- 21 10月, 2011 4 次提交
-
-
由 Steven Whitehouse 提交于
Now that the data writing is part of fsync proper, we can split the waiting part out and do it later on. This reduces the number of waits that we do during fsync on average. There is also no need to take the i_mutex unless we are flushing metadata to disk, so we can move that to within the metadata flushing code. Signed-off-by: NSteven Whitehouse <swhiteho@redhat.com>
-
由 Steven Whitehouse 提交于
Since there is now only a single caller to gfs2_dir_read_data() and it has a number of constant arguments, we can factor those out. Also some tests relating to the inode size were being done twice. Signed-off-by: NSteven Whitehouse <swhiteho@redhat.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: Add alignment flag to PCI expansion resources sparc: Avoid calling sigprocmask() sparc: Use set_current_blocked() sparc32,leon: SRMMU MMU Table probe fix
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: fib_rules: fix unresolved_rules counting r8169: fix wrong eee setting for rlt8111evl r8169: fix driver shutdown WoL regression. ehea: Change maintainer to me pptp: pptp_rcv_core() misses pskb_may_pull() call tproxy: copy transparent flag when creating a time wait pptp: fix skb leak in pptp_xmit() bonding: use local function pointer of bond->recv_probe in bond_handle_frame smsc911x: Add support for SMSC LAN89218 tg3: negate USE_PHYLIB flag check netconsole: enable netconsole can make net_device refcnt incorrent bluetooth: Properly clone LSM attributes to newly created child connections l2tp: fix a potential skb leak in l2tp_xmit_skb() bridge: fix hang on removal of bridge via netlink x25: Prevent skb overreads when checking call user data x25: Handle undersized/fragmented skbs x25: Validate incoming call user data lengths udplite: fast-path computation of checksum coverage IPVS netns shutdown/startup dead-lock netfilter: nf_conntrack: fix event flooding in GRE protocol tracker
-
- 20 10月, 2011 6 次提交
-
-
由 Hugh Dickins 提交于
I don't usually pay much attention to the stale "? " addresses in stack backtraces, but this lucky report from Pawel Sikora hints that mremap's move_ptes() has inadequate locking against page migration. 3.0 BUG_ON(!PageLocked(p)) in migration_entry_to_page(): kernel BUG at include/linux/swapops.h:105! RIP: 0010:[<ffffffff81127b76>] [<ffffffff81127b76>] migration_entry_wait+0x156/0x160 [<ffffffff811016a1>] handle_pte_fault+0xae1/0xaf0 [<ffffffff810feee2>] ? __pte_alloc+0x42/0x120 [<ffffffff8112c26b>] ? do_huge_pmd_anonymous_page+0xab/0x310 [<ffffffff81102a31>] handle_mm_fault+0x181/0x310 [<ffffffff81106097>] ? vma_adjust+0x537/0x570 [<ffffffff81424bed>] do_page_fault+0x11d/0x4e0 [<ffffffff81109a05>] ? do_mremap+0x2d5/0x570 [<ffffffff81421d5f>] page_fault+0x1f/0x30 mremap's down_write of mmap_sem, together with i_mmap_mutex or lock, and pagetable locks, were good enough before page migration (with its requirement that every migration entry be found) came in, and enough while migration always held mmap_sem; but not enough nowadays, when there's memory hotremove and compaction. The danger is that move_ptes() lets a migration entry dodge around behind remove_migration_pte()'s back, so it's in the old location when looking at the new, then in the new location when looking at the old. Either mremap's move_ptes() must additionally take anon_vma lock(), or migration's remove_migration_pte() must stop peeking for is_swap_entry() before it takes pagetable lock. Consensus chooses the latter: we prefer to add overhead to migration than to mremapping, which gets used by JVMs and by exec stack setup. Reported-and-tested-by: NPaweł Sikora <pluto@agmk.net> Signed-off-by: NHugh Dickins <hughd@google.com> Acked-by: NAndrea Arcangeli <aarcange@redhat.com> Acked-by: NMel Gorman <mgorman@suse.de> Cc: stable@vger.kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Kjetil Oftedal 提交于
Currently no type of alignment is specified for PCI expansion roms while parsing the openfirmware tree. This causes calls to pci_map_rom() to fail. IORESOURCE_SIZEALIGN is the default alignment used for rom resouces in pci/probe.c, and has been verified to work with various cards on a ultra 10. Signed-off-By: NKjetil Oftedal <oftedal@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Yan, Zheng 提交于
we should decrease ops->unresolved_rules when deleting a unresolved rule. Signed-off-by: NZheng Yan <zheng.z.yan@intel.com> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 hayeswang 提交于
Correct the wrong parameter for setting EEE for RTL8111E-VL. Signed-off-by: NHayes Wang <hayeswang@realtek.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 françois romieu 提交于
Due to commit 92fc43b4 ("r8169: modify the flow of the hw reset."), rtl8169_hw_reset stomps during driver shutdown on RxConfig bits which are needed for WOL on some versions of the hardware. As these bits were formerly set from the r81{0x, 68}_pll_power_down methods, factor them out for use in the driver shutdown (rtl_shutdown) handler. I favored __rtl8169_get_wol() -hardware state indication- over RTL_FEATURE_WOL as the latter has become a good candidate for removal. Signed-off-by: NFrancois Romieu <romieu@fr.zoreil.com> Cc: Hayes <hayeswang@realtek.com> Tested-by: NMarc Ballarin <ballarin.marc@gmx.de> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
Breno Leitao has passed the maintainership to me. Signed-off-by: NThadeu Lima de Souza Cascardo <cascardo@linux.vnet.ibm.com> Cc: Breno Leitao <leitao@linux.vnet.ibm.com> Acked-by: NBreno Leitão <leitao@linux.vnet.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 19 10月, 2011 14 次提交
-
-
git://linuxtv.org/mchehab/for_linus由 Linus Torvalds 提交于
* 'v4l_for_linus' of git://linuxtv.org/mchehab/for_linus: [media] videodev: fix a NULL pointer dereference in v4l2_device_release()
-
git://people.freedesktop.org/~airlied/linux由 Linus Torvalds 提交于
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/radeon/kms/atom: fix handling of FB scratch indices drm/radeon/kms/DCE4.1: fix Select_CrtcSource EncodeMode setting for DP bridges (v2) drm/radeon/kms/DCE4.1: ss is not supported on the internal pplls drm/radeon/kms/DCE4.1: fix dig encoder to transmitter mapping ttm: Fix error-path using an uninitialized value
-
由 Antonio Ospite 提交于
The change in 8280b662 does not cover the case when v4l2_dev is already NULL, fix that. With a Kinect sensor, seen as an USB camera using GSPCA in this context, a NULL pointer dereference BUG can be triggered by just unplugging the device after the camera driver has been loaded. Signed-off-by: NAntonio Ospite <ospite@studenti.unina.it> Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
-
由 Alex Deucher 提交于
FB scratch indices are dword indices, but we were treating them as byte indices. As such, we were getting the wrong FB scratch data for non-0 indices. Fix the indices and guard the indexing against indices larger than the scratch allocation. Fixes memory corruption on some boards if data was written past the end of the FB scratch array. Signed-off-by: NAlex Deucher <alexander.deucher@amd.com> Reported-by: NDave Airlie <airlied@redhat.com> Tested-by: NDave Airlie <airlied@redhat.com> Cc: stable@kernel.org Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Eric Dumazet 提交于
e1000e uses paged frags, so any layer incorrectly pulling bytes from skb can trigger a BUG in skb_pull() [951.142737] [<ffffffff813d2f36>] skb_pull+0x15/0x17 [951.142737] [<ffffffffa0286824>] pptp_rcv_core+0x126/0x19a [pptp] [951.152725] [<ffffffff813d17c4>] sk_receive_skb+0x69/0x105 [951.163558] [<ffffffffa0286993>] pptp_rcv+0xc8/0xdc [pptp] [951.165092] [<ffffffffa02800a3>] gre_rcv+0x62/0x75 [gre] [951.165092] [<ffffffff81410784>] ip_local_deliver_finish+0x150/0x1c1 [951.177599] [<ffffffff81410634>] ? ip_local_deliver_finish+0x0/0x1c1 [951.177599] [<ffffffff81410846>] NF_HOOK.clone.7+0x51/0x58 [951.177599] [<ffffffff81410996>] ip_local_deliver+0x51/0x55 [951.177599] [<ffffffff814105b9>] ip_rcv_finish+0x31a/0x33e [951.177599] [<ffffffff8141029f>] ? ip_rcv_finish+0x0/0x33e [951.204898] [<ffffffff81410846>] NF_HOOK.clone.7+0x51/0x58 [951.214651] [<ffffffff81410bb5>] ip_rcv+0x21b/0x246 pptp_rcv_core() is a nice example of a function assuming everything it needs is available in skb head. Reported-by: NBradley Peterson <despite@gmail.com> Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 KOVACS Krisztian 提交于
The transparent socket option setting was not copied to the time wait socket when an inet socket was being replaced by a time wait socket. This broke the --transparent option of the socket match and may have caused that FIN packets belonging to sockets in FIN_WAIT2 or TIME_WAIT state were being dropped by the packet filter. Signed-off-by: NKOVACS Krisztian <hidden@balabit.hu> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
In case we cant transmit skb, we must free it Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> CC: Dmitry Kozlov <xeb@mail.ru> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Mitsuo Hayasaka 提交于
The bond->recv_probe is called in bond_handle_frame() when a packet is received, but bond_close() sets it to NULL. So, a panic occurs when both functions work in parallel. Why this happen: After null pointer check of bond->recv_probe, an sk_buff is duplicated and bond->recv_probe is called in bond_handle_frame. So, a panic occurs when bond_close() is called between the check and call of bond->recv_probe. Patch: This patch uses a local function pointer of bond->recv_probe in bond_handle_frame(). So, it can avoid the null pointer dereference. Signed-off-by: NMitsuo Hayasaka <mitsuo.hayasaka.hu@hitachi.com> Cc: Jay Vosburgh <fubar@us.ibm.com> Cc: Andy Gospodarek <andy@greyhouse.net> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: WANG Cong <xiyou.wangcong@gmail.com> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Phil Edworthy 提交于
LAN89218 is register compatible with LAN911x. Signed-off-by: NPhil Edworthy <phil.edworthy@renesas.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Jiri Pirko 提交于
USE_PHYLIB flag in tg3_remove_one() is being checked incorrectly. This results tg3_phy_fini->phy_disconnect is never called and when tg3 module is removed. In my case this resulted in panics in phy_state_machine calling function phydev->adjust_link. So correct this check. Signed-off-by: NJiri Pirko <jpirko@redhat.com> Acked-by: NMatt Carlson <mcarlson@broadcom.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Gao feng 提交于
There is no check if netconsole is enabled current. so when exec echo 1 > enabled; the reference of net_device will increment always. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> Acked-by: NFlavio Leitner <fbl@redhat.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Paul Moore 提交于
The Bluetooth stack has internal connection handlers for all of the various Bluetooth protocols, and unfortunately, they are currently lacking the LSM hooks found in the core network stack's connection handlers. I say unfortunately, because this can cause problems for users who have have an LSM enabled and are using certain Bluetooth devices. See one problem report below: * http://bugzilla.redhat.com/show_bug.cgi?id=741703 In order to keep things simple at this point in time, this patch fixes the problem by cloning the parent socket's LSM attributes to the newly created child socket. If we decide we need a more elaborate LSM marking mechanism for Bluetooth (I somewhat doubt this) we can always revisit this decision in the future. Reported-by: NJames M. Cape <jcape@ignore-your.tv> Signed-off-by: NPaul Moore <pmoore@redhat.com> Acked-by: NJames Morris <jmorris@namei.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Eric Dumazet 提交于
l2tp_xmit_skb() can leak one skb if skb_cow_head() returns an error. Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 stephen hemminger 提交于
Need to cleanup bridge device timers and ports when being bridge device is being removed via netlink. This fixes the problem of observed when doing: ip link add br0 type bridge ip link set dev eth1 master br0 ip link set br0 up ip link del br0 which would cause br0 to hang in unregister_netdev because of leftover reference count. Reported-by: NSridhar Samudrala <sri@us.ibm.com> Signed-off-by: NStephen Hemminger <shemminger@vyatta.com> Acked-by: NSridhar Samudrala <sri@us.ibm.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 18 10月, 2011 11 次提交
-
-
由 Peter Zijlstra 提交于
There's a lock inversion between the cputimer->lock and rq->lock; notably the two callchains involved are: update_rlimit_cpu() sighand->siglock set_process_cpu_timer() cpu_timer_sample_group() thread_group_cputimer() cputimer->lock thread_group_cputime() task_sched_runtime() ->pi_lock rq->lock scheduler_tick() rq->lock task_tick_fair() update_curr() account_group_exec() cputimer->lock Where the first one is enabling a CLOCK_PROCESS_CPUTIME_ID timer, and the second one is keeping up-to-date. This problem was introduced by e8abccb7 ("posix-cpu-timers: Cure SMP accounting oddities"). Cure the problem by removing the cputimer->lock and rq->lock nesting, this leaves concurrent enablers doing duplicate work, but the time wasted should be on the same order otherwise wasted spinning on the lock and the greater-than assignment filter should ensure we preserve monotonicity. Reported-by: NDave Jones <davej@redhat.com> Reported-by: NSimon Kirby <sim@hostway.ca> Signed-off-by: NPeter Zijlstra <a.p.zijlstra@chello.nl> Cc: stable@kernel.org Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Link: http://lkml.kernel.org/r/1318928713.21167.4.camel@twinsSigned-off-by: NThomas Gleixner <tglx@linutronix.de>
-
由 Alex Deucher 提交于
Settings in this table reflect the physical panel/connector rather than the internal dig encoding. v2: fix typo for DRM_MODE_CONNECTOR_VGA case. Signed-off-by: NAlex Deucher <alexander.deucher@amd.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
It's handled via external clock. It should already be protected by the external ss flag, but add an explicit check just in case. Signed-off-by: NAlex Deucher <alexander.deucher@amd.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Alex Deucher 提交于
llano has fully routeable dig encoders similar to DCE3.2 while ontario has a hardcoded mapping similar to DCE4.0. Signed-off-by: NAlex Deucher <alexander.deucher@amd.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Thomas Hellstrom 提交于
Pointed out by Michel Daenzer. Signed-off-by: NThomas Hellstrom <thellstrom@vmware.com> Signed-off-by: NDave Airlie <airlied@redhat.com>
-
由 Linus Torvalds 提交于
-
-
由 Matthew Daley 提交于
x25_find_listener does not check that the amount of call user data given in the skb is big enough in per-socket comparisons, hence buffer overreads may occur. Fix this by adding a check. Signed-off-by: NMatthew Daley <mattjd@gmail.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Andrew Hendry <andrew.hendry@gmail.com> Cc: stable <stable@kernel.org> Acked-by: NAndrew Hendry <andrew.hendry@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Matthew Daley 提交于
There are multiple locations in the X.25 packet layer where a skb is assumed to be of at least a certain size and that all its data is currently available at skb->data. These assumptions are not checked, hence buffer overreads may occur. Use pskb_may_pull to check these minimal size assumptions and ensure that data is available at skb->data when necessary, as well as use skb_copy_bits where needed. Signed-off-by: NMatthew Daley <mattjd@gmail.com> Cc: Eric Dumazet <eric.dumazet@gmail.com> Cc: Andrew Hendry <andrew.hendry@gmail.com> Cc: stable <stable@kernel.org> Acked-by: NAndrew Hendry <andrew.hendry@gmail.com> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Matthew Daley 提交于
X.25 call user data is being copied in its entirety from incoming messages without consideration to the size of the destination buffers, leading to possible buffer overflows. Validate incoming call user data lengths before these copies are performed. It appears this issue was noticed some time ago, however nothing seemed to come of it: see http://www.spinics.net/lists/linux-x25/msg00043.html and commit 8db09f26. Signed-off-by: NMatthew Daley <mattjd@gmail.com> Acked-by: NEric Dumazet <eric.dumazet@gmail.com> Tested-by: NAndrew Hendry <andrew.hendry@gmail.com> Cc: stable <stable@kernel.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Gerrit Renker 提交于
Commit 903ab86d of 1 March this year ("udp: Add lockless transmit path") introduced a new fast TX path that broke the checksum coverage computation of UDP-lite, which so far depended on up->len (only set if the socket is locked and 0 in the fast path). Fixed by providing both fast- and slow-path computation of checksum coverage. The latter can be removed when UDP(-lite)v6 also uses a lockless transmit path. Reported-by: NThomas Volkert <thomas@homer-conferencing.com> Signed-off-by: NGerrit Renker <gerrit@erg.abdn.ac.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
- 17 10月, 2011 2 次提交
-
-
由 Linus Torvalds 提交于
The size is always valid, but variable-length arrays generate worse code for no good reason (unless the function happens to be inlined and the compiler sees the length for the simple constant it is). Also, there seems to be some code generation problem on POWER, where Henrik Bakken reports that register r28 can get corrupted under some subtle circumstances (interrupt happening at the wrong time?). That all indicates some seriously broken compiler issues, but since variable length arrays are bad regardless, there's little point in trying to chase it down. "Just don't do that, then". Reported-by: NHenrik Grindal Bakken <henribak@cisco.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: stable@kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
http://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm由 Linus Torvalds 提交于
* 'fixes' of http://ftp.arm.linux.org.uk/pub/linux/arm/kernel/git-cur/linux-2.6-arm: ARM: 7128/1: vic: Don't write to the read-only register VIC_IRQ_STATUS ARM: 7122/1: localtimer: add header linux/errno.h explicitly ARM: 7117/1: perf: fix HW_CACHE_* events on Cortex-A9 ARM: 7113/1: mm: Align bank start to MAX_ORDER_NR_PAGES
-
- 15 10月, 2011 3 次提交
-
-
由 Zoltan Devai 提交于
This is unneeded and causes an abort on the SPMP8000 platform. Acked-by: NLinus Walleij <linus.walleij@linaro.org> Signed-off-by: NZoltan Devai <zoss@devai.org> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Shawn Guo 提交于
Per the text in Documentation/SubmitChecklist as below, we should explicitly have header linux/errno.h in localtimer.h for ENXIO reference. 1: If you use a facility then #include the file that defines/declares that facility. Don't depend on other header files pulling in ones that you use. Otherwise, we may run into some compiling error like the following one, if any file includes localtimer.h without CONFIG_LOCAL_TIMERS defined. arch/arm/include/asm/localtimer.h: In function ‘local_timer_setup’: arch/arm/include/asm/localtimer.h:53:10: error: ‘ENXIO’ undeclared (first use in this function) Signed-off-by: NShawn Guo <shawn.guo@linaro.org> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Will Deacon 提交于
Using COHERENT_LINE_{MISS,HIT} for cache misses and references respectively is completely wrong. Instead, use the L1D events which are a better and more useful approximation despite ignoring instruction traffic. Reported-by: NAlasdair Grant <alasdair.grant@arm.com> Reported-by: NMatt Horsnell <matt.horsnell@arm.com> Reported-by: NMichael Williams <michael.williams@arm.com> Cc: stable@kernel.org Cc: Jean Pihet <j-pihet@ti.com> Signed-off-by: NWill Deacon <will.deacon@arm.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-