1. 07 6月, 2016 1 次提交
    • B
      IB/cm: Fix a recently introduced locking bug · 943f44d9
      Bart Van Assche 提交于
      ib_cm_notify() can be called from interrupt context. Hence do not
      reenable interrupts unconditionally in cm_establish().
      
      This patch avoids that lockdep reports the following warning:
      
      WARNING: CPU: 0 PID: 23317 at kernel/locking/lockdep.c:2624 trace _hardirqs_on_caller+0x112/0x1b0
      DEBUG_LOCKS_WARN_ON(current->hardirq_context)
      Call Trace:
       <IRQ>  [<ffffffff812bd0e5>] dump_stack+0x67/0x92
       [<ffffffff81056f21>] __warn+0xc1/0xe0
       [<ffffffff81056f8a>] warn_slowpath_fmt+0x4a/0x50
       [<ffffffff810a5932>] trace_hardirqs_on_caller+0x112/0x1b0
       [<ffffffff810a59dd>] trace_hardirqs_on+0xd/0x10
       [<ffffffff815992c7>] _raw_spin_unlock_irq+0x27/0x40
       [<ffffffffa0382e9c>] ib_cm_notify+0x25c/0x290 [ib_cm]
       [<ffffffffa068fbc1>] srpt_qp_event+0xa1/0xf0 [ib_srpt]
       [<ffffffffa04efb97>] mlx4_ib_qp_event+0x67/0xd0 [mlx4_ib]
       [<ffffffffa034ec0a>] mlx4_qp_event+0x5a/0xc0 [mlx4_core]
       [<ffffffffa03365f8>] mlx4_eq_int+0x3d8/0xcf0 [mlx4_core]
       [<ffffffffa0336f9c>] mlx4_msi_x_interrupt+0xc/0x20 [mlx4_core]
       [<ffffffff810b0914>] handle_irq_event_percpu+0x64/0x100
       [<ffffffff810b09e4>] handle_irq_event+0x34/0x60
       [<ffffffff810b3a6a>] handle_edge_irq+0x6a/0x150
       [<ffffffff8101ad05>] handle_irq+0x15/0x20
       [<ffffffff8101a66c>] do_IRQ+0x5c/0x110
       [<ffffffff8159a2c9>] common_interrupt+0x89/0x89
       [<ffffffff81297a17>] blk_run_queue_async+0x37/0x40
       [<ffffffffa0163e53>] rq_completed+0x43/0x70 [dm_mod]
       [<ffffffffa0164896>] dm_softirq_done+0x176/0x280 [dm_mod]
       [<ffffffff812a26c2>] blk_done_softirq+0x52/0x90
       [<ffffffff8105bc1f>] __do_softirq+0x10f/0x230
       [<ffffffff8105bec8>] irq_exit+0xa8/0xb0
       [<ffffffff8103653e>] smp_trace_call_function_single_interrupt+0x2e/0x30
       [<ffffffff81036549>] smp_call_function_single_interrupt+0x9/0x10
       [<ffffffff8159a959>] call_function_single_interrupt+0x89/0x90
       <EOI>
      
      Fixes: commit be4b4993 (IB/cm: Do not queue work to a device that's going away)
      Signed-off-by: NBart Van Assche <bart.vanassche@sandisk.com>
      Cc: Erez Shitrit <erezsh@mellanox.com>
      Cc: Sean Hefty <sean.hefty@intel.com>
      Cc: Nikolay Borisov <kernel@kyup.com>
      Cc: stable <stable@vger.kernel.org> # v4.2+
      Acked-by: NErez Shitrit <erezsh@mellanox.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      943f44d9
  2. 06 6月, 2016 4 次提交
    • L
      Linux 4.7-rc2 · af8c34ce
      Linus Torvalds 提交于
      af8c34ce
    • L
      Merge branch 'parisc-4.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · 5975b2c0
      Linus Torvalds 提交于
      Pull parisc fixes from Helge Deller:
      
       - Fix printk time stamps on SMP systems which got wrong due to a patch
         which was added during the merge window
      
       - Fix two bugs in the stack backtrace code: Races in module unloading
         and possible invalid accesses to memory due to wrong instruction
         decoding (Mikulas Patocka)
      
       - Fix userspace crash when syscalls access invalid unaligned userspace
         addresses.  Those syscalls will now return EFAULT as expected.
         (tagged for stable kernel series)
      
      * 'parisc-4.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Move die_if_kernel() prototype into traps.h header
        parisc: Fix pagefault crash in unaligned __get_user() call
        parisc: Fix printk time during boot
        parisc: Fix backtrace on PA-RISC
      5975b2c0
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security · d834502e
      Linus Torvalds 提交于
      Pull key handling update from James Morris:
       "This alters a new keyctl function added in the current merge window to
        allow for a future extension planned for the next merge window"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
        KEYS: Add placeholder for KDF usage with DH
      d834502e
    • E
      devpts: Make each mount of devpts an independent filesystem. · eedf265a
      Eric W. Biederman 提交于
      The /dev/ptmx device node is changed to lookup the directory entry "pts"
      in the same directory as the /dev/ptmx device node was opened in.  If
      there is a "pts" entry and that entry is a devpts filesystem /dev/ptmx
      uses that filesystem.  Otherwise the open of /dev/ptmx fails.
      
      The DEVPTS_MULTIPLE_INSTANCES configuration option is removed, so that
      userspace can now safely depend on each mount of devpts creating a new
      instance of the filesystem.
      
      Each mount of devpts is now a separate and equal filesystem.
      
      Reserved ttys are now available to all instances of devpts where the
      mounter is in the initial mount namespace.
      
      A new vfs helper path_pts is introduced that finds a directory entry
      named "pts" in the directory of the passed in path, and changes the
      passed in path to point to it.  The helper path_pts uses a function
      path_parent_directory that was factored out of follow_dotdot.
      
      In the implementation of devpts:
       - devpts_mnt is killed as it is no longer meaningful if all mounts of
         devpts are equal.
       - pts_sb_from_inode is replaced by just inode->i_sb as all cached
         inodes in the tty layer are now from the devpts filesystem.
       - devpts_add_ref is rolled into the new function devpts_ptmx.  And the
         unnecessary inode hold is removed.
       - devpts_del_ref is renamed devpts_release and reduced to just a
         deacrivate_super.
       - The newinstance mount option continues to be accepted but is now
         ignored.
      
      In devpts_fs.h definitions for when !CONFIG_UNIX98_PTYS are removed as
      they are never used.
      
      Documentation/filesystems/devices.txt is updated to describe the current
      situation.
      
      This has been verified to work properly on openwrt-15.05, centos5,
      centos6, centos7, debian-6.0.2, debian-7.9, debian-8.2, ubuntu-14.04.3,
      ubuntu-15.10, fedora23, magia-5, mint-17.3, opensuse-42.1,
      slackware-14.1, gentoo-20151225 (13.0?), archlinux-2015-12-01.  With the
      caveat that on centos6 and on slackware-14.1 that there wind up being
      two instances of the devpts filesystem mounted on /dev/pts, the lower
      copy does not end up getting used.
      Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Greg KH <greg@kroah.com>
      Cc: Peter Hurley <peter@hurleysoftware.com>
      Cc: Peter Anvin <hpa@zytor.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Serge Hallyn <serge.hallyn@ubuntu.com>
      Cc: Willy Tarreau <w@1wt.eu>
      Cc: Aurelien Jarno <aurelien@aurel32.net>
      Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk>
      Cc: Jann Horn <jann@thejh.net>
      Cc: Jiri Slaby <jslaby@suse.com>
      Cc: Florian Weimer <fw@deneb.enyo.de>
      Cc: Konstantin Khlebnikov <koct9i@gmail.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      eedf265a
  3. 05 6月, 2016 12 次提交
    • H
      58f1c654
    • H
      parisc: Fix pagefault crash in unaligned __get_user() call · 8b78f260
      Helge Deller 提交于
      One of the debian buildd servers had this crash in the syslog without
      any other information:
      
       Unaligned handler failed, ret = -2
       clock_adjtime (pid 22578): Unaligned data reference (code 28)
       CPU: 1 PID: 22578 Comm: clock_adjtime Tainted: G  E  4.5.0-2-parisc64-smp #1 Debian 4.5.4-1
       task: 000000007d9960f8 ti: 00000001bde7c000 task.ti: 00000001bde7c000
      
            YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
       PSW: 00001000000001001111100000001111 Tainted: G            E
       r00-03  000000ff0804f80f 00000001bde7c2b0 00000000402d2be8 00000001bde7c2b0
       r04-07  00000000409e1fd0 00000000fa6f7fff 00000001bde7c148 00000000fa6f7fff
       r08-11  0000000000000000 00000000ffffffff 00000000fac9bb7b 000000000002b4d4
       r12-15  000000000015241c 000000000015242c 000000000000002d 00000000fac9bb7b
       r16-19  0000000000028800 0000000000000001 0000000000000070 00000001bde7c218
       r20-23  0000000000000000 00000001bde7c210 0000000000000002 0000000000000000
       r24-27  0000000000000000 0000000000000000 00000001bde7c148 00000000409e1fd0
       r28-31  0000000000000001 00000001bde7c320 00000001bde7c350 00000001bde7c218
       sr00-03  0000000001200000 0000000001200000 0000000000000000 0000000001200000
       sr04-07  0000000000000000 0000000000000000 0000000000000000 0000000000000000
      
       IASQ: 0000000000000000 0000000000000000 IAOQ: 00000000402d2e84 00000000402d2e88
        IIR: 0ca0d089    ISR: 0000000001200000  IOR: 00000000fa6f7fff
        CPU:        1   CR30: 00000001bde7c000 CR31: ffffffffffffffff
        ORIG_R28: 00000002369fe628
        IAOQ[0]: compat_get_timex+0x2dc/0x3c0
        IAOQ[1]: compat_get_timex+0x2e0/0x3c0
        RP(r2): compat_get_timex+0x40/0x3c0
       Backtrace:
        [<00000000402d4608>] compat_SyS_clock_adjtime+0x40/0xc0
        [<0000000040205024>] syscall_exit+0x0/0x14
      
      This means the userspace program clock_adjtime called the clock_adjtime()
      syscall and then crashed inside the compat_get_timex() function.
      Syscalls should never crash programs, but instead return EFAULT.
      
      The IIR register contains the executed instruction, which disassebles
      into "ldw 0(sr3,r5),r9".
      This load-word instruction is part of __get_user() which tried to read the word
      at %r5/IOR (0xfa6f7fff). This means the unaligned handler jumped in.  The
      unaligned handler is able to emulate all ldw instructions, but it fails if it
      fails to read the source e.g. because of page fault.
      
      The following program reproduces the problem:
      
      #define _GNU_SOURCE
      #include <unistd.h>
      #include <sys/syscall.h>
      #include <sys/mman.h>
      
      int main(void) {
              /* allocate 8k */
              char *ptr = mmap(NULL, 2*4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
              /* free second half (upper 4k) and make it invalid. */
              munmap(ptr+4096, 4096);
              /* syscall where first int is unaligned and clobbers into invalid memory region */
              /* syscall should return EFAULT */
              return syscall(__NR_clock_adjtime, 0, ptr+4095);
      }
      
      To fix this issue we simply need to check if the faulting instruction address
      is in the exception fixup table when the unaligned handler failed. If it
      is, call the fixup routine instead of crashing.
      
      While looking at the unaligned handler I found another issue as well: The
      target register should not be modified if the handler was unsuccessful.
      Signed-off-by: NHelge Deller <deller@gmx.de>
      Cc: stable@vger.kernel.org
      8b78f260
    • H
      parisc: Fix printk time during boot · 0032c088
      Helge Deller 提交于
      Avoid showing invalid printk time stamps during boot.
      Signed-off-by: NHelge Deller <deller@gmx.de>
      Reviewed-by: NAaro Koskinen <aaro.koskinen@iki.fi>
      0032c088
    • M
      parisc: Fix backtrace on PA-RISC · be24a897
      Mikulas Patocka 提交于
      This patch fixes backtrace on PA-RISC
      
      There were several problems:
      
      1) The code that decodes instructions handles instructions that subtract
      from the stack pointer incorrectly. If the instruction subtracts the
      number X from the stack pointer the code increases the frame size by
      (0x100000000-X).  This results in invalid accesses to memory and
      recursive page faults.
      
      2) Because gcc reorders blocks, handling instructions that subtract from
      the frame pointer is incorrect. For example, this function
      	int f(int a)
      	{
      		if (__builtin_expect(a, 1))
      			return a;
      		g();
      		return a;
      	}
      is compiled in such a way, that the code that decreases the stack
      pointer for the first "return a" is placed before the code for "g" call.
      If we recognize this decrement, we mistakenly believe that the frame
      size for the "g" call is zero.
      
      To fix problems 1) and 2), the patch doesn't recognize instructions that
      decrease the stack pointer at all. To further safeguard the unwind code
      against nonsense values, we don't allow frame size larger than
      Total_frame_size.
      
      3) The backtrace is not locked. If stack dump races with module unload,
      invalid table can be accessed.
      
      This patch adds a spinlock when processing module tables.
      
      Note, that for correct backtrace, you need recent binutils.
      Binutils 2.18 from Debian 5 produce garbage unwind tables.
      Binutils 2.21 work better (it sometimes forgets function frames, but at
      least it doesn't generate garbage).
      Signed-off-by: NMikulas Patocka <mpatocka@redhat.com>
      Signed-off-by: NHelge Deller <deller@gmx.de>
      be24a897
    • L
      Merge tag 'drm-fixes-for-v4.7-rc2' of git://people.freedesktop.org/~airlied/linux · 049ec1b5
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "A bunch of ARM drivers got into the fixes vibe this time around, so
        this contains a bunch of fixes for imx, atmel hlcdc, arm hdlcd (only
        so many combos of hlcd), mediatek and omap drm.
      
        Other than that there is one mgag200 fix and a few core drm regression
        fixes"
      
      * tag 'drm-fixes-for-v4.7-rc2' of git://people.freedesktop.org/~airlied/linux: (34 commits)
        drm/omap: fix unused variable warning.
        drm: hdlcd: Add information about the underlying framebuffers in debugfs
        drm: hdlcd: Cleanup the atomic plane operations
        drm/hdlcd: Fix up crtc_state->event handling
        drm: hdlcd: Revamp runtime power management
        drm/mediatek: mtk_dsi: Remove spurious drm_connector_unregister
        drm/mediatek: mtk_dpi: remove invalid error message
        drm: atmel-hlcdc: fix a NULL check
        drm: atmel-hlcdc: fix atmel_hlcdc_crtc_reset() implementation
        drm/mgag200: Black screen fix for G200e rev 4
        drm: Wrap direct calls to driver->gem_free_object from CMA
        drm: fix fb refcount issue with atomic modesetting
        drm: make drm_atomic_set_mode_prop_for_crtc() more reliable
        drm/sti: remove extra mode fixup
        drm: add missing drm_mode_set_crtcinfo call
        drm/omap: include gpio/consumer.h where needed
        drm/omap: include linux/seq_file.h where needed
        Revert "drm/omap: no need to select OMAP2_DSS"
        drm/omap: Remove regulator API abuse
        OMAPDSS: HDMI5: Change DDC timings
        ...
      049ec1b5
    • L
      Merge tag 'vfio-v4.7-rc2' of git://github.com/awilliam/linux-vfio · f2c6b9e4
      Linus Torvalds 提交于
      Pull VFIO fixes from Alex Williamson:
       "Fix irqfd shutdown ordering, build warning, and VPD short read"
      
      * tag 'vfio-v4.7-rc2' of git://github.com/awilliam/linux-vfio:
        vfio/pci: Allow VPD short read
        vfio/type1: Fix build warning
        vfio/pci: Fix ordering of eventfd vs virqfd shutdown
      f2c6b9e4
    • L
      Merge tag 'mmc-v4.7-rc1-2' of git://git.linaro.org/people/ulf.hansson/mmc · 95b46aeb
      Linus Torvalds 提交于
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - Fix/restore behaviour when selecting bus width for (e)MMC
      
        MMC host:
         - sunxi: Fix eMMC HS-DDR modes on Allwinner A80"
      
      * tag 'mmc-v4.7-rc1-2' of git://git.linaro.org/people/ulf.hansson/mmc:
        mmc: sunxi: Re-enable eMMC HS-DDR modes on Allwinner A80
        mmc: sunxi: Fix DDR MMC timings for A80
        mmc: fix mmc mode selection for HS-DDR and higher
      95b46aeb
    • L
      Merge branch 'for-linus-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs · b2d5ad82
      Linus Torvalds 提交于
      Pull btrfs fixes from Chris Mason:
       "The important part of this pull is Filipe's set of fixes for btrfs
        device replacement.  Filipe fixed a few issues seen on the list and a
        number he found on his own"
      
      * 'for-linus-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
        Btrfs: deal with duplciates during extent_map insertion in btrfs_get_extent
        Btrfs: fix race between device replace and read repair
        Btrfs: fix race between device replace and discard
        Btrfs: fix race between device replace and chunk allocation
        Btrfs: fix race setting block group back to RW mode during device replace
        Btrfs: fix unprotected assignment of the left cursor for device replace
        Btrfs: fix race setting block group readonly during device replace
        Btrfs: fix race between device replace and block group removal
        Btrfs: fix race between readahead and device replace/removal
      b2d5ad82
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client · a3021a59
      Linus Torvalds 提交于
      Pull Ceph fixes from Sage Weil:
       "We have a few follow-up fixes for the libceph refactor from Ilya, and
        then some cephfs + fscache fixes from Zheng.
      
        The first two FS-Cache patches are acked by David Howells and deemed
        trivial enough to go through our tree.  The rest fix some issues with
        the ceph fscache handling (disable cache for inodes opened for write,
        and simplify the revalidation logic accordingly, dropping the
        now-unnecessary work queue)"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
        ceph: use i_version to check validity of fscache
        ceph: improve fscache revalidation
        ceph: disable fscache when inode is opened for write
        ceph: avoid unnecessary fscache invalidation/revlidation
        ceph: call __fscache_uncache_page() if readpages fails
        FS-Cache: make check_consistency callback return int
        FS-Cache: wake write waiter after invalidating writes
        libceph: use %s instead of %pE in dout()s
        libceph: put request only if it's done in handle_reply()
        libceph: change ceph_osdmap_flag() to take osdc
      a3021a59
    • L
      Merge tag 'acpi-4.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · eb10a7b7
      Linus Torvalds 提交于
      Pull ACPI fixes from Rafael Wysocki:
       "Two fixes for problems introduced recently (ACPICA and the ACPI
        backlight driver) and one fix for an older issue that prevents at
        least one system from booting.
      
        Specifics:
      
         - Fix an incorrect check introduced by recent ACPICA changes which
           causes problems with booting KVM guests to happen, among other
           things (Lv Zheng).
      
         - Fix a backlight issue introduced by recent changes to the ACPI
           video driver (Aaron Lu).
      
         - Fix the ACPI processor initialization which attempts to register an
           IO region without checking if that really is necessary and
           sometimes prevents drivers loaded subsequently from registering
           their resources which leads to boot issues (Rafael Wysocki)"
      
      * tag 'acpi-4.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        ACPI / processor: Avoid reserving IO regions too early
        ACPICA / Hardware: Fix old register check in acpi_hw_get_access_bit_width()
        ACPI / Thermal / video: fix max_level incorrect value
      eb10a7b7
    • L
      Merge tag 'pm-4.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm · 50163203
      Linus Torvalds 提交于
      Pull power management fixes from Rafael Wysocki:
       "Two fixes for problems introduced recently in the cpufreq core and the
        intel_pstate driver.
      
        Specifics:
      
         - Fix a silly mistake related to the clamp_val() usage in a function
           added by a recent commit (Rafael Wysocki).
      
         - Reduce the log level of an annoying message added to intel_pstate
           during the recent merge window (Srinivas Pandruvada)"
      
      * tag 'pm-4.7-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
        cpufreq: Fix clamp_val() usage in cpufreq_driver_fast_switch()
        cpufreq: intel_pstate: Downgrade print level for _PPC
      50163203
    • L
      Merge branch 'akpm' (patches from Andrew) · d46d0256
      Linus Torvalds 提交于
      Merge various fixes from Andrew Morton:
       "10 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>:
        mm, page_alloc: recalculate the preferred zoneref if the context can ignore memory policies
        mm, page_alloc: reset zonelist iterator after resetting fair zone allocation policy
        mm, oom_reaper: do not use siglock in try_oom_reaper()
        mm, page_alloc: prevent infinite loop in buffered_rmqueue()
        checkpatch: reduce git commit description style false positives
        mm/z3fold.c: avoid modifying HEADLESS page and minor cleanup
        memcg: add RCU locking around css_for_each_descendant_pre() in memcg_offline_kmem()
        mm: check the return value of lookup_page_ext for all call sites
        kdump: fix dmesg gdbmacro to work with record based printk
        mm: fix overflow in vm_map_ram()
      d46d0256
  4. 04 6月, 2016 18 次提交
  5. 03 6月, 2016 5 次提交
    • T
      Merge tag 'irqchip-4.7-rc1' of... · 2eec3707
      Thomas Gleixner 提交于
      Merge tag 'irqchip-4.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/maz/arm-platforms into irq/urgent
      
      Merge irqchip updates from Marc Zyngier:
      
      - A number of embarassing buglets (GICv3, PIC32)
      - A more substential errata workaround for Cavium's GICv3 ITS
        (kept for post-rc1 due to its dependency on NUMA)
      2eec3707
    • M
      arm64: fix alignment when RANDOMIZE_TEXT_OFFSET is enabled · aed7eb83
      Mark Rutland 提交于
      With ARM64_64K_PAGES and RANDOMIZE_TEXT_OFFSET enabled, we hit the
      following issue on the boot:
      
      kernel BUG at arch/arm64/mm/mmu.c:480!
      Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
      Modules linked in:
      CPU: 0 PID: 0 Comm: swapper Not tainted 4.6.0 #310
      Hardware name: ARM Juno development board (r2) (DT)
      task: ffff000008d58a80 ti: ffff000008d30000 task.ti: ffff000008d30000
      PC is at map_kernel_segment+0x44/0xb0
      LR is at paging_init+0x84/0x5b0
      pc : [<ffff000008c450b4>] lr : [<ffff000008c451a4>] pstate: 600002c5
      
      Call trace:
      [<ffff000008c450b4>] map_kernel_segment+0x44/0xb0
      [<ffff000008c451a4>] paging_init+0x84/0x5b0
      [<ffff000008c42728>] setup_arch+0x198/0x534
      [<ffff000008c40848>] start_kernel+0x70/0x388
      [<ffff000008c401bc>] __primary_switched+0x30/0x74
      
      Commit 7eb90f2f ("arm64: cover the .head.text section in the .text
      segment mapping") removed the alignment between the .head.text and .text
      sections, and used the _text rather than the _stext interval for mapping
      the .text segment.
      
      Prior to this commit _stext was always section aligned and didn't cause
      any issue even when RANDOMIZE_TEXT_OFFSET was enabled. Since that
      alignment has been removed and _text is used to map the .text segment,
      we need ensure _text is always page aligned when RANDOMIZE_TEXT_OFFSET
      is enabled.
      
      This patch adds logic to TEXT_OFFSET fuzzing to ensure that the offset
      is always aligned to the kernel page size. To ensure this, we rely on
      the PAGE_SHIFT being available via Kconfig.
      Signed-off-by: NMark Rutland <mark.rutland@arm.com>
      Reported-by: NSudeep Holla <sudeep.holla@arm.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Fixes: 7eb90f2f ("arm64: cover the .head.text section in the .text segment mapping")
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      aed7eb83
    • M
      arm64: move {PAGE,CONT}_SHIFT into Kconfig · 030c4d24
      Mark Rutland 提交于
      In some cases (e.g. the awk for CONFIG_RANDOMIZE_TEXT_OFFSET) we would
      like to make use of PAGE_SHIFT outside of code that can include the
      usual header files.
      
      Add a new CONFIG_ARM64_PAGE_SHIFT for this, likewise with
      ARM64_CONT_SHIFT for consistency.
      Signed-off-by: NMark Rutland <mark.rutland@arm.com>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Sudeep Holla <sudeep.holla@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      030c4d24
    • M
      arm64: mm: dump: log span level · 48dd73c5
      Mark Rutland 提交于
      The page table dump code logs spans of entries at the same level
      (pgd/pud/pmd/pte) which have the same attributes. While we log the
      (decoded) attributes, we don't log the level, which leaves the output
      ambiguous and/or confusing in some cases.
      
      For example:
      
      0xffff800800000000-0xffff800980000000           6G       RW NX SHD AF        BLK UXN MEM/NORMAL
      
      If using 4K pages, this may describe a span of 6 1G block entries at the
      PGD/PUD level, or 3072 2M block entries at the PMD level.
      
      This patch adds the page table level to each output line, removing this
      ambiguity. For the example above, this will produce:
      
      0xffffffc800000000-0xffffffc980000000           6G PUD       RW NX SHD AF        BLK UXN MEM/NORMAL
      
      When 3 level tables are in use, and we use the asm-generic/nopud.h
      definitions, the dump code treats each entry in the PGD as a 1 element
      table at the PUD level, and logs spans as being PUDs, which can be
      confusing. To counteract this, the "PUD" mnemonic is replaced with "PGD"
      when CONFIG_PGTABLE_LEVELS <= 3. Likewise for "PMD" when
      CONFIG_PGTABLE_LEVELS <= 2.
      Signed-off-by: NMark Rutland <mark.rutland@arm.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Huang Shijie <shijie.huang@arm.com>
      Cc: Laura Abbott <labbott@fedoraproject.org>
      Cc: Steve Capper <steve.capper@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      48dd73c5
    • M
      arm64: update stale PAGE_OFFSET comment · a13e3a5b
      Mark Rutland 提交于
      Commit ab893fb9 ("arm64: introduce KIMAGE_VADDR as the virtual
      base of the kernel region") logically split KIMAGE_VADDR from
      PAGE_OFFSET, and since commit f9040773 ("arm64: move kernel
      image to base of vmalloc area") the two have been distinct values.
      
      Unfortunately, neither commit updated the comment above these
      definitions, which now erroneously states that PAGE_OFFSET is the start
      of the kernel image rather than the start of the linear mapping.
      
      This patch fixes said comment, and introduces an explanation of
      KIMAGE_VADDR.
      Signed-off-by: NMark Rutland <mark.rutland@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Marc Zyngier <marc.zyngier@arm.com>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      a13e3a5b