| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
gic_set_cpu will directly use irq_desc[]. If CONFIG_SPARSE_IRQ is
enabled, there is no irq_desc[]. So we need use irq_to_desc(irq) to
get the descriptor for irq.
Signed-off-by: Chao Xie <[email protected]>
Acked-by: Kyungmin Park <[email protected]>
Signed-off-by: Russell King <[email protected]>
|
|
internal mic
BugLink: https://launchpad.net/bugs/685161
The reporter of the bug states that he must use position_fix=1 to enable
capture for the internal microphone, so set it for his machine's PCI
SSID. Verified using 2.6.35 and the 2010-12-04 alsa-driver build.
Reported-and-tested-by: Ralph Wabel <[email protected]>
Cc: <[email protected]>
Signed-off-by: Daniel T Chen <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6
* 'slab/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6:
slub: Fix a crash during slabinfo -v
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6:
initramfs: Really fix build break on symbol-prefixed archs
[media] Fix Kconfig errors due to two visible menus
i2c/algos: convert Kconfig to use the menu's `visible' keyword
media/video: convert Kconfig to use the menu's `visible' keyword
Revert "i2c: Fix Kconfig dependencies"
kconfig: regen parser
kconfig: add an option to determine a menu's visibility
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kyle/parisc-2.6
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kyle/parisc-2.6:
parisc: Fix GSC PS/2 driver name for keyboard and mouse
parisc: KittyHawk LCD fix
parisc: convert the rest of the irq handlers to simple/percpu
parisc: fix dino/gsc interrupts
parisc: remove redundant initialization in sigsegv path of sys_rt_sigreturn
|
|
Because it caused a chroot ttyname regression in 2.6.36.
As of 2.6.36 ttyname does not work in a chroot. It has already been
reported that screen breaks, and for me this breaks an automated
distribution testsuite, that I need to preserve the ability to run the
existing binaries on for several more years. glibc 2.11.3 which has a
fix for this is not an option.
The root cause of this breakage is:
commit 8df9d1a4142311c084ffeeacb67cd34d190eff74
Author: Miklos Szeredi <[email protected]>
Date: Tue Aug 10 11:41:41 2010 +0200
vfs: show unreachable paths in getcwd and proc
Prepend "(unreachable)" to path strings if the path is not reachable
from the current root.
Two places updated are
- the return string from getcwd()
- and symlinks under /proc/$PID.
Other uses of d_path() are left unchanged (we know that some old
software crashes if /proc/mounts is changed).
Signed-off-by: Miklos Szeredi <[email protected]>
Signed-off-by: Al Viro <[email protected]>
So remove the nice sounding, but ultimately ill advised change to how
/proc/fd symlinks work.
Signed-off-by: "Eric W. Biederman" <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Linus Torvalds pointed out that our code was unbalanced when powering on
the panel with respect to the power off sequence in that we were failing
to restore the panel-fitter. The consequence of this would be that
across a simple DPMS off/on for a non-native mode, without an intervening
modeset, the panel fitter would remain disabled and the output would shift
on the panel.
Reported-by: Linus Torvalds <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
|
|
There's not much we can do here but hope for the best. However the first
failure happens quite frequently and if often remedied by the second
attempt to reset HEAD. So only print the error if that attempt also
fails.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=19802
Reported-by: Thomas Meyer <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
Cc: [email protected]
|
|
Otherwise we can't really fix the abi-braindeadness of forcing
libva to manually wait for rendering when switching rings. Which
in turn makes implementing hw semaphores a pointless exercise
(at least for ironlake).
[Also added the relaxed fencing param to explain the jump in
numbering - relaxed fencing is in -next.]
Signed-off-by: Daniel Vetter <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
|
|
Add a missing NULL check and fix the wrong address passed to kunmap()
in i830_cleanup().
Cc: [email protected]
Signed-off-by: Takashi Iwai <[email protected]>
[danvet: added cc stable]
Signed-off-by: Daniel Vetter <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
|
|
Rename intel_mid_dma_pci to intel_mid_dma_pci_driver to pick up the
applied annotations of that suffix.
Reported-by: <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
Currently while submitting scatterlists with more than one SG
entry the DMA buffer address from the first SG entry is inserted
into all initialized DMA buffer descriptors. This is due to the
typo in the for_each_sg() loop where the scatterlist pointer is
used for obtaining the DMA buffer address and _not_ the SG list
iterator.
As a result all received data will be written only into the first
DMA buffer while reading. While writing the data from the first
DMA buffer is send to the device multiple times. This caused
the filesystem destruction on the MMC card when using DMA in
mxcmmc driver.
Signed-off-by: Anatolij Gustschin <[email protected]>
Acked-by: Sascha Hauer <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
Using %pR standardizes the struct resource output.
Signed-off-by: Joe Perches <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
Changed Makefile to use <modules>-y instead of <modules>-objs. Following
(documentation/kbuild/makefiles.txt).
Signed-off-by: Tracey Dent <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
Fix kernel warnings caused by the driver name of GSC PS/2 containing '/'.
The following warnings are observed on a K410 system :
[ 10.700000] name 'GSC PS/2 keyboard'
[ 10.732000] ------------[ cut here ]------------
[ 10.772000] WARNING: at fs/proc/generic.c:323
[ 10.828000] Modules linked in:
[ 10.916000]
[ 10.916000] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
[ 10.936000] PSW: 00000000000001000000000000001111 Not tainted
[ 10.992000] r00-03 0004000f 104fe3e0 10201ea0 00000000
[ 11.060000] r04-07 4fc405c8 00000006 4fc405c8 4fc40694
[ 11.124000] r08-11 4fc40708 10438aa0 00000001 1043bfc8
[ 11.184000] r12-15 104ff2a0 104ff2a0 4fc38634 104ff2a0
[ 11.248000] r16-19 f0001570 10479af0 f000006c 1044fe50
[ 11.308000] r20-23 00000000 00000028 104cd858 00000000
[ 11.372000] r24-27 ffffffff 0000000e 1044fe10 1043bbe0
[ 11.436000] r28-31 0000002b 00000078 4fc40800 0000000d
[ 11.496000] sr00-03 00000000 00000000 00000000 00000000
[ 11.560000] sr04-07 00000000 00000000 00000000 00000000
[ 11.624000]
[ 11.688000] IASQ: 00000000 00000000 IAOQ: 10201ea0 10201ea4
[ 11.704000] IIR: 03ffe01f ISR: 00000000 IOR: 0000000d
[ 11.772000] CPU: 0 CR30: 4fc40000 CR31: f01043b0
[ 11.836000] ORIG_R28: 4fc40940
[ 11.904000] IAOQ[0]: __xlate_proc_name+0x90/0xd0
[ 11.940000] IAOQ[1]: __xlate_proc_name+0x94/0xd0
[ 11.996000] RP(r2): __xlate_proc_name+0x90/0xd0
[ 12.052000] Backtrace:
[ 12.108000] [<10257790>] vsnprintf+0x290/0x4f4
[ 12.136000]
[ 12.188000] ---[ end trace 91bf6ece17e322dd ]---
[ 12.208000] serio: GSC PS/2 keyboard port at 0x0001c000 irq 19 @ 10:12:7
[ 12.264000] name 'GSC PS/2 mouse'
[ 12.344000] ------------[ cut here ]------------
[ 12.384000] WARNING: at fs/proc/generic.c:323
[ 12.436000] Modules linked in:
[ 12.524000]
[ 12.528000] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI
[ 12.544000] PSW: 00000000000001000000000000001111 Tainted: G W
[ 12.600000] r00-03 0004000f 104fe3e0 10201ea0 00000000
[ 12.680000] r04-07 4fc405c8 00000006 4fc405c8 4fc40694
[ 12.740000] r08-11 4fc40708 10438aa0 00000001 1043bfc8
[ 12.804000] r12-15 104ff2a0 104ff2a0 4fc38634 104ff2a0
[ 12.868000] r16-19 f0001570 10479af0 f000006c 1044fe50
[ 12.928000] r20-23 00000000 00000025 104cd858 00000000
[ 12.992000] r24-27 ffffffff 0000000e 1044fe10 1043bbe0
[ 13.056000] r28-31 00000028 00000078 4fc40800 0000000d
[ 13.116000] sr00-03 00000000 00000000 00000000 00000000
[ 13.180000] sr04-07 00000000 00000000 00000000 00000000
[ 13.244000]
[ 13.308000] IASQ: 00000000 00000000 IAOQ: 10201ea0 10201ea4
[ 13.324000] IIR: 03ffe01f ISR: 00000000 IOR: 0000000d
[ 13.392000] CPU: 0 CR30: 4fc40000 CR31: f01043b0
[ 13.456000] ORIG_R28: 4fc40940
[ 13.524000] IAOQ[0]: __xlate_proc_name+0x90/0xd0
[ 13.560000] IAOQ[1]: __xlate_proc_name+0x94/0xd0
[ 13.616000] RP(r2): __xlate_proc_name+0x90/0xd0
[ 13.672000] Backtrace:
[ 13.728000] [<10257790>] vsnprintf+0x290/0x4f4
[ 13.756000]
[ 13.808000] ---[ end trace 91bf6ece17e322de ]---
[ 13.828000] serio: GSC PS/2 mouse port at 0x00020100 irq 19 @ 10:12:8
Signed-off-by: Guy Martin <[email protected]>
Acked-by: Helge Deller <[email protected]>
Signed-off-by: Kyle McMartin <[email protected]>
|
|
K class aka KittyHawk don't have LED support on their LCD. Installing
HP-UX confirmed this. The current led_wq fills the LCD with black
characters each time it runs.
The patch prevents the led_wq workqueue and its proc entry to be
created for KittyHawk machines.
It also increase min_cmd_delay as currently, one character out of two
is lost when a string is sent to the LCD.
Signed-off-by: Guy Martin <[email protected]>
Signed-off-by: Kyle McMartin <[email protected]>
|
|
The generic conversion eliminates the spurious no_ack and no_end
routines, converts all the cascaded handlers to handle_simple_irq() and
makes iosapic use a modified handle_percpu_irq() to become the same as
the CPU irq's. This isn't an essential change, but it eliminates the
mask/unmask overhead of handle_level_irq().
Signed-off-by: James Bottomley <[email protected]>
Tested-by: Helge Deller <[email protected]>
Signed-off-by: Kyle McMartin <[email protected]>
|
|
The essential problem we're currently having is that dino (and gsc) is a
cascaded CPU interrupt. Under the old __do_IRQ() handler, our CPU
interrupts basically did an ack followed by an end. In the new scheme,
we replaced them with level handlers which do a mask, an ack and then an
unmask (but no end). Instead, with the renaming of end to eoi, we
actually want to call the percpu flow handlers, because they actually
have all the characteristics we want.
This patch does the conversion and gets my C360 booting again.
Signed-off-by: James Bottomley <[email protected]>
Signed-off-by: Kyle McMartin <[email protected]>
|
|
Fixes the modesetting on the secondary panel of the Libretto W100 and
presumably many more Ironlake laptops with SDVO LVDS displays.
Reported-and-tested-by: Matthew Willoughby <[email protected]>
Signed-off-by: Chris Wilson <[email protected]>
Cc: [email protected]
|
|
Include sched.h to ensure sched_clock() has the notrace
annotation, and mark any functions it calls as notrace
too.
Include sched.h to ensure sched_clock() has the notrace
annotation, and mark any functions it calls as notrace
too.
Acked-by: Dan Williams <[email protected]>
Signed-off-by: Rabin Vincent <[email protected]>
Signed-off-by: Russell King <[email protected]>
|
|
This patch fixes a compilation issue when compiling PCMCIA SA1100
support as a module with PCMCIA_DEBUG enabled. The symbol
soc_pcmcia_debug was not beeing exported.
ARM: pcmcia: Fix for building DEBUG with sa11xx_base.c as a module.
This patch fixes a compilation issue when compiling PCMCIA SA1100
support as a module with PCMCIA_DEBUG enabled. The symbol
soc_pcmcia_debug was not beeing exported.
Cc: <[email protected]>
Signed-off-by: Marcelo Roberto Jimenez <[email protected]>
Signed-off-by: Russell King <[email protected]>
|
|
The existing code invokes the syscall with rubbish in r7,
due to what looks like an incorrect literal load idiom.
Reviewed-by: Will Deacon <[email protected]>
Signed-off-by: Dave Martin <[email protected]>
Acked-by: Catalin Marinas <[email protected]>
Signed-off-by: Russell King <[email protected]>
|
|
Added a quirk to cxt5066_cfg_tbl to enable jack sense for ThinkPad Edge 13.
Reference: http://launchpad.net/bugs/685015
Signed-off-by: Manoj Iyer <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
Commit f7cb1933621bce66a77f690776a16fe3ebbc4d58 ("SLUB: Pass active
and inactive redzone flags instead of boolean to debug functions")
missed two instances of check_object(). This caused a lot of warnings
during 'slabinfo -v' finally leading to a crash:
BUG ext4_xattr: Freepointer corrupt
...
BUG buffer_head: Freepointer corrupt
...
BUG ext4_alloc_context: Freepointer corrupt
...
...
BUG: unable to handle kernel NULL pointer dereference at 0000000000000008
IP: [<ffffffff810a291f>] file_sb_list_del+0x1c/0x35
PGD 79d78067 PUD 79e67067 PMD 0
Oops: 0002 [#1] SMP
last sysfs file: /sys/kernel/slab/:t-0000192/validate
This patch fixes the problem by converting the two missed instances.
Acked-by: Christoph Lameter <[email protected]>
Signed-off-by: Tero Roponen <[email protected]>
Signed-off-by: Pekka Enberg <[email protected]>
|
|
Use the hardware DDA to calculate the ratio with as much accuracy as is
possible.
Signed-off-by: Chris Wilson <[email protected]>
Cc: [email protected]
|
|
git://xenbits.xen.org/people/sstabellini/linux-pvhvm
* '2.6.37-rc4-pvhvm-fixes' of git://xenbits.xen.org/people/sstabellini/linux-pvhvm:
xen: unplug the emulated devices at resume time
xen: fix save/restore for PV on HVM guests with pirq remapping
xen: resume the pv console for hvm guests too
xen: fix MSI setup and teardown for PV on HVM guests
xen: use PHYSDEVOP_get_free_pirq to implement find_unbound_pirq
|
|
The MACH_MINI2440 entry requires the backlight LED driver, but this
subsystem has not been enabled and the select of LEDS_TRIGGER_BACKLIGHT
alone is insufficient to enable the necessary bits of the LED driver.
Add NEW_LEDS, LEDS_CLASS and LEDS_TRIGGER to the select to allow the
kernel to link.
This fixes the following error:
drivers/built-in.o: In function `led_trigger_set':
/home/ben/linux.git/drivers/leds/led-triggers.c:116: undefined reference to `led_brightness_set'
Signed-off-by: Ben Dooks <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen
* 'upstream/core' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen:
xen: allocate irq descs on any NUMA node
xen: prevent crashes with non-HIGHMEM 32-bit kernels with largeish memory
xen: use default_idle
xen: clean up "extra" memory handling some more
* 'upstream/bugfix' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen:
xen: x86/32: perform initial startup on initial_page_table
xen: don't bother to stop other cpus on shutdown/reboot
|
|
If we leave the registers in a conflicting state then when we attempt
to teardown the active mode, we will not disable the pipes and planes
in the correct order -- leaving a plane reading from a disabled pipe and
possibly leading to undefined behaviour.
Reported-and-tested-by: Andy Whitcroft <[email protected]>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=32078
Signed-off-by: Chris Wilson <[email protected]>
Cc: [email protected]
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ASoC: omap: N810: Don't select CONFIG_OMAP_MUX but make it as dependency
ALSA: hda: Use "alienware" model quirk for another SSID
ASoC: WM8731: Fix incorrect mask for bypass path disable
s6105-ipcam: fix compilation
s6000-pcm: fix compilation
s6000-i2s: fix compilation
ASoC: Fix missing spin_unlock_irqrestore
ALSA: Fix SNDCTL_DSP_RESET ioctl for OSS emulation
ASoC: Add missing dev_set_drvdata in p1022_ds_probe
ASoC: Add missing dev_set_drvdata in mpc8610_hpcd_probe
ASoC: Remove unneeded !! operations while checking return value of nuc900_checkready
ASoC: Fix compile error for nuc900-pcm.c
ASoC: Fix prototype for nuc900_ac97_probe and nuc900_ac97_remove
ASoC: Fix compile error for nuc900-ac97.c
ALSA: hda: Use BIOS auto-parsing instead of existing model quirk for MEDION MD2
|
|
* 'linux-next' of git://git.infradead.org/ubi-2.6:
UBI: fix corrupted PEB detection for NOR flash
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6
* 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
sh: se/7724: Remove FSI/B of GPIO init code
sh: se/7724: Update clock framework of FSI clock to non-legacy
sh: Assume new page cache pages have dirty dcache lines.
sh: boards: mach-se: use IS_ERR() instead of NULL check
sh: Add div6_reparent_clks to clock framework for FSI
dma: shdma: add a MODULE_ALIAS() to allow module autoloading
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-2.6
* 'fbdev-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-2.6:
lxfb: Maintain video processor palette through suspend/resume
video: da8xx: Register IRQ as last thing in driver probing.
framebuffer: fix fbcmap.c kernel-doc warning
|
|
Implement asm/syscall.h for the MN10300 arch.
Signed-off-by: David Howells <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
My new shiny code for corrupted PEB detection has NOR specific bug.
We tread PEB as corrupted and preserve it, if
1. EC header is OK.
2. VID header is corrupted.
3. data area is not "all 0xFFs"
In case of NOR we have 'nor_erase_prepare()' quirk, which invalidates
the headers before erasing the PEB. And we invalidate first the VID
header, and then the EC header. So if a power cut happens after we have
invalidated the VID header, but before we have invalidated the EC
header, we end up with a PEB which satisfies the above 3 conditions,
and the scanning code will treat it as corrupted, and will print
scary warnings, wrongly.
This patch fixes the issue by firt invalidating the EC header, then
invalidating the VID header. In case of power cut inbetween, we still
just lose the EC header, and UBI can deal with this situation gracefully.
Thanks to Anatolij Gustschin <[email protected]> for tracking this down.
Signed-off-by: Artem Bityutskiy <[email protected]>
Reported-by: Anatolij Gustschin <[email protected]>
Tested-by: Anatolij Gustschin <[email protected]>
|
|
On the docking station for the Lenovo T410 and T410s, the line-out
doesn't work. The trouble seems to be that it generates a plug event,
but then doesn't report that the jack is connected. So automute mutes
the jack when you plug something into it. The following patch (next
message) fixes it.
Signed-off-by: John Baboval <john.baboval at virtualcomputer.com>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
BugLink: https://launchpad.net/bugs/595482
The original reporter states that audible playback from the internal
speaker is inaudible despite the hardware being properly detected. To
work around this symptom, he uses the model=lg quirk to properly enable
both playback, capture, and jack sense. Another user corroborates this
workaround on separate hardware. Add this PCI SSID to the quirk table
to enable it for further LG P1 Expresses.
Reported-and-tested-by: Philip Peitsch <[email protected]>
Tested-by: nikhov
Cc: <[email protected]> [2.6.32+]
Signed-off-by: Daniel T Chen <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
Use the ccflag-y flag instead of EXTRA_CFLAGS because EXTRA_CFLAGS is
deprecated and should now be switched. According to (documentation/kbuild/makefiles.txt).
Signed-off-by: Tracey Dent <[email protected]>
Acked-by: Linus Walleij <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
We should not call kfree(dma) in mid_setup_dma error path because
the memory is allocated in intel_mid_dma_probe and will be freed
in intel_mid_dma_probe error path if mid_setup_dma return error.
Signed-off-by: Axel Lin <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
otherwise, i will be -1 inside the latest iteration of the while loop.
Signed-off-by: Axel Lin <[email protected]>
Acked-by: Sascha Hauer <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
|
|
|
|
se7724 board does not have FSI/B.
Signed-off-by: Nobuhiro Iwamatsu <[email protected]>
Signed-off-by: Paul Mundt <[email protected]>
|
|
Signed-off-by: Nobuhiro Iwamatsu <[email protected]>
Signed-off-by: Paul Mundt <[email protected]>
|
|
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: length resolution should be reported units/mm
HID: add support for F430 Force Feedback Wheel
HID: egalax: Use kzalloc
HID: Remove KERN_DEBUG from dbg_hid use
Manually fixed trivial conflict in drivers/hid/hid-input.c (due to
removal of KERN_DEBUG from dbg_hid use clashing with new keycode
interface switch)
|
|
Wakeup-on-timer code does not have/need debugfs dependency. Move
the function out of debugfs ifdef.
Fixes compile error when CONFIG_DEBUG_FS is disabled but PM debug is
enabled.
Reported-by: Tony Lindgren <[email protected]>
Signed-off-by: Kevin Hilman <[email protected]>
Signed-off-by: Tony Lindgren <[email protected]>
|
|
Allocate irq descs on any NUMA node (we don't care) rather than
specifically node 0, which may not exist.
(At the moment NUMA is meaningless within a domain, so any info
the kernel has is just from an SRAT table we haven't suppressed/disabled.)
Signed-off-by: Jeremy Fitzhardinge <[email protected]>
|
|
If this is a non-HIGHMEM 32-bit kernel, then the page structures only go
up to the limit of addressable memory, even if more memory is physically
present. Don't try to add that extra memory to the balloon.
Signed-off-by: Jeremy Fitzhardinge <[email protected]>
|
|
If a user manages to trigger an oops with fs set to KERNEL_DS, fs is not
otherwise reset before do_exit(). do_exit may later (via mm_release in
fork.c) do a put_user to a user-controlled address, potentially allowing
a user to leverage an oops into a controlled write into kernel memory.
This is only triggerable in the presence of another bug, but this
potentially turns a lot of DoS bugs into privilege escalations, so it's
worth fixing. I have proof-of-concept code which uses this bug along
with CVE-2010-3849 to write a zero to an arbitrary kernel address, so
I've tested that this is not theoretical.
A more logical place to put this fix might be when we know an oops has
occurred, before we call do_exit(), but that would involve changing
every architecture, in multiple places.
Let's just stick it in do_exit instead.
[[email protected]: update code comment]
Signed-off-by: Nelson Elhage <[email protected]>
Cc: KOSAKI Motohiro <[email protected]>
Cc: <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
commit 62b61f611e ("ksm: memory hotremove migration only") caused the
following new lockdep warning.
=======================================================
[ INFO: possible circular locking dependency detected ]
-------------------------------------------------------
bash/1621 is trying to acquire lock:
((memory_chain).rwsem){.+.+.+}, at: [<ffffffff81079339>]
__blocking_notifier_call_chain+0x69/0xc0
but task is already holding lock:
(ksm_thread_mutex){+.+.+.}, at: [<ffffffff8113a3aa>]
ksm_memory_callback+0x3a/0xc0
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (ksm_thread_mutex){+.+.+.}:
[<ffffffff8108b70a>] lock_acquire+0xaa/0x140
[<ffffffff81505d74>] __mutex_lock_common+0x44/0x3f0
[<ffffffff81506228>] mutex_lock_nested+0x48/0x60
[<ffffffff8113a3aa>] ksm_memory_callback+0x3a/0xc0
[<ffffffff8150c21c>] notifier_call_chain+0x8c/0xe0
[<ffffffff8107934e>] __blocking_notifier_call_chain+0x7e/0xc0
[<ffffffff810793a6>] blocking_notifier_call_chain+0x16/0x20
[<ffffffff813afbfb>] memory_notify+0x1b/0x20
[<ffffffff81141b7c>] remove_memory+0x1cc/0x5f0
[<ffffffff813af53d>] memory_block_change_state+0xfd/0x1a0
[<ffffffff813afd62>] store_mem_state+0xe2/0xf0
[<ffffffff813a0bb0>] sysdev_store+0x20/0x30
[<ffffffff811bc116>] sysfs_write_file+0xe6/0x170
[<ffffffff8114f398>] vfs_write+0xc8/0x190
[<ffffffff8114fc14>] sys_write+0x54/0x90
[<ffffffff810028b2>] system_call_fastpath+0x16/0x1b
-> #0 ((memory_chain).rwsem){.+.+.+}:
[<ffffffff8108b5ba>] __lock_acquire+0x155a/0x1600
[<ffffffff8108b70a>] lock_acquire+0xaa/0x140
[<ffffffff81506601>] down_read+0x51/0xa0
[<ffffffff81079339>] __blocking_notifier_call_chain+0x69/0xc0
[<ffffffff810793a6>] blocking_notifier_call_chain+0x16/0x20
[<ffffffff813afbfb>] memory_notify+0x1b/0x20
[<ffffffff81141f1e>] remove_memory+0x56e/0x5f0
[<ffffffff813af53d>] memory_block_change_state+0xfd/0x1a0
[<ffffffff813afd62>] store_mem_state+0xe2/0xf0
[<ffffffff813a0bb0>] sysdev_store+0x20/0x30
[<ffffffff811bc116>] sysfs_write_file+0xe6/0x170
[<ffffffff8114f398>] vfs_write+0xc8/0x190
[<ffffffff8114fc14>] sys_write+0x54/0x90
[<ffffffff810028b2>] system_call_fastpath+0x16/0x1b
But it's a false positive. Both memory_chain.rwsem and ksm_thread_mutex
have an outer lock (mem_hotplug_mutex). So they cannot deadlock.
Thus, This patch annotate ksm_thread_mutex is not deadlock source.
[[email protected]: update comment, from Hugh]
Signed-off-by: KOSAKI Motohiro <[email protected]>
Acked-by: Hugh Dickins <[email protected]>
Cc: Andrea Arcangeli <[email protected]>
Cc: Andi Kleen <[email protected]>
Cc: KAMEZAWA Hiroyuki <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|