1. 18 8月, 2010 3 次提交
    • D
      a7c8962b
    • D
      Fix unprotected access to task credentials in waitid() · f362b732
      Daniel J Blueman 提交于
      Using a program like the following:
      
      	#include <stdlib.h>
      	#include <unistd.h>
      	#include <sys/types.h>
      	#include <sys/wait.h>
      
      	int main() {
      		id_t id;
      		siginfo_t infop;
      		pid_t res;
      
      		id = fork();
      		if (id == 0) { sleep(1); exit(0); }
      		kill(id, SIGSTOP);
      		alarm(1);
      		waitid(P_PID, id, &infop, WCONTINUED);
      		return 0;
      	}
      
      to call waitid() on a stopped process results in access to the child task's
      credentials without the RCU read lock being held - which may be replaced in the
      meantime - eliciting the following warning:
      
      	===================================================
      	[ INFO: suspicious rcu_dereference_check() usage. ]
      	---------------------------------------------------
      	kernel/exit.c:1460 invoked rcu_dereference_check() without protection!
      
      	other info that might help us debug this:
      
      	rcu_scheduler_active = 1, debug_locks = 1
      	2 locks held by waitid02/22252:
      	 #0:  (tasklist_lock){.?.?..}, at: [<ffffffff81061ce5>] do_wait+0xc5/0x310
      	 #1:  (&(&sighand->siglock)->rlock){-.-...}, at: [<ffffffff810611da>]
      	wait_consider_task+0x19a/0xbe0
      
      	stack backtrace:
      	Pid: 22252, comm: waitid02 Not tainted 2.6.35-323cd+ #3
      	Call Trace:
      	 [<ffffffff81095da4>] lockdep_rcu_dereference+0xa4/0xc0
      	 [<ffffffff81061b31>] wait_consider_task+0xaf1/0xbe0
      	 [<ffffffff81061d15>] do_wait+0xf5/0x310
      	 [<ffffffff810620b6>] sys_waitid+0x86/0x1f0
      	 [<ffffffff8105fce0>] ? child_wait_callback+0x0/0x70
      	 [<ffffffff81003282>] system_call_fastpath+0x16/0x1b
      
      This is fixed by holding the RCU read lock in wait_task_continued() to ensure
      that the task's current credentials aren't destroyed between us reading the
      cred pointer and us reading the UID from those credentials.
      
      Furthermore, protect wait_task_stopped() in the same way.
      
      We don't need to keep holding the RCU read lock once we've read the UID from
      the credentials as holding the RCU read lock doesn't stop the target task from
      changing its creds under us - so the credentials may be outdated immediately
      after we've read the pointer, lock or no lock.
      Signed-off-by: NDaniel J Blueman <daniel.blueman@gmail.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Acked-by: NOleg Nesterov <oleg@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      f362b732
    • D
      Make do_execve() take a const filename pointer · d7627467
      David Howells 提交于
      Make do_execve() take a const filename pointer so that kernel_execve() compiles
      correctly on ARM:
      
      arch/arm/kernel/sys_arm.c:88: warning: passing argument 1 of 'do_execve' discards qualifiers from pointer target type
      
      This also requires the argv and envp arguments to be consted twice, once for
      the pointer array and once for the strings the array points to.  This is
      because do_execve() passes a pointer to the filename (now const) to
      copy_strings_kernel().  A simpler alternative would be to cast the filename
      pointer in do_execve() when it's passed to copy_strings_kernel().
      
      do_execve() may not change any of the strings it is passed as part of the argv
      or envp lists as they are some of them in .rodata, so marking these strings as
      const should be fine.
      
      Further kernel_execve() and sys_execve() need to be changed to match.
      
      This has been test built on x86_64, frv, arm and mips.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Tested-by: NRalf Baechle <ralf@linux-mips.org>
      Acked-by: NRussell King <rmk+kernel@arm.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d7627467
  2. 16 8月, 2010 10 次提交
    • L
      Linux 2.6.36-rc1 · da5cabf8
      Linus Torvalds 提交于
      da5cabf8
    • L
      Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 · 2245ba2a
      Linus Torvalds 提交于
      * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
        gcc-4.6: ACPI: fix unused but set variables in ACPI
        ACPI thermal: make procfs I/F depend on CONFIG_ACPI_PROCFS
        ACPI video: make procfs I/F depend on CONFIG_ACPI_PROCFS
        ACPI processor: remove deprecated ACPI procfs I/F
        ACPI power_resource: remove unused procfs I/F
        ACPI: remove deprecated ACPI procfs I/F
        ACPI: introduce drivers/acpi/sysfs.c
        ACPI: introduce module parameter acpi.aml_debug_output
        ACPI: introduce drivers/acpi/debugfs.c
        ACPI, APEI, ERST debug support
        ACPI, APEI, Manage GHES as platform devices
        ACPI, APEI, Rename CPER and GHES severity constants
        ACPI, APEI, Fix a typo of error path of apei_resources_request
        ACPI / ACPICA: Fix reference counting problems with GPE handlers
        ACPI: Add the check of ADR flag in course of finding ACPI handle for PCI device
        ACPI / Sleep: Drop acpi_suspend_finish()
        ACPI / Sleep: Consolidate suspend and hibernation routines
        ACPI / Wakeup: Simplify enabling of wakeup devices
        ACPI / Sleep: Rework enabling wakeup devices
        ACPI / Sleep: Free NVS copy if suspending of devices fails
      
      Fixed up totally buggered "ACPI: fix unused but set variables in ACPI"
      patch that doesn't even compile in the merge.
      
      Thanks to Sedat Dilek <sedat.dilek@googlemail.com> for noticing the
      breakage before I even pulled.  And a big "Grrr.." at Len for not even
      bothering to compile the tree before asking me to pull.
      2245ba2a
    • L
      Merge git://git.infradead.org/iommu-2.6 · e2e96c66
      Linus Torvalds 提交于
      * git://git.infradead.org/iommu-2.6:
        intel-iommu: Fix 32-bit build warning with __cmpxchg()
        intr-remap: allow disabling source id checking
      e2e96c66
    • L
      Merge git://git.infradead.org/mtd-2.6 · 7355a5a6
      Linus Torvalds 提交于
      * git://git.infradead.org/mtd-2.6:
        mtd/nand_ids: Fix buswidth
        mtd/m25p80: fix test for end of loop
        mtd/m25p80: retlen is never NULL
        MIPS: Fix gen_nand probe structures contents
        gen_nand: Test if nr_chips field is valid
        BFIN: Fix gen_nand probe structures contents
        nand/denali: move all hardware initialization work to denali_hw_init
        nand/denali: Add a page check in denali_read_page & denali_read_page_raw
        nand/denali: use cpu_relax() while waiting for hardware interrupt
        nand/denali: change read_status function method
        nand/denali: Fixed check patch warnings
        ARM: Fix gen_nand probe structures contents
        mtd/nand_base: fix kernel-doc warnings & typos
        nand/denali: use dev_xx debug function to replace nand_dbg_print and some printk
        nand/denali: Fixed handle ECC error bugs
        nand/denali: use iowrite32() to replace denali_write32()
        nand/denali: Fixed probe function bugs
      7355a5a6
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile · 7a1b29a8
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile:
        arch/tile: don't validate CROSS_COMPILE needlessly
        arch/tile: export only COMMAND_LINE_SIZE to userspace.
        arch/tile: rename ARCH_KMALLOC_MINALIGN to ARCH_DMA_MINALIGN
        arch/tile: Rename the hweight() implementations to __arch_hweight()
        arch/tile: extend syscall ABI to set r1 on return as well.
        arch/tile: Various cleanups.
        arch/tile: support backtracing on TILE-Gx
        arch/tile: Fix a couple of issues with the COMPAT code for TILE-Gx.
        arch/tile: Use separate, better minsec values for clocksource and sched_clock.
        arch/tile: correct a bug in freeing bootmem by VA for the optional second initrd.
        arch: tile: mm: pgtable.c: Removed duplicated #include
        arch: tile: kernel/proc.c Removed duplicated #include
        Add fanotify syscalls to <asm-generic/unistd.h>.
        arch/tile: support new kunmap_atomic() naming convention.
        tile: remove unused ISA_DMA_THRESHOLD define
      
      Conflicts in arch/tile/configs/tile_defconfig (pick the mainline version
      with the reduced defconfig).
      7a1b29a8
    • C
      arch/tile: don't validate CROSS_COMPILE needlessly · a5854dd7
      Chris Metcalf 提交于
      With this change, the arch/tile Makefile will only check for a valid
      combination of CROSS_COMPILE vs "uname -m" for a few common targets
      that are typically the ones we get wrong (vmlinux, all, and modules).
      The change handles the case of an empty "make" goal like "make all".
      Signed-off-by: NChris Metcalf <cmetcalf@tilera.com>
      Reviewed-by: NSam Ravnborg <sam@ravnborg.org>
      a5854dd7
    • L
      mm: fix up some user-visible effects of the stack guard page · d7824370
      Linus Torvalds 提交于
      This commit makes the stack guard page somewhat less visible to user
      space. It does this by:
      
       - not showing the guard page in /proc/<pid>/maps
      
         It looks like lvm-tools will actually read /proc/self/maps to figure
         out where all its mappings are, and effectively do a specialized
         "mlockall()" in user space.  By not showing the guard page as part of
         the mapping (by just adding PAGE_SIZE to the start for grows-up
         pages), lvm-tools ends up not being aware of it.
      
       - by also teaching the _real_ mlock() functionality not to try to lock
         the guard page.
      
         That would just expand the mapping down to create a new guard page,
         so there really is no point in trying to lock it in place.
      
      It would perhaps be nice to show the guard page specially in
      /proc/<pid>/maps (or at least mark grow-down segments some way), but
      let's not open ourselves up to more breakage by user space from programs
      that depends on the exact deails of the 'maps' file.
      
      Special thanks to Henrique de Moraes Holschuh for diving into lvm-tools
      source code to see what was going on with the whole new warning.
      
      Reported-and-tested-by: François Valenduc <francois.valenduc@tvcablenet.be
      Reported-by: NHenrique de Moraes Holschuh <hmh@hmh.eng.br>
      Cc: stable@kernel.org
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d7824370
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6 · 1b68c959
      Linus Torvalds 提交于
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
        ALSA: sound/usb/format: silence uninitialized variable warnings
        MAINTAINERS: Add Ian Lartey as comaintaner for Wolfson devices
        MAINTAINERS: Make Wolfson entry also cover CODEC drivers
        ASoC: Only tweak WM8994 chip configuration on devices up to rev D
        ASoC: Optimise DSP performance for WM8994
        ALSA: hda - Fix dynamic ADC change working again
        ALSA: hda - Restrict PCM parameters per ELD information over HDMI
        sound: oss: sh_dac_audio.c removed duplicated #include
      1b68c959
    • L
      Merge branch 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6 · 5a417946
      Linus Torvalds 提交于
      * 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6:
        intel_idle: recognize Lincroft Atom Processor
        intel_idle: no longer EXPERIMENTAL
        intel_idle: disable module support
        intel_idle: add support for Westmere-EX
        intel_idle: delete power_policy modparam, and choose substate functions
        intel_idle: delete substates DEBUG modparam
      5a417946
    • C
      arch/tile: export only COMMAND_LINE_SIZE to userspace. · 3b3c1b9d
      Chris Metcalf 提交于
      This fixes a failure in "make headers_check" for tile.
      I hadn't realized this file was exported to userspace by default.
      Signed-off-by: NChris Metcalf <cmetcalf@tilera.com>
      3b3c1b9d
  3. 15 8月, 2010 27 次提交