KaiGai Kohei [Thu, 28 Aug 2008 07:35:57 +0000 (16:35 +0900)]
SELinux: add boundary support and thread context assignment
The purpose of this patch is to assign per-thread security context
under a constraint. It enables multi-threaded server application
to kick a request handler with its fair security context, and
helps some of userspace object managers to handle user's request.
When we assign a per-thread security context, it must not have wider
permissions than the original one. Because a multi-threaded process
shares a single local memory, an arbitary per-thread security context
also means another thread can easily refer violated information.
The constraint on a per-thread security context requires a new domain
has to be equal or weaker than its original one, when it tries to assign
a per-thread security context.
Bounds relationship between two types is a way to ensure a domain can
never have wider permission than its bounds. We can define it in two
explicit or implicit ways.
The first way is using new TYPEBOUNDS statement. It enables to define
a boundary of types explicitly. The other one expand the concept of
existing named based hierarchy. If we defines a type with "." separated
name like "httpd_t.php", toolchain implicitly set its bounds on "httpd_t".
This feature requires a new policy version.
The 24th version (POLICYDB_VERSION_BOUNDARY) enables to ship them into
kernel space, and the following patch enables to handle it.
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Eric Paris [Fri, 22 Aug 2008 15:35:57 +0000 (11:35 -0400)]
securityfs: do not depend on CONFIG_SECURITY
Add a new Kconfig option SECURITYFS which will build securityfs support
but does not require CONFIG_SECURITY. The only current user of
securityfs does not depend on CONFIG_SECURITY and there is no reason the
full LSM needs to be built to build this fs.
Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
IB/mlx4: Actually return L_Key and R_Key for fast register MRs
Initialize the L_Key and R_Key for memory regions returned from
mlx4_ib_alloc_fast_reg_mr(). Otherwise callers just get garbage for
the memory keys and can't do anything useful with these MRs.
Signed-off-by: Vladimir Sokolovsky <vlad@mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alan Cox [Tue, 26 Aug 2008 18:55:58 +0000 (19:55 +0100)]
tty: Fix termios tty window resize race with pty/tty pair
Kanru Chen posted a patch versus the old code which deals with the case
where you resize the pty side of a pty/tty pair. In that situation the
termios data is updated for both pty and tty but the locks are not held
for the right side.
This implements the fix differently against the updated tty code. Patch
by self but the hard bit (noticing and fixing the bug) is thanks to Kanru
Chen.
Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 27 Aug 2008 21:31:44 +0000 (14:31 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6:
[PATCH] deal with the first call of ->show() generating no output
[PATCH] fix ->llseek() for a bunch of directories
[PATCH] fix regular readdir() and friends
[PATCH] fix hpux_getdents()
[PATCH] fix osf_getdirents()
[PATCH] ntfs: use d_add_ci
[PATCH] change d_add_ci argument ordering
[PATCH] fix efs_lookup()
[PATCH] proc: inode number fixlet
Linus Torvalds [Wed, 27 Aug 2008 21:28:45 +0000 (14:28 -0700)]
Merge branch 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-patches' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: don't set the signal blocker on the master process.
drm: don't call the vblank tasklet with irqs disabled.
r300: Fix cliprect emit
drm/radeon: r300_cmdbuf: Always emit INDX_BUFFER immediately after DRAW_INDEX
radeon: fix some hard lockups on r3/4/500s
Jeff Layton [Wed, 27 Aug 2008 17:53:30 +0000 (17:53 +0000)]
[CIFS] Add destroy routine for dns_resolver
Otherwise, we're leaking the payload memory.
CC: Stable Kernel <stable@vger.kernel.org> Acked-by: David Howells <dhowells@redhat.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Linus Torvalds [Wed, 27 Aug 2008 08:14:46 +0000 (01:14 -0700)]
e1000: fix stack size
Here's the patch. It shrinks the stack from 1152 bytes to 192 bytes (the
first version, that only did the e1000_option part, got it down to 600
bytes). About half comes from not using multiple "e1000_option"
structures, the other half comes from turning the "e1000_opt_list[]"
arrays into "static const" instead, so that gcc doesn't copy them onto the
stack.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Reveiewed-by: Auke Kok <auke-jan.h.kok@intel.com> Tested-by: Emil Tantilov <emil.s.tantilov@intel.com> Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Wed, 27 Aug 2008 20:55:35 +0000 (13:55 -0700)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block:
block: remove blk_queue_tag_depth() and blk_queue_tag_queue()
block: remove unused ->busy part of the block queue tag map
bio: fix __bio_copy_iov() handling of bio->bv_len
bio: fix bio_copy_kern() handling of bio->bv_len
block: submit_bh() inadvertently discards barrier flag on a sync write
block: clean up cmdfilter sysfs interface
block: rename blk_scsi_cmd_filter to blk_cmd_filter
sg: restore command permission for TYPE_SCANNER
block: move cmdfilter from gendisk to request_queue
Linus Torvalds [Wed, 27 Aug 2008 20:54:55 +0000 (13:54 -0700)]
Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mfasheh/ocfs2:
ocfs2: Increment the reference count of an already-active stack.
[PATCH] configfs: Consolidate locking around configfs_detach_prep() in configfs_rmdir()
ocfs2: correctly set i_blocks after inline dir gets expanded
ocfs2: Jump to correct label in ocfs2_expand_inline_dir()
ocfs2: Fix sleep-with-spinlock recovery regression
[PATCH] ocfs2/cluster/netdebug.c: fix warning
[PATCH] ocfs2/cluster/tcp.c: make some functions static
Steven Rostedt [Wed, 27 Aug 2008 13:14:40 +0000 (09:14 -0400)]
ftrace: disable tracing for suspend to ram
I've been painstakingly debugging the issue with suspend to ram and
ftraced. The 2.6.28 code does not have this issue, but since the mcount
recording is not going to be in 27, this must be solved for the ftrace
daemon version.
The resume from suspend to ram would reboot because it was triple
faulting. Debugging further, I found that calling the mcount function
itself was not an issue, but it would fault when it incremented
preempt_count. preempt_count is on the tasks info structure that is on the
low memory address of the task's stack. For some reason, it could not
write to it. Resuming out of suspend to ram does quite a lot of funny
tricks to get to work, so it is not surprising at all that simply doing a
preempt_disable() would cause a fault.
Thanks to Rafael for suggesting to add a "while (1);" to find the place in
resuming that is causing the fault. I would place the loop somewhere in
the code, compile and reboot and see if it would either reboot (hit the
fault) or simply hang (hit the loop). Doing this over and over again, I
narrowed it down that it was happening in enable_nonboot_cpus.
At this point, I found that it is easier to simply disable tracing around
the suspend code, instead of searching for the particular function that
can not handle doing a preempt_disable.
This patch disables the tracer as it suspends and reenables it on resume.
I tested this patch on my Laptop, and it can resume fine with the patch.
Signed-off-by: Steven Rostedt <srostedt@redhat.com> Acked-by: Rafael J. Wysocki <rjw@sisk.pl> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In particular, the "struct file *" and the "struct inode *" arguments do
not necessarily match, which means that the unlocked version of the
ioctl (that only gets a "struct file *") isn't actually able to handle
the cases it needs to handle.
This fixes bugzilla
http://bugzilla.kernel.org/show_bug.cgi?id=11401
Reported-and-bisected-by: Laurent Riffard <laurent.riffard@free.fr> Acked-by: Peter Osterlund <petero2@telia.com> Cc: Alan Cox <alan@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
__bio_copy_iov() uses bio->bv_len to copy data for READ commands after
the completion but it doesn't work with a request that partially
completed. SCSI always completes a PC request as a whole but seems
some don't.
bio_copy_kern() uses bio->bv_len to copy data for READ commands after
the completion but it doesn't work with a request that partially
completed. SCSI always completes a PC request as a whole but seems
some don't.
This patch fixes bio_copy_kern to handle the above case. As
bio_copy_user does, bio_copy_kern uses struct bio_map_data to store
struct bio_vec.
Jens Axboe [Fri, 22 Aug 2008 08:00:36 +0000 (10:00 +0200)]
block: submit_bh() inadvertently discards barrier flag on a sync write
Reported by Milan Broz <mbroz@redhat.com>, commit 18ce3751 inadvertently
made submit_bh() discard the barrier bit for a WRITE_SYNC request. Fix
that up.
block: rename blk_scsi_cmd_filter to blk_cmd_filter
Technically, the cmd_filter would be applied to other protocols though
it's unlikely to happen. Putting SCSI stuff to request_queue is kinda
layer violation. So let's rename it.
FUJITA Tomonori [Sat, 16 Aug 2008 05:10:05 +0000 (14:10 +0900)]
block: move cmdfilter from gendisk to request_queue
cmd_filter works only for the block layer SG_IO with SCSI block
devices. It breaks scsi/sg.c, bsg, and the block layer SG_IO with SCSI
character devices (such as st). We hit a kernel crash with them.
The problem is that cmd_filter code accesses to gendisk (having struct
blk_scsi_cmd_filter) via inode->i_bdev->bd_disk. It works for only
SCSI block device files. With character device files, inode->i_bdev
leads you to struct cdev. inode->i_bdev->bd_disk->blk_scsi_cmd_filter
isn't safe.
SCSI ULDs don't expose gendisk; they keep it private. bsg needs to be
independent on any protocols. We shouldn't change ULDs to expose their
gendisk.
This patch moves struct blk_scsi_cmd_filter from gendisk to
request_queue, a common object, which eveyone can access to.
The user interface doesn't change; users can change the filters via
/sys/block/. gendisk has a pointer to request_queue so the cmd_filter
code accesses to struct blk_scsi_cmd_filter.
Serge E. Hallyn [Tue, 26 Aug 2008 19:47:57 +0000 (14:47 -0500)]
selinux: add support for installing a dummy policy (v2)
In August 2006 I posted a patch generating a minimal SELinux policy. This
week, David P. Quigley posted an updated version of that as a patch against
the kernel. It also had nice logic for auto-installing the policy.
Following is David's original patch intro (preserved especially
bc it has stats on the generated policies):
se interested in the changes there were only two significant
changes. The first is that the iteration through the list of classes
used NULL as a sentinel value. The problem with this is that the
class_to_string array actually has NULL entries in its table as place
holders for the user space object classes.
The second change was that it would seem at some point the initial sids
table was NULL terminated. This is no longer the case so that iteration
has to be done on array length instead of looking for NULL.
Some statistics on the policy that it generates:
The policy consists of 523 lines which contain no blank lines. Of those
523 lines 453 of them are class, permission, and initial sid
definitions. These lines are usually little to no concern to the policy
developer since they will not be adding object classes or permissions.
Of the remaining 70 lines there is one type, one role, and one user
statement. The remaining lines are broken into three portions. The first
group are TE allow rules which make up 29 of the remaining lines, the
second is assignment of labels to the initial sids which consist of 27
lines, and file system labeling statements which are the remaining 11.
In addition to the policy.conf generated there is a single file_contexts
file containing two lines which labels the entire system with base_t.
This policy generates a policy.23 binary that is 7920 bytes.
(then a few versions later...):
The new policy is 587 lines (stripped of blank lines) with 476 of those
lines being the boilerplate that I mentioned last time. The remaining
111 lines have the 3 lines for type, user, and role, 70 lines for the
allow rules (one for each object class including user space object
classes), 27 lines to assign types to the initial sids, and 11 lines for
file system labeling. The policy binary is 9194 bytes.
Changelog:
Aug 26: Added Documentation/SELinux.txt
Aug 26: Incorporated a set of comments by Stephen Smalley:
1. auto-setup SELINUXTYPE=dummy
2. don't auto-install if selinux is enabled with
non-dummy policy
3. don't re-compute policy version
4. /sbin/setfiles not /usr/sbin/setfiles
Aug 22: As per JMorris comments, made sure make distclean
cleans up the mdp directory.
Removed a check for file_contexts which is now
created in the same file as the check, making it
superfluous.
Signed-off-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: David Quigley <dpquigl@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Anton Vorontsov [Wed, 20 Aug 2008 23:38:36 +0000 (16:38 -0700)]
[WATCHDOG] mpc8xxx_wdt: fix modular build
Fix the following build error when mpc8xxx_wdt is selected to build as a
module:
drivers/watchdog/mpc8xxx_wdt.c:304: error: redefinition of '__inittest'
drivers/watchdog/mpc8xxx_wdt.c:298: error: previous definition of '__inittest' was here
drivers/watchdog/mpc8xxx_wdt.c:304: error: redefinition of 'init_module'
drivers/watchdog/mpc8xxx_wdt.c:298: error: previous definition of 'init_module' was here
Reported-by: Dave Jones <davej@redhat.com> Signed-off-by: Anton Vorontsov <avorontsov@ru.mvista.com> Signed-off-by: Wim Van Sebroeck <wim@iguana.be> Cc: Adrian Bunk <bunk@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Jochen Friedrich [Thu, 24 Jul 2008 10:22:05 +0000 (12:22 +0200)]
[WATHDOG] delete unused driver mpc8xx_wdt.c
The watchdog driver mpc8xx_wdt.c was a device interface to
arch/ppc/syslib/m8xx_wdt.c for MPC8xx hardware. Now that ARCH=ppc is
gone, this driver is of no more use. For ARCH=powerpc, MPC8xx hardware
is supported by mpc8xxx_wdt.c.
Signed-off-by: Jochen Friedrich <jochen@scram.de> Signed-off-by: Wim Van Sebroeck <wim@iguana.be> Acked-by: Vitaly Bordug <vitb@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Ben Dooks [Sun, 22 Jun 2008 21:36:50 +0000 (22:36 +0100)]
[WATCHDOG] Clean out header of s3c2410_wdt driver.
Remove the changelog from the top of the driver, which
is redundant as this information is more accurately
represented from the revision control holding the
file.
Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
Linus Torvalds [Tue, 26 Aug 2008 17:43:55 +0000 (10:43 -0700)]
Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] Fix __{in,out}s{w,l} to handle unaligned data
[IA64] Fix ia64 build failure when CONFIG_SFC=m
David Woodhouse [Tue, 26 Aug 2008 14:29:22 +0000 (15:29 +0100)]
Fix userspace export of <linux/net.h>
Including <linux/fcntl.h> in the user-visible part of this header has
caused build regressions with headers from 2.6.27-rc. Move it down to
the #ifdef __KERNEL__ part, which is the only place it's needed. Move
some other kernel-only things down there too, while we're at it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
[CIFS] check version in spnego upcall response
[CIFS] Kerberos support not considered experimental anymore
[CIFS] distinguish between Kerberos and MSKerberos in upcall
cifs: add local server pointer to cifs_setup_session
[CIFS] reindent misindented statement
Linus Torvalds [Tue, 26 Aug 2008 17:18:24 +0000 (10:18 -0700)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Ignore vmlinux.lds generated files
[MIPS] kgdb: Do not call fixup_exception
[MIPS] RB532: Do not define registers that are already defined
[MIPS] IP27: Export symbol pcibus_to_node to modules.
[MIPS] kgdb: s/(void *)0)/NULL/
[MIPS] kgdb: smp_call_function's 3rd argument is a pointer.
[MIPS] TXx9: Fix mips_hpt_frequency initialization
[MIPS] emma2rh: Fix build error by header file inclusion weeding.
[MIPS] Jazz: Fix build error by header file inclusion weeding.
[MIPS] Wire up new syscalls.
[MIPS] Convert printk statements during kernel setup to use severity levels
Jarkko Nikula [Tue, 26 Aug 2008 10:32:57 +0000 (13:32 +0300)]
ALSA: ASoC: Fix error paths in N810 machine driver init and release clocks at exit
Thanks to Felipe Balbi <felipe.balbi@nokia.com> by noticing that if clk_get
to sys_clkout2_src fails, then n810_snd_device is never released.
Add also sys_clkout2_src release into error path, error code return and
release the clocks at exit.
Signed-off-by: Jarkko Nikula <jarkko.nikula@nokia.com> Acked-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
[MIPS] emma2rh: Fix build error by header file inclusion weeding.
CC arch/mips/emma2rh/markeins/setup.o
In file included from arch/mips/emma2rh/markeins/setup.c:30:
include/linux/ide.h:645: error: ‘CONFIG_IDE_MAX_HWIFS’ undeclared here (not in a function)
make[1]: *** [arch/mips/emma2rh/markeins/setup.o] Error 1
Steve French [Tue, 26 Aug 2008 00:37:14 +0000 (00:37 +0000)]
[CIFS] check version in spnego upcall response
Currently, we don't check the version in the SPNEGO upcall response
even though one is provided. Jeff and Q have made the corresponding
change to the Samba client (cifs.upcall).
Acked-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
Masakazu Mokuno [Wed, 20 Aug 2008 20:18:56 +0000 (06:18 +1000)]
powerpc/ps3: Fix ioremap of spu shadow regs
Fix the ioremap of the spu shadow regs on the PS3.
The current PS3 hypervisor requires the spu shadow regs to be
mapped with the PTE page protection bits set as read-only (PP=3).
This implementation uses the low level __ioremap() to bypass the
page protection settings inforced by ioremap_flags() to get the
needed PTE bits set for the shadow regs.
This fixes a runtime failure on the PS3 introduced by the powerpc
ioremap_prot rework of commit a1f242ff460e4b50a045fa237c3c56cce9eabf83
("powerpc ioremap_prot").
Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp> CC: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Geoff Levand <geoffrey.levand@am.sony.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Masakazu Mokuno [Wed, 20 Aug 2008 20:18:51 +0000 (06:18 +1000)]
powerpc/ps3: Rework htab code to remove ioremap
Rework the PS3 MMU hash table code to remove the need to ioremap the
hash table by using the HV calls lv1_insert_htab_entry() and
lv1_read_htab_entries().
This fixes a runtime failure on the PS3 introduced by the powerpc
ioremap_prot rework of commit a1f242ff460e4b50a045fa237c3c56cce9eabf83
("powerpc ioremap_prot").
Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp> CC: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Geoff Levand <geoffrey.levand@am.sony.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Carl Love [Mon, 11 Aug 2008 07:25:43 +0000 (17:25 +1000)]
powerpc/cell/oprofile: Avoid double vfree of profile buffer
If an error occurs on opcontrol start, the event and per cpu buffers
are released. If later opcontrol shutdown is called then the free
function will be called again to free buffers that no longer
exist. This results in a kernel oops. The following changes
prevent the call to delete buffers that don't exist.
Signed-off-by: Carl Love <carll@us.ibm.com> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Robert Richter <robert.richter@amd.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Yitchak Gertner [Mon, 25 Aug 2008 22:27:06 +0000 (15:27 -0700)]
bnx2x: Multi Queue
The multi queue support is still disabled by default for the bnx2x
(needs some more testing and validation), but there are 2 obvious bug in
it which are fixed in this patch
Signed-off-by: Yitchak Gertner <gertner@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Yitchak Gertner [Mon, 25 Aug 2008 22:26:24 +0000 (15:26 -0700)]
bnx2x: NAPI and interrupts enable/disable
Fixing the order of enabling and disabling NAPI and the interrupts
Signed-off-by: Yitchak Gertner <gertner@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Yitchak Gertner [Mon, 25 Aug 2008 22:25:45 +0000 (15:25 -0700)]
bnx2x: NIC load failure cleanup
Load failures were not handled correctly
Signed-off-by: Yitchak Gertner <gertner@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Yitchak Gertner [Mon, 25 Aug 2008 22:24:21 +0000 (15:24 -0700)]
bnx2x: Initialization structure
The TPA initialization is part of the FW internal memory initialization
and so it is moved to the appropriate function
Signed-off-by: Yitchak Gertner <gertner@broadcom.com> Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Eilon Greenstein [Mon, 25 Aug 2008 22:19:17 +0000 (15:19 -0700)]
bnx2x: Rx work check
The has Rx work check was wrong: when the FW was at the end of the page,
the driver was already at the beginning of the next page. Since the
check only validated that both driver and FW are pointing to the same
place, it concluded that there is still work to be done. This caused
some serious issues including long latency results on ping-pong test and
lockups while unloading the driver in that condition.
Signed-off-by: Eilon Greenstein <eilong@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Mon, 25 Aug 2008 22:16:19 +0000 (15:16 -0700)]
sctp: add verification checks to SCTP_AUTH_KEY option
The structure used for SCTP_AUTH_KEY option contains a
length that needs to be verfied to prevent buffer overflow
conditions. Spoted by Eugene Teo <eteo@redhat.com>.
Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Allowing 4k CPU's is not practical at this time, because we still have a
number of places that have several 'cpumask_t's on the stack, and a
4k-bit cpumask is 512 bytes of stack-space for each such variable. This
literally caused functions like 'smp_call_function_mask' to have a 2.5kB
stack frame, and several functions to have 2kB stackframes.
With an 8kB stack total, smashing the stack was simply much too likely.
At least bugzilla entry
http://bugzilla.kernel.org/show_bug.cgi?id=11342
was due to this.
The earlier commit to not inline load_module() into sys_init_module()
fixed the particular symptoms of this that Alan Brunelle saw in that
bugzilla entry, but the huge stack waste by cpumask_t's was the more
direct cause.
Some day we'll have allocation helpers that allocate large CPU masks
dynamically, but in the meantime we simply cannot allow cpumasks this
large.
Cc: Alan D. Brunelle <Alan.Brunelle@hp.com> Cc: Mike Travis <travis@sgi.com> Cc: Ingo Molnar <mingo@elte.hu> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Mon, 25 Aug 2008 18:26:33 +0000 (11:26 -0700)]
Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
x86: add X86_FEATURE_XMM4_2 definitions
x86: fix cpufreq + sched_clock() regression
x86: fix HPET regression in 2.6.26 versus 2.6.25, check hpet against BAR, v3
x86: do not enable TSC notifier if we don't need it
x86 MCE: Fix CPU hotplug problem with multiple multicore AMD CPUs
x86: fix: make PCI ECS for AMD CPUs hotplug capable
x86: fix: do not run code in amd_bus.c on non-AMD CPUs
Linus Torvalds [Mon, 25 Aug 2008 18:25:10 +0000 (11:25 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
PCI: fix reference leak in pci_get_dev_by_id()
PCI: shpchp: Rename duplicate slot name N as N-1, N-2, N-M...
PCI: pciehp: Rename duplicate slot name N as N-1, N-2, N-M...
Linus Torvalds [Mon, 25 Aug 2008 18:24:51 +0000 (11:24 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
ALSA: ASoC: Fix double free and memory leak in many codec drivers
ALSA: CA0106 on MSI K8N Diamond PLUS Motherboard
James Bottomley [Fri, 22 Aug 2008 21:15:22 +0000 (16:15 -0500)]
[IA64] Fix __{in,out}s{w,l} to handle unaligned data
Some ia64 systems produce several repeats of kernel messages like this:
kernel unaligned access to 0xe000000644220466, ip=0xa000000100516fa1
This was tracked to ide code using the __cmd[] field in "struct request"
via the __outsw() function. __cmd[] is a char array, so is not guaranteed
to be properly aligned when accessed as words.
Tested-by: Nishanth Aravamudan <nacc@us.ibm.com> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Linus Torvalds [Mon, 25 Aug 2008 18:19:53 +0000 (11:19 -0700)]
Merge branch 'kvm-updates-2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm
* 'kvm-updates-2.6.27' of git://git.kernel.org/pub/scm/linux/kernel/git/avi/kvm:
KVM: fix userspace ABI breakage
KVM: MMU: Fix torn shadow pte
KVM: Use .fixup instead of .text.fixup on __kvm_handle_fault_on_reboot
Linus Torvalds [Mon, 25 Aug 2008 18:10:26 +0000 (11:10 -0700)]
[module] Don't let gcc inline load_module()
'load_module()' is a complex function that contains all the ELF section
logic, and inlining it is utterly insane. But gcc will do it, simply
because there is only one call-site. As a result, all the stack space
that is allocated for all the work to load the module will still be
active when we actually call the module init sequence, and the deep call
chain makes stack overflows happen.
And stack overflows are really hard to debug, because they not only
corrupt random pages below the stack, but also corrupt the thread_info
structure that is allocated under the stack.
In this case, Alan Brunelle reported some crazy oopses at bootup, after
loading the processor module that ends up doing complex ACPI stuff and
has quite a deep callchain. This should fix it, and is the sane thing
to do regardless.
Cc: Alan D. Brunelle <Alan.Brunelle@hp.com> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Robin Holt [Tue, 29 Jul 2008 01:36:50 +0000 (20:36 -0500)]
[IA64] Fix ia64 build failure when CONFIG_SFC=m
CONFIG_SFC=m uses topology_core_siblings() which, for ia64, expects
cpu_core_map to be exported. It is not. This patch exports the needed
symbol.
Maintainers note: This really looks like the wrong thing to do ... it
would be much better for the kernel to export an API to provide
drivers like this with data they need (which in the case of this
driver seems to be an estimate of the effective parallelism available
on the platform). But x86 has exported this forever ... so go with
the flow until such an API is defined.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com> Signed-off-by: Matthew Wilcox <willy@linux.intel.com> Signed-off-by: Robin Holt <holt@sgi.com> Signed-off-by: Tony Luck <tony.luck@intel.com>
Heiko Carstens [Mon, 25 Aug 2008 16:13:27 +0000 (18:13 +0200)]
[S390] dcss: fix build bug.
Fix this compile bug:
CC drivers/s390/block/dcssblk.o
drivers/s390/block/dcssblk.c: In function 'dcssblk_add_store':
drivers/s390/block/dcssblk.c:387: error: implicit declaration of function 'dcssblk_get_segment_by_name'
drivers/s390/block/dcssblk.c:389: error: label 'release_gd' used but not defined
make[1]: *** [drivers/s390/block/dcssblk.o] Error 1
make: *** [drivers/s390/block/] Error 2
Peter Zijlstra [Mon, 25 Aug 2008 15:15:34 +0000 (17:15 +0200)]
sched_clock: fix cpu_clock()
This patch fixes 3 issues:
a) it removes the dependency on jiffies, because jiffies are incremented
by a single CPU, and the tick is not synchronized between CPUs. Therefore
relying on it to calculate a window to clip whacky TSC values doesn't work
as it can drift around.
So instead use [GTOD, GTOD+TICK_NSEC) as the window.
Joel Becker [Fri, 22 Aug 2008 21:30:10 +0000 (14:30 -0700)]
ocfs2: Increment the reference count of an already-active stack.
The ocfs2_stack_driver_request() function failed to increment the
refcount of an already-active stack. It only did the increment on the
first reference. Whoops.
Signed-off-by: Joel Becker <joel.becker@oracle.com> Tested-by: Marcos Matsunaga <marcos.matsunaga@oracle.com> Signed-off-by: Mark Fasheh <mfasheh@suse.com>