- 16 12月, 2010 1 次提交
-
-
由 Tavis Ormandy 提交于
The install_special_mapping routine (used, for example, to setup the vdso) skips the security check before insert_vm_struct, allowing a local attacker to bypass the mmap_min_addr security restriction by limiting the available pages for special mappings. bprm_mm_init() also skips the check, and although I don't think this can be used to bypass any restrictions, I don't see any reason not to have the security check. $ uname -m x86_64 $ cat /proc/sys/vm/mmap_min_addr 65536 $ cat install_special_mapping.s section .bss resb BSS_SIZE section .text global _start _start: mov eax, __NR_pause int 0x80 $ nasm -D__NR_pause=29 -DBSS_SIZE=0xfffed000 -f elf -o install_special_mapping.o install_special_mapping.s $ ld -m elf_i386 -Ttext=0x10000 -Tbss=0x11000 -o install_special_mapping install_special_mapping.o $ ./install_special_mapping & [1] 14303 $ cat /proc/14303/maps 0000f000-00010000 r-xp 00000000 00:00 0 [vdso] 00010000-00011000 r-xp 00001000 00:19 2453665 /home/taviso/install_special_mapping 00011000-ffffe000 rwxp 00000000 00:00 0 [stack] It's worth noting that Red Hat are shipping with mmap_min_addr set to 4096. Signed-off-by: NTavis Ormandy <taviso@google.com> Acked-by: NKees Cook <kees@ubuntu.com> Acked-by: NRobert Swiecki <swiecki@google.com> [ Changed to not drop the error code - akpm ] Reviewed-by: NJames Morris <jmorris@namei.org> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
- 15 12月, 2010 34 次提交
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: It is likely that WORKER_NOT_RUNNING is true MAINTAINERS: Add workqueue entry workqueue: check the allocation of system_unbound_wq
-
git://neil.brown.name/md由 Linus Torvalds 提交于
* 'for-linus' of git://neil.brown.name/md: md: protect against NULL reference when waiting to start a raid10. md: fix bug with re-adding of partially recovered device. md: fix possible deadlock in handling flush requests. md: move code in to submit_flushes. md: remove handling of flush_pending in md_submit_flush_data
-
由 Major Lee 提交于
There is a possibility that the last word of a transaction will be lost if data is not ready. Re-read in poll_transfer() to solve this issue when poll_mode is enabled. Verified on SPI touch screen device. Signed-off-by: NMajor Lee <major_lee@wistron.com> Signed-off-by: NAlan Cox <alan@linux.intel.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
由 Alan Cox 提交于
This gets caught by the new sanity check code. Instead of the slash use a different symbol. This was originally found by Major Lee who proposed a rather more complex patch which changed the name according to the chip type. On the basis that we are in a late -rc and making Linus grumpy isn't always a good idea (however fun) this is a simple alternative. Signed-off-by: NAlan Cox <alan@linux.intel.com> Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6由 Linus Torvalds 提交于
* 'sh-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6: sh: wire up accept4 syscall (non-multiplexed path) sh: Enable deprecated IRQ chip APIs for MFD and GPIOLIB drivers.
-
由 Linus Torvalds 提交于
Merge branch 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6 * 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6: OMAP2: PRCM: fix some SHIFT macros that were actually bitmasks OMAP2+: PM/serial: fix console semaphore acquire during suspend OMAP1: SRAM: fix size for OMAP1611 SoCs arm: omap2: io: fix clk_get() error check arm: plat-omap: counter_32k: use IS_ERR() instead of NULL check omap: nand: remove hardware ECC as default omap: zoom: wl1271 slot is MMC_CAP_POWER_OFF_CARD omap: PM debug: fix wake-on-timer debugfs dependency
-
由 Linus Torvalds 提交于
* master.kernel.org:/home/rmk/linux-2.6-arm: ARM: 6535/1: V6 MPCore v6_dma_inv_range and v6_dma_flush_range RWFO fix ARM: 6534/1: Make CONFIG_FPE_NWFPE depend on !CONFIG_THUMB2_KERNEL ARM: 6533/1: Thumb-2: Make CONFIG_THUMB2_KERNEL depend on !CPU_V6 Change bcmring Maintainer list. ARM: Update mach-types ARM: 6528/1: Use CTR for the I-cache line size on ARMv7 ARM: 6527/1: Use CTR instead of CCSIDR for the D-cache line size on ARMv7 ARM: pxa/palm: fix ifdef around gen_nand driver registration ARM: pxa: fix pxa2xx-flash section mismatch ARM: mmp2: remove not used clk_rtc
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6: sparc: Write to prom console using indirect buffer. sparc: Delete prom_*getchar(). sparc: Pass buffer pointer all the way down to prom_{get,put}char(). sparc: Do not export prom_nb{get,put}char(). sparc64: Delete prom_setcallback(). sparc64: Unexport prom_service_exists(). sparc: Kill prom devops_{32,64}.c sparc: Remove prom_pathtoinode() sparc64: Delete prom_puts() unused. SPARC/LEON: removed constant timer initialization as if HZ=100, now it reflects the value of HZ
-
git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (75 commits) pppoe.c: Fix kernel panic caused by __pppoe_xmit WAN: Fix a TX IRQ causing BUG() in PC300 and PCI200SYN drivers. bnx2x: Advance a version number to 1.60.01-0 bnx2x: Fixed a compilation warning bnx2x: LSO code was broken on BE platforms qlge: Fix deadlock when cancelling worker. net: fix skb_defer_rx_timestamp() cxgb4vf: Ingress Queue Entry Size needs to be 64 bytes phy: add the IC+ IP1001 driver atm: correct sysfs 'device' link creation and parent relationships MAINTAINERS: remove me from tulip SCTP: Fix SCTP_SET_PEER_PRIMARY_ADDR to accpet v4mapped address enic: Bug Fix: Pass napi reference to the isr that services receive queue ipv6: fix nl group when advertising a new link connector: add module alias net: Document the kernel_recvmsg() function r8169: Fix runtime power management hso: IP checksuming doesn't work on GE0301 option cards xfrm: Fix xfrm_state_migrate leak net: Convert netpoll blocking api in bonding driver to be a counter ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6: [SCSI] hpsa: fix redefinition of PCI_DEVICE_ID_CISSF [SCSI] qla2xxx: Update version number to 8.03.05-k0. [SCSI] qla2xxx: Properly set the return value in qla2xxx_eh_abort function. [SCSI] qla2xxx: Correct issue where NPIV-config data was not being allocated for 82xx parts. [SCSI] qla2xxx: Change MSI initialization from using incorrect request_irq parameter. [SCSI] qla2xxx: Populate Command Type 6 LUN field properly. [SCSI] zfcp: Issue FCP command without holding SCSI host_lock [SCSI] zfcp: Prevent usage w/o holding a reference [SCSI] zfcp: No ERP escalation on gpn_ft eval [SCSI] zfcp: Correct false abort data assignment. [SCSI] zfcp: Fix common FCP request reception [SCSI] Eliminate error handler overload of the SCSI serial number [SCSI] pmcraid: disable msix and expand device config entry [SCSI] bsg: correct fault if queue object removed while dev_t open [SCSI] osd: checking NULL instead of ERR_PTR()
-
git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/linux-2.6-kgdb由 Linus Torvalds 提交于
* 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jwessel/linux-2.6-kgdb: kgdboc,input: Fix regression with keyboard release key and early debugging
-
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6由 Linus Torvalds 提交于
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: ACPI / PM: Do not save/restore NVS on Sony Vaio VGN-NW130D ACPI/HEST: adjust section selection ACPI: eliminate unused variable warning for !ACPI_SLEEP ACPI/PNP: avoid section mismatch warning ACPI thermal: remove two unused functions ACPI: fix a section mismatch ACPI, APEI, use raw spinlock in ERST ACPI: video: fix build for CONFIG_ACPI=n ACPI: video: fix build for VIDEO_OUTPUT_CONTROL=n ACPI: fix allowing to add/remove multiple _OSI strings acpi: fix _OSI string setup regression ACPI: EC: Add another dmi match entry for MSI hardware ACPI battery: update status upon sysfs query ACPI ac: update AC status upon sysfs query ACPI / PM: Do not refcount power resources that can't be turned on ACPI / PM: Check device state before refcounting power resources
-
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6由 Linus Torvalds 提交于
* 'idle-release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-idle-2.6: intel_idle: recognize ARAT on WSM-EX
-
由 Valentine Barshak 提交于
Cache ownership must be acquired by reading/writing data from the cache line to make cache operation have the desired effect on the SMP MPCore CPU. However, the ownership is never acquired in the v6_dma_inv_range function when cleaning the first line and flushing the last one, in case the address is not aligned to D_CACHE_LINE_SIZE boundary. Fix this by reading/writing data if needed, before performing cache operations. While at it, fix v6_dma_flush_range to prevent RWFO outside the buffer. Cc: stable@kernel.org Signed-off-by: NValentine Barshak <vbarshak@mvista.com> Signed-off-by: NGeorge G. Davis <gdavis@mvista.com> Acked-by: NCatalin Marinas <catalin.marinas@arm.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Dave Martin 提交于
Because the nwfpe support is unlikely to be used on new platforms and requires CONFIG_OABI_COMPAT, which is not generally used with ARMv7+, we shouldn't expect to build nwfpe support into a Thumb-2 kernel. At present, nwfpe contains assembly code which isn't Thumb-2 compatible, and for now it doesn't appear useful to port this code. All ARMv7-A/R platforms necessarily have VFPv3 hardware floating- point natively, making emulation unnecessary. Signed-off-by: NDave Martin <dave.martin@linaro.org> Acked-by: NCatalin Marinas <catalin.marinas@arm.com> Acked-by: NNicolas Pitre <nicolas.pitre@linaro.org> Acked-by: NSantosh Shilimkar <santosh.shilimkar@ti.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Dave Martin 提交于
This makes sense, because Thumb-2 code can't execute on plain ARMv6 processors. This will avoid accidentally configuring a broken kernel where the config otherwise would allow multiple architecture versions to coexist in the same kernel. Not adding !CPU_V5 etc., because the chance of anyone trying to put v5 and v7 in the same kernel is low, and I'm not aware of any mach which can do this. These could be added later if it matters. Note that the rules may need to be refined if support for the ARM1156J(F)-S processor is later added to the kernel, since this processor supports the rare ARMv6T2 extensions, which add support for Thumb-2 and a few other ARMv7 features. Signed-off-by: NDave Martin <dave.martin@linaro.org> Acked-by: NCatalin Marinas <catalin.marinas@arm.com> Acked-by: NNicolas Pitre <nicolas.pitre@linaro.org> Acked-by: NSantosh Shilimkar <santosh.shilimkar@ti.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Jiandong Zheng 提交于
I am Jiandong Zheng working on BCMRING in Broadcom Canada Ltd. I am replacing Leo Chen (leochen@broadcom.com) as "ARM/BCMRING ARM ARCHITECTURE" and "ARM/BCMRING MTD NAND DRIVER" maintainer from Broadcom as he is no longer the maintainer of these components. Signed-off-by: NJiandong Zheng <jdzheng@broadcom.com> Acked-by: NScott Branden <sbranden@broadcom.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Linus Torvalds 提交于
Merge branch 'fbdev-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-2.6 * 'fbdev-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lethal/fbdev-2.6: fbdev: Fix fb_find_nearest_mode refresh comparison
-
git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging由 Linus Torvalds 提交于
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging: hwmon: (ltc4215) make sysfs file match the alarm cause
-
git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx由 Linus Torvalds 提交于
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx: dmaengine: at_hdmac: fix buffer transfer size specification fsldma: fix issue of slow dma dmaengine i.MX SDMA: initialize on module_init dma : EG20T PCH: Fix miss-setting DMA descriptor intel_mid_dma: fix section mismatch warnings dmaengine: imx-sdma: fix bug in buffer descriptor initialization drivers/dma/ppc4xx: Use printf extension %pR for struct resource drivers/dma/ioat: Use the ccflag-y instead of EXTRA_CFLAGS drivers/dma/: Use the ccflag-y instead of EXTRA_CFLAGS dma: intel_mid_dma: fix double free on mid_setup_dma error path dma: imx-dma: fix imxdma_probe error path
-
git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: IB/uverbs: Handle large number of entries in poll CQ
-
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6由 Linus Torvalds 提交于
* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: ohci: fix regression with Agere FW643 rev 06, disable MSI firewire: ohci: fix regression with VIA VT6315, disable MSI
-
git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lrg/voltage-2.6: regulator: tps6586x: correct register table regulator: tps6586x: Handle both enable reg/bits being the same regulator: tps6586x: Fix TPS6586X_DVM to store goreg/bit regulator: tps6586x: Add missing bit mask generation
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ALSA: HDA: Quirk for Dell Vostro 320 to make microphone work ALSA: hda - Reset sample sizes and max bitrates when reading ELD ALSA: hda - Always allow basic audio irrespective of ELD info ALSA: hda - Do not wrongly restrict min_channels based on ELD ASoC: Correct WM8962 interrupt mask register read ASoC: WM8580: Debug BCLK and sample size ASoC: Fix resource leak if soc_register_ac97_dai_link failed ASoC: Hold client_mutex while calling snd_soc_instantiate_cards() ASoC: Fix swap of left and right channels for WM8993/4 speaker boost gain ASoC: Fix off by one error in WM8994 EQ register bank size ALSA: hda: Use position_fix=1 for Acer Aspire 5538 to enable capture on internal mic ALSA: hda - Enable jack sense for Thinkpad Edge 13 ALSA: hda - Fix ThinkPad T410[s] docking station line-out ALSA: hda: Use model=lg quirk for LG P1 Express to enable playback and capture
-
git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp: amd64_edac: Fix interleaving check EDAC: Correct MiB_TO_PAGES() macro EDAC: Fix workqueue-related crashes
-
git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6由 Linus Torvalds 提交于
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: drm/radeon/kms: don't apply 7xx HDP flush workaround on AGP drm: use after free in drm_queue_vblank_event() drm/kms: remove spaces from connector names (v2)
-
git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging由 Linus Torvalds 提交于
* 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: hwmon: (adm1026) Allow 1 as a valid divider value hwmon: (adm1026) Fix setting fan_div hwmon: (it87) Fix manual fan speed control on IT8721F
-
git://linux-nfs.org/~bfields/linux由 Linus Torvalds 提交于
* 'for-2.6.37' of git://linux-nfs.org/~bfields/linux: nfsd: Fix possible BUG_ON firing in set_change_info sunrpc: prevent use-after-free on clearing XPT_BUSY
-
git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable: Btrfs: prevent RAID level downgrades when space is low Btrfs: account for missing devices in RAID allocation profiles Btrfs: EIO when we fail to read tree roots Btrfs: fix compiler warnings Btrfs: Make async snapshot ioctl more generic Btrfs: pwrite blocked when writing from the mmaped buffer of the same page Btrfs: Fix a crash when mounting a subvolume Btrfs: fix sync subvol/snapshot creation Btrfs: Fix page leak in compressed writeback path Btrfs: do not BUG if we fail to remove the orphan item for dead snapshots Btrfs: fixup return code for btrfs_del_orphan_item Btrfs: do not do fast caching if we are allocating blocks for tree_root Btrfs: deal with space cache errors better Btrfs: fix use after free in O_DIRECT
-
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: verify ioctl retries fuse: fix ioctl when server is 32bit
-
git://oss.sgi.com/xfs/xfs由 Linus Torvalds 提交于
* 'for-linus' of git://oss.sgi.com/xfs/xfs: xfs: log timestamp changes to the source inode in rename
-
git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client由 Linus Torvalds 提交于
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client: ceph: fix ioctl magic ceph: Behave better when handling file lock replies. ceph: pass lock information by struct file_lock instead of as individual params. ceph: Handle file locks in replies from the MDS. ceph: avoid possible null deref in readdir after dir llseek
-
git://git.linux-nfs.org/projects/trondmy/nfs-2.6由 Linus Torvalds 提交于
* 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6: NFS: Fix panic after nfs_umount() nfs: remove extraneous and problematic calls to nfs_clear_request nfs: kernel should return EPROTONOSUPPORT when not support NFSv4 NFS: Fix fcntl F_GETLK not reporting some conflicts nfs: Discard ACL cache on mode update NFS: Readdir cleanups NFS: nfs_readdir_search_for_cookie() don't mark as eof if cookie not found NFS: Fix a memory leak in nfs_readdir Call the filesystem back whenever a page is removed from the page cache NFS: Ensure we use the correct cookie in nfs_readdir_xdr_filler
-
git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6由 Linus Torvalds 提交于
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6: cifs: remove bogus remapping of error in cifs_filldir() cifs: allow calling cifs_build_path_to_root on incomplete cifs_sb cifs: fix check of error return from is_path_accessable cifs: remove Local_System_Name cifs: fix use of CONFIG_CIFS_ACL cifs: add attribute cache timeout (actimeo) tunable
-
- 14 12月, 2010 5 次提交
-
-
由 Steven Rostedt 提交于
Running the annotate branch profiler on three boxes, including my main box that runs firefox, evolution, xchat, and is part of the distcc farm, showed this with the likelys in the workqueue code: correct incorrect % Function File Line ------- --------- - -------- ---- ---- 96 996253 99 wq_worker_sleeping workqueue.c 703 96 996247 99 wq_worker_waking_up workqueue.c 677 The likely()s in this case were assuming that WORKER_NOT_RUNNING will most likely be false. But this is not the case. The reason is (and shown by adding trace_printks and testing it) that most of the time WORKER_PREP is set. In worker_thread() we have: worker_clr_flags(worker, WORKER_PREP); [ do work stuff ] worker_set_flags(worker, WORKER_PREP, false); (that 'false' means not to wake up an idle worker) The wq_worker_sleeping() is called from schedule when a worker thread is putting itself to sleep. Which happens most of the time outside of that [ do work stuff ]. The wq_worker_waking_up is called by the wakeup worker code, which is also callod outside that [ do work stuff ]. Thus, the likely and unlikely used by those two functions are actually backwards. Remove the annotation and let gcc figure it out. Acked-by: NTejun Heo <tj@kernel.org> Signed-off-by: NSteven Rostedt <rostedt@goodmis.org> Signed-off-by: NTejun Heo <tj@kernel.org>
-
由 Tejun Heo 提交于
Signed-off-by: NTejun Heo <tj@kernel.org>
-
由 Andrew Kephart 提交于
Refresh rate nearness is not calculated or reset when nearest resolution changes. This patch resets the refresh rate differential measurement whenever a new nearest resolution is discovered. This fixes two error cases; first, wherein the first mode's refresh rate differential is never calculated and second, when the closest refresh rate from a previous nearest resolution is erroneously preserved. Signed-off-by: NAndrew Kephart <andrew.kephart@alereon.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Carmelo AMOROSO 提交于
Signed-off-by: NCarmelo Amoroso <carmelo.amoroso@st.com> Signed-off-by: NPaul Mundt <lethal@linux-sh.org>
-
由 Nicolas Ferre 提交于
Buffer transfer size is the number of transfers to be performed in relation with the width of the _source_ interface. So in the DMA_FROM_DEVICE case, it should be the register width that should be taken into account. Signed-off-by: NNicolas Ferre <nicolas.ferre@atmel.com> Signed-off-by: NDan Williams <dan.j.williams@intel.com>
-