Commit Graph

179518 Commits

Author SHA1 Message Date
Paul Mundt 3125ee72dc sh: Track the uncached mapping size.
This provides a variable for tracking the uncached mapping size, and uses
it for pretty printing the uncached lowmem range. Beyond this, we'll also
be building on top of this for figuring out from where the remainder of
P2 becomes usable when constructing unrelated mappings.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-21 15:54:31 +09:00
Paul Mundt 2023b843d7 sh: Rework P2 to only include kernel text.
This effectively neutralizes P2 by getting rid of P1 identity mapping
for all available memory and instead only establishes a single unbuffered
PMB entry (16MB -- the smallest available) that covers the kernel.

As using segmentation for abusing caching attributes in drivers is no
longer supported (and there are no drivers that can be enabled in 32-bit
mode that do this), this provides us with all of the uncached access
needs by the kernel itself.

Drivers and their ilk need to specify their caching attributes when
remapping through page tables, as usual.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-21 15:42:58 +09:00
Paul Mundt 77c2019fc1 sh: initial PMB mapping iteration by helper macro.
All of the cached/uncached mapping setup is duplicated for each size, and
also misses out on the 16MB case. Rather than duplicating the same iter
code for that we just consolidate it in to a helper macro that builds an
iter for each size. The 16MB case is then trivially bolted on at the end.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-21 14:19:41 +09:00
Paul Mundt 35f99c0da1 sh: pretty print virtual memory map on boot.
This cribs the pretty printing from arch/x86/mm/init_32.c to dump the
virtual memory layout on boot. This is primarily intended as a debugging
aid, given that the newer CPUs have full control over their address space
and as such have little to nothing in common with the legacy layout.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 18:48:17 +09:00
Paul Mundt d9116d07f6 sh: mach-sdk7786: Probe system FPGA area mapping.
This implements dynamic probing for the system FPGA. The system reset
controller contains a fixed magic read word in order to identify the
FPGA. This just utilizes a simple loop that scans across all of the fixed
physical areas (area 0 through area 6) to locate the FPGA.

The FPGA also contains register information detailing the area mappings
and chip select settings for all of the other blocks, so this needs to be
done before we can set up anything else.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 18:25:19 +09:00
Paul Mundt 920efaabcb sh: Correct iounmap fixmap teardown.
iounmap_fixed() had a couple of bugs in it that caused it to effectively
fail at life. The total number of pages to unmap factored in the mapping
offset and aligned up to the next page boundary, which doesn't match the
ioremap_fixed() behaviour.

When ioremap_fixed() pegs a slot, the address in the mapping data already
contains the offset displacement, and the size is recorded verbatim given
that we're only interested in total number of pages required. As such, we
need to calculate the total number from the original size in the unmap
path as well.

At the same time, there was also an off-by-1 problem in the fixmap index
calculation which has also been corrected.

Previously subsequent remaps of an identical fixmap index would trigger
the pte_ERROR() in set_pte_phys():

	arch/sh/mm/init.c:77: bad pte 8053ffb0(0000781003fff506).
	arch/sh/mm/init.c:77: bad pte 8053ffb0(0000781003fff506).
	arch/sh/mm/init.c:77: bad pte 8053ffb0(0000781003fff506).
	arch/sh/mm/init.c:77: bad pte 8053ffb0(0000781003fff506).
	arch/sh/mm/init.c:77: bad pte 8053ffb0(0000781003fff506).
	arch/sh/mm/init.c:77: bad pte 8053ffb0(0000781003fff506).

With this patch in place, the iounmap-driven fixmap teardown actually
does what it's supposed to do.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 18:10:30 +09:00
Paul Mundt b51989b8af sh: mach-sdk7786: reset controller reboot support.
This wires up the machine_ops reboot call to use the system reset
controller.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 16:53:11 +09:00
Paul Mundt fbb82b0365 sh: machine_ops based reboot support.
This provides a machine_ops-based reboot interface loosely cloned from
x86, and converts the native sh32 and sh64 cases over to it.

Necessary both for tying in SMP support and also enabling platforms like
SDK7786 to add support for their microcontroller-based power managers.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 16:42:52 +09:00
Paul Mundt 2efa53b269 sh: Make 29/32-bit mode check helper generally available.
Presently __in_29bit_mode() is only defined for the PMB case, but
it's also easily derived from the CONFIG_29BIT and CONFIG_32BIT &&
CONFIG_PMB=n cases.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 16:40:48 +09:00
Paul Mundt 5f240718b4 sh: mach-sdk7786: Split out FPGA IRQ controller setup.
This moves out the FPGA IRQ controller setup code to its own file, in
preparation for switching off of IRL mode and having it provide its own
irq_chip.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 15:23:54 +09:00
Paul Mundt efd590d57a sh: mach-sdk7786: FPGA updates.
This does a bit of refactoring of the FPGA management code. The primary
FPGA initialization is moved out to its own file in preparation for
implementing some of the more complex capabilities, a complete set of
register definitions is provided, and all of the existing users in the
board code are moved over to use the new interface instead of setting up
overlapping mappings. This also corrects the FPGA size, which previously
was chomped off at the SDIF control register.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 15:08:36 +09:00
Paul Mundt bdc27300f5 sh: Handle SH-4 FPU variants with broken CVR values.
Usually we can look to the CVR to work out whether we have an FPU or not.
Unfortunately not all parts comply with this, so just set the flag
manually for all SH-4 parts and clear it on the only SH-4 that doesn't
have one (SH4-501).

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 03:38:56 +09:00
Magnus Damm 50dd3145a5 sh: update PFC to allow any enum in MARK lists
This patch updates the PFC code with some clarifying
comments together with a functional change. The change
allows function type of GPIO to select any type of enum
in their MARK lists. Without this patch only function
type of enums are allowed in MARK lists.

Signed-off-by: Magnus Damm <damm@opensource.se>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 02:50:57 +09:00
Paul Mundt 70911b861b sh: Shut up noisy IOREMAP_FIXED=n build.
The ioremap_fixed() stub neglected to provide a return value, resulting
in a fairly noisy build.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-20 02:45:05 +09:00
Guennadi Liakhovetski 31c3af503e sh: support SIU sourcing from external clock on sh7722
Implement .set_rate() for all SH "div4 clocks," .enable(), .disable(), and
.set_parent() for those, that support them. This allows, among other uses,
reparenting of SIU clocks to the external source, and enabling and
disabling of the IrDA clock on sh7722.

Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 20:23:00 +09:00
Paul Mundt 14965f16b4 sh: Fix up sdk7780 and urquell builds.
These two got broken in the heartbeat private data conversion,
fix them up.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 20:10:33 +09:00
Paul Mundt dea3cf1c39 sh: urquell: Handle EXTAL configuration here, too.
urquell happens to use the same mode pins and EXTAL configuration as
SDK7786, so just copy it over.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 20:09:28 +09:00
Paul Mundt c809821827 sh: mach-sdk7786: Detect/configure/propagate EXTAL.
This uses the mode pins exposed through the FPGA to work out whether
we're driven from EXTAL or not and does the appropriate setup and
propagation through the clock framework.

This will also -EINVAL out for anyone adding in their own oscillators,
forcing proper configuration with the clock framework instead of
proceeding on with bogus clock values.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 19:38:36 +09:00
Paul Mundt 43a1839cb1 sh: SH7786 clock framework rewrite.
This rewrites the SH7786 clock framework support completely. It's
reworked to provide all of the DIV4 and MSTP function clocks. This brings
it in line with the current clock framework code and lets us drop SH7786
from the list of CPUs that require legacy CPG handling.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 19:37:14 +09:00
Paul Mundt a4ae2b2b18 sh64: Fixup build breakage from breakpoint handler rename.
The breakpoint handler was renamed on sh32, but sh64 was overlooked in
the conversion. Fix it up now.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 15:58:27 +09:00
Paul Mundt d6db8888c8 sh64: Use the shared FPU state restorer.
This kills off the sh64-specific state restorer and switches over to
the generic one.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 15:55:27 +09:00
Paul Mundt 88ea1a445a sh64: Fix up PC casting in unaligned fixup notifier with 32bit ABI.
Presently the build bails with the following:

  CC      arch/sh/mm/alignment.o
cc1: warnings being treated as errors
arch/sh/mm/alignment.c: In function 'unaligned_fixups_notify':
arch/sh/mm/alignment.c:69: warning: cast to pointer from integer of different size
arch/sh/mm/alignment.c:74: warning: cast to pointer from integer of different size
make[2]: *** [arch/sh/mm/alignment.o] Error 1

This is due to the fact that regs->pc is always 64-bit, while the pointer size
depends on the ABI. Wrapping through instruction_pointer() takes care of the
appropriate casting for both configurations.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 15:41:50 +09:00
Paul Mundt 3ef2932b8c sh64: Fix up the build for the thread_xstate changes.
This updates the sh64 processor info with the sh32 changes in order to
tie in to the generic task_xstate management code.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 15:40:03 +09:00
Paul Mundt cb6d04468d sh: Kill off now bogus fixmap/page wiring documentation.
The plans for _PAGE_WIRED were detailed in a comment with the fixmap
code, but as it's now all taken care of, we no longer have any reason for
keeping it around, particularly since it's no longer accurate. Kill it
off.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 15:22:52 +09:00
Paul Mundt bb29c677b3 sh: Split out MMUCR.URB based entry wiring in to shared helper.
Presently this is duplicated between tlb-sh4 and tlb-pteaex. Split the
helpers out in to a generic tlb-urb that can be used by any parts
equipped with MMUCR.URB.

At the same time, move the SH-5 code out-of-line, as we require single
global state for DTLB entry wiring.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 15:20:35 +09:00
Paul Mundt 046581f962 sh: Provide a dummy _PAGE_WIRED flag for non-X2TLB parts.
This provides a dummy value for legacy parts which permits the entry
wiring to be open-coded. The compiler takes care of optimizing the entry
wiring away in these cases.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 14:23:39 +09:00
Paul Mundt 6d63e73d52 sh: Limit ioremap_prot() to 32bit pgprot parts.
Presently ioremap_prot() uses an unsigned long to pass the pgprot value
around. This results in the upper half of the pgprot being chomped when
using 64-bit pgprots on a 32-bit ABI (X2TLB and SH-5).

As the only users of ioremap_prot() are presently legacy parts, this
doesn't cause too much of an issue. In the future when the interface is
converted to use pgprot_t directly this can be re-enabled for the other
parts, too.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 14:00:14 +09:00
Paul Mundt f33609344a sh: Convert p3_ioremap() users to ioremap_prot().
This kills off the ancient p3_ioremap(), converting over to the more
generic ioremap_prot() instead.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 13:55:41 +09:00
Paul Mundt acf2c9685f sh: Kill off duplicate address alignment in ioremap_fixed().
This is already taken care of in the top-level ioremap, and now that
no one should be calling ioremap_fixed() directly we can simply throw the
mapping displacement in as an additional argument.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 13:49:19 +09:00
Paul Mundt d57d64080d sh: Prevent 64-bit pgprot clobbering across ioremap implementations.
Presently 'flags' gets passed around a lot between the various ioremap
helpers and implementations, which is only 32-bits. In the X2TLB case
we use 64-bit pgprots which presently results in the upper 32bits being
chopped off (which handily include our read/write/exec permissions).

As such, we convert everything internally to using pgprot_t directly and
simply convert over with pgprot_val() where needed. With this in place,
transparent fixmap utilization for early ioremap works as expected.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-19 13:34:38 +09:00
Paul Mundt af1415314a sh: Flag __ioremap_caller() __init_refok.
The mem_init_done test makes sure that this path is only entered in
__init cases, so leaving ioremap_fixed() as __init and flagging the
caller __init_refok is sufficient.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-18 21:45:00 +09:00
Paul Mundt 12b6b01cb4 sh: Handle unmapping of fixed slots transparently in iounmap().
iounmap() should balance whatever is done by ioremap(). Presently
ioremap() can do any of fixed mappings, PMB mappings, or page table
mappings. Presently only the latter two are handled through the standard
unmap path, so tie in the fixed unmapping, too.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-18 21:33:08 +09:00
Paul Mundt 4f744affc3 sh: Make iounmap_fixed() return success/failure for iounmap() path.
This converts iounmap_fixed() to return success/error if it handled the
unmap request or not. At the same time, drop the __init label, as this
can be called in to later.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-18 21:30:29 +09:00
Paul Mundt 0b59e38ffa sh: Merge _32/_64 ioremap implementations.
There is nothing of interest in the _64 version anymore, so the _32 one
can be renamed and used unconditionally.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-18 21:21:32 +09:00
Paul Mundt edf711b66f sh: Fixup the IOREMAP_FIXED=n build.
Presently the fixed ioremap API is only defined when CONFIG_IOREMAP_FIXED
is set. As we want to call in to it unconditionally, provide a stubbed
out interface.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-18 21:20:13 +09:00
Paul Mundt d9b9487af7 sh: Handle early ioremaps through fixed mappings.
This adds in a mem_init_done to work out when a standard ioremap() is
possible, falling back to the fixmap based ioremap otherwise.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-18 21:08:32 +09:00
Paul Mundt 0c54de146e Merge branch 'sh/stable-updates' 2010-01-18 20:47:37 +09:00
Paul Mundt 8faba61215 Merge branch 'sh/ioremap-fixed' 2010-01-18 20:42:39 +09:00
Paul Mundt 4291b730cd sh: Need IRQs enabled for init_fpu().
This tosses in a local_irq_enable()/disable() pair around the init_fpu()
callsite in the FPU state restore exception handler. Fixes up a slab BUG
triggered by making a slab cache allocation that can sleep whilst
irqs_disabled(). This follows the behaviour undertaken by the x86
implementation.

Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-18 20:39:49 +09:00
Matt Fleming 3d467676ab sh: Setup early PMB mappings.
More and more boards are going to start shipping that boot with the MMU
in 32BIT mode by default. Previously we relied on the bootloader to
setup PMB mappings for use by the kernel but we also need to cater for
boards whose bootloaders don't set them up.

If CONFIG_PMB_LEGACY is not enabled we have full control over our PMB
mappings and can compress our address space. Usually, the distance
between the the cached and uncached mappings of RAM is always 512MB,
however we can compress the distance to be the amount of RAM on the
board.

pmb_init() now becomes much simpler. It no longer has to calculate any
mappings, it just has to synchronise the software PMB table with the
hardware.

Tested on SDK7786 and SH7785LCR.

Signed-off-by: Matt Fleming <matt@console-pimps.org>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-01-18 19:33:10 +09:00
Linus Torvalds 7dc9c484a7 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
  do_add_mount() should sanitize mnt_flags
  CIFS shouldn't make mountpoints shrinkable
  mnt_flags fixes in do_remount()
  attach_recursive_mnt() needs to hold vfsmount_lock over set_mnt_shared()
  may_umount() needs namespace_sem
  Fix configfs leak
  Fix the -ESTALE handling in do_filp_open()
  ecryptfs: Fix refcnt leak on ecryptfs_follow_link() error path
  Fix ACC_MODE() for real
  Unrot uml mconsole a bit
  hppfs: handle ->put_link()
  Kill 9p readlink()
  fix autofs/afs/etc. magic mountpoint breakage
2010-01-17 11:01:16 -08:00
Mike Frysinger 3a5dd791ab modpost: fix segfault in sym_is() with prefixed arches
The sym_is() compares a symbol in an attempt to automatically skip symbol
prefixes.  It does this first by searching the real symbol with the normal
unprefixed symbol.  But then it uses the length of the original symbol to
check the end of the substring instead of the length of the symbol it is
looking for.  On non-prefixed arches, this is effectively the same thing,
so there is no problem.  On prefixed-arches, since this is exceeds by just
one byte, a crash is rare and it is usually a NUL byte anyways.  But every
once in a blue moon, you get the right page alignment and it segfaults.

For example, on the Blackfin arch, sym_is() will be called with the real
symbol "___mod_usb_device_table" as "symbol" when looking for the normal
symbol "__mod_usb_device_table" as "name".  The substring will thus return
one byte into "symbol" and store it into "match".  But then "match" will
be indexed with the length of "symbol" instead of "name" and so we will
exceed the storage.  i.e. the code ends up doing:
	char foo[] = "abc"; return foo[strlen(foo)+1] == '\0';

Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-01-17 11:00:53 -08:00
KOSAKI Motohiro 6ccf80eb15 page allocator: update NR_FREE_PAGES only when necessary
commit f2260e6b (page allocator: update NR_FREE_PAGES only as necessary)
made one minor regression.  if __rmqueue() was failed, NR_FREE_PAGES stat
go wrong.  this patch fixes it.

Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Reviewed-by: Minchan Kim <minchan.kim@gmail.com>
Reported-by: Huang Shijie <shijie8@gmail.com>
Reviewed-by: Christoph Lameter <cl@linux-foundation.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-01-16 16:53:55 -08:00
Linus Torvalds 1f0b8b9554 Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging
* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
  i2c: Do not use device name after device_unregister
  i2c/pca: Don't use *_interruptible
  i2c-ali1563: Remove sparse warnings
  i2c: Test off by one in {piix4,vt596}_transaction()
  i2c-core: Storage class should be before const qualifier
2010-01-16 12:34:56 -08:00
Linus Torvalds 330a518a1a Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  x86, uv: Ensure hub revision set for all ACPI modes.
  x86, uv: Add function retrieving node controller revision number
  x86: xen: 64-bit kernel RPL should be 0
  x86: kernel_thread() -- initialize SS to a known state
  x86/agp: Fix agp_amd64_init and agp_amd64_cleanup
  x86: SGI UV: Fix mapping of MMIO registers
  x86: mce.h: Fix warning in header checks
2010-01-16 12:31:42 -08:00
Linus Torvalds 2a8249daf6 Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  futexes: Remove rw parameter from get_futex_key()
2010-01-16 12:31:30 -08:00
Linus Torvalds c6a93d330b Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  perf tools: Check if /dev/null can be used as the -o gcc argument
  perf tools: Move QUIET_STDERR def to before first use
  perf: Stop stack frame walking off kernel addresses boundaries
2010-01-16 12:27:47 -08:00
Linus Torvalds 6ccc347b69 Merge branch 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'tracing-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
  tracing/filters: Add comment for match callbacks
  tracing/filters: Fix MATCH_FULL filter matching for PTR_STRING
  tracing/filters: Fix MATCH_MIDDLE_ONLY filter matching
  lib: Introduce strnstr()
  tracing/filters: Fix MATCH_END_ONLY filter matching
  tracing/filters: Fix MATCH_FRONT_ONLY filter matching
  ftrace: Fix MATCH_END_ONLY function filter
  tracing/x86: Derive arch from bits argument in recordmcount.pl
  ring-buffer: Add rb_list_head() wrapper around new reader page next field
  ring-buffer: Wrap a list.next reference with rb_list_head()
2010-01-16 12:27:25 -08:00
Mark Brown eb29a5cc0b revert "drivers/video/s3c-fb.c: fix clock setting for Samsung SoC Framebuffer"
Fix divide by zero and broken output.  Commit 600ce1a0fa ("fix clock
setting for Samsung SoC Framebuffer") introduced a mandatory refresh
parameter to the platform data for the S3C framebuffer but did not
introduce any validation code, causing existing platforms (none of which
have refresh set) to divide by zero whenever the framebuffer is
configured, generating warnings and unusable output.

Ben Dooks noted several problems with the patch:

 - The platform data supplies the pixclk directly and should already
   have taken care of the refresh rate.
 - The addition of a window ID parameter doesn't help since only the
   root framebuffer can control the pixclk.
 - pixclk is specified in picoseconds (rather than Hz) as the patch
   assumed.

and suggests reverting the commit so do that.  Without fixing this no
mainline user of the driver will produce output.

[akpm@linux-foundation.org: don't revert the correct bit]
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Cc: InKi Dae <inki.dae@samsung.com>
Cc: Kyungmin Park <kmpark@infradead.org>
Cc: Krzysztof Helt <krzysztof.h1@poczta.fm>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Cc: Ben Dooks <ben-linux@fluff.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-01-16 12:15:40 -08:00
David Howells 7e6608724c nommu: fix shared mmap after truncate shrinkage problems
Fix a problem in NOMMU mmap with ramfs whereby a shared mmap can happen
over the end of a truncation.  The problem is that
ramfs_nommu_check_mappings() checks that the reduced file size against the
VMA tree, but not the vm_region tree.

The following sequence of events can cause the problem:

	fd = open("/tmp/x", O_RDWR|O_TRUNC|O_CREAT, 0600);
	ftruncate(fd, 32 * 1024);
	a = mmap(NULL, 32 * 1024, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
	b = mmap(NULL, 16 * 1024, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
	munmap(a, 32 * 1024);
	ftruncate(fd, 16 * 1024);
	c = mmap(NULL, 32 * 1024, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);

Mapping 'a' creates a vm_region covering 32KB of the file.  Mapping 'b'
sees that the vm_region from 'a' is covering the region it wants and so
shares it, pinning it in memory.

Mapping 'a' then goes away and the file is truncated to the end of VMA
'b'.  However, the region allocated by 'a' is still in effect, and has
_not_ been reduced.

Mapping 'c' is then created, and because there's a vm_region covering the
desired region, get_unmapped_area() is _not_ called to repeat the check,
and the mapping is granted, even though the pages from the latter half of
the mapping have been discarded.

However:

	d = mmap(NULL, 16 * 1024, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);

Mapping 'd' should work, and should end up sharing the region allocated by
'a'.

To deal with this, we shrink the vm_region struct during the truncation,
lest do_mmap_pgoff() take it as licence to share the full region
automatically without calling the get_unmapped_area() file op again.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Greg Ungerer <gerg@snapgear.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-01-16 12:15:40 -08:00