13 Jul, 2009
9 commits
-
Conflicts:
include/linux/personality.hUse Linus' version.
Signed-off-by: James Morris
-
This reverts commit 8113a8d80f4c6a3dc3724b39b470f3fee9c426b6.
The patch causes a stack overflow on my system during boot.
Signed-off-by: James Morris
-
We have found that the current PER_CLEAR_ON_SETID mask on Linux
doesn't include neither ADDR_COMPAT_LAYOUT, nor MMAP_PAGE_ZERO.The current mask is READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE.
We believe it is important to add MMAP_PAGE_ZERO, because by using
this personality it is possible to have the first page mapped inside a
process running as setuid root. This could be used in those scenarios:- Exploiting a NULL pointer dereference issue in a setuid root binary
- Bypassing the mmap_min_addr restrictions of the Linux kernel: by
running a setuid binary that would drop privileges before giving us
control back (for instance by loading a user-supplied library), we
could get the first page mapped in a process we control. By further
using mremap and mprotect on this mapping, we can then completely
bypass the mmap_min_addr restrictions.Less importantly, we believe ADDR_COMPAT_LAYOUT should also be added
since on x86 32bits it will in practice disable most of the address
space layout randomization (only the stack will remain randomized).Signed-off-by: Julien Tinnes
Signed-off-by: Tavis Ormandy
Acked-by: Christoph Hellwig
Acked-by: Kees Cook
Signed-off-by: James Morris -
Convert avc_audit in security/selinux/avc.c to use lsm_audit.h,
for better maintainability and for less code duplication.- changed selinux to use common_audit_data instead of
avc_audit_data
- eliminated code in avc.c and used code from lsm_audit.h instead.I have tested to make sure that the avcs look the same before and
after this patch.Signed-off-by: Thomas Liu
Acked-by: Eric Paris
Signed-off-by: James Morris -
* 'kmemleak' of git://linux-arm.org/linux-2.6:
kmemleak: Remove alloc_bootmem annotations introduced in the past
kmemleak: Add callbacks to the bootmem allocator
kmemleak: Allow partial freeing of memory blocks
kmemleak: Trace the kmalloc_large* functions in slub
kmemleak: Scan objects allocated during a scanning episode
kmemleak: Do not acquire scan_mutex in kmemleak_open()
kmemleak: Remove the reported leaks number limitation
kmemleak: Add more cond_resched() calls in the scanning thread
kmemleak: Renice the scanning thread to +10 -
Fix the following warning:
fs/afs/dir.c: In function 'afs_d_revalidate':
fs/afs/dir.c:567: warning: 'fid.vnode' may be used uninitialized in this function
fs/afs/dir.c:567: warning: 'fid.unique' may be used uninitialized in this functionby marking the 'fid' variable as an uninitialized_var. The problem is
that gcc doesn't always manage to work out that fid is always set on the
path through the function that uses it.Cc: linux-afs@lists.infradead.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Artem Bityutskiy
Signed-off-by: David Howells
Signed-off-by: Linus Torvalds -
* Remove smp_lock.h from files which don't need it (including some headers!)
* Add smp_lock.h to files which do need it
* Make smp_lock.h include conditional in hardirq.h
It's needed only for one kernel_locked() usage which is under CONFIG_PREEMPTThis will make hardirq.h inclusion cheaper for every PREEMPT=n config
(which includes allmodconfig/allyesconfig, BTW)Signed-off-by: Alexey Dobriyan
Signed-off-by: Linus Torvalds -
We have found that the current PER_CLEAR_ON_SETID mask on Linux doesn't
include neither ADDR_COMPAT_LAYOUT, nor MMAP_PAGE_ZERO.The current mask is READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE.
We believe it is important to add MMAP_PAGE_ZERO, because by using this
personality it is possible to have the first page mapped inside a
process running as setuid root. This could be used in those scenarios:- Exploiting a NULL pointer dereference issue in a setuid root binary
- Bypassing the mmap_min_addr restrictions of the Linux kernel: by
running a setuid binary that would drop privileges before giving us
control back (for instance by loading a user-supplied library), we
could get the first page mapped in a process we control. By further
using mremap and mprotect on this mapping, we can then completely
bypass the mmap_min_addr restrictions.Less importantly, we believe ADDR_COMPAT_LAYOUT should also be added
since on x86 32bits it will in practice disable most of the address
space layout randomization (only the stack will remain randomized).Signed-off-by: Julien Tinnes
Signed-off-by: Tavis Ormandy
Cc: stable@kernel.org
Acked-by: Christoph Hellwig
Acked-by: Kees Cook
Acked-by: Eugene Teo
[ Shortened lines and fixed whitespace as per Christophs' suggestion ]
Signed-off-by: Linus Torvalds -
This causes kernel images that don't run init to completion with certain
broken gcc versions.This fixes kernel bugzilla entry:
http://bugzilla.kernel.org/show_bug.cgi?id=13012I suspect the gcc problem is this:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28230Fix the problem by using the -fno-strict-overflow flag instead, which
not only does not exist in the known-to-be-broken versions of gcc (it
was introduced later than fwrapv), but seems to be much less disturbing
to gcc too: the difference in the generated code by -fno-strict-overflow
are smaller (compared to using neither flag) than when using -fwrapv.Reported-by: Barry K. Nathan
Pushed-by: Frans Pop
Cc: Andrew Morton
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds
12 Jul, 2009
3 commits
-
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
hwmon: (abituguru3) DMI probing for AB9, AB9 QuadQT and IX38 QuadGT
hwmon: (sht15) Remove unnecessary semicolon
hwmon: (max6650) Fix lock imbalance -
This reverts commit 097041e576ee3a50d92dd643ee8ca65bf6a62e21.
Trond had a better fix, which is the parent of this one ("Fix compile
error due to congestion_wait() changes")Requested-by: Trond Myklebust
Acked-by: Larry Finger
Signed-off-by: Linus Torvalds -
Move the definition of BLK_RW_ASYNC/BLK_RW_SYNC into linux/backing-dev.h
so that it is available to all callers of set/clear_bdi_congested().This replaces commit 097041e576ee3a50d92dd643ee8ca65bf6a62e21 ("fuse:
Fix build error"), which will be reverted.Signed-off-by: Trond Myklebust
Acked-by: Larry Finger
Cc: Jens Axboe
Cc: Miklos Szeredi
Signed-off-by: Linus Torvalds
11 Jul, 2009
28 commits
-
Switch the AB9, AB9 QuadQT and IX38 QuadGT over from port
probing to the preferred DMI probe method.Signed-off-by: Alistair John Strachan
Tested-by: dan
Tested-by: Nygel Lyndley
Tested-by: Dmitriy Fedchenko
Acked-by: Hans de Goede
Signed-off-by: Jean Delvare -
Signed-off-by: Joe Perches
Signed-off-by: Jean Delvare -
Add omitted update_lock to one switch/case in set_div.
Signed-off-by: Jiri Slaby
Acked-by: Hans J. Koch
Signed-off-by: Jean Delvare -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: hda - targa and targa-2ch fix
ALSA: hda - fix beep tone calculation for IDT/STAC codecs
ALSA: hda - Missing volume controls for Intel HDA (ALC269/EeePC)
ALSA: hda - Disable AMD SB600 64bit address support only
ALSA: hda - Check widget types while parsing capture source in patch_via.c
ALSA: hda - Fix capture source selection in patch_via.c
ALSA: hda - Add missing EAPD initialization for VIA codecs
ALSA: hda - Clean up VT170x dig-in initialization code
ALSA: hda - Fix error path in the sanity check in azx_pcm_open()
ALSA: hda - move 8086:fb30 quirk (stac9205) to the proper section
ASoC: Fix wm8753 register cache size and initialization
ASoC: add locking to mpc5200-psc-ac97 driver
ASoC: Fix mpc5200-psc-ac97 to ensure the data ready bit is cleared
ASoC: Fix register cache initialisation for WM8753 -
commit 5404ac8e4418ab3d254950ee4f9bcafc1da20b4a ("isofs: cleanup mount
option processing") missed conversion of joliet option flag resulting
in non-working Joliet support.CC: walt
Signed-off-by: Bartlomiej Zolnierkiewicz
Signed-off-by: Jan Kara
Signed-off-by: Linus Torvalds -
PL2303 has private data shovelling methods that also have no fast path. Fix
them to work the same way as the default handler.Signed-off-by: Alan Cox
Signed-off-by: Linus Torvalds -
The sysrq code acquired a kref leak. Fix it by passing the tty separately
from the caller (thus effectively using the callers kref which all the
callers hold anyway)Signed-off-by: Alan Cox
Signed-off-by: Linus Torvalds -
We can't go around calling all sorts of magic per character functions at
full rate 3G data speed.Signed-off-by: Alan Cox
Signed-off-by: Linus Torvalds -
* 'linux-next' of git://git.infradead.org/ubi-2.6:
UBI: fix compilation warnings
UBI: fix NOR flash recovery
UBI: nicify image sequence number handling
UBI: add image sequence number to EC header
UBI: remove bogus debugging checks
UBI: add empty eraseblocks verification -
* 'linux-next' of git://git.infradead.org/ubifs-2.6:
UBIFS: fix corruption dump
UBIFS: clean up free space checking
UBIFS: small amendments in the LEB scanning code
UBIFS: dump a little more in case of corruptions
MAINTAINERS: update ahunter's e-mail address
UBIFS: allow more than one volume to be mounted
UBIFS: fix assertion warning
UBIFS: minor spelling and grammar fixes
UBIFS: fix 64-bit divisions in debug print
UBIFS: few spelling fixes
UBIFS: set write-buffer timout to 3-5 seconds
UBIFS: slightly optimize write-buffer timer usage
UBIFS: improve debugging messaged
UBIFS: fix integer overflow warning -
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] define KTIME_SCALAR for 32-bit s390
[S390] add generic atomic64 support for 31 bit
[S390] improve suspend/resume error messages
[S390] set SCHED_OMIT_FRAME_POINTER for s390
[S390] add __ucmpdi2() helper function
[S390] perf_counter build fix
[S390] shutdown actions: save/return rc from init function
[S390] dasd: correct debugfeature sense dump
[S390] udelay: disable lockdep to avoid false positives
[S390] monreader: fix dev_set_drvdata conversion
[S390] sclp: fix compile error for !SCLP_CONSOLE -
* 'for-linus' of git://git.open-osd.org/linux-open-osd:
osdblk: Adjust queue limits to lower device's limits
osdblk: a Linux block device for OSD objects
MAINTAINERS: Add osd maintained files (F:)
exofs: Avoid using file_fsync()
exofs: Remove IBM copyrights
exofs: Fix bio leak in error handling path (sync read) -
* 'drm-intel-next' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel: (22 commits)
drm/i915: Fix for LVDS VBT change on IGDNG
drm/i915: Zap the GTT mapping when transitioning from untiled to tiled.
drm/i915: Refactor calls to unmap_mapping_range
drm/i915: Avoid saving/restore the modesetting registers twice in KMS mode
drm: Disable the unused connectors explicitly when resuming with KMS.
drm/i915: Restore the KMS modeset for every activated CRTC
drm/i915: Fix harmless warning from patch merged after i2c rework.
drm/i915: Disable GEM when a broken video BIOS takes up the whole aperture.
drm/i915: Check the LID device to decide whether the LVDS should be initialized
drm/i915: Move lock to more reasonable location
drm/i915: Add gtt_offset to gem object list debugfs output
drm/i915: Remove gtt_bound from drm_i915_gem_object
drm/i915: Disable VGA output when doing DRM_MODE_DPMS_OFF.
drm/i915: crt fetch EDID by DVI-I converter on G4x platform
drm/i915: Don't update display FIFO watermark on IGDNG
drm/i915: Adjust DisplayPort clocks to use 96MHz reference
drm/i915: Make driver less chatty
drm/i915: fix up a raw 64bit divide
drm/i915: enable sdvo lvds scaling function.
drm/i915: Set SSC frequency for 8xx chips correctly
... -
exception.txt only explains the code on x86, so it's better to
move it into Documentation/x86 directory.And also rename it to exception-tables.txt which looks much
more reasonable.This patch is on top of the previous one.
Signed-off-by: WANG Cong
Signed-off-by: Randy Dunlap
Signed-off-by: Linus Torvalds -
Update Documentation/exception.txt.
Remove trailing whitespaces in it.Signed-off-by: WANG Cong
Signed-off-by: Randy Dunlap
Signed-off-by: Linus Torvalds -
When building v2.6.31-rc2-344-g69ca06c, the following build errors are
found due to missing includes:CC [M] fs/fuse/dev.o
fs/fuse/dev.c: In function ‘request_end’:
fs/fuse/dev.c:289: error: ‘BLK_RW_SYNC’ undeclared (first use in this function)
...
fs/nfs/write.c: In function ‘nfs_set_page_writeback’:
fs/nfs/write.c:207: error: ‘BLK_RW_ASYNC’ undeclared (first use in this function)Signed-off-by: Larry Finger@lwfinger.net>
Signed-off-by: Linus Torvalds -
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
cfq-iosched: reset oom_cfqq in cfq_set_request()
block: fix sg SG_DXFER_TO_FROM_DEV regression
block: call blk_scsi_ioctl_init()
Fix congestion_wait() sync/async vs read/write confusion -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ryusuke/nilfs2:
nilfs2: fix disorder in cp count on error during deleting checkpoints
nilfs2: fix lockdep warning between regular file and inode file
nilfs2: fix incorrect KERN_CRIT messages in case of write failures
nilfs2: fix hang problem of log writer which occurs after write failures
nilfs2: remove unlikely directive causing mis-conversion of error code -
…el/git/tip/linux-2.6-tip
* 'core-fixes-for-linus-2' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
dma-debug: Fix the overlap() function to be correct and readable
oprofile: reset bt_lost_no_mapping with other stats
x86/oprofile: rename kernel parameter for architectural perfmon to arch_perfmon
signals: declare sys_rt_tgsigqueueinfo in syscalls.h
rcu: Mark Hierarchical RCU no longer experimental
dma-debug: Put all hash-chain locks into the same lock class
dma-debug: fix off-by-one error in overlap function -
…x/kernel/git/tip/linux-2.6-tip
* 'perfcounters-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: (50 commits)
perf report: Add "Fractal" mode output - support callchains with relative overhead rate
perf_counter tools: callchains: Manage the cumul hits on the fly
perf report: Change default callchain parameters
perf report: Use a modifiable string for default callchain options
perf report: Warn on callchain output request from non-callchain file
x86: atomic64: Inline atomic64_read() again
x86: atomic64: Clean up atomic64_sub_and_test() and atomic64_add_negative()
x86: atomic64: Improve atomic64_xchg()
x86: atomic64: Export APIs to modules
x86: atomic64: Improve atomic64_read()
x86: atomic64: Code atomic(64)_read and atomic(64)_set in C not CPP
x86: atomic64: Fix unclean type use in atomic64_xchg()
x86: atomic64: Make atomic_read() type-safe
x86: atomic64: Reduce size of functions
x86: atomic64: Improve atomic64_add_return()
x86: atomic64: Improve cmpxchg8b()
x86: atomic64: Improve atomic64_read()
x86: atomic64: Move the 32-bit atomic64_t implementation to a .c file
x86: atomic64: The atomic64_t data type should be 8 bytes aligned on 32-bit too
perf report: Annotate variable initialization
... -
Optimize cond_resched() by removing one conditional.
Currently cond_resched() checks system_state ==
SYSTEM_RUNNING in order to avoid scheduling before the
scheduler is running.We can however, as per suggestion of Matt, use
PREEMPT_ACTIVE to accomplish that very same.Suggested-by: Matt Mackall
Signed-off-by: Peter Zijlstra
Acked-by: Matt Mackall
Signed-off-by: Linus Torvalds -
Pull the initial preempt_count value into a single
definition site.Maintainers for: alpha, ia64 and m68k, please have a look,
your arch code is funny.The header magic is a bit odd, but similar to the KERNEL_DS
one, CPP waits with expanding these macros until the
INIT_THREAD_INFO macro itself is expanded, which is in
arch/*/kernel/init_task.c where we've already included
sched.h so we're good.Cc: tony.luck@intel.com
Cc: rth@twiddle.net
Cc: geert@linux-m68k.org
Signed-off-by: Peter Zijlstra
Acked-by: Matt Mackall
Signed-off-by: Linus Torvalds -
IGDNG mobile chip's LVDS data block removes panel fitting
register definition. So this fixes offset for LVDS timing
block parsing. Thanks for Michael Fu to catch this.Signed-off-by: Zhenyu Wang
Signed-off-by: Eric Anholt -
As of 52dc7d32b88156248167864f77a9026abe27b432, we could leave an old
linear GTT mapping in place, so that apps trying to GTT-mapped write in
tiled data wouldn't get the fence added, and garbage would get displayed.Signed-off-by: Eric Anholt
-
As we call unmap_mapping_range() twice in identical fashion, refactor
and attempt to explain why we need to call unmap_mapping_range().Signed-off-by: Chris Wilson
Signed-off-by: Eric Anholt -
Linus noticed how unclean and buggy the overlap() function is:
- It uses convoluted (and bug-causing) positive checks for
range overlap - instead of using a more natural negative
check.- Even the positive checks are buggy: a positive intersection
check has four natural cases while we checked only for three,
missing the (addr < start && addr2 == end) case for example.- The variables are mis-named, making it non-obvious how the
check was done.- It needlessly uses u64 instead of unsigned long. Since these
are kernel memory pointers and we explicitly exclude highmem
ranges anyway we cannot ever overflow 32 bits, even if we
could. (and on 64-bit it doesnt matter anyway)All in one, this function needs a total revamp. I used Linus's
suggestions minus the paranoid checks (we cannot overflow really
because if we get totally bad DMA ranges passed far more things
break in the systems than just DMA debugging). I also fixed a
few other small details i noticed.Reported-by: Linus Torvalds
Cc: Joerg Roedel
Signed-off-by: Ingo Molnar -
In KMS mode we now use the normal mode-setting paths to set the modes
back to the current configuration, so we don't need to also run the more
limited non-KMS implementation of modesetting for resume.Signed-off-by: Zhao Yakui
Acked-by: Jesse Barnes
Signed-off-by: Eric Anholt -
Signed-off-by: Zhao Yakui
Acked-by: Jesse Barnes
Acked-by: Dave Airlie
Signed-off-by: Eric Anholt
