diff options
author | Jack Steiner <steiner@sgi.com> | 2009-06-18 01:28:34 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-06-18 22:04:04 +0200 |
commit | 2b702b28addc0f9eb2f37148f0b99f546cadd30a (patch) | |
tree | 9313d3f09de281de0291baa77bc4f5d0057b4b8d /drivers/misc/sgi-gru/grukdump.c | |
parent | gru: fix potential use-after-free when purging GRU tlbs (diff) | |
download | linux-2b702b28addc0f9eb2f37148f0b99f546cadd30a.tar.xz linux-2b702b28addc0f9eb2f37148f0b99f546cadd30a.zip |
gru: fixes to grudump utility
Minor fixes to the SGI GRU grudump facility:
- fix address where user data is written
- add gru number to data passed to user
- indicate if context is locked
Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/misc/sgi-gru/grukdump.c')
-rw-r--r-- | drivers/misc/sgi-gru/grukdump.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/drivers/misc/sgi-gru/grukdump.c b/drivers/misc/sgi-gru/grukdump.c index 7b1bdf3906ba..0f9dd3e64b57 100644 --- a/drivers/misc/sgi-gru/grukdump.c +++ b/drivers/misc/sgi-gru/grukdump.c @@ -26,7 +26,7 @@ static int gru_user_copy_handle(void __user **dp, void *s) { - if (copy_to_user(dp, s, GRU_HANDLE_BYTES)) + if (copy_to_user(*dp, s, GRU_HANDLE_BYTES)) return -1; *dp += GRU_HANDLE_BYTES; return 0; @@ -109,7 +109,7 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum, { struct gru_dump_context_header hdr; struct gru_dump_context_header __user *uhdr = ubuf; - struct gru_context_configuration_handle *cch; + struct gru_context_configuration_handle *cch, *ubufcch; struct gru_thread_state *gts; int try, cch_locked, cbrcnt = 0, dsrcnt = 0, bytes = 0, ret = 0; void *grubase; @@ -125,8 +125,11 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum, } ubuf += sizeof(hdr); + ubufcch = ubuf; if (gru_user_copy_handle(&ubuf, cch)) goto fail; + if (cch_locked) + ubufcch->delresp = 0; bytes = sizeof(hdr) + GRU_CACHE_LINE_BYTES; if (cch_locked || !lock_cch) { @@ -155,6 +158,7 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum, return ret; hdr.magic = GRU_DUMP_MAGIC; + hdr.gid = gru->gs_gid; hdr.ctxnum = ctxnum; hdr.cbrcnt = cbrcnt; hdr.dsrcnt = dsrcnt; |