summaryrefslogtreecommitdiff
path: root/arch
AgeCommit message (Collapse)AuthorFilesLines
2019-09-17Merge branch 'parisc-5.4-1' of ↵Linus Torvalds29-660/+795
git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: - Make the powerpc implementation to read elf files available as a public kexec interface so it can be re-used on other architectures (Sven) - Implement kexec on parisc (Sven) - Add kprobes on ftrace on parisc (Sven) - Fix kernel crash with HSC-PCI cards based on card-mode Dino - Add assembly implementations for memset, strlen, strcpy, strncpy and strcat - Some cleanups, documentation updates, warning fixes, ... * 'parisc-5.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: (25 commits) parisc: Have git ignore generated real2.S and firmware.c parisc: Disable HP HSC-PCI Cards to prevent kernel crash parisc: add support for kexec_file_load() syscall parisc: wire up kexec_file_load syscall parisc: add kexec syscall support parisc: add __pdc_cpu_rendezvous() kprobes/parisc: remove arch_kprobe_on_func_entry() kexec_elf: support 32 bit ELF files kexec_elf: remove unused variable in kexec_elf_load() kexec_elf: remove Elf_Rel macro kexec_elf: remove PURGATORY_STACK_SIZE kexec_elf: remove parsing of section headers kexec_elf: change order of elf_*_to_cpu() functions kexec: add KEXEC_ELF parisc: Save some bytes in dino driver parisc: Drop comments which are already in pci.h parisc: Convert eisa_enumerator to use pr_cont() parisc: Avoid warning when loading hppb driver parisc: speed up flush_tlb_all_local with qemu parisc: Add ALTERNATIVE_CODE() and ALT_COND_RUN_ON_QEMU ...
2019-09-17Merge tag 'please-pull-ia64_for_5.4' of ↵Linus Torvalds177-25608/+306
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux Pull ia64 updates from Tony Luck: "The big change here is removal of support for SGI Altix" * tag 'please-pull-ia64_for_5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux: (33 commits) genirq: remove the is_affinity_mask_valid hook ia64: remove CONFIG_SWIOTLB ifdefs ia64: remove support for machvecs ia64: move the screen_info setup to common code ia64: move the ROOT_DEV setup to common code ia64: rework iommu probing ia64: remove the unused sn_coherency_id symbol ia64: remove the SGI UV simulator support ia64: remove the zx1 swiotlb machvec ia64: remove CONFIG_ACPI ifdefs ia64: remove CONFIG_PCI ifdefs ia64: remove the hpsim platform ia64: remove now unused machvec indirections ia64: remove support for the SGI SN2 platform drivers: remove the SGI SN2 IOC4 base support drivers: remove the SGI SN2 IOC3 base support qla2xxx: remove SGI SN2 support qla1280: remove SGI SN2 support misc/sgi-xp: remove SGI SN2 support char/mspec: remove SGI SN2 support ...
2019-09-17Merge tag 'riscv/for-v5.4-rc1' of ↵Linus Torvalds24-110/+369
git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V updates from Paul Walmsley: "Add the following new features: - Generic CPU topology description support for DT-based platforms, including ARM64, ARM and RISC-V. - Sparsemem support - Perf callchain support - SiFive PLIC irqchip modifications, in preparation for M-mode Linux and clean up the code base: - Clean up chip-specific register (CSR) manipulation code, IPIs, TLB flushing, and the RISC-V CPU-local timer code - Kbuild cleanup from one of the Kbuild maintainers" [ The CPU topology parts came in through the arm64 tree with a shared branch - Linus ] * tag 'riscv/for-v5.4-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: irqchip/sifive-plic: set max threshold for ignored handlers riscv: move the TLB flush logic out of line riscv: don't use the rdtime(h) pseudo-instructions riscv: cleanup riscv_cpuid_to_hartid_mask riscv: optimize send_ipi_single riscv: cleanup send_ipi_mask riscv: refactor the IPI code riscv: Add support for libdw riscv: Add support for perf registers sampling riscv: Add perf callchain support riscv: add arch/riscv/Kbuild RISC-V: Implement sparsemem riscv: Using CSR numbers to access CSRs
2019-09-17Merge tag 'm68k-for-v5.4-tag1' of ↵Linus Torvalds18-135/+202
git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k updates from Geert Uytterhoeven: - ioremap() cleanups - defconfig updates - small fixes and cleanups * tag 'm68k-for-v5.4-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k: Remove ioremap_fullcache() m68k: Simplify ioremap_nocache() m68k: defconfig: Update defconfigs for v5.3-rc2 m68k: atari: Rename shifter to shifter_st to avoid conflict m68k: Prevent some compiler warnings in Coldfire builds m68k: mac: Revisit floppy disc controller base addresses
2019-09-17Merge tag 'arm64-upstream' of ↵Linus Torvalds90-1286/+1209
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 updates from Will Deacon: "Although there isn't tonnes of code in terms of line count, there are a fair few headline features which I've noted both in the tag and also in the merge commits when I pulled everything together. The part I'm most pleased with is that we had 35 contributors this time around, which feels like a big jump from the usual small group of core arm64 arch developers. Hopefully they all enjoyed it so much that they'll continue to contribute, but we'll see. It's probably worth highlighting that we've pulled in a branch from the risc-v folks which moves our CPU topology code out to where it can be shared with others. Summary: - 52-bit virtual addressing in the kernel - New ABI to allow tagged user pointers to be dereferenced by syscalls - Early RNG seeding by the bootloader - Improve robustness of SMP boot - Fix TLB invalidation in light of recent architectural clarifications - Support for i.MX8 DDR PMU - Remove direct LSE instruction patching in favour of static keys - Function error injection using kprobes - Support for the PPTT "thread" flag introduced by ACPI 6.3 - Move PSCI idle code into proper cpuidle driver - Relaxation of implicit I/O memory barriers - Build with RELR relocations when toolchain supports them - Numerous cleanups and non-critical fixes" * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (114 commits) arm64: remove __iounmap arm64: atomics: Use K constraint when toolchain appears to support it arm64: atomics: Undefine internal macros after use arm64: lse: Make ARM64_LSE_ATOMICS depend on JUMP_LABEL arm64: asm: Kill 'asm/atomic_arch.h' arm64: lse: Remove unused 'alt_lse' assembly macro arm64: atomics: Remove atomic_ll_sc compilation unit arm64: avoid using hard-coded registers for LSE atomics arm64: atomics: avoid out-of-line ll/sc atomics arm64: Use correct ll/sc atomic constraints jump_label: Don't warn on __exit jump entries docs/perf: Add documentation for the i.MX8 DDR PMU perf/imx_ddr: Add support for AXI ID filtering arm64: kpti: ensure patched kernel text is fetched from PoU arm64: fix fixmap copy for 16K pages and 48-bit VA perf/smmuv3: Validate groups for global filtering perf/smmuv3: Validate group size arm64: Relax Documentation/arm64/tagged-pointers.rst arm64: kvm: Replace hardcoded '1' with SYS_PAR_EL1_F arm64: mm: Ignore spurious translation faults taken from the kernel ...
2019-09-17Merge tag 'iommu-updates-v5.4' of ↵Linus Torvalds6-22/+48
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull iommu updates from Joerg Roedel: - batched unmap support for the IOMMU-API - support for unlocked command queueing in the ARM-SMMU driver - rework the ATS support in the ARM-SMMU driver - more refactoring in the ARM-SMMU driver to support hardware implemention specific quirks and errata - bounce buffering DMA-API implementatation in the Intel VT-d driver for untrusted devices (like Thunderbolt devices) - fixes for runtime PM support in the OMAP iommu driver - MT8183 IOMMU support in the Mediatek IOMMU driver - rework of the way the IOMMU core sets the default domain type for groups. Changing the default domain type on x86 does not require two kernel parameters anymore. - more smaller fixes and cleanups * tag 'iommu-updates-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (113 commits) iommu/vt-d: Declare Broadwell igfx dmar support snafu iommu/vt-d: Add Scalable Mode fault information iommu/vt-d: Use bounce buffer for untrusted devices iommu/vt-d: Add trace events for device dma map/unmap iommu/vt-d: Don't switch off swiotlb if bounce page is used iommu/vt-d: Check whether device requires bounce buffer swiotlb: Split size parameter to map/unmap APIs iommu/omap: Mark pm functions __maybe_unused iommu/ipmmu-vmsa: Disable cache snoop transactions on R-Car Gen3 iommu/ipmmu-vmsa: Move IMTTBCR_SL0_TWOBIT_* to restore sort order iommu: Don't use sme_active() in generic code iommu/arm-smmu-v3: Fix build error without CONFIG_PCI_ATS iommu/qcom: Use struct_size() helper iommu: Remove wrong default domain comments iommu/dma: Fix for dereferencing before null checking iommu/mediatek: Clean up struct mtk_smi_iommu memory: mtk-smi: Get rid of need_larbid iommu/mediatek: Fix VLD_PA_RNG register backup when suspend memory: mtk-smi: Add bus_sel for mt8183 memory: mtk-smi: Invoke pm runtime_callback to enable clocks ...
2019-09-17Merge tag 'gpio-v5.4-1' of ↵Linus Torvalds2-1/+1
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO updates from Linus Walleij: "This is the bulk of changes in the GPIO subsystem for the v5.4 kernel cycle. Core changes: - Support hierarchical GPIO irqchips. We now have three consumers that can use this: Intel IXP4xx, ThunderX and Qualcomm SPMI GPIO (in the pinctrl subsystem). The support code has been long in the making and hashed out so it should be easily adaptable for all hierarchical irqchip parents. The code only gets compiled in if hierarchical irqchip is used at the topmost irq controller at least, as the hierarchical irqchip requires strict hierarchy all the way up in the system. - Determine the need for a "valid_mask" for GPIO lines on the gpio_chip and conversely for the "valid_mask" for the GPIO interrupt chip interrupt lines by looking for a .init_valid_mask() callback in the main chip or GPIO interrupt chip respectively. Allocate it with bitmap_alloc(). - Isolate the device tree/open firmware GPIO description code out in its own file properly. - Isolate the ACPI GPIO description code out in its own file properly. - Drop a whole lot of #ifdef:s in the main includes: it does not hurt to keep the include items around, and we get quicker and clearer compile failures if the appropriate kernel symbols are not selected for drivers. New/deleted drivers: - New driver for Aspeed SGPIO. - The KS8695 driver is deleted as the platform gets deleted from arch/arm in this kernel cycle. - The Cirrus Logic Madera driver now supports CS47L92 and CS47L15. - The Freescale MPC8xxx now supports LS1028A and LS1088A. Driver improvements: - We pass the GPIO irqchip intialization by directly filling in the struct instead of using set-up functions (the new way) for Intel MID, Lynxpoint, Merrifield, XLP, HLWD, Aspeed, ZX, VF610, TQMX86, MT7621, Zynq and EP93xx. Out-of-band changes: - Fix a GPIO header inclusion in Unicore - no response from maintainer. - Drop FMC subsystem from MAINTAINERS - was deleted in the GPIO tree last cycle so let's mop up the shards" * tag 'gpio-v5.4-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (82 commits) gpiolib: of: add a fallback for wlf,reset GPIO name gpio: htc-egpio: Remove unused exported htc_egpio_get_wakeup_irq() gpio: remove explicit comparison with 0 gpio: creg-snps: use devm_platform_ioremap_resource() to simplify code gpio: devres: Switch to EXPORT_SYMBOL_GPL() gpio: of: Switch to EXPORT_SYMBOL_GPL() gpio: of: Make of_gpio_simple_xlate() private gpio: of: Make of_get_named_gpiod_flags() private gpio: aspeed: Add in ast2600 details to Aspeed driver gpio: aspeed: Use ngpio property from device tree if available gpio: aspeed: Setup irqchip dynamically gpio/aspeed: Fix incorrect number of banks gpio: aspeed: Update documentation with ast2600 controllers gpio: Initialize the irqchip valid_mask with a callback gpiolib: acpi: make acpi_can_fallback_to_crs() static gpio: Fix further merge errors gpio: Fix up merge collision in include file gpio: of: Normalize return code variable name gpio: gpiolib: Normalize return code variable name gpio: ep93xx: Pass irqchip when adding gpiochip ...
2019-09-17Merge tag 'spi-v5.4' of ↵Linus Torvalds4-5/+5
git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi updates from Mark Brown: "The big theme for this release has been performance, we've had a series of unrelated overhauls of a few drivers all with a big peformance component. Otherwise it's been relatively quiet, highlights include: - A big overhaul of the spi-fsl-dspi driver improving the code quality, performance and stability from Vladimir Oltean. - A big performance enhancement for the bc2835 (Raspberry Pi) driver for unidirectional transfers from Lukas Wunner. - Improved performance on small transfers for the uniphier driver from Keiji Hayashibara. - Lots of coccinelle generated cleanups from Yue Haibing. - New device support for Freescale ls2080a and Nuvoton NPCM FIU" * tag 'spi-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: (102 commits) spi: mediatek: support large PA spi: mediatek: add spi support for mt6765 IC dt-bindings: spi: update bindings for MT6765 SoC spi: bcm2835: Speed up RX-only DMA transfers by zero-filling TX FIFO spi: bcm2835: Speed up TX-only DMA transfers by clearing RX FIFO dmaengine: bcm2835: Avoid accessing memory when copying zeroes spi: bcm2835: Cache CS register value for ->prepare_message() dmaengine: bcm2835: Document struct bcm2835_dmadev spi: Guarantee cacheline alignment of driver-private data dmaengine: bcm2835: Allow reusable descriptors dmaengine: bcm2835: Allow cyclic transactions without interrupt spi: bcm2835: Drop dma_pending flag spi: bcm2835: Work around DONE bit erratum spi-gpio: Use PTR_ERR_OR_ZERO() in spi_gpio_request() spi: Use an abbreviated pointer to ctlr->cur_msg in __spi_pump_messages spi: npcm-fiu: remove set but not used variable 'retlen' spi: fsl-spi: use devm_platform_ioremap_resource() to simplify code spi: zynq-qspi: use devm_platform_ioremap_resource() to simplify code spi: zynqmp: use devm_platform_ioremap_resource() to simplify code spi: xlp: use devm_platform_ioremap_resource() to simplify code ...
2019-09-16Merge tag 'hwmon-for-v5.4' of ↵Linus Torvalds1-0/+3
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon updates from Guenter Roeck: "New drivers: - Inspur Power System power supply driver - Synaptics AS370 PVT sensor driver Chip support: - support SHTC3 in shtc1 driver - support NCT6116 in nct6775 driver - support AMD family 17h, model 70h CPUs in k10temp driver - support PCT2075 in lm75 driver Removed drivers: - ads1015 driver (now supported in iio) Other changes: - Convert drivers to use devm_i2c_new_dummy_device - Substantial structural improvements in lm75 driver adding support for writing sample interval for supported chips - Add support for PSU version 2 to ibm-cffps driver - Add support for power attribute to iio_hwmon bridge - Add support for additional fan, voltage and temperature attributes to nct7904 driver - Convert adt7475 driver to use hwmon_device_register_with_groups() - Convert k8temp driver to use hwmon_device_register_with_info() - Various other improvements and minor fixes" * tag 'hwmon-for-v5.4' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: (48 commits) hwmon: submitting-patches: Add note on comment style hwmon: submitting-patches: Point to with_info API hwmon: (nct7904) Fix incorrect SMI status register setting of LTD temperature and fan. hwmon: (shtc1) add support for the SHTC3 sensor hwmon: (shtc1) fix shtc1 and shtw1 id mask hwmon: (lm75) Aproximate sample times to data-sheet values hwmon: (w83793d) convert to use devm_i2c_new_dummy_device hwmon: (w83792d) convert to use devm_i2c_new_dummy_device hwmon: (w83791d) convert to use devm_i2c_new_dummy_device hwmon: (as370-hwmon) fix devm_platform_ioremap_resource.cocci warnings hwmon: (lm75) Add support for writing sampling period on PCT2075 hwmon: (lm75) Add support for writing conversion time for TMP112 hwmon: (lm75) Move updating the sample interval to its own function hwmon: (lm75) Support configuring the sample time for various chips hwmon: (nct7904) Fix incorrect temperature limitation register setting of LTD. hwmon: (as370-hwmon) Add DT bindings for Synaptics AS370 PVT hwmon: Add Synaptics AS370 PVT sensor driver pmbus: (ibm-cffps) Add support for version 2 of the PSU dt-bindings: hwmon: Document ibm,cffps2 compatible string hwmon: (iio_hwmon) Enable power exporting from IIO ...
2019-09-16Merge branch 'ras-core-for-linus' of ↵Linus Torvalds1-2/+2
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RAS updates from Borislav Petkov: "The latest meager RAS updates: - Enable processing of action-optional MCEs which have the Overflow bit set (Tony Luck) - -Wmissing-prototypes warning fix and a build fix (Valdis Klētnieks)" * 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: RAS: Build debugfs.o only when enabled in Kconfig RAS: Fix prototype warnings x86/mce: Don't check for the overflow bit on action optional machine checks
2019-09-15Merge branch 'spi-5.4' into spi-nextMark Brown4-5/+5
2019-09-15Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds6-4/+124
Pull kvm fixes from Paolo Bonzini: "The main change here is a revert of reverts. We recently simplified some code that was thought unnecessary; however, since then KVM has grown quite a few cond_resched()s and for that reason the simplified code is prone to livelocks---one CPUs tries to empty a list of guest page tables while the others keep adding to them. This adds back the generation-based zapping of guest page tables, which was not unnecessary after all. On top of this, there is a fix for a kernel memory leak and a couple of s390 fixlets as well" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot KVM: x86: work around leak of uninitialized stack contents KVM: nVMX: handle page fault in vmread KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl KVM: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it as target for memset()
2019-09-15Merge tag 'riscv/for-v5.3' of ↵Linus Torvalds2-8/+8
git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux Pull RISC-V fix from Paul Walmsley: "Last week, Palmer and I learned that there was an error in the RISC-V kernel image header format that could make it less compatible with the ARM64 kernel image header format. I had missed this error during my original reviews of the patch. The kernel image header format is an interface that impacts bootloaders, QEMU, and other user tools. Those packages must be updated to align with whatever is merged in the kernel. We would like to avoid proliferating these image formats by keeping the RISC-V header as close as possible to the existing ARM64 header. Since the arch/riscv patch that adds support for the image header was merged with our v5.3-rc1 pull request as commit 0f327f2aaad6a ("RISC-V: Add an Image header that boot loader can parse."), we think it wise to try to fix this error before v5.3 is released. The fix itself should be backwards-compatible with any project that has already merged support for premature versions of this interface. It primarily involves ensuring that the RISC-V image header has something useful in the same field as the ARM64 image header" * tag 'riscv/for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux: riscv: modify the Image header to improve compatibility with the ARM64 header
2019-09-14Merge tag 'kvm-s390-master-5.3-1' of ↵Paolo Bonzini2-1/+13
git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux into kvm-master KVM: s390: Fixes for 5.3 - prevent a user triggerable oops in the migration code - do not leak kernel stack content
2019-09-14KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslotSean Christopherson2-2/+101
James Harvey reported a livelock that was introduced by commit d012a06ab1d23 ("Revert "KVM: x86/mmu: Zap only the relevant pages when removing a memslot""). The livelock occurs because kvm_mmu_zap_all() as it exists today will voluntarily reschedule and drop KVM's mmu_lock, which allows other vCPUs to add shadow pages. With enough vCPUs, kvm_mmu_zap_all() can get stuck in an infinite loop as it can never zap all pages before observing lock contention or the need to reschedule. The equivalent of kvm_mmu_zap_all() that was in use at the time of the reverted commit (4e103134b8623, "KVM: x86/mmu: Zap only the relevant pages when removing a memslot") employed a fast invalidate mechanism and was not susceptible to the above livelock. There are three ways to fix the livelock: - Reverting the revert (commit d012a06ab1d23) is not a viable option as the revert is needed to fix a regression that occurs when the guest has one or more assigned devices. It's unlikely we'll root cause the device assignment regression soon enough to fix the regression timely. - Remove the conditional reschedule from kvm_mmu_zap_all(). However, although removing the reschedule would be a smaller code change, it's less safe in the sense that the resulting kvm_mmu_zap_all() hasn't been used in the wild for flushing memslots since the fast invalidate mechanism was introduced by commit 6ca18b6950f8d ("KVM: x86: use the fast way to invalidate all pages"), back in 2013. - Reintroduce the fast invalidate mechanism and use it when zapping shadow pages in response to a memslot being deleted/moved, which is what this patch does. For all intents and purposes, this is a revert of commit ea145aacf4ae8 ("Revert "KVM: MMU: fast invalidate all pages"") and a partial revert of commit 7390de1e99a70 ("Revert "KVM: x86: use the fast way to invalidate all pages""), i.e. restores the behavior of commit 5304b8d37c2a5 ("KVM: MMU: fast invalidate all pages") and commit 6ca18b6950f8d ("KVM: x86: use the fast way to invalidate all pages") respectively. Fixes: d012a06ab1d23 ("Revert "KVM: x86/mmu: Zap only the relevant pages when removing a memslot"") Reported-by: James Harvey <jamespharvey20@gmail.com> Cc: Alex Willamson <alex.williamson@redhat.com> Cc: Paolo Bonzini <pbonzini@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-09-14KVM: x86: work around leak of uninitialized stack contentsFuqian Huang1-0/+7
Emulation of VMPTRST can incorrectly inject a page fault when passed an operand that points to an MMIO address. The page fault will use uninitialized kernel stack memory as the CR2 and error code. The right behavior would be to abort the VM with a KVM_EXIT_INTERNAL_ERROR exit to userspace; however, it is not an easy fix, so for now just ensure that the error code and CR2 are zero. Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com> Cc: stable@vger.kernel.org [add comment] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-09-14KVM: nVMX: handle page fault in vmreadPaolo Bonzini1-1/+3
The implementation of vmread to memory is still incomplete, as it lacks the ability to do vmread to I/O memory just like vmptrst. Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-09-14riscv: modify the Image header to improve compatibility with the ARM64 headerPaul Walmsley2-8/+8
Part of the intention during the definition of the RISC-V kernel image header was to lay the groundwork for a future merge with the ARM64 image header. One error during my original review was not noticing that the RISC-V header's "magic" field was at a different size and position than the ARM64's "magic" field. If the existing ARM64 Image header parsing code were to attempt to parse an existing RISC-V kernel image header format, it would see a magic number 0. This is undesirable, since it's our intention to align as closely as possible with the ARM64 header format. Another problem was that the original "res3" field was not being initialized correctly to zero. Address these issues by creating a 32-bit "magic2" field in the RISC-V header which matches the ARM64 "magic" field. RISC-V binaries will store "RSC\x05" in this field. The intention is that the use of the existing 64-bit "magic" field in the RISC-V header will be deprecated over time. Increment the minor version number of the file format to indicate this change, and update the documentation accordingly. Fix the assembler directives in head.S to ensure that reserved fields are properly zero-initialized. Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com> Reported-by: Palmer Dabbelt <palmer@sifive.com> Reviewed-by: Palmer Dabbelt <palmer@sifive.com> Cc: Atish Patra <atish.patra@wdc.com> Cc: Karsten Merker <merker@debian.org> Link: https://lore.kernel.org/linux-riscv/194c2f10c9806720623430dbf0cc59a965e50448.camel@wdc.com/T/#u Link: https://lore.kernel.org/linux-riscv/mhng-755b14c4-8f35-4079-a7ff-e421fd1b02bc@palmer-si-x1e/T/#t
2019-09-12parisc: Have git ignore generated real2.S and firmware.cJeroen Roovers1-0/+2
These files are not covered in globs from any other .gitignore files. Signed-off-by: Jeroen Roovers <jer@gentoo.org> Signed-off-by: Helge Deller <deller@gmx.de>
2019-09-12Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds2-16/+23
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "A KVM guest fix, and a kdump kernel relocation errors fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/timer: Force PIT initialization when !X86_FEATURE_ARAT x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors
2019-09-12KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctlThomas Huth2-1/+11
When the userspace program runs the KVM_S390_INTERRUPT ioctl to inject an interrupt, we convert them from the legacy struct kvm_s390_interrupt to the new struct kvm_s390_irq via the s390int_to_s390irq() function. However, this function does not take care of all types of interrupts that we can inject into the guest later (see do_inject_vcpu()). Since we do not clear out the s390irq values before calling s390int_to_s390irq(), there is a chance that we copy random data from the kernel stack which could be leaked to the userspace later. Specifically, the problem exists with the KVM_S390_INT_PFAULT_INIT interrupt: s390int_to_s390irq() does not handle it, and the function __inject_pfault_init() later copies irq->u.ext which contains the random kernel stack data. This data can then be leaked either to the guest memory in __deliver_pfault_init(), or the userspace might retrieve it directly with the KVM_S390_GET_IRQ_STATE ioctl. Fix it by handling that interrupt type in s390int_to_s390irq(), too, and by making sure that the s390irq struct is properly pre-initialized. And while we're at it, make sure that s390int_to_s390irq() now directly returns -EINVAL for unknown interrupt types, so that we immediately get a proper error code in case we add more interrupt types to do_inject_vcpu() without updating s390int_to_s390irq() sometime in the future. Cc: stable@vger.kernel.org Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Link: https://lore.kernel.org/kvm/20190912115438.25761-1-thuth@redhat.com Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2019-09-12KVM: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it ↵Igor Mammedov1-0/+2
as target for memset() If userspace doesn't set KVM_MEM_LOG_DIRTY_PAGES on memslot before calling kvm_s390_vm_start_migration(), kernel will oops with: Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000000000000 TEID: 0000000000000483 Fault in home space mode while using kernel ASCE. AS:0000000002a2000b R2:00000001bff8c00b R3:00000001bff88007 S:00000001bff91000 P:000000000000003d Oops: 0004 ilc:2 [#1] SMP ... Call Trace: ([<001fffff804ec552>] kvm_s390_vm_set_attr+0x347a/0x3828 [kvm]) [<001fffff804ecfc0>] kvm_arch_vm_ioctl+0x6c0/0x1998 [kvm] [<001fffff804b67e4>] kvm_vm_ioctl+0x51c/0x11a8 [kvm] [<00000000008ba572>] do_vfs_ioctl+0x1d2/0xe58 [<00000000008bb284>] ksys_ioctl+0x8c/0xb8 [<00000000008bb2e2>] sys_ioctl+0x32/0x40 [<000000000175552c>] system_call+0x2b8/0x2d8 INFO: lockdep is turned off. Last Breaking-Event-Address: [<0000000000dbaf60>] __memset+0xc/0xa0 due to ms->dirty_bitmap being NULL, which might crash the host. Make sure that ms->dirty_bitmap is set before using it or return -EINVAL otherwise. Cc: <stable@vger.kernel.org> Fixes: afdad61615cc ("KVM: s390: Fix storage attributes migration with memory slots") Signed-off-by: Igor Mammedov <imammedo@redhat.com> Link: https://lore.kernel.org/kvm/20190911075218.29153-1-imammedo@redhat.com/ Reviewed-by: David Hildenbrand <david@redhat.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com> Reviewed-by: Cornelia Huck <cohuck@redhat.com> Reviewed-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
2019-09-11Merge branches 'arm/omap', 'arm/exynos', 'arm/smmu', 'arm/mediatek', ↵Joerg Roedel6-22/+48
'arm/qcom', 'arm/renesas', 'x86/amd', 'x86/vt-d' and 'core' into next
2019-09-10Merge tag 'ipc-fixes' of ↵Linus Torvalds1-15/+18
git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic Pull ipc regression fixes from Arnd Bergmann: "Fix ipc regressions from y2038 patches These are two regression fixes for bugs that got introduced during the system call rework that went into linux-5.1 but only bisected and fixed now: - One patch affects semtimedop() on many of the less common 32-bit architectures, this just needs a single-line bugfix. - The other affects only sparc64 and has a slightly more invasive workaround to apply the same change to sparc64 that was done to the generic code used everywhere else" * tag 'ipc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arnd/asm-generic: ipc: fix sparc64 ipc() wrapper ipc: fix semtimedop for generic 32-bit architectures
2019-09-08parisc: add support for kexec_file_load() syscallSven Schnelle4-0/+104
Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de>
2019-09-08parisc: wire up kexec_file_load syscallSven Schnelle1-1/+2
Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de>
2019-09-08parisc: add kexec syscall supportSven Schnelle6-0/+306
Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de>
2019-09-08parisc: add __pdc_cpu_rendezvous()Sven Schnelle3-0/+15
When stopping SMP cpus send them into rendezvous, so we can start them again later (when kexec'ing a new kernel). Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de>
2019-09-08x86/timer: Force PIT initialization when !X86_FEATURE_ARATJan Stancek1-0/+4
KVM guests with commit c8c4076723da ("x86/timer: Skip PIT initialization on modern chipsets") applied to guest kernel have been observed to have unusually higher CPU usage with symptoms of increase in vm exits for HLT and MSW_WRITE (MSR_IA32_TSCDEADLINE). This is caused by older QEMUs lacking support for X86_FEATURE_ARAT. lapic clock retains CLOCK_EVT_FEAT_C3STOP and nohz stays inactive. There's no usable broadcast device either. Do the PIT initialization if guest CPU lacks X86_FEATURE_ARAT. On real hardware it shouldn't matter as ARAT and DEADLINE come together. Fixes: c8c4076723da ("x86/timer: Skip PIT initialization on modern chipsets") Signed-off-by: Jan Stancek <jstancek@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2019-09-08Revert "x86/apic: Include the LDR when clearing out APIC registers"Linus Torvalds1-4/+0
This reverts commit 558682b5291937a70748d36fd9ba757fb25b99ae. Chris Wilson reports that it breaks his CPU hotplug test scripts. In particular, it breaks offlining and then re-onlining the boot CPU, which we treat specially (and the BIOS does too). The symptoms are that we can offline the CPU, but it then does not come back online again: smpboot: CPU 0 is now offline smpboot: Booting Node 0 Processor 0 APIC 0x0 smpboot: do_boot_cpu failed(-1) to wakeup CPU#0 Thomas says he knows why it's broken (my personal suspicion: our magic handling of the "cpu0_logical_apicid" thing), but for 5.3 the right fix is to just revert it, since we've never touched the LDR bits before, and it's not worth the risk to do anything else at this stage. [ Hotpluging of the boot CPU is special anyway, and should be off by default. See the "BOOTPARAM_HOTPLUG_CPU0" config option and the cpu0_hotplug kernel parameter. In general you should not do it, and it has various known limitations (hibernate and suspend require the boot CPU, for example). But it should work, even if the boot CPU is special and needs careful treatment - Linus ] Link: https://lore.kernel.org/lkml/156785100521.13300.14461504732265570003@skylake-alporthouse-com/ Reported-by: Chris Wilson <chris@chris-wilson.co.uk> Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: Bandan Das <bsd@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2019-09-07ipc: fix sparc64 ipc() wrapperArnd Bergmann1-15/+18
Matt bisected a sparc64 specific issue with semctl, shmctl and msgctl to a commit from my y2038 series in linux-5.1, as I missed the custom sys_ipc() wrapper that sparc64 uses in place of the generic version that I patched. The problem is that the sys_{sem,shm,msg}ctl() functions in the kernel now do not allow being called with the IPC_64 flag any more, resulting in a -EINVAL error when they don't recognize the command. Instead, the correct way to do this now is to call the internal ksys_old_{sem,shm,msg}ctl() functions to select the API version. As we generally move towards these functions anyway, change all of sparc_ipc() to consistently use those in place of the sys_*() versions, and move the required ksys_*() declarations into linux/syscalls.h The IS_ENABLED(CONFIG_SYSVIPC) check is required to avoid link errors when ipc is disabled. Reported-by: Matt Turner <mattst88@gmail.com> Fixes: 275f22148e87 ("ipc: rename old-style shmctl/semctl/msgctl syscalls") Cc: stable@vger.kernel.org Tested-by: Matt Turner <mattst88@gmail.com> Tested-by: Anatoly Pugachev <matorola@gmail.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-09-07kprobes/parisc: remove arch_kprobe_on_func_entry()Jisheng Zhang1-4/+0
The common kprobes provides a weak implementation of arch_kprobe_on_func_entry(). The parisc version is the same as the common version, so remove it. Signed-off-by: Jisheng Zhang <Jisheng.Zhang@synaptics.com> Acked-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: Helge Deller <deller@gmx.de>
2019-09-07kexec: add KEXEC_ELFSven Schnelle3-540/+9
Right now powerpc provides an implementation to read elf files with the kexec_file_load() syscall. Make that available as a public kexec interface so it can be re-used on other architectures. Signed-off-by: Sven Schnelle <svens@stackframe.org> Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Helge Deller <deller@gmx.de>
2019-09-06Merge tag 'armsoc-fixes' of ↵Linus Torvalds2-3/+4
git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc Pull ARM SoC fixes from Arnd Bergmann: "There are three more fixes for this week: - The Windows-on-ARM laptops require a workaround to prevent crashing at boot from ACPI - The Renesas 'draak' board needs one bugfix for the backlight regulator - Also for Renesas, the 'hihope' board accidentally had its eMMC turned off in the 5.3 merge window" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: soc: qcom: geni: Provide parameter error checking arm64: dts: renesas: hihope-common: Fix eMMC status arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name
2019-09-06Merge tag 'powerpc-5.3-5' of ↵Linus Torvalds2-18/+4
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "One fix for a boot hang on some Freescale machines when PREEMPT is enabled. Two CVE fixes for bugs in our handling of FP registers and transactional memory, both of which can result in corrupted FP state, or FP state leaking between processes. Thanks to: Chris Packham, Christophe Leroy, Gustavo Romero, Michael Neuling" * tag 'powerpc-5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction powerpc/64e: Drop stale call to smp_processor_id() which hangs SMP startup
2019-09-06x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large ↵Steve Wahl1-16/+19
to fix kexec relocation errors The last change to this Makefile caused relocation errors when loading a kdump kernel. Restore -mcmodel=large (not -mcmodel=kernel), -ffreestanding, and -fno-zero-initialized-bsss, without reverting to the former practice of resetting KBUILD_CFLAGS. Purgatory.ro is a standalone binary that is not linked against the rest of the kernel. Its image is copied into an array that is linked to the kernel, and from there kexec relocates it wherever it desires. With the previous change to compiler flags, the error "kexec: Overflow in relocation type 11 value 0x11fffd000" was encountered when trying to load the crash kernel. This is from kexec code trying to relocate the purgatory.ro object. From the error message, relocation type 11 is R_X86_64_32S. The x86_64 ABI says: "The R_X86_64_32 and R_X86_64_32S relocations truncate the computed value to 32-bits. The linker must verify that the generated value for the R_X86_64_32 (R_X86_64_32S) relocation zero-extends (sign-extends) to the original 64-bit value." This type of relocation doesn't work when kexec chooses to place the purgatory binary in memory that is not reachable with 32 bit addresses. The compiler flag -mcmodel=kernel allows those type of relocations to be emitted, so revert to using -mcmodel=large as was done before. Also restore the -ffreestanding and -fno-zero-initialized-bss flags because they are appropriate for a stand alone piece of object code which doesn't explicitly zero the bss, and one other report has said undefined symbols are encountered without -ffreestanding. These identical compiler flag changes need to happen for every object that becomes part of the purgatory.ro object, so gather them together first into PURGATORY_CFLAGS_REMOVE and PURGATORY_CFLAGS, and then apply them to each of the objects that have C source. Do not apply any of these flags to kexec-purgatory.o, which is not part of the standalone object but part of the kernel proper. Tested-by: Vaibhav Rustagi <vaibhavrustagi@google.com> Tested-by: Andreas Smas <andreas@lonelycoder.com> Signed-off-by: Steve Wahl <steve.wahl@hpe.com> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Cc: Borislav Petkov <bp@alien8.de> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: None Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: clang-built-linux@googlegroups.com Cc: dimitri.sivanich@hpe.com Cc: mike.travis@hpe.com Cc: russ.anderson@hpe.com Fixes: b059f801a937 ("x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS") Link: https://lkml.kernel.org/r/20190905202346.GA26595@swahl-linux Signed-off-by: Ingo Molnar <mingo@kernel.org>
2019-09-05Merge branch 'x86-urgent-for-linus' of ↵Linus Torvalds3-4/+9
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: - EFI boot fix for signed kernels - an AC flags fix related to UBSAN - Hyper-V infinite loop fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/hyper-v: Fix overflow bug in fill_gva_list() x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation x86/boot: Preserve boot_params.secure_boot from sanitizing
2019-09-05Merge tag 'renesas-fixes2-for-v5.3' of ↵Arnd Bergmann1-0/+1
git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into arm/fixes Second Round of Renesas ARM Based SoC Fixes for v5.3 * RZ/G2M based HiHope main board - Re-enabled accidently disabled SDHI3 (eMMC) support * tag 'renesas-fixes2-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: arm64: dts: renesas: hihope-common: Fix eMMC status Link: https://lore.kernel.org/r/cover.1567675986.git.horms+renesas@verge.net.au Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-09-05parisc: Drop comments which are already in pci.hHelge Deller1-11/+0
Signed-off-by: Helge Deller <deller@gmx.de>
2019-09-05Merge tag 'v5.3-rc7' into develLinus Walleij293-3033/+2484
Linux 5.3-rc7
2019-09-05riscv: move the TLB flush logic out of lineChristoph Hellwig3-30/+45
The TLB flush logic is going to become more complex. Start moving it out of line. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Atish Patra <atish.patra@wdc.com> [paul.walmsley@sifive.com: fixed checkpatch whitespace warnings] Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2019-09-05riscv: don't use the rdtime(h) pseudo-instructionsChristoph Hellwig1-23/+21
If we just use the CSRs that these map to directly the code is simpler and doesn't require extra inline assembly code. Also fix up the top-level comment in timer-riscv.c to not talk about the cycle count or mention details of the clocksource interface, of which this file is just a consumer. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Atish Patra <atish.patra@wdc.com> Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2019-09-05riscv: cleanup riscv_cpuid_to_hartid_maskChristoph Hellwig4-8/+1
Move the initial clearing of the mask from the callers to riscv_cpuid_to_hartid_mask, and remove the unused !CONFIG_SMP stub. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Atish Patra <atish.patra@wdc.com> Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2019-09-05riscv: optimize send_ipi_singleChristoph Hellwig1-1/+7
Don't go through send_ipi_mask, but just set the op bit and then pass a simple generated hartid mask directly to sbi_send_ipi. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Atish Patra <atish.patra@wdc.com> [paul.walmsley@sifive.com: minor patch description fixes] Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2019-09-05riscv: cleanup send_ipi_maskChristoph Hellwig1-9/+7
Use the special barriers for atomic bitops to make the intention a little more clear, and use riscv_cpuid_to_hartid_mask instead of open coding it. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Atish Patra <atish.patra@wdc.com> Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2019-09-05riscv: refactor the IPI codeChristoph Hellwig1-24/+31
This prepares for adding native non-SBI IPI code. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Atish Patra <atish.patra@wdc.com> Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2019-09-05riscv: Add support for perf registers samplingMao Han4-0/+89
This patch implements the perf registers sampling and validation API for the riscv arch. The valid registers and their register ID are defined in perf_regs.h. Perf tool can backtrace in userspace with unwind library and the registers/user stack dump support. Signed-off-by: Mao Han <han_mao@c-sky.com> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Greentime Hu <green.hu@gmail.com> Cc: Palmer Dabbelt <palmer@sifive.com> Cc: linux-riscv <linux-riscv@lists.infradead.org> Cc: Christoph Hellwig <hch@lst.de> Cc: Guo Ren <guoren@kernel.org> Tested-by: Greentime Hu <greentime.hu@sifive.com> [paul.walmsley@sifive.com: minor patch description fix] Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2019-09-04riscv: Add perf callchain supportMao Han4-3/+101
This patch add support for perf callchain sampling on riscv platforms. The return address of leaf function is retrieved from pt_regs as it is not saved in the outmost frame. Signed-off-by: Mao Han <han_mao@c-sky.com> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Greentime Hu <green.hu@gmail.com> Cc: Palmer Dabbelt <palmer@sifive.com> Cc: linux-riscv <linux-riscv@lists.infradead.org> Cc: Christoph Hellwig <hch@lst.de> Cc: Guo Ren <guoren@kernel.org> Tested-by: Greentime Hu <greentime.hu@sifive.com> [paul.walmsley@sifive.com: fixed some 'checkpatch.pl --strict' issues; fixed patch description spelling] Signed-off-by: Paul Walmsley <paul.walmsley@sifive.com>
2019-09-04Merge tag 'renesas-fixes-for-v5.3' of ↵Arnd Bergmann1-3/+3
git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into arm/fixes Renesas ARM Based SoC Fixes for v5.3 * R-Car D3 (r8a77995) based Draak Board - Correct backlight regulator name in device tree * tag 'renesas-fixes-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2019-09-04powerpc/tm: Fix restoring FP/VMX facility incorrectly on interruptsGustavo Romero1-16/+2
When in userspace and MSR FP=0 the hardware FP state is unrelated to the current process. This is extended for transactions where if tbegin is run with FP=0, the hardware checkpoint FP state will also be unrelated to the current process. Due to this, we need to ensure this hardware checkpoint is updated with the correct state before we enable FP for this process. Unfortunately we get this wrong when returning to a process from a hardware interrupt. A process that starts a transaction with FP=0 can take an interrupt. When the kernel returns back to that process, we change to FP=1 but with hardware checkpoint FP state not updated. If this transaction is then rolled back, the FP registers now contain the wrong state. The process looks like this: Userspace: Kernel Start userspace with MSR FP=0 TM=1 < ----- ... tbegin bne Hardware interrupt ---- > <do_IRQ...> .... ret_from_except restore_math() /* sees FP=0 */ restore_fp() tm_active_with_fp() /* sees FP=1 (Incorrect) */ load_fp_state() FP = 0 -> 1 < ----- Return to userspace with MSR TM=1 FP=1 with junk in the FP TM checkpoint TM rollback reads FP junk When returning from the hardware exception, tm_active_with_fp() is incorrectly making restore_fp() call load_fp_state() which is setting FP=1. The fix is to remove tm_active_with_fp(). tm_active_with_fp() is attempting to handle the case where FP state has been changed inside a transaction. In this case the checkpointed and transactional FP state is different and hence we must restore the FP state (ie. we can't do lazy FP restore inside a transaction that's used FP). It's safe to remove tm_active_with_fp() as this case is handled by restore_tm_state(). restore_tm_state() detects if FP has been using inside a transaction and will set load_fp and call restore_math() to ensure the FP state (checkpoint and transaction) is restored. This is a data integrity problem for the current process as the FP registers are corrupted. It's also a security problem as the FP registers from one process may be leaked to another. Similarly for VMX. A simple testcase to replicate this will be posted to tools/testing/selftests/powerpc/tm/tm-poison.c This fixes CVE-2019-15031. Fixes: a7771176b439 ("powerpc: Don't enable FP/Altivec if not checkpointed") Cc: stable@vger.kernel.org # 4.15+ Signed-off-by: Gustavo Romero <gromero@linux.ibm.com> Signed-off-by: Michael Neuling <mikey@neuling.org> Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> Link: https://lore.kernel.org/r/20190904045529.23002-2-gromero@linux.vnet.ibm.com