Address a potential 'larger than buffer size' memory access by
clear_user(). Without this patch, this call to clear_user() can attempt to
clear too many (tsz) bytes resulting in a wrong (-EFAULT) return code by
read_kcore().
Signed-off-by: Adam B. Jerome <abj@novell.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
sysfs has a different i_mutex lock order behavior for i_mutex than the
other filesystems; sysfs i_mutex is called in many places with subsystem
locks held. At the same time, many of the VFS locking rules do not apply
to sysfs at all (cross directory rename for example). To untangle this
mess (which gives false positives in lockdep), we're giving sysfs inodes
their own class for i_mutex.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Greg KH <greg@kroah.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
When found, it is obvious. nfds calculated when allocating fdsets is
rewritten by calculation of size of fdtable, and when we are unlucky, we
try to free fdsets of wrong size.
Found due to OpenVZ resource management (User Beancounters).
Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Based on a patch from Ernie Petrides
During security research, Red Hat discovered a behavioral flaw in core
dump handling. A local user could create a program that would cause a
core file to be dumped into a directory they would not normally have
permissions to write to. This could lead to a denial of service (disk
consumption), or allow the local user to gain root privileges.
The prctl() system call should never allow to set "dumpable" to the
value 2. Especially not for non-privileged users.
This can be split into three cases:
1) running as root -- then core dumps will already be done as root,
and so prctl(PR_SET_DUMPABLE, 2) is not useful
2) running as non-root w/setuid-to-root -- this is the debatable case
3) running as non-root w/setuid-to-non-root -- then you definitely
do NOT want "dumpable" to get set to 2 because you have the
privilege escalation vulnerability
With case #2, the only potential usefulness is for a program that has
designed to run with higher privilege (than the user invoking it) that
wants to be able to create root-owned root-validated core dumps. This
might be useful as a debugging aid, but would only be safe if the program
had done a chdir() to a safe directory.
There is no benefit to a production setuid-to-root utility, because it
shouldn't be dumping core in the first place. If this is true, then the
same debugging aid could also be accomplished with the "suid_dumpable"
sysctl.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This is confirmed to fix a hang due to PCI resource conflicts with
setting up the Cardbus bridge on old laptops with the 440MX chipsets.
Original report by Alessio Sangalli, lspci debugging help by Pekka
Enberg, and trial patch suggested by Daniel Ritz:
"From the docs available i would _guess_ this thing is really similar
to the 82443BX/82371AB combination. at least the SMBus base address
register is hidden at the very same place (32bit at 0x90 in function
3 of the "south" brigde)"
The dang thing is largely undocumented, but the patch was corroborated
by Asit Mallick:
"I am trying to find the register information. 440MX is an integration of
440BX north-bridge without AGP and PIIX4E (82371EB). PIIX4 quirk
should cover the ACPI and SMBus related I/O registers."
and verified to fix the problem by Alessio.
Cc: Daniel Ritz <daniel.ritz-ml@swissonline.ch>
Cc: Asit Mallick <asit.k.mallick@intel.com>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Dmitry Torokhov <dtor_core@ameritech.net>
Tested-by: Alessio Sangalli <alesan@manoweb.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
1. Multipath devices for which SetPGID is not supported are not handled well.
Use NOP ccws for path verification (sans path grouping) when SetPGID is not
supported.
2. Check for PGIDs already set with SensePGID on _all_ paths (not just the
first one) and try to find a common one. Moan if no common PGID can be
found (and use NOP verification). If no PGIDs have been set, use the css
global PGID (as before). (Rationale: SetPGID will get a command reject if
the PGID it tries to set does not match the already set PGID.)
3. Immediately before reboot, issue RESET CHANNEL PATH (rcp) on all chpids. This
will remove the old PGIDs. rcp will generate solicited CRWs which can be
savely ignored by the machine check handler (all other actions create
unsolicited CRWs).
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
The module parameters for xpram are not or in a wrong way parsed.
The xpram module uses the module_param_array directive with an int
parameter which causes the kernel to automatically parse the passed
numbers. This will cause errors if arguments are omitted or cause
wrong results if arguments have size qualifiers.
Use module_param_array with charp and parse the arguments later.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
futex_atomic_cmpxchg_inatomic has the same bug as the other
atomic futex operations: the operation needs to be done in the
user address space, not the kernel address space. Add the missing
sacf 256 & sacf 0.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Add a reg_mutex to prevent unregistering a subchannel before it has been
registered. Since 2.6.17, we've seen oopses in kslowcrw when a device is
found to be not operational during sense id when doing initial device
recognition; it is not clear yet why that particular problem was not (yet)
observed with earlier kernels...
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Make sure that raw_local_save_flags and raw_local_irq_restore always get an
unsigned long parameter. raw_irqs_disabled should call raw_local_save_flags
instead of local_save_flags.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
__builtin_trap() has the archictecture defined backend in gcc since gcc 3.3.
To make sure the kernel builds with gcc 3.2 as well, use the old style BUG()
statement if compiled with older gcc versions.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6:
ACPI: ACPI_DOCK: Initialize the atomic notifier list
ACPI: acpi_os_allocate() fixes
ACPI: SBS: fix initialization, sem2mutex
ACPI: add 'const' to several ACPI file_operations
ACPI: delete some defaults from ACPI Kconfig
ACPI: "Device `[%s]' is not power manageable" make message debug only
ACPI: ACPI_DOCK Kconfig
Revert "Revert "ACPI: dock driver""
ACPI: acpi_os_get_thread_id() returns current
ACPI: ACPICA 20060707
* HEAD:
[DCCP]: Fix sparse warnings.
[TCP]: Remove TCP Compound
[BPQ] lockdep: fix false positive
[IPV4] inetpeer: Get rid of volatile from peer_total
[AX.25]: Get rid of the last volatile.
We can't safely directly access an compat_alloc_user_space() pointer
with the siginfo copy functions. Bounce it through the stack.
Noticed by Al Viro using sparse
[ This was only added post 2.6.17, not in any released kernel ]
Cc: Al Viro <viro@ftp.linux.org.uk>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add it for P4 model 6 - reported to work and have a similar PMU to
earlier P4s.
Add an p4force=1 module override parameter for future use.
We had a discussion about that earlier - it's a trade off between the
PMU staying compatible or not. I think the force parameter is a
reasonable compromise.
Cc: oprofile-list@lists.sf.net
Cc: Asit Mallick <asit.k.mallick@intel.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
No need for video to be always in
No need for smart battery driver to be always in
Acked-by: Len Brown <len.brown@intel.com>
Cc: linux-acpi@vger.kernel.org
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Currently ia32 binaries behave differently with respect to enabling
READ_IMPLIES_EXEC. On i386 a binary with the exec_stack flag set is
executed with READ_IMPLIES_EXEC enabled as well. The same binary
executes without READ_IMPLIES_EXEC on x86-64.
This causes binaries that work on i386 to fail on x86-64 which goes
somewhat against the whole 32 bit emulation idea.
It has been argued that READ_IMPLIES_EXEC should not be enabled at all
for binaries that have the exec_stack flag. Which is probably a valid
point. However until this is clarified I think x86-64 should behave the
same for ia32 binaries as i386.
The following patch brings x86-64 in sync with i386 for ia32 binaries.
Signed-off-by: Markus Schoder <lists@gammarayburst.de>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
No actual bugs that I can see just a couple of unmarked casts
getting annoying in my debug log files.
Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts: f890f92104
The inclusion of TCP Compound needs to be reverted at this time
because it is not 100% certain that this code conforms to the
requirements of Developer's Certificate of Origin 1.1 paragraph (b).
Signed-off-by: David S. Miller <davem@davemloft.net>
Bpqether is encapsulating AX.25 frames into ethernet frames. There is a
virtual bpqether device paired with each ethernet devices, so it's normal
to pass through dev_queue_xmit twice for each frame which triggers the
locking detector.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The variable peer_total is protected by a lock. The volatile marker
makes no sense. This shaves off 20 bytes on i386.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
This volatile makes no sense - not even wearing pink shades ...
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add an nfs4 operations count array to nfsd_stats structure. The count is
incremented in nfsd4_proc_compound() where all the operations are handled
by the nfsv4 server. This count of individual nfsv4 operations is also
entered into /proc filesystem.
Signed-off-by: Shankar Anand<shanand@novell.com>
Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Disable lockdep debugging in two situations where the integrity of the
kernel no longer is guaranteed: when oopsing and when hitting a
tainting-condition. The goal is to not get weird lockdep traces that don't
make sense or are otherwise undebuggable, to not waste time.
Lockdep assumes that the previous state it knows about is valid to operate,
which is why lockdep turns itself off after the first violation it reports,
after that point it can no longer make that assumption.
A kernel oops means that the integrity of the kernel compromised; in
addition anything lockdep would report is of lesser importance than the
oops.
All the tainting conditions are of similar integrity-violating nature and
also make debugging/diagnosing more difficult.
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Update Documentation/SubmitChecklist.
- Mention lockdep coverage
- Describe documentation requirements
- Number the various items to simplify the composition of caustic emails.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add a proper prototype for i2o_parm_issue() in core.h.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Cc: Markus Lidel <Markus.Lidel@shadowconnect.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
As announced half a year ago this patch will remove the tasklist_lock
export. The previous two patches got rid of the remaining modular users.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Remove BINFMT_ELF32 config option. Support should be always compiled in if
CONFIG_COMPAT is set.
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Currently most architectures either always build binfmt_elf32 in the kernel
image or make it a boolean option. Only sparc64 and s390 allow to build it
modularly. This patch turns the option into a boolean aswell because elf
requires various symbols that shouldn't be available to modules. The most
urgent one is tasklist_lock whos export this patch series kills, but there
are others like force_sgi aswell.
Note that sparc doesn't allow a modular 32bit a.out handler either, and
that would be the more useful case as only few people want 32bit sunos
compatibility and 99.9% of all sparc64 users need 32bit linux native elf
support.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: "David S. Miller" <davem@davemloft.net>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Currently the snsc driver uses force_sig to send init a SIGPWR when the
system overheats. This patch switches it to kill_proc instead which has
the following advantages:
(1) gets rid of one of the last remaining tasklist_lock users
in modular code
(2) simplifies the snsc code significantly
The downside is that an init implementation could in theory block SIGPWR
and it would not get delivered. The sysvinit code used by all major
distributions doesn't do this and blocking this signal in init would be a
rather stupid thing to do.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
- Switch from register_chrdev() to (register|alloc)_chrdev_region().
- use a cdev. This was intended for original patchset, but was
overlooked.
We use a single cdev for all pins (minor device-numbers), as gleaned
from cs5535_gpio, and in contrast to whats currently done in scx200_gpio
(which I'll fix soon)
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Fix module-init-func by repairing usage of platform_device_del/put in
module-exit-func. IOW, it imitates Ingo's 'mishaps' patch, which fixed the
module-init-func's undo handling.
Also fixes lack of release_region to undo the earlier registration.
Also starts to 'use a cdev' which was originally intended (its present in
scx200_gpio). Code compiles and runs, exhibits a lesser error than
previously. (re-register-chrdev fails)
Since I had to add "include <linux/cdev.h>", I went ahead and made 2
tweaks that fell into diff-context-window:
- remove include <linux/config.h> everyone's doing it
- copyright updates - current date is 'wrong'
Signed-off-by: Jim Cromie <jim.cromie@gmail.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Add LED Class device support for the Soekris net48xx Error LED. Tested
only on a net4801, but should work on a net4826 as well. I'd love to find
a way of detecting a Soekris net48xx device but there is no DMI or any
Soekris-specific PCI devices.
[akpm@osdl.org: fixlets, cleanups]
Signed-off-by: Chris Boot <bootc@bootc.net>
Cc: Ben Dooks <ben-linux@fluff.org>
Cc: Richard Purdie <rpurdie@rpsys.net>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
These functions no longer exist; remove their declarations.
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
allyesconfig vmlinux size delta:
text data bss dec filename
20736884 6073834 3075176 29885894 vmlinux.before
20721009 6073966 3075176 29870151 vmlinux.after
~18 bytes per callsite, 15K of text size (~0.1%) saved.
(as an added bonus this also removes a lockdep annotation.)
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
There's a fairly obvious infinite loop in there.
Also, use roundup_pow_of_two() rather than open-coding stuff.
Cc: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Handle memory-mapped chips properly, needed for example on DECstations.
This support was in Linux 2.4 but for some reason got lost in 2.6. This
patch is taken directly from the linux-mips repository.
[akpm@osdl.org: cleanup]
Signed-off-by: Maciej W. Rozycki <macro@linux-mips.org>
Signed-off-by: Martin Michlmayr <tbm@cyrius.com>
Cc: Paul Gortmaker <penguin@muskoka.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Newer ARMs have a 40 bit physical address space, but mapping physical
memory above 4G needs a special page table format which we (currently?) do
not use for userspace mappings, so what happens instead is that mapping an
address >= 4G will happily discard the upper bits and wrap.
There is a valid_mmap_phys_addr_range() arch hook where we could check for
>= 4G addresses and deny the mapping, but this hook takes an unsigned long
address:
static inline int valid_mmap_phys_addr_range(unsigned long addr, size_t size);
And drivers/char/mem.c:mmap_mem() calls it like this:
static int mmap_mem(struct file * file, struct vm_area_struct * vma)
{
size_t size = vma->vm_end - vma->vm_start;
if (!valid_mmap_phys_addr_range(vma->vm_pgoff << PAGE_SHIFT, size))
So that's not much help either.
This patch makes the hook take a pfn instead of a phys address.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org>
Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
Cc: "Luck, Tony" <tony.luck@intel.com>
Cc: Russell King <rmk@arm.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>