- 22 Oct, 2003 21 commits
-
-
Andrew Morton authored
I happened to spot this kfree(of complete garbage) - it is on an oh-we-raced-retry path which is obviously exceedingly rare,
-
Andrew Morton authored
From: Peter Bergner <bergner@vnet.ibm.com> In fs/binfmt_elf.c:load_elf_binary() (both 2.6 and 2.4), there is some minimal checking whether the interpreter it's about to load/run is a valid ELF file, but it fails to check whether the interpreter is of the correct arch. We ran into this when a borked powerpc64-linux toolchain set the interpreter on our 64-bit app to our 32-bit ld.so. Executing the app caused the kernel to really chew up memory. I'm assuming x86_64 and sparc64 might possibly see the same behavior. Note I'm not sure of the history behind INTERPRETER_AOUT, so I added the test for INTERPRETER_ELF so as not to change it's behavior in case someone still relies on it. As an aside, it seems the elf_check_arch() macros should really be checking for more than a valid e_machine value. I'd think checking one or more of the e_ident[EI_CLASS], e_ident[EI_DATA] and e_ident[EI_OSABI] values would be required as well, no?
-
Andrew Morton authored
From: Jesper Juhl <juhl-lkml@dif.dk>
-
Andrew Morton authored
Fix a C99ism.
-
Andrew Morton authored
From: "Kurtis D. Rader" <kdrader@us.ibm.com> http://bugme.osdl.org/show_bug.cgi?id=1365 The digi_acceleport.c USB serial driver has a bogus "address of" operator that results in BUGs. The problem is that digi_wakeup_write_lock() takes a pointer to a struct usb_serial_port. However, what gets passed is a pointer to a pointer to a struct usb_serial_port.
-
Andrew Morton authored
OK, I give up. Kill all the might_sleep warnings from the early boot process.
-
Andrew Morton authored
There seems to be no header file which declares system_running.
-
Andrew Morton authored
From: Jan Kara <jack@ucw.cz> attached patch should fix a quota locking problem causing deadlock (when inode was being released from icache and it caused newly created quota structure to be written).
-
Andrew Morton authored
From: Hugh Dickins <hugh@veritas.com> mm/filemap.c's generic_file_aio_write_nolock changed SetPageReferenced to mark_page_accessed in -test3: now follow that in shmem_file_write.
-
Andrew Morton authored
From: Hugh Dickins <hugh@veritas.com> mm/shmem.c was converted to i_size_read in -test1, and the remaining references to a file's naked i_size are safely protected by i_sem; but surely shmem_file_write must use i_size_write to update i_size.
-
Andrew Morton authored
From: Hugh Dickins <hugh@veritas.com> If it's possible for a tmpfs page beyond i_size to remain in cache until shmem_truncate repeats truncate_inode_pages, then shmem_writepage's BUG_ON(index >= info->next_index) cannot be completely safe. But it's a useful check in a fragile area, so retain it when not in shmem_truncate.
-
Andrew Morton authored
From: Hugh Dickins <hugh@veritas.com> Extend use of that SHMEM_PAGEIN flag to where shmem_getpage adds a page to the cache. It couldn't have caused a BUG_ON(inode->i_blocks), but if i_size is reduced (from another cpu) the instant after shmem_swp_alloc checks it, shmem_getpage could insert a page into the cache just after truncate_inode_pages has passed through cleaning it, leaving stale data (which may mysteriously reappear if the file is later extended). Easily fixed for tmpfs, using the mechanism just added for swapoff; and probably more important there, since its read from swap can insert non-0 data. But is there not a similar issue, a tiny window, in filemap.c? if truncate_inode_pages comes in between checking i_size and adding new page to cache. Not worth getting excited, but something to beware of.
-
Andrew Morton authored
From: Hugh Dickins <hugh@veritas.com> On 23 July, Sergey S. Kostyliov <rathamahata@php4.ru> reported a tmpfs BUG_ON(inode->i_blocks) during swapoff: my last version of the fix to swapoff/truncate race was inadequate, since I_FREEING might get set or i_size be reduced (from another cpu) the instant after it's tested here. So revert to the previous version of the fix, shmem_truncate calling truncate_inode_pages again, if pages still left in cache; but avoid the recall in usual cases of partial truncation, by having a "pagein" flag to indicate when recall might be necessary. (Since those flags already use VM_ACCOUNT and VM_LOCKED, must redefine another VM_flag for this.) Sergey and 2.4-aa have run fine with this for a couple of months.
-
Andrew Morton authored
From: Hugh Dickins <hugh@veritas.com> LTP tests the filesystem on /tmp: many failures when tmpfs because it missed the way directories hand down their gid. Also fix ramfs and hugetlbfs.
-
Andrew Morton authored
From: Hugh Dickins <hugh@veritas.com> LTP tests the filesystem on /tmp: there are many failures when using tmpfs because simple_lookup forgot to reject filenames longer than the NAME_MAX tmpfs declares in its statfs. This also fixes ramfs and hugetlbfs.
-
Andrew Morton authored
This driver is taking uinitialised stack gunk from the pdev[] array and feeding it into pci_read_config_byte() and crashing when modprobed with no hardware present. Fix it to not index past the initialised members of pdev[]. We don't know if this driver works.
-
Andrew Morton authored
From: Stephen Hemminger <shemminger@osdl.org> The following will prevent adjtime from causing time regression. It delays starting the adjtime mechanism for one tick, and keeps gettimeofday inside the window. Only fixes i386, but changes to other arch would be similar. Running a simple clock test program and playing with adjtime demonstrates that this fixes the problem (and 2.6.0-test6 is broken). But given the fragile nature of the timer code, it should go through some more testing before inclusion.
-
Andrew Morton authored
Silence a bogus "may be used uninitialised" warning. It only affects architectures which use the tlb_finish_mmu() args.
-
Andrew Morton authored
Sync this up with 2.4: ChangeSet@1.404.2.2 2002-05-06 21:30:10-03:00 hch@infradead.org [PATCH] memsetup fixes (again) The mem= fixes from Red Hat's tree had a small bug: if mem= was not actually used with the additional features, but int plain old way, is used the value as the size of memory it wants, not the upper limit. The problem with this is that there is a small difference due to memory holes. I had one report of a person using mem= to reduce memory size for a broken i386 chipset thaty only supports 64MB cached and the rest as mtd/slram device for swap. I got broken as the boundaries changed.
-
Andrew Morton authored
From: Jens Axboe <axboe@suse.de> The command 'eject /dev/scd0' sends a START_STOP command to the device with the data direction set to SCSI_DATA_WRITE but a transfer length of zero. This causes a problem for some code paths.
-
Andrew Morton authored
From: "V. Rajesh" <vrajesh@eecs.umich.edu> If a vma is already present in an i_mmap list of a mapping, then it is racy to update the vm_start, vm_end, and vm_pgoff members of the vma without holding the mapping's i_shared_sem. This is because the updates can race with invalidate_mmap_range_list. I audited all the places that assign vm_start, vm_end, and vm_pgoff. AFAIK, the following is the list of questionable places: 1) This patch fixes the racy split_vma. Kernel 2.4 does the right thing, but the following changesets introduced a race. http://linux.bkbits.net:8080/linux-2.5/patch@1.536.34.4 http://linux.bkbits.net:8080/linux-2.5/patch@1.536.34.5 You can use the patch and programs in the following URL to trigger the race. http://www-personal.engin.umich.edu/~vrajesh/linux/truncate-race/ 2) This patch also locks a small racy window in vma_merge. 3) In few cases vma_merge and do_mremap expand a vma by adding extra length to vm_end without holding i_shared_sem. I think that's fine. 4) In arch/sparc64, vm_end is updated without holding i_shared_sem. Check make_hugetlb_page_present. I hope that is fine, but I am not sure.
-
- 21 Oct, 2003 12 commits
-
-
http://linux-acpi.bkbits.net/linux-acpi-release-2.6.0Linus Torvalds authored
into home.osdl.org:/home/torvalds/v2.5/linux
-
James Cleverdon authored
The "irq_vector[]" array is indexed by the sum of all RTEs in all I/O APICs, and is not necessarily limited by the x86 CPU irq vector inputs. In fact, the irq vector index would overflow on big machines with lots of IO APIC's, causing the boot to fail. So grow the array for the big SMP boxes, keeping the default the same as before (and shrink the vector entry size down to a 8-bit value, since that's the size of the actual CPU vector entry).
-
bk://kernel.bkbits.net/jgarzik/libata-2.5Jeff Garzik authored
into redhat.com:/spare/repo/libata-2.5-merge
-
Jeff Garzik authored
-
Jeff Garzik authored
Intel ICH5 (production) ServerWorks / Apple K2 (beta) VIA (beta) Silicon Image 3112 (broken!) Various Promise (alpha/beta)
-
bk://bk.arm.linux.org.uk/linux-2.6-rmkLinus Torvalds authored
into home.osdl.org:/home/torvalds/v2.5/linux
-
Alexander Schulz authored
Patch from Alexander Schulz This patch adds the define for PCIMEM_BASE so that the shark kernel compiles again.
-
Dave Jiang authored
Patch from Dave Jiang The fix allows IOP321 based platforms to boot all the way instead of blank screen after "starting kernel...". Inherited from Deepak's earlier patch.
-
Bartlomiej Zolnierkiewicz authored
CMD640 driver also supports VLB version of the chipset, therefore fix drivers/ide/Makefile to include pci/ subdir even if CONFIG_BLK_DEV_IDEPCI=n.
-
Michael Hunold authored
- remove cruft, memset() i2c-client structures in tda9840, tea6420, tea6415c driver, otherwise i2c_register()/kobject() segfaults later on
-
Michael Hunold authored
- remove cruft, add I2C_ADAP_CLASS_TV_ANALOG identifier for analog tv i2c handler
-
Michael Hunold authored
- DVB networking uses big endian crc32, so change all occurences of crc32_le to crc32_be - fix usage of firmware location Kconfig option in tda1004x frontend driver - add missing VBI line decoding initialization to saa7113 code for av7110 driver - make av7110 firmware static and *not* __initdata, so recover_arm() can work in case the driver is compiled in statically
-
- 20 Oct, 2003 7 commits
-
-
-
Len Brown authored
use X86 ACPI specific version of eisa_set_level_irq() http://bugzilla.kernel.org/show_bug.cgi?id=1390
-
Alexander Viro authored
This fixes initrd with devfs. With that combination the late-boot code does temporary mount of devfs over rootfs /dev, which made /dev/initrd inaccessible. For setups without devfs that didn't happen. The fix is trivial - put the file in question outside of /dev; IOW, we simply replace "/dev/initrd" with "/initrd.image" in init/*. Confirmed to fix the problem by Valdis Kletnieks
-
http://lia64.bkbits.net/to-linus-2.5Linus Torvalds authored
into home.osdl.org:/home/torvalds/v2.5/linux
-
bk://cifs.bkbits.net/linux-2.5cifsLinus Torvalds authored
into home.osdl.org:/home/torvalds/v2.5/linux
-
Neil Brown authored
... as if "nohide" is in used, it will be the wrong filehandle, and returning a filehandle is optional anyway.
-
Neil Brown authored
When raid0 needs to split a request, it uses 'block' (1K) addresses rather than sector (512b) addresses, which causes problems if the sector address is odd. This patch fixes the problem. Thanks to Andy Polyakov <appro@fy.chalmers.se>
-