1. 09 Jul, 2015 4 commits
    • Markos Chandras's avatar
      MIPS: Fix erroneous JR emulation for MIPS R6 · 143fefc8
      Markos Chandras authored
      Commit 5f9f41c4 ("MIPS: kernel: Prepare
      the JR instruction for emulation on MIPS R6") added support for
      emulating the JR instruction on MIPS R6 cores but that introduced a bug
      which could be triggered when hitting a JALR opcode because the code used
      the wrong field in the 'r_format' struct to determine the instruction
      opcode. This lead to crashes because an emulated JALR instruction was
      treated as a JR one when the R6 emulator was turned off.
      
      Fixes: 5f9f41c4 ("MIPS: kernel: Prepare the JR instruction for emulation on MIPS R6")
      Cc: <stable@vger.kernel.org> # 4.0+
      Signed-off-by: default avatarMarkos Chandras <markos.chandras@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: stable@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/10583/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      143fefc8
    • Markos Chandras's avatar
      MIPS: Fix branch emulation for BLTC and BGEC instructions · e9d92d22
      Markos Chandras authored
      Commits f1b44067 ("MIPS: Emulate the
      new MIPS R6 B{L,G}T{Z,}{AL,}C instructions") and commit
      a8ff66f5 ("MIPS: Emulate the new MIPS
      R6 B{L,G}E{Z,}{AL,}C instructions") added support for emulating various
      branch compact instructions. However, it missed the case for those which
      use the old BLEZL and BGTZL opcodes leading to random crashes when the R6
      emulator is disabled. We fix this by ensuring that the 'rt' field is not
      zero which is always true for these branch compact instructions.
      
      Fixes: f1b44067 ("MIPS: Emulate the new MIPS R6 B{L,G}T{Z,}{AL,}C instructions")
      Fixes: a8ff66f5 ("MIPS: Emulate the new MIPS R6 B{L,G}E{Z,}{AL,}C instructions")
      Cc: <stable@vger.kernel.org> # 4.0+
      Signed-off-by: default avatarMarkos Chandras <markos.chandras@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: Markos Chandras <markos.chandras@imgtec.com>
      Patchwork: https://patchwork.linux-mips.org/patch/10582/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      e9d92d22
    • Markos Chandras's avatar
      MIPS: kernel: traps: Fix broken indentation · 761b4493
      Markos Chandras authored
      Fix broken indentation caused by the SMTC removal
      commit b633648c
      ("MIPS: MT: Remove SMTC support")
      Signed-off-by: default avatarMarkos Chandras <markos.chandras@imgtec.com>
      Fixes: b633648c ("MIPS: MT: Remove SMTC support")
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/10581/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      761b4493
    • Alexander Sverdlin's avatar
      MIPS: bootmem: Don't use memory holes for page bitmap · a6335fa1
      Alexander Sverdlin authored
      Commit f9a7febd leads to a fact that mapstart and therefore a page bitmap for
      bootmem allocator immediately follows initrd_end. This doesn't always work
      well on Octeon, where there are holes in PFN ranges (refer to 5b3b1688 and
      4MB-aligned PFN allocation). Depending on the inird location it could happen,
      that mapstart would be in an area not allocated by plat_mem_setup() in
      arch/mips/cavium-octeon/setup.c, but in the alignment hole between initrd and
      the next PFN area. Later on this memory will be unconditionally made available
      to buddy allocator at the end of free_all_bootmem_core() (mm/bootmem.c).
      All of this results in Linux using the memory not designated for Linux in
      Octeon's plat_mem_setup(), which in turn means corruption of the memory used
      by another OS/baremetal code on the same SoC.
      
      It doesn't look to me as a problem of Octeon platform code, but rather as an
      inability of f9a7febd to deal correctly with the fragmented memory-mappings.
      Proposed fix moves the check for initrd address to the same calculation-loop
      in bootmem_init() (arch/mips/kernel/setup.c), which also accounts for kernel
      code location. This should result in mapstart located starting from the first
      PFN area after kernel code AND initrd.
      Signed-off-by: default avatarAlexander Sverdlin <alexander.sverdlin@nokia.com>
      Cc: linux-mips@linux-mips.org
      Cc: David Daney <david.daney@cavium.com>
      Cc: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
      Cc: Huacai Chen <chenhc@lemote.com>
      Cc: Andreas Herrmann <andreas.herrmann@caviumnetworks.com>
      Cc: Joe Perches <joe@perches.com>
      Cc: Steven J. Hill <Steven.Hill@imgtec.com>
      Cc: Yusuf Khan <yusuf.khan@nokia.com>
      Cc: Michael Kreuzer <michael.kreuzer@nokia.com>
      Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
      Patchwork: https://patchwork.linux-mips.org/patch/10594/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      a6335fa1
  2. 08 Jul, 2015 1 commit
    • Ralf Baechle's avatar
      MIPS: O32: Do not handle require 32 bytes from the stack to be readable. · 7928eb03
      Ralf Baechle authored
      Commit 46e12c07 (MIPS: O32 / 32-bit:
      Always copy 4 stack arguments.) change the O32 syscall handler to always
      load four arguments from the userspace stack even for syscalls that
      require fewer or no arguments to be copied.  This removes a large table
      from kernel space and need to maintain it.  It appeared that it was ok
      the implementation chosen requires 16 bytes of readable stack space
      above the user stack pointer.
      
      Turned out a few threading implementations munmap the user stack before
      the thread exits resulting in errors due to the unreadable stack.
      
      We now treat any failed load as a if the loaded value was zero and let
      the actual syscall deal with the situation.
      Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      7928eb03
  3. 07 Jul, 2015 2 commits
  4. 05 Jul, 2015 4 commits
    • Linus Torvalds's avatar
      Linux 4.2-rc1 · d770e558
      Linus Torvalds authored
      d770e558
    • Linus Torvalds's avatar
      Merge tag 'platform-drivers-x86-v4.2-2' of... · a585d2b7
      Linus Torvalds authored
      Merge tag 'platform-drivers-x86-v4.2-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86
      
      Pull late x86 platform driver updates from Darren Hart:
       "The following came in a bit later and I wanted them to bake in next a
        few more days before submitting, thus the second pull.
      
        A new intel_pmc_ipc driver, a symmetrical allocation and free fix in
        dell-laptop, a couple minor fixes, and some updated documentation in
        the dell-laptop comments.
      
        intel_pmc_ipc:
         - Add Intel Apollo Lake PMC IPC driver
      
        tc1100-wmi:
         - Delete an unnecessary check before the function call "kfree"
      
        dell-laptop:
         - Fix allocating & freeing SMI buffer page
         - Show info about WiGig and UWB in debugfs
         - Update information about wireless control"
      
      * tag 'platform-drivers-x86-v4.2-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86:
        intel_pmc_ipc: Add Intel Apollo Lake PMC IPC driver
        tc1100-wmi: Delete an unnecessary check before the function call "kfree"
        dell-laptop: Fix allocating & freeing SMI buffer page
        dell-laptop: Show info about WiGig and UWB in debugfs
        dell-laptop: Update information about wireless control
      a585d2b7
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs · 1dc51b82
      Linus Torvalds authored
      Pull more vfs updates from Al Viro:
       "Assorted VFS fixes and related cleanups (IMO the most interesting in
        that part are f_path-related things and Eric's descriptor-related
        stuff).  UFS regression fixes (it got broken last cycle).  9P fixes.
        fs-cache series, DAX patches, Jan's file_remove_suid() work"
      
      [ I'd say this is much more than "fixes and related cleanups".  The
        file_table locking rule change by Eric Dumazet is a rather big and
        fundamental update even if the patch isn't huge.   - Linus ]
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (49 commits)
        9p: cope with bogus responses from server in p9_client_{read,write}
        p9_client_write(): avoid double p9_free_req()
        9p: forgetting to cancel request on interrupted zero-copy RPC
        dax: bdev_direct_access() may sleep
        block: Add support for DAX reads/writes to block devices
        dax: Use copy_from_iter_nocache
        dax: Add block size note to documentation
        fs/file.c: __fget() and dup2() atomicity rules
        fs/file.c: don't acquire files->file_lock in fd_install()
        fs:super:get_anon_bdev: fix race condition could cause dev exceed its upper limitation
        vfs: avoid creation of inode number 0 in get_next_ino
        namei: make set_root_rcu() return void
        make simple_positive() public
        ufs: use dir_pages instead of ufs_dir_pages()
        pagemap.h: move dir_pages() over there
        remove the pointless include of lglock.h
        fs: cleanup slight list_entry abuse
        xfs: Correctly lock inode when removing suid and file capabilities
        fs: Call security_ops->inode_killpriv on truncate
        fs: Provide function telling whether file_remove_privs() will do anything
        ...
      1dc51b82
    • Linus Torvalds's avatar
      bluetooth: fix list handling · 9b284cbd
      Linus Torvalds authored
      Commit 835a6a2f ("Bluetooth: Stop sabotaging list poisoning")
      thought that the code was sabotaging the list poisoning when NULL'ing
      out the list pointers and removed it.
      
      But what was going on was that the bluetooth code was using NULL
      pointers for the list as a way to mark it empty, and that commit just
      broke it (and replaced the test with NULL with a "list_empty()" test on
      a uninitialized list instead, breaking things even further).
      
      So fix it all up to use the regular and real list_empty() handling
      (which does not use NULL, but a pointer to itself), also making sure to
      initialize the list properly (the previous NULL case was initialized
      implicitly by the session being allocated with kzalloc())
      
      This is a combination of patches by Marcel Holtmann and Tedd Ho-Jeong
      An.
      
      [ I would normally expect to get this through the bt tree, but I'm going
        to release -rc1, so I'm just committing this directly   - Linus ]
      Reported-and-tested-by: default avatarJörg Otte <jrg.otte@gmail.com>
      Cc: Alexey Dobriyan <adobriyan@gmail.com>
      Original-by: default avatarTedd Ho-Jeong An <tedd.an@intel.com>
      Original-by: Marcel Holtmann <marcel@holtmann.org>:
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      9b284cbd
  5. 04 Jul, 2015 29 commits