By default if no fill symbol is given to .align directive in a code
section it fills gap with NOPs. If previous fragment is not
instruction-aligned, additional pre-alignment is done by zero bytes
before NOPs. These zero bytes are marked as data by special symbol $d in
symbol table. Unfortunately GAS assumes that there is only code in the
code section so it "puts back" code symbol $a at the end of this
pre-alignment. So if there is some data after alignment it will be
interpreted as code and will be swapped back to LE for BE8 system during
a final linking.
If explicit fill value is given to .align, the NOP-padding code is
skipped and symbol table does not get messed-up.
So the workaround for this issue:
Use explicit fill value if data should be aligned in the code section.
Acked-by: Ben Dooks <ben.dooks@codethink.co.uk>
Acked-by: Jon Medhurst <tixy@linaro.org>
Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
The kprobes test will build certain instructions incorrectly if building
big endian as .word/.short output gets endian-swapped by the linker.
Change to using <asm/opcodes.h> and __inst_thumbXX() to produce instructions.
Acked-by: Jon Medhurst <tixy@linaro.org>
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
The kprobes test will build certain instructions incorrectly if building
big endian as .word output gets endian-swapped by the linker. Change to
using <asm/opcodes.h> and __inst_arm() to produce instructions.
Acked-by: Jon Medhurst <tixy@linaro.org>
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
[taras.kondratiuk@linaro.org: fixed unsupported coprocessor instructions]
Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
Ensure we read instructions in the correct endian-ness by using
the <asm/opcodes.h> helper to transform them as necessary.
Acked-by: Jon Medhurst <tixy@linaro.org>
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
[taras.kondratiuk@linaro.org: fix next_instruction() function]
Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
If we are running BE8, the data and instruction endianness do not
match, so use <asm/opcodes.h> to correctly translate memory accesses
into ARM instructions.
Acked-by: Jon Medhurst <tixy@linaro.org>
Signed-off-by: Ben Dooks <ben.dooks@codethink.co.uk>
[taras.kondratiuk@linaro.org: fixed Thumb instruction fetch order]
Signed-off-by: Taras Kondratiuk <taras.kondratiuk@linaro.org>
Using Rabin Vincent's ARM uprobes patches as a base, enable uprobes
support on ARM.
Caveats:
- Thumb is not supported
Signed-off-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: David A. Long <dave.long@linaro.org>
Because the common underlying code for ARM kprobes and uprobes needs
to share a common architecrure-specific context structure, and because
the generic kprobes include file insists on defining this to a dummy
structure when kprobes is not configured, a new common structure is
required which can exist when uprobes is configured without kprobes.
In this case kprobes will define a dummy structure, but without the
define aliasing the two structure tags it will not affect uprobes and
the shared probes code.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Add an emulate flag into the instruction interpreter, primarily for uprobes
support.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Any more ARM kprobes/uprobes symbols which have "kprobe" in the name must be
changed to the more generic "probes" or other non-kprobes specific symbol.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Change the name of kprobes_insn to probes_insn so it can be shared between
kprobes and uprobes without confusion.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Change kprobe_emulate_none, kprobe_simulate_nop, and arm_kprobe_decode_init
function names to something more appropriate for code being shared
outside of the kprobes subsystem. Also, move the new arm_probes_decode_init
declaration out of the kprobes.h include file and into the probes.h include file.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
In preparation for sharing the ARM kprobes instruction interpreting
code with uprobes, make the symbols names less kprobes-specific.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Change the generic ARM probes code to pass in the opcode and architecture-specific
structure separately instead of using struct kprobe, so we do not pollute
code being used only for uprobes or other non-kprobes instruction
interpretation.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Make the instruction interpreter call back to semantic action functions
through a function pointer array provided by the invoker. The interpreter
decodes the instructions into groups and uses the group number to index
into the supplied array. kprobes and uprobes code will each supply their
own array of functions.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Move the thumb version of the kprobes instruction parsing code into more generic
files from where it can be used by uprobes and possibly other subsystems. The
symbol names will be made more generic in a subsequent part of this patchset.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Move the arm version of the kprobes instruction parsing code into more generic
files from where it can be used by uprobes and possibly other subsystems. The
symbol names will be made more generic in a subsequent part of this patchset.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Separate the kprobe-only definitions from the definitions needed by
both kprobes and uprobes.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Make sure includes in ARM kprobes sources are done explicitly. Do not
rely on includes from other includes.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Jon Medhurst <tixy@linaro.org>
Suggested change from Oleg Nesterov. Fixes incomplete dependencies
for uprobes feature.
Signed-off-by: David A. Long <dave.long@linaro.org>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Pull perf fixes from Ingo Molnar:
"Misc fixes, most of them on the tooling side"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf tools: Fix strict alias issue for find_first_bit
perf tools: fix BFD detection on opensuse
perf: Fix hotplug splat
perf/x86: Fix event scheduling
perf symbols: Destroy unused symsrcs
perf annotate: Check availability of annotate when processing samples
Pull x86 fixes from Peter Anvin:
"The VMCOREINFO patch I'll pushing for this release to avoid having a
release with kASLR and but without that information.
I was hoping to include the FPU patches from Suresh, but ran into a
problem (see other thread); will try to make them happen next week"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, kaslr: add missed "static" declarations
x86, kaslr: export offset in VMCOREINFO ELF notes
virtualization on Intel is broken in 3.13 and fixed by this
pull request.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJTEIYBAAoJEBvWZb6bTYbyv7AP/iOE8ybTr7MSfZPTF4Ip13o+
rvzlnzUtDMsZAN5dZAXhsR3lPeXygjTmeI6FWdiVwdalp9wpg2FLAZ0BDj8KIg0r
cAINYOmJ0jhC1mTOfMJghsrE9b1aaXwWVSlXkivzyIrPJCZFlqDKOXleHJXyqNTY
g259tPI8VWS7Efell9NclUNXCdD4g6wG/RdEjumjv9JLiXlDVviXvzvIEl/S3Ud1
D2xxX7vvGHikyTwuls/bWzJzzRRlsb1VVOOQtBuC9NyaAY7bpQjGQvo6XzxowtIZ
h4F4iU/umln5WcDiJU8XXiV/TOCVzqgdLk3Pr5Kgv3yO8/XbE/CcnyJmeaSgMoJB
i7vJ6tUX5mfGsLNxfshXw0RsY/y9KMLnbt62eiPImWBxgpDZNxKpAqCA7GsOb87g
Vjzl3poEwe+5eN6Usbpd78rRgfgbbZF+Pf2qsphtQhFQGaogz1Ltz0B0hY3MYxx3
y9OJMJyt1MI4+hvvdjhSnmIo6APwuGSr+hhdKCPSlMiWJun2XRHXTHBNAS+dsjgs
Sx2Bzao/lki5l7y9Ea1fR4yerigbFJF4L1iV04sSbsoh0I/nN5qjXFrc22Ju0i3i
uIrVwfSSdX4HQwQYdBGKQQRGq/W0wOjEDoA5qZmxg3s4j8KSd7ooBtRk/VepVH7E
kaUrekJ+KWs/sVNW2MtU
=zQTn
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
"Three x86 fixes and one for ARM/ARM64.
In particular, nested virtualization on Intel is broken in 3.13 and
fixed by this pull request"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm, vmx: Really fix lazy FPU on nested guest
kvm: x86: fix emulator buffer overflow (CVE-2014-0049)
arm/arm64: KVM: detect CPU reset on CPU_PM_EXIT
KVM: MMU: drop read-only large sptes when creating lower level sptes
Pull powerpc fixes from Ben Herrenschmidt:
"Here are a few more powerpc fixes for 3.14.
Most of these are also CC'ed to stable and fix bugs in new
functionality introduced in the last 2 or 3 versions"
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/powernv: Fix indirect XSCOM unmangling
powerpc/powernv: Fix opal_xscom_{read,write} prototype
powerpc/powernv: Refactor PHB diag-data dump
powerpc/powernv: Dump PHB diag-data immediately
powerpc: Increase stack redzone for 64-bit userspace to 512 bytes
powerpc/ftrace: bugfix for test_24bit_addr
powerpc/crashdump : Fix page frame number check in copy_oldmem_page
powerpc/le: Ensure that the 'stop-self' RTAS token is handled correctly
Commit fb4a96029c (arm64: kernel: fix per-cpu offset restore on
resume) uses per_cpu_offset() unconditionally during CPU wakeup,
however, this is only defined for the SMP case.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: Dave P Martin <Dave.Martin@arm.com>
Page table entries on ARM64 are 64 bits, and some pte functions such as
pte_dirty return a bitwise-and of a flag with the pte value. If the
flag to be tested resides in the upper 32 bits of the pte, then we run
into the danger of the result being dropped if downcast.
For example:
gather_stats(page, md, pte_dirty(*pte), 1);
where pte_dirty(*pte) is downcast to an int.
This patch adds a double logical invert to all the pte_ accessors to
ensure predictable downcasting.
Signed-off-by: Steve Capper <steve.capper@linaro.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
We need to unmangle the full address, not just the register
number, and we also need to support the real indirect bit
being set for in-kernel uses.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
CC: <stable@vger.kernel.org> [v3.13]
The OPAL firmware functions opal_xscom_read and opal_xscom_write
take a 64-bit argument for the XSCOM (PCB) address in order to
support the indirect mode on P8.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
CC: <stable@vger.kernel.org> [v3.13]
As Ben suggested, the patch prints PHB diag-data with multiple
fields in one line and omits the line if the fields of that
line are all zero.
With the patch applied, the PHB3 diag-data dump looks like:
PHB3 PHB#3 Diag-data (Version: 1)
brdgCtl: 00000002
RootSts: 0000000f 00400000 b0830008 00100147 00002000
nFir: 0000000000000000 0030006e00000000 0000000000000000
PhbSts: 0000001c00000000 0000000000000000
Lem: 0000000000100000 42498e327f502eae 0000000000000000
InAErr: 8000000000000000 8000000000000000 0402030000000000 0000000000000000
PE[ 8] A/B: 8480002b00000000 8000000000000000
[ The current diag data is so big that it overflows the printk
buffer pretty quickly in cases when we get a handful of errors
at once which can happen. --BenH
]
Signed-off-by: Gavin Shan <shangw@linux.vnet.ibm.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
The PHB diag-data is important to help locating the root cause for
EEH errors such as frozen PE or fenced PHB. However, the EEH core
enables IO path by clearing part of HW registers before collecting
this data causing it to be corrupted.
This patch fixes this by dumping the PHB diag-data immediately when
frozen/fenced state on PE or PHB is detected for the first time in
eeh_ops::get_state() or next_error() backend.
Signed-off-by: Gavin Shan <shangw@linux.vnet.ibm.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
The new ELFv2 little-endian ABI increases the stack redzone -- the
area below the stack pointer that can be used for storing data --
from 288 bytes to 512 bytes. This means that we need to allow more
space on the user stack when delivering a signal to a 64-bit process.
To make the code a bit clearer, we define new USER_REDZONE_SIZE and
KERNEL_REDZONE_SIZE symbols in ptrace.h. For now, we leave the
kernel redzone size at 288 bytes, since increasing it to 512 bytes
would increase the size of interrupt stack frames correspondingly.
Gcc currently only makes use of 288 bytes of redzone even when
compiling for the new little-endian ABI, and the kernel cannot
currently be compiled with the new ABI anyway.
In the future, hopefully gcc will provide an option to control the
amount of redzone used, and then we could reduce it even more.
This also changes the code in arch_compat_alloc_user_space() to
preserve the expanded redzone. It is not clear why this function would
ever be used on a 64-bit process, though.
Signed-off-by: Paul Mackerras <paulus@samba.org>
CC: <stable@vger.kernel.org> [v3.13]
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
The branch target should be the func addr, not the addr of func_descr_t.
So using ppc_function_entry() to generate the right target addr.
Signed-off-by: Liu Ping Fan <pingfank@linux.vnet.ibm.com>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
In copy_oldmem_page, the current check using max_pfn and min_low_pfn to
decide if the page is backed or not, is not valid when the memory layout is
not continuous.
This happens when running as a QEMU/KVM guest, where RTAS is mapped higher
in the memory. In that case max_pfn points to the end of RTAS, and a hole
between the end of the kdump kernel and RTAS is not backed by PTEs. As a
consequence, the kdump kernel is crashing in copy_oldmem_page when accessing
in a direct way the pages in that hole.
This fix relies on the memblock's service memblock_is_region_memory to
check if the read page is part or not of the directly accessible memory.
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Tested-by: Mahesh Salgaonkar <mahesh@linux.vnet.ibm.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Currently we're storing a host endian RTAS token in
rtas_stop_self_args.token. We then pass that directly to rtas. This is
fine on big endian however on little endian the token is not what we
expect.
This will typically result in hitting:
panic("Alas, I survived.\n");
To fix this we always use the stop-self token in host order and always
convert it to be32 before passing this to rtas.
Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Commit e504c9098e (kvm, vmx: Fix lazy FPU on nested guest, 2013-11-13)
highlighted a real problem, but the fix was subtly wrong.
nested_read_cr0 is the CR0 as read by L2, but here we want to look at
the CR0 value reflecting L1's setup. In other words, L2 might think
that TS=0 (so nested_read_cr0 has the bit clear); but if L1 is actually
running it with TS=1, we should inject the fault into L1.
The effective value of CR0 in L2 is contained in vmcs12->guest_cr0, use
it.
Fixes: e504c9098e
Reported-by: Kashyap Chamarty <kchamart@redhat.com>
Reported-by: Stefan Bader <stefan.bader@canonical.com>
Tested-by: Kashyap Chamarty <kchamart@redhat.com>
Tested-by: Anthoine Bourgeois <bourgeois@bertin.fr>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The problem occurs when the guest performs a pusha with the stack
address pointing to an mmio address (or an invalid guest physical
address) to start with, but then extending into an ordinary guest
physical address. When doing repeated emulated pushes
emulator_read_write sets mmio_needed to 1 on the first one. On a
later push when the stack points to regular memory,
mmio_nr_fragments is set to 0, but mmio_is_needed is not set to 0.
As a result, KVM exits to userspace, and then returns to
complete_emulated_mmio. In complete_emulated_mmio
vcpu->mmio_cur_fragment is incremented. The termination condition of
vcpu->mmio_cur_fragment == vcpu->mmio_nr_fragments is never achieved.
The code bounces back and fourth to userspace incrementing
mmio_cur_fragment past it's buffer. If the guest does nothing else it
eventually leads to a a crash on a memcpy from invalid memory address.
However if a guest code can cause the vm to be destroyed in another
vcpu with excellent timing, then kvm_clear_async_pf_completion_queue
can be used by the guest to control the data that's pointed to by the
call to cancel_work_item, which can be used to gain execution.
Fixes: f78146b0f9
Signed-off-by: Andrew Honig <ahonig@google.com>
Cc: stable@vger.kernel.org (3.5+)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Commit 1fcf7ce0c6 (arm: kvm: implement CPU PM notifier) added
support for CPU power-management, using a cpu_notifier to re-init
KVM on a CPU that entered CPU idle.
The code assumed that a CPU entering idle would actually be powered
off, loosing its state entierely, and would then need to be
reinitialized. It turns out that this is not always the case, and
some HW performs CPU PM without actually killing the core. In this
case, we try to reinitialize KVM while it is still live. It ends up
badly, as reported by Andre Przywara (using a Calxeda Midway):
[ 3.663897] Kernel panic - not syncing: unexpected prefetch abort in Hyp mode at: 0x685760
[ 3.663897] unexpected data abort in Hyp mode at: 0xc067d150
[ 3.663897] unexpected HVC/SVC trap in Hyp mode at: 0xc0901dd0
The trick here is to detect if we've been through a full re-init or
not by looking at HVBAR (VBAR_EL2 on arm64). This involves
implementing the backend for __hyp_get_vectors in the main KVM HYP
code (rather small), and checking the return value against the
default one when the CPU notifier is called on CPU_PM_EXIT.
Reported-by: Andre Przywara <osp@andrep.de>
Tested-by: Andre Przywara <osp@andrep.de>
Cc: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Rob Herring <rob.herring@linaro.org>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Vince "Super Tester" Weaver reported a new round of syscall fuzzing (Trinity) failures,
with perf WARN_ON()s triggering. He also provided traces of the failures.
This is I think the relevant bit:
> pec_1076_warn-2804 [000] d... 147.926153: x86_pmu_disable: x86_pmu_disable
> pec_1076_warn-2804 [000] d... 147.926153: x86_pmu_state: Events: {
> pec_1076_warn-2804 [000] d... 147.926156: x86_pmu_state: 0: state: .R config: ffffffffffffffff ( (null))
> pec_1076_warn-2804 [000] d... 147.926158: x86_pmu_state: 33: state: AR config: 0 (ffff88011ac99800)
> pec_1076_warn-2804 [000] d... 147.926159: x86_pmu_state: }
> pec_1076_warn-2804 [000] d... 147.926160: x86_pmu_state: n_events: 1, n_added: 0, n_txn: 1
> pec_1076_warn-2804 [000] d... 147.926161: x86_pmu_state: Assignment: {
> pec_1076_warn-2804 [000] d... 147.926162: x86_pmu_state: 0->33 tag: 1 config: 0 (ffff88011ac99800)
> pec_1076_warn-2804 [000] d... 147.926163: x86_pmu_state: }
> pec_1076_warn-2804 [000] d... 147.926166: collect_events: Adding event: 1 (ffff880119ec8800)
So we add the insn:p event (fd[23]).
At this point we should have:
n_events = 2, n_added = 1, n_txn = 1
> pec_1076_warn-2804 [000] d... 147.926170: collect_events: Adding event: 0 (ffff8800c9e01800)
> pec_1076_warn-2804 [000] d... 147.926172: collect_events: Adding event: 4 (ffff8800cbab2c00)
We try and add the {BP,cycles,br_insn} group (fd[3], fd[4], fd[15]).
These events are 0:cycles and 4:br_insn, the BP event isn't x86_pmu so
that's not visible.
group_sched_in()
pmu->start_txn() /* nop - BP pmu */
event_sched_in()
event->pmu->add()
So here we should end up with:
0: n_events = 3, n_added = 2, n_txn = 2
4: n_events = 4, n_added = 3, n_txn = 3
But seeing the below state on x86_pmu_enable(), the must have failed,
because the 0 and 4 events aren't there anymore.
Looking at group_sched_in(), since the BP is the leader, its
event_sched_in() must have succeeded, for otherwise we would not have
seen the sibling adds.
But since neither 0 or 4 are in the below state; their event_sched_in()
must have failed; but I don't see why, the complete state: 0,0,1:p,4
fits perfectly fine on a core2.
However, since we try and schedule 4 it means the 0 event must have
succeeded! Therefore the 4 event must have failed, its failure will
have put group_sched_in() into the fail path, which will call:
event_sched_out()
event->pmu->del()
on 0 and the BP event.
Now x86_pmu_del() will reduce n_events; but it will not reduce n_added;
giving what we see below:
n_event = 2, n_added = 2, n_txn = 2
> pec_1076_warn-2804 [000] d... 147.926177: x86_pmu_enable: x86_pmu_enable
> pec_1076_warn-2804 [000] d... 147.926177: x86_pmu_state: Events: {
> pec_1076_warn-2804 [000] d... 147.926179: x86_pmu_state: 0: state: .R config: ffffffffffffffff ( (null))
> pec_1076_warn-2804 [000] d... 147.926181: x86_pmu_state: 33: state: AR config: 0 (ffff88011ac99800)
> pec_1076_warn-2804 [000] d... 147.926182: x86_pmu_state: }
> pec_1076_warn-2804 [000] d... 147.926184: x86_pmu_state: n_events: 2, n_added: 2, n_txn: 2
> pec_1076_warn-2804 [000] d... 147.926184: x86_pmu_state: Assignment: {
> pec_1076_warn-2804 [000] d... 147.926186: x86_pmu_state: 0->33 tag: 1 config: 0 (ffff88011ac99800)
> pec_1076_warn-2804 [000] d... 147.926188: x86_pmu_state: 1->0 tag: 1 config: 1 (ffff880119ec8800)
> pec_1076_warn-2804 [000] d... 147.926188: x86_pmu_state: }
> pec_1076_warn-2804 [000] d... 147.926190: x86_pmu_enable: S0: hwc->idx: 33, hwc->last_cpu: 0, hwc->last_tag: 1 hwc->state: 0
So the problem is that x86_pmu_del(), when called from a
group_sched_in() that fails (for whatever reason), and without x86_pmu
TXN support (because the leader is !x86_pmu), will corrupt the n_added
state.
Reported-and-Tested-by: Vince Weaver <vincent.weaver@maine.edu>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Dave Jones <davej@redhat.com>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20140221150312.GF3104@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Read-only large sptes can be created due to read-only faults as
follows:
- QEMU pagetable entry that maps guest memory is read-only
due to COW.
- Guest read faults such memory, COW is not broken, because
it is a read-only fault.
- Enable dirty logging, large spte not nuked because it is read-only.
- Write-fault on such memory causes guest to loop endlessly
(which must go down to level 1 because dirty logging is enabled).
Fix by dropping large spte when necessary.
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Include kASLR offset in VMCOREINFO ELF notes to assist in debugging.
[ hpa: pushing this for v3.14 to avoid having a kernel version with
kASLR where we can't debug output. ]
Signed-off-by: Eugene Surovegin <surovegin@google.com>
Link: http://lkml.kernel.org/r/20140123173120.GA25474@www.outflux.net
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
Pull m68k update from Geert Uytterhoeven:
- More barrier.h consolidation
- Sched_[gs]etattr() syscalls
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k: Wire up sched_setattr and sched_getattr
m68k: Switch to asm-generic/barrier.h
m68k: Sort arch/m68k/include/asm/Kbuild
- allow booting xtfpga on boards with new uBoot and >128MBytes memory;
- drop nonexistent GPIO32 support from fsf variant;
- don't select USE_GENERIC_SMP_HELPERS;
- enable common clock framework support, set up ethoc clock on xtfpga;
- wire up sched_setattr and sched_getattr syscalls.
- fix system call to spill the processor registers to stack.
- improve kernel macro to spill the processor registers.
- export ccount_freq symbol
- fix undefined symbol warning
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJTDCFLAAoJEI9vqH3mFV2sImUP/itHWSs2w1NJdcQIkrc9y7mK
Y9Fbk/Wcb5th7TgStpVsI49pSFB3NY9AHFd6XPeCLa8/A3UrT+nPuXQt3rpjW0xL
b9vhNOaW02sb8fXeUpC6oXcgwIwdRhMm5SQXFdM8eL30m6vfXUY4gzriMDMRzG8T
WWHqpPEvsicAA7L8ilzM9AR9gnEuyREQQzRDL+KyFSCeOsNrKk2BUo2MYEkxovhJ
8UuJ6WnmnSRA6e6n9LTPEZBy0Q0EJ8shDNHHa8dZuqjbhzy8vyWlDHhNnyuAX67p
rPrBG4UZZk6aQbsj3b6CFBBiwCurH7q6IVIBdAQKDU2d6TY9HYCicH2OcWXbx6Q+
DlKg6FYo40TuAt8wleinZJLaNc1RSooENR/FQD9iQkb8tyu8jtDzXKaMk9Fy8m0e
9dW2GHMHLz+bcfO95KRSaV5qjqILFT7yGrgMvvcbRI8+ytuJbitwf4u5M06LM8JU
69FEESKYjqCqlyXiBQPtY3RNMU8NC1wezu9XE5O5VWWL1ujswoFwa8U/txoKNEXd
r4cTWt0O4LVyKzQl4TvGdZ2wD8hk7BJLSiGqXbmtnBgbE24eD8sT5RN+k2l5X3Za
yVqndvZSOKxcUVfxF6IxIk8TjvVZVbCVSOLOKwbjVItdByuSXF1XPSTQUqcp4iZN
fpOtY+TOzKxFzIndT1rD
=d3x+
-----END PGP SIGNATURE-----
Merge tag 'xtensa-next-20140224' of git://github.com/czankel/xtensa-linux
Pull tensa fixes from Chris Zankel:
"This series includes fixes for potentially serious bugs in the
routines spilling processor registers to stack, as well as other
issues and compiler errors and warnings.
- allow booting xtfpga on boards with new uBoot and >128MBytes memory
- drop nonexistent GPIO32 support from fsf variant
- don't select USE_GENERIC_SMP_HELPERS
- enable common clock framework support, set up ethoc clock on xtfpga
- wire up sched_setattr and sched_getattr syscalls.
- fix system call to spill the processor registers to stack.
- improve kernel macro to spill the processor registers
- export ccount_freq symbol
- fix undefined symbol warning"
* tag 'xtensa-next-20140224' of git://github.com/czankel/xtensa-linux:
xtensa: wire up sched_setattr and sched_getattr syscalls
xtensa: xtfpga: set ethoc clock frequency
xtensa: xtfpga: use common clock framework
xtensa: support common clock framework
xtensa: no need to select USE_GENERIC_SMP_HELPERS
xtensa: fsf: drop nonexistent GPIO32 support
xtensa: don't pass high memory to bootmem allocator
xtensa: fix fast_syscall_spill_registers
xtensa: fix fast_syscall_spill_registers
xtensa: save current register frame in fast_syscall_spill_registers_fixup
xtensa: introduce spill_registers_kernel macro
xtensa: export ccount_freq
xtensa: fix warning '"CONFIG_OF" is not defined'
Pull s390 bug fixes from Martin Schwidefsky:
"A couple of s390 bug fixes. The PCI segment boundary issue is a nasty
one as it can lead to data corruption"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/cio: Fix missing subchannels after CHPID configure on
s390/pci/dma: use correct segment boundary size
s390/compat: fix sys_sched_getattr compat wrapper
s390/zcrypt: additional check to avoid overflow in msg-type 6 requests
- allow booting xtfpga on boards with new uBoot and >128MBytes memory;
- drop nonexistent GPIO32 support from fsf variant;
- don't select USE_GENERIC_SMP_HELPERS;
- enable common clock framework support, set up ethoc clock on xtfpga;
- wire up sched_setattr and sched_getattr syscalls.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTB51dAAoJEFH5zJH4P6BEqtIP/RDphJSzcGyzbndQA5NZTZ8h
MoRDEQtR5KzT8EApOjfN2FEa7vbulAla7n9L076fFmmQDlnk8DQ1XxWgBaUcoe2+
iTmSjdRJFy+/v1QACFhWnm18S12dNPivLRFKPERyxQaDOlpz1Y9ZeXeG1WPXN7KS
+cGnnpxy7XizZP1w0u7qORxXfjbgTBda4si75RZf0eU9dnsrJXyr1z4SYUO84kfq
E5WQ3uiWPjvpZboS5uVYbu2ebLsT7ZOAqv56CfUZ5bJHak32Snd0ci/pEIjljtqf
KjtFCAvMK4rxJqVAegcipV+gjLSMAdqJaztkfX90w138InN+gqk0pLiX5+6El9xn
9OupIFBQeJvztJd3PTCytChwaigmJKOQqKEulxm3cTzJArVNTGQRclePECbpDR6o
kTm4wTriR9VD5l9EzT/adL7RLWaWBUi01y0W6ug5/bbEFDzqfVdyvO4VMbLjOiz6
txSZlHUfiDrBIAkJFCWG/xz1p1hxTfdCZACmsAfXYwOOdAqsXeTy4/4XTV2dlLPA
blJVpe7W+PGLdRZfnciufOILC6g7LOqb735aQer1ubBT18Yd1IfK4n1DMEaH/AnQ
2buv1lCDrNW4RWTNMjzqg/T1dne3QMFxXipL2tqqyU5sHeThitKCC77HCqA8Oq4/
n2TtLb0X+GoZso7eq8fy
=XS4m
-----END PGP SIGNATURE-----
Merge tag 'xtensa-for-next-20140221-1' into for_next
Xtensa fixes for 3.14:
- allow booting xtfpga on boards with new uBoot and >128MBytes memory;
- drop nonexistent GPIO32 support from fsf variant;
- don't select USE_GENERIC_SMP_HELPERS;
- enable common clock framework support, set up ethoc clock on xtfpga;
- wire up sched_setattr and sched_getattr syscalls.
Signed-off-by: Chris Zankel <chris@zankel.net>
A collection of fixes for ARM platforms. Most are fixes for DTS files,
mostly from DT conversion on OMAP which is still finding a few issues here
and there.
There's a couple of small stale code removal patches that we usually
queue for the next release instead, but they seemed harmless enough to
bring in now.
Also, a fix for backlight on some PXA platforms, and a cache configuration
fix for Tegra, etc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAABAgAGBQJTCgAlAAoJEIwa5zzehBx3J8MP/jFJWHtLHSeSXeKTLEeBV18J
/M7OG5hKyI38mImPbdJmCHpcTfExTqWuIkvN+6e7QN5PU1V3YSy5XELPh9UIn7zU
u+Pmt1C4cG8GFEdf03LqaDc4vdtthKUHGUBxQjrA3ZFrR8XZlzAZrnLKU/HA1VF5
ynaj1cs4Vpf2CGXjM+2ATr5gVhjTs1yldTkG+lHL99JAlSJe7TD3mrANXBRXVVNC
2yHGEDpDJf8kkBRQZ91xGcVVFw2YWF1avUi3QQ5WltufI+Rtdu8g7ibhakK/nimU
AfZ3LidjjiTFIGfEi5/2FBim6Tsxpd6wLlchzA6ksPaQ6hk0EVzRPPNzlarmeRO8
IF5zUPGPXswBeQURXe+OcZIUI4PGS02tshlIUWFPaFM3mZY2djd8Df8Rg20isjOu
vUYGSL2UY0uLb8NS97scNS9ouGYDp8lV9pHIYlmf6f3Opv6vsw56rWggSsDQDAOk
wbA2COTtDXxo1tEgbrmevDiaCc8uCDTHKD+uwbxOMCTwLvHHsafRp85BgcCz1z0L
bOvTbqVhBPW6T47D1ED+ECBo12DbZwA8pth0JSRaf/Fbp6+aMFXp0/d7Hw+ggAxN
wgEFq/A0M6v+5Y9azo+GLkgqPdH+7twH6eqD8TRgcQdnZXWIuq9UtaNw9Qx4Uusr
fX9CS2l8ISXgopnRPZCI
=i7LS
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"A collection of fixes for ARM platforms. Most are fixes for DTS
files, mostly from DT conversion on OMAP which is still finding a few
issues here and there.
There's a couple of small stale code removal patches that we usually
queue for the next release instead, but they seemed harmless enough to
bring in now.
Also, a fix for backlight on some PXA platforms, and a cache
configuration fix for Tegra, etc"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (25 commits)
MAINTAINERS: add additional ARM BCM281xx/BCM11xxx maintainer
ARM: tegra: only run PL310 init on systems with one
ARM: tegra: Add head numbers to display controllers
ARM: imx6: build pm-imx6q.c independently of CONFIG_PM
ARM: tegra: fix RTC0 alias for Cardhu
ARM: dove: dt: revert PMU interrupt controller node
Documentation: dt: OMAP: Update Overo/Tobi
ARM: dts: Add support for both OMAP35xx and OMAP36xx Overo/Tobi
ARM: dts: omap3-tobi: Use the correct vendor prefix
ARM: dts: omap3-tobi: Fix boot with OMAP36xx-based Overo
ARM: OMAP2+: Remove legacy macros for zoom platforms
ARM: OMAP2+: Remove MACH_NOKIA_N800
ARM: dts: N900: add missing compatible property
ARM: dts: N9/N950: fix boot hang with 3.14-rc1
ARM: OMAP1: nokia770: enable tahvo-usb
ARM: OMAP2+: gpmc: fix: DT ONENAND child nodes not probed when MTD_ONENAND is built as module
ARM: OMAP2+: gpmc: fix: DT NAND child nodes not probed when MTD_NAND is built as module
ARM: dts: omap3-gta04: Fix mmc1 properties.
ARM: dts: omap3-gta04: Fix 'aux' gpio key flags.
ARM: OMAP2+: add missing ARCH_HAS_OPP
...
Pull x86 fixes from Thomas Gleixner:
- a bugfix which prevents a divide by 0 panic when the newly introduced
try_msr_calibrate_tsc() fails
- enablement of the Baytrail platform to utilize the newfangled msr
based calibration
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86: tsc: Add missing Baytrail frequency to the table
x86, tsc: Fallback to normal calibration if fast MSR calibration fails
This branch contains a bug fix for the way devicetree code identifies
the type of device. Device drivers can contain a list of of_device_ids,
but it more than one entry will match, then the device driver may choose
the wrong one. Commit 105353145e, "match each node compatible against
all given matches first", was queued for v3.14 but ended up causing
other bugs. Commit 06b29e76a7 attempted to fix it but it had other bugs.
Merely reverting the fix and waiting until v3.15 isn't a good option
because there is code in v3.14 that depends on the revised behaviour to
boot.
This branch should finally fixes the problem correctly. This time
instead of just hoping that the patch is correct, this branch also adds
new testcases that validate the behaviour.
The changes in this branch are larger than I would like for a -rc pull,
but moving the test case data out of out of arch/arm so that it could be
validated on other architectures was important.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAABAgAGBQJTB2qsAAoJEMWQL496c2LNmvYQAJPwmc3f76L/HxxuJZ3TVpFF
2JhtCUyzTrsuebDSanAZLhzwCrIL4N8I/1rZObvkQuxUEUPNg4Khx9chMYwsG7L7
vbdr+3bkYnwaaGHzoH0NnNM5x1NLm29WOeHaWvT9Nm8iA1399AaOeAXniLQrTgBv
LxipQc3SZpRSKdCDCi2y32TESMJcN7FT1aD4EKHAZocmXMpMaxEYQ2eFO70Txf5O
1SbNkZ7LsAnm1TmoH7nf0um9IFX7bvt2KkonpKBL2mOoDfq40pBosV3Zt2JwaeDy
3nkBeAFs3YvIDjZy3h+WdWLXlF9E29P7CXreE/uSJTnoYft6aCDfgz15USc2j2OA
BTnK0kqJ3NWu6YAKrQHHoQmisnuDwg84oEK0JLJCfMcA3IOCBXV+iYHbo41j/dO5
yprnS1zms6UZuOXV2RjseQ34THkR3oDPbSxKmFTK/KGaa568ES0l1ZPAsvuVZqNr
5elDskt+lfF96WLGbyC0DP5Zib/0eFTbf18p///4lefkr6ysT+CdIJTsRj0/Uz0V
40nwCJH2t+wVCtcI/+mo3yvc4C77OoRhAOAxz8D9YkOlt8ilfgIDeAc1krAAa09T
0KfpfkLDvXEccZF+Jo2Z9TU7QFdeLVK/QAsvCZN4EcMU31ePEldMiniZ69/aySPl
D/ahG24w1pakKXujtJK2
=wJz0
-----END PGP SIGNATURE-----
Merge tag 'dt-for-linus' of git://git.secretlab.ca/git/linux
Pull devicetree fixes from Grant Likely:
"Device tree compatible match order bug fix
This branch contains a bug fix for the way devicetree code identifies
the type of device. Device drivers can contain a list of
of_device_ids, but it more than one entry will match, then the device
driver may choose the wrong one. Commit 105353145e, "match each node
compatible against all given matches first", was queued for v3.14 but
ended up causing other bugs. Commit 06b29e76a7 attempted to fix it
but it had other bugs. Merely reverting the fix and waiting until
v3.15 isn't a good option because there is code in v3.14 that depends
on the revised behaviour to boot.
This branch should finally fixes the problem correctly. This time
instead of just hoping that the patch is correct, this branch also
adds new testcases that validate the behaviour.
The changes in this branch are larger than I would like for a -rc
pull, but moving the test case data out of out of arch/arm so that it
could be validated on other architectures was important"
* tag 'dt-for-linus' of git://git.secretlab.ca/git/linux:
of: Add self test for of_match_node()
of: Move testcase FDT data into drivers/of
of: reimplement the matching method for __of_match_node()
Revert "of: search the best compatible match first in __of_match_node()"
This patch updates the CBOX PMU filters mapping tables for SNB-EP
and IVT (model 45 and 62 respectively).
The NID umask always comes in addition to another umask.
When set, the NID filter is applied.
The current mapping tables were missing some code/umask
combinations to account for the NID umask. This patch
fixes that.
Cc: mingo@elte.hu
Cc: ak@linux.intel.com
Reviewed-by: Yan, Zheng <zheng.z.yan@intel.com>
Signed-off-by: Stephane Eranian <eranian@google.com>
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Link: http://lkml.kernel.org/r/20140219131018.GA24475@quad
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>