tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Thomas Gleixner:
"This contains the following fixes and improvements:

- Avoid dereferencing an unprotected VMA pointer in the fault signal
generation code

- Fix inline asm call constraints for GCC 4.4

- Use existing register variable to retrieve the stack pointer
instead of forcing the compiler to create another indirect access
which results in excessive extra 'mov %rsp, %<dst>' instructions

- Disable branch profiling for the memory encryption code to prevent
an early boot crash

- Fix a sparse warning caused by casting the __user annotation in
__get_user_asm_u64() away

- Fix an off by one error in the loop termination of the error patch
in the x86 sysfs init code

- Add missing CPU IDs to various Intel specific drivers to enable the
functionality on recent hardware

- More (init) constification in the numachip code"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/asm: Use register variable to get stack pointer value
x86/mm: Disable branch profiling in mem_encrypt.c
x86/asm: Fix inline asm call constraints for GCC 4.4
perf/x86/intel/uncore: Correct num_boxes for IIO and IRP
perf/x86/intel/rapl: Add missing CPU IDs
perf/x86/msr: Add missing CPU IDs
perf/x86/intel/cstate: Add missing CPU IDs
x86: Don't cast away the __user in __get_user_asm_u64()
x86/sysfs: Fix off-by-one error in loop termination
x86/mm: Fix fault error path using unsafe vma pointer
x86/numachip: Add const and __initconst to numachip2_clockevent

Linus Torvalds 368f8998 c42ed9f9

options
unified split
Changed files
+56 -47
arch
x86
events
intel
cstate.c
rapl.c
uncore_snbep.c
msr.c
include
asm
asm.h
thread_info.h
uaccess.h
kernel
irq_32.c
ksysfs.c
traps.c
mm
fault.c
mem_encrypt.c
tlb.c
drivers
clocksource
numachip.c
+4
arch/x86/events/intel/cstate.c
··· 552 552 553 553 X86_CSTATES_MODEL(INTEL_FAM6_SKYLAKE_MOBILE, snb_cstates), 554 554 X86_CSTATES_MODEL(INTEL_FAM6_SKYLAKE_DESKTOP, snb_cstates), 555 + X86_CSTATES_MODEL(INTEL_FAM6_SKYLAKE_X, snb_cstates), 555 556 556 557 X86_CSTATES_MODEL(INTEL_FAM6_KABYLAKE_MOBILE, snb_cstates), 557 558 X86_CSTATES_MODEL(INTEL_FAM6_KABYLAKE_DESKTOP, snb_cstates), ··· 561 560 X86_CSTATES_MODEL(INTEL_FAM6_XEON_PHI_KNM, knl_cstates), 562 561 563 562 X86_CSTATES_MODEL(INTEL_FAM6_ATOM_GOLDMONT, glm_cstates), 563 + X86_CSTATES_MODEL(INTEL_FAM6_ATOM_DENVERTON, glm_cstates), 564 + 565 + X86_CSTATES_MODEL(INTEL_FAM6_ATOM_GEMINI_LAKE, glm_cstates), 564 566 { }, 565 567 }; 566 568 MODULE_DEVICE_TABLE(x86cpu, intel_cstates_match);
+3
arch/x86/events/intel/rapl.c
··· 775 775 X86_RAPL_MODEL_MATCH(INTEL_FAM6_KABYLAKE_DESKTOP, skl_rapl_init), 776 776 777 777 X86_RAPL_MODEL_MATCH(INTEL_FAM6_ATOM_GOLDMONT, hsw_rapl_init), 778 + X86_RAPL_MODEL_MATCH(INTEL_FAM6_ATOM_DENVERTON, hsw_rapl_init), 779 + 780 + X86_RAPL_MODEL_MATCH(INTEL_FAM6_ATOM_GEMINI_LAKE, hsw_rapl_init), 778 781 {}, 779 782 }; 780 783
+2 -2
arch/x86/events/intel/uncore_snbep.c
··· 3462 3462 static struct intel_uncore_type skx_uncore_iio = { 3463 3463 .name = "iio", 3464 3464 .num_counters = 4, 3465 - .num_boxes = 5, 3465 + .num_boxes = 6, 3466 3466 .perf_ctr_bits = 48, 3467 3467 .event_ctl = SKX_IIO0_MSR_PMON_CTL0, 3468 3468 .perf_ctr = SKX_IIO0_MSR_PMON_CTR0, ··· 3492 3492 static struct intel_uncore_type skx_uncore_irp = { 3493 3493 .name = "irp", 3494 3494 .num_counters = 2, 3495 - .num_boxes = 5, 3495 + .num_boxes = 6, 3496 3496 .perf_ctr_bits = 48, 3497 3497 .event_ctl = SKX_IRP0_MSR_PMON_CTL0, 3498 3498 .perf_ctr = SKX_IRP0_MSR_PMON_CTR0,
+8
arch/x86/events/msr.c
··· 63 63 case INTEL_FAM6_ATOM_SILVERMONT1: 64 64 case INTEL_FAM6_ATOM_SILVERMONT2: 65 65 case INTEL_FAM6_ATOM_AIRMONT: 66 + 67 + case INTEL_FAM6_ATOM_GOLDMONT: 68 + case INTEL_FAM6_ATOM_DENVERTON: 69 + 70 + case INTEL_FAM6_ATOM_GEMINI_LAKE: 71 + 72 + case INTEL_FAM6_XEON_PHI_KNL: 73 + case INTEL_FAM6_XEON_PHI_KNM: 66 74 if (idx == PERF_MSR_SMI) 67 75 return true; 68 76 break;
+5 -3
arch/x86/include/asm/asm.h
··· 11 11 # define __ASM_FORM_COMMA(x) " " #x "," 12 12 #endif 13 13 14 - #ifdef CONFIG_X86_32 14 + #ifndef __x86_64__ 15 + /* 32 bit */ 15 16 # define __ASM_SEL(a,b) __ASM_FORM(a) 16 17 # define __ASM_SEL_RAW(a,b) __ASM_FORM_RAW(a) 17 18 #else 19 + /* 64 bit */ 18 20 # define __ASM_SEL(a,b) __ASM_FORM(b) 19 21 # define __ASM_SEL_RAW(a,b) __ASM_FORM_RAW(b) 20 22 #endif ··· 141 139 * gets set up by the containing function. If you forget to do this, objtool 142 140 * may print a "call without frame pointer save/setup" warning. 143 141 */ 144 - register unsigned int __asm_call_sp asm("esp"); 145 - #define ASM_CALL_CONSTRAINT "+r" (__asm_call_sp) 142 + register unsigned long current_stack_pointer asm(_ASM_SP); 143 + #define ASM_CALL_CONSTRAINT "+r" (current_stack_pointer) 146 144 #endif 147 145 148 146 #endif /* _ASM_X86_ASM_H */
-11
arch/x86/include/asm/thread_info.h
··· 158 158 */ 159 159 #ifndef __ASSEMBLY__ 160 160 161 - static inline unsigned long current_stack_pointer(void) 162 - { 163 - unsigned long sp; 164 - #ifdef CONFIG_X86_64 165 - asm("mov %%rsp,%0" : "=g" (sp)); 166 - #else 167 - asm("mov %%esp,%0" : "=g" (sp)); 168 - #endif 169 - return sp; 170 - } 171 - 172 161 /* 173 162 * Walks up the stack frames to make sure that the specified object is 174 163 * entirely contained by a single stack frame.
+1 -1
arch/x86/include/asm/uaccess.h
··· 337 337 _ASM_EXTABLE(1b, 4b) \ 338 338 _ASM_EXTABLE(2b, 4b) \ 339 339 : "=r" (retval), "=&A"(x) \ 340 - : "m" (__m(__ptr)), "m" __m(((u32 *)(__ptr)) + 1), \ 340 + : "m" (__m(__ptr)), "m" __m(((u32 __user *)(__ptr)) + 1), \ 341 341 "i" (errret), "0" (retval)); \ 342 342 }) 343 343
+3 -3
arch/x86/kernel/irq_32.c
··· 64 64 65 65 static inline void *current_stack(void) 66 66 { 67 - return (void *)(current_stack_pointer() & ~(THREAD_SIZE - 1)); 67 + return (void *)(current_stack_pointer & ~(THREAD_SIZE - 1)); 68 68 } 69 69 70 70 static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc) ··· 88 88 89 89 /* Save the next esp at the bottom of the stack */ 90 90 prev_esp = (u32 *)irqstk; 91 - *prev_esp = current_stack_pointer(); 91 + *prev_esp = current_stack_pointer; 92 92 93 93 if (unlikely(overflow)) 94 94 call_on_stack(print_stack_overflow, isp); ··· 139 139 140 140 /* Push the previous esp onto the stack */ 141 141 prev_esp = (u32 *)irqstk; 142 - *prev_esp = current_stack_pointer(); 142 + *prev_esp = current_stack_pointer; 143 143 144 144 call_on_stack(__do_softirq, isp); 145 145 }
+1 -1
arch/x86/kernel/ksysfs.c
··· 299 299 return 0; 300 300 301 301 out_clean_nodes: 302 - for (j = i - 1; j > 0; j--) 302 + for (j = i - 1; j >= 0; j--) 303 303 cleanup_setup_data_node(*(kobjp + j)); 304 304 kfree(kobjp); 305 305 out_setup_data_kobj:
+1 -1
arch/x86/kernel/traps.c
··· 142 142 * from double_fault. 143 143 */ 144 144 BUG_ON((unsigned long)(current_top_of_stack() - 145 - current_stack_pointer()) >= THREAD_SIZE); 145 + current_stack_pointer) >= THREAD_SIZE); 146 146 147 147 preempt_enable_no_resched(); 148 148 }
+24 -23
arch/x86/mm/fault.c
··· 192 192 * 6. T1 : reaches here, sees vma_pkey(vma)=5, when we really 193 193 * faulted on a pte with its pkey=4. 194 194 */ 195 - static void fill_sig_info_pkey(int si_code, siginfo_t *info, 196 - struct vm_area_struct *vma) 195 + static void fill_sig_info_pkey(int si_code, siginfo_t *info, u32 *pkey) 197 196 { 198 197 /* This is effectively an #ifdef */ 199 198 if (!boot_cpu_has(X86_FEATURE_OSPKE)) ··· 208 209 * valid VMA, so we should never reach this without a 209 210 * valid VMA. 210 211 */ 211 - if (!vma) { 212 + if (!pkey) { 212 213 WARN_ONCE(1, "PKU fault with no VMA passed in"); 213 214 info->si_pkey = 0; 214 215 return; ··· 218 219 * absolutely guranteed to be 100% accurate because of 219 220 * the race explained above. 220 221 */ 221 - info->si_pkey = vma_pkey(vma); 222 + info->si_pkey = *pkey; 222 223 } 223 224 224 225 static void 225 226 force_sig_info_fault(int si_signo, int si_code, unsigned long address, 226 - struct task_struct *tsk, struct vm_area_struct *vma, 227 - int fault) 227 + struct task_struct *tsk, u32 *pkey, int fault) 228 228 { 229 229 unsigned lsb = 0; 230 230 siginfo_t info; ··· 238 240 lsb = PAGE_SHIFT; 239 241 info.si_addr_lsb = lsb; 240 242 241 - fill_sig_info_pkey(si_code, &info, vma); 243 + fill_sig_info_pkey(si_code, &info, pkey); 242 244 243 245 force_sig_info(si_signo, &info, tsk); 244 246 } ··· 760 762 struct task_struct *tsk = current; 761 763 unsigned long flags; 762 764 int sig; 763 - /* No context means no VMA to pass down */ 764 - struct vm_area_struct *vma = NULL; 765 765 766 766 /* Are we prepared to handle this kernel fault? */ 767 767 if (fixup_exception(regs, X86_TRAP_PF)) { ··· 784 788 785 789 /* XXX: hwpoison faults will set the wrong code. */ 786 790 force_sig_info_fault(signal, si_code, address, 787 - tsk, vma, 0); 791 + tsk, NULL, 0); 788 792 } 789 793 790 794 /* ··· 892 896 893 897 static void 894 898 __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, 895 - unsigned long address, struct vm_area_struct *vma, 896 - int si_code) 899 + unsigned long address, u32 *pkey, int si_code) 897 900 { 898 901 struct task_struct *tsk = current; 899 902 ··· 940 945 tsk->thread.error_code = error_code; 941 946 tsk->thread.trap_nr = X86_TRAP_PF; 942 947 943 - force_sig_info_fault(SIGSEGV, si_code, address, tsk, vma, 0); 948 + force_sig_info_fault(SIGSEGV, si_code, address, tsk, pkey, 0); 944 949 945 950 return; 946 951 } ··· 953 958 954 959 static noinline void 955 960 bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, 956 - unsigned long address, struct vm_area_struct *vma) 961 + unsigned long address, u32 *pkey) 957 962 { 958 - __bad_area_nosemaphore(regs, error_code, address, vma, SEGV_MAPERR); 963 + __bad_area_nosemaphore(regs, error_code, address, pkey, SEGV_MAPERR); 959 964 } 960 965 961 966 static void ··· 963 968 unsigned long address, struct vm_area_struct *vma, int si_code) 964 969 { 965 970 struct mm_struct *mm = current->mm; 971 + u32 pkey; 972 + 973 + if (vma) 974 + pkey = vma_pkey(vma); 966 975 967 976 /* 968 977 * Something tried to access memory that isn't in our memory map.. ··· 974 975 */ 975 976 up_read(&mm->mmap_sem); 976 977 977 - __bad_area_nosemaphore(regs, error_code, address, vma, si_code); 978 + __bad_area_nosemaphore(regs, error_code, address, 979 + (vma) ? &pkey : NULL, si_code); 978 980 } 979 981 980 982 static noinline void ··· 1018 1018 1019 1019 static void 1020 1020 do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, 1021 - struct vm_area_struct *vma, unsigned int fault) 1021 + u32 *pkey, unsigned int fault) 1022 1022 { 1023 1023 struct task_struct *tsk = current; 1024 1024 int code = BUS_ADRERR; ··· 1045 1045 code = BUS_MCEERR_AR; 1046 1046 } 1047 1047 #endif 1048 - force_sig_info_fault(SIGBUS, code, address, tsk, vma, fault); 1048 + force_sig_info_fault(SIGBUS, code, address, tsk, pkey, fault); 1049 1049 } 1050 1050 1051 1051 static noinline void 1052 1052 mm_fault_error(struct pt_regs *regs, unsigned long error_code, 1053 - unsigned long address, struct vm_area_struct *vma, 1054 - unsigned int fault) 1053 + unsigned long address, u32 *pkey, unsigned int fault) 1055 1054 { 1056 1055 if (fatal_signal_pending(current) && !(error_code & PF_USER)) { 1057 1056 no_context(regs, error_code, address, 0, 0); ··· 1074 1075 } else { 1075 1076 if (fault & (VM_FAULT_SIGBUS|VM_FAULT_HWPOISON| 1076 1077 VM_FAULT_HWPOISON_LARGE)) 1077 - do_sigbus(regs, error_code, address, vma, fault); 1078 + do_sigbus(regs, error_code, address, pkey, fault); 1078 1079 else if (fault & VM_FAULT_SIGSEGV) 1079 - bad_area_nosemaphore(regs, error_code, address, vma); 1080 + bad_area_nosemaphore(regs, error_code, address, pkey); 1080 1081 else 1081 1082 BUG(); 1082 1083 } ··· 1266 1267 struct mm_struct *mm; 1267 1268 int fault, major = 0; 1268 1269 unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; 1270 + u32 pkey; 1269 1271 1270 1272 tsk = current; 1271 1273 mm = tsk->mm; ··· 1467 1467 return; 1468 1468 } 1469 1469 1470 + pkey = vma_pkey(vma); 1470 1471 up_read(&mm->mmap_sem); 1471 1472 if (unlikely(fault & VM_FAULT_ERROR)) { 1472 - mm_fault_error(regs, error_code, address, vma, fault); 1473 + mm_fault_error(regs, error_code, address, &pkey, fault); 1473 1474 return; 1474 1475 } 1475 1476
+2
arch/x86/mm/mem_encrypt.c
··· 10 10 * published by the Free Software Foundation. 11 11 */ 12 12 13 + #define DISABLE_BRANCH_PROFILING 14 + 13 15 #include <linux/linkage.h> 14 16 #include <linux/init.h> 15 17 #include <linux/mm.h>
+1 -1
arch/x86/mm/tlb.c
··· 191 191 * mapped in the new pgd, we'll double-fault. Forcibly 192 192 * map it. 193 193 */ 194 - unsigned int index = pgd_index(current_stack_pointer()); 194 + unsigned int index = pgd_index(current_stack_pointer); 195 195 pgd_t *pgd = next->pgd + index; 196 196 197 197 if (unlikely(pgd_none(*pgd)))
+1 -1
drivers/clocksource/numachip.c
··· 43 43 return 0; 44 44 } 45 45 46 - static struct clock_event_device numachip2_clockevent = { 46 + static const struct clock_event_device numachip2_clockevent __initconst = { 47 47 .name = "numachip2", 48 48 .rating = 400, 49 49 .set_next_event = numachip2_set_next_event,