Patch "sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code." has been added to the 4.4-stable tree

All of lore.kernel.org
 help / color / mirror / Atom feed

From: <gregkh@linuxfoundation.org>
To: davem@davemloft.net, gregkh@linuxfoundation.org
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code." has been added to the 4.4-stable tree
Date: Sat, 19 Nov 2016 09:53:27 +0100	[thread overview]
Message-ID: <1479545607202220@kroah.com> (raw)


This is a note to let you know that I've just added the patch titled

    sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code.

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     sparc64-fix-illegal-relative-branches-in-hypervisor-patched-tlb-cross-call-code.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From foo@baz Sat Nov 19 09:52:37 CET 2016
From: "David S. Miller" <davem@davemloft.net>
Date: Wed, 26 Oct 2016 10:20:14 -0700
Subject: sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code.

From: "David S. Miller" <davem@davemloft.net>


[ Upstream commit a236441bb69723032db94128761a469030c3fe6d ]

Just like the non-cross-call TLB flush handlers, the cross-call ones need
to avoid doing PC-relative branches outside of their code blocks.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/sparc/mm/ultra.S |   42 ++++++++++++++++++++++++++++++------------
 1 file changed, 30 insertions(+), 12 deletions(-)

--- a/arch/sparc/mm/ultra.S
+++ b/arch/sparc/mm/ultra.S
@@ -484,7 +484,7 @@ cheetah_patch_cachetlbops:
 	 */
 	.align		32
 	.globl		xcall_flush_tlb_mm
-xcall_flush_tlb_mm:	/* 21 insns */
+xcall_flush_tlb_mm:	/* 24 insns */
 	mov		PRIMARY_CONTEXT, %g2
 	ldxa		[%g2] ASI_DMMU, %g3
 	srlx		%g3, CTX_PGSZ1_NUC_SHIFT, %g4
@@ -506,9 +506,12 @@ xcall_flush_tlb_mm:	/* 21 insns */
 	nop
 	nop
 	nop
+	nop
+	nop
+	nop
 
 	.globl		xcall_flush_tlb_page
-xcall_flush_tlb_page:	/* 17 insns */
+xcall_flush_tlb_page:	/* 20 insns */
 	/* %g5=context, %g1=vaddr */
 	mov		PRIMARY_CONTEXT, %g4
 	ldxa		[%g4] ASI_DMMU, %g2
@@ -527,9 +530,12 @@ xcall_flush_tlb_page:	/* 17 insns */
 	retry
 	nop
 	nop
+	nop
+	nop
+	nop
 
 	.globl		xcall_flush_tlb_kernel_range
-xcall_flush_tlb_kernel_range:	/* 25 insns */
+xcall_flush_tlb_kernel_range:	/* 28 insns */
 	sethi		%hi(PAGE_SIZE - 1), %g2
 	or		%g2, %lo(PAGE_SIZE - 1), %g2
 	andn		%g1, %g2, %g1
@@ -555,6 +561,9 @@ xcall_flush_tlb_kernel_range:	/* 25 insn
 	nop
 	nop
 	nop
+	nop
+	nop
+	nop
 
 	/* This runs in a very controlled environment, so we do
 	 * not need to worry about BH races etc.
@@ -737,7 +746,7 @@ __hypervisor_tlb_xcall_error:
 	ba,a,pt	%xcc, rtrap
 
 	.globl		__hypervisor_xcall_flush_tlb_mm
-__hypervisor_xcall_flush_tlb_mm: /* 21 insns */
+__hypervisor_xcall_flush_tlb_mm: /* 24 insns */
 	/* %g5=ctx, g1,g2,g3,g4,g7=scratch, %g6=unusable */
 	mov		%o0, %g2
 	mov		%o1, %g3
@@ -751,7 +760,7 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 i
 	mov		HV_FAST_MMU_DEMAP_CTX, %o5
 	ta		HV_FAST_TRAP
 	mov		HV_FAST_MMU_DEMAP_CTX, %g6
-	brnz,pn		%o0, __hypervisor_tlb_xcall_error
+	brnz,pn		%o0, 1f
 	 mov		%o0, %g5
 	mov		%g2, %o0
 	mov		%g3, %o1
@@ -760,9 +769,12 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 i
 	mov		%g7, %o5
 	membar		#Sync
 	retry
+1:	sethi		%hi(__hypervisor_tlb_xcall_error), %g4
+	jmpl		%g4 + %lo(__hypervisor_tlb_xcall_error), %g0
+	 nop
 
 	.globl		__hypervisor_xcall_flush_tlb_page
-__hypervisor_xcall_flush_tlb_page: /* 17 insns */
+__hypervisor_xcall_flush_tlb_page: /* 20 insns */
 	/* %g5=ctx, %g1=vaddr */
 	mov		%o0, %g2
 	mov		%o1, %g3
@@ -774,16 +786,19 @@ __hypervisor_xcall_flush_tlb_page: /* 17
 	sllx		%o0, PAGE_SHIFT, %o0
 	ta		HV_MMU_UNMAP_ADDR_TRAP
 	mov		HV_MMU_UNMAP_ADDR_TRAP, %g6
-	brnz,a,pn	%o0, __hypervisor_tlb_xcall_error
+	brnz,a,pn	%o0, 1f
 	 mov		%o0, %g5
 	mov		%g2, %o0
 	mov		%g3, %o1
 	mov		%g4, %o2
 	membar		#Sync
 	retry
+1:	sethi		%hi(__hypervisor_tlb_xcall_error), %g4
+	jmpl		%g4 + %lo(__hypervisor_tlb_xcall_error), %g0
+	 nop
 
 	.globl		__hypervisor_xcall_flush_tlb_kernel_range
-__hypervisor_xcall_flush_tlb_kernel_range: /* 25 insns */
+__hypervisor_xcall_flush_tlb_kernel_range: /* 28 insns */
 	/* %g1=start, %g7=end, g2,g3,g4,g5,g6=scratch */
 	sethi		%hi(PAGE_SIZE - 1), %g2
 	or		%g2, %lo(PAGE_SIZE - 1), %g2
@@ -800,7 +815,7 @@ __hypervisor_xcall_flush_tlb_kernel_rang
 	mov		HV_MMU_ALL, %o2	/* ARG2: flags */
 	ta		HV_MMU_UNMAP_ADDR_TRAP
 	mov		HV_MMU_UNMAP_ADDR_TRAP, %g6
-	brnz,pn		%o0, __hypervisor_tlb_xcall_error
+	brnz,pn		%o0, 1f
 	 mov		%o0, %g5
 	sethi		%hi(PAGE_SIZE), %o2
 	brnz,pt		%g3, 1b
@@ -810,6 +825,9 @@ __hypervisor_xcall_flush_tlb_kernel_rang
 	mov		%g7, %o2
 	membar		#Sync
 	retry
+1:	sethi		%hi(__hypervisor_tlb_xcall_error), %g4
+	jmpl		%g4 + %lo(__hypervisor_tlb_xcall_error), %g0
+	 nop
 
 	/* These just get rescheduled to PIL vectors. */
 	.globl		xcall_call_function
@@ -894,21 +912,21 @@ hypervisor_patch_cachetlbops:
 	sethi		%hi(__hypervisor_xcall_flush_tlb_mm), %o1
 	or		%o1, %lo(__hypervisor_xcall_flush_tlb_mm), %o1
 	call		tlb_patch_one
-	 mov		21, %o2
+	 mov		24, %o2
 
 	sethi		%hi(xcall_flush_tlb_page), %o0
 	or		%o0, %lo(xcall_flush_tlb_page), %o0
 	sethi		%hi(__hypervisor_xcall_flush_tlb_page), %o1
 	or		%o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1
 	call		tlb_patch_one
-	 mov		17, %o2
+	 mov		20, %o2
 
 	sethi		%hi(xcall_flush_tlb_kernel_range), %o0
 	or		%o0, %lo(xcall_flush_tlb_kernel_range), %o0
 	sethi		%hi(__hypervisor_xcall_flush_tlb_kernel_range), %o1
 	or		%o1, %lo(__hypervisor_xcall_flush_tlb_kernel_range), %o1
 	call		tlb_patch_one
-	 mov		25, %o2
+	 mov		28, %o2
 #endif /* CONFIG_SMP */
 
 	ret


Patches currently in stable-queue which might be from davem@davemloft.net are

queue-4.4/sparc64-delete-now-unused-user-copy-fixup-functions.patch
queue-4.4/net-__skb_flow_dissect-must-cap-its-return-value.patch
queue-4.4/tcp-take-care-of-truncations-done-by-sk_filter.patch
queue-4.4/net-clear-sk_err_soft-in-sk_clone_lock.patch
queue-4.4/sparc64-convert-copy_in_user-to-accurate-exception-reporting.patch
queue-4.4/sparc64-handle-extremely-large-kernel-tlb-range-flushes-more-gracefully.patch
queue-4.4/sparc-handle-negative-offsets-in-arch_jump_label_transform.patch
queue-4.4/sparc64-delete-__ret_efault.patch
queue-4.4/dctcp-avoid-bogus-doubling-of-cwnd-after-loss.patch
queue-4.4/sparc64-delete-now-unused-user-copy-assembler-helpers.patch
queue-4.4/net-mangle-zero-checksum-in-skb_checksum_help.patch
queue-4.4/sparc64-mm-fix-base-tsb-sizing-when-hugetlb-pages-are-used.patch
queue-4.4/ip6_tunnel-clear-ip6cb-in-ip6tunnel_xmit.patch
queue-4.4/sctp-assign-assoc_id-earlier-in-__sctp_connect.patch
queue-4.4/sparc64-convert-ng4copy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.4/ipv6-dccp-fix-out-of-bound-access-in-dccp_v6_err.patch
queue-4.4/sparc64-convert-u3copy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.4/sparc64-convert-ng2copy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.4/sparc64-fix-illegal-relative-branches-in-hypervisor-patched-tlb-code.patch
queue-4.4/sparc64-convert-gencopy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.4/sparc64-convert-u1copy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.4/sparc-don-t-leak-context-bits-into-thread-fault_address.patch
queue-4.4/sparc64-prepare-to-move-to-more-saner-user-copy-exception-handling.patch
queue-4.4/bgmac-stop-clearing-dma-receive-control-register-right-after-it-is-set.patch
queue-4.4/ipv6-dccp-add-missing-bind_conflict-to-dccp_ipv6_mapped.patch
queue-4.4/tcp-fix-potential-memory-corruption.patch
queue-4.4/sparc64-convert-ngcopy_-from-to-_user-to-accurate-exception-reporting.patch
queue-4.4/fib_trie-correct-proc-net-route-off-by-one-error.patch
queue-4.4/sparc64-fix-illegal-relative-branches-in-hypervisor-patched-tlb-cross-call-code.patch
queue-4.4/sparc64-handle-extremely-large-kernel-tsb-range-flushes-sanely.patch
queue-4.4/sparc64-fix-instruction-count-in-comment-for-__hypervisor_flush_tlb_pending.patch
queue-4.4/sparc-serial-sunhv-fix-a-double-lock-bug.patch
queue-4.4/dccp-do-not-send-reset-to-already-closed-sockets.patch
queue-4.4/ipv4-use-new_gw-for-redirect-neigh-lookup.patch
queue-4.4/dccp-fix-out-of-bound-access-in-dccp_v4_err.patch
queue-4.4/sock-fix-sendmmsg-for-partial-sendmsg.patch

                 reply	other threads:[~2016-11-19  8:53 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1479545607202220@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=davem@davemloft.net \
    --cc=stable-commits@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.