Compilers may engage the improbability drive when encountering shifts
by a distance that is a multiple of the size of the operand type. Since
the required bounds check is very simple here, we can get rid of all the
fuzzy masking, shifting and comparing, and use the documented bounds
directly.
Change-Id: Ibc1b73f4a630bc182deb6edfa7458b5e29ba9577
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
The test whether a movz instruction with a signed immediate should be
turned into a movn instruction (i.e., when the immediate is negative)
is flawed, since the value of imm is always positive. Also, the
subsequent bounds check is incorrect since the limit update never
executes, due to the fact that the imm_type comparison will always be
false for negative signed immediates.
Let's fix this by performing the sign test on sval directly, and
replacing the bounds check with a simple comparison against U16_MAX.
Change-Id: I9ad3d8bfd91e5fdc6434b1be6c3062dfec193176
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
[will: tidied up use of sval, renamed MOVK enum value to MOVKZ]
Signed-off-by: Will Deacon <will.deacon@arm.com>
This reverts commit 5b42ae3eda.
This recereated arch/arm/include/asm/mach/mmc.h include file has
no active user in android-4.x kernels. Also all the necessary bits
are already moved to include/linux/amba/mmci.h.
6ef297f86b (ARM: 5720/1: Move MMCI header to amba include dir)
Change-Id: Ibf258b355d17f54f49b777a8f6e0089e9b59a3a5
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
This reverts commit 541632275e.
mmc_platform_data (or arch/arm/include/asm/mach/mmc.h in general)
has no active user in android-4.x kernels. Also all the necessary
bits are already moved to include/linux/amba/mmci.h.
6ef297f86b (ARM: 5720/1: Move MMCI header to amba include dir)
Change-Id: Iff384eb527327bf88543408e0257241c1fd99a43
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
(cherry picked from commit https://lkml.org/lkml/2016/2/4/833)
Replace calls to get_random_int() followed by a cast to (unsigned long)
with calls to get_random_long(). Also address shifting bug which, in case
of x86 removed entropy mask for mmap_rnd_bits values > 31 bits.
Bug: 26963541
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I36c156c9b8d7d157134895fddd4cd6efddcbee86
The PSCI SMP implementation is built only when both CONFIG_SMP and
CONFIG_ARM_PSCI are set, so a configuration that has the latter
but not the former can get a link error when it tries to call
psci_smp_available().
arch/arm/mach-tegra/built-in.o: In function `tegra114_cpuidle_init':
cpuidle-tegra114.c:(.init.text+0x52a): undefined reference to `psci_smp_available'
This corrects the #ifdef in the psci.h header file to match the
Makefile conditional we have for building that function.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
(cherry picked from commit be95485a0b8288a93402705730d3ea32f9f812b9)
Signed-off-by: Olof Johansson <olofj@google.com>
(cherry picked from commit https://lkml.org/lkml/2015/12/21/339)
x86: arch_mmap_rnd() uses hard-coded values, 8 for 32-bit and 28 for
64-bit, to generate the random offset for the mmap base address.
This value represents a compromise between increased ASLR
effectiveness and avoiding address-space fragmentation. Replace it
with a Kconfig option, which is sensibly bounded, so that platform
developers may choose where to place this compromise. Keep default
values as new minimums.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: Ic38735a8de2943843a73b5c20855ccfa92513422
(cherry picked from commit https://lkml.org/lkml/2015/12/21/340)
arm64: arch_mmap_rnd() uses STACK_RND_MASK to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep default values as new minimums.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I0be0bf8b1ed412863f248323e2d86b1df5bf21c6
(cherry picked from commit https://lkml.org/lkml/2015/12/21/341)
arm: arch_mmap_rnd() uses a hard-code value of 8 to generate the
random offset for the mmap base address. This value represents a
compromise between increased ASLR effectiveness and avoiding
address-space fragmentation. Replace it with a Kconfig option, which
is sensibly bounded, so that platform developers may choose where to
place this compromise. Keep 8 as the minimum acceptable value.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: I438ae2dae939ea7f311246832cb789afdd6cba4e
(cherry picked from commit https://lkml.org/lkml/2015/12/21/337)
ASLR only uses as few as 8 bits to generate the random offset for the
mmap base address on 32 bit architectures. This value was chosen to
prevent a poorly chosen value from dividing the address space in such
a way as to prevent large allocations. This may not be an issue on all
platforms. Allow the specification of a minimum number of bits so that
platforms desiring greater ASLR protection may determine where to place
the trade-off.
Bug: 24047224
Signed-off-by: Daniel Cashman <dcashman@android.com>
Signed-off-by: Daniel Cashman <dcashman@google.com>
Change-Id: Ibf9ed3d4390e9686f5cc34f605d509a20d40e6c2
Copy the config choice for CONFIG_CMDLINE_EXTEND from
arch/arm/Kconfig, including CONFIG_CMDLINE_FROM_BOOTLOADER
as the default. These will be used by drivers/of/fdt.c.
Change-Id: I8416038498ddf8fc1e99ab06109825eb1492aa7f
Signed-off-by: Colin Cross <ccross@android.com>
If the bootloader used a page table that is incompatible with domain 0
in client mode, and boots with the mmu on, then swithing domain 0 to
client mode causes a fault if we don't flush the tlb after updating
the page table pointer.
v2: Add ISB before loading dacr.
Signed-off-by: Arve Hjønnevåg <arve@android.com>
Allows a defconfig to set a list of dtbs to concatenate with an
Image.gz to create a Image.gz-dtb.
Includes 8adb162 arm64: Fix correct dtb clean-files location
Change-Id: I0b462322d5c970f1fdf37baffece7ad058099f4a
Signed-off-by: Alex Ray <aray@google.com>
Allow CONFIG_BUILD_ARM_APPENDED_DTB_IMAGE_NAMES to specify
a space separated list of dtbs to append to the zImage,
and name the resulting file zImage-dtb
Change-Id: Ied5d0bafbd1d01fc1f109c15c4283de7029903c9
Signed-off-by: Colin Cross <ccross@android.com>
Allows a defconfig to set a default dtb to concatenate with a zImage
to create a zImage-dtb.<dtb name>
Signed-off-by: Erik Gilling <konkers@android.com>
Change-Id: I34b643b1c49228fbae88a56e46c93c478089620d
In the 3.10 kernel, dtb-y is not defined in Makefile.boot anymore
but in dts/Makefile, so it needs to be included too.
Change-Id: I6d6fccf933709bcb6220ce8f12b4b9e2a7c40d63
Signed-off-by: Benoit Goby <benoit@android.com>
Move the poison pointer offset to 0xdead000000000000, a
recognized value that is not mappable by user-space exploits.
Change-Id: I558441a26a7c8390aa087f32c4cbe980de8c8ce3
Signed-off-by: Thierry Strudel <tstrudel@google.com>
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
The aarch64-linux-android- toolchain enables -fpic by default. -fpic
isn't needed for the kernel and breaks CONFIG_JUMP_LABEL, so turn it
off.
Change-Id: I685da1dc60e4cf1e9abcfb56e03654675ac02a0c
Signed-off-by: Greg Hackmann <ghackmann@google.com>
A port of 8608d7c4418c75841c562a90cddd9beae5798a48 to ARM64. Both the
original code and this port are limited to dumping kernel addresses, so
don't bother if the registers are from a userspace process.
Change-Id: Idc76804c54efaaeb70311cbb500c54db6dac4525
Signed-off-by: Greg Hackmann <ghackmann@google.com>
pfn_valid() returns a false positive when the lower (64 - PAGE_SHIFT)
bits match a valid pfn but some of the upper bits are set. This caused
a kernel panic in kpageflags_read() when a userspace utility parsed
/proc/*/pagemap, neglected to discard the upper flag bits, and tried to
lseek()+read() from the corresponding offset in /proc/kpageflags.
A valid pfn will never have the upper PAGE_SHIFT bits set, so simply
check for this before passing the pfn to memblock_is_memory().
Change-Id: Ief5d8cd4dd93cbecd545a634a8d5885865cb5970
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Bail out early if IRQs are disabled in do_page_fault or else
[14415.157266] BUG: sleeping function called from invalid context at arch/arm/mm/fault.c:301
Russell King's idea from
http://comments.gmane.org/gmane.linux.ports.arm.omap/59256
Signed-off-by: JP Abgrall <jpa@google.com>
If the console_lock was held while the system was rebooted, the messages
in the temporary logbuffer would not have propogated to all the console
drivers.
This force releases the console lock if it failed to be acquired.
Change-Id: I193dcf7b968be17966833e50b8b8bc70d5d9fe89
Signed-off-by: Dima Zavin <dima@android.com>
If CACHE_FLUSH_RANGE_LIMIT is defined, then the entire dcache will
be flushed if the requested range is larger than this limit.
Change-Id: I29277d645a9d6716b1952cf3b870c78496261dd0
Signed-off-by: Arve Hjønnevåg <arve@android.com>
This is extremely useful in diagnosing remote crashes, and is based heavily
on original work by <md@google.com>.
Signed-off-by: San Mehat <san@google.com>
Cc: Michael Davidson <md@google.com>
[ARM] process: Use uber-safe probe_kernel_address() to read mem when dumping.
This prevents the dump from taking pagefaults / external aborts.
Change-Id: I8df76e8638780f94fb1bd7ea4471e3f7b01df950
Signed-off-by: San Mehat <san@google.com>
Move the x86_64 idle notifiers originally by Andi Kleen and Venkatesh
Pallipadi to generic.
Change-Id: Idf29cda15be151f494ff245933c12462643388d5
Acked-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Signed-off-by: Todd Poynor <toddpoynor@google.com>
Move fiq_debugger into drivers/staging/android/fiq_debugger/ to
allow for sharing between ARM and ARM64.
Change-Id: I6ca5e8b7e3d000f57da3234260261c5592cef2a8
Signed-off-by: Colin Cross <ccross@android.com>
Avoid conflicts with user mode usage of the same instructions, as with
Clang -ftrapv.
Change-Id: I12d1c6d8f94376bfd2503cb0be843d7e478fb6ea
Signed-off-by: Todd Poynor <toddpoynor@google.com>
debug_console_write calls debug_uart_flush, which will usually wait
until the serial port fifo empties. If another thread is continuously
calling fiq_tty_write, the fifo will constantly be refilled and
debug_uart_flush might never return.
Add a spinlock that is locked in debug_console_write and fiq_tty_write
to ensure they can't run at the same time. This has an extra advantage
of preventing lines from the console and tty from being mixed together.
Also reduce the size returned by fiq_tty_write_room to keep the time
spent with the spinlock held to a reasonable value.
In addition, make sure fiq context can't loop forever by never calling
debug_uart_flush when the console is enabled.
Change-Id: I5712b01f740ca0c84f680d2032c9fa16b7656939
Signed-off-by: Colin Cross <ccross@android.com>
kernel_restart cannot be called from interrupt context. Add support for
commands called from a work function, and implement the "reboot" command
there. Also rename the existing irq-mode command to "reset" and change
it to use machine_restart instead of kernel_restart.
Change-Id: I3c423147c01db03d89e95a5b99096ca89462079f
Signed-off-by: Colin Cross <ccross@android.com>
Fix setting up consoles on multiple fiq debugger devices by
splitting the tty driver init into the initcall, and initializing
the single tty device during probe. Has the side effect of moving
the tty device node to /dev/ttyFIQx, where x is the platform device
id, which should normally match the serial port.
To avoid having to pass a different console=/dev/ttyFIQx for every
device, make the fiq debugger a preferred console that will be used
by default if no console was passed on the command line.
Change-Id: I6cc2670628a41e84615859bc96adba189966d647
Signed-off-by: Colin Cross <ccross@android.com>
Adds polling tty ops to the fiq debugger console tty, which allows
kgdb to run against an fiq debugger console.
Add a check in do_sysrq to prevent enabling kgdb from the fiq
debugger unless a flag (writable only by root) has been set. This
should make it safe to enable KGDB on a production device.
Also add a shortcut to enable the console and kgdb together, to
allow kgdb to be enabled when the shell on the console is not
responding.
Change-Id: Ifc65239ca96c9887431a6a36b9b44a539002f544
Signed-off-by: Colin Cross <ccross@android.com>
Convert all the calls to state->pdata->uart_putc to a debug_putc
helper.
Change-Id: Idc007bd170ff1b51d0325e238105ae0c86d23777
Signed-off-by: Colin Cross <ccross@android.com>
Pass the rest of the reboot command to kernel_restart to allow
reboot bootloader to work from FIQ debugger.
Change-Id: I4e7b366a69268dda17ffcf4c84f2373d15cb1271
Signed-off-by: Colin Cross <ccross@android.com>
Call kernel_restart instead of arch_reset, the ARM reset handling
has changed.
Remove localtimer irq printing, they now show up in the regular
irq stats.
Change-Id: I523da343b292c5711f3e1cbfd766d32eea2da84e
Signed-off-by: Colin Cross <ccross@android.com>
This is the final small set of ARM SoC bug fixes for linux-4.4,
almost all regressions:
OMAP: data corruption on the Nokia N900 flash
Allwinner: Two defconfig change to get USB working again
ARM Versatile: Interrupt numbers gone bad after an older bug fix
Nomadik: Crashes from incorrect L2 cache settings
VIA vt8500: SD/MMC support on WM8650 never worked
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVpA/vGCrR//JCVInAQK1NQ//fk4EYJj6JMwaB/I2hGtpUpartVtXj9tj
916+NazORGc/UBP9vG/bLWnZrKzZQdeLd2HwDT9eyHtZ+Qq8bm+No312l10EATkS
EAZKy4oy0HH5BD8yE5xM+CQn9fxh8GcmGJ/hKacpJnY2e0aaGgp9iHiPWH8kRmO4
kBbUWsbfGjxzfM+a/9XGrzcTWZLSOu6VGtxvdp2rGy+Un8AWVc6FQz48xsFXWivB
5JHp0qTnyUebSNbsxq05BDorybDuNSho5d3r94H85WwfbdybCxuFYedTZ1r3vCh9
rWDI8R2vb3uotzYYjigRwyYqggUz6TewWqwnyeyGsMHOCEU/q/2n2ASLhdxKl2x8
UZ+kKDhRiraaxnsNh/apVy4yvs7KmsUM6DgxzvXW3uyrrLrjJyGHKY5doHt5Z5mJ
ErhOW024skA8GNiWObmNiKzUdKEbO4e7ReFgwbLbA8W6ACVVMNdL4udsmkb+nj25
+VFWOg5WVG5WJFaEoSOGze7J0+SSwu7wP0HRPmWFotslExh5HsrvkSw429sDDB0R
4OwT0Ru0vDZvGrHD+Bu6mFJO1nL2kWKVsolyben1sA+OIbm7eoHcennRUFf2sog0
yWD03DT9iz//bmWPHVntcdRTTaXYvaChPWzHxlbBxw2DCfRkzy4Tx/Ic44s2Kjuq
PgQjTmNlnQ8=
=Z1E0
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Arnd Bergmann:
"This is the final small set of ARM SoC bug fixes for linux-4.4, almost
all regressions:
OMAP:
- data corruption on the Nokia N900 flash
Allwinner:
- Two defconfig change to get USB working again
ARM Versatile:
- Interrupt numbers gone bad after an older bug fix
Nomadik:
- Crashes from incorrect L2 cache settings
VIA vt8500:
- SD/MMC support on WM8650 never worked"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
dts: vt8500: Add SDHC node to DTS file for WM8650
ARM: Fix broken USB support in multi_v7_defconfig for sunxi devices
ARM: versatile: fix MMC/SD interrupt assignment
ARM: nomadik: set latencies to 8 cycles
ARM: OMAP2+: Fix onenand rate detection to avoid filesystem corruption
ARM: Fix broken USB support in sunxi_defconfig