linux.git/arch/um/os-Linux, branch v2.6.23 Linux kernel source tree uml: fix irqstack crash 2007-09-19T18:24:18+00:00 Jeff Dike jdike@addtoit.com 2007-09-19T05:46:49+00:00 508a92741a105e2e3d466cd727fb73154ebf08de This patch fixes a crash caused by an interrupt coming in when an IRQ stack is being torn down. When this happens, handle_signal will loop, setting up the IRQ stack again because the tearing down had finished, and handling whatever signals had come in. However, to_irq_stack returns a mask of pending signals to be handled, plus bit zero is set if the IRQ stack was already active, and thus shouldn't be torn down. This causes a problem because when handle_signal goes around the loop, sig will be zero, and to_irq_stack will duly set bit zero in the returned mask, faking handle_signal into believing that it shouldn't tear down the IRQ stack and return thread_info pointers back to their original values. This will eventually cause a crash, as the IRQ stack thread_info will continue pointing to the original task_struct and an interrupt will look into it after it has been freed. The fix is to stop passing a signal number into to_irq_stack. Rather, the pending signals mask is initialized beforehand with the bit for sig already set. References to sig in to_irq_stack can be replaced with references to the mask. [akpm@linux-foundation.org: use UL] Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
This patch fixes a crash caused by an interrupt coming in when an IRQ stack
is being torn down.  When this happens, handle_signal will loop, setting up
the IRQ stack again because the tearing down had finished, and handling
whatever signals had come in.

However, to_irq_stack returns a mask of pending signals to be handled, plus
bit zero is set if the IRQ stack was already active, and thus shouldn't be
torn down.  This causes a problem because when handle_signal goes around
the loop, sig will be zero, and to_irq_stack will duly set bit zero in the
returned mask, faking handle_signal into believing that it shouldn't tear
down the IRQ stack and return thread_info pointers back to their original
values.

This will eventually cause a crash, as the IRQ stack thread_info will
continue pointing to the original task_struct and an interrupt will look
into it after it has been freed.

The fix is to stop passing a signal number into to_irq_stack.  Rather, the
pending signals mask is initialized beforehand with the bit for sig already
set.  References to sig in to_irq_stack can be replaced with references to
the mask.

[akpm@linux-foundation.org: use UL]
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: use correct type in BLKGETSIZE ioctl 2007-09-19T18:24:17+00:00 Nicolas George nicolas.george@ens.fr 2007-09-19T05:46:21+00:00 2c392a4f47f41b24432e6aa77bb5167d0bbb10c5 I found a type mismatch in UML that makes host block devices unusable as ubd devices on x86_64 and other 64 bits systems (segfault of the mm subsystem): In block/ioctl.c, the following lines show that the BLKGETSIZE ioctl expects a pointer to a long: case BLKGETSIZE: if ((bdev->bd_inode->i_size >> 9) > ~0UL) return -EFBIG; return put_ulong(arg, bdev->bd_inode->i_size >> 9); In arch/um/os-Linux/file.c, os_file_size calls it with an int. The ioctl_list man page should be fixed as well. Cc: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
I found a type mismatch in UML that makes host block devices unusable as ubd
devices on x86_64 and other 64 bits systems (segfault of the mm subsystem):

In block/ioctl.c, the following lines show that the BLKGETSIZE ioctl expects
a pointer to a long:

	case BLKGETSIZE:
		if ((bdev->bd_inode->i_size >> 9) > ~0UL)
			return -EFBIG;
		return put_ulong(arg, bdev->bd_inode->i_size >> 9);

In arch/um/os-Linux/file.c, os_file_size calls it with an int.

The ioctl_list man page should be fixed as well.

Cc: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: fix x86_64 core dump crash 2007-08-31T08:42:22+00:00 Jeff Dike jdike@addtoit.com 2007-08-31T06:56:20+00:00 d1254b12c93e1e586137a2ffef71fd33cf273f35 Stop UML crashing when trying to dump a process core on x86_64. This is the minimal fix to stop the crash - more things are broken here, and patches are forthcoming. The immediate thing to do is define ELF_CORE_COPY_REGS and ELF_CORE_COPY_FPREGS. Defining ELF_CORE_COPY_FPREGS allows dump_fpu to go away. It is defined in terms of save_fp_registers, so that needs to be added. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Stop UML crashing when trying to dump a process core on x86_64.  This is the
minimal fix to stop the crash - more things are broken here, and patches are
forthcoming.

The immediate thing to do is define ELF_CORE_COPY_REGS and
ELF_CORE_COPY_FPREGS.  Defining ELF_CORE_COPY_FPREGS allows dump_fpu to go
away.  It is defined in terms of save_fp_registers, so that needs to be added.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: more __init annotations 2007-07-24T19:24:58+00:00 Jeff Dike jdike@addtoit.com 2007-07-24T01:43:48+00:00 97a1fcbb20fcbb0177567fd2dbcc6ed1bcc450ce 2.6.23-rc1 turned up another batch of references from non-__init code to __init code. In most cases, these were missing __init annotations. In one case (os_drop_memory), the annotation was present but wrong. init_maps is __init, but for some reason was being very careful about the mechanism by which it allocated memory, checking whether it was OK to use kmalloc (at this point in the boot, it definitely isn't) and using either alloc_bootmem_low_pages or kmalloc/vmalloc. So, the kmalloc/vmalloc code is removed. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
2.6.23-rc1 turned up another batch of references from non-__init code to
__init code.  In most cases, these were missing __init annotations.  In one
case (os_drop_memory), the annotation was present but wrong.

init_maps is __init, but for some reason was being very careful about the
mechanism by which it allocated memory, checking whether it was OK to use
kmalloc (at this point in the boot, it definitely isn't) and using either
alloc_bootmem_low_pages or kmalloc/vmalloc.  So, the kmalloc/vmalloc code is
removed.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: fix aio compilation bug 2007-07-24T19:24:58+00:00 Jeff Dike jdike@addtoit.com 2007-07-24T01:43:47+00:00 da3e30e78ed9652322dccb49fa149e7b4e985f74 Restructure do_aio thanks to commments from Ulrich and Al. Uli started this by seeing that UML's initialization of a struct iocb initialized fields that it shouldn't. Al followed up by adding the following cleanups: eliminating a variable by just using an anonymous structure in its place. hoisting a duplicated line out of the switch. simplifying the error checking at the end. I added a severity to the printk. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Ulrich Drepper <drepper@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Restructure do_aio thanks to commments from Ulrich and Al.

Uli started this by seeing that UML's initialization of a struct iocb
initialized fields that it shouldn't.

Al followed up by adding the following cleanups:
	eliminating a variable by just using an anonymous structure in
its place.
	hoisting a duplicated line out of the switch.
	simplifying the error checking at the end.

I added a severity to the printk.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Ulrich Drepper <drepper@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: fix string exporting on UML/i386 2007-07-24T19:24:58+00:00 Jeff Dike jdike@addtoit.com 2007-07-24T01:43:46+00:00 1a65f493c335abc3822291b52f3565776ce39a1b In 2.6.23-rc1, i386 fiddled its string support such that UML started getting undefined references from modules. The UML asm/string.h was including the i386 string.h, which defined __HAVE_ARCH_STR*, but the corresponding implementations weren't being pulled in. This is fixed by adding arch/i386/lib/string.h to the list of host architecture files to be pulled in to UML. A complication is that the libc exports file assumed that the generic strlen and strstr weren't in use (i.e. __HAVE_ARCH_STR is defined), then they aren't exported. This is untrue for strlen, which is exported in either case, so this logic is not needed. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
In 2.6.23-rc1, i386 fiddled its string support such that UML started getting
undefined references from modules.  The UML asm/string.h was including the
i386 string.h, which defined __HAVE_ARCH_STR*, but the corresponding
implementations weren't being pulled in.

This is fixed by adding arch/i386/lib/string.h to the list of host
architecture files to be pulled in to UML.

A complication is that the libc exports file assumed that the generic strlen
and strstr weren't in use (i.e.  __HAVE_ARCH_STR is defined), then they aren't
exported.  This is untrue for strlen, which is exported in either case, so
this logic is not needed.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: export hostfs symbols 2007-07-16T16:05:39+00:00 Jeff Dike jdike@addtoit.com 2007-07-16T06:38:57+00:00 e8234483e7545b3cd298b0265fcee2e4a14c9f51 Add some exports for hostfs that are required after Alberto Bertogli's fixes for accessing unlinked host files. Also did some style cleanups while I was here. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Add some exports for hostfs that are required after Alberto Bertogli's fixes
for accessing unlinked host files.

Also did some style cleanups while I was here.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: Eliminate kernel allocator wrappers 2007-07-16T16:05:38+00:00 Jeff Dike jdike@addtoit.com 2007-07-16T06:38:56+00:00 e4c4bf9968cb4f0fceb1b8fb54790ccae73caf4e UML had two wrapper procedures for kmalloc, um_kmalloc and um_kmalloc_atomic because the flag constants weren't available in userspace code. kern_constants.h had made kernel constants available for a long time, so there is no need for these wrappers any more. Rather, userspace code calls kmalloc directly with the userspace versions of the gfp flags. kmalloc isn't a real procedure, so I had to essentially copy the inline wrapper around __kmalloc. vmalloc also had its own wrapper for no good reason. This is now gone. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
UML had two wrapper procedures for kmalloc, um_kmalloc and um_kmalloc_atomic
because the flag constants weren't available in userspace code.
kern_constants.h had made kernel constants available for a long time, so there
is no need for these wrappers any more.  Rather, userspace code calls kmalloc
directly with the userspace versions of the gfp flags.

kmalloc isn't a real procedure, so I had to essentially copy the inline
wrapper around __kmalloc.

vmalloc also had its own wrapper for no good reason.  This is now gone.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: simplify helper stack handling 2007-07-16T16:05:38+00:00 Jeff Dike jdike@addtoit.com 2007-07-16T06:38:56+00:00 c43990162fc7f9d2f15a12797fdc6f9c0905f704 run_helper and run_helper_thread had arguments which were the same in all callers. run_helper's stack_out was always NULL and run_helper_thread's stack_order was always 0. These are now gone, and the constants folded into the code. Also fixed leaks of the helper stack in the AIO and SIGIO code. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
run_helper and run_helper_thread had arguments which were the same in all
callers.  run_helper's stack_out was always NULL and run_helper_thread's
stack_order was always 0.  These are now gone, and the constants folded
into the code.

Also fixed leaks of the helper stack in the AIO and SIGIO code.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
uml: SIGIO support cleanup 2007-07-16T16:05:38+00:00 Jeff Dike jdike@addtoit.com 2007-07-16T06:38:55+00:00 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 Cleanup of the SIGWINCH support. Some code and comment reformatting. The stack used for SIGWINCH threads was leaked. This is now fixed by storing it with the pid and other information, and freeing it when the thread is killed. If something goes wrong with a WIGWINCH thread, and this is discovered in the interrupt handler, the winch record would leak. It is now freed, except that the IRQ isn't freed. This is hard to do from interrupt context. This has the side-effect that the IRQ system maintains a reference to the freed structure, but that shouldn't cause a problem since the descriptor is disabled. register_winch_irq is now much better about cleaning up after an initialization failure. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 
Cleanup of the SIGWINCH support.

Some code and comment reformatting.

The stack used for SIGWINCH threads was leaked.  This is now fixed by storing
it with the pid and other information, and freeing it when the thread is
killed.

If something goes wrong with a WIGWINCH thread, and this is discovered in the
interrupt handler, the winch record would leak.  It is now freed, except that
the IRQ isn't freed.  This is hard to do from interrupt context.  This has the
side-effect that the IRQ system maintains a reference to the freed structure,
but that shouldn't cause a problem since the descriptor is disabled.

register_winch_irq is now much better about cleaning up after an
initialization failure.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>