This is two bug fixes: one fixes a loophole where rt_sigprocmask() with the
wrong values panics the box (Denial of Service) and the other fixes an
aliasing problem with get_shared_area() which could cause data corruption.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAABAgAGBQJQrfisAAoJEDeqqVYsXL0MabcIALeL/hMtLSdwo01AG47Z6v6u
jNuQIE6v3mvsaoJ5zxhM570/SZc+waDojfNpax+RjJc4vppDHq40xhI19RHczCvo
AIASYIZynMHF1kqXsFpWfDtOGUzRtFjn8g60rfX593ghtpuliTXm+WgYCl43SyYm
Ee1rLAFrEiXKAHyTO+QXi/EiTHPDGxw84fZdypIC7Bxi0JZg7SX5g/KXwGC2JT7M
fRW2SmrfgFOLMvmYYbyk4BWvZ4dneikcUhOJGiLcpSy++MJF6ccjbfiCD4i6gD9e
cM57jLnHnV2U+qp4e2Rcosi9AQwfSYRkr7j37/OT0KoCLmSRZbwqpF1RMjMKyGM=
=ckHH
-----END PGP SIGNATURE-----
Merge tag 'parisc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/parisc-2.6
Pull PARISC fixes from James Bottomley:
"This is two bug fixes: one fixes a loophole where rt_sigprocmask()
with the wrong values panics the box (Denial of Service) and the other
fixes an aliasing problem with get_shared_area() which could cause
data corruption.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>"
* tag 'parisc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/parisc-2.6:
[PARISC] fix user-triggerable panic on parisc
[PARISC] fix virtual aliasing issue in get_shared_area()
int sys32_rt_sigprocmask(int how, compat_sigset_t __user *set, compat_sigset_t __user *oset,
unsigned int sigsetsize)
{
sigset_t old_set, new_set;
int ret;
if (set && get_sigset32(set, &new_set, sigsetsize))
...
static int
get_sigset32(compat_sigset_t __user *up, sigset_t *set, size_t sz)
{
compat_sigset_t s;
int r;
if (sz != sizeof *set) panic("put_sigset32()");
In other words, rt_sigprocmask(69, (void *)69, 69) done by 32bit process
will promptly panic the box.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Pull missed powerpc fixes from Benjamin Herrenschmidt:
"Here are small 52xx fixes that Anatolij asked me to pull a while back
and that I completely missed. The stuff is local to that platform
code, and was in next for a while, so it should still go into 3.7."
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/mpc5200: move lpbfifo node and fix its interrupt property
powerpc: 52xx: nop out unsupported critical IRQs
powerpc/pcm030: add pcm030-audio-fabric to dts
Anatolij 52xx updates:
Patch for pcm030 device tree fixing the probe() in pcm030-audio-fabric
driver. Changes to this driver have been merged in 3.7-rc1 via ASoC
tree, but this required device tree patch was submitted separately to
the linux-ppc list and is still missing in mainline. Without this patch
the probe() in pcm030-audio-fabric driver wrongly returns -ENODEV.
A patch from Wolfram fixing wrong invalid critical irq warnings for
all mpc5200 boards.
Another patch for all mpc5200 device trees fixing wrong L1 cell in
the LPB FIFO interrupt property and moving the LPB FIFO node to the
common mpc5200b.dtsi file so that this common node will be present
in all mpc5200 device trees.
Pull misc VFS fixes from Al Viro:
"Remove a bogus BUG_ON() that can trigger spuriously + alpha bits of
do_mount() constification I'd missed during the merge window."
This pull request came in a week ago, I missed it for some reason.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
kill bogus BUG_ON() in do_close_on_exec()
missing const in alpha callers of do_mount()
The sigaddset/sigdelset/sigismember functions that are implemented with
bitfield insn cannot allow the sigset argument to be placed in a data
register since the sigset is wider than 32 bits. Remove the "d"
constraint from the asm statements.
The effect of the bug is that sending RT signals does not work, the signal
number is truncated modulo 32.
Signed-off-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: stable@vger.kernel.org
Pull KVM fix from Marcelo Tosatti:
"A correction for oops on module init with older Intel hosts."
* git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86: Fix invalid secondary exec controls in vmx_cpuid_update()
Merge misc fixes from Andrew Morton.
* emailed patches from Andrew Morton <akpm@linux-foundation.org>: (12 patches)
revert "mm: fix-up zone present pages"
tmpfs: change final i_blocks BUG to WARNING
tmpfs: fix shmem_getpage_gfp() VM_BUG_ON
mm: highmem: don't treat PKMAP_ADDR(LAST_PKMAP) as a highmem address
mm: revert "mm: vmscan: scale number of pages reclaimed by reclaim/compaction based on failures"
rapidio: fix kernel-doc warnings
swapfile: fix name leak in swapoff
memcg: fix hotplugged memory zone oops
mips, arc: fix build failure
memcg: oom: fix totalpages calculation for memory.swappiness==0
mm: fix build warning for uninitialized value
mm: add anon_vma_lock to validate_mm()
Revert commit 7f1290f2f2 ("mm: fix-up zone present pages")
That patch tried to fix a issue when calculating zone->present_pages,
but it caused a regression on 32bit systems with HIGHMEM. With that
change, reset_zone_present_pages() resets all zone->present_pages to
zero, and fixup_zone_present_pages() is called to recalculate
zone->present_pages when the boot allocator frees core memory pages into
buddy allocator. Because highmem pages are not freed by bootmem
allocator, all highmem zones' present_pages becomes zero.
Various options for improving the situation are being discussed but for
now, let's return to the 3.6 code.
Cc: Jianguo Wu <wujianguo@huawei.com>
Cc: Jiang Liu <jiang.liu@huawei.com>
Cc: Petr Tesarik <ptesarik@suse.cz>
Cc: "Luck, Tony" <tony.luck@intel.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Minchan Kim <minchan.kim@gmail.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: David Rientjes <rientjes@google.com>
Tested-by: Chris Clayton <chris2553@googlemail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Using a cross-compiler to fix another issue, the following build error
occurred for mips defconfig:
arch/mips/fw/arc/misc.c: In function 'ArcHalt':
arch/mips/fw/arc/misc.c:25:2: error: implicit declaration of function 'local_irq_disable'
Fix it up by including irqflags.h.
Signed-off-by: David Rientjes <rientjes@google.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
We've been sitting on this longer than we meant to due to travel and
other activities, but the number of patches is luckily not that high.
Biggest changes are from a batch of OMAP bugfixes, but there are a
few for the broader set of SoCs too (bcm2835, pxa, highbank, tegra,
at91 and i.MX).
The OMAP patches contain some fixes for MUSB/PHY on omap4 which
ends up being a bit on the large side but needed for legacy (non-DT)
platforms. Beyond that there are a handful of hwmod/pm changes.
So, fairly noncontroversial stuff all in all, and as usual around this
time the fixes are well targeted at specific problems.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJQpmQOAAoJEIwa5zzehBx37+YP/jzcKS1pU5Wf73GYIUcCPqO0
iRwLziexucUkWXnqIIPLedUJ8Dze/8q1tSTnQ7/JSXy9SYtJf651aj5OAo8w/cXO
d58+y1S+VTsFHbppKfQHbGpYq2n2f4PPvrL24ftp40OmomVl/ktqOB4fDN1/YuAw
lfTeo0v8MNfyVni5ij21rCNS17IC0Tl4Mfth8zIILWe6qdqajpla7CoO7ppmUM08
OAPi6NJL/l8vqfqNtGuk2x9cOca0jY1rdib/rfrL1LxrtLT//NP0d6h+wKaSxLWm
Qvr9nAsnmZNV0pFnYjVxfSMwM6Gf2SBh0QG3lF0akwfe3bEXqfnG5muAtWEhpTlt
MVx54UgKSWVBgfBH8/SsDkJ3UydxNO5XjHz9YOix1Sj390J2zpP3E24Y0vmYYaNn
c2seHeH4SckMZ1mddZgy1NT8y7/zaXQ2OSRLyVigJ9wjKmduuOW013BpKUlHFI9E
Uzh1GLpWe2Cwl3wKWlHRlhgp0NzpWEHhrPW254rOfai8P9xeFMMQH8eqUlSWZbDN
GAzqUWZ4/F6NxPV1GPrVCZjrA9IYKKtZ5GkPwC1FibC9Kfyb0rp9kr7KM4mzWUY3
7MxpFatMS4rdbJk5lXCQ1+EIIWF6xdNbURCyMAnoiaowMzdv+LkfBIW+17fDPDgI
WAu7+QCKTQd+i/bvMsKh
=aKWl
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"We've been sitting on this longer than we meant to due to travel and
other activities, but the number of patches is luckily not that high.
Biggest changes are from a batch of OMAP bugfixes, but there are a few
for the broader set of SoCs too (bcm2835, pxa, highbank, tegra, at91
and i.MX).
The OMAP patches contain some fixes for MUSB/PHY on omap4 which ends
up being a bit on the large side but needed for legacy (non-DT)
platforms. Beyond that there are a handful of hwmod/pm changes.
So, fairly noncontroversial stuff all in all, and as usual around this
time the fixes are well targeted at specific problems."
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: imx: ehci: fix host power mask bit
ARM i.MX: fix error-valued pointer dereference in clk_register_gate2()
ARM: at91/usbh: fix overcurrent gpio setup
ARM: at91/AT91SAM9G45: fix crypto peripherals irq issue due to sparse irq support
ARM: boot: Fix usage of kecho
ARM: OMAP: ocp2scp: create omap device for ocp2scp
ARM: OMAP4: add _dev_attr_ to ocp2scp for representing usb_phy
drivers: bus: ocp2scp: add pdata support
irqchip: irq-bcm2835: Add terminating entry for of_device_id table
ARM: highbank: retry wfi on reset request
ARM: OMAP4: PM: fix regulator name for VDD_MPU
ARM: OMAP4: hwmod data: do not enable or reset the McPDM during kernel init
ARM: OMAP2+: hwmod: add flag to prevent hwmod code from touching IP block during init
ARM: dt: tegra: fix length of pad control and mux registers
ARM: OMAP: hwmod: wait for sysreset complete after enabling hwmod
ARM: OMAP2+: clockdomain: Fix OMAP4 ISS clk domain to support only SWSUP
ARM: pxa/spitz_pm: Fix hang when resuming from STR
ARM: pxa: hx4700: Fix backlight PWM device number
ARM: OMAP2+: PM: add missing newline to VC warning message
accesses the interrupt controller memory causing random IRQ acknowledge.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAABAgAGBQJQpmOeAAoJEGvWsS0AyF7xciUP/3Z9mQ7KYzD4zwg04HKjZTjL
UmtZctjhtGCDh06gTMM31ZnzlEWZLAstnLtZn07SJmrNfEUbivWbWPsea2vHJV4h
T6x2TZoRjHgjTKM1gOSGCbXq3Ryz4+4j30PCGybfRSUImwBGSGfG6UfEtRNFOd3E
UjPca+ePCLMB1/Y7KHU+XICWKFVajwy3VtqmRkX+xvrfzgUCFElSNPazCPKch0Ql
bIWG0rYBL7Na0Z/uhPElCE0OgZrg/JDnTJbKGFbO9V3SMos5is0ipQq3u11eTtiV
kXvS0RKbBWLf23QSkOjI/ja5fwn/C9uTxb8GWVPEf4jLPC/agvv01v+noaTFOh79
jx/MuWaeGYNXQrwyTqD47pNjDDIpJBT6iaSDJWBysfcoSZHcy1BRBG/J+HkiWRAP
v8nBgHg4AEDwrCJzyFsh5J2mNUDBnZ4AyUzcM/VbaBFIC788dgbm4Fy+jsilj72B
6jkfm5oLVDNZa4Xz97od8PqlBZPq7tfSh8diUCJ9z8Ses3i94fFzE09YRrLV4JbQ
GRZPt0e92O1hF3DaD+u18XrrzPVAjPNuaUT+yQ1a3Ov780mnijx02BNfinVAw3uU
Ia4R+u8Pbu69kiGQxHQMqvh0/2/N/HfShrRdP5WrkfPq6+do+tflCjD7oqDnnuK3
jyji0z0PFm13kNeqXSDA
=Ak+r
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64
Pull arm64 bugfix from Catalin Marinas:
"Arm64 page permission bug fix.
Without this fix, the CPU speculatively accesses the interrupt
controller memory causing random IRQ acknowledge."
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
arm64: Distinguish between user and kernel XN bits
On AArch64, the meaning of the XN bit has changed to UXN (user). The PXN
(privileged) bit must be set to prevent kernel execution. Without the
PXN bit set, the CPU may speculatively access device memory. This patch
ensures that all the mappings that the kernel must not execute from
(including user mappings) have the PXN bit set.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
another one fixing the check of a GPIO for USB host overcurrent.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAABAgAGBQJQphQoAAoJEAf03oE53VmQDs0H/1SCQfdQY8iLNs+3WGYhGngG
vMID1KWKmX6URrppi2gklr8weUoqYIVIA8I7+hLvr33tGrmSPRDrGV6vI5m0wAiJ
nkDNAkcGJ6dh/hhotakjqqKLkNtD1xDdErHMOO77fAK811gQj1sVp+8S+UwDQUf7
O1bbMpMar2/3c6cLb27GE7M4FrLwjmCnQxyQWyBrckPhPMzYNw3MbcW3CINXSYBY
q/FtFX7nsl2cfPsz8M2KCB43SKZT/bizkPnnjA5QQDhUPlsyTQWdS2z1RAwP2SZn
3WXoL4t4bNo1Ynusz416pB3djHqJwhxxWYxdMD91nIUXmmXkvIg+fWsdaNmaBI0=
=wlxI
-----END PGP SIGNATURE-----
Merge tag 'at91-fixes' of git://github.com/at91linux/linux-at91 into fixes
From Nicolas Ferre <nicolas.ferre@atmel.com>:
Two little fixes, one related to the move to sparse irq and
another one fixing the check of a GPIO for USB host overcurrent.
* tag 'at91-fixes' of git://github.com/at91linux/linux-at91:
ARM: at91/usbh: fix overcurrent gpio setup
ARM: at91/AT91SAM9G45: fix crypto peripherals irq issue due to sparse irq support
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Pull s390 patches from Martin Schwidefsky:
"Some more bug fixes and a config change.
The signal bug is nasty, if the clock_gettime vdso function is
interrupted by a signal while in access-register-mode we end up with
an endless signal loop until the signal stack is full. The config
change is for aligned struct pages, gives us 8% improvement with
hackbench."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/3215: fix tty close handling
s390/mm: have 16 byte aligned struct pages
s390/gup: fix access_ok() usage in __get_user_pages_fast()
s390/gup: add missing TASK_SIZE check to get_user_pages_fast()
s390/topology: fix core id vs physical package id mix-up
s390/signal: set correct address space control
This patch sets HPM (Host power mask bit) to bit 16 according to i.MX
Reference Manual. Falsely it was set to bit 8, but this controls pull-up
Impedance.
Reported-by: Michael Burkey <mdburkey@gmail.com>
Cc: Stable <stable@vger.kernel.org>
Signed-off-by: Christoph Fritz <chf.fritz@googlemail.com>
Acked-by: Eric Bénard <eric@eukrea.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
The error-valued pointer clk is used for the arg of kfree, it should be
kfree(gate) if clk_register() return ERR_PTR().
dpatch engine is used to auto generate this patch.
(https://github.com/weiyj/dpatch)
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Use gpio_is_valid also for overcurrent pins (which are currently
negative in many board files).
Signed-off-by: Johan Hovold <jhovold@gmail.com>
Acked-by: Jean-Christophe PLAGNIOL-VILLARD <plagnioj@jcrosoft.com>
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Spare irq support introduced by commit 8fe82a5 (ARM: at91: sparse irq support)
involves to add the NR_IRQS_LEGACY offset to irq number.
Signed-off-by: Nicolas Royer <nicolas@eukrea.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Eric Bénard <eric@eukrea.com>
Tested-by: Eric Bénard <eric@eukrea.com>
Cc: stable@vger.kernel.org # 3.6
On Thu, 2012-11-01 at 16:45 -0700, Michel Lespinasse wrote:
> Looking at the arch/parisc/kernel/sys_parisc.c implementation of
> get_shared_area(), I do have a concern though. The function basically
> ignores the pgoff argument, so that if one creates a shared mapping of
> pages 0-N of a file, and then a separate shared mapping of pages 1-N
> of that same file, both will have the same cache offset for their
> starting address.
>
> This looks like this would create obvious aliasing issues. Am I
> misreading this ? I can't understand how this could work good enough
> to be undetected, so there must be something I'm missing here ???
This turns out to be correct and we need to pay attention to the pgoff as
well as the address when creating the virtual address for the area.
Fortunately, the bug is rarely triggered as most applications which use pgoff
tend to use large values (git being the primary one, and it uses pgoff in
multiples of 16MB) which are larger than our cache coherency modulus, so the
problem isn't often seen in practise.
Reported-by: Michel Lespinasse <walken@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Pull MIPS update from Ralf Baechle:
"To avoid unnecessary risk and work the preemption fixes are combined
with some preparatory work that isn't strictly required. So it's
really just 3 fixes:
- Get is_compat_task() to do the right thing while simplifying it.
The unnecessary complexity hid a rarely striking bug which could be
triggered by ext3/ext4 under certain circumstances.
- Resolve a preemption issue in the irqflags.h functions for kernels
built to support pre-MIPS32 / pre-MIPS64 Release 2 processors.
- Fix the interrupt number of the MIPS Malta's CBUS UART."
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: Malta: Fix interupt number of CBUS UART.
MIPS: Make irqflags.h functions preempt-safe for non-mipsr2 cpus
MIPS: Remove irqflags.h dependency from bitops.h
MIPS: bitops.h: Change use of 'unsigned short' to 'int'
MIPS: compat: Delete now unused TIF_32BIT.
MIPS: compat: Implement is_compat_task() by testing for 32-bit address space.
MIPS: compat: Fix use of TIF_32BIT_ADDR vs _TIF_32BIT_ADDR
The CBUS UART's interrupt number was wrong conflicting with the interrupt
being tied to the Intel PIIX4. Since the PIIX4's interrupt is registered
before the CBUS UART which is not being used on most systems this would
not be noticed.
Attempts to open the ttyS2 CBUS UART would result in:
genirq: Flags mismatch irq 18. 00000000 (serial) vs. 00010000 (XT-PIC cascade)
serial_link_irq_chain: request failed: -16 for irq: 18
Qemu was written to match the kernel so will need to be fixed also.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Select HAVE_ALIGNED_STRUCT_PAGE on s390, so that the slub allocator can make
use of compare and swap double for lockless updates. This increases the size
of struct page to 64 bytes (instead of 56 bytes), however the performance gain
justifies the increased size:
- now excactly four struct pages fit into a single cache line; the
case that accessing a struct page causes two cache line loads
does not exist anymore.
- calculating the offset of a struct page within the memmap array
is only a simple shift instead of a more expensive multiplication.
A "hackbench 200 process 200" run on a 32 cpu system did show an 8% runtime
improvement.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
access_ok() returns always "true" on s390. Therefore all access_ok()
invocations are rather pointless.
However when walking page tables we need to make sure that everything
is within bounds of the ASCE limit of the task's address space.
So remove the access_ok() call and add the same check we have in
get_user_pages_fast().
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
When walking page tables we need to make sure that everything
is within bounds of the ASCE limit of the task's address space.
Otherwise we might calculate e.g. a pud pointer which is not
within a pud and dereference it.
So check against TASK_SIZE (which is the ASCE limit) before
walking page tables.
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Pull KVM fix from Marcelo Tosatti:
"A correction for user triggerable oops"
* git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: x86: invalid opcode oops on SET_SREGS with OSXSAVE bit set (CVE-2012-4461)
On hosts without the XSAVE support unprivileged local user can trigger
oops similar to the one below by setting X86_CR4_OSXSAVE bit in guest
cr4 register using KVM_SET_SREGS ioctl and later issuing KVM_RUN
ioctl.
invalid opcode: 0000 [#2] SMP
Modules linked in: tun ip6table_filter ip6_tables ebtable_nat ebtables
...
Pid: 24935, comm: zoog_kvm_monito Tainted: G D 3.2.0-3-686-pae
EIP: 0060:[<f8b9550c>] EFLAGS: 00210246 CPU: 0
EIP is at kvm_arch_vcpu_ioctl_run+0x92a/0xd13 [kvm]
EAX: 00000001 EBX: 000f387e ECX: 00000000 EDX: 00000000
ESI: 00000000 EDI: 00000000 EBP: ef5a0060 ESP: d7c63e70
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
Process zoog_kvm_monito (pid: 24935, ti=d7c62000 task=ed84a0c0
task.ti=d7c62000)
Stack:
00000001 f70a1200 f8b940a9 ef5a0060 00000000 00200202 f8769009 00000000
ef5a0060 000f387e eda5c020 8722f9c8 00015bae 00000000 ed84a0c0 ed84a0c0
c12bf02d 0000ae80 ef7f8740 fffffffb f359b740 ef5a0060 f8b85dc1 0000ae80
Call Trace:
[<f8b940a9>] ? kvm_arch_vcpu_ioctl_set_sregs+0x2fe/0x308 [kvm]
...
[<c12bfb44>] ? syscall_call+0x7/0xb
Code: 89 e8 e8 14 ee ff ff ba 00 00 04 00 89 e8 e8 98 48 ff ff 85 c0 74
1e 83 7d 48 00 75 18 8b 85 08 07 00 00 31 c9 8b 95 0c 07 00 00 <0f> 01
d1 c7 45 48 01 00 00 00 c7 45 1c 01 00 00 00 0f ae f0 89
EIP: [<f8b9550c>] kvm_arch_vcpu_ioctl_run+0x92a/0xd13 [kvm] SS:ESP
0068:d7c63e70
QEMU first retrieves the supported features via KVM_GET_SUPPORTED_CPUID
and then sets them later. So guest's X86_FEATURE_XSAVE should be masked
out on hosts without X86_FEATURE_XSAVE, making kvm_set_cr4 with
X86_CR4_OSXSAVE fail. Userspaces that allow specifying guest cpuid with
X86_FEATURE_XSAVE even on hosts that do not support it, might be
susceptible to this attack from inside the guest as well.
Allow setting X86_CR4_OSXSAVE bit only if host has XSAVE support.
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Since commit edc88ceb0 (ARM: be really quiet when building with 'make -s') the
following output is generated when building a kernel for ARM:
echo ' Kernel: arch/arm/boot/Image is ready'
Kernel: arch/arm/boot/Image is ready
Building modules, stage 2.
echo ' Kernel: arch/arm/boot/zImage is ready'
Kernel: arch/arm/boot/zImage is ready
As per Documentation/kbuild/makefiles.txt the correct way of using kecho is
'@$(kecho)'.
Make this change so no more unwanted 'echo' messages are displayed.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Kevin Hilman and Paul Walmsley.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJQmXAHAAoJEBvUPslcq6Vz3GUP/RRDpRcsJUh0wQMA+MYDdPJf
dVcYYczUPn7LCZEXsWVHiwOA0BxR+TQ1N7trUyGkj1cgGo3ImUatDHT9Czy1zZQs
8fpb+2kkNoxhEeWkxYT6LZZ+RuwGfo6mruJSCX1ZCf8oblW8QqduNLjCJGViEc/J
WFuuFb+ucSvqJWsD5L3Bma4/rkYhAx20MjoLWEh69WUUdVip1/YTZCT9ui7wRFin
afvq2USSEacQBaPbY+rMOOJU13YK9pNLU5+kgiRyoQ63BIoI4Wl1smDa0NoyYoFO
S8cIekRtXZQTUCp+r4IDz5ZTJ24Lu7ywMaawrQlHuKShxLaPTHJZAKSxcCg0pEdc
gDj1FJ65PczSMryos6WR6M0kqInfJK8SGlGVUe9y3wV5kFKOrc/G3e1Vi8/xbBFn
J9dkriQJ5Xf0w4VpfY4yy1TAQAWnHPunucFUMLKUXWwAnk4eSxRgz/zZBvj7xbey
6oNre4W/fHXnF8YE1wLIsrqQJq9pOIQc9jz22/knjF0jjhQU1alFyJ6MhyINIH0o
gJv1rO+VWfhsG/ECYd01E7ChG+9bATWjJpPHHB6brC24VLNgcDUlrJurvuGhNU8d
5P+/6OKenBj+hHWuiWIpFY+jIkG9NRcq2QIPEkFVIvfDHZ34H5FTB89d1Kw3hLSX
/0h4NvAA4aK8oJuItOhI
=pyxl
-----END PGP SIGNATURE-----
Merge tag 'omap-for-v3.7-rc4/fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
From Tony Lindgren <tony@atomide.com>:
Minor OMAP PM and hwmod fixes for v3.7-rc series via
Kevin Hilman and Paul Walmsley.
* tag 'omap-for-v3.7-rc4/fixes-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: OMAP4: PM: fix regulator name for VDD_MPU
ARM: OMAP4: hwmod data: do not enable or reset the McPDM during kernel init
ARM: OMAP2+: hwmod: add flag to prevent hwmod code from touching IP block during init
ARM: OMAP: hwmod: wait for sysreset complete after enabling hwmod
ARM: OMAP2+: clockdomain: Fix OMAP4 ISS clk domain to support only SWSUP
ARM: OMAP2+: PM: add missing newline to VC warning message
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
on omap4 again. Although it's getting rather late for these
changes for the -rc cycle, it is important as many devices
are using MUSB for charging and connectivity.
With the USB PHY changes, MUSB started using the newly added
drivers/usb/phy/omap-usb2.c driver introduced by commit
657b306a (usb: phy: add a new driver for omap usb2 phy)
that is using the newly introduced drivers/bus/omap-ocp2scp.c
introduced by commit 26a84b3e (drivers: bus: add a new driver
for omap-ocp2scp).
These changes allowed dropping a lot of PHY related code from
arch/arm/mach-omap2/omap_phy_internal.c and have it live in
the device driver like it should with commit c9e4412a (arm: omap:
phy: remove unused functions from omap-phy-internal.c).
However, MUSB on omap4 broke with these changes for legacy
platform data boot, and now only works with device tree for
omap4. Unfortunately we are still few critical bindings away
from being able to make omap4 usbale with device tree.
Fix the regression properly by adding platform data support
to the ocp2scp driver so we can avoid adding back the driver
code to arch/arm/mach-omap2.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJQmqakAAoJEBvUPslcq6VzBjcQANthvtvNsUrR3X3lB5GRwtIJ
uGcOVqdrI9Y6seHQMqCiwa9JNlBHu+ABLYV4UGSNtHLAlaI+pilaqby7cUndFmBo
O7FMPAK6EmrUqXewkQh3W3yx/JEy4zu7Kup5rK8p9kPBmqblrjdtfmlrIKjBBhbA
4ZBQC82GSDg/UtLcVxjXgb2aJnLim5L2WU1drCSHgclyBWueg8ijFsTl9l7R9Zwh
x6FV6DYHZyxFzvuXlB+83iZ1sJ6qpkD92hPe+Lj3jyxpW6+b6Mx5d/268743+Nde
xzCxQ09JGYN+h/N+QX6SRhurHjlXGFwmAhYofdO+r7OdLrT12VHiOptRKh0N9DfX
s1Mtk+X6f5iwKo8O//5DXkZPDLW8fI1GNs6QNsw71yM1mDP7tCamYUsSpLLJLcYo
bB/O77HdQDWAWBOwbu+GY4eICTgh/Chj3LYe0Aic8F1jm8kzQm5CJMgxyAeMUrHX
2O0yGUUIIqWkNdn/iluVHVs0nHwjfDZsRN4cAdMbjkqF4cJRkH2lIjrSSYlJxYmL
cymFrkR0Evj2fmGXhEcX8pGgymlSp1Aj1tnaQ6I06XEjrlbtRpAsibniSx4OCcB2
3sMZOpvmUYD/FecaZRatoOLQC6aNMY8ape0ghLFAklz1By7c2ytzGRQsoDqMoXql
hl44QO9QKIYBYb2pPcDj
=bbq5
-----END PGP SIGNATURE-----
Merge tag 'omap-for-v3.7-rc4/musb-regression-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
From Tony Lindgren <tony@atomide.com>:
This series fixes an annoying regression to make MUSB working
on omap4 again. Although it's getting rather late for these
changes for the -rc cycle, it is important as many devices
are using MUSB for charging and connectivity.
With the USB PHY changes, MUSB started using the newly added
drivers/usb/phy/omap-usb2.c driver introduced by commit
657b306a (usb: phy: add a new driver for omap usb2 phy)
that is using the newly introduced drivers/bus/omap-ocp2scp.c
introduced by commit 26a84b3e (drivers: bus: add a new driver
for omap-ocp2scp).
These changes allowed dropping a lot of PHY related code from
arch/arm/mach-omap2/omap_phy_internal.c and have it live in
the device driver like it should with commit c9e4412a (arm: omap:
phy: remove unused functions from omap-phy-internal.c).
However, MUSB on omap4 broke with these changes for legacy
platform data boot, and now only works with device tree for
omap4. Unfortunately we are still few critical bindings away
from being able to make omap4 usbale with device tree.
Fix the regression properly by adding platform data support
to the ocp2scp driver so we can avoid adding back the driver
code to arch/arm/mach-omap2.
* tag 'omap-for-v3.7-rc4/musb-regression-signed' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: OMAP: ocp2scp: create omap device for ocp2scp
ARM: OMAP4: add _dev_attr_ to ocp2scp for representing usb_phy
drivers: bus: ocp2scp: add pdata support
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
The current topology code confuses core id vs physical package id.
In other words /sys/devices/system/cpu/cpuX/topology/core_id
displays the physical_package_id (aka socket id) instead of the
core id.
The physical_package_id sysfs attribute always displays "-1"
instead of the socket id.
Fix this mix-up with a small patch which defines and initializes
topology_physical_package_id correctly and fixes the broken
core id handling.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
If user space is running in primary mode it can switch to secondary
or access register mode, this is used e.g. in the clock_gettime code
of the vdso. If a signal is delivered to the user space process while
it has been running in access register mode the signal handler is
executed in access register mode as well which will result in a crash
most of the time.
Set the address space control bits in the PSW to the default for the
execution of the signal handler and make sure that the previous
address space control is restored on signal return. Take care
that user space can not switch to the kernel address space by
modifying the registers in the signal frame.
Cc: stable@vger.kernel.org
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Pull sparc fixes from David Miller:
"Several build/bug fixes for sparc, including:
1) Configuring a mix of static vs. modular sparc64 crypto modules
didn't work, remove an ill-conceived attempt to only have to build
the device match table for these drivers once to fix the problem.
Reported by Meelis Roos.
2) Make the montgomery multiple/square and mpmul instructions actually
usable in 32-bit tasks. Essentially this involves providing 32-bit
userspace with a way to use a 64-bit stack when it needs to.
3) Our sparc64 atomic backoffs don't yield cpu strands properly on
Niagara chips. Use pause instruction when available to achieve
this, otherwise use a benign instruction we know blocks the strand
for some time.
4) Wire up kcmp
5) Fix the build of various drivers by removing the unnecessary
blocking of OF_GPIO when SPARC.
6) Fix unintended regression wherein of_address_to_resource stopped
being provided. Fix from Andreas Larsson.
7) Fix NULL dereference in leon_handle_ext_irq(), also from Andreas
Larsson."
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc64: Fix build with mix of modular vs. non-modular crypto drivers.
sparc: Support atomic64_dec_if_positive properly.
of/address: sparc: Declare of_address_to_resource() as an extern function for sparc again
sparc32, leon: Check for existent irq_map entry in leon_handle_ext_irq
sparc: Add sparc support for platform_get_irq()
sparc: Allow OF_GPIO on sparc.
qlogicpti: Fix build warning.
sparc: Wire up sys_kcmp.
sparc64: Improvde documentation and readability of atomic backoff code.
sparc64: Use pause instruction when available.
sparc64: Fix cpu strand yielding.
sparc64: Make montmul/montsqr/mpmul usable in 32-bit threads.
- correct argument type (pgprot_t) when calling __ioremap()
- PCI_IOBASE virtual address change
- use architected event for CPU cycle counter
- fix ELF core dumping
- select CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION
- missing completion for secondary CPU boot
- booting on systems with all memory beyond 4GB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAABAgAGBQJQnTIQAAoJEGvWsS0AyF7xZEgP+wf6dEFzL+bt3sccyzjB0THu
ir5y99EHN2vDQ74tiQK+SbSDV8zqXs4vgXK+osxz3ooQdU+Ep8JMUSGjRg8j72yj
XcQBOxW5Hu79ArYJPaD8KMARBnk0QbnoRZyLGHXzVQgsLli+xpXoigmL2IlhElOh
h+A5jpDfaoGCO9e6xVXp9s9GJ/Ho8uoXuIAeWvELP1kvixTT+c4oWn+iD+N9FA/C
kiVFMZOHrJ6478se0uqqEktPeszF0vXTW84aTscA5xPA7R145tMJYPRQGhb2+QL1
mC43Ya9KtONbr0REoQFca0w4bqSNRCv9fLtV/xizUI6mZImSF9ZQ+hAaqbBPrMZ+
sx3ohZ8fri4rS5leGAd/bN88Xxue7GNHxo4auNGPxrbMzb7opyNL3bhawhfNPlag
ZhCpXQDVkGYuHIgi4Z7VEVQuwg+l57kK2HdXlwlEDVixQHJ0YFAeI2A7goXJofxQ
/4mdcoWQpt75GlON4V0wGk9rACp/rEBbpu35Vv6FfBDa3fSlQAVvkBG/HOyp/OFm
Gyw6aY4Qk6psIIfmQVXQVVd5svkhkKRBpHHRPdfArZdny2UMOl9NG15zZGqr3nBX
ELGndcc8POUaKw9ia5QGP1QmfOrzznZ68jDUz58rwQiZpzMveS9C381kHnkIRunu
gDAVjjZCFwHuGzF1uV7S
=g5mZ
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64
Pull arm64 fixes from Catalin Marinas:
- correct argument type (pgprot_t) when calling __ioremap()
- PCI_IOBASE virtual address change
- use architected event for CPU cycle counter
- fix ELF core dumping
- select CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION
- missing completion for secondary CPU boot
- booting on systems with all memory beyond 4GB
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/cmarinas/linux-aarch64:
arm64: mm: fix booting on systems with no memory below 4GB
arm64: smp: add missing completion for secondary boot
arm64: compat: select CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION
arm64: elf: fix core dumping definitions for GP and FP registers
arm64: perf: use architected event for CPU cycle counter
arm64: Move PCI_IOBASE closer to MODULES_VADDR
arm64: Use pgprot_t as the last argument when invoking __ioremap()
* Fix compile issues on ARM.
* Fix hypercall fallback code for old hypervisors.
* Print out which HVM parameter failed if it fails.
* Fix idle notifier call after irq_enter.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABAgAGBQJQnQdGAAoJEFjIrFwIi8fJPBAIAMX1HRx3udqhv7fziynZvFTb
hj47XYIJHOK7P4fK7vZoSNgMHjL6LW5cUqC8VN67G3zUSkX9JYFsPBj6v4bWn+rG
b9CS+MW7hS80LGbbqkh1F+YSEfZ863RlF9PPX2acaHTw49MlIgIqwhxIo6hy+Nm6
thu6SlbEIJkSUdhbYMOAmy5aH/3+UuuQg+oq3P7mzV8fZjEihnrrF0NlT4wOZK1o
gsfrKYKJLVT526W9PF/L23/A/MCHMpvjNStpaDLOGNjV9sBMpJI8JRax6+657+q1
0kXvN5mAwTKWOaXBl4LEC9R8n1IKB91TgOY6HJAcXkb1eoP5KAeNSmU8RbsZ2T0=
=XZ+0
-----END PGP SIGNATURE-----
Merge tag 'stable/for-linus-3.7-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
Pull Xen fixes from Konrad Rzeszutek Wilk:
"There are three ARM compile fixes (we forgot to export certain
functions and if the drivers are built as an module - we go belly-up).
There is also an mismatch of irq_enter() / exit_idle() calls sequence
which were fixed some time ago in other piece of codes, but failed to
appear in the Xen code.
Lastly a fix for to help in the field with troubleshooting in case we
cannot get the appropriate parameter and also fallback code when
working with very old hypervisors."
Bug-fixes:
- Fix compile issues on ARM.
- Fix hypercall fallback code for old hypervisors.
- Print out which HVM parameter failed if it fails.
- Fix idle notifier call after irq_enter.
* tag 'stable/for-linus-3.7-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen/arm: Fix compile errors when drivers are compiled as modules (export more).
xen/arm: Fix compile errors when drivers are compiled as modules.
xen/generic: Disable fallback build on ARM.
xen/events: fix RCU warning, or Call idle notifier after irq_enter()
xen/hvm: If we fail to fetch an HVM parameter print out which flag it is.
xen/hypercall: fix hypercall fallback code for very old hypervisors
We tried linking in a single built object to hold the device table,
but only works if all of the sparc64 crypto modules get built the same
way (modular vs. non-modular).
Just include the device ID stub into each driver source file so that
the table gets compiled into the correct result in all cases.
Reported-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sparc32 already supported it, as a consequence of using the
generic atomic64 implementation. And the sparc64 implementation
is rather trivial.
This allows us to set ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE for all
of sparc, and avoid the annoying warning from lib/atomic64_test.c
Signed-off-by: David S. Miller <davem@davemloft.net>
This bug-fix makes sure that of_address_to_resource is defined extern for sparc
so that the sparc-specific implementation of of_address_to_resource() is once
again used when including include/linux/of_address.h in a sparc context. A
number of drivers in mainline relies on this function working for sparc.
The bug was introduced in a850a75544, "of/address:
add empty static inlines for !CONFIG_OF". Contrary to that commit title, the
static inlines are added for !CONFIG_OF_ADDRESS, and CONFIG_OF_ADDRESS is never
defined for sparc. This is good behavior for the other functions in
include/linux/of_address.h, as the extern functions defined in
drivers/of/address.c only gets linked when OF_ADDRESS is configured. However,
for of_address_to_resource there exists a sparc-specific implementation in
arch/sparc/arch/sparc/kernel/of_device_common.c
Solution suggested by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Andreas Larsson <andreas@gaisler.com>
Acked-by: Rob Herring <rob.herring@calxeda.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If an irq is being unlinked concurrently with leon_handle_ext_irq,
irq_map[eirq] might be null in leon_handle_ext_irq. Make sure that
this is not dereferenced.
Signed-off-by: Andreas Larsson <andreas@gaisler.com>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The commit 911dec0db4
"xen/arm: Fix compile errors when drivers are compiled as modules." exports
the neccessary functions. But to guard ourselves against out-of-tree modules
and future drivers hitting this, lets export all of the relevant
hypercalls.
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
For non MIPSr2 processors, such as the BMIPS 5000, calls to
arch_local_irq_disable() and others may be preempted, and in doing
so a stale value may be restored to c0_status. This fix disables
preemption for such processors prior to the call and enables it
after the call.
Those functions that needed this fix have been "outlined" to
mips-atomic.c, as they are no longer good candidates for inlining.
This bug was observed in a BMIPS 5000, occuring once every few hours
in a continuous reboot test. It was traced to the write_lock_irq()
function which was being invoked in release_task() in exit.c.
By placing a number of "nops" inbetween the mfc0/mtc0 pair in
arch_local_irq_disable(), which is called by write_lock_irq(), we
were able to greatly increase the occurance of this bug. Similarly,
the application of this commit silenced the bug.
Signed-off-by: Jim Quinlan <jim2101024@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: David Daney <ddaney.cavm@gmail.com>
Cc: Kevin Cernekee cernekee@gmail.com
Cc: Jim Quinlan <jim2101024@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/4321/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
The "else clause" of most functions in bitops.h invoked
raw_local_irq_{save,restore}() and in doing so had a dependency on
irqflags.h. This fix moves said code to bitops.c, removing the
dependency.
Signed-off-by: Jim Quinlan <jim2101024@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: David Daney <ddaney.cavm@gmail.com>
Cc: Kevin Cernekee cernekee@gmail.com
Cc: Jim Quinlan <jim2101024@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/4320/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
[ralf@linux-mips.org: No functional change but it's consistent with how
use types elsewhere in the code.]
Signed-off-by: Jim Quinlan <jim2101024@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: David Daney <ddaney.cavm@gmail.com>
Cc: Kevin Cernekee cernekee@gmail.com
Cc: Jim Quinlan <jim2101024@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/4319/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
So far is_compat_task() was testing for 32-bit registers if O32 support
was enabled and if O32 support was disabled but N32 enabled it was testing
for 32-bit address space. So if both O32 and N32 were enabled a N32
task was not considered a compat task, whops.
This still leaves potential cases where O32 and N32 need different treatment
unsolved. But that's another commit.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
This config item has not carried much meaning for a while now and is
almost always enabled by default. As agreed during the Linux kernel
summit, remove it.
CC: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Guan Xuetao <gxt@mprc.pku.edu.cn>