A userland read of more than PAGE_SIZE bytes from /dev/zero results in
(a) not all of the bytes returned being zero, and
(b) memory corruption due to zeroing of bytes beyond the user buffer.
This is caused by improper constraints on the assembly __clear_user function.
The constrints don't indicate to the compiler that the pointer argument is
modified. Since the function is inline, this results in double-incrementing
of the pointer when __clear_user() is invoked through a multi-page read() of
/dev/zero.
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Acked-by: Michal Simek <monstr@monstr.eu>
CC: stable@kernel.org
irq_chip.end got obsolete with the removal of __do_IRQ().
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Tested-by: Michal Simek <monstr@monstr.eu>
LKML-Reference: <20110203004210.240154507@linutronix.de>
Warning log:
CHECK arch/microblaze/mm/fault.c
arch/microblaze/mm/fault.c:51:6: warning: incorrect type in initializer (different address spaces)
arch/microblaze/mm/fault.c:51:6: expected unknown type 2const [noderef] *__gu_addr<asn:1>
arch/microblaze/mm/fault.c:51:6: got unsigned int *<noident>
arch/microblaze/mm/fault.c:68:6: warning: symbol 'bad_page_fault' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/sys_microblaze.c
arch/microblaze/kernel/sys_microblaze.c:37:17: warning: symbol 'microblaze_vfork' was not declared. Should it be static?
arch/microblaze/kernel/sys_microblaze.c:43:17: warning: symbol 'microblaze_clone' was not declared. Should it be static?
arch/microblaze/kernel/sys_microblaze.c:50:17: warning: symbol 'microblaze_execve' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/cpu/cache.c
arch/microblaze/kernel/cpu/cache.c:522:21: warning: symbol 'wb_msr' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:538:21: warning: symbol 'wb_nomsr' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:554:21: warning: symbol 'wt_msr' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:569:21: warning: symbol 'wt_nomsr' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:585:21: warning: symbol 'wt_msr_noirq' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:600:21: warning: symbol 'wt_nomsr_noirq' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/cpu/cpuinfo-static.c
arch/microblaze/include/asm/cpuinfo.h:101:21: warning: incorrect type in argument 1 (different signedness)
arch/microblaze/include/asm/cpuinfo.h:101:21: expected unsigned int const [usertype] *p
arch/microblaze/include/asm/cpuinfo.h:101:21: got int *[assigned] val
...
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/unwind.c
arch/microblaze/kernel/unwind.c:186:6: warning: symbol 'microblaze_unwind_inner' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning in dma.c was caused by incorrect type in consistent_alloc function.
Warning log:
CHECK arch/microblaze/kernel/dma.c
arch/microblaze/kernel/dma.c:53:26: warning: incorrect type in argument 1 (different base types)
arch/microblaze/kernel/dma.c:53:26: expected int [signed] gfp
arch/microblaze/kernel/dma.c:53:26: got restricted unsigned int [usertype] flag
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/ptrace.c
arch/microblaze/kernel/ptrace.c:126:11: warning: incorrect type in initializer (different address spaces)
arch/microblaze/kernel/ptrace.c:126:11: expected unknown type 2[noderef] *__pu_addr<asn:1>
arch/microblaze/kernel/ptrace.c:126:11: got unsigned long *<noident>
arch/microblaze/kernel/ptrace.c:134:17: warning: symbol 'do_syscall_trace_enter' was not declared. Should it be static?
arch/microblaze/kernel/ptrace.c:157:17: warning: symbol 'do_syscall_trace_leave' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Function sw_exception is linked with asm code.
Warning log:
CHECK arch/microblaze/kernel/exceptions.c
arch/microblaze/kernel/exceptions.c:53:6: warning: symbol 'sw_exception' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Variables and init_microblaze_timecounter should be static.
Warning log:
CHECK arch/microblaze/kernel/timer.c
arch/microblaze/kernel/timer.c:41:14: warning: symbol 'freq_div_hz' was not declared. Should it be static?
arch/microblaze/kernel/timer.c:42:14: warning: symbol 'timer_clock_freq' was not declared. Should it be static?
arch/microblaze/kernel/timer.c:205:12: warning: symbol 'init_microblaze_timecounter' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/dma.c
arch/microblaze/kernel/dma.c:53:26: warning: incorrect type in argument 1 (different base types)
arch/microblaze/kernel/dma.c:53:26: expected int [signed] gfp
arch/microblaze/kernel/dma.c:53:26: got restricted unsigned int [usertype] flag
Signed-off-by: Michal Simek <monstr@monstr.eu>
Used the same solution as SH. Changed len to PAGE_SIZE
in copy_to_user_page macro.
Implement flush_cache_page macro.
Signed-off-by: Michal Simek <monstr@monstr.eu>
"la" pseudo instruction is only translation to "addik".
Use directly "addik" which is described in the MB reference guide.
Signed-off-by: Michal Simek <monstr@monstr.eu>
r0_ram pool was used for saving/restoring register
content if hw exception happen. This poll was replaced by
pt_pool_space with PT_SIZE size.
Based on this change SAVE_STATE_ARG_SPACE was removed which
caused that PTO offset is zero that's why is also removed.
r0_ram space was used as scratchpad by v850. In early
Microblaze Linux developing phase was this part of code
blindly copied.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Save 0x1 word to rodata section and remove online value
loading if DTB is passed from bootloader. It saves two
asm instructions in bootup.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Remove hw exception counting space from r0_ram. Use special
exception_debug_table poll for exception statistic.
Signed-off-by: Michal Simek <monstr@monstr.eu>
We leave it at whatever it had been pointing to after the
first link_path_walk() had failed with -ESTALE. Things
do not work well after that...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
clean-files should be defined as a variable not a target.
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Index i was already used in the outer loop
Cc: stable@kernel.org
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
ocores_i2c_of_probe needs to use a const __be32 type for handing
device tree property values. This patch fixed the following build
warning:
CC drivers/i2c/busses/i2c-ocores.o
drivers/i2c/busses/i2c-ocores.c: In function 'ocores_i2c_of_probe':
drivers/i2c/busses/i2c-ocores.c:254: warning: assignment discards qualifiers from pointer target type
drivers/i2c/busses/i2c-ocores.c:261: warning: assignment discards qualifiers from pointer target type
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Cc: Peter Korsgaard <jacmet@sunsite.dk>
Cc: Ben Dooks <ben-linux@fluff.org>
Cc: linux-i2c@vger.kernel.org
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Exar has exited the 10G Ethernet NIC market, orphaning both the s2io and
vxge drivers. With the promise of free hardware, I'll take over
maintainership.
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
The original code does not work well when the number of mulitcast
address to handle is greater than MCAST_MAX. It only enable promiscous
mode instead of multicast hash table mode, so the hash table function
will not be activated and all multicast frames will be recieved in this
condition.
This patch fixes the following issues with the r6040 NIC operating in
multicast:
1) When the IFF_ALLMULTI flag is set, we should write 0xffff to the NIC
hash table registers to make it process multicast traffic.
2) When the number of multicast address to handle is smaller than
MCAST_MAX, we should use the NIC multicast registers MID1_{L,M,H}.
3) The hashing of the address was not correct, due to an invalid
substraction (15 - (crc & 0x0f)) instead of (crc & 0x0f) and an
incorrect crc algorithm (ether_crc_le) instead of (ether_crc).
4) If necessary, we should set HASH_EN flag in MCR0 to enable multicast
hash table function.
Reported-by: Marc Leclerc <marc-leclerc@signaturealpha.com>
Tested-by: Marc Leclerc <marc-leclerc@signaturealpha.com>
Signed-off-by: Shawn Lin <shawn@dmp.com.tw>
Signed-off-by: Albert Chen <albert.chen@rdc.com.tw>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
30201e7f3 ("mmc: skip detection of nonremovable cards on rescan")
allowed skipping detection of nonremovable cards on mmc_rescan().
The intention was to only skip detection of hardwired cards that
cannot be removed, so make sure this is indeed the case by directly
checking for (lack of) MMC_CAP_NONREMOVABLE, instead of using
mmc_card_is_removable(), which is overloaded with
CONFIG_MMC_UNSAFE_RESUME semantics.
The user-visible symptom of the bug this patch fixes is that no
"mmc: card XXXX removed" message appears in dmesg when a card is
removed and CONFIG_MMC_UNSAFE_RESUME=y.
Reported-and-tested-by: Dmitry Shmidt <dimitrysh@google.com>
Reported-and-tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Prepare for extending the block device ring to allow request
specific fields, by moving the request specific fields for
reads, writes and barrier requests to a union member.
Acked-by: Jens Axboe <jaxboe@fusionio.com>
Signed-off-by: Owen Smith <owen.smith@citrix.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
The btrfs fiemap code was incorrectly returning duplicate or overlapping
extents in some cases. cp was blindly trusting this result and we would
end up with a destination file that was bigger than the original because
some bytes were copied twice.
The fix here adjusts our offsets to make sure we're always moving
forward in the fiemap results.
Signed-off-by: Chris Mason <chris.mason@oracle.com>
You can crash the kernel (with root/admin privileges) using kprobe tracer by running:
echo "p system_call_after_swapgs" > ./kprobe_events
echo 1 > ./events/kprobes/enable
The reason is that at the system_call_after_swapgs label, the
kernel stack is not set up. If optimized kprobes are enabled,
the user space stack is being used in this case (see optimized
kprobe template) and this might result in a crash.
There are several places like this over the entry code
(entry_$BIT). As it seems there's no any reasonable/maintainable
way to disable only those places where the stack is not ready, I
switched off the whole entry code from kprobe optimizing.
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Acked-by: Masami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
Cc: acme@redhat.com
Cc: fweisbec@gmail.com
Cc: ananth@in.ibm.com
Cc: davem@davemloft.net
Cc: a.p.zijlstra@chello.nl
Cc: eric.dumazet@gmail.com
Cc: 2nddept-manager@sdl.hitachi.co.jp
LKML-Reference: <1298298313-5980-3-git-send-email-jolsa@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Put x86 entry code into a separate link section: .entry.text.
Separating the entry text section seems to have performance
benefits - caused by more efficient instruction cache usage.
Running hackbench with perf stat --repeat showed that the change
compresses the icache footprint. The icache load miss rate went
down by about 15%:
before patch:
19417627 L1-icache-load-misses ( +- 0.147% )
after patch:
16490788 L1-icache-load-misses ( +- 0.180% )
The motivation of the patch was to fix a particular kprobes
bug that relates to the entry text section, the performance
advantage was discovered accidentally.
Whole perf output follows:
- results for current tip tree:
Performance counter stats for './hackbench/hackbench 10' (500 runs):
19417627 L1-icache-load-misses ( +- 0.147% )
2676914223 instructions # 0.497 IPC ( +- 0.079% )
5389516026 cycles ( +- 0.144% )
0.206267711 seconds time elapsed ( +- 0.138% )
- results for current tip tree with the patch applied:
Performance counter stats for './hackbench/hackbench 10' (500 runs):
16490788 L1-icache-load-misses ( +- 0.180% )
2717734941 instructions # 0.502 IPC ( +- 0.079% )
5414756975 cycles ( +- 0.148% )
0.206747566 seconds time elapsed ( +- 0.137% )
Signed-off-by: Jiri Olsa <jolsa@redhat.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Nick Piggin <npiggin@kernel.dk>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: masami.hiramatsu.pt@hitachi.com
Cc: ananth@in.ibm.com
Cc: davem@davemloft.net
Cc: 2nddept-manager@sdl.hitachi.co.jp
LKML-Reference: <20110307181039.GB15197@jolsa.redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
In complex subsystems like mac80211 structures can contain several
timers and work structs, so identifying a specific instance from the
call trace and object type output of debugobjects can be hard.
Allow the subsystems which support debugobjects to provide a hint
function. This function returns a pointer to a kernel address
(preferrably the objects callback function) which is printed along
with the debugobjects type.
Add hint methods for timer_list, work_struct and hrtimer.
[ tglx: Massaged changelog, made it compile ]
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
LKML-Reference: <20110307085809.GA9334@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
a) struct inode is not going to be freed under ->d_compare();
however, the thing PROC_I(inode)->sysctl points to just might.
Fortunately, it's enough to make freeing that sucker delayed,
provided that we don't step on its ->unregistering, clear
the pointer to it in PROC_I(inode) before dropping the reference
and check if it's NULL in ->d_compare().
b) I'm not sure that we *can* walk into NULL inode here (we recheck
dentry->seq between verifying that it's still hashed / fetching
dentry->d_inode and passing it to ->d_compare() and there's no
negative hashed dentries in /proc/sys/*), but if we can walk into
that, we really should not have ->d_compare() return 0 on it!
Said that, I really suspect that this check can be simply killed.
Nick?
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
