summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2010-11-05KVM: PPC: e500: Call kvm_vcpu_uninit() before kvmppc_e500_tlb_uninit().Scott Wood
The VCPU uninit calls some TLB functions, and the TLB uninit function frees the memory used by them. Signed-off-by: Scott Wood <scottwood@freescale.com> Acked-by: Liu Yu <yu.liu@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2010-11-05PPC: KVM: Book E doesn't have __end_interrupts.Scott Wood
Fix an unresolved symbol with CONFIG_KVM_GUEST plus CONFIG_RELOCATABLE on Book E. Signed-off-by: Scott Wood <scottwood@freescale.com> Signed-off-by: Alexander Graf <agraf@suse.de>
2010-11-05KVM: x86: Issue smp_call_function_many with preemption disabledJan Kiszka
smp_call_function_many is specified to be called only with preemption disabled. Fulfill this requirement. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2010-11-05KVM: x86: fix information leak to userlandVasiliy Kulikov
Structures kvm_vcpu_events, kvm_debugregs, kvm_pit_state2 and kvm_clock_data are copied to userland with some padding and reserved fields unitialized. It leads to leaking of contents of kernel stack memory. We have to initialize them to zero. In patch v1 Jan Kiszka suggested to fill reserved fields with zeros instead of memset'ting the whole struct. It makes sense as these fields are explicitly marked as padding. No more fields need zeroing. KVM-Stable-Tag. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2010-11-05KVM: PPC: fix information leak to userlandVasiliy Kulikov
Structure kvm_ppc_pvinfo is copied to userland with flags and pad fields unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
2010-11-05KVM: MMU: fix rmap_remove on non present sptesMarcelo Tosatti
drop_spte should not attempt to rmap_remove a non present shadow pte. This fixes a BUG_ON seen on kvm-autotest. Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com> Reported-by: Lucas Meneghel Rodrigues <lmr@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
2010-11-05KVM: Write protect memory after slot swapMichael S. Tsirkin
I have observed the following bug trigger: 1. userspace calls GET_DIRTY_LOG 2. kvm_mmu_slot_remove_write_access is called and makes a page ro 3. page fault happens and makes the page writeable fault is logged in the bitmap appropriately 4. kvm_vm_ioctl_get_dirty_log swaps slot pointers a lot of time passes 5. guest writes into the page 6. userspace calls GET_DIRTY_LOG At point (5), bitmap is clean and page is writeable, thus, guest modification of memory is not logged and GET_DIRTY_LOG returns an empty bitmap. The rule is that all pages are either dirty in the current bitmap, or write-protected, which is violated here. It seems that just moving kvm_mmu_slot_remove_write_access down to after the slot pointer swap should fix this bug. KVM-Stable-Tag. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Avi Kivity <avi@redhat.com>
2010-11-05Clean up relay_alloc_page_array() slightly by using vzalloc rather than ↵Jesper Juhl
vmalloc and memset We can optimize kernel/relay.c::relay_alloc_page_array() slightly by using vzalloc. The patch makes these changes: - use vzalloc instead of vmalloc+memset. - remove redundant local variable 'array'. - declare local 'pa_size' as const. Cuts down nicely on both source and object-code size. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Acked-by: Pekka Enberg <penberg@kernel.org> Acked-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-11-05TTY: create drivers/tty/vt and move the vt code thereGreg Kroah-Hartman
The vt and other related code is moved into the drivers/tty/vt directory. Acked-by: Arnd Bergmann <arnd@arndb.de> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-05TTY: create drivers/tty and move the tty core files thereGreg Kroah-Hartman
The tty code should be in its own subdirectory and not in the char driver with all of the cruft that is currently there. Based on work done by Arnd Bergmann <arnd@arndb.de> Acked-by: Arnd Bergmann <arnd@arndb.de> Cc: Jiri Slaby <jslaby@suse.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-05Merge branch 'for-linus-fixes' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu * 'for-linus-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68k, m68knommu: Do not include linux/hardirq.h in asm/irqflags.h m68knommu: add back in declaration of do_IRQ
2010-11-04cifs: dereferencing first then checkingJeff Layton
This patch is based on Dan's original patch. His original description is below: Smatch complained about a couple checking for NULL after dereferencing bugs. I'm not super familiar with the code so I did the conservative thing and move the dereferences after the checks. The dereferences in cifs_lock() and cifs_fsync() were added in ba00ba64cf0 "cifs: make various routines use the cifsFileInfo->tcon pointer". The dereference in find_writable_file() was added in 6508d904e6f "cifs: have find_readable/writable_file filter by fsuid". The comments there say it's possible to trigger the NULL dereference under stress. Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
2010-11-04cifs: trivial comment fix: tlink_tree is now a rbtreeSuresh Jayaraman
Noticed while reviewing (late) the rbtree conversion patchset (which has been merged already). Cc: Jeff Layton <jlayton@redhat.com> Signed-off-by: Suresh Jayaraman <sjayaraman@suse.de> Signed-off-by: Steve French <sfrench@us.ibm.com>
2010-11-04inet_diag: Make sure we actually run the same bytecode we audited.Nelson Elhage
We were using nlmsg_find_attr() to look up the bytecode by attribute when auditing, but then just using the first attribute when actually running bytecode. So, if we received a message with two attribute elements, where only the second had type INET_DIAG_REQ_BYTECODE, we would validate and run different bytecode strings. Fix this by consistently using nlmsg_find_attr everywhere. Signed-off-by: Nelson Elhage <nelhage@ksplice.com> Signed-off-by: Thomas Graf <tgraf@infradead.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-04netlink: Make nlmsg_find_attr take a const nlmsghdr*.Nelson Elhage
This will let us use it on a nlmsghdr stored inside a netlink_callback. Signed-off-by: Nelson Elhage <nelhage@ksplice.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-04fib: fib_result_assign() should not change fib refcountsEric Dumazet
After commit ebc0ffae5 (RCU conversion of fib_lookup()), fib_result_assign() should not change fib refcounts anymore. Thanks to Michael who did the bisection and bug report. Reported-by: Michael Ellerman <michael@ellerman.id.au> Tested-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-04sh: Simplify phys_addr_mask()/PTE_PHYS_MASK for 29/32-bit.Paul Mundt
Given that __in_29bit_mode() is a constant for the non-PMB case, we can simply use the PMB-facing version of phys_addr_mask() and drop the other variants. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-11-04sh: nommu: Support building without an uncached mapping.Paul Mundt
Now that nommu selects 32BIT we run in to the situation where SH-2A supports an uncached identity mapping by way of the BSC, while the SH-2 does not. This provides stubs for the PC manglers and tidies up some of the system*.h mess in the process. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-11-04sh: nommu: use 32-bit phys mode.Paul Mundt
The nommu code has regressed somewhat in that 29BIT gets set for the SH-2/2A configs regardless of the fact that they are really 32BIT sans MMU or PMB. This does a bit of tidying to get nommu properly selecting 32BIT as it was before. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-11-04sh: mach-se: Fix up SE7206 no ioport build.Paul Mundt
There was a leftover inw() used here that really just wants to be a __raw_readw() instead. Convert it over. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-11-04mmc: sh_mmcif: Convert extern inline to static inline.Paul Mundt
Presently the extern inline case results in a compiler warning on ARM due to the memory barrier definition used in the I/O routines. These ultimately all want to be static inline anyways, so just convert them all in place. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-11-04ARM: mach-shmobile: Allow GPIO chips to register IRQ mappings.Paul Mundt
As non-PFC chips are added that may support IRQs, pass through to the generic helper. This follows the the SH change. Signed-off-by: Paul Mundt <lethal@linux-sh.org>
2010-11-03netfilter: ip6_tables: fix information leak to userspaceJan Engelhardt
Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03Merge branch 'master' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
2010-11-03cls_cgroup: Fix crash on module unloadHerbert Xu
Somewhere along the lines net_cls_subsys_id became a macro when cls_cgroup is built as a module. Not only did it make cls_cgroup completely useless, it also causes it to crash on module unload. This patch fixes this by removing that macro. Thanks to Eric Dumazet for diagnosing this problem. Reported-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Reviewed-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03memory corruption in X.25 facilities parsingandrew hendry
Signed-of-by: Andrew Hendry <andrew.hendry@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03net dst: fix percpu_counter list corruption and poison overwrittenXiaotian Feng
There're some percpu_counter list corruption and poison overwritten warnings in recent kernel, which is resulted by fc66f95c. commit fc66f95c switches to use percpu_counter, in ip6_route_net_init, kernel init the percpu_counter for dst entries, but, the percpu_counter is never destroyed in ip6_route_net_exit. So if the related data is freed by kernel, the freed percpu_counter is still on the list, then if we insert/remove other percpu_counter, list corruption resulted. Also, if the insert/remove option modifies the ->prev,->next pointer of the freed value, the poison overwritten is resulted then. With the following patch, the percpu_counter list corruption and poison overwritten warnings disappeared. Signed-off-by: Xiaotian Feng <dfeng@redhat.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: "Pekka Savola (ipv6)" <pekkas@netcore.fi> Cc: James Morris <jmorris@namei.org> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: Patrick McHardy <kaber@trash.net> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03rds: Remove kfreed tcp conn from listPavel Emelyanov
All the rds_tcp_connection objects are stored list, but when being freed it should be removed from there. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03rds: Lost locking in loop connection freeingPavel Emelyanov
The conn is removed from list in there and this requires proper lock protection. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03de2104x: fix panic on loadEric Dumazet
Its now illegal to call netif_stop_queue() before register_netdev() Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03atl1 : fix panic on loadEric Dumazet
Its now illegal to call netif_stop_queue() before register_netdev() Reported-by: Tom Gundersen <teg@jklm.no> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03netxen: remove unused firmware exportsAmerigo Wang
Quote from Amit Salecha: "Actually I was not updated, NX_UNIFIED_ROMIMAGE_NAME (phanfw.bin) is already submitted and its present in linux-firmware.git. I will get back to you on NX_P2_MN_ROMIMAGE_NAME, NX_P3_CT_ROMIMAGE_NAME and NX_P3_MN_ROMIMAGE_NAME. Whether this will be submitted ?" We have to remove these, otherwise we will get wrong info from modinfo. Signed-off-by: WANG Cong <amwang@redhat.com> Cc: Amit Kumar Salecha <amit.salecha@qlogic.com> Cc: "David S. Miller" <davem@davemloft.net> Cc: Dhananjay Phadke <dhananjay.phadke@qlogic.com> Cc: Narender Kumar <narender.kumar@qlogic.com> Acked-by: Amit Kumar Salecha <amit.salecha@qlogic.com>-- Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03caif: Remove noisy printout when disconnecting caif socketsjur.brandeland@stericsson.com
Signed-off-by: Sjur Brændeland <sjur.brandeland@stericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03caif: SPI-driver bugfix - incorrect padding.Sjur Brændeland
Signed-off-by: Sjur Braendeland <sjur.brandeland@stericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03caif: Bugfix for socket priority, bindtodev and dbg channel.André Carvalho de Matos
Changes: o Bugfix: SO_PRIORITY for SOL_SOCKET could not be handled in caif's setsockopt, using the struct sock attribute priority instead. o Bugfix: SO_BINDTODEVICE for SOL_SOCKET could not be handled in caif's setsockopt, using the struct sock attribute ifindex instead. o Wrong assert statement for RFM layer segmentation. o CAIF Debug channels was not working over SPI, caif_payload_info containing padding info must be initialized. o Check on pointer before dereferencing when unregister dev in caif_dev.c Signed-off-by: Sjur Braendeland <sjur.brandeland@stericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03smsc911x: Set Ethernet EEPROM size to supported device's sizeJohn Faith
The SMSC911x supports 128 x 8-bit EEPROMs. Increase the EEPROM size so more than just the MAC address can be stored. Signed-off-by: John Faith <jfaith7@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-03vmstat: fix offset calculation on void*Wu Fengguang
Fix regression introduced by commit 79da826aee6 ("writeback: report dirty thresholds in /proc/vmstat"). The incorrect pointer arithmetic can result in problems like this: BUG: unable to handle kernel paging request at 07c06d16 IP: [<c050c336>] strnlen+0x6/0x20 Call Trace: [<c050a249>] ? string+0x39/0xe0 [<c042be6b>] ? __wake_up_common+0x4b/0x80 [<c050afcc>] ? vsnprintf+0x1ec/0x380 [<c04b380e>] ? seq_printf+0x2e/0x60 [<c04829a6>] ? vmstat_show+0x26/0x30 [<c04b3bb6>] ? seq_read+0xa6/0x380 [<c04b3b10>] ? seq_read+0x0/0x380 [<c04d5d2f>] ? proc_reg_read+0x5f/0x90 [<c049c4a1>] ? vfs_read+0xa1/0x140 [<c04d5cd0>] ? proc_reg_read+0x0/0x90 [<c049c981>] ? sys_read+0x41/0x70 [<c0402bd0>] ? sysenter_do_call+0x12/0x26 Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: Michael Rubin <mrubin@google.com> Signed-off-by: Wu Fengguang <fengguang.wu@intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-11-03Merge branch 'for-linus' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6 * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6: ASoC: tpa6130a2: Get rid of compile warning from tpa6130a2_power ALSA: hda - MacBookAir3,1(3,2) alsa support ASoC: fix the building issue of missing codec field in 'struct snd_soc_card' ALSA: usb-audio - Support for Power/Status LED on Creative USB X-Fi S51 ALSA: asihpi - Unsafe memory management when allocating control cache ASoC: Update WARN uses in wm_hubs ASoC: Include cx20442 to SND_SOC_ALL_CODECS ASoC: Fix SND_SOC_ALL_CODECS typo for jz4740 ASoC: Remove volatility from WM8900 POWER1 register ALSA: lx6464es - make 1 bit signed bitfield unsigned ALSA: cs46xx memory management fixes for cs46xx_dsp_spos_create() ALSA: usb - driver neglects kmalloc return value check and may deref NULL ASoC: tpa6130a2: Fix unbalanced regulator disables ASoC: tlv320dac33: Mode1 FIFO auto configuration fix ASoC: tlv320dac33: Limit the US_TO_SAMPLES macro ASoC: tlv320dac33: Error handling for broken chip ASoC: Check return value of struct_strtoul() in pmdown_time_set()
2010-11-03ext4: initialize the percpu counters before replaying the journalTheodore Ts'o
We now initialize the percpu counters before replaying the journal, but after the journal, we recalculate the global counters, to deal with the possibility of the per-blockgroup counts getting updated by the journal replay. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2010-11-03Merge branch 'fix/asoc' into for-linusTakashi Iwai
2010-11-03ASoC: tpa6130a2: Get rid of compile warning from tpa6130a2_powerJarkko Nikula
Patch "ASoC: tpa6130a2: Fix unbalanced regulator disables" introduced a compiler warning "‘ret’ may be used uninitialized in this function". Initialize ret to zero to get rid of it and making sure that the function does not return any random error code when the code is falling through. Signed-off-by: Jarkko Nikula <jhnikula@gmail.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-11-03staging: ath6kl: Fixing the driver to use modified mmc_host structureVipin Mehta
A recent change in the mmc_host structure removed the distinction between hw and phys segments (58cb50c20fde6059f3f8db4466a1bd4d1fff999c) Changing the driver to use the modified structure. Reported-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Vipin Mehta <vmehta@atheros.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-11-03Merge branch 'for-2.6.37' of ↵Takashi Iwai
git://git.kernel.org/pub/scm/linux/kernel/git/lrg/asoc-2.6 into fix/asoc
2010-11-03ipv4: netfilter: ip_tables: fix information leak to userlandVasiliy Kulikov
Structure ipt_getinfo is copied to userland with the field "name" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-11-03ipv4: netfilter: arp_tables: fix information leak to userlandVasiliy Kulikov
Structure arpt_getinfo is copied to userland with the field "name" that has the last elements unitialized. It leads to leaking of contents of kernel stack memory. Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
2010-11-03ALSA: hda - MacBookAir3,1(3,2) alsa supportEdgar (gimli) Hucek
This patch add support for the MacBookAir3,1 and MacBookAir3,2 to the alsa sound system. Signed-off-by: Edgar (gimli) Hucek <gimli@dark-green.com> Signed-off-by: Takashi Iwai <tiwai@suse.de>
2010-11-03m68k, m68knommu: Do not include linux/hardirq.h in asm/irqflags.hPhilippe De Muyter
Recent changes to header files made kernel compilation for m68k/m68knommu fail with : CC arch/m68knommu/kernel/asm-offsets.s In file included from /archives/linux/git/arch/m68k/include/asm/system.h:2, from include/linux/wait.h:25, from include/linux/mmzone.h:9, from include/linux/gfp.h:4, from include/linux/irq.h:20, from include/asm-generic/hardirq.h:12, from /archives/linux/git/arch/m68k/include/asm/hardirq_no.h:17, from /archives/linux/git/arch/m68k/include/asm/hardirq.h:2, from include/linux/hardirq.h:10, from /archives/linux/git/arch/m68k/include/asm/irqflags.h:5, from include/linux/irqflags.h:15, from include/linux/spinlock.h:53, from include/linux/seqlock.h:29, from include/linux/time.h:8, from include/linux/timex.h:56, from include/linux/sched.h:56, from arch/m68knommu/kernel/asm-offsets.c:12: /archives/linux/git/arch/m68k/include/asm/system_no.h: In function ‘__xchg’: /archives/linux/git/arch/m68k/include/asm/system_no.h:79: error: implicit +declaration of function ‘local_irq_save’ /archives/linux/git/arch/m68k/include/asm/system_no.h:101: error: implicit +declaration of function ‘local_irq_restore’ Fix that Signed-off-by: Philippe De Muyter <phdm@macqel.be> Signed-off-by: Greg Ungerer <gerg@uclinux.org>
2010-11-03m68knommu: add back in declaration of do_IRQGreg Ungerer
The cleanup and merge of machdep should not have removed the do_IRQ declaration. It is needed by the 68328 based targets. Signed-off-by: Greg Ungerer <gerg@uclinux.org>
2010-11-02Release page reference during page fault retryMichel Lespinasse
This slipped by when unifying the filemap and swap versions of lock_page_or_retry()... Signed-off-by: Michel Lespinasse <walken@google.com> Acked-by: Rik van Riel <riel@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2010-11-02[CIFS] Cleanup unused variable build warningSteve French
Signed-off-by: Steve French <sfrench@us.ibm.com>