Daniel Barkalow [Fri, 8 Dec 2006 16:58:15 +0000 (11:58 -0500)]
[PATCH] forcedeth: Disable INTx when enabling MSI in forcedeth
At least some nforce cards continue to send legacy interrupts when MSI
is enabled, and these interrupts are treated as unhandled by the
kernel. This patch disables legacy interrupts explicitly when enabling
MSI mode.
The correct fix is to change the MSI infrastructure to disable legacy
interrupts when enabling MSI, but this is potentially risky if the
device isn't PCI-2.3 or is quirky, so the correct fix is going into
mainline, while patches like this one go into -stable.
Legend has it that it is most correct to disable legacy interrupts
before enabling MSI, but the mainline patch does it in the other
order, and this patch is "obviously" the same as mainline.
Signed-off-by: Daniel Barkalow <barkalow@iabervon.org> Cc: Jeff Garzik <jeff@garzik.org> Cc: Greg KH <gregkh@suse.de> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] x86: Fix boot hang due to nmi watchdog init code
2.6.19 stopped booting (or booted based on build/config) on our x86_64
systems due to a bug introduced in 2.6.19. check_nmi_watchdog schedules an
IPI on all cpus to busy wait on a flag, but fails to set the busywait
flag if NMI functionality is disabled. This causes the secondary cpus
to spin in an endless loop, causing the kernel bootup to hang.
Depending upon the build, the busywait flag got overwritten (stack variable)
and caused the kernel to bootup on certain builds. Following patch fixes
the bug by setting the busywait flag before returning from check_nmi_watchdog.
I guess using a stack variable is not good here as the calling function could
potentially return while the busy wait loop is still spinning on the flag.
Zachary Amsden [Thu, 7 Dec 2006 04:39:39 +0000 (20:39 -0800)]
[PATCH] softirq: remove BUG_ONs which can incorrectly trigger
It is possible to have tasklets get scheduled before softirqd has had a chance
to spawn on all CPUs. This is totally harmless; after success during action
CPU_UP_PREPARE, action CPU_ONLINE will be called, which immediately wakes
softirqd on the appropriate CPU to process the already pending tasklets. So
there is no danger of having a missed wakeup for any tasklets that were
already pending.
In particular, i386 is affected by this during startup, and is visible when
using a very large initrd; during the time it takes for the initrd to be
decompressed, a timer IRQ can come in and schedule RCU callbacks. It is also
possible that resending of a hardware IRQ via a softirq triggers the same bug.
Because of different timing conditions, this shows up in all emulators and
virtual machines tested, including Xen, VMware, Virtual PC, and Qemu. It is
also possible to trigger on native hardware with a large enough initrd,
although I don't have a reliable case demonstrating that.
Signed-off-by: Zachary Amsden <zach@vmware.com> Cc: <caglar@pardus.org.tr> Cc: Ingo Molnar <mingo@elte.hu> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Jiri Kosina [Thu, 7 Dec 2006 04:39:38 +0000 (20:39 -0800)]
[PATCH] autofs: fix error code path in autofs_fill_sb()
When kernel is compiled with old version of autofs (CONFIG_AUTOFS_FS), and
new (observed at least with 5.x.x) automount deamon is started, kernel
correctly reports incompatible version of kernel and userland daemon, but
then screws things up instead of correct handling of the error:
autofs: kernel does not match daemon version
=====================================
[ BUG: bad unlock balance detected! ]
-------------------------------------
automount/4199 is trying to release lock (&type->s_umount_key) at:
[<c0163b9e>] get_sb_nodev+0x76/0xa4
but there are no more locks to release!
other info that might help us debug this:
no locks held by automount/4199.
The problem: autofs_fill_super() returns EINVAL to get_sb_nodev(), but
before that, it calls kill_anon_super() to destroy the superblock which
won't be needed. This is however way too soon to call kill_anon_super(),
because get_sb_nodev() has to perform its own cleanup of the superblock
first (deactivate_super(), etc.). The correct time to call
kill_anon_super() is in the autofs_kill_sb() callback, which is called by
deactivate_super() at proper time, when the superblock is ready to be
killed.
I can see the same faulty codepath also in autofs4. This patch solves
issues in both filesystems in a same way - it postpones the
kill_anon_super() until the proper time is signalized by deactivate_super()
calling the kill_sb() callback.
[raven@themaw.net: update comment] Signed-off-by: Jiri Kosina <jkosina@suse.cz> Acked-by: Ian Kent <raven@themaw.net> Cc: <stable@kernel.org> Signed-off-by: Ian Kent <raven@themaw.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
The 'testproc' swsusp debug mode thaws tasks twice in a row, which is _very_
confusing. Fix that.
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: Pavel Machek <pavel@ucw.cz> Cc: <stable@kernel.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Andrew Morton [Thu, 7 Dec 2006 04:31:30 +0000 (20:31 -0800)]
[PATCH] add bottom_half.h
With CONFIG_SMP=n:
drivers/input/ff-memless.c:384: warning: implicit declaration of function 'local_bh_disable'
drivers/input/ff-memless.c:393: warning: implicit declaration of function 'local_bh_enable'
Really linux/spinlock.h should include linux/interrupt.h. But interrupt.h
includes sched.h which will need spinlock.h.
So the patch breaks the _bh declarations out into a separate header and
includes it in bothj interrupt.h and spinlock.h.
Jeet Chaudhuri [Thu, 7 Dec 2006 23:32:22 +0000 (01:32 +0200)]
[PATCH] IrDA: Incorrect TTP header reservation
We must reserve SAR + MAX_HEADER bytes for IrLMP to fit in.
This fixes an oops reported (and fixed) by Jeet Chaudhuri, when max_sdu_size
is greater than 0.
Signed-off-by: Samuel Ortiz <samuel@sortiz.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Patrick McHardy [Tue, 5 Dec 2006 04:01:31 +0000 (20:01 -0800)]
[PATCH] XFRM: Use output device disable_xfrm for forwarded packets
Currently the behaviour of disable_xfrm is inconsistent between
locally generated and forwarded packets. For locally generated
packets disable_xfrm disables the policy lookup if it is set on
the output device, for forwarded traffic however it looks at the
input device. This makes it impossible to disable xfrm on all
devices but a dummy device and use normal routing to direct
traffic to that device.
Always use the output device when checking disable_xfrm.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
David Miller [Tue, 5 Dec 2006 03:57:11 +0000 (19:57 -0800)]
[PATCH] TOKENRING: Remote memory corruptor in ibmtr.c
ip_summed changes last summer had missed that one. As the result,
we have ip_summed interpreted as CHECKSUM_PARTIAL now. IOW,
->csum is interpreted as offset of checksum in the packet. net/core/*
will both read and modify the value as that offset, with obvious
reasons. At the very least it's a remote memory corruptor.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Alexey Dobriyan [Sat, 2 Dec 2006 20:58:49 +0000 (23:58 +0300)]
[PATCH] do_coredump() and not stopping rewrite attacks? (CVE-2006-6304)
On Sat, Dec 02, 2006 at 11:47:44PM +0300, Alexey Dobriyan wrote:
> David Binderman compiled 2.6.19 with icc and grepped for "was set but never
> used". Many warnings are on
> http://coderock.org/kj/unused-2.6.19-fs
Heh, the very first line:
fs/exec.c(1465): remark #593: variable "flag" was set but never used
fs/exec.c:
1477 /*
1478 * We cannot trust fsuid as being the "true" uid of the
1479 * process nor do we know its entire history. We only know it
1480 * was tainted so we dump it as root in mode 2.
1481 */
1482 if (mm->dumpable == 2) { /* Setuid core dump mode */
1483 flag = O_EXCL; /* Stop rewrite attacks */
1484 current->fsuid = 0; /* Dump root private */
1485 }
And then filp_open follows with "flag" totally ignored.
ib_ucm_cleanup_events() holds file_mutex while calling ib_destroy_cm_id().
This can deadlock since ib_destroy_cm_id() flushes event handlers, and
ib_ucm_event_handler() needs file_mutex, too. Therefore, drop the
file_mutex during the call to ib_destroy_cm_id().
Signed-off-by: Michael S. Tsirkin <mst@mellanox.co.il> Signed-off-by: Roland Dreier <rolandd@cisco.com> Acked-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Maxime Austruy [Sun, 3 Dec 2006 16:40:01 +0000 (10:40 -0600)]
[PATCH] softmac: fix unbalanced mutex_lock/unlock in ieee80211softmac_wx_set_mlme
Routine ieee80211softmac_wx_set_mlme has one return that fails
to release a mutex acquired at entry.
Signed-off-by: Maxime Austruy <maxime@tralhalla.org> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
[PATCH] NETFILTER: bridge netfilter: deal with martians correctly
The attached patch resolves an issue where a IP DNATed packet with a
martian source is forwarded while it's better to drop it. It also
resolves messages complaining about ip forwarding being disabled while
it's actually enabled. Thanks to lepton <ytht.net@gmail.com> for
reporting this problem.
This is probably a candidate for the -stable release.
Signed-off-by: Bart De Schuymer <bdschuym@pandora.be> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
In compat mode, matches and targets valid hooks checks always successful due
to not initialized e->comefrom field yet. This patch separates this checks from
translation code and moves them after mark_source_chains() call, where these
marks are initialized.
Signed-off-by: Dmitry Mishin <dim@openvz.org>
Signed-off-by; Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Commit 590bdf7fd2292b47c428111cb1360e312eff207e introduced a regression
in match/target hook validation. mark_source_chains builds a bitmask
for each rule representing the hooks it can be reached from, which is
then used by the matches and targets to make sure they are only called
from valid hooks. The patch moved the match/target specific validation
before the mark_source_chains call, at which point the mask is always zero.
This patch returns back to the old order and moves the standard checks
to mark_source_chains. This allows to get rid of a special case for
standard targets as a nice side-effect.
Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Jurij Smakov [Mon, 4 Dec 2006 03:36:32 +0000 (19:36 -0800)]
[PATCH] SUNHME: Fix for sunhme failures on x86
The following patch fixes the failure of sunhme drivers on x86 hosts
due to missing pci_enable_device() and pci_set_master() calls, lost
during code refactoring. It has been filed as bugzilla bug #7502 [0]
and Debian bug #397460 [1].
David Miller [Sat, 2 Dec 2006 04:36:44 +0000 (20:36 -0800)]
[PATCH] PKT_SCHED act_gact: division by zero
Not returning -EINVAL, because someone might want to use the value
zero in some future gact_prob algorithm?
Signed-off-by: Kim Nordlund <kim.nordlund@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
This reverts commit 281ea49b0c294649a6de47a6f8fbe5611137726b,
which broke ACPI Interrupt source overrides that move
the SCI from one IRQ in PIC mode to another in IOAPIC mode.
If the SCI shared an interrupt line with another device,
this would result in a "irq 18: nobody cared" type failure.
http://bugzilla.kernel.org/show_bug.cgi?id=7601
Signed-off-by: Len Brown <len.brown@intel.com> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Patrick McHardy [Fri, 1 Dec 2006 04:06:33 +0000 (20:06 -0800)]
[PATCH] NET_SCHED: policer: restore compatibility with old iproute binaries
The tc actions increased the size of struct tc_police, which broke
compatibility with old iproute binaries since both the act_police
and the old NET_CLS_POLICE code check for an exact size match.
Since the new members are not even used, the simple fix is to also
accept the size of the old structure. Dumping is not affected since
old userspace will receive a bigger structure, which is handled fine.
Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Jamal Hadi Salim <hadi@cyberus.ca> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Al Viro [Fri, 1 Dec 2006 03:47:59 +0000 (19:47 -0800)]
[PATCH] EBTABLES: Prevent wraparounds in checks for entry components' sizes.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Al Viro [Fri, 1 Dec 2006 03:47:58 +0000 (19:47 -0800)]
[PATCH] EBTABLES: Deal with the worst-case behaviour in loop checks.
No need to revisit a chain we'd already finished with during
the check for current hook. It's either instant loop (which
we'd just detected) or a duplicate work.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Al Viro [Fri, 1 Dec 2006 03:47:56 +0000 (19:47 -0800)]
[PATCH] EBTABLES: Verify that ebt_entries have zero ->distinguisher.
We need that for iterator to work; existing check had been too weak.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Al Viro [Fri, 1 Dec 2006 03:47:52 +0000 (19:47 -0800)]
[PATCH] EBTABLES: Fix wraparounds in ebt_entries verification.
We need to verify that
a) we are not too close to the end of buffer to dereference
b) next entry we'll be checking won't be _before_ our
While we are at it, don't subtract unrelated pointers...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Michael Buesch [Thu, 30 Nov 2006 00:51:12 +0000 (18:51 -0600)]
[PATCH] softmac: remove netif_tx_disable when scanning
In the scan section of ieee80211softmac, network transmits are disabled.
When SoftMAC re-enables transmits, it may override the wishes of a driver
that may have very good reasons for disabling transmits. At least one failure
in bcm43xx can be traced to this problem. In addition, several unexplained
problems may arise from the unexpected enabling of transmits.
Signed-off-by: Michael Buesch <mb@bu3sch.de> Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net> Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Francois Romieu [Wed, 29 Nov 2006 21:21:33 +0000 (22:21 +0100)]
[PATCH] r8169: Fix iteration variable sign
This changes the type of variable "i" in rtl8169_init_one()
from "unsigned int" to "int". "i" is checked for < 0 later,
which can never happen for "unsigned". This results in broken
error handling.
Milan Svoboda [Wed, 29 Nov 2006 11:09:52 +0000 (12:09 +0100)]
[ARM] 3943/1: share declaration of struct pxa2xx_udc_mach_info between multiple platforms
Move declaration of struct pxa2xx_udc_mach_info from
include/asm-arm/arch-pxa/udc.h to new file
include/asm-arm/mach/udc_pxa2xx.h.
This allow us to use this structure with
multiple platforms - pxa and ixp4xx. USB
device controller used in pxa25x is the same
as controller used in ixp4xx.
Signed-off-by: Milan Svoboda <msvoboda@ra.rockwell.com> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Patrick McHardy [Wed, 29 Nov 2006 04:10:21 +0000 (20:10 -0800)]
[NETFILTER]: ipt_REJECT: fix memory corruption
On devices with hard_header_len > LL_MAX_HEADER ip_route_me_harder()
reallocates the skb, leading to memory corruption when using the stale
tcph pointer to update the checksum.
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Yasuyuki Kozakai [Mon, 27 Nov 2006 18:26:46 +0000 (10:26 -0800)]
[NETFILTER]: conntrack: fix refcount leak when finding expectation
All users of __{ip,nf}_conntrack_expect_find() don't expect that
it increments the reference count of expectation.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Yasuyuki Kozakai [Mon, 27 Nov 2006 18:25:59 +0000 (10:25 -0800)]
[NETFILTER]: nf_conntrack: fix the race on assign helper to new conntrack
The found helper cannot be assigned to conntrack after unlocking
nf_conntrack_lock. This tries to find helper to assign again.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Yasuyuki Kozakai [Mon, 27 Nov 2006 18:25:32 +0000 (10:25 -0800)]
[NETFILTER]: nfctnetlink: assign helper to newly created conntrack
This fixes the bug which doesn't assign helper to newly created
conntrack via nf_conntrack_netlink.
Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 29 Nov 2006 04:54:40 +0000 (20:54 -0800)]
Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev
* 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik/libata-dev:
[PATCH] libata: Fixup ata_sas_queuecmd to handle __ata_scsi_queuecmd failure
[PATCH] ahci: AHCI mode SATA patch for Intel ICH9
[PATCH] libata: don't schedule EH on wcache on/off if old EH
Linus Torvalds [Wed, 29 Nov 2006 01:28:41 +0000 (17:28 -0800)]
Merge branch 'for-linus' of git://one.firstfloor.org/home/andi/git/linux-2.6
* 'for-linus' of git://one.firstfloor.org/home/andi/git/linux-2.6:
[PATCH] x86-64: Use stricter in process stack check for unwinder
[PATCH] i386: Fix compilation with UP genericarch
[PATCH] x86-64: Fix warning in io_apic.c
[PATCH] x86-64: work around gcc4 issue with -Os in Dwarf2 stack unwind
[PATCH] x86_64: Align data segment to PAGE_SIZE boundary
Linus Torvalds [Wed, 29 Nov 2006 01:27:52 +0000 (17:27 -0800)]
Merge branch 'linus' of master.kernel.org:/pub/scm/linux/kernel/git/perex/alsa
* 'linus' of master.kernel.org:/pub/scm/linux/kernel/git/perex/alsa:
[ALSA] version 1.0.13
[ALSA] snd-emu10k1: Fix capture for one variant.
[ALSA] Fix hang-up at disconnection of usb-audio
[ALSA] hda: fix typo for xw4400 PCI sub-ID
[ALSA] hda: fix sigmatel dell system detection
[ALSA] Enable stereo line input for TAS codec
[ALSA] rtctimer: handle RTC interrupts with a tasklet
Joakim Tjernlund [Tue, 28 Nov 2006 23:11:52 +0000 (23:11 +0000)]
[PATCH] Fix Intel/Sharp command set erase suspend bug
When we sleep and wait for a suspended operation to be resumed, go
back and check until it's ready -- don't just continue after the first
time we're woken. This can cause file system corruption.
Andi Kleen [Tue, 28 Nov 2006 19:12:59 +0000 (20:12 +0100)]
[PATCH] x86-64: Use stricter in process stack check for unwinder
Previously it would check for alignment only, which could break
if the stack pointer was unaligned. Now explicitely check if the
stack pointer is in the stack page of the current process.
Jan Beulich [Tue, 28 Nov 2006 19:12:59 +0000 (20:12 +0100)]
[PATCH] x86-64: work around gcc4 issue with -Os in Dwarf2 stack unwind
This fixes a problem with gcc4 mis-compiling the stack unwind code under
-Os, which resulted in 'stuck' messages whenever an assembly routine was
encountered.
Matt Porter [Mon, 6 Nov 2006 10:20:38 +0000 (11:20 +0100)]
[ALSA] hda: fix sigmatel dell system detection
Fixes Dell system detection on 9200 codecs. The support
to detect certain Dell machines was merged in the
9205 table where it will be unused on the various Dell
9200-based codec systems. This moves the subsystem IDs
to the correct 9200 table.
Signed-off-by: Matt Porter <mporter@embeddedalley.com> Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jaroslav Kysela <perex@suse.cz>
Akinobu Mita [Mon, 27 Nov 2006 06:16:48 +0000 (15:16 +0900)]
selinux: fix dentry_open() error check
The return value of dentry_open() shoud be checked by IS_ERR().
Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com> Signed-off-by: James Morris <jmorris@namei.org>
Linus Torvalds [Mon, 27 Nov 2006 03:05:22 +0000 (19:05 -0800)]
Fix 'ALIGN()' macro, take 2
You wouldn't think that doing an ALIGN() macro that aligns something up
to a power-of-two boundary would be likely to have bugs, would you?
But hey, in the wonderful world of mixing integer types, you have to be
careful. This just makes sure that the alignment is interpreted in the
same type as the thing to be aligned.
Thanks to Roland Dreier, who noticed that the amso1100 driver got broken
by the previous fix (that just extended the mask to "unsigned long", but
was still broken in "unsigned long long" - it just happened to be the
same on 64-bit architectures).
Acked-by: Roland Dreier <rdreier@cisco.com> Cc: Andrew Morton <akpm@osdl.org> Cc: David Miller <davem@davemloft.net> Cc: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Kyle McMartin [Sun, 26 Nov 2006 23:56:56 +0000 (18:56 -0500)]
[PATCH] Fix incorrent type of flags in <asm/semaphore.h>
I still think using BUILD_BUG_ON() is unacceptable, especially given how
vague the error message was.
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
[ And I already removed gthe BUILD_BUG_ON() in the previous commit ] Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6:
[XFRM] STATE: Fix to respond error to get operation if no matching entry exists.
[NET]: Re-fix of doc-comment in sock.h
[6PACK]: Masking bug in 6pack driver.
[NET]: Fix kfifo_alloc() error check.
[UDP]: Make udp_encap_rcv use pskb_may_pull
[NETFILTER]: H.323 conntrack: fix crash with CONFIG_IP_NF_CT_ACCT
Russell King [Sat, 25 Nov 2006 16:19:23 +0000 (16:19 +0000)]
[ARM] Add PM_LEGACY defaults
Eliminate two warnings:
kernel/power/pm.c:205: warning: 'pm_register' is deprecated (declared at kernel/power/pm.c:64)
kernel/power/pm.c:206: warning: 'pm_send_all' is deprecated (declared at kernel/power/pm.c:180)
by updating defconfig files to contain a sensible PM_LEGACY default.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Hans Verkuil [Sat, 25 Nov 2006 12:40:28 +0000 (09:40 -0300)]
V4L/DVB (4885): Improve saa711x check
The old code would accept any device on the same i2c address as the
saa711x chips as an saa711x. However, this fails with saa717x chips,
which use that same address and so are misdetected as a saa7111. Now
check whether the chip is really a saa711x model.
Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Ira Snyder [Mon, 20 Nov 2006 10:20:48 +0000 (07:20 -0300)]
V4L/DVB (4849): Add missing spin_unlock to saa6588 decoder driver
Sparse noticed a lock imbalance in read_from_buf(). Further inspection shows
that the lock should not be held when the function exits.
This adds a spin_unlock_irqrestore(), so that every exit path of the
read_from_buf() function is consistent. The unlock was missing on an error
path.
Signed-off-by: Ira W. Snyder <devel@irasnyder.com> Signed-off-by: Hans J. Koch <koch@hjk-az.de> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
Oliver Endriss [Sun, 19 Nov 2006 05:15:37 +0000 (02:15 -0300)]
V4L/DVB (4840): Budget: diseqc_method module parameter for cards with subsystem-id 13c2:1003
New module parameter diseqc_method for cards with subsystem-id 13c2:1003.
- 0: unreliable method, can be used by all board revisions (default)
- 1: reliable method, works for newer board layouts only
The parameter has no effect for cards with other subsystem-ids.
Signed-off-by: Oliver Endriss <o.endriss@gmx.de> Signed-off-by: Mauro Carvalho Chehab <mchehab@infradead.org>
[XFRM] STATE: Fix to respond error to get operation if no matching entry exists.
When application uses XFRM_MSG_GETSA to get state entry through
netlink socket and kernel has no matching one, the application expects
reply message with error status by kernel.
Kernel doesn't send the message back in the case of Mobile IPv6 route
optimization protocols (i.e. routing header or destination options
header). This is caused by incorrect return code "0" from
net/xfrm/xfrm_user.c(xfrm_user_state_lookup) and it makes kernel skip
to acknowledge at net/netlink/af_netlink.c(netlink_rcv_skb).
This patch fix to reply ESRCH to application.
Signed-off-by: Masahide NAKAMURA <nakam@linux-ipv6.org> Signed-off-by: TAKAMIYA Noriaki <takamiya@po.ntts.co.jp> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Bonser [Fri, 24 Nov 2006 01:56:13 +0000 (17:56 -0800)]
[NET]: Re-fix of doc-comment in sock.h
Restoring old, correct comment for sk_filter_release, moving it to
where it should actually be, and changing new comment into proper
comment for sk_filter_rcu_free, where it actually makes sense.
The original fix submitted for this on Oct 23 mistakenly documented
the wrong function.
Signed-off-by: Paul Bonser <misterpib@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jean Delvare [Thu, 23 Nov 2006 19:48:28 +0000 (11:48 -0800)]
[6PACK]: Masking bug in 6pack driver.
Looks like a broken masking to me, binary not is used where bitwise
not was intended.
Signed-off-by: Jean Delvare <khali@linux-fr.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Olaf Kirch [Thu, 23 Nov 2006 04:11:42 +0000 (20:11 -0800)]
[UDP]: Make udp_encap_rcv use pskb_may_pull
Make udp_encap_rcv use pskb_may_pull
IPsec with NAT-T breaks on some notebooks using the latest e1000 chipset,
when header split is enabled. When receiving sufficiently large packets, the
driver puts everything up to and including the UDP header into the header
portion of the skb, and the rest goes into the paged part. udp_encap_rcv
forgets to use pskb_may_pull, and fails to decapsulate it. Instead, it
passes it up it to the IKE daemon.
Signed-off-by: Olaf Kirch <okir@suse.de> Signed-off-by: Jean Delvare <jdelvare@suse.de> Signed-off-by: David S. Miller <davem@davemloft.net>
Faidon Liambotis [Wed, 22 Nov 2006 05:46:02 +0000 (21:46 -0800)]
[NETFILTER]: H.323 conntrack: fix crash with CONFIG_IP_NF_CT_ACCT
H.323 connection tracking code calls ip_ct_refresh_acct() when
processing RCFs and URQs but passes NULL as the skb.
When CONFIG_IP_NF_CT_ACCT is enabled, the connection tracking core tries
to derefence the skb, which results in an obvious panic.
A similar fix was applied on the SIP connection tracking code some time
ago.
Signed-off-by: Faidon Liambotis <paravoid@debian.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Reimplement execvp for our purposes - after we call fork() it is fundamentally
unsafe to use the kernel allocator - current is not valid there. So we simply
pass to our modified execvp() a preallocated buffer. This fixes a real bug
and works very well in testing (I've seen indirectly warning messages from the
forked thread - they went on the pipe connected to its stdout and where read
as a number by UML, when calling read_output(). I verified the obtained
number corresponded to "BUG:").
The added use of __cant_sleep() is not a new bug since __cant_sleep() is
already used in the same function - passing an atomicity parameter would be
better but it would require huge change, stating that this function must not
be called in atomic context and can sleep is a better idea (will make sure of
this gradually).
Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
[akpm@osdl.org: two compile fixes] Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Signed-off-by: Jiri Kosina <jikos@jikos.cz> Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl> Acked-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Alexey Dobriyan [Sat, 25 Nov 2006 19:09:36 +0000 (11:09 -0800)]
[PATCH] Enforce "unsigned long flags;" when spinlocking
Make it break or warn if you pass to spin_lock_irqsave() and friends
something different from "unsigned long flags;". Suprisingly large amount
of these was caught by recent commit c53421b18f205c5f97c604ae55c6a921f034b0f6 and others.
Idea is largely from FRV typechecking. Suggestions from Andrew Morton.
All stupid typos in first version fixed.
Passes allmodconfig on i386, x86_64, alpha, arm as well as my usual config.
Note #1: checking with sparse is still needed, because a driver can save
and pass around flags or something. So far patch is very intrusive.
Note #2: techically, we should break only if
sizeof(flags) < sizeof(unsigned long),
however, the more pain for getting suspicious code into kernel,
the better.
projects / karo-tx-linux.git / log