- 21 11月, 2005 4 次提交
-
-
由 Alexandra Kossovsky 提交于
From: Alexandra Kossovsky <Alexandra.Kossovsky@oktetlabs.ru> From http://bugzilla.kernel.org/show_bug.cgi?id=4746 There is user data corruption when using ioctl(SIOCGIFCONF) in 32-bit application running amd64 kernel. I do not think that this problem is exploitable, but any data corruption may lead to security problems. Following code demonstrates the problem #include <stdint.h> #include <stdio.h> #include <sys/time.h> #include <sys/socket.h> #include <net/if.h> #include <sys/ioctl.h> char buf[256]; main() { int s = socket(AF_INET, SOCK_DGRAM, 0); struct ifconf req; int i; req.ifc_buf = buf; req.ifc_len = 41; printf("Result %d\n", ioctl(s, SIOCGIFCONF, &req)); printf("Len %d\n", req.ifc_len); for (i = 41; i < 256; i++) if (buf[i] != 0) printf("Byte %d is corrupted\n", i); } Steps to reproduce: Compile the code above into 32-bit elf and run it. You'll get Result 0 Len 32 Byte 48 is corrupted Byte 52 is corrupted Byte 53 is corrupted Byte 54 is corrupted Byte 55 is corrupted Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Kris Katterjohn 提交于
This way we don't have to check it in sk_run_filter(). Signed-off-by: NKris Katterjohn <kjak@users.sourceforge.net> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Andrea Bittau 提交于
If two packets were queued to be sent at the same time in the future, their order would be reversed. This would occur because the queue is traversed back to front, and a position is found by checking whether the new packet needs to be sent before the packet being examined. If the new packet is to be sent at the same time of a previous packet, it would end up before the old packet in the queue. This patch places packets in the correct order when they are queued to be sent at a same time in the future. Signed-off-by: NAndrea Bittau <a.bittau@cs.ucl.ac.uk> Signed-off-by: NDavid S. Miller <davem@davemloft.net>
-
由 Linus Torvalds 提交于
-
- 20 11月, 2005 28 次提交
-
-
由 Dmitry Torokhov 提交于
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
kseriod and kgameportd used to process all pending events before checking for freeze condition. This may cause swsusp to time out while stopping tasks when resuming. Switch to process events one by one to check freeze status more often. Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
If thread that submitted FF request gets interrupted somehow it will release request structure and ioctl handler will work with freed memory. TO prevent that from happening switch to using wait_for_completion instead of wait_for_completion_interruptible. Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
Also introduce proper locking when creating/deleting device. Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Miloslav Trmac 提交于
Try to save battery power by disabling wifi and bluetooth on suspend. Signed-off-by: NMiloslav Trmac <mitr@volny.cz> Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
Register wistron-bios as a platform device, restore WIFI and Bluetooth state upon resume. Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Bernhard Rosenkraenzer 提交于
Also fix a potential issue with some notebooks: The current code assumes the response to bios_wifi_get_default_setting is either 1 (disabled) or 3 (enabled), or wifi isn't supported. The BIOS response appears to be a bit field w/ 0x1 indicating hardware presence, 0x2 indicating actiation status, and the other 6 bits being unknown/reserved -- with the patch, these 6 bits are ignored. Signed-off-by: NBernhard Rosenkraenzer <bero@arklinux.org> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Andrew Morton 提交于
On x86_64: {standard input}:233: Error: suffix or operands invalid for `push' {standard input}:233: Error: suffix or operands invalid for `pop' Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
A driver for laptop buttons using an x86 BIOS interface that is apparently used on quite a few laptops and seems to be originating from Wistron. This driver currently "knows" only about Fujitsu-Siemens Amilo Pro V2000 (i.e. it can detect the laptop using DMI and it contains the keycode->key meaning mapping for this laptop) and Xeron SonicPro X 155G (probably can't be reliably autodetected, requires a module parameter), adding other laptops should be easy. In addition to reporting button presses to the input layer the driver also allows enabling/disabling the embedded wireless NIC (using the "Wifi" button); this is done using the same BIOS interface, so it seems only logical to keep the implementation together. Any flexibility possibly gained by allowing users to remap the function of the "Wifi" button is IMHO not worth it when weighted against the necessity to run an user-space daemon to convert button presses to wifi state changes. Signed-off-by: NMiloslav Trmac <mitr@volny.cz> Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Dmitry Torokhov 提交于
Changing led state is pretty slow operation; when there are multiple requests coming at a high rate they may interfere with normal typing. Try optimize (skip) changing hardware state when multiple requests are coming back-to-back. Signed-off-by: NDmitry Torokhov <dtor@mail.ru>
-
由 Steve French 提交于
-
由 Steve French 提交于
so it does not return EACCESS (unless server really returns that). Signed-off-by: NSteve French <sfrench@us.ibm.com>
-
由 Linus Torvalds 提交于
-
由 Linus Torvalds 提交于
-
由 Linus Torvalds 提交于
-
由 Linus Torvalds 提交于
Manual fixups to ARM ixp4xxx by hand.
-
由 Linus Torvalds 提交于
-
Also remove bogus comments for idefloppy_init() and idetape_init(). Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
flagged_taskfile() is called from execute_drive_cmd() (the only user) only if args->tf_out_flags.all != 0. Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
Remove duplicate documentation for ide_do_drive_cmd() from <linux/ide.h>, this function is already documented in ide-io.c. Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
由 Aurelien Jarno 提交于
Signed-off-by: NAurelien Jarno <aurelien@aurel32.net> Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
由 Mathias Kretschmer 提交于
From: Mathias Kretschmer <posting@blx4.net> Signed-off-by: NDaniel Drake <dsd@gentoo.org> Acked-by: NAlan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: NAndrew Morton <akpm@osdl.org> Signed-off-by: NBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
-
- 19 11月, 2005 8 次提交
-
-
由 Russell King 提交于
Since the spinlock was removed from sa1100_start_tx(), the "flags" variable becomes redundant. Remove it. Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Russell King 提交于
The receiver status register reports latched error conditions, which must be cleared by writing to it. However, the data register reports unlatched conditions which are associated with the current character. Use the data register to interpret error status rather than the RSR. Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Paul Mackerras 提交于
We were using udelay in the loop on the primary cpu waiting for the secondary cpu to take the timebase value. Unfortunately now that udelay uses the timebase, and the timebase is stopped at this point, the udelay never terminated. This fixes it by not using udelay, and increases the number of loops before we time out to compensate. Signed-off-by: NPaul Mackerras <paulus@samba.org>
-
由 Daniel Jacobowitz 提交于
Patch from Daniel Jacobowitz After delivering a signal (creating its stack frame) we must check for additional pending unblocked signals before returning to userspace. Otherwise signals may be delayed past the next syscall or reschedule. Once that was fixed it became obvious that the ARM signal mask manipulation was broken. It was a little bit broken before the recent SA_NODEFER changes, and then very broken after them. We must block the requested signals before starting the handler or the same signal can be delivered again before the handler even gets a chance to run. Signed-off-by: NDaniel Jacobowitz <dan@codesourcery.com> Signed-off-by: NRussell King <rmk+kernel@arm.linux.org.uk>
-
由 Paul Mackerras 提交于
The result is mostly similar to the original ppc64 version but with some adaptations for 32-bit compilation. include/asm-ppc64 is now empty! Signed-off-by: NPaul Mackerras <paulus@samba.org>
-
由 Paul Mackerras 提交于
It's only used by arch/powerpc/kernel/ptrace{,32}.c. Signed-off-by: NPaul Mackerras <paulus@samba.org>
-
由 Paul Mackerras 提交于
This involves some minor changes: a few unused functions that the ppc32 pci.c provides are no longer declared here or exported; pcibios_assign_all_busses now just refers to the pci_assign_all_buses variable on both 32-bit and 64-bit; pcibios_scan_all_fns is now just 0 instead of a function that always returns 0 on 64-bit. Signed-off-by: NPaul Mackerras <paulus@samba.org>
-
由 Paul Mackerras 提交于
For these, I have just done the lame-o merge where the file ends up looking like: #ifndef CONFIG_PPC64 #include <asm-ppc/foo.h> #else ... contents from asm-ppc64/foo.h #endif so nothing has changed, really, except that we reduce include/asm-ppc64 a bit more. Signed-off-by: NPaul Mackerras <paulus@samba.org>
-