- Oct 25, 2014
-
-
Fabio Estevam authored
Commit 78b81f46 ("ARM: dts: imx28-evk: Run I2C0 at 400kHz") caused issues when doing the following sequence in loop: - Boot the kernel - Perform audio playback - Reboot the system via 'reboot' command In many times the audio card cannot be probed, which causes playback to fail. After restoring to the original i2c0 frequency of 100kHz there is no such problem anymore. This reverts commit 78b81f46. Cc: <stable@vger.kernel.org> # 3.16+ Signed-off-by:
Fabio Estevam <fabio.estevam@freescale.com> Signed-off-by:
Shawn Guo <shawn.guo@linaro.org>
-
Steve Longerbeam authored
Fix a typo error, the "emi" names refer to the eim clocks. The change fixes typo in EIM and EIM_SLOW pre-output dividers and selectors clock names. Notably EIM_SLOW clock itself is named correctly. Signed-off-by:
Steve Longerbeam <steve_longerbeam@mentor.com> [vladimir_zapolskiy@mentor.com: ported to v3.17] Signed-off-by:
Vladimir Zapolskiy <vladimir_zapolskiy@mentor.com> Cc: Sascha Hauer <kernel@pengutronix.de> Signed-off-by:
-
- Oct 24, 2014
-
-
Catalin Marinas authored
With 48-bit VA space, the 64K page configuration uses 3 levels instead of 2 and PUD_SIZE != PMD_SIZE. Since with 64K pages we only cover PMD_SIZE with the initial swapper_pg_dir populated in head.S, the memblock current_limit needs to be set accordingly in map_mem() to avoid allocating unmapped memory. The memblock current_limit is progressively increased as more blocks are mapped. Signed-off-by:Catalin Marinas <catalin.marinas@arm.com>
-
David S. Miller authored
It is not sufficient to only implement get_user_pages_fast(), you must also implement the atomic version __get_user_pages_fast() otherwise you end up using the weak symbol fallback implementation which simply returns zero. This is dangerous, because it causes the futex code to loop forever if transparent hugepages are supported (see get_futex_key()). Signed-off-by:David S. Miller <davem@davemloft.net>
-
David S. Miller authored
Meelis Roos reported that kernels built with gcc-4.9 do not boot, we eventually narrowed this down to only impacting machines using UltraSPARC-III and derivitive cpus. The crash happens right when the first user process is spawned: [ 54.451346] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004 [ 54.451346] [ 54.571516] CPU: 1 PID: 1 Comm: init Not tainted 3.16.0-rc2-00211-gd7933ab #96 [ 54.666431] Call Trace: [ 54.698453] [0000000000762f8c] panic+0xb0/0x224 [ 54.759071] [000000000045cf68] do_exit+0x948/0x960 [ 54.823123] [000000000042cbc0] fault_in_user_windows+0xe0/0x100 [ 54.902036] [0000000000404ad0] __handle_user_windows+0x0/0x10 [ 54.978662] Press Stop-A (L1-A) to return to the boot prom [ 55.050713] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004 Further investigation showed that compiling only per_cpu_patch() with an older compiler fixes the boot. Detailed analysis showed that the function is not being miscompiled by gcc-4.9, but it is using a different register allocation ordering. With the gcc-4.9 compiled function, something during the code patching causes some of the %i* input registers to get corrupted. Perhaps we have a TLB miss path into the firmware that is deep enough to cause a register window spill and subsequent restore when we get back from the TLB miss trap. Let's plug this up by doing two things: 1) Stop using the firmware stack for client interface calls into the firmware. Just use the kernel's stack. 2) As soon as we can, call into a new function "start_early_boot()" to put a one-register-window buffer between the firmware's deepest stack frame and the top-most initial kernel one. Reported-by:
Meelis Roos <mroos@linux.ee> Tested-by:
-
Arun Chandran authored
When user asks to turn off ASLR by writing "0" to /proc/sys/kernel/randomize_va_space there should not be any randomization to mmap base, stack, VDSO, libs, text and heap Currently arm64 violates this behavior by randomising text. Fix this by defining a constant ELF_ET_DYN_BASE. The randomisation of mm->mmap_base is done by setup_new_exec -> arch_pick_mmap_layout -> mmap_base -> mmap_rnd. Signed-off-by:
Arun Chandran <achandran@mvista.com> Signed-off-by:
-
Ralf Baechle authored
This isn't a module and shouldn't be one. Signed-off-by:Ralf Baechle <ralf@linux-mips.org>
-
Nadav Amit authored
Even after the recent fix, the assertion on paging_tmpl.h is triggered. Apparently, the assertion wants to check that the PAE is always set on long-mode, but does it in incorrect way. Note that the assertion is not enabled unless the code is debugged by defining MMU_DEBUG. Signed-off-by:
Nadav Amit <namit@cs.technion.ac.il> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
Nadav Amit authored
The decode phase of the x86 emulator assumes that every instruction with the ModRM flag, and which can be used with RIP-relative addressing, has either SrcMem or DstMem. This is not the case for several instructions - prefetch, hint-nop and clflush. Adding SrcMem|NoAccess for prefetch and hint-nop and SrcMem for clflush. This fixes CVE-2014-8480. Fixes: 41061cdb Cc: stable@vger.kernel.org Signed-off-by:
-
Nadav Amit authored
Currently, all group15 instructions are decoded as clflush (e.g., mfence, xsave). In addition, the clflush instruction requires no prefix (66/f2/f3) would exist. If prefix exists it may encode a different instruction (e.g., clflushopt). Creating a group for clflush, and different group for each prefix. This has been the case forever, but the next patch needs the cflush group in order to fix a bug introduced in 3.17. Fixes: 41061cdb Cc: stable@vger.kernel.org Signed-off-by:
-
Paolo Bonzini authored
A failure to decode the instruction can cause a NULL pointer access. This is fixed simply by moving the "done" label as close as possible to the return. This fixes CVE-2014-8481. Reported-by:
Andy Lutomirski <luto@amacapital.net> Cc: stable@vger.kernel.org Fixes: 41061cdb Signed-off-by:
-
Ralf Baechle authored
A platform driver for which nothing ever registers the corresponding platform device. Also it was driving the same hardware as sead3-i2c-drv.c so redundant anyway and couldn't co-exist with that driver because each of them was using a private spinlock to protect access to the same hardware resources. This also fixes a randconfig problem: arch/mips/mti-sead3/sead3-pic32-i2c-drv.c: In function 'i2c_platform_probe': arch/mips/mti-sead3/sead3-pic32-i2c-drv.c:345:2: error: implicit declaration of function 'i2c_add_numbered_adapter' [-Werror=implicit-function-declaration] ret = i2c_add_numbered_adapter(&priv->adap); ^ arch/mips/mti-sead3/sead3-pic32-i2c-drv.c: In function 'i2c_platform_remove': arch/mips/mti-sead3/sead3-pic32-i2c-drv.c:361:2: error: implicit declaration of function 'i2c_del_adapter' [-Werror=implicit-function-declaration] i2c_del_adapter(&priv->adap); Signed-off-by: -
Nadav Amit authored
Once an instruction crosses a page boundary, the size read from the second page disregards the common case that part of the operand resides on the first page. As a result, fetch of long insturctions may fail, and thereby cause the decoding to fail as well. Cc: stable@vger.kernel.org Fixes: 5cfc7e0f Signed-off-by:
-
Michael S. Tsirkin authored
KVM_EXIT_UNKNOWN is a kvm bug, we don't really know whether it was triggered by a priveledged application. Let's not kill the guest: WARN and inject #UD instead. Cc: stable@vger.kernel.org Signed-off-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
-
Petr Matousek authored
On systems with invvpid instruction support (corresponding bit in IA32_VMX_EPT_VPID_CAP MSR is set) guest invocation of invvpid causes vm exit, which is currently not handled and results in propagation of unknown exit to userspace. Fix this by installing an invvpid vm exit handler. This is CVE-2014-3646. Cc: stable@vger.kernel.org Signed-off-by:
Petr Matousek <pmatouse@redhat.com> Signed-off-by:
-
Nadav Amit authored
Far jmp/call/ret may fault while loading a new RIP. Currently KVM does not handle this case, and may result in failed vm-entry once the assignment is done. The tricky part of doing so is that loading the new CS affects the VMCS/VMCB state, so if we fail during loading the new RIP, we are left in unconsistent state. Therefore, this patch saves on 64-bit the old CS descriptor and restores it if loading RIP failed. This fixes CVE-2014-3647. Cc: stable@vger.kernel.org Signed-off-by:
-
Nadav Amit authored
Before changing rip (during jmp, call, ret, etc.) the target should be asserted to be canonical one, as real CPUs do. During sysret, both target rsp and rip should be canonical. If any of these values is noncanonical, a #GP exception should occur. The exception to this rule are syscall and sysenter instructions in which the assigned rip is checked during the assignment to the relevant MSRs. This patch fixes the emulator to behave as real CPUs do for near branches. Far branches are handled by the next patch. This fixes CVE-2014-3647. Cc: stable@vger.kernel.org Signed-off-by:
-
Nadav Amit authored
Relative jumps and calls do the masking according to the operand size, and not according to the address size as the KVM emulator does today. This patch fixes KVM behavior. Cc: stable@vger.kernel.org Signed-off-by:
-
Andy Honig authored
There's a race condition in the PIT emulation code in KVM. In __kvm_migrate_pit_timer the pit_timer object is accessed without synchronization. If the race condition occurs at the wrong time this can crash the host kernel. This fixes CVE-2014-3611. Cc: stable@vger.kernel.org Signed-off-by:
Andrew Honig <ahonig@google.com> Signed-off-by:
-
Andy Honig authored
The previous patch blocked invalid writes directly when the MSR is written. As a precaution, prevent future similar mistakes by gracefulling handle GPs caused by writes to shared MSRs. Cc: stable@vger.kernel.org Signed-off-by:
-
Nadav Amit authored
Upon WRMSR, the CPU should inject #GP if a non-canonical value (address) is written to certain MSRs. The behavior is "almost" identical for AMD and Intel (ignoring MSRs that are not implemented in either architecture since they would anyhow #GP). However, IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if non-canonical address is written on Intel but not on AMD (which ignores the top 32-bits). Accordingly, this patch injects a #GP on the MSRs which behave identically on Intel and AMD. To eliminate the differences between the architecutres, the value which is written to IA32_SYSENTER_ESP and IA32_SYSENTER_EIP is turned to canonical value before writing instead of injecting a #GP. Some references from Intel and AMD manuals: According to Intel SDM description of WRMSR instruction #GP is expected on WRMSR "If the source register contains a non-canonical address and ECX specifies one of the following MSRs: IA32_DS_AREA, IA32_FS_BASE, IA32_GS_BASE, IA32_KERNEL_GS_BASE, IA32_LSTAR, IA32_SYSENTER_EIP, IA32_SYSENTER_ESP." According to AMD manual instruction manual: LSTAR/CSTAR (SYSCALL): "The WRMSR instruction loads the target RIP into the LSTAR and CSTAR registers. If an RIP written by WRMSR is not in canonical form, a general-protection exception (#GP) occurs." IA32_GS_BASE and IA32_FS_BASE (WRFSBASE/WRGSBASE): "The address written to the base field must be in canonical form or a #GP fault will occur." IA32_KERNEL_GS_BASE (SWAPGS): "The address stored in the KernelGSbase MSR must be in canonical form." This patch fixes CVE-2014-3610. Cc: stable@vger.kernel.org Signed-off-by:
-
Olof Johansson authored
Allows booting from SD/MMC on RK3288 and other platforms. Added here so I can enable the board in the boot farm. Signed-off-by:Olof Johansson <olof@lixom.net>
-
Olof Johansson authored
I missed in 9a2ad529 that REGULATOR_FIXED_VOLTAGE had also gotten deselected, so it needs to be added back as an explicit option. Signed-off-by:
-
Markos Chandras authored
Code before the .fixup section needs to have the .insn directive. This has no side effects on MIPS32/64 but it affects the way microMIPS loads the address for the return label. Fixes the following build problem: mips-linux-gnu-ld: arch/mips/built-in.o: .fixup+0x4a0: Unsupported jump between ISA modes; consider recompiling with interlinking enabled. mips-linux-gnu-ld: final link failed: Bad value Makefile:819: recipe for target 'vmlinux' failed The fix is similar to 1658f914 ("MIPS: microMIPS: Disable LL/SC and fix linker bug.") Signed-off-by:
Markos Chandras <markos.chandras@imgtec.com> Cc: stable@vger.kernel.org Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8117/ Signed-off-by:
-
Stefan Hengelein authored
When CONFIG_MIPS_MT_SMP is enabled, the following compilation error occurs: arch/mips/pmcs-msp71xx/msp_irq_cic.c:134: error: ‘irq’ undeclared This code clearly never saw a compiler. The surrounding code suggests, that 'd->irq' was intended, not 'irq'. This error was found with vampyr. Signed-off-by:
Stefan Hengelein <stefan.hengelein@fau.de> Fixes: d7881fbd ("MIPS: msp71xx: Convert to new irq_chip functions") Acked-by:
Geert Uytterhoeven <geert@linux-m68k.org> Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/8116/ Signed-off-by:
-
- Oct 23, 2014
-
-
Markos Chandras authored
The malta-amon.c file provides functions to access the YAMON Monitoring interface to bring up secondary VPEs in case of SMP/CMP. As a result of which, there is no need to build it if CMP is not used. Signed-off-by:
Paul Burton <paul.burton@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: http://patchwork.linux-mips.org/patch/7993/ Signed-off-by:
-
Paul Burton authored
The no-op cases of cop2_save & cop2_restore lead to the following warnings being emitted during build with recent versions of gcc (tested using gcc 4.8.3 from the Mentor Sourcery CodeBench 2014.05 toolchain): In file included from ./arch/mips/include/asm/switch_to.h:18:0, from kernel/sched/core.c:78: kernel/sched/core.c: In function 'finish_task_switch': include/asm-generic/current.h:6:45: warning: value computed is not used [-Wunused-value] #define get_current() (current_thread_info()->task) ^ ./arch/mips/include/asm/cop2.h:48:32: note: in definition of macro 'cop2_restore' #define cop2_restore(r) do { (r); } while (0) ^ include/asm-generic/current.h:7:17: note: in expansion of macro 'get_current' #define current get_current() ^ ./arch/mips/include/asm/switch_to.h:114:16: note: in expansion of macro 'current' cop2_restore(current); \ ^ kernel/sched/core.c:2225:2: note: in expansion of macro 'finish_arch_switch' finish_arch_switch(prev); ^ Avoid the warning by "using" the value by casting to void. Signed-off-by: -
Markos Chandras authored
The MIPS_CPS_PM and MIPS_CPS_CPUIDLE implementation should depend on the MIPS_CPS symbol to avoid the following build problem arch/mips/kernel/pm-cps.c: In function 'cps_pm_enter_state': arch/mips/kernel/pm-cps.c:164:26: error: 'cpu_coherent_mask' undeclared (first use in this function) cpumask_clear_cpu(cpu, &cpu_coherent_mask); ^ Signed-off-by: -
Markos Chandras authored
The __pastwait symbol was only used by the address_is_in_r4k_wait_irqoff function but this is no longer used since the SMTC removal in commit b633648c ('MIPS: MT: Remove SMTC support'). That symbol also led to build failures under certain random configuration due to the way the compiler compiled the r4k_wait_irqoff function. If that function was called multiple times, the __pastwait symbol was redefined breaking the build like this: CHK include/generated/compile.h CC arch/mips/kernel/idle.o {standard input}: Assembler messages: {standard input}:527: Error: symbol `__pastwait' is already defined Link: http://www.linux-mips.org/cgi-bin/mesg.cgi?a=linux-mips&i=1244879922.24479.30.camel%40falcon Signed-off-by:
-
Martin Kelly authored
Panic if Xen provides a memory map with 0 entries. Although this is unlikely, it is better to catch the error at the point of seeing the map than later on as a symptom of some other crash. Signed-off-by:
Martin Kelly <martkell@amazon.com> Signed-off-by:
David Vrabel <david.vrabel@citrix.com>
-
Boris Ostrovsky authored
Commit 89cbc767 ("x86: Replace __get_cpu_var uses") replaced __get_cpu_var() with this_cpu_ptr() in xen_clocksource_read() in such a way that instead of accessing a structure pointed to by a per-cpu pointer we are trying to get to a per-cpu structure. __this_cpu_read() of the pointer is the more appropriate accessor. Signed-off-by:
Boris Ostrovsky <boris.ostrovsky@oracle.com> Signed-off-by:
-
Juergen Gross authored
When a new p2m leaf is allocated this leaf is linked into the p2m tree via cmpxchg. Unfortunately the compare value for checking the success of the update is read after checking for the need of a new leaf. It is possible that a new leaf has been linked into the tree concurrently in between. This could lead to a leaked memory page and to the loss of some p2m entries. Avoid the race by using the read compare value for checking the need of a new p2m leaf and use ACCESS_ONCE() to get it. There are other places which seem to need ACCESS_ONCE() to ensure proper operation. Change them accordingly. Signed-off-by:
Juergen Gross <jgross@suse.com> Signed-off-by:
-
Juergen Gross authored
The 3 level p2m tree for the Xen tools is constructed very early at boot by calling xen_build_mfn_list_list(). Memory needed for this tree is allocated via extend_brk(). As this tree (other than the kernel internal p2m tree) is only needed for domain save/restore, live migration and crash dump analysis it doesn't matter whether it is constructed very early or just some milliseconds later when memory allocation is possible by other means. This patch moves the call of xen_build_mfn_list_list() just after calling xen_pagetable_p2m_copy() simplifying this function, too, as it doesn't have to bother with two parallel trees now. The same applies for some other internal functions. While simplifying code, make early_can_reuse_p2m_middle() static and drop the unused second parameter. p2m_mid_identity_mfn can be removed as well, it isn't used either. Signed-off-by:
-
Juergen Gross authored
In case a race was detected during allocation of a new p2m tree element in alloc_p2m() the new allocated mid_mfn page is freed without updating the pointer to the found value in the tree. This will result in overwriting the just freed page with the mfn of the p2m leaf. Signed-off-by:
-
Markos Chandras authored
Fixes the following randconfig build problem: arch/mips/built-in.o: In function `show_cpuinfo': proc.c:(.text+0xde84): undefined reference to `get_system_type' arch/mips/built-in.o: In function `sb1250_setup': (.init.text+0x428): undefined reference to `get_system_type' arch/mips/built-in.o: In function `setup_arch': (.init.text+0x178c): undefined reference to `plat_mem_setup' Makefile:930: recipe for target 'vmlinux' failed Signed-off-by:
-
Aaro Koskinen authored
Commit a79ebea6 (MIPS: ptrace: Fix user pt_regs definition, use in ptrace_{get, set}regs()) converted struct pt_regs to use __u64. Some userspace applications (e.g. GDB) include this file directly, and fail to see this type. Fix by including <linux/types.h>. The patch fixes the following build failure with GDB 7.8 when using GLIBC headers created against Linux 3.17: In file included from /home/aaro/los/work/shared/gdb-7.8/gdb/mips-linux-nat.c:37:0: /home/aaro/los/work/mips/rootfs/mips-linux-gnu/usr/include/asm/ptrace.h:32:2: error: unknown type name '__u64' __u64 regs[32]; ^ /home/aaro/los/work/mips/rootfs/mips-linux-gnu/usr/include/asm/ptrace.h:35:2: error: unknown type name '__u64' __u64 lo; ^ /home/aaro/los/work/mips/rootfs/mips-linux-gnu/usr/include/asm/ptrace.h:36:2: error: unknown type name '__u64' __u64 hi; ^ Fixes: a79ebea6 ("MIPS: ptrace: Fix user pt_regs definition, use in ptrace_{get, set}regs()") Cc: stable@vger.kernel.org # 3.17 Signed-off-by:
Aaro Koskinen <aaro.koskinen@iki.fi> Cc: Alex Smith <alex@alex-smith.me.uk> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8067/ Signed-off-by:
-
Dinh Nguyen authored
Without the 3.3V regulator node, the SDMMC driver will give these warnings: dw_mmc ff704000.dwmmc0: No vmmc regulator found dw_mmc ff704000.dwmmc0: No vqmmc regulator found This patch adds the regulator node, and points the SD/MMC to the regulator. Signed-off-by:
Dinh Nguyen <dinguyen@opensource.altera.com> Reviewed-by:
Doug Anderson <dianders@chromium.org> --- v3: Rename nodes to have schematic-name_regulator and remove "boot-on" and "always-on" v2: Move the regulator nodes to their respective board dts file and correctly rename them to match the schematic
-
Dinh Nguyen authored
Without this patch, the booting the SOCFPGA platform would hang at the SDMMC driver loading. The issue, debugged by Doug Anderson, turned out to be that the GPIO bank used by the SD card-detect was not set to status="okay". Also update the cd-gpios to point to portb of the &gpio1 GPIO IP. Suggested-by:
-
Dinh Nguyen authored
Since the Synopsys GPIO IP can support multiple ports of varying widths, it would make more sense to have the GPIO node DTS entry as this: gpio0: gpio@ff708000{ porta{ }; }; Also, this is documented in the snps-dwapb-gpio.txt. Suggested-by:
-
- Oct 22, 2014
-
-
Vineet Gupta authored
The ARC version of kgdb_arch_pc() is identical to the generic version in kernel/debug/debug_core.c. Drop the ARC version so we use the generic one. Signed-off-by:
Vineet Gupta <vgupta@synopsys.com> Signed-off-by:
Bjorn Helgaas <bhelgaas@google.com>
-
