1. 14 8月, 2012 1 次提交
  2. 14 4月, 2012 1 次提交
    • J
      TTY: hvc, fix TTY refcounting · a2f89206
      Jiri Slaby 提交于
      A -next commit "TTY: HVC, use tty from tty_port" switched the driver
      to use tty_port helper for tty refcounting. But it omitted to remove
      manual tty refcounting from open, close and hangup. So now we are
      getting random crashes caused by use-after-free:
      Unable to handle kernel paging request for data at address 0xc0000003f9d550
      Faulting instruction address: 0xc0000000001b7f40
      Oops: Kernel access of bad area, sig: 11 [#1]
      ...
      NIP: c0000000001b7f40 LR: c0000000001b7f14 CTR: c0000000000e04f0
      ...
      NIP [c0000000001b7f40] .__kmalloc+0x70/0x230
      LR [c0000000001b7f14] .__kmalloc+0x44/0x230
      Call Trace:
      [c0000003f68bf930] [c0000003f68bf9b0] 0xc0000003f68bf9b0 (unreliable)
      [c0000003f68bf9e0] [c0000000001e5424] .alloc_fdmem+0x24/0x70
      [c0000003f68bfa60] [c0000000001e54f8] .alloc_fdtable+0x88/0x130
      [c0000003f68bfaf0] [c0000000001e5924] .dup_fd+0x384/0x450
      [c0000003f68bfbd0] [c00000000009a310] .copy_process+0x880/0x11d0
      [c0000003f68bfcd0] [c00000000009aee0] .do_fork+0x70/0x400
      [c0000003f68bfdc0] [c0000000000141c4] .sys_clone+0x54/0x70
      [c0000003f68bfe30] [c000000000009aa0] .ppc_clone+0x8/0xc
      
      Fix that by complete removal of tty_kref_get/put in open/close/hangup
      paths.
      Signed-off-by: NJiri Slaby <jslaby@suse.cz>
      Reported-and-tested-by: NMichael Neuling <mikey@neuling.org>
      Cc: Stephen Rothwell <sfr@canb.auug.org.au>
      Cc: ppc-dev <linuxppc-dev@lists.ozlabs.org>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      a2f89206
  3. 10 4月, 2012 3 次提交
  4. 09 3月, 2012 1 次提交
  5. 07 11月, 2011 1 次提交
  6. 19 10月, 2011 1 次提交
  7. 26 8月, 2011 1 次提交
  8. 19 7月, 2011 2 次提交
  9. 29 6月, 2011 1 次提交
    • B
      powerpc/pseries: Re-implement HVSI as part of hvc_vio · 4d2bb3f5
      Benjamin Herrenschmidt 提交于
      On pseries machines, consoles are provided by the hypervisor using
      a low level get_chars/put_chars type interface. However, this is
      really just a transport to the service processor which implements
      them either as "raw" console (networked consoles, HMC, ...) or as
      "hvsi" serial ports.
      
      The later is a simple packet protocol on top of the raw character
      interface that is supposed to convey additional "serial port" style
      semantics. In practice however, all it does is provide a way to
      read the CD line and set/clear our DTR line, that's it.
      
      We currently implement the "raw" protocol as an hvc console backend
      (/dev/hvcN) and the "hvsi" protocol using a separate tty driver
      (/dev/hvsi0).
      
      However this is quite impractical. The arbitrary difference between
      the two type of devices has been a major source of user (and distro)
      confusion. Additionally, there's an additional mini -hvsi implementation
      in the pseries platform code for our low level debug console and early
      boot kernel messages, which means code duplication, though that low
      level variant is impractical as it's incapable of doing the initial
      protocol negociation to establish the link to the FSP.
      
      This essentially replaces the dedicated hvsi driver and the platform
      udbg code completely by extending the existing hvc_vio backend used
      in "raw" mode so that:
      
       - It now supports HVSI as well
       - We add support for hvc backend providing tiocm{get,set}
       - It also provides a udbg interface for early debug and boot console
      
      This is overall less code, though this will only be obvious once we
      remove the old "hvsi" driver, which is still available for now. When
      the old driver is enabled, the new code still kicks in for the low
      level udbg console, replacing the old mini implementation in the platform
      code, it just doesn't provide the higher level "hvc" interface.
      
      In addition to producing generally simler code, this has several benefits
      over our current situation:
      
       - The user/distro only has to deal with /dev/hvcN for the hypervisor
      console, avoiding all sort of confusion that has plagued us in the past
      
       - The tty, kernel and low level debug console all use the same code
      base which supports the full protocol establishment process, thus the
      console is now available much earlier than it used to be with the
      old HVSI driver. The kernel console works much earlier and udbg is
      available much earlier too. Hackers can enable a hard coded very-early
      debug console as well that works with HVSI (previously that was only
      supported for the "raw" mode).
      
      I've tried to keep the same semantics as hvsi relative to how I react
      to things like CD changes, with some subtle differences though:
      
       - I clear DTR on close if HUPCL is set
      
       - Current hvsi triggers a hangup if it detects a up->down transition
         on CD (you can still open a console with CD down). My new implementation
         triggers a hangup if the link to the FSP is severed, and severs it upon
         detecting a up->down transition on CD.
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      4d2bb3f5
  10. 14 1月, 2011 1 次提交
  11. 28 10月, 2010 1 次提交
  12. 21 8月, 2010 1 次提交
  13. 09 7月, 2010 1 次提交
  14. 08 4月, 2010 1 次提交
    • A
      hvc_console: Fix race between hvc_close and hvc_remove · 320718ee
      Anton Blanchard 提交于
      I don't claim to understand the tty layer, but it seems like hvc_open and
      hvc_close should be balanced in their kref reference counting.
      
      Right now we get a kref every call to hvc_open:
      
              if (hp->count++ > 0) {
                      tty_kref_get(tty); <----- here
                      spin_unlock_irqrestore(&hp->lock, flags);
                      hvc_kick();
                      return 0;
              } /* else count == 0 */
      
              tty->driver_data = hp;
      
              hp->tty = tty_kref_get(tty); <------ or here if hp->count was 0
      
      But hvc_close has:
      
              tty_kref_get(tty);
      
              if (--hp->count == 0) {
      ...
                      /* Put the ref obtained in hvc_open() */
                      tty_kref_put(tty);
      ...
              }
      
              tty_kref_put(tty);
      
      Since the outside kref get/put balance we only do a single kref_put when
      count reaches 0.
      
      The patch below changes things to call tty_kref_put once for every
      hvc_close call, and with that my machine boots fine.
      Signed-off-by: NAnton Blanchard <anton@samba.org>
      Acked-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      320718ee
  15. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  16. 19 3月, 2010 1 次提交
    • A
      hvc_console: Fix race between hvc_close and hvc_remove · e74d098c
      Amit Shah 提交于
      Alan pointed out a race in the code where hvc_remove is invoked. The
      recent virtio_console work is the first user of hvc_remove().
      
      Alan describes it thus:
      
      The hvc_console assumes that a close and remove call can't occur at the
      same time.
      
      In addition tty_hangup(tty) is problematic as tty_hangup is asynchronous
      itself....
      
      So this can happen
      
              hvc_close                               hvc_remove
              hung up ? - no
                                                      lock
                                                      tty = hp->tty
                                                      unlock
              lock
              hp->tty = NULL
              unlock
              notify del
              kref_put the hvc struct
              close completes
              tty is destroyed
                                                      tty_hangup dead tty
                                                      tty->ops will be NULL
                                                      NULL->...
      
      This patch adds some tty krefs and also converts to using tty_vhangup().
      Reported-by: NAlan Cox <alan@lxorguk.ukuu.org.uk>
      Signed-off-by: NAmit Shah <amit.shah@redhat.com>
      CC: Alan Cox <alan@lxorguk.ukuu.org.uk>
      CC: linuxppc-dev@ozlabs.org
      CC: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      e74d098c
  17. 03 3月, 2010 1 次提交
  18. 24 2月, 2010 1 次提交
  19. 03 2月, 2010 2 次提交
  20. 08 12月, 2009 1 次提交
  21. 24 9月, 2009 1 次提交
  22. 20 8月, 2009 1 次提交
  23. 21 7月, 2009 1 次提交
  24. 16 1月, 2009 1 次提交
    • H
      hvc_console: Remove tty->low_latency · 7f8030d1
      Hendrik Brueckner 提交于
      This patch removes the tty->low_latency setting.
      
      For irq based hvc_console backends the tty->low_latency must be set to 0,
      because the tty_flip_buffer_push() function must not be called from IRQ context
      (see drivers/char/tty_buffer.c).
      
      For polled backends, the low_latency setting causes the bug trace below, because
      tty_flip_buffer_push() is called within an atomic context and subsequent calls
      might sleep due to mutex_lock.
      
      BUG: sleeping function called from invalid context at /root/cvs/linux-2.6.git/kernel/mutex.c:207
      in_atomic(): 1, irqs_disabled(): 0, pid: 748, name: khvcd
      1 lock held by khvcd/748:
       #0:  (hvc_structs_lock){--..}, at: [<00000000002ceb50>] khvcd+0x58/0x12c
      CPU: 0 Not tainted 2.6.29-rc1git #29
      Process khvcd (pid: 748, task: 000000002fb9a480, ksp: 000000002f66bd78)
      070000000000000a 000000002f66ba00 0000000000000002 (null)
             000000002f66baa0 000000002f66ba18 000000002f66ba18 0000000000104f08
             ffffffffffffc000 000000002f66bd78 (null) (null)
             000000002f66ba00 000000000000000c 000000002f66ba00 000000002f66ba70
             0000000000466af8 0000000000104f08 000000002f66ba00 000000002f66ba50
      Call Trace:
      ([<0000000000104e7c>] show_trace+0x138/0x158)
       [<0000000000104f62>] show_stack+0xc6/0xf8
       [<0000000000105740>] dump_stack+0xb0/0xc0
       [<000000000013144a>] __might_sleep+0x14e/0x17c
       [<000000000045e226>] mutex_lock_nested+0x42/0x3b4
       [<00000000002c443e>] echo_char_raw+0x3a/0x9c
       [<00000000002c688c>] n_tty_receive_buf+0x1154/0x1208
       [<00000000002ca0a2>] flush_to_ldisc+0x152/0x220
       [<00000000002ca1da>] tty_flip_buffer_push+0x6a/0x90
       [<00000000002cea74>] hvc_poll+0x244/0x2c8
       [<00000000002ceb68>] khvcd+0x70/0x12c
       [<000000000015bbd0>] kthread+0x68/0xa0
       [<0000000000109d5a>] kernel_thread_starter+0x6/0xc
       [<0000000000109d54>] kernel_thread_starter+0x0/0xc
      1 lock held by khvcd/748:
       #0:  (hvc_structs_lock){--..}, at: [<00000000002ceb50>] khvcd+0x58/0x12c
      Signed-off-by: NHendrik Brueckner <brueckner@linux.vnet.ibm.com>
      Acked-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      7f8030d1
  25. 13 1月, 2009 3 次提交
  26. 03 1月, 2009 1 次提交
  27. 30 12月, 2008 1 次提交
  28. 21 12月, 2008 1 次提交
    • H
      hvc_console: Escape magic sysrq key · 368c1e32
      Hendrik Brueckner 提交于
      The ctrl-o (^O) is a common control key used by several applications,
      such as vim, but hvc_console uses ^O as the magic-sysrq key.  This
      commit allows users to send ^O to applications by pressing ^O twice
      in succession.
      
      To implement this, this commit introduces a check if ^O is pressed
      again if the sysrq_pressed variable is already set.  In this case,
      clear sysrq_pressed state and flip the ^O character to the tty.  (The
      old behavior has always set "sysrq_pressed" if ^O has been entered,
      and it has not flipped the ^O character to the tty.)
      Signed-off-by: NHendrik Brueckner <brueckner@linux.vnet.ibm.com>
      Signed-off-by: NPaul Mackerras <paulus@samba.org>
      368c1e32
  29. 03 12月, 2008 1 次提交
  30. 22 10月, 2008 5 次提交