This case is supposed to read from a memory after it has been freed,
but we missed freeing base if the memory 'val' could not be allocated.
Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Signed-off-by: Kees Cook <keescook@chromium.org>
This case is supposed to read from a page after after it is freed, but
it missed freeing val if we are not able to get a free page.
Signed-off-by: Sudip Mukherjee <sudip.mukherjee@codethink.co.uk>
Signed-off-by: Kees Cook <keescook@chromium.org>
Here is the big char/misc driver update for 4.6-rc1.
The majority of the patches here is hwtracing and some new mic drivers,
but there's a lot of other driver updates as well. Full details in the
shortlog.
All have been in linux-next for a while with no reported issues.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEABECAAYFAlbp9IcACgkQMUfUDdst+ykyJgCeLTC2QNGrh51kiJglkVJ0yD36
q4MAn0NkvSX2+iv5Jq8MaX6UQoRa4Nun
=MNjR
-----END PGP SIGNATURE-----
Merge tag 'char-misc-4.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc
Pull char/misc updates from Greg KH:
"Here is the big char/misc driver update for 4.6-rc1.
The majority of the patches here is hwtracing and some new mic
drivers, but there's a lot of other driver updates as well. Full
details in the shortlog.
All have been in linux-next for a while with no reported issues"
* tag 'char-misc-4.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (238 commits)
goldfish: Fix build error of missing ioremap on UM
nvmem: mediatek: Fix later provider initialization
nvmem: imx-ocotp: Fix return value of imx_ocotp_read
nvmem: Fix dependencies for !HAS_IOMEM archs
char: genrtc: replace blacklist with whitelist
drivers/hwtracing: make coresight-etm-perf.c explicitly non-modular
drivers: char: mem: fix IS_ERROR_VALUE usage
char: xillybus: Fix internal data structure initialization
pch_phub: return -ENODATA if ROM can't be mapped
Drivers: hv: vmbus: Support kexec on ws2012 r2 and above
Drivers: hv: vmbus: Support handling messages on multiple CPUs
Drivers: hv: utils: Remove util transport handler from list if registration fails
Drivers: hv: util: Pass the channel information during the init call
Drivers: hv: vmbus: avoid unneeded compiler optimizations in vmbus_wait_for_unload()
Drivers: hv: vmbus: remove code duplication in message handling
Drivers: hv: vmbus: avoid wait_for_completion() on crash
Drivers: hv: vmbus: don't loose HVMSG_TIMER_EXPIRED messages
misc: at24: replace memory_accessor with nvmem_device_read
eeprom: 93xx46: extend driver to plug into the NVMEM framework
eeprom: at25: extend driver to plug into the NVMEM framework
...
This improves the order of operations on the use-after-free tests to
try to make sure we've executed any available sanity-checking code,
and to report the poisoning that was found.
Signed-off-by: Kees Cook <keescook@chromium.org>
The current tests for read/write after free work on slab
allocated memory. Memory straight from the buddy allocator
may behave slightly differently and have a different set
of parameters to test. Add tests for those cases as well.
On a basic x86 boot:
# echo WRITE_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 22.291950] lkdtm: Performing direct entry WRITE_BUDDY_AFTER_FREE
[ 22.292983] lkdtm: Writing to the buddy page before free
[ 22.293950] lkdtm: Attempting bad write to the buddy page after free
# echo READ_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 32.375601] lkdtm: Performing direct entry READ_BUDDY_AFTER_FREE
[ 32.379896] lkdtm: Value in memory before free: 12345678
[ 32.383854] lkdtm: Attempting to read from freed memory
[ 32.389309] lkdtm: Buddy page was not poisoned
On x86 with CONFIG_DEBUG_PAGEALLOC and debug_pagealloc=on:
# echo WRITE_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 17.475533] lkdtm: Performing direct entry WRITE_BUDDY_AFTER_FREE
[ 17.477360] lkdtm: Writing to the buddy page before free
[ 17.479089] lkdtm: Attempting bad write to the buddy page after free
[ 17.480904] BUG: unable to handle kernel paging request at
ffff88000ebd8000
# echo READ_BUDDY_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 14.606433] lkdtm: Performing direct entry READ_BUDDY_AFTER_FREE
[ 14.607447] lkdtm: Value in memory before free: 12345678
[ 14.608161] lkdtm: Attempting to read from freed memory
[ 14.608860] BUG: unable to handle kernel paging request at
ffff88000eba3000
Note that arches without ARCH_SUPPORTS_DEBUG_PAGEALLOC may not
produce the same crash.
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
The SLUB allocator may use the first word of a freed block to store the
freelist information. This may make it harder to test poisoning
features. Change the WRITE_AFTER_FREE test to better match what
the READ_AFTER_FREE test does and also print out a big more information.
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
In a similar manner to WRITE_AFTER_FREE, add a READ_AFTER_FREE
test to test free poisoning features. Sample output when
no sanitization is present:
# echo READ_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 17.542473] lkdtm: Performing direct entry READ_AFTER_FREE
[ 17.543866] lkdtm: Value in memory before free: 12345678
[ 17.545212] lkdtm: Attempting bad read from freed memory
[ 17.546542] lkdtm: Memory was not poisoned
with slub_debug=P:
# echo READ_AFTER_FREE > /sys/kernel/debug/provoke-crash/DIRECT
[ 22.415531] lkdtm: Performing direct entry READ_AFTER_FREE
[ 22.416366] lkdtm: Value in memory before free: 12345678
[ 22.417137] lkdtm: Attempting bad read from freed memory
[ 22.417897] lkdtm: Memory correctly poisoned, calling BUG
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
The new __ro_after_init section should be writable before init, but
not after. Validate that it gets updated at init and can't be written
to afterwards.
Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: David Brown <david.brown@linaro.org>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Emese Revfy <re.emese@gmail.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mathias Krause <minipli@googlemail.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Cc: PaX Team <pageexec@freemail.hu>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: kernel-hardening@lists.openwall.com
Cc: linux-arch <linux-arch@vger.kernel.org>
Link: http://lkml.kernel.org/r/1455748879-21872-6-git-send-email-keescook@chromium.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
The kernel sometimes fails to link when lkdrm is built-in and
compiled with clang:
relocation truncated to fit: R_ARM_THM_CALL against `.bss'
The reason here is that a relocation from .text to .bss fails to
generate a trampoline because .bss is not an executable section.
Marking the function 'noinline' turns the relative branch to .bss
into an absolute branch to the function argument, and that works
fine.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Add a copy_to_user() call to the ACCESS_USERSPACE test
prior to attempting direct dereferencing of the user
address to ensure the page is present. Otherwise,
a fault occurs on arm kernels even prior to the introduction
of CONFIG_CPU_SW_DOMAIN_PAN, and there is no difference in
behavior for CONFIG_CPU_SW_DOMAIN_PAN=n vs CONFIG_CPU_SW_DOMAIN_PAN=y.
Before this change, for any value of CONFIG_CPU_SW_DOMAIN_PAN:
lkdtm: Performing direct entry ACCESS_USERSPACE
lkdtm: attempting bad read at b6fe8000
Unable to handle kernel paging request at virtual address b6fe8000
After this change, for CONFIG_CPU_SW_DOMAIN_PAN=n:
lkdtm: Performing direct entry ACCESS_USERSPACE
lkdtm: attempting bad read at b6efc000
lkdtm: attempting bad write at b6efc000
After this change, for CONFIG_CPU_SW_DOMAIN_PAN=y:
lkdtm: Performing direct entry ACCESS_USERSPACE
lkdtm: attempting bad read at b6f7d000
Unhandled fault: page domain fault (0x01b) at 0xb6f7d000
...
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Some architectures need cacheflush.h explicitly included (mips) for
use of flush_icache_range():
config: make ARCH=mips allmodconfig
All error/warnings:
>> ERROR: "flush_icache_range" undefined!
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Some CPUs explicitly need to have their icache flushed after making
executable code copies for the memory region execution tests.
Additionally, report the specific address targets being used so that
debugging non-crash failures is easier.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Move to using pr_* calls instead of printk calls for reporting.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This patch marks the function jp_generic_ide_ioctl() as static in
lkdtm.c because it is not used outside this file.
Thus, it also eliminates the following warnings in lkdtm.c:
drivers/misc/lkdtm.c:227:5: warning: no previous prototype for ‘jp_generic_ide_ioctl’ [-Wmissing-prototypes]
Signed-off-by: Rashika Kheria <rashika.kheria@gmail.com>
Reviewed-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Since lkdtm intentionally does "bad" things, we need to convince sparse
that we're doing these things on purpose. This adds an explicit cast
to the call to copy_to_user() and marks the spin lock as expecting
to dead-lock.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Testing execution and access of userspace from the kernel is needed for
validating things like Intel's SMEP and SMAP protections. Additionally,
add an explicit test for validating that RO page permissions have been
set for the RO data area.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When CONFIG_FRAME_WARN is set low (e.g. some ARM builds), the hard-coded
stack buffer size used for kernel stack over run testing triggers build
warnings. Instead, avoid the warning by recalcuating the buffer size and
recursion count needed to trigger the test. Also uses the recursion counter
indirectly to avoid changing the parameter during the test.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When tests were added to lkdtm that grew the stack frame, the stack
corruption test stopped working. This isolates the test in its own
function, and forces it not to be inlined.
Signed-off-by: Kees Cook <keescook@chromium.org>
Fixes: cc33c537c1 ("lkdtm: add "EXEC_*" triggers")
Cc: stable <stable@vger.kernel.org> # 3.12
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
For additional testing, add "WARNING" as a trigger that calls WARN_ON(1).
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The -fstack-protector compiler flag will only build stack protections if
a character array is seen. Additionally, the offset to the saved
instruction pointer changes based on architecture, so stomp much harder
(64 bytes) when corrupting the stack.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
lkdtm_do_action() may call sleeping functions like kmalloc(), so do not
call it with spin lock held.
Signed-off-by: WANG Cong <xiyou.wangcong@gmail.com>
Cc: Prarit Bhargava <prarit@redhat.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <greg@kroah.com>
Reviewed-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
We observed the crash point count going negative in cases where the
crash point is hit multiple times before the check of "count == 0" is
done. Because of this we never call lkdtm_do_action(). This patch just
adds a spinlock to protect count.
Reported-by: Tapan Dhimant <tdhimant@akamai.com>
Signed-off-by: Josh Hunt <johunt@akamai.com>
Acked-by: Ankita Garg <ankita@in.ibm.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Prefix cname and ctype constants with CN/CT_. This is especially for the
conflict on BUG which causes a build break if arch defines it as a inline
function, i.e. MIPS.
Signed-off-by: Namhyung Kim <namhyung@gmail.com>
Cc: Ankita Garg <ankita@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When the default llseek behavior gets changed to
not allowing seek, all file operations that rely
on the current behaviour need to use an explicit
.llseek operation.
The files that lkdtm uses in debugfs are regular
files and they get read using simple_read_from_buffer,
so generic_file_llseek is the right operation.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
sysfs-writable charp arguments need to be locked against modification
(since the old ones may be kfreed underneath us). String arguments
are much simpler, so use them for small strings (eg. IFNAMSIZ).
lkdtm only uses the parameters at module initialization time, so there's
not much point making them writable.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Reviewed-by: Takashi Iwai <tiwai@suse.de>
Tested-by: Phil Carmody <ext-phil.2.carmody@nokia.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: M. Mohan Kumar <mohan@in.ibm.com>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Cc: Jeff Mahoney <jeffm@suse.com>
Cc: Julia Lawall <julia@diku.dk>
Cc: devel@driverdev.osuosl.org
This adds three new types of kernel "crashes" in the lkdtm driver to
trigger hardlockups, softlockups and task hung states at will.
The first two are useful to test the new generic lockup detector and check
its further regressions. The latter one is a bonus to check the hung task
detector regressions even though it's not currently in rework.
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Simon Kagstrom <simon.kagstrom@netinsight.net>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Don Zickus <dzickus@redhat.com>
Cc: Cyrill Gorcunov <gorcunov@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
percpu.h is included by sched.h and module.h and thus ends up being
included when building most .c files. percpu.h includes slab.h which
in turn includes gfp.h making everything defined by the two files
universally available and complicating inclusion dependencies.
percpu.h -> slab.h dependency is about to be removed. Prepare for
this change by updating users of gfp and slab facilities include those
headers directly instead of assuming availability. As this conversion
needs to touch large number of source files, the following script is
used as the basis of conversion.
http://userweb.kernel.org/~tj/misc/slabh-sweep.py
The script does the followings.
* Scan files for gfp and slab usages and update includes such that
only the necessary includes are there. ie. if only gfp is used,
gfp.h, if slab is used, slab.h.
* When the script inserts a new include, it looks at the include
blocks and try to put the new include such that its order conforms
to its surrounding. It's put in the include block which contains
core kernel includes, in the same order that the rest are ordered -
alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
doesn't seem to be any matching order.
* If the script can't find a place to put a new include (mostly
because the file doesn't have fitting include block), it prints out
an error message indicating which .h file needs to be added to the
file.
The conversion was done in the following steps.
1. The initial automatic conversion of all .c files updated slightly
over 4000 files, deleting around 700 includes and adding ~480 gfp.h
and ~3000 slab.h inclusions. The script emitted errors for ~400
files.
2. Each error was manually checked. Some didn't need the inclusion,
some needed manual addition while adding it to implementation .h or
embedding .c file was more appropriate for others. This step added
inclusions to around 150 files.
3. The script was run again and the output was compared to the edits
from #2 to make sure no file was left behind.
4. Several build tests were done and a couple of problems were fixed.
e.g. lib/decompress_*.c used malloc/free() wrappers around slab
APIs requiring slab.h to be added manually.
5. The script was run on all .h files but without automatically
editing them as sprinkling gfp.h and slab.h inclusions around .h
files could easily lead to inclusion dependency hell. Most gfp.h
inclusion directives were ignored as stuff from gfp.h was usually
wildly available and often used in preprocessor macros. Each
slab.h inclusion directive was examined and added manually as
necessary.
6. percpu.h was updated not to include slab.h.
7. Build test were done on the following configurations and failures
were fixed. CONFIG_GCOV_KERNEL was turned off for all tests (as my
distributed build env didn't work with gcov compiles) and a few
more options had to be turned off depending on archs to make things
build (like ipr on powerpc/64 which failed due to missing writeq).
* x86 and x86_64 UP and SMP allmodconfig and a custom test config.
* powerpc and powerpc64 SMP allmodconfig
* sparc and sparc64 SMP allmodconfig
* ia64 SMP allmodconfig
* s390 SMP allmodconfig
* alpha SMP allmodconfig
* um on x86_64 SMP allmodconfig
8. percpu.h modifications were reverted so that it could be applied as
a separate patch and serve as bisection point.
Given the fact that I had only a couple of failures from tests on step
6, I'm fairly confident about the coverage of this conversion patch.
If there is a breakage, it's likely to be something in one of the arch
headers which should be easily discoverable easily on most builds of
the specific arch.
Signed-off-by: Tejun Heo <tj@kernel.org>
Guess-its-ok-by: Christoph Lameter <cl@linux-foundation.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
Add adds a debugfs interface and additional failure modes to LKDTM to
provide similar functionality to the provoke-crash driver submitted here:
http://lwn.net/Articles/371208/
Crashes can now be induced either through module parameters (as before)
or through the debugfs interface as in provoke-crash.
The patch also provides a new "direct" interface, where KPROBES are not
used, i.e., the crash is invoked directly upon write to the debugfs
file. When built without KPROBES configured, only this mode is available.
Signed-off-by: Simon Kagstrom <simon.kagstrom@netinsight.net>
Cc: M. Mohan Kumar <mohan@in.ibm.com>
Cc: Americo Wang <xiyou.wangcong@gmail.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Current lkdtm code puts a probe on __do_IRQ for some of the kdump test
cases. Since __do_IRQ is deprecated, change lkdtm code to use do_IRQ
function.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Cc: Ankita Garg <ankita@in.ibm.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Masami Hiramatsu <mhiramat@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
- make needlessly global functions static
- make lkdtm_module_{init,exit}() as __{init,exit}
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Cc: Ankita Garg <ankita@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The MEM_SWAPOUT crashpoint in LKDTM could be broken as some compilers
inline the call to shrink_page_list() and symbol lookup for this function
name fails. Replacing it with the function shrink_inactive_list(), which
is the only function calling shrink_page_list().
Signed-off-by: Ankita Garg <ankita@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix module_param/sysfs file permission typo.
Clean up MODULE_PARM_DESC strings to avoid fancy (and incorrect)
formatting.
Fix header includes for lkdtm; add some needed ones, remove unused ones;
and fix this gcc warning:
drivers/misc/lkdtm.c:150: warning: 'struct buffer_head' declared inside parameter list
drivers/misc/lkdtm.c:150: warning: its scope is only this definition or declaration, which is probably not what you want
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Ankita Garg <ankita@in.ibm.com>
Cc: Vivek Goyal <vgoyal@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Maintain a per-CPU global "struct pt_regs *" variable which can be used instead
of passing regs around manually through all ~1800 interrupt handlers in the
Linux kernel.
The regs pointer is used in few places, but it potentially costs both stack
space and code to pass it around. On the FRV arch, removing the regs parameter
from all the genirq function results in a 20% speed up of the IRQ exit path
(ie: from leaving timer_interrupt() to leaving do_IRQ()).
Where appropriate, an arch may override the generic storage facility and do
something different with the variable. On FRV, for instance, the address is
maintained in GR28 at all times inside the kernel as part of general exception
handling.
Having looked over the code, it appears that the parameter may be handed down
through up to twenty or so layers of functions. Consider a USB character
device attached to a USB hub, attached to a USB controller that posts its
interrupts through a cascaded auxiliary interrupt controller. A character
device driver may want to pass regs to the sysrq handler through the input
layer which adds another few layers of parameter passing.
I've build this code with allyesconfig for x86_64 and i386. I've runtested the
main part of the code on FRV and i386, though I can't test most of the drivers.
I've also done partial conversion for powerpc and MIPS - these at least compile
with minimal configurations.
This will affect all archs. Mostly the changes should be relatively easy.
Take do_IRQ(), store the regs pointer at the beginning, saving the old one:
struct pt_regs *old_regs = set_irq_regs(regs);
And put the old one back at the end:
set_irq_regs(old_regs);
Don't pass regs through to generic_handle_irq() or __do_IRQ().
In timer_interrupt(), this sort of change will be necessary:
- update_process_times(user_mode(regs));
- profile_tick(CPU_PROFILING, regs);
+ update_process_times(user_mode(get_irq_regs()));
+ profile_tick(CPU_PROFILING);
I'd like to move update_process_times()'s use of get_irq_regs() into itself,
except that i386, alone of the archs, uses something other than user_mode().
Some notes on the interrupt handling in the drivers:
(*) input_dev() is now gone entirely. The regs pointer is no longer stored in
the input_dev struct.
(*) finish_unlinks() in drivers/usb/host/ohci-q.c needs checking. It does
something different depending on whether it's been supplied with a regs
pointer or not.
(*) Various IRQ handler function pointers have been moved to type
irq_handler_t.
Signed-Off-By: David Howells <dhowells@redhat.com>
(cherry picked from 1b16e7ac850969f38b375e511e3fa2f474a33867 commit)
A simple module to test Linux Kernel Dump mechanism. This module uses
jprobes to install/activate pre-defined crash points. At different crash
points, various types of crashing scenarios are created like a BUG(),
panic(), exception, recursive loop and stack overflow. The user can
activate a crash point with specific type by providing parameters at the
time of module insertion. Please see the file header for usage
information. The module is based on the Linux Kernel Dump Test Tool by
Fernando <http://lkdtt.sourceforge.net>.
This module could be merged with mainline. Jprobes is used here so that the
context in which crash point is hit, could be maintained. This implements
all the crash points as done by LKDTT except the one in the middle of
tasklet_action().
Signed-off-by: Ankita Garg <ankita@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
