Oops might happen because we check rt2x00queue_empty(queue) twice,
but this condition can change and we can process entry in
rt2800_txdone_entry(), which was already processed by
rt2800usb_txdone_entry_check() -> rt2x00lib_txdone_noinfo() and
has nullify entry->skb .
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com> Cc: stable@kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Modify flags in separate order in rt2x00usb_interrupt_txdone, to avoid
processing entries in _txdone with wrong flags or skip processing
ready entries.
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com> Cc: stable@kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Oops might happen because we perform parallel putting new entries in a
queue (rt2x00queue_write_tx_frame()) and removing entries after
finishing transmitting (rt2800usb_work_txdone()). There are cases when
_txdone may process an entry that was not fully send and nullify
entry->skb .
To fix check in _txdone if entry has flags that indicate pending
transmission and wait until flags get cleared.
Reported-by: Justin Piszcz <jpiszcz@lucidpixels.com> Cc: stable@kernel.org Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com> Acked-by: Ivo van Doorn <IvDoorn@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Vasiliy Kulikov [Mon, 8 Aug 2011 15:02:04 +0000 (19:02 +0400)]
move RLIMIT_NPROC check from set_user() to do_execve_common()
The patch http://lkml.org/lkml/2003/7/13/226 introduced an RLIMIT_NPROC
check in set_user() to check for NPROC exceeding via setuid() and
similar functions.
Before the check there was a possibility to greatly exceed the allowed
number of processes by an unprivileged user if the program relied on
rlimit only. But the check created new security threat: many poorly
written programs simply don't check setuid() return code and believe it
cannot fail if executed with root privileges. So, the check is removed
in this patch because of too often privilege escalations related to
buggy programs.
The NPROC can still be enforced in the common code flow of daemons
spawning user processes. Most of daemons do fork()+setuid()+execve().
The check introduced in execve() (1) enforces the same limit as in
setuid() and (2) doesn't create similar security issues.
Neil Brown suggested to track what specific process has exceeded the
limit by setting PF_NPROC_EXCEEDED process flag. With the change only
this process would fail on execve(), and other processes' execve()
behaviour is not changed.
Solar Designer suggested to re-check whether NPROC limit is still
exceeded at the moment of execve(). If the process was sleeping for
days between set*uid() and execve(), and the NPROC counter step down
under the limit, the defered execve() failure because NPROC limit was
exceeded days ago would be unexpected. If the limit is not exceeded
anymore, we clear the flag on successful calls to execve() and fork().
The flag is also cleared on successful calls to set_user() as the limit
was exceeded for the previous user, not the current one.
Similar check was introduced in -ow patches (without the process flag).
v3 - clear PF_NPROC_EXCEEDED on successful calls to set_user().
cifs: Do not set cifs/ntfs acl using a file handle (try #4)
Set security descriptor using path name instead of a file handle.
We can't be sure that the file handle has adequate permission to
set a security descriptor (to modify DACL).
Function set_cifs_acl_by_fid() has been removed since we can't be
sure how a file was opened for writing, a valid request can fail
if the file was not opened with two above mentioned permissions.
We could have opted to add on WRITE_DAC and WRITE_OWNER permissions
to file opens and then use that file handle but adding addtional
permissions such as WRITE_DAC and WRITE_OWNER could cause an
any open to fail.
And it was incorrect to look for read file handle to set a
security descriptor anyway.
Signed-off-by: Shirish Pargaonkar <shirishpargaonkar@gmail.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Steve French [Tue, 9 Aug 2011 18:44:44 +0000 (18:44 +0000)]
[CIFS] Cleanup use of CONFIG_CIFS_STATS2 ifdef to make transport routines more readable
Christoph had requested that the stats related code (in
CONFIG_CIFS_STATS2) be moved into helpers to make code flow more
readable. This patch should help. For example the following
section from transport.c
Reviewed-by: Jeff Layton <jlayton@redhat.com> CC: Christoph Hellwig <hch@infradead.org> Signed-off-by: Steve French <sfrench@us.ibm.com> Reviewed-by: Pavel Shilovsky <piastry@etersoft.ru>
powerpc/4xx: enable and fix pcie gen1/gen2 on the 460sx
Adds a register to the config space for the 460sx. Changes the vc0
detect to a pll detect. maps configuration space to test the link
status. changes the setup to enable gen2 devices to operate at gen2
speeds. fixes mapping that was not correct for the 460sx. added
bit definitions for the OMRxMSKL registers. Removed reserved bit
that was set incorrectly in the OMR2MSKL register.
This patch adds kexec support for PPC440 based chipsets. This work is based
on the KEXEC patches for FSL BookE.
The FSL BookE patch and the code flow could be found at the link below:
http://patchwork.ozlabs.org/patch/49359/
Steps:
1) Invalidate all the TLB entries except the one this code is run from
2) Create a tmp mapping for our code in the other address space and jump to it
3) Invalidate the entry we used
4) Create a 1:1 mapping for 0-2GiB in blocks of 256M
5) Jump to the new 1:1 mapping and invalidate the tmp mapping
I have tested this patches on Ebony, Sequoia boards and Virtex on QEMU.
You need kexec-tools commit e8b7939b1e or newer for ppc440x support,
available at:
Julia Lawall [Tue, 9 Aug 2011 15:10:56 +0000 (11:10 -0400)]
hwmon: (ibmaem) add missing kfree
rs_resp is dynamically allocated in aem_read_sensor(), so it should be freed
before exiting in every case. This collects the kfree and the return at
the end of the function.
hwmon: (pmbus/lm25066) Ignore byte writes to non-zero pages
pmbus_clear_faults() attempts to clear faults on non-existing real pages.
As a result, the command error bit in the status register is set, and faults
are not really cleared.
All byte writes to non-zero pages are requests to clear the status register
on that page. Since non-zero pages are virtual and do not exist on the chip,
there is nothing to do, and such requests have to be ignored. This fixes
above problem.
Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Reviewed-by: Robert Coulson <robert.coulson@ericsson.com>
Axel Lin [Thu, 11 Aug 2011 16:22:45 +0000 (09:22 -0700)]
Input: tegra-kbc - correct call to input_free_device
If kzalloc for kbc fails, then we have NULL pointer dereference while
calling input_free_device(kbc->idev) in the error handling.
So it is safer to always use the original name, input_dev.
Signed-off-by: Axel Lin <axel.lin@gmail.com> Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Linus Torvalds [Thu, 11 Aug 2011 16:03:48 +0000 (09:03 -0700)]
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
perf symbols: Check '/tmp/perf-' symbol file ownership
perf sched: Usage leftover from trace -> script rename
perf sched: Do not delete session object prematurely
perf tools: Check $HOME/.perfconfig ownership
perf, x86: Add model 45 SandyBridge support
perf tools: Add support to install perf python extension
perf tools: do not look at ./config for configuration
perf tools: Make clean leaves some files
perf lock: Dropping unsupported ':r' modifier
perf probe: Fix coredump introduced by probe module option
jump label: Reduce the cycle count by changing the link order
perf report: Use ui__warning in some more places
perf python: Add PERF_RECORD_{LOST,READ,SAMPLE} routine tables
perf evlist: Introduce 'disable' method
trace events: Update version number reference to new 3.x scheme for EVENT_POWER_TRACING_DEPRECATED
perf buildid-cache: Zero out buffer of filenames when adding/removing buildid
It turns out that one was meant to be applied on top of the edac.git
tree in -next that has more i7core_edac changes, but that wasn't clear
in the original email.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Acked-by: Borislav Petkov <borislav.petkov@amd.com> Cc: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Peng Tao [Wed, 10 Aug 2011 22:29:21 +0000 (18:29 -0400)]
NFS41: make PNFS_BLOCK selectable
PNFS_BLOCK needs BLK_DEV_DM/MD, which is not a dependency for other
pnfs layout drivers. Seperate it out so others can still build when
BLK_DEV_DM/MD is not enabled.
Also change select to depends on to avoid build failures.
Reported-and-tested-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Peng Tao <peng_tao@emc.com> Acked-by: Benny Halevy <bhalevy@tonian.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sebastian Ott [Thu, 11 Aug 2011 14:43:48 +0000 (16:43 +0200)]
[S390] cio: add message for timeouts on internal I/O
Print a message in case we do not receive an IRQ in time (for internal
I/O). Also print the ID of the last used channel path, since it is
possible that not the device itself but this specific path might have
a defect.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
x = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
when != if (...) { <+...kfree(x)...+> }
when any
when != true x == NULL
x->fl
...>
(
if (x == NULL) S1
|
if (...) { ... when != x
when forall
(
return \(0\|<+...x...+>\|ptr\);
|
* return ...;
)
}
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Heiko Carstens [Thu, 11 Aug 2011 14:43:15 +0000 (16:43 +0200)]
[S390] nss,initrd: kernel image and initrd must be in different segments
When IPL'ing from a block device and an NSS should be created we must
make sure that the kernel image and the initrd are in different 1MB
segments. Otherwise creating the NSS will fail.
So we make sure the initrd is 4MB behind the end of the kernel image
like we do already when IPL via the VM reader is performed.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Ralf Baechle [Wed, 10 Aug 2011 05:23:46 +0000 (05:23 +0000)]
PCnet: Fix section mismatch
Building MIPS mtx1_defconfig results in:
MODPOST 735 modules
WARNING: drivers/net/pcnet32.o(.devinit.text+0x11ec): Section mismatch in reference from the function pcnet32_probe_vlbus.constprop.22() to the variable .init.data:pcnet32_portlist
The function __devinit pcnet32_probe_vlbus.constprop.22() references
a variable __initdata pcnet32_portlist.
If pcnet32_portlist is only used by pcnet32_probe_vlbus.constprop.22 then
annotate pcnet32_portlist with a matching annotation.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov [Tue, 9 Aug 2011 03:11:13 +0000 (03:11 +0000)]
bnx2x: disable dcb on 578xx since not supported yet
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov [Tue, 9 Aug 2011 03:10:29 +0000 (03:10 +0000)]
bnx2x: properly clean indirect addresses
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Dmitry Kravkov [Tue, 9 Aug 2011 03:09:52 +0000 (03:09 +0000)]
bnx2x: prevent race between undi_unload and load flows
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Dmitry Kravkov <dmitry@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
As rt_iif represents input device even for packets
coming from loopback with output route, it is not an unique
key specific to input routes. Now rt_route_iif has such role,
it was fl.iif in 2.6.38, so better to change the checks at
some places to save CPU cycles and to restore 2.6.38 semantics.
compare_keys:
- input routes: only rt_route_iif matters, rt_iif is same
- output routes: only rt_oif matters, rt_iif is not
used for matching in __ip_route_output_key
- now we are back to 2.6.38 state
ip_route_input_common:
- matching rt_route_iif implies input route
- compared to 2.6.38 we eliminated one rth->fl.oif check
because it was not needed even for 2.6.38
compare_hash_inputs:
Only the change here is not an optimization, it has
effect only for output routes. I assume I'm restoring
the original intention to ignore oif, it was using fl.iif
- now we are back to 2.6.38 state
Signed-off-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: David S. Miller <davem@davemloft.net>
Call cipso_v4_doi_putdef in the case of the failure of the allocation of
entry. Reverse the order of the error handling code at the end of the
function and insert more labels in order to reduce the number of
unnecessary calls to kfree.
Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: David S. Miller <davem@davemloft.net>
sh_sir.c: In function 'sh_sir_write':
sh_sir.c:127:2: error: implicit declaration of function 'iowrite16'
sh_sir.c: In function 'sh_sir_read':
sh_sir.c:132:2: error: implicit declaration of function 'ioread16'
sh_sir.c: At top level:
sh_sir.c:561:20: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'sh_sir_irq'
sh_sir.c: In function 'sh_sir_probe':
sh_sir.c:727:2: error: implicit declaration of function 'ioremap_nocache'
sh_sir.c:727:16: warning: assignment makes pointer from integer without a cast
sh_sir.c:762:2: error: implicit declaration of function 'request_irq'
sh_sir.c:762:23: error: 'sh_sir_irq' undeclared (first use in this function)
sh_sir.c:762:23: note: each undeclared identifier is reported only once for each function it appears in
sh_sir.c:762:35: error: 'IRQF_DISABLED' undeclared (first use in this function)
sh_sir.c:776:2: error: implicit declaration of function 'iounmap'
sh_sir.c: At top level:
sh_sir.c:436:13: warning: 'sh_sir_clear_all_err' defined but not used
sh_sir.c:474:12: warning: 'sh_sir_is_which_phase' defined but not used
sh_sir.c:490:13: warning: 'sh_sir_tx' defined but not used
sh_sir.c:540:13: warning: 'sh_sir_rx' defined but not used
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Signed-off-by: David S. Miller <davem@davemloft.net>
sh_irda.c: In function 'sh_irda_write':
sh_irda.c:174: error: implicit declaration of function 'iowrite16'
sh_irda.c: In function 'sh_irda_read':
sh_irda.c:184: error: implicit declaration of function 'ioread16'
sh_irda.c: At top level:
sh_irda.c:492: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'sh_irda_irq'
sh_irda.c: In function 'sh_irda_probe':
sh_irda.c:776: error: implicit declaration of function 'ioremap_nocache'
sh_irda.c:776: warning: assignment makes pointer from integer without a cast
sh_irda.c:811: error: implicit declaration of function 'request_irq'
sh_irda.c:811: error: 'sh_irda_irq' undeclared (first use in this function)
sh_irda.c:811: error: (Each undeclared identifier is reported only once
sh_irda.c:811: error: for each function it appears in.)
sh_irda.c:811: error: 'IRQF_DISABLED' undeclared (first use in this function)
sh_irda.c:825: error: implicit declaration of function 'iounmap'
Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> CC: Matvejchikov Ilya <matvejchikov@gmail.com> CC: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
Tim Chen [Tue, 9 Aug 2011 06:48:32 +0000 (06:48 +0000)]
scm: Capture the full credentials of the scm sender
This patch corrects an erroneous update of credential's gid with uid
introduced in commit 257b5358b32f17 since 2.6.36.
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Reviewed-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Mike Waychison [Thu, 11 Aug 2011 04:59:57 +0000 (21:59 -0700)]
tcp: initialize variable ecn_ok in syncookies path
Using a gcc 4.4.3, warnings are emitted for a possibly uninitialized use
of ecn_ok.
This can happen if cookie_check_timestamp() returns due to not having
seen a timestamp. Defaulting to ecn off seems like a reasonable thing
to do in this case, so initialized ecn_ok to false.
Signed-off-by: Mike Waychison <mikew@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Thu, 11 Aug 2011 00:37:17 +0000 (17:37 -0700)]
Merge branch 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm
* 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm:
ARM: drop experimental status for ARM_PATCH_PHYS_VIRT
ARM: 7008/1: alignment: Make SIGBUS sent to userspace POSIXly correct
ARM: 7007/1: alignment: Prevent ignoring of faults with ARMv6 unaligned access model
ARM: 7010/1: mm: fix invalid loop for poison_init_mem
ARM: 7005/1: freshen up mm/proc-arm946.S
dmaengine: PL08x: Fix trivial build error
ARM: Fix build error for SMP=n builds
Given that xfs_bwrite actually does the shutdown already after
waiting for the b_iodone completion and given that we actually
found that calling xfs_force_shutdown from inside
xfs_buf_iodone_callbacks was a major contributor the problem
it better to drop this call.
Signed-off-by: Ajeet Yadav <ajeet.yadav.77@gmail.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
Linus Torvalds [Wed, 10 Aug 2011 19:36:45 +0000 (12:36 -0700)]
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc: Really fix build without CONFIG_PCI
powerpc: Fix build without CONFIG_PCI
powerpc/4xx: Fix build of PCI code on 405
powerpc/pseries: Simplify vpa deregistration functions
powerpc/pseries: Cleanup VPA registration and deregistration errors
powerpc/pseries: Fix kexec on recent firmware versions
MAINTAINERS: change maintainership of mpc5xxx
powerpc: Make KVM_GUEST default to n
powerpc/kvm: Fix build errors with older toolchains
powerpc: Lack of ibm,io-events not that important!
powerpc: Move kdump default base address to half RMO size on 64bit
powerpc/perf: Disable pagefaults during callchain stack read
ppc: Remove duplicate definition of PV_POWER7
powerpc: pseries: Fix kexec on machines with more than 4TB of RAM
powerpc: Jump label misalignment causes oops at boot
powerpc: Clean up some panic messages in prom_init
powerpc: Fix device tree claim code
powerpc: Return the_cpu_ spec from identify_cpu
powerpc: mtspr/mtmsr should take an unsigned long
Chris Metcalf [Wed, 10 Aug 2011 17:56:28 +0000 (13:56 -0400)]
nfs: fix a couple of minor portability issues
Building on tilepro revealed two minor portability issues: the
blocklayout.c file used prefetchw() without #include <linux/prefetch.h>,
and the nfs4filelayout.c file used do_div() on an s64 not a u64.
This change fixes those two issues so the NFS code builds on tilepro.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
Chris Metcalf [Wed, 10 Aug 2011 17:53:02 +0000 (13:53 -0400)]
arch/tile: use #include <asm/atomic.h> in tilepro assembly files
The standard <linux/atomic.h> is not safe to include from assembly, and
in general there's no need for it to be, since it's not very meaningful
for assembly code.
Assembly support in tilepro for atomics does need to get some constants
from the tilepro <asm/atomic.h>, however, so fix those files back to
the way they were, to directly #include <asm/atomic.h>.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
x = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
when != if (...) { <+...kfree(x)...+> }
when any
when != true x == NULL
x->fl
...>
(
if (x == NULL) S1
|
if (...) { ... when != x
when forall
(
return \(0\|<+...x...+>\|ptr\);
|
* return ...;
)
}
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Borislav Petkov [Wed, 10 Aug 2011 12:43:30 +0000 (14:43 +0200)]
EDAC: Correct Kconfig dependencies
Both AMD and Intel i7 EDAC drivers use MCE features and are thus
dependent of this functionality present in the kernel. Express this in
Kconfig so that randconfig builds don't break.
Reported-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Borislav Petkov <borislav.petkov@amd.com> Acked-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Jiri Kosina [Wed, 10 Aug 2011 16:11:10 +0000 (18:11 +0200)]
HID: make CONFIG_LOGIWHEELS_FF default to CONFIG_LOGITECH_FF
Do this for backwards compatibility reasons (LOGIWHEELS_FF has
been split-off from LOGITECH_FF), so that users don't have
regressions with 'default' kernel configs.
Describes RSS, RPS, RFS, accelerated RFS, and XPS.
This version incorporates comments by Randy Dunlap and Rick Jones.
Besides text cleanup, it adds an explicit "Suggested Configuration"
heading to each section.
Signed-off-by: Willem de Bruijn <willemb@google.com> Acked-By: Rick Jones <rick.jones2@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Added USB device IDs for MacBookAir4,2 keyboard. Device constants were
copied from the MacBookAir3,2 constants. The 4,2 device specification is
reportedly unchanged from the 3,2 predecessor and seems to work well.
Signed-off-by: Joshua V Dillon <jvdillon@gmail.com> Signed-off-by: Chase Douglas <chase.douglas@canonical.com> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
projects / karo-tx-linux.git / log