- 17 12月, 2010 2 次提交
-
-
由 Ken Mills 提交于
gsm_data_alloc buffer allocation could fail and it is not being checked. Add check for allocated buffer and return if the buffer allocation fails. Signed-off-by: NKen Mills <ken.k.mills@intel.com> Signed-off-by: NAlan Cox <alan@linux.intel.com> Cc: stable@kernel.org Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Ken Mills 提交于
Fix message length handling when building header When the message length is greater than 127, the length field in the header is built incorrectly. According to the spec, when the length is less than 128 the length field is a single byte formatted as: bbbbbbb1. When it is greater than 127 then the field is two bytes of the format: bbbbbbb0 bbbbbbbb. Signed-off-by: NKen Mills <ken.k.mills@intel.com> Signed-off-by: NAlan Cox <alan@linux.intel.com> Cc: stable@kernel.org Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
- 07 12月, 2010 7 次提交
-
-
由 Linus Torvalds 提交于
-
git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2由 Linus Torvalds 提交于
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2: ocfs2_connection_find() returns pointer to bad structure ocfs2: char is not always signed Ocfs2: Stop tracking a negative dentry after dentry_iput(). ocfs2: fix memory leak fs/ocfs2/dlm: Use GFP_ATOMIC under spin_lock
-
由 Olof Johansson 提交于
Commit 0ea12930 ("arm: return both physical and virtual addresses from addruart") took out the test for MMU on/off but didn't switch the ldr instructions to no longer be conditionals based on said test. Fix that. Signed-off-by: NOlof Johansson <olof@lixom.net> Acked-by: NColin Cross <ccross@android.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6由 Linus Torvalds 提交于
* 'pm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6: PM / Hibernate: Fix memory corruption related to swap PM / Hibernate: Use async I/O when reading compressed hibernation image
-
由 Rafael J. Wysocki 提交于
There is a problem that swap pages allocated before the creation of a hibernation image can be released and used for storing the contents of different memory pages while the image is being saved. Since the kernel stored in the image doesn't know of that, it causes memory corruption to occur after resume from hibernation, especially on systems with relatively small RAM that need to swap often. This issue can be addressed by keeping the GFP_IOFS bits clear in gfp_allowed_mask during the entire hibernation, including the saving of the image, until the system is finally turned off or the hibernation is aborted. Unfortunately, for this purpose it's necessary to rework the way in which the hibernate and suspend code manipulates gfp_allowed_mask. This change is based on an earlier patch from Hugh Dickins. Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl> Reported-by: NOndrej Zary <linux@rainbow-software.org> Acked-by: NHugh Dickins <hughd@google.com> Reviewed-by: NKAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: stable@kernel.org
-
由 Linus Torvalds 提交于
* master.kernel.org:/home/rmk/linux-2.6-arm: ARM: 6524/1: GIC irq desciptor bug fix ARM: 6523/1: iop: ensure sched_clock() is notrace ARM: 6456/1: Fix for building DEBUG with sa11xx_base.c as a module. ARM: 6519/1: kuser: Fix incorrect cmpxchg syscall in kuser helpers ARM: 6505/1: kprobes: Don't HAVE_KPROBES when CONFIG_THUMB2_KERNEL is selected ARM: 6508/1: vexpress: Correct data alignment in headsmp.S for CONFIG_THUMB2_KERNEL ARM: 6507/1: RealView: Correct data alignment in headsmp.S for CONFIG_THUMB2_KERNEL ARM: 6504/1: Thumb-2: Fix long-distance conditional branches in head.S for Thumb-2. ARM: 6503/1: Thumb-2: Restore sensible zImage header layout for CONFIG_THUMB2_KERNEL ARM: 6502/1: Thumb-2: Fix CONFIG_THUMB2_KERNEL breakage in compressed/head.S ARM: 6501/1: Thumb-2: Correct data alignment for CONFIG_THUMB2_KERNEL in mm/proc-v7.S ARM: 6500/1: Thumb-2: Correct data alignment for CONFIG_THUMB2_KERNEL in kernel/head.S ARM: 6499/1: Thumb-2: Correct data alignment for CONFIG_THUMB2_KERNEL in bootp/init.S ARM: 6498/1: vfp: Correct data alignment for CONFIG_THUMB2_KERNEL ARM: 6497/1: kexec: Correct data alignment for CONFIG_THUMB2_KERNEL ARM: 6496/1: GIC: Do not try to register more then NR_IRQS interrupts ARM: cns3xxx: Fix build with CONFIG_PCI=y
-
由 Bojan Smojver 提交于
This is a fix for reading LZO compressed image using async I/O. Essentially, instead of having just one page into which we keep reading blocks from swap, we allocate enough of them to cover the largest compressed size and then let block I/O pick them all up. Once we have them all (and here we wait), we decompress them, as usual. Obviously, the very first block we still pick up synchronously, because we need to know the size of the lot before we pick up the rest. Also fixed the copyright line, which I've forgotten before. Signed-off-by: NBojan Smojver <bojan@rexursive.com> Signed-off-by: NRafael J. Wysocki <rjw@sisk.pl>
-
- 06 12月, 2010 6 次提交
-
-
-
由 Chao Xie 提交于
gic_set_cpu will directly use irq_desc[]. If CONFIG_SPARSE_IRQ is enabled, there is no irq_desc[]. So we need use irq_to_desc(irq) to get the descriptor for irq. Signed-off-by: NChao Xie <chao.xie@marvell.com> Acked-by: NKyungmin Park <kyungmin.park@samsung.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6由 Linus Torvalds 提交于
* 'slab/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/penberg/slab-2.6: slub: Fix a crash during slabinfo -v
-
git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6由 Linus Torvalds 提交于
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6: initramfs: Really fix build break on symbol-prefixed archs [media] Fix Kconfig errors due to two visible menus i2c/algos: convert Kconfig to use the menu's `visible' keyword media/video: convert Kconfig to use the menu's `visible' keyword Revert "i2c: Fix Kconfig dependencies" kconfig: regen parser kconfig: add an option to determine a menu's visibility
-
git://git.kernel.org/pub/scm/linux/kernel/git/kyle/parisc-2.6由 Linus Torvalds 提交于
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/kyle/parisc-2.6: parisc: Fix GSC PS/2 driver name for keyboard and mouse parisc: KittyHawk LCD fix parisc: convert the rest of the irq handlers to simple/percpu parisc: fix dino/gsc interrupts parisc: remove redundant initialization in sigsegv path of sys_rt_sigreturn
-
由 Eric W. Biederman 提交于
Because it caused a chroot ttyname regression in 2.6.36. As of 2.6.36 ttyname does not work in a chroot. It has already been reported that screen breaks, and for me this breaks an automated distribution testsuite, that I need to preserve the ability to run the existing binaries on for several more years. glibc 2.11.3 which has a fix for this is not an option. The root cause of this breakage is: commit 8df9d1a4 Author: Miklos Szeredi <mszeredi@suse.cz> Date: Tue Aug 10 11:41:41 2010 +0200 vfs: show unreachable paths in getcwd and proc Prepend "(unreachable)" to path strings if the path is not reachable from the current root. Two places updated are - the return string from getcwd() - and symlinks under /proc/$PID. Other uses of d_path() are left unchanged (we know that some old software crashes if /proc/mounts is changed). Signed-off-by: NMiklos Szeredi <mszeredi@suse.cz> Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> So remove the nice sounding, but ultimately ill advised change to how /proc/fd symlinks work. Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 05 12月, 2010 4 次提交
-
-
由 Guy Martin 提交于
Fix kernel warnings caused by the driver name of GSC PS/2 containing '/'. The following warnings are observed on a K410 system : [ 10.700000] name 'GSC PS/2 keyboard' [ 10.732000] ------------[ cut here ]------------ [ 10.772000] WARNING: at fs/proc/generic.c:323 [ 10.828000] Modules linked in: [ 10.916000] [ 10.916000] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI [ 10.936000] PSW: 00000000000001000000000000001111 Not tainted [ 10.992000] r00-03 0004000f 104fe3e0 10201ea0 00000000 [ 11.060000] r04-07 4fc405c8 00000006 4fc405c8 4fc40694 [ 11.124000] r08-11 4fc40708 10438aa0 00000001 1043bfc8 [ 11.184000] r12-15 104ff2a0 104ff2a0 4fc38634 104ff2a0 [ 11.248000] r16-19 f0001570 10479af0 f000006c 1044fe50 [ 11.308000] r20-23 00000000 00000028 104cd858 00000000 [ 11.372000] r24-27 ffffffff 0000000e 1044fe10 1043bbe0 [ 11.436000] r28-31 0000002b 00000078 4fc40800 0000000d [ 11.496000] sr00-03 00000000 00000000 00000000 00000000 [ 11.560000] sr04-07 00000000 00000000 00000000 00000000 [ 11.624000] [ 11.688000] IASQ: 00000000 00000000 IAOQ: 10201ea0 10201ea4 [ 11.704000] IIR: 03ffe01f ISR: 00000000 IOR: 0000000d [ 11.772000] CPU: 0 CR30: 4fc40000 CR31: f01043b0 [ 11.836000] ORIG_R28: 4fc40940 [ 11.904000] IAOQ[0]: __xlate_proc_name+0x90/0xd0 [ 11.940000] IAOQ[1]: __xlate_proc_name+0x94/0xd0 [ 11.996000] RP(r2): __xlate_proc_name+0x90/0xd0 [ 12.052000] Backtrace: [ 12.108000] [<10257790>] vsnprintf+0x290/0x4f4 [ 12.136000] [ 12.188000] ---[ end trace 91bf6ece17e322dd ]--- [ 12.208000] serio: GSC PS/2 keyboard port at 0x0001c000 irq 19 @ 10:12:7 [ 12.264000] name 'GSC PS/2 mouse' [ 12.344000] ------------[ cut here ]------------ [ 12.384000] WARNING: at fs/proc/generic.c:323 [ 12.436000] Modules linked in: [ 12.524000] [ 12.528000] YZrvWESTHLNXBCVMcbcbcbcbOGFRQPDI [ 12.544000] PSW: 00000000000001000000000000001111 Tainted: G W [ 12.600000] r00-03 0004000f 104fe3e0 10201ea0 00000000 [ 12.680000] r04-07 4fc405c8 00000006 4fc405c8 4fc40694 [ 12.740000] r08-11 4fc40708 10438aa0 00000001 1043bfc8 [ 12.804000] r12-15 104ff2a0 104ff2a0 4fc38634 104ff2a0 [ 12.868000] r16-19 f0001570 10479af0 f000006c 1044fe50 [ 12.928000] r20-23 00000000 00000025 104cd858 00000000 [ 12.992000] r24-27 ffffffff 0000000e 1044fe10 1043bbe0 [ 13.056000] r28-31 00000028 00000078 4fc40800 0000000d [ 13.116000] sr00-03 00000000 00000000 00000000 00000000 [ 13.180000] sr04-07 00000000 00000000 00000000 00000000 [ 13.244000] [ 13.308000] IASQ: 00000000 00000000 IAOQ: 10201ea0 10201ea4 [ 13.324000] IIR: 03ffe01f ISR: 00000000 IOR: 0000000d [ 13.392000] CPU: 0 CR30: 4fc40000 CR31: f01043b0 [ 13.456000] ORIG_R28: 4fc40940 [ 13.524000] IAOQ[0]: __xlate_proc_name+0x90/0xd0 [ 13.560000] IAOQ[1]: __xlate_proc_name+0x94/0xd0 [ 13.616000] RP(r2): __xlate_proc_name+0x90/0xd0 [ 13.672000] Backtrace: [ 13.728000] [<10257790>] vsnprintf+0x290/0x4f4 [ 13.756000] [ 13.808000] ---[ end trace 91bf6ece17e322de ]--- [ 13.828000] serio: GSC PS/2 mouse port at 0x00020100 irq 19 @ 10:12:8 Signed-off-by: NGuy Martin <gmsoft@tuxicoman.be> Acked-by: NHelge Deller <deller@gmx.de> Signed-off-by: NKyle McMartin <kyle@mcmartin.ca>
-
由 Guy Martin 提交于
K class aka KittyHawk don't have LED support on their LCD. Installing HP-UX confirmed this. The current led_wq fills the LCD with black characters each time it runs. The patch prevents the led_wq workqueue and its proc entry to be created for KittyHawk machines. It also increase min_cmd_delay as currently, one character out of two is lost when a string is sent to the LCD. Signed-off-by: NGuy Martin <gmsoft@tuxicoman.be> Signed-off-by: NKyle McMartin <kyle@mcmartin.c>
-
由 James Bottomley 提交于
The generic conversion eliminates the spurious no_ack and no_end routines, converts all the cascaded handlers to handle_simple_irq() and makes iosapic use a modified handle_percpu_irq() to become the same as the CPU irq's. This isn't an essential change, but it eliminates the mask/unmask overhead of handle_level_irq(). Signed-off-by: NJames Bottomley <James.Bottomley@suse.de> Tested-by: NHelge Deller <deller@gmx.de> Signed-off-by: NKyle McMartin <kyle@mcmartin.ca>
-
由 James Bottomley 提交于
The essential problem we're currently having is that dino (and gsc) is a cascaded CPU interrupt. Under the old __do_IRQ() handler, our CPU interrupts basically did an ack followed by an end. In the new scheme, we replaced them with level handlers which do a mask, an ack and then an unmask (but no end). Instead, with the renaming of end to eoi, we actually want to call the percpu flow handlers, because they actually have all the characteristics we want. This patch does the conversion and gets my C360 booting again. Signed-off-by: NJames Bottomley <James.Bottomley@suse.de> Signed-off-by: NKyle McMartin <kyle@mcmartin.ca>
-
- 04 12月, 2010 11 次提交
-
-
由 Rabin Vincent 提交于
Include sched.h to ensure sched_clock() has the notrace annotation, and mark any functions it calls as notrace too. Include sched.h to ensure sched_clock() has the notrace annotation, and mark any functions it calls as notrace too. Acked-by: NDan Williams <dan.j.williams@intel.com> Signed-off-by: NRabin Vincent <rabin@rab.in> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Marcelo Roberto Jimenez 提交于
This patch fixes a compilation issue when compiling PCMCIA SA1100 support as a module with PCMCIA_DEBUG enabled. The symbol soc_pcmcia_debug was not beeing exported. ARM: pcmcia: Fix for building DEBUG with sa11xx_base.c as a module. This patch fixes a compilation issue when compiling PCMCIA SA1100 support as a module with PCMCIA_DEBUG enabled. The symbol soc_pcmcia_debug was not beeing exported. Cc: <stable@kernel.org> Signed-off-by: NMarcelo Roberto Jimenez <mroberto@cpti.cetuc.puc-rio.br> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Dave Martin 提交于
The existing code invokes the syscall with rubbish in r7, due to what looks like an incorrect literal load idiom. Reviewed-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NDave Martin <dave.martin@linaro.org> Acked-by: NCatalin Marinas <catalin.marinas@arm.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Tero Roponen 提交于
Commit f7cb1933 ("SLUB: Pass active and inactive redzone flags instead of boolean to debug functions") missed two instances of check_object(). This caused a lot of warnings during 'slabinfo -v' finally leading to a crash: BUG ext4_xattr: Freepointer corrupt ... BUG buffer_head: Freepointer corrupt ... BUG ext4_alloc_context: Freepointer corrupt ... ... BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: [<ffffffff810a291f>] file_sb_list_del+0x1c/0x35 PGD 79d78067 PUD 79e67067 PMD 0 Oops: 0002 [#1] SMP last sysfs file: /sys/kernel/slab/:t-0000192/validate This patch fixes the problem by converting the two missed instances. Acked-by: NChristoph Lameter <cl@linux.com> Signed-off-by: NTero Roponen <tero.roponen@gmail.com> Signed-off-by: NPekka Enberg <penberg@kernel.org>
-
git://xenbits.xen.org/people/sstabellini/linux-pvhvm由 Linus Torvalds 提交于
* '2.6.37-rc4-pvhvm-fixes' of git://xenbits.xen.org/people/sstabellini/linux-pvhvm: xen: unplug the emulated devices at resume time xen: fix save/restore for PV on HVM guests with pirq remapping xen: resume the pv console for hvm guests too xen: fix MSI setup and teardown for PV on HVM guests xen: use PHYSDEVOP_get_free_pirq to implement find_unbound_pirq
-
由 Linus Torvalds 提交于
Merge branches 'upstream/core' and 'upstream/bugfix' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen * 'upstream/core' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen: xen: allocate irq descs on any NUMA node xen: prevent crashes with non-HIGHMEM 32-bit kernels with largeish memory xen: use default_idle xen: clean up "extra" memory handling some more * 'upstream/bugfix' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen: xen: x86/32: perform initial startup on initial_page_table xen: don't bother to stop other cpus on shutdown/reboot
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ASoC: omap: N810: Don't select CONFIG_OMAP_MUX but make it as dependency ALSA: hda: Use "alienware" model quirk for another SSID ASoC: WM8731: Fix incorrect mask for bypass path disable s6105-ipcam: fix compilation s6000-pcm: fix compilation s6000-i2s: fix compilation ASoC: Fix missing spin_unlock_irqrestore ALSA: Fix SNDCTL_DSP_RESET ioctl for OSS emulation ASoC: Add missing dev_set_drvdata in p1022_ds_probe ASoC: Add missing dev_set_drvdata in mpc8610_hpcd_probe ASoC: Remove unneeded !! operations while checking return value of nuc900_checkready ASoC: Fix compile error for nuc900-pcm.c ASoC: Fix prototype for nuc900_ac97_probe and nuc900_ac97_remove ASoC: Fix compile error for nuc900-ac97.c ALSA: hda: Use BIOS auto-parsing instead of existing model quirk for MEDION MD2
-
git://git.infradead.org/ubi-2.6由 Linus Torvalds 提交于
* 'linux-next' of git://git.infradead.org/ubi-2.6: UBI: fix corrupted PEB detection for NOR flash
-
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6由 Linus Torvalds 提交于
* 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6: sh: se/7724: Remove FSI/B of GPIO init code sh: se/7724: Update clock framework of FSI clock to non-legacy sh: Assume new page cache pages have dirty dcache lines. sh: boards: mach-se: use IS_ERR() instead of NULL check sh: Add div6_reparent_clks to clock framework for FSI dma: shdma: add a MODULE_ALIAS() to allow module autoloading
-
由 Linus Torvalds 提交于
Merge branch 'fbdev-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-2.6 * 'fbdev-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-2.6: lxfb: Maintain video processor palette through suspend/resume video: da8xx: Register IRQ as last thing in driver probing. framebuffer: fix fbcmap.c kernel-doc warning
-
由 David Howells 提交于
Implement asm/syscall.h for the MN10300 arch. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 03 12月, 2010 10 次提交
-
-
由 Artem Bityutskiy 提交于
My new shiny code for corrupted PEB detection has NOR specific bug. We tread PEB as corrupted and preserve it, if 1. EC header is OK. 2. VID header is corrupted. 3. data area is not "all 0xFFs" In case of NOR we have 'nor_erase_prepare()' quirk, which invalidates the headers before erasing the PEB. And we invalidate first the VID header, and then the EC header. So if a power cut happens after we have invalidated the VID header, but before we have invalidated the EC header, we end up with a PEB which satisfies the above 3 conditions, and the scanning code will treat it as corrupted, and will print scary warnings, wrongly. This patch fixes the issue by firt invalidating the EC header, then invalidating the VID header. In case of power cut inbetween, we still just lose the EC header, and UBI can deal with this situation gracefully. Thanks to Anatolij Gustschin <agust@denx.de> for tracking this down. Signed-off-by: NArtem Bityutskiy <Artem.Bityutskiy@nokia.com> Reported-by: NAnatolij Gustschin <agust@denx.de> Tested-by: NAnatolij Gustschin <agust@denx.de>
-
由 Paul Mundt 提交于
-
由 Nobuhiro Iwamatsu 提交于
se7724 board does not have FSI/B. Signed-off-by: NNobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Nobuhiro Iwamatsu 提交于
Signed-off-by: NNobuhiro Iwamatsu <nobuhiro.iwamatsu.yj@renesas.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: length resolution should be reported units/mm HID: add support for F430 Force Feedback Wheel HID: egalax: Use kzalloc HID: Remove KERN_DEBUG from dbg_hid use Manually fixed trivial conflict in drivers/hid/hid-input.c (due to removal of KERN_DEBUG from dbg_hid use clashing with new keycode interface switch)
-
由 Jeremy Fitzhardinge 提交于
Allocate irq descs on any NUMA node (we don't care) rather than specifically node 0, which may not exist. (At the moment NUMA is meaningless within a domain, so any info the kernel has is just from an SRAT table we haven't suppressed/disabled.) Signed-off-by: NJeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
-
由 Jeremy Fitzhardinge 提交于
If this is a non-HIGHMEM 32-bit kernel, then the page structures only go up to the limit of addressable memory, even if more memory is physically present. Don't try to add that extra memory to the balloon. Signed-off-by: NJeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
-
由 Nelson Elhage 提交于
If a user manages to trigger an oops with fs set to KERNEL_DS, fs is not otherwise reset before do_exit(). do_exit may later (via mm_release in fork.c) do a put_user to a user-controlled address, potentially allowing a user to leverage an oops into a controlled write into kernel memory. This is only triggerable in the presence of another bug, but this potentially turns a lot of DoS bugs into privilege escalations, so it's worth fixing. I have proof-of-concept code which uses this bug along with CVE-2010-3849 to write a zero to an arbitrary kernel address, so I've tested that this is not theoretical. A more logical place to put this fix might be when we know an oops has occurred, before we call do_exit(), but that would involve changing every architecture, in multiple places. Let's just stick it in do_exit instead. [akpm@linux-foundation.org: update code comment] Signed-off-by: NNelson Elhage <nelhage@ksplice.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: <stable@kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 KOSAKI Motohiro 提交于
commit 62b61f61 ("ksm: memory hotremove migration only") caused the following new lockdep warning. ======================================================= [ INFO: possible circular locking dependency detected ] ------------------------------------------------------- bash/1621 is trying to acquire lock: ((memory_chain).rwsem){.+.+.+}, at: [<ffffffff81079339>] __blocking_notifier_call_chain+0x69/0xc0 but task is already holding lock: (ksm_thread_mutex){+.+.+.}, at: [<ffffffff8113a3aa>] ksm_memory_callback+0x3a/0xc0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (ksm_thread_mutex){+.+.+.}: [<ffffffff8108b70a>] lock_acquire+0xaa/0x140 [<ffffffff81505d74>] __mutex_lock_common+0x44/0x3f0 [<ffffffff81506228>] mutex_lock_nested+0x48/0x60 [<ffffffff8113a3aa>] ksm_memory_callback+0x3a/0xc0 [<ffffffff8150c21c>] notifier_call_chain+0x8c/0xe0 [<ffffffff8107934e>] __blocking_notifier_call_chain+0x7e/0xc0 [<ffffffff810793a6>] blocking_notifier_call_chain+0x16/0x20 [<ffffffff813afbfb>] memory_notify+0x1b/0x20 [<ffffffff81141b7c>] remove_memory+0x1cc/0x5f0 [<ffffffff813af53d>] memory_block_change_state+0xfd/0x1a0 [<ffffffff813afd62>] store_mem_state+0xe2/0xf0 [<ffffffff813a0bb0>] sysdev_store+0x20/0x30 [<ffffffff811bc116>] sysfs_write_file+0xe6/0x170 [<ffffffff8114f398>] vfs_write+0xc8/0x190 [<ffffffff8114fc14>] sys_write+0x54/0x90 [<ffffffff810028b2>] system_call_fastpath+0x16/0x1b -> #0 ((memory_chain).rwsem){.+.+.+}: [<ffffffff8108b5ba>] __lock_acquire+0x155a/0x1600 [<ffffffff8108b70a>] lock_acquire+0xaa/0x140 [<ffffffff81506601>] down_read+0x51/0xa0 [<ffffffff81079339>] __blocking_notifier_call_chain+0x69/0xc0 [<ffffffff810793a6>] blocking_notifier_call_chain+0x16/0x20 [<ffffffff813afbfb>] memory_notify+0x1b/0x20 [<ffffffff81141f1e>] remove_memory+0x56e/0x5f0 [<ffffffff813af53d>] memory_block_change_state+0xfd/0x1a0 [<ffffffff813afd62>] store_mem_state+0xe2/0xf0 [<ffffffff813a0bb0>] sysdev_store+0x20/0x30 [<ffffffff811bc116>] sysfs_write_file+0xe6/0x170 [<ffffffff8114f398>] vfs_write+0xc8/0x190 [<ffffffff8114fc14>] sys_write+0x54/0x90 [<ffffffff810028b2>] system_call_fastpath+0x16/0x1b But it's a false positive. Both memory_chain.rwsem and ksm_thread_mutex have an outer lock (mem_hotplug_mutex). So they cannot deadlock. Thus, This patch annotate ksm_thread_mutex is not deadlock source. [akpm@linux-foundation.org: update comment, from Hugh] Signed-off-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Acked-by: NHugh Dickins <hughd@google.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 KOSAKI Motohiro 提交于
Presently hwpoison is using lock_system_sleep() to prevent a race with memory hotplug. However lock_system_sleep() is a no-op if CONFIG_HIBERNATION=n. Therefore we need a new lock. Signed-off-by: NKOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Andi Kleen <andi@firstfloor.org> Cc: Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Suggested-by: NHugh Dickins <hughd@google.com> Acked-by: NHugh Dickins <hughd@google.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-