5308266998
Linux 4.4.116
ftrace: Remove incorrect setting of glob search field
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ovl: fix failure to fsync lower dir
ACPI: sbshc: remove raw pointer from printk() message
nvme: Fix managing degraded controllers
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
pktcdvd: Fix pkt_setup_dev() error path
EDAC, octeon: Fix an uninitialized variable warning
xtensa: fix futex_atomic_cmpxchg_inatomic
alpha: fix reboot on Avanti platform
alpha: fix crash if pthread_create races with signal delivery
signal/sh: Ensure si_signo is initialized in do_divide_error
signal/openrisc: Fix do_unaligned_access to send the proper signal
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btsdio: Do not bind to non-removable BCM43341
* HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
* kernel/async.c: revert "async: simplify lowest_in_progress()"
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
media: ts2020: avoid integer overflows on 32 bit machines
watchdog: imx2_wdt: restore previous timeout after suspend+resume
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
crypto: caam - fix endless loop when DECO acquire fails
* media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
* media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
* media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
* media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
* media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
* media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
* media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
* media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
* media: v4l2-compat-ioctl32.c: avoid sizeof(type)
* media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
* media: v4l2-compat-ioctl32.c: fix the indentation
* media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
* vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
* media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
* nsfs: mark dentry with DCACHE_RCUACCESS
crypto: poly1305 - remove ->setkey() method
* crypto: cryptd - pass through absence of ->setkey()
* crypto: hash - introduce crypto_hash_alg_has_setkey()
ahci: Add Intel Cannon Lake PCH-H PCI ID
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Annotate PCI ids for mobile Intel chipsets as such
* kernfs: fix regression in kernfs_fop_write caused by wrong type
NFS: reject request for id_legacy key without auxdata
NFS: commit direct writes even if they fail partially
NFS: Add a cond_resched() to nfs_commit_release_pages()
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
ubi: block: Fix locking for idr_alloc/idr_remove
mtd: nand: sunxi: Fix ECC strength choice
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: brcmnand: Disable prefetch by default
mtd: cfi: convert inline functions to macros
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
dccp: CVE-2017-8824: use-after-free in DCCP code
* sched/rt: Up the root domain ref count when passing it around via IPIs
* sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
usb: gadget: uvc: Missing files for configfs interface
* posix-timer: Properly check sigevent->sigev_notify
* netfilter: nf_queue: Make the queue_handler pernet
kaiser: fix compile error without vsyscall
x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
dmaengine: dmatest: fix container_of member in dmatest_callback
CIFS: zero sensitive data when freeing
cifs: Fix autonegotiate security settings mismatch
cifs: Fix missing put_xid in cifs_file_strict_mmap
powerpc/pseries: include linux/types.h in asm/hvcall.h
x86/microcode: Do the family check first
x86/microcode/AMD: Do not load when running on a hypervisor
crypto: tcrypt - fix S/G table for test_aead_speed()
* don't put symlink bodies in pagecache into highmem
KEYS: encrypted: fix buffer overread in valid_master_desc()
media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
vhost_net: stop device during reset owner
* tcp: release sk_frag.page in tcp_disconnect
r8169: fix RTL8168EP take too long to complete driver initialization.
qlcnic: fix deadlock bug
* net: igmp: add a missing rcu locking section
ip6mr: fix stale iterator
x86/asm: Fix inline asm call constraints for GCC 4.4
drm: rcar-du: Fix race condition when disabling planes at CRTC stop
drm: rcar-du: Use the VBK interrupt for vblank events
ASoC: rsnd: avoid duplicate free_irq()
ASoC: rsnd: don't call free_irq() on Parent SSI
ASoC: simple-card: Fix misleading error message
* net: cdc_ncm: initialize drvflags before usage
usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
powerpc/64s: Allow control of RFI flush via debugfs
powerpc/64s: Wire up cpu_show_meltdown()
powerpc/powernv: Check device-tree for RFI flush settings
powerpc/pseries: Query hypervisor for RFI flush settings
powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
powerpc/64s: Add support for RFI flush of L1-D cache
powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
powerpc/64s: Simple RFI macro conversions
powerpc/64: Add macros for annotating the destination of rfid/hrfid
powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
* powerpc: Simplify module TOC handling
powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
powerpc/64: Fix flush_(d|i)cache_range() called from modules
powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
Linux 4.4.115
spi: imx: do not access registers while clocks disabled
serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
* selinux: general protection fault in sock_has_perm
usb: uas: unconditionally bring back host after reset
* usb: f_fs: Prevent gadget unbind if it is already unbound
* USB: serial: simple: add Motorola Tetra driver
usbip: list: don't list devices attached to vhci_hcd
usbip: prevent bind loops on devices attached to vhci_hcd
USB: serial: io_edgeport: fix possible sleep-in-atomic
CDC-ACM: apply quirk for card reader
USB: cdc-acm: Do not log urb submission errors on disconnect
USB: serial: pl2303: new device id for Chilitag
usb: option: Add support for FS040U modem
staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
* usb: gadget: don't dereference g until after it has been null checked
media: usbtv: add a new usbid
* scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg
scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
xfs: ubsan fixes
drm/omap: Fix error handling path in 'omap_dmm_probe()'
kmemleak: add scheduling point to kmemleak_scan()
SUNRPC: Allow connect to return EHOSTUNREACH
* quota: Check for register_shrinker() failure.
* net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
hwmon: (pmbus) Use 64bit math for DIRECT format values
lockd: fix "list_add double add" caused by legacy signal interface
nfsd: check for use of the closed special stateid
grace: replace BUG_ON by WARN_ONCE in exit_net hook
nfsd: Ensure we check stateid validity in the seqid operation checks
nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
xen-netfront: remove warning when unloading module
KVM: VMX: Fix rflags cache during vCPU reset
btrfs: fix deadlock when writing out space cache
mac80211: fix the update of path metric for RANN frame
openvswitch: fix the incorrect flow action alloc size
drm/amdkfd: Fix SDMA oversubsription handling
drm/amdkfd: Fix SDMA ring buffer size calculation
drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
bcache: check return value of register_shrinker
* cpufreq: Add Loongson machine dependencies
* ACPI / bus: Leave modalias empty for devices which are not present
KVM: x86: ioapic: Preserve read-only values in the redirection table
KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered
KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
KVM: X86: Fix operand/address-size during instruction decoding
KVM: x86: Don't re-execute instruction when not passing CR2 value
KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
igb: Free IRQs when device is hotplugged
mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
crypto: af_alg - whitelist mask and type
crypto: aesni - handle zero length dst buffer
ALSA: seq: Make ioctls race-free
kaiser: fix intel_bts perf crashes
x86/pti: Make unpoison of pgd for trusted boot work for real
bpf: reject stores into ctx via st and xadd
* bpf: fix 32-bit divide by zero
* bpf: fix divides by zero
* bpf: avoid false sharing of map refcount with max_entries
bpf: arsh is not supported in 32 bit alu thus reject it
* bpf: introduce BPF_JIT_ALWAYS_ON config
* bpf: fix bpf_tail_call() x64 JIT
x86: bpf_jit: small optimization in emit_bpf_tail_call()
bpf: fix branch pruning logic
* loop: fix concurrent lo_open/lo_release
Linux 4.4.114
nfsd: auth: Fix gid sorting when rootsquash enabled
* net: tcp: close sock if net namespace is exiting
* flow_dissector: properly cap thoff field
* ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
* net: Allow neigh contructor functions ability to modify the primary_key
vmxnet3: repair memory leak
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
sctp: do not allow the v4 socket to bind a v4mapped v6 address
r8169: fix memory corruption on retrieval of hardware statistics.
* pppoe: take ->needed_headroom of lower device into account on xmit
* net: qdisc_pkt_len_init() should be more robust
* tcp: __tcp_hdrlen() helper
* net: igmp: fix source address check for IGMPv3 reports
lan78xx: Fix failure in USB Full Speed
* ipv6: ip6_make_skb() needs to clear cork.base.dst
* ipv6: fix udpv6 sendmsg crash caused by too small MTU
* ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
* hrtimer: Reset hrtimer cpu base proper on CPU hotplug
x86/microcode/intel: Extend BDW late-loading further with LLC size check
* eventpoll.h: add missing epoll event masks
vsyscall: Fix permissions for emulate mode with KAISER/PTI
um: link vmlinux with -no-pie
usbip: prevent leaking socket pointer address in messages
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: fix stub_rx: get_pipe() to validate endpoint number
usb: usbip: Fix possible deadlocks reported by lockdep
Input: trackpoint - force 3 buttons if 0 button is reported
* Revert "module: Add retpoline tag to VERMAGIC"
scsi: libiscsi: fix shifting of DID_REQUEUE host byte
* fs/fcntl: f_setown, avoid undefined behaviour
reiserfs: Don't clear SGID when inheriting ACLs
reiserfs: don't preallocate blocks for extended attributes
reiserfs: fix race in prealloc discard
ext2: Don't clear SGID when inheriting ACLs
netfilter: xt_osf: Add missing permission checks
netfilter: nfnetlink_cthelper: Add missing permission checks
* netfilter: fix IS_ERR_VALUE usage
* netfilter: use fwmark_reflect in nf_send_reset
netfilter: nf_conntrack_sip: extend request line validation
* netfilter: restart search if moved to other chain
* netfilter: nfnetlink_queue: reject verdict request from different portid
* netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
* netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
* netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
* netfilter: x_tables: speed up jump target validation
* ACPICA: Namespace: fix operand cache leak
* ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
* ACPI / processor: Avoid reserving IO regions too early
x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
ipc: msg, make msgrcv work with LONG_MIN
* mm, page_alloc: fix potential false positive in __zone_watermark_ok
* cma: fix calculation of aligned offset
hwpoison, memcg: forcibly uncharge LRU pages
* mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
* fs/select: add vmalloc fallback for select(2)
mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
PCI: layerscape: Fix MSG TLP drop setting
PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
* drivers: base: cacheinfo: fix boot error message when acpi is enabled
* drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
Prevent timer value 0 for MWAITX
* timers: Plug locking race vs. timer migration
* time: Avoid undefined behaviour in ktime_add_safe()
PM / sleep: declare __tracedata symbols as char[] rather than char
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
* sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks
x86/retpoline: Fill RSB on context switch for affected CPUs
x86/cpu/intel: Introduce macros for Intel family numbers
x86/microcode/intel: Fix BDW late-loading revision check
usbip: Fix potential format overflow in userspace tools
usbip: Fix implicit fallthrough warning
usbip: prevent vhci_hcd driver from leaking a socket pointer address
x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
Linux 4.4.113
MIPS: AR7: ensure the port type's FCR value is used
x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
x86/pti: Document fix wrong index
kprobes/x86: Disable optimizing on the function jumps to indirect thunk
kprobes/x86: Blacklist indirect thunk functions for kprobes
retpoline: Introduce start/end markers of indirect thunk
x86/mce: Make machine check speculation protected
* kbuild: modversions for EXPORT_SYMBOL() for asm
x86/cpu, x86/pti: Do not enable PTI on AMD processors
arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
dm btree: fix serious bug in btree_split_beneath()
libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
can: peak: fix potential bug in packet fragmentation
ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
* phy: work around 'phys' references to usb-nop-xceiv devices
* tracing: Fix converting enum's from the map in trace_event_eval_update()
Input: twl4030-vibra - fix sibling-node lookup
Input: twl6040-vibra - fix child-node lookup
Input: twl6040-vibra - fix DT node memory management
Input: 88pm860x-ts - fix child-node lookup
x86/apic/vector: Fix off by one in error path
* pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
* module: Add retpoline tag to VERMAGIC
x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
* sched/deadline: Zero out positive runtime after throttling constrained tasks
scsi: hpsa: fix volume offline state
* af_key: fix buffer overread in parse_exthdrs()
* af_key: fix buffer overread in verify_address_len()
ALSA: hda - Apply the existing quirk to iMac 14,1
ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
* ALSA: pcm: Remove yet superfluous WARN_ON()
* futex: Prevent overflow by strengthen input validation
* scsi: sg: disable SET_FORCE_LOW_DMA
x86/retpoline: Remove compile time warning
x86/retpoline: Fill return stack buffer on vmexit
x86/retpoline/irq32: Convert assembler indirect jumps
x86/retpoline/checksum32: Convert assembler indirect jumps
x86/retpoline/xen: Convert Xen hypercall indirect jumps
x86/retpoline/hyperv: Convert assembler indirect jumps
x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
x86/retpoline/entry: Convert entry assembler indirect jumps
x86/retpoline/crypto: Convert crypto assembler indirect jumps
x86/spectre: Add boot time option to select Spectre v2 mitigation
x86/retpoline: Add initial retpoline support
* kconfig.h: use __is_defined() to check if MODULE is defined
EXPORT_SYMBOL() for asm
x86/asm: Make asm/alternative.h safe from assembly
x86/kbuild: enable modversions for symbols exported from asm
x86/asm: Use register variable to get stack pointer value
x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
x86/cpu/AMD: Make LFENCE a serializing instruction
* gcov: disable for COMPILE_TEST
Linux 4.4.112
selftests/x86: Add test_vsyscall
x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
x86/alternatives: Fix optimize_nops() checking
sysfs/cpu: Fix typos in vulnerability documentation
x86/cpu: Implement CPU vulnerabilites sysfs functions
* sysfs/cpu: Add vulnerability folder
x86/cpu: Merge bugs.c and bugs_64.c
x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
x86/cpufeatures: Add X86_BUG_CPU_INSECURE
x86/cpufeatures: Make CPU bugs sticky
x86/cpu: Factor out application of forced CPU caps
x86/Documentation: Add PTI description
e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
uas: ignore UAS for Norelsys NS1068(X) chips
* Bluetooth: Prevent stack info leak from the EFS element.
* staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
usbip: remove kernel addresses from usb device and urb debug msgs
USB: fix usbmon BUG trigger
usb: misc: usb3503: make sure reset is low for at least 100us
USB: serial: cp210x: add new device ID ELV ALC 8xxx
USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
* bpf: prevent out-of-bounds speculation
bpf: adjust insn_aux_data when patching insns
bpf: refactor fixup_bpf_calls()
bpf: move fixup_bpf_calls() function
bpf: don't (ab)use instructions to store state
* bpf: add bpf_patch_insn_single helper
kaiser: Set _PAGE_NX only if supported
drm/vmwgfx: Potential off by one in vmw_view_add()
KVM: x86: Add memory barrier on vmcs field lookup
x86/microcode/intel: Extend BDW late-loading with a revision check
rbd: set max_segments to USHRT_MAX
* crypto: algapi - fix NULL dereference in crypto_remove_spawns()
* ipv6: fix possible mem leaks in ipv6_make_skb()
* net: stmmac: enable EEE in MII, GMII or RGMII only
sh_eth: fix SH7757 GEther initialization
sh_eth: fix TSU resource handling
RDS: null pointer dereference in rds_atomic_free_op
RDS: Heap OOB write in rds_message_alloc_sgs()
* net: core: fix module type in sock_diag_bind
* ip6_tunnel: disable dst caching if tunnel is dual-stack
8021q: fix a memory leak for VLAN 0 device
x86/pti/efi: broken conversion from efi to kernel page table
Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
* xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
* sysrq: Fix warning in sysrq generated crash.
* hwrng: core - sleep interruptible in read
* x86/mm/pat, /dev/mem: Remove superfluous error message
cx82310_eth: use skb_cow_head() to deal with cloned skbs
smsc75xx: use skb_cow_head() to deal with cloned skbs
sr9700: use skb_cow_head() to deal with cloned skbs
lan78xx: use skb_cow_head() to deal with cloned skbs
* r8152: adjust ALDPS function
* r8152: use test_and_clear_bit
* r8152: fix the wake event
usb: musb: ux500: Fix NULL pointer dereference at system PM
usbvision fix overflow of interfaces array
* locking/mutex: Allow next waiter lockless wakeup
* futex: Replace barrier() in unqueue_me() with READ_ONCE()
* locks: don't check for race with close when setting OFD lock
zswap: don't param_set_charp while holding spinlock
mm/zswap: use workqueue to destroy pool
* mm/page-writeback: fix dirty_ratelimit calculation
* mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
* mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
x86/acpi: Reduce code duplication in mp_override_legacy_irq()
ALSA: aloop: Fix racy hw constraints adjustment
ALSA: aloop: Fix inconsistent format due to incomplete rule
ALSA: aloop: Release cable upon open error path
ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
ALSA: pcm: Add missing error checks in OSS emulation plugin builder
* ALSA: pcm: Remove incorrect snd_BUG_ON() usages
iommu/arm-smmu-v3: Don't free page table ops twice
x86/acpi: Handle SCI interrupts above legacy space gracefully
x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
kvm: vmx: Scrub hardware GPRs at VM-exit
net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
MIPS: Factor out NT_PRFPREG regset access helpers
MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
IB/srpt: Disable RDMA access by the initiator
can: gs_usb: fix return value of the "set_bittiming" callback
KVM: Fix stack-out-of-bounds read in write_mmio
* dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
Linux 4.4.111
Fix build error in vma.c
Map the vsyscall page with _PAGE_USER
* proc: much faster /proc/vmstat
* module: Issue warnings when tainting kernel
* module: keep percpu symbols in module's symtab
* genksyms: Handle string literals with spaces in reference files
x86/tlb: Drop the _GPL from the cpu_tlbstate export
parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
x86/microcode/AMD: Add support for fam17h microcode loading
Input: elantech - add new icbody type 15
ARC: uaccess: dont use "l" gcc inline asm constraint modifier
* kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
* kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals
* kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
* kernel: make groups_sort calling a responsibility group_info allocators
fscache: Fix the default for fscache_maybe_release_page()
sunxi-rsb: Include OF based modalias in device uevent
crypto: pcrypt - fix freeing pcrypt instances
crypto: chacha20poly1305 - validate the digest size
crypto: n2 - cure use after free
kernel/acct.c: fix the acct->needcheck check in check_free_space()
x86/kasan: Write protect kasan zero shadow
Linux 4.4.110
kaiser: Set _PAGE_NX only if supported
x86/kasan: Clear kasan_zero_page after TLB flush
x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
KPTI: Report when enabled
* KPTI: Rename to PAGE_TABLE_ISOLATION
x86/kaiser: Move feature detection up
kaiser: disabled on Xen PV
* x86/kaiser: Reenable PARAVIRT
x86/paravirt: Dont patch flush_tlb_single
kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
kaiser: asm/tlbflush.h handle noPGE at lower level
kaiser: drop is_atomic arg to kaiser_pagetable_walk()
kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
x86/kaiser: Check boottime cmdline params
x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
kaiser: add "nokaiser" boot option, using ALTERNATIVE
kaiser: fix unlikely error in alloc_ldt_struct()
kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
kaiser: paranoid_entry pass cr3 need to paranoid_exit
kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
kaiser: PCID 0 for kernel and 128 for user
kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
kaiser: enhanced by kernel and user PCIDs
* kaiser: vmstat show NR_KAISERTABLE as nr_overhead
* kaiser: delete KAISER_REAL_SWITCH option
kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
* kaiser: cleanups while trying for gold link
kaiser: kaiser_remove_mapping() move along the pgd
kaiser: tidied up kaiser_add/remove_mapping slightly
kaiser: tidied up asm/kaiser.h somewhat
kaiser: ENOMEM if kaiser_pagetable_walk() NULL
kaiser: fix perf crashes
kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
* kaiser: KAISER depends on SMP
kaiser: fix build and FIXME in alloc_ldt_struct()
* kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
kaiser: do not set _PAGE_NX on pgd_none
* kaiser: merged update
* KAISER: Kernel Address Isolation
x86/boot: Add early cmdline parsing for options with arguments
Linux 4.4.109
* mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
* n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
x86/smpboot: Remove stale TLB flush invocations
* nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
* usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
* USB: Fix off by one in type-specific length check of BOS SSP capability
* usb: add RESET_RESUME for ELSA MicroLink 56K
* usb: Add device quirk for Logitech HD Pro Webcam C925e
USB: serial: option: adding support for YUGA CLM920-NC5
USB: serial: option: add support for Telit ME910 PID 0x1101
USB: serial: qcserial: add Sierra Wireless EM7565
USB: serial: ftdi_sio: add id for Airbus DS P8GR
usbip: vhci: stop printing kernel pointer addresses in messages
usbip: stub: stop printing kernel pointer addresses in messages
usbip: fix usbip bind writing random string after command in match_busid
* sock: free skb in skb_complete_tx_timestamp on error
net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
* net: Fix double free and memory corruption in get_net_ns_by_id()
* net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
* ipv4: Fix use-after-free when flushing FIB tables
sctp: Replace use of sockets_allocated with specified macro.
net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
* net: ipv4: fix for a race condition in raw_sendmsg
tg3: Fix rx hang on MTU change with 5717/5719
* tcp md5sig: Use skb's saddr when replying to an incoming segment
* net: reevalulate autoflowlabel setting after sysctl setting
net: qmi_wwan: add Sierra EM7565 1199:9091
* netlink: Add netns check on taps
* net: igmp: Use correct source address on IGMPv3 reports
* ipv6: mcast: better catch silly mtu values
* ipv4: igmp: guard against silly MTU values
* kbuild: add '-fno-stack-check' to kernel build options
x86/mm/64: Fix reboot interaction with CR4.PCIDE
x86/mm: Enable CR4.PCIDE on supported systems
x86/mm: Add the 'nopcid' boot option to turn off PCID
x86/mm: Disable PCID on 32-bit kernels
x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code
x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
x86/mm: Make flush_tlb_mm_range() more predictable
x86/mm: Remove flush_tlb() and flush_tlb_current_task()
x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
ALSA: hda - fix headset mic detection issue on a Dell machine
ALSA: hda: Drop useless WARN_ON()
ASoC: twl4030: fix child-node lookup
ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
iw_cxgb4: Only validate the MSN for successful completions
* ring-buffer: Mask out the info bits when returning buffer page length
* tracing: Fix crash when it fails to alloc ring buffer
* tracing: Fix possible double free on failure of allocating trace buffer
* tracing: Remove extra zeroing out of the ring buffer page
net: mvneta: clear interface link status on port disable
powerpc/perf: Dereference BHRB entries safely
kvm: x86: fix RSM when PCID is non-zero
KVM: X86: Fix load RFLAGS w/o the fixed bit
spi: xilinx: Detect stall with Unknown commands
parisc: Hide Diva-built-in serial aux and graphics card
* PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
* ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
* ALSA: rawmidi: Avoid racy info ioctl via ctl device
mfd: twl6040: Fix child-node lookup
mfd: twl4030-audio: Fix sibling-node lookup
mfd: cros ec: spi: Don't send first message too soon
crypto: mcryptd - protect the per-CPU queue with a lock
ACPI: APEI / ERST: Fix missing error handling in erst_reader()
Linux 4.4.108
alpha: fix build failures
ALSA: hda - Fix yet another i915 pointer leftover in error path
ALSA: hda - Degrade i915 binding failure message
ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit()
Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
MIPS: math-emu: Fix final emulation phase for certain instructions
thermal: hisilicon: Handle return value of clk_prepare_enable
* cpuidle: fix broadcast control when broadcast can not be entered
* rtc: set the alarm to the next expiring timer
tcp: fix under-evaluated ssthresh in TCP Vegas
fm10k: ensure we process SM mbx when processing VF mbx
scsi: lpfc: PLOGI failures during NPIV testing
scsi: lpfc: Fix secure firmware updates
PCI/AER: Report non-fatal errors only to the affected endpoint
ixgbe: fix use of uninitialized padding
igb: check memory allocation failure
PCI: Create SR-IOV virtfn/physfn links before attaching driver
scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive
scsi: cxgb4i: fix Tx skb leak
* PCI: Avoid bus reset if bridge itself is broken
net: phy: at803x: Change error to EINVAL for invalid MAC
rtc: pl031: make interrupt optional
crypto: crypto4xx - increase context and scatter ring buffer elements
backlight: pwm_bl: Fix overflow condition
bnxt_en: Fix NULL pointer dereference in reopen failure path
cpuidle: powernv: Pass correct drv->cpumask for registration
ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
* netfilter: nfnetlink_queue: fix secctx memory leak
* xhci: plat: Register shutdown for xhci_plat
isdn: kcapi: avoid uninitialized data
KVM: pci-assign: do not map smm memory slot pages in vt-d page tables
ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend
netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register
netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table
irda: vlsi_ir: fix check for DMA mapping errors
RDMA/iser: Fix possible mr leak on device removal event
i40e: Do not enable NAPI on q_vectors that have no rings
* net: Do not allow negative values for busy_read and busy_poll sysctl interfaces
bna: avoid writing uninitialized data into hw registers
s390/qeth: no ETH header for outbound AF_IUCV
* r8152: prevent the driver from transmitting packets with carrier off
* HID: xinmo: fix for out of range for THT 2P arcade controller.
hwmon: (asus_atk0110) fix uninitialized data access
ARM: dts: ti: fix PCI bus dtc warnings
KVM: VMX: Fix enable VPID conditions
KVM: x86: correct async page present tracepoint
scsi: lpfc: Fix PT2PT PRLI reject
pinctrl: st: add irq_request/release_resources callbacks
* inet: frag: release spinlock before calling icmp_send()
netfilter: nfnl_cthelper: Fix memory leak
netfilter: nfnl_cthelper: fix runtime expectation policy updates
usb: gadget: udc: remove pointer dereference after free
usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4
bna: integer overflow bug in debugfs
sch_dsmark: fix invalid skb_cow() usage
* crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
* r8152: fix the list rx_done may be used without initialization
* cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
arm: kprobes: Align stack to 8-bytes in test code
arm: kprobes: Fix the return address of multiple kretprobes
ALSA: hda - add support for docking station for HP 840 G3
ALSA: hda - add support for docking station for HP 820 G2
x86/irq: Do not substract irq_tlb_count from irq_call_count
* sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
ARM: Hide finish_arch_post_lock_switch() from modules
x86/mm, sched/core: Turn off IRQs in switch_mm()
x86/mm, sched/core: Uninline switch_mm()
x86/mm: Build arch/x86/mm/tlb.c even on !SMP
* sched/core: Add switch_mm_irqs_off() and use it in the scheduler
* mm/mmu_context, sched/core: Fix mmu_context.h assumption
* mm/rmap: batched invalidations should use existing api
x86/mm: If INVPCID is available, use it to flush global mappings
x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
x86/mm: Fix INVPCID asm constraint
x86/mm: Add INVPCID helpers
cxl: Check if vphb exists before iterating over AFU devices
* arm64: Initialise high_memory global variable earlier
Linux 4.4.107
ath9k: fix tx99 potential info leak
IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
RDMA/cma: Avoid triggering undefined behavior
macvlan: Only deliver one copy of the frame to the macvlan interface
udf: Avoid overflow when session starts at large offset
scsi: bfa: integer overflow in debugfs
* scsi: sd: change allow_restart to bool in sysfs interface
* scsi: sd: change manage_start_stop to bool in sysfs interface
vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
* scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
raid5: Set R5_Expanded on parity devices as well as data.
* pinctrl: adi2: Fix Kconfig build problem
usb: musb: da8xx: fix babble condition handling
* tty fix oops when rmmod 8250
powerpc/perf/hv-24x7: Fix incorrect comparison in memord
scsi: hpsa: destroy sas transport properties before scsi_host
scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
* PCI: Detach driver before procfs & sysfs teardown on device remove
xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
xfs: fix log block underflow during recovery cycle verification
* l2tp: cleanup l2tp_tunnel_delete calls
bcache: fix wrong cache_misses statistics
bcache: explicitly destroy mutex while exiting
GFS2: Take inode off order_write list when setting jdata flag
* thermal/drivers/step_wise: Fix temperature regulation misbehavior
* ppp: Destroy the mutex when cleanup
clk: tegra: Fix cclk_lp divisor register
clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
clk: mediatek: add the option for determining PLL source clock
* mm: Handle 0 flags in _calc_vm_trans() macro
crypto: tcrypt - fix buffer lengths in test_aead_speed()
arm-ccn: perf: Prevent module unload while PMU is in use
target/file: Do not return error for UNMAP if length is zero
target:fix condition return in core_pr_dump_initiator_port()
iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
powerpc/ipic: Fix status get and status clear
powerpc/opal: Fix EBUSY bug in acquiring tokens
netfilter: ipvs: Fix inappropriate output of procfs
powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
PCI/PME: Handle invalid data when reading Root Status
dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
rtc: pcf8563: fix output clock rate
video: fbdev: au1200fb: Return an error code if a memory allocation fails
video: fbdev: au1200fb: Release some resources if a memory allocation fails
video: udlfb: Fix read EDID timeout
fbdev: controlfb: Add missing modes to fix out of bounds access
sfc: don't warn on successful change of MAC
target: fix race during implicit transition work flushes
target: fix ALUA transition timeout handling
target: Use system workqueue for ALUA transitions
btrfs: add missing memset while reading compressed inline extents
NFSv4.1 respect server's max size in CREATE_SESSION
* efi/esrt: Cleanup bad memory map log messages
perf symbols: Fix symbols__fixup_end heuristic for corner cases
net/mlx4_core: Avoid delays during VF driver device shutdown
afs: Fix afs_kill_pages()
afs: Fix page leak in afs_write_begin()
afs: Populate and use client modification time
afs: Fix the maths in afs_fs_store_data()
afs: Prevent callback expiry timer overflow
afs: Migrate vlocation fields to 64-bit
afs: Flush outstanding writes when an fd is closed
afs: Adjust mode bits processing
afs: Populate group ID from vnode status
afs: Fix missing put_page()
drm/radeon: reinstate oland workaround for sclk
mmc: mediatek: Fixed bug where clock frequency could be set wrong
* sched/deadline: Use deadline instead of period when calculating overflow
* sched/deadline: Throttle a constrained deadline task activated after the deadline
* sched/deadline: Make sure the replenishment timer fires in the next period
drm/radeon/si: add dpm quirk for Oland
fjes: Fix wrong netdevice feature flags
scsi: hpsa: limit outstanding rescans
scsi: hpsa: update check for logical volume status
openrisc: fix issue handling 8 byte get_user calls
intel_th: pci: Add Gemini Lake support
mlxsw: reg: Fix SPVMLR max record count
mlxsw: reg: Fix SPVM max record count
* net: Resend IGMP memberships upon peer notification.
* dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
net: wimax/i2400m: fix NULL-deref at probe
* writeback: fix memory leak in wb_queue_work()
netfilter: bridge: honor frag_max_size when refragmenting
drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
NFSD: fix nfsd_reset_versions for NFSv4.
NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
net: bcmgenet: Power up the internal PHY before probing the MII
net: bcmgenet: power down internal phy if open or resume fails
net: bcmgenet: reserved phy revisions must be checked first
net: bcmgenet: correct MIB access of UniMAC RUNT counters
net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
* net: initialize msg.msg_flags in recvfrom
userfaultfd: selftest: vm: allow to build in vm/ directory
userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
md-cluster: free md_cluster_info if node leave cluster
usb: phy: isp1301: Add OF device ID table
mac80211: Fix addition of mesh configuration element
* KEYS: add missing permission check for request_key() destination
* ext4: fix crash when a directory's i_size is too small
* ext4: fix fdatasync(2) after fallocate(2) operation
dmaengine: dmatest: move callback wait queue to thread context
* sched/rt: Do not pull from current CPU if only one CPU to pull
* xhci: Don't add a virt_dev to the devs array before it's fully allocated
Bluetooth: btusb: driver to enable the usb-wakeup feature
ceph: drop negative child dentries before try pruning inode's alias
usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
* USB: core: prevent malicious bNumInterfaces overflow
* USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
* tracing: Allocate mask_str buffer dynamically
autofs: fix careless error in recent commit
crypto: salsa20 - fix blkcipher_walk API usage
* crypto: hmac - require that the underlying hash algorithm is unkeyed
Linux 4.4.106
* usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
Revert "x86/efi: Hoist page table switching code into efi_call_virt()"
Revert "x86/efi: Build our own page table structures"
* net/packet: fix a race in packet_bind() and packet_notifier()
* packet: fix crash in fanout_demux_rollover()
* sit: update frag_off info
rds: Fix NULL pointer dereference in __rds_rdma_map
tipc: fix memory leak in tipc_accept_from_sock()
* more bio_map_user_iov() leak fixes
s390: always save and restore all registers on context switch
ipmi: Stop timers before cleaning up the module
* audit: ensure that 'audit=1' actually enables audit for PID 1
ipvlan: fix ipv6 outbound device
afs: Connect up the CB.ProbeUuid
IB/mlx5: Assign send CQ and recv CQ of UMR QP
IB/mlx4: Increase maximal message size under UD QP
* xfrm: Copy policy family in clone_policy
* jump_label: Invoke jump_label_test() via early_initcall()
atm: horizon: Fix irq release error
sctp: use the right sk after waking up from wait_buf sleep
sctp: do not free asoc when it is already dead in sctp_sendmsg
sparc64/mm: set fields in deferred pages
* block: wake up all tasks blocked in get_request()
sunrpc: Fix rpc_task_begin trace point
NFS: Fix a typo in nfs_rename()
* dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0
* lib/genalloc.c: make the avail variable an atomic_long_t
* route: update fnhe_expires for redirect when the fnhe exists
* route: also update fnhe_genid when updating a route cache
mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
* kbuild: pkg: use --transform option to prefix paths in tar
EDAC, i5000, i5400: Fix definition of NRECMEMB register
EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested
drm/amd/amdgpu: fix console deadlock if late init failed
axonram: Fix gendisk handling
* netfilter: don't track fragmented packets
* zram: set physical queue limits to avoid array out of bounds accesses
i2c: riic: fix restart condition
crypto: s5p-sss - Fix completing crypto request in IRQ handler
* ipv6: reorder icmpv6_init() and ip6_mr_init()
bnx2x: do not rollback VF MAC/VLAN filters we did not configure
bnx2x: fix possible overrun of VFPF multicast addresses array
bnx2x: prevent crash when accessing PTP with interface down
spi_ks8995: fix "BUG: key accdaa28 not in .data!"
arm64: KVM: Survive unknown traps from guests
arm: KVM: Survive unknown traps from guests
KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
irqchip/crossbar: Fix incorrect type of register size
scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
* workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
libata: drop WARN from protocol error in ata_sff_qc_issue()
kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
* usb: gadget: configs: plug memory leak
* HID: chicony: Add support for another ASUS Zen AiO keyboard
gpio: altera: Use handle_level_irq when configured as a level_high
ARM: OMAP2+: Release device node after it is no longer needed.
ARM: OMAP2+: Fix device node reference counts
* module: set __jump_table alignment to 8
selftest/powerpc: Fix false failures for skipped tests
x86/hpet: Prevent might sleep splat on resume
ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure
* vti6: Don't report path MTU below IPV6_MIN_MTU.
Revert "s390/kbuild: enable modversions for symbols exported from asm"
* Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"
* Revert "drm/armada: Fix compile fail"
* mm: drop unused pmdp_huge_get_and_clear_notify()
thp: fix MADV_DONTNEED vs. numa balancing race
thp: reduce indentation level in change_huge_pmd()
scsi: storvsc: Workaround for virtual DVD SCSI version
ARM: avoid faulting on qemu
ARM: BUG if jumping to usermode address in kernel mode
* arm64: fpsimd: Prevent registers leaking from dead tasks
KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
* arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
media: dvb: i2c transfers over usb cannot be done from stack
drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
drm: extra printk() wrapper macros
kdb: Fix handling of kallsyms_symbol_next() return value
s390: fix compat system call table
iommu/vt-d: Fix scatterlist offset handling
* ALSA: usb-audio: Add check return value for usb_string()
* ALSA: usb-audio: Fix out-of-bound error
ALSA: seq: Remove spurious WARN_ON() at timer check
* ALSA: pcm: prevent UAF in snd_pcm_info
x86/PCI: Make broadcom_postcore_init() check acpi_disabled
* X.509: reject invalid BIT STRING for subjectPublicKey
* ASN.1: check for error from ASN1_OP_END__ACT actions
* ASN.1: fix out-of-bounds read when parsing indefinite length item
* efi: Move some sysfs files to be read-only by root
scsi: libsas: align sata_device's rps_resp on a cacheline
isa: Prevent NULL dereference in isa_bus driver callbacks
hv: kvp: Avoid reading past allocated blocks from KVP file
virtio: release virtio index when fail to device_register
can: usb_8dev: cancel urb on -EPIPE and -EPROTO
can: esd_usb2: cancel urb on -EPIPE and -EPROTO
can: ems_usb: cancel urb on -EPIPE and -EPROTO
can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
can: kvaser_usb: ratelimit errors if incomplete messages are received
can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
can: kvaser_usb: free buf in error paths
can: ti_hecc: Fix napi poll return value for repoll
Linux 4.4.105
xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
usb: host: fix incorrect updating of offset
* USB: usbfs: Filter flags passed in from user space
* USB: devio: Prevent integer overflow in proc_do_submiturb()
* USB: Increase usbfs transfer limit
* USB: core: Add type-specific length check of BOS descriptors
* usb: ch9: Add size macro for SSP dev cap descriptor
* usb: Add USB 3.1 Precision time measurement capability descriptor support
* usb: xhci: fix panic in xhci_free_virt_devices_depth_first
* usb: hub: Cycle HUB power when initialization fails
Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
net: fec: fix multicast filtering hardware setup
xen-netfront: Improve error handling during initialization
* mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
* tcp: correct memory barrier usage in tcp_check_space()
dmaengine: pl330: fix double lock
tipc: fix cleanup at module unload
net: sctp: fix array overrun read on sctp_timer_tbl
drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
NFSv4: Fix client recovery when server reboots multiple times
KVM: arm/arm64: Fix occasional warning from the timer work function
nfs: Don't take a reference on fl->fl_file for LOCK operation
ravb: Remove Rx overflow log messages
net/appletalk: Fix kernel memory disclosure
* vti6: fix device register to report IFLA_INFO_KIND
ARM: OMAP1: DMA: Correct the number of logical channels
net: systemport: Pad packet before inserting TSB
net: systemport: Utilize skb_put_padto()
kprobes/x86: Disable preemption in ftrace-based jprobes
perf test attr: Fix ignored test case result
* sysrq : fix Show Regs call trace on ARM
EDAC, sb_edac: Fix missing break in switch
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
usb: phy: tahvo: fix error handling in tahvo_usb_probe()
spi: sh-msiof: Fix DMA transfer size check
serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
selftests/x86/ldt_get: Add a few additional tests for limits
s390/pci: do not require AIS facility
ima: fix hash algorithm initialization
USB: serial: option: add Quectel BG96 id
s390/runtime instrumentation: simplify task exit handling
serial: 8250_pci: Add Amazon PCI serial device ID
* usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
bcache: recover data from backing when data is clean
bcache: only permit to recovery read error when cache device is clean
Linux 4.4.104
nfsd: Fix another OPEN stateid race
nfsd: Fix stateid races between OPEN and CLOSE
nfsd: Make init_open_stateid() a bit more whole
drm/i915: Prevent zero length "index" write
drm/i915: Don't try indexed reads to alternate slave addresses
NFS: revalidate "." etc correctly on "open".
mtd: nand: Fix writing mtdoops to nand flash.
drm/panel: simple: Add missing panel_simple_unprepare() calls
drm/radeon: fix atombios on big endian
Revert "drm/radeon: dont switch vt on suspend"
bcache: Fix building error on MIPS
eeprom: at24: check at24_read/write arguments
mmc: core: Do not leave the block driver in a suspended state
KVM: x86: inject exceptions produced by x86_decode_insn
KVM: x86: Exit to user-mode on #UD intercept when emulator requires
KVM: x86: pvclock: Handle first-time write to pvclock-page contains random junk
btrfs: clear space cache inode generation always
* mm/madvise.c: fix madvise() infinite loop under special circumstances
mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
x86/efi-bgrt: Replace early_memremap() with memremap()
* x86/efi-bgrt: Fix kernel panic when mapping BGRT data
ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
x86/efi: Build our own page table structures
x86/efi: Hoist page table switching code into efi_call_virt()
x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
* ipsec: Fix aborted xfrm policy dump crash
* netlink: add a start callback for starting a netlink dump
Linux 4.4.103
Revert "sctp: do not peel off an assoc from one netns to another one"
xen: xenbus driver must not accept invalid transaction ids
s390/kbuild: enable modversions for symbols exported from asm
ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data
btrfs: return the actual error value from from btrfs_uuid_tree_iterate
ASoC: rsnd: don't double free kctrl
netfilter: nf_tables: fix oob access
netfilter: nft_queue: use raw_smp_processor_id()
* spi: SPI_FSL_DSPI should depend on HAS_DMA
staging: iio: cdc: fix improper return value
iio: light: fix improper return value
mac80211: Suppress NEW_PEER_CANDIDATE event if no room
mac80211: Remove invalid flag operations in mesh TSF synchronization
drm: Apply range restriction after color adjustment when allocation
ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
ath10k: set CTS protection VDEV param only if VDEV is up
ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
ath10k: ignore configuring the incorrect board_id
ath10k: fix incorrect txpower set by P2P_DEVICE interface
* drm/armada: Fix compile fail
net: 3com: typhoon: typhoon_init_one: fix incorrect return values
net: 3com: typhoon: typhoon_init_one: make return values more specific
* net: Allow IP_MULTICAST_IF to set index to L3 slave
dmaengine: zx: set DMA_CYCLIC cap_mask bit
* PCI: Apply _HPX settings only to relevant devices
RDS: RDMA: return appropriate error on rdma map failures
e1000e: Separate signaling for link check/link up
e1000e: Fix return value test
e1000e: Fix error path in link detection
* PM / OPP: Add missing of_node_put(np)
net/9p: Switch to wait_event_killable()
* fscrypt: lock mutex before checking for bounce page pool
* sched/rt: Simplify the IPI based RT balancing logic
* media: v4l2-ctrl: Fix flags field on Control events
cx231xx-cards: fix NULL-deref on missing association descriptor
media: rc: check for integer overflow
media: Don't do DMA on stack for firmware upload in the AS102 driver
powerpc/signal: Properly handle return value from uprobe_deny_signal()
parisc: Fix validity check of pointer size argument in new CAS implementation
ixgbe: Fix skb list corruption on Power systems
fm10k: Use smp_rmb rather than read_barrier_depends
i40evf: Use smp_rmb rather than read_barrier_depends
ixgbevf: Use smp_rmb rather than read_barrier_depends
igbvf: Use smp_rmb rather than read_barrier_depends
igb: Use smp_rmb rather than read_barrier_depends
i40e: Use smp_rmb rather than read_barrier_depends
NFC: fix device-allocation error return
IB/srp: Avoid that a cable pull can trigger a kernel crash
IB/srpt: Do not accept invalid initiator port names
libnvdimm, namespace: make 'resource' attribute only readable by root
libnvdimm, namespace: fix label initialization to use valid seq numbers
clk: ti: dra7-atl-clock: fix child-node lookups
clk: ti: dra7-atl-clock: Fix of_node reference counting
SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
KVM: SVM: obey guest PAT
KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
target: Fix QUEUE_FULL + SCSI task attribute handling
iscsi-target: Fix non-immediate TMR reference leak
fs/9p: Compare qid.path in v9fs_test_inode
fix a page leak in vhost_scsi_iov_to_sgl() error recovery
ALSA: hda/realtek - Fix ALC700 family no sound issue
* ALSA: timer: Remove kernel warning at compat ioctl error paths
* ALSA: usb-audio: Add sanity checks in v2 clock parsers
* ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
* ALSA: usb-audio: Add sanity checks to FE parser
* ALSA: pcm: update tstamp only if audio_tstamp changed
* ext4: fix interaction between i_size, fallocate, and delalloc after a crash
ata: fixes kernel crash while tracing ata_eh_link_autopsy event
rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
rtlwifi: rtl8192ee: Fix memory leak when loading firmware
nfsd: deal with revoked delegations appropriately
nfs: Fix ugly referral attributes
NFS: Fix typo in nomigration mount option
isofs: fix timestamps beyond 2027
bcache: check ca->alloc_thread initialized before wake up it
eCryptfs: use after free in ecryptfs_release_messaging()
nilfs2: fix race condition that causes file system corruption
autofs: don't fail mount for transient error
MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
MIPS: Fix an n32 core file generation regset support regression
* dm: fix race between dm_get_from_kobject() and __dm_destroy()
* dm bufio: fix integer overflow when limiting maximum cache size
ALSA: hda: Add Raven PCI ID
MIPS: ralink: Fix typo in mt7628 pinmux function
MIPS: ralink: Fix MT7628 pinmux
ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
x86/decoder: Add new TEST instruction pattern
* lib/mpi: call cond_resched() from mpi_powm() loop
* sched: Make resched_cpu() unconditional
vsock: use new wait API for vsock_stream_sendmsg()
AF_VSOCK: Shrink the area influenced by prepare_to_wait
* ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER
s390/disassembler: increase show_code buffer size
s390/disassembler: add missing end marker for e7 table
s390/runtime instrumention: fix possible memory corruption
s390: fix transactional execution control register handling
Linux 4.4.102
mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites"
Linux 4.4.101
* mm/pagewalk.c: report holes in hugetlb ranges
mm/page_ext.c: check if page_ext is not prepared
* mm: check the return value of lookup_page_ext for all call sites
coda: fix 'kernel memory exposure attempt' in fsync
* mm/page_alloc.c: broken deferred calculation
ipmi: fix unsigned long underflow
ocfs2: should wait dio before inode lock in ocfs2_setattr()
nvme: Fix memory order on async queue deletion
* arm64: fix dump_instr when PAN and UAO are in use
serial: omap: Fix EFR write on RTS deassertion
ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
net/sctp: Always set scope_id in sctp_inet6_skb_msgname
fealnx: Fix building error on MIPS
sctp: do not peel off an assoc from one netns to another one
* af_netlink: ensure that NLMSG_DONE never fails in dumps
vlan: fix a use-after-free in vlan_device_event()
* bonding: discard lowest hash bit for 802.3ad layer3+4
* netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
* tcp: do not mangle skb->cb[] in tcp_make_synack()
Linux 4.4.100
USB: serial: garmin_gps: fix memory leak on probe errors
USB: serial: garmin_gps: fix I/O after failed probe and remove
USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update
* USB: Add delay-init quirk for Corsair K70 LUX keyboards
* USB: usbfs: compute urb->actual_length for isochronous
uapi: fix linux/rds.h userspace compilation errors
uapi: fix linux/rds.h userspace compilation error
Revert "uapi: fix linux/rds.h userspace compilation errors"
* Revert "crypto: xts - Add ECB dependency"
MIPS: Netlogic: Exclude netlogic,xlp-pic code from XLR builds
MIPS: init: Ensure reserved memory regions are not added to bootmem
MIPS: init: Ensure bootmem does not corrupt reserved memory
* mm: add PHYS_PFN, use it in __phys_to_pfn()
MIPS: End asm function prologue macros with .insn
staging: rtl8712: fixed little endian problem
ixgbe: do not disable FEC from the driver
ixgbe: add mask for 64 RSS queues
ixgbe: Reduce I2C retry count on X550 devices
ixgbe: handle close/suspend race with netif_device_detach/present
ixgbe: fix AER error handling
arm64: dts: NS2: reserve memory for Nitro firmware
ALSA: hda/realtek - Add new codec ID ALC299
gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap
backlight: adp5520: Fix error handling in adp5520_bl_probe()
backlight: lcd: Fix race condition during register
ALSA: vx: Fix possible transfer overflow
ALSA: vx: Don't try to update capture stream before running
scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload
scsi: lpfc: Correct issue leading to oops during link reset
scsi: lpfc: Correct host name in symbolic_name field
scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort
scsi: lpfc: Add missing memory barrier
staging: rtl8188eu: fix incorrect ERROR tags from logs
* scsi: ufs: add capability to keep auto bkops always enabled
* scsi: ufs-qcom: Fix module autoload
igb: Fix hw_dbg logging in igb_update_flash_i210
igb: close/suspend race in netif_device_detach
igb: reset the PHY before reading the PHY ID
drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache
* ata: SATA_MV should depend on HAS_DMA
* ata: SATA_HIGHBANK should depend on HAS_DMA
* ata: ATA_BMDMA should depend on HAS_DMA
ARM: dts: Fix omap3 off mode pull defines
ARM: OMAP2+: Fix init for multiple quirks for the same SoC
ARM: dts: Fix am335x and dm814x scm syscon to probe children
ARM: dts: Fix compatible for ti81xx uarts for 8250
fm10k: request reset when mbx->state changes
extcon: palmas: Check the parent instance to prevent the NULL
dmaengine: dmatest: warn user when dma test times out
Bluetooth: btusb: fix QCA Rome suspend/resume
arm: crypto: reduce priority of bit-sliced AES cipher
net: qmi_wwan: fix divide by 0 on bad descriptors
* net: cdc_ether: fix divide by 0 on bad descriptors
sctp: do not peel off an assoc from one netns to another one
xen-blkback: don't leak stack data via response ring
bpf: don't let ldimm64 leak map addresses on unprivileged
KVM: x86: fix singlestepping over syscall
* ext4: fix data exposure after a crash
media: dib0700: fix invalid dvb_detach argument
media: imon: Fix null-ptr-deref in imon_probe
Linux 4.4.99
misc: panel: properly restore atomic counter on error path
target: Fix node_acl demo-mode + uncached dynamic shutdown regression
target/iscsi: Fix iSCSI task reassignment handling
brcmfmac: remove setting IBSS mode when stopping AP
tipc: fix link attribute propagation bug
* security/keys: add CONFIG_KEYS_COMPAT to Kconfig
* tcp/dccp: fix other lockdep splats accessing ireq_opt
* tcp/dccp: fix lockdep splat in inet_csk_route_req()
* tcp/dccp: fix ireq->opt races
ipip: only increase err_count for some certain type icmp in ipip_err
* ppp: fix race in ppp device destruction
sctp: reset owner sk for data chunks on out queues when migrating a sock
* tun: allow positive return values on dev_get_valid_name() call
ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
net/unix: don't show information about sockets from other namespaces
* ipv6: flowlabel: do not leave opt->tot_len with garbage
* packet: avoid panic in packet_getsockopt()
sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
* tun: call dev_get_valid_name() before register_netdevice()
* l2tp: check ps->sock before running pppol2tp_session_ioctl()
* tcp: fix tcp_mtu_probe() vs highest_sack
* tun/tap: sanitize TUNSETSNDBUF input
ALSA: seq: Cancel pending autoload work at unbinding device
Input: ims-psu - check if CDC union descriptor is sane
usb: usbtest: fix NULL pointer dereference
mac80211: don't compare TKIP TX MIC key in reinstall prevention
mac80211: use constant time comparison with keys
mac80211: accept key reinstall without changing anything
Linux 4.4.98
* PKCS#7: fix unitialized boolean 'want'
x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context
can: c_can: don't indicate triple sampling support for D_CAN
can: sun4i: handle overrun in RX FIFO
rbd: use GFP_NOIO for parent stat and data requests
drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
Input: elan_i2c - add ELAN060C to the ACPI table
MIPS: AR7: Ensure that serial ports are properly set up
MIPS: AR7: Defer registration of GPIO
tools: firmware: check for distro fallback udev cancel rule
selftests: firmware: send expected errors to /dev/null
selftests: firmware: add empty string and async tests
test: firmware_class: report errors properly on failure
MIPS: SMP: Fix deadlock & online race
MIPS: Fix race on setting and getting cpu_online_mask
MIPS: SMP: Use a completion event to signal CPU up
MIPS: Fix CM region target definitions
MIPS: microMIPS: Fix incorrect mask in insn_table_MM
ALSA: seq: Avoid invalid lockdep class warning
ALSA: seq: Fix OSS sysex delivery in OSS emulation
ARM: 8720/1: ensure dump_instr() checks addr_limit
* KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
crypto: x86/sha1-mb - fix panic due to unaligned access
* workqueue: Fix NULL pointer dereference
* x86/uaccess, sched/preempt: Verify access_ok() context
platform/x86: hp-wmi: Do not shadow error values
platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state
KEYS: trusted: fix writing past end of buffer in trusted_read()
KEYS: trusted: sanitize all key material
* cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
platform/x86: hp-wmi: Fix detection for dock and tablet mode
* net: dsa: select NET_SWITCHDEV
s390/qeth: issue STARTLAN as first IPA command
IB/ipoib: Change list_del to list_del_init in the tx object
Input: mpr121 - set missing event capability
Input: mpr121 - handle multiple bits change of status register
* IPsec: do not ignore crypto err in ah4 input
netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family
* usb: hcd: initialize hcd->flags to 0 when rm hcd
serial: sh-sci: Fix register offsets for the IRDA serial port
* phy: increase size of MII_BUS_ID_SIZE and bus_id
iio: trigger: free trigger resource correctly
crypto: vmx - disable preemption to enable vsx in aes_ctr.c
ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6
powerpc/corenet: explicitly disable the SDHC controller on kmcoge4
iommu/arm-smmu-v3: Clear prior settings when updating STEs
KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
drm: drm_minor_register(): Clean up debugfs on failure
xen/netback: set default upper limit of tx/rx queues to 8
PCI: mvebu: Handle changes to the bridge windows while enabled
video: fbdev: pmag-ba-fb: Remove bad `__init' annotation
adv7604: Initialize drive strength to default when using DT
Linux 4.4.97
staging: r8712u: Fix Sparse warning in rtl871x_xmit.c
xen: don't print error message in case of missing Xenstore entry
bt8xx: fix memory leak
s390/dasd: check for device error pointer within state change interrupts
mei: return error on notification request to a disconnected client
exynos4-is: fimc-is: Unmap region obtained by of_iomap()
staging: lustre: ptlrpc: skip lock if export failed
staging: lustre: hsm: stack overrun in hai_dump_data_field
staging: lustre: llite: don't invoke direct_IO for the EOF case
platform/x86: intel_mid_thermal: Fix module autoload
scsi: aacraid: Process Error for response I/O
xen/manage: correct return value check on xenbus_scanf()
cx231xx: Fix I2C on Internal Master 3 Bus
perf tools: Only increase index if perf_evsel__new_idx() succeeds
drm/amdgpu: when dpm disabled, also need to stop/start vce.
i2c: riic: correctly finish transfers
* ext4: do not use stripe_width if it is not set
* ext4: fix stripe-unaligned allocations
staging: rtl8712u: Fix endian settings for structs describing network packets
mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped
mfd: ab8500-sysctrl: Handle probe deferral
ARM: pxa: Don't rely on public mmc header to include leds.h
mmc: s3cmci: include linux/interrupt.h for tasklet_struct
* PM / wakeirq: report a wakeup_event on dedicated wekup irq
Fix tracing sample code warning.
tracing/samples: Fix creation and deletion of simple_thread_fn creation
drm/msm: fix an integer overflow test
drm/msm: Fix potential buffer overflow issue
perf tools: Fix build failure on perl script context
ocfs2: fstrim: Fix start offset of first cluster group during fstrim
ARM: 8715/1: add a private asm/unaligned.h
ARM: dts: mvebu: pl310-cache disable double-linefill
* arm64: ensure __dump_instr() checks addr_limit
ASoC: adau17x1: Workaround for noise bug in ADC
* KEYS: fix out-of-bounds read during ASN.1 parsing
* KEYS: return full count in keyring_read() if buffer is too small
cifs: check MaxPathNameComponentLength != 0 before using it
ALSA: seq: Fix nested rwsem annotation for lockdep splat
* ALSA: timer: Add missing mutex lock for compat ioctls
Linux 4.4.96
Revert "drm: bridge: add DT bindings for TI ths8135"
* ecryptfs: fix dereference of NULL user_key_payload
x86/microcode/intel: Disable late loading on model 79
regulator: fan53555: fix I2C device ids
can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages
can: kvaser_usb: Correct return value in printout
can: sun4i: fix loopback mode
* scsi: sg: Re-fix off by one in sg_fill_request_table()
scsi: zfcp: fix erp_action use-before-initialize in REC action trace
* assoc_array: Fix a buggy node-splitting case
Input: gtco - fix potential out-of-bound access
Input: elan_i2c - add ELAN0611 to the ACPI table
xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
* fuse: fix READDIRPLUS skipping an entry
* spi: uapi: spidev: add missing ioctl header
* usb: xhci: Handle error condition in xhci_stop_device()
ceph: unlock dangling spinlock in try_flush_caps()
ALSA: hda - fix headset mic problem for Dell machines with alc236
ALSA: hda/realtek - Add support for ALC236/ALC3204
* workqueue: replace pool->manager_arb mutex with a flag
Linux 4.4.95
FS-Cache: fix dereference of NULL user_key_payload
fscrypto: require write access to mount to set encryption policy
* KEYS: Fix race between updating and finding a negative key
* fscrypt: fix dereference of NULL user_key_payload
f2fs crypto: add missing locking for keyring_key access
f2fs crypto: replace some BUG_ON()'s with error checks
sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
parisc: Avoid trashing sr2 and sr3 in LWS code
* pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
* KEYS: don't let add_key() update an uninstantiated key
lib/digsig: fix dereference of NULL user_key_payload
KEYS: encrypted: fix dereference of NULL user_key_payload
rtlwifi: rtl8821ae: Fix connection lost problem
clockevents/drivers/cs5535: Improve resilience to spurious interrupts
bus: mbus: fix window size calculation for 4GB windows
brcmsmac: make some local variables 'static const' to reduce stack size
i2c: ismt: Separate I2C block read from SMBus block read
ALSA: hda: Remove superfluous '-' added by printk conversion
ALSA: seq: Enable 'use' locking in all configurations
drm/nouveau/mmu: flush tlbs before deleting page tables
drm/nouveau/bsp/g92: disable by default
can: esd_usb2: Fix can_dlc value for received RTR, frames
usb: musb: Check for host-mode using is_host_active() on reset interrupt
usb: musb: sunxi: Explicitly release USB PHY on exit
can: gs_usb: fix busy loop if no more TX context is available
* ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
* usb: hub: Allow reset retry for USB2 devices on connect bounce
* usb: quirks: add quirk for WORLDE MINI MIDI keyboard
usb: cdc_acm: Add quirk for Elatec TWN3
USB: serial: metro-usb: add MS7820 device id
* USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
* USB: devio: Revert "USB: devio: Don't corrupt user memory"
Linux 4.4.94
Revert "tty: goldfish: Fix a parameter of a call to free_irq"
* cpufreq: CPPC: add ACPI_PROCESSOR dependency
nfsd/callback: Cleanup callback cred on shutdown
target/iscsi: Fix unsolicited data seq_end_offset calculation
* uapi: fix linux/mroute6.h userspace compilation errors
uapi: fix linux/rds.h userspace compilation errors
ceph: clean up unsafe d_parent accesses in build_dentry_path
i2c: at91: ensure state is restored after suspending
net: mvpp2: release reference to txq_cpu[] entry after unmapping
scsi: scsi_dh_emc: return success in clariion_std_inquiry()
* slub: do not merge cache if slub_debug contains a never-merge flag
ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
* crypto: xts - Add ECB dependency
net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs
sparc64: Migrate hvcons irq to panicked cpu
* md/linear: shutup lockdep warnning
f2fs: do not wait for writeback in write_begin
Btrfs: send, fix failure to rename top level inode due to name collision
iio: adc: xilinx: Fix error handling
* netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value.
net/mlx4_en: fix overflow in mlx4_en_init_timestamp()
mac80211: fix power saving clients handling in iwlwifi
mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length
irqchip/crossbar: Fix incorrect type of local variables
watchdog: kempld: fix gcc-4.3 build
locking/lockdep: Add nest_lock integrity test
Revert "bsg-lib: don't free job in bsg_prepare_job"
tipc: use only positive error codes in messages
* net: Set sk_prot_creator when cloning sockets to the right proto
* packet: only test po->has_vnet_hdr once in packet_snd
* packet: in packet_do_bind, test fanout with bind_lock held
* tun: bail out from tun_get_user() if the skb is empty
* l2tp: fix race condition in l2tp_tunnel_delete
* l2tp: Avoid schedule while atomic in exit_net
* vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit
isdn/i4l: fetch the ppp_write buffer in one shot
* bpf: one perf event close won't free bpf program attached by another perf event
* packet: hold bind lock when rebinding to fanout hook
net: emac: Fix napi poll list corruption
ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
* udpv6: Fix the checksum computation when HW checksum does not apply
bpf/verifier: reject BPF_ALU64|BPF_END
* sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
MIPS: Fix minimum alignment requirement of IRQ stack
drm/dp/mst: save vcpi with payloads
* percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
Linux 4.4.93
x86/alternatives: Fix alt_max_short macro to really be a max()
USB: serial: console: fix use-after-free after failed setup
USB: serial: qcserial: add Dell DW5818, DW5819
USB: serial: option: add support for TP-Link LTE module
USB: serial: cp210x: add support for ELV TFD500
USB: serial: ftdi_sio: add id for Cypress WICED dev board
* fix unbalanced page refcounting in bio_map_user_iov
* direct-io: Prevent NULL pointer access in submit_page_section
* usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options
ALSA: line6: Fix leftover URB at error-path during probe
ALSA: caiaq: Fix stray URB at probe error path
ALSA: seq: Fix copy_from_user() call inside lock
ALSA: seq: Fix use-after-free at creating a port
* ALSA: usb-audio: Kill stray URB at exiting
iommu/amd: Finish TLB flush in amd_iommu_unmap()
usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
* crypto: shash - Fix zero-length shash ahash digest crash
* HID: usbhid: fix out-of-bounds bug
dmaengine: edma: Align the memcpy acnt array size with the transfer
MIPS: math-emu: Remove pr_err() calls from fpu_emu()
USB: dummy-hcd: Fix deadlock caused by disconnect detection
* rcu: Allow for page faults in NMI handlers
iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
* nl80211: Define policy for packet pattern attributes
CIFS: Reconnect expired SMB sessions
* ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
brcmfmac: add length check in brcmf_cfg80211_escan_handler()
Linux 4.4.92
* ext4: don't allow encrypted operations without keys
ext4: Don't clear SGID when inheriting ACLs
* ext4: fix data corruption for mmap writes
* sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
nvme: protect against simultaneous shutdown invocations
drm/i915/bios: ignore HDMI on port A
brcmfmac: setup passive scan if requested by user-space
uwb: ensure that endpoint is interrupt
uwb: properly check kthread_run return value
iio: adc: mcp320x: Fix oops on module unload
iio: adc: mcp320x: Fix readout of negative voltages
iio: ad7793: Fix the serial interface reset
* iio: core: Return error for failed read_reg
staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack.
iio: ad_sigma_delta: Implement a dedicated reset function
iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()'
iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'
* xhci: fix finding correct bus_state structure for USB 3.1 hosts
* USB: fix out-of-bounds in usb_set_configuration
* usb: Increase quirk delay for USB devices
* USB: core: harden cdc_parse_cdc_header
USB: uas: fix bug in handling of alternate settings
* scsi: sd: Do not override max_sectors_kb sysfs setting
iwlwifi: add workaround to disable wide channels in 5GHz
HID: i2c-hid: allocate hid buffers for real worst case
ftrace: Fix kmemleak in unregister_ftrace_graph
stm class: Fix a use-after-free
Drivers: hv: fcopy: restore correct transfer length
* driver core: platform: Don't read past the end of "driver_override" buffer
ALSA: usx2y: Suppress kernel warning at page allocation failures
* ALSA: compress: Remove unused variable
* lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
* USB: g_mass_storage: Fix deadlock when driver is unbound
usb: gadget: mass_storage: set msg_registered after msg registered
* USB: devio: Don't corrupt user memory
USB: dummy-hcd: Fix erroneous synchronization change
USB: dummy-hcd: fix infinite-loop resubmission bug
USB: dummy-hcd: fix connection failures (wrong speed)
* usb: pci-quirks.c: Corrected timeout values used in handshake
* ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
* usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives
usb: gadget: udc: atmel: set vbus irqflags explicitly
USB: gadgetfs: fix copy_to_user while holding spinlock
USB: gadgetfs: Fix crash caused by inadequate synchronization
usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
Linux 4.4.91
ttpci: address stringop overflow warning
ALSA: au88x0: avoid theoretical uninitialized access
ARM: remove duplicate 'const' annotations'
IB/qib: fix false-postive maybe-uninitialized warning
* drivers: firmware: psci: drop duplicate const from psci_of_match
libata: transport: Remove circular dependency at free time
xfs: remove kmem_zalloc_greedy
i2c: meson: fix wrong variable usage in meson_i2c_put_data
md/raid10: submit bio directly to replacement disk
rds: ib: add error handle
* iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
parisc: perf: Fix potential NULL pointer dereference
netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
exynos-gsc: Do not swap cb/cr for semi planar formats
MIPS: IRQ Stack: Unwind IRQ stack onto task stack
* netfilter: invoke synchronize_rcu after set the _hook_ to NULL
* bridge: netlink: register netdevice before executing changelink
* mmc: sdio: fix alignment issue in struct sdio_func
* usb: plusb: Add support for PL-27A1
team: fix memory leaks
* net/packet: check length in getsockopt() called with PACKET_HDRLEN
* net: core: Prevent from dereferencing null pointer when releasing SKB
MIPS: Lantiq: Fix another request_mem_region() return code check
* ASoC: dapm: fix some pointer error handling
usb: chipidea: vbus event may exist before starting gadget
* audit: log 32-bit socketcalls
* ASoC: dapm: handle probe deferrals
* partitions/efi: Fix integer overflow in GPT size calculation
USB: serial: mos7840: fix control-message error handling
USB: serial: mos7720: fix control-message error handling
drm/amdkfd: fix improper return value on error
IB/ipoib: Replace list_del of the neigh->list with list_del_init
IB/ipoib: rtnl_unlock can not come after free_netdev
IB/ipoib: Fix deadlock over vlan_mutex
tty: goldfish: Fix a parameter of a call to free_irq
ARM: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM
iio: adc: hx711: Add DT binding for avia,hx711
iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications
hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes
sh_eth: use correct name for ECMR_MPDE bit
extcon: axp288: Use vbus-valid instead of -present to determine cable presence
igb: re-assign hw address pointer on reset after PCI error
MIPS: ralink: Fix incorrect assignment on ralink_soc
MIPS: Ensure bss section ends on a long-aligned address
ARM: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
RDS: RDMA: Fix the composite message user notification
GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next
drm: bridge: add DT bindings for TI ths8135
drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define
Linux 4.4.90
fix xen_swiotlb_dma_mmap prototype
swiotlb-xen: implement xen_swiotlb_dma_mmap callback
video: fbdev: aty: do not leak uninitialized padding in clk to userspace
KVM: VMX: use cmpxchg64
ARM: pxa: fix the number of DMA requestor lines
ARM: pxa: add the number of DMA requestor lines
dmaengine: mmp-pdma: add number of requestors
cxl: Fix driver use count
KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
KVM: VMX: do not change SN bit in vmx_update_pi_irte()
* timer/sysclt: Restrict timer migration sysctl values to 0 and 1
gfs2: Fix debugfs glocks dump
x86/fpu: Don't let userspace set bogus xcomp_bv
btrfs: prevent to set invalid default subvolid
btrfs: propagate error to btrfs_cmp_data_prepare caller
btrfs: fix NULL pointer dereference from free_reloc_roots()
* PCI: Fix race condition with driver_override
kvm: nVMX: Don't allow L2 to access the hardware CR8
KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
* arm64: fault: Route pte translation faults via do_translation_fault
* arm64: Make sure SPsel is always set
* seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
bsg-lib: don't free job in bsg_prepare_job
* nl80211: check for the required netlink attributes presence
* vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
SMB: Validate negotiate (to protect against downgrade) even if signing off
Fix SMB3.1.1 guest authentication to Samba
powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
* KEYS: prevent KEYCTL_READ on negative key
* KEYS: prevent creating a different user's keyrings
* KEYS: fix writing past end of user-supplied buffer in keyring_read()
crypto: talitos - fix sha224
crypto: talitos - Don't provide setkey for non hmac hashing algs.
scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
md/raid5: fix a race condition in stripe batch
* tracing: Erase irqsoff trace with empty write
* tracing: Fix trace_pipe behavior for instance traces
KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
mac80211: flush hw_roc_start work before cancelling the ROC
cifs: release auth_key.response for reconnect.
Linux 4.4.89
ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
bcache: fix bch_hprint crash and improve output
bcache: fix for gc and write-back race
bcache: Correct return value for sysfs attach errors
bcache: correct cache_dirty_target in __update_writeback_rate()
bcache: do not subtract sectors_to_gc for bypassed IO
bcache: Fix leak of bdev reference
bcache: initialize dirty stripes in flash_dev_run()
media: uvcvideo: Prevent heap overflow when accessing mapped controls
* media: v4l2-compat-ioctl32: Fix timespec conversion
PCI: shpchp: Enable bridge bus mastering if MSI is enabled
ARC: Re-enable MMU upon Machine Check exception
* tracing: Apply trace_clock changes to instance max buffer
ftrace: Fix selftest goto location on error
scsi: qla2xxx: Fix an integer overflow in sysfs code
* scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
* scsi: sg: factor out sg_fill_request_table()
* scsi: sg: off by one in sg_ioctl()
* scsi: sg: use standard lists for sg_requests
* scsi: sg: remove 'save_scat_len'
scsi: storvsc: fix memory leak on ring buffer busy
scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead
scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response
scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA
scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records
scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
skd: Submit requests to firmware before triggering the doorbell
skd: Avoid that module unloading triggers a use-after-free
* md/bitmap: disable bitmap_resize for file-backed bitmaps.
* block: Relax a check in blk_start_queue()
powerpc: Fix DAR reporting when alignment handler faults
* ext4: fix quota inconsistency during orphan cleanup for read-only mounts
* ext4: fix incorrect quotaoff if the quota feature is enabled
crypto: AF_ALG - remove SGL terminator indicator when chaining
MIPS: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs
MIPS: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation
Input: i8042 - add Gigabyte P57 to the keyboard reset table
* tty: fix __tty_insert_flip_char regression
* tty: improve tty_insert_flip_char() slow path
* tty: improve tty_insert_flip_char() fast path
* mm: prevent double decrease of nr_reserved_highatomic
nfsd: Fix general protection fault in release_lock_stateid()
md/raid5: release/flush io in raid5_do_work()
x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps
f2fs: check hot_data for roll-forward recovery
* ipv6: fix typo in fib6_net_exit()
* ipv6: fix memory leak with multiple tables during netns destruction
gianfar: Fix Tx flow control deactivation
* Revert "net: fix percpu memory leaks"
* Revert "net: use lib/percpu_counter API for fragmentation mem accounting"
* tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
* Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"
qlge: avoid memcpy buffer overflow
* ipv6: fix sparse warning on rt6i_node
* ipv6: add rcu grace period before freeing fib6_node
* ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
Conflicts:
arch/arm/include/asm/kvm_arm.h
arch/x86/include/asm/thread_info.h
drivers/gpu/drm/msm/msm_gem_submit.c
drivers/md/dm-bufio.c
drivers/media/v4l2-core/v4l2-compat-ioctl32.c
drivers/mmc/core/bus.c
drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
drivers/scsi/sg.c
drivers/scsi/ufs/ufshcd.h
drivers/usb/gadget/function/f_fs.c
drivers/usb/host/xhci-hub.c
kernel/fork.c
kernel/power/process.c
net/ipv4/raw.c
net/wireless/nl80211.c
scripts/Makefile.build
security/keys/keyctl.c
sound/usb/card.c
sound/usb/mixer.c
Change-Id: Ia5c1e792a3f23d9035d9843e7d520c67da04b03e
Signed-off-by: Thierry Strudel <tstrudel@google.com>
1687 lines
44 KiB
C
1687 lines
44 KiB
C
/*
|
|
* Derived from "arch/i386/kernel/process.c"
|
|
* Copyright (C) 1995 Linus Torvalds
|
|
*
|
|
* Updated and modified by Cort Dougan (cort@cs.nmt.edu) and
|
|
* Paul Mackerras (paulus@cs.anu.edu.au)
|
|
*
|
|
* PowerPC version
|
|
* Copyright (C) 1995-1996 Gary Thomas (gdt@linuxppc.org)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/errno.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/mm.h>
|
|
#include <linux/smp.h>
|
|
#include <linux/stddef.h>
|
|
#include <linux/unistd.h>
|
|
#include <linux/ptrace.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/user.h>
|
|
#include <linux/elf.h>
|
|
#include <linux/prctl.h>
|
|
#include <linux/init_task.h>
|
|
#include <linux/export.h>
|
|
#include <linux/kallsyms.h>
|
|
#include <linux/mqueue.h>
|
|
#include <linux/hardirq.h>
|
|
#include <linux/utsname.h>
|
|
#include <linux/ftrace.h>
|
|
#include <linux/kernel_stat.h>
|
|
#include <linux/personality.h>
|
|
#include <linux/random.h>
|
|
#include <linux/hw_breakpoint.h>
|
|
#include <linux/uaccess.h>
|
|
|
|
#include <asm/pgtable.h>
|
|
#include <asm/io.h>
|
|
#include <asm/processor.h>
|
|
#include <asm/mmu.h>
|
|
#include <asm/prom.h>
|
|
#include <asm/machdep.h>
|
|
#include <asm/time.h>
|
|
#include <asm/runlatch.h>
|
|
#include <asm/syscalls.h>
|
|
#include <asm/switch_to.h>
|
|
#include <asm/tm.h>
|
|
#include <asm/debug.h>
|
|
#ifdef CONFIG_PPC64
|
|
#include <asm/firmware.h>
|
|
#endif
|
|
#include <asm/code-patching.h>
|
|
#include <linux/kprobes.h>
|
|
#include <linux/kdebug.h>
|
|
|
|
/* Transactional Memory debug */
|
|
#ifdef TM_DEBUG_SW
|
|
#define TM_DEBUG(x...) printk(KERN_INFO x)
|
|
#else
|
|
#define TM_DEBUG(x...) do { } while(0)
|
|
#endif
|
|
|
|
extern unsigned long _get_SP(void);
|
|
|
|
#ifndef CONFIG_SMP
|
|
struct task_struct *last_task_used_math = NULL;
|
|
struct task_struct *last_task_used_altivec = NULL;
|
|
struct task_struct *last_task_used_vsx = NULL;
|
|
struct task_struct *last_task_used_spe = NULL;
|
|
#endif
|
|
|
|
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
|
|
void giveup_fpu_maybe_transactional(struct task_struct *tsk)
|
|
{
|
|
/*
|
|
* If we are saving the current thread's registers, and the
|
|
* thread is in a transactional state, set the TIF_RESTORE_TM
|
|
* bit so that we know to restore the registers before
|
|
* returning to userspace.
|
|
*/
|
|
if (tsk == current && tsk->thread.regs &&
|
|
MSR_TM_ACTIVE(tsk->thread.regs->msr) &&
|
|
!test_thread_flag(TIF_RESTORE_TM)) {
|
|
tsk->thread.ckpt_regs.msr = tsk->thread.regs->msr;
|
|
set_thread_flag(TIF_RESTORE_TM);
|
|
}
|
|
|
|
giveup_fpu(tsk);
|
|
}
|
|
|
|
void giveup_altivec_maybe_transactional(struct task_struct *tsk)
|
|
{
|
|
/*
|
|
* If we are saving the current thread's registers, and the
|
|
* thread is in a transactional state, set the TIF_RESTORE_TM
|
|
* bit so that we know to restore the registers before
|
|
* returning to userspace.
|
|
*/
|
|
if (tsk == current && tsk->thread.regs &&
|
|
MSR_TM_ACTIVE(tsk->thread.regs->msr) &&
|
|
!test_thread_flag(TIF_RESTORE_TM)) {
|
|
tsk->thread.ckpt_regs.msr = tsk->thread.regs->msr;
|
|
set_thread_flag(TIF_RESTORE_TM);
|
|
}
|
|
|
|
giveup_altivec(tsk);
|
|
}
|
|
|
|
#else
|
|
#define giveup_fpu_maybe_transactional(tsk) giveup_fpu(tsk)
|
|
#define giveup_altivec_maybe_transactional(tsk) giveup_altivec(tsk)
|
|
#endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
|
|
|
|
#ifdef CONFIG_PPC_FPU
|
|
/*
|
|
* Make sure the floating-point register state in the
|
|
* the thread_struct is up to date for task tsk.
|
|
*/
|
|
void flush_fp_to_thread(struct task_struct *tsk)
|
|
{
|
|
if (tsk->thread.regs) {
|
|
/*
|
|
* We need to disable preemption here because if we didn't,
|
|
* another process could get scheduled after the regs->msr
|
|
* test but before we have finished saving the FP registers
|
|
* to the thread_struct. That process could take over the
|
|
* FPU, and then when we get scheduled again we would store
|
|
* bogus values for the remaining FP registers.
|
|
*/
|
|
preempt_disable();
|
|
if (tsk->thread.regs->msr & MSR_FP) {
|
|
#ifdef CONFIG_SMP
|
|
/*
|
|
* This should only ever be called for current or
|
|
* for a stopped child process. Since we save away
|
|
* the FP register state on context switch on SMP,
|
|
* there is something wrong if a stopped child appears
|
|
* to still have its FP state in the CPU registers.
|
|
*/
|
|
BUG_ON(tsk != current);
|
|
#endif
|
|
giveup_fpu_maybe_transactional(tsk);
|
|
}
|
|
preempt_enable();
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(flush_fp_to_thread);
|
|
#endif /* CONFIG_PPC_FPU */
|
|
|
|
void enable_kernel_fp(void)
|
|
{
|
|
WARN_ON(preemptible());
|
|
|
|
#ifdef CONFIG_SMP
|
|
if (current->thread.regs && (current->thread.regs->msr & MSR_FP))
|
|
giveup_fpu_maybe_transactional(current);
|
|
else
|
|
giveup_fpu(NULL); /* just enables FP for kernel */
|
|
#else
|
|
giveup_fpu_maybe_transactional(last_task_used_math);
|
|
#endif /* CONFIG_SMP */
|
|
}
|
|
EXPORT_SYMBOL(enable_kernel_fp);
|
|
|
|
#ifdef CONFIG_ALTIVEC
|
|
void enable_kernel_altivec(void)
|
|
{
|
|
WARN_ON(preemptible());
|
|
|
|
#ifdef CONFIG_SMP
|
|
if (current->thread.regs && (current->thread.regs->msr & MSR_VEC))
|
|
giveup_altivec_maybe_transactional(current);
|
|
else
|
|
giveup_altivec_notask();
|
|
#else
|
|
giveup_altivec_maybe_transactional(last_task_used_altivec);
|
|
#endif /* CONFIG_SMP */
|
|
}
|
|
EXPORT_SYMBOL(enable_kernel_altivec);
|
|
|
|
/*
|
|
* Make sure the VMX/Altivec register state in the
|
|
* the thread_struct is up to date for task tsk.
|
|
*/
|
|
void flush_altivec_to_thread(struct task_struct *tsk)
|
|
{
|
|
if (tsk->thread.regs) {
|
|
preempt_disable();
|
|
if (tsk->thread.regs->msr & MSR_VEC) {
|
|
#ifdef CONFIG_SMP
|
|
BUG_ON(tsk != current);
|
|
#endif
|
|
giveup_altivec_maybe_transactional(tsk);
|
|
}
|
|
preempt_enable();
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(flush_altivec_to_thread);
|
|
#endif /* CONFIG_ALTIVEC */
|
|
|
|
#ifdef CONFIG_VSX
|
|
void enable_kernel_vsx(void)
|
|
{
|
|
WARN_ON(preemptible());
|
|
|
|
#ifdef CONFIG_SMP
|
|
if (current->thread.regs &&
|
|
(current->thread.regs->msr & (MSR_VSX|MSR_VEC|MSR_FP)))
|
|
giveup_vsx(current);
|
|
else
|
|
giveup_vsx(NULL); /* just enable vsx for kernel - force */
|
|
#else
|
|
giveup_vsx(last_task_used_vsx);
|
|
#endif /* CONFIG_SMP */
|
|
}
|
|
EXPORT_SYMBOL(enable_kernel_vsx);
|
|
|
|
void giveup_vsx(struct task_struct *tsk)
|
|
{
|
|
giveup_fpu_maybe_transactional(tsk);
|
|
giveup_altivec_maybe_transactional(tsk);
|
|
__giveup_vsx(tsk);
|
|
}
|
|
EXPORT_SYMBOL(giveup_vsx);
|
|
|
|
void flush_vsx_to_thread(struct task_struct *tsk)
|
|
{
|
|
if (tsk->thread.regs) {
|
|
preempt_disable();
|
|
if (tsk->thread.regs->msr & (MSR_VSX|MSR_VEC|MSR_FP)) {
|
|
#ifdef CONFIG_SMP
|
|
BUG_ON(tsk != current);
|
|
#endif
|
|
giveup_vsx(tsk);
|
|
}
|
|
preempt_enable();
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(flush_vsx_to_thread);
|
|
#endif /* CONFIG_VSX */
|
|
|
|
#ifdef CONFIG_SPE
|
|
|
|
void enable_kernel_spe(void)
|
|
{
|
|
WARN_ON(preemptible());
|
|
|
|
#ifdef CONFIG_SMP
|
|
if (current->thread.regs && (current->thread.regs->msr & MSR_SPE))
|
|
giveup_spe(current);
|
|
else
|
|
giveup_spe(NULL); /* just enable SPE for kernel - force */
|
|
#else
|
|
giveup_spe(last_task_used_spe);
|
|
#endif /* __SMP __ */
|
|
}
|
|
EXPORT_SYMBOL(enable_kernel_spe);
|
|
|
|
void flush_spe_to_thread(struct task_struct *tsk)
|
|
{
|
|
if (tsk->thread.regs) {
|
|
preempt_disable();
|
|
if (tsk->thread.regs->msr & MSR_SPE) {
|
|
#ifdef CONFIG_SMP
|
|
BUG_ON(tsk != current);
|
|
#endif
|
|
tsk->thread.spefscr = mfspr(SPRN_SPEFSCR);
|
|
giveup_spe(tsk);
|
|
}
|
|
preempt_enable();
|
|
}
|
|
}
|
|
#endif /* CONFIG_SPE */
|
|
|
|
#ifndef CONFIG_SMP
|
|
/*
|
|
* If we are doing lazy switching of CPU state (FP, altivec or SPE),
|
|
* and the current task has some state, discard it.
|
|
*/
|
|
void discard_lazy_cpu_state(void)
|
|
{
|
|
preempt_disable();
|
|
if (last_task_used_math == current)
|
|
last_task_used_math = NULL;
|
|
#ifdef CONFIG_ALTIVEC
|
|
if (last_task_used_altivec == current)
|
|
last_task_used_altivec = NULL;
|
|
#endif /* CONFIG_ALTIVEC */
|
|
#ifdef CONFIG_VSX
|
|
if (last_task_used_vsx == current)
|
|
last_task_used_vsx = NULL;
|
|
#endif /* CONFIG_VSX */
|
|
#ifdef CONFIG_SPE
|
|
if (last_task_used_spe == current)
|
|
last_task_used_spe = NULL;
|
|
#endif
|
|
preempt_enable();
|
|
}
|
|
#endif /* CONFIG_SMP */
|
|
|
|
#ifdef CONFIG_PPC_ADV_DEBUG_REGS
|
|
void do_send_trap(struct pt_regs *regs, unsigned long address,
|
|
unsigned long error_code, int signal_code, int breakpt)
|
|
{
|
|
siginfo_t info;
|
|
|
|
current->thread.trap_nr = signal_code;
|
|
if (notify_die(DIE_DABR_MATCH, "dabr_match", regs, error_code,
|
|
11, SIGSEGV) == NOTIFY_STOP)
|
|
return;
|
|
|
|
/* Deliver the signal to userspace */
|
|
info.si_signo = SIGTRAP;
|
|
info.si_errno = breakpt; /* breakpoint or watchpoint id */
|
|
info.si_code = signal_code;
|
|
info.si_addr = (void __user *)address;
|
|
force_sig_info(SIGTRAP, &info, current);
|
|
}
|
|
#else /* !CONFIG_PPC_ADV_DEBUG_REGS */
|
|
void do_break (struct pt_regs *regs, unsigned long address,
|
|
unsigned long error_code)
|
|
{
|
|
siginfo_t info;
|
|
|
|
current->thread.trap_nr = TRAP_HWBKPT;
|
|
if (notify_die(DIE_DABR_MATCH, "dabr_match", regs, error_code,
|
|
11, SIGSEGV) == NOTIFY_STOP)
|
|
return;
|
|
|
|
if (debugger_break_match(regs))
|
|
return;
|
|
|
|
/* Clear the breakpoint */
|
|
hw_breakpoint_disable();
|
|
|
|
/* Deliver the signal to userspace */
|
|
info.si_signo = SIGTRAP;
|
|
info.si_errno = 0;
|
|
info.si_code = TRAP_HWBKPT;
|
|
info.si_addr = (void __user *)address;
|
|
force_sig_info(SIGTRAP, &info, current);
|
|
}
|
|
#endif /* CONFIG_PPC_ADV_DEBUG_REGS */
|
|
|
|
static DEFINE_PER_CPU(struct arch_hw_breakpoint, current_brk);
|
|
|
|
#ifdef CONFIG_PPC_ADV_DEBUG_REGS
|
|
/*
|
|
* Set the debug registers back to their default "safe" values.
|
|
*/
|
|
static void set_debug_reg_defaults(struct thread_struct *thread)
|
|
{
|
|
thread->debug.iac1 = thread->debug.iac2 = 0;
|
|
#if CONFIG_PPC_ADV_DEBUG_IACS > 2
|
|
thread->debug.iac3 = thread->debug.iac4 = 0;
|
|
#endif
|
|
thread->debug.dac1 = thread->debug.dac2 = 0;
|
|
#if CONFIG_PPC_ADV_DEBUG_DVCS > 0
|
|
thread->debug.dvc1 = thread->debug.dvc2 = 0;
|
|
#endif
|
|
thread->debug.dbcr0 = 0;
|
|
#ifdef CONFIG_BOOKE
|
|
/*
|
|
* Force User/Supervisor bits to b11 (user-only MSR[PR]=1)
|
|
*/
|
|
thread->debug.dbcr1 = DBCR1_IAC1US | DBCR1_IAC2US |
|
|
DBCR1_IAC3US | DBCR1_IAC4US;
|
|
/*
|
|
* Force Data Address Compare User/Supervisor bits to be User-only
|
|
* (0b11 MSR[PR]=1) and set all other bits in DBCR2 register to be 0.
|
|
*/
|
|
thread->debug.dbcr2 = DBCR2_DAC1US | DBCR2_DAC2US;
|
|
#else
|
|
thread->debug.dbcr1 = 0;
|
|
#endif
|
|
}
|
|
|
|
static void prime_debug_regs(struct debug_reg *debug)
|
|
{
|
|
/*
|
|
* We could have inherited MSR_DE from userspace, since
|
|
* it doesn't get cleared on exception entry. Make sure
|
|
* MSR_DE is clear before we enable any debug events.
|
|
*/
|
|
mtmsr(mfmsr() & ~MSR_DE);
|
|
|
|
mtspr(SPRN_IAC1, debug->iac1);
|
|
mtspr(SPRN_IAC2, debug->iac2);
|
|
#if CONFIG_PPC_ADV_DEBUG_IACS > 2
|
|
mtspr(SPRN_IAC3, debug->iac3);
|
|
mtspr(SPRN_IAC4, debug->iac4);
|
|
#endif
|
|
mtspr(SPRN_DAC1, debug->dac1);
|
|
mtspr(SPRN_DAC2, debug->dac2);
|
|
#if CONFIG_PPC_ADV_DEBUG_DVCS > 0
|
|
mtspr(SPRN_DVC1, debug->dvc1);
|
|
mtspr(SPRN_DVC2, debug->dvc2);
|
|
#endif
|
|
mtspr(SPRN_DBCR0, debug->dbcr0);
|
|
mtspr(SPRN_DBCR1, debug->dbcr1);
|
|
#ifdef CONFIG_BOOKE
|
|
mtspr(SPRN_DBCR2, debug->dbcr2);
|
|
#endif
|
|
}
|
|
/*
|
|
* Unless neither the old or new thread are making use of the
|
|
* debug registers, set the debug registers from the values
|
|
* stored in the new thread.
|
|
*/
|
|
void switch_booke_debug_regs(struct debug_reg *new_debug)
|
|
{
|
|
if ((current->thread.debug.dbcr0 & DBCR0_IDM)
|
|
|| (new_debug->dbcr0 & DBCR0_IDM))
|
|
prime_debug_regs(new_debug);
|
|
}
|
|
EXPORT_SYMBOL_GPL(switch_booke_debug_regs);
|
|
#else /* !CONFIG_PPC_ADV_DEBUG_REGS */
|
|
#ifndef CONFIG_HAVE_HW_BREAKPOINT
|
|
static void set_debug_reg_defaults(struct thread_struct *thread)
|
|
{
|
|
thread->hw_brk.address = 0;
|
|
thread->hw_brk.type = 0;
|
|
set_breakpoint(&thread->hw_brk);
|
|
}
|
|
#endif /* !CONFIG_HAVE_HW_BREAKPOINT */
|
|
#endif /* CONFIG_PPC_ADV_DEBUG_REGS */
|
|
|
|
#ifdef CONFIG_PPC_ADV_DEBUG_REGS
|
|
static inline int __set_dabr(unsigned long dabr, unsigned long dabrx)
|
|
{
|
|
mtspr(SPRN_DAC1, dabr);
|
|
#ifdef CONFIG_PPC_47x
|
|
isync();
|
|
#endif
|
|
return 0;
|
|
}
|
|
#elif defined(CONFIG_PPC_BOOK3S)
|
|
static inline int __set_dabr(unsigned long dabr, unsigned long dabrx)
|
|
{
|
|
mtspr(SPRN_DABR, dabr);
|
|
if (cpu_has_feature(CPU_FTR_DABRX))
|
|
mtspr(SPRN_DABRX, dabrx);
|
|
return 0;
|
|
}
|
|
#else
|
|
static inline int __set_dabr(unsigned long dabr, unsigned long dabrx)
|
|
{
|
|
return -EINVAL;
|
|
}
|
|
#endif
|
|
|
|
static inline int set_dabr(struct arch_hw_breakpoint *brk)
|
|
{
|
|
unsigned long dabr, dabrx;
|
|
|
|
dabr = brk->address | (brk->type & HW_BRK_TYPE_DABR);
|
|
dabrx = ((brk->type >> 3) & 0x7);
|
|
|
|
if (ppc_md.set_dabr)
|
|
return ppc_md.set_dabr(dabr, dabrx);
|
|
|
|
return __set_dabr(dabr, dabrx);
|
|
}
|
|
|
|
static inline int set_dawr(struct arch_hw_breakpoint *brk)
|
|
{
|
|
unsigned long dawr, dawrx, mrd;
|
|
|
|
dawr = brk->address;
|
|
|
|
dawrx = (brk->type & (HW_BRK_TYPE_READ | HW_BRK_TYPE_WRITE)) \
|
|
<< (63 - 58); //* read/write bits */
|
|
dawrx |= ((brk->type & (HW_BRK_TYPE_TRANSLATE)) >> 2) \
|
|
<< (63 - 59); //* translate */
|
|
dawrx |= (brk->type & (HW_BRK_TYPE_PRIV_ALL)) \
|
|
>> 3; //* PRIM bits */
|
|
/* dawr length is stored in field MDR bits 48:53. Matches range in
|
|
doublewords (64 bits) baised by -1 eg. 0b000000=1DW and
|
|
0b111111=64DW.
|
|
brk->len is in bytes.
|
|
This aligns up to double word size, shifts and does the bias.
|
|
*/
|
|
mrd = ((brk->len + 7) >> 3) - 1;
|
|
dawrx |= (mrd & 0x3f) << (63 - 53);
|
|
|
|
if (ppc_md.set_dawr)
|
|
return ppc_md.set_dawr(dawr, dawrx);
|
|
mtspr(SPRN_DAWR, dawr);
|
|
mtspr(SPRN_DAWRX, dawrx);
|
|
return 0;
|
|
}
|
|
|
|
void __set_breakpoint(struct arch_hw_breakpoint *brk)
|
|
{
|
|
memcpy(this_cpu_ptr(¤t_brk), brk, sizeof(*brk));
|
|
|
|
if (cpu_has_feature(CPU_FTR_DAWR))
|
|
set_dawr(brk);
|
|
else
|
|
set_dabr(brk);
|
|
}
|
|
|
|
void set_breakpoint(struct arch_hw_breakpoint *brk)
|
|
{
|
|
preempt_disable();
|
|
__set_breakpoint(brk);
|
|
preempt_enable();
|
|
}
|
|
|
|
#ifdef CONFIG_PPC64
|
|
DEFINE_PER_CPU(struct cpu_usage, cpu_usage_array);
|
|
#endif
|
|
|
|
static inline bool hw_brk_match(struct arch_hw_breakpoint *a,
|
|
struct arch_hw_breakpoint *b)
|
|
{
|
|
if (a->address != b->address)
|
|
return false;
|
|
if (a->type != b->type)
|
|
return false;
|
|
if (a->len != b->len)
|
|
return false;
|
|
return true;
|
|
}
|
|
|
|
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
|
|
static void tm_reclaim_thread(struct thread_struct *thr,
|
|
struct thread_info *ti, uint8_t cause)
|
|
{
|
|
unsigned long msr_diff = 0;
|
|
|
|
/*
|
|
* If FP/VSX registers have been already saved to the
|
|
* thread_struct, move them to the transact_fp array.
|
|
* We clear the TIF_RESTORE_TM bit since after the reclaim
|
|
* the thread will no longer be transactional.
|
|
*/
|
|
if (test_ti_thread_flag(ti, TIF_RESTORE_TM)) {
|
|
msr_diff = thr->ckpt_regs.msr & ~thr->regs->msr;
|
|
if (msr_diff & MSR_FP)
|
|
memcpy(&thr->transact_fp, &thr->fp_state,
|
|
sizeof(struct thread_fp_state));
|
|
if (msr_diff & MSR_VEC)
|
|
memcpy(&thr->transact_vr, &thr->vr_state,
|
|
sizeof(struct thread_vr_state));
|
|
clear_ti_thread_flag(ti, TIF_RESTORE_TM);
|
|
msr_diff &= MSR_FP | MSR_VEC | MSR_VSX | MSR_FE0 | MSR_FE1;
|
|
}
|
|
|
|
/*
|
|
* Use the current MSR TM suspended bit to track if we have
|
|
* checkpointed state outstanding.
|
|
* On signal delivery, we'd normally reclaim the checkpointed
|
|
* state to obtain stack pointer (see:get_tm_stackpointer()).
|
|
* This will then directly return to userspace without going
|
|
* through __switch_to(). However, if the stack frame is bad,
|
|
* we need to exit this thread which calls __switch_to() which
|
|
* will again attempt to reclaim the already saved tm state.
|
|
* Hence we need to check that we've not already reclaimed
|
|
* this state.
|
|
* We do this using the current MSR, rather tracking it in
|
|
* some specific thread_struct bit, as it has the additional
|
|
* benifit of checking for a potential TM bad thing exception.
|
|
*/
|
|
if (!MSR_TM_SUSPENDED(mfmsr()))
|
|
return;
|
|
|
|
tm_reclaim(thr, thr->regs->msr, cause);
|
|
|
|
/* Having done the reclaim, we now have the checkpointed
|
|
* FP/VSX values in the registers. These might be valid
|
|
* even if we have previously called enable_kernel_fp() or
|
|
* flush_fp_to_thread(), so update thr->regs->msr to
|
|
* indicate their current validity.
|
|
*/
|
|
thr->regs->msr |= msr_diff;
|
|
}
|
|
|
|
void tm_reclaim_current(uint8_t cause)
|
|
{
|
|
tm_enable();
|
|
tm_reclaim_thread(¤t->thread, current_thread_info(), cause);
|
|
}
|
|
|
|
static inline void tm_reclaim_task(struct task_struct *tsk)
|
|
{
|
|
/* We have to work out if we're switching from/to a task that's in the
|
|
* middle of a transaction.
|
|
*
|
|
* In switching we need to maintain a 2nd register state as
|
|
* oldtask->thread.ckpt_regs. We tm_reclaim(oldproc); this saves the
|
|
* checkpointed (tbegin) state in ckpt_regs and saves the transactional
|
|
* (current) FPRs into oldtask->thread.transact_fpr[].
|
|
*
|
|
* We also context switch (save) TFHAR/TEXASR/TFIAR in here.
|
|
*/
|
|
struct thread_struct *thr = &tsk->thread;
|
|
|
|
if (!thr->regs)
|
|
return;
|
|
|
|
if (!MSR_TM_ACTIVE(thr->regs->msr))
|
|
goto out_and_saveregs;
|
|
|
|
/* Stash the original thread MSR, as giveup_fpu et al will
|
|
* modify it. We hold onto it to see whether the task used
|
|
* FP & vector regs. If the TIF_RESTORE_TM flag is set,
|
|
* ckpt_regs.msr is already set.
|
|
*/
|
|
if (!test_ti_thread_flag(task_thread_info(tsk), TIF_RESTORE_TM))
|
|
thr->ckpt_regs.msr = thr->regs->msr;
|
|
|
|
TM_DEBUG("--- tm_reclaim on pid %d (NIP=%lx, "
|
|
"ccr=%lx, msr=%lx, trap=%lx)\n",
|
|
tsk->pid, thr->regs->nip,
|
|
thr->regs->ccr, thr->regs->msr,
|
|
thr->regs->trap);
|
|
|
|
tm_reclaim_thread(thr, task_thread_info(tsk), TM_CAUSE_RESCHED);
|
|
|
|
TM_DEBUG("--- tm_reclaim on pid %d complete\n",
|
|
tsk->pid);
|
|
|
|
out_and_saveregs:
|
|
/* Always save the regs here, even if a transaction's not active.
|
|
* This context-switches a thread's TM info SPRs. We do it here to
|
|
* be consistent with the restore path (in recheckpoint) which
|
|
* cannot happen later in _switch().
|
|
*/
|
|
tm_save_sprs(thr);
|
|
}
|
|
|
|
extern void __tm_recheckpoint(struct thread_struct *thread,
|
|
unsigned long orig_msr);
|
|
|
|
void tm_recheckpoint(struct thread_struct *thread,
|
|
unsigned long orig_msr)
|
|
{
|
|
unsigned long flags;
|
|
|
|
/* We really can't be interrupted here as the TEXASR registers can't
|
|
* change and later in the trecheckpoint code, we have a userspace R1.
|
|
* So let's hard disable over this region.
|
|
*/
|
|
local_irq_save(flags);
|
|
hard_irq_disable();
|
|
|
|
/* The TM SPRs are restored here, so that TEXASR.FS can be set
|
|
* before the trecheckpoint and no explosion occurs.
|
|
*/
|
|
tm_restore_sprs(thread);
|
|
|
|
__tm_recheckpoint(thread, orig_msr);
|
|
|
|
local_irq_restore(flags);
|
|
}
|
|
|
|
static inline void tm_recheckpoint_new_task(struct task_struct *new)
|
|
{
|
|
unsigned long msr;
|
|
|
|
if (!cpu_has_feature(CPU_FTR_TM))
|
|
return;
|
|
|
|
/* Recheckpoint the registers of the thread we're about to switch to.
|
|
*
|
|
* If the task was using FP, we non-lazily reload both the original and
|
|
* the speculative FP register states. This is because the kernel
|
|
* doesn't see if/when a TM rollback occurs, so if we take an FP
|
|
* unavoidable later, we are unable to determine which set of FP regs
|
|
* need to be restored.
|
|
*/
|
|
if (!new->thread.regs)
|
|
return;
|
|
|
|
if (!MSR_TM_ACTIVE(new->thread.regs->msr)){
|
|
tm_restore_sprs(&new->thread);
|
|
return;
|
|
}
|
|
msr = new->thread.ckpt_regs.msr;
|
|
/* Recheckpoint to restore original checkpointed register state. */
|
|
TM_DEBUG("*** tm_recheckpoint of pid %d "
|
|
"(new->msr 0x%lx, new->origmsr 0x%lx)\n",
|
|
new->pid, new->thread.regs->msr, msr);
|
|
|
|
/* This loads the checkpointed FP/VEC state, if used */
|
|
tm_recheckpoint(&new->thread, msr);
|
|
|
|
/* This loads the speculative FP/VEC state, if used */
|
|
if (msr & MSR_FP) {
|
|
do_load_up_transact_fpu(&new->thread);
|
|
new->thread.regs->msr |=
|
|
(MSR_FP | new->thread.fpexc_mode);
|
|
}
|
|
#ifdef CONFIG_ALTIVEC
|
|
if (msr & MSR_VEC) {
|
|
do_load_up_transact_altivec(&new->thread);
|
|
new->thread.regs->msr |= MSR_VEC;
|
|
}
|
|
#endif
|
|
/* We may as well turn on VSX too since all the state is restored now */
|
|
if (msr & MSR_VSX)
|
|
new->thread.regs->msr |= MSR_VSX;
|
|
|
|
TM_DEBUG("*** tm_recheckpoint of pid %d complete "
|
|
"(kernel msr 0x%lx)\n",
|
|
new->pid, mfmsr());
|
|
}
|
|
|
|
static inline void __switch_to_tm(struct task_struct *prev)
|
|
{
|
|
if (cpu_has_feature(CPU_FTR_TM)) {
|
|
tm_enable();
|
|
tm_reclaim_task(prev);
|
|
}
|
|
}
|
|
|
|
/*
|
|
* This is called if we are on the way out to userspace and the
|
|
* TIF_RESTORE_TM flag is set. It checks if we need to reload
|
|
* FP and/or vector state and does so if necessary.
|
|
* If userspace is inside a transaction (whether active or
|
|
* suspended) and FP/VMX/VSX instructions have ever been enabled
|
|
* inside that transaction, then we have to keep them enabled
|
|
* and keep the FP/VMX/VSX state loaded while ever the transaction
|
|
* continues. The reason is that if we didn't, and subsequently
|
|
* got a FP/VMX/VSX unavailable interrupt inside a transaction,
|
|
* we don't know whether it's the same transaction, and thus we
|
|
* don't know which of the checkpointed state and the transactional
|
|
* state to use.
|
|
*/
|
|
void restore_tm_state(struct pt_regs *regs)
|
|
{
|
|
unsigned long msr_diff;
|
|
|
|
clear_thread_flag(TIF_RESTORE_TM);
|
|
if (!MSR_TM_ACTIVE(regs->msr))
|
|
return;
|
|
|
|
msr_diff = current->thread.ckpt_regs.msr & ~regs->msr;
|
|
msr_diff &= MSR_FP | MSR_VEC | MSR_VSX;
|
|
if (msr_diff & MSR_FP) {
|
|
fp_enable();
|
|
load_fp_state(¤t->thread.fp_state);
|
|
regs->msr |= current->thread.fpexc_mode;
|
|
}
|
|
if (msr_diff & MSR_VEC) {
|
|
vec_enable();
|
|
load_vr_state(¤t->thread.vr_state);
|
|
}
|
|
regs->msr |= msr_diff;
|
|
}
|
|
|
|
#else
|
|
#define tm_recheckpoint_new_task(new)
|
|
#define __switch_to_tm(prev)
|
|
#endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
|
|
|
|
struct task_struct *__switch_to(struct task_struct *prev,
|
|
struct task_struct *new)
|
|
{
|
|
struct thread_struct *new_thread, *old_thread;
|
|
struct task_struct *last;
|
|
#ifdef CONFIG_PPC_BOOK3S_64
|
|
struct ppc64_tlb_batch *batch;
|
|
#endif
|
|
|
|
WARN_ON(!irqs_disabled());
|
|
|
|
/* Back up the TAR and DSCR across context switches.
|
|
* Note that the TAR is not available for use in the kernel. (To
|
|
* provide this, the TAR should be backed up/restored on exception
|
|
* entry/exit instead, and be in pt_regs. FIXME, this should be in
|
|
* pt_regs anyway (for debug).)
|
|
* Save the TAR and DSCR here before we do treclaim/trecheckpoint as
|
|
* these will change them.
|
|
*/
|
|
save_early_sprs(&prev->thread);
|
|
|
|
__switch_to_tm(prev);
|
|
|
|
#ifdef CONFIG_SMP
|
|
/* avoid complexity of lazy save/restore of fpu
|
|
* by just saving it every time we switch out if
|
|
* this task used the fpu during the last quantum.
|
|
*
|
|
* If it tries to use the fpu again, it'll trap and
|
|
* reload its fp regs. So we don't have to do a restore
|
|
* every switch, just a save.
|
|
* -- Cort
|
|
*/
|
|
if (prev->thread.regs && (prev->thread.regs->msr & MSR_FP))
|
|
giveup_fpu(prev);
|
|
#ifdef CONFIG_ALTIVEC
|
|
/*
|
|
* If the previous thread used altivec in the last quantum
|
|
* (thus changing altivec regs) then save them.
|
|
* We used to check the VRSAVE register but not all apps
|
|
* set it, so we don't rely on it now (and in fact we need
|
|
* to save & restore VSCR even if VRSAVE == 0). -- paulus
|
|
*
|
|
* On SMP we always save/restore altivec regs just to avoid the
|
|
* complexity of changing processors.
|
|
* -- Cort
|
|
*/
|
|
if (prev->thread.regs && (prev->thread.regs->msr & MSR_VEC))
|
|
giveup_altivec(prev);
|
|
#endif /* CONFIG_ALTIVEC */
|
|
#ifdef CONFIG_VSX
|
|
if (prev->thread.regs && (prev->thread.regs->msr & MSR_VSX))
|
|
/* VMX and FPU registers are already save here */
|
|
__giveup_vsx(prev);
|
|
#endif /* CONFIG_VSX */
|
|
#ifdef CONFIG_SPE
|
|
/*
|
|
* If the previous thread used spe in the last quantum
|
|
* (thus changing spe regs) then save them.
|
|
*
|
|
* On SMP we always save/restore spe regs just to avoid the
|
|
* complexity of changing processors.
|
|
*/
|
|
if ((prev->thread.regs && (prev->thread.regs->msr & MSR_SPE)))
|
|
giveup_spe(prev);
|
|
#endif /* CONFIG_SPE */
|
|
|
|
#else /* CONFIG_SMP */
|
|
#ifdef CONFIG_ALTIVEC
|
|
/* Avoid the trap. On smp this this never happens since
|
|
* we don't set last_task_used_altivec -- Cort
|
|
*/
|
|
if (new->thread.regs && last_task_used_altivec == new)
|
|
new->thread.regs->msr |= MSR_VEC;
|
|
#endif /* CONFIG_ALTIVEC */
|
|
#ifdef CONFIG_VSX
|
|
if (new->thread.regs && last_task_used_vsx == new)
|
|
new->thread.regs->msr |= MSR_VSX;
|
|
#endif /* CONFIG_VSX */
|
|
#ifdef CONFIG_SPE
|
|
/* Avoid the trap. On smp this this never happens since
|
|
* we don't set last_task_used_spe
|
|
*/
|
|
if (new->thread.regs && last_task_used_spe == new)
|
|
new->thread.regs->msr |= MSR_SPE;
|
|
#endif /* CONFIG_SPE */
|
|
|
|
#endif /* CONFIG_SMP */
|
|
|
|
#ifdef CONFIG_PPC_ADV_DEBUG_REGS
|
|
switch_booke_debug_regs(&new->thread.debug);
|
|
#else
|
|
/*
|
|
* For PPC_BOOK3S_64, we use the hw-breakpoint interfaces that would
|
|
* schedule DABR
|
|
*/
|
|
#ifndef CONFIG_HAVE_HW_BREAKPOINT
|
|
if (unlikely(!hw_brk_match(this_cpu_ptr(¤t_brk), &new->thread.hw_brk)))
|
|
__set_breakpoint(&new->thread.hw_brk);
|
|
#endif /* CONFIG_HAVE_HW_BREAKPOINT */
|
|
#endif
|
|
|
|
|
|
new_thread = &new->thread;
|
|
old_thread = ¤t->thread;
|
|
|
|
#ifdef CONFIG_PPC64
|
|
/*
|
|
* Collect processor utilization data per process
|
|
*/
|
|
if (firmware_has_feature(FW_FEATURE_SPLPAR)) {
|
|
struct cpu_usage *cu = this_cpu_ptr(&cpu_usage_array);
|
|
long unsigned start_tb, current_tb;
|
|
start_tb = old_thread->start_tb;
|
|
cu->current_tb = current_tb = mfspr(SPRN_PURR);
|
|
old_thread->accum_tb += (current_tb - start_tb);
|
|
new_thread->start_tb = current_tb;
|
|
}
|
|
#endif /* CONFIG_PPC64 */
|
|
|
|
#ifdef CONFIG_PPC_BOOK3S_64
|
|
batch = this_cpu_ptr(&ppc64_tlb_batch);
|
|
if (batch->active) {
|
|
current_thread_info()->local_flags |= _TLF_LAZY_MMU;
|
|
if (batch->index)
|
|
__flush_tlb_pending(batch);
|
|
batch->active = 0;
|
|
}
|
|
#endif /* CONFIG_PPC_BOOK3S_64 */
|
|
|
|
/*
|
|
* We can't take a PMU exception inside _switch() since there is a
|
|
* window where the kernel stack SLB and the kernel stack are out
|
|
* of sync. Hard disable here.
|
|
*/
|
|
hard_irq_disable();
|
|
|
|
tm_recheckpoint_new_task(new);
|
|
|
|
last = _switch(old_thread, new_thread);
|
|
|
|
#ifdef CONFIG_PPC_BOOK3S_64
|
|
if (current_thread_info()->local_flags & _TLF_LAZY_MMU) {
|
|
current_thread_info()->local_flags &= ~_TLF_LAZY_MMU;
|
|
batch = this_cpu_ptr(&ppc64_tlb_batch);
|
|
batch->active = 1;
|
|
}
|
|
#endif /* CONFIG_PPC_BOOK3S_64 */
|
|
|
|
return last;
|
|
}
|
|
|
|
static int instructions_to_print = 16;
|
|
|
|
static void show_instructions(struct pt_regs *regs)
|
|
{
|
|
int i;
|
|
unsigned long pc = regs->nip - (instructions_to_print * 3 / 4 *
|
|
sizeof(int));
|
|
|
|
printk("Instruction dump:");
|
|
|
|
for (i = 0; i < instructions_to_print; i++) {
|
|
int instr;
|
|
|
|
if (!(i % 8))
|
|
printk("\n");
|
|
|
|
#if !defined(CONFIG_BOOKE)
|
|
/* If executing with the IMMU off, adjust pc rather
|
|
* than print XXXXXXXX.
|
|
*/
|
|
if (!(regs->msr & MSR_IR))
|
|
pc = (unsigned long)phys_to_virt(pc);
|
|
#endif
|
|
|
|
if (!__kernel_text_address(pc) ||
|
|
probe_kernel_address((unsigned int __user *)pc, instr)) {
|
|
printk(KERN_CONT "XXXXXXXX ");
|
|
} else {
|
|
if (regs->nip == pc)
|
|
printk(KERN_CONT "<%08x> ", instr);
|
|
else
|
|
printk(KERN_CONT "%08x ", instr);
|
|
}
|
|
|
|
pc += sizeof(int);
|
|
}
|
|
|
|
printk("\n");
|
|
}
|
|
|
|
static struct regbit {
|
|
unsigned long bit;
|
|
const char *name;
|
|
} msr_bits[] = {
|
|
#if defined(CONFIG_PPC64) && !defined(CONFIG_BOOKE)
|
|
{MSR_SF, "SF"},
|
|
{MSR_HV, "HV"},
|
|
#endif
|
|
{MSR_VEC, "VEC"},
|
|
{MSR_VSX, "VSX"},
|
|
#ifdef CONFIG_BOOKE
|
|
{MSR_CE, "CE"},
|
|
#endif
|
|
{MSR_EE, "EE"},
|
|
{MSR_PR, "PR"},
|
|
{MSR_FP, "FP"},
|
|
{MSR_ME, "ME"},
|
|
#ifdef CONFIG_BOOKE
|
|
{MSR_DE, "DE"},
|
|
#else
|
|
{MSR_SE, "SE"},
|
|
{MSR_BE, "BE"},
|
|
#endif
|
|
{MSR_IR, "IR"},
|
|
{MSR_DR, "DR"},
|
|
{MSR_PMM, "PMM"},
|
|
#ifndef CONFIG_BOOKE
|
|
{MSR_RI, "RI"},
|
|
{MSR_LE, "LE"},
|
|
#endif
|
|
{0, NULL}
|
|
};
|
|
|
|
static void printbits(unsigned long val, struct regbit *bits)
|
|
{
|
|
const char *sep = "";
|
|
|
|
printk("<");
|
|
for (; bits->bit; ++bits)
|
|
if (val & bits->bit) {
|
|
printk("%s%s", sep, bits->name);
|
|
sep = ",";
|
|
}
|
|
printk(">");
|
|
}
|
|
|
|
#ifdef CONFIG_PPC64
|
|
#define REG "%016lx"
|
|
#define REGS_PER_LINE 4
|
|
#define LAST_VOLATILE 13
|
|
#else
|
|
#define REG "%08lx"
|
|
#define REGS_PER_LINE 8
|
|
#define LAST_VOLATILE 12
|
|
#endif
|
|
|
|
void show_regs(struct pt_regs * regs)
|
|
{
|
|
int i, trap;
|
|
|
|
show_regs_print_info(KERN_DEFAULT);
|
|
|
|
printk("NIP: "REG" LR: "REG" CTR: "REG"\n",
|
|
regs->nip, regs->link, regs->ctr);
|
|
printk("REGS: %p TRAP: %04lx %s (%s)\n",
|
|
regs, regs->trap, print_tainted(), init_utsname()->release);
|
|
printk("MSR: "REG" ", regs->msr);
|
|
printbits(regs->msr, msr_bits);
|
|
printk(" CR: %08lx XER: %08lx\n", regs->ccr, regs->xer);
|
|
trap = TRAP(regs);
|
|
if ((regs->trap != 0xc00) && cpu_has_feature(CPU_FTR_CFAR))
|
|
printk("CFAR: "REG" ", regs->orig_gpr3);
|
|
if (trap == 0x200 || trap == 0x300 || trap == 0x600)
|
|
#if defined(CONFIG_4xx) || defined(CONFIG_BOOKE)
|
|
printk("DEAR: "REG" ESR: "REG" ", regs->dar, regs->dsisr);
|
|
#else
|
|
printk("DAR: "REG" DSISR: %08lx ", regs->dar, regs->dsisr);
|
|
#endif
|
|
#ifdef CONFIG_PPC64
|
|
printk("SOFTE: %ld ", regs->softe);
|
|
#endif
|
|
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
|
|
if (MSR_TM_ACTIVE(regs->msr))
|
|
printk("\nPACATMSCRATCH: %016llx ", get_paca()->tm_scratch);
|
|
#endif
|
|
|
|
for (i = 0; i < 32; i++) {
|
|
if ((i % REGS_PER_LINE) == 0)
|
|
printk("\nGPR%02d: ", i);
|
|
printk(REG " ", regs->gpr[i]);
|
|
if (i == LAST_VOLATILE && !FULL_REGS(regs))
|
|
break;
|
|
}
|
|
printk("\n");
|
|
#ifdef CONFIG_KALLSYMS
|
|
/*
|
|
* Lookup NIP late so we have the best change of getting the
|
|
* above info out without failing
|
|
*/
|
|
printk("NIP ["REG"] %pS\n", regs->nip, (void *)regs->nip);
|
|
printk("LR ["REG"] %pS\n", regs->link, (void *)regs->link);
|
|
#endif
|
|
show_stack(current, (unsigned long *) regs->gpr[1]);
|
|
if (!user_mode(regs))
|
|
show_instructions(regs);
|
|
}
|
|
|
|
void exit_thread(void)
|
|
{
|
|
discard_lazy_cpu_state();
|
|
}
|
|
|
|
void flush_thread(void)
|
|
{
|
|
discard_lazy_cpu_state();
|
|
|
|
#ifdef CONFIG_HAVE_HW_BREAKPOINT
|
|
flush_ptrace_hw_breakpoint(current);
|
|
#else /* CONFIG_HAVE_HW_BREAKPOINT */
|
|
set_debug_reg_defaults(¤t->thread);
|
|
#endif /* CONFIG_HAVE_HW_BREAKPOINT */
|
|
}
|
|
|
|
void
|
|
release_thread(struct task_struct *t)
|
|
{
|
|
}
|
|
|
|
/*
|
|
* this gets called so that we can store coprocessor state into memory and
|
|
* copy the current task into the new thread.
|
|
*/
|
|
int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src)
|
|
{
|
|
flush_fp_to_thread(src);
|
|
flush_altivec_to_thread(src);
|
|
flush_vsx_to_thread(src);
|
|
flush_spe_to_thread(src);
|
|
/*
|
|
* Flush TM state out so we can copy it. __switch_to_tm() does this
|
|
* flush but it removes the checkpointed state from the current CPU and
|
|
* transitions the CPU out of TM mode. Hence we need to call
|
|
* tm_recheckpoint_new_task() (on the same task) to restore the
|
|
* checkpointed state back and the TM mode.
|
|
*/
|
|
__switch_to_tm(src);
|
|
tm_recheckpoint_new_task(src);
|
|
|
|
*dst = *src;
|
|
|
|
clear_task_ebb(dst);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void setup_ksp_vsid(struct task_struct *p, unsigned long sp)
|
|
{
|
|
#ifdef CONFIG_PPC_STD_MMU_64
|
|
unsigned long sp_vsid;
|
|
unsigned long llp = mmu_psize_defs[mmu_linear_psize].sllp;
|
|
|
|
if (mmu_has_feature(MMU_FTR_1T_SEGMENT))
|
|
sp_vsid = get_kernel_vsid(sp, MMU_SEGSIZE_1T)
|
|
<< SLB_VSID_SHIFT_1T;
|
|
else
|
|
sp_vsid = get_kernel_vsid(sp, MMU_SEGSIZE_256M)
|
|
<< SLB_VSID_SHIFT;
|
|
sp_vsid |= SLB_VSID_KERNEL | llp;
|
|
p->thread.ksp_vsid = sp_vsid;
|
|
#endif
|
|
}
|
|
|
|
/*
|
|
* Copy a thread..
|
|
*/
|
|
|
|
/*
|
|
* Copy architecture-specific thread state
|
|
*/
|
|
int copy_thread(unsigned long clone_flags, unsigned long usp,
|
|
unsigned long kthread_arg, struct task_struct *p)
|
|
{
|
|
struct pt_regs *childregs, *kregs;
|
|
extern void ret_from_fork(void);
|
|
extern void ret_from_kernel_thread(void);
|
|
void (*f)(void);
|
|
unsigned long sp = (unsigned long)task_stack_page(p) + THREAD_SIZE;
|
|
|
|
/* Copy registers */
|
|
sp -= sizeof(struct pt_regs);
|
|
childregs = (struct pt_regs *) sp;
|
|
if (unlikely(p->flags & PF_KTHREAD)) {
|
|
/* kernel thread */
|
|
struct thread_info *ti = (void *)task_stack_page(p);
|
|
memset(childregs, 0, sizeof(struct pt_regs));
|
|
childregs->gpr[1] = sp + sizeof(struct pt_regs);
|
|
/* function */
|
|
if (usp)
|
|
childregs->gpr[14] = ppc_function_entry((void *)usp);
|
|
#ifdef CONFIG_PPC64
|
|
clear_tsk_thread_flag(p, TIF_32BIT);
|
|
childregs->softe = 1;
|
|
#endif
|
|
childregs->gpr[15] = kthread_arg;
|
|
p->thread.regs = NULL; /* no user register state */
|
|
ti->flags |= _TIF_RESTOREALL;
|
|
f = ret_from_kernel_thread;
|
|
} else {
|
|
/* user thread */
|
|
struct pt_regs *regs = current_pt_regs();
|
|
CHECK_FULL_REGS(regs);
|
|
*childregs = *regs;
|
|
if (usp)
|
|
childregs->gpr[1] = usp;
|
|
p->thread.regs = childregs;
|
|
childregs->gpr[3] = 0; /* Result from fork() */
|
|
if (clone_flags & CLONE_SETTLS) {
|
|
#ifdef CONFIG_PPC64
|
|
if (!is_32bit_task())
|
|
childregs->gpr[13] = childregs->gpr[6];
|
|
else
|
|
#endif
|
|
childregs->gpr[2] = childregs->gpr[6];
|
|
}
|
|
|
|
f = ret_from_fork;
|
|
}
|
|
sp -= STACK_FRAME_OVERHEAD;
|
|
|
|
/*
|
|
* The way this works is that at some point in the future
|
|
* some task will call _switch to switch to the new task.
|
|
* That will pop off the stack frame created below and start
|
|
* the new task running at ret_from_fork. The new task will
|
|
* do some house keeping and then return from the fork or clone
|
|
* system call, using the stack frame created above.
|
|
*/
|
|
((unsigned long *)sp)[0] = 0;
|
|
sp -= sizeof(struct pt_regs);
|
|
kregs = (struct pt_regs *) sp;
|
|
sp -= STACK_FRAME_OVERHEAD;
|
|
p->thread.ksp = sp;
|
|
#ifdef CONFIG_PPC32
|
|
p->thread.ksp_limit = (unsigned long)task_stack_page(p) +
|
|
_ALIGN_UP(sizeof(struct thread_info), 16);
|
|
#endif
|
|
#ifdef CONFIG_HAVE_HW_BREAKPOINT
|
|
p->thread.ptrace_bps[0] = NULL;
|
|
#endif
|
|
|
|
p->thread.fp_save_area = NULL;
|
|
#ifdef CONFIG_ALTIVEC
|
|
p->thread.vr_save_area = NULL;
|
|
#endif
|
|
|
|
setup_ksp_vsid(p, sp);
|
|
|
|
#ifdef CONFIG_PPC64
|
|
if (cpu_has_feature(CPU_FTR_DSCR)) {
|
|
p->thread.dscr_inherit = current->thread.dscr_inherit;
|
|
p->thread.dscr = current->thread.dscr;
|
|
}
|
|
if (cpu_has_feature(CPU_FTR_HAS_PPR))
|
|
p->thread.ppr = INIT_PPR;
|
|
#endif
|
|
kregs->nip = ppc_function_entry(f);
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* Set up a thread for executing a new program
|
|
*/
|
|
void start_thread(struct pt_regs *regs, unsigned long start, unsigned long sp)
|
|
{
|
|
#ifdef CONFIG_PPC64
|
|
unsigned long load_addr = regs->gpr[2]; /* saved by ELF_PLAT_INIT */
|
|
#endif
|
|
|
|
/*
|
|
* If we exec out of a kernel thread then thread.regs will not be
|
|
* set. Do it now.
|
|
*/
|
|
if (!current->thread.regs) {
|
|
struct pt_regs *regs = task_stack_page(current) + THREAD_SIZE;
|
|
current->thread.regs = regs - 1;
|
|
}
|
|
|
|
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
|
|
/*
|
|
* Clear any transactional state, we're exec()ing. The cause is
|
|
* not important as there will never be a recheckpoint so it's not
|
|
* user visible.
|
|
*/
|
|
if (MSR_TM_SUSPENDED(mfmsr()))
|
|
tm_reclaim_current(0);
|
|
#endif
|
|
|
|
memset(regs->gpr, 0, sizeof(regs->gpr));
|
|
regs->ctr = 0;
|
|
regs->link = 0;
|
|
regs->xer = 0;
|
|
regs->ccr = 0;
|
|
regs->gpr[1] = sp;
|
|
|
|
/*
|
|
* We have just cleared all the nonvolatile GPRs, so make
|
|
* FULL_REGS(regs) return true. This is necessary to allow
|
|
* ptrace to examine the thread immediately after exec.
|
|
*/
|
|
regs->trap &= ~1UL;
|
|
|
|
#ifdef CONFIG_PPC32
|
|
regs->mq = 0;
|
|
regs->nip = start;
|
|
regs->msr = MSR_USER;
|
|
#else
|
|
if (!is_32bit_task()) {
|
|
unsigned long entry;
|
|
|
|
if (is_elf2_task()) {
|
|
/* Look ma, no function descriptors! */
|
|
entry = start;
|
|
|
|
/*
|
|
* Ulrich says:
|
|
* The latest iteration of the ABI requires that when
|
|
* calling a function (at its global entry point),
|
|
* the caller must ensure r12 holds the entry point
|
|
* address (so that the function can quickly
|
|
* establish addressability).
|
|
*/
|
|
regs->gpr[12] = start;
|
|
/* Make sure that's restored on entry to userspace. */
|
|
set_thread_flag(TIF_RESTOREALL);
|
|
} else {
|
|
unsigned long toc;
|
|
|
|
/* start is a relocated pointer to the function
|
|
* descriptor for the elf _start routine. The first
|
|
* entry in the function descriptor is the entry
|
|
* address of _start and the second entry is the TOC
|
|
* value we need to use.
|
|
*/
|
|
__get_user(entry, (unsigned long __user *)start);
|
|
__get_user(toc, (unsigned long __user *)start+1);
|
|
|
|
/* Check whether the e_entry function descriptor entries
|
|
* need to be relocated before we can use them.
|
|
*/
|
|
if (load_addr != 0) {
|
|
entry += load_addr;
|
|
toc += load_addr;
|
|
}
|
|
regs->gpr[2] = toc;
|
|
}
|
|
regs->nip = entry;
|
|
regs->msr = MSR_USER64;
|
|
} else {
|
|
regs->nip = start;
|
|
regs->gpr[2] = 0;
|
|
regs->msr = MSR_USER32;
|
|
}
|
|
#endif
|
|
discard_lazy_cpu_state();
|
|
#ifdef CONFIG_VSX
|
|
current->thread.used_vsr = 0;
|
|
#endif
|
|
memset(¤t->thread.fp_state, 0, sizeof(current->thread.fp_state));
|
|
current->thread.fp_save_area = NULL;
|
|
#ifdef CONFIG_ALTIVEC
|
|
memset(¤t->thread.vr_state, 0, sizeof(current->thread.vr_state));
|
|
current->thread.vr_state.vscr.u[3] = 0x00010000; /* Java mode disabled */
|
|
current->thread.vr_save_area = NULL;
|
|
current->thread.vrsave = 0;
|
|
current->thread.used_vr = 0;
|
|
#endif /* CONFIG_ALTIVEC */
|
|
#ifdef CONFIG_SPE
|
|
memset(current->thread.evr, 0, sizeof(current->thread.evr));
|
|
current->thread.acc = 0;
|
|
current->thread.spefscr = 0;
|
|
current->thread.used_spe = 0;
|
|
#endif /* CONFIG_SPE */
|
|
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
|
|
if (cpu_has_feature(CPU_FTR_TM))
|
|
regs->msr |= MSR_TM;
|
|
current->thread.tm_tfhar = 0;
|
|
current->thread.tm_texasr = 0;
|
|
current->thread.tm_tfiar = 0;
|
|
#endif /* CONFIG_PPC_TRANSACTIONAL_MEM */
|
|
}
|
|
EXPORT_SYMBOL(start_thread);
|
|
|
|
#define PR_FP_ALL_EXCEPT (PR_FP_EXC_DIV | PR_FP_EXC_OVF | PR_FP_EXC_UND \
|
|
| PR_FP_EXC_RES | PR_FP_EXC_INV)
|
|
|
|
int set_fpexc_mode(struct task_struct *tsk, unsigned int val)
|
|
{
|
|
struct pt_regs *regs = tsk->thread.regs;
|
|
|
|
/* This is a bit hairy. If we are an SPE enabled processor
|
|
* (have embedded fp) we store the IEEE exception enable flags in
|
|
* fpexc_mode. fpexc_mode is also used for setting FP exception
|
|
* mode (asyn, precise, disabled) for 'Classic' FP. */
|
|
if (val & PR_FP_EXC_SW_ENABLE) {
|
|
#ifdef CONFIG_SPE
|
|
if (cpu_has_feature(CPU_FTR_SPE)) {
|
|
/*
|
|
* When the sticky exception bits are set
|
|
* directly by userspace, it must call prctl
|
|
* with PR_GET_FPEXC (with PR_FP_EXC_SW_ENABLE
|
|
* in the existing prctl settings) or
|
|
* PR_SET_FPEXC (with PR_FP_EXC_SW_ENABLE in
|
|
* the bits being set). <fenv.h> functions
|
|
* saving and restoring the whole
|
|
* floating-point environment need to do so
|
|
* anyway to restore the prctl settings from
|
|
* the saved environment.
|
|
*/
|
|
tsk->thread.spefscr_last = mfspr(SPRN_SPEFSCR);
|
|
tsk->thread.fpexc_mode = val &
|
|
(PR_FP_EXC_SW_ENABLE | PR_FP_ALL_EXCEPT);
|
|
return 0;
|
|
} else {
|
|
return -EINVAL;
|
|
}
|
|
#else
|
|
return -EINVAL;
|
|
#endif
|
|
}
|
|
|
|
/* on a CONFIG_SPE this does not hurt us. The bits that
|
|
* __pack_fe01 use do not overlap with bits used for
|
|
* PR_FP_EXC_SW_ENABLE. Additionally, the MSR[FE0,FE1] bits
|
|
* on CONFIG_SPE implementations are reserved so writing to
|
|
* them does not change anything */
|
|
if (val > PR_FP_EXC_PRECISE)
|
|
return -EINVAL;
|
|
tsk->thread.fpexc_mode = __pack_fe01(val);
|
|
if (regs != NULL && (regs->msr & MSR_FP) != 0)
|
|
regs->msr = (regs->msr & ~(MSR_FE0|MSR_FE1))
|
|
| tsk->thread.fpexc_mode;
|
|
return 0;
|
|
}
|
|
|
|
int get_fpexc_mode(struct task_struct *tsk, unsigned long adr)
|
|
{
|
|
unsigned int val;
|
|
|
|
if (tsk->thread.fpexc_mode & PR_FP_EXC_SW_ENABLE)
|
|
#ifdef CONFIG_SPE
|
|
if (cpu_has_feature(CPU_FTR_SPE)) {
|
|
/*
|
|
* When the sticky exception bits are set
|
|
* directly by userspace, it must call prctl
|
|
* with PR_GET_FPEXC (with PR_FP_EXC_SW_ENABLE
|
|
* in the existing prctl settings) or
|
|
* PR_SET_FPEXC (with PR_FP_EXC_SW_ENABLE in
|
|
* the bits being set). <fenv.h> functions
|
|
* saving and restoring the whole
|
|
* floating-point environment need to do so
|
|
* anyway to restore the prctl settings from
|
|
* the saved environment.
|
|
*/
|
|
tsk->thread.spefscr_last = mfspr(SPRN_SPEFSCR);
|
|
val = tsk->thread.fpexc_mode;
|
|
} else
|
|
return -EINVAL;
|
|
#else
|
|
return -EINVAL;
|
|
#endif
|
|
else
|
|
val = __unpack_fe01(tsk->thread.fpexc_mode);
|
|
return put_user(val, (unsigned int __user *) adr);
|
|
}
|
|
|
|
int set_endian(struct task_struct *tsk, unsigned int val)
|
|
{
|
|
struct pt_regs *regs = tsk->thread.regs;
|
|
|
|
if ((val == PR_ENDIAN_LITTLE && !cpu_has_feature(CPU_FTR_REAL_LE)) ||
|
|
(val == PR_ENDIAN_PPC_LITTLE && !cpu_has_feature(CPU_FTR_PPC_LE)))
|
|
return -EINVAL;
|
|
|
|
if (regs == NULL)
|
|
return -EINVAL;
|
|
|
|
if (val == PR_ENDIAN_BIG)
|
|
regs->msr &= ~MSR_LE;
|
|
else if (val == PR_ENDIAN_LITTLE || val == PR_ENDIAN_PPC_LITTLE)
|
|
regs->msr |= MSR_LE;
|
|
else
|
|
return -EINVAL;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int get_endian(struct task_struct *tsk, unsigned long adr)
|
|
{
|
|
struct pt_regs *regs = tsk->thread.regs;
|
|
unsigned int val;
|
|
|
|
if (!cpu_has_feature(CPU_FTR_PPC_LE) &&
|
|
!cpu_has_feature(CPU_FTR_REAL_LE))
|
|
return -EINVAL;
|
|
|
|
if (regs == NULL)
|
|
return -EINVAL;
|
|
|
|
if (regs->msr & MSR_LE) {
|
|
if (cpu_has_feature(CPU_FTR_REAL_LE))
|
|
val = PR_ENDIAN_LITTLE;
|
|
else
|
|
val = PR_ENDIAN_PPC_LITTLE;
|
|
} else
|
|
val = PR_ENDIAN_BIG;
|
|
|
|
return put_user(val, (unsigned int __user *)adr);
|
|
}
|
|
|
|
int set_unalign_ctl(struct task_struct *tsk, unsigned int val)
|
|
{
|
|
tsk->thread.align_ctl = val;
|
|
return 0;
|
|
}
|
|
|
|
int get_unalign_ctl(struct task_struct *tsk, unsigned long adr)
|
|
{
|
|
return put_user(tsk->thread.align_ctl, (unsigned int __user *)adr);
|
|
}
|
|
|
|
static inline int valid_irq_stack(unsigned long sp, struct task_struct *p,
|
|
unsigned long nbytes)
|
|
{
|
|
unsigned long stack_page;
|
|
unsigned long cpu = task_cpu(p);
|
|
|
|
/*
|
|
* Avoid crashing if the stack has overflowed and corrupted
|
|
* task_cpu(p), which is in the thread_info struct.
|
|
*/
|
|
if (cpu < NR_CPUS && cpu_possible(cpu)) {
|
|
stack_page = (unsigned long) hardirq_ctx[cpu];
|
|
if (sp >= stack_page + sizeof(struct thread_struct)
|
|
&& sp <= stack_page + THREAD_SIZE - nbytes)
|
|
return 1;
|
|
|
|
stack_page = (unsigned long) softirq_ctx[cpu];
|
|
if (sp >= stack_page + sizeof(struct thread_struct)
|
|
&& sp <= stack_page + THREAD_SIZE - nbytes)
|
|
return 1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int validate_sp(unsigned long sp, struct task_struct *p,
|
|
unsigned long nbytes)
|
|
{
|
|
unsigned long stack_page = (unsigned long)task_stack_page(p);
|
|
|
|
if (sp >= stack_page + sizeof(struct thread_struct)
|
|
&& sp <= stack_page + THREAD_SIZE - nbytes)
|
|
return 1;
|
|
|
|
return valid_irq_stack(sp, p, nbytes);
|
|
}
|
|
|
|
EXPORT_SYMBOL(validate_sp);
|
|
|
|
unsigned long get_wchan(struct task_struct *p)
|
|
{
|
|
unsigned long ip, sp;
|
|
int count = 0;
|
|
|
|
if (!p || p == current || p->state == TASK_RUNNING)
|
|
return 0;
|
|
|
|
sp = p->thread.ksp;
|
|
if (!validate_sp(sp, p, STACK_FRAME_OVERHEAD))
|
|
return 0;
|
|
|
|
do {
|
|
sp = *(unsigned long *)sp;
|
|
if (!validate_sp(sp, p, STACK_FRAME_OVERHEAD))
|
|
return 0;
|
|
if (count > 0) {
|
|
ip = ((unsigned long *)sp)[STACK_FRAME_LR_SAVE];
|
|
if (!in_sched_functions(ip))
|
|
return ip;
|
|
}
|
|
} while (count++ < 16);
|
|
return 0;
|
|
}
|
|
|
|
static int kstack_depth_to_print = CONFIG_PRINT_STACK_DEPTH;
|
|
|
|
void show_stack(struct task_struct *tsk, unsigned long *stack)
|
|
{
|
|
unsigned long sp, ip, lr, newsp;
|
|
int count = 0;
|
|
int firstframe = 1;
|
|
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
|
|
int curr_frame = current->curr_ret_stack;
|
|
extern void return_to_handler(void);
|
|
unsigned long rth = (unsigned long)return_to_handler;
|
|
#endif
|
|
|
|
sp = (unsigned long) stack;
|
|
if (tsk == NULL)
|
|
tsk = current;
|
|
if (sp == 0) {
|
|
if (tsk == current)
|
|
sp = current_stack_pointer();
|
|
else
|
|
sp = tsk->thread.ksp;
|
|
}
|
|
|
|
lr = 0;
|
|
printk("Call Trace:\n");
|
|
do {
|
|
if (!validate_sp(sp, tsk, STACK_FRAME_OVERHEAD))
|
|
return;
|
|
|
|
stack = (unsigned long *) sp;
|
|
newsp = stack[0];
|
|
ip = stack[STACK_FRAME_LR_SAVE];
|
|
if (!firstframe || ip != lr) {
|
|
printk("["REG"] ["REG"] %pS", sp, ip, (void *)ip);
|
|
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
|
|
if ((ip == rth) && curr_frame >= 0) {
|
|
printk(" (%pS)",
|
|
(void *)current->ret_stack[curr_frame].ret);
|
|
curr_frame--;
|
|
}
|
|
#endif
|
|
if (firstframe)
|
|
printk(" (unreliable)");
|
|
printk("\n");
|
|
}
|
|
firstframe = 0;
|
|
|
|
/*
|
|
* See if this is an exception frame.
|
|
* We look for the "regshere" marker in the current frame.
|
|
*/
|
|
if (validate_sp(sp, tsk, STACK_INT_FRAME_SIZE)
|
|
&& stack[STACK_FRAME_MARKER] == STACK_FRAME_REGS_MARKER) {
|
|
struct pt_regs *regs = (struct pt_regs *)
|
|
(sp + STACK_FRAME_OVERHEAD);
|
|
lr = regs->link;
|
|
printk("--- interrupt: %lx at %pS\n LR = %pS\n",
|
|
regs->trap, (void *)regs->nip, (void *)lr);
|
|
firstframe = 1;
|
|
}
|
|
|
|
sp = newsp;
|
|
} while (count++ < kstack_depth_to_print);
|
|
}
|
|
|
|
#ifdef CONFIG_PPC64
|
|
/* Called with hard IRQs off */
|
|
void notrace __ppc64_runlatch_on(void)
|
|
{
|
|
struct thread_info *ti = current_thread_info();
|
|
unsigned long ctrl;
|
|
|
|
ctrl = mfspr(SPRN_CTRLF);
|
|
ctrl |= CTRL_RUNLATCH;
|
|
mtspr(SPRN_CTRLT, ctrl);
|
|
|
|
ti->local_flags |= _TLF_RUNLATCH;
|
|
}
|
|
|
|
/* Called with hard IRQs off */
|
|
void notrace __ppc64_runlatch_off(void)
|
|
{
|
|
struct thread_info *ti = current_thread_info();
|
|
unsigned long ctrl;
|
|
|
|
ti->local_flags &= ~_TLF_RUNLATCH;
|
|
|
|
ctrl = mfspr(SPRN_CTRLF);
|
|
ctrl &= ~CTRL_RUNLATCH;
|
|
mtspr(SPRN_CTRLT, ctrl);
|
|
}
|
|
#endif /* CONFIG_PPC64 */
|
|
|
|
unsigned long arch_align_stack(unsigned long sp)
|
|
{
|
|
if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
|
|
sp -= get_random_int() & ~PAGE_MASK;
|
|
return sp & ~0xf;
|
|
}
|
|
|
|
static inline unsigned long brk_rnd(void)
|
|
{
|
|
unsigned long rnd = 0;
|
|
|
|
/* 8MB for 32bit, 1GB for 64bit */
|
|
if (is_32bit_task())
|
|
rnd = (get_random_long() % (1UL<<(23-PAGE_SHIFT)));
|
|
else
|
|
rnd = (get_random_long() % (1UL<<(30-PAGE_SHIFT)));
|
|
|
|
return rnd << PAGE_SHIFT;
|
|
}
|
|
|
|
unsigned long arch_randomize_brk(struct mm_struct *mm)
|
|
{
|
|
unsigned long base = mm->brk;
|
|
unsigned long ret;
|
|
|
|
#ifdef CONFIG_PPC_STD_MMU_64
|
|
/*
|
|
* If we are using 1TB segments and we are allowed to randomise
|
|
* the heap, we can put it above 1TB so it is backed by a 1TB
|
|
* segment. Otherwise the heap will be in the bottom 1TB
|
|
* which always uses 256MB segments and this may result in a
|
|
* performance penalty.
|
|
*/
|
|
if (!is_32bit_task() && (mmu_highuser_ssize == MMU_SEGSIZE_1T))
|
|
base = max_t(unsigned long, mm->brk, 1UL << SID_SHIFT_1T);
|
|
#endif
|
|
|
|
ret = PAGE_ALIGN(base + brk_rnd());
|
|
|
|
if (ret < mm->brk)
|
|
return mm->brk;
|
|
|
|
return ret;
|
|
}
|
|
|