- 31 1月, 2015 4 次提交
-
-
由 James Hogan 提交于
There is a race in the MIPS fork code which allows the child to get a stale copy of parent MSA/FPU/DSP state that is active in hardware registers when the fork() is called. This is because copy_thread() saves the live register state into the child context only if the hardware is currently in use, apparently on the assumption that the hardware state cannot have been saved and disabled since the initial duplication of the task_struct. However preemption is certainly possible during this window. An example sequence of events is as follows: 1) The parent userland process puts important data into saved floating point registers ($f20-$f31), which are then dirty compared to the process' stored context. 2) The parent process calls fork() which does a clone system call. 3) In the kernel, do_fork() -> copy_process() -> dup_task_struct() -> arch_dup_task_struct() (which uses the weakly defined default implementation). This duplicates the parent process' task context, which includes a stale version of its FP context from when it was last saved, probably some time before (1). 4) At some point before copy_process() calls copy_thread(), such as when duplicating the memory map, the process is desceduled. Perhaps it is preempted asynchronously, or perhaps it sleeps while blocked on a mutex. The dirty FP state in the FP registers is saved to the parent process' context and the FPU is disabled. 5) When the process is rescheduled again it continues copying state until it gets to copy_thread(), which checks whether the FPU is in use, so that it can copy that dirty state to the child process' task context. Because of the deschedule however the FPU is not in use, so the child process' context is left with stale FP context from the last time the parent saved it (some time before (1)). 6) When the new child process is scheduled it reads the important data from the saved floating point register, and ends up doing a NULL pointer dereference as a result of the stale data. This use of saved floating point registers across function calls can be triggered fairly easily by explicitly using inline asm with a current (MIPS R2) compiler, but is far more likely to happen unintentionally with a MIPS R6 compiler where the FP registers are more likely to get used as scratch registers for storing non-fp data. It is easily fixed, in the same way that other architectures do it, by overriding the implementation of arch_dup_task_struct() to sync the dirty hardware state to the parent process' task context *prior* to duplicating it, rather than copying straight to the child process' task context in copy_thread(). Note, the FPU hardware is not disabled so the parent process may continue executing with the live register context, but now the child process is guaranteed to have an identical copy of it at that point. Signed-off-by: NJames Hogan <james.hogan@imgtec.com> Reported-by: NMatthew Fortune <matthew.fortune@imgtec.com> Tested-by: NMarkos Chandras <markos.chandras@imgtec.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Burton <paul.burton@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/9075/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 David Daney 提交于
The following commits: 5890f70f (MIPS: Use dedicated exception handler if CPU supports RI/XI exceptions) 6575b1d4 (MIPS: kernel: cpu-probe: Detect unique RI/XI exceptions) break the kernel for *all* existing MIPS CPUs that implement the CP0_PageGrain[IEC] bit. They cause the TLB exception handlers to be generated without the legacy execute-inhibit handling, but never set the CP0_PageGrain[IEC] bit to activate the use of dedicated exception vectors for execute-inhibit exceptions. The result is that upon detection of an execute-inhibit violation, we loop forever in the TLB exception handlers instead of sending SIGSEGV to the task. If we are generating TLB exception handlers expecting separate vectors, we must also enable the CP0_PageGrain[IEC] feature. The bug was introduced in kernel version 3.17. Signed-off-by: NDavid Daney <david.daney@cavium.com> Cc: <stable@vger.kernel.org> Cc: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: http://patchwork.linux-mips.org/patch/8880/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 James Hogan 提交于
Commit 842dfc11 ("MIPS: Fix build with binutils 2.24.51+") in v3.18 enabled -msoft-float and sprinkled ".set hardfloat" where necessary to use FP instructions. However it missed enable_restore_fp_context() which since v3.17 does a ctc1 with inline assembly, causing the following assembler errors on Mentor's 2014.05 toolchain: {standard input}: Assembler messages: {standard input}:2913: Error: opcode not supported on this processor: mips32r2 (mips32r2) `ctc1 $2,$31' scripts/Makefile.build:257: recipe for target 'arch/mips/kernel/traps.o' failed Fix that to use the new write_32bit_cp1_register() macro so that ".set hardfloat" is automatically added when -msoft-float is in use. Fixes 842dfc11 ("MIPS: Fix build with binutils 2.24.51+") Signed-off-by: NJames Hogan <james.hogan@imgtec.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Burton <paul.burton@imgtec.com> Cc: linux-mips@linux-mips.org Cc: <stable@vger.kernel.org> # 3.18+, depends on "MIPS: mipsregs.h: Add write_32bit_cp1_register()" Patchwork: https://patchwork.linux-mips.org/patch/9173/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 James Hogan 提交于
Add a write_32bit_cp1_register() macro to compliment the read_32bit_cp1_register() macro. This is to abstract whether .set hardfloat needs to be used based on GAS_HAS_SET_HARDFLOAT. The implementation of _read_32bit_cp1_register() .sets mips1 due to failure of gas v2.19 to assemble cfc1 for Octeon (see commit 25c30003 ("MIPS: Override assembler target architecture for octeon.")). I haven't copied this over to _write_32bit_cp1_register() as I'm uncertain whether it applies to ctc1 too, or whether anybody cares about that version of binutils any longer. Signed-off-by: NJames Hogan <james.hogan@imgtec.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Paul Burton <paul.burton@imgtec.com> Cc: David Daney <david.daney@cavium.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/9172/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
- 30 1月, 2015 2 次提交
-
-
由 Hemmo Nieminen 提交于
As printk() invocation can cause e.g. a TLB miss, printk() cannot be called before the exception handlers have been properly initialized. This can happen e.g. when netconsole has been loaded as a kernel module and the TLB table has been cleared when a CPU was offline. Call cpu_report() in start_secondary() only after the exception handlers have been initialized to fix this. Without the patch the kernel will randomly either lockup or crash after a CPU is onlined and the console driver is a module. Signed-off-by: NHemmo Nieminen <hemmo.nieminen@iki.fi> Signed-off-by: NAaro Koskinen <aaro.koskinen@iki.fi> Cc: stable@vger.kernel.org Cc: David Daney <david.daney@cavium.com> Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/8953/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Aaro Koskinen 提交于
octeon_cpu_disable() will unconditionally enable interrupts when called. We can assume that the routine is always called with interrupts disabled, so just delete the incorrect local_irq_disable/enable(). The patch fixes the following crash when offlining a CPU: [ 93.818785] ------------[ cut here ]------------ [ 93.823421] WARNING: CPU: 1 PID: 10 at kernel/smp.c:231 flush_smp_call_function_queue+0x1c4/0x1d0() [ 93.836215] Modules linked in: [ 93.839287] CPU: 1 PID: 10 Comm: migration/1 Not tainted 3.19.0-rc4-octeon-los_b5f0 #1 [ 93.847212] Stack : 0000000000000001 ffffffff81b2cf90 0000000000000004 ffffffff81630000 0000000000000000 0000000000000000 0000000000000000 000000000000004a 0000000000000006 ffffffff8117e550 0000000000000000 0000000000000000 ffffffff81b30000 ffffffff81b26808 8000000032c77748 ffffffff81627e07 ffffffff81595ec8 ffffffff81b26808 000000000000000a 0000000000000001 0000000000000001 0000000000000003 0000000010008ce1 ffffffff815030c8 8000000032cbbb38 ffffffff8113d42c 0000000010008ce1 ffffffff8117f36c 8000000032c77300 8000000032cbba50 0000000000000001 ffffffff81503984 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81121668 0000000000000000 0000000000000000 ... [ 93.912819] Call Trace: [ 93.915273] [<ffffffff81121668>] show_stack+0x68/0x80 [ 93.920335] [<ffffffff81503984>] dump_stack+0x6c/0x90 [ 93.925395] [<ffffffff8113d58c>] warn_slowpath_common+0x94/0xd8 [ 93.931324] [<ffffffff811a402c>] flush_smp_call_function_queue+0x1c4/0x1d0 [ 93.938208] [<ffffffff811a4128>] hotplug_cfd+0xf0/0x108 [ 93.943444] [<ffffffff8115bacc>] notifier_call_chain+0x5c/0xb8 [ 93.949286] [<ffffffff8113d704>] cpu_notify+0x24/0x60 [ 93.954348] [<ffffffff81501738>] take_cpu_down+0x38/0x58 [ 93.959670] [<ffffffff811b343c>] multi_cpu_stop+0x154/0x180 [ 93.965250] [<ffffffff811b3768>] cpu_stopper_thread+0xd8/0x160 [ 93.971093] [<ffffffff8115ea4c>] smpboot_thread_fn+0x1ec/0x1f8 [ 93.976936] [<ffffffff8115ab04>] kthread+0xd4/0xf0 [ 93.981735] [<ffffffff8111c4f0>] ret_from_kernel_thread+0x14/0x1c [ 93.987835] [ 93.989326] ---[ end trace c9e3815ee655bda9 ]--- [ 93.993951] Kernel bug detected[#1]: [ 93.997533] CPU: 1 PID: 10 Comm: migration/1 Tainted: G W 3.19.0-rc4-octeon-los_b5f0 #1 [ 94.006591] task: 8000000032c77300 ti: 8000000032cb8000 task.ti: 8000000032cb8000 [ 94.014081] $ 0 : 0000000000000000 0000000010000ce1 0000000000000001 ffffffff81620000 [ 94.022146] $ 4 : 8000000002c72ac0 0000000000000000 00000000000001a7 ffffffff813b06f0 [ 94.030210] $ 8 : ffffffff813b20d8 0000000000000000 0000000000000000 ffffffff81630000 [ 94.038275] $12 : 0000000000000087 0000000000000000 0000000000000086 0000000000000000 [ 94.046339] $16 : ffffffff81623168 0000000000000001 0000000000000000 0000000000000008 [ 94.054405] $20 : 0000000000000001 0000000000000001 0000000000000001 0000000000000003 [ 94.062470] $24 : 0000000000000038 ffffffff813b7f10 [ 94.070536] $28 : 8000000032cb8000 8000000032cbbc20 0000000010008ce1 ffffffff811bcaf4 [ 94.078601] Hi : 0000000000f188e8 [ 94.082179] Lo : d4fdf3b646c09d55 [ 94.085760] epc : ffffffff811bc9d0 irq_work_run_list+0x8/0xf8 [ 94.091686] Tainted: G W [ 94.095613] ra : ffffffff811bcaf4 irq_work_run+0x34/0x60 [ 94.101192] Status: 10000ce3 KX SX UX KERNEL EXL IE [ 94.106235] Cause : 40808034 [ 94.109119] PrId : 000d9301 (Cavium Octeon II) [ 94.113653] Modules linked in: [ 94.116721] Process migration/1 (pid: 10, threadinfo=8000000032cb8000, task=8000000032c77300, tls=0000000000000000) [ 94.127168] Stack : 8000000002c74c80 ffffffff811a4128 0000000000000001 ffffffff81635720 fffffffffffffff2 ffffffff8115bacc 80000000320fbce0 80000000320fbca4 80000000320fbc80 0000000000000002 0000000000000004 ffffffff8113d704 80000000320fbce0 ffffffff81501738 0000000000000003 ffffffff811b343c 8000000002c72aa0 8000000002c72aa8 ffffffff8159cae8 ffffffff8159caa0 ffffffff81650000 80000000320fbbf0 80000000320fbc80 ffffffff811b32e8 0000000000000000 ffffffff811b3768 ffffffff81622b80 ffffffff815148a8 8000000032c77300 8000000002c73e80 ffffffff815148a8 8000000032c77300 ffffffff81622b80 ffffffff815148a8 8000000032c77300 ffffffff81503f48 ffffffff8115ea0c ffffffff81620000 0000000000000000 ffffffff81174d64 ... [ 94.192771] Call Trace: [ 94.195222] [<ffffffff811bc9d0>] irq_work_run_list+0x8/0xf8 [ 94.200802] [<ffffffff811bcaf4>] irq_work_run+0x34/0x60 [ 94.206036] [<ffffffff811a4128>] hotplug_cfd+0xf0/0x108 [ 94.211269] [<ffffffff8115bacc>] notifier_call_chain+0x5c/0xb8 [ 94.217111] [<ffffffff8113d704>] cpu_notify+0x24/0x60 [ 94.222171] [<ffffffff81501738>] take_cpu_down+0x38/0x58 [ 94.227491] [<ffffffff811b343c>] multi_cpu_stop+0x154/0x180 [ 94.233072] [<ffffffff811b3768>] cpu_stopper_thread+0xd8/0x160 [ 94.238914] [<ffffffff8115ea4c>] smpboot_thread_fn+0x1ec/0x1f8 [ 94.244757] [<ffffffff8115ab04>] kthread+0xd4/0xf0 [ 94.249555] [<ffffffff8111c4f0>] ret_from_kernel_thread+0x14/0x1c [ 94.255654] [ 94.257146] Code: a2423c40 40026000 30420001 <00020336> dc820000 10400037 00000000 0000010f 0000010f [ 94.267183] ---[ end trace c9e3815ee655bdaa ]--- [ 94.271804] Fatal exception: panic in 5 seconds Reported-by: NHemmo Nieminen <hemmo.nieminen@iki.fi> Signed-off-by: NAaro Koskinen <aaro.koskinen@iki.fi> Acked-by: NDavid Daney <david.daney@cavium.com> Cc: stable@vger.kernel.org # v3.18+ Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/8952/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
- 19 1月, 2015 1 次提交
-
-
由 Ralf Baechle 提交于
[...] struct component { ^ In file included from ./arch/mips/include/asm/sn/klconfig.h:58:0, from ./arch/mips/include/asm/sn/module.h:12, from ./arch/mips/include/asm/sn/node.h:8, from ./arch/mips/include/asm/mach-ip35/mmzone.h:4, from ./arch/mips/include/asm/mmzone.h:9, from ./arch/mips/include/asm/mach-ip35/topology.h:7, from ./arch/mips/include/asm/topology.h:11, from include/linux/topology.h:35, from include/linux/gfp.h:8, from include/linux/device.h:29, from drivers/base/component.c:14: ./arch/mips/include/asm/fw/arc/hinv.h:122:16: note: originally defined here typedef struct component { ^ make[2]: *** [drivers/base/component.o] Error 1 make[2]: Target `__build' not remade because of errors. make[1]: *** [drivers/base] Error 2 make[1]: Target `__build' not remade because of errors. Fix by using an nameless struct definition in the COMPONENT definition. Which is what the ARC spec uses anyway. While at it, do the same thing for two other typedefs. Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
- 16 1月, 2015 3 次提交
-
-
由 Felix Fietkau 提交于
If the irq_chip does not define .irq_disable, any call to disable_irq will defer disabling the IRQ until it fires while marked as disabled. This assumes that the handler function checks for this condition, which handle_percpu_irq does not. In this case, calling disable_irq leads to an IRQ storm, if the interrupt fires while disabled. This optimization is only useful when disabling the IRQ is slow, which is not true for the MIPS CPU IRQ. Disable this optimization by implementing .irq_disable and .irq_enable Signed-off-by: NFelix Fietkau <nbd@openwrt.org> Cc: stable@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8949/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 James Hogan 提交于
Commit 18743d27 ("irqchip: mips-gic: Stop using per-platform mapping tables") in v3.19-rc1 changed the routing of IPIs through the GIC to go to the HW0 IRQ pin along with the rest of the GIC interrupts, rather than to HW1 and HW2 pins. This breaks SMP boot using the CMP or MT SMP implementations because HW0 doesn't get unmasked when secondary CPUs are initialised so the IPIs will never interrupt secondary CPUs (nor any other interrupts routed through the GIC). Commit ff1e29ad ("MIPS: smp-cps: Enable all hardware interrupts on secondary CPUs") fixed this in advance for the CPS SMP implementation by unmasking all hardware interrupt lines for secondary CPUs, so lets do the same for the CMP and MT implementations. Fixes: 18743d27 ("irqchip: mips-gic: Stop using per-platform mapping tables") Signed-off-by: NJames Hogan <james.hogan@imgtec.com> Cc: Andrew Bresticker <abrestic@chromium.org> Cc: Qais Yousef <qais.yousef@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/9025/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ed Swierk 提交于
When 32-bit MIPS userspace invokes a syscall indirectly via syscall(number, arg1, ..., arg7), the kernel looks up the actual syscall based on the given number, shifts the other arguments to the left, and jumps to the syscall. If the syscall is interrupted by a signal and indicates it needs to be restarted by the kernel (by returning ERESTARTNOINTR for example), the syscall must be called directly, since the number is no longer the first argument, and the other arguments are now staged for a direct call. Before shifting the arguments, store the syscall number in pt_regs->regs[2]. This gets copied temporarily into pt_regs->regs[0] after the syscall returns. If the syscall needs to be restarted, handle_signal()/do_signal() copies the number back to pt_regs->reg[2], which ends up in $v0 once control returns to userspace. Signed-off-by: NEd Swierk <eswierk@skyportsystems.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8929/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
- 15 1月, 2015 1 次提交
-
-
由 James Cowgill 提交于
Commit 90cee759 ("MIPS: ELF: Set FP mode according to .MIPS.abiflags") introduced checking of the .MIPS.abiflags ELF section but did so through the native sized "elfhdr" and "elf_phdr" structures regardless whether the ELF was actually 32-bit or 64-bit. This produces wrong results when trying to use a 64-bit kernel to load o32 ELF files. Change the uses of the generic elf structures to their 32-bit versions. Since the code bails out on any 64-bit cases, this is OK until they are implemented. Fixes: 90cee759 ("MIPS: ELF: Set FP mode according to .MIPS.abiflags") Signed-off-by: NJames Cowgill <James.Cowgill@imgtec.com> Cc: linux-mips@linux-mips.org Cc: Paul Burton <paul.burton@imgtec.com> Reviewed-by: NMaciej W. Rozycki <macro@linux-mips.org> Patchwork: https://patchwork.linux-mips.org/patch/8932/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
- 13 1月, 2015 8 次提交
-
-
由 James Hogan 提交于
Sparse emits a bunch of warnings in mips-cm.h due to casting away of __iomem by the addr_gcr_*() functions: arch/mips/include/asm/mips-cm.h:134:1: warning: cast removes address space of expression And subsequent passing of the return values to __raw_readl() and __raw_writel() in the read_gcr_*() and write_gcr_*() functions: arch/mips/include/asm/mips-cm.h:134:1: warning: incorrect type in argument 2 (different address spaces) arch/mips/include/asm/mips-cm.h:134:1: expected void volatile [noderef] <asn:2>*mem arch/mips/include/asm/mips-cm.h:134:1: got unsigned int [usertype] * arch/mips/include/asm/mips-cm.h:134:1: warning: incorrect type in argument 1 (different address spaces) arch/mips/include/asm/mips-cm.h:134:1: expected void const volatile [noderef] <asn:2>*mem arch/mips/include/asm/mips-cm.h:134:1: got unsigned int [usertype] * Fix by adding __iomem to the addr_gcr_*() return type and cast. Signed-off-by: NJames Hogan <james.hogan@imgtec.com> Cc: Paul Burton <paul.burton@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8874/Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
[...] HOSTCC scripts/kconfig/zconf.tab.o HOSTLD scripts/kconfig/conf arch/mips/Kconfig:2681:error: recursive dependency detected! arch/mips/Kconfig:2681: symbol MIPS32_N32 depends on MIPS32_COMPAT arch/mips/Kconfig:2658: symbol MIPS32_COMPAT is selected by MIPS32_N32 Introduced by d74473bdf7a4c1ef7ae2b75f585fe5649ac2dcea (MIPS: Compat: Fix build error if CONFIG_MIPS32_COMPAT but no compat ABI.) Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
In that case nor __NR_seccomp_*_32 symbols will be defined in <asm/unistd.h> so the attempt to use it in kernel.seccomp.c will fail with: kernel/seccomp.c:565:2: error: '__NR_seccomp_read_32' undeclared here (not in a function) __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32, ^ kernel/seccomp.c:565:24: error: '__NR_seccomp_write_32' undeclared here (not in a function) __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32, ^ kernel/seccomp.c:565:47: error: '__NR_seccomp_exit_32' undeclared here (not in a function) __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32, ^ kernel/seccomp.c:565:69: error: '__NR_seccomp_sigreturn_32' undeclared here (not in a function) __NR_seccomp_read_32, __NR_seccomp_write_32, __NR_seccomp_exit_32, __NR_seccomp_sigreturn_32, Solved by changing the compat ABIs in kconfig to select MIPS32_COMPAT directly. This also means the user no longer has to select MIPS32_COMPAT before being able to see the ABI options. Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Brian Norris 提交于
Fixes sparse warnings: arch/mips/jz4740/irq.c:63:6: warning: symbol 'jz4740_irq_suspend' was not declared. Should it be static? arch/mips/jz4740/irq.c:69:6: warning: symbol 'jz4740_irq_resume' was not declared. Should it be static? Also, I've seen some elusive build errors on my automated build test where JZ4740_IRQ_BASE and NR_IRQS are missing, but I can't reproduce them manually for some reason. Anyway, mach-jz4740/irq.h should help us avoid relying on some implicit include. Signed-off-by: NBrian Norris <computersforpeace@gmail.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8724/Acked-by: NLars-Peter Clausen <lars@metafoo.de> Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
In particular the use of the antiquated PIX PATA drivers was a nuiscance since most userland has switched to the new /dev/sda drivers as well as the lack of EXT4. Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
由 Ralf Baechle 提交于
Commit 4227a2d4 (MIPS: Support for hybrid FPRs) changes the kernel to execute read_c0_config5() even on processors that don't have a Config5 register. According to the arch spec the behaviour of trying to read or write this register is UNDEFINED where this register doesn't exist, that is merely looking at this register is already cruel because that might kill a kitten. In case of Qemu older than v2.2 Qemu has elected to implement this UNDEFINED behaviour by taking a RI exception - which then fries the kernel: [...] Freeing YAMON memory: 956k freed Freeing unused kernel memory: 240K (80674000 - 806b0000) Reserved instruction in kernel code[#1]: CPU: 0 PID: 1 Comm: init Not tainted 3.18.0-rc6-00058-g4227a2d4 #26 task: 86047588 ti: 86048000 task.ti: 86048000 $ 0 : 00000000 77a638cc 00000000 00000000 [...] For qemu v2.2.0 commit f31b035a9f10dc9b57f01c426110af845d453ce2 (target-mips: correctly handle access to unimplemented CP0 register) changed the behaviour to returning zero on read and ignoring writes which more matches how typical hardware implementations actually behave. Signed-off-by: NRalf Baechle <ralf@linux-mips.org>
-
- 12 1月, 2015 8 次提交
-
-
由 Linus Torvalds 提交于
-
git://ftp.arm.linux.org.uk/~rmk/linux-arm由 Linus Torvalds 提交于
Pull ARM fixes from Russell King: "Three small fixes from over the Christmas period, and wiring up the new execveat syscall for ARM" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: 8275/1: mm: fix PMD_SECT_RDONLY undeclared compile error ARM: 8253/1: mm: use phys_addr_t type in map_lowmem() for kernel mem region ARM: 8249/1: mm: dump: don't skip regions ARM: wire up execveat syscall
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull x86 fixes from Ingo Molnar: "Misc fixes: two vdso fixes, two kbuild fixes and a boot failure fix with certain odd memory mappings" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86, vdso: Use asm volatile in __getcpu x86/build: Clean auto-generated processor feature files x86: Fix mkcapflags.sh bash-ism x86: Fix step size adjustment during initial memory mapping x86_64, vdso: Fix the vdso address randomization algorithm
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull scheduler fixes from Ingo Molnar: "Misc fixes: group scheduling corner case fix, two deadline scheduler fixes, effective_load() overflow fix, nested sleep fix, 6144 CPUs system fix" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/fair: Fix RCU stall upon -ENOMEM in sched_create_group() sched/deadline: Avoid double-accounting in case of missed deadlines sched/deadline: Fix migration of SCHED_DEADLINE tasks sched: Fix odd values in effective_load() calculations sched, fanotify: Deal with nested sleeps sched: Fix KMALLOC_MAX_SIZE overflow during cpumask allocation
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull perf fixes from Ingo Molnar: "Mostly tooling fixes, but also some kernel side fixes: uncore PMU driver fix, user regs sampling fix and an instruction decoder fix that unbreaks PEBS precise sampling" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/uncore/hsw-ep: Handle systems with only two SBOXes perf/x86_64: Improve user regs sampling perf: Move task_pt_regs sampling into arch code x86: Fix off-by-one in instruction decoder perf hists browser: Fix segfault when showing callchain perf callchain: Free callchains when hist entries are deleted perf hists: Fix children sort key behavior perf diff: Fix to sort by baseline field by default perf list: Fix --raw-dump option perf probe: Fix crash in dwarf_getcfi_elf perf probe: Fix to fall back to find probe point in symbols perf callchain: Append callchains only when requested perf ui/tui: Print backtrace symbols when segfault occurs perf report: Show progress bar for output resorting
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip由 Linus Torvalds 提交于
Pull locking fixes from Ingo Molnar: "A liblockdep fix and a mutex_unlock() mutex-debugging fix" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: mutex: Always clear owner field upon mutex_unlock() tools/liblockdep: Fix debug_check thinko in mutex destroy
-
由 Konstantin Khlebnikov 提交于
Fix for BUG_ON(anon_vma->degree) splashes in unlink_anon_vmas() ("kernel BUG at mm/rmap.c:399!") caused by commit 7a3ef208 ("mm: prevent endless growth of anon_vma hierarchy") Anon_vma_clone() is usually called for a copy of source vma in destination argument. If source vma has anon_vma it should be already in dst->anon_vma. NULL in dst->anon_vma is used as a sign that it's called from anon_vma_fork(). In this case anon_vma_clone() finds anon_vma for reusing. Vma_adjust() calls it differently and this breaks anon_vma reusing logic: anon_vma_clone() links vma to old anon_vma and updates degree counters but vma_adjust() overrides vma->anon_vma right after that. As a result final unlink_anon_vmas() decrements degree for wrong anon_vma. This patch assigns ->anon_vma before calling anon_vma_clone(). Signed-off-by: NKonstantin Khlebnikov <koct9i@gmail.com> Reported-and-tested-by: NChris Clayton <chris2553@googlemail.com> Reported-and-tested-by: NOded Gabbay <oded.gabbay@amd.com> Reported-and-tested-by: NChih-Wei Huang <cwhuang@android-x86.org> Acked-by: NRik van Riel <riel@redhat.com> Acked-by: NVlastimil Babka <vbabka@suse.cz> Cc: Daniel Forrest <dan.forrest@ssec.wisc.edu> Cc: Michal Hocko <mhocko@suse.cz> Cc: stable@vger.kernel.org # to match back-porting of 7a3ef208Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Linus Torvalds 提交于
Commit fee7e49d ("mm: propagate error from stack expansion even for guard page") made sure that we return the error properly for stack growth conditions. It also theorized that counting the guard page towards the stack limit might break something, but also said "Let's see if anybody notices". Somebody did notice. Apparently android-x86 sets the stack limit very close to the limit indeed, and including the guard page in the rlimit check causes the android 'zygote' process problems. So this adds the (fairly trivial) code to make the stack rlimit check be against the actual real stack size, rather than the size of the vma that includes the guard page. Reported-and-tested-by: NChih-Wei Huang <cwhuang@android-x86.org> Cc: Jay Foad <jay.foad@gmail.com> Cc: stable@kernel.org # to match back-porting of fee7e49dSigned-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 11 1月, 2015 3 次提交
-
-
由 Ingo Molnar 提交于
Signed-off-by: NIngo Molnar <mingo@kernel.org>
-
git://github.com/awilliam/linux-vfio由 Linus Torvalds 提交于
Pull VFIO fix from Alex Williamson: "Fix PCI header check in vfio_pci_probe() (Wei Yang)" * tag 'vfio-v3.19-rc4' of git://github.com/awilliam/linux-vfio: vfio-pci: Fix the check on pci device type in vfio_pci_probe()
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi由 Linus Torvalds 提交于
Pull SCSI fix from James Bottomley: "Just one fix: a qlogic busy wait regression" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: qla2xxx: fix busy wait regression
-
- 10 1月, 2015 10 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound由 Linus Torvalds 提交于
Pull sound fixes from Takashi Iwai: "All a few small regression or stable fixes: a Nvidia HDMI ID addition, a regression fix for CAIAQ stream count, a typo fix for GPIO setup with STAC/IDT HD-audio codecs, and a Fireworks big-endian fix" * tag 'sound-3.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: fireworks: fix an endianness bug for transaction length ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups for IDT/STAC codecs ALSA: snd-usb-caiaq: fix stream count check
-
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid由 Linus Torvalds 提交于
Pull HID updates from Jiri Kosina: - bounds checking fixes in logitech and roccat drivers, from Peter Wu and Dan Carpenter - double-kfree fix in i2c-hid driver on bus shutdown, from Mika Westerberg - a couple of various small driver fixes - a few device id additions * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: roccat: potential out of bounds in pyra_sysfs_write_settings() HID: Add a new id 0x501a for Genius MousePen i608X HID: logitech-hidpp: prefix the name with "Logitech" HID: logitech-hidpp: avoid unintended fall-through HID: Allow HID_BATTERY_STRENGTH to be enabled HID: i2c-hid: Do not free buffers in i2c_hid_stop() HID: add battery quirk for USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ISO keyboard HID: logitech-hidpp: check WTP report length HID: logitech-dj: check report length
-
git://people.freedesktop.org/~airlied/linux由 Linus Torvalds 提交于
Pull drm fixes from Dave Airlie: "I'm briefly working between holidays and LCA, so this is close to a couple of weeks of fixes, Two sets of amdkfd fixes, this is a new feature this kernel, and this pull fixes a few issues since it got merged, ordering when built-in to kernel and also the iommu vs gpu ordering patch, it also reworks the ioctl before the initial release. Otherwise: - radeon: some misc fixes all over, hdmi, 4k, dpm - nouveau: mcp77 init fixes, oops fix, bug on fix, msi fix - i915: power fixes, revert VGACNTR patch Probably be quiteer next week since I'll be at LCA anyways" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: (33 commits) drm/amdkfd: rewrite kfd_ioctl() according to drm_ioctl() drm/amdkfd: reformat IOCTL definitions to drm-style drm/amdkfd: Do copy_to/from_user in general kfd_ioctl() drm/radeon: integer underflow in radeon_cp_dispatch_texture() drm/radeon: adjust default bapm settings for KV drm/radeon: properly filter DP1.2 4k modes on non-DP1.2 hw drm/radeon: fix sad_count check for dce3 drm/radeon: KV has three PPLLs (v2) drm/amdkfd: unmap VMID<-->PASID when relesing VMID (non-HWS) drm/radeon: Init amdkfd only if it was compiled amdkfd: actually allocate longs for the pasid bitmask drm/nouveau/nouveau: Do not BUG_ON(!spin_is_locked()) on UP drm/nv4c/mc: disable msi drm/nouveau/fb/ram/mcp77: enable NISO poller drm/nouveau/fb/ram/mcp77: use carveout reg to determine size drm/nouveau/fb/ram/mcp77: subclass nouveau_ram drm/nouveau: wake up the card if necessary during gem callbacks drm/nouveau/device: Add support for GK208B, resolves bug 86935 drm/nouveau: fix missing return statement in nouveau_ttm_tt_unpopulate drm/nouveau/bios: fix oops on pre-nv50 chipsets ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux由 Linus Torvalds 提交于
Pull arm64 fixes from Will Deacon: "Here is a handful of minor arm64 fixes discovered and fixed over the Christmas break. The main part is adding some missing #includes that we seem to be getting transitively but have started causing problems in -next. - Fix early mapping fixmap corruption by EFI runtime services - Fix __NR_compat_syscalls off-by-one - Add missing sanity checks for some 32-bit registers - Add some missing #includes which we get transitively - Remove unused prepare_to_copy() macro" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64/efi: add missing call to early_ioremap_reset() arm64: fix missing asm/io.h include in kernel/smp_spin_table.c arm64: fix missing asm/alternative.h include in kernel/module.c arm64: fix missing linux/bug.h include in asm/arch_timer.h arm64: fix missing asm/pgtable-hwdef.h include in asm/processor.h arm64: sanity checks: add missing AArch32 registers arm64: Remove unused prepare_to_copy() arm64: Correct __NR_compat_syscalls for bpf
-
git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/kgdb由 Linus Torvalds 提交于
Pull kgdb/kdb fixes from Jason Wessel: "These have been around since 3.17 and in kgdb-next for the last 9 weeks and some will go back to -stable. Summary of changes: Cleanups - kdb: Remove unused command flags, repeat flags and KDB_REPEAT_NONE Fixes - kgdb/kdb: Allow access on a single core, if a CPU round up is deemed impossible, which will allow inspection of the now "trashed" kernel - kdb: Add enable mask for the command groups - kdb: access controls to restrict sensitive commands" * tag 'for_linus-3.19-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/kgdb: kernel/debug/debug_core.c: Logging clean-up kgdb: timeout if secondary CPUs ignore the roundup kdb: Allow access to sensitive commands to be restricted by default kdb: Add enable mask for groups of commands kdb: Categorize kdb commands (similar to SysRq categorization) kdb: Remove KDB_REPEAT_NONE flag kdb: Use KDB_REPEAT_* values as flags kdb: Rename kdb_register_repeat() to kdb_register_flags() kdb: Rename kdb_repeat_t to kdb_cmdflags_t, cmd_repeat to cmd_flags kdb: Remove currently unused kdbtab_t->cmd_flags
-
git://linux-nfs.org/~bfields/linux由 Linus Torvalds 提交于
Pull two nfsd bugfixes from Bruce Fields. * 'for-3.19' of git://linux-nfs.org/~bfields/linux: rpc: fix xdr_truncate_encode to handle buffer ending on page boundary nfsd: fix fi_delegees leak when fi_had_conflict returns true
-
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client由 Linus Torvalds 提交于
Pull two Ceph fixes from Sage Weil: "These are both pretty trivial: a sparse warning fix and size_t printk thing" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: libceph: fix sparse endianness warnings ceph: use %zu for len in ceph_fill_inline_data()
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs由 Linus Torvalds 提交于
Pull btrfs fixes from Chris Mason: "None of these are huge, but my commit does fix a regression from 3.18 that could cause lost files during log replay. This also adds Dave Sterba to the list of Btrfs maintainers. It doesn't mean we're doing things differently, but Dave has really been helping with the maintainer workload for years" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: don't delay inode ref updates during log replay Btrfs: correctly get tree level in tree_backref_for_extent Btrfs: call inode_dec_link_count() on mkdir error path Btrfs: abort transaction if we don't find the block group Btrfs, scrub: uninitialized variable in scrub_extent_for_parity() Btrfs: add more maintainers
-
由 Linus Torvalds 提交于
Merge misc fixes from Andrew Morton: "12 fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed memcg: fix destination cgroup leak on task charges migration mm: memcontrol: switch soft limit default back to infinity mm/debug_pagealloc: remove obsolete Kconfig options vfs: renumber FMODE_NONOTIFY and add to uniqueness check arch/blackfin/mach-bf533/boards/stamp.c: add linux/delay.h ocfs2: fix the wrong directory passed to ocfs2_lookup_ino_from_name() when link file MAINTAINERS: update rydberg's addresses mm: protect set_page_dirty() from ongoing truncation mm: prevent endless growth of anon_vma hierarchy exit: fix race between wait_consider_task() and wait_task_zombie() ocfs2: remove bogus check in dlm_process_recovery_data
-
由 Victor Kamensky 提交于
In v3.19-rc3 tree when CONFIG_ARM_LPAE and CONFIG_DEBUG_RODATA are enabled image failed to compile with the following error: arch/arm/mm/init.c:661:14: error: ‘PMD_SECT_RDONLY’ undeclared here (not in a function) It seems that '80d6b0c2 ARM: mm: allow text and rodata sections to be read-only' and 'ded94779 ARM: 8109/1: mm: Modify pte_write and pmd_write logic for LPAE' commits crossed. 80d6b0c2 uses PMD_SECT_RDONLY macro but ded94779 renames it and uses software bits L_PMD_SECT_RDONLY instead. Fix is to use L_PMD_SECT_RDONLY instead PMD_SECT_RDONLY as ded94779 does in another places. Signed-off-by: NVictor Kamensky <victor.kamensky@linaro.org> Acked-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-