David S. Miller [Mon, 5 Jun 2006 04:32:01 +0000 (21:32 -0700)]
[SPARC64]: Fix missing fold at end of checksums.
Both csum_partial() and the csum_partial_copy*() family of routines
forget to do a final fold on the computed checksum value on sparc64.
So do the standard Sparc "add + set condition codes, add carry"
sequence, then make sure the high 32-bits of the return value are
clear.
Based upon some excellent detective work and debugging done by
Richard Braun and Samuel Thibault.
Signed-off-by: David S. Miller <davem@davemloft.net>
* master.kernel.org:/pub/scm/linux/kernel/git/jejb/scsi-rc-fixes-2.6:
[SCSI] scsi_lib.c: properly count the number of pages in scsi_req_map_sg()
[SCSI] scsi_transport_sas: make write attrs writeable
[SCSI] scsi_transport_sas; fix user_scan
[SCSI] ppa: fix for machines with highmem
[SCSI] mptspi: reset handler shouldn't be called for other bus protocols
[SCSI] Blacklist entry for HP dat changer
Linus Torvalds [Fri, 2 Jun 2006 23:02:41 +0000 (16:02 -0700)]
Merge master.kernel.org:/home/rmk/linux-2.6-arm
* master.kernel.org:/home/rmk/linux-2.6-arm:
[ARM] 3540/1: ixp23xx: deal with gap in interrupt bitmasks
[ARM] 3539/1: ixp23xx: fix __arch_ixp23xx_is_coherent() for A1 stepping
* master.kernel.org:/pub/scm/linux/kernel/git/davem/sparc-2.6:
[SPARC64]: Fix D-cache corruption in mremap
[SPARC64]: Make smp_processor_id() functional before start_kernel()
[ARM] 3540/1: ixp23xx: deal with gap in interrupt bitmasks
Patch from Lennert Buytenhek
On the ixp23xx, the microengine thread interrupt sources are numbered
56..119, but their mask/status bits are located in bit positions 64..127
in the various registers in the interrupt controller (bit positions
56..63 are unused.)
We don't deal with this, so currently, when asked to enable IRQ 64, we
will enable IRQ 56 instead.
The only interrupts >= 64 are the thread interrupt sources, and there
are no in-tree users of those yet, so this is fortunately not a big
problem, but this needs fixing anyway.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
[ARM] 3539/1: ixp23xx: fix __arch_ixp23xx_is_coherent() for A1 stepping
Patch from Lennert Buytenhek
The current __ixp23xx_arch_is_coherent() check assumes that the
lower byte of IXP23XX_PRODUCT_ID is identical to the lower byte of
processor_id, but this is not the case, and because of this we were
incorrectly enabling coherency on A1 stepping CPUs.
Stepping A1 of the ixp2350, which has a PRODUCT_ID of 0x401, has '02'
in the lower byte of processor_id, while A2, with a PRODUCT_ID of
0x402, has '04' in the lower byte of processor_id.
So, to check for >= A2, we really need to check the lower byte of
processor_id against >= 4.
Signed-off-by: Lennert Buytenhek <buytenh@wantstofly.org> Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
is in total disconnect with the condition that makes use of it:
/* More than offslab_limit objects will cause problems */
if ((flags & CFLGS_OFF_SLAB) && num > offslab_limit)
break;
but due to offslab_limit being a global variable this breakage was
hidden.
Up until lockdep came along and perturbed the slab sizes sufficiently so
that the first off-slab cache would still see a (non-calculated) zero
value for offslab_limit and would panic with:
Kernel panic - not syncing: kmem_cache_create(): failed to create slab `size-512'
Paolo Ornati's config on x86_64 managed to trigger it.
The fix is to move the calculation to the place that makes use of it.
This also makes slab.o 54 bytes smaller.
Btw., the check itself is quite silly. Its intention is to test whether
the number of objects per slab would be higher than the number of slab
control pointers possible. In theory it could be triggered: if someone
tried to allocate 4-byte objects cache and explicitly requested with
CFLGS_OFF_SLAB. So i kept the check.
Out of historic interest i checked how old this bug was and it's
ancient, 10 years old! It is the oldest hidden and then truly triggering
bugs i ever saw being fixed in the kernel!
David S. Miller [Fri, 2 Jun 2006 00:47:25 +0000 (17:47 -0700)]
[SPARC64]: Fix D-cache corruption in mremap
If we move a mapping from one virtual address to another,
and this changes the virtual color of the mapping to those
pages, we can see corrupt data due to D-cache aliasing.
Check for and deal with this by overriding the move_pte()
macro. Set things up so that other platforms can cleanly
override the move_pte() macro too.
Signed-off-by: David S. Miller <davem@davemloft.net>
Bryan Holty [Wed, 22 Mar 2006 12:35:39 +0000 (06:35 -0600)]
[SCSI] scsi_lib.c: properly count the number of pages in scsi_req_map_sg()
The calculation of nr_pages in scsi_req_map_sg() doesn't account for
the fact that the first page could have an offset that pushes the end
of the buffer onto a new page.
Signed-off-by: Bryan Holty <lgeek@frontiernet.net> Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
Jens Axboe [Thu, 1 Jun 2006 08:13:43 +0000 (10:13 +0200)]
[PATCH] cfq-iosched: fix bug in timer handling for the idle class
There's a small window from when the timer is entered and we grab
the queue lock, where cfq_set_active_queue() could be rearming the
timer for us. Seen in the wild on a 12-way ppc box. Fix this by
just using mod_timer(), which will do the right thing for us.
Jens Axboe [Thu, 1 Jun 2006 08:12:26 +0000 (10:12 +0200)]
[PATCH] cfq-iosched: Detect hardware queueing
If the hardware is doing real queueing, decide that it's worthless to
idle the hardware. It does reasonable simultaneous io in that case
anyways, and the idling hurts some work loads.
Jens Axboe [Thu, 1 Jun 2006 08:07:26 +0000 (10:07 +0200)]
[PATCH] cfq-iosched: check busy queues before deciding we are idle
For just one busy queue (like async write out), we often overlooked
that we could queue more io and decided we were idle instead. This causes
us quite a bit of performance loss.
Linus Torvalds [Wed, 31 May 2006 23:48:05 +0000 (16:48 -0700)]
Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus
* 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus:
[MIPS] Treat R14000 like R10000.
[MIPS] Remove EXPERIMENTAL from PAGE_SIZE_16KB
[MIPS] Update/Fix instruction definitions
[MIPS] DSP and MDMX share the same config flag bit.
[MIPS] Fix deadlock on MP with cache aliases.
[MIPS] Use generic STABS_DEBUG macro.
[MIPS] Create consistency in "system type" selection.
[MIPS] Use generic DWARF_DEBUG
[MIPS] Fix kgdb exception handler from user mode.
[MIPS] Update struct sigcontext member names
[MIPS] Update/fix futex assembly
[MIPS] Remove support for sysmips(2) SETNAME and MIPS_RDNVRAM operations.
[MIPS] Fix detection and handling of the 74K processor.
[MIPS] Add missing 34K processor IDs
[MIPS] Fix marking buddy of pte global for MIPS32 w/36-bit physical address
[MIPS] AU1xxx mips_timer_interrupt() fixes
[MIPS] Fix typo
Ralf Baechle [Fri, 12 May 2006 12:20:06 +0000 (13:20 +0100)]
[MIPS] Fix deadlock on MP with cache aliases.
A proper fix would involve introducing the notion of shared caches but
at this stage of 2.6.17 that's going to be too intrusive and not needed
for current hardware; aside I think some discussion will be needed.
So for now on the affected SMP configurations which happen to suffer from
cache aliases we make use of the fact that a single cache will be shared
by all processors. This solves the deadlock issue and will improve
performance by getting rid of the smp_call_function overhead.
[MIPS] Create consistency in "system type" selection.
The "system type" Kconfig options on MIPS are not consistent. For
some platforms, only the name is listed while other entries are
prepended with "Support for". Remove this as it doesn't make sense
when describing the "system type".
Signed-off-by: Martin Michlmayr <tbm@cyrius.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Atsushi Nemoto [Wed, 10 May 2006 06:36:04 +0000 (15:36 +0900)]
[MIPS] Use generic DWARF_DEBUG
When debugging a kernel compiled by gcc 4.1 with gdb 6.4, gdb could
not show filename, linenumber, etc. It seems fixed if I used generic
DWARF_DEBUG macro. Although gcc 3.x seems work without this change,
it would be better to use the generic macro unless there were
something MIPS specific.
Ralf Baechle [Wed, 3 May 2006 19:42:39 +0000 (20:42 +0100)]
[MIPS] Update/fix futex assembly
o Implement futex_atomic_op_inuser() operation
o Don't use the R10000-ll/sc bug workaround version for every processor.
branch likely is deprecated and some historic ll/sc processors don't
implement it. In any case it's slow.
Sergei Shtylyov [Sun, 16 Apr 2006 19:27:21 +0000 (23:27 +0400)]
[MIPS] Fix marking buddy of pte global for MIPS32 w/36-bit physical address
In case of CONFIG_64BIT_PHYS_ADDR, set_pte() and pte_clear() functions
only set _PAGE_GLOBAL bit in the pte_low field of the buddy PTEs,
forgetting to propagate ito to pte_high. Thus, the both pages might not
really be made global for the CPU (since it AND's the G-bit of the
odd / even PTEs together to decide whether they're global or not). Thus,
if only a single page is allocated via vmalloc() or ioremap(), it's not
really global for CPU (and it must be, since this is kernel mapping),
and thus its ASID is compared against the current process' one -- so,
we'll get into trouble sooner or later... Also, pte_none() will fail
on global pages because _PAGE_GLOBAL bit is set in both pte_low and
pte_high, and pte_val() will return u64 value consisting of those fields
concateneted.
Signed-off-by: Sergei Shtylyov <sshtylyov@ru.mvista.com> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
common/au1000/irq.c was missing a mips_timer_interrupt() prototype,
whereas in common/au1000/time.c the actual mips_timer_interrupt()
implementation was missing an irq_exit() invocation, causing a
preempt_count() leak.
Signed-off-by: Herbert Valerio Riedel <hvr@hvrlab.org> Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Deepak Saxena [Wed, 31 May 2006 23:14:05 +0000 (16:14 -0700)]
[PATCH] ARM: Fix XScale PMD setting
The ARM Architecture Reference Manual lists bit 4 of the PMD as "implementation
defined" and it must be set to zero on Intel XScale CPUs or the cache does
not behave properly. Found by Mike Rapoport while debugging a flash issue
on the PXA255:
NeilBrown [Wed, 31 May 2006 04:27:13 +0000 (21:27 -0700)]
[PATCH] md: Fix badness in sysfs_notify caused by md_new_event
From: NeilBrown <neilb@suse.de>
If an error is reported by a drive in a RAID array (which is done via
bi_end_io - in interrupt context), we call md_error and md_new_event which
calls sysfs_notify. However sysfs_notify grabs a mutex and so cannot be
called in interrupt context.
This patch just creates a variant of md_new_event which avoids the sysfs
call, and uses that. A better fix for later is to arrange for the event to
be called from user-context.
Note: avoiding the sysfs call isn't a problem as an error will not, by
itself, modify the sync_action attribute. (We do still need to
wake_up(&md_event_waiters) as an error by itself will modify /proc/mdstat).
Signed-off-by: Neil Brown <neilb@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Jeremy Higdon [Wed, 31 May 2006 04:27:07 +0000 (21:27 -0700)]
[PATCH] sgiioc4: use mmio ops instead of port io
From: Jeremy Higdon <jeremy@sgi.com>
This patch fixes a bug in sgiioc4 where it was using the default IDE port
I/O operations instead of MMIO.
The IDE part of the IOC4 chip uses MMIO to map the chip registers.
Unfortunately, the sgiioc4 driver uses the default port IO operations,
which happens to have worked for the past few years. That's about to
change, however, thus this change from inX/outX to readX/writeX.
Signed-off-by: Jeremy Higdon <jeremy@sgi.com> Cc: Bartlomiej Zolnierkiewicz <B.Zolnierkiewicz@elka.pw.edu.pl> Cc: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Martin Michlmayr [Wed, 31 May 2006 04:27:02 +0000 (21:27 -0700)]
[PATCH] maxinefb: Fix compilation error
From: Martin Michlmayr <tbm@cyrius.com>
Fix the following compilation error:
CC drivers/video/maxinefb.o
drivers/video/maxinefb.c:58: warning: initializer-string for array of chars is too long
drivers/video/maxinefb.c:58: warning: (near initialization for \u2018maxinefb_fix.id\u2019)
drivers/video/maxinefb.c:110: error: unknown field \u2018fb_get_fix\u2019 specified in initializer
drivers/video/maxinefb.c:110: error: \u2018gen_get_fix\u2019 undeclared here (not in a function)
drivers/video/maxinefb.c:111: error: unknown field \u2018fb_get_var\u2019 specified in initializer
drivers/video/maxinefb.c:111: error: \u2018gen_get_var\u2019 undeclared here (not in a function)
make[2]: *** [drivers/video/maxinefb.o] Error 1
Signed-off-by: Martin Michlmayr <tbm@cyrius.com> Signed-off-by: Antonino Daplas <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Rodolfo Giometti [Wed, 31 May 2006 04:26:57 +0000 (21:26 -0700)]
[PATCH] au1100fb: Fix compilation
From: Rodolfo Giometti <giometti@linux.it>
Fix the following warning on compilation:
drivers/video/au1100fb.c: In function `au1100fb_fb_setcolreg':
drivers/video/au1100fb.c:219: warning: ISO C90 forbids mixed declarations and code
drivers/video/au1100fb.c: In function `au1100fb_fb_pan_display':
drivers/video/au1100fb.c:321: warning: ISO C90 forbids mixed declarations and code
drivers/video/au1100fb.c: In function `au1100fb_fb_mmap':
drivers/video/au1100fb.c:387: warning: ISO C90 forbids mixed declarations and code
drivers/video/au1100fb.c: In function `au1100fb_drv_probe':
drivers/video/au1100fb.c:471: warning: unsigned int format, long unsigned int arg (arg 2)
drivers/video/au1100fb.c: At top level:
drivers/video/au1100fb.c:617: warning: initialization from incompatible pointer type
drivers/video/au1100fb.c:618: warning: initialization from incompatible pointer type
From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Prevent calling of some platform functions on the clock chips of the eMac
as it seems to cause it to lockup at boot. For now, add a quirk to prevent
that from happening. Later, I might find out what's wrong and fix it but
that doesn't seem to be important as the machine appear to work fine
without running those. It's possible that Darwin doesn't run them.
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Nathan Pilatzke <nathanpilatzke@gmail.com> Cc: Paul Mackerras <paulus@samba.org> Cc: Jean Delvare <khali@linux-fr.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
It broke APM suspend, probably because APM doesn't switch back to a VT
when suspending.
Tracked down by Matt Mackall <mpm@selenic.com>
Rafael sayeth:
"It only fixed the theoretical issue that a quick-handed user could
switch to X after processes have been frozen and before the devices
are suspended.
With the current userland suspend tools it shouldn't be necessary."
Cc: Pavel Machek <pavel@ucw.cz> Cc: "Rafael J. Wysocki" <rjw@sisk.pl> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Corey Minyard [Wed, 31 May 2006 04:25:57 +0000 (21:25 -0700)]
[PATCH] IPMI: reserve I/O ports separately
From: Corey Minyard <minyard@acm.org>
This patch is pretty important to get in for IPMI, new systems have been
changing the way ACPI and IPMI interact, and this works around the problems
for now. This is a temporary fix until we get proper ACPI handling in
IPMI.
Fixed releasing already-allocated regions when a later request fails, and
forward-ported it to HEAD.
Some BIOSes reserve disjoint I/O regions in their ACPI tables for the IPMI
controller. This causes problems when trying to register the entire I/O
region. Therefore we must register each I/O port separately.
Signed-off-by: Jordan Hargrave <Jordan_Hargrave@dell.com> Signed-off-by: Matt Domsch <Matt_Domsch@dell.com> Signed-off-by: Corey Minyard <minyard@acm.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Seiji Munetoh [Wed, 31 May 2006 04:25:52 +0000 (21:25 -0700)]
[PATCH] tpm: more bios log parsing fixes
From: Seiji Munetoh <seiji.munetoh@gmail.com>
Change the binary output format to actual ACPI TCPA log structure since the
current format does not contain all event-data information that need to
verify the PCRs in TPM. tpm_binary_bios_measurements_show() uses
get_event_name() to convert the binary event-data to ascii format, and puts
them as binary. However, to verify the PCRs, the event-data must be a
actual binary event-data used by SHA1 calc. in BIOS.
So, I think actual ACPI TCPA log is good for this binary output format.
That way, any userland tools easily parse this data with reference to TCG
PC specification.
Signed-off-by: Seiji Munetoh <seiji.munetoh@gmail.com> Acked-by: Kylene Hall <kjhall@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Yasunori Goto [Wed, 31 May 2006 04:25:42 +0000 (21:25 -0700)]
[PATCH] spanned_pages is not updated at a case of memory hot-add
From: Yasunori Goto <y-goto@jp.fujitsu.com>
If hot-added memory's address is smaller than old area, spanned_pages will
not be updated. It must be fixed.
example) Old zone_start_pfn = 0x60000, and spanned_pages = 0x10000
Added new memory's start_pfn = 0x50000, and end_pfn = 0x60000
new spanned_pages will be still 0x10000 by old code.
(It should be updated to 0x20000.) Because old_zone_end_pfn will be
0x70000, and end_pfn smaller than it. So, spanned_pages will not be
updated.
In current code, spanned_pages is updated only when end_pfn is updated.
But, it should be updated by subtraction between bigger end_pfn and new
zone_start_pfn.
Signed-off-by: Yasunori Goto <y-goto@jp.fujitsu.com> Signed-off-by: Dave Hansen <haveblue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David Hollister [Wed, 31 May 2006 04:25:36 +0000 (21:25 -0700)]
[PATCH] fbcon: fix scrollback with logo issue immediately after boot
From: David Hollister <david.hollister@amd.com>
After the system boots with the logo, if the first action is a scrollback, the
screen may become garbled. This patch ensures that the softback_curr value is
updated along with softback_in following the scrollback.
Signed-off-by: David Hollister <david.hollister@amd.com> Signed-off-by: Jordan Crouse <jordan.crouse@amd.com> Cc: "Antonino A. Daplas" <adaplas@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
David S. Miller [Wed, 31 May 2006 08:24:02 +0000 (01:24 -0700)]
[SPARC64]: Make smp_processor_id() functional before start_kernel()
Uses of smp_processor_id() get pushed earlier and earlier in
the start_kernel() sequence. So just get it working before
we call start_kernel() to avoid all possible problems.
Signed-off-by: David S. Miller <davem@davemloft.net>
Deepak Saxena [Tue, 30 May 2006 21:36:49 +0000 (14:36 -0700)]
[PATCH] ARM: explicitly disable BTB on ixp2350
We don't enable the BTB on the ixp2350 as that can cause weird
crashes (erratum #42.) However, some bootloaders enable the BTB,
which means that we have to disable the BTB explicitly.
"After some discussion with people who have the affected system it
seems best to revert for 2.6.17. It broke a common BIOS workaround
and PCI-X still doesn't work. Alternative is for people to change
the BIOS which seems to be better right now."
Daniel Yeisley [Tue, 30 May 2006 20:47:57 +0000 (22:47 +0200)]
[PATCH] x86_64: Handle empty node zero
From: Daniel Yeisley <dan.yeisley@unisys.com>
It is possible to boot a Unisys ES7000 with CPUs from multiple cells, and not
also include the memory from those cells. This can create a scenario where
node 0 has cpus, but no associated memory. The system will boot fine in a
configuration where node 0 has memory, but nodes 2 and 3 do not.
[AK: I rechecked the code and generic code seems to indeed handle that already.
Dan's original patch had a change for mm/slab.c that seems to be already in now.]
Jan Beulich [Tue, 30 May 2006 20:47:54 +0000 (22:47 +0200)]
[PATCH] x86_64: fix last_tsc calculation of PM timer
From: "Jan Beulich" <jbeulich@novell.com>
The PM timer code updates vxtime.last_tsc, but this update was done
incorrectly in two ways:
- offset_delay being in microseconds requires multiplying with cpu_mhz
rather than cpu_khz
- the multiplication of offset_delay and cpu_khz (both being 32-bit
values) on most current CPUs would overflow (observed value of the
delay was approximately 4000us, yielding an overflow for frequencies
starting a little above 1GHz)
Jan Beulich [Tue, 30 May 2006 20:47:51 +0000 (22:47 +0200)]
[PATCH] i386: apic= command line option should always be
From: "Jan Beulich" <jbeulich@novell.com>
When using apic= on the kernel command line, this had no effect for machines
matched by either the ACPI MADT or the MPS OEM table scan. However, when such
option is specified, it should also take effect for this set of systems.
* master.kernel.org:/pub/scm/linux/kernel/git/davej/agpgart:
[AGPGART] VIA PT880 Ultra support.
[AGPGART] Fix Nforce3 suspend on amd64.
[AGPGART] Enable SIS AGP driver on x86-64 for EM64T systems
* git://git.kernel.org/pub/scm/linux/kernel/git/sfrench/cifs-2.6:
[[CIFS] Pass truncate open flag through on file open in case setattr fails
[CIFS] Fix typos in previous fix
[CIFS] endian fix for new POSIX byte range lock support
[CIFS] fix memory leak in cifs session info struct on reconnect
[CIFS] ACPI suspend oops
[CIFS] Do not limit the length of share names (was 100 for whole UNC name)
[CIFS] Fix new POSIX Locking for setting lock_type correctly on unlock
Steve French [Tue, 30 May 2006 18:05:10 +0000 (18:05 +0000)]
[CIFS] ACPI suspend oops
Wasn't able to reproduce a hard hang, but was able to get an oops if
suspended the machine during a copy to the cifs mount. This led to some
things hanging, including a "sync". Also got I/O errors when trying to
access the mount afterwards (even when didn't see the oops), and had
to unmount and remount in order to access the filesystem.
This patch fixed the oops.
Signed-off-by: Dave Kleikamp <shaggy@austin.ibm.com> Signed-off-by: Steve French <sfrench@us.ibm.com>
Alexey Dobriyan [Mon, 29 May 2006 05:51:05 +0000 (22:51 -0700)]
[NETFILTER]: PPTP helper: fix sstate/cstate typo
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Marcel Holtmann [Mon, 29 May 2006 05:50:18 +0000 (22:50 -0700)]
[NETFILTER]: Fix small information leak in SO_ORIGINAL_DST (CVE-2006-1343)
It appears that sockaddr_in.sin_zero is not zeroed during
getsockopt(...SO_ORIGINAL_DST...) operation. This can lead
to an information leak (CVE-2006-1343).
Signed-off-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Paul Mackerras [Sun, 28 May 2006 22:42:34 +0000 (08:42 +1000)]
ppc: Fix typo in TI_LOCAL_FLAGS definition
A typo crept in with commit ea1e847cc202e805769c3c46ba5e5c53714068a1
which defined TI_LOCAL_FLAGS to be the offset of the `flags' field
of struct thread_info, rather than the `local_flags' field. This
fixes it. The typo was pointed out by Guennadi Liakhovetski.
Linus Torvalds [Sat, 27 May 2006 16:40:40 +0000 (09:40 -0700)]
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc
* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc:
[PATCH] powerpc: fix RTC/NVRAM accesses on Maple
[PATCH] ppc32 CPM_UART: various fixes for pq2 uart users
[PATCH] powerpc: linuxppc64.org no more
Klaus Wacker [Wed, 24 May 2006 07:51:17 +0000 (09:51 +0200)]
[PATCH] s390: lcs driver bug fixes and improvements [1/2]
Several problems occured with lcs device driver:
- device not operational anymore after cable pull/plug-in.
- unpredictable results occured, e.g. kernel panic
using cards of type QD8F.
- STOPLAN and delete multicast address command
were not proper recognized by OSA card under heavy network workload.
- channel/device error checks missing in interrupt handler.
To fix all problems at once recovery of lcs devices has been improved.
missing error checks in lcs interrupt handler has been added.
Once a hardware problem occurs lcs will recover the device now properly.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Ursula Braun [Wed, 24 May 2006 07:51:13 +0000 (09:51 +0200)]
[PATCH] s390: qeth driver fixes
From: Frank Blaschka <Frank.Blaschka@de.ibm.com>
From: Frank Pavlic <fpavlic@de.ibm.com>
- fix fake_ll during initial device bringup. fake_ll was
not active after first start of the device.
Problem only occured when qeth was built without IPV6 support.
- avoid skb usage after invocation of qeth_flush_buffers,
because skb might already be freed.
- remove yet another useless netif_wake_queue in
qeth_softsetup_ipv6 since this function is only called
when device is going online. In this case card->state will
never be in state UP. So let the net_device queue down .
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Ursula Braun [Wed, 24 May 2006 07:51:11 +0000 (09:51 +0200)]
[PATCH] s390: qeth driver fixes
From: Frank Pavlic <fpavlic@de.ibm.com>
- correct checking of sscanf-%n value in qeth_string_to_ipaddr().
- don't use netif_stop_queue outside the hard_start_xmit routine.
Rather use netif_tx_disable.
- don't call qeth_netdev_init on a recovery.
Signed-off-by: Frank Pavlic <fpavlic@de.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
During a code scan for another change I discovered that this call to
pcnet32_free_ring must be removed. If the open fails due to a lack of
memory all the ring structures are removed via the call to free_ring
and a subsequent call to open will dereference a null pointer in
pcnet32_init_ring.
Please apply to 2.6.17.
Signed-off-by: Don Fry <brazilnut@us.ibm.com> Signed-off-by: Jeff Garzik <jeff@garzik.org>
Auke Kok [Tue, 23 May 2006 20:35:57 +0000 (13:35 -0700)]
e1000: add shutdown handler back to fix WOL
Someone was waaay too aggressive and removed e1000's reboot notifier
instead of porting it to the new way of the shutdown handler. This change
broke wake on lan. Add the shutdown handler back in using the same method
as e100 uses.
Randy Dunlap [Thu, 25 May 2006 18:10:08 +0000 (11:10 -0700)]
[PATCH] arlan: fix section mismatch warnings
Fix section mismatch warnings:
WARNING: drivers/net/wireless/arlan.o - Section mismatch: reference to
.init.text:arlan_probe from .text between 'init_module' (at offset
0x3526) and 'cleanup_module'
WARNING: drivers/net/wireless/arlan.o - Section mismatch: reference to
.init.text:init_arlan_proc from .text between 'init_module' (at offset
0x3539) and 'cleanup_module'
WARNING: drivers/net/wireless/arlan.o - Section mismatch: reference to
.exit.text:cleanup_arlan_proc from .text between 'cleanup_module' (at
offset 0x356c) and 'arlan_diagnostic_info_string'
Signed-off-by: Randy Dunlap <rdunlap@xenotime.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Kylene Jo Hall [Fri, 26 May 2006 01:44:27 +0000 (18:44 -0700)]
[PATCH] tpm: fix bug for TPM on ThinkPad T60 and Z60
The TPM chip on the ThinkPad T60 and Z60 machines is returning 0xFFFF for
the vendor ID which is a check the driver made to double check it was
actually talking to the memory mapped space of a TPM. This patch removes
the check since it isn't absolutely necessary and was causing device
discovery to fail on these machines.
Signed-off-by: Kylene Hall <kjhall@us.ibm.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>