introduced in 3.17.

Fixes: 41061cdb98
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:30:36 +02:00
Paolo Bonzini a430c91663 KVM: emulate: avoid accessing NULL ctxt->memopp
A failure to decode the instruction can cause a NULL pointer access.
This is fixed simply by moving the "done" label as close as possible
to the return.

This fixes CVE-2014-8481.

Reported-by: Andy Lutomirski <luto@amacapital.net>
Cc: stable@vger.kernel.org
Fixes: 41061cdb98
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:30:35 +02:00
Ralf Baechle cc08d25a88 MIPS: SEAD3: Nuke PIC32 I2C driver.
A platform driver for which nothing ever registers the corresponding
platform device.

Also it was driving the same hardware as sead3-i2c-drv.c so redundant
anyway and couldn't co-exist with that driver because each of them was
using a private spinlock to protect access to the same hardware
resources.

This also fixes a randconfig problem:

arch/mips/mti-sead3/sead3-pic32-i2c-drv.c: In function 'i2c_platform_probe':
arch/mips/mti-sead3/sead3-pic32-i2c-drv.c:345:2: error: implicit declaration of
function 'i2c_add_numbered_adapter' [-Werror=implicit-function-declaration]
  ret = i2c_add_numbered_adapter(&priv->adap);
    ^
arch/mips/mti-sead3/sead3-pic32-i2c-drv.c: In function
'i2c_platform_remove':
arch/mips/mti-sead3/sead3-pic32-i2c-drv.c:361:2: error: implicit declaration
of function 'i2c_del_adapter' [-Werror=implicit-function-declaration]
i2c_del_adapter(&priv->adap);

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2014-10-24 13:27:37 +02:00
Nadav Amit 08da44aedb KVM: x86: Decoding guest instructions which cross page boundary may fail
Once an instruction crosses a page boundary, the size read from the second page
disregards the common case that part of the operand resides on the first page.
As a result, fetch of long insturctions may fail, and thereby cause the
decoding to fail as well.

Cc: stable@vger.kernel.org
Fixes: 5cfc7e0f5e
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:18 +02:00
Michael S. Tsirkin 2bc19dc375 kvm: x86: don't kill guest on unknown exit reason
KVM_EXIT_UNKNOWN is a kvm bug, we don't really know whether it was
triggered by a priveledged application.  Let's not kill the guest: WARN
and inject #UD instead.

Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:17 +02:00
Petr Matousek a642fc3050 kvm: vmx: handle invvpid vm exit gracefully
On systems with invvpid instruction support (corresponding bit in
IA32_VMX_EPT_VPID_CAP MSR is set) guest invocation of invvpid
causes vm exit, which is currently not handled and results in
propagation of unknown exit to userspace.

Fix this by installing an invvpid vm exit handler.

This is CVE-2014-3646.

Cc: stable@vger.kernel.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:17 +02:00
Nadav Amit d1442d85cc KVM: x86: Handle errors when RIP is set during far jumps
Far jmp/call/ret may fault while loading a new RIP.  Currently KVM does not
handle this case, and may result in failed vm-entry once the assignment is
done.  The tricky part of doing so is that loading the new CS affects the
VMCS/VMCB state, so if we fail during loading the new RIP, we are left in
unconsistent state.  Therefore, this patch saves on 64-bit the old CS
descriptor and restores it if loading RIP failed.

This fixes CVE-2014-3647.

Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:16 +02:00
Nadav Amit 234f3ce485 KVM: x86: Emulator fixes for eip canonical checks on near branches
Before changing rip (during jmp, call, ret, etc.) the target should be asserted
to be canonical one, as real CPUs do.  During sysret, both target rsp and rip
should be canonical. If any of these values is noncanonical, a #GP exception
should occur.  The exception to this rule are syscall and sysenter instructions
in which the assigned rip is checked during the assignment to the relevant
MSRs.

This patch fixes the emulator to behave as real CPUs do for near branches.
Far branches are handled by the next patch.

This fixes CVE-2014-3647.

Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:16 +02:00
Nadav Amit 05c83ec9b7 KVM: x86: Fix wrong masking on relative jump/call
Relative jumps and calls do the masking according to the operand size, and not
according to the address size as the KVM emulator does today.

This patch fixes KVM behavior.

Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:15 +02:00
Andy Honig 2febc83913 KVM: x86: Improve thread safety in pit
There's a race condition in the PIT emulation code in KVM.  In
__kvm_migrate_pit_timer the pit_timer object is accessed without
synchronization.  If the race condition occurs at the wrong time this
can crash the host kernel.

This fixes CVE-2014-3611.

Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:14 +02:00
Andy Honig 8b3c3104c3 KVM: x86: Prevent host from panicking on shared MSR writes.
The previous patch blocked invalid writes directly when the MSR
is written.  As a precaution, prevent future similar mistakes by
gracefulling handle GPs caused by writes to shared MSRs.

Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
[Remove parts obsoleted by Nadav's patch. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:08 +02:00
Nadav Amit 854e8bb1aa KVM: x86: Check non-canonical addresses upon WRMSR
Upon WRMSR, the CPU should inject #GP if a non-canonical value (address) is
written to certain MSRs. The behavior is "almost" identical for AMD and Intel
(ignoring MSRs that are not implemented in either architecture since they would
anyhow #GP). However, IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
non-canonical address is written on Intel but not on AMD (which ignores the top
32-bits).

Accordingly, this patch injects a #GP on the MSRs which behave identically on
Intel and AMD.  To eliminate the differences between the architecutres, the
value which is written to IA32_SYSENTER_ESP and IA32_SYSENTER_EIP is turned to
canonical value before writing instead of injecting a #GP.

Some references from Intel and AMD manuals:

According to Intel SDM description of WRMSR instruction #GP is expected on
WRMSR "If the source register contains a non-canonical address and ECX
specifies one of the following MSRs: IA32_DS_AREA, IA32_FS_BASE, IA32_GS_BASE,
IA32_KERNEL_GS_BASE, IA32_LSTAR, IA32_SYSENTER_EIP, IA32_SYSENTER_ESP."

According to AMD manual instruction manual:
LSTAR/CSTAR (SYSCALL): "The WRMSR instruction loads the target RIP into the
LSTAR and CSTAR registers.  If an RIP written by WRMSR is not in canonical
form, a general-protection exception (#GP) occurs."
IA32_GS_BASE and IA32_FS_BASE (WRFSBASE/WRGSBASE): "The address written to the
base field must be in canonical form or a #GP fault will occur."
IA32_KERNEL_GS_BASE (SWAPGS): "The address stored in the KernelGSbase MSR must
be in canonical form."

This patch fixes CVE-2014-3610.

Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2014-10-24 13:21:08 +02:00
Olof Johansson 4fbc400cfc SOCFPGA fixes for 3.18
These patches fixes an SMP and SDMMC driver hang during boot up on the
 SOCFPGA platform.
 
 Patch "arm: socfpga: fix fetching cpu1start_addr for SMP" fixes the SMP
 trampoline code in order for CPU1 to correctly fetch it's cpu1start_addr.
 
 Patch "ARM: dts: socfpga: rename gpio nodes" renames that GPIO node in order
 to allow a standard way of specifying status="okay" in the board DTS file.
 
 Patch "ARM: dts: socfpga: Fix SD card detect" fixes a SDMMC driver hang
 during boot. The reason for the hang was the deferred probe of the SDMMC
 driver was waiting for the GPIO resource that would never come.
 
 Patch "ARM: dts: socfpga: Add a 3.3V fixed regulator node" adds a fixed
 regulator node for the SDMMC driver to use.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABAgAGBQJUSGUtAAoJEBmUBAuBoyj07SIP/j+JNckow7WoAU+W3QwOE2ew
 BvpLFffIolj6bngLbb/JU0La2TgDbtifPvcNdSYVYfF7u2NxsyTKx1mMyWYVhAmq
 JXaD6ZbteHMIps9SRUTrSOHSA8VYq/gV7IPAT0K8VS1RD9jDarwhJwhQfdZ0tLDY
 foB4Nky6CZ+jgK9P4GCTrXH2VOvF2bpfR7G0woLkXmuQ97yOA0ddUl8vIDAlQweW
 wjBZkRC7Vinpq1a1PmcRvAbkV7f+ELzbKMdY8TYvHPGE9+76Ak8/UkRh46LXyWo5
 GyEknDZaVNggl70Ex7owDdGklFBJLUKIIRR9KmG6OGdQ74hRZD2ASk5U58fVFdNr
 YHA7dyx5Qk+8XXFWq+rgXeGCpwngznH38IpI/dAVMc5IhpTUDCEcLfNrmX8xSZr9
 5oul3t2E3zVXoFI4Qj+OaHTH/8nDP8rrYb4lgLmsLBIBDlrK7YDcO8+rKHpI+qQN
 mjPHtNPXe1T5D+WAfPAxf5zzOfKwqO4BvWqFD3403gPR1cJid4WclCKlieFpeV+a
 HapULcQvKBrVhoc3vFrXCIzfLddIJHJYTNco0wQOzwb/Bk/vTuEc8teAohj/AHg2
 YSOkiFOvmkas7I+TAzXsnGgTIQz9KHOteH700gNAAILTO9Wj9PVazeGreRKZX4YZ
 hkvDbEUMaOvrGzih+Xq6
 =y6Ws
 -----END PGP SIGNATURE-----

Merge tag 'socfpga_fixes_for_3.18' of git://git.rocketboards.org/linux-socfpga-next into fixes

Merge "SOCFPGA fixes for 3.18" from Dinh Nguyen:

These patches fixes an SMP and SDMMC driver hang during boot up on the
SOCFPGA platform.

Patch "arm: socfpga: fix fetching cpu1start_addr for SMP" fixes the SMP
trampoline code in order for CPU1 to correctly fetch it's cpu1start_addr.

Patch "ARM: dts: socfpga: rename gpio nodes" renames that GPIO node in order
to allow a standard way of specifying status="okay" in the board DTS file.

Patch "ARM: dts: socfpga: Fix SD card detect" fixes a SDMMC driver hang
during boot. The reason for the hang was the deferred probe of the SDMMC
driver was waiting for the GPIO resource that would never come.

Patch "ARM: dts: socfpga: Add a 3.3V fixed regulator node" adds a fixed
regulator node for the SDMMC driver to use.

* tag 'socfpga_fixes_for_3.18' of git://git.rocketboards.org/linux-socfpga-next:
  ARM: dts: socfpga: Add a 3.3V fixed regulator node
  ARM: dts: socfpga: Fix SD card detect
  ARM: dts: socfpga: rename gpio nodes
  arm: socfpga: fix fetching cpu1start_addr for SMP

Signed-off-by: Olof Johansson <olof@lixom.net>
2014-10-23 21:05:45 -07:00