- 16 Sep, 2006 8 commits
-
-
Curt Meyers authored
- corrected composite input. - verified s-video input. Signed-off-by:
Curt Meyers <cmeyers@boilerbots.com> Signed-off-by:
Michael Krufky <mkrufky@linuxtv.org> Signed-off-by:
Mauro Carvalho Chehab <mchehab@infradead.org> Signed-off-by:
Adrian Bunk <bunk@stusta.de>
-
Curt Meyers authored
- When tuning VSB, use ANT input - When tuning QAM, use CABLE input Signed-off-by:
-
Andrew Burri authored
Signed-off-by:
Andrew Burri <andrew.burri@gmail.com> Signed-off-by:
-
Tamuki Shoichi authored
Add support for ELSA EX-VISION 700TV, which is the ELSA Japan's flagship model of the software encoding TV capture card. All inputs (Television, Composite1 and S-Video) have been tested. Signed-off-by:
Tamuki Shoichi <tamuki@linet.gr.jp> Signed-off-by:
-
Hartshorn authored
This is an analog / digital hybrid card. Signed-off-by:
Peter Hartshorn <p3r@users.sourceforge.net> Signed-off-by:
Hartmut Hackmann <hartmut.hackmann@t-online.de> Signed-off-by:
-
Hartmut Hackmann authored
Analog and DVB-T are working, Remote not yet. This card is based on the new LifeView design, there should be many variants. Signed-off-by:
-
Giampiero Giancipoli authored
Additionally to the card support, this changeset adds the option tda10046lifeview to get_dvb_firmware to download tda10046 firmware from LifeView's site. Signed-off-by:
Giampiero Giancipoli <gianci@libero.it> Signed-off-by:
-
Jose Alberto Reguero authored
Signed-off-by:
Jose Alberto Reguero <jareguero@telefonica.net> Signed-off-by:
-
- 12 Sep, 2006 1 commit
-
-
Adrian Bunk authored
-
- 09 Sep, 2006 2 commits
-
-
Adrian Bunk authored
-
Neil Brown authored
This prevents bad inode numbers from triggering errors in ext2_get_inode. Signed-off-by:
Neil Brown <neilb@suse.de> Signed-off-by:
-
- 06 Sep, 2006 10 commits
-
-
Adrian Bunk authored
-
Alan Cox authored
Signed-off-by:
Alan Cox <alan@redhat.com> Signed-off-by:
-
David S. Miller authored
Mirror the bug fix from fill_packet_ipv4() Signed-off-by:
David S. Miller <davem@davemloft.net> Signed-off-by:
-
Chen-Li Tien authored
Signed-off-by:
Chen-Li Tien <cltien@gmail.com> Signed-off-by:
-
Dean Nelson authored
Jack Steiner identified a problem where XPC can cause a silent data corruption. On module load, the placement may cause the xpc_remote_copy_buffer to span two physical pages. DMA transfers are done to the start virtual address translated to physical. This patch changes the buffer from a statically allocated buffer to a kmalloc'd buffer. Dean Nelson reviewed this before posting. I have tested it in the configuration that was showing the memory corruption and verified it works. I also added a BUG_ON statement to help catch this if a similar situation is encountered. Signed-off-by:
Robin Holt <holt@sgi.com> Signed-off-by:
Dean Nelson <dcn@sgi.com> Signed-off-by:
Jack Steiner <steiner@sgi.com> Signed-off-by:
Tony Luck <tony.luck@intel.com> Signed-off-by:
-
YOSHIFUJI Hideaki authored
Bug noticed by Remi Denis-Courmont <rdenis@simphalempin.com>. Signed-off-by:
YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> Signed-off-by:
-
Sonny Rao authored
I ran into a bug where the kernel died in the idr code: cpu 0x1d: Vector: 300 (Data Access) at [c000000b7096f710] pc: c0000000001f8984: .idr_get_new_above_int+0x140/0x330 lr: c0000000001f89b4: .idr_get_new_above_int+0x170/0x330 sp: c000000b7096f990 msr: 800000000000b032 dar: 0 dsisr: 40010000 current = 0xc000000b70d43830 paca = 0xc000000000556900 pid = 2022, comm = hwup 1d:mon> t [c000000b7096f990] c0000000000d2ad8 .expand_files+0x2e8/0x364 (unreliable) [c000000b7096faa0] c0000000001f8bf8 .idr_get_new_above+0x18/0x68 [c000000b7096fb20] c00000000002a054 .init_new_context+0x5c/0xf0 [c000000b7096fbc0] c000000000049dc8 .copy_process+0x91c/0x1404 [c000000b7096fcd0] c00000000004a988 .do_fork+0xd8/0x224 [c000000b7096fdc0] c00000000000ebdc .sys_clone+0x5c/0x74 [c000000b7096fe30] c000000000008950 .ppc_clone+0x8/0xc -- Exception: c00 (System Call) at 000000000fde887c SP (f8b4e7a0) is in userspace Turned out to be a race-condition and NULL ptr deref, here's my fix: Users of the idr code are supposed to call idr_pre_get without locking, so the idr code must serialize itself with respect to layer allocations. However, it fails to do so in an error path in idr_get_new_above_int(). I added the missing locking to fix this. Signed-off-by:Sonny Rao <sonny@burdell.org> Signed-off-by:
-
Christian Borntraeger authored
This patch adds a barrier() in futex unqueue_me to avoid aliasing of two pointers. On my s390x system I saw the following oops: Unable to handle kernel pointer dereference at virtual kernel address 0000000000000000 Oops: 0004 [#1] CPU: 0 Not tainted Process mytool (pid: 13613, task: 000000003ecb6ac0, ksp: 00000000366bdbd8) Krnl PSW : 0704d00180000000 00000000003c9ac2 (_spin_lock+0xe/0x30) Krnl GPRS: 00000000ffffffff 000000003ecb6ac0 0000000000000000 0700000000000000 0000000000000000 0000000000000000 000001fe00002028 00000000000c091f 000001fe00002054 000001fe00002054 0000000000000000 00000000366bddc0 00000000005ef8c0 00000000003d00e8 0000000000144f91 00000000366bdcb8 Krnl Code: ba 4e 20 00 12 44 b9 16 00 3e a7 84 00 08 e3 e0 f0 88 00 04 Call Trace: ([<0000000000144f90>] unqueue_me+0x40/0xe4) [<0000000000145a0c>] do_futex+0x33c/0xc40 [<000000000014643e>] sys_futex+0x12e/0x144 [<000000000010bb00>] sysc_noemu+0x10/0x16 [<000002000003741c>] 0x2000003741c The code in question is: static int unqueue_me(struct futex_q *q) { int ret = 0; spinlock_t *lock_ptr; /* In the common case we don't take the spinlock, which is nice. */ retry: lock_ptr = q->lock_ptr; if (lock_ptr != 0) { spin_lock(lock_ptr); /* * q->lock_ptr can change between reading it and * spin_lock(), causing us to take the wrong lock. This * corrects the race condition. [...] and my compiler (gcc 4.1.0) makes the following out of it: 00000000000003c8 <unqueue_me>: 3c8: eb bf f0 70 00 24 stmg %r11,%r15,112(%r15) 3ce: c0 d0 00 00 00 00 larl %r13,3ce <unqueue_me+0x6> 3d0: R_390_PC32DBL .rodata+0x2a 3d4: a7 f1 1e 00 tml %r15,7680 3d8: a7 84 00 01 je 3da <unqueue_me+0x12> 3dc: b9 04 00 ef lgr %r14,%r15 3e0: a7 fb ff d0 aghi %r15,-48 3e4: b9 04 00 b2 lgr %r11,%r2 3e8: e3 e0 f0 98 00 24 stg %r14,152(%r15) 3ee: e3 c0 b0 28 00 04 lg %r12,40(%r11) /* write q->lock_ptr in r12 */ 3f4: b9 02 00 cc ltgr %r12,%r12 3f8: a7 84 00 4b je 48e <unqueue_me+0xc6> /* if r12 is zero then jump over the code.... */ 3fc: e3 20 b0 28 00 04 lg %r2,40(%r11) /* write q->lock_ptr in r2 */ 402: c0 e5 00 00 00 00 brasl %r14,402 <unqueue_me+0x3a> 404: R_390_PC32DBL _spin_lock+0x2 /* use r2 as parameter for spin_lock */ So the code becomes more or less: if (q->lock_ptr != 0) spin_lock(q->lock_ptr) instead of if (lock_ptr != 0) spin_lock(lock_ptr) Which caused the oops from above. After adding a barrier gcc creates code without this problem: [...] (the same) 3ee: e3 c0 b0 28 00 04 lg %r12,40(%r11) 3f4: b9 02 00 cc ltgr %r12,%r12 3f8: b9 04 00 2c lgr %r2,%r12 3fc: a7 84 00 48 je 48c <unqueue_me+0xc4> 400: c0 e5 00 00 00 00 brasl %r14,400 <unqueue_me+0x38> 402: R_390_PC32DBL _spin_lock+0x2 As a general note, this code of unqueue_me seems a bit fishy. The retry logic of unqueue_me only works if we can guarantee, that the original value of q->lock_ptr is always a spinlock (Otherwise we overwrite kernel memory). We know that q->lock_ptr can change. I dont know what happens with the original spinlock, as I am not an expert with the futex code. Signed-off-by:Christian Borntraeger <borntrae@de.ibm.com> Acked-by:
Ingo Molnar <mingo@redhat.com> Signed-off-by:
-
maximilian attems authored
The icom driver uses request_firmware() and thus needs to select FW_LOADER. Signed-off-by:
maximilian attems <maks@sternwelten.at> Signed-off-by:
Olaf Hering <olh@suse.de> Signed-off-by:
-
Alan Cox authored
Signed-off-by:
-
- 05 Sep, 2006 8 commits
-
-
Sridhar Samudrala authored
With the recent fix, the callers of sctp_primitive_ABORT() need to create an ABORT chunk and pass it as an argument rather than msghdr that was passed earlier. Adrian Bunk: Ported to 2.6.16. Signed-off-by:
Sridhar Samudrala <sri@us.ibm.com> Signed-off-by:
-
Remy Bruno authored
Signed-off-by:
Jaroslav Kysela <perex@suse.cz> Acked-by:
Takashi Iwai <tiwai@suse.de> Signed-off-by:
-
Takashi Iwai authored
Call iounmap after free_irq to avoid invalid accesses in the shared irq. The patch is taken from https://bugzilla.novell.com/show_bug.cgi?id=167869Signed-off-by: -
Takashi Iwai authored
Fix the workaround for AD1988A rev2 codec not to apply to AD1988B codec chips. Signed-off-by:
-
Takashi Iwai authored
Changed the assigned model for HP dc7600 with ALC260 codec to match better with the actual I/O assignment. Patch taken from ALSA bug#2157. Signed-off-by:
-
Takashi Iwai authored
Fixed the missing array terminators in AD1988 codec support code. Signed-off-by:
-
Takashi Iwai authored
Fix an occasional deadlock occuring with snd-rtctimer driver, added irqsave to the lock in tasklet (ALSA bug#952). Signed-off-by:
-
Takashi Iwai authored
Fix 64bit address of MPU401 MMIO port on au88x0 chip. Signed-off-by:
-
- 31 Aug, 2006 2 commits
-
-
Willy Tarreau authored
The function pointers which were checked were for their get_* counterparts. Typically a copy-paste typo. Signed-off-by:
Willy Tarreau <w@1wt.eu> Acked-by:
Jeff Garzik <jeff@garzik.org> Acked-by:
-
Herbert Xu authored
The function ethtool_get_ufo was referring to ETHTOOL_GTSO instead of ETHTOOL_GUFO. Signed-off-by:
Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by:
Matthew Wilcox <matthew@wil.cx> Signed-off-by:
-
- 30 Aug, 2006 6 commits
-
-
Kirill Korotaev authored
2.6.16 leaks like hell. While testing, I found massive filp leakage (reproduced in openvz) in the bowels of namei.c. Signed-off-by:
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Signed-off-by:
-
Eric Sandeen authored
blatantly ripped off from Neil Brown's ext2 patch. Signed-off-by:
Eric Sandeen <sandeen@sandeen.net> Acked-by:
"Theodore Ts'o" <tytso@mit.edu> Signed-off-by:
-
Neil Brown authored
The inode number out of an NFS file handle gets passed eventually to ext3_get_inode_block() without any checking. If ext3_get_inode_block() allows it to trigger an error, then bad filehandles can have unpleasant effect - ext3_error() will usually cause a forced read-only remount, or a panic if `errors=panic' was used. So remove the call to ext3_error there and put a matching check in ext3/namei.c where inode numbers are read off storage. Andrew Morton fixed an off-by-one error. Dann Frazier ported the patch to 2.6.16. Signed-off-by:
-
Alexey Dobriyan authored
* MODE_MASK is unused in eicon driver. * Conflicts with a ptrace stuff on arm. drivers/isdn/hardware/eicon/divasync.h:259:1: warning: "MODE_MASK" redefined include2/asm/ptrace.h:48:1: warning: this is the location of the previous definition Signed-off-by:
Alexey Dobriyan <adobriyan@gmail.com> Acked-by:
Karsten Keil <kkeil@suse.de> Acked-by:
Armin Schindler <armin@melware.de> Signed-off-by:
-
Patrick McHardy authored
table->private might change because of ruleset changes, don't use it without holding the lock. Signed-off-by:
Patrick McHardy <kaber@trash.net> Signed-off-by:
-
Hannes Reinecke authored
This patch fixes the aic79xx driver to properly respond to BIOS settings. Signed-off-by:
Hannes Reinecke <hare@suse.de> Signed-off-by:
James Bottomley <James.Bottomley@SteelEye.com> Signed-off-by:
-
- 27 Aug, 2006 1 commit
-
-
Paul Fulghum authored
Serialize processing of tty buffers in flush_to_ldisc to fix (very rare) corruption of tty buffer free list on SMP systems. Signed-off-by:
Paul Fulghum <paulkf@microgate.com> Acked-by:
-
- 26 Aug, 2006 2 commits
-
-
Mark Huang authored
Fix kernel panic on various SMP machines. The culprit is a null ub->skb in ulog_send(). If ulog_timer() has already been scheduled on one CPU and is spinning on the lock, and ipt_ulog_packet() flushes the queue on another CPU by calling ulog_send() right before it exits, there will be no skbuff when ulog_timer() acquires the lock and calls ulog_send(). Cancelling the timer in ulog_send() doesn't help because it has already been scheduled and is running on the first CPU. Similar problem exists in ebt_ulog.c and nfnetlink_log.c. Signed-off-by:
Mark Huang <mlhuang@cs.princeton.edu> Signed-off-by:
-
Neil Brown authored
At the point where this 'atomic_add' is, rdev could be NULL, as seen by the fact that we test for this in the very next statement. Further is it is really the wrong place of the add. We could add to the count of corrected errors once the are sure it was corrected, not before trying to correct it. Signed-off-by:
-
