Impact: intermittent guest segv/crash fix
I've been seeing random guest bad address crashes and segmentation faults:
bisect led to 4f98a2fee8 (vmscan: split LRU lists into anon & file sets),
but that's a red herring.
It turns out that lguest never hooked up the pte_update/pte_update_defer
calls, so our ptes were not always in sync. After the vmscan commit, the
bug became reproducible; now a fsck in a 64MB guest causes reproducible
pagetable corruption.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: jeremy@xensource.com
Cc: virtualization@lists.osdl.org
Cc: stable@kernel.org
Impact: fix crash on misbehaving guest
gpte_addr() contains a BUG_ON(), insisting that the present flag is
set. We need to return before we call it if that isn't the case.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: stable@kernel.org
Impact: cleanup
Roel Kluin drew attention to these macros with his patch: here I
neaten them a little further:
1) Add a comment on what START_USE and END_USE are checking,
2) Brackets around _vq in BAD_RING,
3) Neaten formatting for START_USE so it's less than 80 cols.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Impact: cleanup
fix BAD_RING, START_US and END_USE macros
When these macros aren't called with a variable named vq as first
argument, this would result in a build failure.
Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Hypervisor versions older than version 1.6.1 cannot handle
leaving the profile counter overflow interrupt chirping
when the system does a soft reset.
So use a reboot notifier to shut off the NMI watchdog.
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch fixes a dependency with IPv6:
ERROR: "__ipv6_addr_type" [net/netfilter/xt_cluster.ko] undefined!
This patch adds a function that checks if the higher bits of the
address is 0xFF to identify a multicast address, instead of adding a
dependency due to __ipv6_addr_type(). I came up with this idea after
Patrick McHardy pointed possible problems with runtime module
dependencies.
Reported-by: Steven Noonan <steven@uplinklabs.net>
Reported-by: Randy Dunlap <randy.dunlap@oracle.com>
Reported-by: Cyrill Gorcunov <gorcunov@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'bzip2-lzma-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-tip:
bzip2/lzma: don't ask for compression mode for the default initramfs
bzip2/lzma: consistently capitalize LZMA in Kconfig
bzip2/lzma: clarify the meaning of the CONFIG_RD_ options
bzip2/lzma: move CONFIG_RD_* options under CONFIG_EMBEDDED
<linux/irq.h> relies on <linux/gfp.h> and <linux/topology.h> having been
included previous. If not, the errors like below will result.
CC arch/mips/mti-malta/malta-int.o
In file included from arch/mips/mti-malta/malta-int.c:25:
include/linux/irq.h: In function ‘init_alloc_desc_masks’:
include/linux/irq.h:444: error: implicit declaration of function ‘cpu_to_node’
include/linux/irq.h:446: error: ‘GFP_ATOMIC’ undeclared (first use in this function)
include/linux/irq.h:446: error: (Each undeclared identifier is reported only once
include/linux/irq.h:446: error: for each function it appears in.)
make[3]: *** [arch/mips/mti-malta/malta-int.o] Error 1
make[2]: *** [arch/mips/mti-malta] Error 2
make[1]: *** [sub-make] Error 2
Fixed by including the two missing headers.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix kernel-doc errors in sched.c: the structs don't have
kernel-doc notation and the short function description needs to
be one line only.
Error(kernel/sched.c:3197): cannot understand prototype: 'struct sd_lb_stats '
Error(kernel/sched.c:3228): cannot understand prototype: 'struct sg_lb_stats '
Error(kernel/sched.c:3375): duplicate section name 'Description'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sometime we need to communicate with HDMI monitor by sending audio or video
info frame, so we have to know monitor type. However if user utilize HDMI-DVI adapter to connect DVI monitor, hardware detection will incorrectly show the monitor is HDMI. HDMI spec tell us that any device containing IEEE registration Identifier will be treated as HDMI device. The patch intends to detect HDMI monitor by this rule.
Signed-off-by: Ma Ling <ling.ma@intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
drm_open_helper() from drm_fops.c had a missing mutex_unlock in a error
path.
This was caught by smatch (http://repo.or.cz/w/smatch.git/). Compile
tested.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
shrinks drm_ioctl_desc from 24 bytes to 16 bytes by reordering members
to remove padding.
updates DRM_IOCTL_DEF macro to initialise structure members by name to
handle the structure reorder.
The applied patch reduces data used in drm.ko from 10440 to 9032
Signed-off-by: Richard Kennedy <richard@rsk.demon.co.uk>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Usually drm read basic EDID, that is enough for us, but since igital display
were introduced i.e. HDMI monitor, sometime we need to interact with monitor by
EDID extension information,
EDID extensions include audio/video data block, speaker allocation and vendor specific data blocks.
This patch intends to read EDID extensions from digital monitor for users.
Signed-off-by: Ma Ling <ling.ma@intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
The kmalloc was taking up about 1.5% of the CPU on an ioctl-heavy workload
(x11perf -aa10text on 965). Initial results look like they have a
corresponding improvement in performance for aa10text, but more numbers might
not hurt.
Thanks to ajax for pointing out this performance regression I'd introduced
back in 2007.
[airlied: well I introduced it sneakily inside Eric's patch]
Signed-off-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Dave Airlie <airlied@redhat.com>
We can't put 'mdio' until after we've used it in the
fsl_pq_mdio_bus_name() call.
Also fix error return values.
Signed-off-by: David S. Miller <davem@davemloft.net>
Allows for the removal of byteswapping in some places and
the removal of HIPQUAD (replaced by %pI4).
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
dcc_ip is treated as a host-endian value in the first printk,
but the second printk uses %pI4 which expects a be32. This
will cause a mismatch between the debug statement and the
warning statement.
Treat as a be32 throughout and avoid some byteswapping during
some comparisions, and allow another user of HIPQUAD to bite the
dust.
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
drivers/net/hamradio/dmascc.c:587: error: 'struct net_device' has no
member named 'set_mac_address'
Signed-off-by: Alexander Beregalov <a.beregalov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When GRO/frag_list support was added to GSO, I made an error
which broke the support for segmenting linear GSO packets (GSO
packets are normally non-linear in the payload).
These days most of these packets are constructed by the tun
driver, which prefers to allocate linear memory if possible.
This is fixed in the latest kernel, but for 2.6.29 and earlier
it is still the norm.
Therefore this bug causes failures with GSO when used with tun
in 2.6.29.
Reported-by: James Huang <jamesclhuang@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add missing struct field to fix kernel-doc warning:
Warning(include/linux/skbuff.h:182): No description found for parameter 'flags'
Signed-off-by: Randy Dunlap <randy.dunlap@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
* 'futexes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
futex: remove the pointer math from double_unlock_hb, fix
futex: remove the pointer math from double_unlock_hb
futex: clean up fault logic
futex: unlock before returning -EFAULT
futex: use current->time_slack_ns for rt tasks too
futex: add double_unlock_hb()
futex: additional (get|put)_futex_key() fixes
futex: update futex commentary
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
smack: Add a new '-CIPSO' option to the network address label configuration
netlabel: Cleanup the Smack/NetLabel code to fix incoming TCP connections
lsm: Remove the socket_post_accept() hook
selinux: Remove the "compat_net" compatibility code
netlabel: Label incoming TCP connections correctly in SELinux
lsm: Relocate the IPv4 security_inet_conn_request() hooks
TOMOYO: Fix a typo.
smack: convert smack to standard linux lists
Annotate struct fs_struct's usage count to indicate the restrictions upon it.
It may not be incremented, except by clone(CLONE_FS), as this affects the
check in check_unsafe_exec() in fs/exec.c.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
check_unsafe_exec() also notes whether the fs_struct is being
shared by more threads than will get killed by the exec, and if so
sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid.
But /proc/<pid>/cwd and /proc/<pid>/root lookups make transient
use of get_fs_struct(), which also raises that sharing count.
This might occasionally cause a setuid program not to change euid,
in the same way as happened with files->count (check_unsafe_exec
also looks at sighand->count, but /proc doesn't raise that one).
We'd prefer exec not to unshare fs_struct: so fix this in procfs,
replacing get_fs_struct() by get_fs_path(), which does path_get
while still holding task_lock, instead of raising fs->count.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
___
fs/proc/base.c | 50 +++++++++++++++--------------------------------
1 file changed, 16 insertions(+), 34 deletions(-)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Malicki reports that setuid sometimes doesn't: very rarely,
a setuid root program does not get root euid; and, by the way,
they have a health check running lsof every few minutes.
Right, check_unsafe_exec() notes whether the files_struct is being
shared by more threads than will get killed by the exec, and if so
sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid.
But /proc/<pid>/fd and /proc/<pid>/fdinfo lookups make transient
use of get_files_struct(), which also raises that sharing count.
There's a rather simple fix for this: exec's check on files->count
has been redundant ever since 2.6.1 made it unshare_files() (except
while compat_do_execve() omitted to do so) - just remove that check.
[Note to -stable: this patch will not apply before 2.6.29: earlier
releases should just remove the files->count line from unsafe_exec().]
Reported-by: Joe Malicki <jmalicki@metacarta.com>
Narrowed-down-by: Michael Itz <mitz@metacarta.com>
Tested-by: Joe Malicki <jmalicki@metacarta.com>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2.6.26's commit fd8328be87
"sanitize handling of shared descriptor tables in failing execve()"
moved the unshare_files() from flush_old_exec() and several binfmts
to the head of do_execve(); but forgot to make the same change to
compat_do_execve(), leaving a CLONE_FILES files_struct shared across
exec from a 32-bit process on a 64-bit kernel.
It's arguable whether the files_struct really ought to be unshared
across exec; but 2.6.1 made that so to stop the loading binary's fd
leaking into other threads, and a 32-bit process on a 64-bit kernel
ought to behave in the same way as 32 on 32 and 64 on 64.
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This produced a warning on my build, not sure why super-warning-man didn't
notice this one, its much worse than the %z one.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Impact: Kconfig noise reduction, documentation
The default initramfs is so small that it makes no sense to worry
about the additional memory taken by not double-compressing it.
Therefore, don't bug the user with it.
Also, improve the description of the option, which was downright
incorrect.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Impact: message formatting
Consistently spell LZMA in all capitals, since it (unlike gzip or
bzip2) is an acronym.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Impact: Kconfig clarification
Make it clear that the CONFIG_RD_* options are about what formats are
supported, not about what formats are actually being used.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Impact: reduce Kconfig noise
Move the options that control possible initramfs/initrd compressions
underneath CONFIG_EMBEDDED. The only impact of leaving these options
set to y is additional code in the init section of the kernel; there
is no reason to burden non-embedded users with these options.
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
* 'i2c-for-linus' of git://jdelvare.pck.nerim.net/jdelvare-2.6:
i2c-core: Some style cleanups
i2c-piix4: Add support for the Broadcom HT1100 chipset
i2c-piix4: Add support to SB800 SMBus changes
i2c-pca-platform: Use defaults if no platform_data given
i2c-algo-pca: Use timeout for checking the state machine
i2c-algo-pca: Rework waiting for a free bus
i2c-algo-pca: Add PCA9665 support
i2c: Adapt debug macros for KERN_* constants
i2c-davinci: Fix timeout handling
i2c: Adapter timeout is in jiffies
i2c: Set a default timeout value for all adapters
i2c: Add missing KERN_* constants to printks
i2c-algo-pcf: Handle timeout correctly
i2c-algo-pcf: Style cleanups
eeprom/at24: Remove EXPERIMENTAL
i2c-nforce2: Add support for MCP67, MCP73, MCP78S and MCP79
i2c: Clarify which clients are auto-removed
i2c: Let checkpatch shout on users of the legacy model
i2c: Document the different ways to instantiate i2c devices
