- 26 Jun, 2007 4 commits
-
-
Oliver Neukum authored
usblcd currently has no way to limit memory consumption by fast writers. This is a security problem, as it allows users with write access to this device to drive the system into oom despite resource limits. Here's the fix taken from the modern skeleton driver. Signed-off-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Oliver Neukum authored
this is a classical memory leak in the ioctl handler. The buffer is simply never freed. This fixes it the obvious way. Signed-off-by: Oliver Neukum <oneukum@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Oliver Neukum authored
you are submitting an URB with GFP_KERNEL holding a spinlock. In this case the spinlock can be dropped earlier. Signed-off-by: Oliver Neukum <oneukum@suse.de> Cc: Al Borchers <alborchers@steinerpoint.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Oleg Nesterov authored
New changes in the signal-handling code require compensating changes in g_file_storage. This patch (as913) by Oleg Nesterov makes the code use allow_signal() instead of sigprocmask(). From: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Alan Stern <stern@rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
- 24 Jun, 2007 36 commits
-
-
Linus Torvalds authored
-
Thomas Gleixner authored
The return value of futex_find_get_task() needs to be -ESRCH in case that the search fails. This was part of the original futex fixes and got accidentally dropped, when the futex-tidy-up patch was split out. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@elte.hu> Cc: Stable Team <stable@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Linus Torvalds authored
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [NET]: Make skb_seq_read unmap the last fragment [NET]: Re-enable irqs before pushing pending DMA requests [TCP] tcp_read_sock: Allow recv_actor() return return negative error value. [PPP]: Fix osize too small errors when decoding mppe. [PPP]: Revert 606f585e [TIPC]: Fix infinite loop in netlink handler [SKBUFF]: Fix incorrect config #ifdef around skb_copy_secmark [IPV4]: include sysctl.h from inetdevice.h [IPV6] NDISC: Fix thinko to control Router Preference support. [NETFILTER]: nfctnetlink: Don't allow to change helper [NETFILTER]: nf_conntrack_sip: add missing message types containing RTP info
-
Tian Kevin authored
Register %ebx serves as the "global offset table base register" for position-independent code. For absolute code, %ebx serves as a local register and has no specified role in the function calling sequence. In either case, a function must preserve the register value for the caller. acpi_copy_wakeup_routine overrides %ebx without saving it, this may corrupt the called data. Kevin found that most time the value of Sx is saved in %esi, however sometimes compiler also uses %ebx. When this happens, suspends fails since sleep value in ebx is changed by acpi_copy_wakeup_routine. The same funtion in X86_64 doesn't have this problem. Signed-off-by: Zhang Rui <rui.zhang@intel.com> Looks-okay-to: Pavel Machek <pavel@ucw.cz> Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Cc: Len Brown <lenb@kernel.org> Acked-by: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Kirill Korotaev authored
One of error path in ext4_read_inode() leaks bh since brelse is forgoten. Signed-off-by: Kirill Korotaev <dev@openvz.org> Acked-by: Vasily Averin <vvs@sw.ru> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Kirill Korotaev authored
One of error path in ext3_read_inode() leaks bh since brelse is forgoten. Signed-off-by: Kirill Korotaev <dev@openvz.org> Acked-by: Vasily Averin <vvs@sw.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Tony Jones authored
Removing a watched file will oops if audit is disabled (auditctl -e 0). To reproduce: - auditctl -e 1 - touch /tmp/foo - auditctl -w /tmp/foo - auditctl -e 0 - rm /tmp/foo (or mv) Signed-off-by: Tony Jones <tonyj@suse.de> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Carsten Otte authored
Yan Zheng pointed out that ext2_remount lacks checking if -o xip should be enabled or not. This patch checks for presence of direct_access on the backing block device and if the blocksize meets the requirements. Signed-off-by: Carsten Otte <cotte@de.ibm.com> Cc: Yan Zheng <yanzheng@21cn.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Joshua Wise authored
Background: When a userspace application wants to know about machine check events, it opens /dev/mcelog and does a read(). Usually, we found that this interface works well, but in some cases, when the system was taking large numbers of machine check exceptions, the read() would hang. The system would output a soft-lockup warning, and the daemon reading from /dev/mcelog would suck up as much of a single CPU as it could spinning in system space. Description: This patch fixes this bug. In particular, there was a "continue" inside a timeout loop that presumably was intended to break out of the outer loop, but instead caused the inner loop to continue. This patch also makes the condition for the break-out a little more evident by changing a !time_before to a time_after_eq. Result: The read() no longer hangs in this test case. Testing: On my system, I could replicate the bug with the following command: # for i in `seq 15000`; do ./inject_sbe.sh; done where inject_sbe.sh contains commands to inject a single-bit error into the next memory write transaction. Patch: This patch is against git f1518a08. Signed-off-by: Joshua Wise <jwise@google.com> Signed-off-by: Tim Hockin <thockin@google.com> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Andy Whitcroft authored
Update to checkpatch.pl v0.06. Of note: - do { and else handled correctly as control structures for { matching - trailing whitespace correctly tripped when line otherwise empty - support for const, including const foo * const bar - multiline macros defining values correctly reported This version of checkpatch.pl can be found at the following URL: http://www.kernel.org/pub/linux/kernel/people/apw/checkpatch/checkpatch.pl-0.06 Full Changelog: Andy Whitcroft (14): Version: 0.06 cleanup the Type regular expression declarations fix up block counting end of line counts as a space for ++ and -- do { needs the same checks as if, for et al handle "const foo * const a" as a valid type add spacing checks following ; complete whitespace lines should trip trailing whitespace check else is also a block control structure badly formatted else can trip function declaration detect and report trailing statements after else types need to be terminated by a boundary multiline macros defining values should be surrounded by parentheses soften the wording of the Signed-off-by: warnings Signed-off-by: Andy Whitcroft <apw@shadowen.org> Cc: "Randy.Dunlap" <rdunlap@xenotime.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Christoph Lameter authored
MAX_ORDER is the first order that is not possible. Use MAX_ORDER - 1 to calculate the larges possible object size in slab.h Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Dave Hansen authored
These should have been documented from the beginning. Fix it. Signed-off-by: Dave Hansen <haveblue@us.ibm.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Jonathan Corbet authored
Encourage developers to avoid the volatile type class in kernel code. Signed-off-by: Jonathan Corbet <corbet@lwn.net> Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Jeff Dike authored
Add asm-um/paravirt.h so that i386 headers that get pulled into UML don't cause build failures when they want asm/paravirt.h. Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Nick Piggin authored
Get UML to use the generic bug support rather than arch specific one. If I insert an artificial bug right before loading init, I get this: Kernel panic - not syncing: Kernel mode signal 4 EIP: 0023:[<0819d501>] CPU: 0 Not tainted ESP: 002b:f7fd4fbc EFLAGS: 00000246 Not tainted EAX: 00000000 EBX: 00007870 ECX: 00000013 EDX: 00007870 ESI: 0000786d EDI: 00000011 EBP: f7fd4fd8 DS: 002b ES: 002b 08273bec: [<0806e814>] show_regs+0x104/0x106 08273c08: [<08058927>] panic_exit+0x2c/0x4b 08273c18: [<08080ee7>] notifier_call_chain+0x32/0x5b 08273c38: [<08080fbd>] __atomic_notifier_call_chain+0x30/0x32 08273c54: [<08080fee>] atomic_notifier_call_chain+0x2f/0x31 08273c70: [<08073b88>] panic+0x75/0x131 08273c94: [<080586c7>] relay_signal+0x87/0x95 08273cb0: [<0806b9ee>] sig_handler_common_skas+0x9e/0x120 08273cd8: [<08067738>] sig_handler+0x28/0x4f 08273cec: [<0806792e>] handle_signal+0x53/0x89 08273d0c: [<08069f60>] hard_handler+0x18/0x28 08273d1c: [<ffffe500>] transitions+0xf7d598b8/0xfffffff0 With this patch in place, this is how it looks: BUG: failure at init/main.c:779/init_post()! Kernel panic - not syncing: BUG! EIP: 0023:[<081a65d1>] CPU: 0 Not tainted ESP: 002b:f7f0dfbc EFLAGS: 00000246 Not tainted EAX: 00000000 EBX: 000069db ECX: 00000013 EDX: 000069db ESI: 000069d8 EDI: 00000011 EBP: f7f0dfd8 DS: 002b ES: 002b 098efedc: [<0806e9a4>] show_regs+0x104/0x106 098efef8: [<080589c7>] panic_exit+0x2c/0x4b 098eff08: [<080818d7>] notifier_call_chain+0x32/0x5b 098eff28: [<080819ad>] __atomic_notifier_call_chain+0x30/0x32 098eff44: [<080819de>] atomic_notifier_call_chain+0x2f/0x31 098eff60: [<08073f28>] panic+0x75/0x131 098eff84: [<080541d5>] init_post+0xcd/0xe8 098eff9c: [<08048ad4>] kernel_init+0x8e/0x9a 098effb4: [<08066dee>] run_kernel_thread+0x41/0x53 098effe0: [<08058e75>] new_thread_handler+0x62/0x8b 098efffc: [<a55a5a5a>] 0xa55a5a5a [ jdike - added BUG_TABLE to linker script ] Signed-off-by: Nick Piggin <npiggin@suse.de> Signed-off-by: Jeff Dike <jdike@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ingo Korb authored
The stallion driver oopses while initializing ISA cards due to an uninitialized variable. This patch changes the initialisation order to match the PCI code path. Signed-off-by: Ingo Korb <ml@akana.de> Acked-by: Jiri Slaby <jirislaby@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ivan Kokshaysky authored
Hopefully this fixes http://bugzilla.kernel.org/show_bug.cgi?id=8635 The struct in6_addr passed to csum_ipv6_magic() is 4 byte aligned, so we can't use the regular 64-bit loads. Since the cost of handling of 4 byte and 1 byte aligned 64-bit data is roughly the same, this code can cope with any src/dst [mis]alignment. Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Richard Henderson <rth@twiddle.net> Cc: Dustin Marquess <jailbird@alcatraz.fdf.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Andy Whitcroft authored
This version brings a some new tests, and a host of changes to fix false positives, of particular note: - detect 'var ++;' and 'var --;' as a bad combination - multistatement #defines are now checked based on statement count - multistatement #defines with initialisation correctly reported - checks the location of the inline keywords - EXPORT_SYMBOL for variables are now understood - typedefs are loosened to handle sparse etc This version of checkpatch.pl can be found at the following URL: http://www.shadowen.org/~apw/public/checkpatch/checkpatch.pl-0.05 Full Changelog: Andy Whitcroft (18): Version: 0.05 macro definition checks should be for a single statement avoid assignements only in if conditionals declarations of function pointers need no space multiline macros which are purely initialisation cannot be wrapped EXPORT_SYMBOL can also directly follow a variable definition check on the location of the inline keyword EXPORT_SYMBOL needs to allow for attributes ensure we do not find C99 // in strings handle malformed #include lines accept the {0,} form typedefs are sensible for defining function pointer parameters ensure { handling correctly handles nested switch() statements trailing whitespace checks are not anchored typedefs for sparse bitwise annotations make sense update the type matcher to include sparse annotations clean up indent and spacing Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Christoph Lameter authored
The intervals of domains that do not have SD_BALANCE_NEWIDLE must be considered for the calculation of the time of the next balance. Otherwise we may defer rebalancing forever. Siddha also spotted that the conversion of the balance interval to jiffies is missing. Fix that to. From: Srivatsa Vaddagiri <vatsa@linux.vnet.ibm.com> also continue the loop if !(sd->flags & SD_LOAD_BALANCE). Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> It did in fact trigger under all three of mainline, CFS, and -rt including CFS -- see below for a couple of emails from last Friday giving results for these three on the AMD box (where it happened) and on a single-quad NUMA-Q system (where it did not, at least not with such severity). Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Ingo Molnar <mingo@elte.hu> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Christoph Lameter authored
If slabs are allocated or freed from a large set of call sites (typical for the kmalloc area) then we may create more output than fits into a single PAGE and sysfs only gives us one page. The output should be truncated. This patch fixes the checks to do the truncation properly. Signed-off-by: Christoph Lameter <clameter@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ben Dooks authored
When binding the driver, check the ID register for a valid identity, in case the SM501 is not functioning correctly. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ben Dooks authored
Add documentation for the SM501 in Documentation/SM501.txt outlining the SM501 driver. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ben Dooks authored
Ensure that the M1XCLK and MCLK are sourced from the same PLL (and refuse to bind the driver if they are not). Update the PCI to safe initialisation values, as 72MHz is the maximum clock for 33MHz PCI bus mastering. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ben Dooks authored
The order of the set and mask operation in sm501_init_reg() was setting and then masking the bits set. Correct the order so that we do not end up with 288MHz SDRAM clocks on certain systems. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ben Dooks authored
This init sequence of setting the SDRAM clock before the bus clock is recommend by Silicon Motion to stop problems with writes not sticking into registers. Signed-off-by: Vincent Sanders <vince@simtec.co.uk> Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Ben Dooks authored
This patch adds support for suspending the core (mfd driver) of the SM501. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Egmont Koblinger authored
Recently my console UTF-8 patch went mainline. Here is an additional patch that fixes two nasty issues and improves a third one, namely: 1. My patch changed the behavior if a glyph is not found in the Unicode mapping table. Previously for Unicode values less than 256 or 512 the kernel tried to display the glyph from that position of the glyph table, which could lead to a different accented letter being displayed. I removed this fallback possibility and changed it to display the replacement symbol. As Behdad pointed out, some fonts (e.g. sun12x22 from the kbd package) lack Unicode mapping information, hence all you get is lots of question marks. Though theoretically it's actually a user-space bug (the font should be fixed), Behdad and I both believe that it'd be good to work around in the kernel by re-introducing the fallback solution for ASCII characters only. This sounds a quite reasonable decision, since all fonts ship the ASCII characters in the first 128 positions. This way users won't be surprised by lots of question marks just because s/he issued a not-so-perfectly parameterized setfont command. As this fallback is only re-introduced for code points below 128, you still won't see an accented letter replaced by another, but at least you'll always get the English letters right. 2. My patch introduced "question mark with inverted color attributes" as a last resort fallback glyph. Though it perfectly works on VGA console, on framebuffer you may end up with question marks that are highlighed but shouldn't be, and normal characters that are accidentally highlighed. This is caused by missing FLUSHes when changing the color attribute. 3. I've updated the table of double-width character based on Markus's updated version. Only ten new code poings (one interval) is added. Signed-off-by: Egmont Koblinger <egmont@uhulinux.hu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Cedric Le Goater authored
When a namespace is unshared, a refcount on the previous nsproxy is abusively taken, leading to a memory leak of nsproxy objects. Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Cc: Badari Pulavarty <pbadari@us.ibm.com> Cc: Herbert Poetzl <herbert@13thfloor.at> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Jean Delvare authored
Signed-off-by: Jean Delvare <khali@linux-fr.org> Cc: Rudolf Marek <r.marek@assembler.cz> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
Olaf Kirch authored
Having walked through the entire skbuff, skb_seq_read would leave the last fragment mapped. As a consequence, the unwary caller would leak kmaps, and proceed with preempt_count off by one. The only (kind of non-intuitive) workaround is to use skb_seq_read_abort. This patch makes sure skb_seq_read always unmaps frag_data after having cycled through the skb's paged part. Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Shannon Nelson authored
This moves the local_irq_enable() call in net_rx_action() to before calling the CONFIG_NET_DMA's dma_async_memcpy_issue_pending() rather than after. This shortens the irq disabled window and allows for DMA drivers that need to do their own irq hold. Signed-off-by: Shannon Nelson <shannon.nelson@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Jens Axboe authored
tcp_read_sock() currently assumes that the recv_actor() only returns number of bytes copied. For network splice receive, we may have to return an error in some cases. So allow the actor to return a negative error value. Signed-off-by: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Konstantin Sharlaimov authored
The mppe_decompress() function required a buffer that is 1 byte too small when receiving a message of mru size. This fixes buffer allocation to prevent this from occurring. Signed-off-by: Konstantin Sharlaimov <konstantin.sharlaimov@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
David S. Miller authored
This can cause packet buffer overflows in certain cases, the real bug will be fixed differently in a followon changeset. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Florian Westphal authored
The tipc netlink config handler uses the nlmsg_pid from the request header as destination for its reply. If the application initialized nlmsg_pid to 0, the reply is looped back to the kernel, causing hangup. Fix: use nlmsg_pid of the skb that triggered the request. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
secmark doesn't depend on CONFIG_NET_SCHED. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-