Commit Graph

50440 Commits

Author SHA1 Message Date
Wendy Cheng
a7d2b2bdc9 [GFS2] NFS filehandle check
File handle checking error found in '07 NFS connectathon. The fh_type
and fh_len are not necessarily identical. Some of the client machines
could fail mount with stale filehandle without this patch.

Signed-off-by: S. Wendy Cheng <wcheng@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2007-03-07 13:57:34 -05:00
Richard Fearn
d5a6751b32 [GFS2] add newline to printk message
Patch for the 2.6.20 stable tree that adds a missing newline to one of
the printk messages in fs/gfs2/ops_fstype.c.

Signed-off-by: Richard Fearn <richardfearn@gmail.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2007-03-07 13:57:10 -05:00
Josef Whiter
2e95b6653b [GFS2] fix locking mistake
This patch fixes a locking mistake in the quota code, we do a mutex_lock instead
of a mutex_unlock.

Signed-off-by: Josef Whiter <jwhiter@redhat.com>
Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
2007-03-07 13:56:41 -05:00
Linus Torvalds
d694c16bc3 Merge master.kernel.org:/pub/scm/linux/kernel/git/lethal/sh-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/lethal/sh-2.6:
  sh: Kill off I/O cruft for R7780RP.
  sh: Revert lazy dcache writeback changes.
  sh: Enable SM501 support for RTS7751R2D.
  sh: Use L1_CACHE_BYTES for .data.cacheline_aligned.
  sysctl: Support vdso_enabled sysctl on SH.
  sh: Fix kernel thread stack corruption with preempt.
  doc: Add SH to vdso and earlyprintk in kernel-parameters.txt
  sh: Fix sigmask trampling in signal delivery.
  sh: Clear UBC when not in use.
2007-03-07 10:08:33 -08:00
Ingo Molnar
d04f41e353 [PATCH] CPU hotplug: call check_tsc_sync_source() with irqs off
check_tsc_sync_source() depends on being called with irqs disabled (it
checks whether the TSC is coherent across two specific CPUs). This is
incidentally true during bootup, but not during cpu hotplug __cpu_up().
This got found via smp_processor_id() debugging.

disable irqs explicitly and remove the unconditional enabling of
interrupts. Add touch_nmi_watchdog() to the cpu_online_map busy loop.

this bug is present both on i386 and on x86_64.

Reported-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-07 10:07:24 -08:00
Gary Zambrano
a9e28d9b0b avr32: dma-mapping.h
Added dma_sync_single_range_for_cpu/device to dma-mapping.h in asm-avr32 to
call dma_sync_single_for_cpu/device.  This patch enables b44 to compile on
systems with these cpus.  This patch was created with the assumption that
another method of dma_sync_single_range_for_cpu/device does not exist on these
architectures.

Signed-off by: Gary Zambrano <zambrano@broadcom.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
2007-03-07 10:50:30 +01:00
Haavard Skinnemoen
28c1d39db8 [AVR32] Don't use kmap() in flush_icache_page()
flush_icache_page() can be called from atomic context, so we can't
use kmap(). Use page_address() instead.

Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
2007-03-07 10:50:29 +01:00
Haavard Skinnemoen
a19b4a1405 [AVR32] Fix bogus ti->flags manipulation in debug handler
We should OR in a bitmask, not a bit offset, into ti->flags. This
might fix some strange behaviour when single stepping.

Also, use set_ti_thread_flag() to manipulate the flags to avoid
surprises in the future.

Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
2007-03-07 10:50:28 +01:00
Haavard Skinnemoen
bfa4f55cc8 [AVR32] Fix typo in include/asm-avr32/Kbuild
It's header-y, not headers-y.

Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
2007-03-07 10:50:27 +01:00
Haavard Skinnemoen
3338368e92 [AVR32] show_trace: Only walk valid stack addresses
Terminate the frame pointer walk if (a) the address is outside the
task's kernel stack or (b) if the frame pointer isn't monotonically
increasing. Without this fix, show_trace() may enter an infinite
loop, walking through random data anywhere in memory.

Since any address within the kernel stack is guaranteed to be valid,
we may eliminate the __get_user() calls as well.

Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
2007-03-07 10:50:27 +01:00
Haavard Skinnemoen
9a596a6236 [AVR32] at32_spi_setup_slaves should be __init
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
2007-03-07 10:50:26 +01:00
Linus Torvalds
08e15e81a4 Linux 2.6.21-rc3
.. hopefully most of the resume/suspend problems introduced by the timer
and other changes are behind us.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 20:41:20 -08:00
Linus Torvalds
2f774456e4 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
  [SPARC64]: Fix floppy build failure.
2007-03-06 19:57:46 -08:00
Linus Torvalds
5b3c1184e7 Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
  [DCCP]: Set RTO for newly created child socket
  [DCCP]: Correctly split CCID half connections
  [NET]: Fix compat_sock_common_getsockopt typo.
  [NET]: Revert incorrect accept queue backlog changes.
  [INET]: twcal_jiffie should be unsigned long, not int
  [GIANFAR]: Fix compile error in latest git
  [PPPOE]: Use ifindex instead of device pointer in key lookups.
  [NETFILTER]: ip6_route_me_harder should take into account mark
  [NETFILTER]: nfnetlink_log: fix reference counting
  [NETFILTER]: nfnetlink_log: fix module reference counting
  [NETFILTER]: nfnetlink_log: fix possible NULL pointer dereference
  [NETFILTER]: nfnetlink_log: fix NULL pointer dereference
  [NETFILTER]: nfnetlink_log: fix use after free
  [NETFILTER]: nfnetlink_log: fix reference leak
  [NETFILTER]: tcp conntrack: accept SYN|URG as valid
  [NETFILTER]: nf_conntrack/nf_nat: fix incorrect config ifdefs
  [NETFILTER]: conntrack: fix {nf,ip}_ct_iterate_cleanup endless loops
2007-03-06 19:53:34 -08:00
Linus Torvalds
fe1b4ba400 Merge branch 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
  [S390] cio: Call cancel_halt_clear even when actl == 0.
  [S390] cio: Use path verification to check for path state.
  [S390] cio: Fix locking when calling notify function.
  [S390] Fixed handling of access register mode faults.
  [S390] dasd: Use default recovery for SNSS requests
  [S390] check_bugs() should be inline.
  [S390] tape: Compression overwrites crypto setting
  [S390] nss: disable kexec.
  [S390] reipl: move dump_prefix_page out of text section.
  [S390] smp: disable preemption in smp_call_function/smp_call_function_on
  [S390] kprobes breaks BUG_ON
2007-03-06 19:52:50 -08:00
Linus Torvalds
ae5dd8e346 Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
  pata_pdc202xx_old: fix data corruption and other problems
  pata_legacy: fix io/irq mismatch
  ahci: RAID mode SATA patch for Intel ICH9M
2007-03-06 19:44:13 -08:00
Linus Torvalds
38f3323037 Revert "[PATCH] LOG2: Alter get_order() so that it can make use of ilog2() on a constant"
This reverts commit 39d61db0ed.

The commit was buggy in multiple ways:
 - the conversion to ilog2() was incorrect to begin with
 - it tested the wrong #defines, so on all architectures but FRV you'd
   never see the bug except for constant arguments.
 - the new "get_order()" macro used its arguments multiple times, and
   didn't even parenthesize them properly
 - despite the comments, it was not true that you could use it for
   constant initializers, since not all architectures even use the
   generic page.h header file.

All of the problems are individually fixable, but it all boils down to:
better just revert it, and re-do it from scratch.

Cc: David Howells <dhowells@redhat.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Cc: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 19:38:01 -08:00
Greg Ungerer
5d6deb940f [PATCH] m68knommu: remove local_bh_count
Remove un-used/un-referenced local_bh_count.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:08:38 -08:00
Greg Ungerer
1ed35e0d8a [PATCH] m68knommu: use irq_handler_t and rtc_time in prototypes
Use irq_handler_t for passing clock handler routine around.
And use new rtc_time in place of hwclock_time.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:08:38 -08:00
Greg Ungerer
8bb25184b3 [PATCH] m68knommu: GPIO line defines for the ColdFire 5282
For the Freescale M5282 ColdFire,
Port UA Pin Assignment Register should set to UART mode.
Patch submitted by David Wu <davidwu@arcturusnetworks.com>.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:08:38 -08:00
Greg Ungerer
28580df03e [PATCH] m68knommu: fix work queues in mcfserial.c driver
Fix work queue code to support new model.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:08:38 -08:00
Greg Ungerer
ebfcfef44e [PATCH] m68knommu: set GPIO lines for serial ports on 5282 in mcfserial.c
For the Freescale M5282 ColdFire,
Port UA Pin Assignment Register should set to UART mode.
Patch submitted by David Wu <davidwu@arcturusnetworks.com>.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:08:38 -08:00
Greg Ungerer
8668fb5d8d [PATCH] m68knommu: use irq_handler_t and remove regs arg for 68328
Remove regs arg from bad interrupt handler.
Use irq_handler_t type for handler arg of local request_irq().

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:08:38 -08:00
Greg Ungerer
1ea9acc782 [PATCH] m68knommu: use irq_handler_t for passing handler types in 68328 setup
Use irq_handler_t type for passing around timer interrupt routine
in 368360 setup code.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:08:38 -08:00
Greg Ungerer
b032fde909 [PATCH] m68knommu: use irq_handler_t for passing handler types in 68360 setup
Use irq_handler_t type for passing around timer interrupt routine.

Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:08:38 -08:00
Linus Torvalds
1ba73b99c3 Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
  [IA64] kexec: Use EFI_LOADER_DATA for ELF core header
  [IA64] permon use-after-free fix
  [IA64] sync compat getdents
  [IA64] always build arch/ia64/lib/xor.o
  [IA64] Remove stack hard limit on ia64
  [IA64] point saved_max_pfn to the max_pfn of the entire system
  Revert "[IA64] swiotlb abstraction (e.g. for Xen)"
2007-03-06 18:05:10 -08:00
Linus Torvalds
185d84b4e1 Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
  [MIPS] IP27: Build fix
  [MIPS] Wire up ioprio_set and ioprio_get.
  [MIPS] Fix __raw_read_trylock() to allow multiple readers
  [MIPS] Export __copy_user_inatomic.
  [MIPS] R2 bitops compile fix for gcc < 4.0.
  [MIPS] TX39: Remove redundant tx39_blast_icache() calls
  [MIPS] Cobalt: Fix early printk
  [MIPS] SMTC: De-obscure Malta hooks.
  [MIPS] SMTC: Add fordward declarations for mm_struct and task_struct.
  [MIPS] SMTC: <asm/mips_mt.h> must include <linux/cpumask.h>
  [MIPS] SMTC: <asm/smtc_ipi.h> must include <linux/spinlock.h>
  [MIPS] Atlas, Malta: Fix build warning.
2007-03-06 18:02:46 -08:00
Mark Gross
03154a2710 [PATCH] minor updat to tlclk Kconfig entry
The tlclk driver is going on the MPCBL005 so I need to make the Kconfig
more more generic.  Just some text changes.

Signed-off-by: Mark Gross <mark.gross@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:02:22 -08:00
Marcel Holtmann
059819a41d [PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)
Based on a patch from Don Howard <dhoward@redhat.com>

When calling write() with a buffer larger than 512 bytes, the
driver's write buffer overflows, allowing to overwrite the EIP and
execute arbitrary code with kernel privileges.

In read(), there exists a similar problem, but coming from the device.
A malicous or buggy device sending more than 512 bytes can overflow
of the driver's read buffer, with the same effects as above.

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Harald Welte <laforge@gnumonks.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 18:01:04 -08:00
Hugh Dickins
266d4f4037 [PATCH] suspend regression: sysfs deadlock
Suspend deadlocks when trying to unregister /sys/block/sr0.

This comes from Oliver's commit 94bebf4d1b
"Driver core: fix race in sysfs between sysfs_remove_file() and
read()/write()".

sysfs_write_file downs buffer->sem while calling flush_write_buffer, and
flushing that particular write buffer entails downing buffer->sem in
orphan_all_buffers, resulting in the obvious self-deadlock.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06 17:59:14 -08:00
Linus Torvalds
7c368bb104 Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid
* 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jikos/hid:
  HID blacklisting of all Code Mercenaries IOWarrior devices
2007-03-06 17:34:28 -08:00
Linus Torvalds
cba5a641ca Merge branch 'linus' of master.kernel.org:/pub/scm/linux/kernel/git/perex/alsa
* 'linus' of master.kernel.org:/pub/scm/linux/kernel/git/perex/alsa:
  [ALSA] version 1.0.14rc3
  [ALSA] cmipci - Allow to disable integrated FM port
  [ALSA] hda-codec - Fix logic error in headphone mute for Conexant codecs
  [ALSA] hda-codec - Add missing Mic Boost for AD1986A codec
  [ALSA] ac97 - Add Thinkpad X31 and R40 to AD1981x blacklist
  [ALSA] Add missing sysfs device assignment for ALSA PCI drivers
  [ALSA] hda-codec - Define pin configs for MacBooks
  [ALSA] hda-codec - Add missing Mic Boost controls for ALC262
  [ALSA] soc - WM9712 PCM volume
  [ALSA] soc - Fix WM9712 register cache entry
  [ALSA] hda-codec - Add method for configuring Mac Pro without PCI SSID
  [ALSA] hda-codec - Add LFE support on Dell M90
2007-03-06 17:32:45 -08:00
Linus Torvalds
9f6632d629 Merge git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
  [CIFS] cifs_prepare_write was incorrectly rereading page in some cases
  [CIFS] Fix set file size to zero when doing chmod to Samba 3.0.26pre
  [CIFS] Remove some unused functions/declarations
  [CIFS] New file for previous commit
  [CIFS] cifs export operations
  [CIFS] small piece missing from previous patch
  [CIFS] Fix locking problem around some cifs uses of i_size write
2007-03-06 17:32:22 -08:00
Linus Torvalds
8328258e74 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/drzeus/mmc
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/drzeus/mmc:
  sdhci: release irq during suspend
  sdhci: make isr tolerant of read errors
  mmc: require explicit support for high-speed
  ncpfs: make sure server connection survives a kill
2007-03-06 17:31:29 -08:00
Linus Torvalds
205c911da3 Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/netdev-2.6:
  sis900 warning fixes
  mv643xx_eth: Place explicit port number in mv643xx_eth_platform_data
  pcnet32: Fix PCnet32 performance bug on non-coherent architecutres
  __devinit & __devexit cleanups for de2104x driver
  3c59x: Handle pci_enable_device() failure while resuming
  dmfe: Fix link detection
  dmfe: fix two bugs
  dmfe: trivial/spelling fixes
  revert "drivers/net/tulip/dmfe: support basic carrier detection"
  ucc_geth: returns NETDEV_TX_BUSY when BD ring is full
  ucc_geth: Fix BD processing
  natsemi: netpoll fixes
  bonding: Improve IGMP join processing
  bonding: only receive ARPs for us
  bonding: fix double dev_add_pack
2007-03-06 17:30:59 -08:00
Ralf Baechle
063ea774b0 [MIPS] IP27: Build fix
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:18 +00:00
Ralf Baechle
08253b39f8 [MIPS] Wire up ioprio_set and ioprio_get.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:18 +00:00
Dave Johnson
d52c2d5a62 [MIPS] Fix __raw_read_trylock() to allow multiple readers
A deadlock can occur for mixed irq and non-irq rwlock readers if a 2nd
reader attempts to take lock by looping around __raw_read_trylock().

Signed-off-by: Dave Johnson <djohnson+linux-mips@sw.starentnetworks.com>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:17 +00:00
Ralf Baechle
d0c91ae2bb [MIPS] Export __copy_user_inatomic.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:17 +00:00
Ralf Baechle
b961153be9 [MIPS] R2 bitops compile fix for gcc < 4.0.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:17 +00:00
Atsushi Nemoto
a5664c4075 [MIPS] TX39: Remove redundant tx39_blast_icache() calls
Apply commit 0550d9d13e to c-tx39.c too.
And fix a warning in local_tx39_flush_data_cache_page().

Signed-off-by: Atsushi Nemoto <anemo@mba.ocn.ne.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:16 +00:00
Yoichi Yuasa
0a22e0d43b [MIPS] Cobalt: Fix early printk
Signed-off-by: Yoichi Yuasa <yoichi_yuasa@tripeaks.co.jp>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:16 +00:00
Ralf Baechle
57a2050c40 [MIPS] SMTC: De-obscure Malta hooks.
Should now be understandable why the thing works ...

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:16 +00:00
Ralf Baechle
b3920590b5 [MIPS] SMTC: Add fordward declarations for mm_struct and task_struct.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:16 +00:00
Ralf Baechle
32fac80be6 [MIPS] SMTC: <asm/mips_mt.h> must include <linux/cpumask.h>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:15 +00:00
Ralf Baechle
22e651c6ae [MIPS] SMTC: <asm/smtc_ipi.h> must include <linux/spinlock.h>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:15 +00:00
Ralf Baechle
f76b7ea48a [MIPS] Atlas, Malta: Fix build warning.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-07 00:07:15 +00:00
Sean Hefty
3492856e33 RDMA/ucma: Avoid sending reject if backlog is full
Change the returned error code to ENOMEM if the connection event
backlog is full.  This prevents the ib_cm from issuing a reject
on the connection, which can allow retries to succeed.

Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <rolandd@cisco.com>
2007-03-06 14:58:11 -08:00
Magnus Damm
cee87af2a5 [IA64] kexec: Use EFI_LOADER_DATA for ELF core header
The address where the ELF core header is stored is passed to the secondary
kernel as a kernel command line option.  The memory area for this header is
also marked as a separate EFI memory descriptor on ia64.

The separate EFI memory descriptor is at the moment of the type
EFI_UNUSABLE_MEMORY.  With such a type the secondary kernel skips over the
entire memory granule (config option, 16M or 64M) when detecting memory.
If we are lucky we will just lose some memory, but if we happen to have
data in the same granule (such as an initramfs image), then this data will
never get mapped and the kernel bombs out when trying to access it.

So this is an attempt to fix this by changing the EFI memory descriptor
type into EFI_LOADER_DATA.  This type is the same type used for the kernel
data and for initramfs.  In the secondary kernel we then handle the ELF
core header data the same way as we handle the initramfs image.

This patch contains the kernel changes to make this happen.  Pretty
straightforward, we reserve the area in reserve_memory().  The address for
the area comes from the kernel command line and the size comes from the
specialized EFI parsing function vmcore_find_descriptor_size().

The kexec-tools-testing code for this can be found here:
http://lists.osdl.org/pipermail/fastboot/2007-February/005983.html

Signed-off-by: Magnus Damm <magnus@valinux.co.jp>
Cc: Simon Horman <horms@verge.net.au>
Cc: Vivek Goyal <vgoyal@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2007-03-06 14:50:33 -08:00
Nick Piggin
41d5e5d73e [IA64] permon use-after-free fix
Perfmon associates vmalloc()ed memory with a file descriptor, and installs
a vma mapping that memory.  Unfortunately, the vm_file field is not filled
in, so processes with mappings to that memory do not prevent the file from
being closed and the memory freed.  This results in use-after-free bugs and
multiple freeing of pages, etc.

I saw this bug on an Altix on SLES9.  Haven't reproduced upstream but it
looks like the same issue is there.

Signed-off-by: Nick Piggin <npiggin@suse.de>
Cc: Stephane Eranian <eranian@hpl.hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
2007-03-06 14:49:52 -08:00