349ac1a59c
Changes in 4.4.177
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
KEYS: allow reaching the keys quotas exactly
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: db8500-prcmu: Fix some section annotations
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: wm5110: Add missing ASRC rate register
mfd: mc13xxx: Fix a missing check of a register-read failure
net: hns: Fix use after free identified by SLUB debug
MIPS: ath79: Enable OF serial ports in the default config
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
scsi: isci: initialize shost fully before calling scsi_add_host()
MIPS: jazz: fix 64bit build
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
atm: he: fix sign-extension overflow on large shift
leds: lp5523: fix a missing check of return value of lp55xx_read
isdn: avm: Fix string plus integer warning from Clang
RDMA/srp: Rework SCSI device reset handling
KEYS: user: Align the payload buffer
KEYS: always initialize keyring_index_key::desc_len
batman-adv: fix uninit-value in batadv_interface_tx()
net/packet: fix 4gb buffer limit due to overflow check
team: avoid complex list operations in team_nl_cmd_options_set()
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
ARCv2: Enable unaligned access in early ASM code
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
libceph: handle an empty authorize reply
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
drm/msm: Unblock writer if reader closes file
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
ALSA: compress: prevent potential divide by zero bugs
thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
usb: gadget: Potential NULL dereference on allocation error
ASoC: dapm: change snprintf to scnprintf for possible overflow
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
ARC: fix __ffs return value to avoid build warnings
mac80211: fix miscounting of ttl-dropped frames
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
net: altera_tse: fix connect_local_phy error path
ibmveth: Do not process frames after calling napi_reschedule
mac80211: don't initiate TDLS connection if station is not associated to AP
cfg80211: extend range deviation for DMG
KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
arm/arm64: KVM: Feed initialized memory to MMIO accesses
KVM: arm/arm64: Fix MMIO emulation data handling
powerpc: Always initialize input array when calling epapr_hypercall()
mmc: spi: Fix card detection during probe
mm: enforce min addr even if capable() in expand_downwards()
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
cpufreq: Use struct kobj_attribute instead of struct global_attr
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
ncpfs: fix build warning of strncpy
isdn: isdn_tty: fix build warning of strncpy
staging: lustre: fix buffer overflow of string buffer
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
bnxt_en: Drop oversize TX packets to prevent errors.
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
net: phy: Micrel KSZ8061: link failure after cable connect
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
gpio: vf610: Mask all GPIO interrupts
nfs: Fix NULL pointer dereference of dev_name
scsi: libfc: free skb when receiving invalid flogi resp
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
ARM: pxa: ssp: unneeded to free devm_ allocated data
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
dmaengine: dmatest: Abort test in case of mapping error
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
MIPS: Remove function size check in get_frame_info()
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
udplite: call proper backlog handlers
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
netfilter: nfnetlink_log: just returns error for unknown command
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options
KEYS: restrict /proc/keys by credentials at open time
l2tp: fix infoleak in l2tp_ip6_recvmsg()
net: hsr: fix memory leak in hsr_dev_finalize()
net: sit: fix UBSAN Undefined behaviour in check_6rd
net/x25: fix use-after-free in x25_device_event()
net/x25: reset state in x25_connect()
pptp: dst_release sk_dst_cache in pptp_sock_destruct
ravb: Decrease TxFIFO depth of Q3 and Q2 to one
route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
tcp: handle inet_csk_reqsk_queue_add() failures
net/mlx4_core: Fix reset flow when in command polling mode
net/mlx4_core: Fix qp mtt size calculation
net/x25: fix a race in x25_bind()
mdio_bus: Fix use-after-free on device_register fails
net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
missing barriers in some of unix_sock ->addr and ->path accesses
ipvlan: disallow userns cap_net_admin to change global mode/flags
vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
vxlan: Fix GRO cells race condition between receive and link delete
net/hsr: fix possible crash in add_timer()
gro_cells: make sure device is up in gro_cells_receive()
tcp/dccp: remove reqsk_put() from inet_child_forget()
ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
fs/9p: use fscache mutex rather than spinlock
It's wrong to add len to sector_nr in raid10 reshape twice
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
9p: use inode->i_lock to protect i_size_write() under 32-bit
9p/net: fix memory leak in p9_client_create
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
stm class: Fix an endless loop in channel allocation
crypto: caam - fixed handling of sg list
crypto: ahash - fix another early termination in hash walk
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
gpu: ipu-v3: Fix CSI offsets for imx53
s390/dasd: fix using offset into zero size array error
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
Input: matrix_keypad - use flush_delayed_work()
i2c: cadence: Fix the hold bit setting
Input: st-keyscan - fix potential zalloc NULL dereference
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
assoc_array: Fix shortcut creation
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
net: systemport: Fix reception of BPDUs
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
ASoC: topology: free created components in tplg load error
arm64: Relax GIC version check during early boot
tmpfs: fix link accounting when a tmpfile is linked in
ARC: uacces: remove lp_start, lp_end from clobber list
phonet: fix building with clang
mac80211_hwsim: propagate genlmsg_reply return code
net: set static variable an initial value in atl2_probe()
tmpfs: fix uninitialized return value in shmem_link
stm class: Prevent division by zero
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
CIFS: Fix read after write for files with read caching
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
ACPI / device_sysfs: Avoid OF modalias creation for removed device
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
regulator: s2mpa01: Fix step values for some LDOs
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
s390/virtio: handle find on invalid queue gracefully
scsi: virtio_scsi: don't send sc payload with tmfs
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
m68k: Add -ffreestanding to CFLAGS
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: fix corruption reading shared and compressed extents after hole punching
crypto: pcbc - remove bogus memcpy()s with src == dest
cpufreq: tegra124: add missing of_node_put()
cpufreq: pxa2xx: remove incorrect __init annotation
ext4: fix crash during online resizing
ext2: Fix underflow in ext2_max_size()
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
intel_th: Don't reference unassigned outputs
parport_pc: fix find_superio io compare code, should use equal test.
i2c: tegra: fix maximum transfer size
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
jbd2: clear dirty flag when revoking a buffer from an older transaction
jbd2: fix compile warning when using JBUFFER_TRACE
powerpc/32: Clear on-stack exception marker upon exception return
powerpc/wii: properly disable use of BATs when requested.
powerpc/powernv: Make opal log only readable by root
powerpc/83xx: Also save/restore SPRG4-7 during suspend
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
dm: fix to_sector() for 32bit
NFS41: pop some layoutget errors to application
perf intel-pt: Fix CYC timestamp calculation after OVF
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix overlap calculation for padding
md: Fix failed allocation of md_register_thread
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
nfsd: fix memory corruption caused by readdir
nfsd: fix wrong check in write_v4_end_grace()
PM / wakeup: Rework wakeup source timer cancellation
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
drm/radeon/evergreen_cs: fix missing break in switch statement
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: X86: Fix residual mmio emulation request to userspace
Linux 4.4.177
Change-Id: Ia33b88c9634e04612874d79ce4cc166e8aa8096a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
795 lines
19 KiB
C
795 lines
19 KiB
C
/*
|
|
* This file is subject to the terms and conditions of the GNU General Public
|
|
* License. See the file "COPYING" in the main directory of this archive
|
|
* for more details.
|
|
*
|
|
* Copyright (C) 1994 - 1999, 2000 by Ralf Baechle and others.
|
|
* Copyright (C) 2005, 2006 by Ralf Baechle (ralf@linux-mips.org)
|
|
* Copyright (C) 1999, 2000 Silicon Graphics, Inc.
|
|
* Copyright (C) 2004 Thiemo Seufer
|
|
* Copyright (C) 2013 Imagination Technologies Ltd.
|
|
*/
|
|
#include <linux/errno.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/tick.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/stddef.h>
|
|
#include <linux/unistd.h>
|
|
#include <linux/export.h>
|
|
#include <linux/ptrace.h>
|
|
#include <linux/mman.h>
|
|
#include <linux/personality.h>
|
|
#include <linux/sys.h>
|
|
#include <linux/init.h>
|
|
#include <linux/completion.h>
|
|
#include <linux/kallsyms.h>
|
|
#include <linux/random.h>
|
|
#include <linux/prctl.h>
|
|
|
|
#include <asm/asm.h>
|
|
#include <asm/bootinfo.h>
|
|
#include <asm/cpu.h>
|
|
#include <asm/dsemul.h>
|
|
#include <asm/dsp.h>
|
|
#include <asm/fpu.h>
|
|
#include <asm/irq.h>
|
|
#include <asm/msa.h>
|
|
#include <asm/pgtable.h>
|
|
#include <asm/mipsregs.h>
|
|
#include <asm/processor.h>
|
|
#include <asm/reg.h>
|
|
#include <asm/uaccess.h>
|
|
#include <asm/io.h>
|
|
#include <asm/elf.h>
|
|
#include <asm/isadep.h>
|
|
#include <asm/inst.h>
|
|
#include <asm/stacktrace.h>
|
|
#include <asm/irq_regs.h>
|
|
|
|
#ifdef CONFIG_HOTPLUG_CPU
|
|
void arch_cpu_idle_dead(void)
|
|
{
|
|
play_dead();
|
|
}
|
|
#endif
|
|
|
|
asmlinkage void ret_from_fork(void);
|
|
asmlinkage void ret_from_kernel_thread(void);
|
|
|
|
void start_thread(struct pt_regs * regs, unsigned long pc, unsigned long sp)
|
|
{
|
|
unsigned long status;
|
|
|
|
/* New thread loses kernel privileges. */
|
|
status = regs->cp0_status & ~(ST0_CU0|ST0_CU1|ST0_FR|KU_MASK);
|
|
status |= KU_USER;
|
|
regs->cp0_status = status;
|
|
lose_fpu(0);
|
|
clear_thread_flag(TIF_MSA_CTX_LIVE);
|
|
clear_used_math();
|
|
atomic_set(¤t->thread.bd_emu_frame, BD_EMUFRAME_NONE);
|
|
init_dsp();
|
|
regs->cp0_epc = pc;
|
|
regs->regs[29] = sp;
|
|
}
|
|
|
|
void exit_thread(struct task_struct *tsk)
|
|
{
|
|
/*
|
|
* User threads may have allocated a delay slot emulation frame.
|
|
* If so, clean up that allocation.
|
|
*/
|
|
if (!(current->flags & PF_KTHREAD))
|
|
dsemul_thread_cleanup(tsk);
|
|
}
|
|
|
|
int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
|
|
{
|
|
/*
|
|
* Save any process state which is live in hardware registers to the
|
|
* parent context prior to duplication. This prevents the new child
|
|
* state becoming stale if the parent is preempted before copy_thread()
|
|
* gets a chance to save the parent's live hardware registers to the
|
|
* child context.
|
|
*/
|
|
preempt_disable();
|
|
|
|
if (is_msa_enabled())
|
|
save_msa(current);
|
|
else if (is_fpu_owner())
|
|
_save_fp(current);
|
|
|
|
save_dsp(current);
|
|
|
|
preempt_enable();
|
|
|
|
*dst = *src;
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Copy architecture-specific thread state
|
|
*/
|
|
int copy_thread(unsigned long clone_flags, unsigned long usp,
|
|
unsigned long kthread_arg, struct task_struct *p)
|
|
{
|
|
struct thread_info *ti = task_thread_info(p);
|
|
struct pt_regs *childregs, *regs = current_pt_regs();
|
|
unsigned long childksp;
|
|
|
|
childksp = (unsigned long)task_stack_page(p) + THREAD_SIZE - 32;
|
|
|
|
/* set up new TSS. */
|
|
childregs = (struct pt_regs *) childksp - 1;
|
|
/* Put the stack after the struct pt_regs. */
|
|
childksp = (unsigned long) childregs;
|
|
p->thread.cp0_status = read_c0_status() & ~(ST0_CU2|ST0_CU1);
|
|
if (unlikely(p->flags & PF_KTHREAD)) {
|
|
/* kernel thread */
|
|
unsigned long status = p->thread.cp0_status;
|
|
memset(childregs, 0, sizeof(struct pt_regs));
|
|
ti->addr_limit = KERNEL_DS;
|
|
p->thread.reg16 = usp; /* fn */
|
|
p->thread.reg17 = kthread_arg;
|
|
p->thread.reg29 = childksp;
|
|
p->thread.reg31 = (unsigned long) ret_from_kernel_thread;
|
|
#if defined(CONFIG_CPU_R3000) || defined(CONFIG_CPU_TX39XX)
|
|
status = (status & ~(ST0_KUP | ST0_IEP | ST0_IEC)) |
|
|
((status & (ST0_KUC | ST0_IEC)) << 2);
|
|
#else
|
|
status |= ST0_EXL;
|
|
#endif
|
|
childregs->cp0_status = status;
|
|
return 0;
|
|
}
|
|
|
|
/* user thread */
|
|
*childregs = *regs;
|
|
childregs->regs[7] = 0; /* Clear error flag */
|
|
childregs->regs[2] = 0; /* Child gets zero as return value */
|
|
if (usp)
|
|
childregs->regs[29] = usp;
|
|
ti->addr_limit = USER_DS;
|
|
|
|
p->thread.reg29 = (unsigned long) childregs;
|
|
p->thread.reg31 = (unsigned long) ret_from_fork;
|
|
|
|
/*
|
|
* New tasks lose permission to use the fpu. This accelerates context
|
|
* switching for most programs since they don't use the fpu.
|
|
*/
|
|
childregs->cp0_status &= ~(ST0_CU2|ST0_CU1);
|
|
|
|
clear_tsk_thread_flag(p, TIF_USEDFPU);
|
|
clear_tsk_thread_flag(p, TIF_USEDMSA);
|
|
clear_tsk_thread_flag(p, TIF_MSA_CTX_LIVE);
|
|
|
|
#ifdef CONFIG_MIPS_MT_FPAFF
|
|
clear_tsk_thread_flag(p, TIF_FPUBOUND);
|
|
#endif /* CONFIG_MIPS_MT_FPAFF */
|
|
|
|
atomic_set(&p->thread.bd_emu_frame, BD_EMUFRAME_NONE);
|
|
|
|
if (clone_flags & CLONE_SETTLS)
|
|
ti->tp_value = regs->regs[7];
|
|
|
|
return 0;
|
|
}
|
|
|
|
#ifdef CONFIG_CC_STACKPROTECTOR
|
|
#include <linux/stackprotector.h>
|
|
unsigned long __stack_chk_guard __read_mostly;
|
|
EXPORT_SYMBOL(__stack_chk_guard);
|
|
#endif
|
|
|
|
struct mips_frame_info {
|
|
void *func;
|
|
unsigned long func_size;
|
|
int frame_size;
|
|
int pc_offset;
|
|
};
|
|
|
|
#define J_TARGET(pc,target) \
|
|
(((unsigned long)(pc) & 0xf0000000) | ((target) << 2))
|
|
|
|
static inline int is_ra_save_ins(union mips_instruction *ip, int *poff)
|
|
{
|
|
#ifdef CONFIG_CPU_MICROMIPS
|
|
/*
|
|
* swsp ra,offset
|
|
* swm16 reglist,offset(sp)
|
|
* swm32 reglist,offset(sp)
|
|
* sw32 ra,offset(sp)
|
|
* jradiussp - NOT SUPPORTED
|
|
*
|
|
* microMIPS is way more fun...
|
|
*/
|
|
if (mm_insn_16bit(ip->halfword[1])) {
|
|
switch (ip->mm16_r5_format.opcode) {
|
|
case mm_swsp16_op:
|
|
if (ip->mm16_r5_format.rt != 31)
|
|
return 0;
|
|
|
|
*poff = ip->mm16_r5_format.imm;
|
|
*poff = (*poff << 2) / sizeof(ulong);
|
|
return 1;
|
|
|
|
case mm_pool16c_op:
|
|
switch (ip->mm16_m_format.func) {
|
|
case mm_swm16_op:
|
|
*poff = ip->mm16_m_format.imm;
|
|
*poff += 1 + ip->mm16_m_format.rlist;
|
|
*poff = (*poff << 2) / sizeof(ulong);
|
|
return 1;
|
|
|
|
default:
|
|
return 0;
|
|
}
|
|
|
|
default:
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
switch (ip->i_format.opcode) {
|
|
case mm_sw32_op:
|
|
if (ip->i_format.rs != 29)
|
|
return 0;
|
|
if (ip->i_format.rt != 31)
|
|
return 0;
|
|
|
|
*poff = ip->i_format.simmediate / sizeof(ulong);
|
|
return 1;
|
|
|
|
case mm_pool32b_op:
|
|
switch (ip->mm_m_format.func) {
|
|
case mm_swm32_func:
|
|
if (ip->mm_m_format.rd < 0x10)
|
|
return 0;
|
|
if (ip->mm_m_format.base != 29)
|
|
return 0;
|
|
|
|
*poff = ip->mm_m_format.simmediate;
|
|
*poff += (ip->mm_m_format.rd & 0xf) * sizeof(u32);
|
|
*poff /= sizeof(ulong);
|
|
return 1;
|
|
default:
|
|
return 0;
|
|
}
|
|
|
|
default:
|
|
return 0;
|
|
}
|
|
#else
|
|
/* sw / sd $ra, offset($sp) */
|
|
if ((ip->i_format.opcode == sw_op || ip->i_format.opcode == sd_op) &&
|
|
ip->i_format.rs == 29 && ip->i_format.rt == 31) {
|
|
*poff = ip->i_format.simmediate / sizeof(ulong);
|
|
return 1;
|
|
}
|
|
|
|
return 0;
|
|
#endif
|
|
}
|
|
|
|
static inline int is_jump_ins(union mips_instruction *ip)
|
|
{
|
|
#ifdef CONFIG_CPU_MICROMIPS
|
|
/*
|
|
* jr16,jrc,jalr16,jalr16
|
|
* jal
|
|
* jalr/jr,jalr.hb/jr.hb,jalrs,jalrs.hb
|
|
* jraddiusp - NOT SUPPORTED
|
|
*
|
|
* microMIPS is kind of more fun...
|
|
*/
|
|
if (mm_insn_16bit(ip->halfword[1])) {
|
|
if ((ip->mm16_r5_format.opcode == mm_pool16c_op &&
|
|
(ip->mm16_r5_format.rt & mm_jr16_op) == mm_jr16_op))
|
|
return 1;
|
|
return 0;
|
|
}
|
|
|
|
if (ip->j_format.opcode == mm_j32_op)
|
|
return 1;
|
|
if (ip->j_format.opcode == mm_jal32_op)
|
|
return 1;
|
|
if (ip->r_format.opcode != mm_pool32a_op ||
|
|
ip->r_format.func != mm_pool32axf_op)
|
|
return 0;
|
|
return ((ip->u_format.uimmediate >> 6) & mm_jalr_op) == mm_jalr_op;
|
|
#else
|
|
if (ip->j_format.opcode == j_op)
|
|
return 1;
|
|
if (ip->j_format.opcode == jal_op)
|
|
return 1;
|
|
if (ip->r_format.opcode != spec_op)
|
|
return 0;
|
|
return ip->r_format.func == jalr_op || ip->r_format.func == jr_op;
|
|
#endif
|
|
}
|
|
|
|
static inline int is_sp_move_ins(union mips_instruction *ip)
|
|
{
|
|
#ifdef CONFIG_CPU_MICROMIPS
|
|
/*
|
|
* addiusp -imm
|
|
* addius5 sp,-imm
|
|
* addiu32 sp,sp,-imm
|
|
* jradiussp - NOT SUPPORTED
|
|
*
|
|
* microMIPS is not more fun...
|
|
*/
|
|
if (mm_insn_16bit(ip->halfword[1])) {
|
|
return (ip->mm16_r3_format.opcode == mm_pool16d_op &&
|
|
ip->mm16_r3_format.simmediate && mm_addiusp_func) ||
|
|
(ip->mm16_r5_format.opcode == mm_pool16d_op &&
|
|
ip->mm16_r5_format.rt == 29);
|
|
}
|
|
|
|
return ip->mm_i_format.opcode == mm_addiu32_op &&
|
|
ip->mm_i_format.rt == 29 && ip->mm_i_format.rs == 29;
|
|
#else
|
|
/* addiu/daddiu sp,sp,-imm */
|
|
if (ip->i_format.rs != 29 || ip->i_format.rt != 29)
|
|
return 0;
|
|
if (ip->i_format.opcode == addiu_op || ip->i_format.opcode == daddiu_op)
|
|
return 1;
|
|
#endif
|
|
return 0;
|
|
}
|
|
|
|
static int get_frame_info(struct mips_frame_info *info)
|
|
{
|
|
bool is_mmips = IS_ENABLED(CONFIG_CPU_MICROMIPS);
|
|
union mips_instruction insn, *ip;
|
|
const unsigned int max_insns = 128;
|
|
unsigned int last_insn_size = 0;
|
|
unsigned int i;
|
|
|
|
info->pc_offset = -1;
|
|
info->frame_size = 0;
|
|
|
|
ip = (void *)msk_isa16_mode((ulong)info->func);
|
|
if (!ip)
|
|
goto err;
|
|
|
|
for (i = 0; i < max_insns; i++) {
|
|
ip = (void *)ip + last_insn_size;
|
|
|
|
if (is_mmips && mm_insn_16bit(ip->halfword[0])) {
|
|
insn.halfword[0] = 0;
|
|
insn.halfword[1] = ip->halfword[0];
|
|
last_insn_size = 2;
|
|
} else if (is_mmips) {
|
|
insn.halfword[0] = ip->halfword[1];
|
|
insn.halfword[1] = ip->halfword[0];
|
|
last_insn_size = 4;
|
|
} else {
|
|
insn.word = ip->word;
|
|
last_insn_size = 4;
|
|
}
|
|
|
|
if (is_jump_ins(&insn))
|
|
break;
|
|
|
|
if (!info->frame_size) {
|
|
if (is_sp_move_ins(&insn))
|
|
{
|
|
#ifdef CONFIG_CPU_MICROMIPS
|
|
if (mm_insn_16bit(ip->halfword[0]))
|
|
{
|
|
unsigned short tmp;
|
|
|
|
if (ip->halfword[0] & mm_addiusp_func)
|
|
{
|
|
tmp = (((ip->halfword[0] >> 1) & 0x1ff) << 2);
|
|
info->frame_size = -(signed short)(tmp | ((tmp & 0x100) ? 0xfe00 : 0));
|
|
} else {
|
|
tmp = (ip->halfword[0] >> 1);
|
|
info->frame_size = -(signed short)(tmp & 0xf);
|
|
}
|
|
} else
|
|
#endif
|
|
info->frame_size = - ip->i_format.simmediate;
|
|
}
|
|
continue;
|
|
}
|
|
if (info->pc_offset == -1 &&
|
|
is_ra_save_ins(&insn, &info->pc_offset))
|
|
break;
|
|
}
|
|
if (info->frame_size && info->pc_offset >= 0) /* nested */
|
|
return 0;
|
|
if (info->pc_offset < 0) /* leaf */
|
|
return 1;
|
|
/* prologue seems boggus... */
|
|
err:
|
|
return -1;
|
|
}
|
|
|
|
static struct mips_frame_info schedule_mfi __read_mostly;
|
|
|
|
#ifdef CONFIG_KALLSYMS
|
|
static unsigned long get___schedule_addr(void)
|
|
{
|
|
return kallsyms_lookup_name("__schedule");
|
|
}
|
|
#else
|
|
static unsigned long get___schedule_addr(void)
|
|
{
|
|
union mips_instruction *ip = (void *)schedule;
|
|
int max_insns = 8;
|
|
int i;
|
|
|
|
for (i = 0; i < max_insns; i++, ip++) {
|
|
if (ip->j_format.opcode == j_op)
|
|
return J_TARGET(ip, ip->j_format.target);
|
|
}
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
static int __init frame_info_init(void)
|
|
{
|
|
unsigned long size = 0;
|
|
#ifdef CONFIG_KALLSYMS
|
|
unsigned long ofs;
|
|
#endif
|
|
unsigned long addr;
|
|
|
|
addr = get___schedule_addr();
|
|
if (!addr)
|
|
addr = (unsigned long)schedule;
|
|
|
|
#ifdef CONFIG_KALLSYMS
|
|
kallsyms_lookup_size_offset(addr, &size, &ofs);
|
|
#endif
|
|
schedule_mfi.func = (void *)addr;
|
|
schedule_mfi.func_size = size;
|
|
|
|
get_frame_info(&schedule_mfi);
|
|
|
|
/*
|
|
* Without schedule() frame info, result given by
|
|
* thread_saved_pc() and get_wchan() are not reliable.
|
|
*/
|
|
if (schedule_mfi.pc_offset < 0)
|
|
printk("Can't analyze schedule() prologue at %p\n", schedule);
|
|
|
|
return 0;
|
|
}
|
|
|
|
arch_initcall(frame_info_init);
|
|
|
|
/*
|
|
* Return saved PC of a blocked thread.
|
|
*/
|
|
unsigned long thread_saved_pc(struct task_struct *tsk)
|
|
{
|
|
struct thread_struct *t = &tsk->thread;
|
|
|
|
/* New born processes are a special case */
|
|
if (t->reg31 == (unsigned long) ret_from_fork)
|
|
return t->reg31;
|
|
if (schedule_mfi.pc_offset < 0)
|
|
return 0;
|
|
return ((unsigned long *)t->reg29)[schedule_mfi.pc_offset];
|
|
}
|
|
|
|
|
|
#ifdef CONFIG_KALLSYMS
|
|
/* generic stack unwinding function */
|
|
unsigned long notrace unwind_stack_by_address(unsigned long stack_page,
|
|
unsigned long *sp,
|
|
unsigned long pc,
|
|
unsigned long *ra)
|
|
{
|
|
unsigned long low, high, irq_stack_high;
|
|
struct mips_frame_info info;
|
|
unsigned long size, ofs;
|
|
struct pt_regs *regs;
|
|
int leaf;
|
|
|
|
if (!stack_page)
|
|
return 0;
|
|
|
|
/*
|
|
* IRQ stacks start at IRQ_STACK_START
|
|
* task stacks at THREAD_SIZE - 32
|
|
*/
|
|
low = stack_page;
|
|
if (!preemptible() && on_irq_stack(raw_smp_processor_id(), *sp)) {
|
|
high = stack_page + IRQ_STACK_START;
|
|
irq_stack_high = high;
|
|
} else {
|
|
high = stack_page + THREAD_SIZE - 32;
|
|
irq_stack_high = 0;
|
|
}
|
|
|
|
/*
|
|
* If we reached the top of the interrupt stack, start unwinding
|
|
* the interrupted task stack.
|
|
*/
|
|
if (unlikely(*sp == irq_stack_high)) {
|
|
unsigned long task_sp = *(unsigned long *)*sp;
|
|
|
|
/*
|
|
* Check that the pointer saved in the IRQ stack head points to
|
|
* something within the stack of the current task
|
|
*/
|
|
if (!object_is_on_stack((void *)task_sp))
|
|
return 0;
|
|
|
|
/*
|
|
* Follow pointer to tasks kernel stack frame where interrupted
|
|
* state was saved.
|
|
*/
|
|
regs = (struct pt_regs *)task_sp;
|
|
pc = regs->cp0_epc;
|
|
if (!user_mode(regs) && __kernel_text_address(pc)) {
|
|
*sp = regs->regs[29];
|
|
*ra = regs->regs[31];
|
|
return pc;
|
|
}
|
|
return 0;
|
|
}
|
|
if (!kallsyms_lookup_size_offset(pc, &size, &ofs))
|
|
return 0;
|
|
/*
|
|
* Return ra if an exception occurred at the first instruction
|
|
*/
|
|
if (unlikely(ofs == 0)) {
|
|
pc = *ra;
|
|
*ra = 0;
|
|
return pc;
|
|
}
|
|
|
|
info.func = (void *)(pc - ofs);
|
|
info.func_size = ofs; /* analyze from start to ofs */
|
|
leaf = get_frame_info(&info);
|
|
if (leaf < 0)
|
|
return 0;
|
|
|
|
if (*sp < low || *sp + info.frame_size > high)
|
|
return 0;
|
|
|
|
if (leaf)
|
|
/*
|
|
* For some extreme cases, get_frame_info() can
|
|
* consider wrongly a nested function as a leaf
|
|
* one. In that cases avoid to return always the
|
|
* same value.
|
|
*/
|
|
pc = pc != *ra ? *ra : 0;
|
|
else
|
|
pc = ((unsigned long *)(*sp))[info.pc_offset];
|
|
|
|
*sp += info.frame_size;
|
|
*ra = 0;
|
|
return __kernel_text_address(pc) ? pc : 0;
|
|
}
|
|
EXPORT_SYMBOL(unwind_stack_by_address);
|
|
|
|
/* used by show_backtrace() */
|
|
unsigned long unwind_stack(struct task_struct *task, unsigned long *sp,
|
|
unsigned long pc, unsigned long *ra)
|
|
{
|
|
unsigned long stack_page = 0;
|
|
int cpu;
|
|
|
|
for_each_possible_cpu(cpu) {
|
|
if (on_irq_stack(cpu, *sp)) {
|
|
stack_page = (unsigned long)irq_stack[cpu];
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!stack_page)
|
|
stack_page = (unsigned long)task_stack_page(task);
|
|
|
|
return unwind_stack_by_address(stack_page, sp, pc, ra);
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* get_wchan - a maintenance nightmare^W^Wpain in the ass ...
|
|
*/
|
|
unsigned long get_wchan(struct task_struct *task)
|
|
{
|
|
unsigned long pc = 0;
|
|
#ifdef CONFIG_KALLSYMS
|
|
unsigned long sp;
|
|
unsigned long ra = 0;
|
|
#endif
|
|
|
|
if (!task || task == current || task->state == TASK_RUNNING)
|
|
goto out;
|
|
if (!task_stack_page(task))
|
|
goto out;
|
|
|
|
pc = thread_saved_pc(task);
|
|
|
|
#ifdef CONFIG_KALLSYMS
|
|
sp = task->thread.reg29 + schedule_mfi.frame_size;
|
|
|
|
while (in_sched_functions(pc))
|
|
pc = unwind_stack(task, &sp, pc, &ra);
|
|
#endif
|
|
|
|
out:
|
|
return pc;
|
|
}
|
|
|
|
/*
|
|
* Don't forget that the stack pointer must be aligned on a 8 bytes
|
|
* boundary for 32-bits ABI and 16 bytes for 64-bits ABI.
|
|
*/
|
|
unsigned long arch_align_stack(unsigned long sp)
|
|
{
|
|
if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
|
|
sp -= get_random_int() & ~PAGE_MASK;
|
|
|
|
return sp & ALMASK;
|
|
}
|
|
|
|
static DEFINE_PER_CPU(struct call_single_data, backtrace_csd);
|
|
static struct cpumask backtrace_csd_busy;
|
|
|
|
static void arch_dump_stack(void *info)
|
|
{
|
|
struct pt_regs *regs;
|
|
static arch_spinlock_t lock = __ARCH_SPIN_LOCK_UNLOCKED;
|
|
|
|
arch_spin_lock(&lock);
|
|
regs = get_irq_regs();
|
|
|
|
if (regs)
|
|
show_regs(regs);
|
|
else
|
|
dump_stack();
|
|
arch_spin_unlock(&lock);
|
|
|
|
cpumask_clear_cpu(smp_processor_id(), &backtrace_csd_busy);
|
|
}
|
|
|
|
void arch_trigger_all_cpu_backtrace(bool include_self)
|
|
{
|
|
struct call_single_data *csd;
|
|
int cpu;
|
|
|
|
for_each_cpu(cpu, cpu_online_mask) {
|
|
/*
|
|
* If we previously sent an IPI to the target CPU & it hasn't
|
|
* cleared its bit in the busy cpumask then it didn't handle
|
|
* our previous IPI & it's not safe for us to reuse the
|
|
* call_single_data_t.
|
|
*/
|
|
if (cpumask_test_and_set_cpu(cpu, &backtrace_csd_busy)) {
|
|
pr_warn("Unable to send backtrace IPI to CPU%u - perhaps it hung?\n",
|
|
cpu);
|
|
continue;
|
|
}
|
|
|
|
csd = &per_cpu(backtrace_csd, cpu);
|
|
csd->func = arch_dump_stack;
|
|
smp_call_function_single_async(cpu, csd);
|
|
}
|
|
}
|
|
|
|
int mips_get_process_fp_mode(struct task_struct *task)
|
|
{
|
|
int value = 0;
|
|
|
|
if (!test_tsk_thread_flag(task, TIF_32BIT_FPREGS))
|
|
value |= PR_FP_MODE_FR;
|
|
if (test_tsk_thread_flag(task, TIF_HYBRID_FPREGS))
|
|
value |= PR_FP_MODE_FRE;
|
|
|
|
return value;
|
|
}
|
|
|
|
int mips_set_process_fp_mode(struct task_struct *task, unsigned int value)
|
|
{
|
|
const unsigned int known_bits = PR_FP_MODE_FR | PR_FP_MODE_FRE;
|
|
unsigned long switch_count;
|
|
struct task_struct *t;
|
|
|
|
/* If nothing to change, return right away, successfully. */
|
|
if (value == mips_get_process_fp_mode(task))
|
|
return 0;
|
|
|
|
/* Only accept a mode change if 64-bit FP enabled for o32. */
|
|
if (!IS_ENABLED(CONFIG_MIPS_O32_FP64_SUPPORT))
|
|
return -EOPNOTSUPP;
|
|
|
|
/* And only for o32 tasks. */
|
|
if (IS_ENABLED(CONFIG_64BIT) && !test_thread_flag(TIF_32BIT_REGS))
|
|
return -EOPNOTSUPP;
|
|
|
|
/* Check the value is valid */
|
|
if (value & ~known_bits)
|
|
return -EOPNOTSUPP;
|
|
|
|
/* Setting FRE without FR is not supported. */
|
|
if ((value & (PR_FP_MODE_FR | PR_FP_MODE_FRE)) == PR_FP_MODE_FRE)
|
|
return -EOPNOTSUPP;
|
|
|
|
/* Avoid inadvertently triggering emulation */
|
|
if ((value & PR_FP_MODE_FR) && raw_cpu_has_fpu &&
|
|
!(raw_current_cpu_data.fpu_id & MIPS_FPIR_F64))
|
|
return -EOPNOTSUPP;
|
|
if ((value & PR_FP_MODE_FRE) && raw_cpu_has_fpu && !cpu_has_fre)
|
|
return -EOPNOTSUPP;
|
|
|
|
/* FR = 0 not supported in MIPS R6 */
|
|
if (!(value & PR_FP_MODE_FR) && raw_cpu_has_fpu && cpu_has_mips_r6)
|
|
return -EOPNOTSUPP;
|
|
|
|
/* Proceed with the mode switch */
|
|
preempt_disable();
|
|
|
|
/* Save FP & vector context, then disable FPU & MSA */
|
|
if (task->signal == current->signal)
|
|
lose_fpu(1);
|
|
|
|
/* Prevent any threads from obtaining live FP context */
|
|
atomic_set(&task->mm->context.fp_mode_switching, 1);
|
|
smp_mb__after_atomic();
|
|
|
|
/*
|
|
* If there are multiple online CPUs then wait until all threads whose
|
|
* FP mode is about to change have been context switched. This approach
|
|
* allows us to only worry about whether an FP mode switch is in
|
|
* progress when FP is first used in a tasks time slice. Pretty much all
|
|
* of the mode switch overhead can thus be confined to cases where mode
|
|
* switches are actually occurring. That is, to here. However for the
|
|
* thread performing the mode switch it may take a while...
|
|
*/
|
|
if (num_online_cpus() > 1) {
|
|
spin_lock_irq(&task->sighand->siglock);
|
|
|
|
for_each_thread(task, t) {
|
|
if (t == current)
|
|
continue;
|
|
|
|
switch_count = t->nvcsw + t->nivcsw;
|
|
|
|
do {
|
|
spin_unlock_irq(&task->sighand->siglock);
|
|
cond_resched();
|
|
spin_lock_irq(&task->sighand->siglock);
|
|
} while ((t->nvcsw + t->nivcsw) == switch_count);
|
|
}
|
|
|
|
spin_unlock_irq(&task->sighand->siglock);
|
|
}
|
|
|
|
/*
|
|
* There are now no threads of the process with live FP context, so it
|
|
* is safe to proceed with the FP mode switch.
|
|
*/
|
|
for_each_thread(task, t) {
|
|
/* Update desired FP register width */
|
|
if (value & PR_FP_MODE_FR) {
|
|
clear_tsk_thread_flag(t, TIF_32BIT_FPREGS);
|
|
} else {
|
|
set_tsk_thread_flag(t, TIF_32BIT_FPREGS);
|
|
clear_tsk_thread_flag(t, TIF_MSA_CTX_LIVE);
|
|
}
|
|
|
|
/* Update desired FP single layout */
|
|
if (value & PR_FP_MODE_FRE)
|
|
set_tsk_thread_flag(t, TIF_HYBRID_FPREGS);
|
|
else
|
|
clear_tsk_thread_flag(t, TIF_HYBRID_FPREGS);
|
|
}
|
|
|
|
/* Allow threads to use FP again */
|
|
atomic_set(&task->mm->context.fp_mode_switching, 0);
|
|
preempt_enable();
|
|
|
|
return 0;
|
|
}
|