1. 22 4月, 2011 5 次提交
  2. 21 4月, 2011 13 次提交
    • J
      vfs: Pass setxattr(2) flags properly · df7e1303
      Jan Kara 提交于
      For some reason generic_setxattr() did not pass flags (XATTR_CREATE,
      XATTR_REPLACE) to the filesystem specific helper. This caused that
      setxattr(2) syscall just ignored these flags.
      
      Fix the bug by passing flags correctly.
      Signed-off-by: NJan Kara <jack@suse.cz>
      Acked-by: NChristoph Hellwig <hch@lst.de>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      df7e1303
    • A
      virtio: console: Enable call to hvc_remove() on console port remove · afa2689e
      Amit Shah 提交于
      This call was disabled as hot-unplugging one virtconsole port led to
      another virtconsole port freezing.
      
      Upon testing it again, this now works, so enable it.
      
      In addition, a bug was found in qemu wherein removing a port of one type
      caused the guest output from another port to stop working.  I doubt it
      was just this bug that caused it (since disabling the hvc_remove() call
      did allow other ports to continue working), but since it's all solved
      now, we're fine with hot-unplugging of virtconsole ports.
      Signed-off-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      afa2689e
    • A
      virtio_pci: Prevent double-free of pci regions after device hot-unplug · 31a3ddda
      Amit Shah 提交于
      In the case where a virtio-console port is in use (opened by a program)
      and a virtio-console device is removed, the port is kept around but all
      the virtio-related state is assumed to be gone.
      
      When the port is finally released (close() called), we call
      device_destroy() on the port's device.  This results in the parent
      device's structures to be freed as well.  This includes the PCI regions
      for the virtio-console PCI device.
      
      Once this is done, however, virtio_pci_release_dev() kicks in, as the
      last ref to the virtio device is now gone, and attempts to do
      
           pci_iounmap(pci_dev, vp_dev->ioaddr);
           pci_release_regions(pci_dev);
           pci_disable_device(pci_dev);
      
      which results in a double-free warning.
      
      Move the code that releases regions, etc., to the virtio_pci_remove()
      function, and all that's now left in release_dev is the final freeing of
      the vp_dev.
      Signed-off-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      31a3ddda
    • A
      virtio: Decrement avail idx on buffer detach · b3258ff1
      Amit Shah 提交于
      When detaching a buffer from a vq, the avail.idx value should be
      decremented as well.
      
      This was noticed by hot-unplugging a virtio console port and then
      plugging in a new one on the same number (re-using the vqs which were
      just 'disowned').  qemu reported
      
         'Guest moved used index from 0 to 256'
      
      when any IO was attempted on the new port.
      
      CC: stable@kernel.org
      Reported-by: Njuzhang <juzhang@redhat.com>
      Signed-off-by: NAmit Shah <amit.shah@redhat.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      b3258ff1
    • J
      intel_iommu: disable all VT-d PMRs when TXT launched · 51a63e67
      Joseph Cihula 提交于
      Intel VT-d Protected Memory Regions (PMRs) are supposed to be disabled,
      on each VT-d engine, after DMA remapping is enabled on the engines.
      This is because the behavior of having both enabled is not deterministic
      and because, if TXT has been used to launch the kernel, the PMRs may be
      programmed to cover memory regions that will be used for DMA.
      
      Under some circumstances (certain quirks detected, lack of multiple
      devices, etc.), the current code does not set up DMA remapping on some
      VT-d engines.  In such cases it also skips disabling the PMRs.  This
      causes failures when the kernel is launched with TXT (most often this
      occurs on the graphics engine and results in colored vertical bars on
      the display).
      
      This patch detects when the kernel has been launched with TXT and then
      disables the PMRs on all VT-d engines.  In some cases where the reason
      that remapping is not being enabled is due to possible ACPI DMAR table
      errors, the VT-d engine addresses may not be correct and thus not able
      to be safely programmed even to disable PMRs.  Because part of the TXT
      launch process is the verification of these addresses, it will always be
      safe to disable PMRs if the TXT launch has succeeded and hence only
      doing this in such cases.
      Signed-off-by: NJoseph Cihula <joseph.cihula@intel.com>
      Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      51a63e67
    • V
      agp: fix arbitrary kernel memory writes · 194b3da8
      Vasiliy Kulikov 提交于
      pg_start is copied from userspace on AGPIOC_BIND and AGPIOC_UNBIND ioctl
      cmds of agp_ioctl() and passed to agpioc_bind_wrap().  As said in the
      comment, (pg_start + mem->page_count) may wrap in case of AGPIOC_BIND,
      and it is not checked at all in case of AGPIOC_UNBIND.  As a result, user
      with sufficient privileges (usually "video" group) may generate either
      local DoS or privilege escalation.
      Signed-off-by: NVasiliy Kulikov <segoon@openwall.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      194b3da8
    • V
      agp: fix OOM and buffer overflow · b522f021
      Vasiliy Kulikov 提交于
      page_count is copied from userspace.  agp_allocate_memory() tries to
      check whether this number is too big, but doesn't take into account the
      wrap case.  Also agp_create_user_memory() doesn't check whether
      alloc_size is calculated from num_agp_pages variable without overflow.
      This may lead to allocation of too small buffer with following buffer
      overflow.
      
      Another problem in agp code is not addressed in the patch - kernel memory
      exhaustion (AGPIOC_RESERVE and AGPIOC_ALLOCATE ioctls).  It is not checked
      whether requested pid is a pid of the caller (no check in agpioc_reserve_wrap()).
      Each allocation is limited to 16KB, though, there is no per-process limit.
      This might lead to OOM situation, which is not even solved in case of the
      caller death by OOM killer - the memory is allocated for another (faked) process.
      Signed-off-by: NVasiliy Kulikov <segoon@openwall.com>
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      b522f021
    • L
      Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging · 584f7904
      Linus Torvalds 提交于
      * 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/staging:
        hwmon: (max34440) Add driver documentation
        hwmon: (max16064) Add driver documentation
        hwmon: (max8688) Add driver documentation
        hwmon: (pmbus) Documentation updates
        hwmon: (smm665) Fix spelling error in driver documentation
        hwmon: (pmbus) Removed unused variable from struct pmbus_data
        hwmon: Add submitting-patches checklist to documentation
      584f7904
    • L
      Merge branch 'for-2.6.39' of git://linux-nfs.org/~bfields/linux · 18995ba5
      Linus Torvalds 提交于
      * 'for-2.6.39' of git://linux-nfs.org/~bfields/linux:
        Open with O_CREAT flag set fails to open existing files on non writable directories
        nfsd4: Fix filp leak
        nfsd4: fix struct file leak on delegation
      18995ba5
    • L
      Merge branch 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm · f3e96492
      Linus Torvalds 提交于
      * 'fixes' of master.kernel.org:/home/rmk/linux-2.6-arm:
        ARM: 6881/1: cputype.h uses __attribute_const__ which requires including kernel.h
        ARM: Add new syscalls
      f3e96492
    • L
      Merge branch 'stable/bug-fixes-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen · 8653b3f1
      Linus Torvalds 提交于
      * 'stable/bug-fixes-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
        xen: mask_rw_pte: do not apply the early_ioremap checks on x86_32
        xen: do not create the extra e820 region at an addr lower than 4G
      8653b3f1
    • L
      Merge branch 'for-linus' of git://neil.brown.name/md · d0957105
      Linus Torvalds 提交于
      * 'for-linus' of git://neil.brown.name/md:
        md: Update documentation for sync_min and sync_max entries
        md: Cleanup after raid45->raid0 takeover
        md: Fix dev_sectors on takeover from raid0 to raid4/5
        md/raid5: remove setting of ->queue_lock
      d0957105
    • L
      Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block · 73aa8682
      Linus Torvalds 提交于
      * 'for-linus' of git://git.kernel.dk/linux-2.6-block:
        block: Remove the extra check in queue_requests_store
        block, blk-sysfs: Fix an err return path in blk_register_queue()
        block: remove stale kerneldoc member from __blk_run_queue()
        block: get rid of QUEUE_FLAG_REENTER
        cfq-iosched: read_lock() does not always imply rcu_read_lock()
        block: kill blk_flush_plug_list() export
      73aa8682
  3. 20 4月, 2011 22 次提交