From a989ff898f9740651d00388c33bdf4f2a7914920 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 4 Nov 2010 11:13:59 +0000 Subject: MIPS: Don't stomp on caller's ->regs[2] in copy_thread() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We never needed that (->regs[2] is overwritten on return from syscall paths with return value of syscall, so storing it there early made no sense) and with new restart logics since d27240bf7e61d2656de18e158ec910a902030847 it has become really bad - we lose the original syscall number before the place where we decide that we might need a syscall restart. Note that for child we do need the assignment to regs[2] - it won't go through the normal return from syscall path. [Ralf: Issue found and reported by Lluís; initial investigations by me; bug finally found and patch by Al; testing by me and Lluís.] Signed-off-by: Al Viro Tested-by: Lluís Batlle i Rossell Signed-off-by: Ralf Baechle --- arch/mips/kernel/process.c | 1 - 1 file changed, 1 deletion(-) (limited to 'arch/mips/kernel') diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c index 99960940d4a4..ae167df73ddd 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c @@ -142,7 +142,6 @@ int copy_thread(unsigned long clone_flags, unsigned long usp, childregs->regs[7] = 0; /* Clear error flag */ childregs->regs[2] = 0; /* Child gets zero as return value */ - regs->regs[2] = p->pid; if (childregs->cp0_status & ST0_CU0) { childregs->regs[28] = (unsigned long) ti; -- cgit v1.2.2 From d62c9ced7ca783e64ff4d9d3d1340cfe2284d47b Mon Sep 17 00:00:00 2001 From: David Daney Date: Mon, 1 Nov 2010 17:43:08 -0700 Subject: MIPS: compat: Don't clobber personality bits in 32-bit sys_personality(). If PER_LINUX32 has been set on a 32-bit kernel, only twiddle with the low-order personality bits, let the upper bits pass through. Signed-off-by: David Daney To: linux-mips@linux-mips.org Cc: Camm Maguire Patchwork: https://patchwork.linux-mips.org/patch/1751/ Signed-off-by: Ralf Baechle --- arch/mips/kernel/linux32.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'arch/mips/kernel') diff --git a/arch/mips/kernel/linux32.c b/arch/mips/kernel/linux32.c index 6343b4a5b835..876a75cc376f 100644 --- a/arch/mips/kernel/linux32.c +++ b/arch/mips/kernel/linux32.c @@ -251,14 +251,15 @@ SYSCALL_DEFINE5(n32_msgrcv, int, msqid, u32, msgp, size_t, msgsz, SYSCALL_DEFINE1(32_personality, unsigned long, personality) { + unsigned int p = personality & 0xffffffff; int ret; - personality &= 0xffffffff; + if (personality(current->personality) == PER_LINUX32 && - personality == PER_LINUX) - personality = PER_LINUX32; - ret = sys_personality(personality); - if (ret == PER_LINUX32) - ret = PER_LINUX; + personality(p) == PER_LINUX) + p = (p & ~PER_MASK) | PER_LINUX32; + ret = sys_personality(p); + if (ret != -1 && personality(ret) == PER_LINUX32) + ret = (ret & ~PER_MASK) | PER_LINUX; return ret; } -- cgit v1.2.2 From 863abad4f644b6c12bc8176206b35fa7e7cfe1a9 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Sat, 30 Oct 2010 18:37:16 +0200 Subject: MIPS: VPE loader: Check vmalloc return value in vpe_open The return value of the vmalloc() call in arch/mips/kernel/vpe.c::vpe_open() is not checked, so we potentially store a null pointer in v->pbuffer. Add a check for a null return and then return -ENOMEM in that case. [Ralf: The check added by Jesper's original patch is where it logically should be. Adding it eleminated the need for the checks in a few other places, so I removed them. There still is a zillion of other things that need to be fixed in this file / API.] Signed-off-by: Jesper Juhl Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1747/ Signed-off-by: Ralf Baechle --- arch/mips/kernel/vpe.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) (limited to 'arch/mips/kernel') diff --git a/arch/mips/kernel/vpe.c b/arch/mips/kernel/vpe.c index 3eb3cde2f661..6a1fdfef8fde 100644 --- a/arch/mips/kernel/vpe.c +++ b/arch/mips/kernel/vpe.c @@ -1092,6 +1092,10 @@ static int vpe_open(struct inode *inode, struct file *filp) /* this of-course trashes what was there before... */ v->pbuffer = vmalloc(P_SIZE); + if (!v->pbuffer) { + pr_warning("VPE loader: unable to allocate memory\n"); + return -ENOMEM; + } v->plen = P_SIZE; v->load_addr = NULL; v->len = 0; @@ -1149,10 +1153,9 @@ static int vpe_release(struct inode *inode, struct file *filp) if (ret < 0) v->shared_ptr = NULL; - // cleanup any temp buffers - if (v->pbuffer) - vfree(v->pbuffer); + vfree(v->pbuffer); v->plen = 0; + return ret; } @@ -1169,11 +1172,6 @@ static ssize_t vpe_write(struct file *file, const char __user * buffer, if (v == NULL) return -ENODEV; - if (v->pbuffer == NULL) { - printk(KERN_ERR "VPE loader: no buffer for program\n"); - return -ENOMEM; - } - if ((count + v->len) > v->plen) { printk(KERN_WARNING "VPE loader: elf size too big. Perhaps strip uneeded symbols\n"); -- cgit v1.2.2 From 515b029d005b5694cf612a0a5ca6f861a7e45362 Mon Sep 17 00:00:00 2001 From: David Daney Date: Thu, 21 Oct 2010 16:32:26 -0700 Subject: MIPS: Send proper signal and siginfo on FP emulator faults. We were unconditionally sending SIGBUS with an empty siginfo on FP emulator faults. This differs from what happens when real floating point hardware would get a fault. For most faults we need to send SIGSEGV with the faulting address filled in in the struct siginfo. Reported-by: Camm Maguire Signed-off-by: David Daney To: linux-mips@linux-mips.org Cc: Camm Maguire Patchwork: https://patchwork.linux-mips.org/patch/1727/ Signed-off-by: Ralf Baechle --- arch/mips/kernel/traps.c | 44 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 35 insertions(+), 9 deletions(-) (limited to 'arch/mips/kernel') diff --git a/arch/mips/kernel/traps.c b/arch/mips/kernel/traps.c index 8e9fbe75894e..e97104302541 100644 --- a/arch/mips/kernel/traps.c +++ b/arch/mips/kernel/traps.c @@ -83,7 +83,8 @@ extern asmlinkage void handle_mcheck(void); extern asmlinkage void handle_reserved(void); extern int fpu_emulator_cop1Handler(struct pt_regs *xcp, - struct mips_fpu_struct *ctx, int has_fpu); + struct mips_fpu_struct *ctx, int has_fpu, + void *__user *fault_addr); void (*board_be_init)(void); int (*board_be_handler)(struct pt_regs *regs, int is_fixup); @@ -661,12 +662,36 @@ asmlinkage void do_ov(struct pt_regs *regs) force_sig_info(SIGFPE, &info, current); } +static int process_fpemu_return(int sig, void __user *fault_addr) +{ + if (sig == SIGSEGV || sig == SIGBUS) { + struct siginfo si = {0}; + si.si_addr = fault_addr; + si.si_signo = sig; + if (sig == SIGSEGV) { + if (find_vma(current->mm, (unsigned long)fault_addr)) + si.si_code = SEGV_ACCERR; + else + si.si_code = SEGV_MAPERR; + } else { + si.si_code = BUS_ADRERR; + } + force_sig_info(sig, &si, current); + return 1; + } else if (sig) { + force_sig(sig, current); + return 1; + } else { + return 0; + } +} + /* * XXX Delayed fp exceptions when doing a lazy ctx switch XXX */ asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) { - siginfo_t info; + siginfo_t info = {0}; if (notify_die(DIE_FP, "FP exception", regs, 0, regs_to_trapnr(regs), SIGFPE) == NOTIFY_STOP) @@ -675,6 +700,7 @@ asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) if (fcr31 & FPU_CSR_UNI_X) { int sig; + void __user *fault_addr = NULL; /* * Unimplemented operation exception. If we've got the full @@ -690,7 +716,8 @@ asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) lose_fpu(1); /* Run the emulator */ - sig = fpu_emulator_cop1Handler(regs, ¤t->thread.fpu, 1); + sig = fpu_emulator_cop1Handler(regs, ¤t->thread.fpu, 1, + &fault_addr); /* * We can't allow the emulated instruction to leave any of @@ -702,8 +729,7 @@ asmlinkage void do_fpe(struct pt_regs *regs, unsigned long fcr31) own_fpu(1); /* Using the FPU again. */ /* If something went wrong, signal */ - if (sig) - force_sig(sig, current); + process_fpemu_return(sig, fault_addr); return; } else if (fcr31 & FPU_CSR_INV_X) @@ -996,11 +1022,11 @@ asmlinkage void do_cpu(struct pt_regs *regs) if (!raw_cpu_has_fpu) { int sig; + void __user *fault_addr = NULL; sig = fpu_emulator_cop1Handler(regs, - ¤t->thread.fpu, 0); - if (sig) - force_sig(sig, current); - else + ¤t->thread.fpu, + 0, &fault_addr); + if (!process_fpemu_return(sig, fault_addr)) mt_ase_fp_affinity(); } -- cgit v1.2.2 From 190fca3e40a65303eac35ac4fbae4f1f1342431c Mon Sep 17 00:00:00 2001 From: Kevin Cernekee Date: Tue, 23 Nov 2010 10:26:45 -0800 Subject: MIPS: Fix regression on BCM4710 processor detection BCM4710 uses the BMIPS32 core (like BCM6345), not the MIPS 4Kc core as was previously believed. Signed-off-by: Kevin Cernekee Tested-by: Alexandros C. Couloumbis Patchwork: https://patchwork.linux-mips.org/patch/1837/ Signed-off-by: Ralf Baechle --- arch/mips/kernel/cpu-probe.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'arch/mips/kernel') diff --git a/arch/mips/kernel/cpu-probe.c b/arch/mips/kernel/cpu-probe.c index 71620e19827a..68dae7b6b5db 100644 --- a/arch/mips/kernel/cpu-probe.c +++ b/arch/mips/kernel/cpu-probe.c @@ -905,7 +905,8 @@ static inline void cpu_probe_broadcom(struct cpuinfo_mips *c, unsigned int cpu) { decode_configs(c); switch (c->processor_id & 0xff00) { - case PRID_IMP_BMIPS32: + case PRID_IMP_BMIPS32_REV4: + case PRID_IMP_BMIPS32_REV8: c->cputype = CPU_BMIPS32; __cpu_name[cpu] = "Broadcom BMIPS32"; break; @@ -933,10 +934,6 @@ static inline void cpu_probe_broadcom(struct cpuinfo_mips *c, unsigned int cpu) __cpu_name[cpu] = "Broadcom BMIPS5000"; c->options |= MIPS_CPU_ULRI; break; - case PRID_IMP_BMIPS4KC: - c->cputype = CPU_4KC; - __cpu_name[cpu] = "MIPS 4Kc"; - break; } } -- cgit v1.2.2 From 5878fc936aebf592cca418ca50773cd578f7daf4 Mon Sep 17 00:00:00 2001 From: Kevin Cernekee Date: Tue, 23 Nov 2010 10:26:44 -0800 Subject: MIPS: Fix CP0 COUNTER clockevent race Consider the following test case: write_c0_compare(read_c0_count()); Even if the counter doesn't increment during execution, this might not generate an interrupt until the counter wraps around. The CPU may perform the comparison each time CP0 COUNT increments, not when CP0 COMPARE is written. If mips_next_event() is called with a very small delta, and CP0 COUNT increments during the calculation of "cnt += delta", it is possible that CP0 COMPARE will be written with the current value of CP0 COUNT. If this is detected, the function should return -ETIME, to indicate that the interrupt might not have actually gotten scheduled. Signed-off-by: Kevin Cernekee Cc: linux-mips@linux-mips.org Cc: linux-kernel@vger.kernel.org Patchwork: https://patchwork.linux-mips.org/patch/1836/ Signed-off-by: Ralf Baechle --- arch/mips/kernel/cevt-r4k.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/mips/kernel') diff --git a/arch/mips/kernel/cevt-r4k.c b/arch/mips/kernel/cevt-r4k.c index 2f4d7a99bcc2..98c5a9737c14 100644 --- a/arch/mips/kernel/cevt-r4k.c +++ b/arch/mips/kernel/cevt-r4k.c @@ -32,7 +32,7 @@ static int mips_next_event(unsigned long delta, cnt = read_c0_count(); cnt += delta; write_c0_compare(cnt); - res = ((int)(read_c0_count() - cnt) > 0) ? -ETIME : 0; + res = ((int)(read_c0_count() - cnt) >= 0) ? -ETIME : 0; return res; } -- cgit v1.2.2 From e31fee7c3a197d88d1d0ced0e8600386da27fec4 Mon Sep 17 00:00:00 2001 From: Thomas Chou Date: Wed, 24 Nov 2010 15:35:48 +0800 Subject: MIPS: FDT size is a be32 The totalsize field was be32. And the reserve bootmem would cause failure. Signed-off-by: Thomas Chou To: devicetree-discuss@lists.ozlabs.org Cc: linux-kernel@vger.kernel.org Cc: linux-mips@linux-mips.org Cc: grant.likely@secretlab.ca Cc: David Daney Cc: Dezhong Diao Patchwork: https://patchwork.linux-mips.org/patch/1838/ Signed-off-by: Ralf Baechle --- arch/mips/kernel/prom.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/mips/kernel') diff --git a/arch/mips/kernel/prom.c b/arch/mips/kernel/prom.c index e000b278f024..9dbe58368953 100644 --- a/arch/mips/kernel/prom.c +++ b/arch/mips/kernel/prom.c @@ -100,7 +100,7 @@ void __init device_tree_init(void) return; base = virt_to_phys((void *)initial_boot_params); - size = initial_boot_params->totalsize; + size = be32_to_cpu(initial_boot_params->totalsize); /* Before we do anything, lets reserve the dt blob */ reserve_mem_mach(base, size); -- cgit v1.2.2 From d002aaadf84c081623a0a8502c122d1492fbd47c Mon Sep 17 00:00:00 2001 From: Ralf Baechle Date: Wed, 1 Dec 2010 17:33:17 +0000 Subject: MIPS: MT: Fix typo in comment. Signed-off-by: Ralf Baechle --- arch/mips/kernel/smp-mt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'arch/mips/kernel') diff --git a/arch/mips/kernel/smp-mt.c b/arch/mips/kernel/smp-mt.c index 43e7cdc5ded2..c0e81418ba21 100644 --- a/arch/mips/kernel/smp-mt.c +++ b/arch/mips/kernel/smp-mt.c @@ -153,7 +153,7 @@ static void __cpuinit vsmp_init_secondary(void) { extern int gic_present; - /* This is Malta specific: IPI,performance and timer inetrrupts */ + /* This is Malta specific: IPI,performance and timer interrupts */ if (gic_present) change_c0_status(ST0_IM, STATUSF_IP3 | STATUSF_IP4 | STATUSF_IP6 | STATUSF_IP7); -- cgit v1.2.2