summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kbuild: explain why DEBUG_SECTION_MISMATCH is UNDEFINEDSam Ravnborg2008-02-151-0/+3
| | | | | | | We started to see patches enabling this - so explain why it is disabled and the condition to enable it again. Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
* kbuild: fix building vmlinux.oSam Ravnborg2008-02-141-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Ingo Molnar wrote: > > i've got a build log from a weird build error below: > > LD init/built-in.o > distcc[12023] ERROR: compile (null) on localhost failed > make: *** [vmlinux.o] Error 1 > make: *** Waiting for unfinished jobs.... > LD .tmp_vmlinux1 > Building vmlinux.o were moved up in the dependency chain so we started to build it before the kallsym stuff. This was done to let modpost report section mismatch bugs even when the final link failed. Originally I had expected the dependency of $(kallsyms.o) to cover this but it turns out that we need to be even more explicit. Fix this by adding a conditional dependency on firat target used in the kallsyms serie of builds. Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Roland McGrath <roland@redhat.com>
* kbuild: allow -fstack-protector to take effectSam Ravnborg2008-02-141-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Arjan van de Ven <arjan@infradead.org> wrote: === I just read the excellent LWN writeup of the vmsplice security thing, and that got me wondering why this attack wasn't stopped by the CONFIG_CC_STACKPROTECTOR option... because it plain should have been... Some analysis later.. it turns out that the following line in the top level Makefile, added by you in October 2007, entirely disables CONFIG_CC_STACKPROTECTOR ;( With this line removed the exploit will be nicely stopped. CFLAGS += $(call cc-option, -fno-stack-protector) Now I realize that certain distros have patched gcc to compensate for their lack of distro wide CFLAGS, and it's great to work around that... but would there be a way to NOT disable this for CONFIG_CC_STACKPROTECTOR please? It would have made this exploit not possible for those kernels that enable this feature (and that includes distros like Fedora) === Move the assignment to KBUILD_CFLAGS up before including the arch specific Makefile so arch makefiles may override the setting. Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Cc: Arjan van de Ven <arjan@infradead.org> Cc: stable@kernel.org
* kconfig: fix select in combination with defaultRoman Zippel2008-02-131-13/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | > The attached .config (with current -git) results in a compile > error since it contains: > > CONFIG_X86=y > # CONFIG_EMBEDDED is not set > CONFIG_SERIO=m > CONFIG_SERIO_I8042=y > > Looking at drivers/input/serio/Kconfig I simply don't get how this > can happen. You've hit the rather subtle rules of select vs default. What happened is that SERIO is selected to m, but SERIO_I8042 isn't selected so the default of y is used instead. We already had the problem in the past that select and default don't work well together, so this patch cleans this up and makes the rule hopefully more straightforward. Basically now the value is calculated like this: (value && dependency) || select where the value is the user choice (if available and the symbol is visible) or default. In this case it means SERIO and SERIO_I8042 are both set to y due to their default and if SERIO didn't had the default, then the SERIO_I8042 value would be limited to m due to the dependency. I tested this patch with more 10000 random configs and above case is the only the difference that showed up, so I hope there is nothing that depended on the old more complex and subtle rules. Signed-off-by: Roman Zippel <zippel@linux-m68k.org> Tested-by: Adrian Bunk <bunk@kernel.org> Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
* acpi: fix acpi_os_read_pci_configuration() misuse of raw_pci_read()Linus Torvalds2008-02-132-9/+9
| | | | | | | | | | | | | | | The raw_pci_read() interface (as the raw_pci_ops->read() before it) unconditionally fills in a 32-bit integer return value regardless of the size of the operation requested. So claiming to take a "void *" is wrong, as is passing in a pointer to just a byte variable. Noticed by pageexec when enabling -fstack-protector (which needs other patches too to actually work, but that's a separate issue). Acked-by: Len Brown <len.brown@intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* FRV: Fix up parse error in linker scriptDavid Howells2008-02-131-3/+1
| | | | | | | | Fix up parse error in FRV linker script, presumably introduced through changes to the INIT_TEXT and EXIT_TEXT macros. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-schedLinus Torvalds2008-02-139-209/+576
|\ | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/mingo/linux-2.6-sched: sched: rt-group: refure unrunnable tasks sched: rt-group: clean up the ifdeffery sched: rt-group: make rt groups scheduling configurable sched: rt-group: interface sched: rt-group: deal with PI sched: fix incorrect irq lock usage in normalize_rt_tasks() sched: fair-group: separate tg->shares from task_group_lock hrtimer: more hrtimer_init_sleeper() fallout.
| * sched: rt-group: refure unrunnable tasksPeter Zijlstra2008-02-131-0/+15
| | | | | | | | | | | | | | Refuse to accept or create RT tasks in groups that can't run them. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * sched: rt-group: clean up the ifdefferyPeter Zijlstra2008-02-131-71/+139
| | | | | | | | | | | | | | Clean up some of the excessive ifdeffery introduces in the last patch. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * sched: rt-group: make rt groups scheduling configurablePeter Zijlstra2008-02-136-67/+151
| | | | | | | | | | | | | | | | Make the rt group scheduler compile time configurable. Keep it experimental for now. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * sched: rt-group: interfacePeter Zijlstra2008-02-136-78/+242
| | | | | | | | | | | | | | | | | | | | | | Change the rt_ratio interface to rt_runtime_us, to match rt_period_us. This avoids picking a granularity for the ratio. Extend the /sys/kernel/uids/<uid>/ interface to allow setting the group's rt_runtime. Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * sched: rt-group: deal with PIPeter Zijlstra2008-02-132-5/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Steven mentioned the fun case where a lock holding task will be throttled. Simple fix: allow groups that have boosted tasks to run anyway. If a runnable task in a throttled group gets boosted the dequeue/enqueue done by rt_mutex_setprio() is enough to unthrottle the group. This is ofcourse not quite correct. Two possible ways forward are: - second prio array for boosted tasks - boost to a prio ceiling (this would also work for deadline scheduling) Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * sched: fix incorrect irq lock usage in normalize_rt_tasks()Peter Zijlstra2008-02-131-4/+4
| | | | | | | | | | | | | | | | lockdep spotted this bogus irq locking. normalize_rt_tasks() can be called from hardirq context through sysrq-n Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * sched: fair-group: separate tg->shares from task_group_lockPeter Zijlstra2008-02-131-20/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Mon, 2008-02-11 at 15:09 +0300, Denis V. Lunev wrote: > BUG: sleeping function called from invalid context > at /home/den/src/linux-netns26/kernel/mutex.c:209 > in_atomic():1, irqs_disabled():0 > no locks held by swapper/0. > Pid: 0, comm: swapper Not tainted 2.6.24 #304 > > Call Trace: > <IRQ> [<ffffffff80252d1e>] ? __debug_show_held_locks+0x15/0x27 > [<ffffffff8022c2a8>] __might_sleep+0xc0/0xdf > [<ffffffff8049f1df>] mutex_lock_nested+0x28/0x2a9 > [<ffffffff80231294>] sched_destroy_group+0x18/0xea > [<ffffffff8023e835>] sched_destroy_user+0xd/0xf > [<ffffffff8023e8c1>] free_uid+0x8a/0xab > [<ffffffff80233e24>] __put_task_struct+0x3f/0xd3 > [<ffffffff80236708>] delayed_put_task_struct+0x23/0x25 > [<ffffffff8026fda7>] __rcu_process_callbacks+0x8d/0x215 > [<ffffffff8026ff52>] rcu_process_callbacks+0x23/0x44 > [<ffffffff8023a2ae>] __do_softirq+0x79/0xf8 > [<ffffffff8020f8c3>] ? profile_pc+0x2a/0x67 > [<ffffffff8020d38c>] call_softirq+0x1c/0x30 > [<ffffffff8020f689>] do_softirq+0x61/0x9c > [<ffffffff8023a233>] irq_exit+0x51/0x53 > [<ffffffff8021bd1a>] smp_apic_timer_interrupt+0x77/0xad > [<ffffffff8020ce3b>] apic_timer_interrupt+0x6b/0x70 > <EOI> [<ffffffff8020b0dd>] ? default_idle+0x43/0x76 > [<ffffffff8020b0db>] ? default_idle+0x41/0x76 > [<ffffffff8020b09a>] ? default_idle+0x0/0x76 > [<ffffffff8020b186>] ? cpu_idle+0x76/0x98 separate the tg->shares protection from the task_group lock. Reported-by: Denis V. Lunev <den@openvz.org> Tested-by: Denis V. Lunev <den@openvz.org> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * hrtimer: more hrtimer_init_sleeper() fallout.Peter Zijlstra2008-02-131-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Missed an instance... futex_lock_pi() hrtimer_init_sleeper() rt_mutex_timed_lock() rt_mutex_timed_fastlock() rt_mutex_slowlock() hrtimer_start() Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Ingo Molnar <mingo@elte.hu>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86Linus Torvalds2008-02-138-40/+130
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux-2.6-x86: x86: pit_clockevent can be static x86: EFI runtime code mapping enhancement x86: EFI: fix use of unitialized variable and the cache logic x86: CPA: fix gbpages support in try_preserve_large_page xen: unpin initial Xen pagetable once we're finished with it x86/early_ioremap: don't assume we're using swapper_pg_dir x86: fixup machine_ops reboot_{32|64}.c unification fallout x86: fix sigcontext.h user export
| * | x86: pit_clockevent can be staticHarvey Harrison2008-02-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | arch/x86/kernel/i8253.c:98:27: warning: symbol 'pit_clockevent' was not declared. Should it be static? Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | x86: EFI runtime code mapping enhancementHuang, Ying2008-02-132-23/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch enhances EFI runtime code memory mapping as following: - Move __supported_pte_mask & _PAGE_NX checking before invoking runtime_code_page_mkexec(). This makes it possible for compiler to eliminate runtime_code_page_mkexec() on machine without NX support. - Use set_memory_x/nx in early_mapping_set_exec(). This eliminates the duplicated implementation. This patch has been tested on Intel x86_64 platform with EFI64/32 firmware. Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | x86: EFI: fix use of unitialized variable and the cache logicThomas Gleixner2008-02-131-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Andi Kleen pointed out that the cache attribute logic is reverse in efi_enter_virtual_mode(). This problem alone is harmless as we do not (yet) do cache attribute conflict resolution. (This bug was not present in the original EFI submission - I introduced it while fixing up rejects.) While reviewing this code I noticed a second, worse problem: the use of uninitialized md->virt_addr. Fix both problems. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | x86: CPA: fix gbpages support in try_preserve_large_pageAndi Kleen2008-02-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ mingo@elte.hu: while gbpages cannot be enabled on mainline currently, keep the code uptodate and this fix is easy enough. ] Use correct page sizes and masks for GB pages in try_preserve_large_page() This prevents a boot hang on a GB capable system with CONFIG_DIRECT_GBPAGES enabled. Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
| * | xen: unpin initial Xen pagetable once we're finished with itJeremy Fitzhardinge2008-02-131-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unpin the Xen-provided pagetable once we've finished with it, so it doesn't cause stray references which cause later swapper_pg_dir pagetable updates to fail. Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com> Tested-by: Jody Belka <knew-linux@pimb.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | x86/early_ioremap: don't assume we're using swapper_pg_dirJeremy Fitzhardinge2008-02-131-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At the early stages of boot, before the kernel pagetable has been fully initialized, a Xen kernel will still be running off the Xen-provided pagetables rather than swapper_pg_dir[]. Therefore, readback cr3 to determine the base of the pagetable rather than assuming swapper_pg_dir[]. Signed-off-by: Jeremy Fitzhardinge <jeremy@xensource.com> Tested-by: Jody Belka <knew-linux@pimb.org> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | x86: fixup machine_ops reboot_{32|64}.c unification falloutJody Belka2008-02-131-10/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When reboot_32.c and reboot_64.c were unified (commit 4d022e35fd...), the machine_ops code was broken, leading to xen pvops kernels failing to properly halt/poweroff/reboot etc. This fixes that up. Signed-off-by: Jody Belka <knew-linux@pimb.org> Cc: Miguel Boton <mboton@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@elte.hu>
| * | x86: fix sigcontext.h user exportIngo Molnar2008-02-131-0/+66
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Jakub Jelinek reported that some user-space code that relies on kernel headers has built dependency on the sigcontext->eip/rip register names - which have been unified in commit: commit 742fa54a62be6a263df14a553bf832724471dfbe Author: H. Peter Anvin <hpa@zytor.com> Date: Wed Jan 30 13:30:56 2008 +0100 x86: use generic register names in struct sigcontext so give the old layout to user-space. This is not particularly pretty, but it's an ABI so there's no danger of the two definitions getting out of sync. Reported-by: Jakub Jelinek <jakub@redhat.com> Signed-off-by: Ingo Molnar <mingo@elte.hu>
* | drivers/memstick/host/tifm_ms.c breakageAl Viro2008-02-131-1/+1
| | | | | | | | | | | | | | writel(sock + ...) that should've been writel(sock->addr + ...) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | dm-raid1 breakage on 64bitAl Viro2008-02-131-1/+1
| | | | | | | | | | | | | | test_and_set_bit() on address of uint32_t is a Bad Idea(tm)... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | wmi: (!x & y) strikes againAl Viro2008-02-131-1/+1
| | | | | | | | | | | | Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Carlos Corbacho <carlos@strangeworlds.co.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | timeconst.pl: correct reversal of USEC_TO_HZ and HZ_TO_USECH. Peter Anvin2008-02-121-1/+1
|/ | | | | | | | | | The USEC_TO_HZ and HZ_TO_USEC constant sets were mislabelled, with seriously incorrect results. This among other things manifested itself as cpufreq not working when a tickless kernel was configured. Signed-off-by: H. Peter Anvin <hpa@zytor.com> Tested-by: Carlos R. Mafra <crmafra@ift.unesp.br> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* WMI: initialize wmi_blocks.list even if ACPI is disabledLinus Torvalds2008-02-121-2/+2
| | | | | | | | | | | | Even if we don't want to register the WMI driver, we should initialize the wmi_blocks list to be empty, since we don't want the wmi helper functions to oops just because that basic list has not even been set up. With this, "find_guid()" will happily return "not found" rather than oopsing all over the place, and the callers will then just automatically return false or AE_NOT_FOUND as appropriate. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* x86: vdso_install fixRoland McGrath2008-02-121-10/+12
| | | | | | | | | | The makefile magic for installing the 32-bit vdso images on disk had a little error. A single-line change would fix that bug, but this does a little more to reduce the error-prone duplication of this bit of makefile variable magic. Signed-off-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* mempolicy: silently restrict nodemask to allowed nodesKOSAKI Motohiro2008-02-122-28/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kosaki Motohito noted that "numactl --interleave=all ..." failed in the presence of memoryless nodes. This patch attempts to fix that problem. Some background: numactl --interleave=all calls set_mempolicy(2) with a fully populated [out to MAXNUMNODES] nodemask. set_mempolicy() [in do_set_mempolicy()] calls contextualize_policy() which requires that the nodemask be a subset of the current task's mems_allowed; else EINVAL will be returned. A task's mems_allowed will always be a subset of node_states[N_HIGH_MEMORY] i.e., nodes with memory. So, a fully populated nodemask will be declared invalid if it includes memoryless nodes. NOTE: the same thing will occur when running in a cpuset with restricted mem_allowed--for the same reason: node mask contains dis-allowed nodes. mbind(2), on the other hand, just masks off any nodes in the nodemask that are not included in the caller's mems_allowed. In each case [mbind() and set_mempolicy()], mpol_check_policy() will complain [again, resulting in EINVAL] if the nodemask contains any memoryless nodes. This is somewhat redundant as mpol_new() will remove memoryless nodes for interleave policy, as will bind_zonelist()--called by mpol_new() for BIND policy. Proposed fix: 1) modify contextualize_policy logic to: a) remember whether the incoming node mask is empty. b) if not, restrict the nodemask to allowed nodes, as is currently done in-line for mbind(). This guarantees that the resulting mask includes only nodes with memory. NOTE: this is a [benign, IMO] change in behavior for set_mempolicy(). Dis-allowed nodes will be silently ignored, rather than returning an error. c) fold this code into mpol_check_policy(), replace 2 calls to contextualize_policy() to call mpol_check_policy() directly and remove contextualize_policy(). 2) In existing mpol_check_policy() logic, after "contextualization": a) MPOL_DEFAULT: require that in coming mask "was_empty" b) MPOL_{BIND|INTERLEAVE}: require that contextualized nodemask contains at least one node. c) add a case for MPOL_PREFERRED: if in coming was not empty and resulting mask IS empty, user specified invalid nodes. Return EINVAL. c) remove the now redundant check for memoryless nodes 3) remove the now redundant masking of policy nodes for interleave policy from mpol_new(). 4) Now that mpol_check_policy() contextualizes the nodemask, remove the in-line nodes_and() from sys_mbind(). I believe that this restores mbind() to the behavior before the memoryless-nodes patch series. E.g., we'll no longer treat an invalid nodemask with MPOL_PREFERRED as local allocation. [ Patch history: v1 -> v2: - Communicate whether or not incoming node mask was empty to mpol_check_policy() for better error checking. - As suggested by David Rientjes, remove the now unused cpuset_nodes_subset_current_mems_allowed() from cpuset.h v2 -> v3: - As suggested by Kosaki Motohito, fold the "contextualization" of policy nodemask into mpol_check_policy(). Looks a little cleaner. ] Signed-off-by: Lee Schermerhorn <lee.schermerhorn@hp.com> Signed-off-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Tested-by: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com> Acked-by: David Rientjes <rientjes@google.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* Merge branch 'release' of ↵Linus Torvalds2008-02-122-9/+8
|\ | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6 * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6: [IA64] Fix build for sim_defconfig
| * [IA64] Fix build for sim_defconfigTony Luck2008-02-112-9/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit bdc807871d58285737d50dc6163d0feb72cb0dc2 broke the build for this config because the sim_defconfig selects CONFIG_HZ=250 but include/asm-ia64/param.h has an ifdef for the simulator to force HZ to 32. So we ended up with a kernel/timeconst.h set for HZ=250 ... which then failed the check for the right HZ value and died with: Drop the #ifdef magic from param.h and make force CONFIG_HZ=32 directly for the simulator. Signed-off-by: Tony Luck <tony.luck@intel.com>
* | Be more robust about bad arguments in get_user_pages()Jonathan Corbet2008-02-121-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So I spent a while pounding my head against my monitor trying to figure out the vmsplice() vulnerability - how could a failure to check for *read* access turn into a root exploit? It turns out that it's a buffer overflow problem which is made easy by the way get_user_pages() is coded. In particular, "len" is a signed int, and it is only checked at the *end* of a do {} while() loop. So, if it is passed in as zero, the loop will execute once and decrement len to -1. At that point, the loop will proceed until the next invalid address is found; in the process, it will likely overflow the pages array passed in to get_user_pages(). I think that, if get_user_pages() has been asked to grab zero pages, that's what it should do. Thus this patch; it is, among other things, enough to block the (already fixed) root exploit and any others which might be lurking in similar code. I also think that the number of pages should be unsigned, but changing the prototype of this function probably requires some more careful review. Signed-off-by: Jonathan Corbet <corbet@lwn.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Merge branch 'for-linus' of ↵Linus Torvalds2008-02-121-0/+1
|\ \ | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband: mlx4_core: Fix build break (missing include)
| * | mlx4_core: Fix build break (missing include)Olof Johansson2008-02-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 313abe55 ("mlx4_core: For 64-bit systems, vmap() kernel queue buffers") caused this to pop up on powerpc allyesconfig, looks like a missing include file: drivers/net/mlx4/alloc.c: In function 'mlx4_buf_alloc': drivers/net/mlx4/alloc.c:162: error: implicit declaration of function 'vmap' drivers/net/mlx4/alloc.c:162: error: 'VM_MAP' undeclared (first use in this function) drivers/net/mlx4/alloc.c:162: error: (Each undeclared identifier is reported only once drivers/net/mlx4/alloc.c:162: error: for each function it appears in.) drivers/net/mlx4/alloc.c:162: warning: assignment makes pointer from integer without a cast drivers/net/mlx4/alloc.c: In function 'mlx4_buf_free': drivers/net/mlx4/alloc.c:187: error: implicit declaration of function 'vunmap' Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: Roland Dreier <rolandd@cisco.com>
* | | Add Matt to MAINTAINERS as a SLAB allocator maintainerPekka Enberg2008-02-121-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Matt is already the maintainer of SLOB which is one of the "SLAB" allocators in the kernel so add him to MAINTAINERS. Signed-off-by: Pekka Enberg <penberg@cs.helsinki.fi> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | Merge branch 'upstream-fixes' of ↵Linus Torvalds2008-02-126-42/+75
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev * 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev: sata_mv: platform driver allocs dma without create pata_ninja32: setup changes pata_legacy: typo fix pata_amd: Note in the module description it handles Nvidia sata_mv: fix loop with last port libata: ignore deverr on SETXFER if mode is configured pata_via: fix SATA cable detection on cx700
| * | | sata_mv: platform driver allocs dma without createByron Bradley2008-02-111-20/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the sata_mv driver is used as a platform driver, mv_create_dma_pools() is never called so it fails when trying to alloc in mv_pool_start(). Signed-off-by: Byron Bradley <byron.bbradley@gmail.com> Acked-by: Mark Lord <mlord@pobox.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| * | | pata_ninja32: setup changesAlan Cox2008-02-111-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Forcibly set more of the configuration at init time. This seems to fix at least one problem reported. We don't know what most of these bits do, but we do know what windows stuffs there. Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| * | | pata_legacy: typo fixAlan Cox2008-02-111-1/+1
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| * | | pata_amd: Note in the module description it handles NvidiaAlan Cox2008-02-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This has confused a few people so fix it Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| * | | sata_mv: fix loop with last portYinghai Lu2008-02-111-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit f351b2d638c3cb0b95adde3549b7bfaf3f991dfa sata_mv: Support SoC controllers cause panic: scsi 4:0:0:0: Direct-Access ATA HITACHI HDS7225S V44O PQ: 0 ANSI: 5 sd 4:0:0:0: [sde] 488390625 512-byte hardware sectors (250056 MB) sd 4:0:0:0: [sde] Write Protect is off sd 4:0:0:0: [sde] Mode Sense: 00 3a 00 00 sd 4:0:0:0: [sde] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sd 4:0:0:0: [sde] 488390625 512-byte hardware sectors (250056 MB) sd 4:0:0:0: [sde] Write Protect is off sd 4:0:0:0: [sde] Mode Sense: 00 3a 00 00 sd 4:0:0:0: [sde] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sde:<1>BUG: unable to handle kernel NULL pointer dereference at 000000000000001a IP: [<ffffffff806262c7>] mv_interrupt+0x21c/0x4cc PGD 0 Oops: 0000 [1] SMP CPU 3 Modules linked in: Pid: 0, comm: swapper Not tainted 2.6.24-smp-08636-g0afc2ed-dirty #26 RIP: 0010:[<ffffffff806262c7>] [<ffffffff806262c7>] mv_interrupt+0x21c/0x4cc RSP: 0000:ffff8102050bbec8 EFLAGS: 00010297 RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000000003 RDX: 0000000000008000 RSI: 0000000000000286 RDI: ffff8102035180e0 RBP: 0000000000000001 R08: 0000000000000003 R09: ffff8102036613e0 R10: 0000000000000002 R11: ffffffff8061474c R12: ffff8102035bf828 R13: 0000000000000008 R14: ffff81020348ece8 R15: ffffc20002cb2000 FS: 0000000000000000(0000) GS:ffff810405025700(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 000000000000001a CR3: 0000000000201000 CR4: 00000000000006e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Process swapper (pid: 0, threadinfo ffff810405094000, task ffff8102050b28c0) Stack: 000000010000000c 0002040000220400 0000001100000002 ffff81020348eda8 0000000000000001 ffff8102035f2cc0 0000000000000000 0000000000000000 0000000000000018 0000000000000000 0000000000000000 ffffffff80269ee8 Call Trace: <IRQ> [<ffffffff80269ee8>] ? handle_IRQ_event+0x25/0x53 [<ffffffff8026b393>] ? handle_fasteoi_irq+0x90/0xc8 [<ffffffff802218e2>] ? do_IRQ+0xf1/0x15f [<ffffffff8021df24>] ? default_idle+0x0/0x55 [<ffffffff8021f361>] ? ret_from_intr+0x0/0xa <EOI> [<ffffffff8023010c>] ? lapic_next_event+0x0/0xa [<ffffffff8021df55>] ? default_idle+0x31/0x55 [<ffffffff8021df50>] ? default_idle+0x2c/0x55 [<ffffffff8021df24>] ? default_idle+0x0/0x55 [<ffffffff8021e00b>] ? cpu_idle+0x92/0xb8 Code: 41 14 85 c0 89 44 24 14 0f 84 9d 02 00 00 f7 d0 01 d6 41 89 d5 89 41 14 8b 41 14 89 34 24 e9 7e 02 00 00 49 63 c5 49 8b 5c c6 48 <f6> 43 1a 80 4c 8b a3 20 37 00 00 0f 85 62 02 00 00 31 c9 41 83 RIP [<ffffffff806262c7>] mv_interrupt+0x21c/0x4cc RSP <ffff8102050bbec8> CR2: 000000000000001a ---[ end trace 2583b5f7a5350584 ]--- Kernel panic - not syncing: Aiee, killing interrupt handler! last_port already include port0 base. this patch change use last_port directly, and move pp assignment later. Signed-off-by: Yinghai Lu <yinghai.lu@sun.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| * | | libata: ignore deverr on SETXFER if mode is configuredTejun Heo2008-02-111-15/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some controllers (VIA CX700) raise device error on SETXFER even after mode configuration succeeded. Update ata_dev_set_mode() such that device error is ignored if transfer mode is configured correctly. To implement this, device is revalidated even after device error on SETXFER. This fixes kernel bugzilla bug 8563. Signed-off-by: Tejun Heo <htejun@gmail.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Jeff Garzik <jeff@garzik.org>
| * | | pata_via: fix SATA cable detection on cx700Tejun Heo2008-02-111-1/+5
| | |/ | |/| | | | | | | | | | | | | | | | The first port of cx700 is SATA. Fix cable detection. Signed-off-by: Tejun Heo <htejun@gmail.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
* | | Make topology fallback macros reference their arguments.Andi Kleen2008-02-121-5/+5
| | | | | | | | | | | | | | | | | | | | | This avoids warnings with unreferenced variables in the !NUMA case. Signed-off-by: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | | x86: remove over noisy debug printkThomas Gleixner2008-02-111-7/+0
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | pageattr-test.c contains a noisy debug printk that people reported. The condition under which it prints (randomly tapping into a mem_map[] hole and not being able to c_p_a() there) is valid behavior and not interesting to report. Remove it. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* | Merge git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuildLinus Torvalds2008-02-112-0/+4
|\ \ | | | | | | | | | | | | * git://git.kernel.org/pub/scm/linux/kernel/git/sam/kbuild: kbuild: fix make V=1
| * | kbuild: fix make V=1Sam Ravnborg2008-02-112-0/+4
| |/ | | | | | | | | | | | | | | | | | | When make -s support were added to filechk to combination created with make V=1 were not covered. Fix it by explicitly cover this case too. Signed-off-by: Sam Ravnborg <sam@ravnborg.org> Cc: Mike Frysinger <vapier@gentoo.org>
* | Merge branch 'for-linus' of ↵Linus Torvalds2008-02-115-2/+27
|\ \ | | | | | | | | | | | | | | | | | | git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: selinux: support 64-bit capabilities