OpenVZ-legacy
  1. OpenVZ-legacy

linux-2.6.27-openvz

Public
AuthorCommitMessageCommit dateIssues
Pavel EmelyanovPavel Emelyanov
aba17c5813cOpenVZ kernel 2.6.27-levitan releasedCalled after Isaac Ilyich Levitan - a classical Russian landscape painter. Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Pavel EmelyanovPavel Emelyanov
2b06dcf6ce8MMerged linux-2.6.27.54Conflicts: Makefile mm/memory.c mm/mmap.c
Greg Kroah-HartmanGreg Kroah-Hartman
4f49db69961Linux 2.6.27.54
Roland McGrathGreg Kroah-HartmanRoland McGrath
1b159e074a4x86-64, compat: Retruncate rax after ia32 syscall entry tracingcommit eefdca043e8391dcd719711716492063030b55ac upstream. In commit d4d6715, we reopened an old hole for a 64-bit ptracer touching a 32-bit tracee in system call entry. A %rax value set via ptrace at the entry tracing stop gets used whole as a 32-bit syscall number, while we only check the low 32 bits for validity. Fix it by truncating %rax back to 32 bits after syscall_trace_enter, in addit...
Anton VorontsovGreg Kroah-HartmanAnton Vorontsov
7a0e4cc1437apm_power: Add missing break statementcommit 1d220334d6a8a711149234dc5f98d34ae02226b8 upstream. The missing break statement causes wrong capacity calculation for batteries that report energy. Reported-by: d binderman <dcb314@hotmail.com> Signed-off-by: Anton Vorontsov <cbouatmailru@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Guillem JoverGreg Kroah-HartmanGuillem Jover
a804b54dcb9hwmon: (f75375s) Do not overwrite values read from registerscommit c3b327d60bbba3f5ff8fd87d1efc0e95eb6c121b upstream. All bits in the values read from registers to be used for the next write were getting overwritten, avoid doing so to not mess with the current configuration. Signed-off-by: Guillem Jover <guillem@hadrons.org> Cc: Riku Voipio <riku.voipio@iki.fi> Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-Hartman <gregkh@...
Guillem JoverGreg Kroah-HartmanGuillem Jover
14df2c15035hwmon: (f75375s) Shift control mode to the correct bit positioncommit 96f3640894012be7dd15a384566bfdc18297bc6c upstream. The spec notes that fan0 and fan1 control mode bits are located in bits 7-6 and 5-4 respectively, but the FAN_CTRL_MODE macro was making the bits shift by 5 instead of by 4. Signed-off-by: Guillem Jover <guillem@hadrons.org> Cc: Riku Voipio <riku.voipio@iki.fi> Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Greg Kroah-...
H. Peter AnvinGreg Kroah-HartmanH. Peter Anvin
1d3fb6bbb5ccompat: Make compat_alloc_user_space() incorporate the access_ok()commit c41d68a513c71e35a14f66d71782d27a79a81ea6 upstream. compat_alloc_user_space() expects the caller to independently call access_ok() to verify the returned area. A missing call could introduce problems on some architectures. This patch incorporates the access_ok() check into compat_alloc_user_space() and also adds a sanity check on the length. The existing compat_alloc_user_space() imple...
H. Peter AnvinGreg Kroah-HartmanH. Peter Anvin
18023624ec3x86-64, compat: Test %rax for the syscall number, not %eaxcommit 36d001c70d8a0144ac1d038f6876c484849a74de upstream. On 64 bits, we always, by necessity, jump through the system call table via %rax. For 32-bit system calls, in theory the system call number is stored in %eax, and the code was testing %eax for a valid system call number. At one point we loaded the stored value back from the stack to enforce zero-extension, but that was removed in chec...
Gary KingGreg Kroah-HartmanGary King
c0a328941a7bounce: call flush_dcache_page() after bounce_copy_vec()commit ac8456d6f9a3011c824176bd6084d39e5f70a382 upstream. I have been seeing problems on Tegra 2 (ARMv7 SMP) systems with HIGHMEM enabled on 2.6.35 (plus some patches targetted at 2.6.36 to perform cache maintenance lazily), and the root cause appears to be that the mm bouncing code is calling flush_dcache_page before it copies the bounce buffer into the bio. The bounced page needs to be flus...
Dan CarpenterGreg Kroah-HartmanDan Carpenter
a80e26256afirda: off by onecommit cf9b94f88bdbe8a02015fc30d7c232b2d262d4ad upstream. This is an off by one. We would go past the end when we NUL terminate the "value" string at end of the function. The "value" buffer is allocated in irlan_client_parse_response() or irlan_provider_parse_command(). CC: stable@kernel.org Signed-off-by: Dan Carpenter <error27@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Steven RostedtGreg Kroah-HartmanSteven Rostedt
9af1d24a2b1tracing: Do not allow llseek to set_ftrace_filtercommit 9c55cb12c1c172e2d51e85fbb5a4796ca86b77e7 upstream. Reading the file set_ftrace_filter does three things. 1) shows whether or not filters are set for the function tracer 2) shows what functions are set for the function tracer 3) shows what triggers are set on any functions 3 is independent from 1 and 2. The way this file currently works is that it is a state machine, and as you read i...
Luis R. RodriguezGreg Kroah-HartmanLuis R. Rodriguez
d14a2c2005cath9k_hw: fix parsing of HT40 5 GHz CTLscommit 904879748d7439a6dabdc6be9aad983e216b027d upstream. The 5 GHz CTL indexes were not being read for all hardware devices due to the masking out through the CTL_MODE_M mask being one bit too short. Without this the calibrated regulatory maximum values were not being picked up when devices operate on 5 GHz in HT40 mode. The final output power used for Atheros devices is the minimum between t...
Takashi IwaiGreg Kroah-HartmanTakashi Iwai
d0d3c686c7cALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()commit 27f7ad53829f79e799a253285318bff79ece15bd upstream. The error handling in snd_seq_oss_open() has several bad codes that do dereferecing released pointers and double-free of kmalloc'ed data. The object dp is release in free_devinfo() that is called via private_free callback. The rest shouldn't touch this object any more. The patch changes delete_port() to call kfree() in any case, and g...CVE-2010
Greg Kroah-HartmanGreg Kroah-Hartman
10089188980Linux 2.6.27.53
Greg Kroah-HartmanGreg Kroah-Hartman
7bb7a0dd003USB: io_ti: check firmware version before updatingcommit 0827a9ff2bbcbb03c33f1a6eb283fe051059482c upstream. If we can't read the firmware for a device from the disk, and yet the device already has a valid firmware image in it, we don't want to replace the firmware with something invalid. So check the version number to be less than the current one to verify this is the correct thing to do. Reported-by: Chris Beauchamp <chris@chillibean.tv> ...
Ross BurtonGreg Kroah-HartmanRoss Burton
38cebc0e22eUSB: add device IDs for igotu to navmancommit 0eee6a2b2a52e17066a572d30ad2805d3ebc7508 upstream. I recently bought a i-gotU USB GPS, and whilst hunting around for linux support discovered this post by you back in 2009: http://kerneltrap.org/mailarchive/linux-usb/2009/3/12/5148644 >Try the navman driver instead. You can either add the device id to the > driver and rebuild it, or do this before you plug the device in: > modprobe ...GT-600
Dave AirlieGreg Kroah-HartmanDave Airlie
2afa902362edrm: stop information leak of old kernel stack.commit b9f0aee83335db1f3915f4e42a5e21b351740afd upstream. non-critical issue, CVE-2010-2803 Userspace controls the amount of memory to be allocate, so it can get the ioctl to allocate more memory than the kernel uses, and get access to kernel stack. This can only be done for processes authenticated to the X server for DRI access, and if the user has DRI access. Fix is to just memset the data...CVE-2010
Jan BeulichGreg Kroah-HartmanJan Beulich
346767e3c92fixes for using make 3.82commit 3c955b407a084810f57260d61548cc92c14bc627 upstream. It doesn't like pattern and explicit rules to be on the same line, and it seems to be more picky when matching file (or really directory) names with different numbers of trailing slashes. Signed-off-by: Jan Beulich <jbeulich@novell.com> Acked-by: Sam Ravnborg <sam@ravnborg.org> Andrew Benton <b3nton@gmail.com> Signed-off-by: Michal Mar...
Oliver HartkoppGreg Kroah-HartmanOliver Hartkopp
aa184a2b0bdcan: add limit for nframes and clean up signed/unsigned variablescommit 5b75c4973ce779520b9d1e392483207d6f842cde upstream. This patch adds a limit for nframes as the number of frames in TX_SETUP and RX_SETUP are derived from a single byte multiplex value by default. Use-cases that would require to send/filter more than 256 CAN frames should be implemented in userspace for complexity reasons anyway. Additionally the assignments of unsigned values from users...
Stephen SmalleyGreg Kroah-HartmanStephen Smalley
5a91177ccf6selinux: use default proc sid on symlinkscommit ea6b184f7d521a503ecab71feca6e4057562252b upstream. As we are not concerned with fine-grained control over reading of symlinks in proc, always use the default proc SID for all proc symlinks. This should help avoid permission issues upon changes to the proc tree as in the /proc/net -> /proc/self/net example. This does not alter labeling of symlinks within /proc/pid directories. ls -Zd /pr...
Sam RavnborgGreg Kroah-HartmanSam Ravnborg
5981f194641kbuild: fix make incompatibilitycommit 31110ebbec8688c6e9597b641101afc94e1c762a upstream. "Paul Smith" <psmith@gnu.org> reported that we would fail to build with a new check that may be enabled in an upcoming version of make. The error was: Makefile:442: *** mixed implicit and normal rules. Stop. The problem is that we did stuff like this: config %config: ... The solution was simple - the above was split into two...
Russell KingGreg Kroah-HartmanRussell King
c12a6717916ARM: Tighten check for allowable CPSR valuescommit 41e2e8fd34fff909a0e40129f6ac4233ecfa67a9 upstream. Reviewed-by: Arve Hjønnevåg <arve@android.com> Acked-by: Dima Zavin <dima@android.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-HartmanGreg Kroah-Hartman
59a8e9b9279Linux 2.6.27.52
Linus TorvaldsGreg Kroah-HartmanLinus Torvalds
75f7ffb7d45mm: fix up some user-visible effects of the stack guard pagecommit d7824370e26325c881b665350ce64fb0a4fde24a upstream. This commit makes the stack guard page somewhat less visible to user space. It does this by: - not showing the guard page in /proc/<pid>/maps It looks like lvm-tools will actually read /proc/self/maps to figure out where all its mappings are, and effectively do a specialized "mlockall()" in user space. By not showing the gu...
Linus TorvaldsGreg Kroah-HartmanLinus Torvalds
dd0e5672339mm: fix page table unmap for stack guard page properlycommit 11ac552477e32835cb6970bf0a70c210807f5673 upstream. We do in fact need to unmap the page table _before_ doing the whole stack guard page logic, because if it is needed (mainly 32-bit x86 with PAE and CONFIG_HIGHPTE, but other architectures may use it too) then it will do a kmap_atomic/kunmap_atomic. And those kmaps will create an atomic region that we cannot do allocations in. However,...
Hugh DickinsGreg Kroah-HartmanHugh Dickins
01ee2e1e304mm: pass correct mm when growing stackcommit 05fa199d45c54a9bda7aa3ae6537253d6f097aa9 upstream. Tetsuo Handa reports seeing the WARN_ON(current->mm == NULL) in security_vm_enough_memory(), when do_execve() is touching the target mm's stack, to set up its args and environment. Yes, a UMH_NO_WAIT or UMH_WAIT_PROC call_usermodehelper() spawns an mm-less kernel thread to do the exec. And in any case, that vm_enough_memory check when...
Greg Kroah-HartmanGreg Kroah-Hartman
a980300e27cx86: don't send SIGBUS for kernel page faultsBased on commit 96054569190bdec375fe824e48ca1f4e3b53dd36 upstream, authored by Linus Torvalds. This is my backport to the .27 kernel tree, hopefully preserving the same functionality. Original commit message: It's wrong for several reasons, but the most direct one is that the fault may be for the stack accesses to set up a previous SIGBUS. When we have a kernel exception, the kernel excep...
Linus TorvaldsGreg Kroah-HartmanLinus Torvalds
b522544929bmm: fix missing page table unmap for stack guard page failure casecommit 5528f9132cf65d4d892bcbc5684c61e7822b21e9 upstream. .. which didn't show up in my tests because it's a no-op on x86-64 and most other architectures. But we enter the function with the last-level page table mapped, and should unmap it at exit. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Linus TorvaldsGreg Kroah-HartmanLinus Torvalds
7a9f6ef4223mm: keep a guard page below a grow-down stack segmentcommit 320b2b8de12698082609ebbc1a17165727f4c893 upstream. This is a rather minimally invasive patch to solve the problem of the user stack growing into a memory mapped area below it. Whenever we fill the first page of the stack segment, expand the segment down by one page. Now, admittedly some odd application might _want_ the stack to grow down into the preceding memory mapping, and so we ma...
Greg Kroah-HartmanGreg Kroah-Hartman
7ee47d833eaLinux 2.6.27.51
Andrew MortonGreg Kroah-HartmanAndrew Morton
cc3a4347f0cmm/backing-dev.c: remove recently-added WARN_ON()commit 69fc208be5b7eb18d22d1eca185b201400fd5ffc upstream. On second thoughts, this is just going to disturb people while telling us things which we already knew. Cc: Peter Korsgaard <jacmet@sunsite.dk> Cc: Peter Zijlstra <a.p.zijlstra@chello.nl> Cc: Kay Sievers <kay.sievers@vrfy.org> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-...
Kay SieversGreg Kroah-HartmanKay Sievers
e3af6cabe0abdi: register sysfs bdi device only once per queuecommit f1d0b063d993527754f062c589b73f125024d216 upstream. Devices which share the same queue, like floppies and mtd devices, get registered multiple times in the bdi interface, but bdi accounts only the last registered device of the devices sharing one queue. On remove, all earlier registered devices leak, stay around in sysfs, and cause "duplicate filename" errors if the devices are re-creat...
Jeremy FitzhardingeGreg Kroah-HartmanJeremy Fitzhardinge
411643192e5xen: drop xen_sched_clock in favour of using plain wallclock timecommit 8a22b9996b001c88f2bfb54c6de6a05fc39e177a upstream. xen_sched_clock only counts unstolen time. In principle this should be useful to the Linux scheduler so that it knows how much time a process actually consumed. But in practice this doesn't work very well as the scheduler expects the sched_clock time to be synchronized between cpus. It also uses sched_clock to measure the time a task...
Dave KleikampGreg Kroah-HartmanDave Kleikamp
8d026ff8f0ajfs: don't allow os2 xattr namespace overlap with otherscommit aca0fa34bdaba39bfddddba8ca70dba4782e8fe6 upstream. It's currently possible to bypass xattr namespace access rules by prefixing valid xattr names with "os2.", since the os2 namespace stores extended attributes in a legacy format with no prefix. This patch adds checking to deny access to any valid namespace prefix following "os2.". Signed-off-by: Dave Kleikamp <shaggy@linux.vnet.ibm.com...
Nathan LynchGreg Kroah-HartmanNathan Lynch
fb522b653dasignalfd: fill in ssi_int for posix timers and message queuescommit a2a20c412c86e0bb46a9ab0dd31bcfe6d201b913 upstream. If signalfd is used to consume a signal generated by a POSIX interval timer or POSIX message queue, the ssi_int field does not reflect the data (sigevent->sigev_value) supplied to timer_create(2) or mq_notify(3). (The ssi_ptr field, however, is filled in.) This behavior differs from signalfd's treatment of sigqueue-generated signals -...
Julia LawallGreg Kroah-HartmanJulia Lawall
0dd272ef0b3fs/ecryptfs/file.c: introduce missing freecommit ceeab92971e8af05c1e81a4ff2c271124b55bb9b upstream. The comments in the code indicate that file_info should be released if the function fails. This releasing is done at the label out_free, not out. The semantic match that finds this problem is as follows: (http://www.emn.fr/x-info/coccinelle/) // <smpl> @r exists@ local idexpression x; statement S; expression E; identifier f,f1,l; pos...
Tyler HicksGreg Kroah-HartmanTyler Hicks
1fef595f75ceCryptfs: Handle ioctl calls with unlocked and compat functionscommit c43f7b8fb03be8bcc579bfc4e6ab70eac887ab55 upstream. Lower filesystems that only implemented unlocked_ioctl weren't being passed ioctl calls because eCryptfs only checked for lower_file->f_op->ioctl and returned -ENOTTY if it was NULL. eCryptfs shouldn't implement ioctl(), since it doesn't require the BKL. This patch introduces ecryptfs_unlocked_ioctl() and ecryptfs_compat_ioctl(), which...
NeilBrownGreg Kroah-HartmanNeilBrown
ea77f594f05md/raid10: fix deadlock with unaligned read during resynccommit 51e9ac77035a3dfcb6fc0a88a0d80b6f99b5edb1 upstream. If the 'bio_split' path in raid10-read is used while resync/recovery is happening it is possible to deadlock. Fix this be elevating ->nr_waiting for the duration of both parts of the split request. This fixes a bug that has been present since 2.6.22 but has only started manifesting recently for unknown reasons. It is suitable for and -...
Tejun HeoGreg Kroah-HartmanTejun Heo
0945d6a3e92PCI: disable MSI on VIA K8M800commit 549e15611b4ac1de51ef0e0a79c2704f50a638a2 upstream. MSI delivery from on-board ahci controller doesn't work on K8M800. At this point, it's unclear whether the culprit is with the ahci controller or the host bridge. Given the track record and considering the rather minimal impact of MSI, disabling it seems reasonable. Signed-off-by: Tejun Heo <tj@kernel.org> Reported-by: Rainer Hurtado...
Miklos SzerediGreg Kroah-HartmanMiklos Szeredi
cb8e5c9cd03splice: fix misuse of SPLICE_F_NONBLOCKcommit 6965031d331a642e31278fa1b5bd47f372ffdd5d upstream. SPLICE_F_NONBLOCK is clearly documented to only affect blocking on the pipe. In __generic_file_splice_read(), however, it causes an EAGAIN if the page is currently being read. This makes it impossible to write an application that only wants failure if the pipe is full. For example if the same process is handling both ends of a pipe a...
H. Peter AnvinGreg Kroah-HartmanH. Peter Anvin
8f0b4f678e7nvram: Fix write beyond end condition; prove to gcc copy is safecommit a01c7800420d2c294ca403988488a635d4087a6d upstream. In nvram_write, first of all, correctly handle the case where the file pointer is already beyond the end; we should return EOF in that case. Second, make the logic a bit more explicit so that gcc can statically prove that the copy_from_user() is safe. Once the condition of the beyond-end filepointer is eliminated, the copy is safe but...
Greg Kroah-HartmanGreg Kroah-Hartman
ad41f4ca566Linux 2.6.27.50
Bob PetersonGreg Kroah-HartmanBob Peterson
6fcefe4aef9GFS2: rename causes kernel Oopscommit 728a756b8fcd22d80e2dbba8117a8a3aafd3f203 upstream. This patch fixes a kernel Oops in the GFS2 rename code. The problem was in the way the gfs2 directory code was trying to re-use sentinel directory entries. In the failing case, gfs2's rename function was renaming a file to another name that had the same non-trivial length. The file being renamed happened to be the first directory entr...
James BottomleyGreg Kroah-HartmanJames Bottomley
a85ad775e74SCSI: enclosure: fix error path - actually return ERR_PTR() on errorcommit a91c1be21704113b023919826c6d531da46656ef upstream. we also need to clean up and free the cdev. Reported-by: Jani Nikula <ext-jani.1.nikula@nokia.com> Signed-off-by: James Bottomley <James.Bottomley@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Dan RosenbergGreg Kroah-HartmanDan Rosenberg
e1377aee4e4xfs: prevent swapext from operating on write-only filescommit 1817176a86352f65210139d4c794ad2d19fc6b63 upstream. This patch prevents user "foo" from using the SWAPEXT ioctl to swap a write-only file owned by user "bar" into a file owned by "foo" and subsequently reading it. It does so by checking that the file descriptors passed to the ioctl are also opened for reading. Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com> Reviewed-by: Christ...
Helge DellerGreg Kroah-HartmanHelge Deller
cf32802d762PARISC: led.c - fix potential stack overflow in led_proc_write()commit 4b4fd27c0b5ec638a1f06ced9226fd95229dbbf0 upstream. avoid potential stack overflow by correctly checking count parameter Reported-by: Ilja <ilja@netric.org> Signed-off-by: Helge Deller <deller@gmx.de> Acked-by: Kyle McMartin <kyle@mcmartin.ca> Cc: James E.J. Bottomley <jejb@parisc-linux.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman ...
Alexey DobriyanGreg Kroah-HartmanAlexey Dobriyan
74225fccbb2.gitignore updatescommit c17dad6905fc82d8f523399e5c3f014e81d61df6 upstream. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Greg Kroah-HartmanGreg Kroah-Hartman
ab7249d7e29Linux 2.6.27.49
Andre OsterhuesGreg Kroah-HartmanAndre Osterhues
ae78a9ae239ecryptfs: Bugfix for error related to ecryptfs_hash_bucketscommit a6f80fb7b5986fda663d94079d3bba0937a6b6ff upstream. The function ecryptfs_uid_hash wrongly assumes that the second parameter to hash_long() is the number of hash buckets instead of the number of hash bits. This patch fixes that and renames the variable ecryptfs_hash_buckets to ecryptfs_hash_bits to make it clearer. Fixes: CVE-2010-2492 Signed-off-by: Andre Osterhues <aosterhues@escrypt...CVE-2010