Calling ETHTOOL_GRXCLSRLALL with a large rule_cnt will allocate kernel
heap without clearing it. For the one driver (niu) that implements it,
it will leave the unused portion of heap unchanged and copy the full
contents back to userspace.
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
setup.phone and setup.eazmsn are 32 character buffers.
rcvmsg.msg_data.byte_array is a 48 character buffer.
sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn is 50 chars.
The rcvmsg struct comes from the memcpy_fromio() in receivemessage().
I guess that means it's data off the wire. I'm not very familiar with
this code but I don't see any reason to assume these strings are NULL
terminated.
Also it's weird that "dn" in a 50 character buffer but we only seem to
use 32 characters. In drivers/isdn/sc/scioc.h, "dn" is only a 49
character buffer. So potentially there is still an issue there.
The important thing for now is to prevent the memory corruption.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This BUG is there since the first submit of the code, but only triggered
in last Kernel. It's timing related do to the asynchronous object-creation
behaviour of exofs. (Which should be investigated farther)
The bug is obvious hence the fixed.
Signed-off-by: Boaz Harrosh <Boaz Harrosh bharrosh@panasas.com>
The i915 driver has quite a few module unload bugs, the known ones at
least have fixes that are targeting 2.6.37. However, in order to
maintain a stable kernel, we should prevent this known random memory
corruption following driver unload. This should have very low impact on
normal users who are unlikely to need to unload the i915 driver.
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: stable@kernel.org
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Recent clean of i.MX devices registration changed the i2C bus number
selected for our platform (Freescale start peripheral ID at 1, kernel
now start it at 0 so i.MX27's i2c 1 is kernel's i2c 0).
Without this fix, i2c is unusable on this platform.
Signed-off-by: Eric Bénard <eric@eukrea.com>
Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
without this patch we get :
arch/arm/mach-imx/built-in.o: In function `eukrea_cpuimx27_init':
eukrea_mbimx27-baseboard.c:(.init.text+0x44c): undefined reference to `mxc_ulpi_access_ops'
Signed-off-by: Eric Bénard <eric@eukrea.com>
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Commit 14eff18126 added proper
detection for ARM11MPCore/Cortex-A9 instead of detecting them
as ARMv7. However, it was missing the HWCAP_TLS flags.
HWCAP_TLS is needed if support for earlier ARMv6 is compiled
into the same kernel. Without HWCAP_TLS flags the userspace
won't work unless nosmp is specified:
Kernel panic - not syncing: Attempted to kill init!
CPU0: stopping
<c005d5e4>] (unwind_backtrace+0x0/0xec) from [<c004c2f8>] (do_IPI+0xfc/0x184)
<c004c2f8>] (do_IPI+0xfc/0x184) from [<c03f25bc>] (__irq_svc+0x9c/0x160)
Exception stack(0xc0565f80 to 0xc0565fc8)
5f80: 00000001 c05772a0 00000000 00003a61 c0564000 c05cf500 c003603c c0578600
5fa0: 80033ef0 410fc091 0000001f 00000000 00000000 c0565fc8 c00b91f8 c0057cb4
5fc0: 20000013 ffffffff
[<c03f25bc>] (__irq_svc+0x9c/0x160) from [<c0057cb4>] (default_idle+0x30/0x38)
[<c0057cb4>] (default_idle+0x30/0x38) from [<c005829c>] (cpu_idle+0x9c/0xf8)
[<c005829c>] (cpu_idle+0x9c/0xf8) from [<c0008d48>] (start_kernel+0x2a4/0x300)
[<c0008d48>] (start_kernel+0x2a4/0x300) from [<80008084>] (0x80008084)
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
According to Atmel, their 926T processors (AT91 post RM9200) requires
'Wait for Interrupt' mode be entered right after disabling the processor clock
in order to minimise current consumption when idle, so do both provided we're
not running on a 920T (an RM9200).
Furthermore, get rid of the #ifndef CONFIG_DEBUG_KERNEL, since arch_idle()
can be turned off completely with the kernel parameter 'nohlt'.
Cc: Andrew Victor <avictor.za@gmail.com>
Signed-off-by: Anders Larsen <al@alarsen.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Serial drivers call get_clock() very early, before platform bus
has been set up, this requires a special check to let them get
a proper clock. Without this patch, a serial console is broken
on S5PV310 and S5PC210 boards.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
[kgene.kim@samsung.com: fix coding-style]
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Cc: Ben Dooks <ben-linux@fluff.org>
This patch adds header <linux/sched.h> into the below files for build with
CONFIG_PREEMPT_NONE.
arch/arm/mach-s5p6440/cpu.c
arch/arm/mach-s5p6442/cpu.c
arch/arm/mach-s5pc100/cpu.c
arch/arm/mach-s5pv210/cpu.c
Following is error message of in case of s5pv210_defconfig with CONFIG_PREEMPT_NONE.
arch/arm/mach-s5pv210/cpu.c:91: error: implicit declaration of function 'need_resched'
Signed-off-by: SeungChull Suh <sc.suh@samsung.com>
[kgene.kim@samsung.com: removed mach-s5p64x0/cpu.c]
[kgene.kim@samsung.com: added fix mach-s5p6440/cpu.c]
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
This patch removes following unused codes for removing build warnings.
arch/arm/plat-samsung/adc.c:438: warning: unused variable 'flags'
arch/arm/mach-s5pv210/clock.c:176: warning: 's5pv210_clk_ip4_ctrl' defined but not used
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
* 'hwpoison-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/ak/linux-mce-2.6:
HWPOISON: Stop shrinking at right page count
HWPOISON: Report correct address granuality for AO huge page errors
HWPOISON: Copy si_addr_lsb to user
page-types.c: fix name of unpoison interface
* 'for-linus' of git://neil.brown.name/md:
md: check return code of read_sb_page
md/raid1: minor bio initialisation improvements.
md/raid1: avoid overflow in raid1 resync when bitmap is in use.
* 'drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/airlied/drm-2.6:
drm: don't drop handle reference on unload
drm/ttm: Fix two race conditions + fix busy codepaths
* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
of/i2c: Fix module load order issue caused by of_i2c.c
i2c: Fix checks which cause legacy suspend to never get called
i2c-pca: Fix waitforcompletion() return value
i2c: Fix for suspend/resume issue
i2c: Remove obsolete cleanup for clientdata
When proc_doulongvec_minmax() is used with an array of longs, and no
min/max check requested (.extra1 or .extra2 being NULL), we dereference a
NULL pointer for the second element of the array.
Noticed while doing some changes in network stack for the "16TB problem"
Fix is to not change min & max pointers in __do_proc_doulongvec_minmax(),
so that all elements of the vector share an unique min/max limit, like
proc_dointvec_minmax().
[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Americo Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Len Brown
Kees Cook
David S. Miller
Dan Carpenter
Boaz Harrosh
Chris Wilson
Eric Bénard
Tony Lindgren
Anders Larsen
Jin Dongming
Marek Szyprowski
SeungChull Suh
Kukjin Kim
Linus Torvalds
Eric Dumazet
Kyungmin Park