- 21 May, 2009 4 commits
-
-
Arnd Bergmann authored
The microblaze signal handling code gets some __user pointers wrong, as shown by sparse. This adds the annotations where appropriate and change sys_rt_sigreturn to correctly pass a user stack down to do_sigaltstack instead of a kernel structure. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Arnd Bergmann authored
Some device drivers require the symbols _ebss, kernel_thread, __page_offset or ___range_ok, so export them. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Michal Simek authored
Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Michal Simek authored
Signed-off-by: Michal Simek <monstr@monstr.eu>
-
- 20 May, 2009 16 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/drm-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/drm-2.6: drm: Copy back ioctl data to userspace regardless of return code. drm: Round size of SHM maps to PAGE_SIZE
-
git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds authored
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: MIPS: 64-bit: Fix system lockup. MIPS: IP28: Change to build with -mr10k-cache-barrier=store MIPS: IP22: Fix hang in power button interrupt handler MIPS: IP32: Fix hang on shutdown in power button interrupt handler.
-
Linus Torvalds authored
* master.kernel.org:/home/rmk/linux-2.6-arm: (25 commits) [ARM] 5519/1: amba probe: pass "struct amba_id *" instead of void * [ARM] 5517/1: integrator: don't put clock lookups in __initdata [ARM] 5518/1: versatile: don't put clock lookups in __initdata [ARM] mach-l7200: fix spelling of SYS_CLOCK_OFF [ARM] Double check memmap is actually valid with a memmap has unexpected holes V2 [ARM] realview: fix broadcast tick support [ARM] realview: remove useless smp_cross_call_done() [ARM] smp: fix cpumask usage in ARM SMP code [ARM] 5513/1: Eurotech VIPER SBC: fix compilation error [ARM] 5509/1: ep93xx: clkdev enable UARTS ARM: OMAP2/3: Change omapfb to use clkdev for dispc and rfbi, v2 ARM: OMAP3: Fix HW SAVEANDRESTORE shift define ARM: OMAP3: Fix number of GPIO lines for 34xx [ARM] S3C: Do not set clk->owner field if unset [ARM] S3C2410: mach-bast.c registering i2c data too early [ARM] S3C24XX: Fix unused code warning in arch/arm/plat-s3c24xx/dma.c [ARM] S3C64XX: fix GPIO debug [ARM] S3C64XX: GPIO include cleanup [ARM] nwfpe: fix 'floatx80_is_nan' sparse warning [ARM] nwfpe: Add decleration for ExtendedCPDO ...
-
Alessandro Rubini authored
The second argument of the probe method points to the amba_id structure, so it's better passed with the correct type. None of the current in-tree drivers uses the pointer, so they have only been checked for a clean compile. Change suggested by Russell King. Signed-off-by: Alessandro Rubini <rubini@unipv.it> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-
Michel Dänzer authored
Fixes a regression from commit 9d5b3ffc ('drm: fixup some of the ioctl function exit paths'): The vblank ioctl needs to update the userspace parameters when interrupted by a signal, which was prevented by the return code check. This could cause the X server to hang in drmWaitVBlank(). Signed-off-by: Michel Dänzer <daenzer@vmware.com> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
-
Greg Ungerer authored
The address range size calculation inside local_flush_tlb_kernel_range() is being truncated by a too small size variable holder on 64-bit systems. The truncated size can result in an erroneous tlbsize check that means we sit spinning inside a loop trying to flush a hige number of TLB entries. This is for all intents and purposes a system hang. Fix by using an appropriately sized valiable to hold the size. [Ralf: Greg's original patch submission identified the issue and fixed one instance in tlb-r4k.c but there there were several more. For consistency I also modified tlb-r3k.c even though that file is only used on 32-bit.] Signed-off-by: Greg Ungerer <gerg@snapgear.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
peter fuerst authored
Richard Sandiford's new code for inserting the cache-barriers, for GCC 4.3 and above and already incorporated in the current GCC-release, uses a slightly different option-syntax. Signed-off-by: peter fuerst <post@pfrst.de> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Ralf Baechle authored
The hang was caused by the use of disable_irq() from the interrupt handler itself. Fixed by the use of disable_irq_nosync(). The issue was triggered by: commit 3aa551c9 Author: Thomas Gleixner <tglx@linutronix.de> Date: Mon Mar 23 18:28:15 2009 +0100 genirq: add threaded interrupt handler support Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
Andrew Randrianasulu authored
The hang was caused by the use of disable_irq() from the interrupt handler itself. Fixed by the use of disable_irq_nosync(). The issue was triggered by: commit 3aa551c9 Author: Thomas Gleixner <tglx@linutronix.de> Date: Mon Mar 23 18:28:15 2009 +0100 genirq: add threaded interrupt handler support Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
-
git://git.kernel.dk/linux-2.6-blockLinus Torvalds authored
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: cdrom: beyond ARRAY_SIZE of viocd_diskinfo xen/blkfront: fix warning when deleting gendisk on unplug/shutdown xen/blkfront: allow xenbus state transition to Closing->Closed when not Connected
-
git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: fix pointer initialization and checks in cifs_follow_symlink (try #4)
-
Roel Kluin authored
Do not go beyond ARRAY_SIZE of viocd_diskinfo Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6: mfd: pcf50633: fix unsafe disable_irq() mfd: Keep a cache of WM8350 volatile values
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: ipv4: make default for INET_LRO consistent with help text net: fix skb_seq_read returning wrong offset/length for page frag data pkt_sched: gen_estimator: use 64 bit intermediate counters for bps be2net: add two new pci device ids to pci device table sch_teql: should not dereference skb after ndo_start_xmit() tcp: fix MSG_PEEK race check Doc: fixed descriptions on /proc/sys/net/core/* and /proc/sys/net/unix/* Neterion: *FIFO1_DMA_ERR set twice, should 2nd be *FIFO2_DMA_ERR? mv643xx_eth: fix PPC DMA breakage bonding: fix link down handling in 802.3ad mode bridge: fix initial packet flood if !STP bridge: relay bridge multicast pkgs if !STP NET: Meth: Fix unsafe mix of irq and non-irq spinlocks. mlx4_en: Fix not deleted napi structures ipconfig: handle case of delayed DHCP server netpoll: don't dereference NULL dev from np wimax/i2400m: fix device crash: fix optimization in _roq_queue_update_ws
-
Linus Torvalds authored
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: TPM: get_event_name stack corruption
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tipLinus Torvalds authored
* 'core/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: futex: setup writeable mapping for futex ops which modify user space data
-
- 19 May, 2009 16 commits
-
-
Benjamin Herrenschmidt authored
Currently, userspace can fail to obtain the SAREA mapping (among other reasons) if it passes SAREA_MAX to drmAddMap without aligning it to the page size. This breaks for example on PowerPC with 64K pages and radeon despite the kernel radeon actually doing the right rouding in the first place. The way SAREA_MAX is defined with a bunch of ifdef's and duplicated between libdrm and the X server is gross, ultimately it should be retrieved by userspace from the kernel, but in the meantime, we have plenty of existing userspace built with bad values that need to work. This patch works around broken userspace by rounding the requested size in drm_addmap_core() of any SHM map to the page size. Since the backing memory for SHM maps is also allocated within addmap_core, there is no danger of adjacent memory being exposed due to the increased map size. The only side effect is that drivers that previously tried to create or access SHM maps using a size < PAGE_SIZE and failed (getting -EINVAL), will now succeed at the cost of a little bit more memory used if that happens to be when the map is created. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Jesse Barnes <jbarnes@virtuousgeek.org>
-
Eric Paris authored
get_event_name uses sprintf to fill a buffer declared on the stack. It fills the buffer 2 bytes at a time. What the code doesn't take into account is that sprintf(buf, "%02x", data) actually writes 3 bytes. 2 bytes for the data and then it nul terminates the string. Since we declare buf to be 40 characters long and then we write 40 bytes of data into buf sprintf is going to write 41 characters. The fix is to leave room in buf for the nul terminator. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
-
Thomas Gleixner authored
The futex code installs a read only mapping via get_user_pages_fast() even if the futex op function has to modify user space data. The eventual fault was fixed up by futex_handle_fault() which walked the VMA with mmap_sem held. After the cleanup patches which removed the mmap_sem dependency of the futex code commit 4dc5b7a36a49eff97050894cf1b3a9a02523717 (futex: clean up fault logic) removed the private VMA walk logic from the futex code. This change results in a stale RO mapping which is not fixed up. Instead of reintroducing the previous fault logic we set up the mapping in get_user_pages_fast() read/write for all operations which modify user space data. Also handle private futexes in the same way and make the current unconditional access_ok(VERIFY_WRITE) depend on the futex op. Reported-by: Andreas Schwab <schwab@linux-m68k.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> CC: stable@kernel.org
-
Nico Schottelius authored
Produce correct output for - tagged commit (v2.6.30-rc6) - past tagged commit (v2.6.30-rc5-299-g7c7327d9) - no tag Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Nelson Castillo authored
Without this change Openmoko Freerunner (GTA02) bootstrap will deadlock. As pointed out in other patches this issue is in the wild since the merge of: : commit 3aa551c9 : Author: Thomas Gleixner <tglx@linutronix.de> : Date: Mon Mar 23 18:28:15 2009 +0100 : : genirq: add threaded interrupt handler support : : Add support for threaded interrupt handlers Signed-off-by: Nelson Castillo <arhuaco@freaks-unidos.net> Cc: Ingo Molnar <mingo@elte.hu> Cc: <balajirrao@openmoko.org> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
-
Mark Brown authored
Due to the way that the WM8350 audio driver handles CODEC_ENA many of the WM8350 audio registers are marked as volatile when they aren't actually so. Allow the audio driver to see a cache of these values for inspection during interrupt context. To do this we need to stop satisfying any bits from volatile registers from cache - there's no real benefit from doing so anyway, we did the read already. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
-
git://git.monstr.eu/linux-2.6-microblazeLinus Torvalds authored
* 'fixes-for-linus' of git://git.monstr.eu/linux-2.6-microblaze: microblaze: Fix kind-of-intr checking against number of interrupts microblaze: Update Microblaze defconfig
-
git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6: regulator: da903x: add missing __devexit_p()
-
Linus Torvalds authored
Martin Knoblauch reports that trying to build 2.6.30-rc6-git3 with RHEL4.3 userspace (gcc (GCC) 3.4.5 20051201 (Red Hat 3.4.5-2)) causes an internal compiler error (ICE): drivers/char/random.c: In function `get_random_int': drivers/char/random.c:1672: error: unrecognizable insn: (insn 202 148 150 0 /scratch/build/linux-2.6.30-rc6-git3/arch/x86/include/asm/tsc.h:23 (set (reg:SI 0 ax [91]) (subreg:SI (plus:DI (plus:DI (reg:DI 0 ax [88]) (subreg:DI (reg:SI 6 bp) 0)) (const_int -4 [0xfffffffffffffffc])) 0)) -1 (nil) (nil)) drivers/char/random.c:1672: internal compiler error: in extract_insn, at recog.c:2083 and after some debugging it turns out that it's due to the code trying to figure out the rough value of the current stack pointer by taking an address of an uninitialized variable and casting that to an integer. This is clearly a compiler bug, but it's not worth fighting - while the current stack kernel pointer might be somewhat hard to predict in user space, it's also not generally going to change for a lot of the call chains for a particular process. So just drop it, and mumble some incoherent curses at the compiler. Tested-by: Martin Knoblauch <spamtrap@knobisoft.de> Cc: Matt Mackall <mpm@selenic.com> Cc: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Jeff Layton authored
This is the third respin of the patch posted yesterday to fix the error handling in cifs_follow_symlink. It also includes a fix for a bogus NULL pointer check in CIFSSMBQueryUnixSymLink that Jeff Moyer spotted. It's possible for CIFSSMBQueryUnixSymLink to return without setting target_path to a valid pointer. If that happens then the current value to which we're initializing this pointer could cause an oops when it's kfree'd. This patch is a little more comprehensive than the last patches. It reorganizes cifs_follow_link a bit for (hopefully) better readability. It should also eliminate the uneeded allocation of full_path on servers without unix extensions (assuming they can get to this point anyway, of which I'm not convinced). On a side note, I'm not sure I agree with the logic of enabling this query even when unix extensions are disabled on the client. It seems like that should disable this as well. But, changing that is outside the scope of this fix, so I've left it alone for now. Reported-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Reviewed-by: Jeff Moyer <jmoyer@redhat.com> Reviewed-by: Christoph Hellwig <hch@inraded.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
-
Ian Campbell authored
Currently blkfront gives a warning when hot unplugging due to calling del_gendisk() with interrupts disabled (due to blkif_io_lock). WARNING: at kernel/softirq.c:124 local_bh_enable+0x36/0x84() Modules linked in: xenfs xen_netfront ext3 jbd mbcache xen_blkfront Pid: 13, comm: xenwatch Not tainted 2.6.29-xs5.5.0.13 #3 Call Trace: [<c012611c>] warn_slowpath+0x80/0xb6 [<c0104cf1>] xen_sched_clock+0x16/0x63 [<c0104710>] xen_force_evtchn_callback+0xc/0x10 [<c0104e32>] check_events+0x8/0xe [<c0104d9b>] xen_restore_fl_direct_end+0x0/0x1 [<c0103749>] xen_mc_flush+0x10a/0x13f [<c0105bd2>] __switch_to+0x114/0x14e [<c011d92b>] dequeue_task+0x62/0x70 [<c0123b6f>] finish_task_switch+0x2b/0x84 [<c0299877>] schedule+0x66d/0x6e7 [<c0104710>] xen_force_evtchn_callback+0xc/0x10 [<c0104710>] xen_force_evtchn_callback+0xc/0x10 [<c012a642>] local_bh_enable+0x36/0x84 [<c022f9a7>] sk_filter+0x57/0x5c [<c0233dae>] netlink_broadcast+0x1d5/0x315 [<c01c6371>] kobject_uevent_env+0x28d/0x331 [<c01e7ead>] device_del+0x10f/0x120 [<c01e7ec6>] device_unregister+0x8/0x10 [<c015f86d>] bdi_unregister+0x2d/0x39 [<c01bf6f4>] unlink_gendisk+0x23/0x3e [<c01ac946>] del_gendisk+0x7b/0xe7 [<d0828c19>] blkfront_closing+0x28/0x6e [xen_blkfront] [<d082900c>] backend_changed+0x3ad/0x41d [xen_blkfront] We can fix this by calling del_gendisk() later in blkfront_closing, after releasing blkif_io_lock. Since the queue is stopped during the interrupts disabled phase I don't think there is any danger of an event occuring between releasing the blkif_io_lock and deleting the disk. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Jeremy Fitzhardinge <jeremy@goop.org> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-
Ian Campbell authored
This situation can occur when attempting to attach a block device whose backend is an empty physical CD-ROM driver. The backend in this case will go directly from the Initialising state to Closing->Closed. Previously this would result in a NULL pointer deref on info->gd (xenbus_dev_fatal does not return as a1a15ac5 seems to expect) Cc: stable@kernel.org Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Acked-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com> Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-
Frans Pop authored
Commit e81963b1 ("ipv4: Make INET_LRO a bool instead of tristate.") changed this config from tristate to bool. Add default so that it is consistent with the help text. Signed-off-by: Frans Pop <elendil@planet.nl> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Thomas Chenault authored
When called with a consumed value that is less than skb_headlen(skb) bytes into a page frag, skb_seq_read() incorrectly returns an offset/length relative to skb->data. Ensure that data which should come from a page frag does. Signed-off-by: Thomas Chenault <thomas_chenault@dell.com> Tested-by: Shyam Iyer <shyam_iyer@dell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Frank Filz authored
The problem is that permission checking is skipped if atomic open is possible, but when exec opens a file, it just opens it O_READONLY which means EXEC permission will not be checked at that time. This problem is observed by the following sequence (executed as root): mount -t nfs4 server:/ /mnt4 echo "ls" >/mnt4/foo chmod 744 /mnt4/foo su guest -c "mnt4/foo" Signed-off-by: Frank Filz <ffilzlnx@us.ibm.com> Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com> Cc: stable@kernel.org Tested-by: Eugene Teo <eugeneteo@kernel.sg> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Eric Dumazet authored
gen_estimator can overflow bps (bytes per second) with Gb links, while it was designed with a u32 API, with a theorical limit of 34360Mbit (2^32 bytes) Using 64 bit intermediate avbps/brate counters can allow us to reach this theorical limit. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Jarek Poplawski <jarkao2@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 18 May, 2009 4 commits
-
-
Ajit Khaparde authored
Signed-off-by: Ajit Khaparde <ajitk@serverengines.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
It is illegal to dereference a skb after a successful ndo_start_xmit() call. We must store skb length in a local variable instead. Bug was introduced in 2.6.27 by commit 0abf77e5 (net_sched: Add accessor function for packet length for qdiscs) Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ilpo Järvinen authored
Commit 518a09ef (tcp: Fix recvmsg MSG_PEEK influence of blocking behavior) lets the loop run longer than the race check did previously expect, so we need to be more careful with this check and consider the work we have been doing. I tried my best to deal with urg hole madness too which happens here: if (!sock_flag(sk, SOCK_URGINLINE)) { ++*seq; ... by using additional offset by one but I certainly have very little interest in testing that part. Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Tested-by: Frans Pop <elendil@planet.nl> Tested-by: Ian Zimmermann <itz@buug.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpcLinus Torvalds authored
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: powerpc: Explicit alignment for .data.cacheline_aligned powerpc/ps3: Update ps3_defconfig powerpc/ftrace: Fix constraint to be early clobber powerpc/ftrace: Use pr_devel() in ftrace.c powerpc: Do not assert pte_locked for hugepage PTE entries
-