--- /dev/null
+From c58a584f05e35d1d4342923cd7aac07d9c3d3d16 Mon Sep 17 00:00:00 2001
+From: Vineet Gupta <vgupta@synopsys.com>
+Date: Fri, 5 Oct 2018 12:48:48 -0700
+Subject: ARC: clone syscall to setp r25 as thread pointer
+
+From: Vineet Gupta <vgupta@synopsys.com>
+
+commit c58a584f05e35d1d4342923cd7aac07d9c3d3d16 upstream.
+
+Per ARC TLS ABI, r25 is designated TP (thread pointer register).
+However so far kernel didn't do any special treatment, like setting up
+usermode r25, even for CLONE_SETTLS. We instead relied on libc runtime
+to do this, in say clone libc wrapper [1]. This was deliberate to keep
+kernel ABI agnostic (userspace could potentially change TP, specially
+for different ARC ISA say ARCompact vs. ARCv2 with different spare
+registers etc)
+
+However userspace setting up r25, after clone syscall opens a race, if
+child is not scheduled and gets a signal instead. It starts off in
+userspace not in clone but in a signal handler and anything TP sepcific
+there such as pthread_self() fails which showed up with uClibc
+testsuite nptl/tst-kill6 [2]
+
+Fix this by having kernel populate r25 to TP value. So this locks in
+ABI, but it was not going to change anyways, and fwiw is same for both
+ARCompact (arc700 core) and ARCvs (HS3x cores)
+
+[1] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/sysdeps/linux/arc/clone.S
+[2] https://github.com/wbx-github/uclibc-ng-test/blob/master/test/nptl/tst-kill6.c
+
+Fixes: ARC STAR 9001378481
+Cc: stable@vger.kernel.org
+Reported-by: Nikita Sobolev <sobolev@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/kernel/process.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+--- a/arch/arc/kernel/process.c
++++ b/arch/arc/kernel/process.c
+@@ -213,6 +213,26 @@ int copy_thread(unsigned long clone_flag
+ task_thread_info(current)->thr_ptr;
+ }
+
++
++ /*
++ * setup usermode thread pointer #1:
++ * when child is picked by scheduler, __switch_to() uses @c_callee to
++ * populate usermode callee regs: this works (despite being in a kernel
++ * function) since special return path for child @ret_from_fork()
++ * ensures those regs are not clobbered all the way to RTIE to usermode
++ */
++ c_callee->r25 = task_thread_info(p)->thr_ptr;
++
++#ifdef CONFIG_ARC_CURR_IN_REG
++ /*
++ * setup usermode thread pointer #2:
++ * however for this special use of r25 in kernel, __switch_to() sets
++ * r25 for kernel needs and only in the final return path is usermode
++ * r25 setup, from pt_regs->user_r25. So set that up as well
++ */
++ c_regs->user_r25 = c_callee->r25;
++#endif
++
+ return 0;
+ }
+
--- /dev/null
+From 98b8cd7f75643e0a442d7a4c1cef2c9d53b7e92b Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Sat, 27 May 2017 17:46:15 +0200
+Subject: powerpc/fadump: Return error when fadump registration fails
+
+From: Michal Suchanek <msuchanek@suse.de>
+
+commit 98b8cd7f75643e0a442d7a4c1cef2c9d53b7e92b upstream.
+
+ - log an error message when registration fails and no error code listed
+ in the switch is returned
+ - translate the hv error code to posix error code and return it from
+ fw_register
+ - return the posix error code from fw_register to the process writing
+ to sysfs
+ - return EEXIST on re-registration
+ - return success on deregistration when fadump is not registered
+ - return ENODEV when no memory is reserved for fadump
+
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+Tested-by: Hari Bathini <hbathini@linux.vnet.ibm.com>
+[mpe: Use pr_err() to shrink the error print]
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Cc: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/fadump.c | 23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+--- a/arch/powerpc/kernel/fadump.c
++++ b/arch/powerpc/kernel/fadump.c
+@@ -365,9 +365,9 @@ static int __init early_fadump_reserve_m
+ }
+ early_param("fadump_reserve_mem", early_fadump_reserve_mem);
+
+-static void register_fw_dump(struct fadump_mem_struct *fdm)
++static int register_fw_dump(struct fadump_mem_struct *fdm)
+ {
+- int rc;
++ int rc, err;
+ unsigned int wait_time;
+
+ pr_debug("Registering for firmware-assisted kernel dump...\n");
+@@ -384,7 +384,11 @@ static void register_fw_dump(struct fadu
+
+ } while (wait_time);
+
++ err = -EIO;
+ switch (rc) {
++ default:
++ pr_err("Failed to register. Unknown Error(%d).\n", rc);
++ break;
+ case -1:
+ printk(KERN_ERR "Failed to register firmware-assisted kernel"
+ " dump. Hardware Error(%d).\n", rc);
+@@ -392,18 +396,22 @@ static void register_fw_dump(struct fadu
+ case -3:
+ printk(KERN_ERR "Failed to register firmware-assisted kernel"
+ " dump. Parameter Error(%d).\n", rc);
++ err = -EINVAL;
+ break;
+ case -9:
+ printk(KERN_ERR "firmware-assisted kernel dump is already "
+ " registered.");
+ fw_dump.dump_registered = 1;
++ err = -EEXIST;
+ break;
+ case 0:
+ printk(KERN_INFO "firmware-assisted kernel dump registration"
+ " is successful\n");
+ fw_dump.dump_registered = 1;
++ err = 0;
+ break;
+ }
++ return err;
+ }
+
+ void crash_fadump(struct pt_regs *regs, const char *str)
+@@ -1006,7 +1014,7 @@ static unsigned long init_fadump_header(
+ return addr;
+ }
+
+-static void register_fadump(void)
++static int register_fadump(void)
+ {
+ unsigned long addr;
+ void *vaddr;
+@@ -1017,7 +1025,7 @@ static void register_fadump(void)
+ * assisted dump.
+ */
+ if (!fw_dump.reserve_dump_area_size)
+- return;
++ return -ENODEV;
+
+ ret = fadump_setup_crash_memory_ranges();
+ if (ret)
+@@ -1032,7 +1040,7 @@ static void register_fadump(void)
+ fadump_create_elfcore_headers(vaddr);
+
+ /* register the future kernel dump with firmware. */
+- register_fw_dump(&fdm);
++ return register_fw_dump(&fdm);
+ }
+
+ static int fadump_unregister_dump(struct fadump_mem_struct *fdm)
+@@ -1218,7 +1226,6 @@ static ssize_t fadump_register_store(str
+ switch (buf[0]) {
+ case '0':
+ if (fw_dump.dump_registered == 0) {
+- ret = -EINVAL;
+ goto unlock_out;
+ }
+ /* Un-register Firmware-assisted dump */
+@@ -1226,11 +1233,11 @@ static ssize_t fadump_register_store(str
+ break;
+ case '1':
+ if (fw_dump.dump_registered == 1) {
+- ret = -EINVAL;
++ ret = -EEXIST;
+ goto unlock_out;
+ }
+ /* Register Firmware-assisted dump */
+- register_fadump();
++ ret = register_fadump();
+ break;
+ default:
+ ret = -EINVAL;
cgroup-fix-deadlock-in-cpu-hotplug-path.patch
ath10k-fix-use-after-free-in-ath10k_wmi_cmd_send_nowait.patch
ath10k-fix-kernel-panic-issue-during-pci-probe.patch
+powerpc-fadump-return-error-when-fadump-registration-fails.patch
+arc-clone-syscall-to-setp-r25-as-thread-pointer.patch
+x86-mm-expand-static-page-table-for-fixmap-space.patch
--- /dev/null
+From 05ab1d8a4b36ee912b7087c6da127439ed0a903e Mon Sep 17 00:00:00 2001
+From: Feng Tang <feng.tang@intel.com>
+Date: Thu, 20 Sep 2018 10:58:28 +0800
+Subject: x86/mm: Expand static page table for fixmap space
+
+From: Feng Tang <feng.tang@intel.com>
+
+commit 05ab1d8a4b36ee912b7087c6da127439ed0a903e upstream.
+
+We met a kernel panic when enabling earlycon, which is due to the fixmap
+address of earlycon is not statically setup.
+
+Currently the static fixmap setup in head_64.S only covers 2M virtual
+address space, while it actually could be in 4M space with different
+kernel configurations, e.g. when VSYSCALL emulation is disabled.
+
+So increase the static space to 4M for now by defining FIXMAP_PMD_NUM to 2,
+and add a build time check to ensure that the fixmap is covered by the
+initial static page tables.
+
+Fixes: 1ad83c858c7d ("x86_64,vsyscall: Make vsyscall emulation configurable")
+Suggested-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Feng Tang <feng.tang@intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: kernel test robot <rong.a.chen@intel.com>
+Reviewed-by: Juergen Gross <jgross@suse.com> (Xen parts)
+Cc: H Peter Anvin <hpa@linux.intel.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Michal Hocko <mhocko@kernel.org>
+Cc: Yinghai Lu <yinghai@kernel.org>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Andy Lutomirsky <luto@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20180920025828.23699-1-feng.tang@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/fixmap.h | 10 ++++++++++
+ arch/x86/include/asm/pgtable_64.h | 3 ++-
+ arch/x86/kernel/head_64.S | 16 ++++++++++++----
+ arch/x86/mm/pgtable.c | 9 +++++++++
+ arch/x86/xen/mmu.c | 8 ++++++--
+ 5 files changed, 39 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/include/asm/fixmap.h
++++ b/arch/x86/include/asm/fixmap.h
+@@ -14,6 +14,16 @@
+ #ifndef _ASM_X86_FIXMAP_H
+ #define _ASM_X86_FIXMAP_H
+
++/*
++ * Exposed to assembly code for setting up initial page tables. Cannot be
++ * calculated in assembly code (fixmap entries are an enum), but is sanity
++ * checked in the actual fixmap C code to make sure that the fixmap is
++ * covered fully.
++ */
++#define FIXMAP_PMD_NUM 2
++/* fixmap starts downwards from the 507th entry in level2_fixmap_pgt */
++#define FIXMAP_PMD_TOP 507
++
+ #ifndef __ASSEMBLY__
+ #include <linux/kernel.h>
+ #include <asm/acpi.h>
+--- a/arch/x86/include/asm/pgtable_64.h
++++ b/arch/x86/include/asm/pgtable_64.h
+@@ -13,13 +13,14 @@
+ #include <asm/processor.h>
+ #include <linux/bitops.h>
+ #include <linux/threads.h>
++#include <asm/fixmap.h>
+
+ extern pud_t level3_kernel_pgt[512];
+ extern pud_t level3_ident_pgt[512];
+ extern pmd_t level2_kernel_pgt[512];
+ extern pmd_t level2_fixmap_pgt[512];
+ extern pmd_t level2_ident_pgt[512];
+-extern pte_t level1_fixmap_pgt[512];
++extern pte_t level1_fixmap_pgt[512 * FIXMAP_PMD_NUM];
+ extern pgd_t init_level4_pgt[];
+
+ #define swapper_pg_dir init_level4_pgt
+--- a/arch/x86/kernel/head_64.S
++++ b/arch/x86/kernel/head_64.S
+@@ -23,6 +23,7 @@
+ #include "../entry/calling.h"
+ #include <asm/export.h>
+ #include <asm/nospec-branch.h>
++#include <asm/fixmap.h>
+
+ #ifdef CONFIG_PARAVIRT
+ #include <asm/asm-offsets.h>
+@@ -493,13 +494,20 @@ NEXT_PAGE(level2_kernel_pgt)
+ KERNEL_IMAGE_SIZE/PMD_SIZE)
+
+ NEXT_PAGE(level2_fixmap_pgt)
+- .fill 506,8,0
+- .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
+- /* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
+- .fill 5,8,0
++ .fill (512 - 4 - FIXMAP_PMD_NUM),8,0
++ pgtno = 0
++ .rept (FIXMAP_PMD_NUM)
++ .quad level1_fixmap_pgt + (pgtno << PAGE_SHIFT) - __START_KERNEL_map \
++ + _PAGE_TABLE;
++ pgtno = pgtno + 1
++ .endr
++ /* 6 MB reserved space + a 2MB hole */
++ .fill 4,8,0
+
+ NEXT_PAGE(level1_fixmap_pgt)
++ .rept (FIXMAP_PMD_NUM)
+ .fill 512,8,0
++ .endr
+
+ #undef PMDS
+
+--- a/arch/x86/mm/pgtable.c
++++ b/arch/x86/mm/pgtable.c
+@@ -536,6 +536,15 @@ void __native_set_fixmap(enum fixed_addr
+ {
+ unsigned long address = __fix_to_virt(idx);
+
++#ifdef CONFIG_X86_64
++ /*
++ * Ensure that the static initial page tables are covering the
++ * fixmap completely.
++ */
++ BUILD_BUG_ON(__end_of_permanent_fixed_addresses >
++ (FIXMAP_PMD_NUM * PTRS_PER_PTE));
++#endif
++
+ if (idx >= __end_of_fixed_addresses) {
+ BUG();
+ return;
+--- a/arch/x86/xen/mmu.c
++++ b/arch/x86/xen/mmu.c
+@@ -1936,7 +1936,7 @@ void __init xen_setup_kernel_pagetable(p
+ * L3_k[511] -> level2_fixmap_pgt */
+ convert_pfn_mfn(level3_kernel_pgt);
+
+- /* L3_k[511][506] -> level1_fixmap_pgt */
++ /* L3_k[511][508-FIXMAP_PMD_NUM ... 507] -> level1_fixmap_pgt */
+ convert_pfn_mfn(level2_fixmap_pgt);
+ }
+ /* We get [511][511] and have Xen's version of level2_kernel_pgt */
+@@ -1970,7 +1970,11 @@ void __init xen_setup_kernel_pagetable(p
+ set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO);
+ set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
+ set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
+- set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO);
++
++ for (i = 0; i < FIXMAP_PMD_NUM; i++) {
++ set_page_prot(level1_fixmap_pgt + i * PTRS_PER_PTE,
++ PAGE_KERNEL_RO);
++ }
+
+ /* Pin down new L4 */
+ pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
projects / thirdparty / kernel / stable-queue.git / commitdiff
