Commit Graph

44666 Commits

Author SHA1 Message Date
Linus Torvalds d1526e2cda Remove stack unwinder for now
It has caused more problems than it ever really solved, and is
apparently not getting cleaned up and fixed.  We can put it back when
it's stable and isn't likely to make warning or bug events worse.

In the meantime, enable frame pointers for more readable stack traces.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-15 08:47:51 -08:00
Stefan Bader e42734e270 [S390] cio: css_register_subchannel race.
Asynchronous probe can release memory of a subchannel before
css_get_ssd_info is called. To fix this call css_get_ssd_info
before registering with driver core.

Signed-off-by: Stefan Bader <shbader@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:18:30 +01:00
Michael Holzheu da1cf23efe [S390] Save prefix register for dump on panic
The dump tools expect that the saved prefix register points to the
lowcore of the dump cpu. Since we set the prefix register to 0 during
reipl/dump, we have to save the original prefix register. Before we
start the dump program, we copy the original prefix register to the
designated location in the lowcore.

Signed-off-by: Michael Holzheu <holzheu@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:18:27 +01:00
Michael Holzheu 58be944127 [S390] Fix reboot hang
We use printks after shutting down all other cpus. This is not allowed
and can lead to deadlocks. Therefore the printks have to be removed.

Signed-off-by: Michael Holzheu <holzheu@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:18:25 +01:00
Michael Holzheu a45e14148f [S390] Fix reboot hang on LPARs
Reboot hangs on LPARs without diag308 support. The reason for this is,
that before the reboot is done, the channel subsystem is shut down.
During the reset on each possible subchannel a "store subchannel" is
done. This operation can end in a program check interruption, if the
specified subchannel set is not implemented by the hardware. During
the reset, currently we do not have a program check handler, which
leads to the described kernel bug. We install now a new program check
handler for the reboot code to fix this problem.

Signed-off-by: Michael Holzheu <holzheu@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:18:22 +01:00
Christian Borntraeger b3c14d0bfd [S390] sclp_cpi module license.
sclp_cpi is GPL. Make the module not taint the kernel

Signed-off-by: Christian Borntraeger <cborntra@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:18:20 +01:00
Ralph Wuerthner 13e742babd [S390] zcrypt: module unload fixes.
Add code to reset all queues for a domain and add missing tasklet_kill
call to ap bus module exit code.

Signed-off-by: Ralph Wuerthner <rwuerthn@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:18:17 +01:00
Ursula Braun 028cf917b2 [S390] Hipersocket multicast queue: make sure outbound handler is called
A HiperSocket multicast queue works asynchronously. When sending
buffers, the buffer state change from PRIMED to EMPTY may happen
delayed. Reschedule the checking for changes in the outbound queue,
if there are still PRIMED buffers.

Signed-off-by: Ursula Braun <braunu@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:18:14 +01:00
Christian Borntraeger 86b22470f6 [S390] hypfs fixes
Correct typo to make hypfs work on systems that support only diag204
subcode 4 and fix error handling in hypfs_diag_init.

Signed-off-by: Christian Borntraeger <cborntra@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:18:10 +01:00
Martin Schwidefsky 240bfbef67 [S390] update default configuration
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2006-12-15 17:17:57 +01:00
Ben Collins d1998ef38a [PATCH] ib_verbs: Use explicit if-else statements to avoid errors with do-while macros
At least on PPC, the "op ? op : dma" construct causes a compile failure
because the dma_* is a do{}while(0) macro.

This turns all of them into proper if/else to avoid this problem.

Signed-off-by: Ben Collins <bcollins@ubuntu.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13 19:47:13 -08:00
Linus Torvalds cc016448b0 Linux v2.6.20-rc1
.. and so the stabilization phase starts.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13 17:14:23 -08:00
Patrick McHardy 2bf540b73e [NETFILTER]: bridge-netfilter: remove deferred hooks
Remove the deferred hooks and all related code as scheduled in
feature-removal-schedule.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:54:25 -08:00
Kim Nordlund 8bce65b95a [IPV6]: Make fib6_node subtree depend on IPV6_SUBTREES
Make fib6_node 'subtree' depend on IPV6_SUBTREES.

Signed-off-by: Kim Nordlund <kim.nordlund@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:31 -08:00
Ivan Skytte Jorgensen 6ab792f577 [SCTP]: Add support for SCTP_CONTEXT socket option.
Signed-off-by: Ivan Skytte Jorgensen <isj-sctp@i1.dk>
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:29 -08:00
Sridhar Samudrala 882a382c3e [SCTP]: Enable auto loading of SCTP when creating an ipv6 SCTP socket.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:28 -08:00
Sridhar Samudrala 29c7cf9618 [SCTP]: Handle address add/delete events in a more efficient way.
Currently in SCTP, we maintain a local address list by rebuilding the whole
list from the device list whenever we get a address add/delete event.

This patch fixes it by only adding/deleting the address for which we
receive the event.

Also removed the sctp_local_addr_lock() which is no longer needed as we
now use list_for_each_safe() to traverse this list. This fixes the bugs
in sctp_copy_laddrs_xxx() routines where we do copy_to_user() while
holding this lock.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:27 -08:00
David S. Miller 6931ba7cef [TCP]: Fix oops caused by __tcp_put_md5sig_pool()
It should call tcp_free_md5sig_pool() not __tcp_free_md5sig_pool()
so that it does proper refcounting.

Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:26 -08:00
Brian Haley befffe9016 [IPV6]: Fix IPV6_UNICAST_HOPS getsockopt().
> Relevant standard (RFC 3493) notes:
>
>    The IPV6_UNICAST_HOPS option may be used with getsockopt() to
>    determine the hop limit value that the system will use for subsequent
>    unicast packets sent via that socket.
>
> I don't reckon -1 could be the hop limit value.

-1 means un-initialized.

> IMHO, the value from
> case 1 (if socket is connected to some destination), otherwise case 2
> (if bound to a scope interface) or ultimately the default hop limit
> ought to be returned instead, as it will be most often correct, while
> the current behavior is always wrong, unless setsockopt() has been used
> first. I don't if some people may think doing a route lookup in
> getsockopt might be overly expensive, but at least the two other cases
> should be ok, particularly the last one.

The following patch seems to work for me, but this code has behaved this
way for a while, so don't know if it will break any existing apps.

Signed-off-by: Brian Haley <brian.haley@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:25 -08:00
Ian McDonald 832e3ca62d [DCCP] ccid3: return value in ccid3_hc_rx_calc_first_li
In a recent patch we introduced invalid return codes which will result in the
opposite of what is intended (i.e. send more packets in face of peculiar
network conditions).

This fixes it by returning ~0 which means not calculated as per
dccp_li_hist_calc_i_mean.

Signed-off-by: Ian McDonald <ian.mcdonald@jandi.co.nz>
Signed-off-by: Arnaldo Carvalho de Melo <acme@mandriva.com>
2006-12-13 16:48:24 -08:00
Al Viro e1b4b9f398 [NETFILTER]: {ip,ip6,arp}_tables: fix exponential worst-case search for loops
If we come to node we'd already marked as seen and it's not a part of path
(i.e. we don't have a loop right there), we already know that it isn't a
part of any loop, so we don't need to revisit it.

That speeds the things up if some chain is refered to from several places
and kills O(exp(table size)) worst-case behaviour (without sleeping,
at that, so if you manage to self-LART that way, you are SOL for a long
time)...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:23 -08:00
Dmitry Mishin a96be24679 [NETFILTER]: ip_tables: ipt and ipt_compat checks unification
Matches and targets verification is duplicated in normal and compat processing
ways. This patch refactors code in order to remove this.

Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:22 -08:00
Yasuyuki Kozakai 11078c371e [NETFILTER]: x_tables: add missing try to load conntrack from match/targets
CLUSTERIP, CONNMARK, CONNSECMARK, and connbytes need ip_conntrack or
layer 3 protocol module of nf_conntrack.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:21 -08:00
Yasuyuki Kozakai fe0b9294c9 [NETFILTER]: x_tables: error if ip_conntrack is asked to handle IPv6 packets
To do that, this makes nf_ct_l3proto_try_module_{get,put} compatible
functions. As a result we can remove '#ifdef' surrounds and direct call of
need_conntrack().

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:20 -08:00
Yasuyuki Kozakai 083e69e99e [NETFILTER]: nf_nat: fix NF_NAT dependency
NF_NAT depends on NF_CONNTRACK_IPV4, not NF_CONNTRACK.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:19 -08:00
Patrick McHardy 3a411355bc [NETFILTER]: Fix INET=n linking error
Building with INET=n results in

WARNING: "ip_route_output_key" [net/netfilter/nf_conntrack_h323.ko] undefined!

The entire code in net/netfilter is only used for IPv4/IPv6 currently, so
let it depend on INET.

Noticed by Toralf Förster <toralf.foerster@gmx.de>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-12-13 16:48:18 -08:00
Linus Torvalds e05135d155 Merge branch 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm
* 'for-linus' of master.kernel.org:/home/rmk/linux-2.6-arm:
  [ARM] 4017/1: [Jornada7xx] - Updating Jornada720.c
  [ARM] 3992/1: i.MX/MX1 CPU Frequency scaling support
  [ARM] Provide a method to alter the control register
  [ARM] 4016/1: prefetch macro is wrong wrt gcc's "delete-null-pointer-checks"
  [ARM] Remove empty fixup function
  [ARM] 4014/1: include drivers/hid/Kconfig
  [ARM] 4013/1: clocksource driver for netx
  [ARM] 4012/1: Clocksource for pxa
  [ARM] Clean up ioremap code
  [ARM] Unuse another Linux PTE bit
  [ARM] Clean up KERNEL_RAM_ADDR
  [ARM] Add sys_*at syscalls
  [ARM] 4004/1: S3C24XX: UDC remove implict addition of VA to regs
  [ARM] Formalise the ARMv6 processor name string
  [ARM] Handle HWCAP_VFP in VFP support code
  [ARM] 4011/1: AT91SAM9260: Fix compilation with NAND driver
  [ARM] 4010/1: AT91SAM9260-EK board: Prepare for MACB Ethernet support
2006-12-13 15:58:32 -08:00
Linus Torvalds 8eefb2b7ad Merge branch 'release' of master.kernel.org:/home/ftp/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of master.kernel.org:/home/ftp/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] Move sg_dma_{len,address} from pci.h to scatterlist.h
2006-12-13 15:57:58 -08:00
David Brownell f89bce3d9a Driver core: deprecate PM_LEGACY, default it to N
Deprecate the old "legacy" PM API, and more importantly default it to "n".
Virtually nothing in-tree uses it any more.

Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:46 -08:00
Scott Wood 6eefd34fdc Driver core: Make platform_device_add_data accept a const pointer
platform_device_add_data() makes a copy of the data that is given to it,
and thus the parameter can be const.  This removes a warning when data
from get_property() on powerpc is handed to platform_device_add_data(),
as get_property() returns a const pointer.

Signed-off-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:46 -08:00
Andrew Morton c63e07834b Driver core: "platform_driver_probe() can save codespace": save codespace
This function can be __init

Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:45 -08:00
Mathieu Desnoyers 29a7f3ada7 DebugFS : file/directory removal fix
Fix file and directory removal in debugfs. Add inotify support for file removal.

The following scenario :
create dir a
create dir a/b

cd a/b (some process goes in cwd a/b)

rmdir a/b
rmdir a

fails due to the fact that "a" appears to be non empty. It is because
the "b" dentry is not deleted from "a" and still in use. The same
problem happens if "b" is a file. d_delete is nice enough to know when
it needs to unhash and free the dentry if nothing else is using it or,
if someone is using it, to remove it from the hash queues and wait for
it to be deleted when it has no users.

The nice side-effect of this fix is that it calls the file removal
notification.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:45 -08:00
Mathieu Desnoyers 65c333367b DebugFS : more file/directory creation error handling
Correct dentry count to handle creation errors.

This patch puts a dput at the file creation instead of the file removal :
lookup_one_len already returns a dentry with reference count of 1. Then,
the dget() in simple_mknod increments it when the dentry is associated
with a file. In a scenario where simple_create or simple_mkdir returns
an error, this would lead to an unwanted increment of the reference
counter, therefore making file removal impossible.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:45 -08:00
Mathieu Desnoyers 63223a0654 DebugFS : file/directory creation error handling
Fix error handling of file and directory creation in DebugFS.

The error path should release the file system because no _remove will be called
for this erroneous creation.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:45 -08:00
Mathieu Desnoyers bafb232ec4 DebugFS : coding style fixes
Minor coding style fixes along the way : 80 cols and a white space.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:45 -08:00
Mathieu Desnoyers 4f36557fbe DebugFS : inotify create/mkdir support
Add inotify create and mkdir events to DebugFS.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@polymtl.ca>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:45 -08:00
Akinobu Mita 44c53c4ff0 driver core: delete virtual directory on class_unregister()
Class virtual directory is created as the need arises.
But it is not deleted when the class is unregistered.

Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:45 -08:00
Kay Sievers 1f71740ab9 Driver core: show "initstate" of module
Show the initialization state(live, coming, going) of the module:
  $ cat /sys/module/usbcore/initstate
  live

Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-12-13 15:38:45 -08:00
Venkatesh Pallipadi 4e581ff165 [CPUFREQ] Trivial cleanup for acpi read/write port in acpi-cpufreq.c
Small cleanup in acpi-cpufreq.

Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Dave Jones <davej@redhat.com>
2006-12-13 18:12:31 -05:00
Russell King e9ccb79927 [ARM] Merge AT91 and devel branches
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-12-13 22:44:15 +00:00
Kristoffer Ericson 408966b85e [ARM] 4017/1: [Jornada7xx] - Updating Jornada720.c
* HP Jornada 720 uses epson 1356 chip for graphics. This chip is compatible with s1d13xxxfb driver.

* HP Jornada 720 uses a Microprocessor Control Unit to talk to various
hardware. We add it as a platform device in jornada720_init()

* We provide pm_suspend() to avoid unresolved symbols in apm.o. We are
unable to truly suspend now, hence the stub.

* Speaker/microphone enabling got removed because it will be placed in the alsa driver.

Signed-off-by: Filip Zyzniewski <(address hidden)>
Signed-off-by: Kristoffer Ericson <(address hidden)>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-12-13 22:43:37 +00:00
Tony Luck 7806ca89bc [IA64] Move sg_dma_{len,address} from pci.h to scatterlist.h
IA64 is in a tiny minority providing these defines in pci.h.
Almost everyone else has them in scatterlist.h

Signed-off-by: Tony Luck <tony.luck@intel.com>
2006-12-13 13:15:10 -08:00
Pavel Pisa 3c8cd0cce9 [ARM] 3992/1: i.MX/MX1 CPU Frequency scaling support
Support to change MX1 CPU frequency at runtime.
Tested on PiKRON's PiMX1 board and seems to be fully
stable up to 200 MHz end even as low as 8 MHz.

Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-12-13 18:36:02 +00:00
Russell King 47fd705287 [ARM] Provide a method to alter the control register
i.MX needs to tweak the control register to support CPU frequency
scaling.  Rather than have folk blindly try and change the control
register by writing to it and then wondering why it doesn't work,
provide a method (which is safe for UP only, and therefore only
available for UP) to achieve this.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-12-13 18:33:53 +00:00
Nicolas Pitre 02828845dd [ARM] 4016/1: prefetch macro is wrong wrt gcc's "delete-null-pointer-checks"
optimization

The gcc manual says:

|`-fdelete-null-pointer-checks'
|     Use global dataflow analysis to identify and eliminate useless
|     checks for null pointers.  The compiler assumes that dereferencing
|     a null pointer would have halted the program.  If a pointer is
|     checked after it has already been dereferenced, it cannot be null.
|     Enabled at levels `-O2', `-O3', `-Os'.

Now the problem can be seen with this test case:

#include <linux/prefetch.h>
extern void bar(char *x);
void foo(char *x)
{
	prefetch(x);
	if (x)
		bar(x);
}

Because the constraint to the inline asm used in the prefetch() macro is
a memory operand, gcc assumes that the asm code does dereference the
pointer and the delete-null-pointer-checks optimization kicks in.
Inspection of generated assembly for the above example shows that bar()
is indeed called unconditionally without any test on the value of x.

Of course in the prefetch case there is no real dereference and it
cannot be assumed that a null pointer would have been caught at that
point. This causes kernel oopses with constructs like
hlist_for_each_entry() where the list's 'next' content is prefetched
before the pointer is tested against NULL, and only when gcc feels like
applying this optimization which doesn't happen all the time with more
complex code.

It appears that the way to prevent delete-null-pointer-checks
optimization to occur in this case is to make prefetch() into a static
inline function instead of a macro. At least this is what is done on
x86_64 where a similar inline asm memory operand is used (I presume they
would have seen the same problem if it didn't work) and resulting code
for the above example confirms that.

An alternative would consist of replacing the memory operand by a
register operand containing the pointer, and use the addressing mode
explicitly in the asm template. But that would be less optimal than an
offsettable memory reference.

Signed-off-by: Nicolas Pitre <nico@cam.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
2006-12-13 18:30:20 +00:00
Russell King aef6fba4f9 [PATCH] Add missing KORENIX PCI ID's
Oops, sorry about that.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13 10:06:55 -08:00
Ralf Baechle ec8c0446b6 [PATCH] Optimize D-cache alias handling on fork
Virtually index, physically tagged cache architectures can get away
without cache flushing when forking.  This patch adds a new cache
flushing function flush_cache_dup_mm(struct mm_struct *) which for the
moment I've implemented to do the same thing on all architectures
except on MIPS where it's a no-op.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13 09:27:08 -08:00
Atsushi Nemoto bcd022801e [PATCH] MIPS: Fix COW D-cache aliasing on fork
Provide a custom copy_user_highpage() to deal with aliasing issues on
MIPS.  It uses kmap_coherent() to map an user page for kernel with same
color.  Rewrite copy_to_user_page() and copy_from_user_page() with the
new interfaces to avoid extra cache flushing.

The main part of this patch was originally written by Ralf Baechle;
Atushi Nemoto did the the debugging.

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13 09:27:08 -08:00
Atsushi Nemoto 9de455b207 [PATCH] Pass vma argument to copy_user_highpage().
To allow a more effective copy_user_highpage() on certain architectures,
a vma argument is added to the function and cow_user_page() allowing
the implementation of these functions to check for the VM_EXEC bit.

The main part of this patch was originally written by Ralf Baechle;
Atushi Nemoto did the the debugging.

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13 09:27:08 -08:00
Atsushi Nemoto 77fff4ae2b [PATCH] Fix COW D-cache aliasing on fork
Problem:

1. There is a process containing two thread (T1 and T2).  The
   thread T1 calls fork().  Then dup_mmap() function called on T1 context.

static inline int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
	...
	flush_cache_mm(current->mm);
	...	/* A */
	(write-protect all Copy-On-Write pages)
	...	/* B */
	flush_tlb_mm(current->mm);
	...

2. When preemption happens between A and B (or on SMP kernel), the
   thread T2 can run and modify data on COW pages without page fault
   (modified data will stay in cache).

3. Some time after fork() completed, the thread T2 may cause a page
   fault by write-protect on a COW page.

4. Then data of the COW page will be copied to newly allocated
   physical page (copy_cow_page()).  It reads data via kernel mapping.
   The kernel mapping can have different 'color' with user space
   mapping of the thread T2 (dcache aliasing).  Therefore
   copy_cow_page() will copy stale data.  Then the modified data in
   cache will be lost.

In order to allow architecture code to deal with this problem allow
architecture code to override copy_user_highpage() by defining
__HAVE_ARCH_COPY_USER_HIGHPAGE in <asm/page.h>.

The main part of this patch was originally written by Ralf Baechle;
Atushi Nemoto did the the debugging.

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-12-13 09:27:07 -08:00