1. 26 Feb, 2010 15 commits
  2. 25 Feb, 2010 1 commit
    • Thomas Gleixner's avatar
      x86/PCI: Prevent mmconfig memory corruption · bb8d4133
      Thomas Gleixner authored
      commit ff097ddd
      
       (x86/PCI: MMCONFIG: manage pci_mmcfg_region as a
      list, not a table) introduced a nasty memory corruption when
      pci_mmcfg_list is empty.
      
      pci_mmcfg_check_end_bus_number() dereferences pci_mmcfg_list.prev even
      when the list is empty. The following write hits some variable near to
      pci_mmcfg_list.
      
      Further down a similar problem exists, where cfg->list.next is
      dereferenced unconditionally and a comparison with some variable near
      to pci_mmcfg_list happens.
      
      Add a check for the last element into the for_each_entry() loop and
      remove all the other crappy logic which is just a leftover of the old
      array based code which was replaced by the list conversion.
      Reported-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: stable@kernel.org
      Signed-off-by: default avatarJesse Barnes <jbarnes@virtuousgeek.org>
      bb8d4133
  3. 24 Feb, 2010 4 commits
  4. 23 Feb, 2010 6 commits
  5. 22 Feb, 2010 4 commits
  6. 20 Feb, 2010 3 commits
  7. 19 Feb, 2010 3 commits
    • David S. Miller's avatar
      sparc64: Fix sun4u execute bit check in TSB I-TLB load. · 1f474646
      David S. Miller authored
      
      
      Thanks to testcase and report from Brad Spengler:
      
      --------------------
      #include <stdio.h>
      
      typedef int (* _wee)(void);
      
      int main(void)
      {
              char buf[8] = { '\x81', '\xc7', '\xe0', '\x08', '\x81', '\xe8',
                              '\x00', '\x00' };
              _wee wee;
              printf("%p\n", &buf);
              wee = (_wee)&buf;
              wee();
      
              return 0;
      }
      --------------------
      
      TSB I-tlb load code tries to use andcc to check the _PAGE_EXEC_4U bit,
      but that's bit 12 so it gets sign extended all the way up to bit 63
      and the test nearly always passes as a result.
      
      Use sethi to fix the bug.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      1f474646
    • Frederic Weisbecker's avatar
      hw-breakpoint: Keep track of dr7 local enable bits · 326264a0
      Frederic Weisbecker authored
      
      
      When the user enables breakpoints through dr7, he can choose
      between "local" or "global" enable bits but given how linux is
      implemented, both have the same effect.
      
      That said we don't keep track how the user enabled the breakpoints
      so when the user requests the dr7 value, we only translate the
      "enabled" status using the global enabled bits. It means that if
      the user enabled a breakpoint using the local enabled bit, reading
      back dr7 will set the global bit and clear the local one.
      
      Apps like Wine expect a full dr7 POKEUSER/PEEKUSER match for emulated
      softwares that implement old reverse engineering protection schemes.
      
      We fix that by keeping track of the whole dr7 value given by the user
      in the thread structure to drop this bug. We'll think about
      something more proper later.
      
      This fixes a 2.6.32 - 2.6.33-x ptrace regression.
      Reported-and-tested-by: default avatarMichael Stefaniuc <mstefani@redhat.com>
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Acked-by: default avatarK.Prasad <prasad@linux.vnet.ibm.com>
      Cc: Alan Stern <stern@rowland.harvard.edu>
      Cc: Maneesh Soni <maneesh@linux.vnet.ibm.com>
      Cc: Alexandre Julliard <julliard@winehq.org>
      Cc: Rafael J. Wysocki <rjw@sisk.pl>
      Cc: Maciej Rutecki <maciej.rutecki@gmail.com>
      326264a0
    • Frederic Weisbecker's avatar
      hw-breakpoints: Accept breakpoints on NULL address · 84d71092
      Frederic Weisbecker authored
      
      
      Before we had a generic breakpoint API, ptrace was accepting
      breakpoints on NULL address in x86. The new API refuse them,
      without given strong reasons. We need to follow the previous
      behaviour as some userspace apps like Wine need such NULL
      breakpoints to ensure old emulated software protections
      are still working.
      
      This fixes a 2.6.32 - 2.6.33-x ptrace regression.
      Reported-and-tested-by: default avatarMichael Stefaniuc <mstefani@redhat.com>
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Acked-by: default avatarK.Prasad <prasad@linux.vnet.ibm.com>
      Acked-by: default avatarRoland McGrath <roland@redhat.com>
      Cc: Alan Stern <stern@rowland.harvard.edu>
      Cc: Maneesh Soni <maneesh@linux.vnet.ibm.com>
      Cc: Alexandre Julliard <julliard@winehq.org>
      Cc: Rafael J. Wysocki <rjw@sisk.pl>
      Cc: Maciej Rutecki <maciej.rutecki@gmail.com>
      84d71092
  8. 18 Feb, 2010 4 commits