]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
18 years ago[NET]: Add missing UFO initialisations
Herbert Xu [Wed, 8 Nov 2006 06:47:29 +0000 (07:47 +0100)]
[NET]: Add missing UFO initialisations

This bug was unknowingly fixed the GSO patches (or rather, its effect was
unknown at the time).

Thanks to Marco Berizzi's persistence which is documented in the thread
"ipsec tunnel asymmetrical mtu", we now know that it can have highly
non-obvious symptoms.

What happens is that uninitialised uso_size fields can cause packets to
be incorrectly identified as UFO, which means that it does not get
fragmented even if it's over the MTU.

The fix is simple enough.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago from mm/memory.c:
Dmitriy Monakhov [Tue, 7 Nov 2006 14:40:54 +0000 (15:40 +0100)]
 from mm/memory.c:
  1434  static inline void cow_user_page(struct page *dst, struct page *src, unsigned long va)
  1435  {
  1436          /*
  1437           * If the source page was a PFN mapping, we don't have
  1438           * a "struct page" for it. We do a best-effort copy by
  1439           * just copying from the original user address. If that
  1440           * fails, we just zero-fill it. Live with it.
  1441           */
  1442          if (unlikely(!src)) {
  1443                  void *kaddr = kmap_atomic(dst, KM_USER0);
  1444                  void __user *uaddr = (void __user *)(va & PAGE_MASK);
  1445
  1446                  /*
  1447                   * This really shouldn't fail, because the page is there
  1448                   * in the page tables. But it might just be unreadable,
  1449                   * in which case we just give up and fill the result with
  1450                   * zeroes.
  1451                   */
  1452                  if (__copy_from_user_inatomic(kaddr, uaddr, PAGE_SIZE))
  1453                          memset(kaddr, 0, PAGE_SIZE);
  1454                  kunmap_atomic(kaddr, KM_USER0);
  #### D-cache have to be flushed here.
  #### It seems it is just forgotten.

  1455                  return;
  1456
  1457          }
  1458          copy_user_highpage(dst, src, va);
  #### Ok here. flush_dcache_page() called from this func if arch need it
  1459  }

Signed-off-by: Dmitriy Monakhov <dmonakhov@openvz.org>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[MAINTAINERS]: Add proper entry for TC classifier
Stephen Hemminger [Tue, 7 Nov 2006 14:36:32 +0000 (15:36 +0100)]
[MAINTAINERS]: Add proper entry for TC classifier

Acked-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[PKT_SCHED]: act_api: Fix module leak while flushing actions
Thomas Graf [Tue, 7 Nov 2006 14:34:27 +0000 (15:34 +0100)]
[PKT_SCHED]: act_api: Fix module leak while flushing actions

Module reference needs to be given back if message header
construction fails.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoPKT_SCHED: Return ENOENT if action module is unavailable
Thomas Graf [Tue, 7 Nov 2006 14:32:51 +0000 (15:32 +0100)]
PKT_SCHED: Return ENOENT if action module is unavailable

Return ENOENT if action module is unavailable

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoPKT_SCHED: Fix illegal memory dereferences when dumping actions
Thomas Graf [Tue, 7 Nov 2006 14:31:14 +0000 (15:31 +0100)]
PKT_SCHED: Fix illegal memory dereferences when dumping actions

The TCA_ACT_KIND attribute is used without checking its
availability when dumping actions therefore leading to a
value of 0x4 being dereferenced.

The use of strcmp() in tc_lookup_action_n() isn't safe
when fed with string from an attribute without enforcing
proper NUL termination.

Both bugs can be triggered with malformed netlink message
and don't require any privileges.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoPKT_SCHED: Fix error handling while dumping actions
Thomas Graf [Tue, 7 Nov 2006 14:30:21 +0000 (15:30 +0100)]
PKT_SCHED: Fix error handling while dumping actions

"return -err" and blindly inheriting the error code in the netlink
failure exception handler causes errors codes to be returned as
positive value therefore making them being ignored by the caller.

May lead to sending out incomplete netlink messages.

Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[PATCH] md: Make sure bi_max_vecs is set properly in bio_split
Neil Brown [Tue, 7 Nov 2006 14:25:48 +0000 (15:25 +0100)]
[PATCH] md: Make sure bi_max_vecs is set properly in bio_split

Else a subsequent bio_clone might make a mess.

Signed-off-by: Neil Brown <neilb@suse.de>
Acked-by: Jens Axboe <axboe@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[CPUFREQ] Fix powernow-k8 SMP kernel on UP hardware bug.
Randy Dunlap [Tue, 7 Nov 2006 14:15:04 +0000 (15:15 +0100)]
[CPUFREQ] Fix powernow-k8 SMP kernel on UP hardware bug.

Fix powernow-k8 doesn't load bug.
Reference:
https://launchpad.net/distros/ubuntu/+source/linux-source-2.6.15/+bug/35145

Signed-off-by: Ben Collins <bcollins@ubuntu.com>
Signed-off-by: Dave Jones <davej@redhat.com>
18 years ago[CPUFREQ] Make powernow-k7 work on SMP kernels.
Dave Jones [Tue, 7 Nov 2006 14:14:04 +0000 (15:14 +0100)]
[CPUFREQ] Make powernow-k7 work on SMP kernels.

Even though powernow-k7 doesn't work in SMP environments,
it can work on an SMP configured kernel if there's only
one CPU present, however recalibrate_cpu_khz was returning
-EINVAL on such kernels, so we failed to init the cpufreq driver.

Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoLinux 2.6.16.31 v2.6.16.31
Adrian Bunk [Tue, 7 Nov 2006 13:31:00 +0000 (14:31 +0100)]
Linux 2.6.16.31

18 years agoLinux 2.6.16.31-rc1 v2.6.16.31-rc1
Adrian Bunk [Sun, 5 Nov 2006 08:48:22 +0000 (09:48 +0100)]
Linux 2.6.16.31-rc1

18 years ago[NETFILTER]: Fix ip6_tables extension header bypass bug (CVE-2006-4572)
Patrick McHardy [Sun, 5 Nov 2006 08:04:23 +0000 (09:04 +0100)]
[NETFILTER]: Fix ip6_tables extension header bypass bug (CVE-2006-4572)

As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible
to a fragmentation attack causing false negatives on extension header
matches.

When extension headers occur in the non-first fragment after the fragment
header (possibly with an incorrect nexthdr value in the fragment header)
a rule looking for this extension header will never match.

Drop fragments that are at offset 0 and don't contain the final protocol
header regardless of the ruleset, since this should not happen normally.
Since all extension headers are before the protocol header this makes sure
an extension header is either not present or in the first fragment, where
we can properly parse it.

With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[NETFILTER]: Fix ip6_tables protocol bypass bug (CVE-2006-4572)
Patrick McHardy [Sun, 5 Nov 2006 08:03:48 +0000 (09:03 +0100)]
[NETFILTER]: Fix ip6_tables protocol bypass bug (CVE-2006-4572)

As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible
to a fragmentation attack causing false negatives on protocol matches.

When the protocol header doesn't follow the fragment header immediately,
the fragment header contains the protocol number of the next extension
header. When the extension header and the protocol header are sent in
a second fragment a rule like "ip6tables .. -p udp -j DROP" will never
match.

Drop fragments that are at offset 0 and don't contain the final protocol
header regardless of the ruleset, since this should not happen normally.

With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoknfsd: Fix race that can disable NFS server.
Neil Brown [Sun, 5 Nov 2006 08:03:18 +0000 (09:03 +0100)]
knfsd: Fix race that can disable NFS server.

This is a long standing bug that seems to have only recently become
apparent, presumably due to increasing use of NFS over TCP - many
distros seem to be making it the default.

The SK_CONN bit gets set when a listening socket may be ready
for an accept, just as SK_DATA is set when data may be available.

It is entirely possible for svc_tcp_accept to be called with neither
of these set.  It doesn't happen often but there is a small race in
svc_sock_enqueue as SK_CONN and SK_DATA are tested outside the
spin_lock.  They could be cleared immediately after the test and
before the lock is gained.

This normally shouldn't be a problem.  The sockets are non-blocking so
trying to read() or accept() when ther is nothing to do is not a problem.

However: svc_tcp_recvfrom makes the decision "Should I accept() or
should I read()" based on whether SK_CONN is set or not.  This usually
works but is not safe.  The decision should be based on whether it is
a TCP_LISTEN socket or a TCP_CONNECTED socket.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoposix-cpu-timers: prevent signal delivery starvation
Thomas Gleixner [Sun, 5 Nov 2006 08:02:46 +0000 (09:02 +0100)]
posix-cpu-timers: prevent signal delivery starvation

The integer divisions in the timer accounting code can round the result
down to 0.  Adding 0 is without effect and the signal delivery stops.

Clamp the division result to minimum 1 to avoid this.

Problem was reported by Seongbae Park <spark@google.com>, who provided
also an inital patch.

Roland sayeth:

  I have had some more time to think about the problem, and to reproduce it
  using Toyo's test case.  For the record, if my understanding of the problem
  is correct, this happens only in one very particular case.  First, the
  expiry time has to be so soon that in cputime_t units (usually 1s/HZ ticks)
  it's < nthreads so the division yields zero.  Second, it only affects each
  thread that is so new that its CPU time accumulation is zero so now+0 is
  still zero and ->it_*_expires winds up staying zero.  For the VIRT and PROF
  clocks when cputime_t is tick granularity (or the SCHED clock on
  configurations where sched_clock's value only advances on clock ticks), this
  is not hard to arrange with new threads starting up and blocking before they
  accumulate a whole tick of CPU time.  That's what happens in Toyo's test
  case.

  Note that in general it is fine for that division to round down to zero,
  and set each thread's expiry time to its "now" time.  The problem only
  arises with thread's whose "now" value is still zero, so that now+0 winds up
  0 and is interpreted as "not set" instead of ">= now".  So it would be a
  sufficient and more precise fix to just use max(ticks, 1) inside the loop
  when setting each it_*_expires value.

  But, it does no harm to round the division up to one and always advance
  every thread's expiry time.  If the thread didn't already fire timers for
  the expiry time of "now", there is no expectation that it will do so before
  the next tick anyway.  So I followed Thomas's patch in lifting the max out
  of the loops.

  This patch also covers the reload cases, which are harder to write a test
  for (and I didn't try).  I've tested it with Toyo's case and it fixes that.

[toyoa@mvista.com: fix: min_t -> max_t]
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[IPV6]: fix lockup via /proc/net/ip6_flowlabel (CVE-2006-5619)
James Morris [Sun, 5 Nov 2006 08:00:45 +0000 (09:00 +0100)]
[IPV6]: fix lockup via /proc/net/ip6_flowlabel (CVE-2006-5619)

There's a bug in the seqfile handling for /proc/net/ip6_flowlabel, where,
after finding a flowlabel, the code will loop forever not finding any
further flowlabels, first traversing the rest of the hash bucket then just
looping.

This patch fixes the problem by breaking after the hash bucket has been
traversed.

Note that this bug can cause lockups and oopses, and is trivially invoked
by an unpriveleged user.

Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoACPI: enable SMP C-states on x86_64
Shaohua Li [Sun, 5 Nov 2006 07:23:24 +0000 (08:23 +0100)]
ACPI: enable SMP C-states on x86_64

http://bugzilla.kernel.org/show_bug.cgi?id=5653

Signed-off-by: Shaohua Li <shaohua.li@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agofix RARP ic_servaddr breakage
Al Viro [Sun, 5 Nov 2006 07:15:37 +0000 (08:15 +0100)]
fix RARP ic_servaddr breakage

memcpy 4 bytes to address of auto unsigned long variable followed
by comparison with u32 is a bloody bad idea.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[S390] fix user readable uninitialised kernel memory, take 2.
Martin Schwidefsky [Sun, 5 Nov 2006 07:03:01 +0000 (08:03 +0100)]
[S390] fix user readable uninitialised kernel memory, take 2.

The previous patch to correct the copy_from_user padding is quite
broken. The execute instruction needs to be done via the register %r4,
not via %r2 and 31 bit doesn't know the instructions lgr and ahji.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[S390] fix user readable uninitialised kernel memory (CVE-2006-5174)
Martin Schwidefsky [Sun, 5 Nov 2006 07:01:53 +0000 (08:01 +0100)]
[S390] fix user readable uninitialised kernel memory (CVE-2006-5174)

A user space program can read uninitialised kernel memory
by appending to a file from a bad address and then reading
the result back. The cause is the copy_from_user function
that does not clear the remaining bytes of the kernel
buffer after it got a fault on the user space address.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoLinux 2.6.16.30 v2.6.16.30
Adrian Bunk [Thu, 2 Nov 2006 07:30:27 +0000 (08:30 +0100)]
Linux 2.6.16.30

18 years agoLinux 2.6.16.30-rc1 v2.6.16.30-rc1
Adrian Bunk [Tue, 17 Oct 2006 12:52:16 +0000 (14:52 +0200)]
Linux 2.6.16.30-rc1

18 years ago[IA64] correct file descriptor reference counting in perfmon (CVE-2006-3741)
Stephane Eranian [Tue, 17 Oct 2006 12:50:56 +0000 (14:50 +0200)]
[IA64] correct file descriptor reference counting in perfmon (CVE-2006-3741)

Fix a bug in sys_perfmonctl() whereby it was not correctly
decrementing the file descriptor reference count.

Signed-off-by: Stephane Eranian <eranian@hpl.hp.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[PPPOE]: Advertise PPPoE MTU
Michal Ostrowski [Sat, 14 Oct 2006 17:20:16 +0000 (19:20 +0200)]
[PPPOE]: Advertise PPPoE MTU

PPPoE must advertise the underlying device's MTU via the ppp channel
descriptor structure, as multilink functionality depends on it.

Signed-off-by: Michal Ostrowski <mostrows@earthlink.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoPKT_SCHED: cls_basic: Use unsigned int when generating handle
Kim Nordlund [Sat, 14 Oct 2006 08:39:40 +0000 (10:39 +0200)]
PKT_SCHED: cls_basic: Use unsigned int when generating handle

Prevents filters from being added if the first generated
handle already exists.

Signed-off-by: Kim Nordlund <kim.nordlund@nokia.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[SPARC64]: Kill bogus check from bootmem_init().
David S. Miller [Sat, 14 Oct 2006 08:35:26 +0000 (10:35 +0200)]
[SPARC64]: Kill bogus check from bootmem_init().

There is an ancient and totally incorrect sanity check being
done on the ramdisk location.  The check assumes that the
kernel is always loaded to physical address zero, which is
wrong.  It was trying to validate the ramdisk value by saying that
if it fell within the kernel image address range it must be wrong.

Anyways, kill this because it actually creates problems.  The
'ramdisk_image' should always be adjusted down by KERNBASE.
SILO can easily put the ramdisk in a location which causes
this test to trigger, breaking things.

[ Based almost entirely upon a patch from Ben Collins. ]

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[SPARC64]: Fix sched_clock() wrapping every ~17 seconds.
David S. Miller [Sat, 14 Oct 2006 08:33:10 +0000 (10:33 +0200)]
[SPARC64]: Fix sched_clock() wrapping every ~17 seconds.

Unfortunately, sparc64 doesn't have an easy way to do a "64 X 64 -->
128" bit multiply like PowerPC and IA64 do.  We were doing a
"64 X 64 --> 64" bit multiple which causes overflow very quickly with
a 30-bit quotient shift.

So use a quotientshift count of 10 instead of 30, just like x86 and
ARM do.

This also fixes the wrapping of printk timestamp values every ~17
seconds.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[CIFS] Allow cifsd to suspend if connection is lost
Rafael J. Wysocki [Sat, 14 Oct 2006 08:12:26 +0000 (10:12 +0200)]
[CIFS] Allow cifsd to suspend if connection is lost

Make cifsd allow us to suspend if it has lost the connection with a server

Ref: http://bugzilla.kernel.org/show_bug.cgi?id=6811

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[CIFS] Fix typo in earlier cifs_unlink change and protect one extra path.
Steve French [Sat, 14 Oct 2006 08:11:47 +0000 (10:11 +0200)]
[CIFS] Fix typo in earlier cifs_unlink change and protect one extra path.

Since cifs_unlink can also be called from rename path and there
was one report of oops am making the extra check for null inode.

Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[CIFS] Fix unlink oops when indirectly called in rename error path under heavy stress.
Steve French [Sat, 14 Oct 2006 08:11:16 +0000 (10:11 +0200)]
[CIFS] Fix unlink oops when indirectly called in rename error path under heavy stress.

Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[CIFS] fs/cifs/dir.c: fix possible NULL dereference
Steve French [Sat, 14 Oct 2006 08:10:45 +0000 (10:10 +0200)]
[CIFS] fs/cifs/dir.c: fix possible NULL dereference

Signed-off-by: Steve French <sfrench@us.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[ATM] CLIP: Do not refer freed skbuff in clip_mkip() (CVE-2006-4997)
YOSHIFUJI Hideaki [Fri, 13 Oct 2006 23:13:36 +0000 (01:13 +0200)]
[ATM] CLIP: Do not refer freed skbuff in clip_mkip() (CVE-2006-4997)

In clip_mkip(), skb->dev is dereferenced after clip_push(),
which frees up skb.

Advisory: AD_LAB-06009 (<adlab@venustech.com.cn>).

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agofbdev: add modeline for 1680x1050@60
Olaf Hering [Fri, 13 Oct 2006 16:16:26 +0000 (18:16 +0200)]
fbdev: add modeline for 1680x1050@60

Add a modeline for the Philips 200W display.  aty128fb does not do DDC, it
picks 1920x1440 or similar.  It works ok with nvidiafb because it can ask
for DDC data.

mode "1680x1050-60"
    # D: 146.028 MHz, H: 65.191 kHz, V: 59.863 Hz
    geometry 1680 1050 1680 1050 16
    timings 6848 280 104 30 3 176 6
    hsync high
    vsync high
    rgba 5/11,6/5,5/0,0/0
endmode

hwinfo --monitor
20: None 00.0: 10000 Monitor
[Created at monitor.206]
  Unique ID: rdCR.pzUFTofo1S4
  Parent ID: 002j.bJRsY88eNSC
  Hardware Class: monitor
  Model: "PHILIPS Philips 200W"
  Vendor: PHL "PHILIPS"
  Device: eisa 0x0832 "Philips 200W"
  Serial ID: "VN  016596"
  Resolution: 720x400@70Hz
  Resolution: 640x480@60Hz
  Resolution: 640x480@67Hz
  Resolution: 640x480@72Hz
  Resolution: 640x480@75Hz
  Resolution: 800x600@56Hz
  Resolution: 800x600@60Hz
  Resolution: 800x600@72Hz
  Resolution: 800x600@75Hz
  Resolution: 832x624@75Hz
  Resolution: 1024x768@60Hz
  Resolution: 1024x768@70Hz
  Resolution: 1024x768@75Hz
  Resolution: 1280x1024@75Hz
  Resolution: 1152x864@70Hz
  Resolution: 1152x864@75Hz
  Resolution: 1280x960@60Hz
  Resolution: 1280x1024@60Hz
  Resolution: 1680x1050@60Hz
  Size: 433x271 mm
  Driver Info #0:
    Max. Resolution: 1680x1050
    Vert. Sync Range: 56-85 Hz
    Hor. Sync Range: 30-93 kHz
  Config Status: cfg=new, avail=yes, need=no, active=unknown
  Attached to: #5 (VGA compatible controller)

Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agosky2: accept flow control
Stephen Hemminger [Fri, 13 Oct 2006 16:13:23 +0000 (18:13 +0200)]
sky2: accept flow control

Don't program the GMAC to reject flow control packets.
This maybe the cause of some of the transmit hangs.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agosky2: fix fiber support
Stephen Hemminger [Fri, 13 Oct 2006 16:12:36 +0000 (18:12 +0200)]
sky2: fix fiber support

Fix support for fiber based devices.  Needed to keep track of PMD type to
add workaround in setup. Add support for gigabit half duplex fiber.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agosky2: use dev_alloc_skb for receive buffers
Stephen Hemminger [Fri, 13 Oct 2006 16:11:59 +0000 (18:11 +0200)]
sky2: use dev_alloc_skb for receive buffers

Several code paths assume an additional 16 bytes of header padding
on the receive path. Use dev_alloc_skb to get that padding.

Signed-off-by: Stephen Hemminger <shemminger@osdl.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agov4l/dvb: Backport the budget driver DISEQC instability fix
Oliver Endriss [Fri, 13 Oct 2006 16:05:48 +0000 (18:05 +0200)]
v4l/dvb: Backport the budget driver DISEQC instability fix

Backport the budget driver DISEQC instability fix.

Signed-off-by: Oliver Endriss <o.endriss@gmx.de>
Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
18 years agov4l/dvb: Backport fix to artec USB DVB devices
Andrew de Quincey [Fri, 13 Oct 2006 16:03:38 +0000 (18:03 +0200)]
v4l/dvb: Backport fix to artec USB DVB devices

Backport fix to artec USB DVB devices

Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agov4l/dvb: Fix budget-av frontend detection
Andrew de Quincey [Fri, 13 Oct 2006 16:02:49 +0000 (18:02 +0200)]
v4l/dvb: Fix budget-av frontend detection

The budget-av needs this GPIO set low for most cards to work.

Signed-off-by: Andrew de Quincey <adq_dvb@lidskialf.net>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agodvb-core: Proper handling ULE SNDU length of 0 (CVE-2006-4623)
Ang Way Chuang [Fri, 13 Oct 2006 16:01:44 +0000 (18:01 +0200)]
dvb-core: Proper handling ULE SNDU length of 0 (CVE-2006-4623)

ULE (Unidirectional Lightweight Encapsulation RFC 4326) decapsulation
code has a bug that allows an attacker to send a malformed ULE packet
with SNDU length of 0 and bring down the receiving machine. This patch
fix the bug and has been tested on version 2.6.17.11. This bug is 100%
reproducible and the modified source code (GPL) used to produce this bug
will be posted on http://nrg.cs.usm.my/downloads.htm shortly.  The
kernel will produce a dump during CRC32 checking on faulty ULE packet.

Signed-off-by: Ang Way Chuang <wcang@nrg.cs.usm.my>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoIPV6: Sum real space for RTAs.
YOSHIFUJI Hideaki [Fri, 13 Oct 2006 16:00:31 +0000 (18:00 +0200)]
IPV6: Sum real space for RTAs.

This patch fixes RTNLGRP_IPV6_IFINFO netlink notifications.  Issue
pointed out by Patrick McHardy <kaber@trash.net>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agofix fdset leakage
Kirill Korotaev [Fri, 13 Oct 2006 15:58:30 +0000 (17:58 +0200)]
fix fdset leakage

When found, it is obvious.  nfds calculated when allocating fdsets is
rewritten by calculation of size of fdtable, and when we are unlucky, we
try to free fdsets of wrong size.

Found due to OpenVZ resource management (User Beancounters).

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoLinux 2.6.16.30-pre1 v2.6.16.30-pre1
Adrian Bunk [Fri, 22 Sep 2006 18:31:32 +0000 (20:31 +0200)]
Linux 2.6.16.30-pre1

18 years agoUSB: add YEALINK phones to the HID_QUIRK_IGNORE blacklist
Henk Vergonet [Fri, 22 Sep 2006 18:28:19 +0000 (20:28 +0200)]
USB: add YEALINK phones to the HID_QUIRK_IGNORE blacklist

Keys on Yealink based phones will not function properly when using the
generic HID driver. This patch prevents the generic HID code from
grabbing the device before the regular yealink driver can get a grip on
it.

Signed-off-by: Henk Vergonet <Henk.Vergonet@gmail.com>
Signed-off-by: Vojtech Pavlik <vojtech@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoUSB: Fix unload oops and memory leak in yealink driver
Henk Vergonet [Fri, 22 Sep 2006 18:20:40 +0000 (20:20 +0200)]
USB: Fix unload oops and memory leak in yealink driver

This patch fixes a memory leak and a kernel oops when trying to unload
the driver, due to an unbalanced cleanup.
Thanks Ivar Jensen for spotting my mistake.

Signed-off-by: Henk Vergonet <henk.vergonet@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agokernel/kmod.c: fix a race condition in usermodehelper.
Martin Schwidefsky [Fri, 22 Sep 2006 00:32:57 +0000 (02:32 +0200)]
kernel/kmod.c: fix a race condition in usermodehelper.

There is a race between call_usermodehelper_keys, __call_usermodehelper
and wait_for_helper. It should only happen if preemption is enabled or
on a virtualized system.

If the cpu is preempted or put to sleep by the hypervisor in
__call_usermodehelper between the creation of the wait_for_helper
thread and the second check on sub_info->wait, the whole execution
of wait_for_helper including the complete call and the continuation
after the wait_for_completion in call_usermodehelper_keys can have
happened before __call_usermodehelper checks sub_info->wait for the
second time. Since sub_info can already have been clobbered,
sub_info->wait could be zero and complete is called a second time
with an invalid argument. This has happened on s390. It took me only
three days to find out ..

Thanks to Arnd Bergmann for his help to spot this bug.

Kenneth Lee also sent the same patch independently.

Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoI2C: fix 'ignore' module parameter handling
Mark M. Hoffman [Fri, 22 Sep 2006 00:22:54 +0000 (02:22 +0200)]
I2C: fix 'ignore' module parameter handling

This patch fixes a bug in the handling of 'ignore' module parameters of I2C
client drivers.

Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: TDA8290 update
Hartmut Hackmann [Mon, 18 Sep 2006 22:56:25 +0000 (00:56 +0200)]
V4L/DVB: TDA8290 update

This patch
- works around a bug in the I2C bridge that makes the initialization
  of the TDA10046 fail on recent LifeView cards
- puts the AGC output to tristate in sleep mode. This is necessary for
  recent hybrid cards that switch the AGC via tristateing.

Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Acked-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoConvert idr's internal locking to _irqsave variant
Roland Dreier [Mon, 18 Sep 2006 17:28:17 +0000 (19:28 +0200)]
Convert idr's internal locking to _irqsave variant

Currently, the code in lib/idr.c uses a bare spin_lock(&idp->lock) to do
internal locking.  This is a nasty trap for code that might call idr
functions from different contexts; for example, it seems perfectly
reasonable to call idr_get_new() from process context and idr_remove() from
interrupt context -- but with the current locking this would lead to a
potential deadlock.

The simplest fix for this is to just convert the idr locking to use
spin_lock_irqsave().

In particular, this fixes a very complicated locking issue detected by
lockdep, involving the ib_ipoib driver's priv->lock and dev->_xmit_lock,
which get involved with the ib_sa module's query_idr.lock.

Signed-off-by: Roland Dreier <rolandd@cisco.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[TEXTSEARCH]: Fix Boyer Moore initialization bug
Michael Rash [Mon, 18 Sep 2006 17:26:29 +0000 (19:26 +0200)]
[TEXTSEARCH]: Fix Boyer Moore initialization bug

The pattern is set after trying to compute the prefix table, which tries
to use it. Initialize it before calling compute_prefix_tbl, make
compute_prefix_tbl consistently use only the data from struct ts_bm
and remove the now unnecessary arguments.

Signed-off-by: Michael Rash <mbr@cipherdyne.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agovia-velocity: fix speed and link status reported by ethtool
Jay Cliburn [Mon, 18 Sep 2006 17:23:20 +0000 (19:23 +0200)]
via-velocity: fix speed and link status reported by ethtool

The via-velocity driver reports incorrect speed and link detected status
as viewed by ethtool (and probably other tools). This patch fixes those
incorrect reports and prettifies a long line.

Signed-off-by: Jay Cliburn <jacliburn@bellsouth.net>
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agovia-velocity: the link is not correctly detected when the device starts
Roy Marples [Mon, 18 Sep 2006 17:20:52 +0000 (19:20 +0200)]
via-velocity: the link is not correctly detected when the device starts

The patch fixes http://bugzilla.kernel.org/show_bug.cgi?id=6711

Signed-off-by: Roy Marples <uberlord@gentoo.org>
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[AGPGART] VIA PT880 Ultra support.
Magnus Kessler [Mon, 18 Sep 2006 17:17:43 +0000 (19:17 +0200)]
[AGPGART] VIA PT880 Ultra support.

This patch enables agpgart on a Via "PT880 Ultra" based motherboard
(Asus P4V800D-X). The PCI ID of the PT880 Ultra is 0x0308 instead of
0x0258 of the PT880.

The patched via-agp passes testgart.

Signed-off-by: Magnus Kessler <Magnus.Kessler@gmx.net>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[AGPGART] ATI RS350 support.
Julien Tous [Mon, 18 Sep 2006 17:16:24 +0000 (19:16 +0200)]
[AGPGART] ATI RS350 support.

From: Julien Tous <julien.tous@gmail.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoPFKEYV2: Fix inconsistent typing in struct sadb_x_kmprivate.
Tushar Gohad [Mon, 18 Sep 2006 17:14:39 +0000 (19:14 +0200)]
PFKEYV2: Fix inconsistent typing in struct sadb_x_kmprivate.

Fixes inconsistent use of "uint32_t" vs. "u_int32_t".
Fix pfkeyv2 userspace builds.

Signed-off-by: Tushar Gohad <tgohad@mvista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: TDA10046 Driver update
Hartmut Hackmann [Sat, 16 Sep 2006 22:18:45 +0000 (00:18 +0200)]
V4L/DVB: TDA10046 Driver update

- Set outputs to tristate in sleep mode
- Reduce dangerously high firmware download speed with 16MHz xtal
- added tda827x configuration with GPIOs low
- added comments to stupid looking IIC reads that work around bugs in
  the tda10046.
- some minor updates

Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoadd drivers/media/video/saa7134/saa7134-input.c:flydvb_codes
Adrian Bunk [Sat, 16 Sep 2006 22:00:29 +0000 (00:00 +0200)]
add drivers/media/video/saa7134/saa7134-input.c:flydvb_codes

based on drivers/media/common/ir-keymaps.c:ir_codes_flydvb
in Linus' tree.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Added support for the new Lifeview hybrid cardbus modules
Hartmut Hackmann [Sat, 16 Sep 2006 21:38:55 +0000 (23:38 +0200)]
V4L/DVB: Added support for the new Lifeview hybrid cardbus modules

There seem to be many variants of this cards with different
feature sets. This entry supports
analog TV, CVBS and s-video input, FM radio and DVB-T
if they are supported by the hardware.

Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Corrected CVBS input for the AVERMEDIA 777 DVB-T
Hartmut Hackmann [Sat, 16 Sep 2006 21:38:13 +0000 (23:38 +0200)]
V4L/DVB: Corrected CVBS input for the AVERMEDIA 777 DVB-T

The .vmux entry needs to be 1 instead of 0

Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Added PCI IDs of 2 LifeView Cards
Hartmut Hackmann [Sat, 16 Sep 2006 21:37:44 +0000 (23:37 +0200)]
V4L/DVB: Added PCI IDs of 2 LifeView Cards

Added ID entries for the Genius VideoWonder DVB-T
and the LifeView FlyTV Platinum Gold

Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Saa7134: select FW_LOADER
maximilian attems [Sat, 16 Sep 2006 21:37:11 +0000 (23:37 +0200)]
V4L/DVB: Saa7134: select FW_LOADER

The saa7134 drivers uses request_firmware()
and thus needs to select FW_LOADER.

Signed-off-by: maximilian attems <maks@sternwelten.at>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Medion 7134: Autodetect second bridge chip
Michael Krufky [Sat, 16 Sep 2006 21:36:05 +0000 (23:36 +0200)]
V4L/DVB: Medion 7134: Autodetect second bridge chip

The device, Medion 7134, has two saa7134 chips on it, but only one of them
is functional in the current saa7134 driver.

This patch adds autodetection for the second, unsupported saa7134 chip,
as SAA7134_BOARD_MD7134_BRIDGE_2, and displays a message to the user
(in dmesg) indicating that the second chip isn't yet functional.

This is useful for users, since two instances of the saa7134 driver
will spawn. This patch will prevent confusion by warning the user that
only one of the chips on the board are functional.

There are other versions of the SAA7134_BOARD_MD7134 with only a single
saa7134 bridge/decoder -- those devices will not be affected by this patch.
Only devices containing the second chip will display the warning.

Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Saa7134: make unsupported secondary decoder message generic
Michael Krufky [Sat, 16 Sep 2006 21:35:11 +0000 (23:35 +0200)]
V4L/DVB: Saa7134: make unsupported secondary decoder message generic

There are already some supported devices that contain two
saa713x chips on-board, where only one of these chips is
currently functional in the driver.
We are already printing a warning message for the second
saa7134 decoder in SAA7134_BOARD_AVERMEDIA_A169_B. This
patch alters that case to make it generic, so that other
cards in the same situation can use it.

Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Saa7134: add support for AVerMedia A169 Dual Analog tuner card
Rickard Osser [Sat, 16 Sep 2006 21:34:30 +0000 (23:34 +0200)]
V4L/DVB: Saa7134: add support for AVerMedia A169 Dual Analog tuner card

- Added support for AVerMedia A169 Dual Analog tuner card
  (dual saa7134 decoders - only 1 working right now)
- Added autodetection for both parts of the card.
  It shows up like 2 cards, B1 and B
- Enabled tuner B1, SVIDEO on B1 and composite1 through SVIDEO,
  FIXME: B is more or less dead at this point and I suspect the
  FM-radio is on the B part of the board

Adrian Bunk:
slightly adapted to 2.6.16

Signed-off-by: Rickard Osser <ricky@osser.se>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Saa7134: document that there's also a 220RF from KWorld
Adrian Bunk [Sat, 16 Sep 2006 21:33:38 +0000 (23:33 +0200)]
V4L/DVB: Saa7134: document that there's also a 220RF from KWorld

I have the same card with the same PCI id, but from KWorld.
The patch documents that this is the same card.

Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
18 years agoV4L/DVB: ELSA EX-VISION 700TV: fix incorrect PCI subsystem ID
TAMUKI Shoichi [Sat, 16 Sep 2006 21:33:10 +0000 (23:33 +0200)]
V4L/DVB: ELSA EX-VISION 700TV: fix incorrect PCI subsystem ID

- Corrected autodetection for saa7130 card:
  subsystem: 1048:226c, board: ELSA EX-VISION 700TV

Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Kworld ATSC110: initialize the tuner for analog mode on module load
Curt Meyers [Sat, 16 Sep 2006 21:32:18 +0000 (23:32 +0200)]
V4L/DVB: Kworld ATSC110: initialize the tuner for analog mode on module load

- Enable the tuv1236 tuner on the Kworld-ATSC110 card so that the
  tuner can be identified when tuners.ko loads.
- With this change it is no longer necessary to remove and reload
  the tuner module in order to get the tuv1236 identified.
- This code was copied from the ATI HDTV Wonder init routine (in cx88-cards.c)
  which also uses the TUV1236D.

Signed-off-by: Curt Meyers <cmeyers@boilerbots.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Kworld ATSC110: cleanups
Michael Krufky [Sat, 16 Sep 2006 21:31:38 +0000 (23:31 +0200)]
V4L/DVB: Kworld ATSC110: cleanups

- There is no radio with this tuner card...
Thanks-to: Dwaine Garden <DwaineGarden@rogers.com>
- fixed capitalization in card name.

Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Kworld ATSC110: enable composite and svideo inputs
Curt Meyers [Sat, 16 Sep 2006 21:30:59 +0000 (23:30 +0200)]
V4L/DVB: Kworld ATSC110: enable composite and svideo inputs

- corrected composite input.
- verified s-video input.

Signed-off-by: Curt Meyers <cmeyers@boilerbots.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: KWorld ATSC110: implement set_pll_input
Curt Meyers [Sat, 16 Sep 2006 21:30:22 +0000 (23:30 +0200)]
V4L/DVB: KWorld ATSC110: implement set_pll_input

- When tuning VSB, use ANT input
- When tuning QAM, use CABLE input

Signed-off-by: Curt Meyers <cmeyers@boilerbots.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Add support for Kworld ATSC110
Andrew Burri [Sat, 16 Sep 2006 21:29:38 +0000 (23:29 +0200)]
V4L/DVB: Add support for Kworld ATSC110

Signed-off-by: Andrew Burri <andrew.burri@gmail.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Add saa713x card: ELSA EX-VISION 700TV (saa7130)
Tamuki Shoichi [Sat, 16 Sep 2006 21:28:54 +0000 (23:28 +0200)]
V4L/DVB: Add saa713x card: ELSA EX-VISION 700TV (saa7130)

Add support for ELSA EX-VISION 700TV, which is the ELSA Japan's
flagship model of the software encoding TV capture card.
All inputs (Television, Composite1 and S-Video) have been tested.

Signed-off-by: Tamuki Shoichi <tamuki@linet.gr.jp>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Added support for the Tevion DVB-T 220RF card
Hartshorn [Sat, 16 Sep 2006 21:24:47 +0000 (23:24 +0200)]
V4L/DVB: Added support for the Tevion DVB-T 220RF card

This is an analog / digital hybrid card.

Signed-off-by: Peter Hartshorn <p3r@users.sourceforge.net>
Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Added support for the ADS Instant TV DUO Cardbus PTV331
Hartmut Hackmann [Sat, 16 Sep 2006 21:23:59 +0000 (23:23 +0200)]
V4L/DVB: Added support for the ADS Instant TV DUO Cardbus PTV331

Analog and DVB-T are working, Remote not yet.
This card is based on the new LifeView design, there should be many variants.

Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Added support for the LifeView FlyDVB-T LR301 card
Giampiero Giancipoli [Sat, 16 Sep 2006 21:23:23 +0000 (23:23 +0200)]
V4L/DVB: Added support for the LifeView FlyDVB-T LR301 card

Additionally to the card support, this changeset adds the option
tda10046lifeview to get_dvb_firmware to download tda10046 firmware
from LifeView's site.

Signed-off-by: Giampiero Giancipoli <gianci@libero.it>
Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoV4L/DVB: Add support for the Avermedia 777 DVB-T card
Jose Alberto Reguero [Sat, 16 Sep 2006 21:22:34 +0000 (23:22 +0200)]
V4L/DVB: Add support for the Avermedia 777 DVB-T card

Signed-off-by: Jose Alberto Reguero <jareguero@telefonica.net>
Signed-off-by: Hartmut Hackmann <hartmut.hackmann@t-online.de>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoLinux 2.6.16.29 v2.6.16.29
Adrian Bunk [Tue, 12 Sep 2006 18:02:10 +0000 (20:02 +0200)]
Linux 2.6.16.29

18 years agoLinux 2.6.16.29-rc2 v2.6.16.29-rc2
Adrian Bunk [Sat, 9 Sep 2006 15:45:05 +0000 (17:45 +0200)]
Linux 2.6.16.29-rc2

18 years agoHave ext2 reject file handles with bad inode numbers early.
Neil Brown [Sat, 9 Sep 2006 15:44:45 +0000 (17:44 +0200)]
Have ext2 reject file handles with bad inode numbers early.

This prevents bad inode numbers from triggering errors in
ext2_get_inode.

Signed-off-by: Neil Brown <neilb@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoLinux 2.6.16.29-rc1 v2.6.16.29-rc1
Adrian Bunk [Wed, 6 Sep 2006 17:55:27 +0000 (19:55 +0200)]
Linux 2.6.16.29-rc1

18 years agopci_ids.h: add some VIA IDE identifiers
Alan Cox [Wed, 6 Sep 2006 17:55:17 +0000 (19:55 +0200)]
pci_ids.h: add some VIA IDE identifiers

Signed-off-by: Alan Cox <alan@redhat.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[PKTGEN]: Make sure skb->{nh,h} are initialized in fill_packet_ipv6() too.
David S. Miller [Wed, 6 Sep 2006 17:35:53 +0000 (19:35 +0200)]
[PKTGEN]: Make sure skb->{nh,h} are initialized in fill_packet_ipv6() too.

Mirror the bug fix from fill_packet_ipv4()

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[PKTGEN]: Fix oops when used with balance-tlb bonding
Chen-Li Tien [Wed, 6 Sep 2006 17:34:53 +0000 (19:34 +0200)]
[PKTGEN]: Fix oops when used with balance-tlb bonding

Signed-off-by: Chen-Li Tien <cltien@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoia64 SGI-SN2: fix silent data corruption caused by XPC
Dean Nelson [Wed, 6 Sep 2006 17:25:46 +0000 (19:25 +0200)]
ia64 SGI-SN2: fix silent data corruption caused by XPC

Jack Steiner identified a problem where XPC can cause a silent
data corruption.  On module load, the placement may cause the
xpc_remote_copy_buffer to span two physical pages.  DMA transfers are
done to the start virtual address translated to physical.

This patch changes the buffer from a statically allocated buffer to a
kmalloc'd buffer.  Dean Nelson reviewed this before posting.  I have
tested it in the configuration that was showing the memory corruption
and verified it works.  I also added a BUG_ON statement to help catch
this if a similar situation is encountered.

Signed-off-by: Robin Holt <holt@sgi.com>
Signed-off-by: Dean Nelson <dcn@sgi.com>
Signed-off-by: Jack Steiner <steiner@sgi.com>
Signed-off-by: Tony Luck <tony.luck@intel.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[IPV6]: Fix kernel OOPs when setting sticky socket options.
YOSHIFUJI Hideaki [Wed, 6 Sep 2006 14:30:02 +0000 (16:30 +0200)]
[IPV6]: Fix kernel OOPs when setting sticky socket options.

Bug noticed by Remi Denis-Courmont <rdenis@simphalempin.com>.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoidr: fix race in idr code
Sonny Rao [Wed, 6 Sep 2006 14:23:48 +0000 (16:23 +0200)]
idr: fix race in idr code

I ran into a bug where the kernel died in the idr code:

cpu 0x1d: Vector: 300 (Data Access) at [c000000b7096f710]
    pc: c0000000001f8984: .idr_get_new_above_int+0x140/0x330
    lr: c0000000001f89b4: .idr_get_new_above_int+0x170/0x330
    sp: c000000b7096f990
   msr: 800000000000b032
   dar: 0
 dsisr: 40010000
  current = 0xc000000b70d43830
  paca    = 0xc000000000556900
    pid   = 2022, comm = hwup
1d:mon> t
[c000000b7096f990c0000000000d2ad8 .expand_files+0x2e8/0x364 (unreliable)
[c000000b7096faa0c0000000001f8bf8 .idr_get_new_above+0x18/0x68
[c000000b7096fb20c00000000002a054 .init_new_context+0x5c/0xf0
[c000000b7096fbc0c000000000049dc8 .copy_process+0x91c/0x1404
[c000000b7096fcd0c00000000004a988 .do_fork+0xd8/0x224
[c000000b7096fdc0c00000000000ebdc .sys_clone+0x5c/0x74
[c000000b7096fe30c000000000008950 .ppc_clone+0x8/0xc
-- Exception: c00 (System Call) at 000000000fde887c
SP (f8b4e7a0) is in userspace

Turned out to be a race-condition and NULL ptr deref, here's my fix:

Users of the idr code are supposed to call idr_pre_get without locking, so the
idr code must serialize itself with respect to layer allocations.  However, it
fails to do so in an error path in idr_get_new_above_int().  I added the
missing locking to fix this.

Signed-off-by: Sonny Rao <sonny@burdell.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agofix misoptimization in futex unqueue_me
Christian Borntraeger [Wed, 6 Sep 2006 14:01:43 +0000 (16:01 +0200)]
fix misoptimization in futex unqueue_me

This patch adds a barrier() in futex unqueue_me to avoid aliasing of two
pointers.

On my s390x system I saw the following oops:

Unable to handle kernel pointer dereference at virtual kernel address
0000000000000000
Oops: 0004 [#1]
CPU:    0    Not tainted
Process mytool (pid: 13613, task: 000000003ecb6ac0, ksp: 00000000366bdbd8)
Krnl PSW : 0704d00180000000 00000000003c9ac2 (_spin_lock+0xe/0x30)
Krnl GPRS: 00000000ffffffff 000000003ecb6ac0 0000000000000000 0700000000000000
           0000000000000000 0000000000000000 000001fe00002028 00000000000c091f
           000001fe00002054 000001fe00002054 0000000000000000 00000000366bddc0
           00000000005ef8c0 00000000003d00e8 0000000000144f91 00000000366bdcb8
Krnl Code: ba 4e 20 00 12 44 b9 16 00 3e a7 84 00 08 e3 e0 f0 88 00 04
Call Trace:
([<0000000000144f90>] unqueue_me+0x40/0xe4)
 [<0000000000145a0c>] do_futex+0x33c/0xc40
 [<000000000014643e>] sys_futex+0x12e/0x144
 [<000000000010bb00>] sysc_noemu+0x10/0x16
 [<000002000003741c>] 0x2000003741c

The code in question is:

static int unqueue_me(struct futex_q *q)
{
        int ret = 0;
        spinlock_t *lock_ptr;

        /* In the common case we don't take the spinlock, which is nice. */
 retry:
        lock_ptr = q->lock_ptr;
        if (lock_ptr != 0) {
                spin_lock(lock_ptr);
                /*
                 * q->lock_ptr can change between reading it and
                 * spin_lock(), causing us to take the wrong lock.  This
                 * corrects the race condition.
[...]

and my compiler (gcc 4.1.0) makes the following out of it:

00000000000003c8 <unqueue_me>:
     3c8:       eb bf f0 70 00 24       stmg    %r11,%r15,112(%r15)
     3ce:       c0 d0 00 00 00 00       larl    %r13,3ce <unqueue_me+0x6>
                        3d0: R_390_PC32DBL      .rodata+0x2a
     3d4:       a7 f1 1e 00             tml     %r15,7680
     3d8:       a7 84 00 01             je      3da <unqueue_me+0x12>
     3dc:       b9 04 00 ef             lgr     %r14,%r15
     3e0:       a7 fb ff d0             aghi    %r15,-48
     3e4:       b9 04 00 b2             lgr     %r11,%r2
     3e8:       e3 e0 f0 98 00 24       stg     %r14,152(%r15)
     3ee:       e3 c0 b0 28 00 04       lg      %r12,40(%r11)
                /* write q->lock_ptr in r12 */
     3f4:       b9 02 00 cc             ltgr    %r12,%r12
     3f8:       a7 84 00 4b             je      48e <unqueue_me+0xc6>
                /* if r12 is zero then jump over the code.... */
     3fc:       e3 20 b0 28 00 04       lg      %r2,40(%r11)
                /* write q->lock_ptr in r2 */
     402:       c0 e5 00 00 00 00       brasl   %r14,402 <unqueue_me+0x3a>
                        404: R_390_PC32DBL      _spin_lock+0x2
                /* use r2 as parameter for spin_lock */

So the code becomes more or less:
if (q->lock_ptr != 0) spin_lock(q->lock_ptr)
instead of
if (lock_ptr != 0) spin_lock(lock_ptr)

Which caused the oops from above.
After adding a barrier gcc creates code without this problem:
[...] (the same)
     3ee:       e3 c0 b0 28 00 04       lg      %r12,40(%r11)
     3f4:       b9 02 00 cc             ltgr    %r12,%r12
     3f8:       b9 04 00 2c             lgr     %r2,%r12
     3fc:       a7 84 00 48             je      48c <unqueue_me+0xc4>
     400:       c0 e5 00 00 00 00       brasl   %r14,400 <unqueue_me+0x38>
                        402: R_390_PC32DBL      _spin_lock+0x2

As a general note, this code of unqueue_me seems a bit fishy. The retry logic
of unqueue_me only works if we can guarantee, that the original value of
q->lock_ptr is always a spinlock (Otherwise we overwrite kernel memory). We
know that q->lock_ptr can change. I dont know what happens with the original
spinlock, as I am not an expert with the futex code.

Signed-off-by: Christian Borntraeger <borntrae@de.ibm.com>
Acked-by: Ingo Molnar <mingo@redhat.com>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years ago[SERIAL] icom: select FW_LOADER
maximilian attems [Wed, 6 Sep 2006 13:39:02 +0000 (15:39 +0200)]
[SERIAL] icom: select FW_LOADER

The icom driver uses request_firmware()
and thus needs to select FW_LOADER.

Signed-off-by: maximilian attems <maks@sternwelten.at>
Signed-off-by: Olaf Hering <olh@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoMissing PCI id update for VIA IDE
Alan Cox [Wed, 6 Sep 2006 13:07:59 +0000 (15:07 +0200)]
Missing PCI id update for VIA IDE

Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoFix sctp_primitive_ABORT() call in sctp_close()
Sridhar Samudrala [Tue, 5 Sep 2006 19:59:11 +0000 (21:59 +0200)]
Fix sctp_primitive_ABORT() call in sctp_close()

With the recent fix, the callers of sctp_primitive_ABORT()
need to create an ABORT chunk and pass it as an argument rather
than msghdr that was passed earlier.

Adrian Bunk:
Ported to 2.6.16.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoALSA: RME HDSP - fixed proc interface (missing {})
Remy Bruno [Tue, 5 Sep 2006 19:40:12 +0000 (21:40 +0200)]
ALSA: RME HDSP - fixed proc interface (missing {})

Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Acked-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoALSA: hda-intel - Fix race in remove
Takashi Iwai [Tue, 5 Sep 2006 19:39:12 +0000 (21:39 +0200)]
ALSA: hda-intel - Fix race in remove

Call iounmap after free_irq to avoid invalid accesses in the
shared irq.  The patch is taken from
        https://bugzilla.novell.com/show_bug.cgi?id=167869

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoALSA: Fix workaround for AD1988A rev2 codec
Takashi Iwai [Tue, 5 Sep 2006 19:38:52 +0000 (21:38 +0200)]
ALSA: Fix workaround for AD1988A rev2 codec

Fix the workaround for AD1988A rev2 codec not to apply to AD1988B codec
chips.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoALSA: Fix model for HP dc7600
Takashi Iwai [Tue, 5 Sep 2006 19:38:23 +0000 (21:38 +0200)]
ALSA: Fix model for HP dc7600

Changed the assigned model for HP dc7600 with ALC260 codec
to match better with the actual I/O assignment.
Patch taken from ALSA bug#2157.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoALSA: Fix missing array terminators in AD1988 codec support
Takashi Iwai [Tue, 5 Sep 2006 19:37:57 +0000 (21:37 +0200)]
ALSA: Fix missing array terminators in AD1988 codec support

Fixed the missing array terminators in AD1988 codec support code.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoALSA: Fix a deadlock in snd-rtctimer
Takashi Iwai [Tue, 5 Sep 2006 19:37:16 +0000 (21:37 +0200)]
ALSA: Fix a deadlock in snd-rtctimer

Fix an occasional deadlock occuring with snd-rtctimer driver,
added irqsave to the lock in tasklet (ALSA bug#952).

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoALSA: au88x0 - Fix 64bit address of MPU401 MMIO port
Takashi Iwai [Tue, 5 Sep 2006 19:34:57 +0000 (21:34 +0200)]
ALSA: au88x0 - Fix 64bit address of MPU401 MMIO port

Fix 64bit address of MPU401 MMIO port on au88x0 chip.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoethtool: fix oops in ethtool_set_pauseparam()
Willy Tarreau [Thu, 31 Aug 2006 20:02:56 +0000 (22:02 +0200)]
ethtool: fix oops in ethtool_set_pauseparam()

The function pointers which were checked were for their get_* counterparts.
Typically a copy-paste typo.

Signed-off-by: Willy Tarreau <w@1wt.eu>
Acked-by: Jeff Garzik <jeff@garzik.org>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
18 years agoETHTOOL: Fix UFO typo
Herbert Xu [Thu, 31 Aug 2006 19:59:19 +0000 (21:59 +0200)]
ETHTOOL: Fix UFO typo

The function ethtool_get_ufo was referring to ETHTOOL_GTSO instead of
ETHTOOL_GUFO.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Matthew Wilcox <matthew@wil.cx>
Signed-off-by: Adrian Bunk <bunk@stusta.de>