This fixes CVE-2013-0190 / XSA-40
There has been an error on the xen_failsafe_callback path for failed
iret, which causes the stack pointer to be wrong when entering the
iret_exc error path. This can result in the kernel crashing.
In the classic kernel case, the relevant code looked a little like:
popl %eax # Error code from hypervisor
jz 5f
addl $16,%esp
jmp iret_exc # Hypervisor said iret fault
5: addl $16,%esp
# Hypervisor said segment selector fault
Here, there are two identical addls on either option of a branch which
appears to have been optimised by hoisting it above the jz, and
converting it to an lea, which leaves the flags register unaffected.
In the PVOPS case, the code looks like:
popl_cfi %eax # Error from the hypervisor
lea 16(%esp),%esp # Add $16 before choosing fault path
CFI_ADJUST_CFA_OFFSET -16
jz 5f
addl $16,%esp # Incorrectly adjust %esp again
jmp iret_exc
It is possible unprivileged userspace applications to cause this
behaviour, for example by loading an LDT code selector, then changing
the code selector to be not-present. At this point, there is a race
condition where it is possible for the hypervisor to return back to
userspace from an interrupt, fault on its own iret, and inject a
failsafe_callback into the kernel.
This bug has been present since the introduction of Xen PVOPS support
in commit 5ead97c84 (xen: Core Xen implementation), in 2.6.23.
Signed-off-by: Frediano Ziglio <frediano.ziglio@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: stable@vger.kernel.org
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
This reverts commit 41bd956de3.
The fix is incorrect and not appropiate for the latest kernels.
In fact it _causes_ the BUG: scheduling while atomic while
doing vCPU hotplug.
Suggested-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
iQEcBAABAgAGBQJQxqj1AAoJEHm+PkMAQRiG9MQH/j21UwP2QGpdpXbWAnFMjtlv
uE/yCFhPoqR1QjjE6oRlO6MHFA41xGDbr5RQki9Ik2AfSYiastt4ZWYvtSJKVTCr
O0Lj+Cdt/2qBkGiARHqVEBZ4S/l/cw4/EHPb5StFyu3ggnPPQhoPIP7oAmRn0+mh
NNb5CEcJOLqIaJSteqMP71Q899ncbLayBnimYCaC2f6r00beqNXIqxSHipcPlUsf
ehNxqCX+5z5Q788EL33EL8GpBcy4Ueevu6nvnuVI8qIEnBnrBVngsiaQ4Hti+2eK
A//4DYoF2N1wLjQv7hFeiwMURQ16OlxXoc/Z66sv2QQRwPxOIQlxdhWuey4KebA=
=7LYr
-----END PGP SIGNATURE-----
Merge tag 'v3.7' into stable/for-linus-3.8
Linux 3.7
* tag 'v3.7': (833 commits)
Linux 3.7
Input: matrix-keymap - provide proper module license
Revert "revert "Revert "mm: remove __GFP_NO_KSWAPD""" and associated damage
ipv4: ip_check_defrag must not modify skb before unsharing
Revert "mm: avoid waking kswapd for THP allocations when compaction is deferred or contended"
inet_diag: validate port comparison byte code to prevent unsafe reads
inet_diag: avoid unsafe and nonsensical prefix matches in inet_diag_bc_run()
inet_diag: validate byte code to prevent oops in inet_diag_bc_run()
inet_diag: fix oops for IPv4 AF_INET6 TCP SYN-RECV state
mm: vmscan: fix inappropriate zone congestion clearing
vfs: fix O_DIRECT read past end of block device
net: gro: fix possible panic in skb_gro_receive()
tcp: bug fix Fast Open client retransmission
tmpfs: fix shared mempolicy leak
mm: vmscan: do not keep kswapd looping forever due to individual uncompactable zones
mm: compaction: validate pfn range passed to isolate_freepages_block
mmc: sh-mmcif: avoid oops on spurious interrupts (second try)
Revert misapplied "mmc: sh-mmcif: avoid oops on spurious interrupts"
mmc: sdhci-s3c: fix missing clock for gpio card-detect
lib/Makefile: Fix oid_registry build dependency
...
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Conflicts:
arch/arm/xen/enlighten.c
drivers/xen/Makefile
[We need to have the v3.7 base as the 'for-3.8' was based off v3.7-rc3
and there are some patches in v3.7-rc6 that we to have in our branch]
The runstate of vcpu should be restored for all possible cpus, as well as the
vcpu info placement.
Acked-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Git commit 30106c1743
("x86, hotplug: Support functions for CPU0 online/offline") alters what
the call to smp_store_cpu_info() does. For BSP we should use the
smp_store_boot_cpu_info() and for secondary CPU's the old
variant of smp_store_cpu_info() should be used. This fixes
the regression introduced by said commit.
Reported-and-Tested-by: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Pull MIPS fixes from Ralf Baechle:
"These are the fixes for the N32 syscall bugs found by Al, an
extraneous break that broke detection for R3000 and R3081 processors,
an endless loop processing signals for kernel task (x86 received the
same fix a while ago) and a fix for transparent huge page which took
ages to track down because it was so hard to come up with a workable
test case."
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: Fix endless loop when processing signals for kernel tasks
MIPS: R3000/R3081: Fix CPU detection.
MIPS: N32: Fix signalfd4 syscall entry point
MIPS: N32: Fix preadv(2) and pwritev(2) entry points.
MIPS: Avoid mcheck by flushing page range in huge_ptep_set_access_flags()
The problem occurs [1] when a kernel-mode task returns from a system
call with a pending signal.
A real-life scenario is a child of 'khelper' returning from a failed
kernel_execve() in ____call_usermodehelper() [ kernel/kmod.c ].
kernel_execve() fails due to a pending SIGKILL, which is the result of
"kill -9 -1" (at least, busybox's init does it upon reboot).
The loop is as follows:
* syscall_exit_work:
- work_pending: // start_of_the_loop
- work_notifysig:
- do_notify_resume()
- do_signal()
- if (!user_mode(regs)) return;
- resume_userspace // TIF_SIGPENDING is still set
- work_pending // so we call work_pending => goto
// start_of_the_loop
More information can be found in another LKML thread:
http://www.serverphorums.com/read.php?12,457826
[1] The problem was also reproduced on !CONFIG_VM86 x86, and the
following fix was accepted.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=29a2e2836ff9ea65a603c89df217f4198973a74f
Signed-off-by: Dmitry Adamushko <dmitry.adamushko@gmail.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/3571/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Broken since e05ea74fc56f347f872ef9946d27c53e8bf20864 (lmo) rsp.
cea7e2dfde (kernel.org) [MIPS: Sort out CPU
type to name translation.] These CPUs are no longer very popular to say
the least ...
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Reported-by: Murphy McCauley <murphy.mccauley@gmail.com>
This needs to use the compat entry point or it's going to fail on big
endian systems.
Noticed by Al Viro.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
By using the native syscall entry point the kernel was also expecting
64-bit iovec structures.
This is broken since ddd9e91b71 [preadv/
pwritev: MIPS: Add preadv(2) and pwritev(2) syscalls.] which originally
added these two syscalls. I walked through piles of code, including
libc and couldn't find anything that would have worked around the issue
so this change the API to what it should always have been.
Noticed and patch suggested by Al Viro.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Pull sparc fixes from David Miller:
"Two small fixes for Sparc, nobody uses sparc, so these are low risk :-)
1) Piggyback is too picky about the symbol types that _start and _end
have in the final kernel image, and it thus breaks with newer
binutils. Future proof by getting rid of the symbol type checks.
2) exit_group() should kill register windows on sparc64 the same way
we do for plain exit(). Thanks to Al Viro for spotting this."
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc: Fix piggyback with newer binutils.
sparc64: exit_group should kill register windows just like plain exit.
Problem:
1) Huge page mapping of anonymous memory is initially invalid. Will be
faulted in by copy-on-write mechanism.
2) Userspace attempts store at the end of the huge mapping.
3) TLB Refill exception handler fill TLB with a normal (4K sized)
invalid page at the end of the huge mapping virtual address range.
4) Userspace restarted, and re-attempts the store at the end of the
huge mapping.
5) Page from #3 is invalid, we get a fault and go to the hugepage
fault handler. This tries to map a huge page and calls
huge_ptep_set_access_flags() to install the mapping.
6) We just call the generic ptep_set_access_flags() to set up the page
tables, but the flush there assumes a normal (4K sized) page and
only tries to flush the first part of the huge page virtual address
out of the TLB, since the existing entry from step #3 doesn't
conflict, nothing is flushed.
7) We attempt to load the mapping into the TLB, but because it
conflicts with the entry from step #3, we get a Machine Check
exception.
The fix: Flush the entire rage covered by the huge page in
huge_ptep_set_access_flags(), and remove the optimization in
local_flush_tlb_range() so that the flush actually does the correct
thing.
Signed-off-by: David Daney <david.daney@cavium.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Cc: Hillf Danton <dhillf@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/4661/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
(cherry picked from commit dd617f258cc39d36be26afee9912624a2d23112c)
Newer versions of binutils mark '_end' as 'B' instead of 'A' for
whatever reason.
To be honest, the piggyback code doesn't actually care what kind
of symbol _start and _end are, it just wants to find them and
record the address.
So remove the type from the match strings.
Reported-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
In commit 9d73fc2d64 ("open*(2) compat fixes (s390, arm64)") I said:
>
> The usual rules for open()/openat()/open_by_handle_at() are
> 1) native 32bit - don't force O_LARGEFILE in flags
> 2) native 64bit - force O_LARGEFILE in flags
> 3) compat on 64bit host - as for native 32bit
> 4) native 32bit ABI for 64bit system (mips/n32, x86/x32) - as for native 64bit
>
> There are only two exceptions - s390 compat has open() forcing O_LARGEFILE and
> arm64 compat has open_by_handle_at() doing the same thing. The same binaries
> on native host (s390/31 and arm resp.) will *not* force O_LARGEFILE, so IMO
> both are emulation bugs.
Three exceptions, actually - parisc open() is another case like that.
Native 32bit won't force O_LARGEFILE, the same binary on parisc64 will.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The usual rules for open()/openat()/open_by_handle_at() are
1) native 32bit - don't force O_LARGEFILE in flags
2) native 64bit - force O_LARGEFILE in flags
3) compat on 64bit host - as for native 32bit
4) native 32bit ABI for 64bit system (mips/n32, x86/x32) - as for
native 64bit
There are only two exceptions - s390 compat has open() forcing
O_LARGEFILE and arm64 compat has open_by_handle_at() doing the same
thing. The same binaries on native host (s390/31 and arm resp.) will
*not* force O_LARGEFILE, so IMO both are emulation bugs.
Objections? The fix is obvious...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull RCU fix from Ingo Molnar:
"Fix leaking RCU extended quiescent state, which might trigger warnings
and mess up the extended quiescent state tracking logic into thinking
that we are in "RCU user mode" while we aren't."
* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
rcu: Fix unrecovered RCU user mode in syscall_trace_leave()
Pull perf fixes from Ingo Molnar:
"This is mostly about unbreaking architectures that took the UAPI
changes in the v3.7 cycle, plus misc fixes."
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf kvm: Fix building perf kvm on non x86 arches
perf kvm: Rename perf_kvm to perf_kvm_stat
perf: Make perf build for x86 with UAPI disintegration applied
perf powerpc: Use uapi/unistd.h to fix build error
tools: Pass the target in descend
tools: Honour the O= flag when tool build called from a higher Makefile
tools: Define a Makefile function to do subdir processing
x86: Export asm/{svm.h,vmx.h,perf_regs.h}
perf tools: Fix strbuf_addf() when the buffer needs to grow
perf header: Fix numa topology printing
perf, powerpc: Fix hw breakpoints returning -ENOSPC
Pull x86 fixes from Peter Anvin.
This includes the resume-time FPU corruption fix from the chromeos guys,
marked for stable.
* 'x86/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, fpu: Avoid FPU lazy restore after suspend
x86-32: Unbreak booting on some 486 clones
x86, kvm: Remove incorrect redundant assembly constraint
Pull assorted signal-related fixes from Al Viro:
"uml regression fix (braino in sys_execve() patch) + a bunch of fucked
sigaltstack-on-rt_sigreturn uses, similar to sparc64 fix that went in
through davem's tree. m32r horrors not included - that one's waiting
for maintainer."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/signal:
microblaze: rt_sigreturn is too trigger-happy about sigaltstack errors
score: do_sigaltstack() expects a userland pointer...
sh64: fix altstack switching on sigreturn
openrisk: fix altstack switching on sigreturn
um: get_safe_registers() should be done in flush_thread(), not start_thread()
* 'arm-privcmd-for-3.8' of git://xenbits.xen.org/people/ianc/linux:
xen: arm: implement remap interfaces needed for privcmd mappings.
xen: correctly use xen_pfn_t in remap_domain_mfn_range.
xen: arm: enable balloon driver
xen: balloon: allow PVMMU interfaces to be compiled out
xen: privcmd: support autotranslated physmap guests.
xen: add pages parameter to xen_remap_domain_mfn_range
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
After merging the xen-two tree, today's linux-next build (x86_64
allmodconfig) produced this warning:
arch/x86/xen/enlighten.c: In function 'init_hvm_pv_info':
arch/x86/xen/enlighten.c:1617:16: warning: unused variable 'ebx' [-Wunused-variable]
arch/x86/xen/enlighten.c:1617:11: warning: unused variable 'eax' [-Wunused-variable]
Introduced by commit 9d02b43dee ("xen PVonHVM: use E820_Reserved area
for shared_info").
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
When a cpu enters S3 state, the FPU state is lost.
After resuming for S3, if we try to lazy restore the FPU for a process running
on the same CPU, this will result in a corrupted FPU context.
Ensure that "fpu_owner_task" is properly invalided when (re-)initializing a CPU,
so nobody will try to lazy restore a state which doesn't exist in the hardware.
Tested with a 64-bit kernel on a 4-core Ivybridge CPU with eagerfpu=off,
by doing thousands of suspend/resume cycles with 4 processes doing FPU
operations running. Without the patch, a process is killed after a
few hundreds cycles by a SIGFPE.
Cc: Duncan Laurie <dlaurie@chromium.org>
Cc: Olof Johansson <olofj@chromium.org>
Cc: <stable@kernel.org> v3.4+ # for 3.4 need to replace this_cpu_write by percpu_write
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
Link: http://lkml.kernel.org/r/1354306532-1014-1-git-send-email-vpalatin@chromium.org
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
These are three fixes for the Marvell EBU family and one for the Samsung
s3c platforms. All of them are obvious should still make it into 3.7.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUAULdtoGCrR//JCVInAQLC8Q/7B8PWsUiNz2VSgCHC5pTDM1V2TqxjkhEI
fdxlKQ5vgmY917j1J87mZLX6TKeXFcQaoAIHZlTI6ilRNk4CReRBC8lR3o+xlR0r
aBCv+fOXtsDtEMUWRPLWr+6lu8OLyqWHy7viW0bSHOt3frPAxLr0XM9QYyusXv2L
x9ddBza4xM4DstxwQQH6yITqqGxkkhXTnnMqQ75J9rSxnJpC32CYs3MgN7/aMeV7
8v6pGp2YYjwSnZxbL/2Oo0if4T/45f7wncFfMGPKDvGLin6BZ8ml0pH1QeN0lM5O
49F61S8DPbntabaaqWfFStrzUCNIsTLNLRE4mYVGw8YoBdf2BuZIeH3nPaq24av7
da93P2vmLbnrIuttdM6NURjPy8N8HD6wAnRuue+T8NQrDEtHwLIpatQp24CJEFyo
ReXieb67SHrYZZIaQllDDsZrrPImFbX7xklHUxd+5UjT9VW8CE4r1pirt1D/cVwR
n9rJ0TKERrliy/Wm2W6//Vs906QXcynMkvzCMBWm9MGJb8sd0AbupuVPWKA9jjZO
8g7TUTxTBd7xg2nSgfAw+ofNgfrSS6Jm1ssASrz/A8jjp2kN1zM5Tm+nJDdSyQVR
cvB9wUysMSCMvopBdlCoNOYEMngL387++ce6ImAOR1UOv663ue476EQ4jKQMxBLA
lZ82RwVy/gI=
=zrCM
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Arnd Bergmann:
"These are three fixes for the Marvell EBU family and one for the
Samsung s3c platforms. All of them are obvious should still make it
into 3.7."
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: Kirkwood: Update PCI-E fixup
Dove: Fix irq_to_pmu()
Dove: Attempt to fix PMU/RTC interrupts
ARM: S3C24XX: Fix potential NULL pointer dereference error
These were originally prepared by Krzysztof Halasa but not submitted
in time for v3.7 due to some confusion about how ixp4xx patches should
be handled. Jason Cooper thankfully offered to help out sending the
patches upstream through arm-soc now, but given the timing, we could
as well delay them for 3.8.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIVAwUAULdujWCrR//JCVInAQK5mA/+MTmqpabAIKAemk9CXZewNwJkdX2ILkce
+WcxQwfD/7xWCsLxSwVgBrrUmXiw9/EwJBIGti6JgMEFtMD70DwooSNnRejN+cTz
ZMJvoOzgRu5Q51SeX1V6x7xkNSVupMPEKt2ziBFUNyHCMTuEtZx8KXhmP5KTyP9e
ZyAXgrWpsna9OefbFa2qkYvTA243NBEreRRpxUJe582Y84GEXWCL47eqgRoflXmV
T+jPSCRsqcepxOnkCFYSmCp7J5EAQn1CcyfN11T8Jlj1Vr+ntjGtSKSQ6+uXxgqx
/kTRnpdXJsogX9q6M/AzOkqTugB8jOvL8TIVo7AJDDS4fOSllzQdTEqagmPtkZdT
jGavaEPy8F8mQOQJqmC9++AT0xhyiVhijAXSHxX1W+u9OmEw3+Mx/CTlR+QORr3p
AVUlmmFrGna0vk3iL4Ov1rZu5D647nfTmTQE4fvhV37U2GEP4nqcF08kUl3V0idg
xF1iEDBdtjgCOf2cCkTIj8X9xeuhoqVRdUp5w5Y8WrsfkzDigOgRJGgkJaafhymz
bRcpbB3NVXbIUhB45VWI4j9KO0O9ysboWe6ibWdSl2/bTD0J/MDcqLkr8r9yPQYV
IA8xuRE3/p+ZVt72YXAAuFSbwpVmLcZBX6vJuOvFR5gjFg1g1hAqQdBmFekh7QQZ
4S/xhOTTzLk=
=GlCa
-----END PGP SIGNATURE-----
Merge tag 'ixp4xx-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM ixp4xx bug fixes from Arnd Bergmann:
"These were originally prepared by Krzysztof Halasa but not submitted
in time for v3.7 due to some confusion about how ixp4xx patches should
be handled. Jason Cooper thankfully offered to help out sending the
patches upstream through arm-soc now, but given the timing, we could
as well delay them for 3.8."
* tag 'ixp4xx-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
IXP4xx: use __iomem for MMIO
IXP4xx: map CPU config registers within VMALLOC region.
IXP4xx: Always ioremap() Queue Manager MMIO region at boot.
ixp4xx: Declare MODULE_FIRMWARE usage
IXP4xx crypto: MOD_AES{128,192,256} already include key size.
WAN: Remove redundant HDLC info printed by IXP4xx HSS driver.
IXP4xx: Remove time limit for PCI TRDY to enable use of slow devices.
IXP4xx: ixp4xx_crypto driver requires Queue Manager and NPE drivers.
IXP4xx: HW pseudo-random generator is available on IXP45x/46x only.
IXP4xx: Fix off-by-one bug in Goramo MultiLink platform.
IXP4xx: Fix Goramo MultiLink platform compilation.
From Kukjin Kim <kgene.kim@samsung.com>:
Samsung fixes for v3.7
* 'v3.7-samsung-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: S3C24XX: Fix potential NULL pointer dereference error
This would have been ok to delay to 3.8 according to Kukjin, but since
it's an obvious bug fix and a potential NULL pointer dereference, it
seem appropriate for a late 3.7 submission.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
We use XENMEM_add_to_physmap_range which is the preferred interface
for foreign mappings.
Acked-by: Mukesh Rathor <mukesh.rathor@oracle.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
For Xen on ARM a PFN is 64 bits so we need to use the appropriate
type here.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
[v2: include the necessary header,
Reported-by: Fengguang Wu <fengguang.wu@intel.com> ]
The code is now in a state where can just enable it.
Drop the *_xenballloned_pages duplicates since these are now supplied
by the balloon code.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
The ARM platform has no concept of PVMMU and therefor no
HYPERVISOR_update_va_mapping et al. Allow this code to be compiled out
when not required.
In some similar situations (e.g. P2M) we have defined dummy functions
to avoid this, however I think we can/should draw the line at dummying
out actual hypercalls.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Also introduce xen_unmap_domain_mfn_range. These are the parts of
Mukesh's "xen/pvh: Implement MMU changes for PVH" which are also
needed as a baseline for ARM privcmd support.
The original patch was:
Signed-off-by: Mukesh Rathor <mukesh.rathor@oracle.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
This derivative is also:
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
incidentally, declaring a local variable as __user (!) to make
sparse STFU is really sick. Especially since sparse had been
100% right - it *is* a bug.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
As on ia64 builds we get:
include/xen/interface/version.h: In function 'xen_running_on_version_or_later':
include/xen/interface/version.h:76: error: implicit declaration of function 'HYPERVISOR_xen_version'
We can later on make this function exportable if there are
modules using part of it. For right now the only two users are
built-in.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Some internal kernel symbols were referenced in the exported setup.h.
This splits out the internal bits from the exported uapi bits.
Signed-off-by: Mark Salter <msalter@redhat.com>
The SP804 driver statically initialises the cpumask of the clock event
device to be cpu_all_mask, which is derived from the compile-time
constant NR_CPUS. This breaks SMP_ON_UP systems where the interrupt
controller handling the sp804 doesn't have the irq_set_affinity callback
on the irq_chip, because the common timer code fails to identify the
device as cpu-local and ends up treating it as a broadcast device
instead.
This patch fixes the problem by using cpu_possible_mask at runtime,
which will correctly represent the possible CPUs when SMP_ON_UP is being
used.
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
There appear to have been some 486 clones, including the "enhanced"
version of Am486, which have CPUID but not CR4. These 486 clones had
only the FPU flag, if any, unlike the Intel 486s with CPUID, which
also had VME and therefore needed CR4.
Therefore, look at the basic CPUID flags and require at least one bit
other than bit 0 before we modify CR4.
Thanks to Christian Ludloff of sandpile.org for confirming this as a
problem.
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Pull ARM fixes from Russell King:
"Not much here, just a couple minor/cosmetic fixes and a patch for the
decompressor which fixes problems with modern GCC and CPUs."
* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
ARM: 7583/1: decompressor: Enable unaligned memory access for v6 and above
ARM: 7572/1: proc-v6.S: fix comment
ARM: 7570/1: quiet down the non make -s output
In __emulate_1op_rax_rdx, we use "+a" and "+d" which are input/output
constraints, and *then* use "a" and "d" as input constraints. This is
incorrect, but happens to work on some versions of gcc.
However, it breaks gcc with -O0 and icc, and may break on future
versions of gcc.
Reported-and-tested-by: Melanie Blower <melanie.blower@intel.com>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Link: http://lkml.kernel.org/r/B3584E72CFEBED439A3ECA9BCE67A4EF1B17AF90@FMSMSX107.amr.corp.intel.com
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Marcelo Tosatti <mtosatti@redhat.com>
A comment in entry.S incorrectly stated that interrupt vectors
called __do_IRQ() and that int6 vector was used for syscalls.
Both statements are incorrect for the current kernel, so this
patch cleans up the wording to reflect current reality.
Signed-off-by: Mark Salter <msalter@redhat.com>
With Xen acpi pad logic added into kernel, we can now revert xen mwait related
patch df88b2d96e ("xen/enlighten: Disable
MWAIT_LEAF so that acpi-pad won't be loaded. "). The reason is, when running under
newer Xen platform, Xen pad driver would be early loaded, so native pad driver
would fail to be loaded, and hence no mwait/monitor #UD risk again.
Another point is, only Xen4.2 or later support Xen acpi pad, so we won't expose
mwait cpuid capability when running under older Xen platform.
Signed-off-by: Liu, Jinsong <jinsong.liu@intel.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Pull powerpc EEH bugfixes from Benjamin Herrenschmidt.
Two one-liner fixes for the new EEH code.
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/eeh: Do not invalidate PE properly
powerpc/pseries: Fix oops with MSIs when missing EEH PEs
Pull MIPS fixes from Ralf Baechle:
"Three issues fixed accross the field:
- Some functions that were recently outlined as part of a preemption
fix were causing problems with function tracing.
- The recently merged in-kernel MPI library uses very outdated
headers that contain MIPS-specific code which won't build on with
gcc 4.4 or newer.
- The MIPS non-NUMA memory initialization was making only a very
half-baked attempt at merging adjacent memory ranges. This kept
the code simple enough but is now causing issues with kexec."
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MPI: Fix compilation on MIPS with GCC 4.4 and newer
MIPS: Fix crash that occurs when function tracing is enabled
MIPS: Merge overlapping bootmem ranges