Linus Torvalds [Fri, 24 Oct 2014 19:48:04 +0000 (12:48 -0700)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
- enable 48-bit VA space now that KVM has been fixed, together with a
couple of fixes for pgd allocation alignment and initial memblock
current_limit. There is still a dependency on !ARM_SMMU which needs
to be updated as it uses the page table manipulation macros of the
host kernel
- eBPF fixes following changes/conflicts during the merging window
- Compat types affecting compat_elf_prpsinfo
- Compilation error on UP builds
- ASLR fix when /proc/sys/kernel/randomize_va_space == 0
- DT definitions for CLCD support on ARMv8 model platform
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: Fix memblock current_limit with 64K pages and 48-bit VA
arm64: ASLR: Don't randomise text when randomise_va_space == 0
arm64: vexpress: Add CLCD support to the ARMv8 model platform
arm64: Fix compilation error on UP builds
Documentation/arm64/memory.txt: fix typo
net: bpf: arm64: minor fix of type in jited
arm64: bpf: add 'load 64-bit immediate' instruction
arm64: bpf: add 'shift by register' instructions
net: bpf: arm64: address randomize and write protect JIT code
arm64: mm: Correct fixmap pagetable types
arm64: compat: fix compat types affecting struct compat_elf_prpsinfo
arm64: Align less than PAGE_SIZE pgds naturally
arm64: Allow 48-bits VA space without ARM_SMMU
Linus Torvalds [Fri, 24 Oct 2014 19:45:47 +0000 (12:45 -0700)]
Merge git://git./linux/kernel/git/davem/sparc
Pull two sparc fixes from David Miller:
1) Fix boots with gcc-4.9 compiled sparc64 kernels.
2) Add missing __get_user_pages_fast() on sparc64 to fix hangs on
futexes used in transparent hugepage areas.
It's really idiotic to have a weak symbolled fallback that just
returns zero, and causes this kind of bug. There should be no
backup implementation and the link should fail if the architecture
fails to provide __get_user_pages_fast() and supports transparent
hugepages.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc64: Implement __get_user_pages_fast().
sparc64: Fix register corruption in top-most kernel stack frame during boot.
Linus Torvalds [Fri, 24 Oct 2014 19:42:55 +0000 (12:42 -0700)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull kvm fixes from Paolo Bonzini:
"This is a pretty large update. I think it is roughly as big as what I
usually had for the _whole_ rc period.
There are a few bad bugs where the guest can OOPS or crash the host.
We have also started looking at attack models for nested
virtualization; bugs that usually result in the guest ring 0 crashing
itself become more worrisome if you have nested virtualization,
because the nested guest might bring down the non-nested guest as
well. For current uses of nested virtualization these do not really
have a security impact, but you never know and bugs are bugs
nevertheless.
A lot of these bugs are in 3.17 too, resulting in a large number of
stable@ Ccs. I checked that all the patches apply there with no
conflicts"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: vfio: fix unregister kvm_device_ops of vfio
KVM: x86: Wrong assertion on paging_tmpl.h
kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag
KVM: x86: Emulator does not decode clflush well
KVM: emulate: avoid accessing NULL ctxt->memopp
KVM: x86: Decoding guest instructions which cross page boundary may fail
kvm: x86: don't kill guest on unknown exit reason
kvm: vmx: handle invvpid vm exit gracefully
KVM: x86: Handle errors when RIP is set during far jumps
KVM: x86: Emulator fixes for eip canonical checks on near branches
KVM: x86: Fix wrong masking on relative jump/call
KVM: x86: Improve thread safety in pit
KVM: x86: Prevent host from panicking on shared MSR writes.
KVM: x86: Check non-canonical addresses upon WRMSR
Linus Torvalds [Fri, 24 Oct 2014 19:41:50 +0000 (12:41 -0700)]
Merge tag 'stable/for-linus-3.18-b-rc1-tag' of git://git./linux/kernel/git/xen/tip
Pull xen bug fixes from David Vrabel:
- Fix regression in xen_clocksource_read() which caused all Xen guests
to crash early in boot.
- Several fixes for super rare race conditions in the p2m.
- Assorted other minor fixes.
* tag 'stable/for-linus-3.18-b-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen/pci: Allocate memory for physdev_pci_device_add's optarr
x86/xen: panic on bad Xen-provided memory map
x86/xen: Fix incorrect per_cpu accessor in xen_clocksource_read()
x86/xen: avoid race in p2m handling
x86/xen: delay construction of mfn_list_list
x86/xen: avoid writing to freed memory after race in p2m handling
xen/balloon: Don't continue ballooning when BP_ECANCELED is encountered
Linus Torvalds [Fri, 24 Oct 2014 19:35:48 +0000 (12:35 -0700)]
Merge tag 'sound-3.18-rc2' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Here are a chunk of small fixes since rc1: two PCM core fixes, one is
a long-standing annoyance about lockdep and another is an ARM64 mmap
fix.
The rest are a HD-audio HDMI hotplug notification fix, a fix for
missing NULL termination in Realtek codec quirks and a few new
device/codec-specific quirks as usual"
* tag 'sound-3.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Add missing terminating entry to SND_HDA_PIN_QUIRK macro
ALSA: pcm: Fix false lockdep warnings
ALSA: hda - Fix inverted LED gpio setup for Lenovo Ideapad
ALSA: hda - hdmi: Fix missing ELD change event on plug/unplug
ALSA: usb-audio: Add support for Steinberg UR22 USB interface
ALSA: ALC283 codec - Avoid pop noise on headphones during suspend/resume
ALSA: pcm: use the same dma mmap codepath both for arm and arm64
Linus Torvalds [Fri, 24 Oct 2014 19:33:32 +0000 (12:33 -0700)]
Merge tag 'random_for_linus' of git://git./linux/kernel/git/tytso/random
Pull /dev/random updates from Ted Ts'o:
"This adds a memzero_explicit() call which is guaranteed not to be
optimized away by GCC. This is important when we are wiping
cryptographically sensitive material"
* tag 'random_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random:
crypto: memzero_explicit - make sure to clear out sensitive data
random: add and use memzero_explicit() for clearing data
Linus Torvalds [Fri, 24 Oct 2014 18:29:31 +0000 (11:29 -0700)]
Merge tag 'pm+acpi-3.18-rc2' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI and power management updates from Rafael Wysocki:
"This is material that didn't make it to my 3.18-rc1 pull request for
various reasons, mostly related to timing and travel (LinuxCon EU /
LPC) plus a couple of fixes for recent bugs.
The only really new thing here is the PM QoS class for memory
bandwidth, but it is simple enough and users of it will be added in
the next cycle. One major change in behavior is that platform devices
enumerated by ACPI will use 32-bit DMA mask by default. Also included
is an ACPICA update to a new upstream release, but that's mostly
cleanups, changes in tools and similar. The rest is fixes and
cleanups mostly.
Specifics:
- Fix for a recent PCI power management change that overlooked the
fact that some IRQ chips might not be able to configure PCIe PME
for system wakeup from Lucas Stach.
- Fix for a bug introduced in 3.17 where acpi_device_wakeup() is
called with a wrong ordering of arguments from Zhang Rui.
- A bunch of intel_pstate driver fixes (all -stable candidates) from
Dirk Brandewie, Gabriele Mazzotta and Pali Rohár.
- Fixes for a rather long-standing problem with the OOM killer and
the freezer that frozen processes killed by the OOM do not actually
release any memory until they are thawed, so OOM-killing them is
rather pointless, with a couple of cleanups on top (Michal Hocko,
Cong Wang, Rafael J Wysocki).
- ACPICA update to upstream release
20140926, inlcuding mostly
cleanups reducing differences between the upstream ACPICA and the
kernel code, tools changes (acpidump, acpiexec) and support for the
_DDN object (Bob Moore, Lv Zheng).
- New PM QoS class for memory bandwidth from Tomeu Vizoso.
- Default 32-bit DMA mask for platform devices enumerated by ACPI
(this change is mostly needed for some drivers development in
progress targeted at 3.19) from Heikki Krogerus.
- ACPI EC driver cleanups, mostly related to debugging, from Lv
Zheng.
- cpufreq-dt driver updates from Thomas Petazzoni.
- powernv cpuidle driver update from Preeti U Murthy"
* tag 'pm+acpi-3.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (34 commits)
intel_pstate: Correct BYT VID values.
intel_pstate: Fix BYT frequency reporting
intel_pstate: Don't lose sysfs settings during cpu offline
cpufreq: intel_pstate: Reflect current no_turbo state correctly
cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers
cpufreq: intel_pstate: Fix setting max_perf_pct in performance policy
PCI / PM: handle failure to enable wakeup on PCIe PME
ACPI: invoke acpi_device_wakeup() with correct parameters
PM / freezer: Clean up code after recent fixes
PM: convert do_each_thread to for_each_process_thread
OOM, PM: OOM killed task shouldn't escape PM suspend
freezer: remove obsolete comments in __thaw_task()
freezer: Do not freeze tasks killed by OOM killer
ACPI / platform: provide default DMA mask
cpuidle: powernv: Populate cpuidle state details by querying the device-tree
cpufreq: cpufreq-dt: adjust message related to regulators
cpufreq: cpufreq-dt: extend with platform_data
cpufreq: allow driver-specific data
ACPI / EC: Cleanup coding style.
ACPI / EC: Refine event/query debugging messages.
...
Linus Torvalds [Fri, 24 Oct 2014 18:21:43 +0000 (11:21 -0700)]
Merge branch 'next' of git://git./linux/kernel/git/rzhang/linux
Pull thermal management updates from Zhang Rui:
"Sorry that I missed the merge window as there is a bug found in the
last minute, and I have to fix it and wait for the code to be tested
in linux-next tree for a few days. Now the buggy patch has been
dropped entirely from my next branch. Thus I hope those changes can
still be merged in 3.18-rc2 as most of them are platform thermal
driver changes.
Specifics:
- introduce ACPI INT340X thermal drivers.
Newer laptops and tablets may have thermal sensors and other
devices with thermal control capabilities that are exposed for the
OS to use via the ACPI INT340x device objects. Several drivers are
introduced to expose the temperature information and cooling
ability from these objects to user-space via the normal thermal
framework.
From: Lu Aaron, Lan Tianyu, Jacob Pan and Zhang Rui.
- introduce a new thermal governor, which just uses a hysteresis to
switch abruptly on/off a cooling device. This governor can be used
to control certain fan devices that can not be throttled but just
switched on or off. From: Peter Feuerer.
- introduce support for some new thermal interrupt functions on
i.MX6SX, in IMX thermal driver. From: Anson, Huang.
- introduce tracing support on thermal framework. From: Punit
Agrawal.
- small fixes in OF thermal and thermal step_wise governor"
* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: (25 commits)
Thermal: int340x thermal: select ACPI fan driver
Thermal: int3400_thermal: use acpi_thermal_rel parsing APIs
Thermal: int340x_thermal: expose acpi thermal relationship tables
Thermal: introduce int3403 thermal driver
Thermal: introduce INT3402 thermal driver
Thermal: move the KELVIN_TO_MILLICELSIUS macro to thermal.h
ACPI / Fan: support INT3404 thermal device
ACPI / Fan: add ACPI 4.0 style fan support
ACPI / fan: convert to platform driver
ACPI / fan: use acpi_device_xxx_power instead of acpi_bus equivelant
ACPI / fan: remove no need check for device pointer
ACPI / fan: remove unused macro
Thermal: int3400 thermal: register to thermal framework
Thermal: int3400 thermal: add capability to detect supporting UUIDs
Thermal: introduce int3400 thermal driver
ACPI: add ACPI_TYPE_LOCAL_REFERENCE support to acpi_extract_package()
ACPI: make acpi_create_platform_device() an external API
thermal: step_wise: fix: Prevent from binary overflow when trend is dropping
ACPI: introduce ACPI int340x thermal scan handler
thermal: Added Bang-bang thermal governor
...
Catalin Marinas [Fri, 24 Oct 2014 17:16:47 +0000 (18:16 +0100)]
arm64: Fix memblock current_limit with 64K pages and 48-bit VA
With 48-bit VA space, the 64K page configuration uses 3 levels instead
of 2 and PUD_SIZE != PMD_SIZE. Since with 64K pages we only cover
PMD_SIZE with the initial swapper_pg_dir populated in head.S, the
memblock current_limit needs to be set accordingly in map_mem() to avoid
allocating unmapped memory. The memblock current_limit is progressively
increased as more blocks are mapped.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
David S. Miller [Fri, 24 Oct 2014 16:59:02 +0000 (09:59 -0700)]
sparc64: Implement __get_user_pages_fast().
It is not sufficient to only implement get_user_pages_fast(), you
must also implement the atomic version __get_user_pages_fast()
otherwise you end up using the weak symbol fallback implementation
which simply returns zero.
This is dangerous, because it causes the futex code to loop forever
if transparent hugepages are supported (see get_futex_key()).
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Thu, 23 Oct 2014 19:58:13 +0000 (12:58 -0700)]
sparc64: Fix register corruption in top-most kernel stack frame during boot.
Meelis Roos reported that kernels built with gcc-4.9 do not boot, we
eventually narrowed this down to only impacting machines using
UltraSPARC-III and derivitive cpus.
The crash happens right when the first user process is spawned:
[ 54.451346] Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
[ 54.451346]
[ 54.571516] CPU: 1 PID: 1 Comm: init Not tainted 3.16.0-rc2-00211-gd7933ab #96
[ 54.666431] Call Trace:
[ 54.698453] [
0000000000762f8c] panic+0xb0/0x224
[ 54.759071] [
000000000045cf68] do_exit+0x948/0x960
[ 54.823123] [
000000000042cbc0] fault_in_user_windows+0xe0/0x100
[ 54.902036] [
0000000000404ad0] __handle_user_windows+0x0/0x10
[ 54.978662] Press Stop-A (L1-A) to return to the boot prom
[ 55.050713] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000004
Further investigation showed that compiling only per_cpu_patch() with
an older compiler fixes the boot.
Detailed analysis showed that the function is not being miscompiled by
gcc-4.9, but it is using a different register allocation ordering.
With the gcc-4.9 compiled function, something during the code patching
causes some of the %i* input registers to get corrupted. Perhaps
we have a TLB miss path into the firmware that is deep enough to
cause a register window spill and subsequent restore when we get
back from the TLB miss trap.
Let's plug this up by doing two things:
1) Stop using the firmware stack for client interface calls into
the firmware. Just use the kernel's stack.
2) As soon as we can, call into a new function "start_early_boot()"
to put a one-register-window buffer between the firmware's
deepest stack frame and the top-most initial kernel one.
Reported-by: Meelis Roos <mroos@linux.ee>
Tested-by: Meelis Roos <mroos@linux.ee>
Signed-off-by: David S. Miller <davem@davemloft.net>
Arun Chandran [Fri, 10 Oct 2014 11:31:24 +0000 (12:31 +0100)]
arm64: ASLR: Don't randomise text when randomise_va_space == 0
When user asks to turn off ASLR by writing "0" to
/proc/sys/kernel/randomize_va_space there should not be
any randomization to mmap base, stack, VDSO, libs, text and heap
Currently arm64 violates this behavior by randomising text.
Fix this by defining a constant ELF_ET_DYN_BASE. The randomisation of
mm->mmap_base is done by setup_new_exec -> arch_pick_mmap_layout ->
mmap_base -> mmap_rnd.
Signed-off-by: Arun Chandran <achandran@mvista.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Wanpeng Li [Thu, 9 Oct 2014 10:30:08 +0000 (18:30 +0800)]
kvm: vfio: fix unregister kvm_device_ops of vfio
After commit 80ce163 (KVM: VFIO: register kvm_device_ops dynamically),
kvm_device_ops of vfio can be registered dynamically. Commit
3c3c29fd
(kvm-vfio: do not use module_init) move the dynamic register invoked by
kvm_init in order to fix broke unloading of the kvm module. However,
kvm_device_ops of vfio is unregistered after rmmod kvm-intel module
which lead to device type collision detection warning after kvm-intel
module reinsmod.
WARNING: CPU: 1 PID: 10358 at /root/cathy/kvm/arch/x86/kvm/../../../virt/kvm/kvm_main.c:3289 kvm_init+0x234/0x282 [kvm]()
Modules linked in: kvm_intel(O+) kvm(O) nfsv3 nfs_acl auth_rpcgss oid_registry nfsv4 dns_resolver nfs fscache lockd sunrpc pci_stub bridge stp llc autofs4 8021q cpufreq_ondemand ipv6 joydev microcode pcspkr igb i2c_algo_bit ehci_pci ehci_hcd e1000e i2c_i801 ixgbe ptp pps_core hwmon mdio tpm_tis tpm ipmi_si ipmi_msghandler acpi_cpufreq isci libsas scsi_transport_sas button dm_mirror dm_region_hash dm_log dm_mod [last unloaded: kvm_intel]
CPU: 1 PID: 10358 Comm: insmod Tainted: G W O 3.17.0-rc1 #2
Hardware name: Intel Corporation S2600CP/S2600CP, BIOS RMLSDP.86I.00.29.D696.
1311111329 11/11/2013
0000000000000cd9 ffff880ff08cfd18 ffffffff814a61d9 0000000000000cd9
0000000000000000 ffff880ff08cfd58 ffffffff810417b7 ffff880ff08cfd48
ffffffffa045bcac ffffffffa049c420 0000000000000040 00000000000000ff
Call Trace:
[<
ffffffff814a61d9>] dump_stack+0x49/0x60
[<
ffffffff810417b7>] warn_slowpath_common+0x7c/0x96
[<
ffffffffa045bcac>] ? kvm_init+0x234/0x282 [kvm]
[<
ffffffff810417e6>] warn_slowpath_null+0x15/0x17
[<
ffffffffa045bcac>] kvm_init+0x234/0x282 [kvm]
[<
ffffffffa016e995>] vmx_init+0x1bf/0x42a [kvm_intel]
[<
ffffffffa016e7d6>] ? vmx_check_processor_compat+0x64/0x64 [kvm_intel]
[<
ffffffff810002ab>] do_one_initcall+0xe3/0x170
[<
ffffffff811168a9>] ? __vunmap+0xad/0xb8
[<
ffffffff8109c58f>] do_init_module+0x2b/0x174
[<
ffffffff8109d414>] load_module+0x43e/0x569
[<
ffffffff8109c6d8>] ? do_init_module+0x174/0x174
[<
ffffffff8109c75a>] ? copy_module_from_user+0x39/0x82
[<
ffffffff8109b7dd>] ? module_sect_show+0x20/0x20
[<
ffffffff8109d65f>] SyS_init_module+0x54/0x81
[<
ffffffff814a9a12>] system_call_fastpath+0x16/0x1b
---[ end trace
0626f4a3ddea56f3 ]---
The bug can be reproduced by:
rmmod kvm_intel.ko
insmod kvm_intel.ko
without rmmod/insmod kvm.ko
This patch fixes the bug by unregistering kvm_device_ops of vfio when the
kvm-intel module is removed.
Reported-by: Liu Rongrong <rongrongx.liu@intel.com>
Fixes:
3c3c29fd0d7cddc32862c350d0700ce69953e3bd
Signed-off-by: Wanpeng Li <wanpeng.li@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Tue, 30 Sep 2014 17:49:18 +0000 (20:49 +0300)]
KVM: x86: Wrong assertion on paging_tmpl.h
Even after the recent fix, the assertion on paging_tmpl.h is triggered.
Apparently, the assertion wants to check that the PAE is always set on
long-mode, but does it in incorrect way. Note that the assertion is not
enabled unless the code is debugged by defining MMU_DEBUG.
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Quentin Casasnovas [Fri, 17 Oct 2014 20:55:59 +0000 (22:55 +0200)]
kvm: fix excessive pages un-pinning in kvm_iommu_map error path.
The third parameter of kvm_unpin_pages() when called from
kvm_iommu_map_pages() is wrong, it should be the number of pages to un-pin
and not the page size.
This error was facilitated with an inconsistent API: kvm_pin_pages() takes
a size, but kvn_unpin_pages() takes a number of pages, so fix the problem
by matching the two.
This was introduced by commit 350b8bd ("kvm: iommu: fix the third parameter
of kvm_iommu_put_pages (CVE-2014-3601)"), which fixes the lack of
un-pinning for pages intended to be un-pinned (i.e. memory leak) but
unfortunately potentially aggravated the number of pages we un-pin that
should have stayed pinned. As far as I understand though, the same
practical mitigations apply.
This issue was found during review of Red Hat 6.6 patches to prepare
Ksplice rebootless updates.
Thanks to Vegard for his time on a late Friday evening to help me in
understanding this code.
Fixes: 350b8bd ("kvm: iommu: fix the third parameter of... (CVE-2014-3601)")
Cc: stable@vger.kernel.org
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Mon, 13 Oct 2014 10:04:14 +0000 (13:04 +0300)]
KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag
The decode phase of the x86 emulator assumes that every instruction with the
ModRM flag, and which can be used with RIP-relative addressing, has either
SrcMem or DstMem. This is not the case for several instructions - prefetch,
hint-nop and clflush.
Adding SrcMem|NoAccess for prefetch and hint-nop and SrcMem for clflush.
This fixes CVE-2014-8480.
Fixes:
41061cdb98a0bec464278b4db8e894a3121671f5
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Mon, 13 Oct 2014 10:04:13 +0000 (13:04 +0300)]
KVM: x86: Emulator does not decode clflush well
Currently, all group15 instructions are decoded as clflush (e.g., mfence,
xsave). In addition, the clflush instruction requires no prefix (66/f2/f3)
would exist. If prefix exists it may encode a different instruction (e.g.,
clflushopt).
Creating a group for clflush, and different group for each prefix.
This has been the case forever, but the next patch needs the cflush group
in order to fix a bug introduced in 3.17.
Fixes:
41061cdb98a0bec464278b4db8e894a3121671f5
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 23 Oct 2014 12:54:14 +0000 (14:54 +0200)]
KVM: emulate: avoid accessing NULL ctxt->memopp
A failure to decode the instruction can cause a NULL pointer access.
This is fixed simply by moving the "done" label as close as possible
to the return.
This fixes CVE-2014-8481.
Reported-by: Andy Lutomirski <luto@amacapital.net>
Cc: stable@vger.kernel.org
Fixes:
41061cdb98a0bec464278b4db8e894a3121671f5
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Thu, 2 Oct 2014 22:10:04 +0000 (01:10 +0300)]
KVM: x86: Decoding guest instructions which cross page boundary may fail
Once an instruction crosses a page boundary, the size read from the second page
disregards the common case that part of the operand resides on the first page.
As a result, fetch of long insturctions may fail, and thereby cause the
decoding to fail as well.
Cc: stable@vger.kernel.org
Fixes:
5cfc7e0f5e5e1adf998df94f8e36edaf5d30d38e
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Michael S. Tsirkin [Thu, 18 Sep 2014 13:21:16 +0000 (16:21 +0300)]
kvm: x86: don't kill guest on unknown exit reason
KVM_EXIT_UNKNOWN is a kvm bug, we don't really know whether it was
triggered by a priveledged application. Let's not kill the guest: WARN
and inject #UD instead.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Petr Matousek [Tue, 23 Sep 2014 18:22:30 +0000 (20:22 +0200)]
kvm: vmx: handle invvpid vm exit gracefully
On systems with invvpid instruction support (corresponding bit in
IA32_VMX_EPT_VPID_CAP MSR is set) guest invocation of invvpid
causes vm exit, which is currently not handled and results in
propagation of unknown exit to userspace.
Fix this by installing an invvpid vm exit handler.
This is CVE-2014-3646.
Cc: stable@vger.kernel.org
Signed-off-by: Petr Matousek <pmatouse@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Thu, 18 Sep 2014 19:39:39 +0000 (22:39 +0300)]
KVM: x86: Handle errors when RIP is set during far jumps
Far jmp/call/ret may fault while loading a new RIP. Currently KVM does not
handle this case, and may result in failed vm-entry once the assignment is
done. The tricky part of doing so is that loading the new CS affects the
VMCS/VMCB state, so if we fail during loading the new RIP, we are left in
unconsistent state. Therefore, this patch saves on 64-bit the old CS
descriptor and restores it if loading RIP failed.
This fixes CVE-2014-3647.
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Thu, 18 Sep 2014 19:39:38 +0000 (22:39 +0300)]
KVM: x86: Emulator fixes for eip canonical checks on near branches
Before changing rip (during jmp, call, ret, etc.) the target should be asserted
to be canonical one, as real CPUs do. During sysret, both target rsp and rip
should be canonical. If any of these values is noncanonical, a #GP exception
should occur. The exception to this rule are syscall and sysenter instructions
in which the assigned rip is checked during the assignment to the relevant
MSRs.
This patch fixes the emulator to behave as real CPUs do for near branches.
Far branches are handled by the next patch.
This fixes CVE-2014-3647.
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Thu, 18 Sep 2014 19:39:37 +0000 (22:39 +0300)]
KVM: x86: Fix wrong masking on relative jump/call
Relative jumps and calls do the masking according to the operand size, and not
according to the address size as the KVM emulator does today.
This patch fixes KVM behavior.
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Andy Honig [Wed, 27 Aug 2014 21:42:54 +0000 (14:42 -0700)]
KVM: x86: Improve thread safety in pit
There's a race condition in the PIT emulation code in KVM. In
__kvm_migrate_pit_timer the pit_timer object is accessed without
synchronization. If the race condition occurs at the wrong time this
can crash the host kernel.
This fixes CVE-2014-3611.
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Andy Honig [Wed, 27 Aug 2014 18:16:44 +0000 (11:16 -0700)]
KVM: x86: Prevent host from panicking on shared MSR writes.
The previous patch blocked invalid writes directly when the MSR
is written. As a precaution, prevent future similar mistakes by
gracefulling handle GPs caused by writes to shared MSRs.
Cc: stable@vger.kernel.org
Signed-off-by: Andrew Honig <ahonig@google.com>
[Remove parts obsoleted by Nadav's patch. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Nadav Amit [Tue, 16 Sep 2014 00:24:05 +0000 (03:24 +0300)]
KVM: x86: Check non-canonical addresses upon WRMSR
Upon WRMSR, the CPU should inject #GP if a non-canonical value (address) is
written to certain MSRs. The behavior is "almost" identical for AMD and Intel
(ignoring MSRs that are not implemented in either architecture since they would
anyhow #GP). However, IA32_SYSENTER_ESP and IA32_SYSENTER_EIP cause #GP if
non-canonical address is written on Intel but not on AMD (which ignores the top
32-bits).
Accordingly, this patch injects a #GP on the MSRs which behave identically on
Intel and AMD. To eliminate the differences between the architecutres, the
value which is written to IA32_SYSENTER_ESP and IA32_SYSENTER_EIP is turned to
canonical value before writing instead of injecting a #GP.
Some references from Intel and AMD manuals:
According to Intel SDM description of WRMSR instruction #GP is expected on
WRMSR "If the source register contains a non-canonical address and ECX
specifies one of the following MSRs: IA32_DS_AREA, IA32_FS_BASE, IA32_GS_BASE,
IA32_KERNEL_GS_BASE, IA32_LSTAR, IA32_SYSENTER_EIP, IA32_SYSENTER_ESP."
According to AMD manual instruction manual:
LSTAR/CSTAR (SYSCALL): "The WRMSR instruction loads the target RIP into the
LSTAR and CSTAR registers. If an RIP written by WRMSR is not in canonical
form, a general-protection exception (#GP) occurs."
IA32_GS_BASE and IA32_FS_BASE (WRFSBASE/WRGSBASE): "The address written to the
base field must be in canonical form or a #GP fault will occur."
IA32_KERNEL_GS_BASE (SWAPGS): "The address stored in the KernelGSbase MSR must
be in canonical form."
This patch fixes CVE-2014-3610.
Cc: stable@vger.kernel.org
Signed-off-by: Nadav Amit <namit@cs.technion.ac.il>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
David Henningsson [Fri, 24 Oct 2014 08:00:38 +0000 (10:00 +0200)]
ALSA: hda - Add missing terminating entry to SND_HDA_PIN_QUIRK macro
Without this terminating entry, the pin matching would continue
across random memory until a zero or a non-matching entry was found.
The result being that in some cases, the pin quirk would not be
applied correctly.
Cc: stable@vger.kernel.org
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Linus Torvalds [Thu, 23 Oct 2014 22:04:27 +0000 (15:04 -0700)]
Merge tag 'remove-weak-declarations' of git://git./linux/kernel/git/helgaas/pci
Pull weak function declaration removal from Bjorn Helgaas:
"The "weak" attribute is commonly used for the default version of a
function, where an architecture can override it by providing a strong
version.
Some header file declarations included the "weak" attribute. That's
error-prone because it causes every implementation to be weak, with no
strong version at all, and the linker chooses one based on link order.
What we want is the "weak" attribute only on the *definition* of the
default implementation. These changes remove "weak" from the
declarations, leaving it on the default definitions"
* tag 'remove-weak-declarations' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
uprobes: Remove "weak" from function declarations
memory-hotplug: Remove "weak" from memory_block_size_bytes() declaration
kgdb: Remove "weak" from kgdb_arch_pc() declaration
ARC: kgdb: generic kgdb_arch_pc() suffices
vmcore: Remove "weak" from function declarations
clocksource: Remove "weak" from clocksource_default_clock() declaration
x86, intel-mid: Remove "weak" from function declarations
audit: Remove "weak" from audit_classify_compat_syscall() declaration
Linus Torvalds [Thu, 23 Oct 2014 21:45:09 +0000 (14:45 -0700)]
Merge branch 'x86-efi-for-linus' of git://git./linux/kernel/git/tip/tip
Pull x86 EFI updates from Peter Anvin:
"This patchset falls under the "maintainers that grovel" clause in the
v3.18-rc1 announcement. We had intended to push it late in the merge
window since we got it into the -tip tree relatively late.
Many of these are relatively simple things, but there are a couple of
key bits, especially Ard's and Matt's patches"
* 'x86-efi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (24 commits)
rtc: Disable EFI rtc for x86
efi: rtc-efi: Export platform:rtc-efi as module alias
efi: Delete the in_nmi() conditional runtime locking
efi: Provide a non-blocking SetVariable() operation
x86/efi: Adding efi_printks on memory allocationa and pci.reads
x86/efi: Mark initialization code as such
x86/efi: Update comment regarding required phys mapped EFI services
x86/efi: Unexport add_efi_memmap variable
x86/efi: Remove unused efi_call* macros
efi: Resolve some shadow warnings
arm64: efi: Format EFI memory type & attrs with efi_md_typeattr_format()
ia64: efi: Format EFI memory type & attrs with efi_md_typeattr_format()
x86: efi: Format EFI memory type & attrs with efi_md_typeattr_format()
efi: Introduce efi_md_typeattr_format()
efi: Add macro for EFI_MEMORY_UCE memory attribute
x86/efi: Clear EFI_RUNTIME_SERVICES if failing to enter virtual mode
arm64/efi: Do not enter virtual mode if booting with efi=noruntime or noefi
arm64/efi: uefi_init error handling fix
efi: Add kernel param efi=noruntime
lib: Add a generic cmdline parse function parse_option_str
...
Rafael J. Wysocki [Thu, 23 Oct 2014 21:03:20 +0000 (23:03 +0200)]
Merge branches 'pm-cpuidle' and 'pm-cpufreq'
* pm-cpuidle:
cpuidle: powernv: Populate cpuidle state details by querying the device-tree
* pm-cpufreq:
intel_pstate: Correct BYT VID values.
intel_pstate: Fix BYT frequency reporting
intel_pstate: Don't lose sysfs settings during cpu offline
cpufreq: intel_pstate: Reflect current no_turbo state correctly
cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers
cpufreq: intel_pstate: Fix setting max_perf_pct in performance policy
cpufreq: cpufreq-dt: adjust message related to regulators
cpufreq: cpufreq-dt: extend with platform_data
cpufreq: allow driver-specific data
Rafael J. Wysocki [Thu, 23 Oct 2014 21:02:58 +0000 (23:02 +0200)]
Merge branches 'acpi-pm' and 'pm-genirq'
* acpi-pm:
ACPI: invoke acpi_device_wakeup() with correct parameters
* pm-genirq:
PCI / PM: handle failure to enable wakeup on PCIe PME
Rafael J. Wysocki [Thu, 23 Oct 2014 21:02:45 +0000 (23:02 +0200)]
Merge branch 'freezer'
* freezer:
PM / freezer: Clean up code after recent fixes
PM: convert do_each_thread to for_each_process_thread
OOM, PM: OOM killed task shouldn't escape PM suspend
freezer: remove obsolete comments in __thaw_task()
freezer: Do not freeze tasks killed by OOM killer
Rafael J. Wysocki [Thu, 23 Oct 2014 21:02:36 +0000 (23:02 +0200)]
Merge branch 'pm-qos'
* pm-qos:
PM / QoS: Add PM_QOS_MEMORY_BANDWIDTH class
Rafael J. Wysocki [Thu, 23 Oct 2014 21:02:09 +0000 (23:02 +0200)]
Merge branches 'acpi-ec' and 'acpi-platform'
* acpi-ec:
ACPI / EC: Cleanup coding style.
ACPI / EC: Refine event/query debugging messages.
ACPI / EC: Add detailed command/query debugging information.
ACPI / EC: Enhance the logs to apply to QR_EC transactions.
ACPI / EC: Add CPU ID to debugging messages.
* acpi-platform:
ACPI / platform: provide default DMA mask
Dirk Brandewie [Mon, 13 Oct 2014 15:37:44 +0000 (08:37 -0700)]
intel_pstate: Correct BYT VID values.
Using a VID value that is not high enough for the requested P state can
cause machine checks. Add a ceiling function to ensure calulated VIDs
with fractional values are set to the next highest integer VID value.
The algorythm for calculating the non-trubo VID from the BIOS writers
guide is:
vid_ratio = (vid_max - vid_min) / (max_pstate - min_pstate)
vid = ceiling(vid_min + (req_pstate - min_pstate) * vid_ratio)
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Dirk Brandewie [Mon, 13 Oct 2014 15:37:43 +0000 (08:37 -0700)]
intel_pstate: Fix BYT frequency reporting
BYT has a different conversion from P state to frequency than the core
processors. This causes the min/max and current frequency to be
misreported on some BYT SKUs. Tested on BYT N2820, Ivybridge and
Haswell processors.
Link: https://bugzilla.yoctoproject.org/show_bug.cgi?id=6663
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Dirk Brandewie [Mon, 13 Oct 2014 15:37:42 +0000 (08:37 -0700)]
intel_pstate: Don't lose sysfs settings during cpu offline
The user may have custom settings don't destroy them during suspend.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=80651
Reported-by: Tobias Jakobi <liquid.acid@gmx.net>
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Gabriele Mazzotta [Mon, 13 Oct 2014 15:37:41 +0000 (08:37 -0700)]
cpufreq: intel_pstate: Reflect current no_turbo state correctly
Some BIOSes modify the state of MSR_IA32_MISC_ENABLE_TURBO_DISABLE
based on the current power source for the system battery AC vs
battery. Reflect the correct current state and ability to modify the
no_turbo sysfs file based on current state of
MSR_IA32_MISC_ENABLE_TURBO_DISABLE.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=83151
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Gabriele Mazzotta <gabriele.mzt@gmail.com>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Dirk Brandewie [Mon, 13 Oct 2014 15:37:40 +0000 (08:37 -0700)]
cpufreq: expose scaling_cur_freq sysfs file for set_policy() drivers
Currently the core does not expose scaling_cur_freq for set_policy()
drivers this breaks some userspace monitoring tools.
Change the core to expose this file for all drivers and if the
set_policy() driver supports the get() callback use it to retrieve the
current frequency.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=73741
Cc: All applicable <stable@vger.kernel.org>
Signed-off-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Pali Rohár [Wed, 15 Oct 2014 23:16:51 +0000 (01:16 +0200)]
cpufreq: intel_pstate: Fix setting max_perf_pct in performance policy
Code which changes policy to powersave changes also max_policy_pct based on
max_freq. Code which change max_perf_pct has upper limit base on value
max_policy_pct. When policy is changing from powersave back to performance
then max_policy_pct is not changed. Which means that changing max_perf_pct is
not possible to high values if max_freq was too low in powersave policy.
Test case:
$ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_min_freq
800000
$ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
3300000
$ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
performance
$ cat /sys/devices/system/cpu/intel_pstate/max_perf_pct
100
$ echo powersave > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
$ echo 800000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
$ echo 20 > /sys/devices/system/cpu/intel_pstate/max_perf_pct
$ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
powersave
$ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
800000
$ cat /sys/devices/system/cpu/intel_pstate/max_perf_pct
20
$ echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
$ echo 3300000 > /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
$ echo 100 > /sys/devices/system/cpu/intel_pstate/max_perf_pct
$ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
performance
$ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq
3300000
$ cat /sys/devices/system/cpu/intel_pstate/max_perf_pct
24
And now intel_pstate driver allows to set maximal value for max_perf_pct based
on max_policy_pct which is 24 for previous powersave max_freq 800000.
This patch will set default value for max_policy_pct when setting policy to
performance so it will allow to set also max value for max_perf_pct.
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Cc: All applicable <stable@vger.kernel.org>
Acked-by: Dirk Brandewie <dirk.j.brandewie@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Linus Torvalds [Thu, 23 Oct 2014 20:56:24 +0000 (13:56 -0700)]
Merge tag 'hwmon-for-linus-v3.18-rc2' of git://git./linux/kernel/git/groeck/linux-staging
Pull a hwmon fix from Guenter Roeck:
"Fix potential compile problem for menf21bmc hwmon driver"
* tag 'hwmon-for-linus-v3.18-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (menf21bmc) Include linux/err.h
Lucas Stach [Wed, 22 Oct 2014 12:31:55 +0000 (14:31 +0200)]
PCI / PM: handle failure to enable wakeup on PCIe PME
If the irqchip handling the PCIe PME interrupt is not able
to enable interrupt wakeup we should properly reflect this
in the PME suspend status.
This fixes a kernel warning on resume, where it would try
to disable the irq wakeup that failed to be activated while
suspending, for example:
WARNING: CPU: 0 PID: 609 at kernel/irq/manage.c:536 irq_set_irq_wake+0xc0/0xf8()
Unbalanced IRQ 384 wake disable
Fixes:
76cde7e49590 (PCI / PM: Make PCIe PME interrupts wake up from suspend-to-idle)
Reported-and-tested-by: Richard Zhu <richard.zhu@freescale.com>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Zhang Rui [Thu, 23 Oct 2014 12:20:00 +0000 (20:20 +0800)]
ACPI: invoke acpi_device_wakeup() with correct parameters
Fix a bug that invokes acpi_device_wakeup() with wrong parameters.
Fixes:
f35cec255557 (ACPI / PM: Always enable wakeup GPEs when enabling device wakeup)
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Cc: 3.17+ <stable@vger.kernel.org> # 3.17+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Linus Torvalds [Thu, 23 Oct 2014 19:44:59 +0000 (12:44 -0700)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Intel, nouveau, radeon and qxl.
Mostly for bugs introduced in the merge window, nothing too shocking"
[ And one cirrus fix added later and not mentioned in the pull request.. - Linus ]
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/cirrus: bind also to qemu-xen-traditional
qxl: don't create too large primary surface
drm/nouveau: fix regression on agp boards
drm/gt215/gr: fix initialisation on gddr5 boards
drm/radeon: reduce sparse false positive warnings
drm/radeon: fix vm page table block size calculation
drm/ttm: Don't evict BOs outside of the requested placement range
drm/ttm: Don't skip fpfn check if lpfn is 0 in ttm_bo_mem_compat
drm/radeon: use gart memory for DMA ring tests
drm/radeon: fix speaker allocation setup
drm/radeon: initialize sadb to NULL in the audio code
drm/i915: fix short vs. long hpd detection
drm/i915: Don't trust the DP_DETECT bit for eDP ports on CHV
Revert "drm/radeon/dpm: drop clk/voltage dependency filters for SI"
Revert "drm/radeon: drop btc_get_max_clock_from_voltage_dependency_table"
drm/i915: properly reenable gen8 pipe IRQs
drm/i915: Move DIV_ROUND_CLOSEST_ULL macro to header
drm/i915: intel_backlight scale() math WA
Boris Ostrovsky [Mon, 4 Aug 2014 22:17:23 +0000 (18:17 -0400)]
xen/pci: Allocate memory for physdev_pci_device_add's optarr
physdev_pci_device_add's optarr[] is a zero-sized array and therefore
reference to add.optarr[0] is accessing memory that does not belong to
the 'add' variable.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Martin Kelly [Fri, 17 Oct 2014 03:48:11 +0000 (20:48 -0700)]
x86/xen: panic on bad Xen-provided memory map
Panic if Xen provides a memory map with 0 entries. Although this is
unlikely, it is better to catch the error at the point of seeing the map
than later on as a symptom of some other crash.
Signed-off-by: Martin Kelly <martkell@amazon.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Boris Ostrovsky [Thu, 16 Oct 2014 21:02:15 +0000 (17:02 -0400)]
x86/xen: Fix incorrect per_cpu accessor in xen_clocksource_read()
Commit
89cbc76768c2 ("x86: Replace __get_cpu_var uses") replaced
__get_cpu_var() with this_cpu_ptr() in xen_clocksource_read() in such a
way that instead of accessing a structure pointed to by a per-cpu pointer
we are trying to get to a per-cpu structure.
__this_cpu_read() of the pointer is the more appropriate accessor.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Juergen Gross [Fri, 17 Oct 2014 11:16:06 +0000 (13:16 +0200)]
x86/xen: avoid race in p2m handling
When a new p2m leaf is allocated this leaf is linked into the p2m tree
via cmpxchg. Unfortunately the compare value for checking the success
of the update is read after checking for the need of a new leaf. It is
possible that a new leaf has been linked into the tree concurrently
in between. This could lead to a leaked memory page and to the loss of
some p2m entries.
Avoid the race by using the read compare value for checking the need
of a new p2m leaf and use ACCESS_ONCE() to get it.
There are other places which seem to need ACCESS_ONCE() to ensure
proper operation. Change them accordingly.
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Juergen Gross [Tue, 14 Oct 2014 11:33:46 +0000 (13:33 +0200)]
x86/xen: delay construction of mfn_list_list
The 3 level p2m tree for the Xen tools is constructed very early at
boot by calling xen_build_mfn_list_list(). Memory needed for this tree
is allocated via extend_brk().
As this tree (other than the kernel internal p2m tree) is only needed
for domain save/restore, live migration and crash dump analysis it
doesn't matter whether it is constructed very early or just some
milliseconds later when memory allocation is possible by other means.
This patch moves the call of xen_build_mfn_list_list() just after
calling xen_pagetable_p2m_copy() simplifying this function, too, as it
doesn't have to bother with two parallel trees now. The same applies
for some other internal functions.
While simplifying code, make early_can_reuse_p2m_middle() static and
drop the unused second parameter. p2m_mid_identity_mfn can be removed
as well, it isn't used either.
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Juergen Gross [Tue, 14 Oct 2014 09:00:18 +0000 (11:00 +0200)]
x86/xen: avoid writing to freed memory after race in p2m handling
In case a race was detected during allocation of a new p2m tree
element in alloc_p2m() the new allocated mid_mfn page is freed without
updating the pointer to the found value in the tree. This will result
in overwriting the just freed page with the mfn of the p2m leaf.
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Boris Ostrovsky [Tue, 7 Oct 2014 21:00:07 +0000 (17:00 -0400)]
xen/balloon: Don't continue ballooning when BP_ECANCELED is encountered
Commit
3dcf63677d4e ("xen/balloon: cancel ballooning if adding new
memory failed") makes reserve_additional_memory() return BP_ECANCELED
when an error is encountered. This error, however, is ignored by the
caller (balloon_process()) since it is overwritten by subsequent call
to update_schedule(). This results in continuous attempts to add more
memory, all of which are likely to fail again.
We should stop trying to schedule next iteration of ballooning when
the current one has failed.
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Olaf Hering [Fri, 11 Apr 2014 06:56:23 +0000 (08:56 +0200)]
drm/cirrus: bind also to qemu-xen-traditional
qemu as used by xend/xm toolstack uses a different subvendor id.
Bind the drm driver also to this emulated card.
Signed-off-by: Olaf Hering <olaf@aepfle.de>
cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Bjorn Helgaas [Tue, 14 Oct 2014 01:01:03 +0000 (19:01 -0600)]
uprobes: Remove "weak" from function declarations
For the following interfaces:
set_swbp()
set_orig_insn()
is_swbp_insn()
is_trap_insn()
uprobe_get_swbp_addr()
arch_uprobe_ignore()
arch_uprobe_copy_ixol()
kernel/events/uprobes.c provides default definitions explicitly marked
"weak". Some architectures provide their own definitions intended to
override the defaults, but the "weak" attribute on the declarations applied
to the arch definitions as well, so the linker chose one based on link
order (see
10629d711ed7 ("PCI: Remove __weak annotation from
pcibios_get_phb_of_node decl")).
Remove the "weak" attribute from the declarations so we always prefer a
non-weak definition over the weak one, independent of link order.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
Acked-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
CC: Victor Kamensky <victor.kamensky@linaro.org>
CC: Oleg Nesterov <oleg@redhat.com>
CC: David A. Long <dave.long@linaro.org>
CC: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Bjorn Helgaas [Tue, 14 Oct 2014 01:00:47 +0000 (19:00 -0600)]
memory-hotplug: Remove "weak" from memory_block_size_bytes() declaration
drivers/base/memory.c provides a default memory_block_size_bytes()
definition explicitly marked "weak". Several architectures provide their
own definitions intended to override the default, but the "weak" attribute
on the declaration applied to the arch definitions as well, so the linker
chose one based on link order (see
10629d711ed7 ("PCI: Remove __weak
annotation from pcibios_get_phb_of_node decl")).
Remove the "weak" attribute from the declaration so we always prefer a
non-weak definition over the weak one, independent of link order.
Fixes:
41f107266b19 ("drivers: base: Add prototype declaration to the header file")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
CC: Rashika Kheria <rashika.kheria@gmail.com>
CC: Nathan Fontenot <nfont@austin.ibm.com>
CC: Anton Blanchard <anton@au1.ibm.com>
CC: Heiko Carstens <heiko.carstens@de.ibm.com>
CC: Yinghai Lu <yinghai@kernel.org>
Bjorn Helgaas [Tue, 14 Oct 2014 01:00:25 +0000 (19:00 -0600)]
kgdb: Remove "weak" from kgdb_arch_pc() declaration
kernel/debug/debug_core.c provides a default kgdb_arch_pc() definition
explicitly marked "weak". Several architectures provide their own
definitions intended to override the default, but the "weak" attribute on
the declaration applied to the arch definitions as well, so the linker
chose one based on link order (see
10629d711ed7 ("PCI: Remove __weak
annotation from pcibios_get_phb_of_node decl")).
Remove the "weak" attribute from the declaration so we always prefer a
non-weak definition over the weak one, independent of link order.
Fixes:
688b744d8bc8 ("kgdb: fix signedness mixmatches, add statics, add declaration to header")
Tested-by: Vineet Gupta <vgupta@synopsys.com> # for ARC build
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Harvey Harrison <harvey.harrison@gmail.com>
Vineet Gupta [Mon, 20 Oct 2014 16:17:04 +0000 (10:17 -0600)]
ARC: kgdb: generic kgdb_arch_pc() suffices
The ARC version of kgdb_arch_pc() is identical to the generic version in
kernel/debug/debug_core.c. Drop the ARC version so we use the generic one.
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Bjorn Helgaas [Tue, 14 Oct 2014 00:59:41 +0000 (18:59 -0600)]
vmcore: Remove "weak" from function declarations
For the following functions:
elfcorehdr_alloc()
elfcorehdr_free()
elfcorehdr_read()
elfcorehdr_read_notes()
remap_oldmem_pfn_range()
fs/proc/vmcore.c provides default definitions explicitly marked "weak".
arch/s390 provides its own definitions intended to override the default
ones, but the "weak" attribute on the declarations applied to the s390
definitions as well, so the linker chose one based on link order (see
10629d711ed7 ("PCI: Remove __weak annotation from pcibios_get_phb_of_node
decl")).
Remove the "weak" attribute from the declarations so we always prefer a
non-weak definition over the weak one, independent of link order.
Fixes:
be8a8d069e50 ("vmcore: introduce ELF header in new memory feature")
Fixes:
9cb218131de1 ("vmcore: introduce remap_oldmem_pfn_range()")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
CC: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Bjorn Helgaas [Tue, 14 Oct 2014 00:59:09 +0000 (18:59 -0600)]
clocksource: Remove "weak" from clocksource_default_clock() declaration
kernel/time/jiffies.c provides a default clocksource_default_clock()
definition explicitly marked "weak". arch/s390 provides its own definition
intended to override the default, but the "weak" attribute on the
declaration applied to the s390 definition as well, so the linker chose one
based on link order (see
10629d711ed7 ("PCI: Remove __weak annotation from
pcibios_get_phb_of_node decl")).
Remove the "weak" attribute from the clocksource_default_clock()
declaration so we always prefer a non-weak definition over the weak one,
independent of link order.
Fixes:
f1b82746c1e9 ("clocksource: Cleanup clocksource selection")
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: John Stultz <john.stultz@linaro.org>
Acked-by: Ingo Molnar <mingo@kernel.org>
CC: Daniel Lezcano <daniel.lezcano@linaro.org>
CC: Martin Schwidefsky <schwidefsky@de.ibm.com>
Bjorn Helgaas [Tue, 14 Oct 2014 00:01:34 +0000 (18:01 -0600)]
x86, intel-mid: Remove "weak" from function declarations
For the following interfaces:
get_penwell_ops()
get_cloverview_ops()
get_tangier_ops()
there is only one implementation, so they do not need to be marked "weak".
Remove the "weak" attribute from their declarations.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Ingo Molnar <mingo@kernel.org>
CC: David Cohen <david.a.cohen@linux.intel.com>
CC: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
CC: x86@kernel.org
Bjorn Helgaas [Tue, 14 Oct 2014 00:58:48 +0000 (18:58 -0600)]
audit: Remove "weak" from audit_classify_compat_syscall() declaration
There's only one audit_classify_compat_syscall() definition, so it doesn't
need to be weak.
Remove the "weak" attribute from the audit_classify_compat_syscall()
declaration.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Acked-by: Richard Guy Briggs <rgb@redhat.com>
CC: AKASHI Takahiro <takahiro.akashi@linaro.org>
Rafael J. Wysocki [Wed, 22 Oct 2014 20:47:32 +0000 (22:47 +0200)]
PM / freezer: Clean up code after recent fixes
Clean up the code in process.c after recent changes to get rid of
unnecessary labels and goto statements.
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Catalin Marinas [Thu, 4 Oct 2012 13:22:23 +0000 (14:22 +0100)]
arm64: vexpress: Add CLCD support to the ARMv8 model platform
This patch enables CLCD support for the VE platform emulated by the
ARMv8 software model (DT bindings are based on Pawel's vexpress
patches) together with defconfig entries for SERIO_AMBAKMI and
FB_ARMCLCD.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Pawel Moll <pawel.moll@arm.com>
Marc-André Lureau [Thu, 16 Oct 2014 09:39:44 +0000 (11:39 +0200)]
qxl: don't create too large primary surface
Limit primary to qemu vgamem size, to avoid reaching
qemu guest bug "requested primary larger than framebuffer"
on resizing screen too large to fit.
Remove unneeded and misleading variables.
Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1127552
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
Michal Hocko [Tue, 21 Oct 2014 07:27:15 +0000 (09:27 +0200)]
PM: convert do_each_thread to for_each_process_thread
as per
0c740d0afc3b (introduce for_each_thread() to replace the buggy
while_each_thread()) get rid of do_each_thread { } while_each_thread()
construct and replace it by a more error prone for_each_thread.
This patch doesn't introduce any user visible change.
Suggested-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Michal Hocko [Mon, 20 Oct 2014 16:12:32 +0000 (18:12 +0200)]
OOM, PM: OOM killed task shouldn't escape PM suspend
PM freezer relies on having all tasks frozen by the time devices are
getting frozen so that no task will touch them while they are getting
frozen. But OOM killer is allowed to kill an already frozen task in
order to handle OOM situtation. In order to protect from late wake ups
OOM killer is disabled after all tasks are frozen. This, however, still
keeps a window open when a killed task didn't manage to die by the time
freeze_processes finishes.
Reduce the race window by checking all tasks after OOM killer has been
disabled. This is still not race free completely unfortunately because
oom_killer_disable cannot stop an already ongoing OOM killer so a task
might still wake up from the fridge and get killed without
freeze_processes noticing. Full synchronization of OOM and freezer is,
however, too heavy weight for this highly unlikely case.
Introduce and check oom_kills counter which gets incremented early when
the allocator enters __alloc_pages_may_oom path and only check all the
tasks if the counter changes during the freezing attempt. The counter
is updated so early to reduce the race window since allocator checked
oom_killer_disabled which is set by PM-freezing code. A false positive
will push the PM-freezer into a slow path but that is not a big deal.
Changes since v1
- push the re-check loop out of freeze_processes into
check_frozen_processes and invert the condition to make the code more
readable as per Rafael
Fixes:
f660daac474c6f (oom: thaw threads if oom killed thread is frozen before deferring)
Cc: 3.2+ <stable@vger.kernel.org> # 3.2+
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cong Wang [Tue, 21 Oct 2014 07:27:13 +0000 (09:27 +0200)]
freezer: remove obsolete comments in __thaw_task()
__thaw_task() no longer clears frozen flag since commit
a3201227f803
(freezer: make freezing() test freeze conditions in effect instead of TIF_FREEZE).
Reviewed-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Cong Wang [Tue, 21 Oct 2014 07:27:12 +0000 (09:27 +0200)]
freezer: Do not freeze tasks killed by OOM killer
Since
f660daac474c6f (oom: thaw threads if oom killed thread is frozen
before deferring) OOM killer relies on being able to thaw a frozen task
to handle OOM situation but
a3201227f803 (freezer: make freezing() test
freeze conditions in effect instead of TIF_FREEZE) has reorganized the
code and stopped clearing freeze flag in __thaw_task. This means that
the target task only wakes up and goes into the fridge again because the
freezing condition hasn't changed for it. This reintroduces the bug
fixed by
f660daac474c6f.
Fix the issue by checking for TIF_MEMDIE thread flag in
freezing_slow_path and exclude the task from freezing completely. If a
task was already frozen it would get woken by __thaw_task from OOM killer
and get out of freezer after rechecking freezing().
Changes since v1
- put TIF_MEMDIE check into freezing_slowpath rather than in __refrigerator
as per Oleg
- return __thaw_task into oom_scan_process_thread because
oom_kill_process will not wake task in the fridge because it is
sleeping uninterruptible
[mhocko@suse.cz: rewrote the changelog]
Fixes:
a3201227f803 (freezer: make freezing() test freeze conditions in effect instead of TIF_FREEZE)
Cc: 3.3+ <stable@vger.kernel.org> # 3.3+
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Heikki Krogerus [Wed, 24 Sep 2014 08:00:37 +0000 (11:00 +0300)]
ACPI / platform: provide default DMA mask
Most devices are configured for 32-bit DMA addresses.
Setting the mask to 32-bit here removes the need for the
drivers to do it separately.
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Linus Torvalds [Tue, 21 Oct 2014 20:06:38 +0000 (13:06 -0700)]
Merge branch 'for-next' of git://git./linux/kernel/git/nab/target-pending
Pull SCSI target updates from Nicholas Bellinger:
"Here are the target updates for v3.18-rc2 code. These where
originally destined for -rc1, but due to the combination of travel
last week for KVM Forum and my mistake of taking the three week merge
window literally, the pull request slipped.. Apologies for that.
Things where reasonably quiet this round. The highlights include:
- New userspace backend driver (target_core_user.ko) by Shaohua Li
and Andy Grover
- A number of cleanups in target, iscsi-taret and qla_target code
from Joern Engel
- Fix an OOPs related to queue full handling with CHECK_CONDITION
status from Quinn Tran
- Fix to disable TX completion interrupt coalescing in iser-target,
that was causing problems on some hardware
- Fix for PR APTPL metadata handling with demo-mode ACLs
I'm most excited about the new backend driver that uses UIO + shared
memory ring to dispatch I/O and control commands into user-space.
This was probably the most requested feature by users over the last
couple of years, and opens up a new area of development + porting of
existing user-space storage applications to LIO. Thanks to Shaohua +
Andy for making this happen.
Also another honorable mention, a new Xen PV SCSI driver was merged
via the xen/tip.git tree recently, which puts us now at 10 target
drivers in upstream! Thanks to David Vrabel + Juergen Gross for their
work to get this code merged"
* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: (40 commits)
target/file: fix inclusive vfs_fsync_range() end
iser-target: Disable TX completion interrupt coalescing
target: Add force_pr_aptpl device attribute
target: Fix APTPL metadata handling for dynamic MappedLUNs
qla_target: don't delete changed nacls
target/user: Recalculate pad size inside is_ring_space_avail()
tcm_loop: Fixup tag handling
iser-target: Fix smatch warning
target/user: Fix up smatch warnings in tcmu_netlink_event
target: Add a user-passthrough backstore
target: Add documentation on the target userspace pass-through driver
uio: Export definition of struct uio_device
target: Remove unneeded check in sbc_parse_cdb
target: Fix queue full status NULL pointer for SCF_TRANSPORT_TASK_SENSE
qla_target: rearrange struct qla_tgt_prm
qla_target: improve qlt_unmap_sg()
qla_target: make some global functions static
qla_target: remove unused parameter
target: simplify core_tmr_abort_task
target: encapsulate smp_mb__after_atomic()
...
Linus Torvalds [Tue, 21 Oct 2014 19:53:45 +0000 (12:53 -0700)]
Merge branch 'for-linus' of git://git.open-osd.org/linux-open-osd
Pull email address change from Boaz Harrosh.
* 'for-linus' of git://git.open-osd.org/linux-open-osd:
Boaz Harrosh - fix email in Documentation
Boaz Harrosh - Fix broken email address
MAINTAINERS: Change Boaz Harrosh's email
Linus Torvalds [Tue, 21 Oct 2014 18:21:19 +0000 (11:21 -0700)]
Merge branch 'mailbox-for-linus' of git://git.linaro.org/landing-teams/working/fujitsu/integration
Pull mailbox framework from Jassi Brar:
"A framework for Mailbox controllers and clients have been cooking for
more than a year now.
Everybody in the CC list had been copied on patchset revisions and
most of them have made sounds of approval, though just one concrete
Reviewed-by. The patchset has also been in linux-next for a couple of
weeks now and no conflict has been reported. The framework has the
backing of at least 5 platforms, though I can't say if/when they
upstream their drivers (some businesses have 'changed')"
(Further acked-by by Arnd Bergmann and Suman Anna in the pull request
thread)
* 'mailbox-for-linus' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
dt: mailbox: add generic bindings
doc: add documentation for mailbox framework
mailbox: Introduce framework for mailbox
mailbox: rename pl320-ipc specific mailbox.h
Takashi Iwai [Tue, 21 Oct 2014 13:32:13 +0000 (15:32 +0200)]
ALSA: pcm: Fix false lockdep warnings
As PCM core handles the multiple linked streams in parallel, lockdep
gets confused (partly because of weak annotations) and spews the
false-positive warnings. This hasn't been a problem for long time but
the latest PCM lock path update seems to have woken up a sleeping
dog.
Here is an attempt to paper over this issue: pass the lock subclass
just calculated from the depth in snd_pcm_action_group(). Also, a
(possibly) wrong lock subclass set in snd_pcm_action_lock_mutex() is
dropped, too.
Reported-and-tested-by: Arthur Marsh <arthur.marsh@internode.on.net>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Catalin Marinas [Tue, 21 Oct 2014 16:01:07 +0000 (17:01 +0100)]
arm64: Fix compilation error on UP builds
In file included from ./arch/arm64/include/asm/irq_work.h:4:0,
from include/linux/irq_work.h:46,
from include/linux/perf_event.h:49,
from include/linux/ftrace_event.h:9,
from include/trace/syscall.h:6,
from include/linux/syscalls.h:81,
from init/main.c:18:
./arch/arm64/include/asm/smp.h:24:3:
error: #error "<asm/smp.h> included in non-SMP build"
# error "<asm/smp.h> included in non-SMP build"
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Fixes:
3631073659d0 ("arm64: Tell irq work about self IPI support")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Linus Torvalds [Tue, 21 Oct 2014 15:24:55 +0000 (08:24 -0700)]
Merge git://www.linux-watchdog.org/linux-watchdog
Pull watchdog updates from Wim Van Sebroeck:
- new Cadence WDT driver
- new Ricoh RN5T618 watchdog
- new DA9063 PMIC watchdog driver
- new Meson WDT driver
- add restart handling code
- fixes and improvements
* git://www.linux-watchdog.org/linux-watchdog: (25 commits)
watchdog: meson: remove magic value for reboot
watchdog: Let XILINX_WATCHDOG and TEGRA_WATCHDOG depend on HAS_IOMEM
watchdog: sunxi: Add A31 watchdog support
watchdog: sunxi: support parameterized compatible strings
watchdog: imx2_wdt: add restart handler support
watchdog: qcom: register a restart notifier
watchdog: s3c2410: add restart handler
watchdog: dw_wdt: add restart handler support
ARM: defconfig: update multi_v7_defconfig
ARM: meson: add watchdog driver
ARM: docs: add documentation binding for meson watchdog
stmp3xxx_rtc_wdt: Add suspend/resume PM support
watchdog: Add DA9063 PMIC watchdog driver.
watchdog: add driver for Ricoh RN5T618 watchdog
watchdog: s3c2410_wdt: Add support for Watchdog device on Exynos7
watchdog: qcom: document device tree bindings
watchdog: qcom: add support for KPSS WDT
watchdog: dw_wdt: initialise TOP_INIT in dw_wdt_set_top()
devicetree: Add Cadence WDT devicetree bindings documentation
watchdog: Add Cadence WDT driver
...
Linus Torvalds [Tue, 21 Oct 2014 15:18:38 +0000 (08:18 -0700)]
Merge branch 'for-next' of git://git./linux/kernel/git/cooloney/linux-leds
Pull LED update from Bryan Wu:
"Basically we have some bug fixing and clean up and one big thing is we
start to merge patch to add support LED Flash class"
* 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds:
leds: gpio: cleanup the leds-gpio driver
led: gpio: Fix possible ZERO_SIZE_PTR pointer dereferencing error.
led: gpio: Sort include headers alphabetically
leds: Improve and export led_update_brightness
leds: trigger: gpio: fix warning in gpio trigger for gpios whose accessor function may sleep
leds: lp3944: fix sparse warning
leds: avoid using DEVICE_ATTR macro for max_brightness attribute
leds: make brightness type consistent across whole subsystem
leds: Reorder include directives
Linus Torvalds [Tue, 21 Oct 2014 15:17:43 +0000 (08:17 -0700)]
Merge tag 'pwm/for-3.18-rc1' of git://git./linux/kernel/git/thierry.reding/linux-pwm
Pull pwm changes from Thierry Reding:
"There are no new drivers here, only a couple of fixes all over the
place"
* tag 'pwm/for-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
pwm: Let PWM_CLPS711X depend on HAS_IOMEM
pwm: atmel: Fix calculation of prescale value
pwm: Fix uninitialized warnings in pwm_get()
pwm: rockchip: Allow polarity invert on rk3288
pwm: imx: Avoid sample FIFO overflow for i.MX PWM version2
pwm: imx: Cleanup indentation for register definitions
pwm: imx: Fix the macro MX3_PWMCR_PRESCALER(x) definition
pwm: Fix possible ZERO_SIZE_PTR pointer dereferencing error.
pwm: lpss: make it buildable only on X86
pwm: lpss: use c99 initializers in structures
pwm: lpss: Fix build failure on PowerPC
pwm: lpss: pci: Move to use pcim_enable_device()
pwm: lpss: Properly split driver to parts
pwm: lpss: Add ACPI and PCI IDs for Intel Braswell
pwm: fsl-ftm: Select REGMAP_MMIO
pwm: fsl-ftm: Document 'big-endian' property
pwm: fsl-ftm: Convert to direct regmap API usage
pwm: fsl-ftm: Clean up the code
Linus Torvalds [Tue, 21 Oct 2014 14:50:02 +0000 (07:50 -0700)]
Merge tag 'arc-3.18-rc1' of git://git./linux/kernel/git/vgupta/arc
Pull ARC updates from Vineet Gupta:
"Sorry for the late pull request. Current stuff was ready for a while
but I was hoping to squeeze in support for almost ready ARC SDP
platform (and avoid a 2nd pull request), however it seems there are
still some loose ends which warrant more time.
- Platform code reduction/moving-up (TB10X no longer needs any
callbacks)
- updated boot printing
- kgdb update for arc gdb 7.5
- bug fixes (some marked for stable)
- more code refactoring/consolidation"
* tag 'arc-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARC: boot: cpu feature print enhancements
ARC: boot: consolidate cross-checking of h/w and s/w
ARC: unbork FPU save/restore
ARC: remove extraneous __KERNEL__ guards
ARC: Update order of registers in KGDB to match GDB 7.5
ARC: Remove unneeded Kconfig entry NO_DMA
ARC: BUG() dumps stack after @msg (@msg now same as in generic BUG))
ARC: refactoring: reduce the scope of some local vars
ARC: remove gcc mpy heuristics
ARC: RIP @running_on_hw
ARC: Update comments about uncached address space
ARC: rename kconfig option for unaligned emulation
ARC: [nsimosci] Allow "headless" models to boot
ARC: [arcfpga] Get rid of ARC_BOARD_ANGEL4 and ARC_BOARD_ML509
ARC: [arcfpga] Remove more dead code
ARC: [plat*] move code out of .init_machine into common
ARC: [arcfpga] consolidate machine description, DT
ARC: Allow SMP kernel to build/boot on UP-only infrastructure
Linus Torvalds [Tue, 21 Oct 2014 14:48:56 +0000 (07:48 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/mpe/linux
Pull more powerpc updates from Michael Ellerman:
"Here's some more updates for powerpc for 3.18.
They are a bit late I know, though must are actually bug fixes. In my
defence I nearly cut the top of my finger off last weekend in a
gruesome bike maintenance accident, so I spent a good part of the week
waiting around for doctors. True story, I can send photos if you like :)
Probably the most interesting fix is the sys_call_table one, which
enables syscall tracing for powerpc. There's a fix for HMI handling
for old firmware, more endian fixes for firmware interfaces, more EEH
fixes, Anton fixed our routine that gets the current stack pointer,
and a few other misc bits"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mpe/linux: (22 commits)
powerpc: Only do dynamic DMA zone limits on platforms that need it
powerpc: sync pseries_le_defconfig with pseries_defconfig
powerpc: Add printk levels to setup_system output
powerpc/vphn: NUMA node code expects big-endian
powerpc/msi: Use WARN_ON() in msi bitmap selftests
powerpc/msi: Fix the msi bitmap alignment tests
powerpc/eeh: Block CFG upon frozen Shiner adapter
powerpc/eeh: Don't collect logs on PE with blocked config space
powerpc/eeh: Block PCI config access upon frozen PE
powerpc/pseries: Drop config requests in EEH accessors
powerpc/powernv: Drop config requests in EEH accessors
powerpc/eeh: Rename flag EEH_PE_RESET to EEH_PE_CFG_BLOCKED
powerpc/eeh: Fix condition for isolated state
powerpc/pseries: Make CPU hotplug path endian safe
powerpc/pseries: Use dump_stack instead of show_stack
powerpc: Rename __get_SP() to current_stack_pointer()
powerpc: Reimplement __get_SP() as a function not a define
powerpc/numa: Add ability to disable and debug topology updates
powerpc/numa: check error return from proc_create
powerpc/powernv: Fallback to old HMI handling behavior for old firmware
...
Linus Torvalds [Tue, 21 Oct 2014 14:47:54 +0000 (07:47 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux
Pull s390 updates from Martin Schwidefsky:
"One patch to enable the BPF system call and three more bug fixes"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/uprobes: fix kprobes dependency
s390: wire up bpf syscall
s390/mm: fixing calls of pte_unmap_unlock
s390/hmcdrv: Restrict s390 HMC driver to S390 arch
Rafael J. Wysocki [Tue, 21 Oct 2014 12:10:56 +0000 (14:10 +0200)]
Merge branch 'acpica'
* acpica:
ACPICA: Update version to
20140926.
ACPICA: acpiexec: Do not put STDIN into raw mode unless it is a terminal.
ACPICA: iASL/Disassembler: Add support for hardware summary mapfiles.
ACPICA: Events: Reduce source code difference for the ACPI_EVENT_FLAG_HANDLE renaming.
ACPICA: Events: Reduce source code difference for the ACPI_EVENT_FLAG_HANDLE support.
ACPICA: Events: Update GPE handler removal, match behavior of handler install.
ACPICA: Events: Reduce source code difference in acpi_install_gpe_handler().
ACPICA: Events: Reduce indent divergences of events files.
ACPICA: acpidump: Add ACPI 1.0 RSDP support.
ACPICA: Add string for _DDN method name.
Preeti U. Murthy [Tue, 14 Oct 2014 07:53:00 +0000 (13:23 +0530)]
cpuidle: powernv: Populate cpuidle state details by querying the device-tree
We hard code the metrics relevant for cpuidle states in the kernel today.
Instead pick them up from the device tree so that they remain relevant
and updated for the system that the kernel is running on.
Signed-off-by: Preeti U. Murthy <preeti@linux.vnet.ibm.com>
Signed-off-by: Shreyas B. Prabhu <shreyas@linux.vnet.ibm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Thomas Petazzoni [Sun, 19 Oct 2014 09:30:29 +0000 (11:30 +0200)]
cpufreq: cpufreq-dt: adjust message related to regulators
The cpufreq-dt driver tries to get a regulator for each CPU. This
regulator is optional, but when not present, a scary message "failed
to get cpuX regulator" is displayed. To solve this, we reduce the
severity of the message from dev_warn() to dev_dbg() and we reword the
message to not be as scary.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Thomas Petazzoni [Sun, 19 Oct 2014 09:30:28 +0000 (11:30 +0200)]
cpufreq: cpufreq-dt: extend with platform_data
This commit extends the cpufreq-dt driver to take a platform_data
structure. This structure is for now used to tell the cpufreq-dt
driver the layout of the clocks on the platform, i.e whether all CPUs
share the same clock or whether each CPU has a separate clock.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Thomas Petazzoni [Sun, 19 Oct 2014 09:30:27 +0000 (11:30 +0200)]
cpufreq: allow driver-specific data
This commit extends the cpufreq_driver structure with an additional
'void *driver_data' field that can be filled by the ->probe() function
of a cpufreq driver to pass additional custom information to the
driver itself.
A new function called cpufreq_get_driver_data() is added to allow a
cpufreq driver to retrieve those driver data, since they are typically
needed from a cpufreq_policy->init() callback, which does not have
access to the cpufreq_driver structure. This function call is similar
to the existing cpufreq_get_current_driver() function call.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Tue, 14 Oct 2014 06:24:01 +0000 (14:24 +0800)]
ACPI / EC: Cleanup coding style.
This patch cleans up the following coding style issues that are detected by
scripts/checkpatch.pl:
ERROR: code indent should use tabs where possible
ERROR: "foo * bar" should be "foo *bar"
WARNING: Missing a blank line after declarations
WARNING: EXPORT_SYMBOL(foo); should immediately follow its function/variable
WARNING: void function return statements are not generally useful
WARNING: else is not generally useful after a break or return
WARNING: break is not useful after a goto or return
WARNING: braces {} are not necessary for single statement blocks
WARNING: line over 80 characters
WARNING: msleep < 20ms can sleep for up to 20ms; see Documentation/timers/timers-howto.txt
No functional changes.
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Tue, 14 Oct 2014 06:23:55 +0000 (14:23 +0800)]
ACPI / EC: Refine event/query debugging messages.
This patch refines event/query debugging messages to use a unified format
as commands. Developers can clearly find different processes by checking
different log seperators. No functional changes.
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Tue, 14 Oct 2014 06:23:49 +0000 (14:23 +0800)]
ACPI / EC: Add detailed command/query debugging information.
Developers really don't need to translate EC commands in mind. This patch
adds detailed debugging information for the EC commands.
The address can be found in the follow-up sequential EC_DATA(W) accesses,
thus this patch also removes some of the redundant address information.
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Tue, 14 Oct 2014 06:23:43 +0000 (14:23 +0800)]
ACPI / EC: Enhance the logs to apply to QR_EC transactions.
Currently some logs are applied to new transactions, but QR_EC transactions
are not included. This patch merges the code path to make the logs also
applying to the QR_EC transactions.
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Tue, 14 Oct 2014 06:23:38 +0000 (14:23 +0800)]
ACPI / EC: Add CPU ID to debugging messages.
This patch adds CPU ID to the context entries' debugging output. no
functional changes.
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Bob Moore [Fri, 10 Oct 2014 02:40:28 +0000 (10:40 +0800)]
ACPICA: Update version to
20140926.
Version
20140926.
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Bob Moore [Fri, 10 Oct 2014 02:40:19 +0000 (10:40 +0800)]
ACPICA: acpiexec: Do not put STDIN into raw mode unless it is a terminal.
Eliminate an error message for batch-mode processing on unix
systems. ACPICA BZ 1114.
This patch is mainly for fixing the issues of acpiexec which is not in the
Linux upstream.
Link: https://bugs.acpica.org/show_bug.cgi?id=1114
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Bob Moore [Fri, 10 Oct 2014 02:40:11 +0000 (10:40 +0800)]
ACPICA: iASL/Disassembler: Add support for hardware summary mapfiles.
Adds support for both iASL and the disassembler to create a hardware
and connection summary mapfile (via the -lm option.)
Linux isn't affected by this patch because iASL is not in the Linux
upstream.
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Fri, 10 Oct 2014 02:40:05 +0000 (10:40 +0800)]
ACPICA: Events: Reduce source code difference for the ACPI_EVENT_FLAG_HANDLE renaming.
This patch is partial linuxized result of the following ACPICA commit:
ACPICA commit:
a73b66c6aa1846d055bb6390d9c9b9902f7d804d
Subject: Add "has handler" flag to event/gpe status interfaces.
This change adds a new flag, ACPI_EVENT_FLAGS_HAS_HANDLER to the
acpi_get_event_status and acpi_get_gpe_status external interfaces. It
is set if the event/gpe currently has a handler associated with it.
This patch contains the code to rename ACPI_EVENT_FLAG_HANDLE to
ACPI_EVENT_FLAG_HAS_HANDLER, and the corresponding updates of its usages.
Link: https://github.com/acpica/acpica/commit/a73b66c6
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Fri, 10 Oct 2014 02:39:57 +0000 (10:39 +0800)]
ACPICA: Events: Reduce source code difference for the ACPI_EVENT_FLAG_HANDLE support.
This patch is a partial linuxized result of the following ACPICA commit:
ACPICA commit:
a73b66c6aa1846d055bb6390d9c9b9902f7d804d
Subject: Add "has handler" flag to event/gpe status interfaces.
This change adds a new flag, ACPI_EVENT_FLAGS_HAS_HANDLER to the
acpi_get_event_status and acpi_get_gpe_status external interfaces. It
is set if the event/gpe currently has a handler associated with it.
This commit back ports ACPI_EVENT_FLAG_HANDLE from Linux upstream to
ACPICA, the flag along with its support code currently can only be found
in the Linux upstream and is used by the ACPI sysfs GPE interfaces and
the ACPI bus scanning support.
Link: https://github.com/acpica/acpica/commit/a73b66c6
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Fri, 10 Oct 2014 02:39:51 +0000 (10:39 +0800)]
ACPICA: Events: Update GPE handler removal, match behavior of handler install.
The originally_enabled check is not paired between
acpi_install_gpe_handler() and acpi_remove_gpe_handler().
In ACPICA upstream, there is code to protect original enabled state for
ACPI_GPE_DISPATCH_NOTIFY and this commit fixes an issue for this feature.
Link: https://github.com/acpica/acpica/commit/967f314c
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Fri, 10 Oct 2014 02:39:45 +0000 (10:39 +0800)]
ACPICA: Events: Reduce source code difference in acpi_install_gpe_handler().
There is a sanity check in ACPICA upstream, complaining mis-matched
interrupt type for originally enabled GPEs that are going to be dispatched
by OSPM handlers. This is only a warning message noting developers such
conflict between BIOS and OSPM. This patch ports this warning message from
ACPICA upstream to reduce source code difference between Linux and ACPICA
upstream.
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Fri, 10 Oct 2014 02:39:39 +0000 (10:39 +0800)]
ACPICA: Events: Reduce indent divergences of events files.
This patch reduces indent divergences first in order to reduce human
intervention work for the follow-up linuxized event patches.
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Lv Zheng [Fri, 10 Oct 2014 02:39:32 +0000 (10:39 +0800)]
ACPICA: acpidump: Add ACPI 1.0 RSDP support.
The acpidump currently always uses ACPI 2.0 format to dump RSDP, this patch
adds ACPI 1.0 RSDP support.
Link: https://bugs.acpica.org/show_bug.cgi?id=1097
Link: https://bugs.acpica.org/show_bug.cgi?id=1103
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Reported-and-tested-by: Rudolf Marek <r.marek@assembler.cz>
Reported-and-tested-by: Rafal <fatwildcat@gmail.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Bob Moore [Fri, 10 Oct 2014 02:39:24 +0000 (10:39 +0800)]
ACPICA: Add string for _DDN method name.
The _DDN method will be used internally.
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>