| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
These would result in KERN_<level> actually getting printed.
Signed-off-by: Joe Perches <[email protected]>
To: Jiri Kosina <[email protected]>
Cc: [email protected]
Cc: [email protected]
Patchwork: https://patchwork.linux-mips.org/patch/1581/
Signed-off-by: Ralf Baechle <[email protected]>
|
|
No rubbish printks - those belong to userspace. The halt function now
actually halts the system and the poweroff function was deleted because
it didn't actually power down the system.
Signed-off-by: Ralf Baechle <[email protected]>
|
|
This prevents the GIC code from being reusable sanely.
Signed-off-by: Ralf Baechle <[email protected]>
|
|
Only VSMP was known as SMVP and generally the help text was too short to
be helpful.
Signed-off-by: Ralf Baechle <[email protected]>
|
|
This only matters for ISA devices with a 24-bit DMA limit or for devices
with a 32-bit DMA limit on systems with ZONE_DMA32 enabled. The latter
currently only affects 32-bit PCI cards on Sibyte-based systems with more
than 1GB RAM installed.
Signed-off-by: Ralf Baechle <[email protected]>
|
|
_TIF_WORK_MASK false had _TIF_SYSCALL_AUDIT set. If a thread's
_TIF_SYSCALL_AUDIT is ever set this will lead to an endless loop on the
way out from a syscall.
Currently this is only a theoretic bug as init/Kconfig doesn't allow
AUDIT_SYSCALL to be enabled for MIPS.
Signed-off-by: Ralf Baechle <[email protected]>
|
|
Signed-off-by: Ralf Baechle <[email protected]>
|
|
This patch adds an config switch to determine if we need to build some
workaround helper files.
The staging driver octeon-ethernet references some symbols which are only
built when PCI is enabled. The new config switch enables these symbols in
bothe cases.
Signed-off-by: Andreas Bießmann <[email protected]>
To: [email protected]
Cc: Andreas Bießmann <[email protected]>
Cc: [email protected]
Patchwork: https://patchwork.linux-mips.org/patch/1543/
Acked-by: David Daney <[email protected]>
Signed-off-by: Ralf Baechle <[email protected]>
|
|
The 64-bit kernel has already had its atomic64 functions. Except for that,
we use the generic spinlocked version. The atomic64 types and related
functions are needed for the Linux performance counter subsystem.
Signed-off-by: Deng-Cheng Zhu <[email protected]>
To: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Patchwork: https://patchwork.linux-mips.org/patch/1361/
Acked-by: David Daney <[email protected]>
Signed-off-by: Ralf Baechle <[email protected]>
|
|
Signed-off-by: Ricardo Mendoza <[email protected]>
To: [email protected]
Patchwork: https://patchwork.linux-mips.org/patch/1540/
Signed-off-by: Ralf Baechle <[email protected]>
|
|
Indent the branch of an if.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@r disable braces4@
position p1,p2;
statement S1,S2;
@@
(
if (...) { ... }
|
if (...) S1@p1 S2@p2
)
@script:python@
p1 << r.p1;
p2 << r.p2;
@@
if (p1[0].column == p2[0].column):
cocci.print_main("branch",p1)
cocci.print_secs("after",p2)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
To: [email protected]
To: [email protected]
To: [email protected]
Patchwork: https://patchwork.linux-mips.org/patch/1539/
Signed-off-by: Ralf Baechle <[email protected]>
|
|
"Userpace" -> "Userspace"
Signed-off-by: Andrea Gelmini <[email protected]>
Cc: Andrea Gelmini <[email protected]>
Cc: Jason Wessel <[email protected]>
Cc: Martin Hicks <[email protected]>
Cc: [email protected]
Patchwork: https://patchwork.linux-mips.org/patch/1536/
Signed-off-by: Ralf Baechle <[email protected]>
|
|
Both python_scripting_ops and perl_scripting_ops have two global definitions.
One in trace-event-scripting.c and one in their respective scripting-engine
modules.
The issue is that depending on the linker order one definition or the other
is chosen. One is uninitialized (bss), while the other is initialized. If
the uninitialized version is chosen, then perf does not function properly.
This patch fixes this by adding the extern prefix to the definitions in
trace-event-scripting.c.
Cc: David S. Miller <[email protected]>
Cc: Frederic Weisbecker <[email protected]>
Cc: Ingo Molnar <[email protected]>
Cc: Paul Mackerras <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Robert Richter <[email protected]>
LKML-Reference: <[email protected]>
Signed-off-by: Stephane Eranian <[email protected]>
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
|
|
There a typo in util/ui/browsers/hists.c that leads to a segfault when you
press the 'a' key on a non-resolved symbol (plain hex address).
LKML-Reference: <20100923201901.GE31726@gambetta>
Signed-off-by: Frederik Deweerdt <[email protected]>
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
|
|
The patch ecafda6 introduced a problem where all object files would be
always rebuilt, fix it by using:
http://www.gnu.org/software/make/manual/html_node/Prerequisite-Types.html
Reported-by: Arnaldo Carvalho de Melo <[email protected]>
Cc: Bernd Petrovitsch <[email protected]>
Signed-off-by: Kusanagi Kouichi <[email protected]>
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
|
|
We currently use struct backing_dev_info for various different purposes.
Originally it was introduced to describe a backing device which includes
an unplug and congestion function and various bits of readahead information
and VM-relevant flags. We're also using for tracking dirty inodes for
writeback.
To make writeback properly find all inodes we need to only access the
per-filesystem backing_device pointed to by the superblock in ->s_bdi
inside the writeback code, and not the instances pointeded to by
inode->i_mapping->backing_dev which can be overriden by special devices
or might not be set at all by some filesystems.
Long term we should split out the writeback-relevant bits of struct
backing_device_info (which includes more than the current bdi_writeback)
and only point to it from the superblock while leaving the traditional
backing device as a separate structure that can be overriden by devices.
The one exception for now is the block device filesystem which really
wants different writeback contexts for it's different (internal) inodes
to handle the writeout more efficiently. For now we do this with
a hack in fs-writeback.c because we're so late in the cycle, but in
the future I plan to replace this with a superblock method that allows
for multiple writeback contexts per filesystem.
Signed-off-by: Christoph Hellwig <[email protected]>
Signed-off-by: Jens Axboe <[email protected]>
|
|
fs/fuse/dev.c:1357: warning: ‘total_len’ may be used uninitialized in this
function
Initialize total_len to zero, else its value will be undefined.
Signed-off-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Miklos Szeredi <[email protected]>
|
|
The sctp_asoc_get_hmac() function iterates through a peer's hmac_ids
array and attempts to ensure that only a supported hmac entry is
returned. The current code fails to do this properly - if the last id
in the array is out of range (greater than SCTP_AUTH_HMAC_ID_MAX), the
id integer remains set after exiting the loop, and the address of an
out-of-bounds entry will be returned and subsequently used in the parent
function, causing potentially ugly memory corruption. This patch resets
the id integer to 0 on encountering an invalid id so that NULL will be
returned after finishing the loop if no valid ids are found.
Signed-off-by: Dan Rosenberg <[email protected]>
Acked-by: Vlad Yasevich <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Two user-controlled allocations in SCTP are subsequently dereferenced as
sockaddr structs, without checking if the dereferenced struct members fall
beyond the end of the allocated chunk. There doesn't appear to be any
information leakage here based on how these members are used and
additional checking, but it's still worth fixing.
[[email protected]: remove unfashionable newlines, fix gmail tab->space conversion]
Signed-off-by: Dan Rosenberg <[email protected]>
Acked-by: Vlad Yasevich <[email protected]>
Cc: David Miller <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
A recent patch to allow IGMPv2 responses to IGMPv3 queries
bypasses length checks for valid query lengths, incorrectly
resets the v2_seen timer, and does not support IGMPv1.
The following patch responds with a v2 report as required
by IGMPv2 while correcting the other problems introduced
by the patch.
Signed-Off-By: David L Stevens <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Since 'select' ignores dependencies, drivers that select INET_LRO must
depend on INET. This fixes the broken configuration reported in
<http://article.gmane.org/gmane.linux.kernel/825646>.
Reported-by: Subrata Modak <[email protected]>
Signed-off-by: Ben Hutchings <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
This reverts commit e81963b180ac502fda0326edf059b1e29cdef1a2.
LRO is now deprecated in favour of GRO, and only a few drivers use it,
so it is desirable to build it as a module in distribution kernels.
The original change to prevent building it as a module was made in an
attempt to avoid the case where some dependents are set to y and some
to m, and INET_LRO can be set to m rather than y. However, the
Kconfig system will reliably set INET_LRO=y in this case.
Signed-off-by: Ben Hutchings <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
This patch fixes the condition (3rd arg) passed to sk_wait_event() in
sk_stream_wait_memory(). The incorrect check in sk_stream_wait_memory()
causes the following soft lockup in tcp_sendmsg() when the global tcp
memory pool has exhausted.
>>> snip <<<
localhost kernel: BUG: soft lockup - CPU#3 stuck for 11s! [sshd:6429]
localhost kernel: CPU 3:
localhost kernel: RIP: 0010:[sk_stream_wait_memory+0xcd/0x200] [sk_stream_wait_memory+0xcd/0x200] sk_stream_wait_memory+0xcd/0x200
localhost kernel:
localhost kernel: Call Trace:
localhost kernel: [sk_stream_wait_memory+0x1b1/0x200] sk_stream_wait_memory+0x1b1/0x200
localhost kernel: [<ffffffff802557c0>] autoremove_wake_function+0x0/0x40
localhost kernel: [ipv6:tcp_sendmsg+0x6e6/0xe90] tcp_sendmsg+0x6e6/0xce0
localhost kernel: [sock_aio_write+0x126/0x140] sock_aio_write+0x126/0x140
localhost kernel: [xfs:do_sync_write+0xf1/0x130] do_sync_write+0xf1/0x130
localhost kernel: [<ffffffff802557c0>] autoremove_wake_function+0x0/0x40
localhost kernel: [hrtimer_start+0xe3/0x170] hrtimer_start+0xe3/0x170
localhost kernel: [vfs_write+0x185/0x190] vfs_write+0x185/0x190
localhost kernel: [sys_write+0x50/0x90] sys_write+0x50/0x90
localhost kernel: [system_call+0x7e/0x83] system_call+0x7e/0x83
>>> snip <<<
What is happening is, that the sk_wait_event() condition passed from
sk_stream_wait_memory() evaluates to true for the case of tcp global memory
exhaustion. This is because both sk_stream_memory_free() and vm_wait are true
which causes sk_wait_event() to *not* call schedule_timeout().
Hence sk_stream_wait_memory() returns immediately to the caller w/o sleeping.
This causes the caller to again try allocation, which again fails and again
calls sk_stream_wait_memory(), and so on.
[ Bug introduced by commit c1cbe4b7ad0bc4b1d98ea708a3fecb7362aa4088
("[NET]: Avoid atomic xchg() for non-error case") -DaveM ]
Signed-off-by: Nagendra Singh Tomar <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Signed-off-by: Maciej Żenczykowski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
... and do the same for pread.
Signed-off-by: Chris Wilson <[email protected]>
Cc: [email protected]
|
|
Move the access control up from the fast paths, which are no longer
universally taken first, up into the caller. This then duplicates some
sanity checking along the slow paths, but is much simpler.
Tracked as CVE-2010-2962.
Reported-by: Kees Cook <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
Cc: [email protected]
|
|
Sleep while acquiring a resource lock on the Super I/O port. This should
prevent collisions from causing the hardware probe to fail with -EBUSY.
Signed-off-by: Giel van Schijndel <[email protected]>
Acked-by: Hans de Goede <[email protected]>
Signed-off-by: Guenter Roeck <[email protected]>
|
|
Instead of waiting for the display line value to settle, we can simply
wait for the pipe configuration register 'state' bit to turn off.
Contrarywise, disabling the plane will not cause the display line
value to stop changing, so instead we wait for the vblank interrupt
bit to get set. And, we only do this when we're not about to wait for
the pipe to turn off.
Signed-off-by: Keith Packard <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
|
|
While the display port is in training mode, vblank interrupts don't
occur. Because we have to wait for the display port output to turn on
before starting the training sequence, enable the output in 'normal'
mode so that we can tell when a vblank has occurred, then start the
training sequence.
Signed-off-by: Keith Packard <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
|
|
This patch adds the OF hook to the spi core so that devices
can automatically be registered based on device tree data. This fixes
a problem with spi devices not binding to drivers after the cleanup of
the spi & i2c binding code.
Signed-off-by: Sinan Akman <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
The SPI_MASTER_NO_TX bit (can't do buffer write) wasn't tested. This
code was introduced in commit 3c8e1a84 (spi/spi-gpio: add support for
controllers without MISO or MOSI pin). This patch fixes a bug in
choosing which transfer ops to use.
Signed-off-by: Roel Kluin <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
Extend the error handling code with operations found in other nearby error
handling code
A simplified version of the sematic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@r exists@
@r@
statement S1,S2,S3;
constant C1,C2,C3;
@@
*if (...)
{... S1 return -C1;}
...
*if (...)
{... when != S1
return -C2;}
...
*if (...)
{... S1 return -C3;}
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
Cc: [email protected]
|
|
The SYNC bits are BIT6 and BIT7 of MAX8649_SYNC register.
pdata->extclk_freq could be [0|1|2].
(MAX8649_EXTCLK_26MHZ|MAX8649_EXTCLK_13MHZ|MAX8649_EXTCLK_19MHZ)
It requires to left shift 6 bits to properly set extclk_freq.
Signed-off-by: Axel Lin <[email protected]>
Acked-by: Mark Brown <[email protected]>
Signed-off-by: Liam Girdwood <[email protected]>
|
|
This patch fixes a typo that incorrectly reports mA numbers as uA.
Signed-off-by: Cyril Chemparathy <[email protected]>
Acked-by: Mark Brown <[email protected]>
Signed-off-by: Liam Girdwood <[email protected]>
|
|
If device_register() fails then call put_device().
See comment to device_register.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Acked-by: Mark Brown <[email protected]>
Signed-off-by: Liam Girdwood <[email protected]>
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
cifs: prevent infinite recursion in cifs_reconnect_tcon
cifs: set backing_dev_info on new S_ISREG inodes
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86, hpet: Fix bogus error check in hpet_assign_irq()
x86, irq: Plug memory leak in sparse irq
x86, cpu: After uncapping CPUID, re-run CPU feature detection
|
|
flush_icache_range() is given virtual addresses to describe the region. It
deals with these by attempting to translate them through the current set of
page tables.
This is fine for userspace memory and vmalloc()'d areas as they are governed by
page tables. However, since the regions above 0x80000000 aren't translated
through the page tables by the MMU, the kernel doesn't bother to set up page
tables for them (see paging_init()).
This means flush_icache_range() as it stands cannot be used to flush regions of
the VM area between 0x80000000 and 0x9fffffff where the kernel resides if the
data cache is operating in WriteBack mode.
To fix this, make flush_icache_range() first check for addresses in the upper
half of VM space and deal with them appropriately, before dealing with any
range in the page table mapped area.
Ordinarily, this is not a problem, but it has the capacity to make kprobes and
kgdb malfunction. It should not affect gdbstub, signal frame setup or module
loading as gdb has its own flush functions, and the others take place in the
page table mapped area only.
Signed-off-by: David Howells <[email protected]>
Acked-by: Akira Takeuchi <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
vmwgfx: Fix fb VRAM pinning failure due to fragmentation
vmwgfx: Remove initialisation of dev::devname
vmwgfx: Enable use of the vblank system
vmwgfx: vt-switch (master drop) fixes
drm/vmwgfx: Fix breakage introduced by commit "drm: block userspace under allocating buffer and having drivers overwrite it (v2)"
drm: Hold the mutex when dropping the last GEM reference (v2)
drm/gem: handlecount isn't really a kref so don't make it one.
drm: i810/i830: fix locked ioctl variant
drm/radeon/kms: add quirk for MSI K9A2GM motherboard
drm/radeon/kms: fix potential segfault in r600_ioctl_wait_idle
drm: Prune GEM vma entries
drm/radeon/kms: fix up encoder info messages for DFP6
drm/radeon: fix PCI ID 5657 to be an RV410
|
|
* 'for-linus/i2c/2636-rc5' of git://git.fluff.org/bjdooks/linux:
i2c-s3c2410: fix calculation of SDA line delay
i2c-davinci: Fix race when setting up for TX
i2c-octeon: Return -ETIMEDOUT in octeon_i2c_wait() on timeout
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
ACPI: invoke DSDT corruption workaround on all Toshiba Satellite
ACPI, APEI, Fix ERST MOVE_DATA instruction implementation
ACPI: fan: Fix more unbalanced code block
ACPI: acpi_pad: simplify code to avoid false gcc build warning
ACPI, APEI, Fix error path for memory allocation
ACPI, APEI, HEST Fix the unsuitable usage of platform_data
ACPI, APEI, Fix acpi_pre_map() return value
ACPI, APEI, Fix APEI related table size checking
ACPI: Disable Windows Vista compatibility for Toshiba P305D
ACPI: Kconfig: fix typo.
ACPI: add missing __percpu markup in arch/x86/kernel/acpi/cstate.c
ACPI: Fix typos
ACPI video: fix a poor warning message
ACPI: fix build warnings resulting from merge window conflict
ACPI: EC: add Vista incompatibility DMI entry for Toshiba Satellite L355
ACPI: expand Vista blacklist to include SP1 and SP2
ACPI: delete ZEPTO idle=nomwait DMI quirk
ACPI: enable repeated PCIEXP wakeup by clearing PCIEXP_WAKE_STS on resume
PM / ACPI: Blacklist systems known to require acpi_sleep=nonvs
ACPI: Don't report current_now if battery reports in mWh
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6
* 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6:
intel_idle: Voluntary leave_mm before entering deeper
acpi_idle: add missing \n to printk
intel_idle: add missing __percpu markup
intel_idle: Change mode 755 => 644
cpuidle: Fix typos
intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot hang
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6
* 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6:
omap: McBSP: tx_irq_completion used in rx_irq_handler
omap: Fix compile dependency to LEDS_CLASS
|
|
Prevent from recursively locking the reiserfs lock in reiserfs_unpack()
because we may call journal_begin() that requires the lock to be taken
only once, otherwise it won't be able to release the lock while taking
other mutexes, ending up in inverted dependencies between the journal
mutex and the reiserfs lock for example.
This fixes:
=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.35.4.4a #3
-------------------------------------------------------
lilo/1620 is trying to acquire lock:
(&journal->j_mutex){+.+...}, at: [<d0325bff>] do_journal_begin_r+0x7f/0x340 [reiserfs]
but task is already holding lock:
(&REISERFS_SB(s)->lock){+.+.+.}, at: [<d032a278>] reiserfs_write_lock+0x28/0x40 [reiserfs]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&REISERFS_SB(s)->lock){+.+.+.}:
[<c10562b7>] lock_acquire+0x67/0x80
[<c12facad>] __mutex_lock_common+0x4d/0x410
[<c12fb0c8>] mutex_lock_nested+0x18/0x20
[<d032a278>] reiserfs_write_lock+0x28/0x40 [reiserfs]
[<d0325c06>] do_journal_begin_r+0x86/0x340 [reiserfs]
[<d0325f77>] journal_begin+0x77/0x140 [reiserfs]
[<d0315be4>] reiserfs_remount+0x224/0x530 [reiserfs]
[<c10b6a20>] do_remount_sb+0x60/0x110
[<c10cee25>] do_mount+0x625/0x790
[<c10cf014>] sys_mount+0x84/0xb0
[<c12fca3d>] syscall_call+0x7/0xb
-> #0 (&journal->j_mutex){+.+...}:
[<c10560f6>] __lock_acquire+0x1026/0x1180
[<c10562b7>] lock_acquire+0x67/0x80
[<c12facad>] __mutex_lock_common+0x4d/0x410
[<c12fb0c8>] mutex_lock_nested+0x18/0x20
[<d0325bff>] do_journal_begin_r+0x7f/0x340 [reiserfs]
[<d0325f77>] journal_begin+0x77/0x140 [reiserfs]
[<d0326271>] reiserfs_persistent_transaction+0x41/0x90 [reiserfs]
[<d030d06c>] reiserfs_get_block+0x22c/0x1530 [reiserfs]
[<c10db9db>] __block_prepare_write+0x1bb/0x3a0
[<c10dbbe6>] block_prepare_write+0x26/0x40
[<d030b738>] reiserfs_prepare_write+0x88/0x170 [reiserfs]
[<d03294d6>] reiserfs_unpack+0xe6/0x120 [reiserfs]
[<d0329782>] reiserfs_ioctl+0x272/0x320 [reiserfs]
[<c10c3188>] vfs_ioctl+0x28/0xa0
[<c10c3bbd>] do_vfs_ioctl+0x32d/0x5c0
[<c10c3eb3>] sys_ioctl+0x63/0x70
[<c12fca3d>] syscall_call+0x7/0xb
other info that might help us debug this:
2 locks held by lilo/1620:
#0: (&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<d032945a>] reiserfs_unpack+0x6a/0x120 [reiserfs]
#1: (&REISERFS_SB(s)->lock){+.+.+.}, at: [<d032a278>] reiserfs_write_lock+0x28/0x40 [reiserfs]
stack backtrace:
Pid: 1620, comm: lilo Not tainted 2.6.35.4.4a #3
Call Trace:
[<c10560f6>] __lock_acquire+0x1026/0x1180
[<c10562b7>] lock_acquire+0x67/0x80
[<c12facad>] __mutex_lock_common+0x4d/0x410
[<c12fb0c8>] mutex_lock_nested+0x18/0x20
[<d0325bff>] do_journal_begin_r+0x7f/0x340 [reiserfs]
[<d0325f77>] journal_begin+0x77/0x140 [reiserfs]
[<d0326271>] reiserfs_persistent_transaction+0x41/0x90 [reiserfs]
[<d030d06c>] reiserfs_get_block+0x22c/0x1530 [reiserfs]
[<c10db9db>] __block_prepare_write+0x1bb/0x3a0
[<c10dbbe6>] block_prepare_write+0x26/0x40
[<d030b738>] reiserfs_prepare_write+0x88/0x170 [reiserfs]
[<d03294d6>] reiserfs_unpack+0xe6/0x120 [reiserfs]
[<d0329782>] reiserfs_ioctl+0x272/0x320 [reiserfs]
[<c10c3188>] vfs_ioctl+0x28/0xa0
[<c10c3bbd>] do_vfs_ioctl+0x32d/0x5c0
[<c10c3eb3>] sys_ioctl+0x63/0x70
[<c12fca3d>] syscall_call+0x7/0xb
Reported-by: Jarek Poplawski <[email protected]>
Tested-by: Jarek Poplawski <[email protected]>
Signed-off-by: Frederic Weisbecker <[email protected]>
Cc: Jeff Mahoney <[email protected]>
Cc: All since 2.6.32 <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
The reiserfs mutex already depends on the inode mutex, so we can't lock
the inode mutex in reiserfs_unpack() without using the safe locking API,
because reiserfs_unpack() is always called with the reiserfs mutex locked.
This fixes:
=======================================================
[ INFO: possible circular locking dependency detected ]
2.6.35c #13
-------------------------------------------------------
lilo/1606 is trying to acquire lock:
(&sb->s_type->i_mutex_key#8){+.+.+.}, at: [<d0329450>] reiserfs_unpack+0x60/0x110 [reiserfs]
but task is already holding lock:
(&REISERFS_SB(s)->lock){+.+.+.}, at: [<d032a268>] reiserfs_write_lock+0x28/0x40 [reiserfs]
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (&REISERFS_SB(s)->lock){+.+.+.}:
[<c1056347>] lock_acquire+0x67/0x80
[<c12f083d>] __mutex_lock_common+0x4d/0x410
[<c12f0c58>] mutex_lock_nested+0x18/0x20
[<d032a268>] reiserfs_write_lock+0x28/0x40 [reiserfs]
[<d0329e9a>] reiserfs_lookup_privroot+0x2a/0x90 [reiserfs]
[<d0316b81>] reiserfs_fill_super+0x941/0xe60 [reiserfs]
[<c10b7d17>] get_sb_bdev+0x117/0x170
[<d0313e21>] get_super_block+0x21/0x30 [reiserfs]
[<c10b74ba>] vfs_kern_mount+0x6a/0x1b0
[<c10b7659>] do_kern_mount+0x39/0xe0
[<c10cebe0>] do_mount+0x340/0x790
[<c10cf0b4>] sys_mount+0x84/0xb0
[<c12f25cd>] syscall_call+0x7/0xb
-> #0 (&sb->s_type->i_mutex_key#8){+.+.+.}:
[<c1056186>] __lock_acquire+0x1026/0x1180
[<c1056347>] lock_acquire+0x67/0x80
[<c12f083d>] __mutex_lock_common+0x4d/0x410
[<c12f0c58>] mutex_lock_nested+0x18/0x20
[<d0329450>] reiserfs_unpack+0x60/0x110 [reiserfs]
[<d0329772>] reiserfs_ioctl+0x272/0x320 [reiserfs]
[<c10c3228>] vfs_ioctl+0x28/0xa0
[<c10c3c5d>] do_vfs_ioctl+0x32d/0x5c0
[<c10c3f53>] sys_ioctl+0x63/0x70
[<c12f25cd>] syscall_call+0x7/0xb
other info that might help us debug this:
1 lock held by lilo/1606:
#0: (&REISERFS_SB(s)->lock){+.+.+.}, at: [<d032a268>] reiserfs_write_lock+0x28/0x40 [reiserfs]
stack backtrace:
Pid: 1606, comm: lilo Not tainted 2.6.35c #13
Call Trace:
[<c1056186>] __lock_acquire+0x1026/0x1180
[<c1056347>] lock_acquire+0x67/0x80
[<c12f083d>] __mutex_lock_common+0x4d/0x410
[<c12f0c58>] mutex_lock_nested+0x18/0x20
[<d0329450>] reiserfs_unpack+0x60/0x110 [reiserfs]
[<d0329772>] reiserfs_ioctl+0x272/0x320 [reiserfs]
[<c10c3228>] vfs_ioctl+0x28/0xa0
[<c10c3c5d>] do_vfs_ioctl+0x32d/0x5c0
[<c10c3f53>] sys_ioctl+0x63/0x70
[<c12f25cd>] syscall_call+0x7/0xb
Reported-by: Jarek Poplawski <[email protected]>
Tested-by: Jarek Poplawski <[email protected]>
Signed-off-by: Frederic Weisbecker <[email protected]>
Cc: Jeff Mahoney <[email protected]>
Cc: <[email protected]> [2.6.32 and later]
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Signed-off-by: Kukjin Kim <[email protected]>
Acked-by: Ben Dooks <[email protected]>
Acked-by: Russell King <[email protected]>
Cc: Kyungmin Park <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
I moved couple years ago, so let's update my email and snail mail.
And I do not have any access to Matrox hardware anymore, and I'm quite
unresponsive to matroxfb bug reports (sorry Alan), so saying that I'm
maintainer is a bit far fetched.
For ncpfs I do not use ncpfs in my daily life either, but at least I can
test that one, so I can stay listed here for odd fixes.
Signed-off-by: Petr Vandrovec <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Having the limits file world readable will ease the task of system
management on systems where root privileges might be restricted.
Having admin restricted with root priviledges, he/she could not check
other users process' limits.
Also it'd align with most of the /proc stat files.
Signed-off-by: Jiri Olsa <[email protected]>
Acked-by: Neil Horman <[email protected]>
Cc: Eugene Teo <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
If the original list is a POT in length, the first callback from line 73
will pass a==b both pointing to the original list_head. This is dangerous
because the 'list_sort()' user can use 'container_of()' and accesses the
"containing" object, which does not necessary exist for the list head. So
the user can access RAM which does not belong to him. If this is a write
access, we can end up with memory corruption.
Signed-off-by: Don Mullis <[email protected]>
Tested-by: Artem Bityutskiy <[email protected]>
Signed-off-by: Artem Bityutskiy <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
The semctl syscall has several code paths that lead to the leakage of
uninitialized kernel stack memory (namely the IPC_INFO, SEM_INFO,
IPC_STAT, and SEM_STAT commands) during the use of the older, obsolete
version of the semid_ds struct.
The copy_semid_to_user() function declares a semid_ds struct on the stack
and copies it back to the user without initializing or zeroing the
"sem_base", "sem_pending", "sem_pending_last", and "undo" pointers,
allowing the leakage of 16 bytes of kernel stack memory.
The code is still reachable on 32-bit systems - when calling semctl()
newer glibc's automatically OR the IPC command with the IPC_64 flag, but
invoking the syscall directly allows users to use the older versions of
the struct.
Signed-off-by: Dan Rosenberg <[email protected]>
Cc: Manfred Spraul <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|