1. 14 Dec, 2012 1 commit
    • Kees Cook's avatar
      module: add syscall to load module from fd · 34e1169d
      Kees Cook authored
      As part of the effort to create a stronger boundary between root and
      kernel, Chrome OS wants to be able to enforce that kernel modules are
      being loaded only from our read-only crypto-hash verified (dm_verity)
      root filesystem. Since the init_module syscall hands the kernel a module
      as a memory blob, no reasoning about the origin of the blob can be made.
      
      Earlier proposals for appending signatures to kernel modules would not be
      useful in Chrome OS, since it would involve adding an additional set of
      keys to our kernel and builds for no good reason: we already trust the
      contents of our root filesystem. We don't need to verify those kernel
      modules a second time. Having to do signature checking on module loading
      would slow us down and be redundant. All we need to know is where a
      module is coming from so we can say yes/no to loading it.
      
      If a file descriptor is used as the source of a kernel module, many more
      things can be reasoned about. In Chrome OS's case, we could enforce that
      the module lives on the filesystem we expect it to live on.  In the case
      of IMA (or other LSMs), it would be possible, for example, to examine
      extended attributes that may contain signatures over the contents of
      the module.
      
      This introduces a new syscall (on x86), similar to init_module, that has
      only two arguments. The first argument is used as a file descriptor to
      the module and the second argument is a pointer to the NULL terminated
      string of module arguments.
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (merge fixes)
      34e1169d
  2. 03 Dec, 2012 2 commits
    • James Hogan's avatar
      modsign: add symbol prefix to certificate list · 84ecfd15
      James Hogan authored
      Add the arch symbol prefix (if applicable) to the asm definition of
      modsign_certificate_list and modsign_certificate_list_end. This uses the
      recently defined SYMBOL_PREFIX which is derived from
      CONFIG_SYMBOL_PREFIX.
      
      This fixes the build of module signing on the blackfin and metag
      architectures.
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      84ecfd15
    • James Hogan's avatar
      linux/kernel.h: define SYMBOL_PREFIX · cbdbf2ab
      James Hogan authored
      Define SYMBOL_PREFIX to be the same as CONFIG_SYMBOL_PREFIX if set by
      the architecture, or "" otherwise. This avoids the need for ugly #ifdefs
      whenever symbols are referenced in asm blocks.
      Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: Joe Perches <joe@perches.com>
      Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
      Cc: Jean Delvare <khali@linux-fr.org>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Mike Frysinger <vapier@gentoo.org>
      Signed-off-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      cbdbf2ab
  3. 02 Dec, 2012 2 commits
    • Linus Torvalds's avatar
      Merge branch 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq · 3c46f3d6
      Linus Torvalds authored
      Pull  late workqueue fixes from Tejun Heo:
       "Unfortunately, I have two really late fixes.  One was for a
        long-standing bug and queued for 3.8 but I found out about a
        regression introduced during 3.7-rc1 two days ago, so I'm sending out
        the two fixes together.
      
        The first (long-standing) one is rescuer_thread() entering exit path
        w/ TASK_INTERRUPTIBLE.  It only triggers on workqueue destructions
        which isn't very frequent and the exit path can usually survive being
        called with TASK_INTERRUPT, so it was hidden pretty well.  Apparently,
        if you're reiserfs, this could lead to the exiting kthread sleeping
        indefinitely holding a mutex, which is never good.
      
        The fix is simple - restoring TASK_RUNNING before returning from the
        kthread function.
      
        The second one is introduced by the new mod_delayed_work().
        mod_delayed_work() was missing special case handling for 0 delay.
        Instead of queueing the work item immediately, it queued the timer
        which expires on the closest next tick.  Some users of the new
        function converted from "[__]cancel_delayed_work() +
        queue_delayed_work()" combination became unhappy with the extra delay.
      
        Block unplugging led to noticeably higher number of context switches
        and intel 6250 wireless failed to associate with WPA-Enterprise
        network.  The fix, again, is fairly simple.  The 0 delay special case
        logic from queue_delayed_work_on() should be moved to
        __queue_delayed_work() which is shared by both queue_delayed_work_on()
        and mod_delayed_work_on().
      
        The first one is difficult to trigger and the failure mode for the
        latter isn't completely catastrophic, so missing these two for 3.7
        wouldn't make it a disastrous release, but both bugs are nasty and the
        fixes are fairly safe"
      
      * 'for-3.7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
        workqueue: mod_delayed_work_on() shouldn't queue timer on 0 delay
        workqueue: exit rescuer_thread() as TASK_RUNNING
      3c46f3d6
    • Tejun Heo's avatar
      workqueue: mod_delayed_work_on() shouldn't queue timer on 0 delay · 8852aac2
      Tejun Heo authored
      8376fe22 ("workqueue: implement mod_delayed_work[_on]()")
      implemented mod_delayed_work[_on]() using the improved
      try_to_grab_pending().  The function is later used, among others, to
      replace [__]candel_delayed_work() + queue_delayed_work() combinations.
      
      Unfortunately, a delayed_work item w/ zero @delay is handled slightly
      differently by mod_delayed_work_on() compared to
      queue_delayed_work_on().  The latter skips timer altogether and
      directly queues it using queue_work_on() while the former schedules
      timer which will expire on the closest tick.  This means, when @delay
      is zero, that [__]cancel_delayed_work() + queue_delayed_work_on()
      makes the target item immediately executable while
      mod_delayed_work_on() may induce delay of upto a full tick.
      
      This somewhat subtle difference breaks some of the converted users.
      e.g. block queue plugging uses delayed_work for deferred processing
      and uses mod_delayed_work_on() when the queue needs to be immediately
      unplugged.  The above problem manifested as noticeably higher number
      of context switches under certain circumstances.
      
      The difference in behavior was caused by missing special case handling
      for 0 delay in mod_delayed_work_on() compared to
      queue_delayed_work_on().  Joonsoo Kim posted a patch to add it -
      ("workqueue: optimize mod_delayed_work_on() when @delay == 0")[1].
      The patch was queued for 3.8 but it was described as optimization and
      I missed that it was a correctness issue.
      
      As both queue_delayed_work_on() and mod_delayed_work_on() use
      __queue_delayed_work() for queueing, it seems that the better approach
      is to move the 0 delay special handling to the function instead of
      duplicating it in mod_delayed_work_on().
      
      Fix the problem by moving 0 delay special case handling from
      queue_delayed_work_on() to __queue_delayed_work().  This replaces
      Joonsoo's patch.
      
      [1] http://thread.gmane.org/gmane.linux.kernel/1379011/focus=1379012Signed-off-by: default avatarTejun Heo <tj@kernel.org>
      Reported-and-tested-by: default avatarAnders Kaseorg <andersk@MIT.EDU>
      Reported-and-tested-by: default avatarZlatko Calusic <zlatko.calusic@iskon.hr>
      LKML-Reference: <alpine.DEB.2.00.1211280953350.26602@dr-wily.mit.edu>
      LKML-Reference: <50A78AA9.5040904@iskon.hr>
      Cc: Joonsoo Kim <js1304@gmail.com>
      8852aac2
  4. 01 Dec, 2012 11 commits
  5. 30 Nov, 2012 18 commits
    • Vincent Palatin's avatar
      x86, fpu: Avoid FPU lazy restore after suspend · 644c1541
      Vincent Palatin authored
      When a cpu enters S3 state, the FPU state is lost.
      After resuming for S3, if we try to lazy restore the FPU for a process running
      on the same CPU, this will result in a corrupted FPU context.
      
      Ensure that "fpu_owner_task" is properly invalided when (re-)initializing a CPU,
      so nobody will try to lazy restore a state which doesn't exist in the hardware.
      
      Tested with a 64-bit kernel on a 4-core Ivybridge CPU with eagerfpu=off,
      by doing thousands of suspend/resume cycles with 4 processes doing FPU
      operations running. Without the patch, a process is killed after a
      few hundreds cycles by a SIGFPE.
      
      Cc: Duncan Laurie <dlaurie@chromium.org>
      Cc: Olof Johansson <olofj@chromium.org>
      Cc: <stable@kernel.org> v3.4+ # for 3.4 need to replace this_cpu_write by percpu_write
      Signed-off-by: default avatarVincent Palatin <vpalatin@chromium.org>
      Link: http://lkml.kernel.org/r/1354306532-1014-1-git-send-email-vpalatin@chromium.orgSigned-off-by: default avatarH. Peter Anvin <hpa@linux.intel.com>
      644c1541
    • Linus Torvalds's avatar
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · cc19528b
      Linus Torvalds authored
      Pull DRM fixes from Dave Airlie:
       "Just driver fixes, nothing major, except maybe the Ironlake rc6
        disable:
      
         - intel:
           * revert ironlake rc6 - we still have one ilk regression, but this
             gets rid of one big one
           * turn off cloning
           * a directed fix for Apple edp
         - radeon: one modesetting fix
         - exynos: minor fixes"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        radeon: fix pll/ctrc mapping on dce2 and dce3 hardware
        Revert "drm/i915: enable rc6 on ilk again"
        drm/i915: do not default to 18 bpp for eDP if missing from VBT
        drm/exynos: Fix potential NULL pointer dereference in exynos_drm_encoder.c
        drm/exynos: Make exynos4/5_fimd_driver_data static
        drm/exynos: fix overlay updating issue
        drm/exynos: remove unnecessary code.
        drm/exynos: fix linux framebuffer address setting.
        drm/i915: disable cloning on sdvo
      cc19528b
    • Linus Torvalds's avatar
      Merge branch 'akpm' (Fixes from Andrew) · 50a53bbe
      Linus Torvalds authored
      Merge misc fixes from Andrew Morton:
       "Seven fixes, some of them fingers-crossed :("
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (7 patches)
        drivers/rtc/rtc-tps65910.c: fix invalid pointer access on _remove()
        mm: soft offline: split thp at the beginning of soft_offline_page()
        mm: avoid waking kswapd for THP allocations when compaction is deferred or contended
        revert "Revert "mm: remove __GFP_NO_KSWAPD""
        mm: vmscan: fix endless loop in kswapd balancing
        mm/vmemmap: fix wrong use of virt_to_page
        mm: compaction: fix return value of capture_free_page()
      50a53bbe
    • Linus Torvalds's avatar
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 73efd00d
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "These are three fixes for the Marvell EBU family and one for the
        Samsung s3c platforms.  All of them are obvious should still make it
        into 3.7."
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ARM: Kirkwood: Update PCI-E fixup
        Dove: Fix irq_to_pmu()
        Dove: Attempt to fix PMU/RTC interrupts
        ARM: S3C24XX: Fix potential NULL pointer dereference error
      73efd00d
    • Linus Torvalds's avatar
      Merge tag 'ixp4xx-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 90bf80a1
      Linus Torvalds authored
      Pull ARM ixp4xx bug fixes from Arnd Bergmann:
       "These were originally prepared by Krzysztof Halasa but not submitted
        in time for v3.7 due to some confusion about how ixp4xx patches should
        be handled.  Jason Cooper thankfully offered to help out sending the
        patches upstream through arm-soc now, but given the timing, we could
        as well delay them for 3.8."
      
      * tag 'ixp4xx-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        IXP4xx: use __iomem for MMIO
        IXP4xx: map CPU config registers within VMALLOC region.
        IXP4xx: Always ioremap() Queue Manager MMIO region at boot.
        ixp4xx: Declare MODULE_FIRMWARE usage
        IXP4xx crypto: MOD_AES{128,192,256} already include key size.
        WAN: Remove redundant HDLC info printed by IXP4xx HSS driver.
        IXP4xx: Remove time limit for PCI TRDY to enable use of slow devices.
        IXP4xx: ixp4xx_crypto driver requires Queue Manager and NPE drivers.
        IXP4xx: HW pseudo-random generator is available on IXP45x/46x only.
        IXP4xx: Fix off-by-one bug in Goramo MultiLink platform.
        IXP4xx: Fix Goramo MultiLink platform compilation.
      90bf80a1
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm · 50a561ca
      Linus Torvalds authored
      Pull final ARM fix from Russell King:
       "One final fix, spotted by Will, to do with what happens when we boot a
        SMP kernel on UP."
      
      * 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
        ARM: 7586/1: sp804: set cpumask to cpu_possible_mask for clock event device
      50a561ca
    • Kim, Milo's avatar
      drivers/rtc/rtc-tps65910.c: fix invalid pointer access on _remove() · 1430e178
      Kim, Milo authored
      The tps65910_rtc data is registered as the platform driver data in
      _probe(= ).  Therefore the tps65910_rtc should be used on unregistering
      the rtc device.  And device pointer should be retrieved from the
      platform_device structure.
      
      This patch fixes the below oops:
      
       Unable to handle kernel NULL pointer dereference at virtual address 00000008
       Modules linked in: rtc_tps65910(-)
       CPU: 0    Not tainted  (3.7.0-rc7-next-20121128-g6b1f974-dirty #7)
       PC is at tps65910_rtc_alarm_irq_enable+0x20/0x2c [rtc_tps65910]
           (tps65910_rtc_alarm_irq_enable+0x20/0x2c [rtc_tps65910])
           (tps65910_rtc_remove+0x18/0x28 [rtc_tps65910])
           (platform_drv_remove+0x18/0x1c)
           (__device_release_driver+0x70/0xcc)
           (driver_detach+0xb4/0xb8)
           (bus_remove_driver+0x7c/0xc0)
           (sys_delete_module+0x148/0x21c)
      Signed-off-by: default avatarMilo(Woogyom) Kim <milo.kim@ti.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1430e178
    • Naoya Horiguchi's avatar
      mm: soft offline: split thp at the beginning of soft_offline_page() · 783657a7
      Naoya Horiguchi authored
      When we try to soft-offline a thp tail page, put_page() is called on the
      tail page unthinkingly and VM_BUG_ON is triggered in put_compound_page().
      
      This patch splits thp before going into the main body of soft-offlining.
      Signed-off-by: default avatarNaoya Horiguchi <n-horiguchi@ah.jp.nec.com>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: Tony Luck <tony.luck@intel.com>
      Cc: Andi Kleen <andi.kleen@intel.com>
      Cc: Wu Fengguang <fengguang.wu@intel.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      783657a7
    • Mel Gorman's avatar
      mm: avoid waking kswapd for THP allocations when compaction is deferred or contended · 782fd304
      Mel Gorman authored
      With "mm: vmscan: scale number of pages reclaimed by reclaim/compaction
      based on failures" reverted, Zdenek Kabelac reported the following
      
        Hmm,  so it's just took longer to hit the problem and observe
        kswapd0 spinning on my CPU again - it's not as endless like before -
        but still it easily eats minutes - it helps to turn off  Firefox
        or TB  (memory hungry apps) so kswapd0 stops soon - and restart
        those apps again.  (And I still have like >1GB of cached memory)
      
        kswapd0         R  running task        0    30      2 0x00000000
        Call Trace:
          preempt_schedule+0x42/0x60
          _raw_spin_unlock+0x55/0x60
          put_super+0x31/0x40
          drop_super+0x22/0x30
          prune_super+0x149/0x1b0
          shrink_slab+0xba/0x510
      
      The sysrq+m indicates the system has no swap so it'll never reclaim
      anonymous pages as part of reclaim/compaction.  That is one part of the
      problem but not the root cause as file-backed pages could also be
      reclaimed.
      
      The likely underlying problem is that kswapd is woken up or kept awake
      for each THP allocation request in the page allocator slow path.
      
      If compaction fails for the requesting process then compaction will be
      deferred for a time and direct reclaim is avoided.  However, if there
      are a storm of THP requests that are simply rejected, it will still be
      the the case that kswapd is awake for a prolonged period of time as
      pgdat->kswapd_max_order is updated each time.  This is noticed by the
      main kswapd() loop and it will not call kswapd_try_to_sleep().  Instead
      it will loopp, shrinking a small number of pages and calling
      shrink_slab() on each iteration.
      
      This patch defers when kswapd gets woken up for THP allocations.  For
      !THP allocations, kswapd is always woken up.  For THP allocations,
      kswapd is woken up iff the process is willing to enter into direct
      reclaim/compaction.
      
      [akpm@linux-foundation.org: fix typo in comment]
      Signed-off-by: default avatarMel Gorman <mgorman@suse.de>
      Cc: Zdenek Kabelac <zkabelac@redhat.com>
      Cc: Seth Jennings <sjenning@linux.vnet.ibm.com>
      Cc: Jiri Slaby <jirislaby@gmail.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Robert Jennings <rcj@linux.vnet.ibm.com>
      Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Cc: Glauber Costa <glommer@gmail.com>
      Cc: Johannes Weiner <hannes@cmpxchg.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      782fd304
    • Andrew Morton's avatar
      revert "Revert "mm: remove __GFP_NO_KSWAPD"" · a5091539
      Andrew Morton authored
      It apepars that this patch was innocent, and we hope that "mm: avoid
      waking kswapd for THP allocations when compaction is deferred or
      contended" will fix the final kswapd-spinning cause.
      
      Cc: Zdenek Kabelac <zkabelac@redhat.com>
      Cc: Seth Jennings <sjenning@linux.vnet.ibm.com>
      Cc: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Cc: Jiri Slaby <jirislaby@gmail.com>
      Cc: Rik van Riel <riel@redhat.com>
      Cc: Robert Jennings <rcj@linux.vnet.ibm.com>
      Cc: Mel Gorman <mgorman@suse.de>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      a5091539
    • Johannes Weiner's avatar
      mm: vmscan: fix endless loop in kswapd balancing · 60cefed4
      Johannes Weiner authored
      Kswapd does not in all places have the same criteria for a balanced
      zone.  Zones are only being reclaimed when their high watermark is
      breached, but compaction checks loop over the zonelist again when the
      zone does not meet the low watermark plus two times the size of the
      allocation.  This gets kswapd stuck in an endless loop over a small
      zone, like the DMA zone, where the high watermark is smaller than the
      compaction requirement.
      
      Add a function, zone_balanced(), that checks the watermark, and, for
      higher order allocations, if compaction has enough free memory.  Then
      use it uniformly to check for balanced zones.
      
      This makes sure that when the compaction watermark is not met, at least
      reclaim happens and progress is made - or the zone is declared
      unreclaimable at some point and skipped entirely.
      Signed-off-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Reported-by: default avatarGeorge Spelvin <linux@horizon.com>
      Reported-by: default avatarJohannes Hirte <johannes.hirte@fem.tu-ilmenau.de>
      Reported-by: default avatarTomas Racek <tracek@redhat.com>
      Tested-by: default avatarJohannes Hirte <johannes.hirte@fem.tu-ilmenau.de>
      Reviewed-by: default avatarRik van Riel <riel@redhat.com>
      Cc: Mel Gorman <mel@csn.ul.ie>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      60cefed4
    • Jianguo Wu's avatar
      mm/vmemmap: fix wrong use of virt_to_page · ae64ffca
      Jianguo Wu authored
      I enable CONFIG_DEBUG_VIRTUAL and CONFIG_SPARSEMEM_VMEMMAP, when doing
      memory hotremove, there is a kernel BUG at arch/x86/mm/physaddr.c:20.
      
      It is caused by free_section_usemap()->virt_to_page(), virt_to_page() is
      only used for kernel direct mapping address, but sparse-vmemmap uses
      vmemmap address, so it is going wrong here.
      
        ------------[ cut here ]------------
        kernel BUG at arch/x86/mm/physaddr.c:20!
        invalid opcode: 0000 [#1] SMP
        Modules linked in: acpihp_drv acpihp_slot edd cpufreq_conservative cpufreq_userspace cpufreq_powersave acpi_cpufreq mperf fuse vfat fat loop dm_mod coretemp kvm crc32c_intel ipv6 ixgbe igb iTCO_wdt i7core_edac edac_core pcspkr iTCO_vendor_support ioatdma microcode joydev sr_mod i2c_i801 dca lpc_ich mfd_core mdio tpm_tis i2c_core hid_generic tpm cdrom sg tpm_bios rtc_cmos button ext3 jbd mbcache usbhid hid uhci_hcd ehci_hcd usbcore usb_common sd_mod crc_t10dif processor thermal_sys hwmon scsi_dh_alua scsi_dh_hp_sw scsi_dh_rdac scsi_dh_emc scsi_dh ata_generic ata_piix libata megaraid_sas scsi_mod
        CPU 39
        Pid: 6454, comm: sh Not tainted 3.7.0-rc1-acpihp-final+ #45 QCI QSSC-S4R/QSSC-S4R
        RIP: 0010:[<ffffffff8103c908>]  [<ffffffff8103c908>] __phys_addr+0x88/0x90
        RSP: 0018:ffff8804440d7c08  EFLAGS: 00010006
        RAX: 0000000000000006 RBX: ffffea0012000000 RCX: 000000000000002c
        ...
      Signed-off-by: default avatarJianguo Wu <wujianguo@huawei.com>
      Signed-off-by: default avatarJiang Liu <jiang.liu@huawei.com>
      Reviewd-by: default avatarWen Congyang <wency@cn.fujitsu.com>
      Acked-by: default avatarJohannes Weiner <hannes@cmpxchg.org>
      Reviewed-by: default avatarYasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com>
      Reviewed-by: default avatarMichal Hocko <mhocko@suse.cz>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ae64ffca
    • Mel Gorman's avatar
      mm: compaction: fix return value of capture_free_page() · 58d00209
      Mel Gorman authored
      Commit ef6c5be6 ("fix incorrect NR_FREE_PAGES accounting (appears
      like memory leak)") fixes a NR_FREE_PAGE accounting leak but missed the
      return value which was also missed by this reviewer until today.
      
      That return value is used by compaction when adding pages to a list of
      isolated free pages and without this follow-up fix, there is a risk of
      free list corruption.
      Signed-off-by: default avatarMel Gorman <mgorman@suse.de>
      Cc: Dave Hansen <dave@linux.vnet.ibm.com>
      Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      58d00209
    • Al Viro's avatar
      fix off-by-one in argument passed by iterate_fd() to callbacks · a77cfcb4
      Al Viro authored
      Noticed by Pavel Roskin; the thing in his patch I disagree with
      was compensating for that shite in callbacks instead of fixing
      it once in the iterator itself.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      a77cfcb4
    • Al Viro's avatar
      lookup_one_len: don't accept . and .. · 21d8a15a
      Al Viro authored
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      21d8a15a
    • Al Viro's avatar
      cifs: get rid of blind d_drop() in readdir · 0903a0c8
      Al Viro authored
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      0903a0c8
    • Al Viro's avatar
      nfs_lookup_revalidate(): fix a leak · c44600c9
      Al Viro authored
      We are leaking fattr and fhandle if we decide that dentry is not to
      be invalidated, after all (e.g. happens to be a mountpoint).  Just
      free both before that...
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      c44600c9
    • Al Viro's avatar
      don't do blind d_drop() in nfs_prime_dcache() · 696199f8
      Al Viro authored
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      696199f8
  6. 29 Nov, 2012 6 commits
    • Arnd Bergmann's avatar
      Merge branch 'v3.7-samsung-fixes-4' of... · 9434d24b
      Arnd Bergmann authored
      Merge branch 'v3.7-samsung-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes
      
      From Kukjin Kim <kgene.kim@samsung.com>:
      
      Samsung fixes for v3.7
      
      * 'v3.7-samsung-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
        ARM: S3C24XX: Fix potential NULL pointer dereference error
      
      This would have been ok to delay to 3.8 according to Kukjin, but since
      it's an obvious bug fix and a potential NULL pointer dereference, it
      seem appropriate for a late 3.7 submission.
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      9434d24b
    • Ohad Ben-Cohen's avatar
      remoteproc: fix error path of ->find_vqs · dab55bba
      Ohad Ben-Cohen authored
      Eliminate an erroneous invocation of rproc_shutdown inside
      the error path of rproc_virtio_find_vqs.
      Reported-by: default avatarIdo Yariv <ido@wizery.com>
      Signed-off-by: default avatarOhad Ben-Cohen <ohad@wizery.com>
      dab55bba
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · e9296e89
      Linus Torvalds authored
      Pull networking fixes from David Miller:
       "Some more fixes trickled in over the past few days:
      
         1) PIM device names can overflow the IFNAMSIZ buffer unless we
            properly limit the allowed indexes, fix from Eric Dumazet.
      
         2) Under heavy load we can OOPS in icmp reply processing due to an
            unchecked inet_putpeer() call.  Fix from Neal Cardwell.
      
         3) SCTP round trip calculations need to use 64-bit math to avoid
            overflows, fix from Schoch Christian.
      
         4) Fix a memory leak and an error return flub in SCTP and IRDA
            triggerable by userspace.  Fix from Tommi Rantala and found by the
            syscall fuzzer (trinity).
      
         5) MLX4 driver gives bogus size to memcpy() call, fix from Amir
            Vadai.
      
         6) Fix length calculation in VHOST descriptor translation, from
            Michael S Tsirkin.
      
         7) Ambassador ATM driver loops forever while loading firmware, fix
            from Dan Carpenter.
      
         8) Over MTU packets in openvswitch warn about wrong device, fix from
            Jesse Gross.
      
         9) Netfilter IPSET's netlink code can overrun a string buffer because
            it's not properly limited to IFNAMSIZ.  Fix from Florian Westphal.
      
        10) PCAN USB driver sets wrong timestamp in SKB, from Oliver Hartkopp.
      
        11) Make sure the RX ifindex always has a valid value in the CAN BCM
            driver, even if we haven't received a frame yet.  Fix also from
            Oliver Hartkopp."
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
        team: fix hw_features setup
        atm: forever loop loading ambassador firmware
        vhost: fix length for cross region descriptor
        irda: irttp: fix memory leak in irttp_open_tsap() error path
        net: qmi_wwan: add Huawei E173
        net/mlx4_en: Can set maxrate only for TC0
        sctp: Error in calculation of RTTvar
        sctp: fix -ENOMEM result with invalid user space pointer in sendto() syscall
        sctp: fix memory leak in sctp_datamsg_from_user() when copy from user space fails
        net: ipmr: limit MRT_TABLE identifiers
        ipv4: avoid passing NULL to inet_putpeer() in icmpv4_xrlim_allow()
        can: bcm: initialize ifindex for timeouts without previous frame reception
        can: peak_usb: fix hwtstamp assignment
        netfilter: ipset: fix netiface set name overflow
        openvswitch: Store flow key len if ARP opcode is not request or reply.
        openvswitch: Print device when warning about over MTU packets.
      e9296e89
    • Al Viro's avatar
    • Al Viro's avatar
      afd3f96d
    • Al Viro's avatar
      sh64: fix altstack switching on sigreturn · 9dc87c7b
      Al Viro authored
      incidentally, declaring a local variable as __user (!) to make
      sparse STFU is really sick.  Especially since sparse had been
      100% right - it *is* a bug.
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      9dc87c7b