Although all EMMAxxx SoCs can support IP2 and IP3 hardware interrupts,
current EMMA2RH plat_irq_dispatch() supports IP2 only. We can make it
configurable in the future, but for the time being, would like to make
things explicitly allcated to IP2 in accordance with plat_irq_dispatch().
For historical reasons, we used to put MIPS CPU IRQs behind SoC-specific
IRQs in the queue, and have been using CPU_IRQ_BASE as MIPS_CPU_IRQ_BASE.
In recent years, however, we've brought it back to normal order, and now
CPU_IRQ_BASE just redefines the generic MIPS_CPU_IRQ_BASE.
At the same time, NUM_CPU_IRQ is also removed as useless.
Shamelessly stealing wisdom from pasemi_mac.c, I found char2hex() could
be replaced with a single call to sscanf(), looks cleaner to me at
least. The result is 100 bytes trimmed off the size of a compiled
cpmac_get_mac() and as an extra bonus it grumbles and gracefully fails
over to using random_ether_addr() when an attempt to parse an invalid
MAC address is made.
Signed-off-by: Alexander Clouter <alex@digriz.org.uk>
To: linux-mips@linux-mips.org Cc: florian@openwrt.org Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
David VomLehn [Thu, 1 Jul 2010 20:37:52 +0000 (13:37 -0700)]
MIPS: PowerTV: Simplify command line handling and needed config changes
Additional changes to Youichi Yuasa's command line simplication code
The PowerTV platform uses a non-standard way to get the kernel command
line--we insert a built-in command line into arcs_cmdline and to
get additional command line information from the bootloader via a
pointer in the a1 register. It is necessary to insert a space between
to the two strings or the last argument from arcs_cmdline and the first
argument from the bootloader may be inadvertantly combined.
It is also necessary to set CONFIG_CMDLINE_BOOL to "y" and to set the
default command line to an empty string to get the simplified code to
work properly in the PowerTV environment.
Signed-off-by: David VomLehn <dvomlehn@cisco.com>
To: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1438/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Christoph Egger [Wed, 9 Jun 2010 11:23:02 +0000 (13:23 +0200)]
MIPS: PowerTV: Removing dead CONFIG_DIAGNOSTICS
CONFIG_DIAGNOSTICS doesn't exist in Kconfig, therefore removing all
references for it from the source code.
Signed-off-by: Christoph Egger <siccegge@cs.fau.de>
To: David VomLehn <dvomlehn@cisco.com>
To: Yoichi Yuasa <yuasa@linux-mips.org>
To: linux-mips@linux-mips.org
To: linux-kernel@vger.kernel.org Cc: vamos@i4.informatik.uni-erlangen.de
Patchwork: https://patchwork.linux-mips.org/patch/1374/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Christoph Egger [Wed, 9 Jun 2010 11:21:30 +0000 (13:21 +0200)]
MIPS: Remove dead CONFIG_MTD_PB1550_BOOT, CONFIG_MTD_PB1550_USER
CONFIG_MTD_PB1550_BOOT, CONFIG_MTD_PB1550_USER doesn't exist in
Kconfig, therefore removing all references for it from the source
code.
Signed-off-by: Christoph Egger <siccegge@cs.fau.de>
To: Manuel Lauss <manuel.lauss@gmail.com>,
To: linux-mips@linux-mips.org
To: linux-kernel@vger.kernel.org Cc: vamos@i4.informatik.uni-erlangen.de
Patchwork: https://patchwork.linux-mips.org/patch/1370/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Christoph Egger [Wed, 9 Jun 2010 11:20:41 +0000 (13:20 +0200)]
MIPS: Cavium: Remove dead CONFIG_GDB_CONSOLE
CONFIG_GDB_CONSOLE doesn't exist in Kconfig, therefore removing all
references for it from the source code.
Signed-off-by: Christoph Egger <siccegge@cs.fau.de>
To: David Daney <ddaney@caviumnetworks.com>
To: Yang Shi <yang.shi@windriver.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
To: Tejun Heo <tj@kernel.org>
To: linux-mips@linux-mips.org
To: linux-kernel@vger.kernel.org Cc: vamos@i4.informatik.uni-erlangen.de
Patchwork: https://patchwork.linux-mips.org/patch/1368/ Acked-by: David Daney <ddaney@caviumnetworks.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Kevin Cernekee [Fri, 4 Jun 2010 05:11:25 +0000 (22:11 -0700)]
printk: fix delayed messages from CPU hotplug events
When a secondary CPU is being brought up, it is not uncommon for
printk() to be invoked when cpu_online(smp_processor_id()) == 0. The
case that I witnessed personally was on MIPS:
http://lkml.org/lkml/2010/5/30/4
If (can_use_console() == 0), printk() will spool its output to log_buf
and it will be visible in "dmesg", but that output will NOT be echoed to
the console until somebody calls release_console_sem() from a CPU that
is online. Therefore, the boot time messages from the new CPU can get
stuck in "limbo" for a long time, and might suddenly appear on the
screen when a completely unrelated event (e.g. "eth0: link is down")
occurs.
This patch modifies the console code so that any pending messages are
automatically flushed out to the console whenever a CPU hotplug
operation completes successfully or aborts.
The issue was seen on 2.6.34.
Original patch by Kevin Cernekee with cleanups by akpm and additional fixes
by Santosh Shilimkar. This patch superseeds
https://patchwork.linux-mips.org/patch/1357/.
Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
To: <mingo@elte.hu>
To: <akpm@linux-foundation.org>
To: <simon.kagstrom@netinsight.net>
To: <David.Woodhouse@intel.com>
To: <lethal@linux-sh.org> Cc: <linux-kernel@vger.kernel.org> Cc: <linux-mips@linux-mips.org> Reviewed-by: Paul Mundt <lethal@linux-sh.org> Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/1534/
LKML-Reference: <ede63b5a20af951c755736f035d1e787772d7c28@localhost>
LKML-Reference: <EAF47CD23C76F840A9E7FCE10091EFAB02C5DB6D1F@dbde02.ent.ti.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Sam Ravnborg [Sun, 30 May 2010 14:28:03 +0000 (16:28 +0200)]
MIPS: Refactor arch/mips/boot/compressed/Makefile
- use hostprogs-y for the elf2ecoff
- list all *.o file in targets
- renamed obj-y to vmlinuzobjs-y (it was confusing to re-use a kbuild variable)
- fix all uses of if_changed/cmd
- use kbuild rules to beautify output
- update clean-file to clean vmlinuz.* in top-level directory
- simplied logic in arch/mips/Makefile for compressed targets
The net result is a more kbuild conformant Makefile but
readability did not increase.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
To: linux-mips <linux-mips@linux-mips.org>
To: Wu Zhangjin <wuzhangjin@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/1304/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Sam Ravnborg [Sun, 30 May 2010 14:27:33 +0000 (16:27 +0200)]
MIPS: Refactor arch/mips/boot/Makefile
- remove stuff that is not needed
VMLINUX assignment, all: rule
- use hostprogs-y for the host program
- use kbuild rules for the three targets - to beautify output
- drop clean-files - it is no longer needed
- simplify arch/mips/Makefile when calling targets in boot/Makefile
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
To: linux-mips <linux-mips@linux-mips.org>
To: Wu Zhangjin <wuzhangjin@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/1303/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Ralf Baechle [Thu, 5 Aug 2010 12:25:56 +0000 (13:25 +0100)]
MIPS: PNX8550: Move code one directory level up.
It was sharing the nxp directory but no code with pnx833x and will fit
better into the new platform makefile scheme, if moved. Also after the
pnx833x code has been moved up, the pnx8550 Code was the last users of
the nxp dir.
FUJITA Tomonori [Wed, 23 Jun 2010 16:26:09 +0000 (01:26 +0900)]
MIPS: Alchemy: fix deprecated compile warnings
Replace deprecated DMA_32BIT_MASK with DMA_BIT_MASK. This is needed because
the new style platform makefiles will enable -Werror.
cc1: warnings being treated as errors
arch/mips/alchemy/devboards/db1200/platform.c:219: error: 'DMA_nnBIT_MASK' is deprecated
arch/mips/alchemy/devboards/db1200/platform.c:226: error: 'DMA_nnBIT_MASK' is deprecated
arch/mips/alchemy/devboards/db1200/platform.c:388: error: 'DMA_nnBIT_MASK' is deprecated
arch/mips/alchemy/devboards/db1200/platform.c:393: error: 'DMA_nnBIT_MASK' is deprecated
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
To: linux-mips@linux-mips.org Acked-by: Manuel Lauss <manuel.lauss@googlemail.com>
Patchwork: https://patchwork.linux-mips.org/patch/1427/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Sam Ravnborg [Sun, 30 May 2010 14:27:10 +0000 (16:27 +0200)]
MIPS: Introduce support for Platform definitions
Move platform specific definitions to the platfrom directories.
Each platform shall do the following:
1) include an entry in arch/mips/Kbuild.platforms
2) add relevant definitions to arch/mips/<platform>/Platform
This commits changes ar7 to the new scheme as an example.
Introducing a platform speecific Platfrom file has following advantages:
1) decentralization of platfrom definitions
2) simplification af arch/mips/Makefile
3) force all platfrom to build with -Werror (done in arch/mips/Kbuild)
[Ralf: Remove forgotten -Werror from AR7 Makefile]
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
To: linux-mips <linux-mips@linux-mips.org>
To: Wu Zhangjin <wuzhangjin@gmail.com>
Patchwork: https://patchwork.linux-mips.org/patch/1302/
Patchwork: http://patchwork.linux-mips.org/patch/1308/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Andrea Gelmini [Sun, 23 May 2010 19:52:12 +0000 (21:52 +0200)]
MIPS: IP27: klconfig.c checkpatch cleanup
arch/mips/sgi-ip27/ip27-klconfig.c:51: ERROR: "foo * bar" should be "foo *bar"
arch/mips/sgi-ip27/ip27-klconfig.c:63: ERROR: "foo * bar" should be "foo *bar"
arch/mips/sgi-ip27/ip27-klconfig.c:81: ERROR: "foo * bar" should be "foo *bar"
arch/mips/sgi-ip27/ip27-klconfig.c:100: ERROR: "foo * bar" should be "foo *bar"
Andrea Gelmini [Sun, 23 May 2010 19:52:03 +0000 (21:52 +0200)]
MIPS: Yosemite: ht-irq.c: Checkpatch cleanup
arch/mips/pmc-sierra/yosemite/ht-irq.c:38: ERROR: code indent should use tabs where possible
arch/mips/pmc-sierra/yosemite/ht-irq.c:39: ERROR: code indent should use tabs where possible
arch/mips/pmc-sierra/yosemite/ht-irq.c:40: ERROR: code indent should use tabs where possible
arch/mips/pmc-sierra/yosemite/ht-irq.c:43: ERROR: code indent should use tabs where possible
arch/mips/pmc-sierra/yosemite/ht-irq.c:44: ERROR: code indent should use tabs where possible
arch/mips/pmc-sierra/yosemite/ht-irq.c:45: ERROR: code indent should use tabs where possible
David VomLehn [Fri, 21 May 2010 18:25:36 +0000 (11:25 -0700)]
MIPS: PowerTV: Use O(1) algorthm for phys_to_dma/dma_to_phys
Replace phys_to_dma()/dma_to_phys() looping algorithm with an O(1) algorithm
The approach taken is inspired by the sparse memory implementation: take a
certain number of high-order bits off the address them, use this as an
index into a table containing an offset to the desired address and add
it to the original value. There is a table for mapping physical addresses
to DMA addresses and another one for the reverse mapping. The table sizes
depend on how fine-grained the mappings need to be; Coarser granularity
less to smaller tables. On a processor with 32-bit physical and DMA
addresses, with 4 MIB granularity, memory usage is two 2048-byte arrays.
Each 32-byte cache line thus covers 64 MiB of address space.
Also, renames phys_to_bus() to phys_to_dma() and bus_to_phys() to
dma_to_phys() to align with kernel usage.
[Ralf: Fixed silly build breakage due to stackoverflow warning caused by
huge array on stack.]
Signed-off-by: David VomLehn <dvomlehn@cisco.com>
To: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1257/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Ralf Baechle [Tue, 3 Aug 2010 02:42:32 +0000 (03:42 +0100)]
MIPS: MTX1: Fix build.
CC arch/mips/alchemy/mtx-1/board_setup.o
{standard input}: Assembler messages:
{standard input}:263: Error: opcode not supported on this processor: mips1 (mips1) `sync'
{standard input}:274: Error: opcode not supported on this processor: mips1 (mips1) `sync'
{standard input}:296: Error: opcode not supported on this processor: mips1 (mips1) `sync'
[...]
Any .set mipsX statement other than .set mips0 at the end of inline
assembler is a big fat bug.
The BCM47xx architecture maps the ram into a 128MB address space. It
will be spaced there as often as goes into the 128MB. Detection tries to
find the position where the same memory is found. When reading beyond
128MB the processor will throw an exception. If 128MB RAM is installed,
it will not find a memory alias because it tries to read beyond the 128MB
border. Now it just assumes 128MB installed ram if it can not find an
alias.
MIPS: Octeon: Workaround link failures with gcc-4.4.x 32-bits toolchains
When building with a gcc-4.4.x toolchain that is configured to produce
32-bits executables by default, we will produce __lshrti3 in sched_clock()
which is never resolved so the kernel fails to link. Unconditionally use
the inline assembly version as suggested by David Daney, which works around
the issue.
Signed-off-by: Florian Fainelli <florian@openwrt.org>
To: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1514/ Acked-by: David Daney <ddaney@caviumnetworks.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
David Daney [Wed, 19 May 2010 17:40:53 +0000 (10:40 -0700)]
MIPS: Don't overflow cevt-r4k.c calculations at high clock rates.
The 'mult' element of struct clock_event_device must never be wider
than 32-bits. If it were, it would get truncated when used by
clockevent_delta2ns() when this calls do_div().
We can meet this requirement by using clockevent_set_clock() to set
the MULT and SHIFT values.
Signed-off-by: David Daney <ddaney@caviumnetworks.com> Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1253/ Acked-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Julia Lawall [Sun, 9 Aug 2009 09:42:32 +0000 (11:42 +0200)]
VIDEO: Correct use of request_region/request_mem_region
request_region should be used with release_region, not request_mem_region.
Geert Uytterhoeven pointed out that in the case of drivers/video/gbefb.c,
the problem is actually the other way around; request_mem_region should be
used instead of request_region.
The semantic patch that finds/fixes this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@r1@
expression start;
@@
request_region(start,...)
@b1@
expression r1.start;
@@
request_mem_region(start,...)
@depends on !b1@
expression r1.start;
expression E;
@@
* master.kernel.org:/home/rmk/linux-2.6-arm:
cyber2000fb: fix console in truecolor modes
cyber2000fb: fix machine hang on module load
SA1111: Eliminate use after free
ARM: Fix Versatile/Realview/VExpress MMC card detection sense
ARM: 6279/1: highmem: fix SMP preemption bug in kmap_high_l1_vipt
ARM: Add barriers to io{read,write}{8,16,32} accessors as well
ARM: 6273/1: Add barriers to the I/O accessors if ARM_DMA_MEM_BUFFERABLE
ARM: 6272/1: Convert L2x0 to use the IO relaxed operations
ARM: 6271/1: Introduce *_relaxed() I/O accessors
ARM: 6275/1: ux500: don't use writeb() in uncompress.h
ARM: 6270/1: clean files in arch/arm/boot/compressed/
ARM: Fix csum_partial_copy_from_user()
Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6:
NFS: Ensure that writepage respects the nonblock flag
NFS: kswapd must not block in nfs_release_page
nfs: include space for the NUL in root path
Debian's ia64 autobuilders have been seeing kernel freeze or reboot
when running the gdb testsuite (Debian bug 588574): dannf bisected to
2.6.32 62eede62dafb4a6633eae7ffbeb34c60dba5e7b1 "mm: ZERO_PAGE without
PTE_SPECIAL"; and reproduced it with gdb's gcore on a simple target.
I'd missed updating the gate_vma handling in __get_user_pages(): that
happens to use vm_normal_page() (nowadays failing on the zero page),
yet reported success even when it failed to get a page - boom when
access_process_vm() tried to copy that to its intermediate buffer.
Fix this, resisting cleanups: in particular, leave it for now reporting
success when not asked to get any pages - very probably safe to change,
but let's not risk it without testing exposure.
Why did ia64 crash with 16kB pages, but succeed with 64kB pages?
Because setup_gate() pads each 64kB of its gate area with zero pages.
Reported-by: Andreas Barth <aba@not.so.argh.org> Bisected-by: dann frazier <dannf@debian.org> Signed-off-by: Hugh Dickins <hughd@google.com> Tested-by: dann frazier <dannf@dannf.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells [Fri, 30 Jul 2010 14:25:19 +0000 (15:25 +0100)]
CIFS: Remove __exit mark from cifs_exit_dns_resolver()
Remove the __exit mark from cifs_exit_dns_resolver() as it's called by the
module init routine in case of error, and so may have been discarded during
linkage.
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ondrej Zary [Thu, 29 Jul 2010 20:40:54 +0000 (22:40 +0200)]
cyber2000fb: fix console in truecolor modes
Return value was not set to 0 in setcolreg() with truecolor modes. This causes
fb_set_cmap() to abort after first color, resulting in blank palette - and
blank console in 24bpp and 32bpp modes.
Signed-off-by: Ondrej Zary <linux@rainbow-software.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Ondrej Zary [Thu, 29 Jul 2010 20:32:20 +0000 (22:32 +0200)]
cyber2000fb: fix machine hang on module load
I was testing two CyberPro 2000 based PCI cards on x86 and the machine always
hanged completely when the cyber2000fb module was loaded. It seems that the
card hangs when some registers are accessed too quickly after writing RAMDAC
control register. With this patch, both card work.
Add delay after RAMDAC control register write to prevent hangs on module load.
Signed-off-by: Ondrej Zary <linux@rainbow-software.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Julia Lawall [Fri, 30 Jul 2010 15:17:28 +0000 (17:17 +0200)]
SA1111: Eliminate use after free
__sa1111_remove always frees its argument, so the subsequent reference to
sachip->saved_state represents a use after free. __sa1111_remove does not
appear to use the saved_state field, so the patch simply frees it first.
A simplified version of the semantic patch that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
expression E,E2;
@@
__sa1111_remove(E)
...
(
E = E2
|
* E
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Russell King [Thu, 29 Jul 2010 14:58:59 +0000 (15:58 +0100)]
ARM: Fix Versatile/Realview/VExpress MMC card detection sense
The MMC card detection sense has become really confused with negations
at various levels, leading to some platforms not detecting inserted
cards. Fix this by converting everything to positive logic throughout,
thereby getting rid of these negations.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Gary King [Thu, 29 Jul 2010 16:37:20 +0000 (17:37 +0100)]
ARM: 6279/1: highmem: fix SMP preemption bug in kmap_high_l1_vipt
smp_processor_id() must not be called from a preemptible context (this
is checked by CONFIG_DEBUG_PREEMPT). kmap_high_l1_vipt() was doing so.
This lead to a problem where the wrong per_cpu kmap_high_l1_vipt_depth
could be incremented, causing a BUG_ON(*depth <= 0); in
kunmap_high_l1_vipt().
The solution is to move the call to smp_processor_id() after the call
to preempt_disable().
Originally by: Andrew Howe <ahowe@nvidia.com>
Signed-off-by: Gary King <gking@nvidia.com> Acked-by: Nicolas Pitre <nico.as.pitre@linaro.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
See https://bugzilla.kernel.org/show_bug.cgi?id=16056
If other processes are blocked waiting for kswapd to free up some memory so
that they can make progress, then we cannot allow kswapd to block on those
processes.
Dan Carpenter [Tue, 13 Jul 2010 11:34:59 +0000 (13:34 +0200)]
nfs: include space for the NUL in root path
In root_nfs_name() it does the following:
if (strlen(buf) + strlen(cp) > NFS_MAXPATHLEN) {
printk(KERN_ERR "Root-NFS: Pathname for remote directory too long.\n");
return -1;
}
sprintf(nfs_export_path, buf, cp);
In the original code if (strlen(buf) + strlen(cp) == NFS_MAXPATHLEN)
then the sprintf() would lead to an overflow. Generally the rest of the
code assumes that the path can have NFS_MAXPATHLEN (1024) characters and
a NUL terminator so the fix is to add space to the nfs_export_path[]
buffer.
Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Merge branch 'fix/hda' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'fix/hda' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: hda - Add a PC-beep workaround for ASUS P5-V
ALSA: hda - Assume PC-beep as default for Realtek
ALSA: hda - Don't register beep input device when no beep is available
ALSA: hda - Fix pin-detection of Nvidia HDMI
David Howells [Thu, 29 Jul 2010 11:45:55 +0000 (12:45 +0100)]
CRED: Fix __task_cred()'s lockdep check and banner comment
Fix __task_cred()'s lockdep check by removing the following validation
condition:
lockdep_tasklist_lock_is_held()
as commit_creds() does not take the tasklist_lock, and nor do most of the
functions that call it, so this check is pointless and it can prevent
detection of the RCU lock not being held if the tasklist_lock is held.
Instead, add the following validation condition:
task->exit_state >= 0
to permit the access if the target task is dead and therefore unable to change
its own credentials.
Fix __task_cred()'s comment to:
(1) discard the bit that says that the caller must prevent the target task
from being deleted. That shouldn't need saying.
(2) Add a comment indicating the result of __task_cred() should not be passed
directly to get_cred(), but rather than get_task_cred() should be used
instead.
Also put a note into the documentation to enforce this point there too.
Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Jiri Olsa <jolsa@redhat.com> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Howells [Thu, 29 Jul 2010 11:45:49 +0000 (12:45 +0100)]
CRED: Fix get_task_cred() and task_state() to not resurrect dead credentials
It's possible for get_task_cred() as it currently stands to 'corrupt' a set of
credentials by incrementing their usage count after their replacement by the
task being accessed.
What happens is that get_task_cred() can race with commit_creds():
However, since a tasks credentials are generally not changed very often, we can
reasonably make use of a loop involving reading the creds pointer and using
atomic_inc_not_zero() to attempt to increment it if it hasn't already hit zero.
If successful, we can safely return the credentials in the knowledge that, even
if the task we're accessing has released them, they haven't gone to the RCU
cleanup code.
We then change task_state() in procfs to use get_task_cred() rather than
calling get_cred() on the result of __task_cred(), as that suffers from the
same problem.
Without this change, a BUG_ON in __put_cred() or in put_cred_rcu() can be
tripped when it is noticed that the usage count is not zero as it ought to be,
for example: