23 Sep, 2009
2 commits
-
Make all seq_operations structs const, to help mitigate against
revectoring user-triggerable function pointers.This is derived from the grsecurity patch, although generated from scratch
because it's simpler than extracting the changes from there.Signed-off-by: James Morris
Acked-by: Serge Hallyn
Acked-by: Casey Schaufler
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Move various magic-number definitions into magic.h.
Signed-off-by: Nick Black
Acked-by: Pekka Enberg
Cc: Al Viro
Cc: "David S. Miller"
Cc: Casey Schaufler
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
22 Sep, 2009
5 commits
-
* 'for-2.6.32' of git://linux-nfs.org/~bfields/linux: (68 commits)
nfsd4: nfsv4 clients should cross mountpoints
nfsd: revise 4.1 status documentation
sunrpc/cache: avoid variable over-loading in cache_defer_req
sunrpc/cache: use list_del_init for the list_head entries in cache_deferred_req
nfsd: return success for non-NFS4 nfs4_state_start
nfsd41: Refactor create_client()
nfsd41: modify nfsd4.1 backchannel to use new xprt class
nfsd41: Backchannel: Implement cb_recall over NFSv4.1
nfsd41: Backchannel: cb_sequence callback
nfsd41: Backchannel: Setup sequence information
nfsd41: Backchannel: Server backchannel RPC wait queue
nfsd41: Backchannel: Add sequence arguments to callback RPC arguments
nfsd41: Backchannel: callback infrastructure
nfsd4: use common rpc_cred for all callbacks
nfsd4: allow nfs4 state startup to fail
SUNRPC: Defer the auth_gss upcall when the RPC call is asynchronous
nfsd4: fix null dereference creating nfsv4 callback client
nfsd4: fix whitespace in NFSPROC4_CLNT_CB_NULL definition
nfsd41: sunrpc: add new xprt class for nfsv4.1 backchannel
sunrpc/cache: simplify cache_fresh_locked and cache_fresh_unlocked.
... -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: (34 commits)
trivial: fix typo in aic7xxx comment
trivial: fix comment typo in drivers/ata/pata_hpt37x.c
trivial: typo in kernel-parameters.txt
trivial: fix typo in tracing documentation
trivial: add __init/__exit macros in drivers/gpio/bt8xxgpio.c
trivial: add __init macro/ fix of __exit macro location in ipmi_poweroff.c
trivial: remove unnecessary semicolons
trivial: Fix duplicated word "options" in comment
trivial: kbuild: remove extraneous blank line after declaration of usage()
trivial: improve help text for mm debug config options
trivial: doc: hpfall: accept disk device to unload as argument
trivial: doc: hpfall: reduce risk that hpfall can do harm
trivial: SubmittingPatches: Fix reference to renumbered step
trivial: fix typos "man[ae]g?ment" -> "management"
trivial: media/video/cx88: add __init/__exit macros to cx88 drivers
trivial: fix typo in CONFIG_DEBUG_FS in gcov doc
trivial: fix missing printk space in amd_k7_smp_check
trivial: fix typo s/ketymap/keymap/ in comment
trivial: fix typo "to to" in multiple files
trivial: fix typos in comments s/DGBU/DBGU/
... -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: Remove duplicate Kconfig entry
HID: consolidate connect and disconnect into core code
HID: fix non-atomic allocation in hid_input_report -
Sizing of memory allocations shouldn't depend on the number of physical
pages found in a system, as that generally includes (perhaps a huge amount
of) non-RAM pages. The amount of what actually is usable as storage
should instead be used as a basis here.Some of the calculations (i.e. those not intending to use high memory)
should likely even use (totalram_pages - totalhigh_pages).Signed-off-by: Jan Beulich
Acked-by: Rusty Russell
Acked-by: Ingo Molnar
Cc: Dave Airlie
Cc: Kyle McMartin
Cc: Jeremy Fitzhardinge
Cc: Pekka Enberg
Cc: Hugh Dickins
Cc: "David S. Miller"
Cc: Patrick McHardy
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Signed-off-by: Alexey Dobriyan
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
21 Sep, 2009
2 commits
-
Signed-off-by: Joe Perches
Signed-off-by: Jiri Kosina -
Signed-off-by: Anand Gadiyar
Signed-off-by: Jiri Kosina
19 Sep, 2009
1 commit
-
In cache_defer_req, 'dreq' is used for two significantly different
values that happen to be of the same type.This is both confusing, and makes it hard to extend the range of one of
the values as we will in the next patch.
So introduce 'discard' to take one of the values.Signed-off-by: NeilBrown
Signed-off-by: J. Bruce Fields
18 Sep, 2009
4 commits
-
Using list_del_init is generally safer than list_del, and it will
allow us, in a subsequent patch, to see if an entry has already been
processed or not.Signed-off-by: NeilBrown
Signed-off-by: J. Bruce Fields -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (66 commits)
be2net: fix some cmds to use mccq instead of mbox
atl1e: fix 2.6.31-git4 -- ATL1E 0000:03:00.0: DMA-API: device driver frees DMA
pkt_sched: Fix qstats.qlen updating in dump_stats
ipv6: Log the affected address when DAD failure occurs
wl12xx: Fix print_mac() conversion.
af_iucv: fix race when queueing skbs on the backlog queue
af_iucv: do not call iucv_sock_kill() twice
af_iucv: handle non-accepted sockets after resuming from suspend
af_iucv: fix race in __iucv_sock_wait()
iucv: use correct output register in iucv_query_maxconn()
iucv: fix iucv_buffer_cpumask check when calling IUCV functions
iucv: suspend/resume error msg for left over pathes
wl12xx: switch to %pM to print the mac address
b44: the poll handler b44_poll must not enable IRQ unconditionally
ipv6: Ignore route option with ROUTER_PREF_INVALID
bonding: make ab_arp select active slaves as other modes
cfg80211: fix SME connect
rc80211_minstrel: fix contention window calculation
ssb/sdio: fix printk format warnings
p54usb: add Zcomax XG-705A usbid
... -
Some classful qdiscs miss qstats.qlen updating with q.qlen of their
child qdiscs in dump_stats methods.Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
If an interface has multiple addresses, the current message for DAD
failure isn't really helpful, so this patch adds the address itself to
the printk.Signed-off-by: Jens Rosenboom
Signed-off-by: David S. Miller
17 Sep, 2009
13 commits
-
HID core registers input, hidraw and hiddev devices, but leaves
unregistering it up to the individual driver, which is not really nice.
Let's move all the logic to the core.Reported-by: Marcel Holtmann
Reported-by: Brian Rogers
Acked-by: Marcel Holtmann
Signed-off-by: Jiri Kosina -
iucv_sock_recvmsg() and iucv_process_message()/iucv_fragment_skb race
for dequeuing an skb from the backlog queue.If iucv_sock_recvmsg() dequeues first, iucv_process_message() calls
sock_queue_rcv_skb() with an skb that is NULL.This results in the following kernel panic:
Unable to handle kernel pointer dereference at virtual kernel address (null)
Oops: 0004 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
CPU: 0 Not tainted 2.6.30 #4
Process client-iucv (pid: 4787, task: 0000000034e75940, ksp: 00000000353e3710)
Krnl PSW : 0704000180000000 000000000043ebca (sock_queue_rcv_skb+0x7a/0x138)
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:0 PM:0 EA:3
Krnl GPRS: 0052900000000000 000003e0016e0fe8 0000000000000000 0000000000000000
000000000043eba8 0000000000000002 0000000000000001 00000000341aa7f0
0000000000000000 0000000000007800 0000000000000000 0000000000000000
00000000341aa7f0 0000000000594650 000000000043eba8 000000003fc2fb28
Krnl Code: 000000000043ebbe: a7840006 brc 8,43ebca
000000000043ebc2: 5930c23c c %r3,572(%r12)
000000000043ebc6: a724004c brc 2,43ec5e
>000000000043ebca: e3c0b0100024 stg %r12,16(%r11)
000000000043ebd0: a7190000 lghi %r1,0
000000000043ebd4: e310b0200024 stg %r1,32(%r11)
000000000043ebda: c010ffffdce9 larl %r1,43a5ac
000000000043ebe0: e310b0800024 stg %r1,128(%r11)
Call Trace:
([] sock_queue_rcv_skb+0x58/0x138)
[] iucv_process_message+0x112/0x3cc [af_iucv]
[] iucv_callback_rx+0x1f0/0x274 [af_iucv]
[] iucv_message_pending+0xa2/0x120
[] iucv_tasklet_fn+0x176/0x1b8
[] tasklet_action+0xfe/0x1f4
[] __do_softirq+0x116/0x284
[] do_softirq+0xe4/0xe8
[] irq_exit+0xba/0xd8
[] do_extint+0x146/0x190
[] ext_no_vtime+0x1e/0x22
[] kfree+0x202/0x28c
([] kfree+0x1f8/0x28c)
[] __kfree_skb+0x32/0x124
[] iucv_sock_recvmsg+0x236/0x41c [af_iucv]
[] sock_aio_read+0x136/0x160
[] do_sync_read+0xe4/0x13c
[] vfs_read+0x152/0x15c
[] SyS_read+0x54/0xac
[] sysc_noemu+0x10/0x16
[] 0x42ff8def3cSigned-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
For non-accepted sockets on the accept queue, iucv_sock_kill()
is called twice (in iucv_sock_close() and iucv_sock_cleanup_listen()).
This typically results in a kernel oops as shown below.Remove the duplicate call to iucv_sock_kill() and set the SOCK_ZAPPED
flag in iucv_sock_close() only.The iucv_sock_kill() function frees a socket only if the socket is zapped
and orphaned (sk->sk_socket == NULL):
- Non-accepted sockets are always orphaned and, thus, iucv_sock_kill()
frees the socket twice.
- For accepted sockets or sockets created with iucv_sock_create(),
sk->sk_socket is initialized. This caused the first call to
iucv_sock_kill() to return immediately. To free these sockets,
iucv_sock_release() uses sock_orphan() before calling iucv_sock_kill().Unable to handle kernel pointer dereference at virtual kernel address 000000003edd3000
Oops: 0011 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Modules linked in: af_iucv sunrpc qeth_l3 dm_multipath dm_mod qeth vmur ccwgroup
CPU: 0 Not tainted 2.6.30 #4
Process iucv_sock_close (pid: 2486, task: 000000003aea4340, ksp: 000000003b75bc68)
Krnl PSW : 0704200180000000 000003e00168e23a (iucv_sock_kill+0x2e/0xcc [af_iucv])
R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
Krnl GPRS: 0000000000000000 000000003b75c000 000000003edd37f0 0000000000000001
000003e00168ec62 000000003988d960 0000000000000000 000003e0016b0608
000000003fe81b20 000000003839bb58 00000000399977f0 000000003edd37f0
000003e00168b000 000003e00168f138 000000003b75bcd0 000000003b75bc98
Krnl Code: 000003e00168e22a: c0c0ffffe6eb larl %r12,3e00168b000
000003e00168e230: b90400b2 lgr %r11,%r2
000003e00168e234: e3e0f0980024 stg %r14,152(%r15)
>000003e00168e23a: e310225e0090 llgc %r1,606(%r2)
000003e00168e240: a7110001 tmll %r1,1
000003e00168e244: a7840007 brc 8,3e00168e252
000003e00168e248: d507d00023c8 clc 0(8,%r13),968(%r2)
000003e00168e24e: a7840009 brc 8,3e00168e260
Call Trace:
([] afiucv_dbf+0x0/0xfffffffffffdea20 [af_iucv])
[] iucv_sock_close+0x130/0x368 [af_iucv]
[] iucv_sock_release+0x5e/0xe4 [af_iucv]
[] sock_release+0x44/0x104
[] sock_close+0x32/0x50
[] __fput+0xf4/0x250
[] filp_close+0x7a/0xa8
[] SyS_close+0xe2/0x148
[] sysc_noemu+0x10/0x16
[] 0x42ff8deeacSigned-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
After resuming from suspend, all af_iucv sockets are disconnected.
Ensure that iucv_accept_dequeue() can handle disconnected sockets
which are not yet accepted.Signed-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
Moving prepare_to_wait before the condition to avoid a race between
schedule_timeout and wake up.
The race can appear during iucv_sock_connect() and iucv_callback_connack().Signed-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
The iucv_query_maxconn() function uses the wrong output register and
stores the size of the interrupt buffer instead of the maximum number
of connections.According to the QUERY IUCV function, general register 1 contains the
maximum number of connections.If the maximum number of connections is not set properly, the following
warning is displayed:Badness at /usr/src/kernel-source/2.6.30-39.x.20090806/net/iucv/iucv.c:1808
Modules linked in: netiucv fsm af_iucv sunrpc qeth_l3 dm_multipath dm_mod vmur qeth ccwgroup
CPU: 0 Tainted: G W 2.6.30 #4
Process seq (pid: 16925, task: 0000000030e24a40, ksp: 000000003033bd98)
Krnl PSW : 0404200180000000 000000000053b270 (iucv_external_interrupt+0x64/0x224)
R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:0 CC:2 PM:0 EA:3
Krnl GPRS: 00000000011279c2 00000000014bdb70 0029000000000000 0000000000000029
000000000053b236 000000000001dba4 0000000000000000 0000000000859210
0000000000a67f68 00000000008a6100 000000003f83fb90 0000000000004000
000000003f8c7bc8 00000000005a2250 000000000053b236 000000003fc2fe08
Krnl Code: 000000000053b262: e33010000021 clg %r3,0(%r1)
000000000053b268: a7440010 brc 4,53b288
000000000053b26c: a7f40001 brc 15,53b26e
>000000000053b270: c03000184134 larl %r3,8434d8
000000000053b276: eb220030000c srlg %r2,%r2,48
000000000053b27c: eb6ff0a00004 lmg %r6,%r15,160(%r15)
000000000053b282: c0f4fffff6a7 brcl 15,539fd0
000000000053b288: 4310a003 ic %r1,3(%r10)
Call Trace:
([] iucv_external_interrupt+0x2a/0x224)
[] do_extint+0x132/0x190
[] ext_no_vtime+0x1e/0x22
[] _spin_unlock_irqrestore+0x96/0xa4
([] _spin_unlock_irqrestore+0x8c/0xa4)
[] pipe_write+0x3da/0x5bc
[] do_sync_write+0xe4/0x13c
[] vfs_write+0xae/0x15c
[] SyS_write+0x54/0xac
[] sysc_noemu+0x10/0x16
[] 0x42ff8defccSigned-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
Prior to calling IUCV functions, the DECLARE BUFFER function must have been
called for at least one CPU to receive IUCV interrupts.With commit "iucv: establish reboot notifier" (6c005961), a check has been
introduced to avoid calling IUCV functions if the current CPU does not have
an interrupt buffer declared.
Because one interrupt buffer is sufficient, change the condition to ensure
that one interrupt buffer is available.In addition, checking the buffer on the current CPU creates a race with
CPU up/down notifications: before checking the buffer, the IUCV function
might be interrupted by an smp_call_function() that retrieves the interrupt
buffer for the current CPU.
When the IUCV function continues, the check fails and -EIO is returned. If a
buffer is available on any other CPU, the IUCV function call must be invoked
(instead of failing with -EIO).Signed-off-by: Hendrik Brueckner
Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
During suspend IUCV exploiters have to close their IUCV connections.
When restoring an image, it can be checked if all IUCV pathes had
been closed before the Linux instance was suspended. If not, an
error message is issued to indicate a problem in one of the
used programs exploiting IUCV communication.Signed-off-by: Ursula Braun
Signed-off-by: David S. Miller -
RFC4191 says that "If the Reserved (10) value is received, the Route
Information Option MUST be ignored.", so this patch makes us conform
to the RFC. This is different to the usage of the Default Router
Preference, where an invalid value must indeed be treated as
PREF_MEDIUM.Signed-off-by: Jens Rosenboom
Signed-off-by: David S. Miller -
There's a check saying
/* we're good if we have both BSSID and channel */
if (wdev->conn->params.bssid && wdev->conn->params.channel) {but that isn't true -- we need the BSS struct. This leads
to errors such asTrying to associate with 00:1b:53:11:dc:40 (SSID='TEST' freq=2412 MHz)
ioctl[SIOCSIWFREQ]: No such file or directory
ioctl[SIOCSIWESSID]: No such file or directory
Association request to the driver failed
Associated with 00:1b:53:11:dc:40in wpa_supplicant, as reported by Holger.
Instead, we really need to have the BSS struct, and if we
don't, then we need to initiate a scan for it. But we may
already have the BSS struct here, so hang on to it if we
do and scan if we don't.Signed-off-by: Johannes Berg
Tested-by: Holger Schurig
Signed-off-by: John W. Linville -
The contention window is supposed to be a power of two minus one, i.e.
15, 31, 63, 127... minstrel_rate_init() forgets to subtract 1, so the
sequence becomes 15, 32, 66, 134...Bug reported by Dan Halperin
Signed-off-by: Pavel Roskin
Signed-off-by: John W. Linville
16 Sep, 2009
7 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6:
Driver Core: devtmpfs - kernel-maintained tmpfs-based /dev
debugfs: Modify default debugfs directory for debugging pktcdvd.
debugfs: Modified default dir of debugfs for debugging UHCI.
debugfs: Change debugfs directory of IWMC3200
debugfs: Change debuhgfs directory of trace-events-sample.h
debugfs: Fix mount directory of debugfs by default in events.txt
hpilo: add poll f_op
hpilo: add interrupt handler
hpilo: staging for interrupt handling
driver core: platform_device_add_data(): use kmemdup()
Driver core: Add support for compatibility classes
uio: add generic driver for PCI 2.3 devices
driver-core: move dma-coherent.c from kernel to driver/base
mem_class: fix bug
mem_class: use minor as index instead of searching the array
driver model: constify attribute groups
UIO: remove 'default n' from Kconfig
Driver core: Add accessor for device platform data
Driver core: move dev_get/set_drvdata to drivers/base/dd.c
Driver core: add new device to bus's list before probing -
Use uX rather than uintX_t types for consistency.
Signed-off-by: David Howells
Signed-off-by: David S. Miller -
I have recently came across a preemption imbalance detected by:
huh, entered ffffffff80644630 with preempt_count 00000102, exited with 00000101?
------------[ cut here ]------------
kernel BUG at /usr/src/linux/kernel/timer.c:664!
invalid opcode: 0000 [1] PREEMPT SMPwith ffffffff80644630 being inet_twdr_hangman().
This appeared after I enabled CONFIG_TCP_MD5SIG and played with it a
bit, so I looked at what might have caused it.One thing that struck me as strange is tcp_twsk_destructor(), as it
calls tcp_put_md5sig_pool() -- which entails a put_cpu(), causing the
detected imbalance. Found on 2.6.23.9, but 2.6.31 is affected as well,
as far as I can tell.Signed-off-by: Robert Varga
Signed-off-by: David S. Miller -
If qdisc_get_stab returns error in qdisc_create there is skipped qdisc
ops->destroy, which is necessary because it's after ops->init at the
moment, so memory leaks are quite probable.Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
Otherwise, the upcall is going to be synchronous, which may not be what the
caller wants...Signed-off-by: Trond Myklebust
Signed-off-by: J. Bruce Fields -
Let attribute group vectors be declared "const". We'd
like to let most attribute metadata live in read-only
sections... this is a start.Signed-off-by: David Brownell
Signed-off-by: Greg Kroah-Hartman -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: (46 commits)
powerpc64: convert to dynamic percpu allocator
sparc64: use embedding percpu first chunk allocator
percpu: kill lpage first chunk allocator
x86,percpu: use embedding for 64bit NUMA and page for 32bit NUMA
percpu: update embedding first chunk allocator to handle sparse units
percpu: use group information to allocate vmap areas sparsely
vmalloc: implement pcpu_get_vm_areas()
vmalloc: separate out insert_vmalloc_vm()
percpu: add chunk->base_addr
percpu: add pcpu_unit_offsets[]
percpu: introduce pcpu_alloc_info and pcpu_group_info
percpu: move pcpu_lpage_build_unit_map() and pcpul_lpage_dump_cfg() upward
percpu: add @align to pcpu_fc_alloc_fn_t
percpu: make @dyn_size mandatory for pcpu_setup_first_chunk()
percpu: drop @static_size from first chunk allocators
percpu: generalize first chunk allocator selection
percpu: build first chunk allocators selectively
percpu: rename 4k first chunk allocator to page
percpu: improve boot messages
percpu: fix pcpu_reclaim() locking
...Fix trivial conflict as by Tejun Heo in kernel/sched.c
15 Sep, 2009
6 commits
-
Signed-off-by: Dmitry Eremin-Solenikov
-
Remove __user annotation from optlen arg as it's bogus.
Signed-off-by: Dmitry Eremin-Solenikov
-
After the recent mq change there is the new select_queue qdisc class
method used in tc_modify_qdisc, but it works OK only for direct child
qdiscs of mq qdisc. Grandchildren always get the first tx queue, which
would give wrong qdisc_root etc. results (e.g. for sch_htb as child of
sch_prio). This patch fixes it by using parent's dev_queue for such
grandchildren qdiscs. The select_queue method's return type is changed
BTW.With feedback from: Patrick McHardy
Signed-off-by: Jarek Poplawski
Signed-off-by: David S. Miller -
Parse RxRPC security index 5 type keys (Kerberos 5 tokens).
Signed-off-by: David Howells
Signed-off-by: David S. Miller -
Allow RxRPC keys to be read. This is to allow pioctl() to be implemented in
userspace. RxRPC keys are read out in XDR format.Signed-off-by: David Howells
Signed-off-by: David S. Miller -
Allow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as
described by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of
passing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and
allows for future expansion.Signed-off-by: David Howells
Signed-off-by: David S. Miller
