06 Feb, 2007
28 commits
-
This provides a noexec protection on s390 hardware. Our hardware does
not have any bits left in the pte for a hw noexec bit, so this is a
different approach using shadow page tables and a special addressing
mode that allows separate address spaces for code and data.As a special feature of our "secondary-space" addressing mode, separate
page tables can be specified for the translation of data addresses
(storage operands) and instruction addresses. The shadow page table is
used for the instruction addresses and the standard page table for the
data addresses.
The shadow page table is linked to the standard page table by a pointer
in page->lru.next of the struct page corresponding to the page that
contains the standard page table (since page->private is not really
private with the pte_lock and the page table pages are not in the LRU
list).
Depending on the software bits of a pte, it is either inserted into
both page tables or just into the standard (data) page table. Pages of
a vma that does not have the VM_EXEC bit set get mapped only in the
data address space. Any try to execute code on such a page will cause a
page translation exception. The standard reaction to this is a SIGSEGV
with two exceptions: the two system call opcodes 0x0a77 (sys_sigreturn)
and 0x0aad (sys_rt_sigreturn) are allowed. They are stored by the
kernel to the signal stack frame. Unfortunately, the signal return
mechanism cannot be modified to use an SA_RESTORER because the
exception unwinding code depends on the system call opcode stored
behind the signal stack frame.This feature requires that user space is executed in secondary-space
mode and the kernel in home-space mode, which means that the addressing
modes need to be switched and that the noexec protection only works
for user space.
After switching the addressing modes, we cannot use the mvcp/mvcs
instructions anymore to copy between kernel and user space. A new
mvcos instruction has been added to the z9 EC/BC hardware which allows
to copy between arbitrary address spaces, but on older hardware the
page tables need to be walked manually.Signed-off-by: Gerald Schaefer
Signed-off-by: Martin Schwidefsky -
This patch moves the config options for the s390 crypto instructions
to the standard "Hardware crypto devices" menu. In addition some
cleanup has been done: use a flag for supported keylengths, add a
warning about machien limitation, return ENOTSUPP in case the
hardware has no support, remove superfluous printks and update
email addresses.Signed-off-by: Jan Glauber
Signed-off-by: Martin Schwidefsky -
Lower priority of "Blacklisted device detected" messages so we don't
overwrite more useful messages.Signed-off-by: Cornelia Huck
Signed-off-by: Martin Schwidefsky -
Change CHSC event handling to be more easily extensible.
Signed-off-by: Peter Oberparleiter
Signed-off-by: Martin Schwidefsky -
Signed-off-by: Peter Oberparleiter
Signed-off-by: Martin Schwidefsky -
Currently works anyway since search_binary_handler has a
set_fs(USER_DS). But start_thread() is the place where this should be
done. Following all other architectures...Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
If we have a subchannel id which has been generated via
for_each_subchannel(), it might contain an invalid subchannel set id.
We need to catch the ensuing operand exception by using stsch_err()
instead of stsch() in all possible cases.Signed-off-by: Cornelia Huck
Signed-off-by: Martin Schwidefsky -
Fix description of register usage as pointed out by Andreas Krebbel.
Since this document is completely outdated and would need a lot of
fixing, it might be worth considering to get rid of it...Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
kretprobe_trampoline_holder() is in kprobes section but used to
register a kprobe in arch_init_kprobes(). Hence register_kprobe()
and therefore arch_init_kprobes() will fail.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
In case of an illegal op the die notifier gets called with DIE_TRAP
instead of DIE_BPT first.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
Use the new linux-s390@vger.kernel.org mailing list instead of
linux-390@vm.marist.edu.Signed-off-by: Martin Schwidefsky
-
The reserve/release IOCTLs sometimes do not work. If second system
does a 'steal lock' the pending unit check (Format 3 Msg F) is
delivered. Since ERP is disabled for reserve/release, the IOCTL call
fails. We have to allow basic ERP (retries) for reserve/release IOCTLs.Signed-off-by: Horst Hummel
Signed-off-by: Martin Schwidefsky -
Logging of relevant information is already done by disciplines
dump_sense function.Signed-off-by: Horst Hummel
Signed-off-by: Martin Schwidefsky -
cpu_relax() has barrier() semantics hence there is no need to use both
of them in conjunction in sclp_sync_wait(). Also change cpu_relax()
so it's more obvious that it has barrier semantics.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
Create/remove the channel measurement binary files with
device_{create,remove}_bin_file instead of sysfs_{create,remove}_bin_file.Signed-off-by: Cornelia Huck
Signed-off-by: Martin Schwidefsky -
local_bh_disable/_local_bh_enable must not be called if in_irq() is
true. Besides that if in_interrupt() is true bottom halves are
disabled anyway.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
Currently loaded DCSS segments are now listed in /proc/iomem with
their name followed by a trailing "(DCSS)".Signed-off-by: Gerald Schaefer
Signed-off-by: Martin Schwidefsky -
If we try to start path verification when an unsolicited interrupt
is already pending, stctl shows status pending and we delay path
verification again. We need to check for the doverify bit when the
unsolicited interrupt comes in and then do path verification.Signed-off-by: Cornelia Huck
Signed-off-by: Martin Schwidefsky -
FCP dump feature detection works only if the sclp command in head.S
was succesful. Since the sclp command is skipped if diag260 works,
we don't have any dump feature detection anymore.
Bug was introduced with d57de5a36791cb1b7285649c62f183b0d3505f7d.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
The initialization of the dasd_eer code is one of the last steps of the
dasd driver initialization. When initialization fails in one of the
earlier steps, the dasd_exit function is called to clean up what has been
done so far. So the dasd_eer_exit function may be called, although the
dasd_eer_init function wasn't called before and dasd_eer_exit tries to
unregister a misc device that wasn't registered, which results in a BUG.Make sure that dasd_eer_exit can be called without initialization. Use a
dynamically allocated struct miscdevice instead of a static one, so we
only try to unregister the device if it exists and was actually registered.Signed-off-by: Stefan Weinhuber
Signed-off-by: Martin Schwidefsky -
Requests are aborted when the sclp interface reports 'not operational'
even though they may still be active at the sclp, leading to concurrent
writes to request memory by both the kernel and the sclp interface.
Do not abort requests for which the sclp interface reports not
operational status during request retry.Signed-off-by: Peter Oberparleiter 5A
Signed-off-by: Martin Schwidefsky -
No need to use lrag in 64 bit addressing mode since lra will do the
same.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
Since ssd_info is now available before the subchannel is registered,
we don't need to check whether it is available.Signed-off-by: Cornelia Huck
Signed-off-by: Martin Schwidefsky -
Change the bounce buffer logic of cpcmd. diag8 needs _real_ memory below
2GB. Therefore vmalloced data does not work. As the data might cross a
page boundary, we cannot use virt_to_page either. The solution is to use
virt_to_page only in the check for a bounce buffer.There was a redundant check for response==NULL. response < 2GB contains
this check as well.I also removed the rlen==0 check, since rlen=0 and response!=NULL would
be a caller bug and response==NULL is already checked.Signed-off-by: Christian Borntraeger
Signed-off-by: Martin Schwidefsky -
Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
Signed-off-by: Akinobu Mita
Signed-off-by: Martin Schwidefsky -
Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky
05 Feb, 2007
2 commits
-
When calling into the EFI firmware, the parameters need to be passed on
the stack. The recent change to use -mregparm=3 breaks x86 EFI support.
This patch is needed to allow the new Intel-based Macs to suspend to ram
(efi.get_time is called during the suspend phase).Signed-off-by: Frederic Riss
Signed-off-by: Linus Torvalds
04 Feb, 2007
9 commits
-
That code doesn't do what its author apparently thought it would do...
Signed-off-by: Al Viro
Signed-off-by: Linus Torvalds -
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] sd: udev accessing an uninitialized scsi_disk field results in a crash
[SCSI] st: A MTIOCTOP/MTWEOF within the early warning will cause the file number to be incorrect
[SCSI] qla4xxx: bug fixes
[SCSI] Fix scsi_add_device() for async scanning -
x86-64 is missing these:
Signed-off-by: Jeff Garzik
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
The SN Altix platform does not conform to the IOSAPIC IRQ routing model.
Add code in acpi_unregister_gsi() to check if (acpi_irq_model ==
ACPI_IRQ_MODEL_PLATFORM) and return.Due to an oversight, this code was not added previously when
similar code was added to acpi_register_gsi().http://marc.theaimsgroup.com/?l=linux-acpi&m=116680983430121&w=2
Signed-off-by: John Keller
Acked-by: Len Brown
Cc: "Luck, Tony"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Andrew Vasquez is reporting as-iosched oopses and a 65% throughput
slowdown due to the recent special-casing of direct-io against
blockdevs. We don't know why either of these things are occurring.The patch minimally reverts us back to the 2.6.19 code for a 2.6.20
release.Cc: Andrew Vasquez
Cc: Ken Chen
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
We went and named them __NR_sys_foo instead of __NR_foo.
It may be too late to change this, but we can at least add the proper names
now.Signed-off-by: Mike Frysinger
Cc: Richard Henderson
Cc: Ivan Kokshaysky
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
smc911x_phy_configure's error handling unconditionally unlocks the
spinlock even if it wasn't locked. Patch fixes it.Signed-off-by: Peter Korsgaard
Cc: Jeff Garzik
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
This patch fixes up ia64 kexec support for HP rx2620 hardware. It does
this by skipping migration of already disabled irqs. This is most likely a
problem on other ia64 platforms as well, but I've only been able to
reproduce it on one machine so far.The full story is that handle_bad_irq() gets invoked before starting the
new kernel without this patch. This seems to happen when fixup_irqs()
calls generic_handle_irq() on already migrated (and disabled) irqs. So by
avoiding migration of disabled irqs we stay away of handle_bad_irq().The code has been tested on three different ia64 machines, all with good
results. It is possible to trigger the same bug by offlining a processor
using echo 0 > /sys/devices/system/cpu/cpuX/online.More detailed information is available in the following mail thread:
http://lists.osdl.org/pipermail/fastboot/2007-January/thread.html#5774Signed-off-by: Magnus Damm
Acked-by: Simon Horman
Acked-by: Zou, Nanhai
Acked-by: Jay Lan
Acked-by: "Luck, Tony"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
An AIO bug was reported that sleeping function is being called in softirq
context:BUG: warning at kernel/mutex.c:132/__mutex_lock_common()
Call Trace:
[] __mutex_lock_slowpath+0x640/0x6c0
[] mutex_lock+0x20/0x40
[] flush_workqueue+0xb0/0x1a0
[] __put_ioctx+0xc0/0x240
[] aio_complete+0x2f0/0x420
[] finished_one_bio+0x200/0x2a0
[] dio_bio_complete+0x1c0/0x200
[] dio_bio_end_aio+0x60/0x80
[] bio_endio+0x110/0x1c0
[] __end_that_request_first+0x180/0xba0
[] end_that_request_chunk+0x30/0x60
[] scsi_end_request+0x50/0x300 [scsi_mod]
[] scsi_io_completion+0x200/0x8a0 [scsi_mod]
[] sd_rw_intr+0x330/0x860 [sd_mod]
[] scsi_finish_command+0x100/0x1c0 [scsi_mod]
[] scsi_softirq_done+0x230/0x300 [scsi_mod]
[] blk_done_softirq+0x160/0x1c0
[] __do_softirq+0x200/0x240
[] do_softirq+0x70/0xc0See report: http://marc.theaimsgroup.com/?l=linux-kernel&m=116599593200888&w=2
flush_workqueue() is not allowed to be called in the softirq context.
However, aio_complete() called from I/O interrupt can potentially call
put_ioctx with last ref count on ioctx and triggers bug. It is simply
incorrect to perform ioctx freeing from aio_complete.The bug is trigger-able from a race between io_destroy() and aio_complete().
A possible scenario:cpu0 cpu1
io_destroy aio_complete
wait_for_all_aios { __aio_put_req
... ctx->reqs_active--;
if (!ctx->reqs_active)
return;
}
...
put_ioctx(ioctx)put_ioctx(ctx);
__put_ioctx
bam! Bug trigger!The real problem is that the condition check of ctx->reqs_active in
wait_for_all_aios() is incorrect that access to reqs_active is not
being properly protected by spin lock.This patch adds that protective spin lock, and at the same time removes
all duplicate ref counting for each kiocb as reqs_active is already used
as a ref count for each active ioctx. This also ensures that buggy call
to flush_workqueue() in softirq context is eliminated.Signed-off-by: "Ken Chen"
Cc: Zach Brown
Cc: Suparna Bhattacharya
Cc: Benjamin LaHaise
Cc: Badari Pulavarty
Cc:
Acked-by: Jeff Moyer
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
03 Feb, 2007
1 commit
-
Fix this by letting NF_CONNTRACK_H323 depend on (IPV6 || IPV6=n).
Signed-off-by: Adrian Bunk
Signed-off-by: David S. Miller
