user/sven/linux.git/lib, branch v3.5.7

lib/gcd.c: prevent possible div by 0

2012-10-12T20:46:54Z

commit e96875677fb2b7cb739c5d7769824dff7260d31d upstream. Account for all properties when a and/or b are 0: gcd(0, 0) = 0 gcd(a, 0) = a gcd(0, b) = b Fixes no known problems in current kernels. Signed-off-by: Davidlohr Bueso Cc: Eric Dumazet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman

digsig: add hash size comparision on signature verification

2012-10-02T17:39:10Z

commit bc01637a80f5b670bd70a0279d3f93fa8de1c96d upstream. When pkcs_1_v1_5_decode_emsa() returns without error and hash sizes do not match, hash comparision is not done and digsig_verify_rsa() returns no error. This is a bug and this patch fixes it. The bug was introduced in v3.3 by commit b35e286a640f ("lib/digsig: pkcs_1_v1_5_decode_emsa cleanup"). Signed-off-by: Dmitry Kasatkin Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman

lib/vsprintf.c: kptr_restrict: fix pK-error in SysRq show-all-timers(Q)

2012-08-15T14:52:31Z

commit 3715c5309f6d175c3053672b73fd4f73be16fd07 upstream. When using ALT+SysRq+Q all the pointers are replaced with "pK-error" like this: [23153.208033] .base: pK-error with echo h > /proc/sysrq-trigger it works: [23107.776363] .base: ffff88023e60d540 The intent behind this behavior was to return "pK-error" in cases where the %pK format specifier was used in interrupt context, because the CAP_SYSLOG check wouldn't be meaningful. Clearly this should only apply when kptr_restrict is actually enabled though. Reported-by: Stevie Trujillo Signed-off-by: Dan Rosenberg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman

Merge tag 'iommu-fixes-v3.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu

2012-07-09T17:57:21Z

Pull IOMMU fixes from Joerg Roedel: "The patches fix several issues in the AMD IOMMU driver, the NVidia SMMU driver, and the DMA debug code. The most important fix for the AMD IOMMU solves a problem with SR-IOV devices where virtual functions did not work with IOMMU enabled. The NVidia SMMU patch fixes a possible sleep while spin-lock situation (queued the small fix for v3.5, a better but more intrusive fix is coming for v3.6). The DMA debug patches fix a possible data corruption issue due to bool vs u32 usage." * tag 'iommu-fixes-v3.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/amd: fix type bug in flush code dma-debug: debugfs_create_bool() takes a u32 pointer iommu/tegra: smmu: Fix unsleepable memory allocation iommu/amd: Initialize dma_ops for hotplug and sriov devices iommu/amd: Fix missing iommu_shutdown initialization in passthrough mode

dma-debug: debugfs_create_bool() takes a u32 pointer

2012-07-02T10:11:40Z

Even though it has "bool" in the name, you have pass a u32 pointer to debugfs_create_bool(). Otherwise you get memory corruption in write_file_bool(). Fortunately in this case the corruption happens in an alignment hole between variables so it doesn't cause any problems. Signed-off-by: Dan Carpenter Signed-off-by: Joerg Roedel

fault-inject: avoid call to random32() if fault injection is disabled

2012-06-20T21:39:36Z

After enabling CONFIG_FAILSLAB I noticed random32 in profiles even if slub fault injection wasn't enabled at runtime. should_fail forces a comparison against random32() even if probability is 0: if (attr->probability <= random32() % 100) return false; Add a check up front for probability == 0 and avoid all of the more complicated checks. Signed-off-by: Anton Blanchard Acked-by: Akinobu Mita Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

2012-06-15T23:52:35Z

Pull core updates (RCU and locking) from Ingo Molnar: "Most of the diffstat comes from the RCU slow boot regression fixes, but there's also a debuggability improvements/fixes." * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: memblock: Document memblock_is_region_{memory,reserved}() rcu: Precompute RCU_FAST_NO_HZ timer offsets rcu: Move RCU_FAST_NO_HZ per-CPU variables to rcu_dynticks structure rcu: Update RCU_FAST_NO_HZ tracing for lazy callbacks rcu: RCU_FAST_NO_HZ detection of callback adoption spinlock: Indicate that a lockup is only suspected kdump: Execute kmsg_dump(KMSG_DUMP_PANIC) after smp_send_stop() panic: Make panic_on_oops configurable

btree: catch NULL value before it does harm

2012-06-07T21:43:55Z

Storing NULL values in the btree is illegal and can lead to memory corruption and possible other fun as well. Catch it on insert, instead of waiting for the inevitable. Signed-off-by: Joern Engel Signed-off-by: Roland Dreier Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

btree: fix tree corruption in btree_get_prev()

2012-06-07T21:43:55Z

The memory the parameter __key points to is used as an iterator in btree_get_prev(), so if we save off a bkey() pointer in retry_key and then assign that to __key, we'll end up corrupting the btree internals when we do eg longcpy(__key, bkey(geo, node, i), geo->keylen); to return the key value. What we should do instead is use longcpy() to copy the key value that retry_key points to __key. This can cause a btree to get corrupted by seemingly read-only operations such as btree_for_each_safe. [akpm@linux-foundation.org: avoid the double longcpy()] Signed-off-by: Roland Dreier Acked-by: Joern Engel Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds

Merge tag 'md-3.5-fixes' of git://neil.brown.name/md

2012-06-06T16:49:28Z

Pull two md fixes from NeilBrown: "One sparse-warning fix, one bugfix for 3.4-stable" * tag 'md-3.5-fixes' of git://neil.brown.name/md: md: raid1/raid10: fix problem with merge_bvec_fn lib/raid6: fix sparse warnings in recovery functions