]> git.karo-electronics.de Git - karo-tx-linux.git/log
karo-tx-linux.git
17 years agoV4L: cx88: Avoid a NULL pointer dereference during mpeg_open()
Steven Toth [Sat, 15 Sep 2007 16:28:26 +0000 (12:28 -0400)]
V4L: cx88: Avoid a NULL pointer dereference during mpeg_open()

(cherry picked from commit 48200baeab95fd39a7f4c4f3536c7142a64ac335)

[PATCH] V4L: cx88: Avoid a NULL pointer dereference during mpeg_open()

Bug: With a hardware encoder board installed as cx88[1] and a
non-encoder boards installed as cx88[0], an OOPS is generated
during cx8802_get_device() called from mpeg_open().

Signed-off-by: Steven Toth <stoth@hauppauge.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoJFFS2: fix write deadlock regression
Jason Lunz [Sat, 1 Sep 2007 19:06:03 +0000 (12:06 -0700)]
JFFS2: fix write deadlock regression

Changeset fc0e01974ccccc7530b7634a63ee3fcc57b845ea from mainline.

I've bisected the deadlock when many small appends are done on jffs2 down to
this commit:

commit 6fe6900e1e5b6fa9e5c59aa5061f244fe3f467e2
Author: Nick Piggin <npiggin@suse.de>
Date:   Sun May 6 14:49:04 2007 -0700

    mm: make read_cache_page synchronous

    Ensure pages are uptodate after returning from read_cache_page, which allows
    us to cut out most of the filesystem-internal PageUptodate calls.

    I didn't have a great look down the call chains, but this appears to fixes 7
    possible use-before uptodate in hfs, 2 in hfsplus, 1 in jfs, a few in
    ecryptfs, 1 in jffs2, and a possible cleared data overwritten with readpage in
    block2mtd.  All depending on whether the filler is async and/or can return
    with a !uptodate page.

It introduced a wait to read_cache_page, as well as a
read_cache_page_async function equivalent to the old read_cache_page
without any callers.

Switching jffs2_gc_fetch_page to read_cache_page_async for the old
behavior makes the deadlocks go away, but maybe reintroduces the
use-before-uptodate problem? I don't understand the mm/fs interaction
well enough to say.

[It's fine. dwmw2.]

Signed-off-by: Jason Lunz <lunz@falooley.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoMTD: Initialise s_flags in get_sb_mtd_aux()
David Howells [Thu, 30 Aug 2007 16:21:19 +0000 (17:21 +0100)]
MTD: Initialise s_flags in get_sb_mtd_aux()

changeset 48440e893d700fb8f0de95fa7d748b711d290365 from mainline.

Initialise s_flags in get_sb_mtd_aux() from the flags parameter.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Cc: Jason Lunz <lunz@falooley.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years ago3w-9xxx: Fix dma mask setting
Adam Radford [Wed, 29 Aug 2007 16:19:21 +0000 (12:19 -0400)]
3w-9xxx: Fix dma mask setting

[SCSI] 3w-9xxx: Fix dma mask setting

Extracted from commit 0e78d158b67fba3977f577f293c323359d80dd0e

The attached patch updates the 3ware 9000 driver:

- Fix dma mask setting to fallback to 32-bit if 64-bit fails.

Signed-off-by: Adam Radford <linuxraid@amcc.com>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPOWERPC: Flush registers to proper task context
Kumar Gala [Wed, 29 Aug 2007 02:15:53 +0000 (21:15 -0500)]
POWERPC: Flush registers to proper task context

commit 0ee6c15e7ba7b36a217cdadb292eeaf32a057a59 in mainline.

When we flush register state for FP, Altivec, or SPE in flush_*_to_thread
we need to respect the task_struct that the caller has passed to us.

Most cases we are called with current, however sometimes (ptrace) we may
be passed a different task_struct.

This showed up when using gdbserver debugging a simple program that used
floating point. When gdb tried to show the FP regs they all showed up as
0, because the child's FP registers were never properly flushed to memory.

Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoACPI: Validate XSDT, use RSDT if XSDT fails
Zhao Yakui [Fri, 24 Aug 2007 08:18:16 +0000 (16:18 +0800)]
ACPI: Validate XSDT, use RSDT if XSDT fails

commit 9f3119b70cf189530f1b46a006a052e171a1622f in mainline.

ACPI 1.0 used an RSDT with 32-bit physical addresses.
ACPI 2.0 adds an XSDT with 32-bit physical addresses.
An ACPI 2.0 aware OS is supposed to use the XSDT
(when present) instead of the RSDT.

However, several systems have failed because the XSDT
contains NULL entries -- while it is missing pointers
to needed tables, such as SSDTs.

When we find an XSDT with NULL entries, discard it
and use the ACPI 1.0 RSDT instead.

http://bugzilla.kernel.org/show_bug.cgi?id=8630

Signed-off-by: Zhao Yakui <yakui.zhao@intel.com>
Cc: Vincet Fortier <Vincent.Fortier1@EC.GC.CA>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoUSB: fix linked list insertion bugfix for usb core
Nathael Pajani [Tue, 11 Sep 2007 16:46:48 +0000 (09:46 -0700)]
USB: fix linked list insertion bugfix for usb core

commit e5dd01154c1e9ca2400f4682602d1a4fa54c25dd in mainline.

This patch fixes the order of list_add_tail() arguments in
usb_store_new_id() so the list can have more than one single element.

Signed-off-by: Nathael Pajani <nathael.pajani@cpe.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoMTD: Makefile fix for mtdsuper
Satyam Sharma [Tue, 4 Sep 2007 23:10:52 +0000 (04:40 +0530)]
MTD: Makefile fix for mtdsuper

commit bec494775600b1cd7c144d31a09e1f46df9c6324 in mainline.

We want drivers/mtd/{mtdcore, mtdsuper, mtdpart}.c to be built and linked
into the same mtd.ko module. Fix the Makefile to ensure this, and remove
duplicate MODULE_ declarations in mtdpart.c, as mtdcore.c already has them.

Signed-off-by: Satyam Sharma <satyam@infradead.org>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agokconfig: oldconfig shall not set symbols if it does not need to
Roman Zippel [Sat, 1 Sep 2007 06:29:40 +0000 (08:29 +0200)]
kconfig: oldconfig shall not set symbols if it does not need to

commit f82f3f9422d4da1eeec6f6cf3e64c6c34c4fe19b in mainline.

Avoid setting the value if the symbol doesn't need to be changed or can't
be changed. Later choices may change the dependencies and thus the
possible input range.

make oldconfig from a 2.6.22 .config with CONFIG_HOTPLUG_CPU not set
was in some configurations setting CONFIG_HOTPLUG_CPU=y without asking,
even when there was no actual requirement for CONFIG_HOTPLUG_CPU.
This was triggered by SUSPEND_SMP that does a select HOTPLUG_CPU.

Signed-off-by: Roman Zippel <zippel@linux-m68k.org>
Tested-by: Hugh Dickins <hugh@veritas.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosigqueue_free: fix the race with collect_signal()
Oleg Nesterov [Fri, 31 Aug 2007 06:56:35 +0000 (23:56 -0700)]
sigqueue_free: fix the race with collect_signal()

commit 60187d2708caa870f0825d753df1612ea688eb9e in mainline.

Spotted by taoyue <yue.tao@windriver.com> and Jeremy Katz <jeremy.katz@windriver.com>.

collect_signal: sigqueue_free:

list_del_init(&first->list);
if (!list_empty(&q->list)) {
// not taken
}
q->flags &= ~SIGQUEUE_PREALLOC;

__sigqueue_free(first); __sigqueue_free(q);

Now, __sigqueue_free() is called twice on the same "struct sigqueue" with the
obviously bad implications.

In particular, this double free breaks the array_cache->avail logic, so the
same sigqueue could be "allocated" twice, and the bug can manifest itself via
the "impossible" BUG_ON(!SIGQUEUE_PREALLOC) in sigqueue_free/send_sigqueue.

Hopefully this can explain these mysterious bug-reports, see

http://marc.info/?t=118766926500003
http://marc.info/?t=118466273000005

Alexey Dobriyan reports this patch makes the difference for the testcase, but
nobody has an access to the application which opened the problems originally.

Also, this patch removes tasklist lock/unlock, ->siglock is enough.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: taoyue <yue.tao@windriver.com>
Cc: Jeremy Katz <jeremy.katz@windriver.com>
Cc: Sukadev Bhattiprolu <sukadev@us.ibm.com>
Cc: Alexey Dobriyan <adobriyan@sw.ru>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Roland McGrath <roland@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosetpgid(child) fails if the child was forked by sub-thread
Oleg Nesterov [Fri, 31 Aug 2007 06:56:27 +0000 (23:56 -0700)]
setpgid(child) fails if the child was forked by sub-thread

commit b07e35f94a7b6a059f889b904529ee907dc0634d in mainline tree

Spotted by Marcin Kowalczyk <qrczak@knm.org.pl>.

sys_setpgid(child) fails if the child was forked by sub-thread.

Fix the "is it our child" check. The previous commit
ee0acf90d320c29916ba8c5c1b2e908d81f5057d was not complete.

(this patch asks for the new same_thread_group() helper, but mainline doesn't
 have it yet).

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Acked-by: Roland McGrath <roland@redhat.com>
Tested-by: "Marcin 'Qrczak' Kowalczyk" <qrczak@knm.org.pl>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoDVB: b2c2-flexcop: fix Airstar HD5000 tuning regression
Trent Piepho [Fri, 24 Aug 2007 11:51:50 +0000 (07:51 -0400)]
DVB: b2c2-flexcop: fix Airstar HD5000 tuning regression

cherry picked from commit 6175e487e314385e37f06448847e4c46c20edb44

b2c2-flexcop: fix Airstar HD5000 tuning regression

Git changeset 6bdcc6e6dbab8daffd05e5026486f34ba41a6c72 dropped the
stand-alone lgh06xf module, whose functionality was absorbed into the
dvb-pll module. However, there was a minor difference between the code
in lgh06xf and dvb-pll, which caused a regression in b2c2-flexcop
devices using the LG-H06xF NIM.

dvb-pll will probe for the presence of an i2c pll chip by performing a
single byte read, the lgh06xf driver did not do this. Unfortunately, the
code in flexcop-i2c.c does not currently support 1 byte or 0 byte reads
as a probe.  Such probes with the current code will always fail.

In order to work around this problem, and restore proper functionality
of the Airstar HD5000 device, this hack was created to make the probe
appear to succeed.  The single byte read in dvb_pll_attach is the only
place where such a probe would ever occur, so this change is safe, and
will not affect any other devices.

Of course, if one knew how to actually perform the read operation, it
would be better to go that route.  In the meantime, however, we must
apply this workaround, in order to prevent the regression that causes
tuning to fail on the Airstar HD5000 ATSC device.

Thanks to Jarod Wilson, who had originally reported this regression, and
to Geoffrey Hausheer, whose original workaround patch led us to find the
actual cause of the problem.

Signed-off-by: Trent Piepho <xyzzy@speakeasy.org>
Cc: Geoffrey Hausheer <inli3epy93n@phracturedblue.com>
Acked-by: Jarod Wilson <jwilson@redhat.com>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoDVB: get_dvb_firmware: update script for new location of tda10046 firmware
Andreas Arens [Fri, 24 Aug 2007 11:51:49 +0000 (07:51 -0400)]
DVB: get_dvb_firmware: update script for new location of tda10046 firmware

cherry picked from commit c545d6adbcacd296f7457bd992556feb055379de

Update get_dvb_firmware script for the new location of the
tda10046 firmware.

The old location doesn't work anymore.

Signed-off-by: Andreas Arens <ari@goron.de>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoDVB: get_dvb_firmware: update script for new location of sp8870 firmware
Michael Krufky [Fri, 24 Aug 2007 11:51:47 +0000 (07:51 -0400)]
DVB: get_dvb_firmware: update script for new location of sp8870 firmware

cherry picked from commit 302170a4b47e869372974abd885dd11d5536b64a

get_dvb_firmware: update script for new location of sp8870 firmware

This url is no longer valid:
http://www.technotrend.de/new/217g/tt_Premium_217g.zip

Replace with:
http://www.softwarepatch.pl/9999ccd06a4813cb827dbb0005071c71/tt_Premium_217g.zip

Thanks-to: Tobias Stoeber <tobi@to-st.de>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoV4L: ivtv: fix VIDIOC_S_FBUF: new OSD values were never set
Hans Verkuil [Fri, 24 Aug 2007 11:51:45 +0000 (07:51 -0400)]
V4L: ivtv: fix VIDIOC_S_FBUF: new OSD values were never set

cherry picked from commit c3624f99a8c06cfe75e0b06f23a7f7cea9d2d5ff

ivtv: fix VIDIOC_S_FBUF support: new OSD values were never actually set.

The values set with VIDIOC_S_FBUF were not actually used until the next
VIDIOC_S_FMT. Fixed.

Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Signed-off-by: Michael Krufky <mkrufky@linuxtv.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoLinux 2.6.22.8 v2.6.22.8
Greg Kroah-Hartman [Tue, 25 Sep 2007 06:05:13 +0000 (23:05 -0700)]
Linux 2.6.22.8

17 years agoConvert snd-page-alloc proc file to use seq_file (CVE-2007-4571)
Takashi Iwai [Mon, 17 Sep 2007 19:55:10 +0000 (21:55 +0200)]
Convert snd-page-alloc proc file to use seq_file (CVE-2007-4571)

changeset ccec6e2c4a74adf76ed4e2478091a311b1806212 in mainline.

Use seq_file for the proc file read/write of snd-page-alloc module.
This automatically fixes bugs in the old proc code.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
17 years agoLinux 2.6.22.7 v2.6.22.7
Chris Wright [Fri, 21 Sep 2007 22:38:23 +0000 (15:38 -0700)]
Linux 2.6.22.7

17 years ago[PATCH] x86_64: Zero extend all registers after ptrace in 32bit entry path.
Andi Kleen [Fri, 21 Sep 2007 14:16:18 +0000 (16:16 +0200)]
[PATCH] x86_64: Zero extend all registers after ptrace in 32bit entry path.

Strictly it's only needed for eax.

It actually does a little more than strictly needed -- the other registers
are already zero extended.

Also remove the now unnecessary and non functional compat task check
in ptrace.

This is CVE-2007-4573

Found by Wojciech Purczynski

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
17 years agoLinux 2.6.22.6 v2.6.22.6
Greg Kroah-Hartman [Fri, 31 Aug 2007 06:21:01 +0000 (23:21 -0700)]
Linux 2.6.22.6

17 years agousb: add PRODUCT, TYPE to usb-interface events
Kay Sievers [Wed, 22 Aug 2007 22:15:51 +0000 (15:15 -0700)]
usb: add PRODUCT, TYPE to usb-interface events

This fixes a regression for userspace programs that were relying on these events.

Signed-off-by: Kay Sievers <kay.sievers@vrfy.org>
Cc: Andreas Jellinghaus <aj@ciphirelabs.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoUSB: fix DoS in pwc USB video driver
Oliver Neukum [Wed, 22 Aug 2007 22:15:43 +0000 (15:15 -0700)]
USB: fix DoS in pwc USB video driver

the pwc driver has a disconnect method that waits for user space to
close the device. This opens up an opportunity for a DoS attack,
blocking the USB subsystem and making khubd's task busy wait in
kernel space. This patch shifts freeing resources to close if an opened
device is disconnected.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoUSB: allow retry on descriptor fetch errors
Alan Stern [Wed, 22 Aug 2007 22:15:42 +0000 (15:15 -0700)]
USB: allow retry on descriptor fetch errors

This patch (as964) was suggested by Steffen Koepf.  It makes
usb_get_descriptor() retry on all errors other than ETIMEDOUT, instead
of only on EPIPE.  This helps with some devices.

Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPCI: disable MSI on RX790
Tejun Heo [Wed, 22 Aug 2007 22:12:55 +0000 (15:12 -0700)]
PCI: disable MSI on RX790

RX790 can't do MSI like its predecessors.  Disable MSI on RX790.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPCI: disable MSI on RD580
Tejun Heo [Wed, 22 Aug 2007 22:12:54 +0000 (15:12 -0700)]
PCI: disable MSI on RD580

RD580 can't do MSI like its predecessors.  Disable MSI on RD580.

Signed-off-by: Tejun Heo <teheo@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPCI: disable MSI on RS690
Tejun Heo [Wed, 22 Aug 2007 22:12:53 +0000 (15:12 -0700)]
PCI: disable MSI on RS690

RS690 can't do MSI like its predecessors.  Disable MSI on RS690.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Cc: Henry Su <henry.su@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPCI: lets kill the 'PCI hidden behind bridge' message
Bernhard Kaindl [Wed, 22 Aug 2007 22:12:51 +0000 (15:12 -0700)]
PCI: lets kill the 'PCI hidden behind bridge' message

Adrian Bunk wrote:
> Alois NeÅ¡por wrote
>> PCI: Bus #0b (-#0e) is hidden behind transparent bridge #0a (-#0b) (try 'pci=assign-busses')
>> Please report the result to linux-kernel to fix this permanently"
>>
>> dmesg:
>> "Yenta: Raising subordinate bus# of parent bus (#0a) from #0b to #0e"
>> without pci=assign-busses and nothing with pci=assign-busses.
>
> Bernhard?

Ok, lets kill the message. As Alois NeÅ¡por also saw, that's fixed up by Yenta,
so PCI does not have to warn about it. PCI could still warn about it if
is_cardbus is 0 in that instance of pci_scan_bridge(), but so far I have
not seen a report where this would have been the case so I think we can
spare the kernel of that check (removes ~300 lines of asm) unless debugging
is done.

History: The whole check was added in the days before we had the fixup
for this in Yenta and pci=assign-busses was the only way to get CardBus
cards detected on many (not all) of the machines which give this warning.

In theory, there could be cases when this warning would be triggered and
it's not cardbus, then the warning should still apply, but I think this
should only be the case when working on a completely broken PCI setup,
but one may have already enabled the debug code in drivers/pci and the
patched check would then trigger.

I do not sign this off yet because it's completely untested so far, but
everyone is free to test it (with the #ifdef DEBUG replaced by #if 1 and
pr_debug( changed to printk(.

We may also dump the whole check (remove everything within the #ifdef from
the source) if that's perferred.

On Alois NeÅ¡por's machine this would then (only when debugging) this message:

"PCI: Bus #0b (-#0e) is partially hidden behind transparent bridge #0a (-#0b)"

"partially" should be in the message on his machine because #0b of #0b-#0e
is reachable behind #0a-#0b, but not #0c-#0e.

But that differentiation is now moot anyway because the fixup in Yenta takes
care of it as far as I could see so far, which means that unless somebody
is debugging a totally broken PCI setup, this message is not needed anymore,
not even for debugging PCI.

Ok, here the patch with the following changes:

* Refined to say that the bus is only partially hidden when the parent
  bus numbers are not totally way off (outside of) the child bus range
* remove the reference to pci=assign-busses and the plea to report it

We could add a pure source code-only comment to keep a reference to
pci=assign-busses the in case when this is triggered by someone who
is debugging the cause of this message and looking the way to solve it.

From: Bernhard Kaindl <bk@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPPP: Fix PPP buffer sizing.
Konstantin Sharlaimov [Wed, 22 Aug 2007 04:20:25 +0000 (21:20 -0700)]
PPP: Fix PPP buffer sizing.

This patch addresses the issue with "osize too small" errors in mppe
encryption.  The patch fixes the issue with wrong output buffer size
being passed to ppp decompression routine.

--------------------
As pointed out by Suresh Mahalingam, the issue addressed by
ppp-fix-osize-too-small-errors-when-decoding patch is not fully resolved yet.
The size of allocated output buffer is correct, however it size passed to
ppp->rcomp->decompress in ppp_generic.c if wrong. The patch fixes that.
--------------------

Signed-off-by: Konstantin Sharlaimov <konstantin.sharlaimov@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoTCP: Fix TCP handling of SACK in bidirectional flows.
Ilpo Järvinen [Wed, 22 Aug 2007 04:18:07 +0000 (21:18 -0700)]
TCP: Fix TCP handling of SACK in bidirectional flows.

It's possible that new SACK blocks that should trigger new LOST
markings arrive with new data (which previously made is_dupack
false). In addition, I think this fixes a case where we get
a cumulative ACK with enough SACK blocks to trigger the fast
recovery (is_dupack would be false there too).

I'm not completely pleased with this solution because readability
of the code is somewhat questionable as 'is_dupack' in SACK case
is no longer about dupacks only but would mean something like
'lost_marker_work_todo' too... But because of Eifel stuff done
in CA_Recovery, the FLAG_DATA_SACKED check cannot be placed to
the if statement which seems attractive solution. Nevertheless,
I didn't like adding another variable just for that either... :-)

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoTCP: Fix TCP rate-halving on bidirectional flows.
Ilpo Järvinen [Wed, 22 Aug 2007 04:17:03 +0000 (21:17 -0700)]
TCP: Fix TCP rate-halving on bidirectional flows.

Actually, the ratehalving seems to work too well, as cwnd is
reduced on every second ACK even though the packets in flight
remains unchanged. Recoveries in a bidirectional flows suffer
quite badly because of this, both NewReno and SACK are affected.

After this patch, rate halving is performed for ACK only if
packets in flight was supposedly changed too.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoTCP: Do not autobind ports for TCP sockets
David Miller [Wed, 22 Aug 2007 04:14:45 +0000 (21:14 -0700)]
TCP: Do not autobind ports for TCP sockets

[TCP]: Invoke tcp_sendmsg() directly, do not use inet_sendmsg().

As discovered by Evegniy Polyakov, if we try to sendmsg after
a connection reset, we can do incredibly stupid things.

The core issue is that inet_sendmsg() tries to autobind the
socket, but we should never do that for TCP.  Instead we should
just go straight into TCP's sendmsg() code which will do all
of the necessary state and pending socket error checks.

TCP's sendpage already directly vectors to tcp_sendpage(), so this
merely brings sendmsg() in line with that.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoSPARC64: Fix sparc64 PCI config accesses on sun4u
David Miller [Wed, 22 Aug 2007 04:12:32 +0000 (21:12 -0700)]
SPARC64: Fix sparc64 PCI config accesses on sun4u

[SPARC64]: Fix sun4u PCI config space accesses on sun4u.

Don't provide fake PCI config space for sun4u.

Also, put back the funny host controller space handling that
at least Sabre needs.  You have to read PCI host controller
registers at their nature size otherwise you get zeros instead
of correct values.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoSPARC64: Fix sparc64 task stack traces.
David Miller [Wed, 22 Aug 2007 04:11:14 +0000 (21:11 -0700)]
SPARC64: Fix sparc64 task stack traces.

It didn't handle that case at all, and now dump_stack()
can be implemented directly as show_stack(current, NULL)

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoNET: Fix missing rcu unlock in __sock_create()
Herbert Xu [Wed, 22 Aug 2007 04:09:15 +0000 (21:09 -0700)]
NET: Fix missing rcu unlock in __sock_create()

[NET]: Fix unbalanced rcu_read_unlock in __sock_create

The recent RCU work created an unbalanced rcu_read_unlock
in __sock_create.  This patch fixes that.  Reported by
oleg 123.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoSNAP: Fix SNAP protocol header accesses.
Herbert Xu [Wed, 22 Aug 2007 04:07:30 +0000 (21:07 -0700)]
SNAP: Fix SNAP protocol header accesses.

The snap_rcv code reads 5 bytes so we should make sure that
we have 5 bytes in the head before proceeding.

Based on diagnosis and fix by Evgeniy Polyakov, reported by
Alan J. Wylie.

Patch also kills the skb->sk assignment before kfree_skb
since it's redundant.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoNetfilter: Missing Kbuild entry for netfilter
Chuck Ebbert [Wed, 22 Aug 2007 04:05:14 +0000 (21:05 -0700)]
Netfilter: Missing Kbuild entry for netfilter

Author: Chuck Ebbert <cebbert@redhat.com>

Add xt_statistic.h to the list of headers to install.

Apparently needed to build newer versions of iptables.

Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoFix soft-fp underflow handling.
David Miller [Wed, 22 Aug 2007 04:04:07 +0000 (21:04 -0700)]
Fix soft-fp underflow handling.

The underflow exception cases were wrong.

This is one weird area of ieee1754 handling in that the underflow
behavior changes based upon whether underflow is enabled in the trap
enable mask of the FPU control register.  As a specific case the Sparc
V9 manual gives us the following description:

--------------------
If UFM = 0:     Underflow occurs if a nonzero result is tiny and a
                loss of accuracy occurs.  Tininess may be detected
                before or after rounding.  Loss of accuracy may be
                either a denormalization loss or an inexact result.

If UFM = 1:     Underflow occurs if a nonzero result is tiny.
                Tininess may be detected before or after rounding.
--------------------

What this amounts to in the packing case is if we go subnormal,
we set underflow if any of the following are true:

1) rounding sets inexact
2) we ended up rounding back up to normal (this is the case where
   we set the exponent to 1 and set the fraction to zero), this
   should set inexact too
3) underflow is set in FPU control register trap-enable mask

The initially discovered example was "DBL_MIN / 16.0" which
incorrectly generated an underflow.  It should not, unless underflow
is set in the trap-enable mask of the FPU csr.

Another example, "0x0.0000000000001p-1022 / 16.0", should signal both
inexact and underflow.  The cpu implementations and ieee1754
literature is very clear about this.  This is case #2 above.

However, if underflow is set in the trap enable mask, only underflow
should be set and reported as a trap.  That is handled properly by the
prioritization logic in

arch/sparc{,64}/math-emu/math.c:record_exception().

Based upon a report and test case from Jakub Jelinek.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoIPv6: Invalid semicolon after if statement
Ilpo Jarvinen [Wed, 22 Aug 2007 04:02:27 +0000 (21:02 -0700)]
IPv6: Invalid semicolon after if statement

Author: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>

A similar fix to netfilter from Eric Dumazet inspired me to
look around a bit by using some grep/sed stuff as looking for
this kind of bugs seemed easy to automate. This is one of them
I found where it looks like this semicolon is not valid.

Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoIPV6: Fix kernel panic while send SCTP data with IP fragments
Wei Yongjun [Wed, 22 Aug 2007 04:01:01 +0000 (21:01 -0700)]
IPV6: Fix kernel panic while send SCTP data with IP fragments

If ICMP6 message with "Packet Too Big" is received after send SCTP DATA,
kernel panic will occur when SCTP DATA is send again.

This is because of a bad dest address when call to skb_copy_bits().

The messages sequence is like this:

Endpoint A                             Endpoint B
                               <-------  SCTP DATA (size=1432)
ICMP6 message ------->
(Packet Too Big pmtu=1280)
                               <-------  Resend SCTP DATA (size=1432)
------------kernel panic---------------

 printing eip:
c05be62a
*pde = 00000000
Oops: 0002 [#1]
SMP
Modules linked in: scomm l2cap bluetooth ipv6 dm_mirror dm_mod video output sbs battery lp floppy sg i2c_piix4 i2c_core pcnet32 mii button ac parport_pc parport ide_cd cdrom serio_raw mptspi mptscsih mptbase scsi_transport_spi sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
CPU:    0
EIP:    0060:[<c05be62a>]    Not tainted VLI
EFLAGS: 00010282   (2.6.23-rc2 #1)
EIP is at skb_copy_bits+0x4f/0x1ef
eax: 000004d0   ebx: ce12a980   ecx: 00000134   edx: cfd5a880
esi: c8246858   edi: 00000000   ebp: c0759b14   esp: c0759adc
ds: 007b   es: 007b   fs: 00d8  gs: 0000  ss: 0068
Process swapper (pid: 0, ti=c0759000 task=c06d0340 task.ti=c0713000)
Stack: c0759b88 c0405867 ce12a980 c8bff838 c789c084 00000000 00000028 cfd5a880
       d09f1890 000005dc 0000007b ce12a980 cfd5a880 c8bff838 c0759b88 d09bc521
       000004d0 fffff96c 00000200 00000100 c0759b50 cfd5a880 00000246 c0759bd4
Call Trace:
 [<c0405e1d>] show_trace_log_lvl+0x1a/0x2f
 [<c0405ecd>] show_stack_log_lvl+0x9b/0xa3
 [<c040608d>] show_registers+0x1b8/0x289
 [<c0406271>] die+0x113/0x246
 [<c0625dbc>] do_page_fault+0x4ad/0x57e
 [<c0624642>] error_code+0x72/0x78
 [<d09bc521>] ip6_output+0x8e5/0xab2 [ipv6]
 [<d09bcec1>] ip6_xmit+0x2ea/0x3a3 [ipv6]
 [<d0a3f2ca>] sctp_v6_xmit+0x248/0x253 [sctp]
 [<d0a3c934>] sctp_packet_transmit+0x53f/0x5ae [sctp]
 [<d0a34bf8>] sctp_outq_flush+0x555/0x587 [sctp]
 [<d0a34d3c>] sctp_retransmit+0xf8/0x10f [sctp]
 [<d0a3d183>] sctp_icmp_frag_needed+0x57/0x5b [sctp]
 [<d0a3ece2>] sctp_v6_err+0xcd/0x148 [sctp]
 [<d09cf1ce>] icmpv6_notify+0xe6/0x167 [ipv6]
 [<d09d009a>] icmpv6_rcv+0x7d7/0x849 [ipv6]
 [<d09be240>] ip6_input+0x1dc/0x310 [ipv6]
 [<d09be965>] ipv6_rcv+0x294/0x2df [ipv6]
 [<c05c3789>] netif_receive_skb+0x2d2/0x335
 [<c05c5733>] process_backlog+0x7f/0xd0
 [<c05c58f6>] net_rx_action+0x96/0x17e
 [<c042e722>] __do_softirq+0x64/0xcd
 [<c0406f37>] do_softirq+0x5c/0xac
 =======================
Code: 00 00 29 ca 89 d0 2b 45 e0 89 55 ec 85 c0 7e 35 39 45 08 8b 55 e4 0f 4e 45 08 8b 75 e0 8b 7d dc 89 c1 c1 e9 02 03 b2 a0 00 00 00 <f3> a5 89 c1 83 e1 03 74 02 f3 a4 29 45 08 0f 84 7b 01 00 00 01
EIP: [<c05be62a>] skb_copy_bits+0x4f/0x1ef SS:ESP 0068:c0759adc
Kernel panic - not syncing: Fatal exception in interrupt

Arnaldo says:
====================
Thanks! I'm to blame for this one, problem was introduced in:

b0e380b1d8a8e0aca215df97702f99815f05c094

                /*
                 *      Copy a block of the IP datagram.
                 */
-               if (skb_copy_bits(skb, ptr, frag->h.raw, len))
+               if (skb_copy_bits(skb, ptr, skb_transport_header(skb),
len))
                        BUG();
                left -= len;
====================

Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
Acked-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoDCCP: Fix DCCP GFP_KERNEL allocation in atomic context
Gerrit Renker [Wed, 22 Aug 2007 03:53:27 +0000 (20:53 -0700)]
DCCP: Fix DCCP GFP_KERNEL allocation in atomic context

This fixes the following bug reported in syslog:

[ 4039.051658] BUG: sleeping function called from invalid context at /usr/src/davem-2.6/mm/slab.c:3032
[ 4039.051668] in_atomic():1, irqs_disabled():0
[ 4039.051670] INFO: lockdep is turned off.
[ 4039.051674]  [<c0104c0f>] show_trace_log_lvl+0x1a/0x30
[ 4039.051687]  [<c0104d4d>] show_trace+0x12/0x14
[ 4039.051691]  [<c0104d65>] dump_stack+0x16/0x18
[ 4039.051695]  [<c011371e>] __might_sleep+0xaf/0xbe
[ 4039.051700]  [<c0157b66>] __kmalloc+0xb1/0xd0
[ 4039.051706]  [<f090416f>] ccid2_hc_tx_alloc_seq+0x35/0xc3 [dccp_ccid2]
[ 4039.051717]  [<f09048d6>] ccid2_hc_tx_packet_sent+0x27f/0x2d9 [dccp_ccid2]
[ 4039.051723]  [<f085486b>] dccp_write_xmit+0x1eb/0x338 [dccp]
[ 4039.051741]  [<f085603d>] dccp_sendmsg+0x113/0x18f [dccp]
[ 4039.051750]  [<c03907fc>] inet_sendmsg+0x2e/0x4c
[ 4039.051758]  [<c033a47d>] sock_aio_write+0xd5/0x107
[ 4039.051766]  [<c015abc1>] do_sync_write+0xcd/0x11c
[ 4039.051772]  [<c015b296>] vfs_write+0x118/0x11f
[ 4039.051840]  [<c015b932>] sys_write+0x3d/0x64
[ 4039.051845]  [<c0103e7c>] syscall_call+0x7/0xb
[ 4039.051848]  =======================

The problem was that GFP_KERNEL was used; fixed by using gfp_any().

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosignalfd: make it group-wide, fix posix-timers scheduling
Oleg Nesterov [Wed, 22 Aug 2007 21:01:48 +0000 (14:01 -0700)]
signalfd: make it group-wide, fix posix-timers scheduling

With this patch any thread can dequeue its own private signals via signalfd,
even if it was created by another sub-thread.

To do so, we pass "current" to dequeue_signal() if the caller is from the same
thread group. This also fixes the scheduling of posix timers broken by the
previous patch.

If the caller doesn't belong to this thread group, we can't handle __SI_TIMER
case properly anyway. Perhaps we should forbid the cross-process signalfd usage
and convert ctx->tsk to ctx->sighand.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Cc: Roland McGrath <roland@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosignalfd: fix interaction with posix-timers
Oleg Nesterov [Wed, 22 Aug 2007 21:01:42 +0000 (14:01 -0700)]
signalfd: fix interaction with posix-timers

dequeue_signal:

if (__SI_TIMER) {
spin_unlock(&tsk->sighand->siglock);
do_schedule_next_timer(info);
spin_lock(&tsk->sighand->siglock);
}

Unless tsk == curent, this is absolutely unsafe: nothing prevents tsk from
exiting. If signalfd was passed to another process, do_schedule_next_timer()
is just wrong.

Add yet another "tsk == current" check into dequeue_signal().

This patch fixes an oopsable bug, but breaks the scheduling of posix timers
if the shared __SI_TIMER signal was fetched via signalfd attached to another
sub-thread. Mostly fixed by the next patch.

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Ingo Molnar <mingo@elte.hu>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Cc: Roland McGrath <roland@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoi386: fix lazy mode vmalloc synchronization for paravirt
Zachary Amsden [Wed, 22 Aug 2007 21:02:02 +0000 (14:02 -0700)]
i386: fix lazy mode vmalloc synchronization for paravirt

Found this looping Ubuntu installs with VMI.

If unlucky enough to hit a vmalloc sync fault during a lazy mode
operation (from an IRQ handler for a module which was not yet populated
in current page directory, or from inside copy_one_pte, which touches
swap_map, and hit in an unused 4M region), the required PDE update would
never get flushed, causing an infinite page fault loop.

This bug affects any paravirt-ops backend which uses lazy updates, I
believe that makes it a bug in Xen, VMI and lguest.  It only happens on
LOWMEM kernels.

Touching vmalloc memory in the middle of a lazy mode update can generate a
kernel PDE update, which must be flushed immediately.  The fix is to leave
lazy mode when doing a vmalloc sync.

Signed-off-by: Zachary Amsden <zach@vmware.com>
Cc: Andi Kleen <ak@suse.de>
Cc: Jeremy Fitzhardinge <jeremy@goop.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agouml: fix previous request size limit fix
Jeff Dike [Wed, 22 Aug 2007 21:01:53 +0000 (14:01 -0700)]
uml: fix previous request size limit fix

The previous patch which limited the number of sectors in a single request
to a COWed device was correct in concept, but the limit was implemented in
the wrong place.

By putting it in ubd_add, it covered the cases where the COWing was
specified on the command line.  However, when the command line only has the
COW file specified, the fact that it's a COW file isn't known until it's
opened, so the limit is missed in these cases.

This patch moves the sector limit from ubd_add to ubd_open_dev.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosky2: don't clear phy power bits
Stephen Hemminger [Tue, 21 Aug 2007 18:10:22 +0000 (11:10 -0700)]
sky2: don't clear phy power bits

There are special PHY settings available on Yukon EC-U chip that
should not get cleared. This should solve mysterious errors on some
motherboards (like Gigabyte DS-3).

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoNET: Share correct feature code between bridging and bonding
Herbert Xu [Tue, 21 Aug 2007 06:22:55 +0000 (14:22 +0800)]
NET: Share correct feature code between bridging and bonding

[NET]: Share correct feature code between bridging and bonding

http://bugzilla.kernel.org/show_bug.cgi?id=8797 shows that the
bonding driver may produce bogus combinations of the checksum
flags and SG/TSO.

For example, if you bond devices with NETIF_F_HW_CSUM and
NETIF_F_IP_CSUM you'll end up with a bonding device that
has neither flag set.  If both have TSO then this produces
an illegal combination.

The bridge device on the other hand has the correct code to
deal with this.

In fact, the same code can be used for both.  So this patch
moves that logic into net/core/dev.c and uses it for both
bonding and bridging.

In the process I've made small adjustments such as only
setting GSO_ROBUST if at least one constituent device
supports it.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoocfs2: Fix bad source start calculation during kernel writes
Mark Fasheh [Fri, 17 Aug 2007 00:16:04 +0000 (17:16 -0700)]
ocfs2: Fix bad source start calculation during kernel writes

[PATCH] ocfs2: Fix bad source start calculation during kernel writes

For in-kernel writes ocfs2_get_write_source() should be starting the buffer
at a page boundary as the math in ocfs2_map_and_write_user_data() will pad
it back out to the correct write offset. Instead, we were passing the raw
offset, which caused ocfs2_map_and_write_user_data() start too far into the
buffer, resulting in corruptions from nfs client writes.

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoLinux 2.6.22.5 v2.6.22.5
Greg Kroah-Hartman [Wed, 22 Aug 2007 23:23:54 +0000 (16:23 -0700)]
Linux 2.6.22.5

17 years agoJFFS2 locking regression fix.
David Woodhouse [Mon, 20 Aug 2007 10:05:29 +0000 (11:05 +0100)]
JFFS2 locking regression fix.

Commit a491486a2087ac3dfc00efb4f838c8d684afaf54 introduced a locking
problem in JFFS2 -- we up() the alloc_sem when we weren't previously
holding it. This leads to all kinds of fun behaviour later.

There was a _reason_ for the
if (1 /* alternative path needs testing */ ||
which the above-mentioned commit removed :)

Discovered and debugged by Giulio Fedel <giulio.fedel@andorsystems.com>

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoi386: Fix double fault handler
Chuck Ebbert [Wed, 15 Aug 2007 10:38:57 +0000 (12:38 +0200)]
i386: Fix double fault handler

The new percpu code has apparently broken the doublefault handler
when CONFIG_DEBUG_SPINLOCK is set. Doublefault is handled by
a hardware task, making the check

        SPIN_BUG_ON(lock->owner == current, lock, "recursion");

fault because it uses the FS register to access the percpu data
for current, and that register is zero in the new TSS. (The trace
I saw was on 2.6.20 where it was GS, but it looks like this will
still happen with FS on 2.6.22.)

Initializing FS in the doublefault_tss should fix it.

AK: Also fix broken ptr_ok() and turn printks into KERN_EMERG
AK: And add a PANIC prefix to make clear the system will hang
AK: (e.g. x86-64 will recover)

Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoi386: Handle P6s without performance counters in nmi watchdog
Andi Kleen [Wed, 15 Aug 2007 10:38:58 +0000 (12:38 +0200)]
i386: Handle P6s without performance counters in nmi watchdog

I got an oops while booting a 32bit kernel on KVM because it doesn't
implement performance counters used by the NMI watchdog. Handle this
case.

Cc: Avi Kivity <avi@qumranet.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agox86_64: Change PMDS invocation to single macro
Andi Kleen [Wed, 15 Aug 2007 10:38:56 +0000 (12:38 +0200)]
x86_64: Change PMDS invocation to single macro

Very old binutils (2.12.90...) seem to have trouble with newlines
in assembler macro invocation. They put them into the resulting
argument expansion. In this case this lead to a parse error because
a .rept expression ended up spread over multiple lines. Change the PMDS()
invocation to a single line.

Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agox86_64: Check for .cfi_rel_offset in CFI probe
Andi Kleen [Wed, 15 Aug 2007 10:38:55 +0000 (12:38 +0200)]
x86_64: Check for .cfi_rel_offset in CFI probe

Very old binutils have .cfi_startproc/endproc, but
no .cfi_rel_offset. Check for .cfi_rel_offset too.

Cc: Jan Beulich <jbeulich@novell.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoi386: allow debuggers to access the vsyscall page with compat vDSO
Jan Beulich [Wed, 15 Aug 2007 10:38:54 +0000 (12:38 +0200)]
i386: allow debuggers to access the vsyscall page with compat vDSO

From: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Jan Beulich <jbeulich@novell.com>
Signed-off-by: Andi Kleen <ak@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoHibernation: do not try to mark invalid PFNs as nosave
Rafael J. Wysocki [Wed, 15 Aug 2007 13:37:37 +0000 (15:37 +0200)]
Hibernation: do not try to mark invalid PFNs as nosave

On some systems some PFNs reported by the early initialization code as 'nosave'
may be invalid. =A0If we try to set the corresponding bits in the hibernation
bitmap, BUG_ON() in memory_bm_find_bit() will be triggered and the system
won't be able to boot (cf. https://bugzilla.novell.com/show_bug.cgi?id=296242).

Prevent this from happening by verifying if the 'nosave' PFNs are valid in
mark_nosave_pages().

Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agolibata: add ATI SB700 device IDs to AHCI driver
su henry [Tue, 14 Aug 2007 17:20:46 +0000 (13:20 -0400)]
libata: add ATI SB700 device IDs to AHCI driver

The SATA controller device ID is different according to
the onchip SATA type set in the system BIOS:
Device                              Device ID
SATA in IDE mode             0x4390
SATA in AHCI mode           0x4391
SATA in non-raid5 driver     0x4392
SATA in raid5 driver           0x4393

Although the device ID is different, they use the same AHCI driver
.The attached file is the patch for adding these device
IDs for ATI SB700.

Signed-off-by: su henry <henry.su.ati@gmail.com>
Signed-off-by: Jeff Garzik <jeff@garzik.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoforcedeth: fix random hang in forcedeth driver when using netconsole
Timo Jantunen [Tue, 14 Aug 2007 18:56:57 +0000 (21:56 +0300)]
forcedeth: fix random hang in forcedeth driver when using netconsole

If the forcedeth driver receives too much work in an interrupt, it
assumes it has a broken hardware with stuck IRQ. It works around the
problem by disabling interrupts on the nic but makes a printk while
holding device spinlog - which isn't smart thing to do if you have
netconsole on the same nic.

This patch moves the printk's out of the spinlock protected area.

Without this patch the machine hangs hard. With this patch everything
still works even when there is significant increase on CPU usage while
using the nic.

Signed-off-by: Timo Jantunen <jeti@iki.fi>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agor8169: avoid needless NAPI poll scheduling
Francois Romieu [Tue, 14 Aug 2007 22:29:27 +0000 (00:29 +0200)]
r8169: avoid needless NAPI poll scheduling

Theory  : though needless, it should not have hurt.
Practice: it does not play nice with DEBUG_SHIRQ + LOCKDEP + UP
(see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=3D242572).

The patch makes sense in itself but I should dig why it has an effect
on #242572 (assuming that NAPI do not change in a near future).

Patch in mainline as 313b0305b5a1e7e0fb39383befbf79558ce68a9c.
Backported to 2.6.22-stable by Thomas M=FCller.

Signed-off-by: Thomas M=FCller <thomas@mathtm.de>
Signed-off-by: Francois Romieu <romieu@fr.zoreil.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoAVR32: Fix atomic_add_unless() and atomic_sub_unless()
Haavard Skinnemoen [Wed, 15 Aug 2007 13:31:01 +0000 (15:31 +0200)]
AVR32: Fix atomic_add_unless() and atomic_sub_unless()

These functions depend on "result" being initalized to 0, but "result"
is not included as an input constraint to the inline assembly block
following its initialization, only as an output constraint. Thus gcc
thinks it doesn't need to initialize it, so result ends up undefined
if the "unless" condition is true.

This fixes an oops in sunrpc where the faulty atomics caused
rpciod_up() to not start the workqueue as it should.

Signed-off-by: Haavard Skinnemoen <hskinnemoen@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoACPICA: Clear reserved fields for incoming ACPI 1.0 FADTs
Bob Moore [Wed, 15 Aug 2007 19:00:18 +0000 (15:00 -0400)]
ACPICA: Clear reserved fields for incoming ACPI 1.0 FADTs

ACPICA: Clear reserved fields for incoming ACPI 1.0 FADTs

Fixed a problem with the internal FADT conversion where ACPI 1.0
FADTs that contained invalid non-zero values in reserved fields
could cause later failures because these fields have meaning in
later revisions of the FADT. For incoming ACPI 1.0 FADTs, these
fields are now always zeroed. (Preferred_PM_Profile, PSTATE_CNT,
CST_CNT, IAPC_BOOT_FLAGS.)

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoACPICA: Fixed possible corruption of global GPE list
Bob Moore [Wed, 15 Aug 2007 18:58:15 +0000 (14:58 -0400)]
ACPICA: Fixed possible corruption of global GPE list

ACPICA: Fixed possible corruption of global GPE list

Fixed a problem in acpi_ev_delete_gpe_xrupt where the global interrupt
list could be corrupted if the interrupt being removed was at
the head of the list. Reported by Linn Crosetto.

Signed-off-by: Bob Moore <robert.moore@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agorevert "x86, serial: convert legacy COM ports to platform devices"
Andrew Morton [Tue, 31 Jul 2007 07:38:02 +0000 (00:38 -0700)]
revert "x86, serial: convert legacy COM ports to platform devices"

Revert 7e92b4fc345f5b6f57585fbe5ffdb0f24d7c9b26.  It broke Sébastien Dugué's
machine and Jeff said (persuasively)

  This seems like it will break decades-long-working stuff, in favor of
  breaking new ground in our favorite area, "trusting the BIOS."

  It's just not worth it for serial ports, IMO.  Serial ports are something
  that just shouldn't break at this late stage in the game.  My new Intel
  platform boxes don't even have serial ports, so I question the value of
  messing with serial port probing even more...  because...  just wait a year,
  and your box won't have a serial port either!  :)

  I certainly don't object to the use of platform devices (or isa_driver),
  but the probe change seems questionable.  That's sorta analagous to
  rewriting the floppy driver probe routine.  Sure you could do it...  but why
  risk all that damage and go through debugging all over again?

  It seems clear from this report that we cannot, should not, trust BIOS for
  something (a) so simple and (b) that has been working for over a decade.

Much discussion ensued and we've decided to have another go at all of this.

Cc: Sébastien Dugué <sebastien.dugue@bull.net>
Cc: Bjorn Helgaas <bjorn.helgaas@hp.com>
Cc: Len Brown <lenb@kernel.org>
Cc: Adam Belay <ambx1@neo.rr.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Cc: Russell King <rmk@arm.linux.org.uk>
Cc: Jeff Garzik <jeff@garzik.org>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Michal Piotrowski <michal.k.k.piotrowski@gmail.com>
Cc: Sascha Sommer <saschasommer@freenet.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosky2: check drop truncated packets
Stephen Hemminger [Thu, 16 Aug 2007 13:12:48 +0000 (09:12 -0400)]
sky2: check drop truncated packets

Backport of commit 71749531f2d1954137a1a77422ef4ff29eb102dd

If packet larger than MTU is received, the driver uses hardware to
truncate the packet. Use the status registers to catch/drop them.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosky2: check for more work before leaving NAPI
Stephen Hemminger [Thu, 16 Aug 2007 13:12:47 +0000 (09:12 -0400)]
sky2: check for more work before leaving NAPI

Backport of commit 5c11ce700f77fada15b6264417d72462da4bbb1c

This patch avoids generating another IRQ if more packets
arrive while in the NAPI poll routine. Before marking device as
finished, it rechecks that the status ring is empty.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosky2: carrier management
Stephen Hemminger [Thu, 16 Aug 2007 13:12:46 +0000 (09:12 -0400)]
sky2: carrier management

backport of commit 55d7b4e6ed6ad3ec5e5e30b3b4515a0a6a53e344

Make sky2 handle carrier similar to other drivers,
eliminate some possible races in carrier state transistions.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosky2: restore workarounds for lost interrupts
Stephen Hemminger [Thu, 16 Aug 2007 13:12:45 +0000 (09:12 -0400)]
sky2: restore workarounds for lost interrupts

Backport of commit c59697e06058fc2361da8cefcfa3de85ac107582

This patch restores a couple of workarounds from 2.6.16:
 * restart transmit moderation timer in case it expires during IRQ routine
 * default to having 10 HZ watchdog timer.
At this point it more important not to hang than to worry about the
power cost.

Signed-off-by: Stephen Hemminger <shemminger@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agohwmon: (smsc47m1) restore missing name attribute
Jean Delvare [Mon, 20 Aug 2007 10:30:38 +0000 (12:30 +0200)]
hwmon: (smsc47m1) restore missing name attribute

The smsc47m1 driver no longer creates the name attribute used by
libsensors to identify chip types. It was lost during the conversion
to a platform driver. I was fooled by the fact that we do have a
group with all attributes, but only to delete them all at once. The
group is not used to create the attributes, so we have to explicitly
create the name attribute.

Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agohwmon: fix w83781d temp sensor type setting
Mark M. Hoffman [Mon, 20 Aug 2007 20:01:50 +0000 (20:01 +0000)]
hwmon: fix w83781d temp sensor type setting

Commit 348753379a7704087603dad403603e825422fd9a introduced a regression that
caused temp2 and temp3 sensor type settings to be written to temp1 instead.
The result is that temp sensor readings could be way off.

Signed-off-by: Mark M. Hoffman <mhoffman@lightlink.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoLinux 2.6.22.4 v2.6.22.4
Greg Kroah-Hartman [Tue, 21 Aug 2007 04:33:06 +0000 (21:33 -0700)]
Linux 2.6.22.4

17 years agoReset current->pdeath_signal on SUID binary execution (CVE-2007-3848)
Marcel Holtmann [Fri, 17 Aug 2007 19:47:58 +0000 (21:47 +0200)]
Reset current->pdeath_signal on SUID binary execution (CVE-2007-3848)

This fixes a vulnerability in the "parent process death signal"
implementation discoverd by Wojciech Purczynski of COSEINC PTE Ltd.
and iSEC Security Research.

http://marc.info/?l=bugtraq&m=118711306802632&w=2

Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoLinux 2.6.22.3 v2.6.22.3
Greg Kroah-Hartman [Wed, 15 Aug 2007 16:25:39 +0000 (09:25 -0700)]
Linux 2.6.22.3

17 years agoCPUFREQ: ondemand: add a check to avoid negative load calculation
Venki Pallipadi [Wed, 20 Jun 2007 21:24:52 +0000 (14:24 -0700)]
CPUFREQ: ondemand: add a check to avoid negative load calculation

Due to rounding and inexact jiffy accounting, idle_ticks can sometimes
be higher than total_ticks. Make sure those cases are handled as
zero load case.

Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoCPUFREQ: ondemand: fix tickless accounting and software coordination bug
Venki Pallipadi [Wed, 20 Jun 2007 21:26:24 +0000 (14:26 -0700)]
CPUFREQ: ondemand: fix tickless accounting and software coordination bug

With tickless kernel and software coordination os P-states, ondemand
can look at wrong idle statistics. This can happen when ondemand sampling
is happening on CPU 0 and due to software coordination sampling also looks at
utilization of CPU 1. If CPU 1 is in tickless state at that moment, its idle
statistics will not be uptodate and CPU 0 thinks CPU 1 is idle for less
amount of time than it actually is.

This can be resolved by looking at all the busy times of CPUs, which is
accurate, even with tickless, and use that to determine idle time in a
round about way (total time - busy time).

Thanks to Arjan for originally reporting the ondemand bug on
Lenovo T61.

Signed-off-by: Venkatesh Pallipadi <venkatesh.pallipadi@intel.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agopata_atiixp: add SB700 PCI ID
Jeff Garzik [Mon, 13 Aug 2007 20:31:32 +0000 (16:31 -0400)]
pata_atiixp: add SB700 PCI ID

[libata] pata_atiixp: add SB700 PCI ID

From AMD.

Signed-off-by: Jeff Garzik <jeff@garzik.org>
Cc: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agostifb: detect cards in double buffer mode more reliably
Helge Deller [Fri, 10 Aug 2007 20:00:45 +0000 (13:00 -0700)]
stifb: detect cards in double buffer mode more reliably

Visualize-EG, Graffiti and A4450A graphics cards on PARISC can
be configured in double-buffer and standard mode, but the stifb
driver supports standard mode only.
This patch detects double-buffered cards more reliable.

It is a real bugfix for a very nasty problem for all parisc users which have
wrongly configured their graphic card.  The problem: The stifb graphics driver
will not detect that the card is wrongly configured and then nevertheless just
enables the graphics mode, which it shouldn't.  In the end, the user will see
no further updates / boot messages on the screen.

We had documented this problem already on our FAQ
(http://parisc-linux.org/faq/index.html#viseg "Why do I get corrupted graphics
with my Vis-EG/Graffiti/A4450A card?") but people still run into this problem.
 So having this fix in as early as possible can help us.

Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Antonino Daplas <adaplas@gmail.com>
Cc: Kyle McMartin <kyle@mcmartin.ca>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agodirect-io: fix error-path crashes
Badari Pulavarty [Fri, 10 Aug 2007 20:00:44 +0000 (13:00 -0700)]
direct-io: fix error-path crashes

Need to initialize map_bh.b_state to zero.  Otherwise, in case of a faulty
user-buffer its possible to go into dio_zero_block() and submit a page by
mistake - since it checks for buffer_new().

http://marc.info/?l=linux-kernel&m=118551339032528&w=2

akpm: Linus had a (better) patch to just do a kzalloc() in there, but it got
lost.  Probably this version is better for -stable anwyay.

Signed-off-by: Badari Pulavarty <pbadari@us.ibm.com>
Acked-by: Joe Jin <joe.jin@oracle.com>
Acked-by: Zach Brown <zach.brown@oracle.com>
Cc: gurudas pai <gurudas.pai@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agopowerpc: Fix size check for hugetlbfs
Benjamin Herrenschmidt [Wed, 8 Aug 2007 05:44:15 +0000 (15:44 +1000)]
powerpc: Fix size check for hugetlbfs

My "slices" address space management code that was added in 2.6.22
implementation of get_unmapped_area() doesn't properly check that the
size is a multiple of the requested page size. This allows userland to
create VMAs that aren't a multiple of the huge page size with hugetlbfs
(since hugetlbfs entirely relies on get_unmapped_area() to do that
checking) which leads to a kernel BUG() when such areas are torn down.

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPPC: Revert "[POWERPC] Add 'mdio' to bus scan id list for platforms with QE UEC"
Kim Phillips [Thu, 26 Jul 2007 22:25:12 +0000 (17:25 -0500)]
PPC: Revert "[POWERPC] Add 'mdio' to bus scan id list for platforms with QE UEC"

This reverts commit 3baee955953957be5496cd28e9c544d9db214262.

this was a mistake from the start; I added mdio type to the bus
scan list early on in my ucc_geth migrate to phylib development,
which is just pure wrong (the ucc_geth_mii driver creates the mii
bus and the PHY layer handles PHY enumeration without translation).

this accompanies commit 77926826f301fbd8ed96d3cd9ff17a5b59560dfb:

 Revert "[POWERPC] Don't complain if size-cells == 0 in prom_parse()"

which was basically trying to hide a symptom of the original mistake
this revert fixes.

Signed-off-by: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoPPC: Revert "[POWERPC] Don't complain if size-cells == 0 in prom_parse()"
Paul Mackerras [Thu, 26 Jul 2007 22:25:05 +0000 (17:25 -0500)]
PPC: Revert "[POWERPC] Don't complain if size-cells == 0 in prom_parse()"

This reverts commit fd6e9d3945ee122eb513ada8b17296d243c1ce5e.

Having #size-cells == 0 in a node indicates that things under the
node aren't directly accessible, and therefore we shouldn't try to
translate addresses for devices under the node into CPU physical
addresses.

Some drivers, such as the nvram driver for powermacs, rely on
of_address_to_resource failing if they are called for a node
representing a device whose resources aren't directly accessible
by the CPU.  These drivers were broken by commit fd6e9d39,
resulting in the "Lombard" powerbook hanging early in the boot
process.

stable team, this patch is equivalent to commit

77926826f301fbd8ed96d3cd9ff17a5b59560dfb

Signed-off-by: Paul Mackerras <paulus@samba.org>
Cc: Kim Phillips <kim.phillips@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoata_piix: update map 10b for ich8m
Tejun Heo [Mon, 6 Aug 2007 17:43:27 +0000 (02:43 +0900)]
ata_piix: update map 10b for ich8m

Fix map entry 10b for ich8.  It's [P0 P2 IDE IDE] like ich6 / ich6m.

Signed-off-by: Tejun Heo <htejun@gmail.com>
Acked-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com>
Cc: Jeff Garzik <jeff@garzik.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosoftmac: Fix deadlock of wx_set_essid with assoc work
Michael Buesch [Tue, 7 Aug 2007 10:20:40 +0000 (12:20 +0200)]
softmac: Fix deadlock of wx_set_essid with assoc work

The essid wireless extension does deadlock against the assoc mutex,
as we don't unlock the assoc mutex when flushing the workqueue, which
also holds the lock.

Signed-off-by: Michael Buesch <mb@bu3sch.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agorandom: fix bound check ordering (CVE-2007-3105)
Matt Mackall [Mon, 16 Jul 2007 00:10:14 +0000 (17:10 -0700)]
random: fix bound check ordering (CVE-2007-3105)

If root raised the default wakeup threshold over the size of the
output pool, the pool transfer function could overflow the stack with
RNG bytes, causing a DoS or potential privilege escalation.

(Bug reported by the PaX Team <pageexec@freemail.hu>)

Cc: Theodore Tso <tytso@mit.edu>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Matt Mackall <mpm@selenic.com>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agofix oops in __audit_signal_info()
Al Viro [Tue, 7 Aug 2007 23:01:46 +0000 (00:01 +0100)]
fix oops in __audit_signal_info()

Check for audit_signals is misplaced and check for
audit_dummy_context() is missing; as the result, if we send
signal to auditd from task with NULL ->audit_context while
we have audit_signals != 0 we end up with an oops.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoLinux 2.6.22.2 v2.6.22.2
Greg Kroah-Hartman [Thu, 9 Aug 2007 21:28:15 +0000 (14:28 -0700)]
Linux 2.6.22.2

17 years agoUML: exports for hostfs
Jeff Dike [Tue, 10 Jul 2007 16:49:04 +0000 (12:49 -0400)]
UML: exports for hostfs

Add some exports for hostfs that are required after Alberto Bertogli's
fixes for accessing unlinked host files.

Also did some style cleanups while I was here.

Signed-off-by: Jeff Dike <jdike@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosx: switch subven and subid values
Jiri Slaby [Wed, 11 Jul 2007 00:22:25 +0000 (17:22 -0700)]
sx: switch subven and subid values

sx.c is failing to locate Graham's card.

Signed-off-by: Jiri Slaby <jirislaby@gmail.com>
Cc: Graham Murray <gmurray@webwayone.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoUSB: fix for ftdi_sio quirk handling
Oliver Neukum [Mon, 2 Jul 2007 14:20:25 +0000 (16:20 +0200)]
USB: fix for ftdi_sio quirk handling

this one fixes an oops with quirky ftdi_sio devices. As it fixes a
regression, I propose that it be included in 2.6.22

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoNetfilter: Fix logging regression
Patrick McHardy [Wed, 25 Jul 2007 15:00:15 +0000 (17:00 +0200)]
Netfilter: Fix logging regression

[NETFILTER]: Fix logging regression

Loading one of the LOG target fails if a different target has already
registered itself as backend for the same family. This can affect the
ipt_LOG and ipt_ULOG modules when both are loaded.

Reported and tested by: <t.artem@mailcity.com>
Upstream-commit: 7e2acc7e

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agosysfs: release mutex when kmalloc() failed in sysfs_open_file().
YOSHIFUJI Hideaki [Fri, 13 Jul 2007 05:24:52 +0000 (22:24 -0700)]
sysfs: release mutex when kmalloc() failed in sysfs_open_file().

Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoIPV6: /proc/net/anycast6 unbalanced inet6_dev refcnt
David Stevens [Tue, 27 Feb 2007 00:28:56 +0000 (16:28 -0800)]
IPV6: /proc/net/anycast6 unbalanced inet6_dev refcnt

Reading /proc/net/anycast6 when there is no anycast address
on an interface results in an ever-increasing inet6_dev reference
count, as well as a reference to the netdevice you can't get rid of.

Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Marcus Meissner <meissner@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agonf_conntrack: don't track locally generated special ICMP error
Yasuyuki Kozakai [Tue, 17 Jul 2007 15:25:10 +0000 (17:25 +0200)]
nf_conntrack: don't track locally generated special ICMP error

[NETFILTER]: nf_conntrack: don't track locally generated special ICMP error

The conntrack assigned to locally generated ICMP error is usually the one
assigned to the original packet which has caused the error. But if
the original packet is handled as invalid by nf_conntrack, no conntrack
is assigned to the original packet. Then nf_ct_attach() cannot assign
any conntrack to the ICMP error packet. In that case the current
nf_conntrack_icmp assigns appropriate conntrack to it. But the current
code mistakes the direction of the packet. As a result, NAT code mistakes
the address to be mangled.

To fix the bug, this changes nf_conntrack_icmp not to assign conntrack
to such ICMP error. Actually no address is necessary to be mangled
in this case.

Spotted by Jordan Russell.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Upstream commit ID: 130e7a83d7ec8c5c673225e0fa8ea37b1ed507a5

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoKeep rfcomm_dev on the list until it is freed
Ville Tervo [Wed, 11 Jul 2007 07:23:41 +0000 (09:23 +0200)]
Keep rfcomm_dev on the list until it is freed

This patch changes the RFCOMM TTY release process so that the TTY is kept
on the list until it is really freed. A new device flag is used to keep
track of released TTYs.

Signed-off-by: Ville Tervo <ville.tervo@nokia.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoHangup TTY before releasing rfcomm_dev
Mikko Rapeli [Wed, 11 Jul 2007 07:18:15 +0000 (09:18 +0200)]
Hangup TTY before releasing rfcomm_dev

The core problem is that RFCOMM socket layer ioctl can release
rfcomm_dev struct while RFCOMM TTY layer is still actively using
it. Calling tty_vhangup() is needed for a synchronous hangup before
rfcomm_dev is freed.

Addresses the oops at http://bugzilla.kernel.org/show_bug.cgi?id=7509

Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agoACPI: dock: fix opps after dock driver fails to initialize
Chuck Ebbert [Tue, 7 Aug 2007 15:27:41 +0000 (11:27 -0400)]
ACPI: dock: fix opps after dock driver fails to initialize

ACPI: dock: fix opps after dock driver fails to initialize

The driver tests the dock_station pointer for nonnull
to check whether it has initialized properly. But in
some cases dock_station will be non-null after being
freed when driver init fails. Fix by zeroing the
pointer after freeing.

Signed-off-by: Chuck Ebbert <cebbert@redhat.com>
Signed-off-by: Kristen Carlson Accardi <kristen.c.accardi@intel.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agocr_backlight_probe() allocates too little storage for struct cr_panel
Jesper Juhl [Fri, 20 Jul 2007 07:31:47 +0000 (00:31 -0700)]
cr_backlight_probe() allocates too little storage for struct cr_panel

The Coverity checker noticed that we allocate too little storage for
"struct cr_panel *crp" in cr_backlight_probe().

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Cc: Thomas Hellstrom <thomas@tungstengraphics.com>
Cc: Alan Hourihane <alanh@tungstengraphics.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agodm: disable barriers
Stefan Bader [Thu, 12 Jul 2007 16:28:33 +0000 (17:28 +0100)]
dm: disable barriers

This patch causes device-mapper to reject any barrier requests.  This is done
since most of the targets won't handle this correctly anyway.  So until the
situation improves it is better to reject these requests at the first place.
Since barrier requests won't get to the targets, the checks there can be
removed.

Signed-off-by: Stefan Bader <shbader@de.ibm.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agodm snapshot: permit invalid activation
Milan Broz [Thu, 12 Jul 2007 16:28:13 +0000 (17:28 +0100)]
dm snapshot: permit invalid activation

Allow invalid snapshots to be activated instead of failing.

This allows userspace to reinstate any given snapshot state - for
example after an unscheduled reboot - and clean up the invalid snapshot
at its leisure.

Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agodm io: fix another panic on large request
Jun'ichi Nomura [Thu, 12 Jul 2007 16:27:45 +0000 (17:27 +0100)]
dm io: fix another panic on large request

bio_alloc_bioset() will return NULL if 'num_vecs' is too large.
Use bio_get_nr_vecs() to get estimation of maximum number.

Signed-off-by: Junichi Nomura <j-nomura@ce.jp.nec.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agodm raid1: fix status
Milan Broz [Thu, 12 Jul 2007 16:27:24 +0000 (17:27 +0100)]
dm raid1: fix status

Fix mirror status line broken in dm-log-report-fault-status.patch:
  - space missing between two words
  - placeholder ("0") required for compatibility with a subsequent patch
  - incorrect offset parameter

Signed-off-by: Milan Broz <mbroz@redhat.com>
Signed-off-by: Alasdair G Kergon <agk@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
17 years agonfsd: fix possible oops on re-insertion of rpcsec_gss modules
J. Bruce Fields [Tue, 24 Jul 2007 01:43:52 +0000 (18:43 -0700)]
nfsd: fix possible oops on re-insertion of rpcsec_gss modules

The handling of the re-registration case is wrong here; the "test" that was
returned from auth_domain_lookup will not be used again, so that reference
should be put.  And auth_domain_lookup never did anything with "new" in
this case, so we should just clean it up ourself.

Thanks to Akinobu Mita for bug report, analysis, and testing.

Cc: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Cc: Neil Brown <neilb@suse.de>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>