- 14 Dec, 2005 11 commits
-
-
Oleg Drokin authored
Fix a 32 bit integer overflow in invalidate_inode_pages2_range. Signed-off-by:
Andrew Morton <akpm@osdl.org> Signed-off-by:
Linus Torvalds <torvalds@osdl.org> Signed-off-by:
Greg Kroah-Hartman <gregkh@suse.de>
-
Thomas Renninger authored
[ACPI] fix HP nx8220 boot hang regression This patch reverts the acpi_bus_find_driver() return value check that came in via the PCI tree via 3fb02738 [PATCH] acpi bridge hotadd: Allow ACPI .add and .start operations to be done independently This particular change broke booting of some HP/Compaq laptops unless acpi=noirq is used. http://bugzilla.kernel.org/show_bug.cgi?id=5221 https://bugzilla.novell.com/show_bug.cgi?id=116763Signed-off-by:
Thomas Renninger <trenn@suse.de> Cc: Rajesh Shah <rajesh.shah@intel.com> Signed-off-by:
Len Brown <len.brown@intel.com> Signed-off-by:
-
Carlos Silva authored
BUDGET_CI card depends on STV0297 demodulator. This patch solves a DVB driver compile error introduced in 2.6.14 Signed-off-by:
Johannes Stezenbach <js@linuxtv.org> Signed-off-by:
Mauro Carvalho Chehab <mchehab@brturbo.com.br> Signed-off-by:
-
Daniel Drake authored
Commit f549d6c1 introduced a generic fallback for security xattrs, but appears to include a subtle bug. Gentoo users with kernels with selinux compiled in, and coreutils compiled with acl support, noticed that they could not copy files on tmpfs using 'cp'. cp (compiled with acl support) copies the file, lists the extended attributes on the old file, copies them all to the new file, and then exits. However the listxattr() calls were failing with this odd behaviour: llistxattr("a.out", (nil), 0) = 17 llistxattr("a.out", 0x7fffff8c6cb0, 17) = -1 ERANGE (Numerical result out of range) I believe this is a simple problem in the logic used to check the buffer sizes; if the user sends a buffer the exact size of the data, then its ok :) This change solves the problem. More info can be found at http://bugs.gentoo.org/113138Signed-off-by:
Daniel Drake <dsd@gentoo.org> Acked-by:
James Morris <jmorris@namei.org> Acked-by:
Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by:
-
Thomas Graf authored
The receive path for fib_lookup netlink messages is lacking sanity checks for header and payload and is thus vulnerable to malformed netlink messages causing illegal memory references. Signed-off-by:
Thomas Graf <tgraf@suug.ch> Signed-off-by:
-
Daniel Drake authored
This patch combines commit 0b360adb (make setkeys root-only) and commit e3f17f0f (only disallow setting by users) Because people can play games reprogramming keys and leaving traps for the next user of the console. Signed-off-by:
-
Oliver Neukum authored
the scsi layer now uses very short sg lists. This breaks the microtek driver. Here is a patch fixes this and some other issues. Signed-off-by:
Oliver Neukum <oliver@neukum.name> Signed-off-by:
-
David Gibson authored
set_page_dirty() will not cope with being handed a page * which is part of a compound page, but not the master page in that compound page. This case can occur via access_process_vm() if you attemp to write to another process's hugepage memory area using ptrace() (causing an oops or hang). This patch fixes the bug by only calling set_page_dirty() from access_process_vm() if the page is not a compound page. We already use a similar fix in bio_set_pages_dirty() for the case of direct io to hugepages. Signed-off-by:
David Gibson <david@gibson.dropbear.id.au> Acked-by:
William Irwin <wli@holomorphy.com> Signed-off-by:
Chris Wright <chrisw@osdl.org> Signed-off-by:
-
Adrian Bunk authored
The Coverity checker spotted this obvious use-after-free caused by a wrong order of the cleanups. Signed-off-by:
Adrian Bunk <bunk@stusta.de> Acked-by:
Roland Dreier <rolandd@cisco.com> Signed-off-by:
-
Adrian Bunk authored
The Coverity checker spotted this obvious use-after-free Signed-off-by:
Markus Lidel <Markus.Lidel@shadowconnect.com> Signed-off-by:
-
Adrian Bunk authored
The Coverity checker spotted this obvious use-after-free Signed-off-by:
Mark Salyzyn <mark_salyzyn@adaptec.com> Signed-off-by:
-
- 24 Nov, 2005 24 commits
-
-
Chris Wright authored
-
Jean Delvare authored
Fix a bug where setting the low fan speed limits will not work if no data was ever read through the sysfs interface and the fan clock dividers have not been explicitely set yet either. The reason is that data->fan_div[nr] may currently be used before it is initialized from the chip register values. The fix is to explicitely initialize data->fan_div[nr] before using it. Bug reported, and fix tested, by Nicolas Mailhot. Signed-off-by:
Jean Delvare <khali@linux-fr.org> Signed-off-by:
-
Jean Delvare authored
Fix the lm78 VID reading, which I accidentally broke while making this driver use the common vid_from_reg function rather than reimplementing its own in 2.6.14-rc1. I'm not proud of it, trust me. Signed-off-by:
-
Yuan Mu authored
Add SENSORS_LIMIT in store VCore limit functions. This fixes a potential u8 overflow on out-of-range user input. Signed-off-by:
-
Adrian Bunk authored
It's not good if caller and callee disagree regarding the type of the arguments. In this case, this could cause problems on 64bit architectures. Signed-off-by:
Armin Schindler <armin@melware.de> Signed-off-by:
-
Andi Kleen authored
Force correct address space size for MTRR on some 64bit Intel Xeons They report 40bit, but only have 36bits of physical address space. This caused problems with setting up the correct masks for MTRR, resulting in incorrect MTRRs. CPUID workaround for steppings 0F33h(supporting x86) and 0F34h(supporting x86 and EM64T). Detail info can be found at: http://download.intel.com/design/Xeon/specupdt/30240216.pdf http://download.intel.com/design/Pentium4/specupdt/30235221.pdf Signed-off-by: Shaohua Li<shaohua.li@intel.com> Signed-off-by:
Andi Kleen <ak@suse.de> Signed-off-by:
-
YOSHIFUJI Hideaki authored
Based on suggestion from Masahide Nakamura <nakam@linux-ipv6.org>. Signed-off-by:
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by:
-
Ville Nuorvala authored
Signed-off-by:
-
YOSHIFUJI Hideaki authored
Signed-off-by:
-
Harald Welte authored
Since we've converted the ftp/irc/tftp helpers to use the new module_parm_array() some time ago, we ware accidentially using signed data types - thus preventing those modules from being used on ports >= 32768. This patch fixes it by using 'ushort' module parameters. Thanks to Jan Nijs for reporting this bug. Signed-off-by:
Harald Welte <laforge@netfilter.org> Signed-off-by:
-
Vlad Drukker authored
Some devices (e.g. Qlogic iSCSI HBA hardware like QLA4010 up to firmware 3.0.0.4) initiates TCP with SYN and PUSH flags set. The Linux TCP/IP stack deals fine with that, but the connection tracking code doesn't. This patch alters TCP connection tracking to accept SYN+PUSH as a valid flag combination. Signed-off-by:
Vlad Drukker <vlad@storewiz.com> Signed-off-by:
-
Krzysztof Piotr Oledzki authored
This patch fixes an userspace triggered oops. If there is no ICMP_ID info the reference to attr will be NULL. Signed-off-by:
Krzysztof Piotr Oledzki <ole@ans.pl> Signed-off-by:
Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by:
-
Philip Craig authored
The reply tuple of the PNS->PAC expectation was using the wrong call id. So we had the following situation: - PNS behind NAT firewall - PNS call id requires NATing - PNS->PAC gre packet arrives first then the PNS->PAC expectation is matched, and the other expectation is deleted, but the PAC->PNS gre packets do not match the gre conntrack because the call id is wrong. We also cannot use ip_nat_follow_master(). Signed-off-by:
Philip Craig <philipc@snapgear.com> Signed-off-by:
-
Harald Welte authored
This fixes an oops triggered from userspace. If we don't pass information about the private protocol info, the reference to attr will be NULL. This is likely to happen in update messages. Signed-off-by:
-
Yasuyuki Kozakai authored
Signed-off-by:
Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by:
-
Harald Welte authored
With the new nf_queue generalization in 2.6.14, we've introduced a bug that causes an oops as soon as a packet is queued but no queue handler registered. This patch fixes it. Signed-off-by:
-
Rusty Rusty authored
The unknown protocol is used as a fallback when a protocol isn't known. Hence we cannot handle it failing, so don't set ".me". It's OK, since we only grab a reference from within the same module (iptable_nat.ko), so we never take the module refcount from 0 to 1. Also, remove the "protocol is NULL" test: it's never NULL. Signed-off-by:
Rusty Rusty <rusty@rustcorp.com.au> Signed-off-by:
-
Harald Welte authored
This endianness bug slipped through while changing the 'gre.key' field in the conntrack tuple from 32bit to 16bit. None of my tests caught the problem, since the linux pptp client always has '0' as call id / gre key. Only windows clients actually trigger the bug. Signed-off-by:
-
Krzysztof Halasa authored
As we are currently unable to fix the problem with carrier and protocol state signaling in net core I've to disable netif_carrier_off() calls used by WAN protocol drivers. The attached patch should make them working again. The remaining netif_carrier_*() calls in hdlc_fr.c are fine as they don't touch the physical device. Signed-off-by:
Krzysztof Halasa <khc@pm.waw.pl> Signed-off-by:
-
J. Bruce Fields authored
The patch http://linux.bkbits.net:8080/linux-2.6/diffs/fs/locks.c@1.70??nav=index.html introduced a pretty nasty memory leak in the lease code. When freeing the lease, the code in locks_delete_lock() will correctly clean up the fasync queue, but when we return to fcntl_setlease(), the freed fasync entry will be reinstated. This patch ensures that we skip the call to fasync_helper() when we're freeing up the lease. Signed-off-by:
J. Bruce Fields <bfields@fieldses.org> Signed-off-by:
Trond Myklebust <Trond.Myklebust@netapp.com> Signed-off-by:
-
Peter Osterlund authored
There is an old bug in the pkt_count_states() function that causes stack corruption. When compiling with gcc 3.x or 2.x it is harmless, but gcc 4 allocates local variables differently, which makes the bug visible. Signed-off-by:
Peter Osterlund <petero2@telia.com> Cc: <stable@kernel.org> Signed-off-by:
-
Takashi Iwai authored
Fixed the soft lockup of ALSA rtc-timer due to the wrong irq handling in rtc_control(). The call of rtc_control() can be atomic. Signed-off-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
-
Oleg Nesterov authored
If a task is being traced we never auto-reap it even if it might look like its parent doesn't care. The tracer obviously _does_ care. Signed-off-by:
-
Joel Schopp authored
Signed-off-by:
Andy Whitcroft <apw@shadowen.org> Signed-off-by:
Joel Schopp <jschopp@austin.ibm.com> Signed-off-by:
-
- 11 Nov, 2005 5 commits
-
-
Greg Kroah-Hartman authored
-
Linus Torvalds authored
Before we did CLONE_THREAD, the way to check whether we were attaching to ourselves was to just check "current == task", but with CLONE_THREAD we should check that the thread group ID matches instead. Signed-off-by: -
Ivan Kokshaysky authored
barrier.h uses barrier() in non-SMP case. And doesn't include compiler.h. Cc: Al Viro <viro@ftp.linux.org.uk> Signed-off-by:
-
Julian Anastasov authored
There was a fix in 2.6.13 that changed the behaviour of ip_vs_conn_expire_now function not to put reference to connection, its callers should hold write lock or connection refcnt. But we forgot to convert one caller, when the real server for connection is unavailable caller should put the connection reference. It happens only when sysctl var expire_nodest_conn is set to 1 and such connections never expire. Thanks to Roberto Nibali who found the problem and tested a 2.4.32-rc2 patch, which is equal to this 2.6 version. Signed-off-by:
Julian Anastasov <ja@ssi.bg> Signed-off-by:
Roberto Nibali <ratz@drugphish.ch> Signed-off-by:
-
Oleg Nesterov authored
When non-leader thread does exec, de_thread calls release_task(leader) before calling exit_itimers(). If local timer interrupt happens in between, it can oops in send_group_sigqueue() while taking ->sighand->siglock == NULL. However, we can't change send_group_sigqueue() to check p->signal != NULL, because sys_timer_create() does get_task_struct() only in SIGEV_THREAD_ID case. So it is possible that this task_struct was already freed and we can't trust p->signal. This patch changes de_thread() so that leader released after exit_itimers() call. Signed-off-by:
Oleg Nesterov <oleg@tv-sign.ru> Signed-off-by:
-
