| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
| |\
| |
| |
| |
| | |
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] DEC: Remove call to register_prom_console.
|
| | |
| |
| |
| |
| |
| | |
Register_prom_console was removed when mips was converted to early printk.
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
| |/
|
|
|
|
|
| |
missing close bracket.
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
x86_64 nvidia_bugs() broke when we bailed out on not finding the HPET.
However, the quirk works by checking for _not_ finding the HPET...
Delete the nvidia_hpet_detected flag and simply test for
not finding the HPET, which is simple to do now that
acpi_table_parse returns 1 on failure.
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In my previous x86_64 thread fix, I forgot to initialize thread.arch.fs in
arch_prctl. A process calling arch_prctl to set %fs would lose it on the
next context switch.
It also turns out that you can switch to a process which is in the process
of exiting and which has lost its mm. In this case, it's worse than
useless to try to call arch_prctl on the host process.
Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IA64 and ARM-OABI are currently using their own version of epoll compat_
code.
An architecture needs epoll_event translation if alignof(u64) in 32 bit
mode is different from alignof(u64) in 64 bit mode. If an architecture
needs epoll_event translation, it must define struct compat_epoll_event in
asm/compat.h and set CONFIG_HAVE_COMPAT_EPOLL_EVENT and use
compat_sys_epoll_ctl and compat_sys_epoll_wait.
All 64 bit architecture should use compat_sys_epoll_pwait.
[sfr: restructure and move to fs/compat.c, remove MIPS version
of compat_sys_epoll_pwait, use __put_user_unaligned]
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: "Luck, Tony" <tony.luck@intel.com>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also PTRACE_OLDSETOPTIONS should be accepted, as done by kernel/ptrace.c
and forced by binary compatibility. UML/32bit breaks because of this -
since it is wise enough to use PTRACE_OLDSETOPTIONS to be binary compatible
with 2.4 host kernels.
Until 2.6.17 (commit f0f2d6536e3515b5b1b7ae97dc8f176860c8c2ce) we had:
default:
return sys_ptrace(request, pid, addr, data);
Instead here we have:
case PTRACE_GET_THREAD_AREA:
case ...:
return sys_ptrace(request, pid, addr, data);
default:
return -EINVAL;
This change was a style change - when a case is added, it must be
explicitly tested this way. In this case, not enough testing was done.
Cc: Andi Kleen <ak@suse.de>
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Cc: <stable@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Avoid reusing userspace errno twice - it can be cleared by libc code
everywhere (in particular printk() does clear it in my setup).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Avoid returning ENOMEM in case of a duplicate IRQ - ENOMEM was saved into err
earlier.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Fix confusion about call context - comments and code are inconsistent and
plain wrong, my fault.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since both UML consoles do not use percpu variables, they may be called when
the cpu is still offline, and they may be marked CON_ANYTIME (this is
documented in kernel/printk.c, grep for CON_ANYTIME to find mentions of this).
Works well in testing done with lock debug enabled, should be safe but is not
needed for next release.
This would probably help also stderr_console.c, but this is yet to test.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
| |
os_usr1_signal() is totally unused, os_usr1_process() is used only by TT mode.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |
|
|
|
|
|
|
|
| |
Memory allocated by mcast_user_init must be freed in the matching mcast_remove.
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it>
Acked-by: Jeff Dike <jdike@addtoit.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |\
| |
| |
| |
| |
| |
| | |
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] ARC: Fix several compiler warnings.
[MIPS] ISA: Fix typo
[CHAR] ds1286: Fix handling of seconds in RTC_ALM_SET ioctl.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CC arch/mips/arc/init.o
arch/mips/arc/init.c: In function 'prom_init':
arch/mips/arc/init.c:27: warning: ISO C90 forbids mixed declarations and code
arch/mips/arc/init.c:35: warning: format ‘%08lx’ expects type ‘long unsigned int’, but argument 2 has type 'ULONG'
arch/mips/arc/init.c:28: warning: unused variable 'c'
arch/mips/arc/init.c:27: warning: unused variable ‘cnt’
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| | |
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] fsys_getcpu for IA64
[IA64] remove duplicate declaration of efi_initialize_iomem_resources
[IA64] Pick highest possible saved_max_pfn for crash_dump
[IA64] fix NULL pointer in ia64/irq_chip-mask/unmask function
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On 1.6GHz Montectio Tiger4, the following performance data is measured with
kernel built with defconfig which has NUMA configured:
Fastest sys_getcpu: 502 itc counts.
Fastest fsys_getcpu: 28 itc counts.
fsys_getcpu performance is largly impacted by whether data (node_to_cpu_map
etc) is in cache. It can take fsys_getcpu up to ~150 itc counts in cold
cache case.
Signed-off-by: Fenghua Yu <fenghua.yu@intel.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
efi_initialize_iomem_resources() is declared in both include/linux/efi.h
and arch/ia64/kernel/setup.c. This patch removes the latter.
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Berhhard Walle noted that on his HP rx8640 he ended up with saved_max_pfn
smaller than the highest address of system ram in /proc/iomem and proposed
a patch to base the address on the unrounded and unfiltered EFI memory
map address. Simon Horman and Magnus Damm suggested that the whole test
be moved earlier in the function. This is the combination of both of
these patches.
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch fixes boot failure because irq_desc->mask() is NULL.
- Added mask/unmask functions to ia64's irq desc function table.
- rename hw_interrupt_type to irq_chip. hw_interrupt_type is old name.
- Tony: Added same change to arch/ia64/sn/kernel/irq.c as pointed out
by Eric Biederman ... mask/unmask functions there can be no-op.
Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 'for-linus' of git://www.atmel.no/~hskinnemoen/linux/kernel/avr32:
avr32: dma-mapping.h
[AVR32] Don't use kmap() in flush_icache_page()
[AVR32] Fix bogus ti->flags manipulation in debug handler
[AVR32] Fix typo in include/asm-avr32/Kbuild
[AVR32] show_trace: Only walk valid stack addresses
[AVR32] at32_spi_setup_slaves should be __init
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
flush_icache_page() can be called from atomic context, so we can't
use kmap(). Use page_address() instead.
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We should OR in a bitmask, not a bit offset, into ti->flags. This
might fix some strange behaviour when single stepping.
Also, use set_ti_thread_flag() to manipulate the flags to avoid
surprises in the future.
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Terminate the frame pointer walk if (a) the address is outside the
task's kernel stack or (b) if the frame pointer isn't monotonically
increasing. Without this fix, show_trace() may enter an infinite
loop, walking through random data anywhere in memory.
Since any address within the kernel stack is guaranteed to be valid,
we may eliminate the __get_user() calls as well.
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
|
| | |/
| |
| |
| | |
Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* master.kernel.org:/pub/scm/linux/kernel/git/lethal/sh-2.6:
sh: Kill off I/O cruft for R7780RP.
sh: Revert lazy dcache writeback changes.
sh: Enable SM501 support for RTS7751R2D.
sh: Use L1_CACHE_BYTES for .data.cacheline_aligned.
sysctl: Support vdso_enabled sysctl on SH.
sh: Fix kernel thread stack corruption with preempt.
doc: Add SH to vdso and earlyprintk in kernel-parameters.txt
sh: Fix sigmask trampling in signal delivery.
sh: Clear UBC when not in use.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
We don't have any use for these machvec fixups anymore, kill them all
off and go with the generic instead.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
These ended up causing too many problems on older parts,
revert for now..
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This enables the SM501 drivers for the R2D board. Additional
work needs to be done to migrate off of the VoyagerGX cchip
code to make use of the rest of the mfd infrastructure.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously this was using a hardcoded 32, use L1_CACHE_BYTES for
cacheline alignment instead.
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When I run a preemptive kernel-2.6.20 for SH7780, a created
kthread(pdflush) can not exit by do_exit() in kernel_thread_helper. I
think that the created kthread should have a room for 'struct pt_regs'
space on the stack top, because __switch_to() will refer to the space as
follows using 'regs = task_pt_regs(prev)' and next condition may be true.
Signed-off-by: Hideo Saito <saito@densan.co.jp>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There was a missing return in do_signal() that caused the saved
sigmask to be written back after having successfully delivered
the signal.
Signed-off-by: Ryusuke Sakato <sakato@hsdv.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This takes care of tearing down the UBC so it's not inadvertently
left configured at the next context switch time. Failure to do
this results in spurious SIGTRAPs in certain debug sequences.
Signed-off-by: Stuart Menefy <stuart.menefy@st.com>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
check_tsc_sync_source() depends on being called with irqs disabled (it
checks whether the TSC is coherent across two specific CPUs). This is
incidentally true during bootup, but not during cpu hotplug __cpu_up().
This got found via smp_processor_id() debugging.
disable irqs explicitly and remove the unconditional enabling of
interrupts. Add touch_nmi_watchdog() to the cpu_online_map busy loop.
this bug is present both on i386 and on x86_64.
Reported-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* 'for-linus' of git://git390.osdl.marist.edu/pub/scm/linux-2.6:
[S390] cio: Call cancel_halt_clear even when actl == 0.
[S390] cio: Use path verification to check for path state.
[S390] cio: Fix locking when calling notify function.
[S390] Fixed handling of access register mode faults.
[S390] dasd: Use default recovery for SNSS requests
[S390] check_bugs() should be inline.
[S390] tape: Compression overwrites crypto setting
[S390] nss: disable kexec.
[S390] reipl: move dump_prefix_page out of text section.
[S390] smp: disable preemption in smp_call_function/smp_call_function_on
[S390] kprobes breaks BUG_ON
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Replaced check_user_space() + __check_access_register with the new
check_space(). The old functions made wrong assumptions about kernel
and user space when the kernel and user address spaces are switched
(kernel in home space, user in primary/secondary space).
Secondly the user process can switch to the accress register mode if
it is running in primary or secondary mode. In addition it can load
an arbitrary value to the access registers. If any other value than
0 for primary space or 1 for secondary space is loaded and memory
is accessed using the base register related to the access register,
the program should be terminated with a SIGSEGV. To achieve that the
DUALD pointer in the DUCT and the PSALD pointer in the PASTE need
to point to an array of 8 invalid access-list entries to get a
ALEN-translation exception if an invalid alet is used.
Signed-off-by: Gerald Schaefer <geraldsc@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
nss and kexec don't work together since kexec wants to write to the
read-only text section of the shared kernel image.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Reipl doesn't work on older machines were s390_reset_machine() gets
called. The reason is that the text section is read-only but the
variable dump_prefix_page is there. Since s390_reset_machine() writes
to it we get a protection exception.
Therefore move dump_prefix_page to the bss section.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Avoid sprinkling a _lot_ of preempt_disable/preempt_enable pairs.
This would be necessary for e.g. the iucv driver. Also this way we
are more consistent with other architectures which disable
preemption at least for smp_call_function.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The illegal operation handler calls the die notifier with DIE_BPT to
let kprobes pick up its breakpoint. If kprobes does not find its
breakpoint it returns NOTIFY_STOP instead of NOTIFY_DONE.
Since we use stop_machine_run on s390 to arm/disarm the kprobes
breakpoints the race that kprobe_handler tries to solve by checking
for the kprobes breakpoints does not exist. Removing the check makes
BUG_ON working again.
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove un-used/un-referenced local_bh_count.
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use irq_handler_t for passing clock handler routine around.
And use new rtc_time in place of hwclock_time.
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Remove regs arg from bad interrupt handler.
Use irq_handler_t type for handler arg of local request_irq().
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use irq_handler_t type for passing around timer interrupt routine
in 368360 setup code.
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use irq_handler_t type for passing around timer interrupt routine.
Signed-off-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
| |\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux-2.6:
[IA64] kexec: Use EFI_LOADER_DATA for ELF core header
[IA64] permon use-after-free fix
[IA64] sync compat getdents
[IA64] always build arch/ia64/lib/xor.o
[IA64] Remove stack hard limit on ia64
[IA64] point saved_max_pfn to the max_pfn of the entire system
Revert "[IA64] swiotlb abstraction (e.g. for Xen)"
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The address where the ELF core header is stored is passed to the secondary
kernel as a kernel command line option. The memory area for this header is
also marked as a separate EFI memory descriptor on ia64.
The separate EFI memory descriptor is at the moment of the type
EFI_UNUSABLE_MEMORY. With such a type the secondary kernel skips over the
entire memory granule (config option, 16M or 64M) when detecting memory.
If we are lucky we will just lose some memory, but if we happen to have
data in the same granule (such as an initramfs image), then this data will
never get mapped and the kernel bombs out when trying to access it.
So this is an attempt to fix this by changing the EFI memory descriptor
type into EFI_LOADER_DATA. This type is the same type used for the kernel
data and for initramfs. In the secondary kernel we then handle the ELF
core header data the same way as we handle the initramfs image.
This patch contains the kernel changes to make this happen. Pretty
straightforward, we reserve the area in reserve_memory(). The address for
the area comes from the kernel command line and the size comes from the
specialized EFI parsing function vmcore_find_descriptor_size().
The kexec-tools-testing code for this can be found here:
http://lists.osdl.org/pipermail/fastboot/2007-February/005983.html
Signed-off-by: Magnus Damm <magnus@valinux.co.jp>
Cc: Simon Horman <horms@verge.net.au>
Cc: Vivek Goyal <vgoyal@in.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Perfmon associates vmalloc()ed memory with a file descriptor, and installs
a vma mapping that memory. Unfortunately, the vm_file field is not filled
in, so processes with mappings to that memory do not prevent the file from
being closed and the memory freed. This results in use-after-free bugs and
multiple freeing of pages, etc.
I saw this bug on an Altix on SLES9. Haven't reproduced upstream but it
looks like the same issue is there.
Signed-off-by: Nick Piggin <npiggin@suse.de>
Cc: Stephane Eranian <eranian@hpl.hp.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add VERIFY_WRITE check in the beginning like compat_sys_getdents() (EINVAL vs
EFAULT).
Signed-off-by: Alexandr Andreev <aandreev@openvz.org>
Signed-off-by: Alexey Dobriyan <adobriyan@openvz.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Tony Luck <tony.luck@intel.com>
|
