- 15 Aug, 2012 1 commit
-
-
John Stultz authored
Unexpected behavior could occur if the time is set to a value large enough to overflow a 64bit ktime_t (which is something larger then the year 2262). Also unexpected behavior could occur if large negative offsets are injected via adjtimex. So this patch improves the sanity check timekeeping inputs by improving the timespec_valid() check, and then makes better use of timespec_valid() to make sure we don't set the time to an invalid negative value or one that overflows ktime_t. Note: This does not protect from setting the time close to overflowing ktime_t and then letting natural accumulation cause the overflow. Reported-by: CAI Qian <caiqian@redhat.com> Reported-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: John Stultz <john.stultz@linaro.org> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Zhouping Liu <zliu@redhat.com> Cc: Ingo Molnar <mingo@kernel.org> Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1344454580-17031-1-git-send-email-john.stultz@linaro.orgSigned-off-by: Thomas Gleixner <tglx@linutronix.de>
-
- 13 Aug, 2012 5 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-ledsLinus Torvalds authored
Pull leds fixes/revert from Bryan Wu. * 'fixes-for-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds: leds: renesas: fix error handling Revert "leds: use led_set_brightness in led_trigger_event" leds: lp8788: Fix updating scale configuration bits
-
Arnd Bergmann authored
bfe4c041 "leds: convert Renesas TPU LED driver to devm_kzalloc() and cleanup error exit path" introduced a possible case in which r_tpu_probe calls iounmap on a wild pointer. This changes the one case that was missed in the same way as the other error paths. Without this patch, building kota2_defconfig results in: drivers/leds/leds-renesas-tpu.c: In function 'r_tpu_probe': drivers/leds/leds-renesas-tpu.c:246:6: warning: 'ret' may be used uninitialized in this function [-Wuninitialized] drivers/leds/leds-renesas-tpu.c:308:17: warning: 'p' may be used uninitialized in this function [-Wuninitialized] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: Magnus Damm <damm@opensource.se> Signed-off-by: Bryan Wu <bryan.wu@canonical.com>
-
Fabio Baltieri authored
This reverts commit a0193cbe. The problem with the original commit was that it caused a warning with the MMC trigger calling del_timer_sync from hard-irq context. Signed-off-by: Fabio Baltieri <fabio.baltieri@gmail.com> Reported-by: Pawel Moll <pawel.moll@arm.com> Signed-off-by: Bryan Wu <bryan.wu@canonical.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/netLinus Torvalds authored
Pull networking changes from David Miller: "Most importantly this should cure the ipv4-mapped ipv6 socket TCP crashes some people were seeing, otherwise: 1) Fix e1000e autonegotiation handling regression, from Tushar Dave. 2) Fix TX data corruption race on e1000e down, also from Tushar Dave. 3) Fix bfin_sir IRDA driver build, from Sonic Zhang. 4) AF_PACKET mmap() tests a flag in the TX ring shared between userspace and the kernel for an internal consistency check. It really shouldn't do this to validate the kernel's own behavior because the user can corrupt it to be any value at all. From Daniel Borkmann. 5) Fix TCP metrics leak on netns dismantle, from Eric Dumazet. 6) Orphan the anonymous TCP socket from the SKB in ip_send_unicast_reply() so that the rest of the stack needn't see it. Otherwise we get selinux problems of all sorts, from Eric Dumazet. This is the best way to fix this since the socket is just a place holder for sending packets in a context where we have no real socket at all. 7) Fix TUN detach crashes, from Stanislav Kinsbursky. 8) dev_set_alias() leaks memory on krealloc() failure, from Alexey Khoroshilov. 9) FIB trie must use call_rcu() not call_rcu_bh(), because this code is not universally invoked from software interrupts. From Eric Dumazet. 10) PPTP looks up ipv4 routes with the wrong network namespace, fix from Gao Feng." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (33 commits) bnx2x: Fix compiler warnings af_packet: remove BUG statement in tpacket_destruct_skb macvtap: rcu_dereference outside read-lock section codel: refine one condition to avoid a nul rec_inv_sqrt ixgbe: add missing braces ipv4: fix ip_send_skb() net: tcp: ipv6_mapped needs sk_rx_dst_set method ipv4: tcp: unicast_sock should not land outside of TCP stack bnx2x: Fix recovery flow cleanup during probe bnx2x: fix unload previous driver flow when flr-capable tun: don't zeroize sock->file on detach igb: Fix register defines for all non-82575 hardware e1000e: fix panic while dumping packets on Tx hang with IOMMU igb: fix panic while dumping packets on Tx hang with IOMMU tcp: must free metrics at net dismantle net/stmmac: mark probe function as __devinit lpc_eth: remove obsolete ifdefs net/core: Fix potential memory leak in dev_set_alias() cdc-phonet: Don't leak in usbpn_open batman-adv: Fix mem leak in the batadv_tt_local_event() function ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pendingLinus Torvalds authored
Pull tcm_vhost level target fabric driver from Nicholas Bellinger: "Here is the PULL request for the initial merge of tcm_vhost based on RFC-v5 code with MST's ACK appended to the initial merge commit." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: tcm_vhost: Initial merge for vhost level target fabric driver
-
- 12 Aug, 2012 10 commits
-
-
Joren Van Onder authored
Fix the following compiler warnings: - drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c:2908:3: warning: comparison of distinct pointer types lacks a cast [enabled by default] - drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c:1709:7: warning: comparison of distinct pointer types lacks a cast [enabled by default] Signed-off-by: Joren Van Onder <joren.vanonder@gmail.com> Acked-By: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
danborkmann@iogearbox.net authored
Here's a quote of the comment about the BUG macro from asm-generic/bug.h: Don't use BUG() or BUG_ON() unless there's really no way out; one example might be detecting data structure corruption in the middle of an operation that can't be backed out of. If the (sub)system can somehow continue operating, perhaps with reduced functionality, it's probably not BUG-worthy. If you're tempted to BUG(), think again: is completely giving up really the *only* solution? There are usually better options, where users don't need to reboot ASAP and can mostly shut down cleanly. In our case, the status flag of a ring buffer slot is managed from both sides, the kernel space and the user space. This means that even though the kernel side might work as expected, the user space screws up and changes this flag right between the send(2) is triggered when the flag is changed to TP_STATUS_SENDING and a given skb is destructed after some time. Then, this will hit the BUG macro. As David suggested, the best solution is to simply remove this statement since it cannot be used for kernel side internal consistency checks. I've tested it and the system still behaves /stable/ in this case, so in accordance with the above comment, we should rather remove it. Signed-off-by: Daniel Borkmann <daniel.borkmann@tik.ee.ethz.ch> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Denis Efremov authored
rcu_dereference occurs in update section. Replacement by rcu_dereference_protected in order to prevent lockdep complaint. Found by Linux Driver Verification project (linuxtesting.org) Signed-off-by: Denis Efremov <yefremov.denis@gmail.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpioLinus Torvalds authored
Pull gpio fixes from Linus Walleij: - Fix a resource leak in the SCH driver - Fix the register address calculation in the MSIC driver - Fix the PXA driver's devicetree functions - Delete redundant shadow variable leftovers in the MXC driver - Specify the GPIO base for the device tree probe in the MXC driver - Add a modalias for the i.MX driver - Fix off-by-one bug in the Samsung driver - Fix erroneous errorpath in the Langwell driver * tag 'gpio-fixes-v3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: drivers/gpio/gpio-langwell.c: fix error return code gpio: samsung: Fix off-by-one bug in gpio addresses ARM: dts: imx: add alias for gpio gpio/mxc: specify gpio base for device tree probe gpio/mxc: remove redundant shadow variables initialization GPIO: gpio-pxa: fix devicetree functions gpio: msic: Fix calculating register address in msic_gpio_to_oreg() gpio-sch: Fix leak of resource
-
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-securityLinus Torvalds authored
Pull a security subsystem fix from James Morris "This fixes an issue in the Yama LSM" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: Yama: higher restrictions should block PTRACE_TRACEME
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pmLinus Torvalds authored
Pull power management fixes from Rafael J. Wysocki: - Fix for two recent regressions in the generic PM domains framework. - Revert of a commit that introduced a resume regression and is conceptually incorrect in my opinion. - Fix for a return value in pcc-cpufreq.c from Julia Lawall. - RTC wakeup signaling fix from Neil Brown. - Suppression of compiler warnings for CONFIG_PM_SLEEP unset in ACPI, platform/x86 and TPM drivers. * tag 'pm-for-3.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: tpm_tis / PM: Fix unused function warning for CONFIG_PM_SLEEP platform / x86 / PM: Fix unused function warnings for CONFIG_PM_SLEEP ACPI / PM: Fix unused function warnings for CONFIG_PM_SLEEP Revert "NMI watchdog: fix for lockup detector breakage on resume" PM: Make dev_pm_get_subsys_data() always return 0 on success drivers/cpufreq/pcc-cpufreq.c: fix error return code RTC: Avoid races between RTC alarm wakeup and suspend.
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-socLinus Torvalds authored
Pull arm-soc bug fixes from Arnd Bergmann: "These are a bunch of bug fixes that came in after the merge window and one update for the MAINTAINERS file. The largest part of the fixes are patches that address bugs found by building all the ARM defconfig files. There are a lot more warnings that we have patches for, but the others are either still under discussion or are harmless and do not cause actual problems besides making the build slightly noisy." * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (30 commits) ARM: davinci: remove broken ntosd2_init_i2c ARM: s3c24xx: enable CONFIG_BUG for tct_hammer omap-rng: fix use of SIMPLE_DEV_PM_OPS spi/s3c64xx: improve error handling mtd/omap2: fix dmaengine_slave_config error handling gpio: em: do not discard em_gio_irq_domain_cleanup ARM: exynos: exynos_pm_add_dev_to_genpd may be unused ARM: imx: gpmi-nand depends on mxs-dma ARM: integrator: include <linux/export.h> ARM: s3c24xx: use new PWM driver ARM: sa1100: include linux/io.h in hackkit leds code Input: eeti_ts: pass gpio value instead of IRQ ARM: pxa: remove irq_to_gpio from ezx-pcap driver ARM: tegra: more regulator fixes for Harmony usb/ohci-omap: remove unused variable mfd/asic3: fix asic3_mfd_probe return value ARM: kirkwood: fix typo in Makefile.boot i.MX27: Fix emma-prp and csi clocks. ARM: integrator: use clk_prepare_enable() for timer MAINTAINERS: update entry for Linus Walleij ...
-
Linus Torvalds authored
Merge branch 'fixes-for-linus-for-3.6-rc2' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping Pull three dma-mapping fixes from Marek Szyprowski. * 'fixes-for-linus-for-3.6-rc2' of git://git.linaro.org/people/mszyprowski/linux-dma-mapping: ARM: dma-mapping: fix incorrect freeing of atomic allocations ARM: dma-mapping: fix atomic allocation alignment ARM: mm: fix MMU mapping of CMA regions
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfsLinus Torvalds authored
Pull btrfs merge fix from Chris Mason: "This fixes a merge error in rc1. The calls to mnt_want_write should have been removed." * 'for-linus-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: remove mnt_want_write call in btrfs_mksubvol
-
Jeff Mahoney authored
While tracking down a weird buffer overflow issue in a program that looked to be sane, I started double checking the length returned by syslog(SYSLOG_ACTION_READ_ALL, ...) to make sure it wasn't overflowing the buffer. Sure enough, it was. I saw this in strace: 11339 syslog(SYSLOG_ACTION_READ_ALL, "<5>[244017.708129] REISERFS (dev"..., 8192) = 8279 It turns out that the loops that calculate how much space the entries will take when they're copied don't include the newlines and prefixes that will be included in the final output since prev flags is passed as zero. This patch properly accounts for it and fixes the overflow. CC: stable@kernel.org Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
- 10 Aug, 2012 19 commits
-
-
Eric Dumazet authored
One condition before codel_Newton_step() was not good if we never left the dropping state for a flow. As a result rec_inv_sqrt was 0, instead of the ~0 initial value. codel control law was then set to a very aggressive mode, dropping many packets before reaching 'target' and recovering from this problem. To keep codel_vars_init() as efficient as possible, refine the condition to make sure rec_inv_sqrt initial value is correct Many thanks to Anton Mich for discovering the issue and suggesting a fix. Reported-by: Anton Mich <lp2s1h@gmail.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Emil Tantilov authored
This patch adds missing braces around the 10gig link check to include the check for KR support. Signed-off-by: Emil Tantilov <emil.s.tantilov@intel.com> Reported-by: Sascha Wildner <saw@online.de> Tested-by: Phil Schmitt <phillip.j.schmitt@intel.com> Signed-off-by: Peter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wirelessDavid S. Miller authored
John W. Linville says: ==================== Here is a handful of fixes intended for 3.6. Daniel Drake offers a cfg80211 fix to consume pending events before taking a wireless device down. This prevents a resource leak. Stanislaw Gruszka gives us a fix for a NULL pointer dereference in rt61pci. Johannes Berg provides an iwlwifi patch to disable "greenfield" mode. Use of that mode was causing a rate scaling problem in for iwlwifi. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
ip_send_skb() can send orphaned skb, so we must pass the net pointer to avoid possible NULL dereference in error path. Bug added by commit 3a7c384f (ipv4: tcp: unicast_sock should not land outside of TCP stack) Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
John W. Linville authored
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem
-
Rafael J. Wysocki authored
According to a compiler warning, the tpm_tis_resume() function is not used for CONFIG_PM_SLEEP unset, so add a #ifdef to prevent it from being built in that case. Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
-
Rafael J. Wysocki authored
According to compiler warnings, quite some suspend/resume functions in platform x86 drivers are not used for CONFIG_PM_SLEEP unset, so add #ifdefs to prevent them from being built in that case. Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
-
Rafael J. Wysocki authored
According to compiler warnings, several suspend/resume functions in ACPI drivers are not used for CONFIG_PM_SLEEP unset, so add #ifdefs to prevent them from being built in that case. Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
-
Arnd Bergmann authored
ntosd2_init_i2c walks the ntosd2_i2c_info array, which it expects to be populated with at least one member. gcc correctly warns about the out-of-bounds access here. Since this can not possibly work, it's better to disable i2c support entirely on this board. Without this patch, building davinci_all_defconfig results in: arch/arm/mach-davinci/board-neuros-osd2.c: In function 'davinci_ntosd2_init': arch/arm/mach-davinci/board-neuros-osd2.c:187:20: warning: array subscript is above array bounds [-Warray-bounds] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Sekhar Nori <nsekhar@ti.com> Cc: Kevin Hilman <khilman@ti.com> Cc: Andrey Porodko <panda@chelcom.ru>
-
Arnd Bergmann authored
Disabling CONFIG_BUG creates an insane amount of build warnings, which makes it useless to check for building defconfigs to see if new warnings show up. Without this patch, building tct_hammer_defconfig results in: net/packet/af_packet.c: In function 'tpacket_rcv': net/packet/af_packet.c:1889:30: warning: 'hdrlen' may be used uninitialized in this function [-Wuninitialized] net/core/ethtool.c: In function 'ethtool_get_feature_mask': net/core/ethtool.c:213:1: warning: control reaches end of non-void function [-Wreturn-type] block/cfq-iosched.c: In function 'cfq_async_queue_prio': block/cfq-iosched.c:2914:1: warning: control reaches end of non-void function [-Wreturn-type] mm/bootmem.c: In function 'mark_bootmem': mm/bootmem.c:352:1: warning: control reaches end of non-void function [-Wreturn-type] net/core/dev.c: In function 'skb_warn_bad_offload': net/core/dev.c:1904:33: warning: unused variable 'null_features' [-Wunused-variable] drivers/mtd/chips/cfi_probe.c: In function 'cfi_chip_setup': include/linux/mtd/cfi.h:489:3: warning: 'r.x[0]' may be used uninitialized in this function [-Wuninitialized] include/linux/mtd/map.h:394:11: note: 'r.x[0]' was declared here include/linux/mtd/cfi.h:489:3: warning: 'r.x[0]' may be used uninitialized in this function [-Wuninitialized] (and many more) The size of vmlinux increases by 1.78% because of this: size obj-arm/vmlinux.nobug text data bss dec hex filename 2108474 116916 55352 2280742 22cd26 obj-arm/vmlinux size obj-arm/vmlinux.bug text data bss dec hex filename 2150804 116916 53696 2321416 236c08 obj-arm/vmlinux Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Kukjin Kim <kgene.kim@samsung.com> Cc: Ben Dooks <ben-linux@fluff.org>
-
Arnd Bergmann authored
These patches all fix bugs that were newly introduced in v3.6-rc1 and found because they cause a gcc warning with one of the ARM defconfigs. Most of them are harmless, but since we're trying to get rid of all warnings eventually, we can start with the ones that were not there before. * testing/new-warnings: omap-rng: fix use of SIMPLE_DEV_PM_OPS spi/s3c64xx: improve error handling mtd/omap2: fix dmaengine_slave_config error handling gpio: em: do not discard em_gio_irq_domain_cleanup ARM: exynos: exynos_pm_add_dev_to_genpd may be unused usb/ohci-omap: remove unused variable mfd/asic3: fix asic3_mfd_probe return value Signed-off-by: Arnd Bergmann <arnd@arndb.de>
-
Arnd Bergmann authored
omap_rng_suspend and omap_rng_resume are unused if CONFIG_PM is enabled but CONFIG_PM_SLEEP is disabled. I found this while building all defconfig files on ARM. It's not clear to me if this is the right solution, but at least it makes the code consistent again. Without this patch, building omap1_defconfig results in: drivers/char/hw_random/omap-rng.c:165:12: warning: 'omap_rng_suspend' defined but not used [-Wunused-function] drivers/char/hw_random/omap-rng.c:171:12: warning: 'omap_rng_resume' defined but not used [-Wunused-function] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Kevin Hilman <khilman@ti.com> Cc: Rafael J. Wysocki <rjw@sisk.pl> Cc: Herbert Xu <herbert@gondor.apana.org.au>
-
Arnd Bergmann authored
When a device tree definition os an s3c64xx SPI master is missing a "controller-data" subnode, the newly added s3c64xx_get_slave_ctrldata function might use uninitialized memory in place of that node, which was correctly reported by gcc. Without this patch, building s3c6400_defconfig results in: drivers/spi/spi-s3c64xx.c: In function 's3c64xx_get_slave_ctrldata.isra.25': drivers/spi/spi-s3c64xx.c:841:5: warning: 'data_np' may be used uninitialized in this function [-Wuninitialized] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Abraham <thomas.abraham@linaro.org> Acked-by: Kukjin Kim <kgene.kim@samsung.com> Cc: Jaswinder Singh <jaswinder.singh@linaro.org> Cc: Grant Likely <grant.likely@secretlab.ca>
-
Arnd Bergmann authored
The newly added dmaengine support in the omap2 nand driver potentially causes an undefined return value from the omap_nand_probe function when dmaengine_slave_config reports an error. Let's handle this by returning the same error back to the caller. Without this patch, building omap2plus_defconfig results in: drivers/mtd/nand/omap2.c: In function 'omap_nand_probe': drivers/mtd/nand/omap2.c:1154:6: warning: 'err' may be used uninitialized in this function [-Wuninitialized] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: Russell King <rmk+kernel@arm.linux.org.uk> Cc: Grazvydas Ignotas <notasas@gmail.com>
-
Arnd Bergmann authored
The newly added gpio-em driver marks its em_gio_irq_domain_cleanup function as __devexit, which would lead to that function being discarded in case CONFIG_HOTPLUG is disabled. However, the function is also called by the error handling logic em_gio_probe, which would cause a jump into a NULL pointer if it was removed from the kernel or module. Without this patch, building kzm9d_defconfig results in: WARNING: drivers/gpio/built-in.o(.devinit.text+0x330): Section mismatch in reference from the function em_gio_probe() to the function .devexit.text:em_gio_irq_domain_cleanup() The function __devinit em_gio_probe() references a function __devexit em_gio_irq_domain_cleanup(). This is often seen when error handling in the init function uses functionality in the exit path. The fix is often to remove the __devexit annotation of em_gio_irq_domain_cleanup() so it may be used outside an exit section. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: Magnus Damm <damm@opensource.se> Cc: Linus Walleij <linus.walleij@linaro.org> Cc: Rafael J. Wysocki <rjw@sisk.pl>
-
Arnd Bergmann authored
exynos_pm_add_dev_to_genpd is used if one or more out of a large number of Kconfig symbols are enabled. However the new exynos_defconfig selects none of those, so the function becomes unused. Marking it so lets the compiler automatically discard it. Without this patch, building exynos_defconfig results in: arch/arm/mach-exynos/pm_domains.c:118:123: warning: 'exynos_pm_add_dev_to_genpd' defined but not used [-Wunused-function] Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Abraham <thomas.abraham@linaro.org> Acked-by: Kukjin Kim <kgene.kim@samsung.com> Cc: Rafael J. Wysocki <rjw@sisk.pl>
-
Kees Cook authored
The higher ptrace restriction levels should be blocking even PTRACE_TRACEME requests. The comments in the LSM documentation are misleading about when the checks happen (the parent does not go through security_ptrace_access_check() on a PTRACE_TRACEME call). Signed-off-by: Kees Cook <keescook@chromium.org> Cc: stable@vger.kernel.org # 3.5.x and later Signed-off-by: James Morris <james.l.morris@oracle.com>
-
Eric Dumazet authored
commit 5d299f3d (net: ipv6: fix TCP early demux) added a regression for ipv6_mapped case. [ 67.422369] SELinux: initialized (dev autofs, type autofs), uses genfs_contexts [ 67.449678] SELinux: initialized (dev autofs, type autofs), uses genfs_contexts [ 92.631060] BUG: unable to handle kernel NULL pointer dereference at (null) [ 92.631435] IP: [< (null)>] (null) [ 92.631645] PGD 0 [ 92.631846] Oops: 0010 [#1] SMP [ 92.632095] Modules linked in: autofs4 sunrpc ipv6 dm_mirror dm_region_hash dm_log dm_multipath dm_mod video sbs sbshc battery ac lp parport sg snd_hda_intel snd_hda_codec snd_seq_oss snd_seq_midi_event snd_seq snd_seq_device pcspkr snd_pcm_oss snd_mixer_oss snd_pcm snd_timer serio_raw button floppy snd i2c_i801 i2c_core soundcore snd_page_alloc shpchp ide_cd_mod cdrom microcode ehci_hcd ohci_hcd uhci_hcd [ 92.634294] CPU 0 [ 92.634294] Pid: 4469, comm: sendmail Not tainted 3.6.0-rc1 #3 [ 92.634294] RIP: 0010:[<0000000000000000>] [< (null)>] (null) [ 92.634294] RSP: 0018:ffff880245fc7cb0 EFLAGS: 00010282 [ 92.634294] RAX: ffffffffa01985f0 RBX: ffff88024827ad00 RCX: 0000000000000000 [ 92.634294] RDX: 0000000000000218 RSI: ffff880254735380 RDI: ffff88024827ad00 [ 92.634294] RBP: ffff880245fc7cc8 R08: 0000000000000001 R09: 0000000000000000 [ 92.634294] R10: 0000000000000000 R11: ffff880245fc7bf8 R12: ffff880254735380 [ 92.634294] R13: ffff880254735380 R14: 0000000000000000 R15: 7fffffffffff0218 [ 92.634294] FS: 00007f4516ccd6f0(0000) GS:ffff880256600000(0000) knlGS:0000000000000000 [ 92.634294] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 92.634294] CR2: 0000000000000000 CR3: 0000000245ed1000 CR4: 00000000000007f0 [ 92.634294] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 92.634294] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 92.634294] Process sendmail (pid: 4469, threadinfo ffff880245fc6000, task ffff880254b8cac0) [ 92.634294] Stack: [ 92.634294] ffffffff813837a7 ffff88024827ad00 ffff880254b6b0e8 ffff880245fc7d68 [ 92.634294] ffffffff81385083 00000000001d2680 ffff8802547353a8 ffff880245fc7d18 [ 92.634294] ffffffff8105903a ffff88024827ad60 0000000000000002 00000000000000ff [ 92.634294] Call Trace: [ 92.634294] [<ffffffff813837a7>] ? tcp_finish_connect+0x2c/0xfa [ 92.634294] [<ffffffff81385083>] tcp_rcv_state_process+0x2b6/0x9c6 [ 92.634294] [<ffffffff8105903a>] ? sched_clock_cpu+0xc3/0xd1 [ 92.634294] [<ffffffff81059073>] ? local_clock+0x2b/0x3c [ 92.634294] [<ffffffff8138caf3>] tcp_v4_do_rcv+0x63a/0x670 [ 92.634294] [<ffffffff8133278e>] release_sock+0x128/0x1bd [ 92.634294] [<ffffffff8139f060>] __inet_stream_connect+0x1b1/0x352 [ 92.634294] [<ffffffff813325f5>] ? lock_sock_nested+0x74/0x7f [ 92.634294] [<ffffffff8104b333>] ? wake_up_bit+0x25/0x25 [ 92.634294] [<ffffffff813325f5>] ? lock_sock_nested+0x74/0x7f [ 92.634294] [<ffffffff8139f223>] ? inet_stream_connect+0x22/0x4b [ 92.634294] [<ffffffff8139f234>] inet_stream_connect+0x33/0x4b [ 92.634294] [<ffffffff8132e8cf>] sys_connect+0x78/0x9e [ 92.634294] [<ffffffff813fd407>] ? sysret_check+0x1b/0x56 [ 92.634294] [<ffffffff81088503>] ? __audit_syscall_entry+0x195/0x1c8 [ 92.634294] [<ffffffff811cc26e>] ? trace_hardirqs_on_thunk+0x3a/0x3f [ 92.634294] [<ffffffff813fd3e2>] system_call_fastpath+0x16/0x1b [ 92.634294] Code: Bad RIP value. [ 92.634294] RIP [< (null)>] (null) [ 92.634294] RSP <ffff880245fc7cb0> [ 92.634294] CR2: 0000000000000000 [ 92.648982] ---[ end trace 24e2bed94314c8d9 ]--- [ 92.649146] Kernel panic - not syncing: Fatal exception in interrupt Fix this using inet_sk_rx_dst_set(), and export this function in case IPv6 is modular. Reported-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Eric Dumazet authored
commit be9f4a44 (ipv4: tcp: remove per net tcp_sock) added a selinux regression, reported and bisected by John Stultz selinux_ip_postroute_compat() expect to find a valid sk->sk_security pointer, but this field is NULL for unicast_sock It turns out that unicast_sock are really temporary stuff to be able to reuse part of IP stack (ip_append_data()/ip_push_pending_frames()) Fact is that frames sent by ip_send_unicast_reply() should be orphaned to not fool LSM. Note IPv6 never had this problem, as tcp_v6_send_response() doesnt use a fake socket at all. I'll probably implement tcp_v4_send_response() to remove these unicast_sock in linux-3.7 Reported-by: John Stultz <johnstul@us.ibm.com> Bisected-by: John Stultz <johnstul@us.ibm.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Paul Moore <paul@paul-moore.com> Cc: Eric Paris <eparis@parisplace.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
- 09 Aug, 2012 5 commits
-
-
Yuval Mintz authored
During probe, every function probed clears the recovery registers from all functions on its path - thus signaling that given a future recovery event, there will be no need to wait for those functions. This is a flawed behaviour - each function should only be responsible for its own bit. Since this registers are handled during the load/unload routines, this cleanup is removed altogether. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Yuval Mintz authored
The existing previous driver unload flow is flawed, causing the probe of functions reaching the 'uncommon fork' in flr-capable devices to fail. This patch resolves this, as well as fixing the flow for hypervisors which disable flr capabilities from functions as they pass them as PDA to VMs, as we cannot base the flow on the pci configuration space. Signed-off-by: Yuval Mintz <yuvalmin@broadcom.com> Signed-off-by: Ariel Elior <ariele@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Stanislav Kinsbursky authored
This is a fix for bug, introduced in 3.4 kernel by commit 1ab5ecb9 ("tun: don't hold network namespace by tun sockets"), which, among other things, replaced simple sock_put() by sk_release_kernel(). Below is sequence, which leads to oops for non-persistent devices: tun_chr_close() tun_detach() <== tun->socket.file = NULL tun_free_netdev() sk_release_sock() sock_release(sock->file == NULL) iput(SOCK_INODE(sock)) <== dereference on NULL pointer This patch just removes zeroing of socket's file from __tun_detach(). sock_release() will do this. Cc: stable@vger.kernel.org Reported-by: Ruan Zhijie <ruanzhijie@hotmail.com> Tested-by: Ruan Zhijie <ruanzhijie@hotmail.com> Acked-by: Al Viro <viro@ZenIV.linux.org.uk> Acked-by: Eric Dumazet <edumazet@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: Stanislav Kinsbursky <skinsbursky@parallels.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Alexander Block authored
We got a recursive lock in mksubvol because the caller already held a lock. I think we got into this due to a merge error. Commit a874a63e removed the mnt_want_write call from btrfs_mksubvol and added a replacement call to mnt_want_write_file in btrfs_ioctl_snap_create_transid. Commit e7848683 however tried to move all calls to mnt_want_write above i_mutex. So somewhere while merging this, it got mixed up. The solution is to remove the mnt_want_write call completely from mksubvol. Reported-by: David Sterba <dave@jikos.cz> Signed-off-by: Alexander Block <ablock84@googlemail.com> Signed-off-by: Chris Mason <chris.mason@fusionio.com>
-
Arnd Bergmann authored
It is not currently possible to build the gpmi-nand driver without also building the mxs-dma driver. Clarify this Kconfig and enable both in the defconfig file so we can build it again with both enabled. drivers/built-in.o: In function `gpmi_dma_filter': clk-fixed-factor.c:(.text+0xafc18): undefined reference to `mxs_dma_is_apbh' make[1]: *** [vmlinux] Error 1 make: *** [sub-make] Error 2 Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Dirk Behme <dirk.behme@de.bosch.com> Cc: Shawn Guo <shawn.guo@linaro.org> Cc: Sascha Hauer <kernel@pengutronix.de>
-