Commit Graph

131134 Commits

Author SHA1 Message Date
Artem Bityutskiy c9927c3ee2 UBIFS: use KERN_CONT
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
2009-03-16 10:52:02 +02:00
Artem Bityutskiy 0a6fb8d9c4 UBIFS: fix lprops committing bug
When writing lprop nodes, do not forget to set @from to 0 when
switching the LEB. This fixes the following bug:

UBIFS error (pid 27768): ubifs_leb_write: writing -15456 bytes at 16:15880, error -22
UBIFS error (pid 27768): do_commit: commit failed, error -22
UBIFS warning (pid 27768): ubifs_ro_mode: switched to read-only mode, error -22
Pid: 27768, comm: freespace Not tainted 2.6.29-rc4-ubifs-2.6 #43
Call Trace:
 [<ffffffffa00c46d6>] ubifs_ro_mode+0x54/0x56 [ubifs]
 [<ffffffffa00cfa16>] do_commit+0x4f5/0x50a [ubifs]
 [<ffffffffa00cfae7>] ubifs_run_commit+0xbc/0xdb [ubifs]
 [<ffffffffa00d42b9>] ubifs_budget_space+0x742/0x9ed [ubifs]
 [<ffffffff812daf45>] ? __mutex_lock_common+0x361/0x3ae
 [<ffffffffa00bc437>] ? ubifs_write_begin+0x18d/0x44c [ubifs]
 [<ffffffffa00bc5cb>] ubifs_write_begin+0x321/0x44c [ubifs]
 [<ffffffff8106222b>] ? trace_hardirqs_on_caller+0x1f/0x14d
 [<ffffffff81097ce2>] generic_file_buffered_write+0x12f/0x2d9
 [<ffffffff8109828d>] __generic_file_aio_write_nolock+0x261/0x295
 [<ffffffff81098aff>] generic_file_aio_write+0x69/0xc5
 [<ffffffffa00bb914>] ubifs_aio_write+0x14c/0x19e [ubifs]
 [<ffffffff810c8f42>] do_sync_write+0xe7/0x12d
 [<ffffffff81055378>] ? autoremove_wake_function+0x0/0x38
 [<ffffffff81149edc>] ? security_file_permission+0x11/0x13
 [<ffffffff810c9827>] vfs_write+0xab/0x105
 [<ffffffff810c9945>] sys_write+0x47/0x6f
 [<ffffffff8100c35b>] system_call_fastpath+0x16/0x1b

Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
2009-03-16 10:51:51 +02:00
Artem Bityutskiy b221337ae4 UBIFS: fix bogus assertion
Empty journal head LEBs are accounted as taken empty as well, so
the GC LEB does not have to be the only taken empty LEB when
nounting/remounting.

Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
2009-03-15 17:20:22 +02:00
Adrian Hunter f55aa59106 UBIFS: fix bug where page is marked uptodate when out of space
UBIFS fast path in write_begin may mark a page up to date
and then discover that there may not be enough space to do
the write, and so fall back to a slow path.  The slow path
tries harder, but may still find no space - leaving the page
marked up to date, when it is not.  This patch ensures that
the page is marked not up to date in that case.

The bug that this patch fixes becomes evident when the write
is into a hole (sparse file) or is at the end of the file
and a subsequent read is off the end of the file.  In both
cases, the file system should return zeros but was instead
returning the page that had not been written because the
file system was out of space.

Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
2009-03-14 16:46:33 +02:00
Artem Bityutskiy cb4f952db3 UBIFS: amend key_hash return value
... which should be uint32_t, not int.

Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
2009-03-08 13:29:41 +02:00
Artem Bityutskiy 3edaae7c5b UBIFS: improve find function interface
Make 'ubifs_find_free_space()' return offset where free space starts,
rather than the amount of free space. This is just more appropriat
for its caller.

Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
2009-03-08 13:29:09 +02:00
Eric Sesterhenn ec32816f94 UBIFS: list usage cleanup
Trivial cleanup, list_del(); list_add{,_tail}() is equivalent
to list_move{,_tail}(). Semantic patch for coccinelle can be
found at www.cccmz.de/~snakebyte/list_move_tail.spatch

Signed-off-by: Eric Sesterhenn <snakebyte@gmx.de>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
2009-02-17 12:45:22 +02:00
Adrian Hunter 2bc275e9b0 UBIFS: fix dbg_chk_lpt_sz()
The debugging function dbg_chk_lpt_sz() was not working
correctly for small min_io_unit size e.g. NOR flash.

Signed-off-by: Adrian Hunter <ext-adrian.hunter@nokia.com>
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
2009-02-09 13:52:49 +02:00
Hugh Dickins d5b562330e mm: fix error case in mlock downgrade reversion
Commit 27421e211a, Manually revert
"mlock: downgrade mmap sem while populating mlocked regions", has
introduced its own regression: __mlock_vma_pages_range() may report
an error (for example, -EFAULT from trying to lock down pages from
beyond EOF), but mlock_vma_pages_range() must hide that from its
callers as before.

Reported-by: Sami Farin <safari-kernel@safari.iki.fi>
Signed-off-by: Hugh Dickins <hugh@veritas.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-08 13:53:28 -08:00
Linus Torvalds 8e4921515c Linux 2.6.29-rc4 2009-02-08 12:37:27 -08:00
Linus Torvalds 58edf8ee5e Merge git://git.kernel.org/pub/scm/linux/kernel/git/arjan/linux-2.6-async-update
* git://git.kernel.org/pub/scm/linux/kernel/git/arjan/linux-2.6-async-update:
  async: use list_move_tail
  async: Rename _special -> _domain for clarity.
  async: Add some documentation.
  async: Handle kthread_run() return codes.
  async: Fix running list handling.
2009-02-08 12:35:26 -08:00
Benjamin Herrenschmidt 1fb25cb8b8 radeonfb: Fix resume from D3Cold on some platforms
For historical reason, this driver used its own saving/restoring
of the PCI config space, and used the state of it on resume as
an indication as to whether it needed to re-POST the chip or not.

This methods breaks with the later core changes since the core will
have restored things for us.

This patch fixes it by removing that custom code, using standard
core methods to save/restore state, and testing for the need to
re-POST by comparing the content of a few key PLL registers.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-08 10:48:57 -08:00
Benjamin Herrenschmidt b746bb7762 aty128fb: Properly save PCI state before changing PCI PM level
This fixes aty128fb to properly save the PCI config space -before- it
potentially switches the PM state of the chip. This avoids a
warning with the new PM core and is the right thing to do anyway.

I also replaced the hand-coded switch to D2 with a call to the
genericc pci_set_power_state() and removed the code that switches it
back to D0 since the generic code is doing that for us nowadays.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-08 10:48:56 -08:00
Benjamin Herrenschmidt b746816863 atyfb: Properly save PCI state before changing PCI PM level
This fixes atyfb to properly save the PCI config space -before- it
potentially switches the PM state of the chip. This avoids a
warning with the new PM core and is the right thing to do anyway.

I also slightly cleaned up the code that checks whether we are
running on a PowerMac to do a runtime check instead of a compile
check only, and replaced a deprecated number with the proper
symbolic constant.

Finally, I removed the useless switch to D0 from resume since
the core does it for us.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-08 10:48:56 -08:00
Stefan Richter f7de7621f0 async: use list_move_tail
list.h provides a dedicated primitive for
"list_del followed by list_add_tail"... list_move_tail.

Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2009-02-08 10:00:26 -08:00
Cornelia Huck 766ccb9ed4 async: Rename _special -> _domain for clarity.
Rename the async_*_special() functions to async_*_domain(), which
describes the purpose of these functions much better.
[Broke up long lines to silence checkpatch]

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
2009-02-08 09:56:11 -08:00
Cornelia Huck f30d5b307c async: Add some documentation.
Add some kerneldoc to the async interface.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
2009-02-08 09:56:11 -08:00
Cornelia Huck 86532d8b16 async: Handle kthread_run() return codes.
If we fail to create the manager thread, fall back to non-fastboot.
If we fail to create an async thread, try again after waiting for
a bit.

Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
2009-02-08 09:56:10 -08:00
Cornelia Huck 7a89bbc749 async: Fix running list handling.
async_schedule() should pass in async_running as the running
list, and run_one_entry() should put the entry to be run on
the provided running list instead of always on the generic one.

Reported-by: Jonathan Corbet <corbet@lwn.net>
Signed-off-by: Cornelia Huck <cornelia.huck@de.ibm.com>
Signed-off-by: Arjan van de Ven <arjan@linux.intel.com>
2009-02-08 09:56:10 -08:00
Linus Torvalds e83102cab0 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6:
  PCI PM: make the PM core more careful with drivers using the new PM framework
  PCI PM: Read power state from device after trying to change it on resume
  PCI PM: Do not disable and enable bridges during suspend-resume
  PCI: PCIe portdrv: Simplify suspend and resume
  PCI PM: Fix saving of device state in pci_legacy_suspend
  PCI PM: Check if the state has been saved before trying to restore it
  PCI PM: Fix handling of devices without drivers
  PCI: return error on failure to read PCI ROMs
  PCI: properly clean up ASPM link state on device remove
2009-02-07 10:46:30 -08:00
Rusty Russell 7f9a50a5b8 module: remove over-zealous check in __module_get()
Impact: fix spurious BUG_ON() triggered under load

module_refcount() isn't reliable outside stop_machine(), as demonstrated
by Karsten Keil <kkeil@suse.de>, networking can trigger it under load
(an inc on one cpu and dec on another while module_refcount() is tallying
 can give false results, for example).

Almost noone should be using __module_get, but that's another issue.

Cc: Karsten Keil <kkeil@suse.de>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-07 08:33:01 -08:00
Linus Torvalds f12b12a8ae Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: (30 commits)
  ACPI: Kconfig text - Fix the ACPI_CONTAINER module name according to the real module name.
  eeepc-laptop: fix oops when changing backlight brightness during eeepc-laptop init
  ACPICA: Fix table entry truncation calculation
  ACPI: Enable bit 11 in _PDC to advertise hw coord
  ACPI: struct device - replace bus_id with dev_name(), dev_set_name()
  ACPI: add missing KERN_* constants to printks
  ACPI: dock: Don't eval _STA on every show_docked sysfs read
  ACPI: disable ACPI cleanly when bad RSDP found
  ACPI: delete CPU_IDLE=n code
  ACPI: cpufreq: Remove deprecated /proc/acpi/processor/../performance proc entries
  ACPI: make some IO ports off-limits to AML
  ACPICA: add debug dump of BIOS _OSI strings
  ACPI: proc_dir_entry 'video/VGA' already registered
  ACPI: Skip the first two elements in the _BCL package
  ACPI: remove BM_RLD access from idle entry path
  ACPI: remove locking from PM1x_STS register reads
  eeepc-laptop: use netlink interface
  eeepc-laptop: Implement rfkill hotplugging in eeepc-laptop
  eeepc-laptop: Check return values from rfkill_register
  eeepc-laptop: Add support for extended hotkeys
  ...
2009-02-07 08:30:20 -08:00
Len Brown 2d29c6a075 Merge branches 'release', 'asus', 'bugzilla-12450', 'cpuidle', 'debug', 'ec', 'misc', 'printk' and 'processor' into release 2009-02-07 01:34:56 -05:00
Thierry Vignaud 370154bbef ACPI: Kconfig text - Fix the ACPI_CONTAINER module name according to the real module name.
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-07 01:12:19 -05:00
Darren Salt 7695fb04ac eeepc-laptop: fix oops when changing backlight brightness during eeepc-laptop init
I got the following oops while changing the backlight brightness during
startup.  When it happens, it prevents use of the hotkeys, Fn-Fx, and the
lid button.

It's a clear use-before-init, as I verified by testing with an
appropriately-placed "else printk".

BUG: unable to handle kernel NULL pointer dereference at 00000000
*pde = 00000000
Oops: 0002 [#1] PREEMPT SMP
Pid: 160, comm: kacpi_notify Not tainted (2.6.28.1-eee901 #4) 901
EIP: 0060:[<c0264e68>]  [<c0264e68>] eeepc_hotk_notify+26/da
EFLAGS: 00010246 CPU: 1
Using defaults from ksymoops -t elf32-i386 -a i386
EAX: 00000009 EBX: 00000000 ECX: 00000009 EDX: f70dbf64
ESI: 00000029 EDI: f7335188 EBP: c02112c9 ESP: f70dbf80
 DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
 f70731e0 f73acd50 c02164ac f7335180 f70aa040 c02112e6 f733518c c012b62f
 f70aa044 f70aa040 c012bdba f70aa04c 00000000 c012be6e 00000000 f70bdf80
 c012e198 f70dbfc4 f70dbfc4 f70aa040 c012bdba 00000000 c012e0c9 c012e091
Call Trace:
 [<c02164ac>] ? acpi_ev_notify_dispatch+4c/55
 [<c02112e6>] ? acpi_os_execute_deferred+1d/25
 [<c012b62f>] ? run_workqueue+71/f1
 [<c012bdba>] ? worker_thread+0/bf
 [<c012be6e>] ? worker_thread+b4/bf
 [<c012e198>] ? autoremove_wake_function+0/2b
 [<c012bdba>] ? worker_thread+0/bf
 [<c012e0c9>] ? kthread+38/5f
 [<c012e091>] ? kthread+0/5f
 [<c0103abf>] ? kernel_thread_helper+7/10
Code: 00 00 00 00 c3 83 3d 60 5c 50 c0 00 56 89 d6 53 0f 84 c4 00 00 00 8d 42
e0 83 f8 0f 77 0f 8b 1d 68 5c 50 c0 89 d8 e8 a9 fa ff ff <89> 03 8b 1d 60 5c
50 c0 89 f2 83 e2 7f 0f b7 4c 53 10 8d 41 01

Signed-off-by: Darren Salt <linux@youmustbejoking.demon.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-07 01:02:07 -05:00
Myron Stowe 386e4a8358 ACPICA: Fix table entry truncation calculation
During early boot, ACPI RSDT/XSDT table entries are gathered into the
'initial_tables[]' array.  This array is currently statically defined (see
./drivers/acpi/tables.c).  When there are more table entries than can be
held in the 'initial_tables[]' array, the message "Truncating N table
entries!" is output.  As currently implemented, this message will always
erroneously calculate N as 0.

This patch fixes the calculation that determines how many table entries
will be missing (truncated).

This modification may be used under either the GPL or the BSD-style
license used for Intel ACPI CA code.

Signed-off-by: Myron Stowe <myron.stowe@hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-07 00:51:23 -05:00
Pallipadi, Venkatesh d96f94c604 ACPI: Enable bit 11 in _PDC to advertise hw coord
Bit 11 in intel PDC definitions is meant for OS capability to handle
hardware coordination of P-states. In Linux we have always supported
hwardware coordination of P-states. Just let the BIOSes know that we
support it, by setting this bit.

Some BIOSes use this bit to choose between hardware or software coordination
and without this change below, BIOSes switch to software coordination, which
is not very optimal in terms of power consumption and extra wakeups from idle.

Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-07 00:41:14 -05:00
Kay Sievers db1461ad43 ACPI: struct device - replace bus_id with dev_name(), dev_set_name()
Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-07 00:41:13 -05:00
Frank Seidel 4d9391557b ACPI: add missing KERN_* constants to printks
According to kerneljanitors todo list all printk calls (beginning
a new line) should have an according KERN_* constant.
Those are the missing peaces here for the acpi subsystem.

Signed-off-by: Frank Seidel <frank@f-seidel.de>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-07 00:29:32 -05:00
Holger Macht fc5a9f8841 ACPI: dock: Don't eval _STA on every show_docked sysfs read
Some devices trigger a DEVICE_CHECK on every evalutation of _STA. This
can also be seen in commit 8b59560a3b
(ACPI: dock: avoid check _STA method).  If an undock is processed, the
dock driver sends a uevent and userspace might read the show_docked
property in sysfs. This causes an evaluation of _STA of the particular
device which causes the dock driver to immediately dock again.

In any case, evaluation of _STA (show_docked) does not necessarily mean
that we are docked, so check with the internal device structure.

http://bugzilla.kernel.org/show_bug.cgi?id=12360

Signed-off-by: Holger Macht <hmacht@suse.de>
Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-06 22:08:15 -05:00
Linus Torvalds ccfef64621 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6:
  CRED: Fix SUID exec regression
2009-02-06 18:52:55 -08:00
Linus Torvalds ae1a25da84 Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable
* git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable: (37 commits)
  Btrfs: Make sure dir is non-null before doing S_ISGID checks
  Btrfs: Fix memory leak in cache_drop_leaf_ref
  Btrfs: don't return congestion in write_cache_pages as often
  Btrfs: Only prep for btree deletion balances when nodes are mostly empty
  Btrfs: fix btrfs_unlock_up_safe to walk the entire path
  Btrfs: change btrfs_del_leaf to drop locks earlier
  Btrfs: Change btrfs_truncate_inode_items to stop when it hits the inode
  Btrfs: Don't try to compress pages past i_size
  Btrfs: join the transaction in __btrfs_setxattr
  Btrfs: Handle SGID bit when creating inodes
  Btrfs: Make btrfs_drop_snapshot work in larger and more efficient chunks
  Btrfs: Change btree locking to use explicit blocking points
  Btrfs: hash_lock is no longer needed
  Btrfs: disable leak debugging checks in extent_io.c
  Btrfs: sort references by byte number during btrfs_inc_ref
  Btrfs: async threads should try harder to find work
  Btrfs: selinux support
  Btrfs: make btrfs acls selectable
  Btrfs: Catch missed bios in the async bio submission thread
  Btrfs: fix readdir on 32 bit machines
  ...
2009-02-06 18:37:22 -08:00
Tyler Hicks fd9fc842bb eCryptfs: Regression in unencrypted filename symlinks
The addition of filename encryption caused a regression in unencrypted
filename symlink support.  ecryptfs_copy_filename() is used when dealing
with unencrypted filenames and it reported that the new, copied filename
was a character longer than it should have been.

This caused the return value of readlink() to count the NULL byte of the
symlink target.  Most applications don't care about the extra NULL byte,
but a version control system (bzr) helped in discovering the bug.

Signed-off-by: Tyler Hicks <tyhicks@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 18:36:40 -08:00
Linus Torvalds eeb94855be Merge branch 'x86/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/frob/linux-2.6-roland
* 'x86/fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/frob/linux-2.6-roland:
  x86-64: fix int $0x80 -ENOSYS return
2009-02-06 18:36:02 -08:00
Roland McGrath c09249f8d1 x86-64: fix int $0x80 -ENOSYS return
One of my past fixes to this code introduced a different new bug.
When using 32-bit "int $0x80" entry for a bogus syscall number,
the return value is not correctly set to -ENOSYS.  This only happens
when neither syscall-audit nor syscall tracing is enabled (i.e., never
seen if auditd ever started).  Test program:

	/* gcc -o int80-badsys -m32 -g int80-badsys.c
	   Run on x86-64 kernel.
	   Note to reproduce the bug you need auditd never to have started.  */

	#include <errno.h>
	#include <stdio.h>

	int
	main (void)
	{
	  long res;
	  asm ("int $0x80" : "=a" (res) : "0" (99999));
	  printf ("bad syscall returns %ld\n", res);
	  return res != -ENOSYS;
	}

The fix makes the int $0x80 path match the sysenter and syscall paths.

Reported-by: Dmitry V. Levin <ldv@altlinux.org>
Signed-off-by: Roland McGrath <roland@redhat.com>
2009-02-06 18:22:29 -08:00
Linus Torvalds 1d87b0d388 Merge branch 'to-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/frob/linux-2.6-roland
* 'to-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/frob/linux-2.6-roland:
  elf core dump: fix get_user use
2009-02-06 18:10:04 -08:00
Roland McGrath 92dc07b1f9 elf core dump: fix get_user use
The elf_core_dump() code does its work with set_fs(KERNEL_DS) in force,
so vma_dump_size() needs to switch back with set_fs(USER_DS) to safely
use get_user() for a normal user-space address.

Checking for VM_READ optimizes out the case where get_user() would fail
anyway.  The vm_file check here was already superfluous given the control
flow earlier in the function, so that is a cleanup/optimization unrelated
to other changes but an obvious and trivial one.

Reported-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Signed-off-by: Roland McGrath <roland@redhat.com>
2009-02-06 17:34:07 -08:00
David Howells 0bf2f3aec5 CRED: Fix SUID exec regression
The patch:

	commit a6f76f23d2
	CRED: Make execve() take advantage of copy-on-write credentials

moved the place in which the 'safeness' of a SUID/SGID exec was performed to
before de_thread() was called.  This means that LSM_UNSAFE_SHARE is now
calculated incorrectly.  This flag is set if any of the usage counts for
fs_struct, files_struct and sighand_struct are greater than 1 at the time the
determination is made.  All of which are true for threads created by the
pthread library.

However, since we wish to make the security calculation before irrevocably
damaging the process so that we can return it an error code in the case where
we decide we want to reject the exec request on this basis, we have to make the
determination before calling de_thread().

So, instead, we count up the number of threads (CLONE_THREAD) that are sharing
our fs_struct (CLONE_FS), files_struct (CLONE_FILES) and sighand_structs
(CLONE_SIGHAND/CLONE_THREAD) with us.  These will be killed by de_thread() and
so can be discounted by check_unsafe_exec().

We do have to be careful because CLONE_THREAD does not imply FS or FILES.

We _assume_ that there will be no extra references to these structs held by the
threads we're going to kill.

This can be tested with the attached pair of programs.  Build the two programs
using the Makefile supplied, and run ./test1 as a non-root user.  If
successful, you should see something like:

	[dhowells@andromeda tmp]$ ./test1
	--TEST1--
	uid=4043, euid=4043 suid=4043
	exec ./test2
	--TEST2--
	uid=4043, euid=0 suid=0
	SUCCESS - Correct effective user ID

and if unsuccessful, something like:

	[dhowells@andromeda tmp]$ ./test1
	--TEST1--
	uid=4043, euid=4043 suid=4043
	exec ./test2
	--TEST2--
	uid=4043, euid=4043 suid=4043
	ERROR - Incorrect effective user ID!

The non-root user ID you see will depend on the user you run as.

[test1.c]
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <pthread.h>

static void *thread_func(void *arg)
{
	while (1) {}
}

int main(int argc, char **argv)
{
	pthread_t tid;
	uid_t uid, euid, suid;

	printf("--TEST1--\n");
	getresuid(&uid, &euid, &suid);
	printf("uid=%d, euid=%d suid=%d\n", uid, euid, suid);

	if (pthread_create(&tid, NULL, thread_func, NULL) < 0) {
		perror("pthread_create");
		exit(1);
	}

	printf("exec ./test2\n");
	execlp("./test2", "test2", NULL);
	perror("./test2");
	_exit(1);
}

[test2.c]
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char **argv)
{
	uid_t uid, euid, suid;

	getresuid(&uid, &euid, &suid);
	printf("--TEST2--\n");
	printf("uid=%d, euid=%d suid=%d\n", uid, euid, suid);

	if (euid != 0) {
		fprintf(stderr, "ERROR - Incorrect effective user ID!\n");
		exit(1);
	}
	printf("SUCCESS - Correct effective user ID\n");
	exit(0);
}

[Makefile]
CFLAGS = -D_GNU_SOURCE -Wall -Werror -Wunused
all: test1 test2

test1: test1.c
	gcc $(CFLAGS) -o test1 test1.c -lpthread

test2: test2.c
	gcc $(CFLAGS) -o test2 test2.c
	sudo chown root.root test2
	sudo chmod +s test2

Reported-by: David Smith <dsmith@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: David Smith <dsmith@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-02-07 08:46:18 +11:00
Dave Kleikamp d4cf109f05 vfs: Don't call attach_nobh_buffers() with an empty list
This is a modification of a patch by Bill Pemberton <wfp5p@virginia.edu>

nobh_write_end() could call attach_nobh_buffers() with head == NULL.
This would result in a trap when attach_nobh_buffers() attempted to
access bh->b_this_page.

This can be illustrated by running the writev01 testcase from LTP on jfs.

This error was introduced by commit 5b41e74a "vfs: fix data leak in
nobh_write_end()".  That patch did not take into account that if
PageMappedToDisk() is true upon entry to nobh_write_begin(), then no
buffers will be allocated for the page.  In that case, we won't have to
worry about a failed write leaving unitialized data in the page.

Of course, head != NULL implies !page_has_buffers(page), so no need to
test both.

Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com>
Cc: Bill Pemberton <wfp5p@virginia.edu>
Cc: Dmitri Monakhov <dmonakhov@openvz.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 13:34:22 -08:00
Linus Torvalds 6cec50838e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound-2.6:
  ALSA: hda - Add missing COEF initialization for ALC887
  ALSA: hda - Add missing initialization for ALC272
  sound: usb-audio: handle wMaxPacketSize for FIXED_ENDPOINT devices
  ALSA: hda - Fix misc workqueue issues
  ALSA: hda - Add quirk for FSC Amilo Xi2550
2009-02-06 11:14:23 -08:00
Len Brown 9e3a9d1ed8 ACPI: disable ACPI cleanly when bad RSDP found
When ACPI is disabled in the BIOS of this VIA C3 box,
it invalidates the RSDP, which Linux notices:

ACPI Error (tbxfroot-0218): A valid RSDP was not found [20080926]

Bug Linux neglected to disable ACPI at that stage,
and later scribbled on smp_found_config:

ACPI: No APIC-table, disabling MPS

But this box doesn't run well in legacy PIC mode,
it needed IOAPIC mode to perform correctly:

http://lkml.org/lkml/2009/2/5/39

So exit ACPI mode cleanly when we first detect
that it is hopeless.

Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-06 14:00:56 -05:00
Len Brown 9fdd54f206 ACPI: delete CPU_IDLE=n code
CPU_IDLE=y has been default for ACPI=y since Nov-2007,
and has shipped in many distributions since then.

Here we delete the CPU_IDLE=n ACPI idle code, since
nobody should be using it, and we don't want to
maintain two versions.

Signed-off-by: Len Brown <len.brown@intel.com>
2009-02-06 12:34:39 -05:00
Linus Torvalds 5e3bd4e4b1 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6:
  ieee1394: dv1394: move deprecation message from module init to file open
  firewire: core: Remove card from list of cards when enable fails
2009-02-06 08:48:16 -08:00
Uwe Kleine-König bcee402e76 Add Sascha Hauer to .mailmap
This fixes the shortlog attribution e.g. for 106757b38f

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 08:47:25 -08:00
Uwe Kleine-König 6d7f2caa77 add another mailmap entry for Uwe Kleine-König
I created commit 7971db5a4b on a machine
where I forgot to set user.name and user.email before.  The default
values were not optimal.

Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Acked-by: Wolfram Sang <w.sang@pengutronix.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 08:47:25 -08:00
Li Zefan 04ec93fe9b fork.c: fix NULL pointer dereference when nr_threads == threads-max
I happened to forked lots of processes, and hit NULL pointer dereference.
It is because in copy_process() after checking max_threads, 0 is returned
but not -EAGAIN.

The bug is introduced by "CRED: Detach the credentials from task_struct"
(commit f1752eec61).

Signed-off-by: Li Zefan <lizf@cn.fujitsu.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2009-02-06 08:43:11 -08:00
Chris Mason 42f15d77df Btrfs: Make sure dir is non-null before doing S_ISGID checks
The S_ISGID check in btrfs_new_inode caused an oops during subvol creation
because sometimes the dir is null.

Signed-off-by: Chris Mason <chris.mason@oracle.com>
2009-02-06 11:35:57 -05:00
Linus Torvalds b2a740aab8 Merge branch 'for-linus' of git://neil.brown.name/md
* 'for-linus' of git://neil.brown.name/md:
  md: Ensure an md array never has too many devices.
  md: Fix a bug in linear.c causing which_dev() to return the wrong device.
  md: Allow read error in a single drive raid1 to be passed up.
2009-02-06 07:41:10 -08:00
Stefan Richter 86431532ec ieee1394: dv1394: move deprecation message from module init to file open
On many Linux installations, the dv1394 driver will be auto-loaded
whenever an AV/C device (e.g. camcorder or audio device) is plugged in.
An irritating message would then appear in the kernel log.

Defer this message to until a dv1394 character device file is actually
used by a program.  Also include the program name in the message and
update the message slightly.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2009-02-06 15:52:28 +01:00
Takashi Iwai b0050cae2b Merge branch 'fix/usb-audio' into for-linus 2009-02-06 14:25:13 +01:00