1. 09 Jun, 2007 25 commits
  2. 08 Jun, 2007 8 commits
    • Bryan Wu's avatar
      RAMFS NOMMU: missed POSIX UID/GID inode attribute checking · 85f6038f
      Bryan Wu authored
      This bug was caught by LTP testcase fchmod06 on Blackfin platform.
      
      In the manpage of fchmod, "EPERM: The effective UID does not match the
      owner of the file, and the process is not privileged (Linux: it does not
      have the CAP_FOWNER capability)."
      
      But the ramfs nommu code missed the inode_change_ok POSIX UID/GID
      verification. This patch fixed this.
      Signed-off-by: default avatarBryan Wu <bryan.wu@analog.com>
      Cc: David Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      85f6038f
    • Linus Torvalds's avatar
      Merge git://git.linux-xtensa.org/kernel/xtensa-feed · c8d8170f
      Linus Torvalds authored
      * git://git.linux-xtensa.org/kernel/xtensa-feed:
        Xtensa: use asm-generic/fcntl.h
        [XTENSA] Remove non-rt signal handling
        [XTENSA] Move common sections into bss sections
        [XTENSA] clean-up header files
        [XTENSA] Use generic 64-bit division
        [XTENSA] Remove multi-exported symbols from xtensa_ksyms.c
        [XTENSA] fix sources using deprecated assembler directive
        [XTENSA] Spelling fixes in arch/xtensa
        [XTENSA] fix bit operations in bitops.h
      c8d8170f
    • Linus Torvalds's avatar
      Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6 · 34750bb1
      Linus Torvalds authored
      * 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
        [SPARC64]: Fix SBUS IRQ regression caused by PCI-E driver.
        [SPARC64]: Fix 2 bugs in PCI Sabre bus scanning.
      34750bb1
    • Linus Torvalds's avatar
      Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 · df3872a9
      Linus Torvalds authored
      * 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (24 commits)
        xfrm: Add security check before flushing SAD/SPD
        [NET_SCHED]: Fix filter double free
        [NET]: Avoid duplicate netlink notification when changing link state
        [UDP]: Revert 2-pass hashing changes.
        [AF_UNIX]: Fix stream recvmsg() race.
        [NETFILTER]: nf_conntrack_amanda: fix textsearch_prepare() error check
        [NETFILTER]: ip_tables: fix compat related crash
        [NETFILTER]: nf_conntrack: fix helper module unload races
        [RTNETLINK]: ifindex 0 does not exist
        [NETLINK]: Mark netlink policies const
        [TCP] tcp_probe: Attach printf attribute properly to printl().
        [TCP]: Use LIMIT_NETDEBUG in tcp_retransmit_timer().
        [NET]: Merge dst_discard_in and dst_discard_out.
        [RFKILL]: Make rfkill->name const
        [IPV4]: Restore old behaviour of default config values
        [IPV4]: Add default config support after inetdev_init
        [IPV4]: Convert IPv4 devconf to an array
        [IPV4]: Only panic if inetdev_init fails for loopback
        [TCP]: Honour sk_bound_dev_if in tcp_v4_send_ack
        [BNX2]: Update version and reldate.
        ...
      df3872a9
    • Steven Rostedt's avatar
      enable interrupts in user path of page fault. · e5e3c84b
      Steven Rostedt authored
      This is a minor fix, but what is currently there is essentially wrong.
      In do_page_fault, if the faulting address from user code happens to be
      in kernel address space (int *p = (int*)-1; p = 0xbed;)  then the
      do_page_fault handler will jump over the local_irq_enable with the
      
        goto bad_area_nosemaphore;
      
      But the first line there sees this is user code and goes through the
      process of sending a signal to send SIGSEGV to the user task. This whole
      time interrupts are disabled and the task can not be preempted by a
      higher priority task.
      
      This patch always enables interrupts in the user path of the
      bad_area_nosemaphore.
      Signed-off-by: default avatarSteven Rostedt <rostedt@goodmis.org>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      e5e3c84b
    • Linus Torvalds's avatar
      Merge master.kernel.org:/home/rmk/linux-2.6-arm · c52ecdab
      Linus Torvalds authored
      * master.kernel.org:/home/rmk/linux-2.6-arm:
        [ARM] pxa: fix pxa27x keyboard driver
        [ARM] Fix 4417/1: Serial: Fix AMBA drivers locking
        [ARM] 4421/1: AT91: Value of _KEY fields.
        [ARM] Solve buggy smp_processor_id() usage
        [ARM] 4422/1: Fix default value handling in gpio_direction_output (PXA)
        [ARM] 4419/1: AT91: SAM9 USB clocks check for suspending
        [ARM] 4418/1: AT91: Number of programmable clocks differs
        [ARM] 4392/2: Do not corrupt the SP register in compressed/head.S
      c52ecdab
    • Linus Torvalds's avatar
      Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus · dc315011
      Linus Torvalds authored
      * 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
        [MIPS] Fix warning by moving do_default_vi into CONFIG_CPU_MIPSR2_SRS
        [MIPS] Fix some minor typoes in arch/mips/Kconfig.
        [MIPS] Remove prototype for deleted function qemu_handle_int
        [MIPS] Fix some system calls with long long arguments
        [MIPS] Make dma_map_sg handle sg elements which are longer than one page
        [MIPS] Drop __ARCH_WANT_SYS_FADVISE64
        [MIPS] Fix VGA corruption on RM300C
        [MIPS] RM300: Fix MMIO problems by marking the PCI INT ACK region busy
        [MIPS] EMMA2RH: remove dead KGDB code
        [MIPS] Remove duplicate fpu enable hazard code.
        [MIPS] Atlas, Malta, SEAD: Remove scroll from interrupt handler.
      dc315011
    • Peter Zijlstra's avatar
      frv: build fix · 2c750edd
      Peter Zijlstra authored
      In file included from /usr/src/linux-2.6-2/net/ipv4/ip_input.c:118:
      
        include2/asm/system.h:245: error: parse error before "__cmpxchg_32"
        include2/asm/system.h:245: error: parse error before '*' token
        include2/asm/system.h:245: warning: type defaults to `int' in declaration of `__cmpxchg_32'
        include2/asm/system.h:245: warning: function declaration isn't a prototype
        include2/asm/system.h:245: warning: data definition has no type or storage class
      Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
      Acked-by: default avatarDavid Howells <dhowells@redhat.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      2c750edd
  3. 07 Jun, 2007 7 commits
    • David S. Miller's avatar
      [SPARC64]: Fix SBUS IRQ regression caused by PCI-E driver. · ec4d18f2
      David S. Miller authored
      We used to access the 64-bit IRQ IMAP and ICLR registers of bus
      controllers 4-bytes in and as a 32-bit register word, since only the
      low 32-bits were relevant.  This seemed like a good idea at the time.
      
      But the PCI-E controller requires full 8-byte 64-bit access to
      these registers, so we switched over to accessing them fully.
      
      SBUS was not adjusted properly, which broke interrupts completely.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      ec4d18f2
    • David S. Miller's avatar
      [SPARC64]: Fix 2 bugs in PCI Sabre bus scanning. · 321566c2
      David S. Miller authored
      If we are on hummingbird, bus runs at 66MHZ.
      
      pbm->pci_bus should be setup with the result of pci_scan_one_pbm()
      or else we deref NULL pointers in the error interrupt handlers.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      321566c2
    • Joy Latten's avatar
      xfrm: Add security check before flushing SAD/SPD · 4aa2e62c
      Joy Latten authored
      Currently we check for permission before deleting entries from SAD and
      SPD, (see security_xfrm_policy_delete() security_xfrm_state_delete())
      However we are not checking for authorization when flushing the SPD and
      the SAD completely. It was perhaps missed in the original security hooks
      patch.
      
      This patch adds a security check when flushing entries from the SAD and
      SPD.  It runs the entire database and checks each entry for a denial.
      If the process attempting the flush is unable to remove all of the
      entries a denial is logged the the flush function returns an error
      without removing anything.
      
      This is particularly useful when a process may need to create or delete
      its own xfrm entries used for things like labeled networking but that
      same process should not be able to delete other entries or flush the
      entire database.
      
      Signed-off-by: Joy Latten<latten@austin.ibm.com>
      Signed-off-by: default avatarEric Paris <eparis@parisplace.org>
      Signed-off-by: default avatarJames Morris <jmorris@namei.org>
      4aa2e62c
    • Patrick McHardy's avatar
      [NET_SCHED]: Fix filter double free · b00b4bf9
      Patrick McHardy authored
      cbq and atm destroy their filters twice when destroying inner classes
      during qdisc destruction.
      Reported-and-tested-by: default avatarStrobl Anton <a.strobl@aws-it.at>
      Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b00b4bf9
    • Thomas Graf's avatar
      [NET]: Avoid duplicate netlink notification when changing link state · 7c355f53
      Thomas Graf authored
      When changing the link state from userspace not affecting any other
      flags. Two duplicate notification are being sent, once as action
      in the NETDEV_UP/NETDEV_DOWN notification chain and a second time
      when comparing old and new device flags after the change has been
      completed. Although harmless, the duplicates should be avoided.
      Signed-off-by: default avatarThomas Graf <tgraf@suug.ch>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7c355f53
    • David S. Miller's avatar
      [UDP]: Revert 2-pass hashing changes. · df2bc459
      David S. Miller authored
      This reverts changesets:
      
      6aaf47fa
      b7b5f487
      de34ed91
      fc038410
      
      There are still some correctness issues recently
      discovered which do not have a known fix that doesn't
      involve doing a full hash table scan on port bind.
      
      So revert for now.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      df2bc459
    • Miklos Szeredi's avatar
      [AF_UNIX]: Fix stream recvmsg() race. · 3c0d2f37
      Miklos Szeredi authored
      A recv() on an AF_UNIX, SOCK_STREAM socket can race with a
      send()+close() on the peer, causing recv() to return zero, even though
      the sent data should be received.
      
      This happens if the send() and the close() is performed between
      skb_dequeue() and checking sk->sk_shutdown in unix_stream_recvmsg():
      
      process A  skb_dequeue() returns NULL, there's no data in the socket queue
      process B  new data is inserted onto the queue by unix_stream_sendmsg()
      process B  sk->sk_shutdown is set to SHUTDOWN_MASK by unix_release_sock()
      process A  sk->sk_shutdown is checked, unix_release_sock() returns zero
      
      I'm surprised nobody noticed this, it's not hard to trigger.  Maybe
      it's just (un)luck with the timing.
      
      It's possible to work around this bug in userspace, by retrying the
      recv() once in case of a zero return value.
      Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      3c0d2f37