- 19 Aug, 2014 1 commit
-
-
Michael S. Tsirkin authored
The third parameter of kvm_iommu_put_pages is wrong, It should be 'gfn - slot->base_gfn'. By making gfn very large, malicious guest or userspace can cause kvm to go to this error path, and subsequently to pass a huge value as size. Alternatively if gfn is small, then pages would be pinned but never unpinned, causing host memory leak and local DOS. Passing a reasonable but large value could be the most dangerous case, because it would unpin a page that should have stayed pinned, and thus allow the device to DMA into arbitrary memory. However, this cannot happen because of the condition that can trigger the error: - out of memory (where you can't allocate even a single page) should not be possible for the attacker to trigger - when exceeding the iommu's address space, guest pages after gfn will also exceed the iommu's address space, and inside kvm_iommu_put_pages() the iommu_iova_to_phys() will fail. The page thus would not be unpinned at all. Reported-by:
Jack Morgenstein <jackm@mellanox.com> Cc: stable@vger.kernel.org Signed-off-by:
Michael S. Tsirkin <mst@redhat.com> Signed-off-by:
Paolo Bonzini <pbonzini@redhat.com>
-
- 16 Aug, 2014 39 commits
-
-
Linus Torvalds authored
-
git://cavan.codon.org.uk/platform-drivers-x86Linus Torvalds authored
Pull x86 platform driver updates from Matthew Garrett: "A moderate number of changes, but nothing awfully significant. A lot of const cleanups, some reworking and additions to the rfkill quirks in the asus driver, a new driver for generating falling laptop events on Toshibas and some misc fixes. Maybe vendors have stopped inventing things" * 'for_linus' of git://cavan.codon.org.uk/platform-drivers-x86: (41 commits) platform/x86: Enable build support for toshiba_haps Documentation: Add file about toshiba_haps module platform/x86: Toshiba HDD Active Protection Sensor asus-nb-wmi: Add wapf4 quirk for the U32U alienware-wmi: make hdmi_mux enabled on case-by-case basis ideapad-laptop: Constify DMI table and other r/o variables asus-nb-wmi.c: Rename x401u quirk to wapf4 compal-laptop: correct invalid hwmon name toshiba_acpi: Add Qosmio X75-A to the alt keymap dmi list toshiba_acpi: Add extra check to backlight code Fix log message about future removal of interface ideapad-laptop: Disable touchpad interface on Yoga models asus-nb-wmi: Add wapf4 quirk for the X550CC intel_ips: Make ips_mcp_limits variables static thinkpad_acpi: Mark volume_alsa_control_{vol,mute} as __initdata fujitsu-laptop: Mark fujitsu_dmi_table[] DMI table as __initconst hp-wmi: Add missing __init annotations to initialization code hp_accel: Constify ACPI and DMI tables fujitsu-tablet: Mark DMI callbacks as __init code dell-laptop: Mark dell_quirks[] DMI table as __initconst ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linuxLinus Torvalds authored
Pull idle update from Len Brown: "Two Intel-platform-specific updates to intel_idle, and a cosmetic tweak to the turbostat utility" * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux: tools/power turbostat: tweak whitespace in output format intel_idle: Broadwell support intel_idle: Disable Baytrail Core and Module C6 auto-demotion
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linuxLinus Torvalds authored
Pull module fix from Rusty Russell: "Nasty potential bug if someone uses a known module param with an invalid value (we don't fail unknown module params any more, just warn)" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: module: Clean up ro/nx after early module load failures
-
git://git.kernel.org/pub/scm/linux/kernel/git/amit/virtioLinus Torvalds authored
Pull virtio-rng update from Amit Shah: "Add derating factor for use by hwrng core Sending directly to you with the commit log changes Ted Ts'o pointed out. Not sure if Rusty's back after his travel, but this already has his s-o-b" * 'rng-queue' of git://git.kernel.org/pub/scm/linux/kernel/git/amit/virtio: virtio: rng: add derating factor for use by hwrng core
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfsLinus Torvalds authored
Pull btrfs updates from Chris Mason: "These are all fixes I'd like to get out to a broader audience. The biggest of the bunch is Mark's quota fix, which is also in the SUSE kernel, and makes our subvolume quotas dramatically more accurate. I've been running xfstests with these against your current git overnight, but I'm queueing up longer tests as well" * 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: disable strict file flushes for renames and truncates Btrfs: fix csum tree corruption, duplicate and outdated checksums Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch Btrfs: fix compressed write corruption on enospc btrfs: correctly handle return from ulist_add btrfs: qgroup: account shared subtrees during snapshot delete Btrfs: read lock extent buffer while walking backrefs Btrfs: __btrfs_mod_ref should always use no_quota btrfs: adjust statfs calculations according to raid profiles
-
git://git.samba.org/jlayton/linuxLinus Torvalds authored
Pull file locking bugfixes from Jeff Layton: "Most of these patches are to fix a long-standing regression that crept in when the BKL was removed from the file-locking code. The code was converted to use a conventional spinlock, but some fl_release_private ops can block and you can end up sleeping inside the lock. There's also a patch to make /proc/locks show delegations as 'DELEG'" * tag 'locks-v3.17-2' of git://git.samba.org/jlayton/linux: locks: update Locking documentation to clarify fl_release_private behavior locks: move locks_free_lock calls in do_fcntl_add_lease outside spinlock locks: defer freeing locks in locks_delete_lock until after i_lock has been dropped locks: don't reuse file_lock in __posix_lock_file locks: don't call locks_release_private from locks_copy_lock locks: show delegations as "DELEG" in /proc/locks
-
git://git.kvack.org/~bcrl/aio-nextLinus Torvalds authored
Pull aio updates from Ben LaHaise. * git://git.kvack.org/~bcrl/aio-next: aio: use iovec array rather than the single one aio: fix some comments aio: use the macro rather than the inline magic number aio: remove the needless registration of ring file's private_data aio: remove no longer needed preempt_disable() aio: kill the misleading rcu read locks in ioctx_add_table() and kill_ioctx() aio: change exit_aio() to load mm->ioctx_table once and avoid rcu_read_lock()
-
Azael Avalos authored
Makefile and Kconfig build support patch for the newly introduced kernel module toshiba_haps. Signed-off-by:
Azael Avalos <coproscefalo@gmail.com> Signed-off-by:
Matthew Garrett <matthew.garrett@nebula.com>
-
Azael Avalos authored
This patch provides information about the Toshiba HDD Active Protection Sensor driver module toshiba_haps. Signed-off-by:
-
Azael Avalos authored
This driver adds support for the built-in accelereometer found on recent Toshiba laptops with HID TOS620A. This driver receives ACPI notify events 0x80 when the sensor detects a sudden move or a harsh vibration, as well as an ACPI notify event 0x81 whenever the movement or vibration has been stabilized. Also provides sysfs entries to get/set the desired protection level and reseting the HDD protection interface. Signed-off-by:
-
Hans de Goede authored
As reported here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173681 the U32U needs wapf=4 too. Signed-off-by:
Hans de Goede <hdegoede@redhat.com> Signed-off-by:
-
Mario Limonciello authored
Not all HW supporting WMAX method will support the HDMI mux feature. Explicitly quirk the HW that does support it. Signed-off-by:
Mario Limonciello <mario_limonciello@dell.com> Signed-off-by:
-
Mathias Krause authored
Constify the rfkill_blacklist[] DMI table, the ideapad_rfk_data[] table and the ideapad_attribute_group attribute group. There's no need to have them writeable during runtime. Signed-off-by:
Mathias Krause <minipli@googlemail.com> Cc: Ike Panhc <ike.pan@canonical.com> Signed-off-by:
-
Hans de Goede authored
The actual x401u does not use the so named x401u quirk but the x55u quirk. All that the x401u quirk does it setting wapf to 4, so rename it to wapf4 to stop the confusion. Signed-off-by:
-
Roald Frederickx authored
Change the name of the hwmon interface from "compal-laptop" to "compal". A dash is an invalid character for a hwmon name and caused the call to hwmon_device_register_with_groups() to fail. Signed-off-by:
Roald Frederickx <roald.frederickx@gmail.com> Signed-off-by:
-
Azael Avalos authored
The Toshiba Qosmio X75-A series models also come with the new keymap layout. This patch adds this model to the alt_keymap_dmi list, along with an extra key found on these models. Signed-off-by:
-
Azael Avalos authored
Some Toshiba models (most notably Qosmios) come with an incomplete backlight method where the AML code doesn't check for write or read commands and always returns HCI_SUCCESS and the actual brightness (and in some cases the max brightness), thus allowing the backlight interface to be registered without write support. This patch changes the set_lcd_brightness function, checking the returned values for values greater than zero to avoid registering a broken backlight interface. Signed-off-by:
-
Martin Kepplinger authored
If this is going away, it won't be in 2012. Signed-off-by:
Martin Kepplinger <martink@posteo.de> Signed-off-by:
-
Hans de Goede authored
Yoga models don't offer touchpad ctrl through the ideapad interface, causing ideapad_sync_touchpad_state to send wrong touchpad enable/disable events. Signed-off-by:
-
Hans de Goede authored
As reported here: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1173681 the X550CC needs wapf=4 too. Signed-off-by:
-
Mathias Krause authored
These variables don't need to be visible outside of this compilation unit, make them static. Signed-off-by:
-
Mathias Krause authored
Mark volume_alsa_control_vol and volume_alsa_control_mute as __initdata, as snd_ctl_new1() will copy the relevant parts, so there is no need to keep the master copies around after initialization. Signed-off-by:
-
Mathias Krause authored
The DMI table is only ever used during initialization. Mark it as __initconst so its memory can be released afterwards -- roughly 1.5 kB. In turn, the callback functions can be marked with __init, too. Signed-off-by:
-
Mathias Krause authored
These functions are only called from other initialization routines, so can be marked __init, too. Signed-off-by:
-
Mathias Krause authored
Constify the lis3lv02d_device_ids[] ACPI and the lis3lv02d_dmi_ids[] DMI tables. There's no need to have them writeable during runtime. Signed-off-by:
-
Mathias Krause authored
The DMI table is already marked as __initconst, so can be the callback functions as they're only used in that context. Signed-off-by:
-
Mathias Krause authored
The dell_quirks[] DMI table is only ever used during initialization. Mark it as __initconst so its memory can be released afterwards -- roughly 5.7 kB. In turn, the callback function can be marked with __init, too. Also the touchpad_led_init() function can be marked __init as it's only referenced from dell_init() -- an __init function. Signed-off-by:
-
Mathias Krause authored
Constify the asus_quirks[] DMI table. There's no need to have it writeable during runtime. Signed-off-by:
-
Mathias Krause authored
Quite a lot of code and data of acer-wmi.c is only ever used during initialization. Mark those accordingly -- and constify, where appropriate -- so the memory can be released afterwards. All in all those changes move ~10 kB of code and data to the .init sections, marking them for release after initialization has finished. Signed-off-by:
-
Mathias Krause authored
Constify the asus_quirks[] DMI table. There's no need to have it writeable during runtime. Signed-off-by:
-
Mathias Krause authored
The DMI table is only ever used during initialization. Mark it as __initconst so its memory can be released appropriately. In turn, the callback function can be marked with __init, too. Signed-off-by:
-
Mathias Krause authored
Encapsulate acer_suspend() and acer_resume with #ifdef CONFIG_PM_SLEEP to get rid of the following warnings: ../acer-wmi.c:2046:12: warning: ‘acer_suspend’ defined but not used [-Wunused-function] ../acer-wmi.c:2068:12: warning: ‘acer_resume’ defined but not used [-Wunused-function] Signed-off-by:
-
Mathias Krause authored
sparse_keymap_setup() will make a copy of the keymap, so we can release the master copy after initialization. Signed-off-by:
-
Mathias Krause authored
The repo on kernel.org is no longer available but has a replacement at cavan.codon.org.uk. Signed-off-by:
-
Himangi Saraogi authored
This patch removes the null test on block. block is initialized at the beginning of the function to &wblock->gblock. Since wblock is dereferenced prior to the null test, wblock must be a valid pointer, and &wblock->gblock cannot be null. The following Coccinelle script is used for detecting the change: @r@ expression e,f; identifier g,y; statement S1,S2; @@ *e = &f->g <+... f->y ...+> *if (e != NULL || ...) S1 else S2 Signed-off-by:
Himangi Saraogi <himangi774@gmail.com> Signed-off-by:
-
Andrey Utkin authored
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=80231Reported-by:
David Binderman <dcb314@hotmail.com> Signed-off-by:
Andrey Utkin <andrey.krieger.utkin@gmail.com> Signed-off-by:
-
Hans de Goede authored
As reported here: https://bugs.launchpad.net/bugs/1277959 the X550CL needs wapf=4 too. Signed-off-by:
-
AceLan Kao authored
BIOS won't light on the wifi-led after S3, so asus-wmi driver needs to control the wifi and wifi-led status. But, it'll lead to bt status error if asus-wmi driver controls bt as well. So, for X200CA, asus-wmi driver controls wifi status only and have to set wapf to 1. Signed-off-by:
AceLan Kao <acelan.kao@canonical.com> Signed-off-by:
-
