usblcd currently has no way to limit memory consumption by fast writers.
This is a security problem, as it allows users with write access to this
device to drive the system into oom despite resource limits.
Here's the fix taken from the modern skeleton driver.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
this is a classical memory leak in the ioctl handler. The buffer is simply
never freed. This fixes it the obvious way.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
you are submitting an URB with GFP_KERNEL holding a spinlock.
In this case the spinlock can be dropped earlier.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
Cc: Al Borchers <alborchers@steinerpoint.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
New changes in the signal-handling code require compensating changes
in g_file_storage. This patch (as913) by Oleg Nesterov makes the
code use allow_signal() instead of sigprocmask().
From: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This fixes a bug which can cause corruption of the floating-point state
on return from a signal handler. If we have a signal handler that has
used the floating-point registers, and it happens to context-switch to
another task while copying the interrupted floating-point state from the
user stack into the thread struct (e.g. because of a page fault, or
because it gets preempted), the context switch code will think that the
FP registers contain valid FP state that needs to be copied into the
thread_struct, and will thus overwrite the values that the signal return
code has put into the thread_struct.
This can occur because we clear the MSR bits that indicate the presence
of valid FP state after copying the state into the thread_struct. To fix
this we just move the clearing of the MSR bits to before the copy. A
similar potential problem also occurs with the Altivec state, and this
fixes that in the same way.
Signed-off-by: Paul Mackerras <paulus@samba.org>
Consider the prototype for gettimeofday():
int gettimofday(struct timeval *tv, struct timezone *tz);
Although it is valid to call with /either/ tv or tz being NULL, and
the C version of sys_gettimeofday() supports this, the current version
of gettimeofday() in the VDSO will SEGV if called with a NULL tv.
This adds a check for tv being NULL so that it doesn't SEGV.
Signed-off-by: Tony Breeds <tony@bakeyournoodle.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Update the g5_defconfig with default settings.
This is to keep things up to date, and specifically to ensure that the
CONFIG_MACINTOSH_DRIVERS option is enabled. This also turns on
CONFIG_MSI.
Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com>
cc: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Switch from send_sig to force_sig and do not allow signal for this
background thread (the signal is needed to wakeup the thread when
blocked in the network stack).
Signed-off-by: Jeff Layton <jlayton@readhat.com>
Signed-off-by: Steve French <sfrench@us.ibm.com>
wrmsrl() is broken, dropping the upper 32bits of the value to be
written. This broke the NMI watchdog on AMD hardware. (and it
probably broke other code too.)
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
In the arch/arm/boot/compressed/head.S file, the contents of the
literal pool accumulated during the relocatable code must be dumped
before reloc_end.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Add silicon revision "any" and "none". Add proper -mcpu option according
to the cpu and silicon revision configuration.
Need update to use latest Blackfin cross compile toolchain.
Signed-off-by: Jie Zhang <jie.zhang@analog.com>
Signed-off-by: Mike Frysinger <michael.frysinger@analog.com>
Signed-off-by: Bryan Wu <bryan.wu@analog.com>
On Power machines supporting VRMA, Kexec/Kdump does not work.
VRMA (virtual real-mode area) means that accesses with IR/DR = 0
(i.e. the MMU "off") actually still go through the hash table,
using entries put there by the hypervisor.
This means that when we clear out the hash table on kexec, we need to
make sure these entries are left untouched.
This also adds plpar_pte_read_raw() on the lines of
plpar_pte_remove_raw().
Signed-off-by : Sachin Sant <sachinp@in.ibm.com>
Signed-off-by : Mohan Kumar M <mohan@in.ibm.com>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Acked-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
In some of the PPC970 based systems, interrupt would be distributed to
offline cpus also even when booted with "maxcpus=1". So check whether
cpu online map and cpu present map are equal or not. If they are equal
default_distrib_server is used as interrupt server otherwise boot cpu
(default_server) used as interrupt server.
In addition to this, if an interrupt is assigned to a specific cpu (ie
smp affinity) and if that cpu is not online, the earlier code used to
return the default_distrib_server as interrupt server. This
introduces an additional parameter to the get_irq function, called
strict_check. Based on this parameter, if the cpu is not online
either default_distrib_server or -1 is returned.
Signed-off-by: Mohan Kumar M <mohan@in.ibm.com>
Cc: Michael Ellerman <michael@ellerman.id.au>
Acked-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
On pSeries the firmware features are not setup until ppc_md.init_early,
so we can't do the firmware feature sections fixups till after this.
Currently firmware feature sections is only used on iSeries which inits
the firmware features much earlier. This is a bug in waiting on
pSeries.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
For POWERPC, stolen time accounts for cycles lost to the hypervisor or
PURR cycles attributed to the other SMT thread. Hence, when a PURR is
available, we should still calculate stolen time, irrespective of being
virtualised.
Signed-off-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Specifying 'console=ttyMM0' on the cmdline for the prmpc2800 is no
longer necessary.
Signed-off-by: Mark A. Greer <mgreer@mvista.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
When a Marvell MPSC (serial controller) port is the specified
/chosen/stdout-path device, call 'add_preferred_console()' so the user
doesn't have to specify a 'console=ttyMMx' cmdline argument.
Signed-off-by: Mark A. Greer <mgreer@mvista.com>
Acked-by: Dale Farnsworth <dale@farnsworth.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
This patch adds irq_create_direct_mapping(). This routine is
an alternative to irq_create_mapping(), for irq controllers that
can use linux virq numbers directly as hardware numbers.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
A future patch will need the logic at the end of irq_create_mapping()
which setups a virq and installs it in the irq_map. So split it out
into a new function irq_setup_virq().
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Uninline virq_to_hw and export it so modules can use it. The alternative
would be to export the irq_map array instead, but it's an infrequently
called function, and keeping the array unexported seems considerably
cleaner.
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
The holly support currently has separate rules to wrap its device tree
with its zImage. This can now be done automatically without the extra
rules so update holly support to use the automatic feature.
Signed-off-by: Mark A. Greer <mgreer@mista.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
There are 2 config options that indicate whether the platform being built
has a device tree source file associated with it. Namely,
CONFIG_WANT_DEVICE_TREE and CONFIG_DEVICE_TREE. When CONFIG_WANT_DEVICE_TREE
is 'y' and CONFIG_DEVICE_TREE isn't an empty string, automatically wrap
the specified device tree with the zImage being built.
To achieve this, the 'dts' variable will only be set when the conditions
above are true. The changes to the zImage.initrd.% and zImage.% rules
cause the device tree to be wrapped when 'dts' is set; otherwise, they
will work as they previosly did (i.e., build a zImage with no device tree).
Signed-off-by: Mark A. Greer <mgreer@mvista.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Being able to selectively wrap a device tree with the zIimage at build
time has been deemed unnecessary, so this removes Makefile support for
that feature.
Signed-off-by: Mark A. Greer <mgreer@mvista.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Paul Mackerras <paulus@samba.org>
cpu_purr_data is a per-cpu array used to account for stolen time on
partitioned systems. It used to be the case that cpus accessed each
others' cpu_purr_data, so each entry was protected by a spinlock.
However, the code was reworked ("Simplify stolen time calculation")
with the result that each cpu accesses its own cpu_purr_data and not
those of other cpus. This means we can get rid of the spinlock as
long as we're careful to disable interrupts when accessing
cpu_purr_data in process context.
Signed-off-by: Nathan Lynch <ntl@pobox.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
With both generic rtc and powerpc timer suspend / resume code now in the
(powerpc.git) tree, powerpc platforms using the generic timer and enabling
power management will have timer.o linked in the kernel, which they don't
need. Moreover, it will likely WARN_ON(!ppc_md.get_rtc_time), save
zero-time and return no error on suspend...
As a possible solution we can choose not to build timer.o when RTC_CLASS
is enabled. However, I can imagine systems with 2 rtc's, one served by the
ppc-rtc, another one generic built as a module, in which case using the
ppc-rtc for suspend / resume will be impossible. Not to say, that such a
configuration would be ugly...
Signed-off-by: G. Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Glue code to hook up the pata_platform on the PA Semi Electra eval board.
CFE sets up device tree entries for the IDE interface, with device type
'ide' and compatible field 'electra-ide'.
We unfortunately need to modify the resources before calling the generic
platform driver, since the device tree only has one register window in
it and the driver expects two. Adding this as an of_platform driver
instead doesn't give us any benefit, it just adds one more layer of
register/probe functions.
Since CONFIG_PATA_PLATFORM depends on CONFIG_EMBEDDED, add that as a
default for PPC_PASEMI.
Signed-off-by: Olof Johansson <olof@lixom.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
This makes the timer sysdev use mktime instead of rtc_tm_to_time,
since rtc_tm_to_time just calls mktime anyway, and this means we
don't have a dependency on rtc-lib.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Paul Mackerras <paulus@samba.org>
With this, when kexec-ing, we copy the code and start the slaves on
their journey to the next kernel's spin loop as soon as we copy the
kexec image into place.
The kernel doesn't know exactly which slaves are spinning in
kexec_wait. This allows us to pass more than max-cpus to the
next kernel. But it also means that we might leave some behind.
Moving the code here means they have the time it takes us to
clear the hash table to wake up and move on. Moving the code
any earlier would reuqire walking the image description to
search for the code, which could span multiple pages.
Signed-off-by: Milton Miller <miltonm@bga.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>
The return value of futex_find_get_task() needs to be -ESRCH in case
that the search fails. This was part of the original futex fixes and
got accidentally dropped, when the futex-tidy-up patch was split out.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Stable Team <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[NET]: Make skb_seq_read unmap the last fragment
[NET]: Re-enable irqs before pushing pending DMA requests
[TCP] tcp_read_sock: Allow recv_actor() return return negative error value.
[PPP]: Fix osize too small errors when decoding mppe.
[PPP]: Revert 606f585e36
[TIPC]: Fix infinite loop in netlink handler
[SKBUFF]: Fix incorrect config #ifdef around skb_copy_secmark
[IPV4]: include sysctl.h from inetdevice.h
[IPV6] NDISC: Fix thinko to control Router Preference support.
[NETFILTER]: nfctnetlink: Don't allow to change helper
[NETFILTER]: nf_conntrack_sip: add missing message types containing RTP info
Register %ebx serves as the "global offset table base register" for
position-independent code. For absolute code, %ebx serves as a local
register and has no specified role in the function calling sequence. In
either case, a function must preserve the register value for the caller.
acpi_copy_wakeup_routine overrides %ebx without saving it, this may corrupt
the called data.
Kevin found that most time the value of Sx is saved in %esi, however
sometimes compiler also uses %ebx. When this happens, suspends fails since
sleep value in ebx is changed by acpi_copy_wakeup_routine.
The same funtion in X86_64 doesn't have this problem.
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Looks-okay-to: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Cc: Len Brown <lenb@kernel.org>
Acked-by: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Yan Zheng pointed out that ext2_remount lacks checking if -o xip should be
enabled or not. This patch checks for presence of direct_access on the
backing block device and if the blocksize meets the requirements.
Signed-off-by: Carsten Otte <cotte@de.ibm.com>
Cc: Yan Zheng <yanzheng@21cn.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Background:
When a userspace application wants to know about machine check events, it
opens /dev/mcelog and does a read(). Usually, we found that this interface
works well, but in some cases, when the system was taking large numbers of
machine check exceptions, the read() would hang. The system would output a
soft-lockup warning, and the daemon reading from /dev/mcelog would suck up
as much of a single CPU as it could spinning in system space.
Description:
This patch fixes this bug. In particular, there was a "continue" inside a
timeout loop that presumably was intended to break out of the outer loop,
but instead caused the inner loop to continue. This patch also makes the
condition for the break-out a little more evident by changing a
!time_before to a time_after_eq.
Result:
The read() no longer hangs in this test case.
Testing:
On my system, I could replicate the bug with the following command:
# for i in `seq 15000`; do ./inject_sbe.sh; done
where inject_sbe.sh contains commands to inject a single-bit error into the
next memory write transaction.
Patch:
This patch is against git f1518a088b.
Signed-off-by: Joshua Wise <jwise@google.com>
Signed-off-by: Tim Hockin <thockin@google.com>
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Update to checkpatch.pl v0.06. Of note:
- do { and else handled correctly as control structures for { matching
- trailing whitespace correctly tripped when line otherwise empty
- support for const, including const foo * const bar
- multiline macros defining values correctly reported
This version of checkpatch.pl can be found at the following URL:
http://www.kernel.org/pub/linux/kernel/people/apw/checkpatch/checkpatch.pl-0.06
Full Changelog:
Andy Whitcroft (14):
Version: 0.06
cleanup the Type regular expression declarations
fix up block counting
end of line counts as a space for ++ and --
do { needs the same checks as if, for et al
handle "const foo * const a" as a valid type
add spacing checks following ;
complete whitespace lines should trip trailing whitespace check
else is also a block control structure
badly formatted else can trip function declaration
detect and report trailing statements after else
types need to be terminated by a boundary
multiline macros defining values should be surrounded by parentheses
soften the wording of the Signed-off-by: warnings
Signed-off-by: Andy Whitcroft <apw@shadowen.org>
Cc: "Randy.Dunlap" <rdunlap@xenotime.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
MAX_ORDER is the first order that is not possible.
Use MAX_ORDER - 1 to calculate the larges possible object size in slab.h
Signed-off-by: Christoph Lameter <clameter@sgi.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
