Commits

Author Commit Message Labels Comments Date
Anton Blanchard
powerpc/pseries/hvconsole: Fix dropped console output [ upstream commit 51d33021425e1f905beb4208823146f2fb6517da ] Return -EAGAIN when we get H_BUSY back from the hypervisor. This makes the hvc console driver retry, avoiding dropped printks. Signed-off-by: Anton Blanchard <anton@samba.org> Cc: <stable@kernel.org> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andi Kleen <ak@linux.intel.com>
Jon Povey
davinci: DM365 EVM: fix video input mux bits [ upstream commit 9daedd833a38edd90cf7baa1b1fcf61c3a0721e3 ] Video input mux settings for tvp7002 and imager inputs were swapped. Comment was correct. Tested on EVM with tvp7002 input. Signed-off-by: Jon Povey <jon.povey@racelogic.co.uk> Acked-by: Manjunath Hadli <manjunath.hadli@ti.com> Cc: stable@kernel.org Signed-off-by: Sekhar Nori <nsekhar@ti.com> Signed-off-by: Andi Kleen <ak@linux.intel.…
Wolfgang Denk
USB: serial: add IDs for WinChipHead USB->RS232 adapter [ upstream commit 026dfaf18973404a01f488d6aa556a8c466e06a4 ] Add ID 4348:5523 for WinChipHead USB->RS 232 adapter with Prolifec PL2303 chipset Signed-off-by: Wolfgang Denk <wd@denx.de> Cc: stable <stable@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kleen <ak@linux.intel.com>
Huang Ying
kexec, x86: Fix incorrect jump back address if not [ upstream commit 050438ed5a05b25cdf287f5691e56a58c2606997 ] preserving context In kexec jump support, jump back address passed to the kexeced kernel via function calling ABI, that is, the function call return address is the jump back entry. Furthermore, jump back entry == 0 should be used to signal that the jump back or preserve context is not enabled in the original kernel. But in the curren…
Andi Kleen
Drop -Werror in perf Drop -Werror in perf Makefile. This fixes the build with gcc 4.5.x Not in mainline. Signed-off-by: Andi Kleen <ak@linux.intel.com>
Manoj Iyer
mmc: Added quirks for Ricoh 1180:e823 lower base clock [ upstream commit 15bed0f2fa8e1d7db201692532c210a7823d2d21 ] frequency Ricoh 1180:e823 does not recognize certain types of SD/MMC cards, as reported at http://launchpad.net/bugs/773524. Lowering the SD base clock frequency from 200Mhz to 50Mhz fixes this issue. This solution was suggest by Koji Matsumuro, Ricoh Company, Ltd. This change has no negative performance effect on standard SD cards, …
Manoj Iyer
mmc: Add PCI fixup quirks for Ricoh 1180:e823 reader [ upstream commit be98ca652faa6468916a9b7608befff215a8ca70 ] Signed-off-by: Manoj Iyer <manoj.iyer@canonical.com> Cc: <stable@kernel.org> Signed-off-by: Chris Ball <cjb@laptop.org> Signed-off-by: Andi Kleen <ak@linux.intel.com>
James Bottomley
fix crash in scsi_dispatch_cmd() [ upstream commit bfe159a51203c15d23cb3158fffdc25ec4b4dda1 ] USB surprise removal of sr is triggering an oops in scsi_dispatch_command(). What seems to be happening is that USB is hanging on to a queue reference until the last close of the upper device, so the crash is caused by surprise remove of a mounted CD followed by attempted unmount. The problem is that USB doesn't issue its final comman…
Guo-Fu Tseng
jme: Fix unmap error (Causing system freeze) [ upstream commit 94c5b41b327e08de0ddf563237855f55080652a1 ] This patch add the missing dma_unmap(). Which solved the critical issue of system freeze on heavy load. Michal Miroslaw's rejected patch: [PATCH v2 10/46] net: jme: convert to generic DMA API Pointed out the issue also, thank you Michal. But the fix was incorrect. It would unmap needed address when low memory. Got lots of feedback fro…
Manfred Spraul
ipc/sem.c: fix race with concurrent semtimedop() timeouts [ upstream commit d694ad62bf539dbb20a0899ac2a954555f9e4a83 ] and IPC_RMID If a semaphore array is removed and in parallel a sleeping task is woken up (signal or timeout, does not matter), then the woken up task does not wait until wake_up_sem_queue_do() is completed. This will cause crashes, because wake_up_sem_queue_do() will read from a stale pointer. The fix is simple: Regardless of anythin…
Dan Rosenberg
xtensa: prevent arbitrary read in ptrace [ upstream commit 0d0138ebe24b94065580bd2601f8bb7eb6152f56 ] Prevent an arbitrary kernel read. Check the user pointer with access_ok() before copying data in. [akpm@linux-foundation.org: s/EIO/EFAULT/] Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: Christian Zankel <chris@zankel.net> Cc: Oleg Nesterov <oleg@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linu…
Peter Zijlstra
mm/backing-dev.c: reset bdi min_ratio in bdi_unregister() [ upstream commit ccb6108f5b0b541d3eb332c3a73e645c0f84278e ] Vito said: : The system has many usb disks coming and going day to day, with their : respective bdi's having min_ratio set to 1 when inserted. It works for : some time until eventually min_ratio can no longer be set, even when the : active set of bdi's seen in /sys/class/bdi/*/min_ratio doesn't add up to : anywhere near 100. : : This …
Benjamin Herrenschmidt
mm/futex: fix futex writes on archs with SW tracking of [ upstream commit 2efaca927f5cd7ecd0f1554b8f9b6a9a2c329c03 ] dirty & young I haven't reproduced it myself but the fail scenario is that on such machines (notably ARM and some embedded powerpc), if you manage to hit that futex path on a writable page whose dirty bit has gone from the PTE, you'll livelock inside the kernel from what I can tell. It will go in a loop of trying the atomic access, fa…
H. Peter Anvin
x86: Make Dell Latitude E6420 use reboot=pci [ upstream commit a536877e77f73ea22d12d94a019fedd9671b6acd ] Yet another variant of the Dell Latitude series which requires reboot=pci. From the E5420 bug report by Daniel J Blueman: > The E6420 is affected also (same platform, different casing and > features), which provides an external confirmation of the issue; I can > submit a patch for that later or include it if you prefer: > http://linux…
Daniel J Blueman
x86: Make Dell Latitude E5420 use reboot=pci [ upstream commit b7798d28ec15d20fd34b70fa57eb13f0cf6d1ecd ] Rebooting on the Dell E5420 often hangs with the keyboard or ACPI methods, but is reliable via the PCI method. [ hpa: this was deferred because we believed for a long time that the recent reshuffling of the boot priorities in commit 660e34cebf0a11d54f2d5dd8838607452355f321 fixed this platform. Unfortunately that turned out to be …
Dan Rosenberg
alpha: fix several security issues [ upstream commit 21c5977a836e399fc710ff2c5367845ed5c2527f ] Fix several security issues in Alpha-specific syscalls. Untested, but mostly trivial. 1. Signedness issue in osf_getdomainname allows copying out-of-bounds kernel memory to userland. 2. Signedness issue in osf_sysinfo allows copying large amounts of kernel memory to userland. 3. Typo (?) in osf_getsysinfo bounds minimum instead of m…
Vasily Kulikov
proc: restrict access to /proc/PID/io [ upstream commit 1d1221f375c94ef961ba8574ac4f85c8870ddd51 ] /proc/PID/io may be used for gathering private information. E.g. for openssh and vsftpd daemons wchars/rchars may be used to learn the precise password length. Restrict it to processes being able to ptrace the target process. ptrace_may_access() is needed to prevent keeping open file descriptor of "io" file, executing setuid binary …
Miklos Szeredi
mm: prevent concurrent unmap_mapping_range() on the same inode commit 2aa15890f3c191326678f1bd68af61ec6b8753ec upstream. Michael Leun reported that running parallel opens on a fuse filesystem can trigger a "kernel BUG at mm/truncate.c:475" Gurudas Pai reported the same bug on NFS. The reason is, unmap_mapping_range() is not prepared for more than one concurrent invocation per inode. For example: thread1: going through a big range, stops in the middle o…
Xufeng Zhang
udp/recvmsg: Clear MSG_TRUNC flag when starting over for a new packet [ Upstream commit 9cfaa8def1c795a512bc04f2aec333b03724ca2e ] Consider this scenario: When the size of the first received udp packet is bigger than the receive buffer, MSG_TRUNC bit is set in msg->msg_flags. However, if checksum error happens and this is a blocking socket, it will goto try_again loop to receive the next packet. But if the size of the next udp packet is smaller than receive buffer…
Xufeng Zhang
ipv6/udp: Use the correct variable to determine non-blocking condition [ Upstream commit 32c90254ed4a0c698caa0794ebb4de63fcc69631 ] udpv6_recvmsg() function is not using the correct variable to determine whether or not the socket is in non-blocking operation, this will lead to unexpected behavior when a UDP checksum error occurs. Consider a non-blocking udp receive scenario: when udpv6_recvmsg() is called by sock_common_recvmsg(), MSG_DONTWAIT bit of flags variable…
Marcus Meissner
net/ipv4: Check for mistakenly passed in non-IPv4 address [ Upstream commit d0733d2e29b652b2e7b1438ececa732e4eed98eb ] Check against mistakenly passing in IPv6 addresses (which would result in an INADDR_ANY bind) or similar incompatible sockaddrs. Signed-off-by: Marcus Meissner <meissner@suse.de> Cc: Reinhard Max <max@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> Signed-off-by: Andi Kle…
Eric Dumazet
af_packet: prevent information leak [ Upstream commit 13fcb7bd322164c67926ffe272846d4860196dc6 ] In 2.6.27, commit 393e52e33c6c2 (packet: deliver VLAN TCI to userspace) added a small information leak. Add padding field and make sure its zeroed before copy to user. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Andi Kleen <ak@linux.intel.com> CC: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller…
Joe Perches
net: filter: Use WARN_RATELIMIT [ Upstream commit 6c4a5cb219520c7bc937ee186ca53f03733bd09f ] A mis-configured filter can spam the logs with lots of stack traces. Rate-limit the warnings and add printout of the bogus filter information. Original-patch-by: Ben Greear <greearb@candelatech.com> Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <greg…
Joe Perches
bug.h: Add WARN_RATELIMIT [ Upstream commit b3eec79b0776e5340a3db75b34953977c7e5086e ] Add a generic mechanism to ratelimit WARN(foo, fmt, ...) messages using a hidden per call site static struct ratelimit_state. Also add an __WARN_RATELIMIT variant to be able to use a specific struct ratelimit_state. Signed-off-by: Joe Perches <joe@perches.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kr…
Rafael J. Wysocki
PM / Hibernate: Fix free_unnecessary_pages() commit 4d4cf23cdde2f8f9324f5684a7f349e182039529 upstream. There is a bug in free_unnecessary_pages() that causes it to attempt to free too many pages in some cases, which triggers the BUG_ON() in memory_bm_clear_bit() for copy_bm. Namely, if count_data_pages() is initially greater than alloc_normal, we get to_free_normal equal to 0 and "save" greater from 0. In that case, if the sum of "save" a…
Eric Dumazet
inet_diag: fix inet_diag_bc_audit() [ Upstream commit eeb1497277d6b1a0a34ed36b97e18f2bd7d6de0d ] A malicious user or buggy application can inject code and trigger an infinite loop in inet_diag_bc_audit() Also make sure each instruction is aligned on 4 bytes boundary, to avoid unaligned accesses. Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Mille…
Roland McGrath
uml: fix CONFIG_STATIC_LINK=y build failure with newer glibc commit aa5fb4dbfd121296ca97c68cf90043a7ea97579d upstream. With glibc 2.11 or later that was built with --enable-multi-arch, the UML link fails with undefined references to __rel_iplt_start and similar symbols. In recent binutils, the default linker script defines these symbols (see ld --verbose). Fix the UML linker scripts to match the new defaults for these sections. Signed-off-by: Roland McG…
Alan Stern
USB: don't let the hub driver prevent system sleep commit cbb330045e5df8f665ac60227ff898421fc8fb92 upstream. This patch (as1465) continues implementation of the policy that errors during suspend or hibernation should not prevent the system from going to sleep. In this case, failure to turn on the Suspend feature for a hub port shouldn't be reported as an error. There are situations where this does actually occur (such as when the device plugged…
Alan Stern
USB: don't let errors prevent system sleep commit 0af212ba8f123c2eba151af7726c34a50b127962 upstream. This patch (as1464) implements the recommended policy that most errors during suspend or hibernation should not prevent the system from going to sleep. In particular, failure to suspend a USB driver or a USB device should not prevent the sleep from succeeding: Failure to suspend a device won't matter, because the device will automaticall…
Vasily Kulikov
taskstats: don't allow duplicate entries in listener mode commit 26c4caea9d697043cc5a458b96411b86d7f6babd upstream. Currently a single process may register exit handlers unlimited times. It may lead to a bloated listeners chain and very slow process terminations. Eg after 10KK sent TASKSTATS_CMD_ATTR_REGISTER_CPUMASKs ~300 Mb of kernel memory is stolen for the handlers chain and "time id" shows 2-7 seconds instead of normal 0.003. It makes it possible…
  1. Prev
  2. Next