summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorJack Steiner <steiner@sgi.com>2009-06-18 01:28:34 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2009-06-18 22:04:04 +0200
commit2b702b28addc0f9eb2f37148f0b99f546cadd30a (patch)
tree9313d3f09de281de0291baa77bc4f5d0057b4b8d /drivers
parentgru: fix potential use-after-free when purging GRU tlbs (diff)
downloadlinux-2b702b28addc0f9eb2f37148f0b99f546cadd30a.tar.xz
linux-2b702b28addc0f9eb2f37148f0b99f546cadd30a.zip
gru: fixes to grudump utility
Minor fixes to the SGI GRU grudump facility: - fix address where user data is written - add gru number to data passed to user - indicate if context is locked Signed-off-by: Jack Steiner <steiner@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/misc/sgi-gru/grukdump.c8
-rw-r--r--drivers/misc/sgi-gru/grulib.h4
2 files changed, 8 insertions, 4 deletions
diff --git a/drivers/misc/sgi-gru/grukdump.c b/drivers/misc/sgi-gru/grukdump.c
index 7b1bdf3906ba..0f9dd3e64b57 100644
--- a/drivers/misc/sgi-gru/grukdump.c
+++ b/drivers/misc/sgi-gru/grukdump.c
@@ -26,7 +26,7 @@
static int gru_user_copy_handle(void __user **dp, void *s)
{
- if (copy_to_user(dp, s, GRU_HANDLE_BYTES))
+ if (copy_to_user(*dp, s, GRU_HANDLE_BYTES))
return -1;
*dp += GRU_HANDLE_BYTES;
return 0;
@@ -109,7 +109,7 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum,
{
struct gru_dump_context_header hdr;
struct gru_dump_context_header __user *uhdr = ubuf;
- struct gru_context_configuration_handle *cch;
+ struct gru_context_configuration_handle *cch, *ubufcch;
struct gru_thread_state *gts;
int try, cch_locked, cbrcnt = 0, dsrcnt = 0, bytes = 0, ret = 0;
void *grubase;
@@ -125,8 +125,11 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum,
}
ubuf += sizeof(hdr);
+ ubufcch = ubuf;
if (gru_user_copy_handle(&ubuf, cch))
goto fail;
+ if (cch_locked)
+ ubufcch->delresp = 0;
bytes = sizeof(hdr) + GRU_CACHE_LINE_BYTES;
if (cch_locked || !lock_cch) {
@@ -155,6 +158,7 @@ static int gru_dump_context(struct gru_state *gru, int ctxnum,
return ret;
hdr.magic = GRU_DUMP_MAGIC;
+ hdr.gid = gru->gs_gid;
hdr.ctxnum = ctxnum;
hdr.cbrcnt = cbrcnt;
hdr.dsrcnt = dsrcnt;
diff --git a/drivers/misc/sgi-gru/grulib.h b/drivers/misc/sgi-gru/grulib.h
index a484a9fee3ce..889bc442a3e8 100644
--- a/drivers/misc/sgi-gru/grulib.h
+++ b/drivers/misc/sgi-gru/grulib.h
@@ -120,7 +120,7 @@ struct gru_flush_tlb_req {
enum {dcs_pid, dcs_gid};
struct gru_dump_chiplet_state_req {
unsigned int op;
- int gid;
+ unsigned int gid;
int ctxnum;
char data_opt;
char lock_cch;
@@ -134,7 +134,7 @@ struct gru_dump_chiplet_state_req {
#define GRU_DUMP_MAGIC 0x3474ab6c
struct gru_dump_context_header {
unsigned int magic;
- unsigned char gid;
+ unsigned int gid;
unsigned char ctxnum;
unsigned char cbrcnt;
unsigned char dsrcnt;