From 83014699b06fb9a300d896c7c49fb8be1c6c5ddc Mon Sep 17 00:00:00 2001 From: stephane eranian Date: Wed, 11 Jun 2008 15:24:13 -0700 Subject: [IA64] perfmon: fix async exit bug Move the cleanup of the async queue to the close callback from the flush callback. This avoids losing asynchronous overflow notifications when the file descriptor is shared by multiple processes and one terminates. Signed-off-by: Stephane Eranian Signed-off-by: Tony Luck --- arch/ia64/kernel/perfmon.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'arch/ia64') diff --git a/arch/ia64/kernel/perfmon.c b/arch/ia64/kernel/perfmon.c index 71d05133f556..7714a97b0104 100644 --- a/arch/ia64/kernel/perfmon.c +++ b/arch/ia64/kernel/perfmon.c @@ -1864,11 +1864,6 @@ pfm_flush(struct file *filp, fl_owner_t id) * invoked after, it will find an empty queue and no * signal will be sent. In both case, we are safe */ - if (filp->f_flags & FASYNC) { - DPRINT(("cleaning up async_queue=%p\n", ctx->ctx_async_queue)); - pfm_do_fasync (-1, filp, ctx, 0); - } - PROTECT_CTX(ctx, flags); state = ctx->ctx_state; @@ -1999,6 +1994,11 @@ pfm_close(struct inode *inode, struct file *filp) return -EBADF; } + if (filp->f_flags & FASYNC) { + DPRINT(("cleaning up async_queue=%p\n", ctx->ctx_async_queue)); + pfm_do_fasync(-1, filp, ctx, 0); + } + PROTECT_CTX(ctx, flags); state = ctx->ctx_state; -- cgit v1.2.3 From 3463a93def55c309f3c0d0a8aaf216be3be42d64 Mon Sep 17 00:00:00 2001 From: Alex Chiang Date: Wed, 11 Jun 2008 17:29:27 -0600 Subject: [IA64] Update check_sal_cache_flush to use platform_send_ipi() check_sal_cache_flush is used to detect broken firmware that drops pending interrupts. The old implementation schedules a timer interrupt for itself in the future by getting the current value of the Interval Timer Counter + 1000 cycles, waits for the interrupt to be pended, calls SAL_CACHE_FLUSH, and finally checks to see if the interrupt is still pending. This implementation can cause problems for virtual machine code if the process of scheduling the timer interrupt takes more than 1000 cycles; the virtual machine can end up sleeping for several hundred years while waiting for the ITC to wrap around. The fix is to use platform_send_ipi. The processor will still send an interrupt to itself, using the IA64_IPI_DM_INT delivery mode, which causes the IPI to look like an external interrupt. The rest of the SAL_CACHE_FLUSH + checking to see if the interrupt is still pending remains unchanged. This fix has been boot tested successfully on: - intel tiger2 - hp rx6600 - hp rx5670 The rx5670 has known buggy firmware, where SAL_CACHE_FLUSH drops pending interrupts. A boot test on this machine showed this message on the console: SAL: SAL_CACHE_FLUSH drops interrupts; PAL_CACHE_FLUSH will be used instead Which proves that the self-inflicted IPI approach is viable. And as expected, the other tested platforms correctly did not display the warning. Signed-off-by: Alex Chiang Signed-off-by: Tony Luck --- arch/ia64/kernel/sal.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'arch/ia64') diff --git a/arch/ia64/kernel/sal.c b/arch/ia64/kernel/sal.c index 7e0259709c04..0464173ea568 100644 --- a/arch/ia64/kernel/sal.c +++ b/arch/ia64/kernel/sal.c @@ -252,11 +252,10 @@ check_sal_cache_flush (void) local_irq_save(flags); /* - * Schedule a timer interrupt, wait until it's reported, and see if - * SAL_CACHE_FLUSH drops it. + * Send ourselves a timer interrupt, wait until it's reported, and see + * if SAL_CACHE_FLUSH drops it. */ - ia64_set_itv(IA64_TIMER_VECTOR); - ia64_set_itm(ia64_get_itc() + 1000); + platform_send_ipi(cpu, IA64_TIMER_VECTOR, IA64_IPI_DM_INT, 0); while (!ia64_get_irr(IA64_TIMER_VECTOR)) cpu_relax(); -- cgit v1.2.3 From 732a675a6303156d1a197dc780b0712bd4b49d46 Mon Sep 17 00:00:00 2001 From: Jack Steiner Date: Sat, 14 Jun 2008 07:57:25 -0500 Subject: [IA64] Fix CONFIG_IA64_SGI_UV build error Fix build error in CONFIG_IA64_SGI_UV config. (GENERIC builds are ok). Signed-off-by: Jack Steiner Signed-off-by: Tony Luck --- arch/ia64/Makefile | 1 + arch/ia64/uv/kernel/setup.c | 12 ++++++++++++ include/asm-ia64/sn/simulator.h | 7 ++++++- 3 files changed, 19 insertions(+), 1 deletion(-) (limited to 'arch/ia64') diff --git a/arch/ia64/Makefile b/arch/ia64/Makefile index 88f1a55c6c94..e67ee3f27698 100644 --- a/arch/ia64/Makefile +++ b/arch/ia64/Makefile @@ -57,6 +57,7 @@ core-$(CONFIG_IA64_GENERIC) += arch/ia64/dig/ core-$(CONFIG_IA64_HP_ZX1) += arch/ia64/dig/ core-$(CONFIG_IA64_HP_ZX1_SWIOTLB) += arch/ia64/dig/ core-$(CONFIG_IA64_SGI_SN2) += arch/ia64/sn/ +core-$(CONFIG_IA64_SGI_UV) += arch/ia64/uv/ core-$(CONFIG_KVM) += arch/ia64/kvm/ drivers-$(CONFIG_PCI) += arch/ia64/pci/ diff --git a/arch/ia64/uv/kernel/setup.c b/arch/ia64/uv/kernel/setup.c index 9aa743203c3c..cf5f28ae96c4 100644 --- a/arch/ia64/uv/kernel/setup.c +++ b/arch/ia64/uv/kernel/setup.c @@ -17,6 +17,9 @@ DEFINE_PER_CPU(struct uv_hub_info_s, __uv_hub_info); EXPORT_PER_CPU_SYMBOL_GPL(__uv_hub_info); +#ifdef CONFIG_IA64_SGI_UV +int sn_prom_type; +#endif struct redir_addr { unsigned long redirect; @@ -64,6 +67,15 @@ void __init uv_setup(char **cmdline_p) m_n_config.s.m_skt = 37; m_n_config.s.n_skt = 0; mmr_base = 0; +#if 0 + /* Need BIOS calls - TDB */ + if (!ia64_sn_is_fake_prom()) + sn_prom_type = 1; + else +#endif + sn_prom_type = 2; + printk(KERN_INFO "Running on medusa with %s PROM\n", + (sn_prom_type == 1) ? "real" : "fake"); } else { get_lowmem_redirect(&lowmem_redir_base, &lowmem_redir_size); node_id.v = uv_read_local_mmr(UVH_NODE_ID); diff --git a/include/asm-ia64/sn/simulator.h b/include/asm-ia64/sn/simulator.h index c3fd3eb25768..c2611f6cfe33 100644 --- a/include/asm-ia64/sn/simulator.h +++ b/include/asm-ia64/sn/simulator.h @@ -8,7 +8,7 @@ #ifndef _ASM_IA64_SN_SIMULATOR_H #define _ASM_IA64_SN_SIMULATOR_H - +#if defined(CONFIG_IA64_GENERIC) || defined(CONFIG_IA64_SGI_SN2) || defined(CONFIG_IA64_SGI_UV) #define SNMAGIC 0xaeeeeeee8badbeefL #define IS_MEDUSA() ({long sn; asm("mov %0=cpuid[%1]" : "=r"(sn) : "r"(2)); sn == SNMAGIC;}) @@ -16,5 +16,10 @@ #define IS_RUNNING_ON_SIMULATOR() (sn_prom_type) #define IS_RUNNING_ON_FAKE_PROM() (sn_prom_type == 2) extern int sn_prom_type; /* 0=hardware, 1=medusa/realprom, 2=medusa/fakeprom */ +#else +#define IS_MEDUSA() 0 +#define SIMULATOR_SLEEP() +#define IS_RUNNING_ON_SIMULATOR() 0 +#endif #endif /* _ASM_IA64_SN_SIMULATOR_H */ -- cgit v1.2.3 From e0c6d97c65e0784aade7e97b9411f245a6c543e7 Mon Sep 17 00:00:00 2001 From: Cliff Wickman Date: Fri, 20 Jun 2008 12:02:00 -0700 Subject: [IA64] SN2: security hole in sn2_ptc_proc_write Security hole in sn2_ptc_proc_write It is possible to overrun a buffer with a write to this /proc file. Signed-off-by: Cliff Wickman Signed-off-by: Tony Luck --- arch/ia64/sn/kernel/sn2/sn2_smp.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'arch/ia64') diff --git a/arch/ia64/sn/kernel/sn2/sn2_smp.c b/arch/ia64/sn/kernel/sn2/sn2_smp.c index 49d3120415eb..6dd886c5d860 100644 --- a/arch/ia64/sn/kernel/sn2/sn2_smp.c +++ b/arch/ia64/sn/kernel/sn2/sn2_smp.c @@ -512,6 +512,8 @@ static ssize_t sn2_ptc_proc_write(struct file *file, const char __user *user, si int cpu; char optstr[64]; + if (count > sizeof(optstr)) + return -EINVAL; if (copy_from_user(optstr, user, count)) return -EFAULT; optstr[count - 1] = '\0'; -- cgit v1.2.3