1. 02 Dec, 2009 1 commit
    • Jan Beulich's avatar
      x86/alternatives: Check replacementlen <= instrlen at build time · 01be50a3
      Jan Beulich authored
      Having run into the run-(boot-)time check a couple of times lately,
      I finally took time to find a build-time check so that one doesn't
      need to analyze the register/stack dump and resolve this (through
      manual lookup in vmlinux) to the offending construct.
      
      The assembler will emit a message like "Error: value of <num> too
      large for field of 1 bytes at <offset>", which while not pointing
      out the source location still makes analysis quite a bit easier.
      Signed-off-by: default avatarJan Beulich <jbeulich@novell.com>
      LKML-Reference: <4B0FF8AA0200007800022703@vpn.id2.novell.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      01be50a3
  2. 26 Nov, 2009 3 commits
  3. 16 Nov, 2009 1 commit
    • Frederic Weisbecker's avatar
      x86: Add missing might_fault() checks to copy_{to,from}_user() · 3c93ca00
      Frederic Weisbecker authored
      On x86-64, copy_[to|from]_user() rely on assembly routines that
      never call might_fault(), making us missing various lockdep
      checks.
      
      This doesn't apply to __copy_from,to_user() that explicitly
      handle these calls, neither is it a problem in x86-32 where
      copy_to,from_user() rely on the "__" prefixed versions that
      also call might_fault().
      Signed-off-by: default avatarFrederic Weisbecker <fweisbec@gmail.com>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Nick Piggin <npiggin@suse.de>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      LKML-Reference: <1258382538-30979-1-git-send-email-fweisbec@gmail.com>
      [ v2: fix module export ]
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      3c93ca00
  4. 15 Nov, 2009 1 commit
    • Jan Beulich's avatar
      x86-64: __copy_from_user_inatomic() adjustments · 14722485
      Jan Beulich authored
      This v2.6.26 commit:
      
          ad2fc2cd: x86: fix copy_user on x86
      
      rendered __copy_from_user_inatomic() identical to
      copy_user_generic(), yet didn't make the former just call the
      latter from an inline function.
      
      Furthermore, this v2.6.19 commit:
      
          b885808e: [PATCH] Add proper sparse __user casts to __copy_to_user_inatomic
      
      converted the return type of __copy_to_user_inatomic() from
      unsigned long to int, but didn't do the same to
      __copy_from_user_inatomic().
      Signed-off-by: default avatarJan Beulich <jbeulich@novell.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Alexander Viro <viro@zeniv.linux.org.uk>
      Cc: Arjan van de Ven <arjan@infradead.org>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: <v.mayatskih@gmail.com>
      LKML-Reference: <4AFD5778020000780001F8F4@vpn.id2.novell.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      14722485
  5. 08 Nov, 2009 1 commit
  6. 03 Nov, 2009 1 commit
  7. 12 Oct, 2009 2 commits
  8. 09 Oct, 2009 1 commit
  9. 02 Oct, 2009 1 commit
    • Arjan van de Ven's avatar
      x86: Add a Kconfig option to turn the copy_from_user warnings into errors · 63312b6a
      Arjan van de Ven authored
      For automated testing it is useful to have the option to turn
      the warnings on copy_from_user() etc checks into errors:
      
       In function ‘copy_from_user’,
           inlined from ‘fd_copyin’ at drivers/block/floppy.c:3080,
           inlined from ‘fd_ioctl’ at drivers/block/floppy.c:3503:
         linux/arch/x86/include/asm/uaccess_32.h:213:
        error: call to ‘copy_from_user_overflow’ declared with attribute error:
        copy_from_user buffer size is not provably correct
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      LKML-Reference: <20091002075050.4e9f7641@infradead.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      63312b6a
  10. 01 Oct, 2009 1 commit
    • Arjan van de Ven's avatar
      x86: Turn the copy_from_user check into an (optional) compile time warning · 4a312769
      Arjan van de Ven authored
      A previous patch added the buffer size check to copy_from_user().
      
      One of the things learned from analyzing the result of the previous
      patch is that in general, gcc is really good at proving that the
      code contains sufficient security checks to not need to do a
      runtime check. But that for those cases where gcc could not prove
      this, there was a relatively high percentage of real security
      issues.
      
      This patch turns the case of "gcc cannot prove" into a compile time
      warning, as long as a sufficiently new gcc is in use that supports
      this. The objective is that these warnings will trigger developers
      checking new cases out before a security hole enters a linux kernel
      release.
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: James Morris <jmorris@namei.org>
      Cc: Jan Beulich <jbeulich@novell.com>
      LKML-Reference: <20090930130523.348ae6c4@infradead.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      4a312769
  11. 28 Sep, 2009 1 commit
    • Arjan van de Ven's avatar
      x86: Use __builtin_memset and __builtin_memcpy for memset/memcpy · ff60fab7
      Arjan van de Ven authored
      GCC provides reasonable memset/memcpy functions itself, with __builtin_memset
      and __builtin_memcpy. For the "unknown" cases, it'll fall back to our
      current existing functions, but for fixed size versions it'll inline
      something smart. Quite often that will be the same as we have now,
      but sometimes it can do something smarter (for example, if the code
      then sets the first member of a struct, it can do a shorter memset).
      
      In addition, and this is more important, gcc knows which registers and
      such are not clobbered (while for our asm version it pretty much
      acts like a compiler barrier), so for various cases it can avoid reloading
      values.
      
      The effect on codesize is shown below on my typical laptop .config:
      
         text	   data	    bss	    dec	    hex	filename
      5605675	2041100	6525148	14171923	 d83f13	vmlinux.before
      5595849	2041668	6525148	14162665	 d81ae9	vmlinux.after
      
      Due to some not-so-good behavior in the gcc 3.x series, this change
      is only done for GCC 4.x and above.
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      LKML-Reference: <20090928142122.6fc57e9c@infradead.org>
      Signed-off-by: default avatarH. Peter Anvin <hpa@zytor.com>
      ff60fab7
  12. 26 Sep, 2009 1 commit
    • Arjan van de Ven's avatar
      x86: Use __builtin_object_size() to validate the buffer size for copy_from_user() · 9f0cf4ad
      Arjan van de Ven authored
      gcc (4.x) supports the __builtin_object_size() builtin, which
      reports the size of an object that a pointer point to, when known
      at compile time. If the buffer size is not known at compile time, a
      constant -1 is returned.
      
      This patch uses this feature to add a sanity check to
      copy_from_user(); if the target buffer is known to be smaller than
      the copy size, the copy is aborted and a WARNing is emitted in
      memory debug mode.
      
      These extra checks compile away when the object size is not known,
      or if both the buffer size and the copy length are constants.
      Signed-off-by: default avatarArjan van de Ven <arjan@linux.intel.com>
      LKML-Reference: <20090926143301.2c396b94@infradead.org>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      9f0cf4ad
  13. 25 Sep, 2009 1 commit
  14. 24 Sep, 2009 5 commits
    • Rusty Russell's avatar
      x86: Remove redundant non-NUMA topology functions · b0c6fbe4
      Rusty Russell authored
      arch/x86/include/asm/topology.h declares inline fns cpu_to_node and
      cpumask_of_node for !NUMA, even though they are then declared as
      macros by asm-generic/topology.h, which is #included just below.
      
      The macros (which are the same) end up being used; these functions
      are just confusing.
      Noticed-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Cc: Jesse Barnes <jbarnes@virtuousgeek.org>
      Cc: "Greg Kroah-Hartman" <gregkh@suse.de>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Cc: Tejun Heo <tj@kernel.org>
      LKML-Reference: <200909241748.45629.rusty@rustcorp.com.au>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      b0c6fbe4
    • Jason Wessel's avatar
      x86: early_printk: Protect against using the same device twice · 429a6e5e
      Jason Wessel authored
      If you use the kernel argument:
      
        earlyprintk=serial,ttyS0,115200
      
      This will cause a recursive hang printing the same line
      again and again:
      
       BIOS-e820: 000000003fff3000 - 0000000040000000 (ACPI data)
       BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)
       BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)
      bootconsole [earlyser0] enabled
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      Linux version 2.6.31-07863-gb64ada6b (mingo@sirius) (gcc version 4.3.2 20081105 (Red Hat 4.3.2-7) (GCC) ) #16789 SMP Wed Sep 23 21:09:43 CEST 2009
      
      Instead warn the end user that they specified the device
      a second time, and ignore that second console.
      Reported-by: default avatarIngo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarJason Wessel <jason.wessel@windriver.com>
      Cc: Len Brown <lenb@kernel.org>
      Cc: Greg KH <gregkh@suse.de>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      LKML-Reference: <4ABAAB89.1080407@windriver.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      429a6e5e
    • Ingo Molnar's avatar
      Merge branch 'linus' into x86/urgent · d2ff6de5
      Ingo Molnar authored
      Merge reason: Queueing up dependent early-printk fix.
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      d2ff6de5
    • Roland Dreier's avatar
      x86: Reduce verbosity of "PAT enabled" kernel message · e23a8b6a
      Roland Dreier authored
      On modern systems, the kernel prints the message
      
          x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
      
      once for every CPU.
      
      This gets kind of ridiculous on huge systems; for example, on a
      64-thread system I was lucky enough to get:
      
          dmesg| grep 'PAT enabled' | wc
               64     704    5174
      
      There is already a BUG() if non-boot CPUs have PAT capabilities
      that don't match the boot CPU, so just print the message on the
      boot CPU. (I kept the print after the wrmsrl() that enables PAT,
      so that the log output continues to mean that the system survived
      enabling PAT on the boot CPU)
      Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
      Cc: Suresh Siddha <suresh.b.siddha@intel.com>
      Cc: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
      LKML-Reference: <adavdj92sso.fsf@cisco.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      e23a8b6a
    • Roland Dreier's avatar
      x86: Reduce verbosity of "TSC is reliable" message · ea01c0d7
      Roland Dreier authored
      On modern systems, the kernel prints the message
      
          Skipping synchronization checks as TSC is reliable.
      
      once for every non-boot CPU.
      
      This gets kind of ridiculous on huge systems; for example, on a
      64-thread system I was lucky enough to get:
      
          $ dmesg | grep 'TSC is reliable' | wc
               63     567    4221
      
      There's no point to doing this for every CPU, since the code is
      just checking the boot CPU anyway, so change this to a
      printk_once() to make the message appears only once.
      Signed-off-by: default avatarRoland Dreier <rolandd@cisco.com>
      LKML-Reference: <adazl8l2swc.fsf@cisco.com>
      Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
      ea01c0d7
  15. 23 Sep, 2009 19 commits