diff options
author | Jack Steiner <steiner@sgi.com> | 2009-06-18 01:28:34 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-06-18 22:04:04 +0200 |
commit | 2b702b28addc0f9eb2f37148f0b99f546cadd30a (patch) | |
tree | 9313d3f09de281de0291baa77bc4f5d0057b4b8d /drivers/misc | |
parent | gru: fix potential use-after-free when purging GRU tlbs (diff) | |
download | linux-2b702b28addc0f9eb2f37148f0b99f546cadd30a.tar.xz linux-2b702b28addc0f9eb2f37148f0b99f546cadd30a.zip |
gru: fixes to grudump utility
Minor fixes to the SGI GRU grudump facility:
- fix address where user data is written
- add gru number to data passed to user
- indicate if context is locked
Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/misc')
-rw-r--r-- | drivers/misc/sgi-gru/grukdump.c | 8 | ||||
-rw-r--r-- | drivers/misc/sgi-gru/grulib.h | 4 |
2 files changed, 8 insertions, 4 deletions
diff --git a/drivers/misc/sgi-gru/grukdump.c b/drivers/misc/sgi-gru/grukdump.c index 7b1bdf3906ba..0f9dd3e64b57 100644 --- a/drivers/misc/sgi-gru/grukdump.c +++ b/drivers/misc/sgi-gru/grukdump.c @@ -26,7 +26,7 @@ static int gru_user_copy_handle(void __user **dp, void *s) { - if (copy_to_user(dp, s, GRU_HANDLE_BYTES)) + if (copy_to_user(*dp, s, GRU_HANDLE_BYTES)) return -1; *dp += GRU_HANDLE_BYTES; return 0; @@ -109,7 +109,7 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum, { struct gru_dump_context_header hdr; struct gru_dump_context_header __user *uhdr = ubuf; - struct gru_context_configuration_handle *cch; + struct gru_context_configuration_handle *cch, *ubufcch; struct gru_thread_state *gts; int try, cch_locked, cbrcnt = 0, dsrcnt = 0, bytes = 0, ret = 0; void *grubase; @@ -125,8 +125,11 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum, } ubuf += sizeof(hdr); + ubufcch = ubuf; if (gru_user_copy_handle(&ubuf, cch)) goto fail; + if (cch_locked) + ubufcch->delresp = 0; bytes = sizeof(hdr) + GRU_CACHE_LINE_BYTES; if (cch_locked || !lock_cch) { @@ -155,6 +158,7 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum, return ret; hdr.magic = GRU_DUMP_MAGIC; + hdr.gid = gru->gs_gid; hdr.ctxnum = ctxnum; hdr.cbrcnt = cbrcnt; hdr.dsrcnt = dsrcnt; diff --git a/drivers/misc/sgi-gru/grulib.h b/drivers/misc/sgi-gru/grulib.h index a484a9fee3ce..889bc442a3e8 100644 --- a/drivers/misc/sgi-gru/grulib.h +++ b/drivers/misc/sgi-gru/grulib.h @@ -120,7 +120,7 @@ struct gru_flush_tlb_req { enum {dcs_pid, dcs_gid}; struct gru_dump_chiplet_state_req { unsigned int op; - int gid; + unsigned int gid; int ctxnum; char data_opt; char lock_cch; @@ -134,7 +134,7 @@ struct gru_dump_chiplet_state_req { #define GRU_DUMP_MAGIC 0x3474ab6c struct gru_dump_context_header { unsigned int magic; - unsigned char gid; + unsigned int gid; unsigned char ctxnum; unsigned char cbrcnt; unsigned char dsrcnt; |