- 15 Oct, 2007 2 commits
-
-
Jesper Juhl authored
Coverity spotted a "use after free" bug in drivers/char/agp/amd-k7-agp.c::amd_create_gatt_pages(). The problem is this: If "entry = kzalloc(sizeof(struct amd_page_map), GFP_KERNEL);" fails, then there's a loop in the function to free all entries allocated so far and break out of the allocation loop. That in itself is pretty sane, but then the (now freed) 'tables' is assigned to amd_irongate_private.gatt_pages and 'retval' is set to -ENOMEM which causes amd_free_gatt_pages(); to be called at the end of the function. The problem with this is that amd_free_gatt_pages() will then loop 'amd_irongate_private.num_tables' times and try to free each entry in tables[] - this is bad since tables has already been freed and furthermore it will call kfree(tables) at the end - a double free. This patch removes the freeing loop in amd_create_gatt_pages() and instead relies entirely on the call to amd_free_gatt_pages() to free everything we allocated in case of an error. It also sets amd_irongate_private.num_tables to the actual number of entries allocated instead of just using the value passed in from the caller - this ensures that amd_free_gatt_pages() will only attempt to free stuff that was actually allocated. Signed-off-by:
Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Dave Airlie <airlied@redhat.com>
-
Dave Airlie authored
With Andi's clflush fixup, we were getting hangs on server exit, flushing the mappings after freeing each page helped. This showed up a race condition where the pages after being freed could be reused before the agp mappings had been flushed. Flushing after each single page is a bad thing for future drm work, so make the page destroy a two pass unmapping all the pages, flushing the mappings, and then destroying the pages. Signed-off-by:
Dave Airlie <airlied@linux.ie> Signed-off-by:
-
- 14 Oct, 2007 38 commits
-
-
David Brownell authored
Make sure the mmc_spi driver can build without CONFIG_BLOCK. Issue noted by "Avuton Olrich" <avuton@gmail.com> and randconfig. While that won't be a common configuration, sometimes embedded boards use SDIO to interface WLAN or Bluetooth chips (vs some parallel interface), and don't provide an MMC/SD socket for use with flash memory cards. Signed-off-by:
David Brownell <dbrownell@users.sourceforge.net> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-x86Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/tglx/linux-2.6-x86: x86: force timer broadcast on late AMD C1E detection x86: move local APIC timer init to the end of start_secondary() clockevents: introduce force broadcast notifier x86: fix missing include for vsyscall
-
Stephen Hemminger authored
The call to napi_disable() in the PCI shutdown handler is problematic, and is aggravated by the new NAPI. Also, make sure watchdog timer doesn't go off. Signed-off-by:
Stephen Hemminger <shemminger@linux-foundation.org> Signed-off-by:
-
Thomas Gleixner authored
The 64bit SMP bootup is slightly different to the 32bit one. It enables the boot CPU local APIC timer before all CPUs are brought up. Some AMD C1E systems have the C1E feature flag only set in the secondary CPU. Due to the early enable of the boot CPU local APIC timer the APIC timer is registered as a fully functional device. When we detect the wreckage during the bringup of the secondary CPU, we need to force the boot CPU into broadcast mode. Check the C1E caused APIC timer disable, when the secondary APIC timer is initialized. If the boot CPU APIC timer was registered as a functional clock event device, then fix this up and utilize the CLOCK_EVT_NOTIFY_BROADCAST_FORCE mechanism to force the already registered boot CPU APIC timer into broadcast mode. Tested by force injecting the failure mode. Signed-off-by:Thomas Gleixner <tglx@linutronix.de>
-
Thomas Gleixner authored
Preparatory patch for the AMD C1E wreckage fixup. Signed-off-by: -
Thomas Gleixner authored
The 64bit SMP bootup is slightly different to the 32bit one. It enables the boot CPU local APIC timer before all CPUs are brought up. Some AMD C1E systems have the C1E feature flag only set in the secondary CPU. Due to the early enable of the boot CPU local APIC timer the APIC timer is registered as a fully functional device. When we detect the wreckage during the bringup of the secondary CPU, we need to force the boot CPU into broadcast mode. Add a new notifier reason and implement the force broadcast in the clock events layer. Signed-off-by: -
Dave Jones authored
> Maybe I just picked a bad time to try, but... > > arch/x86/kernel/alternative.c: In function 'apply_alternatives': > arch/x86/kernel/alternative.c:191: error: 'VSYSCALL_START' undeclared (first use in this function) > arch/x86/kernel/alternative.c:191: error: (Each undeclared identifier is reported only once > arch/x86/kernel/alternative.c:191: error: for each function it appears in.) > arch/x86/kernel/alternative.c:191: error: 'VSYSCALL_END' undeclared (first use in this function) > make[1]: *** [arch/x86/kernel/alternative.o] Error 1 > make: *** [arch/x86/kernel] Error 2 Try this. Include missing header for vsyscall. Signed-off-by:
Dave Jones <davej@redhat.com> Signed-off-by:
-
git://lm-sensors.org/kernel/mhoffman/hwmon-2.6Linus Torvalds authored
* 'release' of git://lm-sensors.org/kernel/mhoffman/hwmon-2.6: (53 commits) hwmon: (vt8231) fix sparse warning hwmon: (sis5595) fix sparse warning hwmon: (w83627hf) don't assume bank 0 hwmon: (w83627hf) Fix setting fan min right after driver load hwmon: (w83627hf) De-macro sysfs callback functions hwmon: Add new combined driver for FSC chips hwmon: (ibmpex) Release IPMI user if hwmon registration fails hwmon: (dme1737) Add sch311x support hwmon: (dme1737) group functions logically hwmon: (dme1737) cleanups hwmon: IBM power meter driver hwmon: (coretemp) Add support for Celeron 4xx hwmon: (lm87) Disable VID when it should be hwmon: (w83781d) Add individual alarm and beep files hwmon: VRM is not read from registers MAINTAINERS: update hwmon subsystem git trees hwmon: Fix the code examples in documentation hwmon: update sysfs interface document - error handling hwmon: (thmc50) Fix a debug message hwmon: (thmc50) Don't create temp3 if not enabled ...
-
Martin Bachem authored
- killed paranoid NULL Pointer check - human readable LED states - support for "Eicon DIVA USB 4.0" (0x071d/0x1005) Signed-off-by:
Martin Bachem <info@colognechip.com> Signed-off-by:
-
Al Viro authored
if your mask is host-endian, you should apply it after le64_to_cpu(); if it's little-endian - before. Doing both (for the same mask and little-endian value) is broken. Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
all uses of and almost all assignments to lro_desc->tcp_ack assume that it's net-endian; one converts net-endian to host-endian and sticks it in lro_desc->tcp_ack. Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
... should be unsigned int Signed-off-by:
-
Al Viro authored
deal with signedness of the stuff passed to set_bit() et.al. Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
copy_to_user() into on-stack array Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
... since that sucker is not 32bit-only and on 64bit skb->tail is an offset, not a pointer. Signed-off-by:
-
Mark M. Hoffman authored
Signed-off-by:Mark M. Hoffman <mhoffman@lightlink.com>
-
Mark M. Hoffman authored
Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hidLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: (21 commits) HID: hidraw_connect() memleak fix HID: add hidraw interface USB HID: provide hook for hidraw write() HID: hiddev: Add 32bit ioctl compatibilty HID: Add GeneralTouch touchscreen to the blacklist HID: add support for Microsoft Wireless Laser Keyboard 6000 Input: add KEY_LOGOFF USBHID: report descriptor fix for MacBook JIS keyboard HID: trivial fixes in hid-debug HID: fix input mapping for Microsoft Ergonomic Keyboard HID: use hid-plff driver for GreenAsia 0e8f:0003 devices USBHID: Add HID_QUIRK_NOGET for ELO Touch Screen 2700 display HID: enable hiddev for the SantaRosa MacBookPro IR receiver USBHID: add CM109 device to blacklist HID: Report usage codes of keys as EV_MSC scancode events HID: ignore all non-LED usages in output fields in hid-input HID: fix whitespace damage HID: add support for Thrustmaster FGT Force Feedback wheel HID: minimal autosuspend support for USB HID devices HID: add support for Microsoft Natural Ergonomic Keyboard 4000 ...
-
git://git.infradead.org/mtd-2.6Linus Torvalds authored
* git://git.infradead.org/mtd-2.6: [MTD] fix mtdconcat for subpage-write NAND [MTD] [OneNAND] Avoid deadlock in erase callback; release chip lock first. [MTD] [OneNAND] Return only negative error codes [MTD] [OneNAND] Synchronize block locking operations UBI: return correct error code UBI: remove useless inlines UBI: fix atomic LEB change problems UBI: use byte hexdump UBI: do not use vmalloc on I/O path UBI: allocate memory with GFP_NOFS UBI: use linux print_hex_dump(), not home-grown one UBI: don't use array index before testing if it is negative UBI: add more prints UBI: fix sparse warnings UBI: fix leak in ubi_scan_erase_peb
-
Linus Torvalds authored
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: (23 commits) [SPARC64]: virt_to_real_irq_table --> virt_irq_table [SPARC64]: virt_irq --> bucket mapping no longer necessary [SPARC64]: Kill ugly __bucket() macro. [SPARC64]: Kill ugly __irq_ino() macro. [SPARC64]: Only use bypass accesses to INO buckets. [SPARC64]: Update defconfig. [SPARC64]: Use sun4v VIRQ interfaces as intended. [SPARC64]: Allocate ivector_table dynamically. [SPARC64]: Access ivector_table[] using physical addresses. [SPARC64]: Make IVEC pointers 64-bit. [SPARC64]: Fix register usage in xor_raid_4(). [SPARC64]: Kill pci_memspace_mask. [SPARC64]: Consolidate MSI support code. [SPARC/64]: Move of_platform_driver initialisations: arch/sparc{,64}. [SPARC64]: Fix bugs in SYSV IPC handling in 64-bit processes. [SPARC/64]: Prepare to remove of_platform_driver name. [SPARC32]: Add irqflags.h to sparc32 and use it from generic code. [SPARC64]: beautify vmlinux.lds [SPARC]: beautify vmlinux.lds [SPARC64]: Enable MSI on sun4u Fire PCI-E controllers. ... -
Grant Likely authored
Trivial compile warning fix Signed-off-by:
Grant Likely <grant.likely@secretlab.ca> Signed-off-by:
-
Grant Likely authored
Trivial unused variable fix Signed-off-by:
-
