Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
"A set of x86 fixes and functional updates:
- Prevent stale huge I/O TLB mappings on 32bit. A long standing bug
which got exposed by KPTI support for 32bit
- Prevent bogus access_ok() warnings in arch_stack_walk_user()
- Add display quirks for Lenovo devices which have height and width
swapped
- Add the missing CR2 fixup for 32 bit async pagefaults. Fallout of
the CR2 bug fix series.
- Unbreak handling of force enabled HPET by moving the 'is HPET
counting' check back to the original place.
- A more accurate check for running on a hypervisor platform in the
MDS mitigation code. Not perfect, but more accurate than the
previous one.
- Update a stale and confusing comment vs. IRQ stacks"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/hpet: Undo the early counter is counting check
x86/entry/32: Pass cr2 to do_async_page_fault()
x86/irq/64: Update stale comment
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/stacktrace: Prevent access_ok() warnings in arch_stack_walk_user()
mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
x86/mm: Sync also unmappings in vmalloc_sync_all()
x86/mm: Check for pfn instead of page in vmalloc_sync_one()
+84
-23
+9
-4
arch/x86/entry/entry_32.S
+9
-4
arch/x86/entry/entry_32.S
···
1443
1443
1444
1444
ENTRY(page_fault)
1445
1445
ASM_CLAC
1446
-
pushl $0; /* %gs's slot on the stack */
1446
+
pushl $do_page_fault
1447
+
jmp common_exception_read_cr2
1448
+
END(page_fault)
1447
1449
1450
+
common_exception_read_cr2:
1451
+
/* the function address is in %gs's slot on the stack */
1448
1452
SAVE_ALL switch_stacks=1 skip_gs=1
1449
1453
1450
1454
ENCODE_FRAME_POINTER
···
1456
1452
1457
1453
/* fixup %gs */
1458
1454
GS_TO_REG %ecx
1455
+
movl PT_GS(%esp), %edi
1459
1456
REG_TO_PTGS %ecx
1460
1457
SET_KERNEL_GS %ecx
1461
1458
···
1468
1463
1469
1464
TRACE_IRQS_OFF
1470
1465
movl %esp, %eax # pt_regs pointer
1471
-
call do_page_fault
1466
+
CALL_NOSPEC %edi
1472
1467
jmp ret_from_exception
1473
-
END(page_fault)
1468
+
END(common_exception_read_cr2)
1474
1469
1475
1470
common_exception:
1476
1471
/* the function address is in %gs's slot on the stack */
···
1600
1595
ENTRY(async_page_fault)
1601
1596
ASM_CLAC
1602
1597
pushl $do_async_page_fault
1603
-
jmp common_exception
1598
+
jmp common_exception_read_cr2
1604
1599
END(async_page_fault)
1605
1600
#endif
1606
1601
+1
-1
arch/x86/kernel/cpu/bugs.c
+1
-1
arch/x86/kernel/cpu/bugs.c
+4
-4
arch/x86/kernel/head_64.S
+4
-4
arch/x86/kernel/head_64.S
···
193
193
194
194
/* Set up %gs.
195
195
*
196
-
* The base of %gs always points to the bottom of the irqstack
197
-
* union. If the stack protector canary is enabled, it is
198
-
* located at %gs:40. Note that, on SMP, the boot cpu uses
199
-
* init data section till per cpu areas are set up.
196
+
* The base of %gs always points to fixed_percpu_data. If the
197
+
* stack protector canary is enabled, it is located at %gs:40.
198
+
* Note that, on SMP, the boot cpu uses init data section until
199
+
* the per cpu areas are set up.
200
200
*/
201
201
movl $MSR_GS_BASE,%ecx
202
202
movl initial_gs(%rip),%eax
+8
-4
arch/x86/kernel/hpet.c
+8
-4
arch/x86/kernel/hpet.c
···
827
827
if (!hpet_cfg_working())
828
828
goto out_nohpet;
829
829
830
-
/* Validate that the counter is counting */
831
-
if (!hpet_counting())
832
-
goto out_nohpet;
833
-
834
830
/*
835
831
* Read the period and check for a sane value:
836
832
*/
···
891
895
pr_warn("Channel #%u config: Unknown bits %#x\n", i, cfg);
892
896
}
893
897
hpet_print_config();
898
+
899
+
/*
900
+
* Validate that the counter is counting. This needs to be done
901
+
* after sanitizing the config registers to properly deal with
902
+
* force enabled HPETs.
903
+
*/
904
+
if (!hpet_counting())
905
+
goto out_nohpet;
894
906
895
907
clocksource_register_hz(&clocksource_hpet, (u32)hpet_freq);
896
908
+1
-1
arch/x86/kernel/stacktrace.c
+1
-1
arch/x86/kernel/stacktrace.c
+46
arch/x86/kernel/sysfb_efi.c
+46
arch/x86/kernel/sysfb_efi.c
···
230
230
{},
231
231
};
232
232
233
+
/*
234
+
* Some devices have a portrait LCD but advertise a landscape resolution (and
235
+
* pitch). We simply swap width and height for these devices so that we can
236
+
* correctly deal with some of them coming with multiple resolutions.
237
+
*/
238
+
static const struct dmi_system_id efifb_dmi_swap_width_height[] __initconst = {
239
+
{
240
+
/*
241
+
* Lenovo MIIX310-10ICR, only some batches have the troublesome
242
+
* 800x1280 portrait screen. Luckily the portrait version has
243
+
* its own BIOS version, so we match on that.
244
+
*/
245
+
.matches = {
246
+
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "LENOVO"),
247
+
DMI_EXACT_MATCH(DMI_PRODUCT_VERSION, "MIIX 310-10ICR"),
248
+
DMI_EXACT_MATCH(DMI_BIOS_VERSION, "1HCN44WW"),
249
+
},
250
+
},
251
+
{
252
+
/* Lenovo MIIX 320-10ICR with 800x1280 portrait screen */
253
+
.matches = {
254
+
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "LENOVO"),
255
+
DMI_EXACT_MATCH(DMI_PRODUCT_VERSION,
256
+
"Lenovo MIIX 320-10ICR"),
257
+
},
258
+
},
259
+
{
260
+
/* Lenovo D330 with 800x1280 or 1200x1920 portrait screen */
261
+
.matches = {
262
+
DMI_EXACT_MATCH(DMI_SYS_VENDOR, "LENOVO"),
263
+
DMI_EXACT_MATCH(DMI_PRODUCT_VERSION,
264
+
"Lenovo ideapad D330-10IGM"),
265
+
},
266
+
},
267
+
{},
268
+
};
269
+
233
270
__init void sysfb_apply_efi_quirks(void)
234
271
{
235
272
if (screen_info.orig_video_isVGA != VIDEO_TYPE_EFI ||
236
273
!(screen_info.capabilities & VIDEO_CAPABILITY_SKIP_QUIRKS))
237
274
dmi_check_system(efifb_dmi_system_table);
275
+
276
+
if (screen_info.orig_video_isVGA == VIDEO_TYPE_EFI &&
277
+
dmi_check_system(efifb_dmi_swap_width_height)) {
278
+
u16 temp = screen_info.lfb_width;
279
+
280
+
screen_info.lfb_width = screen_info.lfb_height;
281
+
screen_info.lfb_height = temp;
282
+
screen_info.lfb_linelength = 4 * screen_info.lfb_width;
283
+
}
238
284
}
+6
-9
arch/x86/mm/fault.c
+6
-9
arch/x86/mm/fault.c
···
177
177
178
178
pmd = pmd_offset(pud, address);
179
179
pmd_k = pmd_offset(pud_k, address);
180
+
181
+
if (pmd_present(*pmd) != pmd_present(*pmd_k))
182
+
set_pmd(pmd, *pmd_k);
183
+
180
184
if (!pmd_present(*pmd_k))
181
185
return NULL;
182
-
183
-
if (!pmd_present(*pmd))
184
-
set_pmd(pmd, *pmd_k);
185
186
else
186
-
BUG_ON(pmd_page(*pmd) != pmd_page(*pmd_k));
187
+
BUG_ON(pmd_pfn(*pmd) != pmd_pfn(*pmd_k));
187
188
188
189
return pmd_k;
189
190
}
···
204
203
spin_lock(&pgd_lock);
205
204
list_for_each_entry(page, &pgd_list, lru) {
206
205
spinlock_t *pgt_lock;
207
-
pmd_t *ret;
208
206
209
207
/* the pgt_lock only for Xen */
210
208
pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
211
209
212
210
spin_lock(pgt_lock);
213
-
ret = vmalloc_sync_one(page_address(page), address);
211
+
vmalloc_sync_one(page_address(page), address);
214
212
spin_unlock(pgt_lock);
215
-
216
-
if (!ret)
217
-
break;
218
213
}
219
214
spin_unlock(&pgd_lock);
220
215
}
+9
mm/vmalloc.c
+9
mm/vmalloc.c
···
1259
1259
return false;
1260
1260
1261
1261
/*
1262
+
* First make sure the mappings are removed from all page-tables
1263
+
* before they are freed.
1264
+
*/
1265
+
vmalloc_sync_all();
1266
+
1267
+
/*
1262
1268
* TODO: to calculate a flush range without looping.
1263
1269
* The list can be up to lazy_max_pages() elements.
1264
1270
*/
···
3044
3038
/*
3045
3039
* Implement a stub for vmalloc_sync_all() if the architecture chose not to
3046
3040
* have one.
3041
+
*
3042
+
* The purpose of this function is to make sure the vmalloc area
3043
+
* mappings are identical in all page-tables in the system.
3047
3044
*/
3048
3045
void __weak vmalloc_sync_all(void)
3049
3046
{