A userland read of more than PAGE_SIZE bytes from /dev/zero results in
(a) not all of the bytes returned being zero, and
(b) memory corruption due to zeroing of bytes beyond the user buffer.
This is caused by improper constraints on the assembly __clear_user function.
The constrints don't indicate to the compiler that the pointer argument is
modified. Since the function is inline, this results in double-incrementing
of the pointer when __clear_user() is invoked through a multi-page read() of
/dev/zero.
Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
Acked-by: Michal Simek <monstr@monstr.eu>
CC: stable@kernel.org
irq_chip.end got obsolete with the removal of __do_IRQ().
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Tested-by: Michal Simek <monstr@monstr.eu>
LKML-Reference: <20110203004210.240154507@linutronix.de>
Warning log:
CHECK arch/microblaze/mm/fault.c
arch/microblaze/mm/fault.c:51:6: warning: incorrect type in initializer (different address spaces)
arch/microblaze/mm/fault.c:51:6: expected unknown type 2const [noderef] *__gu_addr<asn:1>
arch/microblaze/mm/fault.c:51:6: got unsigned int *<noident>
arch/microblaze/mm/fault.c:68:6: warning: symbol 'bad_page_fault' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/sys_microblaze.c
arch/microblaze/kernel/sys_microblaze.c:37:17: warning: symbol 'microblaze_vfork' was not declared. Should it be static?
arch/microblaze/kernel/sys_microblaze.c:43:17: warning: symbol 'microblaze_clone' was not declared. Should it be static?
arch/microblaze/kernel/sys_microblaze.c:50:17: warning: symbol 'microblaze_execve' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/cpu/cache.c
arch/microblaze/kernel/cpu/cache.c:522:21: warning: symbol 'wb_msr' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:538:21: warning: symbol 'wb_nomsr' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:554:21: warning: symbol 'wt_msr' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:569:21: warning: symbol 'wt_nomsr' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:585:21: warning: symbol 'wt_msr_noirq' was not declared. Should it be static?
arch/microblaze/kernel/cpu/cache.c:600:21: warning: symbol 'wt_nomsr_noirq' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/cpu/cpuinfo-static.c
arch/microblaze/include/asm/cpuinfo.h:101:21: warning: incorrect type in argument 1 (different signedness)
arch/microblaze/include/asm/cpuinfo.h:101:21: expected unsigned int const [usertype] *p
arch/microblaze/include/asm/cpuinfo.h:101:21: got int *[assigned] val
...
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/unwind.c
arch/microblaze/kernel/unwind.c:186:6: warning: symbol 'microblaze_unwind_inner' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning in dma.c was caused by incorrect type in consistent_alloc function.
Warning log:
CHECK arch/microblaze/kernel/dma.c
arch/microblaze/kernel/dma.c:53:26: warning: incorrect type in argument 1 (different base types)
arch/microblaze/kernel/dma.c:53:26: expected int [signed] gfp
arch/microblaze/kernel/dma.c:53:26: got restricted unsigned int [usertype] flag
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/ptrace.c
arch/microblaze/kernel/ptrace.c:126:11: warning: incorrect type in initializer (different address spaces)
arch/microblaze/kernel/ptrace.c:126:11: expected unknown type 2[noderef] *__pu_addr<asn:1>
arch/microblaze/kernel/ptrace.c:126:11: got unsigned long *<noident>
arch/microblaze/kernel/ptrace.c:134:17: warning: symbol 'do_syscall_trace_enter' was not declared. Should it be static?
arch/microblaze/kernel/ptrace.c:157:17: warning: symbol 'do_syscall_trace_leave' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Function sw_exception is linked with asm code.
Warning log:
CHECK arch/microblaze/kernel/exceptions.c
arch/microblaze/kernel/exceptions.c:53:6: warning: symbol 'sw_exception' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Variables and init_microblaze_timecounter should be static.
Warning log:
CHECK arch/microblaze/kernel/timer.c
arch/microblaze/kernel/timer.c:41:14: warning: symbol 'freq_div_hz' was not declared. Should it be static?
arch/microblaze/kernel/timer.c:42:14: warning: symbol 'timer_clock_freq' was not declared. Should it be static?
arch/microblaze/kernel/timer.c:205:12: warning: symbol 'init_microblaze_timecounter' was not declared. Should it be static?
Signed-off-by: Michal Simek <monstr@monstr.eu>
Warning log:
CHECK arch/microblaze/kernel/dma.c
arch/microblaze/kernel/dma.c:53:26: warning: incorrect type in argument 1 (different base types)
arch/microblaze/kernel/dma.c:53:26: expected int [signed] gfp
arch/microblaze/kernel/dma.c:53:26: got restricted unsigned int [usertype] flag
Signed-off-by: Michal Simek <monstr@monstr.eu>
Used the same solution as SH. Changed len to PAGE_SIZE
in copy_to_user_page macro.
Implement flush_cache_page macro.
Signed-off-by: Michal Simek <monstr@monstr.eu>
"la" pseudo instruction is only translation to "addik".
Use directly "addik" which is described in the MB reference guide.
Signed-off-by: Michal Simek <monstr@monstr.eu>
r0_ram pool was used for saving/restoring register
content if hw exception happen. This poll was replaced by
pt_pool_space with PT_SIZE size.
Based on this change SAVE_STATE_ARG_SPACE was removed which
caused that PTO offset is zero that's why is also removed.
r0_ram space was used as scratchpad by v850. In early
Microblaze Linux developing phase was this part of code
blindly copied.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Save 0x1 word to rodata section and remove online value
loading if DTB is passed from bootloader. It saves two
asm instructions in bootup.
Signed-off-by: Michal Simek <monstr@monstr.eu>
Remove hw exception counting space from r0_ram. Use special
exception_debug_table poll for exception statistic.
Signed-off-by: Michal Simek <monstr@monstr.eu>
* 's5p-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: S3C64XX: Update regulator names for debugfs compatiblity on SMDK6410
ARM: S3C64XX: Fix build with WM1190 disabled and WM1192 enabled on SMDK6410
ARM: S3C64XX: Reduce output of s3c64xx_dma_init1()
ARM: S3C64XX: Tone down SDHCI debugging
ARM: S3C64XX: Add clock for i2c1
ARM: S3C64XX: Staticise non-exported GPIO to interrupt functions
ARM: SAMSUNG: Include devs.h in dev-uart.c to prototype devices
ARM: S3C64XX: Fix keypad setup to configure correct number of rows
ARM: S3C2440: Fix usage gpio bank j pin definitions on GTA02
ARM: S5P64X0: Fix number of GPIO lines in Bank F
ARM: S3C2440: Select missing S3C_DEV_USB_HOST on GTA02
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: index i shadowed in 2nd loop
drm/nv50-nvc0: prevent multiple vm/bar flushes occuring simultanenously
drm/nouveau: fix regression causing ttm to not be able to evict vram
drm/i915: Rebind the buffer if its alignment constraints changes with tiling
drm/i915: Disable GPU semaphores by default
drm/i915: Do not overflow the MMADDR write FIFO
Revert "drm/i915: fix corruptions on i8xx due to relaxed fencing"
This fixes a bug introduced by 807e8e40673d ("mmc: Fix sd/sdio/mmc
initialization frequency retries") that prevented SDIO drivers from
performing SDIO commands in their probe routines -- the above patch
called mmc_claim_host() before sdio_add_func(), which causes a deadlock
if an external SDIO driver calls sdio_claim_host().
Fix tested on an OLPC XO-1.75 with libertas on SDIO.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Reviewed-and-Tested-by: Chris Ball <cjb@laptop.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
* ickle/drm-intel-fixes:
drm/i915: Rebind the buffer if its alignment constraints changes with tiling
drm/i915: Disable GPU semaphores by default
drm/i915: Do not overflow the MMADDR write FIFO
Revert "drm/i915: fix corruptions on i8xx due to relaxed fencing"
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] tape: deadlock on system work queue
[S390] keyboard: integer underflow bug
[S390] xpram: remove __initdata attribute from module parameters
The per-vm mutex doesn't prevent this completely, a flush coming from the
BAR VM could potentially happen at the same time as one for the channel
VM. Not to mention that if/when we get per-client/channel VM, this will
happen far more frequently.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
TTM assumes an error condition from man->func->get_node() means that
something went horribly wrong, and causes it to bail.
The driver is supposed to return 0, and leave mm_node == NULL to
signal that it couldn't allocate any memory.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Early gen3 and gen2 chipset do not have the relaxed per-surface tiling
constraints of the later chipsets, so we need to check that the GTT
alignment is correct for the new tiling. If it is not, we need to
rebind.
Reported-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Andi Kleen narrowed his GPU hangs on his Sugar Bay (SNB desktop) rev 09
down to the use of GPU semaphores, and we already know that they appear
broken up to Huron River (mobile) rev 08. (I'm optimistic that disabling
GPU semaphores is simply hiding another bug by the latency and
side-effects of the additional device interaction it introduces...)
However, use of semaphores is a massive performance improvement... Only
as long as the system remains stable. Enable at your peril.
Reported-by: Andi Kleen <andi-fd@firstfloor.org>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=33921
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: hda - Don't set to D3 in Cirrus errata init verbs
ALSA: hda - add new Fermi 5xx codec IDs to snd-hda
ASoC: WM8994: Ensure late enable events are processed for the ADCs
ASoC: WM8994: Don't disable the AIF[1|2]CLK_ENA unconditionaly
ASoC: Fix WM9081 platform data initialisation
ALSA: hda - Fix unable to record issue on ASUS N82JV
ALSA: HDA: Realtek: Fixup jack detection to input subsystem
If a virtio-console device gets unplugged while a port is open, a
subsequent close() call on the port accesses vqs to free up buffers.
This can lead to a crash.
The buffers are already freed up as a result of the call to
unplug_ports() from virtcons_remove(). The fix is to simply not access
vq information if port->portdev is NULL.
Reported-by: juzhang <juzhang@redhat.com>
CC: stable@kernel.org
Signed-off-by: Amit Shah <amit.shah@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Whilst the GT is powered down (rc6), writes to MMADDR are placed in a
FIFO by the System Agent. This is a limited resource, only 64 entries, of
which 20 are reserved for Display and PCH writes, and so we must take
care not to queue up too many writes. To avoid this, there is counter
which we can poll to ensure there are sufficient free entries in the
fifo.
"Issuing a write to a full FIFO is not supported; at worst it could
result in corruption or a system hang."
Reported-and-Tested-by: Matt Turner <mattst88@gmail.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=34056
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
This reverts commit c2e0eb167070a6e9dcb49c84c13c79a30d672431.
As it turns out, userspace already depends upon being able to enable
tiling on existing bo which it promises to be large enough for its
purposes i.e. it will not access beyond the end of the last full-tile
row.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=35016
Reported-and-tested-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
ceph: no .snap inside of snapped namespace
libceph: fix msgr standby handling
libceph: fix msgr keepalive flag
libceph: fix msgr backoff
libceph: retry after authorization failure
libceph: fix handling of short returns from get_user_pages
ceph: do not clear I_COMPLETE from d_release
ceph: do not set I_COMPLETE
Revert "ceph: keep reference to parent inode on ceph_dentry"
Pass down the correct node for a transparent hugepage allocation. Most
callers continue to use the current node, however the hugepaged daemon
now uses the previous node of the first to be collapsed page instead.
This ensures that khugepaged does not mess up local memory for an
existing process which uses local policy.
The choice of node is somewhat primitive currently: it just uses the
node of the first page in the pmd range. An alternative would be to
look at multiple pages and use the most popular node. I used the
simplest variant for now which should work well enough for the case of
all pages being on the same node.
[akpm@linux-foundation.org: coding-style fixes]
Acked-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
Reviewed-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>