- 23 Jul, 2008 2 commits
-
-
Oleg Nesterov authored
The bug was reported and analysed by Mark McLoughlin <markmc@redhat.com>, the patch is based on his and Roland's suggestions. posix_timer_event() always rewrites the pre-allocated siginfo before sending the signal. Most of the written info is the same all the time, but memset(0) is very wrong. If ->sigq is queued we can race with collect_signal() which can fail to find this siginfo looking at .si_signo, or copy_siginfo() can copy the wrong .si_code/si_tid/etc. In short, sys_timer_settime() can in fact stop the active timer, or the user can receive the siginfo with the wrong .si_xxx values. Move "memset(->info, 0)" from posix_timer_event() to alloc_posix_timer(), change send_sigqueue() to set .si_overrun = 0 when ->sigq is not queued. It would be nice to move the whole sigq->info initialization from send to create path, but this is not easy to do without uglifying timer_create() further. As Roland rightly pointed out, we need more cleanups/fixes here, see the "FIXME" comment in the patch. Hopefully this patch makes sense anyway, and it can mask the most bad implications. Reported-by:
Mark McLoughlin <markmc@redhat.com> Signed-off-by:
Oleg Nesterov <oleg@tv-sign.ru> Cc: Mark McLoughlin <markmc@redhat.com> Cc: Oliver Pinter <oliver.pntr@gmail.com> Cc: Roland McGrath <roland@redhat.com> Cc: stable@kernel.org Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> kernel/posix-timers.c | 17 +++++++++++++---- kernel/signal.c | 1 + 2 files changed, 14 insertions(+), 4 deletions(-)
-
Oleg Nesterov authored
do_schedule_next_timer() sets info->si_overrun = timr->it_overrun_last, this discards the already accumulated overruns. Signed-off-by:
-
- 24 May, 2008 1 commit
-
-
Hiroshi Shimamoto authored
It's useful to detect which process is killed by RT watchdog. Signed-off-by:
Hiroshi Shimamoto <h-shimamoto@ct.jp.nec.com> Signed-off-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
-
- 22 May, 2008 14 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: [CIFS] Fix reversed memset arguments Adds username in the upcall key for unattended mounts with keytab [CIFS] Remove redundant NULL check
-
Dave Jones authored
Signed-off-by:
Dave Jones <davej@redhat.com> Signed-off-by:
Steve French <sfrench@us.ibm.com>
-
Igor Mammedov authored
Signed-off-by:
Igor Mammedov <niallain@gmail.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: net: The world is not perfect patch. tcp: Make prior_ssthresh a u32 xfrm_user: Remove zero length key checks. net/ipv4/arp.c: Use common hex_asc helpers cassini: Only use chip checksum for ipv4 packets. tcp: TCP connection times out if ICMP frag needed is delayed netfilter: Move linux/types.h inclusions outside of #ifdef __KERNEL__ af_key: Fix selector family initialization. libertas: Fix ethtool statistics mac80211: fix NULL pointer dereference in ieee80211_compatible_rates mac80211: don't claim iwspy support orinoco_cs: add ID for SpeedStream wireless adapters hostap_cs: add ID for Conceptronic CON11CPro rtl8187: resource leak in error case ath5k: Fix loop variable initializations
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6: sparc64: Prevent stack backtrace false positives on trap frames. sparc64: Fix stack tracing through trap frames. sparc64: Fix kernel thread stack termination. sunhv: Fix locking in non-paged I/O case.
-
David S. Miller authored
When we fully commit to returning back to kernel mode from a trap, zero out the regs->magic value to prevent false positives during stack backtraces. Signed-off-by:David S. Miller <davem@davemloft.net>
-
Steve French authored
Noticed by Coverity checker. Signed-off-by: -
David S. Miller authored
The offset to the pt_regs area was wrong, so we weren't looking at the right location for the magic cookie. A trap frame is composed of a "struct sparc_stackf" then a "struct pt_regs", the code was using "struct reg_window" instead of "struct sparc_stackf". Signed-off-by: -
David S. Miller authored
Because of the silly way I set up the initial stack for new kernel threads, there is a loop at the top of the stack. To fix this, properly add another stack frame that is copied from the parent and terminate it in the child by setting the frame pointer in that frame to zero. Signed-off-by: -
Rami Rosen authored
Unless there will be any objection here, I suggest consider the following patch which simply removes the code for the -DI_WISH_WORLD_WERE_PERFECT in the three methods which use it. The compilation errors we get when using -DI_WISH_WORLD_WERE_PERFECT show that this code was not built and not used for really a long time. Signed-off-by:
Rami Rosen <ramirose@gmail.com> Signed-off-by:
-
Ilpo Järvinen authored
If previous window was above representable values of u16, strange things will happen if undo with the truncated value is called for. Alternatively, this could be fixed by some max trickery but that would limit undoing high-speed undos. Adds 16-bit hole but there isn't anything to fill it with. Signed-off-by:
Ilpo Järvinen <ilpo.jarvinen@helsinki.fi> Signed-off-by:
-
David S. Miller authored
The crypto layer will determine whether that is valid or not. Suggested by Herbert Xu, based upon a report and patch by Martin Willi. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au>
-
Denis Cheng authored
Here the local hexbuf is a duplicate of global const char hex_asc from lib/hexdump.c, except the hex letters' cases: const char hexbuf[] = "0123456789ABCDEF"; const char hex_asc[] = "0123456789abcdef"; and here to print HW addresses, the hex cases are not significant. Thanks to Harvey Harrison to introduce the hex_asc_hi/hex_asc_lo helpers. Signed-off-by:
Denis Cheng <crquan@gmail.com> Signed-off-by:
Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by:
-
David S. Miller authored
According to David Monro, at least with Natsemi Saturn chips the cassini driver has some trouble with ipv6 checksums. Until we have more information about what's going on here, only use the chip checksums for ipv4. This workaround was suggested and tested by David. Update version and release date. Signed-off-by:
-
- 21 May, 2008 23 commits
-
-
Al Viro authored
driver uses symbols defined only on ARM Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Al Viro authored
Whether we sidestep it in init/main.c or not, such situations will arise again; compiler does generate calls of strcat() on optimizations, so we really ought to have an out-of-line version... Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
... and we have few enough places using the latter to make it simpler to do search and replace... Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
memcpy() from userland pointer is a Bad Thing(tm) Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Al Viro authored
Fallout from commit 46d7b522 ("uml: move hppfs_kern.c to hppfs.c") Signed-off-by:
Jeff Dike <jdike@addtoit.com> Signed-off-by:
-
Al Viro authored
We want sys/ptrace.h before any includes of linux/ptrace.h and asm/user.h pulls the latter. Signed-off-by:
-
Al Viro authored
Signed-off-by:
-
Sridhar Samudrala authored
We are seeing an issue with TCP in handling an ICMP frag needed message that is received after net.ipv4.tcp_retries1 retransmits. The default value of retries1 is 3. So if the path mtu changes and ICMP frag needed is lost for the first 3 retransmits or if it gets delayed until 3 retransmits are done, TCP doesn't update MSS correctly and continues to retransmit the orginal message until it timesout after tcp_retries2 retransmits. I am seeing this issue even with the latest 2.6.25.4 kernel. In tcp_retransmit_timer(), when retransmits counter exceeds tcp_retries1 value, the dst cache entry of the socket is reset. At this time, if we receive an ICMP frag needed message, the dst entry gets updated with the new MTU, but the TCP sockets dst_cache entry remains NULL. So the next time when we try to retransmit after the ICMP frag needed is received, tcp_retransmit_skb() gets called. Here the cur_mss value is calculated at the start of the routine with a NULL sk_dst_cache. Instead we should call tcp_current_mss after the rebuild_header that caches the dst entry with the updated mtu. Also the rebuild_header should be called before tcp_fragment so that skb is fragmented if the mss goes down. Signed-off-by:
Sridhar Samudrala <sri@us.ibm.com> Signed-off-by:
-
Patrick McHardy authored
Greg Steuck <greg@nest.cx> points out that some of the netfilter headers can't be used in userspace without including linux/types.h first. The headers include their own linux/types.h include statements, these are stripped by make headers-install because they are inside #ifdef __KERNEL__ however. Move them out to fix this. Reported and Tested by Greg Steuck. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Kazunori MIYAZAWA authored
This propagates the xfrm_user fix made in commit bcf0dda8 ("[XFRM]: xfrm_user: fix selector family initialization") Based upon a bug report from, and tested by, Alan Swanson. Signed-off-by:
Kazunori MIYAZAWA <kazunori@miyazawa.org> Signed-off-by:
-
David S. Miller authored
This causes the lock to be taken twice, thus resulting in a deadlock. Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: (21 commits) [CIFS] Remove debug statement Fix possible access to undefined memory region. [CIFS] Enable DFS support for Windows query path info [CIFS] Enable DFS support for Unix query path info [CIFS] add missing seq_printf to cifs_show_options for hard mount option [CIFS] add more complete mount options to cifs_show_options [CIFS] Add missing defines for DFS CIFSGetDFSRefer cleanup + dfs_referral_level_3 fixed to conform REFERRAL_V3 the MS-DFSC spec. Fixed DFS code to work with new 'build_path_from_dentry', that returns full path if share in the dfs, now. [CIFS] enable parsing for transport encryption mount parm [CIFS] Finishup DFS code [CIFS] BKL-removal: convert CIFS over to unlocked_ioctl [CIFS] suppress duplicate warning [CIFS] Fix paths when share is in DFS to include proper prefix add function to convert access flags to legacy open mode clarify return value of cifs_convert_flags() [CIFS] don't explicitly do a FindClose on rewind when directory search has ended [CIFS] cleanup old checkpatch warnings [CIFS] CIFSSMBPosixLock should return -EINVAL on error fix memory leak in CIFSFindNext ...
-
Steve French authored
Signed-off-by:
-
