staging: comedi: das16m1: tidy up digital input/output register defines
The digtial inputs and outputs are read/written using the same register
offset but they are different logical registers. Physically they are the
same register with the hi 4 bits returning the inputs and the lo 4 bits
driving the outputs.
For aesthetics, use two different defines for the registers.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: das16m1: tidy up analog input data register defines
Convert the inline helper munge_sample() into a macro and rename the
defines for the analog input data register/bits. Use the register define
when accessing this register instead of just dev->iobase.
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
staging: comedi: das16m1: tidy up register map comment
The comment about all the registers is not neccessary. The defines
give the same information. This also fixes a checkpatch.pl issue:
WARNING: Block comments use * on subsequent lines
Signed-off-by: H Hartley Sweeten <hsweeten@visionengravers.com> Reviewed-by: Ian Abbott <abbotti@mev.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Oleg Drokin [Wed, 15 Jun 2016 03:33:43 +0000 (23:33 -0400)]
staging/lustre/libcfs: Remove "Please contact Oracle" from header
The "Please contact Oracle Corporation" lines are removed since not
only Oracle has nothing to do with Lustre anymore, there's a pointer
to GPL already that's independent of any particular company.
Oleg Drokin [Wed, 15 Jun 2016 03:33:40 +0000 (23:33 -0400)]
staging/lustre: Replace sun.com GPLv2 URL with gnu.org one.
http://www.sun.com/software/products/lustre/docs/GPLv2.pdf is no
longer around, so replae it with (hopefully more permanent)
http://http://www.gnu.org/licenses/gpl-2.0.html
Oleg Drokin [Wed, 15 Jun 2016 03:33:39 +0000 (23:33 -0400)]
staging/lustre: Remove the "Please contact SUN for GPL" from headers
Since SUN is no longer around and there's no point in contacting them,
just remove that whole thing. Copy of GPL is available online anyway
(URLs to be updated in next patch).
This patch was generated with:
find drivers/staging/lustre -name "*.[ch]" -exec perl -0777 -i -pe 's/ \* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,\n \* CA 95054 USA or visit www.sun.com if you need additional information or\n \* have any questions.\n \*\n//igs' {} \;
Arnd Bergmann [Mon, 13 Jun 2016 20:44:57 +0000 (22:44 +0200)]
staging: lustre: hide call to Posix ACL in ifdef
A call to forget_cached_acl() was recently added to the lustre file
system, but this is only available when CONFIG_FS_POSIX_ACL is
enabled, otherwise the build now fails with:
lustre/llite/file.c: In function 'll_get_acl':
lustre/llite/file.c:3134:2: error: implicit declaration of function 'forget_cached_acl' [-Werror=implicit-function-declaration]
forget_cached_acl(inode, type);
This adds one more #ifdef for this call, corresponding to the
other 22 such checks for ACL in lustre.
Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: b788dc51e425 ("staging: lustre: llite: drop acl from cache") Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
James Simmons [Wed, 8 Jun 2016 22:50:12 +0000 (18:50 -0400)]
staging: lustre: llite: remove lloop device
The lloop device was original developed to work around
the lack of direct I/O for the default loop back device.
Also the lloop device greatly out performed the default
loop back device. The lloop hasn't been worked on for
some time and now it no longer out performs the loop
device and loop now supports direct I/O. Since this is
the case we can delete this device.
Signed-off-by: James Simmons <jsimmons@infradead.org> Reviewed-by: Andreas Dilger <andreas.dilger@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Merge tag 'iio-for-4.8a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-next
Jonathan writes:
First round of IIO new device support, features and cleanups for the 4.8 cycle.
New device support
* ads1015
- add ads1115 support
* bma220 accelerometer
- new driver
- triggered buffer support.
* bmc150
- add bmm150 support.
* bmp280
- bme280 support with addition of humidity channel.
* max5487 potentiometer
- new driver
* MMA7660FC accelerometer.
- New driver
* st-pressure
- support for the lps22hb
* loop trigger.
- This one is *nasty* but we have real applications (parrot drones) where
it is useful. The trigger basically spins as hard as it can firing off
a new trigger each time all triggered devices come back to say they are
done. It doesn't hang a machine even when doing it on a dummy driver.
A lot nicer than having this implemented within lots of device drivers
anyway.
Core stuff
* Add support to create IIO devices via configfs (similar to we did for
triggers a while back) + docs.
* New channel types
- IIO_ELECTRICAL_CONDUCTIVITY
* Couple of MAINTAINERS patches to list the device tree bindings.
* Make trigger ops structure non optional (comment fix). It hasn't been for
an awful long time, but that's not what the description said.
New features
* ak8975
- support adapters that are limited to byte data only by allowing the
emulated block read i2c function that was recently introduced.
* atlas-ph
- support atlas-ec (electrical conductivity sensor)
* bmi160
- add available frequency and scale attributes to make the driver
more user friendly (and avoid having to read the datasheet to know
what will work).
* dummy
- move creation to configfs interface. It's not real hardware so we
are not that worried about the ABI breakage ;)
* mma8452
- oversampling ration support
* nau7802
- expose available gains to make life easier for userspace.
* st-sensors
- allow use of emulation for SMBus block reads as all the st parts support
it.
* ti-ads1015
- list datasheet names to allow their use by inkernel consumers.
* Various module alias additions to help auto probing. Drop one redundant one
as well.
Cleanups
* ad7266, ad7476, ad7887, ad7923, ad799x
- use direct mode claim function rather than open coding it during sensor
read (prevents switching on buffers mid read).
* ad7793, ad7791
- use direct mode claim to prevent frequency changes when buffers running.
* afe440x - These are ABI breaking but the driver requires custom userspace
code to do anything useful anyway and that is still being written and under
control of TI. Ultimately we may have other libraries to do pulse
oximetry with these devices but we aren't aware of any yet.
- kernel-doc format fixes
- drop ifdef fun around of_match_ptr - it's not worth the mess to save
a tiny amount of space.
- drop some unnecessary register initializations.
- drop the weird locked gain modes as they gain us nothing (can just set
all gains separately).
- remove handling of offset attributes seeing as no channels actually have
them (oops)
- Drop the LED3 input channel as it's an alias for ALED2.
- *big one* remove channel names - an experiment that turned out to not
make sense - see patch for details.
- use regmap fields to clean up code.
- tie the tia gain stages to appropriate channels in the ABI as that is
what they really effect. Same with the LED currents.
- cleanout some unused defines and fix a missnamed one.
* atlas-ph
- reorganise to allow support of other similar parts.
* bmc150
- document supported chips in kconfig help.
* jsa1212
- drop an unneeded i2c functionality check for functionality the driver
doesn't use.
* mxs-lradc
- simply touch screen registration code.
- remove the touch screen unregister as all devm based now.
- disable only those channels that are masked in hardware stop (others
are already dealt with elsewhere)
* st-sensors
- unexport st_sensors_get_buffer_element as nothing outside the st-sensors
core driver uses it.
- fix handling of failure to start up regulators.
* tpl0102
- drop an i2c functionality test for features that aren't needed.
* ti-am335x
- use variable name rather than type in sizeof for clarity.
- use SIMPLE_DEV_PM_OPS helper macro to tidy up a bit.
Tools
* Add install / uninstall to makefile. Someone cares, so presumably
some people will find it useful!
* generic_buffer
- rename to iio_generic_buffer to line up with other tools.
- handle cleanup when receiving signals
- Add a --device-num option and a --trigger-num option rather than
relying on naming which doesn't work if you have two of the same part.
Changes return statements in visornic_rx() to use literals instead of a
variable. Also changes function description to reflect the correct return
type.
Signed-off-by: David Binder <david.binder@unisys.com> Signed-off-by: David Kershner <david.kershner@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch changes the vague -1 return values to -EPERM.
This operation is not supported is a good alternative
to -1 because the return is basically telling the caller
that the processor doesn't support vmcall operations.
Signed-off-by: Erik Arfvidson <erik.arfvidson@unisys.com> Signed-off-by: David Kershner <david.kershner@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Erik Arfvidson [Sat, 14 May 2016 03:17:19 +0000 (23:17 -0400)]
staging: unisys: visorbus change -1 return values
This patch changes the vague -1 return values to -EFAULT since
it would be the most appropriate, given that this error
would only occur in an unexpected bad offset field.
Resulting in a bad address.
Signed-off-by: Erik Arfvidson <erik.arfvidson@unisys.com> Signed-off-by: David Kershner <david.kershner@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tim Sell [Thu, 12 May 2016 13:14:44 +0000 (09:14 -0400)]
staging: unisys: visorhba: visorhbas_open[] no longer used, so deleted
The prior patch which simplified the visorhba debugfs interface made it so
visorhbas_open[] and VISORHBA_OPEN_MAX were no longer needed, so they have
now been deleted.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: David Kershner <david.kershner@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tim Sell [Thu, 12 May 2016 13:14:43 +0000 (09:14 -0400)]
staging: unisys: visorhba: simplify and enhance debugfs interface
debugfs info for each visorhba device is now presented by a file named of
the following form within the debugfs tree:
visorhba/vbus<x>:dev<y>/info
where <x> is the vbus number, and <y> is the relative device number.
Also, the debugfs presentation function was converted to use the seq_file
interface, so that it could access the device context without resorting to
a global array. This also simplified the function.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: David Kershner <david.kershner@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The handling of CMD_NOTIFYGUEST_TYPE messages from the IO partition appears
to be only partially implemented, but fortunately it is never used in our
current environment. This patch deletes the unused code.
Signed-off-by: Tim Sell <Timothy.Sell@unisys.com> Signed-off-by: David Kershner <david.kershner@unisys.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch is necessary to enable ANY task mgmt command to complete
successfully via visorhba.
When issuing a task mgmt command (CMD_SCSITASKMGMT_TYPE) to the IO
partition (back-end), forward_taskmgmt_command() includes pointers
within the command area that will be used to wake up the issuing
process and provide the result when the command completes:
'notify_handle' is a pointer to a 'wait_queue_head_t' variable, and
'notifyresult' is a pointer to an int. Both of these are just local
stack variables in the issuing process.
The way it's supposed to happen is that when the IO partition completes
the command, in our completion handling we get copies of those pointers
back from the IO partition, where we stash the result of the command at
'*notifyresult' (which should not be 0xffff, because that is the initial
value that the caller is looking to see a change in), and wake up the
wait queue at '*notify_handle'. There are several places we do that dance,
but prior to this patch, we always do it WRONG, like:
The wake_up_all() part is correct (albeit with the help of the sloppy
pointer casting, but that's irrelevant to the bug), but the assignment of
'notifyresult_handle' is WRONG, and SHOULD read:
Without this change, the caller is NEVER going to notice a change in his
local value of 'notifyresult' when he does the:
if (!wait_event_timeout(notifyevent, notifyresult != 0xffff,
msecs_to_jiffies(45000)))
and hence will be timing out EVERY taskmgmt command.
This patch also eliminates the need for sloppy casting of pointers
back-and-forth between u64 values, with the help of idr_alloc() to provide
handles for us. It is the generated int handles we pass to the IO
partition to denote our completion context, and these are validated and
converted back to the required pointers when the task mgmt commands are
returned back to us by the IO partition.
== Testing ==
You must enable dynamic debugging in visorhba (build kernel with
'CONFIG_DYNAMIC_DEBUG=y', provide kernel parameter 'visorhba.dyndbg=+p')
to see kernel messages involved with visorhba scsi task mgmt commands,
which were added in this patch in the form of a few dev_dbg() / pr_debug()
messages.
In order to inject faults necessary to get visorhba to actully issue scsi
task mgmt commands, you will need to compile a kernel with
CONFIG_FAIL_IO_TIMEOUT and friends, in the "Kernel hacking" section:
* Enable "Fault-injection framework"
* Enable "Fault-injection capability for disk IO"
* Enable "Fault-injection capability for faking disk interrupts"
* Enable "Debugfs entries for fault-injection capabilities"
When running a kernel with those options, you can manually inject a fault
that will force a scsi task mgmt command to be issued like this:
# mount -t debugfs nodev /sys/kernel/debug
# cd /sys/kernel/debug/fail_io_timeout
# cat interval
1
# cat probability
0
# cat times
1
# echo 100 >probability
# cd /sys/block/sda
# l | grep fail
-rw-r--r-- 1 root root 4096 May 5 10:53 io-timeout-fail
-rw-r--r-- 1 root root 4096 May 5 10:54 make-it-fail
# echo 1 >io-timeout-fail
# echo 1 >make-it-fail
To test this patch, after performing the above steps, I did something to
force a block device i/o, then shortly afterwards examined the kernel log.
There I found evidence that visorhba had successfully issued a task mgmt
command, and that it completed successfully:
Wolfram Sang [Tue, 31 May 2016 10:56:42 +0000 (12:56 +0200)]
staging: ks7010: drop counting sd errors
They were counted but never really used anywhere. Also change the printk
to a debug print, since it mostly shows on the expected -ENOMEDIUM on
card removal.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wolfram Sang [Tue, 31 May 2016 10:56:38 +0000 (12:56 +0200)]
staging: ks7010: remove supported card table with one element
There is only this card supported, no need to iterate over the table.
The resulting firmware filename wasn't used anyway, but came from the
config file or hardcoded default.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wolfram Sang [Tue, 31 May 2016 10:56:23 +0000 (12:56 +0200)]
staging: ks7010: make loading config file optional
We have sane defaults, so we don't need to bail out if there is no
config file. Note that the config file should go away completely in
favour of configuration mechanisms already upstream.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wolfram Sang [Tue, 31 May 2016 10:56:18 +0000 (12:56 +0200)]
staging: ks7010: avoid workqueue races
My Spectec SDW823 card oopsed when it was already inserted during boot.
When debugging this, I noticed that the card init was done in a seperate
workqueue which was only activated once in probe. After removing the
workqueue and calling the card init directly from probe, the OOPS went
away. It turned out this is the same OOPS which happened when removing
the card, so this seems possible now. Note: There is still a
not-understood card-removed event during boot, but at least it doesn't
crash anymore and the card will be re-probed right away.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wolfram Sang [Tue, 31 May 2016 10:56:13 +0000 (12:56 +0200)]
staging: ks7010: add driver from Nanonote extra-repository
See the TODO for details where this driver came from. Only a few minor
changes were made to make the driver suitable for staging:
* updated Kconfig help text and dependencies
* added TODO
* removed two __DATE__ and __TIME__ printouts to allow reproducible builds
* added to staging main Kconfig + Makefile
Tested on a Renesas Salvator-X board with a Spectec SDW-823 card. I
could connect to a WPA-protected network.
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Oleg Drokin [Mon, 6 Jun 2016 03:28:53 +0000 (23:28 -0400)]
staging/lustre/osc: Get rid of osc_page_protected()
There was a proper debugging function by that name that's long
gone.
The currently remaining shadow that always returns true is not
really useful so it could be dropped along with all the
asserts it is part of.
Jinshan Xiong [Mon, 6 Jun 2016 03:28:51 +0000 (23:28 -0400)]
staging/lustre/llite: define per open file cache for ll_cl_context
In ll_readpage and ll_write_begin, it needs to find out the cl_env
and cl_io, a.k.a ll_cl_context, when the IO is initialized. It used
to call cl_env_get() to figure it out but turned out to be contended
if multiple threads are doing IO.
In this patch, a per open file ll_cl_context cache is created. When
IO type of CIT_READ, CIT_WRITE and CIR_FAULT is initialized, it will
add a ll_cl_context into the cache maintained in ll_file_data. In this
case, the ll_cl_context can be found in ll_readpage and ll_write_begin
later.
In lov_stripe_pgoff(), it calls lov_stripe_size() to calculate the
file size by ost_size, which will be wrong if the stripe_index
happens to be stripe aligned.
James Simmons [Tue, 24 May 2016 00:35:08 +0000 (20:35 -0400)]
staging: lustre: llite: drop acl from cache
Commit b8a7a3a6 change get_acl() for posix xattr to always cache
the ACL which increases the reference count. That reference count
can be reduced by have ll_get_acl() call forget_cached_acl() which
it wasn't. When an inode gets deleted by Lustre the POSIX ACL
reference count is tested to ensure its 1 and if not produces an error.
Since forget_cached_acl() was not called Lustre started to complain.
This patch changes ll_get_acl() to call forget_cached_acl().
Signed-off-by: James Simmons <jsimmons@infradead.org> Reviewed-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Use setup_timer() for initializing the timer, instead of structure
assignments.
This is the preferred/standard way.
Signed-off-by: Muhammad Falak R Wani <falakreyaz@gmail.com> Acked-by: James Simmons <jsimmons@infradead.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
James Simmons [Mon, 9 May 2016 14:53:48 +0000 (10:53 -0400)]
staging: lustre: ko2iblnd: fix memory corruption with fragments
In my test of the upstream client this change exposed a long
standing issues where we have a offset that is not page algined
would causes us to access memory beyond the scatter gather list
which was causing memory corruption when all 256 fragments were
in use.
Signed-off-by: James Simmons <jsimmons@infradead.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linus Torvalds [Sun, 5 Jun 2016 18:15:33 +0000 (11:15 -0700)]
Merge branch 'parisc-4.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:
- Fix printk time stamps on SMP systems which got wrong due to a patch
which was added during the merge window
- Fix two bugs in the stack backtrace code: Races in module unloading
and possible invalid accesses to memory due to wrong instruction
decoding (Mikulas Patocka)
- Fix userspace crash when syscalls access invalid unaligned userspace
addresses. Those syscalls will now return EFAULT as expected.
(tagged for stable kernel series)
* 'parisc-4.7-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Move die_if_kernel() prototype into traps.h header
parisc: Fix pagefault crash in unaligned __get_user() call
parisc: Fix printk time during boot
parisc: Fix backtrace on PA-RISC
Linus Torvalds [Sun, 5 Jun 2016 18:02:00 +0000 (11:02 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull key handling update from James Morris:
"This alters a new keyctl function added in the current merge window to
allow for a future extension planned for the next merge window"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
KEYS: Add placeholder for KDF usage with DH
devpts: Make each mount of devpts an independent filesystem.
The /dev/ptmx device node is changed to lookup the directory entry "pts"
in the same directory as the /dev/ptmx device node was opened in. If
there is a "pts" entry and that entry is a devpts filesystem /dev/ptmx
uses that filesystem. Otherwise the open of /dev/ptmx fails.
The DEVPTS_MULTIPLE_INSTANCES configuration option is removed, so that
userspace can now safely depend on each mount of devpts creating a new
instance of the filesystem.
Each mount of devpts is now a separate and equal filesystem.
Reserved ttys are now available to all instances of devpts where the
mounter is in the initial mount namespace.
A new vfs helper path_pts is introduced that finds a directory entry
named "pts" in the directory of the passed in path, and changes the
passed in path to point to it. The helper path_pts uses a function
path_parent_directory that was factored out of follow_dotdot.
In the implementation of devpts:
- devpts_mnt is killed as it is no longer meaningful if all mounts of
devpts are equal.
- pts_sb_from_inode is replaced by just inode->i_sb as all cached
inodes in the tty layer are now from the devpts filesystem.
- devpts_add_ref is rolled into the new function devpts_ptmx. And the
unnecessary inode hold is removed.
- devpts_del_ref is renamed devpts_release and reduced to just a
deacrivate_super.
- The newinstance mount option continues to be accepted but is now
ignored.
In devpts_fs.h definitions for when !CONFIG_UNIX98_PTYS are removed as
they are never used.
Documentation/filesystems/devices.txt is updated to describe the current
situation.
This has been verified to work properly on openwrt-15.05, centos5,
centos6, centos7, debian-6.0.2, debian-7.9, debian-8.2, ubuntu-14.04.3,
ubuntu-15.10, fedora23, magia-5, mint-17.3, opensuse-42.1,
slackware-14.1, gentoo-20151225 (13.0?), archlinux-2015-12-01. With the
caveat that on centos6 and on slackware-14.1 that there wind up being
two instances of the devpts filesystem mounted on /dev/pts, the lower
copy does not end up getting used.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Greg KH <greg@kroah.com> Cc: Peter Hurley <peter@hurleysoftware.com> Cc: Peter Anvin <hpa@zytor.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Serge Hallyn <serge.hallyn@ubuntu.com> Cc: Willy Tarreau <w@1wt.eu> Cc: Aurelien Jarno <aurelien@aurel32.net> Cc: One Thousand Gnomes <gnomes@lxorguk.ukuu.org.uk> Cc: Jann Horn <jann@thejh.net> Cc: Jiri Slaby <jslaby@suse.com> Cc: Florian Weimer <fw@deneb.enyo.de> Cc: Konstantin Khlebnikov <koct9i@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This means the userspace program clock_adjtime called the clock_adjtime()
syscall and then crashed inside the compat_get_timex() function.
Syscalls should never crash programs, but instead return EFAULT.
The IIR register contains the executed instruction, which disassebles
into "ldw 0(sr3,r5),r9".
This load-word instruction is part of __get_user() which tried to read the word
at %r5/IOR (0xfa6f7fff). This means the unaligned handler jumped in. The
unaligned handler is able to emulate all ldw instructions, but it fails if it
fails to read the source e.g. because of page fault.
int main(void) {
/* allocate 8k */
char *ptr = mmap(NULL, 2*4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
/* free second half (upper 4k) and make it invalid. */
munmap(ptr+4096, 4096);
/* syscall where first int is unaligned and clobbers into invalid memory region */
/* syscall should return EFAULT */
return syscall(__NR_clock_adjtime, 0, ptr+4095);
}
To fix this issue we simply need to check if the faulting instruction address
is in the exception fixup table when the unaligned handler failed. If it
is, call the fixup routine instead of crashing.
While looking at the unaligned handler I found another issue as well: The
target register should not be modified if the handler was unsuccessful.
Mikulas Patocka [Tue, 28 Jun 2011 22:48:19 +0000 (00:48 +0200)]
parisc: Fix backtrace on PA-RISC
This patch fixes backtrace on PA-RISC
There were several problems:
1) The code that decodes instructions handles instructions that subtract
from the stack pointer incorrectly. If the instruction subtracts the
number X from the stack pointer the code increases the frame size by
(0x100000000-X). This results in invalid accesses to memory and
recursive page faults.
2) Because gcc reorders blocks, handling instructions that subtract from
the frame pointer is incorrect. For example, this function
int f(int a)
{
if (__builtin_expect(a, 1))
return a;
g();
return a;
}
is compiled in such a way, that the code that decreases the stack
pointer for the first "return a" is placed before the code for "g" call.
If we recognize this decrement, we mistakenly believe that the frame
size for the "g" call is zero.
To fix problems 1) and 2), the patch doesn't recognize instructions that
decrease the stack pointer at all. To further safeguard the unwind code
against nonsense values, we don't allow frame size larger than
Total_frame_size.
3) The backtrace is not locked. If stack dump races with module unload,
invalid table can be accessed.
This patch adds a spinlock when processing module tables.
Note, that for correct backtrace, you need recent binutils.
Binutils 2.18 from Debian 5 produce garbage unwind tables.
Binutils 2.21 work better (it sometimes forgets function frames, but at
least it doesn't generate garbage).
Linus Torvalds [Sat, 4 Jun 2016 19:30:36 +0000 (12:30 -0700)]
Merge tag 'drm-fixes-for-v4.7-rc2' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"A bunch of ARM drivers got into the fixes vibe this time around, so
this contains a bunch of fixes for imx, atmel hlcdc, arm hdlcd (only
so many combos of hlcd), mediatek and omap drm.
Other than that there is one mgag200 fix and a few core drm regression
fixes"
* tag 'drm-fixes-for-v4.7-rc2' of git://people.freedesktop.org/~airlied/linux: (34 commits)
drm/omap: fix unused variable warning.
drm: hdlcd: Add information about the underlying framebuffers in debugfs
drm: hdlcd: Cleanup the atomic plane operations
drm/hdlcd: Fix up crtc_state->event handling
drm: hdlcd: Revamp runtime power management
drm/mediatek: mtk_dsi: Remove spurious drm_connector_unregister
drm/mediatek: mtk_dpi: remove invalid error message
drm: atmel-hlcdc: fix a NULL check
drm: atmel-hlcdc: fix atmel_hlcdc_crtc_reset() implementation
drm/mgag200: Black screen fix for G200e rev 4
drm: Wrap direct calls to driver->gem_free_object from CMA
drm: fix fb refcount issue with atomic modesetting
drm: make drm_atomic_set_mode_prop_for_crtc() more reliable
drm/sti: remove extra mode fixup
drm: add missing drm_mode_set_crtcinfo call
drm/omap: include gpio/consumer.h where needed
drm/omap: include linux/seq_file.h where needed
Revert "drm/omap: no need to select OMAP2_DSS"
drm/omap: Remove regulator API abuse
OMAPDSS: HDMI5: Change DDC timings
...
Linus Torvalds [Sat, 4 Jun 2016 19:25:36 +0000 (12:25 -0700)]
Merge tag 'vfio-v4.7-rc2' of git://github.com/awilliam/linux-vfio
Pull VFIO fixes from Alex Williamson:
"Fix irqfd shutdown ordering, build warning, and VPD short read"
* tag 'vfio-v4.7-rc2' of git://github.com/awilliam/linux-vfio:
vfio/pci: Allow VPD short read
vfio/type1: Fix build warning
vfio/pci: Fix ordering of eventfd vs virqfd shutdown
Linus Torvalds [Sat, 4 Jun 2016 18:56:28 +0000 (11:56 -0700)]
Merge branch 'for-linus-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
Pull btrfs fixes from Chris Mason:
"The important part of this pull is Filipe's set of fixes for btrfs
device replacement. Filipe fixed a few issues seen on the list and a
number he found on his own"
* 'for-linus-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
Btrfs: deal with duplciates during extent_map insertion in btrfs_get_extent
Btrfs: fix race between device replace and read repair
Btrfs: fix race between device replace and discard
Btrfs: fix race between device replace and chunk allocation
Btrfs: fix race setting block group back to RW mode during device replace
Btrfs: fix unprotected assignment of the left cursor for device replace
Btrfs: fix race setting block group readonly during device replace
Btrfs: fix race between device replace and block group removal
Btrfs: fix race between readahead and device replace/removal