1. 25 9月, 2018 3 次提交
    • S
      powerpc/numa: Use associativity if VPHN hcall is successful · 2483ef05
      Srikar Dronamraju 提交于
      Currently associativity is used to lookup node-id even if the
      preceding VPHN hcall failed. However this can cause CPU to be made
      part of the wrong node, (most likely to be node 0). This is because
      VPHN is not enabled on KVM guests.
      
      With 2ea62630 ("powerpc/topology: Get topology for shared processors at
      boot"), associativity is used to set to the wrong node. Hence KVM
      guest topology is broken.
      
      For example : A 4 node KVM guest before would have reported.
      
        [root@localhost ~]#  numactl -H
        available: 4 nodes (0-3)
        node 0 cpus: 0 1 2 3
        node 0 size: 1746 MB
        node 0 free: 1604 MB
        node 1 cpus: 4 5 6 7
        node 1 size: 2044 MB
        node 1 free: 1765 MB
        node 2 cpus: 8 9 10 11
        node 2 size: 2044 MB
        node 2 free: 1837 MB
        node 3 cpus: 12 13 14 15
        node 3 size: 2044 MB
        node 3 free: 1903 MB
        node distances:
        node   0   1   2   3
          0:  10  40  40  40
          1:  40  10  40  40
          2:  40  40  10  40
          3:  40  40  40  10
      
      Would now report:
      
        [root@localhost ~]# numactl -H
        available: 4 nodes (0-3)
        node 0 cpus: 0 2 3 4 5 6 7 8 9 10 11 12 13 14 15
        node 0 size: 1746 MB
        node 0 free: 1244 MB
        node 1 cpus:
        node 1 size: 2044 MB
        node 1 free: 2032 MB
        node 2 cpus: 1
        node 2 size: 2044 MB
        node 2 free: 2028 MB
        node 3 cpus:
        node 3 size: 2044 MB
        node 3 free: 2032 MB
        node distances:
        node   0   1   2   3
          0:  10  40  40  40
          1:  40  10  40  40
          2:  40  40  10  40
          3:  40  40  40  10
      
      Fix this by skipping associativity lookup if the VPHN hcall failed.
      
      Fixes: 2ea62630 ("powerpc/topology: Get topology for shared processors at boot")
      Signed-off-by: NSrikar Dronamraju <srikar@linux.vnet.ibm.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      2483ef05
    • M
      powerpc/tm: Avoid possible userspace r1 corruption on reclaim · 96dc89d5
      Michael Neuling 提交于
      Current we store the userspace r1 to PACATMSCRATCH before finally
      saving it to the thread struct.
      
      In theory an exception could be taken here (like a machine check or
      SLB miss) that could write PACATMSCRATCH and hence corrupt the
      userspace r1. The SLB fault currently doesn't touch PACATMSCRATCH, but
      others do.
      
      We've never actually seen this happen but it's theoretically
      possible. Either way, the code is fragile as it is.
      
      This patch saves r1 to the kernel stack (which can't fault) before we
      turn MSR[RI] back on. PACATMSCRATCH is still used but only with
      MSR[RI] off. We then copy r1 from the kernel stack to the thread
      struct once we have MSR[RI] back on.
      Suggested-by: NBreno Leitao <leitao@debian.org>
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      96dc89d5
    • M
      powerpc/tm: Fix userspace r13 corruption · cf13435b
      Michael Neuling 提交于
      When we treclaim we store the userspace checkpointed r13 to a scratch
      SPR and then later save the scratch SPR to the user thread struct.
      
      Unfortunately, this doesn't work as accessing the user thread struct
      can take an SLB fault and the SLB fault handler will write the same
      scratch SPRG that now contains the userspace r13.
      
      To fix this, we store r13 to the kernel stack (which can't fault)
      before we access the user thread struct.
      
      Found by running P8 guest + powervm + disable_1tb_segments + TM. Seen
      as a random userspace segfault with r13 looking like a kernel address.
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Reviewed-by: NBreno Leitao <leitao@debian.org>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      cf13435b
  2. 24 9月, 2018 1 次提交
    • M
      powerpc/pseries: Fix unitialized timer reset on migration · 8604895a
      Michael Bringmann 提交于
      After migration of a powerpc LPAR, the kernel executes code to
      update the system state to reflect new platform characteristics.
      
      Such changes include modifications to device tree properties provided
      to the system by PHYP. Property notifications received by the
      post_mobility_fixup() code are passed along to the kernel in general
      through a call to of_update_property() which in turn passes such
      events back to all modules through entries like the '.notifier_call'
      function within the NUMA module.
      
      When the NUMA module updates its state, it resets its event timer. If
      this occurs after a previous call to stop_topology_update() or on a
      system without VPHN enabled, the code runs into an unitialized timer
      structure and crashes. This patch adds a safety check along this path
      toward the problem code.
      
      An example crash log is as follows.
      
        ibmvscsi 30000081: Re-enabling adapter!
        ------------[ cut here ]------------
        kernel BUG at kernel/time/timer.c:958!
        Oops: Exception in kernel mode, sig: 5 [#1]
        LE SMP NR_CPUS=2048 NUMA pSeries
        Modules linked in: nfsv3 nfs_acl nfs tcp_diag udp_diag inet_diag lockd unix_diag af_packet_diag netlink_diag grace fscache sunrpc xts vmx_crypto pseries_rng sg binfmt_misc ip_tables xfs libcrc32c sd_mod ibmvscsi ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod
        CPU: 11 PID: 3067 Comm: drmgr Not tainted 4.17.0+ #179
        ...
        NIP mod_timer+0x4c/0x400
        LR  reset_topology_timer+0x40/0x60
        Call Trace:
          0xc0000003f9407830 (unreliable)
          reset_topology_timer+0x40/0x60
          dt_update_callback+0x100/0x120
          notifier_call_chain+0x90/0x100
          __blocking_notifier_call_chain+0x60/0x90
          of_property_notify+0x90/0xd0
          of_update_property+0x104/0x150
          update_dt_property+0xdc/0x1f0
          pseries_devicetree_update+0x2d0/0x510
          post_mobility_fixup+0x7c/0xf0
          migration_store+0xa4/0xc0
          kobj_attr_store+0x30/0x60
          sysfs_kf_write+0x64/0xa0
          kernfs_fop_write+0x16c/0x240
          __vfs_write+0x40/0x200
          vfs_write+0xc8/0x240
          ksys_write+0x5c/0x100
          system_call+0x58/0x6c
      
      Fixes: 5d88aa85 ("powerpc/pseries: Update CPU maps when device tree is updated")
      Cc: stable@vger.kernel.org # v3.10+
      Signed-off-by: NMichael Bringmann <mwb@linux.vnet.ibm.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      8604895a
  3. 20 9月, 2018 3 次提交
    • T
      powerpc/pkeys: Fix reading of ibm, processor-storage-keys property · c716a25b
      Thiago Jung Bauermann 提交于
      scan_pkey_feature() uses of_property_read_u32_array() to read the
      ibm,processor-storage-keys property and calls be32_to_cpu() on the
      value it gets. The problem is that of_property_read_u32_array() already
      returns the value converted to the CPU byte order.
      
      The value of pkeys_total ends up more or less sane because there's a min()
      call in pkey_initialize() which reduces pkeys_total to 32. So in practice
      the kernel ignores the fact that the hypervisor reserved one key for
      itself (the device tree advertises 31 keys in my test VM).
      
      This is wrong, but the effect in practice is that when a process tries to
      allocate the 32nd key, it gets an -EINVAL error instead of -ENOSPC which
      would indicate that there aren't any keys available
      
      Fixes: cf43d3b2 ("powerpc: Enable pkey subsystem")
      Cc: stable@vger.kernel.org # v4.16+
      Signed-off-by: NThiago Jung Bauermann <bauerman@linux.ibm.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      c716a25b
    • C
      powerpc: fix csum_ipv6_magic() on little endian platforms · 85682a7e
      Christophe Leroy 提交于
      On little endian platforms, csum_ipv6_magic() keeps len and proto in
      CPU byte order. This generates a bad results leading to ICMPv6 packets
      from other hosts being dropped by powerpc64le platforms.
      
      In order to fix this, len and proto should be converted to network
      byte order ie bigendian byte order. However checksumming 0x12345678
      and 0x56341278 provide the exact same result so it is enough to
      rotate the sum of len and proto by 1 byte.
      
      PPC32 only support bigendian so the fix is needed for PPC64 only
      
      Fixes: e9c4943a ("powerpc: Implement csum_ipv6_magic in assembly")
      Reported-by: NJianlin Shi <jishi@redhat.com>
      Reported-by: NXin Long <lucien.xin@gmail.com>
      Cc: <stable@vger.kernel.org> # 4.18+
      Signed-off-by: NChristophe Leroy <christophe.leroy@c-s.fr>
      Tested-by: NXin Long <lucien.xin@gmail.com>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      85682a7e
    • A
      powerpc/powernv/ioda2: Reduce upper limit for DMA window size (again) · 7233b8ca
      Alexey Kardashevskiy 提交于
      mpe: This was fixed originally in commit d3d4ffaa
      ("powerpc/powernv/ioda2: Reduce upper limit for DMA window size"), but
      contrary to what the merge commit says was inadvertently lost by me in
      commit ce57c661 ("Merge branch 'topic/ppc-kvm' into next") which
      brought in changes that moved the code to a new file. So reapply it to
      the new file.
      
      Original commit message follows:
      
      We use PHB in mode1 which uses bit 59 to select a correct DMA window.
      However there is mode2 which uses bits 59:55 and allows up to 32 DMA
      windows per a PE.
      
      Even though documentation does not clearly specify that, it seems that
      the actual hardware does not support bits 59:55 even in mode1, in
      other words we can create a window as big as 1<<58 but DMA simply
      won't work.
      
      This reduces the upper limit from 59 to 55 bits to let the userspace
      know about the hardware limits.
      
      Fixes: ce57c661 ("Merge branch 'topic/ppc-kvm' into next")
      Signed-off-by: NAlexey Kardashevskiy <aik@ozlabs.ru>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      7233b8ca
  4. 18 9月, 2018 1 次提交
    • M
      powerpc: Avoid code patching freed init sections · 51c3c62b
      Michael Neuling 提交于
      This stops us from doing code patching in init sections after they've
      been freed.
      
      In this chain:
        kvm_guest_init() ->
          kvm_use_magic_page() ->
            fault_in_pages_readable() ->
      	 __get_user() ->
      	   __get_user_nocheck() ->
      	     barrier_nospec();
      
      We have a code patching location at barrier_nospec() and
      kvm_guest_init() is an init function. This whole chain gets inlined,
      so when we free the init section (hence kvm_guest_init()), this code
      goes away and hence should no longer be patched.
      
      We seen this as userspace memory corruption when using a memory
      checker while doing partition migration testing on powervm (this
      starts the code patching post migration via
      /sys/kernel/mobility/migration). In theory, it could also happen when
      using /sys/kernel/debug/powerpc/barrier_nospec.
      
      Cc: stable@vger.kernel.org # 4.13+
      Signed-off-by: NMichael Neuling <mikey@neuling.org>
      Reviewed-by: NNicholas Piggin <npiggin@gmail.com>
      Reviewed-by: NChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: NMichael Ellerman <mpe@ellerman.id.au>
      51c3c62b
  5. 17 9月, 2018 1 次提交
  6. 10 9月, 2018 1 次提交
  7. 09 9月, 2018 10 次提交
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 9a568276
      Linus Torvalds 提交于
      Pull x86 fixes from Thomas Gleixner:
       "A set of fixes for x86:
      
         - Prevent multiplication result truncation on 32bit. Introduced with
           the early timestamp reworrk.
      
         - Ensure microcode revision storage to be consistent under all
           circumstances
      
         - Prevent write tearing of PTEs
      
         - Prevent confusion of user and kernel reegisters when dumping fatal
           signals verbosely
      
         - Make an error return value in a failure path of the vector
           allocation negative. Returning EINVAL might the caller assume
           success and causes further wreckage.
      
         - A trivial kernel doc warning fix"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mm: Use WRITE_ONCE() when setting PTEs
        x86/apic/vector: Make error return value negative
        x86/process: Don't mix user/kernel regs in 64bit __show_regs()
        x86/tsc: Prevent result truncation on 32bit
        x86: Fix kernel-doc atomic.h warnings
        x86/microcode: Update the new microcode revision unconditionally
        x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
      9a568276
    • L
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 3567994a
      Linus Torvalds 提交于
      Pull timekeeping fixes from Thomas Gleixner:
       "Two fixes for timekeeping:
      
         - Revert to the previous kthread based update, which is unfortunately
           required due to lock ordering issues. The removal caused boot
           failures on old Core2 machines. Add a proper comment why the thread
           needs to stay to prevent accidental removal in the future.
      
         - Fix a silly typo in a function declaration"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        clocksource: Revert "Remove kthread"
        timekeeping: Fix declaration of read_persistent_wall_and_boot_offset()
      3567994a
    • L
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 225ad3cf
      Linus Torvalds 提交于
      Pull irqchip fix from Thomas Gleixner:
       "A single fix to prevent allocating excessive memory in the GIC/ITS
        driver.
      
        While the subject of the patch might suggest otherwise this is a real
        fix as some SoCs exceed the memory allocation limits and fail to boot"
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/gic-v3-its: Cap lpi_id_bits to reduce memory footprint
      225ad3cf
    • L
      Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e0a0d058
      Linus Torvalds 提交于
      Pull cpu hotplug fixes from Thomas Gleixner:
       "Two fixes for the hotplug state machine code:
      
         - Move the misplaces smb() in the hotplug thread function to the
           proper place, otherwise a half update control struct could be
           observed
      
         - Prevent state corruption on error rollback, which causes the state
           to advance by one and as a consequence skip it in the bringup
           sequence"
      
      * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        cpu/hotplug: Prevent state corruption on error rollback
        cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun()
      e0a0d058
    • L
      Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random · 3243a89d
      Linus Torvalds 提交于
      Pull random driver fix from Ted Ts'o:
       "Fix things so the choice of whether or not to trust RDRAND to
        initialize the CRNG is configurable via the boot option
        random.trust_cpu={on,off}"
      
      * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
        random: make CPU trust a boot parameter
      3243a89d
    • L
      Merge tag 'kbuild-fixes-v4.19' of... · 1d225777
      Linus Torvalds 提交于
      Merge tag 'kbuild-fixes-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
      
      Pull Kbuild fixes from Masahiro Yamada:
      
       - make setlocalversion more robust about -dirty check
      
       - loosen the pkg-config requirement for Kconfig
      
       - change missing depmod to a warning from an error
      
       - warn modules_install when System.map is missing
      
      * tag 'kbuild-fixes-v4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
        kbuild: modules_install: warn when missing System.map file
        kbuild: make missing $DEPMOD a Warning instead of an Error
        kconfig: do not require pkg-config on make {menu,n}config
        kconfig: remove a spurious self-assignment
        scripts/setlocalversion: git: Make -dirty check more robust
      1d225777
    • R
      kbuild: modules_install: warn when missing System.map file · f0b0d88a
      Randy Dunlap 提交于
      If there is no System.map file for "make modules_install",
      scripts/depmod.sh will silently exit with success, having done
      nothing.  Since this is an unexpected situation, change it to
      report a Warning for the missing file.  The behavior is not
      changed except for the Warning message.
      
      The (previous) silent success and new Warning can be reproduced
      by:
      $ make mrproper; make defconfig
      $ make modules; make modules_install
      
      and since System.map is produced by "make vmlinux", the steps
      above omit producing the System.map file.
      Reported-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      Signed-off-by: NRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NMasahiro Yamada <yamada.masahiro@socionext.com>
      f0b0d88a
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · f8f65382
      Linus Torvalds 提交于
      Pull KVM fixes from Radim Krčmář:
       "ARM:
         - Fix a VFP corruption in 32-bit guest
         - Add missing cache invalidation for CoW pages
         - Two small cleanups
      
        s390:
         - Fallout from the hugetlbfs support: pfmf interpretion and locking
         - VSIE: fix keywrapping for nested guests
      
        PPC:
         - Fix a bug where pages might not get marked dirty, causing guest
           memory corruption on migration
         - Fix a bug causing reads from guest memory to use the wrong guest
           real address for very large HPT guests (>256G of memory), leading
           to failures in instruction emulation.
      
        x86:
         - Fix out of bound access from malicious pv ipi hypercalls
           (introduced in rc1)
         - Fix delivery of pending interrupts when entering a nested guest,
           preventing arbitrarily late injection
         - Sanitize kvm_stat output after destroying a guest
         - Fix infinite loop when emulating a nested guest page fault and
           improve the surrounding emulation code
         - Two minor cleanups"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (28 commits)
        KVM: LAPIC: Fix pv ipis out-of-bounds access
        KVM: nVMX: Fix loss of pending IRQ/NMI before entering L2
        arm64: KVM: Remove pgd_lock
        KVM: Remove obsolete kvm_unmap_hva notifier backend
        arm64: KVM: Only force FPEXC32_EL2.EN if trapping FPSIMD
        KVM: arm/arm64: Clean dcache to PoC when changing PTE due to CoW
        KVM: s390: Properly lock mm context allow_gmap_hpage_1m setting
        KVM: s390: vsie: copy wrapping keys to right place
        KVM: s390: Fix pfmf and conditional skey emulation
        tools/kvm_stat: re-animate display of dead guests
        tools/kvm_stat: indicate dead guests as such
        tools/kvm_stat: handle guest removals more gracefully
        tools/kvm_stat: don't reset stats when setting PID filter for debugfs
        tools/kvm_stat: fix updates for dead guests
        tools/kvm_stat: fix handling of invalid paths in debugfs provider
        tools/kvm_stat: fix python3 issues
        KVM: x86: Unexport x86_emulate_instruction()
        KVM: x86: Rename emulate_instruction() to kvm_emulate_instruction()
        KVM: x86: Do not re-{try,execute} after failed emulation in L2
        KVM: x86: Default to not allowing emulation retry in kvm_mmu_page_fault
        ...
      f8f65382
    • L
      Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 0f3aa48a
      Linus Torvalds 提交于
      Pull ARM SoC fixes from Olof Johansson:
       "A few more fixes who have trickled in:
      
         - MMC bus width fixup for some Allwinner platforms
      
         - Fix for NULL deref in ti-aemif when no platform data is passed in
      
         - Fix div by 0 in SCMI code
      
         - Add a missing module alias in a new RPi driver"
      
      * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        memory: ti-aemif: fix a potential NULL-pointer dereference
        firmware: arm_scmi: fix divide by zero when sustained_perf_level is zero
        hwmon: rpi: add module alias to raspberrypi-hwmon
        arm64: allwinner: dts: h6: fix Pine H64 MMC bus width
      0f3aa48a
    • O
      Merge tag 'sunxi-fixes-for-4.19' of... · a132bb90
      Olof Johansson 提交于
      Merge tag 'sunxi-fixes-for-4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux into fixes
      
      Allwinner fixes for 4.19
      
      Just one fix for H6 mmc on the Pine H64: the mmc bus width was missing
      from the device tree. This was added in 4.19-rc1.
      
      * tag 'sunxi-fixes-for-4.19' of https://git.kernel.org/pub/scm/linux/kernel/git/sunxi/linux:
        arm64: allwinner: dts: h6: fix Pine H64 MMC bus width
      Signed-off-by: NOlof Johansson <olof@lixom.net>
      a132bb90
  8. 08 9月, 2018 15 次提交
  9. 07 9月, 2018 5 次提交