February 2018 - Linux-stable-mirror

FAILED: patch "[PATCH] powerpc/64s/radix: Boot-time NULL pointer protection using a" failed to apply to 4.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. thanks, greg k-h ------------------ original commit in Linus's tree ------------------ >From eeb715c3e995fbdda0cc05e61216c6c5609bce66 Mon Sep 17 00:00:00 2001 From: Nicholas Piggin <npiggin(a)gmail.com> Date: Wed, 7 Feb 2018 11:20:02 +1000 Subject: [PATCH] powerpc/64s/radix: Boot-time NULL pointer protection using a guard-PID This change restores and formalises the behaviour that access to NULL or other user addresses by the kernel during boot should fault rather than succeed and modify memory. This was inadvertently broken when fixing another bug, because it was previously not well defined and only worked by chance. powerpc/64s/radix uses high address bits to select an address space "quadrant", which determines which PID and LPID are used to translate the rest of the address (effective PID, effective LPID). The kernel mapping at 0xC... selects quadrant 3, which uses PID=0 and LPID=0. So the kernel page tables are installed in the PID 0 process table entry. An address at 0x0... selects quadrant 0, which uses PID=PIDR for translating the rest of the address (that is, it uses the value of the PIDR register as the effective PID). If PIDR=0, then the translation is performed with the PID 0 process table entry page tables. This is the kernel mapping, so we effectively get another copy of the kernel address space at 0. A NULL pointer access will access physical memory address 0. To prevent duplicating the kernel address space in quadrant 0, this patch allocates a guard PID containing no translations, and initializes PIDR with this during boot, before the MMU is switched on. Any kernel access to quadrant 0 will use this guard PID for translation and find no valid mappings, and therefore fault. After boot, this PID will be switchd away to user context PIDs, but those contain user mappings (and usually NULL pointer protection) rather than kernel mapping, which is much safer (and by design). It may be in future this is tightened further, which the guard PID could be used for. Commit 371b8044 ("powerpc/64s: Initialize ISAv3 MMU registers before setting partition table"), introduced this problem because it zeroes PIDR at boot. However previously the value was inherited from firmware or kexec, which is not robust and can be zero (e.g., mambo). Fixes: 371b80447ff3 ("powerpc/64s: Initialize ISAv3 MMU registers before setting partition table") Cc: stable(a)vger.kernel.org # v4.15+ Reported-by: Florian Weimer <fweimer(a)redhat.com> Tested-by: Mauricio Faria de Oliveira <mauricfo(a)linux.vnet.ibm.com> Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> diff --git a/arch/powerpc/mm/pgtable-radix.c b/arch/powerpc/mm/pgtable-radix.c index 573a9a2ee455..96e07d1f673d 100644 --- a/arch/powerpc/mm/pgtable-radix.c +++ b/arch/powerpc/mm/pgtable-radix.c @@ -20,6 +20,7 @@ #include <asm/pgtable.h> #include <asm/pgalloc.h> +#include <asm/mmu_context.h> #include <asm/dma.h> #include <asm/machdep.h> #include <asm/mmu.h> @@ -333,6 +334,22 @@ static void __init radix_init_pgtable(void) "r" (TLBIEL_INVAL_SET_LPID), "r" (0)); asm volatile("eieio; tlbsync; ptesync" : : : "memory"); trace_tlbie(0, 0, TLBIEL_INVAL_SET_LPID, 0, 2, 1, 1); + + /* + * The init_mm context is given the first available (non-zero) PID, + * which is the "guard PID" and contains no page table. PIDR should + * never be set to zero because that duplicates the kernel address + * space at the 0x0... offset (quadrant 0)! + * + * An arbitrary PID that may later be allocated by the PID allocator + * for userspace processes must not be used either, because that + * would cause stale user mappings for that PID on CPUs outside of + * the TLB invalidation scheme (because it won't be in mm_cpumask). + * + * So permanently carve out one PID for the purpose of a guard PID. + */ + init_mm.context.id = mmu_base_pid; + mmu_base_pid++; } static void __init radix_init_partition_table(void) @@ -579,7 +596,8 @@ void __init radix__early_init_mmu(void) radix_init_iamr(); radix_init_pgtable(); - + /* Switch to the guard PID before turning on MMU */ + radix__switch_mmu_context(NULL, &init_mm); if (cpu_has_feature(CPU_FTR_HVMODE)) tlbiel_all(); } @@ -604,6 +622,7 @@ void radix__early_init_mmu_secondary(void) } radix_init_iamr(); + radix__switch_mmu_context(NULL, &init_mm); if (cpu_has_feature(CPU_FTR_HVMODE)) tlbiel_all(); }

6 years, 1 month

4
3
0 0

[PATCH 4/7] ext4: eliminate sleep from shutdown ioctl

by Theodore Ts'o

The msleep() when processing EXT4_GOING_FLAGS_NOLOGFLUSH was a hack to avoid some races (that are now fixed), but in fact it introduced its own race. Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/ext4/ioctl.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 4d1b1575f8ac..16d3d1325f5b 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -498,10 +498,8 @@ static int ext4_shutdown(struct super_block *sb, unsigned long arg) break; case EXT4_GOING_FLAGS_NOLOGFLUSH: set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); - if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { - msleep(100); + if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) jbd2_journal_abort(sbi->s_journal, 0); - } break; default: return -EINVAL; -- 2.16.1.72.g5be1f00a9a

6 years, 1 month

2
1
0 0

[PATCH 6/7] jbd2: if the journal is aborted then don't allow update of the log tail

by Theodore Ts'o

This updates the jbd2 superblock unnecessarily, and on an abort we shouldn't truncate the log. Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Cc: stable(a)vger.kernel.org --- fs/jbd2/journal.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c index efa0c72a0b9f..dfb057900e79 100644 --- a/fs/jbd2/journal.c +++ b/fs/jbd2/journal.c @@ -974,7 +974,7 @@ int __jbd2_update_log_tail(journal_t *journal, tid_t tid, unsigned long block) } /* - * This is a variaon of __jbd2_update_log_tail which checks for validity of + * This is a variation of __jbd2_update_log_tail which checks for validity of * provided log tail and locks j_checkpoint_mutex. So it is safe against races * with other threads updating log tail. */ @@ -1417,6 +1417,9 @@ int jbd2_journal_update_sb_log_tail(journal_t *journal, tid_t tail_tid, journal_superblock_t *sb = journal->j_superblock; int ret; + if (is_journal_aborted(journal)) + return -EIO; + BUG_ON(!mutex_is_locked(&journal->j_checkpoint_mutex)); jbd_debug(1, "JBD2: updating superblock (start %lu, seq %u)\n", tail_block, tail_tid); -- 2.16.1.72.g5be1f00a9a

6 years, 1 month

2
1
0 0

[RESEND][PATCH] cpuidle/powernv : Restore different PSSCR for idle and hotplug

by Akshay Adiga

commit 1e1601b38e6e ("powerpc/powernv/idle: Restore SPRs for deep idle states via stop API.") uses stop-api provided by the firmware to restore PSSCR. PSSCR restore is required for handling special wakeup. When special wakeup is completed, the core enters stop state based on restored PSSCR. Currently PSSCR is restored to deepest available stop state, causing a idle cpu to enter deeper stop state on a special wakeup, which causes the cpu to hang on wakeup. A "sensors" command which reads temperature (through DTS sensors) on idle cpu can trigger special wakeup. Failed Scenario : Request restore of PSSCR with RL = 11 cpu enters idle state (stop5) user triggers "sensors" command Assert special wakeup on cpu Restores PSSCR with RL = 11 <---- Done by firmware Read DTS sensor Deassert special wakeup cpu enters idle state (stop11) <-- Instead of stop5 Cpu hang is caused because cpu ended up in a deeper state than it requested This patch fixes instability caused by special wakeup when stop11 is enabled. Requests restore of PSSCR to deepest stop state used by cpuidle. Only when offlining cpu, request restore of PSSCR to deepest stop state. On onlining cpu, request restore of PSSCR to deepest stop state used by cpuidle. Cc: <stable(a)vger.kernel.org> # v4.14+ Fixes : 1e1601b38e6e ("powerpc/powernv/idle: Restore SPRs for deep idle states via stop API.") Reported-by: Pridhiviraj Paidipeddi <ppaidipe(a)linux.vnet.ibm.com> Signed-off-by: Akshay Adiga <akshay.adiga(a)linux.vnet.ibm.com> --- arch/powerpc/include/asm/cpuidle.h | 2 ++ arch/powerpc/platforms/powernv/idle.c | 46 ++++++++++++++++++++++++++++++++--- drivers/cpuidle/cpuidle-powernv.c | 1 - 3 files changed, 45 insertions(+), 4 deletions(-) diff --git a/arch/powerpc/include/asm/cpuidle.h b/arch/powerpc/include/asm/cpuidle.h index e210a83..f52e9f1 100644 --- a/arch/powerpc/include/asm/cpuidle.h +++ b/arch/powerpc/include/asm/cpuidle.h @@ -67,6 +67,8 @@ #define ERR_EC_ESL_MISMATCH -1 #define ERR_DEEP_STATE_ESL_MISMATCH -2 +#define POWERNV_THRESHOLD_LATENCY_NS 200000 + #ifndef __ASSEMBLY__ /* Additional SPRs that need to be saved/restored during stop */ struct stop_sprs { diff --git a/arch/powerpc/platforms/powernv/idle.c b/arch/powerpc/platforms/powernv/idle.c index 443d5ca..4b0c7d24 100644 --- a/arch/powerpc/platforms/powernv/idle.c +++ b/arch/powerpc/platforms/powernv/idle.c @@ -56,8 +56,11 @@ u64 pnv_first_deep_stop_state = MAX_STOP_STATE; */ static u64 pnv_deepest_stop_psscr_val; static u64 pnv_deepest_stop_psscr_mask; +static u64 pnv_deepest_cpuidle_psscr_val; +static u64 pnv_deepest_cpuidle_psscr_mask; static u64 pnv_deepest_stop_flag; static bool deepest_stop_found; +static bool deepest_cpuidle_found; static int pnv_save_sprs_for_deep_states(void) { @@ -76,7 +79,14 @@ static int pnv_save_sprs_for_deep_states(void) uint64_t hid5_val = mfspr(SPRN_HID5); uint64_t hmeer_val = mfspr(SPRN_HMEER); uint64_t msr_val = MSR_IDLE; - uint64_t psscr_val = pnv_deepest_stop_psscr_val; + + /* + * Pick deepest cpuidle psscr as the value to be + * restored through wakeup engine. + * We will request a deeper state to be restored + * in hotplug path + */ + uint64_t psscr_val = pnv_deepest_cpuidle_psscr_val; for_each_possible_cpu(cpu) { uint64_t pir = get_hard_smp_processor_id(cpu); @@ -409,7 +419,7 @@ static void pnv_program_cpu_hotplug_lpcr(unsigned int cpu, u64 lpcr_val) */ unsigned long pnv_cpu_offline(unsigned int cpu) { - unsigned long srr1; + u64 srr1; u32 idle_states = pnv_get_supported_cpuidle_states(); u64 lpcr_val; @@ -429,12 +439,18 @@ unsigned long pnv_cpu_offline(unsigned int cpu) __ppc64_runlatch_off(); if (cpu_has_feature(CPU_FTR_ARCH_300) && deepest_stop_found) { - unsigned long psscr; + u64 psscr; + u64 pir = get_hard_smp_processor_id(cpu); psscr = mfspr(SPRN_PSSCR); psscr = (psscr & ~pnv_deepest_stop_psscr_mask) | pnv_deepest_stop_psscr_val; + if (pnv_deepest_stop_psscr_val != pnv_deepest_cpuidle_psscr_val) + opal_slw_set_reg(pir, P9_STOP_SPR_PSSCR, psscr); srr1 = power9_idle_stop(psscr); + psscr = (psscr & ~pnv_deepest_cpuidle_psscr_mask) | + pnv_deepest_cpuidle_psscr_val; + opal_slw_set_reg(pir, P9_STOP_SPR_PSSCR, psscr); } else if ((idle_states & OPAL_PM_WINKLE_ENABLED) && (idle_states & OPAL_PM_LOSE_FULL_CONTEXT)) { @@ -555,6 +571,7 @@ static int __init pnv_power9_idle_init(struct device_node *np, u32 *flags, u64 *psscr_val = NULL; u64 *psscr_mask = NULL; u32 *residency_ns = NULL; + u32 *latency_ns = NULL; u64 max_residency_ns = 0; int rc = 0, i; @@ -562,6 +579,8 @@ static int __init pnv_power9_idle_init(struct device_node *np, u32 *flags, psscr_mask = kcalloc(dt_idle_states, sizeof(*psscr_mask), GFP_KERNEL); residency_ns = kcalloc(dt_idle_states, sizeof(*residency_ns), GFP_KERNEL); + latency_ns = kcalloc(dt_idle_states, sizeof(*latency_ns), + GFP_KERNEL); if (!psscr_val || !psscr_mask || !residency_ns) { rc = -1; @@ -591,6 +610,13 @@ static int __init pnv_power9_idle_init(struct device_node *np, u32 *flags, rc = -1; goto out; } + if (of_property_read_u32_array(np, + "ibm,cpu-idle-state-latencies-ns", + latency_ns, dt_idle_states)) { + pr_warn("cpuidle-powernv: missing ibm,cpu-idle-state-latency-ns in DT\n"); + rc = -1; + goto out; + } /* * Set pnv_first_deep_stop_state, pnv_deepest_stop_psscr_{val,mask}, @@ -621,6 +647,12 @@ static int __init pnv_power9_idle_init(struct device_node *np, u32 *flags, continue; } + if (latency_ns[i] <= POWERNV_THRESHOLD_LATENCY_NS) { + pnv_deepest_cpuidle_psscr_val = psscr_val[i]; + pnv_deepest_cpuidle_psscr_mask = psscr_mask[i]; + deepest_cpuidle_found = true; + } + if (max_residency_ns < residency_ns[i]) { max_residency_ns = residency_ns[i]; pnv_deepest_stop_psscr_val = psscr_val[i]; @@ -653,6 +685,14 @@ static int __init pnv_power9_idle_init(struct device_node *np, u32 *flags, pnv_deepest_stop_psscr_mask); } + if (unlikely(!deepest_cpuidle_found)) { + pr_warn("cpuidle-powernv: No suitable deepest CPU-idle state found"); + } else { + pr_info("cpuidle-powernv: Deepest cpuidle: psscr = 0x%016llx,mask=0x%016llx\n", + pnv_deepest_cpuidle_psscr_val, + pnv_deepest_cpuidle_psscr_mask); + } + pr_info("cpuidle-powernv: Requested Level (RL) value of first deep stop = 0x%llx\n", pnv_first_deep_stop_state); out: diff --git a/drivers/cpuidle/cpuidle-powernv.c b/drivers/cpuidle/cpuidle-powernv.c index 1a8234e..620765d 100644 --- a/drivers/cpuidle/cpuidle-powernv.c +++ b/drivers/cpuidle/cpuidle-powernv.c @@ -26,7 +26,6 @@ * Expose only those Hardware idle states via the cpuidle framework * that have latency value below POWERNV_THRESHOLD_LATENCY_NS. */ -#define POWERNV_THRESHOLD_LATENCY_NS 200000 static struct cpuidle_driver powernv_idle_driver = { .name = "powernv_idle", -- 2.5.5

6 years, 1 month

3
2
0 0

[PATCH 1/5] tpm: Trigger only missing TPM 2.0 self tests

by Jarkko Sakkinen

From: Alexander Steffen <Alexander.Steffen(a)infineon.com> My Nuvoton 6xx in a Dell XPS-13 has been intermittently failing to work (necessitating a reboot). The problem seems to be that the TPM gets into a state where the partial self-test doesn't return TPM_RC_SUCCESS (meaning all tests have run to completion), but instead returns TPM_RC_TESTING (meaning some tests are still running in the background). There are various theories that resending the self-test command actually causes the tests to restart and thus triggers more TPM_RC_TESTING returns until the timeout is exceeded. There are several issues here: firstly being we shouldn't slow down the boot sequence waiting for the self test to complete once the TPM backgrounds them. It will actually make available all functions that have passed and if it gets a failure return TPM_RC_FAILURE to every subsequent command. So the fix is to kick off self tests once and if they return TPM_RC_TESTING log that as a backgrounded self test and continue on. In order to prevent other tpm users from seeing any TPM_RC_TESTING returns (which it might if they send a command that needs a TPM subsystem which is still under test), we loop in tpm_transmit_cmd until either a timeout or we don't get a TPM_RC_TESTING return. Finally, there have been observations of strange returns from a partial test. One Nuvoton is occasionally returning TPM_RC_COMMAND_CODE, so treat any unexpected return from a partial self test as an indication we need to run a full self test. Fixes: 2482b1bba5122 ("tpm: Trigger only missing TPM 2.0 self tests") Cc: stable(a)vger.kernel.org Signed-off-by: Alexander Steffen <Alexander.Steffen(a)infineon.com> Signed-off-by: James Bottomley <James.Bottomley(a)HansenPartnership.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkine(a)linux.intel.com> --- drivers/char/tpm/tpm-interface.c | 20 ++++++++++++--- drivers/char/tpm/tpm.h | 1 + drivers/char/tpm/tpm2-cmd.c | 54 ++++++++++++---------------------------- 3 files changed, 33 insertions(+), 42 deletions(-) diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c index 9e80a953d693..1adb976a2e37 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -537,14 +537,26 @@ ssize_t tpm_transmit_cmd(struct tpm_chip *chip, struct tpm_space *space, const char *desc) { const struct tpm_output_header *header = buf; + unsigned int delay_msec = TPM2_DURATION_SHORT; int err; ssize_t len; - len = tpm_transmit(chip, space, (u8 *)buf, bufsiz, flags); - if (len < 0) - return len; + for (;;) { + len = tpm_transmit(chip, space, (u8 *)buf, bufsiz, flags); + if (len < 0) + return len; + err = be32_to_cpu(header->return_code); + if (err != TPM2_RC_TESTING) + break; + + delay_msec *= 2; + if (delay_msec > TPM2_DURATION_LONG) { + dev_err(&chip->dev, "the self test is still running\n"); + break; + } + tpm_msleep(delay_msec); + } - err = be32_to_cpu(header->return_code); if (err != 0 && desc) dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err, desc); diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index f895fba4e20d..cccd5994a0e1 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -104,6 +104,7 @@ enum tpm2_return_codes { TPM2_RC_HASH = 0x0083, /* RC_FMT1 */ TPM2_RC_HANDLE = 0x008B, TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */ + TPM2_RC_FAILURE = 0x0101, TPM2_RC_DISABLED = 0x0120, TPM2_RC_COMMAND_CODE = 0x0143, TPM2_RC_TESTING = 0x090A, /* RC_WARN */ diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index a700f8f9ead7..6eeff3a60003 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -31,10 +31,6 @@ struct tpm2_startup_in { __be16 startup_type; } __packed; -struct tpm2_self_test_in { - u8 full_test; -} __packed; - struct tpm2_get_tpm_pt_in { __be32 cap_id; __be32 property_id; @@ -60,7 +56,6 @@ struct tpm2_get_random_out { union tpm2_cmd_params { struct tpm2_startup_in startup_in; - struct tpm2_self_test_in selftest_in; struct tpm2_get_tpm_pt_in get_tpm_pt_in; struct tpm2_get_tpm_pt_out get_tpm_pt_out; struct tpm2_get_random_in getrandom_in; @@ -827,16 +822,6 @@ unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) } EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration); -#define TPM2_SELF_TEST_IN_SIZE \ - (sizeof(struct tpm_input_header) + \ - sizeof(struct tpm2_self_test_in)) - -static const struct tpm_input_header tpm2_selftest_header = { - .tag = cpu_to_be16(TPM2_ST_NO_SESSIONS), - .length = cpu_to_be32(TPM2_SELF_TEST_IN_SIZE), - .ordinal = cpu_to_be32(TPM2_CC_SELF_TEST) -}; - /** * tpm2_do_selftest() - ensure that all self tests have passed * @@ -852,27 +837,24 @@ static const struct tpm_input_header tpm2_selftest_header = { */ static int tpm2_do_selftest(struct tpm_chip *chip) { + struct tpm_buf buf; + int full; int rc; - unsigned int delay_msec = 10; - long duration; - struct tpm2_cmd cmd; - duration = jiffies_to_msecs( - tpm2_calc_ordinal_duration(chip, TPM2_CC_SELF_TEST)); - - while (1) { - cmd.header.in = tpm2_selftest_header; - cmd.params.selftest_in.full_test = 0; - - rc = tpm_transmit_cmd(chip, NULL, &cmd, TPM2_SELF_TEST_IN_SIZE, - 0, 0, "continue selftest"); + for (full = 0; full < 2; full++) { + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_SELF_TEST); + if (rc) + return rc; - if (rc != TPM2_RC_TESTING || delay_msec >= duration) - break; + tpm_buf_append_u8(&buf, full); + rc = tpm_transmit_cmd(chip, NULL, buf.data, PAGE_SIZE, 0, 0, + "attempting the self test\n"); + tpm_buf_destroy(&buf); - /* wait longer than before */ - delay_msec *= 2; - tpm_msleep(delay_msec); + if (rc == TPM2_RC_TESTING) + rc = TPM2_RC_SUCCESS; + if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS) + return rc; } return rc; @@ -1058,10 +1040,8 @@ int tpm2_auto_startup(struct tpm_chip *chip) goto out; rc = tpm2_do_selftest(chip); - if (rc != 0 && rc != TPM2_RC_INITIALIZE) { - dev_err(&chip->dev, "TPM self test failed\n"); + if (rc && rc != TPM2_RC_INITIALIZE) goto out; - } if (rc == TPM2_RC_INITIALIZE) { rc = tpm_startup(chip); @@ -1069,10 +1049,8 @@ int tpm2_auto_startup(struct tpm_chip *chip) goto out; rc = tpm2_do_selftest(chip); - if (rc) { - dev_err(&chip->dev, "TPM self test failed\n"); + if (rc) goto out; - } } rc = tpm2_get_pcr_allocation(chip); -- 2.15.1

6 years, 1 month

2
2
0 0

[PATCH v4] mmc: dw_mmc: Fix the DTO/CTO timeout overflow calculation for 32-bit systems

by Evgeniy Didin

In commit 9d9491a7da2a ("mmc: dw_mmc: Fix the DTO timeout calculation") and commit 4c2357f57dd5 ("mmc: dw_mmc: Fix the CTO timeout calculation") have been made changes which cause multiply overflow for 32-bit systems. The broken timeout calculations leads to unexpected ETIMEDOUT errors and causes stacktrace splat (such as below) during normal data exchange with SD-card. | Running : 4M-check-reassembly-tcp-cmykw2-rotatew2.out -v0 -w1 | - Info: Finished target initialization. | mmcblk0: error -110 transferring data, sector 320544, nr 2048, cmd response | 0x900, card status 0x0 DIV_ROUND_UP_ULL helps to escape usage of __udivdi3() from libgcc and so code gets compiled on all 32-bit platforms as opposed to usage of DIV_ROUND_UP when we may only compile stuff on a very few arches. Lets cast this multiply to u64 type which prevents overflow. Tested-by: Vineet Gupta <Vineet.Gupta1(a)synopsys.com> Reported-by: Vineet Gupta <Vineet.Gupta1(a)synopsys.com> # ARC STAR 9001306872 HSDK, sdio: board crashes when copying big files Fixes: 9d9491a7da2a ("mmc: dw_mmc: Fix the DTO timeout calculation") Fixes: 4c2357f57dd5 ("mmc: dw_mmc: Fix the CTO timeout calculation") Signed-off-by: Evgeniy Didin <Evgeniy.Didin(a)synopsys.com> CC: Alexey Brodkin <abrodkin(a)synopsys.com> CC: Eugeniy Paltsev <paltsev(a)synopsys.com> CC: Douglas Anderson <dianders(a)chromium.org> CC: Ulf Hansson <ulf.hansson(a)linaro.org> CC: Andy Shevchenko <andy.shevchenko(a)gmail.com> CC: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> CC: Shawn Lin <shawn.lin(a)rock-chips.com> CC: Vineet Gupta <Vineet.Gupta1(a)synopsys.com> CC: linux-kernel(a)vger.kernel.org CC: linux-snps-arc(a)lists.infradead.org Cc: <stable(a)vger.kernel.org> --- Changes since v3: -Switch DIV_ROUND_UP macro to DIV_ROUND_UP_ULL -Make one patch from two patches -Modify commit message Changes sinve v2: -add fix for cto_ms Changes since v1: -uint64_t switched to u64 drivers/mmc/host/dw_mmc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/mmc/host/dw_mmc.c b/drivers/mmc/host/dw_mmc.c index 0aa39975f33b..cba534d4c81b 100644 --- a/drivers/mmc/host/dw_mmc.c +++ b/drivers/mmc/host/dw_mmc.c @@ -409,7 +409,9 @@ static inline void dw_mci_set_cto(struct dw_mci *host) cto_div = (mci_readl(host, CLKDIV) & 0xff) * 2; if (cto_div == 0) cto_div = 1; - cto_ms = DIV_ROUND_UP(MSEC_PER_SEC * cto_clks * cto_div, host->bus_hz); + + cto_ms = DIV_ROUND_UP_ULL((u64)MSEC_PER_SEC * cto_clks * cto_div, + host->bus_hz); /* add a bit spare time */ cto_ms += 10; @@ -1944,8 +1946,9 @@ static void dw_mci_set_drto(struct dw_mci *host) drto_div = (mci_readl(host, CLKDIV) & 0xff) * 2; if (drto_div == 0) drto_div = 1; - drto_ms = DIV_ROUND_UP(MSEC_PER_SEC * drto_clks * drto_div, - host->bus_hz); + + drto_ms = DIV_ROUND_UP_ULL((u64)MSEC_PER_SEC * drto_clks * drto_div, + host->bus_hz); /* add a bit spare time */ drto_ms += 10; -- 2.11.0

6 years, 1 month

7
6
0 0

[PATCH] Bluetooth: btqcomsmd: Fix channel open check

by Bjorn Andersson

rpmsg_create_ept() returns NULL on error and as such qcom_wcnss_open_channel() does the same. Clarify this in the kernel-doc and correct the error checks in btqcomsmd. Fixes: 1511cc750c3d ("Bluetooth: Introduce Qualcomm WCNSS SMD based HCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Bjorn Andersson <bjorn.andersson(a)linaro.org> --- drivers/bluetooth/btqcomsmd.c | 8 ++++---- drivers/soc/qcom/wcnss_ctrl.c | 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/bluetooth/btqcomsmd.c b/drivers/bluetooth/btqcomsmd.c index 2c9a5fc9137d..24f702927875 100644 --- a/drivers/bluetooth/btqcomsmd.c +++ b/drivers/bluetooth/btqcomsmd.c @@ -151,13 +151,13 @@ static int btqcomsmd_probe(struct platform_device *pdev) btq->acl_channel = qcom_wcnss_open_channel(wcnss, "APPS_RIVA_BT_ACL", btqcomsmd_acl_callback, btq); - if (IS_ERR(btq->acl_channel)) - return PTR_ERR(btq->acl_channel); + if (!btq->acl_channel) + return -ENOENT; btq->cmd_channel = qcom_wcnss_open_channel(wcnss, "APPS_RIVA_BT_CMD", btqcomsmd_cmd_callback, btq); - if (IS_ERR(btq->cmd_channel)) - return PTR_ERR(btq->cmd_channel); + if (!btq->cmd_channel) + return -ENOENT; /* The local-bd-address property is usually injected by the * bootloader which has access to the allocated BD address. diff --git a/drivers/soc/qcom/wcnss_ctrl.c b/drivers/soc/qcom/wcnss_ctrl.c index d008e5b82db4..e968559b0fc4 100644 --- a/drivers/soc/qcom/wcnss_ctrl.c +++ b/drivers/soc/qcom/wcnss_ctrl.c @@ -275,6 +275,8 @@ static int wcnss_download_nv(struct wcnss_ctrl *wcnss, bool *expect_cbc) * @wcnss: wcnss handle, retrieved from drvdata * @name: SMD channel name * @cb: callback to handle incoming data on the channel + * + * Return: rpmsg_endpoint object on success, NULL on error */ struct rpmsg_endpoint *qcom_wcnss_open_channel(void *wcnss, const char *name, rpmsg_rx_cb_t cb, void *priv) { -- 2.16.2

6 years, 1 month

2
2
0 0

[Linux-stable-mirror] [PATCH 4.4 00/67] 4.4.115-stable review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.4.115 release. There are 67 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun Feb 4 14:07:31 UTC 2018. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.4.115-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.4.115-rc1 Stefan Agner <stefan(a)agner.ch> spi: imx: do not access registers while clocks disabled Fabio Estevam <fabio.estevam(a)nxp.com> serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS Mark Salyzyn <salyzyn(a)android.com> selinux: general protection fault in sock_has_perm Oliver Neukum <oneukum(a)suse.com> usb: uas: unconditionally bring back host after reset Hemant Kumar <hemantk(a)codeaurora.org> usb: f_fs: Prevent gadget unbind if it is already unbound Johan Hovold <johan(a)kernel.org> USB: serial: simple: add Motorola Tetra driver Shuah Khan <shuahkh(a)osg.samsung.com> usbip: list: don't list devices attached to vhci_hcd Shuah Khan <shuahkh(a)osg.samsung.com> usbip: prevent bind loops on devices attached to vhci_hcd Jia-Ju Bai <baijiaju1990(a)gmail.com> USB: serial: io_edgeport: fix possible sleep-in-atomic Oliver Neukum <oneukum(a)suse.com> CDC-ACM: apply quirk for card reader Hans de Goede <hdegoede(a)redhat.com> USB: cdc-acm: Do not log urb submission errors on disconnect Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> USB: serial: pl2303: new device id for Chilitag OKAMOTO Yoshiaki <yokamoto(a)allied-telesis.co.jp> usb: option: Add support for FS040U modem Larry Finger <Larry.Finger(a)lwfinger.net> staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID Colin Ian King <colin.king(a)canonical.com> usb: gadget: don't dereference g until after it has been null checked Icenowy Zheng <icenowy(a)aosc.io> media: usbtv: add a new usbid Gustavo A. R. Silva <garsilva(a)embeddedor.com> scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg Guilherme G. Piccoli <gpiccoli(a)linux.vnet.ibm.com> scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path Darrick J. Wong <darrick.wong(a)oracle.com> xfs: ubsan fixes Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/omap: Fix error handling path in 'omap_dmm_probe()' Yisheng Xie <xieyisheng1(a)huawei.com> kmemleak: add scheduling point to kmemleak_scan() Trond Myklebust <trond.myklebust(a)primarydata.com> SUNRPC: Allow connect to return EHOSTUNREACH Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> quota: Check for register_shrinker() failure. Geert Uytterhoeven <geert+renesas(a)glider.be> net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit Robert Lippert <roblip(a)gmail.com> hwmon: (pmbus) Use 64bit math for DIRECT format values Vasily Averin <vvs(a)virtuozzo.com> lockd: fix "list_add double add" caused by legacy signal interface Andrew Elble <aweits(a)rit.edu> nfsd: check for use of the closed special stateid Vasily Averin <vvs(a)virtuozzo.com> grace: replace BUG_ON by WARN_ONCE in exit_net hook Trond Myklebust <trond.myklebust(a)primarydata.com> nfsd: Ensure we check stateid validity in the seqid operation checks Trond Myklebust <trond.myklebust(a)primarydata.com> nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) Eduardo Otubo <otubo(a)redhat.com> xen-netfront: remove warning when unloading module Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: VMX: Fix rflags cache during vCPU reset Josef Bacik <jbacik(a)fb.com> btrfs: fix deadlock when writing out space cache Chun-Yeow Yeoh <yeohchunyeow(a)gmail.com> mac80211: fix the update of path metric for RANN frame zhangliping <zhangliping02(a)baidu.com> openvswitch: fix the incorrect flow action alloc size Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdkfd: Fix SDMA oversubsription handling shaoyunl <Shaoyun.Liu(a)amd.com> drm/amdkfd: Fix SDMA ring buffer size calculation Felix Kuehling <Felix.Kuehling(a)amd.com> drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode Michael Lyle <mlyle(a)lyle.org> bcache: check return value of register_shrinker James Hogan <jhogan(a)kernel.org> cpufreq: Add Loongson machine dependencies Hans de Goede <hdegoede(a)redhat.com> ACPI / bus: Leave modalias empty for devices which are not present Nikita Leshenko <nikita.leshchenko(a)oracle.com> KVM: x86: ioapic: Preserve read-only values in the redirection table Nikita Leshenko <nikita.leshchenko(a)oracle.com> KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered Nikita Leshenko <nikita.leshchenko(a)oracle.com> KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race Wanpeng Li <wanpeng.li(a)hotmail.com> KVM: X86: Fix operand/address-size during instruction decoding Liran Alon <liran.alon(a)oracle.com> KVM: x86: Don't re-execute instruction when not passing CR2 value Liran Alon <liran.alon(a)oracle.com> KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure Lyude Paul <lyude(a)redhat.com> igb: Free IRQs when device is hotplugged Jesse Chan <jc(a)linux.com> mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Jesse Chan <jc(a)linux.com> gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE Jesse Chan <jc(a)linux.com> gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Jesse Chan <jc(a)linux.com> power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE Stephan Mueller <smueller(a)chronox.de> crypto: af_alg - whitelist mask and type Stephan Mueller <smueller(a)chronox.de> crypto: aesni - handle zero length dst buffer Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Make ioctls race-free Hugh Dickins <hughd(a)google.com> kaiser: fix intel_bts perf crashes Dave Hansen <dave.hansen(a)linux.intel.com> x86/pti: Make unpoison of pgd for trusted boot work for real Daniel Borkmann <daniel(a)iogearbox.net> bpf: reject stores into ctx via st and xadd Alexei Starovoitov <ast(a)kernel.org> bpf: fix 32-bit divide by zero Eric Dumazet <edumazet(a)google.com> bpf: fix divides by zero Daniel Borkmann <daniel(a)iogearbox.net> bpf: avoid false sharing of map refcount with max_entries Daniel Borkmann <daniel(a)iogearbox.net> bpf: arsh is not supported in 32 bit alu thus reject it Alexei Starovoitov <ast(a)kernel.org> bpf: introduce BPF_JIT_ALWAYS_ON config Alexei Starovoitov <ast(a)fb.com> bpf: fix bpf_tail_call() x64 JIT Eric Dumazet <edumazet(a)google.com> x86: bpf_jit: small optimization in emit_bpf_tail_call() Alexei Starovoitov <ast(a)fb.com> bpf: fix branch pruning logic Linus Torvalds <torvalds(a)linux-foundation.org> loop: fix concurrent lo_open/lo_release ------------- Diffstat: Makefile | 4 +- arch/arm64/Kconfig | 1 + arch/s390/Kconfig | 1 + arch/x86/Kconfig | 1 + arch/x86/crypto/aesni-intel_glue.c | 2 +- arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/kernel/cpu/perf_event_intel_bts.c | 44 ++++++++++---- arch/x86/kernel/tboot.c | 10 ++++ arch/x86/kvm/emulate.c | 7 +++ arch/x86/kvm/ioapic.c | 20 ++++++- arch/x86/kvm/vmx.c | 4 +- arch/x86/kvm/x86.c | 2 +- arch/x86/net/bpf_jit_comp.c | 13 ++-- crypto/af_alg.c | 10 ++-- drivers/acpi/device_sysfs.c | 4 ++ drivers/block/loop.c | 10 +++- drivers/cpufreq/Kconfig | 2 + drivers/gpio/gpio-ath79.c | 3 + drivers/gpio/gpio-iop.c | 4 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gfx_v7.c | 47 +++++++++++---- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_cik.c | 4 +- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 18 ++++++ drivers/gpu/drm/omapdrm/omap_dmm_tiler.c | 3 +- drivers/hwmon/pmbus/pmbus_core.c | 21 ++++--- drivers/md/bcache/btree.c | 5 +- drivers/media/usb/usbtv/usbtv-core.c | 1 + drivers/mtd/nand/denali_pci.c | 4 ++ drivers/net/ethernet/intel/igb/igb_main.c | 2 +- drivers/net/ethernet/xilinx/Kconfig | 1 + drivers/net/xen-netfront.c | 18 ++++++ drivers/power/reset/zx-reboot.c | 4 ++ drivers/scsi/aacraid/commsup.c | 2 +- drivers/scsi/ufs/ufshcd.c | 7 ++- drivers/spi/spi-imx.c | 15 ++++- drivers/staging/rtl8188eu/os_dep/ioctl_linux.c | 14 ++--- drivers/tty/serial/imx.c | 14 +++-- drivers/usb/class/cdc-acm.c | 5 +- drivers/usb/gadget/composite.c | 7 ++- drivers/usb/gadget/function/f_fs.c | 3 +- drivers/usb/serial/Kconfig | 1 + drivers/usb/serial/io_edgeport.c | 1 - drivers/usb/serial/option.c | 5 ++ drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 1 + drivers/usb/serial/usb-serial-simple.c | 7 +++ drivers/usb/storage/uas.c | 7 +-- fs/btrfs/free-space-cache.c | 3 +- fs/nfs_common/grace.c | 10 +++- fs/nfsd/nfs4state.c | 34 ++++++----- fs/quota/dquot.c | 3 +- fs/xfs/xfs_aops.c | 6 +- include/linux/bpf.h | 16 +++-- init/Kconfig | 7 +++ kernel/bpf/core.c | 30 ++++++++-- kernel/bpf/verifier.c | 70 ++++++++++++++++++++++ lib/test_bpf.c | 13 ++-- mm/kmemleak.c | 2 + net/Kconfig | 3 + net/core/filter.c | 8 ++- net/core/sysctl_net_core.c | 6 ++ net/mac80211/mesh_hwmp.c | 15 +++-- net/openvswitch/flow_netlink.c | 16 ++--- net/socket.c | 9 +++ net/sunrpc/xprtsock.c | 1 + security/selinux/hooks.c | 2 + sound/core/seq/seq_clientmgr.c | 10 +++- sound/core/seq/seq_clientmgr.h | 1 + tools/usb/usbip/src/usbip_bind.c | 9 +++ tools/usb/usbip/src/usbip_list.c | 9 +++ 69 files changed, 504 insertions(+), 142 deletions(-)

6 years, 2 months

7
65
0 0

Patch "powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: powerpc-pseries-make-ras-irq-explicitly-dependent-on-dlpar-wq.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Wed Feb 28 16:23:28 CET 2018 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 8 Jan 2018 14:54:32 +1100 Subject: powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ From: Michael Ellerman <mpe(a)ellerman.id.au> [ Upstream commit e2d5915293ffdff977ddcfc12b817b08c53ffa7a ] The hotplug code uses its own workqueue to handle IRQ requests (pseries_hp_wq), however that workqueue is initialized after init_ras_IRQ(). That can lead to a kernel panic if any hotplug interrupts fire after init_ras_IRQ() but before pseries_hp_wq is initialised. eg: UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) NET: Registered protocol family 1 Unpacking initramfs... (qemu) object_add memory-backend-ram,id=mem1,size=10G (qemu) device_add pc-dimm,id=dimm1,memdev=mem1 Unable to handle kernel paging request for data at address 0xf94d03007c421378 Faulting instruction address: 0xc00000000012d744 Oops: Kernel access of bad area, sig: 11 [#1] LE SMP NR_CPUS=2048 NUMA pSeries Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.0-rc2-ziviani+ #26 task: (ptrval) task.stack: (ptrval) NIP: c00000000012d744 LR: c00000000012d744 CTR: 0000000000000000 REGS: (ptrval) TRAP: 0380 Not tainted (4.15.0-rc2-ziviani+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 28088042 XER: 20040000 CFAR: c00000000012d3c4 SOFTE: 0 ... NIP [c00000000012d744] __queue_work+0xd4/0x5c0 LR [c00000000012d744] __queue_work+0xd4/0x5c0 Call Trace: [c0000000fffefb90] [c00000000012d744] __queue_work+0xd4/0x5c0 (unreliable) [c0000000fffefc70] [c00000000012dce4] queue_work_on+0xb4/0xf0 This commit makes the RAS IRQ registration explicitly dependent on the creation of the pseries_hp_wq. Reported-by: Min Deng <mdeng(a)redhat.com> Reported-by: Daniel Henrique Barboza <danielhb(a)linux.vnet.ibm.com> Tested-by: Jose Ricardo Ziviani <joserz(a)linux.vnet.ibm.com> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- arch/powerpc/platforms/pseries/dlpar.c | 21 ++++++++++++++++++--- arch/powerpc/platforms/pseries/pseries.h | 2 ++ arch/powerpc/platforms/pseries/ras.c | 3 ++- 3 files changed, 22 insertions(+), 4 deletions(-) --- a/arch/powerpc/platforms/pseries/dlpar.c +++ b/arch/powerpc/platforms/pseries/dlpar.c @@ -586,11 +586,26 @@ static ssize_t dlpar_show(struct class * static CLASS_ATTR_RW(dlpar); -static int __init pseries_dlpar_init(void) +int __init dlpar_workqueue_init(void) { + if (pseries_hp_wq) + return 0; + pseries_hp_wq = alloc_workqueue("pseries hotplug workqueue", - WQ_UNBOUND, 1); + WQ_UNBOUND, 1); + + return pseries_hp_wq ? 0 : -ENOMEM; +} + +static int __init dlpar_sysfs_init(void) +{ + int rc; + + rc = dlpar_workqueue_init(); + if (rc) + return rc; + return sysfs_create_file(kernel_kobj, &class_attr_dlpar.attr); } -machine_device_initcall(pseries, pseries_dlpar_init); +machine_device_initcall(pseries, dlpar_sysfs_init); --- a/arch/powerpc/platforms/pseries/pseries.h +++ b/arch/powerpc/platforms/pseries/pseries.h @@ -98,4 +98,6 @@ static inline unsigned long cmo_get_page return CMO_PageSize; } +int dlpar_workqueue_init(void); + #endif /* _PSERIES_PSERIES_H */ --- a/arch/powerpc/platforms/pseries/ras.c +++ b/arch/powerpc/platforms/pseries/ras.c @@ -69,7 +69,8 @@ static int __init init_ras_IRQ(void) /* Hotplug Events */ np = of_find_node_by_path("/event-sources/hot-plug-events"); if (np != NULL) { - request_event_sources_irqs(np, ras_hotplug_interrupt, + if (dlpar_workqueue_init() == 0) + request_event_sources_irqs(np, ras_hotplug_interrupt, "RAS_HOTPLUG"); of_node_put(np); } Patches currently in stable-queue which might be from mpe(a)ellerman.id.au are queue-4.14/powerpc-pseries-make-ras-irq-explicitly-dependent-on-dlpar-wq.patch

6 years, 2 months

3
4
0 0

Re: [PATCH v5 2/9] watchdog/hpwdt: Remove legacy NMI sourcing.

by Arnd Bergmann

On Mon, Feb 26, 2018 at 4:22 AM, Jerry Hoemann <jerry.hoemann(a)hpe.com> wrote: > Gen8 and prior Proliant systems supported the "CRU" interface > to firmware. This interfaces allows linux to "call back" into firmware > to source the cause of an NMI. This feature isn't fully utilized > as the actual source of the NMI isn't printed, the driver only > indicates that the source couldn't be determined when the call > fails. > > With the advent of Gen9, iCRU replaces the CRU. The call back > feature is no longer available in firmware. To be compatible and > not attempt to call back into firmware on system not supporting CRU, > the SMBIOS table is consulted to determine if it is safe to > make the call back or not. > > This results in about half of the driver code being devoted > to either making CRU calls or determing if it is safe to make > CRU calls. As noted, the driver isn't really using the results of > the CRU calls. > > Furthermore, as a consequence of the Spectre security issue, the > BIOS/EFI calls are being wrapped into Spectre-disabling section. > Removing the call back in hpwdt_pretimeout assists in this effort. > > As the CRU sourcing of the NMI isn't required for handling the > NMI and there are security concerns with making the call back, remove > the legacy (pre Gen9) NMI sourcing and the DMI code to determine if > the system had the CRU interface. > > Signed-off-by: Jerry Hoemann <jerry.hoemann(a)hpe.com> This avoids a warning in mainline kernels, so that's great: drivers/watchdog/hpwdt.o: warning: objtool: .text+0x24: indirect call found in RETPOLINE build I wonder what we do about stable kernels. Are both this patch and the patch that added the objtool warning message candidates for backports to stable kernels? Arnd

6 years, 2 months

3
5
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror February 2018