The external GPIO interrupts of the ColdFire 5272 SoC are edge triggered,
unlike the internal interrupt sources (which are level triggered).
Add proper support for these interrupts.
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
The vector field of the processors exception frame actually contains
both the vector exception number and fault status field bits.
The exception processing code was not correctly masking out the
fault status field bits before switching on the vector number.
The default case was catching the bad check, but we are reporting
the wrong kind of exception in some cases.
Reported-by: Alexander Stein <alexander.stein@systec-electronic.com>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Replace EXTRA_CFLAGS with ccflags-y and EXTRA_AFLAGS with asflags-y.
Signed-off-by: matt mooney <mfm@muteddisk.com>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Serial lines on the MCF548x have really big fifos : 512 bytes.
Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Add a very basic mmu-less support for coldfire m548x family. This is perhaps
also valid for m547x family. The port comprises the serial, tick timer and
reboot support. The gpio part compiles but is empty. This gives a functional
albeit limited linux for the m548x coldfire family. This has been tested
on a Freescale M548xEVB Lite board with a M5484 processor and the default
dbug monitor.
Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
The use of __do_IRQ is deprecated, so lets stop using it.
Generally the interrupts on the supported processors here are
level triggered, so this is strait forward to switch over to
using the standard handle_level_irq flow handler. (Although
some ColdFire parts support edge triggered GPIO line interrupts
we have no support for them yet).
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
In m68k/m68knommu assembly files, the same value is called sometimes
PT_OFF_VECTOR, but more frequently PT_OFF_FORMATVEC. Standardize
name to PT_OFF_FORMATVEC.
Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
The Coldfire MCF547x/MCF548x have the same interrupt controller as
the MCF528x e.g., but only one, not two as in the MCF528x. Modify
intc-2.c to support only one interrupt controller if MCFICM_INTC1 is
not defined.
Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
m68k{nommu}/asm-offsets.c define many constants which are not used
anymore anywhere; remove IRQ_DEVID, IRQ_HANDLER, IRQ_NEXT, STAT_IRQ,
TASK_ACTIVE_MM, TASK_BLOCKED, TASK_FLAGS, TASK_PTRACE, TASK_STATE,
TASK_THREAD_INFO, TI_CPU, TI_EXECDOMAIN and TI_TASK.
Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
The chips lists were in commit logs, but should also be in source files.
This way it is easier to choose the right source file for a not yet
supported Coldfire.
Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
strace enabled is marked using the `flags' field of the `thread_info' struct.
68360 version of entry.S did test a wrong bit in a wrong structure
(task_struct).
68328 version of entry.S did test the right bit in the right structure,
but wrongly, because the `flags' field is 32 bit wide, while the used
assembler insn (btst) only accesses a 8 bit byte in memory.
Fix both using code already used in the coldfire version of entry.S
Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Currently m68knommu boards without RTC chip start with an unexpected
default date of 1999-11-30 (Actually the source asks for 2000-00-00)
Make that 1970-01-01 instead, as expected.
Signed-off-by: Philippe De Muyter <phdm@macqel.be>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
CONFIG_68328_SERIAL_UART2 doesn't exist in Kconfig, therefore removing
all references to it from the source.
Signed-off-by: Christian Dietrich <qy03fugy@stud.informatik.uni-erlangen.de>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
CONFIG_RAM_{16,32}_MB doesn't exist in Kconfig, therefore removing
all references to it from the source.
Signed-off-by: Christian Dietrich <qy03fugy@stud.informatik.uni-erlangen.de>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
CONFIG_M68KFPU_EMU doesn't exist in Kconfig, therefore removing
all references to it from the source. This Flags seems to exist only
on m68k with mmu, and this dead blocks are copy paste.
Signed-off-by: Christian Dietrich <qy03fugy@stud.informatik.uni-erlangen.de>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
CONFIG_RELOCATE doesn't exist in Kconfig, therefore removing
all references to it from the source.
Signed-off-by: Christian Dietrich <qy03fugy@stud.informatik.uni-erlangen.de>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
CONFIG_M68000 doesn't exist in Kconfig, therefore removing
all references to it from the source.
Signed-off-by: Christian Dietrich <qy03fugy@stud.informatik.uni-erlangen.de>
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
It has its uses in a domU as well as dom0. Xen will prevent an
unprivileged domain from doing anything untoward.
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
This allows xenfs to be built as a module, previously it required flush_tlb_all
and arbitrary_virt_to_machine to be exported.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
On error IOCTL_PRIVCMD_MMAPBATCH is expected to set the top nibble of
the effected MFN and return 0. Currently it leaves the MFN unmodified
and returns the number of failures. Therefore:
- reimplement remap_domain_mfn_range() using direct
HYPERVISOR_mmu_update() calls and small batches. The xen_set_domain_pte()
interface does not report errors and since some failures are
expected/normal using the multicall infrastructure is too noisy.
- return 0 as expected
- writeback the updated MFN list to mmapbatch->arr not over mmapbatch,
smashing the caller's stack.
- remap_domain_mfn_range can be static.
With this change I am able to start an HVM domain.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
xen_store_interface is needed by xenfs, and xenfs may be a module.
[ Impact: build fix for modular xenfs ]
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Test vma->vm_ops is our operations to make sure we created it.
We don't want to stomp on other random vmas.
[ Impact: bugfix; prevent ioctl from affecting other mappings ]
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
I don't think it matters at all in this case (there's only one caller
which checks the return value), but may as well be strictly correct.
[ Impact: cleanup ]
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
These are necessary to allow writeable mmap of the privcmd node to
succeed without being marked read-only for writenotify purposes. Which
in turn is necessary to allow mappings of foreign guest pages
[ Impact: bugfix: allow writable mappings ]
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
The privcmd interface in xenfs allows the tool stack in the privileged
domain to get fairly direct access to the hypervisor in order to do
various management things such as domain construction.
[ Impact: new xenfs interface for privileged operations ]
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Allow non-constant hypercall to be called, for privcmd.
[ Impact: make arbitrary hypercalls; needed for privcmd ]
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Add xen_set_domain_pte() to allow setting a pte mapping a page from
another domain. The common case is to map from DOMID_IO, the pseudo
domain which owns all IO pages, but will also be used in the privcmd
interface to map other domain pages.
[ Impact: new Xen-internal API for cross-domain mappings ]
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
These are used by the userspace xenstore daemon, which runs in dom0.
Xenstored is what's behind the xenfs "xenbus" filesystem.
[ Impact: provide mapping and port to usermode for xenstore ]
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
When CONFIG_NF_CONNTRACK_SECMARK is not set we accidentally attempt to use
the secmark fielf of struct nf_conn. Problem is when that config isn't set
the field doesn't exist. whoops. Wrap the incorrect usage in the config.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
/selinux/policy allows a user to copy the policy back out of the kernel.
This patch allows userspace to actually mmap that file and use it directly.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
There is interest in being able to see what the actual policy is that was
loaded into the kernel. The patch creates a new selinuxfs file
/selinux/policy which can be read by userspace. The actual policy that is
loaded into the kernel will be written back out to userspace.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
AVTAB_MAX_SIZE was a define which was supposed to be used in userspace to
define a maximally sized avtab when userspace wasn't sure how big of a table
it needed. It doesn't make sense in the kernel since we always know our table
sizes. The only place it is used we have a more appropiately named define
called AVTAB_MAX_HASH_BUCKETS, use that instead.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Range transition rules are placed in the hash table in an (almost)
arbitrary order. This patch inserts them in a fixed order to make policy
retrival more predictable.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Currently the roundup macro references it's arguments more than one time.
This patch changes it so it will only use its arguments once.
Suggested-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
The roundup() helper function will round a given value up to a multiple of
another given value. aka roundup(11, 7) would give 14 = 7 * 2. This new
function does the opposite. It will round a given number down to the
nearest multiple of the second number: rounddown(11, 7) would give 7.
I need this in some future SELinux code and can carry the macro myself, but
figured I would put it in the core kernel so others might find and use it
if need be.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
The current secmark code exports a secmark= field which just indicates if
there is special labeling on a packet or not. We drop this field as it
isn't particularly useful and instead export a new field secctx= which is
the actual human readable text label.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
The conntrack code can export the internal secid to userspace. These are
dynamic, can change on lsm changes, and have no meaning in userspace. We
should instead be sending lsm contexts to userspace instead. This patch sends
the secctx (rather than secid) to userspace over the netlink socket. We use a
new field CTA_SECCTX and stop using the the old CTA_SECMARK field since it did
not send particularly useful information.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
With the (long ago) interface change to have the secid_to_secctx functions
do the string allocation instead of having the caller do the allocation we
lost the ability to query the security server for the length of the
upcoming string. The SECMARK code would like to allocate a netlink skb
with enough length to hold the string but it is just too unclean to do the
string allocation twice or to do the allocation the first time and hold
onto the string and slen. This patch adds the ability to call
security_secid_to_secctx() with a NULL data pointer and it will just set
the slen pointer.
Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Right now secmark has lots of direct selinux calls. Use all LSM calls and
remove all SELinux specific knowledge. The only SELinux specific knowledge
we leave is the mode. The only point is to make sure that other LSMs at
least test this generic code before they assume it works. (They may also
have to make changes if they do not represent labels as strings)
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: James Morris <jmorris@namei.org>
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for
netfilter errors. In xt_SECMARK.c however the patch screwed up and returned
on 0 (aka no error) early and didn't finish setting up secmark. This results
in a kernel BUG if you use SECMARK.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
Actually I think in this case the appropriate thing to do is to BUG as there
is currently a case (remove) where the alloc_size needs to be larger than
the copy_size, and if copy_size is ever greater than alloc_size there is
a mistake in the caller code.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: James Morris <jmorris@namei.org>
Configuration files for TOMOYO 2.3 are not compatible with TOMOYO 2.2.
But current panic() message is too unfriendly and is confusing users.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: James Morris <jmorris@namei.org>
All security modules shouldn't change sched_param parameter of
security_task_setscheduler(). This is not only meaningless, but also
make a harmful result if caller pass a static variable.
This patch remove policy and sched_param parameter from
security_task_setscheduler() becuase none of security module is
using it.
Cc: James Morris <jmorris@namei.org>
Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Signed-off-by: James Morris <jmorris@namei.org>
Fix the following warning:
drivers/char/tpm/tpm.c:1085: warning: `tpm_suspend_setup' defined but not used
and make the workaround operable in case when TPM is compiled as a module.
As a side-effect the option will be called tpm.suspend_pcr.
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Cc: Rajiv Andrade <srajiv@linux.vnet.ibm.com>
Cc: David Safford <safford@watson.ibm.com>
Cc: James Morris <jmorris@namei.org>
Cc: Debora Velarde <debora@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: James Morris <jmorris@namei.org>
This patch fixes up coding-style problem at this commit:
4f27a7d49789b04404eca26ccde5f527231d01d5
selinux: fast status update interface (/selinux/status)
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Signed-off-by: James Morris <jmorris@namei.org>
