Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v4.5 2016-02-01T22:36:38Z 2016-02-01T22:36:38Z James Hogan james.hogan@imgtec.com 2016-02-01T13:50:37Z urn:sha1:00fe56dca6a845d5f10ef0398eef26e559e8f98c The FPU should not be left enabled after a task context switch. This isn't usually a problem as the FPU enable bit is updated before returning to userland, however it can potentially mask kernel bugs, and in fact KVM assumes it won't happen and won't clear the FPU enable bit before returning to the guest, which allows the guest to use stale FPU context. Interrupts and exceptions save and restore most bits of the CP0 Status register which contains the FPU enable bit (CU1). When the kernel needs to enable or disable the FPU (for example due to attempted FPU use by userland, or the scheduler being invoked) both the actual Status register and the saved value in the userland context are updated. However this doesn't work correctly with full kernel preemption enabled, since the FPU enable bit can be cleared from within an interrupt when the scheduler is invoked, and only the userland context is updated, not the interrupt context. For example: 1) Enter kernel with FPU already enabled, TIF_USEDFPU=1, Status.CU1=1 saved. 2) Take a timer interrupt while in kernel mode, Status.CU1=1 saved. 3) Timer interrupt invokes scheduler to preempt the task, which clears TIF_USEDFPU, disables the FPU in Status register (Status.CU1=0), and the value stored in user context from step (1), but not the interrupt context from step (2). 4) When the process is scheduled back in again Status.CU1=0. 5) The interrupt context from step (2) is restored, which sets Status.CU1=1. So from user context point of view, preemption has re-enabled FPU! 6) If the scheduler is invoked again (via preemption or voluntarily) before returning to userland, TIF_USEDFPU=0 so the FPU is not disabled before the task context switch. 7) The next task resumes from the context switch with FPU enabled! The restoring of the Status register on return from interrupt/exception is already selective about which bits to restore, leaving the interrupt mask bits alone so enabling/disabling of CPU interrupt lines can persist. Extend this to also leave both the CU1 bit (FPU enable) and the FR bit (which specifies the FPU mode and gets changed with CU1). This prevents a stale Status value being restored in step (5) above and persisting through subsequent context switches. Also switch to the use of definitions from asm/mipsregs.h while we're at it. Since this change also affects the restoration of Status register on the path back to userland, it increases the sensitivity of the kernel to the problem of the FPU being left enabled, allowing it to propagate to userland, therefore a warning is also added to lose_fpu_inatomic() to point out any future reoccurances before they do any damage. Signed-off-by: James Hogan <james.hogan@imgtec.com> Reviewed-by: Paul Burton <paul.burton@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/12303/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2015-08-03T08:29:11Z James Hogan james.hogan@imgtec.com 2015-07-31T15:29:38Z urn:sha1:3aff47c062b944a5e1f9af56a37a23f5295628fc When EVA is enabled, flush the Return Prediction Stack (RPS) present on some MIPS cores on entry to the kernel from user mode. This is important specifically for interAptiv with EVA enabled, otherwise kernel mode RPS mispredicts may trigger speculative fetches of user return addresses, which may be sensitive in the kernel address space due to EVA's overlapping user/kernel address spaces. Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Ralf Baechle <ralf@linux-mips.org> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com> Cc: linux-mips@linux-mips.org Cc: <stable@vger.kernel.org> # 3.15.x- Patchwork: https://patchwork.linux-mips.org/patch/10812/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2015-02-17T15:37:17Z Leonid Yegoshin Leonid.Yegoshin@imgtec.com 2014-10-27T11:37:47Z urn:sha1:6a0e9865b9003ba2bb1c3135dd99185946fa7159 The HI/LO registers have been removed from MIPS R6. Instructions such as MULT and DIV have been replaced with a new pair of instructions for the HI/LO operations for example: MULT -> MUL, MUH DIV -> DIV, MOD So we avoid preserving the pre-R6 HI/LO registers in MIPS R6 Signed-off-by: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com> Signed-off-by: Markos Chandras <markos.chandras@imgtec.com> 2014-05-23T22:07:01Z Ralf Baechle ralf@linux-mips.org 2014-05-23T14:29:44Z urn:sha1:b633648c5ad3cfbda0b3daea50d2135d44899259 Nobody is maintaining SMTC anymore and there also seems to be no userbase. Which is a pity - the SMTC technology primarily developed by Kevin D. Kissell <kevink@paralogos.com> is an ingenious demonstration for the MT ASE's power and elegance. Based on Markos Chandras <Markos.Chandras@imgtec.com> patch https://patchwork.linux-mips.org/patch/6719/ which while very similar did no longer apply cleanly when I tried to merge it plus some additional post-SMTC cleanup - SMTC was a feature as tricky to remove as it was to merge once upon a time. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2014-03-31T16:17:12Z Ralf Baechle ralf@linux-mips.org 2014-03-30T11:20:10Z urn:sha1:a809d46066d5171ed446d59a51cd1e57d99fcfc3 With binutils 2.24 the attempt to switch with microMIPS mode to MIPS III mode through .set mips3 results in *lots* of warnings like {standard input}: Assembler messages: {standard input}:397: Warning: the 64-bit MIPS architecture does not support the `smartmips' extension during a kernel build. Fixed by using .set arch=r4000 instead. This breaks support for building the kernel with binutils 2.13 which was supported for 32 bit kernels only anyway and 2.14 which was a bad vintage for MIPS anyway. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2013-10-29T20:23:51Z Jayachandran C jchandra@broadcom.com 2013-08-11T11:40:16Z urn:sha1:c2377a42cd7696022448bcebaa12b07427dc1038 The definition of the CP0 register used to save the smp processor id is repicated in many files, move them all to thread_info.h. Signed-off-by: Jayachandran C <jchandra@broadcom.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/5708/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2013-07-01T13:10:56Z David Daney david.daney@cavium.com 2013-06-21T21:14:53Z urn:sha1:8dfdd02a4c9de3aa7f2bfdec515e57340e401c87 The ABI allows these to be clobbered on syscalls, so only save and restore the multiplier state when the temporary registers need to be preserved. Signed-off-by: David Daney <david.daney@cavium.com> Cc: linux-mips@linux-mips.org Cc: David Daney <david.daney@cavium.com> Patchwork: https://patchwork.linux-mips.org/patch/5540/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2013-05-09T15:55:18Z Steven J. Hill Steven.Hill@imgtec.com 2013-03-25T17:15:55Z urn:sha1:2a0b24f56c2492b932f1aed617ae80fb23500d21 All exceptions must be taken in microMIPS mode, never in classic MIPS mode or the kernel falls apart. A few NOP instructions are used to maintain the correct alignment of microMIPS versions of the exception vectors. Signed-off-by: Steven J. Hill <Steven.Hill@imgtec.com> 2013-02-01T09:00:22Z Ralf Baechle ralf@linux-mips.org 2013-01-22T11:59:30Z urn:sha1:7034228792cc561e79ff8600f02884bd4c80e287 Having received another series of whitespace patches I decided to do this once and for all rather than dealing with this kind of patches trickling in forever. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> 2011-09-21T15:54:02Z David Daney david.daney@cavium.com 2011-08-30T13:45:20Z urn:sha1:d968275921f9fa7fbc602ac6618ffec6a062ee3c Reported-by: Edgar E. Iglesias <edgar.iglesias@gmail.com> Signed-off-by: David Daney <david.daney@cavium.com> Patchwork: https://patchwork.linux-mips.org/patch/2753/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>