Linus Torvalds [Tue, 20 Dec 2011 19:42:38 +0000 (11:42 -0800)]
Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
time/clocksource: Fix kernel-doc warnings
rtc: m41t80: Workaround broken alarm functionality
rtc: Expire alarms after the time is set.
Linus Torvalds [Tue, 20 Dec 2011 19:41:17 +0000 (11:41 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
oprofile: Fix uninitialized memory access when writing to writing to oprofilefs
Linus Torvalds [Tue, 20 Dec 2011 19:40:48 +0000 (11:40 -0800)]
Merge branch 'stable/for-linus-fixes-3.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
* 'stable/for-linus-fixes-3.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
Revert "xen/pv-on-hvm kexec: add xs_reset_watches to shutdown watches from old kernel"
Linus Torvalds [Tue, 20 Dec 2011 19:31:56 +0000 (11:31 -0800)]
Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
NFS: Fix a regression in nfs_file_llseek()
NFSv4: Do not accept delegated opens when a delegation recall is in effect
NFSv4: Ensure correct locking when accessing the 'lock_states' list
NFSv4.1: Ensure that we handle _all_ SEQUENCE status bits.
NFSv4: Don't error if we handled it in nfs4_recovery_handle_error
SUNRPC: Ensure we always bump the backlog queue in xprt_free_slot
SUNRPC: Fix the execution time statistics in the face of RPC restarts
Linus Torvalds [Tue, 20 Dec 2011 19:31:44 +0000 (11:31 -0800)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
vmwgfx: Clip cliprects against screen boundaries in present and dirty
vmwgfx: Resend the cursor after legacy modeset
vmwgfx: Do better culling of presents
vmwgfx: Refactor kms code to use vmw_user_lookup_handle helper
vmwgfx: Add helper function to get surface or dmabuf
vmwgfx: Refactor cursor update
vmwgfx: Remove dmabuf check in present ioctl
vmwgfx: Use the revised fifo hw version register when present
Before waiting (predefined value 120s), check that at least one device
was successfully brought up. Otherwise (e.g. buggy bootloader
which does not set the MAC address) there is no point in waiting
for carrier.
Cc: Micha Nelissen <micha@neli.hopto.org> Cc: Holger Brunck <holger.brunck@keymile.com> Signed-off-by: Gerlando Falauto <gerlando.falauto@keymile.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Olof Johansson [Tue, 20 Dec 2011 17:27:39 +0000 (09:27 -0800)]
arm/tegra: remove __initdata annotation from pinmux tables
Instead of reshuffling what functions in the pinmux paths should be
__init and thus could keep references to __initdata, let's just remove
the annotations for now -- the tables are moving to device tree in the
next version anyway and the whole subsystem is being wired up. We will
go back and re-annotate where appropriate once things settle down.
Signed-off-by: Olof Johansson <olof@lixom.net> Acked-by: Stephen Warren <swarren@nvidia.com>
Thomas Graf [Mon, 19 Dec 2011 04:11:40 +0000 (04:11 +0000)]
sctp: Do not account for sizeof(struct sk_buff) in estimated rwnd
When checking whether a DATA chunk fits into the estimated rwnd a
full sizeof(struct sk_buff) is added to the needed chunk size. This
quickly exhausts the available rwnd space and leads to packets being
sent which are much below the PMTU limit. This can lead to much worse
performance.
The reason for this behaviour was to avoid putting too much memory
pressure on the receiver. The concept is not completely irational
because a Linux receiver does in fact clone an skb for each DATA chunk
delivered. However, Linux also reserves half the available socket
buffer space for data structures therefore usage of it is already
accounted for.
When proposing to change this the last time it was noted that this
behaviour was introduced to solve a performance issue caused by rwnd
overusage in combination with small DATA chunks.
Trying to reproduce this I found that with the sk_buff overhead removed,
the performance would improve significantly unless socket buffer limits
are increased.
The following numbers have been gathered using a patched iperf
supporting SCTP over a live 1 Gbit ethernet network. The -l option
was used to limit DATA chunk sizes. The numbers listed are based on
the average of 3 test runs each. Default values have been used for
sk_(r|w)mem.
binary_sysctl() calls sysctl_getname() which allocates from names_cache
slab usin __getname()
The matching function to free the name is __putname(), and not putname()
which should be used only to match getname() allocations.
This is because when auditing is enabled, putname() calls audit_putname
*instead* (not in addition) to __putname(). Then, if a syscall is in
progress, audit_putname does not release the name - instead, it expects
the name to get released when the syscall completes, but that will happen
only if audit_getname() was called previously, i.e. if the name was
allocated with getname() rather than the naked __getname(). So,
__getname() followed by putname() ends up leaking memory.
Signed-off-by: Michel Lespinasse <walken@google.com> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Cc: Christoph Hellwig <hch@infradead.org> Cc: Eric Paris <eparis@redhat.com> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
where the oom score computation was divided into several steps and it's no
longer computed as one expression in unsigned long(rss, swapents, nr_pte
are unsigned long), where the result value assigned to points(int) is in
range(1..1000). So there could be an int overflow while computing
176 points *= 1000;
and points may have negative value. Meaning the oom score for a mem hog task
will be one.
196 if (points <= 0)
197 return 1;
For example:
[ 3366] 0 3366 3539048024303939 5 0 0 oom01
Out of memory: Kill process 3366 (oom01) score 1 or sacrifice child
Here the oom1 process consumes more than 24303939(rss)*4096~=92GB physical
memory, but it's oom score is one.
In this situation the mem hog task is skipped and oom killer kills another and
most probably innocent task with oom score greater than one.
The points variable should be of type long instead of int to prevent the
int overflow.
Haogang Chen [Tue, 20 Dec 2011 01:11:56 +0000 (17:11 -0800)]
nilfs2: potential integer overflow in nilfs_ioctl_clean_segments()
There is a potential integer overflow in nilfs_ioctl_clean_segments().
When a large argv[n].v_nmembs is passed from the userspace, the subsequent
call to vmalloc() will allocate a buffer smaller than expected, which
leads to out-of-bound access in nilfs_ioctl_move_blocks() and
lfs_clean_segments().
The following check does not prevent the overflow because nsegs is also
controlled by the userspace and could be very large.
if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment)
goto out_free;
This patch clamps argv[n].v_nmembs to UINT_MAX / argv[n].v_size, and
returns -EINVAL when overflow.
David Rientjes [Tue, 20 Dec 2011 01:11:52 +0000 (17:11 -0800)]
cpusets: stall when updating mems_allowed for mempolicy or disjoint nodemask
Kernels where MAX_NUMNODES > BITS_PER_LONG may temporarily see an empty
nodemask in a tsk's mempolicy if its previous nodemask is remapped onto a
new set of allowed cpuset nodes where the two nodemasks, as a result of
the remap, are now disjoint.
c0ff7453bb5c ("cpuset,mm: fix no node to alloc memory when changing
cpuset's mems") adds get_mems_allowed() to prevent the set of allowed
nodes from changing for a thread. This causes any update to a set of
allowed nodes to stall until put_mems_allowed() is called.
This stall is unncessary, however, if at least one node remains unchanged
in the update to the set of allowed nodes. This was addressed by 89e8a244b97e ("cpusets: avoid looping when storing to mems_allowed if one
node remains set"), but it's still possible that an empty nodemask may be
read from a mempolicy because the old nodemask may be remapped to the new
nodemask during rebind. To prevent this, only avoid the stall if there is
no mempolicy for the thread being changed.
This is a temporary solution until all reads from mempolicy nodemasks can
be guaranteed to not be empty without the get_mems_allowed()
synchronization.
Also moves the check for nodemask intersection inside task_lock() so that
tsk->mems_allowed cannot change. This ensures that nothing can set this
tsk's mems_allowed out from under us and also protects tsk->mempolicy.
Reported-by: Miao Xie <miaox@cn.fujitsu.com> Signed-off-by: David Rientjes <rientjes@google.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Paul Menage <paul@paulmenage.org> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Olof Johansson [Tue, 20 Dec 2011 05:09:48 +0000 (21:09 -0800)]
Merge branch 'omap/uart' into next/pm
* omap/uart: (32 commits)
ARM: omap: pass minimal SoC/board data for UART from dt
arm/dts: Add minimal device tree support for omap2420 and omap2430
omap-serial: Add minimal device tree support
omap-serial: Use default clock speed (48Mhz) if not specified
omap-serial: Get rid of all pdev->id usage
ARM: OMAP2+: UART: Fix compilation/sparse warnings
ARM: OMAP2+: UART: Remove omap_uart_can_sleep and add pm_qos
ARM: OMAP2+: UART: Do not gate uart clocks if used for debug_prints
ARM: OMAP2+: UART: Avoid uart idling on suspend for no_console_suspend usecase
ARM: OMAP2+: UART: Avoid console uart idling during bootup
ARM: OMAP2+: UART: remove temporary variable used to count uart instance
ARM: OMAP2+: UART: Make the RX_TIMEOUT for DMA configurable for each UART
ARM: OMAP2+: UART: Allow UART parameters to be configured from board file.
ARM: OMAP2+: UART: Remove old and unused clocks handling funcs
ARM: OMAP2+: UART: Add wakeup mechanism for omap-uarts
ARM: OMAP2+: UART: Move errata handling from serial.c to omap-serial
ARM: OMAP2+: UART: Get context loss count to context restore
ARM: OMAP2+: UART: Remove uart reset function.
ARM: OMAP2+: UART: Ensure all reg values configured are available from port structure
ARM: OMAP2+: UART: Remove context_save and move context restore to driver
...
Olof Johansson [Tue, 20 Dec 2011 05:04:42 +0000 (21:04 -0800)]
Merge branch 'omap/prcm' into next/pm
* omap/prcm:
ARM: OMAP2+: hwmod: Add a new flag to handle hwmods left enabled at init
ARM: OMAP4: PRM: use PRCM interrupt handler
ARM: OMAP3: pm: use prcm chain handler
ARM: OMAP: hwmod: add support for selecting mpu_irq for each wakeup pad
ARM: OMAP2+: mux: add support for PAD wakeup interrupts
ARM: OMAP: PRCM: add suspend prepare / finish support
ARM: OMAP: PRCM: add support for chain interrupt handler
ARM: OMAP3/4: PRM: add functions to read pending IRQs, PRM barrier
ARM: OMAP2+: hwmod: Add API to enable IO ring wakeup
ARM: OMAP2+: mux: add wakeup-capable hwmod mux entries to dynamic list
Holger Brunck [Mon, 19 Dec 2011 16:49:48 +0000 (17:49 +0100)]
ARM: plat-orion: make gpiochip label unique
The former implementation adds a fix gpiochip label string
to the framework. This is confusing because orion_gpio_init
is called more than once and this ends up in different gpiochips
with the same label.
This patch adds the already present orion_gpio_chip_count to the
label string to make it unique in the system.
Signed-off-by: Holger Brunck <holger.brunck@keymile.com> Cc: Lennert Buytenhek <kernel@wantstofly.org> Acked-by: Nicolas Pitre <nico@linaro.org> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Mon, 19 Dec 2011 19:24:04 +0000 (12:24 -0700)]
arm/tegra: Make MACH_TEGRA_DT depend on ARCH_TEGRA_2x_SOC
Now that Tegra20 and Tegra30 device tree board files are separate,
MACH_TEGRA_DT (which enables the Tegra20 device tree board file) should
depend on Tegra20 support being enabled.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Mon, 19 Dec 2011 19:24:03 +0000 (12:24 -0700)]
arm/tegra: Delete tegra_init_clock()
tegra_init_clock() is written to call tegra2_init_clocks(), which only
exists if Tegra20 support is enabled. This breaks the build of a
Tegra30-only kernel.
tegra_init_clock() isn't actually used any more; tegra20_init_early()
calls tegra2_init_clocks() directly. So, just delete this function.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Fri, 16 Dec 2011 22:12:32 +0000 (15:12 -0700)]
arm/tegra: Use bus notifiers to trigger pinmux setup
Currently, the Tegra pinmux is initialized at different times when booting
with and without device tree:
Without device tree:
1) Pinmux and GPIO drivers are registered.
2) Pinmux is configured.
3) All other drivers are registered.
With device tree:
1) All drivers are registered and probed, including pinmux and GPIO.
2) Pinmux is configured.
This change modifies board-pinmux.c to detect pinmux and GPIO driver
registration using bus notifiers. This allows pinmux configuration to
happen immediately after the pinmux driver is probed, irrespective of
whether the pinmux driver is manually registered by board-pinmux.c, or
if it's instantiated during device tree parsing.
To support this with device tree, the pinmux init functions must be
called prior to instantiating devices from device tree, so that the
notifiers are set up before-hand.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Fri, 16 Dec 2011 22:12:31 +0000 (15:12 -0700)]
arm/tegra: Refactor board-*-pinmux.c to share code
This moves the implementation of *_pinmux_init() into a single location.
The board-specific pinmux data is left in each board's own file. This
will allow future changes that set up the pinmux in a more complex
fashion to do so without duplicating that code in each board's pinmux
file.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Fri, 16 Dec 2011 22:12:30 +0000 (15:12 -0700)]
arm/tegra: Fix mistake in Trimslice's pinmux
Pin group PTA does not support function RSVD3. However, the current
pinmux driver doesn't check this when setting RSVD functions, and ends
up writing 3 to the HW register. 3 is actually represented by function
GMI, so update the pinmux table to request that instead in order to
obtain the same register programming without requesting invalid
configurations.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Rather than modifying seaboard_pinmux[] using ventana_pinmux[], split
seaboard_pinmux[] into common_pinmux[] and seaboard_pinmux[], and then
actually apply common_pinmux[] always, followed by the appopriate one
of seaboard_pinmux[] or ventana_pinmux[].
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Fri, 16 Dec 2011 22:12:26 +0000 (15:12 -0700)]
arm/tegra: Harmony PCIe: Don't touch pinmux
The Harmony pinmux table is already set up to mux the PCIe signals onto
the appropriate pin groups. Don't manually fiddle with the pinmux in the
Harmony PCIe setup code.
Merge note: This will have a merge conflict with Peter De Schrijver's
"arm/tegra: prepare pinmux code for multiple tegra variants" due to
context. When merging the two, make sure to also remove the include
of <mach/pinmux-tegra20.h> that his patch added, since it's no longer
needed after this patch.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Fri, 16 Dec 2011 22:12:25 +0000 (15:12 -0700)]
arm/tegra: Add AUXDATA for tegra-pinmux and tegra-gpio
The pinctrl device name is included in the pinctrl map table, and used
as a parameter to pin_config_*() functions. Hence, it must be the same
for non-DT and DT kernels. Add AUXDATA to cause this.
The GPIO device name will be used by the pinmux/GPIO initialization code
in a later patch, and needs to stay constant.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Fri, 16 Dec 2011 22:12:24 +0000 (15:12 -0700)]
arm/tegra: Split Seaboard GPIO table to allow for Ventana
Seaboard and Ventana share some GPIOs, but others are different. Split the
GPIO table into common, seaboard-specific, and ventana-specific tables, so
that only the correct ones are enabled for each board. Add a few missing
audio-related GPIOs for Ventana.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Stephen Warren [Sun, 18 Dec 2011 06:29:30 +0000 (23:29 -0700)]
i2c: tegra: Support DVC controller in device tree
One of the Tegra I2C blocks is inside the DVC (Digital Voltage Controller)
block. This block is identical to the rest of the I2C blocks, except that
it only supports master mode, it has registers moved around, and it needs
some extra init to get it into I2C mode. The register moves are handled
by i2c_readl and i2c_writel
This patch adds a new compatible value for controllers of this "DVC"
type; I figured that this approach was reasonable, as opposed to adding
an is-dvc property under the existing compatible value, since the HW
truly is different.
v2: Call of_device_is_compatible() to determine is_dvc, instead of storing
the flag in tegra_i2c_of_match[]'s .data field.
Signed-off-by: Stephen Warren <swarren@nvidia.com> Signed-off-by: Olof Johansson <olof@lixom.net>
Linus Torvalds [Mon, 19 Dec 2011 23:13:53 +0000 (15:13 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/qib: Correct sense on freectxts increment and decrement
RDMA/cma: Verify private data length
IB/mlx4: Fix shutdown crash accessing a non-existent bitmap
Linus Torvalds [Mon, 19 Dec 2011 23:11:12 +0000 (15:11 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: synaptics - fix touchpad not working after S2R on Vostro V13
Input: cma3000_d0x - fix signedness bug in cma3000_thread_irq()
Input: wacom - add product id used by Samsung Slate 7
Aurelien Jacobs [Fri, 16 Dec 2011 10:49:22 +0000 (10:49 +0000)]
asix: new device id
Adds the device id needed for the USB Ethernet Adapter delivered by
ASUS with their Zenbook.
Signed-off-by: Aurelien Jacobs <aurel@gnuage.org> Acked-by: Grant Grundler <grundler@chromium.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Xi Wang [Fri, 16 Dec 2011 12:44:15 +0000 (12:44 +0000)]
sctp: fix incorrect overflow check on autoclose
Commit 8ffd3208 voids the previous patches f6778aab and 810c0719 for
limiting the autoclose value. If userspace passes in -1 on 32-bit
platform, the overflow check didn't work and autoclose would be set
to 0xffffffff.
This patch defines a max_autoclose (in seconds) for limiting the value
and exposes it through sysctl, with the following intentions.
1) Avoid overflowing autoclose * HZ.
2) Keep the default autoclose bound consistent across 32- and 64-bit
platforms (INT_MAX / HZ in this patch).
3) Keep the autoclose value consistent between setsockopt() and
getsockopt() calls.
Suggested-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: Xi Wang <xi.wang@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Clemens Ladisch [Mon, 19 Dec 2011 21:07:58 +0000 (22:07 +0100)]
x86, dumpstack: Fix code bytes breakage due to missing KERN_CONT
When printing the code bytes in show_registers(), the markers around the
byte at the fault address could make the printk() format string look
like a valid log level and facility code. This would prevent this byte
from being printed and result in a spurious newline:
françois romieu [Thu, 15 Dec 2011 08:37:43 +0000 (08:37 +0000)]
r8169: fix Config2 MSIEnable bit setting.
The MSIEnable bit is only available for the 8169.
Avoid Config2 writes for the post-8169 8168 and 810x.
Reported-by: Su Kang Yin <cantona@cantona.net> Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> Cc: Hayes Wang <hayeswang@realtek.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Alex Juncu [Thu, 15 Dec 2011 23:01:25 +0000 (23:01 +0000)]
llc: llc_cmsg_rcv was getting called after sk_eat_skb.
Received non stream protocol packets were calling llc_cmsg_rcv that used a
skb after that skb was released by sk_eat_skb. This caused received STP
packets to generate kernel panics.
Signed-off-by: Alexandru Juncu <ajuncu@ixiacom.com> Signed-off-by: Kunjan Naik <knaik@ixiacom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Markus Kötter [Sat, 17 Dec 2011 11:39:08 +0000 (11:39 +0000)]
net: bpf_jit: fix an off-one bug in x86_64 cond jump target
x86 jump instruction size is 2 or 5 bytes (near/long jump), not 2 or 6
bytes.
In case a conditional jump is followed by a long jump, conditional jump
target is one byte past the start of target instruction.
Signed-off-by: Markus Kötter <nepenthesdev@gmail.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Since we configure all the queues as CHAINABLE, we need to update the
byte count for all the queues, not only the AGGREGATABLE ones.
Not doing so can confuse the SCD and make the fw assert.
Cc: stable@vger.kernel.org Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Wey-Yi Guy <wey-yi.w.guy@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Sean Hefty [Tue, 6 Dec 2011 21:17:11 +0000 (21:17 +0000)]
RDMA/cma: Verify private data length
private_data_len is defined as a u8. If the user specifies a large
private_data size (> 220 bytes), we will calculate a total length that
exceeds 255, resulting in private_data_len wrapping back to 0. This
can lead to overwriting random kernel memory. Avoid this by verifying
that the resulting size fits into a u8.
Reported-by: B. Thery <benjamin.thery@bull.net>
Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335> Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <roland@purestorage.com>
cgroups: fix a css_set not found bug in cgroup_attach_proc
There is a BUG when migrating a PF_EXITING proc. Since css_set_prefetch()
is not called for the PF_EXITING case, find_existing_css_set() will return
NULL inside cgroup_task_migrate() causing a BUG.
This bug is easy to reproduce. Create a zombie and echo its pid to
cgroup.procs.
$ cat zombie.c
\#include <unistd.h>
int main()
{
if (fork())
pause();
return 0;
}
$
We are hitting this bug pretty regularly on ChromeOS.
This bug is already fixed by Tejun Heo's cgroup patchset which is
targetted for the next merge window:
https://lkml.org/lkml/2011/11/1/356
I've create a smaller patch here which just fixes this bug so that a
fix can be merged into the current release and stable.
Robert Richter [Mon, 19 Dec 2011 15:38:30 +0000 (16:38 +0100)]
oprofile: Fix uninitialized memory access when writing to writing to oprofilefs
If oprofilefs_ulong_from_user() is called with count equals
zero, *val remains unchanged. Depending on the implementation it
might be uninitialized.
Change oprofilefs_ulong_from_user()'s interface to return count
on success. Thus, we are able to return early if count equals
zero which avoids using *val uninitialized. Fixing all users of
oprofilefs_ulong_ from_user().
This follows write syscall implementation when count is zero:
"If count is zero ... [and if] no errors are detected, 0 will be
returned without causing any other effect." (man 2 write)
Reported-By: Mike Waychison <mikew@google.com> Signed-off-by: Robert Richter <robert.richter@amd.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: <stable@vger.kernel.org> Cc: oprofile-list <oprofile-list@lists.sourceforge.net> Link: http://lkml.kernel.org/r/20111219153830.GH16765@erda.amd.com Signed-off-by: Ingo Molnar <mingo@elte.hu>
Revert "xen/pv-on-hvm kexec: add xs_reset_watches to shutdown watches from old kernel"
This reverts commit ddacf5ef684a655abe2bb50c4b2a5b72ae0d5e05.
As when booting the kernel under Amazon EC2 as an HVM guest it ends up
hanging during startup. Reverting this we loose the fix for kexec
booting to the crash kernels.
vmwgfx: Clip cliprects against screen boundaries in present and dirty
Signed-off-by: Jakob Bornecrantz <jakob@vmware.com> Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Jakob Bornecrantz <jakob@vmware.com> Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Jakob Bornecrantz <jakob@vmware.com> Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com>
vmwgfx: Refactor kms code to use vmw_user_lookup_handle helper
Signed-off-by: Jakob Bornecrantz <jakob@vmware.com> Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com> Signed-off-by: Dave Airlie <airlied@redhat.com>