Commit 4221a9918e "Add RCU check for
find_task_by_vpid()" introduced rcu_lockdep_assert to find_task_by_pid_ns=
Assertion failed in sys_ioprio_get. The patch is fixing assertion
failure in ioprio_set as well.
kernel/pid.c:419 invoked rcu_dereference_check() without protection!
stack backtrace:
Pid: 4254, comm: iotop Not tainted
Call Trace:
[<ffffffff810656f2>] lockdep_rcu_dereference+0xaa/0xb2
[<ffffffff81053c67>] find_task_by_pid_ns+0x4f/0x68
[<ffffffff81053c9d>] find_task_by_vpid+0x1d/0x1f
[<ffffffff811104e2>] sys_ioprio_get+0x50/0x2da
[<ffffffff81002182>] system_call_fastpath+0x16/0x1b
V2: rcu critical section expanded according to comment by Paul E. McKenney
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
With 2.6.37-rc1, I observe sys_ioprio_set not taking the RCU lock [1]
across access to the task credentials.
Inspecting the code in fs/ioprio.c, the tasklist_lock is held for read
across the __task_cred call, which is presumably sufficient to prevent
the task credentials becoming stale.
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
kernel/pid.c:419 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 1
1 lock held by start-stop-daem/2246:
#0: (tasklist_lock){.?.?..}, at: [<ffffffff811a2dfa>]
sys_ioprio_set+0x8a/0x400
stack backtrace:
Pid: 2246, comm: start-stop-daem Not tainted 2.6.37-rc1-330cd+ #2
Call Trace:
[<ffffffff8109f5f4>] lockdep_rcu_dereference+0xa4/0xc0
[<ffffffff81085651>] find_task_by_pid_ns+0x81/0x90
[<ffffffff8108567d>] find_task_by_vpid+0x1d/0x20
[<ffffffff811a3160>] sys_ioprio_set+0x3f0/0x400
[<ffffffff816efa79>] ? trace_hardirqs_on_thunk+0x3a/0x3f
[<ffffffff81003482>] system_call_fastpath+0x16/0x1b
Take the RCU lock for read across acquiring the pointer to the task
credentials and dereferencing it.
Signed-off-by: Daniel J Blueman <daniel.blueman@gmail.com>
Fixed up by Jens to fix missing rcu_read_unlock() on mismatches.
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Structure hd_geometry is copied to userland with 4 padding bytes
between cylinders and start fields uninitialized on 64-bit platforms.
It leads to leaking of contents of kernel stack memory.
Currently there is no memset() in real implementations of getgeo()
in drivers/block/, so it makes sense to have memset() in blkdev_ioctl().
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Convert direct reads of an inode's i_size to using i_size_read().
i_size_{read,write} use a seqcount to protect reads from accessing
incomple writes. Concurrent i_size_write()s require mutual exclussion
to protect the seqcount that is used by i_size_{read,write}. But
i_size_read() callers do not need to use additional locking.
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Acked-by: NeilBrown <neilb@suse.de>
Acked-by: Lars Ellenberg <lars.ellenberg@linbit.com>
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
If the iovec is being set up in a way that causes uaddr + PAGE_SIZE
to overflow, we could end up attempting to map a huge number of
pages. Check for this invalid input type.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Ensure that we pass down properly validated iov segments before
calling into the mapping or copy functions.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Using %pV reduces the number of printk calls and
eliminates any possible message interleaving from
other printk calls.
Signed-off-by: Joe Perches <joe@perches.com>
CC: Russell King <linux@arm.linux.org.uk>
CC: Eric Miao <eric.y.miao@gmail.com>
CC: linux-arm-kernel@lists.infradead.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
During builds I see the following warning -
CC [M] drivers/char/pcmcia/synclink_cs.o
drivers/char/pcmcia/synclink_cs.c:2194: warning: ‘mgslpc_get_icount’ defined but not used
The function is a callback meant to be assigned to get_icount (added during 0587102cf).
Fix accordingly.
Signed-off-by: Andres Salomon <dilinger@queued.net>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
These are called by sa11x0_drv_pcmcia_probe (which is marked now with
__devinit) so they can go to .devinit.text now, too.
This fixes:
WARNING: drivers/pcmcia/sa1100_cs.o(.text+0x10): Section mismatch in reference from the function sa11x0_drv_pcmcia_probe() to the function .init.text:pcmcia_simpad_init()
The function sa11x0_drv_pcmcia_probe() references
the function __init pcmcia_simpad_init().
This is often because sa11x0_drv_pcmcia_probe lacks a __init
annotation or the annotation of pcmcia_simpad_init is wrong.
and a similar warning for pcmcia_collie_init, pcmcia_cerf_init,
pcmcia_h3600_init and pcmcia_shannon_init.
While at it mark pcmcia_assabet_init with __devinit, too.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
CC: Russell King <linux@arm.linux.org.uk>
CC: Eric Miao <eric.y.miao@gmail.com>
CC: linux-arm-kernel@lists.infradead.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
I'm assuming it's not intended to instantly change the error code
from -ENODEV to -EIO, is it?
Signed-off-by: Nicolas Kaiser <nikai@nikai.net>
Acked-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
Since commit 1dcc41bb (futex: Change 3rd arg of fetch_robust_entry()
to unsigned int*) some gcc versions decided to emit the following
warning:
kernel/futex.c: In function ‘exit_robust_list’:
kernel/futex.c:2492: warning: ‘next_pi’ may be used uninitialized in this function
The commit did not introduce the warning as gcc should have warned
before that commit as well. It's just gcc being silly.
The code path really can't result in next_pi being unitialized (or
should not), but let's keep the build clean. Annotate next_pi as an
uninitialized_var.
[ tglx: Addressed the same issue in futex_compat.c and massaged the
changelog ]
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Tested-by: Matt Fleming <matt@console-pimps.org>
Tested-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: John Kacur <jkacur@redhat.com>
Cc: Ingo Molnar <mingo@elte.hu>
LKML-Reference: <1288897200-13008-1-git-send-email-dvhart@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
The DSS documentation didn't mention the option to give the VRAM start
address.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@nokia.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Use memblock_free() and memblock_remove() to remove the allocated or
reserved VRAM area from normal kernel memory.
This is a slightly modified version of patches from Felipe Contreras and
Namhyung Kim.
Reported-by: Felipe Contreras <felipe.contreras@gmail.com>
Reported-by: Namhyung Kim <namhyung@gmail.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@nokia.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Improve the error prints to give more information about the offending
address & size.
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@nokia.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
If the POST memory test fails, the driver may access illegal
memory areas. Instead of hard coding the maximum size, set it
according to the PCI resource length (an additional check is needed in
sisfb_post_map_vram() to ensure it's big enough). DRAM sizing will later
adjust video_size to the correct value.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Thomas Winischhofer <thomas@winischhofer.net>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
check_enable_amd_mmconf_dmi() gets called only for the BSP,
hence everything hanging off of it can be __init*.
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Acked-by: Yinghai Lu <yinghai@kernel.org>
LKML-Reference: <4CD2DE1E0200007800020990@vpn.id2.novell.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
A new version of the SGI UV hub node controller is being
developed. A few of the MMRs (control registers) that exist on
the current hub no longer exist on the new hub. Fortunately,
there are alternate MMRs that are are functionally equivalent
and that exist on both hubs.
This patch changes the UV code to use MMRs that exist in BOTH
versions of the hub node controller.
Signed-off-by: Jack Steiner <steiner@sgi.com>
LKML-Reference: <20101106204056.GA27584@sgi.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Analog to git commit 737480a0d5
fix the return address of subsequent kretprobes when multiple
kretprobes are set on the same function.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Execute the kprobe exception and fault handler with interrupts disabled.
To disable the interrupts only while a single step is in progress is not
good enough, a kprobe from interrupt context while another kprobe is
handled can confuse the internal house keeping.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
s390 doesn't need FRAME_POINTERS in order to have a working function tracer.
We don't need frame pointers in order to get strack traces since we always
have valid backchains by using the -mkernel-backchain gcc option.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Provide the devmem_is_allowed() routine to restrict access to
kernel memory from userspace.
Set the CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
If automatic purge is enabled for a vmlogrdr device, old records are
purged before an IUCV recording service is switched on or off. If z/VM
generates a large number of records between purging and switching the
recording service off, these records remain queued, and may have a
negative performance impact on the z/VM system. To avoid this problem,
we need to purge the records after recording is switched off.
Signed-off-by: Stefan Weinhuber <wein@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
If device recognition is interrupted by a subchannel event
indicating that the device is gone, ccw_device_init_count
is not correctly decreased.
Fix this by reporting the corresponding event to the device
recognition callback via the state machine.
Signed-off-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The check for the _PAGE_RO bit in get_user_pages_fast for write==1 is
the wrong way around. It must not be set for the fast path.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
CC drivers/sh/clk/core.o
drivers/sh/clk/core.c: In function 'clk_round_parent':
drivers/sh/clk/core.c:574: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'unsigned int'
drivers/sh/clk/core.c:594: warning: format '%lu' expects type 'long unsigned int', but argument 2 has type 'unsigned int'
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
profile_cpu was left over from an earlier implementation that
supported running perf top on a single CPU. profile_cpu was no
longer set by any switch and usages of it resulted in dead code.
Instead, convert the code to use cpu_list, which is set by the
-C <cpu_list> option.
Also improved the printing of nr_cpus and cpu_list by correcting
the plurals.
Signed-off-by: Corey Ashford <cjashfor@linux.vnet.ibm.com>
Cc: a.p.zijlstra@chello.nl
Cc: acme@redhat.com
LKML-Reference: <1289269245-9388-1-git-send-email-cjashfor@linux.vnet.ibm.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
The [vk][cmz]alloc(_node) family of functions return void
pointers which it's completely unnecessary/pointless to cast to
other pointer types since that happens implicitly.
This patch removes such casts from arch/x86.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Cc: trivial@kernel.org
Cc: amd64-microcode@amd64.org
Cc: Andreas Herrmann <andreas.herrmann3@amd.com>
LKML-Reference: <alpine.LNX.2.00.1011082310220.23697@swampdragon.chaosbits.net>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
The gcc complains about small auto-var strings being allocated from stack space.
Make them const to avoid this:
| CC util/ui/util.o
| cc1: warnings being treated as errors
| util/ui/util.c: In function ‘ui__dialog_yesno’:
| util/ui/util.c:108: error: not protecting function: no buffer at least 8 bytes long
| make: *** [util/ui/util.o] Error 1
The real bug is in the newtWinChoice() ABI - but that's an
externality we cannot fix here, so we use this workaround.
Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org>
Acked-by: Frédéric Weisbecker <fweisbec@gmail.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
LKML-Reference: <20101106084724.GA5956@lenovo>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Fix zero mode number, when using the default 720p mode.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
sh_mobile_lcdcfb.c has a hard-coded 720p video mode, used as default, if none
is explicitly specified by the platform. Adjust its timing to match the CEA
standard. Also add an explicit refresh rate value, which is needed, when used
with HDMI, to be able to recognise the default 720p mode as a pre-programmed
VIC #4.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Even though this is not a problem currently, it is better to clear the freed
pointer and nullify the length of the freed memory.
Signed-off-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
Call destroy() on _all_ ttm_bo_init() failures, and make sure that
behavior is documented in the function description.
Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
If ttm_bo_init() returns failure, it already destroyed the BO, so we need to
retry from scratch.
Signed-off-by: Michel Dänzer <daenzer@vmware.com>
Tested-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Cc: stable@kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
This patch fixes bug #13820 from bugzilla.kernel.org.
Quote: "If ETHTOOL_GLINK is not defined, the end for switch case is not
to be found."
Signed-off-by: Maximiliano David Bustos <md.bustos90@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Commit e31b82136d ("cfg80211/mac80211:
allow per-station GTKs") changed the signatures of these operations
but did not update the staging drivers.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Remove unnecessary cast of firmware base address to integer before
adding an offset.
Fix direct use of sk_buff::network_header which is an offset rather
than a pointer on 64-bit architectures.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
