1. 26 Sep, 2007 16 commits
  2. 25 Sep, 2007 2 commits
  3. 21 Sep, 2007 2 commits
  4. 31 Aug, 2007 20 commits
    • Greg Kroah-Hartman's avatar
      Linux 2.6.22.6 · 14d33e7f
      Greg Kroah-Hartman authored
      14d33e7f
    • Kay Sievers's avatar
      usb: add PRODUCT, TYPE to usb-interface events · 233b8a1e
      Kay Sievers authored
      This fixes a regression for userspace programs that were relying on these events.
      Signed-off-by: default avatarKay Sievers <kay.sievers@vrfy.org>
      Cc: Andreas Jellinghaus <aj@ciphirelabs.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      233b8a1e
    • Oliver Neukum's avatar
      USB: fix DoS in pwc USB video driver · 852ffe0a
      Oliver Neukum authored
      the pwc driver has a disconnect method that waits for user space to
      close the device. This opens up an opportunity for a DoS attack,
      blocking the USB subsystem and making khubd's task busy wait in
      kernel space. This patch shifts freeing resources to close if an opened
      device is disconnected.
      Signed-off-by: default avatarOliver Neukum <oneukum@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      852ffe0a
    • Alan Stern's avatar
      USB: allow retry on descriptor fetch errors · 8e62c5a4
      Alan Stern authored
      This patch (as964) was suggested by Steffen Koepf.  It makes
      usb_get_descriptor() retry on all errors other than ETIMEDOUT, instead
      of only on EPIPE.  This helps with some devices.
      Signed-off-by: default avatarAlan Stern <stern@rowland.harvard.edu>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      8e62c5a4
    • Tejun Heo's avatar
      PCI: disable MSI on RX790 · cd7f435f
      Tejun Heo authored
      RX790 can't do MSI like its predecessors.  Disable MSI on RX790.
      Signed-off-by: default avatarTejun Heo <htejun@gmail.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      cd7f435f
    • Tejun Heo's avatar
      PCI: disable MSI on RD580 · 41ef7dce
      Tejun Heo authored
      RD580 can't do MSI like its predecessors.  Disable MSI on RD580.
      Signed-off-by: default avatarTejun Heo <teheo@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      41ef7dce
    • Tejun Heo's avatar
      PCI: disable MSI on RS690 · 1674e24c
      Tejun Heo authored
      RS690 can't do MSI like its predecessors.  Disable MSI on RS690.
      Signed-off-by: default avatarTejun Heo <htejun@gmail.com>
      Cc: Henry Su <henry.su@amd.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      1674e24c
    • Bernhard Kaindl's avatar
      PCI: lets kill the 'PCI hidden behind bridge' message · 2124e377
      Bernhard Kaindl authored
      Adrian Bunk wrote:
      > Alois Nešpor wrote
      >> PCI: Bus #0b (-#0e) is hidden behind transparent bridge #0a (-#0b) (try 'pci=assign-busses')
      >> Please report the result to linux-kernel to fix this permanently"
      >>
      >> dmesg:
      >> "Yenta: Raising subordinate bus# of parent bus (#0a) from #0b to #0e"
      >> without pci=assign-busses and nothing with pci=assign-busses.
      >
      > Bernhard?
      
      Ok, lets kill the message. As Alois Nešpor also saw, that's fixed up by Yenta,
      so PCI does not have to warn about it. PCI could still warn about it if
      is_cardbus is 0 in that instance of pci_scan_bridge(), but so far I have
      not seen a report where this would have been the case so I think we can
      spare the kernel of that check (removes ~300 lines of asm) unless debugging
      is done.
      
      History: The whole check was added in the days before we had the fixup
      for this in Yenta and pci=assign-busses was the only way to get CardBus
      cards detected on many (not all) of the machines which give this warning.
      
      In theory, there could be cases when this warning would be triggered and
      it's not cardbus, then the warning should still apply, but I think this
      should only be the case when working on a completely broken PCI setup,
      but one may have already enabled the debug code in drivers/pci and the
      patched check would then trigger.
      
      I do not sign this off yet because it's completely untested so far, but
      everyone is free to test it (with the #ifdef DEBUG replaced by #if 1 and
      pr_debug( changed to printk(.
      
      We may also dump the whole check (remove everything within the #ifdef from
      the source) if that's perferred.
      
      On Alois Nešpor's machine this would then (only when debugging) this message:
      
      "PCI: Bus #0b (-#0e) is partially hidden behind transparent bridge #0a (-#0b)"
      
      "partially" should be in the message on his machine because #0b of #0b-#0e
      is reachable behind #0a-#0b, but not #0c-#0e.
      
      But that differentiation is now moot anyway because the fixup in Yenta takes
      care of it as far as I could see so far, which means that unless somebody
      is debugging a totally broken PCI setup, this message is not needed anymore,
      not even for debugging PCI.
      
      
      Ok, here the patch with the following changes:
      
      * Refined to say that the bus is only partially hidden when the parent
        bus numbers are not totally way off (outside of) the child bus range
      * remove the reference to pci=assign-busses and the plea to report it
      
      We could add a pure source code-only comment to keep a reference to
      pci=assign-busses the in case when this is triggered by someone who
      is debugging the cause of this message and looking the way to solve it.
      
      From: Bernhard Kaindl <bk@suse.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      2124e377
    • Konstantin Sharlaimov's avatar
      PPP: Fix PPP buffer sizing. · 19de71f9
      Konstantin Sharlaimov authored
      This patch addresses the issue with "osize too small" errors in mppe
      encryption.  The patch fixes the issue with wrong output buffer size
      being passed to ppp decompression routine.
      
      --------------------
      As pointed out by Suresh Mahalingam, the issue addressed by
      ppp-fix-osize-too-small-errors-when-decoding patch is not fully resolved yet.
      The size of allocated output buffer is correct, however it size passed to
      ppp->rcomp->decompress in ppp_generic.c if wrong. The patch fixes that.
      --------------------
      Signed-off-by: default avatarKonstantin Sharlaimov <konstantin.sharlaimov@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      19de71f9
    • Ilpo Järvinen's avatar
      TCP: Fix TCP handling of SACK in bidirectional flows. · 8385cffd
      Ilpo Järvinen authored
      It's possible that new SACK blocks that should trigger new LOST
      markings arrive with new data (which previously made is_dupack
      false). In addition, I think this fixes a case where we get
      a cumulative ACK with enough SACK blocks to trigger the fast
      recovery (is_dupack would be false there too).
      
      I'm not completely pleased with this solution because readability
      of the code is somewhat questionable as 'is_dupack' in SACK case
      is no longer about dupacks only but would mean something like
      'lost_marker_work_todo' too... But because of Eifel stuff done
      in CA_Recovery, the FLAG_DATA_SACKED check cannot be placed to
      the if statement which seems attractive solution. Nevertheless,
      I didn't like adding another variable just for that either... :-)
      Signed-off-by: default avatarIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      8385cffd
    • Ilpo Järvinen's avatar
      TCP: Fix TCP rate-halving on bidirectional flows. · 783366ad
      Ilpo Järvinen authored
      Actually, the ratehalving seems to work too well, as cwnd is
      reduced on every second ACK even though the packets in flight
      remains unchanged. Recoveries in a bidirectional flows suffer
      quite badly because of this, both NewReno and SACK are affected.
      
      After this patch, rate halving is performed for ACK only if
      packets in flight was supposedly changed too.
      Signed-off-by: default avatarIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      783366ad
    • David Miller's avatar
      TCP: Do not autobind ports for TCP sockets · e061467d
      David Miller authored
      [TCP]: Invoke tcp_sendmsg() directly, do not use inet_sendmsg().
      
      As discovered by Evegniy Polyakov, if we try to sendmsg after
      a connection reset, we can do incredibly stupid things.
      
      The core issue is that inet_sendmsg() tries to autobind the
      socket, but we should never do that for TCP.  Instead we should
      just go straight into TCP's sendmsg() code which will do all
      of the necessary state and pending socket error checks.
      
      TCP's sendpage already directly vectors to tcp_sendpage(), so this
      merely brings sendmsg() in line with that.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      e061467d
    • David Miller's avatar
      SPARC64: Fix sparc64 PCI config accesses on sun4u · 5299059b
      David Miller authored
      [SPARC64]: Fix sun4u PCI config space accesses on sun4u.
      
      Don't provide fake PCI config space for sun4u.
      
      Also, put back the funny host controller space handling that
      at least Sabre needs.  You have to read PCI host controller
      registers at their nature size otherwise you get zeros instead
      of correct values.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      5299059b
    • David Miller's avatar
      SPARC64: Fix sparc64 task stack traces. · 08acaae6
      David Miller authored
      It didn't handle that case at all, and now dump_stack()
      can be implemented directly as show_stack(current, NULL)
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      08acaae6
    • Herbert Xu's avatar
      NET: Fix missing rcu unlock in __sock_create() · b13778e0
      Herbert Xu authored
      [NET]: Fix unbalanced rcu_read_unlock in __sock_create
      
      The recent RCU work created an unbalanced rcu_read_unlock
      in __sock_create.  This patch fixes that.  Reported by
      oleg 123.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      b13778e0
    • Herbert Xu's avatar
      SNAP: Fix SNAP protocol header accesses. · 6ec3b79f
      Herbert Xu authored
      The snap_rcv code reads 5 bytes so we should make sure that
      we have 5 bytes in the head before proceeding.
      
      Based on diagnosis and fix by Evgeniy Polyakov, reported by
      Alan J. Wylie.
      
      Patch also kills the skb->sk assignment before kfree_skb
      since it's redundant.
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      6ec3b79f
    • Chuck Ebbert's avatar
      Netfilter: Missing Kbuild entry for netfilter · 8c1bc44e
      Chuck Ebbert authored
      Author: Chuck Ebbert <cebbert@redhat.com>
      
      Add xt_statistic.h to the list of headers to install.
      
      Apparently needed to build newer versions of iptables.
      Signed-off-by: default avatarChuck Ebbert <cebbert@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      8c1bc44e
    • David Miller's avatar
      Fix soft-fp underflow handling. · 14d5c15a
      David Miller authored
      The underflow exception cases were wrong.
      
      This is one weird area of ieee1754 handling in that the underflow
      behavior changes based upon whether underflow is enabled in the trap
      enable mask of the FPU control register.  As a specific case the Sparc
      V9 manual gives us the following description:
      
      --------------------
      If UFM = 0:     Underflow occurs if a nonzero result is tiny and a
                      loss of accuracy occurs.  Tininess may be detected
                      before or after rounding.  Loss of accuracy may be
                      either a denormalization loss or an inexact result.
      
      If UFM = 1:     Underflow occurs if a nonzero result is tiny.
                      Tininess may be detected before or after rounding.
      --------------------
      
      What this amounts to in the packing case is if we go subnormal,
      we set underflow if any of the following are true:
      
      1) rounding sets inexact
      2) we ended up rounding back up to normal (this is the case where
         we set the exponent to 1 and set the fraction to zero), this
         should set inexact too
      3) underflow is set in FPU control register trap-enable mask
      
      The initially discovered example was "DBL_MIN / 16.0" which
      incorrectly generated an underflow.  It should not, unless underflow
      is set in the trap-enable mask of the FPU csr.
      
      Another example, "0x0.0000000000001p-1022 / 16.0", should signal both
      inexact and underflow.  The cpu implementations and ieee1754
      literature is very clear about this.  This is case #2 above.
      
      However, if underflow is set in the trap enable mask, only underflow
      should be set and reported as a trap.  That is handled properly by the
      prioritization logic in
      
      arch/sparc{,64}/math-emu/math.c:record_exception().
      
      Based upon a report and test case from Jakub Jelinek.
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      14d5c15a
    • Ilpo Jarvinen's avatar
      IPv6: Invalid semicolon after if statement · f7d75b68
      Ilpo Jarvinen authored
      Author: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
      
      A similar fix to netfilter from Eric Dumazet inspired me to
      look around a bit by using some grep/sed stuff as looking for
      this kind of bugs seemed easy to automate. This is one of them
      I found where it looks like this semicolon is not valid.
      Signed-off-by: default avatarIlpo Järvinen <ilpo.jarvinen@helsinki.fi>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      f7d75b68
    • Wei Yongjun's avatar
      IPV6: Fix kernel panic while send SCTP data with IP fragments · 6f333f63
      Wei Yongjun authored
      If ICMP6 message with "Packet Too Big" is received after send SCTP DATA,
      kernel panic will occur when SCTP DATA is send again.
      
      This is because of a bad dest address when call to skb_copy_bits().
      
      The messages sequence is like this:
      
      Endpoint A                             Endpoint B
                                     <-------  SCTP DATA (size=1432)
      ICMP6 message ------->
      (Packet Too Big pmtu=1280)
                                     <-------  Resend SCTP DATA (size=1432)
      ------------kernel panic---------------
      
       printing eip:
      c05be62a
      *pde = 00000000
      Oops: 0002 [#1]
      SMP
      Modules linked in: scomm l2cap bluetooth ipv6 dm_mirror dm_mod video output sbs battery lp floppy sg i2c_piix4 i2c_core pcnet32 mii button ac parport_pc parport ide_cd cdrom serio_raw mptspi mptscsih mptbase scsi_transport_spi sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
      CPU:    0
      EIP:    0060:[<c05be62a>]    Not tainted VLI
      EFLAGS: 00010282   (2.6.23-rc2 #1)
      EIP is at skb_copy_bits+0x4f/0x1ef
      eax: 000004d0   ebx: ce12a980   ecx: 00000134   edx: cfd5a880
      esi: c8246858   edi: 00000000   ebp: c0759b14   esp: c0759adc
      ds: 007b   es: 007b   fs: 00d8  gs: 0000  ss: 0068
      Process swapper (pid: 0, ti=c0759000 task=c06d0340 task.ti=c0713000)
      Stack: c0759b88 c0405867 ce12a980 c8bff838 c789c084 00000000 00000028 cfd5a880
             d09f1890 000005dc 0000007b ce12a980 cfd5a880 c8bff838 c0759b88 d09bc521
             000004d0 fffff96c 00000200 00000100 c0759b50 cfd5a880 00000246 c0759bd4
      Call Trace:
       [<c0405e1d>] show_trace_log_lvl+0x1a/0x2f
       [<c0405ecd>] show_stack_log_lvl+0x9b/0xa3
       [<c040608d>] show_registers+0x1b8/0x289
       [<c0406271>] die+0x113/0x246
       [<c0625dbc>] do_page_fault+0x4ad/0x57e
       [<c0624642>] error_code+0x72/0x78
       [<d09bc521>] ip6_output+0x8e5/0xab2 [ipv6]
       [<d09bcec1>] ip6_xmit+0x2ea/0x3a3 [ipv6]
       [<d0a3f2ca>] sctp_v6_xmit+0x248/0x253 [sctp]
       [<d0a3c934>] sctp_packet_transmit+0x53f/0x5ae [sctp]
       [<d0a34bf8>] sctp_outq_flush+0x555/0x587 [sctp]
       [<d0a34d3c>] sctp_retransmit+0xf8/0x10f [sctp]
       [<d0a3d183>] sctp_icmp_frag_needed+0x57/0x5b [sctp]
       [<d0a3ece2>] sctp_v6_err+0xcd/0x148 [sctp]
       [<d09cf1ce>] icmpv6_notify+0xe6/0x167 [ipv6]
       [<d09d009a>] icmpv6_rcv+0x7d7/0x849 [ipv6]
       [<d09be240>] ip6_input+0x1dc/0x310 [ipv6]
       [<d09be965>] ipv6_rcv+0x294/0x2df [ipv6]
       [<c05c3789>] netif_receive_skb+0x2d2/0x335
       [<c05c5733>] process_backlog+0x7f/0xd0
       [<c05c58f6>] net_rx_action+0x96/0x17e
       [<c042e722>] __do_softirq+0x64/0xcd
       [<c0406f37>] do_softirq+0x5c/0xac
       =======================
      Code: 00 00 29 ca 89 d0 2b 45 e0 89 55 ec 85 c0 7e 35 39 45 08 8b 55 e4 0f 4e 45 08 8b 75 e0 8b 7d dc 89 c1 c1 e9 02 03 b2 a0 00 00 00 <f3> a5 89 c1 83 e1 03 74 02 f3 a4 29 45 08 0f 84 7b 01 00 00 01
      EIP: [<c05be62a>] skb_copy_bits+0x4f/0x1ef SS:ESP 0068:c0759adc
      Kernel panic - not syncing: Fatal exception in interrupt
      
      Arnaldo says:
      ====================
      Thanks! I'm to blame for this one, problem was introduced in:
      
      b0e380b1
      
                      /*
                       *      Copy a block of the IP datagram.
                       */
      -               if (skb_copy_bits(skb, ptr, frag->h.raw, len))
      +               if (skb_copy_bits(skb, ptr, skb_transport_header(skb),
      len))
                              BUG();
                      left -= len;
      ====================
      Signed-off-by: default avatarWei Yongjun <yjwei@cn.fujitsu.com>
      Acked-by: default avatarYOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@ghostprotocols.net>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
      6f333f63