Age | Commit message (Collapse) | Author |
|
If mmap_min_addr is set and a process attempts to mmap (not fixed) with a
non-null hint address less than mmap_min_addr the mapping will fail the
security checks. Since this is just a hint address this patch will round
such a hint address above mmap_min_addr.
gcj was found to try to be very frugal with vm usage and give hint addresses
in the 8k-32k range. Without this patch all such programs failed and with
the patch they happily get a higher address.
This patch is wrappad in CONFIG_SECURITY since mmap_min_addr doesn't exist
without it and there would be no security check possible no matter what. So
we should not bother compiling in this rounding if it is just a waste of
time.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Add security checks to make sure we are not attempting to expand the
stack into memory protected by mmap_min_addr
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
On a kernel with CONFIG_SECURITY but without an LSM which implements
security_file_mmap it is impossible for an application to mmap addresses
lower than mmap_min_addr. Based on a suggestion from a developer in the
openwall community this patch adds a check for CAP_SYS_RAWIO. It is
assumed that any process with this capability can harm the system a lot
more easily than writing some stuff on the zero page and then trying to
get the kernel to trip over itself. It also means that programs like X
on i686 which use vm86 emulation can work even with mmap_min_addr set.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Instead of using f_op to detect dead booleans, check the inode index
against the number of booleans and check the dentry name against the
boolean name for that index on reads and writes. This prevents
incorrect use of a boolean file opened prior to a policy reload while
allowing valid use of it as long as it still corresponds to the same
boolean in the policy.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
Do not clear f_op when removing entries since it isn't safe to do.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
|
|
master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-fixes' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
PHY: Add the phy_device_release device method.
gianfar: fix compile warning
pasemi_mac: Fix reuse of free'd skb
SMC911X: Fix using of dereferenced skb after netif_rx
sky2: recovery deadlock fix
Fix memory corruption in fec_mpc52xx
Don't claim to do IPv6 checksum offload
cxgb - revert file mode changes.
|
|
Lately I've got this nice badness on mdio bus removal:
Device 'e0103120:06' does not have a release() function, it is broken and must be fixed.
------------[ cut here ]------------
Badness at drivers/base/core.c:107
NIP: c015c1a8 LR: c015c1a8 CTR: c0157488
REGS: c34bdcf0 TRAP: 0700 Not tainted (2.6.23-rc5-g9ebadfbb-dirty)
MSR: 00029032 <EE,ME,IR,DR> CR: 24088422 XER: 00000000
...
[c34bdda0] [c015c1a8] device_release+0x78/0x80 (unreliable)
[c34bddb0] [c01354cc] kobject_cleanup+0x80/0xbc
[c34bddd0] [c01365f0] kref_put+0x54/0x6c
[c34bdde0] [c013543c] kobject_put+0x24/0x34
[c34bddf0] [c015c384] put_device+0x1c/0x2c
[c34bde00] [c0180e84] mdiobus_unregister+0x2c/0x58
...
Though actually there is nothing broken, it just device
subsystem core expects another "pattern" of resource managment.
This patch implement phy device's release function, thus
we're getting rid of this badness.
Also small hidden bug fixed, hope none other introduced. ;-)
Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com>
Acked-by: Andy Fleming <afleming@freescale.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
Eliminate an uninitialized variable warning. The code is correct, but
a pointer to the automatic variable 'addr' is passed to dma_alloc_coherent.
Since addr has never been initialized, and the compiler doesn't know
what dma_alloc_coherent will do with it, it complains.
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
Turns out we're freeing the skb when we detect CRC error, but we're
not clearing out info->skb. We could either clear it and have the stack
reallocate it, or just leave it and the rx ring refill code will reuse
the one that was allocated.
Reusing a freed skb obviously caused some nasty crashes of various kind,
as reported by Brent Baude and David Woodhouse.
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
Prevent deadlock in sky2 recovery logic. sky2_down calls napi_synchronize
which gets stuck if napi was already disabled.
Fix by rearranging slightly and not calling napi_disable until after
both ports are stopped. The napi_disable probably is being overly
paranoid, but it is safe now.
Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
The mpc5200 fec driver is corrupting memory. This patch fixes two bugs
where the wrong skb was being referenced.
Signed-off-by: Jon Smirl <jonsmirl@gmail.com>
Acked-by: Domen Puncer <domen.puncer@telargo.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
revert inavertant file mode changes
Signed-off-by: Divy Le Ray <divy@chelsio.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
* Don't program UDMA timings when programming PIO or MWDMA modes.
This has also a nice side-effect of fixing regression added by commit
681c80b5d96076f447e8101ac4325c82d8dce508 ("libata: correct handling of
SRST reset sequences") (->set_piomode method for PIO0 is called before
->cable_detect method which checks UDMA timings to get the cable type).
* Bump driver version.
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Tested-by: "Thomas Lindroth" <thomas.lindroth@gmail.com>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Tejun Heo <htejun@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
Add the device IDs of legacy mode of MCP79 AHCI controller to ahci.c
Signed-off-by: Peer Chen <peerchen@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
The Highpoint RocketRAID boards using Marvell 7042 chips
overwrite the 9th sector of attached drives at boot time,
when those drives are configured as "Legacy" (the default)
in the HighPoint BIOS.
This kills GRUB, and probably other stuff.
But it all happens *before* Linux is even loaded.
So, for now we'll log a WARNING when such boards are detected,
and advise users to configure BIOS "JBOD" volumes instead,
which don't appear to suffer from this problem.
Signed-off-by: Mark Lord <mlord@pobox.com>
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
|
|
We need to run any DMA command with result taskfile requested in ADMA mode
when the port is in ADMA mode, otherwise it may try to use the legacy DMA engine
in ADMA mode which is not allowed. Enforce this with BUG_ON() since data
corruption could potentially result if this happened. Also, fail any attempt to
try and issue NCQ commands with result taskfile requested, since the hardware
doesn't allow this.
Signed-off-by: Robert Hancock <hancockr@shaw.ca>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
|
|
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
[S390] Make sure the restore psw masks are initialized.
[S390] Fix compile error on 31bit without preemption
[S390] dcssblk: prevent early access without own make_request function
[S390] cio: add missing reprobe loop end statement
[S390] cio: Issue SenseID per path.
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86:
x86: arch_register_cpu() section fix
x86: free_cache_attributes() section fix
x86: add the word 'WARNING' in check_nmi_watchdog() output
x86: revert CONFIG_X86_HT semantics change
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched:
sched: default to more agressive yield for SCHED_BATCH tasks
sched: fix crash in sys_sched_rr_get_interval()
|
|
I haven't seen Richard doing MTRR related work for quite some time, and
the "X86 ARCHITECTURE" entry in MAINTAINERS already covers the people
currently responsible for this code.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
SET_MODULE_OWNER() is obsolete.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
fix this on i386 allnoconfig:
WARNING: vmlinux.o(.text+0x6f2e): Section mismatch: reference to .init.text:register_cpu (between 'arch_register_cpu' and 'text_poke')
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
free_cache_attributes() must be __cpuinit since it calls the
__cpuinit cache_remove_shared_cpu_map().
This patch fixes the following section mismatch reported by
Chris Clayton:
...
WARNING: vmlinux.o(.text+0x90b6): Section mismatch: reference to .init.text:cache_remove_shared_cpu_map (between 'free_cache_attributes' and 'show_level')
...
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
Our automated test suite looks for keywords like error, fail, warning in
the boot log. In the case when the nmi watchdog is determined to be
stuck in check_nmi_watchdog(), none of those keywords are displayed.
This patch adds a keyword, "WARNING:", so it makes it easier to notice
when the nmi watchdog isn't working correctly. Also add a proper
KERN_WARNING mark to this printout.
Signed-off-by: Don Zickus <dzickus@redhat.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
The recent Kconfig changes in x86 resulted in CONFIG_X86_HT no longer
being set if (X86_32 && MK8).
After grep'ing through the tree I think the problem is that different
places have different assumptions about the semantics of CONFIG_X86_HT,
either:
- hyperthreading or
- multicore
This should be sorted out properly, but until then we should keep the
2.6.23 status quo.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
do more agressive yield for SCHED_BATCH tuned tasks: they are all
about throughput anyway. This allows a gentler migration path for
any apps that relied on stronger yield.
Signed-off-by: Ingo Molnar <mingo@elte.hu>
|
|
Luiz Fernando N. Capitulino reported that sched_rr_get_interval()
crashes for SCHED_OTHER tasks that are on an idle runqueue.
The fix is to return a 0 timeslice for tasks that are on an idle
runqueue. (and which are not running, obviously)
this also shrinks the code a bit:
text data bss dec hex filename
47903 3934 336 52173 cbcd sched.o.before
47885 3934 336 52155 cbbb sched.o.after
Reported-by: Luiz Fernando N. Capitulino <lcapitulino@mandriva.com.br>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
|
|
In case of TRACE_IRQFLAGS the restore psw masks will not be
initialized if noexec is turned on. This will lead to an
immediate system crash.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Commit b8e7a54cd06b0b0174029ef3a7f5a1415a2c28f2 introduced a compile
error if CONFIG_PREEMPT is not set:
arch/s390/kernel/built-in.o: In function `cleanup_io_leave_insn':
/space/kvm/arch/s390/kernel/entry.S:(.text+0xbfce): undefined reference to `preempt_schedule_irq'
This patch hides preempt_schedule_irq if CONFIG_PREEMPT is not set.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
When loading a dcss segment with the dcssblk driver, sometimes the
following kind of message appears:
bio too big device dcssblk0 (8 > 0)
Buffer I/O error on device dcssblk0, logical block 172016
..
The fix is to move the disk registration after setting the
make_request function, to avoid calls into generic_make_request
for dcssblock without having the make_request function set up
properly.
Cc: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
Add loop end statement to prevent looping over empty subchannel sets.
Signed-off-by: Peter Oberparleiter <peter.oberparleiter@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
We may receive a unit check for every path when we issue a SenseID.
Unfortunately, the channel subsystem will try on a different path
every time if we use a lpm of 0xff, which will exhaust our retry
counter.
Therefore, revert SenseID to its previous per-path behaviour and
just leave out the suspend multipath reconnect.
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
|
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/lethal/sh-2.6.24:
sh: Support PCI IO access of SH7780 base boards.
sh: Fix PCI IO space base address of SH7780.
|
|
The old code did did only work as long as CFE and the kernel were using
the same interrupt numbering ...
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86:
x86: fix x86-32 early fixmap initialization.
x86: disable hpet legacy replacement for kdump
x86: disable hpet on shutdown
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[POWERPC] Remove xmon from ml300 and ml403 defconfig in arch/ppc
Revert "[POWERPC] Fix RTAS os-term usage on kernel panic"
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
ACPICA: fix acpi-cpufreq boot crash due to _PSD return-by-reference
ACPI: Delete the IRQ operation in throttling controll via PTC
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched:
sched: cpu accounting controller (V2)
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] NCR5380: Fix bugs and canonicalize irq handler usage
[SCSI] zfcp: fix cleanup of dismissed error recovery actions
[SCSI] zfcp: fix dismissal of error recovery actions
[SCSI] qla1280: convert to use the data buffer accessors
[SCSI] iscsi: return data transfer residual for data-out commands
[SCSI] iscsi_tcp: fix potential lockup with write commands
[SCSI] aacraid: fix security weakness
[SCSI] aacraid: fix up le32 issues in BlinkLED
[SCSI] aacraid: fix potential panic in thread stop
[SCSI] aacraid: don't assign cpu_to_le32(constant) to u8
|
|
pageexec@freemail.hu writes:
> i've just noticed that the chunk in i386/kernel/head.S ended up in a
> weird place, namely, it's not going to be executed as it's just after
> a 'jmp 3f' and before startup_32_smp, probably not what you intended.
> on a sidenote, the whole thing can be done in a single insn, like:
>
> movl $(swapper_pg_pmd - __PAGE_OFFSET + 0x067), (swapper_pg_dir -
> __PAGE_OFFSET+ 4092)
Thanks for the reminder I thought we had fixed this problem a while ago.
Needed to get fixed virtual address for USB debug and earlycon with mmio.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
|
|
we should also add hpet_disable() for kdump.
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
If HPET was enabled by pci quirks, we use i8253 as initial clockevent
because pci quirks doesn't run until pci is initialized.
The above means the kernel (or something) is assuming HPET legacy
replacement is disabled and can use i8253 at boot.
If we used kexec, it isn't true. So, this patch disables HPET legacy
replacement for kexec in machine_shutdown().
Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Acked-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/net-2.6: (27 commits)
[INET]: Fix inet_diag dead-lock regression
[NETNS]: Fix /proc/net breakage
[TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure
[NETFILTER]: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK
[NETFILTER]: xt_TCPMSS: remove network triggerable WARN_ON
[DECNET]: dn_nl_deladdr() almost always returns no error
[IPV6]: Restore IPv6 when MTU is big enough
[RXRPC]: Add missing select on CRYPTO
mac80211: rate limit wep decrypt failed messages
rfkill: fix double-mutex-locking
mac80211: drop unencrypted frames if encryption is expected
mac80211: Fix behavior of ieee80211_open and ieee80211_close
ieee80211: fix unaligned access in ieee80211_copy_snap
mac80211: free ifsta->extra_ie and clear IEEE80211_STA_PRIVACY_INVOKED
SCTP: Fix build issues with SCTP AUTH.
SCTP: Fix chunk acceptance when no authenticated chunks were listed.
SCTP: Fix the supported extensions paramter
SCTP: Fix SCTP-AUTH to correctly add HMACS paramter.
SCTP: Fix the number of HB transmissions.
[TCP] illinois: Incorrect beta usage
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/netdev-2.6: (48 commits)
LIB82596: correct data types for hardware addresses
via-velocity: don't oops on MTU change (resend)
Stop phy code from returning success to unknown ioctls.
SET_NETDEV_DEV() in fec_mpc52xx.c
net: smc911x: only enable for mpr2 on sh.
e1000: Fix NAPI state bug when Rx complete
sky2: turn of dynamic Tx watermark workaround (FE+ only)
sky2: don't use AER routines
sky2: revert to access PCI config via device space
cxgb - fix stats
cxgb - fix NAPI
cxgb - fix T2 GSO
ucc_geth: handle passing of RX-only and TX-only internal delay PHY connection type parameters
phylib: marvell: add support for TX-only and RX-only Internal Delay
phylib: add PHY interface modes for internal delay for tx and rx only
skge: MTU changing fix
skge: serial mode register values
skge version 1.13
skge: increase TX threshold for Jumbo
skge: fiber link up/down fix
...
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev:
sata_mv: Fix broken Marvell 7042 support.
libata: Fix early use of port printk. (Was Re: ata4294967295: failed to start port (errno=-19))
ata_piix: add more toshiba laptops to broken suspend list
libata: More IVB horkage from TSST
libata: report protocol and full CDB on error
Several fixes for the AVR32 PATA driver
sata_mv: fix compilation error when enabling DEBUG
Set proper ATA UDMA mode for bf548 according to system clock.
|
|
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Under the conditions that UML uses it, tcgetattr is guaranteed to return
-EINTR when the console is attached to /dev/ptmx, making generic_console_write
hang because it loops, calling tcgetattr until it succeeds. This is a host
bug - see http://marc.info/?l=linux-kernel&m=119618990807182&w=2 for the
details.
This patch works around it by blocking SIGIO while the terminal attributes are
being fiddled.
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|