This mirrors x86 commit 9f0cf4adb6
(x86: Use __builtin_object_size() to validate the buffer size for copy_from_user())
Signed-off-by: David S. Miller <davem@davemloft.net>
Otherwise it isn't a valid instruction address.
This is the sparc equivalent of commit
b46b3d70c9 (kprobes: Checks probe
address is instruction boudary on x86)
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 4f70f7a91b
(sparc64: Implement IRQ stacks.) has two bugs.
First, the softirq range check forgets to subtract STACK_BIAS
before comparing with %sp. Next, on failure the wrong label
is jumped to, resulting in a bogus stack being loaded.
Reported-by: Igor Kovalenko <igor.v.kovalenko@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When we are trying to see if a range property entry applies
to a given address, we are overly strict about the type.
We should only allow I/O ranges for I/O addresses, and only allow
CONFIG space ranges for CONFIG space address.
However for MEM ranges, they come in 32-bit and 64-bit flavors.
And a lack of an exact match is OK if the range is 32-bit and
the address is 64-bit. We can assign a 64-bit address properly
into a 32-bit parent range just fine.
So allow it.
Reported-by: Patrick Finnegan <pat@computer-refuge.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
I messed up the merge in d7fc02c7ba, where
the conflict in question wasn't just about CTL_UNNUMBERED being removed,
but the 'strategy' field is too (sysctl handling is now done through the
/proc interface, with no duplicate protocols for reading the data).
Reported-by: Larry Finger <Larry.Finger@lwfinger.net>
Reported-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
* 'for-2.6.33' of git://git.kernel.dk/linux-2.6-block: (113 commits)
cfq-iosched: Do not access cfqq after freeing it
block: include linux/err.h to use ERR_PTR
cfq-iosched: use call_rcu() instead of doing grace period stall on queue exit
blkio: Allow CFQ group IO scheduling even when CFQ is a module
blkio: Implement dynamic io controlling policy registration
blkio: Export some symbols from blkio as its user CFQ can be a module
block: Fix io_context leak after failure of clone with CLONE_IO
block: Fix io_context leak after clone with CLONE_IO
cfq-iosched: make nonrot check logic consistent
io controller: quick fix for blk-cgroup and modular CFQ
cfq-iosched: move IO controller declerations to a header file
cfq-iosched: fix compile problem with !CONFIG_CGROUP
blkio: Documentation
blkio: Wait on sync-noidle queue even if rq_noidle = 1
blkio: Implement group_isolation tunable
blkio: Determine async workload length based on total number of queues
blkio: Wait for cfq queue to get backlogged if group is empty
blkio: Propagate cgroup weight updation to cfq groups
blkio: Drop the reference to queue once the task changes cgroup
blkio: Provide some isolation between groups
...
* 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jgarzik/libata-dev: (54 commits)
Revert "pata_sis: Implement MWDMA for the UDMA 133 capable chips"
libata: Clarify ata_set_lba_range_entries function
libata: Report zeroed read after TRIM and max discard size
pata_hpt3x2n: fix overclocked MWDMA0 timing
pata_it8213: MWDMA0 is unsupported
[libata] MWDMA0 is unsupported on PIIX-like PATA controllers
pata_via: clear UDMA transfer mode bit for PIO and MWDMA
pata_sis: Power Management fix
pata_rz1000: Power Management fix
pata_radisys: fix UDMA handling
pata_ns87415: Power Management fix
pata_marvell: fix marvell_pre_reset() documentation
pata_legacy: add pointers to QDI65x0 documentation
pata_legacy: fix access to control register for QDI6580
pata_legacy: fix QDI6580DP support
pata_it8213: fix it8213_pre_reset() documentation
pata_it8213: fix wrong MWDMA timings being programmed
pata_it8213: fix PIO2 underclocking
pata_it8213: fix wrong PIO timings being programmed
pata_it8213: fix UDMA handling
...
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
m68k: parport_mfc3 - Not makes it a bool before the comparison.
m68k: don't export static inline functions
fbdev: atafb - add palette register check
m68k: Remove the BKL from sys_execve
m68k: Cleanup linker scripts using new linker script macros.
m68k: Make thread_info.h usable from assembly.
m68knommu: define arch_has_single_step() and friends
m68k: ptrace fixes
m68k: use generic code for ptrace requests
rtc: Add an RTC driver for the Ricoh RP5C01
rtc: Add an RTC driver for the Oki MSM6242
* 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
i2c-stub: Documentation update
i2c-stub: Allow user to disable some commands
i2c-stub: Implement I2C block support
i2c: Refactor for_each callbacks
i2c-i801: Retry on lost arbitration
i2c: Remove big kernel lock from i2cdev_open
ics932s401: Clean up detect function
i2c: Simplify i2c_detect_address
i2c: Drop probe, ignore and force module parameters
i2c: Add missing __devinit markers to old i2c adapter drivers
i2c: Bus drivers don't have to support I2C_M_REV_DIR_ADDR
i2c: Prevent priority inversion on top of bus lock
i2c-voodoo3: Delete
i2c-powermac: Drop temporary name buffer
i2c-powermac: Include the i2c_adapter in struct pmac_i2c_bus
i2c-powermac: Log errors
i2c-powermac: Refactor i2c_powermac_smbus_xfer
i2c-powermac: Reject unsupported I2C transactions
i2c/chips: Move ds1682 to drivers/misc
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/suspend-2.6:
PM: Add flag for devices capable of generating run-time wake-up events
PM / Runtime: Remove unnecessary braces in __pm_runtime_set_status()
PM / Runtime: Make documentation of runtime_idle() agree with the code
PM / Runtime: Ensure timer_expires is nonzero in pm_schedule_suspend()
PM / Runtime: Use deferred_resume flag in pm_request_resume
PM / Runtime: Export the PM runtime workqueue
PM / Runtime: Fix lockdep warning in __pm_runtime_set_status()
PM / Hibernate: Swap, use KERN_CONT
PM / Hibernate: Shift remaining code from swsusp.c to hibernate.c
PM / Hibernate: Move swap functions to kernel/power/swap.c.
PM / freezer: Don't get over-anxious while waiting
* 'kvm-updates/2.6.33' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (84 commits)
KVM: VMX: Fix comparison of guest efer with stale host value
KVM: s390: Fix prefix register checking in arch/s390/kvm/sigp.c
KVM: Drop user return notifier when disabling virtualization on a cpu
KVM: VMX: Disable unrestricted guest when EPT disabled
KVM: x86 emulator: limit instructions to 15 bytes
KVM: s390: Make psw available on all exits, not just a subset
KVM: x86: Add KVM_GET/SET_VCPU_EVENTS
KVM: VMX: Report unexpected simultaneous exceptions as internal errors
KVM: Allow internal errors reported to userspace to carry extra data
KVM: Reorder IOCTLs in main kvm.h
KVM: x86: Polish exception injection via KVM_SET_GUEST_DEBUG
KVM: only clear irq_source_id if irqchip is present
KVM: x86: disallow KVM_{SET,GET}_LAPIC without allocated in-kernel lapic
KVM: x86: disallow multiple KVM_CREATE_IRQCHIP
KVM: VMX: Remove vmx->msr_offset_efer
KVM: MMU: update invlpg handler comment
KVM: VMX: move CR3/PDPTR update to vmx_set_cr3
KVM: remove duplicated task_switch check
KVM: powerpc: Fix BUILD_BUG_ON condition
KVM: VMX: Use shared msr infrastructure
...
Trivial conflicts due to new Kconfig options in arch/Kconfig and kernel/Makefile
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1815 commits)
mac80211: fix reorder buffer release
iwmc3200wifi: Enable wimax core through module parameter
iwmc3200wifi: Add wifi-wimax coexistence mode as a module parameter
iwmc3200wifi: Coex table command does not expect a response
iwmc3200wifi: Update wiwi priority table
iwlwifi: driver version track kernel version
iwlwifi: indicate uCode type when fail dump error/event log
iwl3945: remove duplicated event logging code
b43: fix two warnings
ipw2100: fix rebooting hang with driver loaded
cfg80211: indent regulatory messages with spaces
iwmc3200wifi: fix NULL pointer dereference in pmkid update
mac80211: Fix TX status reporting for injected data frames
ath9k: enable 2GHz band only if the device supports it
airo: Fix integer overflow warning
rt2x00: Fix padding bug on L2PAD devices.
WE: Fix set events not propagated
b43legacy: avoid PPC fault during resume
b43: avoid PPC fault during resume
tcp: fix a timewait refcnt race
...
Fix up conflicts due to sysctl cleanups (dead sysctl_check code and
CTL_UNNUMBERED removed) in
kernel/sysctl_check.c
net/ipv4/sysctl_net_ipv4.c
net/ipv6/addrconf.c
net/sctp/sysctl.c
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-next-2.6:
sparc: Set UTS_MACHINE correctly.
sparc,leon: init_leon srmmu cleanup
sparc32: Remove early interrupt enable.
sparc, leon: Added Aeroflex Gaisler entry in manufacturer_info structure
sparc64: Faster early-boot framebuffer console.
Revert "sparc: Make atomic locks raw"
sparc: remove unused nfsd #includes
sparc: Fixup last users of irq_chip->typename
Added sparc_leon3_snooping_enabled() and converted extern inline to static inline
No auxio on LEON
apbuart: Use of_find_node_by_path to find root node.
sparc: Replace old style lock initializer
sparc: Make atomic locks raw
apbuart: Fix build and missing driver unregister.
apbuart: Kill dependency on deprecated Sparc-only PROM interfaces.
apbuart: Fix build warning.
sparc: Support for GRLIB APBUART serial port
watchdog: Remove BKL from rio watchdog driver
sparc: Remove BKL from apc
sparc,leon: Sparc-Leon SMP support
* git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6: (43 commits)
security/tomoyo: Remove now unnecessary handling of security_sysctl.
security/tomoyo: Add a special case to handle accesses through the internal proc mount.
sysctl: Drop & in front of every proc_handler.
sysctl: Remove CTL_NONE and CTL_UNNUMBERED
sysctl: kill dead ctl_handler definitions.
sysctl: Remove the last of the generic binary sysctl support
sysctl net: Remove unused binary sysctl code
sysctl security/tomoyo: Don't look at ctl_name
sysctl arm: Remove binary sysctl support
sysctl x86: Remove dead binary sysctl support
sysctl sh: Remove dead binary sysctl support
sysctl powerpc: Remove dead binary sysctl support
sysctl ia64: Remove dead binary sysctl support
sysctl s390: Remove dead sysctl binary support
sysctl frv: Remove dead binary sysctl support
sysctl mips/lasat: Remove dead binary sysctl support
sysctl drivers: Remove dead binary sysctl support
sysctl crypto: Remove dead binary sysctl support
sysctl security/keys: Remove dead binary sysctl support
sysctl kernel: Remove binary sysctl logic
...
Fix a crash during boot reported by Jeff Moyer. Fix the issue of accessing
cfqq after freeing it.
Reported-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Jens Axboe <axboe@carl.(none)>
This reverts commit f20941f334.
Sergei Shtylyov notes "You call min() on uncomparables [in
mwdma_clip_to_pio()], i.e. mwdma_to_pio[] contains XFER_PIO_* and
adev->pio_mode - XFER_PIO_0 yields you a mode number. Thus the second
argument will always "win" as a minimal one"
Bartlomiej Zolnierkiewicz adds "There are more issues with the patch related
to mwdma_clip_to_pio(). The function can return values between 0 and
4 which obviously won't work well for the new code below for values
>2 (i.e. resulting in out-of-bounds array access for the common-case
of dev->pio_mode == XFER_PIO_4)."
Bartlomiej Zolnierkiewicz also notes the patch is incomplete, failing to
update MWDMA mode masks.
Signed-off-by: Jeff Garzik <jgarzik@redhat.com>
David S. Miller
Linus Torvalds
Vivek Goyal
Jeff Garzik