summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-09-20Revert: "Staging: batman-adv: Adding netfilter-bridge hooks"Sven Eckelmann2-19/+2
This reverts commit 96d592ed599434d2d5f339a1d282871bc6377d2c. The netfilter hook seems to be misused and may leak skbs in situations when NF_HOOK returns NF_STOLEN. It may not filter everything as expected. Also the ethernet bridge tables are not yet capable to understand batman-adv packet correctly. It was only added for testing purposes and can be removed again. Reported-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Sven Eckelmann <sven.eckelmann@gmx.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-09-19Merge branch 'for-linus' of ↵Linus Torvalds13-131/+88
git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mattst88/alpha-2.6: alpha: deal with multiple simultaneously pending signals alpha: fix a 14 years old bug in sigreturn tracing alpha: unb0rk sigsuspend() and rt_sigsuspend() alpha: belated ERESTART_RESTARTBLOCK race fix alpha: Shift perf event pending work earlier in timer interrupt alpha: wire up fanotify and prlimit64 syscalls alpha: kill big kernel lock alpha: fix build breakage in asm/cacheflush.h alpha: remove unnecessary cast from void* in assignment. alpha: Use static const char * const where possible
2010-09-19Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6Linus Torvalds1-9/+3
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6: ide: Fix ordering of procfs registry.
2010-09-19Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6Linus Torvalds22-35/+136
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (21 commits) dca: disable dca on IOAT ver.3.0 multiple-IOH platforms netpoll: Disable IRQ around RCU dereference in netpoll_rx sctp: Do not reset the packet during sctp_packet_config(). net/llc: storing negative error codes in unsigned short MAINTAINERS: move atlx discussions to netdev drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory drivers/net/eql.c: prevent reading uninitialized stack memory drivers/net/usb/hso.c: prevent reading uninitialized memory xfrm: dont assume rcu_read_lock in xfrm_output_one() r8169: Handle rxfifo errors on 8168 chips 3c59x: Remove atomic context inside vortex_{set|get}_wol tcp: Prevent overzealous packetization by SWS logic. net: RPS needs to depend upon USE_GENERIC_SMP_HELPERS phylib: fix PAL state machine restart on resume net: use rcu_barrier() in rollback_registered_many bonding: correctly process non-linear skbs ipv4: enable getsockopt() for IP_NODEFRAG ipv4: force_igmp_version ignored when a IGMPv3 query received ppp: potential NULL dereference in ppp_mp_explode() net/llc: make opt unsigned in llc_ui_setsockopt() ...
2010-09-19Merge branch 's5p-fixes-for-linus' of ↵Linus Torvalds9-66/+107
git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung * 's5p-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung: ARM: S3C64XX: Add IORESOURCE_IRQ_HIGHLEVEL flag to dm9000 on mach-real6410 ARM: S3C64XX: Fix coding style errors on mach-real6410 ARM: S3C64XX: Prototype SPI devices ARM: S3C64XX: Fix dev-spi build ARM: SAMSUNG: Fix on s5p_gpio_[get,set]_drvstr ARM: SAMSUNG: Fix on drive strength value ARM: S5PV210: Add FIMC clocks ARM: S5PV210: Reduce the iodesc length of systimer ARM: S5PV210: Update I2C-1 Clock Register Property. ARM: S5P: Decrease IO Registers memory region size on FIMC ARM: S5P: Fix DMA coherent mask for FIMC
2010-09-19Coda: mount hangs because of missed REQ_WRITE renameJan Harkes1-2/+2
Coda's REQ_* defines were renamed to avoid clashes with the block layer (commit 4aeefdc69f7b: "coda: fixup clash with block layer REQ_* defines"). However one was missed and response messages are no longer matched with requests and waiting threads are no longer woken up. This patch fixes this. Signed-off-by: Jan Harkes <jaharkes@cs.cmu.edu> [ Also fixed up whitespace while at it -Linus ] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-18alpha: deal with multiple simultaneously pending signalsAl Viro1-5/+11
Unlike the other targets, alpha sets _one_ sigframe and buggers off until the next syscall/interrupt, even if more signals are pending. It leads to quite a few unpleasant inconsistencies, starting with SIGSEGV potentially arriving not where it should and including e.g. mess with sigsuspend(); consider two pending signals blocked until sigsuspend() unblocks them. We pick the first one; then, if we are hit by interrupt while in the handler, we process the second one as well. If we are not, and if no syscalls had been made, we get out of the first handler and leave the second signal pending; normally sigreturn() would've picked it anyway, but here it starts with restoring the original mask and voila - the second signal is blocked again. On everything else we get both delivered consistently. It's actually easy to fix; the only thing to watch out for is prevention of double syscall restart. Fortunately, the idea I've nicked from arm fix by rmk works just fine... Testcase demonstrating the behaviour in question; on alpha we get one or both flags set (usually one), on everything else both are always set. #include <signal.h> #include <stdio.h> int had1, had2; void f1(int sig) { had1 = 1; } void f2(int sig) { had2 = 1; } main() { sigset_t set1, set2; sigemptyset(&set1); sigemptyset(&set2); sigaddset(&set2, 1); sigaddset(&set2, 2); signal(1, f1); signal(2, f2); sigprocmask(SIG_SETMASK, &set2, NULL); raise(1); raise(2); sigsuspend(&set1); printf("had1:%d had2:%d\n", had1, had2); } Tested-by: Michael Cree <mcree@orcon.net.nz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: fix a 14 years old bug in sigreturn tracingAl Viro1-2/+11
The way sigreturn() is implemented on alpha breaks PTRACE_SYSCALL, all way back to 1.3.95 when alpha has grown PTRACE_SYSCALL support. What happens is direct return to ret_from_syscall, in order to bypass mangling of a3 (error indicator) and prevent other mutilations of registers (e.g. by syscall restart). That's fine, but... the entire TIF_SYSCALL_TRACE codepath is kept separate on alpha and post-syscall stopping/notifying the tracer is after the syscall. And the normal path we are forcibly switching to doesn't have it. So we end up with *one* stop in traced sigreturn() vs. two in other syscalls. And yes, strace is visibly broken by that; try to strace the following #include <signal.h> #include <stdio.h> void f(int sig) {} main() { signal(SIGHUP, f); raise(SIGHUP); write(1, "eeeek\n", 6); } and watch the show. The close(1) = 405 in the end of strace output is coming from return value of write() (6 == __NR_close on alpha) and syscall number of exit_group() (__NR_exit_group == 405 there). The fix is fairly simple - the only thing we end up missing is the call of syscall_trace() and we can tell whether we'd been called from the SYSCALL_TRACE path by checking ra value. Since we are setting the switch_stack up (that's what sys_sigreturn() does), we have the right environment for calling syscall_trace() - just before we call undo_switch_stack() and return. Since undo_switch_stack() will overwrite s0 anyway, we can use it to store the result of "has it been called from SYSCALL_TRACE path?" check. The same thing applies in rt_sigreturn(). Tested-by: Michael Cree <mcree@orcon.net.nz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: unb0rk sigsuspend() and rt_sigsuspend()Al Viro3-69/+2
Old code used to set regs->r0 and regs->r19 to force the right return value. Leaving that after switch to ERESTARTNOHAND was a Bad Idea(tm), since now that screws the restart - if we hit the case when get_signal_to_deliver() returns 0, we will step back to syscall insn, with v0 set to EINTR and a3 to 1. The latter won't matter, since EINTR is 4, aka __NR_write. Testcase: #include <signal.h> #define _GNU_SOURCE #include <unistd.h> #include <sys/syscall.h> main() { sigset_t mask; sigemptyset(&mask); sigaddset(&mask, SIGCONT); sigprocmask(SIG_SETMASK, &mask, NULL); kill(0, SIGCONT); syscall(__NR_sigsuspend, 1, "b0rken\n", 7); } results on alpha in immediate message to stdout... Fix is obvious; moreover, since we don't need regs anymore, we can switch to normal prototypes for these guys and lose the wrappers. Even better, rt_sigsuspend() is identical to generic version in kernel/signal.c now. Tested-by: Michael Cree <mcree@orcon.net.nz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: belated ERESTART_RESTARTBLOCK race fixAl Viro1-1/+2
same thing as had been done on other targets back in 2003 - move setting ->restart_block.fn into {rt_,}sigreturn(). Tested-by: Michael Cree <mcree@orcon.net.nz> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: Shift perf event pending work earlier in timer interruptMichael Cree1-5/+5
Pending work from the performance event subsystem is executed in the timer interrupt. This patch shifts the call to perf_event_do_pending() before the call to update_process_times() as the latter may call back into the perf event subsystem and it is prudent to have the pending work executed first. Signed-off-by: Michael Cree <mcree@orcon.net.nz> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: wire up fanotify and prlimit64 syscallsMikael Pettersson2-1/+7
The 2.6.36-rc kernel added three new system calls: fanotify_init, fanotify_mark, and prlimit64. This patch wires them up on Alpha. Built and booted on an XP900. Untested beyond that. Signed-off-by: Mikael Pettersson <mikpe@it.uu.se> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: kill big kernel lockArnd Bergmann2-8/+0
All uses of the BKL on alpha are totally bogus, nothing is really protected by this. Remove the remaining users so we don't have to mark alpha as 'depends on BKL'. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: linux-alpha@vger.kernel.org Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: fix build breakage in asm/cacheflush.hTejun Heo1-0/+2
Alpha SMP flush_icache_user_range() is implemented as an inline function inside include/asm/cacheflush.h. It dereferences @current but doesn't include linux/sched.h and thus causes build failure if linux/sched.h wasn't included previously. Fix it by including the needed header file explicitly. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: remove unnecessary cast from void* in assignment.matt mooney2-2/+2
Acked-by: Jan-Benedict Glaw <jbglaw@lug-owl.de> Signed-off-by: matt mooney <mfm@muteddisk.com> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-18alpha: Use static const char * const where possibleJoe Perches4-38/+46
Acked-by: Richard Henderson <rth@twiddle.net> Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: Matt Turner <mattst88@gmail.com>
2010-09-17dca: disable dca on IOAT ver.3.0 multiple-IOH platformsSosnowski, Maciej1-6/+79
Direct Cache Access is not supported on IOAT ver.3.0 multiple-IOH platforms. This patch blocks registering of dca providers when multiple IOH detected with IOAT ver.3.0. Signed-off-by: Maciej Sosnowski <maciej.sosnowski@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-18ARM: S3C64XX: Add IORESOURCE_IRQ_HIGHLEVEL flag to dm9000 on mach-real6410Darius Augulis1-1/+1
Add IORESOURCE_IRQ_HIGHLEVEL irq flag to dm9000 driver platform data in board mach-real6410. Signed-off-by: Darius Augulis <augulis.darius@gmail.com> [kgene.kim@samsung.com: minor title fix] Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
2010-09-18ARM: S3C64XX: Fix coding style errors on mach-real6410Darius Augulis1-52/+52
Fix errors reported by checkpatch.pl script Signed-off-by: Darius Augulis <augulis.darius@gmail.com> [kgene.kim@samsung.com: minor title fix] Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
2010-09-18ARM: S3C64XX: Prototype SPI devicesMark Brown1-0/+1
Avoids build warnings due to the undeclared non-statics. Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com> Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
2010-09-17netpoll: Disable IRQ around RCU dereference in netpoll_rxHerbert Xu1-4/+4
We cannot use rcu_dereference_bh safely in netpoll_rx as we may be called with IRQs disabled. We could however simply disable IRQs as that too causes BH to be disabled and is safe in either case. Thanks to John Linville for discovering this bug and providing a patch. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-17sctp: Do not reset the packet during sctp_packet_config().Vlad Yasevich1-1/+0
sctp_packet_config() is called when getting the packet ready for appending of chunks. The function should not touch the current state, since it's possible to ping-pong between two transports when sending, and that can result packet corruption followed by skb overlfow crash. Reported-by: Thomas Dreibholz <dreibh@iem.uni-due.de> Signed-off-by: Vlad Yasevich <vladislav.yasevich@hp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-17Merge branch 'for-linus' of ↵Linus Torvalds8-13/+43
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ALSA: pcm - Fix race with proc files ALSA: pcm - Fix unbalanced pm_qos_request ALSA: HDA: Enable internal speaker on Dell M101z ALSA: patch_nvhdmi.c: Fix supported sample rate list. sound: Remove pr_<level> uses of KERN_<level> ALSA: hda - Add quirk for Toshiba C650D using a Conexant CX20585 ALSA: hda_intel: ALSA HD Audio patch for Intel Patsburg DeviceIDs
2010-09-17Merge branch 'hwmon-for-linus' of ↵Linus Torvalds9-42/+50
git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging * 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: hwmon: (lm95241) Replace rate sysfs attribute with update_interval hwmon: (adm1031) Replace update_rate sysfs attribute with update_interval hwmon: (w83627ehf) Use proper exit sequence hwmon: (emc1403) Remove unnecessary hwmon_device_unregister hwmon: (f75375s) Do not overwrite values read from registers hwmon: (f75375s) Shift control mode to the correct bit position hwmon: New subsystem maintainers hwmon: (lis3lv02d) Prevent NULL pointer dereference
2010-09-17Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-fixesLinus Torvalds1-1/+1
* git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-fixes: GFS2: gfs2_logd should be using interruptible waits
2010-09-17Merge branch 'for-linus' of ↵Linus Torvalds2-1/+2
git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6: firewire: nosy: fix build when CONFIG_FIREWIRE=N firewire: ohci: activate cycle timer register quirk on Ricoh chips
2010-09-17Merge branch 'for-linus' of git://neil.brown.name/mdLinus Torvalds1-2/+4
* 'for-linus' of git://neil.brown.name/md: md: fix v1.x metadata update when a disk is missing. md: call md_update_sb even for 'external' metadata arrays.
2010-09-17arm: fix really nasty sigreturn bugAl Viro1-0/+2
If a signal hits us outside of a syscall and another gets delivered when we are in sigreturn (e.g. because it had been in sa_mask for the first one and got sent to us while we'd been in the first handler), we have a chance of returning from the second handler to location one insn prior to where we ought to return. If r0 happens to contain -513 (-ERESTARTNOINTR), sigreturn will get confused into doing restart syscall song and dance. Incredible joy to debug, since it manifests as random, infrequent and very hard to reproduce double execution of instructions in userland code... The fix is simple - mark it "don't bother with restarts" in wrapper, i.e. set r8 to 0 in sys_sigreturn and sys_rt_sigreturn wrappers, suppressing the syscall restart handling on return from these guys. They can't legitimately return a restart-worthy error anyway. Testcase: #include <unistd.h> #include <signal.h> #include <stdlib.h> #include <sys/time.h> #include <errno.h> void f(int n) { __asm__ __volatile__( "ldr r0, [%0]\n" "b 1f\n" "b 2f\n" "1:b .\n" "2:\n" : : "r"(&n)); } void handler1(int sig) { } void handler2(int sig) { raise(1); } void handler3(int sig) { exit(0); } main() { struct sigaction s = {.sa_handler = handler2}; struct itimerval t1 = { .it_value = {1} }; struct itimerval t2 = { .it_value = {2} }; signal(1, handler1); sigemptyset(&s.sa_mask); sigaddset(&s.sa_mask, 1); sigaction(SIGALRM, &s, NULL); signal(SIGVTALRM, handler3); setitimer(ITIMER_REAL, &t1, NULL); setitimer(ITIMER_VIRTUAL, &t2, NULL); f(-513); /* -ERESTARTNOINTR */ write(1, "buggered\n", 9); return 1; } Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Acked-by: Russell King <rmk+kernel@arm.linux.org.uk> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-09-17Merge branch 'fix/hda' into for-linusTakashi Iwai4-1/+15
2010-09-17hwmon: (lm95241) Replace rate sysfs attribute with update_intervalGuenter Roeck1-10/+11
update_interval is the matching attribute defined in the hwmon sysfs ABI. Use it. Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Signed-off-by: Jean Delvare <khali@linux-fr.org>
2010-09-17hwmon: (adm1031) Replace update_rate sysfs attribute with update_intervalGuenter Roeck2-23/+27
The attribute reflects an interval, not a rate. Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com> Acked-by: Ira W. Snyder <iws@ovro.caltech.edu> Signed-off-by: Jean Delvare <khali@linux-fr.org>
2010-09-17hwmon: (w83627ehf) Use proper exit sequenceJonas Jonsson1-0/+1
According to the datasheet for Winbond W83627DHG the proper way to exit the Extended Function Mode is to write 0xaa to the EFER(0x2e or 0x4e). Signed-off-by: Jonas Jonsson <jonas@ludd.ltu.se> Signed-off-by: Jean Delvare <khali@linux-fr.org>
2010-09-17hwmon: (emc1403) Remove unnecessary hwmon_device_unregisterYong Wang1-1/+0
It is unnecessary and wrong to call hwmon_device_unregister in error handling before hwmon_device_register is called. Signed-off-by: Yong Wang <yong.y.wang@intel.com> Reviewed-by: Guenter Roeck <guenter.roeck@ericsson.com> Cc: stable@kernel.org Signed-off-by: Jean Delvare <khali@linux-fr.org>
2010-09-17hwmon: (f75375s) Do not overwrite values read from registersGuillem Jover1-2/+2
All bits in the values read from registers to be used for the next write were getting overwritten, avoid doing so to not mess with the current configuration. Signed-off-by: Guillem Jover <guillem@hadrons.org> Cc: Riku Voipio <riku.voipio@iki.fi> Cc: stable@kernel.org Signed-off-by: Jean Delvare <khali@linux-fr.org>
2010-09-17hwmon: (f75375s) Shift control mode to the correct bit positionGuillem Jover1-1/+1
The spec notes that fan0 and fan1 control mode bits are located in bits 7-6 and 5-4 respectively, but the FAN_CTRL_MODE macro was making the bits shift by 5 instead of by 4. Signed-off-by: Guillem Jover <guillem@hadrons.org> Cc: Riku Voipio <riku.voipio@iki.fi> Cc: stable@kernel.org Signed-off-by: Jean Delvare <khali@linux-fr.org>
2010-09-17hwmon: New subsystem maintainersJean Delvare1-1/+4
Guenter Roeck volunteered to adopt the hwmon subsystem as long as he wasn't the only maintainer. As this was also my own condition, we can add the two of us as co-maintainers of the hwmon subsystem. Signed-off-by: Jean Delvare <khali@linux-fr.org> Acked-by: Guenter Roeck <guenter.roeck@ericsson.com>
2010-09-17hwmon: (lis3lv02d) Prevent NULL pointer dereferenceKuninori Morimoto2-4/+4
If CONFIG_PM was selected and lis3lv02d_platform_data was NULL, the kernel will be panic when halt command run. Reported-by: Yusuke Goda <yusuke.goda.sx@renesas.com> Signed-off-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com> Acked-by: Samu Onkalo <samu.p.onkalo@nokia.com> Sigend-off-by: Jean Delvare <khali@linux-fr.org>
2010-09-17GFS2: gfs2_logd should be using interruptible waitsSteven Whitehouse1-1/+1
Looks like this crept in, in a recent update. Reported-by: Krzysztof Urbaniak <urban@bash.org.pl> Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2010-09-16net/llc: storing negative error codes in unsigned shortDan Carpenter1-1/+1
If the alloc_skb() fails then we return 65431 instead of -ENOBUFS (-105). Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-16MAINTAINERS: move atlx discussions to netdevChris Snook1-1/+1
The atlx drivers are sufficiently mature that we no longer need a separate mailing list for them. Move the discussion to netdev, so we can decommission atl1-devel, which is now mostly spam. Signed-off-by: Chris Snook <chris.snook@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-16drivers/net/cxgb3/cxgb3_main.c: prevent reading uninitialized stack memoryDan Rosenberg1-0/+2
Fixed formatting (tabs and line breaks). The CHELSIO_GET_QSET_NUM device ioctl allows unprivileged users to read 4 bytes of uninitialized stack memory, because the "addr" member of the ch_reg struct declared on the stack in cxgb_extension_ioctl() is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-16drivers/net/eql.c: prevent reading uninitialized stack memoryDan Rosenberg1-0/+2
Fixed formatting (tabs and line breaks). The EQL_GETMASTRCFG device ioctl allows unprivileged users to read 16 bytes of uninitialized stack memory, because the "master_name" member of the master_config_t struct declared on the stack in eql_g_master_cfg() is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-16drivers/net/usb/hso.c: prevent reading uninitialized memoryDan Rosenberg1-0/+2
Fixed formatting (tabs and line breaks). The TIOCGICOUNT device ioctl allows unprivileged users to read uninitialized stack memory, because the "reserved" member of the serial_icounter_struct struct declared on the stack in hso_get_count() is not altered or zeroed before being copied back to the user. This patch takes care of it. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-16xfrm: dont assume rcu_read_lock in xfrm_output_one()Eric Dumazet1-1/+1
ip_local_out() is called with rcu_read_lock() held from ip_queue_xmit() but not from other call sites. Reported-and-bisected-by: Nick Bowler <nbowler@elliptictech.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-09-17md: fix v1.x metadata update when a disk is missing.NeilBrown1-1/+3
If an array with 1.x metadata is assembled with the last disk missing, md doesn't properly record the fact that the disk was missing. This is unlikely to cause a real problem as the event count will be different to the count on the missing disk so it won't be included in the array. However it could still cause confusion. So make sure we clear all the relevant slots, not just the early ones. Signed-off-by: NeilBrown <neilb@suse.de>
2010-09-17md: call md_update_sb even for 'external' metadata arrays.NeilBrown1-1/+1
Now that we depend on md_update_sb to clear variable bits in mddev->flags (rather than trying not to set them) it is important to always call md_update_sb when appropriate. md_check_recovery has this job but explicitly avoids it for ->external metadata arrays. This is not longer appropraite, or needed. However we do want to avoid taking the mddev lock if only MD_CHANGE_PENDING is set as that is not cleared by md_update_sb for external-metadata arrays. Reported-by: "Kwolek, Adam" <adam.kwolek@intel.com> Signed-off-by: NeilBrown <neilb@suse.de>
2010-09-16Merge branch 'x86-fixes-for-linus' of ↵Linus Torvalds6-39/+23
git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip * 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip: x86: hpet: Work around hardware stupidity x86, build: Disable -fPIE when compiling with CONFIG_CC_STACKPROTECTOR=y x86, cpufeature: Suppress compiler warning with gcc 3.x x86, UV: Fix initialization of max_pnode
2010-09-17firewire: nosy: fix build when CONFIG_FIREWIRE=NStefan Richter1-1/+1
drivers/firewire/nosy* is a stand-alone driver that does not depend on CONFIG_FIREWIRE. Hence let make descend into drivers/firewire/ also if that option is off. The stand-alone driver drivers/ieee1394/init_ohci1394_dma* will soon be moved into drivers/firewire/ too and will require the same makefile fix. Side effect: As mentioned in https://bugzilla.novell.com/show_bug.cgi?id=586172#c24 this influences the order in which either firewire-ohci or ohci1394 is going to be bound to an OHCI-1394 controller in case of a modular build of both drivers if no modprobe blacklist entries are configured. However, a user of such a setup cannot expect deterministic behavior anyway. The Kconfig help and the migration guide at ieee1394.wiki.kernel.org recommend blacklist entries when a dual IEEE 1394 stack build is being used. (The coexistence period of the two stacks is planned to end soon.) Cc: Michal Marek <mmarek@suse.cz> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-09-16ALSA: pcm - Fix race with proc filesTakashi Iwai1-9/+24
The PCM proc files may open a race against substream close, which can end up with an Oops. Use the open_mutex to protect for it. Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-09-16ALSA: pcm - Fix unbalanced pm_qos_requestTakashi Iwai1-0/+2
The pm_qos_request isn't freed properly when OSS PCM emulation is used because it skips snd_pcm_hw_free() call but directly releases the stream. This resulted in Oops later. Tested-by: Simon Kirby <sim@hostway.ca> Signed-off-by: Takashi Iwai <tiwai@suse.de>