| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Using a program like the following:
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
int main() {
id_t id;
siginfo_t infop;
pid_t res;
id = fork();
if (id == 0) { sleep(1); exit(0); }
kill(id, SIGSTOP);
alarm(1);
waitid(P_PID, id, &infop, WCONTINUED);
return 0;
}
to call waitid() on a stopped process results in access to the child task's
credentials without the RCU read lock being held - which may be replaced in the
meantime - eliciting the following warning:
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
kernel/exit.c:1460 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 1
2 locks held by waitid02/22252:
#0: (tasklist_lock){.?.?..}, at: [<ffffffff81061ce5>] do_wait+0xc5/0x310
#1: (&(&sighand->siglock)->rlock){-.-...}, at: [<ffffffff810611da>]
wait_consider_task+0x19a/0xbe0
stack backtrace:
Pid: 22252, comm: waitid02 Not tainted 2.6.35-323cd+ #3
Call Trace:
[<ffffffff81095da4>] lockdep_rcu_dereference+0xa4/0xc0
[<ffffffff81061b31>] wait_consider_task+0xaf1/0xbe0
[<ffffffff81061d15>] do_wait+0xf5/0x310
[<ffffffff810620b6>] sys_waitid+0x86/0x1f0
[<ffffffff8105fce0>] ? child_wait_callback+0x0/0x70
[<ffffffff81003282>] system_call_fastpath+0x16/0x1b
This is fixed by holding the RCU read lock in wait_task_continued() to ensure
that the task's current credentials aren't destroyed between us reading the
cred pointer and us reading the UID from those credentials.
Furthermore, protect wait_task_stopped() in the same way.
We don't need to keep holding the RCU read lock once we've read the UID from
the credentials as holding the RCU read lock doesn't stop the target task from
changing its creds under us - so the credentials may be outdated immediately
after we've read the pointer, lock or no lock.
Signed-off-by: Daniel J Blueman <[email protected]>
Signed-off-by: David Howells <[email protected]>
Acked-by: Paul E. McKenney <[email protected]>
Acked-by: Oleg Nesterov <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Make do_execve() take a const filename pointer so that kernel_execve() compiles
correctly on ARM:
arch/arm/kernel/sys_arm.c:88: warning: passing argument 1 of 'do_execve' discards qualifiers from pointer target type
This also requires the argv and envp arguments to be consted twice, once for
the pointer array and once for the strings the array points to. This is
because do_execve() passes a pointer to the filename (now const) to
copy_strings_kernel(). A simpler alternative would be to cast the filename
pointer in do_execve() when it's passed to copy_strings_kernel().
do_execve() may not change any of the strings it is passed as part of the argv
or envp lists as they are some of them in .rodata, so marking these strings as
const should be fine.
Further kernel_execve() and sys_execve() need to be changed to match.
This has been test built on x86_64, frv, arm and mips.
Signed-off-by: David Howells <[email protected]>
Tested-by: Ralf Baechle <[email protected]>
Acked-by: Russell King <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
>Xin Xiaohui wrote:
> I looked into the code dev_gro_receive(), found the code here:
> if the frags[0] is pulled to 0, then the page will be released,
> and memmove() frags left.
> Is that right? I'm not sure if memmove do right or not, but
> frags[0].size is never set after memove at least. what I think
> a simple way is not to do anything if we found frags[0].size == 0.
> The patch is as followed.
...
This version of the patch fixes the bug directly in memmove.
Reported-by: "Xin, Xiaohui" <[email protected]>
Signed-off-by: Jarek Poplawski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Should return 'long' instead of 'int'.
Thanks to Dimitris Michailidis and Tony Luck.
Signed-off-by: David S. Miller <[email protected]>
|
|
As noticed by Linus, it is critical that some of the
rwsem constants be signed. Yet, hex constants are
unsigned unless explicitly casted or negated.
The most critical one is RWSEM_WAITING_BIAS.
This bug was exacerbated by commit
424acaaeb3a3932d64a9b4bd59df6cf72c22d8f3 ("rwsem: wake queued readers
when writer blocks on active read lock")
Signed-off-by: David S. Miller <[email protected]>
|
|
We leak at least 32bits of kernel memory to user land in tc dump,
because we dont init all fields (capab ?) of the dumped structure.
Use C99 initializers so that holes and non explicit fields are zeroed.
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
After commit 24b36f019 (netfilter: {ip,ip6,arp}_tables: dont block
bottom half more than necessary), lockdep can raise a warning
because we attempt to lock a spinlock with BH enabled, while
the same lock is usually locked by another cpu in a softirq context.
Disable again BH to avoid these lockdep warnings.
Reported-by: Linus Torvalds <[email protected]>
Diagnosed-by: David S. Miller <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Fix the clock enable/disable tracking in the AMBA CLCD driver so
that the driver doesn't try to disable an already disabled clock,
thereby causing the clock (if shared) to become unbalanced.
This resolves a problem with CLCD on LPC32xx ARM platforms.
Reported-by: Kevin Wells <[email protected]>
Signed-off-by: Russell King <[email protected]>
|
|
The drivers for Xilinx' SystemACE and physically mapped MTDs were missing
prototypes for of_address_to_resource(). This patch adds the necessary
headers.
Signed-off-by: Graeme Smecher <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
POSIX sh does not specify the brace expansion, so fix it by replacing the
global $(shell ...) lines quite at the top creating the output directories with
real rules.
Cc: Ingo Molnar <[email protected]>
Cc: Kusanagi Kouichi <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Paul Mackerras <[email protected]>
LKML-Reference: <1282046280.5822.4.camel@thorin>
Signed-off-by: Bernd Petrovitsch <[email protected]>
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
|
|
- Fix capture mixer elements for ALC680 base model
- Support auto change ADC for recording from MIC
- Cancel capture source assigned in auto mode.
Signed-off-by: Kailang Yang <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
warning: (LATENCYTOP && HAVE_LATENCYTOP_SUPPORT) selects
SCHED_DEBUG which has unmet direct dependencies (DEBUG_KERNEL &&
PROC_FS) warning: (LATENCYTOP && HAVE_LATENCYTOP_SUPPORT) selects
SCHEDSTATS which has unmet direct dependencies (DEBUG_KERNEL && PROC_FS)
Add depends on STACKTRACE_SUPPORT for 'select STACKTRACE'.
Add depends on PROC_FS since that is where the output goes.
Signed-off-by: Randy Dunlap <[email protected]>
Cc: Arjan van de Ven <[email protected]>
LKML-Reference: <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
|
|
This patch fixes missing includes from a number of .c files because
the code (wrongfully) depended on prom.h including them. The include
of linux/of_address.h was removed in microblaze prom.h in commit
"of/address: Clean up function declarations" (sha1 id 22ae782f8), but
not fixed in some callers. This patch fixes them up.
Signed-off-by: Grant Likely <[email protected]>
Tested-by: Michal Simek <[email protected]>
|
|
After rlimits tree was merged we get the following errors:
security/apparmor/lsm.c:663:2: warning: initialization from incompatible pointer type
It is because AppArmor was merged in the meantime, but uses the old
prototype. So fix it by adding struct task_struct as a first parameter
of apparmor_task_setrlimit.
NOTE that this is ONLY a compilation warning fix (and crashes caused
by that). It needs proper handling in AppArmor depending on who is the
'task'.
Signed-off-by: Jiri Slaby <[email protected]>
Signed-off-by: John Johansen <[email protected]>
Signed-off-by: James Morris <[email protected]>
|
|
The only tricky bit is the compat version of fanotify_mark, which
which on 32-bit the 64-bit mark argument is passed in as "high32",
"low32".
Signed-off-by: David S. Miller <[email protected]>
|
|
Signed-off-by: Stephen Rothwell <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
|
|
Commit b45cfba4e9005d64d419718e7ff7f7cab44c1994 (vt,console,kdb:
implement atomic console enter/leave functions) introduced the ability
to atomically change the console mode with kernel mode setting but did
not preserve the state of the console_blanked variable.
The console_blanked variable must be restored when executing the
con_debug_leave() or further kernel mode set changes (such as using
chvt X) will fail to correctly set the state of console.
Signed-off-by: Jason Wessel <[email protected]>
Reviewed-by: Jesse Barnes <[email protected]>
CC: Andrew Morton <[email protected]>
|
|
Fix the following new sparse warnings in vt.c introduced by the commit
b45cfba4e9005d64d419718e7ff7f7cab44c1994 (vt,console,kdb: implement
atomic console enter/leave functions):
drivers/char/vt.c:197:5: warning: symbol 'saved_fg_console' was not declared. Should it be static?
drivers/char/vt.c:198:5: warning: symbol 'saved_last_console' was not declared. Should it be static?
drivers/char/vt.c:199:5: warning: symbol 'saved_want_console' was not declared. Should it be static?
drivers/char/vt.c:200:5: warning: symbol 'saved_vc_mode' was not declared. Should it be static?
Signed-off-by: Jason Wessel <[email protected]>
Reviewed-by: Jesse Barnes <[email protected]>
CC: Andrew Morton <[email protected]>
|
|
According to commit 22eeef4bb2a7fd225089c0044060ed1fbf091958
kgdb,arm: Individual register get/set for arm
It's now replaced by DBG_MAX_REG_NUM.
Signed-off-by: Eric Miao <[email protected]>
Signed-off-by: Jason Wessel <[email protected]>
|
|
breakinfo->pev is a pointer to percpu pointer but was missing __percpu markup.
Add it.
Signed-off-by: Namhyung Kim <[email protected]>
Signed-off-by: Jason Wessel <[email protected]>
|
|
If CONFIG_KGDB_KDB is set and CONFIG_KALLSYMS is not set the kernel
will fail to build with the error:
kernel/built-in.o: In function `kallsyms_symbol_next':
kernel/debug/kdb/kdb_support.c:237: undefined reference to `kdb_walk_kallsyms'
kernel/built-in.o: In function `kallsyms_symbol_complete':
kernel/debug/kdb/kdb_support.c:193: undefined reference to `kdb_walk_kallsyms'
The kdb_walk_kallsyms needs a #ifdef proper header to match the C
implementation. This patch also fixes the compiler warnings in
kdb_support.c when compiling without CONFIG_KALLSYMS set. The
compiler warnings are a result of the kallsyms_lookup() macro not
initializing the two of the pass by reference variables.
Signed-off-by: Jason Wessel <[email protected]>
Reported-by: Michal Simek <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
|
|
Commit 58f9b0b02414062eaff46716bc04b47d7e79add5 should
contain this fix too.
Signed-off-by: Michal Simek <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
Commit dbbdee94734bf6f1db7af42008a53655e77cab8f removed
of_irq_pci_swizzle but didn't use pci_swizzle_interrupt_pin
instead.
Signed-off-by: Michal Simek <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
Marvell and GPIO bindings live in their own files, so the TOC should not
mention them.
Also fix chapters numbering.
Signed-off-by: Anton Vorontsov <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
If a video head and keyboard are hooked up, specifying "console=ttyS0"
or similar to use a serial console will not work properly.
The key issue is that we must register all serial console capable
devices with register_console(), otherwise the command line specified
device won't be found. The sun serial drivers would only register
themselves as console devices if the OpenFirmware specified console
device node matched. To fix this part we now unconditionally get
the serial console register by setting serial_drv->cons always.
Secondarily we must not add_preferred_console() using the firmware
provided console setting if the user gaven an override on the kernel
command line using "console=" The "primary framebuffer" matching
logic was always triggering o n openfirmware device node match, make
it not when a command line override was given.
Reported-by: Frans Pop <[email protected]>
Tested-by: Frans Pop <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux-2.6 into perf/urgent
|
|
Like others in the Mini series, the Dell Mini 1012 does not support
the smbios hook required by dell-laptop.
Signed-off-by: Victor van den Elzen <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
On the T410s and most likely other current models, Fn-F6 is labeled as
Camera/Headphone key. Report key presses as KEY_CAMERA.
Signed-off-by: Jens Taprogge <[email protected]>
Acked-by: Jerone Young <[email protected]>
Acked-by: Henrique de Moraes Holschuh <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
Use the quirks engine to select model-specific keymaps, which makes
it much easier to extend should we need it.
Keycodes are based on the tables at
http://www.thinkwiki.org/wiki/Default_meanings_of_special_keys.
Signed-off-by: Henrique de Moraes Holschuh <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
Use a safer coding style for the hotkey keymap. This does not fix any
problems, as the current code is correct. But it might help avoid
mistakes in the future.
Signed-off-by: Henrique de Moraes Holschuh <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
acpi_video_backlight_support() already tells us if ACPI is handling
backlight control through the generic ACPI handle. It is better to just
trust it.
While at it, adjust down a printk priority, and test earlier for
brightness_enable=0.
Signed-off-by: Henrique de Moraes Holschuh <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
The Linux ACPI core locates the ACPI video devices for us and marks them
with ACPI_VIDEO_HID. Use that information to locate the video device
instead of a half-baked hunt for _BCL.
This uncouples the detection of the number of backlight brightness
levels on ThinkPads from the ACPI paths in vid_handle.
With this change, the driver should be able to always detect whether the
ThinkPad uses a 8-level or 16-level brightness scale even on newer
models for which the vid_handle paths have not been updated yet.
It will skip deactivated devices in the ACPI device tree, which is a
change in behaviour.
Signed-off-by: Henrique de Moraes Holschuh <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
There is a potential NULL dereference of "limits." We can just return
NULL earlier to avoid it. The caller already handles NULL returns.
Signed-off-by: Dan Carpenter <[email protected]>
Reviewed-by: Jesse Barnes <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
The assignment of ret to -EIO appears to only make sense if the branch that
it is aligned with is executed, so move it into that branch.
The semantic match that finds this problem is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@r disable braces4@
position p1,p2;
statement S1,S2;
@@
(
if (...) { ... }
|
if (...) S1@p1 S2@p2
)
@script:python@
p1 << r.p1;
p2 << r.p2;
@@
if (p1[0].column == p2[0].column):
cocci.print_main("branch",p1)
cocci.print_secs("after",p2)
// </smpl>
Signed-off-by: Julia Lawall <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
IRQ and resource[] may not have correct values until
after PCI hotplug setup occurs at pci_enable_device() time.
The semantic match that finds this problem is as follows:
// <smpl>
@@
identifier x;
identifier request ~= "pci_request.*|pci_resource.*";
@@
(
* x->irq
|
* x->resource
|
* request(x, ...)
)
...
*pci_enable_device(x)
// </smpl>
Signed-off-by: Kulikov Vasiliy <[email protected]>
Reviewed-by: Jesse Barnes <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-2.6-trace into trace/tip/perf/urgent-4
Conflicts:
kernel/trace/trace_events.c
Signed-off-by: Steven Rostedt <[email protected]>
|
|
The JooJoo tablet (http://thejoojoo.com/) contains an "eGalax Inc. USB
TouchController", and this patch hooks it up to the egalax-touch driver.
Without the patch we don't get any cursor motion, since it comes through
Z/RX rather than X/Y.
(The egalax-touch driver does not yet generate a correct event sequence
for the "serial" protocol used by this device, though -- see the note
added to the code, which comes from research by Stéphane Chatty.)
Cc: Jiri Kosina <[email protected]>
Cc: Stéphane Chatty <[email protected]>
Signed-off-by: Chris Ball <[email protected]>
Signed-off-by: Jiri Kosina <[email protected]>
|
|
As part of ongoing effort to reduce the coupling with libnewt, browsers
are being changed to return the exit key.
The annotate browser is not returning it as expected by builtin-annotate
when annotating multiple symbols (when 'perf annotate' is called without
specifying a symbol name).
Fix it by returning the exit key and also adding the RIGHT key as a exit
key so that going to the next symbol in the TUI can work again.
Cc: Frederic Weisbecker <[email protected]>
Cc: Peter Zijlstra <[email protected]>
LKML-Reference: <new-submission>
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
|
|
This is not supported by current hardware revisions.
Signed-off-by: Mark Brown <[email protected]>
Acked-by: Liam Girdwood <[email protected]>
Cc: [email protected]
|
|
model=dell-vostro is needed for Dell Vostro 1220 with Coexnat 5067.
Reference: Novell bnc#631066
https://bugzilla.novell.com/show_bug.cgi?id=631066
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
This reverts commit 1235f504aaba2ebeabc863fdb3ceac764a317d47.
It causes regressions worse than the problem it was trying
to fix. Eric will try to solve the problem another way.
Signed-off-by: David S. Miller <[email protected]>
|
|
The detection and loading of firmeware on riptide driver has been broken
due to rewrite of some codes, checking the presense wrongly.
This patch fixes the logic again.
Reference: kernel bug 16596
https://bugzilla.kernel.org/show_bug.cgi?id=16596
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
After applying commit b2ac86e1, the following message got appeared
after unclean shutdown:
> NILFS warning: broken superblock. using spare superblock.
This turns out to be a false message due to the change which updates
two super blocks alternately. The secondary super block now can be
selected if it's newer than the primary one.
This kills the false warning by suppressing it if another super block
is not actually broken.
Signed-off-by: Ryusuke Konishi <[email protected]>
|
|
If nilfs_attach_checkpoint() gets a memory allocation failure during
creation of ifile, it will return without removing nilfs_sb_info
struct from ns_supers list. When a concurrently mounted snapshot is
unmounted or another new snapshot is mounted after that, this causes
kernel oops as below:
> BUG: unable to handle kernel NULL pointer dereference at (null)
> IP: [<f83662ff>] nilfs_find_sbinfo+0x74/0xa4 [nilfs2]
> *pde = 00000000
> Oops: 0000 [#1] SMP
<snip>
> Call Trace:
> [<f835dc29>] ? nilfs_get_sb+0x165/0x532 [nilfs2]
> [<c1173c87>] ? ida_get_new_above+0x16d/0x187
> [<c109a7f8>] ? alloc_vfsmnt+0x7e/0x10a
> [<c1070790>] ? kstrdup+0x2c/0x40
> [<c1089041>] ? vfs_kern_mount+0x96/0x14e
> [<c108913d>] ? do_kern_mount+0x32/0xbd
> [<c109b331>] ? do_mount+0x642/0x6a1
> [<c101a415>] ? do_page_fault+0x0/0x2d1
> [<c1099c00>] ? copy_mount_options+0x80/0xe2
> [<c10705d8>] ? strndup_user+0x48/0x67
> [<c109b3f1>] ? sys_mount+0x61/0x90
> [<c10027cc>] ? sysenter_do_call+0x12/0x22
This fixes the problem.
Signed-off-by: Ryusuke Konishi <[email protected]>
Tested-by: Ryusuke Konishi <[email protected]>
Cc: [email protected]
|
|
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
gcc-4.6: ACPI: fix unused but set variables in ACPI
ACPI thermal: make procfs I/F depend on CONFIG_ACPI_PROCFS
ACPI video: make procfs I/F depend on CONFIG_ACPI_PROCFS
ACPI processor: remove deprecated ACPI procfs I/F
ACPI power_resource: remove unused procfs I/F
ACPI: remove deprecated ACPI procfs I/F
ACPI: introduce drivers/acpi/sysfs.c
ACPI: introduce module parameter acpi.aml_debug_output
ACPI: introduce drivers/acpi/debugfs.c
ACPI, APEI, ERST debug support
ACPI, APEI, Manage GHES as platform devices
ACPI, APEI, Rename CPER and GHES severity constants
ACPI, APEI, Fix a typo of error path of apei_resources_request
ACPI / ACPICA: Fix reference counting problems with GPE handlers
ACPI: Add the check of ADR flag in course of finding ACPI handle for PCI device
ACPI / Sleep: Drop acpi_suspend_finish()
ACPI / Sleep: Consolidate suspend and hibernation routines
ACPI / Wakeup: Simplify enabling of wakeup devices
ACPI / Sleep: Rework enabling wakeup devices
ACPI / Sleep: Free NVS copy if suspending of devices fails
Fixed up totally buggered "ACPI: fix unused but set variables in ACPI"
patch that doesn't even compile in the merge.
Thanks to Sedat Dilek <[email protected]> for noticing the
breakage before I even pulled. And a big "Grrr.." at Len for not even
bothering to compile the tree before asking me to pull.
|
|
* git://git.infradead.org/iommu-2.6:
intel-iommu: Fix 32-bit build warning with __cmpxchg()
intr-remap: allow disabling source id checking
|
|
* git://git.infradead.org/mtd-2.6:
mtd/nand_ids: Fix buswidth
mtd/m25p80: fix test for end of loop
mtd/m25p80: retlen is never NULL
MIPS: Fix gen_nand probe structures contents
gen_nand: Test if nr_chips field is valid
BFIN: Fix gen_nand probe structures contents
nand/denali: move all hardware initialization work to denali_hw_init
nand/denali: Add a page check in denali_read_page & denali_read_page_raw
nand/denali: use cpu_relax() while waiting for hardware interrupt
nand/denali: change read_status function method
nand/denali: Fixed check patch warnings
ARM: Fix gen_nand probe structures contents
mtd/nand_base: fix kernel-doc warnings & typos
nand/denali: use dev_xx debug function to replace nand_dbg_print and some printk
nand/denali: Fixed handle ECC error bugs
nand/denali: use iowrite32() to replace denali_write32()
nand/denali: Fixed probe function bugs
|