Linus Torvalds [Sat, 13 Nov 2010 00:02:30 +0000 (16:02 -0800)]
Merge branch 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6
* 'tty-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty-2.6:
n_gsm: Fix length handling
n_gsm: Copy n2 over when configuring via ioctl interface
serial: bfin_5xx: grab port lock before making port termios changes
serial: bfin_5xx: disable CON_PRINTBUFFER for consoles
serial: bfin_5xx: remove redundant SSYNC to improve TX speed
serial: bfin_5xx: always include DMA headers
vcs: make proper usage of the poll flags
amiserial: Remove unused variable icount
8250: Fix tcsetattr to avoid ioctl(TIOCMIWAIT) hang
tty_ldisc: Fix BUG() on hangup
TTY: restore tty_ldisc_wait_idle
SERIAL: blacklist si3052 chip
drivers/serial/bfin_5xx.c: Fix line continuation defects
tty: prevent DOS in the flush_to_ldisc
8250: add support for Kouwell KW-L221N-2
nozomi: Fix warning from the previous TIOCGCOUNT changes
tty: fix warning in synclink driver
tty: Fix formatting in tty.h
tty: the development tree is now done in git
Linus Torvalds [Sat, 13 Nov 2010 00:01:55 +0000 (16:01 -0800)]
Merge branch 'upstream/core' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen
* 'upstream/core' of git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen:
xen: do not release any memory under 1M in domain 0
xen: events: do not unmask event channels on resume
xen: correct size of level2_kernel_pgt
Linus Torvalds [Fri, 12 Nov 2010 23:54:39 +0000 (15:54 -0800)]
Merge branch 'stable/xen-pcifront-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
* 'stable/xen-pcifront-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
MAINTAINERS: Mark XEN lists as moderated
xen-pcifront: fix PCI reference leak
xen-pcifront: Remove duplicate inclusion of headers.
xen: fix memory leak in Xen PCI MSI/MSI-X allocator.
MAINTAINERS: Update mailing list name for Xen pieces.
Linus Torvalds [Fri, 12 Nov 2010 18:30:49 +0000 (10:30 -0800)]
Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
ARM: GIC: don't disable software generated interrupts
ARM: 6472/1: vexpress ct-ca9x4: only set twd_base if local timers are being used
ARM: arch/arm/kernel/traps.c: Convert sprintf_symbol to %pS
ARM: arch/arm/kernel/hw_breakpoint.c: Convert WARN_ON to WARN
ARM: 6462/1: EP93xx: Document DMA M2P API
ARM: 6470/1: atomic64: use generic implementation for OABI configurations
ARM: 6469/1: perf-events: squash compiler warning
ARM: 6468/1: backtrace: fix calculation of thread stack base
ARM: Fix DMA coherent allocator alignment
ARM: orion5x/kirkwood/mv78xx0: fix MPP configuration corner cases
[ARM] TS-78xxx NAND resource type should be IORESOURCE_MEM
ARM: pxa/saar: fix the building failure caused by typo
ARM: pxa/cm-x2xx: remove duplicate call to pxa27x_init_irq
ARM: pxa: fix the missing definition of IRQ_BOARD_END
ARM: mmp: fix cpuid detection on mmp2
[ARM] Kirkwood: restrict the scope of the PCIe reset workaround
[ARM] Kirkwood: fix timer initialization for LaCie boards
[ARM] Kirkwood: enhance TCLK detection
Linus Torvalds [Fri, 12 Nov 2010 17:52:31 +0000 (09:52 -0800)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: do not pass injected events back to the originating handler
Input: pcf8574_keypad - fix error handling in pcf8574_kp_probe
Input: acecad - fix a memory leak in usb_acecad_probe error path
Input: atkbd - add 'terminal' parameter for IBM Terminal keyboards
Input: i8042 - add Sony VAIOs to MUX blacklist
kgdboc: reset input devices (keyboards) when exiting debugger
Input: export input_reset_device() for use in KGDB
Input: adp5588-keys - unify common header defines
Linus Torvalds [Fri, 12 Nov 2010 16:52:47 +0000 (08:52 -0800)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: (27 commits)
block: remove unused copy_io_context()
Documentation: remove anticipatory scheduler info
block: remove REQ_HARDBARRIER
ioprio: rcu_read_lock/unlock protect find_task_by_vpid call (V2)
ioprio: fix RCU locking around task dereference
block: ioctl: fix information leak to userland
block: read i_size with i_size_read()
cciss: fix proc warning on attempt to remove non-existant directory
bio: take care not overflow page count when mapping/copying user data
block: limit vec count in bio_kmalloc() and bio_alloc_map_data()
block: take care not to overflow when calculating total iov length
block: check for proper length of iov entries in blk_rq_map_user_iov()
cciss: remove controllers supported by hpsa
cciss: use usleep_range not msleep for small sleeps
cciss: limit commands allocated on reset_devices
cciss: Use kernel provided PCI state save and restore functions
cciss: fix board status waiting code
drbd: Removed checks for REQ_HARDBARRIER on incomming BIOs
drbd: REQ_HARDBARRIER -> REQ_FUA transition for meta data accesses
drbd: Removed the BIO_RW_BARRIER support form the receiver/epoch code
...
Linus Torvalds [Fri, 12 Nov 2010 16:39:52 +0000 (08:39 -0800)]
Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
perf, amd: Use kmalloc_node(,__GFP_ZERO) for northbridge structure allocation
perf_events: Fix time tracking in samples
perf trace: update usage
perf trace: update Documentation with new perf trace variants
perf trace: live-mode command-line cleanup
perf trace record: handle commands correctly
perf record: make the record options available outside perf record
perf trace scripting: remove system-wide param from shell scripts
perf trace scripting: fix some small memory leaks and missing error checks
perf: Fix usages of profile_cpu in builtin-top.c to use cpu_list
perf, ui: Eliminate stack-smashing protection compiler complaint
Linus Torvalds [Fri, 12 Nov 2010 16:11:58 +0000 (08:11 -0800)]
Merge branch 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6: (39 commits)
drm/ttm: Be consistent on ttm_bo_init() failures
drm/radeon/kms: Fix retrying ttm_bo_init() after it failed once.
drm/radeon/kms: fix thermal sensor reporting on rv6xx
drm/radeon/kms: fix bugs in ddc and cd path router code
drm/radeon/kms: add support for clock/data path routers
drm: vmwgfx: fix information leak to userland
drivers/gpu: Use vzalloc
drm/vmwgfx: Fix oops on failing bo pin
drm/ttm: Remove the CAP_SYS_ADMIN requirement for bo pinning
drm/ttm: Make sure a sync object doesn't disappear while we use it
drm/radeon/kms: don't disable shared encoders on pre-DCE3 display blocks
drivers/gpu/drm: Update WARN uses
drivers/gpu/drm/vmwgfx: Fix k.alloc switched arguments
DRM: ignore invalid EDID extensions
drm/radeon/kms: make the connector code less verbose
drm/ttm: remove failed ttm binding error printout
drm/ttm: Add a barrier when unreserving
drm/ttm: Remove mm init error printouts and checks
drm/ttm: Remove pointless list_empty check
drm/ttm: Use private locks for the default bo range manager
...
Linus Torvalds [Fri, 12 Nov 2010 16:11:03 +0000 (08:11 -0800)]
Merge branch 'for-linus' of git://oss.sgi.com/xfs/xfs
* 'for-linus' of git://oss.sgi.com/xfs/xfs:
xfs: remove incorrect assert in xfs_vm_writepage
xfs: use hlist_add_fake
xfs: fix a few compiler warnings with CONFIG_XFS_QUOTA=n
xfs: tell lockdep about parent iolock usage in filestreams
xfs: move delayed write buffer trace
xfs: fix per-ag reference counting in inode reclaim tree walking
xfs: xfs_ioctl: fix information leak to userland
xfs: remove experimental tag from the delaylog option
Steffen Klassert [Wed, 10 Nov 2010 11:21:43 +0000 (12:21 +0100)]
crypto: pcrypt - Fix use after free on padata_free
kobject_put is called from padata_free for the padata kobject.
The kobject's release function frees the padata instance,
so don't call kobject_put for the padata kobject from pcrypt.
drivers/video/backlight/adp8860_bl.c: check strict_strtoul() return value
Handle return value, strict_strtoul is declared with attribute
warn_unused_result.
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com> Cc: Mike Frysinger <vapier@gentoo.org> Acked-by: Richard Purdie <rpurdie@linux.intel.com> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/video/backlight/adp8860_bl.c: fix ambient light zone overwrite handling
This affects the get/set of the current Ambient Light Zone. Reading
should return an integer between 1..3 (1 = Daylight, 2 = office, 3 =
dark). Writing a value between 1..3 forces the backlight controller to
enter the corresponding Ambient Light Zone. Writing 0 returns to normal
operation.
Fix valid range checking so we don't write invalid values to the
controller, and make sure we subtract 1, since this is what the register
definition (CFGR:BLV) requires. Otherwise the values written don't work
correctly.
Signed-off-by: Michael Hennerich <michael.hennerich@analog.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Acked-by: Richard Purdie <rpurdie@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Arun Murthy [Thu, 11 Nov 2010 22:05:28 +0000 (14:05 -0800)]
backlight: add low threshold to pwm backlight
The intensity of the backlight can be varied from a range of
max_brightness to zero. Though most, if not all the pwm based backlight
devices start flickering at lower brightness value. And also for each
device there exists a brightness value below which the backlight appears
to be turned off though the value is not equal to zero.
If the range of brightness for a device is from zero to max_brightness. A
graph is plotted for brightness Vs intensity for the pwm based backlight
device has to be a linear graph.
But pratically on measuring the above we note that the intensity of
backlight goes to zero(OFF) when the value in not zero almost nearing to
zero(some x%). so the graph looks like
In order to overcome this drawback knowing this x% i.e nothing but the low
threshold beyond which the backlight is off and will have no effect, the
brightness value is being offset by the low threshold value(retaining the
linearity of the graph). Now the graph becomes
With this for each and every digit increment in the brightness from zero
there is a change in the intensity of backlight. Devices having this
behaviour can set the low threshold brightness(lth_brightness) and pass
the same as platform data else can have it as zero.
Eliminate section mismatch warning by marking s6e63m0_probe() as __devinit.
Signed-off-by: Axel Lin <axel.lin@gmail.com> Acked-by: Richard Purdie <rpurdie@linux.intel.com> Cc: InKi Dae <inki.dae@samsung.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Axel Lin [Thu, 11 Nov 2010 22:05:26 +0000 (14:05 -0800)]
drivers/video/backlight/s6e63m0.c: unregister backlight device and remove sysfs attribute file in s6e63m0_remove
s6e63m0_probe() registered backlight device and create sysfs attribute
files, thus s6e63m0_remove() should unregister backlight device and remove
sysfs attribute files.
Signed-off-by: Axel Lin <axel.lin@gmail.com> Acked-by: Richard Purdie <rpurdie@linux.intel.com> Cc: InKi Dae <inki.dae@samsung.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Axel Lin [Thu, 11 Nov 2010 22:05:25 +0000 (14:05 -0800)]
drivers/video/backlight/s6e63m0.c: set permissions on gamma_table file to 0444
gamma_table is not writable, so set permissions to 0444.
Signed-off-by: Axel Lin <axel.lin@gmail.com> Acked-by: Richard Purdie <rpurdie@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Davidlohr Bueso [Thu, 11 Nov 2010 22:05:24 +0000 (14:05 -0800)]
drivers/leds/leds-gpio.c: properly initialize return value
In the event that none of the configs are set (CONFIG_LEDS_GPIO_PLATFORM,
CONFIG_LEDS_GPIO_OF, CONFIG_LEDS_GPIO_PLATFORM), we will return a bogus
value when initializing the module.
Signed-off-by: Davidlohr Bueso <dave@gnu.org> Acked-by: Richard Purdie <rpurdie@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Samu Onkalo [Thu, 11 Nov 2010 22:05:22 +0000 (14:05 -0800)]
leds: driver for National Semiconductors LP5523 chip
LP5523 chip is nine channel led driver with programmable engines. Driver
provides support for that chip for direct access via led class or via
programmable engines.
Signed-off-by: Samu Onkalo <samu.p.onkalo@nokia.com> Cc: Richard Purdie <rpurdie@rpsys.net> Cc: Jean Delvare <khali@linux-fr.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Samu Onkalo [Thu, 11 Nov 2010 22:05:22 +0000 (14:05 -0800)]
leds: driver for National Semiconductor LP5521 chip
This patchset provides support for LP5521 and LP5523 LED driver chips from
National Semicondutor. Both drivers supports programmable engines and
naturally LED class features.
Documentation is provided as a part of the patchset. I created "leds"
subdirectory under Documentation. Perhaps the rest of the leds*
documentation should be moved there.
Datasheets are freely available at National Semiconductor www pages.
This patch:
LP5521 chip is three channel led driver with programmable engines. Driver
provides support for that chip for direct access via led class or via
programmable engines.
Signed-off-by: Samu Onkalo <samu.p.onkalo@nokia.com> Cc: Richard Purdie <rpurdie@rpsys.net> Cc: Jean Delvare <khali@linux-fr.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Johannes Berg [Thu, 11 Nov 2010 22:05:21 +0000 (14:05 -0800)]
led-class: always implement blinking
Currently, blinking LEDs can be awkward because it is not guaranteed that
all LEDs implement blinking. The trigger that wants it to blink then
needs to implement its own timer solution.
Rather than require that, add led_blink_set() API that triggers can use.
This function will attempt to use hw blinking, but if that fails
implements a timer for it. To stop blinking again, brightness_set() also
needs to be wrapped into API that will stop the software blink.
As a result of this, the timer trigger becomes a very trivial one, and
hopefully we can finally see triggers using blinking as well because it's
always easy to use.
Signed-off-by: Johannes Berg <johannes.berg@intel.com> Acked-by: Richard Purdie <rpurdie@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dave Jones [Thu, 11 Nov 2010 22:05:20 +0000 (14:05 -0800)]
hugetlbfs: lessen the impact of a deprecation warning
WARN_ONCE is a bit strong for a deprecation warning, given that it spews a
huge backtrace.
Signed-off-by: Dave Jones <davej@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nick Piggin [Thu, 11 Nov 2010 22:05:19 +0000 (14:05 -0800)]
radix-tree: fix RCU bug
Salman Qazi describes the following radix-tree bug:
In the following case, we get can get a deadlock:
0. The radix tree contains two items, one has the index 0.
1. The reader (in this case find_get_pages) takes the rcu_read_lock.
2. The reader acquires slot(s) for item(s) including the index 0 item.
3. The non-zero index item is deleted, and as a consequence the other item is
moved to the root of the tree. The place where it used to be is queued for
deletion after the readers finish.
3b. The zero item is deleted, removing it from the direct slot, it remains in
the rcu-delayed indirect node.
4. The reader looks at the index 0 slot, and finds that the page has 0 ref
count
5. The reader looks at it again, hoping that the item will either be freed or
the ref count will increase. This never happens, as the slot it is looking
at will never be updated. Also, this slot can never be reclaimed because
the reader is holding rcu_read_lock and is in an infinite loop.
The fix is to re-use the same "indirect" pointer case that requires a slot
lookup retry into a general "retry the lookup" bit.
Signed-off-by: Nick Piggin <npiggin@kernel.dk> Reported-by: Salman Qazi <sqazi@google.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Rosenberg [Thu, 11 Nov 2010 22:05:18 +0000 (14:05 -0800)]
Restrict unprivileged access to kernel syslog
The kernel syslog contains debugging information that is often useful
during exploitation of other vulnerabilities, such as kernel heap
addresses. Rather than futilely attempt to sanitize hundreds (or
thousands) of printk statements and simultaneously cripple useful
debugging functionality, it is far simpler to create an option that
prevents unprivileged users from reading the syslog.
This patch, loosely based on grsecurity's GRKERNSEC_DMESG, creates the
dmesg_restrict sysctl. When set to "0", the default, no restrictions are
enforced. When set to "1", only users with CAP_SYS_ADMIN can read the
kernel syslog via dmesg(8) or other mechanisms.
[akpm@linux-foundation.org: explain the config option in kernel.txt] Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Acked-by: Ingo Molnar <mingo@elte.hu> Acked-by: Eugene Teo <eugeneteo@kernel.org> Acked-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
David Rientjes [Thu, 11 Nov 2010 22:05:18 +0000 (14:05 -0800)]
oom: document obsolete oom_adj tunable
/proc/pid/oom_adj was deprecated in August 2010 with the introduction of
the new oom killer heuristic.
This patch copies the Documentation/feature-removal-schedule.txt entry for
this tunable to the Documentation/ABI/obsolete directory so nobody misses
it.
Signed-off-by: David Rientjes <rientjes@google.com> Reported-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Shaohua Li [Thu, 11 Nov 2010 22:05:17 +0000 (14:05 -0800)]
vmscan: avoid setting zone congested if no page dirty
nr_dirty and nr_congested are increased only when the page is dirty. So
if all pages are clean, both them will be zero. In this case, we should
not mark the zone congested.
Signed-off-by: Shaohua Li <shaohua.li@intel.com> Reviewed-by: Johannes Weiner <hannes@cmpxchg.org> Reviewed-by: Minchan Kim <minchan.kim@gmail.com> Acked-by: Mel Gorman <mel@csn.ul.ie> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ken Chen [Thu, 11 Nov 2010 22:05:16 +0000 (14:05 -0800)]
latencytop: fix per task accumulator
Per task latencytop accumulator prematurely terminates due to erroneous
placement of latency_record_count. It should be incremented whenever a
new record is allocated instead of increment on every latencytop event.
Also fix search iterator to only search known record events instead of
blindly searching all pre-allocated space.
Signed-off-by: Ken Chen <kenchen@google.com> Reviewed-by: Arjan van de Ven <arjan@infradead.org> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dave Hansen [Thu, 11 Nov 2010 22:05:15 +0000 (14:05 -0800)]
mm/vfs: revalidate page->mapping in do_generic_file_read()
70 hours into some stress tests of a 2.6.32-based enterprise kernel, we
ran into a NULL dereference in here:
int block_is_partially_uptodate(struct page *page, read_descriptor_t *desc,
unsigned long from)
{
----> struct inode *inode = page->mapping->host;
It looks like page->mapping was the culprit. (xmon trace is below).
After closer examination, I realized that do_generic_file_read() does a
find_get_page(), and eventually locks the page before calling
block_is_partially_uptodate(). However, it doesn't revalidate the
page->mapping after the page is locked. So, there's a small window
between the find_get_page() and ->is_partially_uptodate() where the page
could get truncated and page->mapping cleared.
We _have_ a reference, so it can't get reclaimed, but it certainly
can be truncated.
I think the correct thing is to check page->mapping after the
trylock_page(), and jump out if it got truncated. This patch has been
running in the test environment for a month or so now, and we have not
seen this bug pop up again.
kernel/range.c: fix clean_sort_range() for the case of full array
clean_sort_range() should return a number of nonempty elements of range
array, but if the array is full clean_sort_range() returns 0.
The problem is that the number of nonempty elements is evaluated by
finding the first empty element of the array. If there is no such element
it returns an initial value of local variable nr_range that is zero.
The fix is trivial: it changes initial value of nr_range to size of the
array.
The bug can lead to loss of information regarding all ranges, since
typically returned value of clean_sort_range() is considered as an actual
number of ranges in the array after a series of add/subtract operations.
Found by Analytical Verification project of Linux Verification Center
(linuxtesting.org), thanks to Alexander Kolosov.
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru> Cc: Yinghai Lu <yinghai@kernel.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Carpenter [Thu, 11 Nov 2010 22:05:13 +0000 (14:05 -0800)]
drivers/misc/bh1770glc.c: error handling in bh1770_power_state_store()
There was a signedness bug so "ret" was never less than zero and that
breaks the error handling. Also in the original code it would overwrite
ret and the result is still negative but it's bogus number instead of the
correct error code.
Signed-off-by: Dan Carpenter <error27@gmail.com> Cc: Samu Onkalo <samu.p.onkalo@nokia.com> Cc: Jonathan Cameron <jic23@cam.ac.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Carpenter [Thu, 11 Nov 2010 22:05:12 +0000 (14:05 -0800)]
memcg: null dereference on allocation failure
The original code had a null dereference if alloc_percpu() failed. This
was introduced in commit 711d3d2c9bc3 ("memcg: cpu hotplug aware percpu
count updates")
Catalin Marinas [Thu, 11 Nov 2010 22:05:10 +0000 (14:05 -0800)]
include/linux/highmem.h needs hardirq.h
Commit 3e4d3af501cc ("mm: stack based kmap_atomic()") introduced the
kmap_atomic_idx_push() function which warns on in_irq() with
CONFIG_DEBUG_HIGHMEM enabled. This patch includes linux/hardirq.h for
the in_irq definition.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> Acked-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Eric Dumazet [Thu, 11 Nov 2010 22:05:08 +0000 (14:05 -0800)]
atomic: add atomic_inc_not_zero_hint()
Followup of perf tools session in Netfilter WorkShop 2010
In the network stack we make high usage of atomic_inc_not_zero() in
contexts we know the probable value of atomic before increment (2 for udp
sockets for example)
Using a special version of atomic_inc_not_zero() giving this hint can help
processor to use less bus transactions.
On x86 (MESI protocol) for example, this avoids entering Shared state,
because "lock cmpxchg" issues an RFO (Read For Ownership)
akpm: Adds a new include/linux/atomic.h. This means that new code should
henceforth include linux/atomic.h and not asm/atomic.h. The presence of
include/linux/atomic.h will in fact cause checkpatch.pl to warn about use
of asm/atomic.h. The new include/linux/atomic.h becomes the place where
arch-neutral atomic_t code should be placed.
[akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Christoph Lameter <cl@linux-foundation.org> Cc: Ingo Molnar <mingo@elte.hu> Cc: Andi Kleen <andi@firstfloor.org> Cc: Arnaldo Carvalho de Melo <acme@infradead.org> Cc: David Miller <davem@davemloft.net> Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com> Cc: Nick Piggin <npiggin@kernel.dk> Reviewed-by: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Dan Carpenter [Thu, 11 Nov 2010 22:05:07 +0000 (14:05 -0800)]
rapidio: use resource_size()
The size calculation is done incorrectly here because it should include
both the start and end (end - start + 1). It's easiest to just use
resource_size() which does the right thing.
I was worried there was something non-standard going on because the
printk() subtracts "end - 1", but the rest of the file uses the normal
resource size calculations. This function is only called from
fsl_rio_setup() in arch/powerpc/sysdev/fsl_rio.c and the calculation
there is also:
Signed-off-by: Dan Carpenter <error27@gmail.com> Cc: Alexandre Bounine <alexandre.bounine@idt.com> Acked-by: Li Yang <leoli@freescale.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
drivers/macintosh/adb-iop.c: flags should be unsigned long
Fix these warnings:
drivers/macintosh/adb-iop.c: In function `adb_iop_complete':
drivers/macintosh/adb-iop.c:85: warning: comparison of distinct pointer types lacks a cast
drivers/macintosh/adb-iop.c:92: warning: comparison of distinct pointer types lacks a cast
drivers/macintosh/adb-iop.c: In function ¡adb_iop_listen¢:
drivers/macintosh/adb-iop.c:111: warning: comparison of distinct pointer types lacks a cast
drivers/macintosh/adb-iop.c:151: warning: comparison of distinct pointer types lacks a cast
Both commits 0a3d763f1a68 ("ptrace: cleanup arch_ptrace() on um") and 9b05a69e0534 ("ptrace: change signature of arch_ptrace()") broke the um
build. This patch fixes the issues.
0a3d763f1a68 introduced the undeclared variable "datavp". The patch seems
completely untested. :-(
9b05a69e0534 changed arch_ptrace()'s signature but did not update
um/include/asm/ptrace-generic.h.
Signed-off-by: Richard Weinberger <richard@nod.at> Cc: Namhyung Kim <namhyung@gmail.com> Cc: Jeff Dike <jdike@addtoit.com> Tested-by: Will Newton <will.newton@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Software generated interrupts (SGI) are used for IPIs by the kernel.
While previous revisions of the GIC hardware were specified not to
implement enable bits for SGIs, more recent hardware is now permitted
to implement these bits in a per-CPU banked register.
The priority registers for the PPI and SGIs are also per-CPU banked
registers, so ensure that these are also appropriately initialized.
Reported-by: Scott Valentine <svalentine@concentris-systems.com> Acked-by: Abhijeet Dharmapurikar <adharmap@codeaurora.org> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Sonic Zhang [Wed, 27 Oct 2010 08:16:48 +0000 (04:16 -0400)]
serial: bfin_5xx: remove redundant SSYNC to improve TX speed
We don't need to force a SSYNC here as the LSR register will already
be updated by the time we get back to reading it. This speeds up TX
throughput and lowers general system overhead (since SSYNC is system
wide, not peripheral-specific).
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Sonic Zhang [Wed, 27 Oct 2010 08:16:47 +0000 (04:16 -0400)]
serial: bfin_5xx: always include DMA headers
On Blackfin systems, peripherals that have optional DMA support always
route their interrupts through the corresponding DMA channel -- even
when DMA is not being used. So in PIO mode, we still need to request
the DMA channel (so interrupts are delivered) which means we need to
always include the DMA header for the DMA defines/functions.
Signed-off-by: Sonic Zhang <sonic.zhang@analog.com> Signed-off-by: Mike Frysinger <vapier@gentoo.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Nicolas Pitre [Wed, 10 Nov 2010 06:33:12 +0000 (01:33 -0500)]
vcs: make proper usage of the poll flags
Kay Sievers pointed out that usage of POLLIN is well defined by POSIX,
and the current usage here doesn't follow that definition. So let's
duplicate the same semantics as implemented by sysfs_poll() instead.
Signed-off-by: Nicolas Pitre <nicolas.pitre@canonical.com> Acked-by: Kay Sievers <kay.sievers@vrfy.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Lawrence Rust [Wed, 27 Oct 2010 12:41:02 +0000 (14:41 +0200)]
8250: Fix tcsetattr to avoid ioctl(TIOCMIWAIT) hang
Calling tcsetattr prevents any thread(s) currently suspended in ioctl
TIOCMIWAIT for the same device from ever resuming.
If a thread is suspended inside a call to ioctl TIOCMIWAIT, waiting for
a modem status change, then the 8250 driver enables modem status
interrupts (MSI). The device interrupt service routine resumes the
suspended thread(s) on the next MSI.
If while the thread(s) are suspended, another thread calls tcsetattr
then the 8250 driver disables MSI (unless CTS/RTS handshaking is
enabled) thus preventing the suspended thread(s) from ever being
resumed.
This patch only disables MSI in tcsetattr handling if there are no
suspended threads.
Axel Lin [Tue, 9 Nov 2010 08:41:48 +0000 (08:41 +0000)]
hwmon: (gpio-fan) Fix fan_ctrl_init error path
In current implementation, the sysfs entries is not removed before return -ENODEV.
Creating the sysfs attribute should be the last thing done by the function,
after all the rest has been successful.
Otherwise there is a small window during which user-space can access the attribute
but the driver isn't ready to deal with the requests.
Fix it by moving sysfs_create_group to be the last thing done by the function.
Signed-off-by: Axel Lin <axel.lin@gmail.com> Acked-by: Simon Guinot <sguinot@lacie.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
Axel Lin [Tue, 9 Nov 2010 01:40:34 +0000 (20:40 -0500)]
hwmon: (ad7414) Return proper error code for ad7414_probe()
Return proper error if i2c_check_functionality reports
the adapter does not support the capability we need.
Also remove unneeded initialization for err variable.
Signed-off-by: Axel Lin <axel.lin@gmail.com> Acked-by: Sean MacLennan <smaclennan@pikatech.com> Signed-off-by: Guenter Roeck <guenter.roeck@ericsson.com>
Dmitry Torokhov [Tue, 9 Nov 2010 05:51:25 +0000 (21:51 -0800)]
Input: do not pass injected events back to the originating handler
Sometimes input handlers (as opposed to input devices) have a need to
inject (or re-inject) events back into input core. For example sysrq
filter may want to inject previously suppressed Alt-SysRq so that user
can take a screen print. In this case we do not want to pass such events
back to the same same handler that injected them to avoid loops.
Dan Carpenter [Thu, 11 Nov 2010 07:59:20 +0000 (23:59 -0800)]
Input: pcf8574_keypad - fix error handling in pcf8574_kp_probe
It is not allowed to call input_free_device() after calling
input_unregister_device() because input devices are refcounted and
unregister will free the device if we were holding he last referenc.
The preferred style in input/ is to make input_register_device() the
last function in the probe which can fail. That way we don't need to
call input_unregister_device().
Also do not need to call input_set_drvdata() as nothing in the driver
uses the data.
Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: Dmitry Torokhov <dtor@mail.ru>
Ian Campbell [Thu, 28 Oct 2010 18:32:29 +0000 (11:32 -0700)]
xen: do not release any memory under 1M in domain 0
We already deliberately setup a 1-1 P2M for the region up to 1M in
order to allow code which assumes this region is already mapped to
work without having to convert everything to ioremap.
Domain 0 should not return any apparently unused memory regions
(reserved or otherwise) in this region to Xen since the e820 may not
accurately reflect what the BIOS has stashed in this region.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Ian Campbell [Mon, 1 Nov 2010 16:30:09 +0000 (16:30 +0000)]
xen: events: do not unmask event channels on resume
The IRQ core code will take care of disabling and reenabling
interrupts over suspend resume automatically, therefore we do not need
to do this in the Xen event channel code.
The only exception is those event channels marked IRQF_NO_SUSPEND
which the IRQ core ignores. We must unmask these ourselves, taking
care to obey the current IRQ_DISABLED status. Failure check for
IRQ_DISABLED leads to enabling polled only event channels, such as
that associated with the pv spinlocks, which must never be enabled:
Stephane Eranian [Tue, 26 Oct 2010 14:08:01 +0000 (16:08 +0200)]
perf_events: Fix time tracking in samples
This patch corrects time tracking in samples. Without this patch
both time_enabled and time_running are bogus when user asks for
PERF_SAMPLE_READ.
One uses PERF_SAMPLE_READ to sample the values of other counters
in each sample. Because of multiplexing, it is necessary to know
both time_enabled, time_running to be able to scale counts correctly.
In this second version of the patch, we maintain a shadow
copy of ctx->time which allows us to compute ctx->time without
calling update_context_time() from NMI context. We avoid the
issue that update_context_time() must always be called with
ctx->lock held.
We do not keep shadow copies of the other event timings
because if the lead event is overflowing then it is active
and thus it's been scheduled in via event_sched_in() in
which case neither tstamp_stopped, tstamp_running can be modified.
This timing logic only applies to samples when PERF_SAMPLE_READ
is used.
Note that this patch does not address timing issues related
to sampling inheritance between tasks. This will be addressed
in a future patch.
With this patch, the libpfm4 example task_smpl now reports
correct counts (shown on 2.4GHz Core 2):
In commit 20cb52ebd1b5ca6fa8a5d9b6b1392292f5ca8a45, titled
"xfs: simplify xfs_vm_writepage" I added an assert that any !mapped and
uptodate buffers are not dirty. That asserts turns out to trigger a lot
when running fsx on filesystems with small block sizes. The reason for
that is that the assert is simply incorrect. !mapped and uptodate
just mean this buffer covers a hole, and whenever we do a set_page_dirty
we mark all blocks in the page dirty, no matter if they have data or
not. So remove the assert, and update the comment above the condition
to match reality.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
set_init_cxt() allocted sizeof(struct aa_task_cxt) bytes for cxt,
if register_security() failed, it will cause memory leak.
Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
policy->name is a substring of policy->hname, if prefix is not NULL, it will
allocted strlen(prefix) + strlen(name) + 3 bytes to policy->hname in policy_init().
use kzfree(ns->base.name) will casue memory leak if alloc_namespace() failed.
Signed-off-by: Zhitong Wang <zhitong.wangzt@alibaba-inc.com> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <jmorris@namei.org>
J. Bruce Fields [Wed, 3 Nov 2010 22:09:18 +0000 (18:09 -0400)]
locks: remove dead lease error-handling code
A minor oversight from f7347ce4ee7c65415f84be915c018473e7076f31,
"fasync: re-organize fasync entry insertion to allow it under a
spinlock": this cleanup-on-error was only needed to handle -ENOMEM. Now
that we're preallocating it's unneeded.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
XFS does not need it's inodes to actuall be hashed in the VFS inode
cache, but we require the inode to be marked hashed for the
writeback code to work.
Insted of using insert_inode_hash, which requires a second
inode_lock roundtrip after the partial merge of the inode
scalability patches in 2.6.37-rc simply use the new hlist_add_fake
helper to mark it hashed without requiring a lock or touching a
global cache line.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
xfs: fix a few compiler warnings with CONFIG_XFS_QUOTA=n
Andi Kleen reported that gcc-4.5 gives lots of warnings for him
inside the XFS code. It turned out most of them are due to the
quota stubs beeing macros, and gcc now complaining about macros
evaluating to 0 that are not assigned to variables.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
xfs: tell lockdep about parent iolock usage in filestreams
The filestreams code may take the iolock on the parent inode while
holding it on a child. This is the only place in XFS where we take
both the child and parent iolock, so just telling lockdep about it
is enough. The lock flag required for that was already added as
part of the ilock lockdep annotations and unused so far.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
Dave Chinner [Mon, 8 Nov 2010 08:55:05 +0000 (08:55 +0000)]
xfs: move delayed write buffer trace
The delayed write buffer split trace currently issues a trace for
every buffer it scans. These buffers are not necessarily queued for
delayed write. Indeed, when buffers are pinned, there can be
thousands of traces of buffers that aren't actually queued for
delayed write and the ones that are are lost in the noise. Move the
trace point to record only buffers that are split out for IO to be
issued on.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
Dave Chinner [Mon, 8 Nov 2010 08:55:04 +0000 (08:55 +0000)]
xfs: fix per-ag reference counting in inode reclaim tree walking
The walk fails to decrement the per-ag reference count when the
non-blocking walk fails to obtain the per-ag reclaim lock, leading
to an assert failure on debug kernels when unmounting a filesystem.
Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Alex Elder <aelder@sgi.com>
Kulikov Vasiliy [Sat, 30 Oct 2010 14:26:17 +0000 (14:26 +0000)]
xfs: xfs_ioctl: fix information leak to userland
al_hreq is copied from userland. If al_hreq.buflen is not properly aligned
then xfs_attr_list will ignore the last bytes of kbuf. These bytes are
unitialized. It leads to leaking of contents of kernel stack memory.
Signed-off-by: Vasiliy Kulikov <segooon@gmail.com> Signed-off-by: Alex Elder <aelder@sgi.com>
Will Deacon [Wed, 10 Nov 2010 14:59:11 +0000 (15:59 +0100)]
ARM: 6472/1: vexpress ct-ca9x4: only set twd_base if local timers are being used
In commit bde28b84, I made the assumption that CONFIG_SMP is always set
for the quad-core ct-ca9x4 platform. As it turns out, people who aren't
using the SMP goodness are confronted with a build failure.
This patch fixes this issue by ensure that twd_base is only set if
local timers are being used (and therefore SMP support is configured).
Reported-by: Nicolas Pitre <nicolas.pitre@linaro.org> Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Tom Zanussi [Wed, 10 Nov 2010 14:16:51 +0000 (08:16 -0600)]
perf trace: live-mode command-line cleanup
This patch attempts to make the perf trace command-line for live-mode
commands more user-friendly and consistent with other perf commands.
The main change it makes is to allow <commands> to be run as part of
perf trace live-mode commands, as other perf commands do, instead of
the system-wide traces they're currently hard-coded to by the shell
scripts.
With this patch, the following live-mode trace now works as expected:
$ perf trace rw-by-pid ls -al
The previous system-wide behavior for this command would still be
available by explicitly specifying -a:
$ perf trace rw-by-pid -a ls -al
and if no <command> is specified, the output is also system-wide:
$ perf trace rw-by-pid
Because live-mode requires both record and report steps to be invoked,
it isn't always possible to know which args to send to the report and
which to send to the record steps - mainly this is the case for report
scripts with optional args - in those cases it would be necessary to
use separate 'perf trace record' and 'perf trace report' steps.
For example:
$ perf trace syscall-counts ls
Here we can't decide whether ls should be passed as a param to the
syscall-counts script or whether we should invoke ls as a <command>.
In these cases, we just say that we'll ignore optional script params
and always interpret the extra arguments as a <command>.
If the user instead wants the other interpretation, that can be
accomplished by using separate record and report commands explicitly:
$ perf trace record syscall-counts
$ perf trace report syscall-counts ls
So the rules that this patch implements, which seem to make the most
intuitive sense for live-mode commands:
- for commands with optional args and commands with no args, no args
are sent to the report script, all are sent to the record step
- for 'top' commands i.e. that end with 'top', <commands> can't be
used - all extra args are send to the report script as params
- for commands with required args, the n required args are taken to be
the first n args after the script name and sent to the report
script, and the rest are sent to the record step
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com> Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Tom Zanussi [Wed, 10 Nov 2010 14:15:43 +0000 (08:15 -0600)]
perf trace record: handle commands correctly
Because the perf-trace shell scripts hard-coded the use of the
perf-record system-wide param, a perf trace record session was always
system wide, even if it was given a command.
If given a command, perf trace record now only records the events for
the command, as users expect.
If no command is given, or if the '-a' option is used, the recorded
events are system-wide, as before.
root@tropicana:~# perf trace record syscall-counts ls -al
root@tropicana:~# perf trace
ls-23152 [000] 39984.890387: sys_enter: NR 12 (0, 0, 0, 0, 0, 0)
ls-23152 [000] 39984.890404: sys_enter: NR 9 (0, 0, 0, 0, 0, 0)
root@tropicana:~# perf trace record syscall-counts -a ls -al
root@tropicana:~# perf trace
npviewer.bin-22297 [000] 39831.102709: sys_enter: NR 168 (0, 0, 0, 0, 0, 0)
ls-23111 [000] 39831.107679: sys_enter: NR 59 (0, 0, 0, 0, 0, 0)
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com> Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Tom Zanussi [Wed, 10 Nov 2010 14:08:20 +0000 (08:08 -0600)]
perf trace scripting: remove system-wide param from shell scripts
Including -a unconditionally when recording doesn't allow for the
option of running scripts without it. Future patches will add add it
back if needed at run-time.
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com> Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
REQ_HARDBARRIER is dead now, so remove the leftovers. What's left
at this point is:
- various checks inside the block layer.
- sanity checks in bio based drivers.
- now unused bio_empty_barrier helper.
- Xen blockfront use of BLKIF_OP_WRITE_BARRIER - it's dead for a while,
but Xen really needs to sort out it's barrier situaton.
- setting of ordered tags in uas - dead code copied from old scsi
drivers.
- scsi different retry for barriers - it's dead and should have been
removed when flushes were converted to FS requests.
- blktrace handling of barriers - removed. Someone who knows blktrace
better should add support for REQ_FLUSH and REQ_FUA, though.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Tom Zanussi [Wed, 10 Nov 2010 13:52:32 +0000 (07:52 -0600)]
perf trace scripting: fix some small memory leaks and missing error checks
Free the other two fields of script_desc which somehow got overlooked,
free malloc'ed args in case exec fails, and add missing checks for
failed mallocs.
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com> Acked-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
With 2.6.37-rc1, I observe sys_ioprio_set not taking the RCU lock [1]
across access to the task credentials.
Inspecting the code in fs/ioprio.c, the tasklist_lock is held for read
across the __task_cred call, which is presumably sufficient to prevent
the task credentials becoming stale.
Vasiliy Kulikov [Mon, 8 Nov 2010 13:42:40 +0000 (14:42 +0100)]
block: ioctl: fix information leak to userland
Structure hd_geometry is copied to userland with 4 padding bytes
between cylinders and start fields uninitialized on 64-bit platforms.
It leads to leaking of contents of kernel stack memory.
Currently there is no memset() in real implementations of getgeo()
in drivers/block/, so it makes sense to have memset() in blkdev_ioctl().
Mike Snitzer [Mon, 8 Nov 2010 13:39:12 +0000 (14:39 +0100)]
block: read i_size with i_size_read()
Convert direct reads of an inode's i_size to using i_size_read().
i_size_{read,write} use a seqcount to protect reads from accessing
incomple writes. Concurrent i_size_write()s require mutual exclussion
to protect the seqcount that is used by i_size_{read,write}. But
i_size_read() callers do not need to use additional locking.
Signed-off-by: Mike Snitzer <snitzer@redhat.com> Acked-by: NeilBrown <neilb@suse.de> Acked-by: Lars Ellenberg <lars.ellenberg@linbit.com> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
which will happen if you don't actually have an HP CISS adapter,
since it'll do an uncondional removal of a proc directory it
never attempted to create in that case.
Reported-by: Randy Dunlap <randy.dunlap@oracle.com> Tested-by: Randy Dunlap <randy.dunlap@oracle.com> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
Jens Axboe [Wed, 10 Nov 2010 13:36:25 +0000 (14:36 +0100)]
bio: take care not overflow page count when mapping/copying user data
If the iovec is being set up in a way that causes uaddr + PAGE_SIZE
to overflow, we could end up attempting to map a huge number of
pages. Check for this invalid input type.
Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: stable@kernel.org Signed-off-by: Jens Axboe <jaxboe@fusionio.com>