Contents of /trunk/kernel-alx/patches-3.14/0115-3.14.16-all-fixes.patch
Parent Directory | Revision Log
Revision 2506 -
(show annotations)
(download)
Fri Oct 17 07:55:45 2014 UTC (9 years, 11 months ago) by niro
File size: 56969 byte(s)
Fri Oct 17 07:55:45 2014 UTC (9 years, 11 months ago) by niro
File size: 56969 byte(s)
-patches for 3.14
1 | diff --git a/Documentation/x86/x86_64/mm.txt b/Documentation/x86/x86_64/mm.txt |
2 | index c584a51add15..afe68ddbe6a4 100644 |
3 | --- a/Documentation/x86/x86_64/mm.txt |
4 | +++ b/Documentation/x86/x86_64/mm.txt |
5 | @@ -12,6 +12,8 @@ ffffc90000000000 - ffffe8ffffffffff (=45 bits) vmalloc/ioremap space |
6 | ffffe90000000000 - ffffe9ffffffffff (=40 bits) hole |
7 | ffffea0000000000 - ffffeaffffffffff (=40 bits) virtual memory map (1TB) |
8 | ... unused hole ... |
9 | +ffffff0000000000 - ffffff7fffffffff (=39 bits) %esp fixup stacks |
10 | +... unused hole ... |
11 | ffffffff80000000 - ffffffffa0000000 (=512 MB) kernel text mapping, from phys 0 |
12 | ffffffffa0000000 - ffffffffff5fffff (=1525 MB) module mapping space |
13 | ffffffffff600000 - ffffffffffdfffff (=8 MB) vsyscalls |
14 | diff --git a/Makefile b/Makefile |
15 | index 188523e9e880..8b22e24a2d8e 100644 |
16 | --- a/Makefile |
17 | +++ b/Makefile |
18 | @@ -1,6 +1,6 @@ |
19 | VERSION = 3 |
20 | PATCHLEVEL = 14 |
21 | -SUBLEVEL = 15 |
22 | +SUBLEVEL = 16 |
23 | EXTRAVERSION = |
24 | NAME = Remembering Coco |
25 | |
26 | diff --git a/arch/arm/boot/dts/dra7-evm.dts b/arch/arm/boot/dts/dra7-evm.dts |
27 | index 5babba0a3a75..904dcf5973f3 100644 |
28 | --- a/arch/arm/boot/dts/dra7-evm.dts |
29 | +++ b/arch/arm/boot/dts/dra7-evm.dts |
30 | @@ -182,6 +182,7 @@ |
31 | regulator-name = "ldo3"; |
32 | regulator-min-microvolt = <1800000>; |
33 | regulator-max-microvolt = <1800000>; |
34 | + regulator-always-on; |
35 | regulator-boot-on; |
36 | }; |
37 | |
38 | diff --git a/arch/arm/boot/dts/hi3620.dtsi b/arch/arm/boot/dts/hi3620.dtsi |
39 | index ab1116d086be..83a5b8685bd9 100644 |
40 | --- a/arch/arm/boot/dts/hi3620.dtsi |
41 | +++ b/arch/arm/boot/dts/hi3620.dtsi |
42 | @@ -73,7 +73,7 @@ |
43 | |
44 | L2: l2-cache { |
45 | compatible = "arm,pl310-cache"; |
46 | - reg = <0xfc10000 0x100000>; |
47 | + reg = <0x100000 0x100000>; |
48 | interrupts = <0 15 4>; |
49 | cache-unified; |
50 | cache-level = <2>; |
51 | diff --git a/arch/arm/crypto/aesbs-glue.c b/arch/arm/crypto/aesbs-glue.c |
52 | index 4522366da759..15468fbbdea3 100644 |
53 | --- a/arch/arm/crypto/aesbs-glue.c |
54 | +++ b/arch/arm/crypto/aesbs-glue.c |
55 | @@ -137,7 +137,7 @@ static int aesbs_cbc_encrypt(struct blkcipher_desc *desc, |
56 | dst += AES_BLOCK_SIZE; |
57 | } while (--blocks); |
58 | } |
59 | - err = blkcipher_walk_done(desc, &walk, 0); |
60 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); |
61 | } |
62 | return err; |
63 | } |
64 | @@ -158,7 +158,7 @@ static int aesbs_cbc_decrypt(struct blkcipher_desc *desc, |
65 | bsaes_cbc_encrypt(walk.src.virt.addr, walk.dst.virt.addr, |
66 | walk.nbytes, &ctx->dec, walk.iv); |
67 | kernel_neon_end(); |
68 | - err = blkcipher_walk_done(desc, &walk, 0); |
69 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); |
70 | } |
71 | while (walk.nbytes) { |
72 | u32 blocks = walk.nbytes / AES_BLOCK_SIZE; |
73 | @@ -182,7 +182,7 @@ static int aesbs_cbc_decrypt(struct blkcipher_desc *desc, |
74 | dst += AES_BLOCK_SIZE; |
75 | src += AES_BLOCK_SIZE; |
76 | } while (--blocks); |
77 | - err = blkcipher_walk_done(desc, &walk, 0); |
78 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); |
79 | } |
80 | return err; |
81 | } |
82 | @@ -268,7 +268,7 @@ static int aesbs_xts_encrypt(struct blkcipher_desc *desc, |
83 | bsaes_xts_encrypt(walk.src.virt.addr, walk.dst.virt.addr, |
84 | walk.nbytes, &ctx->enc, walk.iv); |
85 | kernel_neon_end(); |
86 | - err = blkcipher_walk_done(desc, &walk, 0); |
87 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); |
88 | } |
89 | return err; |
90 | } |
91 | @@ -292,7 +292,7 @@ static int aesbs_xts_decrypt(struct blkcipher_desc *desc, |
92 | bsaes_xts_decrypt(walk.src.virt.addr, walk.dst.virt.addr, |
93 | walk.nbytes, &ctx->dec, walk.iv); |
94 | kernel_neon_end(); |
95 | - err = blkcipher_walk_done(desc, &walk, 0); |
96 | + err = blkcipher_walk_done(desc, &walk, walk.nbytes % AES_BLOCK_SIZE); |
97 | } |
98 | return err; |
99 | } |
100 | diff --git a/arch/arm/mm/idmap.c b/arch/arm/mm/idmap.c |
101 | index 8e0e52eb76b5..d7a0ee898d24 100644 |
102 | --- a/arch/arm/mm/idmap.c |
103 | +++ b/arch/arm/mm/idmap.c |
104 | @@ -25,6 +25,13 @@ static void idmap_add_pmd(pud_t *pud, unsigned long addr, unsigned long end, |
105 | pr_warning("Failed to allocate identity pmd.\n"); |
106 | return; |
107 | } |
108 | + /* |
109 | + * Copy the original PMD to ensure that the PMD entries for |
110 | + * the kernel image are preserved. |
111 | + */ |
112 | + if (!pud_none(*pud)) |
113 | + memcpy(pmd, pmd_offset(pud, 0), |
114 | + PTRS_PER_PMD * sizeof(pmd_t)); |
115 | pud_populate(&init_mm, pud, pmd); |
116 | pmd += pmd_index(addr); |
117 | } else |
118 | diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c |
119 | index b68c6b22e1c8..f15c22e8bcd5 100644 |
120 | --- a/arch/arm/mm/mmu.c |
121 | +++ b/arch/arm/mm/mmu.c |
122 | @@ -1436,8 +1436,8 @@ void __init early_paging_init(const struct machine_desc *mdesc, |
123 | return; |
124 | |
125 | /* remap kernel code and data */ |
126 | - map_start = init_mm.start_code; |
127 | - map_end = init_mm.brk; |
128 | + map_start = init_mm.start_code & PMD_MASK; |
129 | + map_end = ALIGN(init_mm.brk, PMD_SIZE); |
130 | |
131 | /* get a handle on things... */ |
132 | pgd0 = pgd_offset_k(0); |
133 | @@ -1472,7 +1472,7 @@ void __init early_paging_init(const struct machine_desc *mdesc, |
134 | } |
135 | |
136 | /* remap pmds for kernel mapping */ |
137 | - phys = __pa(map_start) & PMD_MASK; |
138 | + phys = __pa(map_start); |
139 | do { |
140 | *pmdk++ = __pmd(phys | pmdprot); |
141 | phys += PMD_SIZE; |
142 | diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig |
143 | index 7324107acb40..c718d9f25900 100644 |
144 | --- a/arch/x86/Kconfig |
145 | +++ b/arch/x86/Kconfig |
146 | @@ -966,10 +966,27 @@ config VM86 |
147 | default y |
148 | depends on X86_32 |
149 | ---help--- |
150 | - This option is required by programs like DOSEMU to run 16-bit legacy |
151 | - code on X86 processors. It also may be needed by software like |
152 | - XFree86 to initialize some video cards via BIOS. Disabling this |
153 | - option saves about 6k. |
154 | + This option is required by programs like DOSEMU to run |
155 | + 16-bit real mode legacy code on x86 processors. It also may |
156 | + be needed by software like XFree86 to initialize some video |
157 | + cards via BIOS. Disabling this option saves about 6K. |
158 | + |
159 | +config X86_16BIT |
160 | + bool "Enable support for 16-bit segments" if EXPERT |
161 | + default y |
162 | + ---help--- |
163 | + This option is required by programs like Wine to run 16-bit |
164 | + protected mode legacy code on x86 processors. Disabling |
165 | + this option saves about 300 bytes on i386, or around 6K text |
166 | + plus 16K runtime memory on x86-64, |
167 | + |
168 | +config X86_ESPFIX32 |
169 | + def_bool y |
170 | + depends on X86_16BIT && X86_32 |
171 | + |
172 | +config X86_ESPFIX64 |
173 | + def_bool y |
174 | + depends on X86_16BIT && X86_64 |
175 | |
176 | config TOSHIBA |
177 | tristate "Toshiba Laptop support" |
178 | diff --git a/arch/x86/include/asm/espfix.h b/arch/x86/include/asm/espfix.h |
179 | new file mode 100644 |
180 | index 000000000000..99efebb2f69d |
181 | --- /dev/null |
182 | +++ b/arch/x86/include/asm/espfix.h |
183 | @@ -0,0 +1,16 @@ |
184 | +#ifndef _ASM_X86_ESPFIX_H |
185 | +#define _ASM_X86_ESPFIX_H |
186 | + |
187 | +#ifdef CONFIG_X86_64 |
188 | + |
189 | +#include <asm/percpu.h> |
190 | + |
191 | +DECLARE_PER_CPU_READ_MOSTLY(unsigned long, espfix_stack); |
192 | +DECLARE_PER_CPU_READ_MOSTLY(unsigned long, espfix_waddr); |
193 | + |
194 | +extern void init_espfix_bsp(void); |
195 | +extern void init_espfix_ap(void); |
196 | + |
197 | +#endif /* CONFIG_X86_64 */ |
198 | + |
199 | +#endif /* _ASM_X86_ESPFIX_H */ |
200 | diff --git a/arch/x86/include/asm/irqflags.h b/arch/x86/include/asm/irqflags.h |
201 | index bba3cf88e624..0a8b519226b8 100644 |
202 | --- a/arch/x86/include/asm/irqflags.h |
203 | +++ b/arch/x86/include/asm/irqflags.h |
204 | @@ -129,7 +129,7 @@ static inline notrace unsigned long arch_local_irq_save(void) |
205 | |
206 | #define PARAVIRT_ADJUST_EXCEPTION_FRAME /* */ |
207 | |
208 | -#define INTERRUPT_RETURN iretq |
209 | +#define INTERRUPT_RETURN jmp native_iret |
210 | #define USERGS_SYSRET64 \ |
211 | swapgs; \ |
212 | sysretq; |
213 | diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h |
214 | index c883bf726398..7166e25ecb57 100644 |
215 | --- a/arch/x86/include/asm/pgtable_64_types.h |
216 | +++ b/arch/x86/include/asm/pgtable_64_types.h |
217 | @@ -61,6 +61,8 @@ typedef struct { pteval_t pte; } pte_t; |
218 | #define MODULES_VADDR (__START_KERNEL_map + KERNEL_IMAGE_SIZE) |
219 | #define MODULES_END _AC(0xffffffffff000000, UL) |
220 | #define MODULES_LEN (MODULES_END - MODULES_VADDR) |
221 | +#define ESPFIX_PGD_ENTRY _AC(-2, UL) |
222 | +#define ESPFIX_BASE_ADDR (ESPFIX_PGD_ENTRY << PGDIR_SHIFT) |
223 | |
224 | #define EARLY_DYNAMIC_PAGE_TABLES 64 |
225 | |
226 | diff --git a/arch/x86/include/asm/setup.h b/arch/x86/include/asm/setup.h |
227 | index d62c9f809bc5..75b14ca135be 100644 |
228 | --- a/arch/x86/include/asm/setup.h |
229 | +++ b/arch/x86/include/asm/setup.h |
230 | @@ -65,6 +65,8 @@ static inline void x86_ce4100_early_setup(void) { } |
231 | |
232 | #ifndef _SETUP |
233 | |
234 | +#include <asm/espfix.h> |
235 | + |
236 | /* |
237 | * This is set up by the setup-routine at boot-time |
238 | */ |
239 | diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile |
240 | index cb648c84b327..56bac868cb91 100644 |
241 | --- a/arch/x86/kernel/Makefile |
242 | +++ b/arch/x86/kernel/Makefile |
243 | @@ -29,6 +29,7 @@ obj-$(CONFIG_X86_64) += sys_x86_64.o x8664_ksyms_64.o |
244 | obj-y += syscall_$(BITS).o |
245 | obj-$(CONFIG_X86_64) += vsyscall_64.o |
246 | obj-$(CONFIG_X86_64) += vsyscall_emu_64.o |
247 | +obj-$(CONFIG_X86_ESPFIX64) += espfix_64.o |
248 | obj-$(CONFIG_SYSFS) += ksysfs.o |
249 | obj-y += bootflag.o e820.o |
250 | obj-y += pci-dma.o quirks.o topology.o kdebugfs.o |
251 | diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S |
252 | index c87810b1b557..c5a9cb94dee6 100644 |
253 | --- a/arch/x86/kernel/entry_32.S |
254 | +++ b/arch/x86/kernel/entry_32.S |
255 | @@ -529,6 +529,7 @@ syscall_exit: |
256 | restore_all: |
257 | TRACE_IRQS_IRET |
258 | restore_all_notrace: |
259 | +#ifdef CONFIG_X86_ESPFIX32 |
260 | movl PT_EFLAGS(%esp), %eax # mix EFLAGS, SS and CS |
261 | # Warning: PT_OLDSS(%esp) contains the wrong/random values if we |
262 | # are returning to the kernel. |
263 | @@ -539,6 +540,7 @@ restore_all_notrace: |
264 | cmpl $((SEGMENT_LDT << 8) | USER_RPL), %eax |
265 | CFI_REMEMBER_STATE |
266 | je ldt_ss # returning to user-space with LDT SS |
267 | +#endif |
268 | restore_nocheck: |
269 | RESTORE_REGS 4 # skip orig_eax/error_code |
270 | irq_return: |
271 | @@ -551,6 +553,7 @@ ENTRY(iret_exc) |
272 | .previous |
273 | _ASM_EXTABLE(irq_return,iret_exc) |
274 | |
275 | +#ifdef CONFIG_X86_ESPFIX32 |
276 | CFI_RESTORE_STATE |
277 | ldt_ss: |
278 | #ifdef CONFIG_PARAVIRT |
279 | @@ -594,6 +597,7 @@ ldt_ss: |
280 | lss (%esp), %esp /* switch to espfix segment */ |
281 | CFI_ADJUST_CFA_OFFSET -8 |
282 | jmp restore_nocheck |
283 | +#endif |
284 | CFI_ENDPROC |
285 | ENDPROC(system_call) |
286 | |
287 | @@ -706,6 +710,7 @@ END(syscall_badsys) |
288 | * the high word of the segment base from the GDT and swiches to the |
289 | * normal stack and adjusts ESP with the matching offset. |
290 | */ |
291 | +#ifdef CONFIG_X86_ESPFIX32 |
292 | /* fixup the stack */ |
293 | mov GDT_ESPFIX_SS + 4, %al /* bits 16..23 */ |
294 | mov GDT_ESPFIX_SS + 7, %ah /* bits 24..31 */ |
295 | @@ -715,8 +720,10 @@ END(syscall_badsys) |
296 | pushl_cfi %eax |
297 | lss (%esp), %esp /* switch to the normal stack segment */ |
298 | CFI_ADJUST_CFA_OFFSET -8 |
299 | +#endif |
300 | .endm |
301 | .macro UNWIND_ESPFIX_STACK |
302 | +#ifdef CONFIG_X86_ESPFIX32 |
303 | movl %ss, %eax |
304 | /* see if on espfix stack */ |
305 | cmpw $__ESPFIX_SS, %ax |
306 | @@ -727,6 +734,7 @@ END(syscall_badsys) |
307 | /* switch to normal stack */ |
308 | FIXUP_ESPFIX_STACK |
309 | 27: |
310 | +#endif |
311 | .endm |
312 | |
313 | /* |
314 | @@ -1357,11 +1365,13 @@ END(debug) |
315 | ENTRY(nmi) |
316 | RING0_INT_FRAME |
317 | ASM_CLAC |
318 | +#ifdef CONFIG_X86_ESPFIX32 |
319 | pushl_cfi %eax |
320 | movl %ss, %eax |
321 | cmpw $__ESPFIX_SS, %ax |
322 | popl_cfi %eax |
323 | je nmi_espfix_stack |
324 | +#endif |
325 | cmpl $ia32_sysenter_target,(%esp) |
326 | je nmi_stack_fixup |
327 | pushl_cfi %eax |
328 | @@ -1401,6 +1411,7 @@ nmi_debug_stack_check: |
329 | FIX_STACK 24, nmi_stack_correct, 1 |
330 | jmp nmi_stack_correct |
331 | |
332 | +#ifdef CONFIG_X86_ESPFIX32 |
333 | nmi_espfix_stack: |
334 | /* We have a RING0_INT_FRAME here. |
335 | * |
336 | @@ -1422,6 +1433,7 @@ nmi_espfix_stack: |
337 | lss 12+4(%esp), %esp # back to espfix stack |
338 | CFI_ADJUST_CFA_OFFSET -24 |
339 | jmp irq_return |
340 | +#endif |
341 | CFI_ENDPROC |
342 | END(nmi) |
343 | |
344 | diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S |
345 | index 1e96c3628bf2..03cd2a8f6009 100644 |
346 | --- a/arch/x86/kernel/entry_64.S |
347 | +++ b/arch/x86/kernel/entry_64.S |
348 | @@ -58,6 +58,7 @@ |
349 | #include <asm/asm.h> |
350 | #include <asm/context_tracking.h> |
351 | #include <asm/smap.h> |
352 | +#include <asm/pgtable_types.h> |
353 | #include <linux/err.h> |
354 | |
355 | /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ |
356 | @@ -1041,12 +1042,45 @@ restore_args: |
357 | |
358 | irq_return: |
359 | INTERRUPT_RETURN |
360 | - _ASM_EXTABLE(irq_return, bad_iret) |
361 | |
362 | -#ifdef CONFIG_PARAVIRT |
363 | ENTRY(native_iret) |
364 | + /* |
365 | + * Are we returning to a stack segment from the LDT? Note: in |
366 | + * 64-bit mode SS:RSP on the exception stack is always valid. |
367 | + */ |
368 | +#ifdef CONFIG_X86_ESPFIX64 |
369 | + testb $4,(SS-RIP)(%rsp) |
370 | + jnz native_irq_return_ldt |
371 | +#endif |
372 | + |
373 | +native_irq_return_iret: |
374 | iretq |
375 | - _ASM_EXTABLE(native_iret, bad_iret) |
376 | + _ASM_EXTABLE(native_irq_return_iret, bad_iret) |
377 | + |
378 | +#ifdef CONFIG_X86_ESPFIX64 |
379 | +native_irq_return_ldt: |
380 | + pushq_cfi %rax |
381 | + pushq_cfi %rdi |
382 | + SWAPGS |
383 | + movq PER_CPU_VAR(espfix_waddr),%rdi |
384 | + movq %rax,(0*8)(%rdi) /* RAX */ |
385 | + movq (2*8)(%rsp),%rax /* RIP */ |
386 | + movq %rax,(1*8)(%rdi) |
387 | + movq (3*8)(%rsp),%rax /* CS */ |
388 | + movq %rax,(2*8)(%rdi) |
389 | + movq (4*8)(%rsp),%rax /* RFLAGS */ |
390 | + movq %rax,(3*8)(%rdi) |
391 | + movq (6*8)(%rsp),%rax /* SS */ |
392 | + movq %rax,(5*8)(%rdi) |
393 | + movq (5*8)(%rsp),%rax /* RSP */ |
394 | + movq %rax,(4*8)(%rdi) |
395 | + andl $0xffff0000,%eax |
396 | + popq_cfi %rdi |
397 | + orq PER_CPU_VAR(espfix_stack),%rax |
398 | + SWAPGS |
399 | + movq %rax,%rsp |
400 | + popq_cfi %rax |
401 | + jmp native_irq_return_iret |
402 | #endif |
403 | |
404 | .section .fixup,"ax" |
405 | @@ -1110,9 +1144,40 @@ ENTRY(retint_kernel) |
406 | call preempt_schedule_irq |
407 | jmp exit_intr |
408 | #endif |
409 | - |
410 | CFI_ENDPROC |
411 | END(common_interrupt) |
412 | + |
413 | + /* |
414 | + * If IRET takes a fault on the espfix stack, then we |
415 | + * end up promoting it to a doublefault. In that case, |
416 | + * modify the stack to make it look like we just entered |
417 | + * the #GP handler from user space, similar to bad_iret. |
418 | + */ |
419 | +#ifdef CONFIG_X86_ESPFIX64 |
420 | + ALIGN |
421 | +__do_double_fault: |
422 | + XCPT_FRAME 1 RDI+8 |
423 | + movq RSP(%rdi),%rax /* Trap on the espfix stack? */ |
424 | + sarq $PGDIR_SHIFT,%rax |
425 | + cmpl $ESPFIX_PGD_ENTRY,%eax |
426 | + jne do_double_fault /* No, just deliver the fault */ |
427 | + cmpl $__KERNEL_CS,CS(%rdi) |
428 | + jne do_double_fault |
429 | + movq RIP(%rdi),%rax |
430 | + cmpq $native_irq_return_iret,%rax |
431 | + jne do_double_fault /* This shouldn't happen... */ |
432 | + movq PER_CPU_VAR(kernel_stack),%rax |
433 | + subq $(6*8-KERNEL_STACK_OFFSET),%rax /* Reset to original stack */ |
434 | + movq %rax,RSP(%rdi) |
435 | + movq $0,(%rax) /* Missing (lost) #GP error code */ |
436 | + movq $general_protection,RIP(%rdi) |
437 | + retq |
438 | + CFI_ENDPROC |
439 | +END(__do_double_fault) |
440 | +#else |
441 | +# define __do_double_fault do_double_fault |
442 | +#endif |
443 | + |
444 | /* |
445 | * End of kprobes section |
446 | */ |
447 | @@ -1314,7 +1379,7 @@ zeroentry overflow do_overflow |
448 | zeroentry bounds do_bounds |
449 | zeroentry invalid_op do_invalid_op |
450 | zeroentry device_not_available do_device_not_available |
451 | -paranoiderrorentry double_fault do_double_fault |
452 | +paranoiderrorentry double_fault __do_double_fault |
453 | zeroentry coprocessor_segment_overrun do_coprocessor_segment_overrun |
454 | errorentry invalid_TSS do_invalid_TSS |
455 | errorentry segment_not_present do_segment_not_present |
456 | @@ -1601,7 +1666,7 @@ error_sti: |
457 | */ |
458 | error_kernelspace: |
459 | incl %ebx |
460 | - leaq irq_return(%rip),%rcx |
461 | + leaq native_irq_return_iret(%rip),%rcx |
462 | cmpq %rcx,RIP+8(%rsp) |
463 | je error_swapgs |
464 | movl %ecx,%eax /* zero extend */ |
465 | diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c |
466 | new file mode 100644 |
467 | index 000000000000..94d857fb1033 |
468 | --- /dev/null |
469 | +++ b/arch/x86/kernel/espfix_64.c |
470 | @@ -0,0 +1,208 @@ |
471 | +/* ----------------------------------------------------------------------- * |
472 | + * |
473 | + * Copyright 2014 Intel Corporation; author: H. Peter Anvin |
474 | + * |
475 | + * This program is free software; you can redistribute it and/or modify it |
476 | + * under the terms and conditions of the GNU General Public License, |
477 | + * version 2, as published by the Free Software Foundation. |
478 | + * |
479 | + * This program is distributed in the hope it will be useful, but WITHOUT |
480 | + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
481 | + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for |
482 | + * more details. |
483 | + * |
484 | + * ----------------------------------------------------------------------- */ |
485 | + |
486 | +/* |
487 | + * The IRET instruction, when returning to a 16-bit segment, only |
488 | + * restores the bottom 16 bits of the user space stack pointer. This |
489 | + * causes some 16-bit software to break, but it also leaks kernel state |
490 | + * to user space. |
491 | + * |
492 | + * This works around this by creating percpu "ministacks", each of which |
493 | + * is mapped 2^16 times 64K apart. When we detect that the return SS is |
494 | + * on the LDT, we copy the IRET frame to the ministack and use the |
495 | + * relevant alias to return to userspace. The ministacks are mapped |
496 | + * readonly, so if the IRET fault we promote #GP to #DF which is an IST |
497 | + * vector and thus has its own stack; we then do the fixup in the #DF |
498 | + * handler. |
499 | + * |
500 | + * This file sets up the ministacks and the related page tables. The |
501 | + * actual ministack invocation is in entry_64.S. |
502 | + */ |
503 | + |
504 | +#include <linux/init.h> |
505 | +#include <linux/init_task.h> |
506 | +#include <linux/kernel.h> |
507 | +#include <linux/percpu.h> |
508 | +#include <linux/gfp.h> |
509 | +#include <linux/random.h> |
510 | +#include <asm/pgtable.h> |
511 | +#include <asm/pgalloc.h> |
512 | +#include <asm/setup.h> |
513 | +#include <asm/espfix.h> |
514 | + |
515 | +/* |
516 | + * Note: we only need 6*8 = 48 bytes for the espfix stack, but round |
517 | + * it up to a cache line to avoid unnecessary sharing. |
518 | + */ |
519 | +#define ESPFIX_STACK_SIZE (8*8UL) |
520 | +#define ESPFIX_STACKS_PER_PAGE (PAGE_SIZE/ESPFIX_STACK_SIZE) |
521 | + |
522 | +/* There is address space for how many espfix pages? */ |
523 | +#define ESPFIX_PAGE_SPACE (1UL << (PGDIR_SHIFT-PAGE_SHIFT-16)) |
524 | + |
525 | +#define ESPFIX_MAX_CPUS (ESPFIX_STACKS_PER_PAGE * ESPFIX_PAGE_SPACE) |
526 | +#if CONFIG_NR_CPUS > ESPFIX_MAX_CPUS |
527 | +# error "Need more than one PGD for the ESPFIX hack" |
528 | +#endif |
529 | + |
530 | +#define PGALLOC_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_REPEAT | __GFP_ZERO) |
531 | + |
532 | +/* This contains the *bottom* address of the espfix stack */ |
533 | +DEFINE_PER_CPU_READ_MOSTLY(unsigned long, espfix_stack); |
534 | +DEFINE_PER_CPU_READ_MOSTLY(unsigned long, espfix_waddr); |
535 | + |
536 | +/* Initialization mutex - should this be a spinlock? */ |
537 | +static DEFINE_MUTEX(espfix_init_mutex); |
538 | + |
539 | +/* Page allocation bitmap - each page serves ESPFIX_STACKS_PER_PAGE CPUs */ |
540 | +#define ESPFIX_MAX_PAGES DIV_ROUND_UP(CONFIG_NR_CPUS, ESPFIX_STACKS_PER_PAGE) |
541 | +static void *espfix_pages[ESPFIX_MAX_PAGES]; |
542 | + |
543 | +static __page_aligned_bss pud_t espfix_pud_page[PTRS_PER_PUD] |
544 | + __aligned(PAGE_SIZE); |
545 | + |
546 | +static unsigned int page_random, slot_random; |
547 | + |
548 | +/* |
549 | + * This returns the bottom address of the espfix stack for a specific CPU. |
550 | + * The math allows for a non-power-of-two ESPFIX_STACK_SIZE, in which case |
551 | + * we have to account for some amount of padding at the end of each page. |
552 | + */ |
553 | +static inline unsigned long espfix_base_addr(unsigned int cpu) |
554 | +{ |
555 | + unsigned long page, slot; |
556 | + unsigned long addr; |
557 | + |
558 | + page = (cpu / ESPFIX_STACKS_PER_PAGE) ^ page_random; |
559 | + slot = (cpu + slot_random) % ESPFIX_STACKS_PER_PAGE; |
560 | + addr = (page << PAGE_SHIFT) + (slot * ESPFIX_STACK_SIZE); |
561 | + addr = (addr & 0xffffUL) | ((addr & ~0xffffUL) << 16); |
562 | + addr += ESPFIX_BASE_ADDR; |
563 | + return addr; |
564 | +} |
565 | + |
566 | +#define PTE_STRIDE (65536/PAGE_SIZE) |
567 | +#define ESPFIX_PTE_CLONES (PTRS_PER_PTE/PTE_STRIDE) |
568 | +#define ESPFIX_PMD_CLONES PTRS_PER_PMD |
569 | +#define ESPFIX_PUD_CLONES (65536/(ESPFIX_PTE_CLONES*ESPFIX_PMD_CLONES)) |
570 | + |
571 | +#define PGTABLE_PROT ((_KERNPG_TABLE & ~_PAGE_RW) | _PAGE_NX) |
572 | + |
573 | +static void init_espfix_random(void) |
574 | +{ |
575 | + unsigned long rand; |
576 | + |
577 | + /* |
578 | + * This is run before the entropy pools are initialized, |
579 | + * but this is hopefully better than nothing. |
580 | + */ |
581 | + if (!arch_get_random_long(&rand)) { |
582 | + /* The constant is an arbitrary large prime */ |
583 | + rdtscll(rand); |
584 | + rand *= 0xc345c6b72fd16123UL; |
585 | + } |
586 | + |
587 | + slot_random = rand % ESPFIX_STACKS_PER_PAGE; |
588 | + page_random = (rand / ESPFIX_STACKS_PER_PAGE) |
589 | + & (ESPFIX_PAGE_SPACE - 1); |
590 | +} |
591 | + |
592 | +void __init init_espfix_bsp(void) |
593 | +{ |
594 | + pgd_t *pgd_p; |
595 | + pteval_t ptemask; |
596 | + |
597 | + ptemask = __supported_pte_mask; |
598 | + |
599 | + /* Install the espfix pud into the kernel page directory */ |
600 | + pgd_p = &init_level4_pgt[pgd_index(ESPFIX_BASE_ADDR)]; |
601 | + pgd_populate(&init_mm, pgd_p, (pud_t *)espfix_pud_page); |
602 | + |
603 | + /* Randomize the locations */ |
604 | + init_espfix_random(); |
605 | + |
606 | + /* The rest is the same as for any other processor */ |
607 | + init_espfix_ap(); |
608 | +} |
609 | + |
610 | +void init_espfix_ap(void) |
611 | +{ |
612 | + unsigned int cpu, page; |
613 | + unsigned long addr; |
614 | + pud_t pud, *pud_p; |
615 | + pmd_t pmd, *pmd_p; |
616 | + pte_t pte, *pte_p; |
617 | + int n; |
618 | + void *stack_page; |
619 | + pteval_t ptemask; |
620 | + |
621 | + /* We only have to do this once... */ |
622 | + if (likely(this_cpu_read(espfix_stack))) |
623 | + return; /* Already initialized */ |
624 | + |
625 | + cpu = smp_processor_id(); |
626 | + addr = espfix_base_addr(cpu); |
627 | + page = cpu/ESPFIX_STACKS_PER_PAGE; |
628 | + |
629 | + /* Did another CPU already set this up? */ |
630 | + stack_page = ACCESS_ONCE(espfix_pages[page]); |
631 | + if (likely(stack_page)) |
632 | + goto done; |
633 | + |
634 | + mutex_lock(&espfix_init_mutex); |
635 | + |
636 | + /* Did we race on the lock? */ |
637 | + stack_page = ACCESS_ONCE(espfix_pages[page]); |
638 | + if (stack_page) |
639 | + goto unlock_done; |
640 | + |
641 | + ptemask = __supported_pte_mask; |
642 | + |
643 | + pud_p = &espfix_pud_page[pud_index(addr)]; |
644 | + pud = *pud_p; |
645 | + if (!pud_present(pud)) { |
646 | + pmd_p = (pmd_t *)__get_free_page(PGALLOC_GFP); |
647 | + pud = __pud(__pa(pmd_p) | (PGTABLE_PROT & ptemask)); |
648 | + paravirt_alloc_pmd(&init_mm, __pa(pmd_p) >> PAGE_SHIFT); |
649 | + for (n = 0; n < ESPFIX_PUD_CLONES; n++) |
650 | + set_pud(&pud_p[n], pud); |
651 | + } |
652 | + |
653 | + pmd_p = pmd_offset(&pud, addr); |
654 | + pmd = *pmd_p; |
655 | + if (!pmd_present(pmd)) { |
656 | + pte_p = (pte_t *)__get_free_page(PGALLOC_GFP); |
657 | + pmd = __pmd(__pa(pte_p) | (PGTABLE_PROT & ptemask)); |
658 | + paravirt_alloc_pte(&init_mm, __pa(pte_p) >> PAGE_SHIFT); |
659 | + for (n = 0; n < ESPFIX_PMD_CLONES; n++) |
660 | + set_pmd(&pmd_p[n], pmd); |
661 | + } |
662 | + |
663 | + pte_p = pte_offset_kernel(&pmd, addr); |
664 | + stack_page = (void *)__get_free_page(GFP_KERNEL); |
665 | + pte = __pte(__pa(stack_page) | (__PAGE_KERNEL_RO & ptemask)); |
666 | + for (n = 0; n < ESPFIX_PTE_CLONES; n++) |
667 | + set_pte(&pte_p[n*PTE_STRIDE], pte); |
668 | + |
669 | + /* Job is done for this CPU and any CPU which shares this page */ |
670 | + ACCESS_ONCE(espfix_pages[page]) = stack_page; |
671 | + |
672 | +unlock_done: |
673 | + mutex_unlock(&espfix_init_mutex); |
674 | +done: |
675 | + this_cpu_write(espfix_stack, addr); |
676 | + this_cpu_write(espfix_waddr, (unsigned long)stack_page |
677 | + + (addr & ~PAGE_MASK)); |
678 | +} |
679 | diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c |
680 | index dcbbaa165bde..c37886d759cc 100644 |
681 | --- a/arch/x86/kernel/ldt.c |
682 | +++ b/arch/x86/kernel/ldt.c |
683 | @@ -20,8 +20,6 @@ |
684 | #include <asm/mmu_context.h> |
685 | #include <asm/syscalls.h> |
686 | |
687 | -int sysctl_ldt16 = 0; |
688 | - |
689 | #ifdef CONFIG_SMP |
690 | static void flush_ldt(void *current_mm) |
691 | { |
692 | @@ -231,16 +229,10 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) |
693 | } |
694 | } |
695 | |
696 | - /* |
697 | - * On x86-64 we do not support 16-bit segments due to |
698 | - * IRET leaking the high bits of the kernel stack address. |
699 | - */ |
700 | -#ifdef CONFIG_X86_64 |
701 | - if (!ldt_info.seg_32bit && !sysctl_ldt16) { |
702 | + if (!IS_ENABLED(CONFIG_X86_16BIT) && !ldt_info.seg_32bit) { |
703 | error = -EINVAL; |
704 | goto out_unlock; |
705 | } |
706 | -#endif |
707 | |
708 | fill_ldt(&ldt, &ldt_info); |
709 | if (oldmode) |
710 | diff --git a/arch/x86/kernel/paravirt_patch_64.c b/arch/x86/kernel/paravirt_patch_64.c |
711 | index 3f08f34f93eb..a1da6737ba5b 100644 |
712 | --- a/arch/x86/kernel/paravirt_patch_64.c |
713 | +++ b/arch/x86/kernel/paravirt_patch_64.c |
714 | @@ -6,7 +6,6 @@ DEF_NATIVE(pv_irq_ops, irq_disable, "cli"); |
715 | DEF_NATIVE(pv_irq_ops, irq_enable, "sti"); |
716 | DEF_NATIVE(pv_irq_ops, restore_fl, "pushq %rdi; popfq"); |
717 | DEF_NATIVE(pv_irq_ops, save_fl, "pushfq; popq %rax"); |
718 | -DEF_NATIVE(pv_cpu_ops, iret, "iretq"); |
719 | DEF_NATIVE(pv_mmu_ops, read_cr2, "movq %cr2, %rax"); |
720 | DEF_NATIVE(pv_mmu_ops, read_cr3, "movq %cr3, %rax"); |
721 | DEF_NATIVE(pv_mmu_ops, write_cr3, "movq %rdi, %cr3"); |
722 | @@ -50,7 +49,6 @@ unsigned native_patch(u8 type, u16 clobbers, void *ibuf, |
723 | PATCH_SITE(pv_irq_ops, save_fl); |
724 | PATCH_SITE(pv_irq_ops, irq_enable); |
725 | PATCH_SITE(pv_irq_ops, irq_disable); |
726 | - PATCH_SITE(pv_cpu_ops, iret); |
727 | PATCH_SITE(pv_cpu_ops, irq_enable_sysexit); |
728 | PATCH_SITE(pv_cpu_ops, usergs_sysret32); |
729 | PATCH_SITE(pv_cpu_ops, usergs_sysret64); |
730 | diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c |
731 | index a32da804252e..395be6d8bbde 100644 |
732 | --- a/arch/x86/kernel/smpboot.c |
733 | +++ b/arch/x86/kernel/smpboot.c |
734 | @@ -243,6 +243,13 @@ static void notrace start_secondary(void *unused) |
735 | check_tsc_sync_target(); |
736 | |
737 | /* |
738 | + * Enable the espfix hack for this CPU |
739 | + */ |
740 | +#ifdef CONFIG_X86_ESPFIX64 |
741 | + init_espfix_ap(); |
742 | +#endif |
743 | + |
744 | + /* |
745 | * We need to hold vector_lock so there the set of online cpus |
746 | * does not change while we are assigning vectors to cpus. Holding |
747 | * this lock ensures we don't half assign or remove an irq from a cpu. |
748 | diff --git a/arch/x86/mm/dump_pagetables.c b/arch/x86/mm/dump_pagetables.c |
749 | index 0002a3a33081..3620928631ce 100644 |
750 | --- a/arch/x86/mm/dump_pagetables.c |
751 | +++ b/arch/x86/mm/dump_pagetables.c |
752 | @@ -30,11 +30,13 @@ struct pg_state { |
753 | unsigned long start_address; |
754 | unsigned long current_address; |
755 | const struct addr_marker *marker; |
756 | + unsigned long lines; |
757 | }; |
758 | |
759 | struct addr_marker { |
760 | unsigned long start_address; |
761 | const char *name; |
762 | + unsigned long max_lines; |
763 | }; |
764 | |
765 | /* indices for address_markers; keep sync'd w/ address_markers below */ |
766 | @@ -45,6 +47,7 @@ enum address_markers_idx { |
767 | LOW_KERNEL_NR, |
768 | VMALLOC_START_NR, |
769 | VMEMMAP_START_NR, |
770 | + ESPFIX_START_NR, |
771 | HIGH_KERNEL_NR, |
772 | MODULES_VADDR_NR, |
773 | MODULES_END_NR, |
774 | @@ -67,6 +70,7 @@ static struct addr_marker address_markers[] = { |
775 | { PAGE_OFFSET, "Low Kernel Mapping" }, |
776 | { VMALLOC_START, "vmalloc() Area" }, |
777 | { VMEMMAP_START, "Vmemmap" }, |
778 | + { ESPFIX_BASE_ADDR, "ESPfix Area", 16 }, |
779 | { __START_KERNEL_map, "High Kernel Mapping" }, |
780 | { MODULES_VADDR, "Modules" }, |
781 | { MODULES_END, "End Modules" }, |
782 | @@ -163,7 +167,7 @@ static void note_page(struct seq_file *m, struct pg_state *st, |
783 | pgprot_t new_prot, int level) |
784 | { |
785 | pgprotval_t prot, cur; |
786 | - static const char units[] = "KMGTPE"; |
787 | + static const char units[] = "BKMGTPE"; |
788 | |
789 | /* |
790 | * If we have a "break" in the series, we need to flush the state that |
791 | @@ -178,6 +182,7 @@ static void note_page(struct seq_file *m, struct pg_state *st, |
792 | st->current_prot = new_prot; |
793 | st->level = level; |
794 | st->marker = address_markers; |
795 | + st->lines = 0; |
796 | seq_printf(m, "---[ %s ]---\n", st->marker->name); |
797 | } else if (prot != cur || level != st->level || |
798 | st->current_address >= st->marker[1].start_address) { |
799 | @@ -188,17 +193,21 @@ static void note_page(struct seq_file *m, struct pg_state *st, |
800 | /* |
801 | * Now print the actual finished series |
802 | */ |
803 | - seq_printf(m, "0x%0*lx-0x%0*lx ", |
804 | - width, st->start_address, |
805 | - width, st->current_address); |
806 | - |
807 | - delta = (st->current_address - st->start_address) >> 10; |
808 | - while (!(delta & 1023) && unit[1]) { |
809 | - delta >>= 10; |
810 | - unit++; |
811 | + if (!st->marker->max_lines || |
812 | + st->lines < st->marker->max_lines) { |
813 | + seq_printf(m, "0x%0*lx-0x%0*lx ", |
814 | + width, st->start_address, |
815 | + width, st->current_address); |
816 | + |
817 | + delta = (st->current_address - st->start_address) >> 10; |
818 | + while (!(delta & 1023) && unit[1]) { |
819 | + delta >>= 10; |
820 | + unit++; |
821 | + } |
822 | + seq_printf(m, "%9lu%c ", delta, *unit); |
823 | + printk_prot(m, st->current_prot, st->level); |
824 | } |
825 | - seq_printf(m, "%9lu%c ", delta, *unit); |
826 | - printk_prot(m, st->current_prot, st->level); |
827 | + st->lines++; |
828 | |
829 | /* |
830 | * We print markers for special areas of address space, |
831 | diff --git a/arch/x86/vdso/vdso32-setup.c b/arch/x86/vdso/vdso32-setup.c |
832 | index f1d633a43f8e..d6bfb876cfb0 100644 |
833 | --- a/arch/x86/vdso/vdso32-setup.c |
834 | +++ b/arch/x86/vdso/vdso32-setup.c |
835 | @@ -41,7 +41,6 @@ enum { |
836 | #ifdef CONFIG_X86_64 |
837 | #define vdso_enabled sysctl_vsyscall32 |
838 | #define arch_setup_additional_pages syscall32_setup_pages |
839 | -extern int sysctl_ldt16; |
840 | #endif |
841 | |
842 | /* |
843 | @@ -381,13 +380,6 @@ static struct ctl_table abi_table2[] = { |
844 | .mode = 0644, |
845 | .proc_handler = proc_dointvec |
846 | }, |
847 | - { |
848 | - .procname = "ldt16", |
849 | - .data = &sysctl_ldt16, |
850 | - .maxlen = sizeof(int), |
851 | - .mode = 0644, |
852 | - .proc_handler = proc_dointvec |
853 | - }, |
854 | {} |
855 | }; |
856 | |
857 | diff --git a/arch/x86/xen/setup.c b/arch/x86/xen/setup.c |
858 | index 0982233b9b84..a6a72ce8630f 100644 |
859 | --- a/arch/x86/xen/setup.c |
860 | +++ b/arch/x86/xen/setup.c |
861 | @@ -574,13 +574,7 @@ void xen_enable_syscall(void) |
862 | } |
863 | #endif /* CONFIG_X86_64 */ |
864 | } |
865 | -void xen_enable_nmi(void) |
866 | -{ |
867 | -#ifdef CONFIG_X86_64 |
868 | - if (register_callback(CALLBACKTYPE_nmi, (char *)nmi)) |
869 | - BUG(); |
870 | -#endif |
871 | -} |
872 | + |
873 | void __init xen_pvmmu_arch_setup(void) |
874 | { |
875 | HYPERVISOR_vm_assist(VMASST_CMD_enable, VMASST_TYPE_4gb_segments); |
876 | @@ -595,7 +589,6 @@ void __init xen_pvmmu_arch_setup(void) |
877 | |
878 | xen_enable_sysenter(); |
879 | xen_enable_syscall(); |
880 | - xen_enable_nmi(); |
881 | } |
882 | |
883 | /* This function is not called for HVM domains */ |
884 | diff --git a/arch/xtensa/kernel/vectors.S b/arch/xtensa/kernel/vectors.S |
885 | index f9e1ec346e35..8453e6e39895 100644 |
886 | --- a/arch/xtensa/kernel/vectors.S |
887 | +++ b/arch/xtensa/kernel/vectors.S |
888 | @@ -376,38 +376,42 @@ _DoubleExceptionVector_WindowOverflow: |
889 | beqz a2, 1f # if at start of vector, don't restore |
890 | |
891 | addi a0, a0, -128 |
892 | - bbsi a0, 8, 1f # don't restore except for overflow 8 and 12 |
893 | - bbsi a0, 7, 2f |
894 | + bbsi.l a0, 8, 1f # don't restore except for overflow 8 and 12 |
895 | + |
896 | + /* |
897 | + * This fixup handler is for the extremely unlikely case where the |
898 | + * overflow handler's reference thru a0 gets a hardware TLB refill |
899 | + * that bumps out the (distinct, aliasing) TLB entry that mapped its |
900 | + * prior references thru a9/a13, and where our reference now thru |
901 | + * a9/a13 gets a 2nd-level miss exception (not hardware TLB refill). |
902 | + */ |
903 | + movi a2, window_overflow_restore_a0_fixup |
904 | + s32i a2, a3, EXC_TABLE_FIXUP |
905 | + l32i a2, a3, EXC_TABLE_DOUBLE_SAVE |
906 | + xsr a3, excsave1 |
907 | + |
908 | + bbsi.l a0, 7, 2f |
909 | |
910 | /* |
911 | * Restore a0 as saved by _WindowOverflow8(). |
912 | - * |
913 | - * FIXME: we really need a fixup handler for this L32E, |
914 | - * for the extremely unlikely case where the overflow handler's |
915 | - * reference thru a0 gets a hardware TLB refill that bumps out |
916 | - * the (distinct, aliasing) TLB entry that mapped its prior |
917 | - * references thru a9, and where our reference now thru a9 |
918 | - * gets a 2nd-level miss exception (not hardware TLB refill). |
919 | */ |
920 | |
921 | - l32e a2, a9, -16 |
922 | - wsr a2, depc # replace the saved a0 |
923 | - j 1f |
924 | + l32e a0, a9, -16 |
925 | + wsr a0, depc # replace the saved a0 |
926 | + j 3f |
927 | |
928 | 2: |
929 | /* |
930 | * Restore a0 as saved by _WindowOverflow12(). |
931 | - * |
932 | - * FIXME: we really need a fixup handler for this L32E, |
933 | - * for the extremely unlikely case where the overflow handler's |
934 | - * reference thru a0 gets a hardware TLB refill that bumps out |
935 | - * the (distinct, aliasing) TLB entry that mapped its prior |
936 | - * references thru a13, and where our reference now thru a13 |
937 | - * gets a 2nd-level miss exception (not hardware TLB refill). |
938 | */ |
939 | |
940 | - l32e a2, a13, -16 |
941 | - wsr a2, depc # replace the saved a0 |
942 | + l32e a0, a13, -16 |
943 | + wsr a0, depc # replace the saved a0 |
944 | +3: |
945 | + xsr a3, excsave1 |
946 | + movi a0, 0 |
947 | + s32i a0, a3, EXC_TABLE_FIXUP |
948 | + s32i a2, a3, EXC_TABLE_DOUBLE_SAVE |
949 | 1: |
950 | /* |
951 | * Restore WindowBase while leaving all address registers restored. |
952 | @@ -449,6 +453,7 @@ _DoubleExceptionVector_WindowOverflow: |
953 | |
954 | s32i a0, a2, PT_DEPC |
955 | |
956 | +_DoubleExceptionVector_handle_exception: |
957 | addx4 a0, a0, a3 |
958 | l32i a0, a0, EXC_TABLE_FAST_USER |
959 | xsr a3, excsave1 |
960 | @@ -464,11 +469,120 @@ _DoubleExceptionVector_WindowOverflow: |
961 | rotw -3 |
962 | j 1b |
963 | |
964 | - .end literal_prefix |
965 | |
966 | ENDPROC(_DoubleExceptionVector) |
967 | |
968 | /* |
969 | + * Fixup handler for TLB miss in double exception handler for window owerflow. |
970 | + * We get here with windowbase set to the window that was being spilled and |
971 | + * a0 trashed. a0 bit 7 determines if this is a call8 (bit clear) or call12 |
972 | + * (bit set) window. |
973 | + * |
974 | + * We do the following here: |
975 | + * - go to the original window retaining a0 value; |
976 | + * - set up exception stack to return back to appropriate a0 restore code |
977 | + * (we'll need to rotate window back and there's no place to save this |
978 | + * information, use different return address for that); |
979 | + * - handle the exception; |
980 | + * - go to the window that was being spilled; |
981 | + * - set up window_overflow_restore_a0_fixup as a fixup routine; |
982 | + * - reload a0; |
983 | + * - restore the original window; |
984 | + * - reset the default fixup routine; |
985 | + * - return to user. By the time we get to this fixup handler all information |
986 | + * about the conditions of the original double exception that happened in |
987 | + * the window overflow handler is lost, so we just return to userspace to |
988 | + * retry overflow from start. |
989 | + * |
990 | + * a0: value of depc, original value in depc |
991 | + * a2: trashed, original value in EXC_TABLE_DOUBLE_SAVE |
992 | + * a3: exctable, original value in excsave1 |
993 | + */ |
994 | + |
995 | +ENTRY(window_overflow_restore_a0_fixup) |
996 | + |
997 | + rsr a0, ps |
998 | + extui a0, a0, PS_OWB_SHIFT, PS_OWB_WIDTH |
999 | + rsr a2, windowbase |
1000 | + sub a0, a2, a0 |
1001 | + extui a0, a0, 0, 3 |
1002 | + l32i a2, a3, EXC_TABLE_DOUBLE_SAVE |
1003 | + xsr a3, excsave1 |
1004 | + |
1005 | + _beqi a0, 1, .Lhandle_1 |
1006 | + _beqi a0, 3, .Lhandle_3 |
1007 | + |
1008 | + .macro overflow_fixup_handle_exception_pane n |
1009 | + |
1010 | + rsr a0, depc |
1011 | + rotw -\n |
1012 | + |
1013 | + xsr a3, excsave1 |
1014 | + wsr a2, depc |
1015 | + l32i a2, a3, EXC_TABLE_KSTK |
1016 | + s32i a0, a2, PT_AREG0 |
1017 | + |
1018 | + movi a0, .Lrestore_\n |
1019 | + s32i a0, a2, PT_DEPC |
1020 | + rsr a0, exccause |
1021 | + j _DoubleExceptionVector_handle_exception |
1022 | + |
1023 | + .endm |
1024 | + |
1025 | + overflow_fixup_handle_exception_pane 2 |
1026 | +.Lhandle_1: |
1027 | + overflow_fixup_handle_exception_pane 1 |
1028 | +.Lhandle_3: |
1029 | + overflow_fixup_handle_exception_pane 3 |
1030 | + |
1031 | + .macro overflow_fixup_restore_a0_pane n |
1032 | + |
1033 | + rotw \n |
1034 | + /* Need to preserve a0 value here to be able to handle exception |
1035 | + * that may occur on a0 reload from stack. It may occur because |
1036 | + * TLB miss handler may not be atomic and pointer to page table |
1037 | + * may be lost before we get here. There are no free registers, |
1038 | + * so we need to use EXC_TABLE_DOUBLE_SAVE area. |
1039 | + */ |
1040 | + xsr a3, excsave1 |
1041 | + s32i a2, a3, EXC_TABLE_DOUBLE_SAVE |
1042 | + movi a2, window_overflow_restore_a0_fixup |
1043 | + s32i a2, a3, EXC_TABLE_FIXUP |
1044 | + l32i a2, a3, EXC_TABLE_DOUBLE_SAVE |
1045 | + xsr a3, excsave1 |
1046 | + bbsi.l a0, 7, 1f |
1047 | + l32e a0, a9, -16 |
1048 | + j 2f |
1049 | +1: |
1050 | + l32e a0, a13, -16 |
1051 | +2: |
1052 | + rotw -\n |
1053 | + |
1054 | + .endm |
1055 | + |
1056 | +.Lrestore_2: |
1057 | + overflow_fixup_restore_a0_pane 2 |
1058 | + |
1059 | +.Lset_default_fixup: |
1060 | + xsr a3, excsave1 |
1061 | + s32i a2, a3, EXC_TABLE_DOUBLE_SAVE |
1062 | + movi a2, 0 |
1063 | + s32i a2, a3, EXC_TABLE_FIXUP |
1064 | + l32i a2, a3, EXC_TABLE_DOUBLE_SAVE |
1065 | + xsr a3, excsave1 |
1066 | + rfe |
1067 | + |
1068 | +.Lrestore_1: |
1069 | + overflow_fixup_restore_a0_pane 1 |
1070 | + j .Lset_default_fixup |
1071 | +.Lrestore_3: |
1072 | + overflow_fixup_restore_a0_pane 3 |
1073 | + j .Lset_default_fixup |
1074 | + |
1075 | +ENDPROC(window_overflow_restore_a0_fixup) |
1076 | + |
1077 | + .end literal_prefix |
1078 | +/* |
1079 | * Debug interrupt vector |
1080 | * |
1081 | * There is not much space here, so simply jump to another handler. |
1082 | diff --git a/arch/xtensa/kernel/vmlinux.lds.S b/arch/xtensa/kernel/vmlinux.lds.S |
1083 | index ee32c0085dff..d16db6df86f8 100644 |
1084 | --- a/arch/xtensa/kernel/vmlinux.lds.S |
1085 | +++ b/arch/xtensa/kernel/vmlinux.lds.S |
1086 | @@ -269,13 +269,13 @@ SECTIONS |
1087 | .UserExceptionVector.literal) |
1088 | SECTION_VECTOR (_DoubleExceptionVector_literal, |
1089 | .DoubleExceptionVector.literal, |
1090 | - DOUBLEEXC_VECTOR_VADDR - 16, |
1091 | + DOUBLEEXC_VECTOR_VADDR - 40, |
1092 | SIZEOF(.UserExceptionVector.text), |
1093 | .UserExceptionVector.text) |
1094 | SECTION_VECTOR (_DoubleExceptionVector_text, |
1095 | .DoubleExceptionVector.text, |
1096 | DOUBLEEXC_VECTOR_VADDR, |
1097 | - 32, |
1098 | + 40, |
1099 | .DoubleExceptionVector.literal) |
1100 | |
1101 | . = (LOADADDR( .DoubleExceptionVector.text ) + SIZEOF( .DoubleExceptionVector.text ) + 3) & ~ 3; |
1102 | diff --git a/crypto/af_alg.c b/crypto/af_alg.c |
1103 | index 966f893711b3..6a3ad8011585 100644 |
1104 | --- a/crypto/af_alg.c |
1105 | +++ b/crypto/af_alg.c |
1106 | @@ -21,6 +21,7 @@ |
1107 | #include <linux/module.h> |
1108 | #include <linux/net.h> |
1109 | #include <linux/rwsem.h> |
1110 | +#include <linux/security.h> |
1111 | |
1112 | struct alg_type_list { |
1113 | const struct af_alg_type *type; |
1114 | @@ -243,6 +244,7 @@ int af_alg_accept(struct sock *sk, struct socket *newsock) |
1115 | |
1116 | sock_init_data(newsock, sk2); |
1117 | sock_graft(sk2, newsock); |
1118 | + security_sk_clone(sk, sk2); |
1119 | |
1120 | err = type->accept(ask->private, sk2); |
1121 | if (err) { |
1122 | diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c |
1123 | index 199b52b7c3e1..153f4b92cc05 100644 |
1124 | --- a/drivers/cpufreq/cpufreq.c |
1125 | +++ b/drivers/cpufreq/cpufreq.c |
1126 | @@ -1089,10 +1089,12 @@ static int __cpufreq_add_dev(struct device *dev, struct subsys_interface *sif, |
1127 | * the creation of a brand new one. So we need to perform this update |
1128 | * by invoking update_policy_cpu(). |
1129 | */ |
1130 | - if (frozen && cpu != policy->cpu) |
1131 | + if (frozen && cpu != policy->cpu) { |
1132 | update_policy_cpu(policy, cpu); |
1133 | - else |
1134 | + WARN_ON(kobject_move(&policy->kobj, &dev->kobj)); |
1135 | + } else { |
1136 | policy->cpu = cpu; |
1137 | + } |
1138 | |
1139 | policy->governor = CPUFREQ_DEFAULT_GOVERNOR; |
1140 | cpumask_copy(policy->cpus, cpumask_of(cpu)); |
1141 | diff --git a/drivers/iio/accel/bma180.c b/drivers/iio/accel/bma180.c |
1142 | index bfec313492b3..fe83d04784c8 100644 |
1143 | --- a/drivers/iio/accel/bma180.c |
1144 | +++ b/drivers/iio/accel/bma180.c |
1145 | @@ -68,13 +68,13 @@ |
1146 | /* Defaults values */ |
1147 | #define BMA180_DEF_PMODE 0 |
1148 | #define BMA180_DEF_BW 20 |
1149 | -#define BMA180_DEF_SCALE 250 |
1150 | +#define BMA180_DEF_SCALE 2452 |
1151 | |
1152 | /* Available values for sysfs */ |
1153 | #define BMA180_FLP_FREQ_AVAILABLE \ |
1154 | "10 20 40 75 150 300" |
1155 | #define BMA180_SCALE_AVAILABLE \ |
1156 | - "0.000130 0.000190 0.000250 0.000380 0.000500 0.000990 0.001980" |
1157 | + "0.001275 0.001863 0.002452 0.003727 0.004903 0.009709 0.019417" |
1158 | |
1159 | struct bma180_data { |
1160 | struct i2c_client *client; |
1161 | @@ -94,7 +94,7 @@ enum bma180_axis { |
1162 | }; |
1163 | |
1164 | static int bw_table[] = { 10, 20, 40, 75, 150, 300 }; /* Hz */ |
1165 | -static int scale_table[] = { 130, 190, 250, 380, 500, 990, 1980 }; |
1166 | +static int scale_table[] = { 1275, 1863, 2452, 3727, 4903, 9709, 19417 }; |
1167 | |
1168 | static int bma180_get_acc_reg(struct bma180_data *data, enum bma180_axis axis) |
1169 | { |
1170 | @@ -376,6 +376,8 @@ static int bma180_write_raw(struct iio_dev *indio_dev, |
1171 | mutex_unlock(&data->mutex); |
1172 | return ret; |
1173 | case IIO_CHAN_INFO_LOW_PASS_FILTER_3DB_FREQUENCY: |
1174 | + if (val2) |
1175 | + return -EINVAL; |
1176 | mutex_lock(&data->mutex); |
1177 | ret = bma180_set_bw(data, val); |
1178 | mutex_unlock(&data->mutex); |
1179 | diff --git a/drivers/iio/industrialio-buffer.c b/drivers/iio/industrialio-buffer.c |
1180 | index fe25042f056a..0f1d9b2ccdfa 100644 |
1181 | --- a/drivers/iio/industrialio-buffer.c |
1182 | +++ b/drivers/iio/industrialio-buffer.c |
1183 | @@ -953,7 +953,7 @@ static int iio_buffer_update_demux(struct iio_dev *indio_dev, |
1184 | |
1185 | /* Now we have the two masks, work from least sig and build up sizes */ |
1186 | for_each_set_bit(out_ind, |
1187 | - indio_dev->active_scan_mask, |
1188 | + buffer->scan_mask, |
1189 | indio_dev->masklength) { |
1190 | in_ind = find_next_bit(indio_dev->active_scan_mask, |
1191 | indio_dev->masklength, |
1192 | diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c |
1193 | index 66c5d130c8c2..0e722c103562 100644 |
1194 | --- a/drivers/md/dm-bufio.c |
1195 | +++ b/drivers/md/dm-bufio.c |
1196 | @@ -1541,7 +1541,7 @@ struct dm_bufio_client *dm_bufio_client_create(struct block_device *bdev, unsign |
1197 | BUG_ON(block_size < 1 << SECTOR_SHIFT || |
1198 | (block_size & (block_size - 1))); |
1199 | |
1200 | - c = kmalloc(sizeof(*c), GFP_KERNEL); |
1201 | + c = kzalloc(sizeof(*c), GFP_KERNEL); |
1202 | if (!c) { |
1203 | r = -ENOMEM; |
1204 | goto bad_client; |
1205 | diff --git a/drivers/md/dm-cache-target.c b/drivers/md/dm-cache-target.c |
1206 | index c0ad90d91252..735e939a846d 100644 |
1207 | --- a/drivers/md/dm-cache-target.c |
1208 | +++ b/drivers/md/dm-cache-target.c |
1209 | @@ -231,7 +231,7 @@ struct cache { |
1210 | /* |
1211 | * cache_size entries, dirty if set |
1212 | */ |
1213 | - dm_cblock_t nr_dirty; |
1214 | + atomic_t nr_dirty; |
1215 | unsigned long *dirty_bitset; |
1216 | |
1217 | /* |
1218 | @@ -493,7 +493,7 @@ static bool is_dirty(struct cache *cache, dm_cblock_t b) |
1219 | static void set_dirty(struct cache *cache, dm_oblock_t oblock, dm_cblock_t cblock) |
1220 | { |
1221 | if (!test_and_set_bit(from_cblock(cblock), cache->dirty_bitset)) { |
1222 | - cache->nr_dirty = to_cblock(from_cblock(cache->nr_dirty) + 1); |
1223 | + atomic_inc(&cache->nr_dirty); |
1224 | policy_set_dirty(cache->policy, oblock); |
1225 | } |
1226 | } |
1227 | @@ -502,8 +502,7 @@ static void clear_dirty(struct cache *cache, dm_oblock_t oblock, dm_cblock_t cbl |
1228 | { |
1229 | if (test_and_clear_bit(from_cblock(cblock), cache->dirty_bitset)) { |
1230 | policy_clear_dirty(cache->policy, oblock); |
1231 | - cache->nr_dirty = to_cblock(from_cblock(cache->nr_dirty) - 1); |
1232 | - if (!from_cblock(cache->nr_dirty)) |
1233 | + if (atomic_dec_return(&cache->nr_dirty) == 0) |
1234 | dm_table_event(cache->ti->table); |
1235 | } |
1236 | } |
1237 | @@ -2286,7 +2285,7 @@ static int cache_create(struct cache_args *ca, struct cache **result) |
1238 | atomic_set(&cache->quiescing_ack, 0); |
1239 | |
1240 | r = -ENOMEM; |
1241 | - cache->nr_dirty = 0; |
1242 | + atomic_set(&cache->nr_dirty, 0); |
1243 | cache->dirty_bitset = alloc_bitset(from_cblock(cache->cache_size)); |
1244 | if (!cache->dirty_bitset) { |
1245 | *error = "could not allocate dirty bitset"; |
1246 | @@ -2828,7 +2827,7 @@ static void cache_status(struct dm_target *ti, status_type_t type, |
1247 | |
1248 | residency = policy_residency(cache->policy); |
1249 | |
1250 | - DMEMIT("%u %llu/%llu %u %llu/%llu %u %u %u %u %u %u %llu ", |
1251 | + DMEMIT("%u %llu/%llu %u %llu/%llu %u %u %u %u %u %u %lu ", |
1252 | (unsigned)(DM_CACHE_METADATA_BLOCK_SIZE >> SECTOR_SHIFT), |
1253 | (unsigned long long)(nr_blocks_metadata - nr_free_blocks_metadata), |
1254 | (unsigned long long)nr_blocks_metadata, |
1255 | @@ -2841,7 +2840,7 @@ static void cache_status(struct dm_target *ti, status_type_t type, |
1256 | (unsigned) atomic_read(&cache->stats.write_miss), |
1257 | (unsigned) atomic_read(&cache->stats.demotion), |
1258 | (unsigned) atomic_read(&cache->stats.promotion), |
1259 | - (unsigned long long) from_cblock(cache->nr_dirty)); |
1260 | + (unsigned long) atomic_read(&cache->nr_dirty)); |
1261 | |
1262 | if (writethrough_mode(&cache->features)) |
1263 | DMEMIT("1 writethrough "); |
1264 | diff --git a/drivers/net/wireless/ath/ath9k/xmit.c b/drivers/net/wireless/ath/ath9k/xmit.c |
1265 | index 0526ddff977d..0fe7674ad100 100644 |
1266 | --- a/drivers/net/wireless/ath/ath9k/xmit.c |
1267 | +++ b/drivers/net/wireless/ath/ath9k/xmit.c |
1268 | @@ -890,6 +890,15 @@ ath_tx_get_tid_subframe(struct ath_softc *sc, struct ath_txq *txq, |
1269 | |
1270 | tx_info = IEEE80211_SKB_CB(skb); |
1271 | tx_info->flags &= ~IEEE80211_TX_CTL_CLEAR_PS_FILT; |
1272 | + |
1273 | + /* |
1274 | + * No aggregation session is running, but there may be frames |
1275 | + * from a previous session or a failed attempt in the queue. |
1276 | + * Send them out as normal data frames |
1277 | + */ |
1278 | + if (!tid->active) |
1279 | + tx_info->flags &= ~IEEE80211_TX_CTL_AMPDU; |
1280 | + |
1281 | if (!(tx_info->flags & IEEE80211_TX_CTL_AMPDU)) { |
1282 | bf->bf_state.bf_type = 0; |
1283 | return bf; |
1284 | diff --git a/drivers/pnp/pnpacpi/core.c b/drivers/pnp/pnpacpi/core.c |
1285 | index c31aa07b3ba5..da1c6cb1a41e 100644 |
1286 | --- a/drivers/pnp/pnpacpi/core.c |
1287 | +++ b/drivers/pnp/pnpacpi/core.c |
1288 | @@ -339,8 +339,7 @@ static int __init acpi_pnp_match(struct device *dev, void *_pnp) |
1289 | struct pnp_dev *pnp = _pnp; |
1290 | |
1291 | /* true means it matched */ |
1292 | - return !acpi->physical_node_count |
1293 | - && compare_pnp_id(pnp->id, acpi_device_hid(acpi)); |
1294 | + return pnp->data == acpi; |
1295 | } |
1296 | |
1297 | static struct acpi_device * __init acpi_pnp_find_companion(struct device *dev) |
1298 | diff --git a/drivers/rapidio/devices/tsi721_dma.c b/drivers/rapidio/devices/tsi721_dma.c |
1299 | index 91245f5dbe81..47257b6eea84 100644 |
1300 | --- a/drivers/rapidio/devices/tsi721_dma.c |
1301 | +++ b/drivers/rapidio/devices/tsi721_dma.c |
1302 | @@ -287,6 +287,12 @@ struct tsi721_tx_desc *tsi721_desc_get(struct tsi721_bdma_chan *bdma_chan) |
1303 | "desc %p not ACKed\n", tx_desc); |
1304 | } |
1305 | |
1306 | + if (ret == NULL) { |
1307 | + dev_dbg(bdma_chan->dchan.device->dev, |
1308 | + "%s: unable to obtain tx descriptor\n", __func__); |
1309 | + goto err_out; |
1310 | + } |
1311 | + |
1312 | i = bdma_chan->wr_count_next % bdma_chan->bd_num; |
1313 | if (i == bdma_chan->bd_num - 1) { |
1314 | i = 0; |
1315 | @@ -297,7 +303,7 @@ struct tsi721_tx_desc *tsi721_desc_get(struct tsi721_bdma_chan *bdma_chan) |
1316 | tx_desc->txd.phys = bdma_chan->bd_phys + |
1317 | i * sizeof(struct tsi721_dma_desc); |
1318 | tx_desc->hw_desc = &((struct tsi721_dma_desc *)bdma_chan->bd_base)[i]; |
1319 | - |
1320 | +err_out: |
1321 | spin_unlock_bh(&bdma_chan->lock); |
1322 | |
1323 | return ret; |
1324 | diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c |
1325 | index 62ec84b42e31..64e487a8bf59 100644 |
1326 | --- a/drivers/scsi/scsi_lib.c |
1327 | +++ b/drivers/scsi/scsi_lib.c |
1328 | @@ -831,6 +831,14 @@ void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes) |
1329 | scsi_next_command(cmd); |
1330 | return; |
1331 | } |
1332 | + } else if (blk_rq_bytes(req) == 0 && result && !sense_deferred) { |
1333 | + /* |
1334 | + * Certain non BLOCK_PC requests are commands that don't |
1335 | + * actually transfer anything (FLUSH), so cannot use |
1336 | + * good_bytes != blk_rq_bytes(req) as the signal for an error. |
1337 | + * This sets the error explicitly for the problem case. |
1338 | + */ |
1339 | + error = __scsi_error_from_host_byte(cmd, result); |
1340 | } |
1341 | |
1342 | /* no bidi support for !REQ_TYPE_BLOCK_PC yet */ |
1343 | diff --git a/drivers/staging/vt6655/bssdb.c b/drivers/staging/vt6655/bssdb.c |
1344 | index d7efd0173a9a..7d7578872a84 100644 |
1345 | --- a/drivers/staging/vt6655/bssdb.c |
1346 | +++ b/drivers/staging/vt6655/bssdb.c |
1347 | @@ -983,7 +983,7 @@ start: |
1348 | pDevice->byERPFlag &= ~(WLAN_SET_ERP_USE_PROTECTION(1)); |
1349 | } |
1350 | |
1351 | - { |
1352 | + if (pDevice->eCommandState == WLAN_ASSOCIATE_WAIT) { |
1353 | pDevice->byReAssocCount++; |
1354 | /* 10 sec timeout */ |
1355 | if ((pDevice->byReAssocCount > 10) && (!pDevice->bLinkPass)) { |
1356 | diff --git a/drivers/staging/vt6655/device_main.c b/drivers/staging/vt6655/device_main.c |
1357 | index a952df1bf9d6..6f13f0e597f8 100644 |
1358 | --- a/drivers/staging/vt6655/device_main.c |
1359 | +++ b/drivers/staging/vt6655/device_main.c |
1360 | @@ -2430,6 +2430,7 @@ static irqreturn_t device_intr(int irq, void *dev_instance) { |
1361 | int handled = 0; |
1362 | unsigned char byData = 0; |
1363 | int ii = 0; |
1364 | + unsigned long flags; |
1365 | // unsigned char byRSSI; |
1366 | |
1367 | MACvReadISR(pDevice->PortOffset, &pDevice->dwIsr); |
1368 | @@ -2455,7 +2456,8 @@ static irqreturn_t device_intr(int irq, void *dev_instance) { |
1369 | |
1370 | handled = 1; |
1371 | MACvIntDisable(pDevice->PortOffset); |
1372 | - spin_lock_irq(&pDevice->lock); |
1373 | + |
1374 | + spin_lock_irqsave(&pDevice->lock, flags); |
1375 | |
1376 | //Make sure current page is 0 |
1377 | VNSvInPortB(pDevice->PortOffset + MAC_REG_PAGE1SEL, &byOrgPageSel); |
1378 | @@ -2696,7 +2698,8 @@ static irqreturn_t device_intr(int irq, void *dev_instance) { |
1379 | MACvSelectPage1(pDevice->PortOffset); |
1380 | } |
1381 | |
1382 | - spin_unlock_irq(&pDevice->lock); |
1383 | + spin_unlock_irqrestore(&pDevice->lock, flags); |
1384 | + |
1385 | MACvIntEnable(pDevice->PortOffset, IMR_MASK_VALUE); |
1386 | |
1387 | return IRQ_RETVAL(handled); |
1388 | diff --git a/include/dt-bindings/pinctrl/dra.h b/include/dt-bindings/pinctrl/dra.h |
1389 | index 002a2855c046..3d33794e4f3e 100644 |
1390 | --- a/include/dt-bindings/pinctrl/dra.h |
1391 | +++ b/include/dt-bindings/pinctrl/dra.h |
1392 | @@ -30,7 +30,8 @@ |
1393 | #define MUX_MODE14 0xe |
1394 | #define MUX_MODE15 0xf |
1395 | |
1396 | -#define PULL_ENA (1 << 16) |
1397 | +#define PULL_ENA (0 << 16) |
1398 | +#define PULL_DIS (1 << 16) |
1399 | #define PULL_UP (1 << 17) |
1400 | #define INPUT_EN (1 << 18) |
1401 | #define SLEWCONTROL (1 << 19) |
1402 | @@ -38,10 +39,10 @@ |
1403 | #define WAKEUP_EVENT (1 << 25) |
1404 | |
1405 | /* Active pin states */ |
1406 | -#define PIN_OUTPUT 0 |
1407 | +#define PIN_OUTPUT (0 | PULL_DIS) |
1408 | #define PIN_OUTPUT_PULLUP (PIN_OUTPUT | PULL_ENA | PULL_UP) |
1409 | #define PIN_OUTPUT_PULLDOWN (PIN_OUTPUT | PULL_ENA) |
1410 | -#define PIN_INPUT INPUT_EN |
1411 | +#define PIN_INPUT (INPUT_EN | PULL_DIS) |
1412 | #define PIN_INPUT_SLEW (INPUT_EN | SLEWCONTROL) |
1413 | #define PIN_INPUT_PULLUP (PULL_ENA | INPUT_EN | PULL_UP) |
1414 | #define PIN_INPUT_PULLDOWN (PULL_ENA | INPUT_EN) |
1415 | diff --git a/include/linux/printk.h b/include/linux/printk.h |
1416 | index fa47e2708c01..cbf094f993f4 100644 |
1417 | --- a/include/linux/printk.h |
1418 | +++ b/include/linux/printk.h |
1419 | @@ -132,9 +132,9 @@ asmlinkage __printf(1, 2) __cold |
1420 | int printk(const char *fmt, ...); |
1421 | |
1422 | /* |
1423 | - * Special printk facility for scheduler use only, _DO_NOT_USE_ ! |
1424 | + * Special printk facility for scheduler/timekeeping use only, _DO_NOT_USE_ ! |
1425 | */ |
1426 | -__printf(1, 2) __cold int printk_sched(const char *fmt, ...); |
1427 | +__printf(1, 2) __cold int printk_deferred(const char *fmt, ...); |
1428 | |
1429 | /* |
1430 | * Please don't use printk_ratelimit(), because it shares ratelimiting state |
1431 | @@ -169,7 +169,7 @@ int printk(const char *s, ...) |
1432 | return 0; |
1433 | } |
1434 | static inline __printf(1, 2) __cold |
1435 | -int printk_sched(const char *s, ...) |
1436 | +int printk_deferred(const char *s, ...) |
1437 | { |
1438 | return 0; |
1439 | } |
1440 | diff --git a/init/main.c b/init/main.c |
1441 | index 9c7fd4c9249f..58c132d7de4b 100644 |
1442 | --- a/init/main.c |
1443 | +++ b/init/main.c |
1444 | @@ -617,6 +617,10 @@ asmlinkage void __init start_kernel(void) |
1445 | if (efi_enabled(EFI_RUNTIME_SERVICES)) |
1446 | efi_enter_virtual_mode(); |
1447 | #endif |
1448 | +#ifdef CONFIG_X86_ESPFIX64 |
1449 | + /* Should be run before the first non-init thread is created */ |
1450 | + init_espfix_bsp(); |
1451 | +#endif |
1452 | thread_info_cache_init(); |
1453 | cred_init(); |
1454 | fork_init(totalram_pages); |
1455 | diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c |
1456 | index 4dae9cbe9259..8c086e6049b9 100644 |
1457 | --- a/kernel/printk/printk.c |
1458 | +++ b/kernel/printk/printk.c |
1459 | @@ -2468,7 +2468,7 @@ void wake_up_klogd(void) |
1460 | preempt_enable(); |
1461 | } |
1462 | |
1463 | -int printk_sched(const char *fmt, ...) |
1464 | +int printk_deferred(const char *fmt, ...) |
1465 | { |
1466 | unsigned long flags; |
1467 | va_list args; |
1468 | diff --git a/kernel/sched/core.c b/kernel/sched/core.c |
1469 | index 0aae0fcec026..515e212421c0 100644 |
1470 | --- a/kernel/sched/core.c |
1471 | +++ b/kernel/sched/core.c |
1472 | @@ -1322,7 +1322,7 @@ out: |
1473 | * leave kernel. |
1474 | */ |
1475 | if (p->mm && printk_ratelimit()) { |
1476 | - printk_sched("process %d (%s) no longer affine to cpu%d\n", |
1477 | + printk_deferred("process %d (%s) no longer affine to cpu%d\n", |
1478 | task_pid_nr(p), p->comm, cpu); |
1479 | } |
1480 | } |
1481 | diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c |
1482 | index ce852643854b..37dac98c0749 100644 |
1483 | --- a/kernel/sched/deadline.c |
1484 | +++ b/kernel/sched/deadline.c |
1485 | @@ -329,7 +329,7 @@ static void replenish_dl_entity(struct sched_dl_entity *dl_se, |
1486 | |
1487 | if (!lag_once) { |
1488 | lag_once = true; |
1489 | - printk_sched("sched: DL replenish lagged to much\n"); |
1490 | + printk_deferred("sched: DL replenish lagged to much\n"); |
1491 | } |
1492 | dl_se->deadline = rq_clock(rq) + pi_se->dl_deadline; |
1493 | dl_se->runtime = pi_se->dl_runtime; |
1494 | diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c |
1495 | index 1999021042c7..27b8e836307f 100644 |
1496 | --- a/kernel/sched/rt.c |
1497 | +++ b/kernel/sched/rt.c |
1498 | @@ -837,7 +837,7 @@ static int sched_rt_runtime_exceeded(struct rt_rq *rt_rq) |
1499 | |
1500 | if (!once) { |
1501 | once = true; |
1502 | - printk_sched("sched: RT throttling activated\n"); |
1503 | + printk_deferred("sched: RT throttling activated\n"); |
1504 | } |
1505 | } else { |
1506 | /* |
1507 | diff --git a/kernel/time/clockevents.c b/kernel/time/clockevents.c |
1508 | index 086ad6043bcb..60ba1af801c3 100644 |
1509 | --- a/kernel/time/clockevents.c |
1510 | +++ b/kernel/time/clockevents.c |
1511 | @@ -146,7 +146,8 @@ static int clockevents_increase_min_delta(struct clock_event_device *dev) |
1512 | { |
1513 | /* Nothing to do if we already reached the limit */ |
1514 | if (dev->min_delta_ns >= MIN_DELTA_LIMIT) { |
1515 | - printk(KERN_WARNING "CE: Reprogramming failure. Giving up\n"); |
1516 | + printk_deferred(KERN_WARNING |
1517 | + "CE: Reprogramming failure. Giving up\n"); |
1518 | dev->next_event.tv64 = KTIME_MAX; |
1519 | return -ETIME; |
1520 | } |
1521 | @@ -159,9 +160,10 @@ static int clockevents_increase_min_delta(struct clock_event_device *dev) |
1522 | if (dev->min_delta_ns > MIN_DELTA_LIMIT) |
1523 | dev->min_delta_ns = MIN_DELTA_LIMIT; |
1524 | |
1525 | - printk(KERN_WARNING "CE: %s increased min_delta_ns to %llu nsec\n", |
1526 | - dev->name ? dev->name : "?", |
1527 | - (unsigned long long) dev->min_delta_ns); |
1528 | + printk_deferred(KERN_WARNING |
1529 | + "CE: %s increased min_delta_ns to %llu nsec\n", |
1530 | + dev->name ? dev->name : "?", |
1531 | + (unsigned long long) dev->min_delta_ns); |
1532 | return 0; |
1533 | } |
1534 | |
1535 | diff --git a/kernel/time/sched_clock.c b/kernel/time/sched_clock.c |
1536 | index 4d23dc4d8139..313a662911b1 100644 |
1537 | --- a/kernel/time/sched_clock.c |
1538 | +++ b/kernel/time/sched_clock.c |
1539 | @@ -204,7 +204,8 @@ void __init sched_clock_postinit(void) |
1540 | |
1541 | static int sched_clock_suspend(void) |
1542 | { |
1543 | - sched_clock_poll(&sched_clock_timer); |
1544 | + update_sched_clock(); |
1545 | + hrtimer_cancel(&sched_clock_timer); |
1546 | cd.suspended = true; |
1547 | return 0; |
1548 | } |
1549 | @@ -212,6 +213,7 @@ static int sched_clock_suspend(void) |
1550 | static void sched_clock_resume(void) |
1551 | { |
1552 | cd.epoch_cyc = read_sched_clock(); |
1553 | + hrtimer_start(&sched_clock_timer, cd.wrap_kt, HRTIMER_MODE_REL); |
1554 | cd.suspended = false; |
1555 | } |
1556 | |
1557 | diff --git a/lib/btree.c b/lib/btree.c |
1558 | index f9a484676cb6..4264871ea1a0 100644 |
1559 | --- a/lib/btree.c |
1560 | +++ b/lib/btree.c |
1561 | @@ -198,6 +198,7 @@ EXPORT_SYMBOL_GPL(btree_init); |
1562 | |
1563 | void btree_destroy(struct btree_head *head) |
1564 | { |
1565 | + mempool_free(head->node, head->mempool); |
1566 | mempool_destroy(head->mempool); |
1567 | head->mempool = NULL; |
1568 | } |
1569 | diff --git a/mm/memcontrol.c b/mm/memcontrol.c |
1570 | index 5b6b0039f725..9b35da28b587 100644 |
1571 | --- a/mm/memcontrol.c |
1572 | +++ b/mm/memcontrol.c |
1573 | @@ -5670,8 +5670,12 @@ static int mem_cgroup_oom_notify_cb(struct mem_cgroup *memcg) |
1574 | { |
1575 | struct mem_cgroup_eventfd_list *ev; |
1576 | |
1577 | + spin_lock(&memcg_oom_lock); |
1578 | + |
1579 | list_for_each_entry(ev, &memcg->oom_notify, list) |
1580 | eventfd_signal(ev->eventfd, 1); |
1581 | + |
1582 | + spin_unlock(&memcg_oom_lock); |
1583 | return 0; |
1584 | } |
1585 | |
1586 | diff --git a/mm/page-writeback.c b/mm/page-writeback.c |
1587 | index d013dba21429..9f45f87a5859 100644 |
1588 | --- a/mm/page-writeback.c |
1589 | +++ b/mm/page-writeback.c |
1590 | @@ -1324,9 +1324,9 @@ static inline void bdi_dirty_limits(struct backing_dev_info *bdi, |
1591 | *bdi_thresh = bdi_dirty_limit(bdi, dirty_thresh); |
1592 | |
1593 | if (bdi_bg_thresh) |
1594 | - *bdi_bg_thresh = div_u64((u64)*bdi_thresh * |
1595 | - background_thresh, |
1596 | - dirty_thresh); |
1597 | + *bdi_bg_thresh = dirty_thresh ? div_u64((u64)*bdi_thresh * |
1598 | + background_thresh, |
1599 | + dirty_thresh) : 0; |
1600 | |
1601 | /* |
1602 | * In order to avoid the stacked BDI deadlock we need |
1603 | diff --git a/mm/page_alloc.c b/mm/page_alloc.c |
1604 | index 7e7f94755ab5..62e400d00e3f 100644 |
1605 | --- a/mm/page_alloc.c |
1606 | +++ b/mm/page_alloc.c |
1607 | @@ -2434,7 +2434,7 @@ static inline int |
1608 | gfp_to_alloc_flags(gfp_t gfp_mask) |
1609 | { |
1610 | int alloc_flags = ALLOC_WMARK_MIN | ALLOC_CPUSET; |
1611 | - const gfp_t wait = gfp_mask & __GFP_WAIT; |
1612 | + const bool atomic = !(gfp_mask & (__GFP_WAIT | __GFP_NO_KSWAPD)); |
1613 | |
1614 | /* __GFP_HIGH is assumed to be the same as ALLOC_HIGH to save a branch. */ |
1615 | BUILD_BUG_ON(__GFP_HIGH != (__force gfp_t) ALLOC_HIGH); |
1616 | @@ -2443,20 +2443,20 @@ gfp_to_alloc_flags(gfp_t gfp_mask) |
1617 | * The caller may dip into page reserves a bit more if the caller |
1618 | * cannot run direct reclaim, or if the caller has realtime scheduling |
1619 | * policy or is asking for __GFP_HIGH memory. GFP_ATOMIC requests will |
1620 | - * set both ALLOC_HARDER (!wait) and ALLOC_HIGH (__GFP_HIGH). |
1621 | + * set both ALLOC_HARDER (atomic == true) and ALLOC_HIGH (__GFP_HIGH). |
1622 | */ |
1623 | alloc_flags |= (__force int) (gfp_mask & __GFP_HIGH); |
1624 | |
1625 | - if (!wait) { |
1626 | + if (atomic) { |
1627 | /* |
1628 | - * Not worth trying to allocate harder for |
1629 | - * __GFP_NOMEMALLOC even if it can't schedule. |
1630 | + * Not worth trying to allocate harder for __GFP_NOMEMALLOC even |
1631 | + * if it can't schedule. |
1632 | */ |
1633 | - if (!(gfp_mask & __GFP_NOMEMALLOC)) |
1634 | + if (!(gfp_mask & __GFP_NOMEMALLOC)) |
1635 | alloc_flags |= ALLOC_HARDER; |
1636 | /* |
1637 | - * Ignore cpuset if GFP_ATOMIC (!wait) rather than fail alloc. |
1638 | - * See also cpuset_zone_allowed() comment in kernel/cpuset.c. |
1639 | + * Ignore cpuset mems for GFP_ATOMIC rather than fail, see the |
1640 | + * comment for __cpuset_node_allowed_softwall(). |
1641 | */ |
1642 | alloc_flags &= ~ALLOC_CPUSET; |
1643 | } else if (unlikely(rt_task(current)) && !in_interrupt()) |
1644 | diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c |
1645 | index ec6606325cda..1e05bbde47ba 100644 |
1646 | --- a/net/l2tp/l2tp_ppp.c |
1647 | +++ b/net/l2tp/l2tp_ppp.c |
1648 | @@ -1368,7 +1368,7 @@ static int pppol2tp_setsockopt(struct socket *sock, int level, int optname, |
1649 | int err; |
1650 | |
1651 | if (level != SOL_PPPOL2TP) |
1652 | - return udp_prot.setsockopt(sk, level, optname, optval, optlen); |
1653 | + return -EINVAL; |
1654 | |
1655 | if (optlen < sizeof(int)) |
1656 | return -EINVAL; |
1657 | @@ -1494,7 +1494,7 @@ static int pppol2tp_getsockopt(struct socket *sock, int level, int optname, |
1658 | struct pppol2tp_session *ps; |
1659 | |
1660 | if (level != SOL_PPPOL2TP) |
1661 | - return udp_prot.getsockopt(sk, level, optname, optval, optlen); |
1662 | + return -EINVAL; |
1663 | |
1664 | if (get_user(len, optlen)) |
1665 | return -EFAULT; |
1666 | diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c |
1667 | index c14c16a6d62d..e5a7ac2f3687 100644 |
1668 | --- a/net/mac80211/tx.c |
1669 | +++ b/net/mac80211/tx.c |
1670 | @@ -414,6 +414,9 @@ ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx) |
1671 | if (ieee80211_has_order(hdr->frame_control)) |
1672 | return TX_CONTINUE; |
1673 | |
1674 | + if (ieee80211_is_probe_req(hdr->frame_control)) |
1675 | + return TX_CONTINUE; |
1676 | + |
1677 | if (tx->local->hw.flags & IEEE80211_HW_QUEUE_CONTROL) |
1678 | info->hw_queue = tx->sdata->vif.cab_queue; |
1679 | |
1680 | @@ -464,6 +467,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx) |
1681 | { |
1682 | struct sta_info *sta = tx->sta; |
1683 | struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); |
1684 | + struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; |
1685 | struct ieee80211_local *local = tx->local; |
1686 | |
1687 | if (unlikely(!sta)) |
1688 | @@ -474,6 +478,15 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx) |
1689 | !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) { |
1690 | int ac = skb_get_queue_mapping(tx->skb); |
1691 | |
1692 | + /* only deauth, disassoc and action are bufferable MMPDUs */ |
1693 | + if (ieee80211_is_mgmt(hdr->frame_control) && |
1694 | + !ieee80211_is_deauth(hdr->frame_control) && |
1695 | + !ieee80211_is_disassoc(hdr->frame_control) && |
1696 | + !ieee80211_is_action(hdr->frame_control)) { |
1697 | + info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER; |
1698 | + return TX_CONTINUE; |
1699 | + } |
1700 | + |
1701 | ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n", |
1702 | sta->sta.addr, sta->sta.aid, ac); |
1703 | if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER) |
1704 | @@ -532,22 +545,8 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx) |
1705 | static ieee80211_tx_result debug_noinline |
1706 | ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx) |
1707 | { |
1708 | - struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); |
1709 | - struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; |
1710 | - |
1711 | if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED)) |
1712 | return TX_CONTINUE; |
1713 | - |
1714 | - /* only deauth, disassoc and action are bufferable MMPDUs */ |
1715 | - if (ieee80211_is_mgmt(hdr->frame_control) && |
1716 | - !ieee80211_is_deauth(hdr->frame_control) && |
1717 | - !ieee80211_is_disassoc(hdr->frame_control) && |
1718 | - !ieee80211_is_action(hdr->frame_control)) { |
1719 | - if (tx->flags & IEEE80211_TX_UNICAST) |
1720 | - info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER; |
1721 | - return TX_CONTINUE; |
1722 | - } |
1723 | - |
1724 | if (tx->flags & IEEE80211_TX_UNICAST) |
1725 | return ieee80211_tx_h_unicast_ps_buf(tx); |
1726 | else |
1727 | diff --git a/net/wireless/trace.h b/net/wireless/trace.h |
1728 | index fbcc23edee54..b89eb3990f0a 100644 |
1729 | --- a/net/wireless/trace.h |
1730 | +++ b/net/wireless/trace.h |
1731 | @@ -2068,7 +2068,8 @@ TRACE_EVENT(cfg80211_michael_mic_failure, |
1732 | MAC_ASSIGN(addr, addr); |
1733 | __entry->key_type = key_type; |
1734 | __entry->key_id = key_id; |
1735 | - memcpy(__entry->tsc, tsc, 6); |
1736 | + if (tsc) |
1737 | + memcpy(__entry->tsc, tsc, 6); |
1738 | ), |
1739 | TP_printk(NETDEV_PR_FMT ", " MAC_PR_FMT ", key type: %d, key id: %d, tsc: %pm", |
1740 | NETDEV_PR_ARG, MAC_PR_ARG(addr), __entry->key_type, |