1. 24 10月, 2013 16 次提交
  2. 22 10月, 2013 1 次提交
    • M
      s390/time: correct use of store clock fast · 8c071b0f
      Martin Schwidefsky 提交于
      The result of the store-clock-fast (STCKF) instruction is a bit fuzzy.
      It can happen that the value stored on one CPU is smaller than the value
      stored on another CPU, although the order of the stores is the other
      way around. This can cause deltas of get_tod_clock() values to become
      negative when they should not be.
      
      We need to be more careful with store-clock-fast, this patch partially
      reverts git commit e4b7b4238e666682555461fa52eecd74652f36bb "time:
      always use stckf instead of stck if available". The get_tod_clock()
      function now uses the store-clock-extended (STCKE) instruction.
      get_tod_clock_fast() can be used if the fuzziness of store-clock-fast
      is acceptable e.g. for wait loops local to a CPU.
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      8c071b0f
  3. 20 10月, 2013 2 次提交
  4. 15 10月, 2013 5 次提交
  5. 14 10月, 2013 3 次提交
    • B
      x86/microcode: Correct Kconfig dependencies · 80030e3d
      Borislav Petkov 提交于
      I have a randconfig here which has enabled only
      
        CONFIG_MICROCODE=y
        CONFIG_MICROCODE_OLD_INTERFACE=y
      
      with both
      
        # CONFIG_MICROCODE_INTEL is not set
        # CONFIG_MICROCODE_AMD is not set
      
      off. Which makes building the microcode functionality a little
      pointless. Don't do that in such cases then.
      Signed-off-by: NBorislav Petkov <bp@suse.de>
      Link: http://lkml.kernel.org/r/1381682189-14470-1-git-send-email-bp@alien8.deSigned-off-by: NIngo Molnar <mingo@kernel.org>
      80030e3d
    • A
      ARM: 7851/1: check for number of arguments in syscall_get/set_arguments() · 3c1532df
      AKASHI Takahiro 提交于
      In ftrace_syscall_enter(),
          syscall_get_arguments(..., 0, n, ...)
              if (i == 0) { <handle ORIG_r0> ...; n--;}
              memcpy(..., n * sizeof(args[0]));
      If 'number of arguments(n)' is zero and 'argument index(i)' is also zero in
      syscall_get_arguments(), none of arguments should be copied by memcpy().
      Otherwise 'n--' can be a big positive number and unexpected amount of data
      will be copied. Tracing system calls which take no argument, say sync(void),
      may hit this case and eventually make the system corrupted.
      This patch fixes the issue both in syscall_get_arguments() and
      syscall_set_arguments().
      
      Cc: <stable@vger.kernel.org>
      Acked-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NAKASHI Takahiro <takahiro.akashi@linaro.org>
      Signed-off-by: NWill Deacon <will.deacon@arm.com>
      Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      3c1532df
    • Y
      ARM: exynos: dts: Update 5250 arch timer node with clock frequency · 4d594dd3
      Yuvaraj Kumar C D 提交于
      Without the "clock-frequency" property in arch timer node, could able
      to see the below crash dump.
      
      [<c0014e28>] (unwind_backtrace+0x0/0xf4) from [<c0011808>] (show_stack+0x10/0x14)
      [<c0011808>] (show_stack+0x10/0x14) from [<c036ac1c>] (dump_stack+0x7c/0xb0)
      [<c036ac1c>] (dump_stack+0x7c/0xb0) from [<c01ab760>] (Ldiv0_64+0x8/0x18)
      [<c01ab760>] (Ldiv0_64+0x8/0x18) from [<c0062f60>] (clockevents_config.part.2+0x1c/0x74)
      [<c0062f60>] (clockevents_config.part.2+0x1c/0x74) from [<c0062fd8>] (clockevents_config_and_register+0x20/0x2c)
      [<c0062fd8>] (clockevents_config_and_register+0x20/0x2c) from [<c02b8e8c>] (arch_timer_setup+0xa8/0x134)
      [<c02b8e8c>] (arch_timer_setup+0xa8/0x134) from [<c04b47b4>] (arch_timer_init+0x1f4/0x24c)
      [<c04b47b4>] (arch_timer_init+0x1f4/0x24c) from [<c04b40d8>] (clocksource_of_init+0x34/0x58)
      [<c04b40d8>] (clocksource_of_init+0x34/0x58) from [<c049ed8c>] (time_init+0x20/0x2c)
      [<c049ed8c>] (time_init+0x20/0x2c) from [<c049b95c>] (start_kernel+0x1e0/0x39c)
      
      THis is because the Exynos u-boot, for example on the Chromebooks, doesn't set
      up the CNTFRQ register as expected by arch_timer. Instead, we have to specify
      the frequency in the device tree like this.
      Signed-off-by: NYuvaraj Kumar C D <yuvaraj.cd@samsung.com>
      [olof: Changed subject, added comment, elaborated on commit message]
      Signed-off-by: NOlof Johansson <olof@lixom.net>
      4d594dd3
  6. 13 10月, 2013 7 次提交
  7. 12 10月, 2013 1 次提交
    • V
      ARC: Ignore ptrace SETREGSET request for synthetic register "stop_pc" · 5b242828
      Vineet Gupta 提交于
      ARCompact TRAP_S insn used for breakpoints, commits before exception is
      taken (updating architectural PC). So ptregs->ret contains next-PC and
      not the breakpoint PC itself. This is different from other restartable
      exceptions such as TLB Miss where ptregs->ret has exact faulting PC.
      gdb needs to know exact-PC hence ARC ptrace GETREGSET provides for
      @stop_pc which returns ptregs->ret vs. EFA depending on the
      situation.
      
      However, writing stop_pc (SETREGSET request), which updates ptregs->ret
      doesn't makes sense stop_pc doesn't always correspond to that reg as
      described above.
      
      This was not an issue so far since user_regs->ret / user_regs->stop_pc
      had same value and both writing to ptregs->ret was OK, needless, but NOT
      broken, hence not observed.
      
      With gdb "jump", they diverge, and user_regs->ret updating ptregs is
      overwritten immediately with stop_pc, which this patch fixes.
      Reported-by: NAnton Kolesov <akolesov@synopsys.com>
      Signed-off-by: NVineet Gupta <vgupta@synopsys.com>
      5b242828
  8. 11 10月, 2013 1 次提交
  9. 10 10月, 2013 4 次提交
    • F
      xen: Fix possible user space selector corruption · 7cde9b27
      Frediano Ziglio 提交于
      Due to the way kernel is initialized under Xen is possible that the
      ring1 selector used by the kernel for the boot cpu end up to be copied
      to userspace leading to segmentation fault in the userspace.
      
      Xen code in the kernel initialize no-boot cpus with correct selectors (ds
      and es set to __USER_DS) but the boot one keep the ring1 (passed by Xen).
      On task context switch (switch_to) we assume that ds, es and cs already
      point to __USER_DS and __KERNEL_CSso these selector are not changed.
      
      If processor is an Intel that support sysenter instruction sysenter/sysexit
      is used so ds and es are not restored switching back from kernel to
      userspace. In the case the selectors point to a ring1 instead of __USER_DS
      the userspace code will crash on first memory access attempt (to be
      precise Xen on the emulated iret used to do sysexit will detect and set ds
      and es to zero which lead to GPF anyway).
      
      Now if an userspace process call kernel using sysenter and get rescheduled
      (for me it happen on a specific init calling wait4) could happen that the
      ring1 selector is set to ds and es.
      
      This is quite hard to detect cause after a while these selectors are fixed
      (__USER_DS seems sticky).
      
      Bisecting the code commit 7076aada appears
      to be the first one that have this issue.
      Signed-off-by: NFrediano Ziglio <frediano.ziglio@citrix.com>
      Signed-off-by: NStefano Stabellini <stefano.stabellini@eu.citrix.com>
      Reviewed-by: NAndrew Cooper <andrew.cooper3@citrix.com>
      7cde9b27
    • B
      kvm: ppc: booke: check range page invalidation progress on page setup · 40fde70d
      Bharat Bhushan 提交于
      When the MM code is invalidating a range of pages, it calls the KVM
      kvm_mmu_notifier_invalidate_range_start() notifier function, which calls
      kvm_unmap_hva_range(), which arranges to flush all the TLBs for guest pages.
      However, the Linux PTEs for the range being flushed are still valid at
      that point.  We are not supposed to establish any new references to pages
      in the range until the ...range_end() notifier gets called.
      The PPC-specific KVM code doesn't get any explicit notification of that;
      instead, we are supposed to use mmu_notifier_retry() to test whether we
      are or have been inside a range flush notifier pair while we have been
      referencing a page.
      
      This patch calls the mmu_notifier_retry() while mapping the guest
      page to ensure we are not referencing a page when in range invalidation.
      
      This call is inside a region locked with kvm->mmu_lock, which is the
      same lock that is called by the KVM MMU notifier functions, thus
      ensuring that no new notification can proceed while we are in the
      locked region.
      Signed-off-by: NBharat Bhushan <bharat.bhushan@freescale.com>
      Acked-by: NAlexander Graf <agraf@suse.de>
      [Backported to 3.12 - Paolo]
      Reviewed-by: NBharat Bhushan <bharat.bhushan@freescale.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      40fde70d
    • P
      KVM: PPC: Book3S HV: Fix typo in saving DSCR · cfc86025
      Paul Mackerras 提交于
      This fixes a typo in the code that saves the guest DSCR (Data Stream
      Control Register) into the kvm_vcpu_arch struct on guest exit.  The
      effect of the typo was that the DSCR value was saved in the wrong place,
      so changes to the DSCR by the guest didn't persist across guest exit
      and entry, and some host kernel memory got corrupted.
      
      Cc: stable@vger.kernel.org [v3.1+]
      Signed-off-by: NPaul Mackerras <paulus@samba.org>
      Acked-by: NAlexander Graf <agraf@suse.de>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      cfc86025
    • G
      KVM: nVMX: fix shadow on EPT · d0d538b9
      Gleb Natapov 提交于
      72f85795 broke shadow on EPT. This patch reverts it and fixes PAE
      on nEPT (which reverted commit fixed) in other way.
      
      Shadow on EPT is now broken because while L1 builds shadow page table
      for L2 (which is PAE while L2 is in real mode) it never loads L2's
      GUEST_PDPTR[0-3].  They do not need to be loaded because without nested
      virtualization HW does this during guest entry if EPT is disabled,
      but in our case L0 emulates L2's vmentry while EPT is enables, so we
      cannot rely on vmcs12->guest_pdptr[0-3] to contain up-to-date values
      and need to re-read PDPTEs from L2 memory. This is what kvm_set_cr3()
      is doing, but by clearing cache bits during L2 vmentry we drop values
      that kvm_set_cr3() read from memory.
      
      So why the same code does not work for PAE on nEPT? kvm_set_cr3()
      reads pdptes into vcpu->arch.walk_mmu->pdptrs[]. walk_mmu points to
      vcpu->arch.nested_mmu while nested guest is running, but ept_load_pdptrs()
      uses vcpu->arch.mmu which contain incorrect values. Fix that by using
      walk_mmu in ept_(load|save)_pdptrs.
      Signed-off-by: NGleb Natapov <gleb@redhat.com>
      Reviewed-by: NPaolo Bonzini <pbonzini@redhat.com>
      Tested-by: NPaolo Bonzini <pbonzini@redhat.com>
      Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com>
      d0d538b9