linux-toradex.git/arch/arm/kernel/process.c, branch v4.4.93 Linux kernel for Apalis and Colibri modules ARM: report proper DACR value in oops dumps 2015-12-04T19:20:48+00:00 Russell King rmk+kernel@arm.linux.org.uk 2015-12-03T14:34:45+00:00 77f1b959b0b6db7a7941b4b4f9d3d287c67d7c15 When printing the DACR value, we print the domain register value. This is incorrect, as with SW_PAN enabled, that is the current setting, rather than the faulting context's setting. Arrange to print the faulting domain's saved DACR value instead. Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
When printing the DACR value, we print the domain register value.
This is incorrect, as with SW_PAN enabled, that is the current setting,
rather than the faulting context's setting.  Arrange to print the
faulting domain's saved DACR value instead.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm 2015-09-14T19:24:10+00:00 Linus Torvalds torvalds@linux-foundation.org 2015-09-14T19:24:10+00:00 57e6bbcb4beb4c87aa93e78a1db08fdaab9ee65f Pull ARM fixes from Russell King: "A number of fixes for the merge window, fixing a number of cases missed when testing the uaccess code, particularly cases which only show up with certain compiler versions" * 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm: ARM: 8431/1: fix alignement of __bug_table section entries arm/xen: Enable user access to the kernel before issuing a privcmd call ARM: domains: add memory dependencies to get_domain/set_domain ARM: domains: thread_info.h no longer needs asm/domains.h ARM: uaccess: fix undefined instruction on ARMv7M/noMMU ARM: uaccess: remove unneeded uaccess_save_and_disable macro ARM: swpan: fix nwfpe for uaccess changes ARM: 8429/1: disable GCC SRA optimization 
Pull ARM fixes from Russell King:
 "A number of fixes for the merge window, fixing a number of cases
  missed when testing the uaccess code, particularly cases which only
  show up with certain compiler versions"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: 8431/1: fix alignement of __bug_table section entries
  arm/xen: Enable user access to the kernel before issuing a privcmd call
  ARM: domains: add memory dependencies to get_domain/set_domain
  ARM: domains: thread_info.h no longer needs asm/domains.h
  ARM: uaccess: fix undefined instruction on ARMv7M/noMMU
  ARM: uaccess: remove unneeded uaccess_save_and_disable macro
  ARM: swpan: fix nwfpe for uaccess changes
  ARM: 8429/1: disable GCC SRA optimization
ARM: uaccess: fix undefined instruction on ARMv7M/noMMU 2015-09-09T22:26:44+00:00 Russell King rmk+kernel@arm.linux.org.uk 2015-09-09T20:19:49+00:00 af4cb25df93d2e7a97d65db2bfacaa4400988dea The use of get_domain() in copy_thread() results in an oops on ARMv7M/noMMU systems. The thread cpu_domain value is only used when CONFIG_CPU_USE_DOMAINS is enabled, so there's no need to save the value in copy_thread() except when this is enabled, and this option will never be enabled on these platforms. Unhandled exception: IPSR = 00000006 LR = fffffff1 CPU: 0 PID: 0 Comm: swapper Not tainted 4.2.0-next-20150909-00001-gb8ec5ad #41 Hardware name: NXP LPC18xx/43xx (Device Tree) task: 2823fbe0 ti: 2823c000 task.ti: 2823c000 PC is at copy_thread+0x18/0x92 LR is at copy_thread+0x19/0x92 pc : [<2800a46e>] lr : [<2800a46f>] psr: 4100000b sp : 2823df00 ip : 00000000 fp : 287c81c0 r10: 00000000 r9 : 00800300 r8 : 287c8000 r7 : 287c8000 r6 : 2818908d r5 : 00000000 r4 : 287ca000 r3 : 00000000 r2 : 00000000 r1 : fffffff0 r0 : 287ca048 xPSR: 4100000b Reported-by: Ariel D'Alessandro <ariel@vanguardiasur.com.ar> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> 
The use of get_domain() in copy_thread() results in an oops on
ARMv7M/noMMU systems.  The thread cpu_domain value is only used when
CONFIG_CPU_USE_DOMAINS is enabled, so there's no need to save the
value in copy_thread() except when this is enabled, and this option
will never be enabled on these platforms.

Unhandled exception: IPSR = 00000006 LR = fffffff1
CPU: 0 PID: 0 Comm: swapper Not tainted 4.2.0-next-20150909-00001-gb8ec5ad #41
Hardware name: NXP LPC18xx/43xx (Device Tree)
task: 2823fbe0 ti: 2823c000 task.ti: 2823c000
PC is at copy_thread+0x18/0x92
LR is at copy_thread+0x19/0x92
pc : [<2800a46e>]    lr : [<2800a46f>]    psr: 4100000b
sp : 2823df00  ip : 00000000  fp : 287c81c0
r10: 00000000  r9 : 00800300  r8 : 287c8000
r7 : 287c8000  r6 : 2818908d  r5 : 00000000  r4 : 287ca000
r3 : 00000000  r2 : 00000000  r1 : fffffff0  r0 : 287ca048
xPSR: 4100000b

Reported-by: Ariel D'Alessandro <ariel@vanguardiasur.com.ar>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Merge branches 'cleanup', 'fixes', 'misc', 'omap-barrier' and 'uaccess' into for-linus 2015-09-03T14:28:37+00:00 Russell King rmk+kernel@arm.linux.org.uk 2015-09-03T14:28:37+00:00 40d3f02851577da27b5cbb1538888301245ef1e7 






ARM: software-based priviledged-no-access support
2015-08-26T19:34:24+00:00

Russell King
rmk+kernel@arm.linux.org.uk

2015-08-19T19:40:41+00:00

a5e090acbf545c0a3b04080f8a488b17ec41fe02

Provide a software-based implementation of the priviledged no access
support found in ARMv8.1.

Userspace pages are mapped using a different domain number from the
kernel and IO mappings.  If we switch the user domain to "no access"
when we enter the kernel, we can prevent the kernel from touching
userspace.

However, the kernel needs to be able to access userspace via the
various user accessor functions.  With the wrapping in the previous
patch, we can temporarily enable access when the kernel needs user
access, and re-disable it afterwards.

This allows us to trap non-intended accesses to userspace, eg, caused
by an inadvertent dereference of the LIST_POISON* values, which, with
appropriate user mappings setup, can be made to succeed.  This in turn
can allow use-after-free bugs to be further exploited than would
otherwise be possible.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>





Provide a software-based implementation of the priviledged no access
support found in ARMv8.1.

Userspace pages are mapped using a different domain number from the
kernel and IO mappings.  If we switch the user domain to "no access"
when we enter the kernel, we can prevent the kernel from touching
userspace.

However, the kernel needs to be able to access userspace via the
various user accessor functions.  With the wrapping in the previous
patch, we can temporarily enable access when the kernel needs user
access, and re-disable it afterwards.

This allows us to trap non-intended accesses to userspace, eg, caused
by an inadvertent dereference of the LIST_POISON* values, which, with
appropriate user mappings setup, can be made to succeed.  This in turn
can allow use-after-free bugs to be further exploited than would
otherwise be possible.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>







ARM: 8421/1: smp: Collapse arch_cpu_idle_dead() into cpu_die()
2015-08-25T17:19:19+00:00

Stephen Boyd
sboyd@codeaurora.org

2015-08-24T20:49:30+00:00

9205b797dbe519a629267ec8c5766cd973d35063

The only caller of cpu_die() on ARM is arch_cpu_idle_dead(), so
let's simplify the code by renaming cpu_die() to
arch_cpu_idle_dead(). While were here, drop the __ref annotation
because __cpuinit is gone nowadays.

Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>





The only caller of cpu_die() on ARM is arch_cpu_idle_dead(), so
let's simplify the code by renaming cpu_die() to
arch_cpu_idle_dead(). While were here, drop the __ref annotation
because __cpuinit is gone nowadays.

Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>







ARM: domains: switch to keeping domain value in register
2015-08-21T12:55:49+00:00

Russell King
rmk+kernel@arm.linux.org.uk

2015-08-19T20:23:48+00:00

1eef5d2f1b461c120bcd82077edee5ec706ac53b

Rather than modifying both the domain access control register and our
per-thread copy, modify only the domain access control register, and
use the per-thread copy to save and restore the register over context
switches.  We can also avoid the explicit initialisation of the
init thread_info structure.

This allows us to avoid needing to gain access to the thread information
at the uaccess control sites.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>





Rather than modifying both the domain access control register and our
per-thread copy, modify only the domain access control register, and
use the per-thread copy to save and restore the register over context
switches.  We can also avoid the explicit initialisation of the
init thread_info structure.

This allows us to avoid needing to gain access to the thread information
at the uaccess control sites.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>







Merge branches 'misc', 'vdso' and 'fixes' into for-next
2015-04-14T21:28:25+00:00

Russell King
rmk+kernel@arm.linux.org.uk

2015-04-14T21:28:25+00:00

c848791f0336914a3081ea3fe029cf177d81de81

Conflicts:
	arch/arm/mm/proc-macros.S





Conflicts:
	arch/arm/mm/proc-macros.S







ARM: move reboot code to arch/arm/kernel/reboot.c
2015-04-02T08:50:45+00:00

Russell King
rmk+kernel@arm.linux.org.uk

2015-04-01T16:02:45+00:00

045ab94e10ee17038066d71abc8fdce719ab56f9

Move shutdown and reboot related code to a separate file, out of
process.c.  This helps to avoid polluting process.c with non-process
related code.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>





Move shutdown and reboot related code to a separate file, out of
process.c.  This helps to avoid polluting process.c with non-process
related code.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>







ARM: fix broken hibernation
2015-04-02T08:50:10+00:00

Russell King
rmk+kernel@arm.linux.org.uk

2015-04-01T15:20:39+00:00

767bf7e7a1e82a81c59778348d156993d0a6175d

Normally, when a CPU wants to clear a cache line to zero in the external
L2 cache, it would generate bus cycles to write each word as it would do
with any other data access.

However, a Cortex A9 connected to a L2C-310 has a specific feature where
the CPU can detect this operation, and signal that it wants to zero an
entire cache line.  This feature, known as Full Line of Zeros (FLZ),
involves a non-standard AXI signalling mechanism which only the L2C-310
can properly interpret.

There are separate enable bits in both the L2C-310 and the Cortex A9 -
the L2C-310 needs to be enabled and have the FLZ enable bit set in the
auxiliary control register before the Cortex A9 has this feature
enabled.

Unfortunately, the suspend code was not respecting this - it's not
obvious from the code:

swsusp_arch_suspend()
 cpu_suspend() /* saves the Cortex A9 auxiliary control register */
  arch_save_image()
  soft_restart() /* turns off FLZ in Cortex A9, and disables L2C */
   cpu_resume() /* restores the Cortex A9 registers, inc auxcr */

At this point, we end up with the L2C disabled, but the Cortex A9 with
FLZ enabled - which means any memset() or zeroing of a full cache line
will fail to take effect.

A similar issue exists in the resume path, but it's slightly more
complex:

swsusp_arch_suspend()
 cpu_suspend() /* saves the Cortex A9 auxiliary control register */
  arch_save_image() /* image with A9 auxcr saved */
...
swsusp_arch_resume()
 call_with_stack()
  arch_restore_image() /* restores image with A9 auxcr saved above */
  soft_restart() /* turns off FLZ in Cortex A9, and disables L2C */
   cpu_resume() /* restores the Cortex A9 registers, inc auxcr */

Again, here we end up with the L2C disabled, but Cortex A9 FLZ enabled.

There's no need to turn off the L2C in either of these two paths; there
are benefits from not doing so - for example, the page copies will be
faster with the L2C enabled.

Hence, fix this by providing a variant of soft_restart() which can be
used without turning the L2 cache controller off, and use it in both
of these paths to keep the L2C enabled across the respective resume
transitions.

Fixes: 8ef418c7178f ("ARM: l2c: trial at enabling some Cortex-A9 optimisations")
Reported-by: Sean Cross <xobs@kosagi.com>
Tested-by: Sean Cross <xobs@kosagi.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>





Normally, when a CPU wants to clear a cache line to zero in the external
L2 cache, it would generate bus cycles to write each word as it would do
with any other data access.

However, a Cortex A9 connected to a L2C-310 has a specific feature where
the CPU can detect this operation, and signal that it wants to zero an
entire cache line.  This feature, known as Full Line of Zeros (FLZ),
involves a non-standard AXI signalling mechanism which only the L2C-310
can properly interpret.

There are separate enable bits in both the L2C-310 and the Cortex A9 -
the L2C-310 needs to be enabled and have the FLZ enable bit set in the
auxiliary control register before the Cortex A9 has this feature
enabled.

Unfortunately, the suspend code was not respecting this - it's not
obvious from the code:

swsusp_arch_suspend()
 cpu_suspend() /* saves the Cortex A9 auxiliary control register */
  arch_save_image()
  soft_restart() /* turns off FLZ in Cortex A9, and disables L2C */
   cpu_resume() /* restores the Cortex A9 registers, inc auxcr */

At this point, we end up with the L2C disabled, but the Cortex A9 with
FLZ enabled - which means any memset() or zeroing of a full cache line
will fail to take effect.

A similar issue exists in the resume path, but it's slightly more
complex:

swsusp_arch_suspend()
 cpu_suspend() /* saves the Cortex A9 auxiliary control register */
  arch_save_image() /* image with A9 auxcr saved */
...
swsusp_arch_resume()
 call_with_stack()
  arch_restore_image() /* restores image with A9 auxcr saved above */
  soft_restart() /* turns off FLZ in Cortex A9, and disables L2C */
   cpu_resume() /* restores the Cortex A9 registers, inc auxcr */

Again, here we end up with the L2C disabled, but Cortex A9 FLZ enabled.

There's no need to turn off the L2C in either of these two paths; there
are benefits from not doing so - for example, the page copies will be
faster with the L2C enabled.

Hence, fix this by providing a variant of soft_restart() which can be
used without turning the L2 cache controller off, and use it in both
of these paths to keep the L2C enabled across the respective resume
transitions.

Fixes: 8ef418c7178f ("ARM: l2c: trial at enabling some Cortex-A9 optimisations")
Reported-by: Sean Cross <xobs@kosagi.com>
Tested-by: Sean Cross <xobs@kosagi.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>