1. 15 1月, 2018 3 次提交
  2. 10 1月, 2018 3 次提交
  3. 05 1月, 2018 1 次提交
  4. 22 12月, 2017 2 次提交
    • B
      arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property · 7d2901f8
      Bogdan Mirea 提交于
      The present change is a bug fix for AVB link iteratively up/down.
      
      Steps to reproduce:
      - start AVB TX stream (Using aplay via MSE),
      - disconnect+reconnect the eth cable,
      - after a reconnection the eth connection goes iteratively up/down
        without user interaction,
      - this may heal after some seconds or even stay for minutes.
      
      As the documentation specifies, the "renesas,no-ether-link" option
      should be used when a board does not provide a proper AVB_LINK signal.
      There is no need for this option enabled on RCAR H3/M3 Salvator-X/XS
      and ULCB starter kits since the AVB_LINK is correctly handled by HW.
      
      Choosing to keep or remove the "renesas,no-ether-link" option will
      have impact on the code flow in the following ways:
      - keeping this option enabled may lead to unexpected behavior since
        the RX & TX are enabled/disabled directly from adjust_link function
        without any HW interrogation,
      - removing this option, the RX & TX will only be enabled/disabled after
        HW interrogation. The HW check is made through the LMON pin in PSR
        register which specifies AVB_LINK signal value (0 - at low level;
        1 - at high level).
      
      In conclusion, the present change is also a safety improvement because
      it removes the "renesas,no-ether-link" option leading to a proper way
      of detecting the link state based on HW interrogation and not on
      software heuristic.
      
      Fixes: dc36965a ("arm64: dts: r8a7796: salvator-x: Enable EthernetAVB")
      Fixes: 6fa501c5 ("arm64: dts: r8a7795: enable EthernetAVB on Salvator-X")
      Signed-off-by: NBogdan Mirea <Bogdan-Stefan_Mirea@mentor.com>
      Signed-off-by: NVladimir Zapolskiy <vladimir_zapolskiy@mentor.com>
      Signed-off-by: NSimon Horman <horms+renesas@verge.net.au>
      7d2901f8
    • B
      arm64: dts: renesas: salvator-x: Remove renesas, no-ether-link property · 87c059e9
      Bogdan Mirea 提交于
      The present change is a bug fix for AVB link iteratively up/down.
      
      Steps to reproduce:
      - start AVB TX stream (Using aplay via MSE),
      - disconnect+reconnect the eth cable,
      - after a reconnection the eth connection goes iteratively up/down
        without user interaction,
      - this may heal after some seconds or even stay for minutes.
      
      As the documentation specifies, the "renesas,no-ether-link" option
      should be used when a board does not provide a proper AVB_LINK signal.
      There is no need for this option enabled on RCAR H3/M3 Salvator-X/XS
      and ULCB starter kits since the AVB_LINK is correctly handled by HW.
      
      Choosing to keep or remove the "renesas,no-ether-link" option will
      have impact on the code flow in the following ways:
      - keeping this option enabled may lead to unexpected behavior since
        the RX & TX are enabled/disabled directly from adjust_link function
        without any HW interrogation,
      - removing this option, the RX & TX will only be enabled/disabled after
        HW interrogation. The HW check is made through the LMON pin in PSR
        register which specifies AVB_LINK signal value (0 - at low level;
        1 - at high level).
      
      In conclusion, the present change is also a safety improvement because
      it removes the "renesas,no-ether-link" option leading to a proper way
      of detecting the link state based on HW interrogation and not on
      software heuristic.
      
      Fixes: dc36965a ("arm64: dts: r8a7796: salvator-x: Enable EthernetAVB")
      Fixes: 6fa501c5 ("arm64: dts: r8a7795: enable EthernetAVB on Salvator-X")
      Signed-off-by: NBogdan Mirea <Bogdan-Stefan_Mirea@mentor.com>
      Signed-off-by: NVladimir Zapolskiy <vladimir_zapolskiy@mentor.com>
      Signed-off-by: NSimon Horman <horms+renesas@verge.net.au>
      87c059e9
  5. 18 12月, 2017 1 次提交
  6. 16 12月, 2017 1 次提交
    • W
      arm64: fpsimd: Fix copying of FP state from signal frame into task struct · a4544831
      Will Deacon 提交于
      Commit 9de52a75 ("arm64: fpsimd: Fix failure to restore FPSIMD
      state after signals") fixed an issue reported in our FPSIMD signal
      restore code but inadvertently introduced another issue which tends to
      manifest as random SEGVs in userspace.
      
      The problem is that when we copy the struct fpsimd_state from the kernel
      stack (populated from the signal frame) into the struct held in the
      current thread_struct, we blindly copy uninitialised stack into the
      "cpu" field, which means that context-switching of the FP registers is
      no longer reliable.
      
      This patch fixes the problem by copying only the user_fpsimd member of
      struct fpsimd_state. We should really rework the function prototypes
      to take struct user_fpsimd_state * instead, but let's just get this
      fixed for now.
      
      Cc: Dave Martin <Dave.Martin@arm.com>
      Fixes: 9de52a75 ("arm64: fpsimd: Fix failure to restore FPSIMD state after signals")
      Reported-by: NGeert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      a4544831
  7. 14 12月, 2017 2 次提交
    • D
      arm64/sve: Report SVE to userspace via CPUID only if supported · 3fab3999
      Dave Martin 提交于
      Currently, the SVE field in ID_AA64PFR0_EL1 is visible
      unconditionally to userspace via the CPU ID register emulation,
      irrespective of the kernel config.  This means that if a kernel
      configured with CONFIG_ARM64_SVE=n is run on SVE-capable hardware,
      userspace will see SVE reported as present in the ID regs even
      though the kernel forbids execution of SVE instructions.
      
      This patch makes the exposure of the SVE field in ID_AA64PFR0_EL1
      conditional on CONFIG_ARM64_SVE=y.
      
      Since future architecture features are likely to encounter a
      similar requirement, this patch adds a suitable helper macros for
      use when declaring config-conditional ID register fields.
      
      Fixes: 43994d82 ("arm64/sve: Detect SVE and activate runtime support")
      Reviewed-by: NSuzuki K Poulose <suzuki.poulose@arm.com>
      Reported-by: NMark Rutland <mark.rutland@arm.com>
      Signed-off-by: NDave Martin <Dave.Martin@arm.com>
      Cc: Suzuki Poulose <suzuki.poulose@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      3fab3999
    • M
      arm64: fix CONFIG_DEBUG_WX address reporting · 1d08a044
      Mark Rutland 提交于
      In ptdump_check_wx(), we pass walk_pgd() a start address of 0 (rather
      than VA_START) for the init_mm. This means that any reported W&X
      addresses are offset by VA_START, which is clearly wrong and can make
      them appear like userspace addresses.
      
      Fix this by telling the ptdump code that we're walking init_mm starting
      at VA_START. We don't need to update the addr_markers, since these are
      still valid bounds regardless.
      
      Cc: <stable@vger.kernel.org>
      Fixes: 1404d6f1 ("arm64: dump: Add checking for writable and exectuable pages")
      Signed-off-by: NMark Rutland <mark.rutland@arm.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Laura Abbott <labbott@redhat.com>
      Reported-by: NTimur Tabi <timur@codeaurora.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      1d08a044
  8. 13 12月, 2017 1 次提交
  9. 12 12月, 2017 6 次提交
    • W
      arm64: hw_breakpoint: Use linux/uaccess.h instead of asm/uaccess.h · 0e17cada
      Will Deacon 提交于
      The only inclusion of asm/uaccess.h should be by linux/uaccess.h. All
      other headers should use the latter.
      Reported-by: NAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      0e17cada
    • S
      arm64: Add software workaround for Falkor erratum 1041 · 932b50c7
      Shanker Donthineni 提交于
      The ARM architecture defines the memory locations that are permitted
      to be accessed as the result of a speculative instruction fetch from
      an exception level for which all stages of translation are disabled.
      Specifically, the core is permitted to speculatively fetch from the
      4KB region containing the current program counter 4K and next 4K.
      
      When translation is changed from enabled to disabled for the running
      exception level (SCTLR_ELn[M] changed from a value of 1 to 0), the
      Falkor core may errantly speculatively access memory locations outside
      of the 4KB region permitted by the architecture. The errant memory
      access may lead to one of the following unexpected behaviors.
      
      1) A System Error Interrupt (SEI) being raised by the Falkor core due
         to the errant memory access attempting to access a region of memory
         that is protected by a slave-side memory protection unit.
      2) Unpredictable device behavior due to a speculative read from device
         memory. This behavior may only occur if the instruction cache is
         disabled prior to or coincident with translation being changed from
         enabled to disabled.
      
      The conditions leading to this erratum will not occur when either of the
      following occur:
       1) A higher exception level disables translation of a lower exception level
         (e.g. EL2 changing SCTLR_EL1[M] from a value of 1 to 0).
       2) An exception level disabling its stage-1 translation if its stage-2
          translation is enabled (e.g. EL1 changing SCTLR_EL1[M] from a value of 1
          to 0 when HCR_EL2[VM] has a value of 1).
      
      To avoid the errant behavior, software must execute an ISB immediately
      prior to executing the MSR that will change SCTLR_ELn[M] from 1 to 0.
      Signed-off-by: NShanker Donthineni <shankerd@codeaurora.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      932b50c7
    • S
      arm64: Define cputype macros for Falkor CPU · c622cc01
      Shanker Donthineni 提交于
      Add cputype definition macros for Qualcomm Datacenter Technologies
      Falkor CPU in cputype.h. It's unfortunate that the first revision
      of the Falkor CPU used the wrong part number 0x800, got fixed in v2
      chip with part number 0xC00, and would be used the same value for
      future revisions.
      Signed-off-by: NShanker Donthineni <shankerd@codeaurora.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      c622cc01
    • W
      arm64: mm: Fix false positives in set_pte_at access/dirty race detection · 86c9e812
      Will Deacon 提交于
      Jiankang reports that our race detection in set_pte_at is firing when
      copying the page tables in dup_mmap as a result of a fork(). In this
      situation, the page table isn't actually live and so there is no way
      that we can race with a concurrent update from the hardware page table
      walker.
      
      This patch reworks the race detection so that we require either the
      mm to match the current active_mm (i.e. currently installed in our TTBR0)
      or the mm_users count to be greater than 1, implying that the page table
      could be live in another CPU. The mm_users check might still be racy,
      but we'll avoid false positives and it's not realistic to validate that
      all the necessary locks are held as part of this assertion.
      
      Cc: Yisheng Xie <xieyisheng1@huawei.com>
      Reported-by: NJiankang Chen <chenjiankang1@huawei.com>
      Tested-by: NJiankang Chen <chenjiankang1@huawei.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      86c9e812
    • S
      arm64: mm: Fix pte_mkclean, pte_mkdirty semantics · 8781bcbc
      Steve Capper 提交于
      On systems with hardware dirty bit management, the ltp madvise09 unit
      test fails due to dirty bit information being lost and pages being
      incorrectly freed.
      
      This was bisected to:
      	arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()
      
      Reverting this commit leads to a separate problem, that the unit test
      retains pages that should have been dropped due to the function
      madvise_free_pte_range(.) not cleaning pte's properly.
      
      Currently pte_mkclean only clears the software dirty bit, thus the
      following code sequence can appear:
      
      	pte = pte_mkclean(pte);
      	if (pte_dirty(pte))
      		// this condition can return true with HW DBM!
      
      This patch also adjusts pte_mkclean to set PTE_RDONLY thus effectively
      clearing both the SW and HW dirty information.
      
      In order for this to function on systems without HW DBM, we need to
      also adjust pte_mkdirty to remove the read only bit from writable pte's
      to avoid infinite fault loops.
      
      Cc: <stable@vger.kernel.org>
      Fixes: 64c26841 ("arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()")
      Reported-by: NBhupinder Thakur <bhupinder.thakur@linaro.org>
      Tested-by: NBhupinder Thakur <bhupinder.thakur@linaro.org>
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Signed-off-by: NSteve Capper <steve.capper@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      8781bcbc
    • S
      arm64: Initialise high_memory global variable earlier · f24e5834
      Steve Capper 提交于
      The high_memory global variable is used by
      cma_declare_contiguous(.) before it is defined.
      
      We don't notice this as we compute __pa(high_memory - 1), and it looks
      like we're processing a VA from the direct linear map.
      
      This problem becomes apparent when we flip the kernel virtual address
      space and the linear map is moved to the bottom of the kernel VA space.
      
      This patch moves the initialisation of high_memory before it used.
      
      Cc: <stable@vger.kernel.org>
      Fixes: f7426b98 ("mm: cma: adjust address limit to avoid hitting low/high memory boundary")
      Signed-off-by: NSteve Capper <steve.capper@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      f24e5834
  10. 09 12月, 2017 1 次提交
  11. 07 12月, 2017 5 次提交
    • D
      arm64/sve: Avoid dereference of dead task_struct in KVM guest entry · cb968afc
      Dave Martin 提交于
      When deciding whether to invalidate FPSIMD state cached in the cpu,
      the backend function sve_flush_cpu_state() attempts to dereference
      __this_cpu_read(fpsimd_last_state).  However, this is not safe:
      there is no guarantee that this task_struct pointer is still valid,
      because the task could have exited in the meantime.
      
      This means that we need another means to get the appropriate value
      of TIF_SVE for the associated task.
      
      This patch solves this issue by adding a cached copy of the TIF_SVE
      flag in fpsimd_last_state, which we can check without dereferencing
      the task pointer.
      
      In particular, although this patch is not a KVM fix per se, this
      means that this check is now done safely in the KVM world switch
      path (which is currently the only user of this code).
      Signed-off-by: NDave Martin <Dave.Martin@arm.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Christoffer Dall <christoffer.dall@linaro.org>
      Cc: Marc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      cb968afc
    • W
      arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb · d96cc49b
      Will Deacon 提交于
      enter_lazy_tlb is called when a kernel thread rides on the back of
      another mm, due to a context switch or an explicit call to unuse_mm
      where a call to switch_mm is elided.
      
      In these cases, it's important to keep the saved ttbr value up to date
      with the active mm, otherwise we can end up with a stale value which
      points to a potentially freed page table.
      
      This patch implements enter_lazy_tlb for arm64, so that the saved ttbr0
      is kept up-to-date with the active mm for kernel threads.
      
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Vinayak Menon <vinmenon@codeaurora.org>
      Cc: <stable@vger.kernel.org>
      Fixes: 39bc88e5 ("arm64: Disable TTBR0_EL1 during normal kernel execution")
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Reviewed-by: NMark Rutland <mark.rutland@arm.com>
      Reported-by: NVinayak Menon <vinmenon@codeaurora.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      d96cc49b
    • W
      arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm · 0adbdfde
      Will Deacon 提交于
      update_saved_ttbr0 mandates that mm->pgd is not swapper, since swapper
      contains kernel mappings and should never be installed into ttbr0. However,
      this means that callers must avoid passing the init_mm to update_saved_ttbr0
      which in turn can cause the saved ttbr0 value to be out-of-date in the context
      of the idle thread. For example, EFI runtime services may leave the saved ttbr0
      pointing at the EFI page table, and kernel threads may end up with stale
      references to freed page tables.
      
      This patch changes update_saved_ttbr0 so that the init_mm points the saved
      ttbr0 value to the empty zero page, which always exists and never contains
      valid translations. EFI and switch can then call into update_saved_ttbr0
      unconditionally.
      
      Cc: Mark Rutland <mark.rutland@arm.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Vinayak Menon <vinmenon@codeaurora.org>
      Cc: <stable@vger.kernel.org>
      Fixes: 39bc88e5 ("arm64: Disable TTBR0_EL1 during normal kernel execution")
      Reviewed-by: NCatalin Marinas <catalin.marinas@arm.com>
      Reviewed-by: NMark Rutland <mark.rutland@arm.com>
      Reported-by: NVinayak Menon <vinmenon@codeaurora.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      0adbdfde
    • D
      arm64: fpsimd: Abstract out binding of task's fpsimd context to the cpu. · 8884b7bd
      Dave Martin 提交于
      There is currently some duplicate logic to associate current's
      FPSIMD context with the cpu when loading FPSIMD state into the cpu
      regs.
      
      Subsequent patches will update that logic, so in order to ensure it
      only needs to be done in one place, this patch factors the relevant
      code out into a new function fpsimd_bind_to_cpu().
      Signed-off-by: NDave Martin <Dave.Martin@arm.com>
      Reviewed-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      8884b7bd
    • D
      arm64: fpsimd: Prevent registers leaking from dead tasks · 071b6d4a
      Dave Martin 提交于
      Currently, loading of a task's fpsimd state into the CPU registers
      is skipped if that task's state is already present in the registers
      of that CPU.
      
      However, the code relies on the struct fpsimd_state * (and by
      extension struct task_struct *) to unambiguously identify a task.
      
      There is a particular case in which this doesn't work reliably:
      when a task exits, its task_struct may be recycled to describe a
      new task.
      
      Consider the following scenario:
      
       1) Task P loads its fpsimd state onto cpu C.
              per_cpu(fpsimd_last_state, C) := P;
              P->thread.fpsimd_state.cpu := C;
      
       2) Task X is scheduled onto C and loads its fpsimd state on C.
              per_cpu(fpsimd_last_state, C) := X;
              X->thread.fpsimd_state.cpu := C;
      
       3) X exits, causing X's task_struct to be freed.
      
       4) P forks a new child T, which obtains X's recycled task_struct.
      	T == X.
      	T->thread.fpsimd_state.cpu == C (inherited from P).
      
       5) T is scheduled on C.
      	T's fpsimd state is not loaded, because
      	per_cpu(fpsimd_last_state, C) == T (== X) &&
      	T->thread.fpsimd_state.cpu == C.
      
              (This is the check performed by fpsimd_thread_switch().)
      
      So, T gets X's registers because the last registers loaded onto C
      were those of X, in (2).
      
      This patch fixes the problem by ensuring that the sched-in check
      fails in (5): fpsimd_flush_task_state(T) is called when T is
      forked, so that T->thread.fpsimd_state.cpu == C cannot be true.
      This relies on the fact that T is not schedulable until after
      copy_thread() completes.
      
      Once T's fpsimd state has been loaded on some CPU C there may still
      be other cpus D for which per_cpu(fpsimd_last_state, D) ==
      &X->thread.fpsimd_state.  But D is necessarily != C in this case,
      and the check in (5) must fail.
      
      An alternative fix would be to do refcounting on task_struct.  This
      would result in each CPU holding a reference to the last task whose
      fpsimd state was loaded there.  It's not clear whether this is
      preferable, and it involves higher overhead than the fix proposed
      in this patch.  It would also move all the task_struct freeing
      work into the context switch critical section, or otherwise some
      deferred cleanup mechanism would need to be introduced, neither of
      which seems obviously justified.
      
      Cc: <stable@vger.kernel.org>
      Fixes: 005f78cd ("arm64: defer reloading a task's FPSIMD state to userland resume")
      Signed-off-by: NDave Martin <Dave.Martin@arm.com>
      Reviewed-by: NArd Biesheuvel <ard.biesheuvel@linaro.org>
      [will: word-smithed the comment so it makes more sense]
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      071b6d4a
  12. 06 12月, 2017 2 次提交
    • H
      arm64: dts: rockchip: limit rk3328-rock64 gmac speed to 100MBit for now · bc631943
      Heiko Stuebner 提交于
      It looks like either the current kernel or the hardware has reliability
      issues when the gmac is actually running at 1GBit. In my test-case
      it is not able to boot on a nfsroot at this speed, as the system
      will always lose the connection to the nfs-server during boot, before
      reaching any login prompt and not recover from this.
      
      So until this is solved, limit the speed to 100MBit as with this the
      nfsroot survives stress tests like an apt-get upgrade without problems.
      Signed-off-by: NHeiko Stuebner <heiko@sntech.de>
      bc631943
    • K
      arm64: dts: rockchip: remove vdd_log from rk3399-puma · 87eba071
      Klaus Goger 提交于
      vdd_log has no consumer and therefore will not be set to a specific
      voltage. Still the PWM output pin gets configured and thence the vdd_log
      output voltage will changed from it's default. Depending on the idle
      state of the PWM this will slightly over or undervoltage the logic supply
      of the RK3399 and cause instability with GbE (undervoltage) and PCIe
      (overvoltage). Since the default value set by a voltage divider is the
      correct supply voltage and we don't need to change it during runtime we
      remove the rail from the devicetree completely so the PWM pin will not
      be configured.
      Signed-off-by: NKlaus Goger <klaus.goger@theobroma-systems.com>
      Signed-off-by: NHeiko Stuebner <heiko@sntech.de>
      87eba071
  13. 05 12月, 2017 4 次提交
  14. 03 12月, 2017 1 次提交
  15. 01 12月, 2017 7 次提交