Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

+1

arch/x86/boot/string.c

··· 14 14 15 15 #include <linux/types.h> 16 16 #include "ctype.h" 17 + #include "string.h" 17 18 18 19 int memcmp(const void *s1, const void *s2, size_t len) 19 20 {

+9

arch/x86/boot/string.h

··· 18 18 #define memset(d,c,l) __builtin_memset(d,c,l) 19 19 #define memcmp __builtin_memcmp 20 20 21 + extern int strcmp(const char *str1, const char *str2); 22 + extern int strncmp(const char *cs, const char *ct, size_t count); 23 + extern size_t strlen(const char *s); 24 + extern char *strstr(const char *s1, const char *s2); 25 + extern size_t strnlen(const char *s, size_t maxlen); 26 + extern unsigned int atou(const char *s); 27 + extern unsigned long long simple_strtoull(const char *cp, char **endp, 28 + unsigned int base); 29 + 21 30 #endif /* BOOT_STRING_H */

+11 -19

arch/x86/entry/entry_32.S

··· 255 255 END(__switch_to_asm) 256 256 257 257 /* 258 - * The unwinder expects the last frame on the stack to always be at the same 259 - * offset from the end of the page, which allows it to validate the stack. 260 - * Calling schedule_tail() directly would break that convention because its an 261 - * asmlinkage function so its argument has to be pushed on the stack. This 262 - * wrapper creates a proper "end of stack" frame header before the call. 263 - */ 264 - ENTRY(schedule_tail_wrapper) 265 - FRAME_BEGIN 266 - 267 - pushl %eax 268 - call schedule_tail 269 - popl %eax 270 - 271 - FRAME_END 272 - ret 273 - ENDPROC(schedule_tail_wrapper) 274 - /* 275 258 * A newly forked process directly context switches into this address. 276 259 * 277 260 * eax: prev task we switched from ··· 262 279 * edi: kernel thread arg 263 280 */ 264 281 ENTRY(ret_from_fork) 265 - call schedule_tail_wrapper 282 + FRAME_BEGIN /* help unwinder find end of stack */ 283 + 284 + /* 285 + * schedule_tail() is asmlinkage so we have to put its 'prev' argument 286 + * on the stack. 287 + */ 288 + pushl %eax 289 + call schedule_tail 290 + popl %eax 266 291 267 292 testl %ebx, %ebx 268 293 jnz 1f /* kernel threads are uncommon */ 269 294 270 295 2: 271 296 /* When we fork, we trace the syscall return in the child, too. */ 272 - movl %esp, %eax 297 + leal FRAME_OFFSET(%esp), %eax 273 298 call syscall_return_slowpath 299 + FRAME_END 274 300 jmp restore_all 275 301 276 302 /* kernel thread */

+7 -4

arch/x86/entry/entry_64.S

··· 36 36 #include <asm/smap.h> 37 37 #include <asm/pgtable_types.h> 38 38 #include <asm/export.h> 39 + #include <asm/frame.h> 39 40 #include <linux/err.h> 40 41 41 42 .code64 ··· 409 408 * r12: kernel thread arg 410 409 */ 411 410 ENTRY(ret_from_fork) 411 + FRAME_BEGIN /* help unwinder find end of stack */ 412 412 movq %rax, %rdi 413 - call schedule_tail /* rdi: 'prev' task parameter */ 413 + call schedule_tail /* rdi: 'prev' task parameter */ 414 414 415 - testq %rbx, %rbx /* from kernel_thread? */ 416 - jnz 1f /* kernel threads are uncommon */ 415 + testq %rbx, %rbx /* from kernel_thread? */ 416 + jnz 1f /* kernel threads are uncommon */ 417 417 418 418 2: 419 - movq %rsp, %rdi 419 + leaq FRAME_OFFSET(%rsp),%rdi /* pt_regs pointer */ 420 420 call syscall_return_slowpath /* returns with IRQs disabled */ 421 421 TRACE_IRQS_ON /* user mode is traced as IRQS on */ 422 422 SWAPGS 423 + FRAME_END 423 424 jmp restore_regs_and_iret 424 425 425 426 1:

+1 -1

arch/x86/include/asm/intel-family.h

··· 57 57 #define INTEL_FAM6_ATOM_SILVERMONT2 0x4D /* Avaton/Rangely */ 58 58 #define INTEL_FAM6_ATOM_AIRMONT 0x4C /* CherryTrail / Braswell */ 59 59 #define INTEL_FAM6_ATOM_MERRIFIELD 0x4A /* Tangier */ 60 - #define INTEL_FAM6_ATOM_MOOREFIELD 0x5A /* Annidale */ 60 + #define INTEL_FAM6_ATOM_MOOREFIELD 0x5A /* Anniedale */ 61 61 #define INTEL_FAM6_ATOM_GOLDMONT 0x5C 62 62 #define INTEL_FAM6_ATOM_DENVERTON 0x5F /* Goldmont Microserver */ 63 63

+15

arch/x86/include/asm/microcode_intel.h

··· 52 52 53 53 #define exttable_size(et) ((et)->count * EXT_SIGNATURE_SIZE + EXT_HEADER_SIZE) 54 54 55 + static inline u32 intel_get_microcode_revision(void) 56 + { 57 + u32 rev, dummy; 58 + 59 + native_wrmsrl(MSR_IA32_UCODE_REV, 0); 60 + 61 + /* As documented in the SDM: Do a CPUID 1 here */ 62 + native_cpuid_eax(1); 63 + 64 + /* get the current revision from MSR 0x8B */ 65 + native_rdmsr(MSR_IA32_UCODE_REV, dummy, rev); 66 + 67 + return rev; 68 + } 69 + 55 70 #ifdef CONFIG_MICROCODE_INTEL 56 71 extern void __init load_ucode_intel_bsp(void); 57 72 extern void load_ucode_intel_ap(void);

+18

arch/x86/include/asm/processor.h

··· 219 219 : "memory"); 220 220 } 221 221 222 + #define native_cpuid_reg(reg) \ 223 + static inline unsigned int native_cpuid_##reg(unsigned int op) \ 224 + { \ 225 + unsigned int eax = op, ebx, ecx = 0, edx; \ 226 + \ 227 + native_cpuid(&eax, &ebx, &ecx, &edx); \ 228 + \ 229 + return reg; \ 230 + } 231 + 232 + /* 233 + * Native CPUID functions returning a single datum. 234 + */ 235 + native_cpuid_reg(eax) 236 + native_cpuid_reg(ebx) 237 + native_cpuid_reg(ecx) 238 + native_cpuid_reg(edx) 239 + 222 240 static inline void load_cr3(pgd_t *pgdir) 223 241 { 224 242 write_cr3(__pa(pgdir));

+1 -1

arch/x86/include/asm/stacktrace.h

··· 58 58 if (task == current) 59 59 return __builtin_frame_address(0); 60 60 61 - return (unsigned long *)((struct inactive_task_frame *)task->thread.sp)->bp; 61 + return &((struct inactive_task_frame *)task->thread.sp)->bp; 62 62 } 63 63 #else 64 64 static inline unsigned long *

+9 -1

arch/x86/include/asm/switch_to.h

··· 36 36 37 37 asmlinkage void ret_from_fork(void); 38 38 39 - /* data that is pointed to by thread.sp */ 39 + /* 40 + * This is the structure pointed to by thread.sp for an inactive task. The 41 + * order of the fields must match the code in __switch_to_asm(). 42 + */ 40 43 struct inactive_task_frame { 41 44 #ifdef CONFIG_X86_64 42 45 unsigned long r15; ··· 51 48 unsigned long di; 52 49 #endif 53 50 unsigned long bx; 51 + 52 + /* 53 + * These two fields must be together. They form a stack frame header, 54 + * needed by get_frame_pointer(). 55 + */ 54 56 unsigned long bp; 55 57 unsigned long ret_addr; 56 58 };

+1 -8

arch/x86/kernel/cpu/amd.c

··· 309 309 310 310 /* get information required for multi-node processors */ 311 311 if (boot_cpu_has(X86_FEATURE_TOPOEXT)) { 312 - u32 eax, ebx, ecx, edx; 313 312 314 - cpuid(0x8000001e, &eax, &ebx, &ecx, &edx); 315 - node_id = ecx & 7; 316 - 317 - /* get compute unit information */ 318 - smp_num_siblings = ((ebx >> 8) & 3) + 1; 319 - c->x86_max_cores /= smp_num_siblings; 320 - c->cpu_core_id = ebx & 0xff; 313 + node_id = cpuid_ecx(0x8000001e) & 7; 321 314 322 315 /* 323 316 * We may have multiple LLCs if L3 caches exist, so check if we

+1 -1

arch/x86/kernel/cpu/common.c

··· 1221 1221 { 1222 1222 int bit; 1223 1223 1224 - if (get_option(&arg, &bit) && bit < NCAPINTS*32) 1224 + if (get_option(&arg, &bit) && bit >= 0 && bit < NCAPINTS * 32) 1225 1225 setup_clear_cpu_cap(bit); 1226 1226 else 1227 1227 return 0;

+3 -8

arch/x86/kernel/cpu/intel.c

··· 14 14 #include <asm/bugs.h> 15 15 #include <asm/cpu.h> 16 16 #include <asm/intel-family.h> 17 + #include <asm/microcode_intel.h> 17 18 18 19 #ifdef CONFIG_X86_64 19 20 #include <linux/topology.h> ··· 79 78 (c->x86 == 0x6 && c->x86_model >= 0x0e)) 80 79 set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC); 81 80 82 - if (c->x86 >= 6 && !cpu_has(c, X86_FEATURE_IA64)) { 83 - unsigned lower_word; 84 - 85 - wrmsr(MSR_IA32_UCODE_REV, 0, 0); 86 - /* Required by the SDM */ 87 - sync_core(); 88 - rdmsr(MSR_IA32_UCODE_REV, lower_word, c->microcode); 89 - } 81 + if (c->x86 >= 6 && !cpu_has(c, X86_FEATURE_IA64)) 82 + c->microcode = intel_get_microcode_revision(); 90 83 91 84 /* 92 85 * Atom erratum AAE44/AAF40/AAG38/AAH41:

+17 -53

arch/x86/kernel/cpu/microcode/intel.c

··· 150 150 { 151 151 struct ucode_patch *p; 152 152 153 - p = kzalloc(size, GFP_KERNEL); 153 + p = kzalloc(sizeof(struct ucode_patch), GFP_KERNEL); 154 154 if (!p) 155 155 return ERR_PTR(-ENOMEM); 156 156 ··· 368 368 return patch; 369 369 } 370 370 371 - static void cpuid_1(void) 372 - { 373 - /* 374 - * According to the Intel SDM, Volume 3, 9.11.7: 375 - * 376 - * CPUID returns a value in a model specific register in 377 - * addition to its usual register return values. The 378 - * semantics of CPUID cause it to deposit an update ID value 379 - * in the 64-bit model-specific register at address 08BH 380 - * (IA32_BIOS_SIGN_ID). If no update is present in the 381 - * processor, the value in the MSR remains unmodified. 382 - * 383 - * Use native_cpuid -- this code runs very early and we don't 384 - * want to mess with paravirt. 385 - */ 386 - unsigned int eax = 1, ebx, ecx = 0, edx; 387 - 388 - native_cpuid(&eax, &ebx, &ecx, &edx); 389 - } 390 - 391 371 static int collect_cpu_info_early(struct ucode_cpu_info *uci) 392 372 { 393 373 unsigned int val[2]; ··· 390 410 native_rdmsr(MSR_IA32_PLATFORM_ID, val[0], val[1]); 391 411 csig.pf = 1 << ((val[1] >> 18) & 7); 392 412 } 393 - native_wrmsrl(MSR_IA32_UCODE_REV, 0); 394 413 395 - /* As documented in the SDM: Do a CPUID 1 here */ 396 - cpuid_1(); 397 - 398 - /* get the current revision from MSR 0x8B */ 399 - native_rdmsr(MSR_IA32_UCODE_REV, val[0], val[1]); 400 - 401 - csig.rev = val[1]; 414 + csig.rev = intel_get_microcode_revision(); 402 415 403 416 uci->cpu_sig = csig; 404 417 uci->valid = 1; ··· 575 602 static int apply_microcode_early(struct ucode_cpu_info *uci, bool early) 576 603 { 577 604 struct microcode_intel *mc; 578 - unsigned int val[2]; 605 + u32 rev; 579 606 580 607 mc = uci->mc; 581 608 if (!mc) ··· 583 610 584 611 /* write microcode via MSR 0x79 */ 585 612 native_wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); 586 - native_wrmsrl(MSR_IA32_UCODE_REV, 0); 587 613 588 - /* As documented in the SDM: Do a CPUID 1 here */ 589 - cpuid_1(); 590 - 591 - /* get the current revision from MSR 0x8B */ 592 - native_rdmsr(MSR_IA32_UCODE_REV, val[0], val[1]); 593 - if (val[1] != mc->hdr.rev) 614 + rev = intel_get_microcode_revision(); 615 + if (rev != mc->hdr.rev) 594 616 return -1; 595 617 596 618 #ifdef CONFIG_X86_64 597 619 /* Flush global tlb. This is precaution. */ 598 620 flush_tlb_early(); 599 621 #endif 600 - uci->cpu_sig.rev = val[1]; 622 + uci->cpu_sig.rev = rev; 601 623 602 624 if (early) 603 625 print_ucode(uci); ··· 772 804 struct microcode_intel *mc; 773 805 struct ucode_cpu_info *uci; 774 806 struct cpuinfo_x86 *c; 775 - unsigned int val[2]; 776 807 static int prev_rev; 808 + u32 rev; 777 809 778 810 /* We should bind the task to the CPU */ 779 811 if (WARN_ON(raw_smp_processor_id() != cpu)) ··· 790 822 791 823 /* write microcode via MSR 0x79 */ 792 824 wrmsrl(MSR_IA32_UCODE_WRITE, (unsigned long)mc->bits); 793 - wrmsrl(MSR_IA32_UCODE_REV, 0); 794 825 795 - /* As documented in the SDM: Do a CPUID 1 here */ 796 - cpuid_1(); 826 + rev = intel_get_microcode_revision(); 797 827 798 - /* get the current revision from MSR 0x8B */ 799 - rdmsr(MSR_IA32_UCODE_REV, val[0], val[1]); 800 - 801 - if (val[1] != mc->hdr.rev) { 828 + if (rev != mc->hdr.rev) { 802 829 pr_err("CPU%d update to revision 0x%x failed\n", 803 830 cpu, mc->hdr.rev); 804 831 return -1; 805 832 } 806 833 807 - if (val[1] != prev_rev) { 834 + if (rev != prev_rev) { 808 835 pr_info("updated to revision 0x%x, date = %04x-%02x-%02x\n", 809 - val[1], 836 + rev, 810 837 mc->hdr.date & 0xffff, 811 838 mc->hdr.date >> 24, 812 839 (mc->hdr.date >> 16) & 0xff); 813 - prev_rev = val[1]; 840 + prev_rev = rev; 814 841 } 815 842 816 843 c = &cpu_data(cpu); 817 844 818 - uci->cpu_sig.rev = val[1]; 819 - c->microcode = val[1]; 845 + uci->cpu_sig.rev = rev; 846 + c->microcode = rev; 820 847 821 848 return 0; 822 849 } ··· 823 860 u8 *ucode_ptr = data, *new_mc = NULL, *mc = NULL; 824 861 int new_rev = uci->cpu_sig.rev; 825 862 unsigned int leftover = size; 826 - unsigned int curr_mc_size = 0; 863 + unsigned int curr_mc_size = 0, new_mc_size = 0; 827 864 unsigned int csig, cpf; 828 865 829 866 while (leftover) { ··· 864 901 vfree(new_mc); 865 902 new_rev = mc_header.rev; 866 903 new_mc = mc; 904 + new_mc_size = mc_size; 867 905 mc = NULL; /* trigger new vmalloc */ 868 906 } 869 907 ··· 890 926 * permanent memory. So it will be loaded early when a CPU is hot added 891 927 * or resumes. 892 928 */ 893 - save_mc_for_early(new_mc, curr_mc_size); 929 + save_mc_for_early(new_mc, new_mc_size); 894 930 895 931 pr_debug("CPU%d found a matching microcode update with version 0x%x (current=0x%x)\n", 896 932 cpu, new_rev, uci->cpu_sig.rev);

+1

arch/x86/kernel/tsc.c

··· 694 694 crystal_khz = 24000; /* 24.0 MHz */ 695 695 break; 696 696 case INTEL_FAM6_SKYLAKE_X: 697 + case INTEL_FAM6_ATOM_DENVERTON: 697 698 crystal_khz = 25000; /* 25.0 MHz */ 698 699 break; 699 700 case INTEL_FAM6_ATOM_GOLDMONT:

+28 -2

arch/x86/kernel/unwind_frame.c

··· 6 6 7 7 #define FRAME_HEADER_SIZE (sizeof(long) * 2) 8 8 9 + /* 10 + * This disables KASAN checking when reading a value from another task's stack, 11 + * since the other task could be running on another CPU and could have poisoned 12 + * the stack in the meantime. 13 + */ 14 + #define READ_ONCE_TASK_STACK(task, x) \ 15 + ({ \ 16 + unsigned long val; \ 17 + if (task == current) \ 18 + val = READ_ONCE(x); \ 19 + else \ 20 + val = READ_ONCE_NOCHECK(x); \ 21 + val; \ 22 + }) 23 + 9 24 static void unwind_dump(struct unwind_state *state, unsigned long *sp) 10 25 { 11 26 static bool dumped_before = false; ··· 63 48 if (state->regs && user_mode(state->regs)) 64 49 return 0; 65 50 66 - addr = ftrace_graph_ret_addr(state->task, &state->graph_idx, *addr_p, 51 + addr = READ_ONCE_TASK_STACK(state->task, *addr_p); 52 + addr = ftrace_graph_ret_addr(state->task, &state->graph_idx, addr, 67 53 addr_p); 68 54 69 55 return __kernel_text_address(addr) ? addr : 0; ··· 178 162 if (state->regs) 179 163 next_bp = (unsigned long *)state->regs->bp; 180 164 else 181 - next_bp = (unsigned long *)*state->bp; 165 + next_bp = (unsigned long *)READ_ONCE_TASK_STACK(state->task,*state->bp); 182 166 183 167 /* is the next frame pointer an encoded pointer to pt_regs? */ 184 168 regs = decode_frame_pointer(next_bp); ··· 223 207 return true; 224 208 225 209 bad_address: 210 + /* 211 + * When unwinding a non-current task, the task might actually be 212 + * running on another CPU, in which case it could be modifying its 213 + * stack while we're reading it. This is generally not a problem and 214 + * can be ignored as long as the caller understands that unwinding 215 + * another task will not always succeed. 216 + */ 217 + if (state->task != current) 218 + goto the_end; 219 + 226 220 if (state->regs) { 227 221 printk_deferred_once(KERN_WARNING 228 222 "WARNING: kernel stack regs at %p in %s:%d has bad 'bp' value %p\n",

+1 -1

arch/x86/mm/mpx.c

··· 293 293 * We were not able to extract an address from the instruction, 294 294 * probably because there was something invalid in it. 295 295 */ 296 - if (info->si_addr == (void *)-1) { 296 + if (info->si_addr == (void __user *)-1) { 297 297 err = -EINVAL; 298 298 goto err_out; 299 299 }

+1 -1

arch/x86/platform/intel-mid/device_libs/Makefile

··· 15 15 obj-$(subst m,y,$(CONFIG_GPIO_INTEL_PMIC)) += platform_pmic_gpio.o 16 16 obj-$(subst m,y,$(CONFIG_INTEL_MFLD_THERMAL)) += platform_msic_thermal.o 17 17 # SPI Devices 18 - obj-$(subst m,y,$(CONFIG_SPI_SPIDEV)) += platform_spidev.o 18 + obj-$(subst m,y,$(CONFIG_SPI_SPIDEV)) += platform_mrfld_spidev.o 19 19 # I2C Devices 20 20 obj-$(subst m,y,$(CONFIG_SENSORS_EMC1403)) += platform_emc1403.o 21 21 obj-$(subst m,y,$(CONFIG_SENSORS_LIS3LV02D)) += platform_lis331.o

+4

arch/x86/platform/intel-mid/device_libs/platform_spidev.c arch/x86/platform/intel-mid/device_libs/platform_mrfld_spidev.c

··· 11 11 * of the License. 12 12 */ 13 13 14 + #include <linux/err.h> 14 15 #include <linux/init.h> 15 16 #include <linux/sfi.h> 16 17 #include <linux/spi/pxa2xx_spi.h> ··· 34 33 static void __init *spidev_platform_data(void *info) 35 34 { 36 35 struct spi_board_info *spi_info = info; 36 + 37 + if (intel_mid_identify_cpu() != INTEL_MID_CPU_CHIP_TANGIER) 38 + return ERR_PTR(-ENODEV); 37 39 38 40 spi_info->mode = SPI_MODE_0; 39 41 spi_info->controller_data = &spidev_spi_chip;

Configure Feed

Configure Feed