From c4a3987fa075b2d15ebc3d59b01fb7ed403cd3e1 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Mon, 29 Mar 2010 22:33:28 -0700 Subject: drivers/serial/sunsu.c: Correct use after free The of_iounmap is at the out_unmap label, but at that point up has already been freed. The free cannot be moved to the out_unmap label, because that label is reachable from cases where up should not be freed. So the call to of_iounmap is just duplicated, and the goto converted to a return. A simplified version of the semantic match that finds this problem is as follows: (http://coccinelle.lip6.fr/) // @@ expression x,e; identifier f; iterator I; statement S; @@ *kfree(x); ... when != &x when != x = e when != I(x,...) S *x->f // Signed-off-by: Julia Lawall Signed-off-by: David S. Miller diff --git a/drivers/serial/sunsu.c b/drivers/serial/sunsu.c index 170d3d6..cbcfb18 100644 --- a/drivers/serial/sunsu.c +++ b/drivers/serial/sunsu.c @@ -1453,8 +1453,10 @@ static int __devinit su_probe(struct of_device *op, const struct of_device_id *m if (up->su_type == SU_PORT_KBD || up->su_type == SU_PORT_MS) { err = sunsu_kbd_ms_init(up); if (err) { + of_iounmap(&op->resource[0], + up->port.membase, up->reg_size); kfree(up); - goto out_unmap; + return err; } dev_set_drvdata(&op->dev, up); -- cgit v0.10.2 From b857bd292223f54aaae3693c82fa7299a99991cd Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Wed, 31 Mar 2010 18:05:05 -0700 Subject: sparc: Fix regset register window handling. We have to adjust 'reg_window' down by 16 becuase the 'pos' iterator we'll use to index into the stack slots will be between 16 and 32. Signed-off-by: David S. Miller diff --git a/arch/sparc/kernel/ptrace_32.c b/arch/sparc/kernel/ptrace_32.c index 7e3dfd9..e608f39 100644 --- a/arch/sparc/kernel/ptrace_32.c +++ b/arch/sparc/kernel/ptrace_32.c @@ -65,6 +65,7 @@ static int genregs32_get(struct task_struct *target, *k++ = regs->u_regs[pos++]; reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; + reg_window -= 16; for (; count > 0 && pos < 32; count--) { if (get_user(*k++, ®_window[pos++])) return -EFAULT; @@ -76,6 +77,7 @@ static int genregs32_get(struct task_struct *target, } reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; + reg_window -= 16; for (; count > 0 && pos < 32; count--) { if (get_user(reg, ®_window[pos++]) || put_user(reg, u++)) @@ -141,6 +143,7 @@ static int genregs32_set(struct task_struct *target, regs->u_regs[pos++] = *k++; reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; + reg_window -= 16; for (; count > 0 && pos < 32; count--) { if (put_user(*k++, ®_window[pos++])) return -EFAULT; @@ -153,6 +156,7 @@ static int genregs32_set(struct task_struct *target, } reg_window = (unsigned long __user *) regs->u_regs[UREG_I6]; + reg_window -= 16; for (; count > 0 && pos < 32; count--) { if (get_user(reg, u++) || put_user(reg, ®_window[pos++])) diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c index 2f6524d..aa90da0 100644 --- a/arch/sparc/kernel/ptrace_64.c +++ b/arch/sparc/kernel/ptrace_64.c @@ -492,6 +492,7 @@ static int genregs32_get(struct task_struct *target, *k++ = regs->u_regs[pos++]; reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; + reg_window -= 16; if (target == current) { for (; count > 0 && pos < 32; count--) { if (get_user(*k++, ®_window[pos++])) @@ -516,6 +517,7 @@ static int genregs32_get(struct task_struct *target, } reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; + reg_window -= 16; if (target == current) { for (; count > 0 && pos < 32; count--) { if (get_user(reg, ®_window[pos++]) || @@ -599,6 +601,7 @@ static int genregs32_set(struct task_struct *target, regs->u_regs[pos++] = *k++; reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; + reg_window -= 16; if (target == current) { for (; count > 0 && pos < 32; count--) { if (put_user(*k++, ®_window[pos++])) @@ -625,6 +628,7 @@ static int genregs32_set(struct task_struct *target, } reg_window = (compat_ulong_t __user *) regs->u_regs[UREG_I6]; + reg_window -= 16; if (target == current) { for (; count > 0 && pos < 32; count--) { if (get_user(reg, u++) || -- cgit v0.10.2 From 33cd9dfa3a13e3d8e41aef225a9f98169816723b Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sat, 3 Apr 2010 13:58:45 -0700 Subject: sparc64: Fix array size reported by vmemmap_populate() vmemmap_populate() attempts to report the used index and total size of vmemmap_table, but it wrongly shifts the total size so that it is always shown as 0. Signed-off-by: Ben Hutchings Signed-off-by: David S. Miller diff --git a/arch/sparc/mm/init_64.c b/arch/sparc/mm/init_64.c index 9245a82..20beb80 100644 --- a/arch/sparc/mm/init_64.c +++ b/arch/sparc/mm/init_64.c @@ -2117,7 +2117,7 @@ int __meminit vmemmap_populate(struct page *start, unsigned long nr, int node) "node=%d entry=%lu/%lu\n", start, block, nr, node, addr >> VMEMMAP_CHUNK_SHIFT, - VMEMMAP_SIZE >> VMEMMAP_CHUNK_SHIFT); + VMEMMAP_SIZE); } } return 0; -- cgit v0.10.2 From 3f6c148df42d98f0991baf4353497d380a30bc19 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Sat, 3 Apr 2010 16:18:32 -0700 Subject: sparc64: Update defconfig. Signed-off-by: David S. Miller diff --git a/arch/sparc/configs/sparc64_defconfig b/arch/sparc/configs/sparc64_defconfig index 56e3163..259e3fd 100644 --- a/arch/sparc/configs/sparc64_defconfig +++ b/arch/sparc/configs/sparc64_defconfig @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit -# Linux kernel version: 2.6.33 -# Wed Mar 3 02:54:29 2010 +# Linux kernel version: 2.6.34-rc3 +# Sat Apr 3 15:49:56 2010 # CONFIG_64BIT=y CONFIG_SPARC=y @@ -23,6 +23,7 @@ CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_GENERIC_HARDIRQS_NO__DO_IRQ=y CONFIG_MMU=y +CONFIG_NEED_DMA_MAP_STATE=y CONFIG_ARCH_NO_VIRT_TO_BUS=y CONFIG_OF=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y @@ -439,6 +440,7 @@ CONFIG_MISC_DEVICES=y # CONFIG_ENCLOSURE_SERVICES is not set # CONFIG_HP_ILO is not set # CONFIG_ISL29003 is not set +# CONFIG_SENSORS_TSL2550 is not set # CONFIG_DS1682 is not set # CONFIG_C2PORT is not set @@ -511,6 +513,7 @@ CONFIG_BLK_DEV_IDEDMA=y # # SCSI device support # +CONFIG_SCSI_MOD=y CONFIG_RAID_ATTRS=m CONFIG_SCSI=y CONFIG_SCSI_DMA=y @@ -888,6 +891,7 @@ CONFIG_SERIAL_SUNHV=y CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y # CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_TIMBERDALE is not set # CONFIG_SERIAL_GRLIB_GAISLER_APBUART is not set CONFIG_UNIX98_PTYS=y # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set @@ -935,6 +939,7 @@ CONFIG_I2C_ALGOBIT=y # # CONFIG_I2C_OCORES is not set # CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_XILINX is not set # # External I2C/SMBus adapter drivers @@ -948,15 +953,9 @@ CONFIG_I2C_ALGOBIT=y # # CONFIG_I2C_PCA_PLATFORM is not set # CONFIG_I2C_STUB is not set - -# -# Miscellaneous I2C Chip support -# -# CONFIG_SENSORS_TSL2550 is not set # CONFIG_I2C_DEBUG_CORE is not set # CONFIG_I2C_DEBUG_ALGO is not set # CONFIG_I2C_DEBUG_BUS is not set -# CONFIG_I2C_DEBUG_CHIP is not set # CONFIG_SPI is not set # @@ -982,10 +981,11 @@ CONFIG_HWMON=y # CONFIG_SENSORS_ADM1029 is not set # CONFIG_SENSORS_ADM1031 is not set # CONFIG_SENSORS_ADM9240 is not set +# CONFIG_SENSORS_ADT7411 is not set # CONFIG_SENSORS_ADT7462 is not set # CONFIG_SENSORS_ADT7470 is not set -# CONFIG_SENSORS_ADT7473 is not set # CONFIG_SENSORS_ADT7475 is not set +# CONFIG_SENSORS_ASC7621 is not set # CONFIG_SENSORS_ATXP1 is not set # CONFIG_SENSORS_DS1621 is not set # CONFIG_SENSORS_I5K_AMB is not set @@ -1052,18 +1052,21 @@ CONFIG_SSB_POSSIBLE=y # Multifunction device drivers # # CONFIG_MFD_CORE is not set +# CONFIG_MFD_88PM860X is not set # CONFIG_MFD_SM501 is not set # CONFIG_HTC_PASIC3 is not set # CONFIG_TWL4030_CORE is not set # CONFIG_MFD_TMIO is not set # CONFIG_PMIC_DA903X is not set # CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_MAX8925 is not set # CONFIG_MFD_WM8400 is not set # CONFIG_MFD_WM831X is not set # CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set # CONFIG_MFD_PCF50633 is not set # CONFIG_AB3100_CORE is not set -# CONFIG_MFD_88PM8607 is not set +# CONFIG_LPC_SCH is not set # CONFIG_REGULATOR is not set # CONFIG_MEDIA_SUPPORT is not set @@ -1113,6 +1116,7 @@ CONFIG_FB_FFB=y # CONFIG_FB_LEO is not set CONFIG_FB_XVR500=y CONFIG_FB_XVR2500=y +CONFIG_FB_XVR1000=y # CONFIG_FB_S1D13XXX is not set # CONFIG_FB_NVIDIA is not set # CONFIG_FB_RIVA is not set @@ -1430,7 +1434,6 @@ CONFIG_USB_STORAGE=m # CONFIG_USB_RIO500 is not set # CONFIG_USB_LEGOTOWER is not set # CONFIG_USB_LCD is not set -# CONFIG_USB_BERRY_CHARGE is not set # CONFIG_USB_LED is not set # CONFIG_USB_CYPRESS_CY7C63 is not set # CONFIG_USB_CYTHERM is not set @@ -1443,7 +1446,6 @@ CONFIG_USB_STORAGE=m # CONFIG_USB_IOWARRIOR is not set # CONFIG_USB_TEST is not set # CONFIG_USB_ISIGHTFW is not set -# CONFIG_USB_VST is not set # CONFIG_USB_GADGET is not set # @@ -1610,6 +1612,7 @@ CONFIG_MISC_FILESYSTEMS=y # CONFIG_BEFS_FS is not set # CONFIG_BFS_FS is not set # CONFIG_EFS_FS is not set +# CONFIG_LOGFS is not set # CONFIG_CRAMFS is not set # CONFIG_SQUASHFS is not set # CONFIG_VXFS_FS is not set @@ -1624,6 +1627,7 @@ CONFIG_NETWORK_FILESYSTEMS=y # CONFIG_NFS_FS is not set # CONFIG_NFSD is not set # CONFIG_SMB_FS is not set +# CONFIG_CEPH_FS is not set # CONFIG_CIFS is not set # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set -- cgit v0.10.2 From 954fbc8985328a3b59b5881243d3aa04a8f8da7c Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Sat, 3 Apr 2010 23:50:59 -0700 Subject: sparc64: Implement perf_arch_fetch_caller_regs We provide regs->tstate, regs->tpc, regs->tnpc and regs->u_regs[UREG_FP]. regs->tstate is necessary for: user_mode() (via perf_exclude_event()) perf_misc_flags() (via perf_prepare_sample()) regs->tpc is necessary for: perf_instruction_pointer() (via perf_prepare_sample()) and regs->u_regs[UREG_FP] is necessary for: perf_callchain() (via perf_prepare_sample()) The regs->tnpc value is provided just to be tidy. Signed-off-by: David S. Miller diff --git a/arch/sparc/kernel/helpers.S b/arch/sparc/kernel/helpers.S index 314dd0c..92090cc 100644 --- a/arch/sparc/kernel/helpers.S +++ b/arch/sparc/kernel/helpers.S @@ -46,6 +46,81 @@ stack_trace_flush: nop .size stack_trace_flush,.-stack_trace_flush +#ifdef CONFIG_PERF_EVENTS + .globl perf_arch_fetch_caller_regs + .type perf_arch_fetch_caller_regs,#function +perf_arch_fetch_caller_regs: + /* We always read the %pstate into %o5 since we will use + * that to construct a fake %tstate to store into the regs. + */ + rdpr %pstate, %o5 + brz,pn %o2, 50f + mov %o2, %g7 + + /* Turn off interrupts while we walk around the register + * window by hand. + */ + wrpr %o5, PSTATE_IE, %pstate + + /* The %canrestore tells us how many register windows are + * still live in the chip above us, past that we have to + * walk the frame as saved on the stack. We stash away + * the %cwp in %g1 so we can return back to the original + * register window. + */ + rdpr %cwp, %g1 + rdpr %canrestore, %g2 + sub %g1, 1, %g3 + + /* We have the skip count in %g7, if it hits zero then + * %fp/%i7 are the registers we need. Otherwise if our + * %canrestore count maintained in %g2 hits zero we have + * to start traversing the stack. + */ +10: brz,pn %g2, 4f + sub %g2, 1, %g2 + wrpr %g3, %cwp + subcc %g7, 1, %g7 + bne,pt %xcc, 10b + sub %g3, 1, %g3 + + /* We found the values we need in the cpu's register + * windows. + */ + mov %fp, %g3 + ba,pt %xcc, 3f + mov %i7, %g2 + +50: mov %fp, %g3 + ba,pt %xcc, 2f + mov %i7, %g2 + + /* We hit the end of the valid register windows in the + * cpu, start traversing the stack frame. + */ +4: mov %fp, %g3 + +20: ldx [%g3 + STACK_BIAS + RW_V9_I7], %g2 + subcc %g7, 1, %g7 + bne,pn %xcc, 20b + ldx [%g3 + STACK_BIAS + RW_V9_I6], %g3 + + /* Restore the current register window position and + * re-enable interrupts. + */ +3: wrpr %g1, %cwp + wrpr %o5, %pstate + +2: stx %g3, [%o0 + PT_V9_FP] + sllx %o5, 8, %o5 + stx %o5, [%o0 + PT_V9_TSTATE] + stx %g2, [%o0 + PT_V9_TPC] + add %g2, 4, %g2 + retl + stx %g2, [%o0 + PT_V9_TNPC] + .size perf_arch_fetch_caller_regs,.-perf_arch_fetch_caller_regs +#endif /* CONFIG_PERF_EVENTS */ + #ifdef CONFIG_SMP .globl hard_smp_processor_id .type hard_smp_processor_id,#function -- cgit v0.10.2 From bdd32ce95f79fb5cc964cd789d7ae4500bba7c6f Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Sun, 4 Apr 2010 01:12:50 -0700 Subject: sunxvr500: Ignore secondary output PCI devices. These just represent the secondary and further heads attached to the card, and they have different sets of PCI bar registers to map. So don't try to drive them in the main driver. Reported-by: Frans van Berckel Tested-by: Frans van Berckel Signed-off-by: David S. Miller diff --git a/drivers/video/sunxvr500.c b/drivers/video/sunxvr500.c index 4cd5049..3803745 100644 --- a/drivers/video/sunxvr500.c +++ b/drivers/video/sunxvr500.c @@ -242,11 +242,27 @@ static int __devinit e3d_set_fbinfo(struct e3d_info *ep) static int __devinit e3d_pci_register(struct pci_dev *pdev, const struct pci_device_id *ent) { + struct device_node *of_node; + const char *device_type; struct fb_info *info; struct e3d_info *ep; unsigned int line_length; int err; + of_node = pci_device_to_OF_node(pdev); + if (!of_node) { + printk(KERN_ERR "e3d: Cannot find OF node of %s\n", + pci_name(pdev)); + return -ENODEV; + } + + device_type = of_get_property(of_node, "device_type", NULL); + if (!device_type) { + printk(KERN_INFO "e3d: Ignoring secondary output device " + "at %s\n", pci_name(pdev)); + return -ENODEV; + } + err = pci_enable_device(pdev); if (err < 0) { printk(KERN_ERR "e3d: Cannot enable PCI device %s\n", @@ -265,13 +281,7 @@ static int __devinit e3d_pci_register(struct pci_dev *pdev, ep->info = info; ep->pdev = pdev; spin_lock_init(&ep->lock); - ep->of_node = pci_device_to_OF_node(pdev); - if (!ep->of_node) { - printk(KERN_ERR "e3d: Cannot find OF node of %s\n", - pci_name(pdev)); - err = -ENODEV; - goto err_release_fb; - } + ep->of_node = of_node; /* Read the PCI base register of the frame buffer, which we * need in order to interpret the RAMDAC_VID_*FB* values in -- cgit v0.10.2