1. 29 May, 2015 3 commits
    • Shreyas B. Prabhu's avatar
      tracing/mm: don't trace mm_page_pcpu_drain on offline cpus · 649b8de2
      Shreyas B. Prabhu authored
      Since tracepoints use RCU for protection, they must not be called on
      offline cpus.  trace_mm_page_pcpu_drain can be called on an offline cpu
      in this scenario caught by LOCKDEP:
      
           ===============================
           [ INFO: suspicious RCU usage. ]
           4.1.0-rc1+ #9 Not tainted
           -------------------------------
           include/trace/events/kmem.h:265 suspicious rcu_dereference_check() usage!
      
          other info that might help us debug this:
      
          RCU used illegally from offline CPU!
          rcu_scheduler_active = 1, debug_locks = 1
           1 lock held by swapper/5/0:
            #0:  (&(&zone->lock)->rlock){..-...}, at: [<c0000000002073b0>] .free_pcppages_bulk+0x70/0x920
      
          stack backtrace:
           CPU: 5 PID: 0 Comm: swapper/5 Not tainted 4.1.0-rc1+ #9
           Call Trace:
             .dump_stack+0x98/0xd4 (unreliable)
             .lockdep_rcu_suspicious+0x108/0x170
             .free_pcppages_bulk+0x60c/0x920
             .free_hot_cold_page+0x208/0x280
             .destroy_context+0x90/0xd0
             .__mmdrop+0x58/0x160
             .idle_task_exit+0xf0/0x100
             .pnv_smp_cpu_kill_self+0x58/0x2c0
             .cpu_die+0x34/0x50
             .arch_cpu_idle_dead+0x20/0x40
             .cpu_startup_entry+0x708/0x7a0
             .start_secondary+0x36c/0x3a0
             start_secondary_prolog+0x10/0x14
      
      Fix this by converting mm_page_pcpu_drain trace point into
      TRACE_EVENT_CONDITION where condition is cpu_online(smp_processor_id())
      Signed-off-by: default avatarShreyas B. Prabhu <shreyas@linux.vnet.ibm.com>
      Reviewed-by: default avatarPreeti U Murthy <preeti@linux.vnet.ibm.com>
      Acked-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      649b8de2
    • Shreyas B. Prabhu's avatar
      tracing/mm: don't trace mm_page_free on offline cpus · 1f0c27b5
      Shreyas B. Prabhu authored
      Since tracepoints use RCU for protection, they must not be called on
      offline cpus.  trace_mm_page_free can be called on an offline cpu in this
      scenario caught by LOCKDEP:
      
           ===============================
           [ INFO: suspicious RCU usage. ]
           4.1.0-rc1+ #9 Not tainted
           -------------------------------
           include/trace/events/kmem.h:170 suspicious rcu_dereference_check() usage!
      
          other info that might help us debug this:
      
          RCU used illegally from offline CPU!
          rcu_scheduler_active = 1, debug_locks = 1
           no locks held by swapper/1/0.
      
          stack backtrace:
           CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.1.0-rc1+ #9
           Call Trace:
             .dump_stack+0x98/0xd4 (unreliable)
             .lockdep_rcu_suspicious+0x108/0x170
             .free_pages_prepare+0x494/0x680
             .free_hot_cold_page+0x50/0x280
             .destroy_context+0x90/0xd0
             .__mmdrop+0x58/0x160
             .idle_task_exit+0xf0/0x100
             .pnv_smp_cpu_kill_self+0x58/0x2c0
             .cpu_die+0x34/0x50
             .arch_cpu_idle_dead+0x20/0x40
             .cpu_startup_entry+0x708/0x7a0
             .start_secondary+0x36c/0x3a0
             start_secondary_prolog+0x10/0x14
      
      Fix this by converting mm_page_free trace point into TRACE_EVENT_CONDITION
      where condition is cpu_online(smp_processor_id())
      Signed-off-by: default avatarShreyas B. Prabhu <shreyas@linux.vnet.ibm.com>
      Reviewed-by: default avatarPreeti U Murthy <preeti@linux.vnet.ibm.com>
      Acked-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1f0c27b5
    • Shreyas B. Prabhu's avatar
      tracing/mm: don't trace kmem_cache_free on offline cpus · e5feb1eb
      Shreyas B. Prabhu authored
      Since tracepoints use RCU for protection, they must not be called on
      offline cpus.  trace_kmem_cache_free can be called on an offline cpu in
      this scenario caught by LOCKDEP:
      
          ===============================
          [ INFO: suspicious RCU usage. ]
          4.1.0-rc1+ #9 Not tainted
          -------------------------------
          include/trace/events/kmem.h:148 suspicious rcu_dereference_check() usage!
      
          other info that might help us debug this:
      
          RCU used illegally from offline CPU!
          rcu_scheduler_active = 1, debug_locks = 1
          no locks held by swapper/1/0.
      
          stack backtrace:
          CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.1.0-rc1+ #9
          Call Trace:
            .dump_stack+0x98/0xd4 (unreliable)
            .lockdep_rcu_suspicious+0x108/0x170
            .kmem_cache_free+0x344/0x4b0
            .__mmdrop+0x4c/0x160
            .idle_task_exit+0xf0/0x100
            .pnv_smp_cpu_kill_self+0x58/0x2c0
            .cpu_die+0x34/0x50
            .arch_cpu_idle_dead+0x20/0x40
            .cpu_startup_entry+0x708/0x7a0
            .start_secondary+0x36c/0x3a0
            start_secondary_prolog+0x10/0x14
      
      Fix this by converting kmem_cache_free trace point into
      TRACE_EVENT_CONDITION where condition is cpu_online(smp_processor_id())
      Signed-off-by: default avatarShreyas B. Prabhu <shreyas@linux.vnet.ibm.com>
      Reported-by: default avatarAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
      Reviewed-by: default avatarPreeti U Murthy <preeti@linux.vnet.ibm.com>
      Acked-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e5feb1eb
  2. 27 May, 2015 18 commits
    • Linus Torvalds's avatar
      Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 · de182468
      Linus Torvalds authored
      Pull cifs fixes from Steve French:
       "Back from SambaXP - now have 8 small CIFS bug fixes to merge"
      
      * 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
        CIFS: Fix race condition on RFC1002_NEGATIVE_SESSION_RESPONSE
        Fix to convert SURROGATE PAIR
        cifs: potential missing check for posix_lock_file_wait
        Fix to check Unique id and FileType when client refer file directly.
        CIFS: remove an unneeded NULL check
        [cifs] fix null pointer check
        Fix that several functions handle incorrect value of mapchars
        cifs: Don't replace dentries for dfs mounts
      de182468
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 8f98bcdf
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Don't use MMIO on certain iwlwifi devices otherwise we get a
          firmware crash.
      
       2) Don't corrupt the GRO lists of mac80211 contexts by doing sends via
          timer interrupt, from Johannes Berg.
      
       3) SKB tailroom is miscalculated in AP_VLAN crypto code, from Michal
          Kazior.
      
       4) Fix fw_status memory leak in iwlwifi, from Haim Dreyfuss.
      
       5) Fix use after free in iwl_mvm_d0i3_enable_tx(), from Eliad Peller.
      
       6) JIT'ing of large BPF programs is broken on x86, from Alexei
          Starovoitov.
      
       7) EMAC driver ethtool register dump size is miscalculated, from Ivan
          Mikhaylov.
      
       8) Fix PHY initial link mode when autonegotiation is disabled in
          amd-xgbe, from Tom Lendacky.
      
       9) Fix NULL deref on SOCK_DEAD socket in AF_UNIX and CAIF protocols,
          from Mark Salyzyn.
      
      10) credit_bytes not initialized properly in xen-netback, from Ross
         Lagerwall.
      
      11) Fallback from MSI-X to INTx interrupts not handled properly in mlx4
          driver, fix from Benjamin Poirier.
      
      12) Perform ->attach() after binding dev->qdisc in packet scheduler,
          otherwise we can crash.  From Cong WANG.
      
      13) Don't clobber data in sctp_v4_map_v6().  From Jason Gunthorpe.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (30 commits)
        sctp: Fix mangled IPv4 addresses on a IPv6 listening socket
        net_sched: invoke ->attach() after setting dev->qdisc
        xen-netfront: properly destroy queues when removing device
        mlx4_core: Fix fallback from MSI-X to INTx
        xen/netback: Properly initialize credit_bytes
        net: netxen: correct sysfs bin attribute return code
        tools: bpf_jit_disasm: fix segfault on disabled debugging log output
        unix/caif: sk_socket can disappear when state is unlocked
        amd-xgbe-phy: Fix initial mode when autoneg is disabled
        net: dp83640: fix improper double spin locking.
        net: dp83640: reinforce locking rules.
        net: dp83640: fix broken calibration routine.
        net: stmmac: create one debugfs dir per net-device
        net/ibm/emac: fix size of emac dump memory areas
        x86: bpf_jit: fix compilation of large bpf programs
        net: phy: bcm7xxx: Fix 7425 PHY ID and flags
        iwlwifi: mvm: avoid use-after-free on iwl_mvm_d0i3_enable_tx()
        iwlwifi: mvm: clean net-detect info if device was reset during suspend
        iwlwifi: mvm: take the UCODE_DOWN reference when resuming
        iwlwifi: mvm: BT Coex - duplicate the command if sent ASYNC
        ...
      8f98bcdf
    • Jason Gunthorpe's avatar
      sctp: Fix mangled IPv4 addresses on a IPv6 listening socket · 9302d7bb
      Jason Gunthorpe authored
      sctp_v4_map_v6 was subtly writing and reading from members
      of a union in a way the clobbered data it needed to read before
      it read it.
      
      Zeroing the v6 flowinfo overwrites the v4 sin_addr with 0, meaning
      that every place that calls sctp_v4_map_v6 gets ::ffff:0.0.0.0 as the
      result.
      
      Reorder things to guarantee correct behaviour no matter what the
      union layout is.
      
      This impacts user space clients that open an IPv6 SCTP socket and
      receive IPv4 connections. Prior to 299ee user space would see a
      sockaddr with AF_INET and a correct address, after 299ee the sockaddr
      is AF_INET6, but the address is wrong.
      
      Fixes: 299ee123 (sctp: Fixup v4mapped behaviour to comply with Sock API)
      Signed-off-by: default avatarJason Gunthorpe <jgunthorpe@obsidianresearch.com>
      Acked-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9302d7bb
    • WANG Cong's avatar
      net_sched: invoke ->attach() after setting dev->qdisc · 86e363dc
      WANG Cong authored
      For mq qdisc, we add per tx queue qdisc to root qdisc
      for display purpose, however, that happens too early,
      before the new dev->qdisc is finally set, this causes
      q->list points to an old root qdisc which is going to be
      freed right before assigning with a new one.
      
      Fix this by moving ->attach() after setting dev->qdisc.
      
      For the record, this fixes the following crash:
      
       ------------[ cut here ]------------
       WARNING: CPU: 1 PID: 975 at lib/list_debug.c:59 __list_del_entry+0x5a/0x98()
       list_del corruption. prev->next should be ffff8800d1998ae8, but was 6b6b6b6b6b6b6b6b
       CPU: 1 PID: 975 Comm: tc Not tainted 4.1.0-rc4+ #1019
       Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
        0000000000000009 ffff8800d73fb928 ffffffff81a44e7f 0000000047574756
        ffff8800d73fb978 ffff8800d73fb968 ffffffff810790da ffff8800cfc4cd20
        ffffffff814e725b ffff8800d1998ae8 ffffffff82381250 0000000000000000
       Call Trace:
        [<ffffffff81a44e7f>] dump_stack+0x4c/0x65
        [<ffffffff810790da>] warn_slowpath_common+0x9c/0xb6
        [<ffffffff814e725b>] ? __list_del_entry+0x5a/0x98
        [<ffffffff81079162>] warn_slowpath_fmt+0x46/0x48
        [<ffffffff81820eb0>] ? dev_graft_qdisc+0x5e/0x6a
        [<ffffffff814e725b>] __list_del_entry+0x5a/0x98
        [<ffffffff814e72a7>] list_del+0xe/0x2d
        [<ffffffff81822f05>] qdisc_list_del+0x1e/0x20
        [<ffffffff81820cd1>] qdisc_destroy+0x30/0xd6
        [<ffffffff81822676>] qdisc_graft+0x11d/0x243
        [<ffffffff818233c1>] tc_get_qdisc+0x1a6/0x1d4
        [<ffffffff810b5eaf>] ? mark_lock+0x2e/0x226
        [<ffffffff817ff8f5>] rtnetlink_rcv_msg+0x181/0x194
        [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
        [<ffffffff817ff72e>] ? rtnl_lock+0x17/0x19
        [<ffffffff817ff774>] ? __rtnl_unlock+0x17/0x17
        [<ffffffff81855dc6>] netlink_rcv_skb+0x4d/0x93
        [<ffffffff817ff756>] rtnetlink_rcv+0x26/0x2d
        [<ffffffff818544b2>] netlink_unicast+0xcb/0x150
        [<ffffffff81161db9>] ? might_fault+0x59/0xa9
        [<ffffffff81854f78>] netlink_sendmsg+0x4fa/0x51c
        [<ffffffff817d6e09>] sock_sendmsg_nosec+0x12/0x1d
        [<ffffffff817d8967>] sock_sendmsg+0x29/0x2e
        [<ffffffff817d8cf3>] ___sys_sendmsg+0x1b4/0x23a
        [<ffffffff8100a1b8>] ? native_sched_clock+0x35/0x37
        [<ffffffff810a1d83>] ? sched_clock_local+0x12/0x72
        [<ffffffff810a1fd4>] ? sched_clock_cpu+0x9e/0xb7
        [<ffffffff810def2a>] ? current_kernel_time+0xe/0x32
        [<ffffffff810b4bc5>] ? lock_release_holdtime.part.29+0x71/0x7f
        [<ffffffff810ddebf>] ? read_seqcount_begin.constprop.27+0x5f/0x76
        [<ffffffff810b6292>] ? trace_hardirqs_on_caller+0x17d/0x199
        [<ffffffff811b14d5>] ? __fget_light+0x50/0x78
        [<ffffffff817d9808>] __sys_sendmsg+0x42/0x60
        [<ffffffff817d9838>] SyS_sendmsg+0x12/0x1c
        [<ffffffff81a50e97>] system_call_fastpath+0x12/0x6f
       ---[ end trace ef29d3fb28e97ae7 ]---
      
      For long term, we probably need to clean up the qdisc_graft() code
      in case it hides other bugs like this.
      
      Fixes: 95dc1929 ("pkt_sched: give visibility to mq slave qdiscs")
      Cc: Jamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      86e363dc
    • David Vrabel's avatar
      xen-netfront: properly destroy queues when removing device · ad068118
      David Vrabel authored
      xennet_remove() freed the queues before freeing the netdevice which
      results in a use-after-free when free_netdev() tries to delete the
      napi instances that have already been freed.
      
      Fix this by fully destroy the queues (which includes deleting the napi
      instances) before freeing the netdevice.
      Signed-off-by: default avatarDavid Vrabel <david.vrabel@citrix.com>
      Reviewed-by: default avatarBoris Ostrovsky <boris.ostrovsky@oracle.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ad068118
    • Linus Torvalds's avatar
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 7ffb9e11
      Linus Torvalds authored
      Pull x86 fixes from Ingo Molnar:
       "This tree includes:
      
         - a fix that disables the compacted FPU XSAVE format by disabling
           XSAVES support: the fixes are too complex and the breakages
           ABI-affecting, so we want this to be quirked off in a robust way
           and backported, to make sure no broken kernel is exposed to the new
           hardware (which exposure is still very limited).
      
         - an MCE printk message fix
      
         - a documentation fix"
      
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/fpu: Disable XSAVES* support for now
        x86/Documentation: Update the contact email for L3 cache index disable functionality
        x86/mce: Fix MCE severity messages
      7ffb9e11
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha · 70d7d88f
      Linus Torvalds authored
      Pull alpha updates from Matt Turner:
       "Please pull a small collection of patches that I've been neglecting.
      
        Probably most importantly are the patches that wire up the new
        syscalls needed by udev and the fix to the bootp{,z}file targets"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha:
        alpha: kernel: osf_sys: Set 'kts.tv_nsec' only when 'tv' has effect
        alpha: Wire up all missing implemented syscalls
        alpha: Fix bootpfile and bootpzfile make targets
        alpha: copy_thread(): rename 'arg' argument to 'kthread_arg'
        alpha: delete non-required instances of <linux/init.h>
        alpha: don't use module_init for non-modular core code
        smp, alpha: kill SMP single function call interrupt
        alpha: Remove #include <uapi/asm/types.h> from <asm/types.h>
        alpha: clean up unnecessary MSI/MSI-X capability find
      70d7d88f
    • Benjamin Poirier's avatar
      mlx4_core: Fix fallback from MSI-X to INTx · f4ecf29f
      Benjamin Poirier authored
      The test in mlx4_load_one() to remove MLX4_FLAG_MSI_X expects mlx4_NOP() to
      fail with -EBUSY. It is also necessary to avoid the reset since the device
      is not fully reinitialized before calling mlx4_start_hca() a second time.
      
      Note that this will also affect mlx4_test_interrupts(), the only other user
      of MLX4_CMD_NOP.
      
      Fixes: f5aef5aa ("net/mlx4_core: Activate reset flow upon fatal command cases")
      Signed-off-by: default avatarBenjamin Poirier <bpoirier@suse.de>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f4ecf29f
    • Rusty Russell's avatar
      lguest: fix out-by-one error in address checking. · 83a35114
      Rusty Russell authored
      This bug has been there since day 1; addresses in the top guest physical
      page weren't considered valid.  You could map that page (the check in
      check_gpte() is correct), but if a guest tried to put a pagetable there
      we'd check that address manually when walking it, and kill the guest.
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Cc: stable@kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      83a35114
    • Ross Lagerwall's avatar
      xen/netback: Properly initialize credit_bytes · ce0e5c52
      Ross Lagerwall authored
      Commit e9ce7cb6 ("xen-netback: Factor queue-specific data into queue
      struct") introduced a regression when moving queue-specific data into
      the queue struct by failing to set the credit_bytes field. This
      prevented bandwidth limiting from working. Initialize the field as it
      was done before multiqueue support was added.
      Signed-off-by: default avatarRoss Lagerwall <ross.lagerwall@citrix.com>
      Acked-by: default avatarWei Liu <wei.liu2@citrix.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ce0e5c52
    • Linus Torvalds's avatar
      Merge branch 'overlayfs-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 3cfd4ba7
      Linus Torvalds authored
      Pull two overlayfs fixes from Miklos Szeredi:
       "Overlayfs rmdir() failed to check for emptiness in one case; this was
        introduced in 4.0.  The other bug was there since day one: failure to
        mount if upper fs is full, which bit some OpenWRT folks"
      
      * 'overlayfs-next' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: mount read-only if workdir can't be created
        ovl: don't remove non-empty opaque directory
      3cfd4ba7
    • Linus Torvalds's avatar
      Merge tag 'mfd-fixes-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd · 1b887bf3
      Linus Torvalds authored
      Pull an MFD fix from Lee Jones:
       "One simple fix to repair broken regulator probe() in DA9052"
      
      * tag 'mfd-fixes-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
        mfd: da9052: Fix broken regulator probe
      1b887bf3
    • Linus Torvalds's avatar
      Merge tag 'backlight-fixes-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight · 30a7266f
      Linus Torvalds authored
      Pull backlight fix from Lee Jones:
       "One simple fix to correctly handle -EPROBE_DEFER"
      
      * tag 'backlight-fixes-4.1' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/backlight:
        backlight: pwm: Handle EPROBE_DEFER while requesting the PWM
      30a7266f
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 · c09b5cbd
      Linus Torvalds authored
      Pull crypto fix from Herbert Xu:
       "This disables the newly (4.1) added user-space AEAD interface so that
        we can fix issues in the underlying kernel AEAD interface.  Once the
        new kernel AEAD interface is ready we can then reenable the user-space
        AEAD interface"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
        crypto: algif_aead - Disable AEAD user-space for now
      c09b5cbd
    • Johan Hovold's avatar
      mfd: da9052: Fix broken regulator probe · e0c21530
      Johan Hovold authored
      Fix broken probe of da9052 regulators, which since commit b3f6c73d
      ("mfd: da9052-core: Fix platform-device id collision") use a
      non-deterministic platform-device id to retrieve static regulator
      information. Fortunately, adequate error handling was in place so probe
      would simply fail with an error message.
      
      Update the mfd-cell ids to be zero-based and use those to identify the
      cells when probing the regulator devices.
      
      Fixes: b3f6c73d ("mfd: da9052-core: Fix platform-device id collision")
      Cc: stable <stable@vger.kernel.org>	# v3.19
      Signed-off-by: default avatarJohan Hovold <johan@kernel.org>
      Acked-by: default avatarBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
      Reviewed-by: default avatarMark Brown <broonie@kernel.org>
      Signed-off-by: default avatarLee Jones <lee.jones@linaro.org>
      e0c21530
    • Vladimir Zapolskiy's avatar
      net: netxen: correct sysfs bin attribute return code · 748a7295
      Vladimir Zapolskiy authored
      If read() syscall requests unexpected number of bytes from "dimm" binary
      attribute file, return EINVAL instead of EPERM.
      
      At the same time pin down sysfs file size to the fixed
      sizeof(struct netxen_dimm_cfg), which allows to exploit some missing
      sanity checks from kernfs (file boundary checks vs offset etc.)
      Signed-off-by: default avatarVladimir Zapolskiy <vz@mleia.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      748a7295
    • Daniel Borkmann's avatar
      tools: bpf_jit_disasm: fix segfault on disabled debugging log output · 082739aa
      Daniel Borkmann authored
      With recent debugging, I noticed that bpf_jit_disasm segfaults when
      there's no debugging output from the JIT compiler to the kernel log.
      
      Reason is that when regexec(3) doesn't match on anything, start/end
      offsets are not being filled out and contain some uninitialized garbage
      from stack. Thus, we need zero out offsets first.
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      082739aa
    • Mark Salyzyn's avatar
      unix/caif: sk_socket can disappear when state is unlocked · b48732e4
      Mark Salyzyn authored
      got a rare NULL pointer dereference in clear_bit
      Signed-off-by: default avatarMark Salyzyn <salyzyn@android.com>
      Acked-by: default avatarHannes Frederic Sowa <hannes@stressinduktion.org>
      ----
      v2: switch to sock_flag(sk, SOCK_DEAD) and added net/caif/caif_socket.c
      v3: return -ECONNRESET in upstream caller of wait function for SOCK_DEAD
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b48732e4
  3. 26 May, 2015 13 commits
  4. 25 May, 2015 6 commits