Fix the setting of PF_SUPERPRIV by __capable() as it could corrupt the flags
the target process if that is not the current process and it is trying to
change its own flags in a different way at the same time.
__capable() is using neither atomic ops nor locking to protect t->flags. This
patch removes __capable() and introduces has_capability() that doesn't set
PF_SUPERPRIV on the process being queried.
This patch further splits security_ptrace() in two:
(1) security_ptrace_may_access(). This passes judgement on whether one
process may access another only (PTRACE_MODE_ATTACH for ptrace() and
PTRACE_MODE_READ for /proc), and takes a pointer to the child process.
current is the parent.
(2) security_ptrace_traceme(). This passes judgement on PTRACE_TRACEME only,
and takes only a pointer to the parent process. current is the child.
In Smack and commoncap, this uses has_capability() to determine whether
the parent will be permitted to use PTRACE_ATTACH if normal checks fail.
This does not set PF_SUPERPRIV.
Two of the instances of __capable() actually only act on current, and so have
been changed to calls to capable().
Of the places that were using __capable():
(1) The OOM killer calls __capable() thrice when weighing the killability of a
process. All of these now use has_capability().
(2) cap_ptrace() and smack_ptrace() were using __capable() to check to see
whether the parent was allowed to trace any process. As mentioned above,
these have been split. For PTRACE_ATTACH and /proc, capable() is now
used, and for PTRACE_TRACEME, has_capability() is used.
(3) cap_safe_nice() only ever saw current, so now uses capable().
(4) smack_setprocattr() rejected accesses to tasks other than current just
after calling __capable(), so the order of these two tests have been
switched and capable() is used instead.
(5) In smack_file_send_sigiotask(), we need to allow privileged processes to
receive SIGIO on files they're manipulating.
(6) In smack_task_wait(), we let a process wait for a privileged process,
whether or not the process doing the waiting is privileged.
I've tested this with the LTP SELinux and syscalls testscripts.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Andrew G. Morgan <morgan@kernel.org>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Morris <jmorris@namei.org>
AMD SB700 based systems with spread spectrum enabled use a SMM based
HPET emulation to provide proper frequency setting. The SMM code is
initialized with the first HPET register access and takes some time to
complete. During this time the config register reads 0xffffffff. We
check for max. 1000 loops whether the config register reads a non
0xffffffff value to make sure that HPET is up and running before we go
further. A counting loop is safe, as the HPET access takes thousands
of CPU cycles. On non SB700 based machines this check is only done
once and has no side effects.
Based on a quirk patch from: crane cai <crane.cai@amd.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Xattr code has not been tested for a while and there were
serveral bugs. One of them is using wrong inode in
'ubifs_jnl_change_xattr()'. The other is a deadlock in
'ubifs_setxattr()': the i_mutex is locked in
'cap_inode_need_killpriv()' path, so deadlock happens when
'ubifs_setxattr()' tries to lock it again.
Thanks to Zoltan Sogor for finding these bugs.
Signed-off-by: Artem Bityutskiy <Artem.Bityutskiy@nokia.com>
clear bits for cpu nr > 8.
This allows us to boot the full range of possible CPUs that the
supported APIC model will allow. Previously we'd hang or boot up
with less than 8 CPUs.
Signed-off-by: Yinghai Lu <yhlu.kernel@gmail.com>
Tested-by: Jeff Chua <jeff.chua.linux@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
so we don't get warning on 32bit system with 64g RAM or more
Signed-off-by: Yinghai Lu <yhlu.kernel@gmail.com>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
For some reason we had two parsers registered for maxcpus=. One in init/main.c
and another in arch/x86/smpboot.c. So I nuked the one in arch/x86.
Also 64-bit kernels used to handle maxcpus= as documented in
Documentation/cpu-hotplug.txt. CPUs with 'id > maxcpus' are initialized
but not booted. 32-bit version for some reason ignored them even though
all the infrastructure for booting them later is there.
In the current mainline both 64 and 32 bit versions are broken.
This patch restores the correct behaviour. I've tested x86_64 version on
4- and 8- way Core2 and 2-way Opteron based machines. Various config
combinations SMP, !SMP, CPU_HOTPLUG, !CPU_HOTPLUG.
Booted with maxcpus=1 and maxcpus=4, etc. Everything is working as expected.
So far we've received two reports from different people confirming that 32-bit
version also works fine, both on dual core laptops and 16way server machines.
[v2: This version fixes visws breakage pointed out by Ingo.]
Signed-off-by: Max Krasnyansky <maxk@qualcomm.com>
Cc: lizf@cn.fujitsu.com
Cc: jeff.chua.linux@gmail.com
Signed-off-by: Ingo Molnar <mingo@elte.hu>
First, lmb_enforce_memory_limit() interprets it's argument
(mostly, heh) as a size limit not an address limit. So pass
the raw cmdline_memory_size value into it. And we don't
need to check it against zero, lmb_enforce_memory_limit() does
that for us.
Next, free_initmem() needs special handling when the kernel
command line trims the available memory. The problem case is
if the trimmed out memory is where the kernel image itself
resides.
When that memory is trimmed out, we don't add those physical
ram areas to the sparsemem active ranges, amongst other things.
Which means that this free_initmem() code will free up invalid
page structs, resulting in either crashes or hangs.
Just quick fix this by not freeing initmem at all if "mem="
was given on the boot command line.
Signed-off-by: David S. Miller <davem@davemloft.net>
Add support for the Asus Xonar D1. It is the same as the DX, but
without the external power detection.
Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
- remove cheesy read_iloc() function
- move invalidate_entire_icache function to lock.S
- export proper prototypes for functions in lock.S
- only build lock.S when BFIN_ICACHE_LOCK is enabled
Signed-off-by: Mike Frysinger <vapier.adi@gmail.com>
Signed-off-by: Bryan Wu <cooloney@kernel.org>
Based on an original patch from Christoph Hellwig <hch@lst.de>.
Currently, there is a possible reference-after-free in the spusched
code - contexts may be freed after we have released their state_mutex
in spusched_tick and find_victim.
This change takes a reference to the context before releasing the
mutex, so that the context doesn't get destroyed.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
In looking at network named pipe support on cifs, I noticed that
Dave Howell's iget patch:
iget: stop CIFS from using iget() and read_inode()
broke mounts to IPC$ (the interprocess communication share), and don't
handle the error case (when getting info on the root inode fails).
Thanks to Gunter who noted a typo in a debug line in the original
version of this patch.
CC: David Howells <dhowells@redhat.com>
CC: Gunter Kukkukk <linux@kukkukk.com>
CC: Stable Kernel <stable@kernel.org>
Signed-off-by: Steve French <sfrench@us.ibm.com>
* git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb-2.6: (47 commits)
usb: musb: pass configuration specifics via pdata
usb: musb: fix hanging when rmmod gadget driver
USB: Add MUSB and TUSB support
USB: serial: remove CONFIG_USB_DEBUG from sierra and option drivers
USB: Add vendor/product id of ZTE MF628 to option
USB: quirk PLL power down mode
USB: omap_udc: fix compilation with debug enabled
usb: cdc-acm: drain writes on close
usb: cdc-acm: stop dropping tx buffers
usb: cdc-acm: bugfix release()
usb gadget: issue notifications from ACM function
usb gadget: remove needless struct members
USB: sh: r8a66597-hcd: fix disconnect regression
USB: isp1301: fix compilation
USB: fix compiler warning fix
usb-storage: unusual_devs entry for Nokia 5300
USB: cdc-acm.c: Fix compile warnings
USB: BandRich BandLuxe C150/C250 HSPA Data Card Driver
USB: ftdi_sio: add support for PHI Fisco data cable (FT232BM based, VID/PID 0403:e40b)
usb: isp1760: don't be noisy about short packets.
...
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6: (56 commits)
netns: Fix crash by making igmp per namespace
bnx2x: Version update
bnx2x: Checkpatch compliance
bnx2x: Spelling mistakes
bnx2x: Minor code improvements
bnx2x: Driver info
bnx2x: 1G LED does not turn off
bnx2x: 8073 PHY changes
bnx2x: Change GPIO for any port
bnx2x: Pause settings
bnx2x: Link order with external PHY
bnx2x: No LRO without Rx checksum
bnx2x: Wrong structure size
bnx2x: WoL capability
bnx2x: Clearing MAC addresses filters
bnx2x: Delay in while loops
bnx2x: PBA Table Page Alignment Workaround
bnx2x: Self-test false positive
bnx2x: Memory allocation
bnx2x: HW attention lock
...
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc-2.6:
sparc64: Handle stack trace attempts before irqstacks are setup.
sparc64: Implement IRQ stacks.
sparc: remove include of linux/of_device.h from asm/of_device.h
sparc64: Fix recursion in stack overflow detection handling.
sparc/drivers: use linux/of_device.h instead of asm/of_device.h
sparc64: Don't MAGIC_SYSRQ ifdef smp_fetch_global_regs and support code.
Use platform_data to pass musb configuration-specific
details to musb driver.
This patch will prevent that other platforms selecting
HAVE_CLK and enabling musb won't break tree building.
The other parts of it will come when linux-omap merge
up more omap2/3 board-files.
Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Acked-by: Paul Mundt <lethal@linux-sh.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
If we try to modprobe a second gadget driver before
rmmoding the first one, the reference for the first
gadget driver would get NULLed avoiding usb to change
gadget drivers later.
Cc: David Brownell <david-b@pacbell.net>
Cc: Tony Lindgren <tony@atomide.com>
Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch adds support for MUSB and TUSB controllers
integrated into omap2430 and davinci. It also adds support
for external tusb6010 controller.
Cc: David Brownell <dbrownell@users.sourceforge.net>
Cc: Tony Lindgren <tony@atomide.com>
Signed-off-by: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
These drivers should not be relying on CONFIG_USB_DEBUG. By doing this,
it prevents users of kernels that do not enable this option from
enabling debugging in these drivers, unlike all other usb-serial
drivers.
Cc: Matthias Urlichs <smurf@smurf.noris.de>
Cc: Kevin Lloyd <klloyd@sierrawireless.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This adds the vendor and product id (19d2:0015) of the ZTE MF628 HSDPA
modem to the option driver. It still needs a mode switch command issued
beforehand, this is currently handled by a userspace tool.
Signed-off-by: Oliver Martin <oliver.martin@student.tuwien.ac.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
On some AMD 700 series southbridges, ISO OUT transfers (such as audio
playback through speakers) on the USB OHCI controller may be corrupted
when an A-Link express power saving feature is active.
PLL power down mode in conjunction with link power management feature
L1 being enabled is the bad combination ... this patch prevents them
from being enabled when ISO transfers are pending.
Signed-off-by: Crane Cai <crane.cai@amd.com>
Signed-off-by: Libin Yang <libin.yang@amd.com>
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Add a mechanism to let the write queue drain naturally before
closing the TTY, rather than always losing that data. There
is a timeout, so it can't wait too long.
Provide missing locking inside acm_wb_is_avail(); it matters
more now. Note, this presumes an earlier patch was applied,
removing a call to this routine where the lock was held.
Slightly improved diagnostics on write URB completion, so we
can tell when a write URB gets killed and, if so, how much
data it wrote first ... and so that I/O path is normally
silent (and can't much change timings).
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The "increase cdc-acm write throughput" patch left in place two
now-obsolete mechanisms, either of which can make the cdc-acm
driver drop TX data (nasty!). This patch removes them:
- The write_ready flag ... if an URB and buffer were found,
they can (and should!) always be used.
- TX path acm_wb_is_used() ... used when the buffer was just
allocated, so that check is pointless.
Also fix a won't-yet-matter leak of a write buffer on a disconnect path.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: David Engraf <david.engraf@netcom.eu>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Bugfixes to the usb_driver_release_interface() usage;
(a) make sure releasing *either* interface first will release
the other, instead of insisting it be the control interface;
(b) remove the recently-added self-deadlock.
(The "fix disconnect bug in cdc-acm" patch was incomplete and incorrect.)
Plus a small "sparse" fix: rename a local variable so it doesn't
shadow a function parameter.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Acked-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Update the CDC-ACM gadget code to support the peripheral-to-host
notifications when the tty is opened or closed, or issues a BREAK.
The serial framework code calls new generic hooks; right now only
CDC-ACM uses those hooks. This resolves several REVISIT comments
in the code. (Based on a patch from Felipe Balbi.)
Note that this doesn't expose USB_CDC_CAP_BRK to the host, since
this code still rejects USB_CDC_REQ_SEND_BREAK control requests
for host-to-peripheral BREAK signaling (received via /dev/ttyGS*).
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Cc: Felipe Balbi <felipe.balbi@nokia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This removes some unused members from the various USB functions.
Signed-off-by: David Brownell <dbrownell@users.sourceforge.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
fix the regression in commit 29fab0cd89
that this driver executed reconnection processing when disconnected
some devices.
Signed-off-by: Yoshihiro Shimoda <shimoda.yoshihiro@renesas.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1123b) fixes a compiler warning: do_unbind_rebind() is
defined but not used if CONFIG_PM=n.
Problem originally found and initial patch submitted by Alexander
Beregalov <a.beregalov@gmail.com>.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch (as1120) adds an unusual_devs entry for the Nokia 5300.
Maybe once Nokia releases the Symbian code we'll be able to fix all
the problems it has with the USB mass-storage protocol.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Tested-by: Cedric Godin <cedric@belbone.be>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
The irq flags should be unsigned long.
CC [M] drivers/usb/class/cdc-acm.o
drivers/usb/class/cdc-acm.c: In function 'acm_waker':
drivers/usb/class/cdc-acm.c:527: warning: comparison of distinct pointer types lacks a cast
drivers/usb/class/cdc-acm.c:529: warning: comparison of distinct pointer types lacks a cast
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This patch adds the Product ID for the BandLuxe C150/C250 3.5G data
card series from BandRich Inc.
After detection, the data card works fine.
It was patched against kernel 2.6.27-rc1 with -mm patch
Signed-off-by: Leon Leong <upleong@bandrich.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Support for PHI Fisco USB to Serial data cable (FTDI FT232BM based).
PHI Fisco cable is supplied for connecting Philips Xenium 9@9++ mobile phones.
PIDs were missing.
Tested successfully with PHI Fisco Data Cable (VID/PID 0403:e40b)
Signed-off-by: Lex V. Ross <lross@mail.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
According to Alan Stern, short packets are quite normal under
certain circumstances. This printk was triggered by usb to
serial converters on every packet and some usb sticks triggered
a few of those while plugging the stick.
This printks are now hidden unless USB debug mode is activated.
Cc: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Sebastian Siewior <sebastian@breakpoint.cc>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>