- 29 Nov, 2007 13 commits
-
-
Eric W. Biederman authored
Oleg noticed that the call of task_pid_nr_ns() in proc_pid_readdir is racy with respect to tasks exiting. After a bit of examination it also appears that the call itself is completely unnecessary. So to fix the problem this patch modifies next_tgid() to return both a tgid and the task struct in question. A structure is introduced to return these values because it is slightly cleaner and easier to optimize, and the resulting code is a little shorter. Signed-off-by:
"Eric W. Biederman" <ebiederm@xmission.com> Cc: Oleg Nesterov <oleg@tv-sign.ru> Cc: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
-
Oleg Nesterov authored
wait_task_stopped(WNOWAIT) does task_pid_nr_ns() without tasklist/rcu lock, we can read an already freed memory. Use the cached pid_t value. Signed-off-by:
Oleg Nesterov <oleg@tv-sign.ru> Looks-good-to: Roland McGrath <roland@redhat.com> Acked-by:
Pavel Emelyanov <xemul@openvz.org> Signed-off-by:
-
Alexey Dobriyan authored
proc_kill_inodes() can clear ->i_fop in the middle of vfs_readdir resulting in NULL dereference during "file->f_op->readdir(file, buf, filler)". The solution is to remove proc_kill_inodes() completely: a) we don't have tricky modules implementing their tricky readdir hooks which could keeping this revoke from hell. b) In a situation when module is gone but PDE still alive, standard readdir will return only "." and "..", because pde->next was cleared by remove_proc_entry(). c) the race proc_kill_inode() destined to prevent is not completely fixed, just race window made smaller, because vfs_readdir() is run without sb_lock held and without file_list_lock held. Effectively, ->i_fop is cleared at random moment, which can't fix properly anything. BUG: unable to handle kernel NULL pointer dereference at virtual address 00000018 printing eip: c1061205 *pdpt = 0000000005b22001 *pde = 0000000000000000 Oops: 0000 [#1] PREEMPT SMP Modules linked in: foo af_packet ipv6 cpufreq_ondemand loop serio_raw sr_mod k8temp cdrom hwmon amd_rng Pid: 2033, comm: find Not tainted (2.6.24-rc1-b1d08ac0 #2) EIP: 0060:[<c1061205>] EFLAGS: 00010246 CPU: 0 EIP is at vfs_readdir+0x47/0x74 EAX: c6b6a780 EBX: 00000000 ECX: c1061040 EDX: c5decf94 ESI: c6b6a780 EDI: fffffffe EBP: c9797c54 ESP: c5decf78 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068 Process find (pid: 2033, ti=c5dec000 task=c64bba90 task.ti=c5dec000) Stack: c5decf94 c1061040 fffffff7 0805ffbc 00000000 c6b6a780 c1061295 0805ffbc 00000000 00000400 00000000 00000004 0805ffbc 4588eff4 c5dec000 c10026ba 00000004 0805ffbc 00000400 0805ffbc 4588eff4 bfdc6c70 000000dc 0000007b Call Trace: [<c1061040>] filldir64+0x0/0xc5 [<c1061295>] sys_getdents64+0x63/0xa5 [<c10026ba>] sysenter_past_esp+0x5f/0x85 ======================= Code: 49 83 78 18 00 74 43 8d 6b 74 bf fe ff ff ff 89 e8 e8 b8 c0 12 00 f6 83 2c 01 00 00 10 75 22 8b 5e 10 8b 4c 24 04 89 f0 8b 14 24 <ff> 53 18 f6 46 1a 04 89 c7 75 0b 8b 56 0c 8b 46 08 e8 c8 66 00 EIP: [<c1061205>] vfs_readdir+0x47/0x74 SS:ESP 0068:c5decf78 hch: "Nice, getting rid of this is a very good step formwards. Unfortunately we have another copy of this junk in security/selinux/selinuxfs.c:sel_remove_entries() which would need the same treatment." Signed-off-by:
Alexey Dobriyan <adobriyan@sw.ru> Acked-by:
Christoph Hellwig <hch@infradead.org> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by:
-
Zhao Yakui authored
On some systems the number of resources(IO,MEM) returnedy by PNP device is greater than the PNP constant, for example motherboard devices. It brings that some resources can't be reserved and resource confilicts. This will cause PCI resources are assigned wrongly in some systems, and cause hang. This is a regression since we deleted ACPI motherboard driver and use PNP system driver. [akpm@linux-foundation.org: fix text and coding-style a bit] Signed-off-by:
Li Shaohua <shaohua.li@intel.com> Signed-off-by:
Zhao Yakui <yakui.zhao@intel.com> Cc: Bjorn Helgaas <bjorn.helgaas@hp.com> Cc: Thomas Renninger <trenn@suse.de> Cc: <stable@kernel.org> Signed-off-by:
-
Jeremy Fitzhardinge authored
_PAGE_PCD maps a page with caching disabled, which is typically used for mapping harware registers. Xen never allows it to be set on a mapping, and unprivileged guests never need it since they can't see the real underlying hardware. However, some uncached mappings are made early when probing the (non-existent) APIC, and its OK to mask off the PCD flag in these cases. This became necessary because Xen started checking for this bit, rather than silently masking it off. Signed-off-by:
Jeremy Fitzhardinge <jeremy@xensource.com> Signed-off-by:
-
WANG Cong authored
include/asm-um/arch points to the non-existed include/asm-i386 directory. Signed-off-by:
WANG Cong <xiyou.wangcong@gmail.com> Cc: Jeff Dike <jdike@karaya.com> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by:
-
Mel Gorman authored
Ordinarily the size of a pageblock is determined at compile-time based on the hugepage size. On PPC64, the hugepage size is determined at runtime based on what is supported by the machine. With legacy machines such as iSeries that do not support hugepages, HPAGE_SHIFT is 0. This results in pageblock_order being set to -PAGE_SHIFT and a crash results shortly afterwards. This patch adds a function to select a sensible value for pageblock order by default when HUGETLB_PAGE_SIZE_VARIABLE is set. It checks that HPAGE_SHIFT is a sensible value before using the hugepage size; if it is not MAX_ORDER-1 is used. This is a fix for 2.6.24. Credit goes to Stephen Rothwell for identifying the bug and testing candidate patches. Additional credit goes to Andy Whitcroft for spotting a problem with respects to IA-64 before releasing. Additional credit to David Gibson for testing with the libhugetlbfs test suite. Signed-off-by:
Mel Gorman <mel@csn.ul.ie> Tested-by:
Stephen Rothwell <sfr@canb.auug.org.au> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-by:
Paul Mackerras <paulus@samba.org> Signed-off-by:
-
Geert Uytterhoeven authored
- Limit video memory size to avoid crossing a 256 MiB boundary in IOIF space. - Pass the actual amount of video memory used to lv1_gpu_memory_allocate(). Signed-off-by:
Geert Uytterhoeven <Geert.Uytterhoeven@sonycom.com> Signed-off-by:
-
Geert Uytterhoeven authored
- vuart.ko -> ps3-vuart.ko - sys-manager.ko -> ps3-sys-manager.ko Signed-off-by:
-
David Brownell authored
Make the atmel_spi driver label GPIOs according to the device for which they're acting as a chipselect. This way the debugfs dump of gpio state is more informative. Signed-off-by:
David Brownell <dbrownell@users.sourceforge.net> Cc: Haavard Skinnemoen <hskinnemoen@atmel.com> Signed-off-by:
-
Andy Whitcroft authored
This version brings a new terse output mode as well as many improvements to the unary detection and bare type regcognition. It also brings the usual updates for false positives, though these seem to be slowing markedly now that the unary detector is no longer just putting its finger in the air and guessing. Of note: - new --terse mode producing a single line per report - loosening of the block brace checks - new checks for enum/union/struch brace placements - hugely expanded "bare type" detection - checks for inline usage - better handling of already open comment blocks - handle patches which introduce or remove lines without newlines Andy Whitcroft (19): Version: 0.12 style fixes as spotted by checkpatch add a --terse options of a single line of output per report block brace checks should only apply for single line blocks all new bare type detector check spacing for open braces with enum, union and struct check for LINUX_VERSION_CODE macros definition bracketing checks need to ignore -ve context clean up the mail-back mode, -q et al expand possible type matching to declarations allow const and sparse annotations on possible types handle possible types as regular types everywhere prefer plain inline over __inline__ and __inline all new open comment detection fix up conditional extraction for if assignment checks add const to the possible type matcher unary checks: a for loop is a conditional too possible types: detect function pointer definitions handle missind newlines at end of file, report addition Signed-off-by:Andy Whitcroft <apw@shadowen.org> Acked-by:
Ingo Molnar <mingo@elte.hu> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (25 commits) USB: s3c2410 gadget: ensure vbus pin in input mode during read USB: s3c2410 gadget: allow sharing of vbus irq USB: s3c2410 gadget: Header move fixups USB: usb-storage: unusual_devs entry for JetFlash TS1GJF2A USB: fix up EHCI startup synchronization USB: make the microtek driver and HAL cooperate USB: uevent environment key fix USB: keep track of whether interface sysfs files exist USB: sierra: new product id USB HCD: avoid duplicate local_irq_disable() USB: mailing lists have changed USB: remove USB HUB entry from MAINTAINERS USB: fix directory references in usb/README USB: add support for an older firmware revision for the Nikon D200 USB: FIx locks and urb->status in adutux (updated) USB: power-management documenation update USB: Fix signr comment in usbdevice_fs.h usbserial: fix inconsistent lock state USB: fix usbled disconnect read race #2 USB: free memory when writing fails in usb/serial/mos7840.c ...
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/pci-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/pci-2.6: pci hotplug: kernel-doc fixes pci-aer: fix kernel-doc mistakes PCI: drivers/pci/pci-sysfs.c: Add missing pci_dev_put PCI: pcie portdriver: initialize returned value
-
- 28 Nov, 2007 27 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6Linus Torvalds authored
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-2.6: sysfs: fix off-by-one error in fill_read_buffer() kobject: two typo fixes UIO: add UIO documentation target to DocBook Makefile UIO: fix up the UIO documentation create /sys/.../power when CONFIG_PM is set allow LEGACY_PTYS to be set to 0
-
Randy Dunlap authored
acpiphp.h: not using kernel-doc, so change /** to /* acpiphp_core.c: lots of kernel-doc cleanups acpiphp_glue.c: lots of kernel-doc cleanups acpiphp_ibm.c: lots of kernel-doc cleanups cpqphp_core.c: lots of kernel-doc cleanups cpqphp_ctrl.c: lots of kernel-doc cleanups fakephp.c: correct kernel-doc notation pciehp_ctrl.c: correct kernel-doc notation rpadlpar_core.c: correct function names & kernel-doc notation rpaphp_core.c: correct kernel-doc notation shpchp_ctrl.c: correct kernel-doc notation Signed-off-by:
Randy Dunlap <randy.dunlap@oracle.com> Cc: Kristen Accardi <kristen.c.accardi@intel.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Randy Dunlap authored
Fix kernel-doc parameter names and ending block comments (change **/ to */). Signed-off-by:
Linas Vepstas <linas@linas.org> Signed-off-by:
-
Julia Lawall authored
There should be a pci_dev_put when breaking out of a loop that iterates over calls to pci_get_device and similar functions. This was fixed using the following semantic patch. // <smpl> @@ identifier d; type T; expression e; iterator for_each_pci_dev; @@ T *d; ... for_each_pci_dev(d) {... when != pci_dev_put(d) when != e = d ( return d; | + pci_dev_put(d); ? return ...; ) ...} // </smpl> Signed-off-by:Julia Lawall <julia@diku.dk> Signed-off-by:
-
Linas Vepstas authored
The pcie protdrv status can be returned uninitialized, if there are no children under a device. This leads to bad responses downstream. Fix this. Signed-off-by:
Linas Vepstas <linas@austin.ibm.com> Signed-off-by:
-
Ben Dooks authored
Some CPUs in the S3C24XX series do not support readback of the value of a pin when the pin has been configured to an IRQ. Signed-off-by:
Ben Dooks <ben-linux@fluff.org> Acked-by:
-
Ben Dooks authored
If another driver wants to claim the vbus pin, say to notify the user of an connect/disconnect then allow the IRQ to be shared by specifiying IRQ_SHARED in the flags. Signed-off-by:
-
Ben Dooks authored
Fixup the fallout from the arch moves earlier in the kernel series. Signed-off-by:
-
Alan Stern authored
This patch (as1018) adds an unusual_devs entry for the JetFlash TS1GJF2A. This device doesn't like read requests for more than 188 sectors. Setting max_sectors down to 64 is overkill, but at least it will work without errors. For the torturous debugging history, see this thread: http://marc.info/?t=118745764700005&r=1&w=2Signed-off-by:
Alan Stern <stern@rowland.harvard.edu> Signed-off-by:
-
David Brownell authored
A recent patch added software synchronization during EHCI startup, so ports aren't switched away from the companion controllers after resets have started. This patch adds a short delay letting hardware finish that port switching before any new resets begin ... so both ends of that hardware race window are closed. Signed-off-by:
-
Oliver Neukum authored
to make HAL like the microtek driver's devices the parent must be correctly set. Signed-off-by:
Oliver Neukum <oneukum@suse.de> Cc: stable <stable@kernel.org> Signed-off-by:
-
Alan Stern authored
This patch (as1010) was written by both Kay Sievers and me. It solves the problem of duplicated keys in USB uevent structures by refactoring the uevent subroutines, taking advantage of the way the hotplug core calls uevent handlers for the device's bus and for the device's type. Keys needed for both USB-device and USB-interface events are added in usb_uevent(), which is the bus handler. Keys appropriate only for USB-device or USB-interface events are added in usb_dev_uevent() or usb_if_uevent() respectively, the type handlers. In addition, unnecessary tests for NULL pointers are removed as are duplicated debugging log statements. Signed-off-by:
-
Alan Stern authored
This patch (as1009) solves the problem of multiple registrations for USB sysfs files in a more satisfying way than the existing code. It simply adds a flag to keep track of whether or not the files have been created; that way the files can be created or removed as needed. Signed-off-by: -
agilmore@wirelessbeehive.com authored
Per the maintainer of the usbserial/sierra.c driver, the patch below adds a new id to the list of supported cards for the sierra driver. Tested and working for me on Fedora 8, kernel 2.6.23 and on the more recent sierra.c available in http://www.sierrawireless.com/resources/support/Software/Linux/v.1.2.6b(kernel2.6.21).zip Hardware is a MiniPCI card in a Lenovo T61p. Signed-off-by:
Andrew Gilmore <agilmore@wirelessbeehive.com> Cc: Kevin Lloyd <linux@sierrawireless.com> Signed-off-by:
-
Alan Stern authored
Arnd Bergmann wrote: usb_hcd_flush_endpoint() has a retry loop that starts with a spin_lock_irq(), but only gives up the spinlock, not the irq_disable before jumping to the rescan label. Alan Stern: I agree with your sentiment, but it would be better to solve this problem without using local_irq_disable(). Signed-off-by:
-
Greg Kroah-Hartman authored
The linux-usb-devel and linux-usb-users are now hosted in the same list at vger.kernel.org Signed-off-by: -
David Brownell authored
Digging through old mail, I found a note about needing to remove the separate entry for the USB HUB driver. It's not been separable from usbcore (host side!) since quite early in the 2.4 kernel series. And Johanness certainly isn't involved with it any more. Signed-off-by:
-
Dirk Hohndel authored
Another one in the "ok, this is trivial to fix" list... :-) [PATCH] fix directory references in usb/README Signed-off-by:
Dirk Hohndel <hohndel@linux.intel.com> Signed-off-by:
-
Mike Pagano authored
This is a resubmission of the patch to upgrade the unusual_devs.h file to support an older firmware revision of the Nikon D200. This patch includes the requested /proc/bus/usb/devices information. T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=02 Dev#= 6 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1 P: Vendor=04b0 ProdID=040f Rev= 1.00 S: Manufacturer=NIKON S: Product=NIKON DSC D200 S: SerialNumber=0000000 C:* #Ifs= 1 Cfg#= 1 Atr=c0 MxPwr= 2mA I:* If#= 0 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=usb-storage E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Signed-off-by:
Mike Pagano <mpagano@gentoo.org> Signed-off-by:
Phil Dibowitz <phil@ipom.com> Signed-off-by:
-
Pete Zaitcev authored
Two main issues fixed here are: - An improper use of in-struct lock to protect an open count - Use of urb status for -EINPROGRESS Also, along the way: - Change usb_unlink_urb to usb_kill_urb. Apparently there's no need to use usb_unlink_urb whatsoever in this driver, and the old use of usb_kill_urb was outright racy (it unlinked and immediately freed). - Fix indentation in adu_write. Looks like it was damaged by a script. - Vitaly wants -EBUSY on multiply opens. - bInterval was taken from a wrong endpoint. Signed-off-by:
Pete Zaitcev <zaitcev@redhat.com> Signed-off-by:
Vitaliy Ivanov <vitalivanov@gmail.com> Tested-by:
-
Alan Stern authored
This patch (as1014) was partly written by Tilman Schmidt. It clarifies the USB power-management documentation by explaining that when a disconnect occurs, a suspend method call might not be followed by either a resume or a reset_resume call. Signed-off-by:
Tilman Schmidt <tilman@imap.cc> Signed-off-by:
-
Phil Endecott authored
This trivial documentation patch corrects a comment in usbdevice_fs.h; it previously suggested that the signal would only be sent on error, but I am told that it is sent on both successful and unsuccessful completion, and that zero indicates that no signal should be sent. Signed-off-by:
Phil Endecott <spam_from_usb_devel@chezphil.org> Signed-off-by:
-
Borislav Petkov authored
In commit acd2a847 usb_serial_generic_write() disables interrupts when taking &port->lock which is also taken in usb_serial_generic_read_bulk_callback() resulting in an inconsistent lock state due to the latter not disabling interrupts on the local cpu. Fix that by disabling interrupts in the latter call site also. Signed-off-by:
Borislav Petkov <bbpetkov@yahoo.de> Acked-by:
Jiri Kosina <jkosina@suse.cz> Signed-off-by:
-
Oliver Neukum authored
usbled has a race where show methods for attributes in sysfs can follow a NULL pointer during disconnect. The correct ordering fixes it. Signed-off-by:
-
Roel Kluin authored
Free buffer when writing ZLP_REG5 failed Signed-off-by:
Roel Kluin <12o3l@tiscali.nl> Signed-off-by:
-
Roel Kluin authored
Fixes priority mistakes similar to '!x & y' Signed-off-by:
-
Mauro Carvalho Chehab authored
This patch (as1000) sets the SCSI allow_restart flag for USB disk devices. In theory this should never hurt, and there definitely are devices out there (such as the Seagate 250-GB external drive) which need the flag to be set. Signed-off-by:
Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by:
-
