23 Mar, 2009
7 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild-fixes:
kconfig: improve seed in randconfig
kconfig: fix randconfig for choice blocks -
* 'fix-includes' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu:
m68k: merge the non-MMU and MMU versions of siginfo.h
m68k: use the MMU version of unistd.h for all m68k platforms
m68k: merge the non-MMU and MMU versions of signal.h
m68k: merge the non-MMU and MMU versions of ptrace.h
m68k: use MMU version of setup.h for both MMU and non-MMU
m68k: merge the non-MMU and MMU versions of sigcontext.h
m68k: merge the non-MMU and MMU versions of swab.h
m68k: merge the non-MMU and MMU versions of param.h -
Update all previous incarnations of my email address to the correct one.
Signed-off-by: Gertjan van Wingerde
Signed-off-by: Linus Torvalds -
If ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being
specified as mount options, a NULL pointer dereference of crypt_stat
was possible during lookup.This patch moves the crypt_stat assignment into
ecryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat
will not be NULL before we attempt to dereference it.Thanks to Dan Carpenter and his static analysis tool, smatch, for
finding this bug.Signed-off-by: Tyler Hicks
Acked-by: Dustin Kirkland
Cc: Dan Carpenter
Cc: Serge Hallyn
Signed-off-by: Linus Torvalds -
When allocating the memory used to store the eCryptfs header contents, a
single, zeroed page was being allocated with get_zeroed_page().
However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or
ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is
stored in the file's private_data->crypt_stat->num_header_bytes_at_front
field.ecryptfs_write_metadata_to_contents() was using
num_header_bytes_at_front to decide how many bytes should be written to
the lower filesystem for the file header. Unfortunately, at least 8K
was being written from the page, despite the chance of the single,
zeroed page being smaller than 8K. This resulted in random areas of
kernel memory being written between the 0x1000 and 0x1FFF bytes offsets
in the eCryptfs file headers if PAGE_SIZE was 4K.This patch allocates a variable number of pages, calculated with
num_header_bytes_at_front, and passes the number of allocated pages
along to ecryptfs_write_metadata_to_contents().Thanks to Florian Streibelt for reporting the data leak and working with
me to find the problem. 2.6.28 is the only kernel release with this
vulnerability. Corresponds to CVE-2009-0787Signed-off-by: Tyler Hicks
Acked-by: Dustin Kirkland
Reviewed-by: Eric Sandeen
Reviewed-by: Eugene Teo
Cc: Greg KH
Cc: dann frazier
Cc: Serge E. Hallyn
Cc: Florian Streibelt
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds -
This fixes a regression introduced when we switched to using the core
pci_set_power_state(). The chip seems to need the state to be written
over and over again until it sticks, so we do that.Note that the code is a bit blunt, without timeout, etc... but that's
pretty much because I put back in there the code exactly as it used to
be before the regression. I still add a call to pci_set_power_state()
at the end so that ACPI gets called appropriately on x86.Signed-off-by: Benjamin Herrenschmidt
Tested-by: Raymond Wooninck
Acked-by: Rafael J. Wysocki
Cc: Jesse Barnes
Cc: Andrew Morton
Signed-off-by: Linus Torvalds
20 Mar, 2009
8 commits
-
The libaio test harness turned up a problem whereby lookup_ioctx on a
bogus io context was returning the 1 valid io context from the list
(harness/cases/3.p).Because of that, an extra put_iocontext was done, and when the process
exited, it hit a BUG_ON in the put_iocontext macro called from exit_aio
(since we expect a users count of 1 and instead get 0).The problem was introduced by "aio: make the lookup_ioctx() lockless"
(commit abf137dd7712132ee56d5b3143c2ff61a72a5faa).Thanks to Zach for pointing out that hlist_for_each_entry_rcu will not
return with a NULL tpos at the end of the loop, even if the entry was
not found.Signed-off-by: Jeff Moyer
Acked-by: Zach Brown
Acked-by: Jens Axboe
Cc: Benjamin LaHaise
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Remove a source of fput() call from inside IRQ context. Myself, like Eric,
wasn't able to reproduce an fput() call from IRQ context, but Jeff said he was
able to, with the attached test program. Independently from this, the bug is
conceptually there, so we might be better off fixing it. This patch adds an
optimization similar to the one we already do on ->ki_filp, on ->ki_eventfd.
Playing with ->f_count directly is not pretty in general, but the alternative
here would be to add a brand new delayed fput() infrastructure, that I'm not
sure is worth it.Signed-off-by: Davide Libenzi
Cc: Benjamin LaHaise
Cc: Trond Myklebust
Cc: Eric Dumazet
Signed-off-by: Jeff Moyer
Cc: Zach Brown
Cc:
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Sam Ravnborg says:
"We have several architectures that plays strange games with $(CC) and
$(CROSS_COMPILE).So we need to postpone any use of $(call cc-option..) until we have
included the arch specific Makefile so we try with the correct $(CC)
version."Requested-by: Sam Ravnborg
Signed-off-by: Linus Torvalds -
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6:
[S390] make page table upgrade work again
[S390] make page table walking more robust
[S390] Dont check for pfn_valid() in uaccess_pt.c
[S390] ftrace/mcount: fix kernel stack backchain
[S390] topology: define SD_MC_INIT to fix performance regression
[S390] __div64_31 broken for CONFIG_MARCH_G5 -
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: fix waitqueue usage in hiddev
HID: fix incorrect free in hiddev -
* git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable:
Btrfs: Clear space_info full when adding new devices
Btrfs: Fix locking around adding new space_info -
Nick Piggin noticed this (very unlikely) race between setting a page
dirty and creating the buffers for it - we need to hold the mapping
private_lock until we've set the page dirty bit in order to make sure
that create_empty_buffers() might not build up a set of buffers without
the dirty bits set when the page is dirty.I doubt anybody has ever hit this race (and it didn't solve the issue
Nick was looking at), but as Nick says: "Still, it does appear to solve
a real race, which we should close."Acked-by: Nick Piggin
Signed-off-by: Linus Torvalds -
This makes sure that gcc doesn't try to optimize away wrapping
arithmetic, which the kernel occasionally uses for overflow testing, ie
things likeif (ptr + offset < ptr)
which technically is undefined for non-unsigned types. See
http://bugzilla.kernel.org/show_bug.cgi?id=12597
for details.
Not all versions of gcc support it, so we need to make it conditional
(it looks like it was introduced in gcc-3.4).Reminded-by: Alan Cox
Signed-off-by: Linus Torvalds
19 Mar, 2009
6 commits
-
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
Staging: benet: remove driver now that it is merged in drivers/net/ -
* 'for-2.6.29' of git://linux-nfs.org/~bfields/linux:
nfsd: nfsd should drop CAP_MKNOD for non-root
NFSD: provide encode routine for OP_OPENATTR -
The benet driver is now in the proper place in drivers/net/benet, so we
can remove the staging version.Acked-by: Sathya Perla
Cc: David S. Miller
Signed-off-by: Greg Kroah-Hartman -
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
powerpc/ps3: ps3_defconfig updates
powerpc/mm: Respect _PAGE_COHERENT on classic ppc32 SW
powerpc/5200: Enable CPU_FTR_NEED_COHERENT for MPC52xx
ps3/block: Replace mtd/ps3vram by block/ps3vram -
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus:
module: fix refptr allocation and release order -
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6:
USB: storage: Unusual USB device Prolific 2507 variation added
USB: Add device id for Option GTM380 to option driver
USB: Add Vendor/Product ID for new CDMA U727 to option driver
USB: Updated unusual-devs entry for USB mass storage on Nokia 6233
USB: Option: let cdc-acm handle Sony Ericsson F3507g / Dell 5530
USB: EHCI: expedite unlinks when the root hub is suspended
USB: EHCI: Fix isochronous URB leak
USB: option.c: add ZTE 622 modem device
USB: wusbcore/wa-xfer, fix lock imbalance
USB: misc/vstusb, fix lock imbalance
USB: misc/adutux, fix lock imbalance
USB: image/mdc800, fix lock imbalance
USB: atm/cxacru, fix lock imbalance
USB: unusual_devs: Add support for GI 0431 SD-Card interface
USB: serial: new cp2101 device id
USB: serial: ftdi: enable UART detection on gnICE JTAG adaptors blacklist interface0
USB: serial: add FTDI USB/Serial converter devices
USB: usbfs: keep async URBs until the device file is closed
USB: usbtmc: add protocol 1 support
USB: usbtmc: fix stupid bug in open()
18 Mar, 2009
19 commits
-
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: Fix vunmap and free order in snd_free_sgbuf_pages()
ALSA: mixart, fix lock imbalance
ALSA: pcm_oss, fix locking typo
ALSA: oss-mixer - Fixes recording gain control
ALSA: hda - Workaround for buggy DMA position on ATI controllers
ALSA: hda - Fix DMA mask for ATI controllers
ALSA: opl3sa2 - Fix NULL dereference when suspending snd_opl3sa2 -
After TASK_SIZE now gives the current size of the address space the
upgrade of a 64 bit process from 3 to 4 levels of page table needs
to use the arch_mmap_check hook to catch large mmap lengths. The
get_unmapped_area* functions need to check for -ENOMEM from the
arch_get_unmapped_area*, upgrade the page table and retry.Signed-off-by: Martin Schwidefsky
-
Make page table walking on s390 more robust. The current code requires
that the pgd/pud/pmd/pte loop is only done for address ranges that are
below the end address of the last vma of the address space. But this
is not always true, e.g. the generic page table walker does not guarantee
this. Change TASK_SIZE/TASK_SIZE_OF to reflect the current size of the
address space. This makes the generic page table walker happy but it
breaks the upgrade of a 3 level page table to a 4 level page table.
To make the upgrade work again another fix is required.Signed-off-by: Martin Schwidefsky
-
pfn_valid() actually checks for a valid struct page and not for a
valid pfn. Using xip mappings w/o struct pages, this will result in
-EFAULT returned by the (page table walk) user copy functions,
even though there is valid memory. Those user copy functions don't
need a struct page, so this patch just removes the pfn_valid() check.Signed-off-by: Gerald Schaefer
Signed-off-by: Martin Schwidefsky -
With packed stack the backchain is at a different location.
Just use __SF_BACKCHAIN as an offset to store the backchain.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
The default values for SD_MC_INIT cause an additional cpu usage of up
to 40% on some network benchmarks compared to the plain SD_CPU_INIT
values. So just define SD_MC_INIT to SD_CPU_INIT.
More tuning needs to be done.Signed-off-by: Heiko Carstens
Signed-off-by: Martin Schwidefsky -
The implementation of __div64_31 for G5 machines is broken. The comments
in __div64_31 are correct, only the code does not do what the comments
say. The part "If the remainder has overflown subtract base and increase
the quotient" is only partially realized, the base is subtracted correctly
but the quotient is only increased if the dividend had the last bit set.
Using the correct instruction fixes the problem.Cc: stable@kernel.org
Reported-by: Frans Pop
Tested-by: Frans Pop
Signed-off-by: Martin Schwidefsky -
The jiffies value was being printed for each CPU, which does not seem to make
sense. Moved jiffies to system section.Signed-off-by: Luis Henriques
Acked-by: Peter Zijlstra
LKML-Reference:
Signed-off-by: Ingo Molnar -
In snd_free_sgbuf_pags(), vunmap() is called after releasing the SG
pages, and it causes errors on Xen as Xen manages the pages
differently. Although no significant errors have been reported on
the actual hardware, this order should be fixed other way round,
first vunmap() then free pages.Cc: Jan Beulich
Cc:
Signed-off-by: Takashi Iwai -
There is an omitted unlock in one snd_mixart_hw_params fail path. Fix it.
Signed-off-by: Jiri Slaby
Cc:
Signed-off-by: Takashi Iwai -
s/mutex_lock/mutex_unlock/ on 2 fail paths in snd_pcm_oss_proc_write.
Probably a typo, lock should be unlocked when leaving the function.Signed-off-by: Jiri Slaby
Cc:
Signed-off-by: Takashi Iwai -
At the time of initialization, SNDRV_MIXER_OSS_PRESENT_PVOLUME bit is not
set for MIC (slot 7).
So, the same should not be checked when an application tries to do gain
control for audio recording devices.Just check slot->present for SNDRV_MIXER_OSS_PRESENT_CVOLUME independently.
Verified with a simple application which opens /dev/dsp for recording and
/dev/mixer for volume control.Have tested two usb audio mic devices.
Signed-off-by: Viral Mehta
Signed-off-by: Takashi Iwai -
The position-buffer on ATI controllers are unreliable as well as
on VIA chips, thus the same workaround for DMA position reading as
VIA is useful for ATI.Cc:
Signed-off-by: Takashi Iwai -
ATI controllers (at least some SB0600 models) appear buggy to handle
64bit DMA. As a workaround, reset GCAP bit0 and let the driver to
use only 32bit DMA on these controllers.Cc:
Signed-off-by: Takashi Iwai -
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
ext4: fix bb_prealloc_list corruption due to wrong group locking
ext4: fix bogus BUG_ONs in in mballoc code
ext4: Print the find_group_flex() warning only once
ext4: fix header check in ext4_ext_search_right() for deep extent trees. -
Update ps3_defconfig.
Sets these options:
CONFIG_PS3_VRAM=m
CONFIG_BLK_DEV_DM=m
CONFIG_USB_HIDDEV=y
CONFIG_EXT4_FS=ySigned-off-by: Geoff Levand
Signed-off-by: Benjamin Herrenschmidt
