1. 18 1月, 2010 3 次提交
    • M
      microblaze: Wire up recvmmsg syscall · ce9c37f1
      Michal Simek 提交于
      Patch a2e27255 should
      contain change in unistd.h too. The same problem
      had MIPS.
      Signed-off-by: NMichal Simek <monstr@monstr.eu>
      ce9c37f1
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 · 7dc9c484
      Linus Torvalds 提交于
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
        do_add_mount() should sanitize mnt_flags
        CIFS shouldn't make mountpoints shrinkable
        mnt_flags fixes in do_remount()
        attach_recursive_mnt() needs to hold vfsmount_lock over set_mnt_shared()
        may_umount() needs namespace_sem
        Fix configfs leak
        Fix the -ESTALE handling in do_filp_open()
        ecryptfs: Fix refcnt leak on ecryptfs_follow_link() error path
        Fix ACC_MODE() for real
        Unrot uml mconsole a bit
        hppfs: handle ->put_link()
        Kill 9p readlink()
        fix autofs/afs/etc. magic mountpoint breakage
      7dc9c484
    • M
      modpost: fix segfault in sym_is() with prefixed arches · 3a5dd791
      Mike Frysinger 提交于
      The sym_is() compares a symbol in an attempt to automatically skip symbol
      prefixes.  It does this first by searching the real symbol with the normal
      unprefixed symbol.  But then it uses the length of the original symbol to
      check the end of the substring instead of the length of the symbol it is
      looking for.  On non-prefixed arches, this is effectively the same thing,
      so there is no problem.  On prefixed-arches, since this is exceeds by just
      one byte, a crash is rare and it is usually a NUL byte anyways.  But every
      once in a blue moon, you get the right page alignment and it segfaults.
      
      For example, on the Blackfin arch, sym_is() will be called with the real
      symbol "___mod_usb_device_table" as "symbol" when looking for the normal
      symbol "__mod_usb_device_table" as "name".  The substring will thus return
      one byte into "symbol" and store it into "match".  But then "match" will
      be indexed with the length of "symbol" instead of "name" and so we will
      exceed the storage.  i.e. the code ends up doing:
      	char foo[] = "abc"; return foo[strlen(foo)+1] == '\0';
      Signed-off-by: NMike Frysinger <vapier@gentoo.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      3a5dd791
  2. 17 1月, 2010 37 次提交