1. 29 11月, 2010 1 次提交
  2. 24 11月, 2010 1 次提交
    • J
      Char: virtio_console, fix memory leak · 22e132ff
      Jiri Slaby 提交于
      Stanse found that in init_vqs, memory is leaked under certain
      circumstanses (the fail path order is incorrect). Fix that by checking
      allocations in one turn and free all of them at once if some fails
      (some may be NULL, but this is OK).
      Signed-off-by: NJiri Slaby <jslaby@suse.cz>
      Cc: Amit Shah <amit.shah@redhat.com>
      Cc: virtualization@lists.linux-foundation.org
      Cc: Greg Kroah-Hartman <gregkh@suse.de>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      22e132ff
  3. 18 11月, 2010 1 次提交
  4. 16 11月, 2010 1 次提交
    • J
      Fix gcc 4.5.1 miscompiling drivers/char/i8k.c (again) · 22d3243d
      Jim Bos 提交于
      The fix in commit 6b4e81db ("i8k: Tell gcc that *regs gets
      clobbered") to work around the gcc miscompiling i8k.c to add "+m
      (*regs)" caused register pressure problems and a build failure.
      
      Changing the 'asm' statement to 'asm volatile' instead should prevent
      that and works around the gcc bug as well, so we can remove the "+m".
      
      [ Background on the gcc bug: a memory clobber fails to mark the function
        the asm resides in as non-pure (aka "__attribute__((const))"), so if
        the function does nothing else that triggers the non-pure logic, gcc
        will think that that function has no side effects at all. As a result,
        callers will be mis-compiled.
      
        Adding the "+m" made gcc see that it's not a pure function, and so
        does "asm volatile". The problem was never really the need to mark
        "*regs" as changed, since the memory clobber did that part - the
        problem was just a bug in the gcc "pure" function analysis  - Linus ]
      Signed-off-by: NJim Bos <jim876@xs4all.nl>
      Acked-by: NJakub Jelinek <jakub@redhat.com>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: Andreas Schwab <schwab@linux-m68k.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      22d3243d
  5. 15 11月, 2010 1 次提交
  6. 14 11月, 2010 1 次提交
    • J
      i8k: Tell gcc that *regs gets clobbered · 6b4e81db
      Jim Bos 提交于
      More recent GCC caused the i8k driver to stop working, on Slackware
      compiler was upgraded from gcc-4.4.4 to gcc-4.5.1 after which it didn't
      work anymore, meaning the driver didn't load or gave total nonsensical
      output.
      
      As it turned out the asm(..) statement forgot to mention it modifies the
      *regs variable.
      
      Credits to Andi Kleen and Andreas Schwab for providing the fix.
      Signed-off-by: NJim Bos <jim876@xs4all.nl>
      Cc: Andi Kleen <andi@firstfloor.org>
      Cc: Andreas Schwab <schwab@linux-m68k.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6b4e81db
  7. 12 11月, 2010 1 次提交
  8. 10 11月, 2010 4 次提交
  9. 06 11月, 2010 1 次提交
  10. 05 11月, 2010 2 次提交
  11. 04 11月, 2010 2 次提交
  12. 30 10月, 2010 2 次提交
    • T
      audit: Call tty_audit_push_task() outside preempt disabled · 3c80fe4a
      Thomas Gleixner 提交于
      While auditing all tasklist_lock read_lock sites I stumbled over the
      following call chain:
      
      audit_prepare_user_tty()
        read_lock(&tasklist_lock);
        tty_audit_push_task();
           mutex_lock(&buf->mutex);
      
           --> buf->mutex is locked with preemption disabled.
      
      Solve this by acquiring a reference to the task struct under
      rcu_read_lock and call tty_audit_push_task outside of the preempt
      disabled region.
      
      Move all code which needs to be protected by sighand lock into
      tty_audit_push_task() and use lock/unlock_sighand as we do not hold
      tasklist_lock.
      Signed-off-by: NThomas Gleixner <tglx@linutronix.de>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Cc: Eric Paris <eparis@redhat.com>
      Cc: Oleg Nesterov <oleg@redhat.com>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      3c80fe4a
    • K
      parisc-agp: fix missing slab.h include · 6a915c2b
      Kyle McMartin 提交于
      Commit 338e4fab added a missing kfree if the alloc_pci_dev failed
      but forgot to include <linux/slab.h> for the definition of
      kfree.
      Signed-off-by: NKyle McMartin <kyle@redhat.com>
      6a915c2b
  13. 28 10月, 2010 17 次提交
  14. 27 10月, 2010 5 次提交
    • V
      drivers/char/hpet.c: fix information leak to userland · dae512ed
      Vasiliy Kulikov 提交于
      Structure info is copied to userland with some padding fields unitialized.
      It leads to leaking of stack memory.
      
      [akpm@linux-foundation.org: remove now-unneeded zeroing of info->hi_ireqfreq]
      Signed-off-by: NVasiliy Kulikov <segooon@gmail.com>
      Cc: Clemens Ladisch <clemens@ladisch.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      dae512ed
    • J
      hpet: fix style problems · 0ca01763
      Jaswinder Singh Rajput 提交于
      Fix the following style problems:
      
      WARNING: Use #include <linux/uaccess.h> instead of <asm/uaccess.h>
      WARNING: Use #include <linux/io.h> instead of <asm/io.h>
      ERROR: code indent should use tabs where possible
      ERROR: do not initialise statics to 0 or NULL
      Signed-off-by: NJaswinder Singh Rajput <jaswinderrajput@gmail.com>
      Cc: Clemens Ladisch <clemens@ladisch.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      0ca01763
    • C
      hpet: fix unwanted interrupt due to stale irq status bit · 96e9694d
      Clemens Ladisch 提交于
      Jaswinder Singh Rajput wrote:
      > By executing Documentation/timers/hpet_example.c
      >
      > for polling, I requested for 3 iterations but it seems iteration work
      > for only 2 as first expired time is always very small.
      >
      > # ./hpet_example poll /dev/hpet 10 3
      > -hpet: executing poll
      > hpet_poll: info.hi_flags 0x0
      > hpet_poll: expired time = 0x13
      > hpet_poll: revents = 0x1
      > hpet_poll: data 0x1
      > hpet_poll: expired time = 0x1868c
      > hpet_poll: revents = 0x1
      > hpet_poll: data 0x1
      > hpet_poll: expired time = 0x18645
      > hpet_poll: revents = 0x1
      > hpet_poll: data 0x1
      
      Clearing the HPET interrupt enable bit disables interrupt generation
      but does not disable the timer, so the interrupt status bit will still
      be set when the timer elapses.  If another interrupt arrives before
      the timer has been correctly programmed (due to some other device on
      the same interrupt line, or CONFIG_DEBUG_SHIRQ), this results in an
      extra unwanted interrupt event because the status bit is likely to be
      set from comparator matches that happened before the device was opened.
      
      Therefore, we have to ensure that the interrupt status bit is and
      stays cleared until we actually program the timer.
      Signed-off-by: NClemens Ladisch <clemens@ladisch.de>
      Reported-by: NJaswinder Singh Rajput <jaswinderlinux@gmail.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: john stultz <johnstul@us.ibm.com>
      Cc: Bob Picco <bpicco@redhat.com>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      96e9694d
    • J
      hpet: unmap unused I/O space · a56d5318
      Jiri Slaby 提交于
      When the initialization code in hpet finds a memory resource and does not
      find an IRQ, it does not unmap the memory resource previously mapped.
      
      There are buggy BIOSes which report resources exactly like this and what
      is worse the memory region bases point to normal RAM.  This normally would
      not matter since the space is not touched.  But when PAT is turned on,
      ioremap causes the page to be uncached and sets this bit in page->flags.
      
      Then when the page is about to be used by the allocator, it is reported
      as:
      
      BUG: Bad page state in process md5sum  pfn:3ed00
      page:ffffea0000dbd800 count:0 mapcount:0 mapping:(null) index:0x0
      page flags: 0x20000001000000(uncached)
      Pid: 7956, comm: md5sum Not tainted 2.6.34-12-desktop #1
      Call Trace:
       [<ffffffff810df851>] bad_page+0xb1/0x100
       [<ffffffff810dfa45>] prep_new_page+0x1a5/0x1c0
       [<ffffffff810dfe01>] get_page_from_freelist+0x3a1/0x640
       [<ffffffff810e01af>] __alloc_pages_nodemask+0x10f/0x6b0
      ...
      
      In this particular case:
      
      1) HPET returns 3ed00000 as memory region base, but it is not in
      reserved ranges reported by the BIOS (excerpt):
       BIOS-e820: 0000000000100000 - 00000000af6cf000 (usable)
       BIOS-e820: 00000000af6cf000 - 00000000afdcf000 (reserved)
      
      2) there is no IRQ resource reported by HPET method. On the other
      hand, the Intel HPET specs (1.0a) says (3.2.5.1):
      _CRS (
        // Report 1K of memory consumed by this Timer Block
        memory range consumed
        // Optional: only used if BIOS allocates Interrupts [1]
        IRQs consumed
      )
      
      [1] For case where Timer Block is configured to consume IRQ0/IRQ8 AND
      Legacy 8254/Legacy RTC hardware still exists, the device objects
      associated with 8254 & RTC devices should not report IRQ0/IRQ8 as
      "consumed resources".
      
      So in theory we should check whether if it is the case and use those
      interrupts instead.
      
      Anyway the address reported by the BIOS here is bogus, so non-presence
      of IRQ doesn't mean the "optional" part in point 2).
      
      Since I got no reply previously, fix this by simply unmapping the space
      when IRQ is not found and memory region was mapped previously.  It would
      be probably more safe to walk the resources again and unmap appropriately
      depending on type.  But as we now use only ioremap for both 2 memory
      resource types, it is not necessarily needed right now.
      
      Addresses https://bugzilla.novell.com/show_bug.cgi?id=629908Reported-by: NOlaf Hering <olaf@aepfle.de>
      Signed-off-by: NJiri Slaby <jslaby@suse.cz>
      Acked-by: NClemens Ladisch <clemens@ladisch.de>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      a56d5318
    • E
      ipmi: proper spinlock initialization · de5e2ddf
      Eric Dumazet 提交于
      Unloading ipmi module can trigger following error.  (if
      CONFIG_DEBUG_SPINLOCK=y)
      
      [ 9633.779590] BUG: spinlock bad magic on CPU#1, rmmod/7170
      [ 9633.779606]  lock: f41f5414, .magic: 00000000, .owner:
      <none>/-1, .owner_cpu: 0
      [ 9633.779626] Pid: 7170, comm: rmmod Not tainted
      2.6.36-rc7-11474-gb71eb1e-dirty #328
      [ 9633.779644] Call Trace:
      [ 9633.779657]  [<c13921cc>] ? printk+0x18/0x1c
      [ 9633.779672]  [<c11a1f33>] spin_bug+0xa3/0xf0
      [ 9633.779685]  [<c11a1ffd>] do_raw_spin_lock+0x7d/0x160
      [ 9633.779702]  [<c1131537>] ? release_sysfs_dirent+0x47/0xb0
      [ 9633.779718]  [<c1131b78>] ? sysfs_addrm_finish+0xa8/0xd0
      [ 9633.779734]  [<c1394bac>] _raw_spin_lock_irqsave+0xc/0x20
      [ 9633.779752]  [<f99d93da>] cleanup_one_si+0x6a/0x200 [ipmi_si]
      [ 9633.779768]  [<c11305b2>] ? sysfs_hash_and_remove+0x72/0x80
      [ 9633.779786]  [<f99dcf26>] ipmi_pnp_remove+0xd/0xf [ipmi_si]
      [ 9633.779802]  [<c11f622b>] pnp_device_remove+0x1b/0x40
      
      Fix this by initializing spinlocks in a smi_info_alloc() helper function,
      right after memory allocation and clearing.
      Signed-off-by: NEric Dumazet <eric.dumazet@gmail.com>
      Acked-by: NDavid Miller <davem@davemloft.net>
      Cc: Yinghai Lu <yinghai@kernel.org>
      Acked-by: NCorey Minyard <cminyard@mvista.com>
      Cc: <stable@kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      de5e2ddf