From c09ea936e74b3ff43cb5ad5cc3f51e2a19abcc7c Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Mon, 10 Oct 2005 16:12:13 -0700 Subject: [PATCH] --- yaml --- r: 9794 b: refs/heads/master c: 5d8e1b181c4ad63e6ca90d51287b31afd400d2eb h: refs/heads/master v: v3 --- [refs] | 2 +- trunk/arch/sparc64/kernel/head.S | 127 ++++++++++++++++++++++--------- trunk/arch/x86_64/mm/pageattr.c | 2 + trunk/drivers/usb/core/devio.c | 16 +--- trunk/drivers/usb/core/inode.c | 2 +- trunk/drivers/usb/core/usb.h | 3 +- trunk/include/linux/sched.h | 1 - trunk/kernel/signal.c | 34 --------- 8 files changed, 100 insertions(+), 87 deletions(-) diff --git a/[refs] b/[refs] index 2e55a5e338ef..6801760807b8 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: d7dd8a72ab8d305fbe1c4bb571e0633eba3a8d23 +refs/heads/master: 5d8e1b181c4ad63e6ca90d51287b31afd400d2eb diff --git a/trunk/arch/sparc64/kernel/head.S b/trunk/arch/sparc64/kernel/head.S index 24340496cdd3..f1dcdf8f7433 100644 --- a/trunk/arch/sparc64/kernel/head.S +++ b/trunk/arch/sparc64/kernel/head.S @@ -382,32 +382,79 @@ tlb_fixup_done: nop /* Not reached... */ -/* IMPORTANT NOTE: Whenever making changes here, check - * trampoline.S as well. -jj */ - .globl setup_tba -setup_tba: /* i0 = is_starfire */ - save %sp, -160, %sp + /* This is meant to allow the sharing of this code between + * boot processor invocation (via setup_tba() below) and + * secondary processor startup (via trampoline.S). The + * former does use this code, the latter does not yet due + * to some complexities. That should be fixed up at some + * point. + */ + .globl setup_trap_table +setup_trap_table: + save %sp, -192, %sp + + /* Force interrupts to be disabled. Transferring over to + * the Linux trap table is a very delicate operation. + * Until we are actually on the Linux trap table, we cannot + * get the PAGE_OFFSET linear mappings translated. We need + * that mapping to be setup in order to initialize the firmware + * page tables. + * + * So there is this window of time, from the return from + * prom_set_trap_table() until inherit_prom_mappings_post() + * (in arch/sparc64/mm/init.c) completes, during which no + * firmware address space accesses can be made. + */ + rdpr %pstate, %o1 + andn %o1, PSTATE_IE, %o1 + wrpr %o1, 0x0, %pstate + wrpr %g0, 15, %pil - rdpr %tba, %g7 - sethi %hi(prom_tba), %o1 - or %o1, %lo(prom_tba), %o1 - stx %g7, [%o1] + /* Ok, now make the final valid firmware call to jump over + * to the Linux trap table. + */ + call prom_set_trap_table + sethi %hi(sparc64_ttable_tl0), %o0 + + /* Start using proper page size encodings in ctx register. */ + sethi %hi(sparc64_kern_pri_context), %g3 + ldx [%g3 + %lo(sparc64_kern_pri_context)], %g2 + mov PRIMARY_CONTEXT, %g1 + stxa %g2, [%g1] ASI_DMMU + membar #Sync + + /* The Linux trap handlers expect various trap global registers + * to be setup with some fixed values. So here we set these + * up very carefully. These globals are: + * + * Alternate Globals (PSTATE_AG): + * + * %g6 --> current_thread_info() + * + * MMU Globals (PSTATE_MG): + * + * %g1 --> TLB_SFSR + * %g2 --> ((_PAGE_VALID | _PAGE_SZ4MB | + * _PAGE_CP | _PAGE_CV | _PAGE_P | _PAGE_W) + * ^ 0xfffff80000000000) + * (this %g2 value is used for computing the PAGE_OFFSET kernel + * TLB entries quickly, the virtual address of the fault XOR'd + * with this %g2 value is the PTE to load into the TLB) + * %g3 --> VPTE_BASE_CHEETAH or VPTE_BASE_SPITFIRE + * + * Interrupt Globals (PSTATE_IG, setup by init_irqwork_curcpu()): + * + * %g6 --> __irq_work[smp_processor_id()] + */ - /* Setup "Linux" globals 8-) */ rdpr %pstate, %o1 mov %g6, %o2 - wrpr %o1, (PSTATE_AG|PSTATE_IE), %pstate - sethi %hi(sparc64_ttable_tl0), %g1 - wrpr %g1, %tba + wrpr %o1, PSTATE_AG, %pstate mov %o2, %g6 - /* Set up MMU globals */ - wrpr %o1, (PSTATE_MG|PSTATE_IE), %pstate - - /* Set fixed globals used by dTLB miss handler. */ #define KERN_HIGHBITS ((_PAGE_VALID|_PAGE_SZ4MB)^0xfffff80000000000) #define KERN_LOWBITS (_PAGE_CP | _PAGE_CV | _PAGE_P | _PAGE_W) - + wrpr %o1, PSTATE_MG, %pstate mov TSB_REG, %g1 stxa %g0, [%g1] ASI_DMMU membar #Sync @@ -419,17 +466,17 @@ setup_tba: /* i0 = is_starfire */ sllx %g2, 32, %g2 or %g2, KERN_LOWBITS, %g2 - BRANCH_IF_ANY_CHEETAH(g3,g7,cheetah_vpte_base) - ba,pt %xcc, spitfire_vpte_base + BRANCH_IF_ANY_CHEETAH(g3,g7,8f) + ba,pt %xcc, 9f nop -cheetah_vpte_base: +8: sethi %uhi(VPTE_BASE_CHEETAH), %g3 or %g3, %ulo(VPTE_BASE_CHEETAH), %g3 ba,pt %xcc, 2f sllx %g3, 32, %g3 -spitfire_vpte_base: +9: sethi %uhi(VPTE_BASE_SPITFIRE), %g3 or %g3, %ulo(VPTE_BASE_SPITFIRE), %g3 sllx %g3, 32, %g3 @@ -455,29 +502,37 @@ spitfire_vpte_base: sllx %o2, 32, %o2 wr %o2, %asr25 - /* Ok, we're done setting up all the state our trap mechanims needs, - * now get back into normal globals and let the PROM know what is up. - */ 2: wrpr %g0, %g0, %wstate - wrpr %o1, PSTATE_IE, %pstate + wrpr %o1, 0x0, %pstate call init_irqwork_curcpu nop - call prom_set_trap_table - sethi %hi(sparc64_ttable_tl0), %o0 - - /* Start using proper page size encodings in ctx register. */ - sethi %hi(sparc64_kern_pri_context), %g3 - ldx [%g3 + %lo(sparc64_kern_pri_context)], %g2 - mov PRIMARY_CONTEXT, %g1 - stxa %g2, [%g1] ASI_DMMU - membar #Sync - + /* Now we can turn interrupts back on. */ rdpr %pstate, %o1 or %o1, PSTATE_IE, %o1 wrpr %o1, 0, %pstate + wrpr %g0, 0x0, %pil + + ret + restore + + .globl setup_tba +setup_tba: /* i0 = is_starfire */ + save %sp, -192, %sp + + /* The boot processor is the only cpu which invokes this + * routine, the other cpus set things up via trampoline.S. + * So save the OBP trap table address here. + */ + rdpr %tba, %g7 + sethi %hi(prom_tba), %o1 + or %o1, %lo(prom_tba), %o1 + stx %g7, [%o1] + + call setup_trap_table + nop ret restore diff --git a/trunk/arch/x86_64/mm/pageattr.c b/trunk/arch/x86_64/mm/pageattr.c index b90e8fe9eeb0..94862e1ec032 100644 --- a/trunk/arch/x86_64/mm/pageattr.c +++ b/trunk/arch/x86_64/mm/pageattr.c @@ -220,6 +220,8 @@ void global_flush_tlb(void) down_read(&init_mm.mmap_sem); df = xchg(&df_list, NULL); up_read(&init_mm.mmap_sem); + if (!df) + return; flush_map((df && !df->next) ? df->address : 0); for (; df; df = next_df) { next_df = df->next; diff --git a/trunk/drivers/usb/core/devio.c b/trunk/drivers/usb/core/devio.c index 487ff672b104..b4265aa7d45e 100644 --- a/trunk/drivers/usb/core/devio.c +++ b/trunk/drivers/usb/core/devio.c @@ -30,8 +30,6 @@ * Revision history * 22.12.1999 0.1 Initial release (split from proc_usb.c) * 04.01.2000 0.2 Turned into its own filesystem - * 30.09.2005 0.3 Fix user-triggerable oops in async URB delivery - * (CAN-2005-3055) */ /*****************************************************************************/ @@ -60,8 +58,7 @@ static struct class *usb_device_class; struct async { struct list_head asynclist; struct dev_state *ps; - pid_t pid; - uid_t uid, euid; + struct task_struct *task; unsigned int signr; unsigned int ifnum; void __user *userbuffer; @@ -293,8 +290,7 @@ static void async_completed(struct urb *urb, struct pt_regs *regs) sinfo.si_errno = as->urb->status; sinfo.si_code = SI_ASYNCIO; sinfo.si_addr = as->userurb; - kill_proc_info_as_uid(as->signr, &sinfo, as->pid, as->uid, - as->euid); + send_sig_info(as->signr, &sinfo, as->task); } wake_up(&ps->wait); } @@ -530,9 +526,7 @@ static int usbdev_open(struct inode *inode, struct file *file) INIT_LIST_HEAD(&ps->async_completed); init_waitqueue_head(&ps->wait); ps->discsignr = 0; - ps->disc_pid = current->pid; - ps->disc_uid = current->uid; - ps->disc_euid = current->euid; + ps->disctask = current; ps->disccontext = NULL; ps->ifclaimed = 0; wmb(); @@ -994,9 +988,7 @@ static int proc_do_submiturb(struct dev_state *ps, struct usbdevfs_urb *uurb, as->userbuffer = NULL; as->signr = uurb->signr; as->ifnum = ifnum; - as->pid = current->pid; - as->uid = current->uid; - as->euid = current->euid; + as->task = current; if (!(uurb->endpoint & USB_DIR_IN)) { if (copy_from_user(as->urb->transfer_buffer, uurb->buffer, as->urb->transfer_buffer_length)) { free_async(as); diff --git a/trunk/drivers/usb/core/inode.c b/trunk/drivers/usb/core/inode.c index d07bba01995b..640f41e47029 100644 --- a/trunk/drivers/usb/core/inode.c +++ b/trunk/drivers/usb/core/inode.c @@ -713,7 +713,7 @@ void usbfs_remove_device(struct usb_device *dev) sinfo.si_errno = EPIPE; sinfo.si_code = SI_ASYNCIO; sinfo.si_addr = ds->disccontext; - kill_proc_info_as_uid(ds->discsignr, &sinfo, ds->disc_pid, ds->disc_uid, ds->disc_euid); + send_sig_info(ds->discsignr, &sinfo, ds->disctask); } } usbfs_update_special(); diff --git a/trunk/drivers/usb/core/usb.h b/trunk/drivers/usb/core/usb.h index e6504f3370ad..83d48c8133af 100644 --- a/trunk/drivers/usb/core/usb.h +++ b/trunk/drivers/usb/core/usb.h @@ -52,8 +52,7 @@ struct dev_state { struct list_head async_completed; wait_queue_head_t wait; /* wake up if a request completed */ unsigned int discsignr; - pid_t disc_pid; - uid_t disc_uid, disc_euid; + struct task_struct *disctask; void __user *disccontext; unsigned long ifclaimed; }; diff --git a/trunk/include/linux/sched.h b/trunk/include/linux/sched.h index 27519df0f987..c3ba31f210a9 100644 --- a/trunk/include/linux/sched.h +++ b/trunk/include/linux/sched.h @@ -1018,7 +1018,6 @@ extern int force_sig_info(int, struct siginfo *, struct task_struct *); extern int __kill_pg_info(int sig, struct siginfo *info, pid_t pgrp); extern int kill_pg_info(int, struct siginfo *, pid_t); extern int kill_proc_info(int, struct siginfo *, pid_t); -extern int kill_proc_info_as_uid(int, struct siginfo *, pid_t, uid_t, uid_t); extern void do_notify_parent(struct task_struct *, int); extern void force_sig(int, struct task_struct *); extern void force_sig_specific(int, struct task_struct *); diff --git a/trunk/kernel/signal.c b/trunk/kernel/signal.c index 50c992643771..cba193ceda0d 100644 --- a/trunk/kernel/signal.c +++ b/trunk/kernel/signal.c @@ -1193,40 +1193,6 @@ kill_proc_info(int sig, struct siginfo *info, pid_t pid) return error; } -/* like kill_proc_info(), but doesn't use uid/euid of "current" */ -int kill_proc_info_as_uid(int sig, struct siginfo *info, pid_t pid, - uid_t uid, uid_t euid) -{ - int ret = -EINVAL; - struct task_struct *p; - - if (!valid_signal(sig)) - return ret; - - read_lock(&tasklist_lock); - p = find_task_by_pid(pid); - if (!p) { - ret = -ESRCH; - goto out_unlock; - } - if ((!info || ((unsigned long)info != 1 && - (unsigned long)info != 2 && SI_FROMUSER(info))) - && (euid != p->suid) && (euid != p->uid) - && (uid != p->suid) && (uid != p->uid)) { - ret = -EPERM; - goto out_unlock; - } - if (sig && p->sighand) { - unsigned long flags; - spin_lock_irqsave(&p->sighand->siglock, flags); - ret = __group_send_sig_info(sig, info, p); - spin_unlock_irqrestore(&p->sighand->siglock, flags); - } -out_unlock: - read_unlock(&tasklist_lock); - return ret; -} -EXPORT_SYMBOL_GPL(kill_proc_info_as_uid); /* * kill_something_info() interprets pid in interesting ways just like kill(2).