- 14 May, 2010 12 commits
-
-
git://git.infradead.org/users/eparis/notifyLinus Torvalds authored
* 'for-linus' of git://git.infradead.org/users/eparis/notify: inotify: don't leak user struct on inotify release inotify: race use after free/double free in inotify inode marks inotify: clean up the inotify_add_watch out path Inotify: undefined reference to `anon_inode_getfd' Manual merge to remove duplicate "select ANON_INODES" from Kconfig file
-
Linus Torvalds authored
Merge branch 'davinci-fixes-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-davinci * 'davinci-fixes-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-davinci: DA830: fix USB 2.0 clock entry
-
Sergei Shtylyov authored
DA8xx OHCI driver fails to load due to failing clk_get() call for the USB 2.0 clock. Arrange matching USB 2.0 clock by the clock name instead of the device. (Adding another CLK() entry for "ohci.0" device won't do -- in the future I'll also have to enable USB 2.0 clock to configure CPPI 4.1 module, in which case I won't have any device at all.) Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Kevin Hilman <khilman@deeprootsystems.com>
-
Pavel Emelyanov authored
inotify_new_group() receives a get_uid-ed user_struct and saves the reference on group->inotify_data.user. The problem is that free_uid() is never called on it. Issue seem to be introduced by 63c882a0 (inotify: reimplement inotify using fsnotify) after 2.6.30. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Eric Paris <eparis@parisplace.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Eric Paris <eparis@redhat.com>
-
Eric Paris authored
There is a race in the inotify add/rm watch code. A task can find and remove a mark which doesn't have all of it's references. This can result in a use after free/double free situation. Task A Task B ------------ ----------- inotify_new_watch() allocate a mark (refcnt == 1) add it to the idr inotify_rm_watch() inotify_remove_from_idr() fsnotify_put_mark() refcnt hits 0, free take reference because we are on idr [at this point it is a use after free] [time goes on] refcnt may hit 0 again, double free The fix is to take the reference BEFORE the object can be found in the idr. Signed-off-by: Eric Paris <eparis@redhat.com> Cc: <stable@kernel.org>
-
Eric Paris authored
inotify_add_watch explictly frees the unused inode mark, but it can just use the generic code. Just do that. Signed-off-by: Eric Paris <eparis@redhat.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: vhost: fix barrier pairing
-
Linus Torvalds authored
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: mmap_min_addr check CAP_SYS_RAWIO only for write
-
git://git.monstr.eu/linux-2.6-microblazeLinus Torvalds authored
* 'for-linus' of git://git.monstr.eu/linux-2.6-microblaze: microblaze: Fix module loading on system with WB cache microblaze: export assembly functions used by modules microblaze: Remove powerpc code from Microblaze port microblaze: Remove compilation warnings in cache macro microblaze: export assembly functions used by modules microblaze: fix get_user/put_user side-effects microblaze: re-enable interrupts before calling schedule
-
-
Kees Cook authored
Redirecting directly to lsm, here's the patch discussed on lkml: http://lkml.org/lkml/2010/4/22/219 The mmap_min_addr value is useful information for an admin to see without being root ("is my system vulnerable to kernel NULL pointer attacks?") and its setting is trivially easy for an attacker to determine by calling mmap() in PAGE_SIZE increments starting at 0, so trying to keep it private has no value. Only require CAP_SYS_RAWIO if changing the value, not reading it. Comment from Serge : Me, I like to write my passwords with light blue pen on dark blue paper, pasted on my window - if you're going to get my password, you're gonna get a headache. Signed-off-by: Kees Cook <kees.cook@canonical.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> (cherry picked from commit 822cceec)
-
Michal Simek authored
There is necessary to flush whole dcache. Icache work should be done in kernel/module.c. Signed-off-by: Michal Simek <monstr@monstr.eu>
-
- 13 May, 2010 28 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sameo/mfd-2.6: mfd: Clean up after WM83xx AUXADC interrupt if it arrives late
-
git://git.kernel.org/pub/scm/virt/kvm/kvmLinus Torvalds authored
* 'kvm-updates/2.6.34' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: PPC: Keep index within boundaries in kvmppc_44x_emul_tlbwe() KVM: VMX: blocked-by-sti must not defer NMI injections KVM: x86: Call vcpu_load and vcpu_put in cpuid_update KVM: SVM: Fix wrong intercept masks on 32 bit KVM: convert ioapic lock to spinlock
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6: serial: imx.c: fix CTS trigger level lower to avoid lost chars tty: Fix unbalanced BKL handling in error path serial: mpc52xx_uart: fix null pointer dereference
-
Valentin Longchamp authored
The imx CTS trigger level is left at its reset value that is 32 chars. Since the RX FIFO has 32 entries, when CTS is raised, the FIFO already is full. However, some serial port devices first empty their TX FIFO before stopping when CTS is raised, resulting in lost chars. This patch sets the trigger level lower so that other chars arrive after CTS is raised, there is still room for 16 of them. Signed-off-by: Valentin Longchamp<valentin.longchamp@epfl.ch> Tested-by: Philippe Rétornaz<philippe.retornaz@epfl.ch> Acked-by: Wolfram Sang<w.sang@pengutronix.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Alan Cox authored
Arnd noted: After the "retry_open:" label, we first get the tty_mutex and then the BKL. However a the end of tty_open, we jump back to retry_open with the BKL still held. If we run into this case, the tty_open function will be left with the BKL still held. Signed-off-by: Alan Cox <alan@linux.intel.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Anatolij Gustschin authored
Commit 6acc6833 introduced NULL pointer dereference and kernel crash on ppc32 machines while booting. Fix this bug now. Reported-by: Leonardo Chiquitto <leonardo.lists@gmail.com> Tested-by: Leonardo Chiquitto <leonardo.lists@gmail.com> Signed-off-by: Anatolij Gustschin <agust@denx.de> Acked-by: Grant Likely <grant.likely@secretlab.ca> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: guard against hardlinking directories
-
Jan Kara authored
According to specification mkdir d; ln -s d a; open("a/", O_NOFOLLOW | O_RDONLY) should return success but currently it returns ELOOP. This is a regression caused by path lookup cleanup patch series. Fix the code to ignore O_NOFOLLOW in case the provided path has trailing slashes. Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Reported-by: Marius Tolzmann <tolzmann@molgen.mpg.de> Acked-by: Miklos Szeredi <mszeredi@suse.cz> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6Linus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ALSA: ice1724 - Fix ESI Maya44 capture source control ALSA: pcm - Use pgprot_noncached() for MIPS non-coherent archs ALSA: virtuoso: fix Xonar D1/DX front panel microphone ALSA: hda - Add hp-dv4 model for IDT 92HD71bx ALSA: hda - Fix mute-LED GPIO pin for HP dv series ALSA: hda: Fix 0 dB for Lenovo models using Conexant CX20549 (Venice)
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: ad7877 - keep dma rx buffers in seperate cache lines Input: psmouse - reset all types of mice before reconnecting Input: elantech - use all 3 bytes when checking version Input: iforce - fix Guillemot Jet Leader 3D entry Input: iforce - add Guillemot Jet Leader Force Feedback
-
Mark Brown authored
In certain circumstances, especially under heavy load, the AUXADC completion interrupt may be detected after we've timed out waiting for it. That conversion would still succeed but the next conversion will see the completion that was signalled by the interrupt for the previous conversion and therefore not wait for the AUXADC conversion to run, causing it to report failure. Provide a simple, non-invasive cleanup by using try_wait_for_completion() to ensure that the completion is not signalled before we wait. Since the AUXADC is run within a mutex we know there can only have been at most one AUXADC interrupt outstanding. A more involved change should follow for the next merge window. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
-
Michal Simek authored
Export __strncpy_user, memory_size, ioremap_bot for modules. Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Michal Simek authored
Remove eeh_add_device_tree_late which is powerpc specific code. Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Michal Simek authored
CC arch/microblaze/kernel/cpu/cache.o arch/microblaze/kernel/cpu/cache.c: In function '__invalidate_dcache_range_wb': arch/microblaze/kernel/cpu/cache.c:398: warning: ISO C90 forbids mixed declarations and code arch/microblaze/kernel/cpu/cache.c: In function '__flush_dcache_range_wb': arch/microblaze/kernel/cpu/cache.c:509: warning: ISO C90 forbids mixed declara Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Steven J. Magnani authored
Modules that use copy_{to,from}_user(), memcpy(), and memset() fail to build in certain circumstances. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Takashi Iwai authored
-
Oskar Schirmer authored
With dma based spi transmission, data corruption is observed occasionally. With dma buffers located right next to msg and xfer fields, cache lines correctly flushed in preparation for dma usage may be polluted again when writing to fields in the same cache line. Make sure cache fields used with dma do not share cache lines with fields changed during dma handling. As both fields are part of a struct that is allocated via kzalloc, thus cache aligned, moving the fields to the 1st position and insert padding for alignment does the job. Signed-off-by: Oskar Schirmer <os@emlix.com> Signed-off-by: Daniel Glöckner <dg@emlix.com> Signed-off-by: Oliver Schneidewind <osw@emlix.com> Signed-off-by: Johannes Weiner <jw@emlix.com> Acked-by: Mike Frysinger <vapier@gentoo.org> [dtor@mail.ru - changed to use ___cacheline_aligned as suggested by akpm] Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
-
Dmitry Torokhov authored
Synaptics hardware requires resetting device after suspend to ram in order for the device to be operational. The reset lives in synaptics-specific reconnect handler, but it is not being invoked if synaptics support is disabled and the device is handled as a standard PS/2 device (bare or IntelliMouse protocol). Let's add reset into generic reconnect handler as well. Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
-
Dmitry Torokhov authored
Apparently all 3 bytes returned by ETP_FW_VERSION_QUERY are significant and should be taken into account when matching hardware version/features. Tested-by: Eric Piel <eric.piel@tremplin-utc.net> Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
-
Steven J. Magnani authored
The Microblaze implementations of get_user() and (MMU) put_user() evaluate the address argument more than once. This causes unexpected side-effects for invocations that include increment operators, i.e. get_user(foo, bar++). This patch also removes the distinction between MMU and noMMU put_user(). Without the patch: $ echo 1234567890 > /proc/sys/kernel/core_pattern $ cat /proc/sys/kernel/core_pattern 12345 Signed-off-by: Steven J. Magnani <steve@digidescorp.com>
-
Steven J. Magnani authored
schedule() should not be called with interrupts disabled. Signed-off-by: Steven J. Magnani <steve@digidescorp.com> Signed-off-by: Michal Simek <monstr@monstr.eu>
-
Roel Kluin authored
An index of KVM44x_GUEST_TLB_SIZE is already one too large. Signed-off-by: Roel Kluin <roel.kluin@gmail.com> Acked-by: Hollis Blanchard <hollis@penguinppc.org> Acked-by: Alexander Graf <agraf@suse.de> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-
Jan Kiszka authored
As the processor may not consider GUEST_INTR_STATE_STI as a reason for blocking NMI, it could return immediately with EXIT_REASON_NMI_WINDOW when we asked for it. But as we consider this state as NMI-blocking, we can run into an endless loop. Resolve this by allowing NMI injection if just GUEST_INTR_STATE_STI is active (originally suggested by Gleb). Intel confirmed that this is safe, the processor will never complain about NMI injection in this state. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> KVM-Stable-Tag Acked-by: Gleb Natapov <gleb@redhat.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-
Dongxiao Xu authored
cpuid_update may operate VMCS, so vcpu_load() and vcpu_put() should be called to ensure correctness. Signed-off-by: Dongxiao Xu <dongxiao.xu@intel.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-
Joerg Roedel authored
This patch makes KVM on 32 bit SVM working again by correcting the masks used for iret interception. With the wrong masks the upper 32 bits of the intercepts are masked out which leaves vmrun unintercepted. This is not legal on svm and the vmrun fails. Bug was introduced by commits 95ba8273 and 3cfc3092. Cc: Jan Kiszka <jan.kiszka@siemens.com> Cc: Gleb Natapov <gleb@redhat.com> Cc: stable@kernel.org Signed-off-by: Joerg Roedel <joerg.roedel@amd.com> Signed-off-by: Avi Kivity <avi@redhat.com>
-
Marcelo Tosatti authored
kvm_set_irq is used from non sleepable contexes, so convert ioapic from mutex to spinlock. KVM-Stable-Tag. Tested-by: Ralf Bonenkamp <ralf.bonenkamp@swyx.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpcLinus Torvalds authored
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: powerpc/perf_event: Fix oops due to perf_event_do_pending call powerpc/swiotlb: Fix off by one in determining boundary of which ops to use
-
git://git390.marist.edu/pub/scm/linux-2.6Linus Torvalds authored
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6: [S390] correct address of _stext with CONFIG_SHARED_KERNEL=y [S390] ptrace: fix return value of do_syscall_trace_enter() [S390] dasd: fix race between tasklet and dasd_sleep_on
-