linux/arch/mips/kernel, branch v4.2

MIPS: Fix LLVM build issue.

2015-08-18T09:40:20Z

Matthew Fortune reports: The genex.S file appears to mix the case of a macro between its definition and use. A cut down example of this is below. The macro __build_clear_none has lower case 'build' but ends up being instantiated with upper case BUILD. Can this be fixed on master. It has been picked up by the LLVM integrated assembler which is currently case sensitive. We are likely to fix the assembler as well but the code is currently inconsistent in the kernel. .macro __build_clear_none .endm .macro __BUILD_HANDLER exception handler clear verbose ext .align 5 .globl handle_\exception; .align 2; .type handle_\exception, @function; .ent handle_\exception, 0; handle_\exception: .frame $29, 184, $29 .set noat .globl handle_\exception\ext; .type handle_\exception\ext, @function; handle_\exception\ext: __BUILD_clear_\clear .endm .macro BUILD_HANDLER exception handler clear verbose __BUILD_HANDLER \exception \handler \clear \verbose _int .endm BUILD_HANDLER ftlb ftlb none silent Signed-off-by: Ralf Baechle Reported-by: Matthew Fortune

MIPS: Fix seccomp syscall argument for MIPS64

2015-08-16T13:00:59Z

Commit 4c21b8fd8f14 ("MIPS: seccomp: Handle indirect system calls (o32)") fixed indirect system calls on O32 but it also introduced a bug for MIPS64 where it erroneously modified the v0 (syscall) register with the assumption that the sycall offset hasn't been taken into consideration. This breaks seccomp on MIPS64 n64 and n32 ABIs. We fix this by replacing the addition with a move instruction. Fixes: 4c21b8fd8f14 ("MIPS: seccomp: Handle indirect system calls (o32)") Cc: # 3.15+ Reviewed-by: James Hogan Signed-off-by: Markos Chandras Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/10951/ Signed-off-by: Ralf Baechle

Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus

2015-08-09T02:59:21Z

Pull MIPS fixes from Ralf Baechle: "Another round of MIPS fixes for 4.2. No area does particularly stand out but we have a two unpleasant ones: - Kernel ptes are marked with a global bit which allows the kernel to share kernel TLB entries between all processes. For this to work both entries of an adjacent even/odd pte pair need to have the global bit set. There has been a subtle race in setting the other entry's global bit since ~ 2000 but it take particularly pathological workloads that essentially do mostly vmalloc/vfree to trigger this. This pull request fixes the 64-bit case but leaves the case of 32 bit CPUs with 64 bit ptes unsolved for now. The unfixed cases affect hardware that is not available in the field yet. - Instruction emulation requires loading instructions from user space but the current fast but simplistic approach will fail on pages that are PROT_EXEC but !PROT_READ. For this reason we temporarily do not permit this permission and will map pages with PROT_EXEC | PROT_READ. The remainder of this pull request is more or less across the field and the short log explains them well" * 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: MIPS: Make set_pte() SMP safe. MIPS: Replace add and sub instructions in relocate_kernel.S with addiu MIPS: Flush RPS on kernel entry with EVA Revert "MIPS: BCM63xx: Provide a plat_post_dma_flush hook" MIPS: BMIPS: Delete unused Kconfig symbol MIPS: Export get_c0_perfcount_int() MIPS: show_stack: Fix stack trace with EVA MIPS: do_mcheck: Fix kernel code dump with EVA MIPS: SMP: Don't increment irq_count multiple times for call function IPIs MIPS: Partially disable RIXI support. MIPS: Handle page faults of executable but unreadable pages correctly. MIPS: Malta: Don't reinitialise RTC MIPS: unaligned: Fix build error on big endian R6 kernels MIPS: Fix sched_getaffinity with MT FPAFF enabled MIPS: Fix build with CONFIG_OF=y for non OF-enabled targets CPUFREQ: Loongson2: Fix broken build due to incorrect include.

signal: fix information leak in copy_siginfo_from_user32

2015-08-07T01:39:40Z

This function can leak kernel stack data when the user siginfo_t has a positive si_code value. The top 16 bits of si_code descibe which fields in the siginfo_t union are active, but they are treated inconsistently between copy_siginfo_from_user32, copy_siginfo_to_user32 and copy_siginfo_to_user. copy_siginfo_from_user32 is called from rt_sigqueueinfo and rt_tgsigqueueinfo in which the user has full control overthe top 16 bits of si_code. This fixes the following information leaks: x86: 8 bytes leaked when sending a signal from a 32-bit process to itself. This leak grows to 16 bytes if the process uses x32. (si_code = __SI_CHLD) x86: 100 bytes leaked when sending a signal from a 32-bit process to a 64-bit process. (si_code = -1) sparc: 4 bytes leaked when sending a signal from a 32-bit process to a 64-bit process. (si_code = any) parsic and s390 have similar bugs, but they are not vulnerable because rt_[tg]sigqueueinfo have checks that prevent sending a positive si_code to a different process. These bugs are also fixed for consistency. Signed-off-by: Amanieu d'Antras Cc: Oleg Nesterov Cc: Ingo Molnar Cc: Russell King Cc: Ralf Baechle Cc: Benjamin Herrenschmidt Cc: Chris Metcalf Cc: Paul Mackerras Cc: Michael Ellerman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

MIPS: Replace add and sub instructions in relocate_kernel.S with addiu

2015-08-03T13:26:30Z

Fixes the assembler errors generated when compiling a MIPS R6 kernel with CONFIG_KEXEC on, by replacing the offending add and sub instructions with addiu instructions. Build errors: arch/mips/kernel/relocate_kernel.S: Assembler messages: arch/mips/kernel/relocate_kernel.S:27: Error: invalid operands `dadd $16,$16,8' arch/mips/kernel/relocate_kernel.S:64: Error: invalid operands `dadd $20,$20,8' arch/mips/kernel/relocate_kernel.S:65: Error: invalid operands `dadd $18,$18,8' arch/mips/kernel/relocate_kernel.S:66: Error: invalid operands `dsub $22,$22,1' scripts/Makefile.build:294: recipe for target 'arch/mips/kernel/relocate_kernel.o' failed Signed-off-by: James Cowgill Cc: # 4.0+ Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/10558/ Signed-off-by: Ralf Baechle

MIPS: show_stack: Fix stack trace with EVA

2015-08-03T07:25:17Z

The show_stack() function deals exclusively with kernel contexts, but if it gets called in user context with EVA enabled, show_stacktrace() will attempt to access the stack using EVA accesses, which will either read other user mapped data, or more likely cause an exception which will be handled by __get_user(). This is easily reproduced using SysRq t to show all task states, which results in the following stack dump output: Stack : (Bad stack address) Fix by setting the current user access mode to kernel around the call to show_stacktrace(). This causes __get_user() to use normal loads to read the kernel stack. Now we get the correct output, like this: Stack : 00000000 80168960 00000000 004a0000 00000000 00000000 8060016c 1f3abd0c 1f172cd8 8056f09c 7ff1e450 8014fc3c 00000001 806dd0b0 0000001d 00000002 1f17c6a0 1f17c804 1f17c6a0 8066f6e0 00000000 0000000a 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 0110e800 1f3abd6c 1f17c6a0 ... Signed-off-by: James Hogan Cc: Markos Chandras Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Cc: # 3.15+ Patchwork: https://patchwork.linux-mips.org/patch/10778/ Signed-off-by: Ralf Baechle

MIPS: do_mcheck: Fix kernel code dump with EVA

2015-08-03T07:25:14Z

If a machine check exception is raised in kernel mode, user context, with EVA enabled, then the do_mcheck handler will attempt to read the code around the EPC using EVA load instructions, i.e. as if the reads were from user mode. This will either read random user data if the process has anything mapped at the same address, or it will cause an exception which is handled by __get_user, resulting in this output: Code: (Bad address in epc) Fix by setting the current user access mode to kernel if the saved register context indicates the exception was taken in kernel mode. This causes __get_user to use normal loads to read the kernel code. Signed-off-by: James Hogan Cc: Markos Chandras Cc: Leonid Yegoshin Cc: linux-mips@linux-mips.org Cc: # 3.15+ Patchwork: https://patchwork.linux-mips.org/patch/10777/ Signed-off-by: Ralf Baechle

MIPS: SMP: Don't increment irq_count multiple times for call function IPIs

2015-08-03T07:25:12Z

The majority of SMP platforms handle their IPIs through do_IRQ() which calls irq_{enter/exit}(). When a call function IPI is received, smp_call_function_interrupt() is called which also calls irq_{enter,exit}(), meaning irq_count is raised twice. When tick broadcasting is used (which is implemented via a call function IPI), this incorrectly causes all CPU idle time on the core receiving broadcast ticks to be accounted as time spent servicing IRQs, as account_process_tick() will account as such if irq_count is greater than 1. This results in 100% CPU usage being reported on a core which receives its ticks via broadcast. This patch removes the SMP smp_call_function_interrupt() wrapper which calls irq_{enter,exit}(). Platforms which handle their IPIs through do_IRQ() now call generic_smp_call_function_interrupt() directly to avoid incrementing irq_count a second time. Platforms which don't (loongson, sgi-ip27, sibyte) call generic_smp_call_function_interrupt() wrapped in irq_{enter,exit}(). Signed-off-by: Alex Smith Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/10770/ Signed-off-by: Ralf Baechle

MIPS: unaligned: Fix build error on big endian R6 kernels

2015-08-03T07:25:05Z

Commit eeb538950367 ("MIPS: unaligned: Prevent EVA instructions on kernel unaligned accesses") renamed the Load* and Store* defines in unaligned.c to _Load* and _Store* as part of its fix. One define was missed out which causes big endian R6 kernels to fail to build. arch/mips/kernel/unaligned.c:880:35: error: implicit declaration of function '_StoreDW' #define StoreDW(addr, value, res) _StoreDW(addr, value, res) ^ Signed-off-by: James Cowgill Fixes: eeb538950367 ("MIPS: unaligned: Prevent EVA instructions on kernel unaligned accesses") Cc: Markos Chandras Cc: # 4.0+ Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/10575/ Signed-off-by: Ralf Baechle

MIPS: Fix sched_getaffinity with MT FPAFF enabled

2015-08-03T07:25:02Z

p->thread.user_cpus_allowed is zero-initialized and is only filled on the first sched_setaffinity call. To avoid adding overhead in the task initialization codepath, simply OR the returned mask in sched_getaffinity with p->cpus_allowed. Cc: stable@vger.kernel.org Signed-off-by: Felix Fietkau Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/10740/ Signed-off-by: Ralf Baechle