29 Apr, 2011
1 commit
-
Change flex_array_prealloc to take the number of elements for which space
should be allocated instead of the last (inclusive) element. Users
and documentation are updated accordingly. flex_arrays got introduced before
they had users. When folks started using it, they ended up needing a
different API than was coded up originally. This swaps over to the API that
folks apparently need.Based-on-patch-by: Steffen Klassert
Signed-off-by: Eric Paris
Tested-by: Chris Richards
Acked-by: Dave Hansen
Cc: stable@kernel.org [2.6.38+]
08 Mar, 2011
3 commits
-
Add a keyctl op (KEYCTL_INSTANTIATE_IOV) that is like KEYCTL_INSTANTIATE, but
takes an iovec array and concatenates the data in-kernel into one buffer.
Since the KEYCTL_INSTANTIATE copies the data anyway, this isn't too much of a
problem.Signed-off-by: David Howells
Signed-off-by: James Morris -
Add a new keyctl op to reject a key with a specified error code. This works
much the same as negating a key, and so keyctl_negate_key() is made a special
case of keyctl_reject_key(). The difference is that keyctl_negate_key()
selects ENOKEY as the error to be reported.Typically the key would be rejected with EKEYEXPIRED, EKEYREVOKED or
EKEYREJECTED, but this is not mandatory.Signed-off-by: David Howells
Signed-off-by: James Morris -
Add a key type operation to permit the key type to vet the description of a new
key that key_alloc() is about to allocate. The operation may reject the
description if it wishes with an error of its choosing. If it does this, the
key will not be allocated.Signed-off-by: David Howells
Reviewed-by: Mimi Zohar
Signed-off-by: James Morris
04 Mar, 2011
3 commits
-
…s/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076] -
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (42 commits)
MAINTAINERS: Add Andy Gospodarek as co-maintainer.
r8169: disable ASPM
RxRPC: Fix v1 keys
AF_RXRPC: Handle receiving ACKALL packets
cnic: Fix lost interrupt on bnx2x
cnic: Prevent status block race conditions with hardware
net: dcbnl: check correct ops in dcbnl_ieee_set()
e1000e: disable broken PHY wakeup for ICH10 LOMs, use MAC wakeup instead
igb: fix sparse warning
e1000: fix sparse warning
netfilter: nf_log: avoid oops in (un)bind with invalid nfproto values
dccp: fix oops on Reset after close
ipvs: fix dst_lock locking on dest update
davinci_emac: Add Carrier Link OK check in Davinci RX Handler
bnx2x: update driver version to 1.62.00-6
bnx2x: properly calculate lro_mss
bnx2x: perform statistics "action" before state transition.
bnx2x: properly configure coefficients for MinBW algorithm (NPAR mode).
bnx2x: Fix ethtool -t link test for MF (non-pmf) devices.
bnx2x: Fix nvram test for single port devices.
... -
When a DNS resolver key is instantiated with an error indication, attempts to
read that key will result in an oops because user_read() is expecting there to
be a payload - and there isn't one [CVE-2011-1076].Give the DNS resolver key its own read handler that returns the error cached in
key->type_data.x[0] as an error rather than crashing.Also make the kenter() at the beginning of dns_resolver_instantiate() limit the
amount of data it prints, since the data is not necessarily NUL-terminated.The buggy code was added in:
commit 4a2d789267e00b5a1175ecd2ddefcc78b83fbf09
Author: Wang Lei
Date: Wed Aug 11 09:37:58 2010 +0100
Subject: DNS: If the DNS server returns an error, allow that to be cached [ver #2]This can trivially be reproduced by any user with the following program
compiled with -lkeyutils:#include
#include
#include
static char payload[] = "#dnserror=6";
int main()
{
key_serial_t key;
key = add_key("dns_resolver", "a", payload, sizeof(payload),
KEY_SPEC_SESSION_KEYRING);
if (key == -1)
err(1, "add_key");
if (keyctl_read(key, NULL, 0) == -1)
err(1, "read_key");
return 0;
}What should happen is that keyctl_read() reports error 6 (ENXIO) to the user:
dns-break: read_key: No such device or address
but instead the kernel oopses.
This cannot be reproduced with the 'keyutils add' or 'keyutils padd' commands
as both of those cut the data down below the NUL termination that must be
included in the data. Without this dns_resolver_instantiate() will return
-EINVAL and the key will not be instantiated such that it can be read.The oops looks like:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: [] user_read+0x4f/0x8f
PGD 3bdf8067 PUD 385b9067 PMD 0
Oops: 0000 [#1] SMP
last sysfs file: /sys/devices/pci0000:00/0000:00:19.0/irq
CPU 0
Modules linked in:Pid: 2150, comm: dns-break Not tainted 2.6.38-rc7-cachefs+ #468 /DG965RY
RIP: 0010:[] [] user_read+0x4f/0x8f
RSP: 0018:ffff88003bf47f08 EFLAGS: 00010246
RAX: 0000000000000001 RBX: ffff88003b5ea378 RCX: ffffffff81972368
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88003b5ea378
RBP: ffff88003bf47f28 R08: ffff88003be56620 R09: 0000000000000000
R10: 0000000000000395 R11: 0000000000000002 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: ffffffffffffffa1
FS: 00007feab5751700(0000) GS:ffff88003e000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 000000003de40000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process dns-break (pid: 2150, threadinfo ffff88003bf46000, task ffff88003be56090)
Stack:
ffff88003b5ea378 ffff88003b5ea3a0 0000000000000000 0000000000000000
ffff88003bf47f68 ffffffff811b708e ffff88003c442bc8 0000000000000000
00000000004005a0 00007fffba368060 0000000000000000 0000000000000000
Call Trace:
[] keyctl_read_key+0xac/0xcf
[] sys_keyctl+0x75/0xb6
[] system_call_fastpath+0x16/0x1b
Code: 75 1f 48 83 7b 28 00 75 18 c6 05 58 2b fb 00 01 be bb 00 00 00 48 c7 c7 76 1c 75 81 e8 13 c2 e9 ff 4c 8b b3 e0 00 00 00 4d 85 ed 0f b7 5e 10 74 2d 4d 85 e4 74 28 e8 98 79 ee ff 49 39 dd 48
RIP [] user_read+0x4f/0x8f
RSP
CR2: 0000000000000010Signed-off-by: David Howells
Acked-by: Jeff Layton
cc: Wang Lei
Signed-off-by: James Morris
01 Mar, 2011
1 commit
-
Clean up entries in 00-INDEX: drop files that have been removed.
Reported-by: Rob Landley
Signed-off-by: Randy Dunlap
Acked-by: Rob Landley
Signed-off-by: David S. Miller
22 Feb, 2011
4 commits
-
Add fs/eventfd.c to filesystems docbook.
Make typo corrections in fs/eventfd.c.Signed-off-by: Randy Dunlap
Cc: Davide Libenzi
Signed-off-by: Linus Torvalds -
Update the "log_buf_len" description to use [KMG] syntax for the
buffer size.Signed-off-by: Randy Dunlap
Signed-off-by: Linus Torvalds -
The '[KMG]' suffix is commonly described after a number of kernel
parameter values documentation. Explicitly state its semantics.Signed-off-by: Ahmed S. Darwish
Signed-off-by: Randy Dunlap
Signed-off-by: Linus Torvalds -
Complete the crashkernel= kernel parameter documentation.
Signed-off-by: Ahmed S. Darwish
Acked-by: Simon Horman
Acked-by: Vivek Goyal
Signed-off-by: Randy Dunlap
Signed-off-by: Linus Torvalds
21 Feb, 2011
1 commit
-
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging:
hwmon: (lm85) extend to support EMC6D103 chips
MAINTAINERS: Remove stale hwmon quilt tree
hwmon: (k10temp) add support for AMD Family 12h/14h CPUs
hwmon: (jc42) do not allow writing to locked registers
hwmon: (jc42) more helpful documentation
hwmon: (jc42) fix type mismatch
19 Feb, 2011
2 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (37 commits)
net: deinit automatic LIST_HEAD
net: dont leave active on stack LIST_HEAD
net: provide default_advmss() methods to blackhole dst_ops
tg3: Restrict phy ioctl access
drivers/net: Call netif_carrier_off at the end of the probe
ixgbe: work around for DDP last buffer size
ixgbe: fix panic due to uninitialised pointer
e1000e: flush all writebacks before unload
e1000e: check down flag in tasks
isdn: hisax: Use l2headersize() instead of dup (and buggy) func.
arp_notify: unconditionally send gratuitous ARP for NETDEV_NOTIFY_PEERS.
cxgb4vf: Use defined Mailbox Timeout
cxgb4vf: Quiesce Virtual Interfaces on shutdown ...
cxgb4vf: Behave properly when CONFIG_DEBUG_FS isn't defined ...
cxgb4vf: Check driver parameters in the right place ...
pch_gbe: Fix the MAC Address load issue.
iwlwifi: Delete iwl3945_good_plcp_health.
net/can/softing: make CAN_SOFTING_CS depend on CAN_SOFTING
netfilter: nf_iterate: fix incorrect RCU usage
pch_gbe: Fix the issue that the receiving data is not normal.
... -
* 'fixes-2.6.38' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: make sure MAYDAY_INITIAL_TIMEOUT is at least 2 jiffies long
workqueue, freezer: unify spelling of 'freeze' + 'able' to 'freezable'
workqueue: wake up a worker when a rescuer is leaving a gcwq
18 Feb, 2011
1 commit
-
Add the PCI ID to support the internal temperature sensor of the
AMD "Llano" and "Brazos" processor families.Signed-off-by: Clemens Ladisch
Cc: stable@kernel.org # ca86828: x86, AMD, PCI: Add AMD northbridge PCI device
Cc: stable@kernel.org
Signed-off-by: Guenter Roeck
17 Feb, 2011
3 commits
-
There are two spellings in use for 'freeze' + 'able' - 'freezable' and
'freezeable'. The former is the more prominent one. The latter is
mostly used by workqueue and in a few other odd places. Unify the
spelling to 'freezable'.Signed-off-by: Tejun Heo
Reported-by: Alan Stern
Acked-by: "Rafael J. Wysocki"
Acked-by: Greg Kroah-Hartman
Acked-by: Dmitry Torokhov
Cc: David Woodhouse
Cc: Alex Dubov
Cc: "David S. Miller"
Cc: Steven Whitehouse -
On systems where the temperature sensor is actually used, the BIOS is
likely to have locked the alarm registers. In that case, all writes
through the corresponding sysfs files would be silently ignored.To prevent this, detect the locks and make the affected sysfs files
read-only.Signed-off-by: Clemens Ladisch
Cc: stable@kernel.org
Signed-off-by: Guenter Roeck -
The documentation lists standard numbers and chip names in excruciating
detail, but that's all it does. To help mere mortals in deciding
whether to enable this driver, mention what this sensor is for and in
which systems it might be found.Also add a link to the actual JC 42.4 specification.
Signed-off-by: Clemens Ladisch
Cc: stable@kernel.org
Signed-off-by: Guenter Roeck
16 Feb, 2011
1 commit
-
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: (27 commits)
drm/radeon/kms: hopefully fix pll issues for real (v3)
drm/radeon/kms: add bounds checking to avivo pll algo
drm: fix wrong usages of drm_device in DRM Developer's Guide
drm/radeon/kms: fix a few more atombios endian issues
drm/radeon/kms: improve 6xx/7xx CS error output
drm/radeon/kms: check AA resolve registers on r300
drm/radeon/kms: fix tracking of BLENDCNTL, COLOR_CHANNEL_MASK, and GB_Z on r300
drm/radeon/kms: use linear aligned for evergreen/ni bo blits
drm/radeon/kms: use linear aligned for 6xx/7xx bo blits
drm/radeon: fix race between GPU reset and TTM delayed delete thread.
drm/radeon/kms: evergreen/ni big endian fixes (v2)
drm/radeon/kms: 6xx/7xx big endian fixes
drm/radeon/kms: atombios big endian fixes
drm/radeon: 6xx/7xx non-kms endian fixes
drm/radeon/kms: optimize CS state checking for r100->r500
drm: do not leak kernel addresses via /proc/dri/*/vma
drm/radeon/kms: add connector table for mac g5 9600
radeon mkregtable: Add missing fclose() calls
drm/radeon/kms: fix interlaced modes on dce4+
drm/radeon: fix memory debugging since d961db75ce86a84f1f04e91ad1014653ed7d9f46
...
15 Feb, 2011
2 commits
-
A few wrong usages of drm_device, which should be drm_driver.
Signed-off-by: Xiao Jiang
Signed-off-by: Dave Airlie -
* 'devicetree/merge' of git://git.secretlab.ca/git/linux-2.6:
Revert "dt: add documentation of ARM dt boot interface"
14 Feb, 2011
1 commit
-
This reverts commit 9830fcd6f6a4781d8b46d2b35c13b39f30915c63.
The ARM dt support has not been merged yet; this documentation update
was premature.Signed-off-by: Grant Likely
13 Feb, 2011
1 commit
-
* 'spi/merge' of git://git.secretlab.ca/git/linux-2.6:
devicetree-discuss is moderated for non-subscribers
MAINTAINERS: Add entry for GPIO subsystem
dt: add documentation of ARM dt boot interface
dt: Remove obsolete description of powerpc boot interface
dt: Move device tree documentation out of powerpc directory
spi/spi_sh_msiof: fix wrong address calculation, which leads to an Oops
11 Feb, 2011
1 commit
-
-I (include path) should be specified for host builds.
This one was overlooked somehow. Fixes
https://bugzilla.kernel.org/show_bug.cgi?id=25902Signed-off-by: Randy Dunlap
Reported-by: Alexey Salmin
Signed-off-by: David S. Miller
07 Feb, 2011
1 commit
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: use linux/io.h to fix compile warnings
ALSA: hda - Fix memory leaks in conexant jack arrays
ASoC: CX20442: fix NULL pointer dereference
ASoC: Amstrad Delta: fix const related build error
ALSA: oxygen: fix output routing on Xonar DG
sound: silent echo'ed messages in Makefile
ASoC: Fix mask/val_mask confusion snd_soc_dapm_put_volsw()
ASoC: DaVinci: fix kernel panic due to uninitialized platform_data
ALSA: HDA: Fix microphone(s) on Lenovo Edge 13
ASoC: Fix module refcount for auxiliary devices
ALSA: HDA: cxt5066 - Use asus model for Asus U50F, select correct SPDIF output
ALSA: HDA: Add a new model "asus" for Conexant 5066/205xx
ALSA: HDA: Refactor some redundant code for Conexant 5066/205xx
05 Feb, 2011
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (68 commits)
net: can: janz-ican3: world-writable sysfs termination file
net: can: at91_can: world-writable sysfs files
MAINTAINERS: update email ids of the be2net driver maintainers.
bridge: Don't put partly initialized fdb into hash
r8169: prevent RxFIFO induced loops in the irq handler.
r8169: RxFIFO overflow oddities with 8168 chipsets.
r8169: use RxFIFO overflow workaround for 8168c chipset.
include/net/genetlink.h: Allow genlmsg_cancel to accept a NULL argument
net: Provide compat support for SIOCGETMIFCNT_IN6 and SIOCGETSGCNT_IN6.
net: Support compat SIOCGETVIFCNT ioctl in ipv4.
net: Fix bug in compat SIOCGETSGCNT handling.
niu: Fix races between up/down and get_stats.
tcp_ecn is an integer not a boolean
atl1c: Add missing PCI device ID
s390: Fix possibly wrong size in strncmp (smsgiucv)
s390: Fix wrong size in memcmp (netiucv)
qeth: allow OSA CHPARM change in suspend state
qeth: allow HiperSockets framesize change in suspend
qeth: add more strict MTU checking
qeth: show new mac-address if its setting fails
...
04 Feb, 2011
1 commit
-
…l/git/tip/linux-2.6-tip
* 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
sched: Fix update_curr_rt()
sched, docs: Update schedstats documentation to version 15
03 Feb, 2011
2 commits
-
noswapaccount couldn't be used to control memsw for both on/off cases so
we have added swapaccount[=0|1] parameter. This way we can turn the
feature in two ways noswapaccount resp. swapaccount=0. We have kept the
original noswapaccount but I think we should remove it after some time as
it just makes more command line parameters without any advantages and also
the code to handle parameters is uglier if we want both parameters.Signed-off-by: Michal Hocko
Requested-by: KAMEZAWA Hiroyuki
Acked-by: KAMEZAWA Hiroyuki
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
There was some confusion at LCA as to why the sysctl tcp_ecn took one
of three values when it was documented as a Boolean. This patch fixes
the documentation.Signed-off-by: Peter Chubb
Signed-off-by: David S. Miller
01 Feb, 2011
3 commits
-
Version 15 of schedstats was introduced in:
67aa0f767af4: sched: remove unused fields from struct rq
and removed three unused counters in sched_yield(). Update
the documentation.Signed-off-by: Javi Merino
Cc: henrix@sapo.pt
Cc: rdunlap@xenotime.net
Cc: Peter Zijlstra
Cc: Mike Galbraith
LKML-Reference:
Signed-off-by: Ingo Molnar -
v3: added details to Documentation/arm/Booting
Signed-off-by: Grant Likely
-
32 and 64 bit powerpc support has been merged for a while now, but
the booting-without-of.txt document still describes 32 bit as not
supporting multiplatform, which is no longer true. This patch fixes
the documentation.Also remove references to powerpc-specific details outside of section
I in preparation to add details for other architectures.v3: cleaned up a lot more powerpc-isms and updated text to reflect current
usage conventions.Signed-off-by: Grant Likely
31 Jan, 2011
2 commits
-
The device tree is used by more than just PowerPC. Make the documentation
directory available to all.v2: reorganized files while moving to create arch and driver specific
directories.Signed-off-by: Grant Likely
Acked-by: Josh Boyer -
In ntfs_mft_record_alloc() when mapping the new extent mft record with
map_extent_mft_record() we overwrite @m with the return value and on
error, we then try to use the old @m but that is no longer there as @m
now contains an error code instead so we crash when dereferencing the
error code as if it were a pointer.The simple fix is to use a temporary variable to store the return value
thus preserving the original @m for later use. This is a backport from
the commercial Tuxera-NTFS driver and is well tested...Thanks go to Julia Lawall for pointing this out (whilst I had fixed it
in the commercial driver I had failed to fix it in the Linux kernel).Signed-off-by: Anton Altaparmakov
Signed-off-by: Linus Torvalds
28 Jan, 2011
1 commit
-
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (43 commits)
bnx2: Eliminate AER error messages on systems not supporting it
cnic: Fix big endian bug
xfrm6: Don't forget to propagate peer into ipsec route.
tg3: Use new VLAN code
bonding: update documentation - alternate configuration.
TCP: fix a bug that triggers large number of TCP RST by mistake
MAINTAINERS: remove Reinette Chatre as iwlwifi maintainer
rt2x00: add device id for windy31 usb device
mac80211: fix a crash in ieee80211_beacon_get_tim on change_interface
ipv6: Revert 'administrative down' address handling changes.
textsearch: doc - fix spelling in lib/textsearch.c.
USB NET KL5KUSB101: Fix mem leak in error path of kaweth_download_firmware()
pch_gbe: don't use flush_scheduled_work()
bnx2: Always set ETH_FLAG_TXVLAN
net: clear heap allocation for ethtool_get_regs()
ipv6: Always clone offlink routes.
dcbnl: make get_app handling symmetric for IEEE and CEE DCBx
tcp: fix bug in listening_get_next()
inetpeer: Use correct AVL tree base pointer in inet_getpeer().
GRO: fix merging a paged skb after non-paged skbs
...
26 Jan, 2011
2 commits
-
A B C D E ...
Signed-off-by: Alan Cox
Signed-off-by: Linus Torvalds -
The bonding documentation used to provide configuration
details and examples for initscripts and sysconfig only.This patch describe the third possible configuration:
/etc/network/interfaces.Signed-off-by: Nicolas de Pesloüan
Signed-off-by: David S. Miller
25 Jan, 2011
1 commit
24 Jan, 2011
1 commit
-
Due to a chip bug (errata 50.2.6.3 & 50.3.5.3 in
"AT91SAM9263 Preliminary 6249H-ATARM-27-Jul-09") the contents of mailbox
0 may be send under certain conditions (even if disabled or in rx mode).The workaround in the errata suggests not to use the mailbox and load it
with an unused identifier.This patch implements the second part of the workaround. A sysfs entry
"mb0_id" is introduced. While the interface is down it can be used to
configure the can_id of mailbox 0. The default value id 0x7ff.In order to use an extended can_id add the CAN_EFF_FLAG (0x80000000U)
to the can_id. Example:- standard id 0x7ff:
echo 0x7ff > /sys/class/net/can0/mb0_id- extended id 0x1fffffff:
echo 0x9fffffff > /sys/class/net/can0/mb0_idSigned-off-by: Marc Kleine-Budde
Acked-by: Wolfgang Grandegger
Acked-by: Kurt Van Dijck
For the Documentation-part:
Acked-by: Wolfram Sang
