Age | Commit message (Collapse) | Author |
|
Conflicts:
arch/arm/kernel/entry-armv.S
|
|
|
|
A new random value for the canary is stored in the task struct whenever
a new task is forked. This is meant to allow for different canary values
per task. On ARM, GCC expects the canary value to be found in a global
variable called __stack_chk_guard. So this variable has to be updated
with the value stored in the task struct whenever a task switch occurs.
Because the variable GCC expects is global, this cannot work on SMP
unfortunately. So, on SMP, the same initial canary value is kept
throughout, making this feature a bit less effective although it is still
useful.
One way to overcome this GCC limitation would be to locate the
__stack_chk_guard variable into a memory page of its own for each CPU,
and then use TLB locking to have each CPU see its own page at the same
virtual address for each of them.
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
|
|
This is the very basic stuff without the changing canary upon
task switch yet. Just the Kconfig option and a constant canary
value initialized at boot time.
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
|
|
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
|
|
For this feature to take effect, CONFIG_COMPAT_BRK must be turned
off. This can safely be turned off for any EABI user space versions.
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
|
|
This resolves the following build failure when bnx2 is enabled:
drivers/net/bnx2.c:3102: error: implicit declaration of function 'get_dma_ops'
drivers/net/bnx2.c:3102: error: invalid type argument of '->' (have 'int')
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
gpio_set_debounce
The following upstream commit removed omap_set_gpio_debounce methods in
favor of using the gpiolib instead.
commit 8156fae26aec0285840ffa6faff6cae017abe81b
Author: Felipe Balbi <felipe.balbi@nokia.com>
Date: Wed May 26 14:42:24 2010 -0700
arm: omap: remove the unused omap_gpio_set_debounce methods
Failing to replace omap_set_gpio_debouce with gpiolib results in a FTBS
error:
arch/arm/mach-omap2/board-omap3stalker.c:545: undefined reference to
`omap_set_gpio_debounce'
arch/arm/mach-omap2/board-omap3stalker.c:546: undefined reference to
`omap_set_gpio_debounce_time'
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
Fix FTBS by including linux/dma-mapping.h
arch/arm/mach-omap2/usb-ehci.c:263: error: implicit declaration of
function 'DMA_BIT_MASK'
arch/arm/mach-omap2/usb-ehci.c:263: error: initializer element is not
constant
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
This is a fix for the NX emulation patch to force the brk area well
outside of the exec randomization area to avoid future allocation or brk
growth collisions. Normally this isn't a problem, except when the text
region has been loaded from a PIE binary and the CS limit can't be put
just above bss.
Additionally, the nx-emulation patch was still randomizing addresses
even when randomize_va_space was disabled, which would cause collisions
even faster if someone tried to disable randomization.
BugLink: http://bugs.launchpad.net/bugs/452175
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
This makes sure to not disable fast syscalls too generally, and clarifies
nx-emulation code a bit more.
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
OriginalAuthor: Kyle McMartin <kyle@redhat.com>, Dave Jones <djones@redhat.com>, Solar Designer <solar at openwall.com>
OriginalLocation: http://cvs.fedoraproject.org/viewvc/devel/kernel/linux-2.6-execshield.patch?view=log
Bug: #369978
This is a refresh from version 1.117 as carried by the Fedora Project.
Implements NX emulation via CS-limits. It closes a gap in security
protections on ia32 kernels without PAE, and for ia32 hardware that
lacks the NX feature.
Upstream feels this NX emulation is not appropriate for mainline, and
as such, RedHat and others have carried it in their kernels for a long
time now.
Also reference https://blueprints.edge.launchpad.net/ubuntu/+spec/use-pae-when-possible
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
This will allow the OMAP USB drivers to be compiled in as modules. At the
moment, CONFIG_NOP_USB_XCEIV cannot be a module.
I've submitted this upstream, but the correct solution hasn't been agreed
upon. Let's use this patch for now until upstream decides how they want to
solve the problem.
Signed-off-by: Amit Kucheria <amit.kucheria@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
userspace
The commit below introduced some new userspace structures to ptrace.h
this necessarily required the inclusion of linux/types.h for the kernel
and stdlib.h for userspace:
commit 3162d92dfb79a0b5fc03380b8819fa5f870ebf1e
Author: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Date: Mon Feb 8 11:51:05 2010 +0000
powerpc: Extended ptrace interface
However although linux/types.h is assembly safe, stdlib.h is not. So that
when the unifdef processed versions are included in assembly files such
as occurs in eglibc, non-assembly type definitions are exposed leading
to build errors.
Looking at the original commit all of the added structures are correctly
protected by __ASSEMBLY__ wrappers, therefor the headers are actually only
required in that context. Move the headers inside the first __ASSEMBLY__
section.
BugLink: http://bugs.launchpad.net/bugs/583733
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
|
|
BugLink: http://bugs.launchpad.net/bugs/458201
Triggered by the following backtrace:
WARNING: at
/build/buildd/linux-2.6.32/arch/x86/include/asm/dma-mapping.h:154
___free_dma_mem_cluster+0x102/0x110()
[<ffffffff81064f9b>] warn_slowpath_common+0x7b/0xc0
[<ffffffff81064ff4>] warn_slowpath_null+0x14/0x20
[<ffffffff8139a2a2>] ___free_dma_mem_cluster+0x102/0x110
[<ffffffff8139a072>] __sym_mfree+0xd2/0x100
[<ffffffff8139a109>] __sym_mfree_dma+0x69/0x100
[<ffffffff8139245f>] sym_hcb_free+0x8f/0x1f0
This patch never will be accepted upstream because the WARN_ON
is supposed to perevent driver development which is only
compatible with x86 on x86 (ARM can sleep in that function).
The right way to fix it would be to make the offending function
use locks in the right way but that requires careful implementation.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
commit 757fd770c649b0dfa6eeefc2d5e2ea3119b6be9c upstream (linux-2.6-tip)
Found by Ingo Molnar's automated tester.
Reported-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andi Kleen <ak@linux.intel.com>
LKML-Reference: <20100123113359.GA29555@one.firstfloor.org>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
commit f91c4d2649531cc36e10c6bc0f92d0f99116b209 upstream (linux-2.6-tip)
cpu_specific_poll is a global variable, and it should have a global
namespace name. Since it is MCE-specific (it takes a struct mce *),
rename it mce_cpu_specific_poll.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Cc: Andi Kleen <andi@firstfloor.org>
LKML-Reference: <20100121221711.GA8242@basil.fritz.box>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
commit c773f70fd6b53ee646727f871833e53649907264 upstream (linux-2.6-tip)
Xeon 75xx doesn't log physical addresses on corrected machine check
events in the standard architectural MSRs. Instead the address has to
be retrieved in a model specific way. This makes it impossible to do
predictive failure analysis.
Implement cpu model specific code to do this in mce-xeon75xx.c using a
new hook that is called from the generic poll code. The code retrieves
the physical address/DIMM of the last corrected error from the
platform and makes the address look like a standard architectural MCA
address for further processing.
In addition the DIMM information is retrieved and put into two new
aux0/aux1 fields in struct mce. These fields are specific to a given
CPU. These fields can then be decoded by mcelog into specific DIMM
information. The latest mcelog version has support for this.
Longer term this will be likely in a different output format, but
short term that seemed like the least intrusive solution. Older mcelog
can deal with an extended record.
There's no code to print this information on a panic because this only
works for corrected errors, and corrected errors do not usually result
in panics.
The act of retrieving the DIMM/PA information can take some time, so
this code has a rate limit to avoid taking too much CPU time on a
error flood.
The whole thing can be loaded as a module and has suitable PCI-IDs so
that it can be auto-loaded by a distribution. The code also checks
explicitely for the expected CPU model number to make sure this code
doesn't run anywhere else.
Signed-off-by: Andi Kleen <ak@linux.intel.com>
LKML-Reference: <20100121221711.GA8242@basil.fritz.box>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
Signed-off-by: Eric Miao <eric.miao@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
This allows us to use this kernel under QEMU while still using the
main Ubuntu ARMv7 userspace.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
OriginalAuthor: Christophe Dumez, repackaged by Wolfgang Tremmel
OriginalLocation: http://launchpadlibrarian.net/11575235/speedstep-sonoma.patch
Bug: 132271
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Ben Collins <ben.collins@canonical.com>
|
|
Build useful drivers in the ubuntu sub-directory on powerpc. Other ports arches
were not touched as I cannot verify driver compilation on those arches.
Signed-off-by: Luke Yelavich <themuso@ubuntu.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Signed-off-by: Ben Collins <ben.collins@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
|
|
Add X86_LPIA config option
Signed-off-by: Andy Whitcroft <apw@canonical.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6
* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:
PM / x86: Save/restore MISC_ENABLE register
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
PCI: clear bridge resource range if BIOS assigned bad one
PCI: hotplug/cpqphp, fix NULL dereference
Revert "PCI: create function symlinks in /sys/bus/pci/slots/N/"
PCI: change resource collision messages from KERN_ERR to KERN_INFO
|
|
Yannick found that video does not work with 2.6.34. The cause of this
bug was that the BIOS had assigned the wrong range to the PCI bridge
above the video device. Before 2.6.34 the kernel would have shrunk
the size of the bridge window, but since
d65245c PCI: don't shrink bridge resources
the kernel will avoid shrinking BIOS ranges.
So zero out the old range if we fail to claim it at boot time; this will
cause us to allocate a new range at startup, restoring the 2.6.34
behavior.
Fixes regression https://bugzilla.kernel.org/show_bug.cgi?id=16009.
Reported-by: Yannick <yannick.roehlly@free.fr>
Acked-by: Bjorn Helgaas <bjorn.helgaas@hp.com>
Signed-off-by: Yinghai Lu <yinghai@kernel.org>
Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
|
|
* 'kvm-updates/2.6.35' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: read apic->irr with ioapic lock held
KVM: ia64: Add missing spin_unlock in kvm_arch_hardware_enable()
KVM: Fix order passed to iommu_unmap
KVM: MMU: Remove user access when allowing kernel access to gpte.w=0 page
KVM: MMU: invalidate and flush on spte small->large page size change
KVM: SVM: Implement workaround for Erratum 383
KVM: SVM: Handle MCEs early in the vmexit process
KVM: powerpc: fix init/exit annotation
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
tracing: Fix null pointer deref with SEND_SIG_FORCED
perf: Fix signed comparison in perf_adjust_period()
powerpc/oprofile: fix potential buffer overrun in op_model_cell.c
perf symbols: Set the DSO long name when using symbol_conf.vmlinux_name
|
|
* master.kernel.org:/home/rmk/linux-2.6-arm:
ARM: 6164/1: Add kto and kfrom to input operands list.
ARM: 6166/1: Proper prefetch abort handling on pre-ARMv6
ARM: 6165/1: trap overflows on highmem pages from kmap_atomic when debugging
ARM: 6152/1: ux500 make it possible to disable localtimers
[ARM] pxa/spitz: Correctly register WM8750
[ARM] pxa/palmtc: storage class should be before const qualifier
ARM: 6146/1: sa1111: Prevent deadlock in resume path
ARM: 6145/1: ux500 MTU clockrate correction
ARM: 6144/1: TCM memory bug freeing bug
ARM: VFP: Fix vfp_put_double() for d16-d31
|
|
Reinstate the null behaviour that the in-kernel gdbstub had for the GDB
remote protocol 'p' command (retrieve a single register value) prior to
commit 7ca8b9c0dafd ("frv: extend gdbstub to support more features of
gdb").
Before that, the 'p' command just returned an empty reply, which causes
gdb to then go and use the 'g' command. However, since that commit, the
'p' command returns an error string, which causes gdb to abort its
connection to the target.
Not all gdb versions are affected, some use try 'g' first, and if that
works, don't bother with 'p', and so don't see the error.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
* 'msm-urgent' of git://codeaurora.org/quic/kernel/dwalker/linux-msm:
mmc: msm: fix compile error on MSM7x30
msm: dma: add completion.h header
|
|
Add a spin_unlock missing on the error path.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
expression E1;
@@
* spin_lock(E1,...);
<+... when != E1
if (...) {
... when != E1
* return ...;
}
...+>
* spin_unlock(E1,...);
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
If cr0.wp=0, we have to allow the guest kernel access to a page with pte.w=0.
We do that by setting spte.w=1, since the host cr0.wp must remain set so the
host can write protect pages. Once we allow write access, we must remove
user access otherwise we mistakenly allow the user to write the page.
Reviewed-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
Always invalidate spte and flush TLBs when changing page size, to make
sure different sized translations for the same address are never cached
in a CPU's TLB.
Currently the only case where this occurs is when a non-leaf spte pointer is
overwritten by a leaf, large spte entry. This can happen after dirty
logging is disabled on a memslot, for example.
Noticed by Andrea.
KVM-Stable-Tag
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
This patch implements a workaround for AMD erratum 383 into
KVM. Without this erratum fix it is possible for a guest to
kill the host machine. This patch implements the suggested
workaround for hypervisors which will be published by the
next revision guide update.
[jan: fix overflow warning on i386]
[xiao: fix unused variable warning]
Cc: stable@kernel.org
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
This patch moves handling of the MC vmexits to an earlier
point in the vmexit. The handle_exit function is too late
because the vcpu might alreadry have changed its physical
cpu.
Cc: stable@kernel.org
Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
kvmppc_e500_exit() is a module_exit function, so it should be tagged
with __exit, not __init. The incorrect annotation was added by commit
2986b8c72c272ea58edd37903b042c6da985627d.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: stable@kernel.org
Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Avi Kivity <avi@redhat.com>
|
|
The commit "asm-generic: add NEED_SG_DMA_LENGTH to define sg_dma_len()"
18e98307de0d746cb0845ebf66535ce2184c25a2 broke microblaze compilation.
dma_direct_map_sg() sets sg->dma_length, however microblaze doesn't
set NEED_SG_DMA_LENGTH so scatterlist strcutres doesn't include
dma_length.
sg->dma_length is always equal to sg->length on microblaze. So we
don't need to set set dma_length, that is, microblaze can simply use
sg->length.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Michal Simek <monstr@monstr.eu>
|
|
The commit "mm: Move ARCH_SLAB_MINALIGN and
ARCH_KMALLOC_MINALIGN to <linux/slab_def.h>"
1f0ce8b3dd667dca7 which moved the ARCH_SLAB_MINALIGN
default into the global header broke FLAT for Microblaze.
Error message:
slab error in verify_redzone_free(): cache `idr_layer_cache':
memory outside object was overwritten
Signed-off-by: Michal Simek <monstr@monstr.eu>
|
|
When functions incoming parameters are not in input operands list gcc
4.5 does not load the parameters into registers before calling this
function but the inline assembly assumes valid addresses inside this
function. This breaks the code because r0 and r1 are invalid when
execution enters v4wb_copy_user_page ()
Also the constant needs to be used as third input operand so account
for that as well.
Tested on qemu arm.
CC: <stable@kernel.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/ycmiao/pxa-linux-2.6
|
|
Instruction faults on pre-ARMv6 CPUs are interpreted as
a 'translation fault', but do_translation_fault doesn't
handle well if user mode trying to run instruction above
TASK_SIZE, and result in the infinite retry of that
instruction.
CC: <stable@kernel.org>
Signed-off-by: Anfei Zhou <anfei.zhou@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
|
|
When CONFIG_DEBUG_HIGHMEM is used, the fixmap entry used for a highmem page
by kmap_atomic() is always cleared by kunmap_atomic(). This helps find
bad usages such as dereferences after the unmap, or overflow into the
adjacent fixmap areas.
But this debugging aid is completely bypassed when a kmap for the same
page already exists as the kmap is reused instead. ON VIVT systems we
have no choice but to reuse that kmap due to cache coherency issues,
but on non VIVT systems we should always force the fixmap usage when
debugging is active.
Signed-off-by: Nicolas Pitre <nicolas.pitre@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
|
|
Currently compilation of ux500 fails if you deselect the kernel
feature for localtimers.
Acked-by: Srinidhi Kasagar <srinidhi.kasagar@stericsson.com>
Signed-off-by: Linus Walleij <linus.walleij@stericsson.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
|
|
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
The containing function is called from several places. At one of them, in
the function __sigp_stop, the spin lock &fi->lock is held.
The semantic patch that makes this change is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@gfp exists@
identifier fn;
position p;
@@
fn(...) {
... when != spin_unlock
when any
GFP_KERNEL@p
... when any
}
@locked@
identifier gfp.fn;
@@
spin_lock(...)
... when != spin_unlock
fn(...)
@depends on locked@
position gfp.p;
@@
- GFP_KERNEL@p
+ GFP_ATOMIC
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
When unregistering kprobes, kprobes calls module_free() and
always passes NULL for the mod parameter. Add a check to
prevent NULL pointer dereferences.
See commit 740a8de0796dd12890b3c8ddcfabfcb528b78d40 for more details.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Add missing GFP flag to memory allocations. The part in cio only
changes a comment.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
RealView boards with certain revisions of the L210/L220 cache controller
may have issues with recent changes to the mb() barrier implementation
(DSB followed by an L2 cache sync).
This patch proposes that the mb() barrier performs an outer cache sync
only when ARM_DMA_MEM_BUFFERABLE is enabled. When this is option is
disabled, the coherent DMA buffers are mapped as Strongly Ordered and
there is no need for an L2 cache sync.
The patch also disables ARM_DMA_MEM_BUFFERABLE for some of the RealView
boards with L210/L220.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Linus Walleij <linus.ml.walleij@gmail.com>
Cc: Bjoern B. Brandenburg <bbb.lst@gmail.com>
|