13 files changed, 211 insertions, 119 deletions
diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
index a39cfc2a1f90..d40d0ef389db 100644
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -742,6 +742,18 @@ ENDPROC(__switch_to)
 #endif
        .endm
+        .macro  kuser_pad, sym, size
+        .if     (. - \sym) & 3
+        .rept   4 - (. - \sym) & 3
+        .byte   0
+        .endr
+        .endif
+        .rept   (\size - (. - \sym)) / 4
+        .word   0xe7fddef1
+        .endr
+        .endm
+#ifdef CONFIG_KUSER_HELPERS
        .align  5
        .globl  __kuser_helper_start
 __kuser_helper_start:
@@ -832,18 +844,13 @@ kuser_cmpxchg64_fixup:
 #error "incoherent kernel configuration"
 #endif
-        /* pad to next slot */
+        kuser_pad __kuser_cmpxchg64, 64
-        .rept   (16 - (. - __kuser_cmpxchg64)/4)
-        .word   0
-        .endr
-        .align  5
 __kuser_memory_barrier:                         @ 0xffff0fa0
        smp_dmb arm
        usr_ret lr
-        .align  5
+        kuser_pad __kuser_memory_barrier, 32
 __kuser_cmpxchg:                                @ 0xffff0fc0
@@ -916,13 +923,14 @@ kuser_cmpxchg32_fixup:
 #endif
-        .align  5
+        kuser_pad __kuser_cmpxchg, 32
 __kuser_get_tls:                                @ 0xffff0fe0
        ldr     r0, [pc, #(16 - 8)]     @ read TLS, set in kuser_get_tls_init
        usr_ret lr
        mrc     p15, 0, r0, c13, c0, 3  @ 0xffff0fe8 hardware TLS code
-        .rep    4
+        kuser_pad __kuser_get_tls, 16
+        .rep    3
        .word   0                       @ 0xffff0ff0 software TLS value, then
        .endr                           @ pad up to __kuser_helper_version
@@ -932,14 +940,16 @@ __kuser_helper_version:				@ 0xffff0ffc
        .globl  __kuser_helper_end
 __kuser_helper_end:
+#endif
 THUMB( .thumb  )
 /*
 * Vector stubs.
 *
- * This code is copied to 0xffff0200 so we can use branches in the
+ * This code is copied to 0xffff1000 so we can use branches in the
- * vectors, rather than ldr's.  Note that this code must not
+ * vectors, rather than ldr's.  Note that this code must not exceed
- * exceed 0x300 bytes.
+ * a page size.
 *
 * Common stub entry macro:
 *   Enter in IRQ mode, spsr = SVC/USR CPSR, lr = SVC/USR PC
@@ -986,8 +996,17 @@ ENDPROC(vector_\name)
 1:
        .endm
-        .globl  __stubs_start
+        .section .stubs, "ax", %progbits
 __stubs_start:
+        @ This must be the first word
+        .word   vector_swi
+vector_rst:
+ ARM(   swi     SYS_ERROR0      )
+ THUMB( svc     #0              )
+ THUMB( nop                     )
+        b       vector_und
 /*
 * Interrupt dispatcher
 */
@@ -1082,6 +1101,16 @@ __stubs_start:
        .align  5
 /*=============================================================================
+ * Address exception handler
+ *-----------------------------------------------------------------------------
+ * These aren't too critical.
+ * (they're not supposed to happen, and won't happen in 32-bit data mode).
+ */
+vector_addrexcptn:
+        b       vector_addrexcptn
+/*=============================================================================
 * Undefined FIQs
 *-----------------------------------------------------------------------------
 * Enter in FIQ mode, spsr = ANY CPSR, lr = ANY PC
@@ -1094,45 +1123,19 @@ __stubs_start:
 vector_fiq:
        subs    pc, lr, #4
-/*=============================================================================
+        .globl  vector_fiq_offset
- * Address exception handler
+        .equ    vector_fiq_offset, vector_fiq
- *-----------------------------------------------------------------------------
- * These aren't too critical.
- * (they're not supposed to happen, and won't happen in 32-bit data mode).
- */
-vector_addrexcptn:
-        b       vector_addrexcptn
-/*
- * We group all the following data together to optimise
- * for CPUs with separate I & D caches.
- */
-        .align  5
-.LCvswi:
-        .word   vector_swi
-        .globl  __stubs_end
-__stubs_end:
-        .equ    stubs_offset, __vectors_start + 0x200 - __stubs_start
-        .globl  __vectors_start
+        .section .vectors, "ax", %progbits
 __vectors_start:
- ARM(   swi     SYS_ERROR0      )
+        W(b)    vector_rst
- THUMB( svc     #0              )
+        W(b)    vector_und
- THUMB( nop                     )
+        W(ldr)  pc, __vectors_start + 0x1000
-        W(b)    vector_und + stubs_offset
+        W(b)    vector_pabt
-        W(ldr)  pc, .LCvswi + stubs_offset
+        W(b)    vector_dabt
-        W(b)    vector_pabt + stubs_offset
+        W(b)    vector_addrexcptn
-        W(b)    vector_dabt + stubs_offset
+        W(b)    vector_irq
-        W(b)    vector_addrexcptn + stubs_offset
+        W(b)    vector_fiq
-        W(b)    vector_irq + stubs_offset
-        W(b)    vector_fiq + stubs_offset
-        .globl  __vectors_end
-__vectors_end:
        .data
diff --git a/arch/arm/kernel/entry-v7m.S b/arch/arm/kernel/entry-v7m.S
index e00621f1403f..52b26432c9a9 100644
--- a/arch/arm/kernel/entry-v7m.S
+++ b/arch/arm/kernel/entry-v7m.S
@@ -49,7 +49,7 @@ __irq_entry:
        mov     r1, sp
        stmdb   sp!, {lr}
        @ routine called with r0 = irq number, r1 = struct pt_regs *
-        bl      nvic_do_IRQ
+        bl      nvic_handle_irq
        pop     {lr}
        @
diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c
index 2adda11f712f..25442f451148 100644
--- a/arch/arm/kernel/fiq.c
+++ b/arch/arm/kernel/fiq.c
@@ -47,6 +47,11 @@
 #include <asm/irq.h>
 #include <asm/traps.h>
+#define FIQ_OFFSET ({                                   \
+                extern void *vector_fiq_offset;         \
+                (unsigned)&vector_fiq_offset;           \
+        })
 static unsigned long no_fiq_insn;
 /* Default reacquire function
@@ -80,13 +85,16 @@ int show_fiq_list(struct seq_file *p, int prec)
 void set_fiq_handler(void *start, unsigned int length)
 {
 #if defined(CONFIG_CPU_USE_DOMAINS)
-        memcpy((void *)0xffff001c, start, length);
+        void *base = (void *)0xffff0000;
 #else
-        memcpy(vectors_page + 0x1c, start, length);
+        void *base = vectors_page;
 #endif
-        flush_icache_range(0xffff001c, 0xffff001c + length);
+        unsigned offset = FIQ_OFFSET;
+        memcpy(base + offset, start, length);
+        flush_icache_range(0xffff0000 + offset, 0xffff0000 + offset + length);
        if (!vectors_high())
-                flush_icache_range(0x1c, 0x1c + length);
+                flush_icache_range(offset, offset + length);
 }
 int claim_fiq(struct fiq_handler *f)
@@ -144,6 +152,7 @@ EXPORT_SYMBOL(disable_fiq);
 void __init init_FIQ(int start)
 {
-        no_fiq_insn = *(unsigned long *)0xffff001c;
+        unsigned offset = FIQ_OFFSET;
+        no_fiq_insn = *(unsigned long *)(0xffff0000 + offset);
        fiq_start = start;
 }
diff --git a/arch/arm/kernel/head-nommu.S b/arch/arm/kernel/head-nommu.S
index b361de143756..14235ba64a90 100644
--- a/arch/arm/kernel/head-nommu.S
+++ b/arch/arm/kernel/head-nommu.S
@@ -87,6 +87,7 @@ ENTRY(stext)
 ENDPROC(stext)
 #ifdef CONFIG_SMP
+        .text
 ENTRY(secondary_startup)
        /*
         * Common entry point for secondary CPUs.
diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S
index 9cf6063020ae..2c7cc1e03473 100644
--- a/arch/arm/kernel/head.S
+++ b/arch/arm/kernel/head.S
@@ -343,6 +343,7 @@ __turn_mmu_on_loc:
        .long   __turn_mmu_on_end
 #if defined(CONFIG_SMP)
+        .text
 ENTRY(secondary_startup)
        /*
         * Common entry point for secondary CPUs.
diff --git a/arch/arm/kernel/hyp-stub.S b/arch/arm/kernel/hyp-stub.S
index 4910232c4833..797b1a6a4906 100644
--- a/arch/arm/kernel/hyp-stub.S
+++ b/arch/arm/kernel/hyp-stub.S
@@ -56,8 +56,8 @@ ENTRY(__boot_cpu_mode)
        ldr     \reg3, [\reg2]
        ldr     \reg1, [\reg2, \reg3]
        cmp     \mode, \reg1            @ matches primary CPU boot mode?
-        orrne   r7, r7, #BOOT_CPU_MODE_MISMATCH
+        orrne   \reg1, \reg1, #BOOT_CPU_MODE_MISMATCH
-        strne   r7, [r5, r6]            @ record what happened and give up
+        strne   \reg1, [\reg2, \reg3]   @ record what happened and give up
        .endm
 #else   /* ZIMAGE */
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
index d3ca4f6915af..536c85fe72a8 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -197,6 +197,7 @@ void machine_shutdown(void)
 */
 void machine_halt(void)
 {
+        local_irq_disable();
        smp_send_stop();
        local_irq_disable();
@@ -211,6 +212,7 @@ void machine_halt(void)
 */
 void machine_power_off(void)
 {
+        local_irq_disable();
        smp_send_stop();
        if (pm_power_off)
@@ -230,6 +232,7 @@ void machine_power_off(void)
 */
 void machine_restart(char *cmd)
 {
+        local_irq_disable();
        smp_send_stop();
        arm_pm_restart(reboot_mode, cmd);
@@ -426,10 +429,11 @@ unsigned long arch_randomize_brk(struct mm_struct *mm)
 }
 #ifdef CONFIG_MMU
+#ifdef CONFIG_KUSER_HELPERS
 /*
 * The vectors page is always readable from user space for the
- * atomic helpers and the signal restart code. Insert it into the
+ * atomic helpers. Insert it into the gate_vma so that it is visible
- * gate_vma so that it is visible through ptrace and /proc/<pid>/mem.
+ * through ptrace and /proc/<pid>/mem.
 */
 static struct vm_area_struct gate_vma = {
        .vm_start       = 0xffff0000,
@@ -458,9 +462,48 @@ int in_gate_area_no_mm(unsigned long addr)
 {
        return in_gate_area(NULL, addr);
 }
+#define is_gate_vma(vma)        ((vma) = &gate_vma)
+#else
+#define is_gate_vma(vma)        0
+#endif
 const char *arch_vma_name(struct vm_area_struct *vma)
 {
-        return (vma == &gate_vma) ? "[vectors]" : NULL;
+        return is_gate_vma(vma) ? "[vectors]" :
+                (vma->vm_mm && vma->vm_start == vma->vm_mm->context.sigpage) ?
+                 "[sigpage]" : NULL;
+}
+static struct page *signal_page;
+extern struct page *get_signal_page(void);
+int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+{
+        struct mm_struct *mm = current->mm;
+        unsigned long addr;
+        int ret;
+        if (!signal_page)
+                signal_page = get_signal_page();
+        if (!signal_page)
+                return -ENOMEM;
+        down_write(&mm->mmap_sem);
+        addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
+        if (IS_ERR_VALUE(addr)) {
+                ret = addr;
+                goto up_fail;
+        }
+        ret = install_special_mapping(mm, addr, PAGE_SIZE,
+                VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC,
+                &signal_page);
+        if (ret == 0)
+                mm->context.sigpage = addr;
+ up_fail:
+        up_write(&mm->mmap_sem);
+        return ret;
 }
 #endif
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
index 63af9a7ae512..afc2489ee13b 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
@@ -836,6 +836,8 @@ static int __init meminfo_cmp(const void *_a, const void *_b)
 void __init hyp_mode_check(void)
 {
 #ifdef CONFIG_ARM_VIRT_EXT
+        sync_boot_mode();
        if (is_hyp_mode_available()) {
                pr_info("CPU: All CPU(s) started in HYP mode.\n");
                pr_info("CPU: Virtualization extensions available.\n");
@@ -971,6 +973,7 @@ static const char *hwcap_str[] = {
        "vfpv4",
        "idiva",
        "idivt",
+        "vfpd32",
        "lpae",
        NULL
 };
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
index 1c16c35c271a..ab3304225272 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
@@ -8,6 +8,7 @@
 * published by the Free Software Foundation.
 */
 #include <linux/errno.h>
+#include <linux/random.h>
 #include <linux/signal.h>
 #include <linux/personality.h>
 #include <linux/uaccess.h>
@@ -15,12 +16,11 @@
 #include <asm/elf.h>
 #include <asm/cacheflush.h>
+#include <asm/traps.h>
 #include <asm/ucontext.h>
 #include <asm/unistd.h>
 #include <asm/vfp.h>
-#include "signal.h"
 /*
 * For ARM syscalls, we encode the syscall number into the instruction.
 */
@@ -40,11 +40,13 @@
 #define SWI_THUMB_SIGRETURN     (0xdf00 << 16 | 0x2700 | (__NR_sigreturn - __NR_SYSCALL_BASE))
 #define SWI_THUMB_RT_SIGRETURN  (0xdf00 << 16 | 0x2700 | (__NR_rt_sigreturn - __NR_SYSCALL_BASE))
-const unsigned long sigreturn_codes[7] = {
+static const unsigned long sigreturn_codes[7] = {
        MOV_R7_NR_SIGRETURN,    SWI_SYS_SIGRETURN,    SWI_THUMB_SIGRETURN,
        MOV_R7_NR_RT_SIGRETURN, SWI_SYS_RT_SIGRETURN, SWI_THUMB_RT_SIGRETURN,
 };
+static unsigned long signal_return_offset;
 #ifdef CONFIG_CRUNCH
 static int preserve_crunch_context(struct crunch_sigframe __user *frame)
 {
@@ -400,14 +402,20 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig,
                    __put_user(sigreturn_codes[idx+1], rc+1))
                        return 1;
-                if ((cpsr & MODE32_BIT) && !IS_ENABLED(CONFIG_ARM_MPU)) {
+#ifdef CONFIG_MMU
+                if (cpsr & MODE32_BIT) {
+                        struct mm_struct *mm = current->mm;
                        /*
-                         * 32-bit code can use the new high-page
+                         * 32-bit code can use the signal return page
-                         * signal return code support except when the MPU has
+                         * except when the MPU has protected the vectors
-                         * protected the vectors page from PL0
+                         * page from PL0
                         */
-                        retcode = KERN_SIGRETURN_CODE + (idx << 2) + thumb;
+                        retcode = mm->context.sigpage + signal_return_offset +
-                } else {
+                                  (idx << 2) + thumb;
+                } else
+#endif
+                {
                        /*
                         * Ensure that the instruction cache sees
                         * the return code written onto the stack.
@@ -608,3 +616,33 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)
        } while (thread_flags & _TIF_WORK_MASK);
        return 0;
 }
+struct page *get_signal_page(void)
+{
+        unsigned long ptr;
+        unsigned offset;
+        struct page *page;
+        void *addr;
+        page = alloc_pages(GFP_KERNEL, 0);
+        if (!page)
+                return NULL;
+        addr = page_address(page);
+        /* Give the signal return code some randomness */
+        offset = 0x200 + (get_random_int() & 0x7fc);
+        signal_return_offset = offset;
+        /*
+         * Copy signal return handlers into the vector page, and
+         * set sigreturn to be a pointer to these.
+         */
+        memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));
+        ptr = (unsigned long)addr + offset;
+        flush_icache_range(ptr, ptr + sizeof(sigreturn_codes));
+        return page;
+}
diff --git a/arch/arm/kernel/signal.h b/arch/arm/kernel/signal.h
deleted file mode 100644
index 5ff067b7c752..000000000000
--- a/arch/arm/kernel/signal.h
+++ /dev/null
@@ -1,12 +0,0 @@
-/*
- *  linux/arch/arm/kernel/signal.h
- *
- *  Copyright (C) 2005-2009 Russell King.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-#define KERN_SIGRETURN_CODE     (CONFIG_VECTORS_BASE + 0x00000500)
-extern const unsigned long sigreturn_codes[7];
diff --git a/arch/arm/kernel/smp_tlb.c b/arch/arm/kernel/smp_tlb.c
index a98b62dca2fa..c2edfff573c2 100644
--- a/arch/arm/kernel/smp_tlb.c
+++ b/arch/arm/kernel/smp_tlb.c
@@ -70,23 +70,6 @@ static inline void ipi_flush_bp_all(void *ignored)
        local_flush_bp_all();
 }
-#ifdef CONFIG_ARM_ERRATA_798181
-static int erratum_a15_798181(void)
-{
-        unsigned int midr = read_cpuid_id();
-        /* Cortex-A15 r0p0..r3p2 affected */
-        if ((midr & 0xff0ffff0) != 0x410fc0f0 || midr > 0x413fc0f2)
-                return 0;
-        return 1;
-}
-#else
-static int erratum_a15_798181(void)
-{
-        return 0;
-}
-#endif
 static void ipi_flush_tlb_a15_erratum(void *arg)
 {
        dmb();
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
index cab094c234ee..ab517fcce21b 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -35,8 +35,6 @@
 #include <asm/tls.h>
 #include <asm/system_misc.h>
-#include "signal.h"
 static const char *handler[]= { "prefetch abort", "data abort", "address exception", "interrupt" };
 void *vectors_page;
@@ -800,15 +798,26 @@ void __init trap_init(void)
        return;
 }
-static void __init kuser_get_tls_init(unsigned long vectors)
+#ifdef CONFIG_KUSER_HELPERS
+static void __init kuser_init(void *vectors)
 {
+        extern char __kuser_helper_start[], __kuser_helper_end[];
+        int kuser_sz = __kuser_helper_end - __kuser_helper_start;
+        memcpy(vectors + 0x1000 - kuser_sz, __kuser_helper_start, kuser_sz);
        /*
         * vectors + 0xfe0 = __kuser_get_tls
         * vectors + 0xfe8 = hardware TLS instruction at 0xffff0fe8
         */
        if (tls_emu || has_tls_reg)
-                memcpy((void *)vectors + 0xfe0, (void *)vectors + 0xfe8, 4);
+                memcpy(vectors + 0xfe0, vectors + 0xfe8, 4);
 }
+#else
+static void __init kuser_init(void *vectors)
+{
+}
+#endif
 void __init early_trap_init(void *vectors_base)
 {
@@ -816,33 +825,30 @@ void __init early_trap_init(void *vectors_base)
        unsigned long vectors = (unsigned long)vectors_base;
        extern char __stubs_start[], __stubs_end[];
        extern char __vectors_start[], __vectors_end[];
-        extern char __kuser_helper_start[], __kuser_helper_end[];
+        unsigned i;
-        int kuser_sz = __kuser_helper_end - __kuser_helper_start;
        vectors_page = vectors_base;
        /*
+         * Poison the vectors page with an undefined instruction.  This
+         * instruction is chosen to be undefined for both ARM and Thumb
+         * ISAs.  The Thumb version is an undefined instruction with a
+         * branch back to the undefined instruction.
+         */
+        for (i = 0; i < PAGE_SIZE / sizeof(u32); i++)
+                ((u32 *)vectors_base)[i] = 0xe7fddef1;
+        /*
         * Copy the vectors, stubs and kuser helpers (in entry-armv.S)
         * into the vector page, mapped at 0xffff0000, and ensure these
         * are visible to the instruction stream.
         */
        memcpy((void *)vectors, __vectors_start, __vectors_end - __vectors_start);
-        memcpy((void *)vectors + 0x200, __stubs_start, __stubs_end - __stubs_start);
+        memcpy((void *)vectors + 0x1000, __stubs_start, __stubs_end - __stubs_start);
-        memcpy((void *)vectors + 0x1000 - kuser_sz, __kuser_helper_start, kuser_sz);
-        /*
+        kuser_init(vectors_base);
-         * Do processor specific fixups for the kuser helpers
-         */
-        kuser_get_tls_init(vectors);
-        /*
-         * Copy signal return handlers into the vector page, and
-         * set sigreturn to be a pointer to these.
-         */
-        memcpy((void *)(vectors + KERN_SIGRETURN_CODE - CONFIG_VECTORS_BASE),
-               sigreturn_codes, sizeof(sigreturn_codes));
-        flush_icache_range(vectors, vectors + PAGE_SIZE);
+        flush_icache_range(vectors, vectors + PAGE_SIZE * 2);
        modify_domain(DOMAIN_USER, DOMAIN_CLIENT);
 #else /* ifndef CONFIG_CPU_V7M */
        /*
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
index fa25e4e425f6..7bcee5c9b604 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -148,6 +148,23 @@ SECTIONS
        . = ALIGN(PAGE_SIZE);
        __init_begin = .;
 #endif
+        /*
+         * The vectors and stubs are relocatable code, and the
+         * only thing that matters is their relative offsets
+         */
+        __vectors_start = .;
+        .vectors 0 : AT(__vectors_start) {
+                *(.vectors)
+        }
+        . = __vectors_start + SIZEOF(.vectors);
+        __vectors_end = .;
+        __stubs_start = .;
+        .stubs 0x1000 : AT(__stubs_start) {
+                *(.stubs)
+        }
+        . = __stubs_start + SIZEOF(.stubs);
+        __stubs_end = .;
        INIT_TEXT_SECTION(8)
        .exit.text : {