- 14 3月, 2013 17 次提交
-
-
由 David Howells 提交于
In the UAPI header files, __BIG_ENDIAN and __LITTLE_ENDIAN must be compared against __BYTE_ORDER in preprocessor conditionals where these are exposed to userspace (that is they're not inside __KERNEL__ conditionals). However, in the main kernel the norm is to check for "defined(__XXX_ENDIAN)" rather than comparing against __BYTE_ORDER and this has incorrectly leaked into the userspace headers. The definition of struct stat64 in M32R's asm/stat.h is wrong in this way. Note that userspace will likely interpret the field order incorrectly as the big-endian variant on little-endian machines - depending on header inclusion order. [!!!] NOTE [!!!] This patch may adversely change the userspace API. It might be better to fix the ordering of st_blocks and __pad4 in struct stat64. Signed-off-by: NDavid Howells <dhowells@redhat.com> Cc: Hirokazu Takata <takata@linux-m32r.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Howells 提交于
In the UAPI header files, __BIG_ENDIAN and __LITTLE_ENDIAN must be compared against __BYTE_ORDER in preprocessor conditionals where these are exposed to userspace (that is they're not inside __KERNEL__ conditionals). However, in the main kernel the norm is to check for "defined(__XXX_ENDIAN)" rather than comparing against __BYTE_ORDER and this has incorrectly leaked into the userspace headers. The definition of struct mdp_superblock_s in linux/raid/md_p.h is wrong in this way. Note that userspace will likely interpret the ordering of the fields incorrectly as the big-endian variant on a little-endian machines - depending on header inclusion order. [!!!] NOTE [!!!] This patch may adversely change the userspace API. It might be better to fix the ordering of events_hi, events_lo, cp_events_hi and cp_events_lo in struct mdp_superblock_s / typedef mdp_super_t. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NNeilBrown <neilb@suse.de> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Howells 提交于
In the UAPI header files, __BIG_ENDIAN and __LITTLE_ENDIAN must be compared against __BYTE_ORDER in preprocessor conditionals where these are exposed to userspace (that is they're not inside __KERNEL__ conditionals). However, in the main kernel the norm is to check for "defined(__XXX_ENDIAN)" rather than comparing against __BYTE_ORDER and this has incorrectly leaked into the userspace headers. The definition of ACCT_BYTEORDER in linux/acct.h is wrong in this way. Note that userspace will likely interpret this incorrectly as the big-endian variant on little-endian machines - depending on header inclusion order. [!!!] NOTE [!!!] This patch may adversely change the userspace API. It might be better to fix the value of ACCT_BYTEORDER. Signed-off-by: NDavid Howells <dhowells@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 David Howells 提交于
In the UAPI header files, __BIG_ENDIAN and __LITTLE_ENDIAN must be compared against __BYTE_ORDER in preprocessor conditionals where these are exposed to userspace (that is they're not inside __KERNEL__ conditionals). However, in the main kernel the norm is to check for "defined(__XXX_ENDIAN)" rather than comparing against __BYTE_ORDER and this has incorrectly leaked into the userspace headers. The definition of PADDED() in linux/aio_abi.h is wrong in this way. Note that userspace will likely interpret this and thus the order of fields in struct iocb incorrectly as the little-endian variant on big-endian machines - depending on header inclusion order. [!!!] NOTE [!!!] This patch may adversely change the userspace API. It might be better to fix the ordering of aio_key and aio_reserved1 in struct iocb. Signed-off-by: NDavid Howells <dhowells@redhat.com> Acked-by: NBenjamin LaHaise <bcrl@kvack.org> Acked-by: NJeff Moyer <jmoyer@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Paul Bolle 提交于
Commit 5dc49c75 ("decompressors: make the default XZ_DEC_* config match the selected architecture") added default y if POWERPC to lib/xz/Kconfig. But there is no Kconfig symbol POWERPC. The most general Kconfig symbol for the powerpc architecture is PPC. So let's use that. Signed-off-by: NPaul Bolle <pebolle@tiscali.nl> Cc: Florian Fainelli <florian@openwrt.org> Cc: Lasse Collin <lasse.collin@tukaani.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Andrew Morton 提交于
If find_vma() fails, sys_remap_file_pages() will dereference `vma', which contains NULL. Fix it by checking the pointer. (We could alternatively check for err==0, but this seems more direct) (The vm_flags change is to squish a bogus used-uninitialised warning without adding extra code). Reported-by: NTommi Rantala <tt.rantala@gmail.com> Cc: Michel Lespinasse <walken@google.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Tejun Heo 提交于
Now that all in-kernel users are converted to ues the new alloc interface, mark the old interface deprecated. We should be able to remove these in a few releases. Signed-off-by: NTejun Heo <tj@kernel.org> Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Tejun Heo 提交于
idr_get_new*() and friends are about to be deprecated. Convert to the new idr_alloc() interface. There are some peculiarities and possible bugs in the converted functions. This patch preserves those. * drv_insert_node_res_element() returns -ENOMEM on alloc failure, -EFAULT if id space is exhausted. -EFAULT is at best misleading. * drv_proc_insert_strm_res_element() is even weirder. It returns -EFAULT if kzalloc() fails, -ENOMEM if idr preloading fails and -EPERM if id space is exhausted. What's going on here? * drv_proc_insert_strm_res_element() doesn't free *pstrm_res after failure. Only compile tested. Signed-off-by: NTejun Heo <tj@kernel.org> Acked-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Víctor Manuel Jáquez Leal <vjaquez@igalia.com> Cc: Rene Sapiens <rene.sapiens@ti.com> Cc: Armando Uribe <x0095078@ti.com> Cc: Omar Ramirez Luna <omar.ramirez@ti.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Tejun Heo 提交于
idr_get_new*() and friends are about to be deprecated. Convert to the new idr_alloc() interface. Only compile tested. Signed-off-by: NTejun Heo <tj@kernel.org> Cc: Dan Magenheimer <dan.magenheimer@oracle.com> Acked-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Tejun Heo 提交于
Commit 6a920060 ("IB/mlx4: convert to idr_alloc()") forgot to remove idr_pre_get() call in mlx4_ib_cm_paravirt_init(). It's unnecessary and idr_pre_get() will soon be deprecated. Remove it. Signed-off-by: NTejun Heo <tj@kernel.org> Cc: Jack Morgenstein <jackm@dev.mellanox.co.il> Cc: Or Gerlitz <ogerlitz@mellanox.com> Cc: Roland Dreier <roland@purestorage.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Tejun Heo 提交于
idr_get_new*() and friends are about to be deprecated. Convert to the new idr_alloc() interface. Signed-off-by: NTejun Heo <tj@kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Tejun Heo 提交于
idr_get_new*() and friends are about to be deprecated. Convert to the new idr_alloc() interface. Only compile-tested. Signed-off-by: NTejun Heo <tj@kernel.org> Acked-by: NJ. Bruce Fields <bfields@redhat.com> Tested-by: NJ. Bruce Fields <bfields@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Tejun Heo 提交于
get_new_stid() is no longer used since commit 3abdb607 ("nfsd4: simplify idr allocation"). Remove it. Signed-off-by: NTejun Heo <tj@kernel.org> Acked-by: NJ. Bruce Fields <bfields@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Andrew Morton 提交于
__ARCH_HAS_SA_RESTORER is the preferred conditional for use in 3.9 and later kernels, per Kees. Cc: Emese Revfy <re.emese@gmail.com> Cc: Emese Revfy <re.emese@gmail.com> Cc: PaX Team <pageexec@freemail.hu> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Oleg Nesterov <oleg@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Serge Hallyn <serge.hallyn@canonical.com> Cc: Julien Tinnes <jln@google.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Kees Cook 提交于
When the new signal handlers are set up, the location of sa_restorer is not cleared, leaking a parent process's address space location to children. This allows for a potential bypass of the parent's ASLR by examining the sa_restorer value returned when calling sigaction(). Based on what should be considered "secret" about addresses, it only matters across the exec not the fork (since the VMAs haven't changed until the exec). But since exec sets SIG_DFL and keeps sa_restorer, this is where it should be fixed. Given the few uses of sa_restorer, a "set" function was not written since this would be the only use. Instead, we use __ARCH_HAS_SA_RESTORER, as already done in other places. Example of the leak before applying this patch: $ cat /proc/$$/maps ... 7fb9f3083000-7fb9f3238000 r-xp 00000000 fd:01 404469 .../libc-2.15.so ... $ ./leak ... 7f278bc74000-7f278be29000 r-xp 00000000 fd:01 404469 .../libc-2.15.so ... 1 0 (nil) 0x7fb9f30b94a0 2 4000000 (nil) 0x7f278bcaa4a0 3 4000000 (nil) 0x7f278bcaa4a0 4 0 (nil) 0x7fb9f30b94a0 ... [akpm@linux-foundation.org: use SA_RESTORER for backportability] Signed-off-by: NKees Cook <keescook@chromium.org> Reported-by: NEmese Revfy <re.emese@gmail.com> Cc: Emese Revfy <re.emese@gmail.com> Cc: PaX Team <pageexec@freemail.hu> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Oleg Nesterov <oleg@redhat.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Serge Hallyn <serge.hallyn@canonical.com> Cc: Julien Tinnes <jln@google.com> Cc: <stable@vger.kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Toshi Kani 提交于
remove_memory() calls walk_memory_range() with [start_pfn, end_pfn), where end_pfn is exclusive in this range. Therefore, end_pfn needs to be set to the next page of the end address. Signed-off-by: NToshi Kani <toshi.kani@hp.com> Cc: Wen Congyang <wency@cn.fujitsu.com> Cc: Tang Chen <tangchen@cn.fujitsu.com> Cc: Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Cc: Jiang Liu <jiang.liu@huawei.com> Cc: Jianguo Wu <wujianguo@huawei.com> Cc: Lai Jiangshan <laijs@cn.fujitsu.com> Cc: Wu Jianguo <wujianguo@huawei.com> Cc: Yasuaki Ishimatsu <isimatu.yasuaki@jp.fujitsu.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Andrew Morton 提交于
alpha allmodconfig: In file included from mm/memcontrol.c:28: include/linux/res_counter.h: In function 'res_counter_set_limit': include/linux/res_counter.h:203: error: 'EBUSY' undeclared (first use in this function) include/linux/res_counter.h:203: error: (Each undeclared identifier is reported only once include/linux/res_counter.h:203: error: for each function it appears in.) Cc: Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com> Cc: Glauber Costa <glommer@parallels.com> Cc: Tejun Heo <tj@kernel.org> Cc: Frederic Weisbecker <fweisbec@redhat.com> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 13 3月, 2013 13 次提交
-
-
由 Randy Dunlap 提交于
Fix kernel-doc warning in futex.c and convert 'Returns' to the new Return: kernel-doc notation format. Warning(kernel/futex.c:2286): Excess function parameter 'clockrt' description in 'futex_wait_requeue_pi' Fix one spello. Signed-off-by: NRandy Dunlap <rdunlap@infradead.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Randy Dunlap 提交于
Fix new kernel-doc warnings in kernel/signal.c: Warning(kernel/signal.c:2689): No description found for parameter 'uset' Warning(kernel/signal.c:2689): Excess function parameter 'set' description in 'sys_rt_sigpending' Signed-off-by: NRandy Dunlap <rdunlap@infradead.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Randy Dunlap 提交于
Fix new kernel-doc warnings in idr: Warning(include/linux/idr.h:113): No description found for parameter 'idr' Warning(include/linux/idr.h:113): Excess function parameter 'idp' description in 'idr_find' Warning(lib/idr.c:232): Excess function parameter 'id' description in 'sub_alloc' Warning(lib/idr.c:232): Excess function parameter 'id' description in 'sub_alloc' Signed-off-by: NRandy Dunlap <rdunlap@infradead.org> Acked-by: NTejun Heo <tj@kernel.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux由 Linus Torvalds 提交于
Pull virtio rng buffix from Rusty Russell: "Simple virtio-rng fix." * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rusty/linux: virtio: rng: disallow multiple device registrations, fixes crashes
-
由 Linus Torvalds 提交于
Merge tag 'stable/for-linus-3.9-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen Pull Xen fixes from Konrad Rzeszutek Wilk: - Compile warnings and errors (one on x86, two on ARM) - WARNING in xen-pciback - Use the acpi_processor_get_performance_info instead of the 'register' version * tag 'stable/for-linus-3.9-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen: xen/acpi: remove redundant acpi/acpi_drivers.h include xen: arm: mandate EABI and use generic atomic operations. acpi: Export the acpi_processor_get_performance_info xen/pciback: Don't disable a PCI device that is already disabled.
-
由 Stephen Rothwell 提交于
In commit 887cbce0 ("arch Kconfig: centralise ARCH_NO_VIRT_TO_BUS") I introduced the config sybmol HAVE_VIRT_TO_BUS and selected that where needed. I am not sure what I was thinking. Instead, just directly select VIRT_TO_BUS where it is needed. Signed-off-by: NStephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Mathieu Desnoyers 提交于
Looking at mm/process_vm_access.c:process_vm_rw() and comparing it to compat_process_vm_rw() shows that the compatibility code requires an explicit "access_ok()" check before calling compat_rw_copy_check_uvector(). The same difference seems to appear when we compare fs/read_write.c:do_readv_writev() to fs/compat.c:compat_do_readv_writev(). This subtle difference between the compat and non-compat requirements should probably be debated, as it seems to be error-prone. In fact, there are two others sites that use this function in the Linux kernel, and they both seem to get it wrong: Now shifting our attention to fs/aio.c, we see that aio_setup_iocb() also ends up calling compat_rw_copy_check_uvector() through aio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to be missing. Same situation for security/keys/compat.c:compat_keyctl_instantiate_key_iov(). I propose that we add the access_ok() check directly into compat_rw_copy_check_uvector(), so callers don't have to worry about it, and it therefore makes the compat call code similar to its non-compat counterpart. Place the access_ok() check in the same location where copy_from_user() can trigger a -EFAULT error in the non-compat code, so the ABI behaviors are alike on both compat and non-compat. While we are here, fix compat_do_readv_writev() so it checks for compat_rw_copy_check_uvector() negative return values. And also, fix a memory leak in compat_keyctl_instantiate_key_iov() error handling. Acked-by: NLinus Torvalds <torvalds@linux-foundation.org> Acked-by: NAl Viro <viro@ZenIV.linux.org.uk> Signed-off-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://people.freedesktop.org/~airlied/linux由 Linus Torvalds 提交于
Pull drm nouveau fixes from Dave Airlie: "This is just nouveau fixes from Ben, one fixes a nasty oops that some Fedora people have been seeing, so I'd like to get it out of the way." * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/nv50: use correct tiling methods for m2mf buffer moves drm/nouveau: idle channel before releasing notify object drm/nouveau: fix regression in vblanking drm/nv50: encoder creation failure doesn't mean full init failure
-
git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc由 Linus Torvalds 提交于
Pull ARM SoC fixes from Arnd Bergmann: "These bug fixes are for the largest part for mvebu/kirkwood, which saw a few regressions after the clock infrastructure was enabled, and for OMAP, which showed a few more preexisting bugs with the new multiplatform support. Other small fixes are for imx, mxs, tegra, spear and socfpga" * tag 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (37 commits) ARM: spear3xx: Use correct pl080 header file Arm: socfpga: pl330: Add #dma-cells for generic dma binding support ARM: multiplatform: Sort the max gpio numbers. ARM: imx: fix typo "DEBUG_IMX50_IMX53_UART" ARM: imx: pll1_sys should be an initial on clk arm: mach-orion5x: fix typo in compatible string of a .dts file arm: mvebu: fix address-cells in mpic DT node arm: plat-orion: fix address decoding when > 4GB is used arm: mvebu: Reduce reg-io-width with UARTs ARM: Dove: add RTC device node arm: mvebu: enable the USB ports on Armada 370 Reference Design board ARM: dove: drop "select COMMON_CLK_DOVE" rtc: rtc-mv: Add support for clk to avoid lockups gpio: mvebu: Add clk support to prevent lockup ARM: kirkwood: fix to retain gbe MAC addresses for DT kernels ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency ARM: mxs: cfa10049: Fix fb initialisation function ARM: SPEAr13xx: Fix typo "ARCH_HAVE_CPUFREQ" ARM: OMAP: RX-51: add missing USB phy binding clk: Tegra: Remove duplicate smp_twd clock ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu由 Linus Torvalds 提交于
Pull m68knommu fixes from Greg Ungerer: "It contains a few small fixes for the non-MMU m68k platforms. Fixes some compilation problems, some broken header definitions, removes an unused config option and adds a name for the old 68000 CPU support." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68k: drop "select EMAC_INC" m68knommu: fix misnamed GPIO pin definition for ColdFire 528x CPU m68knommu: fix MC68328.h defines m68knommu: fix build when CPU is not coldfire m68knommu: add CPU_NAME for 68000
-
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security由 Linus Torvalds 提交于
Pull key management race fix from James Morris. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: keys: fix race with concurrent install_user_keyrings()
-
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client由 Linus Torvalds 提交于
Pull Ceph fix from Sage Weil: "This fixes a bug in the new message decoding that just went in during the last window." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: libceph: fix decoding of pgids
-
git://linux-nfs.org/~bfields/linux由 Linus Torvalds 提交于
Pull nfsd bugfixes from Bruce Fields: "Some minor fallout from the user-namespace work broke most krb5 mounts to nfsd, and I screwed up a change to the AF_LOCAL rpc code." * 'for-3.9' of git://linux-nfs.org/~bfields/linux: sunrpc: don't attempt to cancel unitialized work nfsd: fix krb5 handling of anonymous principals
-
- 12 3月, 2013 10 次提交
-
-
由 Al Viro 提交于
If you open a pipe for neither read nor write, the pipe code will not add any usage counters to the pipe, causing the 'struct pipe_inode_info" to be potentially released early. That doesn't normally matter, since you cannot actually use the pipe, but the pipe release code - particularly fasync handling - still expects the actual pipe infrastructure to all be there. And rather than adding NULL pointer checks, let's just disallow this case, the same way we already do for the named pipe ("fifo") case. This is ancient going back to pre-2.4 days, and until trinity, nobody naver noticed. Reported-by: NDave Jones <davej@redhat.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Arnd Bergmann 提交于
The definitions have move around recently, causing build errors in spear3xx for all configurations: spear3xx.c:47:5: error: 'PL080_BSIZE_16' undeclared here (not in a function) spear3xx.c:47:23: error: 'PL080_CONTROL_SB_SIZE_SHIFT' undeclared here (not in a function) spear3xx.c:48:22: error: 'PL080_CONTROL_DB_SIZE_SHIFT' undeclared here (not in a function) Signed-off-by: NArnd Bergmann <arnd@arndb.de> Cc: Alessandro Rubini <rubini@gnudd.com> Cc: Viresh Kumar <viresh.kumar@linaro.org>
-
由 David Howells 提交于
This fixes CVE-2013-1792. There is a race in install_user_keyrings() that can cause a NULL pointer dereference when called concurrently for the same user if the uid and uid-session keyrings are not yet created. It might be possible for an unprivileged user to trigger this by calling keyctl() from userspace in parallel immediately after logging in. Assume that we have two threads both executing lookup_user_key(), both looking for KEY_SPEC_USER_SESSION_KEYRING. THREAD A THREAD B =============================== =============================== ==>call install_user_keyrings(); if (!cred->user->session_keyring) ==>call install_user_keyrings() ... user->uid_keyring = uid_keyring; if (user->uid_keyring) return 0; <== key = cred->user->session_keyring [== NULL] user->session_keyring = session_keyring; atomic_inc(&key->usage); [oops] At the point thread A dereferences cred->user->session_keyring, thread B hasn't updated user->session_keyring yet, but thread A assumes it is populated because install_user_keyrings() returned ok. The race window is really small but can be exploited if, for example, thread B is interrupted or preempted after initializing uid_keyring, but before doing setting session_keyring. This couldn't be reproduced on a stock kernel. However, after placing systemtap probe on 'user->session_keyring = session_keyring;' that introduced some delay, the kernel could be crashed reliably. Fix this by checking both pointers before deciding whether to return. Alternatively, the test could be done away with entirely as it is checked inside the mutex - but since the mutex is global, that may not be the best way. Signed-off-by: NDavid Howells <dhowells@redhat.com> Reported-by: NMateusz Guzik <mguzik@redhat.com> Cc: <stable@kernel.org> Signed-off-by: NAndrew Morton <akpm@linux-foundation.org> Signed-off-by: NJames Morris <james.l.morris@oracle.com>
-
由 Sage Weil 提交于
In 4f6a7e5e we effectively dropped support for the legacy encoding for the OSDMap and incremental. However, we didn't fix the decoding for the pgid. Signed-off-by: NSage Weil <sage@inktank.com> Reviewed-by: NYehuda Sadeh <yehuda@inktank.com>
-
由 Padmavathi Venna 提交于
This patch adds #dma-cells property to PL330 DMA controller nodes for supporting generic dma dt bindings on SOCFPGA platform. #dma-channels and #dma-requests are not required now but added in advance. Signed-off-by: NPadmavathi Venna <padma.v@samsung.com> Signed-off-by: NArnd Bergmann <arnd@arndb.de>
-
git://git.infradead.org/users/jcooper/linux由 Arnd Bergmann 提交于
mvebu fixes for v3.9 from Jason Cooper <jason@lakedaemon.net>: The first four patches: 89c58c19 rtc: rtc-mv: Add support for clk to avoid lockups de88747f gpio: mvebu: Add clk support to prevent lockup 7bf5b408 ARM: kirkwood: fix to retain gbe MAC addresses for DT kernels 93fff4ce ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency are Cc'd to stable since they were held over from the previous merge window. The rest are a small collection of fixes and a couple of devicetree conversion catchups. * tag 'mvebu_fixes_for_v3.9' of git://git.infradead.org/users/jcooper/linux: arm: mach-orion5x: fix typo in compatible string of a .dts file arm: mvebu: fix address-cells in mpic DT node arm: plat-orion: fix address decoding when > 4GB is used arm: mvebu: Reduce reg-io-width with UARTs ARM: Dove: add RTC device node arm: mvebu: enable the USB ports on Armada 370 Reference Design board ARM: dove: drop "select COMMON_CLK_DOVE" rtc: rtc-mv: Add support for clk to avoid lockups gpio: mvebu: Add clk support to prevent lockup ARM: kirkwood: fix to retain gbe MAC addresses for DT kernels ARM: kirkwood: of_serial: fix clock gating by removing clock-frequency Signed-off-by: NArnd Bergmann <arnd@arndb.de>
-
git://git.linaro.org/people/shawnguo/linux-2.6由 Arnd Bergmann 提交于
From Shawn Guo <shawn.guo@linaro.org>: The 2nd take of imx fixes for 3.9: - Fix pll1_sys clk initial status - Fix a typo in imx DEBUG_LL Kconfig * tag 'imx-fixes-3.9-2' of git://git.linaro.org/people/shawnguo/linux-2.6: ARM: imx: fix typo "DEBUG_IMX50_IMX53_UART" ARM: imx: pll1_sys should be an initial on clk Signed-off-by: NArnd Bergmann <arnd@arndb.de>
-
git://git.linaro.org/people/shawnguo/linux-2.6由 Arnd Bergmann 提交于
From Shawn Guo <shawn.guo@linaro.org>: The 2nd mxs fixes for 3.9: - Fix an error caused by incorrect conflict resolution when applying the patch * tag 'mxs-fixes-3.9-2' of git://git.linaro.org/people/shawnguo/linux-2.6: ARM: mxs: cfa10049: Fix fb initialisation function Signed-off-by: NArnd Bergmann <arnd@arndb.de>
-
由 Maxime Ripard 提交于
When building a multiplatform kernel, we could end up with a smaller number of GPIOs than the one required by the platform the kernel was running on. Sort the max GPIO number by descending order so that we always take the highest number required. Signed-off-by: NMaxime Ripard <maxime.ripard@free-electrons.com> Signed-off-by: NArnd Bergmann <arnd@arndb.de>
-
由 Liu Jinsong 提交于
It's redundant since linux/acpi.h has include it when CONFIG_ACPI enabled, and when CONFIG_ACPI disabled it will trigger compiling warning In file included from drivers/xen/xen-stub.c:28:0: include/acpi/acpi_drivers.h:103:31: warning: 'struct acpi_device' declared inside parameter list [enabled by default] include/acpi/acpi_drivers.h:103:31: warning: its scope is only this definition or declaration, which is probably not what you want [enabled by default] include/acpi/acpi_drivers.h:107:43: warning: 'struct acpi_pci_root' declared inside parameter list [enabled by default] Reported-by: NWu Fengguang <fengguang.wu@intel.com> Signed-off-by: NLiu Jinsong <jinsong.liu@intel.com> Signed-off-by: NKonrad Rzeszutek Wilk <konrad.wilk@oracle.com>
-