write_lock(¤t->fs->lock) guarantees we can't wrongly miss
LSM_UNSAFE_SHARE, this is what we care about. Use rcu_read_lock()
instead of ->siglock to iterate over the sub-threads. We must see
all CLONE_THREAD|CLONE_FS threads which didn't pass exit_fs(), it
takes fs->lock too.
With or without this patch we can miss the freshly cloned thread
and set LSM_UNSAFE_SHARE, we don't care.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Roland McGrath <roland@redhat.com>
[ Fixed lock/unlock typo - Hugh ]
Acked-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
If do_execve() fails after check_unsafe_exec(), it clears fs->in_exec
unconditionally. This is wrong if we race with our sub-thread which
also does do_execve:
Two threads T1 and T2 and another process P, all share the same
->fs.
T1 starts do_execve(BAD_FILE). It calls check_unsafe_exec(), since
->fs is shared, we set LSM_UNSAFE but not ->in_exec.
P exits and decrements fs->users.
T2 starts do_execve(), calls check_unsafe_exec(), now ->fs is not
shared, we set fs->in_exec.
T1 continues, open_exec(BAD_FILE) fails, we clear ->in_exec and
return to the user-space.
T1 does clone(CLONE_FS /* without CLONE_THREAD */).
T2 continues without LSM_UNSAFE_SHARE while ->fs is shared with
another process.
Change check_unsafe_exec() to return res = 1 if we set ->in_exec, and change
do_execve() to clear ->in_exec depending on res.
When do_execve() suceeds, it is safe to clear ->in_exec unconditionally.
It can be set only if we don't share ->fs with another process, and since
we already killed all sub-threads either ->in_exec == 0 or we are the
only user of this ->fs.
Also, we do not need fs->lock to clear fs->in_exec.
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Roland McGrath <roland@redhat.com>
Acked-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit d0dba725 (netfilter: ctnetlink: add callbacks to the per-proto
nlattrs) changed the protocol registration function to abort if the
to-be registered protocol doesn't provide a new callback function.
The DCCP and UDP-Lite IPv6 protocols were missed in this conversion,
add the required callback pointer.
Reported-and-tested-by: Steven Jan Springl <steven@springl.ukfsn.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Some U-Boot versions incorrectly set the number of chipselects to two
for Sequoia/Rainier boards while they only have one chipselect hardwired.
This patch adds a workaround for this, hardcoding the number of chipselects
to one for sequioa/rainer board models and reading the actual value from
the memory controller register DDR0_10 otherwise.
It also fixes another error in the way ibm4xx_denali_fixup_memsize
calculates memory size. When testing the DDR_REDUC bit, the polarity is
backwards. A "1" implies 32-bit wide memory while a "0" implies 64-bit
wide memory.
Signed-off-by: Mikhail Zolotaryov <lebon@lebon.org.ua>
Signed-off-by: Valentine Barshak <vbarshak@ru.mvista.com>
Signed-off-by: Steven A. Falco <sfalco@harris.com>
Acked-by: Stefan Roese <sr@denx.de>
Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Update the git tree URL for the PowerPC 4xx git tree.
Reported-by: Denis ChengRq <crquan@gmail.com>
Signed-off-by: Josh Boyer <jwboyer@linux.vnet.ibm.com>
Currently we look it up from ->ioprio, but ->ioprio can change if
either the process gets its IO priority changed explicitly, or if
cfq decides to temporarily boost it. So if we are unlucky, we can
end up attempting to remove a node from a different rbtree root than
where it was added.
Fix this by using ->org_ioprio as the prio_tree index, since that
will only change for explicit IO priority settings (not for a boost).
Additionally cache the rbtree root inside the cfqq, then we don't have
to add code to reinsert the cfqq in the prio_tree if IO priority changes.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
cfq_prio_tree_lookup() should return the direct match, yet it always
returns zero. Fix that.
cfq_prio_tree_add() assumes that we don't get a direct match, while
it is very possible that we do. Using O_DIRECT, you can have different
cfqq with matching requests, since you don't have the page cache
to serialize things for you. Fix this bug by only adding the cfqq if
there isn't an existing match.
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Very rarely under stress testing of dm, oopses are occuring as
something tampers with an old stack frame. This has been traced back
to blk_abort_queue() leaving a timeout_list pointing to the stack.
The reason is that sometimes blk_abort_request() won't delete the
timer (if the request is marked as complete but before the timer has
been removed, a small race window). Fix this by splicing back from
the ususally empty list to the q->timeout_list.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
This simplifies I/O stat accounting switching code and separates it
completely from I/O scheduler switch code.
Requests are accounted according to the state of their request queue
at the time of the request allocation. There is no need anymore to
flush the request queue when switching I/O accounting state.
Signed-off-by: Jerome Marchand <jmarchan@redhat.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Fix this build error:
In file included from fs/compat_ioctl.c:104:
include/linux/pktcdvd.h:285: error: expected specifier-qualifier-list before 'mempool_t'
Signed-off-by: Alexander Beregalov <a.beregalov@gmail.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
The HPET in the ICH4M is not documented in the data sheet
because it was not officially validated.
While it is fine for hackers to continue to use "hpet=force"
to enable the hardware that they have, it is not prudent to
solicit additional "hpet=force" users on this hardware.
[ Impact: remove hpet=force syslog message on old-ICH systems ]
Signed-off-by: Len Brown <len.brown@intel.com>
Acked-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
LKML-Reference: <alpine.LFD.2.00.0904231918510.15843@localhost.localdomain>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
The ACPI video driver defers registration to the i915 driver if the
system supports opregion-mediated backlight control. This registration
was only being performed in the KMS case. Ensure it's done even if we
don't have modesetting enabled.
http://bugzilla.kernel.org/show_bug.cgi?id=13048
Signed-off-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Len Brown <len.brown@intel.com>
This reverts commit fdbdc7fc79.
That temporary quick-fix is no longer necessary,
as the previous patch, a65131e942,
"I/O port protection: update for windows compatibility"
should handle this issue for all ports, including this one.
Signed-off-by: Len Brown <len.brown@intel.com>
For windows compatibility,
1) On a port protection violation, simply ignore the request and
do not return an exception (allow the control method to continue execution.)
2) If only part of the request overlaps a protected port,
read/write the individual ports that are not protected.
http://bugzilla.kernel.org/show_bug.cgi?id=13036
Signed-off-by: Lin Ming <ming.m.lin@intel.com>
Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
This fixes an inconsistent behaviour when loading the driver with the
switch on or off. In the former case you would also need to soft unblock
the switch via the sysfs file entries to really disable rfkill, in the
latter you wouldn't.
Signed-off-by: Mattia Dongili <malattia@linux.it>
Cc: Matthias Welwarsky <matze@welwarsky.de>
Acked-by: Matthew Garrett <mjg@redhat.com>
Signed-off-by: Len Brown <len.brown@intel.com>
sony_backlight_update_status returns 0 on success -1 on failure (i.e.: the
return value from acpi_callsetfunc. The return value in the resume path
was broken and thus always displaying a bogus warning about not being able
to restore the brightness level.
Signed-off-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Len Brown <len.brown@intel.com>
When resuming from standby (on a laptop) I see the following message in
my kernel.log:
"ACPI: EC: non-query interrupt received, switching to interrupt mode"
This apparently prevented sony-laptop to properly restore the brightness
level on resume.
The cause: In drivers/acpi/ec.c the acpi_ec_suspend function clears the
GPE mode bit, but this is not restored in acpi_ec_resume (the function
below it). The patch below fixes this by properly restoring the GPE_MODE
bit. Tested and confirmed to work.
Signed-off-by: Almer S. Tigelaar <almer@gnome.org>
Signed-off-by: Mattia Dongili <malattia@linux.it>
Acked-by: Alexey Starikovskiy <astarikovskiy@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
Fixes the "unknown input event 38" messages. ANYBUTTON_RELEASED is now
treated the same way as FN_KEY_RELEASED.
Signed-off-by: Almer S. Tigelaar <almer@gnome.org>
Signed-off-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Len Brown <len.brown@intel.com>
Fixes additional special key initialization for SNC 127 key events.
Verified / tested on a Sony VAIO SR model.
Signed-off-by: Almer S. Tigelaar <almer@gnome.org>
Signed-off-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Len Brown <len.brown@intel.com>
Fixes a duplicate mapping in the SNC sony_127_events structure.
Signed-off-by: Almer S. Tigelaar <almer@gnome.org>
Signed-off-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Len Brown <len.brown@intel.com>
As processor.max_cstate is an init-time-only modparam,
sanity checking it at init-time is sufficient.
http://bugzilla.kernel.org/show_bug.cgi?id=13142
Signed-off-by: Len Brown <len.brown@intel.com>
Linux tells ICH4 users that they can (manually) invoke
"hpet=force" to enable the undocumented ICH-4M HPET.
The HPET becomes available for both clocksource and clockevents.
But as of ff69f2bba6
(acpi: fix of pmtimer overflow that make Cx states time incorrect)
the HPET may be used via clocksource for idle accounting, and
hpet=force on an ICH4 box hangs boot.
It turns out that touching the MMIO HPET withing
the ARB_DIS part of C3 will hang the hardware.
The fix is to simply move the timer access outside
the ARB_DIS region. This is a no-op on modern hardware
because ARB_DIS is no longer used.
http://bugzilla.kernel.org/show_bug.cgi?id=13087
Acked-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Symbols like SOFT_RESET are way too generic to be exported at large.
To avoid this, let's move the mbus bridge register defines into a
separate file and include it where needed. This affects mach-kirkwood,
mach-loki, mach-mv78xx0 and mach-orion5x simultaneously as they all
share code in plat-orion which relies on those defines.
Some other defines have been moved to narrower scopes, or simply deleted
when they had no user.
This fixes compilation problem with mpt2sas on the above listed
platforms.
Signed-off-by: Nicolas Pitre <nico@marvell.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Check if we really have Scoop config, otherwice we can get a nice Oops
during probe.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
This is causes problems on platforms that have alignment requirements
for DMA transfers.
Signed-off-by: Martin Fuzzey <mfuzzey@gmail.com>
Acked-by: Mauro Carvalho Chehab <mchehab@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
In the case where a gadget driver is removed while no
transceiver was found at probe time, a bug in
otg_put_transceiver() will trigger.
Provide symetric calls for otg_get_transceiver() and
otg_put_transceiver(), wherever a transceiver was found or
not.
Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch to cdc-wdm
- checks for partial extra descriptors
- fixes a leak in the error case of probe
- checks for an exact number of endpoints
- adds a clarifying comment
Signed-off-by: Oliver Neukum <oliver@neukum.org>
Cc: David Brownell <david-b@pacbell.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This removes tty->low_latency from all USB serial drivers that push
data into the tty layer at hard interrupt context. It's no longer needed
and actually harmful.
Signed-off-by: Oliver Neukum <oliver@neukum.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch fixes a problem in sierra_send_setup() function when
composite devices are used. One should not be sending ACM commands to
interfaces that are OBEX. Doing this causes an apparent failure as the
ACM command has to time out before the interface can start being used.
Signed-off-by: Elina Pasheva <epasheva@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
We now have a more correct solution for shrinking runtime driver
footprints than just marking probe() as __init ... use it.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Fix build error in the MIPS USB IP core family device controller driver.
The driver calls udelay() without including linux/delay.h
Signed-off-by: Matthias Kaehlcke <matthias@kaehlcke.net>
Acked-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Add #ifndef to musb header file to prevent multiple inclusions.
Signed-off-by: Mark A. Greer <mgreer@mvista.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
When I want to use my webcam, I get:
vvvvvvv
cheese: page allocation failure. order:5, mode:0x8004
Pid: 8100, comm: cheese Not tainted 2.6.30-rc2-wl-dirty #102
Call Trace:
[<ffffffff802c5d8e>] __alloc_pages_internal+0x3fe/0x520
[<ffffffff80210a20>] dma_generic_alloc_coherent+0x90/0x120
[<ffffffffa001c91e>] hcd_buffer_alloc+0xee/0x130 [usbcore]
[<ffffffffa000d52d>] usb_buffer_alloc+0x2d/0x40 [usbcore]
[<ffffffffa0160e14>] uvc_alloc_urb_buffers+0x84/0x140 [uvcvideo]
[<ffffffffa0160ff6>] uvc_init_video+0x126/0x400 [uvcvideo]
[...]
Oddly, I remembered fixing this and putting in __GFP_NOWARN
because uvcvideo retries a smaller allocation. However, the
allocation function doesn't pass the gfp flags through to
dma_alloc_coherent so we still get the warning!
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1231) fixes a use-after-free bug in g_file_storage. A
device's name may not be available after the device is unregistered,
even if the device structure itself is still allocated. Since
close_backing_file() prints a LUN's name for debugging, it shouldn't
be called after the LUN has been unregistered.
That whole area needed to be cleaned up; the backing files were
getting closed in a couple of different places. The patch fixes
things so that they get closed in just one place, as part of the
unbind procedure, immediately before the LUN is unregistered.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>