1. 01 Nov, 2017 2 commits
    • Naveen N. Rao's avatar
      powerpc/kprobes: Dereference function pointers only if the address does not belong to kernel text · e6c4dcb3
      Naveen N. Rao authored
      This makes the changes introduced in commit 83e840c7
      ("powerpc64/elfv1: Only dereference function descriptor for non-text
      symbols") to be specific to the kprobe subsystem.
      
      We previously changed ppc_function_entry() to always check the provided
      address to confirm if it needed to be dereferenced. This is actually
      only an issue for kprobe blacklisted asm labels (through use of
      _ASM_NOKPROBE_SYMBOL) and can cause other issues with ftrace. Also, the
      additional checks are not really necessary for our other uses.
      
      As such, move this check to the kprobes subsystem.
      
      Fixes: 83e840c7 ("powerpc64/elfv1: Only dereference function descriptor for non-text symbols")
      Cc: stable@vger.kernel.org # v4.13+
      Signed-off-by: default avatarNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      e6c4dcb3
    • Naveen N. Rao's avatar
      Revert "powerpc64/elfv1: Only dereference function descriptor for non-text symbols" · 63be1a81
      Naveen N. Rao authored
      This reverts commit 83e840c7 ("powerpc64/elfv1: Only dereference
      function descriptor for non-text symbols").
      
      Chandan reported that on newer kernels, trying to enable function_graph
      tracer on ppc64 (BE) locks up the system with the following trace:
      
        Unable to handle kernel paging request for data at address 0x600000002fa30010
        Faulting instruction address: 0xc0000000001f1300
        Thread overran stack, or stack corrupted
        Oops: Kernel access of bad area, sig: 11 [#1]
        BE SMP NR_CPUS=2048 DEBUG_PAGEALLOC NUMA pSeries
        Modules linked in:
        CPU: 1 PID: 6586 Comm: bash Not tainted 4.14.0-rc3-00162-g6e51f1f-dirty #20
        task: c000000625c07200 task.stack: c000000625c07310
        NIP:  c0000000001f1300 LR: c000000000121cac CTR: c000000000061af8
        REGS: c000000625c088c0 TRAP: 0380   Not tainted  (4.14.0-rc3-00162-g6e51f1f-dirty)
        MSR:  8000000000001032 <SF,ME,IR,DR,RI>  CR: 28002848  XER: 00000000
        CFAR: c0000000001f1320 SOFTE: 0
        ...
        NIP [c0000000001f1300] .__is_insn_slot_addr+0x30/0x90
        LR [c000000000121cac] .kernel_text_address+0x18c/0x1c0
        Call Trace:
        [c000000625c08b40] [c0000000001bd040] .is_module_text_address+0x20/0x40 (unreliable)
        [c000000625c08bc0] [c000000000121cac] .kernel_text_address+0x18c/0x1c0
        [c000000625c08c50] [c000000000061960] .prepare_ftrace_return+0x50/0x130
        [c000000625c08cf0] [c000000000061b10] .ftrace_graph_caller+0x14/0x34
        [c000000625c08d60] [c000000000121b40] .kernel_text_address+0x20/0x1c0
        [c000000625c08df0] [c000000000061960] .prepare_ftrace_return+0x50/0x130
        ...
        [c000000625c0ab30] [c000000000061960] .prepare_ftrace_return+0x50/0x130
        [c000000625c0abd0] [c000000000061b10] .ftrace_graph_caller+0x14/0x34
        [c000000625c0ac40] [c000000000121b40] .kernel_text_address+0x20/0x1c0
        [c000000625c0acd0] [c000000000061960] .prepare_ftrace_return+0x50/0x130
        [c000000625c0ad70] [c000000000061b10] .ftrace_graph_caller+0x14/0x34
        [c000000625c0ade0] [c000000000121b40] .kernel_text_address+0x20/0x1c0
      
      This is because ftrace is using ppc_function_entry() for obtaining the
      address of return_to_handler() in prepare_ftrace_return(). The call to
      kernel_text_address() itself gets traced and we end up in a recursive
      loop.
      
      Fixes: 83e840c7 ("powerpc64/elfv1: Only dereference function descriptor for non-text symbols")
      Cc: stable@vger.kernel.org # v4.13+
      Reported-by: default avatarChandan Rajendra <chandan@linux.vnet.ibm.com>
      Signed-off-by: default avatarNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      63be1a81
  2. 25 Oct, 2017 3 commits
  3. 13 Oct, 2017 1 commit
    • Anju T Sudhakar's avatar
      powerpc/perf: Fix IMC initialization crash · 0d8ba162
      Anju T Sudhakar authored
      Panic observed with latest firmware, and upstream kernel:
      
       NIP init_imc_pmu+0x8c/0xcf0
       LR  init_imc_pmu+0x2f8/0xcf0
       Call Trace:
         init_imc_pmu+0x2c8/0xcf0 (unreliable)
         opal_imc_counters_probe+0x300/0x400
         platform_drv_probe+0x64/0x110
         driver_probe_device+0x3d8/0x580
         __driver_attach+0x14c/0x1a0
         bus_for_each_dev+0x8c/0xf0
         driver_attach+0x34/0x50
         bus_add_driver+0x298/0x350
         driver_register+0x9c/0x180
         __platform_driver_register+0x5c/0x70
         opal_imc_driver_init+0x2c/0x40
         do_one_initcall+0x64/0x1d0
         kernel_init_freeable+0x280/0x374
         kernel_init+0x24/0x160
         ret_from_kernel_thread+0x5c/0x74
      
      While registering nest imc at init, cpu-hotplug callback
      nest_pmu_cpumask_init() makes an OPAL call to stop the engine. And if
      the OPAL call fails, imc_common_cpuhp_mem_free() is invoked to cleanup
      memory and cpuhotplug setup.
      
      But when cleaning up the attribute group, we are dereferencing the
      attribute element array without checking whether the backing element
      is not NULL. This causes the kernel panic.
      
      Add a check for the backing element prior to dereferencing the
      attribute element, to handle the failing case gracefully.
      Signed-off-by: default avatarAnju T Sudhakar <anju@linux.vnet.ibm.com>
      Reported-by: default avatarPridhiviraj Paidipeddi <ppaidipe@linux.vnet.ibm.com>
      [mpe: Trim change log]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      0d8ba162
  4. 12 Oct, 2017 2 commits
    • Anju T Sudhakar's avatar
      powerpc/perf: Add ___GFP_NOWARN flag to alloc_pages_node() · cd4f2b30
      Anju T Sudhakar authored
      Stack trace output during a stress test:
       [    4.310049] Freeing initrd memory: 22592K
      [    4.310646] rtas_flash: no firmware flash support
      [    4.313341] cpuhp/64: page allocation failure: order:0, mode:0x14480c0(GFP_KERNEL|__GFP_ZERO|__GFP_THISNODE), nodemask=(null)
      [    4.313465] cpuhp/64 cpuset=/ mems_allowed=0
      [    4.313521] CPU: 64 PID: 392 Comm: cpuhp/64 Not tainted 4.11.0-39.el7a.ppc64le #1
      [    4.313588] Call Trace:
      [    4.313622] [c000000f1fb1b8e0] [c000000000c09388] dump_stack+0xb0/0xf0 (unreliable)
      [    4.313694] [c000000f1fb1b920] [c00000000030ef6c] warn_alloc+0x12c/0x1c0
      [    4.313753] [c000000f1fb1b9c0] [c00000000030ff68] __alloc_pages_nodemask+0xea8/0x1000
      [    4.313823] [c000000f1fb1bbb0] [c000000000113a8c] core_imc_mem_init+0xbc/0x1c0
      [    4.313892] [c000000f1fb1bc00] [c000000000113cdc] ppc_core_imc_cpu_online+0x14c/0x170
      [    4.313962] [c000000f1fb1bc90] [c000000000125758] cpuhp_invoke_callback+0x198/0x5d0
      [    4.314031] [c000000f1fb1bd00] [c00000000012782c] cpuhp_thread_fun+0x8c/0x3d0
      [    4.314101] [c000000f1fb1bd60] [c0000000001678d0] smpboot_thread_fn+0x290/0x2a0
      [    4.314169] [c000000f1fb1bdc0] [c00000000015ee78] kthread+0x168/0x1b0
      [    4.314229] [c000000f1fb1be30] [c00000000000b368] ret_from_kernel_thread+0x5c/0x74
      [    4.314313] Mem-Info:
      [    4.314356] active_anon:0 inactive_anon:0 isolated_anon:0
      
      core_imc_mem_init() at system boot use alloc_pages_node() to get memory
      and alloc_pages_node() throws this stack dump when tried to allocate
      memory from a node which has no memory behind it. Add a ___GFP_NOWARN
      flag in allocation request as a fix.
      Signed-off-by: default avatarAnju T Sudhakar <anju@linux.vnet.ibm.com>
      Reported-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      Reported-by: default avatarVenkat R.B <venkatb3@in.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      cd4f2b30
    • Anju T Sudhakar's avatar
      powerpc/perf: Fix for core/nest imc call trace on cpuhotplug · 0d923820
      Anju T Sudhakar authored
      Nest/core pmu units are enabled only when it is used. A reference count is
      maintained for the events which uses the nest/core pmu units. Currently in
      *_imc_counters_release function a WARN() is used for notification of any
      underflow of ref count.
      
      The case where event ref count hit a negative value is, when perf session is
      started, followed by offlining of all cpus in a given core.
      i.e. in cpuhotplug offline path ppc_core_imc_cpu_offline() function set the
      ref->count to zero, if the current cpu which is about to offline is the last
      cpu in a given core and make an OPAL call to disable the engine in that core.
      And on perf session termination, perf->destroy (core_imc_counters_release) will
      first decrement the ref->count for this core and based on the ref->count value
      an opal call is made to disable the core-imc engine.
      Now, since cpuhotplug path already clears the ref->count for core and disabled
      the engine, perf->destroy() decrementing again at event termination make it
      negative which in turn fires the WARN_ON. The same happens for nest units.
      
      Add a check to see if the reference count is alreday zero, before decrementing
      the count, so that the ref count will not hit a negative value.
      Signed-off-by: default avatarAnju T Sudhakar <anju@linux.vnet.ibm.com>
      Reviewed-by: default avatarSantosh Sivaraj <santosh@fossix.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      0d923820
  5. 10 Oct, 2017 3 commits
    • Thiago Jung Bauermann's avatar
      powerpc: Don't call lockdep_assert_cpus_held() from arch_update_cpu_topology() · 6b2c08f9
      Thiago Jung Bauermann authored
      It turns out that not all paths calling arch_update_cpu_topology() hold
      cpu_hotplug_lock, but that's OK because those paths can't race with
      any concurrent hotplug events.
      
      Warnings were reported with the following trace:
      
        lockdep_assert_cpus_held
        arch_update_cpu_topology
        sched_init_domains
        sched_init_smp
        kernel_init_freeable
        kernel_init
        ret_from_kernel_thread
      
      Which is safe because it's called early in boot when hotplug is not
      live yet.
      
      And also this trace:
      
        lockdep_assert_cpus_held
        arch_update_cpu_topology
        partition_sched_domains
        cpuset_update_active_cpus
        sched_cpu_deactivate
        cpuhp_invoke_callback
        cpuhp_down_callbacks
        cpuhp_thread_fun
        smpboot_thread_fn
        kthread
        ret_from_kernel_thread
      
      Which is safe because it's called as part of CPU hotplug, so although
      we don't hold the CPU hotplug lock, there is another thread driving
      the CPU hotplug operation which does hold the lock, and there is no
      race.
      
      Thanks to tglx for deciphering it for us.
      
      Fixes: 3e401f7a ("powerpc: Only obtain cpu_hotplug_lock if called by rtasd")
      Signed-off-by: default avatarThiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      6b2c08f9
    • Sandipan Das's avatar
      powerpc/lib/sstep: Fix count leading zeros instructions · b0490a04
      Sandipan Das authored
      According to the GCC documentation, the behaviour of __builtin_clz()
      and __builtin_clzl() is undefined if the value of the input argument
      is zero. Without handling this special case, these builtins have been
      used for emulating the following instructions:
        * Count Leading Zeros Word (cntlzw[.])
        * Count Leading Zeros Doubleword (cntlzd[.])
      
      This fixes the emulated behaviour of these instructions by adding an
      additional check for this special case.
      
      Fixes: 3cdfcbfd ("powerpc: Change analyse_instr so it doesn't modify *regs")
      Signed-off-by: default avatarSandipan Das <sandipan@linux.vnet.ibm.com>
      Reviewed-by: default avatarNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      b0490a04
    • Kamalesh Babulal's avatar
      powerpc/livepatch: Fix livepatch stack access · e36a82ee
      Kamalesh Babulal authored
      While running stress test with livepatch module loaded, kernel bug was
      triggered.
      
        cpu 0x5: Vector: 400 (Instruction Access) at [c0000000eb9d3b60]
        5:mon> t
        [c0000000eb9d3de0] c0000000eb9d3e30 (unreliable)
        [c0000000eb9d3e30] c000000000008ab4 hardware_interrupt_common+0x114/0x120
         --- Exception: 501 (Hardware Interrupt) at c000000000053040 livepatch_handler+0x4c/0x74
        [c0000000eb9d4120] 0000000057ac6e9d (unreliable)
        [d0000000089d9f78] 2e0965747962382e
        SP (965747962342e09) is in userspace
      
      When an interrupt occurs during the livepatch_handler execution, it's
      possible for the livepatch_stack and/or thread_info to be corrupted.
      eg:
      
        Task A                        Interrupt Handler
        =========                     =================
        livepatch_handler:
        mr r0, r1
        ld r1, TI_livepatch_sp(r12)
                                      hardware_interrupt_common:
                                        do_IRQ+0x8:
                                          mflr    r0          <- saved stack pointer is overwritten
                                          bl      _mcount
                                          ...
                                          std     r27,-40(r1) <- overwrite of thread_info()
      
        lis r2, STACK_END_MAGIC@h
        ori r2, r2, STACK_END_MAGIC@l
        ld  r12, -8(r1)
      
      Fix the corruption by using r11 register for livepatch stack
      manipulation, instead of shuffling task stack and livepatch stack into
      r1 register. Using r11 register also avoids disabling/enabling irq's
      while setting up the livepatch stack.
      Signed-off-by: default avatarKamalesh Babulal <kamalesh@linux.vnet.ibm.com>
      Reviewed-by: default avatarNaveen N. Rao <naveen.n.rao@linux.vnet.ibm.com>
      Reviewed-by: default avatarBalbir Singh <bsingharora@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      e36a82ee
  6. 06 Oct, 2017 1 commit
  7. 04 Oct, 2017 3 commits
    • Guenter Roeck's avatar
      powerpc/mm: Call flush_tlb_kernel_range with interrupts enabled · 7c6a4f3b
      Guenter Roeck authored
      flush_tlb_kernel_range() may call smp_call_function_many() which expects
      interrupts to be enabled. This results in a traceback.
      
      WARNING: CPU: 0 PID: 1 at kernel/smp.c:416 smp_call_function_many+0xcc/0x2fc
      CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.14.0-rc1-00009-g0666f560 #1
      task: cf830000 task.stack: cf82e000
      NIP:  c00a93c8 LR: c00a9634 CTR: 00000001
      REGS: cf82fde0 TRAP: 0700   Not tainted  (4.14.0-rc1-00009-g0666f560)
      MSR:  00021000 <CE,ME>  CR: 24000082  XER: 00000000
      
      GPR00: c00a9634 cf82fe90 cf830000 c050ad3c c0015a54 00000000 00000001 00000001
      GPR08: 00000001 00000000 00000000 cf82e000 24000084 00000000 c0003150 00000000
      GPR16: 00000000 00000000 00000000 00000000 00000000 00000001 00000000 c0510000
      GPR24: 00000000 c0015a54 00000000 c050ad3c c051823c c050ad3c 00000025 00000000
      NIP [c00a93c8] smp_call_function_many+0xcc/0x2fc
      LR [c00a9634] smp_call_function+0x3c/0x50
      Call Trace:
      [cf82fe90] [00000010] 0x10 (unreliable)
      [cf82fed0] [c00a9634] smp_call_function+0x3c/0x50
      [cf82fee0] [c0015d2c] flush_tlb_kernel_range+0x20/0x38
      [cf82fef0] [c001524c] mark_initmem_nx+0x154/0x16c
      [cf82ff20] [c001484c] free_initmem+0x20/0x4c
      [cf82ff30] [c000316c] kernel_init+0x1c/0x108
      [cf82ff40] [c000f3a8] ret_from_kernel_thread+0x5c/0x64
      Instruction dump:
      7c0803a6 7d808120 38210040 4e800020 3d20c052 812981a0 2f890000 40beffac
      3d20c051 8929ac64 2f890000 40beff9c <0fe00000> 4bffff94 7fc3f378 7f64db78
      
      Fixes: 3184cc4b ("powerpc/mm: Fix kernel RAM protection after freeing ...")
      Fixes: e611939f ("powerpc/mm: Ensure change_page_attr() doesn't ...")
      Cc: Christophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarGuenter Roeck <linux@roeck-us.net>
      Reviewed-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      7c6a4f3b
    • Cédric Le Goater's avatar
      powerpc/xive: Clear XIVE internal structures when a CPU is removed · cc569398
      Cédric Le Goater authored
      Commit eac1e731 ("powerpc/xive: guest exploitation of the XIVE
      interrupt controller") introduced support for the XIVE exploitation
      mode of the P9 interrupt controller on the pseries platform.
      
      At that time, support for CPU removal was not complete on PowerVM and
      CPU hot unplug remained untested. It appears that some cleanups of the
      XIVE internal structures are required before releasing the CPU,
      without which the kernel crashes in a RTAS call doing the CPU
      isolation.
      
      These changes fix the crash by deconfiguring the IPI interrupt source
      and clearing the event queues of the CPU when it is removed.
      
      Fixes: eac1e731 ("powerpc/xive: guest exploitation of the XIVE interrupt controller")
      Signed-off-by: default avatarCédric Le Goater <clg@kaod.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      cc569398
    • Cédric Le Goater's avatar
      powerpc/xive: Fix IPI reset · 74f12821
      Cédric Le Goater authored
      When resetting an IPI, hw_ipi should also be set to zero.
      
      Fixes: eac1e731 ("powerpc/xive: guest exploitation of the XIVE interrupt controller")
      Signed-off-by: default avatarCédric Le Goater <clg@kaod.org>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      74f12821
  8. 03 Oct, 2017 2 commits
    • Christian Lamparter's avatar
      powerpc/4xx: Fix compile error with 64K pages on 40x, 44x · 070e0049
      Christian Lamparter authored
      The mmu context on the 40x, 44x does not define pte_frag entry. This
      causes gcc abort the compilation due to:
      
        setup-common.c: In function ‘setup_arch’:
        setup-common.c:908: error: ‘mm_context_t’ has no ‘pte_frag’
      
      This patch fixes the issue by removing the pte_frag initialization in
      setup-common.c.
      
      This is possible, because the compiler will do the initialization,
      since the mm_context is a sub struct of init_mm. init_mm is declared
      in mm_types.h as external linkage.
      
      According to C99 6.2.4.3:
        An object whose identifier is declared with external linkage
        [...] has static storage duration.
      
      C99 defines in 6.7.8.10 that:
        If an object that has static storage duration is not
        initialized explicitly, then:
        - if it has pointer type, it is initialized to a null pointer
      
      Fixes: b1923caa ("powerpc: Merge 32-bit and 64-bit setup_arch()")
      Signed-off-by: default avatarChristian Lamparter <chunkeey@gmail.com>
      Reviewed-by: default avatarChristophe Leroy <christophe.leroy@c-s.fr>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      070e0049
    • Jeremy Kerr's avatar
      powerpc: Fix action argument for cpufeatures-based TLB flush · 3b7af5c0
      Jeremy Kerr authored
      Commit 41d0c2ec ("powerpc/powernv: Fix local TLB flush for boot
      and MCE on POWER9") introduced calls to __flush_tlb_power[89] from the
      cpufeatures code, specifying the number of sets to flush.
      
      However, these functions take an action argument, not a number of
      sets. This means we hit the BUG() in __flush_tlb_{206,300} when using
      cpufeatures-style configuration.
      
      This change passes TLB_INVAL_SCOPE_GLOBAL instead.
      
      Fixes: 41d0c2ec ("powerpc/powernv: Fix local TLB flush for boot and MCE on POWER9")
      Cc: stable@vger.kernel.org # v4.13+
      Signed-off-by: default avatarJeremy Kerr <jk@ozlabs.org>
      Reviewed-by: default avatarNicholas Piggin <npiggin@gmail.com>
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      3b7af5c0
  9. 29 Sep, 2017 2 commits
  10. 26 Sep, 2017 1 commit
    • Michael Neuling's avatar
      powerpc: Handle MCE on POWER9 with only DSISR bit 30 set · d8bd9f3f
      Michael Neuling authored
      On POWER9 DD2.1 and below, it's possible for a paste instruction to
      cause a Machine Check Exception (MCE) where only DSISR bit 30 (IBM 33)
      is set. This will result in the MCE handler seeing an unknown event,
      which triggers linux to crash.
      
      We change this by detecting unknown events caused by load/stores in
      the MCE handler and marking them as handled so that we no longer
      crash.
      
      An MCE that occurs like this is spurious, so we don't need to do
      anything in terms of servicing it. If there is something that needs to
      be serviced, the CPU will raise the MCE again with the correct DSISR
      so that it can be serviced properly.
      Signed-off-by: default avatarMichael Neuling <mikey@neuling.org>
      Reviewed-by: Nicholas Piggin <npiggin@gmail.com
      Acked-by: default avatarBalbir Singh <bsingharora@gmail.com>
      [mpe: Expand comment with details from change log, use normal bit #s]
      Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
      d8bd9f3f
  11. 24 Sep, 2017 14 commits
  12. 23 Sep, 2017 6 commits
    • Linus Torvalds's avatar
      Merge branch 'parisc-4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux · cd4175b1
      Linus Torvalds authored
      Pull parisc fixes from Helge Deller:
      
       - Unbreak parisc bootloader by avoiding a gcc-7 optimization to convert
         multiple byte-accesses into one word-access.
      
       - Add missing HWPOISON page fault handler code. I completely missed
         that when I added HWPOISON support during this merge window and it
         only showed up now with the madvise07 LTP test case.
      
       - Fix backtrace unwinding to stop when stack start has been reached.
      
       - Issue warning if initrd has been loaded into memory regions with
         broken RAM modules.
      
       - Fix HPMC handler (parisc hardware fault handler) to comply with
         architecture specification.
      
       - Avoid compiler warnings about too large frame sizes.
      
       - Minor init-section fixes.
      
      * 'parisc-4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
        parisc: Unbreak bootloader due to gcc-7 optimizations
        parisc: Reintroduce option to gzip-compress the kernel
        parisc: Add HWPOISON page fault handler code
        parisc: Move init_per_cpu() into init section
        parisc: Check if initrd was loaded into broken RAM
        parisc: Add PDCE_CHECK instruction to HPMC handler
        parisc: Add wrapper for pdc_instr() firmware function
        parisc: Move start_parisc() into init section
        parisc: Stop unwinding at start of stack
        parisc: Fix too large frame size warnings
      cd4175b1
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · ded85032
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
      
       - Smattering of miscellanous fixes
      
       - A five patch series for i40iw that had a patch (5/5) that was larger
         than I would like, but I took it because it's needed for large scale
         users
      
       - An 8 patch series for bnxt_re that landed right as I was leaving on
         PTO and so had to wait until now...they are all appropriate fixes for
         -rc IMO
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (22 commits)
        bnxt_re: Don't issue cmd to delete GID for QP1 GID entry before the QP is destroyed
        bnxt_re: Fix memory leak in FRMR path
        bnxt_re: Remove RTNL lock dependency in bnxt_re_query_port
        bnxt_re: Fix race between the netdev register and unregister events
        bnxt_re: Free up devices in module_exit path
        bnxt_re: Fix compare and swap atomic operands
        bnxt_re: Stop issuing further cmds to FW once a cmd times out
        bnxt_re: Fix update of qplib_qp.mtu when modified
        i40iw: Add support for port reuse on active side connections
        i40iw: Add missing VLAN priority
        i40iw: Call i40iw_cm_disconn on modify QP to disconnect
        i40iw: Prevent multiple netdev event notifier registrations
        i40iw: Fail open if there are no available MSI-X vectors
        RDMA/vmw_pvrdma: Fix reporting correct opcodes for completion
        IB/bnxt_re: Fix frame stack compilation warning
        IB/mlx5: fix debugfs cleanup
        IB/ocrdma: fix incorrect fall-through on switch statement
        IB/ipoib: Suppress the retry related completion errors
        iw_cxgb4: remove the stid on listen create failure
        iw_cxgb4: drop listen destroy replies if no ep found
        ...
      ded85032
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 71aa60f6
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Fix NAPI poll list corruption in enic driver, from Christian
          Lamparter.
      
       2) Fix route use after free, from Eric Dumazet.
      
       3) Fix regression in reuseaddr handling, from Josef Bacik.
      
       4) Assert the size of control messages in compat handling since we copy
          it in from userspace twice. From Meng Xu.
      
       5) SMC layer bug fixes (missing RCU locking, bad refcounting, etc.)
          from Ursula Braun.
      
       6) Fix races in AF_PACKET fanout handling, from Willem de Bruijn.
      
       7) Don't use ARRAY_SIZE on spinlock array which might have zero
          entries, from Geert Uytterhoeven.
      
       8) Fix miscomputation of checksum in ipv6 udp code, from Subash Abhinov
          Kasiviswanathan.
      
       9) Push the ipv6 header properly in ipv6 GRE tunnel driver, from Xin
          Long.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (75 commits)
        inet: fix improper empty comparison
        net: use inet6_rcv_saddr to compare sockets
        net: set tb->fast_sk_family
        net: orphan frags on stand-alone ptype in dev_queue_xmit_nit
        MAINTAINERS: update git tree locations for ieee802154 subsystem
        net: prevent dst uses after free
        net: phy: Fix truncation of large IRQ numbers in phy_attached_print()
        net/smc: no close wait in case of process shut down
        net/smc: introduce a delay
        net/smc: terminate link group if out-of-sync is received
        net/smc: longer delay for client link group removal
        net/smc: adapt send request completion notification
        net/smc: adjust net_device refcount
        net/smc: take RCU read lock for routing cache lookup
        net/smc: add receive timeout check
        net/smc: add missing dev_put
        net: stmmac: Cocci spatch "of_table"
        lan78xx: Use default values loaded from EEPROM/OTP after reset
        lan78xx: Allow EEPROM write for less than MAX_EEPROM_SIZE
        lan78xx: Fix for eeprom read/write when device auto suspend
        ...
      71aa60f6
    • Linus Torvalds's avatar
      Merge tag 'apparmor-pr-2017-09-22' of... · 79444df4
      Linus Torvalds authored
      Merge tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
      
      Pull apparmor updates from John Johansen:
       "This is the apparmor pull request, similar to SELinux and seccomp.
      
        It's the same series that I was sent to James' security tree + one
        regression fix that was found after the series was sent to James and
        would have been sent for v4.14-rc2.
      
        Features:
        - in preparation for secid mapping add support for absolute root view
          based labels
        - add base infastructure for socket mediation
        - add mount mediation
        - add signal mediation
      
        minor cleanups and changes:
        - be defensive, ensure unconfined profiles have dfas initialized
        - add more debug asserts to apparmorfs
        - enable policy unpacking to audit different reasons for failure
        - cleanup conditional check for label in label_print
        - Redundant condition: prev_ns. in [label.c:1498]
      
        Bug Fixes:
        - fix regression in apparmorfs DAC access permissions
        - fix build failure on sparc caused by undeclared signals
        - fix sparse report of incorrect type assignment when freeing label proxies
        - fix race condition in null profile creation
        - Fix an error code in aafs_create()
        - Fix logical error in verify_header()
        - Fix shadowed local variable in unpack_trans_table()"
      
      * tag 'apparmor-pr-2017-09-22' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor:
        apparmor: fix apparmorfs DAC access permissions
        apparmor: fix build failure on sparc caused by undeclared signals
        apparmor: fix incorrect type assignment when freeing proxies
        apparmor: ensure unconfined profiles have dfas initialized
        apparmor: fix race condition in null profile creation
        apparmor: move new_null_profile to after profile lookup fns()
        apparmor: add base infastructure for socket mediation
        apparmor: add more debug asserts to apparmorfs
        apparmor: make policy_unpack able to audit different info messages
        apparmor: add support for absolute root view based labels
        apparmor: cleanup conditional check for label in label_print
        apparmor: add mount mediation
        apparmor: add the ability to mediate signals
        apparmor: Redundant condition: prev_ns. in [label.c:1498]
        apparmor: Fix an error code in aafs_create()
        apparmor: Fix logical error in verify_header()
        apparmor: Fix shadowed local variable in unpack_trans_table()
      79444df4
    • Josh Poimboeuf's avatar
      x86/asm: Fix inline asm call constraints for Clang · f5caf621
      Josh Poimboeuf authored
      For inline asm statements which have a CALL instruction, we list the
      stack pointer as a constraint to convince GCC to ensure the frame
      pointer is set up first:
      
        static inline void foo()
        {
      	register void *__sp asm(_ASM_SP);
      	asm("call bar" : "+r" (__sp))
        }
      
      Unfortunately, that pattern causes Clang to corrupt the stack pointer.
      
      The fix is easy: convert the stack pointer register variable to a global
      variable.
      
      It should be noted that the end result is different based on the GCC
      version.  With GCC 6.4, this patch has exactly the same result as
      before:
      
      	defconfig	defconfig-nofp	distro		distro-nofp
       before	9820389		9491555		8816046		8516940
       after	9820389		9491555		8816046		8516940
      
      With GCC 7.2, however, GCC's behavior has changed.  It now changes its
      behavior based on the conversion of the register variable to a global.
      That somehow convinces it to *always* set up the frame pointer before
      inserting *any* inline asm.  (Therefore, listing the variable as an
      output constraint is a no-op and is no longer necessary.)  It's a bit
      overkill, but the performance impact should be negligible.  And in fact,
      there's a nice improvement with frame pointers disabled:
      
      	defconfig	defconfig-nofp	distro		distro-nofp
       before	9796316		9468236		9076191		8790305
       after	9796957		9464267		9076381		8785949
      
      So in summary, while listing the stack pointer as an output constraint
      is no longer necessary for newer versions of GCC, it's still needed for
      older versions.
      Suggested-by: default avatarAndrey Ryabinin <aryabinin@virtuozzo.com>
      Reported-by: default avatarMatthias Kaehlcke <mka@chromium.org>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dmitriy Vyukov <dvyukov@google.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Link: http://lkml.kernel.org/r/3db862e970c432ae823cf515c52b54fec8270e0e.1505942196.git.jpoimboe@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      f5caf621
    • Josh Poimboeuf's avatar
      objtool: Handle another GCC stack pointer adjustment bug · 0d0970ee
      Josh Poimboeuf authored
      The kbuild bot reported the following warning with GCC 4.4 and a
      randconfig:
      
        net/socket.o: warning: objtool: compat_sock_ioctl()+0x1083: stack state mismatch: cfa1=7+160 cfa2=-1+0
      
      This is caused by another GCC non-optimization, where it backs up and
      restores the stack pointer for no apparent reason:
      
          2f91:       48 89 e0                mov    %rsp,%rax
          2f94:       4c 89 e7                mov    %r12,%rdi
          2f97:       4c 89 f6                mov    %r14,%rsi
          2f9a:       ba 20 00 00 00          mov    $0x20,%edx
          2f9f:       48 89 c4                mov    %rax,%rsp
      
      This issue would have been happily ignored before the following commit:
      
        dd88a0a0 ("objtool: Handle GCC stack pointer adjustment bug")
      
      But now that objtool is paying attention to such stack pointer writes
      to/from a register, it needs to understand them properly.  In this case
      that means recognizing that the "mov %rsp, %rax" instruction is
      potentially a backup of the stack pointer.
      Reported-by: default avatarkbuild test robot <fengguang.wu@intel.com>
      Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
      Cc: Alexander Potapenko <glider@google.com>
      Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
      Cc: Andy Lutomirski <luto@kernel.org>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Dmitriy Vyukov <dvyukov@google.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Matthias Kaehlcke <mka@chromium.org>
      Cc: Miguel Bernal Marin <miguel.bernal.marin@linux.intel.com>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Fixes: dd88a0a0 ("objtool: Handle GCC stack pointer adjustment bug")
      Link: http://lkml.kernel.org/r/8c7aa8e9a36fbbb6655d9d8e7cea58958c912da8.1505942196.git.jpoimboe@redhat.comSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
      0d0970ee