23 Dec, 2011
1 commit
-
This change fixes a linking problem, which happens if oprofile
is selected to be compiled as built-in:`oprofile_arch_exit' referenced in section `.init.text' of
arch/arm/oprofile/built-in.o: defined in discarded section
`.exit.text' of arch/arm/oprofile/built-in.oThe problem is appeared after commit 87121ca504, which
introduced oprofile_arch_exit() calls from __init function. Note
that the aforementioned commit has been backported to stable
branches, and the problem is known to be reproduced at least
with 3.0.13 and 3.1.5 kernels.Signed-off-by: Vladimir Zapolskiy
Signed-off-by: Robert Richter
Cc: Will Deacon
Cc: oprofile-list
Cc:
Link: http://lkml.kernel.org/r/20111222151540.GB16765@erda.amd.com
Signed-off-by: Ingo Molnar
21 Dec, 2011
22 commits
-
* git://git.infradead.org/mtd-2.6:
mtd: plat_ram: call mtd_device_register only if partition data exists
mtd: pxa2xx-flash.c: It used to fall back to provided table.
mtd: gpmi: add missing include 'module.h'
mtd: ndfc: fix typo in structure dereference -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc:
mmc: vub300: fix type of firmware_rom_wait_states module parameter
Revert "mmc: enable runtime PM by default"
mmc: sdhci: remove "state" argument from sdhci_suspend_host -
Fix the following bug in sel_netport_insert() where rcu_dereference() should
be rcu_dereference_protected() as sel_netport_lock is held.===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
security/selinux/netport.c:127 invoked rcu_dereference_check() without protection!other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by ossec-rootcheck/3323:
#0: (sel_netport_lock){+.....}, at: [] sel_netport_sid+0xbb/0x226stack backtrace:
Pid: 3323, comm: ossec-rootcheck Not tainted 3.1.0-rc8-fsdevel+ #1095
Call Trace:
[] lockdep_rcu_dereference+0xa7/0xb0
[] sel_netport_sid+0x1b7/0x226
[] ? sel_netport_avc_callback+0xbc/0xbc
[] selinux_socket_bind+0x115/0x230
[] ? might_fault+0x4e/0x9e
[] ? might_fault+0x97/0x9e
[] security_socket_bind+0x11/0x13
[] sys_bind+0x56/0x95
[] ? sysret_check+0x27/0x62
[] ? trace_hardirqs_on_caller+0x11e/0x155
[] ? audit_syscall_entry+0x17b/0x1ae
[] ? trace_hardirqs_on_thunk+0x3a/0x3f
[] system_call_fastpath+0x16/0x1bSigned-off-by: David Howells
Acked-by: Paul Moore
Acked-by: Eric Dumazet
Cc: stable@kernel.org
Signed-off-by: James Morris -
…in/linux-digsig into for-linus
-
* 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
cgroups: fix a css_set not found bug in cgroup_attach_proc -
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86, dumpstack: Fix code bytes breakage due to missing KERN_CONT -
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
time/clocksource: Fix kernel-doc warnings
rtc: m41t80: Workaround broken alarm functionality
rtc: Expire alarms after the time is set. -
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
oprofile: Fix uninitialized memory access when writing to writing to oprofilefs -
…kernel/git/konrad/xen
* 'stable/for-linus-fixes-3.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
Revert "xen/pv-on-hvm kexec: add xs_reset_watches to shutdown watches from old kernel" -
* 'sh-fixes-for-linus' of git://github.com/pmundt/linux-sh:
sh: fix build warning in board-sh7757lcr -
* 'rmobile-fixes-for-linus' of git://github.com/pmundt/linux-sh:
ARM: mach-shmobile: SH73A0 external Ethernet fix
ARM: mach-shmobile: AG5EVM GIC Sparse IRQ fix
ARM: mach-shmobile: Kota2 TPU LED platform data
ARM: mach-shmobile: Kota2 GIC Sparse IRQ fix
ARM: mach-shmobile: Kota2 PINT fix -
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
NFS: Fix a regression in nfs_file_llseek()
NFSv4: Do not accept delegated opens when a delegation recall is in effect
NFSv4: Ensure correct locking when accessing the 'lock_states' list
NFSv4.1: Ensure that we handle _all_ SEQUENCE status bits.
NFSv4: Don't error if we handled it in nfs4_recovery_handle_error
SUNRPC: Ensure we always bump the backlog queue in xprt_free_slot
SUNRPC: Fix the execution time statistics in the face of RPC restarts -
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
vmwgfx: Clip cliprects against screen boundaries in present and dirty
vmwgfx: Resend the cursor after legacy modeset
vmwgfx: Do better culling of presents
vmwgfx: Refactor kms code to use vmw_user_lookup_handle helper
vmwgfx: Add helper function to get surface or dmabuf
vmwgfx: Refactor cursor update
vmwgfx: Remove dmabuf check in present ioctl
vmwgfx: Use the revised fifo hw version register when present -
* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (31 commits)
Revert "[media] af9015: limit I2C access to keep FW happy"
[media] s5p-fimc: Fix camera input configuration in subdev operations
[media] m5mols: Fix logic in sanity check
[media] ati_remote: switch to single-byte scancodes
[media] V4L: mt9m111: fix uninitialised mutex
[media] V4L: omap1_camera: fix missing include
[media] V4L: mt9t112: use after free in mt9t112_probe()
[media] V4L: soc-camera: fix compiler warnings on 64-bit platforms
[media] s5p_mfc_enc: fix s/H264/H263/ typo
[media] omap_vout: Fix compile error in 3.1
[media] au0828: add missing models 72101, 72201 & 72261 to the model matrix
[media] au0828: add missing USB ID 2040:7213
[media] au0828: add missing USB ID 2040:7260
[media] [trivial] omap24xxcam-dma: Fix logical test
[media] omap_vout: fix crash if no driver for a display
[media] media: video: s5p-tv: fix build break
[media] omap3isp: fix compilation of ispvideo.c
[media] m5mols: Fix set_fmt to return proper pixel format code
[media] s5p-fimc: Use correct fourcc for RGB565 colour format
[media] s5p-fimc: Fail driver probing when sensor configuration is wrong
... -
binary_sysctl() calls sysctl_getname() which allocates from names_cache
slab usin __getname()The matching function to free the name is __putname(), and not putname()
which should be used only to match getname() allocations.This is because when auditing is enabled, putname() calls audit_putname
*instead* (not in addition) to __putname(). Then, if a syscall is in
progress, audit_putname does not release the name - instead, it expects
the name to get released when the syscall completes, but that will happen
only if audit_getname() was called previously, i.e. if the name was
allocated with getname() rather than the naked __getname(). So,
__getname() followed by putname() ends up leaking memory.Signed-off-by: Michel Lespinasse
Acked-by: Al Viro
Cc: Christoph Hellwig
Cc: Eric Paris
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Static storage is not required for the struct vmap_area in
__get_vm_area_node.Removing "static" to store this variable on the stack instead.
Signed-off-by: Kautuk Consul
Acked-by: David Rientjes
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
If the BMC gets reset, it will return 0x80 response errors.
In less than a week
# grep "Error 80 on cmd 22" /var/log/kernel |wc -l
378681In this case, it is probably a good idea to restore the IPMI settings.
Signed-off-by: Corey Minyard
Tested-by: Arkadiusz Miśkiewicz
Reported-by: Arkadiusz Miśkiewicz
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
An integer overflow will happen on 64bit archs if task's sum of rss,
swapents and nr_ptes exceeds (2^31)/1000 value. This was introduced by
commitf755a04 oom: use pte pages in OOM score
where the oom score computation was divided into several steps and it's no
longer computed as one expression in unsigned long(rss, swapents, nr_pte
are unsigned long), where the result value assigned to points(int) is in
range(1..1000). So there could be an int overflow while computing176 points *= 1000;
and points may have negative value. Meaning the oom score for a mem hog task
will be one.196 if (points
Acked-by: KOSAKI Motohiro
Acked-by: Oleg Nesterov
Acked-by: David Rientjes
Cc: [2.6.36+]
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
If the request is to create non-root group and we fail to meet it, we
should leave the root unchanged.Signed-off-by: Hillf Danton
Acked-by: Hugh Dickins
Acked-by: KAMEZAWA Hiroyuki
Acked-by: Michal Hocko
Cc: Balbir Singh
Cc: David Rientjes
Cc: Andrea Arcangeli
Cc: Johannes Weiner
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There is a potential integer overflow in nilfs_ioctl_clean_segments().
When a large argv[n].v_nmembs is passed from the userspace, the subsequent
call to vmalloc() will allocate a buffer smaller than expected, which
leads to out-of-bound access in nilfs_ioctl_move_blocks() and
lfs_clean_segments().The following check does not prevent the overflow because nsegs is also
controlled by the userspace and could be very large.if (argv[n].v_nmembs > nsegs * nilfs->ns_blocks_per_segment)
goto out_free;This patch clamps argv[n].v_nmembs to UINT_MAX / argv[n].v_size, and
returns -EINVAL when overflow.Signed-off-by: Haogang Chen
Signed-off-by: Ryusuke Konishi
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
commit 828b1c50ae ("nilfs2: add compat ioctl") incidentally broke all
other NILFS compat ioctls. Make them work again.Signed-off-by: Thomas Meyer
Signed-off-by: Ryusuke Konishi
Tested-by: Ryusuke Konishi
Cc: [3.0+]
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Kernels where MAX_NUMNODES > BITS_PER_LONG may temporarily see an empty
nodemask in a tsk's mempolicy if its previous nodemask is remapped onto a
new set of allowed cpuset nodes where the two nodemasks, as a result of
the remap, are now disjoint.c0ff7453bb5c ("cpuset,mm: fix no node to alloc memory when changing
cpuset's mems") adds get_mems_allowed() to prevent the set of allowed
nodes from changing for a thread. This causes any update to a set of
allowed nodes to stall until put_mems_allowed() is called.This stall is unncessary, however, if at least one node remains unchanged
in the update to the set of allowed nodes. This was addressed by
89e8a244b97e ("cpusets: avoid looping when storing to mems_allowed if one
node remains set"), but it's still possible that an empty nodemask may be
read from a mempolicy because the old nodemask may be remapped to the new
nodemask during rebind. To prevent this, only avoid the stall if there is
no mempolicy for the thread being changed.This is a temporary solution until all reads from mempolicy nodemasks can
be guaranteed to not be empty without the get_mems_allowed()
synchronization.Also moves the check for nodemask intersection inside task_lock() so that
tsk->mems_allowed cannot change. This ensures that nothing can set this
tsk's mems_allowed out from under us and also protects tsk->mempolicy.Reported-by: Miao Xie
Signed-off-by: David Rientjes
Cc: KOSAKI Motohiro
Cc: Paul Menage
Cc: Stephen Rothwell
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
20 Dec, 2011
14 commits
-
There is a small chance of racing during tfm allocation.
This patch fixes it.Signed-off-by: Dmitry Kasatkin
Acked-by: Mimi Zohar
Signed-off-by: James Morris -
On multi-core systems, setting of the key before every caclculation,
causes invalid HMAC calculation for other tfm users, because internal
state (ipad, opad) can be invalid before set key call returns.
It needs to be set only once during initialization.Signed-off-by: Dmitry Kasatkin
Acked-by: Mimi Zohar
Signed-off-by: James Morris -
You didn't mean this to be a bool.
Signed-off-by: Rusty Russell
Acked-by: Tony Olech
Cc:
Signed-off-by: Chris Ball -
When SDIO runtime PM was originally introduced, we immediately faced
two regressions with two different chipsets, and in response decided
not to enable it by default.With the recent work on the 8686 we hoped we found all the gotchas,
so 08da834 did make sense (at least experimentally).Unfortunately we now see that some setups out there still refuse to
work when SDIO runtime PM is enabled by default (see
http://www.spinics.net/lists/linux-mmc/msg11161.html), and obviously
we can't live with these kind of regressions.This reverts commit 08da834a24312157f512224691ad1fddd11c1073.
Signed-off-by: Ohad Ben-Cohen
Cc: Daniel Drake
Signed-off-by: Chris Ball -
Drop the "state" argument from sdhci_suspend_host. Its only user is the
PCI glue; this allows to move all SDHCI glues to use dev_pm_ops instead.Signed-off-by: Manuel Lauss
Acked-by: Adrian Hunter
Signed-off-by: Chris Ball -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband:
IB/qib: Correct sense on freectxts increment and decrement
RDMA/cma: Verify private data length
IB/mlx4: Fix shutdown crash accessing a non-existent bitmap -
* 'for-3.2-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu:
percpu: fix per_cpu_ptr_to_phys() handling of non-page-aligned addresses -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: synaptics - fix touchpad not working after S2R on Vostro V13
Input: cma3000_d0x - fix signedness bug in cma3000_thread_irq()
Input: wacom - add product id used by Samsung Slate 7 -
When printing the code bytes in show_registers(), the markers around the
byte at the fault address could make the printk() format string look
like a valid log level and facility code. This would prevent this byte
from being printed and result in a spurious newline:[ 7555.765589] Code: 8b 32 e9 94 00 00 00 81 7d 00 ff 00 00 00 0f 87 96 00 00 00 48 8b 83 c0 00 00 00 44 89 e2 44 89 e6 48 89 df 48 8b 80 d8 02 00 00
[ 7555.765683] 8b 48 28 48 89 d0 81 e2 ff 0f 00 00 48 c1 e8 0c 48 c1 e0 04Add KERN_CONT where needed, and elsewhere in show_registers() for
consistency.Signed-off-by: Clemens Ladisch
Link: http://lkml.kernel.org/r/4EEFA7AE.9020407@ladisch.de
Signed-off-by: H. Peter Anvin -
Commit 53ab1c64983 ("IB/qib: Correct nfreectxts for multiple HCAs")
reversed the increments and decrements of dd->nfreectxts. Fix it.Reviewed-by: Ram Vepa
Signed-off-by: Mike Marciniszyn
Signed-off-by: Roland Dreier -
private_data_len is defined as a u8. If the user specifies a large
private_data size (> 220 bytes), we will calculate a total length that
exceeds 255, resulting in private_data_len wrapping back to 0. This
can lead to overwriting random kernel memory. Avoid this by verifying
that the resulting size fits into a u8.Reported-by: B. Thery
Addresses:
Signed-off-by: Sean Hefty
Signed-off-by: Roland Dreier -
There is a BUG when migrating a PF_EXITING proc. Since css_set_prefetch()
is not called for the PF_EXITING case, find_existing_css_set() will return
NULL inside cgroup_task_migrate() causing a BUG.This bug is easy to reproduce. Create a zombie and echo its pid to
cgroup.procs.$ cat zombie.c
\#includeint main()
{
if (fork())
pause();
return 0;
}
$We are hitting this bug pretty regularly on ChromeOS.
This bug is already fixed by Tejun Heo's cgroup patchset which is
targetted for the next merge window:https://lkml.org/lkml/2011/11/1/356
I've create a smaller patch here which just fixes this bug so that a
fix can be merged into the current release and stable.Signed-off-by: Mandeep Singh Baines
Downstream-Bug-Report: http://crosbug.com/23953
Reviewed-by: Li Zefan
Signed-off-by: Tejun Heo
Cc: containers@lists.linux-foundation.org
Cc: cgroups@vger.kernel.org
Cc: stable@kernel.org
Cc: KAMEZAWA Hiroyuki
Cc: Frederic Weisbecker
Cc: Oleg Nesterov
Cc: Andrew Morton
Cc: Paul Menage
Cc: Olof Johansson -
If oprofilefs_ulong_from_user() is called with count equals
zero, *val remains unchanged. Depending on the implementation it
might be uninitialized.Change oprofilefs_ulong_from_user()'s interface to return count
on success. Thus, we are able to return early if count equals
zero which avoids using *val uninitialized. Fixing all users of
oprofilefs_ulong_ from_user().This follows write syscall implementation when count is zero:
"If count is zero ... [and if] no errors are detected, 0 will be
returned without causing any other effect." (man 2 write)Reported-By: Mike Waychison
Signed-off-by: Robert Richter
Cc: Andrew Morton
Cc:
Cc: oprofile-list
Link: http://lkml.kernel.org/r/20111219153830.GH16765@erda.amd.com
Signed-off-by: Ingo Molnar
19 Dec, 2011
3 commits
-
This reverts commit ddacf5ef684a655abe2bb50c4b2a5b72ae0d5e05.
As when booting the kernel under Amazon EC2 as an HVM guest it ends up
hanging during startup. Reverting this we loose the fix for kexec
booting to the crash kernels.Fixes Canonical BZ #901305 (http://bugs.launchpad.net/bugs/901305)
Tested-by: Alessandro Salvatori
Reported-by: Stefan Bader
Acked-by: Ian Campbell
Signed-off-by: Konrad Rzeszutek Wilk -
Signed-off-by: Jakob Bornecrantz
Reviewed-by: Thomas Hellstrom
Signed-off-by: Dave Airlie -
Signed-off-by: Jakob Bornecrantz
Reviewed-by: Thomas Hellstrom
Signed-off-by: Dave Airlie