Commit graph

25923 commits

Author SHA1 Message Date
Ralf Baechle
9c1f1257a3 [MIPS] Replace redundant declarations of _end by <asm/sections.h>.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:20 +02:00
Ralf Baechle
ba8990f2ae [MIPS] JMR3927 build fixes for the RTC code.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:20 +02:00
Ralf Baechle
67cbeb334e [MIPS] EV96100: ev96100_cpu_irq needs a struct pt_regs argument.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:20 +02:00
Ralf Baechle
2ef2e1d973 [MIPS] EV96100: Fix over two year old typo in variable name.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:20 +02:00
Ralf Baechle
c40b92e09c [MIPS] Ocelot 3: Fix build errors after the recent move of Marvell headers.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:20 +02:00
Ralf Baechle
088cf96a69 [MIPS] MV6434x: Add prototype of interrupt dispatch function.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:20 +02:00
Ralf Baechle
ac2384a855 [MIPS] it8172: Fix build of serial driver.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:19 +02:00
Ralf Baechle
ed00e87fd0 [MIPS] ITE: Glue build.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:19 +02:00
Ralf Baechle
13626a887f [MIPS] MV6434x: The name of the CPP symbol is __mips__, not __MIPS__.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:19 +02:00
Ralf Baechle
b56bce9a25 [MIPS] Jaguar: Fix build errors after the recent move of Marvell headers.
Some things were renamed because the PPC variant of the MV-643XX now
uses the same header and the Jaguar code didn't catch up on that.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:19 +02:00
Ralf Baechle
0428657d87 [MIPS] ITE8172: Fix build error due to missmatching prototypes.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:19 +02:00
Ralf Baechle
f13b68e817 [MIPS] Fix CONFIG_LIMITED_DMA build.
This fix a build error for the Momentum Jaguar ATX eval board.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:19 +02:00
Ralf Baechle
41d4f0e612 [MIPS] PNX8550 build fix.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:19 +02:00
Ralf Baechle
93373ed4d8 [MIPS] Rewrite spurious_interrupt from assembler to C.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:18 +02:00
Ralf Baechle
c9e321e095 [MIPS] Fix breakage due to the grand makefile crapectomy.
It's cc-option not cc-options.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:14 +02:00
Ralf Baechle
e49ed7f591 [MIPS] Sort out duplicate exports.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:14 +02:00
Ralf Baechle
a8d587a71b [MIPS] Wire up sync_file_range(2).
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:14 +02:00
Ralf Baechle
f115da9cd6 [MIPS] Wire splice syscall.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:13 +02:00
Ralf Baechle
84ada9f856 [MIPS] More SHT_* and SHF_* ELF definitions.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:13 +02:00
Ralf Baechle
91b05e6776 [MIPS] Fix vectored interrupt support in TLB exception handler generator.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:13 +02:00
Ralf Baechle
15c4f67ab8 [MIPS] Provide access functions for c0_badvaddr.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:13 +02:00
Ralf Baechle
ff3eab2a98 [MIPS] Some formatting fixes.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:13 +02:00
Ralf Baechle
7acb783ecd [MIPS] Fixup printk in mips_srs_init.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:13 +02:00
Ralf Baechle
e76038dcc0 [MIPS] Remove redundant initialization of sr_allocated.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:13 +02:00
Ralf Baechle
b4d05cb9cb [MIPS] Make set_vi_srs_handler static.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:12 +02:00
Ralf Baechle
6fd11a2173 [MIPS] Cleanup free_initmem the same way as i386 did.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:12 +02:00
Yoichi Yuasa
18b68e1561 [MIPS] Added tb0287_defconfig back.
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2006-04-19 04:14:12 +02:00
Linus Torvalds
385910f2b2 x86: be careful about tailcall breakage for sys_open[at] too
Came up through a quick grep for other cases similar to the ftruncate()
one in commit 0a489cb3b6.

Also, add a comment, so that people who read the code understand why we
do what looks like a no-op.

(Again, this won't actually matter to any sane user, since libc will
save and restore the register gcc stomps on, but it's still wrong to
stomp on it)

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-18 13:22:59 -07:00
Linus Torvalds
0a489cb3b6 x86: don't allow tail-calls in sys_ftruncate[64]()
Gcc thinks it owns the incoming argument stack, but that's not true for
"asmlinkage" functions, and it corrupts the caller-set-up argument stack
when it pushes the third argument onto the stack.  Which can result in
%ebx getting corrupted in user space.

Now, normally nobody sane would ever notice, since libc will save and
restore %ebx anyway over the system call, but it's still wrong.

I'd much rather have "asmlinkage" tell gcc directly that it doesn't own
the stack, but no such attribute exists, so we're stuck with our hacky
manual "prevent_tail_call()" macro once more (we've had the same issue
before with sys_waitpid() and sys_wait4()).

Thanks to Hans-Werner Hilse <hilse@sub.uni-goettingen.de> for reporting
the issue and testing the fix.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-18 13:02:48 -07:00
Linus Torvalds
ac69e973ff Merge branch 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm: Fix further issues in drivers/char/drm/via_irq.c
  drivers/char/drm/drm_memory.c: possible cleanups
  drm: deline a few large inlines in DRM code
  drm: remove master setting from add/remove context
  drm: drm_pci needs dma-mapping.h
  [PATCH] drm: Fix issue reported by Coverity in drivers/char/drm/via_irq.c
2006-04-18 10:49:11 -07:00
Andi Kleen
102e41fd9d [PATCH] i386: Move CONFIG_DOUBLEFAULT into arch/i386 where it belongs.
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-18 10:39:20 -07:00
Andi Kleen
f1233ab2ce [PATCH] x86_64: Add tee and sync_file_range
tee was already there for some reason for native 64bit, but
sys_sync_file_range was missing. Also add it to the compat layer.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-18 10:39:20 -07:00
Andi Kleen
6fa679fdea [PATCH] x86_64: Increase NUMA hash function nodemap
Needed for some big Opteron systems to compute a numa hash function
They have more than 12 bits significant address.

TBD switch this over to dynamic allocation or use better hash

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-18 10:39:19 -07:00
Vivek Goyal
8bcc5280e6 [PATCH] x86_64: x86_64 add crashdump trigger points
o Start booting into the capture kernel after an Oops if system is in a
  unrecoverable state. System will boot into the capture kernel, if one is
  pre-loaded by the user, and capture the kernel core dump.

o One of the following conditions should be true to trigger the booting of
  capture kernel.
        - panic_on_oops is set.
        - pid of current thread is 0
        - pid of current thread is 1
        - Oops happened inside interrupt context.

Signed-off-by: Vivek Goyal <vgoyal@in.ibm.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-18 10:39:19 -07:00
Andi Kleen
87cb23a48c [PATCH] i386/x86-64: Fix ACPI disabled LAPIC handling mismerge
The patch I submitted earlier to fix disabled LAPIC handling in ACPI
was mismerged for some reason I still don't quite understand. Parts
of it was applied to the wrong function.

This patch fixes it up.

Cc: len.brown@intel.com

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-18 10:39:19 -07:00
Andi Kleen
d16e86243e [PATCH] x86_64: Update defconfig
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-18 10:39:19 -07:00
Linus Torvalds
1c605d6739 Merge branch 'for-linus' of git://brick.kernel.dk/data/git/linux-2.6-block
* 'for-linus' of git://brick.kernel.dk/data/git/linux-2.6-block:
  [PATCH] cfq: Further rbtree traversal and cfq_exit_queue() race fix
  [PATCH 2/2] cfq: fix cic's rbtree traversal
  [PATCH 1/2] iosched: fix typo and barrier()
2006-04-18 10:36:49 -07:00
Linus Torvalds
6fbe85f914 Merge git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge
* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge:
  powerpc: Use correct sequence for putting CPU into nap mode
  [PATCH] spufs: fix context-switch decrementer code
  [PATCH] powerpc32: Set cpu explicitly in kernel compiles
  [PATCH] powerpc/pseries: bugfix: balance calls to pci_device_put
  [PATCH] powerpc: Fix machine detection in prom_init.c
  [PATCH] ppc32: Fix string comparing in platform_notify_map
  [PATCH] powerpc: Avoid __initcall warnings
  [PATCH] powerpc: Ensure runlatch is off in the idle loop
  powerpc: Fix CHRP booting - needs a define_machine call
  powerpc: iSeries has only 256 IRQs
2006-04-18 10:34:24 -07:00
OGAWA Hirofumi
be3b075354 [PATCH] cfq: Further rbtree traversal and cfq_exit_queue() race fix
In current code, we are re-reading cic->key after dead cic->key check.
So, in theory, it may really re-read *after* cfq_exit_queue() seted NULL.

To avoid race, we copy it to stack, then use it. With this change, I
guess gcc will assign cic->key to a register or stack, and it wouldn't
be re-readed.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-18 19:18:31 +02:00
Paul Mackerras
f39224a8c1 powerpc: Use correct sequence for putting CPU into nap mode
We weren't using the recommended sequence for putting the CPU into
nap mode.  When I changed the idle loop, for some reason 7447A cpus
started hanging when we put them into nap mode.  Changing to the
recommended sequence fixes that.

The complexity here is that the recommended sequence is a loop that
keeps putting the cpu back into nap mode.  Clearly we need some way
to break out of the loop when an interrupt (external interrupt,
decrementer, performance monitor) occurs.  Here we use a bit in
the thread_info struct to indicate that we need this, and the exception
entry code notices this and arranges for the exception to return
to the value in the link register, thus breaking out of the loop.
We use a new `local_flags' field in the thread_info which we can
alter without needing to use an atomic update sequence.

The PPC970 has the same recommended sequence, so we do the same thing
there too.

This also fixes a bug in the kernel stack overflow handling code on
32-bit, since it was causing a value that we needed in a register to
get trashed.

Signed-off-by: Paul Mackerras <paulus@samba.org>
2006-04-18 21:49:11 +10:00
Jayachandran C
d253258c80 drm: Fix further issues in drivers/char/drm/via_irq.c
Fix de-reference of 'dev_priv' before NULL check.

Signed-off-by: Jayachandran C. <c.jayachandran@gmail.com>
Cc: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@osdl.org>
2006-04-18 21:04:48 +10:00
Adrian Bunk
031de96af0 drivers/char/drm/drm_memory.c: possible cleanups
- #if 0 the following unused global function:
  - drm_ioremap_nocache()

- make the following needlessly global functions static:
  - agp_remap()
  - drm_lookup_map()

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Cc: Dave Airlie <airlied@linux.ie>
Signed-off-by: Andrew Morton <akpm@osdl.org>
2006-04-18 21:03:51 +10:00
OGAWA Hirofumi
dbecf3ab40 [PATCH 2/2] cfq: fix cic's rbtree traversal
When queue dies, we set cic->key=NULL as dead mark. So, when we
traverse a rbtree, we must check whether it's still valid key. if it
was invalidated, drop it, then restart the traversal from top.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-18 09:45:18 +02:00
OGAWA Hirofumi
fba822722e [PATCH 1/2] iosched: fix typo and barrier()
On rmmod path, cfq/as waits to make sure all io-contexts was
freed. However, it's using complete(), not wait_for_completion().

I think barrier() is not enough in here. To avoid the following case,
this patch replaces barrier() with smb_wmb().

	cpu0			visibility			cpu1
	                [ioc_gnone=NULL,ioc_count=1]

ioc_gnone = &all_gone		NULL,ioc_count=1
atomic_read(&ioc_count)		NULL,ioc_count=1
wait_for_completion()		NULL,ioc_count=0	atomic_sub_and_test()
				NULL,ioc_count=0	if ( && ioc_gone)
						    [ioc_gone==NULL,
						    so doesn't call complete()]
			   &all_gone,ioc_count=0

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Jens Axboe <axboe@suse.de>
2006-04-18 09:44:06 +02:00
Alexey Kuznetsov
a9a5cd5d2a [PATCH] IPC: access to unmapped vmalloc area in grow_ary()
grow_ary() should not copy struct ipc_id_ary (it copies new->p, not
new). Due to this, memcpy() src pointer could hit unmapped vmalloc page
when near page boundary.

Found during OpenVZ stress testing

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-17 18:40:40 -07:00
Hugh Dickins
69cf0fac60 [PATCH] Fix MADV_REMOVE protection checking
madvise_remove needs to respect file and mmap protections.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
[ Will the real CVE-2006-1524 stand up, please.. ]
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-17 18:22:18 -07:00
Linus Torvalds
e14d95f773 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [IPV4]: ip_route_input panic fix
2006-04-17 17:44:47 -07:00
Linus Torvalds
de542925fb Merge master.kernel.org:/pub/scm/linux/kernel/git/gregkh/stable-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/gregkh/stable-2.6:
  [PATCH] shmat: stop mprotect from giving write permission to a readonly attachment (CVE-2006-1524)
  [PATCH] cciss: bug fix for crash when running hpacucli
  [PATCH] ext3: Fix missed mutex unlock
  [PATCH] Fix block device symlink name
  [PATCH] isd200: limit to BLK_DEV_IDE
2006-04-17 17:44:17 -07:00
Stephen Hemminger
d2c962b853 [IPV4]: ip_route_input panic fix
This fixes http://bugzilla.kernel.org/show_bug.cgi?id=6388
The bug is caused by ip_route_input dereferencing skb->nh.protocol of
the dummy skb passed dow from inet_rtm_getroute (Thanks Thomas for seeing
it). It only happens if the route requested is for a multicast IP
address.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-04-17 17:27:11 -07:00
Hugh Dickins
b78b6af66a [PATCH] shmat: stop mprotect from giving write permission to a readonly attachment (CVE-2006-1524)
I found that all of 2.4 and 2.6 have been letting mprotect give write
permission to a readonly attachment of shared memory, whether or not IPC
would give the caller that permission.

SUS says "The behaviour of this function [mprotect] is unspecified if the
mapping was not established by a call to mmap", but I don't think we can
interpret that as allowing it to subvert IPC permissions.

I haven't tried 2.2, but the 2.2.26 source looks like it gets it right; and
the patch below reproduces that behaviour - mprotect cannot be used to add
write permission to a shared memory segment attached readonly.

This patch is simple, and I'm sure it's what we should have done in 2.4.0:
if you want to go on to switch write permission on and off with mprotect,
just don't attach the segment readonly in the first place.

However, we could have accumulated apps which attach readonly (even though
they would be permitted to attach read/write), and which subsequently use
mprotect to switch write permission on and off: it's not unreasonable.

I was going to add a second ipcperms check in do_shmat, to check for
writable when readonly, and if not writable find_vma and clear VM_MAYWRITE.
 But security_ipc_permission might do auditing, and it seems wrong to
report an attempt for write permission when there has been none.  Or we
could flag the vma as SHM, note the shmid or shp in vm_private_data, and
then get mprotect to check.

But the patch below is a lot simpler: I'd rather stick with it, if we can
convince ourselves somehow that it'll be safe.

Signed-off-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-04-17 14:24:58 -07:00