1. 05 9月, 2010 1 次提交
  2. 03 9月, 2010 1 次提交
  3. 01 9月, 2010 1 次提交
    • P
      pid: make setpgid() system call use RCU read-side critical section · 950eaaca
      Paul E. McKenney 提交于
      [   23.584719]
      [   23.584720] ===================================================
      [   23.585059] [ INFO: suspicious rcu_dereference_check() usage. ]
      [   23.585176] ---------------------------------------------------
      [   23.585176] kernel/pid.c:419 invoked rcu_dereference_check() without protection!
      [   23.585176]
      [   23.585176] other info that might help us debug this:
      [   23.585176]
      [   23.585176]
      [   23.585176] rcu_scheduler_active = 1, debug_locks = 1
      [   23.585176] 1 lock held by rc.sysinit/728:
      [   23.585176]  #0:  (tasklist_lock){.+.+..}, at: [<ffffffff8104771f>] sys_setpgid+0x5f/0x193
      [   23.585176]
      [   23.585176] stack backtrace:
      [   23.585176] Pid: 728, comm: rc.sysinit Not tainted 2.6.36-rc2 #2
      [   23.585176] Call Trace:
      [   23.585176]  [<ffffffff8105b436>] lockdep_rcu_dereference+0x99/0xa2
      [   23.585176]  [<ffffffff8104c324>] find_task_by_pid_ns+0x50/0x6a
      [   23.585176]  [<ffffffff8104c35b>] find_task_by_vpid+0x1d/0x1f
      [   23.585176]  [<ffffffff81047727>] sys_setpgid+0x67/0x193
      [   23.585176]  [<ffffffff810029eb>] system_call_fastpath+0x16/0x1b
      [   24.959669] type=1400 audit(1282938522.956:4): avc:  denied  { module_request } for  pid=766 comm="hwclock" kmod="char-major-10-135" scontext=system_u:system_r:hwclock_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclas
      
      It turns out that the setpgid() system call fails to enter an RCU
      read-side critical section before doing a PID-to-task_struct translation.
      This commit therefore does rcu_read_lock() before the translation, and
      also does rcu_read_unlock() after the last use of the returned pointer.
      Reported-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NPaul E. McKenney <paulmck@linux.vnet.ibm.com>
      Acked-by: NDavid Howells <dhowells@redhat.com>
      950eaaca
  4. 26 8月, 2010 2 次提交
  5. 25 8月, 2010 20 次提交
  6. 24 8月, 2010 15 次提交
    • M
      [S390] fix tlb flushing vs. concurrent /proc accesses · 050eef36
      Martin Schwidefsky 提交于
      The tlb flushing code uses the mm_users field of the mm_struct to
      decide if each page table entry needs to be flushed individually with
      IPTE or if a global flush for the mm_struct is sufficient after all page
      table updates have been done. The comment for mm_users says "How many
      users with user space?" but the /proc code increases mm_users after it
      found the process structure by pid without creating a new user process.
      Which makes mm_users useless for the decision between the two tlb
      flusing methods. The current code can be confused to not flush tlb
      entries by a concurrent access to /proc files if e.g. a fork is in
      progres. The solution for this problem is to make the tlb flushing
      logic independent from the mm_users field.
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      050eef36
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc · bd45fe53
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc: (25 commits)
        powerpc: Fix config dependency problem with MPIC_U3_HT_IRQS
        via-pmu: Add compat_pmu_ioctl
        powerpc: Wire up fanotify_init, fanotify_mark, prlimit64 syscalls
        powerpc/pci: Fix checking for child bridges in PCI code.
        powerpc: Fix typo in uImage target
        powerpc: Initialise paca->kstack before early_setup_secondary
        powerpc: Fix bogus it_blocksize in VIO iommu code
        powerpc: Inline ppc64_runlatch_off
        powerpc: Correct smt_enabled=X boot option for > 2 threads per core
        powerpc: Silence xics_migrate_irqs_away() during cpu offline
        powerpc: Silence __cpu_up() under normal operation
        powerpc: Re-enable preemption before cpu_die()
        powerpc/pci: Drop unnecessary null test
        powerpc/powermac: Drop unnecessary null test
        powerpc/powermac: Drop unnecessary of_node_put
        powerpc/kdump: Stop all other CPUs before running crash handlers
        powerpc/mm: Fix vsid_scrample typo
        powerpc: Use is_32bit_task() helper to test 32 bit binary
        powerpc: Export memstart_addr and kernstart_addr on ppc64
        powerpc: Make rwsem use "long" type
        ...
      bd45fe53
    • S
      [S390] s390: fix build error (sys_execve) · 7af048dc
      Sebastian Ott 提交于
      fix this build error:
      arch/s390/kernel/process.c:272: error: conflicting types for 'sys_execve'
      arch/s390/kernel/entry.h:45: error: previous declaration of 'sys_execve' was here
      make[1]: *** [arch/s390/kernel/process.o] Error 1
      make: *** [arch/s390/kernel] Error 2
      
      introduced by d7627467Signed-off-by: NSebastian Ott <sebott@linux.vnet.ibm.com>
      Signed-off-by: NMartin Schwidefsky <schwidefsky@de.ibm.com>
      7af048dc
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6 · e1f1f073
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging-2.6:
        Staging: sep: remove driver
        Staging: batman-adv: Don't write in not allocated packet_buff
        Staging: batman-adv: Don't use net_dev after dev_put
        Staging: batman-adv: Create batman_if only on register event
        Staging: batman-adv: fix own mac address detection
        Staging: batman-adv: always reply batman icmp packets with primary mac
        Staging: batman-adv: fix batman icmp originating from secondary interface
        Staging: batman-adv: unify orig_hash_lock spinlock handling to avoid deadlocks
        Staging: batman-adv: Fix merge of linus tree
        Staging: spectra: removes unused functions
        Staging: spectra: initializa lblk variable
        Staging: spectra: removes unused variable
        Staging: spectra: remove duplicate GLOB_VERSION definition
        Staging: spectra: don't use locked_ioctl, fix build
        Staging: use new REQ_FLUSH flag, fix build breakage
        Staging: spectra: removes q->prepare_flush_fn, fix build breakage
      e1f1f073
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6 · 472e449c
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
        68328serial: check return value of copy_*_user() instead of access_ok()
        synclink: add mutex_unlock() on error path
        rocket: add a mutex_unlock()
        ip2: return -EFAULT on copy_to_user errors
        ip2: remove unneeded NULL check
        serial: print early console device address in hex
      472e449c
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6 · 6d87f207
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core-2.6:
        kobject_uevent: fix typo in comments
        firmware_class: fix typo in error path
        kobject: Break the kobject namespace defs into their own header
      6d87f207
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6 · d20de763
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (29 commits)
        ARM: imx: fix build failure concerning otg/ulpi
        USB: ftdi_sio: add product ID for Lenz LI-USB
        USB: adutux: fix misuse of return value of copy_to_user()
        USB: iowarrior: fix misuse of return value of copy_to_user()
        USB: xHCI: update ring dequeue pointer when process missed tds
        USB: xhci: Remove buggy assignment in next_trb()
        USB: ftdi_sio: Add ID for Ionics PlugComputer
        USB: serial: io_ti.c: don't return 0 if writing the download record failed
        USB: otg: twl4030: fix wrong assumption of starting state
        USB: gadget: Return -ENOMEM on memory allocation failure
        USB: gadget: fix composite kernel-doc warnings
        USB: ssu100: set tty_flags in ssu100_process_packet
        USB: ssu100: add disconnect function for ssu100
        USB: serial: export symbol usb_serial_generic_disconnect
        USB: ssu100: rework logic for TIOCMIWAIT
        USB: ssu100: add register parameter to ssu100_setregister
        USB: ssu100: remove duplicate #defines in ssu100
        USB: ssu100: refine process_packet in ssu100
        USB: ssu100: add locking for port private data in ssu100
        USB: r8a66597-udc: return -ENOMEM if kzalloc() fails
        ...
      d20de763
    • D
      sparc64: Get rid of indirect p1275 PROM call buffer. · 25edd694
      David S. Miller 提交于
      This is based upon a report by Meelis Roos showing that it's possible
      that we'll try to fetch a property that is 32K in size with some
      devices.  With the current fixed 3K buffer we use for moving data in
      and out of the firmware during PROM calls, that simply won't work.
      
      In fact, it will scramble random kernel data during bootup.
      
      The reasoning behind the temporary buffer is entirely historical.  It
      used to be the case that we had problems referencing dynamic kernel
      memory (including the stack) early in the boot process before we
      explicitly told the firwmare to switch us over to the kernel trap
      table.
      
      So what we did was always give the firmware buffers that were locked
      into the main kernel image.
      
      But we no longer have problems like that, so get rid of all of this
      indirect bounce buffering.
      
      Besides fixing Meelis's bug, this also makes the kernel data about 3K
      smaller.
      
      It was also discovered during these conversions that the
      implementation of prom_retain() was completely wrong, so that was
      fixed here as well.  Currently that interface is not in use.
      Reported-by: NMeelis Roos <mroos@linux.ee>
      Tested-by: NMeelis Roos <mroos@linux.ee>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      25edd694
    • A
      powerpc: Fix config dependency problem with MPIC_U3_HT_IRQS · 314b389b
      Andreas Schwab 提交于
      MPIC_U3_HT_IRQS is selected both by PPC_PMAC64 and PPC_MAPLE, but depends
      on PPC_MAPLE, so a PPC_PMAC64-only config gets this warning:
      
      warning: (PPC_PMAC64 && PPC_PMAC && POWER4 || PPC_MAPLE && PPC64 && PPC_BOOK3S) selects MPIC_U3_HT_IRQS which has unmet direct dependencies (PPC_MAPLE)
      
      Fix that by removing the dependency on PPC_MAPLE.
      Signed-off-by: NAndreas Schwab <schwab@linux-m68k.org>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      314b389b
    • A
      via-pmu: Add compat_pmu_ioctl · 4cc4587f
      Andreas Schwab 提交于
      The ioctls are actually compatible, but due to historical mistake the
      numbers differ between 32bit and 64bit.
      Signed-off-by: NAndreas Schwab <schwab@linux-m68k.org>
      Acked-by: NArnd Bergmann <arnd@arndb.de>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      4cc4587f
    • A
    • G
      powerpc/pci: Fix checking for child bridges in PCI code. · 76ec01db
      Grant Likely 提交于
      pci_device_to_OF_node() can return null, and list_for_each_entry will
      never enter the loop when dev is NULL, so it looks like this test is
      a typo.
      Reported-by: NJulia Lawall <julia@diku.dk>
      Signed-off-by: NGrant Likely <grant.likely@secretlab.ca>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      76ec01db
    • A
      powerpc: Fix typo in uImage target · c686ecf5
      Anatolij Gustschin 提交于
      Commit e32e78c5
      (powerpc: fix build with make 3.82) introduced a
      typo in uImage target and broke building uImage:
      
      make: *** No rule to make target `uImage'.  Stop.
      Signed-off-by: NAnatolij Gustschin <agust@denx.de>
      Cc: stable <stable@kernel.org>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      c686ecf5
    • M
      powerpc: Initialise paca->kstack before early_setup_secondary · f761622e
      Matt Evans 提交于
      As early setup calls down to slb_initialize(), we must have kstack
      initialised before checking "should we add a bolted SLB entry for our kstack?"
      
      Failing to do so means stack access requires an SLB miss exception to refill
      an entry dynamically, if the stack isn't accessible via SLB(0) (kernel text
      & static data).  It's not always allowable to take such a miss, and
      intermittent crashes will result.
      
      Primary CPUs don't have this issue; an SLB entry is not bolted for their
      stack anyway (as that lives within SLB(0)).  This patch therefore only
      affects the init of secondaries.
      Signed-off-by: NMatt Evans <matt@ozlabs.org>
      Cc: stable <stable@kernel.org>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      f761622e
    • A
      powerpc: Fix bogus it_blocksize in VIO iommu code · 7aa241fd
      Anton Blanchard 提交于
      When looking at some issues with the virtual ethernet driver I noticed
      that TCE allocation was following a very strange pattern:
      
      address 00e9000 length 2048
      address 0409000 length 2048 <-----
      address 0429000 length 2048
      address 0449000 length 2048
      address 0469000 length 2048
      address 0489000 length 2048
      address 04a9000 length 2048
      address 04c9000 length 2048
      address 04e9000 length 2048
      address 4009000 length 2048 <-----
      address 4029000 length 2048
      
      Huge unexplained gaps in what should be an empty TCE table. It turns out
      it_blocksize, the amount we want to align the next allocation to, was
      c0000000fe903b20. Completely bogus.
      
      Initialise it to something reasonable in the VIO IOMMU code, and use kzalloc
      everywhere to protect against this when we next add a non compulsary
      field to iommu code and forget to initialise it.
      Signed-off-by: NAnton Blanchard <anton@samba.org>
      Signed-off-by: NBenjamin Herrenschmidt <benh@kernel.crashing.org>
      7aa241fd