headers
Linux Kernel Mailing List | 1 Dec 2009 02:59

mac80211: fix two remote exploits

Gitweb:     http://git.kernel.org/linus/4253119acf412fd686ef4bd8749b5a4d70ea3a51
Commit:     4253119acf412fd686ef4bd8749b5a4d70ea3a51
Parent:     3e9848403ad59c53b31facb30b43ca80135ae0b9
Author:     Johannes Berg <johannes <at> sipsolutions.net>
AuthorDate: Fri Nov 20 09:15:51 2009 +0100
Committer:  John W. Linville <linville <at> tuxdriver.com>
CommitDate: Mon Nov 30 13:52:21 2009 -0500

    mac80211: fix two remote exploits

    Lennert Buytenhek noticed a remotely triggerable problem
    in mac80211, which is due to some code shuffling I did
    that ended up changing the order in which things were
    done -- this was in

      commit d75636ef9c1af224f1097941879d5a8db7cd04e5
      Author: Johannes Berg <johannes <at> sipsolutions.net>
      Date:   Tue Feb 10 21:25:53 2009 +0100

        mac80211: RX aggregation: clean up stop session

    The problem is that the BUG_ON moved before the various
    checks, and as such can be triggered.

    As the comment indicates, the BUG_ON can be removed since
    the ampdu_action callback must already exist when the
    state is OPERATIONAL.

    A similar code path leads to a WARN_ON in
    ieee80211_stop_tx_ba_session, which can also be removed.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 02:59

mac80211: fix spurious delBA handling

Gitweb:     http://git.kernel.org/linus/827d42c9ac91ddd728e4f4a31fefb906ef2ceff7
Commit:     827d42c9ac91ddd728e4f4a31fefb906ef2ceff7
Parent:     4253119acf412fd686ef4bd8749b5a4d70ea3a51
Author:     Johannes Berg <johannes <at> sipsolutions.net>
AuthorDate: Sun Nov 22 12:28:41 2009 +0100
Committer:  John W. Linville <linville <at> tuxdriver.com>
CommitDate: Mon Nov 30 13:55:51 2009 -0500

    mac80211: fix spurious delBA handling

    Lennert Buytenhek noticed that delBA handling in mac80211
    was broken and has remotely triggerable problems, some of
    which are due to some code shuffling I did that ended up
    changing the order in which things were done -- this was

      commit d75636ef9c1af224f1097941879d5a8db7cd04e5
      Author: Johannes Berg <johannes <at> sipsolutions.net>
      Date:   Tue Feb 10 21:25:53 2009 +0100

        mac80211: RX aggregation: clean up stop session

    and other parts were already present in the original

      commit d92684e66091c0f0101819619b315b4bb8b5bcc5
      Author: Ron Rindjunsky <ron.rindjunsky <at> intel.com>
      Date:   Mon Jan 28 14:07:22 2008 +0200

          mac80211: A-MPDU Tx add delBA from recipient support

    The first problem is that I moved a BUG_ON before various
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 16:59

arch/alpha/kernel/sys_ruffian.c: Use DIV_ROUND_CLOSEST

Gitweb:     http://git.kernel.org/linus/04d8a9db89f00dee78d792d094dc573784ead643
Commit:     04d8a9db89f00dee78d792d094dc573784ead643
Parent:     a8a8a669ea13d792296737505adc43ccacf3a648
Author:     Julia Lawall <julia <at> diku.dk>
AuthorDate: Mon Nov 30 15:37:25 2009 -0500
Committer:  Matt Turner <mattst88 <at> gmail.com>
CommitDate: Mon Nov 30 15:37:25 2009 -0500

    arch/alpha/kernel/sys_ruffian.c: Use DIV_ROUND_CLOSEST

    The kernel.h macro DIV_ROUND_CLOSEST performs the computation (x + d/2)/d
    but is perhaps more readable.

    The semantic patch that makes this change is as follows:
    (http://www.emn.fr/x-info/coccinelle/)

    // <smpl>
     <at> haskernel <at> 
     <at>  <at> 

     <at> depends on haskernel <at> 
    expression x,__divisor;
     <at>  <at> 

    - (((x) + ((__divisor) / 2)) / (__divisor))
    + DIV_ROUND_CLOSEST(x,__divisor)
    // </smpl>

    Signed-off-by: Julia Lawall <julia <at> diku.dk>
    Cc: Ivan Kokshaysky <ink <at> jurassic.park.msu.ru>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 16:59

SLOW_WORK: Fix the CONFIG_MODULES=n case

Gitweb:     http://git.kernel.org/linus/fa1dae4906982b5d896c07613b1fe42456133b1c
Commit:     fa1dae4906982b5d896c07613b1fe42456133b1c
Parent:     6f054164322bc6c1233402b9ed6b40d4af39a98f
Author:     David Howells <dhowells <at> redhat.com>
AuthorDate: Tue Dec 1 13:52:08 2009 +0000
Committer:  Linus Torvalds <torvalds <at> linux-foundation.org>
CommitDate: Tue Dec 1 07:35:11 2009 -0800

    SLOW_WORK: Fix the CONFIG_MODULES=n case

    Commits 3d7a641 ("SLOW_WORK: Wait for outstanding work items belonging to a
    module to clear") introduced some code to make sure that all of a module's
    slow-work items were complete before that module was removed, and commit
    3bde31a ("SLOW_WORK: Allow a requeueable work item to sleep till the thread is
    needed") further extended that, breaking it in the process if CONFIG_MODULES=n:

        CC      kernel/slow-work.o
      kernel/slow-work.c: In function 'slow_work_execute':
      kernel/slow-work.c:313: error: 'slow_work_thread_processing' undeclared (first use in this function)
      kernel/slow-work.c:313: error: (Each undeclared identifier is reported only once
      kernel/slow-work.c:313: error: for each function it appears in.)
      kernel/slow-work.c: In function 'slow_work_wait_for_items':
      kernel/slow-work.c:950: error: 'slow_work_unreg_sync_lock' undeclared (first use in this function)
      kernel/slow-work.c:951: error: 'slow_work_unreg_wq' undeclared (first use in this function)
      kernel/slow-work.c:961: error: 'slow_work_unreg_work_item' undeclared (first use in this function)
      kernel/slow-work.c:974: error: 'slow_work_unreg_module' undeclared (first use in this function)
      kernel/slow-work.c:977: error: 'slow_work_thread_processing' undeclared (first use in this function)
      make[1]: *** [kernel/slow-work.o] Error 1

    Fix this by:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 16:59

alpha: Fixup last users of irq_chip->typename

Gitweb:     http://git.kernel.org/linus/8ab1221c20255f35d85664a046549bc6135122c2
Commit:     8ab1221c20255f35d85664a046549bc6135122c2
Parent:     745dd2405e281d96c0a449103bdf6a895048f28c
Author:     Thomas Gleixner <tglx <at> linutronix.de>
AuthorDate: Mon Nov 30 22:51:31 2009 -0500
Committer:  Matt Turner <mattst88 <at> gmail.com>
CommitDate: Mon Nov 30 22:51:31 2009 -0500

    alpha: Fixup last users of irq_chip->typename

    The typename member of struct irq_chip was kept for migration purposes
    and is obsolete since more than 2 years. Fix up the leftovers.

    Signed-off-by: Thomas Gleixner <tglx <at> linutronix.de>
    Cc: Richard Henderson <rth <at> twiddle.net>
    Cc: linux-alpha <at> vger.kernel.org
    Signed-off-by: Matt Turner <mattst88 <at> gmail.com>
---
 arch/alpha/kernel/irq.c           |    2 +-
 arch/alpha/kernel/irq_alpha.c     |    2 +-
 arch/alpha/kernel/irq_i8259.c     |    2 +-
 arch/alpha/kernel/irq_pyxis.c     |    2 +-
 arch/alpha/kernel/irq_srm.c       |    2 +-
 arch/alpha/kernel/sys_alcor.c     |    2 +-
 arch/alpha/kernel/sys_cabriolet.c |    2 +-
 arch/alpha/kernel/sys_dp264.c     |    4 ++--
 arch/alpha/kernel/sys_eb64p.c     |    2 +-
 arch/alpha/kernel/sys_eiger.c     |    2 +-
 arch/alpha/kernel/sys_jensen.c    |    2 +-
 arch/alpha/kernel/sys_marvel.c    |    6 +++---
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 16:59

arch/alpha/kernel: Add kmalloc NULL tests

Gitweb:     http://git.kernel.org/linus/cc9a2c8301683f73b7e0d1fc2cb5159110f3469f
Commit:     cc9a2c8301683f73b7e0d1fc2cb5159110f3469f
Parent:     04d8a9db89f00dee78d792d094dc573784ead643
Author:     Julia Lawall <julia <at> diku.dk>
AuthorDate: Mon Nov 30 15:38:19 2009 -0500
Committer:  Matt Turner <mattst88 <at> gmail.com>
CommitDate: Mon Nov 30 15:38:19 2009 -0500

    arch/alpha/kernel: Add kmalloc NULL tests

    Check that the result of kmalloc is not NULL before passing it to other
    functions.

    The semantic match that finds this problem is as follows:
    (http://www.emn.fr/x-info/coccinelle/)

    // <smpl>
     <at>  <at> 
    expression *x;
    identifier f;
    constant char *C;
     <at>  <at> 

    x = \(kmalloc\|kcalloc\|kzalloc\)(...);
    ... when != x == NULL
        when != x != NULL
        when != (x || ...)
    (
    kfree(x)
    f(...,C,...,x,...)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 16:59

Alpha: Rearrange thread info flags fixing two regressions

Gitweb:     http://git.kernel.org/linus/745dd2405e281d96c0a449103bdf6a895048f28c
Commit:     745dd2405e281d96c0a449103bdf6a895048f28c
Parent:     cc9a2c8301683f73b7e0d1fc2cb5159110f3469f
Author:     Michael Cree <mcree <at> orcon.net.nz>
AuthorDate: Mon Nov 30 22:44:40 2009 -0500
Committer:  Matt Turner <mattst88 <at> gmail.com>
CommitDate: Mon Nov 30 22:44:40 2009 -0500

    Alpha: Rearrange thread info flags fixing two regressions

    The removal of the TIF_NOTIFY_RESUME flag, commit a583f1b54249b
    "remove unused TIF_NOTIFY_RESUME flag," resulted in incorrect
    setting of the unaligned access control flags by the prctl syscall.

    The re-addition of the TIF_NOTIFY_RESUME flag, commit d0420c83f39f
    "KEYS: Extend TIF_NOTIFY_RESUME to (almost) all architectures [try #6]"
    further caused problems, namely incorrect operands to assembler code
    as evidenced by:

    AS      arch/alpha/kernel/entry.o
    arch/alpha/kernel/entry.S: Assembler messages:
    arch/alpha/kernel/entry.S:326: Warning: operand out of range
    (0x0000000000000406 is not between 0x0000000000000000 and
    0x00000000000000ff)

    Both regressions fixed by (1) rearranging TIF_NOTIFY_RESUME flag to be
    in lower 8 bits of the thread info flags, and (2) making sure that
    ALPHA_UAC_SHIFT matches the rearrangement of the thread info flags.

    Signed-off-by: Michael Cree <mcree <at> orcon.net.nz>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 16:59

9p: fix build breakage introduced by FS-Cache

Gitweb:     http://git.kernel.org/linus/6f054164322bc6c1233402b9ed6b40d4af39a98f
Commit:     6f054164322bc6c1233402b9ed6b40d4af39a98f
Parent:     29e553631b2a0d4eebd23db630572e1027a9967a
Author:     David Howells <dhowells <at> redhat.com>
AuthorDate: Tue Dec 1 13:38:45 2009 +0000
Committer:  Linus Torvalds <torvalds <at> linux-foundation.org>
CommitDate: Tue Dec 1 07:35:11 2009 -0800

    9p: fix build breakage introduced by FS-Cache

    While building 2.6.32-rc8-git2 for Fedora I noticed the following thinko
    in commit 201a15428bd54f83eccec8b7c64a04b8f9431204 ("FS-Cache: Handle
    pages pending storage that get evicted under OOM conditions"):

      fs/9p/cache.c: In function '__v9fs_fscache_release_page':
      fs/9p/cache.c:346: error: 'vnode' undeclared (first use in this function)
      fs/9p/cache.c:346: error: (Each undeclared identifier is reported only once
      fs/9p/cache.c:346: error: for each function it appears in.)
      make[2]: *** [fs/9p/cache.o] Error 1

    Fix the 9P filesystem to correctly construct the argument to
    fscache_maybe_release_page().

    Signed-off-by: Kyle McMartin <kyle <at> redhat.com>
    Signed-off-by: Xiaotian Feng <dfeng <at> redhat.com> [from identical patch]
    Signed-off-by: Stefan Lippers-Hollmann <s.l-h <at> gmx.de> [from identical patch]
    Signed-off-by: David Howells <dhowells <at> redhat.com>
    Signed-off-by: Linus Torvalds <torvalds <at> linux-foundation.org>
---
 fs/9p/cache.c |    2 +-
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 16:59

CacheFiles: Update IMA counters when using dentry_open

Gitweb:     http://git.kernel.org/linus/3350b2acdd39d23db52710045536b943fe38a35c
Commit:     3350b2acdd39d23db52710045536b943fe38a35c
Parent:     fa1dae4906982b5d896c07613b1fe42456133b1c
Author:     Marc Dionne <marc.c.dionne <at> gmail.com>
AuthorDate: Tue Dec 1 14:09:24 2009 +0000
Committer:  Linus Torvalds <torvalds <at> linux-foundation.org>
CommitDate: Tue Dec 1 07:35:11 2009 -0800

    CacheFiles: Update IMA counters when using dentry_open

    When IMA is active, using dentry_open without updating the
    IMA counters will result in free/open imbalance errors when
    fput is eventually called.

    Signed-off-by: Marc Dionne <marc.c.dionne <at> gmail.com>
    Signed-off-by: David Howells <dhowells <at> redhat.com>
    Signed-off-by: Linus Torvalds <torvalds <at> linux-foundation.org>
---
 fs/cachefiles/rdwr.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
index 1d83325..a6c8c6f 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
 <at>  <at>  -11,6 +11,7  <at>  <at> 

 #include <linux/mount.h>
 #include <linux/file.h>
+#include <linux/ima.h>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Linux Kernel Mailing List | 1 Dec 2009 17:59

MIPS: IP22/IP28 Disable early printk to fix boot problems on some systems.

Gitweb:     http://git.kernel.org/linus/2b5e63f6b8f6566161a261a9face1de433d6608e
Commit:     2b5e63f6b8f6566161a261a9face1de433d6608e
Parent:     29e553631b2a0d4eebd23db630572e1027a9967a
Author:     Martin Michlmayr <tbm <at> cyrius.com>
AuthorDate: Thu Nov 19 16:40:09 2009 +0000
Committer:  Ralf Baechle <ralf <at> linux-mips.org>
CommitDate: Tue Dec 1 16:21:25 2009 +0000

    MIPS: IP22/IP28 Disable early printk to fix boot problems on some systems.

    Some Debian users have reported that the kernel hangs early during boot on
    some IP22 systems.  Thomas Bogendoerfer found that this is due to a "bad
    interaction between CONFIG_EARLY_PRINTK and overwritten prom memory during
    early boot".  Since there's no fix yet, disable CONFIG_EARLY_PRINTK for now.

    Signed-off-by: Martin Michlmayr <tbm <at> cyrius.com>
    Cc: linux-mips <at> linux-mips.org
    Cc: Thomas Bogendoerfer <tsbogend <at> alpha.franken.de>
    Cc: Dmitri Vorobiev <dmitri.vorobiev <at> gmail.com>
    Patchwork: http://patchwork.linux-mips.org/patch/702/
    Signed-off-by: Ralf Baechle <ralf <at> linux-mips.org>
---
 arch/mips/Kconfig |   18 ++++++++++++++++--
 1 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig
index 1aad0d9..ffdd651 100644
--- a/arch/mips/Kconfig
+++ b/arch/mips/Kconfig
 <at>  <at>  -358,7 +358,14  <at>  <at>  config SGI_IP22
(Continue reading)

Permalink | Reply | 0 comments |

Gmane