ChangeSet@1.1896.2.3, 2004-04-22 15:11:12-07:00, lxiep@us.ibm.com
[PATCH] symlink doesn't support kobj name > 20 charaters (KOBJ_NAME_LEN)
Since symlink.c uses "name" field of a kobj when it calculates the
length, it gets a wrong value if the kobj's name has more than 20
charathers. A correct way to do that is to call kobject_name(kobj)
instead of using kobj->name directly.
ChangeSet@1.1896.2.2, 2004-04-22 14:36:55-07:00, lkml@lievin.net
[PATCH] tipar char driver: wrong timeout value
this patch (2.4 & 2.6) fixes a bug about the timeout value. The formula
used to calculate jiffies from timeout is wrong.
The new formula is ok and takes care of integer computation/rounding.
There is the same bug in the tiglusb.c module which will be fixed by another
patch.
ChangeSet@1.1896.1.40, 2004-04-22 13:53:58-07:00, david-b@pacbell.net
[PATCH] USB: usbnet and pl2301/2302 reset
Handle some PL-2301/2302 devices better.
ChangeSet@1.1896.1.39, 2004-04-22 13:53:33-07:00, jan@ccsinfo.com
[PATCH] USB: ftdi patch fixup
I just checked out the latest 2.6.6-rc1-mm1 to see that the ID patch for
ftdi has applied cleanly, but apparently someone was faster and in the
combined ID table our ID's were missing.
Most probably the patch program got confused and applied the hung at wrong
spot..
Attached is a patch that places that 2 lines in the correct spot.
ChangeSet@1.1896.1.38, 2004-04-22 13:53:08-07:00, lkml@lievin.net
[PATCH] USB: tiglusb: wrong timeout value
Hi,
this patch (cumulative; 2.4 & 2.6) fixes another bug in the tiglusb
driver. The formula used to calculate jiffies from timeout is wrong.
The new formula is ok and takes care of integer computation/rounding.
This is the same kind of bug than in the tipar char driver.
ChangeSet@1.1896.1.37, 2004-04-22 13:52:40-07:00, wli@holomorphy.com
[PATCH] USB: silence dpcm warning
Warnings aren't terribly important in and of themselves, but there
isn't really much the warning tells us to do here, so it would appear
that caving in to the compiler is the thing to do for now.
ChangeSet@1.1896.1.36, 2004-04-22 13:43:39-07:00, david-b@pacbell.net
[PATCH] USB: rndis gadget driver updates
Various build fixes: 64bit (Andrew Morton), static linking,
broken on big-endian, etc.
Tighten up the integration with the main "ether" driver, so
state transitions and host ethernet addresses are shared too.
Add missing spinlock calls around RNDIS command outcall,
fix GET_INTERFACE issue, host mustn't clobber netdev flags.
Minor code cleanups.
ChangeSet@1.1896.1.35, 2004-04-22 13:43:11-07:00, david-b@pacbell.net
[PATCH] USB: ehci handles pci misbehavior better
Cope better when PCI misbehaves badly and registers misbehave:
- terminate some loops before they get to infinity
* capability scan
* port reset
- after init failure, memory may already be cleaned up
Some systems have been reporting such problems after ACPI resume.
ChangeSet@1.1896.3.23, 2004-04-22 13:38:54-07:00, mikpe@csd.uu.se
[PATCH] use smp_processor_id() in init_IRQ()
This replaces current_thread_info()->cpu in i386' init_IRQ() by the
equivalent smp_processor_id().
Reduces overhead on UP, and makes the code cleaner.
ChangeSet@1.1896.3.22, 2004-04-22 13:38:42-07:00, mikpe@csd.uu.se
[PATCH] clean up Pentium M quirk code in nmi.c
This simplifies the Pentium M quirk code in nmi.c, and eliminates an
unnecessary apic_read().
Local APIC accesses are not zero-cycle; let's not inflict more damage
than we must.
ChangeSet@1.1896.3.21, 2004-04-22 13:38:29-07:00, akpm@osdl.org
[PATCH] ppc64: Set ARCH_MIN_TASKALIGN
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
We need some alignement of those structs for proper operations especially
with FP and Altivec, or SLAB_DEBUG can break us.
ChangeSet@1.1896.3.20, 2004-04-22 13:38:16-07:00, akpm@osdl.org
[PATCH] ppc64: add some iSeries proc entries
From: Stephen Rothwell <sfr@canb.auug.org.au>
This patch just adds some proc entries for the virtual tape and cdrom
drivers to allow mapping between linux devices and OS/400 ones. This is
expected by existing users and there is no other way to do this
translation.
ChangeSet@1.1896.3.19, 2004-04-22 13:38:04-07:00, akpm@osdl.org
[PATCH] sunrpc rmmod oops fix
From: "J. Bruce Fields" <bfields@fieldses.org>
Unregister svcauth_gss caches on exit from gss module; fixes an oops on
rmmod.
ChangeSet@1.1896.3.18, 2004-04-22 13:37:51-07:00, akpm@osdl.org
[PATCH] Set ARCH_MIN_TASKALIGN on ppc32
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
From: David Woodhouse <dwmw2@infradead.org>
Without this the task struct gets unaligned when using SLAB_DEBUG, causing
random problems with FP and Altivec.
ChangeSet@1.1896.3.17, 2004-04-22 13:37:38-07:00, akpm@osdl.org
[PATCH] Update comment in fs/compat.c
From: Ralf Baechle <ralf@linux-mips.org>
MIPS now also uses the generic ioctl compat code.
ChangeSet@1.1896.3.16, 2004-04-22 13:37:25-07:00, akpm@osdl.org
[PATCH] MIPS is an a.out free zone
From: Ralf Baechle <ralf@linux-mips.org>
MIPS never uses a.out
ChangeSet@1.1896.3.15, 2004-04-22 13:37:12-07:00, akpm@osdl.org
[PATCH] Merge missing MIPS i8042 bits
From: Ralf Baechle <ralf@linux-mips.org>
- Add HPC3 PS/2 driver bits for SGI IP22 aka Indy
- Add Mace PS/2 driver bits for SGI IP32 aka O2
- Add R4030 PS/2 driver bits for Jazz family
- Don't register I/O ports where we're using the I/O port memory window
to access the i8042 registers
ChangeSet@1.1896.3.14, 2004-04-22 13:36:59-07:00, akpm@osdl.org
[PATCH] Add Pete Popov to credits
From: Ralf Baechle <ralf@linux-mips.org>
Add Pete to CREDITS for all the time he's invested into supporting the AMD
Alchemy of SOCs and eval boards.
ChangeSet@1.1896.3.13, 2004-04-22 13:36:45-07:00, akpm@osdl.org
[PATCH] MIPS: PCI code is now shared.
From: Ralf Baechle <ralf@linux-mips.org>
All MIPS systems use the same PCI code now.
ChangeSet@1.1896.3.12, 2004-04-22 13:36:32-07:00, akpm@osdl.org
[PATCH] fbdev comment fix
Fix the incorrect comment which caused the fb_ioctl confusion.
ChangeSet@1.1896.3.11, 2004-04-22 13:36:19-07:00, akpm@osdl.org
[PATCH] dynamic proc cleanups
From: Matt Mackall <mpm@selenic.com>
Delete obsolete comment and kill test of obsolete define.
ChangeSet@1.1896.3.10, 2004-04-22 13:36:07-07:00, akpm@osdl.org
[PATCH] EDD: set sysfs attr owner field
From: Matt Domsch <Matt_Domsch@dell.com>
The patch below from Michael E. Brown properly sets the owner field of a
sysfs attribute. Without this patch, it is possible to crash the kernel with
a simultaneous insmod/rmmod while reading files exported by the module.
ChangeSet@1.1896.3.9, 2004-04-22 13:35:53-07:00, akpm@osdl.org
[PATCH] s390: crypto api.
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
Add support for z990 crypto instructions to in-kernel crypto api.
ChangeSet@1.1896.3.8, 2004-04-22 13:35:40-07:00, akpm@osdl.org
[PATCH] s390: zfcp adapter fixes.
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
zfcp host adapter changes:
- Fix error recovery stall in case of unavailable nameserver.
- Reset host_scribble field to NULL in scsi_cmd.
- Remove request debug code.
ChangeSet@1.1896.3.7, 2004-04-22 13:35:26-07:00, akpm@osdl.org
[PATCH] s390: dasd device driver.
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
dasd device driver changes:
- Initialize open_count with -1 to account for blkdev_open in
dasd_scan_partitions.
- Introduce USE_ERP request flag to selectivly switch off error
recovery for reserve, release & unconditional reserve ioctls.
ChangeSet@1.1896.3.6, 2004-04-22 13:35:12-07:00, akpm@osdl.org
[PATCH] s390: network device drivers.
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
Network driver changes:
- qeth: Fix reference counting in regard to sysfs backing store patches.
- qeth: Prefix kernel thread names with qeth_.
- qeth: Remove inbound and outbound tasklets. Handle buffers directly
in the interrupts handlers.
- iucv: Add missing kfree in iucv_register_program.
- iucv: Add missing return in netiucv_transmit_skb.
- iucv: Check for NULL pointer in conn_action_txdone.
ChangeSet@1.1896.3.5, 2004-04-22 13:34:58-07:00, akpm@osdl.org
[PATCH] s390: 3270 device driver.
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
3270 device driver changes:
- Add NULL pointer checks.
ChangeSet@1.1896.3.4, 2004-04-22 13:34:46-07:00, akpm@osdl.org
[PATCH] s390: common i/o layer.
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
Common i/o layer changes:
- Quiesce active subchannels for lpar reipl.
- Delete timer after reception of interrupt for kill on timeout.
- Cleanup some comments in qdio.
ChangeSet@1.1896.3.3, 2004-04-22 13:34:32-07:00, akpm@osdl.org
[PATCH] s390: core s390.
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
s390 core changes:
- Fix race in do_call_softirq in regard to kernel preemption.
- Fix typo in compat mq system call wrappers.
- Add s390 to Kconfig for AUDITSYSCALL.
- Redefine TASK_SIZE to TASK31_SIZE for compilation of binfmt_elf32.
- Use correct error value for sys32_ipc when called with an invalid number.
- New default configuration.
ChangeSet@1.1896.3.2, 2004-04-22 13:34:19-07:00, akpm@osdl.org
[PATCH] ppc64: iSeries virtual cdrom module fix
From: Stephen Rothwell <sfr@canb.auug.org.au>
This patch fixes loading viocd as a module. It would oops because I was
passing the address of a static buffer to dma_map_single and when loaded as
a module, this address is not valid for that purpose.
There are a couple of simple cleanups here as well.
ChangeSet@1.1896.3.1, 2004-04-22 13:34:05-07:00, akpm@osdl.org
[PATCH] remove show_trace_task()
It no longer has any callers.
ChangeSet@1.1896.1.34, 2004-04-22 13:32:53-07:00, greg@kroah.com
[PATCH] USB: fix cdc-acm warnings due to previous patch
ChangeSet@1.1896.1.33, 2004-04-22 13:32:24-07:00, colin@colino.net
[PATCH] USB: fix cdc-acm as it is still (differently) broken
ChangeSet@1.1896.1.32, 2004-04-22 13:03:22-07:00, stern@rowland.harvard.edu
[PATCH] USB: Important bugfix for UHCI list management code
A major bug in the UHCI driver turned up recently. Thanks to a lot of
help from Simone Gotti it was identified and fixed late last week. It
turned out to be entirely my fault -- a previous patch had introduced two
(!) errors. (A combination of carelessness and a nasty thinko, and
somehow it passed the regression tests...)
Anyway, it's entirely possible that many of the problems people have been
seeing are caused by that bug. This patch is the solution.
ChangeSet@1.1896.2.1, 2004-04-22 12:19:51-07:00, mebrown@michaels-house.net
[PATCH] sysfs module unload race fix for bin_attributes
- Add module locking to sysfs bin_attribute files. Update all in-tree
users to set module owner.
Compile tested. booted. stress tests pass:
while true; do modprobe mymod; rmmod mymod; done &
while true; do hexdump -C /sys/path/to/sysfs/binary/file; done
ChangeSet@1.1896.1.31, 2004-04-22 12:10:05-07:00, greg@kroah.com
[PATCH] USB: Don't try to suspend devices that do not support it.
Patch originally from luming.yu@intel.com and closes bug #1557
ChangeSet@1.1903, 2004-04-21 23:10:52-07:00, davem@nuts.davemloft.net
[TCP]: Add vegas congestion avoidance support.
A forward port of an old 2.3.x kernel hack done
years ago. I (DaveM) did the first rough port,
Stephen Hemminger actually cleaned it up and
made it usable.
ChangeSet@1.1902, 2004-04-21 22:47:05-07:00, davem@nuts.davemloft.net
[TCP]: Abstract out all settings of tcp_opt->ca_state into a function.
ChangeSet@1.1901, 2004-04-21 17:00:02-07:00, shemminger@osdl.org
[TCP]: Add sysctl to turn off matrics caching.
ChangeSet@1.1900, 2004-04-21 16:57:58-07:00, shemminger@osdl.org
[TCP]: Better packing of frto fields into tcp_opt.
ChangeSet@1.1899, 2004-04-21 16:49:05-07:00, rusty@rustcorp.com.au
[NETFILTER]: Missing ip_rt_put in ipt_MASQUERADE.
ChangeSet@1.1898, 2004-04-21 16:45:18-07:00, chrisw@osdl.org
[IPV4]: Fix return value on MCAST_MSFILTER error case.
ChangeSet@1.1896.1.29, 2004-04-21 16:23:05-07:00, jbglaw@lug-owl.de
[PATCH] lkkbd: Current version
This updates the lkkbd driver to it's current version.
It also incorporates two patches suggested on LKML (fixing
some leading whitespace and an unneccessary check).
ChangeSet@1.1896.1.28, 2004-04-21 16:22:53-07:00, jbglaw@lug-owl.de
[PATCH] New set of input patches
This updates the vsxxx driver to it's current version.
Even DEC tablet support (VSXXX-AB) is now tested - it works:)
You can even hotplug between mouse and digitizer...
ChangeSet@1.1896.1.27, 2004-04-21 16:22:42-07:00, sfr@canb.auug.org.au
[PATCH] PPC64 iSeries virtual ethernet fix
This patch is needed due to other patches that were applied in parallel
with the inclusion of the iSeries virtual ethernet driver.
ChangeSet@1.1896.1.26, 2004-04-21 16:16:05-07:00, B.Zolnierkiewicz@elka.pw.edu.pl
[PATCH] removal of MOD_{INC,DEC}_USE_COUNT in ide-cs.c
From: Pavel Roskin <proski@gnu.org>
The "ide-cs" module cannot be unloaded because it uses obsolete
MOD_INC_USE_COUNT and MOD_DEC_USE_COUNT macros. In fact, they are not
needed in ide-cs.c in 2.6 kernels. The generic PCMCIA code already
increases use count for every device served by the driver, so it's
impossible to unload the ide-cs driver while it's in use.
I was told that the removal of IDE interfaces may be unsafe in 2.6
kernels. However, MOD_INC_USE_COUNT only prevents removal of the module,
not the interface. It's also the first obstacle, albeit a trivial one,
for anybody debugging those problems (i.e. loading a modified module
requires "rmmod -f" or reboot to unload the old version).
ChangeSet@1.1896.1.25, 2004-04-21 16:15:54-07:00, B.Zolnierkiewicz@elka.pw.edu.pl
[PATCH] ide-probe.c: kill duplicate #include
From: Arthur Othieno <a.othieno@bluewin.ch>
ChangeSet@1.1896.1.24, 2004-04-21 16:15:42-07:00, B.Zolnierkiewicz@elka.pw.edu.pl
[PATCH] ide-disk.c: fix for IDE CF card ejection with devfs
From: Pavel Roskin <proski@gnu.org>
If I eject IDE CompactFlash card, I get a stack dump from
devfs_remove() because ide/host2/bus0/target0/lun0 doesn't exist.
After del_gendisk() is called from idedisk_cleanup() drive->devfs_name refers
to a non-existent directory and should be erased, so that ide_unregister()
doesn't try to remove that directory again.
ChangeSet@1.1896.1.23, 2004-04-21 16:13:25-07:00, torvalds@ppc970.osdl.org
Merge bk://bk.arm.linux.org.uk/linux-2.6-serial
into ppc970.osdl.org:/home/torvalds/v2.6/linux
ChangeSet@1.1881.3.1, 2004-04-21 23:39:45+01:00, rmk@flint.arm.linux.org.uk
[SERIAL] Correct PL011 help text.
ChangeSet@1.1881.2.2, 2004-04-21 23:33:52+01:00, rmk@flint.arm.linux.org.uk
[ARM] Add support for ARM Versatile platform.
This cset adds minimal support for ARM Ltd's ARM926EJ-S "Versatile"
platform.
ChangeSet@1.1896.1.21, 2004-04-21 12:02:58-07:00, torvalds@ppc970.osdl.org
Revert fb_ioctl "fix" with extreme prejudice.
As Arjan points out, the patch does exactly the opposite
of what it was claimed to do.
Andrea: tssk tssk.
Cset exclude: akpm@osdl.org[torvalds]|ChangeSet|20040421144431|15930
ChangeSet@1.1762.2.19, 2004-04-21 19:49:59+01:00, davej@redhat.com
[CPUFREQ] Fix security hole in proc handler.
Brad Spengler <spender@grsecurity.net> found an exploitable bug in the proc handler
of cpufreq, where a user-supplied unsigned int is cast to a signed int and then
passed on to copy_[to|from]_user() allowing arbitary amounts of memory to be written
(root only thankfully), or read (as any user).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2004-0228 to this issue.
ChangeSet@1.1762.2.18, 2004-04-21 19:20:17+01:00, davej@redhat.com
[CPUFREQ] Export an array of acpi driver supported frequencies in sysfs
From Dominik.
ChangeSet@1.1762.2.17, 2004-04-21 19:18:57+01:00, davej@redhat.com
[CPUFREQ] Make an educated guess at the current P-state in the ACPI driver.
One big limitation of the ACPI specification is that it's impossible to
detect the current P-State by reading from ACPI-defined registers. And the
CPU isn't always at P0 when the system boots. So, try to "guess" the current
P-State by analyzing cpu_khz.
From Dominik.
ChangeSet@1.1762.2.16, 2004-04-21 17:58:29+01:00, davej@redhat.com
[CPUFREQ] Remove redundant part of powernow-k7 module parm
If used as a bootparam, this would've become powernow-k7.powernow_acpi_force which looks silly.
ChangeSet@1.1762.2.15, 2004-04-21 17:07:29+01:00, davej@redhat.com
[CPUFREQ] Fix unbalanced try_get_module/put_module
Spotted by Charles Coffing <ccoffing@novell.com>
ChangeSet@1.1896.1.20, 2004-04-21 07:44:58-07:00, akpm@osdl.org
[PATCH] loop_set_fd() sendfile check fix
From: Yury Umanets <torque@ukrpost.net>
I have found small inconsistency in loop_set_fd(). It checks if
->sendfile() is implemented for passed block device file. But in fact,
loop back device driver never calls it. It uses ->sendfile() from backing
store file.
ChangeSet@1.1896.1.19, 2004-04-21 07:44:44-07:00, akpm@osdl.org
[PATCH] i386 hugetlb tlb correction
From: William Lee Irwin III <wli@holomorphy.com>
i386 does hardware interpretation of pagetables, so pte_clear() can't be
used on present ptes, as it sets the upper half of the hugepte prior to
setting the lower half (which includes the valid bit). i.e. there is a
window where having a hugepage mapped at 56GB and doing pte_clear() in
unmap_hugepage_range() allows other threads of the process to see a
hugepage at 0 in place of the original hugepage at 56GB.
This patch corrects the situation by using ptep_get_and_clear(), which
clears the lower word of the pte prior to clearing the upper word.
There is another nasty where huge_page_release() needs to wait for TLB
flushes before returning the hugepages to the free pool, analogous to the
issue tlb_remove_page() and tlb_flush_mm() repair.
ChangeSet@1.1896.1.18, 2004-04-21 07:44:31-07:00, akpm@osdl.org
[PATCH] fb_ioctl() usercopy fix
From: Andrea Arcangeli <andrea@suse.de>
Arrange for ioctl(FBIOPUTCMAP) to do copy_to_user() rather than memcpy.
ChangeSet@1.1896.1.17, 2004-04-21 07:44:18-07:00, akpm@osdl.org
[PATCH] i810_dma range check
From: Andrea Arcangeli <andrea@suse.de>
Correctly range-check an incoming-from-userspace argument. Found by the
Stanford checker.
ChangeSet@1.1896.1.16, 2004-04-21 07:44:05-07:00, akpm@osdl.org
[PATCH] selinux: remove hardcoded policy assumption from get_user_sids() logic
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch removes a hardcoded policy assumption from the get_user_sids logic
in the SELinux module that was preventing it from returning contexts that had
the same type as the caller even if the policy allowed such a transition. The
assumption is not valid for all policies, and can be handled via policy
configuration and userspace rather than hardcoding it in the module logic.
ChangeSet@1.1896.1.15, 2004-04-21 07:43:53-07:00, akpm@osdl.org
[PATCH] selinux: add runtime disable
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch adds a kernel configuration option that enables writing to a new
selinuxfs node 'disable' that allows SELinux to be disabled at runtime prior
to initial policy load. SELinux will then remain disabled until next boot.
This option is similar to the selinux=0 boot parameter, but is to support
runtime disabling of SELinux, e.g. from /sbin/init, for portability across
platforms where boot parameters are difficult to employ (based on feedback by
Jeremy Katz).
ChangeSet@1.1896.1.14, 2004-04-21 07:43:42-07:00, akpm@osdl.org
[PATCH] selinux: change context_to_sid handling for no-policy case
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch changes the behavior of security_context_to_sid in the no-policy
case so that it simply accepts all contexts and maps them to the kernel SID
rather than rejecting anything other than an initial SID. The change avoids
error conditions when using SELinux in permissive/no-policy mode, so that any
file contexts left on disk from prior use of SELinux with a policy will not
cause an error when they are looked up and userspace attempts to set contexts
can succeed.
ChangeSet@1.1896.1.13, 2004-04-21 07:43:30-07:00, akpm@osdl.org
[PATCH] i4l: add compat ioctl's for CAPI
From: Marcel Holtmann <marcel@holtmann.org>
This patch adds the needed compat ioctl's for the CAPI on 64bit platforms.
ChangeSet@1.1896.1.12, 2004-04-21 07:43:17-07:00, akpm@osdl.org
[PATCH] lockfs - dm bits
From: Christoph Hellwig <hch@lst.de>
This patch makes the device mapper use the new freeze_bdev/thaw_bdev
interface. Extracted from Chris Mason's patch.
ChangeSet@1.1896.1.11, 2004-04-21 07:43:05-07:00, akpm@osdl.org
[PATCH] lockfs - xfs bits
From: Christoph Hellwig <hch@lst.de>
Remove all the code now in the VFS, make XFS's freeze ioctls use the new
infastructure and reorganize some code.
This code needs some work so the source files shared with 2.4 aren't
exposed to the new VFS interfaces directly. You'll get an update once this
has been discussed with the other XFS developers and is implemented. Note
that the current patch works fine and I wouldn't complain if it gets into
Linus' tree as-is.
ChangeSet@1.1896.1.10, 2004-04-21 07:42:53-07:00, akpm@osdl.org
[PATCH] lockfs: reiserfs fix
From: Chris Mason <mason@suse.com>
reiserfs_write_super_lockfs() is supposed to wait for the transaction to
commit.
ChangeSet@1.1896.1.9, 2004-04-21 07:42:39-07:00, akpm@osdl.org
[PATCH] lockfs - vfs bits
From: Christoph Hellwig <hch@lst.de>
These are the generic lockfs bits. Basically it takes the XFS freezing
statemachine into the VFS. It's all behind the kernel-doc documented
freeze_bdev and thaw_bdev interfaces.
Based on an older patch from Chris Mason.
ChangeSet@1.1896.1.8, 2004-04-21 07:42:28-07:00, akpm@osdl.org
[PATCH] remove amd7xx_tco
From: Zwane Mwaikambo <zwane@linuxpower.ca>
We've had trouble with this driver, it appears to work but the hardware
never does the final reboot. I have yet to come across someone with a
board which works and don't have personal access to one. So how about
scrapping the whole thing.
ChangeSet@1.1896.1.7, 2004-04-21 07:42:18-07:00, akpm@osdl.org
[PATCH] Call populate_rootfs later in boot
populate_rootfs() is called rather early - before we've called init_idle().
But populate_rootfs() does file I/O, which involves calls to cond_resched(),
and downing of semaphores, etc. If it scheules, the scheduler emits
scheduling-while-atomic warnings and sometimes oopses.
So run populate_rootfs() later, after the scheduler is all set up.
ChangeSet@1.1896.1.6, 2004-04-21 07:42:05-07:00, akpm@osdl.org
[PATCH] ext3 avoid writing kernel memory to disk
From: Marc-Christian Petersen <m.c.p@kernel.linux-systeme.com>
Solar Designer discovered an information leak in the ext3 code of Linux.
In a worst case an attacker could read sensitive data such as cryptographic
keys which would otherwise never hit disk media. Theodore Ts'o developed a
correction for this.
ChangeSet@1.1896.1.5, 2004-04-21 07:41:53-07:00, akpm@osdl.org
[PATCH] compute_creds race
From: Andy Lutomirski <luto@myrealbox.com>
Fixes from me, Olaf Dietsche <olaf+list.linux-kernel@olafdietsche.de>
In fs/exec.c, compute_creds does:
task_lock(current);
if (bprm->e_uid != current->uid || bprm->e_gid != current->gid) {
current->mm->dumpable = 0;
if (must_not_trace_exec(current)
|| atomic_read(¤t->fs->count) > 1
|| atomic_read(¤t->files->count) > 1
|| atomic_read(¤t->sighand->count) > 1) {
if(!capable(CAP_SETUID)) {
bprm->e_uid = current->uid;
bprm->e_gid = current->gid;
}
}
}
current->suid = current->euid = current->fsuid = bprm->e_uid;
current->sgid = current->egid = current->fsgid = bprm->e_gid;
task_unlock(current);
security_bprm_compute_creds(bprm);
I assume the task_lock is to prevent another process (on SMP or preempt)
from ptracing the execing process between the check and the assignment. If
that's the concern then the fact that the lock is dropped before the call
to security_brpm_compute_creds means that, if security_bprm_compute_creds
does anything interesting, there's a race.
For my (nearly complete) caps patch, I obviously need to fix this. But I
think it may be exploitable now. Suppose there are two processes, A (the
malicious code) and B (which uses exec). B starts out unprivileged (A and
B have, e.g., uid and euid = 500).
1. A ptraces B.
2. B calls exec on some setuid-root program.
3. in cap_bprm_set_security, B sets bprm->cap_permitted to the full
set.
4. B gets to compute_creds in exec.c, calls task_lock, and does not
change its uid.
5. B calls task_unlock.
6. A detaches from B (on preempt or SMP).
7. B gets to task_lock in cap_bprm_compute_creds, changes its
capabilities, and returns from compute_creds into load_elf_binary.
8. load_elf_binary calls create_elf_tables (line 852 in 2.6.5-mm1),
which calls cap_bprm_secureexec (through LSM), which returns false (!).
9. exec finishes.
The setuid program is now running with uid=euid=500 but full permitted
capabilities. There are two (or three) ways to effectively get local root
now:
1. IIRC, linux 2.4 doesn't check capabilities in ptrace, so A could
just ptrace B again.
2. LD_PRELOAD.
3. There are probably programs that will misbehave on their own under
these circumstances.
Is there some reason why this is not doable?
The patch renames bprm_compute_creds to bprm_apply_creds and moves all uid
logic into the hook, where the test and the resulting modification can both
happen under task_lock().
This way, out-of-tree LSMs will fail to compile instead of malfunctioning.
It should also make life easier for LSMs and will certainly make it easier
for me to finish the cap patch.
ChangeSet@1.1896.1.4, 2004-04-21 07:41:40-07:00, akpm@osdl.org
[PATCH] Fix nfsroot option handling
From: Trond Myklebust <trond.myklebust@fys.uio.no>
The following patch fixes up a number of bugs in the NFSroot parser
rewrite from patchset
trond.myklebust@fys.uio.no|ChangeSet|20040411182341|00938
It also ensures that NFSroot mount options are consistent with the userland
"mount" program.
ChangeSet@1.1896.1.3, 2004-04-21 07:24:51-07:00, drepper@redhat.com
[PATCH] Add missing __initdata
One of the stack size optimizations introduced a new static variable in
a function marked with __init. But the variable is not marked
appropriately and so 1k of data is never freed.
ChangeSet@1.1896.1.1, 2004-04-20 14:24:38-07:00, torvalds@ppc970.osdl.org
Linux 2.6.6-rc2
TAG: v2.6.6-rc2