Age | Commit message (Collapse) | Author | Files | Lines |
|
In usr/gen_init_cpio.c::cpio_mkfile() a call to stat() is made based on
pathname, subsequently the file is open()'ed and then the value of the
initial stat() call is used to allocate a buffer. This is not safe since
the file may change between the call to stat() and the call to open().
Safer to just open() the file and then do fstat() using the filedescriptor
returned by open.
Signed-off-by: Jesper Juhl <jj@chaosbits.net>
Acked-by: Jeff Garzik <jgarzik@redhat.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
This patch fixes a segfault in modpost that is observed when the gold
linker is used to link the input objects.
The problem is that reloc_location (modpost.c) is computing the
address of the relocation target incorrectly. Here, elf->hdr points
to the beginning of the ELF file in memory, sechdr points to the
relocation section header, section is the index of the section
being relocated, and sechdrs[section].sh_offset would be the offset
of that section, relative to the beginning of the ELF file. Adding
elf->hdr + sechdrs[section].sh_offset gives you the address of the
beginning of the section, and adding r->r_offset to that gives you the
address of the location to be relocated. You do not need to subtract
sechdrs[section].sh_addr from that -- the result of this is an address
outside the file, and causes the segfault when addend_386_rel tries to
dereference it.
This bug is not observed when GNU ld is used to link the inputs. The
object file ubuntu/omnibook/omnibook.o is the result of an ld -r of
several other files. When GNU ld does an ld -r, it sets the vaddr
field for each section to 0, but gold lays out the section addresses
sequentially instead:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 00000000 000034 004794 00 AX 0 0 4
[ 2] .data PROGBITS 0000b9d0 0047c8 0009c0 00 WA 0 0 4
[ 3] .bss NOBITS 000162f8 005188 00013c 00 WA 0 0 4
[ 4] .rodata.str1.1 PROGBITS 00004f2d 0052c4 001b1a 01 AMS 0 0 1
[ 5] .init.text PROGBITS 00004794 006dde 0005fa 00 AX 0 0 1
[ 6] .exit.text PROGBITS 00004d8e 0073d8 00018a 00 AX 0 0 1
...
So the bug in the tool remained undiscovered because the section's vaddr
always happened to be 0.
Signed-off-by: Raymes Khoury <raymes@google.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
Also add missing error handling to fstat call
Signed-off-by: Ben Gamari <bgamari.foss@gmail.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
The usage help in the comments
- refers to the wrong script name,
- doesn't mention that $srctree must be set.
Hence correct the script name, and derive the source tree path from the script
path, so we no longer need to rely on $srctree being set by the caller.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
"as --compress-debug-sections" will generate compressed debug sections
with section names ".zdebug*". This patch puts .zdebug* section on
white list.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
If you try to build a kernel with KCONFIG_CONFIG set (to a value
not equal to .config) and that config sets CONFIG_IKCONFIG then the
build will fail with:
make[1]: *** No rule to make target `.config', needed by \
`kernel/config_data.gz'. Stop.
because the kernel/Makefile contains a direct reference to .config.
This issue has been present since the introduction of KCONFIG_CONFIG
in 14cdd3c402bf7c66f0bcd76e290f0770a54a4b21.
Signed-off-by: Ben Gardiner <bengardiner@nanometrics.ca>
CC: Roman Zippel <zippel@linux-m68k.org>
CC: Michal Marek <mmarek@suse.cz>
Reviewed-by: Michal Marek <mmarek@suse.cz>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
Export linux/a.out.h, linux/kvm.h and linux/kvm_para.h on
headers_install_all if at least one architecture has appropriate files
in arch-dependent headers.
Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
Using HDR_ARCH_LIST you can specify subset of architectures you want to get
headers for.
Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
If unifdef fails for any reason (like segfaulting), we should be aborting
the install steps. So check its exit status in this unlikely scenario.
Reported-by: Diego Elio Pettenò <flameeyes@gentoo.org>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
When we extracted the generated cpio archive using "cpio -id" command,
it complained,
cpio: Removing leading `/' from member names
var/run
cpio: Removing leading `/' from member names
var/lib
cpio: Removing leading `/' from member names
var/lib/misc
It is worse with the latest "cpio" or "pax", which tries to overwrite
the host file system with the leading '/'.
So the leading '/' of file names should be removed. This is consistent
with the initramfs come with major distributions such as Fedora or
Debian, etc.
Signed-off-by: Thomas Chou <thomas@wytron.com.tw>
Acked-by: Mike Frysinger<vapier@gentoo.org>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
FreeBSD does not like <malloc.h> when __STDC__ is defined, use the standard
<stdlib.h> instead.
Signed-off-by: Arnaud Lacombe <lacombar@gmail.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
I noticed fixdep uses ~2% of cpu time in kernel build, in function
use_config()
fixdep spends a lot of cpu cycles in linear searches in its internal
string array. With about 400 stored strings per dep file, this begins to
be noticeable.
Convert fixdep to use a hash table.
kbuild results on my x86_64 allmodconfig
Before patch :
real 10m30.414s
user 61m51.456s
sys 8m28.200s
real 10m12.334s
user 61m50.236s
sys 8m30.448s
real 10m42.947s
user 61m50.028s
sys 8m32.380s
After:
real 10m8.180s
user 61m22.506s
sys 8m32.384s
real 10m35.039s
user 61m21.654s
sys 8m32.212s
real 10m14.487s
user 61m23.498s
sys 8m32.312s
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
|
|
|
|
Signed-off-by: Jesper Nilsson <jesper.nilsson@axis.com>
|
|
This fixes an erroneous use of LSB first in the U300 machine, the
PL022 used in U300 is a standard ARM core that doesn't support this
bit so it should never have been set.
Cc: Kevin Wells <wellsk40@gmail.com>OA
Signed-off-by: Linus Walleij <linus.walleij@stericsson.com>
Signed-off-by: Grant Likely <grant.likely@secretlab.ca>
|
|
We were forgetting to set up proper return value in success path causing
ir_getkeycode() to fail intermittently:
drivers/media/IR/ir-keytable.c: In function 'ir_getkeycode':
drivers/media/IR/ir-keytable.c:363: warning: 'retval' may be used
uninitialized in this function
Reported-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
These are the extra 'Integrated Device Function' SMBus controllers found
on the Patsburg chipset. Mention the absence of slave mode support.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
|
|
It's poor form to keep driver state in global variables rather than
per-instance. It never really mattered in practice when there was only
one controller on the chipset, but the latest chipsets do have more
than one controller, so now we care.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
|
|
Add support for the Intel Patsburg PCH SMBus Controller.
Signed-off-by: Seth Heasley <seth.heasley@intel.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
|
|
There are no users left for I2C_CLASS_TV_ANALOG and
I2C_CLASS_TV_DIGITAL, so we can get rid of them.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
|
|
Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
|
|
This one was only used for a nasty hack in nfsd, which has recently
been removed.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The caller allocated it, the caller should free it.
The only issue so far is that we could change the flp pointer even on an
error return if the fl_change callback failed. But we can simply move
the flp assignment after the fl_change invocation, as the callers don't
care about the flp return value if the setlease call failed.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Commit ffe8018c3424 ("initramfs: fix initramfs size calculation") broke
32-bit big-endian arches like (on ARAnyM):
VFS: Cannot open root device "hda1" or unknown-block(3,1)
Please append a correct "root=" boot option; here are the available partitions:
fe80 1059408 nfhd8 (driver?)
fe81 921600 nfhd8p1 00000000-0000-0000-0000-000000000nfhd8p1
fe82 137807 nfhd8p2 00000000-0000-0000-0000-000000000nfhd8p2
0200 3280 fd0 (driver?)
0201 3280 fd1 (driver?)
0300 1059408 hda driver: ide-gd
0301 921600 hda1 00000000-0000-0000-0000-000000000hda1
0302 137807 hda2 00000000-0000-0000-0000-000000000hda2
Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(3,1)
As pointed out by Kerstin Jonsson <kerstin.jonsson@ericsson.com>, this
is due to CONFIG_32BIT not being defined, so the initramfs size field is
done as a 64-bit quad. On little-endian (like x86) this doesn matter,
but on a big-endian machine the 32-bit reads will see the (zero) high
bits.
Only mips, s390, and score set CONFIG_32BIT for 32-bit builds, so fix it for
all other 32-bit arches by inverting the logic and testing for CONFIG_64BIT,
which should be defined on all 64-bit arches.
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
[ I think we should just make it "u64" on all architectures and get
rid of the whole #ifdef CONFIG_xxBIT - Linus ]
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The NFSv4 server was initializing the dp->dl_flock pointer by the
somewhat ridiculous method of a locks_copy_lock callback.
Now that setlease uses the passed-in lock instead of doing a copy,
dl_flock no longer gets set, resulting in the lock leaking on delegation
release, and later possible hangs (among other problems).
So, initialize dl_flock and get rid of the callback.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
We modified setlease to require the caller to allocate the new lease in
the case of creating a new lease, but forgot to fix up the filesystem
methods.
Cc: Steven Whitehouse <swhiteho@redhat.com>
Cc: Steve French <sfrench@samba.org>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
We're depending on setlease to free the passed-in lease on failure.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Removing a lock shouldn't require any allocations; a failure due to
ENOMEM leaves the caller with a choice between retrying or giving up and
leaking an unused lease.
Next we should split the other lease calls into add and delete cases.
I wanted to start with just the bugfix.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The input-large-scancode patches changed the binary search in
drivers/media/IR/ir-keytable.c to use unsigned integers, but
signed integers are actually necessary for the algorithm to work.
Signed-off-by: David Härdeman <david@hardeman.nu>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
Structure mISDN_devinfo is copied to userland with the field "name"
that has the last elements unitialized. It leads to leaking of
contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
My old mail address doesn't exist anymore. This changes all occurrences
to my new address.
Signed-off-by: Hans J. Koch <hjk@hansjkoch.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
pcnet_cs:
add new_id: "corega Ether CF-TD" 10Base-T PCMCIA card.
Signed-off-by: Ken Kawasaki <ken_kawasaki@spring.nifty.jp>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Even with the previous fix, we still are reading the iovecs once
to determine SGs needed, and then again later on. Preallocating
space for sg lists as part of rds_message seemed like a good idea
but it might be better to not do this. While working to redo that
code, this patch attempts to protect against userspace rewriting
the rds_iovec array between the first and second accesses.
The consequences of this would be either a too-small or too-large
sg list array. Too large is not an issue. This patch changes all
callers of message_alloc_sgs to handle running out of preallocated
sgs, and fail gracefully.
Signed-off-by: Andy Grover <andy.grover@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Change rds_rdma_pages to take a passed-in rds_iovec array instead
of doing copy_from_user itself.
Change rds_cmsg_rdma_args to copy rds_iovec array once only. This
eliminates the possibility of userspace changing it after our
sanity checks.
Implement stack-based storage for small numbers of iovecs, based
on net/socket.c, to save an alloc in the extremely common case.
Although this patch reduces iovec copies in cmsg_rdma_args to 1,
we still do another one in rds_rdma_extra_size. Getting rid of
that one will be trickier, so it'll be a separate patch.
Signed-off-by: Andy Grover <andy.grover@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
We don't need to set ret = 0 at the end -- it's initialized to 0.
Also, don't increment s_send_rdma stat if we're exiting with an
error.
Signed-off-by: Andy Grover <andy.grover@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
rds_cmsg_rdma_args would still return success even if rds_rdma_pages
returned an error (or overflowed).
Signed-off-by: Andy Grover <andy.grover@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
As reported by Thomas Pollet, the rdma page counting can overflow. We
get the rdma sizes in 64-bit unsigned entities, but then limit it to
UINT_MAX bytes and shift them down to pages (so with a possible "+1" for
an unaligned address).
So each individual page count fits comfortably in an 'unsigned int' (not
even close to overflowing into signed), but as they are added up, they
might end up resulting in a signed return value. Which would be wrong.
Catch the case of tot_pages turning negative, and return the appropriate
error code.
Reported-by: Thomas Pollet <thomas.pollet@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andy Grover <andy.grover@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch fixes the following section mismatch warning:
WARNING: drivers/net/can/pch_can.o(.data+0x18):
Section mismatch in reference from the variable pch_can_pcidev
to the variable .devinit.rodata:pch_pci_tbl
The variable pch_can_pcidev references
the variable __devinitconst pch_pci_tbl
This is actually a false positive which is fixed by giving the offending
variable a whitelisted name, it's renamed to "pch_can_pci_driver".
This makes sense because the variable is of the type "struct pci_driver".
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
This patch fixes the following sparse warning:
drivers/net/can/pch_can.c:231:26: warning: incorrect type in argument 1 (different address spaces)
drivers/net/can/pch_can.c:231:26: expected unsigned int [usertype] *addr
drivers/net/can/pch_can.c:231:26: got unsigned int [noderef] <asn:2>*<noident>
Let pch_can_bit_{set,clear} first parameter be a void __iomem pointer.
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
We should not stop the egress queue during probe because it is wrong.
Signed-off-by: Denis Kirjanov <dkirjanov@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Before making the fallback tunnel visible to lookups, we should make
sure it is completely setup, once ipgre_tunnel_init() had been called
and tstats per_cpu pointer allocated.
move rcu_assign_pointer(ign->tunnels_wc[0], tunnel); from
ipgre_fb_tunnel_init() to ipgre_init_net()
Based on a patch from Pavel Emelyanov
Reported-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Noticed by sparse:
drivers/net/vmxnet3/vmxnet3_drv.c:876:38: warning: cast from restricted __be16
drivers/net/vmxnet3/vmxnet3_drv.c:876:38: warning: cast from restricted __be16
drivers/net/vmxnet3/vmxnet3_drv.c:876:24: warning: restricted __be16 degrades to integer
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
readl/writel swap to little-endian internally.
Signed-off-by: Harvey Harrison <harvey.harrison@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
commit a18135eb9389 (Add UDP_MIB_{SND,RCV}BUFERRORS handling.)
forgot to make the necessary changes in net/ipv6/proc.c to report
additional counters in /proc/net/snmp6
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
In fsnotify_open() ensure that FMODE_NONOTIFY is never set by userspace.
Also always call fsnotify_parent and fsnotify.
Signed-off-by: Lino Sanfilippo <LinoSanfilippo@gmx.de>
Signed-off-by: Eric Paris <eparis@redhat.com>
|
|
In fanotify_read() return -ERESTARTSYS instead of -EINTR to
make read() restartable across signals (BSD semantic).
Signed-off-by: Eric Paris <eparis@redhat.com>
|
|
The btrfs merge looks like hell, because it changes fs-writeback.c, and
the crazy code has this repeated "estimate number of dirty pages"
counting that involves three different helper functions. And it's done
in two different places.
Just unify that whole calculation as a "get_nr_dirty_pages()" helper
function, and the merge result will look half-way decent.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The shmid_ds structure is copied to userland with shm_unused{,2,3}
fields unitialized. It leads to leaking of contents of kernel stack
memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com>
Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
|
The definition of PAGE_CACHE_MASK in <linux/pagemap.h> is needed to use
MAX_RW_COUNT, and on x86-64 that gets done indirectly through the
architecture header includes. But on MIPS and s390 that doesn't happen,
and we need to make sure that fs/compat.c includes pagemap.h explicitly.
Introduced in commit 435f49a518c7 ("readv/writev: do the same
MAX_RW_COUNT truncation that read/write does").
Reported-by: Sachin Sant <sachinp@in.ibm.com> (S390)
Reported-by: wu zhangjin <wuzhangjin@gmail.com> (MIPS)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|