Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge tag 'mips-fixes_6.15_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux
Pull MIPS fixes from Thomas Bogendoerfer:
- Fix delayed timers
- Fix NULL pointer deref
- Fix wrong range check
* tag 'mips-fixes_6.15_1' of git://git.kernel.org/pub/scm/linux/kernel/git/mips/linux:
MIPS: Fix MAX_REG_OFFSET
MIPS: CPS: Fix potential NULL pointer dereferences in cps_prepare_cpus()
MIPS: rename rollback_handler with skipover_handler
MIPS: Move r4k_wait() to .cpuidle.text section
MIPS: Fix idle VS timer enqueue
+54
-46
+2
-3
arch/mips/include/asm/idle.h
+2
-3
arch/mips/include/asm/idle.h
···
6
6
#include <linux/linkage.h>
7
7
8
8
extern void (*cpu_wait)(void);
9
-
extern void r4k_wait(void);
10
-
extern asmlinkage void __r4k_wait(void);
9
+
extern asmlinkage void r4k_wait(void);
11
10
extern void r4k_wait_irqoff(void);
12
11
13
-
static inline int using_rollback_handler(void)
12
+
static inline int using_skipover_handler(void)
14
13
{
15
14
return cpu_wait == r4k_wait;
16
15
}
+2
-1
arch/mips/include/asm/ptrace.h
+2
-1
arch/mips/include/asm/ptrace.h
···
65
65
66
66
/* Query offset/name of register from its name/offset */
67
67
extern int regs_query_register_offset(const char *name);
68
-
#define MAX_REG_OFFSET (offsetof(struct pt_regs, __last))
68
+
#define MAX_REG_OFFSET \
69
+
(offsetof(struct pt_regs, __last) - sizeof(unsigned long))
69
70
70
71
/**
71
72
* regs_get_register() - get register value from its offset
+41
-30
arch/mips/kernel/genex.S
+41
-30
arch/mips/kernel/genex.S
···
104
104
105
105
__FINIT
106
106
107
-
.align 5 /* 32 byte rollback region */
108
-
LEAF(__r4k_wait)
109
-
.set push
110
-
.set noreorder
111
-
/* start of rollback region */
112
-
LONG_L t0, TI_FLAGS($28)
113
-
nop
114
-
andi t0, _TIF_NEED_RESCHED
115
-
bnez t0, 1f
116
-
nop
117
-
nop
118
-
nop
119
-
#ifdef CONFIG_CPU_MICROMIPS
120
-
nop
121
-
nop
122
-
nop
123
-
nop
124
-
#endif
107
+
.section .cpuidle.text,"ax"
108
+
/* Align to 32 bytes for the maximum idle interrupt region size. */
109
+
.align 5
110
+
LEAF(r4k_wait)
111
+
/* Keep the ISA bit clear for calculations on local labels here. */
112
+
0: .fill 0
113
+
/* Start of idle interrupt region. */
114
+
local_irq_enable
115
+
/*
116
+
* If an interrupt lands here, before going idle on the next
117
+
* instruction, we must *NOT* go idle since the interrupt could
118
+
* have set TIF_NEED_RESCHED or caused a timer to need resched.
119
+
* Fall through -- see skipover_handler below -- and have the
120
+
* idle loop take care of things.
121
+
*/
122
+
1: .fill 0
123
+
/* The R2 EI/EHB sequence takes 8 bytes, otherwise pad up. */
124
+
.if 1b - 0b > 32
125
+
.error "overlong idle interrupt region"
126
+
.elseif 1b - 0b > 8
127
+
.align 4
128
+
.endif
129
+
2: .fill 0
130
+
.equ r4k_wait_idle_size, 2b - 0b
131
+
/* End of idle interrupt region; size has to be a power of 2. */
125
132
.set MIPS_ISA_ARCH_LEVEL_RAW
133
+
r4k_wait_insn:
126
134
wait
127
-
/* end of rollback region (the region size must be power of two) */
128
-
1:
135
+
r4k_wait_exit:
136
+
.set mips0
137
+
local_irq_disable
129
138
jr ra
130
-
nop
131
-
.set pop
132
-
END(__r4k_wait)
139
+
END(r4k_wait)
140
+
.previous
133
141
134
-
.macro BUILD_ROLLBACK_PROLOGUE handler
135
-
FEXPORT(rollback_\handler)
142
+
.macro BUILD_SKIPOVER_PROLOGUE handler
143
+
FEXPORT(skipover_\handler)
136
144
.set push
137
145
.set noat
138
146
MFC0 k0, CP0_EPC
139
-
PTR_LA k1, __r4k_wait
140
-
ori k0, 0x1f /* 32 byte rollback region */
141
-
xori k0, 0x1f
147
+
/* Subtract/add 2 to let the ISA bit propagate through the mask. */
148
+
PTR_LA k1, r4k_wait_insn - 2
149
+
ori k0, r4k_wait_idle_size - 2
150
+
.set noreorder
142
151
bne k0, k1, \handler
152
+
PTR_ADDIU k0, r4k_wait_exit - r4k_wait_insn + 2
153
+
.set reorder
143
154
MTC0 k0, CP0_EPC
144
155
.set pop
145
156
.endm
146
157
147
158
.align 5
148
-
BUILD_ROLLBACK_PROLOGUE handle_int
159
+
BUILD_SKIPOVER_PROLOGUE handle_int
149
160
NESTED(handle_int, PT_SIZE, sp)
150
161
.cfi_signal_frame
151
162
#ifdef CONFIG_TRACE_IRQFLAGS
···
276
265
* This prototype is copied to ebase + n*IntCtl.VS and patched
277
266
* to invoke the handler
278
267
*/
279
-
BUILD_ROLLBACK_PROLOGUE except_vec_vi
268
+
BUILD_SKIPOVER_PROLOGUE except_vec_vi
280
269
NESTED(except_vec_vi, 0, sp)
281
270
SAVE_SOME docfi=1
282
271
SAVE_AT docfi=1
-7
arch/mips/kernel/idle.c
-7
arch/mips/kernel/idle.c
···
35
35
write_c0_conf(cfg | R30XX_CONF_HALT);
36
36
}
37
37
38
-
void __cpuidle r4k_wait(void)
39
-
{
40
-
raw_local_irq_enable();
41
-
__r4k_wait();
42
-
raw_local_irq_disable();
43
-
}
44
-
45
38
/*
46
39
* This variant is preferable as it allows testing need_resched and going to
47
40
* sleep depending on the outcome atomically. Unfortunately the "It is
+4
arch/mips/kernel/smp-cps.c
+4
arch/mips/kernel/smp-cps.c
···
332
332
mips_cps_cluster_bootcfg = kcalloc(nclusters,
333
333
sizeof(*mips_cps_cluster_bootcfg),
334
334
GFP_KERNEL);
335
+
if (!mips_cps_cluster_bootcfg)
336
+
goto err_out;
335
337
336
338
if (nclusters > 1)
337
339
mips_cm_update_property();
···
350
348
mips_cps_cluster_bootcfg[cl].core_power =
351
349
kcalloc(BITS_TO_LONGS(ncores), sizeof(unsigned long),
352
350
GFP_KERNEL);
351
+
if (!mips_cps_cluster_bootcfg[cl].core_power)
352
+
goto err_out;
353
353
354
354
/* Allocate VPE boot configuration structs */
355
355
for (c = 0; c < ncores; c++) {
+5
-5
arch/mips/kernel/traps.c
+5
-5
arch/mips/kernel/traps.c
···
77
77
#include "access-helper.h"
78
78
79
79
extern void check_wait(void);
80
-
extern asmlinkage void rollback_handle_int(void);
80
+
extern asmlinkage void skipover_handle_int(void);
81
81
extern asmlinkage void handle_int(void);
82
82
extern asmlinkage void handle_adel(void);
83
83
extern asmlinkage void handle_ades(void);
···
2066
2066
{
2067
2067
extern const u8 except_vec_vi[];
2068
2068
extern const u8 except_vec_vi_ori[], except_vec_vi_end[];
2069
-
extern const u8 rollback_except_vec_vi[];
2069
+
extern const u8 skipover_except_vec_vi[];
2070
2070
unsigned long handler;
2071
2071
unsigned long old_handler = vi_handlers[n];
2072
2072
int srssets = current_cpu_data.srsets;
···
2095
2095
change_c0_srsmap(0xf << n*4, 0 << n*4);
2096
2096
}
2097
2097
2098
-
vec_start = using_rollback_handler() ? rollback_except_vec_vi :
2098
+
vec_start = using_skipover_handler() ? skipover_except_vec_vi :
2099
2099
except_vec_vi;
2100
2100
#if defined(CONFIG_CPU_MICROMIPS) || defined(CONFIG_CPU_BIG_ENDIAN)
2101
2101
ori_offset = except_vec_vi_ori - vec_start + 2;
···
2426
2426
if (board_be_init)
2427
2427
board_be_init();
2428
2428
2429
-
set_except_vector(EXCCODE_INT, using_rollback_handler() ?
2430
-
rollback_handle_int : handle_int);
2429
+
set_except_vector(EXCCODE_INT, using_skipover_handler() ?
2430
+
skipover_handle_int : handle_int);
2431
2431
set_except_vector(EXCCODE_MOD, handle_tlbm);
2432
2432
set_except_vector(EXCCODE_TLBL, handle_tlbl);
2433
2433
set_except_vector(EXCCODE_TLBS, handle_tlbs);