1. 19 5月, 2011 1 次提交
    • J
      module: undo module RONX protection correctly. · 448694a1
      Jan Glauber 提交于
      While debugging I stumbled over two problems in the code that protects module
      pages.
      
      First issue is that disabling the protection before freeing init or unload of
      a module is not symmetric with the enablement. For instance, if pages are set
      to RO the page range from module_core to module_core + core_ro_size is
      protected. If a module is unloaded the page range from module_core to
      module_core + core_size is set back to RW.
      So pages that were not set to RO are also changed to RW.
      This is not critical but IMHO it should be symmetric.
      
      Second issue is that while set_memory_rw & set_memory_ro are used for
      RO/RW changes only set_memory_nx is involved for NX/X. One would await that
      the inverse function is called when the NX protection should be removed,
      which is not the case here, unless I'm missing something.
      Signed-off-by: NJan Glauber <jang@linux.vnet.ibm.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      448694a1
  2. 17 5月, 2011 1 次提交
  3. 10 5月, 2011 5 次提交
  4. 29 4月, 2011 1 次提交
  5. 27 4月, 2011 1 次提交
    • M
      [S390] prng: fix pointer arithmetic · ed961581
      Martin Schwidefsky 提交于
      The git commit c708c57e fixed the
      access beyond the end of the stack in prng_seed but the pointer
      arithmetic is still incorrect. The calculation has been off by
      a factor of 64, now it is only off by a factor of 8. prng_seed
      is called with a maximum of 16 for nbytes, small enough that
      the incorrect calculation stays insides the limits of the stack.
      Place parentheses for correct pointer arithmetic.
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      ed961581
  6. 20 4月, 2011 4 次提交
    • C
      [S390] kvm-390: Let kernel exit SIE instruction on work · 9ff4cfb3
      Carsten Otte 提交于
      From: Christian Borntraeger <borntraeger@de.ibm.com>
      
      This patch fixes the sie exit on interrupts. The low level
      interrupt handler returns to the PSW address in pt_regs and not
      to the PSW address in the lowcore.
      Without this fix a cpu bound guest might never leave guest state
      since the host interrupt handler would blindly return to the
      SIE instruction, even on need_resched and friends.
      
      Cc: stable@kernel.org
      Signed-off-by: NCarsten Otte <cotte@de.ibm.com>
      Signed-off-by: NChristian Borntraeger <borntraeger@de.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      9ff4cfb3
    • H
      [S390] pfault: fix token handling · e35c76cd
      Heiko Carstens 提交于
      f6649a7e "[S390] cleanup lowcore access from external interrupts" changed
      handling of external interrupts. Instead of letting the external interrupt
      handlers accessing the per cpu lowcore the entry code of the kernel reads
      already all fields that are necessary and passes them to the handlers.
      The pfault interrupt handler was incorrectly converted. It tries to
      dereference a value which used to be a pointer to a lowcore field. After
      the conversion however it is not anymore the pointer to the field but its
      content. So instead of a dereference only a cast is needed to get the
      task pointer that caused the pfault.
      
      Fixes a NULL pointer dereference and a subsequent kernel crash:
      
      Unable to handle kernel pointer dereference at virtual kernel address (null)
      Oops: 0004 [#1] SMP
      Modules linked in: nfsd exportfs nfs lockd fscache nfs_acl auth_rpcgss sunrpc
                         loop qeth_l3 qeth vmur ccwgroup ext3 jbd mbcache dm_mod
                         dasd_eckd_mod dasd_diag_mod dasd_mod
      CPU: 0 Not tainted 2.6.38-2-s390x #1
      Process cron (pid: 1106, task: 000000001f962f78, ksp: 000000001fa0f9d0)
      Krnl PSW : 0404200180000000 000000000002c03e (pfault_interrupt+0xa2/0x138)
                 R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
      Krnl GPRS: 0000000000000000 0000000000000001 0000000000000000 0000000000000001
                 000000001f962f78 0000000000518968 0000000090000002 000000001ff03280
                 0000000000000000 000000000064f000 000000001f962f78 0000000000002603
                 0000000006002603 0000000000000000 000000001ff7fe68 000000001ff7fe48
      Krnl Code: 000000000002c036: 5820d010            l       %r2,16(%r13)
                 000000000002c03a: 1832                lr      %r3,%r2
                 000000000002c03c: 1a31                ar      %r3,%r1
                >000000000002c03e: ba23d010            cs      %r2,%r3,16(%r13)
                 000000000002c042: a744fffc            brc     4,2c03a
                 000000000002c046: a7290002            lghi    %r2,2
                 000000000002c04a: e320d0000024        stg     %r2,0(%r13)
                 000000000002c050: 07f0                bcr     15,%r0
      Call Trace:
       ([<000000001f962f78>] 0x1f962f78)
        [<000000000001acda>] do_extint+0xf6/0x138
        [<000000000039b6ca>] ext_no_vtime+0x30/0x34
        [<000000007d706e04>] 0x7d706e04
      Last Breaking-Event-Address:
        [<0000000000000000>] 0x0
      
      For stable maintainers:
      the first kernel which contains this bug is 2.6.37.
      Reported-by: NStephen Powell <zlinuxman@wowway.com>
      Cc: Jonathan Nieder <jrnieder@gmail.com>
      Cc: stable@kernel.org
      Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      e35c76cd
    • J
      [S390] fix page table walk for changing page attributes · e4c031b4
      Jan Glauber 提交于
      The page table walk for changing page attributes used the wrong
      address for pgd/pud/pmd lookups if the range was bigger than
      a pmd entry. Fix the lookup by using the correct address.
      Signed-off-by: NJan Glauber <jang@linux.vnet.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      e4c031b4
    • J
      [S390] prng: prevent access beyond end of stack · c708c57e
      Jan Glauber 提交于
      While initializing the state of the prng only the first 8 bytes of
      random data where used, the second 8 bytes were read from the memory
      after the stack. If only 64 bytes of the kernel stack are used and
      CONFIG_DEBUG_PAGEALLOC is enabled a kernel panic may occur because of
      the invalid page access. Use the correct multiplicator to stay within
      the random data buffer.
      Signed-off-by: NJan Glauber <jang@linux.vnet.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      c708c57e
  7. 14 4月, 2011 1 次提交
  8. 05 4月, 2011 1 次提交
  9. 04 4月, 2011 3 次提交
  10. 31 3月, 2011 1 次提交
  11. 24 3月, 2011 7 次提交
  12. 23 3月, 2011 14 次提交