1. 12 11月, 2010 7 次提交
  2. 10 11月, 2010 2 次提交
  3. 09 11月, 2010 15 次提交
  4. 08 11月, 2010 5 次提交
  5. 07 11月, 2010 1 次提交
  6. 06 11月, 2010 10 次提交
    • V
      floppy: fix another use-after-free · d017bf6b
      Vivek Goyal 提交于
      While scanning the floopy code due to c093ee4f ("floppy: fix
      use-after-free in module load failure path"), I found one more instance
      of trying to access disk->queue pointer after doing put_disk() on
      gendisk.  For some reason , floppy moule still loads/unloads fine.  The
      object is probably still around with right pointer values.
      
       o There seems to be one more instance of trying to cleanup the request
         queue after we have called put_disk() on associated gendisk.
      
       o This fix is more out of code inspection.  Even without this fix for
         some reason I am able to load/unload floppy module without any
         issues.
      
       o Floppy module loads/unloads fine after the fix.
      Signed-off-by: NVivek Goyal <vgoyal@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d017bf6b
    • G
      TTY: move .gitignore from drivers/char/ to drivers/tty/vt/ · 1db01135
      Greg Kroah-Hartman 提交于
      The autogenerated files (consolemap_deftbl.c and defkeymap.c) need to
      be ignored by git, so move the .gitignore file that was doing it to the
      properly location now that the files have moved as well.
      
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
      Signed-off-by: NGreg Kroah-Hartman <gregkh@suse.de>
      1db01135
    • L
      ipw2x00: remove the right /proc/net entry · 151f52f0
      Linus Torvalds 提交于
      Commit 27ae60f8 ("ipw2x00: replace "ieee80211" with "libipw" where
      appropriate") changed DRV_NAME to be "libipw", but didn't properly fix
      up the places where it was used to specify the name for the /proc/net/
      directory.
      
      For backwards compatibility reasons, that directory name remained
      "ieee80211", but due to the DRV_NAME change, the error case printouts
      and the cleanup functions now used "libipw" instead.  Which made it all
      fail badly.
      
      For example, on module unload as reported by Randy:
      
        WARNING: at fs/proc/generic.c:816 remove_proc_entry+0x156/0x35e()
        name 'libipw'
      
      because it's trying to unregister a /proc directory that obviously
      doesn't even exist.
      
      Clean it all up to use DRV_PROCNAME for the actual /proc directory name.
      Reported-and-tested-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Cc: Pavel Roskin <proski@gnu.org>
      Cc: John W. Linville <linville@tuxdriver.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      151f52f0
    • L
      Merge branch 'kvm-updates/2.6.37' of git://git.kernel.org/pub/scm/virt/kvm/kvm · d4285bd6
      Linus Torvalds 提交于
      * 'kvm-updates/2.6.37' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        KVM: PPC: BookE: Load the lower half of MSR
        KVM: PPC: BookE: fix sleep with interrupts disabled
        KVM: PPC: e500: Call kvm_vcpu_uninit() before kvmppc_e500_tlb_uninit().
        PPC: KVM: Book E doesn't have __end_interrupts.
        KVM: x86: Issue smp_call_function_many with preemption disabled
        KVM: x86: fix information leak to userland
        KVM: PPC: fix information leak to userland
        KVM: MMU: fix rmap_remove on non present sptes
        KVM: Write protect memory after slot swap
      d4285bd6
    • L
      floppy: fix use-after-free in module load failure path · c093ee4f
      Linus Torvalds 提交于
      Commit 48821184 ("floppy: switch to one queue per drive instead of
      sharing a queue") introduced a use-after-free.  We do "put_disk()" on
      the disk device _before_ we then clean up the queue associated with that
      disk.
      
      Move the put_disk() down to avoid dereferencing a free'd data structure.
      
      Cc: Jens Axboe <jaxboe@fusionio.com>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Reported-and-tested-by: NRandy Dunlap <randy.dunlap@oracle.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      c093ee4f
    • D
      watchdog: Fix section mismatch and potential undefined behavior. · 433039e9
      David Daney 提交于
      Commit d9ca07a0 ("watchdog: Avoid kernel crash when disabling
      watchdog") introduces a section mismatch.
      
      Now that we reference no_watchdog from non-__init code it can no longer
      be __initdata.
      Signed-off-by: NDavid Daney <ddaney@caviumnetworks.com>
      Cc: Stephane Eranian <eranian@google.com>
      Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
      Cc: Ingo Molnar <mingo@elte.hu>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      433039e9
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 · 4b4a2700
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (41 commits)
        inet_diag: Make sure we actually run the same bytecode we audited.
        netlink: Make nlmsg_find_attr take a const nlmsghdr*.
        fib: fib_result_assign() should not change fib refcounts
        netfilter: ip6_tables: fix information leak to userspace
        cls_cgroup: Fix crash on module unload
        memory corruption in X.25 facilities parsing
        net dst: fix percpu_counter list corruption and poison overwritten
        rds: Remove kfreed tcp conn from list
        rds: Lost locking in loop connection freeing
        de2104x: fix panic on load
        atl1 : fix panic on load
        netxen: remove unused firmware exports
        caif: Remove noisy printout when disconnecting caif socket
        caif: SPI-driver bugfix - incorrect padding.
        caif: Bugfix for socket priority, bindtodev and dbg channel.
        smsc911x: Set Ethernet EEPROM size to supported device's size
        ipv4: netfilter: ip_tables: fix information leak to userland
        ipv4: netfilter: arp_tables: fix information leak to userland
        cxgb4vf: remove call to stop TX queues at load time.
        cxgb4: remove call to stop TX queues at load time.
        ...
      4b4a2700
    • L
      Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 · f69fa764
      Linus Torvalds 提交于
      * 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
        firewire: ohci: fix race when reading count in AR descriptor
        firewire: ohci: avoid reallocation of AR buffers
        firewire: ohci: fix race in AR split packet handling
        firewire: ohci: fix buffer overflow in AR split packet handling
      f69fa764
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6 · 2e5c3672
      Linus Torvalds 提交于
      * git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
        cifs: make cifs_set_oplock_level() take a cifsInodeInfo pointer
        cifs: dereferencing first then checking
        cifs: trivial comment fix: tlink_tree is now a rbtree
        [CIFS] Cleanup unused variable build warning
        cifs: convert tlink_tree to a rbtree
        cifs: store pointer to master tlink in superblock (try #2)
        cifs: trivial doc fix: note setlease implemented
        CIFS: Add cifs_set_oplock_level
        FS: cifs, remove unneeded NULL tests
      2e5c3672
    • O
      posix-cpu-timers: workaround to suppress the problems with mt exec · e0a70217
      Oleg Nesterov 提交于
      posix-cpu-timers.c correctly assumes that the dying process does
      posix_cpu_timers_exit_group() and removes all !CPUCLOCK_PERTHREAD
      timers from signal->cpu_timers list.
      
      But, it also assumes that timer->it.cpu.task is always the group
      leader, and thus the dead ->task means the dead thread group.
      
      This is obviously not true after de_thread() changes the leader.
      After that almost every posix_cpu_timer_ method has problems.
      
      It is not simple to fix this bug correctly. First of all, I think
      that timer->it.cpu should use struct pid instead of task_struct.
      Also, the locking should be reworked completely. In particular,
      tasklist_lock should not be used at all. This all needs a lot of
      nontrivial and hard-to-test changes.
      
      Change __exit_signal() to do posix_cpu_timers_exit_group() when
      the old leader dies during exec. This is not the fix, just the
      temporary hack to hide the problem for 2.6.37 and stable. IOW,
      this is obviously wrong but this is what we currently have anyway:
      cpu timers do not work after mt exec.
      
      In theory this change adds another race. The exiting leader can
      detach the timers which were attached to the new leader. However,
      the window between de_thread() and release_task() is small, we
      can pretend that sys_timer_create() was called before de_thread().
      Signed-off-by: NOleg Nesterov <oleg@redhat.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e0a70217