Linux on HP PA-RISC development discussion ()

Helge Deller | 2 Aug 2010 22:46

Picon

Picon

Re: [Security] [PATCH] bug in led_proc_write()

* Andrew Morton <akpm <at> linux-foundation.org>:
> On Sat, 10 Nov 2007 23:50:29 +0100 Ilja <ilja <at> netric.org> wrote:
> > When reading some of the parisc driver code I stumbled on a bug in
> > led_proc_write() in drivers/parisc/led.c
> > the code looks like:
> > 
> > 182 static int led_proc_write(struct file *file, const char *buf, 
> > 183         unsigned long count, void *data)
> > 184 {
> > 185         char *cur, lbuf[count + 1];
> > 186         int d;
> > 187
> > 188         if (!capable(CAP_SYS_ADMIN))
> > 189                 return -EACCES;
> > ....
> > 235 }
> > 
> > the problem being that the stack is limited and count is not (except for the
> > MAX_INT check done in sys_write() I guess). this could lead to stack
> > corruption (when for example calling capable()). 
> 
> yes, and the bug's still there.  It allows a writer to /proc/pdc/led(?)
> to cause the kernel to consume an unbounded amount of stack. 

Ilja, Andrew,

Thanks for the bug report.
Below is a patch to fix this issue.

Kyle, please apply to the parisc git tree.

(Continue reading)

Kyle McMartin | 3 Aug 2010 15:31

Picon

Re: [Security] [PATCH] bug in led_proc_write()

On Mon, Aug 02, 2010 at 10:46:41PM +0200, Helge Deller wrote:
> Kyle, please apply to the parisc git tree.
> 

Please send this straight to Linus with my
Signed-off-by: Kyle McMartin <kyle <at> mcmartin.ca>

I don't want to accidentally mis-place it again this summer.

--Kyle

> Helge
> 
> -----------
> [PARISC] led.c - fix potential stack overflow in led_proc_write()
> 
> avoid potential stack overflow by correctly checking count parameter
> 
> Signed-off-by: Helge Deller <deller <at> gmx.de>
> 
> 
> diff --git a/drivers/parisc/led.c b/drivers/parisc/led.c
> index 188bc84..d02be78 100644
> --- a/drivers/parisc/led.c
> +++ b/drivers/parisc/led.c
>  <at>  <at>  -176,16 +176,18  <at>  <at>  static ssize_t led_proc_write(struct file *file, const char *buf,
>  	size_t count, loff_t *pos)
>  {
>  	void *data = PDE(file->f_path.dentry->d_inode)->data;
> -	char *cur, lbuf[count + 1];

(Continue reading)

James Bottomley | 3 Aug 2010 18:11

Re: [PATCH 07/11] parisc: superio: do not use PCI resources before pci_enable_device()

On Tue, 2010-08-03 at 19:44 +0400, Kulikov Vasiliy wrote:
>  drivers/parisc/superio.c |    5 +++--
>  1 files changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/parisc/superio.c b/drivers/parisc/superio.c
> index f7806d8..c8a36a2 100644
> --- a/drivers/parisc/superio.c
> +++ b/drivers/parisc/superio.c
>  <at>  <at>  -169,8 +169,6  <at>  <at>  superio_init(struct pci_dev *pcidev)
>  	/* ...then properly fixup the USB to point at suckyio PIC */
>  	sio->usb_pdev->irq = superio_fixup_irq(sio->usb_pdev);
>  
> -	printk(KERN_INFO PFX "Found NS87560 Legacy I/O device at %s (IRQ %i)\n",
> -	       pci_name(pdev), pdev->irq);
>  
>  	pci_read_config_dword (pdev, SIO_SP1BAR, &sio->sp1_base);
>  	sio->sp1_base &= ~1;
>  <at>  <at>  -204,6 +202,9  <at>  <at>  superio_init(struct pci_dev *pcidev)
>  	ret = pci_enable_device(pdev);
>  	BUG_ON(ret < 0);	/* not too much we can do about this... */
>  
> +	printk(KERN_INFO PFX "Found NS87560 Legacy I/O device at %s (IRQ %i)\n",
> +	       pci_name(pdev), pdev->irq);
> +
>  	/*
>  	 * Next project is programming the onboard interrupt controllers.
>  	 * PDC hasn't done this for us, since it's using polled I/O.

This really makes no sense; we want the information printed before we
start all the discovery prints, not after.  I assume lots of

(Continue reading)

Vasiliy Kulikov | 3 Aug 2010 18:35

Picon

Re: [PATCH 07/11] parisc: superio: do not use PCI resources before pci_enable_device()

On Tue, Aug 03, 2010 at 11:11 -0500, James Bottomley wrote:
> On Tue, 2010-08-03 at 19:44 +0400, Kulikov Vasiliy wrote:
> >  drivers/parisc/superio.c |    5 +++--
> >  1 files changed, 3 insertions(+), 2 deletions(-)
> > 
> > diff --git a/drivers/parisc/superio.c b/drivers/parisc/superio.c
> > index f7806d8..c8a36a2 100644
> > --- a/drivers/parisc/superio.c
> > +++ b/drivers/parisc/superio.c
> >  <at>  <at>  -169,8 +169,6  <at>  <at>  superio_init(struct pci_dev *pcidev)
> >  	/* ...then properly fixup the USB to point at suckyio PIC */
> >  	sio->usb_pdev->irq = superio_fixup_irq(sio->usb_pdev);
> >  
> > -	printk(KERN_INFO PFX "Found NS87560 Legacy I/O device at %s (IRQ %i)\n",
> > -	       pci_name(pdev), pdev->irq);
> >  
> >  	pci_read_config_dword (pdev, SIO_SP1BAR, &sio->sp1_base);
> >  	sio->sp1_base &= ~1;
> >  <at>  <at>  -204,6 +202,9  <at>  <at>  superio_init(struct pci_dev *pcidev)
> >  	ret = pci_enable_device(pdev);
> >  	BUG_ON(ret < 0);	/* not too much we can do about this... */
> >  
> > +	printk(KERN_INFO PFX "Found NS87560 Legacy I/O device at %s (IRQ %i)\n",
> > +	       pci_name(pdev), pdev->irq);
> > +
> >  	/*
> >  	 * Next project is programming the onboard interrupt controllers.
> >  	 * PDC hasn't done this for us, since it's using polled I/O.
> 
> This really makes no sense; we want the information printed before we

(Continue reading)

James Bottomley | 3 Aug 2010 18:38

Re: [PATCH 07/11] parisc: superio: do not use PCI resources before pci_enable_device()

On Tue, 2010-08-03 at 20:35 +0400, Vasiliy Kulikov wrote:
> On Tue, Aug 03, 2010 at 11:11 -0500, James Bottomley wrote:
> > On Tue, 2010-08-03 at 19:44 +0400, Kulikov Vasiliy wrote:
> > >  drivers/parisc/superio.c |    5 +++--
> > >  1 files changed, 3 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/drivers/parisc/superio.c b/drivers/parisc/superio.c
> > > index f7806d8..c8a36a2 100644
> > > --- a/drivers/parisc/superio.c
> > > +++ b/drivers/parisc/superio.c
> > >  <at>  <at>  -169,8 +169,6  <at>  <at>  superio_init(struct pci_dev *pcidev)
> > >  	/* ...then properly fixup the USB to point at suckyio PIC */
> > >  	sio->usb_pdev->irq = superio_fixup_irq(sio->usb_pdev);
> > >  
> > > -	printk(KERN_INFO PFX "Found NS87560 Legacy I/O device at %s (IRQ %i)\n",
> > > -	       pci_name(pdev), pdev->irq);
> > >  
> > >  	pci_read_config_dword (pdev, SIO_SP1BAR, &sio->sp1_base);
> > >  	sio->sp1_base &= ~1;
> > >  <at>  <at>  -204,6 +202,9  <at>  <at>  superio_init(struct pci_dev *pcidev)
> > >  	ret = pci_enable_device(pdev);
> > >  	BUG_ON(ret < 0);	/* not too much we can do about this... */
> > >  
> > > +	printk(KERN_INFO PFX "Found NS87560 Legacy I/O device at %s (IRQ %i)\n",
> > > +	       pci_name(pdev), pdev->irq);
> > > +
> > >  	/*
> > >  	 * Next project is programming the onboard interrupt controllers.
> > >  	 * PDC hasn't done this for us, since it's using polled I/O.
> >

(Continue reading)

John David Anglin | 4 Aug 2010 02:24

Picon

Re: Fwd: [PATCH] parisc: pass through '\t' to early (iodc) console

On Sun, 18 Jul 2010, Kyle McMartin wrote:

> I'll resend it in the morning.

Unfortunately, the change doesn't appear in the release.

Dave
--

-- 
J. David Anglin                                  dave.anglin <at> nrc-cnrc.gc.ca
National Research Council of Canada              (613) 990-0752 (FAX: 952-6602)
--
To unsubscribe from this list: send the line "unsubscribe linux-parisc" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Kyle McMartin | 4 Aug 2010 02:38

Picon

[PATCH] parisc: pass through '\t' to early (iodc) console

The firmware handles '\t' internally, so stop trying to emulate it
(which, incidentally, had a bug in it.)

Fixes a really weird hang at bootup in rcu_bootup_announce, which,
as far as I can tell, is the first printk in the core kernel to use
a tab as the first character.

Cc: stable <at> kernel.org
Signed-off-by: Kyle McMartin <kyle <at> parisc-linux.org>
---

Oops, looks like this slipped through the cracks in my summer
vacation. Resending for 2.6.36 and stable kernels...

 arch/parisc/kernel/firmware.c |   12 ++----------
 1 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/arch/parisc/kernel/firmware.c b/arch/parisc/kernel/firmware.c
index 4c247e0..df971fa 100644
--- a/arch/parisc/kernel/firmware.c
+++ b/arch/parisc/kernel/firmware.c
 <at>  <at>  -1123,7 +1123,6  <at>  <at>  static char __attribute__((aligned(64))) iodc_dbuf[4096];
  */
 int pdc_iodc_print(const unsigned char *str, unsigned count)
 {
-	static int posx;        /* for simple TAB-Simulation... */
 	unsigned int i;
 	unsigned long flags;

 <at>  <at>  -1133,19 +1132,12  <at>  <at>  int pdc_iodc_print(const unsigned char *str, unsigned count)

(Continue reading)

Denys Vlasenko | 6 Aug 2010 04:18

Re: [PATCH 2/4] module linker script: coalesce function and data sections

On Tuesday 03 August 2010 15:47, Michal Marek wrote:
> On 29.7.2010 01:47, Denys Vlasenko wrote:
> >  SECTIONS {
> > +
> > +	/* Coalesce sections produced by gcc -ffunction-sections */
> > +	.text   0 : AT(0) { *(.text .text.[A-Za-z0-9_$^]*) }
> > +
> > +	/* Coalesce sections produced by gcc -fdata-sections */
> > +	.rodata 0 : AT(0) { *(.rodata .rodata.[A-Za-z0-9_$^]*) }
> > +	.data   0 : AT(0) { *(.data .data.[A-Za-z0-9_$^]*) }
> > +	.bss    0 : AT(0) { *(.bss .bss.[A-Za-z0-9_$^]*) }
> > +
> >  	/DISCARD/ : { *(.discard) }
> >  }
> 
> I'm now getting
> 
> ld:/home/mmarek/linux-2.6/scripts/module-common.lds:23: ignoring invalid
> character `^' in script
> ld:/home/mmarek/linux-2.6/scripts/module-common.lds:26: ignoring invalid
> character `^' in script
> ld:/home/mmarek/linux-2.6/scripts/module-common.lds:27: ignoring invalid
> character `^' in script
> ld:/home/mmarek/linux-2.6/scripts/module-common.lds:28: ignoring invalid
> character `^' in script
> 
> when linking modules and a similar warning when linking vmlinux (caused
> by the next patch in series). I tried writing the carets as \^, but that
> doesn't help at all...

(Continue reading)

Guy Martin | 6 Aug 2010 14:02

Picon

[PATCH] HPPA : Define all the hppa specific _CLOEXEC and _NONBLOCK values

The following patch adds hppa specific files that define the various _CLOEXEC and
_NONBLOCK values in order to match the ones from the kernel.

Signed-off-by: Guy Martin <gmsoft <at> tuxicoman.be>
---
 ChangeLog.hppa                                    |   13 ++
 ports/sysdeps/unix/sysv/linux/hppa/sys/epoll.h    |  144 +++++++++++++++++++++
 ports/sysdeps/unix/sysv/linux/hppa/sys/eventfd.h  |   54 ++++++++
 ports/sysdeps/unix/sysv/linux/hppa/sys/inotify.h  |  105 +++++++++++++++
 ports/sysdeps/unix/sysv/linux/hppa/sys/signalfd.h |   66 ++++++++++
 ports/sysdeps/unix/sysv/linux/hppa/sys/timerfd.h  |   60 +++++++++
 6 files changed, 442 insertions(+), 0 deletions(-)

diff --git a/ChangeLog.hppa b/ChangeLog.hppa
index 2ccc911..fb5d803 100644
--- a/ChangeLog.hppa
+++ b/ChangeLog.hppa
 <at>  <at>  -1,3 +1,16  <at>  <at> 
+2010-08-06  Guy Martin <gmsoft <at> tuxicoman.be>
+
+	* ports/sysdeps/unix/sysv/linux/hppa/sys/epoll.h
+	Fix EPOLL_CLOEXEC and EPOLL_NONBLOCK to match kernel definition.
+	* ports/sysdeps/unix/sysv/linux/hppa/sys/eventfd.h
+	Fix EFD_CLOEXEC and EFD_NONBLOCK to match kernel definition.
+	* ports/sysdeps/unix/sysv/linux/hppa/sys/inotify.h
+	Fix IN_CLOEXEC and IN_NONBLOCK to match kernel definition.
+	* ports/sysdeps/unix/sysv/linux/hppa/sys/signalfd.h
+	Fix SFD_CLOEXEC and SFD_NONBLOCK to match kernel definition.
+	* ports/sysdeps/unix/sysv/linux/hppa/sys/timerfd.h
+	Fix TFD_CLOEXEC and TFD_NONBLOCK to match kernel definition.

(Continue reading)

Guy Martin | 6 Aug 2010 16:44

Picon

Re: [PATCH] HPPA : Define all the hppa specific _CLOEXEC and _NONBLOCK values

On Fri, 6 Aug 2010 10:34:12 -0400
"Carlos O'Donell" <carlos <at> systemhalted.org> wrote:
> 
> Is this because hppa doesn't use the same values as x86 and the only
> way to get your own values is to modify your own copies of said files?

As far as I can see, yes. Alpha is doing exactly the same thing.

Maybe a better fix would be to have glibc derive the value of all the
_CLOEXEC and _NONBLOCK from O_CLOEXEC and O_NONBLOCK instead of each
having its own copy. This is how they are defined in the kernel anyway.

Cheers,
  Guy
--
To unsubscribe from this list: send the line "unsubscribe linux-parisc" in
the body of a message to majordomo <at> vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Group

gmane.linux.ports.parisc.

Project Web Page

Linux on HP PA-RISC development discussion ()

Search Archive

Page

1 | 2 | 3 | 4

Articles in period: 37

August 2010

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

[PATCH] parisc: fix irq stack on UP and SMP (23 May 2013)
Compliments Of The Day / Your Response!!!! (22 May 2013)
[PATCH] parisc/superio: Use module_pci_driver to register driver (20 May 2013)
[PATCH] parisc: make interrupt and interruption stack allocation reent (20 May 2013)
[PATCH] parisc: use arch_spinlock_t instead of raw_spinlock_t in irqst (19 May 2013)
[PATCH] parisc: show number of FPE and unaligned access handler calls (18 May 2013)
[PATCH] parisc: add additional parisc git tree to MAINTAINERS file (16 May 2013)
[PATCH] parisc: use PAGE_SHIFT instead of hardcoded value 12 in pacach (16 May 2013)
[PATCH] parisc: add rp5470 entry to machine database (16 May 2013)
[PATCH] parisc: use long branch in fork_like macro (16 May 2013)
[PATCH] parisc: fix SMP races when updating PTE and TLB entries in ent (16 May 2013)
[PATCH] parisc: only re-enable interrupts if we need to schedule or de (16 May 2013)
[GIT PULL] parisc updates for v3.10 (13 May 2013)
[PATCH] parisc: make default cross compiler search more robust (v3) (11 May 2013)
[PATCH] parisc: fix SMP races when updating PTE and TLB entries in ent (11 May 2013)
[PATCH] parisc: make default cross compiler search more robust (9 May 2013)
[PATCH] parisc: implement irq stacks - part 2 (9 May 2013)
[PATCH] parisc: avoid WARNING: at kernel/cpu/idle.c:96 (8 May 2013)
[RFC] [PATCH] parisc: use Page Deallocation Table from firmware to exc (8 May 2013)
dringender Vorschlag (8 May 2013)
[GIT PULL] parisc updates for v3.10 (8 May 2013)

Archives

69	May 2013
84	April 2013
27	March 2013
68	February 2013
29	January 2013
15	December 2012
20	November 2012
56	October 2012
23	September 2012
25	August 2012
9	July 2012
19	June 2012
150	May 2012
25	April 2012
19	March 2012
61	February 2012
39	January 2012
22	December 2011
12	November 2011
53	October 2011
26	September 2011
20	August 2011
69	July 2011
36	June 2011
54	May 2011
112	April 2011
42	March 2011
69	February 2011
37	January 2011
52	December 2010
55	November 2010
85	October 2010
23	September 2010
37	August 2010
17	July 2010
83	June 2010
62	May 2010
75	April 2010
57	March 2010
50	February 2010
62	January 2010
120	December 2009
75	November 2009
60	October 2009
124	September 2009
116	August 2009
130	July 2009
126	June 2009
112	May 2009
157	April 2009
92	March 2009
88	February 2009
174	January 2009
187	December 2008
66	November 2008
18	October 2008
111	September 2008
114	August 2008
98	July 2008
114	June 2008
72	May 2008
42	April 2008
106	March 2008
55	February 2008
30	January 2008
60	December 2007

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template