aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-10-13 12:13:28 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2013-10-13 12:13:28 -0400
commit2d4712b7a615e5db3eb9a427f1722eec79681b4b (patch)
tree45f7686577193ca6298054ca7535a7c56b55a611
parent75c531881bdd600c0b9906482ae21e96d35bc377 (diff)
parentdb080f9c530f78dad661257885a1893506077068 (diff)
Merge branch 'parisc-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller: "This patchset includes a bugfix to prevent a kernel crash when memory in page zero is accessed by the kernel itself, e.g. via probe_kernel_read(). Furthermore we now export flush_cache_page() which is needed (indirectly) by the lustre filesystem. The other patches remove unused functions and optimizes the page fault handler to only evaluate variables if needed, which again protects against possible kernel crashes" * 'parisc-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: let probe_kernel_read() capture access to page zero parisc: optimize variable initialization in do_page_fault parisc: fix interruption handler to respect pagefault_disable() parisc: mark parisc_terminate() noreturn and cold. parisc: remove unused syscall_ipi() function. parisc: kill SMP single function call interrupt parisc: Export flush_cache_page() (needed by lustre)
Diffstat
-rw-r--r--arch/parisc/include/asm/traps.h2
-rw-r--r--arch/parisc/kernel/cache.c1
-rw-r--r--arch/parisc/kernel/smp.c8
-rw-r--r--arch/parisc/kernel/traps.c11
-rw-r--r--arch/parisc/lib/memcpy.c15
-rw-r--r--arch/parisc/mm/fault.c15
6 files changed, 30 insertions, 22 deletions
diff --git a/arch/parisc/include/asm/traps.h b/arch/parisc/include/asm/traps.h
index 1945f995f2df..4736020ba5ea 100644
--- a/arch/parisc/include/asm/traps.h
+++ b/arch/parisc/include/asm/traps.h
@@ -6,7 +6,7 @@ struct pt_regs;
6 6
7/* traps.c */ 7/* traps.c */
8void parisc_terminate(char *msg, struct pt_regs *regs, 8void parisc_terminate(char *msg, struct pt_regs *regs,
9 int code, unsigned long offset); 9 int code, unsigned long offset) __noreturn __cold;
10 10
11/* mm/fault.c */ 11/* mm/fault.c */
12void do_page_fault(struct pt_regs *regs, unsigned long code, 12void do_page_fault(struct pt_regs *regs, unsigned long code,
diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c
index c035673209f7..b521c0adf4ec 100644
--- a/arch/parisc/kernel/cache.c
+++ b/arch/parisc/kernel/cache.c
@@ -602,6 +602,7 @@ flush_cache_page(struct vm_area_struct *vma, unsigned long vmaddr, unsigned long
602 __flush_cache_page(vma, vmaddr, PFN_PHYS(pfn)); 602 __flush_cache_page(vma, vmaddr, PFN_PHYS(pfn));
603 } 603 }
604} 604}
605EXPORT_SYMBOL_GPL(flush_cache_page);
605 606
606#ifdef CONFIG_PARISC_TMPALIAS 607#ifdef CONFIG_PARISC_TMPALIAS
607 608
diff --git a/arch/parisc/kernel/smp.c b/arch/parisc/kernel/smp.c
index 8a252f2d6c08..2b96602e812f 100644
--- a/arch/parisc/kernel/smp.c
+++ b/arch/parisc/kernel/smp.c
@@ -72,7 +72,6 @@ enum ipi_message_type {
72 IPI_NOP=0, 72 IPI_NOP=0,
73 IPI_RESCHEDULE=1, 73 IPI_RESCHEDULE=1,
74 IPI_CALL_FUNC, 74 IPI_CALL_FUNC,
75 IPI_CALL_FUNC_SINGLE,
76 IPI_CPU_START, 75 IPI_CPU_START,
77 IPI_CPU_STOP, 76 IPI_CPU_STOP,
78 IPI_CPU_TEST 77 IPI_CPU_TEST
@@ -164,11 +163,6 @@ ipi_interrupt(int irq, void *dev_id)
164 generic_smp_call_function_interrupt(); 163 generic_smp_call_function_interrupt();
165 break; 164 break;
166 165
167 case IPI_CALL_FUNC_SINGLE:
168 smp_debug(100, KERN_DEBUG "CPU%d IPI_CALL_FUNC_SINGLE\n", this_cpu);
169 generic_smp_call_function_single_interrupt();
170 break;
171
172 case IPI_CPU_START: 166 case IPI_CPU_START:
173 smp_debug(100, KERN_DEBUG "CPU%d IPI_CPU_START\n", this_cpu); 167 smp_debug(100, KERN_DEBUG "CPU%d IPI_CPU_START\n", this_cpu);
174 break; 168 break;
@@ -260,7 +254,7 @@ void arch_send_call_function_ipi_mask(const struct cpumask *mask)
260 254
261void arch_send_call_function_single_ipi(int cpu) 255void arch_send_call_function_single_ipi(int cpu)
262{ 256{
263 send_IPI_single(cpu, IPI_CALL_FUNC_SINGLE); 257 send_IPI_single(cpu, IPI_CALL_FUNC);
264} 258}
265 259
266/* 260/*
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
index 04e47c6a4562..1cd1d0c83b6d 100644
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
@@ -291,11 +291,6 @@ void die_if_kernel(char *str, struct pt_regs *regs, long err)
291 do_exit(SIGSEGV); 291 do_exit(SIGSEGV);
292} 292}
293 293
294int syscall_ipi(int (*syscall) (struct pt_regs *), struct pt_regs *regs)
295{
296 return syscall(regs);
297}
298
299/* gdb uses break 4,8 */ 294/* gdb uses break 4,8 */
300#define GDB_BREAK_INSN 0x10004 295#define GDB_BREAK_INSN 0x10004
301static void handle_gdb_break(struct pt_regs *regs, int wot) 296static void handle_gdb_break(struct pt_regs *regs, int wot)
@@ -805,14 +800,14 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
805 else { 800 else {
806 801
807 /* 802 /*
808 * The kernel should never fault on its own address space. 803 * The kernel should never fault on its own address space,
804 * unless pagefault_disable() was called before.
809 */ 805 */
810 806
811 if (fault_space == 0) 807 if (fault_space == 0 && !in_atomic())
812 { 808 {
813 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC); 809 pdc_chassis_send_status(PDC_CHASSIS_DIRECT_PANIC);
814 parisc_terminate("Kernel Fault", regs, code, fault_address); 810 parisc_terminate("Kernel Fault", regs, code, fault_address);
815
816 } 811 }
817 } 812 }
818 813
diff --git a/arch/parisc/lib/memcpy.c b/arch/parisc/lib/memcpy.c
index ac4370b1ca40..b5507ec06b84 100644
--- a/arch/parisc/lib/memcpy.c
+++ b/arch/parisc/lib/memcpy.c
@@ -56,7 +56,7 @@
56#ifdef __KERNEL__ 56#ifdef __KERNEL__
57#include <linux/module.h> 57#include <linux/module.h>
58#include <linux/compiler.h> 58#include <linux/compiler.h>
59#include <asm/uaccess.h> 59#include <linux/uaccess.h>
60#define s_space "%%sr1" 60#define s_space "%%sr1"
61#define d_space "%%sr2" 61#define d_space "%%sr2"
62#else 62#else
@@ -524,4 +524,17 @@ EXPORT_SYMBOL(copy_to_user);
524EXPORT_SYMBOL(copy_from_user); 524EXPORT_SYMBOL(copy_from_user);
525EXPORT_SYMBOL(copy_in_user); 525EXPORT_SYMBOL(copy_in_user);
526EXPORT_SYMBOL(memcpy); 526EXPORT_SYMBOL(memcpy);
527
528long probe_kernel_read(void *dst, const void *src, size_t size)
529{
530 unsigned long addr = (unsigned long)src;
531
532 if (size < 0 || addr < PAGE_SIZE)
533 return -EFAULT;
534
535 /* check for I/O space F_EXTEND(0xfff00000) access as well? */
536
537 return __probe_kernel_read(dst, src, size);
538}
539
527#endif 540#endif
diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c
index 00c0ed333a3d..0293588d5b8c 100644
--- a/arch/parisc/mm/fault.c
+++ b/arch/parisc/mm/fault.c
@@ -171,20 +171,25 @@ void do_page_fault(struct pt_regs *regs, unsigned long code,
171 unsigned long address) 171 unsigned long address)
172{ 172{
173 struct vm_area_struct *vma, *prev_vma; 173 struct vm_area_struct *vma, *prev_vma;
174 struct task_struct *tsk = current; 174 struct task_struct *tsk;
175 struct mm_struct *mm = tsk->mm; 175 struct mm_struct *mm;
176 unsigned long acc_type; 176 unsigned long acc_type;
177 int fault; 177 int fault;
178 unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE; 178 unsigned int flags;
179 179
180 if (in_atomic() || !mm) 180 if (in_atomic())
181 goto no_context; 181 goto no_context;
182 182
183 tsk = current;
184 mm = tsk->mm;
185 if (!mm)
186 goto no_context;
187
188 flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE;
183 if (user_mode(regs)) 189 if (user_mode(regs))
184 flags |= FAULT_FLAG_USER; 190 flags |= FAULT_FLAG_USER;
185 191
186 acc_type = parisc_acctyp(code, regs->iir); 192 acc_type = parisc_acctyp(code, regs->iir);
187
188 if (acc_type & VM_WRITE) 193 if (acc_type & VM_WRITE)
189 flags |= FAULT_FLAG_WRITE; 194 flags |= FAULT_FLAG_WRITE;
190retry: 195retry:
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-14 14:36:14 -0400