1. 02 9月, 2020 3 次提交
  2. 15 1月, 2020 1 次提交
  3. 27 12月, 2019 1 次提交
  4. 20 8月, 2018 1 次提交
  5. 16 7月, 2018 1 次提交
  6. 13 6月, 2018 1 次提交
    • K
      treewide: kzalloc() -> kcalloc() · 6396bb22
      Kees Cook 提交于
      The kzalloc() function has a 2-factor argument form, kcalloc(). This
      patch replaces cases of:
      
              kzalloc(a * b, gfp)
      
      with:
              kcalloc(a * b, gfp)
      
      as well as handling cases of:
      
              kzalloc(a * b * c, gfp)
      
      with:
      
              kzalloc(array3_size(a, b, c), gfp)
      
      as it's slightly less ugly than:
      
              kzalloc_array(array_size(a, b), c, gfp)
      
      This does, however, attempt to ignore constant size factors like:
      
              kzalloc(4 * 1024, gfp)
      
      though any constants defined via macros get caught up in the conversion.
      
      Any factors with a sizeof() of "unsigned char", "char", and "u8" were
      dropped, since they're redundant.
      
      The Coccinelle script used for this was:
      
      // Fix redundant parens around sizeof().
      @@
      type TYPE;
      expression THING, E;
      @@
      
      (
        kzalloc(
      -	(sizeof(TYPE)) * E
      +	sizeof(TYPE) * E
        , ...)
      |
        kzalloc(
      -	(sizeof(THING)) * E
      +	sizeof(THING) * E
        , ...)
      )
      
      // Drop single-byte sizes and redundant parens.
      @@
      expression COUNT;
      typedef u8;
      typedef __u8;
      @@
      
      (
        kzalloc(
      -	sizeof(u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * (COUNT)
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(__u8) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(char) * COUNT
      +	COUNT
        , ...)
      |
        kzalloc(
      -	sizeof(unsigned char) * COUNT
      +	COUNT
        , ...)
      )
      
      // 2-factor product with sizeof(type/expression) and identifier or constant.
      @@
      type TYPE;
      expression THING;
      identifier COUNT_ID;
      constant COUNT_CONST;
      @@
      
      (
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_ID)
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_ID
      +	COUNT_ID, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * COUNT_CONST
      +	COUNT_CONST, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_ID)
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_ID
      +	COUNT_ID, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (COUNT_CONST)
      +	COUNT_CONST, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * COUNT_CONST
      +	COUNT_CONST, sizeof(THING)
        , ...)
      )
      
      // 2-factor product, only identifiers.
      @@
      identifier SIZE, COUNT;
      @@
      
      - kzalloc
      + kcalloc
        (
      -	SIZE * COUNT
      +	COUNT, SIZE
        , ...)
      
      // 3-factor product with 1 sizeof(type) or sizeof(expression), with
      // redundant parens removed.
      @@
      expression THING;
      identifier STRIDE, COUNT;
      type TYPE;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(TYPE))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * (COUNT) * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * (STRIDE)
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      |
        kzalloc(
      -	sizeof(THING) * COUNT * STRIDE
      +	array3_size(COUNT, STRIDE, sizeof(THING))
        , ...)
      )
      
      // 3-factor product with 2 sizeof(variable), with redundant parens removed.
      @@
      expression THING1, THING2;
      identifier COUNT;
      type TYPE1, TYPE2;
      @@
      
      (
        kzalloc(
      -	sizeof(TYPE1) * sizeof(TYPE2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(THING1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(THING1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * COUNT
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      |
        kzalloc(
      -	sizeof(TYPE1) * sizeof(THING2) * (COUNT)
      +	array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
        , ...)
      )
      
      // 3-factor product, only identifiers, with redundant parens removed.
      @@
      identifier STRIDE, SIZE, COUNT;
      @@
      
      (
        kzalloc(
      -	(COUNT) * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * STRIDE * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	(COUNT) * (STRIDE) * (SIZE)
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      |
        kzalloc(
      -	COUNT * STRIDE * SIZE
      +	array3_size(COUNT, STRIDE, SIZE)
        , ...)
      )
      
      // Any remaining multi-factor products, first at least 3-factor products,
      // when they're not all constants...
      @@
      expression E1, E2, E3;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(
      -	(E1) * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * E3
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	(E1) * (E2) * (E3)
      +	array3_size(E1, E2, E3)
        , ...)
      |
        kzalloc(
      -	E1 * E2 * E3
      +	array3_size(E1, E2, E3)
        , ...)
      )
      
      // And then all remaining 2 factors products when they're not all constants,
      // keeping sizeof() as the second factor argument.
      @@
      expression THING, E1, E2;
      type TYPE;
      constant C1, C2, C3;
      @@
      
      (
        kzalloc(sizeof(THING) * C2, ...)
      |
        kzalloc(sizeof(TYPE) * C2, ...)
      |
        kzalloc(C1 * C2 * C3, ...)
      |
        kzalloc(C1 * C2, ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * (E2)
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(TYPE) * E2
      +	E2, sizeof(TYPE)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * (E2)
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	sizeof(THING) * E2
      +	E2, sizeof(THING)
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * E2
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	(E1) * (E2)
      +	E1, E2
        , ...)
      |
      - kzalloc
      + kcalloc
        (
      -	E1 * E2
      +	E1, E2
        , ...)
      )
      Signed-off-by: NKees Cook <keescook@chromium.org>
      6396bb22
  7. 13 5月, 2018 2 次提交
  8. 28 3月, 2018 1 次提交
    • D
      irqchip/gic: Update supports_deactivate static key to modern api · d01d3274
      Davidlohr Bueso 提交于
      No changes in semantics -- key init is true; replace
      
      static_key_slow_dec       with   static_branch_disable
      static_key_true           with   static_branch_likely
      
      The first is because we never actually do any couterpart incs,
      thus there is really no reference counting semantics going on.
      Use the more proper static_branch_disable() construct.
      
      Also added a '_key' suffix to supports_deactivate, for better
      self documentation.
      
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Jason Cooper <jason@lakedaemon.net>
      Signed-off-by: NDavidlohr Bueso <dbueso@suse.de>
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      d01d3274
  9. 22 3月, 2018 1 次提交
    • M
      irqchip/gic-v3: Probe for SCR_EL3 being clear before resetting AP0Rn · 33625282
      Marc Zyngier 提交于
      We would like to reset the Group-0 Active Priority Registers
      at boot time if they are available to us. They would be available
      if SCR_EL3.FIQ was not set, but we cannot directly probe this bit,
      and short of checking, we may end-up trapping to EL3, and the
      firmware may not be please to get such an exception. Yes, this
      is dumb.
      
      Instead, let's use PMR to find out if its value gets affected by
      SCR_EL3.FIQ being set. We use the fact that when SCR_EL3.FIQ is
      set, the LSB of the priority is lost due to the shifting back and
      forth of the actual priority. If we read back a 0, we know that
      Group0 is unavailable. In case we read a non-zero value, we can
      safely reset the AP0Rn register.
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      33625282
  10. 21 3月, 2018 2 次提交
  11. 16 3月, 2018 1 次提交
  12. 14 3月, 2018 2 次提交
    • M
      irqchip/gic-v3: Allow LPIs to be disabled from the command line · f736d65d
      Marc Zyngier 提交于
      For most GICv3 implementations, enabling LPIs is a one way switch.
      Once they're on, there is no turning back, which completely kills
      kexec (pending tables will always be live, and we can't tell the
      secondary kernel where they are).
      
      This is really annoying if you plan to use Linux as a bootloader,
      as it pretty much guarantees that the secondary kernel won't be
      able to use MSIs, and may even see some memory corruption. Bad.
      
      A workaround for this unfortunate situation is to allow the kernel
      not to enable LPIs, even if the feature is present in the HW. This
      would allow Linux-as-a-bootloader to leave LPIs alone, and let the
      secondary kernel to do whatever it wants with them.
      
      Let's introduce a boolean "irqchip.gicv3_nolpi" command line option
      that serves that purpose.
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      f736d65d
    • M
      irqchip/gic-v3: Reset APgRn registers at boot time · d6062a6d
      Marc Zyngier 提交于
      Booting a crash kernel while in an interrupt handler is likely
      to leave the Active Priority Registers with some state that
      is not relevant to the new kernel, and is likely to lead
      to erratic behaviours such as interrupts not firing as their
      priority is already active.
      
      As a sanity measure, wipe the APRs clean on startup. We make
      sure to wipe both group 0 and 1 registers in order to avoid
      any surprise.
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      d6062a6d
  13. 16 2月, 2018 2 次提交
    • S
      irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() · 21ec30c0
      Shanker Donthineni 提交于
      A DMB instruction can be used to ensure the relative order of only
      memory accesses before and after the barrier. Since writes to system
      registers are not memory operations, barrier DMB is not sufficient
      for observability of memory accesses that occur before ICC_SGI1R_EL1
      writes.
      
      A DSB instruction ensures that no instructions that appear in program
      order after the DSB instruction, can execute until the DSB instruction
      has completed.
      
      Cc: stable@vger.kernel.org
      Acked-by: Will Deacon <will.deacon@arm.com>,
      Signed-off-by: NShanker Donthineni <shankerd@codeaurora.org>
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      21ec30c0
    • M
      irqchip/gic-v3: Change pr_debug message to pr_devel · b6dd4d83
      Mark Salter 提交于
      The pr_debug() in gic-v3 gic_send_sgi() can trigger a circular locking
      warning:
      
       GICv3: CPU10: ICC_SGI1R_EL1 5000400
       ======================================================
       WARNING: possible circular locking dependency detected
       4.15.0+ #1 Tainted: G        W
       ------------------------------------------------------
       dynamic_debug01/1873 is trying to acquire lock:
        ((console_sem).lock){-...}, at: [<0000000099c891ec>] down_trylock+0x20/0x4c
      
       but task is already holding lock:
        (&rq->lock){-.-.}, at: [<00000000842e1587>] __task_rq_lock+0x54/0xdc
      
       which lock already depends on the new lock.
      
       the existing dependency chain (in reverse order) is:
      
       -> #2 (&rq->lock){-.-.}:
              __lock_acquire+0x3b4/0x6e0
              lock_acquire+0xf4/0x2a8
              _raw_spin_lock+0x4c/0x60
              task_fork_fair+0x3c/0x148
              sched_fork+0x10c/0x214
              copy_process.isra.32.part.33+0x4e8/0x14f0
              _do_fork+0xe8/0x78c
              kernel_thread+0x48/0x54
              rest_init+0x34/0x2a4
              start_kernel+0x45c/0x488
      
       -> #1 (&p->pi_lock){-.-.}:
              __lock_acquire+0x3b4/0x6e0
              lock_acquire+0xf4/0x2a8
              _raw_spin_lock_irqsave+0x58/0x70
              try_to_wake_up+0x48/0x600
              wake_up_process+0x28/0x34
              __up.isra.0+0x60/0x6c
              up+0x60/0x68
              __up_console_sem+0x4c/0x7c
              console_unlock+0x328/0x634
              vprintk_emit+0x25c/0x390
              dev_vprintk_emit+0xc4/0x1fc
              dev_printk_emit+0x88/0xa8
              __dev_printk+0x58/0x9c
              _dev_info+0x84/0xa8
              usb_new_device+0x100/0x474
              hub_port_connect+0x280/0x92c
              hub_event+0x740/0xa84
              process_one_work+0x240/0x70c
              worker_thread+0x60/0x400
              kthread+0x110/0x13c
              ret_from_fork+0x10/0x18
      
       -> #0 ((console_sem).lock){-...}:
              validate_chain.isra.34+0x6e4/0xa20
              __lock_acquire+0x3b4/0x6e0
              lock_acquire+0xf4/0x2a8
              _raw_spin_lock_irqsave+0x58/0x70
              down_trylock+0x20/0x4c
              __down_trylock_console_sem+0x3c/0x9c
              console_trylock+0x20/0xb0
              vprintk_emit+0x254/0x390
              vprintk_default+0x58/0x90
              vprintk_func+0xbc/0x164
              printk+0x80/0xa0
              __dynamic_pr_debug+0x84/0xac
              gic_raise_softirq+0x184/0x18c
              smp_cross_call+0xac/0x218
              smp_send_reschedule+0x3c/0x48
              resched_curr+0x60/0x9c
              check_preempt_curr+0x70/0xdc
              wake_up_new_task+0x310/0x470
              _do_fork+0x188/0x78c
              SyS_clone+0x44/0x50
              __sys_trace_return+0x0/0x4
      
       other info that might help us debug this:
      
       Chain exists of:
         (console_sem).lock --> &p->pi_lock --> &rq->lock
      
        Possible unsafe locking scenario:
      
              CPU0                    CPU1
              ----                    ----
         lock(&rq->lock);
                                      lock(&p->pi_lock);
                                      lock(&rq->lock);
         lock((console_sem).lock);
      
        *** DEADLOCK ***
      
       2 locks held by dynamic_debug01/1873:
        #0:  (&p->pi_lock){-.-.}, at: [<000000001366df53>] wake_up_new_task+0x40/0x470
        #1:  (&rq->lock){-.-.}, at: [<00000000842e1587>] __task_rq_lock+0x54/0xdc
      
       stack backtrace:
       CPU: 10 PID: 1873 Comm: dynamic_debug01 Tainted: G        W        4.15.0+ #1
       Hardware name: GIGABYTE R120-T34-00/MT30-GS2-00, BIOS T48 10/02/2017
       Call trace:
        dump_backtrace+0x0/0x188
        show_stack+0x24/0x2c
        dump_stack+0xa4/0xe0
        print_circular_bug.isra.31+0x29c/0x2b8
        check_prev_add.constprop.39+0x6c8/0x6dc
        validate_chain.isra.34+0x6e4/0xa20
        __lock_acquire+0x3b4/0x6e0
        lock_acquire+0xf4/0x2a8
        _raw_spin_lock_irqsave+0x58/0x70
        down_trylock+0x20/0x4c
        __down_trylock_console_sem+0x3c/0x9c
        console_trylock+0x20/0xb0
        vprintk_emit+0x254/0x390
        vprintk_default+0x58/0x90
        vprintk_func+0xbc/0x164
        printk+0x80/0xa0
        __dynamic_pr_debug+0x84/0xac
        gic_raise_softirq+0x184/0x18c
        smp_cross_call+0xac/0x218
        smp_send_reschedule+0x3c/0x48
        resched_curr+0x60/0x9c
        check_preempt_curr+0x70/0xdc
        wake_up_new_task+0x310/0x470
        _do_fork+0x188/0x78c
        SyS_clone+0x44/0x50
        __sys_trace_return+0x0/0x4
       GICv3: CPU0: ICC_SGI1R_EL1 12000
      
      This could be fixed with printk_deferred() but that might lessen its
      usefulness for debugging. So change it to pr_devel to keep it out of
      production kernels. Developers working on gic-v3 can enable it as
      needed in their kernels.
      Signed-off-by: NMark Salter <msalter@redhat.com>
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      b6dd4d83
  14. 04 1月, 2018 1 次提交
    • S
      irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry · ebe2f871
      Shanker Donthineni 提交于
      The ACPI specification says OS shouldn't attempt to use GICC configuration
      parameters if the flag ACPI_MADT_ENABLED is cleared. The ARM64-SMP code
      skips the disabled GICC entries but not causing any issue. However the
      current GICv3 driver probe bails out causing kernel panic() instead of
      skipping the disabled GICC interfaces. This issue happens on systems
      where redistributor regions are not in the always-on power domain and
      one of GICC interface marked with ACPI_MADT_ENABLED=0.
      
      This patch does the two things to fix the panic.
        - Don't return an error in gic_acpi_match_gicc() for disabled GICC entry.
        - No need to keep GICR region information for disabled GICC entry.
      
      Observed kernel crash on QDF2400 platform GICC entry is disabled.
      Kernel crash traces:
        Kernel panic - not syncing: No interrupt controller found.
        CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.13.5 #26
        [<ffff000008087770>] dump_backtrace+0x0/0x218
        [<ffff0000080879dc>] show_stack+0x14/0x20
        [<ffff00000883b078>] dump_stack+0x98/0xb8
        [<ffff0000080c5c14>] panic+0x118/0x26c
        [<ffff000008b62348>] init_IRQ+0x24/0x2c
        [<ffff000008b609fc>] start_kernel+0x230/0x394
        [<ffff000008b601e4>] __primary_switched+0x64/0x6c
        ---[ end Kernel panic - not syncing: No interrupt controller found.
      
      Disabled GICC subtable example:
                         Subtable Type : 0B [Generic Interrupt Controller]
                                Length : 50
                              Reserved : 0000
                  CPU Interface Number : 0000003D
                         Processor UID : 0000003D
                 Flags (decoded below) : 00000000
                     Processor Enabled : 0
       Performance Interrupt Trig Mode : 0
       Virtual GIC Interrupt Trig Mode : 0
              Parking Protocol Version : 00000000
                 Performance Interrupt : 00000017
                        Parked Address : 0000000000000000
                          Base Address : 0000000000000000
              Virtual GIC Base Address : 0000000000000000
           Hypervisor GIC Base Address : 0000000000000000
                 Virtual GIC Interrupt : 00000019
            Redistributor Base Address : 0000FFFF88F40000
                             ARM MPIDR : 000000000000000D
                      Efficiency Class : 00
                              Reserved : 000000
      Signed-off-by: NShanker Donthineni <shankerd@codeaurora.org>
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      ebe2f871
  15. 03 1月, 2018 1 次提交
  16. 13 11月, 2017 1 次提交
  17. 12 11月, 2017 1 次提交
  18. 06 11月, 2017 1 次提交
  19. 19 10月, 2017 1 次提交
    • S
      irqchip/gic-v3: Add support for Range Selector (RS) feature · eda0d04a
      Shanker Donthineni 提交于
      A new feature Range Selector (RS) has been added to GIC specification
      in order to support more than 16 CPUs at affinity level 0. New fields
      are introduced in SGI system registers (ICC_SGI0R_EL1, ICC_SGI1R_EL1
      and ICC_ASGI1R_EL1) to relax an artificial limit of 16 at level 0.
      
      - A new RSS field in ICC_CTLR_EL3, ICC_CTLR_EL1 and ICV_CTLR_EL1:
        [18] - Range Selector Support (RSS)
        0b0 = Targeted SGIs with affinity level 0 values of 0-15 are supported.
        0b1 = Targeted SGIs with affinity level 0 values of 0-255 are supported.
      
      - A new RS field in ICC_SGI0R_EL1, ICC_SGI1R_EL1 and ICC_ASGI1R_EL1:
        [47:44] - RangeSelector (RS) which group of 16 TargetList[n] field
                  TargetList[n] represents aff0 value ((RS*16)+n)
                  When ICC_CTLR_EL3.RSS==0 or ICC_CTLR_EL1.RSS==0, RS is RES0.
      
      - A new RSS field in GICD_TYPER:
        [26] - Range Selector Support (RSS)
        0b0 = Targeted SGIs with affinity level 0 values of 0-15 are supported.
        0b1 = Targeted SGIs with affinity level 0 values of 0-255 are supported.
      Signed-off-by: NShanker Donthineni <shankerd@codeaurora.org>
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      eda0d04a
  20. 20 9月, 2017 1 次提交
  21. 31 8月, 2017 1 次提交
  22. 23 8月, 2017 3 次提交
  23. 18 8月, 2017 1 次提交
  24. 02 8月, 2017 1 次提交
    • W
      irqchip/gic: Ensure we have an ISB between ack and ->handle_irq · 39a06b67
      Will Deacon 提交于
      Devices that expose their interrupt status registers via system
      registers (e.g. Statistical profiling, CPU PMU, DynamIQ PMU, arch timer,
      vgic (although unused by Linux), ...) rely on a context synchronising
      operation on the CPU to ensure that the updated status register is
      visible to the CPU when handling the interrupt. This usually happens as
      a result of taking the IRQ exception in the first place, but there are
      two race scenarios where this isn't the case.
      
      For example, let's say we have two peripherals (X and Y), where Y uses a
      system register for its interrupt status.
      
      Case 1:
      1. CPU takes an IRQ exception as a result of X raising an interrupt
      2. Y then raises its interrupt line, but the update to its system
         register is not yet visible to the CPU
      3. The GIC decides to expose Y's interrupt number first in the Ack
         register
      4. The CPU runs the IRQ handler for Y, but the status register is stale
      
      Case 2:
      1. CPU takes an IRQ exception as a result of X raising an interrupt
      2. CPU reads the interrupt number for X from the Ack register and runs
         its IRQ handler
      3. Y raises its interrupt line and the Ack register is updated, but
         again, the update to its system register is not yet visible to the
         CPU.
      4. Since the GIC drivers poll the Ack register, we read Y's interrupt
         number and run its handler without a context synchronisation
         operation, therefore seeing the stale register value.
      
      In either case, we run the risk of missing an IRQ. This patch solves the
      problem by ensuring that we execute an ISB in the GIC drivers prior
      to invoking the interrupt handler. This is already the case for GICv3
      and EOIMode 1 (the usual case for the host).
      
      Cc: Marc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      39a06b67
  25. 04 7月, 2017 2 次提交
  26. 30 6月, 2017 1 次提交
    • S
      irqchip/gic-v3: Fix out-of-bound access in gic_set_affinity · 866d7c1b
      Suzuki K Poulose 提交于
      The GICv3 driver doesn't check if the target CPU for gic_set_affinity
      is valid before going ahead and making the changes. This triggers the
      following splat with KASAN:
      
      [  141.189434] BUG: KASAN: global-out-of-bounds in gic_set_affinity+0x8c/0x140
      [  141.189704] Read of size 8 at addr ffff200009741d20 by task swapper/1/0
      [  141.189958]
      [  141.190158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.12.0-rc7
      [  141.190458] Hardware name: Foundation-v8A (DT)
      [  141.190658] Call trace:
      [  141.190908] [<ffff200008089d70>] dump_backtrace+0x0/0x328
      [  141.191224] [<ffff20000808a1b4>] show_stack+0x14/0x20
      [  141.191507] [<ffff200008504c3c>] dump_stack+0xa4/0xc8
      [  141.191858] [<ffff20000826c19c>] print_address_description+0x13c/0x250
      [  141.192219] [<ffff20000826c5c8>] kasan_report+0x210/0x300
      [  141.192547] [<ffff20000826ad54>] __asan_load8+0x84/0x98
      [  141.192874] [<ffff20000854eeec>] gic_set_affinity+0x8c/0x140
      [  141.193158] [<ffff200008148b14>] irq_do_set_affinity+0x54/0xb8
      [  141.193473] [<ffff200008148d2c>] irq_set_affinity_locked+0x64/0xf0
      [  141.193828] [<ffff200008148e00>] __irq_set_affinity+0x48/0x78
      [  141.194158] [<ffff200008bc48a4>] arm_perf_starting_cpu+0x104/0x150
      [  141.194513] [<ffff2000080d73bc>] cpuhp_invoke_callback+0x17c/0x1f8
      [  141.194783] [<ffff2000080d94ec>] notify_cpu_starting+0x8c/0xb8
      [  141.195130] [<ffff2000080911ec>] secondary_start_kernel+0x15c/0x200
      [  141.195390] [<0000000080db81b4>] 0x80db81b4
      [  141.195603]
      [  141.195685] The buggy address belongs to the variable:
      [  141.196012]  __cpu_logical_map+0x200/0x220
      [  141.196176]
      [  141.196315] Memory state around the buggy address:
      [  141.196586]  ffff200009741c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [  141.196913]  ffff200009741c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [  141.197158] >ffff200009741d00: 00 00 00 00 fa fa fa fa 00 00 00 00 00 00 00 00
      [  141.197487]                                ^
      [  141.197758]  ffff200009741d80: 00 00 00 00 00 00 00 00 fa fa fa fa 00 00 00 00
      [  141.198060]  ffff200009741e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      [  141.198358] ==================================================================
      [  141.198609] Disabling lock debugging due to kernel taint
      [  141.198961] CPU1: Booted secondary processor [410fd051]
      
      This patch adds the check to make sure the cpu is valid.
      
      Fixes: commit 021f6537 ("irqchip: gic-v3: Initial support for GICv3")
      Cc: stable@vger.kernel.org
      Signed-off-by: NSuzuki K Poulose <suzuki.poulose@arm.com>
      Signed-off-by: NMarc Zyngier <marc.zyngier@arm.com>
      866d7c1b
  27. 25 12月, 2016 2 次提交
  28. 17 11月, 2016 1 次提交
  29. 14 10月, 2016 1 次提交
  30. 20 9月, 2016 1 次提交
    • J
      irqchip/gicv3: Silence noisy DEBUG_PER_CPU_MAPS warning · 727653d6
      James Morse 提交于
      gic_raise_softirq() walks the list of cpus using for_each_cpu(), it calls
      gic_compute_target_list() which advances the iterator by the number of
      CPUs in the cluster.
      
      If gic_compute_target_list() reaches the last CPU it leaves the iterator
      pointing at the last CPU. This means the next time round the for_each_cpu()
      loop cpumask_next() will be called with an invalid CPU.
      
      This triggers a warning when built with CONFIG_DEBUG_PER_CPU_MAPS:
      [    3.077738] GICv3: CPU1: found redistributor 1 region 0:0x000000002f120000
      [    3.077943] CPU1: Booted secondary processor [410fd0f0]
      [    3.078542] ------------[ cut here ]------------
      [    3.078746] WARNING: CPU: 1 PID: 0 at ../include/linux/cpumask.h:121 gic_raise_softirq+0x12c/0x170
      [    3.078812] Modules linked in:
      [    3.078869]
      [    3.078930] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.8.0-rc5+ #5188
      [    3.078994] Hardware name: Foundation-v8A (DT)
      [    3.079059] task: ffff80087a1a0080 task.stack: ffff80087a19c000
      [    3.079145] PC is at gic_raise_softirq+0x12c/0x170
      [    3.079226] LR is at gic_raise_softirq+0xa4/0x170
      [    3.079296] pc : [<ffff0000083ead24>] lr : [<ffff0000083eac9c>] pstate: 200001c9
      [    3.081139] Call trace:
      [    3.081202] Exception stack(0xffff80087a19fbe0 to 0xffff80087a19fd10)
      
      [    3.082269] [<ffff0000083ead24>] gic_raise_softirq+0x12c/0x170
      [    3.082354] [<ffff00000808e614>] smp_send_reschedule+0x34/0x40
      [    3.082433] [<ffff0000080e80a0>] resched_curr+0x50/0x88
      [    3.082512] [<ffff0000080e89d0>] check_preempt_curr+0x60/0xd0
      [    3.082593] [<ffff0000080e8a60>] ttwu_do_wakeup+0x20/0xe8
      [    3.082672] [<ffff0000080e8bb8>] ttwu_do_activate+0x90/0xc0
      [    3.082753] [<ffff0000080ea9a4>] try_to_wake_up+0x224/0x370
      [    3.082836] [<ffff0000080eabc8>] default_wake_function+0x10/0x18
      [    3.082920] [<ffff000008103134>] __wake_up_common+0x5c/0xa0
      [    3.083003] [<ffff0000081031f4>] __wake_up_locked+0x14/0x20
      [    3.083086] [<ffff000008103f80>] complete+0x40/0x60
      [    3.083168] [<ffff00000808df7c>] secondary_start_kernel+0x15c/0x1d0
      [    3.083240] [<00000000808911a4>] 0x808911a4
      [    3.113401] Detected PIPT I-cache on CPU2
      
      Avoid updating the iterator if the next call to cpumask_next() would
      cause the for_each_cpu() loop to exit.
      
      There is no change to gic_raise_softirq()'s behaviour, (cpumask_next()s
      eventual call to _find_next_bit() will return early as start >= nbits),
      this patch just silences the warning.
      
      Fixes: 021f6537 ("irqchip: gic-v3: Initial support for GICv3")
      Signed-off-by: NJames Morse <james.morse@arm.com>
      Acked-by: NMarc Zyngier <marc.zyngier@arm.com>
      Cc: linux-arm-kernel@lists.infradead.org
      Cc: Jason Cooper <jason@lakedaemon.net>
      Link: http://lkml.kernel.org/r/1474306155-3303-1-git-send-email-james.morse@arm.comSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      727653d6