| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: Fix atomic64_t routine return values.
sparc64: Fix rwsem constant bug leading to hangs.
sparc: Hook up new fanotify and prlimit64 syscalls.
sparc: Really fix "console=" for serial consoles.
|
|
* master.kernel.org:/home/rmk/linux-2.6-arm:
VIDEO: amba clcd: don't disable an already disabled clock
ARM: Tighten check for allowable CPSR values
ARM: 6329/1: wire up sys_accept4() on ARM
ARM: 6328/1: Build with -fno-dwarf2-cfi-asm
ARM: 6326/1: kgdb: fix GDB_MAX_REGS no longer used
|
|
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Using a program like the following:
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
int main() {
id_t id;
siginfo_t infop;
pid_t res;
id = fork();
if (id == 0) { sleep(1); exit(0); }
kill(id, SIGSTOP);
alarm(1);
waitid(P_PID, id, &infop, WCONTINUED);
return 0;
}
to call waitid() on a stopped process results in access to the child task's
credentials without the RCU read lock being held - which may be replaced in the
meantime - eliciting the following warning:
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
kernel/exit.c:1460 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 1
2 locks held by waitid02/22252:
#0: (tasklist_lock){.?.?..}, at: [<ffffffff81061ce5>] do_wait+0xc5/0x310
#1: (&(&sighand->siglock)->rlock){-.-...}, at: [<ffffffff810611da>]
wait_consider_task+0x19a/0xbe0
stack backtrace:
Pid: 22252, comm: waitid02 Not tainted 2.6.35-323cd+ #3
Call Trace:
[<ffffffff81095da4>] lockdep_rcu_dereference+0xa4/0xc0
[<ffffffff81061b31>] wait_consider_task+0xaf1/0xbe0
[<ffffffff81061d15>] do_wait+0xf5/0x310
[<ffffffff810620b6>] sys_waitid+0x86/0x1f0
[<ffffffff8105fce0>] ? child_wait_callback+0x0/0x70
[<ffffffff81003282>] system_call_fastpath+0x16/0x1b
This is fixed by holding the RCU read lock in wait_task_continued() to ensure
that the task's current credentials aren't destroyed between us reading the
cred pointer and us reading the UID from those credentials.
Furthermore, protect wait_task_stopped() in the same way.
We don't need to keep holding the RCU read lock once we've read the UID from
the credentials as holding the RCU read lock doesn't stop the target task from
changing its creds under us - so the credentials may be outdated immediately
after we've read the pointer, lock or no lock.
Signed-off-by: Daniel J Blueman <[email protected]>
Signed-off-by: David Howells <[email protected]>
Acked-by: Paul E. McKenney <[email protected]>
Acked-by: Oleg Nesterov <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Make do_execve() take a const filename pointer so that kernel_execve() compiles
correctly on ARM:
arch/arm/kernel/sys_arm.c:88: warning: passing argument 1 of 'do_execve' discards qualifiers from pointer target type
This also requires the argv and envp arguments to be consted twice, once for
the pointer array and once for the strings the array points to. This is
because do_execve() passes a pointer to the filename (now const) to
copy_strings_kernel(). A simpler alternative would be to cast the filename
pointer in do_execve() when it's passed to copy_strings_kernel().
do_execve() may not change any of the strings it is passed as part of the argv
or envp lists as they are some of them in .rodata, so marking these strings as
const should be fine.
Further kernel_execve() and sys_execve() need to be changed to match.
This has been test built on x86_64, frv, arm and mips.
Signed-off-by: David Howells <[email protected]>
Tested-by: Ralf Baechle <[email protected]>
Acked-by: Russell King <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
>Xin Xiaohui wrote:
> I looked into the code dev_gro_receive(), found the code here:
> if the frags[0] is pulled to 0, then the page will be released,
> and memmove() frags left.
> Is that right? I'm not sure if memmove do right or not, but
> frags[0].size is never set after memove at least. what I think
> a simple way is not to do anything if we found frags[0].size == 0.
> The patch is as followed.
...
This version of the patch fixes the bug directly in memmove.
Reported-by: "Xin, Xiaohui" <[email protected]>
Signed-off-by: Jarek Poplawski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Should return 'long' instead of 'int'.
Thanks to Dimitris Michailidis and Tony Luck.
Signed-off-by: David S. Miller <[email protected]>
|
|
As noticed by Linus, it is critical that some of the
rwsem constants be signed. Yet, hex constants are
unsigned unless explicitly casted or negated.
The most critical one is RWSEM_WAITING_BIAS.
This bug was exacerbated by commit
424acaaeb3a3932d64a9b4bd59df6cf72c22d8f3 ("rwsem: wake queued readers
when writer blocks on active read lock")
Signed-off-by: David S. Miller <[email protected]>
|
|
We leak at least 32bits of kernel memory to user land in tc dump,
because we dont init all fields (capab ?) of the dumped structure.
Use C99 initializers so that holes and non explicit fields are zeroed.
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
After commit 24b36f019 (netfilter: {ip,ip6,arp}_tables: dont block
bottom half more than necessary), lockdep can raise a warning
because we attempt to lock a spinlock with BH enabled, while
the same lock is usually locked by another cpu in a softirq context.
Disable again BH to avoid these lockdep warnings.
Reported-by: Linus Torvalds <[email protected]>
Diagnosed-by: David S. Miller <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Randy Dunlap reports:
ERROR: "svc_gss_principal" [fs/nfs/nfs.ko] undefined!
because in fs/nfs/Kconfig, NFS_V4 selects RPCSEC_GSS_KRB5
and/or in fs/nfsd/Kconfig, NFSD_V4 selects RPCSEC_GSS_KRB5.
RPCSEC_GSS_KRB5 does 5 selects, but none of these is enforced/followed
by the fs/nfs[d]/Kconfig configs:
select SUNRPC_GSS
select CRYPTO
select CRYPTO_MD5
select CRYPTO_DES
select CRYPTO_CBC
Reported-by: Randy Dunlap <[email protected]>
Cc: J. Bruce Fields <[email protected]>
Acked-by: Randy Dunlap <[email protected]>
Signed-off-by: Trond Myklebust <[email protected]>
|
|
Fix the clock enable/disable tracking in the AMBA CLCD driver so
that the driver doesn't try to disable an already disabled clock,
thereby causing the clock (if shared) to become unbalanced.
This resolves a problem with CLCD on LPC32xx ARM platforms.
Reported-by: Kevin Wells <[email protected]>
Signed-off-by: Russell King <[email protected]>
|
|
The drivers for Xilinx' SystemACE and physically mapped MTDs were missing
prototypes for of_address_to_resource(). This patch adds the necessary
headers.
Signed-off-by: Graeme Smecher <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
POSIX sh does not specify the brace expansion, so fix it by replacing the
global $(shell ...) lines quite at the top creating the output directories with
real rules.
Cc: Ingo Molnar <[email protected]>
Cc: Kusanagi Kouichi <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Paul Mackerras <[email protected]>
LKML-Reference: <1282046280.5822.4.camel@thorin>
Signed-off-by: Bernd Petrovitsch <[email protected]>
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
|
|
Free irq source id if create pit workqueue fail
Signed-off-by: Xiao Guangrong <[email protected]>
Signed-off-by: Avi Kivity <[email protected]>
|
|
- Fix capture mixer elements for ALC680 base model
- Support auto change ADC for recording from MIC
- Cancel capture source assigned in auto mode.
Signed-off-by: Kailang Yang <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
warning: (LATENCYTOP && HAVE_LATENCYTOP_SUPPORT) selects
SCHED_DEBUG which has unmet direct dependencies (DEBUG_KERNEL &&
PROC_FS) warning: (LATENCYTOP && HAVE_LATENCYTOP_SUPPORT) selects
SCHEDSTATS which has unmet direct dependencies (DEBUG_KERNEL && PROC_FS)
Add depends on STACKTRACE_SUPPORT for 'select STACKTRACE'.
Add depends on PROC_FS since that is where the output goes.
Signed-off-by: Randy Dunlap <[email protected]>
Cc: Arjan van de Ven <[email protected]>
LKML-Reference: <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
|
|
This patch fixes missing includes from a number of .c files because
the code (wrongfully) depended on prom.h including them. The include
of linux/of_address.h was removed in microblaze prom.h in commit
"of/address: Clean up function declarations" (sha1 id 22ae782f8), but
not fixed in some callers. This patch fixes them up.
Signed-off-by: Grant Likely <[email protected]>
Tested-by: Michal Simek <[email protected]>
|
|
(v2)
With the current screwed but its ABI, ioctls for the drm, Linus pointed out that we could allow userspace to specify the allocation size, but we pass it to the driver which then uses it blindly to store a struct. Now if userspace specifies the allocation size as smaller than the driver needs, the driver can possibly overwrite memory.
This patch restructures the driver ioctls so we store the structure size we are expecting, and make sure we allocate at least that size. The copy from/to userspace are still restricted to the size the user specifies, this allows ioctl structs to grow on both sides of the equation.
Up until now we didn't really use the DRM_IOCTL defines in the kernel, so this cleans them up and adds them for nouveau.
v2:
fix nouveau pushbuf arg (thanks to Ben for pointing it out)
Reported-by: Linus Torvalds <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
non-critical issue, CVE-2010-2803
Userspace controls the amount of memory to be allocate, so it can
get the ioctl to allocate more memory than the kernel uses, and get
access to kernel stack. This can only be done for processes authenticated
to the X server for DRI access, and if the user has DRI access.
Fix is to just memset the data to 0 if the user doesn't copy into
it in the first place.
Reported-by: Kees Cook <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
Signed-off-by: Ben Skeggs <[email protected]>
|
|
Signed-off-by: Ben Skeggs <[email protected]>
|
|
This should fix the reported TV-out load detection false positives
(fdo bug 29455).
Reported-by: Vlado Plaga <[email protected]>
Signed-off-by: Francisco Jerez <[email protected]>
Signed-off-by: Ben Skeggs <[email protected]>
|
|
The blob also thinks there's a TV connected, so hardware bug...
Signed-off-by: Francisco Jerez <[email protected]>
Signed-off-by: Ben Skeggs <[email protected]>
|
|
Fixes an infinite loop that can happen in RAMHT lookup.
Signed-off-by: Ben Skeggs <[email protected]>
|
|
Signed-off-by: Ben Skeggs <[email protected]>
|
|
This message is apparently confusing people, and is being blamed for some
modesetting issues. Lets remove the message, and instead replace it
with an unconditional printout of the table revision.
Signed-off-by: Ben Skeggs <[email protected]>
|
|
Signed-off-by: Ben Skeggs <[email protected]>
|
|
When VRAM is running out it's possible that the client's push buffers get
evicted to main memory. When they're validated back in, the GPU may
be used for the copy back to VRAM, but the existing synchronisation code
only deals with inter-channel sync, not sync between PFIFO and PGRAPH on
the same channel. This leads to PFIFO fetching from command buffers that
haven't quite been copied by PGRAPH yet.
This patch marks push buffers as so, and forces any GPU-assisted buffer
moves to be done on a different channel, which triggers the correct
synchronisation to happen before we submit them.
Signed-off-by: Ben Skeggs <[email protected]>
|
|
Signed-off-by: Ben Skeggs <[email protected]>
|
|
Signed-off-by: Francisco Jerez <[email protected]>
Signed-off-by: Ben Skeggs <[email protected]>
|
|
After rlimits tree was merged we get the following errors:
security/apparmor/lsm.c:663:2: warning: initialization from incompatible pointer type
It is because AppArmor was merged in the meantime, but uses the old
prototype. So fix it by adding struct task_struct as a first parameter
of apparmor_task_setrlimit.
NOTE that this is ONLY a compilation warning fix (and crashes caused
by that). It needs proper handling in AppArmor depending on who is the
'task'.
Signed-off-by: Jiri Slaby <[email protected]>
Signed-off-by: John Johansen <[email protected]>
Signed-off-by: James Morris <[email protected]>
|
|
The only tricky bit is the compat version of fanotify_mark, which
which on 32-bit the 64-bit mark argument is passed in as "high32",
"low32".
Signed-off-by: David S. Miller <[email protected]>
|
|
Signed-off-by: Stephen Rothwell <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
|
|
Commit b45cfba4e9005d64d419718e7ff7f7cab44c1994 (vt,console,kdb:
implement atomic console enter/leave functions) introduced the ability
to atomically change the console mode with kernel mode setting but did
not preserve the state of the console_blanked variable.
The console_blanked variable must be restored when executing the
con_debug_leave() or further kernel mode set changes (such as using
chvt X) will fail to correctly set the state of console.
Signed-off-by: Jason Wessel <[email protected]>
Reviewed-by: Jesse Barnes <[email protected]>
CC: Andrew Morton <[email protected]>
|
|
Fix the following new sparse warnings in vt.c introduced by the commit
b45cfba4e9005d64d419718e7ff7f7cab44c1994 (vt,console,kdb: implement
atomic console enter/leave functions):
drivers/char/vt.c:197:5: warning: symbol 'saved_fg_console' was not declared. Should it be static?
drivers/char/vt.c:198:5: warning: symbol 'saved_last_console' was not declared. Should it be static?
drivers/char/vt.c:199:5: warning: symbol 'saved_want_console' was not declared. Should it be static?
drivers/char/vt.c:200:5: warning: symbol 'saved_vc_mode' was not declared. Should it be static?
Signed-off-by: Jason Wessel <[email protected]>
Reviewed-by: Jesse Barnes <[email protected]>
CC: Andrew Morton <[email protected]>
|
|
According to commit 22eeef4bb2a7fd225089c0044060ed1fbf091958
kgdb,arm: Individual register get/set for arm
It's now replaced by DBG_MAX_REG_NUM.
Signed-off-by: Eric Miao <[email protected]>
Signed-off-by: Jason Wessel <[email protected]>
|
|
breakinfo->pev is a pointer to percpu pointer but was missing __percpu markup.
Add it.
Signed-off-by: Namhyung Kim <[email protected]>
Signed-off-by: Jason Wessel <[email protected]>
|
|
If CONFIG_KGDB_KDB is set and CONFIG_KALLSYMS is not set the kernel
will fail to build with the error:
kernel/built-in.o: In function `kallsyms_symbol_next':
kernel/debug/kdb/kdb_support.c:237: undefined reference to `kdb_walk_kallsyms'
kernel/built-in.o: In function `kallsyms_symbol_complete':
kernel/debug/kdb/kdb_support.c:193: undefined reference to `kdb_walk_kallsyms'
The kdb_walk_kallsyms needs a #ifdef proper header to match the C
implementation. This patch also fixes the compiler warnings in
kdb_support.c when compiling without CONFIG_KALLSYMS set. The
compiler warnings are a result of the kallsyms_lookup() macro not
initializing the two of the pass by reference variables.
Signed-off-by: Jason Wessel <[email protected]>
Reported-by: Michal Simek <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
|
|
Commit 58f9b0b02414062eaff46716bc04b47d7e79add5 should
contain this fix too.
Signed-off-by: Michal Simek <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
Commit dbbdee94734bf6f1db7af42008a53655e77cab8f removed
of_irq_pci_swizzle but didn't use pci_swizzle_interrupt_pin
instead.
Signed-off-by: Michal Simek <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
Marvell and GPIO bindings live in their own files, so the TOC should not
mention them.
Also fix chapters numbering.
Signed-off-by: Anton Vorontsov <[email protected]>
Signed-off-by: Grant Likely <[email protected]>
|
|
If a video head and keyboard are hooked up, specifying "console=ttyS0"
or similar to use a serial console will not work properly.
The key issue is that we must register all serial console capable
devices with register_console(), otherwise the command line specified
device won't be found. The sun serial drivers would only register
themselves as console devices if the OpenFirmware specified console
device node matched. To fix this part we now unconditionally get
the serial console register by setting serial_drv->cons always.
Secondarily we must not add_preferred_console() using the firmware
provided console setting if the user gaven an override on the kernel
command line using "console=" The "primary framebuffer" matching
logic was always triggering o n openfirmware device node match, make
it not when a command line override was given.
Reported-by: Frans Pop <[email protected]>
Tested-by: Frans Pop <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux-2.6 into perf/urgent
|
|
Like others in the Mini series, the Dell Mini 1012 does not support
the smbios hook required by dell-laptop.
Signed-off-by: Victor van den Elzen <[email protected]>
Cc: stable <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
On the T410s and most likely other current models, Fn-F6 is labeled as
Camera/Headphone key. Report key presses as KEY_CAMERA.
Signed-off-by: Jens Taprogge <[email protected]>
Acked-by: Jerone Young <[email protected]>
Acked-by: Henrique de Moraes Holschuh <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
Use the quirks engine to select model-specific keymaps, which makes
it much easier to extend should we need it.
Keycodes are based on the tables at
http://www.thinkwiki.org/wiki/Default_meanings_of_special_keys.
Signed-off-by: Henrique de Moraes Holschuh <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|
|
Use a safer coding style for the hotkey keymap. This does not fix any
problems, as the current code is correct. But it might help avoid
mistakes in the future.
Signed-off-by: Henrique de Moraes Holschuh <[email protected]>
Signed-off-by: Matthew Garrett <[email protected]>
|