- 13 Oct, 2006 12 commits
-
-
Martin Schwidefsky authored
[S390] user readable uninitialised kernel memory. A user space program can read uninitialised kernel memory by appending to a file from a bad address and then reading the result back. The cause is the copy_from_user function that does not clear the remaining bytes of the kernel buffer after it got a fault on the user space address. Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Daniel Drake authored
The vendor driver chooses this value based on an ifndef ASIC, and ASIC is never defined. Signed-off-by: Daniel Drake <dsd@gentoo.org> Signed-off-by: John W. Linville <linville@tuxdriver.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Mike Isely authored
Currently it is not understood how to properly control the horizontal capture resolution on 24xxx devices. The pvrusb2 driver is doing everything it should (pass resolution paramter(s) to cx2341x and cx25840 modules) but for some reason the result is corrupted video if any resolution other than 720 is used. This patch causes the driver to only permit a horizontal resolution of 720 to be used on 24xxx devices. Even if the app requests something else, the driver will force the resolution back to 720. This patch still allows full control of the resolution for 29xxx devices. Signed-off-by: Mike Isely <isely@pobox.com> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Mike Isely authored
The pvrusb2 driver needs to call video_devdata() in order to correctly transform a file pointer into a video_device pointer. Unfortunately the prototype for this function has been marked V4L1-only and there's no official substitute that I can find for V4L2. Adding to the mystery is that the implementation for this function exists whether or not V4L1 compatibility has been selected. The upshot of all this is that we get a compilation warning here about a missing prototype but the code links OK. This fix solves the warning by copying the prototype into the source file that is using it. Yes this is a hack, but it's a safe one for 2.6.18 (any alternative would be much more intrusive). A better solution should be forthcoming for the next kernel. Signed-off-by: Mike Isely <isely@pobox.com> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Mike Isely authored
The CONFIG_VIDEO_PVRUSB2_24XXX is not nearly as "experimental" as the description suggests. So refine the description to better match reality. Signed-off-by: Mike Isely <isely@pobox.com> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Mike Isely authored
There is a mutex ordering problem between the pvrusb2 driver and the v4l core. Two different pathways take mutexes in opposing orders and this (under rare circumstances) can cause a deadlock. The two mutexes in question are videodev_lock in the v4l core and device_lock inside the pvrusb2 driver. The device_lock instance in the driver protects a private global array of context pointers which had been implemented in advance of v4l core changes which eliminate the video_set_drvdata() and video_get_drvdata() functions. This patch restores the use of video_get_drvdata() and video_set_drvdata(), eliminating the need for the array and the mutex. (This is actually a patch to restore the previous implementation.) We can do this for 2.6.18 since those functions are in fact still present. A better (and larger) solution will be done for later kernels. Signed-off-by: Mike Isely <isely@pobox.com> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Yeasah Pell authored
The cx24109 datasheet says: "NOTE: if A=0, then N=N+1" The current code is the result of a misinterpretation of the datasheet to mean exactly the opposite of the requirement -- The actual value of N is 1 greater than the value written when A is 0, so 1 needs to be *subtracted* from it to compensate. Signed-off-by: Yeasah Pell <yeasah@schwide.net> Signed-off-by: Steven Toth <stoth@hauppauge.com> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Hans Verkuil authored
The msp3430G and msp3435G models cannot do Automatic Standard Detection, so these should be forced to BTSC. These chips are early production versions for the msp34xxG series and are quite rare. The workaround for kernel 2.6.18 is to use 'standard=32' as msp3400 module option. Signed-off-by: Hans Verkuil <hverkuil@xs4all.nl> Signed-off-by: Michael Krufky <mkrufky@linuxtv.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Jeff Dike authored
don't know if the following is already queued, it fixes an ARCH=um build failure, evidence here: http://marc.theaimsgroup.com/?l=linux-kernel&m=115875912525137&w=2 and following thread. Cc-ing uml maintainers and I hope I didn't follow too many Submitting-patches rules... The patch is taken from: http://user-mode-linux.sourceforge.net/work/current/2.6/2.6.18/patches/no-syscallx Since the syscallx macros seem to be under threat, this patch stops using them, using syscall instead. Acked-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Paolo 'Blaisorblade' Giarrusso authored
This should make sure that, for UML, host's configuration files are not considered, which avoids various pains to the user. Our dependency are such that the obtained Kconfig will be valid and will lead to successful compilation - however they cannot prevent an user from disabling any boot device, and if an option is not set in the read .config (say /boot/config-XXX), with make menuconfig ARCH=um, it is not set. This always disables UBD and all console I/O channels, which leads to non-working UML kernels, so this bothers users - especially now, since it will happen on almost every machine (/boot/config-`uname -r` exists almost on every machine). It can be workarounded with make defconfig ARCH=um, but it is non-obvious and can be avoided, so please _do_ merge this patch. Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Paolo 'Blaisorblade' Giarrusso authored
Enable compilation of x86_64 crypto code;, and add the needed constant to make the code compile again (that macro was added to i386 asm-offsets between 2.6.17 and 2.6.18, in 6c2bb98b). Signed-off-by: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Acked-by: Jeff Dike <jdike@addtoit.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
Patrick McHardy authored
The move of qdisc destruction to a rcu callback broke locking in the entire qdisc layer by invalidating previously valid assumptions about the context in which changes to the qdisc tree occur. The two assumptions were: - since changes only happen in process context, read_lock doesn't need bottem half protection. Now invalid since destruction of inner qdiscs, classifiers, actions and estimators happens in the RCU callback unless they're manually deleted, resulting in dead-locks when read_lock in process context is interrupted by write_lock_bh in bottem half context. - since changes only happen under the RTNL, no additional locking is necessary for data not used during packet processing (f.e. u32_list). Again, since destruction now happens in the RCU callback, this assumption is not valid anymore, causing races while using this data, which can result in corruption or use-after-free. Instead of "fixing" this by disabling bottem halfs everywhere and adding new locks/refcounting, this patch makes these assumptions valid again by moving destruction back to process context. Since only the dev->qdisc pointer is protected by RCU, but ->enqueue and the qdisc tree are still protected by dev->qdisc_lock, destruction of the tree can be performed immediately and only the final free needs to happen in the rcu callback to make sure dev_queue_xmit doesn't access already freed memory. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-
- 20 Sep, 2006 2 commits
-
-
Linus Torvalds authored
Ahoy, all land-lubbers, test me out right smartly! Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [IPV4] fib_trie: missing ntohl() when calling fib_semantic_match() [NETFILTER]: xt_quota: add missing module aliases [ATM]: [he] don't hold the device lock when upcalling
-
- 19 Sep, 2006 14 commits
-
-
Al Viro authored
fib_trie.c::check_leaf() passes host-endian where fib_semantic_match() expects (and stores into) net-endian. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
Add missing aliases for ipt_quota and ip6t_quota to make autoload work. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Chas Williams authored
This can create a deadlock/lock ordering problem with other layers that want to use the transmit (or other) path of the card at that time. Signed-off-by: Chas Williams <chas@cmf.nrl.navy.mil> Signed-off-by: David S. Miller <davem@davemloft.net>
-
git://git.linux-nfs.org/pub/linux/nfs-2.6Linus Torvalds authored
* 'fixes' of git://git.linux-nfs.org/pub/linux/nfs-2.6: NFS: Fix nfs_page use after free issues in fs/nfs/write.c NFSv4: Fix incorrect semaphore release in _nfs4_do_open() NFS: Fix Oopsable condition in nfs_readpage_sync()
-
Trond Myklebust authored
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Trond Myklebust authored
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Trond Myklebust authored
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
-
Linus Torvalds authored
This reverts commits 11012d41 and 40dd2d20, which allowed us to use the MMIO accesses for PCI config cycles even without the area being marked reserved in the e820 memory tables. Those changes were needed for EFI-environment Intel macs, but broke some newer Intel 965 boards, so for now it's better to revert to our old 2.6.17 behaviour and at least avoid introducing any new breakage. Andi Kleen has a set of patches that work with both EFI and the broken Intel 965 boards, which will be applied once they get wider testing. Cc: Arjan van de Ven <arjan@infradead.org> Cc: Edgar Hucek <hostmaster@ed-soft.at> Cc: Andi Kleen <ak@suse.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
git://git.infradead.org/mtd-2.6Linus Torvalds authored
* git://git.infradead.org/mtd-2.6: [MTD] Use SEEK_{SET,CUR,END} instead of hardcoded values in mtdchar lseek() MTD: Fix bug in fixup_convert_atmel_pri [JFFS2][SUMMARY] Fix a summary collecting bug. [PATCH] [MTD] DEVICES: Fill more device IDs in the structure of m25p80 MTD: Add lock/unlock operations for Atmel AT49BV6416 MTD: Convert Atmel PRI information to AMD format fs/jffs2/xattr.c: remove dead code [PATCH] [MTD] Maps: Add dependency on alternate probe methods to physmap [PATCH] MTD: Add Macronix MX29F040 to JEDEC [MTD] Fixes of performance and stability issues in CFI driver. block2mtd.c: Make kernel boot command line arguments work (try 4) [MTD NAND] Fix lookup error in nand_get_flash_type() remove #error on !PCI from pmc551.c MTD: [NAND] Fix the sharpsl driver after breakage from a core conversion [MTD] NAND: OOB buffer offset fixups make fs/jffs2/nodelist.c:jffs2_obsolete_node_frag() static [PATCH] [MTD] NAND: fix dead URL in Kconfig
-
Dave Kleikamp authored
Fix a performance degradation introduced in 2.6.17. (30% degradation running dbench with 16 threads) Commit 21730eed, which claims to make EXT2_DEBUG work again, moves the taking of the kernel lock out of debug-only code in ext2_count_free_inodes and ext2_count_free_blocks and into ext2_statfs. The same problem was fixed in ext3 by removing the lock completely (commit 5b116879) Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Matthew Wilcox authored
Remove definitions of PAGE_* from the user view Delete unnecessary comments referring to the size of pages Only include <asm-generic> if we're in __KERNEL__ Signed-off-by: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Matthew Wilcox <matthew@wil.cx> Signed-off-by: Kyle McMartin <kyle@parisc-linux.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Geert Uytterhoeven authored
Fix 'make headers_check' on m68k Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Roman Zippel <zippel@linux-m68k.org> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
David Woodhouse authored
Signed-off-by: David Woodhouse <dwmw2@infradead.org> Cc: Sam Ravnborg <sam@ravnborg.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Ingo Molnar authored
while porting the -rt tree to 2.6.18-rc7 i noticed the following screaming-IRQ scenario on an SMP system: 2274 0Dn.:1 0.001ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.010ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.020ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.029ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.039ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.048ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.058ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.068ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.077ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.087ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) 2274 0Dn.:1 0.097ms: do_IRQ+0xc/0x103 <= (ret_from_intr+0x0/0xf) as it turns out, the bug is caused by handle_level_irq(), which if it races with another CPU already handling this IRQ, it _unmasks_ the IRQ line on the way out. This is not how 2.6.17 works, and we introduced this bug in one of the early genirq cleanups right before it went into -mm. (the bug was not in the genirq patchset for a long time, and we didnt notice the bug due to the lack of -rt rebase to the new genirq code. -rt, and hardirq-preemption in particular opens up such races much wider than anything else.) Signed-off-by: Ingo Molnar <mingo@elte.hu> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
- 18 Sep, 2006 12 commits
-
-
Linus Torvalds authored
(And reset it on new thread creation) It turns out that eflags is important to save and restore not just because of iopl, but due to the magic bits like the NT bit, which we don't want leaking between different threads. Tested-by: Mike Galbraith <efault@gmx.de> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: [ATM] CLIP: Do not refer freed skbuff in clip_mkip(). [NET]: Drop tx lock in dev_watchdog_up [PACKET]: Don't truncate non-linear skbs with mmaped IO [NET]: Mark frame diverter for future removal. [NETFILTER]: Add secmark headers to header-y [ATM]: linux-atm-general mailing list is subscribers only [ATM]: [he] when transmit fails, unmap the dma regions [TCP] tcp-lp: update information to MAINTAINERS [TCP] tcp-lp: bug fix for oops in 2.6.18-rc6 [BRIDGE]: random extra bytes on STP TCN packet [IPV6]: Accept -1 for IPV6_TCLASS [IPV6]: Fix tclass setting for raw sockets. [IPVS]: remove the debug option go ip_vs_ftp [IPVS]: Make sure ip_vs_ftp ports are valid [IPVS]: auto-help for ip_vs_ftp [IPVS]: Document the ports option to ip_vs_ftp in kernel-parameters.txt [TCP]: Turn ABC off. [NEIGH]: neigh_table_clear() doesn't free stats
-
Linus Torvalds authored
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6: [SPARC]: Fix regression in sys_getdomainname() [OPENPROMIO]: Handle current_node being NULL correctly.
-
Linus Torvalds authored
* master.kernel.org:/home/rmk/linux-2.6-arm: [ARM] 3815/1: headers_install support for ARM [ARM] 3794/1: S3C24XX: do not defined set_irq_wake when no CONFIG_PM [ARM] 3793/1: S3C2412: fix wrong serial info struct [ARM] 3780/1: Fix iop321 cpuid [ARM] 3786/1: pnx4008: update defconfig [ARM] 3785/1: S3C2412: Fix idle code as default uses wrong clocks [ARM] 3784/1: S3C2413: fix config for MACH_S3C2413/MACH_SMDK2413
-
Ralph Siemsen authored
Move kernel-only #includes into #ifdef __KERNEL__, so that headers_install target can be used on ARM. Signed-off-by: Ralph Siemsen <ralphs@netwinder.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-
Andy Walker authored
This patch corrects the buffer length checking in the sys_getdomainname() implementation for sparc/sparc64. Signed-off-by: Andy Walker <andy@puszczka.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-
YOSHIFUJI Hideaki authored
In clip_mkip(), skb->dev is dereferenced after clip_push(), which frees up skb. Advisory: AD_LAB-06009 (<adlab@venustech.com.cn>). Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Ben Dooks authored
Patch from Ben Dooks Do not define set_irq_wake as a real function if the CONFIG_PM option is not set. Fixes bug reported by Thomas Gleixner. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-
Ben Dooks authored
Patch from Ben Dooks The S3C2440 serial info struct is being passed through the S3C2412 serial info struct probe routine. Signed-off-by: Ben Dooks <ben-linux@fluff.org> Signed-off-by: Thomas Glexiner <tglx@linutronix.de> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
-
David S. Miller authored
If the user tries to traverse to the next node of the last node, we get NULL in current_node and a zero phandle returned. That's fine, but if the user tries to obtain properties in that state, we try to dereference a NULL pointer in the downcall to the of_*() routines. So protect against that. Signed-off-by: David S. Miller <davem@davemloft.net>
-
Herbert Xu authored
Fix lockdep warning with GRE, iptables and Speedtouch ADSL, PPP over ATM. On Sat, Sep 02, 2006 at 08:39:28PM +0000, Krzysztof Halasa wrote: > > ======================================================= > [ INFO: possible circular locking dependency detected ] > ------------------------------------------------------- > swapper/0 is trying to acquire lock: > (&dev->queue_lock){-+..}, at: [<c02c8c46>] dev_queue_xmit+0x56/0x290 > > but task is already holding lock: > (&dev->_xmit_lock){-+..}, at: [<c02c8e14>] dev_queue_xmit+0x224/0x290 > > which lock already depends on the new lock. This turns out to be a genuine bug. The queue lock and xmit lock are intentionally taken out of order. Two things are supposed to prevent dead-locks from occuring: 1) When we hold the queue_lock we're supposed to only do try_lock on the tx_lock. 2) We always drop the queue_lock after taking the tx_lock and before doing anything else. > > the existing dependency chain (in reverse order) is: > > -> #1 (&dev->_xmit_lock){-+..}: > [<c012e7b6>] lock_acquire+0x76/0xa0 > [<c0336241>] _spin_lock_bh+0x31/0x40 > [<c02d25a9>] dev_activate+0x69/0x120 This path obviously breaks assumption 1) and therefore can lead to ABBA dead-locks. I've looked at the history and there seems to be no reason for the lock to be held at all in dev_watchdog_up. The lock appeared in day one and even there it was unnecessary. In fact, people added __dev_watchdog_up precisely in order to get around the tx lock there. The function dev_watchdog_up is already serialised by rtnl_lock since its only caller dev_activate is always called under it. So here is a simple patch to remove the tx lock from dev_watchdog_up. In 2.6.19 we can eliminate the unnecessary __dev_watchdog_up and replace it with dev_watchdog_up. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
-
Patrick McHardy authored
Non-linear skbs are truncated to their linear part with mmaped IO. Fix by using skb_copy_bits instead of memcpy. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by: David S. Miller <davem@davemloft.net>
-