Commit Graph

131281 Commits

Author SHA1 Message Date
Roland McGrath
92dc07b1f9 elf core dump: fix get_user use
The elf_core_dump() code does its work with set_fs(KERNEL_DS) in force,
so vma_dump_size() needs to switch back with set_fs(USER_DS) to safely
use get_user() for a normal user-space address.

Checking for VM_READ optimizes out the case where get_user() would fail
anyway.  The vm_file check here was already superfluous given the control
flow earlier in the function, so that is a cleanup/optimization unrelated
to other changes but an obvious and trivial one.

Reported-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Roland McGrath <roland@redhat.com>
2009-02-06 17:34:07 -08:00
David Howells
0bf2f3aec5 CRED: Fix SUID exec regression
The patch:

	commit a6f76f23d2
	CRED: Make execve() take advantage of copy-on-write credentials

moved the place in which the 'safeness' of a SUID/SGID exec was performed to
before de_thread() was called.  This means that LSM_UNSAFE_SHARE is now
calculated incorrectly.  This flag is set if any of the usage counts for
fs_struct, files_struct and sighand_struct are greater than 1 at the time the
determination is made.  All of which are true for threads created by the
pthread library.

However, since we wish to make the security calculation before irrevocably
damaging the process so that we can return it an error code in the case where
we decide we want to reject the exec request on this basis, we have to make the
determination before calling de_thread().

So, instead, we count up the number of threads (CLONE_THREAD) that are sharing
our fs_struct (CLONE_FS), files_struct (CLONE_FILES) and sighand_structs
(CLONE_SIGHAND/CLONE_THREAD) with us.  These will be killed by de_thread() and
so can be discounted by check_unsafe_exec().

We do have to be careful because CLONE_THREAD does not imply FS or FILES.

We _assume_ that there will be no extra references to these structs held by the
threads we're going to kill.

This can be tested with the attached pair of programs.  Build the two programs
using the Makefile supplied, and run ./test1 as a non-root user.  If
successful, you should see something like:

	[dhowells@andromeda tmp]$ ./test1
	--TEST1--
	uid=4043, euid=4043 suid=4043
	exec ./test2
	--TEST2--
	uid=4043, euid=0 suid=0
	SUCCESS - Correct effective user ID

and if unsuccessful, something like:

	[dhowells@andromeda tmp]$ ./test1
	--TEST1--
	uid=4043, euid=4043 suid=4043
	exec ./test2
	--TEST2--
	uid=4043, euid=4043 suid=4043
	ERROR - Incorrect effective user ID!

The non-root user ID you see will depend on the user you run as.

[test1.c]
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pthread.h>

static void *thread_func(void *arg)
{
	while (1) {}
}

int main(int argc, char **argv)
{
	pthread_t tid;
	uid_t uid, euid, suid;

	printf("--TEST1--\n");
	getresuid(&uid, &euid, &suid);
	printf("uid=%d, euid=%d suid=%d\n", uid, euid, suid);

	if (pthread_create(&tid, NULL, thread_func, NULL) < 0) {
		perror("pthread_create");
		exit(1);
	}

	printf("exec ./test2\n");
	execlp("./test2", "test2", NULL);
	perror("./test2");
	_exit(1);
}

[test2.c]
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char **argv)
{
	uid_t uid, euid, suid;

	getresuid(&uid, &euid, &suid);
	printf("--TEST2--\n");
	printf("uid=%d, euid=%d suid=%d\n", uid, euid, suid);

	if (euid != 0) {
		fprintf(stderr, "ERROR - Incorrect effective user ID!\n");
		exit(1);
	}
	printf("SUCCESS - Correct effective user ID\n");
	exit(0);
}

[Makefile]
CFLAGS = -D_GNU_SOURCE -Wall -Werror -Wunused
all: test1 test2

test1: test1.c
	gcc $(CFLAGS) -o test1 test1.c -lpthread

test2: test2.c
	gcc $(CFLAGS) -o test2 test2.c
	sudo chown root.root test2
	sudo chmod +s test2

Reported-by: David Smith <dsmith@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: David Smith <dsmith@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-07 08:46:18 +11:00
Dave Kleikamp
d4cf109f05 vfs: Don't call attach_nobh_buffers() with an empty list
This is a modification of a patch by Bill Pemberton <wfp5p@virginia.edu>

nobh_write_end() could call attach_nobh_buffers() with head == NULL.
This would result in a trap when attach_nobh_buffers() attempted to
access bh->b_this_page.

This can be illustrated by running the writev01 testcase from LTP on jfs.

This error was introduced by commit 5b41e74a "vfs: fix data leak in
nobh_write_end()".  That patch did not take into account that if
PageMappedToDisk() is true upon entry to nobh_write_begin(), then no
buffers will be allocated for the page.  In that case, we won't have to
worry about a failed write leaving unitialized data in the page.

Of course, head != NULL implies !page_has_buffers(page), so no need to
test both.

Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: Bill Pemberton <wfp5p@virginia.edu>
Cc: Dmitri Monakhov <dmonakhov@openvz.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 13:34:22 -08:00
Linus Torvalds
6cec50838e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: hda - Add missing COEF initialization for ALC887
  ALSA: hda - Add missing initialization for ALC272
  sound: usb-audio: handle wMaxPacketSize for FIXED_ENDPOINT devices
  ALSA: hda - Fix misc workqueue issues
  ALSA: hda - Add quirk for FSC Amilo Xi2550
2009-02-06 11:14:23 -08:00
Len Brown
9e3a9d1ed8 ACPI: disable ACPI cleanly when bad RSDP found
When ACPI is disabled in the BIOS of this VIA C3 box,
it invalidates the RSDP, which Linux notices:

ACPI Error (tbxfroot-0218): A valid RSDP was not found [20080926]

Bug Linux neglected to disable ACPI at that stage,
and later scribbled on smp_found_config:

ACPI: No APIC-table, disabling MPS

But this box doesn't run well in legacy PIC mode,
it needed IOAPIC mode to perform correctly:

http://lkml.org/lkml/2009/2/5/39

So exit ACPI mode cleanly when we first detect
that it is hopeless.

Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-06 14:00:56 -05:00
Len Brown
9fdd54f206 ACPI: delete CPU_IDLE=n code
CPU_IDLE=y has been default for ACPI=y since Nov-2007,
and has shipped in many distributions since then.

Here we delete the CPU_IDLE=n ACPI idle code, since
nobody should be using it, and we don't want to
maintain two versions.

Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-06 12:34:39 -05:00
Linus Torvalds
5e3bd4e4b1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  ieee1394: dv1394: move deprecation message from module init to file open
  firewire: core: Remove card from list of cards when enable fails
2009-02-06 08:48:16 -08:00
Uwe Kleine-König
bcee402e76 Add Sascha Hauer to .mailmap
This fixes the shortlog attribution e.g. for 106757b38f

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 08:47:25 -08:00
Uwe Kleine-König
6d7f2caa77 add another mailmap entry for Uwe Kleine-König
I created commit 7971db5a4b on a machine
where I forgot to set user.name and user.email before.  The default
values were not optimal.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 08:47:25 -08:00
Julia Lawall
08c6e3a578 arch/powerpc: Eliminate double sizeof
Taking sizeof the result of sizeof is quite strange and does not seem to be
what is wanted here.

This was fixed using the following semantic patch.
(http://www.emn.fr/x-info/coccinelle/)

// <smpl>
@@
expression E;
@@

- sizeof (
  sizeof (E)
- )

@@
type T;
@@

- sizeof (
  sizeof (T)
- )
// </smpl>

Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2009-02-06 10:44:28 -06:00
paulfax
7f3ea17f31 powerpc/cpm2: Fix set interrupt type
This is a simple change to correct problems when using set_irq_type
on platforms using CPM2.  This code corrects the problem on most platform
but may have issues on 8272 derived platforms for some interrupts.

On 8272 PC2 & 3 are missing and PC 23 & 29 are added, which this patch
does not address.

Signed-off-by: Paul Bilke <paul@conspiracy.net>
Reviewed-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2009-02-06 10:44:02 -06:00
Li Zefan
04ec93fe9b fork.c: fix NULL pointer dereference when nr_threads == threads-max
I happened to forked lots of processes, and hit NULL pointer dereference.
It is because in copy_process() after checking max_threads, 0 is returned
but not -EAGAIN.

The bug is introduced by "CRED: Detach the credentials from task_struct"
(commit f1752eec61).

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 08:43:11 -08:00
Anton Vorontsov
e85477f516 powerpc/83xx: Fix TSEC0 workability on MPC8313E-RDB boards
TSEC0 is connected to Vitesse 7385 5-port switch. The switch
isn't connected to any mdio bus, the link to the switch is fixed
to Full-duplex 1000 Mb/s (no pause).

This patch fixes following failure during bootup:

mdio@24520:01 not found
eth0: Could not attach to PHY
IP-Config: Failed to open eth0

Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2009-02-06 10:38:57 -06:00
Anton Vorontsov
1f0d4d16d9 powerpc/83xx: Fix missing #{address,size}-cells in mpc8313erdb.dts
commit b31a1d8b41 ("gianfar: Convert
gianfar to an of_platform_driver") introduced a child node for
the ethernet@25000 controller, but no address and size cells
specifiers were added, and that makes dtc unhappy:

DTC: dts->dtb  on file "arch/powerpc/boot/dts/mpc8313erdb.dts"
Warning (reg_format): "reg" property in /soc8313@e0000000/ethernet@25000/mdio@25520 has invalid length (8 bytes) (#address-cells == 2, #size-cells == 1)
Warning (avoid_default_addr_size): Relying on default #address-cells value for /soc8313@e0000000/ethernet@25000/mdio@25520
Warning (avoid_default_addr_size): Relying on default #size-cells value for /soc8313@e0000000/ethernet@25000/mdio@25520

Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2009-02-06 10:38:54 -06:00
Michael Neuling
e2a02ba667 powerpc/83xx: Build breakage for CONFIG_PM but no CONFIG_SUSPEND
I noticed this doing some randconfig testing (.config below).  I have
CONFIG_PM but no CONFIG_SUSPEND.  Bug is against mainline.

arch/powerpc/sysdev/built-in.o: In function `ipic_suspend':
ipic.c:(.text+0x6b34): undefined reference to `fsl_deep_sleep'
make[1]: *** [.tmp_vmlinux1] Error 1
make: *** [sub-make] Error 2

Looks like #ifdef CONFIG_PM in arch/powerpc/sysdev/ipic.c should be
CONFIG_SUSPEND.  d49747bdfb introduced
this.

Fix build when we have CONFIG_PM but no CONFIG_SUSPEND.

Signed-off-by: Michael Neuling <mikey@neuling.org>
Acked-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
2009-02-06 10:36:44 -06:00
Chris Mason
42f15d77df Btrfs: Make sure dir is non-null before doing S_ISGID checks
The S_ISGID check in btrfs_new_inode caused an oops during subvol creation
because sometimes the dir is null.

Signed-off-by: Chris Mason <chris.mason@oracle.com>
2009-02-06 11:35:57 -05:00
Linus Torvalds
b2a740aab8 Merge branch 'for-linus' of git://neil.brown.name/md
* 'for-linus' of git://neil.brown.name/md:
  md: Ensure an md array never has too many devices.
  md: Fix a bug in linear.c causing which_dev() to return the wrong device.
  md: Allow read error in a single drive raid1 to be passed up.
2009-02-06 07:41:10 -08:00
Stefan Richter
86431532ec ieee1394: dv1394: move deprecation message from module init to file open
On many Linux installations, the dv1394 driver will be auto-loaded
whenever an AV/C device (e.g. camcorder or audio device) is plugged in.
An irritating message would then appear in the kernel log.

Defer this message to until a dv1394 character device file is actually
used by a program.  Also include the program name in the message and
update the message slightly.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2009-02-06 15:52:28 +01:00
Pavel Emelyanov
ff08f76d73 x86: clean up hpet timer reinit
Implement Linus's suggestion: introduce the hpet_cnt_ahead()
helper function to compare hpet time values - like other
wrapping counter comparisons are abstracted away elsewhere.
(jiffies, ktime_t, etc.)

Reported-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-02-06 15:07:13 +01:00
Ingo Molnar
7d8e23df69 timers: split process wide cpu clocks/timers, remove spurious warning
Mike Galbraith reported that the new warning in thread_group_cputimer()
triggers en masse with Amarok running.

Oleg Nesterov observed:

  Can't fastpath_timer_check()->thread_group_cputimer() have the
  false warning too? Suppose we had the timer, then posix_cpu_timer_del()
  removes this timer, but task_cputime_zero(&sig->cputime_expires) still
  not true.

Remove the spurious debug warning.

Reported-by: Mike Galbraith <efault@gmx.de>
Explained-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
2009-02-06 14:57:51 +01:00
Takashi Iwai
b0050cae2b Merge branch 'fix/usb-audio' into for-linus 2009-02-06 14:25:13 +01:00
Takashi Iwai
b2573eb586 Merge branch 'fix/hda' into for-linus 2009-02-06 14:25:04 +01:00
Takashi Iwai
4a5a4c56b4 ALSA: hda - Add missing COEF initialization for ALC887
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-02-06 12:46:59 +01:00
Takashi Iwai
c6e8f2daad ALSA: hda - Add missing initialization for ALC272
ALC272 needs EAPD for speaker outputs as well as other similar ALC
codecs.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-02-06 12:45:52 +01:00
Jesper Dangaard Brouer
2783ef2312 udp: Fix potential wrong ip_hdr(skb) pointers
Like the UDP header fix, pskb_may_pull() can potentially
alter the SKB buffer.  Thus the saddr and daddr, pointers
may point to the old skb->data buffer.

I haven't seen corruptions, as its only seen if the old
skb->data buffer were reallocated by another user and
written into very quickly (or poison'd by SLAB debugging).

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-06 01:59:12 -08:00
Gautam Kachroo
efc683fc2a neigh: some entries can be skipped during dumping
neightbl_dump_info and neigh_dump_table  can skip entries if the
*fill*info functions return an error. This results in an incomplete
dump ((invoked by netlink requests for RTM_GETNEIGHTBL or
RTM_GETNEIGH)

nidx and idx should not be incremented if the current entry was not
placed in the output buffer

Signed-off-by: Gautam Kachroo <gk@aristanetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-06 00:52:04 -08:00
David S. Miller
684de409ac ipv6: Disallow rediculious flowlabel option sizes.
Just like PKTINFO, limit the options area to 64K.

Based upon report by Eric Sesterhenn and analysis by
Roland Dreier.

Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-06 00:49:55 -08:00
Clemens Ladisch
894dcd7878 sound: usb-audio: handle wMaxPacketSize for FIXED_ENDPOINT devices
For audio devices that do not have proper audio descriptors (e.g.,
Edirol UA-20), we use hardcoded parameters from our quirks list.
However, we must still read the maximum packet size from the standard
endpoint descriptor; otherwise, we might use packets that are too big
and therefore rejected by the USB core.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: <stable@kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2009-02-06 09:47:12 +01:00
David S. Miller
1c2f61d40b sparc64: Don't hook up pcr_ops on spitfire chips.
They can't be used for profiling and NMI watchdog currently
since they lack the counter overflow interrupt.

Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-05 23:59:04 -08:00
NeilBrown
de01dfadf2 md: Ensure an md array never has too many devices.
Each different metadata format supported by md supports a
different maximum number of devices.
We really should be enforcing this maximum in the kernel, but
we aren't quite doing that properly.

We currently only enforce it at the 'hot_add' point, which is an
older interface which is not used by current userspace.

We need to also enforce it at 'add_new_disk' time for active arrays
and at 'do_md_run' time when starting a new array.

So move the test from 'hot_add' into 'bind_rdev_to_array' which is
called from both 'hot_add' and 'add_new_disk, and add a new
test in 'analyse_sbs' which is called from 'do_md_run'.

This bug (or missing feature) has been around "forever" and so
the patch is suitable for any -stable that is currently maintained.

Cc: stable@kernel.org

Signed-off-by: NeilBrown <neilb@suse.de>
2009-02-06 18:02:46 +11:00
Andre Noll
852c8bf484 md: Fix a bug in linear.c causing which_dev() to return the wrong device.
ab5bd5cbc8 introduced the following
bug in linear software raid for large arrays on 32 bit machines:

which_dev() computes the device holding a given sector by shifting
down the sector number to a 32 bit range, dividing by the array
spacing and looking up the resulting index in the hash table of
the array.

Because the computed index might be slightly too small, a loop at
the end of which_dev() increases the index until the given sector
actually falls into the range of the device associated with that index.

The changes of the above mentioned commit caused this loop to check
whether the _index_ rather than the sector number is small enough,
effectively bypassing the loop and thus possibly returning the wrong
device.

As reported by Simon Kirby, this leads to errors such as

	linear_make_request: Sector 2340486136 out of bounds on dev sdi: 156301312 sectors, offset 2109870464

Fix this bug by introducing a local variable for the index so that
the variable containing the passed sector is left unchanged.

Cc: stable@kernel.org
Signed-off-by: Andre Noll <maan@systemlinux.org>
Signed-off-by: NeilBrown <neilb@suse.de>
2009-02-06 15:10:52 +11:00
NeilBrown
4706b349f4 md: Allow read error in a single drive raid1 to be passed up.
If a raid1 only has a single working device and gets a read error, 
we choose to simply return that error up to the filesystem (or whatever)
rather than failing the whole array.

However the codes doesn't quite do that.  We attempt a readbalance
which allocates the same drive, so we retry the read - indefinitely. 

Instead:  If read_balance in the error case chooses the same drive that just
failed, treat it as a failure and don't retry.

Signed-off-by: NeilBrown <neilb@suse.de>
2009-02-06 15:06:47 +11:00
Masami Hiramatsu
9be260a646 prevent kprobes from catching spurious page faults
Prevent kprobes from catching spurious faults which will cause infinite
recursive page-fault and memory corruption by stack overflow.

Signed-off-by: Masami Hiramatsu <mhiramat@redhat.com>
Cc: <stable@kernel.org>		[2.6.28.x]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 17:01:50 -08:00
Al Viro
767b5828ad braino in sg_ioctl_trans()
... and yes, gcc is insane enough to eat that without complaint.
We probably want sparse to scream on those...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 16:35:52 -08:00
Linus Torvalds
082256333f Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2:
  Revert "configfs: Silence lockdep on mkdir(), rmdir() and configfs_depend_item()"
2009-02-05 16:12:38 -08:00
Linus Torvalds
09cd5b8f9d Merge branch 'sh/for-2.6.29' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6
* 'sh/for-2.6.29' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6:
  sh: Fix up T-bit error handling in SH-4A mutex fastpath.
  sh: Fix up spurious syscall restarting.
  sh: fcnvds fix with denormalized numbers on SH-4 FPU.
  sh: Only reserve memory under CONFIG_ZERO_PAGE_OFFSET when it != 0.
  sh: Handle calling csum_partial with misaligned data
  sh: ap325rxa: Enable ov772x in defconfig.
  sh: ap325rxa: Add ov772x support.
  sh: ap325rxa: control camera power toggling.
  sh: mach-migor: Enable ov772x and tw9910 in defconfig.
2009-02-05 16:11:54 -08:00
Linus Torvalds
cc5724ce10 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
  Revert "tcp: Always set urgent pointer if it's beyond snd_nxt"
  ipv6: Copy cork options in ip6_append_data
  udp: Fix UDP short packet false positive
  gianfar: Fix potential soft reset race
  gianfar: Fix BD_LENGTH_MASK definition
  cxgb3: Fix lro switch
  iwlwifi: save PCI state before suspend, restore after resume
  iwlwifi: clean key table in iwl_clear_stations_table
2009-02-05 16:11:32 -08:00
David S. Miller
a23f4bbd8d Revert "tcp: Always set urgent pointer if it's beyond snd_nxt"
This reverts commit 64ff3b938e.

Jeff Chua reports that it breaks rlogin for him.

Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-05 15:38:31 -08:00
Herbert Xu
0178b695fd ipv6: Copy cork options in ip6_append_data
As the options passed to ip6_append_data may be ephemeral, we need
to duplicate it for corking.  This patch applies the simplest fix
which is to memdup all the relevant bits.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-05 15:15:50 -08:00
David S. Miller
12402b5b7a Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2009-02-05 15:08:11 -08:00
Jesper Dangaard Brouer
7b5e56f9d6 udp: Fix UDP short packet false positive
The UDP header pointer assignment must happen after calling
pskb_may_pull().  As pskb_may_pull() can potentially alter the SKB
buffer.

This was exposted by running multicast traffic through the NIU driver,
as it won't prepull the protocol headers into the linear area on
receive.

Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-02-05 15:05:45 -08:00
Alexey Dobriyan
f01d1d546a seq_file: fix big-enough lseek() + read()
lseek() further than length of the file will leave stale ->index
(second-to-last during iteration). Next seq_read() will not notice
that ->f_pos is big enough to return 0, but will print last item
as if ->f_pos is pointing to it.

Introduced in commit cb510b8172
aka "seq_file: more atomicity in traverse()".

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 14:18:14 -08:00
Eric Biederman
33da8892a2 seq_file: move traverse so it can be used from seq_read
In 2.6.25 some /proc files were converted to use the seq_file
infrastructure.  But seq_files do not correctly support pread(), which
broke some usersapce applications.

To handle pread correctly we can't assume that f_pos is where we left it
in seq_read.  So move traverse() so that we can eventually use it in
seq_read and do thus some day support pread().

Signed-off-by: Eric Biederman <ebiederm@xmission.com>
Cc: Paul Turner <pjt@google.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:49 -08:00
Dean Nelson
361916a943 sgi-xp: fix writing past the end of kzalloc()'d space
A missing type cast results in writing way beyond the end of a kzalloc()'d
memory segment resulting in slab corruption. But it seems like the better
solution is to define ->recv_msg_slots as a 'void *' rather than a
'struct xpc_notify_mq_msg_uv *' and add the type cast.

Signed-off-by: Dean Nelson <dcn@sgi.com>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:49 -08:00
Alexey Dobriyan
fb9a680011 alpha: fixup BUG macro
Do usual do {} while (0) dance, otherwise

fs/gfs2/util.c:99: error: expected expression before 'else'
drivers/scsi/lpfc/lpfc_sli.c:363: error: expected expression before 'else'

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Richard Henderson <rth@twiddle.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:49 -08:00
Dan Carpenter
736d54533a sx.c: fix missed unlock_kernel() on error path in sx_fw_ioctl()
If we return directly with -EPERM then lock_kernel() is still held.

This was found with a code checker (http://repo.or.cz/w/smatch.git/).

[akpm@linux-foundation.org: fix another such path - missed func_exit()]
Signed-off-by: Dan Carpenter <error27@gmail.com>
Cc: <R.E.Wolff@BitWizard.nl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:48 -08:00
Randy Dunlap
fe86175bce atyfb: fix CONFIG_ namespace violations
Fix namespace violations by changing non-kconfig CONFIG_ names to CNFG_*.

Fixes breakage in staging/, which adds a real CONFIG_PANEL.

Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:48 -08:00
Manish Katiyar
cd29cf7d11 rtc-ds1390: fix compilation warnings in drivers/rtc/rtc-ds1390.c
drivers/rtc/rtc-ds1390.c:125: warning: unused variable 'rtc'

Signed-off-by: Manish Katiyar <mkatiyar@gmail.com>
Signed-off-by: Alessandro Zummo <a.zummo@towertech.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:48 -08:00
Mike Rapoport
ce43ae538b drivers/video/backlight: rename da903x to da903x_bl
Currently both da903x backlight and voltage reulator drivers have the
same name. Rename the backlight driver to allow use of both drivers as
modules.

Signed-off-by: Mike Rapoport <mike@compulab.co.il>
Acked-by: Eric Miao <eric.miao@marvell.com>
Cc: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:48 -08:00
Hans-Christian Egtvedt
dfecb7164e atmel-ssc: fix misuse of dev_dbg when requested ssc instance is not found
The ssc pointer is not valid when the id is not found in the list.
Convert the message from a debug one into an error message and avoid
dereferencing the bad pointer.

Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
Cc: Kay Sievers <kay.sievers@vrfy.org>
Cc: Huang Weiyi <weiyi.huang@gmail.com>
Acked-by: Haavard Skinnemoen <haavard.skinnemoen@atmel.com>
Cc: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-05 12:56:48 -08:00