- 04 Aug, 2014 3 commits
-
-
Eric W. Biederman authored
/proc/thread-self is derived from /proc/self. /proc/thread-self points to the directory in proc containing information about the current thread. This funtionality has been missing for a long time, and is tricky to implement in userspace as gettid() is not exported by glibc. More importantly this allows fixing defects in /proc/mounts and /proc/net where in a threaded application today they wind up being empty files when only the initial pthread has exited, causing problems for other threads. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
Eric W. Biederman authored
Network namespaces are per task so it make sense for them to show up in the task directory. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
Eric W. Biederman authored
The usage of pid_ns->child_reaper->nsproxy->net_ns in nfs_server_list_open and nfs_client_list_open is not safe. /proc for a pid namespace can remain mounted after the all of the process in that pid namespace have exited. There are also times before the initial process in a pid namespace has started or after the initial process in a pid namespace has exited where pid_ns->child_reaper can be NULL or stale. Making the idiom pid_ns->child_reaper->nsproxy a double whammy of problems. Luckily all that needs to happen is to move /proc/fs/nfsfs/servers and /proc/fs/nfsfs/volumes under /proc/net to /proc/net/nfsfs/servers and /proc/net/nfsfs/volumes and add a symlink from the original location, and to use seq_open_net as it has been designed. Cc: stable@vger.kernel.org Cc: Trond Myklebust <trond.myklebust@primarydata.com> Cc: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
- 01 Aug, 2014 5 commits
-
-
Eric W. Biederman authored
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a read-only bind mount read-only in a user namespace the MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user to the remount a read-only mount read-write. Upon review of the code in remount it was discovered that the code allowed nosuid, noexec, and nodev to be cleared. It was also discovered that the code was allowing the per mount atime flags to be changed. The first naive patch to fix these issues contained the flaw that using default atime settings when remounting a filesystem could be disallowed. To avoid this problems in the future add tests to ensure unprivileged remounts are succeeding and failing at the appropriate times. Cc: stable@vger.kernel.org Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
Eric W. Biederman authored
Since March 2009 the kernel has treated the state that if no MS_..ATIME flags are passed then the kernel defaults to relatime. Defaulting to relatime instead of the existing atime state during a remount is silly, and causes problems in practice for people who don't specify any MS_...ATIME flags and to get the default filesystem atime setting. Those users may encounter a permission error because the default atime setting does not work. A default that does not work and causes permission problems is ridiculous, so preserve the existing value to have a default atime setting that is always guaranteed to work. Using the default atime setting in this way is particularly interesting for applications built to run in restricted userspace environments without /proc mounted, as the existing atime mount options of a filesystem can not be read from /proc/mounts. In practice this fixes user space that uses the default atime setting on remount that are broken by the permission checks keeping less privileged users from changing more privileged users atime settings. Cc: stable@vger.kernel.org Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
Eric W. Biederman authored
While invesgiating the issue where in "mount --bind -oremount,ro ..." would result in later "mount --bind -oremount,rw" succeeding even if the mount started off locked I realized that there are several additional mount flags that should be locked and are not. In particular MNT_NOSUID, MNT_NODEV, MNT_NOEXEC, and the atime flags in addition to MNT_READONLY should all be locked. These flags are all per superblock, can all be changed with MS_BIND, and should not be changable if set by a more privileged user. The following additions to the current logic are added in this patch. - nosuid may not be clearable by a less privileged user. - nodev may not be clearable by a less privielged user. - noexec may not be clearable by a less privileged user. - atime flags may not be changeable by a less privileged user. The logic with atime is that always setting atime on access is a global policy and backup software and auditing software could break if atime bits are not updated (when they are configured to be updated), and serious performance degradation could result (DOS attack) if atime updates happen when they have been explicitly disabled. Therefore an unprivileged user should not be able to mess with the atime bits set by a more privileged user. The additional restrictions are implemented with the addition of MNT_LOCK_NOSUID, MNT_LOCK_NODEV, MNT_LOCK_NOEXEC, and MNT_LOCK_ATIME mnt flags. Taken together these changes and the fixes for MNT_LOCK_READONLY should make it safe for an unprivileged user to create a user namespace and to call "mount --bind -o remount,... ..." without the danger of mount flags being changed maliciously. Cc: stable@vger.kernel.org Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
Eric W. Biederman authored
There are no races as locked mount flags are guaranteed to never change. Moving the test into do_remount makes it more visible, and ensures all filesystem remounts pass the MNT_LOCK_READONLY permission check. This second case is not an issue today as filesystem remounts are guarded by capable(CAP_DAC_ADMIN) and thus will always fail in less privileged mount namespaces, but it could become an issue in the future. Cc: stable@vger.kernel.org Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
Eric W. Biederman authored
Kenton Varda <kenton@sandstorm.io> discovered that by remounting a read-only bind mount read-only in a user namespace the MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user to the remount a read-only mount read-write. Correct this by replacing the mask of mount flags to preserve with a mask of mount flags that may be changed, and preserve all others. This ensures that any future bugs with this mask and remount will fail in an easy to detect way where new mount flags simply won't change. Cc: stable@vger.kernel.org Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
- 30 Jul, 2014 1 commit
-
-
Eric W. Biederman authored
The synchronous syncrhonize_rcu in switch_task_namespaces makes setns a sufficiently expensive system call that people have complained. Upon inspect nsproxy no longer needs rcu protection for remote reads. remote reads are rare. So optimize for same process reads and write by switching using rask_lock instead. This yields a simpler to understand lock, and a faster setns system call. In particular this fixes a performance regression observed by Rafael David Tinoco <rafael.tinoco@canonical.com>. This is effectively a revert of Pavel Emelyanov's commit cf7b708c Make access to task's nsproxy lighter from 2007. The race this originialy fixed no longer exists as do_notify_parent uses task_active_pid_ns(parent) instead of parent->nsproxy. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
-
- 21 Jul, 2014 9 commits
-
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/stagingLinus Torvalds authored
Pull more IIO driver fixes from Greg KH: "Here are two IIO driver fixes for 3.16-rc6 that resolve some reported issues" * tag 'staging-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: iio: mma8452: Use correct acceleration units. iio:core: Handle error when mask type is not separate
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usbLinus Torvalds authored
Pull USB fixes from Greg KH: "Here are two USB patches that resolve some reported issues, one with an odd HUB, and one in the chipidea driver" * tag 'usb-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: usb: Check if port status is equal to RxDetect usb: chipidea: udc: Disable auto ZLP generation on ep0
-
Linus Torvalds authored
Merge tag 'driver-core-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fix from Greg KH: "Here is a single driver core fix that reverts an older patch that has been causing a number of reported problems with the platform devices. This revert has been in linux-next for a while with no reported issues" * tag 'driver-core-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: platform_get_irq: Revert to platform_get_resource if of_irq_get fails
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull char/misc fix from Greg KH: "Here's a single hyper-v driver fix for a reported issue" * tag 'char-misc-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: Drivers: hv: hv_fcopy: fix a race condition for SMP guest
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull intel drm fixes from Dave Airlie: "Intel fixes came in late, but since I debugged one of them I'll send them on, Two reverts, a quirk and one warn regression" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: Revert "drm/i915: reverse dp link param selection, prefer fast over wide again" drm/i915: Track the primary plane correctly when reassigning planes drm/i915: Ignore VBT backlight presence check on HP Chromebook 14 Revert "drm/i915: Don't set the 8to6 dither flag when not scaling"
-
git://git.kernel.org/pub/scm/linux/kernel/git/rw/umlLinus Torvalds authored
Pull UML fixes from Richard Weinberger: "Four fixes, all discovered by Trinity" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml: um: segv: Save regs only in case of a kernel mode fault um: Fix hung task in fix_range_common() um: Ensure that a stub page cannot get unmapped Revert "um: Fix wait_stub_done() error handling"
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfsLinus Torvalds authored
Pull btrfs fixes from Chris Mason: "We have two more fixes in my for-linus branch. I was hoping to also include a fix for a btrfs deadlock with compression enabled, but we're still nailing that one down" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: test for valid bdev before kobj removal in btrfs_rm_device Btrfs: fix abnormal long waiting in fsync
-
git://git.linux-nfs.org/projects/trondmy/linux-nfsLinus Torvalds authored
Pull NFS client fixes from Trond Myklebust: "Apologies for the relative lateness of this pull request, however the commits fix some issues with the NFS read/write code updates in 3.16-rc1 that can cause serious Oopsing when using small r/wsize. The delay was mainly due to extra testing to make sure that the fixes behave correctly. Highlights include; - Stable fix for an NFSv3 posix ACL regression - Multiple fixes for regressions to the NFS generic read/write code: - Fix page splitting bugs that come into play when a small rsize/wsize read/write needs to be sent again (due to error conditions or page redirty) - Fix nfs_wb_page_cancel, which is called by the "invalidatepage" method - Fix 2 compile warnings about unused variables - Fix a performance issue affecting unstable writes" * tag 'nfs-for-3.16-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFS: Don't reset pg_moreio in __nfs_pageio_add_request NFS: Remove 2 unused variables nfs: handle multiple reqs in nfs_wb_page_cancel nfs: handle multiple reqs in nfs_page_async_flush nfs: change find_request to find_head_request nfs: nfs_page should take a ref on the head req nfs: mark nfs_page reqs with flag for extra ref nfs: only show Posix ACLs in listxattr if actually present
-
- 20 Jul, 2014 4 commits
-
-
Richard Weinberger authored
...otherwise me lose user mode regs and the resulting stack trace is useless. Signed-off-by: Richard Weinberger <richard@nod.at>
-
Richard Weinberger authored
If do_ops() fails we have to release current->mm->mmap_sem otherwise the failing task will never terminate. Reported-by: Toralf Förster <toralf.foerster@gmx.de> Signed-off-by: Richard Weinberger <richard@nod.at>
-
Richard Weinberger authored
Trinity discovered an execution path such that a task can unmap his stub page. Reported-by: Toralf Förster <toralf.foerster@gmx.de> Signed-off-by: Richard Weinberger <richard@nod.at>
-
Richard Weinberger authored
This reverts commit 0974a9ca. The real for for that issue is to release current->mm->mmap_sem in fix_range_common(). Signed-off-by: Richard Weinberger <richard@nod.at>
-
- 19 Jul, 2014 18 commits
-
-
Eric Sandeen authored
commit 99994cde btrfs: dev delete should remove sysfs entry added a btrfs_kobj_rm_device, which dereferences device->bdev... right after we check whether device->bdev might be NULL. I don't honestly know if it's possible to have a NULL device->bdev here, but assuming that it is (given the test), we need to move the kobject removal to be under that test. (Coverity spotted this) Signed-off-by: Eric Sandeen <sandeen@redhat.com> Signed-off-by: Chris Mason <clm@fb.com>
-
Liu Bo authored
xfstests generic/127 detected this problem. With commit 7fc34a62, now fsync will only flush data within the passed range. This is the cause of the above problem, -- btrfs's fsync has a stage called 'sync log' which will wait for all the ordered extents it've recorded to finish. In xfstests/generic/127, with mixed operations such as truncate, fallocate, punch hole, and mapwrite, we get some pre-allocated extents, and mapwrite will mmap, and then msync. And I find that msync will wait for quite a long time (about 20s in my case), thanks to ftrace, it turns out that the previous fallocate calls 'btrfs_wait_ordered_range()' to flush dirty pages, but as the range of dirty pages may be larger than 'btrfs_wait_ordered_range()' wants, there can be some ordered extents created but not getting corresponding pages flushed, then they're left in memory until we fsync which runs into the stage 'sync log', and fsync will just wait for the system writeback thread to flush those pages and get ordered extents finished, so the latency is inevitable. This adds a flush similar to btrfs_start_ordered_extent() in btrfs_wait_logged_extents() to fix that. Reviewed-by: Miao Xie <miaox@cn.fujitsu.com> Signed-off-by: Liu Bo <bo.li.liu@oracle.com> Signed-off-by: Chris Mason <clm@fb.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull locking fixes from Thomas Gleixner: "The locking department delivers: - A rather large and intrusive bundle of fixes to address serious performance regressions introduced by the new rwsem / mcs technology. Simpler solutions have been discussed, but they would have been ugly bandaids with more risk than doing the right thing. - Make the rwsem spin on owner technology opt-in for architectures and enable it only on the known to work ones. - A few fixes to the lockdep userspace library" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: locking/rwsem: Add CONFIG_RWSEM_SPIN_ON_OWNER locking/mutex: Disable optimistic spinning on some architectures locking/rwsem: Reduce the size of struct rw_semaphore locking/rwsem: Rename 'activity' to 'count' locking/spinlocks/mcs: Micro-optimize osq_unlock() locking/spinlocks/mcs: Introduce and use init macro and function for osq locks locking/spinlocks/mcs: Convert osq lock to atomic_t to reduce overhead locking/spinlocks/mcs: Rename optimistic_spin_queue() to optimistic_spin_node() locking/rwsem: Allow conservative optimistic spinning when readers have lock tools/liblockdep: Account for bitfield changes in lockdeps lock_acquire tools/liblockdep: Remove debug print left over from development tools/liblockdep: Fix comparison of a boolean value with a value of 2
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull scheduler fix from Thomas Gleixner: "Prevent a possible divide by zero in the debugging code" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched: Fix possible divide by zero in avg_atom() calculation
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull irq fixes from Thomas Gleixner: "Three patches addressing shortcomings in the ARM gic interrupt chip driver" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip: gic: Fix core ID calculation when topology is read from DT irqchip: gic: Add binding probe for ARM GIC400 irqchip: gic: Add support for cortex a7 compatible string
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull timer fix from Thomas Gleixner: "A single fix for a long standing issue in the alarm timer subsystem, which was noticed recently when people finally started to use alarm timers for serious work" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: alarmtimer: Fix bug where relative alarm timers were treated as absolute
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull RCU fixes from Thomas Gleixner: "Two RCU patches: - Address a serious performance regression on open/close caused by commit ac1bea85 ("Make cond_resched() report RCU quiescent states") - Export RCU debug functions. Not a regression, but enablement to address a serious recursion bug in the sl*b allocators in 3.17" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: rcu: Reduce overhead of cond_resched() checks for RCU rcu: Export debug_init_rcu_head() and and debug_init_rcu_head()
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-socLinus Torvalds authored
Pull ARM SoC fixes from Olof Johansson: "A smaller set of fixes this week, and all regression fixes: - a handful of issues fixed on at91 with common clock conversion - a set of fixes for Marvell mvebu (SMP, coherency, PM) - a clock fix for i.MX6Q. - ... and a SMP/hotplug fix for Exynos" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: EXYNOS: Fix core ID used by platsmp and hotplug code ARM: at91/dt: add missing clocks property to pwm node in sam9x5.dtsi ARM: at91/dt: fix usb0 clocks definition in sam9n12 dtsi ARM: at91: at91sam9x5: correct typo error for ohci clock ARM: clk-imx6q: parent lvds_sel input from upstream clock gates ARM: mvebu: Fix coherency bus notifiers by using separate notifiers ARM: mvebu: Fix the operand list in the inline asm of armada_370_xp_pmsu_idle_enter ARM: mvebu: fix SMP boot for Armada 38x and Armada 375 Z1 in big endian
-
git://anongit.freedesktop.org/drm-intelDave Airlie authored
But in any case nothing really shocking in here, 2 reverts, 1 quirk and a regression fix a WARN. * tag 'drm-intel-fixes-2014-07-18' of git://anongit.freedesktop.org/drm-intel: Revert "drm/i915: reverse dp link param selection, prefer fast over wide again" drm/i915: Track the primary plane correctly when reassigning planes drm/i915: Ignore VBT backlight presence check on HP Chromebook 14 Revert "drm/i915: Don't set the 8to6 dither flag when not scaling"
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Peter Anvin: "A couple of key fixes and a few less critical ones. The main ones are: - add a .bss section to the PE/COFF headers when building with EFI stub - invoke the correct paravirt magic when building the espfix page tables Unfortunately both of these areas also have at least one additional fix each still in thie pipeline, but which are not yet ready to push" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86: Remove unused variable "polling" x86/espfix/xen: Fix allocation of pages for paravirt page tables x86/efi: Include a .bss section within the PE/COFF headers efi: fdt: Do not report an error during boot if UEFI is not available efi/arm64: efistub: remove local copy of linux_banner
-
git://git.kernel.org/pub/scm/linux/kernel/git/roland/infinibandLinus Torvalds authored
Pull infiniband/rdma fixes from Roland Dreier: - cxgb4 hardware driver regression fixes - mlx5 hardware driver regression fixes * tag 'rdma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: IB/mlx5: Enable "block multicast loopback" for kernel consumers RDMA/cxgb4: Call iwpm_init() only once mlx5_core: Fix possible race between mr tree insert/delete RDMA/cxgb4: Initialize the device status page RDMA/cxgb4: Clean up connection on ARP error RDMA/cxgb4: Fix skb_leak in reject_cr()
-
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-stagingLinus Torvalds authored
Pull hwmon fixes from Guenter Roeck: "More fallout from module tests and code inspection. Fixes to temperature limit write operations in adt7470 driver. Also, dashes are not allowed in hwmon 'name' attributes. Fix drivers where necessary" * tag 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (adt7470) Fix writes to temperature limit registers hwmon: (da9055) Don't use dash in the name attribute hwmon: (da9052) Don't use dash in the name attribute
-
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommuLinus Torvalds authored
Pull iommu fixes from Joerg Roedel: "A couple of fixes for the Freescale PAMU driver queued up: - fix PAMU window size check. - fix the device domain attach condition. - fix the error condition during iommu group" * tag 'iommu-fixes-v3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/fsl: Fix the error condition during iommu group iommu/fsl: Fix the device domain attach condition. iommu/fsl: Fix PAMU window size check.
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull ACPI and power management fixes from Rafael Wysocki: "These are a few recent regression fixes, a revert of the ACPI video commit I promised, a system resume fix related to request_firmware(), an ACPI video quirk for one more Win8-oriented BIOS, an ACPI device enumeration documentation update and a few fixes for ARM cpufreq drivers. Specifics: - Fix for a recently introduced NULL pointer dereference in the core system suspend code occuring when platforms without ACPI attempt to use the "freeze" sleep state from Zhang Rui. - Fix for a recently introduced build warning in cpufreq headers from Brian W Hart. - Fix for a 3.13 cpufreq regression related to sysem resume that triggers on some systems with multiple CPU clusters from Viresh Kumar. - Fix for a 3.4 regression in request_firmware() resulting in WARN_ON()s on some systems during system resume from Takashi Iwai. - Revert of the ACPI video commit that changed the default value of the video.brightness_switch_enabled command line argument to 0 as it has been reported to break existing setups. - ACPI device enumeration documentation update to take recent code changes into account and make the documentation match the code again from Darren Hart. - Fixes for the sa1110, imx6q, kirkwood, and cpu0 cpufreq drivers from Linus Walleij, Nicolas Del Piano, Quentin Armitage, Viresh Kumar. - New ACPI video blacklist entry for HP ProBook 4540s from Hans de Goede" * tag 'pm+acpi-3.16-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: make table sentinel macros unsigned to match use cpufreq: move policy kobj to policy->cpu at resume cpufreq: cpu0: OPPs can be populated at runtime cpufreq: kirkwood: Reinstate cpufreq driver for ARCH_KIRKWOOD cpufreq: imx6q: Select PM_OPP cpufreq: sa1110: set memory type for h3600 ACPI / video: Add use_native_backlight quirk for HP ProBook 4540s PM / sleep: fix freeze_ops NULL pointer dereferences PM / sleep: Fix request_firmware() error at resume Revert "ACPI / video: change acpi-video brightness_switch_enabled default to 0" ACPI / documentation: Remove reference to acpi_platform_device_ids from enumeration.txt
-
git://people.freedesktop.org/~airlied/linuxLinus Torvalds authored
Pull drm fixes from Dave Airlie: "One nouveau deadlock fix, one qxl irq handling fix, and a set of radeon pageflipping changes that fix regressions in pageflipping since -rc1 along with a leak and backlight fix. The pageflipping fixes are a bit bigger than I'd like, but there has been a few people focused on testing them" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon: Make classic pageflip completion path less racy. drm/radeon: Add missing vblank_put in pageflip ioctl error path. drm/radeon: Remove redundant fence unref in pageflip path. drm/radeon: Complete page flip even if waiting on the BO fence fails drm/radeon: Move pinning the BO back to radeon_crtc_page_flip() drm/radeon: Prevent too early kms-pageflips triggered by vblank. drm/radeon: set default bl level to something reasonable drm/radeon: avoid leaking edid data drm/qxl: return IRQ_NONE if it was not our irq drm/nouveau/therm: fix a potential deadlock in the therm monitoring code
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/randomLinus Torvalds authored
Pull /dev/random fix from Ted Ts'o: "Fix a BUG splat found by trinity" * tag 'random_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: check for increase of entropy_count because of signed conversion
-
git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6Linus Torvalds authored
Pull crypto fixes from Herbert Xu: "This push fixes a boot hang in virt guests when the virtio RNG is enabled" * git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: hwrng: virtio - ensure reads happen after successful probe hwrng: fetch randomness only after device init
-
Hannes Frederic Sowa authored
The expression entropy_count -= ibytes << (ENTROPY_SHIFT + 3) could actually increase entropy_count if during assignment of the unsigned expression on the RHS (mind the -=) we reduce the value modulo 2^width(int) and assign it to entropy_count. Trinity found this. [ Commit modified by tytso to add an additional safety check for a negative entropy_count -- which should never happen, and to also add an additional paranoia check to prevent overly large count values to be passed into urandom_read(). ] Reported-by: Dave Jones <davej@redhat.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@vger.kernel.org
-