summaryrefslogtreecommitdiff
path: root/arch
AgeCommit message (Collapse)Author
2016-04-27nios2: memset: use the right constraint modifier for the %4 output operandRomain Perier
Depending on the size of the area to be memset'ed, the nios2 memset implementation either uses a naive loop (for buffers smaller or equal than 8 bytes) or a more optimized implementation (for buffers larger than 8 bytes). This implementation does 4-byte stores rather than 1-byte stores to speed up memset. However, we discovered that on our nios2 platform, memset() was not properly setting the buffer to the expected value. A memset of 0xff would not set the entire buffer to 0xff, but to: 0xff 0x00 0xff 0x00 0xff 0x00 0xff 0x00 ... Which is obviously incorrect. Our investigation has revealed that the problem lies in the incorrect constraints used in the inline assembly. The following piece of assembly, from the nios2 memset implementation, is supposed to create a 4-byte value that repeats 4 times the 1-byte pattern passed as memset argument: /* fill8 %3, %5 (c & 0xff) */ " slli %4, %5, 8\n" " or %4, %4, %5\n" " slli %3, %4, 16\n" " or %3, %3, %4\n" However, depending on the compiler and optimization level, this code might be compiled as: 34: 280a923a slli r5,r5,8 38: 294ab03a or r5,r5,r5 3c: 2808943a slli r4,r5,16 40: 2148b03a or r4,r4,r5 This is wrong because r5 gets used both for %5 and %4, which leads to the final pattern stored in r4 to be 0xff00ff00 rather than the expected 0xffffffff. %4 is defined with the "=r" constraint, i.e as an output operand. However, as explained in http://www.ethernut.de/en/documents/arm-inline-asm.html, this does not prevent gcc from using the same register for an output operand (%4) and input operand (%5). By using the constraint modifier '&', we indicate that the register should be used for output only. With this change, we get the following assembly output: 34: 2810923a slli r8,r5,8 38: 4150b03a or r8,r8,r5 3c: 400e943a slli r7,r8,16 40: 3a0eb03a or r7,r7,r8 Which correctly produces the 0xffffffff pattern when 0xff is passed as the memset() pattern. It is worth mentioning the observed consequence of this bug: we were hitting the kernel BUG() in mm/bootmem.c:__free() that verifies when marking a page as free that it was previously marked as occupied (i.e that the bit was set to 1). The entire bootmem bitmap is set to 0xff bit via a memset() during the bootmem initialization. The bootmem_free() call right after the initialization was finding some bits to be set to 0, which didn't make sense since the bitmap has just been memset'ed to 0xff. Except that due to the bug explained above, the bitmap was in fact initialized to 0xff00ff00. Thanks to Marek Vasut for his help and feedback. Signed-off-by: Romain Perier <romain.perier@free-electrons.com> Acked-by: Marek Vasut <marex@denx.de> Acked-by: Ley Foon Tan <lftan@altera.com>
2016-04-23Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: two EDAC driver fixes, a Xen crash fix, a HyperV log spam fix and a documentation fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86 EDAC, sb_edac.c: Take account of channel hashing when needed x86 EDAC, sb_edac.c: Repair damage introduced when "fixing" channel address x86/mm/xen: Suppress hugetlbfs in PV guests x86/doc: Correct limits in Documentation/x86/x86_64/mm.txt x86/hyperv: Avoid reporting bogus NMI status for Gen2 instances
2016-04-22Merge tag 'arm64-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - Cache invalidation fix for early CPU boot status update (incorrect cacheline) - of_put_node() missing in the spin_table code - EL1/El2 early init inconsistency when Virtualisation Host Extensions are present - RCU warning fix in the arm_pmu.c driver * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: Fix EL1/EL2 early init inconsistencies with VHE drivers/perf: arm-pmu: fix RCU usage on pmu resume from low-power arm64: spin-table: add missing of_node_put() arm64: fix invalidation of wrong __early_cpu_boot_status cacheline
2016-04-22Merge tag 'powerpc-4.6-3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Three powerpc cpu feature fixes from Anton Blanchard: - scan_features() updated incorrect bits for REAL_LE - update cpu_user_features2 in scan_features() - update TM user feature bits in scan_features()" * tag 'powerpc-4.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc: Update TM user feature bits in scan_features() powerpc: Update cpu_user_features2 in scan_features() powerpc: scan_features() updates incorrect bits for REAL_LE
2016-04-22x86/mm/xen: Suppress hugetlbfs in PV guestsJan Beulich
Huge pages are not normally available to PV guests. Not suppressing hugetlbfs use results in an endless loop of page faults when user mode code tries to access a hugetlbfs mapped area (since the hypervisor denies such PTEs to be created, but error indications can't be propagated out of xen_set_pte_at(), just like for various of its siblings), and - once killed in an oops like this: kernel BUG at .../fs/hugetlbfs/inode.c:428! invalid opcode: 0000 [#1] SMP ... RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320 ... Call Trace: [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40 [<ffffffff81167b3d>] evict+0xbd/0x1b0 [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0 [<ffffffff81165b0e>] dput+0x1fe/0x220 [<ffffffff81150535>] __fput+0x155/0x200 [<ffffffff81079fc0>] task_work_run+0x60/0xa0 [<ffffffff81063510>] do_exit+0x160/0x400 [<ffffffff810637eb>] do_group_exit+0x3b/0xa0 [<ffffffff8106e8bd>] get_signal+0x1ed/0x470 [<ffffffff8100f854>] do_signal+0x14/0x110 [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0 [<ffffffff814178a5>] retint_user+0x8/0x13 This is CVE-2016-3961 / XSA-174. Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com> Signed-off-by: Jan Beulich <jbeulich@suse.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: David Vrabel <david.vrabel@citrix.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Juergen Gross <JGross@suse.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Luis R. Rodriguez <mcgrof@suse.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Toshi Kani <toshi.kani@hp.com> Cc: stable@vger.kernel.org Cc: xen-devel <xen-devel@lists.xenproject.org> Link: http://lkml.kernel.org/r/57188ED802000078000E431C@prv-mh.provo.novell.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-21arm64: Fix EL1/EL2 early init inconsistencies with VHEDave Martin
When using the Virtualisation Host Extensions, EL1 is not used in the host and requires no separate configuration. In addition, with VHE enabled, non-hyp-specific EL2 configuration that does not need to be done early will be done anyway in __cpu_setup via the _EL1 system register aliases. In particular, the layout and definition of CPTR_EL2 are changed by enabling VHE so that they resemble CPACR_EL1, so existing code to initialise CPTR_EL2 becomes architecturally wrong in this case. This patch simply skips the affected initialisation code in the non-VHE case. Signed-off-by: Dave Martin <Dave.Martin@arm.com> Reviewed-by: Marc Zyngier <marc.zyngier@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2016-04-21Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-armLinus Torvalds
Pull ARM fixes from Russell King: "Three further fixes for ARM. Alexandre Courbot was having problems with DMA allocations with the GFP flags affecting where the tracking data was being allocated from. Vladimir Murzin noticed that the CPU feature code was not entirely correct, which can cause some features to be misreported" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: 8564/1: fix cpu feature extracting helper ARM: 8563/1: fix demoting HWCAP_SWP ARM: 8551/2: DMA: Fix kzalloc flags in __dma_alloc
2016-04-20Merge branch 'linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following issues: - Incorrect output buffer size calculation in rsa-pkcs1pad - Uninitialised padding bytes on exported state in ccp driver - Potentially freed pointer used on completion callback in sha1-mb" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: ccp - Prevent information leakage on export crypto: sha1-mb - use corrcet pointer while completing jobs crypto: rsa-pkcs1pad - fix dst len
2016-04-20arm64: spin-table: add missing of_node_put()Masahiro Yamada
Since of_get_cpu_node() increments refcount, the node should be put. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Acked-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2016-04-19ARM: 8564/1: fix cpu feature extracting helperVladimir Murzin
Commit b8c9592 "ARM: 8318/1: treat CPU feature register fields as signed quantities" introduced helper to extract signed quantities of 4-bit blocks. However, with a current code feature with value 0b1000 isn't rejected as negative. So fix the "if" condition. Reported-by: Jonathan Brawn <Jon.Brawn@arm.com> Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-04-19ARM: 8563/1: fix demoting HWCAP_SWPVladimir Murzin
Commit b8c9592 "ARM: 8318/1: treat CPU feature register fields as signed quantities" accidentally altered cpuid register used to demote HWCAP_SWP. ARM ARM says that SyncPrim_instrs bits in ID_ISAR3 should be used with SynchPrim_instrs_frac from ID_ISAR4. So, follow this rule. Signed-off-by: Vladimir Murzin <vladimir.murzin@arm.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-04-18Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "A couple of bug fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: add CPU_BIG_ENDIAN config option s390/spinlock: avoid yield to non existent cpu s390/dcssblk: fix possible deadlock in remove vs. per-device attributes s390/seccomp: include generic seccomp header file s390/pci: add extra padding to function measurement block s390/scm_blk: fix deadlock for requests != REQ_TYPE_FS
2016-04-18arm64: fix invalidation of wrong __early_cpu_boot_status cachelineArd Biesheuvel
In head.S, the str_l macro, which takes a source register, a symbol name and a temp register, is used to store a status value to the variable __early_cpu_boot_status. Subsequently, the value of the temp register is reused to invalidate any cachelines covering this variable. However, since str_l resolves to adrp \tmp, \sym str \src, [\tmp, :lo12:\sym] the temp register never actually holds the address of the variable but only of the 4 KB window that covers it, and reusing it leads to the wrong cacheline being invalidated. So instead, take the address explicitly before doing the store, and reuse that value to perform the cache invalidation. Fixes: bb9052744f4b ("arm64: Handle early CPU boot failures") Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Mark Rutland <mark.rutland@arm.com> Acked-by: Suzuki K Poulose <Suzuki.Poulose@arm.com> Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
2016-04-18powerpc: Update TM user feature bits in scan_features()Anton Blanchard
We need to update the user TM feature bits (PPC_FEATURE2_HTM and PPC_FEATURE2_HTM) to mirror what we do with the kernel TM feature bit. At the moment, if firmware reports TM is not available we turn off the kernel TM feature bit but leave the userspace ones on. Userspace thinks it can execute TM instructions and it dies trying. This (together with a QEMU patch) fixes PR KVM, which doesn't currently support TM. Signed-off-by: Anton Blanchard <anton@samba.org> Cc: stable@vger.kernel.org Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-04-18powerpc: Update cpu_user_features2 in scan_features()Anton Blanchard
scan_features() updates cpu_user_features but not cpu_user_features2. Amongst other things, cpu_user_features2 contains the user TM feature bits which we must keep in sync with the kernel TM feature bit. Signed-off-by: Anton Blanchard <anton@samba.org> Cc: stable@vger.kernel.org Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-04-18powerpc: scan_features() updates incorrect bits for REAL_LEAnton Blanchard
The REAL_LE feature entry in the ibm_pa_feature struct is missing an MMU feature value, meaning all the remaining elements initialise the wrong values. This means instead of checking for byte 5, bit 0, we check for byte 0, bit 0, and then we incorrectly set the CPU feature bit as well as MMU feature bit 1 and CPU user feature bits 0 and 2 (5). Checking byte 0 bit 0 (IBM numbering), means we're looking at the "Memory Management Unit (MMU)" feature - ie. does the CPU have an MMU. In practice that bit is set on all platforms which have the property. This means we set CPU_FTR_REAL_LE always. In practice that seems not to matter because all the modern cpus which have this property also implement REAL_LE, and we've never needed to disable it. We're also incorrectly setting MMU feature bit 1, which is: #define MMU_FTR_TYPE_8xx 0x00000002 Luckily the only place that looks for MMU_FTR_TYPE_8xx is in Book3E code, which can't run on the same cpus as scan_features(). So this also doesn't matter in practice. Finally in the CPU user feature mask, we're setting bits 0 and 2. Bit 2 is not currently used, and bit 0 is: #define PPC_FEATURE_PPC_LE 0x00000001 Which says the CPU supports the old style "PPC Little Endian" mode. Again this should be harmless in practice as no 64-bit CPUs implement that mode. Fix the code by adding the missing initialisation of the MMU feature. Also add a comment marking CPU user feature bit 2 (0x4) as reserved. It would be unsafe to start using it as old kernels incorrectly set it. Fixes: 44ae3ab3358e ("powerpc: Free up some CPU feature bits by moving out MMU-related features") Signed-off-by: Anton Blanchard <anton@samba.org> Cc: stable@vger.kernel.org [mpe: Flesh out changelog, add comment reserving 0x4] Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
2016-04-16x86/hyperv: Avoid reporting bogus NMI status for Gen2 instancesVitaly Kuznetsov
Generation2 instances don't support reporting the NMI status on port 0x61, read from there returns 'ff' and we end up reporting nonsensical PCI error (as there is no PCI bus in these instances) on all NMIs: NMI: PCI system error (SERR) for reason ff on CPU 0. Dazed and confused, but trying to continue Fix the issue by overriding x86_platform.get_nmi_reason. Use 'booted on EFI' flag to detect Gen2 instances. Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com> Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com> Cc: Arnaldo Carvalho de Melo <acme@redhat.com> Cc: Cathy Avery <cavery@redhat.com> Cc: Haiyang Zhang <haiyangz@microsoft.com> Cc: Jiri Olsa <jolsa@redhat.com> Cc: K. Y. Srinivasan <kys@microsoft.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: devel@linuxdriverproject.org Link: http://lkml.kernel.org/r/1460728232-31433-1-git-send-email-vkuznets@redhat.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-15Merge branch 'parisc-4.6-4' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc ftrace fixes from Helge Deller: "This is (most likely) the last pull request for v4.6 for the parisc architecture. It fixes the FTRACE feature for parisc, which is horribly broken since quite some time and doesn't even compile. This patch just fixes the bare minimum (it actually removes more lines than it adds), so that the function tracer works again on 32- and 64bit kernels. I've queued up additional patches on top of this patch which e.g. add the syscall tracer, but those have to wait for the merge window for v4.7." * 'parisc-4.6-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Fix ftrace function tracer
2016-04-15s390: add CPU_BIG_ENDIAN config optionHeiko Carstens
Make sure that s390 appears to be a big endian machine by defining this config option. Without this s390 appears to be little endian as seen by e.g. the recordmount script: "perl ./scripts/recordmcount.pl "s390" "little" "64"" This has no practical impact within the script since the endian variable is only evaluated for mips. However there are already a couple of common code places which evaluate this config option. None of them is relevant for s390 currently though. To avoid any issues in the future (and fix the recordmcount oddity) add the new config option. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-04-15s390/spinlock: avoid yield to non existent cpuHeiko Carstens
arch_spin_lock_wait_flags() checks if a spinlock is not held before trying a compare and swap instruction. If the lock is unlocked it tries the compare and swap instruction, however if a different cpu grabbed the lock in the meantime the instruction will fail as expected. Subsequently the arch_spin_lock_wait_flags() incorrectly tries to figure out if the cpu that holds the lock is running. However it is using the wrong cpu number for this (-1) and then will also yield the current cpu to the wrong cpu. Fix this by adding a missing continue statement. Fixes: 470ada6b1a1d ("s390/spinlock: refactor arch_spin_lock_wait[_flags]") Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-04-15crypto: sha1-mb - use corrcet pointer while completing jobsXiaodong Liu
In sha_complete_job, incorrect mcryptd_hash_request_ctx pointer is used when check and complete other jobs. If the memory of first completed req is freed, while still completing other jobs in the func, kernel will crash since NULL pointer is assigned to RIP. Cc: <stable@vger.kernel.org> Signed-off-by: Xiaodong Liu <xiaodong.liu@intel.com> Acked-by: Tim Chen <tim.c.chen@linux.intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2016-04-15ARM: 8551/2: DMA: Fix kzalloc flags in __dma_allocAlexandre Courbot
Commit 19e6e5e5392b ("ARM: 8547/1: dma-mapping: store buffer information") allocates a structure meant for internal buffer management with the GFP flags of the buffer itself. This can trigger the following safeguard in the slab/slub allocator: if (unlikely(flags & GFP_SLAB_BUG_MASK)) { pr_emerg("gfp: %un", flags & GFP_SLAB_BUG_MASK); BUG(); } Fix this by filtering the flags that make the slab allocator unhappy. Signed-off-by: Alexandre Courbot <acourbot@nvidia.com> Acked-by: Rabin Vincent <rabin@rab.in> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2016-04-14Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: a binutils fix, an lguest fix, an mcelog fix and a missing documentation fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mce: Avoid using object after free in genpool lguest, x86/entry/32: Fix handling of guest syscalls using interrupt gates x86/build: Build compressed x86 kernels as PIE x86/mm/pkeys: Add missing Documentation
2016-04-14Revert "x86: remove the kernel code/data/bss resources from /proc/iomem"Linus Torvalds
This reverts commit c4004b02f8e5b9ce357a0bb1641756cc86962664. Sadly, my hope that nobody would actually use the special kernel entries in /proc/iomem were dashed by kexec. Which reads /proc/iomem explicitly to find the kernel base address. Nasty. Anyway, that means we can't do the sane and simple thing and just remove the entries, and we'll instead have to mask them out based on permissions. Reported-by: Zhengyu Zhang <zhezhang@redhat.com> Reported-by: Dave Young <dyoung@redhat.com> Reported-by: Freeman Zhang <freeman.zhang1992@gmail.com> Reported-by: Emrah Demir <ed@abdsec.com> Reported-by: Baoquan He <bhe@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-04-14parisc: Fix ftrace function tracerHelge Deller
Fix the FTRACE function tracer for 32- and 64-bit kernel. The former code was horribly broken. Reimplement most coding in assembly and utilize optimizations, e.g. put mcount() and ftrace_stub() into one L1 cacheline. Signed-off-by: Helge Deller <deller@gmx.de>
2016-04-13Merge tag 'sh-fixes-4.6-rc1' of git://git.libc.org/linux-shLinus Torvalds
Pull arch/sh fixes from Rich Felker: "Fixes for two arch/sh build regressions that appeared in 4.6-rc1, one introduced by me, and one caused by changes elsewhere" * tag 'sh-fixes-4.6-rc1' of git://git.libc.org/linux-sh: sh: fix function signature of cpu_coregroup_mask to match pointer type sh: fix smp-shx3 build regression from removal of arch localtimer
2016-04-13Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu Pull m68knommu/coldfire fix from Greg Ungerer: "Only a single change that removes a local arch specific gpio bus sysfs device that now clashes with the generic gpio bus sysfs device interface" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68k/gpio: remove arch specific sysfs bus device
2016-04-13Merge tag 'armsoc-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "A batch of fixes for -rc4, for various platforms. Nothing really substantial and worth pointing out in particular; small fixes for various bugs, see shortlog for details" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: sa1100: remove references to the defunct handhelds.org bus: uniphier-system-bus: fix condition of overlap check ARM: uniphier: drop weird sizeof() ARM: dts: am335x-baltos-ir5221: fix cpsw_emac0 link type ARM: OMAP: Correct interrupt type for ARM TWD ARM: DRA722: Add ID detect for Silicon Rev 2.0 ARM: dts: am43xx: fix edma memcpy channel allocation ARM: dts: AM43x-epos: Fix clk parent for synctimer ARM: OMAP2: Fix up interconnect barrier initialization for DRA7 documentation: Fix pinctrl documentation for Meson8 / Meson8b ARM: dts: amlogic: Split pinctrl device for Meson8 / Meson8b ARM: mvebu: Correct unit address for linksys bus: mvebu-mbus: use %pa to print phys_addr_t arm64: dts: vulcan: Update PCI ranges ARM: u8500_defconfig: turn on the Synaptics RMI4 driver ARM: pxa: fix the number of DMA requestor lines ARM: OMAP2+: hwmod: Fix updating of sysconfig register ARM: OMAP2+: Use srst_udelay for USB on dm814x
2016-04-13Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds
Pull KVM fixes from Radim Krčmář: "ARM fixes: - Wrong indentation in the PMU code from the merge window - A long-time bug occuring with running ntpd on the host, candidate for stable - Properly handle (and warn about) the unsupported configuration of running on systems with less than 40 bits of PA space - More fixes to the PM and hotplug notifier stuff from the merge window x86: - leak of guest xcr0 (typically shows up as SIGILL) - new maintainer (who is sending the pull request too) - fix for merge window regression - fix for guest CPUID" Paolo Bonzini points out: "For the record, this tag is signed by me because I prepared the pull request. Further pull requests for 4.6 will be signed and sent out by Radim directly" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: mask CPUID(0xD,0x1).EAX against host value kvm: x86: do not leak guest xcr0 into host interrupt handlers KVM: MMU: fix permission_fault() KVM: new maintainer on the block arm64: KVM: unregister notifiers in hyp mode teardown path arm64: KVM: Warn when PARange is less than 40 bits KVM: arm/arm64: Handle forward time correction gracefully arm64: KVM: Add braces to multi-line if statement in virtual PMU code
2016-04-13x86/mce: Avoid using object after free in genpoolTony Luck
When we loop over all queued machine check error records to pass them to the registered notifiers we use llist_for_each_entry(). But the loop calls gen_pool_free() for the entry in the body of the loop - and then the iterator looks at node->next after the free. Use llist_for_each_entry_safe() instead. Signed-off-by: Tony Luck <tony.luck@intel.com> Signed-off-by: Borislav Petkov <bp@suse.de> Cc: <stable@vger.kernel.org> Cc: Gong Chen <gong.chen@linux.intel.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-edac <linux-edac@vger.kernel.org> Link: http://lkml.kernel.org/r/0205920@agluck-desk.sc.intel.com Link: http://lkml.kernel.org/r/1459929916-12852-4-git-send-email-bp@alien8.de Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-12Merge tag 'mvebu-fixes-4.6-1' of git://git.infradead.org/linux-mvebu into fixesOlof Johansson
mvebu fixes for 4.6 (part 1) - fix USB adress register for Linksys Armada 388 based boards - fix build warning in mvebu-mbus * tag 'mvebu-fixes-4.6-1' of git://git.infradead.org/linux-mvebu: ARM: mvebu: Correct unit address for linksys bus: mvebu-mbus: use %pa to print phys_addr_t Signed-off-by: Olof Johansson <olof@lixom.net>
2016-04-12ARM: sa1100: remove references to the defunct handhelds.orgLinus Walleij
The website handhelds.org has been down for a long time and is likely never coming back online. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Olof Johansson <olof@lixom.net>
2016-04-12Merge tag 'pxa-fixes-v4.6' of https://github.com/rjarzmik/linux into fixesOlof Johansson
ARM: pxa: fixes for v4.6 There is only a single fix for dma requestor lines initial setup, triggered by dmaengine previous fix. * tag 'pxa-fixes-v4.6' of https://github.com/rjarzmik/linux: ARM: pxa: fix the number of DMA requestor lines Signed-off-by: Olof Johansson <olof@lixom.net>
2016-04-12Merge tag 'omap-for-v4.6/fixes-rc1' of ↵Olof Johansson
git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Fixes for omaps against v4.6-rc1. Mostly minor fixes for the newer SoCs with few board fixes and a fix for a long time hwmod bug: - Fix cpsw_emac0 link type for baltos-ir5221 - Fix interrupt type for TWD - Fix edma memcpy channel allocation for am43x - Fix am43x-epos sycntimer32k by using the correct assigned clock - Fix interconnect barrier for dra7 - Fix a long time hwmod bug for updating sysconfig register properly - Fix flakey booting on dm814x where USB reset needs a delay And there is one minor change that is not strictly a fix, but is good to have for proper hardware detection: - Detect dra7 silicon revision 2.0 properly * tag 'omap-for-v4.6/fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: am335x-baltos-ir5221: fix cpsw_emac0 link type ARM: OMAP: Correct interrupt type for ARM TWD ARM: DRA722: Add ID detect for Silicon Rev 2.0 ARM: dts: am43xx: fix edma memcpy channel allocation ARM: dts: AM43x-epos: Fix clk parent for synctimer ARM: OMAP2: Fix up interconnect barrier initialization for DRA7 ARM: OMAP2+: hwmod: Fix updating of sysconfig register ARM: OMAP2+: Use srst_udelay for USB on dm814x Signed-off-by: Olof Johansson <olof@lixom.net>
2016-04-12ARM: uniphier: drop weird sizeof()Masahiro Yamada
My intention was to ioremap a 4-byte register. Coincidentally enough, sizeof(SZ_4) equals to SZ_4, but this code is weird anyway. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Olof Johansson <olof@lixom.net>
2016-04-11Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k update from Geert Uytterhoeven. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k/defconfig: Update defconfigs for v4.6-rc2 m68k: Wire up preadv2 and pwritev2
2016-04-11Merge tag 'arc-4.6-rc4-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fixes from Vineet Gupta: - fix Kconfig splat due to pcie rework - make ethernet work again on axs103 - provide fb_pgprotect() for future video driver integration * tag 'arc-4.6-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: [plat-axs103] Enable loop block devices Revert "ARC: [plat-axs10x] add Ethernet PHY description in .dts" arc: Add our own implementation of fb_pgprotect() ARC: Don't source drivers/pci/pcie/Kconfig ourselves
2016-04-11m68k/gpio: remove arch specific sysfs bus deviceGreg Ungerer
The ColdFire architecture specific gpio support code registers a sysfs bus device named "gpio". This clashes with the new generic API device added in commit 3c702e99 ("gpio: add a userspace chardev ABI for GPIOs"). The old ColdFire sysfs gpio device was never used for anything specific, and no links or other nodes were created under it. The new API sysfs gpio device has all the same default sysfs links (device, drivers, etc) and they are properly populated. Remove the old ColdFire sysfs gpio registration. Signed-off-by: Greg Ungerer <gerg@uclinux.org> Acked-by: Linus Walleij <linus.walleij@linaro.org>
2016-04-10Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-armLinus Torvalds
Pull ARM fixes from Russell King: "A couple of small fixes, and wiring up the new syscalls which appeared during the merge window" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: 8550/1: protect idiv patching against undefined gcc behavior ARM: wire up preadv2 and pwritev2 syscalls ARM: SMP enable of cache maintanence broadcast
2016-04-10KVM: x86: mask CPUID(0xD,0x1).EAX against host valuePaolo Bonzini
This ensures that the guest doesn't see XSAVE extensions (e.g. xgetbv1 or xsavec) that the host lacks. Cc: stable@vger.kernel.org Reviewed-by: Radim Krčmář <rkrcmar@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-10kvm: x86: do not leak guest xcr0 into host interrupt handlersDavid Matlack
An interrupt handler that uses the fpu can kill a KVM VM, if it runs under the following conditions: - the guest's xcr0 register is loaded on the cpu - the guest's fpu context is not loaded - the host is using eagerfpu Note that the guest's xcr0 register and fpu context are not loaded as part of the atomic world switch into "guest mode". They are loaded by KVM while the cpu is still in "host mode". Usage of the fpu in interrupt context is gated by irq_fpu_usable(). The interrupt handler will look something like this: if (irq_fpu_usable()) { kernel_fpu_begin(); [... code that uses the fpu ...] kernel_fpu_end(); } As long as the guest's fpu is not loaded and the host is using eager fpu, irq_fpu_usable() returns true (interrupted_kernel_fpu_idle() returns true). The interrupt handler proceeds to use the fpu with the guest's xcr0 live. kernel_fpu_begin() saves the current fpu context. If this uses XSAVE[OPT], it may leave the xsave area in an undesirable state. According to the SDM, during XSAVE bit i of XSTATE_BV is not modified if bit i is 0 in xcr0. So it's possible that XSTATE_BV[i] == 1 and xcr0[i] == 0 following an XSAVE. kernel_fpu_end() restores the fpu context. Now if any bit i in XSTATE_BV == 1 while xcr0[i] == 0, XRSTOR generates a #GP. The fault is trapped and SIGSEGV is delivered to the current process. Only pre-4.2 kernels appear to be vulnerable to this sequence of events. Commit 653f52c ("kvm,x86: load guest FPU context more eagerly") from 4.2 forces the guest's fpu to always be loaded on eagerfpu hosts. This patch fixes the bug by keeping the host's xcr0 loaded outside of the interrupts-disabled region where KVM switches into guest mode. Cc: stable@vger.kernel.org Suggested-by: Andy Lutomirski <luto@amacapital.net> Signed-off-by: David Matlack <dmatlack@google.com> [Move load after goto cancel_injection. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-10KVM: MMU: fix permission_fault()Xiao Guangrong
kvm-unit-tests complained about the PFEC is not set properly, e.g,: test pte.rw pte.d pte.nx pde.p pde.rw pde.pse user fetch: FAIL: error code 15 expected 5 Dump mapping: address: 0x123400000000 ------L4: 3e95007 ------L3: 3e96007 ------L2: 2000083 It's caused by the reason that PFEC returned to guest is copied from the PFEC triggered by shadow page table This patch fixes it and makes the logic of updating errcode more clean Signed-off-by: Xiao Guangrong <guangrong.xiao@linux.intel.com> [Do not assume pfec.p=1. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-09Merge branch 'parisc-4.6-3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc fixes from Helge Deller: "Since commit 0de798584bde ("parisc: Use generic extable search and sort routines") module loading is boken on parisc, because the parisc module loader wasn't prepared for the new R_PARISC_PCREL32 relocations. In addition, due to that breakage, Mikulas Patocka noticed that handling exceptions from modules probably never worked on parisc. It was just masked by the fact that exceptions from modules don't happen during normal use. This patch series fixes those issues and survives the tests of the lib/test_user_copy kernel module test. Some patches are tagged for stable" * 'parisc-4.6-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Update comment regarding relative extable support parisc: Unbreak handling exceptions from kernel modules parisc: Fix kernel crash with reversed copy_from_user() parisc: Avoid function pointers for kernel exception routines parisc: Handle R_PARISC_PCREL32 relocations in kernel modules
2016-04-09Merge tag 'pm+acpi-4.6-rc3' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management and ACPI fixes from Rafael Wysocki: "Fixes for some issues discovered after recent changes and for some that have just been found lately regardless of those changes (intel_pstate, intel_idle, PM core, mailbox/pcc, turbostat) plus support for some new CPU models (intel_idle, Intel RAPL driver, turbostat) and documentation updates (intel_pstate, PM core). Specifics: - intel_pstate fixes for two issues exposed by the recent switch over from using timers and for one issue introduced during the 4.4 cycle plus new comments describing data structures used by the driver (Rafael Wysocki, Srinivas Pandruvada). - intel_idle fixes related to CPU offline/online (Richard Cochran). - intel_idle support (new CPU IDs and state definitions mostly) for Skylake-X and Kabylake processors (Len Brown). - PCC mailbox driver fix for an out-of-bounds memory access that may cause the kernel to panic() (Shanker Donthineni). - New (missing) CPU ID for one apparently overlooked Haswell model in the Intel RAPL power capping driver (Srinivas Pandruvada). - Fix for the PM core's wakeup IRQs framework to make it work after wakeup settings reconfiguration from sysfs (Grygorii Strashko). - Runtime PM documentation update to make it describe what needs to be done during device removal more precisely (Krzysztof Kozlowski). - Stale comment removal cleanup in the cpufreq-dt driver (Viresh Kumar). - turbostat utility fixes and support for Broxton, Skylake-X and Kabylake processors (Len Brown)" * tag 'pm+acpi-4.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (28 commits) PM / wakeirq: fix wakeirq setting after wakup re-configuration from sysfs tools/power turbostat: work around RC6 counter wrap tools/power turbostat: initial KBL support tools/power turbostat: initial SKX support tools/power turbostat: decode BXT TSC frequency via CPUID tools/power turbostat: initial BXT support tools/power turbostat: print IRTL MSRs tools/power turbostat: SGX state should print only if --debug intel_idle: Add KBL support intel_idle: Add SKX support intel_idle: Clean up all registered devices on exit. intel_idle: Propagate hot plug errors. intel_idle: Don't overreact to a cpuidle registration failure. intel_idle: Setup the timer broadcast only on successful driver load. intel_idle: Avoid a double free of the per-CPU data. intel_idle: Fix dangling registration on error path. intel_idle: Fix deallocation order on the driver exit path. intel_idle: Remove redundant initialization calls. intel_idle: Fix a helper function's return value. intel_idle: remove useless return from void function. ...
2016-04-08Merge tag 'meson8-dt-fix' of https://github.com/carlocaione/linux-meson into ↵Kevin Hilman
fixes With http://www.spinics.net/lists/devicetree/msg116771.html we split / refactor the pinctrl driver to have two different pinctrl devices for each bus on the Amlogic Meson8 / Meson8b SoCs. These are the missing patches for documentation and DT that weren't pulled into mainline with the driver changes. * tag 'meson8-dt-fix' of https://github.com/carlocaione/linux-meson: documentation: Fix pinctrl documentation for Meson8 / Meson8b ARM: dts: amlogic: Split pinctrl device for Meson8 / Meson8b
2016-04-08parisc: Update comment regarding relative extable supportHelge Deller
Update the comment to reflect the changes of commit 0de7985 (parisc: Use generic extable search and sort routines). Signed-off-by: Helge Deller <deller@gmx.de>
2016-04-08parisc: Unbreak handling exceptions from kernel modulesHelge Deller
Handling exceptions from modules never worked on parisc. It was just masked by the fact that exceptions from modules don't happen during normal use. When a module triggers an exception in get_user() we need to load the main kernel dp value before accessing the exception_data structure, and afterwards restore the original dp value of the module on exit. Noticed-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Helge Deller <deller@gmx.de> Cc: stable@vger.kernel.org
2016-04-08parisc: Fix kernel crash with reversed copy_from_user()Helge Deller
The kernel module testcase (lib/test_user_copy.c) exhibited a kernel crash on parisc if the parameters for copy_from_user were reversed ("illegal reversed copy_to_user" testcase). Fix this potential crash by checking the fault handler if the faulting address is in the exception table. Signed-off-by: Helge Deller <deller@gmx.de> Cc: stable@vger.kernel.org Cc: Kees Cook <keescook@chromium.org>
2016-04-08parisc: Avoid function pointers for kernel exception routinesHelge Deller
We want to avoid the kernel module loader to create function pointers for the kernel fixup routines of get_user() and put_user(). Changing the external reference from function type to int type fixes this. This unbreaks exception handling for get_user() and put_user() when called from a kernel module. Signed-off-by: Helge Deller <deller@gmx.de> Cc: stable@vger.kernel.org
2016-04-08parisc: Handle R_PARISC_PCREL32 relocations in kernel modulesHelge Deller
Commit 0de7985 (parisc: Use generic extable search and sort routines) changed the exception tables to use 32bit relative offsets. This patch now adds support to the kernel module loader to handle such R_PARISC_PCREL32 relocations for 32- and 64-bit modules. Signed-off-by: Helge Deller <deller@gmx.de>