1. 16 3月, 2017 2 次提交
    • T
      x86: Remap GDT tables in the fixmap section · 69218e47
      Thomas Garnier 提交于
      Each processor holds a GDT in its per-cpu structure. The sgdt
      instruction gives the base address of the current GDT. This address can
      be used to bypass KASLR memory randomization. With another bug, an
      attacker could target other per-cpu structures or deduce the base of
      the main memory section (PAGE_OFFSET).
      
      This patch relocates the GDT table for each processor inside the
      fixmap section. The space is reserved based on number of supported
      processors.
      
      For consistency, the remapping is done by default on 32 and 64-bit.
      
      Each processor switches to its remapped GDT at the end of
      initialization. For hibernation, the main processor returns with the
      original GDT and switches back to the remapping at completion.
      
      This patch was tested on both architectures. Hibernation and KVM were
      both tested specially for their usage of the GDT.
      
      Thanks to Boris Ostrovsky <boris.ostrovsky@oracle.com> for testing and
      recommending changes for Xen support.
      Signed-off-by: NThomas Garnier <thgarnie@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Chris Wilson <chris@chris-wilson.co.uk>
      Cc: Christian Borntraeger <borntraeger@de.ibm.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Jiri Kosina <jikos@kernel.org>
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Juergen Gross <jgross@suse.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Len Brown <len.brown@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Lorenzo Stoakes <lstoakes@gmail.com>
      Cc: Luis R . Rodriguez <mcgrof@kernel.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Pavel Machek <pavel@ucw.cz>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Rafael J . Wysocki <rjw@rjwysocki.net>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Stanislaw Gruszka <sgruszka@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tim Chen <tim.c.chen@linux.intel.com>
      Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
      Cc: kasan-dev@googlegroups.com
      Cc: kernel-hardening@lists.openwall.com
      Cc: kvm@vger.kernel.org
      Cc: lguest@lists.ozlabs.org
      Cc: linux-doc@vger.kernel.org
      Cc: linux-efi@vger.kernel.org
      Cc: linux-mm@kvack.org
      Cc: linux-pm@vger.kernel.org
      Cc: xen-devel@lists.xenproject.org
      Cc: zijun_hu <zijun_hu@htc.com>
      Link: http://lkml.kernel.org/r/20170314170508.100882-2-thgarnie@google.comSigned-off-by: NIngo Molnar <mingo@kernel.org>
      69218e47
    • T
      x86/mm: Adapt MODULES_END based on fixmap section size · f06bdd40
      Thomas Garnier 提交于
      This patch aligns MODULES_END to the beginning of the fixmap section.
      It optimizes the space available for both sections. The address is
      pre-computed based on the number of pages required by the fixmap
      section.
      
      It will allow GDT remapping in the fixmap section. The current
      MODULES_END static address does not provide enough space for the kernel
      to support a large number of processors.
      Signed-off-by: NThomas Garnier <thgarnie@google.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
      Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: Chris Wilson <chris@chris-wilson.co.uk>
      Cc: Christian Borntraeger <borntraeger@de.ibm.com>
      Cc: Dmitry Vyukov <dvyukov@google.com>
      Cc: Frederic Weisbecker <fweisbec@gmail.com>
      Cc: Jiri Kosina <jikos@kernel.org>
      Cc: Joerg Roedel <joro@8bytes.org>
      Cc: Jonathan Corbet <corbet@lwn.net>
      Cc: Josh Poimboeuf <jpoimboe@redhat.com>
      Cc: Juergen Gross <jgross@suse.com>
      Cc: Kees Cook <keescook@chromium.org>
      Cc: Len Brown <len.brown@intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Lorenzo Stoakes <lstoakes@gmail.com>
      Cc: Luis R . Rodriguez <mcgrof@kernel.org>
      Cc: Matt Fleming <matt@codeblueprint.co.uk>
      Cc: Michal Hocko <mhocko@suse.com>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Pavel Machek <pavel@ucw.cz>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Radim Krčmář <rkrcmar@redhat.com>
      Cc: Rafael J . Wysocki <rjw@rjwysocki.net>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Stanislaw Gruszka <sgruszka@redhat.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Tim Chen <tim.c.chen@linux.intel.com>
      Cc: Vitaly Kuznetsov <vkuznets@redhat.com>
      Cc: kasan-dev@googlegroups.com
      Cc: kernel-hardening@lists.openwall.com
      Cc: kvm@vger.kernel.org
      Cc: lguest@lists.ozlabs.org
      Cc: linux-doc@vger.kernel.org
      Cc: linux-efi@vger.kernel.org
      Cc: linux-mm@kvack.org
      Cc: linux-pm@vger.kernel.org
      Cc: xen-devel@lists.xenproject.org
      Cc: zijun_hu <zijun_hu@htc.com>
      Link: http://lkml.kernel.org/r/20170314170508.100882-1-thgarnie@google.com
      [ Small build fix. ]
      Signed-off-by: NIngo Molnar <mingo@kernel.org>
      f06bdd40
  2. 14 3月, 2017 7 次提交
  3. 13 3月, 2017 8 次提交
    • D
      x86/mm: Make mmap(MAP_32BIT) work correctly · 3e6ef9c8
      Dmitry Safonov 提交于
      mmap(MAP_32BIT) is broken due to the dependency on the TIF_ADDR32 thread
      flag.
      
      For 64bit applications MAP_32BIT will force legacy bottom-up allocations and
      the 1GB address space restriction even if the application issued a compat
      syscall, which should not be subject of these restrictions.
      
      For 32bit applications, which issue 64bit syscalls the newly introduced
      mmap base separation into 64-bit and compat bases changed the behaviour
      because now a 64-bit mapping is returned, but due to the TIF_ADDR32
      dependency MAP_32BIT is ignored. Before the separation a 32-bit mapping was
      returned, so the MAP_32BIT handling was irrelevant.
      
      Replace the check for TIF_ADDR32 with a check for the compat syscall. That
      solves both the 64-bit issuing a compat syscall and the 32-bit issuing a
      64-bit syscall problems.
      
      [ tglx: Massaged changelog ]
      Signed-off-by: NDmitry Safonov <dsafonov@virtuozzo.com>
      Cc: 0x7f454c46@gmail.com
      Cc: linux-mm@kvack.org
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Cyrill Gorcunov <gorcunov@openvz.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Link: http://lkml.kernel.org/r/20170306141721.9188-5-dsafonov@virtuozzo.comSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      3e6ef9c8
    • D
      x86/mm: Introduce mmap_compat_base() for 32-bit mmap() · 1b028f78
      Dmitry Safonov 提交于
      mmap() uses a base address, from which it starts to look for a free space
      for allocation.
      
      The base address is stored in mm->mmap_base, which is calculated during
      exec(). The address depends on task's size, set rlimit for stack, ASLR
      randomization. The base depends on the task size and the number of random
      bits which are different for 64-bit and 32bit applications.
      
      Due to the fact, that the base address is fixed, its mmap() from a compat
      (32bit) syscall issued by a 64bit task will return a address which is based
      on the 64bit base address and does not fit into the 32bit address space
      (4GB). The returned pointer is truncated to 32bit, which results in an
      invalid address.
      
      To solve store a seperate compat address base plus a compat legacy address
      base in mm_struct. These bases are calculated at exec() time and can be
      used later to address the 32bit compat mmap() issued by 64 bit
      applications.
      
      As a consequence of this change 32-bit applications issuing a 64-bit
      syscall (after doing a long jump) will get a 64-bit mapping now. Before
      this change 32-bit applications always got a 32bit mapping.
      
      [ tglx: Massaged changelog and added a comment ]
      Signed-off-by: NDmitry Safonov <dsafonov@virtuozzo.com>
      Cc: 0x7f454c46@gmail.com
      Cc: linux-mm@kvack.org
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Cyrill Gorcunov <gorcunov@openvz.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Link: http://lkml.kernel.org/r/20170306141721.9188-4-dsafonov@virtuozzo.comSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      1b028f78
    • D
      x86/mm: Add task_size parameter to mmap_base() · 8f3e474f
      Dmitry Safonov 提交于
      To correctly handle 32-bit and 64-bit mmap() syscalls in 64bit applications
      its required to have separate address bases to place a mapping.
      
      The tasksize can be used as an indicator to select the proper parameters
      for mmap_base().
      
      This requires the following changes:
      
       - Add task_size argument to mmap_base() and make the calculation based on it.
       - Provide mmap_legacy_base() as a seperate function
       - Use the new functions in arch_pick_mmap_layout()
      
      [ tglx: Massaged changelog ]
      Signed-off-by: NDmitry Safonov <dsafonov@virtuozzo.com>
      Cc: 0x7f454c46@gmail.com
      Cc: linux-mm@kvack.org
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Cyrill Gorcunov <gorcunov@openvz.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Link: http://lkml.kernel.org/r/20170306141721.9188-3-dsafonov@virtuozzo.comSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      8f3e474f
    • D
      x86/mm: Introduce arch_rnd() to compute 32/64 mmap random base · 6a0b41d1
      Dmitry Safonov 提交于
      The compat (32bit) mmap() sycall issued by a 64-bit task results in a
      mapping above 4GB. That's outside the compat mode address space and
      prevents CRIU to restore 32bit processes from a 64bit application.
      
      As a first step to address this, split out the address base randomizing
      calculation from arch_mmap_rnd() into a helper function, which can be used
      independent of mmap_ia32() based decisions.
      
      [ tglx: Massaged changelog ]
      Suggested-by: NThomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NDmitry Safonov <dsafonov@virtuozzo.com>
      Cc: 0x7f454c46@gmail.com
      Cc: linux-mm@kvack.org
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Cyrill Gorcunov <gorcunov@openvz.org>
      Cc: Borislav Petkov <bp@suse.de>
      Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
      Link: http://lkml.kernel.org/r/20170306141721.9188-2-dsafonov@virtuozzo.comSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      6a0b41d1
    • L
      Linux 4.11-rc2 · 4495c08e
      Linus Torvalds 提交于
      4495c08e
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 56b24d1b
      Linus Torvalds 提交于
      Pull s390 fixes from Martin Schwidefsky:
      
       - four patches to get the new cputime code in shape for s390
      
       - add the new statx system call
      
       - a few bug fixes
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: wire up statx system call
        KVM: s390: Fix guest migration for huge guests resulting in panic
        s390/ipl: always use load normal for CCW-type re-IPL
        s390/timex: micro optimization for tod_to_ns
        s390/cputime: provide archicture specific cputime_to_nsecs
        s390/cputime: reset all accounting fields on fork
        s390/cputime: remove last traces of cputime_t
        s390: fix in-kernel program checks
        s390/crypt: fix missing unlock in ctr_paes_crypt on error path
      56b24d1b
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 5a45a5a8
      Linus Torvalds 提交于
      Pull x86 fixes from Thomas Gleixner:
      
       - a fix for the kexec/purgatory regression which was introduced in the
         merge window via an innocent sparse fix. We could have reverted that
         commit, but on deeper inspection it turned out that the whole
         machinery is neither documented nor robust. So a proper cleanup was
         done instead
      
       - the fix for the TLB flush issue which was discovered recently
      
       - a simple typo fix for a reboot quirk
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/tlb: Fix tlb flushing when lguest clears PGE
        kexec, x86/purgatory: Unbreak it and clean it up
        x86/reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk
      5a45a5a8
    • L
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ecade114
      Linus Torvalds 提交于
      Pull irq fixes from Thomas Gleixner:
      
       - a workaround for a GIC erratum
      
       - a missing stub function for CONFIG_IRQDOMAIN=n
      
       - fixes for a couple of type inconsistencies
      
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        irqchip/crossbar: Fix incorrect type of register size
        irqchip/gicv3-its: Add workaround for QDF2400 ITS erratum 0065
        irqdomain: Add empty irq_domain_check_msi_remap
        irqchip/crossbar: Fix incorrect type of local variables
      ecade114
  4. 12 3月, 2017 5 次提交
    • D
      x86/tlb: Fix tlb flushing when lguest clears PGE · 2c4ea6e2
      Daniel Borkmann 提交于
      Fengguang reported random corruptions from various locations on x86-32
      after commits d2852a22 ("arch: add ARCH_HAS_SET_MEMORY config") and
      9d876e79 ("bpf: fix unlocking of jited image when module ronx not set")
      that uses the former. While x86-32 doesn't have a JIT like x86_64, the
      bpf_prog_lock_ro() and bpf_prog_unlock_ro() got enabled due to
      ARCH_HAS_SET_MEMORY, whereas Fengguang's test kernel doesn't have module
      support built in and therefore never had the DEBUG_SET_MODULE_RONX setting
      enabled.
      
      After investigating the crashes further, it turned out that using
      set_memory_ro() and set_memory_rw() didn't have the desired effect, for
      example, setting the pages as read-only on x86-32 would still let
      probe_kernel_write() succeed without error. This behavior would manifest
      itself in situations where the vmalloc'ed buffer was accessed prior to
      set_memory_*() such as in case of bpf_prog_alloc(). In cases where it
      wasn't, the page attribute changes seemed to have taken effect, leading to
      the conclusion that a TLB invalidate didn't happen. Moreover, it turned out
      that this issue reproduced with qemu in "-cpu kvm64" mode, but not for
      "-cpu host". When the issue occurs, change_page_attr_set_clr() did trigger
      a TLB flush as expected via __flush_tlb_all() through cpa_flush_range(),
      though.
      
      There are 3 variants for issuing a TLB flush: invpcid_flush_all() (depends
      on CPU feature bits X86_FEATURE_INVPCID, X86_FEATURE_PGE), cr4 based flush
      (depends on X86_FEATURE_PGE), and cr3 based flush.  For "-cpu host" case in
      my setup, the flush used invpcid_flush_all() variant, whereas for "-cpu
      kvm64", the flush was cr4 based. Switching the kvm64 case to cr3 manually
      worked fine, and further investigating the cr4 one turned out that
      X86_CR4_PGE bit was not set in cr4 register, meaning the
      __native_flush_tlb_global_irq_disabled() wrote cr4 twice with the same
      value instead of clearing X86_CR4_PGE in the first write to trigger the
      flush.
      
      It turned out that X86_CR4_PGE was cleared from cr4 during init from
      lguest_arch_host_init() via adjust_pge(). The X86_FEATURE_PGE bit is also
      cleared from there due to concerns of using PGE in guest kernel that can
      lead to hard to trace bugs (see bff672e6 ("lguest: documentation V:
      Host") in init()). The CPU feature bits are cleared in dynamic
      boot_cpu_data, but they never propagated to __flush_tlb_all() as it uses
      static_cpu_has() instead of boot_cpu_has() for testing which variant of TLB
      flushing to use, meaning they still used the old setting of the host
      kernel.
      
      Clearing via setup_clear_cpu_cap(X86_FEATURE_PGE) so this would propagate
      to static_cpu_has() checks is too late at this point as sections have been
      patched already, so for now, it seems reasonable to switch back to
      boot_cpu_has(X86_FEATURE_PGE) as it was prior to commit c109bf95
      ("x86/cpufeature: Remove cpu_has_pge"). This lets the TLB flush trigger via
      cr3 as originally intended, properly makes the new page attributes visible
      and thus fixes the crashes seen by Fengguang.
      
      Fixes: c109bf95 ("x86/cpufeature: Remove cpu_has_pge")
      Reported-by: NFengguang Wu <fengguang.wu@intel.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Cc: bp@suse.de
      Cc: Kees Cook <keescook@chromium.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: netdev@vger.kernel.org
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: Alexei Starovoitov <ast@kernel.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: lkp@01.org
      Cc: Laura Abbott <labbott@redhat.com>
      Cc: stable@vger.kernel.org
      Link: http://lkml.kernrl.org/r/20170301125426.l4nf65rx4wahohyl@wfg-t540p.sh.intel.com
      Link: http://lkml.kernel.org/r/25c41ad9eca164be4db9ad84f768965b7eb19d9e.1489191673.git.daniel@iogearbox.netSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      2c4ea6e2
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 106e4da6
      Linus Torvalds 提交于
      Pull KVM fixes from Radim Krčmář:
       "ARM updates from Marc Zyngier:
         - vgic updates:
           - Honour disabling the ITS
           - Don't deadlock when deactivating own interrupts via MMIO
           - Correctly expose the lact of IRQ/FIQ bypass on GICv3
      
         - I/O virtualization:
           - Make KVM_CAP_NR_MEMSLOTS big enough for large guests with many
             PCIe devices
      
         - General bug fixes:
           - Gracefully handle exception generated with syndroms that the host
             doesn't understand
           - Properly invalidate TLBs on VHE systems
      
        x86:
         - improvements in emulation of VMCLEAR, VMX MSR bitmaps, and VCPU
           reset
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: nVMX: do not warn when MSR bitmap address is not backed
        KVM: arm64: Increase number of user memslots to 512
        KVM: arm/arm64: Remove KVM_PRIVATE_MEM_SLOTS definition that are unused
        KVM: arm/arm64: Enable KVM_CAP_NR_MEMSLOTS on arm/arm64
        KVM: Add documentation for KVM_CAP_NR_MEMSLOTS
        KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled
        arm64: KVM: Survive unknown traps from guests
        arm: KVM: Survive unknown traps from guests
        KVM: arm/arm64: Let vcpu thread modify its own active state
        KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
        kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
        KVM: arm/arm64: vgic-v3: Don't pretend to support IRQ/FIQ bypass
        arm64: KVM: VHE: Clear HCR_TGE when invalidating guest TLBs
      106e4da6
    • L
      Merge tag 'extable-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux · 4b050f22
      Linus Torvalds 提交于
      Pull extable.h fix from Paul Gortmaker:
       "Fixup for arch/score after extable.h introduction.
      
        It seems that Guenter is the only one on the planet doing builds for
        arch/score -- we don't have compile coverage for it in linux-next or
        in the kbuild-bot either. Guenter couldn't even recall where he got
        his toolchain, but was kind enough to share it with me so I could
        validate this change and also add arch/score to my build coverage.
      
        I sat on this a bit in case there was any other fallout in other arch
        dirs, but since this still seems to be the only one, I might as well
        send it on its way"
      
      * tag 'extable-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux:
        score: Fix implicit includes now failing build after extable change
      4b050f22
    • L
      Merge tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random · 84c37c16
      Linus Torvalds 提交于
      Pull random updates from Ted Ts'o:
       "Change get_random_{int,log} to use the CRNG used by /dev/urandom and
        getrandom(2). It's faster and arguably more secure than cut-down MD5
        that we had been using.
      
        Also do some code cleanup"
      
      * tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
        random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
        random: convert get_random_int/long into get_random_u32/u64
        random: use chacha20 for get_random_int/long
        random: fix comment for unused random_min_urandom_seed
        random: remove variable limit
        random: remove stale urandom_init_wait
        random: remove stale maybe_reseed_primary_crng
      84c37c16
    • G
      score: Fix implicit includes now failing build after extable change · 0acf6119
      Guenter Roeck 提交于
      After changing from module.h to extable.h, score builds fail with:
      
        arch/score/kernel/traps.c: In function 'do_ri':
        arch/score/kernel/traps.c:248:4: error: implicit declaration of function 'user_disable_single_step'
        arch/score/mm/extable.c: In function 'fixup_exception':
        arch/score/mm/extable.c:32:38: error: dereferencing pointer to incomplete type
        arch/score/mm/extable.c:34:24: error: dereferencing pointer to incomplete type
      
      because extable.h doesn't drag in the same amount of headers as the
      module.h did.  Add in the headers which were implicitly expected.
      
      Fixes: 90858794 ("module.h: remove extable.h include now users have migrated")
      Signed-off-by: NGuenter Roeck <linux@roeck-us.net>
      [PG: tweak commit log; refresh for sched header refactoring.]
      Signed-off-by: NPaul Gortmaker <paul.gortmaker@windriver.com>
      0acf6119
  5. 11 3月, 2017 10 次提交
    • L
      Merge tag 'tty-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty · 434fd635
      Linus Torvalds 提交于
      Pull tty/serial fixes frpm Greg KH:
       "Here are two bugfixes for tty stuff for 4.11-rc2.
      
        One of them resolves the pretty bad bug in the n_hdlc code that
        Alexander Popov found and fixed and has been reported everywhere. The
        other just fixes a samsung serial driver issue when DMA fails on some
        systems.
      
        Both have been in linux-next with no reported issues"
      
      * tag 'tty-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
        serial: samsung: Continue to work if DMA request fails
        tty: n_hdlc: get rid of racy n_hdlc.tbuf
      434fd635
    • L
      Merge tag 'staging-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · 85298808
      Linus Torvalds 提交于
      Pull staging driver fixes from Greg KH:
       "Here are two small build warning fixes for some staging drivers that
        Arnd has found on his valiant quest to get the kernel to build
        properly with no warnings.
      
        Both of these have been in linux-next this week and resolve the
        reported issues"
      
      * tag 'staging-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging: octeon: remove unused variable
        staging/vc04_services: add CONFIG_OF dependency
      85298808
    • L
      Merge tag 'usb-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · 46552bf4
      Linus Torvalds 提交于
      Pull USB fixes from Greg KH:
       "Here is a number of different USB fixes for 4.11-rc2.
      
        Seems like there were a lot of unresolved issues that people have been
        finding for this subsystem, and a bunch of good security auditing
        happening as well from Johan Hovold. There's the usual batch of gadget
        driver fixes and xhci issues resolved as well.
      
       All of these have been in linux-next with no reported issues"
      
      * tag 'usb-4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (35 commits)
        usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers
        usb: host: xhci-dbg: HCIVERSION should be a binary number
        usb: xhci: remove dummy extra_priv_size for size of xhci_hcd struct
        usb: xhci-mtk: check hcc_params after adding primary hcd
        USB: serial: digi_acceleport: fix OOB-event processing
        MAINTAINERS: usb251xb: remove reference inexistent file
        doc: dt-bindings: usb251xb: mark reg as required
        usb: usb251xb: dt: add unit suffix to oc-delay and power-on-time
        usb: usb251xb: remove max_{power,current}_{sp,bp} properties
        usb-storage: Add ignore-residue quirk for Initio INIC-3619
        USB: iowarrior: fix NULL-deref in write
        USB: iowarrior: fix NULL-deref at probe
        usb: phy: isp1301: Add OF device ID table
        usb: ohci-at91: Do not drop unhandled USB suspend control requests
        USB: serial: safe_serial: fix information leak in completion handler
        USB: serial: io_ti: fix information leak in completion handler
        USB: serial: omninet: drop open callback
        USB: serial: omninet: fix reference leaks at open
        USB: serial: io_ti: fix NULL-deref in interrupt callback
        usb: dwc3: gadget: make to increment req->remaining in all cases
        ...
      46552bf4
    • L
      Merge tag 'pinctrl-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl · cb853a82
      Linus Torvalds 提交于
      Pull pinctrl fixes from Linus Walleij:
       "Two smaller pin control fixes for the v4.11 series:
      
         - Add a get_direction() function to the qcom driver
      
         - Fix two pin names in the uniphier driver"
      
      * tag 'pinctrl-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
        pinctrl: uniphier: change pin names of aio/xirq for LD11
        pinctrl: qcom: add get_direction function
      cb853a82
    • T
      kexec, x86/purgatory: Unbreak it and clean it up · 40c50c1f
      Thomas Gleixner 提交于
      The purgatory code defines global variables which are referenced via a
      symbol lookup in the kexec code (core and arch).
      
      A recent commit addressing sparse warnings made these static and thereby
      broke kexec_file.
      
      Why did this happen? Simply because the whole machinery is undocumented and
      lacks any form of forward declarations. The variable names are unspecific
      and lack a prefix, so adding forward declarations creates shadow variables
      in the core code. Aside of that the code relies on magic constants and
      duplicate struct definitions with no way to ensure that these things stay
      in sync. The section placement of the purgatory variables happened by
      chance and not by design.
      
      Unbreak kexec and cleanup the mess:
      
       - Add proper forward declarations and document the usage
       - Use common struct definition
       - Use the proper common defines instead of magic constants
       - Add a purgatory_ prefix to have a proper name space
       - Use ARRAY_SIZE() instead of a homebrewn reimplementation
       - Add proper sections to the purgatory variables [ From Mike ]
      
      Fixes: 72042a8c ("x86/purgatory: Make functions and variables static")
      Reported-by: NMike Galbraith <&lt;efault@gmx.de>
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Nicholas Mc Guire <der.herr@hofr.at>
      Cc: Borislav Petkov <bp@alien8.de>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Cc: "Tobin C. Harding" <me@tobin.cc>
      Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1703101315140.3681@nanosSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      40c50c1f
    • L
      Merge tag 'ceph-for-4.11-rc2' of git://github.com/ceph/ceph-client · 24c534bb
      Linus Torvalds 提交于
      Pull ceph fixes from Ilya Dryomov:
      
       - a fix for the recently discovered misdirected requests bug present in
         jewel and later on the server side and all stable kernels
      
       - a fixup for -rc1 CRUSH changes
      
       - two usability enhancements: osd_request_timeout option and
         supported_features bus attribute.
      
      * tag 'ceph-for-4.11-rc2' of git://github.com/ceph/ceph-client:
        libceph: osd_request_timeout option
        rbd: supported_features bus attribute
        libceph: don't set weight to IN when OSD is destroyed
        libceph: fix crush_decode() for older maps
      24c534bb
    • L
      Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux · 2baf3809
      Linus Torvalds 提交于
      Pull i2c fixes from Wolfram Sang:
       "Here are some driver bugfixes from I2C.
      
        Unusual this time are the two reverts. One because I accidently picked
        a patch from the list which I should have pulled from my co-maintainer
        instead ("missing of_node_put"). And one which I wrongly assumed to be
        an easy fix but it turned out already that it needs more iterations
        ("copy device properties")"
      
      * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
        Revert "i2c: copy device properties when using i2c_register_board_info()"
        Revert "i2c: add missing of_node_put in i2c_mux_del_adapters"
        i2c: exynos5: Avoid transaction timeouts due TRANSFER_DONE_AUTO not set
        i2c: designware: add reset interface
        i2c: meson: fix wrong variable usage in meson_i2c_put_data
        i2c: copy device properties when using i2c_register_board_info()
        i2c: m65xx: drop superfluous quirk structure
        i2c: brcmstb: Fix START and STOP conditions
        i2c: add missing of_node_put in i2c_mux_del_adapters
        i2c: riic: fix restart condition
        i2c: add missing of_node_put in i2c_mux_del_adapters
      2baf3809
    • L
      Merge tag 'drm-fixes-for-4.11-rc2' of git://people.freedesktop.org/~airlied/linux · 7c7fba98
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "Intel, amd and mxsfb fixes.
      
        These are the drm fixes I've collected for rc2. Mostly i915 GVT only
        fixes, along with a single EDID fix, some mxsfb fixes and a few minor
        amd fixes"
      
      * tag 'drm-fixes-for-4.11-rc2' of git://people.freedesktop.org/~airlied/linux: (38 commits)
        drm: mxsfb: Implement drm_panel handling
        drm: mxsfb_crtc: Fix the framebuffer misplacement
        drm: mxsfb: Fix crash when provided invalid DT bindings
        drm: mxsfb: fix pixel clock polarity
        drm: mxsfb: use bus_format to determine LCD bus width
        drm/amdgpu: bump driver version for some new features
        drm/amdgpu: validate paramaters in the gem ioctl
        drm/amd/amdgpu: fix console deadlock if late init failed
        drm/i915/gvt: change some gvt_err to gvt_dbg_cmd
        drm/i915/gvt: protect RO and Rsvd bits of virtual vgpu configuration space
        drm/i915/gvt: handle workload lifecycle properly
        drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058
        drm/i915/gvt: fix an error for F_RO flag
        drm/i915/gvt: use pfn_valid for better checking
        drm/i915/gvt: set SFUSE_STRAP properly for vitual monitor detection
        drm/i915/gvt: fix an error for one register
        drm/i915/gvt: add more registers into handlers list
        drm/i915/gvt: have more registers with F_CMD_ACCESS flags set
        drm/i915/gvt: add some new MMIOs to cmd_access white list
        drm/i915/gvt: fix pcode mailbox write emulation of BDW
        ...
      7c7fba98
    • L
      Merge branch 'prep-for-5level' · baeedc71
      Linus Torvalds 提交于
      Merge 5-level page table prep from Kirill Shutemov:
       "Here's relatively low-risk part of 5-level paging patchset. Merging it
        now will make x86 5-level paging enabling in v4.12 easier.
      
        The first patch is actually x86-specific: detect 5-level paging
        support. It boils down to single define.
      
        The rest of patchset converts Linux MMU abstraction from 4- to 5-level
        paging.
      
        Enabling of new abstraction in most cases requires adding single line
        of code in arch-specific code. The rest is taken care by asm-generic/.
      
        Changes to mm/ code are mostly mechanical: add support for new page
        table level -- p4d_t -- where we deal with pud_t now.
      
        v2:
         - fix build on microblaze (Michal);
         - comment for __ARCH_HAS_5LEVEL_HACK in kasan_populate_zero_shadow();
         - acks from Michal"
      
      * emailed patches from Kirill A Shutemov <kirill.shutemov@linux.intel.com>:
        mm: introduce __p4d_alloc()
        mm: convert generic code to 5-level paging
        asm-generic: introduce <asm-generic/pgtable-nop4d.h>
        arch, mm: convert all architectures to use 5level-fixup.h
        asm-generic: introduce __ARCH_USE_5LEVEL_HACK
        asm-generic: introduce 5level-fixup.h
        x86/cpufeature: Add 5-level paging detection
      baeedc71
    • L
      Merge branch 'akpm' (patches from Andrew) · 8fe3ccae
      Linus Torvalds 提交于
      Merge fixes from Andrew Morton:
       "26 fixes"
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (26 commits)
        userfaultfd: remove wrong comment from userfaultfd_ctx_get()
        fat: fix using uninitialized fields of fat_inode/fsinfo_inode
        sh: cayman: IDE support fix
        kasan: fix races in quarantine_remove_cache()
        kasan: resched in quarantine_remove_cache()
        mm: do not call mem_cgroup_free() from within mem_cgroup_alloc()
        thp: fix another corner case of munlock() vs. THPs
        rmap: fix NULL-pointer dereference on THP munlocking
        mm/memblock.c: fix memblock_next_valid_pfn()
        userfaultfd: selftest: vm: allow to build in vm/ directory
        userfaultfd: non-cooperative: userfaultfd_remove revalidate vma in MADV_DONTNEED
        userfaultfd: non-cooperative: fix fork fctx->new memleak
        mm/cgroup: avoid panic when init with low memory
        drivers/md/bcache/util.h: remove duplicate inclusion of blkdev.h
        mm/vmstats: add thp_split_pud event for clarity
        include/linux/fs.h: fix unsigned enum warning with gcc-4.2
        userfaultfd: non-cooperative: release all ctx in dup_userfaultfd_complete
        userfaultfd: non-cooperative: robustness check
        userfaultfd: non-cooperative: rollback userfaultfd_exit
        x86, mm: unify exit paths in gup_pte_range()
        ...
      8fe3ccae
  6. 10 3月, 2017 8 次提交
    • M
      x86/reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk · bba8376a
      Matjaz Hegedic 提交于
      The reboot quirk for ASUS EeeBook X205TA contains a typo in
      DMI_PRODUCT_NAME, improperly referring to X205TAW instead of
      X205TA, which prevents the quirk from being triggered. The
      model X205TAW already has a reboot quirk of its own.
      
      This fix simply removes the inappropriate final letter W.
      
      Fixes: 90b28ded ("x86/reboot/quirks: Add ASUS EeeBook X205TA reboot quirk")
      Signed-off-by: NMatjaz Hegedic <matjaz.hegedic@gmail.com>
      Link: http://lkml.kernel.org/r/1489064417-7445-1-git-send-email-matjaz.hegedic@gmail.comSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
      bba8376a
    • L
      Merge tag 'xfs-4.11-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux · 9db61d6f
      Linus Torvalds 提交于
      Pull xfs fixes from Darrick Wong:
       "Here are some bug fixes for -rc2 to clean up the copy on write
        handling and to remove a cause of hangs.
      
         - Fix various iomap bugs
      
         - Fix overly aggressive CoW preallocation garbage collection
      
         - Fixes to CoW endio error handling
      
         - Fix some incorrect geometry calculations
      
         - Remove a potential system hang in bulkstat
      
         - Try to allocate blocks more aggressively to reduce ENOSPC errors"
      
      * tag 'xfs-4.11-fixes-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
        xfs: try any AG when allocating the first btree block when reflinking
        xfs: use iomap new flag for newly allocated delalloc blocks
        xfs: remove kmem_zalloc_greedy
        xfs: Use xfs_icluster_size_fsb() to calculate inode alignment mask
        xfs: fix and streamline error handling in xfs_end_io
        xfs: only reclaim unwritten COW extents periodically
        iomap: invalidate page caches should be after iomap_dio_complete() in direct write
      9db61d6f
    • L
      Merge tag 'gcc-plugins-v4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux · 794fe789
      Linus Torvalds 提交于
      Pull gcc-plugins fix from Kees Cook:
       "Fixes a typo in sancov plugin, exposed in earlier compiler versions"
      
      * tag 'gcc-plugins-v4.11-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
        gcc-plugins: fix sancov_plugin for gcc-5
      794fe789
    • F
      drm: mxsfb: Implement drm_panel handling · 3f81e134
      Fabio Estevam 提交于
      Currently when the 'power-supply' regulator is passed via device tree
      it does not actually work since drm_panel_prepare()/drm_panel_enable()
      are never called.
      
      Quoting Thierry Reding: "It should really call drm_panel_prepare() and
      drm_panel_enable() while switching on the display pipeline and
      drm_panel_disable(), followed by drm_panel_unprepare() while switching
      off the display pipeline."
      
      So do as suggested, so that the 'power-supply' regulator can be functional.
      Reported-by: NBreno Lima <breno.lima@nxp.com>
      Suggested-by: NThierry Reding <thierry.reding@gmail.com>
      Signed-off-by: NFabio Estevam <fabio.estevam@nxp.com>
      Tested-by: NMarek Vasut <marex@denx.de>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      3f81e134
    • F
      drm: mxsfb_crtc: Fix the framebuffer misplacement · d42986b6
      Fabio Estevam 提交于
      Currently the framebuffer content is displayed with incorrect offsets
      in both the vertical and horizontal directions.
      
      The fbdev version of the driver does not show this problem. Breno Lima
      dumped the eLCDIF controller registers on both the drm and fbdev drivers
      and noticed that the VDCTRL3 register is configured incorrectly in the
      drm driver.
      
      The fbdev driver calculates the vertical and horizontal wait counts
      of the VDCTRL3 register by doing: back porch + sync length.
      
      Looking at the horizontal and vertical timing diagram from
      include/drm/drm_modes.h this value corresponds to:
      
      crtc_[hv]total - crtc_[hv]sync_start
      
      So fix the VDCTRL3 register setting accordingly so that the eLCDIF
      controller can properly show the framebuffer content in the correct
      position.
      Reported-by: NBreno Lima <breno.lima@nxp.com>
      Signed-off-by: NFabio Estevam <fabio.estevam@nxp.com>
      Tested-by: NBreno Lima <breno.lima@nxp.com>
      Tested-by: NMarek Vasut <marex@denx.de>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      d42986b6
    • M
      drm: mxsfb: Fix crash when provided invalid DT bindings · 7ad7a5ac
      Marek Vasut 提交于
      The mxsfb driver will crash if the mxsfb DT node has a subnode,
      but the content of the subnode is not of-graph binding with an
      endpoint linking to panel. The crash was triggered by providing
      old-style panel bindings to the mxsfb driver instead of the new
      of-graph ones.
      
      The problem happens in mxsfb_create_output(), which is invoked
      from mxsfb_load(). The mxsfb_create_output() iterates over all
      mxsfb DT subnode endpoints and tries to bind a panel on each
      endpoint. If there is any problem binding the panel, that is,
      mxsfb->panel == NULL, this function will return an error code,
      otherwise success 0 is returned.
      
      If the subnodes do not specify of-graph binding with an endpoint,
      the iteration over endpoints in mxsfb_create_output() will have
      zero cycles and the function will immediatelly return 0, but the
      mxsfb->panel will remain NULL. This is propagated back into the
      mxsfb_load(), which does not detect any problem and expects that
      the mxsfb->panel is valid, thus calls mxsfb_panel_attach(). But
      since mxsfb->panel == NULL, mxsfb_panel_attach() is called with
      first argument NULL and this crashes the kernel.
      
      This patch fixes the problem by explicitly checking for valid
      mxsfb->panel at the end of the iteration in mxsfb_create_output().
      Signed-off-by: NMarek Vasut <marex@denx.de>
      Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
      Cc: Dave Airlie <airlied@redhat.com>
      Cc: Stefan Agner <stefan@agner.ch>
      Cc: Breno Matheus Lima <brenomatheus@gmail.com>
      Tested-by: NBreno Lima <breno.lima@nxp.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      7ad7a5ac
    • S
      drm: mxsfb: fix pixel clock polarity · 53990e41
      Stefan Agner 提交于
      The DRM subsystem specifies the pixel clock polarity from a
      controllers perspective: DRM_BUS_FLAG_PIXDATA_NEGEDGE means
      the controller drives the data on pixel clocks falling edge.
      That is the controllers DOTCLK_POL=0 (Default is data launched
      at negative edge).
      
      Also change the data enable logic to be high active by default
      and only change if explicitly requested via bus_flags. With
      that defaults are:
      - Data enable: high active
      - Pixel clock polarity: controller drives data on negative edge
      Signed-off-by: NStefan Agner <stefan@agner.ch>
      Acked-by: NMarek Vasut <marex@denx.de>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      53990e41
    • S
      drm: mxsfb: use bus_format to determine LCD bus width · 10f2889b
      Stefan Agner 提交于
      The LCD bus width does not need to align with the pixel format. The
      LCDIF controller automatically converts between pixel formats and
      bus width by padding or dropping LSBs.
      
      The DRM subsystem has the notion of bus_format which allows to
      determine what bus_formats are supported by the display. Choose the
      first available or fallback to 24 bit if none are available.
      Signed-off-by: NStefan Agner <stefan@agner.ch>
      Acked-by: NMarek Vasut <marex@denx.de>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      10f2889b