1. 06 3月, 2012 2 次提交
    • M
      x86/kprobes: Fix a bug which can modify kernel code permanently · 46484688
      Masami Hiramatsu 提交于
      Fix a bug in kprobes which can modify kernel code
      permanently at run-time. In the result, kernel can
      crash when it executes the modified code.
      
      This bug can happen when we put two probes enough near
      and the first probe is optimized. When the second probe
      is set up, it copies a byte which is already modified
      by the first probe, and executes it when the probe is hit.
      Even worse, the first probe and the second probe are removed
      respectively, the second probe writes back the copied
      (modified) instruction.
      
      To fix this bug, kprobes always recovers the original
      code and copies the first byte from recovered instruction.
      Signed-off-by: NMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
      Cc: yrl.pp-manager.tt@hitachi.com
      Cc: systemtap@sourceware.org
      Cc: anderson@redhat.com
      Link: http://lkml.kernel.org/r/20120305133215.5982.31991.stgit@localhost.localdomainSigned-off-by: NIngo Molnar <mingo@elte.hu>
      46484688
    • M
      x86/kprobes: Fix instruction recovery on optimized path · 86b4ce31
      Masami Hiramatsu 提交于
      Current probed-instruction recovery expects that only breakpoint
      instruction modifies instruction. However, since kprobes jump
      optimization can replace original instructions with a jump,
      that expectation is not enough. And it may cause instruction
      decoding failure on the function where an optimized probe
      already exists.
      
      This bug can reproduce easily as below:
      
      1) find a target function address (any kprobe-able function is OK)
      
       $ grep __secure_computing /proc/kallsyms
         ffffffff810c19d0 T __secure_computing
      
      2) decode the function
         $ objdump -d vmlinux --start-address=0xffffffff810c19d0 --stop-address=0xffffffff810c19eb
      
        vmlinux:     file format elf64-x86-64
      
      Disassembly of section .text:
      
      ffffffff810c19d0 <__secure_computing>:
      ffffffff810c19d0:       55                      push   %rbp
      ffffffff810c19d1:       48 89 e5                mov    %rsp,%rbp
      ffffffff810c19d4:       e8 67 8f 72 00          callq
      ffffffff817ea940 <mcount>
      ffffffff810c19d9:       65 48 8b 04 25 40 b8    mov    %gs:0xb840,%rax
      ffffffff810c19e0:       00 00
      ffffffff810c19e2:       83 b8 88 05 00 00 01    cmpl $0x1,0x588(%rax)
      ffffffff810c19e9:       74 05                   je     ffffffff810c19f0 <__secure_computing+0x20>
      
      3) put a kprobe-event at an optimize-able place, where no
       call/jump places within the 5 bytes.
       $ su -
       # cd /sys/kernel/debug/tracing
       # echo p __secure_computing+0x9 > kprobe_events
      
      4) enable it and check it is optimized.
       # echo 1 > events/kprobes/p___secure_computing_9/enable
       # cat ../kprobes/list
       ffffffff810c19d9  k  __secure_computing+0x9    [OPTIMIZED]
      
      5) put another kprobe on an instruction after previous probe in
        the same function.
       # echo p __secure_computing+0x12 >> kprobe_events
       bash: echo: write error: Invalid argument
       # dmesg | tail -n 1
       [ 1666.500016] Probing address(0xffffffff810c19e2) is not an instruction boundary.
      
      6) however, if the kprobes optimization is disabled, it works.
       # echo 0 > /proc/sys/debug/kprobes-optimization
       # cat ../kprobes/list
       ffffffff810c19d9  k  __secure_computing+0x9
       # echo p __secure_computing+0x12 >> kprobe_events
       (no error)
      
      This is because kprobes doesn't recover the instruction
      which is overwritten with a relative jump by another kprobe
      when finding instruction boundary.
      It only recovers the breakpoint instruction.
      
      This patch fixes kprobes to recover such instructions.
      
      With this fix:
      
       # echo p __secure_computing+0x9 > kprobe_events
       # echo 1 > events/kprobes/p___secure_computing_9/enable
       # cat ../kprobes/list
       ffffffff810c1aa9  k  __secure_computing+0x9    [OPTIMIZED]
       # echo p __secure_computing+0x12 >> kprobe_events
       # cat ../kprobes/list
       ffffffff810c1aa9  k  __secure_computing+0x9    [OPTIMIZED]
       ffffffff810c1ab2  k  __secure_computing+0x12    [DISABLED]
      
      Changes in v4:
       - Fix a bug to ensure optimized probe is really optimized
         by jump.
       - Remove kprobe_optready() dependency.
       - Cleanup code for preparing optprobe separation.
      
      Changes in v3:
       - Fix a build error when CONFIG_OPTPROBE=n. (Thanks, Ingo!)
         To fix the error, split optprobe instruction recovering
         path from kprobes path.
       - Cleanup comments/styles.
      
      Changes in v2:
       - Fix a bug to recover original instruction address in
         RIP-relative instruction fixup.
       - Moved on tip/master.
      Signed-off-by: NMasami Hiramatsu <masami.hiramatsu.pt@hitachi.com>
      Cc: Ananth N Mavinakayanahalli <ananth@in.ibm.com>
      Cc: yrl.pp-manager.tt@hitachi.com
      Cc: systemtap@sourceware.org
      Cc: anderson@redhat.com
      Link: http://lkml.kernel.org/r/20120305133209.5982.36568.stgit@localhost.localdomainSigned-off-by: NIngo Molnar <mingo@elte.hu>
      86b4ce31
  2. 05 3月, 2012 10 次提交
  3. 03 3月, 2012 3 次提交
  4. 02 3月, 2012 2 次提交
  5. 01 3月, 2012 4 次提交
  6. 29 2月, 2012 2 次提交
  7. 28 2月, 2012 1 次提交
  8. 27 2月, 2012 14 次提交
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/aia21/ntfs · 5ffca28a
      Linus Torvalds 提交于
      Here are some trivial NTFS changes (a spelling fix and two use before
      NULL check cases found by Coverity as well as an update in MAINTAINERS
      for the path to the ntfs git repo) together with a simple LDM fix for
      parsing fragmented VBLKs.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/aia21/ntfs:
        NTFS: Update git repo path in MAINTAINERS file.
        LDM: Fix reassembly of extended VBLKs.
        NTFS: Correct two spelling errors "dealocate" to "deallocate" in mft.c.
        NTFS: Do not dereference pointer before checking for NULL.
        NTFS: Remove unused variable.
      5ffca28a
    • L
      Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · e25bda56
      Linus Torvalds 提交于
      * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        x86/mce/AMD: Fix UP build error
        x86: Specify a size for the cmp in the NMI handler
        x86/nmi: Test saved %cs in NMI to determine nested NMI case
        x86/amd: Fix L1i and L2 cache sharing information for AMD family 15h processors
        x86/microcode: Remove noisy AMD microcode warning
      e25bda56
    • L
      Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 70ca00db
      Linus Torvalds 提交于
      * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        sched/events: Revert trace_sched_stat_sleeptime()
      70ca00db
    • L
      Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · faf3502a
      Linus Torvalds 提交于
      * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        genirq: Handle pending irqs in irq_startup()
        genirq: Unmask oneshot irqs when thread was not woken
      faf3502a
    • H
      compat: fix compile breakage on s390 · 048cd4e5
      Heiko Carstens 提交于
      The new is_compat_task() define for the !COMPAT case in
      include/linux/compat.h conflicts with a similar define in
      arch/s390/include/asm/compat.h.
      
      This is the minimal patch which fixes the build issues.
      Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      048cd4e5
    • A
      e6f4dee7
    • A
      f621c533
    • I
      Merge branch 'tip/perf/core' of... · 83b84503
      Ingo Molnar 提交于
      Merge branch 'tip/perf/core' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace into perf/core
      83b84503
    • L
      Merge tag 'stable/for-linus-fixes-3.3-rc5' of... · 500dd237
      Linus Torvalds 提交于
      Merge tag 'stable/for-linus-fixes-3.3-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
      
      Two fixes to fix a memory corruption bug when WC pages never get
      converted back to WB but end up being recycled in the general memory
      pool as WC.
      
      There is a better way of fixing this, but there is not enough time to do
      the full benchmarking to pick one of the right options - so picking the
      one that favors stability for right now.
      Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
      
      * tag 'stable/for-linus-fixes-3.3-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
        xen/pat: Disable PAT support for now.
        xen/setup: Remove redundant filtering of PTE masks.
      500dd237
    • L
      Merge tag 'for-linus' of git://github.com/rustyrussell/linux · f6bd5798
      Linus Torvalds 提交于
      * tag 'for-linus' of git://github.com/rustyrussell/linux:
        mod/file2alias: make modpost compile on darwin again
      f6bd5798
    • I
      autofs4 - update MAINTAINERS mailing list entry · f694fc97
      Ian Kent 提交于
      The autofs mailing list has moved to vger.kernel.org.
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f694fc97
    • A
      mod/file2alias: make modpost compile on darwin again · dd2a3aca
      Andreas Bießmann 提交于
      commit e49ce141 breaks cross compiling
      the linux kernel on darwin hosts.
      This fix introduce some minimal glue to adopt linker section handling
      for darwin hosts.
      Signed-off-by: NAndreas Bießmann <andreas@biessmann.de>
      CC: Rusty Russell <rusty@rustcorp.com.au>
      CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      CC: Jochen Friedrich <jochen@scram.de>
      CC: Samuel Ortiz <sameo@linux.intel.com>
      CC: "K. Y. Srinivasan" <kys@microsoft.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Tested-by: NBernhard Walle <bernhard@bwalle.de>
      dd2a3aca
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 203738e5
      Linus Torvalds 提交于
      1) ICMP sockets leave err uninitialized but we try to return it for the
         unsupported MSG_OOB case, reported by Dave Jones.
      
      2) Add new Zaurus device ID entries, from Dave Jones.
      
      3) Pointer calculation in hso driver memset is wrong, from Dan
         Carpenter.
      
      4) ks8851_probe() checks unsigned value as negative, fix also from Dan
         Carpenter.
      
      5) Fix crashes in atl1c driver due to TX queue handling, from Eric
         Dumazet.  I anticipate some TX side locking fixes coming in the near
         future for this driver as well.
      
      6) The inline directive fix in Bluetooth which was breaking the build
         only with very new versions of GCC, from Johan Hedberg.
      
      7) Fix crashes in the ATP CLIP code due to ARP cleanups this merge
         window, reported by Meelis Roos and fixed by Eric Dumazet.
      
      8) JME driver doesn't flush RX FIFO correctly, from Guo-Fu Tseng.
      
      9) Some ip6_route_output() callers test the return value for NULL, but
         this never happens as the convention is to return a dst entry with
         dst->error set.  Fixes from RonQing Li.
      
      10) Logitech Harmony 900 should be handled by zaurus driver not
         cdc_ether, update white lists and black lists accordingly.  From
         Scott Talbert.
      
      11) Receiving from certain kinds of devices there won't be a MAC header,
         so there is no MAC header to fixup in the IPSEC code, and if we try
         to do it we'll crash.  Fix from Eric Dumazet.
      
      12) Port type array indexing off-by-one in mlx4 driver, fix from Yevgeny
         Petrilin.
      
      13) Fix regression in link-down handling in davinci_emac which causes
         all RX descriptors to be freed up and therefore RX to wedge
         completely, from Christian Riesch.
      
      14) It took two attempts, but ctnetlink soft lockups seem to be
         cured now, from Pablo Neira Ayuso.
      
      15) Endianness bug fix in ENIC driver, from Santosh Nayak.
      
      16) The long ago conversion of the PPP fragmentation code over to
         abstracted SKB list handling wasn't perfect, once we get an
         out of sequence SKB we don't flush the rest of them like we
         should.  From Ben McKeegan.
      
      17) Fix regression of ->ip_summed initialization in sfc driver.
         From Ben Hutchings.
      
      18) Bluetooth timeout mistakenly using msecs instead of jiffies,
         from Andrzej Kaczmarek.
      
      19) Using _sync variant of work cancellation results in deadlocks,
         use the non _sync variants instead.  From Andre Guedes.
      
      20) Bluetooth rfcomm code had reference counting problems leading
         to crashes, fix from Octavian Purdila.
      
      21) The conversion of netem over to classful qdisc handling added
         two bugs to netem_dequeue(), fixes from Eric Dumazet.
      
      22) Missing pci_iounmap() in ATM Solos driver.  Fix from Julia Lawall.
      
      23) b44_pci_exit() should not have __exit tag since it's invoked from
         non-__exit code.  From Nikola Pajkovsky.
      
      24) The conversion of the neighbour hash tables over to RCU added a
         race, fixed here by adding the necessary reread of tbl->nht, fix
         from Michel Machado.
      
      25) When we added VF (virtual function) attributes for network device
         dumps, this potentially bloats up the size of the dump of one
         network device such that the dump size is too large for the buffer
         allocated by properly written netlink applications.
      
         In particular, if you add 255 VFs to a network device, parts of
         GLIBC stop working.
      
         To fix this, we add an attribute that is used to turn on these
         extended portions of the network device dump.  Sophisticaed
         applications like 'ip' that want to see this stuff  will be changed
         to set the attribute, whereas things like GLIBC that don't care
         about VFs simply will not, and therefore won't be busted by the
         mere presence of VFs on a network device.
      
         Thanks to the tireless work of Greg Rose on this fix.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (53 commits)
        sfc: Fix assignment of ip_summed for pre-allocated skbs
        ppp: fix 'ppp_mp_reconstruct bad seq' errors
        enic: Fix endianness bug.
        gre: fix spelling in comments
        netfilter: ctnetlink: fix soft lockup when netlink adds new entries (v2)
        Revert "netfilter: ctnetlink: fix soft lockup when netlink adds new entries"
        davinci_emac: Do not free all rx dma descriptors during init
        mlx4_core: Fixing array indexes when setting port types
        phy: IC+101G and PHY_HAS_INTERRUPT flag
        netdev/phy/icplus: Correct broken phy_init code
        ipsec: be careful of non existing mac headers
        Move Logitech Harmony 900 from cdc_ether to zaurus
        hso: memsetting wrong data in hso_get_count()
        netfilter: ip6_route_output() never returns NULL.
        ethernet/broadcom: ip6_route_output() never returns NULL.
        ipv6: ip6_route_output() never returns NULL.
        jme: Fix FIFO flush issue
        atm: clip: remove clip_tbl
        ipv4: ping: Fix recvmsg MSG_OOB error handling.
        rtnetlink: Fix problem with buffer allocation
        ...
      203738e5
    • L
      Fix autofs compile without CONFIG_COMPAT · 3c761ea0
      Linus Torvalds 提交于
      The autofs compat handling fix caused a compile failure when
      CONFIG_COMPAT isn't defined.
      
      Instead of adding random #ifdef'fery in autofs, let's just make the
      compat helpers earlier to use: without CONFIG_COMPAT, is_compat_task()
      just hardcodes to zero.
      
      We could probably do something similar for a number of other cases where
      we have #ifdef's in code, but this is the low-hanging fruit.
      Reported-and-tested-by: NAndreas Schwab <schwab@linux-m68k.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3c761ea0
  9. 26 2月, 2012 2 次提交