From 3f0b3c33eeed400577b47fab8439ffe6f40aa97a Mon Sep 17 00:00:00 2001 From: Sebastian Ott Date: Thu, 29 Oct 2009 15:04:07 +0100 Subject: [S390] call home: fix local buffer usage in proc handler Fix the size of the local buffer and use snprintf to prevent further miscalculations. Also fix the usage of bitwise vs logic operations. Signed-off-by: Sebastian Ott Signed-off-by: Martin Schwidefsky --- drivers/s390/char/sclp_async.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/drivers/s390/char/sclp_async.c b/drivers/s390/char/sclp_async.c index a4f68e5b9c9..bf4a9f455d8 100644 --- a/drivers/s390/char/sclp_async.c +++ b/drivers/s390/char/sclp_async.c @@ -68,15 +68,14 @@ static int proc_handler_callhome(struct ctl_table *ctl, int write, { unsigned long val; int len, rc; - char buf[2]; + char buf[3]; - if (!*count | (*ppos && !write)) { + if (!*count || (*ppos && !write)) { *count = 0; return 0; } if (!write) { - len = sprintf(buf, "%d\n", callhome_enabled); - buf[len] = '\0'; + len = snprintf(buf, sizeof(buf), "%d\n", callhome_enabled); rc = copy_to_user(buffer, buf, sizeof(buf)); if (rc != 0) return -EFAULT; -- cgit v1.2.3 From 8ca45667f966968132c772ddbb6468b41a817c19 Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky Date: Thu, 29 Oct 2009 15:04:08 +0100 Subject: [S390] s/r: cmm resume fix If a suspended z/VM guest has been logged off before the resume the 'SET SMSG IUCV' CP command need to be repeated to reenable sending message via SMSG. This fixes the following error: HCPMFS057I H4214002 not receiving; SMSG off Error: non-zero CP response for command 'SMSG H4214002 CMM SHRINK 5010': #57 Signed-off-by: Martin Schwidefsky Signed-off-by: Martin Schwidefsky --- drivers/s390/net/smsgiucv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/s390/net/smsgiucv.c b/drivers/s390/net/smsgiucv.c index 102000d1af6..3012355f830 100644 --- a/drivers/s390/net/smsgiucv.c +++ b/drivers/s390/net/smsgiucv.c @@ -158,7 +158,12 @@ static int smsg_pm_restore_thaw(struct device *dev) smsg_path->flags = 0; rc = iucv_path_connect(smsg_path, &smsg_handler, "*MSG ", NULL, NULL, NULL); - printk(KERN_ERR "iucv_path_connect returned with rc %i\n", rc); +#ifdef CONFIG_PM_DEBUG + if (rc) + printk(KERN_ERR + "iucv_path_connect returned with rc %i\n", rc); +#endif + cpcmd("SET SMSG IUCV", NULL, 0, NULL); } return 0; } -- cgit v1.2.3 From 4f8048ee734dab7c463574797b820c0c68c80791 Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Thu, 29 Oct 2009 15:04:09 +0100 Subject: [S390] smp: fix prefix handling of offlined cpus Offlined cpus still have valid prefix register contents. Dumpers will store the register contents of a cpu to the location where its prefix register points to. For offlined cpus the area (lowcore) has been freed and the dumper would write the uninteresting contents of the offline cpu to a memory location which might be in use by some other component and destroy valueable information. To fix this set the prefix register of offline cpus to absolute address zero again. This prevents the current dumpers to write to random memory locations. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- arch/s390/kernel/smp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c index c932caa5e85..c699ac538c4 100644 --- a/arch/s390/kernel/smp.c +++ b/arch/s390/kernel/smp.c @@ -638,6 +638,8 @@ void __cpu_die(unsigned int cpu) /* Wait until target cpu is down */ while (!cpu_stopped(cpu)) cpu_relax(); + while (signal_processor_p(0, cpu, sigp_set_prefix) == sigp_busy) + udelay(10); smp_free_lowcore(cpu); pr_info("Processor %d stopped\n", cpu); } -- cgit v1.2.3 From 4a0fb4c44573759f878fc65f6ddbd46080748f8b Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Thu, 29 Oct 2009 15:04:10 +0100 Subject: [S390] call home: fix error handling in init function Fix missing unregister_sysctl_table in case the SCLP doesn't provide the requested feature. Also simplify the whole error handling while at it. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- drivers/s390/char/sclp_async.c | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/drivers/s390/char/sclp_async.c b/drivers/s390/char/sclp_async.c index bf4a9f455d8..3c20aa13118 100644 --- a/drivers/s390/char/sclp_async.c +++ b/drivers/s390/char/sclp_async.c @@ -170,39 +170,31 @@ static int __init sclp_async_init(void) rc = sclp_register(&sclp_async_register); if (rc) return rc; - callhome_sysctl_header = register_sysctl_table(kern_dir_table); - if (!callhome_sysctl_header) { - rc = -ENOMEM; - goto out_sclp; - } - if (!(sclp_async_register.sclp_receive_mask & EVTYP_ASYNC_MASK)) { - rc = -EOPNOTSUPP; + rc = -EOPNOTSUPP; + if (!(sclp_async_register.sclp_receive_mask & EVTYP_ASYNC_MASK)) goto out_sclp; - } rc = -ENOMEM; + callhome_sysctl_header = register_sysctl_table(kern_dir_table); + if (!callhome_sysctl_header) + goto out_sclp; request = kzalloc(sizeof(struct sclp_req), GFP_KERNEL); - if (!request) - goto out_sys; sccb = (struct sclp_async_sccb *) get_zeroed_page(GFP_KERNEL | GFP_DMA); - if (!sccb) + if (!request || !sccb) goto out_mem; - rc = atomic_notifier_chain_register(&panic_notifier_list, - &call_home_panic_nb); + rc = atomic_notifier_chain_register(&panic_notifier_list, + &call_home_panic_nb); if (rc) goto out_mem; - strncpy(nodename, init_utsname()->nodename, 64); - return 0; - + goto out; out_mem: kfree(request); free_page((unsigned long) sccb); -out_sys: unregister_sysctl_table(callhome_sysctl_header); out_sclp: sclp_unregister(&sclp_async_register); +out: return rc; - } module_init(sclp_async_init); -- cgit v1.2.3 From e8a79c9ec779168502402a8b834abf8cf38a325a Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Thu, 29 Oct 2009 15:04:11 +0100 Subject: [S390] call home: fix string length handling After copying uts->nodename to the static nodename array the static version isn't necessarily zero termininated, since the size of the array is one byte too short. Afterwards doing strncat(data, nodename, strlen(nodename)); may copy an arbitrary large amount of bytes. Fix this by getting rid of the static array and using strncat with proper length limit. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- drivers/s390/char/sclp_async.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/drivers/s390/char/sclp_async.c b/drivers/s390/char/sclp_async.c index 3c20aa13118..b44462a6c6d 100644 --- a/drivers/s390/char/sclp_async.c +++ b/drivers/s390/char/sclp_async.c @@ -26,7 +26,6 @@ static struct sclp_async_sccb *sccb; static int sclp_async_send_wait(char *message); static struct ctl_table_header *callhome_sysctl_header; static DEFINE_SPINLOCK(sclp_async_lock); -static char nodename[64]; #define SCLP_NORMAL_WRITE 0x00 struct async_evbuf { @@ -52,9 +51,10 @@ static struct sclp_register sclp_async_register = { static int call_home_on_panic(struct notifier_block *self, unsigned long event, void *data) { - strncat(data, nodename, strlen(nodename)); - sclp_async_send_wait(data); - return NOTIFY_DONE; + strncat(data, init_utsname()->nodename, + sizeof(init_utsname()->nodename)); + sclp_async_send_wait(data); + return NOTIFY_DONE; } static struct notifier_block call_home_panic_nb = { @@ -183,10 +183,8 @@ static int __init sclp_async_init(void) goto out_mem; rc = atomic_notifier_chain_register(&panic_notifier_list, &call_home_panic_nb); - if (rc) - goto out_mem; - strncpy(nodename, init_utsname()->nodename, 64); - goto out; + if (!rc) + goto out; out_mem: kfree(request); free_page((unsigned long) sccb); -- cgit v1.2.3 From 70f5dc514c0b183ee813dc3b3983b04891fd1e7a Mon Sep 17 00:00:00 2001 From: Martin Schwidefsky Date: Thu, 29 Oct 2009 15:04:12 +0100 Subject: [S390] cputime: fix overflow on 31 bit systems The cputime_to_msecs / cputime_to_clock_t and cputime64_to_clock_t cause fixpoint divide exceptions if the cputime is too large. On a machine that collected 49.7 days worth of idle time reading from /proc/stat will generate oopses like this: Kernel BUG at 001b0c92 [verbose debug info unavailable] fixpoint divide exception: 0009 [#13] SMP Modules linked in: ipv6 CPU: 1 Tainted: G D 2.6.27.10 #5 Process cat (pid: 21352, task: 1fb34138, ksp: 1d2a3d98) Krnl PSW : 070c2000 801b0c92 (show_stat+0x2ca/0x68c) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 Krnl GPRS: 00000001 00001388 00000bb8 0015d2a1 00000000 00000000 000003e8 0001fd91 00000000 00000000 0000129d eecd2ff0 1cc533b9 0036f780 801b0bce 1d2a3cc0 Krnl Code: 801b0c86: f18890abf198 mvo 171(9,%r9),408(9,%r15) 801b0c8c: 98abf170 lm %r10,%r11,368(%r15) 801b0c90: 1da1 dr %r10,%r1 >801b0c92: 90abf170 stm %r10,%r11,368(%r15) 801b0c96: 98abf190 lm %r10,%r11,400(%r15) 801b0c9a: 1da1 dr %r10,%r1 801b0c9c: 90abf190 stm %r10,%r11,400(%r15) 801b0ca0: 18a3 lr %r10,%r3 Call Trace: ([<00000000001b09f4>] show_stat+0x2c/0x68c) [<000000000018dcee>] seq_read+0xb2/0x364 [<00000000001a9980>] proc_reg_read+0x68/0x98 [<00000000001705ee>] vfs_read+0x6e/0xe8 [<0000000000170732>] sys_read+0x36/0x78 [<000000000010f750>] sysc_do_restart+0x12/0x16 [<0000000077f3ad6a>] 0x77f3ad6a <4>---[ end trace 1436ea9559d3de9e ]--- Reported-by: Mike Frysinger Signed-off-by: Martin Schwidefsky --- arch/s390/include/asm/cputime.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/s390/include/asm/cputime.h b/arch/s390/include/asm/cputime.h index 24b1244aadb..f23961ada7f 100644 --- a/arch/s390/include/asm/cputime.h +++ b/arch/s390/include/asm/cputime.h @@ -78,7 +78,7 @@ cputime64_to_jiffies64(cputime64_t cputime) static inline unsigned int cputime_to_msecs(const cputime_t cputime) { - return __div(cputime, 4096000); + return cputime_div(cputime, 4096000); } static inline cputime_t @@ -160,7 +160,7 @@ cputime_to_timeval(const cputime_t cputime, struct timeval *value) static inline clock_t cputime_to_clock_t(cputime_t cputime) { - return __div(cputime, 4096000000ULL / USER_HZ); + return cputime_div(cputime, 4096000000ULL / USER_HZ); } static inline cputime_t @@ -175,7 +175,7 @@ clock_t_to_cputime(unsigned long x) static inline clock_t cputime64_to_clock_t(cputime64_t cputime) { - return __div(cputime, 4096000000ULL / USER_HZ); + return cputime_div(cputime, 4096000000ULL / USER_HZ); } struct s390_idle_data { -- cgit v1.2.3 From f8501ba77d69c88a65e4ebbe03bdc65b1edb0b86 Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Thu, 29 Oct 2009 15:04:13 +0100 Subject: [S390] smp: fix sigp stop handling According to the architecture a cpu must not necessarily enter stopped state after completion of a sigp instruction with "stop" order code. So remove the BUG() statement after self sending sigp stop to avoid that it ever gets reached. Also add a sigp busy check to make sure that the order gets delivered. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- arch/s390/kernel/ipl.c | 7 +++---- arch/s390/kernel/smp.c | 4 ++-- arch/s390/kernel/swsusp_asm64.S | 1 + 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/arch/s390/kernel/ipl.c b/arch/s390/kernel/ipl.c index ee57a42e6e9..4890ac6d7fa 100644 --- a/arch/s390/kernel/ipl.c +++ b/arch/s390/kernel/ipl.c @@ -1595,10 +1595,9 @@ static void stop_run(struct shutdown_trigger *trigger) { if (strcmp(trigger->name, ON_PANIC_STR) == 0) disabled_wait((unsigned long) __builtin_return_address(0)); - else { - signal_processor(smp_processor_id(), sigp_stop); - for (;;); - } + while (signal_processor(smp_processor_id(), sigp_stop) == sigp_busy) + cpu_relax(); + for (;;); } static struct shutdown_action stop_action = {SHUTDOWN_ACTION_STOP_STR, diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c index c699ac538c4..c99c45b848e 100644 --- a/arch/s390/kernel/smp.c +++ b/arch/s390/kernel/smp.c @@ -647,8 +647,8 @@ void __cpu_die(unsigned int cpu) void cpu_die(void) { idle_task_exit(); - signal_processor(smp_processor_id(), sigp_stop); - BUG(); + while (signal_processor(smp_processor_id(), sigp_stop) == sigp_busy) + cpu_relax(); for (;;); } diff --git a/arch/s390/kernel/swsusp_asm64.S b/arch/s390/kernel/swsusp_asm64.S index 7c8653e27db..0f4ef3b856d 100644 --- a/arch/s390/kernel/swsusp_asm64.S +++ b/arch/s390/kernel/swsusp_asm64.S @@ -199,6 +199,7 @@ pgm_check_entry: brc 2,4b /* busy, try again */ 5: sigp %r9,%r2,__SIGP_STOP /* stop resume (current) CPU */ + brc 2,5b /* busy, try again */ 6: j 6b restart_suspend: -- cgit v1.2.3 From b3dcf3de8e4d71d79235fc67b6c5def6506c27f8 Mon Sep 17 00:00:00 2001 From: Heiko Carstens Date: Thu, 29 Oct 2009 15:04:14 +0100 Subject: [S390] smp: fix sigp sense handling sigp sense only returns the status of a cpu if it is non zero. If the status of the sensed cpu is all zeros condition code 0 (accpeted) is set and no status bits are returned. The current code however assumes that a status was returned and tests bits in it. This means uninitalized data is accessed with random results. Worst case is that the code that checks if cpu is offline on cpu hotplug assumes that the target cpu is offline while it is still running. This leads potentially to memory corruption since resources that are still needed by the target cpu will be freed and could be resused while still in use. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky --- arch/s390/kernel/smp.c | 1 - arch/s390/kernel/swsusp_asm64.S | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c index c99c45b848e..93e52039321 100644 --- a/arch/s390/kernel/smp.c +++ b/arch/s390/kernel/smp.c @@ -76,7 +76,6 @@ static int cpu_stopped(int cpu) __u32 status; switch (signal_processor_ps(&status, 0, cpu, sigp_sense)) { - case sigp_order_code_accepted: case sigp_status_stored: /* Check for stopped and check stop state */ if (status & 0x50) diff --git a/arch/s390/kernel/swsusp_asm64.S b/arch/s390/kernel/swsusp_asm64.S index 0f4ef3b856d..0c26cc1898e 100644 --- a/arch/s390/kernel/swsusp_asm64.S +++ b/arch/s390/kernel/swsusp_asm64.S @@ -207,6 +207,7 @@ restart_suspend: llgh %r2,0(%r1) 7: sigp %r9,%r2,__SIGP_SENSE /* Wait for resume CPU */ + brc 8,7b /* accepted, status 0, still running */ brc 2,7b /* busy, try again */ tmll %r9,0x40 /* Test if resume CPU is stopped */ jz 7b -- cgit v1.2.3