tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Thomas Gleixner:
"A series of fixes for X86:

- The final fix for the end-of-stack issue in the unwinder
- Handle non PAT systems gracefully
- Prevent access to uninitiliazed memory
- Move early delay calaibration after basic init
- Fix Kconfig help text
- Fix a cross compile issue
- Unbreak older make versions"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/timers: Move simple_udelay_calibration past init_hypervisor_platform
x86/alternatives: Prevent uninitialized stack byte read in apply_alternatives()
x86/PAT: Fix Xorg regression on CPUs that don't support PAT
x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation
x86/build: Permit building with old make versions
x86/unwind: Add end-of-stack check for ftrace handlers
Revert "x86/entry: Fix the end of the stack for newly forked tasks"
x86/boot: Use CROSS_COMPILE prefix for readelf

Linus Torvalds 38e6bf23 39b8ab31

options
unified split
Changed files
+81 -37
arch
x86
Kconfig
Makefile
boot
compressed
Makefile
entry
entry_32.S
entry_64.S
kernel
alternative.c
setup.c
unwind_frame.c
mm
pat.c
+1 -1
arch/x86/Kconfig
··· 360 360 Management" code will be disabled if you say Y here. 361 361 362 362 See also <file:Documentation/x86/i386/IO-APIC.txt>, 363 - <file:Documentation/nmi_watchdog.txt> and the SMP-HOWTO available at 363 + <file:Documentation/lockup-watchdogs.txt> and the SMP-HOWTO available at 364 364 <http://www.tldp.org/docs.html#howto>. 365 365 366 366 If you don't know what to do here, say N.
+1 -1
arch/x86/Makefile
··· 159 159 # If '-Os' is enabled, disable it and print a warning. 160 160 ifdef CONFIG_CC_OPTIMIZE_FOR_SIZE 161 161 undefine CONFIG_CC_OPTIMIZE_FOR_SIZE 162 - $(warning Disabling CONFIG_CC_OPTIMIZE_FOR_SIZE. Your compiler does not have -mfentry so you cannot optimize for size with CONFIG_FUNCTION_GRAPH_TRACER.) 162 + $(warning Disabling CONFIG_CC_OPTIMIZE_FOR_SIZE. Your compiler does not have -mfentry so you cannot optimize for size with CONFIG_FUNCTION_GRAPH_TRACER.) 163 163 endif 164 164 165 165 endif
+1 -1
arch/x86/boot/compressed/Makefile
··· 94 94 quiet_cmd_check_data_rel = DATAREL $@ 95 95 define cmd_check_data_rel 96 96 for obj in $(filter %.o,$^); do \ 97 - readelf -S $$obj | grep -qF .rel.local && { \ 97 + ${CROSS_COMPILE}readelf -S $$obj | grep -qF .rel.local && { \ 98 98 echo "error: $$obj has data relocations!" >&2; \ 99 99 exit 1; \ 100 100 } || true; \
+19 -11
arch/x86/entry/entry_32.S
··· 252 252 END(__switch_to_asm) 253 253 254 254 /* 255 + * The unwinder expects the last frame on the stack to always be at the same 256 + * offset from the end of the page, which allows it to validate the stack. 257 + * Calling schedule_tail() directly would break that convention because its an 258 + * asmlinkage function so its argument has to be pushed on the stack. This 259 + * wrapper creates a proper "end of stack" frame header before the call. 260 + */ 261 + ENTRY(schedule_tail_wrapper) 262 + FRAME_BEGIN 263 + 264 + pushl %eax 265 + call schedule_tail 266 + popl %eax 267 + 268 + FRAME_END 269 + ret 270 + ENDPROC(schedule_tail_wrapper) 271 + /* 255 272 * A newly forked process directly context switches into this address. 256 273 * 257 274 * eax: prev task we switched from ··· 276 259 * edi: kernel thread arg 277 260 */ 278 261 ENTRY(ret_from_fork) 279 - FRAME_BEGIN /* help unwinder find end of stack */ 280 - 281 - /* 282 - * schedule_tail() is asmlinkage so we have to put its 'prev' argument 283 - * on the stack. 284 - */ 285 - pushl %eax 286 - call schedule_tail 287 - popl %eax 262 + call schedule_tail_wrapper 288 263 289 264 testl %ebx, %ebx 290 265 jnz 1f /* kernel threads are uncommon */ 291 266 292 267 2: 293 268 /* When we fork, we trace the syscall return in the child, too. */ 294 - leal FRAME_OFFSET(%esp), %eax 269 + movl %esp, %eax 295 270 call syscall_return_slowpath 296 - FRAME_END 297 271 jmp restore_all 298 272 299 273 /* kernel thread */
+4 -7
arch/x86/entry/entry_64.S
··· 36 36 #include <asm/smap.h> 37 37 #include <asm/pgtable_types.h> 38 38 #include <asm/export.h> 39 - #include <asm/frame.h> 40 39 #include <linux/err.h> 41 40 42 41 .code64 ··· 405 406 * r12: kernel thread arg 406 407 */ 407 408 ENTRY(ret_from_fork) 408 - FRAME_BEGIN /* help unwinder find end of stack */ 409 409 movq %rax, %rdi 410 - call schedule_tail /* rdi: 'prev' task parameter */ 410 + call schedule_tail /* rdi: 'prev' task parameter */ 411 411 412 - testq %rbx, %rbx /* from kernel_thread? */ 413 - jnz 1f /* kernel threads are uncommon */ 412 + testq %rbx, %rbx /* from kernel_thread? */ 413 + jnz 1f /* kernel threads are uncommon */ 414 414 415 415 2: 416 - leaq FRAME_OFFSET(%rsp),%rdi /* pt_regs pointer */ 416 + movq %rsp, %rdi 417 417 call syscall_return_slowpath /* returns with IRQs disabled */ 418 418 TRACE_IRQS_ON /* user mode is traced as IRQS on */ 419 419 SWAPGS 420 - FRAME_END 421 420 jmp restore_regs_and_iret 422 421 423 422 1:
+7 -2
arch/x86/kernel/alternative.c
··· 409 409 memcpy(insnbuf, replacement, a->replacementlen); 410 410 insnbuf_sz = a->replacementlen; 411 411 412 - /* 0xe8 is a relative jump; fix the offset. */ 413 - if (*insnbuf == 0xe8 && a->replacementlen == 5) { 412 + /* 413 + * 0xe8 is a relative jump; fix the offset. 414 + * 415 + * Instruction length is checked before the opcode to avoid 416 + * accessing uninitialized bytes for zero-length replacements. 417 + */ 418 + if (a->replacementlen == 5 && *insnbuf == 0xe8) { 414 419 *(s32 *)(insnbuf + 1) += replacement - instr; 415 420 DPRINTK("Fix CALL offset: 0x%x, CALL 0x%lx", 416 421 *(s32 *)(insnbuf + 1),
+2 -2
arch/x86/kernel/setup.c
··· 980 980 */ 981 981 x86_configure_nx(); 982 982 983 - simple_udelay_calibration(); 984 - 985 983 parse_early_param(); 986 984 987 985 #ifdef CONFIG_MEMORY_HOTPLUG ··· 1038 1040 * needs to be done after dmi_scan_machine, for the BP. 1039 1041 */ 1040 1042 init_hypervisor_platform(); 1043 + 1044 + simple_udelay_calibration(); 1041 1045 1042 1046 x86_init.resources.probe_roms(); 1043 1047
+40 -9
arch/x86/kernel/unwind_frame.c
··· 104 104 return (unsigned long *)task_pt_regs(state->task) - 2; 105 105 } 106 106 107 + static bool is_last_frame(struct unwind_state *state) 108 + { 109 + return state->bp == last_frame(state); 110 + } 111 + 107 112 #ifdef CONFIG_X86_32 108 113 #define GCC_REALIGN_WORDS 3 109 114 #else ··· 120 115 return last_frame(state) - GCC_REALIGN_WORDS; 121 116 } 122 117 123 - static bool is_last_task_frame(struct unwind_state *state) 118 + static bool is_last_aligned_frame(struct unwind_state *state) 124 119 { 125 120 unsigned long *last_bp = last_frame(state); 126 121 unsigned long *aligned_bp = last_aligned_frame(state); 127 122 128 123 /* 129 - * We have to check for the last task frame at two different locations 130 - * because gcc can occasionally decide to realign the stack pointer and 131 - * change the offset of the stack frame in the prologue of a function 132 - * called by head/entry code. Examples: 124 + * GCC can occasionally decide to realign the stack pointer and change 125 + * the offset of the stack frame in the prologue of a function called 126 + * by head/entry code. Examples: 133 127 * 134 128 * <start_secondary>: 135 129 * push %edi ··· 145 141 * push %rbp 146 142 * mov %rsp,%rbp 147 143 * 148 - * Note that after aligning the stack, it pushes a duplicate copy of 149 - * the return address before pushing the frame pointer. 144 + * After aligning the stack, it pushes a duplicate copy of the return 145 + * address before pushing the frame pointer. 150 146 */ 151 - return (state->bp == last_bp || 152 - (state->bp == aligned_bp && *(aligned_bp+1) == *(last_bp+1))); 147 + return (state->bp == aligned_bp && *(aligned_bp + 1) == *(last_bp + 1)); 148 + } 149 + 150 + static bool is_last_ftrace_frame(struct unwind_state *state) 151 + { 152 + unsigned long *last_bp = last_frame(state); 153 + unsigned long *last_ftrace_bp = last_bp - 3; 154 + 155 + /* 156 + * When unwinding from an ftrace handler of a function called by entry 157 + * code, the stack layout of the last frame is: 158 + * 159 + * bp 160 + * parent ret addr 161 + * bp 162 + * function ret addr 163 + * parent ret addr 164 + * pt_regs 165 + * ----------------- 166 + */ 167 + return (state->bp == last_ftrace_bp && 168 + *state->bp == *(state->bp + 2) && 169 + *(state->bp + 1) == *(state->bp + 4)); 170 + } 171 + 172 + static bool is_last_task_frame(struct unwind_state *state) 173 + { 174 + return is_last_frame(state) || is_last_aligned_frame(state) || 175 + is_last_ftrace_frame(state); 153 176 } 154 177 155 178 /*
+6 -3
arch/x86/mm/pat.c
··· 65 65 } 66 66 early_param("nopat", nopat); 67 67 68 + static bool __read_mostly __pat_initialized = false; 69 + 68 70 bool pat_enabled(void) 69 71 { 70 - return !!__pat_enabled; 72 + return __pat_initialized; 71 73 } 72 74 EXPORT_SYMBOL_GPL(pat_enabled); 73 75 ··· 227 225 } 228 226 229 227 wrmsrl(MSR_IA32_CR_PAT, pat); 228 + __pat_initialized = true; 230 229 231 230 __init_cache_modes(pat); 232 231 } 233 232 234 233 static void pat_ap_init(u64 pat) 235 234 { 236 - if (!boot_cpu_has(X86_FEATURE_PAT)) { 235 + if (!this_cpu_has(X86_FEATURE_PAT)) { 237 236 /* 238 237 * If this happens we are on a secondary CPU, but switched to 239 238 * PAT on the boot CPU. We have no way to undo PAT. ··· 309 306 u64 pat; 310 307 struct cpuinfo_x86 *c = &boot_cpu_data; 311 308 312 - if (!pat_enabled()) { 309 + if (!__pat_enabled) { 313 310 init_cache_modes(); 314 311 return; 315 312 }