From 65a94b1417badaee2ed923fd07e23b651b25c729 Mon Sep 17 00:00:00 2001 From: Jan Glauber Date: Mon, 4 Apr 2011 09:43:29 +0200 Subject: [S390] oprofile s390: prevent stack corruption Prevent stack corruption by memcpy which copies more bytes then available at the destination. While at it use the new test_facility to test for the facility bit. Signed-off-by: Jan Glauber Signed-off-by: Martin Schwidefsky diff --git a/arch/s390/oprofile/hwsampler.c b/arch/s390/oprofile/hwsampler.c index 3d48f4d..4952872 100644 --- a/arch/s390/oprofile/hwsampler.c +++ b/arch/s390/oprofile/hwsampler.c @@ -517,12 +517,8 @@ stop_exit: static int check_hardware_prerequisites(void) { - unsigned long long facility_bits[2]; - - memcpy(facility_bits, S390_lowcore.stfle_fac_list, 32); - if (!(facility_bits[1] & (1ULL << 59))) + if (!test_facility(68)) return -EOPNOTSUPP; - return 0; } /* -- cgit v0.10.2 From 034e9e966cd86e5d8062cf0b3daba4bde187986c Mon Sep 17 00:00:00 2001 From: Michael Holzheu Date: Mon, 4 Apr 2011 09:43:30 +0200 Subject: [S390] Fix parameter passing for smp_switch_to_cpu() After the execution has been switched to the destination CPU, the target function is called with the wrong parameter. According to the C calling convention on s390, the first parameter should be loaded into register 2. Currently in smp_restart_cpu() it is stored in register 3. To fix this, we load the parameter into the correct register 2. Signed-off-by: Michael Holzheu Signed-off-by: Martin Schwidefsky diff --git a/arch/s390/kernel/switch_cpu.S b/arch/s390/kernel/switch_cpu.S index 469f11b..20530dd 100644 --- a/arch/s390/kernel/switch_cpu.S +++ b/arch/s390/kernel/switch_cpu.S @@ -46,7 +46,9 @@ smp_restart_cpu: ltr %r4,%r4 /* New stack ? */ jz 1f lr %r15,%r4 -1: basr %r14,%r2 +1: lr %r14,%r2 /* r14: Function to call */ + lr %r2,%r3 /* r2 : Parameter for function*/ + basr %r14,%r14 /* Call function */ .gprregs_addr: .long .gprregs diff --git a/arch/s390/kernel/switch_cpu64.S b/arch/s390/kernel/switch_cpu64.S index d94aacc..5be3f43 100644 --- a/arch/s390/kernel/switch_cpu64.S +++ b/arch/s390/kernel/switch_cpu64.S @@ -42,7 +42,9 @@ smp_restart_cpu: ltgr %r4,%r4 /* New stack ? */ jz 1f lgr %r15,%r4 -1: basr %r14,%r2 +1: lgr %r14,%r2 /* r14: Function to call */ + lgr %r2,%r3 /* r2 : Parameter for function*/ + basr %r14,%r14 /* Call function */ .section .data,"aw",@progbits .gprregs: -- cgit v0.10.2 From aa5c8df398266a141fb5ff0e77cbc7904a3e0648 Mon Sep 17 00:00:00 2001 From: Sebastian Ott Date: Mon, 4 Apr 2011 09:43:31 +0200 Subject: [S390] qdio: fix init sequence Reorder the initialization sequence of the qdio module to avoid writing to an uninitialized debug feature entry. Also reorder the exit function to restore a consistent cleanup path. Signed-off-by: Sebastian Ott Signed-off-by: Martin Schwidefsky diff --git a/drivers/s390/cio/qdio_main.c b/drivers/s390/cio/qdio_main.c index 479c665..c532ba9 100644 --- a/drivers/s390/cio/qdio_main.c +++ b/drivers/s390/cio/qdio_main.c @@ -1649,26 +1649,26 @@ static int __init init_QDIO(void) { int rc; - rc = qdio_setup_init(); + rc = qdio_debug_init(); if (rc) return rc; + rc = qdio_setup_init(); + if (rc) + goto out_debug; rc = tiqdio_allocate_memory(); if (rc) goto out_cache; - rc = qdio_debug_init(); - if (rc) - goto out_ti; rc = tiqdio_register_thinints(); if (rc) - goto out_debug; + goto out_ti; return 0; -out_debug: - qdio_debug_exit(); out_ti: tiqdio_free_memory(); out_cache: qdio_setup_exit(); +out_debug: + qdio_debug_exit(); return rc; } @@ -1676,8 +1676,8 @@ static void __exit exit_QDIO(void) { tiqdio_unregister_thinints(); tiqdio_free_memory(); - qdio_debug_exit(); qdio_setup_exit(); + qdio_debug_exit(); } module_init(init_QDIO); -- cgit v0.10.2 From a2fc8485f838ccd2ce5db690f81ac086489a9e7e Mon Sep 17 00:00:00 2001 From: Peter Oberparleiter Date: Mon, 4 Apr 2011 09:43:32 +0200 Subject: [S390] cio: prevent purging of CCW devices in the online state The cio_ignore purge function is intended to only remove CCW devices which are in the offline state. There is a time frame after the purge function finished where a CCW device is scheduled for removal but still accessible. When the device is set online during this time frame, it may first appear online before it is then removed. Fix this by preventing that CCW devices can be set online while there is work (such as removal triggered by the purge function) for it pending. Also ensure that the purge function does not schedule devices for removal which are in the process of being set online. Signed-off-by: Peter Oberparleiter Signed-off-by: Martin Schwidefsky diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c index df14c51..8e04c00 100644 --- a/drivers/s390/cio/device.c +++ b/drivers/s390/cio/device.c @@ -541,15 +541,24 @@ static ssize_t online_store (struct device *dev, struct device_attribute *attr, int force, ret; unsigned long i; - if (!dev_fsm_final_state(cdev) && - cdev->private->state != DEV_STATE_DISCONNECTED) - return -EAGAIN; + /* Prevent conflict between multiple on-/offline processing requests. */ if (atomic_cmpxchg(&cdev->private->onoff, 0, 1) != 0) return -EAGAIN; + /* Prevent conflict between internal I/Os and on-/offline processing. */ + if (!dev_fsm_final_state(cdev) && + cdev->private->state != DEV_STATE_DISCONNECTED) { + ret = -EAGAIN; + goto out_onoff; + } + /* Prevent conflict between pending work and on-/offline processing.*/ + if (work_pending(&cdev->private->todo_work)) { + ret = -EAGAIN; + goto out_onoff; + } if (cdev->drv && !try_module_get(cdev->drv->driver.owner)) { - atomic_set(&cdev->private->onoff, 0); - return -EINVAL; + ret = -EINVAL; + goto out_onoff; } if (!strncmp(buf, "force\n", count)) { force = 1; @@ -574,6 +583,7 @@ static ssize_t online_store (struct device *dev, struct device_attribute *attr, out: if (cdev->drv) module_put(cdev->drv->driver.owner); +out_onoff: atomic_set(&cdev->private->onoff, 0); return (ret < 0) ? ret : count; } @@ -1311,10 +1321,12 @@ static int purge_fn(struct device *dev, void *data) spin_lock_irq(cdev->ccwlock); if (is_blacklisted(id->ssid, id->devno) && - (cdev->private->state == DEV_STATE_OFFLINE)) { + (cdev->private->state == DEV_STATE_OFFLINE) && + (atomic_cmpxchg(&cdev->private->onoff, 0, 1) == 0)) { CIO_MSG_EVENT(3, "ccw: purging 0.%x.%04x\n", id->ssid, id->devno); ccw_device_sched_todo(cdev, CDEV_TODO_UNREG); + atomic_set(&cdev->private->onoff, 0); } spin_unlock_irq(cdev->ccwlock); /* Abort loop in case of pending signal. */ -- cgit v0.10.2 From 8838101183bba239f100b0cfe31d9ebbfc2f1bd4 Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky Date: Mon, 4 Apr 2011 09:43:33 +0200 Subject: [S390] compile fix for latest binutils The latest binutils won't accept the stfl instruction with march=g5 which is the correct behaviour. Unfortunately head.S is assembled with -march=g5 even if the target cpu is z900 or later. To get 31-bit kernels compiled again the easiest fix is to use the .insn notation for the stfl instruction in head.S. Signed-off-by: Martin Schwidefsky diff --git a/arch/s390/kernel/head.S b/arch/s390/kernel/head.S index 7061398..fb317bf 100644 --- a/arch/s390/kernel/head.S +++ b/arch/s390/kernel/head.S @@ -460,7 +460,7 @@ startup: #ifndef CONFIG_MARCH_G5 # check capabilities against MARCH_{G5,Z900,Z990,Z9_109,Z10} xc __LC_STFL_FAC_LIST(8),__LC_STFL_FAC_LIST - stfl __LC_STFL_FAC_LIST # store facility list + .insn s,0xb2b10000,__LC_STFL_FAC_LIST # store facility list tm __LC_STFL_FAC_LIST,0x01 # stfle available ? jz 0f la %r0,0 -- cgit v0.10.2