1. 06 Nov, 2010 5 commits
    • Vivek Goyal's avatar
      floppy: fix another use-after-free · d017bf6b
      Vivek Goyal authored
      While scanning the floopy code due to c093ee4f ("floppy: fix
      use-after-free in module load failure path"), I found one more instance
      of trying to access disk->queue pointer after doing put_disk() on
      gendisk.  For some reason , floppy moule still loads/unloads fine.  The
      object is probably still around with right pointer values.
      
       o There seems to be one more instance of trying to cleanup the request
         queue after we have called put_disk() on associated gendisk.
      
       o This fix is more out of code inspection.  Even without this fix for
         some reason I am able to load/unload floppy module without any
         issues.
      
       o Floppy module loads/unloads fine after the fix.
      Signed-off-by: default avatarVivek Goyal <vgoyal@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      d017bf6b
    • Linus Torvalds's avatar
      ipw2x00: remove the right /proc/net entry · 151f52f0
      Linus Torvalds authored
      Commit 27ae60f8 ("ipw2x00: replace "ieee80211" with "libipw" where
      appropriate") changed DRV_NAME to be "libipw", but didn't properly fix
      up the places where it was used to specify the name for the /proc/net/
      directory.
      
      For backwards compatibility reasons, that directory name remained
      "ieee80211", but due to the DRV_NAME change, the error case printouts
      and the cleanup functions now used "libipw" instead.  Which made it all
      fail badly.
      
      For example, on module unload as reported by Randy:
      
        WARNING: at fs/proc/generic.c:816 remove_proc_entry+0x156/0x35e()
        name 'libipw'
      
      because it's trying to unregister a /proc directory that obviously
      doesn't even exist.
      
      Clean it all up to use DRV_PROCNAME for the actual /proc directory name.
      Reported-and-tested-by: default avatarRandy Dunlap <randy.dunlap@oracle.com>
      Cc: Pavel Roskin <proski@gnu.org>
      Cc: John W. Linville <linville@tuxdriver.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      151f52f0
    • Linus Torvalds's avatar
      Merge branch 'kvm-updates/2.6.37' of git://git.kernel.org/pub/scm/virt/kvm/kvm · d4285bd6
      Linus Torvalds authored
      * 'kvm-updates/2.6.37' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: PPC: BookE: Load the lower half of MSR
        KVM: PPC: BookE: fix sleep with interrupts disabled
        KVM: PPC: e500: Call kvm_vcpu_uninit() before kvmppc_e500_tlb_uninit().
        PPC: KVM: Book E doesn't have __end_interrupts.
        KVM: x86: Issue smp_call_function_many with preemption disabled
        KVM: x86: fix information leak to userland
        KVM: PPC: fix information leak to userland
        KVM: MMU: fix rmap_remove on non present sptes
        KVM: Write protect memory after slot swap
      d4285bd6
    • Linus Torvalds's avatar
      floppy: fix use-after-free in module load failure path · c093ee4f
      Linus Torvalds authored
      Commit 48821184 ("floppy: switch to one queue per drive instead of
      sharing a queue") introduced a use-after-free.  We do "put_disk()" on
      the disk device _before_ we then clean up the queue associated with that
      disk.
      
      Move the put_disk() down to avoid dereferencing a free'd data structure.
      
      Cc: Jens Axboe <jaxboe@fusionio.com>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Reported-and-tested-by: default avatarRandy Dunlap <randy.dunlap@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      c093ee4f
    • David Daney's avatar
      watchdog: Fix section mismatch and potential undefined behavior. · 433039e9
      David Daney authored
      Commit d9ca07a0 ("watchdog: Avoid kernel crash when disabling
      watchdog") introduces a section mismatch.
      
      Now that we reference no_watchdog from non-__init code it can no longer
      be __initdata.
      Signed-off-by: default avatarDavid Daney <ddaney@caviumnetworks.com>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      433039e9
  2. 05 Nov, 2010 21 commits
  3. 04 Nov, 2010 14 commits