- 20 Mar, 2006 4 commits
-
-
Jason Baron authored
hi, The motivation behind the patch below was to address messages in /var/log/messages such as: Jan 31 10:54:15 mets kernel: audit(:0): major=252 name_count=0: freeing multiple contexts (1) Jan 31 10:54:15 mets kernel: audit(:0): major=113 name_count=0: freeing multiple contexts (2) I can reproduce by running 'get-edid' from: http://john.fremlin.de/programs/linux/read-edid/. These messages come about in the log b/c the vm86 calls do not exit via the normal system call exit paths and thus do not call 'audit_syscall_exit'. The next system call will then free the context for itself and for the vm86 context, thus generating the above messages. This patch addresses the issue by simply adding a call to 'audit_syscall_exit' from the vm86 code. Besides fixing the above error messages the patch also now allows vm86 system calls to become auditable. This is useful since strace does not appear to properly record the return values from sys_vm86. I think this patch is also a step in the right direction in terms of cleaning up some core auditing code. If we can correct any other paths that do not properly call the audit exit and entries points, then we can also eliminate the notion of context chaining. I've tested this patch by verifying that the log messages no longer appear, and that the audit records for sys_vm86 appear to be correct. Also, 'read_edid' produces itentical output. thanks, -Jason Signed-off-by:
Jason Baron <jbaron@redhat.com> Signed-off-by:
Al Viro <viro@zeniv.linux.org.uk>
-
Linus Torvalds authored
-
Andrea Arcangeli authored
This address is going to be obsolete, so I should update it.
-
git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds authored
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] SB1: Check for -mno-sched-prolog if building corelis debug kernel. [MIPS] Sibyte: Fix race in sb1250_gettimeoffset(). [MIPS] Sibyte: Fix interrupt timer off by one bug. [MIPS] Sibyte: Fix M_SCD_TIMER_INIT and M_SCD_TIMER_CNT wrong field width. [MIPS] Protect more of timer_interrupt() by xtime_lock. [MIPS] Work around bad code generation for <asm/io.h>. [MIPS] Simple patch to power off DBAU1200 [MIPS] Fix DBAu1550 software power off. [MIPS] local_r4k_flush_cache_page fix [MIPS] SB1: Fix interrupt disable hazard. [MIPS] Get rid of the IP22-specific code in arclib. Update MAINTAINERS entry for MIPS.
-
- 19 Mar, 2006 2 commits
-
-
Michael Chan authored
The 40-bit DMA workaround recently implemented for 5714, 5715, and 5780 needs to be expanded because there may be other tg3 devices behind the EPB Express to PCIX bridge in the 5780 class device. For example, some 4-port card or mother board designs have 5704 behind the 5714. All devices behind the EPB require the 40-bit DMA workaround. Thanks to Chris Elmquist again for reporting the problem and testing the patch. Signed-off-by:
Michael Chan <mchan@broadcom.com> Signed-off-by:
David S. Miller <davem@davemloft.net>
-
Ralf Baechle DL5RB authored
If the AX.25 dialect chosen by the sysadmin is set to DAMA master / 3 (or DAMA slave / 2, if CONFIG_AX25_DAMA_SLAVE=n) ax25_kick() will fall through the switch statement without calling ax25_send_iframe() or any other function that would eventually free skbn thus leaking the packet. Fix by restricting the sysctl inferface to allow only actually supported AX.25 dialects. The system administration mistake needed for this to happen is rather unlikely, so this is an uncritical hole. Coverity #651. Signed-off-by:
Ralf Baechle DL5RB <ralf@linux-mips.org> Signed-off-by:
-
- 18 Mar, 2006 16 commits
-
-
Michael Krufky authored
VIDEO_CX88_ALSA should not be between VIDEO_CX88_DVB and VIDEO_CX88_DVB_ALL_FRONTENDS When cx88-alsa was added to cx88/Kconfig, it was added in between VIDEO_CX88_DVB and VIDEO_CX88_DVB_ALL_FRONTENDS. This caused undesireable effects to the appearance of the menu options in menuconfig. This fix reorders cx88-alsa and cx88-dvb in Kconfig, to match saa7134, and restore the correct menuconfig appearance. Signed-off-by:
Michael Krufky <mkrufky@linuxtv.org> Signed-off-by:
Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org>
-
Markus Rechberger authored
Fixed em28xx based system lockup, device needs to be initialized before starting the isoc transfer otherwise the system will completly lock up. Signed-off-by:
Markus Rechberger <mrechberger@gmail.com> Signed-off-by:
-
Oleg Nesterov authored
sys_unshare() does mmput(new_mm). This is not enough if we have mm->core_waiters. This patch is a temporary fix for soon to be released 2.6.16. Signed-off-by:
Oleg Nesterov <oleg@tv-sign.ru> [ Checked with Uli: "I'm not planning to use unshare(CLONE_VM). It's not needed for any functionality planned so far. What we (as in Red Hat) need unshare() for now is the filesystem side." ] Signed-off-by:
-
Ralf Baechle authored
Signed-off-by: -
Ralf Baechle authored
From Dave Johnson <djohnson+linuxmips@sw.starentnetworks.com>: sb1250_gettimeoffset() simply reads the current cpu 0 timer remaining value, however once this counter reaches 0 and the interrupt is raised, it immediately resets and begins to count down again. If sb1250_gettimeoffset() is called on cpu 1 via do_gettimeofday() after the timer has reset but prior to cpu 0 processing the interrupt and taking write_seqlock() in timer_interrupt() it will return a full value (or close to it) causing time to jump backwards 1ms. Once cpu 0 handles the interrupt and timer_interrupt() gets far enough along it will jump forward 1ms. Fix this problem by implementing mips_hpt_*() on sb1250 using a spare timer unrelated to the existing periodic interrupt timers. It runs at 1Mhz with a full 23bit counter. This eliminated the custom do_gettimeoffset() for sb1250 and allowed use of the generic fixed_rate_gettimeoffset() using mips_hpt_*() and timerhi/timerlo. Signed-off-by: -
Ralf Baechle authored
From Dave Johnson <djohnson+linuxmips@sw.starentnetworks.com>: The timers need to be loaded with 1 less than the desired interval not the interval itself. Signed-off-by: -
Ralf Baechle authored
From Dave Johnson <djohnson+linuxmips@sw.starentnetworks.com>: Field width should be 23 bits not 20 bits. Signed-off-by: -
Ralf Baechle authored
From Dave Johnson <djohnson+linuxmips@sw.starentnetworks.com>: * do_timer() expects the arch-specific handler to take the lock as it modifies jiffies[_64] and xtime. * writing timerhi/lo in timer_interrupt() will mess up fixed_rate_gettimeoffset() which reads timerhi/lo. Signed-off-by: -
Ralf Baechle authored
If a call to set_io_port_base() was being followed by usage of mips_io_port_base in the same function gcc was possibly using the old value due to some clever abuse of const. Adding a barrier will keep the optimization and result in correct code with latest gcc. Signed-off-by: -
Matej Kupljen authored
Signed-off-by:
Matej Kupljen <matej.kupljen@ultra.si> Signed-off-by:
-
Sergei Shtylylov authored
Signed-off-by:
Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by:
-
Atsushi Nemoto authored
If dcache_size != icache_size or dcache_size != scache_size, or set-associative cache, icache/scache does not flushed properly. Make blast_?cache_page_indexed() masks its index value correctly. Also, use physical address for physically indexed pcache/scache. Signed-off-by:
Atsushi Nemoto <anemo@mba.ocn.ne.jp> Signed-off-by:
-
Ralf Baechle authored
The SB1 core has a three cycle interrupt disable hazard but we were wrongly treating it as fully interlocked. Signed-off-by: -
Ralf Baechle authored
This breaks the kernel build if sgiwd93 was configured as a module. Signed-off-by: -
Ralf Baechle authored
Signed-off-by: -
Alexey Kuznetsov authored
It is broken, the condition is checked out of socket lock. It is wonderful the bug survived for so long time. [ This fixes bugzilla #6233: race condition in tcp_sendmsg when connection became established ] Signed-off-by:
-
- 17 Mar, 2006 15 commits
-
-
Hugh Dickins authored
Lee Revell reported 28ms latency when process with lots of swapped memory exits. 2.6.15 introduced a latency regression when unmapping: in accounting the zap_work latency breaker, pte_none counted 1, pte_present PAGE_SIZE, but a swap entry counted nothing at all. We think of pages present as the slow case, but Lee's trace shows that free_swap_and_cache's radix tree lookup can make a lot of work - and we could have been doing it many thousands of times without a latency break. Move the zap_work update up to account swap entries like pages present. This does account non-linear pte_file entries, and unmap_mapping_range skipping over swap entries, by the same amount even though they're quick: but neither of those cases deserves complicating the code (and they're treated no worse than they were in 2.6.14). Signed-off-by:
Hugh Dickins <hugh@veritas.com> Acked-by:
Nick Piggin <npiggin@suse.de> Acked-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
-
Sam Ravnborg authored
Jiri Benc <jbenc@suse.cz> reported that modpost would stop with SIGABRT if used with long filepaths. The error looked like: > Building modules, stage 2. > MODPOST > *** glibc detected *** scripts/mod/modpost: realloc(): invalid next size: +0x0809f588 *** > [...] Fix this by allocating at least the required memory + SZ bytes each time. Before we sometimes ended up allocating too little memory resuting in the glibc detected bug above. Based on patch originally submitted by: Jiri Benc <jbenc@suse.cz> Signed-off-by:
Sam Ravnborg <sam@ravnborg.org> Signed-off-by:
-
Peter Staubach authored
A user can use nfsservctl() to spam the logs. This can happen because the arguments to the nfsservctl() system call are versioned. This is a good thing. However, when a bad version is detected, the kernel prints a message and then returns an error. Signed-off-by:
Peter Staubach <staubach@redhat.com> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by:
-
Christoph Lameter authored
We can call try_to_release_page() with PagePrivate off and a valid page->mapping This may cause all sorts of trouble for the filesystem *_releasepage() handlers. XFS bombs out in that case. Lock the page before checking for page private. Signed-off-by:
Christoph Lameter <clameter@sgi.com> Cc: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by:
-
Kevin Corry authored
The dm-stripe target currently does not enforce that the size of a stripe device be a multiple of the chunk-size. Under certain conditions, this can lead to I/O requests going off the end of an underlying device. This test-case shows one example. echo "0 100 linear /dev/hdb1 0" | dmsetup create linear0 echo "0 100 linear /dev/hdb1 100" | dmsetup create linear1 echo "0 200 striped 2 32 /dev/mapper/linear0 0 /dev/mapper/linear1 0" | \ dmsetup create stripe0 dd if=/dev/zero of=/dev/mapper/stripe0 bs=1k This will produce the output: dd: writing '/dev/mapper/stripe0': Input/output error 97+0 records in 96+0 records out And in the kernel log will be: attempt to access beyond end of device dm-0: rw=0, want=104, limit=100 The patch will check that the table size is a multiple of the stripe chunk-size when the table is created, which will prevent the above striped device from being created. This should not affect tools like LVM or EVMS, since in all the cases I can think of, striped devices are always created with the sizes being a multiple of the chunk-size. The size of a stripe device must be a multiple of its chunk-size. (akpm: that typecast is quite gratuitous) Signed-off-by:
Kevin Corry <kevcorry@us.ibm.com> Signed-off-by:
Alasdair G Kergon <agk@redhat.com> Signed-off-by:
-
Srivatsa Vaddagiri authored
Bryce reported a bug wherein offlining CPU0 (on x86 box) and then subsequently onlining it resulted in a lockup. On x86, CPU0 is never offlined. The subsequent attempt to online CPU0 doesn't take that into account. It actually tries to bootup the already booted CPU. Following patch fixes the problem (as acknowledged by Bryce). Please consider for inclusion in 2.6.16. Check if cpu is already online. Signed-off-by:
Srivatsa Vaddagiri <vatsa@in.ibm.com> Signed-off-by:
-
Eric Van Hensbergen authored
There is a d_drop in dir_release which caused problems as it invalidates dcache entries too soon. This was likely a part of the wierd cwd behavior folks were seeing. Signed-off-by:
Eric Van Hensbergen <ericvh@gmail.com> Signed-off-by:
-
Roman Zippel authored
When the posix-timer signal is ignored then the timer is rearmed by the callback function. The requeue pending accounting has to be fixed up else the state might be wrong. Signed-off-by:
Roman Zippel <zippel@linux-m68k.org> Signed-off-by:
Thomas Gleixner <tglx@linutronix.de> Signed-off-by:
-
Christoph Lameter authored
The pointer to the current time interpolator and the current list of time interpolators are typically only changed during bootup. Adding __read_mostly takes them away from possibly hot cachelines. Signed-off-by:
-
Christoph Lameter authored
Currently the migration of anonymous pages will silently fail if no swap is setup. This patch makes page migration functions check for available swap and fail with -ENODEV if no swap space is available. Signed-off-by:
-
Eric W. Biederman authored
The sighand pointer only needs the rcu_read_lock on the read side. So only depending on task_lock protection when setting this pointer is not enough. We also need a memory barrier to ensure the initialization is seen first. Use rcu_assign_pointer as it does this for us, and clearly documents that we are setting an rcu readable pointer. Signed-off-by:
Eric W. Biederman <ebiederm@xmission.com> Acked-by:
Paul E. McKenney <paulmck@us.ibm.com> Signed-off-by:
-
Scott Bardone authored
Adrian Bunk wrote: > The Coverity checker spotted the following two array overflows in > drivers/net/chelsio/sge.c (in both cases, the arrays contain 3 > elements): [snip] This is a bug. The array should contain 2 elements. Here is the fix. Signed-off-by:
Scott Bardone <sbardone@chelsio.com> Signed-off-by:
Jeff Garzik <jeff@garzik.org>
-
David S. Miller authored
return -E_NO_BIG_ENDIAN_TESTING; [E1000]: Fix 4 missed endianness conversions on RX descriptor fields. Signed-off-by:
-
Jeff Garzik authored
Merge branch 'upstream-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6
-
-
- 16 Mar, 2006 3 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-mergeLinus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc-merge: powerpc: update defconfigs [PATCH] powerpc: properly configure DDR/P5IOC children devs [PATCH] powerpc: remove duplicate EXPORT_SYMBOLS [PATCH] powerpc: RTC memory corruption [PATCH] powerpc: enable NAP only on cpus who support it to avoid memory corruption [PATCH] powerpc: Clarify wording for CRASH_DUMP Kconfig option [PATCH] powerpc/64: enable CONFIG_BLK_DEV_SL82C105 [PATCH] powerpc: correct cacheflush loop in zImage powerpc: Fix problem with time going backwards powerpc: Disallow lparcfg being a module
-
Paul Mackerras authored
Signed-off-by:Paul Mackerras <paulus@samba.org>
-
John Rose authored
The dynamic add path for PCI Host Bridges can fail to configure children adapters under P5IOC controllers. It fails to properly fixup bus/device resources, and it fails to properly enable EEH. Both of these steps need to occur before any children devices are enabled in pci_bus_add_devices(). Signed-off-by:
John Rose <johnrose@austin.ibm.com> Signed-off-by:
-
