Pull two small kvm fixes from Avi Kivity:
"A build fix for non-kvm archs and a transparent hugepage refcount
bugfix on hosts with 4M pages."
* git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: Export asm-generic/kvm_para.h
KVM: MMU: fix huge page adapted on non-PAE host
Pull s390 patches from Heiko Carstens:
"A couple of s390 patches for the 3.5 merge window. Just a collection
of bug fixes and cleanups."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/uaccess: fix access_ok compile warnings
s390/cmpxchg: select HAVE_CMPXCHG_LOCAL option
s390/cmpxchg: fix sign extension bugs
s390/cmpxchg: fix 1 and 2 byte memory accesses
s390/cmpxchg: fix compile warnings specific to s390
s390/cmpxchg: add missing memory barrier to cmpxchg64
s390/cpu: remove cpu "capabilities" sysfs attribute
s390/kernel: Fix smp_call_ipl_cpu() for offline CPUs
s390/kernel: Introduce memcpy_absolute() function
s390/headers: replace __s390x__ with CONFIG_64BIT where possible
s390/headers: remove #ifdef __KERNEL__ from not exported headers
s390/irq: split irq stats for cpu-measurement alert facilities
s390/kexec: Move early_pgm_check_handler() to text section
s390/kdump: Use real mode for PSW restart and kexec
s390/kdump: Account /sys/kernel/kexec_crash_size changes in OS info
s390/kernel: Remove OS info init function call and diag 308 for kdump
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iQEcBAABAgAGBQJPx039AAoJEDeqqVYsXL0Ml90H/06bB0sH5gpmJPOcMOcz2y5n
xZH4nHFGFfDUou/NFBkjBFAveBZDFy1WwsSwN44RZobmtkmqj9tfF90R0EoRsew6
kfRKJAn2iYA67WpM33v0ZpI+00VpNBt/sXP6OM08FebPu1aGriTnLm3qaOutyeC4
Q9dMHwhsMBjTcD52TlTlPBFHfOTvpB1FZmw//TwujPZ56upFw+dI1FkvzxdrG68a
ES7h8QBD8GXaM6OC8klCqq36iMjP2wJK3A+9MsERxkGLjfGEGMLC7jV3MgwvfjHY
i5w/EUheOU4SLicu7jBoC9mPHzhsWdl7OCP+E7V2CGXGysKSu4lH65ft1bMRIvg=
=ZAzL
-----END PGP SIGNATURE-----
Merge tag 'parisc-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/parisc-2.6
Pull misc parisc updates from James Bottomley:
"This is a couple of updates to complete our fixes and one to fix a
compile failure caused during the merge window. Additionally, we now
switch to the generic strncopy_from_user."
* tag 'parisc-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/parisc-2.6:
[PARISC] update parisc to use generic strncpy_from_user()
[PARISC] Fix parisc compile failure after smp: Add task_struct argument to __cpu_up()
[PARISC] fix TLB fault path on PA2.0 narrow systems
[PARISC] fix boot failure on 32-bit systems caused by branch stubs placed before .text
Pull additional x86 fixes from Peter Anvin.
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, amd, xen: Avoid NULL pointer paravirt references
x86, mtrr: Fix a type overflow in range_to_mtrr func
x86, realmode: Unbreak the ia64 build of drivers/acpi/sleep.c
x86/mm/pat: Improve scaling of pat_pagerange_is_ram()
x86: hpet: Fix copy-and-paste mistake in earlier change
x86/mce: Fix 32-bit build
x86/bitops: Move BIT_64() for a wider use
This branch contains a few development patches for Samsung and Versatile
Express that were submitted to arm-soc near the beginning of the merge
window. We picked them up with the agreement that they would need to
sit in linux-next for a while, and now they have.
There are also two fixes:
- One long-standing build breakage on ixp4xx due to missing gpiolib
dependencies.
- The other is for some gpio device tree changes needed on lpc32xx.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJPxq02AAoJEIwa5zzehBx3l3MP/2e/JPh9A2DgeUk0kohR+xaM
3oUUfcthCM67M9vIxYp35wcNIyMl4dC+KoFayOLhYis1u9i6kdLIiGJR0wuauhGq
u1tAJm39b4xd2eXvwLgX/EcxHEmjI7CQDBu23vghg5BeBznGROTHGNUAmICiDcd6
WLz+f6Bv+pptTjzVShTQNnHGFL4WK5ptfAcs0wp2aOLau0MMbvZZ3gI5B9QlYRxx
1D9r3ELK1civx1WQ+BfIRJf67Ld8Q3K7vboJQ/C07rp1UZxDoBP0ViZ5p1OOwfry
nMZ3cKGmnYyqkcfrzX8OEh4Y7Gd1pkAYSq0Q9pchUMDhmEK++u9tp4QmRt4NeiqE
iM7ZKfnKN64kdn25pGGw6B3BZB84o7024rFdPtR1IHp6XFGST62rNeTdlSqLcKwL
CBO7Guzz3WYdFbtm11P55VDb+WFdwPWxh4GPCaVKzEcO7+ubCzGRTZ+l5exa14ND
TdKORP8TmQeO2OvKRMrLC1xSMO/VkFm7t3FtDgkZyqbYf6O+nsOyM39zJwYC/2gQ
E7Jonboj4TA17EbppDVePAnJTVmQ03KVEK6loiZZXSpU/GOiIVEuD2RGpQdEQtW7
sx8TyWLroy48wijWOwgG+XGIc3A0p0MF+I5mgL0lIuJEGwOeokD4+HdoO/eAL4Kd
JRl19j9Bs63JMiXA/t/x
=IA3W
-----END PGP SIGNATURE-----
Merge tag 'devel-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull late-merged development and first fixes for arm-soc from Olof Johansson:
"This branch contains a few development patches for Samsung and
Versatile Express that were submitted to arm-soc near the beginning of
the merge window. We picked them up with the agreement that they
would need to sit in linux-next for a while, and now they have.
There are also two fixes:
- One long-standing build breakage on ixp4xx due to missing gpiolib
dependencies.
- The other is for some gpio device tree changes needed on lpc32xx."
* tag 'devel-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: LPC32xx: Adjust dts files to gpio dt binding
ixp4xx: fix compilation by adding gpiolib support
ARM: vexpress: Remove twice included header files
ARM: vexpress: Device Tree updates
ARM: EXYNOS: Support suspend and resume for EXYNOS5250
ARM: EXYNOS: Add Clock register list for save and restore
ARM: EXYNOS: Add PMU table for EXYNOS5250
ARM: EXYNOS: Rename of function for pm.c
ARM: EXYNOS: Remove GIC save & restore function
ARM: dts: Add node for interrupt combiner controller on EXYNOS5250
ARM: S3C24XX: add support for second irq set of S3C2416
ARM: S3C64XX: use timekeeping wrapper on cpuidle
ARM: S3C64XX: declare the states with the new api on cpuidle
ARM: S3C64XX: Hook up carrier class modules on Cragganmore
ARM: S3C64XX: Initial hookup for Bells module on Cragganmore
Pull Sparc updates from David S. Miller:
1) Remove the idiotic situation wherein Leon was a special case in all
of the TLB/cache handling code.
The worst side effect of this bogosity is that you couldn't build a
kernel with Leon support enabled (to get better build coverage), and
test boot it on a non-LEON cpu.
Leon is, in all core respects, programatically identical to the
32-bit SRMMU. Except that they put the TLB registers in a different
alternate address space location.
Through code patching (for fast paths) and run time checks, this
issue is now a thing of the past.
From Sam Ravnborg.
2) There was a mis-merge of arch/sparc/Kconfig for one of the
clockevents changes that went in, causing 32-bit sparc to start
failing to build.
I merged in your tree to get those clockevents changes (and added a
note to the merge commit) then added Stephen Rothwell's fix for the
merge error.
3) Software quad floating point emulation was not working properly on
more recent Niagara chips, because the way the situation is reported
by the cpu has changed.
Nobody noticed because gcc emits calls to software emulation
routines in glibc.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: (25 commits)
sparc: fix sparc64 build due to leon.h inclusion
sparc32: remove unused variable in head_32.S
sparc32,leon: fix leon bootup
sparc32: Export leon_dma_ops to modules.
sparc32: support leon + sun in dma_make_coherent()
sparc32,leon: always support leon in ioport
sparc32,leon: always include leon_pmc in build
sparc32: refactor cpu_idle()
sparc32: srmmu_probe now knows about leon too
sparc32: drop LEON hack for ASI_M_MMUREGS
sparc32: introduce run-time patching of srmmu access functions
sparc32: introduce support for run-time patching for all shared assembler code
sparc32,leon: fix section mismatch warning
sparc32,leon: always include leon_smp + leon_mm in build
sparc32,leon: always include leon_kernel in build
sparc32,leon: clean up leon.h
sparc32: handle leon in cpu.c
sparc32: handle leon in irq_32.c
sparc32: add support for run-time patching of leon/sun single instructions
sparc32: introduce sparc32_start_kernel called from head_32.S
...
The GPIO devicetree binding in 3.5 doesn't register the various LPC32xx GPIO
banks via DT subnodes but always all at once, and changes the gpio referencing
to 3 cells (bank, gpio, flags). This patch adjusts the DTS files to this
binding that was just accepted to the gpio subsystem.
Signed-off-by: Roland Stigge <stigge@antcom.de>
Signed-off-by: Olof Johansson <olof@lixom.net>
Stub out MSR methods that aren't actually needed. This fixes a crash
as Xen Dom0 on AMD Trinity systems. A bigger patch should be added to
remove the paravirt machinery completely for the methods which
apparently have no users!
Reported-by: Andre Przywara <andre.przywara@amd.com>
Link: http://lkml.kernel.org/r/20120530222356.GA28417@andromeda.dapyr.net
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: <stable@vger.kernel.org>
* late/soc:
ARM: vexpress: Remove twice included header files
ARM: vexpress: Device Tree updates
ARM: EXYNOS: Support suspend and resume for EXYNOS5250
ARM: EXYNOS: Add Clock register list for save and restore
ARM: EXYNOS: Add PMU table for EXYNOS5250
ARM: EXYNOS: Rename of function for pm.c
ARM: EXYNOS: Remove GIC save & restore function
ARM: dts: Add node for interrupt combiner controller on EXYNOS5250
ARM: S3C24XX: add support for second irq set of S3C2416
Use unsigned long for dealing with jiffies not int. Rename the
callback to something sensible. Use __this_cpu_read/write for
accessing per cpu data.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Borislav Petkov <borislav.petkov@amd.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
When boot on sun G5+ with 4T mem, see an overflow in mtrr cleanup as below.
*BAD*gran_size: 2G chunk_size: 2G num_reg: 10 lose cover RAM:
-18014398505283592M
This is because 1<<31 sign extended. Use an unsigned long constant to
fix it. Useful for mem larger than or equal to 4T.
-v2: Use 64bit constant instead of explicit type conversion as suggested
by Yinghai. Description updated too.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
Link: http://lkml.kernel.org/r/4FC5A77F.6060505@oracle.com
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Revert usage of acpi_wakeup_address and move definition
to x86 architecture code in order to make compilation work
in ia64.
[jsakkine: tested compilation in ia64/x86-64 and added
proper commit message]
Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Originally-by: H. Peter Anvin <hpa@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
Link: http://lkml.kernel.org/r/1338370421-27735-1-git-send-email-jarkko.sakkinen@intel.com
Cc: Tony Luck <tony.luck@intel.com>
Cc: Len Brown <lenb@kernel.org>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Function pat_pagerange_is_ram() scales poorly to large address
ranges, because it probes the resource tree for each page.
On a 2.6 GHz Opteron, this function consumes 34 ms for a 1 GB range.
It is called twice during untrack_pfn_vma(), slowing process
cleanup and handicapping the OOM killer.
This replacement consumes less than 1ms, under the same conditions.
Signed-off-by: John Dykstra <jdykstra@cray.com> on behalf of Cray Inc.
Acked-by: Suresh Siddha <suresh.b.siddha@intel.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Link: http://lkml.kernel.org/r/1337980366.1979.6.camel@redwood
[ Small stylistic cleanups and renames ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
On s390 access_ok is a macro which discards all parameters and always
returns 1. This can result in compile warnings which warn about unused
variables like this:
fs/read_write.c: In function 'rw_copy_check_uvector':
fs/read_write.c:684:16: warning: unused variable 'buf' [-Wunused-variable]
Fix this by adding a __range_ok() function which consumes all parameters
but still always returns 1.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Now that hopefully all cmpxchg/xchg bugs have been fixed select
HAVE_CMPXCHG_LOCAL option which uncovered a couple of bugs on s390.
The only call site which is affected seems to be within mm/vmstat.c.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
For 1 and 2 byte operands for xchg and cmpxchg the old and new values
get or'ed into the larger 4 byte old value before the compare and swap
instruction gets executed. This is done without using the proper byte
mask before or'ing the values.
If the caller passed in negative old or new values these got sign
extended by the caller. Which in turn means that either the old value
never matches, or, even worse, unrelated bytes would be changed in memory.
Luckily there don't seem to be any callers around yet, since that would
have resulted in the specification exception fixed in an earlies patch.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
When accessing a 1 or 2 byte memory operand we cannot use the
passed address since the compare and swap instruction only works
for 4 byte aligned memory operands.
Hence we calculate an aligned address so that compare and swap works
correctly. However we don't pass the calculated address to the inline
assembly. This results in incorrect memory accesses and in a
specification exception if used on non 4 byte aligned memory operands.
Since this didn't happen until now, there don't seem to be
too many users of cmpxchg on unaligned addresses.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The cmpxchg macros and functions are a bit different than on other
architectures. In particular the macros do not store the return
value of a __cmpxchg function call in a variable before returning the
value.
This causes compile warnings that only occur on s390 like this one:
net/ipv4/af_inet.c: In function 'build_ehash_secret':
net/ipv4/af_inet.c:241:2: warning: value computed is not used [-Wunused-value]
To get rid of these warnings use the same construct that we already use
for the xchg macro, which was introduced for the same reason.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
All cmpxchg functions imply a memory barrier.
cmpxch64 did not have one for 31 bit code, so add it.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
It has been a big mistage to add the capabilities attribute to the
cpus in sysfs:
First the attribute only contains the cpu capability of primary cpus,
which however is not necessarily (or better: unlikely) the type of
cpu the kernel runs on, which is typically an IFL.
In addition all information that is necessary is available in
/proc/sysinfo already. So this attribute partially duplicated
informations.
So programs should look into the sysinfo file to retrieve all
informations they are interested in.
Since with this kernel release also the powersavings cpu attributes
are removed this seems to be a good opportunity to remove another
broken interface.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
If the IPL CPU is offline, currently the pcpu_delegate() function
used by smp_call_ipl_cpu() does not work because pcpu_delegate()
modifies the lowcore of the target CPU. In case of an offline
IPL CPU currently the prefix register is zero but pcpu->lowcore
still points to the old prefix page. Therefore the lowcore changes
done by pcpu_delegate() have no effect.
With this fix pcpu_delegate() now uses memcpy_absolute() and therefore
also prepares the absolute zero lowcore if the target CPU has prefix
register zero.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
This patch introduces the new function memcpy_absolute() that allows to
copy memory using absolute addressing. This means that the prefix swap
does not apply when this function is used.
With this patch also all s390 kernel code that accesses absolute zero
now uses the new memcpy_absolute() function. The old and less generic
copy_to_absolute_zero() function is removed.
Signed-off-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Pull x86 trampoline rework from H. Peter Anvin:
"This code reworks all the "trampoline"/"realmode" code (various bits
that need to live in the first megabyte of memory, most but not all of
which runs in real mode at some point) in the kernel into a single
object. The main reason for doing this is that it eliminates the last
place in the kernel where we needed pages to be mapped RWX. This code
separates all that code into proper R/RW/RX pages."
Fix up conflicts in arch/x86/kernel/Makefile (mca removed next to reboot
code), and arch/x86/kernel/reboot.c (reboot code moved around in one
branch, modified in this one), and arch/x86/tools/relocs.c (mostly same
code came in earlier due to working around the ld bugs just before the
3.4 release).
Also remove stale x86-relocs entry from scripts/.gitignore as per Peter
Anvin.
* commit '61f5446169046c217a5479517edac3a890c3bee7': (36 commits)
x86, realmode: Move end signature into header.S
x86, relocs: When printing an error, say relative or absolute
x86, relocs: More relocations which may end up as absolute
x86, relocs: Workaround for binutils 2.22.52.0.1 section bug
xen-acpi-processor: Add missing #include <xen/xen.h>
acpi, bgrd: Add missing <linux/io.h> to drivers/acpi/bgrt.c
x86, realmode: Change EFER to a single u64 field
x86, realmode: Move kernel/realmode.c to realmode/init.c
x86, realmode: Move not-common bits out of trampoline_common.S
x86, realmode: Mask out EFER.LMA when saving trampoline EFER
x86, realmode: Fix no cache bits test in reboot_32.S
x86, realmode: Make sure all generated files are listed in targets
x86, realmode: build fix: remove duplicate build
x86, realmode: read cr4 and EFER from kernel for 64-bit trampoline
x86, realmode: fixes compilation issue in tboot.c
x86, realmode: move relocs from scripts/ to arch/x86/tools
x86, realmode: header for trampoline code
x86, realmode: flattened rm hierachy
x86, realmode: don't copy real_mode_header
x86, realmode: fix 64-bit wakeup sequence
...
Pull MIPS updates from Ralf Baechle:
"The whole series has been sitting in -next for quite a while with no
complaints. The last change to the series was before the weekend the
removal of an SPI patch which Grant - even though previously acked by
himself - appeared to raise objections. So I removed it until the
situation is clarified. Other than that all the patches have the acks
from their respective maintainers, all MIPS and x86 defconfigs are
building fine and I'm not aware of any problems introduced by this
series.
Among the key features for this patch series is a sizable patchset for
Lantiq which among other things introduces support for Lantiq's
flagship product, the FALCON SOC. It also means that the opensource
developers behind this patchset have overtaken Lantiq's competing
inhouse development team that was working behind closed doors.
Less noteworthy the ath79 patchset which adds support for a few more
chip variants, cleanups and fixes. Finally the usual dose of tweaking
of generic code."
Fix up trivial conflicts in arch/mips/lantiq/xway/gpio_{ebu,stp}.c where
printk spelling fixes clashed with file move and eventual removal of the
printk.
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (81 commits)
MIPS: lantiq: remove orphaned code
MIPS: Remove all -Wall and almost all -Werror usage from arch/mips.
MIPS: lantiq: implement support for FALCON soc
MTD: MIPS: lantiq: verify that the NOR interface is available on falcon soc
MTD: MIPS: lantiq: implement OF support
watchdog: MIPS: lantiq: implement OF support and minor fixes
SERIAL: MIPS: lantiq: implement OF support
GPIO: MIPS: lantiq: convert gpio-stp-xway to OF
GPIO: MIPS: lantiq: convert gpio-mm-lantiq to OF and of_mm_gpio
GPIO: MIPS: lantiq: move gpio-stp and gpio-ebu to the subsystem folder
MIPS: pci: convert lantiq driver to OF
MIPS: lantiq: convert dma to platform driver
MIPS: lantiq: implement support for clkdev api
MIPS: lantiq: drop ltq_gpio_request() and gpio_to_irq()
OF: MIPS: lantiq: implement irq_domain support
OF: MIPS: lantiq: implement OF support
MIPS: lantiq: drop mips_machine support
OF: PCI: const usage needed by MIPS
MIPS: Cavium: Remove smp_reserve_lock.
MIPS: Move cache setup to setup_arch().
...
Pull arm updates from Russell King:
"This contains both some fixes found when trying to get the
Assabet+neponset setup as a replacement firewall with a 3c589 PCMCIA
card, and a bunch of changes from Al to fix up the ARM signal
handling, particularly some of the restart behaviour."
* 'for-linus' of git://git.linaro.org/people/rmk/linux-arm:
ARM: neponset: make sure neponset_ncr_frob() is exported
ARM: fix out[bwl]()
arm: don't open-code ptrace_report_syscall()
arm: bury unused _TIF_RESTORE_SIGMASK
arm: remove unused restart trampoline
arm: new way of handling ERESTART_RESTARTBLOCK
arm: if we get into work_pending while returning to kernel mode, just go away
arm: don't call try_to_freeze() from do_signal()
arm: if there's no handler we need to restore sigmask, syscall or no syscall
arm: trim _TIF_WORK_MASK, get rid of useless test and branch...
arm: missing checks of __get_user()/__put_user() return values
In order to keep consistency with other rtc drivers,rename CONFIG_RTC_MXC
to CONFIG_RTC_DRV_MXC.
Signed-off-by: Fabio Estevam <fabio.estevam@freescale.com>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Cc: Alessandro Zummo <a.zummo@towertech.it>
[akpm@linux-foundation.org: fix missed arch/arm/configs/imx_v6_v7_defconfig]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When holding the mmap_sem for reading, pmd_offset_map_lock should only
run on a pmd_t that has been read atomically from the pmdp pointer,
otherwise we may read only half of it leading to this crash.
PID: 11679 TASK: f06e8000 CPU: 3 COMMAND: "do_race_2_panic"
#0 [f06a9dd8] crash_kexec at c049b5ec
#1 [f06a9e2c] oops_end at c083d1c2
#2 [f06a9e40] no_context at c0433ded
#3 [f06a9e64] bad_area_nosemaphore at c043401a
#4 [f06a9e6c] __do_page_fault at c0434493
#5 [f06a9eec] do_page_fault at c083eb45
#6 [f06a9f04] error_code (via page_fault) at c083c5d5
EAX: 01fb470c EBX: fff35000 ECX: 00000003 EDX: 00000100 EBP:
00000000
DS: 007b ESI: 9e201000 ES: 007b EDI: 01fb4700 GS: 00e0
CS: 0060 EIP: c083bc14 ERR: ffffffff EFLAGS: 00010246
#7 [f06a9f38] _spin_lock at c083bc14
#8 [f06a9f44] sys_mincore at c0507b7d
#9 [f06a9fb0] system_call at c083becd
start len
EAX: ffffffda EBX: 9e200000 ECX: 00001000 EDX: 6228537f
DS: 007b ESI: 00000000 ES: 007b EDI: 003d0f00
SS: 007b ESP: 62285354 EBP: 62285388 GS: 0033
CS: 0073 EIP: 00291416 ERR: 000000da EFLAGS: 00000286
This should be a longstanding bug affecting x86 32bit PAE without THP.
Only archs with 64bit large pmd_t and 32bit unsigned long should be
affected.
With THP enabled the barrier() in pmd_none_or_trans_huge_or_clear_bad()
would partly hide the bug when the pmd transition from none to stable,
by forcing a re-read of the *pmd in pmd_offset_map_lock, but when THP is
enabled a new set of problem arises by the fact could then transition
freely in any of the none, pmd_trans_huge or pmd_trans_stable states.
So making the barrier in pmd_none_or_trans_huge_or_clear_bad()
unconditional isn't good idea and it would be a flakey solution.
This should be fully fixed by introducing a pmd_read_atomic that reads
the pmd in order with THP disabled, or by reading the pmd atomically
with cmpxchg8b with THP enabled.
Luckily this new race condition only triggers in the places that must
already be covered by pmd_none_or_trans_huge_or_clear_bad() so the fix
is localized there but this bug is not related to THP.
NOTE: this can trigger on x86 32bit systems with PAE enabled with more
than 4G of ram, otherwise the high part of the pmd will never risk to be
truncated because it would be zero at all times, in turn so hiding the
SMP race.
This bug was discovered and fully debugged by Ulrich, quote:
----
[..]
pmd_none_or_trans_huge_or_clear_bad() loads the content of edx and
eax.
496 static inline int pmd_none_or_trans_huge_or_clear_bad(pmd_t
*pmd)
497 {
498 /* depend on compiler for an atomic pmd read */
499 pmd_t pmdval = *pmd;
// edi = pmd pointer
0xc0507a74 <sys_mincore+548>: mov 0x8(%esp),%edi
...
// edx = PTE page table high address
0xc0507a84 <sys_mincore+564>: mov 0x4(%edi),%edx
...
// eax = PTE page table low address
0xc0507a8e <sys_mincore+574>: mov (%edi),%eax
[..]
Please note that the PMD is not read atomically. These are two "mov"
instructions where the high order bits of the PMD entry are fetched
first. Hence, the above machine code is prone to the following race.
- The PMD entry {high|low} is 0x0000000000000000.
The "mov" at 0xc0507a84 loads 0x00000000 into edx.
- A page fault (on another CPU) sneaks in between the two "mov"
instructions and instantiates the PMD.
- The PMD entry {high|low} is now 0x00000003fda38067.
The "mov" at 0xc0507a8e loads 0xfda38067 into eax.
----
Reported-by: Ulrich Obergfell <uobergfe@redhat.com>
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mel Gorman <mgorman@suse.de>
Cc: Hugh Dickins <hughd@google.com>
Cc: Larry Woodman <lwoodman@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Stephen Rothwell <sfr@canb.auug.org.au> reported following error:
In file included from arch/sparc/kernel/prom_common.c:26:0:
arch/sparc/include/asm/leon.h:221:9: error: unknown type name 'irq_flow_handler_t'
arch/sparc/include/asm/leon.h:224:10: error: unknown type name 'irq_flow_handler_t'
Fix this by:
1) Avoid including leon.h in prom_commen.h (not needed)
2) Include irq.h in leon.h to avoid the missing symbol error
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
head_32.S failed to set cputypval for leon, causing boot to fail.
The boot failed because we failed to recognize this was a LEON
cpu so we did not preoperly run-time patch the the kernel.
This resulted in an early crash.
Reported-by: Daniel Hellstrom <daniel@gaisler.com>
Tested-by: Daniel Hellstrom <daniel@gaisler.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Konrad Eisele <konrad@gaisler.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJPw2QKAAoJEIqAPN1PVmxKfv8P/2L5d38tc3+9wYuGI1l+k7Mz
xQt2PdAx/kHQGTjLE1DSoeOD6dn4aodFbPaTcsLsU9Eo4IiJnT68b8adr/bqYHKU
Cod6NSPJMaBxLBJZxXsA7nY69Z6O5SMjXxEQsiDc24gaP0jjwaeY35KJSfMug8nF
DA6rvEpchkF8QXzBmkO2t2/uPYr1YWqDZQkauLDnLRG01JnGXFz5ajv9N5pYhiFt
QyYtheg8yEnfwnQ6AlmRtGK75jZRVmrj0kOzRjE9UL7ZwtzswWJes+RE3tlgk89m
JQ7KASRmmqLpvcVJ9fG9SlGX//yBO6OEp5Km06RTxgmt0XftBDVqBTjk1EG2tfMR
SR0NIz6gJ0twKAe6U0d+5HMYalOU45H5ha9e3vCqZ8vl9JfmM95RS+TmWbGcRIqj
04Y5x3I4zq6e9D0u+211BeuRfzkQiefwWJmdPpn0oac3u5LeYbRj/aQ85fqwJWzG
f99D9VU5xgfFHPAtL3SLFiwgd9yOiMBar6eeIva+okDyOW3KaEUzs8Y4dgDyvYcg
IU//JGK51vLVmI5kXtGCwYkgRLF/Y7WKZ8TwypT+SY6iv6tPQVvApOZljq7RC9GI
mXx2z2slA90jlg3TlEFZfxr1WqbZ3TCbonU1riLeMEtkiXUpLtmKC8gbhOqfGvvn
Nzgt+YqRJXafZdELb/S+
=Rh0r
-----END PGP SIGNATURE-----
Merge tag 'mfd-3.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6
Pull MFD changes from Samuel Ortiz:
"Besides the usual cleanups, this one brings:
* Support for 5 new chipsets: Intel's ICH LPC and SCH Centerton,
ST-E's STAX211, Samsung's MAX77693 and TI's LM3533.
* Device tree support for the twl6040, tps65910, da9502 and ab8500
drivers.
* Fairly big tps56910, ab8500 and db8500 updates.
* i2c support for mc13xxx.
* Our regular update for the wm8xxx driver from Mark."
Fix up various conflicts with other trees, largely due to ab5500 removal
etc.
* tag 'mfd-3.5-1' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6: (106 commits)
mfd: Fix build break of max77693 by adding REGMAP_I2C option
mfd: Fix twl6040 build failure
mfd: Fix max77693 build failure
mfd: ab8500-core should depend on MFD_DB8500_PRCMU
gpio: tps65910: dt: process gpio specific device node info
mfd: Remove the parsing of dt info for tps65910 gpio
mfd: Save device node parsed platform data for tps65910 sub devices
mfd: Add r_select to lm3533 platform data
gpio: Add Intel Centerton support to gpio-sch
mfd: Emulate active low IRQs as well as active high IRQs for wm831x
mfd: Mark two lm3533 zone registers as volatile
mfd: Fix return type of lm533 attribute is_visible
mfd: Enable Device Tree support in the ab8500-pwm driver
mfd: Enable Device Tree support in the ab8500-sysctrl driver
mfd: Add support for Device Tree to twl6040
mfd: Register the twl6040 child for the ASoC codec unconditionally
mfd: Allocate twl6040 IRQ numbers dynamically
mfd: twl6040 code cleanup in interrupt initialization part
mfd: Enable ab8500-gpadc driver for Device Tree
mfd: Prevent unassigned pointer from being used in ab8500-gpadc driver
...
Pull kbuild updates from Michal Marek.
Fixed up nontrivial merge conflict in Makefile as per Stephen Rothwell
and linux-next (and trivial arch/sparc/Makefile changes due to removed
sparc32 logic).
* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
mips: Fix KBUILD_CPPFLAGS definition
kbuild: fix ia64 link
kbuild: document KBUILD_LDS, KBUILD_VMLINUX_{INIT,MAIN} and LDFLAGS_vmlinux
kbuild: link of vmlinux moved to a script
kbuild: refactor final link of sparc32
kbuild: drop unused KBUILD_VMLINUX_OBJS from top-level Makefile
kbuild: Makefile: remove unnecessary check for m68knommu ARCH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABAgAGBQJPw2J/AAoJECvKgwp+S8Ja5jkP/3uMxkhf8XQpXCI3O1QVfaQr
uZFfM8sINqIPDVm1dtFjFj7f8Bw9mhE2KAnnJ1rKT8tQwqq9yAse1QPlhCG1ZqoP
+AnMDDXHtx7WmQZXhBvS9b+unpZ7Jr6r6pO5XrmTL2kRL3YJPUhZ2+xbTT5belTB
KoAu4WqORZRxfXoC76S7U8K+D4NcAGhAOxCClsIjmY+oocCiCag4FZOyzYIFViqc
ghUN/+rLQ3fqGGv2yO7Ylx1gUM7sxIwkZQ/h962jFAtxz9czImr2NmRoMliOaOkS
tvcnIf+E3u0n/zIjzFvzhxKgHJPP8PkcPMk60d3jKmFngBkqFTzNUeVTP8md7HrV
4DlXisWr+z7YVyWUCFaNcJLmjiWSwQ8DV/clRLobeBf9EJKan5F1PjFgl6PLJM5F
Qr1+LHMNaetdulBwMRTyveZTzYqw9RmDnD9dWMo4mX/kTpvtC4jTPVV7hkRD+Qlv
5vTRR+VXL3Q50yClLf0AQMSKTnH2gBuepM/b+7cShLGfsMln8DtUjmbigv+niL63
BibcCIbIlP2uWGnl37VhsC34AT+RKt3lggrBOpn/7XJMq/wKR7IRP/7V9TfYgaUN
NBa+wtnLDa1pZEn/X7izdcQP62PzDtmB+ObvYT0Yb40A4+2ud3qF/lB53c1A1ewF
/9c4zxxekjHZnn2oooEa
=oLXf
-----END PGP SIGNATURE-----
Merge tag 'writeback' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/linux
Pull writeback tree from Wu Fengguang:
"Mainly from Jan Kara to avoid iput() in the flusher threads."
* tag 'writeback' of git://git.kernel.org/pub/scm/linux/kernel/git/wfg/linux:
writeback: Avoid iput() from flusher thread
vfs: Rename end_writeback() to clear_inode()
vfs: Move waiting for inode writeback from end_writeback() to evict_inode()
writeback: Refactor writeback_single_inode()
writeback: Remove wb->list_lock from writeback_single_inode()
writeback: Separate inode requeueing after writeback
writeback: Move I_DIRTY_PAGES handling
writeback: Move requeueing when I_SYNC set to writeback_sb_inodes()
writeback: Move clearing of I_SYNC into inode_sync_complete()
writeback: initialize global_dirty_limit
fs: remove 8 bytes of padding from struct writeback_control on 64 bit builds
mm: page-writeback.c: local functions should not be exposed globally
Pull microblaze changes from Michal Simek.
* 'next' of git://git.monstr.eu/linux-2.6-microblaze:
microblaze: Setup correct pointer to TLS area
microblaze: Add TLS support to sys_clone
microblaze: ftrace: Pass the first calling instruction for dynamic ftrace
microblaze: Port OOM changes to do_page_fault
microblaze: Do not select GENERIC_GPIO by default
The huge page size is 4M on non-PAE host, but 2M page size is used in
transparent_hugepage_adjust(), so the page we get after adjust the
mapping level is not the head page, the BUG_ON() will be triggered
Signed-off-by: Xiao Guangrong <xiaoguangrong@linux.vnet.ibm.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
No need for two implementations - we check the cpu model.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Daniel Hellstrom <daniel@gaisler.com>
Cc: Konrad Eisele <konrad@gaisler.com>
Unconditially define pci32_dma_ops as this is used
for leon.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Daniel Hellstrom <daniel@gaisler.com>
Cc: Konrad Eisele <konrad@gaisler.com>