- 23 Dec, 2007 12 commits
-
-
Cory T. Tusar authored
Commit 5a52bd4a introduced a subtle logic change in tty_wait_until_sent(). The original version would only error out of the 'do { ... } while (timeout)' loop if signal_pending() evaluated to true; a timeout or break due to an empty buffer would fall out of the loop and into the tty->driver->wait_until_sent handling. The current implementation will error out on either a pending signal or an empty buffer, falling through to the tty->driver->wait_until_sent handling only on a timeout. The ->wait_until_sent() will not be reached if the buffer empties before timeout jiffies have elapsed. This behavior differs from that prior to commit 5a52bd4a. I turned this up while using a little serial download utility to bootstrap an ARM-based eval board. The util worked fine on 2.6.22.x, but consistently failed on 2.6.23.x. Once I'd determined that, I narrowed things down with git bisect, and found the above difference in logic in tty_wait_until_sent() by inspection. This change reverts the logic flow in tty_wait_until_sent() to match that prior to the aforementioned commit. Signed-off-by:
Cory T. Tusar <ctusar@videon-central.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Acked-by:
Jiri Slaby <jirislaby@gmail.com> Cc: <stable@kernel.org> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Paul Mundt authored
Currently when using KCONFIG_ALLCONFIG with randconfig the choice options are clobbered. As recommended by Roman, this adds an is_new test to see whether to select a new option or obey the existing one. This is a resend of the earlier patch a couple of weeks ago, since there was no reply. Original thread is at http://lkml.org/lkml/2007/11/28/94Signed-off-by:
Paul Mundt <lethal@linux-sh.org> Cc: Roman Zippel <zippel@linux-m68k.org> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by:
-
David Brownell authored
Init section confusion. There will likely be some other similar issues, introduced by I'm-not-sure-what-patch. Signed-off-by:
David Brownell <dbrownell@users.sourceforge.net> Signed-off-by:
-
Peter Zijlstra authored
Zhe Jiang noticed that its possible to underflow pl->events in prop_norm_percpu() when the value returned by percpu_counter_read() is less than the error on that read and the period delay > 1. In that case half might not trigger the batch increment and the value will be identical on the next iteration, causing the same half to be subtracted again and again. Fix this by rewriting the division as a single subtraction instead of a subtraction loop and using percpu_counter_sum() when the value returned by percpu_counter_read() is smaller than the error. The latter is still needed if we want pl->events to shrink properly in the error region. [akpm@linux-foundation.org: cleanups] Signed-off-by:
Peter Zijlstra <a.p.zijlstra@chello.nl> Reviewed-by:
Jiang Zhe <zhe.jiang@intel.com> Signed-off-by:
-
Daniel Walker authored
This stray down would cause a permanent sleep which doesn't seem correct. The other uses of this semaphore appear fairly mutex like it's even initialized with init_MUTEX() .. So here a patch for removing this one down(). Signed-off-by:
Geoff Levand <geoffrey.levand@am.sony.com> Signed-off-by:
Daniel Walker <dwalker@mvista.com> Signed-off-by:
-
Joe Perches authored
L: entries should be email addresses Change L:http entries to W:http Signed-off-by:
Joe Perches <joe@perches.com> Signed-off-by:
-
Eric Sandeen authored
Thanks to Jeff Moyer for pointing this out. If the RDWR dentry_open() in ecryptfs_init_persistent_file fails, it will do a dput/mntput. Need to re-take references if we retry as RDONLY. Signed-off-by:
Eric Sandeen <sandeen@redhat.com> Acked-by:
Mike Halcrow <mhalcrow@us.ibm.com> Signed-off-by:
Jeff Moyer <jmoyer@redhat.com> Signed-off-by:
-
Eric Sandeen authored
Thanks to Josef Bacik for finding these. A couple of ecryptfs error paths don't properly unlock things they locked. Signed-off-by:
-
Jan Kara authored
We should send quota message to netlink only once when hardlimit is reached. Otherwise user could easily make the system busy by trying to exceed the hardlimit (and also the messages could be anoying if you cannot stop writing just now). Signed-off-by:
Jan Kara <jack@suse.cz> Signed-off-by:
-
Jan Kara authored
Fix computation of size of skb needed for quota message. We should use netlink provided functions and not just an ad-hoc number. Also don't print the return value from nla_put_foo() as it is always -1. Signed-off-by:
-
Eric Sandeen authored
Passing a cipher name > 32 chars on mount results in an overflow when the cipher name is printed, because the last character in the struct ecryptfs_key_tfm's cipher_name string was never zeroed. Signed-off-by:
-
Christoph Lameter authored
quicklists must keep even off node pages on the quicklists until the TLB flush has been completed. Signed-off-by:
Christoph Lameter <clameter@sgi.com> Cc: Dhaval Giani <dhaval@linux.vnet.ibm.com> Cc: <stable@kernel.org> Signed-off-by:
-
- 21 Dec, 2007 11 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (23 commits) [IPV4]: OOPS with NETLINK_FIB_LOOKUP netlink socket [NET]: Fix function put_cmsg() which may cause usr application memory overflow [ATM]: Spelling fixes [NETFILTER] ipv4: Spelling fixes [NETFILTER]: Spelling fixes [SCTP]: Spelling fixes [NETLABEL]: Spelling fixes [PKT_SCHED]: Spelling fixes [NET] net/core/: Spelling fixes [IPV6]: Spelling fixes [IRDA]: Spelling fixes [DCCP]: Spelling fixes [NET] include/net/: Spelling fixes [NET]: Correct two mistaken skb_reset_mac_header() conversions. [IPV4] ip_gre: set mac_header correctly in receive path [XFRM]: Audit function arguments misordered [IPSEC]: Avoid undefined shift operation when testing algorithm ID [IPV4] ARP: Remove not used code [TG3]: Endianness bugfix. [TG3]: Endianness annotations. ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6: [SPARC32]: Spelling fixes [SPARC64]: Spelling fixes [SPARC64]: Fix OOPS in dma_sync_*_for_device()
-
Christoph Lameter authored
Increase the mininum number of partial slabs to keep around and put partial slabs to the end of the partial queue so that they can add more objects. Signed-off-by:
Pekka Enberg <penberg@cs.helsinki.fi> Acked-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
-
Denis V. Lunev authored
[ Regression added by changeset: cd40b7d3 [NET]: make netlink user -> kernel interface synchronious -DaveM ] nl_fib_input re-reuses incoming skb to send the reply. This means that this packet will be freed twice, namely in: - netlink_unicast_kernel - on receive path Use clone to send as a cure, the caller is responsible for kfree_skb on error. Thanks to Alexey Dobryan, who originally found the problem. Signed-off-by:
Denis V. Lunev <den@openvz.org> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Linus Torvalds authored
-
git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86: x86: intel_cacheinfo.c: cpu cache info entry for Intel Tolapai x86: fix die() to not be preemptible
-
git://oss.sgi.com:8090/xfs/xfs-2.6Linus Torvalds authored
* 'for-linus' of git://oss.sgi.com:8090/xfs/xfs-2.6: [XFS] Initialise current offset in xfs_file_readdir correctly [XFS] Fix mknod regression
-
Lachlan McIlroy authored
After reading the directory contents into the temporary buffer, we grab each dirent and pass it to filldir witht eh current offset of the dirent. The current offset was not being set for the first dirent in the temporary buffer, which coul dresult in bad offsets being set in the f_pos field result in looping and duplicate entries being returned from readdir. SGI-PV: 974905 SGI-Modid: xfs-linux-melb:xfs-kern:30282a Signed-off-by:
David Chinner <dgc@sgi.com> Signed-off-by:
Tim Shimmin <tes@sgi.com> Signed-off-by:
Lachlan McIlroy <lachlan@sgi.com>
-
Christoph Hellwig authored
This was broken by my '[XFS] simplify xfs_create/mknod/symlink prototype', which assigned the re-shuffled ondisk dev_t back to the rdev variable in xfs_vn_mknod. Because of that i_rdev is set to the ondisk dev_t instead of the linux dev_t later down the function. Fortunately the fix for it is trivial: we can just remove the assignment because xfs_revalidate_inode has done the proper job before unlocking the inode. SGI-PV: 974873 SGI-Modid: xfs-linux-melb:xfs-kern:30273a Signed-off-by:
Christoph Hellwig <hch@infradead.org> Signed-off-by:
-
Jason Gaston authored
This patch adds a cpu cache info entry for the Intel Tolapai cpu. Signed-off-by:
Jason Gaston <jason.d.gaston@intel.com> Signed-off-by:
Thomas Gleixner <tglx@linutronix.de>
-
Ingo Molnar authored
Andrew "Eagle Eye" Morton noticed that we use raw_local_save_flags() instead of raw_local_irq_save(flags) in die(). This allows the preemption of oopsing contexts - which is highly undesirable. It also causes CONFIG_DEBUG_PREEMPT to complain, as reported by Miles Lane. this bug was introduced via: commit 39743c9e Author: Andi Kleen <ak@suse.de> Date: Fri Oct 19 20:35:03 2007 +0200 x86: use raw locks during oopses - spin_lock_irqsave(&die.lock, flags); + __raw_spin_lock(&die.lock); + raw_local_save_flags(flags); that is not a correct open-coding of spin_lock_irqsave(): both the ordering is wrong (irqs should be disabled _first_), and the wrong flags-saving API was used. Signed-off-by:
-
- 20 Dec, 2007 17 commits
-
-
Wei Yongjun authored
When used function put_cmsg() to copy kernel information to user application memory, if the memory length given by user application is not enough, by the bad length calculate of msg.msg_controllen, put_cmsg() function may cause the msg.msg_controllen to be a large value, such as 0xFFFFFFF0, so the following put_cmsg() can also write data to usr application memory even usr has no valid memory to store this. This may cause usr application memory overflow. int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm = (__force struct cmsghdr __user *)msg->msg_control; struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); ~~~~~~~~~~~~~~~~~~~~~ int err; if (MSG_CMSG_COMPAT & msg->msg_flags) return put_cmsg_compat(msg, level, type, len, data); if (cm==NULL || msg->msg_controllen < sizeof(*cm)) { msg->msg_flags |= MSG_CTRUNC; return 0; /* XXX: return error? check spec. */ } if (msg->msg_controllen < cmlen) { ~~~~~~~~~~~~~~~~~~~~~~~~ msg->msg_flags |= MSG_CTRUNC; cmlen = msg->msg_controllen; } cmhdr.cmsg_level = level; cmhdr.cmsg_type = type; cmhdr.cmsg_len = cmlen; err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; if (copy_to_user(CMSG_DATA(cm), data, cmlen - sizeof(struct cmsghdr))) goto out; cmlen = CMSG_SPACE(len); ~~~~~~~~~~~~~~~~~~~~~~~~~~~ If MSG_CTRUNC flags is set, msg->msg_controllen is less than CMSG_SPACE(len), "msg->msg_controllen -= cmlen" will cause unsinged int type msg->msg_controllen to be a large value. ~~~~~~~~~~~~~~~~~~~~~~~~~~~ msg->msg_control += cmlen; msg->msg_controllen -= cmlen; ~~~~~~~~~~~~~~~~~~~~~ err = 0; out: return err; } The same promble exists in put_cmsg_compat(). This patch can fix this problem. Signed-off-by:Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
Joe Perches authored
Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-schedLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched: debug: add end-of-oops marker sched: rt: account the cpu time during the tick
-
git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-2.6-dmLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/agk/linux-2.6-dm: dm crypt: use bio_add_page dm: merge max_hw_sector dm: trigger change uevent on rename dm crypt: fix write endio dm mpath: hp requires scsi dm: table detect io beyond device
-
Milan Broz authored
Fix possible max_phys_segments violation in cloned dm-crypt bio. In write operation dm-crypt needs to allocate new bio request and run crypto operation on this clone. Cloned request has always the same size, but number of physical segments can be increased and violate max_phys_segments restriction. This can lead to data corruption and serious hardware malfunction. This was observed when using XFS over dm-crypt and at least two HBA controller drivers (arcmsr, cciss) recently. Fix it by using bio_add_page() call (which tests for other restrictions too) instead of constructing own biovec. All versions of dm-crypt are affected by this bug. Cc: stable@kernel.org Cc: dm-crypt@saout.de Signed-off-by:
Milan Broz <mbroz@redhat.com> Signed-off-by:
Alasdair G Kergon <agk@redhat.com>
-
