usblcd currently has no way to limit memory consumption by fast writers.
This is a security problem, as it allows users with write access to this
device to drive the system into oom despite resource limits.
Here's the fix taken from the modern skeleton driver.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
this is a classical memory leak in the ioctl handler. The buffer is simply
never freed. This fixes it the obvious way.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
you are submitting an URB with GFP_KERNEL holding a spinlock.
In this case the spinlock can be dropped earlier.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Cc: Al Borchers <alborchers@steinerpoint.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
New changes in the signal-handling code require compensating changes
in g_file_storage. This patch (as913) by Oleg Nesterov makes the
code use allow_signal() instead of sigprocmask().
From: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fixes a bug which can cause corruption of the floating-point state
on return from a signal handler. If we have a signal handler that has
used the floating-point registers, and it happens to context-switch to
another task while copying the interrupted floating-point state from the
user stack into the thread struct (e.g. because of a page fault, or
because it gets preempted), the context switch code will think that the
FP registers contain valid FP state that needs to be copied into the
thread_struct, and will thus overwrite the values that the signal return
code has put into the thread_struct.
This can occur because we clear the MSR bits that indicate the presence
of valid FP state after copying the state into the thread_struct. To fix
this we just move the clearing of the MSR bits to before the copy. A
similar potential problem also occurs with the Altivec state, and this
fixes that in the same way.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Consider the prototype for gettimeofday():
int gettimofday(struct timeval *tv, struct timezone *tz);
Although it is valid to call with /either/ tv or tz being NULL, and
the C version of sys_gettimeofday() supports this, the current version
of gettimeofday() in the VDSO will SEGV if called with a NULL tv.
This adds a check for tv being NULL so that it doesn't SEGV.
Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Update the g5_defconfig with default settings.
This is to keep things up to date, and specifically to ensure that the
CONFIG_MACINTOSH_DRIVERS option is enabled. This also turns on
CONFIG_MSI.
Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com>
cc: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
wrmsrl() is broken, dropping the upper 32bits of the value to be
written. This broke the NMI watchdog on AMD hardware. (and it
probably broke other code too.)
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In the arch/arm/boot/compressed/head.S file, the contents of the
literal pool accumulated during the relocatable code must be dumped
before reloc_end.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Add silicon revision "any" and "none". Add proper -mcpu option according
to the cpu and silicon revision configuration.
Need update to use latest Blackfin cross compile toolchain.
Signed-off-by: Jie Zhang <jie.zhang@analog.com>
Signed-off-by: Mike Frysinger <michael.frysinger@analog.com>
Signed-off-by: Bryan Wu <bryan.wu@analog.com>
The return value of futex_find_get_task() needs to be -ESRCH in case
that the search fails. This was part of the original futex fixes and
got accidentally dropped, when the futex-tidy-up patch was split out.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Stable Team <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Make skb_seq_read unmap the last fragment
[NET]: Re-enable irqs before pushing pending DMA requests
[TCP] tcp_read_sock: Allow recv_actor() return return negative error value.
[PPP]: Fix osize too small errors when decoding mppe.
[PPP]: Revert 606f585e36
[TIPC]: Fix infinite loop in netlink handler
[SKBUFF]: Fix incorrect config #ifdef around skb_copy_secmark
[IPV4]: include sysctl.h from inetdevice.h
[IPV6] NDISC: Fix thinko to control Router Preference support.
[NETFILTER]: nfctnetlink: Don't allow to change helper
[NETFILTER]: nf_conntrack_sip: add missing message types containing RTP info
Register %ebx serves as the "global offset table base register" for
position-independent code. For absolute code, %ebx serves as a local
register and has no specified role in the function calling sequence. In
either case, a function must preserve the register value for the caller.
acpi_copy_wakeup_routine overrides %ebx without saving it, this may corrupt
the called data.
Kevin found that most time the value of Sx is saved in %esi, however
sometimes compiler also uses %ebx. When this happens, suspends fails since
sleep value in ebx is changed by acpi_copy_wakeup_routine.
The same funtion in X86_64 doesn't have this problem.
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Looks-okay-to: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Len Brown <lenb@kernel.org>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
One of error path in ext3_read_inode() leaks bh since brelse is forgoten.
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Acked-by: Vasily Averin <vvs@sw.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Yan Zheng pointed out that ext2_remount lacks checking if -o xip should be
enabled or not. This patch checks for presence of direct_access on the
backing block device and if the blocksize meets the requirements.
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Cc: Yan Zheng <yanzheng@21cn.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Background:
When a userspace application wants to know about machine check events, it
opens /dev/mcelog and does a read(). Usually, we found that this interface
works well, but in some cases, when the system was taking large numbers of
machine check exceptions, the read() would hang. The system would output a
soft-lockup warning, and the daemon reading from /dev/mcelog would suck up
as much of a single CPU as it could spinning in system space.
Description:
This patch fixes this bug. In particular, there was a "continue" inside a
timeout loop that presumably was intended to break out of the outer loop,
but instead caused the inner loop to continue. This patch also makes the
condition for the break-out a little more evident by changing a
!time_before to a time_after_eq.
Result:
The read() no longer hangs in this test case.
Testing:
On my system, I could replicate the bug with the following command:
# for i in `seq 15000`; do ./inject_sbe.sh; done
where inject_sbe.sh contains commands to inject a single-bit error into the
next memory write transaction.
Patch:
This patch is against git f1518a088b.
Signed-off-by: Joshua Wise <jwise@google.com>
Signed-off-by: Tim Hockin <thockin@google.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Update to checkpatch.pl v0.06. Of note:
- do { and else handled correctly as control structures for { matching
- trailing whitespace correctly tripped when line otherwise empty
- support for const, including const foo * const bar
- multiline macros defining values correctly reported
This version of checkpatch.pl can be found at the following URL:
http://www.kernel.org/pub/linux/kernel/people/apw/checkpatch/checkpatch.pl-0.06
Full Changelog:
Andy Whitcroft (14):
Version: 0.06
cleanup the Type regular expression declarations
fix up block counting
end of line counts as a space for ++ and --
do { needs the same checks as if, for et al
handle "const foo * const a" as a valid type
add spacing checks following ;
complete whitespace lines should trip trailing whitespace check
else is also a block control structure
badly formatted else can trip function declaration
detect and report trailing statements after else
types need to be terminated by a boundary
multiline macros defining values should be surrounded by parentheses
soften the wording of the Signed-off-by: warnings
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Cc: "Randy.Dunlap" <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
MAX_ORDER is the first order that is not possible.
Use MAX_ORDER - 1 to calculate the larges possible object size in slab.h
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
These should have been documented from the beginning. Fix it.
Signed-off-by: Dave Hansen <haveblue@us.ibm.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Encourage developers to avoid the volatile type class in kernel code.
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Add asm-um/paravirt.h so that i386 headers that get pulled into UML
don't cause build failures when they want asm/paravirt.h.
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The stallion driver oopses while initializing ISA cards due to an
uninitialized variable. This patch changes the initialisation order to
match the PCI code path.
Signed-off-by: Ingo Korb <ml@akana.de>
Acked-by: Jiri Slaby <jirislaby@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Hopefully this fixes http://bugzilla.kernel.org/show_bug.cgi?id=8635
The struct in6_addr passed to csum_ipv6_magic() is 4 byte aligned, so we
can't use the regular 64-bit loads. Since the cost of handling of 4 byte
and 1 byte aligned 64-bit data is roughly the same, this code can cope with
any src/dst [mis]alignment.
Signed-off-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Dustin Marquess <jailbird@alcatraz.fdf.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This version brings a some new tests, and a host of changes to fix
false positives, of particular note:
- detect 'var ++;' and 'var --;' as a bad combination
- multistatement #defines are now checked based on statement count
- multistatement #defines with initialisation correctly reported
- checks the location of the inline keywords
- EXPORT_SYMBOL for variables are now understood
- typedefs are loosened to handle sparse etc
This version of checkpatch.pl can be found at the following URL:
http://www.shadowen.org/~apw/public/checkpatch/checkpatch.pl-0.05
Full Changelog:
Andy Whitcroft (18):
Version: 0.05
macro definition checks should be for a single statement
avoid assignements only in if conditionals
declarations of function pointers need no space
multiline macros which are purely initialisation cannot be wrapped
EXPORT_SYMBOL can also directly follow a variable definition
check on the location of the inline keyword
EXPORT_SYMBOL needs to allow for attributes
ensure we do not find C99 // in strings
handle malformed #include lines
accept the {0,} form
typedefs are sensible for defining function pointer parameters
ensure { handling correctly handles nested switch() statements
trailing whitespace checks are not anchored
typedefs for sparse bitwise annotations make sense
update the type matcher to include sparse annotations
clean up indent and spacing
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The intervals of domains that do not have SD_BALANCE_NEWIDLE must be
considered for the calculation of the time of the next balance. Otherwise
we may defer rebalancing forever.
Siddha also spotted that the conversion of the balance interval
to jiffies is missing. Fix that to.
From: Srivatsa Vaddagiri <vatsa@linux.vnet.ibm.com>
also continue the loop if !(sd->flags & SD_LOAD_BALANCE).
Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
It did in fact trigger under all three of mainline, CFS, and -rt including CFS
-- see below for a couple of emails from last Friday giving results for these
three on the AMD box (where it happened) and on a single-quad NUMA-Q system
(where it did not, at least not with such severity).
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
If slabs are allocated or freed from a large set of call sites (typical for
the kmalloc area) then we may create more output than fits into a single
PAGE and sysfs only gives us one page. The output should be truncated.
This patch fixes the checks to do the truncation properly.
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When binding the driver, check the ID register for a valid identity, in case
the SM501 is not functioning correctly.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Add documentation for the SM501 in Documentation/SM501.txt outlining the SM501
driver.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ensure that the M1XCLK and MCLK are sourced from the same PLL (and refuse to
bind the driver if they are not).
Update the PCI to safe initialisation values, as 72MHz is the maximum clock
for 33MHz PCI bus mastering.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The order of the set and mask operation in sm501_init_reg() was setting and
then masking the bits set. Correct the order so that we do not end up with
288MHz SDRAM clocks on certain systems.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This init sequence of setting the SDRAM clock before the bus clock is
recommend by Silicon Motion to stop problems with writes not sticking into
registers.
Signed-off-by: Vincent Sanders <vince@simtec.co.uk>
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This patch adds support for suspending the core (mfd driver) of the SM501.
Signed-off-by: Ben Dooks <ben-linux@fluff.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Recently my console UTF-8 patch went mainline. Here is an additional patch
that fixes two nasty issues and improves a third one, namely:
1. My patch changed the behavior if a glyph is not found in the Unicode
mapping table. Previously for Unicode values less than 256 or 512 the
kernel tried to display the glyph from that position of the glyph table,
which could lead to a different accented letter being displayed. I
removed this fallback possibility and changed it to display the
replacement symbol.
As Behdad pointed out, some fonts (e.g. sun12x22 from the kbd package)
lack Unicode mapping information, hence all you get is lots of question
marks. Though theoretically it's actually a user-space bug (the font
should be fixed), Behdad and I both believe that it'd be good to work
around in the kernel by re-introducing the fallback solution for ASCII
characters only. This sounds a quite reasonable decision, since all fonts
ship the ASCII characters in the first 128 positions. This way users
won't be surprised by lots of question marks just because s/he issued a
not-so-perfectly parameterized setfont command. As this fallback is only
re-introduced for code points below 128, you still won't see an accented
letter replaced by another, but at least you'll always get the English
letters right.
2. My patch introduced "question mark with inverted color attributes" as a
last resort fallback glyph. Though it perfectly works on VGA console, on
framebuffer you may end up with question marks that are highlighed but
shouldn't be, and normal characters that are accidentally highlighed.
This is caused by missing FLUSHes when changing the color attribute.
3. I've updated the table of double-width character based on Markus's
updated version. Only ten new code poings (one interval) is added.
Signed-off-by: Egmont Koblinger <egmont@uhulinux.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When a namespace is unshared, a refcount on the previous nsproxy is
abusively taken, leading to a memory leak of nsproxy objects.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Herbert Poetzl <herbert@13thfloor.at>
Cc: Oleg Nesterov <oleg@tv-sign.ru>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Cc: Rudolf Marek <r.marek@assembler.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Having walked through the entire skbuff, skb_seq_read would leave the
last fragment mapped. As a consequence, the unwary caller would leak
kmaps, and proceed with preempt_count off by one. The only (kind of
non-intuitive) workaround is to use skb_seq_read_abort.
This patch makes sure skb_seq_read always unmaps frag_data after
having cycled through the skb's paged part.
Signed-off-by: Olaf Kirch <olaf.kirch@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This moves the local_irq_enable() call in net_rx_action() to before
calling the CONFIG_NET_DMA's dma_async_memcpy_issue_pending() rather
than after. This shortens the irq disabled window and allows for DMA
drivers that need to do their own irq hold.
Signed-off-by: Shannon Nelson <shannon.nelson@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
tcp_read_sock() currently assumes that the recv_actor() only returns
number of bytes copied. For network splice receive, we may have to
return an error in some cases. So allow the actor to return a negative
error value.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The mppe_decompress() function required a buffer that is 1 byte too
small when receiving a message of mru size. This fixes buffer
allocation to prevent this from occurring.
Signed-off-by: Konstantin Sharlaimov <konstantin.sharlaimov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This can cause packet buffer overflows in certain cases,
the real bug will be fixed differently in a followon
changeset.
Signed-off-by: David S. Miller <davem@davemloft.net>
The tipc netlink config handler uses the nlmsg_pid from the
request header as destination for its reply. If the application
initialized nlmsg_pid to 0, the reply is looped back to the kernel,
causing hangup. Fix: use nlmsg_pid of the skb that triggered the
request.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
secmark doesn't depend on CONFIG_NET_SCHED.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>