This reverts commit 5fe156f1ca.
Commit 5fe156f1ca ("regulator: pfuze100: add enable/disable for switch")
causes boot regression on some platforms such as imx6sl-evk and
imx6sll-evk.
After this commit the SW4 regulator will be turned
off and since it supplies the DDR voltage on these boards, a
kernel hang is observed.
Revert it to avoid breaking old dtb's.
Fixes: 5fe156f1ca ("regulator: pfuze100: add enable/disable for switch")
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
If PAGE_SIZE is unsigned type then negative error code will be
larger than PAGE_SIZE.
Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Use DEFINE_SHOW_ATTRIBUTE macro to simplify the code.
Signed-off-by: Peng Donglin <dolinux.peng@gmail.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Now that we have the load_info struct all initialized (including
info->name, which contains the name of the module) before
module_sig_check(), make the load_info struct and hence module name
available to mod_verify_sig() so that we can log the module name in the
event of an error.
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Air Icy reported:
UBSAN: Undefined behaviour in kernel/time/alarmtimer.c:811:7
signed integer overflow:
1529859276030040771 + 9223372036854775807 cannot be represented in type 'long long int'
Call Trace:
alarm_timer_nsleep+0x44c/0x510 kernel/time/alarmtimer.c:811
__do_sys_clock_nanosleep kernel/time/posix-timers.c:1235 [inline]
__se_sys_clock_nanosleep kernel/time/posix-timers.c:1213 [inline]
__x64_sys_clock_nanosleep+0x326/0x4e0 kernel/time/posix-timers.c:1213
do_syscall_64+0xb8/0x3a0 arch/x86/entry/common.c:290
alarm_timer_nsleep() uses ktime_add() to add the current time and the
relative expiry value. ktime_add() has no sanity checks so the addition
can overflow when the relative timeout is large enough.
Use ktime_add_safe() which has the necessary sanity checks in place and
limits the result to the valid range.
Fixes: 9a7adcf5c6 ("timers: Posix interface for alarm-timers")
Reported-by: Team OWL337 <icytxw@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1807020926360.1595@nanos.tec.linutronix.de
The posix timer overrun handling is broken because the forwarding functions
can return a huge number of overruns which does not fit in an int. As a
consequence timer_getoverrun(2) and siginfo::si_overrun can turn into
random number generators.
The k_clock::timer_forward() callbacks return a 64 bit value now. Make
k_itimer::ti_overrun[_last] 64bit as well, so the kernel internal
accounting is correct. 3Remove the temporary (int) casts.
Add a helper function which clamps the overrun value returned to user space
via timer_getoverrun(2) or siginfo::si_overrun limited to a positive value
between 0 and INT_MAX. INT_MAX is an indicator for user space that the
overrun value has been clamped.
Reported-by: Team OWL337 <icytxw@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: John Stultz <john.stultz@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Link: https://lkml.kernel.org/r/20180626132705.018623573@linutronix.de
The posix timer ti_overrun handling is broken because the forwarding
functions can return a huge number of overruns which does not fit in an
int. As a consequence timer_getoverrun(2) and siginfo::si_overrun can turn
into random number generators.
As a first step to address that let the timer_forward() callbacks return
the full 64 bit value.
Cast it to (int) temporarily until k_itimer::ti_overrun is converted to
64bit and the conversion to user space visible values is sanitized.
Reported-by: Team OWL337 <icytxw@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: John Stultz <john.stultz@linaro.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Link: https://lkml.kernel.org/r/20180626132704.922098090@linutronix.de
The cooling device should be part of the i.MX cpufreq driver, but it
cannot be removed for the sake of DT stability. So turn the cooling
device registration into a separate function and perform the
registration only if the CPU OF node does not have the #cooling-cells
property.
Use of_cpufreq_power_cooling_register in imx_thermal code to link the
cooling device to the device tree node provided.
This makes it possible to bind the cpufreq cooling device to a custom
thermal zone via a cooling-maps entry like:
cooling-maps {
map0 {
trip = <&board_alert>;
cooling-device = <&cpu0 THERMAL_NO_LIMIT THERMAL_NO_LIMIT>;
};
};
Assuming a cpu node exists with label "cpu0" and #cooling-cells
property.
Signed-off-by: Bastian Stender <bst@pengutronix.de>
Reviewed-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
match_string() returns the index of an array for a matching string,
which can be used instead of open coded variant.
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Yisheng Xie <xieyisheng1@huawei.com>
Acked-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
s390 no longer uses the _mapcount field in struct page to identify
the page table format being used. While the code was diligent in handling
the different mappings, it neglected to turn "off" the map bits when
alloc_pgste was being used. This resulted in bits remaining "on" in the
_refcount field, and thus an artifically huge "in use" count that prevents
the pages from actually being released by __free_page.
There's opportunity for improvement in the "1 vs 3" vs "1U vs 3U" vs
"0x1 vs 0x11" etc. variations for all these calls, I am just keeping
things simple compared to neighboring code.
Fixes: 620b4e9031 ("s390: use _refcount for pgtables")
Reported-by: Halil Pasic <pasic@linux.ibm.com>
Bisected-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Due to the way Machine Check Exceptions work on X86 hyperthreads it's
required to boot up _all_ logical cores at least once in order to set the
CR4.MCE bit.
So instead of ignoring the sibling threads right away, let them boot up
once so they can configure themselves. After they came out of the initial
boot stage check whether its a "secondary" sibling and cancel the operation
which puts the CPU back into offline state.
Reported-by: Dave Hansen <dave.hansen@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Tony Luck <tony.luck@intel.com>
Dave Hansen reported, that it's outright dangerous to keep SMT siblings
disabled completely so they are stuck in the BIOS and wait for SIPI.
The reason is that Machine Check Exceptions are broadcasted to siblings and
the soft disabled sibling has CR4.MCE = 0. If a MCE is delivered to a
logical core with CR4.MCE = 0, it asserts IERR#, which shuts down or
reboots the machine. The MCE chapter in the SDM contains the following
blurb:
Because the logical processors within a physical package are tightly
coupled with respect to shared hardware resources, both logical
processors are notified of machine check errors that occur within a
given physical processor. If machine-check exceptions are enabled when
a fatal error is reported, all the logical processors within a physical
package are dispatched to the machine-check exception handler. If
machine-check exceptions are disabled, the logical processors enter the
shutdown state and assert the IERR# signal. When enabling machine-check
exceptions, the MCE flag in control register CR4 should be set for each
logical processor.
Reverting the commit which ignores siblings at enumeration time solves only
half of the problem. The core cpuhotplug logic needs to be adjusted as
well.
This thoughtful engineered mechanism also turns the boot process on all
Intel HT enabled systems into a MCE lottery. MCE is enabled on the boot CPU
before the secondary CPUs are brought up. Depending on the number of
physical cores the window in which this situation can happen is smaller or
larger. On a HSW-EX it's about 750ms:
MCE is enabled on the boot CPU:
[ 0.244017] mce: CPU supports 22 MCE banks
The corresponding sibling #72 boots:
[ 1.008005] .... node #0, CPUs: #72
That means if an MCE hits on physical core 0 (logical CPUs 0 and 72)
between these two points the machine is going to shutdown. At least it's a
known safe state.
It's obvious that the early boot can be hit by an MCE as well and then runs
into the same situation because MCEs are not yet enabled on the boot CPU.
But after enabling them on the boot CPU, it does not make any sense to
prevent the kernel from recovering.
Adjust the nosmt kernel parameter documentation as well.
Reverts: 2207def700 ("x86/apic: Ignore secondary threads if nosmt=force")
Reported-by: Dave Hansen <dave.hansen@intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Tony Luck <tony.luck@intel.com>
Replace strncpy which has been used to copy a substring into buf
without NUL-termination with memcpy to avoid the following gcc 8
warnings:
arch/s390/tools/gen_opcode_table.c: In function ‘add_to_group.isra.4’:
arch/s390/tools/gen_opcode_table.c:260:2: warning: ‘strncpy’
output may be truncated copying 2 bytes from a string of length 19
[-Wstringop-truncation]
strncpy(group->opcode, insn->opcode, 2);
In function ‘print_opcode_table’,
inlined from ‘main’ at arch/s390/tools/gen_opcode_table.c:333:2:
arch/s390/tools/gen_opcode_table.c:286:4: warning: ‘strncpy’
output may be truncated copying 2 bytes from a string of length 19
[-Wstringop-truncation]
strncpy(opcode, insn->opcode, 2);
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Since the plain vmlinux ELF file no longer carries all necessary parts
for starting up (like the entry point and decompressor), add a check
which would block boot process and encourage users to use bzImage or
arch/s390/boot/compressed/vmlinux instead.
The check relies on s390 linux entry point ABI definition, which is only
present in bzImage and arch/s390/boot/compressed/vmlinux.
Reported-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The following gcc warning is issued for strncpy which is used to
deliberately avoid string NUL-termination. Reuse memcpy to avoid the
warning.
inlined from 'monwrite_diag' at drivers/s390/char/monwriter.c:64:2:
./include/linux/string.h:246:9: warning: '__builtin_strncpy' output
truncated before terminating nul copying 7 bytes from a string of the
same length [-Wstringop-truncation]
Reviewed-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Replace strncpy which is used to deliberately avoid string NUL-termination
with memcpy. This allows to get rid of gcc 8 stringop-truncation warning:
inlined from 'ext_to_int_kekl' at drivers/s390/char/tape_3590.c:123:2:
./include/linux/string.h:246:9: warning: '__builtin_strncpy'
output may be truncated copying 64 bytes from a string of length 64
[-Wstringop-truncation]
Also replaces "for" loop on memset.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Use strlcpy to make sure strings are NUL-terminated. Fixes the following
gcc 8 warning:
inlined from 'register_tape_dev' at drivers/s390/char/tape_class.c:57:2:
./include/linux/string.h:246:9: warning: '__builtin_strncpy' specified
bound 32 equals destination size [-Wstringop-truncation]
Acked-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Aligning struct lowcore to double page size allows to get rid of this
gcc warning:
In file included from ./arch/s390/include/asm/setup.h:56,
from ./arch/s390/include/asm/page.h:36,
from ./arch/s390/include/asm/user.h:11,
from ./include/linux/user.h:1,
from ./include/linux/elfcore.h:5,
from ./include/linux/crash_core.h:6,
from ./include/linux/kexec.h:18,
from arch/s390/purgatory/purgatory.c:10:
./arch/s390/include/asm/lowcore.h:189:1: warning: alignment 1 of 'struct
lowcore' is less than 8 [-Wpacked-not-aligned]
} __packed;
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The following linker construct is problematic with linkers of
binutils < 2.28:
EXCLUDE_FILE (*piggy.o) *(.rodata.*)
from 8f1732fc2a11dc of binutils:
"though the linker accepts this without complaint the
EXCLUDE_FILE part is silently ignored and has no effect."
Silent ignoring of EXCLUDE_FILE construct made .rodata.compressed be
part of .rodata, and in case of .rodata.compressed following some
unaligned data, input_len would also become unaligned.
from arch/s390/boot/compressed/vmlinux.map:
.rodata.compressed
0x0000000000012fea 0x4d57e7 arch/s390/boot/compressed/piggy.o
0x0000000000012fea input_len
0x0000000000012fee input_data
input_len is later used here:
arch/s390/boot/compressed/misc.c:113
__decompress(input_data, input_len, NULL, NULL, output, 0, NULL, error);
asm generated by gcc looks like:
.loc 3 113 0
egfrl %r11,input_len
from what assembler generates invalid (the second operand must be aligned
on a doubleword boundary):
0x00000000000129b4 <+148>: c4 bc 00 00 03 1b lgfrl %r11,0x12fea
hence specification exception is recognized.
To avoid an issue use EXCLUDE_FILE construct which is recognized by
older linkers (since at least binutils-2_11)
*(EXCLUDE_FILE (*piggy.o) .rodata.compressed)
Also ensure that .rodata.compressed is at least doubleword aligned.
Fixes: 89b5202e81 ("s390/decompressor: support uncompressed kernel")
Reported-by: Halil Pasic <pasic@linux.ibm.com>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Since the uncompressed image .text section starts at 0x100000 now there
is no need to redefine _text to something else to make perf happy.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Avoid unnecessary rewrite of psw and merge _stext into
startup_continue. This allows to move _stext definition to vmlinux.lds.S,
where _etext is also defined and set _stext to the actual beginning of
.text at 0x100000.
This fixes the problem with setting the last .text page as
not-executable due to vmem_map_init relying on page alinged _stext and
_etext.
Fixes: bd79d66329 ("s390/decompressor: trim the kernel image up to 1M")
Reported-by: Nils Hoppmann <niho@de.ibm.com>
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Instead of generating uncompressed kernel image starting at 0, filling
first mb with zeros (with ".org 0x100000") and then trimming it off
from vmlinux.bin before compression, simply generate a kernel image
starting from 0x100000.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Since startup code now reserves memory ranges [0, PARMAREA_END] and
[_stext, <end of kernel>] _ehead symbol is not used and could be
cleaned up.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Currently none of the vmlinux linker script patterns in .text section
match expoline execute-trampolines, and they end up as separate
sections:
.text.__s390_indirect_jump_r1,
.text.__s390x_indirect_jump_r1use_r9,
.text.__s390x_indirect_branch_4_1use_6, ...
Add a pattern to match them all.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
___kcrctab section is not used during the decompressor phase and could be
discarded to save the memory. It is currently generated due to lib/mem.S
usage, which exports few symbols.
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
There have been identified some places in the zcrypt
device driver where copy_from_user() is called but the
length value is not explicitly checked.
So now some plausibility checks and comments have been
introduced there.
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
arch/s390/kernel/perf_regs.c:36:19: warning: array subscript 16 is above
array bounds of 'long unsigned int[16]' [-Warray-bounds]
return regs->gprs[idx];
gcc tries to be smart here and since there is a condition:
if (idx >= PERF_REG_S390_R0 && idx <= PERF_REG_S390_R15)
return regs->gprs[idx];
which covers all possible array subscripts, it gives the warning
for the last function return statement:
return regs->gprs[idx];
which in presence of that condition does not really make sense and
should be replaced with "return 0;"
Also move WARN_ON_ONCE((u32)idx >= PERF_REG_S390_MAX) to the end of the
function.
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
arch/s390/kernel/topology.c:591:3: warning: 'strncpy' output truncated
before terminating nul copying 2 bytes from a string of the same length
[-Wstringop-truncation]
strncpy(buf, topology_is_enabled() ? "1\n" : "0\n", ARRAY_SIZE(buf));
arch/s390/appldata/appldata_base.c:326:3: warning: 'strncpy' output truncated
before terminating nul copying 2 bytes from a string of the same length
[-Wstringop-truncation]
strncpy(buf, ops->active ? "1\n" : "0\n", ARRAY_SIZE(buf));
arch/s390/appldata/appldata_base.c:217:3: warning: 'strncpy' output truncated
before terminating nul copying 2 bytes from a string of the same length
[-Wstringop-truncation]
strncpy(buf, appldata_timer_active ? "1\n" : "0\n", ARRAY_SIZE(buf));
To avoid the warning, just reuse memcpy.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
drivers/s390/block/dasd_alias.c:711:2: warning: 'strncpy' output truncated
before terminating nul copying 4 bytes from a string of the same length
[-Wstringop-truncation]
strncpy((char *) &cqr->magic, "ECKD", 4);
Replace strncpy to int as a buffer with memcpy.
Acked-by: Stefan Haberland <sth@linux.ibm.com>
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
arch/s390/mm/extmem.c: In function '__segment_load':
arch/s390/mm/extmem.c:436:2: warning: 'strncat' specified bound 7 equals
source length [-Wstringop-overflow=]
strncat(seg->res_name, " (DCSS)", 7);
What gcc complains about here is the misuse of strncat function, which
in this case does not limit a number of bytes taken from "src", so it is
in the end the same as strcat(seg->res_name, " (DCSS)");
Keeping in mind that a res_name is 15 bytes, strncat in this case
would overflow the buffer and write 0 into alignment byte between the
fields in the struct. To avoid that increasing res_name size to 16,
and reusing strlcat.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
