platform/kernel/linux-3.10.git
14 years agoKVM: x86 emulator: drop use_modrm_ea
Avi Kivity [Sun, 1 Aug 2010 10:53:19 +0000 (13:53 +0300)]
KVM: x86 emulator: drop use_modrm_ea

Unused (and has never been).

Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: x86 emulator: put register operand fetch into a function
Avi Kivity [Sun, 1 Aug 2010 09:53:09 +0000 (12:53 +0300)]
KVM: x86 emulator: put register operand fetch into a function

The code is repeated three times, put it into fetch_register_operand()

Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: x86 emulator: use SrcAcc to simplify xchg decoding
Avi Kivity [Sun, 1 Aug 2010 09:41:59 +0000 (12:41 +0300)]
KVM: x86 emulator: use SrcAcc to simplify xchg decoding

Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: x86 emulator: simplify xchg decode tables
Avi Kivity [Sun, 1 Aug 2010 09:39:53 +0000 (12:39 +0300)]
KVM: x86 emulator: simplify xchg decode tables

Use X8() to avoid repetition.

Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: x86 emulator: use correct type for memory address in operands
Avi Kivity [Sun, 1 Aug 2010 09:35:10 +0000 (12:35 +0300)]
KVM: x86 emulator: use correct type for memory address in operands

Currently we use a void pointer for memory addresses.  That's wrong since
these are guest virtual addresses which are not directly dereferencable by
the host.

Use the correct type, unsigned long.

Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: x86 emulator: push segment override out of decode_modrm()
Avi Kivity [Sun, 1 Aug 2010 09:07:29 +0000 (12:07 +0300)]
KVM: x86 emulator: push segment override out of decode_modrm()

Let it compute modrm_seg instead, and have the caller apply it.

Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: SVM: Check for asid != 0 on nested vmrun
Joerg Roedel [Mon, 2 Aug 2010 14:46:45 +0000 (16:46 +0200)]
KVM: SVM: Check for asid != 0 on nested vmrun

This patch lets a nested vmrun fail if the L1 hypervisor
left the asid zero. This fixes the asid_zero unit test.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: SVM: Check for nested vmrun intercept before emulating vmrun
Joerg Roedel [Mon, 2 Aug 2010 14:46:44 +0000 (16:46 +0200)]
KVM: SVM: Check for nested vmrun intercept before emulating vmrun

This patch lets the nested vmrun fail if the L1 hypervisor
has not intercepted vmrun. This fixes the "vmrun intercept
check" unit test.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: MMU: mark page dirty only when page is really written
Xiao Guangrong [Mon, 2 Aug 2010 08:15:08 +0000 (16:15 +0800)]
KVM: MMU: mark page dirty only when page is really written

Mark page dirty only when this page is really written, it's more exacter,
and also can fix dirty page marking in speculation path

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: MMU: move bits lost judgement into a separate function
Xiao Guangrong [Mon, 2 Aug 2010 08:14:04 +0000 (16:14 +0800)]
KVM: MMU: move bits lost judgement into a separate function

Introduce spte_has_volatile_bits() function to judge whether spte
bits will miss, it's more readable and can help us to cleanup code
later

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: MMU: using kvm_set_pfn_accessed() instead of mark_page_accessed()
Xiao Guangrong [Mon, 2 Aug 2010 08:12:08 +0000 (16:12 +0800)]
KVM: MMU: using kvm_set_pfn_accessed() instead of mark_page_accessed()

It's a small cleanup that using using kvm_set_pfn_accessed() instead
of mark_page_accessed()

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: x86 emulator: check io permissions only once for string pio
Gleb Natapov [Mon, 2 Aug 2010 09:47:51 +0000 (12:47 +0300)]
KVM: x86 emulator: check io permissions only once for string pio

Do not recheck io permission on every iteration.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: x86 emulator: fix LMSW able to clear cr0.pe
Avi Kivity [Sun, 1 Aug 2010 15:35:24 +0000 (18:35 +0300)]
KVM: x86 emulator: fix LMSW able to clear cr0.pe

LMSW is documented not to be able to clear cr0.pe; make it so.

Signed-off-by: Avi Kivity <avi@redhat.com>
14 years agoKVM: x86 emulator: don't update vcpu state if instruction is restarted
Gleb Natapov [Thu, 29 Jul 2010 12:11:52 +0000 (15:11 +0300)]
KVM: x86 emulator: don't update vcpu state if instruction is restarted

No need to update vcpu state since instruction is in the middle of the
emulation.

Signed-off-by: Gleb Natapov <gleb@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert some push instructions to direct decode
Avi Kivity [Thu, 29 Jul 2010 12:11:55 +0000 (15:11 +0300)]
KVM: x86 emulator: convert some push instructions to direct decode

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: allow repeat macro arguments to contain commas
Avi Kivity [Thu, 29 Jul 2010 12:11:54 +0000 (15:11 +0300)]
KVM: x86 emulator: allow repeat macro arguments to contain commas

Needed for repeating instructions with execution functions.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: move decode tables downwards
Avi Kivity [Thu, 29 Jul 2010 12:11:53 +0000 (15:11 +0300)]
KVM: x86 emulator: move decode tables downwards

So they can reference execution functions.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: move x86_decode_insn() downwards
Avi Kivity [Thu, 29 Jul 2010 12:11:52 +0000 (15:11 +0300)]
KVM: x86 emulator: move x86_decode_insn() downwards

No code changes.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: allow storing emulator execution function in decode tables
Avi Kivity [Thu, 29 Jul 2010 12:11:51 +0000 (15:11 +0300)]
KVM: x86 emulator: allow storing emulator execution function in decode tables

Instead of looking up the opcode twice (once for decode flags, once for
the big execution switch) look up both flags and function in the decode tables.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: store x86_emulate_ops in emulation context
Avi Kivity [Thu, 29 Jul 2010 12:11:50 +0000 (15:11 +0300)]
KVM: x86 emulator: store x86_emulate_ops in emulation context

It doesn't ever change, so we don't need to pass it around everywhere.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: move ByteOp and Dst back to bits 0:3
Avi Kivity [Thu, 29 Jul 2010 12:11:49 +0000 (15:11 +0300)]
KVM: x86 emulator: move ByteOp and Dst back to bits 0:3

Now that the group index no longer exists, the space is free.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: drop support for old-style groups
Avi Kivity [Thu, 29 Jul 2010 12:11:48 +0000 (15:11 +0300)]
KVM: x86 emulator: drop support for old-style groups

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert group 9 to new style
Avi Kivity [Thu, 29 Jul 2010 12:11:47 +0000 (15:11 +0300)]
KVM: x86 emulator: convert group 9 to new style

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert group 8 to new style
Avi Kivity [Thu, 29 Jul 2010 12:11:46 +0000 (15:11 +0300)]
KVM: x86 emulator: convert group 8 to new style

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert group 7 to new style
Avi Kivity [Thu, 29 Jul 2010 12:11:45 +0000 (15:11 +0300)]
KVM: x86 emulator: convert group 7 to new style

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert group 5 to new style
Avi Kivity [Thu, 29 Jul 2010 12:11:44 +0000 (15:11 +0300)]
KVM: x86 emulator: convert group 5 to new style

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert group 4 to new style
Avi Kivity [Thu, 29 Jul 2010 12:11:43 +0000 (15:11 +0300)]
KVM: x86 emulator: convert group 4 to new style

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert group 3 to new style
Avi Kivity [Thu, 29 Jul 2010 12:11:42 +0000 (15:11 +0300)]
KVM: x86 emulator: convert group 3 to new style

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert group 1A to new style
Avi Kivity [Thu, 29 Jul 2010 12:11:41 +0000 (15:11 +0300)]
KVM: x86 emulator: convert group 1A to new style

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: convert group 1 to new style
Avi Kivity [Thu, 29 Jul 2010 12:11:40 +0000 (15:11 +0300)]
KVM: x86 emulator: convert group 1 to new style

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: allow specifying group directly in opcode
Avi Kivity [Thu, 29 Jul 2010 12:11:39 +0000 (15:11 +0300)]
KVM: x86 emulator: allow specifying group directly in opcode

Instead of having a group number, store the group table pointer directly in
the opcode.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: reserve group code 0
Avi Kivity [Thu, 29 Jul 2010 12:11:38 +0000 (15:11 +0300)]
KVM: x86 emulator: reserve group code 0

We'll be using that to distinguish between new-style and old-style groups.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: move group tables to top
Avi Kivity [Thu, 29 Jul 2010 12:11:37 +0000 (15:11 +0300)]
KVM: x86 emulator: move group tables to top

No code changes.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: Add wrappers for easily defining opcodes
Avi Kivity [Thu, 29 Jul 2010 12:11:36 +0000 (15:11 +0300)]
KVM: x86 emulator: Add wrappers for easily defining opcodes

Once 'struct opcode' grows, its initializer will become more complicated.
Wrap the simple initializers in a D() macro, and replace the empty initializers
with an even simpler N macro.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: introduce 'struct opcode'
Avi Kivity [Thu, 29 Jul 2010 12:11:35 +0000 (15:11 +0300)]
KVM: x86 emulator: introduce 'struct opcode'

This will hold all the information known about the opcode.  Currently, this
is just the decode flags.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: drop parentheses in repreat macros
Avi Kivity [Thu, 29 Jul 2010 12:11:34 +0000 (15:11 +0300)]
KVM: x86 emulator: drop parentheses in repreat macros

The parenthese make is impossible to use the macros with initializers that
require braces.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: Add IRET instruction
Mohammed Gamal [Wed, 28 Jul 2010 09:38:40 +0000 (12:38 +0300)]
KVM: x86 emulator: Add IRET instruction

Ths patch adds IRET instruction (opcode 0xcf).
Currently, only IRET in real mode is emulated. Protected mode support is to be added later if needed.

Signed-off-by: Mohammed Gamal <m.gamal005@gmail.com>
Reviewed-by: Avi Kivity <avi@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: SVM: Emulate next_rip svm feature
Joerg Roedel [Tue, 27 Jul 2010 16:14:21 +0000 (18:14 +0200)]
KVM: SVM: Emulate next_rip svm feature

This patch implements the emulations of the svm next_rip
feature in the nested svm implementation in kvm.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: SVM: Sync efer back into nested vmcb
Joerg Roedel [Tue, 27 Jul 2010 16:14:20 +0000 (18:14 +0200)]
KVM: SVM: Sync efer back into nested vmcb

This patch fixes a bug in a nested hypervisor that heavily
switches between real-mode and long-mode. The problem is
fixed by syncing back efer into the guest vmcb on emulated
vmexit.

Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: MMU: remove valueless output message
Xiao Guangrong [Tue, 27 Jul 2010 03:21:18 +0000 (11:21 +0800)]
KVM: MMU: remove valueless output message

After commit 53383eaad08d, the '*spte' has updated before call
rmap_remove()(in most case it's 'shadow_trap_nonpresent_pte'), so
remove this information from error message

Signed-off-by: Xiao Guangrong <xiaoguangrong@cn.fujitsu.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: VMX: Use host_gdt variable wherever we need the host gdt
Avi Kivity [Mon, 26 Jul 2010 15:32:39 +0000 (18:32 +0300)]
KVM: VMX: Use host_gdt variable wherever we need the host gdt

Now that we have the host gdt conveniently stored in a variable, make use
of it instead of querying the cpu.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: unify the two Group 3 variants
Avi Kivity [Mon, 26 Jul 2010 11:37:51 +0000 (14:37 +0300)]
KVM: x86 emulator: unify the two Group 3 variants

Use just one group table for byte (F6) and word (F7) opcodes.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: Allow LOCK prefix for NEG and NOT
Avi Kivity [Mon, 26 Jul 2010 11:37:50 +0000 (14:37 +0300)]
KVM: x86 emulator: Allow LOCK prefix for NEG and NOT

Opcodes F6/2, F6/3, F7/2, F7/3.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: simplify Group 1 decoding
Avi Kivity [Mon, 26 Jul 2010 11:37:49 +0000 (14:37 +0300)]
KVM: x86 emulator: simplify Group 1 decoding

Move operand decoding to the opcode table, keep lock decoding in the group
table.  This allows us to get consolidate the four variants of Group 1 into one
group.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: mix decode bits from opcode and group decode tables
Avi Kivity [Mon, 26 Jul 2010 11:37:48 +0000 (14:37 +0300)]
KVM: x86 emulator: mix decode bits from opcode and group decode tables

Allow bits that are common to all members of a group to be specified in the
opcode table instead of the group table.  This allows some simplification
of the decode tables.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: add Undefined decode flag
Avi Kivity [Mon, 26 Jul 2010 11:37:47 +0000 (14:37 +0300)]
KVM: x86 emulator: add Undefined decode flag

Add a decode flag to indicate the instruction is invalid.  Will come in useful
later, when we mix decode bits from the opcode and group table.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: Make group storage bits separate from operand bits
Avi Kivity [Mon, 26 Jul 2010 11:37:46 +0000 (14:37 +0300)]
KVM: x86 emulator: Make group storage bits separate from operand bits

Currently group bits are stored in bits 0:7, where operand bits are stored.

Make group bits be 0:3, and move the existing bits 0:3 to 16:19, so we can
mix group and operand bits.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: consolidate Jcc rel32 decoding
Avi Kivity [Mon, 26 Jul 2010 11:37:45 +0000 (14:37 +0300)]
KVM: x86 emulator: consolidate Jcc rel32 decoding

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: consolidate CMOVcc decoding
Avi Kivity [Mon, 26 Jul 2010 11:37:44 +0000 (14:37 +0300)]
KVM: x86 emulator: consolidate CMOVcc decoding

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: consolidate MOV reg, imm decoding
Avi Kivity [Mon, 26 Jul 2010 11:37:43 +0000 (14:37 +0300)]
KVM: x86 emulator: consolidate MOV reg, imm decoding

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: consolidate Jcc rel8 decoding
Avi Kivity [Mon, 26 Jul 2010 11:37:42 +0000 (14:37 +0300)]
KVM: x86 emulator: consolidate Jcc rel8 decoding

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: consolidate push/pop reg decoding
Avi Kivity [Mon, 26 Jul 2010 11:37:41 +0000 (14:37 +0300)]
KVM: x86 emulator: consolidate push/pop reg decoding

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: consolidate inc/dec reg decoding
Avi Kivity [Mon, 26 Jul 2010 11:37:40 +0000 (14:37 +0300)]
KVM: x86 emulator: consolidate inc/dec reg decoding

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: add macros for repetitive instructions
Avi Kivity [Mon, 26 Jul 2010 11:37:39 +0000 (14:37 +0300)]
KVM: x86 emulator: add macros for repetitive instructions

Some instructions are repetitive in the opcode space, add macros for
consolidating them.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoKVM: x86 emulator: fix handling for unemulated instructions
Avi Kivity [Sun, 25 Jul 2010 11:51:16 +0000 (14:51 +0300)]
KVM: x86 emulator: fix handling for unemulated instructions

If an instruction is present in the decode tables but not in the execution
switch, it will be emulated as a NOP.  An example is IRET (0xcf).

Fix by adding default: labels to the execution switches.

Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoMerge branch 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Wed, 20 Oct 2010 16:00:44 +0000 (09:00 -0700)]
Merge branch 'kvm-updates/2.6.36' of git://git./virt/kvm/kvm

* 'kvm-updates/2.6.36' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: Fix fs/gs reload oops with invalid ldt

14 years agoMerge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied...
Linus Torvalds [Tue, 19 Oct 2010 17:10:20 +0000 (10:10 -0700)]
Merge branch 'drm-fixes' of git://git./linux/kernel/git/airlied/drm-2.6

* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
  drm/radeon/kms: avivo cursor workaround applies to evergreen as well

14 years agoKVM: Fix fs/gs reload oops with invalid ldt
Avi Kivity [Tue, 19 Oct 2010 14:46:55 +0000 (16:46 +0200)]
KVM: Fix fs/gs reload oops with invalid ldt

kvm reloads the host's fs and gs blindly, however the underlying segment
descriptors may be invalid due to the user modifying the ldt after loading
them.

Fix by using the safe accessors (loadsegment() and load_gs_index()) instead
of home grown unsafe versions.

This is CVE-2010-3698.

KVM-Stable-Tag.
Signed-off-by: Avi Kivity <avi@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
14 years agoMerge branch 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus
Linus Torvalds [Mon, 18 Oct 2010 20:10:36 +0000 (13:10 -0700)]
Merge branch 'upstream' of git://git.linux-mips.org/upstream-linus

* 'upstream' of git://git.linux-mips.org/pub/scm/upstream-linus:
  MIPS: Enable ISA_DMA_API config to fix build failure
  MIPS: 32-bit: Fix build failure in asm/fcntl.h
  MIPS: Remove all generated vmlinuz* files on "make clean"
  MIPS: do_sigaltstack() expects userland pointers
  MIPS: Fix error values in case of bad_stack
  MIPS: Sanitize restart logics
  MIPS: secure_computing, syscall audit: syscall number should in r2, not r0.
  MIPS: Don't block signals if we'd failed to setup a sigframe

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Linus Torvalds [Mon, 18 Oct 2010 20:10:08 +0000 (13:10 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: evdev - fix EVIOCSABS regression
  Input: evdev - fix Ooops in EVIOCGABS/EVIOCSABS

14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394...
Linus Torvalds [Mon, 18 Oct 2010 20:09:26 +0000 (13:09 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/ieee1394/linux1394-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  firewire: ohci: fix TI TSB82AA2 regression since 2.6.35

14 years agomxc_nand: do not depend on disabling the irq in the interrupt handler
Sascha Hauer [Mon, 18 Oct 2010 08:16:26 +0000 (10:16 +0200)]
mxc_nand: do not depend on disabling the irq in the interrupt handler

This patch reverts the driver to enabling/disabling the NFC interrupt
mask rather than enabling/disabling the system interrupt.  This cleans
up the driver so that it doesn't rely on interrupts being disabled
within the interrupt handler.

For i.MX21 we keep the current behaviour, that is calling
enable_irq/disable_irq_nosync to enable/disable interrupts.  This patch
is based on earlier work by John Ogness.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: John Ogness <john.ogness@linutronix.de>
Tested-by: John Ogness <john.ogness@linutronix.de>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoMerge branch 'for-linus/i2c/2636-rc8' of git://git.fluff.org/bjdooks/linux
Linus Torvalds [Mon, 18 Oct 2010 20:05:10 +0000 (13:05 -0700)]
Merge branch 'for-linus/i2c/2636-rc8' of git://git.fluff.org/bjdooks/linux

* 'for-linus/i2c/2636-rc8' of git://git.fluff.org/bjdooks/linux:
  i2c-imx: do not allow interruptions when waiting for I2C to complete
  i2c-davinci: Fix TX setup for more SoCs

14 years agoMerge branch 'fixes'
Linus Torvalds [Mon, 18 Oct 2010 20:04:33 +0000 (13:04 -0700)]
Merge branch 'fixes'

* fixes:
  v4l1: fix 32-bit compat microcode loading translation
  De-pessimize rds_page_copy_user

14 years agoMIPS: Enable ISA_DMA_API config to fix build failure
Namhyung Kim [Mon, 18 Oct 2010 03:55:21 +0000 (12:55 +0900)]
MIPS: Enable ISA_DMA_API config to fix build failure

Add ISA_DMA_API config item and select it when GENERIC_ISA_DMA enabled.
This fixes build failure on allmodconfig like following:

  CC      sound/isa/es18xx.o
sound/isa/es18xx.c: In function 'snd_es18xx_playback1_prepare':
sound/isa/es18xx.c:501:9: error: implicit declaration of function 'snd_dma_program'
sound/isa/es18xx.c: In function 'snd_es18xx_playback_pointer':
sound/isa/es18xx.c:818:3: error: implicit declaration of function 'snd_dma_pointer'
make[3]: *** [sound/isa/es18xx.o] Error 1
make[2]: *** [sound/isa/es18xx.o] Error 2
make[1]: *** [sub-make] Error 2
make: *** [all] Error 2

Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/1717/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: 32-bit: Fix build failure in asm/fcntl.h
Namhyung Kim [Sun, 17 Oct 2010 16:41:39 +0000 (01:41 +0900)]
MIPS: 32-bit: Fix build failure in asm/fcntl.h

  CC      security/integrity/ima/ima_fs.o
In file included from linux/include/linux/fcntl.h:4:0,
                 from linux/security/integrity/ima/ima_fs.c:18:
linux/arch/mips/include/asm/fcntl.h:63:2: error: expected specifier-qualifier-list before 'off_t'
make[3]: *** [security/integrity/ima/ima_fs.o] Error 1
make[2]: *** [security/integrity/ima/ima_fs.o] Error 2
make[1]: *** [sub-make] Error 2
make: *** [all] Error 2

Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/1715/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Remove all generated vmlinuz* files on "make clean"
Wu Zhangjin [Wed, 22 Sep 2010 06:03:57 +0000 (14:03 +0800)]
MIPS: Remove all generated vmlinuz* files on "make clean"

[Ralf: I changed the patch to explicitly list all files to be deleted out
of paranoia.]

Signed-off-by: Wu Zhangjin <wuzhangjin@gmail.com>
Patchwork: http://patchwork.linux-mips.org/patch/1590/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: do_sigaltstack() expects userland pointers
Al Viro [Tue, 28 Sep 2010 17:50:57 +0000 (18:50 +0100)]
MIPS: do_sigaltstack() expects userland pointers

o32 compat does the right thing, native and n32 compat do not...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: http://patchwork.linux-mips.org/patch/1700/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Fix error values in case of bad_stack
Al Viro [Tue, 28 Sep 2010 17:50:47 +0000 (18:50 +0100)]
MIPS: Fix error values in case of bad_stack

We want EFAULT, not -<syscall number>

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1699/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Sanitize restart logics
Al Viro [Tue, 28 Sep 2010 17:50:37 +0000 (18:50 +0100)]
MIPS: Sanitize restart logics

Put the original syscall number into ->regs[0] when we leave syscall
with error.  Use it in restart logics.  Everything else will have
it 0 since we pass through SAVE_SOME on all the ways in.  Note that
in places like bad_stack and inllegal_syscall we leave it 0 - it's not
restartable.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1698/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: secure_computing, syscall audit: syscall number should in r2, not r0.
Al Viro [Tue, 28 Sep 2010 17:50:27 +0000 (18:50 +0100)]
MIPS: secure_computing, syscall audit: syscall number should in r2, not r0.

As it is, audit_syscall_entry() and secure_computing() get the
bogus value (0, in fact)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1697/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoMIPS: Don't block signals if we'd failed to setup a sigframe
Al Viro [Tue, 28 Sep 2010 17:50:17 +0000 (18:50 +0100)]
MIPS: Don't block signals if we'd failed to setup a sigframe

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org
Cc: linux-arch@vger.kernel.org
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/1696/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
14 years agoInput: evdev - fix EVIOCSABS regression
Daniel Mack [Mon, 18 Oct 2010 15:43:50 +0000 (08:43 -0700)]
Input: evdev - fix EVIOCSABS regression

448cd16 ("Input: evdev - rearrange ioctl handling") broke EVIOCSABS by
checking for the wrong direction bit.

Signed-off-by: Daniel Mack <zonque@gmail.com>
Reported-by: Sven Neumann <s.neumann@raumfeld.com>
Tested-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
14 years agoInput: evdev - fix Ooops in EVIOCGABS/EVIOCSABS
Daniel Mack [Mon, 18 Oct 2010 15:43:30 +0000 (08:43 -0700)]
Input: evdev - fix Ooops in EVIOCGABS/EVIOCSABS

This fixes a regression introduced by the dynamic allocation of absinfo
for input devices. We need to bail out early for input devices which
don't have absolute axis.

[  929.664303] Pid: 2989, comm: input Not tainted 2.6.36-rc8+ #14 MS-7260/MS-7260
[  929.664318] EIP: 0060:[<c12bdc01>] EFLAGS: 00010246 CPU: 0
[  929.664331] EIP is at evdev_ioctl+0x4f8/0x59f
[  929.664341] EAX: 00000040 EBX: 00000000 ECX: 00000006 EDX: f45a1efc
[  929.664355] ESI: 00000000 EDI: f45a1efc EBP: f45a1f24 ESP: f45a1eb8
[  929.664369]  DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[  929.664402]  f470da74 f6a30e78 f462c240 00000018 bfe4a260 00000000 f45b06fc 00000000
[  929.664429] <0> 000000c4 b769d000 c3544620 f470da74 f45b06fc f45b06fc f45a1f38 c107dd1f
[  929.664458] <0> f4710b74 000000c4 00000000 00000000 00000000 0000029d 00000a74 f4710b74
[  929.664500]  [<c107dd1f>] ? handle_mm_fault+0x2be/0x59a
[  929.664513]  [<c12bd709>] ? evdev_ioctl+0x0/0x59f
[  929.664524]  [<c1099d30>] ? do_vfs_ioctl+0x494/0x4d9
[  929.664538]  [<c10432a1>] ? up_read+0x16/0x29
[  929.664550]  [<c101c818>] ? do_page_fault+0x2ff/0x32d
[  929.664564]  [<c108d048>] ? do_sys_open+0xc5/0xcf
[  929.664575]  [<c1099db6>] ? sys_ioctl+0x41/0x61
[  929.664587]  [<c1002710>] ? sysenter_do_call+0x12/0x36
[  929.684570] ---[ end trace 11b83e923bd8f2bb ]---

Signed-off-by: Daniel Mack <zonque@gmail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
14 years agoi2c-imx: do not allow interruptions when waiting for I2C to complete
Marc Kleine-Budde [Mon, 21 Jun 2010 07:27:05 +0000 (09:27 +0200)]
i2c-imx: do not allow interruptions when waiting for I2C to complete

The i2c_imx_trx_complete() function is using
wait_event_interruptible_timeout() to wait for the I2C controller to
signal that it has completed an I2C bus operation. If the process that
causes the I2C operation receives a signal, the wait will be
interrupted, returning an error. It is better to let the I2C operation
finished before handling the signal (i.e. returning into userspace).

It is safe to use wait_event_timeout() instead, because the timeout
will allow the process to exit if the I2C bus hangs. It's also better
to allow the I2C operation to finish, because unacknowledged I2C
operations can cause the I2C bus to hang.

Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Reviewed-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
14 years agoi2c-davinci: Fix TX setup for more SoCs
Jon Povey [Tue, 12 Oct 2010 04:47:05 +0000 (13:47 +0900)]
i2c-davinci: Fix TX setup for more SoCs

This patch is an improvement to 4bba0fd8d1c6d405df666e2573e1a1f917098be0
which got to mainline a little early.

Sudhakar Rajashekhara explains that at least OMAP-L138 requires MDR mode
settings before DXR for correct behaviour, so load MDR first with
STT cleared and later load again with STT set.

Tested on DM355 connected to Techwell TW2836 and Wolfson WM8985

Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk>
Acked-by: Troy Kisky <troy.kisky@boundarydevices.com>
Tested-by: Sudhakar Rajashekhara <sudhakar.raj@ti.com>
Acked-by: Kevin Hilman <khilman@deeprootsystems.com>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
14 years agodrm/radeon/kms: avivo cursor workaround applies to evergreen as well
Alex Deucher [Thu, 14 Oct 2010 21:14:57 +0000 (17:14 -0400)]
drm/radeon/kms: avivo cursor workaround applies to evergreen as well

Fixes cursor corruption in certain cases.

Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
14 years agoMerge branch 'fix/misc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
Linus Torvalds [Sun, 17 Oct 2010 16:38:08 +0000 (09:38 -0700)]
Merge branch 'fix/misc' of git://git./linux/kernel/git/tiwai/sound-2.6

* 'fix/misc' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: rawmidi: fix oops (use after free) when unloading a driver module

14 years agofirewire: ohci: fix TI TSB82AA2 regression since 2.6.35
Stefan Richter [Sun, 17 Oct 2010 12:09:12 +0000 (14:09 +0200)]
firewire: ohci: fix TI TSB82AA2 regression since 2.6.35

Revert commit 54672386ccf36ffa21d1de8e75624af83f9b0eeb
"firewire: ohci: fix up configuration of TI chips".
It caused massive slow-down and data corruption with a TSB82AA2 based
StarTech EC1394B2 ExpressCard and FireWire 800 harddisks.

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/657081
http://thread.gmane.org/gmane.linux.kernel.firewire.user/4013

The fact that some card EEPROMs do not program these enhancements may be
related to TSB81BA3 phy chip errata, if not to bugs of TSB82AA2 itself.
We could re-add these configuration steps, but only conditional on a
whitelist of cards on which these enhancements bring a proven positive
effect.

Reported-and-tested-by: Eric Shattow <lucent@gmail.com>
Cc: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org> 2.6.35
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
14 years agoALSA: rawmidi: fix oops (use after free) when unloading a driver module
Clemens Ladisch [Fri, 15 Oct 2010 10:06:18 +0000 (12:06 +0200)]
ALSA: rawmidi: fix oops (use after free) when unloading a driver module

When a driver module is unloaded and the last still open file is a raw
MIDI device, the card and its devices will be actually freed in the
snd_card_file_remove() call when that file is closed.  Afterwards, rmidi
and rmidi->card point into freed memory, so the module pointer is likely
to be garbage.
(This was introduced by commit 9a1b64caac82aa02cb74587ffc798e6f42c6170a.)

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Reported-by: Krzysztof Foltman <wdev@foltman.com>
Cc: 2.6.30-2.6.35 <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
14 years agom32r: test __LITTLE_ENDIAN__ instead of __LITTLE_ENDIAN
Kyle McMartin [Sat, 16 Oct 2010 01:17:16 +0000 (21:17 -0400)]
m32r: test __LITTLE_ENDIAN__ instead of __LITTLE_ENDIAN

Fixes build for me... these are what's tested in byteorder.h...

Signed-off-by: Kyle McMartin <kyle@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom32r: add kernel/.gitignore and ignore vmlinux.lds
Kyle McMartin [Sat, 16 Oct 2010 01:17:13 +0000 (21:17 -0400)]
m32r: add kernel/.gitignore and ignore vmlinux.lds

Signed-off-by: Kyle McMartin <kyle@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom32r: get_user takes an lvalue, not a pointer
Kyle McMartin [Sat, 16 Oct 2010 01:17:09 +0000 (21:17 -0400)]
m32r: get_user takes an lvalue, not a pointer

Signed-off-by: Kyle McMartin <kyle@redhat.com>
Acked-by: Al "my fuckup" Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agom32r: restore _BLOCKABLE
Kyle McMartin [Sat, 16 Oct 2010 01:16:45 +0000 (21:16 -0400)]
m32r: restore _BLOCKABLE

Commit a7f8388e accidentally removed it... Al explains:

  "Sorry, reordering breakage.  In the signals tree here I have

   static inline void sig_set_blocked(struct sigset_t *set)
   ...

   and it's used all over the place (including quite a few places where
   we currently have sigprocmask(SIG_SETMASK, set, NULL), which is what
   it's equivalent to).  With that done, m32r doesn't use _BLOCKABLE
   anywhere, so it got removed.  And that chunk got picked when I'd been
   reordering the queue to pull the arch-specific fixes in front.
   Sorry."

Signed-off-by: Kyle McMartin <kyle@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agotypes.h: define __aligned_u64 and expose to userspace
Eric Paris [Fri, 15 Oct 2010 21:34:14 +0000 (14:34 -0700)]
types.h: define __aligned_u64 and expose to userspace

We currently have a kernel internal type called aligned_u64 which aligns
__u64's on 8 bytes boundaries even on systems which would normally align
them on 4 byte boundaries.  This patch creates a new type __aligned_u64
which does the same thing but which is exposed to userspace rather than
being kernel internal.

[akpm: merge early as both the net and audit trees want this]

[akpm@linux-foundation.org: enhance the comment describing the reasons for using aligned_u64.  Via Andreas and Andi.]
Based-on-patch-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: Eric Paris <eparis@redhat.com>
Cc: Jan Engelhardt <jengelh@medozas.de>
Cc: David Miller <davem@davemloft.net>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agouml: fix build
FUJITA Tomonori [Fri, 15 Oct 2010 21:34:13 +0000 (14:34 -0700)]
uml: fix build

Fix a build error introduced by d6d1b650ae6acce73d55dd024 ("param: simple
locking for sysfs-writable charp parameters").

    CC      arch/um/kernel/trap.o
  arch/um/drivers/hostaudio_kern.c: In function 'hostaudio_open':
  arch/um/drivers/hostaudio_kern.c:204: error: '__param_dsp' undeclared (first use in this function)
  arch/um/drivers/hostaudio_kern.c:204: error: (Each undeclared identifier is reported only once
  arch/um/drivers/hostaudio_kern.c:204: error: for each function it appears in.)
  arch/um/drivers/hostaudio_kern.c: In function 'hostmixer_open_mixdev':
  arch/um/drivers/hostaudio_kern.c:265: error: '__param_mixer' undeclared (first use in this function)
  arch/um/drivers/hostaudio_kern.c:272: error: '__param_dsp' undeclared (first use in this function)

Reported-by: Toralf Förster <toralf.foerster@gmx.de>
Tested-by: Toralf Förster <toralf.foerster@gmx.de>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Cc: Takashi Iwai <tiwai@suse.de>
Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agosysctl: min/max bounds are optional
Eric Dumazet [Fri, 15 Oct 2010 21:34:12 +0000 (14:34 -0700)]
sysctl: min/max bounds are optional

sysctl check complains with a WARN() when proc_doulongvec_minmax() or
proc_doulongvec_ms_jiffies_minmax() are used by a vector of longs (with
more than one element), with no min or max value specified.

This is unexpected, given we had a bug on this min/max handling :)

Reported-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: David Miller <davem@davemloft.net>
Acked-by: WANG Cong <xiyou.wangcong@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agov4l1: fix 32-bit compat microcode loading translation
Linus Torvalds [Fri, 15 Oct 2010 18:12:38 +0000 (11:12 -0700)]
v4l1: fix 32-bit compat microcode loading translation

The compat code for the VIDIOCSMICROCODE ioctl is totally buggered.
It's only used by the VIDEO_STRADIS driver, and that one is scheduled to
staging and eventually removed unless somebody steps up to maintain it
(at which point it should use request_firmware() rather than some magic
ioctl).  So we'll get rid of it eventually.

But in the meantime, the compatibility ioctl code is broken, and this
tries to get it to at least limp along (even if Mauro suggested just
deleting it entirely, which may be the right thing to do - I don't think
the compatibility translation code has ever worked unless you were very
lucky).

Reported-by: Kees Cook <kees.cook@canonical.com>
Cc: Mauro Carvalho Chehab <mchehab@infradead.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoDe-pessimize rds_page_copy_user
Linus Torvalds [Fri, 15 Oct 2010 18:09:28 +0000 (11:09 -0700)]
De-pessimize rds_page_copy_user

Don't try to "optimize" rds_page_copy_user() by using kmap_atomic() and
the unsafe atomic user mode accessor functions.  It's actually slower
than the straightforward code on any reasonable modern CPU.

Back when the code was written (although probably not by the time it was
actually merged, though), 32-bit x86 may have been the dominant
architecture.  And there kmap_atomic() can be a lot faster than kmap()
(unless you have very good locality, in which case the virtual address
caching by kmap() can overcome all the downsides).

But these days, x86-64 may not be more populous, but it's getting there
(and if you care about performance, it's definitely already there -
you'd have upgraded your CPU's already in the last few years).  And on
x86-64, the non-kmap_atomic() version is faster, simply because the code
is simpler and doesn't have the "re-try page fault" case.

People with old hardware are not likely to care about RDS anyway, and
the optimization for the 32-bit case is simply buggy, since it doesn't
verify the user addresses properly.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Acked-by: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc
Linus Torvalds [Fri, 15 Oct 2010 17:18:36 +0000 (10:18 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/cjb/mmc

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc:
  mmc: sdio: fix SDIO suspend/resume regression

14 years agommc: sdio: fix SDIO suspend/resume regression
Ohad Ben-Cohen [Wed, 13 Oct 2010 07:31:56 +0000 (09:31 +0200)]
mmc: sdio: fix SDIO suspend/resume regression

Fix SDIO suspend/resume regression introduced by 4c2ef25fe0b "mmc: fix
all hangs related to mmc/sd card insert/removal during suspend/resume":

  PM: Syncing filesystems ... done.
  Freezing user space processes ... (elapsed 0.01 seconds) done.
  Freezing remaining freezable tasks ... (elapsed 0.01 seconds) done.
  Suspending console(s) (use no_console_suspend to debug)
  pm_op(): platform_pm_suspend+0x0/0x5c returns -38
  PM: Device pxa2xx-mci.0 failed to suspend: error -38
  PM: Some devices failed to suspend

4c2ef25fe0b moved the card removal/insertion mechanism out of MMC's
suspend/resume path and into pm notifiers (mmc_pm_notify), and that
broke SDIO's expectation that mmc_suspend_host() will remove the card,
and squash the error, in case -ENOSYS is returned from the bus suspend
handler (mmc_sdio_suspend() in this case).

mmc_sdio_suspend() is using this whenever at least one of the card's SDIO
function drivers does not have suspend/resume handlers - in that case
it is agreed to force removal of the entire card.

This patch fixes this regression by trivially bringing back that part of
mmc_suspend_host(), which was removed by 4c2ef25fe0b.

Reported-and-tested-by: Sven Neumann <s.neumann@raumfeld.com>
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
Cc: Maxim Levitsky <maximlevitsky@gmail.com>
Cc: <stable@kernel.org>
Acked-by: Nicolas Pitre <nico@fluxnic.net>
Signed-off-by: Chris Ball <cjb@laptop.org>
14 years agoMerge branch 'timers-for-linus-urgent' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Fri, 15 Oct 2010 16:50:03 +0000 (09:50 -0700)]
Merge branch 'timers-for-linus-urgent' of git://git./linux/kernel/git/tip/linux-2.6-tip

* 'timers-for-linus-urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  hrtimer: Preserve timer state in remove_hrtimer()

14 years agoMerge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
Linus Torvalds [Fri, 15 Oct 2010 16:49:43 +0000 (09:49 -0700)]
Merge branch 'upstream-fixes' of git://git./linux/kernel/git/jikos/hid

* 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
  HID: Add Cando touch screen 15.6-inch product id
  HID: Add MULTI_INPUT quirk for turbox/mosart touchscreen
  HID: hidraw, fix a NULL pointer dereference in hidraw_write
  HID: hidraw, fix a NULL pointer dereference in hidraw_ioctl

14 years agoMerge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
Linus Torvalds [Fri, 15 Oct 2010 16:49:16 +0000 (09:49 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block

* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
  ubd: fix incorrect sector handling during request restart
  ps3disk: passing wrong variable to bvec_kunmap_irq()

14 years agoubd: fix incorrect sector handling during request restart
Tejun Heo [Fri, 15 Oct 2010 10:56:21 +0000 (12:56 +0200)]
ubd: fix incorrect sector handling during request restart

Commit f81f2f7c (ubd: drop unnecessary rq->sector manipulation)
dropped request->sector manipulation in preparation for global request
handling cleanup; unfortunately, it incorrectly assumed that the
updated sector wasn't being used.

ubd tries to issue as many requests as possible to io_thread.  When
issuing fails due to memory pressure or other reasons, the device is
put on the restart list and issuing stops.  On IO completion, devices
on the restart list are scanned and IO issuing is restarted.

ubd issues IOs sg-by-sg and issuing can be stopped in the middle of a
request, so each device on the restart queue needs to remember where
to restart in its current request.  ubd needs to keep track of the
issue position itself because,

* blk_rq_pos(req) is now updated by the block layer to keep track of
  _completion_ position.

* Multiple io_req's for the current request may be in flight, so it's
  difficult to tell where blk_rq_pos(req) currently is.

Add ubd->rq_pos to keep track of the issue position and use it to
correctly restart io_req issue.

Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-by: Richard Weinberger <richard@nod.at>
Tested-by: Richard Weinberger <richard@nod.at>
Tested-by: Chris Frey <cdfrey@foursquare.net>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
14 years agoExport dump_{write,seek} to binary loader modules
Linus Torvalds [Fri, 15 Oct 2010 02:15:28 +0000 (19:15 -0700)]
Export dump_{write,seek} to binary loader modules

If you build aout support as a module, you'll want these exported.

Reported-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoLinux 2.6.36-rc8 v2.6.36-rc8
Linus Torvalds [Thu, 14 Oct 2010 23:26:43 +0000 (16:26 -0700)]
Linux 2.6.36-rc8

14 years agoUn-inline the core-dump helper functions
Linus Torvalds [Thu, 14 Oct 2010 21:32:06 +0000 (14:32 -0700)]
Un-inline the core-dump helper functions

Tony Luck reports that the addition of the access_ok() check in commit
0eead9ab41da ("Don't dump task struct in a.out core-dumps") broke the
ia64 compile due to missing the necessary header file includes.

Rather than add yet another include (<asm/unistd.h>) to make everything
happy, just uninline the silly core dump helper functions and move the
bodies to fs/exec.c where they make a lot more sense.

dump_seek() in particular was too big to be an inline function anyway,
and none of them are in any way performance-critical.  And we really
don't need to mess up our include file headers more than they already
are.

Reported-and-tested-by: Tony Luck <tony.luck@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
14 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
Linus Torvalds [Thu, 14 Oct 2010 18:19:44 +0000 (11:19 -0700)]
Merge git://git./linux/kernel/git/davem/net-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  ehea: Fix a checksum issue on the receive path
  net: allow FEC driver to use fixed PHY support
  tg3: restore rx_dropped accounting
  b44: fix carrier detection on bind
  net: clear heap allocations for privileged ethtool actions
  NET: wimax, fix use after free
  ATM: iphase, remove sleep-inside-atomic
  ATM: mpc, fix use after free
  ATM: solos-pci, remove use after free
  net/fec: carrier off initially to avoid root mount failure
  r8169: use device model DMA API
  r8169: allocate with GFP_KERNEL flag when able to sleep

14 years agoDon't dump task struct in a.out core-dumps
Linus Torvalds [Thu, 14 Oct 2010 17:57:40 +0000 (10:57 -0700)]
Don't dump task struct in a.out core-dumps

akiphie points out that a.out core-dumps have that odd task struct
dumping that was never used and was never really a good idea (it goes
back into the mists of history, probably the original core-dumping
code).  Just remove it.

Also do the access_ok() check on dump_write().  It probably doesn't
matter (since normal filesystems all seem to do it anyway), but he
points out that it's normally done by the VFS layer, so ...

[ I suspect that we should possibly do "vfs_write()" instead of
  calling ->write directly.  That also does the whole fsnotify and write
  statistics thing, which may or may not be a good idea. ]

And just to be anal, do this all for the x86-64 32-bit a.out emulation
code too, even though it's not enabled (and won't currently even
compile)

Reported-by: akiphie <akiphie@lavabit.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>