From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 11 Oct 2018 09:48:05 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v3.18.124~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba2cdb96709b2c9bf2c8ebf1bdcda93b5b9d6d3a;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	arc-clone-syscall-to-setp-r25-as-thread-pointer.patch
	powerpc-fadump-return-error-when-fadump-registration-fails.patch
	x86-mm-expand-static-page-table-for-fixmap-space.patch
---

diff --git a/queue-4.9/arc-clone-syscall-to-setp-r25-as-thread-pointer.patch b/queue-4.9/arc-clone-syscall-to-setp-r25-as-thread-pointer.patch
new file mode 100644
index 00000000000..3b886f57bd5
--- /dev/null
+++ b/queue-4.9/arc-clone-syscall-to-setp-r25-as-thread-pointer.patch
@@ -0,0 +1,69 @@
+From c58a584f05e35d1d4342923cd7aac07d9c3d3d16 Mon Sep 17 00:00:00 2001
+From: Vineet Gupta <vgupta@synopsys.com>
+Date: Fri, 5 Oct 2018 12:48:48 -0700
+Subject: ARC: clone syscall to setp r25 as thread pointer
+
+From: Vineet Gupta <vgupta@synopsys.com>
+
+commit c58a584f05e35d1d4342923cd7aac07d9c3d3d16 upstream.
+
+Per ARC TLS ABI, r25 is designated TP (thread pointer register).
+However so far kernel didn't do any special treatment, like setting up
+usermode r25, even for CLONE_SETTLS. We instead relied on libc runtime
+to do this, in say clone libc wrapper [1]. This was deliberate to keep
+kernel ABI agnostic (userspace could potentially change TP, specially
+for different ARC ISA say ARCompact vs. ARCv2 with different spare
+registers etc)
+
+However userspace setting up r25, after clone syscall opens a race, if
+child is not scheduled and gets a signal instead. It starts off in
+userspace not in clone but in a signal handler and anything TP sepcific
+there such as pthread_self() fails which showed up with uClibc
+testsuite nptl/tst-kill6 [2]
+
+Fix this by having kernel populate r25 to TP value. So this locks in
+ABI, but it was not going to change anyways, and fwiw is same for both
+ARCompact (arc700 core) and ARCvs (HS3x cores)
+
+[1] https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/sysdeps/linux/arc/clone.S
+[2] https://github.com/wbx-github/uclibc-ng-test/blob/master/test/nptl/tst-kill6.c
+
+Fixes: ARC STAR 9001378481
+Cc: stable@vger.kernel.org
+Reported-by: Nikita Sobolev <sobolev@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/arc/kernel/process.c |   20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+--- a/arch/arc/kernel/process.c
++++ b/arch/arc/kernel/process.c
+@@ -213,6 +213,26 @@ int copy_thread(unsigned long clone_flag
+ 		task_thread_info(current)->thr_ptr;
+ 	}
+ 
++
++	/*
++	 * setup usermode thread pointer #1:
++	 * when child is picked by scheduler, __switch_to() uses @c_callee to
++	 * populate usermode callee regs: this works (despite being in a kernel
++	 * function) since special return path for child @ret_from_fork()
++	 * ensures those regs are not clobbered all the way to RTIE to usermode
++	 */
++	c_callee->r25 = task_thread_info(p)->thr_ptr;
++
++#ifdef CONFIG_ARC_CURR_IN_REG
++	/*
++	 * setup usermode thread pointer #2:
++	 * however for this special use of r25 in kernel, __switch_to() sets
++	 * r25 for kernel needs and only in the final return path is usermode
++	 * r25 setup, from pt_regs->user_r25. So set that up as well
++	 */
++	c_regs->user_r25 = c_callee->r25;
++#endif
++
+ 	return 0;
+ }
+ 
diff --git a/queue-4.9/powerpc-fadump-return-error-when-fadump-registration-fails.patch b/queue-4.9/powerpc-fadump-return-error-when-fadump-registration-fails.patch
new file mode 100644
index 00000000000..e323c52ba2a
--- /dev/null
+++ b/queue-4.9/powerpc-fadump-return-error-when-fadump-registration-fails.patch
@@ -0,0 +1,128 @@
+From 98b8cd7f75643e0a442d7a4c1cef2c9d53b7e92b Mon Sep 17 00:00:00 2001
+From: Michal Suchanek <msuchanek@suse.de>
+Date: Sat, 27 May 2017 17:46:15 +0200
+Subject: powerpc/fadump: Return error when fadump registration fails
+
+From: Michal Suchanek <msuchanek@suse.de>
+
+commit 98b8cd7f75643e0a442d7a4c1cef2c9d53b7e92b upstream.
+
+ - log an error message when registration fails and no error code listed
+   in the switch is returned
+ - translate the hv error code to posix error code and return it from
+   fw_register
+ - return the posix error code from fw_register to the process writing
+   to sysfs
+ - return EEXIST on re-registration
+ - return success on deregistration when fadump is not registered
+ - return ENODEV when no memory is reserved for fadump
+
+Signed-off-by: Michal Suchanek <msuchanek@suse.de>
+Tested-by: Hari Bathini <hbathini@linux.vnet.ibm.com>
+[mpe: Use pr_err() to shrink the error print]
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Cc: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kernel/fadump.c |   23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+--- a/arch/powerpc/kernel/fadump.c
++++ b/arch/powerpc/kernel/fadump.c
+@@ -365,9 +365,9 @@ static int __init early_fadump_reserve_m
+ }
+ early_param("fadump_reserve_mem", early_fadump_reserve_mem);
+ 
+-static void register_fw_dump(struct fadump_mem_struct *fdm)
++static int register_fw_dump(struct fadump_mem_struct *fdm)
+ {
+-	int rc;
++	int rc, err;
+ 	unsigned int wait_time;
+ 
+ 	pr_debug("Registering for firmware-assisted kernel dump...\n");
+@@ -384,7 +384,11 @@ static void register_fw_dump(struct fadu
+ 
+ 	} while (wait_time);
+ 
++	err = -EIO;
+ 	switch (rc) {
++	default:
++		pr_err("Failed to register. Unknown Error(%d).\n", rc);
++		break;
+ 	case -1:
+ 		printk(KERN_ERR "Failed to register firmware-assisted kernel"
+ 			" dump. Hardware Error(%d).\n", rc);
+@@ -392,18 +396,22 @@ static void register_fw_dump(struct fadu
+ 	case -3:
+ 		printk(KERN_ERR "Failed to register firmware-assisted kernel"
+ 			" dump. Parameter Error(%d).\n", rc);
++		err = -EINVAL;
+ 		break;
+ 	case -9:
+ 		printk(KERN_ERR "firmware-assisted kernel dump is already "
+ 			" registered.");
+ 		fw_dump.dump_registered = 1;
++		err = -EEXIST;
+ 		break;
+ 	case 0:
+ 		printk(KERN_INFO "firmware-assisted kernel dump registration"
+ 			" is successful\n");
+ 		fw_dump.dump_registered = 1;
++		err = 0;
+ 		break;
+ 	}
++	return err;
+ }
+ 
+ void crash_fadump(struct pt_regs *regs, const char *str)
+@@ -1006,7 +1014,7 @@ static unsigned long init_fadump_header(
+ 	return addr;
+ }
+ 
+-static void register_fadump(void)
++static int register_fadump(void)
+ {
+ 	unsigned long addr;
+ 	void *vaddr;
+@@ -1017,7 +1025,7 @@ static void register_fadump(void)
+ 	 * assisted dump.
+ 	 */
+ 	if (!fw_dump.reserve_dump_area_size)
+-		return;
++		return -ENODEV;
+ 
+ 	ret = fadump_setup_crash_memory_ranges();
+ 	if (ret)
+@@ -1032,7 +1040,7 @@ static void register_fadump(void)
+ 	fadump_create_elfcore_headers(vaddr);
+ 
+ 	/* register the future kernel dump with firmware. */
+-	register_fw_dump(&fdm);
++	return register_fw_dump(&fdm);
+ }
+ 
+ static int fadump_unregister_dump(struct fadump_mem_struct *fdm)
+@@ -1218,7 +1226,6 @@ static ssize_t fadump_register_store(str
+ 	switch (buf[0]) {
+ 	case '0':
+ 		if (fw_dump.dump_registered == 0) {
+-			ret = -EINVAL;
+ 			goto unlock_out;
+ 		}
+ 		/* Un-register Firmware-assisted dump */
+@@ -1226,11 +1233,11 @@ static ssize_t fadump_register_store(str
+ 		break;
+ 	case '1':
+ 		if (fw_dump.dump_registered == 1) {
+-			ret = -EINVAL;
++			ret = -EEXIST;
+ 			goto unlock_out;
+ 		}
+ 		/* Register Firmware-assisted dump */
+-		register_fadump();
++		ret = register_fadump();
+ 		break;
+ 	default:
+ 		ret = -EINVAL;
diff --git a/queue-4.9/series b/queue-4.9/series
index 8335b144728..a6083a987e9 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -18,3 +18,6 @@ ext4-always-verify-the-magic-number-in-xattr-blocks.patch
 cgroup-fix-deadlock-in-cpu-hotplug-path.patch
 ath10k-fix-use-after-free-in-ath10k_wmi_cmd_send_nowait.patch
 ath10k-fix-kernel-panic-issue-during-pci-probe.patch
+powerpc-fadump-return-error-when-fadump-registration-fails.patch
+arc-clone-syscall-to-setp-r25-as-thread-pointer.patch
+x86-mm-expand-static-page-table-for-fixmap-space.patch
diff --git a/queue-4.9/x86-mm-expand-static-page-table-for-fixmap-space.patch b/queue-4.9/x86-mm-expand-static-page-table-for-fixmap-space.patch
new file mode 100644
index 00000000000..eac297ebb27
--- /dev/null
+++ b/queue-4.9/x86-mm-expand-static-page-table-for-fixmap-space.patch
@@ -0,0 +1,158 @@
+From 05ab1d8a4b36ee912b7087c6da127439ed0a903e Mon Sep 17 00:00:00 2001
+From: Feng Tang <feng.tang@intel.com>
+Date: Thu, 20 Sep 2018 10:58:28 +0800
+Subject: x86/mm: Expand static page table for fixmap space
+
+From: Feng Tang <feng.tang@intel.com>
+
+commit 05ab1d8a4b36ee912b7087c6da127439ed0a903e upstream.
+
+We met a kernel panic when enabling earlycon, which is due to the fixmap
+address of earlycon is not statically setup.
+
+Currently the static fixmap setup in head_64.S only covers 2M virtual
+address space, while it actually could be in 4M space with different
+kernel configurations, e.g. when VSYSCALL emulation is disabled.
+
+So increase the static space to 4M for now by defining FIXMAP_PMD_NUM to 2,
+and add a build time check to ensure that the fixmap is covered by the
+initial static page tables.
+
+Fixes: 1ad83c858c7d ("x86_64,vsyscall: Make vsyscall emulation configurable")
+Suggested-by: Thomas Gleixner <tglx@linutronix.de>
+Signed-off-by: Feng Tang <feng.tang@intel.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Tested-by: kernel test robot <rong.a.chen@intel.com>
+Reviewed-by: Juergen Gross <jgross@suse.com> (Xen parts)
+Cc: H Peter Anvin <hpa@linux.intel.com>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Michal Hocko <mhocko@kernel.org>
+Cc: Yinghai Lu <yinghai@kernel.org>
+Cc: Dave Hansen <dave.hansen@intel.com>
+Cc: Andi Kleen <ak@linux.intel.com>
+Cc: Andy Lutomirsky <luto@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lkml.kernel.org/r/20180920025828.23699-1-feng.tang@intel.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/fixmap.h     |   10 ++++++++++
+ arch/x86/include/asm/pgtable_64.h |    3 ++-
+ arch/x86/kernel/head_64.S         |   16 ++++++++++++----
+ arch/x86/mm/pgtable.c             |    9 +++++++++
+ arch/x86/xen/mmu.c                |    8 ++++++--
+ 5 files changed, 39 insertions(+), 7 deletions(-)
+
+--- a/arch/x86/include/asm/fixmap.h
++++ b/arch/x86/include/asm/fixmap.h
+@@ -14,6 +14,16 @@
+ #ifndef _ASM_X86_FIXMAP_H
+ #define _ASM_X86_FIXMAP_H
+ 
++/*
++ * Exposed to assembly code for setting up initial page tables. Cannot be
++ * calculated in assembly code (fixmap entries are an enum), but is sanity
++ * checked in the actual fixmap C code to make sure that the fixmap is
++ * covered fully.
++ */
++#define FIXMAP_PMD_NUM	2
++/* fixmap starts downwards from the 507th entry in level2_fixmap_pgt */
++#define FIXMAP_PMD_TOP	507
++
+ #ifndef __ASSEMBLY__
+ #include <linux/kernel.h>
+ #include <asm/acpi.h>
+--- a/arch/x86/include/asm/pgtable_64.h
++++ b/arch/x86/include/asm/pgtable_64.h
+@@ -13,13 +13,14 @@
+ #include <asm/processor.h>
+ #include <linux/bitops.h>
+ #include <linux/threads.h>
++#include <asm/fixmap.h>
+ 
+ extern pud_t level3_kernel_pgt[512];
+ extern pud_t level3_ident_pgt[512];
+ extern pmd_t level2_kernel_pgt[512];
+ extern pmd_t level2_fixmap_pgt[512];
+ extern pmd_t level2_ident_pgt[512];
+-extern pte_t level1_fixmap_pgt[512];
++extern pte_t level1_fixmap_pgt[512 * FIXMAP_PMD_NUM];
+ extern pgd_t init_level4_pgt[];
+ 
+ #define swapper_pg_dir init_level4_pgt
+--- a/arch/x86/kernel/head_64.S
++++ b/arch/x86/kernel/head_64.S
+@@ -23,6 +23,7 @@
+ #include "../entry/calling.h"
+ #include <asm/export.h>
+ #include <asm/nospec-branch.h>
++#include <asm/fixmap.h>
+ 
+ #ifdef CONFIG_PARAVIRT
+ #include <asm/asm-offsets.h>
+@@ -493,13 +494,20 @@ NEXT_PAGE(level2_kernel_pgt)
+ 		KERNEL_IMAGE_SIZE/PMD_SIZE)
+ 
+ NEXT_PAGE(level2_fixmap_pgt)
+-	.fill	506,8,0
+-	.quad	level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
+-	/* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
+-	.fill	5,8,0
++	.fill	(512 - 4 - FIXMAP_PMD_NUM),8,0
++	pgtno = 0
++	.rept (FIXMAP_PMD_NUM)
++	.quad level1_fixmap_pgt + (pgtno << PAGE_SHIFT) - __START_KERNEL_map \
++		+ _PAGE_TABLE;
++	pgtno = pgtno + 1
++	.endr
++	/* 6 MB reserved space + a 2MB hole */
++	.fill	4,8,0
+ 
+ NEXT_PAGE(level1_fixmap_pgt)
++	.rept (FIXMAP_PMD_NUM)
+ 	.fill	512,8,0
++	.endr
+ 
+ #undef PMDS
+ 
+--- a/arch/x86/mm/pgtable.c
++++ b/arch/x86/mm/pgtable.c
+@@ -536,6 +536,15 @@ void __native_set_fixmap(enum fixed_addr
+ {
+ 	unsigned long address = __fix_to_virt(idx);
+ 
++#ifdef CONFIG_X86_64
++       /*
++	* Ensure that the static initial page tables are covering the
++	* fixmap completely.
++	*/
++	BUILD_BUG_ON(__end_of_permanent_fixed_addresses >
++		     (FIXMAP_PMD_NUM * PTRS_PER_PTE));
++#endif
++
+ 	if (idx >= __end_of_fixed_addresses) {
+ 		BUG();
+ 		return;
+--- a/arch/x86/xen/mmu.c
++++ b/arch/x86/xen/mmu.c
+@@ -1936,7 +1936,7 @@ void __init xen_setup_kernel_pagetable(p
+ 		 * L3_k[511] -> level2_fixmap_pgt */
+ 		convert_pfn_mfn(level3_kernel_pgt);
+ 
+-		/* L3_k[511][506] -> level1_fixmap_pgt */
++		/* L3_k[511][508-FIXMAP_PMD_NUM ... 507] -> level1_fixmap_pgt */
+ 		convert_pfn_mfn(level2_fixmap_pgt);
+ 	}
+ 	/* We get [511][511] and have Xen's version of level2_kernel_pgt */
+@@ -1970,7 +1970,11 @@ void __init xen_setup_kernel_pagetable(p
+ 		set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO);
+ 		set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
+ 		set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
+-		set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO);
++
++		for (i = 0; i < FIXMAP_PMD_NUM; i++) {
++			set_page_prot(level1_fixmap_pgt + i * PTRS_PER_PTE,
++				      PAGE_KERNEL_RO);
++		}
+ 
+ 		/* Pin down new L4 */
+ 		pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,