linux-toradex.git/arch, branch v2.6.13.4 Linux kernel for Apalis and Colibri modules [PATCH] Fix userland FPU state corruption. 2005-10-10T18:50:54+00:00 David S. Miller davem@davemloft.net 2005-10-07T23:43:53+00:00 d7c6ec0fa0de0b99b3bb66cc0b63e1331ae76984 We need to use stricter memory barriers around the block load and store instructions we use to save and restore the FPU register file. Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
We need to use stricter memory barriers around the block
load and store instructions we use to save and restore the
FPU register file.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] uml - Fix x86_64 page leak 2005-10-03T23:27:18+00:00 Paolo 'Blaisorblade' Giarrusso blaisorblade@yahoo.it 2005-09-19T18:02:32+00:00 38e00d341514cce58a4514904fc6562d586ec4dc We were leaking pmd pages when 3_LEVEL_PGTABLES was enabled. This fixes that, has been well tested and is included in mainline tree. Please include in -stable as well. Signed-off-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Chris Wright <chrisw@osdl.org> 
We were leaking pmd pages when 3_LEVEL_PGTABLES was enabled. This fixes that,
has been well tested and is included in mainline tree. Please include in -stable
as well.

Signed-off-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] lost fput in 32bit ioctl on x86-64 2005-09-17T01:01:55+00:00 Maxim Giryaev gem@sw.ru 2005-09-09T20:05:53+00:00 8cd943eb523fa622fec2f8e65e611263babd1249 This patch adds lost fput in 32bit tiocgdev ioctl on x86-64 I believe this is a security issues, since user can fget() file as many times as he wants to. So file refcounter can be overlapped and first fput() will free resources though there will be still structures pointing to the file, mnt, dentry etc. Also fput() sets f_dentry and f_vfsmnt to NULL, so other file users will OOPS. The oops can be done under files_lock and others, so this is really exploitable DoS on SMP. Didn't checked it on practice actually. (chrisw: Update to use fget_light/fput_light) Signed-Off-By: Kirill Korotaev <dev@sw.ru> Signed-Off-By: Maxim Giryaev <gem@sw.ru> Signed-off-by: Chris Wright <chrisw@osdl.org> 
This patch adds lost fput in 32bit tiocgdev ioctl on x86-64

I believe this is a security issues, since user can fget() file as
many times as he wants to. So file refcounter can be overlapped and
first fput() will free resources though there will be still structures
pointing to the file, mnt, dentry etc.  Also fput() sets f_dentry and
f_vfsmnt to NULL, so other file users will OOPS.

The oops can be done under files_lock and others, so this is really
exploitable DoS on SMP. Didn't checked it on practice actually.

(chrisw: Update to use fget_light/fput_light)

Signed-Off-By: Kirill Korotaev <dev@sw.ru>
Signed-Off-By: Maxim Giryaev <gem@sw.ru>
Signed-off-by: Chris Wright <chrisw@osdl.org>
[PATCH] x86: pci_assign_unassigned_resources() update 2005-09-10T02:42:51+00:00 Ivan Kokshaysky ink@jurassic.park.msu.ru 2005-09-05T14:12:21+00:00 2811d271ee67f4de6c6d7e2c731698f6f9f7746a I had some time to think about PCI assign issues in 2.6.13-rc series. The major problem here is that we call pci_assign_unassigned_resources() way too early - at subsys_initcall level. Therefore we give no chances to ACPI and PnP routines (called at fs_initcall level) to reserve their respective resources properly, as the comments in drivers/pnp/system.c and drivers/acpi/motherboard.c suggest: /** * Reserve motherboard resources after PCI claim BARs, * but before PCI assign resources for uninitialized PCI devices */ So I moved the pci_assign_unassigned_resources() call to pcibios_assign_resources() (fs_initcall), which should hopefully fix a lot of problems and make PCIBIOS_MIN_IO tweaks unnecessary. Other changes: - remove resource assignment code from pcibios_assign_resources(), since it duplicates pci_assign_unassigned_resources() functionality and actually does nothing in 2.6.13; - modify ROM assignment code as per Ben's suggestion: try to use firmware settings by default (if PCI_ASSIGN_ROMS is not set); - set CARDBUS_IO_SIZE back to 4K as it's a wonderful stress test for various setups. Confirmed by Tero Roponen <teanropo@cc.jyu.fi> (who had problems with the 4kB CardBus IO size previously). Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> 
I had some time to think about PCI assign issues in 2.6.13-rc series.

The major problem here is that we call pci_assign_unassigned_resources()
way too early - at subsys_initcall level. Therefore we give no chances
to ACPI and PnP routines (called at fs_initcall level) to reserve their
respective resources properly, as the comments in drivers/pnp/system.c
and drivers/acpi/motherboard.c suggest:

 /**
  * Reserve motherboard resources after PCI claim BARs,
  * but before PCI assign resources for uninitialized PCI devices
  */

So I moved the pci_assign_unassigned_resources() call to
pcibios_assign_resources() (fs_initcall), which should hopefully fix a
lot of problems and make PCIBIOS_MIN_IO tweaks unnecessary.

Other changes:
- remove resource assignment code from pcibios_assign_resources(), since
  it duplicates pci_assign_unassigned_resources() functionality and
  actually does nothing in 2.6.13;
- modify ROM assignment code as per Ben's suggestion: try to use firmware
  settings by default (if PCI_ASSIGN_ROMS is not set);
- set CARDBUS_IO_SIZE back to 4K as it's a wonderful stress test for
  various setups.

Confirmed by Tero Roponen <teanropo@cc.jyu.fi> (who had problems with
the 4kB CardBus IO size previously).

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
[PATCH] mmaper_kern.c fixes [buffer overruns] 2005-08-27T17:11:40+00:00 Al Viro viro@parcelfarce.linux.theplanet.co.uk 2005-08-27T05:48:15+00:00 6a029a90f5b93e2b50bcbbaef05ef91fa0c1d6b3 - copy_from_user() can fail; ->write() must check its return value. - severe buffer overruns both in ->read() and ->write() - lseek to the end (i.e. to mmapper_size) and if (count + *ppos > mmapper_size) count = count + *ppos - mmapper_size; will do absolutely nothing. Then it will call copy_to_user(buf,&v_buf[*ppos],count); with obvious results (similar for ->write()). Fixed by turning read to simple_read_from_buffer() and by doing normal limiting of count in ->write(). - gratitious lock_kernel() in ->mmap() - it's useless there. - lots of gratuitous includes. Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
 - copy_from_user() can fail; ->write() must check its return value.

 - severe buffer overruns both in ->read() and ->write() - lseek to the
   end (i.e.  to mmapper_size) and

	if (count + *ppos > mmapper_size)
		count = count + *ppos - mmapper_size;

   will do absolutely nothing.  Then it will call

	copy_to_user(buf,&v_buf[*ppos],count);

   with obvious results (similar for ->write()).

   Fixed by turning read to simple_read_from_buffer() and by doing
   normal limiting of count in ->write().

 - gratitious lock_kernel() in ->mmap() - it's useless there.

 - lots of gratuitous includes.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] arm: fix IXP4xx flash resource range 2005-08-27T02:37:12+00:00 Deepak Saxena dsaxena@plexity.net 2005-08-27T01:34:11+00:00 1c9cf6f9861f8d27303ee2531b3b7686269c71ce We are currently reserving one byte more than actually needed by the flash device and overlapping into the next I/O expansion bus window. This a) causes us to allocate an extra page of VM due to ARM ioremap() alignment code and b) could cause problems if another driver tries to request the next expansion bus window. Signed-off-by: Deepak Saxena <dsaxena@plexity.net> Cc: Russell King <rmk@arm.linux.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
We are currently reserving one byte more than actually needed by the flash
device and overlapping into the next I/O expansion bus window.  This a)
causes us to allocate an extra page of VM due to ARM ioremap() alignment
code and b) could cause problems if another driver tries to request the
next expansion bus window.

Signed-off-by: Deepak Saxena <dsaxena@plexity.net>
Cc: Russell King <rmk@arm.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] x86_64: Tell VM about holes in nodes 2005-08-27T02:37:12+00:00 Andi Kleen ak@suse.de 2005-08-27T01:34:10+00:00 485761bd6a72d33b3d4fa884927b2b0d983b701e Some nodes can have large holes on x86-64. This fixes problems with the VM allowing too many dirty pages because it overestimates the number of available RAM in a node. In extreme cases you can end up with all RAM filled with dirty pages which can lead to deadlocks and other nasty behaviour. This patch just tells the VM about the known holes from e820. Reserved (like the kernel text or mem_map) is still not taken into account, but that should be only a few percent error now. Small detail is that the flat setup uses the NUMA free_area_init_node() now too because it offers more flexibility. (akpm: lotsa thanks to Martin for working this problem out) Cc: Martin Bligh <mbligh@mbligh.org> Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Some nodes can have large holes on x86-64.

This fixes problems with the VM allowing too many dirty pages because it
overestimates the number of available RAM in a node.  In extreme cases you
can end up with all RAM filled with dirty pages which can lead to deadlocks
and other nasty behaviour.

This patch just tells the VM about the known holes from e820.  Reserved
(like the kernel text or mem_map) is still not taken into account, but that
should be only a few percent error now.

Small detail is that the flat setup uses the NUMA free_area_init_node() now
too because it offers more flexibility.

(akpm: lotsa thanks to Martin for working this problem out)

Cc: Martin Bligh <mbligh@mbligh.org>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] ppc32 8xx: fix m8xx_ide_init() #ifdef 2005-08-26T23:31:46+00:00 Marcelo Tosatti marcelo.tosatti@cyclades.com 2005-08-23T20:20:44+00:00 566ecb9b258ec4da3c7e1c6ca6fca8a5bb0c8eba Be more precise on deciding whether to call m8xx_ide_init() at m8xx_setup.c:platform_init(). Compilation fails if CONFIG_BLK_DEV_IDE is defined but CONFIG_BLK_DEV_MPC8xx_IDE isnt. Signed-off-by: Marcelo Tosatti <marcelo.tosatti@cyclades.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
Be more precise on deciding whether to call m8xx_ide_init() at
m8xx_setup.c:platform_init().

Compilation fails if CONFIG_BLK_DEV_IDE is defined but
CONFIG_BLK_DEV_MPC8xx_IDE isnt.

Signed-off-by: Marcelo Tosatti <marcelo.tosatti@cyclades.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] Export pcibios_bus_to_resource 2005-08-24T17:22:44+00:00 Keith Owens kaos@sgi.com 2005-08-24T06:06:25+00:00 41290c14640bc9312bf63202d14ebef075b6171a pcibios_bus_to_resource is exported on all architectures except ia64 and sparc. Add exports for the two missing architectures. Needed when Yenta socket support is compiled as a module. Signed-off-by: Keith Owens <kaos@sgi.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
pcibios_bus_to_resource is exported on all architectures except ia64
and sparc.  Add exports for the two missing architectures.  Needed when
Yenta socket support is compiled as a module.

Signed-off-by: Keith Owens <kaos@sgi.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[PATCH] x86_64: update defconfig - reenable fusion 2005-08-24T17:22:44+00:00 Andi Kleen ak@suse.de 2005-08-24T05:37:37+00:00 b7561524765a30334bf31c56b523aeb3c1a04c7d I mistakedly disabled fusion support in an earlier update. Fusion is commonly used on many x86-64 systems, so this was a problem. This patch fixes that. Signed-off-by: And Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 
I mistakedly disabled fusion support in an earlier update. Fusion
is commonly used on many x86-64 systems, so this was a problem.
This patch fixes that.

Signed-off-by: And Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>