24 Nov, 2011
3 commits
-
From mhalcrow's original commit message:
Characters with ASCII values greater than the size of
filename_rev_map[] are valid filename characters.
ecryptfs_decode_from_filename() will access kernel memory beyond
that array, and ecryptfs_parse_tag_70_packet() will then decrypt
those characters. The attacker, using the FNEK of the crafted file,
can then re-encrypt the characters to reveal the kernel memory past
the end of the filename_rev_map[] array. I expect low security
impact since this array is statically allocated in the text area,
and the amount of memory past the array that is accessible is
limited by the largest possible ASCII filename character.This patch solves the issue reported by mhalcrow but with an
implementation suggested by Linus to simply extend the length of
filename_rev_map[] to 256. Characters greater than 0x7A are mapped to
0x00, which is how invalid characters less than 0x7A were previously
being handled.Signed-off-by: Tyler Hicks
Reported-by: Michael Halcrow
Cc: stable@kernel.org -
Dirty pages weren't being written back when an mmap'ed eCryptfs file was
closed before the mapping was unmapped. Since f_ops->flush() is not
called by the munmap() path, the lower file was simply being released.
This patch flushes the eCryptfs file in the vm_ops->close() path.https://launchpad.net/bugs/870326
Signed-off-by: Tyler Hicks
Cc: stable@kernel.org [2.6.39+] -
The file creation path prematurely called d_instantiate() and
unlock_new_inode() before the eCryptfs inode info was fully
allocated and initialized and before the eCryptfs metadata was written
to the lower file.This could result in race conditions in subsequent file and inode
operations leading to unexpected error conditions or a null pointer
dereference while attempting to use the unallocated memory.https://launchpad.net/bugs/813146
Signed-off-by: Tyler Hicks
Cc: stable@kernel.org
21 Nov, 2011
4 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (86 commits)
ipv4: fix redirect handling
ping: dont increment ICMP_MIB_INERRORS
sky2: fix hang in napi_disable
sky2: enforce minimum ring size
bonding: Don't allow mode change via sysfs with slaves present
f_phonet: fix page offset of first received fragment
stmmac: fix pm functions avoiding sleep on spinlock
stmmac: remove spin_lock in stmmac_ioctl.
stmmac: parameters auto-tuning through HW cap reg
stmmac: fix advertising 1000Base capabilties for non GMII iface
stmmac: use mdelay on timeout of sw reset
sky2: version 1.30
sky2: used fixed RSS key
sky2: reduce default Tx ring size
sky2: rename up/down functions
sky2: pci posting issues
sky2: fix hang on shutdown (and other irq issues)
r6040: fix check against MCRO_HASHEN bit in r6040_multicast_list
MAINTAINERS: change email address for shemminger
pch_gbe: Move #include of module.h
... -
* 'kvm-updates/3.2' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM guest: prevent tracing recursion with kvmclock
Revert "KVM: PPC: Add support for explicit HIOR setting"
KVM: VMX: Check for automatic switch msr table overflow
KVM: VMX: Add support for guest/host-only profiling
KVM: VMX: add support for switching of PERF_GLOBAL_CTRL
KVM: s390: announce SYNC_MMU
KVM: s390: Fix tprot locking
KVM: s390: handle SIGP sense running intercepts
KVM: s390: Fix RUNNING flag misinterpretation -
* 'fixes' of http://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm:
ARM: wire up process_vm_writev and process_vm_readv syscalls
ARM: 7160/1: setup: avoid overflowing {elf,arch}_name from proc_info_list
ARM: 7158/1: add new MFP implement for NUC900
ARM: 7157/1: fix a building WARNING for nuc900
ARM: 7156/1: l2x0: fix compile error on !CONFIG_USE_OF
ARM: 7155/1: arch.h: Declare 'pt_regs' locally
ARM: 7154/1: mach-bcmring: fix build error in dma.c
ARM: 7153/1: mach-bcmring: fix build error in core.c
ARM: 7152/1: distclean: Remove generated .dtb files
ARM: 7150/1: Allow kernel unaligned accesses on ARMv6+ processors
ARM: 7149/1: spi/pl022: Enable clock in probe
Revert "ARM: 7098/1: kdump: copy kernel relocation code at the kexec prepare stage" -
* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
PM / Suspend: Fix bug in suspend statistics update
PM / Hibernate: Fix the early termination of test modes
PM / shmobile: Fix build of sh7372_pm_init() for CONFIG_PM unset
PM Sleep: Do not extend wakeup paths to devices with ignore_children set
PM / driver core: disable device's runtime PM during shutdown
PM / devfreq: correct Kconfig dependency
PM / devfreq: fix use after free in devfreq_remove_device
PM / shmobile: Avoid restoring the INTCS state during initialization
PM / devfreq: Remove compiler error after irq.h update
PM / QoS: Properly use the WARN() macro in dev_pm_qos_add_request()
PM / Clocks: Only disable enabled clocks in pm_clk_suspend()
ARM: mach-shmobile: sh7372 A3SP no_suspend_console fix
PM / shmobile: Don't skip debugging output in pd_power_up()
20 Nov, 2011
2 commits
-
Prevent tracing of preempt_disable() in get_cpu_var() in
kvm_clock_read(). When CONFIG_DEBUG_PREEMPT is enabled,
preempt_disable/enable() are traced and this causes the function_graph
tracer to go into an infinite recursion. By open coding the
preempt_disable() around the get_cpu_var(), we can use the notrace
version which prevents preempt_disable/enable() from being traced and
prevents the recursion.Based on a similar patch for Xen from Jeremy Fitzhardinge.
Tested-by: Gleb Natapov
Acked-by: Steven Rostedt
Signed-off-by: Avi Kivity -
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging:
hwmon: (exynos4_tmu) Fix Kconfig dependency[ Merging code in-flight, just because I can. What timezone should I
use? - Linus ]
19 Nov, 2011
14 commits
-
After commit 2a77c46de1e3dace73745015635ebbc648eca69c
(PM / Suspend: Add statistics debugfs file for suspend to RAM)
a missing pair of braces inside the state_store() function causes even
invalid arguments to suspend to be wrongly treated as failed suspend
attempts. Fix this.[rjw: Put the hash/subject of the buggy commit into the changelog.]
Signed-off-by: Srivatsa S. Bhat
Signed-off-by: Rafael J. Wysocki -
No longer at Citrix, still interested in Xen.
Signed-off-by: Jeremy Fitzhardinge
Cc: Jeremy Fitzhardinge
Signed-off-by: Linus Torvalds -
Dummy, non-zero definitions for HPAGE_MASK and HPAGE_SIZE were added in
51c6f666fceb ("mm: ZAP_BLOCK causes redundant work") to avoid a divide
by zero in generic kernel code.That code has since been removed, but probably should never have been
added in the first place: we don't want HPAGE_SIZE to act like PAGE_SIZE
for code that is working with hugepages, for example, when the
dependency on CONFIG_HUGETLB_PAGE has not been fulfilled.Because hugepage size can differ from architecture to architecture, each
is required to have their own definitions for both HPAGE_MASK and
HPAGE_SIZE. This is always done in arch/*/include/asm/page.h.So, just remove the dummy and dangerous definitions since they are no
longer needed and reveals the correct dependencies. Tested on
architectures using the definitions with allyesconfig: x86 (even with
thp), hppa, mips, powerpc, s390, sh3, sh4, sparc, and sparc64, and with
defconfig on ia64.Signed-off-by: David Rientjes
Signed-off-by: Linus Torvalds -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
new helper: mount_subtree()
switch create_mnt_ns() to saner calling conventions, fix double mntput() in nfs
btrfs: fix double mntput() in mount_subvol() -
* 'for-linus' of git://oss.sgi.com/xfs/xfs:
MAINTAINERS: update XFS maintainer entry
xfs: use doalloc flag in xfs_qm_dqattach_one() -
* 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroup: Replace Paul Menage with Tejun Heo as cgroups maintainer -
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
random: Fix handing of arch_get_random_long in get_random_bytes()
x86: Call stop_machine_text_poke() on all CPUs
x86, ioapic: Only print ioapic debug information for IRQs belonging to an ioapic chip
x86/mrst: Avoid reporting wrong nmi status
x86/mrst: Add support for Penwell clock calibration
x86/apic: Allow use of lapic timer early calibration result
x86/apic: Do not clear nr_irqs_gsi if no legacy irqs
x86/platform: Add a wallclock_init func to x86_platforms ops
x86/mce: Make mce_chrdev_ops 'static const' -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide:
cy82c693: fix PCI device selection
icside: DMA support fix
IDE: Don't powerdown Compaq Triflex IDE device on suspend
piix: ICH7 MWDMA1 errata -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc64: Patch sun4v code sequences properly on module load.
sparc: Kill custom io_remap_pfn_range().
sparc: Stash orig_i0 into %g6 instead of %g2
sparc: Fix handling of orig_i0 wrt. debugging when restarting syscalls.
sparc: sigutil: Include -
As is probably painfully obvious, I don't have time to be a cgroups
maintainer. Rather than have me continue to hope that I'll magically
find more spare time, instead Tejun has kindly agreed to take over the
role, along with Li Zefan.-tj: added cgroup tree URL to MAINTAINERS file
Signed-off-by: Paul Menage
Acked-by: Li Zefan
Signed-off-by: Tejun Heo
LKML-Reference: -
Commit 2aede851ddf08666f68ffc17be446420e9d2a056
(PM / Hibernate: Freeze kernel threads after preallocating memory)
postponed the freezing of kernel threads to after preallocating memory
for hibernation. But while doing that, the hibernation test TEST_FREEZER
and the test mode HIBERNATION_TESTPROC were not moved accordingly.As a result, when using these test modes, it only goes upto the freezing of
userspace and exits, when in fact it should go till the complete end of task
freezing stage, namely the freezing of kernel threads as well.So, move these points of exit to appropriate places so that freezing of
kernel threads is also tested while using these test harnesses.Signed-off-by: Srivatsa S. Bhat
Signed-off-by: Rafael J. Wysocki -
commit f39925dbde77 (ipv4: Cache learned redirect information in
inetpeer.) introduced a regression in ICMP redirect handling.It assumed ipv4_dst_check() would be called because all possible routes
were attached to the inetpeer we modify in ip_rt_redirect(), but thats
not true.commit 7cc9150ebe (route: fix ICMP redirect validation) tried to fix
this but solution was not complete. (It fixed only one route)So we must lookup existing routes (including different TOS values) and
call check_peer_redir() on them.Reported-by: Ivan Zahariev
Signed-off-by: Eric Dumazet
CC: Flavio Leitner
Signed-off-by: David S. Miller -
I will no longer be maintaining XFS for SGI. Ben Myers
(bpm@sgi.com) has agreed to be the primary maintainer
for XFS in my place. I will continue to be able to push
commits to the SGI XFS tree if required. As such I will
continue to be a designated XFS maintainer, but plan to
serve in more of a backup role.Signed-off-by: Alex Elder
Signed-off-by: Ben Myers -
ping module incorrectly increments ICMP_MIB_INERRORS if feeded with a
frame not belonging to its own sockets.RFC 2011 states that ICMP_MIB_INERRORS should count "the number of ICMP
messages which the entiry received but determined as having
ICMP-specific errors (bad ICMP checksums, bad length, etc.)."Signed-off-by: Eric Dumazet
CC: Vasiliy Kulikov
Acked-by: Flavio Leitner
Acked-by: Vasiliy Kulikov
Signed-off-by: David S. Miller
18 Nov, 2011
17 commits
-
…kernel/git/konrad/xen
* 'stable/for-linus-fixes-3.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen-gntalloc: signedness bug in add_grefs()
xen-gntalloc: integer overflow in gntalloc_ioctl_alloc()
xen-gntdev: integer overflow in gntdev_alloc_map()
xen:pvhvm: enable PVHVM VCPU placement when using more than 32 CPUs.
xen/balloon: Avoid OOM when requesting highmem
xen: Remove hanging references to CONFIG_XEN_PLATFORM_PCI
xen: map foreign pages for shared rings by updating the PTEs directly -
* 'for-linus' of git://git.kernel.dk/linux-block:
block: add missed trace_block_plug
paride: fix potential information leak in pg_read()
bio: change some signed vars to unsigned
block: avoid unnecessary plug list flush
cciss: auto engage SCSI mid layer at driver load time
loop: cleanup set_status interface
include/linux/bio.h: use a static inline function for bio_integrity_clone()
loop: prevent information leak after failed read
block: Always check length of all iov entries in blk_rq_map_user_iov()
The Windows driver .inf disables ASPM on all cciss devices. Do the same.
backing-dev: ensure wakeup_timer is deleted
block: Revert "[SCSI] genhd: add a new attribute "alias" in gendisk" -
* 'unicore32' of git://github.com/gxt/linux:
unicore32, exec: remove redundant set_fs(USER_DS)
unicore32: Fix typo 'PUV3_I2C'
unicore32: drop unused Kconfig symbols
rtc: rtc-puv3: Add __devinit and __devexit markers for probe and remove
arch/unicore32: do not use EXTRA_AFLAGS or EXTRA_CFLAGS
unicore32: fix build error for find bitops -
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/signal32: Fix sigset_t conversion when copying to user
powerpc: Fix atomic_xxx_return barrier semantics
powerpc: Remove buggy 9-year-old test for binutils < 2.12.1
powerpc/book3e-64: Fix debug support for userspace
powerpc: Remove extraneous CONFIG_PPC_ADV_DEBUG_REGS define
powerpc: Revert show_regs() define for readability
powerpc/ps3: Fix SMP lockdep boot warning
powerpc/ps3: Fix lost SMP IPIs
powerpc: Add hvcall.h include to book3s_hv.c
powerpc/trace: Add a dummy stack frame for trace_hardirqs_off
powerpc: Copy down exception vectors after feature fixups
powerpc: panic if we can't instantiate RTAS
powerpc/4xx: Fix typos in kexec config dependencies
powerpc/fsl: MCU_MPC8349EMITX wants I2C built-in, modular won't do...
powerpc/fsl_udc_core: Fix dumb typo
carma-fpga: Missed switch from of_register_platform_driver()
powerpc: Fix build breakage in jump_label.c -
* 'for-linus' of git://git.selinuxproject.org/~jmorris/linux-security:
encrypted-keys: module build fixes
encrypted-keys: fix error return code
Smack: smackfs cipso seq read repair -
Some of the sun4v code patching occurs in inline functions visible
to, and usable by, modules.Therefore we have to patch them up during module load.
Signed-off-by: David S. Miller
-
If IRQ was never initialized, then calling napi_disable() would hang.
Add more bookkeeping to track whether IRQ was ever initialized.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
The hardware has a restriction that the minimum ring size possible
is 128. The number of elements used is controlled by tx_pending and
the overall number of elements in the ring tx_ring_size, therefore it
is okay to limit the number of elements in use to a small value (63)
but still provide a bigger ring.Signed-off-by: Stephen Hemminger
Signed-off-by: David S. Miller -
To handle the large physical addresses, just make a simple wrapper
around remap_pfn_range() like MIPS does.Signed-off-by: David S. Miller
-
When changing mode via bonding's sysfs, the slaves are not initialized
correctly. Forbid to change modes with slaves present to ensure that every
slave is initialized correctly via bond_enslave().Signed-off-by: Veaceslav Falico
Signed-off-by: Andy Gospodarek
Acked-by: Nicolas de Pesloüan
Signed-off-by: David S. Miller -
…git/zohar/linux-integrity into for-linus
-
We pull one byte (the MAC header) from the first fragment before the
fragment is actually appended. So the socket buffer length is 1, not 0.Signed-off-by: Rémi Denis-Courmont
Signed-off-by: David S. Miller -
Fix build regression introduced by commit 056879d2f244001b2888cdc8cf
(ARM: mach-shmobile: sh7372 A3SP no_suspend_console fix) by moving
the intialization of the A3SP domain to a separate function and
providing an empty definition of it for CONFIG_PM unset.Reported-and-tested-by: Guennadi Liakhovetski
Signed-off-by: Rafael J. Wysocki -
Commit 4ca46ff3e0d8c234cb40ebb6457653b59584426c (PM / Sleep: Mark
devices involved in wakeup signaling during suspend) introduced
the power.wakeup_path field in struct dev_pm_info to mark devices
whose children are enabled to wake up the system from sleep states,
so that power domains containing the parents that provide their
children with wakeup power and/or relay their wakeup signals are not
turned off. Unfortunately, that introduced a PM regression on SH7372
whose power consumption in the system "memory sleep" state increased
as a result of it, because it prevented the power domain containing
the I2C controller from being turned off when some children of that
controller were enabled to wake up the system, although the
controller was not necessary for them to signal wakeup.To fix this issue use the observation that devices whose
power.ignore_children flag is set for runtime PM should be treated
analogously during system suspend. Namely, they shouldn't be
included in wakeup paths going through their children. Since the
SH7372 I2C controller's power.ignore_children flag is set, doing so
will restore the previous behavior of that SOC.Signed-off-by: Rafael J. Wysocki
Acked-by: Greg Kroah-Hartman -
…wireless into for-davem
