summaryrefslogtreecommitdiffstats
path: root/drivers/char
AgeCommit message (Collapse)Author
2007-05-07[POWERPC] Rename device_is_compatible to of_device_is_compatibleStephen Rothwell
for consistency with other Open Firmware interfaces (and Sparc). This is just a straight replacement. This leaves the compatibility define in place. Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-05-02[POWERPC] Rename get_property to of_get_property: driversStephen Rothwell
These are all the remaining instances of get_property. Simple rename of get_property to of_get_property. Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-30Merge branch 'for-2.6.22' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc * 'for-2.6.22' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc: (255 commits) [POWERPC] Remove dev_dbg redefinition in drivers/ps3/vuart.c [POWERPC] remove kernel module option for booke wdt [POWERPC] Avoid putting cpu node twice [POWERPC] Spinlock initializer cleanup [POWERPC] ppc4xx_sgdma needs dma-mapping.h [POWERPC] arch/powerpc/sysdev/timer.c build fix [POWERPC] get_property cleanups [POWERPC] Remove the unused HTDMSOUND driver [POWERPC] cell: cbe_cpufreq cleanup and crash fix [POWERPC] Declare enable_kernel_spe in a header [POWERPC] Add dt_xlate_addr() to bootwrapper [POWERPC] bootwrapper: CONFIG_ -> CONFIG_DEVICE_TREE [POWERPC] Don't define a custom bd_t for Xilixn Virtex based boards. [POWERPC] Add sane defaults for Xilinx EDK generated xparameters files [POWERPC] Add uartlite boot console driver for the zImage wrapper [POWERPC] Stop using ppc_sys for Xilinx Virtex boards [POWERPC] New registration for common Xilinx Virtex ppc405 platform devices [POWERPC] Merge common virtex header files [POWERPC] Rework Kconfig dependancies for Xilinx Virtex ppc405 platform [POWERPC] Clean up cpufreq Kconfig dependencies ...
2007-04-30Merge branch 'linux-2.6' into for-2.6.22Paul Mackerras
2007-04-30[POWERPC] remove kernel module option for booke wdtDave Jiang
Remove option of making booke_wdt into a kernel module. This watchdog cannot be disabled. No point being a kernel module. Signed-off-by: Dave Jiang <djiang@mvista.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-29Merge branch 'release' of ↵Linus Torvalds
git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 * 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6: (105 commits) sonypi: use mutex instead of semaphore sony-laptop: remove user visible camera controls as platform attributes meye: make meye use sony-laptop instead of sonypi sony-laptop: add a meye-usable include file for camera ops sony-laptop: complete the motion eye camera support in sony-laptop sonypi: try to detect if sony-laptop has already taken one of the known ioports sonypi: suggest sonypi users to try sony-laptop instead sony-laptop: add edge modem support (also called WWAN) sony-laptop: add locking on accesses to the ioport and global vars sony-laptop: add camera enable/disable parameter, better handle possible infinite loop thinkpad-acpi: make drivers/misc/thinkpad_acpi:fan_mutex static ACPI: thinkpad-acpi: add sysfs support to wan and bluetooth subdrivers ACPI: thinkpad-acpi: add sysfs support to hotkey subdriver ACPI: thinkpad-acpi: improve dock subdriver initialization ACPI: thinkpad-acpi: improve debugging for acpi helpers ACPI: thinkpad-acpi: improve fan control documentation ACPI: thinkpad-acpi: map ENXIO to EINVAL for fan sysfs ACPI: thinkpad-acpi: fix a fan watchdog invocation ACPI: thinkpad-acpi: do not arm fan watchdog if it would not work ACPI: thinkpad-acpi: add a fan-control feature master toggle ...
2007-04-28Pull sony into release branchLen Brown
2007-04-28sonypi: use mutex instead of semaphoreMatthias Kaehlcke
the Sony Programmable I/O Control driver uses a semaphore as mutex. use the mutex API instead of the (binary) semaphore Signed-off-by: Matthias Kaehlcke <matthias.kaehlcke@gmail.com> Acked-by: Mattia Dongili <malattia@linux.it> Signed-off-by: Len Brown <len.brown@intel.com>
2007-04-28sonypi: try to detect if sony-laptop has already taken one of the known ioportsmalattia@linux.it
Get the IO resources list in sony-laptop in the same order as listed in sonypi and make sonypi check if one of those is already busy. The sonypi check can be disabled by a module parameter in case the user thinks we are plainly wrong (check_ioport=0). Signed-off-by: Mattia Dongili <malattia@linux.it> Signed-off-by: Len Brown <len.brown@intel.com>
2007-04-28sonypi: suggest sonypi users to try sony-laptop insteadmalattia@linux.it
Try to migrate sonypi users to sony-laptop gracefully. Signed-off-by: Mattia Dongili <malattia@linux.it> Signed-off-by: Len Brown <len.brown@intel.com>
2007-04-27[POWERPC] Rename get_property to of_get_property: partial driversStephen Rothwell
This does drivers/machintosh and the hvc code. Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-26Revert "[POWERPC] Rename get_property to of_get_property: drivers"Paul Mackerras
This reverts commit d05c7a80cf39ae7d0f8d0c3e47c93d51fcd393d3, which included changes which should go via other subsystem maintainers.
2007-04-25[NET]: random functions can use nsec resolution instead of usecEric Dumazet
In order to get more randomness for secure_tcpv6_sequence_number(), secure_tcp_sequence_number(), secure_dccp_sequence_number() functions, we can use the high resolution time services, providing nanosec resolution. I've also done two kmalloc()/kzalloc() conversions. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-25[SK_BUFF]: Introduce skb_copy_from_linear_data{_offset}Arnaldo Carvalho de Melo
To clearly state the intent of copying from linear sk_buffs, _offset being a overly long variant but interesting for the sake of saving some bytes. Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
2007-04-25[TCP/DCCP/RANDOM]: Remove unused exports.Adrian Bunk
This patch removes the following not or no longer used exports: - drivers/char/random.c: secure_tcp_sequence_number - net/dccp/options.c: sysctl_dccp_feat_sequence_window - net/netlink/af_netlink.c: netlink_set_err Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: David S. Miller <davem@davemloft.net>
2007-04-24Char: mxser, fix TIOCMIWAITJiri Slaby
There was schedule() missing in the TIOCMIWAIT ioctl. Solve it by moving the code to the wait_event_interruptible. Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Jan Yenya Kasprzak <kas@fi.muni.cz> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-24Char: mxser_new, fix TIOCMIWAITJiri Slaby
There was schedule() missing in the TIOCMIWAIT ioctl. Solve it by moving the code to the wait_event_interruptible. Cc: Jan "Yenya" Kasprzak <kas@fi.muni.cz> Signed-off-by: Jiri Slaby <jirislaby@gmail.com> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-24Char: mxser_new, fix recursive lockingJan Yenya Kasprzak
Signed-off-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz> Acked-by: Jiri Slaby <jirislaby@gmail.com> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-24[POWERPC] Remove old interface find_path_deviceStephen Rothwell
Replaced by of_find_node_by_path. Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-24[POWERPC] hvc_console: Typo fixeswill schmidt
Fix a handful of comment typos for hvc_console. Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-24[POWERPC] hvc_console: Polling mode timer backoffWill Schmidt
Add a back-off mechanism to hvc_console's polling logic. This change drops the timers/second ratio from ~90 to ~1/2 while the console is idle. This change is most noticeable when watching /proc/timer_stats output. This only affects when the hvc_console is running in poll mode, i.e. power4 and cell systems. I've tested on Power4, Michael Ellerman has both contributed to the patch and tested on cell. Signed-off-by: Will Schmidt <will_schmidt@vnet.ibm.com> Signed-off-by: Michael Ellerman <michael@ellerman.id.au> Acked-by: Linas Vepstas <linas@austin.ibm.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-17fix bogon in /dev/mem mmap'ing on nommuBenjamin Herrenschmidt
While digging through my MAP_FIXED changes, I found that rather obvious bug in /dev/mem mmap implementation for nommu archs. get_unmapped_area() is expected to return an address, not a pfn. Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Acked-By: David Howells <dhowells@redhat.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-04-13[POWERPC] Rename get_property to of_get_property: driversStephen Rothwell
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-13[POWERPC] Rename prom_n_size_cells to of_n_size_cellsStephen Rothwell
This is more consistent and gets us closer to the Sparc code. Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-13[POWERPC] Rename prom_n_addr_cells to of_n_addr_cellsStephen Rothwell
This is more consistent and gets us closer to the Sparc code. Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> Signed-off-by: Paul Mackerras <paulus@samba.org>
2007-04-10Merge branch 'for-2.6.21' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart * 'for-2.6.21' of master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart: [AGPGART] intel_agp: fix G965 GTT size detect
2007-04-09[AGPGART] intel_agp: fix G965 GTT size detectWang Zhenyu
On G965, I810_PGETBL_CTL is a mmio offset, but we wrongly take it as pci config space offset in detecting GTT size. This one line patch fixs this. Signed-off-by: Wang Zhenyu <zhenyu.z.wang@intel.com> Signed-off-by: Dave Jones <davej@redhat.com>
2007-04-09Merge branch 'for-2.6.21' of ↵Linus Torvalds
master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart * 'for-2.6.21' of master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart: [AGPGART] intel_agp: PCI id update for Intel 965GM
2007-04-08[AGPGART] intel_agp: PCI id update for Intel 965GMWang Zhenyu
Update PCI id info for Intel 965GM chipset. Signed-off-by: Wang Zhenyu <zhenyu.z.wang@intel.com> Signed-off-by: Dave Jones <davej@redhat.com>
2007-04-02[PATCH] vt: fix potential race in VT_WAITACTIVE handlerMichal Januszewski
On a multiprocessor machine the VT_WAITACTIVE ioctl call may return 0 if fg_console has already been updated in redraw_screen() but the console switch itself hasn't been completed. Fix this by checking fg_console in vt_waitactive() with the console sem held. Signed-off-by: Michal Januszewski <spock@gentoo.org> Acked-by: Antonino Daplas <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-29[PATCH] Wire up DEC serial drivers in KconfigRalf Baechle
Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-28Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6Linus Torvalds
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [VIDEO]: Fix section mismatch in cg3.c [SPARC]: sparc64 gcc-4.2.0 20070317 -Werror failure [VIDEO] ffb: Fix two DAC handling bugs. [SPARC32]: Fix SMP build regression [DRM]: Delete sparc64 FFB driver code that never gets built.
2007-03-27[PATCH] generic_serial: fix decoding of baud rateDaniel Drake
Commit d720bc4b8fc5d6d179ef094908d4fbb5e436ffad partially removed a private implementation of baud speed decoding. However it doesn't seem to be complete: after the speed is decoded, it is still being used as an index to a local speed table (array overrun, no doubt). This was found by Graham Murray who noticed it caused a 2.6.19 regression with the SX driver: https://bugs.gentoo.org/170554 Signed-off-by: Daniel Drake <dsd@gentoo.org> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Russell King <rmk@arm.linux.org.uk> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-26[DRM]: Delete sparc64 FFB driver code that never gets built.David S. Miller
The Kconfig bits were removed long ago, so we should kill off the driver too. Signed-off-by: David S. Miller <davem@davemloft.net>
2007-03-18[PATCH] tty: Fix two reported pid leaksEric W. Biederman
These leaks were reported by: Catalin Marinas <catalin.marians@gmail.com> and I have been able to very by inspection they are possible. When converting tty_io.c to store pids as struct pid pointers instead of pid_t values it appears I overlooked two places where we stop using the pid value. The very obvious one is in do_tty_hangup, and the one the less obvious one in __proc_set_tty. When looking into the code __proc_set_tty only has pids that need to be put because of failures of other parts of the code to properly perform hangup processing. Fixing the leak here in __proc_set_tty is easy and obviously correct so I am doing that first. Fixing the places that should be performing hangup processing is much less obviously correct. So those I'm aiming those patches at -mm. for now, so the can age a while before they are merged. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-18[PATCH] machzwd warning fixAndrew Morton
drivers/char/watchdog/machzwd.c: In function 'zf_ioctl': drivers/char/watchdog/machzwd.c:327: warning: passing argument 1 of 'zf_ping' makes integer from pointer without a cast Also some coding-style repairs. Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Al Viro <viro@ftp.linux.org.uk> Acked-by: Wim Van Sebroeck <wim@iguana.be> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-16Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linusLinus Torvalds
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus: [MIPS] Kconfig: Move missplaced NR_CPUS default from SMTC to VSMP. [MIPS] Lockdep: Fix recursion bug. [MIPS] RTLX: Handle copy_*_user return values. [MIPS] RTLX: Protect rtlx_{read,write} with mutex. [MIPS] RTLX: Harden against compiler reordering and optimization. [MIPS] RTLX: Don't use volatile; it's fragile. [MIPS] Lasat: Downgrade 64-bit kernel from experimental to broken. [MIPS] Compat: Fix build if CONFIG_SYSVIPC is disabled. [CHAR] lcd: Fix two warnings. [MIPS] FPU ownership management & preemption fixes [MIPS] Check FCSR for pending interrupts, alternative version [MIPS] IP27, IP35: Fix warnings.
2007-03-16[PATCH] Initialise SAK member for each virtual console to prevent oopsBernhard Walle
Initialise the SAK member of the vc_cons variable on all virtual terminals, not only the first one. This prevents an oops when trying Sysrq-C on e.g. the second virtual terminal: kernel BUG at kernel/workqueue.c:212! invalid opcode: 0000 [1] SMP CPU 0 Modules linked in: i915 drm deflate zlib_deflate twofish twofish_common serpent blowfish des ce Pid: 0, comm: swapper Not tainted 2.6.21-rc3-default #15 RIP: 0010:[<ffffffff8028c955>] [<ffffffff8028c955>] queue_work+0x32/0x51 RSP: 0018:ffffffff805fada8 EFLAGS: 00010013 RAX: ffffffff80683f38 RBX: ffffffff804ae700 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff80683f30 RDI: ffff81000134a840 RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000002 R10: ffffffff805990e0 R11: ffff810037f4c0f0 R12: 000000000000006b R13: ffff81007aa23000 R14: 0000000000000001 R15: 0000000000000096 FS: 0000000000000000(0000) GS:ffffffff804d8000(0000) knlGS:0000000000000000 CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b CR2: 00002b72026e9000 CR3: 0000000079175000 CR4: 00000000000006e0 Process swapper (pid: 0, threadinfo ffffffff8059e000, task ffffffff80490840) Stack: 0000000000000096 ffffffff803635db ffffffff805fadf8 0000000000000001 ffff8100013c2e40 0000000000000025 ffff81007c931c00 ffff81007aa23000 0000000000000001 ffffffff8035e3ee 0000000000000092 ffff810037cc8000 Call Trace: <IRQ> [<ffffffff803635db>] __handle_sysrq+0x98/0x129 [<ffffffff8035e3ee>] kbd_event+0x32e/0x56a [<ffffffff8037d502>] input_event+0x422/0x44a [<ffffffff80381d71>] atkbd_interrupt+0x449/0x503 [<ffffffff8037a42d>] serio_interrupt+0x37/0x6f [<ffffffff8037affb>] i8042_interrupt+0x1f4/0x20a [<ffffffff8026bd20>] smp_send_timer_broadcast_ipi+0x2d/0x4e [<ffffffff8020eee5>] handle_IRQ_event+0x25/0x53 [<ffffffff802a924c>] handle_edge_irq+0xe4/0x128 [<ffffffff802562ac>] call_softirq+0x1c/0x28 [<ffffffff802632eb>] do_IRQ+0x6c/0xd3 [<ffffffff8024f4e7>] mwait_idle+0x0/0x45 [<ffffffff80255631>] ret_from_intr+0x0/0xa <EOI> [<ffffffff80248a4d>] datagram_poll+0x0/0xc8 [<ffffffff8024f529>] mwait_idle+0x42/0x45 [<ffffffff80242c05>] cpu_idle+0x8b/0xae [<ffffffff805a8779>] start_kernel+0x2b9/0x2c5 [<ffffffff805a815e>] _sinittext+0x15e/0x162 Code: 0f 0b eb fe 48 8b 07 48 63 d2 48 f7 d0 48 8b 3c d0 e8 13 ff RIP [<ffffffff8028c955>] queue_work+0x32/0x51 RSP <ffffffff805fada8> Kernel panic - not syncing: Aiee, killing interrupt handler! Signed-off-by: Bernhard Walle <bwalle@suse.de> Acked-by: Eric Biederman <ebiederm@xmission.com> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-16[PATCH] swsusp: fix suspend when console is in VT_AUTO+KD_GRAPHICS modeAndrew Johnson
When the console is in VT_AUTO+KD_GRAPHICS mode, switching to the SUSPEND_CONSOLE fails, resulting in vt_waitactive() waiting indefinitely or until the task is interrupted. This patch tests if a console switch can occur in set_console() and returns early if a console switch is not possible. [akpm@linux-foundation.org: cleanup] Signed-off-by: Andrew Johnson <ajohnson@intrinsyc.com> Acked-by: Pavel Machek <pavel@ucw.cz> Cc: "Antonino A. Daplas" <adaplas@pol.net> Cc: "Rafael J. Wysocki" <rjw@sisk.pl> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-17[CHAR] lcd: Fix two warnings.Ralf Baechle
In file included from drivers/char/lcd.c:23: include/linux/mc146818rtc.h:104:1: warning: "RTC_IO_EXTENT" redefined drivers/char/lcd.c:15:1: warning: this is the location of the previous definition drivers/char/lcd.c:35: warning: 'lcd_lock' defined but not used c316eb1eee2c803c33b1f826fe744c922d2e354f deleted the last code using lcd_lock, so delete definition of lcd_lock. The definition of RTC_IO_EXTENT is unused and probably always was only debree copied from drivers/char/rtc.c. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-14Merge master.kernel.org:/pub/scm/linux/kernel/git/wim/linux-2.6-watchdogLinus Torvalds
* master.kernel.org:/pub/scm/linux/kernel/git/wim/linux-2.6-watchdog: [WATCHDOG] i8xx TCO driver - mark for removal
2007-03-14[PATCH] misc NULL noiseAl Viro
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-11[WATCHDOG] i8xx TCO driver - mark for removalWim Van Sebroeck
Mark the i8xx TCO driver for removal. Signed-off-by: Wim Van Sebroeck <wim@iguana.be>
2007-03-08[CHAR] ds1286: Fix handling of seconds in RTC_ALM_SET ioctl.Ralf Baechle
o Fix use of uninitialized variable sec. o Make the RTC_ALM_SET ioctl return -EINVAL for non-zero seconds - the DS1286 has no second field for the alarm time. o Replace the obscure BIN_TO_BCD macro with BIN2BCD. Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
2007-03-06[PATCH] minor updat to tlclk Kconfig entryMark Gross
The tlclk driver is going on the MPCBL005 so I need to make the Kconfig more more generic. Just some text changes. Signed-off-by: Mark Gross <mark.gross@intel.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-06[PATCH] Fix buffer overflow in Omnikey CardMan 4040 driver (CVE-2007-0005)Marcel Holtmann
Based on a patch from Don Howard <dhoward@redhat.com> When calling write() with a buffer larger than 512 bytes, the driver's write buffer overflows, allowing to overwrite the EIP and execute arbitrary code with kernel privileges. In read(), there exists a similar problem, but coming from the device. A malicous or buggy device sending more than 512 bytes can overflow of the driver's read buffer, with the same effects as above. Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Harald Welte <laforge@gnumonks.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-05[PATCH] char/epca.c: remove unused functionMichal Piotrowski
"drivers/char/epca.c:2741: warning: 'get_termio' defined but not used" Signed-off-by: Michal Piotrowski <michal.k.k.piotrowski@gmail.com> Acked-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-05[PATCH] ipmi: check, if default ports are accessible on PPCChristian Krafft
ipmi_si_intf tries to access default ports, if no device could be found elsewhere. On PPC we have a function to check, if these legacy IO ports are accessible. This patch adds a check for these ports on PPC. This patch fixes a breakage of IPMI module on PPC machines without a BMC. Signed-off-by: Christian Krafft <krafft@de.ibm.com> Acked-by: Michael Ellerman <michael@ellerman.id.au> Signed-off-by: Corey Minyard <minyard@acm.org> Cc: Paul Mackerras <paulus@samba.org> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-05[PATCH] cyclades: return closing_waitAndrew Morton
In http://bugzilla.kernel.org/show_bug.cgi?id=8065, Shen points out that the cyclades driver forget to return closing_wait to userspace. Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Shen <shanlu@cs.uiuc.edu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-03-01[PATCH] tty_io: fix race in master pty close/slave pty close pathAristeu Sergio Rozanski Filho
This patch fixes a possible race that leads to double freeing an idr index. When the master begin to close, release_dev() is called and then pty_close() is called: if (tty->driver->close) tty->driver->close(tty, filp); This is done without helding any locks other than BKL. Inside pty_close(), being a master close, the devpts entry will be removed: #ifdef CONFIG_UNIX98_PTYS if (tty->driver == ptm_driver) devpts_pty_kill(tty->index); #endif But devpts_pty_kill() will call get_node() that may sleep while waiting for &devpts_root->d_inode->i_sem. When this happens and the slave is being opened, tty_open() just found the driver and index: driver = get_tty_driver(device, &index); if (!driver) { mutex_unlock(&tty_mutex); return -ENODEV; } This part of the code is already protected under tty_mute. The problem is that the slave close already got an index. Then init_dev() is called and blocks waiting for the same &devpts_root->d_inode->i_sem. When the master close resumes, it removes the devpts entry, and the relation between idr index and the tty is gone. The master then sleeps waiting for the tty_mutex on release_dev(). Slave open resumes and found no tty for that index. As result, a NULL tty is returned and init_dev() doesn't flow to fast_track: /* check whether we're reopening an existing tty */ if (driver->flags & TTY_DRIVER_DEVPTS_MEM) { tty = devpts_get_tty(idx); if (tty && driver->subtype == PTY_TYPE_MASTER) tty = tty->link; } else { tty = driver->ttys[idx]; } if (tty) goto fast_track; The result of this, is that a new tty will be created and init_dev() returns sucessfull. After returning, tty_mutex is dropped and master close may resume. Master close finds it's the only use and both sides are closing, then releases the tty and the index. At this point, the idr index is free, but slave still has it. Slave open then calls pty_open() and finds that tty->link->count is 0, because there's no master and returns error. Then tty_open() calls release_dev() which executes without any warning, as it was a case of last slave close when the master is already closed (master->count == 0, slave->count == 1). The tty is then released with the already released idr index. This normally would only issue a warning on idr_remove() but in case of a customer's critical application, it's never too simple: thread1: opens master, gets index X thread1: begin closing master thread2: begin opening slave with index X thread1: finishes closing master, index X released thread3: opens master, gets index X, just released thread2: fails opening slave, releases index X <---- thread4: opens master, gets index X, init_dev() then find an already in use and healthy tty and fails If no more indexes are released, ptmx_open() will keep failing, as the first free index available is X, and it will make init_dev() fail because you're trying to "reopen a master" which isn't valid. The patch notices when this race happens and make init_dev() fail imediately. The init_dev() function is called with tty_mutex held, so it's safe to continue with tty till the end of function because release_dev() won't make any further changes without grabbing the tty_mutex. Without the patch, on some machines it's possible get easily idr warnings like this one: idr_remove called for id=15 which is not allocated. [<c02555b9>] idr_remove+0x139/0x170 [<c02a1b62>] release_mem+0x182/0x230 [<c02a28e7>] release_dev+0x4b7/0x700 [<c02a0ea7>] tty_ldisc_enable+0x27/0x30 [<c02a1e64>] init_dev+0x254/0x580 [<c02a0d64>] check_tty_count+0x14/0xb0 [<c02a4f05>] tty_open+0x1c5/0x340 [<c02a4d40>] tty_open+0x0/0x340 [<c017388f>] chrdev_open+0xaf/0x180 [<c017c2ac>] open_namei+0x8c/0x760 [<c01737e0>] chrdev_open+0x0/0x180 [<c0167bc9>] __dentry_open+0xc9/0x210 [<c0167e2c>] do_filp_open+0x5c/0x70 [<c0167a91>] get_unused_fd+0x61/0xd0 [<c0167e93>] do_sys_open+0x53/0x100 [<c0167f97>] sys_open+0x27/0x30 [<c010303b>] syscall_call+0x7/0xb using this test application available on: http://www.ruivo.org/~aris/pty_sodomizer.c Signed-off-by: Aristeu Sergio Rozanski Filho <aris@ruivo.org> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Chuck Ebbert <cebbert@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>