* Linux 4.9.93
@ 2018-04-09 9:05 Jean-Baptiste Theou
2018-04-09 9:30 ` Greg KH
2018-04-09 9:55 ` Mark Rutland
0 siblings, 2 replies; 15+ messages in thread
From: Jean-Baptiste Theou @ 2018-04-09 9:05 UTC (permalink / raw)
To: gregkh; +Cc: linux-kernel, will.deacon, dan.rue
Hi,
After this patchset, a kernel built with CFI fails. Disabling UNMAP_KERNEL_AT_EL0 fix the issue obviously.
Wondering if there is one of the test suite used on the review patchset that covers the CFI usecase.
Best regards,
[ 0.249191] CPU features: detected feature: GIC system register CPU interface
[ 0.256391] CPU features: detected feature: Privileged Access Never
[ 0.262719] CPU features: detected feature: User Access Override
[ 0.268791] CPU features: detected feature: 32-bit EL0 Support
[ 0.274683] CPU features: detected feature: Kernel page table isolation (KPTI)
[ 0.282166] CFI failure:
[ 0.282169] CFI failure:
[ 0.282172] CFI failure:
[ 0.282173] CFI failure:
[ 0.282175] CFI failure:
[ 0.282176] CFI failure:
[ 0.282177] CFI failure:
[ 0.282178] CFI failure:
[ 0.282188] ------------[ cut here ]------------
[ 0.282189] ------------[ cut here ]------------
[ 0.282190] ------------[ cut here ]------------
[ 0.282191] ------------[ cut here ]------------
[ 0.282193] ------------[ cut here ]------------
[ 0.282196] kernel BUG at kernel/cfi.c:32!
[ 0.282198] ------------[ cut here ]------------
[ 0.282201] kernel BUG at kernel/cfi.c:32!
[ 0.282202] ------------[ cut here ]------------
[ 0.282204] kernel BUG at kernel/cfi.c:32!
[ 0.282207] kernel BUG at kernel/cfi.c:32!
[ 0.282209] kernel BUG at kernel/cfi.c:32!
[ 0.282211] kernel BUG at kernel/cfi.c:32!
[ 0.282214] kernel BUG at kernel/cfi.c:32!
[ 0.282215] ------------[ cut here ]------------
[ 0.282216] kernel BUG at kernel/cfi.c:32!
[ 0.282218] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[ 0.282224] Modules linked in:
[ 0.282230] CPU: 2 PID: 25 Comm: migration/2 Not tainted 4.9.93-perf+ #39
[ 0.282232] Hardware name: <REMOVED>
[ 0.282235] task: fffffffbb3b36580 task.stack: fffffffbb30cc000
[ 0.282250] PC is at __cfi_check_fail+0x14/0x1c
[ 0.282253] LR is at __cfi_check_fail+0x14/0x1c
[ 0.282255] pc : [<ffffff93b3f03d90>] lr : [<ffffff93b3f03d90>] pstate: 60c00085
[ 0.282256] sp : fffffffbb30cfc30
[ 0.282259] x29: fffffffbb30cfc30 x28: ffffff93b6415000
[ 0.282261] x27: 00000013b65c1000 x26: ffffff93b5ce6000
[ 0.282264] x25: ffffff93b5ce6000 x24: ffffff93b6419000
[ 0.282266] x23: ffffff93b65c1000 x22: ffffff93b65c4000
[ 0.282268] x21: 9d12f8172cb2f296 x20: 000000008180e3e0
[ 0.282271] x19: 0000000000000000 x18: 000000000000002c
[ 0.282274] x17: 00000000000fd054 x16: 0000000000000000
[ 0.282276] x15: ffffff93b65ec000 x14: 000000000000000c
[ 0.282279] x13: 0000000000000004 x12: 0000000000000000
[ 0.282281] x11: 0000000000000000 x10: 0000000001440144
[ 0.282283] x9 : 260822e8751d5000 x8 : 260822e8751d5000
[ 0.282286] x7 : 0000000000000000 x6 : fffffffbbac75b60
[ 0.282288] x5 : 0000000000000000 x4 : 0000000000000000
[ 0.282290] x3 : 000000003a657275 x2 : 0000000000000000
[ 0.282292] x1 : 0000000000000000 x0 : 000000000000000c
[ 0.282294]
[ 0.282294] PC: 0xffffff93b3f03d50:
[ 0.282308] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
[ 0.282315] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
[ 0.282322] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
[ 0.282329] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
[ 0.282330]
[ 0.282330] LR: 0xffffff93b3f03d50:
[ 0.282336] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
[ 0.282343] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
[ 0.282350] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
[ 0.282357] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
[ 0.282358]
[ 0.282358] SP: 0xfffffffbb30cfbf0:
[ 0.282365] fbf0 b3f03d90 ffffff93 b30cfc30 fffffffb b3f03d90 ffffff93 60c00085 00000000
[ 0.282372] fc10 b6415000 ffffff93 b642fa00 ffffff93 ffffffff ffffffff b3f03d90 ffffff93
[ 0.282378] fc30 b30cfc70 fffffffb b3d458c0 ffffff93 00000080 00000000 00000001 00000000
[ 0.282385] fc50 b65c4000 ffffff93 b64420f0 ffffff93 8180e3e0 00000000 00000002 00000000
[ 0.282387] Process migration/2 (pid: 25, stack limit = 0xfffffffbb30cc000)
[ 0.282389] Call trace:
[ 0.282391] Exception stack(0xfffffffbb30cfb00 to 0xfffffffbb30cfc30)
[ 0.282395] fb00: 000000000000000c 0000000000000000 0000000000000000 000000003a657275
[ 0.282397] fb20: 0000000000000000 0000000000000000 fffffffbbac75b60 0000000000000000
[ 0.282400] fb40: 260822e8751d5000 260822e8751d5000 0000000001440144 0000000000000000
[ 0.282403] fb60: 0000000000000000 0000000000000004 000000000000000c ffffff93b65ec000
[ 0.282405] fb80: 0000000000000000 00000000000fd054 000000000000002c 0000000000000000
[ 0.282408] fba0: 000000008180e3e0 9d12f8172cb2f296 ffffff93b65c4000 ffffff93b65c1000
[ 0.282411] fbc0: ffffff93b6419000 ffffff93b5ce6000 ffffff93b5ce6000 00000013b65c1000
[ 0.282413] fbe0: ffffff93b6415000 fffffffbb30cfc30 ffffff93b3f03d90 fffffffbb30cfc30
[ 0.282416] fc00: ffffff93b3f03d90 0000000060c00085 ffffff93b6415000 ffffff93b642fa00
[ 0.282418] fc20: ffffffffffffffff ffffff93b3f03d90
[ 0.282421] [<ffffff93b3f03d90>] __cfi_check_fail+0x14/0x1c
[ 0.282430] [<ffffff93b3d458c0>] name_to_dev_t+0x0/0x47c
[ 0.282436] [<ffffff93b3d51b80>] kpti_install_ng_mappings+0x178/0x2e0
[ 0.282443] [<ffffff93b3eae950>] multi_cpu_stop+0x114/0x170
[ 0.282445] [<ffffff93b3eaf08c>] cpu_stopper_thread+0x128/0x2e8
[ 0.282452] [<ffffff93b3db5504>] smpboot_thread_fn+0x230/0x558
[ 0.282455] [<ffffff93b3dae848>] kthread+0x21c/0x238
[ 0.282459] [<ffffff93b3c838f0>] ret_from_fork+0x10/0x20
[ 0.282464] Code: 910003fd d000d100 913ee400 94533cc7 (d4210000)
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 9:05 Linux 4.9.93 Jean-Baptiste Theou
@ 2018-04-09 9:30 ` Greg KH
2018-04-09 9:44 ` Marc Zyngier
2018-04-09 9:49 ` Ard Biesheuvel
2018-04-09 9:55 ` Mark Rutland
1 sibling, 2 replies; 15+ messages in thread
From: Greg KH @ 2018-04-09 9:30 UTC (permalink / raw)
To: Jean-Baptiste Theou, Mark Rutland
Cc: linux-kernel, will.deacon, dan.rue, mark.brown, ard.biesheuvel,
marc.zyngier, Greg Hackmann
On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
> Hi,
>
> After this patchset, a kernel built with CFI fails. Disabling
> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
android-common-4.9?
> Wondering if there is one of the test suite used on the review patchset that covers the CFI usecase.
>
> Best regards,
>
> [ 0.249191] CPU features: detected feature: GIC system register CPU interface
> [ 0.256391] CPU features: detected feature: Privileged Access Never
> [ 0.262719] CPU features: detected feature: User Access Override
> [ 0.268791] CPU features: detected feature: 32-bit EL0 Support
> [ 0.274683] CPU features: detected feature: Kernel page table isolation (KPTI)
> [ 0.282166] CFI failure:
> [ 0.282169] CFI failure:
> [ 0.282172] CFI failure:
> [ 0.282173] CFI failure:
> [ 0.282175] CFI failure:
> [ 0.282176] CFI failure:
> [ 0.282177] CFI failure:
> [ 0.282178] CFI failure:
> [ 0.282188] ------------[ cut here ]------------
> [ 0.282189] ------------[ cut here ]------------
> [ 0.282190] ------------[ cut here ]------------
> [ 0.282191] ------------[ cut here ]------------
> [ 0.282193] ------------[ cut here ]------------
> [ 0.282196] kernel BUG at kernel/cfi.c:32!
> [ 0.282198] ------------[ cut here ]------------
> [ 0.282201] kernel BUG at kernel/cfi.c:32!
> [ 0.282202] ------------[ cut here ]------------
> [ 0.282204] kernel BUG at kernel/cfi.c:32!
> [ 0.282207] kernel BUG at kernel/cfi.c:32!
> [ 0.282209] kernel BUG at kernel/cfi.c:32!
> [ 0.282211] kernel BUG at kernel/cfi.c:32!
> [ 0.282214] kernel BUG at kernel/cfi.c:32!
> [ 0.282215] ------------[ cut here ]------------
> [ 0.282216] kernel BUG at kernel/cfi.c:32!
> [ 0.282218] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
> [ 0.282224] Modules linked in:
> [ 0.282230] CPU: 2 PID: 25 Comm: migration/2 Not tainted 4.9.93-perf+ #39
> [ 0.282232] Hardware name: <REMOVED>
> [ 0.282235] task: fffffffbb3b36580 task.stack: fffffffbb30cc000
> [ 0.282250] PC is at __cfi_check_fail+0x14/0x1c
> [ 0.282253] LR is at __cfi_check_fail+0x14/0x1c
> [ 0.282255] pc : [<ffffff93b3f03d90>] lr : [<ffffff93b3f03d90>] pstate: 60c00085
> [ 0.282256] sp : fffffffbb30cfc30
> [ 0.282259] x29: fffffffbb30cfc30 x28: ffffff93b6415000
> [ 0.282261] x27: 00000013b65c1000 x26: ffffff93b5ce6000
> [ 0.282264] x25: ffffff93b5ce6000 x24: ffffff93b6419000
> [ 0.282266] x23: ffffff93b65c1000 x22: ffffff93b65c4000
> [ 0.282268] x21: 9d12f8172cb2f296 x20: 000000008180e3e0
> [ 0.282271] x19: 0000000000000000 x18: 000000000000002c
> [ 0.282274] x17: 00000000000fd054 x16: 0000000000000000
> [ 0.282276] x15: ffffff93b65ec000 x14: 000000000000000c
> [ 0.282279] x13: 0000000000000004 x12: 0000000000000000
> [ 0.282281] x11: 0000000000000000 x10: 0000000001440144
> [ 0.282283] x9 : 260822e8751d5000 x8 : 260822e8751d5000
> [ 0.282286] x7 : 0000000000000000 x6 : fffffffbbac75b60
> [ 0.282288] x5 : 0000000000000000 x4 : 0000000000000000
> [ 0.282290] x3 : 000000003a657275 x2 : 0000000000000000
> [ 0.282292] x1 : 0000000000000000 x0 : 000000000000000c
> [ 0.282294]
> [ 0.282294] PC: 0xffffff93b3f03d50:
> [ 0.282308] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
> [ 0.282315] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
> [ 0.282322] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
> [ 0.282329] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
> [ 0.282330]
> [ 0.282330] LR: 0xffffff93b3f03d50:
> [ 0.282336] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
> [ 0.282343] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
> [ 0.282350] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
> [ 0.282357] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
> [ 0.282358]
> [ 0.282358] SP: 0xfffffffbb30cfbf0:
> [ 0.282365] fbf0 b3f03d90 ffffff93 b30cfc30 fffffffb b3f03d90 ffffff93 60c00085 00000000
> [ 0.282372] fc10 b6415000 ffffff93 b642fa00 ffffff93 ffffffff ffffffff b3f03d90 ffffff93
> [ 0.282378] fc30 b30cfc70 fffffffb b3d458c0 ffffff93 00000080 00000000 00000001 00000000
> [ 0.282385] fc50 b65c4000 ffffff93 b64420f0 ffffff93 8180e3e0 00000000 00000002 00000000
> [ 0.282387] Process migration/2 (pid: 25, stack limit = 0xfffffffbb30cc000)
> [ 0.282389] Call trace:
> [ 0.282391] Exception stack(0xfffffffbb30cfb00 to 0xfffffffbb30cfc30)
> [ 0.282395] fb00: 000000000000000c 0000000000000000 0000000000000000 000000003a657275
> [ 0.282397] fb20: 0000000000000000 0000000000000000 fffffffbbac75b60 0000000000000000
> [ 0.282400] fb40: 260822e8751d5000 260822e8751d5000 0000000001440144 0000000000000000
> [ 0.282403] fb60: 0000000000000000 0000000000000004 000000000000000c ffffff93b65ec000
> [ 0.282405] fb80: 0000000000000000 00000000000fd054 000000000000002c 0000000000000000
> [ 0.282408] fba0: 000000008180e3e0 9d12f8172cb2f296 ffffff93b65c4000 ffffff93b65c1000
> [ 0.282411] fbc0: ffffff93b6419000 ffffff93b5ce6000 ffffff93b5ce6000 00000013b65c1000
> [ 0.282413] fbe0: ffffff93b6415000 fffffffbb30cfc30 ffffff93b3f03d90 fffffffbb30cfc30
> [ 0.282416] fc00: ffffff93b3f03d90 0000000060c00085 ffffff93b6415000 ffffff93b642fa00
> [ 0.282418] fc20: ffffffffffffffff ffffff93b3f03d90
> [ 0.282421] [<ffffff93b3f03d90>] __cfi_check_fail+0x14/0x1c
> [ 0.282430] [<ffffff93b3d458c0>] name_to_dev_t+0x0/0x47c
> [ 0.282436] [<ffffff93b3d51b80>] kpti_install_ng_mappings+0x178/0x2e0
> [ 0.282443] [<ffffff93b3eae950>] multi_cpu_stop+0x114/0x170
> [ 0.282445] [<ffffff93b3eaf08c>] cpu_stopper_thread+0x128/0x2e8
> [ 0.282452] [<ffffff93b3db5504>] smpboot_thread_fn+0x230/0x558
> [ 0.282455] [<ffffff93b3dae848>] kthread+0x21c/0x238
> [ 0.282459] [<ffffff93b3c838f0>] ret_from_fork+0x10/0x20
> [ 0.282464] Code: 910003fd d000d100 913ee400 94533cc7 (d4210000)
Oh fun :(
Dragging in a bunch more people to the cc: and to: lines to have them
look at this...
thanks,
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 9:30 ` Greg KH
@ 2018-04-09 9:44 ` Marc Zyngier
2018-04-09 9:49 ` Ard Biesheuvel
1 sibling, 0 replies; 15+ messages in thread
From: Marc Zyngier @ 2018-04-09 9:44 UTC (permalink / raw)
To: Greg KH, Jean-Baptiste Theou, Mark Rutland
Cc: linux-kernel, will.deacon, dan.rue, mark.brown, ard.biesheuvel,
Greg Hackmann
On 09/04/18 10:30, Greg KH wrote:
> On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
>> Hi,
>>
>> After this patchset, a kernel built with CFI fails. Disabling
>> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
>
> Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
> android-common-4.9?
>
>> Wondering if there is one of the test suite used on the review patchset that covers the CFI usecase.
>>
>> Best regards,
>>
>> [ 0.249191] CPU features: detected feature: GIC system register CPU interface
>> [ 0.256391] CPU features: detected feature: Privileged Access Never
>> [ 0.262719] CPU features: detected feature: User Access Override
>> [ 0.268791] CPU features: detected feature: 32-bit EL0 Support
>> [ 0.274683] CPU features: detected feature: Kernel page table isolation (KPTI)
>> [ 0.282166] CFI failure:
>> [ 0.282169] CFI failure:
>> [ 0.282172] CFI failure:
>> [ 0.282173] CFI failure:
>> [ 0.282175] CFI failure:
>> [ 0.282176] CFI failure:
>> [ 0.282177] CFI failure:
>> [ 0.282178] CFI failure:
>> [ 0.282188] ------------[ cut here ]------------
>> [ 0.282189] ------------[ cut here ]------------
>> [ 0.282190] ------------[ cut here ]------------
>> [ 0.282191] ------------[ cut here ]------------
>> [ 0.282193] ------------[ cut here ]------------
>> [ 0.282196] kernel BUG at kernel/cfi.c:32!
>> [ 0.282198] ------------[ cut here ]------------
>> [ 0.282201] kernel BUG at kernel/cfi.c:32!
>> [ 0.282202] ------------[ cut here ]------------
>> [ 0.282204] kernel BUG at kernel/cfi.c:32!
>> [ 0.282207] kernel BUG at kernel/cfi.c:32!
>> [ 0.282209] kernel BUG at kernel/cfi.c:32!
>> [ 0.282211] kernel BUG at kernel/cfi.c:32!
>> [ 0.282214] kernel BUG at kernel/cfi.c:32!
>> [ 0.282215] ------------[ cut here ]------------
>> [ 0.282216] kernel BUG at kernel/cfi.c:32!
>> [ 0.282218] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
>> [ 0.282224] Modules linked in:
>> [ 0.282230] CPU: 2 PID: 25 Comm: migration/2 Not tainted 4.9.93-perf+ #39
>> [ 0.282232] Hardware name: <REMOVED>
>> [ 0.282235] task: fffffffbb3b36580 task.stack: fffffffbb30cc000
>> [ 0.282250] PC is at __cfi_check_fail+0x14/0x1c
>> [ 0.282253] LR is at __cfi_check_fail+0x14/0x1c
>> [ 0.282255] pc : [<ffffff93b3f03d90>] lr : [<ffffff93b3f03d90>] pstate: 60c00085
>> [ 0.282256] sp : fffffffbb30cfc30
>> [ 0.282259] x29: fffffffbb30cfc30 x28: ffffff93b6415000
>> [ 0.282261] x27: 00000013b65c1000 x26: ffffff93b5ce6000
>> [ 0.282264] x25: ffffff93b5ce6000 x24: ffffff93b6419000
>> [ 0.282266] x23: ffffff93b65c1000 x22: ffffff93b65c4000
>> [ 0.282268] x21: 9d12f8172cb2f296 x20: 000000008180e3e0
>> [ 0.282271] x19: 0000000000000000 x18: 000000000000002c
>> [ 0.282274] x17: 00000000000fd054 x16: 0000000000000000
>> [ 0.282276] x15: ffffff93b65ec000 x14: 000000000000000c
>> [ 0.282279] x13: 0000000000000004 x12: 0000000000000000
>> [ 0.282281] x11: 0000000000000000 x10: 0000000001440144
>> [ 0.282283] x9 : 260822e8751d5000 x8 : 260822e8751d5000
>> [ 0.282286] x7 : 0000000000000000 x6 : fffffffbbac75b60
>> [ 0.282288] x5 : 0000000000000000 x4 : 0000000000000000
>> [ 0.282290] x3 : 000000003a657275 x2 : 0000000000000000
>> [ 0.282292] x1 : 0000000000000000 x0 : 000000000000000c
>> [ 0.282294]
>> [ 0.282294] PC: 0xffffff93b3f03d50:
>> [ 0.282308] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
>> [ 0.282315] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
>> [ 0.282322] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
>> [ 0.282329] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
>> [ 0.282330]
>> [ 0.282330] LR: 0xffffff93b3f03d50:
>> [ 0.282336] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
>> [ 0.282343] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
>> [ 0.282350] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
>> [ 0.282357] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
>> [ 0.282358]
>> [ 0.282358] SP: 0xfffffffbb30cfbf0:
>> [ 0.282365] fbf0 b3f03d90 ffffff93 b30cfc30 fffffffb b3f03d90 ffffff93 60c00085 00000000
>> [ 0.282372] fc10 b6415000 ffffff93 b642fa00 ffffff93 ffffffff ffffffff b3f03d90 ffffff93
>> [ 0.282378] fc30 b30cfc70 fffffffb b3d458c0 ffffff93 00000080 00000000 00000001 00000000
>> [ 0.282385] fc50 b65c4000 ffffff93 b64420f0 ffffff93 8180e3e0 00000000 00000002 00000000
>> [ 0.282387] Process migration/2 (pid: 25, stack limit = 0xfffffffbb30cc000)
>> [ 0.282389] Call trace:
>> [ 0.282391] Exception stack(0xfffffffbb30cfb00 to 0xfffffffbb30cfc30)
>> [ 0.282395] fb00: 000000000000000c 0000000000000000 0000000000000000 000000003a657275
>> [ 0.282397] fb20: 0000000000000000 0000000000000000 fffffffbbac75b60 0000000000000000
>> [ 0.282400] fb40: 260822e8751d5000 260822e8751d5000 0000000001440144 0000000000000000
>> [ 0.282403] fb60: 0000000000000000 0000000000000004 000000000000000c ffffff93b65ec000
>> [ 0.282405] fb80: 0000000000000000 00000000000fd054 000000000000002c 0000000000000000
>> [ 0.282408] fba0: 000000008180e3e0 9d12f8172cb2f296 ffffff93b65c4000 ffffff93b65c1000
>> [ 0.282411] fbc0: ffffff93b6419000 ffffff93b5ce6000 ffffff93b5ce6000 00000013b65c1000
>> [ 0.282413] fbe0: ffffff93b6415000 fffffffbb30cfc30 ffffff93b3f03d90 fffffffbb30cfc30
>> [ 0.282416] fc00: ffffff93b3f03d90 0000000060c00085 ffffff93b6415000 ffffff93b642fa00
>> [ 0.282418] fc20: ffffffffffffffff ffffff93b3f03d90
>> [ 0.282421] [<ffffff93b3f03d90>] __cfi_check_fail+0x14/0x1c
Where is this coming from? Out of tree patches?
>> [ 0.282430] [<ffffff93b3d458c0>] name_to_dev_t+0x0/0x47c
>> [ 0.282436] [<ffffff93b3d51b80>] kpti_install_ng_mappings+0x178/0x2e0
>> [ 0.282443] [<ffffff93b3eae950>] multi_cpu_stop+0x114/0x170
>> [ 0.282445] [<ffffff93b3eaf08c>] cpu_stopper_thread+0x128/0x2e8
>> [ 0.282452] [<ffffff93b3db5504>] smpboot_thread_fn+0x230/0x558
>> [ 0.282455] [<ffffff93b3dae848>] kthread+0x21c/0x238
>> [ 0.282459] [<ffffff93b3c838f0>] ret_from_fork+0x10/0x20
>> [ 0.282464] Code: 910003fd d000d100 913ee400 94533cc7 (d4210000)
>
> Oh fun :(
>
> Dragging in a bunch more people to the cc: and to: lines to have them
> look at this...
Thanks,
M.
--
Jazz is not dead. It just smells funny...
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 9:30 ` Greg KH
2018-04-09 9:44 ` Marc Zyngier
@ 2018-04-09 9:49 ` Ard Biesheuvel
2018-04-09 9:57 ` Jean-Baptiste Theou
1 sibling, 1 reply; 15+ messages in thread
From: Ard Biesheuvel @ 2018-04-09 9:49 UTC (permalink / raw)
To: Greg KH
Cc: Jean-Baptiste Theou, Mark Rutland, Linux Kernel Mailing List,
Will Deacon, Dan Rue, Mark Brown, Marc Zyngier, Greg Hackmann
On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:
> On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
>> Hi,
>>
>> After this patchset, a kernel built with CFI fails. Disabling
>> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
How does one 'build a kernel with CFI' for arm64?
>
> Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
> android-common-4.9?
>
>> Wondering if there is one of the test suite used on the review patchset that covers the CFI usecase.
>>
>> Best regards,
>>
>> [ 0.249191] CPU features: detected feature: GIC system register CPU interface
>> [ 0.256391] CPU features: detected feature: Privileged Access Never
>> [ 0.262719] CPU features: detected feature: User Access Override
>> [ 0.268791] CPU features: detected feature: 32-bit EL0 Support
>> [ 0.274683] CPU features: detected feature: Kernel page table isolation (KPTI)
>> [ 0.282166] CFI failure:
>> [ 0.282169] CFI failure:
>> [ 0.282172] CFI failure:
>> [ 0.282173] CFI failure:
>> [ 0.282175] CFI failure:
>> [ 0.282176] CFI failure:
>> [ 0.282177] CFI failure:
>> [ 0.282178] CFI failure:
>> [ 0.282188] ------------[ cut here ]------------
>> [ 0.282189] ------------[ cut here ]------------
>> [ 0.282190] ------------[ cut here ]------------
>> [ 0.282191] ------------[ cut here ]------------
>> [ 0.282193] ------------[ cut here ]------------
>> [ 0.282196] kernel BUG at kernel/cfi.c:32!
>> [ 0.282198] ------------[ cut here ]------------
>> [ 0.282201] kernel BUG at kernel/cfi.c:32!
>> [ 0.282202] ------------[ cut here ]------------
>> [ 0.282204] kernel BUG at kernel/cfi.c:32!
>> [ 0.282207] kernel BUG at kernel/cfi.c:32!
>> [ 0.282209] kernel BUG at kernel/cfi.c:32!
>> [ 0.282211] kernel BUG at kernel/cfi.c:32!
>> [ 0.282214] kernel BUG at kernel/cfi.c:32!
>> [ 0.282215] ------------[ cut here ]------------
>> [ 0.282216] kernel BUG at kernel/cfi.c:32!
>> [ 0.282218] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
>> [ 0.282224] Modules linked in:
>> [ 0.282230] CPU: 2 PID: 25 Comm: migration/2 Not tainted 4.9.93-perf+ #39
>> [ 0.282232] Hardware name: <REMOVED>
>> [ 0.282235] task: fffffffbb3b36580 task.stack: fffffffbb30cc000
>> [ 0.282250] PC is at __cfi_check_fail+0x14/0x1c
>> [ 0.282253] LR is at __cfi_check_fail+0x14/0x1c
>> [ 0.282255] pc : [<ffffff93b3f03d90>] lr : [<ffffff93b3f03d90>] pstate: 60c00085
>> [ 0.282256] sp : fffffffbb30cfc30
>> [ 0.282259] x29: fffffffbb30cfc30 x28: ffffff93b6415000
>> [ 0.282261] x27: 00000013b65c1000 x26: ffffff93b5ce6000
>> [ 0.282264] x25: ffffff93b5ce6000 x24: ffffff93b6419000
>> [ 0.282266] x23: ffffff93b65c1000 x22: ffffff93b65c4000
>> [ 0.282268] x21: 9d12f8172cb2f296 x20: 000000008180e3e0
>> [ 0.282271] x19: 0000000000000000 x18: 000000000000002c
>> [ 0.282274] x17: 00000000000fd054 x16: 0000000000000000
>> [ 0.282276] x15: ffffff93b65ec000 x14: 000000000000000c
>> [ 0.282279] x13: 0000000000000004 x12: 0000000000000000
>> [ 0.282281] x11: 0000000000000000 x10: 0000000001440144
>> [ 0.282283] x9 : 260822e8751d5000 x8 : 260822e8751d5000
>> [ 0.282286] x7 : 0000000000000000 x6 : fffffffbbac75b60
>> [ 0.282288] x5 : 0000000000000000 x4 : 0000000000000000
>> [ 0.282290] x3 : 000000003a657275 x2 : 0000000000000000
>> [ 0.282292] x1 : 0000000000000000 x0 : 000000000000000c
>> [ 0.282294]
>> [ 0.282294] PC: 0xffffff93b3f03d50:
>> [ 0.282308] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
>> [ 0.282315] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
>> [ 0.282322] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
>> [ 0.282329] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
>> [ 0.282330]
>> [ 0.282330] LR: 0xffffff93b3f03d50:
>> [ 0.282336] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
>> [ 0.282343] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
>> [ 0.282350] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
>> [ 0.282357] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
>> [ 0.282358]
>> [ 0.282358] SP: 0xfffffffbb30cfbf0:
>> [ 0.282365] fbf0 b3f03d90 ffffff93 b30cfc30 fffffffb b3f03d90 ffffff93 60c00085 00000000
>> [ 0.282372] fc10 b6415000 ffffff93 b642fa00 ffffff93 ffffffff ffffffff b3f03d90 ffffff93
>> [ 0.282378] fc30 b30cfc70 fffffffb b3d458c0 ffffff93 00000080 00000000 00000001 00000000
>> [ 0.282385] fc50 b65c4000 ffffff93 b64420f0 ffffff93 8180e3e0 00000000 00000002 00000000
>> [ 0.282387] Process migration/2 (pid: 25, stack limit = 0xfffffffbb30cc000)
>> [ 0.282389] Call trace:
>> [ 0.282391] Exception stack(0xfffffffbb30cfb00 to 0xfffffffbb30cfc30)
>> [ 0.282395] fb00: 000000000000000c 0000000000000000 0000000000000000 000000003a657275
>> [ 0.282397] fb20: 0000000000000000 0000000000000000 fffffffbbac75b60 0000000000000000
>> [ 0.282400] fb40: 260822e8751d5000 260822e8751d5000 0000000001440144 0000000000000000
>> [ 0.282403] fb60: 0000000000000000 0000000000000004 000000000000000c ffffff93b65ec000
>> [ 0.282405] fb80: 0000000000000000 00000000000fd054 000000000000002c 0000000000000000
>> [ 0.282408] fba0: 000000008180e3e0 9d12f8172cb2f296 ffffff93b65c4000 ffffff93b65c1000
>> [ 0.282411] fbc0: ffffff93b6419000 ffffff93b5ce6000 ffffff93b5ce6000 00000013b65c1000
>> [ 0.282413] fbe0: ffffff93b6415000 fffffffbb30cfc30 ffffff93b3f03d90 fffffffbb30cfc30
>> [ 0.282416] fc00: ffffff93b3f03d90 0000000060c00085 ffffff93b6415000 ffffff93b642fa00
>> [ 0.282418] fc20: ffffffffffffffff ffffff93b3f03d90
>> [ 0.282421] [<ffffff93b3f03d90>] __cfi_check_fail+0x14/0x1c
>> [ 0.282430] [<ffffff93b3d458c0>] name_to_dev_t+0x0/0x47c
>> [ 0.282436] [<ffffff93b3d51b80>] kpti_install_ng_mappings+0x178/0x2e0
>> [ 0.282443] [<ffffff93b3eae950>] multi_cpu_stop+0x114/0x170
>> [ 0.282445] [<ffffff93b3eaf08c>] cpu_stopper_thread+0x128/0x2e8
>> [ 0.282452] [<ffffff93b3db5504>] smpboot_thread_fn+0x230/0x558
>> [ 0.282455] [<ffffff93b3dae848>] kthread+0x21c/0x238
>> [ 0.282459] [<ffffff93b3c838f0>] ret_from_fork+0x10/0x20
>> [ 0.282464] Code: 910003fd d000d100 913ee400 94533cc7 (d4210000)
>
> Oh fun :(
>
> Dragging in a bunch more people to the cc: and to: lines to have them
> look at this...
>
> thanks,
>
> greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 9:05 Linux 4.9.93 Jean-Baptiste Theou
2018-04-09 9:30 ` Greg KH
@ 2018-04-09 9:55 ` Mark Rutland
1 sibling, 0 replies; 15+ messages in thread
From: Mark Rutland @ 2018-04-09 9:55 UTC (permalink / raw)
To: 20180408150840.GA16019; +Cc: gregkh, linux-kernel, will.deacon, dan.rue
On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
> Hi,
Hi,
> After this patchset, a kernel built with CFI fails. Disabling
> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
>
> Wondering if there is one of the test suite used on the review
> patchset that covers the CFI usecase.
IIUC, you're saying that after my v4.9.y meltdown backport, your own
backport of an out-of-tree patchset does not function.
There's no support for CFI in upsteam (at least as of v4.16), nor in
v4.9.93. I have no idea as to how KPTI interacts with an out-of-tree
patchset, so could you elaborate on the issue?
I've not seen any CFI patches on the linux-arm-kernel mailing list, so
it's not clear to me how this interacts with KPTI.
Which patches do you have applied that implement CFI? Which compiler are
you using?
[...]
> [ 0.282196] kernel BUG at kernel/cfi.c:32!
This file doesn't exit in v4.9.93...
> [ 0.282230] CPU: 2 PID: 25 Comm: migration/2 Not tainted 4.9.93-perf+ #39
... and here I see you have local changes applied.
It would be best if you tried to get CFI supported upstream before
trying to backport it. That would be best discussed on the
linux-arm-kernel mailing list.
Thanks,
Mark.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 9:49 ` Ard Biesheuvel
@ 2018-04-09 9:57 ` Jean-Baptiste Theou
2018-04-09 10:07 ` Mark Rutland
` (2 more replies)
0 siblings, 3 replies; 15+ messages in thread
From: Jean-Baptiste Theou @ 2018-04-09 9:57 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Greg KH, Mark Rutland, Linux Kernel Mailing List, Will Deacon,
Dan Rue, Mark Brown, Marc Zyngier, Greg Hackmann
On Mon, 9 Apr 2018 11:49:37 +0200
Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:
> > On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
> >> Hi,
> >>
> >> After this patchset, a kernel built with CFI fails. Disabling
> >> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
>
> How does one 'build a kernel with CFI' for arm64?
From Google work on Android-4.9
https://android.googlesource.com/kernel/common/+/00a195e7c0752ff5d65c9caadfbcc226270ca232
I am not sure what is the plan on their side to upstream (Greg?), but definitely
useful to isolate actual issues.
>
> >
> > Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
> > android-common-4.9?
It's a "clean 4.9.93" + whatever is needed for Clang/CFI support
My take is that CFI doesn't like
* void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
and
remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
Maybe just flag this function to not use CFI? I remember that Sami Tolvanen did
similar changes.
I know it's a bit out of context since CFI support for ARM64 is not upstream yet,
but unfortunate that an stable patchset trigger such failures.
Thanks a lot
Best regards
> >
> >> Wondering if there is one of the test suite used on the review patchset that covers the CFI usecase.
> >>
> >> Best regards,
> >>
> >> [ 0.249191] CPU features: detected feature: GIC system register CPU interface
> >> [ 0.256391] CPU features: detected feature: Privileged Access Never
> >> [ 0.262719] CPU features: detected feature: User Access Override
> >> [ 0.268791] CPU features: detected feature: 32-bit EL0 Support
> >> [ 0.274683] CPU features: detected feature: Kernel page table isolation (KPTI)
> >> [ 0.282166] CFI failure:
> >> [ 0.282169] CFI failure:
> >> [ 0.282172] CFI failure:
> >> [ 0.282173] CFI failure:
> >> [ 0.282175] CFI failure:
> >> [ 0.282176] CFI failure:
> >> [ 0.282177] CFI failure:
> >> [ 0.282178] CFI failure:
> >> [ 0.282188] ------------[ cut here ]------------
> >> [ 0.282189] ------------[ cut here ]------------
> >> [ 0.282190] ------------[ cut here ]------------
> >> [ 0.282191] ------------[ cut here ]------------
> >> [ 0.282193] ------------[ cut here ]------------
> >> [ 0.282196] kernel BUG at kernel/cfi.c:32!
> >> [ 0.282198] ------------[ cut here ]------------
> >> [ 0.282201] kernel BUG at kernel/cfi.c:32!
> >> [ 0.282202] ------------[ cut here ]------------
> >> [ 0.282204] kernel BUG at kernel/cfi.c:32!
> >> [ 0.282207] kernel BUG at kernel/cfi.c:32!
> >> [ 0.282209] kernel BUG at kernel/cfi.c:32!
> >> [ 0.282211] kernel BUG at kernel/cfi.c:32!
> >> [ 0.282214] kernel BUG at kernel/cfi.c:32!
> >> [ 0.282215] ------------[ cut here ]------------
> >> [ 0.282216] kernel BUG at kernel/cfi.c:32!
> >> [ 0.282218] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
> >> [ 0.282224] Modules linked in:
> >> [ 0.282230] CPU: 2 PID: 25 Comm: migration/2 Not tainted 4.9.93-perf+ #39
> >> [ 0.282232] Hardware name: <REMOVED>
> >> [ 0.282235] task: fffffffbb3b36580 task.stack: fffffffbb30cc000
> >> [ 0.282250] PC is at __cfi_check_fail+0x14/0x1c
> >> [ 0.282253] LR is at __cfi_check_fail+0x14/0x1c
> >> [ 0.282255] pc : [<ffffff93b3f03d90>] lr : [<ffffff93b3f03d90>] pstate: 60c00085
> >> [ 0.282256] sp : fffffffbb30cfc30
> >> [ 0.282259] x29: fffffffbb30cfc30 x28: ffffff93b6415000
> >> [ 0.282261] x27: 00000013b65c1000 x26: ffffff93b5ce6000
> >> [ 0.282264] x25: ffffff93b5ce6000 x24: ffffff93b6419000
> >> [ 0.282266] x23: ffffff93b65c1000 x22: ffffff93b65c4000
> >> [ 0.282268] x21: 9d12f8172cb2f296 x20: 000000008180e3e0
> >> [ 0.282271] x19: 0000000000000000 x18: 000000000000002c
> >> [ 0.282274] x17: 00000000000fd054 x16: 0000000000000000
> >> [ 0.282276] x15: ffffff93b65ec000 x14: 000000000000000c
> >> [ 0.282279] x13: 0000000000000004 x12: 0000000000000000
> >> [ 0.282281] x11: 0000000000000000 x10: 0000000001440144
> >> [ 0.282283] x9 : 260822e8751d5000 x8 : 260822e8751d5000
> >> [ 0.282286] x7 : 0000000000000000 x6 : fffffffbbac75b60
> >> [ 0.282288] x5 : 0000000000000000 x4 : 0000000000000000
> >> [ 0.282290] x3 : 000000003a657275 x2 : 0000000000000000
> >> [ 0.282292] x1 : 0000000000000000 x0 : 000000000000000c
> >> [ 0.282294]
> >> [ 0.282294] PC: 0xffffff93b3f03d50:
> >> [ 0.282308] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
> >> [ 0.282315] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
> >> [ 0.282322] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
> >> [ 0.282329] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
> >> [ 0.282330]
> >> [ 0.282330] LR: 0xffffff93b3f03d50:
> >> [ 0.282336] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
> >> [ 0.282343] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
> >> [ 0.282350] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
> >> [ 0.282357] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
> >> [ 0.282358]
> >> [ 0.282358] SP: 0xfffffffbb30cfbf0:
> >> [ 0.282365] fbf0 b3f03d90 ffffff93 b30cfc30 fffffffb b3f03d90 ffffff93 60c00085 00000000
> >> [ 0.282372] fc10 b6415000 ffffff93 b642fa00 ffffff93 ffffffff ffffffff b3f03d90 ffffff93
> >> [ 0.282378] fc30 b30cfc70 fffffffb b3d458c0 ffffff93 00000080 00000000 00000001 00000000
> >> [ 0.282385] fc50 b65c4000 ffffff93 b64420f0 ffffff93 8180e3e0 00000000 00000002 00000000
> >> [ 0.282387] Process migration/2 (pid: 25, stack limit = 0xfffffffbb30cc000)
> >> [ 0.282389] Call trace:
> >> [ 0.282391] Exception stack(0xfffffffbb30cfb00 to 0xfffffffbb30cfc30)
> >> [ 0.282395] fb00: 000000000000000c 0000000000000000 0000000000000000 000000003a657275
> >> [ 0.282397] fb20: 0000000000000000 0000000000000000 fffffffbbac75b60 0000000000000000
> >> [ 0.282400] fb40: 260822e8751d5000 260822e8751d5000 0000000001440144 0000000000000000
> >> [ 0.282403] fb60: 0000000000000000 0000000000000004 000000000000000c ffffff93b65ec000
> >> [ 0.282405] fb80: 0000000000000000 00000000000fd054 000000000000002c 0000000000000000
> >> [ 0.282408] fba0: 000000008180e3e0 9d12f8172cb2f296 ffffff93b65c4000 ffffff93b65c1000
> >> [ 0.282411] fbc0: ffffff93b6419000 ffffff93b5ce6000 ffffff93b5ce6000 00000013b65c1000
> >> [ 0.282413] fbe0: ffffff93b6415000 fffffffbb30cfc30 ffffff93b3f03d90 fffffffbb30cfc30
> >> [ 0.282416] fc00: ffffff93b3f03d90 0000000060c00085 ffffff93b6415000 ffffff93b642fa00
> >> [ 0.282418] fc20: ffffffffffffffff ffffff93b3f03d90
> >> [ 0.282421] [<ffffff93b3f03d90>] __cfi_check_fail+0x14/0x1c
> >> [ 0.282430] [<ffffff93b3d458c0>] name_to_dev_t+0x0/0x47c
> >> [ 0.282436] [<ffffff93b3d51b80>] kpti_install_ng_mappings+0x178/0x2e0
> >> [ 0.282443] [<ffffff93b3eae950>] multi_cpu_stop+0x114/0x170
> >> [ 0.282445] [<ffffff93b3eaf08c>] cpu_stopper_thread+0x128/0x2e8
> >> [ 0.282452] [<ffffff93b3db5504>] smpboot_thread_fn+0x230/0x558
> >> [ 0.282455] [<ffffff93b3dae848>] kthread+0x21c/0x238
> >> [ 0.282459] [<ffffff93b3c838f0>] ret_from_fork+0x10/0x20
> >> [ 0.282464] Code: 910003fd d000d100 913ee400 94533cc7 (d4210000)
> >
> > Oh fun :(
> >
> > Dragging in a bunch more people to the cc: and to: lines to have them
> > look at this...
> >
> > thanks,
> >
> > greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 9:57 ` Jean-Baptiste Theou
@ 2018-04-09 10:07 ` Mark Rutland
2018-04-09 10:41 ` Jean-Baptiste Theou
2018-04-09 10:25 ` Ard Biesheuvel
2018-04-09 11:41 ` Greg KH
2 siblings, 1 reply; 15+ messages in thread
From: Mark Rutland @ 2018-04-09 10:07 UTC (permalink / raw)
To: Jean-Baptiste Theou
Cc: Ard Biesheuvel, Greg KH, Linux Kernel Mailing List, Will Deacon,
Dan Rue, Mark Brown, Marc Zyngier, Greg Hackmann
On Mon, Apr 09, 2018 at 06:57:51PM +0900, Jean-Baptiste Theou wrote:
> On Mon, 9 Apr 2018 11:49:37 +0200
> Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
> > On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:
> > > On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
> > >> Hi,
> > >>
> > >> After this patchset, a kernel built with CFI fails. Disabling
> > >> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
> >
> > How does one 'build a kernel with CFI' for arm64?
>
> From Google work on Android-4.9
>
> https://android.googlesource.com/kernel/common/+/00a195e7c0752ff5d65c9caadfbcc226270ca232
>
> I am not sure what is the plan on their side to upstream (Greg?), but definitely
> useful to isolate actual issues.
>
> > > Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
> > > android-common-4.9?
>
> It's a "clean 4.9.93" + whatever is needed for Clang/CFI support
>
> My take is that CFI doesn't like
>
> * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
>
> and
>
> remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
>
> Maybe just flag this function to not use CFI? I remember that Sami Tolvanen did
> similar changes.
>From a quick scan, it looks like CFI uses shadow memory for function
prologues. Since we're taking the PA of a function pointer, presumably
this no longer maps to valid shadow.
I'd expect the same to apply to uses of cpu_replace_ttbr1(), but it
looks like the only user of that is marked as __init, and that patch
adds __nocfi to __init functions.
So you probably need to mark kpti_install_ng_mappings() as __nocfi.
> I know it's a bit out of context since CFI support for ARM64 is not upstream yet,
> but unfortunate that an stable patchset trigger such failures.
This is simply the nature of out-of-tree code.
In future, it would be very helpful if you could provide context for
out-of-tree patches in the initial report.
Thanks,
Mark.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 9:57 ` Jean-Baptiste Theou
2018-04-09 10:07 ` Mark Rutland
@ 2018-04-09 10:25 ` Ard Biesheuvel
2018-04-09 10:28 ` Jean-Baptiste Theou
2018-04-09 11:41 ` Greg KH
2 siblings, 1 reply; 15+ messages in thread
From: Ard Biesheuvel @ 2018-04-09 10:25 UTC (permalink / raw)
To: Jean-Baptiste Theou
Cc: Greg KH, Mark Rutland, Linux Kernel Mailing List, Will Deacon,
Dan Rue, Mark Brown, Marc Zyngier, Greg Hackmann
> On 9 Apr 2018, at 11:57, Jean-Baptiste Theou <jb@essential.com> wrote:
>
> On Mon, 9 Apr 2018 11:49:37 +0200
> Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
>>> On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:
>>>> On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
>>>> Hi,
>>>>
>>>> After this patchset, a kernel built with CFI fails. Disabling
>>>> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
>>
>> How does one 'build a kernel with CFI' for arm64?
>
> From Google work on Android-4.9
>
> https://android.googlesource.com/kernel/common/+/00a195e7c0752ff5d65c9caadfbcc226270ca232
>
> I am not sure what is the plan on their side to upstream (Greg?), but definitely
> useful to isolate actual issues.
>
>>
>>>
>>> Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
>>> android-common-4.9?
>
> It's a "clean 4.9.93" + whatever is needed for Clang/CFI support
>
> My take is that CFI doesn't like
>
> * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
>
> and
>
> remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
>
> Maybe just flag this function to not use CFI? I remember that Sami Tolvanen did
> similar changes.
>
> I know it's a bit out of context since CFI support for ARM64 is not upstream yet,
> but unfortunate that an stable patchset trigger such failures.
>
I am sorry but if you are implying that we should have tested these patches against the out of tree CFI code, I have to disappoint you: that is simply not upstream’s job, and if the Google engineers merged this into their v4.9 tree without proper testing, may I suggest that you report it to them instead?
OTOH, if that is not what you are implying, please ignore the rant :-)
> Thanks a lot
>
> Best regards
>
>>>
>>>> Wondering if there is one of the test suite used on the review patchset that covers the CFI usecase.
>>>>
>>>> Best regards,
>>>>
>>>> [ 0.249191] CPU features: detected feature: GIC system register CPU interface
>>>> [ 0.256391] CPU features: detected feature: Privileged Access Never
>>>> [ 0.262719] CPU features: detected feature: User Access Override
>>>> [ 0.268791] CPU features: detected feature: 32-bit EL0 Support
>>>> [ 0.274683] CPU features: detected feature: Kernel page table isolation (KPTI)
>>>> [ 0.282166] CFI failure:
>>>> [ 0.282169] CFI failure:
>>>> [ 0.282172] CFI failure:
>>>> [ 0.282173] CFI failure:
>>>> [ 0.282175] CFI failure:
>>>> [ 0.282176] CFI failure:
>>>> [ 0.282177] CFI failure:
>>>> [ 0.282178] CFI failure:
>>>> [ 0.282188] ------------[ cut here ]------------
>>>> [ 0.282189] ------------[ cut here ]------------
>>>> [ 0.282190] ------------[ cut here ]------------
>>>> [ 0.282191] ------------[ cut here ]------------
>>>> [ 0.282193] ------------[ cut here ]------------
>>>> [ 0.282196] kernel BUG at kernel/cfi.c:32!
>>>> [ 0.282198] ------------[ cut here ]------------
>>>> [ 0.282201] kernel BUG at kernel/cfi.c:32!
>>>> [ 0.282202] ------------[ cut here ]------------
>>>> [ 0.282204] kernel BUG at kernel/cfi.c:32!
>>>> [ 0.282207] kernel BUG at kernel/cfi.c:32!
>>>> [ 0.282209] kernel BUG at kernel/cfi.c:32!
>>>> [ 0.282211] kernel BUG at kernel/cfi.c:32!
>>>> [ 0.282214] kernel BUG at kernel/cfi.c:32!
>>>> [ 0.282215] ------------[ cut here ]------------
>>>> [ 0.282216] kernel BUG at kernel/cfi.c:32!
>>>> [ 0.282218] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
>>>> [ 0.282224] Modules linked in:
>>>> [ 0.282230] CPU: 2 PID: 25 Comm: migration/2 Not tainted 4.9.93-perf+ #39
>>>> [ 0.282232] Hardware name: <REMOVED>
>>>> [ 0.282235] task: fffffffbb3b36580 task.stack: fffffffbb30cc000
>>>> [ 0.282250] PC is at __cfi_check_fail+0x14/0x1c
>>>> [ 0.282253] LR is at __cfi_check_fail+0x14/0x1c
>>>> [ 0.282255] pc : [<ffffff93b3f03d90>] lr : [<ffffff93b3f03d90>] pstate: 60c00085
>>>> [ 0.282256] sp : fffffffbb30cfc30
>>>> [ 0.282259] x29: fffffffbb30cfc30 x28: ffffff93b6415000
>>>> [ 0.282261] x27: 00000013b65c1000 x26: ffffff93b5ce6000
>>>> [ 0.282264] x25: ffffff93b5ce6000 x24: ffffff93b6419000
>>>> [ 0.282266] x23: ffffff93b65c1000 x22: ffffff93b65c4000
>>>> [ 0.282268] x21: 9d12f8172cb2f296 x20: 000000008180e3e0
>>>> [ 0.282271] x19: 0000000000000000 x18: 000000000000002c
>>>> [ 0.282274] x17: 00000000000fd054 x16: 0000000000000000
>>>> [ 0.282276] x15: ffffff93b65ec000 x14: 000000000000000c
>>>> [ 0.282279] x13: 0000000000000004 x12: 0000000000000000
>>>> [ 0.282281] x11: 0000000000000000 x10: 0000000001440144
>>>> [ 0.282283] x9 : 260822e8751d5000 x8 : 260822e8751d5000
>>>> [ 0.282286] x7 : 0000000000000000 x6 : fffffffbbac75b60
>>>> [ 0.282288] x5 : 0000000000000000 x4 : 0000000000000000
>>>> [ 0.282290] x3 : 000000003a657275 x2 : 0000000000000000
>>>> [ 0.282292] x1 : 0000000000000000 x0 : 000000000000000c
>>>> [ 0.282294]
>>>> [ 0.282294] PC: 0xffffff93b3f03d50:
>>>> [ 0.282308] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
>>>> [ 0.282315] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
>>>> [ 0.282322] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
>>>> [ 0.282329] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
>>>> [ 0.282330]
>>>> [ 0.282330] LR: 0xffffff93b3f03d50:
>>>> [ 0.282336] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
>>>> [ 0.282343] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
>>>> [ 0.282350] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
>>>> [ 0.282357] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
>>>> [ 0.282358]
>>>> [ 0.282358] SP: 0xfffffffbb30cfbf0:
>>>> [ 0.282365] fbf0 b3f03d90 ffffff93 b30cfc30 fffffffb b3f03d90 ffffff93 60c00085 00000000
>>>> [ 0.282372] fc10 b6415000 ffffff93 b642fa00 ffffff93 ffffffff ffffffff b3f03d90 ffffff93
>>>> [ 0.282378] fc30 b30cfc70 fffffffb b3d458c0 ffffff93 00000080 00000000 00000001 00000000
>>>> [ 0.282385] fc50 b65c4000 ffffff93 b64420f0 ffffff93 8180e3e0 00000000 00000002 00000000
>>>> [ 0.282387] Process migration/2 (pid: 25, stack limit = 0xfffffffbb30cc000)
>>>> [ 0.282389] Call trace:
>>>> [ 0.282391] Exception stack(0xfffffffbb30cfb00 to 0xfffffffbb30cfc30)
>>>> [ 0.282395] fb00: 000000000000000c 0000000000000000 0000000000000000 000000003a657275
>>>> [ 0.282397] fb20: 0000000000000000 0000000000000000 fffffffbbac75b60 0000000000000000
>>>> [ 0.282400] fb40: 260822e8751d5000 260822e8751d5000 0000000001440144 0000000000000000
>>>> [ 0.282403] fb60: 0000000000000000 0000000000000004 000000000000000c ffffff93b65ec000
>>>> [ 0.282405] fb80: 0000000000000000 00000000000fd054 000000000000002c 0000000000000000
>>>> [ 0.282408] fba0: 000000008180e3e0 9d12f8172cb2f296 ffffff93b65c4000 ffffff93b65c1000
>>>> [ 0.282411] fbc0: ffffff93b6419000 ffffff93b5ce6000 ffffff93b5ce6000 00000013b65c1000
>>>> [ 0.282413] fbe0: ffffff93b6415000 fffffffbb30cfc30 ffffff93b3f03d90 fffffffbb30cfc30
>>>> [ 0.282416] fc00: ffffff93b3f03d90 0000000060c00085 ffffff93b6415000 ffffff93b642fa00
>>>> [ 0.282418] fc20: ffffffffffffffff ffffff93b3f03d90
>>>> [ 0.282421] [<ffffff93b3f03d90>] __cfi_check_fail+0x14/0x1c
>>>> [ 0.282430] [<ffffff93b3d458c0>] name_to_dev_t+0x0/0x47c
>>>> [ 0.282436] [<ffffff93b3d51b80>] kpti_install_ng_mappings+0x178/0x2e0
>>>> [ 0.282443] [<ffffff93b3eae950>] multi_cpu_stop+0x114/0x170
>>>> [ 0.282445] [<ffffff93b3eaf08c>] cpu_stopper_thread+0x128/0x2e8
>>>> [ 0.282452] [<ffffff93b3db5504>] smpboot_thread_fn+0x230/0x558
>>>> [ 0.282455] [<ffffff93b3dae848>] kthread+0x21c/0x238
>>>> [ 0.282459] [<ffffff93b3c838f0>] ret_from_fork+0x10/0x20
>>>> [ 0.282464] Code: 910003fd d000d100 913ee400 94533cc7 (d4210000)
>>>
>>> Oh fun :(
>>>
>>> Dragging in a bunch more people to the cc: and to: lines to have them
>>> look at this...
>>>
>>> thanks,
>>>
>>> greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 10:25 ` Ard Biesheuvel
@ 2018-04-09 10:28 ` Jean-Baptiste Theou
0 siblings, 0 replies; 15+ messages in thread
From: Jean-Baptiste Theou @ 2018-04-09 10:28 UTC (permalink / raw)
To: Ard Biesheuvel
Cc: Greg KH, Mark Rutland, Linux Kernel Mailing List, Will Deacon,
Dan Rue, Mark Brown, Marc Zyngier, Greg Hackmann
On Mon, 9 Apr 2018 12:25:07 +0200
Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> > On 9 Apr 2018, at 11:57, Jean-Baptiste Theou <jb@essential.com> wrote:
> >
> > On Mon, 9 Apr 2018 11:49:37 +0200
> > Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> >
> >>> On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:
> >>>> On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
> >>>> Hi,
> >>>>
> >>>> After this patchset, a kernel built with CFI fails. Disabling
> >>>> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
> >>
> >> How does one 'build a kernel with CFI' for arm64?
> >
> > From Google work on Android-4.9
> >
> > https://android.googlesource.com/kernel/common/+/00a195e7c0752ff5d65c9caadfbcc226270ca232
> >
> > I am not sure what is the plan on their side to upstream (Greg?), but definitely
> > useful to isolate actual issues.
> >
> >>
> >>>
> >>> Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
> >>> android-common-4.9?
> >
> > It's a "clean 4.9.93" + whatever is needed for Clang/CFI support
> >
> > My take is that CFI doesn't like
> >
> > * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
> >
> > and
> >
> > remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
> >
> > Maybe just flag this function to not use CFI? I remember that Sami Tolvanen did
> > similar changes.
> >
> > I know it's a bit out of context since CFI support for ARM64 is not upstream yet,
> > but unfortunate that an stable patchset trigger such failures.
> >
>
> I am sorry but if you are implying that we should have tested these patches against the out of tree CFI code, I have to disappoint you: that is simply not upstream’s job, and if the Google engineers merged this into their v4.9 tree without proper testing, may I suggest that you report it to them instead?
>
> OTOH, if that is not what you are implying, please ignore the rant :-)
>
To be perfectly honest, I forgot that CFI wasn't an upstream feature. Indeed, I don't expect upstream test farm to run out of tree.
The real answer here is to upstream CFI ;-)
Thanks a lot
Best regards
>
> > Thanks a lot
> >
> > Best regards
> >
> >>>
> >>>> Wondering if there is one of the test suite used on the review patchset that covers the CFI usecase.
> >>>>
> >>>> Best regards,
> >>>>
> >>>> [ 0.249191] CPU features: detected feature: GIC system register CPU interface
> >>>> [ 0.256391] CPU features: detected feature: Privileged Access Never
> >>>> [ 0.262719] CPU features: detected feature: User Access Override
> >>>> [ 0.268791] CPU features: detected feature: 32-bit EL0 Support
> >>>> [ 0.274683] CPU features: detected feature: Kernel page table isolation (KPTI)
> >>>> [ 0.282166] CFI failure:
> >>>> [ 0.282169] CFI failure:
> >>>> [ 0.282172] CFI failure:
> >>>> [ 0.282173] CFI failure:
> >>>> [ 0.282175] CFI failure:
> >>>> [ 0.282176] CFI failure:
> >>>> [ 0.282177] CFI failure:
> >>>> [ 0.282178] CFI failure:
> >>>> [ 0.282188] ------------[ cut here ]------------
> >>>> [ 0.282189] ------------[ cut here ]------------
> >>>> [ 0.282190] ------------[ cut here ]------------
> >>>> [ 0.282191] ------------[ cut here ]------------
> >>>> [ 0.282193] ------------[ cut here ]------------
> >>>> [ 0.282196] kernel BUG at kernel/cfi.c:32!
> >>>> [ 0.282198] ------------[ cut here ]------------
> >>>> [ 0.282201] kernel BUG at kernel/cfi.c:32!
> >>>> [ 0.282202] ------------[ cut here ]------------
> >>>> [ 0.282204] kernel BUG at kernel/cfi.c:32!
> >>>> [ 0.282207] kernel BUG at kernel/cfi.c:32!
> >>>> [ 0.282209] kernel BUG at kernel/cfi.c:32!
> >>>> [ 0.282211] kernel BUG at kernel/cfi.c:32!
> >>>> [ 0.282214] kernel BUG at kernel/cfi.c:32!
> >>>> [ 0.282215] ------------[ cut here ]------------
> >>>> [ 0.282216] kernel BUG at kernel/cfi.c:32!
> >>>> [ 0.282218] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
> >>>> [ 0.282224] Modules linked in:
> >>>> [ 0.282230] CPU: 2 PID: 25 Comm: migration/2 Not tainted 4.9.93-perf+ #39
> >>>> [ 0.282232] Hardware name: <REMOVED>
> >>>> [ 0.282235] task: fffffffbb3b36580 task.stack: fffffffbb30cc000
> >>>> [ 0.282250] PC is at __cfi_check_fail+0x14/0x1c
> >>>> [ 0.282253] LR is at __cfi_check_fail+0x14/0x1c
> >>>> [ 0.282255] pc : [<ffffff93b3f03d90>] lr : [<ffffff93b3f03d90>] pstate: 60c00085
> >>>> [ 0.282256] sp : fffffffbb30cfc30
> >>>> [ 0.282259] x29: fffffffbb30cfc30 x28: ffffff93b6415000
> >>>> [ 0.282261] x27: 00000013b65c1000 x26: ffffff93b5ce6000
> >>>> [ 0.282264] x25: ffffff93b5ce6000 x24: ffffff93b6419000
> >>>> [ 0.282266] x23: ffffff93b65c1000 x22: ffffff93b65c4000
> >>>> [ 0.282268] x21: 9d12f8172cb2f296 x20: 000000008180e3e0
> >>>> [ 0.282271] x19: 0000000000000000 x18: 000000000000002c
> >>>> [ 0.282274] x17: 00000000000fd054 x16: 0000000000000000
> >>>> [ 0.282276] x15: ffffff93b65ec000 x14: 000000000000000c
> >>>> [ 0.282279] x13: 0000000000000004 x12: 0000000000000000
> >>>> [ 0.282281] x11: 0000000000000000 x10: 0000000001440144
> >>>> [ 0.282283] x9 : 260822e8751d5000 x8 : 260822e8751d5000
> >>>> [ 0.282286] x7 : 0000000000000000 x6 : fffffffbbac75b60
> >>>> [ 0.282288] x5 : 0000000000000000 x4 : 0000000000000000
> >>>> [ 0.282290] x3 : 000000003a657275 x2 : 0000000000000000
> >>>> [ 0.282292] x1 : 0000000000000000 x0 : 000000000000000c
> >>>> [ 0.282294]
> >>>> [ 0.282294] PC: 0xffffff93b3f03d50:
> >>>> [ 0.282308] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
> >>>> [ 0.282315] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
> >>>> [ 0.282322] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
> >>>> [ 0.282329] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
> >>>> [ 0.282330]
> >>>> [ 0.282330] LR: 0xffffff93b3f03d50:
> >>>> [ 0.282336] 3d50 b9001ac8 f94002c8 370ffec8 17ffffbe d4210000 14000000 aa1603e0 f90007e8
> >>>> [ 0.282343] 3d70 94536017 f94007e8 17ffffe2 a9bf7bfd 910003fd d000d100 913ee400 94533cc7
> >>>> [ 0.282350] 3d90 d4210000 14000000 b0013788 2a1f03e0 f901c51f d65f03c0 f940406b 2a0203e8
> >>>> [ 0.282357] 3db0 2a0103e9 aa0003ea b400008b f9000145 f94000cb b40001ab a9bf7bfd 910003fd
> >>>> [ 0.282358]
> >>>> [ 0.282358] SP: 0xfffffffbb30cfbf0:
> >>>> [ 0.282365] fbf0 b3f03d90 ffffff93 b30cfc30 fffffffb b3f03d90 ffffff93 60c00085 00000000
> >>>> [ 0.282372] fc10 b6415000 ffffff93 b642fa00 ffffff93 ffffffff ffffffff b3f03d90 ffffff93
> >>>> [ 0.282378] fc30 b30cfc70 fffffffb b3d458c0 ffffff93 00000080 00000000 00000001 00000000
> >>>> [ 0.282385] fc50 b65c4000 ffffff93 b64420f0 ffffff93 8180e3e0 00000000 00000002 00000000
> >>>> [ 0.282387] Process migration/2 (pid: 25, stack limit = 0xfffffffbb30cc000)
> >>>> [ 0.282389] Call trace:
> >>>> [ 0.282391] Exception stack(0xfffffffbb30cfb00 to 0xfffffffbb30cfc30)
> >>>> [ 0.282395] fb00: 000000000000000c 0000000000000000 0000000000000000 000000003a657275
> >>>> [ 0.282397] fb20: 0000000000000000 0000000000000000 fffffffbbac75b60 0000000000000000
> >>>> [ 0.282400] fb40: 260822e8751d5000 260822e8751d5000 0000000001440144 0000000000000000
> >>>> [ 0.282403] fb60: 0000000000000000 0000000000000004 000000000000000c ffffff93b65ec000
> >>>> [ 0.282405] fb80: 0000000000000000 00000000000fd054 000000000000002c 0000000000000000
> >>>> [ 0.282408] fba0: 000000008180e3e0 9d12f8172cb2f296 ffffff93b65c4000 ffffff93b65c1000
> >>>> [ 0.282411] fbc0: ffffff93b6419000 ffffff93b5ce6000 ffffff93b5ce6000 00000013b65c1000
> >>>> [ 0.282413] fbe0: ffffff93b6415000 fffffffbb30cfc30 ffffff93b3f03d90 fffffffbb30cfc30
> >>>> [ 0.282416] fc00: ffffff93b3f03d90 0000000060c00085 ffffff93b6415000 ffffff93b642fa00
> >>>> [ 0.282418] fc20: ffffffffffffffff ffffff93b3f03d90
> >>>> [ 0.282421] [<ffffff93b3f03d90>] __cfi_check_fail+0x14/0x1c
> >>>> [ 0.282430] [<ffffff93b3d458c0>] name_to_dev_t+0x0/0x47c
> >>>> [ 0.282436] [<ffffff93b3d51b80>] kpti_install_ng_mappings+0x178/0x2e0
> >>>> [ 0.282443] [<ffffff93b3eae950>] multi_cpu_stop+0x114/0x170
> >>>> [ 0.282445] [<ffffff93b3eaf08c>] cpu_stopper_thread+0x128/0x2e8
> >>>> [ 0.282452] [<ffffff93b3db5504>] smpboot_thread_fn+0x230/0x558
> >>>> [ 0.282455] [<ffffff93b3dae848>] kthread+0x21c/0x238
> >>>> [ 0.282459] [<ffffff93b3c838f0>] ret_from_fork+0x10/0x20
> >>>> [ 0.282464] Code: 910003fd d000d100 913ee400 94533cc7 (d4210000)
> >>>
> >>> Oh fun :(
> >>>
> >>> Dragging in a bunch more people to the cc: and to: lines to have them
> >>> look at this...
> >>>
> >>> thanks,
> >>>
> >>> greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 10:07 ` Mark Rutland
@ 2018-04-09 10:41 ` Jean-Baptiste Theou
0 siblings, 0 replies; 15+ messages in thread
From: Jean-Baptiste Theou @ 2018-04-09 10:41 UTC (permalink / raw)
To: Mark Rutland
Cc: Ard Biesheuvel, Greg KH, Linux Kernel Mailing List, Will Deacon,
Dan Rue, Mark Brown, Marc Zyngier, Greg Hackmann
On Mon, 9 Apr 2018 11:07:41 +0100
Mark Rutland <mark.rutland@arm.com> wrote:
> On Mon, Apr 09, 2018 at 06:57:51PM +0900, Jean-Baptiste Theou wrote:
> > On Mon, 9 Apr 2018 11:49:37 +0200
> > Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> >
> > > On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:
> > > > On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
> > > >> Hi,
> > > >>
> > > >> After this patchset, a kernel built with CFI fails. Disabling
> > > >> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
> > >
> > > How does one 'build a kernel with CFI' for arm64?
> >
> > From Google work on Android-4.9
> >
> > https://android.googlesource.com/kernel/common/+/00a195e7c0752ff5d65c9caadfbcc226270ca232
> >
> > I am not sure what is the plan on their side to upstream (Greg?), but definitely
> > useful to isolate actual issues.
> >
> > > > Is this a "clean" 4.9.93 tree or a "4.9.93 merged into
> > > > android-common-4.9?
> >
> > It's a "clean 4.9.93" + whatever is needed for Clang/CFI support
> >
> > My take is that CFI doesn't like
> >
> > * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
> >
> > and
> >
> > remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
> >
> > Maybe just flag this function to not use CFI? I remember that Sami Tolvanen did
> > similar changes.
>
> From a quick scan, it looks like CFI uses shadow memory for function
> prologues. Since we're taking the PA of a function pointer, presumably
> this no longer maps to valid shadow.
>
> I'd expect the same to apply to uses of cpu_replace_ttbr1(), but it
> looks like the only user of that is marked as __init, and that patch
> adds __nocfi to __init functions.
>
> So you probably need to mark kpti_install_ng_mappings() as __nocfi.
>
> > I know it's a bit out of context since CFI support for ARM64 is not upstream yet,
> > but unfortunate that an stable patchset trigger such failures.
>
> This is simply the nature of out-of-tree code.
>
> In future, it would be very helpful if you could provide context for
> out-of-tree patches in the initial report.
>
I can pass the initial CFI failures by tagging the function with __nocfi, but still face issues down the road.
That said, it's out of tree, so my problem.
Will investigate.
Thanks a lot for the quick support.
Best regards
> Thanks,
> Mark.
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 9:57 ` Jean-Baptiste Theou
2018-04-09 10:07 ` Mark Rutland
2018-04-09 10:25 ` Ard Biesheuvel
@ 2018-04-09 11:41 ` Greg KH
2018-04-09 17:02 ` Greg Hackmann
2 siblings, 1 reply; 15+ messages in thread
From: Greg KH @ 2018-04-09 11:41 UTC (permalink / raw)
To: Jean-Baptiste Theou
Cc: Ard Biesheuvel, Mark Rutland, Linux Kernel Mailing List,
Will Deacon, Dan Rue, Mark Brown, Marc Zyngier, Greg Hackmann
On Mon, Apr 09, 2018 at 06:57:51PM +0900, Jean-Baptiste Theou wrote:
> On Mon, 9 Apr 2018 11:49:37 +0200
> Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>
> > On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:
> > > On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
> > >> Hi,
> > >>
> > >> After this patchset, a kernel built with CFI fails. Disabling
> > >> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
> >
> > How does one 'build a kernel with CFI' for arm64?
>
> From Google work on Android-4.9
>
> https://android.googlesource.com/kernel/common/+/00a195e7c0752ff5d65c9caadfbcc226270ca232
>
> I am not sure what is the plan on their side to upstream (Greg?), but definitely
> useful to isolate actual issues.
Ah, yeah, if you are taking anything from the Android tree, all bets are
off :)
Greg Hackmann can probably answer the questions about CFI and these
patches, as he's working on merging this stable release into the
android-4.9 branch this week. I'll let him deal with this...
thanks,
greg k-h
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 11:41 ` Greg KH
@ 2018-04-09 17:02 ` Greg Hackmann
2018-04-09 20:32 ` Sami Tolvanen
0 siblings, 1 reply; 15+ messages in thread
From: Greg Hackmann @ 2018-04-09 17:02 UTC (permalink / raw)
To: Greg KH, Jean-Baptiste Theou, Sami Tolvanen
Cc: Ard Biesheuvel, Mark Rutland, Linux Kernel Mailing List,
Will Deacon, Dan Rue, Mark Brown, Marc Zyngier
On 04/09/2018 04:41 AM, Greg KH wrote:
> On Mon, Apr 09, 2018 at 06:57:51PM +0900, Jean-Baptiste Theou wrote:
>> On Mon, 9 Apr 2018 11:49:37 +0200
>> Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>>
>>> On 9 April 2018 at 11:30, Greg KH <gregkh@linuxfoundation.org> wrote:
>>>> On Mon, Apr 09, 2018 at 06:05:34PM +0900, Jean-Baptiste Theou wrote:
>>>>> Hi,
>>>>>
>>>>> After this patchset, a kernel built with CFI fails. Disabling
>>>>> UNMAP_KERNEL_AT_EL0 fix the issue obviously.
>>>
>>> How does one 'build a kernel with CFI' for arm64?
>>
>> From Google work on Android-4.9
>>
>> https://android.googlesource.com/kernel/common/+/00a195e7c0752ff5d65c9caadfbcc226270ca232
>>
>> I am not sure what is the plan on their side to upstream (Greg?), but definitely
>> useful to isolate actual issues.
>
> Ah, yeah, if you are taking anything from the Android tree, all bets are
> off :)
>
> Greg Hackmann can probably answer the questions about CFI and these
> patches, as he's working on merging this stable release into the
> android-4.9 branch this week. I'll let him deal with this...
>
> thanks,
>
> greg k-h
>
I've added Sami Tolvanen, who's handling CFI in the kernel.
Sami, what are the plans for upstreaming this work?
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-09 17:02 ` Greg Hackmann
@ 2018-04-09 20:32 ` Sami Tolvanen
0 siblings, 0 replies; 15+ messages in thread
From: Sami Tolvanen @ 2018-04-09 20:32 UTC (permalink / raw)
To: Greg Hackmann
Cc: gregkh, jb, Ard Biesheuvel, Mark Rutland, LKML, Will Deacon,
dan.rue, mark.brown, marc.zyngier
On Mon, Apr 9, 2018 at 10:02 AM Greg Hackmann <ghackmann@google.com> wrote:
> Sami, what are the plans for upstreaming this work?
CFI is a clang-specific feature that depends on LTO. Based on the earlier
LTO discussion, we decided to collect some more evidence that clang's LTO
doesn't actually break anything in the kernel before sending out the next
revision of these patches. I will look into upstreaming this code again
once we have sufficient test coverage, hopefully by the end of the year.
Sami
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: Linux 4.9.93
2018-04-08 15:08 Greg KH
@ 2018-04-08 15:08 ` Greg KH
0 siblings, 0 replies; 15+ messages in thread
From: Greg KH @ 2018-04-08 15:08 UTC (permalink / raw)
To: linux-kernel, Andrew Morton, torvalds, stable; +Cc: lwn, Jiri Slaby
diff --git a/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt b/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
index caf297bee1fb..c28d4eb83b76 100644
--- a/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
+++ b/Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt
@@ -35,6 +35,15 @@ Optional properties:
- ti,palmas-enable-dvfs2: Enable DVFS2. Configure pins for DVFS2 mode.
Selection primary or secondary function associated to GPADC_START
and SYSEN2 pin/pad for DVFS2 interface
+- ti,palmas-override-powerhold: This is applicable for PMICs for which
+ GPIO7 is configured in POWERHOLD mode which has higher priority
+ over DEV_ON bit and keeps the PMIC supplies on even after the DEV_ON
+ bit is turned off. This property enables driver to over ride the
+ POWERHOLD value to GPIO7 so as to turn off the PMIC in power off
+ scenarios. So for GPIO7 if ti,palmas-override-powerhold is set
+ then the GPIO_7 field should never be muxed to anything else.
+ It should be set to POWERHOLD by default and only in case of
+ power off scenarios the driver will over ride the mux value.
This binding uses the following generic properties as defined in
pinctrl-bindings.txt:
diff --git a/Makefile b/Makefile
index 3ab3b8203bf6..f5cf4159fc20 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
VERSION = 4
PATCHLEVEL = 9
-SUBLEVEL = 92
+SUBLEVEL = 93
EXTRAVERSION =
NAME = Roaring Lionus
diff --git a/arch/arm/boot/dts/am335x-pepper.dts b/arch/arm/boot/dts/am335x-pepper.dts
index 42b62f54e4b7..30e2f8770aaf 100644
--- a/arch/arm/boot/dts/am335x-pepper.dts
+++ b/arch/arm/boot/dts/am335x-pepper.dts
@@ -139,7 +139,7 @@
&audio_codec {
status = "okay";
- reset-gpios = <&gpio1 16 GPIO_ACTIVE_LOW>;
+ gpio-reset = <&gpio1 16 GPIO_ACTIVE_LOW>;
AVDD-supply = <&ldo3_reg>;
IOVDD-supply = <&ldo3_reg>;
DRVDD-supply = <&ldo3_reg>;
diff --git a/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi b/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
index 6df7829a2c15..78bee26361f1 100644
--- a/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
+++ b/arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi
@@ -204,6 +204,7 @@
interrupt-controller;
ti,system-power-controller;
+ ti,palmas-override-powerhold;
tps659038_pmic {
compatible = "ti,tps659038-pmic";
diff --git a/arch/arm/boot/dts/am57xx-idk-common.dtsi b/arch/arm/boot/dts/am57xx-idk-common.dtsi
index db858fff4e18..1cc62727e43a 100644
--- a/arch/arm/boot/dts/am57xx-idk-common.dtsi
+++ b/arch/arm/boot/dts/am57xx-idk-common.dtsi
@@ -57,6 +57,7 @@
#interrupt-cells = <2>;
interrupt-controller;
ti,system-power-controller;
+ ti,palmas-override-powerhold;
tps659038_pmic {
compatible = "ti,tps659038-pmic";
diff --git a/arch/arm/boot/dts/dra7-evm.dts b/arch/arm/boot/dts/dra7-evm.dts
index 132f2be10889..56311fd34f81 100644
--- a/arch/arm/boot/dts/dra7-evm.dts
+++ b/arch/arm/boot/dts/dra7-evm.dts
@@ -398,6 +398,8 @@
tps659038: tps659038@58 {
compatible = "ti,tps659038";
reg = <0x58>;
+ ti,palmas-override-powerhold;
+ ti,system-power-controller;
tps659038_pmic {
compatible = "ti,tps659038-pmic";
diff --git a/arch/arm/boot/dts/omap3-n900.dts b/arch/arm/boot/dts/omap3-n900.dts
index 6003b29c0fc0..4d448f145ed1 100644
--- a/arch/arm/boot/dts/omap3-n900.dts
+++ b/arch/arm/boot/dts/omap3-n900.dts
@@ -510,7 +510,7 @@
tlv320aic3x: tlv320aic3x@18 {
compatible = "ti,tlv320aic3x";
reg = <0x18>;
- reset-gpios = <&gpio2 28 GPIO_ACTIVE_LOW>; /* 60 */
+ gpio-reset = <&gpio2 28 GPIO_ACTIVE_HIGH>; /* 60 */
ai3x-gpio-func = <
0 /* AIC3X_GPIO1_FUNC_DISABLED */
5 /* AIC3X_GPIO2_FUNC_DIGITAL_MIC_INPUT */
@@ -527,7 +527,7 @@
tlv320aic3x_aux: tlv320aic3x@19 {
compatible = "ti,tlv320aic3x";
reg = <0x19>;
- reset-gpios = <&gpio2 28 GPIO_ACTIVE_LOW>; /* 60 */
+ gpio-reset = <&gpio2 28 GPIO_ACTIVE_HIGH>; /* 60 */
AVDD-supply = <&vmmc2>;
DRVDD-supply = <&vmmc2>;
diff --git a/arch/arm/vfp/vfpmodule.c b/arch/arm/vfp/vfpmodule.c
index da0b33deba6d..5629d7580973 100644
--- a/arch/arm/vfp/vfpmodule.c
+++ b/arch/arm/vfp/vfpmodule.c
@@ -648,7 +648,7 @@ int vfp_restore_user_hwstate(struct user_vfp __user *ufp,
*/
static int vfp_dying_cpu(unsigned int cpu)
{
- vfp_force_reload(cpu, current_thread_info());
+ vfp_current_hw_state[cpu] = NULL;
return 0;
}
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 7769c2e27788..c8471cf46cbb 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -733,6 +733,18 @@ config FORCE_MAX_ZONEORDER
However for 4K, we choose a higher default value, 11 as opposed to 10, giving us
4M allocations matching the default size used by generic code.
+config UNMAP_KERNEL_AT_EL0
+ bool "Unmap kernel when running in userspace (aka \"KAISER\")" if EXPERT
+ default y
+ help
+ Speculation attacks against some high-performance processors can
+ be used to bypass MMU permission checks and leak kernel data to
+ userspace. This can be defended against by unmapping the kernel
+ when running in userspace, mapping it back in on exception entry
+ via a trampoline page in the vector table.
+
+ If unsure, say Y.
+
menuconfig ARMV8_DEPRECATED
bool "Emulate deprecated/obsolete ARMv8 instructions"
depends on COMPAT
diff --git a/arch/arm64/include/asm/assembler.h b/arch/arm64/include/asm/assembler.h
index 851290d2bfe3..7193bf97b8da 100644
--- a/arch/arm64/include/asm/assembler.h
+++ b/arch/arm64/include/asm/assembler.h
@@ -413,4 +413,7 @@ alternative_endif
movk \reg, :abs_g0_nc:\val
.endm
+ .macro pte_to_phys, phys, pte
+ and \phys, \pte, #(((1 << (48 - PAGE_SHIFT)) - 1) << PAGE_SHIFT)
+ .endm
#endif /* __ASM_ASSEMBLER_H */
diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h
index 87b446535185..7ddf233f05bd 100644
--- a/arch/arm64/include/asm/cpucaps.h
+++ b/arch/arm64/include/asm/cpucaps.h
@@ -34,7 +34,8 @@
#define ARM64_HAS_32BIT_EL0 13
#define ARM64_HYP_OFFSET_LOW 14
#define ARM64_MISMATCHED_CACHE_LINE_SIZE 15
+#define ARM64_UNMAP_KERNEL_AT_EL0 16
-#define ARM64_NCAPS 16
+#define ARM64_NCAPS 17
#endif /* __ASM_CPUCAPS_H */
diff --git a/arch/arm64/include/asm/cputype.h b/arch/arm64/include/asm/cputype.h
index 26a68ddb11c1..1d47930c30dc 100644
--- a/arch/arm64/include/asm/cputype.h
+++ b/arch/arm64/include/asm/cputype.h
@@ -81,6 +81,7 @@
#define CAVIUM_CPU_PART_THUNDERX 0x0A1
#define CAVIUM_CPU_PART_THUNDERX_81XX 0x0A2
+#define CAVIUM_CPU_PART_THUNDERX2 0x0AF
#define BRCM_CPU_PART_VULCAN 0x516
@@ -88,6 +89,8 @@
#define MIDR_CORTEX_A57 MIDR_CPU_MODEL(ARM_CPU_IMP_ARM, ARM_CPU_PART_CORTEX_A57)
#define MIDR_THUNDERX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX)
#define MIDR_THUNDERX_81XX MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX_81XX)
+#define MIDR_CAVIUM_THUNDERX2 MIDR_CPU_MODEL(ARM_CPU_IMP_CAVIUM, CAVIUM_CPU_PART_THUNDERX2)
+#define MIDR_BRCM_VULCAN MIDR_CPU_MODEL(ARM_CPU_IMP_BRCM, BRCM_CPU_PART_VULCAN)
#ifndef __ASSEMBLY__
diff --git a/arch/arm64/include/asm/fixmap.h b/arch/arm64/include/asm/fixmap.h
index caf86be815ba..d8e58051f32d 100644
--- a/arch/arm64/include/asm/fixmap.h
+++ b/arch/arm64/include/asm/fixmap.h
@@ -51,6 +51,12 @@ enum fixed_addresses {
FIX_EARLYCON_MEM_BASE,
FIX_TEXT_POKE0,
+
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ FIX_ENTRY_TRAMP_DATA,
+ FIX_ENTRY_TRAMP_TEXT,
+#define TRAMP_VALIAS (__fix_to_virt(FIX_ENTRY_TRAMP_TEXT))
+#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
__end_of_permanent_fixed_addresses,
/*
diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h
index 53211a0acf0f..5e3faba689e0 100644
--- a/arch/arm64/include/asm/memory.h
+++ b/arch/arm64/include/asm/memory.h
@@ -64,8 +64,10 @@
* TASK_UNMAPPED_BASE - the lower boundary of the mmap VM area.
*/
#define VA_BITS (CONFIG_ARM64_VA_BITS)
-#define VA_START (UL(0xffffffffffffffff) << VA_BITS)
-#define PAGE_OFFSET (UL(0xffffffffffffffff) << (VA_BITS - 1))
+#define VA_START (UL(0xffffffffffffffff) - \
+ (UL(1) << VA_BITS) + 1)
+#define PAGE_OFFSET (UL(0xffffffffffffffff) - \
+ (UL(1) << (VA_BITS - 1)) + 1)
#define KIMAGE_VADDR (MODULES_END)
#define MODULES_END (MODULES_VADDR + MODULES_VSIZE)
#define MODULES_VADDR (VA_START + KASAN_SHADOW_SIZE)
diff --git a/arch/arm64/include/asm/mmu.h b/arch/arm64/include/asm/mmu.h
index 8d9fce037b2f..a813edf28737 100644
--- a/arch/arm64/include/asm/mmu.h
+++ b/arch/arm64/include/asm/mmu.h
@@ -16,6 +16,10 @@
#ifndef __ASM_MMU_H
#define __ASM_MMU_H
+#define USER_ASID_FLAG (UL(1) << 48)
+
+#ifndef __ASSEMBLY__
+
typedef struct {
atomic64_t id;
void *vdso;
@@ -28,6 +32,12 @@ typedef struct {
*/
#define ASID(mm) ((mm)->context.id.counter & 0xffff)
+static inline bool arm64_kernel_unmapped_at_el0(void)
+{
+ return IS_ENABLED(CONFIG_UNMAP_KERNEL_AT_EL0) &&
+ cpus_have_cap(ARM64_UNMAP_KERNEL_AT_EL0);
+}
+
extern void paging_init(void);
extern void bootmem_init(void);
extern void __iomem *early_io_map(phys_addr_t phys, unsigned long virt);
@@ -37,4 +47,5 @@ extern void create_pgd_mapping(struct mm_struct *mm, phys_addr_t phys,
pgprot_t prot, bool allow_block_mappings);
extern void *fixmap_remap_fdt(phys_addr_t dt_phys);
+#endif /* !__ASSEMBLY__ */
#endif
diff --git a/arch/arm64/include/asm/mmu_context.h b/arch/arm64/include/asm/mmu_context.h
index a50185375f09..b96c4799f881 100644
--- a/arch/arm64/include/asm/mmu_context.h
+++ b/arch/arm64/include/asm/mmu_context.h
@@ -50,6 +50,13 @@ static inline void cpu_set_reserved_ttbr0(void)
isb();
}
+static inline void cpu_switch_mm(pgd_t *pgd, struct mm_struct *mm)
+{
+ BUG_ON(pgd == swapper_pg_dir);
+ cpu_set_reserved_ttbr0();
+ cpu_do_switch_mm(virt_to_phys(pgd),mm);
+}
+
/*
* TCR.T0SZ value to use when the ID map is active. Usually equals
* TCR_T0SZ(VA_BITS), unless system RAM is positioned very high in
diff --git a/arch/arm64/include/asm/pgtable-hwdef.h b/arch/arm64/include/asm/pgtable-hwdef.h
index eb0c2bd90de9..8df4cb6ac6f7 100644
--- a/arch/arm64/include/asm/pgtable-hwdef.h
+++ b/arch/arm64/include/asm/pgtable-hwdef.h
@@ -272,6 +272,7 @@
#define TCR_TG1_4K (UL(2) << TCR_TG1_SHIFT)
#define TCR_TG1_64K (UL(3) << TCR_TG1_SHIFT)
+#define TCR_A1 (UL(1) << 22)
#define TCR_ASID16 (UL(1) << 36)
#define TCR_TBI0 (UL(1) << 37)
#define TCR_HA (UL(1) << 39)
diff --git a/arch/arm64/include/asm/pgtable-prot.h b/arch/arm64/include/asm/pgtable-prot.h
index 2142c7726e76..f705d96a76f2 100644
--- a/arch/arm64/include/asm/pgtable-prot.h
+++ b/arch/arm64/include/asm/pgtable-prot.h
@@ -34,8 +34,14 @@
#include <asm/pgtable-types.h>
-#define PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
-#define PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
+#define _PROT_DEFAULT (PTE_TYPE_PAGE | PTE_AF | PTE_SHARED)
+#define _PROT_SECT_DEFAULT (PMD_TYPE_SECT | PMD_SECT_AF | PMD_SECT_S)
+
+#define PTE_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PTE_NG : 0)
+#define PMD_MAYBE_NG (arm64_kernel_unmapped_at_el0() ? PMD_SECT_NG : 0)
+
+#define PROT_DEFAULT (_PROT_DEFAULT | PTE_MAYBE_NG)
+#define PROT_SECT_DEFAULT (_PROT_SECT_DEFAULT | PMD_MAYBE_NG)
#define PROT_DEVICE_nGnRnE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRnE))
#define PROT_DEVICE_nGnRE (PROT_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_ATTRINDX(MT_DEVICE_nGnRE))
@@ -47,23 +53,24 @@
#define PROT_SECT_NORMAL (PROT_SECT_DEFAULT | PMD_SECT_PXN | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
#define PROT_SECT_NORMAL_EXEC (PROT_SECT_DEFAULT | PMD_SECT_UXN | PMD_ATTRINDX(MT_NORMAL))
-#define _PAGE_DEFAULT (PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
+#define _PAGE_DEFAULT (_PROT_DEFAULT | PTE_ATTRINDX(MT_NORMAL))
+#define _HYP_PAGE_DEFAULT _PAGE_DEFAULT
-#define PAGE_KERNEL __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_WRITE)
-#define PAGE_KERNEL_RO __pgprot(_PAGE_DEFAULT | PTE_PXN | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
-#define PAGE_KERNEL_ROX __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_RDONLY)
-#define PAGE_KERNEL_EXEC __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE)
-#define PAGE_KERNEL_EXEC_CONT __pgprot(_PAGE_DEFAULT | PTE_UXN | PTE_DIRTY | PTE_WRITE | PTE_CONT)
+#define PAGE_KERNEL __pgprot(PROT_NORMAL)
+#define PAGE_KERNEL_RO __pgprot((PROT_NORMAL & ~PTE_WRITE) | PTE_RDONLY)
+#define PAGE_KERNEL_ROX __pgprot((PROT_NORMAL & ~(PTE_WRITE | PTE_PXN)) | PTE_RDONLY)
+#define PAGE_KERNEL_EXEC __pgprot(PROT_NORMAL & ~PTE_PXN)
+#define PAGE_KERNEL_EXEC_CONT __pgprot((PROT_NORMAL & ~PTE_PXN) | PTE_CONT)
-#define PAGE_HYP __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
-#define PAGE_HYP_EXEC __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
-#define PAGE_HYP_RO __pgprot(_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
+#define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN)
+#define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY)
+#define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN)
#define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP)
-#define PAGE_S2 __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
-#define PAGE_S2_DEVICE __pgprot(PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
+#define PAGE_S2 __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_NORMAL) | PTE_S2_RDONLY)
+#define PAGE_S2_DEVICE __pgprot(_PROT_DEFAULT | PTE_S2_MEMATTR(MT_S2_DEVICE_nGnRE) | PTE_S2_RDONLY | PTE_UXN)
-#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_PXN | PTE_UXN)
+#define PAGE_NONE __pgprot(((_PAGE_DEFAULT) & ~PTE_VALID) | PTE_PROT_NONE | PTE_NG | PTE_PXN | PTE_UXN)
#define PAGE_SHARED __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN | PTE_WRITE)
#define PAGE_SHARED_EXEC __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_WRITE)
#define PAGE_COPY __pgprot(_PAGE_DEFAULT | PTE_USER | PTE_NG | PTE_PXN | PTE_UXN)
diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h
index 7acd3c5c7643..3a30a3994e4a 100644
--- a/arch/arm64/include/asm/pgtable.h
+++ b/arch/arm64/include/asm/pgtable.h
@@ -692,6 +692,7 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
extern pgd_t idmap_pg_dir[PTRS_PER_PGD];
+extern pgd_t tramp_pg_dir[PTRS_PER_PGD];
/*
* Encode and decode a swap entry:
diff --git a/arch/arm64/include/asm/proc-fns.h b/arch/arm64/include/asm/proc-fns.h
index 14ad6e4e87d1..16cef2e8449e 100644
--- a/arch/arm64/include/asm/proc-fns.h
+++ b/arch/arm64/include/asm/proc-fns.h
@@ -35,12 +35,6 @@ extern u64 cpu_do_resume(phys_addr_t ptr, u64 idmap_ttbr);
#include <asm/memory.h>
-#define cpu_switch_mm(pgd,mm) \
-do { \
- BUG_ON(pgd == swapper_pg_dir); \
- cpu_do_switch_mm(virt_to_phys(pgd),mm); \
-} while (0)
-
#endif /* __ASSEMBLY__ */
#endif /* __KERNEL__ */
#endif /* __ASM_PROCFNS_H */
diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h
index 7393cc767edb..7cb7f7cdcfbc 100644
--- a/arch/arm64/include/asm/sysreg.h
+++ b/arch/arm64/include/asm/sysreg.h
@@ -117,6 +117,7 @@
#define ID_AA64ISAR0_AES_SHIFT 4
/* id_aa64pfr0 */
+#define ID_AA64PFR0_CSV3_SHIFT 60
#define ID_AA64PFR0_GIC_SHIFT 24
#define ID_AA64PFR0_ASIMD_SHIFT 20
#define ID_AA64PFR0_FP_SHIFT 16
diff --git a/arch/arm64/include/asm/tlbflush.h b/arch/arm64/include/asm/tlbflush.h
index deab52374119..ad6bd8b26ada 100644
--- a/arch/arm64/include/asm/tlbflush.h
+++ b/arch/arm64/include/asm/tlbflush.h
@@ -23,6 +23,7 @@
#include <linux/sched.h>
#include <asm/cputype.h>
+#include <asm/mmu.h>
/*
* Raw TLBI operations.
@@ -42,6 +43,11 @@
#define __tlbi(op, ...) __TLBI_N(op, ##__VA_ARGS__, 1, 0)
+#define __tlbi_user(op, arg) do { \
+ if (arm64_kernel_unmapped_at_el0()) \
+ __tlbi(op, (arg) | USER_ASID_FLAG); \
+} while (0)
+
/*
* TLB Management
* ==============
@@ -103,6 +109,7 @@ static inline void flush_tlb_mm(struct mm_struct *mm)
dsb(ishst);
__tlbi(aside1is, asid);
+ __tlbi_user(aside1is, asid);
dsb(ish);
}
@@ -113,6 +120,7 @@ static inline void flush_tlb_page(struct vm_area_struct *vma,
dsb(ishst);
__tlbi(vale1is, addr);
+ __tlbi_user(vale1is, addr);
dsb(ish);
}
@@ -139,10 +147,13 @@ static inline void __flush_tlb_range(struct vm_area_struct *vma,
dsb(ishst);
for (addr = start; addr < end; addr += 1 << (PAGE_SHIFT - 12)) {
- if (last_level)
+ if (last_level) {
__tlbi(vale1is, addr);
- else
+ __tlbi_user(vale1is, addr);
+ } else {
__tlbi(vae1is, addr);
+ __tlbi_user(vae1is, addr);
+ }
}
dsb(ish);
}
@@ -182,6 +193,7 @@ static inline void __flush_tlb_pgtable(struct mm_struct *mm,
unsigned long addr = uaddr >> 12 | (ASID(mm) << 48);
__tlbi(vae1is, addr);
+ __tlbi_user(vae1is, addr);
dsb(ish);
}
diff --git a/arch/arm64/kernel/asm-offsets.c b/arch/arm64/kernel/asm-offsets.c
index c58ddf8c4062..5f4bf3c6f016 100644
--- a/arch/arm64/kernel/asm-offsets.c
+++ b/arch/arm64/kernel/asm-offsets.c
@@ -24,6 +24,7 @@
#include <linux/kvm_host.h>
#include <linux/suspend.h>
#include <asm/cpufeature.h>
+#include <asm/fixmap.h>
#include <asm/thread_info.h>
#include <asm/memory.h>
#include <asm/smp_plat.h>
@@ -144,11 +145,14 @@ int main(void)
DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2));
DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id));
DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
-
BLANK();
DEFINE(HIBERN_PBE_ORIG, offsetof(struct pbe, orig_address));
DEFINE(HIBERN_PBE_ADDR, offsetof(struct pbe, address));
DEFINE(HIBERN_PBE_NEXT, offsetof(struct pbe, next));
DEFINE(ARM64_FTR_SYSVAL, offsetof(struct arm64_ftr_reg, sys_val));
+ BLANK();
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ DEFINE(TRAMP_VALIAS, TRAMP_VALIAS);
+#endif
return 0;
}
diff --git a/arch/arm64/kernel/cpu-reset.S b/arch/arm64/kernel/cpu-reset.S
index 65f42d257414..f736a6f81ecd 100644
--- a/arch/arm64/kernel/cpu-reset.S
+++ b/arch/arm64/kernel/cpu-reset.S
@@ -16,7 +16,7 @@
#include <asm/virt.h>
.text
-.pushsection .idmap.text, "ax"
+.pushsection .idmap.text, "awx"
/*
* __cpu_soft_restart(el2_switch, entry, arg0, arg1, arg2) - Helper for
diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
index 3a129d48674e..5056fc597ae9 100644
--- a/arch/arm64/kernel/cpufeature.c
+++ b/arch/arm64/kernel/cpufeature.c
@@ -93,7 +93,8 @@ static const struct arm64_ftr_bits ftr_id_aa64isar0[] = {
};
static const struct arm64_ftr_bits ftr_id_aa64pfr0[] = {
- ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 32, 0),
+ ARM64_FTR_BITS(FTR_NONSTRICT, FTR_LOWER_SAFE, ID_AA64PFR0_CSV3_SHIFT, 4, 0),
+ ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 32, 28, 0),
ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, 28, 4, 0),
ARM64_FTR_BITS(FTR_STRICT, FTR_EXACT, ID_AA64PFR0_GIC_SHIFT, 4, 0),
S_ARM64_FTR_BITS(FTR_STRICT, FTR_LOWER_SAFE, ID_AA64PFR0_ASIMD_SHIFT, 4, ID_AA64PFR0_ASIMD_NI),
@@ -746,6 +747,86 @@ static bool hyp_offset_low(const struct arm64_cpu_capabilities *entry,
return idmap_addr > GENMASK(VA_BITS - 2, 0) && !is_kernel_in_hyp_mode();
}
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+static int __kpti_forced; /* 0: not forced, >0: forced on, <0: forced off */
+
+static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
+ int __unused)
+{
+ char const *str = "command line option";
+ u64 pfr0 = read_system_reg(SYS_ID_AA64PFR0_EL1);
+
+ /*
+ * For reasons that aren't entirely clear, enabling KPTI on Cavium
+ * ThunderX leads to apparent I-cache corruption of kernel text, which
+ * ends as well as you might imagine. Don't even try.
+ */
+ if (cpus_have_cap(ARM64_WORKAROUND_CAVIUM_27456)) {
+ str = "ARM64_WORKAROUND_CAVIUM_27456";
+ __kpti_forced = -1;
+ }
+
+ /* Forced? */
+ if (__kpti_forced) {
+ pr_info_once("kernel page table isolation forced %s by %s\n",
+ __kpti_forced > 0 ? "ON" : "OFF", str);
+ return __kpti_forced > 0;
+ }
+
+ /* Useful for KASLR robustness */
+ if (IS_ENABLED(CONFIG_RANDOMIZE_BASE))
+ return true;
+
+ /* Don't force KPTI for CPUs that are not vulnerable */
+ switch (read_cpuid_id() & MIDR_CPU_MODEL_MASK) {
+ case MIDR_CAVIUM_THUNDERX2:
+ case MIDR_BRCM_VULCAN:
+ return false;
+ }
+
+ /* Defer to CPU feature registers */
+ return !cpuid_feature_extract_unsigned_field(pfr0,
+ ID_AA64PFR0_CSV3_SHIFT);
+}
+
+static int kpti_install_ng_mappings(void *__unused)
+{
+ typedef void (kpti_remap_fn)(int, int, phys_addr_t);
+ extern kpti_remap_fn idmap_kpti_install_ng_mappings;
+ kpti_remap_fn *remap_fn;
+
+ static bool kpti_applied = false;
+ int cpu = smp_processor_id();
+
+ if (kpti_applied)
+ return 0;
+
+ remap_fn = (void *)__pa_symbol(idmap_kpti_install_ng_mappings);
+
+ cpu_install_idmap();
+ remap_fn(cpu, num_online_cpus(), __pa_symbol(swapper_pg_dir));
+ cpu_uninstall_idmap();
+
+ if (!cpu)
+ kpti_applied = true;
+
+ return 0;
+}
+
+static int __init parse_kpti(char *str)
+{
+ bool enabled;
+ int ret = strtobool(str, &enabled);
+
+ if (ret)
+ return ret;
+
+ __kpti_forced = enabled ? 1 : -1;
+ return 0;
+}
+__setup("kpti=", parse_kpti);
+#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
+
static const struct arm64_cpu_capabilities arm64_features[] = {
{
.desc = "GIC system register CPU interface",
@@ -829,6 +910,15 @@ static const struct arm64_cpu_capabilities arm64_features[] = {
.def_scope = SCOPE_SYSTEM,
.matches = hyp_offset_low,
},
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ {
+ .desc = "Kernel page table isolation (KPTI)",
+ .capability = ARM64_UNMAP_KERNEL_AT_EL0,
+ .def_scope = SCOPE_SYSTEM,
+ .matches = unmap_kernel_at_el0,
+ .enable = kpti_install_ng_mappings,
+ },
+#endif
{},
};
@@ -922,6 +1012,26 @@ static void __init setup_elf_hwcaps(const struct arm64_cpu_capabilities *hwcaps)
cap_set_elf_hwcap(hwcaps);
}
+/*
+ * Check if the current CPU has a given feature capability.
+ * Should be called from non-preemptible context.
+ */
+static bool __this_cpu_has_cap(const struct arm64_cpu_capabilities *cap_array,
+ unsigned int cap)
+{
+ const struct arm64_cpu_capabilities *caps;
+
+ if (WARN_ON(preemptible()))
+ return false;
+
+ for (caps = cap_array; caps->desc; caps++)
+ if (caps->capability == cap &&
+ caps->matches &&
+ caps->matches(caps, SCOPE_LOCAL_CPU))
+ return true;
+ return false;
+}
+
void update_cpu_capabilities(const struct arm64_cpu_capabilities *caps,
const char *info)
{
@@ -990,8 +1100,9 @@ verify_local_elf_hwcaps(const struct arm64_cpu_capabilities *caps)
}
static void
-verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
+verify_local_cpu_features(const struct arm64_cpu_capabilities *caps_list)
{
+ const struct arm64_cpu_capabilities *caps = caps_list;
for (; caps->matches; caps++) {
if (!cpus_have_cap(caps->capability))
continue;
@@ -999,7 +1110,7 @@ verify_local_cpu_features(const struct arm64_cpu_capabilities *caps)
* If the new CPU misses an advertised feature, we cannot proceed
* further, park the cpu.
*/
- if (!caps->matches(caps, SCOPE_LOCAL_CPU)) {
+ if (!__this_cpu_has_cap(caps_list, caps->capability)) {
pr_crit("CPU%d: missing feature: %s\n",
smp_processor_id(), caps->desc);
cpu_die_early();
@@ -1052,22 +1163,12 @@ static void __init setup_feature_capabilities(void)
enable_cpu_capabilities(arm64_features);
}
-/*
- * Check if the current CPU has a given feature capability.
- * Should be called from non-preemptible context.
- */
+extern const struct arm64_cpu_capabilities arm64_errata[];
+
bool this_cpu_has_cap(unsigned int cap)
{
- const struct arm64_cpu_capabilities *caps;
-
- if (WARN_ON(preemptible()))
- return false;
-
- for (caps = arm64_features; caps->desc; caps++)
- if (caps->capability == cap && caps->matches)
- return caps->matches(caps, SCOPE_LOCAL_CPU);
-
- return false;
+ return (__this_cpu_has_cap(arm64_features, cap) ||
+ __this_cpu_has_cap(arm64_errata, cap));
}
void __init setup_cpu_features(void)
diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S
index b4c7db434654..8d1600b18562 100644
--- a/arch/arm64/kernel/entry.S
+++ b/arch/arm64/kernel/entry.S
@@ -29,9 +29,11 @@
#include <asm/esr.h>
#include <asm/irq.h>
#include <asm/memory.h>
+#include <asm/mmu.h>
#include <asm/thread_info.h>
#include <asm/asm-uaccess.h>
#include <asm/unistd.h>
+#include <asm/kernel-pgtable.h>
/*
* Context tracking subsystem. Used to instrument transitions
@@ -68,8 +70,31 @@
#define BAD_FIQ 2
#define BAD_ERROR 3
- .macro kernel_entry, el, regsize = 64
+ .macro kernel_ventry, el, label, regsize = 64
+ .align 7
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+alternative_if ARM64_UNMAP_KERNEL_AT_EL0
+ .if \el == 0
+ .if \regsize == 64
+ mrs x30, tpidrro_el0
+ msr tpidrro_el0, xzr
+ .else
+ mov x30, xzr
+ .endif
+ .endif
+alternative_else_nop_endif
+#endif
+
sub sp, sp, #S_FRAME_SIZE
+ b el\()\el\()_\label
+ .endm
+
+ .macro tramp_alias, dst, sym
+ mov_q \dst, TRAMP_VALIAS
+ add \dst, \dst, #(\sym - .entry.tramp.text)
+ .endm
+
+ .macro kernel_entry, el, regsize = 64
.if \regsize == 32
mov w0, w0 // zero upper 32 bits of x0
.endif
@@ -150,18 +175,20 @@
ct_user_enter
ldr x23, [sp, #S_SP] // load return stack pointer
msr sp_el0, x23
+ tst x22, #PSR_MODE32_BIT // native task?
+ b.eq 3f
+
#ifdef CONFIG_ARM64_ERRATUM_845719
alternative_if ARM64_WORKAROUND_845719
- tbz x22, #4, 1f
#ifdef CONFIG_PID_IN_CONTEXTIDR
mrs x29, contextidr_el1
msr contextidr_el1, x29
#else
msr contextidr_el1, xzr
#endif
-1:
alternative_else_nop_endif
#endif
+3:
.endif
msr elr_el1, x21 // set up the return data
msr spsr_el1, x22
@@ -182,7 +209,21 @@ alternative_else_nop_endif
ldp x28, x29, [sp, #16 * 14]
ldr lr, [sp, #S_LR]
add sp, sp, #S_FRAME_SIZE // restore sp
- eret // return to kernel
+
+ .if \el == 0
+alternative_insn eret, nop, ARM64_UNMAP_KERNEL_AT_EL0
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ bne 4f
+ msr far_el1, x30
+ tramp_alias x30, tramp_exit_native
+ br x30
+4:
+ tramp_alias x30, tramp_exit_compat
+ br x30
+#endif
+ .else
+ eret
+ .endif
.endm
.macro get_thread_info, rd
@@ -257,31 +298,31 @@ tsk .req x28 // current thread_info
.align 11
ENTRY(vectors)
- ventry el1_sync_invalid // Synchronous EL1t
- ventry el1_irq_invalid // IRQ EL1t
- ventry el1_fiq_invalid // FIQ EL1t
- ventry el1_error_invalid // Error EL1t
+ kernel_ventry 1, sync_invalid // Synchronous EL1t
+ kernel_ventry 1, irq_invalid // IRQ EL1t
+ kernel_ventry 1, fiq_invalid // FIQ EL1t
+ kernel_ventry 1, error_invalid // Error EL1t
- ventry el1_sync // Synchronous EL1h
- ventry el1_irq // IRQ EL1h
- ventry el1_fiq_invalid // FIQ EL1h
- ventry el1_error_invalid // Error EL1h
+ kernel_ventry 1, sync // Synchronous EL1h
+ kernel_ventry 1, irq // IRQ EL1h
+ kernel_ventry 1, fiq_invalid // FIQ EL1h
+ kernel_ventry 1, error_invalid // Error EL1h
- ventry el0_sync // Synchronous 64-bit EL0
- ventry el0_irq // IRQ 64-bit EL0
- ventry el0_fiq_invalid // FIQ 64-bit EL0
- ventry el0_error_invalid // Error 64-bit EL0
+ kernel_ventry 0, sync // Synchronous 64-bit EL0
+ kernel_ventry 0, irq // IRQ 64-bit EL0
+ kernel_ventry 0, fiq_invalid // FIQ 64-bit EL0
+ kernel_ventry 0, error_invalid // Error 64-bit EL0
#ifdef CONFIG_COMPAT
- ventry el0_sync_compat // Synchronous 32-bit EL0
- ventry el0_irq_compat // IRQ 32-bit EL0
- ventry el0_fiq_invalid_compat // FIQ 32-bit EL0
- ventry el0_error_invalid_compat // Error 32-bit EL0
+ kernel_ventry 0, sync_compat, 32 // Synchronous 32-bit EL0
+ kernel_ventry 0, irq_compat, 32 // IRQ 32-bit EL0
+ kernel_ventry 0, fiq_invalid_compat, 32 // FIQ 32-bit EL0
+ kernel_ventry 0, error_invalid_compat, 32 // Error 32-bit EL0
#else
- ventry el0_sync_invalid // Synchronous 32-bit EL0
- ventry el0_irq_invalid // IRQ 32-bit EL0
- ventry el0_fiq_invalid // FIQ 32-bit EL0
- ventry el0_error_invalid // Error 32-bit EL0
+ kernel_ventry 0, sync_invalid, 32 // Synchronous 32-bit EL0
+ kernel_ventry 0, irq_invalid, 32 // IRQ 32-bit EL0
+ kernel_ventry 0, fiq_invalid, 32 // FIQ 32-bit EL0
+ kernel_ventry 0, error_invalid, 32 // Error 32-bit EL0
#endif
END(vectors)
@@ -801,6 +842,105 @@ __ni_sys_trace:
.popsection // .entry.text
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+/*
+ * Exception vectors trampoline.
+ */
+ .pushsection ".entry.tramp.text", "ax"
+
+ .macro tramp_map_kernel, tmp
+ mrs \tmp, ttbr1_el1
+ sub \tmp, \tmp, #SWAPPER_DIR_SIZE
+ bic \tmp, \tmp, #USER_ASID_FLAG
+ msr ttbr1_el1, \tmp
+ .endm
+
+ .macro tramp_unmap_kernel, tmp
+ mrs \tmp, ttbr1_el1
+ add \tmp, \tmp, #SWAPPER_DIR_SIZE
+ orr \tmp, \tmp, #USER_ASID_FLAG
+ msr ttbr1_el1, \tmp
+ /*
+ * We avoid running the post_ttbr_update_workaround here because
+ * it's only needed by Cavium ThunderX, which requires KPTI to be
+ * disabled.
+ */
+ .endm
+
+ .macro tramp_ventry, regsize = 64
+ .align 7
+1:
+ .if \regsize == 64
+ msr tpidrro_el0, x30 // Restored in kernel_ventry
+ .endif
+ /*
+ * Defend against branch aliasing attacks by pushing a dummy
+ * entry onto the return stack and using a RET instruction to
+ * enter the full-fat kernel vectors.
+ */
+ bl 2f
+ b .
+2:
+ tramp_map_kernel x30
+#ifdef CONFIG_RANDOMIZE_BASE
+ adr x30, tramp_vectors + PAGE_SIZE
+ isb
+ ldr x30, [x30]
+#else
+ ldr x30, =vectors
+#endif
+ prfm plil1strm, [x30, #(1b - tramp_vectors)]
+ msr vbar_el1, x30
+ add x30, x30, #(1b - tramp_vectors)
+ isb
+ ret
+ .endm
+
+ .macro tramp_exit, regsize = 64
+ adr x30, tramp_vectors
+ msr vbar_el1, x30
+ tramp_unmap_kernel x30
+ .if \regsize == 64
+ mrs x30, far_el1
+ .endif
+ eret
+ .endm
+
+ .align 11
+ENTRY(tramp_vectors)
+ .space 0x400
+
+ tramp_ventry
+ tramp_ventry
+ tramp_ventry
+ tramp_ventry
+
+ tramp_ventry 32
+ tramp_ventry 32
+ tramp_ventry 32
+ tramp_ventry 32
+END(tramp_vectors)
+
+ENTRY(tramp_exit_native)
+ tramp_exit
+END(tramp_exit_native)
+
+ENTRY(tramp_exit_compat)
+ tramp_exit 32
+END(tramp_exit_compat)
+
+ .ltorg
+ .popsection // .entry.tramp.text
+#ifdef CONFIG_RANDOMIZE_BASE
+ .pushsection ".rodata", "a"
+ .align PAGE_SHIFT
+ .globl __entry_tramp_data_start
+__entry_tramp_data_start:
+ .quad vectors
+ .popsection // .rodata
+#endif /* CONFIG_RANDOMIZE_BASE */
+#endif /* CONFIG_UNMAP_KERNEL_AT_EL0 */
+
/*
* Special system call wrappers.
*/
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index 539bebc1222f..fa52817d84c5 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -473,7 +473,7 @@ ENDPROC(__primary_switched)
* end early head section, begin head code that is also used for
* hotplug and needs to have the same protections as the text region
*/
- .section ".idmap.text","ax"
+ .section ".idmap.text","awx"
ENTRY(kimage_vaddr)
.quad _text - TEXT_OFFSET
diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
index 0e7394915c70..0972ce58316d 100644
--- a/arch/arm64/kernel/process.c
+++ b/arch/arm64/kernel/process.c
@@ -306,17 +306,17 @@ int copy_thread(unsigned long clone_flags, unsigned long stack_start,
static void tls_thread_switch(struct task_struct *next)
{
- unsigned long tpidr, tpidrro;
+ unsigned long tpidr;
tpidr = read_sysreg(tpidr_el0);
*task_user_tls(current) = tpidr;
- tpidr = *task_user_tls(next);
- tpidrro = is_compat_thread(task_thread_info(next)) ?
- next->thread.tp_value : 0;
+ if (is_compat_thread(task_thread_info(next)))
+ write_sysreg(next->thread.tp_value, tpidrro_el0);
+ else if (!arm64_kernel_unmapped_at_el0())
+ write_sysreg(0, tpidrro_el0);
- write_sysreg(tpidr, tpidr_el0);
- write_sysreg(tpidrro, tpidrro_el0);
+ write_sysreg(*task_user_tls(next), tpidr_el0);
}
/* Restore the UAO state depending on next's addr_limit */
diff --git a/arch/arm64/kernel/sleep.S b/arch/arm64/kernel/sleep.S
index 1bec41b5fda3..0030d6964e65 100644
--- a/arch/arm64/kernel/sleep.S
+++ b/arch/arm64/kernel/sleep.S
@@ -95,7 +95,7 @@ ENTRY(__cpu_suspend_enter)
ret
ENDPROC(__cpu_suspend_enter)
- .pushsection ".idmap.text", "ax"
+ .pushsection ".idmap.text", "awx"
ENTRY(cpu_resume)
bl el2_setup // if in EL2 drop to EL1 cleanly
bl __cpu_setup
diff --git a/arch/arm64/kernel/vmlinux.lds.S b/arch/arm64/kernel/vmlinux.lds.S
index 1105aab1e6d6..6a584558b29d 100644
--- a/arch/arm64/kernel/vmlinux.lds.S
+++ b/arch/arm64/kernel/vmlinux.lds.S
@@ -56,6 +56,17 @@ jiffies = jiffies_64;
#define HIBERNATE_TEXT
#endif
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+#define TRAMP_TEXT \
+ . = ALIGN(PAGE_SIZE); \
+ VMLINUX_SYMBOL(__entry_tramp_text_start) = .; \
+ *(.entry.tramp.text) \
+ . = ALIGN(PAGE_SIZE); \
+ VMLINUX_SYMBOL(__entry_tramp_text_end) = .;
+#else
+#define TRAMP_TEXT
+#endif
+
/*
* The size of the PE/COFF section that covers the kernel image, which
* runs from stext to _edata, must be a round multiple of the PE/COFF
@@ -128,6 +139,7 @@ SECTIONS
HYPERVISOR_TEXT
IDMAP_TEXT
HIBERNATE_TEXT
+ TRAMP_TEXT
*(.fixup)
*(.gnu.warning)
. = ALIGN(16);
@@ -216,6 +228,11 @@ SECTIONS
swapper_pg_dir = .;
. += SWAPPER_DIR_SIZE;
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ tramp_pg_dir = .;
+ . += PAGE_SIZE;
+#endif
+
_end = .;
STABS_DEBUG
@@ -235,7 +252,10 @@ ASSERT(__idmap_text_end - (__idmap_text_start & ~(SZ_4K - 1)) <= SZ_4K,
ASSERT(__hibernate_exit_text_end - (__hibernate_exit_text_start & ~(SZ_4K - 1))
<= SZ_4K, "Hibernate exit text too big or misaligned")
#endif
-
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ASSERT((__entry_tramp_text_end - __entry_tramp_text_start) == PAGE_SIZE,
+ "Entry trampoline text too big")
+#endif
/*
* If padding is applied before .head.text, virt<->phys conversions will fail.
*/
diff --git a/arch/arm64/mm/context.c b/arch/arm64/mm/context.c
index efcf1f7ef1e4..f00f5eeb556f 100644
--- a/arch/arm64/mm/context.c
+++ b/arch/arm64/mm/context.c
@@ -39,7 +39,16 @@ static cpumask_t tlb_flush_pending;
#define ASID_MASK (~GENMASK(asid_bits - 1, 0))
#define ASID_FIRST_VERSION (1UL << asid_bits)
-#define NUM_USER_ASIDS ASID_FIRST_VERSION
+
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+#define NUM_USER_ASIDS (ASID_FIRST_VERSION >> 1)
+#define asid2idx(asid) (((asid) & ~ASID_MASK) >> 1)
+#define idx2asid(idx) (((idx) << 1) & ~ASID_MASK)
+#else
+#define NUM_USER_ASIDS (ASID_FIRST_VERSION)
+#define asid2idx(asid) ((asid) & ~ASID_MASK)
+#define idx2asid(idx) asid2idx(idx)
+#endif
/* Get the ASIDBits supported by the current CPU */
static u32 get_cpu_asid_bits(void)
@@ -104,7 +113,7 @@ static void flush_context(unsigned int cpu)
*/
if (asid == 0)
asid = per_cpu(reserved_asids, i);
- __set_bit(asid & ~ASID_MASK, asid_map);
+ __set_bit(asid2idx(asid), asid_map);
per_cpu(reserved_asids, i) = asid;
}
@@ -159,16 +168,16 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
* We had a valid ASID in a previous life, so try to re-use
* it if possible.
*/
- asid &= ~ASID_MASK;
- if (!__test_and_set_bit(asid, asid_map))
+ if (!__test_and_set_bit(asid2idx(asid), asid_map))
return newasid;
}
/*
* Allocate a free ASID. If we can't find one, take a note of the
- * currently active ASIDs and mark the TLBs as requiring flushes.
- * We always count from ASID #1, as we use ASID #0 when setting a
- * reserved TTBR0 for the init_mm.
+ * currently active ASIDs and mark the TLBs as requiring flushes. We
+ * always count from ASID #2 (index 1), as we use ASID #0 when setting
+ * a reserved TTBR0 for the init_mm and we allocate ASIDs in even/odd
+ * pairs.
*/
asid = find_next_zero_bit(asid_map, NUM_USER_ASIDS, cur_idx);
if (asid != NUM_USER_ASIDS)
@@ -185,7 +194,7 @@ static u64 new_context(struct mm_struct *mm, unsigned int cpu)
set_asid:
__set_bit(asid, asid_map);
cur_idx = asid;
- return asid | generation;
+ return idx2asid(asid) | generation;
}
void check_and_switch_context(struct mm_struct *mm, unsigned int cpu)
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 638f7f2bd79c..4cd4862845cd 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -419,6 +419,37 @@ static void __init map_kernel_segment(pgd_t *pgd, void *va_start, void *va_end,
vm_area_add_early(vma);
}
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+static int __init map_entry_trampoline(void)
+{
+ extern char __entry_tramp_text_start[];
+
+ pgprot_t prot = rodata_enabled ? PAGE_KERNEL_ROX : PAGE_KERNEL_EXEC;
+ phys_addr_t pa_start = __pa_symbol(__entry_tramp_text_start);
+
+ /* The trampoline is always mapped and can therefore be global */
+ pgprot_val(prot) &= ~PTE_NG;
+
+ /* Map only the text into the trampoline page table */
+ memset(tramp_pg_dir, 0, PGD_SIZE);
+ __create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS, PAGE_SIZE,
+ prot, pgd_pgtable_alloc, 0);
+
+ /* Map both the text and data into the kernel page table */
+ __set_fixmap(FIX_ENTRY_TRAMP_TEXT, pa_start, prot);
+ if (IS_ENABLED(CONFIG_RANDOMIZE_BASE)) {
+ extern char __entry_tramp_data_start[];
+
+ __set_fixmap(FIX_ENTRY_TRAMP_DATA,
+ __pa_symbol(__entry_tramp_data_start),
+ PAGE_KERNEL_RO);
+ }
+
+ return 0;
+}
+core_initcall(map_entry_trampoline);
+#endif
+
/*
* Create fine-grained mappings for the kernel.
*/
diff --git a/arch/arm64/mm/proc.S b/arch/arm64/mm/proc.S
index 352c73b6a59e..c07d9cc057e6 100644
--- a/arch/arm64/mm/proc.S
+++ b/arch/arm64/mm/proc.S
@@ -83,7 +83,7 @@ ENDPROC(cpu_do_suspend)
*
* x0: Address of context pointer
*/
- .pushsection ".idmap.text", "ax"
+ .pushsection ".idmap.text", "awx"
ENTRY(cpu_do_resume)
ldp x2, x3, [x0]
ldp x4, x5, [x0, #16]
@@ -132,9 +132,12 @@ ENDPROC(cpu_do_resume)
* - pgd_phys - physical address of new TTB
*/
ENTRY(cpu_do_switch_mm)
+ mrs x2, ttbr1_el1
mmid x1, x1 // get mm->context.id
- bfi x0, x1, #48, #16 // set the ASID
- msr ttbr0_el1, x0 // set TTBR0
+ bfi x2, x1, #48, #16 // set the ASID
+ msr ttbr1_el1, x2 // in TTBR1 (since TCR.A1 is set)
+ isb
+ msr ttbr0_el1, x0 // now update TTBR0
isb
alternative_if ARM64_WORKAROUND_CAVIUM_27456
ic iallu
@@ -144,7 +147,17 @@ alternative_else_nop_endif
ret
ENDPROC(cpu_do_switch_mm)
- .pushsection ".idmap.text", "ax"
+ .pushsection ".idmap.text", "awx"
+
+.macro __idmap_cpu_set_reserved_ttbr1, tmp1, tmp2
+ adrp \tmp1, empty_zero_page
+ msr ttbr1_el1, \tmp1
+ isb
+ tlbi vmalle1
+ dsb nsh
+ isb
+.endm
+
/*
* void idmap_cpu_replace_ttbr1(phys_addr_t new_pgd)
*
@@ -155,13 +168,7 @@ ENTRY(idmap_cpu_replace_ttbr1)
mrs x2, daif
msr daifset, #0xf
- adrp x1, empty_zero_page
- msr ttbr1_el1, x1
- isb
-
- tlbi vmalle1
- dsb nsh
- isb
+ __idmap_cpu_set_reserved_ttbr1 x1, x3
msr ttbr1_el1, x0
isb
@@ -172,13 +179,196 @@ ENTRY(idmap_cpu_replace_ttbr1)
ENDPROC(idmap_cpu_replace_ttbr1)
.popsection
+#ifdef CONFIG_UNMAP_KERNEL_AT_EL0
+ .pushsection ".idmap.text", "awx"
+
+ .macro __idmap_kpti_get_pgtable_ent, type
+ dc cvac, cur_\()\type\()p // Ensure any existing dirty
+ dmb sy // lines are written back before
+ ldr \type, [cur_\()\type\()p] // loading the entry
+ tbz \type, #0, next_\()\type // Skip invalid entries
+ .endm
+
+ .macro __idmap_kpti_put_pgtable_ent_ng, type
+ orr \type, \type, #PTE_NG // Same bit for blocks and pages
+ str \type, [cur_\()\type\()p] // Update the entry and ensure it
+ dc civac, cur_\()\type\()p // is visible to all CPUs.
+ .endm
+
+/*
+ * void __kpti_install_ng_mappings(int cpu, int num_cpus, phys_addr_t swapper)
+ *
+ * Called exactly once from stop_machine context by each CPU found during boot.
+ */
+__idmap_kpti_flag:
+ .long 1
+ENTRY(idmap_kpti_install_ng_mappings)
+ cpu .req w0
+ num_cpus .req w1
+ swapper_pa .req x2
+ swapper_ttb .req x3
+ flag_ptr .req x4
+ cur_pgdp .req x5
+ end_pgdp .req x6
+ pgd .req x7
+ cur_pudp .req x8
+ end_pudp .req x9
+ pud .req x10
+ cur_pmdp .req x11
+ end_pmdp .req x12
+ pmd .req x13
+ cur_ptep .req x14
+ end_ptep .req x15
+ pte .req x16
+
+ mrs swapper_ttb, ttbr1_el1
+ adr flag_ptr, __idmap_kpti_flag
+
+ cbnz cpu, __idmap_kpti_secondary
+
+ /* We're the boot CPU. Wait for the others to catch up */
+ sevl
+1: wfe
+ ldaxr w18, [flag_ptr]
+ eor w18, w18, num_cpus
+ cbnz w18, 1b
+
+ /* We need to walk swapper, so turn off the MMU. */
+ mrs x18, sctlr_el1
+ bic x18, x18, #SCTLR_ELx_M
+ msr sctlr_el1, x18
+ isb
+
+ /* Everybody is enjoying the idmap, so we can rewrite swapper. */
+ /* PGD */
+ mov cur_pgdp, swapper_pa
+ add end_pgdp, cur_pgdp, #(PTRS_PER_PGD * 8)
+do_pgd: __idmap_kpti_get_pgtable_ent pgd
+ tbnz pgd, #1, walk_puds
+ __idmap_kpti_put_pgtable_ent_ng pgd
+next_pgd:
+ add cur_pgdp, cur_pgdp, #8
+ cmp cur_pgdp, end_pgdp
+ b.ne do_pgd
+
+ /* Publish the updated tables and nuke all the TLBs */
+ dsb sy
+ tlbi vmalle1is
+ dsb ish
+ isb
+
+ /* We're done: fire up the MMU again */
+ mrs x18, sctlr_el1
+ orr x18, x18, #SCTLR_ELx_M
+ msr sctlr_el1, x18
+ isb
+
+ /* Set the flag to zero to indicate that we're all done */
+ str wzr, [flag_ptr]
+ ret
+
+ /* PUD */
+walk_puds:
+ .if CONFIG_PGTABLE_LEVELS > 3
+ pte_to_phys cur_pudp, pgd
+ add end_pudp, cur_pudp, #(PTRS_PER_PUD * 8)
+do_pud: __idmap_kpti_get_pgtable_ent pud
+ tbnz pud, #1, walk_pmds
+ __idmap_kpti_put_pgtable_ent_ng pud
+next_pud:
+ add cur_pudp, cur_pudp, 8
+ cmp cur_pudp, end_pudp
+ b.ne do_pud
+ b next_pgd
+ .else /* CONFIG_PGTABLE_LEVELS <= 3 */
+ mov pud, pgd
+ b walk_pmds
+next_pud:
+ b next_pgd
+ .endif
+
+ /* PMD */
+walk_pmds:
+ .if CONFIG_PGTABLE_LEVELS > 2
+ pte_to_phys cur_pmdp, pud
+ add end_pmdp, cur_pmdp, #(PTRS_PER_PMD * 8)
+do_pmd: __idmap_kpti_get_pgtable_ent pmd
+ tbnz pmd, #1, walk_ptes
+ __idmap_kpti_put_pgtable_ent_ng pmd
+next_pmd:
+ add cur_pmdp, cur_pmdp, #8
+ cmp cur_pmdp, end_pmdp
+ b.ne do_pmd
+ b next_pud
+ .else /* CONFIG_PGTABLE_LEVELS <= 2 */
+ mov pmd, pud
+ b walk_ptes
+next_pmd:
+ b next_pud
+ .endif
+
+ /* PTE */
+walk_ptes:
+ pte_to_phys cur_ptep, pmd
+ add end_ptep, cur_ptep, #(PTRS_PER_PTE * 8)
+do_pte: __idmap_kpti_get_pgtable_ent pte
+ __idmap_kpti_put_pgtable_ent_ng pte
+next_pte:
+ add cur_ptep, cur_ptep, #8
+ cmp cur_ptep, end_ptep
+ b.ne do_pte
+ b next_pmd
+
+ /* Secondary CPUs end up here */
+__idmap_kpti_secondary:
+ /* Uninstall swapper before surgery begins */
+ __idmap_cpu_set_reserved_ttbr1 x18, x17
+
+ /* Increment the flag to let the boot CPU we're ready */
+1: ldxr w18, [flag_ptr]
+ add w18, w18, #1
+ stxr w17, w18, [flag_ptr]
+ cbnz w17, 1b
+
+ /* Wait for the boot CPU to finish messing around with swapper */
+ sevl
+1: wfe
+ ldxr w18, [flag_ptr]
+ cbnz w18, 1b
+
+ /* All done, act like nothing happened */
+ msr ttbr1_el1, swapper_ttb
+ isb
+ ret
+
+ .unreq cpu
+ .unreq num_cpus
+ .unreq swapper_pa
+ .unreq swapper_ttb
+ .unreq flag_ptr
+ .unreq cur_pgdp
+ .unreq end_pgdp
+ .unreq pgd
+ .unreq cur_pudp
+ .unreq end_pudp
+ .unreq pud
+ .unreq cur_pmdp
+ .unreq end_pmdp
+ .unreq pmd
+ .unreq cur_ptep
+ .unreq end_ptep
+ .unreq pte
+ENDPROC(idmap_kpti_install_ng_mappings)
+ .popsection
+#endif
+
/*
* __cpu_setup
*
* Initialise the processor for turning the MMU on. Return in x0 the
* value of the SCTLR_EL1 register.
*/
- .pushsection ".idmap.text", "ax"
+ .pushsection ".idmap.text", "awx"
ENTRY(__cpu_setup)
tlbi vmalle1 // Invalidate local TLB
dsb nsh
@@ -222,7 +412,7 @@ ENTRY(__cpu_setup)
* both user and kernel.
*/
ldr x10, =TCR_TxSZ(VA_BITS) | TCR_CACHE_FLAGS | TCR_SMP_FLAGS | \
- TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0
+ TCR_TG_FLAGS | TCR_ASID16 | TCR_TBI0 | TCR_A1
tcr_set_idmap_t0sz x10, x9
/*
diff --git a/arch/frv/include/asm/timex.h b/arch/frv/include/asm/timex.h
index a89bddefdacf..139093fab326 100644
--- a/arch/frv/include/asm/timex.h
+++ b/arch/frv/include/asm/timex.h
@@ -16,5 +16,11 @@ static inline cycles_t get_cycles(void)
#define vxtime_lock() do {} while (0)
#define vxtime_unlock() do {} while (0)
+/* This attribute is used in include/linux/jiffies.h alongside with
+ * __cacheline_aligned_in_smp. It is assumed that __cacheline_aligned_in_smp
+ * for frv does not contain another section specification.
+ */
+#define __jiffy_arch_data __attribute__((__section__(".data")))
+
#endif
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
index 7614d1dd2c0b..94b5dfb087e9 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -723,7 +723,7 @@ EXC_COMMON_BEGIN(bad_addr_slb)
ld r3, PACA_EXSLB+EX_DAR(r13)
std r3, _DAR(r1)
beq cr6, 2f
- li r10, 0x480 /* fix trap number for I-SLB miss */
+ li r10, 0x481 /* fix trap number for I-SLB miss */
std r10, _TRAP(r1)
2: bl save_nvgprs
addi r3, r1, STACK_FRAME_OVERHEAD
diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c
index 028a22bfa90c..ad713f741ca8 100644
--- a/arch/powerpc/kernel/irq.c
+++ b/arch/powerpc/kernel/irq.c
@@ -372,6 +372,14 @@ void force_external_irq_replay(void)
*/
WARN_ON(!arch_irqs_disabled());
+ /*
+ * Interrupts must always be hard disabled before irq_happened is
+ * modified (to prevent lost update in case of interrupt between
+ * load and store).
+ */
+ __hard_irq_disable();
+ local_paca->irq_happened |= PACA_IRQ_HARD_DIS;
+
/* Indicate in the PACA that we have an interrupt to replay */
local_paca->irq_happened |= PACA_IRQ_EE;
}
diff --git a/arch/x86/crypto/cast5_avx_glue.c b/arch/x86/crypto/cast5_avx_glue.c
index 8648158f3916..f8fe11d24cde 100644
--- a/arch/x86/crypto/cast5_avx_glue.c
+++ b/arch/x86/crypto/cast5_avx_glue.c
@@ -66,8 +66,6 @@ static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk,
void (*fn)(struct cast5_ctx *ctx, u8 *dst, const u8 *src);
int err;
- fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way;
-
err = blkcipher_walk_virt(desc, walk);
desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
@@ -79,6 +77,7 @@ static int ecb_crypt(struct blkcipher_desc *desc, struct blkcipher_walk *walk,
/* Process multi-block batch */
if (nbytes >= bsize * CAST5_PARALLEL_BLOCKS) {
+ fn = (enc) ? cast5_ecb_enc_16way : cast5_ecb_dec_16way;
do {
fn(ctx, wdst, wsrc);
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index b8d3f1b60331..91c48cdfe81f 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -51,6 +51,7 @@
#include <linux/ftrace.h>
#include <linux/frame.h>
#include <linux/kasan.h>
+#include <linux/moduleloader.h>
#include <asm/text-patching.h>
#include <asm/cacheflush.h>
@@ -405,6 +406,14 @@ int __copy_instruction(u8 *dest, u8 *src)
return length;
}
+/* Recover page to RW mode before releasing it */
+void free_insn_page(void *page)
+{
+ set_memory_nx((unsigned long)page & PAGE_MASK, 1);
+ set_memory_rw((unsigned long)page & PAGE_MASK, 1);
+ module_memfree(page);
+}
+
static int arch_copy_kprobe(struct kprobe *p)
{
int ret;
diff --git a/block/bio.c b/block/bio.c
index 07f287b14cff..4f93345c6a82 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -42,9 +42,9 @@
* break badly! cannot be bigger than what you can fit into an
* unsigned short
*/
-#define BV(x) { .nr_vecs = x, .name = "biovec-"__stringify(x) }
+#define BV(x, n) { .nr_vecs = x, .name = "biovec-"#n }
static struct biovec_slab bvec_slabs[BVEC_POOL_NR] __read_mostly = {
- BV(1), BV(4), BV(16), BV(64), BV(128), BV(BIO_MAX_PAGES),
+ BV(1, 1), BV(4, 4), BV(16, 16), BV(64, 64), BV(128, 128), BV(BIO_MAX_PAGES, max),
};
#undef BV
diff --git a/block/partitions/msdos.c b/block/partitions/msdos.c
index 5610cd537da7..7d8d50c11ce7 100644
--- a/block/partitions/msdos.c
+++ b/block/partitions/msdos.c
@@ -300,7 +300,9 @@ static void parse_bsd(struct parsed_partitions *state,
continue;
bsd_start = le32_to_cpu(p->p_offset);
bsd_size = le32_to_cpu(p->p_size);
- if (memcmp(flavour, "bsd\0", 4) == 0)
+ /* FreeBSD has relative offset if C partition offset is zero */
+ if (memcmp(flavour, "bsd\0", 4) == 0 &&
+ le32_to_cpu(l->d_partitions[2].p_offset) == 0)
bsd_start += offset;
if (offset == bsd_start && size == bsd_size)
/* full parent partition, we have it already */
diff --git a/crypto/ahash.c b/crypto/ahash.c
index 14402ef6d826..90d73a22f129 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -91,13 +91,14 @@ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
if (nbytes && walk->offset & alignmask && !err) {
walk->offset = ALIGN(walk->offset, alignmask + 1);
- walk->data += walk->offset;
-
nbytes = min(nbytes,
((unsigned int)(PAGE_SIZE)) - walk->offset);
walk->entrylen -= nbytes;
- return nbytes;
+ if (nbytes) {
+ walk->data += walk->offset;
+ return nbytes;
+ }
}
if (walk->flags & CRYPTO_ALG_ASYNC)
diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c
index b86273fdf48e..3cfd879267b2 100644
--- a/drivers/block/mtip32xx/mtip32xx.c
+++ b/drivers/block/mtip32xx/mtip32xx.c
@@ -169,25 +169,6 @@ static bool mtip_check_surprise_removal(struct pci_dev *pdev)
return false; /* device present */
}
-/* we have to use runtime tag to setup command header */
-static void mtip_init_cmd_header(struct request *rq)
-{
- struct driver_data *dd = rq->q->queuedata;
- struct mtip_cmd *cmd = blk_mq_rq_to_pdu(rq);
- u32 host_cap_64 = readl(dd->mmio + HOST_CAP) & HOST_CAP_64;
-
- /* Point the command headers at the command tables. */
- cmd->command_header = dd->port->command_list +
- (sizeof(struct mtip_cmd_hdr) * rq->tag);
- cmd->command_header_dma = dd->port->command_list_dma +
- (sizeof(struct mtip_cmd_hdr) * rq->tag);
-
- if (host_cap_64)
- cmd->command_header->ctbau = __force_bit2int cpu_to_le32((cmd->command_dma >> 16) >> 16);
-
- cmd->command_header->ctba = __force_bit2int cpu_to_le32(cmd->command_dma & 0xFFFFFFFF);
-}
-
static struct mtip_cmd *mtip_get_int_command(struct driver_data *dd)
{
struct request *rq;
@@ -199,9 +180,6 @@ static struct mtip_cmd *mtip_get_int_command(struct driver_data *dd)
if (IS_ERR(rq))
return NULL;
- /* Internal cmd isn't submitted via .queue_rq */
- mtip_init_cmd_header(rq);
-
return blk_mq_rq_to_pdu(rq);
}
@@ -3833,8 +3811,6 @@ static int mtip_queue_rq(struct blk_mq_hw_ctx *hctx,
struct request *rq = bd->rq;
int ret;
- mtip_init_cmd_header(rq);
-
if (unlikely(mtip_check_unal_depth(hctx, rq)))
return BLK_MQ_RQ_QUEUE_BUSY;
@@ -3866,6 +3842,7 @@ static int mtip_init_cmd(void *data, struct request *rq, unsigned int hctx_idx,
{
struct driver_data *dd = data;
struct mtip_cmd *cmd = blk_mq_rq_to_pdu(rq);
+ u32 host_cap_64 = readl(dd->mmio + HOST_CAP) & HOST_CAP_64;
/*
* For flush requests, request_idx starts at the end of the
@@ -3882,6 +3859,17 @@ static int mtip_init_cmd(void *data, struct request *rq, unsigned int hctx_idx,
memset(cmd->command, 0, CMD_DMA_ALLOC_SZ);
+ /* Point the command headers at the command tables. */
+ cmd->command_header = dd->port->command_list +
+ (sizeof(struct mtip_cmd_hdr) * request_idx);
+ cmd->command_header_dma = dd->port->command_list_dma +
+ (sizeof(struct mtip_cmd_hdr) * request_idx);
+
+ if (host_cap_64)
+ cmd->command_header->ctbau = __force_bit2int cpu_to_le32((cmd->command_dma >> 16) >> 16);
+
+ cmd->command_header->ctba = __force_bit2int cpu_to_le32(cmd->command_dma & 0xFFFFFFFF);
+
sg_init_table(cmd->sg, MTIP_MAX_SG);
return 0;
}
diff --git a/drivers/hid/hid-sony.c b/drivers/hid/hid-sony.c
index b0bb99a821bd..1b1dccd37fbd 100644
--- a/drivers/hid/hid-sony.c
+++ b/drivers/hid/hid-sony.c
@@ -1056,7 +1056,6 @@ struct sony_sc {
u8 battery_charging;
u8 battery_capacity;
u8 led_state[MAX_LEDS];
- u8 resume_led_state[MAX_LEDS];
u8 led_delay_on[MAX_LEDS];
u8 led_delay_off[MAX_LEDS];
u8 led_count;
@@ -1793,6 +1792,7 @@ static int sony_leds_init(struct sony_sc *sc)
led->name = name;
led->brightness = sc->led_state[n];
led->max_brightness = max_brightness[n];
+ led->flags = LED_CORE_SUSPENDRESUME;
led->brightness_get = sony_led_get_brightness;
led->brightness_set = sony_led_set_brightness;
@@ -2509,47 +2509,32 @@ static void sony_remove(struct hid_device *hdev)
static int sony_suspend(struct hid_device *hdev, pm_message_t message)
{
- /*
- * On suspend save the current LED state,
- * stop running force-feedback and blank the LEDS.
- */
- if (SONY_LED_SUPPORT || SONY_FF_SUPPORT) {
- struct sony_sc *sc = hid_get_drvdata(hdev);
-
#ifdef CONFIG_SONY_FF
- sc->left = sc->right = 0;
-#endif
- memcpy(sc->resume_led_state, sc->led_state,
- sizeof(sc->resume_led_state));
- memset(sc->led_state, 0, sizeof(sc->led_state));
+ /* On suspend stop any running force-feedback events */
+ if (SONY_FF_SUPPORT) {
+ struct sony_sc *sc = hid_get_drvdata(hdev);
+ sc->left = sc->right = 0;
sony_send_output_report(sc);
}
+#endif
return 0;
}
static int sony_resume(struct hid_device *hdev)
{
- /* Restore the state of controller LEDs on resume */
- if (SONY_LED_SUPPORT) {
- struct sony_sc *sc = hid_get_drvdata(hdev);
-
- memcpy(sc->led_state, sc->resume_led_state,
- sizeof(sc->led_state));
-
- /*
- * The Sixaxis and navigation controllers on USB need to be
- * reinitialized on resume or they won't behave properly.
- */
- if ((sc->quirks & SIXAXIS_CONTROLLER_USB) ||
- (sc->quirks & NAVIGATION_CONTROLLER_USB)) {
- sixaxis_set_operational_usb(sc->hdev);
- sc->defer_initialization = 1;
- }
+ struct sony_sc *sc = hid_get_drvdata(hdev);
- sony_set_leds(sc);
+ /*
+ * The Sixaxis and navigation controllers on USB need to be
+ * reinitialized on resume or they won't behave properly.
+ */
+ if ((sc->quirks & SIXAXIS_CONTROLLER_USB) ||
+ (sc->quirks & NAVIGATION_CONTROLLER_USB)) {
+ sixaxis_set_operational_usb(sc->hdev);
+ sc->defer_initialization = 1;
}
return 0;
diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
index fb4ce0394ac7..978b8d94f9a4 100644
--- a/drivers/infiniband/core/addr.c
+++ b/drivers/infiniband/core/addr.c
@@ -209,6 +209,22 @@ int rdma_addr_size(struct sockaddr *addr)
}
EXPORT_SYMBOL(rdma_addr_size);
+int rdma_addr_size_in6(struct sockaddr_in6 *addr)
+{
+ int ret = rdma_addr_size((struct sockaddr *) addr);
+
+ return ret <= sizeof(*addr) ? ret : 0;
+}
+EXPORT_SYMBOL(rdma_addr_size_in6);
+
+int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr)
+{
+ int ret = rdma_addr_size((struct sockaddr *) addr);
+
+ return ret <= sizeof(*addr) ? ret : 0;
+}
+EXPORT_SYMBOL(rdma_addr_size_kss);
+
static struct rdma_addr_client self;
void rdma_addr_register_client(struct rdma_addr_client *client)
diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index 017a09ceba3f..4d732810f6fc 100644
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -132,7 +132,7 @@ static inline struct ucma_context *_ucma_find_context(int id,
ctx = idr_find(&ctx_idr, id);
if (!ctx)
ctx = ERR_PTR(-ENOENT);
- else if (ctx->file != file)
+ else if (ctx->file != file || !ctx->cm_id)
ctx = ERR_PTR(-EINVAL);
return ctx;
}
@@ -454,6 +454,7 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
struct rdma_ucm_create_id cmd;
struct rdma_ucm_create_id_resp resp;
struct ucma_context *ctx;
+ struct rdma_cm_id *cm_id;
enum ib_qp_type qp_type;
int ret;
@@ -474,10 +475,10 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
return -ENOMEM;
ctx->uid = cmd.uid;
- ctx->cm_id = rdma_create_id(current->nsproxy->net_ns,
- ucma_event_handler, ctx, cmd.ps, qp_type);
- if (IS_ERR(ctx->cm_id)) {
- ret = PTR_ERR(ctx->cm_id);
+ cm_id = rdma_create_id(current->nsproxy->net_ns,
+ ucma_event_handler, ctx, cmd.ps, qp_type);
+ if (IS_ERR(cm_id)) {
+ ret = PTR_ERR(cm_id);
goto err1;
}
@@ -487,14 +488,19 @@ static ssize_t ucma_create_id(struct ucma_file *file, const char __user *inbuf,
ret = -EFAULT;
goto err2;
}
+
+ ctx->cm_id = cm_id;
return 0;
err2:
- rdma_destroy_id(ctx->cm_id);
+ rdma_destroy_id(cm_id);
err1:
mutex_lock(&mut);
idr_remove(&ctx_idr, ctx->id);
mutex_unlock(&mut);
+ mutex_lock(&file->mut);
+ list_del(&ctx->list);
+ mutex_unlock(&file->mut);
kfree(ctx);
return ret;
}
@@ -624,6 +630,9 @@ static ssize_t ucma_bind_ip(struct ucma_file *file, const char __user *inbuf,
if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
return -EFAULT;
+ if (!rdma_addr_size_in6(&cmd.addr))
+ return -EINVAL;
+
ctx = ucma_get_ctx(file, cmd.id);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
@@ -637,22 +646,21 @@ static ssize_t ucma_bind(struct ucma_file *file, const char __user *inbuf,
int in_len, int out_len)
{
struct rdma_ucm_bind cmd;
- struct sockaddr *addr;
struct ucma_context *ctx;
int ret;
if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
return -EFAULT;
- addr = (struct sockaddr *) &cmd.addr;
- if (cmd.reserved || !cmd.addr_size || (cmd.addr_size != rdma_addr_size(addr)))
+ if (cmd.reserved || !cmd.addr_size ||
+ cmd.addr_size != rdma_addr_size_kss(&cmd.addr))
return -EINVAL;
ctx = ucma_get_ctx(file, cmd.id);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
- ret = rdma_bind_addr(ctx->cm_id, addr);
+ ret = rdma_bind_addr(ctx->cm_id, (struct sockaddr *) &cmd.addr);
ucma_put_ctx(ctx);
return ret;
}
@@ -668,13 +676,16 @@ static ssize_t ucma_resolve_ip(struct ucma_file *file,
if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
return -EFAULT;
+ if (!rdma_addr_size_in6(&cmd.src_addr) ||
+ !rdma_addr_size_in6(&cmd.dst_addr))
+ return -EINVAL;
+
ctx = ucma_get_ctx(file, cmd.id);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
- (struct sockaddr *) &cmd.dst_addr,
- cmd.timeout_ms);
+ (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
ucma_put_ctx(ctx);
return ret;
}
@@ -684,24 +695,23 @@ static ssize_t ucma_resolve_addr(struct ucma_file *file,
int in_len, int out_len)
{
struct rdma_ucm_resolve_addr cmd;
- struct sockaddr *src, *dst;
struct ucma_context *ctx;
int ret;
if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
return -EFAULT;
- src = (struct sockaddr *) &cmd.src_addr;
- dst = (struct sockaddr *) &cmd.dst_addr;
- if (cmd.reserved || (cmd.src_size && (cmd.src_size != rdma_addr_size(src))) ||
- !cmd.dst_size || (cmd.dst_size != rdma_addr_size(dst)))
+ if (cmd.reserved ||
+ (cmd.src_size && (cmd.src_size != rdma_addr_size_kss(&cmd.src_addr))) ||
+ !cmd.dst_size || (cmd.dst_size != rdma_addr_size_kss(&cmd.dst_addr)))
return -EINVAL;
ctx = ucma_get_ctx(file, cmd.id);
if (IS_ERR(ctx))
return PTR_ERR(ctx);
- ret = rdma_resolve_addr(ctx->cm_id, src, dst, cmd.timeout_ms);
+ ret = rdma_resolve_addr(ctx->cm_id, (struct sockaddr *) &cmd.src_addr,
+ (struct sockaddr *) &cmd.dst_addr, cmd.timeout_ms);
ucma_put_ctx(ctx);
return ret;
}
@@ -1146,6 +1156,11 @@ static ssize_t ucma_init_qp_attr(struct ucma_file *file,
if (IS_ERR(ctx))
return PTR_ERR(ctx);
+ if (!ctx->cm_id->device) {
+ ret = -EINVAL;
+ goto out;
+ }
+
resp.qp_attr_mask = 0;
memset(&qp_attr, 0, sizeof qp_attr);
qp_attr.qp_state = cmd.qp_state;
@@ -1302,7 +1317,7 @@ static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf,
{
struct rdma_ucm_notify cmd;
struct ucma_context *ctx;
- int ret;
+ int ret = -EINVAL;
if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
return -EFAULT;
@@ -1311,7 +1326,9 @@ static ssize_t ucma_notify(struct ucma_file *file, const char __user *inbuf,
if (IS_ERR(ctx))
return PTR_ERR(ctx);
- ret = rdma_notify(ctx->cm_id, (enum ib_event_type) cmd.event);
+ if (ctx->cm_id->device)
+ ret = rdma_notify(ctx->cm_id, (enum ib_event_type)cmd.event);
+
ucma_put_ctx(ctx);
return ret;
}
@@ -1397,7 +1414,7 @@ static ssize_t ucma_join_ip_multicast(struct ucma_file *file,
join_cmd.response = cmd.response;
join_cmd.uid = cmd.uid;
join_cmd.id = cmd.id;
- join_cmd.addr_size = rdma_addr_size((struct sockaddr *) &cmd.addr);
+ join_cmd.addr_size = rdma_addr_size_in6(&cmd.addr);
if (!join_cmd.addr_size)
return -EINVAL;
@@ -1416,7 +1433,7 @@ static ssize_t ucma_join_multicast(struct ucma_file *file,
if (copy_from_user(&cmd, inbuf, sizeof(cmd)))
return -EFAULT;
- if (!rdma_addr_size((struct sockaddr *)&cmd.addr))
+ if (!rdma_addr_size_kss(&cmd.addr))
return -EINVAL;
return ucma_process_join(file, &cmd, out_len);
diff --git a/drivers/input/mouse/alps.c b/drivers/input/mouse/alps.c
index af83d2e34913..a8a96def0ba2 100644
--- a/drivers/input/mouse/alps.c
+++ b/drivers/input/mouse/alps.c
@@ -2538,13 +2538,31 @@ static int alps_update_btn_info_ss4_v2(unsigned char otp[][4],
}
static int alps_update_dual_info_ss4_v2(unsigned char otp[][4],
- struct alps_data *priv)
+ struct alps_data *priv,
+ struct psmouse *psmouse)
{
bool is_dual = false;
+ int reg_val = 0;
+ struct ps2dev *ps2dev = &psmouse->ps2dev;
- if (IS_SS4PLUS_DEV(priv->dev_id))
+ if (IS_SS4PLUS_DEV(priv->dev_id)) {
is_dual = (otp[0][0] >> 4) & 0x01;
+ if (!is_dual) {
+ /* For support TrackStick of Thinkpad L/E series */
+ if (alps_exit_command_mode(psmouse) == 0 &&
+ alps_enter_command_mode(psmouse) == 0) {
+ reg_val = alps_command_mode_read_reg(psmouse,
+ 0xD7);
+ }
+ alps_exit_command_mode(psmouse);
+ ps2_command(ps2dev, NULL, PSMOUSE_CMD_ENABLE);
+
+ if (reg_val == 0x0C || reg_val == 0x1D)
+ is_dual = true;
+ }
+ }
+
if (is_dual)
priv->flags |= ALPS_DUALPOINT |
ALPS_DUALPOINT_WITH_PRESSURE;
@@ -2567,7 +2585,7 @@ static int alps_set_defaults_ss4_v2(struct psmouse *psmouse,
alps_update_btn_info_ss4_v2(otp, priv);
- alps_update_dual_info_ss4_v2(otp, priv);
+ alps_update_dual_info_ss4_v2(otp, priv, psmouse);
return 0;
}
diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c
index b604564dec5c..30328e57fdda 100644
--- a/drivers/input/mousedev.c
+++ b/drivers/input/mousedev.c
@@ -15,6 +15,7 @@
#define MOUSEDEV_MINORS 31
#define MOUSEDEV_MIX 63
+#include <linux/bitops.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/poll.h>
@@ -103,7 +104,7 @@ struct mousedev_client {
spinlock_t packet_lock;
int pos_x, pos_y;
- signed char ps2[6];
+ u8 ps2[6];
unsigned char ready, buffer, bufsiz;
unsigned char imexseq, impsseq;
enum mousedev_emul mode;
@@ -291,11 +292,10 @@ static void mousedev_notify_readers(struct mousedev *mousedev,
}
client->pos_x += packet->dx;
- client->pos_x = client->pos_x < 0 ?
- 0 : (client->pos_x >= xres ? xres : client->pos_x);
+ client->pos_x = clamp_val(client->pos_x, 0, xres);
+
client->pos_y += packet->dy;
- client->pos_y = client->pos_y < 0 ?
- 0 : (client->pos_y >= yres ? yres : client->pos_y);
+ client->pos_y = clamp_val(client->pos_y, 0, yres);
p->dx += packet->dx;
p->dy += packet->dy;
@@ -571,44 +571,50 @@ static int mousedev_open(struct inode *inode, struct file *file)
return error;
}
-static inline int mousedev_limit_delta(int delta, int limit)
-{
- return delta > limit ? limit : (delta < -limit ? -limit : delta);
-}
-
-static void mousedev_packet(struct mousedev_client *client,
- signed char *ps2_data)
+static void mousedev_packet(struct mousedev_client *client, u8 *ps2_data)
{
struct mousedev_motion *p = &client->packets[client->tail];
+ s8 dx, dy, dz;
+
+ dx = clamp_val(p->dx, -127, 127);
+ p->dx -= dx;
+
+ dy = clamp_val(p->dy, -127, 127);
+ p->dy -= dy;
- ps2_data[0] = 0x08 |
- ((p->dx < 0) << 4) | ((p->dy < 0) << 5) | (p->buttons & 0x07);
- ps2_data[1] = mousedev_limit_delta(p->dx, 127);
- ps2_data[2] = mousedev_limit_delta(p->dy, 127);
- p->dx -= ps2_data[1];
- p->dy -= ps2_data[2];
+ ps2_data[0] = BIT(3);
+ ps2_data[0] |= ((dx & BIT(7)) >> 3) | ((dy & BIT(7)) >> 2);
+ ps2_data[0] |= p->buttons & 0x07;
+ ps2_data[1] = dx;
+ ps2_data[2] = dy;
switch (client->mode) {
case MOUSEDEV_EMUL_EXPS:
- ps2_data[3] = mousedev_limit_delta(p->dz, 7);
- p->dz -= ps2_data[3];
- ps2_data[3] = (ps2_data[3] & 0x0f) | ((p->buttons & 0x18) << 1);
+ dz = clamp_val(p->dz, -7, 7);
+ p->dz -= dz;
+
+ ps2_data[3] = (dz & 0x0f) | ((p->buttons & 0x18) << 1);
client->bufsiz = 4;
break;
case MOUSEDEV_EMUL_IMPS:
- ps2_data[0] |=
- ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1);
- ps2_data[3] = mousedev_limit_delta(p->dz, 127);
- p->dz -= ps2_data[3];
+ dz = clamp_val(p->dz, -127, 127);
+ p->dz -= dz;
+
+ ps2_data[0] |= ((p->buttons & 0x10) >> 3) |
+ ((p->buttons & 0x08) >> 1);
+ ps2_data[3] = dz;
+
client->bufsiz = 4;
break;
case MOUSEDEV_EMUL_PS2:
default:
- ps2_data[0] |=
- ((p->buttons & 0x10) >> 3) | ((p->buttons & 0x08) >> 1);
p->dz = 0;
+
+ ps2_data[0] |= ((p->buttons & 0x10) >> 3) |
+ ((p->buttons & 0x08) >> 1);
+
client->bufsiz = 3;
break;
}
@@ -714,7 +720,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer,
{
struct mousedev_client *client = file->private_data;
struct mousedev *mousedev = client->mousedev;
- signed char data[sizeof(client->ps2)];
+ u8 data[sizeof(client->ps2)];
int retval = 0;
if (!client->ready && !client->buffer && mousedev->exist &&
diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h
index d1051e3ce819..e484ea2dc787 100644
--- a/drivers/input/serio/i8042-x86ia64io.h
+++ b/drivers/input/serio/i8042-x86ia64io.h
@@ -530,6 +530,20 @@ static const struct dmi_system_id __initconst i8042_dmi_nomux_table[] = {
{ }
};
+static const struct dmi_system_id i8042_dmi_forcemux_table[] __initconst = {
+ {
+ /*
+ * Sony Vaio VGN-CS series require MUX or the touch sensor
+ * buttons will disturb touchpad operation
+ */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-CS"),
+ },
+ },
+ { }
+};
+
/*
* On some Asus laptops, just running self tests cause problems.
*/
@@ -692,6 +706,13 @@ static const struct dmi_system_id __initconst i8042_dmi_reset_table[] = {
DMI_MATCH(DMI_PRODUCT_NAME, "20046"),
},
},
+ {
+ /* Lenovo ThinkPad L460 */
+ .matches = {
+ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad L460"),
+ },
+ },
{
/* Clevo P650RS, 650RP6, Sager NP8152-S, and others */
.matches = {
@@ -1223,6 +1244,9 @@ static int __init i8042_platform_init(void)
if (dmi_check_system(i8042_dmi_nomux_table))
i8042_nomux = true;
+ if (dmi_check_system(i8042_dmi_forcemux_table))
+ i8042_nomux = false;
+
if (dmi_check_system(i8042_dmi_notimeout_table))
i8042_notimeout = true;
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
index a68c650aad11..b67414b5a64e 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
@@ -1777,12 +1777,12 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
cmd == DM_LIST_VERSIONS_CMD)
return 0;
- if ((cmd == DM_DEV_CREATE_CMD)) {
+ if (cmd == DM_DEV_CREATE_CMD) {
if (!*param->name) {
DMWARN("name not supplied when creating device");
return -EINVAL;
}
- } else if ((*param->uuid && *param->name)) {
+ } else if (*param->uuid && *param->name) {
DMWARN("only supply one of name or uuid, cmd(%u)", cmd);
return -EINVAL;
}
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
index 18a4271bf569..6a7b9b1dcfe3 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
@@ -3681,6 +3681,7 @@ static int raid10_run(struct mddev *mddev)
if (blk_queue_discard(bdev_get_queue(rdev->bdev)))
discard_supported = true;
+ first = 0;
}
if (mddev->queue) {
diff --git a/drivers/media/usb/usbtv/usbtv-core.c b/drivers/media/usb/usbtv/usbtv-core.c
index 0324633ede42..e56a49a5e8b1 100644
--- a/drivers/media/usb/usbtv/usbtv-core.c
+++ b/drivers/media/usb/usbtv/usbtv-core.c
@@ -109,6 +109,8 @@ static int usbtv_probe(struct usb_interface *intf,
return 0;
usbtv_audio_fail:
+ /* we must not free at this point */
+ usb_get_dev(usbtv->udev);
usbtv_video_free(usbtv);
usbtv_video_fail:
diff --git a/drivers/misc/mei/main.c b/drivers/misc/mei/main.c
index 41f318631c6d..60f5a8ded8dd 100644
--- a/drivers/misc/mei/main.c
+++ b/drivers/misc/mei/main.c
@@ -551,7 +551,6 @@ static long mei_ioctl(struct file *file, unsigned int cmd, unsigned long data)
break;
default:
- dev_err(dev->dev, ": unsupported ioctl %d.\n", cmd);
rets = -ENOIOCTLCMD;
}
diff --git a/drivers/mtd/chips/jedec_probe.c b/drivers/mtd/chips/jedec_probe.c
index 7c0b27d132b1..b479bd81120b 100644
--- a/drivers/mtd/chips/jedec_probe.c
+++ b/drivers/mtd/chips/jedec_probe.c
@@ -1889,6 +1889,8 @@ static inline u32 jedec_read_mfr(struct map_info *map, uint32_t base,
do {
uint32_t ofs = cfi_build_cmd_addr(0 + (bank << 8), map, cfi);
mask = (1 << (cfi->device_type * 8)) - 1;
+ if (ofs >= map->size)
+ return 0;
result = map_read(map, base + ofs);
bank++;
} while ((result.x[0] & mask) == CFI_MFR_CONTINUATION);
diff --git a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
index 651f308cdc60..fca2e428cd86 100644
--- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
+++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
@@ -1680,6 +1680,30 @@ static void xgene_enet_napi_add(struct xgene_enet_pdata *pdata)
}
}
+#ifdef CONFIG_ACPI
+static const struct acpi_device_id xgene_enet_acpi_match[] = {
+ { "APMC0D05", XGENE_ENET1},
+ { "APMC0D30", XGENE_ENET1},
+ { "APMC0D31", XGENE_ENET1},
+ { "APMC0D3F", XGENE_ENET1},
+ { "APMC0D26", XGENE_ENET2},
+ { "APMC0D25", XGENE_ENET2},
+ { }
+};
+MODULE_DEVICE_TABLE(acpi, xgene_enet_acpi_match);
+#endif
+
+static const struct of_device_id xgene_enet_of_match[] = {
+ {.compatible = "apm,xgene-enet", .data = (void *)XGENE_ENET1},
+ {.compatible = "apm,xgene1-sgenet", .data = (void *)XGENE_ENET1},
+ {.compatible = "apm,xgene1-xgenet", .data = (void *)XGENE_ENET1},
+ {.compatible = "apm,xgene2-sgenet", .data = (void *)XGENE_ENET2},
+ {.compatible = "apm,xgene2-xgenet", .data = (void *)XGENE_ENET2},
+ {},
+};
+
+MODULE_DEVICE_TABLE(of, xgene_enet_of_match);
+
static int xgene_enet_probe(struct platform_device *pdev)
{
struct net_device *ndev;
@@ -1826,32 +1850,6 @@ static void xgene_enet_shutdown(struct platform_device *pdev)
xgene_enet_remove(pdev);
}
-#ifdef CONFIG_ACPI
-static const struct acpi_device_id xgene_enet_acpi_match[] = {
- { "APMC0D05", XGENE_ENET1},
- { "APMC0D30", XGENE_ENET1},
- { "APMC0D31", XGENE_ENET1},
- { "APMC0D3F", XGENE_ENET1},
- { "APMC0D26", XGENE_ENET2},
- { "APMC0D25", XGENE_ENET2},
- { }
-};
-MODULE_DEVICE_TABLE(acpi, xgene_enet_acpi_match);
-#endif
-
-#ifdef CONFIG_OF
-static const struct of_device_id xgene_enet_of_match[] = {
- {.compatible = "apm,xgene-enet", .data = (void *)XGENE_ENET1},
- {.compatible = "apm,xgene1-sgenet", .data = (void *)XGENE_ENET1},
- {.compatible = "apm,xgene1-xgenet", .data = (void *)XGENE_ENET1},
- {.compatible = "apm,xgene2-sgenet", .data = (void *)XGENE_ENET2},
- {.compatible = "apm,xgene2-xgenet", .data = (void *)XGENE_ENET2},
- {},
-};
-
-MODULE_DEVICE_TABLE(of, xgene_enet_of_match);
-#endif
-
static struct platform_driver xgene_enet_driver = {
.driver = {
.name = "xgene-enet",
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
index 34b5e699a1d5..02a03bccde7b 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c
@@ -671,7 +671,7 @@ static void hns_gmac_get_strings(u32 stringset, u8 *data)
static int hns_gmac_get_sset_count(int stringset)
{
- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
+ if (stringset == ETH_SS_STATS)
return ARRAY_SIZE(g_gmac_stats_string);
return 0;
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
index 4ecb809785f9..6ea872287307 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c
@@ -422,7 +422,7 @@ void hns_ppe_update_stats(struct hns_ppe_cb *ppe_cb)
int hns_ppe_get_sset_count(int stringset)
{
- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
+ if (stringset == ETH_SS_STATS)
return ETH_PPE_STATIC_NUM;
return 0;
}
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
index fbbbbffd58dc..f3be9ac47bfb 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c
@@ -798,7 +798,7 @@ void hns_rcb_get_stats(struct hnae_queue *queue, u64 *data)
*/
int hns_rcb_get_ring_sset_count(int stringset)
{
- if (stringset == ETH_SS_STATS || stringset == ETH_SS_PRIV_FLAGS)
+ if (stringset == ETH_SS_STATS)
return HNS_RING_STATIC_REG_NUM;
return 0;
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
index 86a496d71995..6be0cae44e9b 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_ethtool.c
@@ -1017,8 +1017,10 @@ int hns_get_sset_count(struct net_device *netdev, int stringset)
cnt--;
return cnt;
- } else {
+ } else if (stringset == ETH_SS_STATS) {
return (HNS_NET_STATS_CNT + ops->get_sset_count(h, stringset));
+ } else {
+ return -EOPNOTSUPP;
}
}
diff --git a/drivers/net/phy/mdio-xgene.c b/drivers/net/phy/mdio-xgene.c
index 39be3b82608f..20fbcc9c4687 100644
--- a/drivers/net/phy/mdio-xgene.c
+++ b/drivers/net/phy/mdio-xgene.c
@@ -314,6 +314,30 @@ static acpi_status acpi_register_phy(acpi_handle handle, u32 lvl,
}
#endif
+static const struct of_device_id xgene_mdio_of_match[] = {
+ {
+ .compatible = "apm,xgene-mdio-rgmii",
+ .data = (void *)XGENE_MDIO_RGMII
+ },
+ {
+ .compatible = "apm,xgene-mdio-xfi",
+ .data = (void *)XGENE_MDIO_XFI
+ },
+ {},
+};
+MODULE_DEVICE_TABLE(of, xgene_mdio_of_match);
+
+#ifdef CONFIG_ACPI
+static const struct acpi_device_id xgene_mdio_acpi_match[] = {
+ { "APMC0D65", XGENE_MDIO_RGMII },
+ { "APMC0D66", XGENE_MDIO_XFI },
+ { }
+};
+
+MODULE_DEVICE_TABLE(acpi, xgene_mdio_acpi_match);
+#endif
+
+
static int xgene_mdio_probe(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
@@ -439,32 +463,6 @@ static int xgene_mdio_remove(struct platform_device *pdev)
return 0;
}
-#ifdef CONFIG_OF
-static const struct of_device_id xgene_mdio_of_match[] = {
- {
- .compatible = "apm,xgene-mdio-rgmii",
- .data = (void *)XGENE_MDIO_RGMII
- },
- {
- .compatible = "apm,xgene-mdio-xfi",
- .data = (void *)XGENE_MDIO_XFI
- },
- {},
-};
-
-MODULE_DEVICE_TABLE(of, xgene_mdio_of_match);
-#endif
-
-#ifdef CONFIG_ACPI
-static const struct acpi_device_id xgene_mdio_acpi_match[] = {
- { "APMC0D65", XGENE_MDIO_RGMII },
- { "APMC0D66", XGENE_MDIO_XFI },
- { }
-};
-
-MODULE_DEVICE_TABLE(acpi, xgene_mdio_acpi_match);
-#endif
-
static struct platform_driver xgene_mdio_driver = {
.driver = {
.name = "xgene-mdio",
diff --git a/drivers/net/phy/mdio-xgene.h b/drivers/net/phy/mdio-xgene.h
index 354241b53c1d..594a11d42401 100644
--- a/drivers/net/phy/mdio-xgene.h
+++ b/drivers/net/phy/mdio-xgene.h
@@ -132,10 +132,6 @@ static inline u64 xgene_enet_get_field_value(int pos, int len, u64 src)
#define GET_BIT(field, src) \
xgene_enet_get_field_value(field ## _POS, 1, src)
-static const struct of_device_id xgene_mdio_of_match[];
-#ifdef CONFIG_ACPI
-static const struct acpi_device_id xgene_mdio_acpi_match[];
-#endif
int xgene_mdio_rgmii_read(struct mii_bus *bus, int phy_id, int reg);
int xgene_mdio_rgmii_write(struct mii_bus *bus, int phy_id, int reg, u16 data);
struct phy_device *xgene_enet_phy_register(struct mii_bus *bus, int phy_addr);
diff --git a/drivers/parport/parport_pc.c b/drivers/parport/parport_pc.c
index 78530d1714dc..bdce0679674c 100644
--- a/drivers/parport/parport_pc.c
+++ b/drivers/parport/parport_pc.c
@@ -2646,6 +2646,7 @@ enum parport_pc_pci_cards {
netmos_9901,
netmos_9865,
quatech_sppxp100,
+ wch_ch382l,
};
@@ -2708,6 +2709,7 @@ static struct parport_pc_pci {
/* netmos_9901 */ { 1, { { 0, -1 }, } },
/* netmos_9865 */ { 1, { { 0, -1 }, } },
/* quatech_sppxp100 */ { 1, { { 0, 1 }, } },
+ /* wch_ch382l */ { 1, { { 2, -1 }, } },
};
static const struct pci_device_id parport_pc_pci_tbl[] = {
@@ -2797,6 +2799,8 @@ static const struct pci_device_id parport_pc_pci_tbl[] = {
/* Quatech SPPXP-100 Parallel port PCI ExpressCard */
{ PCI_VENDOR_ID_QUATECH, PCI_DEVICE_ID_QUATECH_SPPXP_100,
PCI_ANY_ID, PCI_ANY_ID, 0, 0, quatech_sppxp100 },
+ /* WCH CH382L PCI-E single parallel port card */
+ { 0x1c00, 0x3050, 0x1c00, 0x3050, 0, 0, wch_ch382l },
{ 0, } /* terminate list */
};
MODULE_DEVICE_TABLE(pci, parport_pc_pci_tbl);
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
index a98be6db7e93..56340abe4fc6 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -231,7 +231,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
res->flags |= IORESOURCE_ROM_ENABLE;
l64 = l & PCI_ROM_ADDRESS_MASK;
sz64 = sz & PCI_ROM_ADDRESS_MASK;
- mask64 = (u32)PCI_ROM_ADDRESS_MASK;
+ mask64 = PCI_ROM_ADDRESS_MASK;
}
if (res->flags & IORESOURCE_MEM_64) {
diff --git a/drivers/pci/setup-res.c b/drivers/pci/setup-res.c
index 4bc589ee78d0..85774b7a316a 100644
--- a/drivers/pci/setup-res.c
+++ b/drivers/pci/setup-res.c
@@ -63,7 +63,7 @@ static void pci_std_update_resource(struct pci_dev *dev, int resno)
mask = (u32)PCI_BASE_ADDRESS_IO_MASK;
new |= res->flags & ~PCI_BASE_ADDRESS_IO_MASK;
} else if (resno == PCI_ROM_RESOURCE) {
- mask = (u32)PCI_ROM_ADDRESS_MASK;
+ mask = PCI_ROM_ADDRESS_MASK;
} else {
mask = (u32)PCI_BASE_ADDRESS_MEM_MASK;
new |= res->flags & ~PCI_BASE_ADDRESS_MEM_MASK;
diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
index 8f4adc1d9588..cbc8e9388268 100644
--- a/drivers/scsi/virtio_scsi.c
+++ b/drivers/scsi/virtio_scsi.c
@@ -819,6 +819,7 @@ static struct scsi_host_template virtscsi_host_template_multi = {
.change_queue_depth = virtscsi_change_queue_depth,
.eh_abort_handler = virtscsi_abort,
.eh_device_reset_handler = virtscsi_device_reset,
+ .slave_alloc = virtscsi_device_alloc,
.can_queue = 1024,
.dma_boundary = UINT_MAX,
diff --git a/drivers/spi/Kconfig b/drivers/spi/Kconfig
index 0e7415f6d093..b7995474148c 100644
--- a/drivers/spi/Kconfig
+++ b/drivers/spi/Kconfig
@@ -156,7 +156,6 @@ config SPI_BCM63XX_HSSPI
config SPI_BCM_QSPI
tristate "Broadcom BSPI and MSPI controller support"
depends on ARCH_BRCMSTB || ARCH_BCM || ARCH_BCM_IPROC || COMPILE_TEST
- depends on MTD_NORFLASH
default ARCH_BCM_IPROC
help
Enables support for the Broadcom SPI flash and MSPI controller.
diff --git a/drivers/spi/spi-davinci.c b/drivers/spi/spi-davinci.c
index 02fb96797ac8..0d8f43a17edb 100644
--- a/drivers/spi/spi-davinci.c
+++ b/drivers/spi/spi-davinci.c
@@ -646,7 +646,7 @@ static int davinci_spi_bufs(struct spi_device *spi, struct spi_transfer *t)
buf = t->rx_buf;
t->rx_dma = dma_map_single(&spi->dev, buf,
t->len, DMA_FROM_DEVICE);
- if (dma_mapping_error(&spi->dev, !t->rx_dma)) {
+ if (dma_mapping_error(&spi->dev, t->rx_dma)) {
ret = -EFAULT;
goto err_rx_map;
}
diff --git a/drivers/staging/comedi/drivers/ni_mio_common.c b/drivers/staging/comedi/drivers/ni_mio_common.c
index a574885ffba9..18c5312f7886 100644
--- a/drivers/staging/comedi/drivers/ni_mio_common.c
+++ b/drivers/staging/comedi/drivers/ni_mio_common.c
@@ -1284,6 +1284,8 @@ static void ack_a_interrupt(struct comedi_device *dev, unsigned short a_status)
ack |= NISTC_INTA_ACK_AI_START;
if (a_status & NISTC_AI_STATUS1_STOP)
ack |= NISTC_INTA_ACK_AI_STOP;
+ if (a_status & NISTC_AI_STATUS1_OVER)
+ ack |= NISTC_INTA_ACK_AI_ERR;
if (ack)
ni_stc_writew(dev, ack, NISTC_INTA_ACK_REG);
}
diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c
index 68c7bb0b7991..9e1ac58e269e 100644
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -1354,6 +1354,11 @@ static void csi_m(struct vc_data *vc)
case 3:
vc->vc_italic = 1;
break;
+ case 21:
+ /*
+ * No console drivers support double underline, so
+ * convert it to a single underline.
+ */
case 4:
vc->vc_underline = 1;
break;
@@ -1389,7 +1394,6 @@ static void csi_m(struct vc_data *vc)
vc->vc_disp_ctrl = 1;
vc->vc_toggle_meta = 1;
break;
- case 21:
case 22:
vc->vc_intensity = 1;
break;
diff --git a/drivers/usb/dwc2/hcd.c b/drivers/usb/dwc2/hcd.c
index dfc0566bb155..919a32153060 100644
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -3220,7 +3220,6 @@ static void dwc2_conn_id_status_change(struct work_struct *work)
dwc2_core_init(hsotg, false);
dwc2_enable_global_interrupts(hsotg);
spin_lock_irqsave(&hsotg->lock, flags);
- dwc2_hsotg_disconnect(hsotg);
dwc2_hsotg_core_init_disconnected(hsotg, false);
spin_unlock_irqrestore(&hsotg->lock, flags);
dwc2_hsotg_core_connect(hsotg);
@@ -3238,8 +3237,12 @@ static void dwc2_conn_id_status_change(struct work_struct *work)
if (count > 250)
dev_err(hsotg->dev,
"Connection id status change timed out\n");
- hsotg->op_state = OTG_STATE_A_HOST;
+ spin_lock_irqsave(&hsotg->lock, flags);
+ dwc2_hsotg_disconnect(hsotg);
+ spin_unlock_irqrestore(&hsotg->lock, flags);
+
+ hsotg->op_state = OTG_STATE_A_HOST;
/* Initialize the Core for Host mode */
dwc2_core_init(hsotg, false);
dwc2_enable_global_interrupts(hsotg);
diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c
index e97539fc127e..7d658565b20f 100644
--- a/drivers/usb/gadget/udc/core.c
+++ b/drivers/usb/gadget/udc/core.c
@@ -139,10 +139,8 @@ int usb_ep_disable(struct usb_ep *ep)
goto out;
ret = ep->ops->disable(ep);
- if (ret) {
- ret = ret;
+ if (ret)
goto out;
- }
ep->enabled = false;
diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
index 3178d8afb3e6..cab80acace4e 100644
--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -152,6 +152,7 @@ static const struct usb_device_id id_table[] = {
{ USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */
{ USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */
{ USB_DEVICE(0x1555, 0x0004) }, /* Owen AC4 USB-RS485 Converter */
+ { USB_DEVICE(0x155A, 0x1006) }, /* ELDAT Easywave RX09 */
{ USB_DEVICE(0x166A, 0x0201) }, /* Clipsal 5500PACA C-Bus Pascal Automation Controller */
{ USB_DEVICE(0x166A, 0x0301) }, /* Clipsal 5800PC C-Bus Wireless PC Interface */
{ USB_DEVICE(0x166A, 0x0303) }, /* Clipsal 5500PCU C-Bus USB interface */
diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
index 0c743e4cca1e..71cbc6890ac4 100644
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -773,6 +773,7 @@ static const struct usb_device_id id_table_combined[] = {
.driver_info = (kernel_ulong_t)&ftdi_NDI_device_quirk },
{ USB_DEVICE(TELLDUS_VID, TELLDUS_TELLSTICK_PID) },
{ USB_DEVICE(NOVITUS_VID, NOVITUS_BONO_E_PID) },
+ { USB_DEVICE(FTDI_VID, RTSYSTEMS_USB_VX8_PID) },
{ USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_S03_PID) },
{ USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_59_PID) },
{ USB_DEVICE(RTSYSTEMS_VID, RTSYSTEMS_USB_57A_PID) },
@@ -935,6 +936,7 @@ static const struct usb_device_id id_table_combined[] = {
{ USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_LS_LOGBOOK_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_SCIENCESCOPE_HS_LOGBOOK_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_CINTERION_MC55I_PID) },
+ { USB_DEVICE(FTDI_VID, FTDI_FHE_PID) },
{ USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) },
{ USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID),
.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
index 543d2801632b..76a10b222ff9 100644
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -922,6 +922,9 @@
/*
* RT Systems programming cables for various ham radios
*/
+/* This device uses the VID of FTDI */
+#define RTSYSTEMS_USB_VX8_PID 0x9e50 /* USB-VX8 USB to 7 pin modular plug for Yaesu VX-8 radio */
+
#define RTSYSTEMS_VID 0x2100 /* Vendor ID */
#define RTSYSTEMS_USB_S03_PID 0x9001 /* RTS-03 USB to Serial Adapter */
#define RTSYSTEMS_USB_59_PID 0x9e50 /* USB-59 USB to 8 pin plug */
@@ -1440,6 +1443,12 @@
*/
#define FTDI_CINTERION_MC55I_PID 0xA951
+/*
+ * Product: FirmwareHubEmulator
+ * Manufacturer: Harman Becker Automotive Systems
+ */
+#define FTDI_FHE_PID 0xA9A0
+
/*
* Product: Comet Caller ID decoder
* Manufacturer: Crucible Technologies
diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c
index 5539f0b95efa..52401732cddc 100644
--- a/fs/btrfs/tree-log.c
+++ b/fs/btrfs/tree-log.c
@@ -3664,7 +3664,7 @@ static noinline int copy_items(struct btrfs_trans_handle *trans,
src_offset = btrfs_item_ptr_offset(src, start_slot + i);
- if ((i == (nr - 1)))
+ if (i == nr - 1)
last_key = ins_keys[i];
if (ins_keys[i].type == BTRFS_INODE_ITEM_KEY) {
diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index ca3f630db90f..e7ddb23d9bb7 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -598,7 +598,8 @@ static ssize_t ceph_sync_read(struct kiocb *iocb, struct iov_iter *i,
struct ceph_aio_request {
struct kiocb *iocb;
size_t total_len;
- int write;
+ bool write;
+ bool should_dirty;
int error;
struct list_head osd_reqs;
unsigned num_reqs;
@@ -708,7 +709,7 @@ static void ceph_aio_complete_req(struct ceph_osd_request *req)
}
}
- ceph_put_page_vector(osd_data->pages, num_pages, !aio_req->write);
+ ceph_put_page_vector(osd_data->pages, num_pages, aio_req->should_dirty);
ceph_osdc_put_request(req);
if (rc < 0)
@@ -890,6 +891,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
size_t count = iov_iter_count(iter);
loff_t pos = iocb->ki_pos;
bool write = iov_iter_rw(iter) == WRITE;
+ bool should_dirty = !write && iter_is_iovec(iter);
if (write && ceph_snap(file_inode(file)) != CEPH_NOSNAP)
return -EROFS;
@@ -954,6 +956,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
if (aio_req) {
aio_req->iocb = iocb;
aio_req->write = write;
+ aio_req->should_dirty = should_dirty;
INIT_LIST_HEAD(&aio_req->osd_reqs);
if (write) {
aio_req->mtime = mtime;
@@ -1012,7 +1015,7 @@ ceph_direct_read_write(struct kiocb *iocb, struct iov_iter *iter,
len = ret;
}
- ceph_put_page_vector(pages, num_pages, !write);
+ ceph_put_page_vector(pages, num_pages, should_dirty);
ceph_osdc_put_request(req);
if (ret < 0)
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
index f2d7402abe02..93c8e4a4bbd3 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -833,7 +833,7 @@ static int compat_ioctl_preallocate(struct file *file,
*/
#define XFORM(i) (((i) ^ ((i) << 27) ^ ((i) << 17)) & 0xffffffff)
-#define COMPATIBLE_IOCTL(cmd) XFORM(cmd),
+#define COMPATIBLE_IOCTL(cmd) XFORM((u32)cmd),
/* ioctl should not be warned about even if it's not implemented.
Valid reasons to use this:
- It is implemented with ->compat_ioctl on some device, but programs
diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h
index 2d65bbd6dbd1..18ba29ff1449 100644
--- a/include/linux/cpumask.h
+++ b/include/linux/cpumask.h
@@ -680,6 +680,11 @@ void alloc_bootmem_cpumask_var(cpumask_var_t *mask);
void free_cpumask_var(cpumask_var_t mask);
void free_bootmem_cpumask_var(cpumask_var_t mask);
+static inline bool cpumask_available(cpumask_var_t mask)
+{
+ return mask != NULL;
+}
+
#else
typedef struct cpumask cpumask_var_t[1];
@@ -720,6 +725,11 @@ static inline void free_cpumask_var(cpumask_var_t mask)
static inline void free_bootmem_cpumask_var(cpumask_var_t mask)
{
}
+
+static inline bool cpumask_available(cpumask_var_t mask)
+{
+ return true;
+}
#endif /* CONFIG_CPUMASK_OFFSTACK */
/* It's common to want to use cpu_all_mask in struct member initializers,
diff --git a/include/linux/init.h b/include/linux/init.h
index 683508f6bb4e..0cca4142987f 100644
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -133,6 +133,9 @@ void prepare_namespace(void);
void __init load_default_modules(void);
int __init init_rootfs(void);
+#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_DEBUG_SET_MODULE_RONX)
+extern bool rodata_enabled;
+#endif
#ifdef CONFIG_DEBUG_RODATA
void mark_rodata_ro(void);
#endif
diff --git a/include/linux/jiffies.h b/include/linux/jiffies.h
index 589d14e970ad..c2a0f0072274 100644
--- a/include/linux/jiffies.h
+++ b/include/linux/jiffies.h
@@ -1,6 +1,7 @@
#ifndef _LINUX_JIFFIES_H
#define _LINUX_JIFFIES_H
+#include <linux/cache.h>
#include <linux/math64.h>
#include <linux/kernel.h>
#include <linux/types.h>
@@ -63,19 +64,17 @@ extern int register_refined_jiffies(long clock_tick_rate);
/* TICK_USEC is the time between ticks in usec assuming fake USER_HZ */
#define TICK_USEC ((1000000UL + USER_HZ/2) / USER_HZ)
-/* some arch's have a small-data section that can be accessed register-relative
- * but that can only take up to, say, 4-byte variables. jiffies being part of
- * an 8-byte variable may not be correctly accessed unless we force the issue
- */
-#define __jiffy_data __attribute__((section(".data")))
+#ifndef __jiffy_arch_data
+#define __jiffy_arch_data
+#endif
/*
* The 64-bit value is not atomic - you MUST NOT read it
* without sampling the sequence number in jiffies_lock.
* get_jiffies_64() will do this for you as appropriate.
*/
-extern u64 __jiffy_data jiffies_64;
-extern unsigned long volatile __jiffy_data jiffies;
+extern u64 __cacheline_aligned_in_smp jiffies_64;
+extern unsigned long volatile __cacheline_aligned_in_smp __jiffy_arch_data jiffies;
#if (BITS_PER_LONG < 64)
u64 get_jiffies_64(void);
diff --git a/include/linux/llist.h b/include/linux/llist.h
index fd4ca0b4fe0f..ac6796138ba0 100644
--- a/include/linux/llist.h
+++ b/include/linux/llist.h
@@ -87,6 +87,23 @@ static inline void init_llist_head(struct llist_head *list)
#define llist_entry(ptr, type, member) \
container_of(ptr, type, member)
+/**
+ * member_address_is_nonnull - check whether the member address is not NULL
+ * @ptr: the object pointer (struct type * that contains the llist_node)
+ * @member: the name of the llist_node within the struct.
+ *
+ * This macro is conceptually the same as
+ * &ptr->member != NULL
+ * but it works around the fact that compilers can decide that taking a member
+ * address is never a NULL pointer.
+ *
+ * Real objects that start at a high address and have a member at NULL are
+ * unlikely to exist, but such pointers may be returned e.g. by the
+ * container_of() macro.
+ */
+#define member_address_is_nonnull(ptr, member) \
+ ((uintptr_t)(ptr) + offsetof(typeof(*(ptr)), member) != 0)
+
/**
* llist_for_each - iterate over some deleted entries of a lock-less list
* @pos: the &struct llist_node to use as a loop cursor
@@ -121,7 +138,7 @@ static inline void init_llist_head(struct llist_head *list)
*/
#define llist_for_each_entry(pos, node, member) \
for ((pos) = llist_entry((node), typeof(*(pos)), member); \
- &(pos)->member != NULL; \
+ member_address_is_nonnull(pos, member); \
(pos) = llist_entry((pos)->member.next, typeof(*(pos)), member))
/**
@@ -143,7 +160,7 @@ static inline void init_llist_head(struct llist_head *list)
*/
#define llist_for_each_entry_safe(pos, n, node, member) \
for (pos = llist_entry((node), typeof(*pos), member); \
- &pos->member != NULL && \
+ member_address_is_nonnull(pos, member) && \
(n = llist_entry(pos->member.next, typeof(*n), member), true); \
pos = n)
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 9bfeb88fb940..69111fa2e578 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -254,6 +254,8 @@ unsigned int *xt_alloc_entry_offsets(unsigned int size);
bool xt_find_jump_offset(const unsigned int *offsets,
unsigned int target, unsigned int size);
+int xt_check_proc_name(const char *name, unsigned int size);
+
int xt_check_match(struct xt_mtchk_param *, unsigned int size, u_int8_t proto,
bool inv_proto);
int xt_check_target(struct xt_tgchk_param *, unsigned int size, u_int8_t proto,
diff --git a/include/rdma/ib_addr.h b/include/rdma/ib_addr.h
index 818a38f99221..f888263fd757 100644
--- a/include/rdma/ib_addr.h
+++ b/include/rdma/ib_addr.h
@@ -129,6 +129,8 @@ int rdma_copy_addr(struct rdma_dev_addr *dev_addr, struct net_device *dev,
const unsigned char *dst_dev_addr);
int rdma_addr_size(struct sockaddr *addr);
+int rdma_addr_size_in6(struct sockaddr_in6 *addr);
+int rdma_addr_size_kss(struct __kernel_sockaddr_storage *addr);
int rdma_addr_find_smac_by_sgid(union ib_gid *sgid, u8 *smac, u16 *vlan_id);
int rdma_addr_find_l2_eth_by_grh(const union ib_gid *sgid,
diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h
index e5a2e68b2236..ecc8e01c5616 100644
--- a/include/uapi/linux/pci_regs.h
+++ b/include/uapi/linux/pci_regs.h
@@ -106,7 +106,7 @@
#define PCI_SUBSYSTEM_ID 0x2e
#define PCI_ROM_ADDRESS 0x30 /* Bits 31..11 are address, 10..1 reserved */
#define PCI_ROM_ADDRESS_ENABLE 0x01
-#define PCI_ROM_ADDRESS_MASK (~0x7ffUL)
+#define PCI_ROM_ADDRESS_MASK (~0x7ffU)
#define PCI_CAPABILITY_LIST 0x34 /* Offset of first capability list entry */
diff --git a/init/main.c b/init/main.c
index 99f026565608..f22957afb37e 100644
--- a/init/main.c
+++ b/init/main.c
@@ -81,6 +81,7 @@
#include <linux/proc_ns.h>
#include <linux/io.h>
#include <linux/kaiser.h>
+#include <linux/cache.h>
#include <asm/io.h>
#include <asm/bugs.h>
@@ -914,14 +915,16 @@ static int try_to_run_init_process(const char *init_filename)
static noinline void __init kernel_init_freeable(void);
-#ifdef CONFIG_DEBUG_RODATA
-static bool rodata_enabled = true;
+#if defined(CONFIG_DEBUG_RODATA) || defined(CONFIG_SET_MODULE_RONX)
+bool rodata_enabled __ro_after_init = true;
static int __init set_debug_rodata(char *str)
{
return strtobool(str, &rodata_enabled);
}
__setup("rodata=", set_debug_rodata);
+#endif
+#ifdef CONFIG_DEBUG_RODATA
static void mark_readonly(void)
{
if (rodata_enabled)
diff --git a/ipc/shm.c b/ipc/shm.c
index e2072ae4f90e..de93d01bfce2 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -381,6 +381,17 @@ static int shm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
return sfd->vm_ops->fault(vma, vmf);
}
+static int shm_split(struct vm_area_struct *vma, unsigned long addr)
+{
+ struct file *file = vma->vm_file;
+ struct shm_file_data *sfd = shm_file_data(file);
+
+ if (sfd->vm_ops && sfd->vm_ops->split)
+ return sfd->vm_ops->split(vma, addr);
+
+ return 0;
+}
+
#ifdef CONFIG_NUMA
static int shm_set_policy(struct vm_area_struct *vma, struct mempolicy *new)
{
@@ -503,6 +514,7 @@ static const struct vm_operations_struct shm_vm_ops = {
.open = shm_open, /* callback for a new vm-area open */
.close = shm_close, /* callback for when the vm-area is released */
.fault = shm_fault,
+ .split = shm_split,
#if defined(CONFIG_NUMA)
.set_policy = shm_set_policy,
.get_policy = shm_get_policy,
diff --git a/kernel/events/hw_breakpoint.c b/kernel/events/hw_breakpoint.c
index 3f8cb1e14588..253ae2da13c3 100644
--- a/kernel/events/hw_breakpoint.c
+++ b/kernel/events/hw_breakpoint.c
@@ -427,16 +427,9 @@ EXPORT_SYMBOL_GPL(register_user_hw_breakpoint);
* modify_user_hw_breakpoint - modify a user-space hardware breakpoint
* @bp: the breakpoint structure to modify
* @attr: new breakpoint attributes
- * @triggered: callback to trigger when we hit the breakpoint
- * @tsk: pointer to 'task_struct' of the process to which the address belongs
*/
int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *attr)
{
- u64 old_addr = bp->attr.bp_addr;
- u64 old_len = bp->attr.bp_len;
- int old_type = bp->attr.bp_type;
- int err = 0;
-
/*
* modify_user_hw_breakpoint can be invoked with IRQs disabled and hence it
* will not be possible to raise IPIs that invoke __perf_event_disable.
@@ -451,27 +444,18 @@ int modify_user_hw_breakpoint(struct perf_event *bp, struct perf_event_attr *att
bp->attr.bp_addr = attr->bp_addr;
bp->attr.bp_type = attr->bp_type;
bp->attr.bp_len = attr->bp_len;
+ bp->attr.disabled = 1;
- if (attr->disabled)
- goto end;
-
- err = validate_hw_breakpoint(bp);
- if (!err)
- perf_event_enable(bp);
+ if (!attr->disabled) {
+ int err = validate_hw_breakpoint(bp);
- if (err) {
- bp->attr.bp_addr = old_addr;
- bp->attr.bp_type = old_type;
- bp->attr.bp_len = old_len;
- if (!bp->attr.disabled)
- perf_event_enable(bp);
+ if (err)
+ return err;
- return err;
+ perf_event_enable(bp);
+ bp->attr.disabled = 0;
}
-end:
- bp->attr.disabled = attr->disabled;
-
return 0;
}
EXPORT_SYMBOL_GPL(modify_user_hw_breakpoint);
diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
index ea41820ab12e..5927da596d42 100644
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -850,7 +850,7 @@ irq_thread_check_affinity(struct irq_desc *desc, struct irqaction *action)
* This code is triggered unconditionally. Check the affinity
* mask pointer. For CPU_MASK_OFFSTACK=n this is optimized out.
*/
- if (desc->irq_common_data.affinity)
+ if (cpumask_available(desc->irq_common_data.affinity))
cpumask_copy(mask, desc->irq_common_data.affinity);
else
valid = false;
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
index a1a07cf1101f..69485183af79 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
@@ -125,7 +125,7 @@ static void *alloc_insn_page(void)
return module_alloc(PAGE_SIZE);
}
-static void free_insn_page(void *page)
+void __weak free_insn_page(void *page)
{
module_memfree(page);
}
diff --git a/kernel/module.c b/kernel/module.c
index 07bfb9971f2f..0651f2d25fc9 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1911,6 +1911,9 @@ static void frob_writable_data(const struct module_layout *layout,
/* livepatching wants to disable read-only so it can frob module. */
void module_disable_ro(const struct module *mod)
{
+ if (!rodata_enabled)
+ return;
+
frob_text(&mod->core_layout, set_memory_rw);
frob_rodata(&mod->core_layout, set_memory_rw);
frob_ro_after_init(&mod->core_layout, set_memory_rw);
@@ -1920,6 +1923,9 @@ void module_disable_ro(const struct module *mod)
void module_enable_ro(const struct module *mod, bool after_init)
{
+ if (!rodata_enabled)
+ return;
+
frob_text(&mod->core_layout, set_memory_ro);
frob_rodata(&mod->core_layout, set_memory_ro);
frob_text(&mod->init_layout, set_memory_ro);
@@ -1952,6 +1958,9 @@ void set_all_modules_text_rw(void)
{
struct module *mod;
+ if (!rodata_enabled)
+ return;
+
mutex_lock(&module_mutex);
list_for_each_entry_rcu(mod, &modules, list) {
if (mod->state == MODULE_STATE_UNFORMED)
@@ -1968,6 +1977,9 @@ void set_all_modules_text_ro(void)
{
struct module *mod;
+ if (!rodata_enabled)
+ return;
+
mutex_lock(&module_mutex);
list_for_each_entry_rcu(mod, &modules, list) {
if (mod->state == MODULE_STATE_UNFORMED)
@@ -1981,10 +1993,12 @@ void set_all_modules_text_ro(void)
static void disable_ro_nx(const struct module_layout *layout)
{
- frob_text(layout, set_memory_rw);
- frob_rodata(layout, set_memory_rw);
+ if (rodata_enabled) {
+ frob_text(layout, set_memory_rw);
+ frob_rodata(layout, set_memory_rw);
+ frob_ro_after_init(layout, set_memory_rw);
+ }
frob_rodata(layout, set_memory_x);
- frob_ro_after_init(layout, set_memory_rw);
frob_ro_after_init(layout, set_memory_x);
frob_writable_data(layout, set_memory_x);
}
diff --git a/mm/vmscan.c b/mm/vmscan.c
index cdd5c3b5c357..557ad1367595 100644
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -2966,7 +2966,7 @@ unsigned long try_to_free_pages(struct zonelist *zonelist, int order,
unsigned long nr_reclaimed;
struct scan_control sc = {
.nr_to_reclaim = SWAP_CLUSTER_MAX,
- .gfp_mask = (gfp_mask = memalloc_noio_flags(gfp_mask)),
+ .gfp_mask = memalloc_noio_flags(gfp_mask),
.reclaim_idx = gfp_zone(gfp_mask),
.order = order,
.nodemask = nodemask,
@@ -2981,12 +2981,12 @@ unsigned long try_to_free_pages(struct zonelist *zonelist, int order,
* 1 is returned so that the page allocator does not OOM kill at this
* point.
*/
- if (throttle_direct_reclaim(gfp_mask, zonelist, nodemask))
+ if (throttle_direct_reclaim(sc.gfp_mask, zonelist, nodemask))
return 1;
trace_mm_vmscan_direct_reclaim_begin(order,
sc.may_writepage,
- gfp_mask,
+ sc.gfp_mask,
sc.reclaim_idx);
nr_reclaimed = do_try_to_free_pages(zonelist, &sc);
@@ -3749,16 +3749,15 @@ static int __node_reclaim(struct pglist_data *pgdat, gfp_t gfp_mask, unsigned in
const unsigned long nr_pages = 1 << order;
struct task_struct *p = current;
struct reclaim_state reclaim_state;
- int classzone_idx = gfp_zone(gfp_mask);
struct scan_control sc = {
.nr_to_reclaim = max(nr_pages, SWAP_CLUSTER_MAX),
- .gfp_mask = (gfp_mask = memalloc_noio_flags(gfp_mask)),
+ .gfp_mask = memalloc_noio_flags(gfp_mask),
.order = order,
.priority = NODE_RECLAIM_PRIORITY,
.may_writepage = !!(node_reclaim_mode & RECLAIM_WRITE),
.may_unmap = !!(node_reclaim_mode & RECLAIM_UNMAP),
.may_swap = 1,
- .reclaim_idx = classzone_idx,
+ .reclaim_idx = gfp_zone(gfp_mask),
};
cond_resched();
@@ -3768,7 +3767,7 @@ static int __node_reclaim(struct pglist_data *pgdat, gfp_t gfp_mask, unsigned in
* and RECLAIM_UNMAP.
*/
p->flags |= PF_MEMALLOC | PF_SWAPWRITE;
- lockdep_set_current_reclaim_state(gfp_mask);
+ lockdep_set_current_reclaim_state(sc.gfp_mask);
reclaim_state.reclaimed_slab = 0;
p->reclaim_state = &reclaim_state;
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 658c900752c6..ead4d1baeaa6 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -2233,8 +2233,14 @@ static u8 smp_cmd_security_req(struct l2cap_conn *conn, struct sk_buff *skb)
else
sec_level = authreq_to_seclevel(auth);
- if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK))
+ if (smp_sufficient_security(hcon, sec_level, SMP_USE_LTK)) {
+ /* If link is already encrypted with sufficient security we
+ * still need refresh encryption as per Core Spec 5.0 Vol 3,
+ * Part H 2.4.6
+ */
+ smp_ltk_encrypt(conn, hcon->sec_level);
return 0;
+ }
if (sec_level > hcon->pending_sec_level)
hcon->pending_sec_level = sec_level;
diff --git a/net/bridge/netfilter/ebt_among.c b/net/bridge/netfilter/ebt_among.c
index 9637a681bdda..9adf16258cab 100644
--- a/net/bridge/netfilter/ebt_among.c
+++ b/net/bridge/netfilter/ebt_among.c
@@ -177,6 +177,28 @@ static bool poolsize_invalid(const struct ebt_mac_wormhash *w)
return w && w->poolsize >= (INT_MAX / sizeof(struct ebt_mac_wormhash_tuple));
}
+static bool wormhash_offset_invalid(int off, unsigned int len)
+{
+ if (off == 0) /* not present */
+ return false;
+
+ if (off < (int)sizeof(struct ebt_among_info) ||
+ off % __alignof__(struct ebt_mac_wormhash))
+ return true;
+
+ off += sizeof(struct ebt_mac_wormhash);
+
+ return off > len;
+}
+
+static bool wormhash_sizes_valid(const struct ebt_mac_wormhash *wh, int a, int b)
+{
+ if (a == 0)
+ a = sizeof(struct ebt_among_info);
+
+ return ebt_mac_wormhash_size(wh) + a == b;
+}
+
static int ebt_among_mt_check(const struct xt_mtchk_param *par)
{
const struct ebt_among_info *info = par->matchinfo;
@@ -189,6 +211,10 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
if (expected_length > em->match_size)
return -EINVAL;
+ if (wormhash_offset_invalid(info->wh_dst_ofs, em->match_size) ||
+ wormhash_offset_invalid(info->wh_src_ofs, em->match_size))
+ return -EINVAL;
+
wh_dst = ebt_among_wh_dst(info);
if (poolsize_invalid(wh_dst))
return -EINVAL;
@@ -201,6 +227,14 @@ static int ebt_among_mt_check(const struct xt_mtchk_param *par)
if (poolsize_invalid(wh_src))
return -EINVAL;
+ if (info->wh_src_ofs < info->wh_dst_ofs) {
+ if (!wormhash_sizes_valid(wh_src, info->wh_src_ofs, info->wh_dst_ofs))
+ return -EINVAL;
+ } else {
+ if (!wormhash_sizes_valid(wh_dst, info->wh_dst_ofs, info->wh_src_ofs))
+ return -EINVAL;
+ }
+
expected_length += ebt_mac_wormhash_size(wh_src);
if (em->match_size != EBT_ALIGN(expected_length)) {
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index 574f7ebba0b6..ac8342dcb55e 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -252,16 +252,16 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
if (set_h245_addr(skb, protoff, data, dataoff, taddr,
&ct->tuplehash[!dir].tuple.dst.u3,
htons((port & htons(1)) ? nated_port + 1 :
- nated_port)) == 0) {
- /* Save ports */
- info->rtp_port[i][dir] = rtp_port;
- info->rtp_port[i][!dir] = htons(nated_port);
- } else {
+ nated_port))) {
nf_ct_unexpect_related(rtp_exp);
nf_ct_unexpect_related(rtcp_exp);
return -1;
}
+ /* Save ports */
+ info->rtp_port[i][dir] = rtp_port;
+ info->rtp_port[i][!dir] = htons(nated_port);
+
/* Success */
pr_debug("nf_nat_h323: expect RTP %pI4:%hu->%pI4:%hu\n",
&rtp_exp->tuple.src.u3.ip,
@@ -370,15 +370,15 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
/* Modify signal */
if (set_h225_addr(skb, protoff, data, dataoff, taddr,
&ct->tuplehash[!dir].tuple.dst.u3,
- htons(nated_port)) == 0) {
- /* Save ports */
- info->sig_port[dir] = port;
- info->sig_port[!dir] = htons(nated_port);
- } else {
+ htons(nated_port))) {
nf_ct_unexpect_related(exp);
return -1;
}
+ /* Save ports */
+ info->sig_port[dir] = port;
+ info->sig_port[!dir] = htons(nated_port);
+
pr_debug("nf_nat_q931: expect H.245 %pI4:%hu->%pI4:%hu\n",
&exp->tuple.src.u3.ip,
ntohs(exp->tuple.src.u.tcp.port),
@@ -462,24 +462,27 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
/* Modify signal */
if (set_h225_addr(skb, protoff, data, 0, &taddr[idx],
&ct->tuplehash[!dir].tuple.dst.u3,
- htons(nated_port)) == 0) {
- /* Save ports */
- info->sig_port[dir] = port;
- info->sig_port[!dir] = htons(nated_port);
-
- /* Fix for Gnomemeeting */
- if (idx > 0 &&
- get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
- (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
- set_h225_addr(skb, protoff, data, 0, &taddr[0],
- &ct->tuplehash[!dir].tuple.dst.u3,
- info->sig_port[!dir]);
- }
- } else {
+ htons(nated_port))) {
nf_ct_unexpect_related(exp);
return -1;
}
+ /* Save ports */
+ info->sig_port[dir] = port;
+ info->sig_port[!dir] = htons(nated_port);
+
+ /* Fix for Gnomemeeting */
+ if (idx > 0 &&
+ get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
+ (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
+ if (set_h225_addr(skb, protoff, data, 0, &taddr[0],
+ &ct->tuplehash[!dir].tuple.dst.u3,
+ info->sig_port[!dir])) {
+ nf_ct_unexpect_related(exp);
+ return -1;
+ }
+ }
+
/* Success */
pr_debug("nf_nat_ras: expect Q.931 %pI4:%hu->%pI4:%hu\n",
&exp->tuple.src.u3.ip,
@@ -550,9 +553,9 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
}
/* Modify signal */
- if (!set_h225_addr(skb, protoff, data, dataoff, taddr,
- &ct->tuplehash[!dir].tuple.dst.u3,
- htons(nated_port)) == 0) {
+ if (set_h225_addr(skb, protoff, data, dataoff, taddr,
+ &ct->tuplehash[!dir].tuple.dst.u3,
+ htons(nated_port))) {
nf_ct_unexpect_related(exp);
return -1;
}
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 345efeb887ef..912333586de6 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -625,7 +625,6 @@ static void vti6_link_config(struct ip6_tnl *t)
{
struct net_device *dev = t->dev;
struct __ip6_tnl_parm *p = &t->parms;
- struct net_device *tdev = NULL;
memcpy(dev->dev_addr, &p->laddr, sizeof(struct in6_addr));
memcpy(dev->broadcast, &p->raddr, sizeof(struct in6_addr));
@@ -638,25 +637,6 @@ static void vti6_link_config(struct ip6_tnl *t)
dev->flags |= IFF_POINTOPOINT;
else
dev->flags &= ~IFF_POINTOPOINT;
-
- if (p->flags & IP6_TNL_F_CAP_XMIT) {
- int strict = (ipv6_addr_type(&p->raddr) &
- (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL));
- struct rt6_info *rt = rt6_lookup(t->net,
- &p->raddr, &p->laddr,
- p->link, strict);
-
- if (rt)
- tdev = rt->dst.dev;
- ip6_rt_put(rt);
- }
-
- if (!tdev && p->link)
- tdev = __dev_get_by_index(t->net, p->link);
-
- if (tdev)
- dev->mtu = max_t(int, tdev->mtu - dev->hard_header_len,
- IPV6_MIN_MTU);
}
/**
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index d31818e7d10c..a5acaf1efaab 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -427,7 +427,7 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
case NL80211_CHAN_WIDTH_5:
case NL80211_CHAN_WIDTH_10:
cfg80211_chandef_create(&chandef, cbss->channel,
- NL80211_CHAN_WIDTH_20_NOHT);
+ NL80211_CHAN_NO_HT);
chandef.width = sdata->u.ibss.chandef.width;
break;
case NL80211_CHAN_WIDTH_80:
@@ -439,7 +439,7 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
default:
/* fall back to 20 MHz for unsupported modes */
cfg80211_chandef_create(&chandef, cbss->channel,
- NL80211_CHAN_WIDTH_20_NOHT);
+ NL80211_CHAN_NO_HT);
break;
}
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index dbceb42c2a8e..e6096dfd0210 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -173,9 +173,11 @@ ieee80211_rate_control_ops_get(const char *name)
/* try default if specific alg requested but not found */
ops = ieee80211_try_rate_control_ops_get(ieee80211_default_rc_algo);
- /* try built-in one if specific alg requested but not found */
- if (!ops && strlen(CONFIG_MAC80211_RC_DEFAULT))
+ /* Note: check for > 0 is intentional to avoid clang warning */
+ if (!ops && (strlen(CONFIG_MAC80211_RC_DEFAULT) > 0))
+ /* try built-in one if specific alg requested but not found */
ops = ieee80211_try_rate_control_ops_get(CONFIG_MAC80211_RC_DEFAULT);
+
kernel_param_unlock(THIS_MODULE);
return ops;
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index d5caed5bcfb1..d49a4639465f 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1008,9 +1008,8 @@ static const struct nla_policy tuple_nla_policy[CTA_TUPLE_MAX+1] = {
static int
ctnetlink_parse_tuple(const struct nlattr * const cda[],
- struct nf_conntrack_tuple *tuple,
- enum ctattr_type type, u_int8_t l3num,
- struct nf_conntrack_zone *zone)
+ struct nf_conntrack_tuple *tuple, u32 type,
+ u_int8_t l3num, struct nf_conntrack_zone *zone)
{
struct nlattr *tb[CTA_TUPLE_MAX+1];
int err;
@@ -2409,7 +2408,7 @@ static struct nfnl_ct_hook ctnetlink_glue_hook = {
static int ctnetlink_exp_dump_tuple(struct sk_buff *skb,
const struct nf_conntrack_tuple *tuple,
- enum ctattr_expect type)
+ u32 type)
{
struct nlattr *nest_parms;
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 7ad1a863587a..59be89813a29 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -367,6 +367,36 @@ textify_hooks(char *buf, size_t size, unsigned int mask, uint8_t nfproto)
return buf;
}
+/**
+ * xt_check_proc_name - check that name is suitable for /proc file creation
+ *
+ * @name: file name candidate
+ * @size: length of buffer
+ *
+ * some x_tables modules wish to create a file in /proc.
+ * This function makes sure that the name is suitable for this
+ * purpose, it checks that name is NUL terminated and isn't a 'special'
+ * name, like "..".
+ *
+ * returns negative number on error or 0 if name is useable.
+ */
+int xt_check_proc_name(const char *name, unsigned int size)
+{
+ if (name[0] == '\0')
+ return -EINVAL;
+
+ if (strnlen(name, size) == size)
+ return -ENAMETOOLONG;
+
+ if (strcmp(name, ".") == 0 ||
+ strcmp(name, "..") == 0 ||
+ strchr(name, '/'))
+ return -EINVAL;
+
+ return 0;
+}
+EXPORT_SYMBOL(xt_check_proc_name);
+
int xt_check_match(struct xt_mtchk_param *par,
unsigned int size, u_int8_t proto, bool inv_proto)
{
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index b89b688e9d01..a1a29cdc58fc 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -794,8 +794,9 @@ static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
struct hashlimit_cfg2 cfg = {};
int ret;
- if (info->name[sizeof(info->name) - 1] != '\0')
- return -EINVAL;
+ ret = xt_check_proc_name(info->name, sizeof(info->name));
+ if (ret)
+ return ret;
ret = cfg_copy(&cfg, (void *)&info->cfg, 1);
@@ -809,9 +810,11 @@ static int hashlimit_mt_check_v1(const struct xt_mtchk_param *par)
static int hashlimit_mt_check(const struct xt_mtchk_param *par)
{
struct xt_hashlimit_mtinfo2 *info = par->matchinfo;
+ int ret;
- if (info->name[sizeof(info->name) - 1] != '\0')
- return -EINVAL;
+ ret = xt_check_proc_name(info->name, sizeof(info->name));
+ if (ret)
+ return ret;
return hashlimit_mt_check_common(par, &info->hinfo, &info->cfg,
info->name, 2);
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c
index e3b7a09b103e..79d7ad621a80 100644
--- a/net/netfilter/xt_recent.c
+++ b/net/netfilter/xt_recent.c
@@ -361,9 +361,9 @@ static int recent_mt_check(const struct xt_mtchk_param *par,
info->hit_count, XT_RECENT_MAX_NSTAMPS - 1);
return -EINVAL;
}
- if (info->name[0] == '\0' ||
- strnlen(info->name, XT_RECENT_NAME_LEN) == XT_RECENT_NAME_LEN)
- return -EINVAL;
+ ret = xt_check_proc_name(info->name, sizeof(info->name));
+ if (ret)
+ return ret;
if (ip_pkt_list_tot && info->hit_count < ip_pkt_list_tot)
nstamp_mask = roundup_pow_of_two(ip_pkt_list_tot) - 1;
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index a89061d59c74..36280e114959 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -4081,7 +4081,7 @@ static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
struct nlattr *rate;
u32 bitrate;
u16 bitrate_compat;
- enum nl80211_attrs rate_flg;
+ enum nl80211_rate_info rate_flg;
rate = nla_nest_start(msg, attr);
if (!rate)
diff --git a/net/wireless/util.c b/net/wireless/util.c
index c921c2eed15d..bb54d9db82df 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -663,7 +663,7 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
int offset, int len)
{
struct skb_shared_info *sh = skb_shinfo(skb);
- const skb_frag_t *frag = &sh->frags[-1];
+ const skb_frag_t *frag = &sh->frags[0];
struct page *frag_page;
void *frag_ptr;
int frag_len, frag_size;
@@ -676,10 +676,10 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
while (offset >= frag_size) {
offset -= frag_size;
- frag++;
frag_page = skb_frag_page(frag);
frag_ptr = skb_frag_address(frag);
frag_size = skb_frag_size(frag);
+ frag++;
}
frag_ptr += offset;
@@ -691,12 +691,12 @@ __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame,
len -= cur_len;
while (len > 0) {
- frag++;
frag_len = skb_frag_size(frag);
cur_len = min(len, frag_len);
__frame_add_frag(frame, skb_frag_page(frag),
skb_frag_address(frag), cur_len, frag_len);
len -= cur_len;
+ frag++;
}
}
diff --git a/net/xfrm/xfrm_ipcomp.c b/net/xfrm/xfrm_ipcomp.c
index ccfdc7115a83..a00ec715aa46 100644
--- a/net/xfrm/xfrm_ipcomp.c
+++ b/net/xfrm/xfrm_ipcomp.c
@@ -283,7 +283,7 @@ static struct crypto_comp * __percpu *ipcomp_alloc_tfms(const char *alg_name)
struct crypto_comp *tfm;
/* This can be any valid CPU ID so we don't need locking. */
- tfm = __this_cpu_read(*pos->tfms);
+ tfm = this_cpu_read(*pos->tfms);
if (!strcmp(crypto_comp_name(tfm), alg_name)) {
pos->users++;
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 13e0611a9085..fdb9742d934e 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -1883,6 +1883,11 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
struct xfrm_mgr *km;
struct xfrm_policy *pol = NULL;
+#ifdef CONFIG_COMPAT
+ if (in_compat_syscall())
+ return -EOPNOTSUPP;
+#endif
+
if (!optval && !optlen) {
xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 5d33967d9aa1..6a029358bfd1 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -121,22 +121,17 @@ static inline int verify_replay(struct xfrm_usersa_info *p,
struct nlattr *rt = attrs[XFRMA_REPLAY_ESN_VAL];
struct xfrm_replay_state_esn *rs;
- if (p->flags & XFRM_STATE_ESN) {
- if (!rt)
- return -EINVAL;
+ if (!rt)
+ return (p->flags & XFRM_STATE_ESN) ? -EINVAL : 0;
- rs = nla_data(rt);
+ rs = nla_data(rt);
- if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
- return -EINVAL;
-
- if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
- nla_len(rt) != sizeof(*rs))
- return -EINVAL;
- }
+ if (rs->bmp_len > XFRMA_REPLAY_ESN_MAX / sizeof(rs->bmp[0]) / 8)
+ return -EINVAL;
- if (!rt)
- return 0;
+ if (nla_len(rt) < xfrm_replay_state_esn_len(rs) &&
+ nla_len(rt) != sizeof(*rs))
+ return -EINVAL;
/* As only ESP and AH support ESN feature. */
if ((p->id.proto != IPPROTO_ESP) && (p->id.proto != IPPROTO_AH))
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b8278f3af9da..17627d8d5a26 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -406,18 +406,6 @@ static void superblock_free_security(struct super_block *sb)
kfree(sbsec);
}
-/* The file system's label must be initialized prior to use. */
-
-static const char *labeling_behaviors[7] = {
- "uses xattr",
- "uses transition SIDs",
- "uses task SIDs",
- "uses genfs_contexts",
- "not configured for labeling",
- "uses mountpoint labeling",
- "uses native labeling",
-};
-
static inline int inode_doinit(struct inode *inode)
{
return inode_doinit_with_dentry(inode, NULL);
@@ -528,10 +516,6 @@ static int sb_finish_set_opts(struct super_block *sb)
}
}
- if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors))
- printk(KERN_ERR "SELinux: initialized (dev %s, type %s), unknown behavior\n",
- sb->s_id, sb->s_type->name);
-
sbsec->flags |= SE_SBINITIALIZED;
if (selinux_is_sblabel_mnt(sb))
sbsec->flags |= SBLABEL_MNT;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 73275a92f2e2..d656b7c98394 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -155,7 +155,7 @@ static int selinux_set_mapping(struct policydb *pol,
}
k = 0;
- while (p_in->perms && p_in->perms[k]) {
+ while (p_in->perms[k]) {
/* An empty permission string skips ahead */
if (!*p_in->perms[k]) {
k++;
diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
index 3e7c3573871d..fa8741afadf5 100644
--- a/sound/core/oss/pcm_oss.c
+++ b/sound/core/oss/pcm_oss.c
@@ -1361,7 +1361,7 @@ static ssize_t snd_pcm_oss_write2(struct snd_pcm_substream *substream, const cha
static ssize_t snd_pcm_oss_write1(struct snd_pcm_substream *substream, const char __user *buf, size_t bytes)
{
size_t xfer = 0;
- ssize_t tmp;
+ ssize_t tmp = 0;
struct snd_pcm_runtime *runtime = substream->runtime;
if (atomic_read(&substream->mmap_count))
@@ -1468,7 +1468,7 @@ static ssize_t snd_pcm_oss_read2(struct snd_pcm_substream *substream, char *buf,
static ssize_t snd_pcm_oss_read1(struct snd_pcm_substream *substream, char __user *buf, size_t bytes)
{
size_t xfer = 0;
- ssize_t tmp;
+ ssize_t tmp = 0;
struct snd_pcm_runtime *runtime = substream->runtime;
if (atomic_read(&substream->mmap_count))
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
index 9d33c1e85c79..d503285867e7 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
@@ -3410,7 +3410,7 @@ int snd_pcm_lib_default_mmap(struct snd_pcm_substream *substream,
area,
substream->runtime->dma_area,
substream->runtime->dma_addr,
- area->vm_end - area->vm_start);
+ substream->runtime->dma_bytes);
#endif /* CONFIG_X86 */
/* mmap with fault handler */
area->vm_ops = &snd_pcm_vm_ops_data_fault;
diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c
index 1cd7f8b0bf77..45655b9108e8 100644
--- a/sound/usb/quirks.c
+++ b/sound/usb/quirks.c
@@ -1175,6 +1175,7 @@ static bool is_teac_dsd_dac(unsigned int id)
switch (id) {
case USB_ID(0x0644, 0x8043): /* TEAC UD-501/UD-503/NT-503 */
case USB_ID(0x0644, 0x8044): /* Esoteric D-05X */
+ case USB_ID(0x0644, 0x804a): /* TEAC UD-301 */
return true;
}
return false;
^ permalink raw reply related [flat|nested] 15+ messages in thread
* Linux 4.9.93
@ 2018-04-08 15:08 Greg KH
2018-04-08 15:08 ` Greg KH
0 siblings, 1 reply; 15+ messages in thread
From: Greg KH @ 2018-04-08 15:08 UTC (permalink / raw)
To: linux-kernel, Andrew Morton, torvalds, stable; +Cc: lwn, Jiri Slaby
[-- Attachment #1: Type: text/plain, Size: 16180 bytes --]
I'm announcing the release of the 4.9.93 kernel.
All users of the 4.9 kernel series must upgrade.
The updated 4.9.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.9.y
and can be browsed at the normal kernel.org git web browser:
http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt | 9
Makefile | 2
arch/arm/boot/dts/am335x-pepper.dts | 2
arch/arm/boot/dts/am57xx-beagle-x15-common.dtsi | 1
arch/arm/boot/dts/am57xx-idk-common.dtsi | 1
arch/arm/boot/dts/dra7-evm.dts | 2
arch/arm/boot/dts/omap3-n900.dts | 4
arch/arm/vfp/vfpmodule.c | 2
arch/arm64/Kconfig | 12
arch/arm64/include/asm/assembler.h | 3
arch/arm64/include/asm/cpucaps.h | 3
arch/arm64/include/asm/cputype.h | 3
arch/arm64/include/asm/fixmap.h | 6
arch/arm64/include/asm/memory.h | 6
arch/arm64/include/asm/mmu.h | 11
arch/arm64/include/asm/mmu_context.h | 7
arch/arm64/include/asm/pgtable-hwdef.h | 1
arch/arm64/include/asm/pgtable-prot.h | 35 +
arch/arm64/include/asm/pgtable.h | 1
arch/arm64/include/asm/proc-fns.h | 6
arch/arm64/include/asm/sysreg.h | 1
arch/arm64/include/asm/tlbflush.h | 16
arch/arm64/kernel/asm-offsets.c | 6
arch/arm64/kernel/cpu-reset.S | 2
arch/arm64/kernel/cpufeature.c | 135 ++++++
arch/arm64/kernel/entry.S | 188 ++++++++-
arch/arm64/kernel/head.S | 2
arch/arm64/kernel/process.c | 12
arch/arm64/kernel/sleep.S | 2
arch/arm64/kernel/vmlinux.lds.S | 22 +
arch/arm64/mm/context.c | 25 -
arch/arm64/mm/mmu.c | 31 +
arch/arm64/mm/proc.S | 216 ++++++++++-
arch/frv/include/asm/timex.h | 6
arch/powerpc/kernel/exceptions-64s.S | 2
arch/powerpc/kernel/irq.c | 8
arch/x86/crypto/cast5_avx_glue.c | 3
arch/x86/kernel/kprobes/core.c | 9
block/bio.c | 4
block/partitions/msdos.c | 4
crypto/ahash.c | 7
drivers/block/mtip32xx/mtip32xx.c | 36 -
drivers/hid/hid-sony.c | 45 --
drivers/infiniband/core/addr.c | 16
drivers/infiniband/core/ucma.c | 61 +--
drivers/input/mouse/alps.c | 24 +
drivers/input/mousedev.c | 62 +--
drivers/input/serio/i8042-x86ia64io.h | 24 +
drivers/md/dm-ioctl.c | 4
drivers/md/raid10.c | 1
drivers/media/usb/usbtv/usbtv-core.c | 2
drivers/misc/mei/main.c | 1
drivers/mtd/chips/jedec_probe.c | 2
drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 50 +-
drivers/net/ethernet/hisilicon/hns/hns_dsaf_gmac.c | 2
drivers/net/ethernet/hisilicon/hns/hns_dsaf_ppe.c | 2
drivers/net/ethernet/hisilicon/hns/hns_dsaf_rcb.c | 2
drivers/net/ethernet/hisilicon/hns/hns_ethtool.c | 4
drivers/net/phy/mdio-xgene.c | 50 +-
drivers/net/phy/mdio-xgene.h | 4
drivers/parport/parport_pc.c | 4
drivers/pci/probe.c | 2
drivers/pci/setup-res.c | 2
drivers/scsi/virtio_scsi.c | 1
drivers/spi/Kconfig | 1
drivers/spi/spi-davinci.c | 2
drivers/staging/comedi/drivers/ni_mio_common.c | 2
drivers/tty/vt/vt.c | 6
drivers/usb/dwc2/hcd.c | 7
drivers/usb/gadget/udc/core.c | 4
drivers/usb/serial/cp210x.c | 1
drivers/usb/serial/ftdi_sio.c | 2
drivers/usb/serial/ftdi_sio_ids.h | 9
fs/btrfs/tree-log.c | 2
fs/ceph/file.c | 9
fs/compat_ioctl.c | 2
include/linux/cpumask.h | 10
include/linux/init.h | 3
include/linux/jiffies.h | 13
include/linux/llist.h | 21 -
include/linux/netfilter/x_tables.h | 2
include/rdma/ib_addr.h | 2
include/uapi/linux/pci_regs.h | 2
init/main.c | 7
ipc/shm.c | 12
kernel/events/hw_breakpoint.c | 30 -
kernel/irq/manage.c | 2
kernel/kprobes.c | 2
kernel/module.c | 20 -
mm/vmscan.c | 13
net/bluetooth/smp.c | 8
net/bridge/netfilter/ebt_among.c | 34 +
net/ipv4/netfilter/nf_nat_h323.c | 57 +-
net/ipv6/ip6_vti.c | 20 -
net/mac80211/ibss.c | 4
net/mac80211/rate.c | 6
net/netfilter/nf_conntrack_netlink.c | 7
net/netfilter/x_tables.c | 30 +
net/netfilter/xt_hashlimit.c | 11
net/netfilter/xt_recent.c | 6
net/wireless/nl80211.c | 2
net/wireless/util.c | 6
net/xfrm/xfrm_ipcomp.c | 2
net/xfrm/xfrm_state.c | 5
net/xfrm/xfrm_user.c | 21 -
security/selinux/hooks.c | 16
security/selinux/ss/services.c | 2
sound/core/oss/pcm_oss.c | 4
sound/core/pcm_native.c | 2
sound/usb/quirks.c | 1
110 files changed, 1204 insertions(+), 445 deletions(-)
AKASHI Takahiro (1):
module: extend 'rodata=off' boot cmdline parameter to module mappings
Alexander Gerasiov (1):
parport_pc: Add support for WCH CH382L PCI-E single parallel port card.
Alexander Potapenko (1):
llist: clang: introduce member_address_is_nonnull()
Arnd Bergmann (1):
xgene_enet: remove bogus forward declarations
Clemens Werther (1):
USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator
Colin Ian King (1):
mei: remove dev_err message on an unsupported ioctl
Dan Carpenter (1):
ALSA: pcm: potential uninitialized return values
Dennis Wassenberg (1):
Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list
Eric Biggers (1):
crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one
Fabio Estevam (1):
ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[]
Florian Westphal (3):
xfrm_user: uncoditionally validate esn replay attribute struct
netfilter: bridge: ebt_among: add more missing match size checks
netfilter: x_tables: add and use xt_check_proc_name
Frank Mori Hess (1):
staging: comedi: ni_mio_common: ack ai fifo error interrupts.
Frank Praznik (1):
HID: sony: Use LED_CORE_SUSPENDRESUME
Greg Hackmann (1):
net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms()
Greg Kroah-Hartman (7):
Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin"
Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin"
Revert "spi: bcm-qspi: shut up warning about cfi header inclusion"
Revert "mtip32xx: use runtime tag to initialize command header"
Revert "ip6_vti: adjust vti mtu according to mtu of lower device"
spi: davinci: fix up dma_mapping_error() incorrect patch
Linux 4.9.93
Guoqing Jiang (1):
md/raid10: reset the 'first' at the end of loop
Herbert Xu (1):
crypto: ahash - Fix early termination in hash walk
Jayachandran C (2):
arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
arm64: Turn on KPTI only on CPUs that need it
Johan Hovold (1):
USB: serial: cp210x: add ELDAT Easywave RX09 id
John Stultz (1):
usb: dwc2: Improve gadget state disconnection handling
Keerthy (4):
Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition
ARM: dts: dra7: Add power hold and power controller properties to palmas
ARM: dts: am57xx-beagle-x15-common: Add overide powerhold property
ARM: dts: am57xx-idk-common: Add overide powerhold property
Leon Romanovsky (5):
RDMA/ucma: Check AF family prior resolving address
RDMA/ucma: Fix use-after-free access in ucma_close
RDMA/ucma: Ensure that CM_ID exists prior to access it
RDMA/ucma: Check that device is connected prior to access it
RDMA/ucma: Check that device exists prior to accessing it
Linus Torvalds (1):
perf/hwbp: Simplify the perf-hwbp code, fix documentation
Linus Walleij (1):
mtd: jedec_probe: Fix crash in jedec_read_mfr()
Major Hayden (1):
USB: serial: ftdi_sio: add RT Systems VX-8 cable
Marc Zyngier (2):
arm64: Allow checking of a CPU-local erratum
arm64: Force KPTI to be disabled on Cavium ThunderX
Mark Charlebois (1):
fs: compat: Remove warning from COMPATIBLE_IOCTL
Mark Rutland (1):
arm64: factor out entry stack manipulation
Masaki Ota (1):
Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370
Masami Hiramatsu (1):
kprobes/x86: Fix to set RWX bits correctly before releasing trampoline
Matthias Brugger (1):
net: hns: Fix ethtool private flags
Matthias Kaehlcke (14):
PCI: Make PCI_ROM_ADDRESS_MASK a 32-bit constant
dm ioctl: remove double parentheses
genirq: Use cpumask_available() for check of cpumask variable
cpumask: Add helper cpumask_available()
selinux: Remove unnecessary check of array base in selinux_set_mapping()
jiffies.h: declare jiffies and jiffies_64 with ____cacheline_aligned_in_smp
frv: declare jiffies to be located in the .data section
nl80211: Fix enum type of variable in nl80211_put_sta_rate()
cfg80211: Fix array-bounds warning in fragment copy
netfilter: ctnetlink: Make some parameters integer to avoid enum mismatch
mac80211: Fix clang warning about constant operand in logical operation
mac80211: ibss: Fix channel type enum in ieee80211_sta_join_ibss()
btrfs: Remove extra parentheses from condition in copy_items()
selinux: Remove redundant check for unknown labeling behavior
Mike Frysinger (1):
vt: change SGR 21 to follow the standards
Mike Kravetz (1):
ipc/shm.c: add split function to shm_vm_ops
Mikulas Patocka (1):
Fix slab name "biovec-(1<<(21-12))"
Nicholas Piggin (2):
powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened
powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs
Nick Desaulniers (4):
Input: mousedev - fix implicit conversion warning
netfilter: nf_nat_h323: fix logical-not-parentheses warning
arm64: avoid overflow in VA_START and PAGE_OFFSET
mm/vmscan.c: fix unsequenced modification and access warning
Nobutaka Okabe (1):
ALSA: usb-audio: Add native DSD support for TEAC UD-301
Oliver Neukum (1):
media: usbtv: prevent double free in error case
Ondrej Zary (1):
Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad
Paolo Bonzini (1):
scsi: virtio_scsi: always read VPD pages for multiqueue too
Richard Narron (1):
partitions/msdos: Unable to mount UFS 44bsd partitions
Roland Dreier (1):
RDMA/ucma: Introduce safer rdma_addr_size() variants
Stefan Agner (1):
usb: gadget: remove redundant self assignment
Stefan Roese (1):
ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent()
Steffen Klassert (1):
xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
Suzuki K Poulose (1):
arm64: capabilities: Handle duplicate entries for a capability
Szymon Janc (1):
Bluetooth: Fix missing encryption refresh on Security Request
Will Deacon (20):
arm64: mm: Use non-global mappings for kernel space
arm64: mm: Move ASID from TTBR0 to TTBR1
arm64: mm: Allocate ASIDs in pairs
arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
arm64: entry: Add exception trampoline page for exceptions from EL0
arm64: mm: Map entry trampoline into trampoline and kernel page tables
arm64: entry: Explicitly pass exception level to kernel_ventry macro
arm64: entry: Hook up entry trampoline to exception vectors
arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
arm64: kaslr: Put kernel vectors address in separate data page
arm64: use RET instruction for exiting the trampoline
arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: Take into account ID_AA64PFR0_EL1.CSV3
arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
arm64: kpti: Add ->enable callback to remap swapper using nG mappings
arm64: entry: Reword comment about post_ttbr_update_workaround
arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
Yan, Zheng (1):
ceph: only dirty ITER_IOVEC pages for direct read
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2018-04-09 20:32 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-09 9:05 Linux 4.9.93 Jean-Baptiste Theou
2018-04-09 9:30 ` Greg KH
2018-04-09 9:44 ` Marc Zyngier
2018-04-09 9:49 ` Ard Biesheuvel
2018-04-09 9:57 ` Jean-Baptiste Theou
2018-04-09 10:07 ` Mark Rutland
2018-04-09 10:41 ` Jean-Baptiste Theou
2018-04-09 10:25 ` Ard Biesheuvel
2018-04-09 10:28 ` Jean-Baptiste Theou
2018-04-09 11:41 ` Greg KH
2018-04-09 17:02 ` Greg Hackmann
2018-04-09 20:32 ` Sami Tolvanen
2018-04-09 9:55 ` Mark Rutland
-- strict thread matches above, loose matches on Subject: below --
2018-04-08 15:08 Greg KH
2018-04-08 15:08 ` Greg KH
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.