- 23 3月, 2009 3 次提交
-
-
由 Tyler Hicks 提交于
If ecryptfs_encrypted_view or ecryptfs_xattr_metadata were being specified as mount options, a NULL pointer dereference of crypt_stat was possible during lookup. This patch moves the crypt_stat assignment into ecryptfs_lookup_and_interpose_lower(), ensuring that crypt_stat will not be NULL before we attempt to dereference it. Thanks to Dan Carpenter and his static analysis tool, smatch, for finding this bug. Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com> Acked-by: NDustin Kirkland <kirkland@canonical.com> Cc: Dan Carpenter <error27@gmail.com> Cc: Serge Hallyn <serue@us.ibm.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Tyler Hicks 提交于
When allocating the memory used to store the eCryptfs header contents, a single, zeroed page was being allocated with get_zeroed_page(). However, the size of an eCryptfs header is either PAGE_CACHE_SIZE or ECRYPTFS_MINIMUM_HEADER_EXTENT_SIZE (8192), whichever is larger, and is stored in the file's private_data->crypt_stat->num_header_bytes_at_front field. ecryptfs_write_metadata_to_contents() was using num_header_bytes_at_front to decide how many bytes should be written to the lower filesystem for the file header. Unfortunately, at least 8K was being written from the page, despite the chance of the single, zeroed page being smaller than 8K. This resulted in random areas of kernel memory being written between the 0x1000 and 0x1FFF bytes offsets in the eCryptfs file headers if PAGE_SIZE was 4K. This patch allocates a variable number of pages, calculated with num_header_bytes_at_front, and passes the number of allocated pages along to ecryptfs_write_metadata_to_contents(). Thanks to Florian Streibelt for reporting the data leak and working with me to find the problem. 2.6.28 is the only kernel release with this vulnerability. Corresponds to CVE-2009-0787 Signed-off-by: NTyler Hicks <tyhicks@linux.vnet.ibm.com> Acked-by: NDustin Kirkland <kirkland@canonical.com> Reviewed-by: NEric Sandeen <sandeen@redhat.com> Reviewed-by: NEugene Teo <eugeneteo@kernel.sg> Cc: Greg KH <greg@kroah.com> Cc: dann frazier <dannf@dannf.org> Cc: Serge E. Hallyn <serue@us.ibm.com> Cc: Florian Streibelt <florian@f-streibelt.de> Cc: stable@kernel.org Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Benjamin Herrenschmidt 提交于
This fixes a regression introduced when we switched to using the core pci_set_power_state(). The chip seems to need the state to be written over and over again until it sticks, so we do that. Note that the code is a bit blunt, without timeout, etc... but that's pretty much because I put back in there the code exactly as it used to be before the regression. I still add a call to pci_set_power_state() at the end so that ACPI gets called appropriately on x86. Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org> Tested-by: NRaymond Wooninck <tittiatcoke@gmail.com> Acked-by: NRafael J. Wysocki <rjw@sisk.pl> Cc: Jesse Barnes <jbarnes@virtuousgeek.org> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 20 3月, 2009 8 次提交
-
-
由 Jeff Moyer 提交于
The libaio test harness turned up a problem whereby lookup_ioctx on a bogus io context was returning the 1 valid io context from the list (harness/cases/3.p). Because of that, an extra put_iocontext was done, and when the process exited, it hit a BUG_ON in the put_iocontext macro called from exit_aio (since we expect a users count of 1 and instead get 0). The problem was introduced by "aio: make the lookup_ioctx() lockless" (commit abf137dd). Thanks to Zach for pointing out that hlist_for_each_entry_rcu will not return with a NULL tpos at the end of the loop, even if the entry was not found. Signed-off-by: NJeff Moyer <jmoyer@redhat.com> Acked-by: NZach Brown <zach.brown@oracle.com> Acked-by: NJens Axboe <jens.axboe@oracle.com> Cc: Benjamin LaHaise <bcrl@kvack.org> Cc: <stable@kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Davide Libenzi 提交于
Remove a source of fput() call from inside IRQ context. Myself, like Eric, wasn't able to reproduce an fput() call from IRQ context, but Jeff said he was able to, with the attached test program. Independently from this, the bug is conceptually there, so we might be better off fixing it. This patch adds an optimization similar to the one we already do on ->ki_filp, on ->ki_eventfd. Playing with ->f_count directly is not pretty in general, but the alternative here would be to add a brand new delayed fput() infrastructure, that I'm not sure is worth it. Signed-off-by: NDavide Libenzi <davidel@xmailserver.org> Cc: Benjamin LaHaise <bcrl@kvack.org> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: NJeff Moyer <jmoyer@redhat.com> Cc: Zach Brown <zach.brown@oracle.com> Cc: <stable@kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Linus Torvalds 提交于
Sam Ravnborg says: "We have several architectures that plays strange games with $(CC) and $(CROSS_COMPILE). So we need to postpone any use of $(call cc-option..) until we have included the arch specific Makefile so we try with the correct $(CC) version." Requested-by: NSam Ravnborg <sam@ravnborg.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git390.marist.edu/pub/scm/linux-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git390.marist.edu/pub/scm/linux-2.6: [S390] make page table upgrade work again [S390] make page table walking more robust [S390] Dont check for pfn_valid() in uaccess_pt.c [S390] ftrace/mcount: fix kernel stack backchain [S390] topology: define SD_MC_INIT to fix performance regression [S390] __div64_31 broken for CONFIG_MARCH_G5
-
git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: fix waitqueue usage in hiddev HID: fix incorrect free in hiddev
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable: Btrfs: Clear space_info full when adding new devices Btrfs: Fix locking around adding new space_info
-
由 Linus Torvalds 提交于
Nick Piggin noticed this (very unlikely) race between setting a page dirty and creating the buffers for it - we need to hold the mapping private_lock until we've set the page dirty bit in order to make sure that create_empty_buffers() might not build up a set of buffers without the dirty bits set when the page is dirty. I doubt anybody has ever hit this race (and it didn't solve the issue Nick was looking at), but as Nick says: "Still, it does appear to solve a real race, which we should close." Acked-by: NNick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Linus Torvalds 提交于
This makes sure that gcc doesn't try to optimize away wrapping arithmetic, which the kernel occasionally uses for overflow testing, ie things like if (ptr + offset < ptr) which technically is undefined for non-unsigned types. See http://bugzilla.kernel.org/show_bug.cgi?id=12597 for details. Not all versions of gcc support it, so we need to make it conditional (it looks like it was introduced in gcc-3.4). Reminded-by: NAlan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 19 3月, 2009 6 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6: Staging: benet: remove driver now that it is merged in drivers/net/
-
git://linux-nfs.org/~bfields/linux由 Linus Torvalds 提交于
* 'for-2.6.29' of git://linux-nfs.org/~bfields/linux: nfsd: nfsd should drop CAP_MKNOD for non-root NFSD: provide encode routine for OP_OPENATTR
-
由 Greg Kroah-Hartman 提交于
The benet driver is now in the proper place in drivers/net/benet, so we can remove the staging version. Acked-by: NSathya Perla <sathyap@serverengines.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc由 Linus Torvalds 提交于
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: powerpc/ps3: ps3_defconfig updates powerpc/mm: Respect _PAGE_COHERENT on classic ppc32 SW powerpc/5200: Enable CPU_FTR_NEED_COHERENT for MPC52xx ps3/block: Replace mtd/ps3vram by block/ps3vram
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux-2.6-for-linus: module: fix refptr allocation and release order
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: USB: storage: Unusual USB device Prolific 2507 variation added USB: Add device id for Option GTM380 to option driver USB: Add Vendor/Product ID for new CDMA U727 to option driver USB: Updated unusual-devs entry for USB mass storage on Nokia 6233 USB: Option: let cdc-acm handle Sony Ericsson F3507g / Dell 5530 USB: EHCI: expedite unlinks when the root hub is suspended USB: EHCI: Fix isochronous URB leak USB: option.c: add ZTE 622 modem device USB: wusbcore/wa-xfer, fix lock imbalance USB: misc/vstusb, fix lock imbalance USB: misc/adutux, fix lock imbalance USB: image/mdc800, fix lock imbalance USB: atm/cxacru, fix lock imbalance USB: unusual_devs: Add support for GI 0431 SD-Card interface USB: serial: new cp2101 device id USB: serial: ftdi: enable UART detection on gnICE JTAG adaptors blacklist interface0 USB: serial: add FTDI USB/Serial converter devices USB: usbfs: keep async URBs until the device file is closed USB: usbtmc: add protocol 1 support USB: usbtmc: fix stupid bug in open()
-
- 18 3月, 2009 23 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ALSA: Fix vunmap and free order in snd_free_sgbuf_pages() ALSA: mixart, fix lock imbalance ALSA: pcm_oss, fix locking typo ALSA: oss-mixer - Fixes recording gain control ALSA: hda - Workaround for buggy DMA position on ATI controllers ALSA: hda - Fix DMA mask for ATI controllers ALSA: opl3sa2 - Fix NULL dereference when suspending snd_opl3sa2
-
由 Martin Schwidefsky 提交于
After TASK_SIZE now gives the current size of the address space the upgrade of a 64 bit process from 3 to 4 levels of page table needs to use the arch_mmap_check hook to catch large mmap lengths. The get_unmapped_area* functions need to check for -ENOMEM from the arch_get_unmapped_area*, upgrade the page table and retry. Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
-
由 Martin Schwidefsky 提交于
Make page table walking on s390 more robust. The current code requires that the pgd/pud/pmd/pte loop is only done for address ranges that are below the end address of the last vma of the address space. But this is not always true, e.g. the generic page table walker does not guarantee this. Change TASK_SIZE/TASK_SIZE_OF to reflect the current size of the address space. This makes the generic page table walker happy but it breaks the upgrade of a 3 level page table to a 4 level page table. To make the upgrade work again another fix is required. Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
-
由 Gerald Schaefer 提交于
pfn_valid() actually checks for a valid struct page and not for a valid pfn. Using xip mappings w/o struct pages, this will result in -EFAULT returned by the (page table walk) user copy functions, even though there is valid memory. Those user copy functions don't need a struct page, so this patch just removes the pfn_valid() check. Signed-off-by: NGerald Schaefer <gerald.schaefer@de.ibm.com> Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
-
由 Heiko Carstens 提交于
With packed stack the backchain is at a different location. Just use __SF_BACKCHAIN as an offset to store the backchain. Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
-
由 Heiko Carstens 提交于
The default values for SD_MC_INIT cause an additional cpu usage of up to 40% on some network benchmarks compared to the plain SD_CPU_INIT values. So just define SD_MC_INIT to SD_CPU_INIT. More tuning needs to be done. Signed-off-by: NHeiko Carstens <heiko.carstens@de.ibm.com> Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
-
由 Martin Schwidefsky 提交于
The implementation of __div64_31 for G5 machines is broken. The comments in __div64_31 are correct, only the code does not do what the comments say. The part "If the remainder has overflown subtract base and increase the quotient" is only partially realized, the base is subtracted correctly but the quotient is only increased if the dividend had the last bit set. Using the correct instruction fixes the problem. Cc: stable@kernel.org Reported-by: NFrans Pop <elendil@planet.nl> Tested-by: NFrans Pop <elendil@planet.nl> Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
-
由 Takashi Iwai 提交于
-
由 Takashi Iwai 提交于
-
由 Takashi Iwai 提交于
In snd_free_sgbuf_pags(), vunmap() is called after releasing the SG pages, and it causes errors on Xen as Xen manages the pages differently. Although no significant errors have been reported on the actual hardware, this order should be fixed other way round, first vunmap() then free pages. Cc: Jan Beulich <jbeulich@novell.com> Cc: <stable@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Jiri Slaby 提交于
There is an omitted unlock in one snd_mixart_hw_params fail path. Fix it. Signed-off-by: NJiri Slaby <jirislaby@gmail.com> Cc: <stable@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Jiri Slaby 提交于
s/mutex_lock/mutex_unlock/ on 2 fail paths in snd_pcm_oss_proc_write. Probably a typo, lock should be unlocked when leaving the function. Signed-off-by: NJiri Slaby <jirislaby@gmail.com> Cc: <stable@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Viral Mehta 提交于
At the time of initialization, SNDRV_MIXER_OSS_PRESENT_PVOLUME bit is not set for MIC (slot 7). So, the same should not be checked when an application tries to do gain control for audio recording devices. Just check slot->present for SNDRV_MIXER_OSS_PRESENT_CVOLUME independently. Verified with a simple application which opens /dev/dsp for recording and /dev/mixer for volume control. Have tested two usb audio mic devices. Signed-off-by: NViral Mehta <viral.mehta@einfochips.com> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
The position-buffer on ATI controllers are unreliable as well as on VIA chips, thus the same workaround for DMA position reading as VIA is useful for ATI. Cc: <stable@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
由 Takashi Iwai 提交于
ATI controllers (at least some SB0600 models) appear buggy to handle 64bit DMA. As a workaround, reset GCAP bit0 and let the driver to use only 32bit DMA on these controllers. Cc: <stable@kernel.org> Signed-off-by: NTakashi Iwai <tiwai@suse.de>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4由 Linus Torvalds 提交于
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix bb_prealloc_list corruption due to wrong group locking ext4: fix bogus BUG_ONs in in mballoc code ext4: Print the find_group_flex() warning only once ext4: fix header check in ext4_ext_search_right() for deep extent trees.
-
由 Geoff Levand 提交于
Update ps3_defconfig. Sets these options: CONFIG_PS3_VRAM=m CONFIG_BLK_DEV_DM=m CONFIG_USB_HIDDEV=y CONFIG_EXT4_FS=y Signed-off-by: NGeoff Levand <geoffrey.levand@am.sony.com> Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
-
由 Benjamin Herrenschmidt 提交于
-
由 Masami Hiramatsu 提交于
Impact: fix ref-after-free crash on failed module load Fix refptr bug: Change refptr allocation and release order not to access a module data structure pointed by 'mod' after freeing mod->module_core. This bug will cause kernel panic(e.g. failed to find undefined symbols). This bug was reported on systemtap bugzilla. http://sources.redhat.com/bugzilla/show_bug.cgi?id=9927Signed-off-by: NMasami Hiramatsu <mhiramat@redhat.com> Cc: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
-
由 Thomas Bartosik 提交于
The "c-enter" USB to Toshiba 1.8" IDE enclosure needs special treatment to work flawlessly. This patch is absolutely trivial, as the integrated USB-IDE bridge is already identified to be an "unusual" device, only the bcdDevice is different (lower) to the bcdDeviceMin already included in the kernel. It is a Prolific 2507 bridge. T: Bus=02 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#= 4 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=067b ProdID=2507 Rev= 0.01 S: Manufacturer=Prolific Technology Inc. S: Product=ATAPI-6 Bridge Controller S: SerialNumber=00000272 C:* #Ifs= 1 Cfg#= 1 Atr=c0 MxPwr=100mA I:* If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Signed-off-by: NThomas Bartosik <tbartdev@gmx-topmail.de> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Achilleas Kotsis 提交于
Option GTM380 in Modem mode uses Product ID 0x7201. This has been tested and works on production systems for over 6 months. Signed-off-by: NAchilleas Kotsis <akots@exponent.gr> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Dirk Hohndel 提交于
* newer versions of the Novatel Wireless U727 CDMA 3G USB stick have a different Product ID (0x5010); adding this ID makes them work just fine with the option driver Signed-off-by: NDirk Hohndel <hohndel@infradead.org> Cc: stable <stable@kernel.org> Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
-
由 Moritz Muehlenhoff 提交于
Current firmware revision 5.60 still behaves the same, so update the quirk up a (non-existing) 99.99 revision. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493415Signed-off-by: NMoritz Muehlenhoff <jmm@debian.org> Tested-by: NJan Heitkoetter <devnull@heitkoetter.net> Cc: stable <stable@kernel.org> Signed-off-by: NPhil Dibowitz <phil@ipom.com>
-