linux-stable.git/arch/arm/kernel, branch v3.4 Linux kernel stable tree ARM: 7414/1: SMP: prevent use of the console when using idmap_pgd 2012-05-06T10:10:41+00:00 Colin Cross ccross@android.com 2012-05-05T19:58:13+00:00 fde165b2a29673aabf18ceff14dea1f1cfb0daad Commit 4e8ee7de227e3ab9a72040b448ad728c5428a042 (ARM: SMP: use idmap_pgd for mapping MMU enable during secondary booting) switched secondary boot to use idmap_pgd, which is initialized during early_initcall, instead of a page table initialized during __cpu_up. This causes idmap_pgd to contain the static mappings but be missing all dynamic mappings. If a console is registered that creates a dynamic mapping, the printk in secondary_start_kernel will trigger a data abort on the missing mapping before the exception handlers have been initialized, leading to a hang. Initial boot is not affected because no consoles have been registered, and resume is usually not affected because the offending console is suspended. Onlining a cpu with hotplug triggers the problem. A workaround is to the printk in secondary_start_kernel until after the page tables have been switched back to init_mm. Cc: <stable@vger.kernel.org> Signed-off-by: Colin Cross <ccross@android.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
Commit 4e8ee7de227e3ab9a72040b448ad728c5428a042 (ARM: SMP: use
idmap_pgd for mapping MMU enable during secondary booting)
switched secondary boot to use idmap_pgd, which is initialized
during early_initcall, instead of a page table initialized during
__cpu_up.  This causes idmap_pgd to contain the static mappings
but be missing all dynamic mappings.

If a console is registered that creates a dynamic mapping, the
printk in secondary_start_kernel will trigger a data abort on
the missing mapping before the exception handlers have been
initialized, leading to a hang.  Initial boot is not affected
because no consoles have been registered, and resume is usually
not affected because the offending console is suspended.
Onlining a cpu with hotplug triggers the problem.

A workaround is to the printk in secondary_start_kernel until
after the page tables have been switched back to init_mm.

Cc: <stable@vger.kernel.org>
Signed-off-by: Colin Cross <ccross@android.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
ARM: 7412/1: audit: use only AUDIT_ARCH_ARM regardless of endianness 2012-05-05T12:54:01+00:00 Will Deacon will.deacon@arm.com 2012-05-04T16:53:52+00:00 2f978366984a418f38fcf44137be1fbc5a89cfd9 The machine endianness has no direct correspondence to the syscall ABI, so use only AUDIT_ARCH_ARM when identifying the ABI to the audit tools in userspace. Cc: stable@vger.kernel.org Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
The machine endianness has no direct correspondence to the syscall ABI,
so use only AUDIT_ARCH_ARM when identifying the ABI to the audit tools
in userspace.

Cc: stable@vger.kernel.org
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
ARM: 7411/1: audit: fix treatment of saved ip register during syscall tracing 2012-05-05T12:54:01+00:00 Will Deacon will.deacon@arm.com 2012-05-04T16:52:02+00:00 6a68b6f574c8ad2c1d90f0db8fd95b8abe8a0a73 The ARM audit code incorrectly uses the saved application ip register value to infer syscall entry or exit. Additionally, the saved value will be clobbered if the current task is not being traced, which can lead to libc corruption if ip is live (apparently glibc uses it for the TLS pointer). This patch fixes the syscall tracing code so that the why parameter is used to infer the syscall direction and the saved ip is only updated if we know that we will be signalling a ptrace trap. Reported-and-Tested-by: Jon Masters <jcm@jonmasters.org> Cc: stable@vger.kernel.org Cc: Eric Paris <eparis@redhat.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
The ARM audit code incorrectly uses the saved application ip register
value to infer syscall entry or exit. Additionally, the saved value will
be clobbered if the current task is not being traced, which can lead to
libc corruption if ip is live (apparently glibc uses it for the TLS
pointer).

This patch fixes the syscall tracing code so that the why parameter is
used to infer the syscall direction and the saved ip is only updated if
we know that we will be signalling a ptrace trap.

Reported-and-Tested-by: Jon Masters <jcm@jonmasters.org>

Cc: stable@vger.kernel.org
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
ARM: 7410/1: Add extra clobber registers for assembly in kernel_execve 2012-05-05T12:54:01+00:00 Tim Bird tim.bird@am.sony.com 2012-05-02T21:55:39+00:00 e787ec1376e862fcea1bfd523feb7c5fb43ecdb9 The inline assembly in kernel_execve() uses r8 and r9. Since this code sequence does not return, it usually doesn't matter if the register clobber list is accurate. However, I saw a case where a particular version of gcc used r8 as an intermediate for the value eventually passed to r9. Because r8 is used in the inline assembly, and not mentioned in the clobber list, r9 was set to an incorrect value. This resulted in a kernel panic on execution of the first user-space program in the system. r9 is used in ret_to_user as the thread_info pointer, and if it's wrong, bad things happen. Cc: <stable@vger.kernel.org> Signed-off-by: Tim Bird <tim.bird@am.sony.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
The inline assembly in kernel_execve() uses r8 and r9.  Since this
code sequence does not return, it usually doesn't matter if the
register clobber list is accurate.  However, I saw a case where a
particular version of gcc used r8 as an intermediate for the value
eventually passed to r9.  Because r8 is used in the inline
assembly, and not mentioned in the clobber list, r9 was set
to an incorrect value.

This resulted in a kernel panic on execution of the first user-space
program in the system.  r9 is used in ret_to_user as the thread_info
pointer, and if it's wrong, bad things happen.

Cc: <stable@vger.kernel.org>
Signed-off-by: Tim Bird <tim.bird@am.sony.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
ARM: 7406/1: hotplug: copy the affinity mask when forcefully migrating IRQs 2012-04-28T10:01:31+00:00 Will Deacon will.deacon@arm.com 2012-04-27T11:56:24+00:00 5e7371ded05adfcfcee44a8bc070bfc37979b8f2 When a CPU is hotplugged off, we migrate any IRQs currently affine to it away and onto another online CPU by calling the irq_set_affinity function of the relevant interrupt controller chip. This function returns either IRQ_SET_MASK_OK or IRQ_SET_MASK_OK_NOCOPY, to indicate whether irq_data.affinity was updated. If we are forcefully migrating an interrupt (because the affinity mask no longer identifies any online CPUs) then we should update the IRQ affinity mask to reflect the new CPU set. Failure to do so can potentially leave /proc/irq/n/smp_affinity identifying only offline CPUs, which may confuse userspace IRQ balancing daemons. This patch updates migrate_one_irq to copy the affinity mask when the interrupt chip returns IRQ_SET_MASK_OK after forcefully changing the affinity of an interrupt. Cc: stable@vger.kernel.org Reported-by: Leif Lindholm <leif.lindholm@arm.com> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
When a CPU is hotplugged off, we migrate any IRQs currently affine to it
away and onto another online CPU by calling the irq_set_affinity
function of the relevant interrupt controller chip. This function
returns either IRQ_SET_MASK_OK or IRQ_SET_MASK_OK_NOCOPY, to indicate
whether irq_data.affinity was updated.

If we are forcefully migrating an interrupt (because the affinity mask
no longer identifies any online CPUs) then we should update the IRQ
affinity mask to reflect the new CPU set. Failure to do so can
potentially leave /proc/irq/n/smp_affinity identifying only offline
CPUs, which may confuse userspace IRQ balancing daemons.

This patch updates migrate_one_irq to copy the affinity mask when
the interrupt chip returns IRQ_SET_MASK_OK after forcefully changing the
affinity of an interrupt.

Cc: stable@vger.kernel.org
Reported-by: Leif Lindholm <leif.lindholm@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
ARM: 7405/1: kexec: call platform_cpu_kill on the killer rather than the victim 2012-04-28T10:01:31+00:00 Will Deacon will.deacon@arm.com 2012-04-27T11:51:43+00:00 6fa99b7f80b4a7ed2cf616eae393bb6d9d51ba8f When performing a kexec on an SMP system, the secondary cores are stopped by calling machine_shutdown(), which in turn issues IPIs to offline the other CPUs. Unfortunately, this isn't enough to reboot the cores into a new kernel (since they are just executing a cpu_relax loop somewhere in memory) so we make use of platform_cpu_kill, part of the CPU hotplug implementation, to place the cores somewhere safe. This function expects to be called on the killing CPU for each core that it takes out. This patch moves the platform_cpu_kill callback out of the IPI handler and into smp_send_stop, therefore ensuring that it executes on the killing CPU rather than on the victim, matching what the hotplug code requires. Cc: stable@vger.kernel.org Reported-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
When performing a kexec on an SMP system, the secondary cores are stopped
by calling machine_shutdown(), which in turn issues IPIs to offline the
other CPUs. Unfortunately, this isn't enough to reboot the cores into
a new kernel (since they are just executing a cpu_relax loop somewhere
in memory) so we make use of platform_cpu_kill, part of the CPU hotplug
implementation, to place the cores somewhere safe. This function expects
to be called on the killing CPU for each core that it takes out.

This patch moves the platform_cpu_kill callback out of the IPI handler
and into smp_send_stop, therefore ensuring that it executes on the
killing CPU rather than on the victim, matching what the hotplug code
requires.

Cc: stable@vger.kernel.org
Reported-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
ARM: 7399/1: vfp: move user vfp state save/restore code out of signal.c 2012-04-23T14:44:41+00:00 Will Deacon will.deacon@arm.com 2012-04-23T14:38:28+00:00 2498814fcb3068f19b82b1519b4038721f61af43 The user VFP state must be preserved (subject to ucontext modifications) across invocation of a signal handler and this is currently handled by vfp_{preserve,restore}_context in signal.c Since this code requires intimate low-level knowledge of the VFP state, this patch moves it into vfpmodule.c. Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
The user VFP state must be preserved (subject to ucontext modifications)
across invocation of a signal handler and this is currently handled by
vfp_{preserve,restore}_context in signal.c

Since this code requires intimate low-level knowledge of the VFP state,
this patch moves it into vfpmodule.c.

Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Revert "ARM: 7359/2: smp_twd: Only wait for reprogramming on active cpus" 2012-04-19T18:35:10+00:00 Russell King rmk+kernel@arm.linux.org.uk 2012-04-19T18:35:10+00:00 3cd88f993e8b24855ed135b36bc6ed53dff38f08 This reverts commit 9f85550347f51c79a917b2aec04c90691c11e20a. Peter Zijlstra says: | Argh, how did that ever make it upstream, please drop. | | Russell, please make that go away upstream. | | Like I said, this is both completely the wrong way to solve, and you're | so not paying attention, see: | | 5fbd036b552f633abb394a319f7c62a5c86a9cd7 | 2baab4e90495ebc9826c93f79d74d6e60a828d24 | e3831edd59edf57ca11fc289f08961b20baf5146 | | What's even worse: | | git describe --contains 9f85550347f51c79a917b2aec04c90691c11e20a --match "v*" | v3.4-rc3~1^2~3 | | that nonsense got merged long after those other commits. Linus Walleij says: | My bad, was because the initial patch was submitted march 9th before | these fixes were merged: | http://marc.info/?l=linux-arm-kernel&m=133159655513844&w=2 | | It was pending for a while in Russell's patch tracker and I | rebased it to -rc2 without paying enough attention to recent | related scheduler fixes ... lesson learned. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
This reverts commit 9f85550347f51c79a917b2aec04c90691c11e20a.

Peter Zijlstra says:
| Argh, how did that ever make it upstream, please drop.
|
| Russell, please make that go away upstream.
|
| Like I said, this is both completely the wrong way to solve, and you're
| so not paying attention, see:
|
|   5fbd036b552f633abb394a319f7c62a5c86a9cd7
|   2baab4e90495ebc9826c93f79d74d6e60a828d24
|   e3831edd59edf57ca11fc289f08961b20baf5146
|
| What's even worse:
|
| git describe --contains 9f85550347f51c79a917b2aec04c90691c11e20a --match "v*"
| v3.4-rc3~1^2~3
|
| that nonsense got merged long after those other commits.

Linus Walleij says:
| My bad, was because the initial patch was submitted march 9th before
| these fixes were merged:
| http://marc.info/?l=linux-arm-kernel&m=133159655513844&w=2
|
| It was pending for a while in Russell's patch tracker and I
| rebased it to -rc2 without paying enough attention to recent
| related scheduler fixes ... lesson learned.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
ARM: 7382/1: mm: truncate memory banks to fit in 4GB space for classic MMU 2012-04-15T21:00:30+00:00 Will Deacon will.deacon@arm.com 2012-04-12T16:15:08+00:00 e5ab85800820edd907d3f43f285e1232f84d5a41 If a bank of memory spanning the 4GB boundary is added on a !CONFIG_LPAE kernel then we will hang early during boot since the memory bank will have wrapped around to zero. This patch truncates memory banks for !LPAE configurations when the end address is not representable in 32 bits. Acked-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
If a bank of memory spanning the 4GB boundary is added on a !CONFIG_LPAE
kernel then we will hang early during boot since the memory bank will
have wrapped around to zero.

This patch truncates memory banks for !LPAE configurations when the end
address is not representable in 32 bits.

Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
ARM: 7359/2: smp_twd: Only wait for reprogramming on active cpus 2012-04-15T21:00:29+00:00 Linus Walleij linus.walleij@linaro.org 2012-04-10T11:37:42+00:00 9f85550347f51c79a917b2aec04c90691c11e20a During booting of cpu1, there is a short window where cpu1 is online, but not active where cpu1 is occupied by waiting to become active. If cpu0 then decides to schedule something on cpu1 and wait for it to complete, before cpu0 has set cpu1 active, we have a deadlock. Typically it's this CPU frequency transition that happens at this time, so let's just not wait for it to happen, it will happen whenever the CPU eventually comes online instead. Cc: Peter Zijlstra <peterz@infradead.org> Cc: stable@kernel.org Signed-off-by: Jonas Aaberg <jonas.aberg@stericsson.com> Reviewed-by: Rickard Andersson <rickard.andersson@stericsson.com> Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
During booting of cpu1, there is a short window where cpu1
is online, but not active where cpu1 is occupied by waiting
to become active. If cpu0 then decides to schedule something
on cpu1 and wait for it to complete, before cpu0 has set
cpu1 active, we have a deadlock.

Typically it's this CPU frequency transition that happens at
this time, so let's just not wait for it to happen, it will
happen whenever the CPU eventually comes online instead.

Cc: Peter Zijlstra <peterz@infradead.org>
Cc: stable@kernel.org
Signed-off-by: Jonas Aaberg <jonas.aberg@stericsson.com>
Reviewed-by: Rickard Andersson <rickard.andersson@stericsson.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>