13 Jan, 2012
1 commit
-
module_param(bool) used to counter-intuitively take an int. In
fddd5201 (mid-2009) we allowed bool or int/unsigned int using a messy
trick.It's time to remove the int/unsigned int option. For this version
it'll simply give a warning, but it'll break next kernel version.Acked-by: Mauro Carvalho Chehab
Signed-off-by: Rusty Russell
11 Jan, 2012
2 commits
-
* 'drm-core-next' of git://people.freedesktop.org/~airlied/linux: (307 commits)
drm/nouveau/pm: fix build with HWMON off
gma500: silence gcc warnings in mid_get_vbt_data()
drm/ttm: fix condition (and vs or)
drm/radeon: double lock typo in radeon_vm_bo_rmv()
drm/radeon: use after free in radeon_vm_bo_add()
drm/sis|via: don't return stack garbage from free_mem ioctl
drm/radeon/kms: remove pointless CS flags priority struct
drm/radeon/kms: check if vm is supported in VA ioctl
drm: introduce drm_can_sleep and use in intel/radeon drivers. (v2)
radeon: Fix disabling PCI bus mastering on big endian hosts.
ttm: fix agp since ttm tt rework
agp: Fix multi-line warning message whitespace
drm/ttm/dma: Fix accounting error when calling ttm_mem_global_free_page and don't try to free freed pages.
drm/ttm/dma: Only call set_pages_array_wb when the page is not in WB pool.
drm/radeon/kms: sync across multiple rings when doing bo moves v3
drm/radeon/kms: Add support for multi-ring sync in CS ioctl (v2)
drm/radeon: GPU virtual memory support v22
drm: make DRM_UNLOCKED ioctls with their own mutex
drm: no need to hold global mutex for static data
drm/radeon/benchmark: common modes sweep ignores 640x480@32
...Fix up trivial conflicts in radeon/evergreen.c and vmwgfx/vmwgfx_kms.c
-
* 'stable/for-linus-3.3' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: (37 commits)
xen/pciback: Expand the warning message to include domain id.
xen/pciback: Fix "device has been assigned to X domain!" warning
xen/pciback: Move the PCI_DEV_FLAGS_ASSIGNED ops to the "[un|]bind"
xen/xenbus: don't reimplement kvasprintf via a fixed size buffer
xenbus: maximum buffer size is XENSTORE_PAYLOAD_MAX
xen/xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX.
Xen: consolidate and simplify struct xenbus_driver instantiation
xen-gntalloc: introduce missing kfree
xen/xenbus: Fix compile error - missing header for xen_initial_domain()
xen/netback: Enable netback on HVM guests
xen/grant-table: Support mappings required by blkback
xenbus: Use grant-table wrapper functions
xenbus: Support HVM backends
xen/xenbus-frontend: Fix compile error with randconfig
xen/xenbus-frontend: Make error message more clear
xen/privcmd: Remove unused support for arch specific privcmp mmap
xen: Add xenbus_backend device
xen: Add xenbus device driver
xen: Add privcmd device driver
xen/gntalloc: fix reference counts on multi-page mappings
...
09 Jan, 2012
1 commit
-
When a PCI device is transferred to another domain and it is still
in usage (from the internal perspective), mention which other
domain is using it to aid in debugging.[v2: Truncate the verbose message per Jan Beulich suggestion]
[v3: Suggestions from Ian Campbell on the wording]
Signed-off-by: Konrad Rzeszutek Wilk
Acked-by: Jan Beulich
08 Jan, 2012
2 commits
-
The full warning is:
"pciback 0000:05:00.0: device has been assigned to 2 domain! Over-writting the ownership, but beware."which is correct - the previous domain that was using the device
forgot to unregister the ownership. This patch fixes this by
calling the unregister ownership function when the PCI device is
relinquished from the guest domain.Signed-off-by: Konrad Rzeszutek Wilk
-
operation instead of doing it per guest creation/disconnection. Without
this we could have potentially unloaded the vf driver from the
xen pciback control even if the driver was binded to the xen-pciback.
This will hold on to it until the user "unbind"s the PCI device using
SysFS.Signed-off-by: Konrad Rzeszutek Wilk
07 Jan, 2012
1 commit
-
This resolves the conflict in the arch/arm/mach-s3c64xx/s3c6400.c file,
and it fixes the build error in the arch/x86/kernel/microcode_core.c
file, that the merge did not catch.The microcode_core.c patch was provided by Stephen Rothwell
who was invaluable in the merge issues involved
with the large sysdev removal process in the driver-core tree.Signed-off-by: Greg Kroah-Hartman
05 Jan, 2012
4 commits
-
Signed-off-by: Ian Campbell
Cc: Haogang Chen
Acked-by: Jan Beulich
Signed-off-by: Konrad Rzeszutek Wilk -
Use this now that it is defined even though it happens to be == PAGE_SIZE.
The code which takes requests from userspace already validates against the size
of this buffer so no further checks are required to ensure that userspace
requests comply with the protocol in this respect.Signed-off-by: Ian Campbell
Cc: Haogang Chen
Signed-off-by: Konrad Rzeszutek Wilk -
Haogang Chen found out that:
There is a potential integer overflow in process_msg() that could result
in cross-domain attack.body = kmalloc(msg->hdr.len + 1, GFP_NOIO | __GFP_HIGH);
When a malicious guest passes 0xffffffff in msg->hdr.len, the subsequent
call to xb_read() would write to a zero-length buffer.The other end of this connection is always the xenstore backend daemon
so there is no guest (malicious or otherwise) which can do this. The
xenstore daemon is a trusted component in the system.However this seem like a reasonable robustness improvement so we should
have it.And Ian when read the API docs found that:
The payload length (len field of the header) is limited to 4096
(XENSTORE_PAYLOAD_MAX) in both directions. If a client exceeds the
limit, its xenstored connection will be immediately killed by
xenstored, which is usually catastrophic from the client's point of
view. Clients (particularly domains, which cannot just reconnect)
should avoid this.so this patch checks against that instead.
This also avoids a potential integer overflow pointed out by Haogang Chen.
Signed-off-by: Ian Campbell
Cc: Haogang Chen
CC: stable@kernel.org
Signed-off-by: Konrad Rzeszutek Wilk -
The 'name', 'owner', and 'mod_name' members are redundant with the
identically named fields in the 'driver' sub-structure. Rather than
switching each instance to specify these fields explicitly, introduce
a macro to simplify this.Eliminate further redundancy by allowing the drvname argument to
DEFINE_XENBUS_DRIVER() to be blank (in which case the first entry from
the ID table will be used for .driver.name).Also eliminate the questionable xenbus_register_{back,front}end()
wrappers - their sole remaining purpose was the checking of the
'owner' field, proper setting of which shouldn't be an issue anymore
when the macro gets used.v2: Restore DRV_NAME for the driver name in xen-pciback.
Signed-off-by: Jan Beulich
Cc: Jens Axboe
Cc: Dmitry Torokhov
Cc: Florian Tobias Schandinat
Cc: Ian Campbell
Cc: David S. Miller
Signed-off-by: Konrad Rzeszutek Wilk
04 Jan, 2012
1 commit
-
Error handling code following a kmalloc should free the allocated data.
Out_unlock is used on both success and failure, so free vm_priv before
jumping to that label.A simplified version of the semantic match that finds the problem is as
follows: (http://coccinelle.lip6.fr)//
@r exists@
local idexpression x;
statement S;
identifier f1;
position p1,p2;
expression *ptr != NULL;
@@x@p1 = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
}
x->f1
...>
(
return \(0\|\|ptr\);
|
return@p2 ...;
)@script:python@
p1 << r.p1;
p2 << r.p2;
@@print "* file: %s kmalloc %s return %s" % (p1[0].file,p1[0].line,p2[0].line)
//Signed-off-by: Julia Lawall
[v1: Altered the description a bit]
Signed-off-by: Konrad Rzeszutek Wilk
22 Dec, 2011
1 commit
-
drivers/xen/xenbus/xenbus_dev_backend.c:74:2: error: implicit declaration of function 'xen_initial_domain'
Reported-by: Randy Dunlap
Signed-off-by: Konrad Rzeszutek Wilk
21 Dec, 2011
4 commits
-
Add support for mappings without GNTMAP_contains_pte. This was not
supported because the unmap operation assumed that this flag was being
used; adding a parameter to the unmap operation to allow the PTE
clearing to be disabled is sufficient to make unmap capable of
supporting either mapping type.Signed-off-by: Daniel De Graaf
[v1: Fix cleanpatch warnings]
Signed-off-by: Konrad Rzeszutek Wilk -
For xenbus_{map,unmap}_ring to work on HVM, the grant table operations
must be set up using the gnttab_set_{map,unmap}_op functions instead of
directly populating the fields of gnttab_map_grant_ref. These functions
simply populate the structure on paravirtualized Xen; however, on HVM
they must call __pa() on vaddr when populating op->host_addr because the
hypervisor cannot directly interpret guest-virtual addresses.Signed-off-by: Daniel De Graaf
[v1: Fixed cleanpatch error]
Signed-off-by: Konrad Rzeszutek Wilk -
Add HVM implementations of xenbus_(map,unmap)_ring_v(alloc,free) so
that ring mappings can be done without using GNTMAP_contains_pte which
is not supported on HVM. This also removes the need to use vmlist_lock
on PV by tracking the allocated xenbus rings.Signed-off-by: Daniel De Graaf
[v1: Fix compile error when XENBUS_FRONTEND is defined as module]
Signed-off-by: Konrad Rzeszutek Wilk -
* commit 'v3.2-rc3': (412 commits)
Linux 3.2-rc3
virtio-pci: make reset operation safer
virtio-mmio: Correct the name of the guest features selector
virtio: add HAS_IOMEM dependency to MMIO platform bus driver
eCryptfs: Extend array bounds for all filename chars
eCryptfs: Flush file in vma close
eCryptfs: Prevent file create race condition
regulator: TPS65910: Fix VDD1/2 voltage selector count
i2c: Make i2cdev_notifier_call static
i2c: Delete ANY_I2C_BUS
i2c: Fix device name for 10-bit slave address
i2c-algo-bit: Generate correct i2c address sequence for 10-bit target
drm: integer overflow in drm_mode_dirtyfb_ioctl()
Revert "of/irq: of_irq_find_parent: check for parent equal to child"
drivers/gpu/vga/vgaarb.c: add missing kfree
drm/radeon/kms/atom: unify i2c gpio table handling
drm/radeon/kms: fix up gpio i2c mask bits for r4xx for real
ttm: Don't return the bo reserved on error path
mount_subtree() pointless use-after-free
iio: fix a leak due to improper use of anon_inode_getfd()
...
20 Dec, 2011
2 commits
-
drivers/xen/xenbus/xenbus_dev_frontend.c: In function 'xenbus_init':
drivers/xen/xenbus/xenbus_dev_frontend.c:609:2: error: implicit declaration of function 'xen_domain'Reported-by: Randy Dunlap
Signed-off-by: Konrad Rzeszutek Wilk -
Merge in the upstream tree to bring in the mainline fixes.
Conflicts:
drivers/gpu/drm/exynos/exynos_drm_fbdev.c
drivers/gpu/drm/nouveau/nouveau_sgdma.c
19 Dec, 2011
1 commit
-
This reverts commit ddacf5ef684a655abe2bb50c4b2a5b72ae0d5e05.
As when booting the kernel under Amazon EC2 as an HVM guest it ends up
hanging during startup. Reverting this we loose the fix for kexec
booting to the crash kernels.Fixes Canonical BZ #901305 (http://bugs.launchpad.net/bugs/901305)
Tested-by: Alessandro Salvatori
Reported-by: Stefan Bader
Acked-by: Ian Campbell
Signed-off-by: Konrad Rzeszutek Wilk
17 Dec, 2011
11 commits
-
Add the work frontend to the error message because we now also have a
backend device.Signed-off-by: Bastian Blank
Acked-by: Ian Campbell
Signed-off-by: Konrad Rzeszutek Wilk -
This was used for ia64. But there is no working ia64 support in sight,
so remove it for now.Signed-off-by: Bastian Blank
Acked-by: Ian Campbell
Signed-off-by: Konrad Rzeszutek Wilk -
Access for xenstored to the event channel and pre-allocated ring is
managed via xenfs. This adds its own character device featuring mmap
for the ring and an ioctl for the event channel.Signed-off-by: Bastian Blank
Acked-by: Ian Campbell
Signed-off-by: Konrad Rzeszutek Wilk -
Access to xenbus is currently handled via xenfs. This adds a device
driver for xenbus and makes xenfs use this code.Signed-off-by: Bastian Blank
Acked-by: Ian Campbell
Signed-off-by: Konrad Rzeszutek Wilk -
Access to arbitrary hypercalls is currently provided via xenfs. This
adds a standard character device to handle this. The support in xenfs
remains for backward compatibility and uses the device driver code.Signed-off-by: Bastian Blank
Acked-by: Ian Campbell
Signed-off-by: Konrad Rzeszutek Wilk -
When a multi-page mapping of gntalloc is created, the reference counts
of all pages in the vma are incremented. However, the vma open/close
operations only adjusted the reference count of the first page in the
mapping, leaking the other pages. Store a struct in the vm_private_data
to track the original page count to properly free the pages when the
last reference to the vma is closed.Reported-by: Anil Madhavapeddy
Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk -
gnttab_end_foreign_access_ref does not return the grant reference it is
passed to the free list; gnttab_free_grant_reference needs to be
explicitly called. While gnttab_end_foreign_access provides a wrapper
for this, it is unsuitable because it does not return errors.Reported-by: Anil Madhavapeddy
Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk -
The event channel number provided to evtchn_get can be provided by
userspace, so needs to be checked against the maximum number of event
channels prior to using it to index into evtchn_to_irq.Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk -
These allow a domain A which has been granted access on a page of domain B's
memory to issue domain C with a copy-grant on the same page. This is useful
e.g. for forwarding packets between domains.Signed-off-by: Annie Li
Signed-off-by: Konrad Rzeszutek Wilk -
- They can't be used to map the page (so can only be used in a GNTTABOP_copy
hypercall).
- It's possible to grant access with a finer granularity than whole pages.
- Xen guarantees that they can be revoked quickly (a normal map grant can
only be revoked with the cooperation of the domain which has been granted
access).Signed-off-by: Annie Li
Signed-off-by: Konrad Rzeszutek Wilk -
Signed-off-by: Annie Li
Signed-off-by: Konrad Rzeszutek Wilk
16 Dec, 2011
2 commits
-
This adds the needed include file for xen-selfballoon.c to fix the build
error reported by Stephen Rothwell.Reported-by: Stephen Rothwell
Cc: Kay Sievers
Signed-off-by: Greg Kroah-Hartman -
This fixes an odd bug found on a Dell PowerEdge 1850/0RC130
(BIOS A05 01/09/2006) where all of the modules doing pci_set_dma_mask
would fail with:ata_piix 0000:00:1f.1: enabling device (0005 -> 0007)
ata_piix 0000:00:1f.1: can't derive routing for PCI INT A
ata_piix 0000:00:1f.1: BMDMA: failed to set dma mask, falling back to PIOThe issue was the Xen-SWIOTLB was allocated such as that the end of
buffer was stradling a page (and also above 4GB). The fix was
spotted by Kalev Leonid which was to piggyback on git commit
e79f86b2ef9c0a8c47225217c1018b7d3d90101c "swiotlb: Use page alignment
for early buffer allocation" which:We could call free_bootmem_late() if swiotlb is not used, and
it will shrink to page alignment.So alloc them with page alignment at first, to avoid lose two pages
And doing that fixes the outstanding issue.
CC: stable@kernel.org
Suggested-by: "Kalev, Leonid"
Reported-and-Tested-by: "Taylor, Neal E"
Signed-off-by: Konrad Rzeszutek Wilk
15 Dec, 2011
1 commit
-
After all sysdev classes are ported to regular driver core entities, the
sysdev implementation will be entirely removed from the kernel.Cc: Jeremy Fitzhardinge
Cc: Konrad Rzeszutek Wilk
Signed-off-by: Kay Sievers
Signed-off-by: Greg Kroah-Hartman
06 Dec, 2011
1 commit
-
As a mechanism to detect whether SWIOTLB is enabled or not.
We also fix the spelling - it was swioltb instead of
swiotlb.CC: FUJITA Tomonori
[v1: Ripped out swiotlb_enabled]
Signed-off-by: Konrad Rzeszutek Wilk
22 Nov, 2011
5 commits
-
Acked-by: Ian Campbell
Signed-off-by: Annie Li
Signed-off-by: Konrad Rzeszutek Wilk -
Receiver-side copying of packets is based on this implementation, it gives
better performance and better CPU accounting. It totally supports three types:
full-page, sub-page and transitive grants.However this patch does not cover sub-page and transitive grants, it mainly
focus on Full-page part and implements grant table V2 interfaces corresponding
to what already exists in grant table V1, such as: grant table V2
initialization, mapping, releasing and exported interfaces.Each guest can only supports one type of grant table type, every entry in grant
table should be the same version. It is necessary to set V1 or V2 version before
initializing the grant table.Grant table exported interfaces of V2 are same with those of V1, Xen is
responsible to judge what grant table version guests are using in every grant
operation.V2 fulfills the same role of V1, and it is totally backwards compitable with V1.
If dom0 support grant table V2, the guests runing on it can run with either V1
or V2.Acked-by: Ian Campbell
Signed-off-by: Annie Li
[v1: Modified alloc_vm_area call (new parameters), indentation, and cleanpatch
warnings]
Signed-off-by: Konrad Rzeszutek Wilk -
Acked-by: Ian Campbell
Signed-off-by: Annie Li
Signed-off-by: Konrad Rzeszutek Wilk -
This patch introduces new structures of grant table V2, grant table V2 is an
extension from V1. Grant table is shared between guest and Xen, and Xen is
responsible to do corresponding work for grant operations, such as: figure
out guest's grant table version, perform different actions based on
different grant table version, etc. Although full-page structure of V2
is different from V1, it play the same role as V1.Acked-by: Ian Campbell
Signed-off-by: Annie Li
Signed-off-by: Konrad Rzeszutek Wilk -
Event channels exposed to userspace by the evtchn module may be used by
other modules in an asynchronous manner, which requires that reference
counting be used to prevent the event channel from being closed before
the signals are delivered.The reference count on new event channels defaults to -1 which indicates
the event channel is not referenced outside the kernel; evtchn_get fails
if called on such an event channel. The event channels made visible to
userspace by evtchn have a normal reference count.Signed-off-by: Daniel De Graaf
Signed-off-by: Konrad Rzeszutek Wilk