Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm

Pull ARM fixes from Russell King:
"It's been a while... so there's a little more here than normal.

Mostly updates from Will for the breakpoint stuff, and plugging a few
holes in the user access functions which crept in when domain support
was disabled for ARMv7 CPUs."

* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
ARM: 7529/1: delay: set loops_per_jiffy when moving to timer-based loop
ARM: 7528/1: uaccess: annotate [__]{get,put}_user functions with might_fault()
ARM: 7527/1: uaccess: explicitly check __user pointer when !CPU_USE_DOMAINS
ARM: 7526/1: traps: send SIGILL if get_user fails on undef handling path
ARM: 7521/1: Fix semihosting Kconfig text
ARM: 7513/1: Make sure dtc is built before running it
ARM: 7512/1: Fix XIP build due to PHYS_OFFSET definition moving
ARM: 7499/1: mm: Fix vmalloc overlap check for !HIGHMEM
ARM: 7503/1: mm: only flush both pmd entries for classic MMU
ARM: 7502/1: contextidr: avoid using bfi instruction during notifier
ARM: 7501/1: decompressor: reset ttbcr for VMSA ARMv7 cores
ARM: 7497/1: hw_breakpoint: allow single-byte watchpoints on all addresses
ARM: 7496/1: hw_breakpoint: don't rely on dfsr to show watchpoint access type
ARM: Fix ioremap() of address zero

+151 -57
+3 -3
arch/arm/Kconfig.debug
··· 356 356 is nothing connected to read from the DCC. 357 357 358 358 config DEBUG_SEMIHOSTING 359 - bool "Kernel low-level debug output via semihosting I" 359 + bool "Kernel low-level debug output via semihosting I/O" 360 360 help 361 361 Semihosting enables code running on an ARM target to use 362 362 the I/O facilities on a host debugger/emulator through a 363 - simple SVC calls. The host debugger or emulator must have 363 + simple SVC call. The host debugger or emulator must have 364 364 semihosting enabled for the special svc call to be trapped 365 365 otherwise the kernel will crash. 366 366 367 - This is known to work with OpenOCD, as wellas 367 + This is known to work with OpenOCD, as well as 368 368 ARM's Fast Models, or any other controlling environment 369 369 that implements semihosting. 370 370
+2 -2
arch/arm/Makefile
··· 284 284 zinstall uinstall install: vmlinux 285 285 $(Q)$(MAKE) $(build)=$(boot) MACHINE=$(MACHINE) $@ 286 286 287 - %.dtb: 287 + %.dtb: scripts 288 288 $(Q)$(MAKE) $(build)=$(boot) MACHINE=$(MACHINE) $(boot)/$@ 289 289 290 - dtbs: 290 + dtbs: scripts 291 291 $(Q)$(MAKE) $(build)=$(boot) MACHINE=$(MACHINE) $(boot)/$@ 292 292 293 293 # We use MRPROPER_FILES and CLEAN_FILES now
+4
arch/arm/boot/compressed/head.S
··· 659 659 #ifdef CONFIG_CPU_ENDIAN_BE8 660 660 orr r0, r0, #1 << 25 @ big-endian page tables 661 661 #endif 662 + mrcne p15, 0, r6, c2, c0, 2 @ read ttb control reg 662 663 orrne r0, r0, #1 @ MMU enabled 663 664 movne r1, #0xfffffffd @ domain 0 = client 665 + bic r6, r6, #1 << 31 @ 32-bit translation system 666 + bic r6, r6, #3 << 0 @ use only ttbr0 664 667 mcrne p15, 0, r3, c2, c0, 0 @ load page table pointer 665 668 mcrne p15, 0, r1, c3, c0, 0 @ load domain access control 669 + mcrne p15, 0, r6, c2, c0, 2 @ load ttb control 666 670 #endif 667 671 mcr p15, 0, r0, c7, c5, 4 @ ISB 668 672 mcr p15, 0, r0, c1, c0, 0 @ load control register
+8
arch/arm/include/asm/assembler.h
··· 320 320 .size \name , . - \name 321 321 .endm 322 322 323 + .macro check_uaccess, addr:req, size:req, limit:req, tmp:req, bad:req 324 + #ifndef CONFIG_CPU_USE_DOMAINS 325 + adds \tmp, \addr, #\size - 1 326 + sbcccs \tmp, \tmp, \limit 327 + bcs \bad 328 + #endif 329 + .endm 330 + 323 331 #endif /* __ASM_ASSEMBLER_H__ */
+3
arch/arm/include/asm/memory.h
··· 187 187 #define __phys_to_virt(x) ((x) - PHYS_OFFSET + PAGE_OFFSET) 188 188 #endif 189 189 #endif 190 + #endif /* __ASSEMBLY__ */ 190 191 191 192 #ifndef PHYS_OFFSET 192 193 #ifdef PLAT_PHYS_OFFSET ··· 196 195 #define PHYS_OFFSET UL(CONFIG_PHYS_OFFSET) 197 196 #endif 198 197 #endif 198 + 199 + #ifndef __ASSEMBLY__ 199 200 200 201 /* 201 202 * PFNs are used to describe any physical page; this means
+4
arch/arm/include/asm/tlb.h
··· 199 199 { 200 200 pgtable_page_dtor(pte); 201 201 202 + #ifdef CONFIG_ARM_LPAE 203 + tlb_add_flush(tlb, addr); 204 + #else 202 205 /* 203 206 * With the classic ARM MMU, a pte page has two corresponding pmd 204 207 * entries, each covering 1MB. ··· 209 206 addr &= PMD_MASK; 210 207 tlb_add_flush(tlb, addr + SZ_1M - PAGE_SIZE); 211 208 tlb_add_flush(tlb, addr + SZ_1M); 209 + #endif 212 210 213 211 tlb_remove_page(tlb, pte); 214 212 }
+43 -15
arch/arm/include/asm/uaccess.h
··· 101 101 extern int __get_user_2(void *); 102 102 extern int __get_user_4(void *); 103 103 104 - #define __get_user_x(__r2,__p,__e,__s,__i...) \ 104 + #define __GUP_CLOBBER_1 "lr", "cc" 105 + #ifdef CONFIG_CPU_USE_DOMAINS 106 + #define __GUP_CLOBBER_2 "ip", "lr", "cc" 107 + #else 108 + #define __GUP_CLOBBER_2 "lr", "cc" 109 + #endif 110 + #define __GUP_CLOBBER_4 "lr", "cc" 111 + 112 + #define __get_user_x(__r2,__p,__e,__l,__s) \ 105 113 __asm__ __volatile__ ( \ 106 114 __asmeq("%0", "r0") __asmeq("%1", "r2") \ 115 + __asmeq("%3", "r1") \ 107 116 "bl __get_user_" #__s \ 108 117 : "=&r" (__e), "=r" (__r2) \ 109 - : "0" (__p) \ 110 - : __i, "cc") 118 + : "0" (__p), "r" (__l) \ 119 + : __GUP_CLOBBER_##__s) 111 120 112 - #define get_user(x,p) \ 121 + #define __get_user_check(x,p) \ 113 122 ({ \ 123 + unsigned long __limit = current_thread_info()->addr_limit - 1; \ 114 124 register const typeof(*(p)) __user *__p asm("r0") = (p);\ 115 125 register unsigned long __r2 asm("r2"); \ 126 + register unsigned long __l asm("r1") = __limit; \ 116 127 register int __e asm("r0"); \ 117 128 switch (sizeof(*(__p))) { \ 118 129 case 1: \ 119 - __get_user_x(__r2, __p, __e, 1, "lr"); \ 120 - break; \ 130 + __get_user_x(__r2, __p, __e, __l, 1); \ 131 + break; \ 121 132 case 2: \ 122 - __get_user_x(__r2, __p, __e, 2, "r3", "lr"); \ 133 + __get_user_x(__r2, __p, __e, __l, 2); \ 123 134 break; \ 124 135 case 4: \ 125 - __get_user_x(__r2, __p, __e, 4, "lr"); \ 136 + __get_user_x(__r2, __p, __e, __l, 4); \ 126 137 break; \ 127 138 default: __e = __get_user_bad(); break; \ 128 139 } \ ··· 141 130 __e; \ 142 131 }) 143 132 133 + #define get_user(x,p) \ 134 + ({ \ 135 + might_fault(); \ 136 + __get_user_check(x,p); \ 137 + }) 138 + 144 139 extern int __put_user_1(void *, unsigned int); 145 140 extern int __put_user_2(void *, unsigned int); 146 141 extern int __put_user_4(void *, unsigned int); 147 142 extern int __put_user_8(void *, unsigned long long); 148 143 149 - #define __put_user_x(__r2,__p,__e,__s) \ 144 + #define __put_user_x(__r2,__p,__e,__l,__s) \ 150 145 __asm__ __volatile__ ( \ 151 146 __asmeq("%0", "r0") __asmeq("%2", "r2") \ 147 + __asmeq("%3", "r1") \ 152 148 "bl __put_user_" #__s \ 153 149 : "=&r" (__e) \ 154 - : "0" (__p), "r" (__r2) \ 150 + : "0" (__p), "r" (__r2), "r" (__l) \ 155 151 : "ip", "lr", "cc") 156 152 157 - #define put_user(x,p) \ 153 + #define __put_user_check(x,p) \ 158 154 ({ \ 155 + unsigned long __limit = current_thread_info()->addr_limit - 1; \ 159 156 register const typeof(*(p)) __r2 asm("r2") = (x); \ 160 157 register const typeof(*(p)) __user *__p asm("r0") = (p);\ 158 + register unsigned long __l asm("r1") = __limit; \ 161 159 register int __e asm("r0"); \ 162 160 switch (sizeof(*(__p))) { \ 163 161 case 1: \ 164 - __put_user_x(__r2, __p, __e, 1); \ 162 + __put_user_x(__r2, __p, __e, __l, 1); \ 165 163 break; \ 166 164 case 2: \ 167 - __put_user_x(__r2, __p, __e, 2); \ 165 + __put_user_x(__r2, __p, __e, __l, 2); \ 168 166 break; \ 169 167 case 4: \ 170 - __put_user_x(__r2, __p, __e, 4); \ 168 + __put_user_x(__r2, __p, __e, __l, 4); \ 171 169 break; \ 172 170 case 8: \ 173 - __put_user_x(__r2, __p, __e, 8); \ 171 + __put_user_x(__r2, __p, __e, __l, 8); \ 174 172 break; \ 175 173 default: __e = __put_user_bad(); break; \ 176 174 } \ 177 175 __e; \ 178 176 }) 177 + 178 + #define put_user(x,p) \ 179 + ({ \ 180 + might_fault(); \ 181 + __put_user_check(x,p); \ 182 + }) 179 183 180 184 #else /* CONFIG_MMU */ 181 185 ··· 245 219 unsigned long __gu_addr = (unsigned long)(ptr); \ 246 220 unsigned long __gu_val; \ 247 221 __chk_user_ptr(ptr); \ 222 + might_fault(); \ 248 223 switch (sizeof(*(ptr))) { \ 249 224 case 1: __get_user_asm_byte(__gu_val,__gu_addr,err); break; \ 250 225 case 2: __get_user_asm_half(__gu_val,__gu_addr,err); break; \ ··· 327 300 unsigned long __pu_addr = (unsigned long)(ptr); \ 328 301 __typeof__(*(ptr)) __pu_val = (x); \ 329 302 __chk_user_ptr(ptr); \ 303 + might_fault(); \ 330 304 switch (sizeof(*(ptr))) { \ 331 305 case 1: __put_user_asm_byte(__pu_val,__pu_addr,err); break; \ 332 306 case 2: __put_user_asm_half(__pu_val,__pu_addr,err); break; \
+44 -18
arch/arm/kernel/hw_breakpoint.c
··· 159 159 arch >= ARM_DEBUG_ARCH_V7_1; 160 160 } 161 161 162 + /* Can we determine the watchpoint access type from the fsr? */ 163 + static int debug_exception_updates_fsr(void) 164 + { 165 + return 0; 166 + } 167 + 162 168 /* Determine number of WRP registers available. */ 163 169 static int get_num_wrp_resources(void) 164 170 { ··· 610 604 /* Aligned */ 611 605 break; 612 606 case 1: 613 - /* Allow single byte watchpoint. */ 614 - if (info->ctrl.len == ARM_BREAKPOINT_LEN_1) 615 - break; 616 607 case 2: 617 608 /* Allow halfword watchpoints and breakpoints. */ 618 609 if (info->ctrl.len == ARM_BREAKPOINT_LEN_2) 610 + break; 611 + case 3: 612 + /* Allow single byte watchpoint. */ 613 + if (info->ctrl.len == ARM_BREAKPOINT_LEN_1) 619 614 break; 620 615 default: 621 616 ret = -EINVAL; ··· 626 619 info->address &= ~alignment_mask; 627 620 info->ctrl.len <<= offset; 628 621 629 - /* 630 - * Currently we rely on an overflow handler to take 631 - * care of single-stepping the breakpoint when it fires. 632 - * In the case of userspace breakpoints on a core with V7 debug, 633 - * we can use the mismatch feature as a poor-man's hardware 634 - * single-step, but this only works for per-task breakpoints. 635 - */ 636 - if (!bp->overflow_handler && (arch_check_bp_in_kernelspace(bp) || 637 - !core_has_mismatch_brps() || !bp->hw.bp_target)) { 638 - pr_warning("overflow handler required but none found\n"); 639 - ret = -EINVAL; 622 + if (!bp->overflow_handler) { 623 + /* 624 + * Mismatch breakpoints are required for single-stepping 625 + * breakpoints. 626 + */ 627 + if (!core_has_mismatch_brps()) 628 + return -EINVAL; 629 + 630 + /* We don't allow mismatch breakpoints in kernel space. */ 631 + if (arch_check_bp_in_kernelspace(bp)) 632 + return -EPERM; 633 + 634 + /* 635 + * Per-cpu breakpoints are not supported by our stepping 636 + * mechanism. 637 + */ 638 + if (!bp->hw.bp_target) 639 + return -EINVAL; 640 + 641 + /* 642 + * We only support specific access types if the fsr 643 + * reports them. 644 + */ 645 + if (!debug_exception_updates_fsr() && 646 + (info->ctrl.type == ARM_BREAKPOINT_LOAD || 647 + info->ctrl.type == ARM_BREAKPOINT_STORE)) 648 + return -EINVAL; 640 649 } 650 + 641 651 out: 642 652 return ret; 643 653 } ··· 730 706 goto unlock; 731 707 732 708 /* Check that the access type matches. */ 733 - access = (fsr & ARM_FSR_ACCESS_MASK) ? HW_BREAKPOINT_W : 734 - HW_BREAKPOINT_R; 735 - if (!(access & hw_breakpoint_type(wp))) 736 - goto unlock; 709 + if (debug_exception_updates_fsr()) { 710 + access = (fsr & ARM_FSR_ACCESS_MASK) ? 711 + HW_BREAKPOINT_W : HW_BREAKPOINT_R; 712 + if (!(access & hw_breakpoint_type(wp))) 713 + goto unlock; 714 + } 737 715 738 716 /* We have a winner. */ 739 717 info->trigger = addr;
+7 -4
arch/arm/kernel/traps.c
··· 420 420 #endif 421 421 instr = *(u32 *) pc; 422 422 } else if (thumb_mode(regs)) { 423 - get_user(instr, (u16 __user *)pc); 423 + if (get_user(instr, (u16 __user *)pc)) 424 + goto die_sig; 424 425 if (is_wide_instruction(instr)) { 425 426 unsigned int instr2; 426 - get_user(instr2, (u16 __user *)pc+1); 427 + if (get_user(instr2, (u16 __user *)pc+1)) 428 + goto die_sig; 427 429 instr <<= 16; 428 430 instr |= instr2; 429 431 } 430 - } else { 431 - get_user(instr, (u32 __user *)pc); 432 + } else if (get_user(instr, (u32 __user *)pc)) { 433 + goto die_sig; 432 434 } 433 435 434 436 if (call_undef_hook(regs, instr) == 0) 435 437 return; 436 438 439 + die_sig: 437 440 #ifdef CONFIG_DEBUG_USER 438 441 if (user_debug & UDBG_UNDEFINED) { 439 442 printk(KERN_INFO "%s (%d): undefined instruction: pc=%p\n",
+1
arch/arm/lib/delay.c
··· 59 59 { 60 60 pr_info("Switching to timer-based delay loop\n"); 61 61 lpj_fine = freq / HZ; 62 + loops_per_jiffy = lpj_fine; 62 63 arm_delay_ops.delay = __timer_delay; 63 64 arm_delay_ops.const_udelay = __timer_const_udelay; 64 65 arm_delay_ops.udelay = __timer_udelay;
+15 -8
arch/arm/lib/getuser.S
··· 16 16 * __get_user_X 17 17 * 18 18 * Inputs: r0 contains the address 19 + * r1 contains the address limit, which must be preserved 19 20 * Outputs: r0 is the error code 20 - * r2, r3 contains the zero-extended value 21 + * r2 contains the zero-extended value 21 22 * lr corrupted 22 23 * 23 24 * No other registers must be altered. (see <asm/uaccess.h> ··· 28 27 * Note also that it is intended that __get_user_bad is not global. 29 28 */ 30 29 #include <linux/linkage.h> 30 + #include <asm/assembler.h> 31 31 #include <asm/errno.h> 32 32 #include <asm/domain.h> 33 33 34 34 ENTRY(__get_user_1) 35 + check_uaccess r0, 1, r1, r2, __get_user_bad 35 36 1: TUSER(ldrb) r2, [r0] 36 37 mov r0, #0 37 38 mov pc, lr 38 39 ENDPROC(__get_user_1) 39 40 40 41 ENTRY(__get_user_2) 41 - #ifdef CONFIG_THUMB2_KERNEL 42 - 2: TUSER(ldrb) r2, [r0] 43 - 3: TUSER(ldrb) r3, [r0, #1] 42 + check_uaccess r0, 2, r1, r2, __get_user_bad 43 + #ifdef CONFIG_CPU_USE_DOMAINS 44 + rb .req ip 45 + 2: ldrbt r2, [r0], #1 46 + 3: ldrbt rb, [r0], #0 44 47 #else 45 - 2: TUSER(ldrb) r2, [r0], #1 46 - 3: TUSER(ldrb) r3, [r0] 48 + rb .req r0 49 + 2: ldrb r2, [r0] 50 + 3: ldrb rb, [r0, #1] 47 51 #endif 48 52 #ifndef __ARMEB__ 49 - orr r2, r2, r3, lsl #8 53 + orr r2, r2, rb, lsl #8 50 54 #else 51 - orr r2, r3, r2, lsl #8 55 + orr r2, rb, r2, lsl #8 52 56 #endif 53 57 mov r0, #0 54 58 mov pc, lr 55 59 ENDPROC(__get_user_2) 56 60 57 61 ENTRY(__get_user_4) 62 + check_uaccess r0, 4, r1, r2, __get_user_bad 58 63 4: TUSER(ldr) r2, [r0] 59 64 mov r0, #0 60 65 mov pc, lr
+6
arch/arm/lib/putuser.S
··· 16 16 * __put_user_X 17 17 * 18 18 * Inputs: r0 contains the address 19 + * r1 contains the address limit, which must be preserved 19 20 * r2, r3 contains the value 20 21 * Outputs: r0 is the error code 21 22 * lr corrupted ··· 28 27 * Note also that it is intended that __put_user_bad is not global. 29 28 */ 30 29 #include <linux/linkage.h> 30 + #include <asm/assembler.h> 31 31 #include <asm/errno.h> 32 32 #include <asm/domain.h> 33 33 34 34 ENTRY(__put_user_1) 35 + check_uaccess r0, 1, r1, ip, __put_user_bad 35 36 1: TUSER(strb) r2, [r0] 36 37 mov r0, #0 37 38 mov pc, lr 38 39 ENDPROC(__put_user_1) 39 40 40 41 ENTRY(__put_user_2) 42 + check_uaccess r0, 2, r1, ip, __put_user_bad 41 43 mov ip, r2, lsr #8 42 44 #ifdef CONFIG_THUMB2_KERNEL 43 45 #ifndef __ARMEB__ ··· 64 60 ENDPROC(__put_user_2) 65 61 66 62 ENTRY(__put_user_4) 63 + check_uaccess r0, 4, r1, ip, __put_user_bad 67 64 4: TUSER(str) r2, [r0] 68 65 mov r0, #0 69 66 mov pc, lr 70 67 ENDPROC(__put_user_4) 71 68 72 69 ENTRY(__put_user_8) 70 + check_uaccess r0, 8, r1, ip, __put_user_bad 73 71 #ifdef CONFIG_THUMB2_KERNEL 74 72 5: TUSER(str) r2, [r0] 75 73 6: TUSER(str) r3, [r0, #4]
+4 -3
arch/arm/mm/context.c
··· 63 63 pid = task_pid_nr(thread->task) << ASID_BITS; 64 64 asm volatile( 65 65 " mrc p15, 0, %0, c13, c0, 1\n" 66 - " bfi %1, %0, #0, %2\n" 67 - " mcr p15, 0, %1, c13, c0, 1\n" 66 + " and %0, %0, %2\n" 67 + " orr %0, %0, %1\n" 68 + " mcr p15, 0, %0, c13, c0, 1\n" 68 69 : "=r" (contextidr), "+r" (pid) 69 - : "I" (ASID_BITS)); 70 + : "I" (~ASID_MASK)); 70 71 isb(); 71 72 72 73 return NOTIFY_OK;
+3
arch/arm/mm/mm.h
··· 55 55 /* permanent static mappings from iotable_init() */ 56 56 #define VM_ARM_STATIC_MAPPING 0x40000000 57 57 58 + /* empty mapping */ 59 + #define VM_ARM_EMPTY_MAPPING 0x20000000 60 + 58 61 /* mapping type (attributes) for permanent static mappings */ 59 62 #define VM_ARM_MTYPE(mt) ((mt) << 20) 60 63 #define VM_ARM_MTYPE_MASK (0x1f << 20)
+4 -4
arch/arm/mm/mmu.c
··· 807 807 vm = early_alloc_aligned(sizeof(*vm), __alignof__(*vm)); 808 808 vm->addr = (void *)addr; 809 809 vm->size = SECTION_SIZE; 810 - vm->flags = VM_IOREMAP | VM_ARM_STATIC_MAPPING; 810 + vm->flags = VM_IOREMAP | VM_ARM_EMPTY_MAPPING; 811 811 vm->caller = pmd_empty_section_gap; 812 812 vm_area_add_early(vm); 813 813 } ··· 820 820 821 821 /* we're still single threaded hence no lock needed here */ 822 822 for (vm = vmlist; vm; vm = vm->next) { 823 - if (!(vm->flags & VM_ARM_STATIC_MAPPING)) 823 + if (!(vm->flags & (VM_ARM_STATIC_MAPPING | VM_ARM_EMPTY_MAPPING))) 824 824 continue; 825 825 addr = (unsigned long)vm->addr; 826 826 if (addr < next) ··· 961 961 * Check whether this memory bank would partially overlap 962 962 * the vmalloc area. 963 963 */ 964 - if (__va(bank->start + bank->size) > vmalloc_min || 965 - __va(bank->start + bank->size) < __va(bank->start)) { 964 + if (__va(bank->start + bank->size - 1) >= vmalloc_min || 965 + __va(bank->start + bank->size - 1) <= __va(bank->start)) { 966 966 unsigned long newsize = vmalloc_min - __va(bank->start); 967 967 printk(KERN_NOTICE "Truncating RAM at %.8llx-%.8llx " 968 968 "to -%.8llx (vmalloc region overlap).\n",