[PATCH] Fix prctl privilege escalation and suid_dumpable (CVE-2006-2451)
Based on a patch from Ernie Petrides
During security research, Red Hat discovered a behavioral flaw in core
dump handling. A local user could create a program that would cause a
core file to be dumped into a directory they would not normally have
permissions to write to. This could lead to a denial of service (disk
consumption), or allow the local user to gain root privileges.
The prctl() system call should never allow to set "dumpable" to the
value 2. Especially not for non-privileged users.
This can be split into three cases:
1) running as root -- then core dumps will already be done as root,
and so prctl(PR_SET_DUMPABLE, 2) is not useful
2) running as non-root w/setuid-to-root -- this is the debatable case
3) running as non-root w/setuid-to-non-root -- then you definitely
do NOT want "dumpable" to get set to 2 because you have the
privilege escalation vulnerability
With case #2, the only potential usefulness is for a program that has
designed to run with higher privilege (than the user invoking it) that
wants to be able to create root-owned root-validated core dumps. This
might be useful as a debugging aid, but would only be safe if the program
had done a chdir() to a safe directory.
There is no benefit to a production setuid-to-root utility, because it
shouldn't be dumping core in the first place. If this is true, then the
same debugging aid could also be accomplished with the "suid_dumpable"
sysctl.
This is confirmed to fix a hang due to PCI resource conflicts with
setting up the Cardbus bridge on old laptops with the 440MX chipsets.
Original report by Alessio Sangalli, lspci debugging help by Pekka
Enberg, and trial patch suggested by Daniel Ritz:
"From the docs available i would _guess_ this thing is really similar
to the 82443BX/82371AB combination. at least the SMBus base address
register is hidden at the very same place (32bit at 0x90 in function
3 of the "south" brigde)"
The dang thing is largely undocumented, but the patch was corroborated
by Asit Mallick:
"I am trying to find the register information. 440MX is an integration of
440BX north-bridge without AGP and PIIX4E (82371EB). PIIX4 quirk
should cover the ACPI and SMBus related I/O registers."
and verified to fix the problem by Alessio.
Cc: Daniel Ritz <daniel.ritz-ml@swissonline.ch> Cc: Asit Mallick <asit.k.mallick@intel.com> Cc: Pekka Enberg <penberg@cs.helsinki.fi> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Dmitry Torokhov <dtor_core@ameritech.net> Tested-by: Alessio Sangalli <alesan@manoweb.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[S390] path grouping and path verifications fixes.
1. Multipath devices for which SetPGID is not supported are not handled well.
Use NOP ccws for path verification (sans path grouping) when SetPGID is not
supported.
2. Check for PGIDs already set with SensePGID on _all_ paths (not just the
first one) and try to find a common one. Moan if no common PGID can be
found (and use NOP verification). If no PGIDs have been set, use the css
global PGID (as before). (Rationale: SetPGID will get a command reject if
the PGID it tries to set does not match the already set PGID.)
3. Immediately before reboot, issue RESET CHANNEL PATH (rcp) on all chpids. This
will remove the old PGIDs. rcp will generate solicited CRWs which can be
savely ignored by the machine check handler (all other actions create
unsolicited CRWs).
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The module parameters for xpram are not or in a wrong way parsed.
The xpram module uses the module_param_array directive with an int
parameter which causes the kernel to automatically parse the passed
numbers. This will cause errors if arguments are omitted or cause
wrong results if arguments have size qualifiers.
Use module_param_array with charp and parse the arguments later.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
futex_atomic_cmpxchg_inatomic has the same bug as the other
atomic futex operations: the operation needs to be done in the
user address space, not the kernel address space. Add the missing
sacf 256 & sacf 0.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Add a reg_mutex to prevent unregistering a subchannel before it has been
registered. Since 2.6.17, we've seen oopses in kslowcrw when a device is
found to be not operational during sense id when doing initial device
recognition; it is not clear yet why that particular problem was not (yet)
observed with earlier kernels...
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
[S390] raw_local_save_flags/raw_local_irq_restore type check
Make sure that raw_local_save_flags and raw_local_irq_restore always get an
unsigned long parameter. raw_irqs_disabled should call raw_local_save_flags
instead of local_save_flags.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
__builtin_trap() has the archictecture defined backend in gcc since gcc 3.3.
To make sure the kernel builds with gcc 3.2 as well, use the old style BUG()
statement if compiled with older gcc versions.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
ACPI: ACPI_DOCK: Initialize the atomic notifier list
ACPI: acpi_os_allocate() fixes
ACPI: SBS: fix initialization, sem2mutex
ACPI: add 'const' to several ACPI file_operations
ACPI: delete some defaults from ACPI Kconfig
ACPI: "Device `[%s]' is not power manageable" make message debug only
ACPI: ACPI_DOCK Kconfig
Revert "Revert "ACPI: dock driver""
ACPI: acpi_os_get_thread_id() returns current
ACPI: ACPICA 20060707
Merge commit master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 of HEAD
* HEAD:
[DCCP]: Fix sparse warnings.
[TCP]: Remove TCP Compound
[BPQ] lockdep: fix false positive
[IPV4] inetpeer: Get rid of volatile from peer_total
[AX.25]: Get rid of the last volatile.
[PATCH] x86_64: Allow oprofile for model P4 models
Add it for P4 model 6 - reported to work and have a similar PMU to
earlier P4s.
Add an p4force=1 module override parameter for future use.
We had a discussion about that earlier - it's a trade off between the
PMU staying compatible or not. I think the force parameter is a
reasonable compromise.
Markus Schoder [Mon, 10 Jul 2006 15:06:06 +0000 (17:06 +0200)]
[PATCH] x86_64: Bring x86-64 ia32 emul in sync with i386 on READ_IMPLIES_EXEC enabling
Currently ia32 binaries behave differently with respect to enabling
READ_IMPLIES_EXEC. On i386 a binary with the exec_stack flag set is
executed with READ_IMPLIES_EXEC enabled as well. The same binary
executes without READ_IMPLIES_EXEC on x86-64.
This causes binaries that work on i386 to fail on x86-64 which goes
somewhat against the whole 32 bit emulation idea.
It has been argued that READ_IMPLIES_EXEC should not be enabled at all
for binaries that have the exec_stack flag. Which is probably a valid
point. However until this is clarified I think x86-64 should behave the
same for ia32 binaries as i386.
The following patch brings x86-64 in sync with i386 for ia32 binaries.
The inclusion of TCP Compound needs to be reverted at this time
because it is not 100% certain that this code conforms to the
requirements of Developer's Certificate of Origin 1.1 paragraph (b).
Signed-off-by: David S. Miller <davem@davemloft.net>
Bpqether is encapsulating AX.25 frames into ethernet frames. There is a
virtual bpqether device paired with each ethernet devices, so it's normal
to pass through dev_queue_xmit twice for each frame which triggers the
locking detector.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
[PATCH] knfsd: nfsd4: add per-operation server stats
Add an nfs4 operations count array to nfsd_stats structure. The count is
incremented in nfsd4_proc_compound() where all the operations are handled
by the nfsv4 server. This count of individual nfsv4 operations is also
entered into /proc filesystem.
Signed-off-by: Shankar Anand<shanand@novell.com> Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Arjan van de Ven [Mon, 10 Jul 2006 11:45:42 +0000 (04:45 -0700)]
[PATCH] lockdep: disable lock debugging when kernel state becomes untrusted
Disable lockdep debugging in two situations where the integrity of the
kernel no longer is guaranteed: when oopsing and when hitting a
tainting-condition. The goal is to not get weird lockdep traces that don't
make sense or are otherwise undebuggable, to not waste time.
Lockdep assumes that the previous state it knows about is valid to operate,
which is why lockdep turns itself off after the first violation it reports,
after that point it can no longer make that assumption.
A kernel oops means that the integrity of the kernel compromised; in
addition anything lockdep would report is of lesser importance than the
oops.
All the tainting conditions are of similar integrity-violating nature and
also make debugging/diagnosing more difficult.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Currently most architectures either always build binfmt_elf32 in the kernel
image or make it a boolean option. Only sparc64 and s390 allow to build it
modularly. This patch turns the option into a boolean aswell because elf
requires various symbols that shouldn't be available to modules. The most
urgent one is tasklist_lock whos export this patch series kills, but there
are others like force_sgi aswell.
Note that sparc doesn't allow a modular 32bit a.out handler either, and
that would be the more useful case as only few people want 32bit sunos
compatibility and 99.9% of all sparc64 users need 32bit linux native elf
support.
Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: "David S. Miller" <davem@davemloft.net> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Currently the snsc driver uses force_sig to send init a SIGPWR when the
system overheats. This patch switches it to kill_proc instead which has
the following advantages:
(1) gets rid of one of the last remaining tasklist_lock users
in modular code
(2) simplifies the snsc code significantly
The downside is that an init implementation could in theory block SIGPWR
and it would not get delivered. The sysvinit code used by all major
distributions doesn't do this and blocking this signal in init would be a
rather stupid thing to do.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
- Switch from register_chrdev() to (register|alloc)_chrdev_region().
- use a cdev. This was intended for original patchset, but was
overlooked.
We use a single cdev for all pins (minor device-numbers), as gleaned
from cs5535_gpio, and in contrast to whats currently done in scx200_gpio
(which I'll fix soon)
Signed-off-by: Jim Cromie <jim.cromie@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jim Cromie [Mon, 10 Jul 2006 11:45:36 +0000 (04:45 -0700)]
[PATCH] pc8736x_gpio: fix re-modprobe errors: undo region reservation
Fix module-init-func by repairing usage of platform_device_del/put in
module-exit-func. IOW, it imitates Ingo's 'mishaps' patch, which fixed the
module-init-func's undo handling.
Also fixes lack of release_region to undo the earlier registration.
Also starts to 'use a cdev' which was originally intended (its present in
scx200_gpio). Code compiles and runs, exhibits a lesser error than
previously. (re-register-chrdev fails)
Since I had to add "include <linux/cdev.h>", I went ahead and made 2
tweaks that fell into diff-context-window:
- remove include <linux/config.h> everyone's doing it
- copyright updates - current date is 'wrong'
Signed-off-by: Jim Cromie <jim.cromie@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jim Cromie [Mon, 10 Jul 2006 11:45:35 +0000 (04:45 -0700)]
[PATCH] pc8736x_gpio: fix re-modprobe errors: define and use constants
add constant defines - preparatory patch
- adds #define CONSTs for max-pin, gpio-addr-range (for reserving region)
- fix wrong max-pin check in gpio_open()
- add 'Winbond' to module description. NSC sold the product, Winbond
has supported us / lm-sensors
Signed-off-by: Jim Cromie <jim.cromie@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Chris Boot [Mon, 10 Jul 2006 11:45:34 +0000 (04:45 -0700)]
[PATCH] LED Class support for Soekris net48xx
Add LED Class device support for the Soekris net48xx Error LED. Tested
only on a net4801, but should work on a net4826 as well. I'd love to find
a way of detecting a Soekris net48xx device but there is no DMI or any
Soekris-specific PCI devices.
[akpm@osdl.org: fixlets, cleanups] Signed-off-by: Chris Boot <bootc@bootc.net> Cc: Ben Dooks <ben-linux@fluff.org> Cc: Richard Purdie <rpurdie@rpsys.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Handle memory-mapped chips properly, needed for example on DECstations.
This support was in Linux 2.4 but for some reason got lost in 2.6. This
patch is taken directly from the linux-mips repository.
[akpm@osdl.org: cleanup] Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org> Signed-off-by: Martin Michlmayr <tbm@cyrius.com> Cc: Paul Gortmaker <penguin@muskoka.com> Cc: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] make valid_mmap_phys_addr_range() take a pfn
Newer ARMs have a 40 bit physical address space, but mapping physical
memory above 4G needs a special page table format which we (currently?) do
not use for userspace mappings, so what happens instead is that mapping an
address >= 4G will happily discard the upper bits and wrap.
There is a valid_mmap_phys_addr_range() arch hook where we could check for
>= 4G addresses and deny the mapping, but this hook takes an unsigned long
address:
static inline int valid_mmap_phys_addr_range(unsigned long addr, size_t size);
And drivers/char/mem.c:mmap_mem() calls it like this:
When EDAC was first introduced into the kernel it had a sysfs interface,
but due to some problems it was disabled in 2.6.16 and remained disabled in
2.6.17.
With feedback, several of the control and attribute files of that interface
had some good constructive feedback. PCI Blacklist/Whitelist was a major
set which has design issues and it has been removed in this patch. Instead
of storing PCI broken parity status in EDAC, it has been moved to the
pci_dev structure itself by a previous PCI patch. A future patch will
enable that feature in EDAC by utilizing the pci_dev info.
The sysfs is now enabled in this patch, with a minimal set of control and
attribute files for examining EDAC state and for enabling/disabling the
memory and PCI operations.
The Documentation for EDAC has also been updated to reflect the new state
of EDAC operation.
Signed-off-by:Doug Thompson <norsk5@xmisson.com> Cc: Greg KH <greg@kroah.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Dave Jones [Mon, 10 Jul 2006 11:45:18 +0000 (04:45 -0700)]
[PATCH] s390: broken null test in claw driver
Whoops, better hope this never gets passed a null dev in its current state.
Signed-off-by: Dave Jones <davej@redhat.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Michael Holzheu <holzheu@de.ibm.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Dave Jones [Mon, 10 Jul 2006 11:45:18 +0000 (04:45 -0700)]
[PATCH] fix oddball boolean logic in s390 netiucv
Signed-off-by: Dave Jones <davej@redhat.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Andreas Herrmann <aherrman@de.ibm.com> Cc: Michael Holzheu <holzheu@de.ibm.com> Acked-by: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Two variables in drivers/s390/net/qeth_main.c:qeth_send_packet() are only
used if CONFIG_QETH_PERF_STATS. Move their definition under the same ifdef
to remove compiler warning.
Signed-off-by: Serge Hallyn <serue@us.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Jeff Garzik <jeff@garzik.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:16 +0000 (04:45 -0700)]
[PATCH] uml: make mconsole version requests happen in a process
Handling a host mconsole version request must be done in a process context
rather than interrupt context now that utsname information can be
process-specific rather than global.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:15 +0000 (04:45 -0700)]
[PATCH] uml: remove unused variable
The dedevfsification of UML left an unused variable behind.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:15 +0000 (04:45 -0700)]
[PATCH] uml: add some EINTR protection
Add some more uses of the CATCH_EINTR wrapper.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:14 +0000 (04:45 -0700)]
[PATCH] uml: formatting fixes
Fix a bunch of formatting problems.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:13 +0000 (04:45 -0700)]
[PATCH] uml: move _kern.c files
Move most *_kern.c files in arch/um/kernel to *.c. This makes UML somewhat
more closely resemble the other arches.
[akpm@osdl.org: use the new INTF_* flags] Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:13 +0000 (04:45 -0700)]
[PATCH] uml: remove syscall debugging
Eliminate an unused debug option.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:12 +0000 (04:45 -0700)]
[PATCH] uml: make some symbols static
A few sigio-related things can be made static.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:11 +0000 (04:45 -0700)]
[PATCH] uml: fix exitcall ordering bug
This fixes an exitcall ordering bug - calls to ignore_sigio_fd can come from
exitcalls that come after the sigio thread has been killed. This would cause
shutdown to hang or crash.
Fixed by having ignore_sigio_fd check that the thread is present before trying
to communicate with it.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:11 +0000 (04:45 -0700)]
[PATCH] uml: remove os_isatty
os_isatty can be made to disappear by moving maybe_sigio_broken from kernel to
user code. This also lets write_sigio_workaround become static.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:10 +0000 (04:45 -0700)]
[PATCH] uml: remove spinlock wrapper functions
The irq_spinlock is not needed from user code any more, so the irq_lock and
irq_unlock wrappers can go away. This also changes the name of the lock to
irq_lock.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:09 +0000 (04:45 -0700)]
[PATCH] uml: mark forward_interrupts as being mode-specific
Mark forward_interrupts as being tt-mode only.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:09 +0000 (04:45 -0700)]
[PATCH] uml: ifdef a mode-specific function
uml_idle_timer is tt-mode only, so ifdef it as such to make it easier to spot
when tt mode is killed.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:08 +0000 (04:45 -0700)]
[PATCH] uml: timer handler tidying
Get rid of a user of timer_irq_inited (and first_tick) by observing that
prev_ticks can be used to decide if this is the first call.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:07 +0000 (04:45 -0700)]
[PATCH] uml: signal initialization cleanup
It turns out that init_new_thread_signals is always called with altstack == 1,
so we can eliminate the parameter.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:07 +0000 (04:45 -0700)]
[PATCH] uml: remove useless declaration
wall_to_monotonic isn't used in this file, so we can remove the declaration.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:06 +0000 (04:45 -0700)]
[PATCH] uml: fix static binary segfault
When UML is built as a static binary, it segfaults when run. The reason is
that a memory hole that is present in dynamic binaries isn't there in static
binaries, and it contains essential stuff.
This fix removes the code which maps some anonymous memory into that hole and
cleans up some related code.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:05 +0000 (04:45 -0700)]
[PATCH] uml: remove some useless exports
Spotted by Al Viro - eliminate a couple useless exports.
Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeff Dike [Mon, 10 Jul 2006 11:45:05 +0000 (04:45 -0700)]
[PATCH] uml: timer initialization cleanup
This cleans up the mess that is the timer initialization. There used to be
two timer handlers - one that basically ran during delay loop calibration and
one that handled the timer afterwards. There were also two sets of timer
initialization code - one that starts in user code and calls into the kernel
side of the house, and one that starts in kernel code and calls user code.
This eliminates one timer handler and consolidates the two sets of
initialization code.
[akpm@osdl.org: use new INTF_ flags] Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
I was looking at the code of the UML and more precisely at the functions
set_task_sizes_tt and set_task_sizes_skas. I noticed that these 2 functions
take a paramater (arg) which is not used : the function is always called with
the value 0.
I suppose that this value might change in the future (or even can be
configured), so I added a constant in mem_user.h file.
Also, I rounded CONFIG_HOST_TASk_SIZE to a 4M.
Signed-off-by: Tyler <tyler@agat.net> Signed-off-by: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] swsusp: do not use memcpy for snapshotting memory
swsusp should not use memcpy for snapshotting memory, because on some
architectures memcpy may increase preempt_count (i386 does this when
CONFIG_X86_USE_3DNOW is set). Then, as a result, wrong value of preempt_count
is stored in the image.
Replace memcpy in copy_data_pages with an open-coded loop.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Pavel Machek <pavel@ucw.cz> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Adrian Bunk [Mon, 10 Jul 2006 11:44:56 +0000 (04:44 -0700)]
[PATCH] i386 defconfig: set CONFIG_PM_STD_PARTITION=""
Matthew Wilcox notified me that CONFIG_PM_STD_PARTITION="/dev/hda2" in the
i386 defconfig wasn't a good idea (especially since it prevented booting
for him due to another bug).
This patch sets CONFIG_PM_STD_PARTITION="" in the i386 defconfig.
Signed-off-by: Adrian Bunk <bunk@stusta.de> Cc: Matthew Wilcox <willy@debian.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David Howells [Mon, 10 Jul 2006 11:44:54 +0000 (04:44 -0700)]
[PATCH] FDPIC: Move roundup() into linux/kernel.h
Move the roundup() macro from binfmt_elf.c into linux/kernel.h as it's
generally useful.
[akpm@osdl.org: nuke all the other implementations] Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David Howells [Mon, 10 Jul 2006 11:44:53 +0000 (04:44 -0700)]
[PATCH] FDPIC: Adjust the ELF-FDPIC driver to conform more to the CodingStyle
Adjust the ELF-FDPIC binfmt driver to conform much more to the CodingStyle,
silly though it may be.
Further changes:
(*) Drop the casts to long for addresses in kdebug() statements (they're
unsigned long already).
(*) Use extra variables to avoid expressions longer than 80 chars by splitting
the statement into multiple statements and letting the compiler optimise
them back together.
(*) Eliminate duplicate call of ksize() when working out how much space was
actually allocated for the stack.
(*) Discard the commented-out load_shlib prototype and op pointer as this will
not be supported in ELF-FDPIC for the foreseeable future.
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David Howells [Mon, 10 Jul 2006 11:44:52 +0000 (04:44 -0700)]
[PATCH] NOMMU: Fix execution off of ramfs with mmap()
Fix execution through the FDPIC binfmt of programs stored on ramfs by
preventing the ramfs mmap() returning successfully on a private mapping of
a ramfs file. This causes NOMMU mmap to make a copy of the mapped portion
of the file and map that instead.
This could be improved by granting direct mapping access to read-only
private mappings for which the data is stored on a contiguous run of pages.
However, this is only likely to be the case if the file was extended with
truncate before being written.
ramfs is left to map the file directly for shared mappings so that SYSV IPC
and POSIX shared memory both still work.
Signed-off-by: David Howells <dhowells@redhat.com> Cc: Hugh Dickins <hugh@veritas.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David Howells [Mon, 10 Jul 2006 11:44:51 +0000 (04:44 -0700)]
[PATCH] FRV: Fix FRV arch compile errors
Fix some FRV arch compile errors, including:
(*) Marking nr_kernel_pages as __meminitdata so that references to it end up
being properly calculated rather than being assumed to be in the small
data section (and thus calculated wrt the GP register). Not doing this
causes the linker to emit errors as the offset is too big to fit into the
load instruction.
(*) Move pm_power_off into an unconditionally compiled .c file as it's now
unconditionally accessed.
(*) Declare frv_change_cmode() in a header file rather than in a .c file, and
declare it asmlinkage.
Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
As for regular pages (or files), above call does work, but as for huge
pages, above call would fail because hugetlbfs_file_mmap would fail if
(!(vma->vm_flags & VM_WRITE) && len > inode->i_size).
This capability on huge page is useful on ia64 when the process wants to
protect one area on region 4, so other threads couldn't read/write this
area. A famous JVM (Java Virtual Machine) implementation on IA64 needs the
capability.
Signed-off-by: Zhang Yanmin <yanmin.zhang@intel.com> Cc: David Gibson <david@gibson.dropbear.id.au> Cc: Hugh Dickins <hugh@veritas.com>
[ Expand-on-mmap semantics again... this time matching normal fs's. wli ] Acked-by: William Lee Irwin III <wli@holomorphy.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alan Stern [Mon, 10 Jul 2006 11:44:47 +0000 (04:44 -0700)]
[PATCH] usb-storage: wait for URB to complete
We all failed to notice that Franck's recent update to usb-storage allowed
an URB to complete after its context data was no longer valid. This patch
(as746) makes the driver wait for the URB to complete whenever there's a
timeout.
Although timeouts in usb-storage are relatively uncommon, they do occur.
Without this patch the code in 2.6.18-rc1 will fault within an interrupt
handler, which is not nice at all.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Cc: Greg KH <greg@kroah.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
which is rather akward. The first check is needed because stuct pci_dev is
inited to all-zeros. The scond is needed because the error recovery will
set the state to pci_channel_io_normal (which is not zero).
[PATCH] powermac: Combined fixes for backlight code
This patch fixes several problems:
- pmac_backlight_key() is called under interrupt context, and therefore
can't use mutexes or semaphores, so defer the backlight level for
later, as it's not critical (original code by Aristeu S. Rozanski F.
<aris@valeta.org>).
- Add exports for functions that might be called from modules
- Fix Kconfig depdencies on PMAC_BACKLIGHT.
- Fix locking issues on calls from inside the driver (reported by
Aristeu S. Rozanski F., too)
- Fix wrong calculation of backlight values in some of the drivers
- Replace pmac_backlight_key_up/down by inline functions
[akpm@osdl.org: fix function prototypes] Signed-off-by: Michael Hanselmann <linux-kernel@hansmi.ch> Acked-by: Aristeu S. Rozanski F. <aris@valeta.org> Acked-by: Rene Nussbaumer <linux-kernel@killerfox.forkbomb.ch> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] powerpc: make OF interrupt tree parsing more strict
This patch fixes a bit of boundchecking in the new Open Firmware interrupt
tree parsing code. It's important that it fails when things aren't correct in
order to trigger fallback mecanisms that are necessary to make some machines
work properly.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The SMU driver tries to map an interrupt from the device-tree before the
interrupt controllers in the machine have been enumerated. This doesn't work
properly and cause machines like the Quad g5 to fail booting later on when
some drivers waits endlessly for an SMU request to complete. This is the
second problem preventing boot on the Quad g5. This fixes it and also makes
the SMU driver a bit more resilient to not having an interrupt.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] powerpc: fix MPIC OF tree parsing on Apple quad g5
The quad g5 currently doesn't boot due to two problems. This patch fixes the
first one: Apple new way of doing interrupt specifiers in OF for devices using
the HT APIC isn't properly parsed by the new MPIC driver code.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] powerpc: fix trigger handling in the new irq code
This patch slightly reworks the new irq code to fix a small design error. I
removed the passing of the trigger to the map() calls entirely, it was not a
good idea to have one call do two different things. It also fixes a couple of
corner cases.
Mapping a linux virtual irq to a physical irq now does only that. Setting the
trigger is a different action which has a different call.
The main changes are:
- I no longer call host->ops->map() for an already mapped irq, I just return
the virtual number that was already mapped. It was called before to give an
opportunity to change the trigger, but that was causing issues as that could
happen while the interrupt was in use by a device, and because of the
trigger change, map would potentially muck around with things in a racy way.
That was causing much burden on a given's controller implementation of
map() to get it right. This is much simpler now. map() is only called on
the initial mapping of an irq, meaning that you know that this irq is _not_
being used. You can initialize the hardware if you want (though you don't
have to).
- Controllers that can handle different type of triggers (level/edge/etc...)
now implement the standard irq_chip->set_type() call as defined by the
generic code. That means that you can use the standard set_irq_type() to
configure an irq line manually if you wish or (though I don't like that
interface), pass explicit trigger flags to request_irq() as defined by the
generic kernel interfaces. Also, using those interfaces guarantees that
your controller set_type callback is called with the descriptor lock held,
thus providing locking against activity on the same interrupt (including
mask/unmask/etc...) automatically. A result is that, for example, MPIC's
own map() implementation calls irq_set_type(NONE) to configure the hardware
to the default triggers.
- To allow the above, the irq_map array entry for the new mapped interrupt
is now set before map() callback is called for the controller.
- The irq_create_of_mapping() (also used by irq_of_parse_and_map()) function
for mapping interrupts from the device-tree now also call the separate
set_irq_type(), and only does so if there is a change in the trigger type.
- While I was at it, I changed pci_read_irq_line() (which is the helper I
would expect most archs to use in their pcibios_fixup() to get the PCI
interrupt routing from the device tree) to also handle a fallback when the
DT mapping fails consisting of reading the PCI_INTERRUPT_PIN to know wether
the device has an interrupt at all, and the the PCI_INTERRUPT_LINE to get an
interrupt number from the device. That number is then mapped using the
default controller, and the trigger is set to level low. That default
behaviour works for several platforms that don't have a proper interrupt
tree like Pegasos. If it doesn't work for your platform, then either
provide a proper interrupt tree from the firmware so that fallback isn't
needed, or don't call pci_read_irq_line()
- Add back a bit that got dropped by my main rework patch for properly
clearing pending IPIs on pSeries when using a kexec
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Paul Mackerras <paulus@samba.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
The layout fabric gained support for all IDs when I extracted those from the
OSX description file. But apparently I had forgotten to add them all as
module aliases so the module will also load. This patch adds them.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This patch fixes the initialisation and reset of the tas codec. The tas will
often reset if the i2s clocks go away so it needs to be completely
re-initialised when clocks come back.
Also, this patch adds some code for DRC that will be exploited later to add a
DRC control again, fixing a regression over snd-powermac.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>