Patch "sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code." has been added to the 4.8-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code.

to the 4.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     sparc64-fix-illegal-relative-branches-in-hypervisor-patched-tlb-cross-call-code.patch
and it can be found in the queue-4.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Sat Nov 19 09:52:59 CET 2016
From: "David S. Miller" <davem@xxxxxxxxxxxxx>
Date: Wed, 26 Oct 2016 10:20:14 -0700
Subject: sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code.

From: "David S. Miller" <davem@xxxxxxxxxxxxx>


[ Upstream commit a236441bb69723032db94128761a469030c3fe6d ]

Just like the non-cross-call TLB flush handlers, the cross-call ones need
to avoid doing PC-relative branches outside of their code blocks.

Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 arch/sparc/mm/ultra.S |   42 ++++++++++++++++++++++++++++++------------
 1 file changed, 30 insertions(+), 12 deletions(-)

--- a/arch/sparc/mm/ultra.S
+++ b/arch/sparc/mm/ultra.S
@@ -484,7 +484,7 @@ cheetah_patch_cachetlbops:
 	 */
 	.align		32
 	.globl		xcall_flush_tlb_mm
-xcall_flush_tlb_mm:	/* 21 insns */
+xcall_flush_tlb_mm:	/* 24 insns */
 	mov		PRIMARY_CONTEXT, %g2
 	ldxa		[%g2] ASI_DMMU, %g3
 	srlx		%g3, CTX_PGSZ1_NUC_SHIFT, %g4
@@ -506,9 +506,12 @@ xcall_flush_tlb_mm:	/* 21 insns */
 	nop
 	nop
 	nop
+	nop
+	nop
+	nop
 
 	.globl		xcall_flush_tlb_page
-xcall_flush_tlb_page:	/* 17 insns */
+xcall_flush_tlb_page:	/* 20 insns */
 	/* %g5=context, %g1=vaddr */
 	mov		PRIMARY_CONTEXT, %g4
 	ldxa		[%g4] ASI_DMMU, %g2
@@ -527,9 +530,12 @@ xcall_flush_tlb_page:	/* 17 insns */
 	retry
 	nop
 	nop
+	nop
+	nop
+	nop
 
 	.globl		xcall_flush_tlb_kernel_range
-xcall_flush_tlb_kernel_range:	/* 25 insns */
+xcall_flush_tlb_kernel_range:	/* 28 insns */
 	sethi		%hi(PAGE_SIZE - 1), %g2
 	or		%g2, %lo(PAGE_SIZE - 1), %g2
 	andn		%g1, %g2, %g1
@@ -555,6 +561,9 @@ xcall_flush_tlb_kernel_range:	/* 25 insn
 	nop
 	nop
 	nop
+	nop
+	nop
+	nop
 
 	/* This runs in a very controlled environment, so we do
 	 * not need to worry about BH races etc.
@@ -737,7 +746,7 @@ __hypervisor_tlb_xcall_error:
 	ba,a,pt	%xcc, rtrap
 
 	.globl		__hypervisor_xcall_flush_tlb_mm
-__hypervisor_xcall_flush_tlb_mm: /* 21 insns */
+__hypervisor_xcall_flush_tlb_mm: /* 24 insns */
 	/* %g5=ctx, g1,g2,g3,g4,g7=scratch, %g6=unusable */
 	mov		%o0, %g2
 	mov		%o1, %g3
@@ -751,7 +760,7 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 i
 	mov		HV_FAST_MMU_DEMAP_CTX, %o5
 	ta		HV_FAST_TRAP
 	mov		HV_FAST_MMU_DEMAP_CTX, %g6
-	brnz,pn		%o0, __hypervisor_tlb_xcall_error
+	brnz,pn		%o0, 1f
 	 mov		%o0, %g5
 	mov		%g2, %o0
 	mov		%g3, %o1
@@ -760,9 +769,12 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 i
 	mov		%g7, %o5
 	membar		#Sync
 	retry
+1:	sethi		%hi(__hypervisor_tlb_xcall_error), %g4
+	jmpl		%g4 + %lo(__hypervisor_tlb_xcall_error), %g0
+	 nop
 
 	.globl		__hypervisor_xcall_flush_tlb_page
-__hypervisor_xcall_flush_tlb_page: /* 17 insns */
+__hypervisor_xcall_flush_tlb_page: /* 20 insns */
 	/* %g5=ctx, %g1=vaddr */
 	mov		%o0, %g2
 	mov		%o1, %g3
@@ -774,16 +786,19 @@ __hypervisor_xcall_flush_tlb_page: /* 17
 	sllx		%o0, PAGE_SHIFT, %o0
 	ta		HV_MMU_UNMAP_ADDR_TRAP
 	mov		HV_MMU_UNMAP_ADDR_TRAP, %g6
-	brnz,a,pn	%o0, __hypervisor_tlb_xcall_error
+	brnz,a,pn	%o0, 1f
 	 mov		%o0, %g5
 	mov		%g2, %o0
 	mov		%g3, %o1
 	mov		%g4, %o2
 	membar		#Sync
 	retry
+1:	sethi		%hi(__hypervisor_tlb_xcall_error), %g4
+	jmpl		%g4 + %lo(__hypervisor_tlb_xcall_error), %g0
+	 nop
 
 	.globl		__hypervisor_xcall_flush_tlb_kernel_range
-__hypervisor_xcall_flush_tlb_kernel_range: /* 25 insns */
+__hypervisor_xcall_flush_tlb_kernel_range: /* 28 insns */
 	/* %g1=start, %g7=end, g2,g3,g4,g5,g6=scratch */
 	sethi		%hi(PAGE_SIZE - 1), %g2
 	or		%g2, %lo(PAGE_SIZE - 1), %g2
@@ -800,7 +815,7 @@ __hypervisor_xcall_flush_tlb_kernel_rang
 	mov		HV_MMU_ALL, %o2	/* ARG2: flags */
 	ta		HV_MMU_UNMAP_ADDR_TRAP
 	mov		HV_MMU_UNMAP_ADDR_TRAP, %g6
-	brnz,pn		%o0, __hypervisor_tlb_xcall_error
+	brnz,pn		%o0, 1f
 	 mov		%o0, %g5
 	sethi		%hi(PAGE_SIZE), %o2
 	brnz,pt		%g3, 1b
@@ -810,6 +825,9 @@ __hypervisor_xcall_flush_tlb_kernel_rang
 	mov		%g7, %o2
 	membar		#Sync
 	retry
+1:	sethi		%hi(__hypervisor_tlb_xcall_error), %g4
+	jmpl		%g4 + %lo(__hypervisor_tlb_xcall_error), %g0
+	 nop
 
 	/* These just get rescheduled to PIL vectors. */
 	.globl		xcall_call_function
@@ -894,21 +912,21 @@ hypervisor_patch_cachetlbops:
 	sethi		%hi(__hypervisor_xcall_flush_tlb_mm), %o1
 	or		%o1, %lo(__hypervisor_xcall_flush_tlb_mm), %o1
 	call		tlb_patch_one
-	 mov		21, %o2
+	 mov		24, %o2
 
 	sethi		%hi(xcall_flush_tlb_page), %o0
 	or		%o0, %lo(xcall_flush_tlb_page), %o0
 	sethi		%hi(__hypervisor_xcall_flush_tlb_page), %o1
 	or		%o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1
 	call		tlb_patch_one
-	 mov		17, %o2
+	 mov		20, %o2
 
 	sethi		%hi(xcall_flush_tlb_kernel_range), %o0
 	or		%o0, %lo(xcall_flush_tlb_kernel_range), %o0
 	sethi		%hi(__hypervisor_xcall_flush_tlb_kernel_range), %o1
 	or		%o1, %lo(__hypervisor_xcall_flush_tlb_kernel_range), %o1
 	call		tlb_patch_one
-	 mov		25, %o2
+	 mov		28, %o2
 #endif /* CONFIG_SMP */
 
 	ret


Patches currently in stable-queue which might be from davem@xxxxxxxxxxxxx are

queue-4.8/sparc64-delete-now-unused-user-copy-fixup-functions.patch
queue-4.8/net-__skb_flow_dissect-must-cap-its-return-value.patch
queue-4.8/tcp-take-care-of-truncations-done-by-sk_filter.patch
queue-4.8/net-clear-sk_err_soft-in-sk_clone_lock.patch
queue-4.8/dccp-do-not-release-listeners-too-soon.patch
queue-4.8/sparc64-convert-copy_in_user-to-accurate-exception-reporting.patch
queue-4.8/net-stmmac-fix-lack-of-link-transition-for-fixed-phys.patch
queue-4.8/sparc64-handle-extremely-large-kernel-tlb-range-flushes-more-gracefully.patch
queue-4.8/sparc-handle-negative-offsets-in-arch_jump_label_transform.patch
queue-4.8/sparc64-delete-__ret_efault.patch
queue-4.8/dctcp-avoid-bogus-doubling-of-cwnd-after-loss.patch
queue-4.8/sparc64-delete-now-unused-user-copy-assembler-helpers.patch
queue-4.8/revert-bnx2-reset-device-during-driver-initialization.patch
queue-4.8/net-mangle-zero-checksum-in-skb_checksum_help.patch
queue-4.8/revert-include-uapi-linux-atm_zatm.h-include-linux-time.h.patch
queue-4.8/ipv4-allow-local-fragmentation-in-ip_finish_output_gso.patch
queue-4.8/tcp-fix-return-value-for-partial-writes.patch
queue-4.8/ip6_tunnel-clear-ip6cb-in-ip6tunnel_xmit.patch
queue-4.8/sctp-assign-assoc_id-earlier-in-__sctp_connect.patch
queue-4.8/sparc64-convert-ng4copy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.8/bpf-fix-htab-map-destruction-when-extra-reserve-is-in-use.patch
queue-4.8/ipv6-dccp-fix-out-of-bound-access-in-dccp_v6_err.patch
queue-4.8/sparc64-convert-u3copy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.8/sparc64-convert-ng2copy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.8/sparc64-fix-illegal-relative-branches-in-hypervisor-patched-tlb-code.patch
queue-4.8/sparc64-convert-gencopy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.8/sparc64-convert-u1copy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.8/sctp-change-sk-state-only-when-it-has-assocs-in-sctp_shutdown.patch
queue-4.8/sparc64-prepare-to-move-to-more-saner-user-copy-exception-handling.patch
queue-4.8/bnx2-wait-for-in-flight-dma-to-complete-at-probe-stage.patch
queue-4.8/bgmac-stop-clearing-dma-receive-control-register-right-after-it-is-set.patch
queue-4.8/ipv6-dccp-add-missing-bind_conflict-to-dccp_ipv6_mapped.patch
queue-4.8/tcp-fix-potential-memory-corruption.patch
queue-4.8/sparc64-convert-ngcopy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.8/fib_trie-correct-proc-net-route-off-by-one-error.patch
queue-4.8/mlxsw-spectrum_router-correctly-dump-neighbour-activity.patch
queue-4.8/sparc64-fix-illegal-relative-branches-in-hypervisor-patched-tlb-cross-call-code.patch
queue-4.8/mlxsw-spectrum-fix-refcount-bug-on-span-entries.patch
queue-4.8/sparc64-handle-extremely-large-kernel-tsb-range-flushes-sanely.patch
queue-4.8/sparc64-fix-instruction-count-in-comment-for-__hypervisor_flush_tlb_pending.patch
queue-4.8/dccp-do-not-send-reset-to-already-closed-sockets.patch
queue-4.8/ipv4-use-new_gw-for-redirect-neigh-lookup.patch
queue-4.8/net-icmp6_send-should-use-dst-dev-to-determine-l3-domain.patch
queue-4.8/dccp-fix-out-of-bound-access-in-dccp_v4_err.patch
queue-4.8/net-icmp_route_lookup-should-use-rt-dev-to-determine-l3-domain.patch
queue-4.8/sock-fix-sendmmsg-for-partial-sendmsg.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]