Relying on overflow/wrap around isn't exact because if you wrap far
enough, you get back to "valid" values.
Reported-by: Thorsten Pohlmann <pohlmann@tetronik.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Cc: stable <stable@kernel.org>
x86-32 has had a static test for copy_on_user() overflow for a while.
This test currently fails in mm/migrate.c resulting in an
allyesconfig/allmodconfig build failure on x86-32:
In function ‘copy_from_user’,
inlined from ‘do_pages_stat’ at
/home/hpa/kernel/git/mm/migrate.c:1012:
/home/hpa/kernel/git/arch/x86/include/asm/uaccess_32.h:212: error:
call to ‘copy_from_user_overflow’ declared
Make the logic more explicit and therefore easier for gcc to
understand.
v2: rewrite the loop entirely using a more normal structure for a
chunked-data loop (Linus Torvalds)
Reported-by: Len Brown <lenb@kernel.org>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
Reviewed-and-Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Cc: Arjan van de Ven <arjan@linux.kernel.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Christoph Lameter <cl@linux-foundation.org>
Cc: Hugh Dickins <hugh.dickins@tiscali.co.uk>
Cc: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
As the parent comm then is worthless, confusing users about the
thread where the sample really happened, leading to think that
the sample happened in the parent, not where it really happened,
in the children of a thread for which a PERF_RECORD_COMM event
was not received.
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frédéric Weisbecker <fweisbec@gmail.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
LKML-Reference: <1266627727-19715-1-git-send-email-acme@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
In 2161db9 we stopped failing when not finding modules when
asked too, but then the kernel maps (just one, for vmlinux)
wasn't having its ->end field correctly set up, so symbols were
not being found for the vmlinux map because its range was 0-0.
Reported-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Frédéric Weisbecker <fweisbec@gmail.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Paul Mackerras <paulus@samba.org>
LKML-Reference: <1266702793-29434-1-git-send-email-acme@infradead.org>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
CacheFiles: Fix a race in cachefiles_delete_object() vs rename
vfs: don't call ima_file_check() unconditionally in nfsd_open()
fs: inode - remove 8 bytes of padding on 64bits allowing 1 more objects/slab under slub
Switch proc/self to nd_set_link()
fix LOOKUP_FOLLOW on automount "symlinks"
* 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6:
V4L/DVB: bttv: Move I2C IR initialization
V4L/DVB: Video : pwc : Fix regression in pwc_set_shutter_speed caused by bad constant => sizeof conversion.
soc-camera: mt9t112: modify exiting conditions from standby mode
V4L/DVB: cxusb: Select all required frontend and tuner modules
V4L/DVB: dvb: l64781.ko broken with gcc 4.5
* 'omap-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap-2.6:
omap: Remove DEBUG_FS dependency for mux name checking
* master.kernel.org:/home/rmk/linux-2.6-arm:
ARM: allow alignment fault mode to be configured at kernel boot
ARM: Update mach-types
ARM: 5951/1: ARM: fix documentation of the PrimeCell bus
ARM: 5950/1: ARM: Fix build error for arm1026ej-s processor
MAINTAINERS: fix my e-mail and status for Gemini and FA526
Gemini: wrong registers used to set reg_level in gpio_set_irq_type()
ARM: 5944/1: scsi: fix timer setup in fas216.c
ARM: 5938/1: ARM: L2: export outer_cache_fns
update_mmu_cache() is called with the page table for the faulted-in
page still mapped. We need to modify the PTE for this page to ensure
coherency with other shared mappings when multiple shared mappings
exist within a MM.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
On VIVT ARM, when we have multiple shared mappings of the same file
in the same MM, we need to ensure that we have coherency across all
copies. We do this via make_coherent() by making the pages
uncacheable.
This used to work fine, until we allowed highmem with highpte - we
now have a page table which is mapped as required, and is not available
for modification via update_mmu_cache().
Ralf Beache suggested getting rid of the PTE value passed to
update_mmu_cache():
On MIPS update_mmu_cache() calls __update_tlb() which walks pagetables
to construct a pointer to the pte again. Passing a pte_t * is much
more elegant. Maybe we might even replace the pte argument with the
pte_t?
Ben Herrenschmidt would also like the pte pointer for PowerPC:
Passing the ptep in there is exactly what I want. I want that
-instead- of the PTE value, because I have issue on some ppc cases,
for I$/D$ coherency, where set_pte_at() may decide to mask out the
_PAGE_EXEC.
So, pass in the mapped page table pointer into update_mmu_cache(), and
remove the PTE value, updating all implementations and call sites to
suit.
Includes a fix from Stephen Rothwell:
sparc: fix fallout from update_mmu_cache API change
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Some glibc versions intentionally create lots of alignment faults in
their gconv code, which if not fixed up, results in segfaults during
boot. This can prevent systems booting properly.
There is no clear hard-configurable default for this; the desired
default depends on the nature of the userspace which is going to be
booted.
So, provide a way for the alignment fault handler to be configured via
the kernel command line.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
cachefiles_delete_object() can race with rename. It gets the parent directory
of the object it's asked to delete, then locks it - but rename may have changed
the object's parent between the get and the completion of the lock.
However, if such a circumstance is detected, we abandon our attempt to delete
the object - since it's no longer in the index key path, it won't be seen
again by lookups of that key. The assumption is that cachefilesd may have
culled it by renaming it to the graveyard for later destruction.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This fixes the filepath encoded in <linux/amba/bus.h> and adds
some documentation as to what this bus really means.
Signed-off-by: Linus Walleij <linus.walleij@stericsson.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This patch fix the below build error for arm1026ej-s processor (IntegratorCP/arm1026ej-s board).
CC init/main.o
In file included from include/linux/highmem.h:8,
from include/linux/pagemap.h:10,
from include/linux/mempolicy.h:62,
from init/main.c:52:
arch/arm/include/asm/cacheflush.h:134:2: error: #error Unknown cache maintainence model
make[1]: *** [init/main.o] Erreur 1
make: *** [init] Erreur 2
Signed-off-by: Abdoulaye Walsimou Gaye <walsimou@walsimou.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
When polled input device is opened and closed and there are no other
users of polled device, the workqueue is created and destroyed in
every open / close operation. It is probable that at some point
dynamic allocation of internal parts of the workqueue cause changes to the
workqueue.
When a work is queued to the workqueue the work struct contains pointers
to the workqueue data. If the workqueue has been changed and the work
has never been queued to the new workqueue, work-struct contains pointers
to the non-existing workqueue. This will cause crash at the work
cancellation during device close since cancellation of a work assumes
that the workqueue exists.
To prevent that, work struct is cleaned up at device close. This keeps
work struct clean for the next use.
Signed-off-by: Samu Onkalo <samu.p.onkalo@nokia.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Devices supporting both pen and touch features share the same product ID,
but presented as 2 separate input devices. By adding device type to device
name string we can help userspace applications and users differentiate
between them. 'Finger' is used for the touch since touch has been used as
a suffix by userland hotplugging services.
Signed-off-by: Jason Childs <oblivian@users.sourceforge.net>
Signed-off-by: Ping Cheng <pingc@wacom.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Currently driver reports touches when it gets (1 << ts.shift) samples,
even if stylus is up, which is incorrect. We should only report coordinates
and touch condition when stylus is down.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
commit 1e41568d73 ("Take ima_path_check()
in nfsd past dentry_open() in nfsd_open()") moved this code back to its
original location but missed the "else".
Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
* git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] megaraid_sas: fix for 32bit apps
[SCSI] fcoe: Only rmmod fcoe.ko if there are no active connections
[SCSI] libfcoe: Send port LKA every FIP_VN_KA_PERIOD secs.
[SCSI] libfc: Don't assume response request present.
[SCSI] libfc: Fix e_d_tov ns -> ms scaling factor in PLOGI response.
[SCSI] libfc: call ddp setup for only FCP reads to avoid accessing junk fsp pointer
[SCSI] iscsi_tcp regression: remove bogus warn on in write path
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6:
sfc: SFE4002/SFN4112F: Widen temperature and voltage tolerances
sfc: Fix sign of efx_mcdi_poll_reboot() error in efx_mcdi_poll()
net-sysfs: Use rtnl_trylock in wireless sysfs methods.
net: Fix sysctl restarts...
* 'drm-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm/radeon: bump the UMS driver version number to indicate rv740 fix
drm/radeon/kms: free fence IB if it wasn't emited at IB free time
drm/ttm: fix caching problem on non-PAT systems.
drm/radeon/rv740: fix backend setup
drm/radeon/kms: fix shared ddc detection
drm/radeon/kms/rs600: add connector quirk
vgaarb: fix "target=default" passing
The temperature and voltage limits currently set on these boards are
too conservative and will cause the driver to stop the net device
erroneously in some systems.
Based on a review of the chip datasheets and advice from the designer
of these boards:
- Raise the maximum board temperatures to the specified maximum ambient
temperatures for their PHYs plus the expected temperature bias of the
board
- Raise the maximum controller temperature to 90 degrees
- Lower the minimum temperatures to 0 degrees
- Widen the voltage tolerances to at least +/- 10%
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
efx_mcdi_poll() uses positive error numbers, matching the MCDI
protocol. It must negate the result of efx_mcdi_poll_reboot() which
returns the usual negative error numbers.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The wireless sysfs methods like the rest of the networking sysfs
methods are removed with the rtnl_lock held and block until
the existing methods stop executing. So use rtnl_trylock
and restart_syscall so that the code continues to work.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Yuck. It turns out that when we restart sysctls we were restarting
with the values already changed. Which unfortunately meant that
the second time through we thought there was no change and skipped
all kinds of work, despite the fact that there was indeed a change.
I have fixed this the simplest way possible by restoring the changed
values when we restart the sysctl write.
One of my coworkers spotted this bug when after disabling forwarding
on an interface pings were still forwarded.
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Thanks to testcase and report from Brad Spengler:
--------------------
#include <stdio.h>
typedef int (* _wee)(void);
int main(void)
{
char buf[8] = { '\x81', '\xc7', '\xe0', '\x08', '\x81', '\xe8',
'\x00', '\x00' };
_wee wee;
printf("%p\n", &buf);
wee = (_wee)&buf;
wee();
return 0;
}
--------------------
TSB I-tlb load code tries to use andcc to check the _PAGE_EXEC_4U bit,
but that's bit 12 so it gets sign extended all the way up to bit 63
and the test nearly always passes as a result.
Use sethi to fix the bug.
Signed-off-by: David S. Miller <davem@davemloft.net>
This lets UMS userspace know the rv740 fix is in. For KMS we can
consider the kernel release to be the v2.0.0 release so we don't need the
bump there.
Signed-off-by: Dave Airlie <airlied@redhat.com>
If at IB free time fence wasn't emited that means the IB wasn't
scheduled because an error occured somewhere, thus we can free
then fence and mark the IB as free.
Signed-off-by: Jerome Glisse <jglisse@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
http://bugzilla.kernel.org/show_bug.cgi?id=15328
This fixes a serious regression on AGP/non-PAT systems, where
pages were ending up in the wrong state and slowing down the
whole system.
[airlied: taken this from the bug as the other option is to revert
the change which caused it].
Tested-by: John W. Linville (in bug).
Signed-off-by: Dave Airlie <airlied@redhat.com>
This patch fixes occlusion queries and rendering errors
on rv740 boards. Hardcoding the backend map is not an optimal
solution, but a better fix is being worked on.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Just compare the i2c id since the i2c structs
may be slighly different.
Fixes fdo bug 26616.
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
rs600 board lists DVI port as HDMI.
Fixes fdo bug 26605
Signed-off-by: Alex Deucher <alexdeucher@gmail.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Commit 77c1ff3982 fixed the userspace
pointer dereference, but introduced another bug pointed out by Eugene Teo
in RH bug #564264. Instead of comparing the point we were at in the string,
we instead compared the beginning of the string to "default".
Signed-off-by: Kyle McMartin <kyle@redhat.com>
Reported-by: Eugene Teo <eteo@redhat.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
The code for setting standard VGA modes probes for the current mode,
and skips the mode setting if the mode is 3 (color text 80x25) or 7
(mono text 80x25). Unfortunately, there are BIOSes, including the
VMware BIOS, which report the previous mode if function 0F is queried
while the screen is in a VESA mode, and of course, nothing can help a
mode poked directly into the hardware.
As such, the safe option is to set the mode anyway, and only query to
see if we should be using mode 7 rather than mode 3. People who don't
want any mode setting at all should probably use vga=0x0f04
(VIDEO_CURRENT_MODE). It's possible that should be the kernel
default.
Reported-by Rene Arends <R.R.Arends@hro.nl>
Signed-off-by: H. Peter Anvin <hpa@zytor.com>
LKML-Reference: <tip-*@git.kernel.org>
It looks like this patch -
commit 7b2519afa1
Author: Yang, Bo <Bo.Yang@lsi.com>
Date: Tue Oct 6 14:52:20 2009 -0600
[SCSI] megaraid_sas: fix 64 bit sense pointer truncation
has caused a problem for 32bit programs with 64bit os -
http://bugzilla.kernel.org/show_bug.cgi?id=15001
fix by converting the user space 32bit pointer to a 64 bit one when
needed.
[jejb: fix up some 64 bit warnings]
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Cc: Bo Yang <Bo.Yang@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
The HT extension channel settings require priv->staging_rxon.channel to be
accurate. However, iwl_set_rxon_ht was being called before iwl_set_rxon_channel
and thus HT40 could be broken unless another call to iwl_mac_config came in.
This problem was recently introduced by "iwlwifi: Fix to set correct ht
configuration"
The particular setting in which I noticed this was monitor mode:
iwconfig wlan0 mode monitor
ifconfig wlan0 up
./iw wlan0 set channel 64 HT40-
#./iw wlan0 set channel 64 HT40-
tcpdump -i wlan0 -y IEEE802_11_RADIO
would only catch HT40 packets if I issued the IW command twice.
From visual inspection, iwl_set_rxon_channel does not depend on
iwl_set_rxon_ht, so simply swapping them should be safe and fixes this problem.
Signed-off-by: Daniel Halperin <dhalperi@cs.washington.edu>
Acked-by: Wey-Yi Guy <wey-yi.w.guy@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
CC: stable@kernel.org
Signed-off-by: John W. Linville <linville@tuxdriver.com>
When the user enables breakpoints through dr7, he can choose
between "local" or "global" enable bits but given how linux is
implemented, both have the same effect.
That said we don't keep track how the user enabled the breakpoints
so when the user requests the dr7 value, we only translate the
"enabled" status using the global enabled bits. It means that if
the user enabled a breakpoint using the local enabled bit, reading
back dr7 will set the global bit and clear the local one.
Apps like Wine expect a full dr7 POKEUSER/PEEKUSER match for emulated
softwares that implement old reverse engineering protection schemes.
We fix that by keeping track of the whole dr7 value given by the user
in the thread structure to drop this bug. We'll think about
something more proper later.
This fixes a 2.6.32 - 2.6.33-x ptrace regression.
Reported-and-tested-by: Michael Stefaniuc <mstefani@redhat.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Acked-by: K.Prasad <prasad@linux.vnet.ibm.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Maneesh Soni <maneesh@linux.vnet.ibm.com>
Cc: Alexandre Julliard <julliard@winehq.org>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Maciej Rutecki <maciej.rutecki@gmail.com>
Before we had a generic breakpoint API, ptrace was accepting
breakpoints on NULL address in x86. The new API refuse them,
without given strong reasons. We need to follow the previous
behaviour as some userspace apps like Wine need such NULL
breakpoints to ensure old emulated software protections
are still working.
This fixes a 2.6.32 - 2.6.33-x ptrace regression.
Reported-and-tested-by: Michael Stefaniuc <mstefani@redhat.com>
Signed-off-by: Frederic Weisbecker <fweisbec@gmail.com>
Acked-by: K.Prasad <prasad@linux.vnet.ibm.com>
Acked-by: Roland McGrath <roland@redhat.com>
Cc: Alan Stern <stern@rowland.harvard.edu>
Cc: Maneesh Soni <maneesh@linux.vnet.ibm.com>
Cc: Alexandre Julliard <julliard@winehq.org>
Cc: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Maciej Rutecki <maciej.rutecki@gmail.com>
Having the large CDB allocation logic in sd.c means that
scsi_io_completion does not have access to the command buffer. That in
turn causes garbage to be printed when a 32-byte command fails. Move the
command printing to sd_done where the command buffer is intact. Clear
the command buffer pointer after the extended CDB has been freed.
Make scsi_print_command ignore commands with NULL CDB pointers to
inhibit printing of garbled command strings.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Reviewed-by: Boaz Harrosh <bharrosh@panasas.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
We dereferenced the MAINTENANCE IN array when decoding variable length
commands. Use the right array. Also consolidate identical if
statements below.
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Fix a bug in the interpretation of the ADDITIONAL CDB LENGTH (add_cdb_len)
field of SRP_CMD requests. According to the SRP specification, the layout
of this single-byte field is as follows:
* Bits 0 and 1 are reserved.
* Bits 2 to 7 represent the ADDITIONAL CDB LENGTH field, symbolically
represented as n.
* Still according to the SRP specification, the ADDITIONAL CDB section
takes 4*n bytes.
Currently libsrp is only used by the ibmvscsi driver. Since the ibmvscsi
driver doesn't support large CDB's, this bug hasn't caused any problems yet.
[jejb: use & ~3 to mask the bits]
Signed-off-by: Bart Van Assche <bart.vanassche@gmail.com>
Acked-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Adds IBM Power Virtual SCSI ALUA devices to the ALUA device handler.
Signed-off-by: Brian King <brking@linux.vnet.ibm.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Newer Netapp target software supports ALUA, so
this patch adds them to the scsi_dev_alua dev list.
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Can be used to balance NIC/FCoE traffic distribution.
Cc: stable@kernel.org
Signed-off-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Original code could inadvertently skip the post processing of
port information returned from the SNS scan, if any link-flopping
asynchronous-events were received (noticed in FCAL topologies).
Cc: stable@kernel.org
Signed-off-by: Andrew Vasquez <andrew.vasquez@qlogic.com>
Signed-off-by: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
