1. 26 12月, 2015 2 次提交
    • L
      Merge branch 'parisc-4.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 8db7b3c5
      Linus Torvalds 提交于
      Pull parisc system call restart fix from Helge Deller:
       "The architectural design of parisc always uses two instructions to
        call kernel syscalls (delayed branch feature).  This means that the
        instruction following the branch (located in the delay slot of the
        branch instruction) is executed before control passes to the branch
        destination.
      
        Depending on which assembler instruction and how it is used in
        usersapce in the delay slot, this sometimes made restarted syscalls
        like futex() and poll() failing with -ENOSYS"
      
      * 'parisc-4.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Fix syscall restarts
      8db7b3c5
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc · 682cb0cd
      Linus Torvalds 提交于
      Pull sparc fixes from David Miller:
      
       1) Finally make perf stack backtraces stable on sparc, several problems
          (mostly due to the context in which the user copies from the stack
          are done) contributed to this.
      
          From Rob Gardner.
      
       2) Export ADI capability if the cpu supports it.
      
       3) Hook up userfaultfd system call.
      
       4) When faults happen during user copies we really have to clean up and
          restore the FPU state fully.  Also from Rob Gardner
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
        tty/serial: Skip 'NULL' char after console break when sysrq enabled
        sparc64: fix FP corruption in user copy functions
        sparc64: Perf should save/restore fault info
        sparc64: Ensure perf can access user stacks
        sparc64: Don't set %pil in rtrap_nmi too early
        sparc64: Add ADI capability to cpu capabilities
        tty: serial: constify sunhv_ops structs
        sparc: Hook up userfaultfd system call
      682cb0cd
  2. 25 12月, 2015 7 次提交
    • V
      tty/serial: Skip 'NULL' char after console break when sysrq enabled · 079317a6
      Vijay Kumar 提交于
      When sysrq is triggered from console, serial driver for SUN hypervisor
      console receives a console break and enables the sysrq. It expects a valid
      sysrq char following with break. Meanwhile if driver receives 'NULL'
      ASCII char then it disables sysrq and sysrq handler will never be invoked.
      
      This fix skips calling uart sysrq handler when 'NULL' is received while
      sysrq is enabled.
      Signed-off-by: NVijay Kumar <vijay.ac.kumar@oracle.com>
      Acked-by: NKarl Volz <karl.volz@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      079317a6
    • R
      sparc64: fix FP corruption in user copy functions · a7c5724b
      Rob Gardner 提交于
      Short story: Exception handlers used by some copy_to_user() and
      copy_from_user() functions do not diligently clean up floating point
      register usage, and this can result in a user process seeing invalid
      values in floating point registers. This sometimes makes the process
      fail.
      
      Long story: Several cpu-specific (NG4, NG2, U1, U3) memcpy functions
      use floating point registers and VIS alignaddr/faligndata to
      accelerate data copying when source and dest addresses don't align
      well. Linux uses a lazy scheme for saving floating point registers; It
      is not done upon entering the kernel since it's a very expensive
      operation. Rather, it is done only when needed. If the kernel ends up
      not using FP regs during the course of some trap or system call, then
      it can return to user space without saving or restoring them.
      
      The various memcpy functions begin their FP code with VISEntry (or a
      variation thereof), which saves the FP regs. They conclude their FP
      code with VISExit (or a variation) which essentially marks the FP regs
      "clean", ie, they contain no unsaved values. fprs.FPRS_FEF is turned
      off so that a lazy restore will be triggered when/if the user process
      accesses floating point regs again.
      
      The bug is that the user copy variants of memcpy, copy_from_user() and
      copy_to_user(), employ an exception handling mechanism to detect faults
      when accessing user space addresses, and when this handler is invoked,
      an immediate return from the function is forced, and VISExit is not
      executed, thus leaving the fprs register in an indeterminate state,
      but often with fprs.FPRS_FEF set and one or more dirty bits. This
      results in a return to user space with invalid values in the FP regs,
      and since fprs.FPRS_FEF is on, no lazy restore occurs.
      
      This bug affects copy_to_user() and copy_from_user() for NG4, NG2,
      U3, and U1. All are fixed by using a new exception handler for those
      loads and stores that are done during the time between VISEnter and
      VISExit.
      
      n.b. In NG4memcpy, the problematic code can be triggered by a copy
      size greater than 128 bytes and an unaligned source address.  This bug
      is known to be the cause of random user process memory corruptions
      while perf is running with the callgraph option (ie, perf record -g).
      This occurs because perf uses copy_from_user() to read user stacks,
      and may fault when it follows a stack frame pointer off to an
      invalid page. Validation checks on the stack address just obscure
      the underlying problem.
      Signed-off-by: NRob Gardner <rob.gardner@oracle.com>
      Signed-off-by: NDave Aldridge <david.j.aldridge@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a7c5724b
    • R
      sparc64: Perf should save/restore fault info · 83352694
      Rob Gardner 提交于
      There have been several reports of random processes being killed with
      a bus error or segfault during userspace stack walking in perf.  One
      of the root causes of this problem is an asynchronous modification to
      thread_info fault_address and fault_code, which stems from a perf
      counter interrupt arriving during kernel processing of a "benign"
      fault, such as a TSB miss. Since perf_callchain_user() invokes
      copy_from_user() to read user stacks, a fault is not only possible,
      but probable. Validity checks on the stack address merely cover up the
      problem and reduce its frequency.
      
      The solution here is to save and restore fault_address and fault_code
      in perf_callchain_user() so that the benign fault handler is not
      disturbed by a perf interrupt.
      Signed-off-by: NRob Gardner <rob.gardner@oracle.com>
      Signed-off-by: NDave Aldridge <david.j.aldridge@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      83352694
    • R
      sparc64: Ensure perf can access user stacks · 3f74306a
      Rob Gardner 提交于
      When an interrupt (such as a perf counter interrupt) is delivered
      while executing in user space, the trap entry code puts ASI_AIUS in
      %asi so that copy_from_user() and copy_to_user() will access the
      correct memory. But if a perf counter interrupt is delivered while the
      cpu is already executing in kernel space, then the trap entry code
      will put ASI_P in %asi, and this will prevent copy_from_user() from
      reading any useful stack data in either of the perf_callchain_user_X
      functions, and thus no user callgraph data will be collected for this
      sample period. An additional problem is that a fault is guaranteed
      to occur, and though it will be silently covered up, it wastes time
      and could perturb state.
      
      In perf_callchain_user(), we ensure that %asi contains ASI_AIUS
      because we know for a fact that the subsequent calls to
      copy_from_user() are intended to read the user's stack.
      
      [ Use get_fs()/set_fs() -DaveM ]
      Signed-off-by: NRob Gardner <rob.gardner@oracle.com>
      Signed-off-by: NDave Aldridge <david.j.aldridge@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      3f74306a
    • R
      sparc64: Don't set %pil in rtrap_nmi too early · 1ca04a4c
      Rob Gardner 提交于
      Commit 28a1f533 delays setting %pil to avoid potential
      hardirq stack overflow in the common rtrap_irq path.
      Setting %pil also needs to be delayed in the rtrap_nmi
      path for the same reason.
      Signed-off-by: NRob Gardner <rob.gardner@oracle.com>
      Signed-off-by: NDave Aldridge <david.j.aldridge@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1ca04a4c
    • K
      sparc64: Add ADI capability to cpu capabilities · 82924e54
      Khalid Aziz 提交于
      Add ADI (Application Data Integrity) capability to cpu capabilities list.
      ADI capability allows virtual addresses to be encoded with a tag in
      bits 63-60. This tag serves as an access control key for the regions
      of virtual address with ADI enabled and a key set on them. Hypervisor
      encodes this capability as "adp" in "hwcap-list" property in machine
      description.
      Signed-off-by: NKhalid Aziz <khalid.aziz@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      82924e54
    • A
      tty: serial: constify sunhv_ops structs · 01fd3c27
      Aya Mahfouz 提交于
      Constifies sunhv_ops structures in tty's serial
      driver since they are not modified after their
      initialization.
      
      Detected and found using Coccinelle.
      Suggested-by: NJulia Lawall <Julia.Lawall@lip6.fr>
      Signed-off-by: NAya Mahfouz <mahfouz.saif.elyazal@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      01fd3c27
  3. 24 12月, 2015 4 次提交
    • M
      sparc: Hook up userfaultfd system call · 9bcfd78a
      Mike Kravetz 提交于
      After hooking up system call, userfaultfd selftest was successful for
      both 32 and 64 bit version of test.
      Signed-off-by: NMike Kravetz <mike.kravetz@oracle.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      9bcfd78a
    • L
      Merge tag 'sound-4.4-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · a8816434
      Linus Torvalds 提交于
      Pull sound fixes from Takashi Iwai:
       "This shouldn't be a nightmare before Christmas: just a handful small
        device-specific fixes for various ASoC and HD-audio drivers.  Most of
        them are stable fixes"
      
      * tag 'sound-4.4-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
        ASoC: fsl_sai: fix no frame clk in master mode
        ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
        ASoC: sgtl5000: fix VAG power up timing
        ASoC: rockchip: spdif: Set transmit data level to 16 samples
        ASoC: wm8974: set cache type for regmap
        ASoC: es8328: Fix shifts for mixer switches
        ASoC: davinci-mcasp: Fix XDATA check in mcasp_start_tx
        ASoC: es8328: Fix deemphasis values
      a8816434
    • L
      Merge tag 'drm-intel-fixes-2015-12-23' of git://anongit.freedesktop.org/drm-intel · 5b726e06
      Linus Torvalds 提交于
      Pull i915 drm fixes from Jani Nikula:
       "Here's a batch of i915 fixes all around.  It may be slightly bigger
        than one would hope for at this stage, but they've all been through
        testing in our -next before being picked up for v4.4.  Also, I missed
        Dave's fixes pull earlier today just because I wanted an extra testing
        round on this.  So I'm fairly confident.
      
        Wishing you all the things it is customary to wish this time of the
        year"
      
      * tag 'drm-intel-fixes-2015-12-23' of git://anongit.freedesktop.org/drm-intel:
        drm/i915: Correct max delay for HDMI hotplug live status checking
        drm/i915: mdelay(10) considered harmful
        drm/i915: Kill intel_crtc->cursor_bo
        drm/i915: Workaround CHV pipe C cursor fail
        drm/i915: Only spin whilst waiting on the current request
        drm/i915: Limit the busy wait on requests to 5us not 10ms!
        drm/i915: Break busywaiting for requests on pending signals
        drm/i915: Disable primary plane if we fail to reconstruct BIOS fb (v2)
        drm/i915: Set the map-and-fenceable flag for preallocated objects
        drm/i915: Drop the broken cursor base==0 special casing
      5b726e06
    • L
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 2bfd43d8
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "Not much happening, should have dequeued this lot earlier.
      
        One amdgpu, one nouveau and one exynos fix"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/exynos: atomic check only enabled crtc states
        drm/nouveau/bios/fan: hardcode the fan mode to linear
        drm/amdgpu: fix user fence handling
      2bfd43d8
  4. 23 12月, 2015 11 次提交
  5. 22 12月, 2015 15 次提交
  6. 21 12月, 2015 1 次提交
    • H
      parisc: Fix syscall restarts · 71a71fb5
      Helge Deller 提交于
      On parisc syscalls which are interrupted by signals sometimes failed to
      restart and instead returned -ENOSYS which in the worst case lead to
      userspace crashes.
      A similiar problem existed on MIPS and was fixed by commit e967ef02
      ("MIPS: Fix restart of indirect syscalls").
      
      On parisc the current syscall restart code assumes that all syscall
      callers load the syscall number in the delay slot of the ble
      instruction. That's how it is e.g. done in the unistd.h header file:
      	ble 0x100(%sr2, %r0)
      	ldi #syscall_nr, %r20
      Because of that assumption the current code never restored %r20 before
      returning to userspace.
      
      This assumption is at least not true for code which uses the glibc
      syscall() function, which instead uses this syntax:
      	ble 0x100(%sr2, %r0)
      	copy regX, %r20
      where regX depend on how the compiler optimizes the code and register
      usage.
      
      This patch fixes this problem by adding code to analyze how the syscall
      number is loaded in the delay branch and - if needed - copy the syscall
      number to regX prior returning to userspace for the syscall restart.
      Signed-off-by: NHelge Deller <deller@gmx.de>
      Cc: stable@vger.kernel.org
      Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
      71a71fb5